BASELINE: Update Chromium to 52.0.2743.76 and Ninja to 1.7.1

Change-Id: I382f51b959689505a60f8b707255ecb344f7d8b4 Reviewed-by: Michael Brüning <michael.bruning@qt.io>
author: Allan Sandfeld Jensen <allan.jensen@theqtcompany.com> 2016-07-14 17:41:05 +0200
committer: Allan Sandfeld Jensen <allan.jensen@qt.io> 2016-08-04 12:37:36 +0000
commit: 399c965b6064c440ddcf4015f5f8e9d131c7a0a6 (patch)
tree: 6b06b60ff365abef0e13b3503d593a0df48d20e8 /chromium/net
parent: 7366110654eec46f21b6824f302356426f48cd74 (diff)
download: qtwebengine-chromium-399c965b6064c440ddcf4015f5f8e9d131c7a0a6.tar.gz
1433 files changed, 56425 insertions, 99789 deletions
diff --git a/chromium/net/BUILD.gn b/chromium/net/BUILD.gn
index fdfe0b69078..b6ac6053232 100644
--- a/chromium/net/BUILD.gn
+++ b/chromium/net/BUILD.gn
@@ -14,6 +14,7 @@ import("//testing/test.gni")
 import("//third_party/icu/config.gni")
 import("//third_party/protobuf/proto_library.gni")
 import("//tools/grit/grit_rule.gni")
+import("//url/features.gni")
 
 if (is_android) {
   import("//build/config/android/config.gni")
@@ -51,6 +52,9 @@ declare_args() {
   # Chromecast, at least for now. This feature needs configuration (krb5.conf
   # and so on).
   use_kerberos = !is_chromeos && !is_ios && !is_chromecast
+
+  # Do not disable brotli filter by default.
+  disable_brotli_filter = false
 }
 
 config("net_config") {
@@ -66,14 +70,8 @@ config("net_config") {
   }
 }
 
-# net_internal_config is shared with net and net_small.
 config("net_internal_config") {
   defines = [
-    # TODO(GYP) Note that the GYP file supports linux_link_kerberos (defaults to
-    # 0) which implies that we run pkg_config on kerberos and link to that
-    # rather than setting this define which will dynamically open it. That
-    # doesn't seem to be set in the regular builds, so we're skipping this
-    # capability here.
     "DLOPEN_KERBEROS",
     "NET_IMPLEMENTATION",
   ]
@@ -90,12 +88,7 @@ config("net_internal_config") {
   }
 }
 
-# net_shared_* are settings shared between net and net_small
-net_shared_sources = gypi_values.net_nacl_common_sources
-
-net_shared_unfiltered_sources = []
-
-net_shared_configs = [
+net_configs = [
   ":net_internal_config",
   "//build/config:precompiled_headers",
 
@@ -103,326 +96,244 @@ net_shared_configs = [
   "//build/config/compiler:no_size_t_to_int_warning",
 ]
 
-net_shared_public_deps = [
-  ":net_quic_proto",
-  "//crypto",
-  "//crypto:platform",
-]
+if (use_glib && use_gconf && !is_chromeos) {
+  net_configs += [ "//build/config/linux/gconf" ]
+}
 
-net_shared_deps = [
-  ":net_resources",
-  "//base",
-  "//net/base/registry_controlled_domains",
-  "//third_party/protobuf:protobuf_lite",
-]
+if (is_linux) {
+  net_configs += [ "//build/config/linux:libresolv" ]
+}
 
-if (!is_nacl) {
-  net_shared_sources += gypi_values.net_non_nacl_sources
+component("net") {
+  sources = gypi_values.net_nacl_common_sources
+  net_unfiltered_sources = []
 
-  net_shared_deps += [
-    "//base/third_party/dynamic_annotations",
-    "//components/prefs",
-    "//sdch",
-    "//third_party/zlib",
+  deps = [
+    ":net_resources",
+    "//base",
+    "//net/base/registry_controlled_domains",
+    "//third_party/protobuf:protobuf_lite",
+    "//url:url_features",
   ]
 
-  if (!use_kerberos) {
-    net_shared_sources -= [
-      "http/http_auth_handler_negotiate.cc",
-      "http/http_auth_handler_negotiate.h",
-    ]
-  }
+  public_deps = [
+    ":net_quic_proto",
+    "//crypto",
+    "//crypto:platform",
+  ]
 
-  if (is_posix) {
-    if (posix_avoid_mmap) {
-      net_shared_sources -= [ "disk_cache/blockfile/mapped_file_posix.cc" ]
-    } else {
-      net_shared_sources -=
-          [ "disk_cache/blockfile/mapped_file_avoid_mmap_posix.cc" ]
-    }
-  }
+  if (!is_nacl) {
+    sources += gypi_values.net_non_nacl_sources
 
-  if (!enable_built_in_dns) {
-    net_shared_sources -= [
-      "dns/address_sorter_posix.cc",
-      "dns/address_sorter_posix.h",
-      "dns/dns_client.cc",
-    ]
-  }
-
-  if (use_openssl) {
-    net_shared_sources -= [
-      "base/nss_memio.c",
-      "base/nss_memio.h",
-      "cert/ct_log_verifier_nss.cc",
-      "cert/ct_objects_extractor_nss.cc",
-      "cert/jwk_serializer_nss.cc",
-      "cert/scoped_nss_types.h",
-      "cert/x509_util_nss.cc",
-      "quic/crypto/aead_base_decrypter_nss.cc",
-      "quic/crypto/aead_base_encrypter_nss.cc",
-      "quic/crypto/aes_128_gcm_12_decrypter_nss.cc",
-      "quic/crypto/aes_128_gcm_12_encrypter_nss.cc",
-      "quic/crypto/chacha20_poly1305_rfc7539_decrypter_nss.cc",
-      "quic/crypto/chacha20_poly1305_rfc7539_encrypter_nss.cc",
-      "quic/crypto/channel_id_nss.cc",
-      "quic/crypto/p256_key_exchange_nss.cc",
-      "quic/crypto/proof_source_chromium_nss.cc",
-      "socket/nss_ssl_util.cc",
-      "socket/nss_ssl_util.h",
-      "socket/ssl_client_socket_nss.cc",
-      "socket/ssl_client_socket_nss.h",
-      "socket/ssl_server_socket_nss.cc",
-      "socket/ssl_server_socket_nss.h",
-      "ssl/token_binding_nss.cc",
+    deps += [
+      "//base/third_party/dynamic_annotations",
+      "//components/prefs",
+      "//sdch",
+      "//third_party/zlib",
     ]
-    if (is_ios) {
-      net_shared_sources -= [
-        "cert/x509_util_ios.cc",
-        "cert/x509_util_ios.h",
+
+    if (!use_kerberos) {
+      sources -= [
+        "http/http_auth_handler_negotiate.cc",
+        "http/http_auth_handler_negotiate.h",
       ]
     }
-  } else {
-    net_shared_sources -= [
-      "cert/ct_log_verifier_openssl.cc",
-      "cert/ct_objects_extractor_openssl.cc",
-      "cert/jwk_serializer_openssl.cc",
-      "cert/x509_util_openssl.cc",
-      "cert/x509_util_openssl.h",
-      "quic/crypto/aead_base_decrypter_openssl.cc",
-      "quic/crypto/aead_base_encrypter_openssl.cc",
-      "quic/crypto/aes_128_gcm_12_decrypter_openssl.cc",
-      "quic/crypto/aes_128_gcm_12_encrypter_openssl.cc",
-      "quic/crypto/chacha20_poly1305_rfc7539_decrypter_openssl.cc",
-      "quic/crypto/chacha20_poly1305_rfc7539_encrypter_openssl.cc",
-      "quic/crypto/channel_id_openssl.cc",
-      "quic/crypto/p256_key_exchange_openssl.cc",
-      "quic/crypto/proof_source_chromium_openssl.cc",
-      "quic/crypto/scoped_evp_aead_ctx.cc",
-      "quic/crypto/scoped_evp_aead_ctx.h",
-      "socket/ssl_client_socket_openssl.cc",
-      "socket/ssl_client_socket_openssl.h",
-      "socket/ssl_server_socket_openssl.cc",
-      "socket/ssl_server_socket_openssl.h",
-      "ssl/openssl_ssl_util.cc",
-      "ssl/openssl_ssl_util.h",
-      "ssl/ssl_client_session_cache_openssl.cc",
-      "ssl/ssl_client_session_cache_openssl.h",
-      "ssl/ssl_key_logger.cc",
-      "ssl/ssl_key_logger.h",
-      "ssl/ssl_platform_key.h",
-      "ssl/ssl_platform_key_task_runner.cc",
-      "ssl/ssl_platform_key_task_runner.h",
-      "ssl/test_ssl_private_key.cc",
-      "ssl/test_ssl_private_key.h",
-      "ssl/threaded_ssl_private_key.cc",
-      "ssl/threaded_ssl_private_key.h",
-      "ssl/token_binding_openssl.cc",
-    ]
-  }
 
-  if (!use_openssl_certs) {
-    net_shared_sources -= [
-      "base/crypto_module_openssl.cc",
-      "base/keygen_handler_openssl.cc",
-      "base/openssl_private_key_store.h",
-      "base/openssl_private_key_store_memory.cc",
-      "cert/cert_database_openssl.cc",
-      "cert/cert_verify_proc_openssl.cc",
-      "cert/cert_verify_proc_openssl.h",
-      "cert/test_root_certs_openssl.cc",
-      "cert/x509_certificate_openssl.cc",
-      "ssl/openssl_client_key_store.cc",
-      "ssl/openssl_client_key_store.h",
-    ]
-    if (is_android) {
-      net_shared_sources -= [ "base/openssl_private_key_store_android.cc" ]
+    if (is_posix) {
+      if (posix_avoid_mmap) {
+        sources -= [ "disk_cache/blockfile/mapped_file_posix.cc" ]
+      } else {
+        sources -= [ "disk_cache/blockfile/mapped_file_avoid_mmap_posix.cc" ]
+      }
     }
-  } else {
-    if (is_android) {
-      # Android doesn't use these even when using OpenSSL.
-      net_shared_sources -= [
+
+    if (!enable_built_in_dns) {
+      sources -= [
+        "dns/address_sorter_posix.cc",
+        "dns/address_sorter_posix.h",
+        "dns/dns_client.cc",
+      ]
+    }
+
+    if (!use_openssl_certs) {
+      sources -= [
+        "base/crypto_module_openssl.cc",
+        "base/keygen_handler_openssl.cc",
+        "base/openssl_private_key_store.h",
         "base/openssl_private_key_store_memory.cc",
         "cert/cert_database_openssl.cc",
         "cert/cert_verify_proc_openssl.cc",
+        "cert/cert_verify_proc_openssl.h",
         "cert/test_root_certs_openssl.cc",
+        "cert/x509_certificate_openssl.cc",
+        "ssl/openssl_client_key_store.cc",
+        "ssl/openssl_client_key_store.h",
       ]
+      if (is_android) {
+        sources -= [ "base/openssl_private_key_store_android.cc" ]
+      }
+    } else {
+      if (is_android) {
+        # Android doesn't use these even when using OpenSSL.
+        sources -= [
+          "base/openssl_private_key_store_memory.cc",
+          "cert/cert_database_openssl.cc",
+          "cert/cert_verify_proc_openssl.cc",
+          "cert/test_root_certs_openssl.cc",
+        ]
+      }
     }
-  }
 
-  if (!use_kerberos || is_android) {
-    net_shared_sources -= [
-      "http/http_auth_gssapi_posix.cc",
-      "http/http_auth_gssapi_posix.h",
-    ]
-  }
-
-  if (use_glib && use_gconf && !is_chromeos) {
-    net_shared_configs += [ "//build/config/linux:gconf" ]
-    net_shared_deps += [ "//build/linux:gio" ]
-  }
-
-  if (is_linux) {
-    net_shared_configs += [ "//build/config/linux:libresolv" ]
-  }
-
-  if (!use_nss_certs) {
-    net_shared_sources -= [
-      "base/crypto_module_nss.cc",
-      "base/keygen_handler_nss.cc",
-      "cert/cert_database_nss.cc",
-      "cert/nss_cert_database.cc",
-      "cert/nss_cert_database.h",
-      "cert/x509_certificate_nss.cc",
-      "ssl/client_cert_store_nss.cc",
-      "ssl/client_cert_store_nss.h",
-      "third_party/mozilla_security_manager/nsKeygenHandler.cpp",
-      "third_party/mozilla_security_manager/nsKeygenHandler.h",
-      "third_party/mozilla_security_manager/nsNSSCertificateDB.cpp",
-      "third_party/mozilla_security_manager/nsNSSCertificateDB.h",
-      "third_party/mozilla_security_manager/nsPKCS12Blob.cpp",
-      "third_party/mozilla_security_manager/nsPKCS12Blob.h",
-    ]
-    if (is_chromeos) {
-      # These were already removed on non-ChromeOS.
-      net_shared_sources -= [
-        "cert/nss_cert_database_chromeos.cc",
-        "cert/nss_cert_database_chromeos.h",
-        "cert/nss_profile_filter_chromeos.cc",
-        "cert/nss_profile_filter_chromeos.h",
+    if (!use_kerberos || is_android) {
+      sources -= [
+        "http/http_auth_gssapi_posix.cc",
+        "http/http_auth_gssapi_posix.h",
       ]
     }
-    net_shared_sources -= [
-      "ssl/client_key_store.cc",
-      "ssl/client_key_store.h",
-      "ssl/ssl_platform_key_nss.cc",
-    ]
-  } else if (use_openssl) {
-    # client_cert_store_nss.c requires NSS_CmpCertChainWCANames from NSS's
-    # libssl, but our bundled copy is not built in OpenSSL ports. Pull that file
-    # in directly.
-    net_shared_sources += [ "third_party/nss/ssl/cmpcert.c" ]
-  }
-
-  if (!use_nss_verifier) {
-    # These files are part of the partial implementation of NSS for
-    # cert verification, so keep them in that case.
-    net_shared_sources -= [
-      "cert/cert_verify_proc_nss.cc",
-      "cert/cert_verify_proc_nss.h",
-      "cert/test_root_certs_nss.cc",
-      "cert/x509_util_nss_certs.cc",
-      "cert_net/nss_ocsp.cc",
-      "cert_net/nss_ocsp.h",
-    ]
-  }
 
-  if (is_ios && use_nss_verifier) {
-    net_shared_sources -= [
-      "cert/cert_verify_proc_ios.cc",
-      "cert/cert_verify_proc_ios.h",
-      "cert/x509_certificate_openssl_ios.cc",
-    ]
-  }
+    if (use_glib && use_gconf && !is_chromeos) {
+      deps += [ "//build/linux/libgio" ]
+    }
 
-  if (is_chromecast && use_nss_certs) {
-    net_shared_sources += [ "ssl/ssl_platform_key_chromecast.cc" ]
-    net_shared_sources -= [ "ssl/ssl_platform_key_nss.cc" ]
-  }
+    if (!use_nss_certs) {
+      sources -= [
+        "base/crypto_module_nss.cc",
+        "base/keygen_handler_nss.cc",
+        "cert/cert_database_nss.cc",
+        "cert/nss_cert_database.cc",
+        "cert/nss_cert_database.h",
+        "cert/x509_certificate_nss.cc",
+        "ssl/client_cert_store_nss.cc",
+        "ssl/client_cert_store_nss.h",
+        "third_party/mozilla_security_manager/nsKeygenHandler.cpp",
+        "third_party/mozilla_security_manager/nsKeygenHandler.h",
+        "third_party/mozilla_security_manager/nsNSSCertificateDB.cpp",
+        "third_party/mozilla_security_manager/nsNSSCertificateDB.h",
+        "third_party/mozilla_security_manager/nsPKCS12Blob.cpp",
+        "third_party/mozilla_security_manager/nsPKCS12Blob.h",
+      ]
+      if (is_chromeos) {
+        # These were already removed on non-ChromeOS.
+        sources -= [
+          "cert/nss_cert_database_chromeos.cc",
+          "cert/nss_cert_database_chromeos.h",
+          "cert/nss_profile_filter_chromeos.cc",
+          "cert/nss_profile_filter_chromeos.h",
+        ]
+      }
+      sources -= [
+        "ssl/client_key_store.cc",
+        "ssl/client_key_store.h",
+        "ssl/ssl_platform_key_nss.cc",
+      ]
+    } else {
+      # client_cert_store_nss.c requires NSS_CmpCertChainWCANames from NSS's
+      # libssl, but our bundled copy is not built in OpenSSL ports. Pull that
+      # file in directly.
+      sources += [ "third_party/nss/ssl/cmpcert.c" ]
+    }
 
-  if (!enable_mdns) {
-    net_shared_sources -= [
-      "dns/mdns_cache.cc",
-      "dns/mdns_cache.h",
-      "dns/mdns_client.cc",
-      "dns/mdns_client.h",
-      "dns/mdns_client_impl.cc",
-      "dns/mdns_client_impl.h",
-      "dns/record_parsed.cc",
-      "dns/record_parsed.h",
-      "dns/record_rdata.cc",
-      "dns/record_rdata.h",
-    ]
-  }
+    if (!use_nss_certs) {
+      # These files are part of the partial implementation of NSS for
+      # cert verification, so keep them in that case.
+      sources -= [
+        "cert/cert_verify_proc_nss.cc",
+        "cert/cert_verify_proc_nss.h",
+        "cert/test_root_certs_nss.cc",
+        "cert/x509_util_nss.cc",
+        "cert_net/nss_ocsp.cc",
+        "cert_net/nss_ocsp.h",
+      ]
+    }
 
-  if (is_win) {
-    net_shared_sources -= [ "http/http_auth_handler_ntlm_portable.cc" ]
-  } else {  # !is_win
-    net_shared_sources -= [
-      "base/winsock_init.cc",
-      "base/winsock_init.h",
-      "base/winsock_util.cc",
-      "base/winsock_util.h",
-      "proxy/proxy_resolver_winhttp.cc",
-      "proxy/proxy_resolver_winhttp.h",
-    ]
-  }
+    if (is_chromecast && use_nss_certs) {
+      sources += [ "ssl/ssl_platform_key_chromecast.cc" ]
+      sources -= [ "ssl/ssl_platform_key_nss.cc" ]
+    }
 
-  if (is_ios) {
-    # Add back some sources that were otherwise filtered out. iOS needs some Mac
-    # files.
-    net_shared_unfiltered_sources += [
-      "base/mac/url_conversions.h",
-      "base/mac/url_conversions.mm",
-      "base/network_change_notifier_mac.cc",
-      "base/network_config_watcher_mac.cc",
-      "base/network_interfaces_mac.cc",
-      "base/network_interfaces_mac.h",
-      "base/platform_mime_util_mac.mm",
-      "proxy/proxy_resolver_mac.cc",
-      "proxy/proxy_server_mac.cc",
-    ]
+    if (!enable_mdns) {
+      sources -= [
+        "dns/mdns_cache.cc",
+        "dns/mdns_cache.h",
+        "dns/mdns_client.cc",
+        "dns/mdns_client.h",
+        "dns/mdns_client_impl.cc",
+        "dns/mdns_client_impl.h",
+        "dns/record_parsed.cc",
+        "dns/record_parsed.h",
+        "dns/record_rdata.cc",
+        "dns/record_rdata.h",
+      ]
+    }
 
-    net_shared_sources -= [ "disk_cache/blockfile/file_posix.cc" ]
-    net_shared_deps += [
-      "//third_party/nss:nspr",
-      "//third_party/nss",
-      "//net/third_party/nss/ssl:libssl",
-    ]
-  }
+    if (is_win) {
+      sources -= [ "http/http_auth_handler_ntlm_portable.cc" ]
+    } else {  # !is_win
+      sources -= [
+        "base/winsock_init.cc",
+        "base/winsock_init.h",
+        "base/winsock_util.cc",
+        "base/winsock_util.h",
+        "proxy/proxy_resolver_winhttp.cc",
+        "proxy/proxy_resolver_winhttp.h",
+      ]
+    }
 
-  if (is_ios && !use_nss_verifier) {
-    net_shared_sources += [ "cert/test_root_certs_mac.cc" ]
-  }
+    if (is_ios) {
+      # Add back some sources that were otherwise filtered out.
+      # iOS needs some Mac files.
+      net_unfiltered_sources += [
+        "base/mac/url_conversions.h",
+        "base/mac/url_conversions.mm",
+        "base/network_change_notifier_mac.cc",
+        "base/network_config_watcher_mac.cc",
+        "base/network_interfaces_mac.cc",
+        "base/network_interfaces_mac.h",
+        "base/platform_mime_util_mac.mm",
+        "cert/test_root_certs_mac.cc",
+        "proxy/proxy_resolver_mac.cc",
+        "proxy/proxy_server_mac.cc",
+      ]
 
-  if (is_ios || is_mac) {
-    net_shared_sources += gypi_values.net_base_mac_ios_sources
-  }
+      sources -= [ "disk_cache/blockfile/file_posix.cc" ]
+    }
 
-  if (is_android) {
-    net_shared_deps += [ ":net_jni_headers" ]
+    if (is_ios || is_mac) {
+      sources += gypi_values.net_base_mac_ios_sources
+    }
 
-    # Add some Linux sources that were excluded by the filter, but which
-    # are needed.
-    net_shared_unfiltered_sources += [
-      "base/address_tracker_linux.cc",
-      "base/address_tracker_linux.h",
-      "base/network_interfaces_linux.cc",
-      "base/network_interfaces_linux.h",
-      "base/platform_mime_util_linux.cc",
-    ]
+    if (is_android) {
+      deps += [ ":net_jni_headers" ]
+
+      # Add some Linux sources that were excluded by the filter, but which
+      # are needed.
+      net_unfiltered_sources += [
+        "base/address_tracker_linux.cc",
+        "base/address_tracker_linux.h",
+        "base/network_interfaces_linux.cc",
+        "base/network_interfaces_linux.h",
+        "base/platform_mime_util_linux.cc",
+      ]
+    }
+  } else {
+    public_deps += [ "//native_client_sdk/src/libraries/nacl_io" ]
   }
-} else {
-  net_shared_public_deps += [ "//native_client_sdk/src/libraries/nacl_io" ]
-}
-
-component("net") {
-  sources = net_shared_sources
 
   # Add back some sources that were otherwise filtered out.
   set_sources_assignment_filter([])
-  sources += net_shared_unfiltered_sources
+  sources += net_unfiltered_sources
   set_sources_assignment_filter(sources_assignment_filter)
 
   cflags = []
-  configs += net_shared_configs
+  configs += net_configs
   public_configs = [ ":net_config" ]
 
-  public_deps = net_shared_public_deps + [ "//url" ]
-  deps = net_shared_deps
+  public_deps += [ "//url" ]
 
   if (is_mac) {
     libs = [
+      "CFNetwork.framework",
+      "CoreServices.framework",
       "Foundation.framework",
       "Security.framework",
       "SystemConfiguration.framework",
@@ -466,55 +377,40 @@ component("net") {
     }
 
     # ICU support.
-    deps += [
-      "//base:i18n",
-      "//third_party/icu",
-    ]
-    sources += [
-      "base/filename_util_icu.cc",
-      "base/net_string_util_icu.cc",
-    ]
+    if (use_platform_icu_alternatives) {
+      if (is_android) {
+        # Use ICU alternative on Android.
+        sources += [
+          "base/net_string_util_icu_alternatives_android.cc",
+          "base/net_string_util_icu_alternatives_android.h",
+        ]
+        deps += [ ":net_jni_headers" ]
+      } else if (is_ios) {
+        # Use ICU alternative on iOS.
+        sources += [ "base/net_string_util_icu_alternatives_ios.mm" ]
+      } else {
+        assert(false,
+               "ICU alternative is not implemented for platform: " + target_os)
+      }
+    } else {
+      # Use ICU.
+      deps += [
+        "//base:i18n",
+        "//third_party/icu",
+      ]
+      sources += [
+        "base/filename_util_icu.cc",
+        "base/net_string_util_icu.cc",
+      ]
+    }
 
     # Brotli support.
-    deps += [ "//third_party/brotli" ]
-    sources += [ "filter/brotli_filter.cc" ]
-  }
-}
-
-if (is_android) {
-  # Same as net, but with brotli encoding, ICU, file, ftp, and websocket
-  # support stripped.
-  component("net_small") {
-    sources = net_shared_sources
-
-    # Add back some sources that were otherwise filtered out.
-    set_sources_assignment_filter([])
-    sources += net_shared_unfiltered_sources
-    set_sources_assignment_filter(sources_assignment_filter)
-
-    cflags = []
-    defines = []
-    configs += net_shared_configs
-    public_configs = [ ":net_config" ]
-
-    public_deps = net_shared_public_deps +
-                  [ "//url:url_lib_use_icu_alternatives_on_android" ]
-    deps = net_shared_deps + [ ":net_jni_headers" ]
-
-    defines += [
-      "DISABLE_FILE_SUPPORT",
-      "DISABLE_FTP_SUPPORT",
-      "USE_ICU_ALTERNATIVES_ON_ANDROID=1",
-    ]
-
-    # Use ICU alternative on Android.
-    sources += [
-      "base/net_string_util_icu_alternatives_android.cc",
-      "base/net_string_util_icu_alternatives_android.h",
-    ]
-
-    # Disable Brotli support.
-    sources += [ "filter/brotli_filter_disabled.cc" ]
+    if (!disable_brotli_filter) {
+      sources += [ "filter/brotli_filter.cc" ]
+      deps += [ "//third_party/brotli" ]
+    } else {
+      sources += [ "filter/brotli_filter_disabled.cc" ]
+    }
   }
 }
 
@@ -528,10 +424,7 @@ grit("net_resources") {
 }
 
 proto_library("net_quic_proto") {
-  visibility = [
-    ":net",
-    ":net_small",
-  ]
+  visibility = [ ":net" ]
 
   sources = [
     "quic/proto/cached_network_parameters.proto",
@@ -597,15 +490,15 @@ if (!is_ios) {
       ":test_support",
       "//base",
       "//build/config/sanitizers:deps",
+      "//build/win:default_exe_manifest",
     ]
   }
 }
 
 bundle_data("test_support_bundle_data") {
+  visibility = [ ":test_support" ]
   testonly = true
-  sources = [
-    "data/ssl/certificates",
-  ]
+  sources = gypi_values.net_test_support_data_sources
   outputs = [
     "{{bundle_resources_dir}}/" +
         "{{source_root_relative_dir}}/{{source_file_part}}",
@@ -680,15 +573,20 @@ source_set("test_support") {
     "test/embedded_test_server/request_handler_util.cc",
     "test/embedded_test_server/request_handler_util.h",
     "test/event_waiter.h",
+    "test/gtest_util.h",
     "test/net_test_suite.cc",
     "test/net_test_suite.h",
     "test/python_utils.cc",
     "test/python_utils.h",
+    "test/scoped_disable_exit_on_dfatal.cc",
+    "test/scoped_disable_exit_on_dfatal.h",
     "test/test_certificate_data.h",
     "test/url_request/ssl_certificate_error_job.cc",
     "test/url_request/ssl_certificate_error_job.h",
     "test/url_request/url_request_failed_job.cc",
     "test/url_request/url_request_failed_job.h",
+    "test/url_request/url_request_hanging_read_job.cc",
+    "test/url_request/url_request_hanging_read_job.h",
     "test/url_request/url_request_mock_data_job.cc",
     "test/url_request/url_request_mock_data_job.h",
     "test/url_request/url_request_slow_download_job.cc",
@@ -717,10 +615,6 @@ source_set("test_support") {
     "//build/config/compiler:no_size_t_to_int_warning",
   ]
 
-  deps = [
-    ":test_support_bundle_data",
-  ]
-
   public_deps = [
     "//base",
     "//base/test:test_support",
@@ -732,11 +626,15 @@ source_set("test_support") {
     "//url",
   ]
 
+  deps = [
+    ":test_support_bundle_data",
+  ]
+
   if (!is_ios) {
     public_deps += [ "//third_party/protobuf:py_proto" ]
   }
 
-  if (use_nss_verifier) {
+  if (use_nss_certs) {
     public_deps += [ "//crypto:platform" ]
   }
 
@@ -919,6 +817,7 @@ if (!is_ios && !is_android) {
       ":test_support",
       "//base",
       "//build/config/sanitizers:deps",
+      "//build/win:default_exe_manifest",
     ]
   }
 
@@ -934,6 +833,7 @@ if (!is_ios && !is_android) {
       ":net",
       "//base",
       "//build/config/sanitizers:deps",
+      "//build/win:default_exe_manifest",
     ]
   }
 
@@ -949,6 +849,7 @@ if (!is_ios && !is_android) {
       ":net",
       "//base",
       "//build/config/sanitizers:deps",
+      "//build/win:default_exe_manifest",
     ]
   }
 
@@ -962,6 +863,7 @@ if (!is_ios && !is_android) {
       ":net",
       "//base",
       "//build/config/sanitizers:deps",
+      "//build/win:default_exe_manifest",
     ]
   }
 
@@ -978,6 +880,7 @@ if (!is_ios && !is_android) {
       "//base",
       "//base:i18n",
       "//build/config/sanitizers:deps",
+      "//build/win:default_exe_manifest",
       "//url",
     ]
   }
@@ -994,6 +897,7 @@ if (!is_ios && !is_android) {
       ":net",
       "//base",
       "//build/config/sanitizers:deps",
+      "//build/win:default_exe_manifest",
     ]
   }
 
@@ -1009,6 +913,7 @@ if (!is_ios && !is_android) {
       ":net",
       "//base",
       "//build/config/sanitizers:deps",
+      "//build/win:default_exe_manifest",
     ]
   }
 
@@ -1024,6 +929,7 @@ if (!is_ios && !is_android) {
       ":net",
       "//base",
       "//build/config/sanitizers:deps",
+      "//build/win:default_exe_manifest",
     ]
   }
 
@@ -1038,14 +944,15 @@ if (!is_ios && !is_android) {
         ":net_with_v8",
         "//base",
         "//build/config/sanitizers:deps",
+        "//build/win:default_exe_manifest",
       ]
 
       if (is_desktop_linux && use_gconf && use_glib) {
         configs += [
-          "//build/config/linux:gconf",
+          "//build/config/linux/gconf",
           "//build/config/linux:glib",
         ]
-        deps += [ "//build/linux:gio" ]
+        deps += [ "//build/linux/libgio" ]
       }
     }
   }
@@ -1060,6 +967,7 @@ if (!is_ios && !is_android) {
       "//base",
       "//base/test:test_support",
       "//build/config/sanitizers:deps",
+      "//build/win:default_exe_manifest",
       "//testing/gtest",
     ]
   }
@@ -1077,6 +985,7 @@ if (!is_ios && !is_android) {
       ":test_support",
       "//base",
       "//build/config/sanitizers:deps",
+      "//build/win:default_exe_manifest",
     ]
   }
 
@@ -1091,12 +1000,13 @@ if (!is_ios && !is_android) {
       "//base",
       "//base:i18n",
       "//build/config/sanitizers:deps",
+      "//build/win:default_exe_manifest",
       "//net/tools/tld_cleanup",
     ]
   }
 }
 
-if (is_linux) {
+if (is_linux || is_mac) {
   executable("cachetool") {
     testonly = true
     sources = [
@@ -1123,7 +1033,9 @@ if (is_linux) {
       "//url",
     ]
   }
+}
 
+if (is_linux) {
   static_library("epoll_server") {
     sources = [
       "tools/epoll_server/epoll_server.cc",
@@ -1222,6 +1134,8 @@ if (is_linux) {
       "tools/quic/quic_client.h",
       "tools/quic/quic_default_packet_writer.cc",
       "tools/quic/quic_default_packet_writer.h",
+      "tools/quic/quic_epoll_alarm_factory.cc",
+      "tools/quic/quic_epoll_alarm_factory.h",
       "tools/quic/quic_epoll_clock.cc",
       "tools/quic/quic_epoll_clock.h",
       "tools/quic/quic_epoll_connection_helper.cc",
@@ -1323,6 +1237,8 @@ if (is_android || is_linux) {
 
 source_set("simple_quic_tools") {
   sources = [
+    "tools/quic/chlo_extractor.cc",
+    "tools/quic/chlo_extractor.h",
     "tools/quic/quic_client_base.cc",
     "tools/quic/quic_client_base.h",
     "tools/quic/quic_client_session.cc",
@@ -1389,7 +1305,7 @@ source_set("stale_while_revalidate_experiment_domains") {
     ":stale_while_revalidate_experiment_domains_dafsa",
     "//base",
   ]
-  configs += net_shared_configs
+  configs += net_configs
 }
 
 if (!is_ios) {
@@ -1402,6 +1318,7 @@ if (!is_ios) {
       ":simple_quic_tools",
       "//base",
       "//build/config/sanitizers:deps",
+      "//build/win:default_exe_manifest",
       "//url",
     ]
   }
@@ -1414,24 +1331,41 @@ if (!is_ios) {
       ":simple_quic_tools",
       "//base",
       "//build/config/sanitizers:deps",
+      "//build/win:default_exe_manifest",
       "//third_party/boringssl",
       "//third_party/protobuf:protobuf_lite",
     ]
   }
+  executable("quic_packet_printer") {
+    sources = [
+      "tools/quic/quic_packet_printer_bin.cc",
+    ]
+    deps = [
+      ":net",
+      ":simple_quic_tools",
+      "//base",
+      "//build/config/sanitizers:deps",
+      "//build/win:default_exe_manifest",
+      "//third_party/boringssl",
+      "//third_party/protobuf:protobuf_lite",
+    ]
+  }
+  executable("crypto_message_printer") {
+    sources = [
+      "tools/quic/crypto_message_printer_bin.cc",
+    ]
+    deps = [
+      ":net",
+      "//base",
+      "//build/config/sanitizers:deps",
+      "//build/win:default_exe_manifest",
+    ]
+  }
 }
 
 bundle_data("net_unittests_bundle_data") {
   testonly = true
-  sources = [
-    "data/certificate_policies_unittest",
-    "data/name_constraints_unittest",
-    "data/parse_certificate_unittest",
-    "data/parse_ocsp_unittest",
-    "data/test.html",
-    "data/url_request_unittest",
-    "data/verify_certificate_chain_unittest",
-    "data/verify_name_match_unittest/names",
-  ]
+  sources = gypi_values.net_unittests_data_sources
   outputs = [
     "{{bundle_resources_dir}}/" +
         "{{source_root_relative_dir}}/{{source_file_part}}",
@@ -1469,16 +1403,15 @@ test("net_unittests") {
     "//testing/gtest",
     "//third_party/zlib",
     "//url",
+    "//url:url_features",
   ]
 
   data = [
     "data/",
   ]
-  data_deps = []
-
-  if (!is_ios) {
-    data_deps += [ "third_party/nist-pkits/" ]
-  }
+  data_deps = [
+    "third_party/nist-pkits/",
+  ]
 
   if (is_linux || is_mac || is_win) {
     deps += [
@@ -1537,15 +1470,6 @@ test("net_unittests") {
     }
   }
 
-  if (use_openssl) {
-    sources -= [ "quic/test_tools/crypto_test_utils_nss.cc" ]
-  } else {
-    sources -= [
-      "quic/test_tools/crypto_test_utils_openssl.cc",
-      "ssl/ssl_client_session_cache_openssl_unittest.cc",
-    ]
-  }
-
   if (use_kerberos) {
     defines += [ "USE_KERBEROS" ]
   }
@@ -1563,7 +1487,7 @@ test("net_unittests") {
     sources -= [ "http/http_auth_handler_negotiate_unittest.cc" ]
   }
 
-  if (!use_nss_verifier) {
+  if (!use_nss_certs) {
     # Only include this test when using NSS for cert verification.
     sources -= [ "cert_net/nss_ocsp_unittest.cc" ]
   }
@@ -1655,7 +1579,6 @@ test("net_unittests") {
       "disk_cache/blockfile/block_files_unittest.cc",
 
       # Need to read input data files.
-      "filter/brotli_filter_unittest.cc",
       "filter/gzip_filter_unittest.cc",
       "socket/ssl_server_socket_unittest.cc",
       "spdy/fuzzing/hpack_fuzz_util_test.cc",
@@ -1675,13 +1598,49 @@ test("net_unittests") {
       # OS is not "linux" or "freebsd" or "openbsd".
       "socket/unix_domain_client_socket_posix_unittest.cc",
       "socket/unix_domain_server_socket_posix_unittest.cc",
+    ]
+  }
 
-      # See bug http://crbug.com/344533.
-      "disk_cache/blockfile/index_table_v3_unittest.cc",
+  # Unit tests that aren't supported by the current ICU alternatives on Android.
+  if (is_android && use_platform_icu_alternatives) {
+    sources -= [
+      "base/filename_util_unittest.cc",
+      "base/url_util_unittest.cc",
+      "cert/x509_certificate_unittest.cc",
+      "proxy/proxy_resolver_v8_unittest.cc",
+      "url_request/url_request_job_unittest.cc",
     ]
   }
 
+  # Unit tests that are not supported by the current ICU alternatives on iOS.
+  if (is_ios && use_platform_icu_alternatives) {
+    sources -= [
+      "base/filename_util_unittest.cc",
+      "base/url_util_unittest.cc",
+      "cert/x509_certificate_unittest.cc",
+      "http/http_auth_handler_basic_unittest.cc",
+      "http/http_auth_handler_digest_unittest.cc",
+      "http/http_auth_handler_factory_unittest.cc",
+      "http/http_auth_unittest.cc",
+      "http/http_content_disposition_unittest.cc",
+      "http/http_network_transaction_unittest.cc",
+      "http/http_proxy_client_socket_pool_unittest.cc",
+      "socket/ssl_client_socket_pool_unittest.cc",
+      "spdy/spdy_network_transaction_unittest.cc",
+      "spdy/spdy_proxy_client_socket_unittest.cc",
+      "url_request/url_request_job_unittest.cc",
+      "url_request/url_request_unittest.cc",
+    ]
+  }
+
+  # Exclude brotli test if the support for brotli is disabled.
+  # Also, exclude the test from iOS for now (needs to read input data files).
+  if (disable_brotli_filter || is_ios) {
+    sources -= [ "filter/brotli_filter_unittest.cc" ]
+  }
+
   if (is_android) {
+    data_deps += [ "//net/tools/testserver:testserver_py" ]
     deps += [
       ":net_test_jni_headers",
       "//base:base_java_unittest_support",
@@ -1696,14 +1655,10 @@ test("net_unittests") {
       "//v8:v8_external_startup_data_assets",
     ]
     android_manifest = "//net/android/unittest_support/AndroidManifest.xml"
-    sources -= [
-      # See bug http://crbug.com/344533.
-      "disk_cache/blockfile/index_table_v3_unittest.cc",
-    ]
     set_sources_assignment_filter([])
     sources += [ "base/address_tracker_linux_unittest.cc" ]
     set_sources_assignment_filter(sources_assignment_filter)
-    isolate_file = "net_unittests.isolate"
+    shard_timeout = 300
   }
 
   # Symbols for crashes when running tests on swarming.
@@ -1711,7 +1666,8 @@ test("net_unittests") {
     if (is_win) {
       data += [ "$root_out_dir/net_unittests.exe.pdb" ]
     } else if (is_mac) {
-      data += [ "$root_out_dir/net_unittests.dSYM/" ]
+      # TODO(crbug.com/330301): make this conditional on mac_strip_release.
+      # data += [ "$root_out_dir/net_unittests.dSYM/" ]
     }
   }
 }
@@ -1725,7 +1681,7 @@ if (!is_ios) {
     sources = [
       "base/mime_sniffer_perftest.cc",
       "cookies/cookie_monster_perftest.cc",
-      "disk_cache/blockfile/disk_cache_perftest.cc",
+      "disk_cache/disk_cache_perftest.cc",
       "extras/sqlite/sqlite_persistent_cookie_store_perftest.cc",
       "proxy/proxy_resolver_perftest.cc",
       "udp/udp_socket_perftest.cc",
@@ -1741,6 +1697,7 @@ if (!is_ios) {
       "//base:i18n",
       "//base/test:test_support_perf",
       "//build/config/sanitizers:deps",
+      "//build/win:default_exe_manifest",
       "//testing/gtest",
       "//url",
     ]
@@ -1763,11 +1720,30 @@ source_set("net_fuzzer_test_support") {
   testonly = true
 
   sources = [
+    "base/fuzzed_data_provider.cc",
+    "base/fuzzed_data_provider.h",
     "base/fuzzer_test_support.cc",
+    "socket/fuzzed_socket.cc",
+    "socket/fuzzed_socket.h",
+    "socket/fuzzed_socket_factory.cc",
+    "socket/fuzzed_socket_factory.h",
   ]
   deps = [
     "//base",
     "//base:i18n",
+    "//net",
+  ]
+}
+
+fuzzer_test("net_data_job_fuzzer") {
+  sources = [
+    "url_request/url_request_data_job_fuzzer.cc",
+  ]
+  deps = [
+    ":net_fuzzer_test_support",
+    ":test_support",
+    "//base",
+    "//net",
   ]
 }
 
@@ -1854,6 +1830,48 @@ fuzzer_test("net_get_domain_and_registry_fuzzer") {
   ]
 }
 
+fuzzer_test("net_cert_verify_name_match_fuzzer") {
+  sources = [
+    "cert/internal/verify_name_match_fuzzer.cc",
+  ]
+  deps = [
+    ":net_fuzzer_test_support",
+    "//base",
+    "//net",
+  ]
+}
+
+fuzzer_test("net_cert_normalize_name_fuzzer") {
+  sources = [
+    "cert/internal/verify_name_match_normalizename_fuzzer.cc",
+  ]
+  deps = [
+    "//base",
+    "//net",
+  ]
+}
+
+fuzzer_test("net_cert_verify_name_in_subtree_fuzzer") {
+  sources = [
+    "cert/internal/verify_name_match_verifynameinsubtree_fuzzer.cc",
+  ]
+  deps = [
+    ":net_fuzzer_test_support",
+    "//base",
+    "//net",
+  ]
+}
+
+fuzzer_test("net_cert_parse_certificate_fuzzer") {
+  sources = [
+    "cert/internal/parse_certificate_fuzzer.cc",
+  ]
+  deps = [
+    "//base",
+    "//net",
+  ]
+}
+
 fuzzer_test("net_parse_cookie_line_fuzzer") {
   sources = [
     "cookies/parse_cookie_line_fuzzer.cc",
@@ -1875,6 +1893,17 @@ fuzzer_test("net_dns_record_fuzzer") {
   ]
 }
 
+fuzzer_test("net_dns_hosts_parse_fuzzer") {
+  sources = [
+    "dns/dns_hosts_parse_fuzzer.cc",
+  ]
+  deps = [
+    ":net_fuzzer_test_support",
+    "//base",
+    "//net",
+  ]
+}
+
 fuzzer_test("net_http_stream_parser_fuzzer") {
   sources = [
     "http/http_stream_parser_fuzzer.cc",
@@ -1885,6 +1914,7 @@ fuzzer_test("net_http_stream_parser_fuzzer") {
     "//base",
     "//net",
   ]
+  dict = "data/http/http.dict"
 }
 
 fuzzer_test("net_ftp_ctrl_response_fuzzer") {
@@ -1919,7 +1949,7 @@ fuzzer_test("net_unescape_url_component_fuzzer") {
     "//net",
   ]
   dict = "base/unescape_url_component_fuzzer.dict"
-  libfuzzer_options = "base/unescape_url_component_fuzzer.options"
+  libfuzzer_options = [ "max_len = 2048" ]
 }
 
 fuzzer_test("net_websocket_frame_parser_fuzzer") {
@@ -1943,6 +1973,19 @@ fuzzer_test("net_http_chunked_decoder_fuzzer") {
   dict = "http/http_chunked_decoder_fuzzer.dict"
 }
 
+fuzzer_test("net_http_proxy_client_socket_fuzzer") {
+  sources = [
+    "http/http_proxy_client_socket_fuzzer.cc",
+  ]
+  deps = [
+    ":net_fuzzer_test_support",
+    ":test_support",
+    "//base",
+    "//net",
+  ]
+  dict = "data/http/http.dict"
+}
+
 fuzzer_test("net_quic_crypto_framer_parse_message_fuzzer") {
   sources = [
     "quic/quic_crypto_framer_parse_message_fuzzer.cc",
@@ -1953,3 +1996,40 @@ fuzzer_test("net_quic_crypto_framer_parse_message_fuzzer") {
     "//net",
   ]
 }
+
+fuzzer_test("net_socks_client_socket_fuzzer") {
+  sources = [
+    "socket/socks_client_socket_fuzzer.cc",
+  ]
+  deps = [
+    ":net_fuzzer_test_support",
+    ":test_support",
+    "//base",
+    "//net",
+  ]
+}
+
+fuzzer_test("net_socks5_client_socket_fuzzer") {
+  sources = [
+    "socket/socks5_client_socket_fuzzer.cc",
+  ]
+  deps = [
+    ":net_fuzzer_test_support",
+    ":test_support",
+    "//base",
+    "//net",
+  ]
+}
+
+fuzzer_test("net_url_request_fuzzer") {
+  sources = [
+    "url_request/url_request_fuzzer.cc",
+  ]
+  deps = [
+    ":net_fuzzer_test_support",
+    ":test_support",
+    "//base",
+    "//net",
+  ]
+  dict = "data/http/http.dict"
+}
diff --git a/chromium/net/OWNERS b/chromium/net/OWNERS
index 808c8631344..8282dadc18d 100644
--- a/chromium/net/OWNERS
+++ b/chromium/net/OWNERS
@@ -14,7 +14,7 @@ rch@chromium.org
 rdsmith@chromium.org
 rsleevi@chromium.org
 rtenneti@chromium.org
-ttuttle@chromium.org
+juliatuttle@chromium.org
 xunjieli@chromium.org
 
 per-file *.isolate=maruel@chromium.org
diff --git a/chromium/net/android/dummy_spnego_authenticator.cc b/chromium/net/android/dummy_spnego_authenticator.cc
index 2bb4ef450bb..5614c33ddfb 100644
--- a/chromium/net/android/dummy_spnego_authenticator.cc
+++ b/chromium/net/android/dummy_spnego_authenticator.cc
@@ -129,6 +129,9 @@ DummySpnegoAuthenticator::SecurityContextQuery::SecurityContextQuery()
     : response_code(0), minor_response_code(0) {
 }
 
+DummySpnegoAuthenticator::SecurityContextQuery::SecurityContextQuery(
+    const SecurityContextQuery& other) = default;
+
 DummySpnegoAuthenticator::SecurityContextQuery::~SecurityContextQuery() {
 }
 
diff --git a/chromium/net/android/dummy_spnego_authenticator.h b/chromium/net/android/dummy_spnego_authenticator.h
index 1f37bd37ddc..2abca104025 100644
--- a/chromium/net/android/dummy_spnego_authenticator.h
+++ b/chromium/net/android/dummy_spnego_authenticator.h
@@ -82,6 +82,7 @@ class DummySpnegoAuthenticator {
                          const char* expected_input_token,
                          const char* output_token);
     SecurityContextQuery();
+    SecurityContextQuery(const SecurityContextQuery& other);
     ~SecurityContextQuery();
 
     // Note that many of these fields only exist for compatibility with the
diff --git a/chromium/net/android/http_auth_negotiate_android.cc b/chromium/net/android/http_auth_negotiate_android.cc
index 764eb4c0356..7586246ae49 100644
--- a/chromium/net/android/http_auth_negotiate_android.cc
+++ b/chromium/net/android/http_auth_negotiate_android.cc
@@ -9,7 +9,7 @@
 #include "base/bind.h"
 #include "base/callback_helpers.h"
 #include "base/location.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "jni/HttpNegotiateAuthenticator_jni.h"
 #include "net/base/auth.h"
 #include "net/base/net_errors.h"
diff --git a/chromium/net/android/http_auth_negotiate_android.h b/chromium/net/android/http_auth_negotiate_android.h
index af8163c9fb2..98ad8e578cc 100644
--- a/chromium/net/android/http_auth_negotiate_android.h
+++ b/chromium/net/android/http_auth_negotiate_android.h
@@ -6,13 +6,14 @@
 #define NET_ANDROID_HTTP_AUTH_NEGOTIATE_ANDROID_H_
 
 #include <jni.h>
+
+#include <memory>
 #include <string>
 
 #include "base/android/jni_android.h"
 #include "base/callback.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/completion_callback.h"
 #include "net/http/http_auth.h"
 
diff --git a/chromium/net/android/keystore_openssl.cc b/chromium/net/android/keystore_openssl.cc
index f60842cfda9..fd07440dd08 100644
--- a/chromium/net/android/keystore_openssl.cc
+++ b/chromium/net/android/keystore_openssl.cc
@@ -13,11 +13,12 @@
 #include <openssl/rsa.h>
 #include <stdint.h>
 
+#include <memory>
+
 #include "base/android/build_info.h"
 #include "base/android/scoped_java_ref.h"
 #include "base/lazy_instance.h"
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
 #include "crypto/openssl_util.h"
 #include "net/android/keystore.h"
 #include "net/android/legacy_openssl.h"
@@ -103,7 +104,7 @@ void ExDataFree(void* parent,
                 void* argp) {
   // Ensure the global JNI reference created with this wrapper is
   // properly destroyed with it.
-  KeyExData *ex_data = reinterpret_cast<KeyExData*>(ptr);
+  KeyExData* ex_data = reinterpret_cast<KeyExData*>(ptr);
   delete ex_data;
 }
 
@@ -123,10 +124,10 @@ class BoringSSLEngine {
                                               ExDataDup,
                                               ExDataFree)),
         engine_(ENGINE_new()) {
-    ENGINE_set_RSA_method(
-        engine_, &android_rsa_method, sizeof(android_rsa_method));
-    ENGINE_set_ECDSA_method(
-        engine_, &android_ecdsa_method, sizeof(android_ecdsa_method));
+    ENGINE_set_RSA_method(engine_, &android_rsa_method,
+                          sizeof(android_rsa_method));
+    ENGINE_set_ECDSA_method(engine_, &android_ecdsa_method,
+                            sizeof(android_ecdsa_method));
   }
 
   int rsa_ex_index() const { return rsa_index_; }
@@ -143,7 +144,6 @@ class BoringSSLEngine {
 base::LazyInstance<BoringSSLEngine>::Leaky global_boringssl_engine =
     LAZY_INSTANCE_INITIALIZER;
 
-
 // VectorBignumSize returns the number of bytes needed to represent the bignum
 // given in |v|, i.e. the length of |v| less any leading zero bytes.
 size_t VectorBignumSize(const std::vector<uint8_t>& v) {
@@ -160,8 +160,8 @@ KeyExData* RsaGetExData(const RSA* rsa) {
       RSA_get_ex_data(rsa, global_boringssl_engine.Get().rsa_ex_index()));
 }
 
-size_t RsaMethodSize(const RSA *rsa) {
-  const KeyExData *ex_data = RsaGetExData(rsa);
+size_t RsaMethodSize(const RSA* rsa) {
+  const KeyExData* ex_data = RsaGetExData(rsa);
   return ex_data->cached_size;
 }
 
@@ -198,7 +198,7 @@ int RsaMethodSignRaw(RSA* rsa,
   }
 
   // Retrieve private key JNI reference.
-  const KeyExData *ex_data = RsaGetExData(rsa);
+  const KeyExData* ex_data = RsaGetExData(rsa);
   if (!ex_data || !ex_data->private_key.obj()) {
     LOG(WARNING) << "Null JNI reference passed to RsaMethodSignRaw!";
     OPENSSL_PUT_ERROR(RSA, ERR_R_INTERNAL_ERROR);
@@ -238,8 +238,8 @@ int RsaMethodSignRaw(RSA* rsa,
 
   size_t expected_size = static_cast<size_t>(RSA_size(rsa));
   if (result.size() > expected_size) {
-    LOG(ERROR) << "RSA Signature size mismatch, actual: "
-               <<  result.size() << ", expected <= " << expected_size;
+    LOG(ERROR) << "RSA Signature size mismatch, actual: " << result.size()
+               << ", expected <= " << expected_size;
     OPENSSL_PUT_ERROR(RSA, ERR_R_INTERNAL_ERROR);
     return 0;
   }
@@ -285,8 +285,7 @@ int RsaMethodVerifyRaw(RSA* rsa,
 
 const RSA_METHOD android_rsa_method = {
     {
-     0 /* references */,
-     1 /* is_static */
+        0 /* references */, 1 /* is_static */
     } /* common */,
     nullptr /* app_data */,
 
@@ -321,8 +320,7 @@ crypto::ScopedEVP_PKEY CreateRsaPkeyWrapper(
     jobject private_key,
     AndroidRSA* legacy_rsa,
     const crypto::OpenSSLErrStackTracer& tracer) {
-  crypto::ScopedRSA rsa(
-      RSA_new_method(global_boringssl_engine.Get().engine()));
+  crypto::ScopedRSA rsa(RSA_new_method(global_boringssl_engine.Get().engine()));
 
   std::vector<uint8_t> modulus;
   if (!GetRSAKeyModulus(private_key, &modulus)) {
@@ -330,7 +328,7 @@ crypto::ScopedEVP_PKEY CreateRsaPkeyWrapper(
     return nullptr;
   }
 
-  scoped_ptr<KeyExData> ex_data(new KeyExData);
+  std::unique_ptr<KeyExData> ex_data(new KeyExData);
   ex_data->private_key.Reset(nullptr, private_key);
   if (ex_data->private_key.is_null()) {
     LOG(ERROR) << "Could not create global JNI reference";
@@ -398,8 +396,7 @@ crypto::ScopedEVP_PKEY GetRsaPkeyWrapper(jobject private_key) {
   // Route around platform limitation: if Android < 4.2, then
   // base::android::RawSignDigestWithPrivateKey() cannot work, so try to get the
   // system OpenSSL's EVP_PKEY backing this PrivateKey object.
-  AndroidEVP_PKEY* sys_pkey =
-      GetOpenSSLSystemHandleForPrivateKey(private_key);
+  AndroidEVP_PKEY* sys_pkey = GetOpenSSLSystemHandleForPrivateKey(private_key);
   if (sys_pkey == nullptr)
     return nullptr;
 
@@ -462,9 +459,8 @@ int EcdsaMethodSign(const uint8_t* digest,
   // ECDSA_size().
   size_t max_expected_size = ECDSA_size(ec_key);
   if (signature.size() > max_expected_size) {
-    LOG(ERROR) << "ECDSA Signature size mismatch, actual: "
-               <<  signature.size() << ", expected <= "
-               << max_expected_size;
+    LOG(ERROR) << "ECDSA Signature size mismatch, actual: " << signature.size()
+               << ", expected <= " << max_expected_size;
     return 0;
   }
 
@@ -500,7 +496,7 @@ crypto::ScopedEVP_PKEY GetEcdsaPkeyWrapper(jobject private_key) {
     return nullptr;
   }
 
-  scoped_ptr<KeyExData> ex_data(new KeyExData);
+  std::unique_ptr<KeyExData> ex_data(new KeyExData);
   ex_data->private_key.Reset(nullptr, private_key);
   if (ex_data->private_key.is_null()) {
     LOG(ERROR) << "Can't create global JNI reference";
@@ -521,8 +517,7 @@ crypto::ScopedEVP_PKEY GetEcdsaPkeyWrapper(jobject private_key) {
 
 const ECDSA_METHOD android_ecdsa_method = {
     {
-     0 /* references */,
-     1 /* is_static */
+        0 /* references */, 1 /* is_static */
     } /* common */,
     NULL /* app_data */,
 
diff --git a/chromium/net/android/keystore_openssl.h b/chromium/net/android/keystore_openssl.h
index 2de4e0a8125..72f3994c1f0 100644
--- a/chromium/net/android/keystore_openssl.h
+++ b/chromium/net/android/keystore_openssl.h
@@ -11,8 +11,7 @@
 #include "crypto/scoped_openssl_types.h"
 #include "net/base/net_export.h"
 
-// OpenSSL-specific functions to use the Android platform keystore.
-// The features provided here are highly specific to OpenSSL and are
+// The features provided here are highly implementation specific and are
 // segregated from net/android/keystore.h because the latter only provides
 // simply JNI stubs to call Java code which only uses platform APIs.
 
diff --git a/chromium/net/android/network_change_notifier_android.cc b/chromium/net/android/network_change_notifier_android.cc
index 74d47936e70..e093a4f5cbe 100644
--- a/chromium/net/android/network_change_notifier_android.cc
+++ b/chromium/net/android/network_change_notifier_android.cc
@@ -59,6 +59,8 @@
 
 #include "net/android/network_change_notifier_android.h"
 
+#include <unordered_set>
+
 #include "base/android/build_info.h"
 #include "base/macros.h"
 #include "base/metrics/histogram_macros.h"
@@ -93,7 +95,7 @@ class NetworkChangeNotifierAndroid::DnsConfigServiceThread
                          base::Bind(base::DoNothing),
                          // We're only interested in tunnel interface changes.
                          base::Bind(NotifyNetworkChangeNotifierObservers),
-                         base::hash_set<std::string>()) {}
+                         std::unordered_set<std::string>()) {}
 
   ~DnsConfigServiceThread() override {
     NetworkChangeNotifier::RemoveNetworkChangeObserver(this);
@@ -142,7 +144,7 @@ class NetworkChangeNotifierAndroid::DnsConfigServiceThread
 
   const DnsConfig* dns_config_for_testing_;
   const base::Time creation_time_;
-  scoped_ptr<internal::DnsConfigServicePosix> dns_config_service_;
+  std::unique_ptr<internal::DnsConfigServicePosix> dns_config_service_;
   // Used to detect tunnel state changes.
   internal::AddressTrackerLinux address_tracker_;
 
diff --git a/chromium/net/android/network_change_notifier_android.h b/chromium/net/android/network_change_notifier_android.h
index 203daf3f4f4..a931f74343c 100644
--- a/chromium/net/android/network_change_notifier_android.h
+++ b/chromium/net/android/network_change_notifier_android.h
@@ -5,6 +5,8 @@
 #ifndef NET_ANDROID_NETWORK_CHANGE_NOTIFIER_ANDROID_H_
 #define NET_ANDROID_NETWORK_CHANGE_NOTIFIER_ANDROID_H_
 
+#include <memory>
+
 #include "base/android/jni_android.h"
 #include "base/compiler_specific.h"
 #include "base/macros.h"
@@ -91,7 +93,7 @@ class NET_EXPORT_PRIVATE NetworkChangeNotifierAndroid
   static NetworkChangeCalculatorParams NetworkChangeCalculatorParamsAndroid();
 
   NetworkChangeNotifierDelegateAndroid* const delegate_;
-  scoped_ptr<DnsConfigServiceThread> dns_config_service_thread_;
+  std::unique_ptr<DnsConfigServiceThread> dns_config_service_thread_;
   bool force_network_handles_supported_for_testing_;
 
   DISALLOW_COPY_AND_ASSIGN(NetworkChangeNotifierAndroid);
diff --git a/chromium/net/android/network_change_notifier_android_unittest.cc b/chromium/net/android/network_change_notifier_android_unittest.cc
index e07a89eaf14..c6ba7c53fed 100644
--- a/chromium/net/android/network_change_notifier_android_unittest.cc
+++ b/chromium/net/android/network_change_notifier_android_unittest.cc
@@ -10,6 +10,7 @@
 #include "base/message_loop/message_loop.h"
 #include "net/android/network_change_notifier_android.h"
 #include "net/android/network_change_notifier_delegate_android.h"
+#include "net/base/ip_address.h"
 #include "net/base/network_change_notifier.h"
 #include "net/dns/dns_config_service.h"
 #include "net/dns/dns_protocol.h"
@@ -274,7 +275,7 @@ TEST_F(BaseNetworkChangeNotifierAndroidTest,
             delegate_.GetCurrentConnectionType());
   // Instantiate another delegate to validate that it uses the actual
   // connection type at construction.
-  scoped_ptr<NetworkChangeNotifierDelegateAndroid> other_delegate(
+  std::unique_ptr<NetworkChangeNotifierDelegateAndroid> other_delegate(
       new NetworkChangeNotifierDelegateAndroid());
   EXPECT_EQ(NetworkChangeNotifier::CONNECTION_NONE,
             other_delegate->GetCurrentConnectionType());
@@ -293,10 +294,8 @@ class NetworkChangeNotifierAndroidTest
     : public BaseNetworkChangeNotifierAndroidTest {
  protected:
   void SetUp() override {
-    IPAddressNumber dns_number;
-    ASSERT_TRUE(ParseIPLiteralToNumber("8.8.8.8", &dns_number));
     dns_config_.nameservers.push_back(
-        IPEndPoint(dns_number, dns_protocol::kDefaultPort));
+        IPEndPoint(IPAddress(8, 8, 8, 8), dns_protocol::kDefaultPort));
     notifier_.reset(new NetworkChangeNotifierAndroid(&delegate_, &dns_config_));
     NetworkChangeNotifier::AddConnectionTypeObserver(
         &connection_type_observer_);
@@ -314,7 +313,7 @@ class NetworkChangeNotifierAndroidTest
   NetworkChangeNotifierObserver other_connection_type_observer_;
   NetworkChangeNotifier::DisableForTest disable_for_test_;
   DnsConfig dns_config_;
-  scoped_ptr<NetworkChangeNotifierAndroid> notifier_;
+  std::unique_ptr<NetworkChangeNotifierAndroid> notifier_;
 };
 
 class NetworkChangeNotifierDelegateAndroidTest
diff --git a/chromium/net/android/traffic_stats_unittest.cc b/chromium/net/android/traffic_stats_unittest.cc
index 29abbe70e39..71e9eb09320 100644
--- a/chromium/net/android/traffic_stats_unittest.cc
+++ b/chromium/net/android/traffic_stats_unittest.cc
@@ -32,7 +32,7 @@ TEST(TrafficStatsAndroidTest, BasicsTest) {
   TestDelegate test_delegate;
   TestURLRequestContext context(false);
 
-  scoped_ptr<URLRequest> request(
+  std::unique_ptr<URLRequest> request(
       context.CreateRequest(embedded_test_server.GetURL("/echo.html"),
                             DEFAULT_PRIORITY, &test_delegate));
   request->Start();
@@ -65,7 +65,7 @@ TEST(TrafficStatsAndroidTest, UIDBasicsTest) {
   TestDelegate test_delegate;
   TestURLRequestContext context(false);
 
-  scoped_ptr<URLRequest> request(
+  std::unique_ptr<URLRequest> request(
       context.CreateRequest(embedded_test_server.GetURL("/echo.html"),
                             DEFAULT_PRIORITY, &test_delegate));
   request->Start();
diff --git a/chromium/net/base/OWNERS b/chromium/net/base/OWNERS
index 8532b8c7edd..ddc7882ba3b 100644
--- a/chromium/net/base/OWNERS
+++ b/chromium/net/base/OWNERS
@@ -3,7 +3,3 @@ per-file mime_sniffer*=set noparent
 per-file mime_sniffer*=rsleevi@chromium.org
 per-file mime_sniffer*=asanka@chromium.org
 per-file mime_sniffer*=mmenke@chromium.org
-
-# For all files relating to the network quality estimator.
-per-file network_quality*=bengr@chromium.org
-per-file socket_performance_watcher*=bengr@chromium.org
diff --git a/chromium/net/base/address_family.cc b/chromium/net/base/address_family.cc
index 8fc2bf02a66..deff1157810 100644
--- a/chromium/net/base/address_family.cc
+++ b/chromium/net/base/address_family.cc
@@ -10,19 +10,14 @@
 
 namespace net {
 
-AddressFamily GetAddressFamily(const IPAddressNumber& address) {
-  switch (address.size()) {
-    case kIPv4AddressSize:
-      return ADDRESS_FAMILY_IPV4;
-    case kIPv6AddressSize:
-      return ADDRESS_FAMILY_IPV6;
-    default:
-      return ADDRESS_FAMILY_UNSPECIFIED;
-  }
-}
-
 AddressFamily GetAddressFamily(const IPAddress& address) {
-  return GetAddressFamily(address.bytes());
+  if (address.IsIPv4()) {
+    return ADDRESS_FAMILY_IPV4;
+  } else if (address.IsIPv6()) {
+    return ADDRESS_FAMILY_IPV6;
+  } else {
+    return ADDRESS_FAMILY_UNSPECIFIED;
+  }
 }
 
 int ConvertAddressFamily(AddressFamily address_family) {
diff --git a/chromium/net/base/address_family.h b/chromium/net/base/address_family.h
index 748090e2a48..78021ae44d0 100644
--- a/chromium/net/base/address_family.h
+++ b/chromium/net/base/address_family.h
@@ -5,7 +5,6 @@
 #ifndef NET_BASE_ADDRESS_FAMILY_H_
 #define NET_BASE_ADDRESS_FAMILY_H_
 
-#include "net/base/ip_address_number.h"
 #include "net/base/net_export.h"
 
 namespace net {
@@ -36,9 +35,6 @@ enum {
 typedef int HostResolverFlags;
 
 // Returns AddressFamily for |address|.
-NET_EXPORT AddressFamily GetAddressFamily(const IPAddressNumber& address);
-
-// GetAddressFamily for net::IPAddress.
 NET_EXPORT AddressFamily GetAddressFamily(const IPAddress& address);
 
 // Maps the given AddressFamily to either AF_INET, AF_INET6 or AF_UNSPEC.
diff --git a/chromium/net/base/address_family_unittest.cc b/chromium/net/base/address_family_unittest.cc
index 6668ea24a1a..9efb76874a2 100644
--- a/chromium/net/base/address_family_unittest.cc
+++ b/chromium/net/base/address_family_unittest.cc
@@ -4,18 +4,19 @@
 
 #include "net/base/address_family.h"
 
+#include "net/base/ip_address.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 namespace net {
 namespace {
 
 TEST(AddressFamilyTest, GetAddressFamily) {
-  IPAddressNumber number;
-  EXPECT_EQ(ADDRESS_FAMILY_UNSPECIFIED, GetAddressFamily(number));
-  EXPECT_TRUE(ParseIPLiteralToNumber("192.168.0.1", &number));
-  EXPECT_EQ(ADDRESS_FAMILY_IPV4, GetAddressFamily(number));
-  EXPECT_TRUE(ParseIPLiteralToNumber("1:abcd::3:4:ff", &number));
-  EXPECT_EQ(ADDRESS_FAMILY_IPV6, GetAddressFamily(number));
+  IPAddress address;
+  EXPECT_EQ(ADDRESS_FAMILY_UNSPECIFIED, GetAddressFamily(address));
+  EXPECT_TRUE(address.AssignFromIPLiteral("192.168.0.1"));
+  EXPECT_EQ(ADDRESS_FAMILY_IPV4, GetAddressFamily(address));
+  EXPECT_TRUE(address.AssignFromIPLiteral("1:abcd::3:4:ff"));
+  EXPECT_EQ(ADDRESS_FAMILY_IPV6, GetAddressFamily(address));
 }
 
 }  // namespace
diff --git a/chromium/net/base/address_list.cc b/chromium/net/base/address_list.cc
index 2a0cbfc47fb..e11c9a7dfa8 100644
--- a/chromium/net/base/address_list.cc
+++ b/chromium/net/base/address_list.cc
@@ -15,11 +15,11 @@ namespace net {
 
 namespace {
 
-scoped_ptr<base::Value> NetLogAddressListCallback(
+std::unique_ptr<base::Value> NetLogAddressListCallback(
     const AddressList* address_list,
     NetLogCaptureMode capture_mode) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
-  scoped_ptr<base::ListValue> list(new base::ListValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::ListValue> list(new base::ListValue());
 
   for (AddressList::const_iterator it = address_list->begin();
        it != address_list->end(); ++it) {
diff --git a/chromium/net/base/address_list_unittest.cc b/chromium/net/base/address_list_unittest.cc
index 1e2fa427015..7553463a792 100644
--- a/chromium/net/base/address_list_unittest.cc
+++ b/chromium/net/base/address_list_unittest.cc
@@ -52,7 +52,7 @@ TEST(AddressListTest, CreateFromAddrinfo) {
         reinterpret_cast<struct sockaddr_in*>(storage[i].addr);
     storage[i].addr_len = sizeof(struct sockaddr_in);
     // Populating the address with { i, i, i, i }.
-    memset(&addr->sin_addr, i, kIPv4AddressSize);
+    memset(&addr->sin_addr, i, IPAddress::kIPv4AddressSize);
     addr->sin_family = AF_INET;
     // Set port to i << 2;
     addr->sin_port = base::HostToNet16(static_cast<uint16_t>(i << 2));
diff --git a/chromium/net/base/address_tracker_linux.cc b/chromium/net/base/address_tracker_linux.cc
index 59d732c90d7..7ce4687d382 100644
--- a/chromium/net/base/address_tracker_linux.cc
+++ b/chromium/net/base/address_tracker_linux.cc
@@ -127,7 +127,7 @@ AddressTrackerLinux::AddressTrackerLinux(
     const base::Closure& address_callback,
     const base::Closure& link_callback,
     const base::Closure& tunnel_callback,
-    const base::hash_set<std::string>& ignored_interfaces)
+    const std::unordered_set<std::string>& ignored_interfaces)
     : get_interface_name_(GetInterfaceName),
       address_callback_(address_callback),
       link_callback_(link_callback),
@@ -250,7 +250,7 @@ AddressTrackerLinux::AddressMap AddressTrackerLinux::GetAddressMap() const {
   return address_map_;
 }
 
-base::hash_set<int> AddressTrackerLinux::GetOnlineLinks() const {
+std::unordered_set<int> AddressTrackerLinux::GetOnlineLinks() const {
   AddressTrackerAutoLock lock(*this, online_links_lock_);
   return online_links_;
 }
@@ -442,13 +442,13 @@ bool AddressTrackerLinux::IsTunnelInterface(int interface_index) const {
 
 void AddressTrackerLinux::UpdateCurrentConnectionType() {
   AddressTrackerLinux::AddressMap address_map = GetAddressMap();
-  base::hash_set<int> online_links = GetOnlineLinks();
+  std::unordered_set<int> online_links = GetOnlineLinks();
 
   // Strip out tunnel interfaces from online_links
-  for (base::hash_set<int>::const_iterator it = online_links.begin();
+  for (std::unordered_set<int>::const_iterator it = online_links.begin();
        it != online_links.end();) {
     if (IsTunnelInterface(*it)) {
-      base::hash_set<int>::const_iterator tunnel_it = it;
+      std::unordered_set<int>::const_iterator tunnel_it = it;
       ++it;
       online_links.erase(*tunnel_it);
     } else {
diff --git a/chromium/net/base/address_tracker_linux.h b/chromium/net/base/address_tracker_linux.h
index 80767f6195b..747bff9908c 100644
--- a/chromium/net/base/address_tracker_linux.h
+++ b/chromium/net/base/address_tracker_linux.h
@@ -13,10 +13,10 @@
 #include <stddef.h>
 
 #include <map>
+#include <unordered_set>
 
 #include "base/callback.h"
 #include "base/compiler_specific.h"
-#include "base/containers/hash_tables.h"
 #include "base/macros.h"
 #include "base/message_loop/message_loop.h"
 #include "base/synchronization/condition_variable.h"
@@ -51,10 +51,11 @@ class NET_EXPORT_PRIVATE AddressTrackerLinux :
   // NOTE: Only ignore interfaces not used to connect to the internet. Adding
   // interfaces used to connect to the internet can cause critical network
   // changed signals to be lost allowing incorrect stale state to persist.
-  AddressTrackerLinux(const base::Closure& address_callback,
-                      const base::Closure& link_callback,
-                      const base::Closure& tunnel_callback,
-                      const base::hash_set<std::string>& ignored_interfaces);
+  AddressTrackerLinux(
+      const base::Closure& address_callback,
+      const base::Closure& link_callback,
+      const base::Closure& tunnel_callback,
+      const std::unordered_set<std::string>& ignored_interfaces);
   ~AddressTrackerLinux() override;
 
   // In tracking mode, it starts watching the system configuration for
@@ -67,7 +68,7 @@ class NET_EXPORT_PRIVATE AddressTrackerLinux :
   AddressMap GetAddressMap() const;
 
   // Returns set of interface indicies for online interfaces.
-  base::hash_set<int> GetOnlineLinks() const;
+  std::unordered_set<int> GetOnlineLinks() const;
 
   // Implementation of NetworkChangeNotifierLinux::GetCurrentConnectionType().
   // Safe to call from any thread, but will block until Init() has completed.
@@ -160,10 +161,10 @@ class NET_EXPORT_PRIVATE AddressTrackerLinux :
 
   // Set of interface indices for links that are currently online.
   mutable base::Lock online_links_lock_;
-  base::hash_set<int> online_links_;
+  std::unordered_set<int> online_links_;
 
   // Set of interface names that should be ignored.
-  const base::hash_set<std::string> ignored_interfaces_;
+  const std::unordered_set<std::string> ignored_interfaces_;
 
   base::Lock connection_type_lock_;
   bool connection_type_initialized_;
diff --git a/chromium/net/base/address_tracker_linux_unittest.cc b/chromium/net/base/address_tracker_linux_unittest.cc
index 1b349e53dfa..6a030061d3d 100644
--- a/chromium/net/base/address_tracker_linux_unittest.cc
+++ b/chromium/net/base/address_tracker_linux_unittest.cc
@@ -2,19 +2,21 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "net/base/address_tracker_linux.h"
+
+#include <linux/if.h>
+
+#include <memory>
+#include <unordered_set>
 #include <vector>
 
 #include "base/bind.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/synchronization/spin_wait.h"
 #include "base/synchronization/waitable_event.h"
 #include "base/threading/simple_thread.h"
-#include "net/base/address_tracker_linux.h"
 #include "net/base/ip_address.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
-#include <linux/if.h>
-
 #ifndef IFA_F_HOMEADDRESS
 #define IFA_F_HOMEADDRESS 0x10
 #endif
@@ -100,7 +102,7 @@ class AddressTrackerLinuxTest : public testing::Test {
     return tracker_->GetAddressMap();
   }
 
-  const base::hash_set<int> GetOnlineLinks() const {
+  const std::unordered_set<int> GetOnlineLinks() const {
     return tracker_->GetOnlineLinks();
   }
 
@@ -112,8 +114,8 @@ class AddressTrackerLinuxTest : public testing::Test {
     return tracker_->GetThreadsWaitingForConnectionTypeInitForTesting();
   }
 
-  base::hash_set<std::string> ignored_interfaces_;
-  scoped_ptr<AddressTrackerLinux> tracker_;
+  std::unordered_set<std::string> ignored_interfaces_;
+  std::unique_ptr<AddressTrackerLinux> tracker_;
   AddressTrackerLinux::GetInterfaceNameFunction original_get_interface_name_;
 };
 
diff --git a/chromium/net/base/auth.cc b/chromium/net/base/auth.cc
index 332e1883855..13ab1edfa8c 100644
--- a/chromium/net/base/auth.cc
+++ b/chromium/net/base/auth.cc
@@ -12,8 +12,7 @@ AuthChallengeInfo::AuthChallengeInfo() : is_proxy(false) {
 
 bool AuthChallengeInfo::Equals(const AuthChallengeInfo& that) const {
   return (this->is_proxy == that.is_proxy &&
-          this->challenger.Equals(that.challenger) &&
-          this->scheme == that.scheme &&
+          this->challenger == that.challenger && this->scheme == that.scheme &&
           this->realm == that.realm);
 }
 
diff --git a/chromium/net/base/auth.h b/chromium/net/base/auth.h
index 62a59c8f9fd..ed369f8fc64 100644
--- a/chromium/net/base/auth.h
+++ b/chromium/net/base/auth.h
@@ -9,8 +9,8 @@
 
 #include "base/memory/ref_counted.h"
 #include "base/strings/string16.h"
-#include "net/base/host_port_pair.h"
 #include "net/base/net_export.h"
+#include "url/origin.h"
 
 namespace net {
 
@@ -28,7 +28,7 @@ class NET_EXPORT AuthChallengeInfo :
   bool is_proxy;
 
   // The service issuing the challenge.
-  HostPortPair challenger;
+  url::Origin challenger;
 
   // The authentication scheme used, such as "basic" or "digest". If the
   // |source| is FTP_SERVER, this is an empty string. The encoding is ASCII.
diff --git a/chromium/net/base/backoff_entry_serializer.cc b/chromium/net/base/backoff_entry_serializer.cc
index e7366851f7c..acd6e9f9a7c 100644
--- a/chromium/net/base/backoff_entry_serializer.cc
+++ b/chromium/net/base/backoff_entry_serializer.cc
@@ -19,9 +19,10 @@ const int kSerializationFormatVersion = 1;
 
 namespace net {
 
-scoped_ptr<base::Value> BackoffEntrySerializer::SerializeToValue(
-    const BackoffEntry& entry, base::Time time_now) {
-  scoped_ptr<base::ListValue> serialized(new base::ListValue());
+std::unique_ptr<base::Value> BackoffEntrySerializer::SerializeToValue(
+    const BackoffEntry& entry,
+    base::Time time_now) {
+  std::unique_ptr<base::ListValue> serialized(new base::ListValue());
   serialized->AppendInteger(kSerializationFormatVersion);
 
   serialized->AppendInteger(entry.failure_count());
@@ -39,9 +40,11 @@ scoped_ptr<base::Value> BackoffEntrySerializer::SerializeToValue(
   return std::move(serialized);
 }
 
-scoped_ptr<BackoffEntry> BackoffEntrySerializer::DeserializeFromValue(
-    const base::Value& serialized, const BackoffEntry::Policy* policy,
-    base::TickClock* tick_clock, base::Time time_now) {
+std::unique_ptr<BackoffEntry> BackoffEntrySerializer::DeserializeFromValue(
+    const base::Value& serialized,
+    const BackoffEntry::Policy* policy,
+    base::TickClock* tick_clock,
+    base::Time time_now) {
   const base::ListValue* serialized_list = nullptr;
   if (!serialized.GetAsList(&serialized_list))
     return nullptr;
@@ -69,7 +72,7 @@ scoped_ptr<BackoffEntry> BackoffEntrySerializer::DeserializeFromValue(
     return nullptr;
   }
 
-  scoped_ptr<BackoffEntry> entry(new BackoffEntry(policy, tick_clock));
+  std::unique_ptr<BackoffEntry> entry(new BackoffEntry(policy, tick_clock));
 
   for (int n = 0; n < failure_count; n++)
     entry->InformOfRequest(false);
diff --git a/chromium/net/base/backoff_entry_serializer.h b/chromium/net/base/backoff_entry_serializer.h
index 837265727fb..1ecaf015d70 100644
--- a/chromium/net/base/backoff_entry_serializer.h
+++ b/chromium/net/base/backoff_entry_serializer.h
@@ -5,8 +5,9 @@
 #ifndef NET_BASE_BACKOFF_ENTRY_SERIALIZER_H_
 #define NET_BASE_BACKOFF_ENTRY_SERIALIZER_H_
 
+#include <memory>
+
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/time/time.h"
 #include "net/base/backoff_entry.h"
 #include "net/base/net_export.h"
@@ -30,8 +31,9 @@ class NET_EXPORT BackoffEntrySerializer {
   // be converted to an absolute timestamp, thus the time will continue counting
   // down even whilst the device is powered off, and will be partially
   // vulnerable to changes in the system clock time.
-  static scoped_ptr<base::Value> SerializeToValue(const BackoffEntry& entry,
-                                                  base::Time time_now);
+  static std::unique_ptr<base::Value> SerializeToValue(
+      const BackoffEntry& entry,
+      base::Time time_now);
 
   // Deserializes a ListValue back to a BackoffEntry. |policy| MUST be the same
   // Policy as the serialized entry had. |clock| may be NULL. Both |policy| and
@@ -40,7 +42,7 @@ class NET_EXPORT BackoffEntrySerializer {
   // simulate time changes. The absolute timestamp that was serialized will be
   // converted back to TimeTicks as best as possible. Returns NULL if
   // deserialization was unsuccessful.
-  static scoped_ptr<BackoffEntry> DeserializeFromValue(
+  static std::unique_ptr<BackoffEntry> DeserializeFromValue(
       const base::Value& serialized,
       const BackoffEntry::Policy* policy,
       base::TickClock* clock,
diff --git a/chromium/net/base/backoff_entry_serializer_unittest.cc b/chromium/net/base/backoff_entry_serializer_unittest.cc
index 9799c06e717..3fbd6369ad2 100644
--- a/chromium/net/base/backoff_entry_serializer_unittest.cc
+++ b/chromium/net/base/backoff_entry_serializer_unittest.cc
@@ -48,13 +48,12 @@ TEST(BackoffEntrySerializerTest, SerializeNoFailures) {
   TestTickClock original_ticks;
   original_ticks.set_now(TimeTicks::Now());
   BackoffEntry original(&base_policy, &original_ticks);
-  scoped_ptr<base::Value> serialized =
+  std::unique_ptr<base::Value> serialized =
       BackoffEntrySerializer::SerializeToValue(original, original_time);
 
-  scoped_ptr<BackoffEntry> deserialized =
-      BackoffEntrySerializer::DeserializeFromValue(*serialized, &base_policy,
-                                                   &original_ticks,
-                                                   original_time);
+  std::unique_ptr<BackoffEntry> deserialized =
+      BackoffEntrySerializer::DeserializeFromValue(
+          *serialized, &base_policy, &original_ticks, original_time);
   ASSERT_TRUE(deserialized.get());
   EXPECT_EQ(original.failure_count(), deserialized->failure_count());
   EXPECT_EQ(original.GetReleaseTime(), deserialized->GetReleaseTime());
@@ -67,15 +66,14 @@ TEST(BackoffEntrySerializerTest, SerializeTimeOffsets) {
   // 2 errors.
   original.InformOfRequest(false);
   original.InformOfRequest(false);
-  scoped_ptr<base::Value> serialized =
+  std::unique_ptr<base::Value> serialized =
       BackoffEntrySerializer::SerializeToValue(original, original_time);
 
   {
     // Test that immediate deserialization round-trips.
-    scoped_ptr<BackoffEntry> deserialized =
-        BackoffEntrySerializer::DeserializeFromValue(*serialized, &base_policy,
-                                                     &original_ticks,
-                                                     original_time);
+    std::unique_ptr<BackoffEntry> deserialized =
+        BackoffEntrySerializer::DeserializeFromValue(
+            *serialized, &base_policy, &original_ticks, original_time);
     ASSERT_TRUE(deserialized.get());
     EXPECT_EQ(original.failure_count(), deserialized->failure_count());
     EXPECT_EQ(original.GetReleaseTime(), deserialized->GetReleaseTime());
@@ -85,10 +83,9 @@ TEST(BackoffEntrySerializerTest, SerializeTimeOffsets) {
     // Test deserialization when wall clock has advanced but TimeTicks::Now()
     // hasn't (e.g. device was rebooted).
     Time later_time = original_time + TimeDelta::FromDays(1);
-    scoped_ptr<BackoffEntry> deserialized =
-        BackoffEntrySerializer::DeserializeFromValue(*serialized, &base_policy,
-                                                     &original_ticks,
-                                                     later_time);
+    std::unique_ptr<BackoffEntry> deserialized =
+        BackoffEntrySerializer::DeserializeFromValue(
+            *serialized, &base_policy, &original_ticks, later_time);
     ASSERT_TRUE(deserialized.get());
     EXPECT_EQ(original.failure_count(), deserialized->failure_count());
     // Remaining backoff duration continues decreasing while device is off.
@@ -105,10 +102,9 @@ TEST(BackoffEntrySerializerTest, SerializeTimeOffsets) {
     // hasn't (e.g. it's an hour later, but a DST change cancelled that out).
     TestTickClock later_ticks;
     later_ticks.set_now(TimeTicks() + TimeDelta::FromDays(1));
-    scoped_ptr<BackoffEntry> deserialized =
-        BackoffEntrySerializer::DeserializeFromValue(*serialized, &base_policy,
-                                                     &later_ticks,
-                                                     original_time);
+    std::unique_ptr<BackoffEntry> deserialized =
+        BackoffEntrySerializer::DeserializeFromValue(
+            *serialized, &base_policy, &later_ticks, original_time);
     ASSERT_TRUE(deserialized.get());
     EXPECT_EQ(original.failure_count(), deserialized->failure_count());
     // According to the wall clock, no time has passed. So remaining backoff
@@ -130,7 +126,7 @@ TEST(BackoffEntrySerializerTest, SerializeTimeOffsets) {
     TestTickClock later_ticks;
     later_ticks.set_now(TimeTicks() + TimeDelta::FromDays(1));
     Time later_time = original_time + TimeDelta::FromDays(1);
-    scoped_ptr<BackoffEntry> deserialized =
+    std::unique_ptr<BackoffEntry> deserialized =
         BackoffEntrySerializer::DeserializeFromValue(*serialized, &base_policy,
                                                      &later_ticks, later_time);
     ASSERT_TRUE(deserialized.get());
@@ -148,10 +144,9 @@ TEST(BackoffEntrySerializerTest, SerializeTimeOffsets) {
     // haven't (e.g. the system clock was fast but they fixed it).
     EXPECT_LT(TimeDelta::FromSeconds(1), original.GetTimeUntilRelease());
     Time earlier_time = original_time - TimeDelta::FromSeconds(1);
-    scoped_ptr<BackoffEntry> deserialized =
-        BackoffEntrySerializer::DeserializeFromValue(*serialized, &base_policy,
-                                                     &original_ticks,
-                                                     earlier_time);
+    std::unique_ptr<BackoffEntry> deserialized =
+        BackoffEntrySerializer::DeserializeFromValue(
+            *serialized, &base_policy, &original_ticks, earlier_time);
     ASSERT_TRUE(deserialized.get());
     EXPECT_EQ(original.failure_count(), deserialized->failure_count());
     // If only the absolute wall clock time was serialized, subtracting the
diff --git a/chromium/net/base/chunked_upload_data_stream.cc b/chromium/net/base/chunked_upload_data_stream.cc
index 7ddd9418dbc..8d5a2912bcc 100644
--- a/chromium/net/base/chunked_upload_data_stream.cc
+++ b/chromium/net/base/chunked_upload_data_stream.cc
@@ -5,6 +5,7 @@
 #include "net/base/chunked_upload_data_stream.h"
 
 #include "base/logging.h"
+#include "base/memory/ptr_util.h"
 #include "net/base/io_buffer.h"
 #include "net/base/net_errors.h"
 
@@ -36,9 +37,9 @@ ChunkedUploadDataStream::ChunkedUploadDataStream(int64_t identifier)
 ChunkedUploadDataStream::~ChunkedUploadDataStream() {
 }
 
-scoped_ptr<ChunkedUploadDataStream::Writer>
+std::unique_ptr<ChunkedUploadDataStream::Writer>
 ChunkedUploadDataStream::CreateWriter() {
-  return make_scoped_ptr(new Writer(weak_factory_.GetWeakPtr()));
+  return base::WrapUnique(new Writer(weak_factory_.GetWeakPtr()));
 }
 
 void ChunkedUploadDataStream::AppendData(
@@ -48,7 +49,7 @@ void ChunkedUploadDataStream::AppendData(
   if (data_len > 0) {
     DCHECK(data);
     upload_data_.push_back(
-        make_scoped_ptr(new std::vector<char>(data, data + data_len)));
+        base::WrapUnique(new std::vector<char>(data, data + data_len)));
   }
   all_data_appended_ = is_done;
 
diff --git a/chromium/net/base/chunked_upload_data_stream.h b/chromium/net/base/chunked_upload_data_stream.h
index e8b9cd34f07..f58faf6a09c 100644
--- a/chromium/net/base/chunked_upload_data_stream.h
+++ b/chromium/net/base/chunked_upload_data_stream.h
@@ -8,11 +8,11 @@
 #include <stddef.h>
 #include <stdint.h>
 
+#include <memory>
 #include <vector>
 
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "net/base/completion_callback.h"
 #include "net/base/net_export.h"
@@ -67,7 +67,7 @@ class NET_EXPORT ChunkedUploadDataStream : public UploadDataStream {
   // allowed.  All writers write to the same stream, and once one of them
   // appends data with |is_done| being true, no other writers may be used to
   // append data.
-  scoped_ptr<Writer> CreateWriter();
+  std::unique_ptr<Writer> CreateWriter();
 
   // Adds data to the stream. |is_done| should be true if this is the last
   // data to be appended. |data_len| must not be 0 unless |is_done| is true.
@@ -92,7 +92,7 @@ class NET_EXPORT ChunkedUploadDataStream : public UploadDataStream {
   // True once all data has been appended to the stream.
   bool all_data_appended_;
 
-  std::vector<scoped_ptr<std::vector<char>>> upload_data_;
+  std::vector<std::unique_ptr<std::vector<char>>> upload_data_;
 
   // Buffer to write the next read's data to. Only set when a call to
   // ReadInternal reads no data.
diff --git a/chromium/net/base/chunked_upload_data_stream_unittest.cc b/chromium/net/base/chunked_upload_data_stream_unittest.cc
index 283465106fc..5b0d2164be6 100644
--- a/chromium/net/base/chunked_upload_data_stream_unittest.cc
+++ b/chromium/net/base/chunked_upload_data_stream_unittest.cc
@@ -4,9 +4,9 @@
 
 #include "net/base/chunked_upload_data_stream.h"
 
+#include <memory>
 #include <string>
 
-#include "base/memory/scoped_ptr.h"
 #include "net/base/io_buffer.h"
 #include "net/base/net_errors.h"
 #include "net/base/test_completion_callback.h"
@@ -307,8 +307,10 @@ TEST(ChunkedUploadDataStreamTest, RewindWhileReading) {
 
 // Check the behavior of ChunkedUploadDataStream::Writer.
 TEST(ChunkedUploadDataStreamTest, ChunkedUploadDataStreamWriter) {
-  scoped_ptr<ChunkedUploadDataStream> stream(new ChunkedUploadDataStream(0));
-  scoped_ptr<ChunkedUploadDataStream::Writer> writer(stream->CreateWriter());
+  std::unique_ptr<ChunkedUploadDataStream> stream(
+      new ChunkedUploadDataStream(0));
+  std::unique_ptr<ChunkedUploadDataStream::Writer> writer(
+      stream->CreateWriter());
 
   // Write before Init.
   ASSERT_TRUE(writer->AppendData(kTestData, 1, false));
diff --git a/chromium/net/base/directory_lister.cc b/chromium/net/base/directory_lister.cc
index 352deeb4b74..532ee5db5f8 100644
--- a/chromium/net/base/directory_lister.cc
+++ b/chromium/net/base/directory_lister.cc
@@ -14,8 +14,8 @@
 #include "base/location.h"
 #include "base/logging.h"
 #include "base/task_runner.h"
-#include "base/thread_task_runner_handle.h"
 #include "base/threading/thread_restrictions.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/threading/worker_pool.h"
 #include "net/base/net_errors.h"
 
@@ -111,7 +111,7 @@ void DirectoryLister::Core::CancelOnOriginThread() {
 }
 
 void DirectoryLister::Core::Start() {
-  scoped_ptr<DirectoryList> directory_list(new DirectoryList());
+  std::unique_ptr<DirectoryList> directory_list(new DirectoryList());
 
   if (!base::DirectoryExists(dir_)) {
     origin_task_runner_->PostTask(
@@ -171,7 +171,8 @@ bool DirectoryLister::Core::IsCancelled() const {
 }
 
 void DirectoryLister::Core::DoneOnOriginThread(
-    scoped_ptr<DirectoryList> directory_list, int error) const {
+    std::unique_ptr<DirectoryList> directory_list,
+    int error) const {
   DCHECK(origin_task_runner_->RunsTasksOnCurrentThread());
 
   // Need to check if the operation was before first callback.
diff --git a/chromium/net/base/directory_lister.h b/chromium/net/base/directory_lister.h
index 5a397e465ca..42e93811343 100644
--- a/chromium/net/base/directory_lister.h
+++ b/chromium/net/base/directory_lister.h
@@ -5,6 +5,7 @@
 #ifndef NET_BASE_DIRECTORY_LISTER_H_
 #define NET_BASE_DIRECTORY_LISTER_H_
 
+#include <memory>
 #include <vector>
 
 #include "base/atomicops.h"
@@ -12,7 +13,6 @@
 #include "base/files/file_path.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 
 namespace base {
@@ -105,7 +105,7 @@ class NET_EXPORT DirectoryLister  {
     bool IsCancelled() const;
 
     // Called on origin thread.
-    void DoneOnOriginThread(scoped_ptr<DirectoryList> directory_list,
+    void DoneOnOriginThread(std::unique_ptr<DirectoryList> directory_list,
                             int error) const;
 
     const base::FilePath dir_;
diff --git a/chromium/net/base/directory_lister_unittest.cc b/chromium/net/base/directory_lister_unittest.cc
index 41cdb7af42c..6bb77dfb2f6 100644
--- a/chromium/net/base/directory_lister_unittest.cc
+++ b/chromium/net/base/directory_lister_unittest.cc
@@ -13,7 +13,7 @@
 #include "base/i18n/file_util_icu.h"
 #include "base/run_loop.h"
 #include "base/strings/stringprintf.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/directory_lister.h"
 #include "net/base/net_errors.h"
 #include "testing/gtest/include/gtest/gtest.h"
@@ -234,8 +234,8 @@ TEST_F(DirectoryListerTest, EmptyDirTest) {
 // regression.
 TEST_F(DirectoryListerTest, BasicCancelTest) {
   ListerDelegate delegate(DirectoryLister::ALPHA_DIRS_FIRST);
-  scoped_ptr<DirectoryLister> lister(new DirectoryLister(
-      root_path(), &delegate));
+  std::unique_ptr<DirectoryLister> lister(
+      new DirectoryLister(root_path(), &delegate));
   lister->Start(base::ThreadTaskRunnerHandle::Get().get());
   lister->Cancel();
   base::RunLoop().RunUntilIdle();
diff --git a/chromium/net/base/elements_upload_data_stream.cc b/chromium/net/base/elements_upload_data_stream.cc
index 29b77babb11..bca7d4e7aab 100644
--- a/chromium/net/base/elements_upload_data_stream.cc
+++ b/chromium/net/base/elements_upload_data_stream.cc
@@ -15,7 +15,7 @@
 namespace net {
 
 ElementsUploadDataStream::ElementsUploadDataStream(
-    std::vector<scoped_ptr<UploadElementReader>> element_readers,
+    std::vector<std::unique_ptr<UploadElementReader>> element_readers,
     int64_t identifier)
     : UploadDataStream(false, identifier),
       element_readers_(std::move(element_readers)),
@@ -26,12 +26,12 @@ ElementsUploadDataStream::ElementsUploadDataStream(
 ElementsUploadDataStream::~ElementsUploadDataStream() {
 }
 
-scoped_ptr<UploadDataStream> ElementsUploadDataStream::CreateWithReader(
-    scoped_ptr<UploadElementReader> reader,
+std::unique_ptr<UploadDataStream> ElementsUploadDataStream::CreateWithReader(
+    std::unique_ptr<UploadElementReader> reader,
     int64_t identifier) {
-  std::vector<scoped_ptr<UploadElementReader>> readers;
+  std::vector<std::unique_ptr<UploadElementReader>> readers;
   readers.push_back(std::move(reader));
-  return scoped_ptr<UploadDataStream>(
+  return std::unique_ptr<UploadDataStream>(
       new ElementsUploadDataStream(std::move(readers), identifier));
 }
 
@@ -47,14 +47,14 @@ int ElementsUploadDataStream::ReadInternal(
 }
 
 bool ElementsUploadDataStream::IsInMemory() const {
-  for (const scoped_ptr<UploadElementReader>& it : element_readers_) {
+  for (const std::unique_ptr<UploadElementReader>& it : element_readers_) {
     if (!it->IsInMemory())
       return false;
   }
   return true;
 }
 
-const std::vector<scoped_ptr<UploadElementReader>>*
+const std::vector<std::unique_ptr<UploadElementReader>>*
 ElementsUploadDataStream::GetElementReaders() const {
   return &element_readers_;
 }
@@ -82,7 +82,7 @@ int ElementsUploadDataStream::InitElements(size_t start_index) {
   }
 
   uint64_t total_size = 0;
-  for (const scoped_ptr<UploadElementReader>& it : element_readers_) {
+  for (const std::unique_ptr<UploadElementReader>& it : element_readers_) {
     total_size += it->GetContentLength();
   }
   SetSize(total_size);
diff --git a/chromium/net/base/elements_upload_data_stream.h b/chromium/net/base/elements_upload_data_stream.h
index c3221c2c154..1d4934e14d1 100644
--- a/chromium/net/base/elements_upload_data_stream.h
+++ b/chromium/net/base/elements_upload_data_stream.h
@@ -8,11 +8,11 @@
 #include <stddef.h>
 #include <stdint.h>
 
+#include <memory>
 #include <vector>
 
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "net/base/net_export.h"
 #include "net/base/upload_data_stream.h"
@@ -27,21 +27,21 @@ class UploadElementReader;
 class NET_EXPORT ElementsUploadDataStream : public UploadDataStream {
  public:
   ElementsUploadDataStream(
-      std::vector<scoped_ptr<UploadElementReader>> element_readers,
+      std::vector<std::unique_ptr<UploadElementReader>> element_readers,
       int64_t identifier);
 
   ~ElementsUploadDataStream() override;
 
   // Creates an ElementsUploadDataStream with a single reader.  Returns a
-  // scoped_ptr<UploadDataStream> for ease of use.
-  static scoped_ptr<UploadDataStream> CreateWithReader(
-      scoped_ptr<UploadElementReader> reader,
+  // std::unique_ptr<UploadDataStream> for ease of use.
+  static std::unique_ptr<UploadDataStream> CreateWithReader(
+      std::unique_ptr<UploadElementReader> reader,
       int64_t identifier);
 
  private:
   // UploadDataStream implementation.
   bool IsInMemory() const override;
-  const std::vector<scoped_ptr<UploadElementReader>>* GetElementReaders()
+  const std::vector<std::unique_ptr<UploadElementReader>>* GetElementReaders()
       const override;
   int InitInternal() override;
   int ReadInternal(IOBuffer* buf, int buf_len) override;
@@ -70,7 +70,7 @@ class NET_EXPORT ElementsUploadDataStream : public UploadDataStream {
   void ProcessReadResult(const scoped_refptr<DrainableIOBuffer>& buf,
                          int result);
 
-  std::vector<scoped_ptr<UploadElementReader>> element_readers_;
+  std::vector<std::unique_ptr<UploadElementReader>> element_readers_;
 
   // Index of the current upload element (i.e. the element currently being
   // read). The index is used as a cursor to iterate over elements in
diff --git a/chromium/net/base/elements_upload_data_stream_unittest.cc b/chromium/net/base/elements_upload_data_stream_unittest.cc
index 1671ce7e654..b2d176b4ed8 100644
--- a/chromium/net/base/elements_upload_data_stream_unittest.cc
+++ b/chromium/net/base/elements_upload_data_stream_unittest.cc
@@ -8,6 +8,7 @@
 
 #include <algorithm>
 #include <limits>
+#include <memory>
 #include <vector>
 
 #include "base/bind.h"
@@ -15,11 +16,11 @@
 #include "base/files/file_util.h"
 #include "base/files/scoped_temp_dir.h"
 #include "base/location.h"
-#include "base/memory/scoped_ptr.h"
+#include "base/memory/ptr_util.h"
 #include "base/message_loop/message_loop.h"
 #include "base/run_loop.h"
 #include "base/single_thread_task_runner.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/time/time.h"
 #include "net/base/io_buffer.h"
 #include "net/base/net_errors.h"
@@ -144,11 +145,11 @@ class ElementsUploadDataStreamTest : public PlatformTest {
                          bool error_expected);
 
   base::ScopedTempDir temp_dir_;
-  std::vector<scoped_ptr<UploadElementReader>> element_readers_;
+  std::vector<std::unique_ptr<UploadElementReader>> element_readers_;
 };
 
 TEST_F(ElementsUploadDataStreamTest, EmptyUploadData) {
-  scoped_ptr<UploadDataStream> stream(
+  std::unique_ptr<UploadDataStream> stream(
       new ElementsUploadDataStream(std::move(element_readers_), 0));
   ASSERT_EQ(OK, stream->Init(CompletionCallback()));
   EXPECT_TRUE(stream->IsInMemory());
@@ -159,8 +160,8 @@ TEST_F(ElementsUploadDataStreamTest, EmptyUploadData) {
 
 TEST_F(ElementsUploadDataStreamTest, ConsumeAllBytes) {
   element_readers_.push_back(
-      make_scoped_ptr(new UploadBytesElementReader(kTestData, kTestDataSize)));
-  scoped_ptr<UploadDataStream> stream(
+      base::WrapUnique(new UploadBytesElementReader(kTestData, kTestDataSize)));
+  std::unique_ptr<UploadDataStream> stream(
       new ElementsUploadDataStream(std::move(element_readers_), 0));
   ASSERT_EQ(OK, stream->Init(CompletionCallback()));
   EXPECT_TRUE(stream->IsInMemory());
@@ -184,12 +185,12 @@ TEST_F(ElementsUploadDataStreamTest, File) {
   ASSERT_EQ(static_cast<int>(kTestDataSize),
             base::WriteFile(temp_file_path, kTestData, kTestDataSize));
 
-  element_readers_.push_back(make_scoped_ptr(new UploadFileElementReader(
+  element_readers_.push_back(base::WrapUnique(new UploadFileElementReader(
       base::ThreadTaskRunnerHandle::Get().get(), temp_file_path, 0,
       std::numeric_limits<uint64_t>::max(), base::Time())));
 
   TestCompletionCallback init_callback;
-  scoped_ptr<UploadDataStream> stream(
+  std::unique_ptr<UploadDataStream> stream(
       new ElementsUploadDataStream(std::move(element_readers_), 0));
   ASSERT_EQ(ERR_IO_PENDING, stream->Init(init_callback.callback()));
   ASSERT_EQ(OK, init_callback.WaitForResult());
@@ -220,12 +221,12 @@ TEST_F(ElementsUploadDataStreamTest, FileSmallerThanLength) {
   UploadFileElementReader::ScopedOverridingContentLengthForTests
       overriding_content_length(kFakeSize);
 
-  element_readers_.push_back(make_scoped_ptr(new UploadFileElementReader(
+  element_readers_.push_back(base::WrapUnique(new UploadFileElementReader(
       base::ThreadTaskRunnerHandle::Get().get(), temp_file_path, 0,
       std::numeric_limits<uint64_t>::max(), base::Time())));
 
   TestCompletionCallback init_callback;
-  scoped_ptr<UploadDataStream> stream(
+  std::unique_ptr<UploadDataStream> stream(
       new ElementsUploadDataStream(std::move(element_readers_), 0));
   ASSERT_EQ(ERR_IO_PENDING, stream->Init(init_callback.callback()));
   ASSERT_EQ(OK, init_callback.WaitForResult());
@@ -253,7 +254,7 @@ TEST_F(ElementsUploadDataStreamTest, FileSmallerThanLength) {
 
 TEST_F(ElementsUploadDataStreamTest, ReadErrorSync) {
   // This element cannot be read.
-  scoped_ptr<MockUploadElementReader> reader(
+  std::unique_ptr<MockUploadElementReader> reader(
       new MockUploadElementReader(kTestDataSize, true));
   EXPECT_CALL(*reader, Init(_)).WillOnce(Return(OK));
   reader->SetReadExpectation(ERR_FAILED);
@@ -261,9 +262,9 @@ TEST_F(ElementsUploadDataStreamTest, ReadErrorSync) {
 
   // This element is ignored because of the error from the previous reader.
   element_readers_.push_back(
-      make_scoped_ptr(new UploadBytesElementReader(kTestData, kTestDataSize)));
+      base::WrapUnique(new UploadBytesElementReader(kTestData, kTestDataSize)));
 
-  scoped_ptr<UploadDataStream> stream(
+  std::unique_ptr<UploadDataStream> stream(
       new ElementsUploadDataStream(std::move(element_readers_), 0));
 
   // Run Init().
@@ -289,7 +290,7 @@ TEST_F(ElementsUploadDataStreamTest, ReadErrorSync) {
 
 TEST_F(ElementsUploadDataStreamTest, ReadErrorAsync) {
   // This element cannot be read.
-  scoped_ptr<MockUploadElementReader> reader(
+  std::unique_ptr<MockUploadElementReader> reader(
       new MockUploadElementReader(kTestDataSize, false));
   reader->SetAsyncInitExpectation(OK);
   reader->SetReadExpectation(ERR_FAILED);
@@ -297,9 +298,9 @@ TEST_F(ElementsUploadDataStreamTest, ReadErrorAsync) {
 
   // This element is ignored because of the error from the previous reader.
   element_readers_.push_back(
-      make_scoped_ptr(new UploadBytesElementReader(kTestData, kTestDataSize)));
+      base::WrapUnique(new UploadBytesElementReader(kTestData, kTestDataSize)));
 
-  scoped_ptr<UploadDataStream> stream(
+  std::unique_ptr<UploadDataStream> stream(
       new ElementsUploadDataStream(std::move(element_readers_), 0));
 
   // Run Init().
@@ -336,16 +337,16 @@ TEST_F(ElementsUploadDataStreamTest, FileAndBytes) {
 
   const uint64_t kFileRangeOffset = 1;
   const uint64_t kFileRangeLength = 4;
-  element_readers_.push_back(make_scoped_ptr(new UploadFileElementReader(
+  element_readers_.push_back(base::WrapUnique(new UploadFileElementReader(
       base::ThreadTaskRunnerHandle::Get().get(), temp_file_path,
       kFileRangeOffset, kFileRangeLength, base::Time())));
 
   element_readers_.push_back(
-      make_scoped_ptr(new UploadBytesElementReader(kTestData, kTestDataSize)));
+      base::WrapUnique(new UploadBytesElementReader(kTestData, kTestDataSize)));
 
   const uint64_t kStreamSize = kTestDataSize + kFileRangeLength;
   TestCompletionCallback init_callback;
-  scoped_ptr<UploadDataStream> stream(
+  std::unique_ptr<UploadDataStream> stream(
       new ElementsUploadDataStream(std::move(element_readers_), 0));
   ASSERT_EQ(ERR_IO_PENDING, stream->Init(init_callback.callback()));
   ASSERT_EQ(OK, init_callback.WaitForResult());
@@ -369,32 +370,32 @@ TEST_F(ElementsUploadDataStreamTest, FileAndBytes) {
 // Init() with on-memory and not-on-memory readers.
 TEST_F(ElementsUploadDataStreamTest, InitAsync) {
   // Create UploadDataStream with mock readers.
-  scoped_ptr<MockUploadElementReader> reader(
+  std::unique_ptr<MockUploadElementReader> reader(
       new MockUploadElementReader(kTestDataSize, true));
   EXPECT_CALL(*reader, Init(_)).WillOnce(Return(OK));
   element_readers_.push_back(std::move(reader));
 
-  scoped_ptr<MockUploadElementReader> reader2(
+  std::unique_ptr<MockUploadElementReader> reader2(
       new MockUploadElementReader(kTestDataSize, true));
   EXPECT_CALL(*reader2, Init(_)).WillOnce(Return(OK));
   element_readers_.push_back(std::move(reader2));
 
-  scoped_ptr<MockUploadElementReader> reader3(
+  std::unique_ptr<MockUploadElementReader> reader3(
       new MockUploadElementReader(kTestDataSize, false));
   reader3->SetAsyncInitExpectation(OK);
   element_readers_.push_back(std::move(reader3));
 
-  scoped_ptr<MockUploadElementReader> reader4(
+  std::unique_ptr<MockUploadElementReader> reader4(
       new MockUploadElementReader(kTestDataSize, false));
   reader4->SetAsyncInitExpectation(OK);
   element_readers_.push_back(std::move(reader4));
 
-  scoped_ptr<MockUploadElementReader> reader5(
+  std::unique_ptr<MockUploadElementReader> reader5(
       new MockUploadElementReader(kTestDataSize, true));
   EXPECT_CALL(*reader5, Init(_)).WillOnce(Return(OK));
   element_readers_.push_back(std::move(reader5));
 
-  scoped_ptr<UploadDataStream> stream(
+  std::unique_ptr<UploadDataStream> stream(
       new ElementsUploadDataStream(std::move(element_readers_), 0));
 
   // Run Init().
@@ -406,12 +407,12 @@ TEST_F(ElementsUploadDataStreamTest, InitAsync) {
 // Init() of a reader fails asynchronously.
 TEST_F(ElementsUploadDataStreamTest, InitAsyncFailureAsync) {
   // Create UploadDataStream with a mock reader.
-  scoped_ptr<MockUploadElementReader> reader(
+  std::unique_ptr<MockUploadElementReader> reader(
       new MockUploadElementReader(kTestDataSize, false));
   reader->SetAsyncInitExpectation(ERR_FAILED);
   element_readers_.push_back(std::move(reader));
 
-  scoped_ptr<UploadDataStream> stream(
+  std::unique_ptr<UploadDataStream> stream(
       new ElementsUploadDataStream(std::move(element_readers_), 0));
 
   // Run Init().
@@ -423,17 +424,17 @@ TEST_F(ElementsUploadDataStreamTest, InitAsyncFailureAsync) {
 // Init() of a reader fails synchronously.
 TEST_F(ElementsUploadDataStreamTest, InitAsyncFailureSync) {
   // Create UploadDataStream with mock readers.
-  scoped_ptr<MockUploadElementReader> reader(
+  std::unique_ptr<MockUploadElementReader> reader(
       new MockUploadElementReader(kTestDataSize, false));
   reader->SetAsyncInitExpectation(OK);
   element_readers_.push_back(std::move(reader));
 
-  scoped_ptr<MockUploadElementReader> reader2(
+  std::unique_ptr<MockUploadElementReader> reader2(
       new MockUploadElementReader(kTestDataSize, true));
   EXPECT_CALL(*reader2, Init(_)).WillOnce(Return(ERR_FAILED));
   element_readers_.push_back(std::move(reader2));
 
-  scoped_ptr<UploadDataStream> stream(
+  std::unique_ptr<UploadDataStream> stream(
       new ElementsUploadDataStream(std::move(element_readers_), 0));
 
   // Run Init().
@@ -445,8 +446,8 @@ TEST_F(ElementsUploadDataStreamTest, InitAsyncFailureSync) {
 // Read with a buffer whose size is same as the data.
 TEST_F(ElementsUploadDataStreamTest, ReadAsyncWithExactSizeBuffer) {
   element_readers_.push_back(
-      make_scoped_ptr(new UploadBytesElementReader(kTestData, kTestDataSize)));
-  scoped_ptr<UploadDataStream> stream(
+      base::WrapUnique(new UploadBytesElementReader(kTestData, kTestDataSize)));
+  std::unique_ptr<UploadDataStream> stream(
       new ElementsUploadDataStream(std::move(element_readers_), 0));
 
   ASSERT_EQ(OK, stream->Init(CompletionCallback()));
@@ -464,31 +465,31 @@ TEST_F(ElementsUploadDataStreamTest, ReadAsyncWithExactSizeBuffer) {
 // Async Read() with on-memory and not-on-memory readers.
 TEST_F(ElementsUploadDataStreamTest, ReadAsync) {
   // Create UploadDataStream with mock readers.
-  scoped_ptr<MockUploadElementReader> reader(
+  std::unique_ptr<MockUploadElementReader> reader(
       new MockUploadElementReader(kTestDataSize, true));
   EXPECT_CALL(*reader, Init(_)).WillOnce(Return(OK));
   reader->SetReadExpectation(kTestDataSize);
   element_readers_.push_back(std::move(reader));
 
-  scoped_ptr<MockUploadElementReader> reader2(
+  std::unique_ptr<MockUploadElementReader> reader2(
       new MockUploadElementReader(kTestDataSize, false));
   reader2->SetAsyncInitExpectation(OK);
   reader2->SetReadExpectation(kTestDataSize);
   element_readers_.push_back(std::move(reader2));
 
-  scoped_ptr<MockUploadElementReader> reader3(
+  std::unique_ptr<MockUploadElementReader> reader3(
       new MockUploadElementReader(kTestDataSize, true));
   EXPECT_CALL(*reader3, Init(_)).WillOnce(Return(OK));
   reader3->SetReadExpectation(kTestDataSize);
   element_readers_.push_back(std::move(reader3));
 
-  scoped_ptr<MockUploadElementReader> reader4(
+  std::unique_ptr<MockUploadElementReader> reader4(
       new MockUploadElementReader(kTestDataSize, false));
   reader4->SetAsyncInitExpectation(OK);
   reader4->SetReadExpectation(kTestDataSize);
   element_readers_.push_back(std::move(reader4));
 
-  scoped_ptr<UploadDataStream> stream(
+  std::unique_ptr<UploadDataStream> stream(
       new ElementsUploadDataStream(std::move(element_readers_), 0));
 
   // Run Init().
@@ -526,12 +527,12 @@ void ElementsUploadDataStreamTest::FileChangedHelper(
     bool error_expected) {
   // Don't use element_readers_ here, as this function is called twice, and
   // reusing element_readers_ is wrong.
-  std::vector<scoped_ptr<UploadElementReader>> element_readers;
-  element_readers.push_back(make_scoped_ptr(new UploadFileElementReader(
+  std::vector<std::unique_ptr<UploadElementReader>> element_readers;
+  element_readers.push_back(base::WrapUnique(new UploadFileElementReader(
       base::ThreadTaskRunnerHandle::Get().get(), file_path, 1, 2, time)));
 
   TestCompletionCallback init_callback;
-  scoped_ptr<UploadDataStream> stream(
+  std::unique_ptr<UploadDataStream> stream(
       new ElementsUploadDataStream(std::move(element_readers), 0));
   ASSERT_EQ(ERR_IO_PENDING, stream->Init(init_callback.callback()));
   int error_code = init_callback.WaitForResult();
@@ -569,11 +570,11 @@ TEST_F(ElementsUploadDataStreamTest, MultipleInit) {
 
   // Prepare data.
   element_readers_.push_back(
-      make_scoped_ptr(new UploadBytesElementReader(kTestData, kTestDataSize)));
-  element_readers_.push_back(make_scoped_ptr(new UploadFileElementReader(
+      base::WrapUnique(new UploadBytesElementReader(kTestData, kTestDataSize)));
+  element_readers_.push_back(base::WrapUnique(new UploadFileElementReader(
       base::ThreadTaskRunnerHandle::Get().get(), temp_file_path, 0,
       std::numeric_limits<uint64_t>::max(), base::Time())));
-  scoped_ptr<UploadDataStream> stream(
+  std::unique_ptr<UploadDataStream> stream(
       new ElementsUploadDataStream(std::move(element_readers_), 0));
 
   std::string expected_data(kTestData, kTestData + kTestDataSize);
@@ -612,11 +613,11 @@ TEST_F(ElementsUploadDataStreamTest, MultipleInitAsync) {
 
   // Prepare data.
   element_readers_.push_back(
-      make_scoped_ptr(new UploadBytesElementReader(kTestData, kTestDataSize)));
-  element_readers_.push_back(make_scoped_ptr(new UploadFileElementReader(
+      base::WrapUnique(new UploadBytesElementReader(kTestData, kTestDataSize)));
+  element_readers_.push_back(base::WrapUnique(new UploadFileElementReader(
       base::ThreadTaskRunnerHandle::Get().get(), temp_file_path, 0,
       std::numeric_limits<uint64_t>::max(), base::Time())));
-  scoped_ptr<UploadDataStream> stream(
+  std::unique_ptr<UploadDataStream> stream(
       new ElementsUploadDataStream(std::move(element_readers_), 0));
 
   std::string expected_data(kTestData, kTestData + kTestDataSize);
@@ -652,11 +653,11 @@ TEST_F(ElementsUploadDataStreamTest, InitToReset) {
 
   // Prepare data.
   element_readers_.push_back(
-      make_scoped_ptr(new UploadBytesElementReader(kTestData, kTestDataSize)));
-  element_readers_.push_back(make_scoped_ptr(new UploadFileElementReader(
+      base::WrapUnique(new UploadBytesElementReader(kTestData, kTestDataSize)));
+  element_readers_.push_back(base::WrapUnique(new UploadFileElementReader(
       base::ThreadTaskRunnerHandle::Get().get(), temp_file_path, 0,
       std::numeric_limits<uint64_t>::max(), base::Time())));
-  scoped_ptr<UploadDataStream> stream(
+  std::unique_ptr<UploadDataStream> stream(
       new ElementsUploadDataStream(std::move(element_readers_), 0));
 
   std::vector<char> expected_data(kTestData, kTestData + kTestDataSize);
@@ -708,11 +709,11 @@ TEST_F(ElementsUploadDataStreamTest, InitDuringAsyncInit) {
 
   // Prepare data.
   element_readers_.push_back(
-      make_scoped_ptr(new UploadBytesElementReader(kTestData, kTestDataSize)));
-  element_readers_.push_back(make_scoped_ptr(new UploadFileElementReader(
+      base::WrapUnique(new UploadBytesElementReader(kTestData, kTestDataSize)));
+  element_readers_.push_back(base::WrapUnique(new UploadFileElementReader(
       base::ThreadTaskRunnerHandle::Get().get(), temp_file_path, 0,
       std::numeric_limits<uint64_t>::max(), base::Time())));
-  scoped_ptr<UploadDataStream> stream(
+  std::unique_ptr<UploadDataStream> stream(
       new ElementsUploadDataStream(std::move(element_readers_), 0));
 
   std::vector<char> expected_data(kTestData, kTestData + kTestDataSize);
@@ -754,11 +755,11 @@ TEST_F(ElementsUploadDataStreamTest, InitDuringAsyncRead) {
 
   // Prepare data.
   element_readers_.push_back(
-      make_scoped_ptr(new UploadBytesElementReader(kTestData, kTestDataSize)));
-  element_readers_.push_back(make_scoped_ptr(new UploadFileElementReader(
+      base::WrapUnique(new UploadBytesElementReader(kTestData, kTestDataSize)));
+  element_readers_.push_back(base::WrapUnique(new UploadFileElementReader(
       base::ThreadTaskRunnerHandle::Get().get(), temp_file_path, 0,
       std::numeric_limits<uint64_t>::max(), base::Time())));
-  scoped_ptr<UploadDataStream> stream(
+  std::unique_ptr<UploadDataStream> stream(
       new ElementsUploadDataStream(std::move(element_readers_), 0));
 
   std::vector<char> expected_data(kTestData, kTestData + kTestDataSize);
diff --git a/chromium/net/base/escape.cc b/chromium/net/base/escape.cc
index fc7d5cf0fc8..9f22778f0a5 100644
--- a/chromium/net/base/escape.cc
+++ b/chromium/net/base/escape.cc
@@ -5,9 +5,9 @@
 #include "net/base/escape.h"
 
 #include <algorithm>
+#include <memory>
 
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_piece.h"
 #include "base/strings/string_util.h"
 #include "base/strings/utf_offset_string_conversions.h"
diff --git a/chromium/net/base/file_stream.h b/chromium/net/base/file_stream.h
index fc4b1a4bfa1..18871965d23 100644
--- a/chromium/net/base/file_stream.h
+++ b/chromium/net/base/file_stream.h
@@ -12,9 +12,10 @@
 
 #include <stdint.h>
 
+#include <memory>
+
 #include "base/files/file.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/completion_callback.h"
 #include "net/base/net_export.h"
 
@@ -151,7 +152,7 @@ class NET_EXPORT FileStream {
   // before completion of an async operation. Also if a FileStream is destroyed
   // without explicitly calling Close, the file should be closed asynchronously
   // without delaying FileStream's destructor.
-  scoped_ptr<Context> context_;
+  std::unique_ptr<Context> context_;
 
   DISALLOW_COPY_AND_ASSIGN(FileStream);
 };
diff --git a/chromium/net/base/file_stream_context_win.cc b/chromium/net/base/file_stream_context_win.cc
index 0294a1aa486..5028f195993 100644
--- a/chromium/net/base/file_stream_context_win.cc
+++ b/chromium/net/base/file_stream_context_win.cc
@@ -12,7 +12,7 @@
 #include "base/logging.h"
 #include "base/single_thread_task_runner.h"
 #include "base/task_runner.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/threading/worker_pool.h"
 #include "net/base/io_buffer.h"
 #include "net/base/net_errors.h"
@@ -40,14 +40,10 @@ FileStream::Context::Context(const scoped_refptr<base::TaskRunner>& task_runner)
     : async_in_progress_(false),
       orphaned_(false),
       task_runner_(task_runner),
-      io_context_(),
       async_read_initiated_(false),
       async_read_completed_(false),
       io_complete_for_read_received_(false),
-      result_(0) {
-  io_context_.handler = this;
-  memset(&io_context_.overlapped, 0, sizeof(io_context_.overlapped));
-}
+      result_(0) {}
 
 FileStream::Context::Context(base::File file,
                              const scoped_refptr<base::TaskRunner>& task_runner)
@@ -55,13 +51,10 @@ FileStream::Context::Context(base::File file,
       async_in_progress_(false),
       orphaned_(false),
       task_runner_(task_runner),
-      io_context_(),
       async_read_initiated_(false),
       async_read_completed_(false),
       io_complete_for_read_received_(false),
       result_(0) {
-  io_context_.handler = this;
-  memset(&io_context_.overlapped, 0, sizeof(io_context_.overlapped));
   if (file_.IsValid()) {
     DCHECK(file_.async());
     OnFileOpened();
diff --git a/chromium/net/base/file_stream_unittest.cc b/chromium/net/base/file_stream_unittest.cc
index a67a91cae1d..6a41d4e7d1c 100644
--- a/chromium/net/base/file_stream_unittest.cc
+++ b/chromium/net/base/file_stream_unittest.cc
@@ -18,8 +18,8 @@
 #include "base/synchronization/waitable_event.h"
 #include "base/test/sequenced_worker_pool_owner.h"
 #include "base/test/test_timeouts.h"
-#include "base/thread_task_runner_handle.h"
 #include "base/threading/thread_restrictions.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/io_buffer.h"
 #include "net/base/net_errors.h"
 #include "net/base/test_completion_callback.h"
@@ -89,7 +89,7 @@ TEST_F(FileStreamTest, OpenExplicitClose) {
 
 TEST_F(FileStreamTest, OpenExplicitCloseOrphaned) {
   TestCompletionCallback callback;
-  scoped_ptr<FileStream> stream(
+  std::unique_ptr<FileStream> stream(
       new FileStream(base::ThreadTaskRunnerHandle::Get()));
   int flags = base::File::FLAG_OPEN | base::File::FLAG_READ |
               base::File::FLAG_ASYNC;
@@ -118,7 +118,7 @@ TEST_F(FileStreamTest, UseFileHandle) {
   base::File file(temp_file_path(), flags);
 
   // Seek to the beginning of the file and read.
-  scoped_ptr<FileStream> read_stream(
+  std::unique_ptr<FileStream> read_stream(
       new FileStream(std::move(file), base::ThreadTaskRunnerHandle::Get()));
   ASSERT_EQ(ERR_IO_PENDING, read_stream->Seek(0, callback64.callback()));
   ASSERT_EQ(0, callback64.WaitForResult());
@@ -136,7 +136,7 @@ TEST_F(FileStreamTest, UseFileHandle) {
           base::File::FLAG_ASYNC;
   file.Initialize(temp_file_path(), flags);
 
-  scoped_ptr<FileStream> write_stream(
+  std::unique_ptr<FileStream> write_stream(
       new FileStream(std::move(file), base::ThreadTaskRunnerHandle::Get()));
   ASSERT_EQ(ERR_IO_PENDING, write_stream->Seek(0, callback64.callback()));
   ASSERT_EQ(0, callback64.WaitForResult());
@@ -204,7 +204,7 @@ TEST_F(FileStreamTest, Read_EarlyDelete) {
   int64_t file_size;
   EXPECT_TRUE(base::GetFileSize(temp_file_path(), &file_size));
 
-  scoped_ptr<FileStream> stream(
+  std::unique_ptr<FileStream> stream(
       new FileStream(base::ThreadTaskRunnerHandle::Get()));
   int flags = base::File::FLAG_OPEN | base::File::FLAG_READ |
               base::File::FLAG_ASYNC;
@@ -289,7 +289,7 @@ TEST_F(FileStreamTest, Write) {
 }
 
 TEST_F(FileStreamTest, Write_EarlyDelete) {
-  scoped_ptr<FileStream> stream(
+  std::unique_ptr<FileStream> stream(
       new FileStream(base::ThreadTaskRunnerHandle::Get()));
   int flags = base::File::FLAG_CREATE_ALWAYS | base::File::FLAG_WRITE |
               base::File::FLAG_ASYNC;
@@ -359,7 +359,7 @@ TEST_F(FileStreamTest, BasicReadWrite) {
   int64_t file_size;
   EXPECT_TRUE(base::GetFileSize(temp_file_path(), &file_size));
 
-  scoped_ptr<FileStream> stream(
+  std::unique_ptr<FileStream> stream(
       new FileStream(base::ThreadTaskRunnerHandle::Get()));
   int flags = base::File::FLAG_OPEN | base::File::FLAG_READ |
               base::File::FLAG_WRITE | base::File::FLAG_ASYNC;
@@ -412,7 +412,7 @@ TEST_F(FileStreamTest, BasicWriteRead) {
   int64_t file_size;
   EXPECT_TRUE(base::GetFileSize(temp_file_path(), &file_size));
 
-  scoped_ptr<FileStream> stream(
+  std::unique_ptr<FileStream> stream(
       new FileStream(base::ThreadTaskRunnerHandle::Get()));
   int flags = base::File::FLAG_OPEN | base::File::FLAG_READ |
               base::File::FLAG_WRITE | base::File::FLAG_ASYNC;
@@ -581,7 +581,7 @@ TEST_F(FileStreamTest, WriteRead) {
   int64_t file_size;
   EXPECT_TRUE(base::GetFileSize(temp_file_path(), &file_size));
 
-  scoped_ptr<FileStream> stream(
+  std::unique_ptr<FileStream> stream(
       new FileStream(base::ThreadTaskRunnerHandle::Get()));
   int flags = base::File::FLAG_OPEN | base::File::FLAG_READ |
               base::File::FLAG_WRITE | base::File::FLAG_ASYNC;
@@ -687,7 +687,7 @@ TEST_F(FileStreamTest, WriteClose) {
   int64_t file_size;
   EXPECT_TRUE(base::GetFileSize(temp_file_path(), &file_size));
 
-  scoped_ptr<FileStream> stream(
+  std::unique_ptr<FileStream> stream(
       new FileStream(base::ThreadTaskRunnerHandle::Get()));
   int flags = base::File::FLAG_OPEN | base::File::FLAG_READ |
               base::File::FLAG_WRITE | base::File::FLAG_ASYNC;
@@ -720,7 +720,7 @@ TEST_F(FileStreamTest, OpenAndDelete) {
   base::SequencedWorkerPoolOwner pool_owner(1, "StreamTest");
 
   bool prev = base::ThreadRestrictions::SetIOAllowed(false);
-  scoped_ptr<FileStream> stream(new FileStream(pool_owner.pool()));
+  std::unique_ptr<FileStream> stream(new FileStream(pool_owner.pool()));
   int flags = base::File::FLAG_OPEN | base::File::FLAG_WRITE |
               base::File::FLAG_ASYNC;
   TestCompletionCallback open_callback;
@@ -732,7 +732,7 @@ TEST_F(FileStreamTest, OpenAndDelete) {
   stream.reset();
 
   // Force an operation through the pool.
-  scoped_ptr<FileStream> stream2(new FileStream(pool_owner.pool()));
+  std::unique_ptr<FileStream> stream2(new FileStream(pool_owner.pool()));
   TestCompletionCallback open_callback2;
   rv = stream2->Open(temp_file_path(), flags, open_callback2.callback());
   EXPECT_EQ(OK, open_callback2.GetResult(rv));
@@ -753,7 +753,7 @@ TEST_F(FileStreamTest, WriteError) {
   base::File file(temp_file_path(), flags);
   ASSERT_TRUE(file.IsValid());
 
-  scoped_ptr<FileStream> stream(
+  std::unique_ptr<FileStream> stream(
       new FileStream(std::move(file), base::ThreadTaskRunnerHandle::Get()));
 
   scoped_refptr<IOBuffer> buf = new IOBuffer(1);
@@ -778,7 +778,7 @@ TEST_F(FileStreamTest, ReadError) {
   base::File file(temp_file_path(), flags);
   ASSERT_TRUE(file.IsValid());
 
-  scoped_ptr<FileStream> stream(
+  std::unique_ptr<FileStream> stream(
       new FileStream(std::move(file), base::ThreadTaskRunnerHandle::Get()));
 
   scoped_refptr<IOBuffer> buf = new IOBuffer(1);
diff --git a/chromium/net/base/fuzzed_data_provider.cc b/chromium/net/base/fuzzed_data_provider.cc
new file mode 100644
index 00000000000..c822a3a8593
--- /dev/null
+++ b/chromium/net/base/fuzzed_data_provider.cc
@@ -0,0 +1,69 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/base/fuzzed_data_provider.h"
+
+#include <algorithm>
+#include <limits>
+
+#include "base/logging.h"
+
+namespace net {
+
+FuzzedDataProvider::FuzzedDataProvider(const uint8_t* data, size_t size)
+    : remaining_data_(reinterpret_cast<const char*>(data), size) {}
+
+FuzzedDataProvider::~FuzzedDataProvider() {}
+
+base::StringPiece FuzzedDataProvider::ConsumeBytes(size_t num_bytes) {
+  num_bytes = std::min(num_bytes, remaining_data_.length());
+  base::StringPiece result(remaining_data_.data(), num_bytes);
+  remaining_data_ = remaining_data_.substr(num_bytes);
+  return result;
+}
+
+base::StringPiece FuzzedDataProvider::ConsumeRemainingBytes() {
+  return ConsumeBytes(remaining_data_.length());
+}
+
+uint32_t FuzzedDataProvider::ConsumeValueInRange(uint32_t min, uint32_t max) {
+  CHECK_LE(min, max);
+
+  uint32_t range = max - min;
+  uint32_t offset = 0;
+  uint32_t result = 0;
+
+  while ((range >> offset) > 0 && !remaining_data_.empty()) {
+    // Pull bytes off the end of the seed data. Experimentally, this seems to
+    // allow the fuzzer to more easily explore the input space. This makes
+    // sense, since it works by modifying inputs that caused new code to run,
+    // and this data is often used to encode length of data read by
+    // ConsumeBytes. Separating out read lengths makes it easier modify the
+    // contents of the data that is actually read.
+    uint8_t next_byte = remaining_data_.back();
+    remaining_data_.remove_suffix(1);
+    result = (result << 8) | next_byte;
+    offset += 8;
+  }
+
+  // Avoid division by 0, in the case |range + 1| results in overflow.
+  if (range == std::numeric_limits<uint32_t>::max())
+    return result;
+
+  return min + result % (range + 1);
+}
+
+bool FuzzedDataProvider::ConsumeBool() {
+  return (ConsumeUint8() & 0x01) == 0x01;
+}
+
+uint8_t FuzzedDataProvider::ConsumeUint8() {
+  return ConsumeValueInRange(0, 0xFF);
+}
+
+uint16_t FuzzedDataProvider::ConsumeUint16() {
+  return ConsumeValueInRange(0, 0xFFFF);
+}
+
+}  // namespace net
diff --git a/chromium/net/base/fuzzed_data_provider.h b/chromium/net/base/fuzzed_data_provider.h
new file mode 100644
index 00000000000..47a45061cdf
--- /dev/null
+++ b/chromium/net/base/fuzzed_data_provider.h
@@ -0,0 +1,65 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_BASE_FUZZED_DATA_PROVIDER_H
+#define NET_BASE_FUZZED_DATA_PROVIDER_H
+
+#include <stdint.h>
+
+#include "base/macros.h"
+#include "base/strings/string_piece.h"
+
+namespace net {
+
+// Utility class to break up fuzzer input for multiple consumers. Whenever run
+// on the same input, provides the same output, as long as its methods are
+// called in the same order, with the same arguments.
+class FuzzedDataProvider {
+ public:
+  // |data| is an array of length |size| that the FuzzedDataProvider wraps to
+  // provide more granular access. |data| must outlive the FuzzedDataProvider.
+  FuzzedDataProvider(const uint8_t* data, size_t size);
+  ~FuzzedDataProvider();
+
+  // Returns a StringPiece containing |num_bytes| of input data. If fewer than
+  // |num_bytes| of data remain, returns a shorter StringPiece containing all
+  // of the data that's left. The data pointed at by the returned StringPiece
+  // must not be used after the FuzzedDataProvider is destroyed.
+  base::StringPiece ConsumeBytes(size_t num_bytes);
+
+  // Returns a StringPiece containing all remaining bytes of the input data.
+  // The data pointed at by the returned StringPiece must not be used after the
+  // FuzzedDataProvider is destroyed.
+  base::StringPiece ConsumeRemainingBytes();
+
+  // Returns an unsigned number in the range [min, max] by consuming bytes from
+  // the input data. The value might not be uniformly distributed in the given
+  // range. If there's no input data left, always returns |min|. |min| must be
+  // less than or equal to |max|.
+  uint32_t ConsumeValueInRange(uint32_t min, uint32_t max);
+
+  // Returns a bool, or false when no data remains.
+  bool ConsumeBool();
+
+  // Returns a uint8_t from the input or 0 if nothing remains. This is
+  // equivalent to ConsumeValueInRange(0, 0xFF).
+  uint8_t ConsumeUint8();
+
+  // Returns a uint16_t from the input. If fewer than 2 bytes of data remain
+  // will fill the most significant bytes with 0. This is equivalent to
+  // ConsumeValueInRange(0, 0xFFFF).
+  uint16_t ConsumeUint16();
+
+  // Reports the remaining bytes available for fuzzed input.
+  size_t remaining_bytes() { return remaining_data_.length(); }
+
+ private:
+  base::StringPiece remaining_data_;
+
+  DISALLOW_COPY_AND_ASSIGN(FuzzedDataProvider);
+};
+
+}  // namespace net
+
+#endif  // NET_BASE_FUZZED_DATA_PROVIDER_H
diff --git a/chromium/net/base/fuzzer_test_support.cc b/chromium/net/base/fuzzer_test_support.cc
index 1c185c6d82c..f355c8808e6 100644
--- a/chromium/net/base/fuzzer_test_support.cc
+++ b/chromium/net/base/fuzzer_test_support.cc
@@ -4,22 +4,36 @@
 
 #include "base/at_exit.h"
 #include "base/i18n/icu_util.h"
+#include "base/logging.h"
+#include "base/message_loop/message_loop.h"
+#include "base/metrics/statistics_recorder.h"
 
 namespace {
 
-// This translation unit provides a static initializer to set up ICU.
-//
-// ICU is used internally by GURL, which is used throughout the //net code.
-// Initializing ICU is important to prevent fuzztests from asserting when
-// handling non-ASCII urls.
+// Set up globals that a number of network tests use.
 //
 // Note that in general static initializers are not allowed, however this is
 // just being used by test code.
-struct InitICU {
-  InitICU() { CHECK(base::i18n::InitializeICU()); }
+struct InitGlobals {
+  InitGlobals() {
+    // Set up ICU. ICU is used internally by GURL, which is used throughout the
+    // //net code. Initializing ICU is important to prevent fuzztests from
+    // asserting when handling non-ASCII urls.
+    CHECK(base::i18n::InitializeICU());
+
+    // Prevent every call to get a Histogram* from leaking memory. Instead, only
+    // the fist call to get each Histogram* leaks memory.
+    base::StatisticsRecorder::Initialize();
+  }
+
+  // A number of tests use async code which depends on there being a message
+  // loop.  Setting one up here allows tests to reuse the message loop between
+  // runs.
+  base::MessageLoopForIO message_loop;
+
   base::AtExitManager at_exit_manager;
 };
 
-InitICU* init_icu = new InitICU();
+InitGlobals* init_globals = new InitGlobals();
 
 }  // namespace
diff --git a/chromium/net/base/hash_value.cc b/chromium/net/base/hash_value.cc
index f72aa454df6..0f109405ae4 100644
--- a/chromium/net/base/hash_value.cc
+++ b/chromium/net/base/hash_value.cc
@@ -26,14 +26,6 @@ int CompareSHA1Hashes(const void* a, const void* b) {
 }  // namespace
 
 
-bool SHA1HashValue::Equals(const SHA1HashValue& other) const {
-  return memcmp(data, other.data, sizeof(data)) == 0;
-}
-
-bool SHA256HashValue::Equals(const SHA256HashValue& other) const {
-  return memcmp(data, other.data, sizeof(data)) == 0;
-}
-
 HashValue::HashValue(const SHA1HashValue& hash) : HashValue(HASH_VALUE_SHA1) {
   fingerprint.sha1 = hash;
 }
@@ -43,20 +35,6 @@ HashValue::HashValue(const SHA256HashValue& hash)
   fingerprint.sha256 = hash;
 }
 
-bool HashValue::Equals(const HashValue& other) const {
-  if (tag != other.tag)
-    return false;
-  switch (tag) {
-    case HASH_VALUE_SHA1:
-      return fingerprint.sha1.Equals(other.fingerprint.sha1);
-    case HASH_VALUE_SHA256:
-      return fingerprint.sha256.Equals(other.fingerprint.sha256);
-    default:
-      NOTREACHED() << "Unknown HashValueTag " << tag;
-      return false;
-  }
-}
-
 bool HashValue::FromString(const base::StringPiece value) {
   base::StringPiece base64_str;
   if (value.starts_with("sha1/")) {
diff --git a/chromium/net/base/hash_value.h b/chromium/net/base/hash_value.h
index a0e1d84d400..87337824667 100644
--- a/chromium/net/base/hash_value.h
+++ b/chromium/net/base/hash_value.h
@@ -19,17 +19,29 @@
 namespace net {
 
 struct NET_EXPORT SHA1HashValue {
-  bool Equals(const SHA1HashValue& other) const;
-
   unsigned char data[20];
 };
 
-struct NET_EXPORT SHA256HashValue {
-  bool Equals(const SHA256HashValue& other) const;
+inline bool operator==(const SHA1HashValue& lhs, const SHA1HashValue& rhs) {
+  return memcmp(lhs.data, rhs.data, sizeof(lhs.data)) == 0;
+}
 
+inline bool operator!=(const SHA1HashValue& lhs, const SHA1HashValue& rhs) {
+  return !(lhs == rhs);
+}
+
+struct NET_EXPORT SHA256HashValue {
   unsigned char data[32];
 };
 
+inline bool operator==(const SHA256HashValue& lhs, const SHA256HashValue& rhs) {
+  return memcmp(lhs.data, rhs.data, sizeof(lhs.data)) == 0;
+}
+
+inline bool operator!=(const SHA256HashValue& lhs, const SHA256HashValue& rhs) {
+  return !(lhs == rhs);
+}
+
 enum HashValueTag {
   HASH_VALUE_SHA1,
   HASH_VALUE_SHA256,
@@ -42,14 +54,6 @@ class NET_EXPORT HashValue {
   explicit HashValue(HashValueTag tag) : tag(tag) {}
   HashValue() : tag(HASH_VALUE_SHA1) {}
 
-  // Check for equality of hash values
-  // This function may have VARIABLE timing which leaks information
-  // about its inputs.  For example it may exit early once a
-  // nonequal character is discovered.  Thus, for security reasons
-  // this function MUST NOT be used with secret values (such as
-  // password hashes, MAC tags, etc.)
-  bool Equals(const HashValue& other) const;
-
   // Serializes/Deserializes hashes in the form of
   // <hash-name>"/"<base64-hash-value>
   // (eg: "sha1/...")
@@ -82,6 +86,14 @@ class NET_EXPORT HashValue {
   } fingerprint;
 };
 
+inline bool operator==(const HashValue& lhs, const HashValue& rhs) {
+  return lhs.tag == rhs.tag && memcmp(lhs.data(), rhs.data(), lhs.size()) == 0;
+}
+
+inline bool operator!=(const HashValue& lhs, const HashValue& rhs) {
+  return !(lhs == rhs);
+}
+
 typedef std::vector<HashValue> HashValueVector;
 
 
@@ -101,18 +113,6 @@ class SHA256HashValueLessThan {
   }
 };
 
-class HashValuesEqual {
-  public:
-  explicit HashValuesEqual(const HashValue& fingerprint) :
-      fingerprint_(fingerprint) {}
-
-  bool operator()(const HashValue& other) const {
-    return fingerprint_.Equals(other);
-  }
-
-  const HashValue& fingerprint_;
-};
-
 // IsSHA256HashInSortedArray returns true iff |hash| is in |array|, a sorted
 // array of SHA256 hashes.
 bool IsSHA256HashInSortedArray(const SHA256HashValue& hash,
diff --git a/chromium/net/base/host_port_pair.cc b/chromium/net/base/host_port_pair.cc
index 441a35965d8..3bdfc5de62c 100644
--- a/chromium/net/base/host_port_pair.cc
+++ b/chromium/net/base/host_port_pair.cc
@@ -38,7 +38,7 @@ HostPortPair HostPortPair::FromString(const std::string& str) {
   if (key_port.size() != 2)
     return HostPortPair();
   int port;
-  if (!ParseNonNegativeDecimalInt(key_port[1], &port))
+  if (!ParseInt32(key_port[1], ParseIntFormat::NON_NEGATIVE, &port))
     return HostPortPair();
   if (!IsPortValid(port))
     return HostPortPair();
diff --git a/chromium/net/base/io_buffer.cc b/chromium/net/base/io_buffer.cc
index 3ab762aad22..02c0d8e20b1 100644
--- a/chromium/net/base/io_buffer.cc
+++ b/chromium/net/base/io_buffer.cc
@@ -80,7 +80,7 @@ StringIOBuffer::StringIOBuffer(const std::string& s)
   data_ = const_cast<char*>(string_data_.data());
 }
 
-StringIOBuffer::StringIOBuffer(scoped_ptr<std::string> s)
+StringIOBuffer::StringIOBuffer(std::unique_ptr<std::string> s)
     : IOBuffer(static_cast<char*>(NULL)) {
   AssertValidBufferSize(s->size());
   string_data_.swap(*s.get());
diff --git a/chromium/net/base/io_buffer.h b/chromium/net/base/io_buffer.h
index 9285791adeb..62240aaa4c1 100644
--- a/chromium/net/base/io_buffer.h
+++ b/chromium/net/base/io_buffer.h
@@ -7,11 +7,11 @@
 
 #include <stddef.h>
 
+#include <memory>
 #include <string>
 
 #include "base/memory/free_deleter.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/pickle.h"
 #include "net/base/net_export.h"
 
@@ -81,7 +81,7 @@ class NET_EXPORT IOBuffer : public base::RefCountedThreadSafe<IOBuffer> {
   explicit IOBuffer(int buffer_size);
   explicit IOBuffer(size_t buffer_size);
 
-  char* data() { return data_; }
+  char* data() const { return data_; }
 
  protected:
   friend class base::RefCountedThreadSafe<IOBuffer>;
@@ -125,7 +125,7 @@ class NET_EXPORT IOBufferWithSize : public IOBuffer {
 class NET_EXPORT StringIOBuffer : public IOBuffer {
  public:
   explicit StringIOBuffer(const std::string& s);
-  explicit StringIOBuffer(scoped_ptr<std::string> s);
+  explicit StringIOBuffer(std::unique_ptr<std::string> s);
 
   int size() const { return static_cast<int>(string_data_.size()); }
 
@@ -217,7 +217,7 @@ class NET_EXPORT GrowableIOBuffer : public IOBuffer {
  private:
   ~GrowableIOBuffer() override;
 
-  scoped_ptr<char, base::FreeDeleter> real_data_;
+  std::unique_ptr<char, base::FreeDeleter> real_data_;
   int capacity_;
   int offset_;
 };
diff --git a/chromium/net/base/ip_address.cc b/chromium/net/base/ip_address.cc
index 722e3703f35..cf18650fd7c 100644
--- a/chromium/net/base/ip_address.cc
+++ b/chromium/net/base/ip_address.cc
@@ -4,18 +4,138 @@
 
 #include "net/base/ip_address.h"
 
+#include <limits.h>
+
 #include "base/strings/string_piece.h"
 #include "base/strings/string_split.h"
-#include "net/base/ip_address_number.h"
+#include "base/strings/stringprintf.h"
 #include "net/base/parse_number.h"
 #include "url/gurl.h"
 #include "url/url_canon_ip.h"
 
+namespace {
+
+// The prefix for IPv6 mapped IPv4 addresses.
+// https://tools.ietf.org/html/rfc4291#section-2.5.5.2
+const uint8_t kIPv4MappedPrefix[] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF};
+
+// Note that this function assumes:
+// * |ip_address| is at least |prefix_length_in_bits| (bits) long;
+// * |ip_prefix| is at least |prefix_length_in_bits| (bits) long.
+bool IPAddressPrefixCheck(const std::vector<uint8_t>& ip_address,
+                          const uint8_t* ip_prefix,
+                          size_t prefix_length_in_bits) {
+  // Compare all the bytes that fall entirely within the prefix.
+  size_t num_entire_bytes_in_prefix = prefix_length_in_bits / 8;
+  for (size_t i = 0; i < num_entire_bytes_in_prefix; ++i) {
+    if (ip_address[i] != ip_prefix[i])
+      return false;
+  }
+
+  // In case the prefix was not a multiple of 8, there will be 1 byte
+  // which is only partially masked.
+  size_t remaining_bits = prefix_length_in_bits % 8;
+  if (remaining_bits != 0) {
+    uint8_t mask = 0xFF << (8 - remaining_bits);
+    size_t i = num_entire_bytes_in_prefix;
+    if ((ip_address[i] & mask) != (ip_prefix[i] & mask))
+      return false;
+  }
+  return true;
+}
+
+// Returns true if |ip_address| matches any of the reserved IPv4 ranges. This
+// method operates on a blacklist of reserved IPv4 ranges. Some ranges are
+// consolidated.
+// Sources for info:
+// www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xhtml
+// www.iana.org/assignments/iana-ipv4-special-registry/
+// iana-ipv4-special-registry.xhtml
+bool IsReservedIPv4(const std::vector<uint8_t>& ip_address) {
+  // Different IP versions have different range reservations.
+  DCHECK_EQ(net::IPAddress::kIPv4AddressSize, ip_address.size());
+  struct {
+    const uint8_t address[4];
+    size_t prefix_length_in_bits;
+  } static const kReservedIPv4Ranges[] = {
+      {{0, 0, 0, 0}, 8},     {{10, 0, 0, 0}, 8},      {{100, 64, 0, 0}, 10},
+      {{127, 0, 0, 0}, 8},   {{169, 254, 0, 0}, 16},  {{172, 16, 0, 0}, 12},
+      {{192, 0, 2, 0}, 24},  {{192, 88, 99, 0}, 24},  {{192, 168, 0, 0}, 16},
+      {{198, 18, 0, 0}, 15}, {{198, 51, 100, 0}, 24}, {{203, 0, 113, 0}, 24},
+      {{224, 0, 0, 0}, 3}};
+
+  for (const auto& range : kReservedIPv4Ranges) {
+    if (IPAddressPrefixCheck(ip_address, range.address,
+                             range.prefix_length_in_bits)) {
+      return true;
+    }
+  }
+
+  return false;
+}
+
+// Returns true if |ip_address| matches any of the reserved IPv6 ranges. This
+// method operates on a whitelist of non-reserved IPv6 ranges. All IPv6
+// addresses outside these ranges are reserved.
+// Sources for info:
+// www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xhtml
+bool IsReservedIPv6(const std::vector<uint8_t>& ip_address) {
+  // Different IP versions have different range reservations.
+  DCHECK_EQ(net::IPAddress::kIPv6AddressSize, ip_address.size());
+  struct {
+    const uint8_t address_prefix[2];
+    size_t prefix_length_in_bits;
+  } static const kPublicIPv6Ranges[] = {
+      // 2000::/3  -- Global Unicast
+      {{0x20, 0}, 3},
+      // ff00::/8  -- Multicast
+      {{0xff, 0}, 8},
+  };
+
+  for (const auto& range : kPublicIPv6Ranges) {
+    if (IPAddressPrefixCheck(ip_address, range.address_prefix,
+                             range.prefix_length_in_bits)) {
+      return false;
+    }
+  }
+
+  return true;
+}
+
+bool ParseIPLiteralToBytes(const base::StringPiece& ip_literal,
+                           std::vector<uint8_t>* bytes) {
+  // |ip_literal| could be either an IPv4 or an IPv6 literal. If it contains
+  // a colon however, it must be an IPv6 address.
+  if (ip_literal.find(':') != base::StringPiece::npos) {
+    // GURL expects IPv6 hostnames to be surrounded with brackets.
+    std::string host_brackets = "[";
+    ip_literal.AppendToString(&host_brackets);
+    host_brackets.push_back(']');
+    url::Component host_comp(0, host_brackets.size());
+
+    // Try parsing the hostname as an IPv6 literal.
+    bytes->resize(16);  // 128 bits.
+    return url::IPv6AddressToNumber(host_brackets.data(), host_comp,
+                                    bytes->data());
+  }
+
+  // Otherwise the string is an IPv4 address.
+  bytes->resize(4);  // 32 bits.
+  url::Component host_comp(0, ip_literal.size());
+  int num_components;
+  url::CanonHostInfo::Family family = url::IPv4AddressToNumber(
+      ip_literal.data(), host_comp, bytes->data(), &num_components);
+  return family == url::CanonHostInfo::IPV4;
+}
+
+}  // namespace
+
 namespace net {
 
 IPAddress::IPAddress() {}
 
-IPAddress::IPAddress(const IPAddressNumber& address) : ip_address_(address) {}
+IPAddress::IPAddress(const std::vector<uint8_t>& address)
+    : ip_address_(address) {}
 
 IPAddress::IPAddress(const IPAddress& other) = default;
 
@@ -66,7 +186,12 @@ bool IPAddress::IsValid() const {
 }
 
 bool IPAddress::IsReserved() const {
-  return IsIPAddressReserved(ip_address_);
+  if (IsIPv4()) {
+    return IsReservedIPv4(ip_address_);
+  } else if (IsIPv6()) {
+    return IsReservedIPv6(ip_address_);
+  }
+  return false;
 }
 
 bool IPAddress::IsZero() const {
@@ -79,16 +204,13 @@ bool IPAddress::IsZero() const {
 }
 
 bool IPAddress::IsIPv4MappedIPv6() const {
-  return net::IsIPv4Mapped(ip_address_);
-}
-
-std::string IPAddress::ToString() const {
-  return IPAddressToString(ip_address_);
+  return IsIPv6() && IPAddressStartsWith(*this, kIPv4MappedPrefix);
 }
 
 bool IPAddress::AssignFromIPLiteral(const base::StringPiece& ip_literal) {
   std::vector<uint8_t> number;
-  if (!ParseIPLiteralToNumber(ip_literal, &number))
+
+  if (!ParseIPLiteralToBytes(ip_literal, &number))
     return false;
 
   std::swap(number, ip_address_);
@@ -140,27 +262,81 @@ bool IPAddress::operator<(const IPAddress& that) const {
   return ip_address_ < that.ip_address_;
 }
 
+std::string IPAddress::ToString() const {
+  std::string str;
+  url::StdStringCanonOutput output(&str);
+
+  if (IsIPv4()) {
+    url::AppendIPv4Address(ip_address_.data(), &output);
+  } else if (IsIPv6()) {
+    url::AppendIPv6Address(ip_address_.data(), &output);
+  }
+
+  output.Complete();
+  return str;
+}
+
 std::string IPAddressToStringWithPort(const IPAddress& address, uint16_t port) {
-  return IPAddressToStringWithPort(address.bytes(), port);
+  std::string address_str = address.ToString();
+  if (address_str.empty())
+    return address_str;
+
+  if (address.IsIPv6()) {
+    // Need to bracket IPv6 addresses since they contain colons.
+    return base::StringPrintf("[%s]:%d", address_str.c_str(), port);
+  }
+  return base::StringPrintf("%s:%d", address_str.c_str(), port);
 }
 
 std::string IPAddressToPackedString(const IPAddress& address) {
-  return IPAddressToPackedString(address.bytes());
+  return std::string(reinterpret_cast<const char*>(address.bytes().data()),
+                     address.size());
 }
 
 IPAddress ConvertIPv4ToIPv4MappedIPv6(const IPAddress& address) {
-  return IPAddress(ConvertIPv4NumberToIPv6Number(address.bytes()));
+  DCHECK(address.IsIPv4());
+  // IPv4-mapped addresses are formed by:
+  // <80 bits of zeros>  + <16 bits of ones> + <32-bit IPv4 address>.
+  std::vector<uint8_t> bytes;
+  bytes.reserve(16);
+  bytes.insert(bytes.end(), std::begin(kIPv4MappedPrefix),
+               std::end(kIPv4MappedPrefix));
+  bytes.insert(bytes.end(), address.bytes().begin(), address.bytes().end());
+  return IPAddress(bytes);
 }
 
 IPAddress ConvertIPv4MappedIPv6ToIPv4(const IPAddress& address) {
-  return IPAddress(ConvertIPv4MappedToIPv4(address.bytes()));
+  DCHECK(address.IsIPv4MappedIPv6());
+
+  return IPAddress(std::vector<uint8_t>(
+      address.bytes().begin() + arraysize(kIPv4MappedPrefix),
+      address.bytes().end()));
 }
 
 bool IPAddressMatchesPrefix(const IPAddress& ip_address,
                             const IPAddress& ip_prefix,
                             size_t prefix_length_in_bits) {
-  return IPNumberMatchesPrefix(ip_address.bytes(), ip_prefix.bytes(),
-                               prefix_length_in_bits);
+  // Both the input IP address and the prefix IP address should be either IPv4
+  // or IPv6.
+  DCHECK(ip_address.IsValid());
+  DCHECK(ip_prefix.IsValid());
+
+  DCHECK_LE(prefix_length_in_bits, ip_prefix.size() * 8);
+
+  // In case we have an IPv6 / IPv4 mismatch, convert the IPv4 addresses to
+  // IPv6 addresses in order to do the comparison.
+  if (ip_address.size() != ip_prefix.size()) {
+    if (ip_address.IsIPv4()) {
+      return IPAddressMatchesPrefix(ConvertIPv4ToIPv4MappedIPv6(ip_address),
+                                    ip_prefix, prefix_length_in_bits);
+    }
+    return IPAddressMatchesPrefix(ip_address,
+                                  ConvertIPv4ToIPv4MappedIPv6(ip_prefix),
+                                  96 + prefix_length_in_bits);
+  }
+
+  return IPAddressPrefixCheck(ip_address.bytes(), ip_prefix.bytes().data(),
+                              prefix_length_in_bits);
 }
 
 bool ParseCIDRBlock(const std::string& cidr_literal,
@@ -180,20 +356,19 @@ bool ParseCIDRBlock(const std::string& cidr_literal,
     return false;
 
   // Parse the prefix length.
-  int number_of_bits = -1;
-  if (!ParseNonNegativeDecimalInt(parts[1], &number_of_bits))
+  uint32_t number_of_bits;
+  if (!ParseUint32(parts[1], &number_of_bits))
     return false;
 
   // Make sure the prefix length is in a valid range.
-  if (number_of_bits < 0 ||
-      number_of_bits > static_cast<int>(ip_address->size() * 8))
+  if (number_of_bits > ip_address->size() * 8)
     return false;
 
-  *prefix_length_in_bits = static_cast<size_t>(number_of_bits);
+  *prefix_length_in_bits = number_of_bits;
   return true;
 }
 
-bool ParseURLHostnameToAddress(const std::string& hostname,
+bool ParseURLHostnameToAddress(const base::StringPiece& hostname,
                                IPAddress* ip_address) {
   if (hostname.size() >= 2 && hostname.front() == '[' &&
       hostname.back() == ']') {
@@ -207,11 +382,24 @@ bool ParseURLHostnameToAddress(const std::string& hostname,
 }
 
 unsigned CommonPrefixLength(const IPAddress& a1, const IPAddress& a2) {
-  return CommonPrefixLength(a1.bytes(), a2.bytes());
+  DCHECK_EQ(a1.size(), a2.size());
+  for (size_t i = 0; i < a1.size(); ++i) {
+    unsigned diff = a1.bytes()[i] ^ a2.bytes()[i];
+    if (!diff)
+      continue;
+    for (unsigned j = 0; j < CHAR_BIT; ++j) {
+      if (diff & (1 << (CHAR_BIT - 1)))
+        return i * CHAR_BIT + j;
+      diff <<= 1;
+    }
+    NOTREACHED();
+  }
+  return a1.size() * CHAR_BIT;
 }
 
 unsigned MaskPrefixLength(const IPAddress& mask) {
-  return MaskPrefixLength(mask.bytes());
+  std::vector<uint8_t> all_ones(mask.size(), 0xFF);
+  return CommonPrefixLength(mask, IPAddress(all_ones));
 }
 
 }  // namespace net
diff --git a/chromium/net/base/ip_address.h b/chromium/net/base/ip_address.h
index 2f9d7aba90c..f095384a2c0 100644
--- a/chromium/net/base/ip_address.h
+++ b/chromium/net/base/ip_address.h
@@ -13,7 +13,6 @@
 
 #include "base/compiler_specific.h"
 #include "base/strings/string_piece.h"
-#include "net/base/ip_address_number.h"
 #include "net/base/net_export.h"
 
 namespace net {
@@ -25,8 +24,9 @@ class NET_EXPORT IPAddress {
   // Creates a zero-sized, invalid address.
   IPAddress();
 
-  // Creates an IP address from a deprecated IPAddressNumber.
-  explicit IPAddress(const IPAddressNumber& address);
+  // Copies the input address to |ip_address_|. The input is expected to be in
+  // network byte order.
+  explicit IPAddress(const std::vector<uint8_t>& address);
 
   IPAddress(const IPAddress& other);
 
@@ -75,7 +75,7 @@ class NET_EXPORT IPAddress {
   // only checks the address length.
   bool IsValid() const;
 
-  // Returns true if an IP address hostname is in a range reserved by the IANA.
+  // Returns true if the IP is in a range reserved by the IANA.
   // Works with both IPv4 and IPv6 addresses, and only compares against a given
   // protocols's reserved ranges.
   bool IsReserved() const;
@@ -134,10 +134,6 @@ class NET_EXPORT IPAddress {
 
 using IPAddressList = std::vector<IPAddress>;
 
-// TODO(Martijnc): These utility functions currently forward the calls to
-// the IPAddressNumber implementations. Move the implementations over when
-// the IPAddressNumber migration is complete. https://crbug.com/496258.
-
 // Returns the canonical string representation of an IP address along with its
 // port. For example: "192.168.0.1:99" or "[::1]:80".
 NET_EXPORT std::string IPAddressToStringWithPort(const IPAddress& address,
@@ -186,15 +182,16 @@ NET_EXPORT bool ParseCIDRBlock(const std::string& cidr_literal,
 // Returns true on success, and fills |ip_address| with the numeric value.
 // In other words, |hostname| must be an IPv4 literal, or an IPv6 literal
 // surrounded by brackets as in [::1].
-NET_EXPORT bool ParseURLHostnameToAddress(const std::string& hostname,
+NET_EXPORT bool ParseURLHostnameToAddress(const base::StringPiece& hostname,
                                           IPAddress* ip_address)
     WARN_UNUSED_RESULT;
 
 // Returns number of matching initial bits between the addresses |a1| and |a2|.
-unsigned CommonPrefixLength(const IPAddress& a1, const IPAddress& a2);
+NET_EXPORT unsigned CommonPrefixLength(const IPAddress& a1,
+                                       const IPAddress& a2);
 
 // Computes the number of leading 1-bits in |mask|.
-unsigned MaskPrefixLength(const IPAddress& mask);
+NET_EXPORT unsigned MaskPrefixLength(const IPAddress& mask);
 
 // Checks whether |address| starts with |prefix|. This provides similar
 // functionality as IPAddressMatchesPrefix() but doesn't perform automatic IPv4
diff --git a/chromium/net/base/ip_address_number.cc b/chromium/net/base/ip_address_number.cc
deleted file mode 100644
index e9913140ae3..00000000000
--- a/chromium/net/base/ip_address_number.cc
+++ /dev/null
@@ -1,246 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "net/base/ip_address_number.h"
-
-#include <limits.h>
-
-#include "base/logging.h"
-#include "base/strings/string_number_conversions.h"
-#include "base/strings/string_piece.h"
-#include "base/strings/string_split.h"
-#include "base/strings/string_util.h"
-#include "base/strings/stringprintf.h"
-#include "url/gurl.h"
-#include "url/url_canon_ip.h"
-
-namespace net {
-
-namespace {
-
-bool IPNumberPrefixCheck(const IPAddressNumber& ip_number,
-                         const unsigned char* ip_prefix,
-                         size_t prefix_length_in_bits) {
-  // Compare all the bytes that fall entirely within the prefix.
-  int num_entire_bytes_in_prefix = prefix_length_in_bits / 8;
-  for (int i = 0; i < num_entire_bytes_in_prefix; ++i) {
-    if (ip_number[i] != ip_prefix[i])
-      return false;
-  }
-
-  // In case the prefix was not a multiple of 8, there will be 1 byte
-  // which is only partially masked.
-  int remaining_bits = prefix_length_in_bits % 8;
-  if (remaining_bits != 0) {
-    unsigned char mask = 0xFF << (8 - remaining_bits);
-    int i = num_entire_bytes_in_prefix;
-    if ((ip_number[i] & mask) != (ip_prefix[i] & mask))
-      return false;
-  }
-  return true;
-}
-
-}  // namespace
-
-// Don't compare IPv4 and IPv6 addresses (they have different range
-// reservations). Keep separate reservation arrays for each IP type, and
-// consolidate adjacent reserved ranges within a reservation array when
-// possible.
-// Sources for info:
-// www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xhtml
-// www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xhtml
-// They're formatted here with the prefix as the last element. For example:
-// 10.0.0.0/8 becomes 10,0,0,0,8 and fec0::/10 becomes 0xfe,0xc0,0,0,0...,10.
-bool IsIPAddressReserved(const IPAddressNumber& host_addr) {
-  static const unsigned char kReservedIPv4[][5] = {
-      { 0,0,0,0,8 }, { 10,0,0,0,8 }, { 100,64,0,0,10 }, { 127,0,0,0,8 },
-      { 169,254,0,0,16 }, { 172,16,0,0,12 }, { 192,0,2,0,24 },
-      { 192,88,99,0,24 }, { 192,168,0,0,16 }, { 198,18,0,0,15 },
-      { 198,51,100,0,24 }, { 203,0,113,0,24 }, { 224,0,0,0,3 }
-  };
-  static const unsigned char kReservedIPv6[][17] = {
-      { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8 },
-      { 0x40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2 },
-      { 0x80,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2 },
-      { 0xc0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3 },
-      { 0xe0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4 },
-      { 0xf0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5 },
-      { 0xf8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6 },
-      { 0xfc,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7 },
-      { 0xfe,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9 },
-      { 0xfe,0x80,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10 },
-      { 0xfe,0xc0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10 },
-  };
-  size_t array_size = 0;
-  const unsigned char* array = NULL;
-  switch (host_addr.size()) {
-    case kIPv4AddressSize:
-      array_size = arraysize(kReservedIPv4);
-      array = kReservedIPv4[0];
-      break;
-    case kIPv6AddressSize:
-      array_size = arraysize(kReservedIPv6);
-      array = kReservedIPv6[0];
-      break;
-  }
-  if (!array)
-    return false;
-  size_t width = host_addr.size() + 1;
-  for (size_t i = 0; i < array_size; ++i, array += width) {
-    if (IPNumberPrefixCheck(host_addr, array, array[width-1]))
-      return true;
-  }
-  return false;
-}
-
-std::string IPAddressToString(const uint8_t* address, size_t address_len) {
-  std::string str;
-  url::StdStringCanonOutput output(&str);
-
-  if (address_len == kIPv4AddressSize) {
-    url::AppendIPv4Address(address, &output);
-  } else if (address_len == kIPv6AddressSize) {
-    url::AppendIPv6Address(address, &output);
-  }
-
-  output.Complete();
-  return str;
-}
-
-std::string IPAddressToStringWithPort(const uint8_t* address,
-                                      size_t address_len,
-                                      uint16_t port) {
-  std::string address_str = IPAddressToString(address, address_len);
-  if (address_str.empty())
-    return address_str;
-
-  if (address_len == kIPv6AddressSize) {
-    // Need to bracket IPv6 addresses since they contain colons.
-    return base::StringPrintf("[%s]:%d", address_str.c_str(), port);
-  }
-  return base::StringPrintf("%s:%d", address_str.c_str(), port);
-}
-
-std::string IPAddressToString(const IPAddressNumber& addr) {
-  return IPAddressToString(addr.data(), addr.size());
-}
-
-std::string IPAddressToStringWithPort(const IPAddressNumber& addr,
-                                      uint16_t port) {
-  return IPAddressToStringWithPort(addr.data(), addr.size(), port);
-}
-
-std::string IPAddressToPackedString(const IPAddressNumber& addr) {
-  return std::string(reinterpret_cast<const char*>(addr.data()), addr.size());
-}
-
-bool ParseIPLiteralToNumber(const base::StringPiece& ip_literal,
-                            IPAddressNumber* ip_number) {
-  // |ip_literal| could be either a IPv4 or an IPv6 literal. If it contains
-  // a colon however, it must be an IPv6 address.
-  if (ip_literal.find(':') != base::StringPiece::npos) {
-    // GURL expects IPv6 hostnames to be surrounded with brackets.
-    std::string host_brackets = "[";
-    ip_literal.AppendToString(&host_brackets);
-    host_brackets.push_back(']');
-    url::Component host_comp(0, host_brackets.size());
-
-    // Try parsing the hostname as an IPv6 literal.
-    ip_number->resize(16);  // 128 bits.
-    return url::IPv6AddressToNumber(host_brackets.data(), host_comp,
-                                    &(*ip_number)[0]);
-  }
-
-  // Otherwise the string is an IPv4 address.
-  ip_number->resize(4);  // 32 bits.
-  url::Component host_comp(0, ip_literal.size());
-  int num_components;
-  url::CanonHostInfo::Family family = url::IPv4AddressToNumber(
-      ip_literal.data(), host_comp, &(*ip_number)[0], &num_components);
-  return family == url::CanonHostInfo::IPV4;
-}
-
-namespace {
-
-const unsigned char kIPv4MappedPrefix[] =
-    { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF };
-}
-
-IPAddressNumber ConvertIPv4NumberToIPv6Number(
-    const IPAddressNumber& ipv4_number) {
-  DCHECK(ipv4_number.size() == 4);
-
-  // IPv4-mapped addresses are formed by:
-  // <80 bits of zeros>  + <16 bits of ones> + <32-bit IPv4 address>.
-  IPAddressNumber ipv6_number;
-  ipv6_number.reserve(16);
-  ipv6_number.insert(ipv6_number.end(),
-                     kIPv4MappedPrefix,
-                     kIPv4MappedPrefix + arraysize(kIPv4MappedPrefix));
-  ipv6_number.insert(ipv6_number.end(), ipv4_number.begin(), ipv4_number.end());
-  return ipv6_number;
-}
-
-bool IsIPv4Mapped(const IPAddressNumber& address) {
-  if (address.size() != kIPv6AddressSize)
-    return false;
-  return std::equal(address.begin(),
-                    address.begin() + arraysize(kIPv4MappedPrefix),
-                    kIPv4MappedPrefix);
-}
-
-IPAddressNumber ConvertIPv4MappedToIPv4(const IPAddressNumber& address) {
-  DCHECK(IsIPv4Mapped(address));
-  return IPAddressNumber(address.begin() + arraysize(kIPv4MappedPrefix),
-                         address.end());
-}
-
-bool IPNumberMatchesPrefix(const IPAddressNumber& ip_number,
-                           const IPAddressNumber& ip_prefix,
-                           size_t prefix_length_in_bits) {
-  // Both the input IP address and the prefix IP address should be
-  // either IPv4 or IPv6.
-  DCHECK(ip_number.size() == 4 || ip_number.size() == 16);
-  DCHECK(ip_prefix.size() == 4 || ip_prefix.size() == 16);
-
-  DCHECK_LE(prefix_length_in_bits, ip_prefix.size() * 8);
-
-  // In case we have an IPv6 / IPv4 mismatch, convert the IPv4 addresses to
-  // IPv6 addresses in order to do the comparison.
-  if (ip_number.size() != ip_prefix.size()) {
-    if (ip_number.size() == 4) {
-      return IPNumberMatchesPrefix(ConvertIPv4NumberToIPv6Number(ip_number),
-                                   ip_prefix, prefix_length_in_bits);
-    }
-    return IPNumberMatchesPrefix(ip_number,
-                                 ConvertIPv4NumberToIPv6Number(ip_prefix),
-                                 96 + prefix_length_in_bits);
-  }
-
-  return IPNumberPrefixCheck(ip_number, &ip_prefix[0], prefix_length_in_bits);
-}
-
-unsigned CommonPrefixLength(const IPAddressNumber& a1,
-                            const IPAddressNumber& a2) {
-  DCHECK_EQ(a1.size(), a2.size());
-  for (size_t i = 0; i < a1.size(); ++i) {
-    unsigned diff = a1[i] ^ a2[i];
-    if (!diff)
-      continue;
-    for (unsigned j = 0; j < CHAR_BIT; ++j) {
-      if (diff & (1 << (CHAR_BIT - 1)))
-        return i * CHAR_BIT + j;
-      diff <<= 1;
-    }
-    NOTREACHED();
-  }
-  return a1.size() * CHAR_BIT;
-}
-
-unsigned MaskPrefixLength(const IPAddressNumber& mask) {
-  IPAddressNumber all_ones(mask.size(), 0xFF);
-  return CommonPrefixLength(mask, all_ones);
-}
-
-}  // namespace net
diff --git a/chromium/net/base/ip_address_number.h b/chromium/net/base/ip_address_number.h
deleted file mode 100644
index 8c997e4efc8..00000000000
--- a/chromium/net/base/ip_address_number.h
+++ /dev/null
@@ -1,102 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef NET_BASE_IP_ADDRESS_NUMBER_H_
-#define NET_BASE_IP_ADDRESS_NUMBER_H_
-
-#include <stddef.h>
-#include <stdint.h>
-
-#include <string>
-#include <vector>
-
-#include "base/strings/string_piece.h"
-#include "net/base/net_export.h"
-
-namespace net {
-
-// IPAddressNumber is used to represent an IP address's numeric value as an
-// array of bytes, from most significant to least significant. This is the
-// network byte ordering.
-//
-// IPv4 addresses will have length 4, whereas IPv6 address will have length 16.
-//
-// TODO(Martijnc): Remove the IPAddressNumber typedef. New code should use
-// IPAddress instead and existing code should be switched over.
-// https://crbug.com/496258
-typedef std::vector<unsigned char> IPAddressNumber;
-
-static const size_t kIPv4AddressSize = 4;
-static const size_t kIPv6AddressSize = 16;
-
-// Returns true if an IP address hostname is in a range reserved by the IANA.
-// Works with both IPv4 and IPv6 addresses, and only compares against a given
-// protocols's reserved ranges.
-NET_EXPORT bool IsIPAddressReserved(const IPAddressNumber& address);
-
-// Returns the string representation of an IP address.
-// For example: "192.168.0.1" or "::1". Returns the empty string when |address|
-// is invalid.
-NET_EXPORT std::string IPAddressToString(const uint8_t* address,
-                                         size_t address_len);
-
-// Returns the string representation of an IP address along with its port.
-// For example: "192.168.0.1:99" or "[::1]:80". Returns the empty string when
-// |address| is invalid (the port will be ignored).
-NET_EXPORT std::string IPAddressToStringWithPort(const uint8_t* address,
-                                                 size_t address_len,
-                                                 uint16_t port);
-
-// Same as IPAddressToString() but for an IPAddressNumber.
-NET_EXPORT std::string IPAddressToString(const IPAddressNumber& addr);
-
-// Same as IPAddressToStringWithPort() but for an IPAddressNumber.
-NET_EXPORT std::string IPAddressToStringWithPort(const IPAddressNumber& addr,
-                                                 uint16_t port);
-
-// Returns the address as a sequence of bytes in network-byte-order.
-NET_EXPORT std::string IPAddressToPackedString(const IPAddressNumber& addr);
-
-// Parses an IP address literal (either IPv4 or IPv6) to its numeric value.
-// Returns true on success and fills |ip_number| with the numeric value.
-NET_EXPORT bool ParseIPLiteralToNumber(const base::StringPiece& ip_literal,
-                                       IPAddressNumber* ip_number);
-
-// Converts an IPv4 address to an IPv4-mapped IPv6 address.
-// For example 192.168.0.1 would be converted to ::ffff:192.168.0.1.
-NET_EXPORT_PRIVATE IPAddressNumber ConvertIPv4NumberToIPv6Number(
-    const IPAddressNumber& ipv4_number);
-
-// Returns true iff |address| is an IPv4-mapped IPv6 address.
-NET_EXPORT_PRIVATE bool IsIPv4Mapped(const IPAddressNumber& address);
-
-// Converts an IPv4-mapped IPv6 address to IPv4 address. Should only be called
-// on IPv4-mapped IPv6 addresses.
-NET_EXPORT_PRIVATE IPAddressNumber ConvertIPv4MappedToIPv4(
-    const IPAddressNumber& address);
-
-// Compares an IP address to see if it falls within the specified IP block.
-// Returns true if it does, false otherwise.
-//
-// The IP block is given by (|ip_prefix|, |prefix_length_in_bits|) -- any
-// IP address whose |prefix_length_in_bits| most significant bits match
-// |ip_prefix| will be matched.
-//
-// In cases when an IPv4 address is being compared to an IPv6 address prefix
-// and vice versa, the IPv4 addresses will be converted to IPv4-mapped
-// (IPv6) addresses.
-NET_EXPORT_PRIVATE bool IPNumberMatchesPrefix(const IPAddressNumber& ip_number,
-                                              const IPAddressNumber& ip_prefix,
-                                              size_t prefix_length_in_bits);
-
-// Returns number of matching initial bits between the addresses |a1| and |a2|.
-unsigned CommonPrefixLength(const IPAddressNumber& a1,
-                            const IPAddressNumber& a2);
-
-// Computes the number of leading 1-bits in |mask|.
-unsigned MaskPrefixLength(const IPAddressNumber& mask);
-
-}  // namespace net
-
-#endif  // NET_BASE_IP_ADDRESS_NUMBER_H_
diff --git a/chromium/net/base/ip_address_number_unittest.cc b/chromium/net/base/ip_address_number_unittest.cc
deleted file mode 100644
index f7975d6d9bd..00000000000
--- a/chromium/net/base/ip_address_number_unittest.cc
+++ /dev/null
@@ -1,168 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "net/base/ip_address_number.h"
-
-#include "base/format_macros.h"
-#include "base/strings/string_number_conversions.h"
-#include "base/strings/stringprintf.h"
-#include "testing/gtest/include/gtest/gtest.h"
-
-namespace net {
-
-namespace {
-
-// Helper to strignize an IP number (used to define expectations).
-std::string DumpIPNumber(const IPAddressNumber& v) {
-  std::string out;
-  for (size_t i = 0; i < v.size(); ++i) {
-    if (i != 0)
-      out.append(",");
-    out.append(base::IntToString(static_cast<int>(v[i])));
-  }
-  return out;
-}
-
-TEST(IpAddressNumberTest, IPAddressToString) {
-  uint8_t addr1[4] = {0, 0, 0, 0};
-  EXPECT_EQ("0.0.0.0", IPAddressToString(addr1, sizeof(addr1)));
-
-  uint8_t addr2[4] = {192, 168, 0, 1};
-  EXPECT_EQ("192.168.0.1", IPAddressToString(addr2, sizeof(addr2)));
-
-  uint8_t addr3[16] = {0xFE, 0xDC, 0xBA, 0x98};
-  EXPECT_EQ("fedc:ba98::", IPAddressToString(addr3, sizeof(addr3)));
-
-  // IPAddressToString() shouldn't crash on invalid addresses.
-  uint8_t addr4[2];
-  EXPECT_EQ("", IPAddressToString(addr4, sizeof(addr4)));
-}
-
-TEST(IpAddressNumberTest, IPAddressToStringWithPort) {
-  uint8_t addr1[4] = {0, 0, 0, 0};
-  EXPECT_EQ("0.0.0.0:3", IPAddressToStringWithPort(addr1, sizeof(addr1), 3));
-
-  uint8_t addr2[4] = {192, 168, 0, 1};
-  EXPECT_EQ("192.168.0.1:99",
-            IPAddressToStringWithPort(addr2, sizeof(addr2), 99));
-
-  uint8_t addr3[16] = {0xFE, 0xDC, 0xBA, 0x98};
-  EXPECT_EQ("[fedc:ba98::]:8080",
-            IPAddressToStringWithPort(addr3, sizeof(addr3), 8080));
-
-  // IPAddressToStringWithPort() shouldn't crash on invalid addresses.
-  uint8_t addr4[2];
-  EXPECT_EQ("", IPAddressToStringWithPort(addr4, sizeof(addr4), 8080));
-}
-
-// Test that invalid IP literals fail to parse.
-TEST(IpAddressNumberTest, ParseIPLiteralToNumber_FailParse) {
-  IPAddressNumber number;
-
-  EXPECT_FALSE(ParseIPLiteralToNumber("bad value", &number));
-  EXPECT_FALSE(ParseIPLiteralToNumber("bad:value", &number));
-  EXPECT_FALSE(ParseIPLiteralToNumber(std::string(), &number));
-  EXPECT_FALSE(ParseIPLiteralToNumber("192.168.0.1:30", &number));
-  EXPECT_FALSE(ParseIPLiteralToNumber("  192.168.0.1  ", &number));
-  EXPECT_FALSE(ParseIPLiteralToNumber("[::1]", &number));
-}
-
-// Test parsing an IPv4 literal.
-TEST(IpAddressNumberTest, ParseIPLiteralToNumber_IPv4) {
-  IPAddressNumber number;
-  EXPECT_TRUE(ParseIPLiteralToNumber("192.168.0.1", &number));
-  EXPECT_EQ("192,168,0,1", DumpIPNumber(number));
-  EXPECT_EQ("192.168.0.1", IPAddressToString(number));
-}
-
-// Test parsing an IPv6 literal.
-TEST(IpAddressNumberTest, ParseIPLiteralToNumber_IPv6) {
-  IPAddressNumber number;
-  EXPECT_TRUE(ParseIPLiteralToNumber("1:abcd::3:4:ff", &number));
-  EXPECT_EQ("0,1,171,205,0,0,0,0,0,0,0,3,0,4,0,255", DumpIPNumber(number));
-  EXPECT_EQ("1:abcd::3:4:ff", IPAddressToString(number));
-}
-
-// Test mapping an IPv4 address to an IPv6 address.
-TEST(IpAddressNumberTest, ConvertIPv4NumberToIPv6Number) {
-  IPAddressNumber ipv4_number;
-  EXPECT_TRUE(ParseIPLiteralToNumber("192.168.0.1", &ipv4_number));
-
-  IPAddressNumber ipv6_number =
-      ConvertIPv4NumberToIPv6Number(ipv4_number);
-
-  // ::ffff:192.168.0.1
-  EXPECT_EQ("0,0,0,0,0,0,0,0,0,0,255,255,192,168,0,1",
-            DumpIPNumber(ipv6_number));
-  EXPECT_EQ("::ffff:c0a8:1", IPAddressToString(ipv6_number));
-}
-
-TEST(IpAddressNumberTest, IsIPv4Mapped) {
-  IPAddressNumber ipv4_number;
-  EXPECT_TRUE(ParseIPLiteralToNumber("192.168.0.1", &ipv4_number));
-  EXPECT_FALSE(IsIPv4Mapped(ipv4_number));
-
-  IPAddressNumber ipv6_number;
-  EXPECT_TRUE(ParseIPLiteralToNumber("::1", &ipv6_number));
-  EXPECT_FALSE(IsIPv4Mapped(ipv6_number));
-
-  IPAddressNumber ipv4mapped_number;
-  EXPECT_TRUE(ParseIPLiteralToNumber("::ffff:0101:1", &ipv4mapped_number));
-  EXPECT_TRUE(IsIPv4Mapped(ipv4mapped_number));
-}
-
-TEST(IpAddressNumberTest, ConvertIPv4MappedToIPv4) {
-  IPAddressNumber ipv4mapped_number;
-  EXPECT_TRUE(ParseIPLiteralToNumber("::ffff:0101:1", &ipv4mapped_number));
-  IPAddressNumber expected;
-  EXPECT_TRUE(ParseIPLiteralToNumber("1.1.0.1", &expected));
-  IPAddressNumber result = ConvertIPv4MappedToIPv4(ipv4mapped_number);
-  EXPECT_EQ(expected, result);
-}
-
-TEST(IpAddressNumberTest, IPNumberMatchesPrefix) {
-  struct {
-    const char* const cidr_literal;
-    size_t prefix_length_in_bits;
-    const char* const ip_literal;
-    bool expected_to_match;
-  } tests[] = {
-      // IPv4 prefix with IPv4 inputs.
-      {"10.10.1.32", 27, "10.10.1.44", true},
-      {"10.10.1.32", 27, "10.10.1.90", false},
-      {"10.10.1.32", 27, "10.10.1.90", false},
-
-      // IPv6 prefix with IPv6 inputs.
-      {"2001:db8::", 32, "2001:DB8:3:4::5", true},
-      {"2001:db8::", 32, "2001:c8::", false},
-
-      // IPv6 prefix with IPv4 inputs.
-      {"2001:db8::", 33, "192.168.0.1", false},
-      {"::ffff:192.168.0.1", 112, "192.168.33.77", true},
-
-      // IPv4 prefix with IPv6 inputs.
-      {"10.11.33.44", 16, "::ffff:0a0b:89", true},
-      {"10.11.33.44", 16, "::ffff:10.12.33.44", false},
-  };
-  for (size_t i = 0; i < arraysize(tests); ++i) {
-    SCOPED_TRACE(base::StringPrintf("Test[%" PRIuS "]: %s, %s", i,
-                                    tests[i].cidr_literal,
-                                    tests[i].ip_literal));
-
-    IPAddressNumber ip_number;
-    EXPECT_TRUE(ParseIPLiteralToNumber(tests[i].ip_literal, &ip_number));
-
-    IPAddressNumber ip_prefix;
-
-    EXPECT_TRUE(ParseIPLiteralToNumber(tests[i].cidr_literal, &ip_prefix));
-
-    EXPECT_EQ(tests[i].expected_to_match,
-              IPNumberMatchesPrefix(ip_number, ip_prefix,
-                                    tests[i].prefix_length_in_bits));
-  }
-}
-
-}  // anonymous namespace
-
-}  // namespace net
diff --git a/chromium/net/base/ip_address_unittest.cc b/chromium/net/base/ip_address_unittest.cc
index 3b9f3dfc183..09ff7451367 100644
--- a/chromium/net/base/ip_address_unittest.cc
+++ b/chromium/net/base/ip_address_unittest.cc
@@ -6,7 +6,9 @@
 
 #include <vector>
 
+#include "base/format_macros.h"
 #include "base/strings/string_number_conversions.h"
+#include "base/strings/stringprintf.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 namespace net {
@@ -75,6 +77,196 @@ TEST(IPAddressTest, IsValid) {
   EXPECT_TRUE(ip_address4.empty());
 }
 
+enum IPAddressReservedResult : bool { NOT_RESERVED = false, RESERVED = true };
+
+// Tests for the reserved IPv4 ranges and the (unreserved) blocks in between.
+// The reserved ranges are tested by checking the first and last address of each
+// range. The unreserved blocks are tested similarly. These tests cover the
+// entire IPv4 address range.
+TEST(IPAddressTest, IsReservedIPv4) {
+  struct {
+    const char* const address;
+    IPAddressReservedResult is_reserved;
+  } tests[] = {// 0.0.0.0/8
+               {"0.0.0.0", RESERVED},
+               {"0.255.255.255", RESERVED},
+               // Unreserved block(s)
+               {"1.0.0.0", NOT_RESERVED},
+               {"9.255.255.255", NOT_RESERVED},
+               // 10.0.0.0/8
+               {"10.0.0.0", RESERVED},
+               {"10.255.255.255", RESERVED},
+               // Unreserved block(s)
+               {"11.0.0.0", NOT_RESERVED},
+               {"100.63.255.255", NOT_RESERVED},
+               // 100.64.0.0/10
+               {"100.64.0.0", RESERVED},
+               {"100.127.255.255", RESERVED},
+               // Unreserved block(s)
+               {"100.128.0.0", NOT_RESERVED},
+               {"126.255.255.255", NOT_RESERVED},
+               // 127.0.0.0/8
+               {"127.0.0.0", RESERVED},
+               {"127.255.255.255", RESERVED},
+               // Unreserved block(s)
+               {"128.0.0.0", NOT_RESERVED},
+               {"169.253.255.255", NOT_RESERVED},
+               // 169.254.0.0/16
+               {"169.254.0.0", RESERVED},
+               {"169.254.255.255", RESERVED},
+               // Unreserved block(s)
+               {"169.255.0.0", NOT_RESERVED},
+               {"172.15.255.255", NOT_RESERVED},
+               // 172.16.0.0/12
+               {"172.16.0.0", RESERVED},
+               {"172.31.255.255", RESERVED},
+               // Unreserved block(s)
+               {"172.32.0.0", NOT_RESERVED},
+               {"191.255.255.255", NOT_RESERVED},
+               // 192.0.0.0/24 (including sub ranges)
+               {"192.0.0.0", NOT_RESERVED},
+               {"192.0.0.255", NOT_RESERVED},
+               // Unreserved block(s)
+               {"192.0.1.0", NOT_RESERVED},
+               {"192.0.1.255", NOT_RESERVED},
+               // 192.0.2.0/24
+               {"192.0.2.0", RESERVED},
+               {"192.0.2.255", RESERVED},
+               // Unreserved block(s)
+               {"192.0.3.0", NOT_RESERVED},
+               {"192.31.195.255", NOT_RESERVED},
+               // 192.31.196.0/24
+               {"192.31.196.0", NOT_RESERVED},
+               {"192.31.196.255", NOT_RESERVED},
+               // Unreserved block(s)
+               {"192.32.197.0", NOT_RESERVED},
+               {"192.52.192.255", NOT_RESERVED},
+               // 192.52.193.0/24
+               {"192.52.193.0", NOT_RESERVED},
+               {"192.52.193.255", NOT_RESERVED},
+               // Unreserved block(s)
+               {"192.52.194.0", NOT_RESERVED},
+               {"192.88.98.255", NOT_RESERVED},
+               // 192.88.99.0/24
+               {"192.88.99.0", RESERVED},
+               {"192.88.99.255", RESERVED},
+               // Unreserved block(s)
+               {"192.88.100.0", NOT_RESERVED},
+               {"192.167.255.255", NOT_RESERVED},
+               // 192.168.0.0/16
+               {"192.168.0.0", RESERVED},
+               {"192.168.255.255", RESERVED},
+               // Unreserved block(s)
+               {"192.169.0.0", NOT_RESERVED},
+               {"192.175.47.255", NOT_RESERVED},
+               // 192.175.48.0/24
+               {"192.175.48.0", NOT_RESERVED},
+               {"192.175.48.255", NOT_RESERVED},
+               // Unreserved block(s)
+               {"192.175.49.0", NOT_RESERVED},
+               {"198.17.255.255", NOT_RESERVED},
+               // 198.18.0.0/15
+               {"198.18.0.0", RESERVED},
+               {"198.19.255.255", RESERVED},
+               // Unreserved block(s)
+               {"198.20.0.0", NOT_RESERVED},
+               {"198.51.99.255", NOT_RESERVED},
+               // 198.51.100.0/24
+               {"198.51.100.0", RESERVED},
+               {"198.51.100.255", RESERVED},
+               // Unreserved block(s)
+               {"198.51.101.0", NOT_RESERVED},
+               {"203.0.112.255", NOT_RESERVED},
+               // 203.0.113.0/24
+               {"203.0.113.0", RESERVED},
+               {"203.0.113.255", RESERVED},
+               // Unreserved block(s)
+               {"203.0.114.0", NOT_RESERVED},
+               {"223.255.255.255", NOT_RESERVED},
+               // 224.0.0.0/8 - 255.0.0.0/8
+               {"224.0.0.0", RESERVED},
+               {"255.255.255.255", RESERVED}};
+
+  IPAddress address;
+  for (const auto& test : tests) {
+    EXPECT_TRUE(address.AssignFromIPLiteral(test.address));
+    EXPECT_EQ(!!test.is_reserved, address.IsReserved());
+  }
+}
+
+// Tests for the reserved IPv6 ranges and the (unreserved) blocks in between.
+// The reserved ranges are tested by checking the first and last address of each
+// range. The unreserved blocks are tested similarly. These tests cover the
+// entire IPv6 address range.
+TEST(IPAddressTest, IsReservedIPv6) {
+  struct {
+    const char* const address;
+    IPAddressReservedResult is_reserved;
+  } tests[] = {// 0000::/8
+               {"0:0:0:0:0:0:0:0", RESERVED},
+               {"ff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", RESERVED},
+               // 0100::/8
+               {"100:0:0:0:0:0:0:0", RESERVED},
+               {"1ff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", RESERVED},
+               // 0200::/7
+               {"200:0:0:0:0:0:0:0", RESERVED},
+               {"3ff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", RESERVED},
+               // 0400::/6
+               {"400:0:0:0:0:0:0:0", RESERVED},
+               {"7ff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", RESERVED},
+               // 0800::/5
+               {"800:0:0:0:0:0:0:0", RESERVED},
+               {"fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", RESERVED},
+               // 1000::/4
+               {"1000:0:0:0:0:0:0:0", RESERVED},
+               {"1fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", RESERVED},
+               // 2000::/3 (Global Unicast)
+               {"2000:0:0:0:0:0:0:0", NOT_RESERVED},
+               {"3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", NOT_RESERVED},
+               // 4000::/3
+               {"4000:0:0:0:0:0:0:0", RESERVED},
+               {"5fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", RESERVED},
+               // 6000::/3
+               {"6000:0:0:0:0:0:0:0", RESERVED},
+               {"7fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", RESERVED},
+               // 8000::/3
+               {"8000:0:0:0:0:0:0:0", RESERVED},
+               {"9fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", RESERVED},
+               // c000::/3
+               {"c000:0:0:0:0:0:0:0", RESERVED},
+               {"dfff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", RESERVED},
+               // e000::/4
+               {"e000:0:0:0:0:0:0:0", RESERVED},
+               {"efff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", RESERVED},
+               // f000::/5
+               {"f000:0:0:0:0:0:0:0", RESERVED},
+               {"f7ff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", RESERVED},
+               // f800::/6
+               {"f800:0:0:0:0:0:0:0", RESERVED},
+               {"fbff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", RESERVED},
+               // fc00::/7
+               {"fc00:0:0:0:0:0:0:0", RESERVED},
+               {"fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", RESERVED},
+               // fe00::/9
+               {"fe00:0:0:0:0:0:0:0", RESERVED},
+               {"fe7f:ffff:ffff:ffff:ffff:ffff:ffff:ffff", RESERVED},
+               // fe80::/10
+               {"fe80:0:0:0:0:0:0:0", RESERVED},
+               {"febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff", RESERVED},
+               // fec0::/10
+               {"fec0:0:0:0:0:0:0:0", RESERVED},
+               {"feff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", RESERVED},
+               // ff00::/8 (Multicast)
+               {"ff00:0:0:0:0:0:0:0", NOT_RESERVED},
+               {"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", NOT_RESERVED}};
+
+  IPAddress address;
+  for (const auto& test : tests) {
+    EXPECT_TRUE(address.AssignFromIPLiteral(test.address));
+    EXPECT_EQ(!!test.is_reserved, address.IsReserved());
+  }
+}
+
 TEST(IPAddressTest, IsZero) {
   uint8_t address1[4] = {};
   IPAddress zero_ipv4_address(address1);
@@ -96,6 +288,15 @@ TEST(IPAddressTest, IsZero) {
   EXPECT_FALSE(empty_address.IsZero());
 }
 
+TEST(IPAddressTest, IsIPv4Mapped) {
+  IPAddress ipv4_address(192, 168, 0, 1);
+  EXPECT_FALSE(ipv4_address.IsIPv4MappedIPv6());
+  IPAddress ipv6_address(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1);
+  EXPECT_FALSE(ipv6_address.IsIPv4MappedIPv6());
+  IPAddress mapped_address(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 255, 255, 1, 1, 0, 1);
+  EXPECT_TRUE(mapped_address.IsIPv4MappedIPv6());
+}
+
 TEST(IPAddressTest, AllZeros) {
   EXPECT_TRUE(IPAddress::AllZeros(0).empty());
 
@@ -107,25 +308,53 @@ TEST(IPAddressTest, AllZeros) {
 }
 
 TEST(IPAddressTest, ToString) {
-  uint8_t addr1[4] = {0, 0, 0, 0};
-  IPAddress ip_address1(addr1);
-  EXPECT_EQ("0.0.0.0", ip_address1.ToString());
+  EXPECT_EQ("0.0.0.0", IPAddress::IPv4AllZeros().ToString());
 
-  uint8_t addr2[4] = {192, 168, 0, 1};
-  IPAddress ip_address2(addr2);
-  EXPECT_EQ("192.168.0.1", ip_address2.ToString());
+  IPAddress address(192, 168, 0, 1);
+  EXPECT_EQ("192.168.0.1", address.ToString());
 
-  uint8_t addr3[16] = {0xFE, 0xDC, 0xBA, 0x98};
-  IPAddress ip_address3(addr3);
-  EXPECT_EQ("fedc:ba98::", ip_address3.ToString());
+  IPAddress address2(0xFE, 0xDC, 0xBA, 0x98, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+                     0);
+  EXPECT_EQ("fedc:ba98::", address2.ToString());
 
   // ToString() shouldn't crash on invalid addresses.
   uint8_t addr4[2];
-  IPAddress ip_address4(addr4);
-  EXPECT_EQ("", ip_address4.ToString());
+  IPAddress address4(addr4);
+  EXPECT_EQ("", address4.ToString());
 
-  IPAddress ip_address5;
-  EXPECT_EQ("", ip_address5.ToString());
+  IPAddress address5;
+  EXPECT_EQ("", address5.ToString());
+}
+
+TEST(IPAddressTest, IPAddressToStringWithPort) {
+  EXPECT_EQ("0.0.0.0:3",
+            IPAddressToStringWithPort(IPAddress::IPv4AllZeros(), 3));
+
+  IPAddress address1(192, 168, 0, 1);
+  EXPECT_EQ("192.168.0.1:99", IPAddressToStringWithPort(address1, 99));
+
+  IPAddress address2(0xFE, 0xDC, 0xBA, 0x98, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+                     0);
+  EXPECT_EQ("[fedc:ba98::]:8080", IPAddressToStringWithPort(address2, 8080));
+
+  // IPAddressToStringWithPort() shouldn't crash on invalid addresses.
+  uint8_t addr3[2];
+  EXPECT_EQ("", IPAddressToStringWithPort(IPAddress(addr3), 8080));
+}
+
+TEST(IPAddressTest, IPAddressToPackedString) {
+  IPAddress ipv4_address;
+  EXPECT_TRUE(ipv4_address.AssignFromIPLiteral("4.31.198.44"));
+  std::string expected_ipv4_address("\x04\x1f\xc6\x2c", 4);
+  EXPECT_EQ(expected_ipv4_address, IPAddressToPackedString(ipv4_address));
+
+  IPAddress ipv6_address;
+  EXPECT_TRUE(ipv6_address.AssignFromIPLiteral("2001:0700:0300:1800::000f"));
+  std::string expected_ipv6_address(
+      "\x20\x01\x07\x00\x03\x00\x18\x00"
+      "\x00\x00\x00\x00\x00\x00\x00\x0f",
+      16);
+  EXPECT_EQ(expected_ipv6_address, IPAddressToPackedString(ipv6_address));
 }
 
 // Test that invalid IP literals fail to parse.
@@ -157,17 +386,12 @@ TEST(IPAddressTest, AssignFromIPLiteral_IPv6) {
 }
 
 TEST(IPAddressTest, IsIPv4MappedIPv6) {
-  IPAddress ipv4_address;
-  EXPECT_TRUE(ipv4_address.AssignFromIPLiteral("192.168.0.1"));
+  IPAddress ipv4_address(192, 168, 0, 1);
   EXPECT_FALSE(ipv4_address.IsIPv4MappedIPv6());
-
-  IPAddress ipv6_address;
-  EXPECT_TRUE(ipv6_address.AssignFromIPLiteral("::1"));
+  IPAddress ipv6_address = IPAddress::IPv6Localhost();
   EXPECT_FALSE(ipv6_address.IsIPv4MappedIPv6());
-
-  IPAddress ipv4mapped_address;
-  EXPECT_TRUE(ipv4mapped_address.AssignFromIPLiteral("::ffff:0101:1"));
-  EXPECT_TRUE(ipv4mapped_address.IsIPv4MappedIPv6());
+  IPAddress mapped_address(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 255, 255, 1, 1, 0, 1);
+  EXPECT_TRUE(mapped_address.IsIPv4MappedIPv6());
 }
 
 TEST(IPAddressTest, IsEqual) {
@@ -198,60 +422,69 @@ TEST(IPAddressTest, LessThan) {
   EXPECT_FALSE(ip_address3 < ip_address1);
 }
 
-TEST(IPAddressTest, IPAddressToStringWithPort) {
-  IPAddress address1;
-  EXPECT_TRUE(address1.AssignFromIPLiteral("0.0.0.0"));
-  EXPECT_EQ("0.0.0.0:3", IPAddressToStringWithPort(address1, 3));
-
-  IPAddress address2;
-  EXPECT_TRUE(address2.AssignFromIPLiteral("192.168.0.1"));
-  EXPECT_EQ("192.168.0.1:99", IPAddressToStringWithPort(address2, 99));
-
-  IPAddress address3;
-  EXPECT_TRUE(address3.AssignFromIPLiteral("fedc:ba98::"));
-  EXPECT_EQ("[fedc:ba98::]:8080", IPAddressToStringWithPort(address3, 8080));
-
-  // ToString() shouldn't crash on invalid addresses.
-  IPAddress address4;
-  EXPECT_EQ("", IPAddressToStringWithPort(address4, 8080));
-}
-
-TEST(IPAddressTest, IPAddressToPackedString) {
-  IPAddress ipv4_address;
-  EXPECT_TRUE(ipv4_address.AssignFromIPLiteral("4.31.198.44"));
-  std::string expected_ipv4_address("\x04\x1f\xc6\x2c", 4);
-  EXPECT_EQ(expected_ipv4_address, IPAddressToPackedString(ipv4_address));
-
-  IPAddress ipv6_address;
-  EXPECT_TRUE(ipv6_address.AssignFromIPLiteral("2001:0700:0300:1800::000f"));
-  std::string expected_ipv6_address(
-      "\x20\x01\x07\x00\x03\x00\x18\x00"
-      "\x00\x00\x00\x00\x00\x00\x00\x0f",
-      16);
-  EXPECT_EQ(expected_ipv6_address, IPAddressToPackedString(ipv6_address));
-}
-
+// Test mapping an IPv4 address to an IPv6 address.
 TEST(IPAddressTest, ConvertIPv4ToIPv4MappedIPv6) {
-  IPAddress ipv4_address;
-  EXPECT_TRUE(ipv4_address.AssignFromIPLiteral("192.168.0.1"));
-
+  IPAddress ipv4_address(192, 168, 0, 1);
   IPAddress ipv6_address = ConvertIPv4ToIPv4MappedIPv6(ipv4_address);
 
   // ::ffff:192.168.0.1
+  EXPECT_EQ("0,0,0,0,0,0,0,0,0,0,255,255,192,168,0,1",
+            DumpIPAddress(ipv6_address));
   EXPECT_EQ("::ffff:c0a8:1", ipv6_address.ToString());
 }
 
+// Test reversal of a IPv6 address mapping.
 TEST(IPAddressTest, ConvertIPv4MappedIPv6ToIPv4) {
   IPAddress ipv4mapped_address;
   EXPECT_TRUE(ipv4mapped_address.AssignFromIPLiteral("::ffff:c0a8:1"));
 
-  IPAddress expected;
-  EXPECT_TRUE(expected.AssignFromIPLiteral("192.168.0.1"));
+  IPAddress expected(192, 168, 0, 1);
 
   IPAddress result = ConvertIPv4MappedIPv6ToIPv4(ipv4mapped_address);
   EXPECT_EQ(expected, result);
 }
 
+TEST(IPAddressTest, IPAddressMatchesPrefix) {
+  struct {
+    const char* const cidr_literal;
+    size_t prefix_length_in_bits;
+    const char* const ip_literal;
+    bool expected_to_match;
+  } tests[] = {
+      // IPv4 prefix with IPv4 inputs.
+      {"10.10.1.32", 27, "10.10.1.44", true},
+      {"10.10.1.32", 27, "10.10.1.90", false},
+      {"10.10.1.32", 27, "10.10.1.90", false},
+
+      // IPv6 prefix with IPv6 inputs.
+      {"2001:db8::", 32, "2001:DB8:3:4::5", true},
+      {"2001:db8::", 32, "2001:c8::", false},
+
+      // IPv6 prefix with IPv4 inputs.
+      {"2001:db8::", 33, "192.168.0.1", false},
+      {"::ffff:192.168.0.1", 112, "192.168.33.77", true},
+
+      // IPv4 prefix with IPv6 inputs.
+      {"10.11.33.44", 16, "::ffff:0a0b:89", true},
+      {"10.11.33.44", 16, "::ffff:10.12.33.44", false},
+  };
+  for (size_t i = 0; i < arraysize(tests); ++i) {
+    SCOPED_TRACE(base::StringPrintf("Test[%" PRIuS "]: %s, %s", i,
+                                    tests[i].cidr_literal,
+                                    tests[i].ip_literal));
+
+    IPAddress ip_address;
+    EXPECT_TRUE(ip_address.AssignFromIPLiteral(tests[i].ip_literal));
+
+    IPAddress ip_prefix;
+    EXPECT_TRUE(ip_prefix.AssignFromIPLiteral(tests[i].cidr_literal));
+
+    EXPECT_EQ(tests[i].expected_to_match,
+              IPAddressMatchesPrefix(ip_address, ip_prefix,
+                                     tests[i].prefix_length_in_bits));
+  }
+}
+
 // Test parsing invalid CIDR notation literals.
 TEST(IPAddressTest, ParseCIDRBlock_Invalid) {
   const char* const bad_literals[] = {"foobar",
diff --git a/chromium/net/base/ip_endpoint.cc b/chromium/net/base/ip_endpoint.cc
index df0cb56947f..e24a5d6f4cc 100644
--- a/chromium/net/base/ip_endpoint.cc
+++ b/chromium/net/base/ip_endpoint.cc
@@ -44,7 +44,7 @@ bool GetIPAddressFromSockAddr(const struct sockaddr* sock_addr,
     const struct sockaddr_in* addr =
         reinterpret_cast<const struct sockaddr_in*>(sock_addr);
     *address = reinterpret_cast<const uint8_t*>(&addr->sin_addr);
-    *address_len = kIPv4AddressSize;
+    *address_len = IPAddress::kIPv4AddressSize;
     if (port)
       *port = base::NetToHost16(addr->sin_port);
     return true;
@@ -56,7 +56,7 @@ bool GetIPAddressFromSockAddr(const struct sockaddr* sock_addr,
     const struct sockaddr_in6* addr =
         reinterpret_cast<const struct sockaddr_in6*>(sock_addr);
     *address = reinterpret_cast<const uint8_t*>(&addr->sin6_addr);
-    *address_len = kIPv6AddressSize;
+    *address_len = IPAddress::kIPv6AddressSize;
     if (port)
       *port = base::NetToHost16(addr->sin6_port);
     return true;
@@ -84,10 +84,6 @@ IPEndPoint::IPEndPoint() : port_(0) {}
 
 IPEndPoint::~IPEndPoint() {}
 
-IPEndPoint::IPEndPoint(const IPAddressNumber& address, uint16_t port)
-    : address_(address), port_(port) {
-}
-
 IPEndPoint::IPEndPoint(const IPAddress& address, uint16_t port)
     : address_(address), port_(port) {}
 
@@ -97,14 +93,14 @@ IPEndPoint::IPEndPoint(const IPEndPoint& endpoint) {
 }
 
 AddressFamily IPEndPoint::GetFamily() const {
-  return GetAddressFamily(address_.bytes());
+  return GetAddressFamily(address_);
 }
 
 int IPEndPoint::GetSockAddrFamily() const {
   switch (address_.size()) {
-    case kIPv4AddressSize:
+    case IPAddress::kIPv4AddressSize:
       return AF_INET;
-    case kIPv6AddressSize:
+    case IPAddress::kIPv6AddressSize:
       return AF_INET6;
     default:
       NOTREACHED() << "Bad IP address";
@@ -117,7 +113,7 @@ bool IPEndPoint::ToSockAddr(struct sockaddr* address,
   DCHECK(address);
   DCHECK(address_length);
   switch (address_.size()) {
-    case kIPv4AddressSize: {
+    case IPAddress::kIPv4AddressSize: {
       if (*address_length < kSockaddrInSize)
         return false;
       *address_length = kSockaddrInSize;
@@ -125,10 +121,11 @@ bool IPEndPoint::ToSockAddr(struct sockaddr* address,
       memset(addr, 0, sizeof(struct sockaddr_in));
       addr->sin_family = AF_INET;
       addr->sin_port = base::HostToNet16(port_);
-      memcpy(&addr->sin_addr, &address_.bytes()[0], kIPv4AddressSize);
+      memcpy(&addr->sin_addr, address_.bytes().data(),
+             IPAddress::kIPv4AddressSize);
       break;
     }
-    case kIPv6AddressSize: {
+    case IPAddress::kIPv6AddressSize: {
       if (*address_length < kSockaddrIn6Size)
         return false;
       *address_length = kSockaddrIn6Size;
@@ -137,7 +134,8 @@ bool IPEndPoint::ToSockAddr(struct sockaddr* address,
       memset(addr6, 0, sizeof(struct sockaddr_in6));
       addr6->sin6_family = AF_INET6;
       addr6->sin6_port = base::HostToNet16(port_);
-      memcpy(&addr6->sin6_addr, &address_.bytes()[0], kIPv6AddressSize);
+      memcpy(&addr6->sin6_addr, address_.bytes().data(),
+             IPAddress::kIPv6AddressSize);
       break;
     }
     default:
@@ -164,7 +162,7 @@ bool IPEndPoint::FromSockAddr(const struct sockaddr* sock_addr,
 }
 
 std::string IPEndPoint::ToString() const {
-  return IPAddressToStringWithPort(address_.bytes(), port_);
+  return IPAddressToStringWithPort(address_, port_);
 }
 
 std::string IPEndPoint::ToStringWithoutPort() const {
diff --git a/chromium/net/base/ip_endpoint.h b/chromium/net/base/ip_endpoint.h
index a1c12296b3d..f9eb27753b9 100644
--- a/chromium/net/base/ip_endpoint.h
+++ b/chromium/net/base/ip_endpoint.h
@@ -26,8 +26,6 @@ class NET_EXPORT IPEndPoint {
  public:
   IPEndPoint();
   ~IPEndPoint();
-  // DEPRECATED(crbug.com/496258): Use the ctor that takes IPAddress instead.
-  IPEndPoint(const IPAddressNumber& address, uint16_t port);
   IPEndPoint(const IPAddress& address, uint16_t port);
   IPEndPoint(const IPEndPoint& endpoint);
 
diff --git a/chromium/net/base/ip_pattern.cc b/chromium/net/base/ip_pattern.cc
index 6d58b5fb0fe..0a3b0992636 100644
--- a/chromium/net/base/ip_pattern.cc
+++ b/chromium/net/base/ip_pattern.cc
@@ -4,11 +4,11 @@
 
 #include "net/base/ip_pattern.h"
 
+#include <memory>
 #include <string>
 
 #include "base/logging.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/stl_util.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_split.h"
@@ -126,7 +126,7 @@ bool IPPattern::ParsePattern(const std::string& ip_pattern) {
       return false;
     }
     // We'll need a pattern to match this bracketed component.
-    scoped_ptr<ComponentPattern> component_pattern(new ComponentPattern);
+    std::unique_ptr<ComponentPattern> component_pattern(new ComponentPattern);
     // Trim leading and trailing bracket before calling for parsing.
     if (!ParseComponentPattern(component.substr(1, component.size() - 2),
                                component_pattern.get())) {
diff --git a/chromium/net/base/ip_pattern.h b/chromium/net/base/ip_pattern.h
index 92daa28f13a..88ebfe22c67 100644
--- a/chromium/net/base/ip_pattern.h
+++ b/chromium/net/base/ip_pattern.h
@@ -7,11 +7,11 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 #include <vector>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_piece.h"
 #include "net/base/net_export.h"
 
@@ -38,7 +38,7 @@ class NET_EXPORT IPPattern {
  private:
   class ComponentPattern;
   using Strings = std::vector<std::string>;
-  using ComponentPatternList = std::vector<scoped_ptr<ComponentPattern>>;
+  using ComponentPatternList = std::vector<std::unique_ptr<ComponentPattern>>;
 
   // IPv6 addresses have 8 components, while IPv4 addresses have 4 components.
   // ComponentPattern is used to define patterns to match individual components.
diff --git a/chromium/net/base/keygen_handler.h b/chromium/net/base/keygen_handler.h
index 9cccee82287..67a11bc9b65 100644
--- a/chromium/net/base/keygen_handler.h
+++ b/chromium/net/base/keygen_handler.h
@@ -5,10 +5,10 @@
 #ifndef NET_BASE_KEYGEN_HANDLER_H_
 #define NET_BASE_KEYGEN_HANDLER_H_
 
+#include <memory>
 #include <string>
 
 #include "base/callback_forward.h"
-#include "base/memory/scoped_ptr.h"
 #include "build/build_config.h"
 #include "net/base/net_export.h"
 #include "url/gurl.h"
@@ -47,7 +47,7 @@ class NET_EXPORT KeygenHandler {
   // GenKeyAndSignChallenge runs on a worker thread, so using a blocking
   // password callback is okay here.
   void set_crypto_module_delegate(
-      scoped_ptr<crypto::NSSCryptoModuleDelegate> delegate);
+      std::unique_ptr<crypto::NSSCryptoModuleDelegate> delegate);
 #endif  // defined(USE_NSS_CERTS)
 
  private:
@@ -57,7 +57,7 @@ class NET_EXPORT KeygenHandler {
   bool stores_key_;  // should the generated key-pair be stored persistently?
 #if defined(USE_NSS_CERTS)
   // The callback for requesting a password to the PKCS#11 token.
-  scoped_ptr<crypto::NSSCryptoModuleDelegate> crypto_module_delegate_;
+  std::unique_ptr<crypto::NSSCryptoModuleDelegate> crypto_module_delegate_;
 #endif  // defined(USE_NSS_CERTS)
 };
 
diff --git a/chromium/net/base/keygen_handler_nss.cc b/chromium/net/base/keygen_handler_nss.cc
index 849f7872673..97e0018f5e2 100644
--- a/chromium/net/base/keygen_handler_nss.cc
+++ b/chromium/net/base/keygen_handler_nss.cc
@@ -41,7 +41,7 @@ std::string KeygenHandler::GenKeyAndSignChallenge() {
 }
 
 void KeygenHandler::set_crypto_module_delegate(
-      scoped_ptr<crypto::NSSCryptoModuleDelegate> delegate) {
+    std::unique_ptr<crypto::NSSCryptoModuleDelegate> delegate) {
   crypto_module_delegate_ = std::move(delegate);
 }
 
diff --git a/chromium/net/base/keygen_handler_openssl.cc b/chromium/net/base/keygen_handler_openssl.cc
index f72ca0e0eeb..f566a1ca42b 100644
--- a/chromium/net/base/keygen_handler_openssl.cc
+++ b/chromium/net/base/keygen_handler_openssl.cc
@@ -2,29 +2,29 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "net/base/keygen_handler.h"
-
 #include <openssl/bytestring.h>
 #include <openssl/digest.h>
 #include <openssl/evp.h>
 #include <openssl/mem.h>
 #include <stdint.h>
 
+#include <memory>
+
 #include "base/base64.h"
 #include "base/location.h"
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_piece.h"
 #include "crypto/auto_cbb.h"
 #include "crypto/openssl_util.h"
 #include "crypto/rsa_private_key.h"
 #include "crypto/scoped_openssl_types.h"
+#include "net/base/keygen_handler.h"
 #include "net/base/openssl_private_key_store.h"
 
 namespace net {
 
 std::string KeygenHandler::GenKeyAndSignChallenge() {
-  scoped_ptr<crypto::RSAPrivateKey> key(
+  std::unique_ptr<crypto::RSAPrivateKey> key(
       crypto::RSAPrivateKey::Create(key_size_in_bits_));
   EVP_PKEY* pkey = key->key();
 
diff --git a/chromium/net/base/keygen_handler_unittest.cc b/chromium/net/base/keygen_handler_unittest.cc
index b045ababacd..8c051713fc0 100644
--- a/chromium/net/base/keygen_handler_unittest.cc
+++ b/chromium/net/base/keygen_handler_unittest.cc
@@ -61,12 +61,12 @@ class KeygenHandlerTest : public ::testing::Test {
   KeygenHandlerTest() {}
   ~KeygenHandlerTest() override {}
 
-  scoped_ptr<KeygenHandler> CreateKeygenHandler() {
-    scoped_ptr<KeygenHandler> handler(
+  std::unique_ptr<KeygenHandler> CreateKeygenHandler() {
+    std::unique_ptr<KeygenHandler> handler(
         new KeygenHandler(768, kChallenge, GURL("http://www.example.com")));
 #if defined(USE_NSS_CERTS)
     handler->set_crypto_module_delegate(
-        scoped_ptr<crypto::NSSCryptoModuleDelegate>(
+        std::unique_ptr<crypto::NSSCryptoModuleDelegate>(
             new StubCryptoModuleDelegate(crypto::ScopedPK11Slot(
                 PK11_ReferenceSlot(test_nss_db_.slot())))));
 #endif
@@ -165,7 +165,7 @@ void AssertValidSignedPublicKeyAndChallenge(const std::string& result,
 }
 
 TEST_F(KeygenHandlerTest, SmokeTest) {
-  scoped_ptr<KeygenHandler> handler(CreateKeygenHandler());
+  std::unique_ptr<KeygenHandler> handler(CreateKeygenHandler());
   handler->set_stores_key(false);  // Don't leave the key-pair behind
   std::string result = handler->GenKeyAndSignChallenge();
   VLOG(1) << "KeygenHandler produced: " << result;
@@ -174,7 +174,7 @@ TEST_F(KeygenHandlerTest, SmokeTest) {
 
 void ConcurrencyTestCallback(const std::string& challenge,
                              base::WaitableEvent* event,
-                             scoped_ptr<KeygenHandler> handler,
+                             std::unique_ptr<KeygenHandler> handler,
                              std::string* result) {
   // We allow Singleton use on the worker thread here since we use a
   // WaitableEvent to synchronize, so it's safe.
@@ -201,7 +201,7 @@ TEST_F(KeygenHandlerTest, ConcurrencyTest) {
   base::WaitableEvent* events[NUM_HANDLERS] = { NULL };
   std::string results[NUM_HANDLERS];
   for (int i = 0; i < NUM_HANDLERS; i++) {
-    scoped_ptr<KeygenHandler> handler(CreateKeygenHandler());
+    std::unique_ptr<KeygenHandler> handler(CreateKeygenHandler());
     events[i] = new base::WaitableEvent(false, false);
     base::WorkerPool::PostTask(FROM_HERE,
                                base::Bind(ConcurrencyTestCallback,
diff --git a/chromium/net/base/layered_network_delegate.cc b/chromium/net/base/layered_network_delegate.cc
index d97496205f9..c17d5d291f8 100644
--- a/chromium/net/base/layered_network_delegate.cc
+++ b/chromium/net/base/layered_network_delegate.cc
@@ -9,7 +9,7 @@
 namespace net {
 
 LayeredNetworkDelegate::LayeredNetworkDelegate(
-    scoped_ptr<NetworkDelegate> nested_network_delegate)
+    std::unique_ptr<NetworkDelegate> nested_network_delegate)
     : nested_network_delegate_(std::move(nested_network_delegate)) {}
 
 LayeredNetworkDelegate::~LayeredNetworkDelegate() {
diff --git a/chromium/net/base/layered_network_delegate.h b/chromium/net/base/layered_network_delegate.h
index 577f4b70b9a..e16cdbdd457 100644
--- a/chromium/net/base/layered_network_delegate.h
+++ b/chromium/net/base/layered_network_delegate.h
@@ -7,7 +7,8 @@
 
 #include <stdint.h>
 
-#include "base/memory/scoped_ptr.h"
+#include <memory>
+
 #include "base/strings/string16.h"
 #include "net/base/completion_callback.h"
 #include "net/base/network_delegate.h"
@@ -34,7 +35,7 @@ class URLRequest;
 class NET_EXPORT LayeredNetworkDelegate : public NetworkDelegate {
  public:
   explicit LayeredNetworkDelegate(
-      scoped_ptr<NetworkDelegate> nested_network_delegate);
+      std::unique_ptr<NetworkDelegate> nested_network_delegate);
   ~LayeredNetworkDelegate() override;
 
   // NetworkDelegate implementation:
@@ -152,7 +153,7 @@ class NET_EXPORT LayeredNetworkDelegate : public NetworkDelegate {
       const GURL& referrer_url) const;
 
  private:
-  scoped_ptr<NetworkDelegate> nested_network_delegate_;
+  std::unique_ptr<NetworkDelegate> nested_network_delegate_;
 };
 
 }  // namespace net
diff --git a/chromium/net/base/layered_network_delegate_unittest.cc b/chromium/net/base/layered_network_delegate_unittest.cc
index 5b9e6107dbf..b22d3ad76cc 100644
--- a/chromium/net/base/layered_network_delegate_unittest.cc
+++ b/chromium/net/base/layered_network_delegate_unittest.cc
@@ -5,13 +5,13 @@
 #include "net/base/layered_network_delegate.h"
 
 #include <map>
+#include <memory>
 #include <utility>
 
 #include "base/bind.h"
 #include "base/files/file_path.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/auth.h"
 #include "net/base/net_errors.h"
 #include "net/base/network_delegate_impl.h"
@@ -161,7 +161,7 @@ class TestNetworkDelegateImpl : public NetworkDelegateImpl {
 
 class TestLayeredNetworkDelegate : public LayeredNetworkDelegate {
  public:
-  TestLayeredNetworkDelegate(scoped_ptr<NetworkDelegate> network_delegate,
+  TestLayeredNetworkDelegate(std::unique_ptr<NetworkDelegate> network_delegate,
                              CountersMap* counters)
       : LayeredNetworkDelegate(std::move(network_delegate)),
         context_(true),
@@ -173,9 +173,10 @@ class TestLayeredNetworkDelegate : public LayeredNetworkDelegate {
 
   void CallAndVerify() {
     scoped_refptr<AuthChallengeInfo> auth_challenge(new AuthChallengeInfo());
-    scoped_ptr<URLRequest> request =
+    std::unique_ptr<URLRequest> request =
         context_.CreateRequest(GURL(), IDLE, &delegate_);
-    scoped_ptr<HttpRequestHeaders> request_headers(new HttpRequestHeaders());
+    std::unique_ptr<HttpRequestHeaders> request_headers(
+        new HttpRequestHeaders());
     scoped_refptr<HttpResponseHeaders> response_headers(
         new HttpResponseHeaders(""));
     TestCompletionCallback completion_callback;
@@ -341,17 +342,17 @@ class TestLayeredNetworkDelegate : public LayeredNetworkDelegate {
 class LayeredNetworkDelegateTest : public testing::Test {
  public:
   LayeredNetworkDelegateTest() {
-    scoped_ptr<TestNetworkDelegateImpl> test_network_delegate(
+    std::unique_ptr<TestNetworkDelegateImpl> test_network_delegate(
         new TestNetworkDelegateImpl(&layered_network_delegate_counters));
     test_network_delegate_ = test_network_delegate.get();
-    layered_network_delegate_ = scoped_ptr<TestLayeredNetworkDelegate>(
+    layered_network_delegate_ = std::unique_ptr<TestLayeredNetworkDelegate>(
         new TestLayeredNetworkDelegate(std::move(test_network_delegate),
                                        &layered_network_delegate_counters));
   }
 
   CountersMap layered_network_delegate_counters;
   TestNetworkDelegateImpl* test_network_delegate_;
-  scoped_ptr<TestLayeredNetworkDelegate> layered_network_delegate_;
+  std::unique_ptr<TestLayeredNetworkDelegate> layered_network_delegate_;
 };
 
 TEST_F(LayeredNetworkDelegateTest, VerifyLayeredNetworkDelegateInternal) {
diff --git a/chromium/net/base/linked_hash_map.h b/chromium/net/base/linked_hash_map.h
index e3d12d63413..306ac52b77a 100644
--- a/chromium/net/base/linked_hash_map.h
+++ b/chromium/net/base/linked_hash_map.h
@@ -224,6 +224,19 @@ class linked_hash_map {
     return list_.size();
   }
 
+  template <typename... Args>
+  std::pair<iterator, bool> emplace(Args&&... args) {
+    ListType node_donor;
+    auto node_pos =
+        node_donor.emplace(node_donor.end(), std::forward<Args>(args)...);
+    const auto& k = node_pos->first;
+    auto ins = map_.insert({k, node_pos});
+    if (!ins.second)
+      return {ins.first->second, false};
+    list_.splice(list_.end(), node_donor, node_pos);
+    return {ins.first->second, true};
+  }
+
   void swap(linked_hash_map& other) {
     map_.swap(other.map_);
     list_.swap(other.list_);
diff --git a/chromium/net/base/load_timing_info.h b/chromium/net/base/load_timing_info.h
index 8ee5a22ec14..b4654e5cb32 100644
--- a/chromium/net/base/load_timing_info.h
+++ b/chromium/net/base/load_timing_info.h
@@ -38,12 +38,20 @@ namespace net {
 // send_end
 // receive_headers_end
 //
-// Times represent when a request starts/stops blocking on an event, not the
-// time the events actually occurred.  In particular, in the case of preconnects
+// Times represent when a request starts/stops blocking on an event(*), not the
+// time the events actually occurred. In particular, in the case of preconnects
 // and socket reuse, no time may be spent blocking on establishing a connection.
 // In the case of SPDY, PAC scripts are only run once for each shared session,
 // so no time may be spent blocking on them.
 //
+// (*) Note 1: push_start and push_end are the exception to this, as they
+// represent the operation which is asynchronous to normal request flow and
+// hence are provided as absolute values and not converted to "blocking" time.
+//
+// (*) Note 2: Internally to the network stack, times are those of actual event
+// occurrence. URLRequest converts them to time which the network stack was
+// blocked on each state, as per resource timing specs.
+//
 // DNS and SSL times are both times for the host, not the proxy, so DNS times
 // when using proxies are null, and only requests to HTTPS hosts (Not proxies)
 // have SSL times.  One exception to this is when a proxy server itself returns
@@ -52,9 +60,6 @@ namespace net {
 // See HttpNetworkTransaction::OnHttpsProxyTunnelResponse.
 // TODO(mmenke):  Is this worth fixing?
 //
-// Note that internal to the network stack, times are when events actually
-// occurred.  URLRequest converts them to time which the network stack was
-// blocked on each state.
 struct NET_EXPORT LoadTimingInfo {
   // Contains the LoadTimingInfo events related to establishing a connection.
   // These are all set by ConnectJobs.
@@ -136,6 +141,13 @@ struct NET_EXPORT LoadTimingInfo {
 
   // The time at which the end of the HTTP headers were received.
   base::TimeTicks receive_headers_end;
+
+  // In case the resource was proactively pushed by the server, these are
+  // the times that push started and ended. Note that push_end will be null
+  // if the request is still being transmitted, i.e. the underlying h2 stream
+  // is not closed by the server.
+  base::TimeTicks push_start;
+  base::TimeTicks push_end;
 };
 
 }  // namespace net
diff --git a/chromium/net/base/load_timing_info_test_util.cc b/chromium/net/base/load_timing_info_test_util.cc
index a34a5832400..84410d560b9 100644
--- a/chromium/net/base/load_timing_info_test_util.cc
+++ b/chromium/net/base/load_timing_info_test_util.cc
@@ -54,6 +54,8 @@ void ExpectLoadTimingHasOnlyConnectionTimes(
   EXPECT_TRUE(load_timing_info.send_start.is_null());
   EXPECT_TRUE(load_timing_info.send_end.is_null());
   EXPECT_TRUE(load_timing_info.receive_headers_end.is_null());
+  EXPECT_TRUE(load_timing_info.push_start.is_null());
+  EXPECT_TRUE(load_timing_info.push_end.is_null());
 }
 
 }  // namespace net
diff --git a/chromium/net/base/logging_network_change_observer.cc b/chromium/net/base/logging_network_change_observer.cc
new file mode 100644
index 00000000000..871a44abbb4
--- /dev/null
+++ b/chromium/net/base/logging_network_change_observer.cc
@@ -0,0 +1,58 @@
+// Copyright (c) 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/base/logging_network_change_observer.h"
+
+#include <string>
+
+#include "base/logging.h"
+#include "net/log/net_log.h"
+
+namespace net {
+
+LoggingNetworkChangeObserver::LoggingNetworkChangeObserver(net::NetLog* net_log)
+    : net_log_(net_log) {
+  net::NetworkChangeNotifier::AddIPAddressObserver(this);
+  net::NetworkChangeNotifier::AddConnectionTypeObserver(this);
+  net::NetworkChangeNotifier::AddNetworkChangeObserver(this);
+}
+
+LoggingNetworkChangeObserver::~LoggingNetworkChangeObserver() {
+  net::NetworkChangeNotifier::RemoveIPAddressObserver(this);
+  net::NetworkChangeNotifier::RemoveConnectionTypeObserver(this);
+  net::NetworkChangeNotifier::RemoveNetworkChangeObserver(this);
+}
+
+void LoggingNetworkChangeObserver::OnIPAddressChanged() {
+  VLOG(1) << "Observed a change to the network IP addresses";
+
+  net_log_->AddGlobalEntry(net::NetLog::TYPE_NETWORK_IP_ADDRESSES_CHANGED);
+}
+
+void LoggingNetworkChangeObserver::OnConnectionTypeChanged(
+    net::NetworkChangeNotifier::ConnectionType type) {
+  std::string type_as_string =
+      net::NetworkChangeNotifier::ConnectionTypeToString(type);
+
+  VLOG(1) << "Observed a change to network connectivity state "
+          << type_as_string;
+
+  net_log_->AddGlobalEntry(
+      net::NetLog::TYPE_NETWORK_CONNECTIVITY_CHANGED,
+      net::NetLog::StringCallback("new_connection_type", &type_as_string));
+}
+
+void LoggingNetworkChangeObserver::OnNetworkChanged(
+    net::NetworkChangeNotifier::ConnectionType type) {
+  std::string type_as_string =
+      net::NetworkChangeNotifier::ConnectionTypeToString(type);
+
+  VLOG(1) << "Observed a network change to state " << type_as_string;
+
+  net_log_->AddGlobalEntry(
+      net::NetLog::TYPE_NETWORK_CHANGED,
+      net::NetLog::StringCallback("new_connection_type", &type_as_string));
+}
+
+}  // namespace net
diff --git a/chromium/net/base/logging_network_change_observer.h b/chromium/net/base/logging_network_change_observer.h
new file mode 100644
index 00000000000..844acb3b70e
--- /dev/null
+++ b/chromium/net/base/logging_network_change_observer.h
@@ -0,0 +1,47 @@
+// Copyright (c) 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_BASE_LOGGING_NETWORK_CHANGE_OBSERVER_H_
+#define NET_BASE_LOGGING_NETWORK_CHANGE_OBSERVER_H_
+
+#include "base/macros.h"
+#include "net/base/net_export.h"
+#include "net/base/network_change_notifier.h"
+
+namespace net {
+
+class NetLog;
+
+// A class that adds NetLog events for network change events coming from the
+// net::NetworkChangeNotifier.
+class NET_EXPORT LoggingNetworkChangeObserver
+    : public NetworkChangeNotifier::IPAddressObserver,
+      public NetworkChangeNotifier::ConnectionTypeObserver,
+      public NetworkChangeNotifier::NetworkChangeObserver {
+ public:
+  // Note: |net_log| must remain valid throughout the lifetime of this
+  // LoggingNetworkChangeObserver.
+  explicit LoggingNetworkChangeObserver(NetLog* net_log);
+  ~LoggingNetworkChangeObserver() override;
+
+ private:
+  // NetworkChangeNotifier::IPAddressObserver implementation.
+  void OnIPAddressChanged() override;
+
+  // NetworkChangeNotifier::ConnectionTypeObserver implementation.
+  void OnConnectionTypeChanged(
+      NetworkChangeNotifier::ConnectionType type) override;
+
+  // NetworkChangeNotifier::NetworkChangeObserver implementation.
+  void OnNetworkChanged(NetworkChangeNotifier::ConnectionType type) override;
+
+ private:
+  NetLog* net_log_;
+
+  DISALLOW_COPY_AND_ASSIGN(LoggingNetworkChangeObserver);
+};
+
+}  // namespace net
+
+#endif  // NET_BASE_LOGGING_NETWORK_CHANGE_OBSERVER_H_
+\ No newline at end of file
diff --git a/chromium/net/base/mime_sniffer.cc b/chromium/net/base/mime_sniffer.cc
index a6527c3cc36..faa5a0d84d3 100644
--- a/chromium/net/base/mime_sniffer.cc
+++ b/chromium/net/base/mime_sniffer.cc
@@ -98,7 +98,6 @@
 #include "net/base/mime_sniffer.h"
 
 #include "base/logging.h"
-#include "base/metrics/histogram.h"
 #include "base/strings/string_util.h"
 #include "url/gurl.h"
 
@@ -287,14 +286,6 @@ static const MagicNumber kSniffableTags[] = {
   MAGIC_HTML_TAG("p")  // Mozilla
 };
 
-static base::HistogramBase* UMASnifferHistogramGet(const char* name,
-                                                   int array_size) {
-  base::HistogramBase* counter =
-      base::LinearHistogram::FactoryGet(name, 1, array_size - 1, array_size,
-          base::HistogramBase::kUmaTargetedHistogramFlag);
-  return counter;
-}
-
 // Compare content header to a magic number where magic_entry can contain '.'
 // for single character of anything, allowing some bytes to be skipped.
 static bool MagicCmp(const char* magic_entry, const char* content, size_t len) {
@@ -368,13 +359,10 @@ static bool MatchMagicNumber(const char* content,
 
 static bool CheckForMagicNumbers(const char* content, size_t size,
                                  const MagicNumber* magic, size_t magic_len,
-                                 base::HistogramBase* counter,
                                  std::string* result) {
   for (size_t i = 0; i < magic_len; ++i) {
-    if (MatchMagicNumber(content, size, magic[i], result)) {
-      if (counter) counter->Add(static_cast<int>(i));
+    if (MatchMagicNumber(content, size, magic[i], result))
       return true;
-    }
   }
   return false;
 }
@@ -410,15 +398,9 @@ static bool SniffForHTML(const char* content,
     if (!base::IsAsciiWhitespace(*pos))
       break;
   }
-  static base::HistogramBase* counter(NULL);
-  if (!counter) {
-    counter = UMASnifferHistogramGet("mime_sniffer.kSniffableTags2",
-                                     arraysize(kSniffableTags));
-  }
   // |pos| now points to first non-whitespace character (or at end).
-  return CheckForMagicNumbers(pos, end - pos,
-                              kSniffableTags, arraysize(kSniffableTags),
-                              counter, result);
+  return CheckForMagicNumbers(pos, end - pos, kSniffableTags,
+                              arraysize(kSniffableTags), result);
 }
 
 // Returns true and sets result if the content matches any of kMagicNumbers.
@@ -430,14 +412,8 @@ static bool SniffForMagicNumbers(const char* content,
   *have_enough_content &= TruncateSize(kBytesRequiredForMagic, &size);
 
   // Check our big table of Magic Numbers
-  static base::HistogramBase* counter(NULL);
-  if (!counter) {
-    counter = UMASnifferHistogramGet("mime_sniffer.kMagicNumbers2",
-                                     arraysize(kMagicNumbers));
-  }
-  return CheckForMagicNumbers(content, size,
-                              kMagicNumbers, arraysize(kMagicNumbers),
-                              counter, result);
+  return CheckForMagicNumbers(content, size, kMagicNumbers,
+                              arraysize(kMagicNumbers), result);
 }
 
 // Returns true and sets result if the content matches any of
@@ -452,9 +428,8 @@ static bool SniffForOfficeDocs(const char* content,
 
   // Check our table of magic numbers for Office file types.
   std::string office_version;
-  if (!CheckForMagicNumbers(content, size,
-                            kOfficeMagicNumbers, arraysize(kOfficeMagicNumbers),
-                            NULL, &office_version))
+  if (!CheckForMagicNumbers(content, size, kOfficeMagicNumbers,
+                            arraysize(kOfficeMagicNumbers), &office_version))
     return false;
 
   OfficeDocType type = DOC_TYPE_NONE;
@@ -555,9 +530,8 @@ static bool SniffForInvalidOfficeDocs(const char* content,
   // Check our table of magic numbers for Office file types.  If it does not
   // match one, the MIME type was invalid.  Set it instead to a safe value.
   std::string office_version;
-  if (!CheckForMagicNumbers(content, size,
-                            kOfficeMagicNumbers, arraysize(kOfficeMagicNumbers),
-                            NULL, &office_version)) {
+  if (!CheckForMagicNumbers(content, size, kOfficeMagicNumbers,
+                            arraysize(kOfficeMagicNumbers), &office_version)) {
     *result = "application/octet-stream";
   }
 
@@ -599,11 +573,6 @@ static bool SniffXML(const char* content,
   // We want to skip XML processing instructions (of the form "<?xml ...")
   // and stop at the first "plain" tag, then make a decision on the mime-type
   // based on the name (or possibly attributes) of that tag.
-  static base::HistogramBase* counter(NULL);
-  if (!counter) {
-    counter = UMASnifferHistogramGet("mime_sniffer.kMagicXML2",
-                                     arraysize(kMagicXML));
-  }
   const int kMaxTagIterations = 5;
   for (int i = 0; i < kMaxTagIterations && pos < end; ++i) {
     pos = reinterpret_cast<const char*>(memchr(pos, '<', end - pos));
@@ -631,9 +600,8 @@ static bool SniffXML(const char* content,
       continue;
     }
 
-    if (CheckForMagicNumbers(pos, end - pos,
-                             kMagicXML, arraysize(kMagicXML),
-                             counter, result))
+    if (CheckForMagicNumbers(pos, end - pos, kMagicXML, arraysize(kMagicXML),
+                             result))
       return true;
 
     // TODO(evanm): handle RSS 1.0, which is an RDF format and more difficult
@@ -674,15 +642,9 @@ static bool SniffBinary(const char* content,
   const bool is_truncated = TruncateSize(kMaxBytesToSniff, &size);
 
   // First, we look for a BOM.
-  static base::HistogramBase* counter(NULL);
-  if (!counter) {
-    counter = UMASnifferHistogramGet("mime_sniffer.kByteOrderMark2",
-                                     arraysize(kByteOrderMark));
-  }
   std::string unused;
-  if (CheckForMagicNumbers(content, size,
-                           kByteOrderMark, arraysize(kByteOrderMark),
-                           counter, &unused)) {
+  if (CheckForMagicNumbers(content, size, kByteOrderMark,
+                           arraysize(kByteOrderMark), &unused)) {
     // If there is BOM, we think the buffer is not binary.
     result->assign("text/plain");
     return false;
@@ -715,20 +677,12 @@ static bool IsUnknownMimeType(const std::string& mime_type) {
     // Firefox rejects a mime type if it is exactly */*
     "*/*",
   };
-  static base::HistogramBase* counter(NULL);
-  if (!counter) {
-    counter = UMASnifferHistogramGet("mime_sniffer.kUnknownMimeTypes2",
-                                     arraysize(kUnknownMimeTypes) + 1);
-  }
   for (size_t i = 0; i < arraysize(kUnknownMimeTypes); ++i) {
-    if (mime_type == kUnknownMimeTypes[i]) {
-      counter->Add(i);
+    if (mime_type == kUnknownMimeTypes[i])
       return true;
-    }
   }
   if (mime_type.find('/') == std::string::npos) {
     // Firefox rejects a mime type if it does not contain a slash
-    counter->Add(arraysize(kUnknownMimeTypes));
     return true;
   }
   return false;
@@ -743,45 +697,24 @@ static bool SniffCRX(const char* content,
                      const std::string& type_hint,
                      bool* have_enough_content,
                      std::string* result) {
-  static base::HistogramBase* counter(NULL);
-  if (!counter)
-    counter = UMASnifferHistogramGet("mime_sniffer.kSniffCRX", 3);
-
   // Technically, the crx magic number is just Cr24, but the bytes after that
   // are a version number which changes infrequently. Including it in the
   // sniffing gives us less room for error. If the version number ever changes,
   // we can just add an entry to this list.
-  //
-  // TODO(aa): If we ever have another magic number, we'll want to pass a
-  // histogram into CheckForMagicNumbers(), below, to see which one matched.
   static const struct MagicNumber kCRXMagicNumbers[] = {
     MAGIC_NUMBER("application/x-chrome-extension", "Cr24\x02\x00\x00\x00")
   };
 
   // Only consider files that have the extension ".crx".
-  if (base::EndsWith(url.path_piece(), ".crx", base::CompareCase::SENSITIVE))
-    counter->Add(1);
-  else
+  if (!base::EndsWith(url.path_piece(), ".crx", base::CompareCase::SENSITIVE))
     return false;
 
   *have_enough_content &= TruncateSize(kBytesRequiredForMagic, &size);
-  if (CheckForMagicNumbers(content, size,
-                           kCRXMagicNumbers, arraysize(kCRXMagicNumbers),
-                           NULL, result)) {
-    counter->Add(2);
-  } else {
-    return false;
-  }
-
-  return true;
+  return CheckForMagicNumbers(content, size, kCRXMagicNumbers,
+                              arraysize(kCRXMagicNumbers), result);
 }
 
 bool ShouldSniffMimeType(const GURL& url, const std::string& mime_type) {
-  static base::HistogramBase* should_sniff_counter(NULL);
-  if (!should_sniff_counter) {
-    should_sniff_counter =
-        UMASnifferHistogramGet("mime_sniffer.ShouldSniffMimeType2", 3);
-  }
   bool sniffable_scheme = url.is_empty() ||
                           url.SchemeIsHTTPOrHTTPS() ||
                           url.SchemeIs("ftp") ||
@@ -790,10 +723,8 @@ bool ShouldSniffMimeType(const GURL& url, const std::string& mime_type) {
 #endif
                           url.SchemeIsFile() ||
                           url.SchemeIsFileSystem();
-  if (!sniffable_scheme) {
-    should_sniff_counter->Add(1);
+  if (!sniffable_scheme)
     return false;
-  }
 
   static const char* const kSniffableTypes[] = {
     // Many web servers are misconfigured to send text/plain for many
@@ -822,26 +753,15 @@ bool ShouldSniffMimeType(const GURL& url, const std::string& mime_type) {
     "application/vnd.ms-word.document.12",
     "application/vnd.msword",
   };
-  static base::HistogramBase* counter(NULL);
-  if (!counter) {
-    counter = UMASnifferHistogramGet("mime_sniffer.kSniffableTypes2",
-                                     arraysize(kSniffableTypes) + 1);
-  }
   for (size_t i = 0; i < arraysize(kSniffableTypes); ++i) {
-    if (mime_type == kSniffableTypes[i]) {
-      counter->Add(i);
-      should_sniff_counter->Add(2);
+    if (mime_type == kSniffableTypes[i])
       return true;
-    }
   }
   if (IsUnknownMimeType(mime_type)) {
     // The web server didn't specify a content type or specified a mime
     // type that we ignore.
-    counter->Add(arraysize(kSniffableTypes));
-    should_sniff_counter->Add(2);
     return true;
   }
-  should_sniff_counter->Add(1);
   return false;
 }
 
@@ -939,11 +859,11 @@ bool SniffMimeTypeFromLocalData(const char* content,
                                 std::string* result) {
   // First check the extra table.
   if (CheckForMagicNumbers(content, size, kExtraMagicNumbers,
-                           arraysize(kExtraMagicNumbers), NULL, result))
+                           arraysize(kExtraMagicNumbers), result))
     return true;
   // Finally check the original table.
   return CheckForMagicNumbers(content, size, kMagicNumbers,
-                              arraysize(kMagicNumbers), NULL, result);
+                              arraysize(kMagicNumbers), result);
 }
 
 bool LooksLikeBinary(const char* content, size_t size) {
diff --git a/chromium/net/base/mime_sniffer_perftest.cc b/chromium/net/base/mime_sniffer_perftest.cc
index 72ff0dc1ad8..a25add18586 100644
--- a/chromium/net/base/mime_sniffer_perftest.cc
+++ b/chromium/net/base/mime_sniffer_perftest.cc
@@ -85,12 +85,8 @@ TEST(MimeSnifferTest, PlainTextPerfTest) {
   const size_t kWarmupIterations = 16;
   const size_t kMeasuredIterations = 1 << 15;
   std::string plaintext = kRepresentativePlainText;
-  // The purpose of the static_cast<size_t>() here is to prevent MSVC from
-  // complaining about an implicit promotion to 64 bits when compiling 64-bit.
-  size_t expected_size =
-      plaintext.size() *
-      static_cast<size_t>(
-          1u << base::bits::Log2Ceiling(kTargetSize / plaintext.size()));
+  size_t expected_size = plaintext.size() << base::bits::Log2Ceiling(
+                             kTargetSize / plaintext.size());
   plaintext.reserve(expected_size);
   while (plaintext.size() < kTargetSize)
     plaintext += plaintext;
diff --git a/chromium/net/base/mime_util.cc b/chromium/net/base/mime_util.cc
index 6463ff13c8a..8a834173713 100644
--- a/chromium/net/base/mime_util.cc
+++ b/chromium/net/base/mime_util.cc
@@ -6,9 +6,9 @@
 #include <iterator>
 #include <map>
 #include <string>
+#include <unordered_set>
 
 #include "base/base64.h"
-#include "base/containers/hash_tables.h"
 #include "base/lazy_instance.h"
 #include "base/logging.h"
 #include "base/rand_util.h"
@@ -463,7 +463,7 @@ void GetExtensionsFromHardCodedMappings(
     const MimeInfo* mappings,
     size_t mappings_len,
     const std::string& leading_mime_type,
-    base::hash_set<base::FilePath::StringType>* extensions) {
+    std::unordered_set<base::FilePath::StringType>* extensions) {
   for (size_t i = 0; i < mappings_len; ++i) {
     if (base::StartsWith(mappings[i].mime_type, leading_mime_type,
                          base::CompareCase::INSENSITIVE_ASCII)) {
@@ -484,7 +484,7 @@ void GetExtensionsHelper(
     const char* const* standard_types,
     size_t standard_types_len,
     const std::string& leading_mime_type,
-    base::hash_set<base::FilePath::StringType>* extensions) {
+    std::unordered_set<base::FilePath::StringType>* extensions) {
   for (size_t i = 0; i < standard_types_len; ++i) {
     g_mime_util.Get().GetPlatformExtensionsForMimeType(standard_types[i],
                                                        extensions);
@@ -503,12 +503,13 @@ void GetExtensionsHelper(
 
 // Note that the elements in the source set will be appended to the target
 // vector.
-template<class T>
-void HashSetToVector(base::hash_set<T>* source, std::vector<T>* target) {
+template <class T>
+void UnorderedSetToVector(std::unordered_set<T>* source,
+                          std::vector<T>* target) {
   size_t old_target_size = target->size();
   target->resize(old_target_size + source->size());
   size_t i = 0;
-  for (typename base::hash_set<T>::iterator iter = source->begin();
+  for (typename std::unordered_set<T>::iterator iter = source->begin();
        iter != source->end(); ++iter, ++i)
     (*target)[old_target_size + i] = *iter;
 }
@@ -535,7 +536,7 @@ void GetExtensionsForMimeType(
     return;
 
   const std::string mime_type = base::ToLowerASCII(unsafe_mime_type);
-  base::hash_set<base::FilePath::StringType> unique_extensions;
+  std::unordered_set<base::FilePath::StringType> unique_extensions;
 
   if (base::EndsWith(mime_type, "/*", base::CompareCase::INSENSITIVE_ASCII)) {
     std::string leading_mime_type = mime_type.substr(0, mime_type.length() - 1);
@@ -569,7 +570,7 @@ void GetExtensionsForMimeType(
                                        &unique_extensions);
   }
 
-  HashSetToVector(&unique_extensions, extensions);
+  UnorderedSetToVector(&unique_extensions, extensions);
 }
 
 NET_EXPORT std::string GenerateMimeMultipartBoundary() {
diff --git a/chromium/net/base/mock_file_stream.cc b/chromium/net/base/mock_file_stream.cc
index 66495329a31..5947c79c5e9 100644
--- a/chromium/net/base/mock_file_stream.cc
+++ b/chromium/net/base/mock_file_stream.cc
@@ -9,7 +9,7 @@
 #include "base/bind.h"
 #include "base/location.h"
 #include "base/single_thread_task_runner.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 
 namespace net {
 
diff --git a/chromium/net/base/net_error_list.h b/chromium/net/base/net_error_list.h
index be1b712cc7e..39b48c660f1 100644
--- a/chromium/net/base/net_error_list.h
+++ b/chromium/net/base/net_error_list.h
@@ -107,6 +107,11 @@ NET_ERROR(UPLOAD_STREAM_REWIND_NOT_SUPPORTED, -25)
 // been shut down.
 NET_ERROR(CONTEXT_SHUT_DOWN, -26)
 
+// The request failed because the response was delivered along with requirements
+// which are not met ('X-Frame-Options' and 'Content-Security-Policy' ancestor
+// checks, for instance).
+NET_ERROR(BLOCKED_BY_RESPONSE, -27)
+
 // A connection was closed (corresponding to a TCP FIN).
 NET_ERROR(CONNECTION_CLOSED, -100)
 
diff --git a/chromium/net/base/net_string_util_icu_alternatives_ios.mm b/chromium/net/base/net_string_util_icu_alternatives_ios.mm
new file mode 100644
index 00000000000..7ea42808359
--- /dev/null
+++ b/chromium/net/base/net_string_util_icu_alternatives_ios.mm
@@ -0,0 +1,44 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/logging.h"
+#include "base/strings/string16.h"
+#include "base/strings/string_piece.h"
+#include "net/base/net_string_util.h"
+
+namespace net {
+
+// This constant cannot be defined as const char[] because it is initialized
+// by base::kCodepageLatin1 (which is const char[]) in net_string_util_icu.cc.
+const char* const kCharsetLatin1 = "ISO-8859-1";
+
+bool ConvertToUtf8(const std::string& text,
+                   const char* charset,
+                   std::string* output) {
+  DCHECK(false) << "Not implemented yet.";
+  return false;
+}
+
+bool ConvertToUtf8AndNormalize(const std::string& text,
+                               const char* charset,
+                               std::string* output) {
+  DCHECK(false) << "Not implemented yet.";
+  return false;
+}
+
+bool ConvertToUTF16(const std::string& text,
+                    const char* charset,
+                    base::string16* output) {
+  DCHECK(false) << "Not implemented yet.";
+  return false;
+}
+
+bool ConvertToUTF16WithSubstitutions(const std::string& text,
+                                     const char* charset,
+                                     base::string16* output) {
+  DCHECK(false) << "Not implemented yet.";
+  return false;
+}
+
+}  // namespace net
+\ No newline at end of file
diff --git a/chromium/net/base/network_change_notifier.cc b/chromium/net/base/network_change_notifier.cc
index 93ca8ba2490..0cfaaa38d25 100644
--- a/chromium/net/base/network_change_notifier.cc
+++ b/chromium/net/base/network_change_notifier.cc
@@ -5,6 +5,7 @@
 #include "net/base/network_change_notifier.h"
 
 #include <limits>
+#include <unordered_set>
 
 #include "base/macros.h"
 #include "base/metrics/histogram_macros.h"
@@ -528,7 +529,7 @@ NetworkChangeNotifier* NetworkChangeNotifier::Create() {
 #endif
   return NULL;
 #elif defined(OS_LINUX)
-  return new NetworkChangeNotifierLinux(base::hash_set<std::string>());
+  return new NetworkChangeNotifierLinux(std::unordered_set<std::string>());
 #elif defined(OS_MACOSX)
   return new NetworkChangeNotifierMac();
 #else
diff --git a/chromium/net/base/network_change_notifier.h b/chromium/net/base/network_change_notifier.h
index 0d3c0dc73b2..aafee7a2006 100644
--- a/chromium/net/base/network_change_notifier.h
+++ b/chromium/net/base/network_change_notifier.h
@@ -7,10 +7,10 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <vector>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/observer_list_threadsafe.h"
 #include "base/time/time.h"
 #include "net/base/net_export.h"
@@ -562,13 +562,13 @@ class NET_EXPORT NetworkChangeNotifier {
       network_observer_list_;
 
   // The current network state. Hosts DnsConfig, exposed via GetDnsConfig.
-  scoped_ptr<NetworkState> network_state_;
+  std::unique_ptr<NetworkState> network_state_;
 
   // A little-piggy-back observer that simply logs UMA histogram data.
-  scoped_ptr<HistogramWatcher> histogram_watcher_;
+  std::unique_ptr<HistogramWatcher> histogram_watcher_;
 
   // Computes NetworkChange signal from IPAddress and ConnectionType signals.
-  scoped_ptr<NetworkChangeCalculator> network_change_calculator_;
+  std::unique_ptr<NetworkChangeCalculator> network_change_calculator_;
 
   // Set true to disable non-test notifications (to prevent flakes in tests).
   static bool test_notifications_only_;
diff --git a/chromium/net/base/network_change_notifier_linux.cc b/chromium/net/base/network_change_notifier_linux.cc
index b18b6c21c24..8e55f3bee0f 100644
--- a/chromium/net/base/network_change_notifier_linux.cc
+++ b/chromium/net/base/network_change_notifier_linux.cc
@@ -15,7 +15,7 @@ namespace net {
 
 class NetworkChangeNotifierLinux::Thread : public base::Thread {
  public:
-  explicit Thread(const base::hash_set<std::string>& ignored_interfaces);
+  explicit Thread(const std::unordered_set<std::string>& ignored_interfaces);
   ~Thread() override;
 
   // Plumbing for NetworkChangeNotifier::GetCurrentConnectionType.
@@ -36,16 +36,16 @@ class NetworkChangeNotifierLinux::Thread : public base::Thread {
  private:
   void OnIPAddressChanged();
   void OnLinkChanged();
-  scoped_ptr<DnsConfigService> dns_config_service_;
+  std::unique_ptr<DnsConfigService> dns_config_service_;
   // Used to detect online/offline state and IP address changes.
-  scoped_ptr<internal::AddressTrackerLinux> address_tracker_;
+  std::unique_ptr<internal::AddressTrackerLinux> address_tracker_;
   NetworkChangeNotifier::ConnectionType last_type_;
 
   DISALLOW_COPY_AND_ASSIGN(Thread);
 };
 
 NetworkChangeNotifierLinux::Thread::Thread(
-    const base::hash_set<std::string>& ignored_interfaces)
+    const std::unordered_set<std::string>& ignored_interfaces)
     : base::Thread("NetworkChangeNotifier"),
       address_tracker_(new internal::AddressTrackerLinux(
           base::Bind(&NetworkChangeNotifierLinux::Thread::OnIPAddressChanged,
@@ -95,7 +95,7 @@ void NetworkChangeNotifierLinux::Thread::OnLinkChanged() {
 }
 
 NetworkChangeNotifierLinux::NetworkChangeNotifierLinux(
-    const base::hash_set<std::string>& ignored_interfaces)
+    const std::unordered_set<std::string>& ignored_interfaces)
     : NetworkChangeNotifier(NetworkChangeCalculatorParamsLinux()),
       notifier_thread_(new Thread(ignored_interfaces)) {
   // We create this notifier thread because the notification implementation
diff --git a/chromium/net/base/network_change_notifier_linux.h b/chromium/net/base/network_change_notifier_linux.h
index 48bda6bdd4a..3439270bcd1 100644
--- a/chromium/net/base/network_change_notifier_linux.h
+++ b/chromium/net/base/network_change_notifier_linux.h
@@ -5,10 +5,11 @@
 #ifndef NET_BASE_NETWORK_CHANGE_NOTIFIER_LINUX_H_
 #define NET_BASE_NETWORK_CHANGE_NOTIFIER_LINUX_H_
 
+#include <memory>
+#include <unordered_set>
+
 #include "base/compiler_specific.h"
-#include "base/containers/hash_tables.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 #include "net/base/network_change_notifier.h"
 
@@ -24,7 +25,7 @@ class NET_EXPORT_PRIVATE NetworkChangeNotifierLinux
   // interfaces used to connect to the internet can cause critical network
   // changed signals to be lost allowing incorrect stale state to persist.
   explicit NetworkChangeNotifierLinux(
-      const base::hash_set<std::string>& ignored_interfaces);
+      const std::unordered_set<std::string>& ignored_interfaces);
 
  private:
   class Thread;
@@ -42,7 +43,7 @@ class NET_EXPORT_PRIVATE NetworkChangeNotifierLinux
   // to the registered observers without posting back to the thread the object
   // was created on.
   // Also used for DnsConfigService which requires TYPE_IO message loop.
-  scoped_ptr<Thread> notifier_thread_;
+  std::unique_ptr<Thread> notifier_thread_;
 
   DISALLOW_COPY_AND_ASSIGN(NetworkChangeNotifierLinux);
 };
diff --git a/chromium/net/base/network_change_notifier_mac.cc b/chromium/net/base/network_change_notifier_mac.cc
index 4105159c590..b50c78552ec 100644
--- a/chromium/net/base/network_change_notifier_mac.cc
+++ b/chromium/net/base/network_change_notifier_mac.cc
@@ -54,7 +54,7 @@ class NetworkChangeNotifierMac::DnsConfigServiceThread : public base::Thread {
   void CleanUp() override { service_.reset(); }
 
  private:
-  scoped_ptr<DnsConfigService> service_;
+  std::unique_ptr<DnsConfigService> service_;
 
   DISALLOW_COPY_AND_ASSIGN(DnsConfigServiceThread);
 };
diff --git a/chromium/net/base/network_change_notifier_mac.h b/chromium/net/base/network_change_notifier_mac.h
index 28228b1e1fb..9acb47c5797 100644
--- a/chromium/net/base/network_change_notifier_mac.h
+++ b/chromium/net/base/network_change_notifier_mac.h
@@ -7,10 +7,11 @@
 
 #include <SystemConfiguration/SystemConfiguration.h>
 
+#include <memory>
+
 #include "base/compiler_specific.h"
 #include "base/mac/scoped_cftyperef.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/synchronization/condition_variable.h"
 #include "base/synchronization/lock.h"
 #include "net/base/network_change_notifier.h"
@@ -70,9 +71,9 @@ class NetworkChangeNotifierMac: public NetworkChangeNotifier {
   base::ScopedCFTypeRef<CFRunLoopRef> run_loop_;
 
   Forwarder forwarder_;
-  scoped_ptr<const NetworkConfigWatcherMac> config_watcher_;
+  std::unique_ptr<const NetworkConfigWatcherMac> config_watcher_;
 
-  scoped_ptr<DnsConfigServiceThread> dns_config_service_thread_;
+  std::unique_ptr<DnsConfigServiceThread> dns_config_service_thread_;
 
   DISALLOW_COPY_AND_ASSIGN(NetworkChangeNotifierMac);
 };
diff --git a/chromium/net/base/network_change_notifier_win.cc b/chromium/net/base/network_change_notifier_win.cc
index f0f5206c0c5..dcf5e1a44bc 100644
--- a/chromium/net/base/network_change_notifier_win.cc
+++ b/chromium/net/base/network_change_notifier_win.cc
@@ -42,7 +42,7 @@ class NetworkChangeNotifierWin::DnsConfigServiceThread : public base::Thread {
   void CleanUp() override { service_.reset(); }
 
  private:
-  scoped_ptr<DnsConfigService> service_;
+  std::unique_ptr<DnsConfigService> service_;
 
   DISALLOW_COPY_AND_ASSIGN(DnsConfigServiceThread);
 };
diff --git a/chromium/net/base/network_change_notifier_win.h b/chromium/net/base/network_change_notifier_win.h
index d3a010bd177..94bab7f8d10 100644
--- a/chromium/net/base/network_change_notifier_win.h
+++ b/chromium/net/base/network_change_notifier_win.h
@@ -7,9 +7,10 @@
 
 #include <windows.h>
 
+#include <memory>
+
 #include "base/compiler_specific.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "base/threading/non_thread_safe.h"
 #include "base/timer/timer.h"
@@ -96,7 +97,7 @@ class NET_EXPORT_PRIVATE NetworkChangeNotifierWin
   int sequential_failures_;
 
   // Thread on which we can run DnsConfigService.
-  scoped_ptr<DnsConfigServiceThread> dns_config_service_thread_;
+  std::unique_ptr<DnsConfigServiceThread> dns_config_service_thread_;
 
   mutable base::Lock last_computed_connection_type_lock_;
   ConnectionType last_computed_connection_type_;
diff --git a/chromium/net/base/network_config_watcher_mac.h b/chromium/net/base/network_config_watcher_mac.h
index ef09f544b71..8157d476975 100644
--- a/chromium/net/base/network_config_watcher_mac.h
+++ b/chromium/net/base/network_config_watcher_mac.h
@@ -7,9 +7,10 @@
 
 #include <SystemConfiguration/SCDynamicStore.h>
 
+#include <memory>
+
 #include "base/mac/scoped_cftyperef.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 
 namespace base {
 class Thread;
@@ -52,7 +53,7 @@ class NetworkConfigWatcherMac {
   // The thread used to listen for notifications.  This relays the notification
   // to the registered observers without posting back to the thread the object
   // was created on.
-  scoped_ptr<base::Thread> notifier_thread_;
+  std::unique_ptr<base::Thread> notifier_thread_;
 
   DISALLOW_COPY_AND_ASSIGN(NetworkConfigWatcherMac);
 };
diff --git a/chromium/net/base/network_interfaces.h b/chromium/net/base/network_interfaces.h
index 84edcfb8241..9329795c8e1 100644
--- a/chromium/net/base/network_interfaces.h
+++ b/chromium/net/base/network_interfaces.h
@@ -7,11 +7,11 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 #include <vector>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/ip_address.h"
 #include "net/base/net_export.h"
 #include "net/base/network_change_notifier.h"
@@ -121,7 +121,7 @@ class NET_EXPORT ScopedWifiOptions {
 // |options| is an ORed bitfield of WifiOptions.
 // Options are automatically disabled when the scoped pointer
 // is freed. Currently only available on Windows.
-NET_EXPORT scoped_ptr<ScopedWifiOptions> SetWifiOptions(int options);
+NET_EXPORT std::unique_ptr<ScopedWifiOptions> SetWifiOptions(int options);
 
 // Returns the hostname of the current system. Returns empty string on failure.
 NET_EXPORT std::string GetHostName();
diff --git a/chromium/net/base/network_interfaces_linux.cc b/chromium/net/base/network_interfaces_linux.cc
index 121e0e0284e..293e32e4570 100644
--- a/chromium/net/base/network_interfaces_linux.cc
+++ b/chromium/net/base/network_interfaces_linux.cc
@@ -4,6 +4,8 @@
 
 #include "net/base/network_interfaces_linux.h"
 
+#include <memory>
+
 #if !defined(OS_ANDROID)
 #include <linux/ethtool.h>
 #endif  // !defined(OS_ANDROID)
@@ -17,7 +19,6 @@
 #include "base/files/file_path.h"
 #include "base/files/scoped_file.h"
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_tokenizer.h"
 #include "base/strings/string_util.h"
@@ -113,7 +114,7 @@ std::string GetInterfaceSSID(const std::string& ifname) {
 bool GetNetworkListImpl(
     NetworkInterfaceList* networks,
     int policy,
-    const base::hash_set<int>& online_links,
+    const std::unordered_set<int>& online_links,
     const internal::AddressTrackerLinux::AddressMap& address_map,
     GetInterfaceNameFunction get_interface_name) {
   std::map<int, std::string> ifnames;
diff --git a/chromium/net/base/network_interfaces_linux.h b/chromium/net/base/network_interfaces_linux.h
index a030608b054..8fe2284bd4e 100644
--- a/chromium/net/base/network_interfaces_linux.h
+++ b/chromium/net/base/network_interfaces_linux.h
@@ -9,8 +9,8 @@
 // of network_interfaces_linux.cc to address_tracker_linux and tests.
 
 #include <string>
+#include <unordered_set>
 
-#include "base/containers/hash_tables.h"
 #include "net/base/address_tracker_linux.h"
 #include "net/base/network_interfaces.h"
 
@@ -24,7 +24,7 @@ typedef std::string (*GetInterfaceSSIDFunction)(const std::string& ifname);
 NET_EXPORT bool GetNetworkListImpl(
     NetworkInterfaceList* networks,
     int policy,
-    const base::hash_set<int>& online_links,
+    const std::unordered_set<int>& online_links,
     const internal::AddressTrackerLinux::AddressMap& address_map,
     GetInterfaceNameFunction get_interface_name);
 
diff --git a/chromium/net/base/network_interfaces_mac.cc b/chromium/net/base/network_interfaces_mac.cc
index 2fa66fbc77b..8a6e482f0fa 100644
--- a/chromium/net/base/network_interfaces_mac.cc
+++ b/chromium/net/base/network_interfaces_mac.cc
@@ -7,12 +7,13 @@
 #include <ifaddrs.h>
 #include <net/if.h>
 #include <netinet/in.h>
-#include <set>
 #include <sys/types.h>
 
+#include <memory>
+#include <set>
+
 #include "base/files/file_path.h"
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_tokenizer.h"
 #include "base/strings/string_util.h"
@@ -231,7 +232,7 @@ bool GetNetworkList(NetworkInterfaceList* networks, int policy) {
     return false;
   }
 
-  scoped_ptr<internal::IPAttributesGetterMac> ip_attributes_getter;
+  std::unique_ptr<internal::IPAttributesGetterMac> ip_attributes_getter;
 
 #if !defined(OS_IOS)
   ip_attributes_getter.reset(new IPAttributesGetterMacImpl());
diff --git a/chromium/net/base/network_interfaces_posix.cc b/chromium/net/base/network_interfaces_posix.cc
index 513c310b6f9..37f2d597e91 100644
--- a/chromium/net/base/network_interfaces_posix.cc
+++ b/chromium/net/base/network_interfaces_posix.cc
@@ -4,10 +4,10 @@
 
 #include "net/base/network_interfaces.h"
 
-#include <set>
 #include <sys/types.h>
 
-#include "base/memory/scoped_ptr.h"
+#include <memory>
+#include <set>
 
 #if !defined(OS_NACL)
 #include "net/base/network_interfaces_posix.h"
@@ -74,8 +74,8 @@ WifiPHYLayerProtocol GetWifiPHYLayerProtocol() {
   return WIFI_PHY_LAYER_PROTOCOL_UNKNOWN;
 }
 
-scoped_ptr<ScopedWifiOptions> SetWifiOptions(int options) {
-  return scoped_ptr<ScopedWifiOptions>();
+std::unique_ptr<ScopedWifiOptions> SetWifiOptions(int options) {
+  return std::unique_ptr<ScopedWifiOptions>();
 }
 
 
diff --git a/chromium/net/base/network_interfaces_unittest.cc b/chromium/net/base/network_interfaces_unittest.cc
index 2017ab7de7f..5690c375187 100644
--- a/chromium/net/base/network_interfaces_unittest.cc
+++ b/chromium/net/base/network_interfaces_unittest.cc
@@ -4,9 +4,9 @@
 
 #include "net/base/network_interfaces.h"
 
-#include <string>
-
 #include <ostream>
+#include <string>
+#include <unordered_set>
 
 // TODO(eroman): Remove unneeeded headers.
 #include "base/files/file_path.h"
@@ -229,7 +229,7 @@ TEST(NetworkInterfacesTest, GetNetworkListTrimming) {
   IPAddress ipv6_address(kIPv6Addr);
 
   NetworkInterfaceList results;
-  ::base::hash_set<int> online_links;
+  std::unordered_set<int> online_links;
   internal::AddressTrackerLinux::AddressMap address_map;
 
   // Interface 1 is offline.
@@ -665,8 +665,8 @@ int GetWifiOptions() {
                                         &interface_list_ptr);
   if (result != ERROR_SUCCESS)
     return -1;
-  scoped_ptr<WLAN_INTERFACE_INFO_LIST, internal::WlanApiDeleter> interface_list(
-      interface_list_ptr);
+  std::unique_ptr<WLAN_INTERFACE_INFO_LIST, internal::WlanApiDeleter>
+      interface_list(interface_list_ptr);
 
   for (unsigned i = 0; i < interface_list->dwNumberOfItems; ++i) {
     WLAN_INTERFACE_INFO* info = &interface_list->InterfaceInfo[i];
@@ -723,7 +723,7 @@ int GetWifiOptions() {
 
 void TryChangeWifiOptions(int options) {
   int previous_options = GetWifiOptions();
-  scoped_ptr<ScopedWifiOptions> scoped_options = SetWifiOptions(options);
+  std::unique_ptr<ScopedWifiOptions> scoped_options = SetWifiOptions(options);
   EXPECT_EQ(previous_options | options, GetWifiOptions());
   scoped_options.reset();
   EXPECT_EQ(previous_options, GetWifiOptions());
diff --git a/chromium/net/base/network_interfaces_win.cc b/chromium/net/base/network_interfaces_win.cc
index e00606ce7bf..45fce26f11d 100644
--- a/chromium/net/base/network_interfaces_win.cc
+++ b/chromium/net/base/network_interfaces_win.cc
@@ -5,10 +5,10 @@
 #include "net/base/network_interfaces_win.h"
 
 #include <algorithm>
+#include <memory>
 
 #include "base/files/file_path.h"
 #include "base/lazy_instance.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_piece.h"
 #include "base/strings/string_util.h"
 #include "base/strings/sys_string_conversions.h"
@@ -46,10 +46,10 @@ NetworkChangeNotifier::ConnectionType GetNetworkInterfaceType(DWORD ifType) {
 
 // Returns scoped_ptr to WLAN_CONNECTION_ATTRIBUTES. The scoped_ptr may hold a
 // NULL pointer if WLAN_CONNECTION_ATTRIBUTES is unavailable.
-scoped_ptr<WLAN_CONNECTION_ATTRIBUTES, internal::WlanApiDeleter>
+std::unique_ptr<WLAN_CONNECTION_ATTRIBUTES, internal::WlanApiDeleter>
 GetConnectionAttributes() {
   const internal::WlanApi& wlanapi = internal::WlanApi::GetInstance();
-  scoped_ptr<WLAN_CONNECTION_ATTRIBUTES, internal::WlanApiDeleter>
+  std::unique_ptr<WLAN_CONNECTION_ATTRIBUTES, internal::WlanApiDeleter>
       wlan_connection_attributes;
   if (!wlanapi.initialized)
     return wlan_connection_attributes;
@@ -66,8 +66,8 @@ GetConnectionAttributes() {
       wlanapi.enum_interfaces_func(client.Get(), NULL, &interface_list_ptr);
   if (result != ERROR_SUCCESS)
     return wlan_connection_attributes;
-  scoped_ptr<WLAN_INTERFACE_INFO_LIST, internal::WlanApiDeleter> interface_list(
-      interface_list_ptr);
+  std::unique_ptr<WLAN_INTERFACE_INFO_LIST, internal::WlanApiDeleter>
+      interface_list(interface_list_ptr);
 
   // Assume at most one connected wifi interface.
   WLAN_INTERFACE_INFO* info = NULL;
@@ -237,7 +237,7 @@ bool GetNetworkList(NetworkInterfaceList* networks, int policy) {
     // There are 0 networks.
     return true;
   }
-  scoped_ptr<char[]> buf(new char[len]);
+  std::unique_ptr<char[]> buf(new char[len]);
   IP_ADAPTER_ADDRESSES* adapters =
       reinterpret_cast<IP_ADAPTER_ADDRESSES*>(buf.get());
   result = GetAdaptersAddresses(AF_UNSPEC, flags, NULL, adapters, &len);
@@ -297,7 +297,7 @@ class WifiOptionSetter : public ScopedWifiOptions {
                                           &interface_list_ptr);
     if (result != ERROR_SUCCESS)
       return;
-    scoped_ptr<WLAN_INTERFACE_INFO_LIST, internal::WlanApiDeleter>
+    std::unique_ptr<WLAN_INTERFACE_INFO_LIST, internal::WlanApiDeleter>
         interface_list(interface_list_ptr);
 
     for (unsigned i = 0; i < interface_list->dwNumberOfItems; ++i) {
@@ -327,8 +327,8 @@ class WifiOptionSetter : public ScopedWifiOptions {
   internal::WlanHandle client_;
 };
 
-scoped_ptr<ScopedWifiOptions> SetWifiOptions(int options) {
-  return scoped_ptr<ScopedWifiOptions>(new WifiOptionSetter(options));
+std::unique_ptr<ScopedWifiOptions> SetWifiOptions(int options) {
+  return std::unique_ptr<ScopedWifiOptions>(new WifiOptionSetter(options));
 }
 
 std::string GetWifiSSID() {
diff --git a/chromium/net/base/nss_memio.c b/chromium/net/base/nss_memio.c
deleted file mode 100644
index 895b7b20be8..00000000000
--- a/chromium/net/base/nss_memio.c
+++ /dev/null
@@ -1,541 +0,0 @@
-// Copyright (c) 2008 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-// Written in NSPR style to also be suitable for adding to the NSS demo suite
-
-/* memio is a simple NSPR I/O layer that lets you decouple NSS from
- * the real network.  It's rather like openssl's memory bio,
- * and is useful when your app absolutely, positively doesn't
- * want to let NSS do its own networking.
- */
-
-#include <stdlib.h>
-#include <string.h>
-
-#include <prerror.h>
-#include <prinit.h>
-#include <prlog.h>
-
-#include "nss_memio.h"
-
-/*--------------- private memio types -----------------------*/
-
-/*----------------------------------------------------------------------
- Simple private circular buffer class.  Size cannot be changed once allocated.
-----------------------------------------------------------------------*/
-
-struct memio_buffer {
-    int head;     /* where to take next byte out of buf */
-    int tail;     /* where to put next byte into buf */
-    int bufsize;  /* number of bytes allocated to buf */
-    /* TODO(port): error handling is pessimistic right now.
-     * Once an error is set, the socket is considered broken
-     * (PR_WOULD_BLOCK_ERROR not included).
-     */
-    PRErrorCode last_err;
-    char *buf;
-};
-
-
-/* The 'secret' field of a PRFileDesc created by memio_CreateIOLayer points
- * to one of these.
- * In the public header, we use struct memio_Private as a typesafe alias
- * for this.  This causes a few ugly typecasts in the private file, but
- * seems safer.
- */
-struct PRFilePrivate {
-    /* read requests are satisfied from this buffer */
-    struct memio_buffer readbuf;
-
-    /* write requests are satisfied from this buffer */
-    struct memio_buffer writebuf;
-
-    /* SSL needs to know socket peer's name */
-    PRNetAddr peername;
-
-    /* if set, empty I/O returns EOF instead of EWOULDBLOCK */
-    int eof;
-
-    /* if set, the number of bytes requested from readbuf that were not
-     * fulfilled (due to readbuf being empty) */
-    int read_requested;
-};
-
-/*--------------- private memio_buffer functions ---------------------*/
-
-/* Forward declarations.  */
-
-/* Allocate a memio_buffer of given size. */
-static void memio_buffer_new(struct memio_buffer *mb, int size);
-
-/* Deallocate a memio_buffer allocated by memio_buffer_new. */
-static void memio_buffer_destroy(struct memio_buffer *mb);
-
-/* How many bytes can be read out of the buffer without wrapping */
-static int memio_buffer_used_contiguous(const struct memio_buffer *mb);
-
-/* How many bytes exist after the wrap? */
-static int memio_buffer_wrapped_bytes(const struct memio_buffer *mb);
-
-/* How many bytes can be written into the buffer without wrapping */
-static int memio_buffer_unused_contiguous(const struct memio_buffer *mb);
-
-/* Write n bytes into the buffer.  Returns number of bytes written. */
-static int memio_buffer_put(struct memio_buffer *mb, const char *buf, int n);
-
-/* Read n bytes from the buffer.  Returns number of bytes read. */
-static int memio_buffer_get(struct memio_buffer *mb, char *buf, int n);
-
-/* Allocate a memio_buffer of given size. */
-static void memio_buffer_new(struct memio_buffer *mb, int size)
-{
-    mb->head = 0;
-    mb->tail = 0;
-    mb->bufsize = size;
-    mb->buf = malloc(size);
-}
-
-/* Deallocate a memio_buffer allocated by memio_buffer_new. */
-static void memio_buffer_destroy(struct memio_buffer *mb)
-{
-    free(mb->buf);
-    mb->buf = NULL;
-    mb->bufsize = 0;
-    mb->head = 0;
-    mb->tail = 0;
-}
-
-/* How many bytes can be read out of the buffer without wrapping */
-static int memio_buffer_used_contiguous(const struct memio_buffer *mb)
-{
-    return (((mb->tail >= mb->head) ? mb->tail : mb->bufsize) - mb->head);
-}
-
-/* How many bytes exist after the wrap? */
-static int memio_buffer_wrapped_bytes(const struct memio_buffer *mb)
-{
-    return (mb->tail >= mb->head) ? 0 : mb->tail;
-}
-
-/* How many bytes can be written into the buffer without wrapping */
-static int memio_buffer_unused_contiguous(const struct memio_buffer *mb)
-{
-    if (mb->head > mb->tail) return mb->head - mb->tail - 1;
-    return mb->bufsize - mb->tail - (mb->head == 0);
-}
-
-/* Write n bytes into the buffer.  Returns number of bytes written. */
-static int memio_buffer_put(struct memio_buffer *mb, const char *buf, int n)
-{
-    int len;
-    int transferred = 0;
-
-    /* Handle part before wrap */
-    len = PR_MIN(n, memio_buffer_unused_contiguous(mb));
-    if (len > 0) {
-        /* Buffer not full */
-        memcpy(&mb->buf[mb->tail], buf, len);
-        mb->tail += len;
-        if (mb->tail == mb->bufsize)
-            mb->tail = 0;
-        n -= len;
-        buf += len;
-        transferred += len;
-
-        /* Handle part after wrap */
-        len = PR_MIN(n, memio_buffer_unused_contiguous(mb));
-        if (len > 0) {
-            /* Output buffer still not full, input buffer still not empty */
-            memcpy(&mb->buf[mb->tail], buf, len);
-            mb->tail += len;
-            if (mb->tail == mb->bufsize)
-                mb->tail = 0;
-            transferred += len;
-        }
-    }
-
-    return transferred;
-}
-
-
-/* Read n bytes from the buffer.  Returns number of bytes read. */
-static int memio_buffer_get(struct memio_buffer *mb, char *buf, int n)
-{
-    int len;
-    int transferred = 0;
-
-    /* Handle part before wrap */
-    len = PR_MIN(n, memio_buffer_used_contiguous(mb));
-    if (len) {
-        memcpy(buf, &mb->buf[mb->head], len);
-        mb->head += len;
-        if (mb->head == mb->bufsize)
-            mb->head = 0;
-        n -= len;
-        buf += len;
-        transferred += len;
-
-        /* Handle part after wrap */
-        len = PR_MIN(n, memio_buffer_used_contiguous(mb));
-        if (len) {
-            memcpy(buf, &mb->buf[mb->head], len);
-            mb->head += len;
-            if (mb->head == mb->bufsize)
-                mb->head = 0;
-            transferred += len;
-        }
-    }
-
-    return transferred;
-}
-
-/*--------------- private memio functions -----------------------*/
-
-static PRStatus PR_CALLBACK memio_Close(PRFileDesc *fd)
-{
-    struct PRFilePrivate *secret = fd->secret;
-    memio_buffer_destroy(&secret->readbuf);
-    memio_buffer_destroy(&secret->writebuf);
-    free(secret);
-    fd->dtor(fd);
-    return PR_SUCCESS;
-}
-
-static PRStatus PR_CALLBACK memio_Shutdown(PRFileDesc *fd, PRIntn how)
-{
-    /* TODO: pass shutdown status to app somehow */
-    return PR_SUCCESS;
-}
-
-/* If there was a network error in the past taking bytes
- * out of the buffer, return it to the next call that
- * tries to read from an empty buffer.
- */
-static int PR_CALLBACK memio_Recv(PRFileDesc *fd, void *buf, PRInt32 len,
-                                  PRIntn flags, PRIntervalTime timeout)
-{
-    struct PRFilePrivate *secret;
-    struct memio_buffer *mb;
-    int rv;
-
-    if (flags) {
-        PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
-        return -1;
-    }
-
-    secret = fd->secret;
-    mb = &secret->readbuf;
-    PR_ASSERT(mb->bufsize);
-    rv = memio_buffer_get(mb, buf, len);
-    if (rv == 0 && !secret->eof) {
-        secret->read_requested = len;
-        /* If there is no more data in the buffer, report any pending errors
-         * that were previously observed. Note that both the readbuf and the
-         * writebuf are checked for errors, since the application may have
-         * encountered a socket error while writing that would otherwise not
-         * be reported until the application attempted to write again - which
-         * it may never do.
-         */
-        if (mb->last_err)
-            PR_SetError(mb->last_err, 0);
-        else if (secret->writebuf.last_err)
-            PR_SetError(secret->writebuf.last_err, 0);
-        else
-            PR_SetError(PR_WOULD_BLOCK_ERROR, 0);
-        return -1;
-    }
-
-    secret->read_requested = 0;
-    return rv;
-}
-
-static int PR_CALLBACK memio_Read(PRFileDesc *fd, void *buf, PRInt32 len)
-{
-    /* pull bytes from buffer */
-    return memio_Recv(fd, buf, len, 0, PR_INTERVAL_NO_TIMEOUT);
-}
-
-static int PR_CALLBACK memio_Send(PRFileDesc *fd, const void *buf, PRInt32 len,
-                                  PRIntn flags, PRIntervalTime timeout)
-{
-    struct PRFilePrivate *secret;
-    struct memio_buffer *mb;
-    int rv;
-
-    secret = fd->secret;
-    mb = &secret->writebuf;
-    PR_ASSERT(mb->bufsize);
-
-    /* Note that the read error state is not reported, because it cannot be
-     * reported until all buffered data has been read. If there is an error
-     * with the next layer, attempting to call Send again will report the
-     * error appropriately.
-     */
-    if (mb->last_err) {
-        PR_SetError(mb->last_err, 0);
-        return -1;
-    }
-    rv = memio_buffer_put(mb, buf, len);
-    if (rv == 0) {
-        PR_SetError(PR_WOULD_BLOCK_ERROR, 0);
-        return -1;
-    }
-    return rv;
-}
-
-static int PR_CALLBACK memio_Write(PRFileDesc *fd, const void *buf, PRInt32 len)
-{
-    /* append bytes to buffer */
-    return memio_Send(fd, buf, len, 0, PR_INTERVAL_NO_TIMEOUT);
-}
-
-static PRStatus PR_CALLBACK memio_GetPeerName(PRFileDesc *fd, PRNetAddr *addr)
-{
-    /* TODO: fail if memio_SetPeerName has not been called */
-    struct PRFilePrivate *secret = fd->secret;
-    *addr = secret->peername;
-    return PR_SUCCESS;
-}
-
-static PRStatus memio_GetSocketOption(PRFileDesc *fd, PRSocketOptionData *data)
-{
-    /*
-     * Even in the original version for real tcp sockets,
-     * PR_SockOpt_Nonblocking is a special case that does not
-     * translate to a getsockopt() call
-     */
-    if (PR_SockOpt_Nonblocking == data->option) {
-        data->value.non_blocking = PR_TRUE;
-        return PR_SUCCESS;
-    }
-    PR_SetError(PR_OPERATION_NOT_SUPPORTED_ERROR, 0);
-    return PR_FAILURE;
-}
-
-/*--------------- private memio data -----------------------*/
-
-/*
- * Implement just the bare minimum number of methods needed to make ssl happy.
- *
- * Oddly, PR_Recv calls ssl_Recv calls ssl_SocketIsBlocking calls
- * PR_GetSocketOption, so we have to provide an implementation of
- * PR_GetSocketOption that just says "I'm nonblocking".
- */
-
-static struct PRIOMethods  memio_layer_methods = {
-    PR_DESC_LAYERED,
-    memio_Close,
-    memio_Read,
-    memio_Write,
-    NULL,
-    NULL,
-    NULL,
-    NULL,
-    NULL,
-    NULL,
-    NULL,
-    NULL,
-    NULL,
-    NULL,
-    NULL,
-    NULL,
-    memio_Shutdown,
-    memio_Recv,
-    memio_Send,
-    NULL,
-    NULL,
-    NULL,
-    NULL,
-    NULL,
-    NULL,
-    memio_GetPeerName,
-    NULL,
-    NULL,
-    memio_GetSocketOption,
-    NULL,
-    NULL,
-    NULL,
-    NULL,
-    NULL,
-    NULL,
-    NULL,
-};
-
-static PRDescIdentity memio_identity = PR_INVALID_IO_LAYER;
-
-static PRStatus memio_InitializeLayerName(void)
-{
-    memio_identity = PR_GetUniqueIdentity("memio");
-    return PR_SUCCESS;
-}
-
-/*--------------- public memio functions -----------------------*/
-
-PRFileDesc *memio_CreateIOLayer(int readbufsize, int writebufsize)
-{
-    PRFileDesc *fd;
-    struct PRFilePrivate *secret;
-    static PRCallOnceType once;
-
-    PR_CallOnce(&once, memio_InitializeLayerName);
-
-    fd = PR_CreateIOLayerStub(memio_identity, &memio_layer_methods);
-    secret = malloc(sizeof(struct PRFilePrivate));
-    memset(secret, 0, sizeof(*secret));
-
-    memio_buffer_new(&secret->readbuf, readbufsize);
-    memio_buffer_new(&secret->writebuf, writebufsize);
-    fd->secret = secret;
-    return fd;
-}
-
-void memio_SetPeerName(PRFileDesc *fd, const PRNetAddr *peername)
-{
-    PRFileDesc *memiofd = PR_GetIdentitiesLayer(fd, memio_identity);
-    struct PRFilePrivate *secret = memiofd->secret;
-    secret->peername = *peername;
-}
-
-memio_Private *memio_GetSecret(PRFileDesc *fd)
-{
-    PRFileDesc *memiofd = PR_GetIdentitiesLayer(fd, memio_identity);
-    struct PRFilePrivate *secret =  memiofd->secret;
-    return (memio_Private *)secret;
-}
-
-int memio_GetReadRequest(memio_Private *secret)
-{
-    return ((PRFilePrivate *)secret)->read_requested;
-}
-
-int memio_GetReadParams(memio_Private *secret, char **buf)
-{
-    struct memio_buffer* mb = &((PRFilePrivate *)secret)->readbuf;
-    PR_ASSERT(mb->bufsize);
-
-    *buf = &mb->buf[mb->tail];
-    return memio_buffer_unused_contiguous(mb);
-}
-
-int memio_GetReadableBufferSize(memio_Private *secret)
-{
-    struct memio_buffer* mb = &((PRFilePrivate *)secret)->readbuf;
-    PR_ASSERT(mb->bufsize);
-
-    return memio_buffer_used_contiguous(mb);
-}
-
-void memio_PutReadResult(memio_Private *secret, int bytes_read)
-{
-    struct memio_buffer* mb = &((PRFilePrivate *)secret)->readbuf;
-    PR_ASSERT(mb->bufsize);
-
-    if (bytes_read > 0) {
-        mb->tail += bytes_read;
-        if (mb->tail == mb->bufsize)
-            mb->tail = 0;
-    } else if (bytes_read == 0) {
-        /* Record EOF condition and report to caller when buffer runs dry */
-        ((PRFilePrivate *)secret)->eof = PR_TRUE;
-    } else /* if (bytes_read < 0) */ {
-        mb->last_err = bytes_read;
-    }
-
-    /* Clear read_requested now that the read has been satisfied. */
-    ((PRFilePrivate *)secret)->read_requested = 0;
-}
-
-int memio_GetWriteParams(memio_Private *secret,
-                         const char **buf1, unsigned int *len1,
-                         const char **buf2, unsigned int *len2)
-{
-    struct memio_buffer* mb = &((PRFilePrivate *)secret)->writebuf;
-    PR_ASSERT(mb->bufsize);
-
-    if (mb->last_err)
-        return mb->last_err;
-
-    *buf1 = &mb->buf[mb->head];
-    *len1 = memio_buffer_used_contiguous(mb);
-    *buf2 = mb->buf;
-    *len2 = memio_buffer_wrapped_bytes(mb);
-    return 0;
-}
-
-void memio_PutWriteResult(memio_Private *secret, int bytes_written)
-{
-    struct memio_buffer* mb = &((PRFilePrivate *)secret)->writebuf;
-    PR_ASSERT(mb->bufsize);
-
-    if (bytes_written > 0) {
-        mb->head += bytes_written;
-        if (mb->head >= mb->bufsize)
-            mb->head -= mb->bufsize;
-    } else if (bytes_written < 0) {
-        mb->last_err = bytes_written;
-    }
-}
-
-/*--------------- private memio_buffer self-test -----------------*/
-
-/* Even a trivial unit test is very helpful when doing circular buffers. */
-/*#define TRIVIAL_SELF_TEST*/
-#ifdef TRIVIAL_SELF_TEST
-#include <stdio.h>
-
-#define TEST_BUFLEN 7
-
-#define CHECKEQ(a, b) { \
-    if ((a) != (b)) { \
-        printf("%d != %d, Test failed line %d\n", a, b, __LINE__); \
-        exit(1); \
-    } \
-}
-
-int main()
-{
-    struct memio_buffer mb;
-    char buf[100];
-    int i;
-
-    memio_buffer_new(&mb, TEST_BUFLEN);
-
-    CHECKEQ(memio_buffer_unused_contiguous(&mb), TEST_BUFLEN-1);
-    CHECKEQ(memio_buffer_used_contiguous(&mb), 0);
-
-    CHECKEQ(memio_buffer_put(&mb, "howdy", 5), 5);
-
-    CHECKEQ(memio_buffer_unused_contiguous(&mb), TEST_BUFLEN-1-5);
-    CHECKEQ(memio_buffer_used_contiguous(&mb), 5);
-    CHECKEQ(memio_buffer_wrapped_bytes(&mb), 0);
-
-    CHECKEQ(memio_buffer_put(&mb, "!", 1), 1);
-
-    CHECKEQ(memio_buffer_unused_contiguous(&mb), 0);
-    CHECKEQ(memio_buffer_used_contiguous(&mb), 6);
-    CHECKEQ(memio_buffer_wrapped_bytes(&mb), 0);
-
-    CHECKEQ(memio_buffer_get(&mb, buf, 6), 6);
-    CHECKEQ(memcmp(buf, "howdy!", 6), 0);
-
-    CHECKEQ(memio_buffer_unused_contiguous(&mb), 1);
-    CHECKEQ(memio_buffer_used_contiguous(&mb), 0);
-
-    CHECKEQ(memio_buffer_put(&mb, "01234", 5), 5);
-
-    CHECKEQ(memio_buffer_used_contiguous(&mb), 1);
-    CHECKEQ(memio_buffer_wrapped_bytes(&mb), 4);
-    CHECKEQ(memio_buffer_unused_contiguous(&mb), TEST_BUFLEN-1-5);
-
-    CHECKEQ(memio_buffer_put(&mb, "5", 1), 1);
-
-    CHECKEQ(memio_buffer_unused_contiguous(&mb), 0);
-    CHECKEQ(memio_buffer_used_contiguous(&mb), 1);
-
-    /* TODO: add more cases */
-
-    printf("Test passed\n");
-    exit(0);
-}
-
-#endif
diff --git a/chromium/net/base/nss_memio.h b/chromium/net/base/nss_memio.h
deleted file mode 100644
index b2b873bdca3..00000000000
--- a/chromium/net/base/nss_memio.h
+++ /dev/null
@@ -1,102 +0,0 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-// Written in NSPR style to also be suitable for adding to the NSS demo suite
-
-#ifndef __MEMIO_H
-#define __MEMIO_H
-
-#include <stddef.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include "prio.h"
-
-/* Opaque structure.  Really just a more typesafe alias for PRFilePrivate. */
-struct memio_Private;
-typedef struct memio_Private memio_Private;
-
-/*----------------------------------------------------------------------
- NSPR I/O layer that terminates in a pair of circular buffers
- rather than talking to the real network.
- To use this with NSS:
- 1) call memio_CreateIOLayer to create a fake NSPR socket
- 2) call SSL_ImportFD to ssl-ify the socket
- 3) Do your own networking calls to set up a TCP connection
- 4) call memio_SetPeerName to tell NSS about the other end of the connection
- 5) While at the same time doing plaintext nonblocking NSPR I/O as
-    usual to the nspr file descriptor returned by SSL_ImportFD,
-    your app must shuttle encrypted data between
-    the real network and memio's network buffers.
-    memio_GetReadParams/memio_PutReadResult
-    are the hooks you need to pump data into memio's input buffer,
-    and memio_GetWriteParams/memio_PutWriteResult
-    are the hooks you need to pump data out of memio's output buffer.
-----------------------------------------------------------------------*/
-
-/* Create the I/O layer and its two circular buffers. */
-PRFileDesc *memio_CreateIOLayer(int readbufsize, int writebufsize);
-
-/* Must call before trying to make an ssl connection */
-void memio_SetPeerName(PRFileDesc *fd, const PRNetAddr *peername);
-
-/* Return a private pointer needed by the following
- * four functions.  (We could have passed a PRFileDesc to
- * them, but that would be slower.  Better for the caller
- * to grab the pointer once and cache it.
- * This may be a premature optimization.)
- */
-memio_Private *memio_GetSecret(PRFileDesc *fd);
-
-/* Ask memio how many bytes were requested by a higher layer if the
- * last attempt to read data resulted in PR_WOULD_BLOCK_ERROR, due to the
- * transport buffer being empty. If the last attempt to read data from the
- * memio did not result in PR_WOULD_BLOCK_ERROR, returns 0.
- */
-int memio_GetReadRequest(memio_Private *secret);
-
-/* Ask memio where to put bytes from the network, and how many it can handle.
- * Returns bytes available to write, or 0 if none available.
- * Puts current buffer position into *buf.
- */
-int memio_GetReadParams(memio_Private *secret, char **buf);
-
-/* Ask memio how many bytes are contained in the internal buffer.
- * Returns bytes available to read, or 0 if none available.
- */
-int memio_GetReadableBufferSize(memio_Private *secret);
-
-/* Tell memio how many bytes were read from the network.
- * If bytes_read is 0, causes EOF to be reported to
- * NSS after it reads the last byte from the circular buffer.
- * If bytes_read is < 0, it is treated as an NSPR error code.
- * See nspr/pr/src/md/unix/unix_errors.c for how to
- * map from Unix errors to NSPR error codes.
- * On EWOULDBLOCK or the equivalent, don't call this function.
- */
-void memio_PutReadResult(memio_Private *secret, int bytes_read);
-
-/* Ask memio what data it has to send to the network.
- * If there was previous a write error, the NSPR error code is returned.
- * Otherwise, it returns 0 and provides up to two buffers of data by
- * writing the positions and lengths into |buf1|, |len1| and |buf2|, |len2|.
- */
-int memio_GetWriteParams(memio_Private *secret,
-                         const char **buf1, unsigned int *len1,
-                         const char **buf2, unsigned int *len2);
-
-/* Tell memio how many bytes were sent to the network.
- * If bytes_written is < 0, it is treated as an NSPR error code.
- * See nspr/pr/src/md/unix/unix_errors.c for how to
- * map from Unix errors to NSPR error codes.
- * On EWOULDBLOCK or the equivalent, don't call this function.
- */
-void memio_PutWriteResult(memio_Private *secret, int bytes_written);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/chromium/net/base/parse_number.cc b/chromium/net/base/parse_number.cc
index d315bec63a9..460947f70af 100644
--- a/chromium/net/base/parse_number.cc
+++ b/chromium/net/base/parse_number.cc
@@ -4,20 +4,124 @@
 
 #include "net/base/parse_number.h"
 
+#include "base/logging.h"
 #include "base/strings/string_number_conversions.h"
+#include "base/strings/string_util.h"
 
 namespace net {
 
-bool ParseNonNegativeDecimalInt(const base::StringPiece& input, int* output) {
-  if (input.empty() || input[0] > '9' || input[0] < '0')
-    return false;
+namespace {
+
+// The string to number conversion functions in //base include the type in the
+// name (like StringToInt64()). The following wrapper methods create a
+// consistent interface to StringToXXX() that calls the appropriate //base
+// version. This simplifies writing generic code with a template.
+
+bool StringToNumber(const base::StringPiece& input, int32_t* output) {
+  // This assumes ints are 32-bits (will fail compile if that ever changes).
+  return base::StringToInt(input, output);
+}
+
+bool StringToNumber(const base::StringPiece& input, uint32_t* output) {
+  // This assumes ints are 32-bits (will fail compile if that ever changes).
+  return base::StringToUint(input, output);
+}
+
+bool StringToNumber(const base::StringPiece& input, int64_t* output) {
+  return base::StringToInt64(input, output);
+}
+
+bool StringToNumber(const base::StringPiece& input, uint64_t* output) {
+  return base::StringToUint64(input, output);
+}
+
+bool SetError(ParseIntError error, ParseIntError* optional_error) {
+  if (optional_error)
+    *optional_error = error;
+  return false;
+}
+
+template <typename T>
+bool ParseIntHelper(const base::StringPiece& input,
+                    ParseIntFormat format,
+                    T* output,
+                    ParseIntError* optional_error) {
+  // Check that the input matches the format before calling StringToNumber().
+  // Numbers must start with either a digit or a negative sign.
+  if (input.empty())
+    return SetError(ParseIntError::FAILED_PARSE, optional_error);
+
+  bool starts_with_negative = input[0] == '-';
+  bool starts_with_digit = base::IsAsciiDigit(input[0]);
 
-  int result;
-  if (!base::StringToInt(input, &result))
+  if (!starts_with_digit) {
+    if (format == ParseIntFormat::NON_NEGATIVE || !starts_with_negative)
+      return SetError(ParseIntError::FAILED_PARSE, optional_error);
+  }
+
+  // Dispatch to the appropriate flavor of base::StringToXXX() by calling one of
+  // the type-specific overloads.
+  T result;
+  if (StringToNumber(input, &result)) {
+    *output = result;
+    return true;
+  }
+
+  // Optimization: If the error is not going to be inspected, don't bother
+  // calculating it.
+  if (!optional_error)
     return false;
 
-  *output = result;
-  return true;
+  // Set an error that distinguishes between parsing/underflow/overflow errors.
+  //
+  // Note that the output set by base::StringToXXX() on failure cannot be used
+  // as it has ambiguity with parse errors.
+
+  // Strip any leading negative sign off the number.
+  base::StringPiece numeric_portion =
+      starts_with_negative ? input.substr(1) : input;
+
+  // Test if |numeric_portion| is a valid non-negative integer.
+  if (!numeric_portion.empty() &&
+      numeric_portion.find_first_not_of("0123456789") == std::string::npos) {
+    // If it was, the failure must have been due to underflow/overflow.
+    return SetError(starts_with_negative ? ParseIntError::FAILED_UNDERFLOW
+                                         : ParseIntError::FAILED_OVERFLOW,
+                    optional_error);
+  }
+
+  // Otherwise it was a mundane parsing error.
+  return SetError(ParseIntError::FAILED_PARSE, optional_error);
+}
+
+}  // namespace
+
+bool ParseInt32(const base::StringPiece& input,
+                ParseIntFormat format,
+                int32_t* output,
+                ParseIntError* optional_error) {
+  return ParseIntHelper(input, format, output, optional_error);
+}
+
+bool ParseInt64(const base::StringPiece& input,
+                ParseIntFormat format,
+                int64_t* output,
+                ParseIntError* optional_error) {
+  return ParseIntHelper(input, format, output, optional_error);
+}
+
+bool ParseUint32(const base::StringPiece& input,
+                 uint32_t* output,
+                 ParseIntError* optional_error) {
+  return ParseIntHelper(input, ParseIntFormat::NON_NEGATIVE, output,
+                        optional_error);
+}
+
+bool ParseUint64(const base::StringPiece& input,
+                 uint64_t* output,
+                 ParseIntError* optional_error) {
+  return ParseIntHelper(input, ParseIntFormat::NON_NEGATIVE, output,
+                        optional_error);
 }
 
 }  // namespace net
diff --git a/chromium/net/base/parse_number.h b/chromium/net/base/parse_number.h
index 0b88cf0435b..dc66fb6d8b5 100644
--- a/chromium/net/base/parse_number.h
+++ b/chromium/net/base/parse_number.h
@@ -15,53 +15,100 @@
 // Q: Doesn't //base already provide these in string_number_conversions.h, with
 //    functions like base::StringToInt()?
 //
-// A: Yes, and those functions are used under the hood by these
-//    implementations.
+// A: Yes, and those functions are used under the hood by these implementations.
 //
-//    However using the number parsing functions from //base directly in network
-//    code can lead to subtle bugs, as the //base versions  are more permissive.
-//    For instance "+99" is successfully parsed by base::StringToInt().
+//    However using the base::StringTo*() has historically led to subtle bugs
+//    in the context of parsing network protocols:
 //
-//    However in the majority of places in //net, a leading plus on a number
-//    should be considered invalid. For instance when parsing a host:port pair
-//    you wouldn't want to recognize "foo:+99" as having a port of 99. The same
-//    issue applies when parsing a content-length header.
+//      * Permitting a leading '+'
+//      * Incorrectly classifying overflow/underflow from a parsing failure
+//      * Allowing negative numbers for non-negative fields
 //
-//    To reduce the risk of such problems, use of these functions over the
-//    //base versions.
+//   This API tries to avoid these problems by picking sensible defaults for
+//   //net code. For more details see crbug.com/596523.
 
 class GURL;
 
 namespace net {
 
-//  Parses a string representing a decimal number to an |int|. Returns true on
-//  success, and fills |*output| with the result. Note that  |*output| is not
-//  modified on failure.
-//
-//  Recognized inputs take the form:
-//    1*DIGIT
+// Format to use when parsing integers.
+enum class ParseIntFormat {
+  // Accepts non-negative base 10 integers of the form:
+  //
+  //    1*DIGIT
+  //
+  // This construction is used in a variety of IETF standards, such as RFC 7230
+  // (HTTP).
+  //
+  // When attempting to parse a negative number using this format, the failure
+  // will be FAILED_PARSE since it violated the expected format (and not
+  // FAILED_UNDERFLOW).
+  //
+  // Also note that inputs need not be in minimal encoding: "0003" is valid and
+  // equivalent to "3".
+  NON_NEGATIVE,
+
+  // Accept optionally negative base 10 integers of the form:
+  //
+  //    ["-"] 1*DIGIT
+  //
+  // In other words, this accepts the same things as NON_NEGATIVE, and
+  // additionally recognizes those numbers prefixed with a '-'.
+  //
+  // Note that by this defintion "-0" IS a valid input.
+  OPTIONALLY_NEGATIVE
+};
+
+// The specific reason why a ParseInt*() function failed.
+enum class ParseIntError {
+  // The parsed number couldn't fit into the provided output type because it was
+  // too high.
+  FAILED_OVERFLOW,
+
+  // The parsed number couldn't fit into the provided output type because it was
+  // too low.
+  FAILED_UNDERFLOW,
+
+  // The number failed to be parsed because it wasn't a valid decimal number (as
+  // determined by the policy).
+  FAILED_PARSE,
+};
+
+// The ParseInt*() functions parse a string representing a number.
 //
-//  Where DIGIT is an ASCII number in the range '0' - '9'
+// The format of the strings that are accepted is controlled by the |format|
+// parameter. This allows rejecting negative numbers.
 //
-//  Note that:
-//   * Parsing is locale independent
-//   * Leading zeros are allowed (numbers needn't be in minimal encoding)
-//   * Inputs that would overflow the output are rejected.
-//   * Only accepts integers
+// These functions return true on success, and fill |*output| with the result.
 //
-//  Examples of recognized inputs are:
-//    "13"
-//    "0"
-//    "00013"
+// On failure, it is guaranteed that |*output| was not modified. If
+// |optional_error| was non-null, then it is filled with the reason for the
+// failure.
+NET_EXPORT bool ParseInt32(const base::StringPiece& input,
+                           ParseIntFormat format,
+                           int32_t* output,
+                           ParseIntError* optional_error = nullptr)
+    WARN_UNUSED_RESULT;
+
+NET_EXPORT bool ParseInt64(const base::StringPiece& input,
+                           ParseIntFormat format,
+                           int64_t* output,
+                           ParseIntError* optional_error = nullptr)
+    WARN_UNUSED_RESULT;
+
+// The ParseUint*() functions parse a string representing a number.
 //
-//  Examples of rejected inputs are:
-//    "  13"
-//    "-13"
-//    "+13"
-//    "0x15"
-//    "13.3"
-NET_EXPORT bool ParseNonNegativeDecimalInt(const base::StringPiece& input,
-                                           int* output) WARN_UNUSED_RESULT;
+// These are equivalent to calling ParseInt*() with a format string of
+// ParseIntFormat::NON_NEGATIVE and unsigned output types.
+NET_EXPORT bool ParseUint32(const base::StringPiece& input,
+                            uint32_t* output,
+                            ParseIntError* optional_error = nullptr)
+    WARN_UNUSED_RESULT;
+
+NET_EXPORT bool ParseUint64(const base::StringPiece& input,
+                            uint64_t* output,
+                            ParseIntError* optional_error = nullptr)
+    WARN_UNUSED_RESULT;
 
 }  // namespace net
 
diff --git a/chromium/net/base/parse_number_unittest.cc b/chromium/net/base/parse_number_unittest.cc
index 79cac9f43ba..52bbe61b54b 100644
--- a/chromium/net/base/parse_number_unittest.cc
+++ b/chromium/net/base/parse_number_unittest.cc
@@ -4,67 +4,247 @@
 
 #include "net/base/parse_number.h"
 
+#include <limits>
+#include <sstream>
+
+#include "base/strings/string_number_conversions.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 namespace net {
 namespace {
 
-TEST(ParseNumberTest, IntValidInputs) {
-  const struct {
-    const char* input;
-    int output;
-  } kTests[] = {
-      {"0", 0},     {"00000", 0}, {"003", 3}, {"003", 3}, {"1234566", 1234566},
-      {"987", 987}, {"010", 10},
-  };
+template <typename T>
+std::string ToString(T number) {
+  // TODO(eroman): Just use std::to_string() instead (Currently chromium's
+  // C++11 guide hasn't taken a stance on it).
+  std::stringstream s;
+  s << number;
+  return s.str();
+}
+
+// Returns a decimal string that is one larger than the maximum value that type
+// T can represent.
+template <typename T>
+std::string CreateOverflowString() {
+  const T value = std::numeric_limits<T>::max();
+  std::string result = ToString(value);
+  EXPECT_NE('9', result.back());
+  result.back()++;
+  return result;
+}
+
+// Returns a decimal string that is one less than the minimum value that
+// (signed) type T can represent.
+template <typename T>
+std::string CreateUnderflowString() {
+  EXPECT_TRUE(std::numeric_limits<T>::is_signed);
+  const T value = std::numeric_limits<T>::min();
+  std::string result = ToString(value);
+  EXPECT_EQ('-', result.front());
+  EXPECT_NE('9', result.back());
+  result.back()++;
+  return result;
+}
+
+// These are valid inputs representing non-negative integers. Note that these
+// test inputs are re-used when constructing negative test cases, by simply
+// prepending a '-'.
+const struct {
+  const char* input;
+  int expected_output;
+} kValidNonNegativeTests[] = {
+    {"0", 0},     {"00000", 0}, {"003", 3}, {"003", 3}, {"1234566", 1234566},
+    {"987", 987}, {"010", 10},
+};
+
+// These are invalid inputs that can not be parsed regardless of the format
+// used (they are neither valid negative or non-negative values).
+const char* kInvalidParseTests[] = {
+    "",       "-",      "--",    "23-",  "134-34", "- ",   "    ",  "+42",
+    " 123",   "123 ",   "123\n", "0xFF", "-0xFF",  "0x11", "-0x11", "x11",
+    "-x11",   "F11",    "-F11",  "AF",   "-AF",    "0AF",  "0.0",   "13.",
+    "13,000", "13.000", "13/5",  "Inf",  "NaN",    "null", "dog",
+};
+
+// This wrapper calls func() and expects the result to match |expected_output|.
+template <typename OutputType, typename ParseFunc, typename ExpectationType>
+void ExpectParseIntSuccess(ParseFunc func,
+                           const base::StringPiece& input,
+                           ParseIntFormat format,
+                           ExpectationType expected_output) {
+  // Try parsing without specifying an error output - expecting success.
+  OutputType parsed_number1;
+  EXPECT_TRUE(func(input, format, &parsed_number1, nullptr))
+      << "Failed to parse: " << input;
+  EXPECT_EQ(static_cast<OutputType>(expected_output), parsed_number1);
+
+  // Try parsing with an error output - expecting success.
+  ParseIntError kBogusError = static_cast<ParseIntError>(19);
+  ParseIntError error = kBogusError;
+  OutputType parsed_number2;
+  EXPECT_TRUE(func(input, format, &parsed_number2, &error))
+      << "Failed to parse: " << input;
+  EXPECT_EQ(static_cast<OutputType>(expected_output), parsed_number2);
+  // Check that the error output was not written to.
+  EXPECT_EQ(kBogusError, error);
+}
+
+// This wrapper calls func() and expects the failure to match |expected_error|.
+template <typename OutputType, typename ParseFunc>
+void ExpectParseIntFailure(ParseFunc func,
+                           const base::StringPiece& input,
+                           ParseIntFormat format,
+                           ParseIntError expected_error) {
+  const OutputType kBogusOutput(23614);
+
+  // Try parsing without specifying an error output - expecting failure.
+  OutputType parsed_number1 = kBogusOutput;
+  EXPECT_FALSE(func(input, format, &parsed_number1, nullptr))
+      << "Succeded parsing: " << input;
+  EXPECT_EQ(kBogusOutput, parsed_number1)
+      << "Modified output when failed parsing";
 
-  for (const auto& test : kTests) {
-    int result;
-    ASSERT_TRUE(ParseNonNegativeDecimalInt(test.input, &result))
-        << "Failed to parse: " << test.input;
-    EXPECT_EQ(result, test.output) << "Failed to parse: " << test.input;
+  // Try parsing with an error output - expecting failure.
+  OutputType parsed_number2 = kBogusOutput;
+  ParseIntError error;
+  EXPECT_FALSE(func(input, format, &parsed_number2, &error))
+      << "Succeded parsing: " << input;
+  EXPECT_EQ(kBogusOutput, parsed_number2)
+      << "Modified output when failed parsing";
+  EXPECT_EQ(expected_error, error);
+}
+
+// Common tests for both ParseInt*() and ParseUint*()
+//
+// When testing ParseUint*() the |format| parameter is not applicable and
+// should be passed as NON_NEGATIVE.
+template <typename T, typename ParseFunc>
+void TestParseIntUsingFormat(ParseFunc func, ParseIntFormat format) {
+  // Test valid non-negative inputs
+  for (const auto& test : kValidNonNegativeTests) {
+    ExpectParseIntSuccess<T>(func, test.input, format, test.expected_output);
   }
+
+  // Test invalid inputs (invalid regardless of parsing format)
+  for (const auto& input : kInvalidParseTests) {
+    ExpectParseIntFailure<T>(func, input, format, ParseIntError::FAILED_PARSE);
+  }
+
+  // Test valid negative inputs (constructed from the valid non-negative test
+  // cases).
+  for (const auto& test : kValidNonNegativeTests) {
+    std::string negative_input = std::string("-") + test.input;
+    int expected_negative_output = -test.expected_output;
+
+    // The result depends on the format.
+    if (format == ParseIntFormat::NON_NEGATIVE) {
+      ExpectParseIntFailure<T>(func, negative_input, format,
+                               ParseIntError::FAILED_PARSE);
+    } else {
+      ExpectParseIntSuccess<T>(func, negative_input, format,
+                               expected_negative_output);
+    }
+  }
+
+  // Test parsing the largest possible value for output type.
+  {
+    const T value = std::numeric_limits<T>::max();
+    ExpectParseIntSuccess<T>(func, ToString(value), format, value);
+  }
+
+  // Test parsing a number one larger than the output type can accomodate
+  // (overflow).
+  ExpectParseIntFailure<T>(func, CreateOverflowString<T>(), format,
+                           ParseIntError::FAILED_OVERFLOW);
+
+  // Test parsing a number at least as large as the output allows AND contains
+  // garbage at the end. This exercises an interesting internal quirk of
+  // base::StringToInt*(), in that its result cannot distinguish this case
+  // from overflow.
+  ExpectParseIntFailure<T>(func, ToString(std::numeric_limits<T>::max()) + " ",
+                           format, ParseIntError::FAILED_PARSE);
+
+  ExpectParseIntFailure<T>(func, CreateOverflowString<T>() + " ", format,
+                           ParseIntError::FAILED_PARSE);
+
+  // Test parsing the smallest possible value for output type. Don't do the
+  // test for unsigned types since the smallest number 0 is tested elsewhere.
+  if (std::numeric_limits<T>::is_signed) {
+    const T value = std::numeric_limits<T>::min();
+    std::string str_value = ToString(value);
+
+    // The minimal value is necessarily negative, since this function is
+    // testing only signed output types.
+    if (format == ParseIntFormat::NON_NEGATIVE) {
+      ExpectParseIntFailure<T>(func, str_value, format,
+                               ParseIntError::FAILED_PARSE);
+    } else {
+      ExpectParseIntSuccess<T>(func, str_value, format, value);
+    }
+  }
+
+  // Test parsing a number one less than the output type can accomodate
+  // (underflow).
+  if (format == ParseIntFormat::OPTIONALLY_NEGATIVE) {
+    ExpectParseIntFailure<T>(func, CreateUnderflowString<T>(),
+                             ParseIntFormat::OPTIONALLY_NEGATIVE,
+                             ParseIntError::FAILED_UNDERFLOW);
+  }
+
+  // Test parsing a string that contains a valid number followed by a NUL
+  // character.
+  ExpectParseIntFailure<T>(func, base::StringPiece("123\0", 4), format,
+                           ParseIntError::FAILED_PARSE);
 }
 
-TEST(ParseNumberTest, IntInvalidInputs) {
-  const char* kTests[] = {
-      "",
-      "-23",
-      "+42",
-      " 123",
-      "123 ",
-      "123\n",
-      "0xFF",
-      "0x11",
-      "x11",
-      "F11",
-      "AF",
-      "0AF",
-      "0.0",
-      "13.",
-      "13,000",
-      "13.000",
-      "13/5",
-      "9999999999999999999999999999999999999999999999999999999999999999",
-      "Inf",
-      "NaN",
-      "null",
-      "dog",
-  };
+// Common tests to run for each of the versions of ParseInt*().
+//
+// The |func| parameter should be a function pointer to the particular
+// ParseInt*() function to test.
+template <typename T, typename ParseFunc>
+void TestParseInt(ParseFunc func) {
+  // Test using each of the possible formats.
+  ParseIntFormat kFormats[] = {ParseIntFormat::NON_NEGATIVE,
+                               ParseIntFormat::OPTIONALLY_NEGATIVE};
 
-  for (const auto& input : kTests) {
-    int result = 0xDEAD;
-    ASSERT_FALSE(ParseNonNegativeDecimalInt(input, &result))
-        << "Succeeded to parse: " << input;
-    EXPECT_EQ(0xDEAD, result) << "Modified output for failed parsing";
+  for (const auto& format : kFormats) {
+    TestParseIntUsingFormat<T>(func, format);
   }
 }
 
-TEST(ParseNumberTest, IntInvalidInputsContainsNul) {
-  int result = 0xDEAD;
-  ASSERT_FALSE(
-      ParseNonNegativeDecimalInt(base::StringPiece("123\0", 4), &result));
-  EXPECT_EQ(0xDEAD, result);
+// Common tests to run for each of the versions of ParseUint*().
+//
+// The |func| parameter should be a function pointer to the particular
+// ParseUint*() function to test.
+template <typename T, typename ParseFunc>
+void TestParseUint(ParseFunc func) {
+  // TestParseIntUsingFormat() expects a functor that has a |format|
+  // parameter. For ParseUint*() there is no such parameter. For all intents
+  // and purposes can just fix it to NON_NEGATIVE and re-use that test driver.
+  auto func_adapter = [&func](const base::StringPiece& input,
+                              ParseIntFormat format, T* output,
+                              ParseIntError* optional_error) {
+    EXPECT_EQ(ParseIntFormat::NON_NEGATIVE, format);
+    return func(input, output, optional_error);
+  };
+
+  TestParseIntUsingFormat<T>(func_adapter, ParseIntFormat::NON_NEGATIVE);
+}
+
+TEST(ParseNumberTest, ParseInt32) {
+  TestParseInt<int32_t>(ParseInt32);
+}
+
+TEST(ParseNumberTest, ParseInt64) {
+  TestParseInt<int64_t>(ParseInt64);
+}
+
+TEST(ParseNumberTest, ParseUint32) {
+  TestParseUint<uint32_t>(ParseUint32);
+}
+
+TEST(ParseNumberTest, ParseUint64) {
+  TestParseUint<uint64_t>(ParseUint64);
 }
 
 }  // namespace
diff --git a/chromium/net/base/platform_mime_util.h b/chromium/net/base/platform_mime_util.h
index 726cea43414..f79d84324a9 100644
--- a/chromium/net/base/platform_mime_util.h
+++ b/chromium/net/base/platform_mime_util.h
@@ -6,8 +6,8 @@
 #define NET_BASE_PLATFORM_MIME_UTIL_H_
 
 #include <string>
+#include <unordered_set>
 
-#include "base/containers/hash_tables.h"
 #include "base/files/file_path.h"
 
 namespace net {
@@ -25,7 +25,7 @@ class PlatformMimeUtil {
   // by GetPreferredExtensionForMimeType.
   void GetPlatformExtensionsForMimeType(
       const std::string& mime_type,
-      base::hash_set<base::FilePath::StringType>* extensions) const;
+      std::unordered_set<base::FilePath::StringType>* extensions) const;
 
  protected:
   // Get the mime type (if any) that is associated with the file extension.
diff --git a/chromium/net/base/platform_mime_util_linux.cc b/chromium/net/base/platform_mime_util_linux.cc
index 13af8f80f68..7d0fa1ef287 100644
--- a/chromium/net/base/platform_mime_util_linux.cc
+++ b/chromium/net/base/platform_mime_util_linux.cc
@@ -102,7 +102,7 @@ bool PlatformMimeUtil::GetPreferredExtensionForMimeType(
 
 void PlatformMimeUtil::GetPlatformExtensionsForMimeType(
     const std::string& mime_type,
-    base::hash_set<base::FilePath::StringType>* extensions) const {
+    std::unordered_set<base::FilePath::StringType>* extensions) const {
   base::FilePath::StringType ext;
   if (GetPreferredExtensionForMimeType(mime_type, &ext))
     extensions->insert(ext);
diff --git a/chromium/net/base/platform_mime_util_mac.mm b/chromium/net/base/platform_mime_util_mac.mm
index cf5b2625a58..d9921d6fc11 100644
--- a/chromium/net/base/platform_mime_util_mac.mm
+++ b/chromium/net/base/platform_mime_util_mac.mm
@@ -73,7 +73,7 @@ bool PlatformMimeUtil::GetPreferredExtensionForMimeType(
 
 void PlatformMimeUtil::GetPlatformExtensionsForMimeType(
     const std::string& mime_type,
-    base::hash_set<base::FilePath::StringType>* extensions) const {
+    std::unordered_set<base::FilePath::StringType>* extensions) const {
 #if defined(OS_IOS)
   NSArray* extensions_list = nil;
 #else
diff --git a/chromium/net/base/platform_mime_util_win.cc b/chromium/net/base/platform_mime_util_win.cc
index fcac48faab5..18eec997fce 100644
--- a/chromium/net/base/platform_mime_util_win.cc
+++ b/chromium/net/base/platform_mime_util_win.cc
@@ -42,7 +42,7 @@ bool PlatformMimeUtil::GetPreferredExtensionForMimeType(
 
 void PlatformMimeUtil::GetPlatformExtensionsForMimeType(
     const std::string& mime_type,
-    base::hash_set<base::FilePath::StringType>* extensions) const {
+    std::unordered_set<base::FilePath::StringType>* extensions) const {
   // Multiple extensions could have the given mime type specified as their types
   // in their 'HKCR\.<extension>\Content Type' keys. Iterating all the HKCR
   // entries, though, is wildly impractical. Cheat by returning just the
diff --git a/chromium/net/base/prioritized_dispatcher_unittest.cc b/chromium/net/base/prioritized_dispatcher_unittest.cc
index 56489dfebb1..fffb47f252c 100644
--- a/chromium/net/base/prioritized_dispatcher_unittest.cc
+++ b/chromium/net/base/prioritized_dispatcher_unittest.cc
@@ -2,13 +2,15 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "net/base/prioritized_dispatcher.h"
+
 #include <ctype.h>
+
+#include <memory>
 #include <string>
 
 #include "base/compiler_specific.h"
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
-#include "net/base/prioritized_dispatcher.h"
 #include "net/base/request_priority.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
@@ -138,15 +140,15 @@ class PrioritizedDispatcherTest : public testing::Test {
     dispatcher_.reset(new PrioritizedDispatcher(limits));
   }
 
-  scoped_ptr<TestJob> AddJob(char data, Priority priority) {
-    scoped_ptr<TestJob> job(
+  std::unique_ptr<TestJob> AddJob(char data, Priority priority) {
+    std::unique_ptr<TestJob> job(
         new TestJob(dispatcher_.get(), data, priority, &log_));
     job->Add(false);
     return job;
   }
 
-  scoped_ptr<TestJob> AddJobAtHead(char data, Priority priority) {
-    scoped_ptr<TestJob> job(
+  std::unique_ptr<TestJob> AddJobAtHead(char data, Priority priority) {
+    std::unique_ptr<TestJob> job(
         new TestJob(dispatcher_.get(), data, priority, &log_));
     job->Add(true);
     return job;
@@ -160,7 +162,7 @@ class PrioritizedDispatcherTest : public testing::Test {
   }
 
   std::string log_;
-  scoped_ptr<PrioritizedDispatcher> dispatcher_;
+  std::unique_ptr<PrioritizedDispatcher> dispatcher_;
 };
 
 TEST_F(PrioritizedDispatcherTest, GetLimits) {
@@ -202,10 +204,10 @@ TEST_F(PrioritizedDispatcherTest, AddAFIFO) {
   PrioritizedDispatcher::Limits limits(NUM_PRIORITIES, 1);
   Prepare(limits);
 
-  scoped_ptr<TestJob> job_a = AddJob('a', IDLE);
-  scoped_ptr<TestJob> job_b = AddJob('b', IDLE);
-  scoped_ptr<TestJob> job_c = AddJob('c', IDLE);
-  scoped_ptr<TestJob> job_d = AddJob('d', IDLE);
+  std::unique_ptr<TestJob> job_a = AddJob('a', IDLE);
+  std::unique_ptr<TestJob> job_b = AddJob('b', IDLE);
+  std::unique_ptr<TestJob> job_c = AddJob('c', IDLE);
+  std::unique_ptr<TestJob> job_d = AddJob('d', IDLE);
 
   ASSERT_TRUE(job_a->running());
   job_a->Finish();
@@ -223,11 +225,11 @@ TEST_F(PrioritizedDispatcherTest, AddPriority) {
   PrioritizedDispatcher::Limits limits(NUM_PRIORITIES, 1);
   Prepare(limits);
 
-  scoped_ptr<TestJob> job_a = AddJob('a', IDLE);
-  scoped_ptr<TestJob> job_b = AddJob('b', MEDIUM);
-  scoped_ptr<TestJob> job_c = AddJob('c', HIGHEST);
-  scoped_ptr<TestJob> job_d = AddJob('d', HIGHEST);
-  scoped_ptr<TestJob> job_e = AddJob('e', MEDIUM);
+  std::unique_ptr<TestJob> job_a = AddJob('a', IDLE);
+  std::unique_ptr<TestJob> job_b = AddJob('b', MEDIUM);
+  std::unique_ptr<TestJob> job_c = AddJob('c', HIGHEST);
+  std::unique_ptr<TestJob> job_d = AddJob('d', HIGHEST);
+  std::unique_ptr<TestJob> job_e = AddJob('e', MEDIUM);
 
   ASSERT_TRUE(job_a->running());
   job_a->Finish();
@@ -247,12 +249,12 @@ TEST_F(PrioritizedDispatcherTest, AddAtHead) {
   PrioritizedDispatcher::Limits limits(NUM_PRIORITIES, 1);
   Prepare(limits);
 
-  scoped_ptr<TestJob> job_a = AddJob('a', MEDIUM);
-  scoped_ptr<TestJob> job_b = AddJobAtHead('b', MEDIUM);
-  scoped_ptr<TestJob> job_c = AddJobAtHead('c', HIGHEST);
-  scoped_ptr<TestJob> job_d = AddJobAtHead('d', HIGHEST);
-  scoped_ptr<TestJob> job_e = AddJobAtHead('e', MEDIUM);
-  scoped_ptr<TestJob> job_f = AddJob('f', MEDIUM);
+  std::unique_ptr<TestJob> job_a = AddJob('a', MEDIUM);
+  std::unique_ptr<TestJob> job_b = AddJobAtHead('b', MEDIUM);
+  std::unique_ptr<TestJob> job_c = AddJobAtHead('c', HIGHEST);
+  std::unique_ptr<TestJob> job_d = AddJobAtHead('d', HIGHEST);
+  std::unique_ptr<TestJob> job_e = AddJobAtHead('e', MEDIUM);
+  std::unique_ptr<TestJob> job_f = AddJob('f', MEDIUM);
 
   ASSERT_TRUE(job_a->running());
   job_a->Finish();
@@ -278,14 +280,14 @@ TEST_F(PrioritizedDispatcherTest, EnforceLimits) {
   limits.reserved_slots[LOW] = 1;
   Prepare(limits);
 
-  scoped_ptr<TestJob> job_a = AddJob('a', IDLE);     // Uses unreserved slot.
-  scoped_ptr<TestJob> job_b = AddJob('b', IDLE);     // Uses unreserved slot.
-  scoped_ptr<TestJob> job_c = AddJob('c', LOWEST);   // Must wait.
-  scoped_ptr<TestJob> job_d = AddJob('d', LOW);      // Uses reserved slot.
-  scoped_ptr<TestJob> job_e = AddJob('e', MEDIUM);   // Must wait.
-  scoped_ptr<TestJob> job_f = AddJob('f', HIGHEST);  // Uses reserved slot.
-  scoped_ptr<TestJob> job_g = AddJob('g', HIGHEST);  // Uses reserved slot.
-  scoped_ptr<TestJob> job_h = AddJob('h', HIGHEST);  // Must wait.
+  std::unique_ptr<TestJob> job_a = AddJob('a', IDLE);  // Uses unreserved slot.
+  std::unique_ptr<TestJob> job_b = AddJob('b', IDLE);  // Uses unreserved slot.
+  std::unique_ptr<TestJob> job_c = AddJob('c', LOWEST);   // Must wait.
+  std::unique_ptr<TestJob> job_d = AddJob('d', LOW);      // Uses reserved slot.
+  std::unique_ptr<TestJob> job_e = AddJob('e', MEDIUM);   // Must wait.
+  std::unique_ptr<TestJob> job_f = AddJob('f', HIGHEST);  // Uses reserved slot.
+  std::unique_ptr<TestJob> job_g = AddJob('g', HIGHEST);  // Uses reserved slot.
+  std::unique_ptr<TestJob> job_h = AddJob('h', HIGHEST);  // Must wait.
 
   EXPECT_EQ(5u, dispatcher_->num_running_jobs());
   EXPECT_EQ(3u, dispatcher_->num_queued_jobs());
@@ -318,11 +320,11 @@ TEST_F(PrioritizedDispatcherTest, ChangePriority) {
   limits.reserved_slots[HIGHEST] = 1;
   Prepare(limits);
 
-  scoped_ptr<TestJob> job_a = AddJob('a', IDLE);
-  scoped_ptr<TestJob> job_b = AddJob('b', LOW);
-  scoped_ptr<TestJob> job_c = AddJob('c', MEDIUM);
-  scoped_ptr<TestJob> job_d = AddJob('d', MEDIUM);
-  scoped_ptr<TestJob> job_e = AddJob('e', IDLE);
+  std::unique_ptr<TestJob> job_a = AddJob('a', IDLE);
+  std::unique_ptr<TestJob> job_b = AddJob('b', LOW);
+  std::unique_ptr<TestJob> job_c = AddJob('c', MEDIUM);
+  std::unique_ptr<TestJob> job_d = AddJob('d', MEDIUM);
+  std::unique_ptr<TestJob> job_e = AddJob('e', IDLE);
 
   ASSERT_FALSE(job_b->running());
   ASSERT_FALSE(job_c->running());
@@ -353,11 +355,11 @@ TEST_F(PrioritizedDispatcherTest, Cancel) {
   PrioritizedDispatcher::Limits limits(NUM_PRIORITIES, 1);
   Prepare(limits);
 
-  scoped_ptr<TestJob> job_a = AddJob('a', IDLE);
-  scoped_ptr<TestJob> job_b = AddJob('b', IDLE);
-  scoped_ptr<TestJob> job_c = AddJob('c', IDLE);
-  scoped_ptr<TestJob> job_d = AddJob('d', IDLE);
-  scoped_ptr<TestJob> job_e = AddJob('e', IDLE);
+  std::unique_ptr<TestJob> job_a = AddJob('a', IDLE);
+  std::unique_ptr<TestJob> job_b = AddJob('b', IDLE);
+  std::unique_ptr<TestJob> job_c = AddJob('c', IDLE);
+  std::unique_ptr<TestJob> job_d = AddJob('d', IDLE);
+  std::unique_ptr<TestJob> job_e = AddJob('e', IDLE);
 
   ASSERT_FALSE(job_b->running());
   ASSERT_FALSE(job_d->running());
@@ -378,11 +380,11 @@ TEST_F(PrioritizedDispatcherTest, Evict) {
   PrioritizedDispatcher::Limits limits(NUM_PRIORITIES, 1);
   Prepare(limits);
 
-  scoped_ptr<TestJob> job_a = AddJob('a', IDLE);
-  scoped_ptr<TestJob> job_b = AddJob('b', LOW);
-  scoped_ptr<TestJob> job_c = AddJob('c', HIGHEST);
-  scoped_ptr<TestJob> job_d = AddJob('d', LOW);
-  scoped_ptr<TestJob> job_e = AddJob('e', HIGHEST);
+  std::unique_ptr<TestJob> job_a = AddJob('a', IDLE);
+  std::unique_ptr<TestJob> job_b = AddJob('b', LOW);
+  std::unique_ptr<TestJob> job_c = AddJob('c', HIGHEST);
+  std::unique_ptr<TestJob> job_d = AddJob('d', LOW);
+  std::unique_ptr<TestJob> job_e = AddJob('e', HIGHEST);
 
   EXPECT_EQ(job_b.get(), dispatcher_->EvictOldestLowest());
   EXPECT_EQ(job_d.get(), dispatcher_->EvictOldestLowest());
@@ -408,9 +410,9 @@ TEST_F(PrioritizedDispatcherTest, AddWhileZeroLimits) {
   Prepare(limits);
 
   dispatcher_->SetLimitsToZero();
-  scoped_ptr<TestJob> job_a = AddJob('a', LOW);
-  scoped_ptr<TestJob> job_b = AddJob('b', MEDIUM);
-  scoped_ptr<TestJob> job_c = AddJobAtHead('c', MEDIUM);
+  std::unique_ptr<TestJob> job_a = AddJob('a', LOW);
+  std::unique_ptr<TestJob> job_b = AddJob('b', MEDIUM);
+  std::unique_ptr<TestJob> job_c = AddJobAtHead('c', MEDIUM);
 
   EXPECT_EQ(0u, dispatcher_->num_running_jobs());
   EXPECT_EQ(3u, dispatcher_->num_queued_jobs());
@@ -435,11 +437,11 @@ TEST_F(PrioritizedDispatcherTest, ReduceLimitsWhileJobQueued) {
   PrioritizedDispatcher::Limits initial_limits(NUM_PRIORITIES, 2);
   Prepare(initial_limits);
 
-  scoped_ptr<TestJob> job_a = AddJob('a', MEDIUM);
-  scoped_ptr<TestJob> job_b = AddJob('b', MEDIUM);
-  scoped_ptr<TestJob> job_c = AddJob('c', MEDIUM);
-  scoped_ptr<TestJob> job_d = AddJob('d', MEDIUM);
-  scoped_ptr<TestJob> job_e = AddJob('e', MEDIUM);
+  std::unique_ptr<TestJob> job_a = AddJob('a', MEDIUM);
+  std::unique_ptr<TestJob> job_b = AddJob('b', MEDIUM);
+  std::unique_ptr<TestJob> job_c = AddJob('c', MEDIUM);
+  std::unique_ptr<TestJob> job_d = AddJob('d', MEDIUM);
+  std::unique_ptr<TestJob> job_e = AddJob('e', MEDIUM);
 
   EXPECT_EQ(2u, dispatcher_->num_running_jobs());
   EXPECT_EQ(3u, dispatcher_->num_queued_jobs());
@@ -479,9 +481,9 @@ TEST_F(PrioritizedDispatcherTest, ZeroLimitsThenCancel) {
   PrioritizedDispatcher::Limits limits(NUM_PRIORITIES, 1);
   Prepare(limits);
 
-  scoped_ptr<TestJob> job_a = AddJob('a', IDLE);
-  scoped_ptr<TestJob> job_b = AddJob('b', IDLE);
-  scoped_ptr<TestJob> job_c = AddJob('c', IDLE);
+  std::unique_ptr<TestJob> job_a = AddJob('a', IDLE);
+  std::unique_ptr<TestJob> job_b = AddJob('b', IDLE);
+  std::unique_ptr<TestJob> job_c = AddJob('c', IDLE);
   dispatcher_->SetLimitsToZero();
 
   ASSERT_TRUE(job_a->running());
@@ -509,8 +511,8 @@ TEST_F(PrioritizedDispatcherTest, ZeroLimitsThenIncreasePriority) {
   limits.reserved_slots[HIGHEST] = 1;
   Prepare(limits);
 
-  scoped_ptr<TestJob> job_a = AddJob('a', IDLE);
-  scoped_ptr<TestJob> job_b = AddJob('b', IDLE);
+  std::unique_ptr<TestJob> job_a = AddJob('a', IDLE);
+  std::unique_ptr<TestJob> job_b = AddJob('b', IDLE);
   EXPECT_TRUE(job_a->running());
   EXPECT_FALSE(job_b->running());
   dispatcher_->SetLimitsToZero();
@@ -535,7 +537,7 @@ TEST_F(PrioritizedDispatcherTest, CancelMissing) {
   PrioritizedDispatcher::Limits limits(NUM_PRIORITIES, 1);
   Prepare(limits);
   AddJob('a', IDLE);
-  scoped_ptr<TestJob> job_b = AddJob('b', IDLE);
+  std::unique_ptr<TestJob> job_b = AddJob('b', IDLE);
   PrioritizedDispatcher::Handle handle = job_b->handle();
   ASSERT_FALSE(handle.is_null());
   dispatcher_->Cancel(handle);
diff --git a/chromium/net/base/priority_queue.h b/chromium/net/base/priority_queue.h
index a955e6a3689..5ea8679e4be 100644
--- a/chromium/net/base/priority_queue.h
+++ b/chromium/net/base/priority_queue.h
@@ -17,7 +17,7 @@
 #include "net/base/net_export.h"
 
 #if !defined(NDEBUG)
-#include "base/containers/hash_tables.h"
+#include <unordered_set>
 #endif
 
 namespace net {
@@ -300,7 +300,7 @@ class PriorityQueue : public base::NonThreadSafe {
 
 #if !defined(NDEBUG)
   unsigned next_id_;
-  base::hash_set<unsigned> valid_ids_;
+  std::unordered_set<unsigned> valid_ids_;
 #endif
 
   ListVector lists_;
diff --git a/chromium/net/base/registry_controlled_domains/effective_tld_names.dat b/chromium/net/base/registry_controlled_domains/effective_tld_names.dat
index 39db97a8773..8ff464c6d92 100644
--- a/chromium/net/base/registry_controlled_domains/effective_tld_names.dat
+++ b/chromium/net/base/registry_controlled_domains/effective_tld_names.dat
@@ -270,18 +270,14 @@ name.az
 pro.az
 biz.az
 
-// ba : https://en.wikipedia.org/wiki/.ba
+// ba : http://nic.ba/users_data/files/pravilnik_o_registraciji.pdf
 ba
-org.ba
-net.ba
+com.ba
 edu.ba
 gov.ba
 mil.ba
-unsa.ba
-unbi.ba
-co.ba
-com.ba
-rs.ba
+net.ba
+org.ba
 
 // bb : https://en.wikipedia.org/wiki/.bb
 bb
@@ -2552,7 +2548,6 @@ hitoyoshi.kumamoto.jp
 kamiamakusa.kumamoto.jp
 kashima.kumamoto.jp
 kikuchi.kumamoto.jp
-kosa.kumamoto.jp
 kumamoto.kumamoto.jp
 mashiki.kumamoto.jp
 mifune.kumamoto.jp
@@ -2637,7 +2632,6 @@ iwanuma.miyagi.jp
 kakuda.miyagi.jp
 kami.miyagi.jp
 kawasaki.miyagi.jp
-kesennuma.miyagi.jp
 marumori.miyagi.jp
 matsushima.miyagi.jp
 minamisanriku.miyagi.jp
@@ -10636,6 +10630,10 @@ zuerich
 // ===BEGIN PRIVATE DOMAINS===
 // (Note: these are in alphabetical order by company name)
 
+// Agnat sp. z o.o. : https://domena.pl
+// Submitted by Przemyslaw Plewa <it-admin@domena.pl>
+beep.pl
+
 // Alces Software Ltd : http://alces-software.com
 // Submitted by Mark J. Titorenko <mark.titorenko@alces-software.com>
 *.compute.estate
@@ -10646,24 +10644,24 @@ zuerich
 cloudfront.net
 
 // Amazon Elastic Compute Cloud: https://aws.amazon.com/ec2/
-// Submitted by Luke Wells <lawells@amazon.com>
+// Submitted by Philip Allchin <pallchin@amazon.com>
+compute.amazonaws.com
 ap-northeast-1.compute.amazonaws.com
 ap-northeast-2.compute.amazonaws.com
 ap-southeast-1.compute.amazonaws.com
 ap-southeast-2.compute.amazonaws.com
-cn-north-1.compute.amazonaws.cn
-compute-1.amazonaws.com
-compute.amazonaws.cn
-compute.amazonaws.com
 eu-central-1.compute.amazonaws.com
 eu-west-1.compute.amazonaws.com
 sa-east-1.compute.amazonaws.com
-us-east-1.amazonaws.com
 us-gov-west-1.compute.amazonaws.com
 us-west-1.compute.amazonaws.com
 us-west-2.compute.amazonaws.com
+us-east-1.amazonaws.com
+compute-1.amazonaws.com
 z-1.compute-1.amazonaws.com
 z-2.compute-1.amazonaws.com
+compute.amazonaws.com.cn
+cn-north-1.compute.amazonaws.com.cn
 
 // Amazon Elastic Beanstalk : https://aws.amazon.com/elasticbeanstalk/
 // Submitted by Adam Stein <astein@amazon.com>
@@ -10697,6 +10695,13 @@ s3.eu-central-1.amazonaws.com
 // Submitted by Thomas Orozco <thomas@aptible.com>
 on-aptible.com
 
+// Association potager.org : https://potager.org/
+// Submitted by Lunar <jardiniers@potager.org>
+potager.org
+poivron.org
+sweetpepper.org
+pimienta.org
+
 // AVM : https://avm.de
 // Submitted by Andreas Weise <a.weise@avm.de>
 myfritz.net
@@ -10705,6 +10710,14 @@ myfritz.net
 // Submitted by Adrian <adrian@betainabox.com>
 betainabox.com
 
+// Boxfuse : https://boxfuse.com
+// Submitted by Axel Fontaine <axel@boxfuse.com>
+boxfuse.io
+
+// callidomus: https://www.callidomus.com/
+// Submitted by Marcus Popp <admin@callidomus.com>
+mycd.eu
+
 // CentralNic : http://www.centralnic.com/names/domains
 // Submitted by registry <gavin.brown@centralnic.com>
 ae.org
@@ -10759,10 +10772,18 @@ co.com
 // c.la : http://www.c.la/
 c.la
 
+// certmgr.org : https://certmgr.org
+// Submitted by B. Blechschmidt <hostmaster@certmgr.org>
+certmgr.org
+
 // Citrix : https://citrix.com
 // Submitted by Alex Stoddard <alex.stoddard@citrix.com>
 xenapponazure.com
 
+// ClearVox : http://www.clearvox.nl/
+// Submitted by Leon Rowland <leon@clearvox.nl>
+virtueeldomein.nl
+
 // cloudControl : https://www.cloudcontrol.com/
 // Submitted by Tobias Wilken <tw@cloudcontrol.com>
 cloudcontrolled.com
@@ -10792,6 +10813,14 @@ co.no
 // CHROMIUM - Disabled as per https://code.google.com/p/chromium/issues/detail?id=459802
 // *.platform.sh
 
+// Craynic, s.r.o. : http://www.craynic.com/
+// Submitted by Ales Krajnik <ales.krajnik@craynic.com>
+realm.cz
+
+// Cryptonomic : https://cryptonomic.net/
+// Submitted by Andrew Cady <public-suffix-list@cryptonomic.net>
+*.cryptonomic.net
+
 // Cupcake : https://cupcake.io/
 // Submitted by Jonathan Rudenberg <jonathan@cupcake.io>
 cupcake.is
@@ -10833,6 +10862,11 @@ mydrobo.com
 // Submitted by Richard Harper <richard@duckdns.org>
 duckdns.org
 
+// dy.fi : http://dy.fi/
+// Submitted by Heikki Hannikainen <hessu@hes.iki.fi>
+dy.fi
+tunk.org
+
 // DynDNS.com : http://www.dyndns.com/services/dns/dyndns/
 dyndns-at-home.com
 dyndns-at-work.com
@@ -11118,6 +11152,10 @@ writesthisblog.com
 // Submitted by Dominik Menke <dom@digineo.de> 2016-01-18
 dynv6.net
 
+// E4YOU spol. s.r.o. : https://e4you.cz/
+// Submitted by Vladimir Dudr <info@e4you.cz>
+e4.cz
+
 // EU.org https://eu.org/
 // Submitted by Pierre Beyssac <hostmaster@eu.org>
 eu.org
@@ -11177,6 +11215,13 @@ tr.eu.org
 uk.eu.org
 us.eu.org
 
+// Evennode : http://www.evennode.com/
+// Submitted by Michal Kralik <support@evennode.com>
+eu-1.evennode.com
+eu-2.evennode.com
+us-1.evennode.com
+us-2.evennode.com
+
 // Facebook, Inc.
 // Submitted by Peter Ruibal <public-suffix@fb.com>
 apps.fbsbx.com
@@ -11189,6 +11234,10 @@ global.ssl.fastly.net
 a.prod.fastly.net
 global.prod.fastly.net
 
+// Featherhead : https://featherhead.xyz/
+// Submitted by Simon Menke <simon@featherhead.xyz>
+fhapp.xyz
+
 // Firebase, Inc.
 // Submitted by Chris Raynor <chris@firebase.com>
 firebaseapp.com
@@ -11197,6 +11246,15 @@ firebaseapp.com
 // Submitted by Jonathan Rudenberg <jonathan@flynn.io>
 flynnhub.com
 
+// Freebox : http://www.freebox.fr
+// Submitted by Romain Fliedel <rfliedel@freebox.fr>
+freebox-os.com
+freeboxos.com
+fbx-os.fr
+fbxos.fr
+freebox-os.fr
+freeboxos.fr
+
 // GDS : https://www.gov.uk/service-manual/operations/operating-servicegovuk-subdomains
 // Submitted by David Illsley <david.illsley@digital.cabinet-office.gov.uk>
 service.gov.uk
@@ -11308,6 +11366,14 @@ withyoutube.com
 // Hashbang : https://hashbang.sh
 hashbang.sh
 
+// Hasura : https://hasura.io
+// Submitted by Shahidh K Muhammed <shahidh@hasura.io>
+hasura-app.io
+
+// Hepforge : https://www.hepforge.org
+// Submitted by David Grellscheid <admin@hepforge.org>
+hepforge.org
+
 // Heroku : https://www.heroku.com/
 // Submitted by Tom Maher <tmaher@heroku.com>
 herokuapp.com
@@ -11321,6 +11387,15 @@ iki.fi
 biz.at
 info.at
 
+// Magento Commerce
+// Submitted by Damien Tournoud <dtournoud@magento.cloud>
+*.magentosite.cloud
+
+// Meteor Development Group : https://www.meteor.com/hosting
+// Submitted by Pierre Carrier <pierre@meteor.com>
+meteorapp.com
+eu.meteorapp.com
+
 // Michau Enterprises Limited : http://www.co.pl/
 co.pl
 
@@ -11351,6 +11426,94 @@ nfshost.com
 nsupdate.info
 nerdpol.ovh
 
+// No-IP.com : https://noip.com/
+// Submitted by Deven Reza <publicsuffixlist@noip.com>
+blogsyte.com
+brasilia.me
+cable-modem.org
+ciscofreak.com
+collegefan.org
+couchpotatofries.org
+damnserver.com
+ddns.me
+ditchyourip.com
+dnsfor.me
+dnsiskinky.com
+dvrcam.info
+dynns.com
+eating-organic.net
+fantasyleague.cc
+geekgalaxy.com
+golffan.us
+health-carereform.com
+homesecuritymac.com
+homesecuritypc.com
+hopto.me
+ilovecollege.info
+loginto.me
+mlbfan.org
+mmafan.biz
+myactivedirectory.com
+mydissent.net
+myeffect.net
+mymediapc.net
+mypsx.net
+mysecuritycamera.com
+mysecuritycamera.net
+mysecuritycamera.org
+net-freaks.com
+nflfan.org
+nhlfan.net
+no-ip.ca
+no-ip.co.uk
+no-ip.net
+noip.us
+onthewifi.com
+pgafan.net
+point2this.com
+pointto.us
+privatizehealthinsurance.net
+quicksytes.com
+read-books.org
+securitytactics.com
+serveexchange.com
+servehumour.com
+servep2p.com
+servesarcasm.com
+stufftoread.com
+ufcfan.org
+unusualperson.com
+workisboring.com
+3utilities.com
+bounceme.net
+ddns.net
+ddnsking.com
+gotdns.ch
+hopto.org
+myftp.biz
+myftp.org
+myvnc.com
+no-ip.biz
+no-ip.info
+no-ip.org
+noip.me
+redirectme.net
+servebeer.com
+serveblog.net
+servecounterstrike.com
+serveftp.com
+servegame.com
+servehalflife.com
+servehttp.com
+serveirc.com
+serveminecraft.net
+servemp3.com
+servepics.com
+servequake.com
+sytes.net
+webhop.me
+zapto.org
+
 // NYC.mn : http://www.information.nyc.mn
 // Submitted by Matthew Brown <mattbrown@nyc.mn>
 nyc.mn
@@ -11375,6 +11538,10 @@ ownprovider.com
 // Submitted by Charly Coste <changaco@changaco.oy.lc>
 oy.lc
 
+// Pagefog : https://pagefog.com/
+// Submitted by Derek Myers <derek@pagefog.com>
+pgfog.com
+
 // Pagefront : https://www.pagefronthq.com/
 // Submitted by Jason Kriss <jason@pagefronthq.com>
 pagefrontapp.com
@@ -11429,18 +11596,37 @@ hzc.io
 // Submitted by Asheesh Laroia <asheesh@sandstorm.io>
 sandcats.io
 
+// SBE network solutions GmbH : https://www.sbe.de/
+// Submitted by Norman Meilick <nm@sbe.de>
+logoip.de
+logoip.com
+
 // Service Online LLC : http://drs.ua/
 // Submitted by Serhii Bulakh <support@drs.ua>
 biz.ua
 co.ua
 pp.ua
 
+// Shopblocks : http://www.shopblocks.com/
+// Submitted by Alex Bowers <alex@shopblocks.com>
+myshopblocks.com
+
 // SinaAppEngine : http://sae.sina.com.cn/
 // Submitted by SinaAppEngine <saesupport@sinacloud.com>
 sinaapp.com
 vipsinaapp.com
 1kapp.com
 
+// Skyhat : http://www.skyhat.io
+// Submitted by Shante Adam <shante@skyhat.io>
+bounty-full.com
+alpha.bounty-full.com
+beta.bounty-full.com
+
+// SpaceKit : https://www.spacekit.io/
+// Submitted by Reza Akhavan <spacekit.io@gmail.com>
+spacekit.io
+
 // Synology, Inc. : https://www.synology.com/
 // Submitted by Rony Weng <ronyweng@synology.com>
 diskstation.me
@@ -11464,11 +11650,15 @@ gdynia.pl
 med.pl
 sopot.pl
 
-// TownNews.com domains : http://www.townnews.com
+// TownNews.com : http://www.townnews.com
 // Submitted by Dustin Ward <dward@townnews.com>
 bloxcms.com
 townnews-staging.com
 
+// TuxFamily : http://tuxfamily.org
+// Submitted by TuxFamily administrators <adm@staff.tuxfamily.org>
+tuxfamily.org
+
 // UDR Limited : http://www.udr.hk.com
 // Submitted by registry <hostmaster@udr.hk.com>
 hk.com
diff --git a/chromium/net/base/registry_controlled_domains/effective_tld_names.gperf b/chromium/net/base/registry_controlled_domains/effective_tld_names.gperf
index e2901fcbfae..587d03e1fea 100644
--- a/chromium/net/base/registry_controlled_domains/effective_tld_names.gperf
+++ b/chromium/net/base/registry_controlled_domains/effective_tld_names.gperf
@@ -18,6 +18,7 @@ struct DomainRule {
 2.bg, 0
 2000.hu, 0
 3.bg, 0
+3utilities.com, 4
 4.bg, 0
 4u.com, 4
 5.bg, 0
@@ -215,6 +216,7 @@ alipay, 0
 allfinanz, 0
 allstate, 0
 ally, 0
+alpha.bounty-full.com, 4
 alsace, 0
 alstahaug.no, 0
 alstom, 0
@@ -555,6 +557,7 @@ beauty, 0
 beauxarts.museum, 0
 bedzin.pl, 0
 beeldengeluid.museum, 0
+beep.pl, 4
 beer, 0
 beiarn.no, 0
 bel.tr, 0
@@ -578,6 +581,7 @@ beskidy.pl, 0
 best, 0
 bestbuy, 0
 bet, 0
+beta.bounty-full.com, 4
 betainabox.com, 4
 better-than.tv, 4
 bf, 0
@@ -727,6 +731,7 @@ blogspot.td, 4
 blogspot.tw, 4
 blogspot.ug, 4
 blogspot.vn, 4
+blogsyte.com, 4
 bloomberg, 0
 bloxcms.com, 4
 blue, 0
@@ -770,8 +775,11 @@ botanical.museum, 0
 botanicalgarden.museum, 0
 botanicgarden.museum, 0
 botany.museum, 0
+bounceme.net, 4
+bounty-full.com, 4
 boutique, 0
 box, 0
+boxfuse.io, 4
 bozen.it, 0
 br, 0
 br.com, 4
@@ -780,6 +788,7 @@ bradesco, 0
 brand.se, 0
 brandywinevalley.museum, 0
 brasil.museum, 0
+brasilia.me, 4
 bremanger.no, 0
 brescia.it, 0
 bridgestone, 0
@@ -850,6 +859,7 @@ ca.na, 0
 ca.us, 0
 caa.aero, 0
 cab, 0
+cable-modem.org, 4
 cadaques.museum, 0
 cafe, 0
 cagliari.it, 0
@@ -985,6 +995,7 @@ center.museum, 0
 ceo, 0
 cern, 0
 certification.aero, 0
+certmgr.org, 4
 cesena-forli.it, 0
 cesenaforli.it, 0
 cf, 0
@@ -1076,6 +1087,7 @@ cipriani, 0
 circle, 0
 circus.museum, 0
 cisco, 0
+ciscofreak.com, 4
 citadel, 0
 citi, 0
 citic, 0
@@ -1118,7 +1130,7 @@ clubmed, 0
 cm, 0
 cmw.ru, 0
 cn, 0
-cn-north-1.compute.amazonaws.cn, 4
+cn-north-1.compute.amazonaws.com.cn, 4
 cn.com, 4
 cn.eu.org, 4
 cn.it, 0
@@ -1130,7 +1142,6 @@ co.ae, 0
 co.ag, 0
 co.ao, 0
 co.at, 0
-co.ba, 0
 co.bb, 0
 co.bi, 0
 co.bw, 0
@@ -1199,6 +1210,7 @@ coffee, 0
 coldwar.museum, 0
 collection.museum, 0
 college, 0
+collegefan.org, 4
 cologne, 0
 colonialwilliamsburg.museum, 0
 coloradoplateau.museum, 0
@@ -1346,8 +1358,8 @@ como.it, 0
 company, 0
 compare, 0
 compute-1.amazonaws.com, 4
-compute.amazonaws.cn, 4
 compute.amazonaws.com, 4
+compute.amazonaws.com.cn, 4
 compute.estate, 6
 computer, 0
 computer.museum, 0
@@ -1385,6 +1397,7 @@ corsica, 0
 corvette.museum, 0
 cosenza.it, 0
 costume.museum, 0
+couchpotatofries.org, 4
 council.aero, 0
 country, 0
 countryestate.museum, 0
@@ -1413,6 +1426,7 @@ crown, 0
 crs, 0
 cruise, 0
 cruises, 0
+cryptonomic.net, 6
 cs.it, 0
 csc, 0
 ct.it, 0
@@ -1455,6 +1469,7 @@ daito.osaka.jp, 0
 daiwa.hiroshima.jp, 0
 dali.museum, 0
 dallas.museum, 0
+damnserver.com, 4
 dance, 0
 daplie.me, 4
 database.museum, 0
@@ -1469,6 +1484,9 @@ day, 0
 dazaifu.fukuoka.jp, 0
 dc.us, 0
 dclk, 0
+ddns.me, 4
+ddns.net, 4
+ddnsking.com, 4
 ddr.museum, 0
 dds, 0
 de, 0
@@ -1518,6 +1536,7 @@ discover, 0
 discovery.museum, 0
 dish, 0
 diskstation.me, 4
+ditchyourip.com, 4
 divtasvuodna.no, 0
 divttasvuotna.no, 0
 diy, 0
@@ -1537,7 +1556,9 @@ dnsalias.org, 4
 dnsdojo.com, 4
 dnsdojo.net, 4
 dnsdojo.org, 4
+dnsfor.me, 4
 dnshome.de, 4
+dnsiskinky.com, 4
 do, 0
 docs, 0
 dodge, 0
@@ -1587,8 +1608,10 @@ dupont, 0
 durban, 0
 durham.museum, 0
 dvag, 0
+dvrcam.info, 4
 dvrdns.org, 4
 dwg, 0
+dy.fi, 4
 dyn-o-saur.com, 4
 dynalias.com, 4
 dynalias.net, 4
@@ -1613,6 +1636,7 @@ dyndns.info, 4
 dyndns.org, 4
 dyndns.tv, 4
 dyndns.ws, 4
+dynns.com, 4
 dynv6.net, 4
 dyroy.no, 0
 dz, 0
@@ -1621,10 +1645,12 @@ e.bg, 0
 e.se, 0
 e12.ve, 0
 e164.arpa, 0
+e4.cz, 4
 earth, 0
 eastafrica.museum, 0
 eastcoast.museum, 0
 eat, 0
+eating-organic.net, 4
 ebetsu.hokkaido.jp, 0
 ebina.kanagawa.jp, 0
 ebino.miyazaki.jp, 0
@@ -1856,10 +1882,13 @@ etisalat, 0
 etne.no, 0
 etnedal.no, 0
 eu, 0
+eu-1.evennode.com, 4
+eu-2.evennode.com, 4
 eu-central-1.compute.amazonaws.com, 4
 eu-west-1.compute.amazonaws.com, 4
 eu.com, 4
 eu.int, 0
+eu.meteorapp.com, 4
 eu.org, 4
 eun.eg, 0
 eurovision, 0
@@ -1894,6 +1923,7 @@ familyds.net, 4
 familyds.org, 4
 fan, 0
 fans, 0
+fantasyleague.cc, 4
 far.br, 0
 fareast.ru, 0
 farm, 0
@@ -1906,6 +1936,8 @@ farsund.no, 0
 fashion, 0
 fast, 0
 fauske.no, 0
+fbx-os.fr, 4
+fbxos.fr, 4
 fc.it, 0
 fe.it, 0
 fed.us, 0
@@ -1921,6 +1953,7 @@ fet.no, 0
 fetsund.no, 0
 fg.it, 0
 fh.se, 0
+fhapp.xyz, 4
 fhs.no, 0
 fhsk.se, 0
 fhv.se, 0
@@ -2036,6 +2069,10 @@ frankfurt.museum, 0
 franziskaner.museum, 0
 fredrikstad.no, 0
 free, 0
+freebox-os.com, 4
+freebox-os.fr, 4
+freeboxos.com, 4
+freeboxos.fr, 4
 freemasonry.museum, 0
 frei.no, 0
 freiburg.museum, 0
@@ -2229,6 +2266,7 @@ ge, 0
 ge.it, 0
 gea, 0
 geek.nz, 0
+geekgalaxy.com, 4
 geelvinck.museum, 0
 geisei.kochi.jp, 0
 gemological.museum, 0
@@ -2335,6 +2373,7 @@ gol.no, 0
 gold, 0
 goldpoint, 0
 golf, 0
+golffan.us, 4
 gon.pk, 0
 gonohe.aomori.jp, 0
 goo, 0
@@ -2354,6 +2393,7 @@ gose.nara.jp, 0
 gosen.niigata.jp, 0
 goshiki.hyogo.jp, 0
 got, 0
+gotdns.ch, 4
 gotdns.com, 4
 gotdns.org, 4
 gotemba.shizuoka.jp, 0
@@ -2641,6 +2681,7 @@ hashikami.aomori.jp, 0
 hashima.gifu.jp, 0
 hashimoto.wakayama.jp, 0
 hasuda.saitama.jp, 0
+hasura-app.io, 4
 hasvik.no, 0
 hatogaya.saitama.jp, 0
 hatoyama.saitama.jp, 0
@@ -2658,6 +2699,7 @@ hdfc, 0
 hdfcbank, 0
 he.cn, 0
 health, 0
+health-carereform.com, 4
 health.museum, 0
 health.nz, 0
 health.vn, 0
@@ -2673,6 +2715,7 @@ hembygdsforbund.museum, 0
 hemne.no, 0
 hemnes.no, 0
 hemsedal.no, 0
+hepforge.org, 4
 herad.no, 0
 here, 0
 here-for-more.info, 4
@@ -2809,6 +2852,8 @@ homelinux.com, 4
 homelinux.net, 4
 homelinux.org, 4
 homes, 0
+homesecuritymac.com, 4
+homesecuritypc.com, 4
 homesense, 0
 homeunix.com, 4
 homeunix.net, 4
@@ -2822,6 +2867,8 @@ hongo.hiroshima.jp, 0
 honjo.akita.jp, 0
 honjo.saitama.jp, 0
 honjyo.akita.jp, 0
+hopto.me, 4
+hopto.org, 4
 hornindal.no, 0
 horokanai.hokkaido.jp, 0
 horology.museum, 0
@@ -2937,6 +2984,7 @@ il.eu.org, 4
 il.us, 0
 ilawa.pl, 0
 illustration.museum, 0
+ilovecollege.info, 4
 im, 0
 im.it, 0
 imabari.ehime.jp, 0
@@ -3523,7 +3571,6 @@ kepno.pl, 0
 kerryhotels, 0
 kerrylogistics, 0
 kerryproperties, 0
-kesennuma.miyagi.jp, 0
 ketrzyn.pl, 0
 kfh, 0
 kg, 0
@@ -3657,7 +3704,6 @@ koori.fukushima.jp, 0
 kopervik.no, 0
 koriyama.fukushima.jp, 0
 koryo.nara.jp, 0
-kosa.kumamoto.jp, 0
 kosai.shizuoka.jp, 0
 kosaka.akita.jp, 0
 kosei.shiga.jp, 0
@@ -3971,7 +4017,10 @@ locus, 0
 lodi.it, 0
 lodingen.no, 0
 loft, 0
+loginto.me, 4
 logistics.aero, 0
+logoip.com, 4
+logoip.de, 4
 lol, 0
 lom.it, 0
 lom.no, 0
@@ -4046,6 +4095,7 @@ madrid.museum, 0
 maebashi.gunma.jp, 0
 magadan.ru, 0
 magazine.aero, 0
+magentosite.cloud, 6
 maibara.shiga.jp, 0
 maif, 0
 mail.pl, 0
@@ -4186,6 +4236,7 @@ meraker.no, 0
 merseine.nu, 4
 mesaverde.museum, 0
 messina.it, 0
+meteorapp.com, 4
 metlife, 0
 mex.com, 4
 mg, 0
@@ -4375,9 +4426,11 @@ mk.eu.org, 4
 mk.ua, 0
 ml, 0
 mlb, 0
+mlbfan.org, 4
 mls, 0
 mm, 2
 mma, 0
+mmafan.biz, 4
 mn, 0
 mn.it, 0
 mn.us, 0
@@ -4523,15 +4576,28 @@ mx.na, 0
 my, 0
 my.eu.org, 4
 my.id, 0
+myactivedirectory.com, 4
+mycd.eu, 4
+mydissent.net, 4
 mydrobo.com, 4
 myds.me, 4
+myeffect.net, 4
 myfritz.net, 4
+myftp.biz, 4
+myftp.org, 4
 mykolaiv.ua, 0
+mymediapc.net, 4
 myoko.niigata.jp, 0
 mypep.link, 4
 mypets.ws, 4
 myphotos.cc, 4
+mypsx.net, 4
+mysecuritycamera.com, 4
+mysecuritycamera.net, 4
+mysecuritycamera.org, 4
+myshopblocks.com, 4
 mytis.ru, 0
+myvnc.com, 4
 mz, 2
 mzansimagic, 0
 n.bg, 0
@@ -4698,6 +4764,7 @@ nesoddtangen.no, 0
 nesseby.no, 0
 nesset.no, 0
 net, 0
+net-freaks.com, 4
 net.ac, 0
 net.ae, 0
 net.af, 0
@@ -4845,6 +4912,7 @@ neyagawa.osaka.jp, 0
 nf, 0
 nf.ca, 0
 nfl, 0
+nflfan.org, 4
 nfshost.com, 4
 ng, 0
 ng.eu.org, 4
@@ -4855,6 +4923,7 @@ ngo.za, 0
 ngrok.io, 4
 nh.us, 0
 nhk, 0
+nhlfan.net, 4
 nhs.uk, 0
 ni, 0
 nic.in, 0
@@ -4919,6 +4988,12 @@ nm.cn, 0
 nm.us, 0
 nnov.ru, 0
 no, 0
+no-ip.biz, 4
+no-ip.ca, 4
+no-ip.co.uk, 4
+no-ip.info, 4
+no-ip.net, 4
+no-ip.org, 4
 no.com, 4
 no.eu.org, 4
 no.it, 0
@@ -4929,6 +5004,8 @@ noda.iwate.jp, 0
 nogata.fukuoka.jp, 0
 nogi.tochigi.jp, 0
 noheji.aomori.jp, 0
+noip.me, 4
+noip.us, 4
 nokia, 0
 nom.ad, 0
 nom.ag, 0
@@ -5155,6 +5232,7 @@ ono.hyogo.jp, 0
 onojo.fukuoka.jp, 0
 onomichi.hiroshima.jp, 0
 ontario.museum, 0
+onthewifi.com, 4
 onyourside, 0
 ookuwa.nagano.jp, 0
 ooo, 0
@@ -5477,6 +5555,8 @@ pf, 0
 pfizer, 0
 pg, 2
 pg.it, 0
+pgafan.net, 4
+pgfog.com, 4
 ph, 0
 pharmacien.fr, 0
 pharmaciens.km, 0
@@ -5504,6 +5584,7 @@ piemonte.it, 0
 pila.pl, 0
 pilot.aero, 0
 pilots.museum, 0
+pimienta.org, 4
 pin, 0
 pinb.gov.pl, 0
 ping, 0
@@ -5545,6 +5626,9 @@ podlasie.pl, 0
 podzone.net, 4
 podzone.org, 4
 pohl, 0
+point2this.com, 4
+pointto.us, 4
+poivron.org, 4
 poker, 0
 pokrovsk.su, 0
 pol.dz, 0
@@ -5567,6 +5651,7 @@ portland.museum, 0
 portlligat.museum, 0
 post, 0
 posts-and-telecommunications.museum, 0
+potager.org, 4
 potenza.it, 0
 powiat.pl, 0
 poznan.pl, 4
@@ -5604,6 +5689,7 @@ priv.hu, 0
 priv.me, 0
 priv.no, 0
 priv.pl, 0
+privatizehealthinsurance.net, 4
 pro, 0
 pro.az, 0
 pro.br, 0
@@ -5674,6 +5760,7 @@ qsl.br, 0
 quebec, 0
 quebec.museum, 0
 quest, 0
+quicksytes.com, 4
 qvc, 0
 r.bg, 0
 r.cdn77.net, 4
@@ -5707,9 +5794,11 @@ re, 0
 re.it, 0
 re.kr, 0
 read, 0
+read-books.org, 4
 readmyblog.org, 4
 realestate, 0
 realestate.pl, 0
+realm.cz, 4
 realtor, 0
 realty, 0
 rebun.hokkaido.jp, 0
@@ -5723,6 +5812,7 @@ recipes, 0
 recreation.aero, 0
 red, 0
 red.sv, 0
+redirectme.net, 4
 redstone, 0
 redumbrella, 0
 reg.dk, 4
@@ -5824,7 +5914,6 @@ rovno.ua, 0
 royken.no, 0
 royrvik.no, 0
 rs, 0
-rs.ba, 0
 rsc.cdn77.org, 4
 rsvp, 0
 ru, 0
@@ -6056,6 +6145,7 @@ sebastopol.ua, 0
 sec.ps, 0
 secure, 0
 security, 0
+securitytactics.com, 4
 seek, 0
 seihi.nagasaki.jp, 0
 seika.kyoto.jp, 0
@@ -6091,9 +6181,25 @@ seranishi.hiroshima.jp, 0
 servebbs.com, 4
 servebbs.net, 4
 servebbs.org, 4
+servebeer.com, 4
+serveblog.net, 4
+servecounterstrike.com, 4
+serveexchange.com, 4
+serveftp.com, 4
 serveftp.net, 4
 serveftp.org, 4
+servegame.com, 4
 servegame.org, 4
+servehalflife.com, 4
+servehttp.com, 4
+servehumour.com, 4
+serveirc.com, 4
+serveminecraft.net, 4
+servemp3.com, 4
+servep2p.com, 4
+servepics.com, 4
+servequake.com, 4
+servesarcasm.com, 4
 service.gov.uk, 4
 services, 0
 services.aero, 0
@@ -6353,6 +6459,7 @@ sp.it, 0
 space, 0
 space-to-rent.com, 4
 space.museum, 0
+spacekit.io, 4
 spb.ru, 0
 spb.su, 0
 spiegel, 0
@@ -6430,6 +6537,7 @@ studio, 0
 study, 0
 stuff-4-sale.org, 4
 stuff-4-sale.us, 4
+stufftoread.com, 4
 stuttgart.museum, 0
 stv.ru, 0
 style, 0
@@ -6481,6 +6589,7 @@ svelvik.no, 0
 svizzera.museum, 0
 swatch, 0
 sweden.museum, 0
+sweetpepper.org, 4
 swidnica.pl, 0
 swiebodzin.pl, 0
 swiftcover, 0
@@ -6495,6 +6604,7 @@ sykkylven.no, 0
 symantec, 0
 synology.me, 4
 systems, 0
+sytes.net, 4
 syzran.ru, 0
 sz, 0
 szczecin.pl, 0
@@ -6906,6 +7016,7 @@ tui, 0
 tula.ru, 0
 tula.su, 0
 tunes, 0
+tunk.org, 4
 tur.ar, 0
 tur.br, 0
 turek.pl, 0
@@ -6916,6 +7027,7 @@ tuscany.it, 0
 tushu, 0
 tuva.ru, 0
 tuva.su, 0
+tuxfamily.org, 4
 tv, 0
 tv.bb, 0
 tv.bo, 0
@@ -6960,6 +7072,7 @@ udono.mie.jp, 0
 ueda.nagano.jp, 0
 ueno.gunma.jp, 0
 uenohara.yamanashi.jp, 0
+ufcfan.org, 4
 ug, 0
 ug.gov.pl, 0
 ugim.gov.pl, 0
@@ -6986,7 +7099,6 @@ umbria.it, 0
 umi.fukuoka.jp, 0
 umig.gov.pl, 0
 unazuki.toyama.jp, 0
-unbi.ba, 0
 undersea.museum, 0
 unicom, 0
 union.aero, 0
@@ -6996,7 +7108,7 @@ university.museum, 0
 unjarga.no, 0
 unnan.shimane.jp, 0
 uno, 0
-unsa.ba, 0
+unusualperson.com, 4
 unzen.nagasaki.jp, 0
 uol, 0
 uonuma.niigata.jp, 0
@@ -7017,6 +7129,8 @@ urn.arpa, 0
 uruma.okinawa.jp, 0
 uryu.hokkaido.jp, 0
 us, 0
+us-1.evennode.com, 4
+us-2.evennode.com, 4
 us-east-1.amazonaws.com, 4
 us-gov-west-1.compute.amazonaws.com, 4
 us-west-1.compute.amazonaws.com, 4
@@ -7162,6 +7276,7 @@ vipsinaapp.com, 4
 virgin, 0
 virginia.museum, 0
 virtual.museum, 0
+virtueeldomein.nl, 4
 virtuel.museum, 0
 visa, 0
 vision, 0
@@ -7263,6 +7378,7 @@ webcam, 0
 weber, 0
 webhop.biz, 4
 webhop.info, 4
+webhop.me, 4
 webhop.net, 4
 webhop.org, 4
 website, 0
@@ -7306,6 +7422,7 @@ wolterskluwer, 0
 woodside, 0
 work, 0
 workinggroup.aero, 0
+workisboring.com, 4
 works, 0
 works.aero, 0
 workshop.museum, 0
@@ -7889,6 +8006,7 @@ zao.miyagi.jp, 0
 zaporizhzhe.ua, 0
 zaporizhzhia.ua, 0
 zappos, 0
+zapto.org, 4
 zara, 0
 zarow.pl, 0
 zentsuji.kagawa.jp, 0
diff --git a/chromium/net/base/sdch_dictionary.h b/chromium/net/base/sdch_dictionary.h
index fcbecdc4862..c2fb7c87bf9 100644
--- a/chromium/net/base/sdch_dictionary.h
+++ b/chromium/net/base/sdch_dictionary.h
@@ -7,11 +7,11 @@
 
 #include <stddef.h>
 
+#include <memory>
 #include <set>
 #include <string>
 
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/time/time.h"
 #include "net/base/net_export.h"
 #include "net/base/sdch_problem_codes.h"
diff --git a/chromium/net/base/sdch_manager.cc b/chromium/net/base/sdch_manager.cc
index 435977237d8..c409bd6726d 100644
--- a/chromium/net/base/sdch_manager.cc
+++ b/chromium/net/base/sdch_manager.cc
@@ -231,13 +231,13 @@ SdchProblemCode SdchManager::CanFetchDictionary(
   return SDCH_OK;
 }
 
-scoped_ptr<SdchManager::DictionarySet>
-SdchManager::GetDictionarySet(const GURL& target_url) {
+std::unique_ptr<SdchManager::DictionarySet> SdchManager::GetDictionarySet(
+    const GURL& target_url) {
   if (IsInSupportedDomain(target_url) != SDCH_OK)
     return NULL;
 
   int count = 0;
-  scoped_ptr<SdchManager::DictionarySet> result(new DictionarySet);
+  std::unique_ptr<SdchManager::DictionarySet> result(new DictionarySet);
   for (const auto& entry: dictionaries_) {
     if (entry.second->data.CanUse(target_url) != SDCH_OK)
       continue;
@@ -255,12 +255,11 @@ SdchManager::GetDictionarySet(const GURL& target_url) {
   return result;
 }
 
-scoped_ptr<SdchManager::DictionarySet>
-SdchManager::GetDictionarySetByHash(
+std::unique_ptr<SdchManager::DictionarySet> SdchManager::GetDictionarySetByHash(
     const GURL& target_url,
     const std::string& server_hash,
     SdchProblemCode* problem_code) {
-  scoped_ptr<SdchManager::DictionarySet> result;
+  std::unique_ptr<SdchManager::DictionarySet> result;
 
   *problem_code = SDCH_DICTIONARY_HASH_NOT_FOUND;
   const auto& it = dictionaries_.find(server_hash);
@@ -376,13 +375,22 @@ SdchProblemCode SdchManager::AddSdchDictionary(
         if (value != "1.0")
           return SDCH_DICTIONARY_UNSUPPORTED_VERSION;
       } else if (name == "max-age") {
-        int64_t seconds;
-        // TODO(eroman): crbug.com/596541 -- should not accept a leading +.
-        base::StringToInt64(value, &seconds);
-        expiration = base::Time::Now() + base::TimeDelta::FromSeconds(seconds);
+        // max-age must be a non-negative number. If it is very large saturate
+        // to 2^32 - 1. If it is invalid then treat it as expired.
+        // TODO(eroman): crbug.com/602691 be stricter on failure.
+        uint32_t seconds = std::numeric_limits<uint32_t>::max();
+        ParseIntError parse_int_error;
+        if (ParseUint32(value, &seconds, &parse_int_error) ||
+            parse_int_error == ParseIntError::FAILED_OVERFLOW) {
+          expiration =
+              base::Time::Now() + base::TimeDelta::FromSeconds(seconds);
+        } else {
+          expiration = base::Time();
+        }
       } else if (name == "port") {
+        // TODO(eroman): crbug.com/602691 be stricter on failure.
         int port;
-        if (ParseNonNegativeDecimalInt(value, &port))
+        if (ParseInt32(value, ParseIntFormat::NON_NEGATIVE, &port))
           ports.insert(port);
       }
     }
@@ -434,24 +442,25 @@ SdchProblemCode SdchManager::RemoveSdchDictionary(
 }
 
 // static
-scoped_ptr<SdchManager::DictionarySet>
+std::unique_ptr<SdchManager::DictionarySet>
 SdchManager::CreateEmptyDictionarySetForTesting() {
-  return scoped_ptr<DictionarySet>(new DictionarySet);
+  return std::unique_ptr<DictionarySet>(new DictionarySet);
 }
 
-scoped_ptr<base::Value> SdchManager::SdchInfoToValue() const {
-  scoped_ptr<base::DictionaryValue> value(new base::DictionaryValue());
+std::unique_ptr<base::Value> SdchManager::SdchInfoToValue() const {
+  std::unique_ptr<base::DictionaryValue> value(new base::DictionaryValue());
 
   value->SetBoolean("sdch_enabled", true);
 
-  scoped_ptr<base::ListValue> entry_list(new base::ListValue());
+  std::unique_ptr<base::ListValue> entry_list(new base::ListValue());
   for (const auto& entry: dictionaries_) {
-    scoped_ptr<base::DictionaryValue> entry_dict(new base::DictionaryValue());
+    std::unique_ptr<base::DictionaryValue> entry_dict(
+        new base::DictionaryValue());
     entry_dict->SetString("url", entry.second->data.url().spec());
     entry_dict->SetString("client_hash", entry.second->data.client_hash());
     entry_dict->SetString("domain", entry.second->data.domain());
     entry_dict->SetString("path", entry.second->data.path());
-    scoped_ptr<base::ListValue> port_list(new base::ListValue());
+    std::unique_ptr<base::ListValue> port_list(new base::ListValue());
     for (std::set<int>::const_iterator port_it =
              entry.second->data.ports().begin();
          port_it != entry.second->data.ports().end(); ++port_it) {
@@ -468,7 +477,8 @@ scoped_ptr<base::Value> SdchManager::SdchInfoToValue() const {
        it != blacklisted_domains_.end(); ++it) {
     if (it->second.count == 0)
       continue;
-    scoped_ptr<base::DictionaryValue> entry_dict(new base::DictionaryValue());
+    std::unique_ptr<base::DictionaryValue> entry_dict(
+        new base::DictionaryValue());
     entry_dict->SetString("domain", it->first);
     if (it->second.count != INT_MAX)
       entry_dict->SetInteger("tries", it->second.count);
diff --git a/chromium/net/base/sdch_manager.h b/chromium/net/base/sdch_manager.h
index b06bfeffb9f..90518f669d9 100644
--- a/chromium/net/base/sdch_manager.h
+++ b/chromium/net/base/sdch_manager.h
@@ -14,13 +14,13 @@
 #define NET_BASE_SDCH_MANAGER_H_
 
 #include <map>
+#include <memory>
 #include <set>
 #include <string>
 #include <vector>
 
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/observer_list.h"
 #include "base/threading/thread_checker.h"
 #include "net/base/net_export.h"
@@ -146,7 +146,7 @@ class NET_EXPORT SdchManager {
   // for encoding responses for the given URL. The return set will not
   // include expired dictionaries. If no dictionaries
   // are appropriate to use with the target_url, NULL is returned.
-  scoped_ptr<DictionarySet> GetDictionarySet(const GURL& target_url);
+  std::unique_ptr<DictionarySet> GetDictionarySet(const GURL& target_url);
 
   // Get a handle to a specific dictionary, by its server hash, confirming
   // that that specific dictionary is appropriate to use with |target_url|.
@@ -154,7 +154,7 @@ class NET_EXPORT SdchManager {
   // hash exists that is usable with |target_url|, NULL is returned.
   // If there is a usability problem, |*error_code| is set to the
   // appropriate problem code.
-  scoped_ptr<DictionarySet> GetDictionarySetByHash(
+  std::unique_ptr<DictionarySet> GetDictionarySetByHash(
       const GURL& target_url,
       const std::string& server_hash,
       SdchProblemCode* problem_code);
@@ -173,7 +173,7 @@ class NET_EXPORT SdchManager {
 
   void SetAllowLatencyExperiment(const GURL& url, bool enable);
 
-  scoped_ptr<base::Value> SdchInfoToValue() const;
+  std::unique_ptr<base::Value> SdchInfoToValue() const;
 
   // Add an SDCH dictionary to our list of availible
   // dictionaries. This addition will fail if addition is illegal
@@ -194,7 +194,7 @@ class NET_EXPORT SdchManager {
   void AddObserver(SdchObserver* observer);
   void RemoveObserver(SdchObserver* observer);
 
-  static scoped_ptr<DictionarySet> CreateEmptyDictionarySetForTesting();
+  static std::unique_ptr<DictionarySet> CreateEmptyDictionarySetForTesting();
 
  private:
   struct BlacklistInfo {
diff --git a/chromium/net/base/sdch_manager_unittest.cc b/chromium/net/base/sdch_manager_unittest.cc
index 6ae186f090f..e910f111622 100644
--- a/chromium/net/base/sdch_manager_unittest.cc
+++ b/chromium/net/base/sdch_manager_unittest.cc
@@ -2,16 +2,17 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "net/base/sdch_manager.h"
+
 #include <limits.h>
 
+#include <memory>
 #include <string>
 
 #include "base/logging.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/stringprintf.h"
 #include "base/test/simple_test_clock.h"
-#include "net/base/sdch_manager.h"
 #include "net/base/sdch_observer.h"
 #include "net/log/net_log.h"
 #include "testing/gtest/include/gtest/gtest.h"
@@ -116,7 +117,7 @@ class SdchManagerTest : public testing::Test {
   }
 
  private:
-  scoped_ptr<SdchManager> sdch_manager_;
+  std::unique_ptr<SdchManager> sdch_manager_;
 };
 
 static std::string NewSdchDictionary(const std::string& domain) {
@@ -266,9 +267,9 @@ TEST_F(SdchManagerTest, CanUseHTTPSDictionaryOverHTTPSIfEnabled) {
   std::string server_hash;
   sdch_manager()->GenerateHash(dictionary_text, &client_hash, &server_hash);
   SdchProblemCode problem_code;
-  scoped_ptr<SdchManager::DictionarySet> dict_set(
-      sdch_manager()->GetDictionarySetByHash(
-          target_url, server_hash, &problem_code));
+  std::unique_ptr<SdchManager::DictionarySet> dict_set(
+      sdch_manager()->GetDictionarySetByHash(target_url, server_hash,
+                                             &problem_code));
   EXPECT_EQ(SDCH_OK, problem_code);
   EXPECT_TRUE(dict_set.get());
   EXPECT_TRUE(dict_set->GetDictionaryText(server_hash));
@@ -290,9 +291,9 @@ TEST_F(SdchManagerTest, CanNotUseHTTPDictionaryOverHTTPS) {
   std::string server_hash;
   sdch_manager()->GenerateHash(dictionary_text, &client_hash, &server_hash);
   SdchProblemCode problem_code;
-  scoped_ptr<SdchManager::DictionarySet> dict_set(
-      sdch_manager()->GetDictionarySetByHash(
-          target_url, server_hash, &problem_code));
+  std::unique_ptr<SdchManager::DictionarySet> dict_set(
+      sdch_manager()->GetDictionarySetByHash(target_url, server_hash,
+                                             &problem_code));
   EXPECT_FALSE(dict_set.get());
   EXPECT_EQ(SDCH_DICTIONARY_FOUND_HAS_WRONG_SCHEME, problem_code);
 }
@@ -313,9 +314,9 @@ TEST_F(SdchManagerTest, CanNotUseHTTPSDictionaryOverHTTP) {
   std::string server_hash;
   sdch_manager()->GenerateHash(dictionary_text, &client_hash, &server_hash);
   SdchProblemCode problem_code;
-  scoped_ptr<SdchManager::DictionarySet> dict_set(
-      sdch_manager()->GetDictionarySetByHash(
-          target_url, server_hash, &problem_code));
+  std::unique_ptr<SdchManager::DictionarySet> dict_set(
+      sdch_manager()->GetDictionarySetByHash(target_url, server_hash,
+                                             &problem_code));
   EXPECT_FALSE(dict_set.get());
   EXPECT_EQ(SDCH_DICTIONARY_FOUND_HAS_WRONG_SCHEME, problem_code);
 }
@@ -465,7 +466,7 @@ TEST_F(SdchManagerTest, CanUseMultipleManagers) {
   // can't get them from the other.
   EXPECT_TRUE(AddSdchDictionary(dictionary_text_1,
                                 GURL("http://" + dictionary_domain_1)));
-  scoped_ptr<SdchManager::DictionarySet> dict_set;
+  std::unique_ptr<SdchManager::DictionarySet> dict_set;
 
   SdchProblemCode problem_code;
   dict_set = sdch_manager()->GetDictionarySetByHash(
@@ -510,7 +511,7 @@ TEST_F(SdchManagerTest, ClearDictionaryData) {
   EXPECT_TRUE(AddSdchDictionary(dictionary_text,
                                 GURL("http://" + dictionary_domain)));
 
-  scoped_ptr<SdchManager::DictionarySet> dict_set;
+  std::unique_ptr<SdchManager::DictionarySet> dict_set;
 
   SdchProblemCode problem_code;
   dict_set = sdch_manager()->GetDictionarySetByHash(
@@ -556,6 +557,10 @@ TEST_F(SdchManagerTest, GetDictionaryNotification) {
 TEST_F(SdchManagerTest, ExpirationCheckedProperly) {
   // Create an SDCH dictionary with an expiration time in the past.
   std::string dictionary_domain("x.y.z.google.com");
+  // TODO(eroman): "max-age: -1" is invalid -- it is not a valid production of
+  // delta-seconds (1*DIGIT). This test works because currently an invalid
+  // max-age results in the dictionary being considered expired on loading
+  // (crbug.com/602691)
   std::string dictionary_text(base::StringPrintf("Domain: %s\nMax-age: -1\n\n",
                                                  dictionary_domain.c_str()));
   dictionary_text.append(
@@ -568,7 +573,7 @@ TEST_F(SdchManagerTest, ExpirationCheckedProperly) {
 
   // It should be visible if looked up by hash whether expired or not.
   SdchProblemCode problem_code;
-  scoped_ptr<SdchManager::DictionarySet> hash_set(
+  std::unique_ptr<SdchManager::DictionarySet> hash_set(
       sdch_manager()->GetDictionarySetByHash(target_gurl, server_hash,
                                              &problem_code));
   ASSERT_TRUE(hash_set);
diff --git a/chromium/net/base/sdch_net_log_params.cc b/chromium/net/base/sdch_net_log_params.cc
index c8027427d3a..92009f3974e 100644
--- a/chromium/net/base/sdch_net_log_params.cc
+++ b/chromium/net/base/sdch_net_log_params.cc
@@ -12,21 +12,21 @@
 
 namespace net {
 
-scoped_ptr<base::Value> NetLogSdchResourceProblemCallback(
+std::unique_ptr<base::Value> NetLogSdchResourceProblemCallback(
     SdchProblemCode problem,
     NetLogCaptureMode capture_mode) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetInteger("sdch_problem_code", problem);
   dict->SetInteger("net_error", ERR_FAILED);
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogSdchDictionaryFetchProblemCallback(
+std::unique_ptr<base::Value> NetLogSdchDictionaryFetchProblemCallback(
     SdchProblemCode problem,
     const GURL& url,
     bool is_error,
     NetLogCaptureMode capture_mode) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetInteger("sdch_problem_code", problem);
   dict->SetString("dictionary_url", url.spec());
   if (is_error)
diff --git a/chromium/net/base/sdch_net_log_params.h b/chromium/net/base/sdch_net_log_params.h
index dca7463e80f..fb546122226 100644
--- a/chromium/net/base/sdch_net_log_params.h
+++ b/chromium/net/base/sdch_net_log_params.h
@@ -15,17 +15,17 @@ class GURL;
 
 namespace net {
 
-NET_EXPORT scoped_ptr<base::Value> NetLogSdchResourceProblemCallback(
+NET_EXPORT std::unique_ptr<base::Value> NetLogSdchResourceProblemCallback(
     SdchProblemCode problem,
     NetLogCaptureMode capture_mode);
 
 // If |is_error| is false, "net_error" field won't be added to the JSON and the
 // event won't be painted red in the netlog.
-NET_EXPORT scoped_ptr<base::Value> NetLogSdchDictionaryFetchProblemCallback(
-    SdchProblemCode problem,
-    const GURL& url,
-    bool is_error,
-    NetLogCaptureMode capture_mode);
+NET_EXPORT std::unique_ptr<base::Value>
+NetLogSdchDictionaryFetchProblemCallback(SdchProblemCode problem,
+                                         const GURL& url,
+                                         bool is_error,
+                                         NetLogCaptureMode capture_mode);
 
 }  // namespace net
 
diff --git a/chromium/net/base/test_completion_callback.h b/chromium/net/base/test_completion_callback.h
index 631dc5c2c79..b6de351c54a 100644
--- a/chromium/net/base/test_completion_callback.h
+++ b/chromium/net/base/test_completion_callback.h
@@ -7,10 +7,11 @@
 
 #include <stdint.h>
 
+#include <memory>
+
 #include "base/callback.h"
 #include "base/compiler_specific.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/completion_callback.h"
 #include "net/base/net_errors.h"
 
@@ -51,7 +52,7 @@ class TestCompletionCallbackBaseInternal {
  private:
   // RunLoop.  Only non-NULL during the call to WaitForResult, so the class is
   // reusable.
-  scoped_ptr<base::RunLoop> run_loop_;
+  std::unique_ptr<base::RunLoop> run_loop_;
   bool have_result_;
 
   DISALLOW_COPY_AND_ASSIGN(TestCompletionCallbackBaseInternal);
diff --git a/chromium/net/base/unescape_url_component_fuzzer.options b/chromium/net/base/unescape_url_component_fuzzer.options
deleted file mode 100644
index 0428c8efba2..00000000000
--- a/chromium/net/base/unescape_url_component_fuzzer.options
+++ /dev/null
@@ -1,2 +0,0 @@
-[libfuzzer]
-max_len = random(1, 2048)
-\ No newline at end of file
diff --git a/chromium/net/base/upload_bytes_element_reader_unittest.cc b/chromium/net/base/upload_bytes_element_reader_unittest.cc
index 1dce3fb5c77..59bd1eae899 100644
--- a/chromium/net/base/upload_bytes_element_reader_unittest.cc
+++ b/chromium/net/base/upload_bytes_element_reader_unittest.cc
@@ -4,7 +4,8 @@
 
 #include "net/base/upload_bytes_element_reader.h"
 
-#include "base/memory/scoped_ptr.h"
+#include <memory>
+
 #include "net/base/io_buffer.h"
 #include "net/base/net_errors.h"
 #include "testing/gtest/include/gtest/gtest.h"
@@ -25,7 +26,7 @@ class UploadBytesElementReaderTest : public PlatformTest {
   }
 
   std::vector<char> bytes_;
-  scoped_ptr<UploadElementReader> reader_;
+  std::unique_ptr<UploadElementReader> reader_;
 };
 
 TEST_F(UploadBytesElementReaderTest, ReadPartially) {
diff --git a/chromium/net/base/upload_data_stream.cc b/chromium/net/base/upload_data_stream.cc
index 23c760ea0a4..a7542778ff5 100644
--- a/chromium/net/base/upload_data_stream.cc
+++ b/chromium/net/base/upload_data_stream.cc
@@ -88,7 +88,7 @@ bool UploadDataStream::IsInMemory() const {
   return false;
 }
 
-const std::vector<scoped_ptr<UploadElementReader>>*
+const std::vector<std::unique_ptr<UploadElementReader>>*
 UploadDataStream::GetElementReaders() const {
   return NULL;
 }
diff --git a/chromium/net/base/upload_data_stream.h b/chromium/net/base/upload_data_stream.h
index 2d06b44762d..fbfb32fee26 100644
--- a/chromium/net/base/upload_data_stream.h
+++ b/chromium/net/base/upload_data_stream.h
@@ -7,10 +7,10 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <vector>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/completion_callback.h"
 #include "net/base/net_export.h"
 
@@ -89,7 +89,7 @@ class NET_EXPORT UploadDataStream {
   virtual bool IsInMemory() const;
 
   // Returns a list of element readers owned by |this|, if it has any.
-  virtual const std::vector<scoped_ptr<UploadElementReader>>*
+  virtual const std::vector<std::unique_ptr<UploadElementReader>>*
   GetElementReaders() const;
 
  protected:
diff --git a/chromium/net/base/upload_file_element_reader.h b/chromium/net/base/upload_file_element_reader.h
index f246553d421..0297d8e2258 100644
--- a/chromium/net/base/upload_file_element_reader.h
+++ b/chromium/net/base/upload_file_element_reader.h
@@ -7,13 +7,14 @@
 
 #include <stdint.h>
 
+#include <memory>
+
 #include "base/compiler_specific.h"
 #include "base/files/file.h"
 #include "base/files/file_path.h"
 #include "base/gtest_prod_util.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "base/time/time.h"
 #include "net/base/net_export.h"
@@ -84,7 +85,7 @@ class NET_EXPORT UploadFileElementReader : public UploadElementReader {
   const uint64_t range_offset_;
   const uint64_t range_length_;
   const base::Time expected_modification_time_;
-  scoped_ptr<FileStream> file_stream_;
+  std::unique_ptr<FileStream> file_stream_;
   uint64_t content_length_;
   uint64_t bytes_remaining_;
   base::WeakPtrFactory<UploadFileElementReader> weak_ptr_factory_;
diff --git a/chromium/net/base/upload_file_element_reader_unittest.cc b/chromium/net/base/upload_file_element_reader_unittest.cc
index abffc2a6e76..7ad742c9b72 100644
--- a/chromium/net/base/upload_file_element_reader_unittest.cc
+++ b/chromium/net/base/upload_file_element_reader_unittest.cc
@@ -11,7 +11,7 @@
 #include "base/files/file_util.h"
 #include "base/files/scoped_temp_dir.h"
 #include "base/run_loop.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/io_buffer.h"
 #include "net/base/net_errors.h"
 #include "net/base/test_completion_callback.h"
@@ -53,7 +53,7 @@ class UploadFileElementReaderTest : public PlatformTest {
   }
 
   std::vector<char> bytes_;
-  scoped_ptr<UploadElementReader> reader_;
+  std::unique_ptr<UploadElementReader> reader_;
   base::ScopedTempDir temp_dir_;
   base::FilePath temp_file_path_;
 };
diff --git a/chromium/net/cert/cert_database.h b/chromium/net/cert/cert_database.h
index 8b9b82e0d64..873a7c7c9cb 100644
--- a/chromium/net/cert/cert_database.h
+++ b/chromium/net/cert/cert_database.h
@@ -5,9 +5,10 @@
 #ifndef NET_CERT_CERT_DATABASE_H_
 #define NET_CERT_CERT_DATABASE_H_
 
+#include <memory>
+
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 #include "net/cert/x509_certificate.h"
 
@@ -115,7 +116,7 @@ class NET_EXPORT CertDatabase {
 #if defined(OS_MACOSX) && !defined(OS_IOS)
   class Notifier;
   friend class Notifier;
-  scoped_ptr<Notifier> notifier_;
+  std::unique_ptr<Notifier> notifier_;
 #endif
 
   DISALLOW_COPY_AND_ASSIGN(CertDatabase);
diff --git a/chromium/net/cert/cert_net_fetcher.h b/chromium/net/cert/cert_net_fetcher.h
index afe878e2a03..f8344702bea 100644
--- a/chromium/net/cert/cert_net_fetcher.h
+++ b/chromium/net/cert/cert_net_fetcher.h
@@ -7,6 +7,7 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <vector>
 
 #include "base/callback.h"
@@ -82,19 +83,19 @@ class NET_EXPORT CertNetFetcher {
   //     pass DEFAULT.
   //   * callback -- The callback that will be invoked on completion of the job.
 
-  virtual WARN_UNUSED_RESULT scoped_ptr<Request> FetchCaIssuers(
+  virtual WARN_UNUSED_RESULT std::unique_ptr<Request> FetchCaIssuers(
       const GURL& url,
       int timeout_milliseconds,
       int max_response_bytes,
       const FetchCallback& callback) = 0;
 
-  virtual WARN_UNUSED_RESULT scoped_ptr<Request> FetchCrl(
+  virtual WARN_UNUSED_RESULT std::unique_ptr<Request> FetchCrl(
       const GURL& url,
       int timeout_milliseconds,
       int max_response_bytes,
       const FetchCallback& callback) = 0;
 
-  virtual WARN_UNUSED_RESULT scoped_ptr<Request> FetchOcsp(
+  virtual WARN_UNUSED_RESULT std::unique_ptr<Request> FetchOcsp(
       const GURL& url,
       int timeout_milliseconds,
       int max_response_bytes,
diff --git a/chromium/net/cert/cert_verifier.cc b/chromium/net/cert/cert_verifier.cc
index 79bd0ef6bec..054edb561ff 100644
--- a/chromium/net/cert/cert_verifier.cc
+++ b/chromium/net/cert/cert_verifier.cc
@@ -4,6 +4,9 @@
 
 #include "net/cert/cert_verifier.h"
 
+#include <memory>
+
+#include "base/memory/ptr_util.h"
 #include "build/build_config.h"
 #include "net/cert/cert_verify_proc.h"
 
@@ -19,12 +22,12 @@ bool CertVerifier::SupportsOCSPStapling() {
   return false;
 }
 
-scoped_ptr<CertVerifier> CertVerifier::CreateDefault() {
+std::unique_ptr<CertVerifier> CertVerifier::CreateDefault() {
 #if defined(OS_NACL)
   NOTIMPLEMENTED();
-  return scoped_ptr<CertVerifier>();
+  return std::unique_ptr<CertVerifier>();
 #else
-  return make_scoped_ptr(
+  return base::WrapUnique(
       new MultiThreadedCertVerifier(CertVerifyProc::CreateDefault()));
 #endif
 }
diff --git a/chromium/net/cert/cert_verifier.h b/chromium/net/cert/cert_verifier.h
index 64f4a86ac91..26ee988355a 100644
--- a/chromium/net/cert/cert_verifier.h
+++ b/chromium/net/cert/cert_verifier.h
@@ -5,10 +5,10 @@
 #ifndef NET_CERT_CERT_VERIFIER_H_
 #define NET_CERT_CERT_VERIFIER_H_
 
+#include <memory>
 #include <string>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/completion_callback.h"
 #include "net/base/net_export.h"
 
@@ -121,7 +121,7 @@ class NET_EXPORT CertVerifier {
                      CRLSet* crl_set,
                      CertVerifyResult* verify_result,
                      const CompletionCallback& callback,
-                     scoped_ptr<Request>* out_req,
+                     std::unique_ptr<Request>* out_req,
                      const BoundNetLog& net_log) = 0;
 
   // Returns true if this CertVerifier supports stapled OCSP responses.
@@ -129,7 +129,7 @@ class NET_EXPORT CertVerifier {
 
   // Creates a CertVerifier implementation that verifies certificates using
   // the preferred underlying cryptographic libraries.
-  static scoped_ptr<CertVerifier> CreateDefault();
+  static std::unique_ptr<CertVerifier> CreateDefault();
 };
 
 }  // namespace net
diff --git a/chromium/net/cert/cert_verify_proc.cc b/chromium/net/cert/cert_verify_proc.cc
index 9c8267de69e..49a170d3cb5 100644
--- a/chromium/net/cert/cert_verify_proc.cc
+++ b/chromium/net/cert/cert_verify_proc.cc
@@ -26,7 +26,7 @@
 #include "net/cert/x509_certificate.h"
 #include "url/url_canon.h"
 
-#if defined(USE_NSS_VERIFIER)
+#if defined(USE_NSS_CERTS)
 #include "net/cert/cert_verify_proc_nss.h"
 #elif defined(USE_OPENSSL_CERTS) && !defined(OS_ANDROID)
 #include "net/cert/cert_verify_proc_openssl.h"
@@ -205,7 +205,7 @@ struct HashToArrayComparator {
 
 // static
 CertVerifyProc* CertVerifyProc::CreateDefault() {
-#if defined(USE_NSS_VERIFIER)
+#if defined(USE_NSS_CERTS)
   return new CertVerifyProcNSS();
 #elif defined(USE_OPENSSL_CERTS) && !defined(OS_ANDROID)
   return new CertVerifyProcOpenSSL();
diff --git a/chromium/net/cert/cert_verify_proc_ios.cc b/chromium/net/cert/cert_verify_proc_ios.cc
index 5f2884f8a84..017d84b7664 100644
--- a/chromium/net/cert/cert_verify_proc_ios.cc
+++ b/chromium/net/cert/cert_verify_proc_ios.cc
@@ -140,6 +140,12 @@ void GetCertChainInfo(CFArrayRef cert_chain, CertVerifyResult* verify_result) {
     CC_SHA256(spki_bytes.data(), spki_bytes.size(), sha256.data());
     verify_result->public_key_hashes.push_back(sha256);
 
+    // Ignore the signature algorithm for the trust anchor.
+    if ((verify_result->cert_status & CERT_STATUS_AUTHORITY_INVALID) == 0 &&
+        i == count - 1) {
+      continue;
+    }
+
     int sig_alg = OBJ_obj2nid(x509_cert->sig_alg->algorithm);
     if (sig_alg == NID_md2WithRSAEncryption) {
       verify_result->has_md2 = true;
@@ -166,6 +172,62 @@ void GetCertChainInfo(CFArrayRef cert_chain, CertVerifyResult* verify_result) {
       X509Certificate::CreateFromHandle(verified_cert, verified_chain);
 }
 
+// The iOS APIs don't expose an API-stable set of reasons for certificate
+// validation failures. However, internally, the reason is tracked, and it's
+// converted to user-facing localized strings.
+//
+// In the absence of a consistent API, convert the English strings to their
+// localized counterpart, and then compare that with the error properties. If
+// they're equal, it's a strong sign that this was the cause for the error.
+// While this will break if/when iOS changes the contents of these strings,
+// it's sufficient enough for now.
+//
+// TODO(rsleevi): https://crbug.com/601915 - Use a less brittle solution when
+// possible.
+CertStatus GetFailureFromTrustProperties(CFArrayRef properties) {
+  CertStatus reason = 0;
+
+  if (!properties)
+    return CERT_STATUS_INVALID;
+
+  const CFIndex properties_length = CFArrayGetCount(properties);
+  if (properties_length == 0)
+    return CERT_STATUS_INVALID;
+
+  CFBundleRef bundle =
+      CFBundleGetBundleWithIdentifier(CFSTR("com.apple.Security"));
+  CFStringRef date_string =
+      CFSTR("One or more certificates have expired or are not valid yet.");
+  ScopedCFTypeRef<CFStringRef> date_error(CFBundleCopyLocalizedString(
+      bundle, date_string, date_string, CFSTR("SecCertificate")));
+  CFStringRef trust_string = CFSTR("Root certificate is not trusted.");
+  ScopedCFTypeRef<CFStringRef> trust_error(CFBundleCopyLocalizedString(
+      bundle, trust_string, trust_string, CFSTR("SecCertificate")));
+  CFStringRef weak_string =
+      CFSTR("One or more certificates is using a weak key size.");
+  ScopedCFTypeRef<CFStringRef> weak_error(CFBundleCopyLocalizedString(
+      bundle, weak_string, weak_string, CFSTR("SecCertificate")));
+
+  for (CFIndex i = 0; i < properties_length; ++i) {
+    CFDictionaryRef dict = reinterpret_cast<CFDictionaryRef>(
+        const_cast<void*>(CFArrayGetValueAtIndex(properties, i)));
+    CFStringRef error = reinterpret_cast<CFStringRef>(
+        const_cast<void*>(CFDictionaryGetValue(dict, CFSTR("value"))));
+
+    if (CFEqual(error, date_error)) {
+      reason |= CERT_STATUS_DATE_INVALID;
+    } else if (CFEqual(error, trust_error)) {
+      reason |= CERT_STATUS_AUTHORITY_INVALID;
+    } else if (CFEqual(error, weak_error)) {
+      reason |= CERT_STATUS_WEAK_KEY;
+    } else {
+      reason |= CERT_STATUS_INVALID;
+    }
+  }
+
+  return reason;
+}
+
 }  // namespace
 
 CertVerifyProcIOS::CertVerifyProcIOS() {}
@@ -207,21 +269,21 @@ int CertVerifyProcIOS::VerifyInternal(
   if (CFArrayGetCount(final_chain) == 0)
     return ERR_FAILED;
 
-  GetCertChainInfo(final_chain, verify_result);
-
   // TODO(sleevi): Support CRLSet revocation.
-  // TODO(svaldez): Add specific error codes for trust errors resulting from
-  // expired/not-yet-valid certs.
   switch (trust_result) {
     case kSecTrustResultUnspecified:
     case kSecTrustResultProceed:
       break;
     case kSecTrustResultDeny:
       verify_result->cert_status |= CERT_STATUS_AUTHORITY_INVALID;
+      break;
     default:
-      verify_result->cert_status |= CERT_STATUS_INVALID;
+      CFArrayRef properties = SecTrustCopyProperties(trust_ref);
+      verify_result->cert_status |= GetFailureFromTrustProperties(properties);
   }
 
+  GetCertChainInfo(final_chain, verify_result);
+
   // Perform hostname verification independent of SecTrustEvaluate.
   if (!verify_result->verified_cert->VerifyNameMatch(
           hostname, &verify_result->common_name_fallback_used)) {
diff --git a/chromium/net/cert/cert_verify_proc_nss.cc b/chromium/net/cert/cert_verify_proc_nss.cc
index cad20b9fa95..aad69ce76bc 100644
--- a/chromium/net/cert/cert_verify_proc_nss.cc
+++ b/chromium/net/cert/cert_verify_proc_nss.cc
@@ -4,9 +4,6 @@
 
 #include "net/cert/cert_verify_proc_nss.h"
 
-#include <string>
-#include <vector>
-
 #include <cert.h>
 #include <nss.h>
 #include <prerror.h>
@@ -14,6 +11,10 @@
 #include <sechash.h>
 #include <sslerr.h>
 
+#include <memory>
+#include <string>
+#include <vector>
+
 #include "base/logging.h"
 #include "base/macros.h"
 #include "build/build_config.h"
@@ -45,15 +46,15 @@ namespace net {
 
 namespace {
 
-typedef scoped_ptr<
+typedef std::unique_ptr<
     CERTCertificatePolicies,
     crypto::NSSDestroyer<CERTCertificatePolicies,
-                         CERT_DestroyCertificatePoliciesExtension> >
+                         CERT_DestroyCertificatePoliciesExtension>>
     ScopedCERTCertificatePolicies;
 
-typedef scoped_ptr<
+typedef std::unique_ptr<
     CERTCertList,
-    crypto::NSSDestroyer<CERTCertList, CERT_DestroyCertList> >
+    crypto::NSSDestroyer<CERTCertList, CERT_DestroyCertList>>
     ScopedCERTCertList;
 
 // ScopedCERTValOutParam manages destruction of values in the CERTValOutParam
diff --git a/chromium/net/cert/cert_verify_proc_unittest.cc b/chromium/net/cert/cert_verify_proc_unittest.cc
index d15b5b1ffc0..ba69033286c 100644
--- a/chromium/net/cert/cert_verify_proc_unittest.cc
+++ b/chromium/net/cert/cert_verify_proc_unittest.cc
@@ -13,6 +13,7 @@
 #include "base/macros.h"
 #include "base/sha1.h"
 #include "base/strings/string_number_conversions.h"
+#include "build/build_config.h"
 #include "crypto/sha2.h"
 #include "net/base/net_errors.h"
 #include "net/base/test_data_directory.h"
@@ -28,9 +29,7 @@
 #include "net/test/test_certificate_data.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
-#if defined(OS_WIN)
-#include "base/win/windows_version.h"
-#elif defined(OS_ANDROID)
+#if defined(OS_ANDROID)
 #include "base/android/build_info.h"
 #endif
 
@@ -103,6 +102,9 @@ bool SupportsDetectingKnownRoots() {
   // the verified certificate chain and detect known roots.
   if (base::android::BuildInfo::GetInstance()->sdk_int() < 17)
     return false;
+#elif defined(OS_IOS)
+  // iOS does not expose the APIs necessary to get the known system roots.
+  return false;
 #endif
   return true;
 }
@@ -200,7 +202,11 @@ TEST_F(CertVerifyProcTest, MAYBE_EVVerification) {
   EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_IS_EV);
 }
 
-TEST_F(CertVerifyProcTest, PaypalNullCertParsing) {
+// TODO(crbug.com/605457): the test expectation was incorrect on some
+// configurations, so disable the test until it is fixed (better to have
+// a bug to track a failing test than a false sense of security due to
+// false positive).
+TEST_F(CertVerifyProcTest, DISABLED_PaypalNullCertParsing) {
   scoped_refptr<X509Certificate> paypal_null_cert(
       X509Certificate::CreateFromBytes(
           reinterpret_cast<const char*>(paypal_null_der),
@@ -221,8 +227,12 @@ TEST_F(CertVerifyProcTest, PaypalNullCertParsing) {
                      NULL,
                      empty_cert_list_,
                      &verify_result);
-#if defined(USE_NSS_VERIFIER) || defined(OS_ANDROID)
+#if defined(USE_NSS_CERTS) || defined(OS_ANDROID)
   EXPECT_EQ(ERR_CERT_COMMON_NAME_INVALID, error);
+#elif defined(OS_IOS) && TARGET_IPHONE_SIMULATOR
+  // iOS returns a ERR_CERT_INVALID error on the simulator, while returning
+  // ERR_CERT_AUTHORITY_INVALID on the real device.
+  EXPECT_EQ(ERR_CERT_INVALID, error);
 #else
   // TOOD(bulach): investigate why macosx and win aren't returning
   // ERR_CERT_INVALID or ERR_CERT_COMMON_NAME_INVALID.
@@ -231,7 +241,7 @@ TEST_F(CertVerifyProcTest, PaypalNullCertParsing) {
   // Either the system crypto library should correctly report a certificate
   // name mismatch, or our certificate blacklist should cause us to report an
   // invalid certificate.
-#if defined(USE_NSS_VERIFIER) || defined(OS_WIN)
+#if defined(USE_NSS_CERTS) || defined(OS_WIN)
   EXPECT_TRUE(verify_result.cert_status &
               (CERT_STATUS_COMMON_NAME_INVALID | CERT_STATUS_INVALID));
 #endif
@@ -277,6 +287,29 @@ TEST_F(CertVerifyProcTest, MAYBE_IntermediateCARequireExplicitPolicy) {
   EXPECT_EQ(0u, verify_result.cert_status);
 }
 
+TEST_F(CertVerifyProcTest, RejectExpiredCert) {
+  base::FilePath certs_dir = GetTestCertsDirectory();
+
+  // Load root_ca_cert.pem into the test root store.
+  ScopedTestRoot test_root(
+      ImportCertFromFile(certs_dir, "root_ca_cert.pem").get());
+
+  CertificateList certs = CreateCertificateListFromFile(
+      certs_dir, "expired_cert.pem", X509Certificate::FORMAT_AUTO);
+  ASSERT_EQ(1U, certs.size());
+
+  X509Certificate::OSCertHandles intermediates;
+  scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromHandle(
+      certs[0]->os_cert_handle(), intermediates);
+
+  int flags = 0;
+  CertVerifyResult verify_result;
+  int error = Verify(cert.get(), "127.0.0.1", flags, NULL, empty_cert_list_,
+                     &verify_result);
+  EXPECT_EQ(ERR_CERT_DATE_INVALID, error);
+  EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_DATE_INVALID);
+}
+
 // Test that verifying an ECDSA certificate doesn't crash on XP. (See
 // crbug.com/144466).
 TEST_F(CertVerifyProcTest, ECDSA_RSA) {
@@ -322,14 +355,7 @@ TEST_F(CertVerifyProcTest, RejectWeakKeys) {
   key_types.push_back("768-rsa");
   key_types.push_back("1024-rsa");
   key_types.push_back("2048-rsa");
-
-  bool use_ecdsa = true;
-#if defined(OS_WIN)
-  use_ecdsa = base::win::GetVersion() > base::win::VERSION_XP;
-#endif
-
-  if (use_ecdsa)
-    key_types.push_back("prime256v1-ecdsa");
+  key_types.push_back("prime256v1-ecdsa");
 
   // Add the root that signed the intermediates for this test.
   scoped_refptr<X509Certificate> root_cert =
@@ -1105,8 +1131,8 @@ TEST_F(CertVerifyProcTest, IsIssuedByKnownRootIgnoresTestRoots) {
   EXPECT_FALSE(verify_result.is_issued_by_known_root);
 }
 
-#if defined(USE_NSS_CERTS) || defined(OS_IOS) || defined(OS_WIN) || \
-    defined(OS_MACOSX)
+#if defined(USE_NSS_CERTS) || defined(OS_WIN) || \
+    (defined(OS_MACOSX) && !defined(OS_IOS))
 // Test that CRLSets are effective in making a certificate appear to be
 // revoked.
 TEST_F(CertVerifyProcTest, CRLSet) {
diff --git a/chromium/net/cert/cert_verify_proc_whitelist.cc b/chromium/net/cert/cert_verify_proc_whitelist.cc
index 3560f102d0e..2f84204ce7c 100644
--- a/chromium/net/cert/cert_verify_proc_whitelist.cc
+++ b/chromium/net/cert/cert_verify_proc_whitelist.cc
@@ -22,10 +22,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0xa0, 0xa8, 0xbb, 0xa5, 0x0a, 0x72, 0xd4, 0xe1,
       0x83, 0x9a, 0x94, 0xfb, 0x1a, 0x58, 0x5a, 0xd7,
       0x2a, 0x7a, 0xac, 0x3c, 0x72, 0x56, 0x1f, 0xc0 },
-    { 0x01, 0x84, 0xb8, 0x58, 0xc0, 0x22, 0x4a, 0x51,
-      0x52, 0x41, 0x5c, 0x77, 0x68, 0x30, 0xa4, 0x42,
-      0x29, 0xf6, 0x44, 0xa3, 0x9e, 0xe5, 0x3e, 0x76,
-      0xcc, 0x02, 0xb9, 0x24, 0x71, 0xcf, 0x83, 0x9d },
     { 0x01, 0xd6, 0x0a, 0xe5, 0x22, 0x20, 0x8e, 0xc6,
       0xf5, 0x04, 0xd5, 0x91, 0xf9, 0x7a, 0x99, 0xa5,
       0xef, 0x25, 0x25, 0x98, 0x71, 0xe4, 0x77, 0x42,
@@ -54,10 +50,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x25, 0x1b, 0x4d, 0xc8, 0xfa, 0x7b, 0x2b, 0xd8,
       0xfd, 0x3a, 0x1c, 0x65, 0x2a, 0xa1, 0x16, 0xe7,
       0xfc, 0x70, 0x0b, 0x2a, 0xb5, 0x1a, 0x2a, 0x1a },
-    { 0x04, 0x3e, 0xd7, 0xff, 0x71, 0xbd, 0x65, 0xae,
-      0x28, 0x35, 0xb0, 0xcb, 0x38, 0x74, 0x8d, 0x0b,
-      0x08, 0x5f, 0x86, 0xf7, 0x5f, 0x2a, 0x96, 0xc8,
-      0xd4, 0x64, 0x00, 0x89, 0xbc, 0x58, 0x3d, 0x7b },
     { 0x04, 0x49, 0x38, 0x0a, 0x30, 0xbd, 0x6d, 0xbd,
       0x55, 0xdf, 0xe2, 0x54, 0xc8, 0x20, 0xa0, 0x77,
       0xff, 0x11, 0xca, 0xfc, 0x83, 0xb5, 0x0e, 0x0a,
@@ -106,18 +98,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x38, 0xde, 0x64, 0xa2, 0x4d, 0xd4, 0x27, 0x91,
       0x09, 0xe2, 0xbc, 0x02, 0x2b, 0x93, 0xb1, 0x05,
       0xa8, 0x94, 0xa5, 0x1a, 0xdc, 0x3e, 0xe5, 0xcc },
-    { 0x08, 0xc7, 0xb0, 0x23, 0xa9, 0x9a, 0x63, 0x74,
-      0x13, 0xde, 0x2c, 0x9d, 0x88, 0x09, 0x82, 0x33,
-      0x8d, 0x09, 0x36, 0xf1, 0x21, 0x25, 0x1e, 0x75,
-      0x58, 0x59, 0x12, 0x62, 0x92, 0xf9, 0x6b, 0x1a },
-    { 0x09, 0x06, 0x86, 0xa8, 0x02, 0xd8, 0x42, 0x73,
-      0x06, 0x33, 0x5b, 0xc4, 0x63, 0x5f, 0x95, 0x8f,
-      0x90, 0xb2, 0x76, 0xeb, 0x7b, 0x1a, 0x62, 0x7c,
-      0xbe, 0xa7, 0xf8, 0xa1, 0xd2, 0x44, 0xee, 0x8a },
-    { 0x09, 0x1f, 0x0a, 0xdd, 0x81, 0x63, 0xc3, 0x11,
-      0xb3, 0xdf, 0x6c, 0x8a, 0xba, 0x7b, 0xd3, 0x35,
-      0x0c, 0x52, 0xc4, 0xfc, 0xae, 0xc1, 0x67, 0x62,
-      0xf6, 0x64, 0xc4, 0xcb, 0xdc, 0xc5, 0x77, 0xc8 },
     { 0x09, 0x9f, 0x3e, 0x71, 0xb5, 0x00, 0xd1, 0x5b,
       0x03, 0x7b, 0x93, 0xaa, 0x5f, 0xb4, 0x16, 0x19,
       0x0a, 0xd1, 0xdf, 0x86, 0x73, 0xab, 0x31, 0xa8,
@@ -150,10 +130,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x2a, 0x27, 0xdd, 0x2a, 0x4d, 0x7e, 0x6b, 0xf1,
       0xe8, 0x04, 0x4b, 0x58, 0xce, 0x1a, 0xe8, 0x1e,
       0x27, 0xd8, 0x14, 0xfd, 0x2d, 0xc0, 0x18, 0x93 },
-    { 0x0b, 0x28, 0x58, 0xc0, 0x3b, 0xa3, 0xf1, 0x10,
-      0x18, 0x68, 0x8e, 0xc6, 0x2f, 0x1c, 0x17, 0x30,
-      0xdc, 0xa2, 0x20, 0x48, 0x57, 0xce, 0x5f, 0xad,
-      0xb6, 0x6c, 0xe6, 0x6b, 0xda, 0xb1, 0x70, 0x3d },
     { 0x0b, 0x48, 0xd5, 0x5c, 0xac, 0x84, 0xfd, 0xee,
       0x15, 0xd8, 0x1a, 0xff, 0x99, 0x07, 0xbb, 0x9a,
       0x57, 0x11, 0xa9, 0x5c, 0xe2, 0x3a, 0x8d, 0x4d,
@@ -162,10 +138,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x69, 0xd0, 0x5f, 0xd8, 0x67, 0xb6, 0x69, 0xf2,
       0x71, 0x24, 0xaf, 0xeb, 0x7c, 0x60, 0x8c, 0xfe,
       0x54, 0xcf, 0x46, 0x33, 0x06, 0xcc, 0x99, 0x2e },
-    { 0x0c, 0x02, 0xa0, 0x08, 0xa4, 0x98, 0xd9, 0x82,
-      0x26, 0x80, 0xec, 0x09, 0x73, 0x3b, 0x15, 0xcf,
-      0xe2, 0x66, 0x30, 0xda, 0x43, 0x94, 0x65, 0x82,
-      0xe5, 0xda, 0xca, 0x43, 0x89, 0x9d, 0x5f, 0x6f },
     { 0x0c, 0xa8, 0x11, 0xfe, 0xdb, 0x74, 0xbe, 0xad,
       0x8b, 0xb6, 0xa9, 0xef, 0x22, 0xe7, 0x3a, 0x5f,
       0x5f, 0x3f, 0x38, 0x53, 0xfd, 0xe6, 0xdb, 0xe3,
@@ -234,10 +206,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x4c, 0x2c, 0xf3, 0x94, 0x3f, 0x3e, 0xcf, 0x40,
       0xd6, 0x31, 0xd7, 0x60, 0xe4, 0x51, 0xef, 0x28,
       0x29, 0xaf, 0xfb, 0xee, 0x74, 0x80, 0xad, 0x17 },
-    { 0x14, 0xf3, 0xb4, 0x17, 0x3b, 0x9f, 0x8c, 0x81,
-      0x90, 0x39, 0x74, 0xe6, 0x4c, 0x68, 0xdf, 0xae,
-      0xb6, 0xb7, 0xd8, 0x4b, 0x94, 0x2a, 0xae, 0x78,
-      0x89, 0x03, 0xa1, 0x54, 0x01, 0x08, 0x57, 0xe7 },
     { 0x15, 0x27, 0x2a, 0xbc, 0x1f, 0x0c, 0x4d, 0x1d,
       0x1a, 0x92, 0x08, 0x73, 0x55, 0xa1, 0xe0, 0x42,
       0x6c, 0x2b, 0xb5, 0xb4, 0x37, 0x30, 0x00, 0xb8,
@@ -274,18 +242,10 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x86, 0x6f, 0xcc, 0x3e, 0x83, 0x4e, 0x9c, 0xb6,
       0x34, 0x14, 0x5c, 0xed, 0xc5, 0x6b, 0x61, 0x3d,
       0x2a, 0x1f, 0xe1, 0x3c, 0xf4, 0x0e, 0xdf, 0xd4 },
-    { 0x18, 0x04, 0xf7, 0x1e, 0x2c, 0x7a, 0xdc, 0x93,
-      0x38, 0xca, 0x1b, 0x71, 0xdf, 0x81, 0xf8, 0x3e,
-      0x59, 0xd4, 0xf4, 0x1c, 0xaf, 0x1d, 0x9f, 0x17,
-      0xd7, 0x87, 0x22, 0x4b, 0x0a, 0xf6, 0x46, 0xf3 },
     { 0x18, 0x1e, 0xbb, 0x29, 0x8d, 0x20, 0x68, 0x5c,
       0x48, 0xf7, 0x53, 0x89, 0x80, 0xc5, 0x63, 0xc8,
       0xf7, 0x48, 0x95, 0x4c, 0xf2, 0x64, 0x41, 0x9a,
       0x72, 0xfc, 0xc6, 0x34, 0x0a, 0x10, 0x23, 0x80 },
-    { 0x18, 0x41, 0x69, 0xc5, 0x5c, 0xa2, 0xe2, 0x44,
-      0xf5, 0xf3, 0x3e, 0x5e, 0x9b, 0x82, 0x89, 0x2b,
-      0x88, 0x5f, 0xd0, 0x2b, 0x0c, 0xea, 0xff, 0x5e,
-      0xb7, 0xec, 0x05, 0x30, 0x72, 0xe9, 0xf3, 0x39 },
     { 0x19, 0x77, 0x3e, 0xe9, 0xe9, 0x35, 0x6b, 0x88,
       0x11, 0xd6, 0x56, 0x79, 0x9c, 0x53, 0x16, 0x0b,
       0x61, 0x73, 0xfa, 0x8a, 0x81, 0x47, 0x97, 0xdb,
@@ -298,10 +258,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x0c, 0x95, 0x34, 0xe6, 0x84, 0xbb, 0x04, 0x9f,
       0xf1, 0xe2, 0x3b, 0x66, 0xa1, 0x33, 0x01, 0x2f,
       0xc3, 0x99, 0xeb, 0x4f, 0xb5, 0xd3, 0xaa, 0x35 },
-    { 0x1b, 0x56, 0xba, 0x1e, 0xff, 0xac, 0x97, 0x36,
-      0x60, 0x74, 0xce, 0x07, 0x24, 0xe7, 0x04, 0x59,
-      0xdf, 0x99, 0x82, 0x1c, 0x3f, 0xaf, 0x20, 0xde,
-      0x5c, 0x05, 0x30, 0x52, 0x52, 0xbe, 0x64, 0x3a },
     { 0x1b, 0x7b, 0xf8, 0xd9, 0xe8, 0x29, 0x3c, 0x53,
       0xdd, 0x59, 0xec, 0x97, 0xfe, 0x16, 0xf0, 0xea,
       0xb4, 0x68, 0x5b, 0x95, 0xce, 0x14, 0xd2, 0x62,
@@ -366,10 +322,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0xf7, 0x8d, 0xa6, 0xc8, 0xb1, 0xd7, 0x2c, 0x3b,
       0xa8, 0x31, 0x9a, 0x46, 0xf8, 0x19, 0x2d, 0x1e,
       0x19, 0xb9, 0xe2, 0x9a, 0xba, 0x18, 0xee, 0x87 },
-    { 0x22, 0x7a, 0x2b, 0xff, 0xab, 0xde, 0xe1, 0x8c,
-      0x2c, 0x54, 0xe6, 0xe9, 0xb5, 0x8a, 0xbd, 0xbf,
-      0x93, 0x07, 0xa4, 0x06, 0x2e, 0xda, 0x97, 0xd4,
-      0xf6, 0xc4, 0x48, 0x1b, 0xb6, 0xec, 0xa9, 0xe4 },
     { 0x23, 0x19, 0xcb, 0x3d, 0x58, 0xc6, 0xd5, 0x53,
       0x62, 0x5d, 0xe5, 0xf4, 0x25, 0x2b, 0xf0, 0x29,
       0xab, 0x83, 0x05, 0xeb, 0xf2, 0x2f, 0xa2, 0x3e,
@@ -394,14 +346,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0xbf, 0x53, 0xb5, 0x8a, 0xf2, 0x9a, 0xe1, 0x74,
       0xb9, 0x78, 0xba, 0xdb, 0x89, 0xa9, 0x50, 0xab,
       0x3e, 0x5f, 0x9b, 0x4d, 0x0d, 0xcd, 0xbc, 0x62 },
-    { 0x25, 0x1d, 0x5d, 0x22, 0x2f, 0x1e, 0x67, 0x1d,
-      0x72, 0x1e, 0x1c, 0x26, 0x39, 0xb3, 0xb6, 0xd2,
-      0x30, 0xb5, 0xc6, 0xb3, 0x0c, 0x8e, 0x34, 0xc8,
-      0x08, 0x75, 0x38, 0x8c, 0xcf, 0x23, 0xfb, 0x38 },
-    { 0x25, 0x5a, 0x49, 0x8b, 0xeb, 0x7c, 0x89, 0x42,
-      0x74, 0xe5, 0xe3, 0xd4, 0x3b, 0x27, 0xad, 0x66,
-      0x62, 0x0b, 0x90, 0xcb, 0x91, 0x62, 0xc4, 0x68,
-      0x5f, 0xa2, 0x6d, 0x85, 0xf5, 0xa4, 0x3a, 0xa0 },
     { 0x26, 0x03, 0xcb, 0xdf, 0x69, 0x75, 0xe3, 0x68,
       0x83, 0x7f, 0x95, 0x1a, 0x00, 0x49, 0xfd, 0xc3,
       0xc4, 0xb2, 0x39, 0xf0, 0x82, 0xf6, 0xbf, 0x89,
@@ -462,10 +406,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0xe9, 0xaa, 0x52, 0x1e, 0xaa, 0x76, 0xac, 0x7e,
       0x55, 0x73, 0x7b, 0xf4, 0x3e, 0x2b, 0x0c, 0x30,
       0xdd, 0xcf, 0x59, 0x87, 0x2e, 0xab, 0xe7, 0x7b },
-    { 0x2d, 0xd5, 0xe6, 0xd3, 0x73, 0x36, 0x34, 0x2f,
-      0x01, 0x1e, 0xb9, 0x7a, 0x2b, 0x77, 0x38, 0x9d,
-      0xe6, 0xd2, 0x23, 0x8d, 0x87, 0x69, 0x65, 0x08,
-      0x2f, 0xd7, 0x94, 0x47, 0x00, 0x50, 0xbe, 0x12 },
     { 0x2d, 0xde, 0xe4, 0x5f, 0x72, 0x78, 0x38, 0xde,
       0xad, 0xe6, 0x7e, 0x9c, 0xa7, 0x05, 0xeb, 0xb4,
       0xc2, 0xe9, 0x40, 0xae, 0x1b, 0x9d, 0x62, 0x35,
@@ -506,18 +446,10 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0xd1, 0x57, 0x39, 0xdd, 0xfa, 0xc1, 0x0c, 0x7e,
       0xfe, 0x5f, 0xa7, 0x96, 0xbf, 0xe0, 0x1e, 0xd1,
       0xa1, 0x25, 0xa9, 0x15, 0x8e, 0x2f, 0x1b, 0x17 },
-    { 0x32, 0xdb, 0xc4, 0x6b, 0x80, 0x80, 0x5a, 0x56,
-      0x97, 0x4b, 0x2a, 0x5d, 0xde, 0x67, 0x34, 0x28,
-      0xed, 0x03, 0xb0, 0x76, 0x5e, 0x15, 0xd9, 0x4c,
-      0x55, 0xe5, 0x4d, 0x2f, 0x55, 0x70, 0xf2, 0x0b },
     { 0x32, 0xef, 0x13, 0x33, 0x86, 0xbf, 0x0c, 0x63,
       0xcf, 0x29, 0xd6, 0x2b, 0x0d, 0x76, 0x88, 0x9e,
       0x9d, 0x9d, 0x53, 0x2e, 0xe4, 0x90, 0x38, 0x94,
       0x4d, 0xbc, 0x21, 0x49, 0xd8, 0xca, 0xa5, 0xd1 },
-    { 0x33, 0x03, 0x23, 0x10, 0x4c, 0x25, 0x2f, 0xce,
-      0xb9, 0xe6, 0x63, 0x0d, 0x9f, 0xe7, 0x1f, 0x17,
-      0xb6, 0xc2, 0x25, 0xa6, 0x5c, 0x76, 0x08, 0x15,
-      0xe4, 0x08, 0x74, 0x6c, 0x33, 0x1a, 0xb4, 0xf6 },
     { 0x33, 0xd1, 0x6c, 0xd9, 0xe8, 0x2e, 0xdf, 0xfd,
       0x0b, 0x3a, 0xfb, 0x46, 0xa6, 0x84, 0xc5, 0xa0,
       0xd1, 0x2f, 0x2b, 0x40, 0x58, 0x6d, 0x53, 0x2f,
@@ -526,10 +458,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0xa7, 0x24, 0xec, 0x19, 0x64, 0x50, 0x4a, 0x71,
       0x0a, 0xb9, 0x7b, 0xa1, 0x10, 0x3c, 0xd9, 0xb9,
       0x8c, 0x81, 0xd0, 0xab, 0xcf, 0x3b, 0x19, 0xbd },
-    { 0x34, 0x15, 0x1a, 0x33, 0x82, 0x78, 0xda, 0x7e,
-      0xc2, 0x62, 0x33, 0x81, 0x7d, 0x96, 0x44, 0xb5,
-      0x6f, 0x8f, 0x48, 0xc1, 0xc3, 0x70, 0xcd, 0x25,
-      0xfc, 0xe7, 0xde, 0x64, 0x54, 0x4f, 0xe9, 0x36 },
     { 0x34, 0x65, 0xc2, 0xf9, 0xa0, 0xcf, 0x36, 0xe5,
       0xee, 0xf0, 0x27, 0x1c, 0x52, 0x91, 0x2d, 0x58,
       0x6f, 0xb2, 0x0b, 0x94, 0x43, 0xe7, 0xd5, 0x82,
@@ -566,10 +494,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x44, 0xd6, 0xab, 0x39, 0xb7, 0xa8, 0x18, 0xf8,
       0x17, 0x6e, 0x65, 0x20, 0xdc, 0x86, 0x3d, 0xce,
       0x43, 0xb3, 0x98, 0xc3, 0x0b, 0x5e, 0xdb, 0x09 },
-    { 0x37, 0x87, 0x37, 0xcd, 0x85, 0x19, 0xba, 0xc5,
-      0x32, 0x2f, 0xdb, 0x28, 0xf4, 0x4a, 0x43, 0xc5,
-      0x09, 0xa5, 0x44, 0x7a, 0xd2, 0x68, 0x3b, 0xa1,
-      0x90, 0x05, 0xe3, 0x1b, 0x0d, 0x54, 0x8c, 0x6d },
     { 0x37, 0xc9, 0x7a, 0x48, 0xf5, 0xee, 0x3e, 0x68,
       0xcc, 0x24, 0xb5, 0x4e, 0x7c, 0x4d, 0x9f, 0x91,
       0xc7, 0xd1, 0x8b, 0x8d, 0xb6, 0x1e, 0x04, 0xee,
@@ -678,18 +602,10 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0xd1, 0xdb, 0xd3, 0x3d, 0x8d, 0x16, 0x34, 0xc4,
       0xfa, 0xfe, 0xb6, 0xf8, 0x05, 0xf1, 0xcc, 0xb5,
       0x34, 0xac, 0xb7, 0x2a, 0xed, 0xa2, 0xcd, 0x0a },
-    { 0x42, 0xb0, 0x75, 0xeb, 0xf9, 0xff, 0x9d, 0x6f,
-      0xcd, 0xf1, 0xba, 0x60, 0x80, 0x72, 0x8d, 0x21,
-      0xc9, 0xcd, 0x6f, 0xba, 0xa5, 0x45, 0xda, 0x03,
-      0x6c, 0xc6, 0x59, 0xcf, 0x90, 0x5f, 0xb3, 0x0c },
     { 0x43, 0x13, 0x91, 0xe1, 0x14, 0x14, 0xec, 0x0c,
       0x5c, 0xf5, 0xe7, 0xb3, 0x9c, 0x65, 0xfe, 0xdb,
       0x2e, 0xc8, 0x8c, 0x54, 0x48, 0xbf, 0x35, 0xee,
       0x17, 0x0d, 0xc3, 0xb5, 0xe1, 0x7e, 0xd0, 0x88 },
-    { 0x43, 0x30, 0xeb, 0xaf, 0x74, 0xbd, 0xd4, 0x36,
-      0x56, 0xa7, 0x2b, 0x3f, 0xab, 0x4d, 0x66, 0xdf,
-      0x0b, 0x45, 0xca, 0xb4, 0x93, 0x7d, 0x01, 0xbe,
-      0xb8, 0xde, 0x9b, 0x0f, 0x2f, 0xda, 0xae, 0xad },
     { 0x44, 0x12, 0x63, 0x80, 0xa0, 0x73, 0xfe, 0xa1,
       0xa2, 0x00, 0x4f, 0x71, 0x1d, 0xf2, 0xca, 0x47,
       0xc2, 0xc4, 0xb4, 0xff, 0x64, 0x4e, 0x76, 0xaf,
@@ -706,10 +622,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x92, 0xf5, 0x5b, 0x17, 0x26, 0x3a, 0xdd, 0x72,
       0x04, 0xa8, 0x0f, 0xe6, 0x24, 0x0c, 0x4d, 0x63,
       0xe8, 0x39, 0x59, 0x58, 0xf6, 0x94, 0xcd, 0x33 },
-    { 0x45, 0x86, 0xda, 0x12, 0xa9, 0x43, 0xe6, 0x33,
-      0xd0, 0xd4, 0x43, 0x91, 0x85, 0x44, 0x39, 0x57,
-      0x25, 0x58, 0x7f, 0x0a, 0xa8, 0x41, 0xca, 0xfd,
-      0xc6, 0xc8, 0x5d, 0x26, 0x1d, 0x3c, 0xd6, 0x79 },
     { 0x45, 0xcb, 0x86, 0xca, 0x97, 0x52, 0x29, 0xb7,
       0xd5, 0xda, 0xfc, 0x05, 0xeb, 0x0c, 0x53, 0x65,
       0x82, 0x3a, 0x91, 0xa9, 0x8b, 0x7d, 0xbe, 0x81,
@@ -722,10 +634,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x56, 0x71, 0x09, 0x2c, 0x02, 0x76, 0x7a, 0x25,
       0x0d, 0xe7, 0x0b, 0xf3, 0xe1, 0x53, 0x63, 0x69,
       0x66, 0xe6, 0x6e, 0xc5, 0x7e, 0x8e, 0xe9, 0xf5 },
-    { 0x46, 0xec, 0x1d, 0x4f, 0x78, 0xca, 0xa6, 0xec,
-      0x0b, 0xcb, 0x5c, 0x8c, 0x60, 0x63, 0x04, 0x73,
-      0x9b, 0xa5, 0x10, 0xb5, 0x97, 0xb4, 0xc8, 0x46,
-      0x30, 0x81, 0xf3, 0x1f, 0x7c, 0xdb, 0x4e, 0xc1 },
     { 0x47, 0x84, 0xf6, 0xcd, 0x59, 0x3d, 0x7b, 0x31,
       0x2e, 0xb1, 0xf6, 0x19, 0xe1, 0x11, 0xdf, 0x3b,
       0x48, 0x6d, 0x1b, 0xf8, 0x37, 0x15, 0xad, 0x8d,
@@ -746,18 +654,10 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x21, 0xfe, 0xf9, 0x3d, 0x26, 0x0c, 0x24, 0x8c,
       0xe3, 0xbe, 0x98, 0x62, 0x68, 0x68, 0xe7, 0x5a,
       0x3f, 0x63, 0x34, 0xbb, 0x7d, 0xc1, 0x81, 0xec },
-    { 0x49, 0xf3, 0x0d, 0xb3, 0x32, 0xf4, 0x53, 0x6a,
-      0xd4, 0x53, 0xbc, 0x68, 0x9c, 0x2c, 0x63, 0x10,
-      0x6f, 0xff, 0xc2, 0xb1, 0x86, 0x23, 0xaa, 0x0b,
-      0xde, 0xaa, 0xb4, 0xf9, 0xeb, 0x7c, 0x0e, 0x42 },
     { 0x4a, 0xcf, 0x9d, 0xa9, 0x05, 0x2f, 0x0b, 0x8c,
       0xff, 0xf7, 0x37, 0xcd, 0xa3, 0x39, 0x11, 0xc2,
       0x9e, 0xfc, 0xbf, 0xfd, 0x4b, 0xf4, 0xb7, 0x24,
       0x83, 0xfa, 0xa7, 0xc7, 0x45, 0x1d, 0xfd, 0x42 },
-    { 0x4a, 0xd2, 0x17, 0xa9, 0x6e, 0x15, 0x30, 0xcb,
-      0xc5, 0xde, 0xb8, 0x6a, 0xff, 0x27, 0x63, 0x55,
-      0x23, 0x59, 0xda, 0x5b, 0x59, 0x82, 0xe5, 0x38,
-      0xba, 0xb7, 0xc9, 0x2a, 0x15, 0x9c, 0xb8, 0x3c },
     { 0x4b, 0x1f, 0xc8, 0x2d, 0x24, 0x72, 0x92, 0x7a,
       0xc1, 0x7c, 0x58, 0x43, 0x07, 0xcb, 0x96, 0xd6,
       0xfd, 0xdb, 0x8d, 0x50, 0xa5, 0x29, 0x53, 0x07,
@@ -778,18 +678,10 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x9a, 0x37, 0x3d, 0x91, 0xa6, 0x1f, 0x23, 0x12,
       0x9d, 0x7b, 0x85, 0x3d, 0x79, 0x52, 0x87, 0xc9,
       0x5c, 0x7e, 0x17, 0x24, 0xa9, 0x1c, 0x53, 0xb3 },
-    { 0x4c, 0x33, 0x6e, 0x46, 0x9e, 0x9c, 0x01, 0xc3,
-      0x84, 0xab, 0x9a, 0xa2, 0x2e, 0x9e, 0x3f, 0x36,
-      0xf1, 0xe5, 0x9c, 0xfe, 0x05, 0x0f, 0x66, 0xec,
-      0x07, 0xd0, 0xfd, 0x02, 0x30, 0xcc, 0xf4, 0x23 },
     { 0x4c, 0x3a, 0x76, 0xd1, 0x2c, 0x70, 0x0c, 0x25,
       0x1b, 0x02, 0x04, 0xba, 0x9f, 0x27, 0xc0, 0xda,
       0xcb, 0x2e, 0x47, 0x37, 0x72, 0x64, 0xcd, 0x31,
       0xc4, 0xfe, 0xa4, 0xa4, 0x58, 0x5a, 0x99, 0x60 },
-    { 0x4c, 0x8a, 0x29, 0xb5, 0x81, 0x7d, 0x90, 0x99,
-      0xa4, 0xfe, 0xd1, 0xe7, 0x93, 0xb2, 0x8e, 0x2f,
-      0xaf, 0x6e, 0x87, 0x14, 0xee, 0x77, 0x60, 0xa7,
-      0xd5, 0x3e, 0x31, 0x15, 0x2c, 0x18, 0xac, 0xc2 },
     { 0x4c, 0xd0, 0xd6, 0x7e, 0xcc, 0x3b, 0x01, 0xc8,
       0xc2, 0x63, 0x4e, 0x7a, 0x73, 0x76, 0x12, 0xf6,
       0x3a, 0x17, 0xff, 0x51, 0x0a, 0x77, 0xa8, 0x04,
@@ -798,10 +690,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x46, 0x7f, 0x6f, 0x52, 0xad, 0x80, 0x4e, 0x19,
       0x1d, 0x5b, 0xc8, 0x13, 0x51, 0x72, 0x0e, 0xc0,
       0xd1, 0x9b, 0xd2, 0x5b, 0xf8, 0xf0, 0xa5, 0x53 },
-    { 0x4d, 0xe5, 0xa5, 0xde, 0x12, 0x4e, 0x27, 0x69,
-      0x81, 0x79, 0x67, 0x53, 0xdd, 0x20, 0x20, 0xb1,
-      0x10, 0x54, 0x09, 0x32, 0xf7, 0x4f, 0x97, 0x41,
-      0xd9, 0x6c, 0x1d, 0xb9, 0x50, 0x5d, 0x5f, 0xf1 },
     { 0x4e, 0x48, 0xc1, 0x6c, 0x9d, 0x0d, 0xe5, 0xdd,
       0x8c, 0x9c, 0x36, 0x37, 0x35, 0xdd, 0xfb, 0xc3,
       0xdb, 0xd2, 0x6e, 0xa0, 0xae, 0xcd, 0xe1, 0xc7,
@@ -866,18 +754,10 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x08, 0x60, 0x96, 0x78, 0xc4, 0x3b, 0xdd, 0xab,
       0x90, 0x28, 0xba, 0x6c, 0x17, 0x68, 0x4c, 0x51,
       0x22, 0x42, 0x62, 0x43, 0xcb, 0x61, 0x2a, 0x29 },
-    { 0x54, 0x41, 0xfb, 0xb0, 0x5d, 0x6d, 0x4a, 0xed,
-      0xe0, 0x3b, 0x48, 0x2f, 0x51, 0x95, 0x1c, 0x7e,
-      0xf0, 0x73, 0x45, 0x53, 0xce, 0xc7, 0x80, 0xfb,
-      0xdc, 0xfa, 0x30, 0x0c, 0xc1, 0x79, 0x0d, 0x66 },
     { 0x55, 0x21, 0xf9, 0x63, 0x57, 0x81, 0x58, 0xb8,
       0xd0, 0xe7, 0xc4, 0x91, 0xcd, 0xb8, 0x5c, 0x3d,
       0xe9, 0xd5, 0x2e, 0xa5, 0x1f, 0xfc, 0xb0, 0x93,
       0xd3, 0x12, 0x28, 0x11, 0x13, 0x14, 0x97, 0xeb },
-    { 0x55, 0xb2, 0x84, 0x5f, 0x48, 0x44, 0xa7, 0x72,
-      0x46, 0x36, 0x41, 0x78, 0xa1, 0x71, 0xc2, 0x26,
-      0xfc, 0xfd, 0x75, 0xc7, 0x63, 0xba, 0xd0, 0x87,
-      0xf6, 0x02, 0xe7, 0xb4, 0xac, 0xd9, 0xec, 0xb3 },
     { 0x55, 0xd0, 0xeb, 0xe3, 0x2c, 0xba, 0x09, 0xf6,
       0x58, 0x4d, 0x9e, 0x7b, 0x57, 0x92, 0xa4, 0x03,
       0xc2, 0x1d, 0x39, 0xd6, 0xe1, 0xf5, 0xe8, 0xed,
@@ -954,10 +834,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x5a, 0x91, 0x72, 0x90, 0xac, 0xa6, 0x5a, 0xfd,
       0x6e, 0xbd, 0xae, 0x05, 0xa0, 0x2a, 0xaf, 0x04,
       0x29, 0xe9, 0x72, 0xec, 0x01, 0x90, 0xec, 0xfc },
-    { 0x60, 0xca, 0x81, 0xe3, 0x5b, 0x9a, 0x6f, 0x07,
-      0xe1, 0x3c, 0x02, 0xae, 0x41, 0x15, 0xb0, 0x00,
-      0x54, 0x30, 0xcf, 0x46, 0x0e, 0xfc, 0x7d, 0xba,
-      0xf1, 0x5f, 0x51, 0xf7, 0xa9, 0x4a, 0xd1, 0x6a },
     { 0x61, 0x91, 0x5b, 0xc8, 0xdf, 0x67, 0x8c, 0x52,
       0xa2, 0x3c, 0x2d, 0x53, 0xc6, 0x47, 0x31, 0x4e,
       0x63, 0x6e, 0xef, 0xc5, 0x40, 0x81, 0xa7, 0x0d,
@@ -974,18 +850,10 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x4d, 0xf9, 0x1e, 0x31, 0x32, 0x2e, 0x57, 0x74,
       0x69, 0x1e, 0x0c, 0x41, 0xfa, 0x0d, 0x2f, 0x25,
       0x7a, 0xd7, 0xf9, 0xf0, 0x25, 0x98, 0x14, 0x45 },
-    { 0x64, 0xd4, 0x92, 0x41, 0x6e, 0xe0, 0x55, 0x57,
-      0x9c, 0x46, 0x3b, 0x21, 0x1a, 0xfe, 0xf7, 0x46,
-      0xc3, 0x30, 0xca, 0x05, 0xf4, 0x4d, 0x85, 0x90,
-      0x85, 0x59, 0x5d, 0x6f, 0x10, 0xe5, 0x0e, 0xc4 },
     { 0x65, 0x66, 0x00, 0xa4, 0x5e, 0x45, 0x6a, 0xba,
       0x5b, 0x00, 0x8d, 0x87, 0x91, 0x54, 0xb7, 0x69,
       0x0d, 0x7f, 0x27, 0x31, 0x02, 0x09, 0x7d, 0x8f,
       0xd8, 0xc3, 0xde, 0xab, 0x30, 0xd8, 0x4a, 0xb2 },
-    { 0x65, 0xc1, 0x3a, 0x93, 0x7f, 0xcd, 0x1e, 0xac,
-      0x7d, 0x52, 0x33, 0x03, 0xb9, 0x09, 0x91, 0x75,
-      0xfe, 0xb7, 0xc3, 0x57, 0x0f, 0xbd, 0xa2, 0xe5,
-      0x7d, 0x57, 0xd3, 0xfc, 0x47, 0x24, 0xdc, 0xb5 },
     { 0x65, 0xed, 0x61, 0xa8, 0x8c, 0x55, 0xef, 0xb0,
       0x38, 0x07, 0x1a, 0xee, 0xde, 0xf8, 0xe1, 0x83,
       0xe2, 0x37, 0x38, 0x46, 0x97, 0x26, 0xeb, 0x99,
@@ -998,10 +866,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x32, 0x11, 0x68, 0x0e, 0xad, 0x5c, 0x9e, 0x3d,
       0x12, 0x3c, 0x21, 0x24, 0xd3, 0xa2, 0xa4, 0xbd,
       0x78, 0x82, 0xf7, 0x36, 0x5a, 0x33, 0x05, 0xa3 },
-    { 0x66, 0x79, 0x28, 0x7e, 0xbb, 0xc5, 0x67, 0x48,
-      0xee, 0xd6, 0x8f, 0x9e, 0x4c, 0xcf, 0x24, 0xef,
-      0x96, 0xa4, 0x1f, 0x73, 0xbb, 0x83, 0x4a, 0x51,
-      0x71, 0x64, 0xf0, 0x41, 0xcc, 0x5d, 0x86, 0x05 },
     { 0x66, 0xbe, 0x7e, 0xa1, 0x13, 0x8b, 0xcb, 0xa4,
       0xde, 0x0b, 0x41, 0x28, 0x5d, 0x9a, 0x13, 0x3f,
       0xa7, 0xf5, 0x70, 0xa3, 0xc8, 0x13, 0x55, 0x79,
@@ -1014,10 +878,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x3f, 0x5f, 0x3e, 0x51, 0xcd, 0x75, 0x4e, 0x10,
       0x93, 0x27, 0x3d, 0x35, 0x69, 0x88, 0x80, 0x84,
       0x26, 0xf5, 0xdd, 0x2e, 0xd4, 0x8b, 0xbf, 0x49 },
-    { 0x68, 0x99, 0x4c, 0xfe, 0x06, 0x8d, 0xe8, 0x75,
-      0xec, 0x56, 0x82, 0xbe, 0x3c, 0x5c, 0xb3, 0x25,
-      0x47, 0x3b, 0x21, 0x25, 0xe6, 0xf1, 0xf3, 0xea,
-      0x57, 0xcc, 0x09, 0xfe, 0x25, 0xb5, 0xb6, 0x93 },
     { 0x69, 0x01, 0x4b, 0xbc, 0x84, 0x29, 0xd8, 0x5f,
       0x41, 0xc2, 0x22, 0xd9, 0x7f, 0x7e, 0xd5, 0x35,
       0xcf, 0x81, 0x23, 0x9a, 0xf2, 0x7a, 0xcc, 0x88,
@@ -1054,10 +914,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x10, 0x51, 0x29, 0xfa, 0x0b, 0xa2, 0x94, 0x4d,
       0xa8, 0x6a, 0xf1, 0xdb, 0x2d, 0x03, 0x4b, 0xe2,
       0xbb, 0x73, 0x64, 0x50, 0x0c, 0x05, 0xa6, 0xde },
-    { 0x6c, 0x8d, 0x4e, 0x52, 0x7e, 0x74, 0x08, 0x82,
-      0x6d, 0xb8, 0x4d, 0x04, 0x1a, 0x0e, 0x29, 0xd6,
-      0xde, 0x13, 0xa6, 0x1e, 0x63, 0x6b, 0xf6, 0xb6,
-      0xf5, 0xf6, 0x75, 0x42, 0x7a, 0xce, 0xce, 0x9e },
     { 0x6c, 0x8f, 0xd1, 0xe6, 0xe1, 0x1b, 0xaf, 0xa6,
       0x17, 0x78, 0x13, 0xa0, 0x44, 0x40, 0xb1, 0xb9,
       0x6a, 0x1c, 0xdb, 0x7c, 0x2d, 0x70, 0x3f, 0x55,
@@ -1082,18 +938,10 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x87, 0x41, 0xe6, 0x7b, 0x87, 0x6c, 0xcb, 0x8c,
       0xb5, 0x81, 0x11, 0x48, 0x82, 0x87, 0xda, 0x8c,
       0x30, 0x64, 0xe8, 0x2e, 0xcc, 0xc2, 0x70, 0x12 },
-    { 0x6e, 0x16, 0x35, 0x9e, 0x05, 0xeb, 0x14, 0xec,
-      0x86, 0xee, 0xe5, 0x9d, 0x01, 0x0c, 0xd6, 0x4f,
-      0x1d, 0x1b, 0x4b, 0xa1, 0xef, 0x46, 0xa2, 0x0f,
-      0x35, 0xc6, 0xa6, 0x3d, 0xc5, 0x3a, 0x2a, 0xcb },
     { 0x6e, 0x1a, 0x88, 0x63, 0xf2, 0x93, 0x4b, 0x39,
       0x01, 0x23, 0x7e, 0x84, 0xd0, 0x76, 0x27, 0x04,
       0x23, 0x06, 0x78, 0x7f, 0x2d, 0xe0, 0x66, 0x30,
       0xbd, 0x37, 0xd8, 0x03, 0x94, 0x35, 0xbf, 0xca },
-    { 0x6e, 0x1c, 0xb1, 0x2a, 0x08, 0x3c, 0x89, 0x08,
-      0xfb, 0x06, 0x04, 0x56, 0xee, 0xe8, 0x74, 0xed,
-      0xd9, 0xfa, 0x71, 0x3f, 0x26, 0x95, 0xee, 0x5e,
-      0xe8, 0x59, 0x84, 0x83, 0xe3, 0x02, 0x8f, 0x0b },
     { 0x6e, 0x99, 0x8d, 0xdd, 0xf2, 0x93, 0x9b, 0xfe,
       0x8c, 0xc5, 0x2a, 0x48, 0x0a, 0xc0, 0x6d, 0x69,
       0x71, 0xc5, 0xa3, 0xda, 0x97, 0xcf, 0x3e, 0xf0,
@@ -1154,18 +1002,10 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x00, 0xb4, 0x14, 0x73, 0xca, 0x44, 0xe6, 0x87,
       0x96, 0x38, 0x74, 0x3d, 0x8f, 0xee, 0x66, 0xee,
       0x71, 0x8c, 0x18, 0xd8, 0xf1, 0x12, 0x15, 0xd1 },
-    { 0x76, 0x73, 0x18, 0x0f, 0x9d, 0x9a, 0x85, 0x48,
-      0x4b, 0x5c, 0x16, 0x99, 0xa2, 0xdc, 0x17, 0xfc,
-      0x61, 0x13, 0xa3, 0xed, 0x5b, 0xc9, 0xc0, 0x55,
-      0x8c, 0xb8, 0x2d, 0xff, 0x9e, 0x50, 0x32, 0x09 },
     { 0x76, 0x98, 0x67, 0x60, 0xac, 0xfe, 0x55, 0x59,
       0xa2, 0xa2, 0xab, 0x2a, 0x4e, 0x85, 0x49, 0x83,
       0xc5, 0xfd, 0xe6, 0x73, 0xce, 0x8e, 0xb1, 0x71,
       0x23, 0x49, 0x48, 0x64, 0x86, 0x7a, 0x98, 0xb1 },
-    { 0x76, 0xca, 0x72, 0xcc, 0x37, 0xab, 0x2a, 0xa3,
-      0x83, 0x98, 0x71, 0x0f, 0x02, 0x20, 0xfa, 0xf3,
-      0x30, 0x1d, 0x54, 0x49, 0x38, 0xfb, 0x24, 0x19,
-      0x2d, 0xec, 0x32, 0xf7, 0x44, 0xe4, 0x22, 0x10 },
     { 0x77, 0xac, 0x72, 0x54, 0x6a, 0x39, 0xca, 0x2f,
       0x24, 0xe2, 0xd1, 0x3c, 0x0d, 0x74, 0x91, 0x5f,
       0x67, 0xbc, 0xd4, 0x37, 0x09, 0xa9, 0xe5, 0xdb,
@@ -1202,18 +1042,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x8a, 0xda, 0x2d, 0xdf, 0xbd, 0x06, 0x8a, 0xc3,
       0x5d, 0x0f, 0x9d, 0xfa, 0xe6, 0x70, 0xf3, 0xe3,
       0x95, 0xd4, 0x03, 0x7c, 0x3f, 0x8c, 0x4d, 0xd0 },
-    { 0x7a, 0x42, 0xd5, 0x7b, 0x05, 0x32, 0x4e, 0x85,
-      0x83, 0x55, 0x05, 0x58, 0x26, 0xb1, 0x55, 0x17,
-      0x42, 0x5b, 0x5a, 0x18, 0x9c, 0x17, 0xb4, 0x7c,
-      0x18, 0x4c, 0xac, 0xe7, 0xac, 0x63, 0x18, 0xd0 },
-    { 0x7b, 0x2c, 0x84, 0x1f, 0x5a, 0x96, 0x35, 0x28,
-      0xc8, 0x79, 0x9f, 0x4b, 0x71, 0x48, 0xf9, 0xf2,
-      0xa5, 0x05, 0x15, 0x76, 0x06, 0x9d, 0xef, 0xd9,
-      0xf6, 0xc0, 0xca, 0x31, 0x3d, 0xf2, 0xdb, 0x99 },
-    { 0x7b, 0x78, 0xbf, 0x4d, 0x71, 0x4e, 0xdf, 0xd5,
-      0xce, 0x84, 0xa3, 0x86, 0x6d, 0xdf, 0x14, 0x82,
-      0x36, 0xbd, 0x80, 0xfc, 0xca, 0x6b, 0x9e, 0xf2,
-      0x6d, 0xc5, 0xb0, 0xdf, 0x9f, 0xe3, 0xe2, 0x0f },
     { 0x7b, 0xfe, 0x47, 0xae, 0xba, 0x8b, 0x0a, 0x3a,
       0x94, 0x5a, 0x88, 0xd8, 0xef, 0x18, 0x91, 0xc9,
       0x89, 0x97, 0x8a, 0xbf, 0x12, 0x2e, 0xc5, 0xe0,
@@ -1238,10 +1066,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x6d, 0xe0, 0x9c, 0x14, 0xaf, 0xbb, 0xe0, 0xc3,
       0x41, 0x21, 0xac, 0xbb, 0x22, 0x22, 0x9f, 0x44,
       0xee, 0x5c, 0x3f, 0x4d, 0xde, 0x73, 0x50, 0x55 },
-    { 0x7f, 0xdd, 0xae, 0x79, 0x7d, 0xa7, 0x9c, 0x9f,
-      0xa8, 0xd6, 0x9c, 0x15, 0x79, 0x31, 0x69, 0x22,
-      0x13, 0x64, 0xea, 0x95, 0xe7, 0xc1, 0xb2, 0x39,
-      0x71, 0x32, 0x3d, 0xb1, 0xb0, 0x88, 0xde, 0x9c },
     { 0x80, 0x20, 0x56, 0xe1, 0xdb, 0x9d, 0x9b, 0x73,
       0x21, 0xd1, 0xff, 0xbb, 0xe1, 0x2f, 0x5c, 0xbe,
       0xde, 0xc3, 0x6d, 0x0b, 0x5e, 0xc2, 0xa4, 0xe1,
@@ -1410,10 +1234,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x5d, 0x6a, 0xe9, 0x75, 0x3e, 0x4d, 0x48, 0xb1,
       0x79, 0x23, 0xb9, 0x36, 0x5a, 0x6b, 0x4b, 0x97,
       0xc4, 0xec, 0xac, 0x4a, 0x4b, 0x37, 0x03, 0x4b },
-    { 0x8d, 0x85, 0xda, 0x44, 0x6f, 0x5c, 0x79, 0x54,
-      0xbd, 0xf7, 0x6c, 0x09, 0x0c, 0xd2, 0x46, 0x68,
-      0xff, 0x23, 0x3c, 0xcd, 0xf6, 0x6b, 0x94, 0xda,
-      0xd9, 0x92, 0x98, 0xeb, 0xcb, 0x16, 0x8d, 0xc5 },
     { 0x8e, 0x18, 0xfd, 0xbd, 0xb0, 0x08, 0x16, 0x00,
       0x35, 0xfa, 0xf5, 0x01, 0x5b, 0xe7, 0xda, 0xf4,
       0x63, 0xb5, 0xc4, 0x14, 0xea, 0xbc, 0x8b, 0x89,
@@ -1422,10 +1242,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x73, 0x15, 0x96, 0x35, 0x60, 0xf2, 0x6c, 0x8e,
       0xcb, 0x29, 0xa7, 0xa0, 0x28, 0x7f, 0x84, 0xe7,
       0xcc, 0x29, 0x99, 0x67, 0x5e, 0x41, 0xa0, 0x5d },
-    { 0x8f, 0x01, 0xe1, 0x2e, 0xf4, 0x24, 0x16, 0x9d,
-      0x2d, 0x5c, 0x2d, 0x25, 0x73, 0xd4, 0x97, 0x36,
-      0xe6, 0x9b, 0x05, 0x74, 0x1d, 0x31, 0xb1, 0x62,
-      0x61, 0xb5, 0xbd, 0xb3, 0xb4, 0x48, 0x77, 0xe2 },
     { 0x8f, 0x10, 0x10, 0x47, 0x93, 0xe8, 0x55, 0x42,
       0xbc, 0x06, 0x04, 0xd6, 0xcf, 0x21, 0x5f, 0x78,
       0x80, 0xbd, 0x6a, 0x4d, 0xd0, 0xfd, 0xf1, 0xe7,
@@ -1454,10 +1270,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0xbd, 0x9b, 0x51, 0x0c, 0xfd, 0xa8, 0x48, 0x49,
       0x72, 0xfd, 0xf0, 0xe0, 0x6d, 0xc1, 0x1f, 0x5d,
       0x1d, 0x59, 0x0b, 0xe3, 0xfc, 0x38, 0xdf, 0xf0 },
-    { 0x91, 0x02, 0x41, 0xa2, 0xdd, 0x40, 0xa2, 0x83,
-      0xea, 0x1f, 0x0f, 0x4f, 0x31, 0xc9, 0x48, 0x9d,
-      0x38, 0x45, 0x0f, 0x08, 0xca, 0x8b, 0xcc, 0x21,
-      0x87, 0xf6, 0x90, 0xb4, 0x4f, 0x37, 0x30, 0x17 },
     { 0x91, 0x6b, 0x1a, 0x6b, 0x61, 0x6c, 0x6d, 0x8a,
       0xc1, 0x49, 0xa3, 0x31, 0x04, 0x83, 0x51, 0x1a,
       0xf7, 0xa7, 0xd5, 0x3c, 0x60, 0x17, 0x9e, 0x7f,
@@ -1486,22 +1298,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x14, 0x27, 0xcb, 0xa7, 0x40, 0xbe, 0x2e, 0xb9,
       0x26, 0x88, 0x68, 0xbd, 0xac, 0xc1, 0xda, 0xa8,
       0x67, 0x02, 0xfa, 0xb7, 0x93, 0x70, 0xb8, 0xf9 },
-    { 0x93, 0xac, 0x4b, 0xbc, 0x6e, 0xbd, 0x52, 0x7e,
-      0xa9, 0x42, 0xaf, 0x29, 0x4a, 0x5d, 0xab, 0xd1,
-      0x4f, 0xe7, 0x7c, 0x5e, 0x6a, 0x4e, 0xeb, 0x14,
-      0xb8, 0x0d, 0x42, 0x9f, 0x39, 0xfd, 0xcc, 0xe7 },
-    { 0x94, 0x18, 0xef, 0x6d, 0x9f, 0xf6, 0x06, 0xfd,
-      0xc7, 0x55, 0x78, 0xf0, 0xf5, 0xde, 0xea, 0xb1,
-      0x39, 0x69, 0x80, 0xf5, 0xb5, 0xd3, 0x96, 0x9d,
-      0x7a, 0x0f, 0x23, 0x83, 0x70, 0x3f, 0x9b, 0xb1 },
-    { 0x94, 0x77, 0xcf, 0xec, 0xda, 0x46, 0x1d, 0xbc,
-      0x01, 0xa3, 0xa3, 0x0e, 0xa2, 0x64, 0x31, 0x42,
-      0x5b, 0xd1, 0xb1, 0x0c, 0xf7, 0xc2, 0xf2, 0x06,
-      0x0e, 0xcb, 0x39, 0xf7, 0xd4, 0x15, 0x5b, 0x0d },
-    { 0x94, 0xc5, 0x29, 0xaa, 0x2d, 0xfe, 0xb3, 0x9f,
-      0x5e, 0x6c, 0x66, 0xd3, 0x53, 0x37, 0x1e, 0xbc,
-      0xd2, 0xca, 0xed, 0xbd, 0x1f, 0x0e, 0x6c, 0x79,
-      0x75, 0x5e, 0xee, 0x61, 0xe9, 0xe6, 0x24, 0xf4 },
     { 0x94, 0xdc, 0x80, 0x07, 0x49, 0x1d, 0xa8, 0xbf,
       0xb7, 0x39, 0x14, 0xad, 0xce, 0xf7, 0x1a, 0x12,
       0x41, 0x58, 0xba, 0xd1, 0x7b, 0xa8, 0x8f, 0xa9,
@@ -1534,10 +1330,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0xb1, 0xad, 0xa6, 0x09, 0xe2, 0x00, 0x95, 0xfb,
       0xc3, 0x3a, 0x6b, 0xbc, 0x6a, 0x21, 0xd8, 0x0a,
       0x4e, 0xcb, 0x27, 0x3c, 0x60, 0xac, 0x2a, 0xc7 },
-    { 0x97, 0xd6, 0x24, 0xea, 0xc8, 0x80, 0x91, 0x03,
-      0x4a, 0x84, 0xb4, 0xdc, 0x63, 0x33, 0x92, 0x37,
-      0xda, 0xf4, 0xa2, 0xb0, 0xf6, 0xc6, 0xe2, 0x55,
-      0xe7, 0xec, 0xe6, 0x82, 0x59, 0x1d, 0x5e, 0xdc },
     { 0x97, 0xe2, 0x11, 0x70, 0x95, 0x44, 0x9c, 0xdf,
       0xc0, 0xa8, 0x3e, 0xd4, 0x9e, 0x65, 0x0a, 0xdf,
       0xd9, 0xbc, 0x0b, 0x3c, 0x50, 0x04, 0x9d, 0x7b,
@@ -1570,10 +1362,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x05, 0x5e, 0x28, 0x16, 0xc8, 0x37, 0x98, 0x54,
       0x89, 0x46, 0x76, 0xee, 0xb3, 0x4c, 0xf7, 0x2a,
       0x14, 0x83, 0x04, 0x97, 0xd8, 0x4a, 0x4f, 0x6c },
-    { 0x9a, 0x5d, 0x7a, 0xf0, 0xf3, 0xf4, 0x34, 0xba,
-      0x6e, 0x67, 0x37, 0x65, 0x2c, 0x42, 0x87, 0x6a,
-      0x8e, 0xc1, 0x9a, 0xce, 0x0c, 0x7c, 0xbf, 0x3e,
-      0xce, 0x5c, 0x32, 0x62, 0xae, 0xeb, 0x77, 0xd4 },
     { 0x9a, 0x5f, 0xab, 0xe5, 0x8a, 0x1e, 0xae, 0x4b,
       0x20, 0xba, 0xb3, 0xa7, 0xeb, 0x5e, 0x42, 0xa2,
       0xda, 0x83, 0x11, 0x59, 0x25, 0x7d, 0xd4, 0xe3,
@@ -1634,18 +1422,10 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0xf8, 0x63, 0x71, 0x97, 0xe8, 0x99, 0x68, 0xdb,
       0x86, 0x6a, 0xd0, 0x1a, 0x5d, 0x4e, 0xd5, 0x34,
       0x59, 0x48, 0x65, 0xb9, 0x70, 0x75, 0xf2, 0x60 },
-    { 0x9f, 0xe0, 0x91, 0x58, 0x70, 0x38, 0x5d, 0xdb,
-      0xb6, 0x2f, 0xa6, 0xe3, 0x23, 0x95, 0xeb, 0xe8,
-      0x33, 0x34, 0x46, 0x00, 0x43, 0x6d, 0xac, 0xc9,
-      0xb5, 0x69, 0x21, 0x4e, 0xeb, 0x8c, 0x0a, 0xf0 },
     { 0xa0, 0x05, 0x20, 0xb9, 0x68, 0xbf, 0xcb, 0x63,
       0x40, 0x87, 0x9f, 0xa8, 0x43, 0x82, 0x0c, 0xec,
       0x95, 0x45, 0x86, 0x0f, 0xe2, 0x9e, 0x2f, 0x8f,
       0xee, 0x00, 0xb0, 0x0f, 0xf8, 0x43, 0x42, 0x74 },
-    { 0xa0, 0x77, 0x42, 0xd5, 0xb2, 0x99, 0x96, 0x65,
-      0x06, 0x76, 0x2e, 0x02, 0xe4, 0x20, 0xf1, 0xa9,
-      0xc4, 0xab, 0x73, 0x29, 0xae, 0x29, 0x5f, 0x01,
-      0x5f, 0x74, 0x7d, 0xa1, 0x82, 0xa9, 0xc3, 0x9c },
     { 0xa0, 0xc2, 0xd2, 0x07, 0xa4, 0x7e, 0x18, 0xd0,
       0x37, 0x14, 0xd5, 0xb3, 0x44, 0x5d, 0x88, 0xbe,
       0x81, 0xff, 0x5e, 0x1d, 0x16, 0x07, 0x3d, 0xc1,
@@ -1662,10 +1442,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x75, 0x7a, 0x24, 0x52, 0xd5, 0xdb, 0xcd, 0x15,
       0x39, 0x4a, 0xc1, 0x1a, 0xf3, 0x8c, 0x2f, 0xea,
       0x0c, 0x7c, 0x39, 0x07, 0xfe, 0xc4, 0xb7, 0x8c },
-    { 0xa1, 0xf7, 0xa0, 0x7a, 0x4a, 0x67, 0xf6, 0xff,
-      0x96, 0xcb, 0x97, 0xb8, 0xad, 0x2b, 0x59, 0xbe,
-      0xf6, 0xb1, 0xf3, 0x03, 0x80, 0xab, 0x38, 0x3f,
-      0xad, 0xf1, 0x23, 0x95, 0xa4, 0xbb, 0x08, 0x14 },
     { 0xa2, 0x6b, 0xa6, 0x8b, 0xd5, 0x7f, 0x66, 0x70,
       0x89, 0xb7, 0x52, 0x56, 0x1d, 0x87, 0x12, 0xf0,
       0x8c, 0x7d, 0x96, 0x3d, 0x0f, 0xcd, 0x36, 0xac,
@@ -1678,10 +1454,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x02, 0x57, 0x46, 0x34, 0xde, 0x70, 0x7d, 0x2f,
       0x92, 0xf4, 0xd0, 0xcb, 0x90, 0xcd, 0xb6, 0x1d,
       0xd1, 0x95, 0x8b, 0xcf, 0x0c, 0x55, 0x20, 0x86 },
-    { 0xa5, 0x58, 0xcc, 0x2e, 0x2f, 0xe1, 0x06, 0x81,
-      0x12, 0x0b, 0xd2, 0x57, 0x94, 0xf8, 0xca, 0x20,
-      0xb0, 0x94, 0x3f, 0xbd, 0x13, 0x6e, 0x4b, 0x36,
-      0x77, 0x30, 0xf0, 0x5e, 0x71, 0x21, 0xf8, 0x97 },
     { 0xa5, 0x67, 0x98, 0x6c, 0xe0, 0xe3, 0x36, 0xf8,
       0x4f, 0xdc, 0x08, 0x15, 0xb8, 0x6e, 0xa3, 0x03,
       0x34, 0x3c, 0xf8, 0xc1, 0x0f, 0x37, 0x27, 0x83,
@@ -1698,26 +1470,14 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0xe1, 0x2d, 0xb4, 0x09, 0x97, 0x61, 0x71, 0xac,
       0xb5, 0x1f, 0xb3, 0xdc, 0xfb, 0xb7, 0x6e, 0xe3,
       0x84, 0x95, 0x39, 0xcd, 0x8a, 0xb0, 0x66, 0xdf },
-    { 0xa6, 0xf1, 0xfa, 0xc9, 0x75, 0x7d, 0xfc, 0xb0,
-      0x66, 0x9f, 0x1f, 0x54, 0x68, 0xac, 0xf6, 0xea,
-      0x83, 0x84, 0xb7, 0xc2, 0xc3, 0x0e, 0x40, 0xaa,
-      0xa9, 0x39, 0x21, 0xf2, 0x38, 0x72, 0xca, 0xed },
     { 0xa7, 0x08, 0x0d, 0xeb, 0x9a, 0xfe, 0x85, 0xba,
       0x27, 0xfe, 0xb4, 0xa9, 0xc2, 0xf9, 0xa7, 0x54,
       0xf3, 0xd5, 0xff, 0xe6, 0xc3, 0xc4, 0xee, 0x95,
       0x56, 0x63, 0x1c, 0xe7, 0xea, 0x20, 0x22, 0x72 },
-    { 0xa7, 0x0f, 0x0c, 0xe2, 0xd4, 0xfb, 0xe6, 0x63,
-      0x6a, 0x7a, 0x48, 0x94, 0x3c, 0xbd, 0x2d, 0x99,
-      0x0e, 0x40, 0xfa, 0xa6, 0xd8, 0x56, 0x87, 0x7f,
-      0x45, 0x5b, 0xf0, 0x15, 0xf5, 0x45, 0x11, 0x3c },
     { 0xa8, 0x53, 0xad, 0xc1, 0xc2, 0x18, 0x59, 0xaf,
       0x7c, 0x46, 0x2b, 0x4a, 0xa0, 0xa5, 0x74, 0xca,
       0x9f, 0xee, 0xfb, 0x18, 0x5a, 0x1f, 0xdb, 0xb6,
       0xc1, 0x0e, 0x17, 0xd6, 0x01, 0xb7, 0x09, 0x8f },
-    { 0xa8, 0x7f, 0x0d, 0xf3, 0xeb, 0x2c, 0x90, 0x1f,
-      0x11, 0x6f, 0x6a, 0x8b, 0x01, 0xe2, 0x95, 0xcd,
-      0x60, 0x72, 0x69, 0x5a, 0xb1, 0x65, 0x4b, 0x7b,
-      0xf9, 0xc4, 0x7e, 0x06, 0x20, 0x25, 0x6f, 0x81 },
     { 0xa8, 0xdf, 0xf0, 0x6a, 0x17, 0x35, 0xb4, 0x6d,
       0x17, 0xda, 0xeb, 0xc3, 0x43, 0x43, 0x18, 0x31,
       0x3b, 0x2d, 0x9e, 0x7c, 0x3e, 0xf4, 0x8f, 0x28,
@@ -1766,10 +1526,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x5a, 0xd4, 0xa3, 0xba, 0x3d, 0x4b, 0x01, 0x84,
       0x91, 0xf3, 0x66, 0x1a, 0x37, 0x9b, 0x3d, 0xfe,
       0xdd, 0x6f, 0xd3, 0xc3, 0x2e, 0xfa, 0x84, 0x7d },
-    { 0xac, 0x90, 0x98, 0xf6, 0x4f, 0xe1, 0x03, 0xc8,
-      0xc1, 0x40, 0x30, 0xdb, 0xce, 0xdd, 0x63, 0xd1,
-      0xd1, 0x7c, 0x33, 0x8e, 0xbd, 0x1d, 0x7d, 0xe5,
-      0x6c, 0x79, 0xd2, 0x1a, 0x6f, 0x2e, 0x47, 0xa7 },
     { 0xad, 0x69, 0x54, 0x5f, 0x9f, 0x85, 0x25, 0x5f,
       0xe4, 0x16, 0x51, 0x3d, 0x94, 0xdb, 0x31, 0x50,
       0x5f, 0x38, 0x4b, 0x52, 0x3c, 0x2c, 0xa2, 0x6e,
@@ -1814,10 +1570,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x14, 0xfd, 0x70, 0x27, 0x9f, 0xcc, 0x3c, 0xe9,
       0x25, 0xc5, 0x1f, 0xb7, 0x17, 0xe5, 0x87, 0x6f,
       0x29, 0x1b, 0xa1, 0x70, 0x73, 0x43, 0x85, 0x68 },
-    { 0xb2, 0xe5, 0xfa, 0xf7, 0xee, 0xbe, 0xd8, 0xc2,
-      0x9c, 0x7b, 0x83, 0x65, 0x3a, 0xf3, 0xfc, 0x9f,
-      0x8d, 0xe4, 0x6e, 0xe5, 0x3b, 0x64, 0x9c, 0x94,
-      0x53, 0x87, 0xb0, 0xcf, 0xf8, 0xb7, 0x14, 0x93 },
     { 0xb3, 0x0d, 0x88, 0x44, 0x30, 0x43, 0xf5, 0xf3,
       0x72, 0x32, 0xbb, 0x9b, 0xac, 0xb9, 0x94, 0xc5,
       0xba, 0xe9, 0x3a, 0x46, 0xfc, 0x87, 0xf1, 0x51,
@@ -1826,10 +1578,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x91, 0x04, 0xf9, 0x4f, 0xaa, 0x66, 0xe0, 0xcc,
       0xc0, 0x41, 0x34, 0xd5, 0x80, 0x9a, 0x2a, 0x26,
       0x70, 0xa3, 0xb7, 0xbc, 0x7d, 0xd9, 0x64, 0xf8 },
-    { 0xb3, 0x35, 0x93, 0x3f, 0xc9, 0x72, 0x3e, 0x9d,
-      0xaa, 0x0d, 0x0c, 0xe7, 0x1c, 0x66, 0x5a, 0xdd,
-      0xa5, 0xab, 0xda, 0xf3, 0x5a, 0xdb, 0x10, 0xd7,
-      0x6e, 0xdc, 0x9c, 0x8e, 0x4e, 0xba, 0x05, 0x6e },
     { 0xb3, 0x95, 0x0e, 0x0b, 0xd2, 0x2c, 0x39, 0xfa,
       0xb1, 0xdb, 0xd7, 0xbe, 0xb7, 0x42, 0x56, 0xaf,
       0xb1, 0x1d, 0xcb, 0x26, 0x35, 0x69, 0x70, 0x83,
@@ -1842,14 +1590,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x47, 0x4f, 0x92, 0x4f, 0xee, 0xf9, 0xb0, 0xbd,
       0x97, 0x9b, 0x36, 0x36, 0xc3, 0x4f, 0xf2, 0x72,
       0x3f, 0x67, 0x3c, 0x8e, 0xee, 0x2a, 0xf1, 0x52 },
-    { 0xb4, 0x2a, 0x78, 0xb0, 0x6f, 0x28, 0x15, 0xd4,
-      0xa0, 0x49, 0xfe, 0x83, 0xf3, 0xd2, 0x9b, 0x38,
-      0x5b, 0x90, 0xd3, 0xd0, 0x0b, 0xa8, 0x57, 0xd6,
-      0x2f, 0x19, 0x67, 0x81, 0xdd, 0xa3, 0xd1, 0x85 },
-    { 0xb4, 0xae, 0x2a, 0x6b, 0xfc, 0xa5, 0x31, 0xc9,
-      0x9c, 0x69, 0xb3, 0x5a, 0xfe, 0x67, 0x54, 0xfc,
-      0x49, 0x27, 0x5b, 0x6c, 0xca, 0xcd, 0xc8, 0x26,
-      0x9c, 0x27, 0x0c, 0xdb, 0x2b, 0x58, 0xc0, 0x8f },
     { 0xb4, 0xd4, 0x67, 0xfc, 0x5e, 0x97, 0xdb, 0x25,
       0xa1, 0xfd, 0xb0, 0x06, 0xd2, 0x77, 0x66, 0xb9,
       0x99, 0x5b, 0xb9, 0xc7, 0x7b, 0x66, 0x43, 0x97,
@@ -1890,10 +1630,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x18, 0x92, 0xe4, 0x77, 0x59, 0x59, 0xad, 0x8a,
       0x8c, 0x78, 0x2c, 0xef, 0x60, 0xec, 0xea, 0xbe,
       0x56, 0x19, 0x72, 0x9b, 0xb8, 0x1b, 0x4a, 0x10 },
-    { 0xba, 0x2f, 0xde, 0x44, 0xdd, 0xae, 0x01, 0x8a,
-      0x51, 0x06, 0xc5, 0x0c, 0x36, 0xa2, 0x33, 0x0d,
-      0xf4, 0x30, 0x68, 0x9e, 0x0a, 0x6d, 0xca, 0x6a,
-      0xbf, 0x85, 0x7f, 0xa2, 0xfd, 0xed, 0xe8, 0xd4 },
     { 0xba, 0x51, 0xaf, 0xf5, 0xd5, 0xd3, 0x10, 0x5f,
       0x34, 0xa2, 0xb3, 0x3a, 0x83, 0xe3, 0xad, 0xfd,
       0x12, 0xd7, 0x9c, 0xa6, 0x05, 0x90, 0x9d, 0x96,
@@ -1902,14 +1638,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0xa6, 0x1b, 0xc0, 0x91, 0x3d, 0xa1, 0xdf, 0x26,
       0xa1, 0xcf, 0xef, 0xf7, 0x45, 0x2d, 0x9b, 0xa3,
       0x6c, 0xac, 0x47, 0xa8, 0x5c, 0x7f, 0xf3, 0x48 },
-    { 0xbb, 0xaa, 0x32, 0x35, 0x0e, 0x2d, 0xc5, 0x06,
-      0x07, 0xaa, 0xc6, 0x5b, 0x29, 0x81, 0xd3, 0x97,
-      0xc8, 0xb9, 0xaf, 0x51, 0x22, 0x38, 0xca, 0xd4,
-      0xcb, 0xb3, 0x10, 0x07, 0x64, 0xe7, 0xa3, 0x94 },
-    { 0xbb, 0xad, 0x8a, 0x81, 0x54, 0xd7, 0xab, 0x8e,
-      0x3f, 0x3a, 0x67, 0x09, 0x7b, 0x4d, 0xb7, 0x44,
-      0x8f, 0x4b, 0x07, 0xe4, 0x7c, 0xda, 0xa6, 0xb8,
-      0x36, 0xed, 0xd2, 0x67, 0x68, 0xf9, 0x64, 0x92 },
     { 0xbc, 0x14, 0x2e, 0xba, 0xc2, 0x78, 0xa8, 0xfe,
       0x8c, 0xa8, 0xbc, 0x2c, 0x62, 0xfb, 0xcc, 0x40,
       0x17, 0xff, 0x24, 0x96, 0x98, 0xbe, 0xed, 0xfb,
@@ -1918,10 +1646,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0xd9, 0x70, 0x44, 0xfd, 0xe3, 0xe3, 0xf9, 0x00,
       0xfb, 0x1a, 0x0b, 0x04, 0x03, 0xb5, 0x81, 0x72,
       0x5f, 0x34, 0xe3, 0xc1, 0x90, 0x05, 0x60, 0x56 },
-    { 0xbd, 0xd5, 0x42, 0x49, 0xdd, 0xd5, 0x4b, 0xc7,
-      0x2a, 0xa7, 0xa7, 0x5f, 0x77, 0x63, 0xa8, 0x38,
-      0xcf, 0x4b, 0xa1, 0x7f, 0xb3, 0x64, 0x72, 0xba,
-      0x12, 0x69, 0x8c, 0x45, 0xdf, 0x88, 0xe8, 0x46 },
     { 0xbe, 0x68, 0x35, 0x4f, 0x7c, 0x36, 0x24, 0x2d,
       0xb6, 0x20, 0x4f, 0x20, 0x13, 0x1b, 0x01, 0xff,
       0x28, 0xb7, 0xdd, 0xff, 0x36, 0x2e, 0x42, 0x9b,
@@ -1938,10 +1662,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x76, 0x64, 0x4c, 0x58, 0xa4, 0xf2, 0xb6, 0x4e,
       0x62, 0xf8, 0x93, 0xf8, 0x04, 0xfb, 0x9a, 0x87,
       0xfe, 0xa3, 0x2c, 0x4c, 0x76, 0x45, 0x7f, 0x3b },
-    { 0xbe, 0xe5, 0x93, 0x20, 0xce, 0x39, 0xb6, 0xbb,
-      0x7a, 0xc7, 0x72, 0xcd, 0xf3, 0xd3, 0x0d, 0xfe,
-      0x57, 0xe0, 0x60, 0xcc, 0xa9, 0xe5, 0x4a, 0x62,
-      0x99, 0x96, 0xaa, 0x4f, 0xcb, 0xd4, 0xaf, 0x0e },
     { 0xbf, 0x38, 0xe6, 0xae, 0x32, 0x0f, 0x69, 0x16,
       0x16, 0x0d, 0xa6, 0x06, 0x86, 0x83, 0xbf, 0x49,
       0xf2, 0xb2, 0x2b, 0x25, 0x24, 0x84, 0x63, 0x68,
@@ -1950,10 +1670,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x49, 0x53, 0x52, 0x6d, 0xa9, 0xfd, 0x59, 0x96,
       0x9a, 0x82, 0xf1, 0xee, 0x81, 0xa7, 0x97, 0x98,
       0xa4, 0x17, 0x1e, 0x14, 0x59, 0x39, 0x19, 0x67 },
-    { 0xbf, 0xc6, 0x2c, 0x0a, 0x05, 0x85, 0xbc, 0x32,
-      0xd4, 0x0c, 0xbc, 0x2e, 0x24, 0xa4, 0x8e, 0x26,
-      0x43, 0x4a, 0xe3, 0x33, 0x27, 0xd7, 0xe9, 0x8d,
-      0x1c, 0x57, 0xb6, 0xc5, 0x28, 0x4b, 0x95, 0x7a },
     { 0xbf, 0xf4, 0x3a, 0x97, 0x20, 0x48, 0x2d, 0x13,
       0x4c, 0xd5, 0xee, 0x8a, 0x88, 0x99, 0xe1, 0xa7,
       0x36, 0xbf, 0x54, 0xa2, 0xb7, 0x86, 0x26, 0x9c,
@@ -1978,10 +1694,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x75, 0x19, 0x5e, 0x1b, 0x63, 0x04, 0x2b, 0x59,
       0x19, 0x09, 0xf1, 0xd7, 0xeb, 0x5d, 0x25, 0xf2,
       0x97, 0xae, 0x7a, 0x61, 0xc1, 0x53, 0x8f, 0x9e },
-    { 0xc1, 0x7c, 0xe3, 0xbe, 0xf9, 0xcc, 0x61, 0x0b,
-      0x71, 0x3c, 0xff, 0x47, 0xcc, 0xbe, 0x95, 0x8a,
-      0xa7, 0x78, 0x35, 0x8d, 0xcc, 0x7c, 0x52, 0x63,
-      0xc1, 0xaa, 0x7f, 0xe4, 0x22, 0xf3, 0x9b, 0xc6 },
     { 0xc1, 0x86, 0xbe, 0x26, 0xe4, 0x47, 0x89, 0x7c,
       0x48, 0x3c, 0x43, 0xfd, 0xc0, 0x86, 0xe2, 0x60,
       0x74, 0x17, 0xeb, 0x3e, 0xa7, 0x88, 0xec, 0x03,
@@ -1990,18 +1702,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x11, 0xa5, 0xba, 0x93, 0x12, 0x1d, 0xe7, 0xa3,
       0x95, 0x98, 0x4e, 0x84, 0x44, 0x4e, 0x58, 0xf1,
       0x63, 0xb7, 0xa6, 0x20, 0xae, 0x3b, 0xbf, 0xa8 },
-    { 0xc1, 0xe8, 0x95, 0xa8, 0x27, 0x96, 0x4b, 0x9c,
-      0x04, 0x91, 0x69, 0xad, 0xff, 0x9a, 0x30, 0x32,
-      0xd8, 0x70, 0x6a, 0x71, 0x7a, 0xcd, 0xb6, 0xf3,
-      0x39, 0x44, 0xff, 0xa9, 0x62, 0xc6, 0x0d, 0x44 },
-    { 0xc2, 0x17, 0x03, 0x01, 0xd2, 0x2f, 0x8d, 0xc0,
-      0x42, 0xdc, 0xed, 0xd8, 0x3a, 0x92, 0x05, 0xc6,
-      0x95, 0x25, 0x6f, 0x18, 0x4e, 0xd4, 0xbd, 0x5b,
-      0x52, 0x98, 0x28, 0x0a, 0xa6, 0x73, 0xb3, 0x7f },
-    { 0xc2, 0x29, 0xee, 0xbb, 0x9e, 0x1a, 0x91, 0x38,
-      0x80, 0x87, 0xa3, 0xe0, 0x5f, 0x0c, 0x8a, 0x6b,
-      0xb6, 0x84, 0x25, 0x6e, 0x34, 0x06, 0x68, 0xee,
-      0xa2, 0x14, 0x01, 0x1d, 0x75, 0x2e, 0xf6, 0xb2 },
     { 0xc2, 0xad, 0xdf, 0x99, 0xcf, 0xc4, 0x2c, 0xe0,
       0xe5, 0xa0, 0x93, 0xbc, 0xbf, 0x87, 0x40, 0x7c,
       0x61, 0x1f, 0x9d, 0x0a, 0xbf, 0x2a, 0x35, 0xd6,
@@ -2018,14 +1718,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0xfa, 0xe8, 0x9c, 0x45, 0x14, 0x3f, 0x20, 0xcc,
       0x1b, 0x3e, 0x18, 0x1d, 0x29, 0xc2, 0xd0, 0xe8,
       0xff, 0x7d, 0x3f, 0x2a, 0x66, 0xb1, 0x82, 0xfe },
-    { 0xc3, 0xde, 0xf4, 0xb0, 0xd7, 0xf0, 0x81, 0xc7,
-      0xfb, 0x88, 0x91, 0x0d, 0xbd, 0xa3, 0x14, 0xde,
-      0x57, 0xa9, 0xcf, 0xdb, 0x40, 0xf8, 0x64, 0x7e,
-      0xf2, 0x88, 0xce, 0xc9, 0x67, 0x3e, 0x00, 0x0c },
-    { 0xc4, 0x85, 0x0e, 0x1c, 0x62, 0xb1, 0x7c, 0xef,
-      0xd0, 0xdc, 0x64, 0xd4, 0xa8, 0x66, 0x95, 0x3e,
-      0x11, 0x54, 0xdc, 0x88, 0xd9, 0xbd, 0x96, 0x16,
-      0x47, 0xb6, 0xb2, 0x34, 0x1d, 0x85, 0xd9, 0xba },
     { 0xc4, 0x87, 0xa2, 0x59, 0x81, 0x9b, 0x56, 0xd3,
       0x15, 0x9d, 0xd1, 0x73, 0x15, 0x7e, 0x86, 0x45,
       0xb7, 0x0b, 0xca, 0x29, 0x08, 0xcb, 0x2c, 0x5b,
@@ -2054,10 +1746,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x21, 0xaf, 0x00, 0x82, 0x25, 0xca, 0xbe, 0x40,
       0x4f, 0x73, 0x8c, 0x27, 0x8a, 0x4a, 0x42, 0x87,
       0xf1, 0xee, 0x38, 0x01, 0x27, 0xc5, 0x61, 0xfa },
-    { 0xc6, 0x89, 0xb9, 0x95, 0x6c, 0x73, 0x11, 0xd7,
-      0x34, 0x6a, 0x7f, 0xa3, 0x8b, 0x2c, 0xcd, 0xe3,
-      0xef, 0xee, 0x85, 0x3d, 0x7c, 0x2c, 0x41, 0x4f,
-      0x81, 0xf3, 0xb0, 0x64, 0xe6, 0xaf, 0x1f, 0x49 },
     { 0xc6, 0xa4, 0x24, 0xbf, 0x7c, 0xfe, 0x31, 0x72,
       0x74, 0x7a, 0x47, 0x14, 0xa0, 0xef, 0xb9, 0x17,
       0x93, 0x8c, 0x5e, 0xbd, 0x59, 0x12, 0x9d, 0xed,
@@ -2222,10 +1910,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x17, 0x61, 0xf7, 0xc0, 0xff, 0x68, 0x9d, 0xde,
       0x47, 0x74, 0x99, 0x85, 0xe1, 0xee, 0x8b, 0x5c,
       0x89, 0x61, 0xdd, 0x8f, 0x6a, 0x78, 0xbb, 0xf5 },
-    { 0xd8, 0x18, 0xa4, 0x72, 0x70, 0xfd, 0xcd, 0x56,
-      0x4c, 0x8c, 0xef, 0xbc, 0x28, 0xf7, 0x6d, 0x93,
-      0x0b, 0x6c, 0x0d, 0xae, 0x09, 0xd9, 0x3d, 0x24,
-      0x20, 0xeb, 0x7c, 0xde, 0x20, 0x59, 0xad, 0xba },
     { 0xd9, 0x2e, 0x3e, 0xe3, 0x82, 0xc8, 0xdc, 0xaf,
       0xa0, 0x39, 0x3d, 0x9f, 0x9a, 0x00, 0xbf, 0x4c,
       0xd9, 0xd5, 0x64, 0x26, 0x2b, 0x18, 0x0f, 0x68,
@@ -2266,18 +1950,10 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0xc6, 0xe8, 0x44, 0x63, 0xfd, 0x47, 0x78, 0x15,
       0x8f, 0x3a, 0x18, 0xce, 0x89, 0x67, 0x7b, 0x01,
       0xe6, 0xff, 0x5b, 0xa7, 0x2f, 0xa4, 0xd0, 0xf6 },
-    { 0xde, 0x01, 0xa7, 0x27, 0x1a, 0x95, 0x3d, 0xa2,
-      0xf0, 0xfd, 0xdb, 0x6b, 0x37, 0xfe, 0x00, 0x28,
-      0xde, 0x8b, 0x7d, 0x3c, 0xe5, 0x79, 0x1b, 0x45,
-      0x0d, 0xd2, 0x83, 0xb2, 0x0a, 0xdb, 0x05, 0xd2 },
     { 0xde, 0x5c, 0x3d, 0x09, 0x58, 0xa6, 0x12, 0xbd,
       0x6d, 0x48, 0x09, 0x15, 0x03, 0x3d, 0x97, 0x15,
       0x58, 0xdf, 0x35, 0xce, 0xb1, 0xc9, 0x18, 0xe6,
       0x9a, 0x01, 0x34, 0x51, 0xe4, 0x50, 0x95, 0xb8 },
-    { 0xde, 0x77, 0xea, 0xdb, 0xcb, 0xc2, 0x05, 0xdd,
-      0x55, 0xa0, 0xe1, 0x18, 0xca, 0x67, 0x74, 0xf9,
-      0x58, 0x09, 0xa8, 0x2c, 0xa0, 0x1b, 0x2d, 0x5e,
-      0x85, 0x72, 0xe6, 0x17, 0xb6, 0xab, 0xf4, 0x72 },
     { 0xde, 0xcd, 0xb9, 0xfc, 0x1d, 0xde, 0xc9, 0x7e,
       0x09, 0xc3, 0x02, 0x6a, 0xce, 0xb7, 0x6b, 0xda,
       0xe9, 0xde, 0xb6, 0x62, 0x75, 0x1d, 0xda, 0x34,
@@ -2298,18 +1974,10 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x1a, 0x33, 0x01, 0x7a, 0x9a, 0xc2, 0x5d, 0xda,
       0xfb, 0x5e, 0xa1, 0x12, 0xc9, 0x56, 0xb0, 0x02,
       0xfe, 0x6c, 0x79, 0x80, 0x14, 0xaa, 0x90, 0x65 },
-    { 0xe0, 0xdd, 0xe1, 0x29, 0xd2, 0x60, 0xc3, 0xda,
-      0xb6, 0x91, 0xd8, 0x1d, 0xab, 0xad, 0x73, 0x4c,
-      0x9a, 0xdc, 0x61, 0xd2, 0x0c, 0x1a, 0xe1, 0xb6,
-      0x72, 0x4e, 0x7b, 0x27, 0x92, 0x75, 0xda, 0x35 },
     { 0xe1, 0xb2, 0xe8, 0x6b, 0x0d, 0xa8, 0x69, 0xe9,
       0x25, 0x26, 0x6c, 0x1b, 0x56, 0x88, 0x34, 0x5a,
       0x17, 0xb0, 0xf6, 0xe2, 0xa2, 0x14, 0x94, 0x54,
       0x7e, 0xac, 0x09, 0x7c, 0x8b, 0xf5, 0x3c, 0x5a },
-    { 0xe1, 0xd4, 0xbb, 0x78, 0x58, 0x58, 0x9e, 0x08,
-      0x7e, 0x01, 0xae, 0x85, 0x99, 0x5a, 0x5c, 0x2f,
-      0xd0, 0xac, 0xed, 0xf4, 0x40, 0x55, 0xff, 0x96,
-      0x73, 0x8f, 0x2b, 0x32, 0xb3, 0x31, 0x6e, 0xb0 },
     { 0xe1, 0xd6, 0x44, 0xa0, 0x96, 0xbd, 0x8a, 0x6c,
       0xac, 0xbb, 0xda, 0x3e, 0x7f, 0xc3, 0x38, 0xea,
       0xdd, 0xc1, 0x2f, 0x23, 0x6c, 0x72, 0x61, 0xe4,
@@ -2390,10 +2058,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0xc0, 0x67, 0x8d, 0x74, 0x54, 0xd0, 0x79, 0x6d,
       0xde, 0xa0, 0xd2, 0x84, 0xdd, 0xaa, 0x79, 0x4d,
       0x04, 0x42, 0x0e, 0xda, 0x97, 0x71, 0xc5, 0x1a },
-    { 0xea, 0x81, 0xee, 0xeb, 0x60, 0x6b, 0xc9, 0x1c,
-      0x0e, 0x07, 0xda, 0x1f, 0x86, 0x04, 0x89, 0x3c,
-      0x1d, 0x17, 0x84, 0x60, 0xde, 0xe8, 0x7e, 0xd5,
-      0x37, 0xff, 0x8d, 0x85, 0xe4, 0x00, 0x02, 0xf5 },
     { 0xeb, 0x11, 0x63, 0xaa, 0xef, 0xe8, 0xfd, 0x88,
       0xe1, 0x32, 0x7b, 0x48, 0xa9, 0xc0, 0x06, 0x2e,
       0x06, 0xf0, 0xa6, 0xea, 0xa0, 0xa0, 0x18, 0x24,
@@ -2402,10 +2066,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x5a, 0x76, 0x07, 0x64, 0x3e, 0x15, 0x26, 0x0d,
       0x1c, 0x93, 0xfd, 0x9b, 0xe0, 0xfa, 0xb1, 0x0b,
       0x76, 0xdc, 0x96, 0x86, 0xf6, 0x54, 0xc6, 0xe5 },
-    { 0xec, 0x27, 0x05, 0x63, 0xb0, 0x5a, 0x06, 0xe5,
-      0xaa, 0xa5, 0xe6, 0xd5, 0xbb, 0xcc, 0x17, 0xcd,
-      0x1c, 0xb5, 0xb2, 0xa9, 0x4d, 0x93, 0x84, 0x75,
-      0xf1, 0x58, 0x17, 0x6f, 0x4d, 0x84, 0xf4, 0x53 },
     { 0xec, 0x4b, 0xbd, 0xeb, 0x15, 0x12, 0x1d, 0x96,
       0x76, 0x4d, 0x6c, 0x01, 0xb2, 0x7e, 0xd5, 0xae,
       0x86, 0x46, 0x5c, 0x46, 0xd5, 0xa4, 0x0e, 0x34,
@@ -2414,18 +2074,10 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0xf0, 0x95, 0x3a, 0x2a, 0x91, 0x83, 0x39, 0xe3,
       0x6f, 0x3c, 0xb6, 0xb8, 0xd8, 0xb8, 0x9e, 0x91,
       0x74, 0x23, 0xda, 0xce, 0xac, 0xe6, 0xd5, 0x8a },
-    { 0xec, 0x79, 0x76, 0xc2, 0xb8, 0x10, 0x31, 0xf5,
-      0x88, 0x49, 0x5b, 0xc1, 0x9f, 0x51, 0xb0, 0x36,
-      0xf8, 0x4f, 0x48, 0x1d, 0x9b, 0x15, 0x73, 0xd9,
-      0x8a, 0x7c, 0x32, 0x67, 0xc0, 0x63, 0x1e, 0x00 },
     { 0xec, 0xce, 0x4e, 0x52, 0x82, 0xfd, 0x2e, 0xe0,
       0x03, 0xa4, 0x03, 0x2c, 0x80, 0xd3, 0x32, 0x1a,
       0x69, 0x47, 0x25, 0x98, 0x94, 0x59, 0x09, 0xcb,
       0x25, 0x55, 0x7a, 0xa8, 0x47, 0x74, 0x2d, 0xdf },
-    { 0xed, 0x2b, 0x81, 0xa0, 0xf8, 0xf1, 0x46, 0x5e,
-      0xa2, 0xf4, 0x17, 0xa4, 0xe8, 0x34, 0xc2, 0x2a,
-      0x22, 0xee, 0x7a, 0x9d, 0xdf, 0x59, 0xa8, 0x3b,
-      0x89, 0x82, 0xb0, 0xe1, 0x07, 0x19, 0x64, 0x42 },
     { 0xed, 0x5b, 0xb8, 0x6a, 0x95, 0xa5, 0xfe, 0x2b,
       0x17, 0x08, 0xf2, 0x56, 0x75, 0x4a, 0x89, 0xc4,
       0x29, 0x67, 0x9b, 0x30, 0x75, 0x8e, 0xe0, 0x12,
@@ -2482,10 +2134,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x38, 0xed, 0xb5, 0x9f, 0x0f, 0x99, 0x23, 0xc6,
       0xd4, 0x11, 0x0a, 0x4b, 0x3a, 0xc8, 0xac, 0x76,
       0x55, 0x6a, 0x0c, 0x92, 0x44, 0xf0, 0x3f, 0xc1 },
-    { 0xf1, 0x46, 0x85, 0xc4, 0xc1, 0x0c, 0x79, 0xfc,
-      0x97, 0xe1, 0x84, 0xea, 0x7d, 0x22, 0xf8, 0xee,
-      0x4a, 0x81, 0xd0, 0x56, 0x95, 0xab, 0x08, 0xd2,
-      0x5d, 0x4a, 0x73, 0x3b, 0x60, 0xb4, 0x70, 0xdf },
     { 0xf1, 0x9a, 0xe4, 0x7d, 0x93, 0x67, 0x16, 0x52,
       0x78, 0xe1, 0x66, 0xed, 0x44, 0xff, 0xc3, 0x7e,
       0x5b, 0x28, 0x19, 0x6c, 0x01, 0x4b, 0xf1, 0x18,
@@ -2506,10 +2154,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x5f, 0x07, 0x09, 0x6a, 0xf4, 0xb8, 0xbe, 0xdc,
       0x16, 0x3c, 0x0f, 0x6e, 0xd5, 0x34, 0x6e, 0xfc,
       0x28, 0xe8, 0xcf, 0xaf, 0x84, 0x2f, 0xa5, 0xd9 },
-    { 0xf4, 0x2a, 0x12, 0xa1, 0x43, 0x57, 0xc0, 0xcf,
-      0x12, 0x2b, 0xbd, 0x82, 0x77, 0x69, 0xfb, 0x56,
-      0xdb, 0xf5, 0xb6, 0xee, 0x89, 0x4f, 0x02, 0x5b,
-      0x9a, 0xde, 0x25, 0x88, 0xa9, 0xb5, 0x5d, 0x9b },
     { 0xf5, 0x82, 0xf1, 0x66, 0xb8, 0x2b, 0xed, 0x47,
       0xef, 0xe3, 0x66, 0x1a, 0xa8, 0x02, 0x32, 0xfa,
       0x81, 0x67, 0xd2, 0xe8, 0x97, 0x96, 0xa3, 0x66,
@@ -2554,10 +2198,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0xad, 0x25, 0x74, 0x25, 0xaa, 0xe7, 0x20, 0x01,
       0x40, 0x05, 0xb4, 0x15, 0x91, 0x2d, 0xbb, 0x8c,
       0x0b, 0xc9, 0x99, 0xaf, 0x48, 0x48, 0xcf, 0xe5 },
-    { 0xfa, 0x2a, 0x2f, 0x77, 0x8c, 0xbe, 0xf9, 0xf1,
-      0xb4, 0xa8, 0xfc, 0x57, 0xbf, 0x79, 0x5f, 0x1f,
-      0x8c, 0xf6, 0x23, 0xdb, 0x15, 0xbe, 0x65, 0x81,
-      0xeb, 0xa3, 0x6b, 0x2a, 0x86, 0x49, 0xd2, 0x1e },
     { 0xfb, 0x9a, 0xf7, 0x9d, 0xea, 0x18, 0xaf, 0x62,
       0x99, 0x85, 0x0e, 0x25, 0x15, 0x9b, 0x4f, 0xb2,
       0x24, 0xcb, 0xb0, 0xf1, 0x4e, 0xad, 0x7e, 0x85,
@@ -2598,10 +2238,6 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0x12, 0x71, 0xbf, 0xf6, 0x7a, 0x7a, 0x0a, 0x93,
       0xb2, 0x19, 0xdd, 0x5e, 0x5d, 0xcc, 0x12, 0x58,
       0x59, 0x4d, 0x96, 0xfc, 0xe1, 0x93, 0xb8, 0x60 },
-    { 0xfc, 0xf6, 0x81, 0x39, 0x64, 0x2f, 0x8d, 0x79,
-      0xa4, 0x86, 0x15, 0xe4, 0x44, 0xce, 0xd6, 0x90,
-      0xfa, 0x60, 0xeb, 0xfd, 0x0a, 0x06, 0x0a, 0x49,
-      0x93, 0x89, 0x98, 0x8a, 0x2c, 0x2c, 0x05, 0xce },
     { 0xfd, 0x9c, 0xfe, 0x14, 0xda, 0xd8, 0x97, 0x8c,
       0x5b, 0xc8, 0x88, 0x93, 0x8f, 0x16, 0xf3, 0xb3,
       0x98, 0xf7, 0x63, 0xa3, 0xad, 0xaf, 0xaa, 0x4a,
@@ -2622,26 +2258,14 @@ const uint8_t kCNNICDVWhitelist[][crypto::kSHA256Length] = {
       0xff, 0xcb, 0x68, 0xd0, 0x76, 0x4e, 0xcb, 0x2a,
       0x87, 0xca, 0xa0, 0xae, 0x4c, 0xb5, 0x66, 0x62,
       0x21, 0x04, 0xd3, 0x6f, 0xfb, 0x52, 0xcb, 0x29 },
-    { 0xfe, 0xaa, 0xbd, 0xd7, 0x92, 0xa4, 0x31, 0x68,
-      0x99, 0x98, 0x3e, 0xf5, 0x7b, 0xea, 0x99, 0xbe,
-      0x81, 0x15, 0x6d, 0x47, 0x9c, 0xdf, 0x7b, 0x81,
-      0xf5, 0x58, 0x49, 0x60, 0x92, 0xd3, 0x17, 0x16 },
     { 0xfe, 0xb8, 0xf0, 0x0c, 0x83, 0xea, 0x05, 0xbd,
       0xa2, 0x85, 0x0e, 0xc5, 0xbb, 0x77, 0x43, 0xe4,
       0x42, 0xeb, 0xf4, 0x31, 0xe3, 0xba, 0x75, 0x4a,
       0xa2, 0xd9, 0x47, 0x5e, 0x98, 0x0b, 0x6e, 0x3a },
-    { 0xff, 0x0e, 0x31, 0x58, 0x55, 0x2a, 0x28, 0x10,
-      0xa9, 0x71, 0x3d, 0xe8, 0x3b, 0x03, 0x25, 0xa1,
-      0x16, 0x4a, 0xa6, 0x0e, 0x9c, 0xe5, 0x74, 0x20,
-      0x1d, 0x6b, 0x9b, 0x8b, 0xea, 0xba, 0x1f, 0x47 },
     { 0xff, 0x82, 0x6e, 0x2d, 0x0c, 0xb7, 0x71, 0x68,
       0x68, 0x67, 0x5a, 0xe4, 0xb4, 0x31, 0xb6, 0x37,
       0x1e, 0x9f, 0x0c, 0xdf, 0xcc, 0xb4, 0x9d, 0x43,
       0xba, 0x30, 0x49, 0xbf, 0xdd, 0x2c, 0x41, 0xb1 },
-    { 0xff, 0xc9, 0x74, 0x1a, 0x5e, 0x6a, 0x5a, 0x7c,
-      0xc3, 0xbb, 0x10, 0xca, 0x31, 0x3f, 0x97, 0x7a,
-      0xa9, 0xcc, 0xc1, 0x92, 0x28, 0xdb, 0xe1, 0x39,
-      0xb0, 0xc2, 0xd9, 0xf1, 0xf4, 0x1d, 0x83, 0x1b },
     { 0xff, 0xdc, 0x6b, 0x85, 0xfe, 0x7b, 0x10, 0x83,
       0xb5, 0x41, 0x6f, 0x80, 0x6f, 0xc2, 0x44, 0xb9,
       0xe4, 0xdf, 0x42, 0x99, 0xfb, 0xe3, 0xf6, 0x81,
@@ -2652,10 +2276,6 @@ const uint8_t kCNNICEVWhitelist[][crypto::kSHA256Length] = {
       0xb2, 0x7c, 0x6a, 0x62, 0xe3, 0xc4, 0x23, 0x5b,
       0xd8, 0x3c, 0xc5, 0xe0, 0x06, 0xe9, 0x2a, 0x55,
       0xe4, 0xa9, 0x86, 0xe6, 0x30, 0x53, 0x57, 0xe3 },
-    { 0xb2, 0xba, 0x3b, 0x49, 0xb8, 0xe5, 0x84, 0x51,
-      0x81, 0x6b, 0x10, 0x83, 0x6c, 0x4f, 0x1c, 0xa6,
-      0xa3, 0x39, 0x37, 0xce, 0xb8, 0xf0, 0xc0, 0x4b,
-      0x9f, 0x75, 0x8c, 0x5e, 0xb4, 0x78, 0x41, 0x1f },
     { 0xb5, 0xef, 0x42, 0xc4, 0xbc, 0xed, 0xf1, 0x7b,
       0xec, 0xc7, 0x5b, 0xf4, 0x63, 0x66, 0x49, 0xce,
       0xbf, 0xf8, 0x71, 0x1b, 0xce, 0xff, 0xfa, 0x69,
@@ -2676,10 +2296,6 @@ const uint8_t kCNNICEVWhitelist[][crypto::kSHA256Length] = {
       0x23, 0xb9, 0xa9, 0x60, 0xb5, 0xe9, 0x67, 0x0c,
       0xcc, 0x34, 0x6d, 0x89, 0x93, 0x8f, 0xfa, 0x5d,
       0xf7, 0x98, 0x65, 0xe4, 0x13, 0xd6, 0x31, 0x54 },
-    { 0xf3, 0xcb, 0x8e, 0xa4, 0xe8, 0xf2, 0xa7, 0x00,
-      0x9c, 0x23, 0x3a, 0x64, 0x88, 0x71, 0xdb, 0x46,
-      0x04, 0xd5, 0x45, 0x4b, 0xc5, 0x55, 0x9e, 0x9b,
-      0xf1, 0xbb, 0x2e, 0xb0, 0x00, 0x99, 0x3b, 0xdf },
 };
 
 const PublicKeyWhitelist kBuiltinWhitelist[] = {
diff --git a/chromium/net/cert/cert_verify_proc_win.cc b/chromium/net/cert/cert_verify_proc_win.cc
index e485e3d2cf2..bb1b4813ece 100644
--- a/chromium/net/cert/cert_verify_proc_win.cc
+++ b/chromium/net/cert/cert_verify_proc_win.cc
@@ -4,11 +4,11 @@
 
 #include "net/cert/cert_verify_proc_win.h"
 
+#include <memory>
 #include <string>
 #include <vector>
 
 #include "base/memory/free_deleter.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/sha1.h"
 #include "base/strings/string_util.h"
 #include "base/strings/utf_string_conversions.h"
@@ -61,10 +61,10 @@ struct FreeCertContextFunctor {
 typedef crypto::ScopedCAPIHandle<HCERTCHAINENGINE, FreeChainEngineFunctor>
     ScopedHCERTCHAINENGINE;
 
-typedef scoped_ptr<const CERT_CHAIN_CONTEXT, FreeCertChainContextFunctor>
+typedef std::unique_ptr<const CERT_CHAIN_CONTEXT, FreeCertChainContextFunctor>
     ScopedPCCERT_CHAIN_CONTEXT;
 
-typedef scoped_ptr<const CERT_CONTEXT, FreeCertContextFunctor>
+typedef std::unique_ptr<const CERT_CONTEXT, FreeCertContextFunctor>
     ScopedPCCERT_CONTEXT;
 
 //-----------------------------------------------------------------------------
@@ -199,7 +199,8 @@ bool CertSubjectCommonNameHasNull(PCCERT_CONTEXT cert) {
                            &name_info,
                            &name_info_size);
   if (rv) {
-    scoped_ptr<CERT_NAME_INFO, base::FreeDeleter> scoped_name_info(name_info);
+    std::unique_ptr<CERT_NAME_INFO, base::FreeDeleter> scoped_name_info(
+        name_info);
 
     // The Subject field may have multiple common names.  According to the
     // "PKI Layer Cake" paper, CryptoAPI uses every common name in the
@@ -359,7 +360,7 @@ void GetCertChainInfo(PCCERT_CHAIN_CONTEXT chain_context,
 // structure and stores it in *output.
 void GetCertPoliciesInfo(
     PCCERT_CONTEXT cert,
-    scoped_ptr<CERT_POLICIES_INFO, base::FreeDeleter>* output) {
+    std::unique_ptr<CERT_POLICIES_INFO, base::FreeDeleter>* output) {
   PCERT_EXTENSION extension = CertFindExtension(szOID_CERT_POLICIES,
                                                 cert->pCertInfo->cExtension,
                                                 cert->pCertInfo->rgExtension);
@@ -470,7 +471,7 @@ CRLSetResult CheckRevocationWithCRLSet(CRLSet* crl_set,
   // Compute the subject's serial.
   const CRYPT_INTEGER_BLOB* serial_blob =
       &subject_cert->pCertInfo->SerialNumber;
-  scoped_ptr<uint8_t[]> serial_bytes(new uint8_t[serial_blob->cbData]);
+  std::unique_ptr<uint8_t[]> serial_bytes(new uint8_t[serial_blob->cbData]);
   // The bytes of the serial number are stored little-endian.
   // Note: While MSDN implies that bytes are stripped from this serial,
   // they are not - only CertCompareIntegerBlob actually removes bytes.
@@ -908,7 +909,7 @@ int CertVerifyProcWin::VerifyInternal(
       const_cast<LPSTR*>(usage);
 
   // Get the certificatePolicies extension of the certificate.
-  scoped_ptr<CERT_POLICIES_INFO, base::FreeDeleter> policies_info;
+  std::unique_ptr<CERT_POLICIES_INFO, base::FreeDeleter> policies_info;
   LPSTR ev_policy_oid = NULL;
   if (flags & CertVerifier::VERIFY_EV_CERT) {
     GetCertPoliciesInfo(cert_handle, &policies_info);
diff --git a/chromium/net/cert/client_cert_verifier.h b/chromium/net/cert/client_cert_verifier.h
index 8060a028ecb..7aeffbc8353 100644
--- a/chromium/net/cert/client_cert_verifier.h
+++ b/chromium/net/cert/client_cert_verifier.h
@@ -5,8 +5,9 @@
 #ifndef NET_CERT_CLIENT_CERT_VERIFIER_H_
 #define NET_CERT_CLIENT_CERT_VERIFIER_H_
 
+#include <memory>
+
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/completion_callback.h"
 #include "net/base/net_export.h"
 
@@ -34,7 +35,7 @@ class NET_EXPORT ClientCertVerifier {
   // Returns OK if successful or an error code upon failure.
   virtual int Verify(X509Certificate* cert,
                      const CompletionCallback& callback,
-                     scoped_ptr<Request>* out_req) = 0;
+                     std::unique_ptr<Request>* out_req) = 0;
 };
 
 }  // namespace net
diff --git a/chromium/net/cert/crl_set.cc b/chromium/net/cert/crl_set.cc
index bc2cecb2c77..f20e2ec2830 100644
--- a/chromium/net/cert/crl_set.cc
+++ b/chromium/net/cert/crl_set.cc
@@ -44,7 +44,7 @@ CRLSet::Result CRLSet::CheckSerial(
   while (serial.size() > 1 && serial[0] == 0x00)
     serial.remove_prefix(1);
 
-  base::hash_map<std::string, size_t>::const_iterator crl_index =
+  std::unordered_map<std::string, size_t>::const_iterator crl_index =
       crls_index_by_issuer_.find(issuer_spki_hash.as_string());
   if (crl_index == crls_index_by_issuer_.end())
     return UNKNOWN;
diff --git a/chromium/net/cert/crl_set.h b/chromium/net/cert/crl_set.h
index 2a84d2ae17c..d56d7b3f4bd 100644
--- a/chromium/net/cert/crl_set.h
+++ b/chromium/net/cert/crl_set.h
@@ -9,10 +9,10 @@
 #include <stdint.h>
 
 #include <string>
+#include <unordered_map>
 #include <utility>
 #include <vector>
 
-#include "base/containers/hash_tables.h"
 #include "base/memory/ref_counted.h"
 #include "base/strings/string_piece.h"
 #include "net/base/net_export.h"
@@ -94,7 +94,7 @@ class NET_EXPORT CRLSet : public base::RefCountedThreadSafe<CRLSet> {
   // where the information for that issuer can be found. We have both |crls_|
   // and |crls_index_by_issuer_| because, when applying a delta update, we need
   // to identify a CRL by index.
-  base::hash_map<std::string, size_t> crls_index_by_issuer_;
+  std::unordered_map<std::string, size_t> crls_index_by_issuer_;
   // blocked_spkis_ contains the SHA256 hashes of SPKIs which are to be blocked
   // no matter where in a certificate chain they might appear.
   std::vector<std::string> blocked_spkis_;
diff --git a/chromium/net/cert/crl_set_storage.cc b/chromium/net/cert/crl_set_storage.cc
index fe3e70abd8c..a4e3fd122cd 100644
--- a/chromium/net/cert/crl_set_storage.cc
+++ b/chromium/net/cert/crl_set_storage.cc
@@ -4,10 +4,11 @@
 
 #include "net/cert/crl_set_storage.h"
 
+#include <memory>
+
 #include "base/base64.h"
 #include "base/format_macros.h"
 #include "base/json/json_reader.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/numerics/safe_conversions.h"
 #include "base/strings/stringprintf.h"
 #include "base/trace_event/trace_event.h"
@@ -126,7 +127,7 @@ static base::DictionaryValue* ReadHeader(base::StringPiece* data) {
   const base::StringPiece header_bytes(data->data(), header_len);
   data->remove_prefix(header_len);
 
-  scoped_ptr<base::Value> header =
+  std::unique_ptr<base::Value> header =
       base::JSONReader::Read(header_bytes, base::JSON_ALLOW_TRAILING_COMMAS);
   if (header.get() == NULL)
     return NULL;
@@ -304,7 +305,7 @@ bool CRLSetStorage::Parse(base::StringPiece data,
   #error assumes little endian
 #endif
 
-  scoped_ptr<base::DictionaryValue> header_dict(ReadHeader(&data));
+  std::unique_ptr<base::DictionaryValue> header_dict(ReadHeader(&data));
   if (!header_dict.get())
     return false;
 
@@ -366,7 +367,7 @@ bool CRLSetStorage::ApplyDelta(const CRLSet* in_crl_set,
                                const base::StringPiece& delta_bytes,
                                scoped_refptr<CRLSet>* out_crl_set) {
   base::StringPiece data(delta_bytes);
-  scoped_ptr<base::DictionaryValue> header_dict(ReadHeader(&data));
+  std::unique_ptr<base::DictionaryValue> header_dict(ReadHeader(&data));
   if (!header_dict.get())
     return false;
 
@@ -461,7 +462,7 @@ bool CRLSetStorage::ApplyDelta(const CRLSet* in_crl_set,
 bool CRLSetStorage::GetIsDeltaUpdate(const base::StringPiece& bytes,
                                      bool* is_delta) {
   base::StringPiece data(bytes);
-  scoped_ptr<base::DictionaryValue> header_dict(ReadHeader(&data));
+  std::unique_ptr<base::DictionaryValue> header_dict(ReadHeader(&data));
   if (!header_dict.get())
     return false;
 
diff --git a/chromium/net/cert/ct_known_logs.cc b/chromium/net/cert/ct_known_logs.cc
index eddeb55a8a9..0602581708e 100644
--- a/chromium/net/cert/ct_known_logs.cc
+++ b/chromium/net/cert/ct_known_logs.cc
@@ -4,12 +4,16 @@
 
 #include "net/cert/ct_known_logs.h"
 
+#include <stddef.h>
+#include <string.h>
+
 #include <algorithm>
+#include <iterator>
 
 #include "base/logging.h"
 #include "base/macros.h"
+#include "base/time/time.h"
 #include "crypto/sha2.h"
-#include "net/cert/ct_known_logs_static.h"
 
 #if !defined(OS_NACL)
 #include "net/cert/ct_log_verifier.h"
@@ -21,9 +25,7 @@ namespace ct {
 
 namespace {
 
-int log_ids_compare(const char* log_id, const char* lookup_id) {
-  return strncmp(log_id, lookup_id, crypto::kSHA256Length) < 0;
-}
+#include "net/cert/ct_known_logs_static-inc.h"
 
 }  // namespace
 
@@ -31,10 +33,21 @@ int log_ids_compare(const char* log_id, const char* lookup_id) {
 std::vector<scoped_refptr<const CTLogVerifier>>
 CreateLogVerifiersForKnownLogs() {
   std::vector<scoped_refptr<const CTLogVerifier>> verifiers;
-  for (size_t i = 0; i < arraysize(kCTLogList); ++i) {
-    const CTLogInfo& log(kCTLogList[i]);
+
+  // Add all qualified logs.
+  for (const auto& log : kCTLogList) {
     base::StringPiece key(log.log_key, log.log_key_length);
+    verifiers.push_back(CTLogVerifier::Create(key, log.log_name, log.log_url));
+    // Make sure no null logs enter verifiers. Parsing of all known logs should
+    // succeed.
+    CHECK(verifiers.back().get());
+  }
 
+  // Add all disqualified logs. Callers are expected to filter verified SCTs
+  // via IsLogQualified().
+  for (const auto& disqualified_log : kDisqualifiedCTLogList) {
+    const CTLogInfo& log = disqualified_log.log_info;
+    base::StringPiece key(log.log_key, log.log_key_length);
     verifiers.push_back(CTLogVerifier::Create(key, log.log_name, log.log_url));
     // Make sure no null logs enter verifiers. Parsing of all known logs should
     // succeed.
@@ -46,19 +59,31 @@ CreateLogVerifiersForKnownLogs() {
 #endif
 
 bool IsLogOperatedByGoogle(base::StringPiece log_id) {
-  // No callers should provide a log_id that's not of the expected length
-  // (log IDs are SHA-256 hashes of the key and are always 32 bytes).
-  // Without this DCHECK (i.e. in production) this function would always
-  // return false.
-  DCHECK_EQ(log_id.size(), arraysize(kGoogleLogIDs[0]) - 1);
-
-  auto p = std::lower_bound(kGoogleLogIDs, kGoogleLogIDs + kNumGoogleLogs,
-                            log_id.data(), &log_ids_compare);
-  if ((p == kGoogleLogIDs + kNumGoogleLogs) ||
-      log_id != base::StringPiece(*p, crypto::kSHA256Length)) {
+  CHECK_EQ(log_id.size(), crypto::kSHA256Length);
+
+  return std::binary_search(std::begin(kGoogleLogIDs), std::end(kGoogleLogIDs),
+                            log_id.data(), [](const char* a, const char* b) {
+                              return memcmp(a, b, crypto::kSHA256Length) < 0;
+                            });
+}
+
+bool IsLogDisqualified(base::StringPiece log_id,
+                       base::Time* disqualification_date) {
+  CHECK_EQ(log_id.size(), arraysize(kDisqualifiedCTLogList[0].log_id) - 1);
+
+  auto p = std::lower_bound(
+      std::begin(kDisqualifiedCTLogList), std::end(kDisqualifiedCTLogList),
+      log_id.data(),
+      [](const DisqualifiedCTLogInfo& disqualified_log, const char* log_id) {
+        return memcmp(disqualified_log.log_id, log_id, crypto::kSHA256Length) <
+               0;
+      });
+  if (p == std::end(kDisqualifiedCTLogList) ||
+      memcmp(p->log_id, log_id.data(), crypto::kSHA256Length) != 0) {
     return false;
   }
 
+  *disqualification_date = base::Time::UnixEpoch() + p->disqualification_date;
   return true;
 }
 
diff --git a/chromium/net/cert/ct_known_logs.h b/chromium/net/cert/ct_known_logs.h
index 48904c2cc54..cbc4b2c6fb2 100644
--- a/chromium/net/cert/ct_known_logs.h
+++ b/chromium/net/cert/ct_known_logs.h
@@ -12,6 +12,10 @@
 #include "build/build_config.h"
 #include "net/base/net_export.h"
 
+namespace base {
+class Time;
+}  // namespace base
+
 namespace net {
 
 class CTLogVerifier;
@@ -20,13 +24,26 @@ namespace ct {
 
 #if !defined(OS_NACL)
 // CreateLogVerifiersForKnownLogs returns a vector of CT logs for all the known
-// and trusted logs.
+// logs. This set includes logs that are presently qualified for inclusion and
+// logs which were previously qualifying, but have since been disqualified. To
+// determine the status of a given log, use |IsLogDisqualified()|.
 NET_EXPORT std::vector<scoped_refptr<const CTLogVerifier>>
 CreateLogVerifiersForKnownLogs();
 #endif
 
+// Returns true if the log identified by |log_id| (the SHA-256 hash of the
+// log's DER-encoded SPKI) is operated by Google.
 NET_EXPORT bool IsLogOperatedByGoogle(base::StringPiece log_id);
 
+// Returns true if the log identified by |log_id| (the SHA-256 hash of the
+// log's DER-encoded SPKI) has been disqualified, and sets
+// |*disqualification_date| to the date of disqualification. Any SCTs that
+// are embedded in certificates issued after |*disqualification_date| should
+// not be trusted, nor contribute to any uniqueness or freshness
+// requirements.
+NET_EXPORT bool IsLogDisqualified(base::StringPiece log_id,
+                                  base::Time* disqualification_date);
+
 }  // namespace ct
 
 }  // namespace net
diff --git a/chromium/net/cert/ct_known_logs_static.h b/chromium/net/cert/ct_known_logs_static-inc.h
index 8452ece5c37..1a244687e6c 100644
--- a/chromium/net/cert/ct_known_logs_static.h
+++ b/chromium/net/cert/ct_known_logs_static-inc.h
@@ -2,19 +2,20 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-// This file is generated by print_log_list.py
-#ifndef NET_CERT_CT_KNOWN_LOGS_STATIC_H_
-#define NET_CERT_CT_KNOWN_LOGS_STATIC_H_
-
-#include <stddef.h>
-
 struct CTLogInfo {
+  // The DER-encoded SubjectPublicKeyInfo for the log.
   const char* const log_key;
+  // The length, in bytes, of |log_key|.
   const size_t log_key_length;
+  // The user-friendly log name.
+  // Note: This will not be translated.
   const char* const log_name;
+  // The API endpoint for the log.
+  // Note: Trailing slashes should be included.
   const char* const log_url;
 };
 
+// The set of all presently-qualifying CT logs.
 const CTLogInfo kCTLogList[] = {
     {"\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86"
      "\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x7d\xa8\x4b\x12\x29\x80\xa3"
@@ -22,63 +23,35 @@ const CTLogInfo kCTLogList[] = {
      "\x0c\xe8\x41\x46\xe8\x81\x01\x1b\x15\xe1\x4b\xf1\x1b\x62\xdd\x36\x0a"
      "\x08\x18\xba\xed\x0b\x35\x84\xd0\x9e\x40\x3c\x2d\x9e\x9b\x82\x65\xbd"
      "\x1f\x04\x10\x41\x4c\xa0",
-     91,
-     "Google 'Pilot' log",
-     "https://ct.googleapis.com/pilot/"},
+     91, "Google 'Pilot' log", "https://ct.googleapis.com/pilot/"},
     {"\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86"
      "\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xd7\xf4\xcc\x69\xb2\xe4\x0e"
      "\x90\xa3\x8a\xea\x5a\x70\x09\x4f\xef\x13\x62\xd0\x8d\x49\x60\xff\x1b"
      "\x40\x50\x07\x0c\x6d\x71\x86\xda\x25\x49\x8d\x65\xe1\x08\x0d\x47\x34"
      "\x6b\xbd\x27\xbc\x96\x21\x3e\x34\xf5\x87\x76\x31\xb1\x7f\x1d\xc9\x85"
      "\x3b\x0d\xf7\x1f\x3f\xe9",
-     91,
-     "Google 'Aviator' log",
-     "https://ct.googleapis.com/aviator/"},
+     91, "Google 'Aviator' log", "https://ct.googleapis.com/aviator/"},
     {"\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86"
      "\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x02\x46\xc5\xbe\x1b\xbb\x82"
      "\x40\x16\xe8\xc1\xd2\xac\x19\x69\x13\x59\xf8\xf8\x70\x85\x46\x40\xb9"
      "\x38\xb0\x23\x82\xa8\x64\x4c\x7f\xbf\xbb\x34\x9f\x4a\x5f\x28\x8a\xcf"
      "\x19\xc4\x00\xf6\x36\x06\x93\x65\xed\x4c\xf5\xa9\x21\x62\x5a\xd8\x91"
      "\xeb\x38\x24\x40\xac\xe8",
-     91,
-     "DigiCert Log Server",
-     "https://ct1.digicert-ct.com/log/"},
+     91, "DigiCert Log Server", "https://ct1.digicert-ct.com/log/"},
     {"\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86"
      "\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x20\x5b\x18\xc8\x3c\xc1\x8b"
      "\xb3\x31\x08\x00\xbf\xa0\x90\x57\x2b\xb7\x47\x8c\x6f\xb5\x68\xb0\x8e"
      "\x90\x78\xe9\xa0\x73\xea\x4f\x28\x21\x2e\x9c\xc0\xf4\x16\x1b\xaa\xf9"
      "\xd5\xd7\xa9\x80\xc3\x4e\x2f\x52\x3c\x98\x01\x25\x46\x24\x25\x28\x23"
      "\x77\x2d\x05\xc2\x40\x7a",
-     91,
-     "Google 'Rocketeer' log",
-     "https://ct.googleapis.com/rocketeer/"},
-    {"\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86"
-     "\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x0b\x23\xcb\x85\x62\x98\x61"
-     "\x48\x04\x73\xeb\x54\x5d\xf3\xd0\x07\x8c\x2d\x19\x2d\x8c\x36\xf5\xeb"
-     "\x8f\x01\x42\x0a\x7c\x98\x26\x27\xc1\xb5\xdd\x92\x93\xb0\xae\xf8\x9b"
-     "\x3d\x0c\xd8\x4c\x4e\x1d\xf9\x15\xfb\x47\x68\x7b\xba\x66\xb7\x25\x9c"
-     "\xd0\x4a\xc2\x66\xdb\x48",
-     91,
-     "Certly.IO log",
-     "https://log.certly.io/"},
-    {"\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86"
-     "\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x27\x64\x39\x0c\x2d\xdc\x50"
-     "\x18\xf8\x21\x00\xa2\x0e\xed\x2c\xea\x3e\x75\xba\x9f\x93\x64\x09\x00"
-     "\x11\xc4\x11\x17\xab\x5c\xcf\x0f\x74\xac\xb5\x97\x90\x93\x00\x5b\xb8"
-     "\xeb\xf7\x27\x3d\xd9\xb2\x0a\x81\x5f\x2f\x0d\x75\x38\x94\x37\x99\x1e"
-     "\xf6\x07\x76\xe0\xee\xbe",
-     91,
-     "Izenpe log",
-     "https://ct.izenpe.com/"},
+     91, "Google 'Rocketeer' log", "https://ct.googleapis.com/rocketeer/"},
     {"\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86"
      "\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x96\xea\xac\x1c\x46\x0c\x1b"
      "\x55\xdc\x0d\xfc\xb5\x94\x27\x46\x57\x42\x70\x3a\x69\x18\xe2\xbf\x3b"
      "\xc4\xdb\xab\xa0\xf4\xb6\x6c\xc0\x53\x3f\x4d\x42\x10\x33\xf0\x58\x97"
      "\x8f\x6b\xbe\x72\xf4\x2a\xec\x1c\x42\xaa\x03\x2f\x1a\x7e\x28\x35\x76"
      "\x99\x08\x3d\x21\x14\x86",
-     91,
-     "Symantec log",
-     "https://ct.ws.symantec.com/"},
+     91, "Symantec log", "https://ct.ws.symantec.com/"},
     {"\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01"
      "\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xa2"
      "\x5a\x48\x1f\x17\x52\x95\x35\xcb\xa3\x5b\x3a\x1f\x53\x82\x76\x94\xa3"
@@ -97,20 +70,58 @@ const CTLogInfo kCTLogList[] = {
      "\x05\xbf\x5f\xae\x94\x97\xdb\x5f\x64\xd4\xee\x16\x8b\xa3\x84\x6c\x71"
      "\x2b\xf1\xab\x7f\x5d\x0d\x32\xee\x04\xe2\x90\xec\x41\x9f\xfb\x39\xc1"
      "\x02\x03\x01\x00\x01",
-     294,
-     "Venafi log",
-     "https://ctlog.api.venafi.com/"},
+     294, "Venafi log", "https://ctlog.api.venafi.com/"},
     {"\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86"
      "\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xea\x95\x9e\x02\xff\xee\xf1"
      "\x33\x6d\x4b\x87\xbc\xcd\xfd\x19\x17\x62\xff\x94\xd3\xd0\x59\x07\x3f"
      "\x02\x2d\x1c\x90\xfe\xc8\x47\x30\x3b\xf1\xdd\x0d\xb8\x11\x0c\x5d\x1d"
      "\x86\xdd\xab\xd3\x2b\x46\x66\xfb\x6e\x65\xb7\x3b\xfd\x59\x68\xac\xdf"
      "\xa6\xf8\xce\xd2\x18\x4d",
-     91,
-     "Symantec 'Vega' log",
-     "https://vega.ws.symantec.com/"}};
+     91, "Symantec 'Vega' log", "https://vega.ws.symantec.com/"}};
+
+// Information related to previously-qualified, but now disqualified, CT
+// logs.
+struct DisqualifiedCTLogInfo {
+  // The ID of the log (the SHA-256 hash of |log_info.log_key|.
+  const char log_id[33];
 
-const size_t kNumKnownCTLogs = 9;
+  const CTLogInfo log_info;
+
+  // The offset from the Unix Epoch of when the log was disqualified.
+  // SCTs embedded in pre-certificates after this date should not count
+  // towards any uniqueness/freshness requirements.
+  const base::TimeDelta disqualification_date;
+};
+
+// The set of all disqualified logs, sorted by |log_id|.
+const DisqualifiedCTLogInfo kDisqualifiedCTLogList[] = {
+    {
+        "\x74\x61\xb4\xa0\x9c\xfb\x3d\x41\xd7\x51\x59\x57\x5b\x2e\x76\x49\xa4"
+        "\x45\xa8\xd2\x77\x09\xb0\xcc\x56\x4a\x64\x82\xb7\xeb\x41\xa3",
+        {"\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86"
+         "\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x27\x64\x39\x0c\x2d\xdc\x50"
+         "\x18\xf8\x21\x00\xa2\x0e\xed\x2c\xea\x3e\x75\xba\x9f\x93\x64\x09\x00"
+         "\x11\xc4\x11\x17\xab\x5c\xcf\x0f\x74\xac\xb5\x97\x90\x93\x00\x5b\xb8"
+         "\xeb\xf7\x27\x3d\xd9\xb2\x0a\x81\x5f\x2f\x0d\x75\x38\x94\x37\x99\x1e"
+         "\xf6\x07\x76\xe0\xee\xbe",
+         91, "Izenpe log", "https://ct.izenpe.com/"},
+        // 2016-05-30 00:00:00 UTC
+        base::TimeDelta::FromSeconds(1464566400),
+    },
+    {
+        "\xcd\xb5\x17\x9b\x7f\xc1\xc0\x46\xfe\xea\x31\x13\x6a\x3f\x8f\x00\x2e"
+        "\x61\x82\xfa\xf8\x89\x6f\xec\xc8\xb2\xf5\xb5\xab\x60\x49\x00",
+        {"\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86"
+         "\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x0b\x23\xcb\x85\x62\x98\x61"
+         "\x48\x04\x73\xeb\x54\x5d\xf3\xd0\x07\x8c\x2d\x19\x2d\x8c\x36\xf5\xeb"
+         "\x8f\x01\x42\x0a\x7c\x98\x26\x27\xc1\xb5\xdd\x92\x93\xb0\xae\xf8\x9b"
+         "\x3d\x0c\xd8\x4c\x4e\x1d\xf9\x15\xfb\x47\x68\x7b\xba\x66\xb7\x25\x9c"
+         "\xd0\x4a\xc2\x66\xdb\x48",
+         91, "Certly.IO log", "https://log.certly.io/"},
+        // 2016-04-15 00:00:00 UTC
+        base::TimeDelta::FromSeconds(1460678400),
+    },
+};
 
 // The list is sorted.
 const char kGoogleLogIDs[][33] = {
@@ -120,7 +131,3 @@ const char kGoogleLogIDs[][33] = {
     "\x35\x98\x04\xf9\x1b\xdf\xb8\xe3\x77\xcd\x0e\xc8\x0d\xdc\x10",
     "\xee\x4b\xbd\xb7\x75\xce\x60\xba\xe1\x42\x69\x1f\xab\xe1\x9e\x66\xa3"
     "\x0f\x7e\x5f\xb0\x72\xd8\x83\x00\xc4\x7b\x89\x7a\xa8\xfd\xcb"};
-
-const size_t kNumGoogleLogs = 3;
-
-#endif  // NET_CERT_CT_KNOWN_LOGS_STATIC_H_
diff --git a/chromium/net/cert/ct_known_logs_unittest.cc b/chromium/net/cert/ct_known_logs_unittest.cc
new file mode 100644
index 00000000000..f5e937a66fa
--- /dev/null
+++ b/chromium/net/cert/ct_known_logs_unittest.cc
@@ -0,0 +1,38 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <stddef.h>
+#include <stdint.h>
+#include <string.h>
+
+#include <algorithm>
+
+#include "base/time/time.h"
+#include "crypto/sha2.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace net {
+
+namespace {
+
+#include "net/cert/ct_known_logs_static-inc.h"
+
+}  // namespace
+
+TEST(CTKnownLogsTest, GoogleIDsAreSorted) {
+  ASSERT_TRUE(std::is_sorted(std::begin(kGoogleLogIDs), std::end(kGoogleLogIDs),
+                             [](const char* a, const char* b) {
+                               return memcmp(a, b, crypto::kSHA256Length) < 0;
+                             }));
+}
+
+TEST(CTKnownLogsTest, DisallowedLogsAreSortedByLogID) {
+  ASSERT_TRUE(std::is_sorted(
+      std::begin(kDisqualifiedCTLogList), std::end(kDisqualifiedCTLogList),
+      [](const DisqualifiedCTLogInfo& a, const DisqualifiedCTLogInfo& b) {
+        return memcmp(a.log_id, b.log_id, crypto::kSHA256Length) < 0;
+      }));
+}
+
+}  // namespace net
diff --git a/chromium/net/cert/ct_log_response_parser_unittest.cc b/chromium/net/cert/ct_log_response_parser_unittest.cc
index 8084a283e64..110a432aaa4 100644
--- a/chromium/net/cert/ct_log_response_parser_unittest.cc
+++ b/chromium/net/cert/ct_log_response_parser_unittest.cc
@@ -4,11 +4,11 @@
 
 #include "net/cert/ct_log_response_parser.h"
 
+#include <memory>
 #include <string>
 
 #include "base/base64.h"
 #include "base/json/json_reader.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/stringprintf.h"
 #include "base/time/time.h"
 #include "base/values.h"
@@ -22,14 +22,15 @@ namespace net {
 namespace ct {
 
 namespace {
-scoped_ptr<base::Value> ParseJson(const std::string& json) {
+std::unique_ptr<base::Value> ParseJson(const std::string& json) {
   base::JSONReader json_reader;
   return json_reader.Read(json);
 }
 }
 
 TEST(CTLogResponseParserTest, ParsesValidJsonSTH) {
-  scoped_ptr<base::Value> sample_sth_json = ParseJson(GetSampleSTHAsJson());
+  std::unique_ptr<base::Value> sample_sth_json =
+      ParseJson(GetSampleSTHAsJson());
   SignedTreeHead tree_head;
   EXPECT_TRUE(FillSignedTreeHead(*sample_sth_json.get(), &tree_head));
 
@@ -59,14 +60,14 @@ TEST(CTLogResponseParserTest, ParsesValidJsonSTH) {
 }
 
 TEST(CTLogResponseParserTest, FailsToParseMissingFields) {
-  scoped_ptr<base::Value> missing_signature_sth = ParseJson(
+  std::unique_ptr<base::Value> missing_signature_sth = ParseJson(
       CreateSignedTreeHeadJsonString(1 /* tree_size */, 123456u /* timestamp */,
                                      GetSampleSTHSHA256RootHash(), ""));
 
   SignedTreeHead tree_head;
   ASSERT_FALSE(FillSignedTreeHead(*missing_signature_sth.get(), &tree_head));
 
-  scoped_ptr<base::Value> missing_root_hash_sth = ParseJson(
+  std::unique_ptr<base::Value> missing_root_hash_sth = ParseJson(
       CreateSignedTreeHeadJsonString(1 /* tree_size */, 123456u /* timestamp */,
                                      "", GetSampleSTHTreeHeadSignature()));
   ASSERT_FALSE(FillSignedTreeHead(*missing_root_hash_sth.get(), &tree_head));
@@ -79,7 +80,7 @@ TEST(CTLogResponseParserTest, FailsToParseIncorrectLengthRootHash) {
   base::Base64Decode(
       base::StringPiece("/WHFMgXtI/umKKuACJIN0Bb73TcILm9WkeU6qszvoArK\n"),
       &too_long_hash);
-  scoped_ptr<base::Value> too_long_hash_json =
+  std::unique_ptr<base::Value> too_long_hash_json =
       ParseJson(CreateSignedTreeHeadJsonString(
           1 /* tree_size */, 123456u /* timestamp */,
           GetSampleSTHSHA256RootHash(), too_long_hash));
@@ -89,7 +90,7 @@ TEST(CTLogResponseParserTest, FailsToParseIncorrectLengthRootHash) {
   base::Base64Decode(
       base::StringPiece("/WHFMgXtI/umKKuACJIN0Bb73TcILm9WkeU6qszvoA==\n"),
       &too_short_hash);
-  scoped_ptr<base::Value> too_short_hash_json =
+  std::unique_ptr<base::Value> too_short_hash_json =
       ParseJson(CreateSignedTreeHeadJsonString(
           1 /* tree_size */, 123456u /* timestamp */,
           GetSampleSTHSHA256RootHash(), too_short_hash));
@@ -99,7 +100,7 @@ TEST(CTLogResponseParserTest, FailsToParseIncorrectLengthRootHash) {
 TEST(CTLogResponseParserTest, ParsesJsonSTHWithLargeTimestamp) {
   SignedTreeHead tree_head;
 
-  scoped_ptr<base::Value> large_timestamp_json =
+  std::unique_ptr<base::Value> large_timestamp_json =
       ParseJson(CreateSignedTreeHeadJsonString(
           100, INT64_C(1) << 34, GetSampleSTHSHA256RootHash(),
           GetSampleSTHTreeHeadSignature()));
@@ -122,7 +123,7 @@ TEST(CTLogResponseParserTest, ParsesConsistencyProofSuccessfully) {
   raw_nodes.push_back(first);
   raw_nodes.push_back(second);
   raw_nodes.push_back(third);
-  scoped_ptr<base::Value> sample_consistency_proof =
+  std::unique_ptr<base::Value> sample_consistency_proof =
       ParseJson(CreateConsistencyProofJsonString(raw_nodes));
 
   std::vector<std::string> output;
@@ -137,25 +138,26 @@ TEST(CTLogResponseParserTest, ParsesConsistencyProofSuccessfully) {
 TEST(CTLogResponseParserTest, FailsOnInvalidProofJson) {
   std::vector<std::string> output;
 
-  scoped_ptr<base::Value> badly_encoded =
+  std::unique_ptr<base::Value> badly_encoded =
       ParseJson(std::string("{\"consistency\": [\"notbase64\"]}"));
   EXPECT_FALSE(FillConsistencyProof(*badly_encoded.get(), &output));
 
-  scoped_ptr<base::Value> not_a_string =
+  std::unique_ptr<base::Value> not_a_string =
       ParseJson(std::string("{\"consistency\": [42, 16]}"));
   EXPECT_FALSE(FillConsistencyProof(*badly_encoded.get(), &output));
 
-  scoped_ptr<base::Value> missing_consistency = ParseJson(std::string("{}"));
+  std::unique_ptr<base::Value> missing_consistency =
+      ParseJson(std::string("{}"));
   EXPECT_FALSE(FillConsistencyProof(*missing_consistency.get(), &output));
 
-  scoped_ptr<base::Value> not_a_dict = ParseJson(std::string("[]"));
+  std::unique_ptr<base::Value> not_a_dict = ParseJson(std::string("[]"));
   EXPECT_FALSE(FillConsistencyProof(*not_a_dict.get(), &output));
 }
 
 TEST(CTLogResponseParserTest, ParsesProofJsonWithExtraFields) {
   std::vector<std::string> output;
 
-  scoped_ptr<base::Value> badly_encoded =
+  std::unique_ptr<base::Value> badly_encoded =
       ParseJson(std::string("{\"consistency\": [], \"somethingelse\": 3}"));
   EXPECT_TRUE(FillConsistencyProof(*badly_encoded.get(), &output));
 }
diff --git a/chromium/net/cert/ct_log_verifier.cc b/chromium/net/cert/ct_log_verifier.cc
index 05f1b049057..45adabe4862 100644
--- a/chromium/net/cert/ct_log_verifier.cc
+++ b/chromium/net/cert/ct_log_verifier.cc
@@ -5,8 +5,13 @@
 #include "net/cert/ct_log_verifier.h"
 
 #include <string.h>
+#include <openssl/bytestring.h>
+#include <openssl/evp.h>
 
 #include "base/logging.h"
+#include "crypto/openssl_util.h"
+#include "crypto/scoped_openssl_types.h"
+#include "crypto/sha2.h"
 #include "net/cert/ct_log_verifier_util.h"
 #include "net/cert/ct_serialization.h"
 #include "net/cert/merkle_consistency_proof.h"
@@ -26,6 +31,27 @@ bool IsPowerOfTwo(uint64_t n) {
   return n != 0 && (n & (n - 1)) == 0;
 }
 
+const EVP_MD* GetEvpAlg(ct::DigitallySigned::HashAlgorithm alg) {
+  switch (alg) {
+    case ct::DigitallySigned::HASH_ALGO_MD5:
+      return EVP_md5();
+    case ct::DigitallySigned::HASH_ALGO_SHA1:
+      return EVP_sha1();
+    case ct::DigitallySigned::HASH_ALGO_SHA224:
+      return EVP_sha224();
+    case ct::DigitallySigned::HASH_ALGO_SHA256:
+      return EVP_sha256();
+    case ct::DigitallySigned::HASH_ALGO_SHA384:
+      return EVP_sha384();
+    case ct::DigitallySigned::HASH_ALGO_SHA512:
+      return EVP_sha512();
+    case ct::DigitallySigned::HASH_ALGO_NONE:
+    default:
+      NOTREACHED();
+      return NULL;
+  }
+}
+
 }  // namespace
 
 // static
@@ -212,4 +238,73 @@ bool CTLogVerifier::VerifyConsistencyProof(
   return fr == old_tree_hash && sr == new_tree_hash && sn == 0;
 }
 
+CTLogVerifier::~CTLogVerifier() {
+  crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
+
+  if (public_key_)
+    EVP_PKEY_free(public_key_);
+}
+
+bool CTLogVerifier::Init(const base::StringPiece& public_key) {
+  crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
+
+  CBS cbs;
+  CBS_init(&cbs, reinterpret_cast<const uint8_t*>(public_key.data()),
+           public_key.size());
+  public_key_ = EVP_parse_public_key(&cbs);
+  if (!public_key_ || CBS_len(&cbs) != 0)
+    return false;
+
+  key_id_ = crypto::SHA256HashString(public_key);
+
+  // Right now, only RSASSA-PKCS1v15 with SHA-256 and ECDSA with SHA-256 are
+  // supported.
+  switch (EVP_PKEY_type(public_key_->type)) {
+    case EVP_PKEY_RSA:
+      hash_algorithm_ = ct::DigitallySigned::HASH_ALGO_SHA256;
+      signature_algorithm_ = ct::DigitallySigned::SIG_ALGO_RSA;
+      break;
+    case EVP_PKEY_EC:
+      hash_algorithm_ = ct::DigitallySigned::HASH_ALGO_SHA256;
+      signature_algorithm_ = ct::DigitallySigned::SIG_ALGO_ECDSA;
+      break;
+    default:
+      DVLOG(1) << "Unsupported key type: " << EVP_PKEY_type(public_key_->type);
+      return false;
+  }
+
+  // Extra sanity check: Require RSA keys of at least 2048 bits.
+  // EVP_PKEY_size returns the size in bytes. 256 = 2048-bit RSA key.
+  if (signature_algorithm_ == ct::DigitallySigned::SIG_ALGO_RSA &&
+      EVP_PKEY_size(public_key_) < 256) {
+    DVLOG(1) << "Too small a public key.";
+    return false;
+  }
+
+  return true;
+}
+
+bool CTLogVerifier::VerifySignature(const base::StringPiece& data_to_sign,
+                                    const base::StringPiece& signature) const {
+  crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
+
+  const EVP_MD* hash_alg = GetEvpAlg(hash_algorithm_);
+  if (hash_alg == NULL)
+    return false;
+
+  EVP_MD_CTX ctx;
+  EVP_MD_CTX_init(&ctx);
+
+  bool ok =
+      (1 == EVP_DigestVerifyInit(&ctx, NULL, hash_alg, NULL, public_key_) &&
+       1 == EVP_DigestVerifyUpdate(&ctx, data_to_sign.data(),
+                                   data_to_sign.size()) &&
+       1 == EVP_DigestVerifyFinal(
+                &ctx, reinterpret_cast<const uint8_t*>(signature.data()),
+                signature.size()));
+
+  EVP_MD_CTX_cleanup(&ctx);
+  return ok;
+}
+
 }  // namespace net
diff --git a/chromium/net/cert/ct_log_verifier.h b/chromium/net/cert/ct_log_verifier.h
index 9f50c1423a6..fa5ba248b7d 100644
--- a/chromium/net/cert/ct_log_verifier.h
+++ b/chromium/net/cert/ct_log_verifier.h
@@ -16,11 +16,7 @@
 
 // Forward declare the crypto types to avoid having to include the full
 // headers.
-#if defined(USE_OPENSSL)
 typedef struct evp_pkey_st EVP_PKEY;
-#else
-typedef struct SECKEYPublicKeyStr SECKEYPublicKey;
-#endif
 
 namespace net {
 
@@ -98,11 +94,7 @@ class NET_EXPORT CTLogVerifier
   ct::DigitallySigned::HashAlgorithm hash_algorithm_;
   ct::DigitallySigned::SignatureAlgorithm signature_algorithm_;
 
-#if defined(USE_OPENSSL)
   EVP_PKEY* public_key_;
-#else
-  SECKEYPublicKey* public_key_;
-#endif
 };
 
 }  // namespace net
diff --git a/chromium/net/cert/ct_log_verifier_nss.cc b/chromium/net/cert/ct_log_verifier_nss.cc
deleted file mode 100644
index fec7dc832da..00000000000
--- a/chromium/net/cert/ct_log_verifier_nss.cc
+++ /dev/null
@@ -1,135 +0,0 @@
-// Copyright 2013 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "net/cert/ct_log_verifier.h"
-
-#include <cryptohi.h>
-#include <keyhi.h>
-#include <nss.h>
-#include <pk11pub.h>
-#include <secitem.h>
-#include <secoid.h>
-
-#include "base/logging.h"
-#include "crypto/nss_util.h"
-#include "crypto/sha2.h"
-#include "net/cert/signed_tree_head.h"
-
-namespace net {
-
-namespace {
-
-SECOidTag GetNSSSigAlg(ct::DigitallySigned::SignatureAlgorithm alg) {
-  switch (alg) {
-    case ct::DigitallySigned::SIG_ALGO_RSA:
-      return SEC_OID_PKCS1_RSA_ENCRYPTION;
-    case ct::DigitallySigned::SIG_ALGO_DSA:
-      return SEC_OID_ANSIX9_DSA_SIGNATURE;
-    case ct::DigitallySigned::SIG_ALGO_ECDSA:
-      return SEC_OID_ANSIX962_EC_PUBLIC_KEY;
-    case ct::DigitallySigned::SIG_ALGO_ANONYMOUS:
-    default:
-      NOTREACHED();
-      return SEC_OID_UNKNOWN;
-  }
-}
-
-SECOidTag GetNSSHashAlg(ct::DigitallySigned::HashAlgorithm alg) {
-  switch (alg) {
-    case ct::DigitallySigned::HASH_ALGO_MD5:
-      return SEC_OID_MD5;
-    case ct::DigitallySigned::HASH_ALGO_SHA1:
-      return SEC_OID_SHA1;
-    case ct::DigitallySigned::HASH_ALGO_SHA224:
-      return SEC_OID_SHA224;
-    case ct::DigitallySigned::HASH_ALGO_SHA256:
-      return SEC_OID_SHA256;
-    case ct::DigitallySigned::HASH_ALGO_SHA384:
-      return SEC_OID_SHA384;
-    case ct::DigitallySigned::HASH_ALGO_SHA512:
-      return SEC_OID_SHA512;
-    case ct::DigitallySigned::HASH_ALGO_NONE:
-    default:
-      NOTREACHED();
-      return SEC_OID_UNKNOWN;
-  }
-}
-
-}  // namespace
-
-CTLogVerifier::~CTLogVerifier() {
-  if (public_key_)
-    SECKEY_DestroyPublicKey(public_key_);
-}
-
-bool CTLogVerifier::Init(const base::StringPiece& public_key) {
-  SECItem key_data;
-
-  crypto::EnsureNSSInit();
-
-  key_data.data = reinterpret_cast<unsigned char*>(
-      const_cast<char*>(public_key.data()));
-  key_data.len = public_key.size();
-
-  CERTSubjectPublicKeyInfo* public_key_info =
-      SECKEY_DecodeDERSubjectPublicKeyInfo(&key_data);
-  if (!public_key_info) {
-    DVLOG(1) << "Failed decoding public key.";
-    return false;
-  }
-
-  public_key_ = SECKEY_ExtractPublicKey(public_key_info);
-  SECKEY_DestroySubjectPublicKeyInfo(public_key_info);
-
-  if (!public_key_) {
-    DVLOG(1) << "Failed extracting public key.";
-    return false;
-  }
-
-  key_id_ = crypto::SHA256HashString(public_key);
-
-  // Right now, only RSASSA-PKCS1v15 with SHA-256 and ECDSA with SHA-256 are
-  // supported.
-  switch (SECKEY_GetPublicKeyType(public_key_)) {
-    case rsaKey:
-      hash_algorithm_ = ct::DigitallySigned::HASH_ALGO_SHA256;
-      signature_algorithm_ = ct::DigitallySigned::SIG_ALGO_RSA;
-      break;
-    case ecKey:
-      hash_algorithm_ = ct::DigitallySigned::HASH_ALGO_SHA256;
-      signature_algorithm_ = ct::DigitallySigned::SIG_ALGO_ECDSA;
-      break;
-    default:
-      DVLOG(1) << "Unsupported key type: "
-               << SECKEY_GetPublicKeyType(public_key_);
-      return false;
-  }
-
-  // Extra sanity check: Require RSA keys of at least 2048 bits.
-  if (signature_algorithm_ == ct::DigitallySigned::SIG_ALGO_RSA &&
-      SECKEY_PublicKeyStrengthInBits(public_key_) < 2048) {
-    DVLOG(1) << "Too small a public key.";
-    return false;
-  }
-
-  return true;
-}
-
-bool CTLogVerifier::VerifySignature(const base::StringPiece& data_to_sign,
-                                    const base::StringPiece& signature) const {
-  SECItem sig_data;
-  sig_data.data = reinterpret_cast<unsigned char*>(const_cast<char*>(
-      signature.data()));
-  sig_data.len = signature.size();
-
-  SECStatus rv = VFY_VerifyDataDirect(
-      reinterpret_cast<const unsigned char*>(data_to_sign.data()),
-      data_to_sign.size(), public_key_, &sig_data,
-      GetNSSSigAlg(signature_algorithm_), GetNSSHashAlg(hash_algorithm_),
-      NULL, NULL);
-  DVLOG(1) << "Signature verification result: " << (rv == SECSuccess);
-  return rv == SECSuccess;
-}
-
-}  // namespace net
diff --git a/chromium/net/cert/ct_log_verifier_openssl.cc b/chromium/net/cert/ct_log_verifier_openssl.cc
deleted file mode 100644
index 88f9027cd03..00000000000
--- a/chromium/net/cert/ct_log_verifier_openssl.cc
+++ /dev/null
@@ -1,113 +0,0 @@
-// Copyright 2013 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "net/cert/ct_log_verifier.h"
-
-#include <openssl/bytestring.h>
-#include <openssl/evp.h>
-
-#include "base/logging.h"
-#include "crypto/openssl_util.h"
-#include "crypto/scoped_openssl_types.h"
-#include "crypto/sha2.h"
-#include "net/cert/signed_tree_head.h"
-
-namespace net {
-
-namespace {
-
-const EVP_MD* GetEvpAlg(ct::DigitallySigned::HashAlgorithm alg) {
-  switch (alg) {
-    case ct::DigitallySigned::HASH_ALGO_MD5:
-      return EVP_md5();
-    case ct::DigitallySigned::HASH_ALGO_SHA1:
-      return EVP_sha1();
-    case ct::DigitallySigned::HASH_ALGO_SHA224:
-      return EVP_sha224();
-    case ct::DigitallySigned::HASH_ALGO_SHA256:
-      return EVP_sha256();
-    case ct::DigitallySigned::HASH_ALGO_SHA384:
-      return EVP_sha384();
-    case ct::DigitallySigned::HASH_ALGO_SHA512:
-      return EVP_sha512();
-    case ct::DigitallySigned::HASH_ALGO_NONE:
-    default:
-      NOTREACHED();
-      return NULL;
-  }
-}
-
-}  // namespace
-
-CTLogVerifier::~CTLogVerifier() {
-  crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
-
-  if (public_key_)
-    EVP_PKEY_free(public_key_);
-}
-
-bool CTLogVerifier::Init(const base::StringPiece& public_key) {
-  crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
-
-  CBS cbs;
-  CBS_init(&cbs, reinterpret_cast<const uint8_t*>(public_key.data()),
-           public_key.size());
-  public_key_ = EVP_parse_public_key(&cbs);
-  if (!public_key_ || CBS_len(&cbs) != 0)
-    return false;
-
-  key_id_ = crypto::SHA256HashString(public_key);
-
-  // Right now, only RSASSA-PKCS1v15 with SHA-256 and ECDSA with SHA-256 are
-  // supported.
-  switch (EVP_PKEY_type(public_key_->type)) {
-    case EVP_PKEY_RSA:
-      hash_algorithm_ = ct::DigitallySigned::HASH_ALGO_SHA256;
-      signature_algorithm_ = ct::DigitallySigned::SIG_ALGO_RSA;
-      break;
-    case EVP_PKEY_EC:
-      hash_algorithm_ = ct::DigitallySigned::HASH_ALGO_SHA256;
-      signature_algorithm_ = ct::DigitallySigned::SIG_ALGO_ECDSA;
-      break;
-    default:
-      DVLOG(1) << "Unsupported key type: " << EVP_PKEY_type(public_key_->type);
-      return false;
-  }
-
-  // Extra sanity check: Require RSA keys of at least 2048 bits.
-  // EVP_PKEY_size returns the size in bytes. 256 = 2048-bit RSA key.
-  if (signature_algorithm_ == ct::DigitallySigned::SIG_ALGO_RSA &&
-      EVP_PKEY_size(public_key_) < 256) {
-    DVLOG(1) << "Too small a public key.";
-    return false;
-  }
-
-  return true;
-}
-
-bool CTLogVerifier::VerifySignature(const base::StringPiece& data_to_sign,
-                                    const base::StringPiece& signature) const {
-  crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
-
-  const EVP_MD* hash_alg = GetEvpAlg(hash_algorithm_);
-  if (hash_alg == NULL)
-    return false;
-
-  EVP_MD_CTX ctx;
-  EVP_MD_CTX_init(&ctx);
-
-  bool ok = (
-      1 == EVP_DigestVerifyInit(&ctx, NULL, hash_alg, NULL, public_key_) &&
-      1 == EVP_DigestVerifyUpdate(
-          &ctx, data_to_sign.data(), data_to_sign.size()) &&
-      1 == EVP_DigestVerifyFinal(
-          &ctx,
-          reinterpret_cast<const uint8_t*>(signature.data()),
-          signature.size()));
-
-  EVP_MD_CTX_cleanup(&ctx);
-  return ok;
-}
-
-}  // namespace net
diff --git a/chromium/net/cert/ct_log_verifier_util.cc b/chromium/net/cert/ct_log_verifier_util.cc
index 9e8097f5133..402fd0c59f3 100644
--- a/chromium/net/cert/ct_log_verifier_util.cc
+++ b/chromium/net/cert/ct_log_verifier_util.cc
@@ -4,7 +4,8 @@
 
 #include "net/cert/ct_log_verifier_util.h"
 
-#include "base/memory/scoped_ptr.h"
+#include <memory>
+
 #include "base/strings/string_util.h"
 #include "crypto/secure_hash.h"
 #include "crypto/sha2.h"
@@ -16,7 +17,7 @@ namespace ct {
 namespace internal {
 
 std::string HashNodes(const std::string& lh, const std::string& rh) {
-  scoped_ptr<crypto::SecureHash> hash(
+  std::unique_ptr<crypto::SecureHash> hash(
       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
 
   hash->Update("\01", 1);
diff --git a/chromium/net/cert/ct_objects_extractor_openssl.cc b/chromium/net/cert/ct_objects_extractor.cc
index 7c878d3a8aa..3453e445d2b 100644
--- a/chromium/net/cert/ct_objects_extractor_openssl.cc
+++ b/chromium/net/cert/ct_objects_extractor.cc
@@ -34,14 +34,14 @@ using ScopedX509_EXTENSIONS =
 
 // The wire form of the OID 1.3.6.1.4.1.11129.2.4.2. See Section 3.3 of
 // RFC6962.
-const uint8_t kEmbeddedSCTOid[] = {0x2B, 0x06, 0x01, 0x04, 0x01, 0xD6, 0x79,
-                                   0x02, 0x04, 0x02};
+const uint8_t kEmbeddedSCTOid[] = {0x2B, 0x06, 0x01, 0x04, 0x01,
+                                   0xD6, 0x79, 0x02, 0x04, 0x02};
 
 // The wire form of the OID 1.3.6.1.4.1.11129.2.4.5 - OCSP SingleExtension for
 // X.509v3 Certificate Transparency Signed Certificate Timestamp List, see
 // Section 3.3 of RFC6962.
-const uint8_t kOCSPExtensionOid[] = {0x2B, 0x06, 0x01, 0x04, 0x01, 0xD6, 0x79,
-                                     0x02, 0x04, 0x05};
+const uint8_t kOCSPExtensionOid[] = {0x2B, 0x06, 0x01, 0x04, 0x01,
+                                     0xD6, 0x79, 0x02, 0x04, 0x05};
 
 bool StringEqualToCBS(const std::string& value1, const CBS* value2) {
   if (CBS_len(value2) != value1.size())
@@ -80,9 +80,9 @@ bool GetSCTListFromX509_EXTENSIONS(const X509_EXTENSIONS* x509_exts,
         return false;
       }
       if (out_sct_list) {
-        *out_sct_list = std::string(
-            reinterpret_cast<const char*>(CBS_data(&sct_list)),
-            CBS_len(&sct_list));
+        *out_sct_list =
+            std::string(reinterpret_cast<const char*>(CBS_data(&sct_list)),
+                        CBS_len(&sct_list));
       }
       return true;
     }
@@ -122,8 +122,8 @@ bool FindMatchingSingleResponse(CBS* responses,
   // necessary.
   // TODO(ekasper): only compute the hashes on demand.
   std::string issuer_key_sha256_hash = crypto::SHA256HashString(issuer_spk);
-  std::string issuer_key_sha1_hash = base::SHA1HashString(
-      issuer_spk.as_string());
+  std::string issuer_key_sha1_hash =
+      base::SHA1HashString(issuer_spk.as_string());
 
   while (CBS_len(responses) > 0) {
     CBS single_response, cert_id;
@@ -177,9 +177,9 @@ bool ExtractEmbeddedSCTList(X509Certificate::OSCertHandle cert,
   X509_EXTENSIONS* x509_exts = x509->cert_info->extensions;
   if (!x509_exts)
     return false;
-  return GetSCTListFromX509_EXTENSIONS(
-      x509->cert_info->extensions, kEmbeddedSCTOid, sizeof(kEmbeddedSCTOid),
-      sct_list);
+  return GetSCTListFromX509_EXTENSIONS(x509->cert_info->extensions,
+                                       kEmbeddedSCTOid, sizeof(kEmbeddedSCTOid),
+                                       sct_list);
 }
 
 bool GetPrecertLogEntry(X509Certificate::OSCertHandle leaf,
@@ -212,8 +212,8 @@ bool GetPrecertLogEntry(X509Certificate::OSCertHandle leaf,
   for (size_t i = 0; i < sk_X509_EXTENSION_num(leaf_copy_exts); i++) {
     X509_EXTENSION* ext = sk_X509_EXTENSION_value(leaf_copy_exts, i);
     if (static_cast<size_t>(ext->object->length) == sizeof(kEmbeddedSCTOid) &&
-        memcmp(ext->object->data,
-               kEmbeddedSCTOid, sizeof(kEmbeddedSCTOid)) == 0) {
+        memcmp(ext->object->data, kEmbeddedSCTOid, sizeof(kEmbeddedSCTOid)) ==
+            0) {
       X509_EXTENSION_free(sk_X509_EXTENSION_delete(leaf_copy_exts, i));
       X509_CINF_set_modified(leaf_copy->cert_info);
       break;
@@ -240,8 +240,7 @@ bool GetPrecertLogEntry(X509Certificate::OSCertHandle leaf,
   // Fill in the LogEntry.
   result->type = ct::LogEntry::LOG_ENTRY_TYPE_PRECERT;
   result->tbs_certificate.swap(to_be_signed);
-  crypto::SHA256HashString(issuer_key,
-                           result->issuer_key_hash.data,
+  crypto::SHA256HashString(issuer_key, result->issuer_key_hash.data,
                            sizeof(result->issuer_key_hash.data));
 
   return true;
@@ -268,16 +267,14 @@ bool ExtractSCTListFromOCSPResponse(X509Certificate::OSCertHandle issuer,
   // in the extensions field of the SingleResponse which matches the input
   // certificate.
   CBS cbs;
-  CBS_init(&cbs,
-           reinterpret_cast<const uint8_t*>(ocsp_response.data()),
+  CBS_init(&cbs, reinterpret_cast<const uint8_t*>(ocsp_response.data()),
            ocsp_response.size());
 
   // Parse down to the ResponseBytes. The ResponseBytes is optional, but if it's
   // missing, this can't include an SCT list.
   CBS sequence, response_status, tagged_response_bytes, response_bytes;
   CBS response_type, response;
-  if (!CBS_get_asn1(&cbs, &sequence, CBS_ASN1_SEQUENCE) ||
-      CBS_len(&cbs) != 0 ||
+  if (!CBS_get_asn1(&cbs, &sequence, CBS_ASN1_SEQUENCE) || CBS_len(&cbs) != 0 ||
       !CBS_get_asn1(&sequence, &response_status, CBS_ASN1_ENUMERATED) ||
       !CBS_get_asn1(&sequence, &tagged_response_bytes,
                     CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0) ||
@@ -303,8 +300,7 @@ bool ExtractSCTListFromOCSPResponse(X509Certificate::OSCertHandle issuer,
   }
 
   // Skip the optional version.
-  const int kVersionTag =
-      CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0;
+  const int kVersionTag = CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0;
   if (CBS_len(&response_data) > 0 &&
       CBS_data(&response_data)[0] == kVersionTag &&
       !CBS_get_asn1(&response_data, NULL /* version */, kVersionTag)) {
@@ -312,10 +308,10 @@ bool ExtractSCTListFromOCSPResponse(X509Certificate::OSCertHandle issuer,
   }
 
   // Extract the list of SingleResponses.
-  if (!CBS_get_any_asn1_element(&response_data,
-                                NULL /* responderID */, NULL, NULL) ||
-      !CBS_get_any_asn1_element(&response_data,
-                                NULL /* producedAt */, NULL, NULL) ||
+  if (!CBS_get_any_asn1_element(&response_data, NULL /* responderID */, NULL,
+                                NULL) ||
+      !CBS_get_any_asn1_element(&response_data, NULL /* producedAt */, NULL,
+                                NULL) ||
       !CBS_get_asn1(&response_data, &responses, CBS_ASN1_SEQUENCE)) {
     return false;
   }
@@ -327,10 +323,10 @@ bool ExtractSCTListFromOCSPResponse(X509Certificate::OSCertHandle issuer,
   }
 
   // Skip the certStatus and thisUpdate fields.
-  if (!CBS_get_any_asn1_element(&single_response,
-                                NULL /* certStatus */, NULL, NULL) ||
-      !CBS_get_any_asn1_element(&single_response,
-                                NULL /* thisUpdate */, NULL, NULL)) {
+  if (!CBS_get_any_asn1_element(&single_response, NULL /* certStatus */, NULL,
+                                NULL) ||
+      !CBS_get_any_asn1_element(&single_response, NULL /* thisUpdate */, NULL,
+                                NULL)) {
     return false;
   }
 
@@ -355,8 +351,8 @@ bool ExtractSCTListFromOCSPResponse(X509Certificate::OSCertHandle issuer,
   if (!x509_exts || ptr != CBS_data(&extensions) + CBS_len(&extensions))
     return false;
 
-  return GetSCTListFromX509_EXTENSIONS(
-      x509_exts.get(), kOCSPExtensionOid, sizeof(kOCSPExtensionOid), sct_list);
+  return GetSCTListFromX509_EXTENSIONS(x509_exts.get(), kOCSPExtensionOid,
+                                       sizeof(kOCSPExtensionOid), sct_list);
 }
 
 }  // namespace ct
diff --git a/chromium/net/cert/ct_objects_extractor_nss.cc b/chromium/net/cert/ct_objects_extractor_nss.cc
deleted file mode 100644
index 76a3be51d2e..00000000000
--- a/chromium/net/cert/ct_objects_extractor_nss.cc
+++ /dev/null
@@ -1,619 +0,0 @@
-// Copyright 2013 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "net/cert/ct_objects_extractor.h"
-
-#include <cert.h>
-#include <secasn1.h>
-#include <secitem.h>
-#include <secoid.h>
-
-#include "base/lazy_instance.h"
-#include "base/macros.h"
-#include "base/sha1.h"
-#include "crypto/scoped_nss_types.h"
-#include "crypto/sha2.h"
-#include "net/cert/asn1_util.h"
-#include "net/cert/scoped_nss_types.h"
-#include "net/cert/signed_certificate_timestamp.h"
-#include "net/der/input.h"
-#include "net/der/parser.h"
-
-namespace net {
-
-namespace ct {
-
-namespace {
-
-// NSS black magic to get the address of externally defined template at runtime.
-SEC_ASN1_MKSUB(SEC_IntegerTemplate)
-SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
-SEC_ASN1_MKSUB(SEC_GeneralizedTimeTemplate)
-SEC_ASN1_MKSUB(CERT_SequenceOfCertExtensionTemplate)
-
-// Wrapper class to convert a X509Certificate::OSCertHandle directly
-// into a CERTCertificate* usable with other NSS functions. This is used for
-// platforms where X509Certificate::OSCertHandle refers to a different type
-// than a CERTCertificate*.
-struct NSSCertWrapper {
-  explicit NSSCertWrapper(X509Certificate::OSCertHandle cert_handle);
-  ~NSSCertWrapper() {}
-
-  ScopedCERTCertificate cert;
-};
-
-NSSCertWrapper::NSSCertWrapper(X509Certificate::OSCertHandle cert_handle) {
-#if defined(USE_NSS_CERTS)
-  cert.reset(CERT_DupCertificate(cert_handle));
-#else
-  SECItem der_cert;
-  std::string der_data;
-  if (!X509Certificate::GetDEREncoded(cert_handle, &der_data))
-    return;
-  der_cert.data =
-      reinterpret_cast<unsigned char*>(const_cast<char*>(der_data.data()));
-  der_cert.len = der_data.size();
-
-  // Note: CERT_NewTempCertificate may return NULL if the certificate
-  // shares a serial number with another cert issued by the same CA,
-  // which is not supposed to happen.
-  cert.reset(CERT_NewTempCertificate(
-      CERT_GetDefaultCertDB(), &der_cert, NULL, PR_FALSE, PR_TRUE));
-#endif
-  DCHECK(cert.get() != NULL);
-}
-
-// The wire form of the OID 1.3.6.1.4.1.11129.2.4.2. See Section 3.3 of
-// RFC6962.
-const unsigned char kEmbeddedSCTOid[] = {0x2B, 0x06, 0x01, 0x04, 0x01,
-                                         0xD6, 0x79, 0x02, 0x04, 0x02};
-const char kEmbeddedSCTDescription[] =
-    "X.509v3 Certificate Transparency Embedded Signed Certificate Timestamp "
-    "List";
-
-// The wire form of the OID 1.3.6.1.4.1.11129.2.4.5 - OCSP SingleExtension for
-// X.509v3 Certificate Transparency Signed Certificate Timestamp List, see
-// Section 3.3 of RFC6962.
-const unsigned char kOCSPExtensionOid[] = {0x2B, 0x06, 0x01, 0x04, 0x01,
-                                           0xD6, 0x79, 0x02, 0x04, 0x05};
-
-const SECItem kOCSPExtensionOidItem = {
-  siBuffer, const_cast<unsigned char*>(kOCSPExtensionOid),
-  sizeof(kOCSPExtensionOid)
-};
-
-// id-ad-ocsp: 1.3.6.1.5.5.7.48.1.1
-const unsigned char kBasicOCSPResponseOid[] = {0x2B, 0x06, 0x01, 0x05, 0x05,
-                                               0x07, 0x30, 0x01, 0x01};
-
-const SECItem kBasicOCSPResponseOidItem = {
-  siBuffer, const_cast<unsigned char*>(kBasicOCSPResponseOid),
-  sizeof(kBasicOCSPResponseOid)
-};
-
-
-// Initializes the necessary NSS internals for use with Certificate
-// Transparency.
-class CTInitSingleton {
- public:
-  SECOidTag embedded_oid() const { return embedded_oid_; }
-
- private:
-  friend struct base::DefaultLazyInstanceTraits<CTInitSingleton>;
-
-  CTInitSingleton() : embedded_oid_(SEC_OID_UNKNOWN) {
-    embedded_oid_ = RegisterOid(
-        kEmbeddedSCTOid, sizeof(kEmbeddedSCTOid), kEmbeddedSCTDescription);
-  }
-
-  ~CTInitSingleton() {}
-
-  SECOidTag RegisterOid(const unsigned char* oid,
-                        unsigned int oid_len,
-                        const char* description) {
-    SECOidData oid_data;
-    oid_data.oid.len = oid_len;
-    oid_data.oid.data = const_cast<unsigned char*>(oid);
-    oid_data.offset = SEC_OID_UNKNOWN;
-    oid_data.desc = description;
-    oid_data.mechanism = CKM_INVALID_MECHANISM;
-    // Setting this to SUPPORTED_CERT_EXTENSION ensures that if a certificate
-    // contains this extension with the critical bit set, NSS will not reject
-    // it. However, because verification of this extension happens after NSS,
-    // it is currently left as INVALID_CERT_EXTENSION.
-    oid_data.supportedExtension = INVALID_CERT_EXTENSION;
-
-    SECOidTag result = SECOID_AddEntry(&oid_data);
-    CHECK_NE(SEC_OID_UNKNOWN, result);
-
-    return result;
-  }
-
-  SECOidTag embedded_oid_;
-
-  DISALLOW_COPY_AND_ASSIGN(CTInitSingleton);
-};
-
-base::LazyInstance<CTInitSingleton>::Leaky g_ct_singleton =
-    LAZY_INSTANCE_INITIALIZER;
-
-// Obtains the data for an X.509v3 certificate extension identified by |oid|
-// and encoded as an OCTET STRING. Returns true if the extension was found in
-// the certificate, updating |ext_data| to be the extension data after removing
-// the DER encoding of OCTET STRING.
-bool GetCertOctetStringExtension(CERTCertificate* cert,
-                                 SECOidTag oid,
-                                 std::string* extension_data) {
-  SECItem extension;
-  SECStatus rv = CERT_FindCertExtension(cert, oid, &extension);
-  if (rv != SECSuccess)
-    return false;
-
-  der::Parser parser(der::Input(extension.data, extension.len));
-  der::Input parsed_extension;
-  if (!parser.ReadTag(der::kOctetString, &parsed_extension) ||
-      parser.HasMore()) {  // Decoding failure or raw data left
-    rv = SECFailure;
-  } else {
-    *extension_data = parsed_extension.AsString();
-  }
-
-  SECITEM_FreeItem(&extension, PR_FALSE);
-  return rv == SECSuccess;
-}
-
-// NSS offers CERT_FindCertExtension for certificates, but that only accepts
-// CERTCertificate* inputs, so the method below extracts the SCT extension
-// directly from the CERTCertExtension** of an OCSP response.
-//
-// Obtains the data for an OCSP extension identified by kOCSPExtensionOidItem
-// and encoded as an OCTET STRING. Returns true if the extension was found in
-// |extensions|, updating |extension_data| to be the extension data after
-// removing the DER encoding of OCTET STRING.
-bool GetSCTListFromOCSPExtension(PLArenaPool* arena,
-                                 const CERTCertExtension* const* extensions,
-                                 std::string* extension_data) {
-  if (!extensions)
-    return false;
-
-  const CERTCertExtension* match = NULL;
-
-  for (const CERTCertExtension* const* exts = extensions; *exts; ++exts) {
-    const CERTCertExtension* ext = *exts;
-    if (SECITEM_ItemsAreEqual(&kOCSPExtensionOidItem, &ext->id)) {
-      match = ext;
-      break;
-    }
-  }
-
-  if (!match)
-    return false;
-
-  SECItem contents;
-  // SEC_QuickDERDecodeItem sets |contents| to point to |match|, so it is not
-  // necessary to free the contents of |contents|.
-  SECStatus rv = SEC_QuickDERDecodeItem(arena, &contents,
-                                        SEC_ASN1_GET(SEC_OctetStringTemplate),
-                                        &match->value);
-  if (rv != SECSuccess)
-    return false;
-
-  base::StringPiece parsed_data(reinterpret_cast<char*>(contents.data),
-                                contents.len);
-  parsed_data.CopyToString(extension_data);
-  return true;
-}
-
-// Given a |cert|, extract the TBSCertificate from this certificate, also
-// removing the X.509 extension with OID 1.3.6.1.4.1.11129.2.4.2 (that is,
-// the embedded SCT)
-bool ExtractTBSCertWithoutSCTs(CERTCertificate* cert,
-                               std::string* to_be_signed) {
-  SECOidData* oid = SECOID_FindOIDByTag(g_ct_singleton.Get().embedded_oid());
-  if (!oid)
-    return false;
-
-  // This is a giant hack, due to the fact that NSS does not expose a good API
-  // for simply removing certificate fields from existing certificates.
-  CERTCertificate temp_cert;
-  temp_cert = *cert;
-  temp_cert.extensions = NULL;
-
-  // Strip out the embedded SCT OID from the new certificate by directly
-  // mutating the extensions in place.
-  std::vector<CERTCertExtension*> new_extensions;
-  if (cert->extensions) {
-    for (CERTCertExtension** exts = cert->extensions; *exts; ++exts) {
-      CERTCertExtension* ext = *exts;
-      SECComparison result = SECITEM_CompareItem(&oid->oid, &ext->id);
-      if (result != SECEqual)
-        new_extensions.push_back(ext);
-    }
-  }
-  if (!new_extensions.empty()) {
-    new_extensions.push_back(NULL);
-    temp_cert.extensions = &new_extensions[0];
-  }
-
-  crypto::ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
-
-  SECItem tbs_data;
-  tbs_data.len = 0;
-  tbs_data.data = NULL;
-  void* result = SEC_ASN1EncodeItem(arena.get(),
-                                    &tbs_data,
-                                    &temp_cert,
-                                    SEC_ASN1_GET(CERT_CertificateTemplate));
-  if (!result)
-    return false;
-
-  to_be_signed->assign(reinterpret_cast<char*>(tbs_data.data), tbs_data.len);
-  return true;
-}
-
-// The following code is adapted from the NSS OCSP module, in order to expose
-// the internal structure of an OCSP response.
-
-// ResponseBytes ::=       SEQUENCE {
-//     responseType   OBJECT IDENTIFIER,
-//     response       OCTET STRING }
-struct ResponseBytes {
-  SECItem response_type;
-  SECItem der_response;
-};
-
-const SEC_ASN1Template kResponseBytesTemplate[] = {
-  { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(ResponseBytes) },
-  { SEC_ASN1_OBJECT_ID, offsetof(ResponseBytes, response_type) },
-  { SEC_ASN1_OCTET_STRING, offsetof(ResponseBytes, der_response) },
-  { 0 }
-};
-
-// OCSPResponse ::=     SEQUENCE {
-//      responseStatus          OCSPResponseStatus,
-//      responseBytes           [0] EXPLICIT ResponseBytes OPTIONAL }
-struct OCSPResponse {
-  SECItem response_status;
-  // This indirection is needed because |response_bytes| is an optional
-  // component and we need a way to determine if it is missing.
-  ResponseBytes* response_bytes;
-};
-
-const SEC_ASN1Template kPointerToResponseBytesTemplate[] = {
-  { SEC_ASN1_POINTER, 0, kResponseBytesTemplate }
-};
-
-const SEC_ASN1Template kOCSPResponseTemplate[] = {
-  { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(OCSPResponse) },
-  { SEC_ASN1_ENUMERATED, offsetof(OCSPResponse, response_status) },
-  { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED |
-    SEC_ASN1_CONTEXT_SPECIFIC | 0, offsetof(OCSPResponse, response_bytes),
-    kPointerToResponseBytesTemplate },
-  { 0 }
-};
-
-// CertID          ::=     SEQUENCE {
-//   hashAlgorithm       AlgorithmIdentifier,
-//   issuerNameHash      OCTET STRING, -- Hash of Issuer's DN
-//   issuerKeyHash       OCTET STRING, -- Hash of Issuers public key
-//   serialNumber        CertificateSerialNumber }
-struct CertID {
-  SECAlgorithmID hash_algorithm;
-  SECItem issuer_name_hash;
-  SECItem issuer_key_hash;
-  SECItem serial_number;
-};
-
-const SEC_ASN1Template kCertIDTemplate[] = {
-  { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CertID) },
-  { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(CertID, hash_algorithm),
-    SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
-  { SEC_ASN1_OCTET_STRING, offsetof(CertID, issuer_name_hash) },
-  { SEC_ASN1_OCTET_STRING, offsetof(CertID, issuer_key_hash) },
-  { SEC_ASN1_INTEGER, offsetof(CertID, serial_number) },
-  { 0 }
-};
-
-// SingleResponse ::= SEQUENCE {
-//   certID                       CertID,
-//   certStatus                   CertStatus,
-//   thisUpdate                   GeneralizedTime,
-//   nextUpdate           [0]     EXPLICIT GeneralizedTime OPTIONAL,
-//   singleExtensions     [1]     EXPLICIT Extensions OPTIONAL }
-struct SingleResponse {
-  CertID cert_id;
-  // The following three fields are not used.
-  SECItem der_cert_status;
-  SECItem this_update;
-  SECItem next_update;
-  CERTCertExtension** single_extensions;
-};
-
-const SEC_ASN1Template kSingleResponseTemplate[] = {
-  { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SingleResponse) },
-  { SEC_ASN1_INLINE, offsetof(SingleResponse, cert_id), kCertIDTemplate },
-  // Really a CHOICE but we make it an ANY because  we don't care about the
-  // contents of this field.
-  // TODO(ekasper): use SEC_ASN1_CHOICE.
-  { SEC_ASN1_ANY, offsetof(SingleResponse, der_cert_status) },
-  { SEC_ASN1_GENERALIZED_TIME, offsetof(SingleResponse, this_update) },
-  { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
-    SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
-    offsetof(SingleResponse, next_update),
-    SEC_ASN1_SUB(SEC_GeneralizedTimeTemplate) },
-  { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED |
-    SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1,
-    offsetof(SingleResponse, single_extensions),
-    SEC_ASN1_SUB(CERT_SequenceOfCertExtensionTemplate) },
-  { 0 }
-};
-
-// ResponseData ::= SEQUENCE {
-//   version              [0] EXPLICIT Version DEFAULT v1,
-//   responderID              ResponderID,
-//   producedAt               GeneralizedTime,
-//   responses                SEQUENCE OF SingleResponse,
-//   responseExtensions   [1] EXPLICIT Extensions OPTIONAL }
-struct ResponseData {
-  // The first three fields are not used.
-  SECItem version;
-  SECItem der_responder_id;
-  SECItem produced_at;
-  SingleResponse** single_responses;
-  // Skip extensions.
-};
-
-const SEC_ASN1Template kResponseDataTemplate[] = {
-  { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(ResponseData) },
-  { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED |
-    SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
-    offsetof(ResponseData, version), SEC_ASN1_SUB(SEC_IntegerTemplate) },
-  // Really a CHOICE but we make it an ANY because  we don't care about the
-  // contents of this field.
-  // TODO(ekasper): use SEC_ASN1_CHOICE.
-  { SEC_ASN1_ANY, offsetof(ResponseData, der_responder_id) },
-  { SEC_ASN1_GENERALIZED_TIME, offsetof(ResponseData, produced_at) },
-  { SEC_ASN1_SEQUENCE_OF, offsetof(ResponseData, single_responses),
-    kSingleResponseTemplate },
-  { SEC_ASN1_SKIP_REST },
-  { 0 }
-};
-
-// BasicOCSPResponse       ::= SEQUENCE {
-//   tbsResponseData      ResponseData,
-//   signatureAlgorithm   AlgorithmIdentifier,
-//   signature            BIT STRING,
-//   certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
-struct BasicOCSPResponse {
-  ResponseData tbs_response_data;
-  // We do not care about the rest.
-};
-
-const SEC_ASN1Template kBasicOCSPResponseTemplate[] = {
-  { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(BasicOCSPResponse) },
-  { SEC_ASN1_INLINE, offsetof(BasicOCSPResponse, tbs_response_data),
-    kResponseDataTemplate },
-  { SEC_ASN1_SKIP_REST },
-  { 0 }
-};
-
-bool StringEqualToSECItem(const std::string& value1, const SECItem& value2) {
-  if (value1.size() != value2.len)
-    return false;
-  return memcmp(value1.data(), value2.data, value2.len) == 0;
-}
-
-// TODO(ekasper): also use the issuer name hash in matching.
-bool CertIDMatches(const CertID& cert_id,
-                   const std::string& serial_number,
-                   const std::string& issuer_key_sha1_hash,
-                   const std::string& issuer_key_sha256_hash) {
-  if (!StringEqualToSECItem(serial_number, cert_id.serial_number))
-    return false;
-
-  SECOidTag hash_alg = SECOID_FindOIDTag(&cert_id.hash_algorithm.algorithm);
-  switch (hash_alg) {
-    case SEC_OID_SHA1:
-      return StringEqualToSECItem(issuer_key_sha1_hash,
-                                  cert_id.issuer_key_hash);
-    case SEC_OID_SHA256:
-      return StringEqualToSECItem(issuer_key_sha256_hash,
-                                  cert_id.issuer_key_hash);
-    default:
-      return false;
-  }
-}
-
-}  // namespace
-
-bool ExtractEmbeddedSCTList(X509Certificate::OSCertHandle cert,
-                            std::string* sct_list) {
-  DCHECK(cert);
-
-  NSSCertWrapper leaf_cert(cert);
-  if (!leaf_cert.cert)
-    return false;
-
-  return GetCertOctetStringExtension(leaf_cert.cert.get(),
-                                     g_ct_singleton.Get().embedded_oid(),
-                                     sct_list);
-}
-
-bool GetPrecertLogEntry(X509Certificate::OSCertHandle leaf,
-                        X509Certificate::OSCertHandle issuer,
-                        LogEntry* result) {
-  DCHECK(leaf);
-  DCHECK(issuer);
-
-  NSSCertWrapper leaf_cert(leaf);
-  NSSCertWrapper issuer_cert(issuer);
-
-  result->Reset();
-  // XXX(rsleevi): This check may be overkill, since we should be able to
-  // generate precerts for certs without the extension. For now, just a sanity
-  // check to match the reference implementation.
-  SECItem extension;
-  SECStatus rv = CERT_FindCertExtension(
-      leaf_cert.cert.get(), g_ct_singleton.Get().embedded_oid(), &extension);
-  if (rv != SECSuccess)
-    return false;
-  SECITEM_FreeItem(&extension, PR_FALSE);
-
-  std::string to_be_signed;
-  if (!ExtractTBSCertWithoutSCTs(leaf_cert.cert.get(), &to_be_signed))
-    return false;
-
-  if (!issuer_cert.cert) {
-    // This can happen when the issuer and leaf certs share the same serial
-    // number and are from the same CA, which should never be the case
-    // (but happened with bad test certs).
-    VLOG(1) << "Issuer cert is null, cannot generate Precert entry.";
-    return false;
-  }
-
-  SECKEYPublicKey* issuer_pub_key =
-      SECKEY_ExtractPublicKey(&(issuer_cert.cert->subjectPublicKeyInfo));
-  if (!issuer_pub_key) {
-    VLOG(1) << "Could not extract issuer public key, "
-            << "cannot generate Precert entry.";
-    return false;
-  }
-
-  SECItem* encoded_issuer_pubKey =
-      SECKEY_EncodeDERSubjectPublicKeyInfo(issuer_pub_key);
-  if (!encoded_issuer_pubKey) {
-    SECKEY_DestroyPublicKey(issuer_pub_key);
-    return false;
-  }
-
-  result->type = ct::LogEntry::LOG_ENTRY_TYPE_PRECERT;
-  result->tbs_certificate.swap(to_be_signed);
-
-  crypto::SHA256HashString(
-      base::StringPiece(reinterpret_cast<char*>(encoded_issuer_pubKey->data),
-                        encoded_issuer_pubKey->len),
-      result->issuer_key_hash.data,
-      sizeof(result->issuer_key_hash.data));
-
-  SECITEM_FreeItem(encoded_issuer_pubKey, PR_TRUE);
-  SECKEY_DestroyPublicKey(issuer_pub_key);
-
-  return true;
-}
-
-bool GetX509LogEntry(X509Certificate::OSCertHandle leaf, LogEntry* result) {
-  DCHECK(leaf);
-
-  std::string encoded;
-  if (!X509Certificate::GetDEREncoded(leaf, &encoded))
-    return false;
-
-  result->Reset();
-  result->type = ct::LogEntry::LOG_ENTRY_TYPE_X509;
-  result->leaf_certificate.swap(encoded);
-  return true;
-}
-
-bool ExtractSCTListFromOCSPResponse(X509Certificate::OSCertHandle issuer,
-                                    const std::string& cert_serial_number,
-                                    const std::string& ocsp_response,
-                                    std::string* sct_list) {
-  DCHECK(issuer);
-
-  // Any OCSP response is unlikely to be even close to 2^24 bytes; further, CT
-  // only uses stapled OCSP responses which have this limit imposed by the TLS
-  // protocol.
-  if (ocsp_response.size() > 0xffffff)
-    return false;
-
-  crypto::ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
-
-  OCSPResponse response;
-  memset(&response, 0, sizeof(response));
-
-  SECItem src = { siBuffer,
-                  reinterpret_cast<unsigned char*>(const_cast<char*>(
-                      ocsp_response.data())),
-                  static_cast<unsigned int>(ocsp_response.size()) };
-
-  // |response| will point directly into |src|, so it's not necessary to
-  // free the |response| contents, but they may only be used while |src|
-  // is valid (i.e., in this method).
-  SECStatus rv = SEC_QuickDERDecodeItem(arena.get(), &response,
-                                        kOCSPResponseTemplate, &src);
-  if (rv != SECSuccess)
-    return false;
-
-  if (!response.response_bytes)
-    return false;
-
-  if (!SECITEM_ItemsAreEqual(&kBasicOCSPResponseOidItem,
-                             &response.response_bytes->response_type)) {
-    return false;
-  }
-
-  BasicOCSPResponse basic_response;
-  memset(&basic_response, 0, sizeof(basic_response));
-
-  rv = SEC_QuickDERDecodeItem(arena.get(), &basic_response,
-                              kBasicOCSPResponseTemplate,
-                              &response.response_bytes->der_response);
-  if (rv != SECSuccess)
-    return false;
-
-  SingleResponse** responses =
-      basic_response.tbs_response_data.single_responses;
-  if (!responses)
-    return false;
-
-  std::string issuer_der;
-  if (!X509Certificate::GetDEREncoded(issuer, &issuer_der))
-    return false;
-
-  base::StringPiece issuer_spki;
-  if (!asn1::ExtractSPKIFromDERCert(issuer_der, &issuer_spki))
-    return false;
-
-  // In OCSP, only the key itself is under hash.
-  base::StringPiece issuer_spk;
-  if (!asn1::ExtractSubjectPublicKeyFromSPKI(issuer_spki, &issuer_spk))
-    return false;
-
-  // ExtractSubjectPublicKey... does not remove the initial octet encoding the
-  // number of unused bits in the ASN.1 BIT STRING so we do it here. For public
-  // keys, the bitstring is in practice always byte-aligned.
-  if (issuer_spk.empty() || issuer_spk[0] != 0)
-    return false;
-  issuer_spk.remove_prefix(1);
-
-  // NSS OCSP lib recognizes SHA1, MD5 and MD2; MD5 and MD2 are dead but
-  // https://bugzilla.mozilla.org/show_bug.cgi?id=663315 will add SHA-256
-  // and SHA-384.
-  // TODO(ekasper): add SHA-384 to crypto/sha2.h and here if it proves
-  // necessary.
-  // TODO(ekasper): only compute the hashes on demand.
-  std::string issuer_key_sha256_hash = crypto::SHA256HashString(issuer_spk);
-  std::string issuer_key_sha1_hash = base::SHA1HashString(
-      issuer_spk.as_string());
-
-  const SingleResponse* match = NULL;
-  for (const SingleResponse* const* resps = responses; *resps; ++resps) {
-    const SingleResponse* resp = *resps;
-    if (CertIDMatches(resp->cert_id, cert_serial_number,
-                      issuer_key_sha1_hash, issuer_key_sha256_hash)) {
-      match = resp;
-      break;
-    }
-  }
-
-  if (!match)
-    return false;
-
-  return GetSCTListFromOCSPExtension(arena.get(), match->single_extensions,
-                                     sct_list);
-}
-
-}  // namespace ct
-
-}  // namespace net
diff --git a/chromium/net/cert/ct_objects_extractor_unittest.cc b/chromium/net/cert/ct_objects_extractor_unittest.cc
index 5bb59ba3db0..c24cc9a0a19 100644
--- a/chromium/net/cert/ct_objects_extractor_unittest.cc
+++ b/chromium/net/cert/ct_objects_extractor_unittest.cc
@@ -62,7 +62,7 @@ TEST_F(CTObjectsExtractorTest, ExtractEmbeddedSCT) {
       new ct::SignedCertificateTimestamp());
   ExtractEmbeddedSCT(precert_chain_[0], &sct);
 
-  EXPECT_EQ(sct->version, SignedCertificateTimestamp::SCT_VERSION_1);
+  EXPECT_EQ(sct->version, SignedCertificateTimestamp::V1);
   EXPECT_EQ(ct::GetTestPublicKeyId(), sct->log_id);
 
   base::Time expected_timestamp =
@@ -83,7 +83,7 @@ TEST_F(CTObjectsExtractorTest, ExtractPrecert) {
   // Compare hash values of issuer spki.
   SHA256HashValue expected_issuer_key_hash;
   memcpy(expected_issuer_key_hash.data, GetDefaultIssuerKeyHash().data(), 32);
-  ASSERT_TRUE(expected_issuer_key_hash.Equals(entry.issuer_key_hash));
+  ASSERT_EQ(expected_issuer_key_hash, entry.issuer_key_hash);
 }
 
 TEST_F(CTObjectsExtractorTest, ExtractOrdinaryX509Cert) {
diff --git a/chromium/net/cert/ct_policy_enforcer.cc b/chromium/net/cert/ct_policy_enforcer.cc
index e036087c5ca..a4e1e818c41 100644
--- a/chromium/net/cert/ct_policy_enforcer.cc
+++ b/chromium/net/cert/ct_policy_enforcer.cc
@@ -4,7 +4,10 @@
 
 #include "net/cert/ct_policy_enforcer.h"
 
+#include <stdint.h>
+
 #include <algorithm>
+#include <memory>
 #include <utility>
 
 #include "base/bind.h"
@@ -30,10 +33,6 @@ namespace net {
 
 namespace {
 
-bool IsEmbeddedSCT(const scoped_refptr<ct::SignedCertificateTimestamp>& sct) {
-  return sct->origin == ct::SignedCertificateTimestamp::SCT_EMBEDDED;
-}
-
 // Returns true if the current build is recent enough to ensure that
 // built-in security information (e.g. CT Logs) is fresh enough.
 // TODO(eranm): Move to base or net/base
@@ -43,11 +42,6 @@ bool IsBuildTimely() {
   return (base::Time::Now() - build_time).InDays() < 70 /* 10 weeks */;
 }
 
-bool IsGoogleIssuedSCT(
-    const scoped_refptr<ct::SignedCertificateTimestamp>& sct) {
-  return ct::IsLogOperatedByGoogle(sct->log_id);
-}
-
 // Returns a rounded-down months difference of |start| and |end|,
 // together with an indication of whether the last month was
 // a full month, because the range starts specified in the policy
@@ -78,58 +72,6 @@ void RoundedDownMonthDifference(const base::Time& start,
   *rounded_months_difference = month_diff;
 }
 
-bool HasRequiredNumberOfSCTs(const X509Certificate& cert,
-                             const ct::SCTList& verified_scts) {
-  size_t num_valid_scts = verified_scts.size();
-  size_t num_embedded_scts = base::checked_cast<size_t>(
-      std::count_if(verified_scts.begin(), verified_scts.end(), IsEmbeddedSCT));
-
-  size_t num_non_embedded_scts = num_valid_scts - num_embedded_scts;
-  // If at least two valid SCTs were delivered by means other than embedding
-  // (i.e. in a TLS extension or OCSP), then the certificate conforms to bullet
-  // number 3 of the "Qualifying Certificate" section of the CT/EV policy.
-  if (num_non_embedded_scts >= 2)
-    return true;
-
-  if (cert.valid_start().is_null() || cert.valid_expiry().is_null() ||
-      cert.valid_start().is_max() || cert.valid_expiry().is_max()) {
-    // Will not be able to calculate the certificate's validity period.
-    return false;
-  }
-
-  size_t lifetime;
-  bool has_partial_month;
-  RoundedDownMonthDifference(cert.valid_start(), cert.valid_expiry(), &lifetime,
-                             &has_partial_month);
-
-  // For embedded SCTs, if the certificate has the number of SCTs specified in
-  // table 1 of the "Qualifying Certificate" section of the CT/EV policy, then
-  // it qualifies.
-  size_t num_required_embedded_scts;
-  if (lifetime > 39 || (lifetime == 39 && has_partial_month)) {
-    num_required_embedded_scts = 5;
-  } else if (lifetime > 27 || (lifetime == 27 && has_partial_month)) {
-    num_required_embedded_scts = 4;
-  } else if (lifetime >= 15) {
-    num_required_embedded_scts = 3;
-  } else {
-    num_required_embedded_scts = 2;
-  }
-
-  return num_embedded_scts >= num_required_embedded_scts;
-}
-
-// Returns true if |verified_scts| contains SCTs from at least one log that is
-// operated by Google and at least one log that is not operated by Google. This
-// is required for SCTs after July 1st, 2015, as documented at
-// http://dev.chromium.org/Home/chromium-security/root-ca-policy/EVCTPlanMay2015edition.pdf
-bool HasEnoughDiverseSCTs(const ct::SCTList& verified_scts) {
-  size_t num_google_issued_scts = base::checked_cast<size_t>(std::count_if(
-      verified_scts.begin(), verified_scts.end(), IsGoogleIssuedSCT));
-  return (num_google_issued_scts > 0) &&
-         (verified_scts.size() != num_google_issued_scts);
-}
-
 const char* EVPolicyComplianceToString(ct::EVPolicyCompliance status) {
   switch (status) {
     case ct::EVPolicyCompliance::EV_POLICY_DOES_NOT_APPLY:
@@ -206,11 +148,11 @@ struct EVComplianceDetails {
   base::Version whitelist_version;
 };
 
-scoped_ptr<base::Value> NetLogEVComplianceCheckResultCallback(
+std::unique_ptr<base::Value> NetLogEVComplianceCheckResultCallback(
     X509Certificate* cert,
     EVComplianceDetails* details,
     NetLogCaptureMode capture_mode) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->Set("certificate", NetLogX509CertificateCallback(cert, capture_mode));
   dict->SetBoolean("policy_enforcement_required", true);
   dict->SetBoolean("build_timely", details->build_timely);
@@ -224,12 +166,12 @@ scoped_ptr<base::Value> NetLogEVComplianceCheckResultCallback(
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogCertComplianceCheckResultCallback(
+std::unique_ptr<base::Value> NetLogCertComplianceCheckResultCallback(
     X509Certificate* cert,
     bool build_timely,
     ct::CertPolicyCompliance compliance,
     NetLogCaptureMode capture_mode) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->Set("certificate", NetLogX509CertificateCallback(cert, capture_mode));
   dict->SetBoolean("build_timely", build_timely);
   dict->SetString("ct_compliance_status",
@@ -237,52 +179,187 @@ scoped_ptr<base::Value> NetLogCertComplianceCheckResultCallback(
   return std::move(dict);
 }
 
-// Returns true if all SCTs in |verified_scts| were issued on, or after, the
-// date specified in kDiverseSCTRequirementStartDate
-bool AllSCTsPastDistinctSCTRequirementEnforcementDate(
-    const ct::SCTList& verified_scts) {
-  // The date when diverse SCTs requirement is effective from.
-  // 2015-07-01 00:00:00 UTC.
-  base::Time kDiverseSCTRequirementStartDate =
-      base::Time::FromInternalValue(13080182400000000);
-
-  for (const auto& it : verified_scts) {
-    if (it->timestamp < kDiverseSCTRequirementStartDate)
-      return false;
-  }
-
-  return true;
-}
-
 bool IsCertificateInWhitelist(const X509Certificate& cert,
                               const ct::EVCertsWhitelist* ev_whitelist) {
-  bool cert_in_ev_whitelist = false;
-  if (ev_whitelist && ev_whitelist->IsValid()) {
-    const SHA256HashValue fingerprint(
-        X509Certificate::CalculateFingerprint256(cert.os_cert_handle()));
+  if (!ev_whitelist || !ev_whitelist->IsValid())
+    return false;
 
-    std::string truncated_fp =
-        std::string(reinterpret_cast<const char*>(fingerprint.data), 8);
-    cert_in_ev_whitelist = ev_whitelist->ContainsCertificateHash(truncated_fp);
+  const SHA256HashValue fingerprint(
+      X509Certificate::CalculateFingerprint256(cert.os_cert_handle()));
 
-    UMA_HISTOGRAM_BOOLEAN("Net.SSL_EVCertificateInWhitelist",
-                          cert_in_ev_whitelist);
-  }
+  std::string truncated_fp =
+      std::string(reinterpret_cast<const char*>(fingerprint.data), 8);
+  bool cert_in_ev_whitelist =
+      ev_whitelist->ContainsCertificateHash(truncated_fp);
+
+  UMA_HISTOGRAM_BOOLEAN("Net.SSL_EVCertificateInWhitelist",
+                        cert_in_ev_whitelist);
   return cert_in_ev_whitelist;
 }
 
+// Evaluates against the policy specified at
+// https://sites.google.com/a/chromium.org/dev/Home/chromium-security/root-ca-policy/EVCTPlanMay2015edition.pdf?attredirects=0
 ct::CertPolicyCompliance CheckCertPolicyCompliance(
-    X509Certificate* cert,
-    const ct::SCTList& verified_scts,
-    const BoundNetLog& net_log) {
-  if (!HasRequiredNumberOfSCTs(*cert, verified_scts))
+    const X509Certificate& cert,
+    const ct::SCTList& verified_scts) {
+  // Cert is outside the bounds of parsable; reject it.
+  if (cert.valid_start().is_null() || cert.valid_expiry().is_null() ||
+      cert.valid_start().is_max() || cert.valid_expiry().is_max()) {
     return ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS;
-  if (AllSCTsPastDistinctSCTRequirementEnforcementDate(verified_scts) &&
-      !HasEnoughDiverseSCTs(verified_scts)) {
+  }
+
+  // Scan for the earliest SCT. This is used to determine whether to enforce
+  // log diversity requirements, as well as whether to enforce whether or not
+  // a log was qualified or pending qualification at time of issuance (in the
+  // case of embedded SCTs). It's acceptable to ignore the origin of the SCT,
+  // because SCTs delivered via OCSP/TLS extension will cover the full
+  // certificate, which necessarily will exist only after the precertificate
+  // has been logged and the actual certificate issued.
+  // Note: Here, issuance date is defined as the earliest of all SCTs, rather
+  // than the latest of embedded SCTs, in order to give CAs the benefit of
+  // the doubt in the event a log is revoked in the midst of processing
+  // a precertificate and issuing the certificate.
+  base::Time issuance_date = base::Time::Max();
+  for (const auto& sct : verified_scts) {
+    base::Time unused;
+    if (ct::IsLogDisqualified(sct->log_id, &unused))
+      continue;
+    issuance_date = std::min(sct->timestamp, issuance_date);
+  }
+
+  bool has_valid_google_sct = false;
+  bool has_valid_nongoogle_sct = false;
+  bool has_valid_embedded_sct = false;
+  bool has_valid_nonembedded_sct = false;
+  bool has_embedded_google_sct = false;
+  bool has_embedded_nongoogle_sct = false;
+  std::vector<base::StringPiece> embedded_log_ids;
+  for (const auto& sct : verified_scts) {
+    base::Time disqualification_date;
+    bool is_disqualified =
+        ct::IsLogDisqualified(sct->log_id, &disqualification_date);
+    if (is_disqualified &&
+        sct->origin != ct::SignedCertificateTimestamp::SCT_EMBEDDED) {
+      // For OCSP and TLS delivered SCTs, only SCTs that are valid at the
+      // time of check are accepted.
+      continue;
+    }
+
+    if (ct::IsLogOperatedByGoogle(sct->log_id)) {
+      has_valid_google_sct |= !is_disqualified;
+      if (sct->origin == ct::SignedCertificateTimestamp::SCT_EMBEDDED)
+        has_embedded_google_sct = true;
+    } else {
+      has_valid_nongoogle_sct |= !is_disqualified;
+      if (sct->origin == ct::SignedCertificateTimestamp::SCT_EMBEDDED)
+        has_embedded_nongoogle_sct = true;
+    }
+    if (sct->origin != ct::SignedCertificateTimestamp::SCT_EMBEDDED) {
+      has_valid_nonembedded_sct = true;
+    } else {
+      has_valid_embedded_sct |= !is_disqualified;
+      // If the log is disqualified, it only counts towards quorum if
+      // the certificate was issued before the log was disqualified, and the
+      // SCT was obtained before the log was disqualified.
+      if (!is_disqualified || (issuance_date < disqualification_date &&
+                               sct->timestamp < disqualification_date)) {
+        embedded_log_ids.push_back(sct->log_id);
+      }
+    }
+  }
+
+  // Option 1:
+  // An SCT presented via the TLS extension OR embedded within a stapled OCSP
+  //   response is from a log qualified at time of check;
+  // AND there is at least one SCT from a Google Log that is qualified at
+  //   time of check, presented via any method;
+  // AND there is at least one SCT from a non-Google Log that is qualified
+  //   at the time of check, presented via any method.
+  //
+  // Note: Because SCTs embedded via TLS or OCSP can be updated on the fly,
+  // the issuance date is irrelevant, as any policy changes can be
+  // accomodated.
+  if (has_valid_nonembedded_sct && has_valid_google_sct &&
+      has_valid_nongoogle_sct) {
+    return ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS;
+  }
+  // Note: If has_valid_nonembedded_sct was true, but Option 2 isn't met,
+  // then the result will be that there weren't diverse enough SCTs, as that
+  // the only other way for the conditional above to fail). Because Option 1
+  // has the diversity requirement, it's implicitly a minimum number of SCTs
+  // (specifically, 2), but that's not explicitly specified in the policy.
+
+  // Option 2:
+  // There is at least one embedded SCT from a log qualified at the time of
+  //   check ...
+  if (!has_valid_embedded_sct) {
+    // Under Option 2, there weren't enough SCTs, and potentially under
+    // Option 1, there weren't diverse enough SCTs. Try to signal the error
+    // that is most easily fixed.
+    return has_valid_nonembedded_sct
+               ? ct::CertPolicyCompliance::CERT_POLICY_NOT_DIVERSE_SCTS
+               : ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS;
+  }
+
+  // ... AND there is at least one embedded SCT from a Google Log once or
+  //   currently qualified;
+  // AND there is at least one embedded SCT from a non-Google Log once or
+  //   currently qualified;
+  // ...
+  //
+  // Note: This policy language is only enforced after the below issuance
+  // date, as that's when the diversity policy first came into effect for
+  // SCTs embedded in certificates.
+  // The date when diverse SCTs requirement is effective from.
+  // 2015-07-01 00:00:00 UTC.
+  const base::Time kDiverseSCTRequirementStartDate =
+      base::Time::FromInternalValue(INT64_C(13080182400000000));
+  if (issuance_date >= kDiverseSCTRequirementStartDate &&
+      !(has_embedded_google_sct && has_embedded_nongoogle_sct)) {
+    // Note: This also covers the case for non-embedded SCTs, as it's only
+    // possible to reach here if both sets are not diverse enough.
     return ct::CertPolicyCompliance::CERT_POLICY_NOT_DIVERSE_SCTS;
   }
 
-  return ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS;
+  size_t lifetime_in_months = 0;
+  bool has_partial_month = false;
+  RoundedDownMonthDifference(cert.valid_start(), cert.valid_expiry(),
+                             &lifetime_in_months, &has_partial_month);
+
+  // ... AND the certificate embeds SCTs from AT LEAST the number of logs
+  //   once or currently qualified shown in Table 1 of the CT Policy.
+  size_t num_required_embedded_scts = 5;
+  if (lifetime_in_months > 39 ||
+      (lifetime_in_months == 39 && has_partial_month)) {
+    num_required_embedded_scts = 5;
+  } else if (lifetime_in_months > 27 ||
+             (lifetime_in_months == 27 && has_partial_month)) {
+    num_required_embedded_scts = 4;
+  } else if (lifetime_in_months >= 15) {
+    num_required_embedded_scts = 3;
+  } else {
+    num_required_embedded_scts = 2;
+  }
+
+  // Sort the embedded log IDs and remove duplicates, so that only a single
+  // SCT from each log is accepted. This is to handle the case where a given
+  // log returns different SCTs for the same precertificate (which is
+  // permitted, but advised against).
+  std::sort(embedded_log_ids.begin(), embedded_log_ids.end());
+  auto sorted_end =
+      std::unique(embedded_log_ids.begin(), embedded_log_ids.end());
+  size_t num_embedded_scts =
+      std::distance(embedded_log_ids.begin(), sorted_end);
+
+  if (num_embedded_scts >= num_required_embedded_scts)
+    return ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS;
+
+  // Under Option 2, there weren't enough SCTs, and potentially under Option
+  // 1, there weren't diverse enough SCTs. Try to signal the error that is
+  // most easily fixed.
+  return has_valid_nonembedded_sct
+             ? ct::CertPolicyCompliance::CERT_POLICY_NOT_DIVERSE_SCTS
+             : ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS;
 }
 
 ct::EVPolicyCompliance CertPolicyComplianceToEVPolicyCompliance(
@@ -306,7 +383,7 @@ void CheckCTEVPolicyCompliance(X509Certificate* cert,
                                const BoundNetLog& net_log,
                                EVComplianceDetails* result) {
   result->status = CertPolicyComplianceToEVPolicyCompliance(
-      CheckCertPolicyCompliance(cert, verified_scts, net_log));
+      CheckCertPolicyCompliance(*cert, verified_scts));
   if (ev_whitelist && ev_whitelist->IsValid())
     result->whitelist_version = ev_whitelist->Version();
 
@@ -332,7 +409,7 @@ ct::CertPolicyCompliance CTPolicyEnforcer::DoesConformToCertPolicy(
   if (!build_timely) {
     compliance = ct::CertPolicyCompliance::CERT_POLICY_BUILD_NOT_TIMELY;
   } else {
-    compliance = CheckCertPolicyCompliance(cert, verified_scts, net_log);
+    compliance = CheckCertPolicyCompliance(*cert, verified_scts);
   }
 
   NetLog::ParametersCallback net_log_callback =
diff --git a/chromium/net/cert/ct_policy_enforcer.h b/chromium/net/cert/ct_policy_enforcer.h
index 110c208ee49..c49e09101b1 100644
--- a/chromium/net/cert/ct_policy_enforcer.h
+++ b/chromium/net/cert/ct_policy_enforcer.h
@@ -93,6 +93,8 @@ class NET_EXPORT CTPolicyEnforcer {
   // ||verified_scts| contains any/all SCTs associated with |cert| that
   // |have been verified (well-formed, issued by known logs, and
   // |applying to |cert|).
+  // Note: |ev_whitelist| is an optional whitelist of certificates considered
+  // to be conforming.
   virtual ct::EVPolicyCompliance DoesConformToCTEVPolicy(
       X509Certificate* cert,
       const ct::EVCertsWhitelist* ev_whitelist,
diff --git a/chromium/net/cert/ct_policy_enforcer_unittest.cc b/chromium/net/cert/ct_policy_enforcer_unittest.cc
index a2cfb048ba4..105b4fd76bb 100644
--- a/chromium/net/cert/ct_policy_enforcer_unittest.cc
+++ b/chromium/net/cert/ct_policy_enforcer_unittest.cc
@@ -4,9 +4,9 @@
 
 #include "net/cert/ct_policy_enforcer.h"
 
+#include <memory>
 #include <string>
 
-#include "base/memory/scoped_ptr.h"
 #include "base/time/time.h"
 #include "base/version.h"
 #include "crypto/sha2.h"
@@ -63,7 +63,7 @@ class CTPolicyEnforcerTest : public ::testing::Test {
                                               der_test_cert.size());
     ASSERT_TRUE(chain_.get());
     google_log_id_ = std::string(kGoogleAviatorLogID, crypto::kSHA256Length);
-    non_google_log_id_.assign(crypto::kSHA256Length, 'A');
+    non_google_log_id_.assign(crypto::kSHA256Length, 1);
   }
 
   void FillListWithSCTsOfOrigin(
@@ -79,19 +79,44 @@ class CTPolicyEnforcerTest : public ::testing::Test {
       if (i < desired_log_keys.size())
         sct->log_id = desired_log_keys[i];
       else
-        sct->log_id = non_google_log_id_;
+        sct->log_id = std::string(crypto::kSHA256Length, static_cast<char>(i));
 
-      if (timestamp_past_enforcement_date)
+      if (timestamp_past_enforcement_date) {
         sct->timestamp =
             base::Time::FromUTCExploded({2015, 8, 0, 15, 0, 0, 0, 0});
-      else
+      } else {
         sct->timestamp =
             base::Time::FromUTCExploded({2015, 6, 0, 15, 0, 0, 0, 0});
+      }
 
       verified_scts->push_back(sct);
     }
   }
 
+  void AddDisqualifiedLogSCT(
+      ct::SignedCertificateTimestamp::Origin desired_origin,
+      bool timestamp_after_disqualification_date,
+      ct::SCTList* verified_scts) {
+    static const char kCertlyLogID[] =
+        "\xcd\xb5\x17\x9b\x7f\xc1\xc0\x46\xfe\xea\x31\x13\x6a\x3f\x8f\x00\x2e"
+        "\x61\x82\xfa\xf8\x89\x6f\xec\xc8\xb2\xf5\xb5\xab\x60\x49\x00";
+    static_assert(arraysize(kCertlyLogID) - 1 == crypto::kSHA256Length,
+                  "Incorrect log ID length.");
+
+    scoped_refptr<ct::SignedCertificateTimestamp> sct(
+        new ct::SignedCertificateTimestamp());
+    sct->origin = desired_origin;
+    sct->log_id = std::string(kCertlyLogID, crypto::kSHA256Length);
+    if (timestamp_after_disqualification_date) {
+      sct->timestamp =
+          base::Time::FromUTCExploded({2016, 4, 0, 16, 0, 0, 0, 0});
+    } else {
+      sct->timestamp = base::Time::FromUTCExploded({2016, 4, 0, 1, 0, 0, 0, 0});
+    }
+
+    verified_scts->push_back(sct);
+  }
+
   void FillListWithSCTsOfOrigin(
       ct::SignedCertificateTimestamp::Origin desired_origin,
       size_t num_scts,
@@ -102,27 +127,15 @@ class CTPolicyEnforcerTest : public ::testing::Test {
                              verified_scts);
   }
 
-  void FillSCTListWithRepeatedLogID(const std::string& desired_id,
-                                    size_t num_scts,
-                                    bool timestamp_past_enforcement_date,
-                                    ct::SCTList* verified_scts) {
-    std::vector<std::string> desired_log_ids(num_scts, desired_id);
-
-    FillListWithSCTsOfOrigin(
-        ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION, num_scts,
-        desired_log_ids, timestamp_past_enforcement_date, verified_scts);
-  }
-
   void CheckCertificateCompliesWithExactNumberOfEmbeddedSCTs(
       const base::Time& start,
       const base::Time& end,
       size_t required_scts) {
     scoped_refptr<X509Certificate> cert(
         new X509Certificate("subject", "issuer", start, end));
-    ct::SCTList scts;
-
     for (size_t i = 0; i < required_scts - 1; ++i) {
-      FillListWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 1,
+      ct::SCTList scts;
+      FillListWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, i,
                                std::vector<std::string>(), false, &scts);
       EXPECT_EQ(ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS,
                 policy_enforcer_->DoesConformToCertPolicy(cert.get(), scts,
@@ -135,8 +148,10 @@ class CTPolicyEnforcerTest : public ::testing::Test {
           << " for: " << (end - start).InDays() << " and " << required_scts
           << " scts=" << scts.size() << " i=" << i;
     }
-    FillListWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 1,
-                             std::vector<std::string>(), false, &scts);
+    ct::SCTList scts;
+    FillListWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED,
+                             required_scts, std::vector<std::string>(), false,
+                             &scts);
     EXPECT_EQ(ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS,
               policy_enforcer_->DoesConformToCertPolicy(cert.get(), scts,
                                                         BoundNetLog()))
@@ -150,7 +165,7 @@ class CTPolicyEnforcerTest : public ::testing::Test {
   }
 
  protected:
-  scoped_ptr<CTPolicyEnforcer> policy_enforcer_;
+  std::unique_ptr<CTPolicyEnforcer> policy_enforcer_;
   scoped_refptr<X509Certificate> chain_;
   std::string google_log_id_;
   std::string non_google_log_id_;
@@ -159,7 +174,11 @@ class CTPolicyEnforcerTest : public ::testing::Test {
 TEST_F(CTPolicyEnforcerTest,
        DoesNotConformToCTEVPolicyNotEnoughDiverseSCTsAllGoogle) {
   ct::SCTList scts;
-  FillSCTListWithRepeatedLogID(google_log_id_, 2, true, &scts);
+  std::vector<std::string> desired_log_ids(2, google_log_id_);
+
+  FillListWithSCTsOfOrigin(
+      ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION,
+      desired_log_ids.size(), desired_log_ids, true, &scts);
 
   EXPECT_EQ(ct::CertPolicyCompliance::CERT_POLICY_NOT_DIVERSE_SCTS,
             policy_enforcer_->DoesConformToCertPolicy(chain_.get(), scts,
@@ -172,7 +191,11 @@ TEST_F(CTPolicyEnforcerTest,
 TEST_F(CTPolicyEnforcerTest,
        DoesNotConformToCTEVPolicyNotEnoughDiverseSCTsAllNonGoogle) {
   ct::SCTList scts;
-  FillSCTListWithRepeatedLogID(non_google_log_id_, 2, true, &scts);
+  std::vector<std::string> desired_log_ids(2, non_google_log_id_);
+
+  FillListWithSCTsOfOrigin(
+      ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION,
+      desired_log_ids.size(), desired_log_ids, true, &scts);
 
   EXPECT_EQ(ct::CertPolicyCompliance::CERT_POLICY_NOT_DIVERSE_SCTS,
             policy_enforcer_->DoesConformToCertPolicy(chain_.get(), scts,
@@ -184,7 +207,10 @@ TEST_F(CTPolicyEnforcerTest,
 
 TEST_F(CTPolicyEnforcerTest, ConformsToCTEVPolicyIfSCTBeforeEnforcementDate) {
   ct::SCTList scts;
-  FillSCTListWithRepeatedLogID(non_google_log_id_, 2, false, &scts);
+  // |chain_| is valid for 10 years - over 121 months - so requires 5 SCTs.
+  // All 5 SCTs will be from non-Google logs.
+  FillListWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 5,
+                           std::vector<std::string>(), false, &scts);
 
   EXPECT_EQ(ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS,
             policy_enforcer_->DoesConformToCertPolicy(chain_.get(), scts,
@@ -208,7 +234,7 @@ TEST_F(CTPolicyEnforcerTest, ConformsToCTEVPolicyWithNonEmbeddedSCTs) {
 }
 
 TEST_F(CTPolicyEnforcerTest, ConformsToCTEVPolicyWithEmbeddedSCTs) {
-  // This chain_ is valid for 10 years - over 121 months - so requires 5 SCTs.
+  // |chain_| is valid for 10 years - over 121 months - so requires 5 SCTs.
   ct::SCTList scts;
   FillListWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 5,
                            &scts);
@@ -221,14 +247,63 @@ TEST_F(CTPolicyEnforcerTest, ConformsToCTEVPolicyWithEmbeddedSCTs) {
                                                       scts, BoundNetLog()));
 }
 
+TEST_F(CTPolicyEnforcerTest, ConformsToCTEVPolicyWithPooledNonEmbeddedSCTs) {
+  ct::SCTList scts;
+  std::vector<std::string> desired_logs;
+
+  // One Google log, delivered via OCSP.
+  desired_logs.clear();
+  desired_logs.push_back(google_log_id_);
+  FillListWithSCTsOfOrigin(
+      ct::SignedCertificateTimestamp::SCT_FROM_OCSP_RESPONSE,
+      desired_logs.size(), desired_logs, true, &scts);
+
+  // One non-Google log, delivered via TLS.
+  desired_logs.clear();
+  desired_logs.push_back(non_google_log_id_);
+  FillListWithSCTsOfOrigin(
+      ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION,
+      desired_logs.size(), desired_logs, true, &scts);
+
+  EXPECT_EQ(ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS,
+            policy_enforcer_->DoesConformToCertPolicy(chain_.get(), scts,
+                                                      BoundNetLog()));
+  EXPECT_EQ(ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_SCTS,
+            policy_enforcer_->DoesConformToCTEVPolicy(chain_.get(), nullptr,
+                                                      scts, BoundNetLog()));
+}
+
+TEST_F(CTPolicyEnforcerTest, ConformsToCTEVPolicyWithPooledEmbeddedSCTs) {
+  ct::SCTList scts;
+  std::vector<std::string> desired_logs;
+
+  // One Google log, delivered embedded.
+  desired_logs.clear();
+  desired_logs.push_back(google_log_id_);
+  FillListWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED,
+                           desired_logs.size(), desired_logs, true, &scts);
+
+  // One non-Google log, delivered via OCSP.
+  desired_logs.clear();
+  desired_logs.push_back(non_google_log_id_);
+  FillListWithSCTsOfOrigin(
+      ct::SignedCertificateTimestamp::SCT_FROM_OCSP_RESPONSE,
+      desired_logs.size(), desired_logs, true, &scts);
+
+  EXPECT_EQ(ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS,
+            policy_enforcer_->DoesConformToCertPolicy(chain_.get(), scts,
+                                                      BoundNetLog()));
+  EXPECT_EQ(ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_SCTS,
+            policy_enforcer_->DoesConformToCTEVPolicy(chain_.get(), nullptr,
+                                                      scts, BoundNetLog()));
+}
+
 TEST_F(CTPolicyEnforcerTest, DoesNotConformToCTEVPolicyNotEnoughSCTs) {
   scoped_refptr<ct::EVCertsWhitelist> non_including_whitelist(
       new DummyEVCertsWhitelist(true, false));
-  // This chain_ is valid for 10 years - over 121 months - so requires 5 SCTs.
-  // However, as there are only two logs, two SCTs will be required - supply one
-  // to guarantee the test fails.
+  // |chain_| is valid for 10 years - over 121 months - so requires 5 SCTs.
   ct::SCTList scts;
-  FillListWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 1,
+  FillListWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 2,
                            &scts);
 
   EXPECT_EQ(ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS,
@@ -247,6 +322,154 @@ TEST_F(CTPolicyEnforcerTest, DoesNotConformToCTEVPolicyNotEnoughSCTs) {
                 chain_.get(), whitelist.get(), scts, BoundNetLog()));
 }
 
+TEST_F(CTPolicyEnforcerTest, DoesNotConformToCTEVPolicyNotEnoughFreshSCTs) {
+  ct::SCTList scts;
+
+  // The results should be the same before and after disqualification,
+  // regardless of the delivery method.
+
+  // SCT from before disqualification.
+  scts.clear();
+  FillListWithSCTsOfOrigin(
+      ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION, 1, &scts);
+  AddDisqualifiedLogSCT(ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION,
+                        false, &scts);
+  EXPECT_EQ(ct::CertPolicyCompliance::CERT_POLICY_NOT_DIVERSE_SCTS,
+            policy_enforcer_->DoesConformToCertPolicy(chain_.get(), scts,
+                                                      BoundNetLog()));
+  EXPECT_EQ(ct::EVPolicyCompliance::EV_POLICY_NOT_DIVERSE_SCTS,
+            policy_enforcer_->DoesConformToCTEVPolicy(chain_.get(), nullptr,
+                                                      scts, BoundNetLog()));
+
+  // SCT from after disqualification.
+  scts.clear();
+  FillListWithSCTsOfOrigin(
+      ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION, 1, &scts);
+  AddDisqualifiedLogSCT(ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION,
+                        true, &scts);
+  EXPECT_EQ(ct::CertPolicyCompliance::CERT_POLICY_NOT_DIVERSE_SCTS,
+            policy_enforcer_->DoesConformToCertPolicy(chain_.get(), scts,
+                                                      BoundNetLog()));
+  EXPECT_EQ(ct::EVPolicyCompliance::EV_POLICY_NOT_DIVERSE_SCTS,
+            policy_enforcer_->DoesConformToCTEVPolicy(chain_.get(), nullptr,
+                                                      scts, BoundNetLog()));
+
+  // Embedded SCT from before disqualification.
+  scts.clear();
+  FillListWithSCTsOfOrigin(
+      ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION, 1, &scts);
+  AddDisqualifiedLogSCT(ct::SignedCertificateTimestamp::SCT_EMBEDDED, false,
+                        &scts);
+  EXPECT_EQ(ct::CertPolicyCompliance::CERT_POLICY_NOT_DIVERSE_SCTS,
+            policy_enforcer_->DoesConformToCertPolicy(chain_.get(), scts,
+                                                      BoundNetLog()));
+  EXPECT_EQ(ct::EVPolicyCompliance::EV_POLICY_NOT_DIVERSE_SCTS,
+            policy_enforcer_->DoesConformToCTEVPolicy(chain_.get(), nullptr,
+                                                      scts, BoundNetLog()));
+
+  // Embedded SCT from after disqualification.
+  scts.clear();
+  FillListWithSCTsOfOrigin(
+      ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION, 1, &scts);
+  AddDisqualifiedLogSCT(ct::SignedCertificateTimestamp::SCT_EMBEDDED, true,
+                        &scts);
+  EXPECT_EQ(ct::CertPolicyCompliance::CERT_POLICY_NOT_DIVERSE_SCTS,
+            policy_enforcer_->DoesConformToCertPolicy(chain_.get(), scts,
+                                                      BoundNetLog()));
+  EXPECT_EQ(ct::EVPolicyCompliance::EV_POLICY_NOT_DIVERSE_SCTS,
+            policy_enforcer_->DoesConformToCTEVPolicy(chain_.get(), nullptr,
+                                                      scts, BoundNetLog()));
+}
+
+TEST_F(CTPolicyEnforcerTest,
+       ConformsWithDisqualifiedLogBeforeDisqualificationDate) {
+  ct::SCTList scts;
+  FillListWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 4,
+                           &scts);
+  AddDisqualifiedLogSCT(ct::SignedCertificateTimestamp::SCT_EMBEDDED, false,
+                        &scts);
+
+  // |chain_| is valid for 10 years - over 121 months - so requires 5 SCTs.
+  EXPECT_EQ(ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS,
+            policy_enforcer_->DoesConformToCertPolicy(chain_.get(), scts,
+                                                      BoundNetLog()));
+  EXPECT_EQ(ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_SCTS,
+            policy_enforcer_->DoesConformToCTEVPolicy(chain_.get(), nullptr,
+                                                      scts, BoundNetLog()));
+}
+
+TEST_F(CTPolicyEnforcerTest,
+       DoesNotConformWithDisqualifiedLogAfterDisqualificationDate) {
+  ct::SCTList scts;
+  FillListWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 4,
+                           &scts);
+  AddDisqualifiedLogSCT(ct::SignedCertificateTimestamp::SCT_EMBEDDED, true,
+                        &scts);
+
+  // |chain_| is valid for 10 years - over 121 months - so requires 5 SCTs.
+  EXPECT_EQ(ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS,
+            policy_enforcer_->DoesConformToCertPolicy(chain_.get(), scts,
+                                                      BoundNetLog()));
+  EXPECT_EQ(ct::EVPolicyCompliance::EV_POLICY_NOT_ENOUGH_SCTS,
+            policy_enforcer_->DoesConformToCTEVPolicy(chain_.get(), nullptr,
+                                                      scts, BoundNetLog()));
+}
+
+TEST_F(CTPolicyEnforcerTest,
+       DoesNotConformWithIssuanceDateAfterDisqualificationDate) {
+  ct::SCTList scts;
+  AddDisqualifiedLogSCT(ct::SignedCertificateTimestamp::SCT_EMBEDDED, true,
+                        &scts);
+  FillListWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 4,
+                           &scts);
+  // Make sure all SCTs are after the disqualification date.
+  for (size_t i = 1; i < scts.size(); ++i)
+    scts[i]->timestamp = scts[0]->timestamp;
+
+  // |chain_| is valid for 10 years - over 121 months - so requires 5 SCTs.
+  EXPECT_EQ(ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS,
+            policy_enforcer_->DoesConformToCertPolicy(chain_.get(), scts,
+                                                      BoundNetLog()));
+  EXPECT_EQ(ct::EVPolicyCompliance::EV_POLICY_NOT_ENOUGH_SCTS,
+            policy_enforcer_->DoesConformToCTEVPolicy(chain_.get(), nullptr,
+                                                      scts, BoundNetLog()));
+}
+
+TEST_F(CTPolicyEnforcerTest,
+       DoesNotConformToCTEVPolicyNotEnoughUniqueEmbeddedLogs) {
+  ct::SCTList scts;
+  std::vector<std::string> desired_logs;
+
+  // One Google Log.
+  desired_logs.clear();
+  desired_logs.push_back(google_log_id_);
+  FillListWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED,
+                           desired_logs.size(), desired_logs, true, &scts);
+
+  // Two distinct non-Google logs.
+  desired_logs.clear();
+  desired_logs.push_back(std::string(crypto::kSHA256Length, 'A'));
+  desired_logs.push_back(std::string(crypto::kSHA256Length, 'B'));
+  FillListWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED,
+                           desired_logs.size(), desired_logs, true, &scts);
+
+  // Two unique SCTs from the same non-Google log.
+  desired_logs.clear();
+  desired_logs.push_back(std::string(crypto::kSHA256Length, 'C'));
+  desired_logs.push_back(std::string(crypto::kSHA256Length, 'C'));
+  FillListWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED,
+                           desired_logs.size(), desired_logs, true, &scts);
+
+  // |chain_| is valid for 10 years - over 121 months - so requires 5 SCTs.
+  // However, there are only 4 SCTs are from distinct logs.
+  EXPECT_EQ(ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS,
+            policy_enforcer_->DoesConformToCertPolicy(chain_.get(), scts,
+                                                      BoundNetLog()));
+  EXPECT_EQ(ct::EVPolicyCompliance::EV_POLICY_NOT_ENOUGH_SCTS,
+            policy_enforcer_->DoesConformToCTEVPolicy(chain_.get(), nullptr,
+                                                      scts, BoundNetLog()));
+}
+
 // TODO(estark): fix this test so that it can check if
 // |no_valid_dates_cert| is on the whitelist without
 // crashing. https://crbug.com/582740
@@ -321,7 +544,7 @@ TEST_F(CTPolicyEnforcerTest, ConformsToPolicyByEVWhitelistPresence) {
       new DummyEVCertsWhitelist(true, true));
 
   ct::SCTList scts;
-  FillListWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 1,
+  FillListWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 2,
                            &scts);
   EXPECT_EQ(ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS,
             policy_enforcer_->DoesConformToCertPolicy(chain_.get(), scts,
@@ -336,7 +559,7 @@ TEST_F(CTPolicyEnforcerTest, IgnoresInvalidEVWhitelist) {
       new DummyEVCertsWhitelist(false, true));
 
   ct::SCTList scts;
-  FillListWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 1,
+  FillListWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 2,
                            &scts);
   EXPECT_EQ(ct::EVPolicyCompliance::EV_POLICY_NOT_ENOUGH_SCTS,
             policy_enforcer_->DoesConformToCTEVPolicy(
@@ -345,7 +568,7 @@ TEST_F(CTPolicyEnforcerTest, IgnoresInvalidEVWhitelist) {
 
 TEST_F(CTPolicyEnforcerTest, IgnoresNullEVWhitelist) {
   ct::SCTList scts;
-  FillListWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 1,
+  FillListWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 2,
                            &scts);
   EXPECT_EQ(ct::EVPolicyCompliance::EV_POLICY_NOT_ENOUGH_SCTS,
             policy_enforcer_->DoesConformToCTEVPolicy(chain_.get(), nullptr,
diff --git a/chromium/net/cert/ct_serialization.cc b/chromium/net/cert/ct_serialization.cc
index 2de83087260..60d94263423 100644
--- a/chromium/net/cert/ct_serialization.cc
+++ b/chromium/net/cert/ct_serialization.cc
@@ -11,6 +11,10 @@
 
 #include "base/logging.h"
 #include "base/numerics/safe_math.h"
+#include "crypto/sha2.h"
+#include "net/cert/merkle_tree_leaf.h"
+#include "net/cert/signed_certificate_timestamp.h"
+#include "net/cert/signed_tree_head.h"
 
 namespace net {
 
@@ -19,22 +23,24 @@ namespace ct {
 namespace {
 
 // Note: length is always specified in bytes.
-// Signed Certificate Timestamp (SCT) Version length
+// CT protocol version length
 const size_t kVersionLength = 1;
 
-// Members of a V1 SCT
-const size_t kLogIdLength = 32;
+// Common V1 struct members
 const size_t kTimestampLength = 8;
+const size_t kLogEntryTypeLength = 2;
+const size_t kAsn1CertificateLengthBytes = 3;
+const size_t kTbsCertificateLengthBytes = 3;
 const size_t kExtensionsLengthBytes = 2;
+
+// Members of a V1 SCT
+const size_t kLogIdLength = crypto::kSHA256Length;
 const size_t kHashAlgorithmLength = 1;
 const size_t kSigAlgorithmLength = 1;
 const size_t kSignatureLengthBytes = 2;
 
 // Members of the digitally-signed struct of a V1 SCT
 const size_t kSignatureTypeLength = 1;
-const size_t kLogEntryTypeLength = 2;
-const size_t kAsn1CertificateLengthBytes = 3;
-const size_t kTbsCertificateLengthBytes = 3;
 
 const size_t kSCTListLengthBytes = 2;
 const size_t kSerializedSCTLengthBytes = 2;
@@ -42,6 +48,10 @@ const size_t kSerializedSCTLengthBytes = 2;
 // Members of digitally-signed struct of a STH
 const size_t kTreeSizeLength = 8;
 
+// Members of a V1 MerkleTreeLeaf
+const size_t kMerkleLeafTypeLength = 1;
+const size_t kIssuerKeyHashLength = crypto::kSHA256Length;
+
 enum SignatureType {
   SIGNATURE_TYPE_CERTIFICATE_TIMESTAMP = 0,
   TREE_HASH = 1,
@@ -254,7 +264,7 @@ bool EncodePrecertLogEntry(const LogEntry& input, std::string* output) {
   WriteEncodedBytes(
       base::StringPiece(
           reinterpret_cast<const char*>(input.issuer_key_hash.data),
-          kLogIdLength),
+          kIssuerKeyHashLength),
       output);
   return WriteVariableBytes(kTbsCertificateLengthBytes,
                             input.tbs_certificate, output);
@@ -335,11 +345,23 @@ static void WriteTimeSinceEpoch(const base::Time& timestamp,
   WriteUint(kTimestampLength, time_since_epoch.InMilliseconds(), output);
 }
 
+bool EncodeTreeLeaf(const MerkleTreeLeaf& leaf, std::string* output) {
+  WriteUint(kVersionLength, 0, output);         // version: 1
+  WriteUint(kMerkleLeafTypeLength, 0, output);  // type: timestamped entry
+  WriteTimeSinceEpoch(leaf.timestamp, output);
+  if (!EncodeLogEntry(leaf.log_entry, output))
+    return false;
+  if (!WriteVariableBytes(kExtensionsLengthBytes, leaf.extensions, output))
+    return false;
+
+  return true;
+}
+
 bool EncodeV1SCTSignedData(const base::Time& timestamp,
                            const std::string& serialized_log_entry,
                            const std::string& extensions,
                            std::string* output) {
-  WriteUint(kVersionLength, SignedCertificateTimestamp::SCT_VERSION_1,
+  WriteUint(kVersionLength, SignedCertificateTimestamp::V1,
             output);
   WriteUint(kSignatureTypeLength, SIGNATURE_TYPE_CERTIFICATE_TIMESTAMP,
             output);
@@ -383,12 +405,12 @@ bool DecodeSignedCertificateTimestamp(
   unsigned version;
   if (!ReadUint(kVersionLength, input, &version))
     return false;
-  if (version != SignedCertificateTimestamp::SCT_VERSION_1) {
+  if (version != SignedCertificateTimestamp::V1) {
     DVLOG(1) << "Unsupported/invalid version " << version;
     return false;
   }
 
-  result->version = SignedCertificateTimestamp::SCT_VERSION_1;
+  result->version = SignedCertificateTimestamp::V1;
   base::StringPiece log_id;
   base::StringPiece extensions;
   if (!ReadFixedBytes(kLogIdLength, input, &log_id) ||
diff --git a/chromium/net/cert/ct_serialization.h b/chromium/net/cert/ct_serialization.h
index f183247469f..269892d3512 100644
--- a/chromium/net/cert/ct_serialization.h
+++ b/chromium/net/cert/ct_serialization.h
@@ -8,10 +8,10 @@
 #include <string>
 #include <vector>
 
+#include "base/memory/ref_counted.h"
 #include "base/strings/string_piece.h"
+#include "base/time/time.h"
 #include "net/base/net_export.h"
-#include "net/cert/signed_certificate_timestamp.h"
-#include "net/cert/signed_tree_head.h"
 
 namespace net {
 
@@ -19,6 +19,12 @@ namespace net {
 // Transparency to/from the TLS wire format encoding.
 namespace ct {
 
+struct DigitallySigned;
+struct LogEntry;
+struct MerkleTreeLeaf;
+struct SignedCertificateTimestamp;
+struct SignedTreeHead;
+
 // If |input.signature_data| is less than kMaxSignatureLength, encodes the
 // |input| to |output| and returns true. Otherwise, returns false.
 NET_EXPORT_PRIVATE bool EncodeDigitallySigned(const DigitallySigned& input,
@@ -35,6 +41,12 @@ NET_EXPORT_PRIVATE bool DecodeDigitallySigned(base::StringPiece* input,
 NET_EXPORT_PRIVATE bool EncodeLogEntry(const LogEntry& input,
                                        std::string* output);
 
+// Serialises the Merkle tree |leaf|, appending it to |output|.
+// These bytes can be hashed for use with audit proof fetching.
+// Note that |leaf.log_id| is not part of the TLS encoding, and so will not be
+// serialized.
+NET_EXPORT bool EncodeTreeLeaf(const MerkleTreeLeaf& leaf, std::string* output);
+
 // Encodes the data signed by a Signed Certificate Timestamp (SCT) into
 // |output|. The signature included in the SCT is then verified over these
 // bytes.
diff --git a/chromium/net/cert/ct_serialization_unittest.cc b/chromium/net/cert/ct_serialization_unittest.cc
index 74cc0e900d8..f4360fc4766 100644
--- a/chromium/net/cert/ct_serialization_unittest.cc
+++ b/chromium/net/cert/ct_serialization_unittest.cc
@@ -10,12 +10,18 @@
 #include "base/files/file_util.h"
 #include "net/base/test_completion_callback.h"
 #include "net/base/test_data_directory.h"
+#include "net/cert/merkle_tree_leaf.h"
+#include "net/cert/signed_certificate_timestamp.h"
+#include "net/cert/signed_tree_head.h"
 #include "net/cert/x509_certificate.h"
 #include "net/log/net_log.h"
 #include "net/test/cert_test_util.h"
 #include "net/test/ct_test_util.h"
+#include "testing/gmock/include/gmock/gmock.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
+using ::testing::ElementsAreArray;
+
 namespace net {
 
 class CtSerializationTest : public ::testing::Test {
@@ -77,7 +83,7 @@ TEST_F(CtSerializationTest, EncodesDigitallySigned) {
 
 TEST_F(CtSerializationTest, EncodesLogEntryForX509Cert) {
   ct::LogEntry entry;
-  GetX509CertLogEntry(&entry);
+  ct::GetX509CertLogEntry(&entry);
 
   std::string encoded;
   ASSERT_TRUE(ct::EncodeLogEntry(entry, &encoded));
@@ -90,6 +96,24 @@ TEST_F(CtSerializationTest, EncodesLogEntryForX509Cert) {
   EXPECT_EQ(expected_prefix, encoded.substr(0, 5));
 }
 
+TEST_F(CtSerializationTest, EncodesLogEntryForPrecert) {
+  ct::LogEntry entry;
+  ct::GetPrecertLogEntry(&entry);
+
+  std::string encoded;
+  ASSERT_TRUE(ct::EncodeLogEntry(entry, &encoded));
+  EXPECT_EQ(604u, encoded.size());
+  // First two bytes are the log entry type.
+  EXPECT_EQ(std::string("\x00\x01", 2), encoded.substr(0, 2));
+  // Next comes the 32-byte issuer key hash
+  EXPECT_THAT(encoded.substr(2, 32),
+              ElementsAreArray(entry.issuer_key_hash.data));
+  // Then the length of the TBS cert (604 bytes = 0x237)
+  EXPECT_EQ(std::string("\x00\x02\x37", 3), encoded.substr(34, 3));
+  // Then the TBS cert itself
+  EXPECT_EQ(entry.tbs_certificate, encoded.substr(37));
+}
+
 TEST_F(CtSerializationTest, EncodesV1SCTSignedData) {
   base::Time timestamp = base::Time::UnixEpoch() +
       base::TimeDelta::FromMilliseconds(1348589665525);
@@ -162,6 +186,61 @@ TEST_F(CtSerializationTest, FailsDecodingInvalidSignedCertificateTimestamp) {
       ct::DecodeSignedCertificateTimestamp(&invalid_length_sct, &sct));
 }
 
+TEST_F(CtSerializationTest, EncodesMerkleTreeLeafForX509Cert) {
+  ct::MerkleTreeLeaf tree_leaf;
+  ct::GetX509CertTreeLeaf(&tree_leaf);
+
+  std::string encoded;
+  ASSERT_TRUE(ct::EncodeTreeLeaf(tree_leaf, &encoded));
+  EXPECT_EQ(741u, encoded.size()) << "Merkle tree leaf encoded incorrectly";
+  EXPECT_EQ(std::string("\x00", 1), encoded.substr(0, 1)) <<
+      "Version encoded incorrectly";
+  EXPECT_EQ(std::string("\x00", 1), encoded.substr(1, 1)) <<
+      "Merkle tree leaf type encoded incorrectly";
+  EXPECT_EQ(std::string("\x00\x00\x01\x45\x3c\x5f\xb8\x35", 8),
+            encoded.substr(2, 8)) <<
+      "Timestamp encoded incorrectly";
+  EXPECT_EQ(std::string("\x00\x00", 2), encoded.substr(10, 2)) <<
+      "Log entry type encoded incorrectly";
+  EXPECT_EQ(std::string("\x00\x02\xce", 3), encoded.substr(12, 3)) <<
+      "Certificate length encoded incorrectly";
+  EXPECT_EQ(tree_leaf.log_entry.leaf_certificate, encoded.substr(15, 718)) <<
+      "Certificate encoded incorrectly";
+  EXPECT_EQ(std::string("\x00\x06", 2), encoded.substr(733, 2)) <<
+      "CT extensions length encoded incorrectly";
+  EXPECT_EQ(tree_leaf.extensions, encoded.substr(735, 6)) <<
+      "CT extensions encoded incorrectly";
+}
+
+TEST_F(CtSerializationTest, EncodesMerkleTreeLeafForPrecert) {
+  ct::MerkleTreeLeaf tree_leaf;
+  ct::GetPrecertTreeLeaf(&tree_leaf);
+
+  std::string encoded;
+  ASSERT_TRUE(ct::EncodeTreeLeaf(tree_leaf, &encoded));
+  EXPECT_EQ(622u, encoded.size()) << "Merkle tree leaf encoded incorrectly";
+  EXPECT_EQ(std::string("\x00", 1), encoded.substr(0, 1)) <<
+      "Version encoded incorrectly";
+  EXPECT_EQ(std::string("\x00", 1), encoded.substr(1, 1)) <<
+      "Merkle tree leaf type encoded incorrectly";
+  EXPECT_EQ(std::string("\x00\x00\x01\x45\x3c\x5f\xb8\x35", 8),
+            encoded.substr(2, 8)) <<
+      "Timestamp encoded incorrectly";
+  EXPECT_EQ(std::string("\x00\x01", 2), encoded.substr(10, 2)) <<
+      "Log entry type encoded incorrectly";
+  EXPECT_THAT(encoded.substr(12, 32),
+              ElementsAreArray(tree_leaf.log_entry.issuer_key_hash.data)) <<
+      "Issuer key hash encoded incorrectly";
+  EXPECT_EQ(std::string("\x00\x02\x37", 3), encoded.substr(44, 3)) <<
+      "TBS certificate length encoded incorrectly";
+  EXPECT_EQ(tree_leaf.log_entry.tbs_certificate, encoded.substr(47, 567)) <<
+      "TBS certificate encoded incorrectly";
+  EXPECT_EQ(std::string("\x00\x06", 2), encoded.substr(614, 2)) <<
+      "CT extensions length encoded incorrectly";
+  EXPECT_EQ(tree_leaf.extensions, encoded.substr(616, 6)) <<
+      "CT extensions encoded incorrectly";
+}
+
 TEST_F(CtSerializationTest, EncodesValidSignedTreeHead) {
   ct::SignedTreeHead signed_tree_head;
   ASSERT_TRUE(GetSampleSignedTreeHead(&signed_tree_head));
diff --git a/chromium/net/cert/ct_signed_certificate_timestamp_log_param.cc b/chromium/net/cert/ct_signed_certificate_timestamp_log_param.cc
index 042f59fa16b..6d5b864a3b2 100644
--- a/chromium/net/cert/ct_signed_certificate_timestamp_log_param.cc
+++ b/chromium/net/cert/ct_signed_certificate_timestamp_log_param.cc
@@ -5,6 +5,7 @@
 #include "net/cert/ct_signed_certificate_timestamp_log_param.h"
 
 #include <algorithm>
+#include <memory>
 #include <string>
 #include <utility>
 
@@ -90,9 +91,9 @@ void SetBinaryData(
 // Returns a dictionary where each key is a field of the SCT and its value
 // is this field's value in the SCT. This dictionary is meant to be used for
 // outputting a de-serialized SCT to the NetLog.
-scoped_ptr<base::DictionaryValue> SCTToDictionary(
+std::unique_ptr<base::DictionaryValue> SCTToDictionary(
     const ct::SignedCertificateTimestamp& sct) {
-  scoped_ptr<base::DictionaryValue> out(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> out(new base::DictionaryValue());
 
   out->SetString("origin", OriginToString(sct.origin));
   out->SetInteger("version", sct.version);
@@ -115,9 +116,9 @@ scoped_ptr<base::DictionaryValue> SCTToDictionary(
 
 // Given a list of SCTs, return a ListValue instance where each item in the
 // list is a dictionary created by SCTToDictionary.
-scoped_ptr<base::ListValue> SCTListToPrintableValues(
+std::unique_ptr<base::ListValue> SCTListToPrintableValues(
     const ct::SCTList& sct_list) {
-  scoped_ptr<base::ListValue> output_scts(new base::ListValue());
+  std::unique_ptr<base::ListValue> output_scts(new base::ListValue());
   for (const auto& sct : sct_list)
     output_scts->Append(SCTToDictionary(*(sct.get())));
 
@@ -126,10 +127,10 @@ scoped_ptr<base::ListValue> SCTListToPrintableValues(
 
 }  // namespace
 
-scoped_ptr<base::Value> NetLogSignedCertificateTimestampCallback(
+std::unique_ptr<base::Value> NetLogSignedCertificateTimestampCallback(
     const ct::CTVerifyResult* ct_result,
     NetLogCaptureMode capture_mode) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
 
   dict->Set("verified_scts",
             SCTListToPrintableValues(ct_result->verified_scts));
@@ -143,12 +144,12 @@ scoped_ptr<base::Value> NetLogSignedCertificateTimestampCallback(
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogRawSignedCertificateTimestampCallback(
+std::unique_ptr<base::Value> NetLogRawSignedCertificateTimestampCallback(
     const std::string* embedded_scts,
     const std::string* sct_list_from_ocsp,
     const std::string* sct_list_from_tls_extension,
     NetLogCaptureMode capture_mode) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
 
   SetBinaryData("embedded_scts", *embedded_scts, dict.get());
   SetBinaryData("scts_from_ocsp_response", *sct_list_from_ocsp, dict.get());
diff --git a/chromium/net/cert/ct_signed_certificate_timestamp_log_param.h b/chromium/net/cert/ct_signed_certificate_timestamp_log_param.h
index 4b1ccb3164e..7d2466906cf 100644
--- a/chromium/net/cert/ct_signed_certificate_timestamp_log_param.h
+++ b/chromium/net/cert/ct_signed_certificate_timestamp_log_param.h
@@ -5,6 +5,8 @@
 #ifndef NET_CERT_CT_SIGNED_CERTIFICATE_TIMESTAMP_LOG_PARAM_H_
 #define NET_CERT_CT_SIGNED_CERTIFICATE_TIMESTAMP_LOG_PARAM_H_
 
+#include <memory>
+
 #include "net/log/net_log.h"
 
 namespace net {
@@ -17,7 +19,7 @@ struct CTVerifyResult;
 // logged in the NetLog.
 // See the documentation for SIGNED_CERTIFICATE_TIMESTAMPS_CHECKED
 // in net/log/net_log_event_type_list.h
-scoped_ptr<base::Value> NetLogSignedCertificateTimestampCallback(
+std::unique_ptr<base::Value> NetLogSignedCertificateTimestampCallback(
     const ct::CTVerifyResult* ct_result,
     NetLogCaptureMode capture_mode);
 
@@ -25,7 +27,7 @@ scoped_ptr<base::Value> NetLogSignedCertificateTimestampCallback(
 // in the NetLog.
 // See the documentation for SIGNED_CERTIFICATE_TIMESTAMPS_RECEIVED
 // in net/log/net_log_event_type_list.h
-scoped_ptr<base::Value> NetLogRawSignedCertificateTimestampCallback(
+std::unique_ptr<base::Value> NetLogRawSignedCertificateTimestampCallback(
     const std::string* embedded_scts,
     const std::string* sct_list_from_ocsp,
     const std::string* sct_list_from_tls_extension,
diff --git a/chromium/net/cert/ev_root_ca_metadata.cc b/chromium/net/cert/ev_root_ca_metadata.cc
index a46e50a6f71..26f9773d326 100644
--- a/chromium/net/cert/ev_root_ca_metadata.cc
+++ b/chromium/net/cert/ev_root_ca_metadata.cc
@@ -4,7 +4,7 @@
 
 #include "net/cert/ev_root_ca_metadata.h"
 
-#if defined(USE_NSS_VERIFIER)
+#if defined(USE_NSS_CERTS)
 #include <cert.h>
 #include <pkcs11n.h>
 #include <secerr.h>
@@ -15,13 +15,13 @@
 
 #include "base/lazy_instance.h"
 #include "base/logging.h"
-#if defined(USE_NSS_VERIFIER)
+#if defined(USE_NSS_CERTS)
 #include "crypto/nss_util.h"
 #endif
 
 namespace net {
 
-#if defined(USE_NSS_VERIFIER) || defined(OS_WIN)
+#if defined(USE_NSS_CERTS) || defined(OS_WIN)
 // Raw metadata.
 struct EVMetadata {
   // kMaxOIDsPerCA is the number of OIDs that we can support per root CA. At
@@ -582,7 +582,7 @@ EVRootCAMetadata* EVRootCAMetadata::GetInstance() {
   return g_ev_root_ca_metadata.Pointer();
 }
 
-#if defined(USE_NSS_VERIFIER)
+#if defined(USE_NSS_CERTS)
 bool EVRootCAMetadata::IsEVPolicyOID(PolicyOID policy_oid) const {
   return policy_oids_.find(policy_oid) != policy_oids_.end();
 }
@@ -673,7 +673,7 @@ bool EVRootCAMetadata::IsEVPolicyOID(PolicyOID policy_oid) const {
 bool EVRootCAMetadata::HasEVPolicyOID(const SHA1HashValue& fingerprint,
                                       PolicyOID policy_oid) const {
   for (size_t i = 0; i < arraysize(ev_root_ca_metadata); i++) {
-    if (!fingerprint.Equals(ev_root_ca_metadata[i].fingerprint))
+    if (fingerprint != ev_root_ca_metadata[i].fingerprint)
       continue;
     for (size_t j = 0; j < arraysize(ev_root_ca_metadata[i].policy_oids); j++) {
       if (ev_root_ca_metadata[i].policy_oids[j][0] == '\0')
@@ -691,7 +691,7 @@ bool EVRootCAMetadata::HasEVPolicyOID(const SHA1HashValue& fingerprint,
 bool EVRootCAMetadata::AddEVCA(const SHA1HashValue& fingerprint,
                                const char* policy) {
   for (size_t i = 0; i < arraysize(ev_root_ca_metadata); i++) {
-    if (fingerprint.Equals(ev_root_ca_metadata[i].fingerprint))
+    if (fingerprint == ev_root_ca_metadata[i].fingerprint)
       return false;
   }
 
@@ -728,7 +728,7 @@ bool EVRootCAMetadata::RemoveEVCA(const SHA1HashValue& fingerprint) {
 
 EVRootCAMetadata::EVRootCAMetadata() {
   // Constructs the object from the raw metadata in ev_root_ca_metadata.
-#if defined(USE_NSS_VERIFIER)
+#if defined(USE_NSS_CERTS)
   crypto::EnsureNSSInit();
 
   for (size_t i = 0; i < arraysize(ev_root_ca_metadata); i++) {
diff --git a/chromium/net/cert/ev_root_ca_metadata.h b/chromium/net/cert/ev_root_ca_metadata.h
index 967dcbbdd48..dfb14bc6aa4 100644
--- a/chromium/net/cert/ev_root_ca_metadata.h
+++ b/chromium/net/cert/ev_root_ca_metadata.h
@@ -7,7 +7,7 @@
 
 #include "build/build_config.h"
 
-#if defined(USE_NSS_VERIFIER)
+#if defined(USE_NSS_CERTS)
 #include <secoidt.h>
 #endif
 
@@ -31,7 +31,7 @@ namespace net {
 // extended-validation (EV) certificates.
 class NET_EXPORT_PRIVATE EVRootCAMetadata {
  public:
-#if defined(USE_NSS_VERIFIER)
+#if defined(USE_NSS_CERTS)
   typedef SECOidTag PolicyOID;
 #elif defined(OS_WIN)
   typedef const char* PolicyOID;
@@ -39,7 +39,7 @@ class NET_EXPORT_PRIVATE EVRootCAMetadata {
 
   static EVRootCAMetadata* GetInstance();
 
-#if defined(USE_NSS_VERIFIER) || defined(OS_WIN)
+#if defined(USE_NSS_CERTS) || defined(OS_WIN)
   // Returns true if policy_oid is an EV policy OID of some root CA.
   bool IsEVPolicyOID(PolicyOID policy_oid) const;
 
@@ -64,7 +64,7 @@ class NET_EXPORT_PRIVATE EVRootCAMetadata {
   EVRootCAMetadata();
   ~EVRootCAMetadata();
 
-#if defined(USE_NSS_VERIFIER)
+#if defined(USE_NSS_CERTS)
   typedef std::map<SHA1HashValue, std::vector<PolicyOID>,
                    SHA1HashValueLessThan> PolicyOIDMap;
 
diff --git a/chromium/net/cert/internal/name_constraints.cc b/chromium/net/cert/internal/name_constraints.cc
index 9141a02ddea..a515789730d 100644
--- a/chromium/net/cert/internal/name_constraints.cc
+++ b/chromium/net/cert/internal/name_constraints.cc
@@ -6,6 +6,8 @@
 
 #include <limits.h>
 
+#include <memory>
+
 #include "base/strings/string_util.h"
 #include "net/cert/internal/verify_name_match.h"
 #include "net/der/input.h"
@@ -298,11 +300,11 @@ GeneralNames::GeneralNames() {}
 GeneralNames::~GeneralNames() {}
 
 // static
-scoped_ptr<GeneralNames> GeneralNames::CreateFromDer(
+std::unique_ptr<GeneralNames> GeneralNames::CreateFromDer(
     const der::Input& general_names_tlv) {
   // RFC 5280 section 4.2.1.6:
   // GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
-  scoped_ptr<GeneralNames> general_names(new GeneralNames());
+  std::unique_ptr<GeneralNames> general_names(new GeneralNames());
   der::Parser parser(general_names_tlv);
   der::Parser sequence_parser;
   if (!parser.ReadSequence(&sequence_parser))
@@ -330,10 +332,10 @@ scoped_ptr<GeneralNames> GeneralNames::CreateFromDer(
 NameConstraints::~NameConstraints() {}
 
 // static
-scoped_ptr<NameConstraints> NameConstraints::CreateFromDer(
+std::unique_ptr<NameConstraints> NameConstraints::CreateFromDer(
     const der::Input& extension_value,
     bool is_critical) {
-  scoped_ptr<NameConstraints> name_constraints(new NameConstraints());
+  std::unique_ptr<NameConstraints> name_constraints(new NameConstraints());
   if (!name_constraints->Parse(extension_value, is_critical))
     return nullptr;
   return name_constraints;
diff --git a/chromium/net/cert/internal/name_constraints.h b/chromium/net/cert/internal/name_constraints.h
index 35ff91359bf..ccf4ac12b74 100644
--- a/chromium/net/cert/internal/name_constraints.h
+++ b/chromium/net/cert/internal/name_constraints.h
@@ -7,10 +7,10 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <vector>
 
 #include "base/compiler_specific.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/ip_address.h"
 
 namespace net {
@@ -48,7 +48,7 @@ struct NET_EXPORT GeneralNames {
 
   // Create a GeneralNames object representing the DER-encoded
   // |general_names_tlv|.
-  static scoped_ptr<GeneralNames> CreateFromDer(
+  static std::unique_ptr<GeneralNames> CreateFromDer(
       const der::Input& general_names_tlv);
 
   // ASCII hostnames.
@@ -84,7 +84,7 @@ class NET_EXPORT NameConstraints {
   // the OCTET STRING tag). |is_critical| should be true if the extension was
   // marked critical. Returns nullptr if parsing the the extension failed.
   // The object lifetime is not bound to the lifetime of |extension_value| data.
-  static scoped_ptr<NameConstraints> CreateFromDer(
+  static std::unique_ptr<NameConstraints> CreateFromDer(
       const der::Input& extension_value,
       bool is_critical);
 
diff --git a/chromium/net/cert/internal/name_constraints_unittest.cc b/chromium/net/cert/internal/name_constraints_unittest.cc
index 693597da3aa..f61e1da5c2d 100644
--- a/chromium/net/cert/internal/name_constraints_unittest.cc
+++ b/chromium/net/cert/internal/name_constraints_unittest.cc
@@ -4,6 +4,8 @@
 
 #include "net/cert/internal/name_constraints.h"
 
+#include <memory>
+
 #include "net/base/ip_address.h"
 #include "net/cert/internal/test_helpers.h"
 #include "testing/gtest/include/gtest/gtest.h"
@@ -41,7 +43,7 @@ namespace {
 
 ::testing::AssertionResult LoadTestSubjectAltName(
     const std::string& basename,
-    scoped_ptr<GeneralNames>* result) {
+    std::unique_ptr<GeneralNames>* result) {
   std::string san_der;
   ::testing::AssertionResult load_result =
       LoadTestSubjectAltNameData(basename, &san_der);
@@ -71,7 +73,7 @@ TEST_P(ParseNameConstraints, DNSNames) {
   std::string a;
   ASSERT_TRUE(LoadTestNameConstraint("dnsname.pem", &a));
 
-  scoped_ptr<NameConstraints> name_constraints(
+  std::unique_ptr<NameConstraints> name_constraints(
       NameConstraints::CreateFromDer(der::Input(&a), is_critical()));
   ASSERT_TRUE(name_constraints);
 
@@ -136,7 +138,7 @@ TEST_P(ParseNameConstraints, DNSNames) {
 
   EXPECT_EQ(GENERAL_NAME_DNS_NAME, name_constraints->ConstrainedNameTypes());
 
-  scoped_ptr<GeneralNames> san;
+  std::unique_ptr<GeneralNames> san;
   ASSERT_TRUE(LoadTestSubjectAltName("san-permitted.pem", &san));
   EXPECT_TRUE(name_constraints->IsPermittedCert(der::Input(), san.get()));
 
@@ -154,7 +156,7 @@ TEST_P(ParseNameConstraints,
        DNSNamesWithMultipleLevelsBetweenExcludedAndPermitted) {
   std::string a;
   ASSERT_TRUE(LoadTestNameConstraint("dnsname2.pem", &a));
-  scoped_ptr<NameConstraints> name_constraints(
+  std::unique_ptr<NameConstraints> name_constraints(
       NameConstraints::CreateFromDer(der::Input(&a), is_critical()));
   ASSERT_TRUE(name_constraints);
 
@@ -184,7 +186,7 @@ TEST_P(ParseNameConstraints, DNSNamesWithLeadingDot) {
   std::string a;
   ASSERT_TRUE(
       LoadTestNameConstraint("dnsname-permitted_with_leading_dot.pem", &a));
-  scoped_ptr<NameConstraints> name_constraints(
+  std::unique_ptr<NameConstraints> name_constraints(
       NameConstraints::CreateFromDer(der::Input(&a), is_critical()));
   ASSERT_TRUE(name_constraints);
 
@@ -201,7 +203,7 @@ TEST_P(ParseNameConstraints, DNSNamesExcludeOnly) {
   std::string a;
   ASSERT_TRUE(LoadTestNameConstraint("dnsname-excluded.pem", &a));
 
-  scoped_ptr<NameConstraints> name_constraints(
+  std::unique_ptr<NameConstraints> name_constraints(
       NameConstraints::CreateFromDer(der::Input(&a), is_critical()));
   ASSERT_TRUE(name_constraints);
 
@@ -220,7 +222,7 @@ TEST_P(ParseNameConstraints, DNSNamesExcludeAll) {
   std::string a;
   ASSERT_TRUE(LoadTestNameConstraint("dnsname-excludeall.pem", &a));
 
-  scoped_ptr<NameConstraints> name_constraints(
+  std::unique_ptr<NameConstraints> name_constraints(
       NameConstraints::CreateFromDer(der::Input(&a), is_critical()));
   ASSERT_TRUE(name_constraints);
 
@@ -237,7 +239,7 @@ TEST_P(ParseNameConstraints, DNSNamesExcludeDot) {
   std::string a;
   ASSERT_TRUE(LoadTestNameConstraint("dnsname-exclude_dot.pem", &a));
 
-  scoped_ptr<NameConstraints> name_constraints(
+  std::unique_ptr<NameConstraints> name_constraints(
       NameConstraints::CreateFromDer(der::Input(&a), is_critical()));
   ASSERT_TRUE(name_constraints);
 
@@ -281,8 +283,9 @@ TEST_P(ParseNameConstraints, DirectoryNames) {
   std::string name_ca;
   ASSERT_TRUE(LoadTestName("name-ca.pem", &name_ca));
 
-  scoped_ptr<NameConstraints> name_constraints(NameConstraints::CreateFromDer(
-      der::Input(&constraints_der), is_critical()));
+  std::unique_ptr<NameConstraints> name_constraints(
+      NameConstraints::CreateFromDer(der::Input(&constraints_der),
+                                     is_critical()));
   ASSERT_TRUE(name_constraints);
 
   // Not in any permitted subtree.
@@ -325,7 +328,7 @@ TEST_P(ParseNameConstraints, DirectoryNames) {
   EXPECT_FALSE(name_constraints->IsPermittedCert(
       SequenceValueFromString(&name_us_ca), nullptr /* subject_alt_names */));
 
-  scoped_ptr<GeneralNames> san;
+  std::unique_ptr<GeneralNames> san;
   ASSERT_TRUE(LoadTestSubjectAltName("san-permitted.pem", &san));
   EXPECT_TRUE(name_constraints->IsPermittedCert(der::Input(), san.get()));
 
@@ -343,8 +346,9 @@ TEST_P(ParseNameConstraints, DirectoryNamesExcludeOnly) {
   std::string constraints_der;
   ASSERT_TRUE(
       LoadTestNameConstraint("directoryname-excluded.pem", &constraints_der));
-  scoped_ptr<NameConstraints> name_constraints(NameConstraints::CreateFromDer(
-      der::Input(&constraints_der), is_critical()));
+  std::unique_ptr<NameConstraints> name_constraints(
+      NameConstraints::CreateFromDer(der::Input(&constraints_der),
+                                     is_critical()));
   ASSERT_TRUE(name_constraints);
 
   std::string name_empty;
@@ -373,8 +377,9 @@ TEST_P(ParseNameConstraints, DirectoryNamesExcludeAll) {
   std::string constraints_der;
   ASSERT_TRUE(
       LoadTestNameConstraint("directoryname-excludeall.pem", &constraints_der));
-  scoped_ptr<NameConstraints> name_constraints(NameConstraints::CreateFromDer(
-      der::Input(&constraints_der), is_critical()));
+  std::unique_ptr<NameConstraints> name_constraints(
+      NameConstraints::CreateFromDer(der::Input(&constraints_der),
+                                     is_critical()));
   ASSERT_TRUE(name_constraints);
 
   std::string name_empty;
@@ -405,7 +410,7 @@ TEST_P(ParseNameConstraints, IPAdresses) {
   std::string a;
   ASSERT_TRUE(LoadTestNameConstraint("ipaddress.pem", &a));
 
-  scoped_ptr<NameConstraints> name_constraints(
+  std::unique_ptr<NameConstraints> name_constraints(
       NameConstraints::CreateFromDer(der::Input(&a), is_critical()));
   ASSERT_TRUE(name_constraints);
 
@@ -502,7 +507,7 @@ TEST_P(ParseNameConstraints, IPAdresses) {
 
   EXPECT_EQ(GENERAL_NAME_IP_ADDRESS, name_constraints->ConstrainedNameTypes());
 
-  scoped_ptr<GeneralNames> san;
+  std::unique_ptr<GeneralNames> san;
   ASSERT_TRUE(LoadTestSubjectAltName("san-permitted.pem", &san));
   EXPECT_TRUE(name_constraints->IsPermittedCert(der::Input(), san.get()));
 
@@ -520,7 +525,7 @@ TEST_P(ParseNameConstraints, IPAdressesExcludeOnly) {
   std::string a;
   ASSERT_TRUE(LoadTestNameConstraint("ipaddress-excluded.pem", &a));
 
-  scoped_ptr<NameConstraints> name_constraints(
+  std::unique_ptr<NameConstraints> name_constraints(
       NameConstraints::CreateFromDer(der::Input(&a), is_critical()));
   ASSERT_TRUE(name_constraints);
 
@@ -536,7 +541,7 @@ TEST_P(ParseNameConstraints, IPAdressesExcludeAll) {
   std::string a;
   ASSERT_TRUE(LoadTestNameConstraint("ipaddress-excludeall.pem", &a));
 
-  scoped_ptr<NameConstraints> name_constraints(
+  std::unique_ptr<NameConstraints> name_constraints(
       NameConstraints::CreateFromDer(der::Input(&a), is_critical()));
   ASSERT_TRUE(name_constraints);
 
@@ -555,7 +560,7 @@ TEST_P(ParseNameConstraints, IPAdressesNetmaskPermitSingleHost) {
   std::string a;
   ASSERT_TRUE(LoadTestNameConstraint("ipaddress-permit_singlehost.pem", &a));
 
-  scoped_ptr<NameConstraints> name_constraints(
+  std::unique_ptr<NameConstraints> name_constraints(
       NameConstraints::CreateFromDer(der::Input(&a), is_critical()));
   ASSERT_TRUE(name_constraints);
 
@@ -571,7 +576,7 @@ TEST_P(ParseNameConstraints, IPAdressesNetmaskPermitPrefixLen31) {
   std::string a;
   ASSERT_TRUE(LoadTestNameConstraint("ipaddress-permit_prefix31.pem", &a));
 
-  scoped_ptr<NameConstraints> name_constraints(
+  std::unique_ptr<NameConstraints> name_constraints(
       NameConstraints::CreateFromDer(der::Input(&a), is_critical()));
   ASSERT_TRUE(name_constraints);
 
@@ -588,7 +593,7 @@ TEST_P(ParseNameConstraints, IPAdressesNetmaskPermitPrefixLen1) {
   std::string a;
   ASSERT_TRUE(LoadTestNameConstraint("ipaddress-permit_prefix1.pem", &a));
 
-  scoped_ptr<NameConstraints> name_constraints(
+  std::unique_ptr<NameConstraints> name_constraints(
       NameConstraints::CreateFromDer(der::Input(&a), is_critical()));
   ASSERT_TRUE(name_constraints);
 
@@ -604,7 +609,7 @@ TEST_P(ParseNameConstraints, IPAdressesNetmaskPermitAll) {
   std::string a;
   ASSERT_TRUE(LoadTestNameConstraint("ipaddress-permit_all.pem", &a));
 
-  scoped_ptr<NameConstraints> name_constraints(
+  std::unique_ptr<NameConstraints> name_constraints(
       NameConstraints::CreateFromDer(der::Input(&a), is_critical()));
   ASSERT_TRUE(name_constraints);
 
@@ -643,8 +648,9 @@ TEST_P(ParseNameConstraints, OtherNamesInPermitted) {
   std::string constraints_der;
   ASSERT_TRUE(
       LoadTestNameConstraint("othername-permitted.pem", &constraints_der));
-  scoped_ptr<NameConstraints> name_constraints(NameConstraints::CreateFromDer(
-      der::Input(&constraints_der), is_critical()));
+  std::unique_ptr<NameConstraints> name_constraints(
+      NameConstraints::CreateFromDer(der::Input(&constraints_der),
+                                     is_critical()));
   ASSERT_TRUE(name_constraints);
 
   if (is_critical()) {
@@ -654,7 +660,7 @@ TEST_P(ParseNameConstraints, OtherNamesInPermitted) {
     EXPECT_EQ(0, name_constraints->ConstrainedNameTypes());
   }
 
-  scoped_ptr<GeneralNames> san;
+  std::unique_ptr<GeneralNames> san;
   ASSERT_TRUE(LoadTestSubjectAltName("san-othername.pem", &san));
   EXPECT_EQ(!is_critical(),
             name_constraints->IsPermittedCert(der::Input(), san.get()));
@@ -664,8 +670,9 @@ TEST_P(ParseNameConstraints, OtherNamesInExcluded) {
   std::string constraints_der;
   ASSERT_TRUE(
       LoadTestNameConstraint("othername-excluded.pem", &constraints_der));
-  scoped_ptr<NameConstraints> name_constraints(NameConstraints::CreateFromDer(
-      der::Input(&constraints_der), is_critical()));
+  std::unique_ptr<NameConstraints> name_constraints(
+      NameConstraints::CreateFromDer(der::Input(&constraints_der),
+                                     is_critical()));
   ASSERT_TRUE(name_constraints);
 
   if (is_critical()) {
@@ -675,7 +682,7 @@ TEST_P(ParseNameConstraints, OtherNamesInExcluded) {
     EXPECT_EQ(0, name_constraints->ConstrainedNameTypes());
   }
 
-  scoped_ptr<GeneralNames> san;
+  std::unique_ptr<GeneralNames> san;
   ASSERT_TRUE(LoadTestSubjectAltName("san-othername.pem", &san));
   EXPECT_EQ(!is_critical(),
             name_constraints->IsPermittedCert(der::Input(), san.get()));
@@ -685,8 +692,9 @@ TEST_P(ParseNameConstraints, Rfc822NamesInPermitted) {
   std::string constraints_der;
   ASSERT_TRUE(
       LoadTestNameConstraint("rfc822name-permitted.pem", &constraints_der));
-  scoped_ptr<NameConstraints> name_constraints(NameConstraints::CreateFromDer(
-      der::Input(&constraints_der), is_critical()));
+  std::unique_ptr<NameConstraints> name_constraints(
+      NameConstraints::CreateFromDer(der::Input(&constraints_der),
+                                     is_critical()));
   ASSERT_TRUE(name_constraints);
 
   if (is_critical()) {
@@ -696,7 +704,7 @@ TEST_P(ParseNameConstraints, Rfc822NamesInPermitted) {
     EXPECT_EQ(0, name_constraints->ConstrainedNameTypes());
   }
 
-  scoped_ptr<GeneralNames> san;
+  std::unique_ptr<GeneralNames> san;
   ASSERT_TRUE(LoadTestSubjectAltName("san-rfc822name.pem", &san));
   EXPECT_EQ(!is_critical(),
             name_constraints->IsPermittedCert(der::Input(), san.get()));
@@ -706,8 +714,9 @@ TEST_P(ParseNameConstraints, Rfc822NamesInExcluded) {
   std::string constraints_der;
   ASSERT_TRUE(
       LoadTestNameConstraint("rfc822name-excluded.pem", &constraints_der));
-  scoped_ptr<NameConstraints> name_constraints(NameConstraints::CreateFromDer(
-      der::Input(&constraints_der), is_critical()));
+  std::unique_ptr<NameConstraints> name_constraints(
+      NameConstraints::CreateFromDer(der::Input(&constraints_der),
+                                     is_critical()));
   ASSERT_TRUE(name_constraints);
 
   if (is_critical()) {
@@ -717,7 +726,7 @@ TEST_P(ParseNameConstraints, Rfc822NamesInExcluded) {
     EXPECT_EQ(0, name_constraints->ConstrainedNameTypes());
   }
 
-  scoped_ptr<GeneralNames> san;
+  std::unique_ptr<GeneralNames> san;
   ASSERT_TRUE(LoadTestSubjectAltName("san-rfc822name.pem", &san));
   EXPECT_EQ(!is_critical(),
             name_constraints->IsPermittedCert(der::Input(), san.get()));
@@ -727,8 +736,9 @@ TEST_P(ParseNameConstraints, X400AddresssInPermitted) {
   std::string constraints_der;
   ASSERT_TRUE(
       LoadTestNameConstraint("x400address-permitted.pem", &constraints_der));
-  scoped_ptr<NameConstraints> name_constraints(NameConstraints::CreateFromDer(
-      der::Input(&constraints_der), is_critical()));
+  std::unique_ptr<NameConstraints> name_constraints(
+      NameConstraints::CreateFromDer(der::Input(&constraints_der),
+                                     is_critical()));
   ASSERT_TRUE(name_constraints);
 
   if (is_critical()) {
@@ -738,7 +748,7 @@ TEST_P(ParseNameConstraints, X400AddresssInPermitted) {
     EXPECT_EQ(0, name_constraints->ConstrainedNameTypes());
   }
 
-  scoped_ptr<GeneralNames> san;
+  std::unique_ptr<GeneralNames> san;
   ASSERT_TRUE(LoadTestSubjectAltName("san-x400address.pem", &san));
   EXPECT_EQ(!is_critical(),
             name_constraints->IsPermittedCert(der::Input(), san.get()));
@@ -748,8 +758,9 @@ TEST_P(ParseNameConstraints, X400AddresssInExcluded) {
   std::string constraints_der;
   ASSERT_TRUE(
       LoadTestNameConstraint("x400address-excluded.pem", &constraints_der));
-  scoped_ptr<NameConstraints> name_constraints(NameConstraints::CreateFromDer(
-      der::Input(&constraints_der), is_critical()));
+  std::unique_ptr<NameConstraints> name_constraints(
+      NameConstraints::CreateFromDer(der::Input(&constraints_der),
+                                     is_critical()));
   ASSERT_TRUE(name_constraints);
 
   if (is_critical()) {
@@ -759,7 +770,7 @@ TEST_P(ParseNameConstraints, X400AddresssInExcluded) {
     EXPECT_EQ(0, name_constraints->ConstrainedNameTypes());
   }
 
-  scoped_ptr<GeneralNames> san;
+  std::unique_ptr<GeneralNames> san;
   ASSERT_TRUE(LoadTestSubjectAltName("san-x400address.pem", &san));
   EXPECT_EQ(!is_critical(),
             name_constraints->IsPermittedCert(der::Input(), san.get()));
@@ -769,8 +780,9 @@ TEST_P(ParseNameConstraints, EdiPartyNamesInPermitted) {
   std::string constraints_der;
   ASSERT_TRUE(
       LoadTestNameConstraint("edipartyname-permitted.pem", &constraints_der));
-  scoped_ptr<NameConstraints> name_constraints(NameConstraints::CreateFromDer(
-      der::Input(&constraints_der), is_critical()));
+  std::unique_ptr<NameConstraints> name_constraints(
+      NameConstraints::CreateFromDer(der::Input(&constraints_der),
+                                     is_critical()));
   ASSERT_TRUE(name_constraints);
 
   if (is_critical()) {
@@ -780,7 +792,7 @@ TEST_P(ParseNameConstraints, EdiPartyNamesInPermitted) {
     EXPECT_EQ(0, name_constraints->ConstrainedNameTypes());
   }
 
-  scoped_ptr<GeneralNames> san;
+  std::unique_ptr<GeneralNames> san;
   ASSERT_TRUE(LoadTestSubjectAltName("san-edipartyname.pem", &san));
   EXPECT_EQ(!is_critical(),
             name_constraints->IsPermittedCert(der::Input(), san.get()));
@@ -790,8 +802,9 @@ TEST_P(ParseNameConstraints, EdiPartyNamesInExcluded) {
   std::string constraints_der;
   ASSERT_TRUE(
       LoadTestNameConstraint("edipartyname-excluded.pem", &constraints_der));
-  scoped_ptr<NameConstraints> name_constraints(NameConstraints::CreateFromDer(
-      der::Input(&constraints_der), is_critical()));
+  std::unique_ptr<NameConstraints> name_constraints(
+      NameConstraints::CreateFromDer(der::Input(&constraints_der),
+                                     is_critical()));
   ASSERT_TRUE(name_constraints);
 
   if (is_critical()) {
@@ -801,7 +814,7 @@ TEST_P(ParseNameConstraints, EdiPartyNamesInExcluded) {
     EXPECT_EQ(0, name_constraints->ConstrainedNameTypes());
   }
 
-  scoped_ptr<GeneralNames> san;
+  std::unique_ptr<GeneralNames> san;
   ASSERT_TRUE(LoadTestSubjectAltName("san-edipartyname.pem", &san));
   EXPECT_EQ(!is_critical(),
             name_constraints->IsPermittedCert(der::Input(), san.get()));
@@ -810,8 +823,9 @@ TEST_P(ParseNameConstraints, EdiPartyNamesInExcluded) {
 TEST_P(ParseNameConstraints, URIsInPermitted) {
   std::string constraints_der;
   ASSERT_TRUE(LoadTestNameConstraint("uri-permitted.pem", &constraints_der));
-  scoped_ptr<NameConstraints> name_constraints(NameConstraints::CreateFromDer(
-      der::Input(&constraints_der), is_critical()));
+  std::unique_ptr<NameConstraints> name_constraints(
+      NameConstraints::CreateFromDer(der::Input(&constraints_der),
+                                     is_critical()));
   ASSERT_TRUE(name_constraints);
 
   if (is_critical()) {
@@ -821,7 +835,7 @@ TEST_P(ParseNameConstraints, URIsInPermitted) {
     EXPECT_EQ(0, name_constraints->ConstrainedNameTypes());
   }
 
-  scoped_ptr<GeneralNames> san;
+  std::unique_ptr<GeneralNames> san;
   ASSERT_TRUE(LoadTestSubjectAltName("san-uri.pem", &san));
   EXPECT_EQ(!is_critical(),
             name_constraints->IsPermittedCert(der::Input(), san.get()));
@@ -830,8 +844,9 @@ TEST_P(ParseNameConstraints, URIsInPermitted) {
 TEST_P(ParseNameConstraints, URIsInExcluded) {
   std::string constraints_der;
   ASSERT_TRUE(LoadTestNameConstraint("uri-excluded.pem", &constraints_der));
-  scoped_ptr<NameConstraints> name_constraints(NameConstraints::CreateFromDer(
-      der::Input(&constraints_der), is_critical()));
+  std::unique_ptr<NameConstraints> name_constraints(
+      NameConstraints::CreateFromDer(der::Input(&constraints_der),
+                                     is_critical()));
   ASSERT_TRUE(name_constraints);
 
   if (is_critical()) {
@@ -841,7 +856,7 @@ TEST_P(ParseNameConstraints, URIsInExcluded) {
     EXPECT_EQ(0, name_constraints->ConstrainedNameTypes());
   }
 
-  scoped_ptr<GeneralNames> san;
+  std::unique_ptr<GeneralNames> san;
   ASSERT_TRUE(LoadTestSubjectAltName("san-uri.pem", &san));
   EXPECT_EQ(!is_critical(),
             name_constraints->IsPermittedCert(der::Input(), san.get()));
@@ -851,8 +866,9 @@ TEST_P(ParseNameConstraints, RegisteredIDsInPermitted) {
   std::string constraints_der;
   ASSERT_TRUE(
       LoadTestNameConstraint("registeredid-permitted.pem", &constraints_der));
-  scoped_ptr<NameConstraints> name_constraints(NameConstraints::CreateFromDer(
-      der::Input(&constraints_der), is_critical()));
+  std::unique_ptr<NameConstraints> name_constraints(
+      NameConstraints::CreateFromDer(der::Input(&constraints_der),
+                                     is_critical()));
   ASSERT_TRUE(name_constraints);
 
   if (is_critical()) {
@@ -862,7 +878,7 @@ TEST_P(ParseNameConstraints, RegisteredIDsInPermitted) {
     EXPECT_EQ(0, name_constraints->ConstrainedNameTypes());
   }
 
-  scoped_ptr<GeneralNames> san;
+  std::unique_ptr<GeneralNames> san;
   ASSERT_TRUE(LoadTestSubjectAltName("san-registeredid.pem", &san));
   EXPECT_EQ(!is_critical(),
             name_constraints->IsPermittedCert(der::Input(), san.get()));
@@ -872,8 +888,9 @@ TEST_P(ParseNameConstraints, RegisteredIDsInExcluded) {
   std::string constraints_der;
   ASSERT_TRUE(
       LoadTestNameConstraint("registeredid-excluded.pem", &constraints_der));
-  scoped_ptr<NameConstraints> name_constraints(NameConstraints::CreateFromDer(
-      der::Input(&constraints_der), is_critical()));
+  std::unique_ptr<NameConstraints> name_constraints(
+      NameConstraints::CreateFromDer(der::Input(&constraints_der),
+                                     is_critical()));
   ASSERT_TRUE(name_constraints);
 
   if (is_critical()) {
@@ -883,7 +900,7 @@ TEST_P(ParseNameConstraints, RegisteredIDsInExcluded) {
     EXPECT_EQ(0, name_constraints->ConstrainedNameTypes());
   }
 
-  scoped_ptr<GeneralNames> san;
+  std::unique_ptr<GeneralNames> san;
   ASSERT_TRUE(LoadTestSubjectAltName("san-registeredid.pem", &san));
   EXPECT_EQ(!is_critical(),
             name_constraints->IsPermittedCert(der::Input(), san.get()));
@@ -966,8 +983,9 @@ TEST_P(ParseNameConstraints, FailsOnEmptyExcluded) {
 TEST_P(ParseNameConstraints, IsPermittedCertSubjectEmailAddressIsOk) {
   std::string constraints_der;
   ASSERT_TRUE(LoadTestNameConstraint("directoryname.pem", &constraints_der));
-  scoped_ptr<NameConstraints> name_constraints(NameConstraints::CreateFromDer(
-      der::Input(&constraints_der), is_critical()));
+  std::unique_ptr<NameConstraints> name_constraints(
+      NameConstraints::CreateFromDer(der::Input(&constraints_der),
+                                     is_critical()));
   ASSERT_TRUE(name_constraints);
 
   std::string name_us_arizona_email;
@@ -985,8 +1003,9 @@ TEST_P(ParseNameConstraints, IsPermittedCertSubjectEmailAddressIsNotOk) {
   std::string constraints_der;
   ASSERT_TRUE(
       LoadTestNameConstraint("rfc822name-permitted.pem", &constraints_der));
-  scoped_ptr<NameConstraints> name_constraints(NameConstraints::CreateFromDer(
-      der::Input(&constraints_der), is_critical()));
+  std::unique_ptr<NameConstraints> name_constraints(
+      NameConstraints::CreateFromDer(der::Input(&constraints_der),
+                                     is_critical()));
   ASSERT_TRUE(name_constraints);
 
   std::string name_us_arizona_email;
@@ -1007,8 +1026,9 @@ TEST_P(ParseNameConstraints, IsPermittedCertSubjectDnsNames) {
   std::string constraints_der;
   ASSERT_TRUE(LoadTestNameConstraint("directoryname_and_dnsname.pem",
                                      &constraints_der));
-  scoped_ptr<NameConstraints> name_constraints(NameConstraints::CreateFromDer(
-      der::Input(&constraints_der), is_critical()));
+  std::unique_ptr<NameConstraints> name_constraints(
+      NameConstraints::CreateFromDer(der::Input(&constraints_der),
+                                     is_critical()));
   ASSERT_TRUE(name_constraints);
 
   std::string name_us_az_foocom;
@@ -1048,8 +1068,9 @@ TEST_P(ParseNameConstraints, IsPermittedCertSubjectIpAddresses) {
   std::string constraints_der;
   ASSERT_TRUE(LoadTestNameConstraint(
       "directoryname_and_dnsname_and_ipaddress.pem", &constraints_der));
-  scoped_ptr<NameConstraints> name_constraints(NameConstraints::CreateFromDer(
-      der::Input(&constraints_der), is_critical()));
+  std::unique_ptr<NameConstraints> name_constraints(
+      NameConstraints::CreateFromDer(der::Input(&constraints_der),
+                                     is_critical()));
   ASSERT_TRUE(name_constraints);
 
   std::string name_us_az_1_1_1_1;
diff --git a/chromium/net/cert/internal/parse_certificate.cc b/chromium/net/cert/internal/parse_certificate.cc
index 74538080c16..64f729a765e 100644
--- a/chromium/net/cert/internal/parse_certificate.cc
+++ b/chromium/net/cert/internal/parse_certificate.cc
@@ -167,7 +167,9 @@ bool VerifySerialNumber(const der::Input& value) {
 }
 
 bool ParseCertificate(const der::Input& certificate_tlv,
-                      ParsedCertificate* out) {
+                      der::Input* out_tbs_certificate_tlv,
+                      der::Input* out_signature_algorithm_tlv,
+                      der::BitString* out_signature_value) {
   der::Parser parser(certificate_tlv);
 
   //   Certificate  ::=  SEQUENCE  {
@@ -176,15 +178,15 @@ bool ParseCertificate(const der::Input& certificate_tlv,
     return false;
 
   //        tbsCertificate       TBSCertificate,
-  if (!ReadSequenceTLV(&certificate_parser, &out->tbs_certificate_tlv))
+  if (!ReadSequenceTLV(&certificate_parser, out_tbs_certificate_tlv))
     return false;
 
   //        signatureAlgorithm   AlgorithmIdentifier,
-  if (!ReadSequenceTLV(&certificate_parser, &out->signature_algorithm_tlv))
+  if (!ReadSequenceTLV(&certificate_parser, out_signature_algorithm_tlv))
     return false;
 
   //        signatureValue       BIT STRING  }
-  if (!certificate_parser.ReadBitString(&out->signature_value))
+  if (!certificate_parser.ReadBitString(out_signature_value))
     return false;
 
   // There isn't an extension point at the end of Certificate.
@@ -216,7 +218,9 @@ bool ParseCertificate(const der::Input& certificate_tlv,
 //        extensions      [3]  EXPLICIT Extensions OPTIONAL
 //                             -- If present, version MUST be v3
 //        }
-bool ParseTbsCertificate(const der::Input& tbs_tlv, ParsedTbsCertificate* out) {
+bool ParseTbsCertificate(const der::Input& tbs_tlv,
+                         const ParseCertificateOptions& options,
+                         ParsedTbsCertificate* out) {
   der::Parser parser(tbs_tlv);
 
   //   Certificate  ::=  SEQUENCE  {
@@ -246,8 +250,10 @@ bool ParseTbsCertificate(const der::Input& tbs_tlv, ParsedTbsCertificate* out) {
   //        serialNumber         CertificateSerialNumber,
   if (!tbs_parser.ReadTag(der::kInteger, &out->serial_number))
     return false;
-  if (!VerifySerialNumber(out->serial_number))
+  if (!options.allow_invalid_serial_numbers &&
+      !VerifySerialNumber(out->serial_number)) {
     return false;
+  }
 
   //        signature            AlgorithmIdentifier,
   if (!ReadSequenceTLV(&tbs_parser, &out->signature_algorithm_tlv))
diff --git a/chromium/net/cert/internal/parse_certificate.h b/chromium/net/cert/internal/parse_certificate.h
index eca692dd044..a7293503b21 100644
--- a/chromium/net/cert/internal/parse_certificate.h
+++ b/chromium/net/cert/internal/parse_certificate.h
@@ -16,7 +16,6 @@
 
 namespace net {
 
-struct ParsedCertificate;
 struct ParsedTbsCertificate;
 
 // Returns true if the given serial number (CertificateSerialNumber in RFC 5280)
@@ -44,30 +43,59 @@ struct ParsedTbsCertificate;
 //     Note: Non-conforming CAs may issue certificates with serial numbers
 //     that are negative or zero.  Certificate users SHOULD be prepared to
 //     gracefully handle such certificates.
-bool VerifySerialNumber(const der::Input& value) WARN_UNUSED_RESULT;
+NET_EXPORT bool VerifySerialNumber(const der::Input& value) WARN_UNUSED_RESULT;
+
+struct NET_EXPORT ParseCertificateOptions {
+  // If set to true, then parsing will skip checks on the certificate's serial
+  // number. The only requirement will be that the serial number is an INTEGER,
+  // however it is not required to be a valid DER-encoding (i.e. minimal
+  // encoding), nor is it required to be constrained to any particular length.
+  bool allow_invalid_serial_numbers = false;
+};
 
 // Parses a DER-encoded "Certificate" as specified by RFC 5280. Returns true on
-// success and sets the results in |out|.
+// success and sets the results in the |out_*| parameters.
 //
-// Note that on success |out| aliases data from the input |certificate_tlv|.
-// Hence the fields of the ParsedCertificate are only valid as long as
+// Note that on success the out parameters alias data from the input
+// |certificate_tlv|.  Hence the output values are only valid as long as
 // |certificate_tlv| remains valid.
 //
-// On failure |out| has an undefined state. Some of its fields may have been
-// updated during parsing, whereas others may not have been changed.
-//
-// Refer to the per-field documention of the ParsedCertificate structure for
-// details on what validity checks parsing performs.
+// On failure the out parameters have an undefined state. Some of them may have
+// been updated during parsing, whereas others may not have been changed.
 //
+// The out parameters represent each field of the Certificate SEQUENCE:
 //       Certificate  ::=  SEQUENCE  {
-//            tbsCertificate       TBSCertificate,
-//            signatureAlgorithm   AlgorithmIdentifier,
-//            signatureValue       BIT STRING  }
+//
+// The |out_tbs_certificate_tlv| parameter corresponds with "tbsCertificate"
+// from RFC 5280:
+//         tbsCertificate       TBSCertificate,
+//
+// This contains the full (unverified) Tag-Length-Value for a SEQUENCE. No
+// guarantees are made regarding the value of this SEQUENCE.
+// This can be further parsed using ParseTbsCertificate().
+//
+// The |out_signature_algorithm_tlv| parameter corresponds with
+// "signatureAlgorithm" from RFC 5280:
+//         signatureAlgorithm   AlgorithmIdentifier,
+//
+// This contains the full (unverified) Tag-Length-Value for a SEQUENCE. No
+// guarantees are made regarding the value of this SEQUENCE.
+// This can be further parsed using SignatureValue::CreateFromDer().
+//
+// The |out_signature_value| parameter corresponds with "signatureValue" from
+// RFC 5280:
+//         signatureValue       BIT STRING  }
+//
+// Parsing guarantees that this is a valid BIT STRING.
 NET_EXPORT bool ParseCertificate(const der::Input& certificate_tlv,
-                                 ParsedCertificate* out) WARN_UNUSED_RESULT;
+                                 der::Input* out_tbs_certificate_tlv,
+                                 der::Input* out_signature_algorithm_tlv,
+                                 der::BitString* out_signature_value)
+    WARN_UNUSED_RESULT;
 
 // Parses a DER-encoded "TBSCertificate" as specified by RFC 5280. Returns true
-// on success and sets the results in |out|.
+// on success and sets the results in |out|. Certain invalid inputs may
+// be accepted based on the provided |options|.
 //
 // Note that on success |out| aliases data from the input |tbs_tlv|.
 // Hence the fields of the ParsedTbsCertificate are only valid as long as
@@ -95,6 +123,7 @@ NET_EXPORT bool ParseCertificate(const der::Input& certificate_tlv,
 //                                 -- If present, version MUST be v3
 //            }
 NET_EXPORT bool ParseTbsCertificate(const der::Input& tbs_tlv,
+                                    const ParseCertificateOptions& options,
                                     ParsedTbsCertificate* out)
     WARN_UNUSED_RESULT;
 
@@ -106,37 +135,6 @@ enum class CertificateVersion {
   V3,
 };
 
-// ParsedCertificate contains pointers to the main fields of a DER-encoded RFC
-// 5280 "Certificate".
-//
-// ParsedCertificate is expected to be filled by ParseCertificate(), so
-// subsequent field descriptions are in terms of what ParseCertificate() sets.
-struct NET_EXPORT ParsedCertificate {
-  // Corresponds with "tbsCertificate" from RFC 5280:
-  //         tbsCertificate       TBSCertificate,
-  //
-  // This contains the full (unverified) Tag-Length-Value for a SEQUENCE. No
-  // guarantees are made regarding the value of this SEQUENCE.
-  //
-  // This can be further parsed using ParseTbsCertificate().
-  der::Input tbs_certificate_tlv;
-
-  // Corresponds with "signatureAlgorithm" from RFC 5280:
-  //         signatureAlgorithm   AlgorithmIdentifier,
-  //
-  // This contains the full (unverified) Tag-Length-Value for a SEQUENCE. No
-  // guarantees are made regarding the value of this SEQUENCE.
-  //
-  // This can be further parsed using SignatureValue::CreateFromDer().
-  der::Input signature_algorithm_tlv;
-
-  // Corresponds with "signatureValue" from RFC 5280:
-  //         signatureValue       BIT STRING  }
-  //
-  // Parsing guarantees that this is a valid BIT STRING.
-  der::BitString signature_value;
-};
-
 // ParsedTbsCertificate contains pointers to the main fields of a DER-encoded
 // RFC 5280 "TBSCertificate".
 //
@@ -160,7 +158,13 @@ struct NET_EXPORT ParsedTbsCertificate {
   // instance if the serial number was 1000 then this would contain bytes
   // {0x03, 0xE8}.
   //
-  // In addition to being a valid DER-encoded INTEGER, parsing guarantees that
+  // The serial number may or may not be a valid DER-encoded INTEGER:
+  //
+  // If the option |allow_invalid_serial_numbers=true| was used during
+  // parsing, then nothing further can be assumed about these bytes.
+  //
+  // Otherwise if |allow_invalid_serial_numbers=false| then in addition
+  // to being a valid DER-encoded INTEGER, parsing guarantees that
   // the serial number is at most 20 bytes long. Parsing does NOT guarantee
   // that the integer is positive (might be zero or negative).
   der::Input serial_number;
diff --git a/chromium/net/cert/internal/parse_certificate_fuzzer.cc b/chromium/net/cert/internal/parse_certificate_fuzzer.cc
new file mode 100644
index 00000000000..3249f73faae
--- /dev/null
+++ b/chromium/net/cert/internal/parse_certificate_fuzzer.cc
@@ -0,0 +1,72 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/macros.h"
+#include "net/cert/internal/certificate_policies.h"
+#include "net/cert/internal/extended_key_usage.h"
+#include "net/cert/internal/name_constraints.h"
+#include "net/cert/internal/parse_certificate.h"
+#include "net/cert/internal/parse_name.h"
+#include "net/cert/internal/signature_algorithm.h"
+#include "net/cert/internal/signature_policy.h"
+#include "net/cert/internal/verify_signed_data.h"
+
+namespace net {
+namespace {
+
+bool FindExtension(const der::Input& oid,
+                   std::map<der::Input, ParsedExtension>* extensions,
+                   ParsedExtension* extension) {
+  auto it = extensions->find(oid);
+  if (it == extensions->end())
+    return false;
+  *extension = it->second;
+  return true;
+}
+
+void ParseCertificateForFuzzer(const der::Input& in) {
+  der::Input tbs_certificate_tlv;
+  der::Input signature_algorithm_tlv;
+  der::BitString signature_value;
+  if (!ParseCertificate(in, &tbs_certificate_tlv, &signature_algorithm_tlv,
+                        &signature_value))
+    return;
+  std::unique_ptr<SignatureAlgorithm> sig_alg(
+      SignatureAlgorithm::CreateFromDer(signature_algorithm_tlv));
+
+  ParsedTbsCertificate tbs;
+  if (!ParseTbsCertificate(tbs_certificate_tlv, {}, &tbs))
+    return;
+
+  RDNSequence subject;
+  ignore_result(ParseName(tbs.subject_tlv, &subject));
+
+  std::map<der::Input, ParsedExtension> extensions;
+  if (tbs.has_extensions && ParseExtensions(tbs.extensions_tlv, &extensions)) {
+    ParsedExtension extension;
+    ParsedBasicConstraints basic_constraints;
+    der::BitString key_usage;
+    std::vector<der::Input> policies;
+    std::vector<der::Input> eku_oids;
+    if (FindExtension(BasicConstraintsOid(), &extensions, &extension))
+      ignore_result(ParseBasicConstraints(extension.value, &basic_constraints));
+    if (FindExtension(KeyUsageOid(), &extensions, &extension))
+      ignore_result(ParseKeyUsage(extension.value, &key_usage));
+    if (FindExtension(SubjectAltNameOid(), &extensions, &extension))
+      GeneralNames::CreateFromDer(extension.value);
+    if (FindExtension(CertificatePoliciesOid(), &extensions, &extension))
+      ParseCertificatePoliciesExtension(extension.value, &policies);
+    if (FindExtension(ExtKeyUsageOid(), &extensions, &extension))
+      ParseEKUExtension(extension.value, &eku_oids);
+  }
+}
+
+}  // namespace
+}  // namespace net
+
+extern "C" int LLVMFuzzerTestOneInput(const unsigned char* data, size_t size) {
+  net::der::Input in(data, size);
+  net::ParseCertificateForFuzzer(in);
+  return 0;
+}
diff --git a/chromium/net/cert/internal/parse_certificate_unittest.cc b/chromium/net/cert/internal/parse_certificate_unittest.cc
index eea4d4024be..474ab6d2a4b 100644
--- a/chromium/net/cert/internal/parse_certificate_unittest.cc
+++ b/chromium/net/cert/internal/parse_certificate_unittest.cc
@@ -45,15 +45,17 @@ void EnsureParsingCertificateSucceeds(const std::string& file_name) {
   ASSERT_TRUE(ReadTestDataFromPemFile(GetFilePath(file_name), mappings));
 
   // Parsing the certificate should succeed.
-  ParsedCertificate parsed;
-  ASSERT_TRUE(ParseCertificate(der::Input(&data), &parsed));
+  der::Input tbs_certificate_tlv;
+  der::Input signature_algorithm_tlv;
+  der::BitString signature_value;
+  ASSERT_TRUE(ParseCertificate(der::Input(&data), &tbs_certificate_tlv,
+                               &signature_algorithm_tlv, &signature_value));
 
-  // Ensure that the ParsedCertificate matches expectations.
-  EXPECT_EQ(0, parsed.signature_value.unused_bits());
-  EXPECT_EQ(der::Input(&expected_signature), parsed.signature_value.bytes());
-  EXPECT_EQ(der::Input(&expected_signature_algorithm),
-            parsed.signature_algorithm_tlv);
-  EXPECT_EQ(der::Input(&expected_tbs_certificate), parsed.tbs_certificate_tlv);
+  // Ensure that the parsed certificate matches expectations.
+  EXPECT_EQ(0, signature_value.unused_bits());
+  EXPECT_EQ(der::Input(&expected_signature), signature_value.bytes());
+  EXPECT_EQ(der::Input(&expected_signature_algorithm), signature_algorithm_tlv);
+  EXPECT_EQ(der::Input(&expected_tbs_certificate), tbs_certificate_tlv);
 }
 
 // Loads certificate data from the PEM file |file_name| and verifies that the
@@ -68,8 +70,11 @@ void EnsureParsingCertificateFails(const std::string& file_name) {
   ASSERT_TRUE(ReadTestDataFromPemFile(GetFilePath(file_name), mappings));
 
   // Parsing the Certificate should fail.
-  ParsedCertificate parsed;
-  ASSERT_FALSE(ParseCertificate(der::Input(&data), &parsed));
+  der::Input tbs_certificate_tlv;
+  der::Input signature_algorithm_tlv;
+  der::BitString signature_value;
+  ASSERT_FALSE(ParseCertificate(der::Input(&data), &tbs_certificate_tlv,
+                                &signature_algorithm_tlv, &signature_value));
 }
 
 // Tests parsing a Certificate.
@@ -151,7 +156,7 @@ void EnsureParsingTbsSucceeds(const std::string& file_name,
 
   // Parsing the TBSCertificate should succeed.
   ParsedTbsCertificate parsed;
-  ASSERT_TRUE(ParseTbsCertificate(der::Input(&data), &parsed));
+  ASSERT_TRUE(ParseTbsCertificate(der::Input(&data), {}, &parsed));
 
   // Ensure that the ParsedTbsCertificate matches expectations.
   EXPECT_EQ(expected_version, parsed.version);
@@ -194,7 +199,7 @@ void EnsureParsingTbsFails(const std::string& file_name) {
 
   // Parsing the TBSCertificate should fail.
   ParsedTbsCertificate parsed;
-  ASSERT_FALSE(ParseTbsCertificate(der::Input(&data), &parsed));
+  ASSERT_FALSE(ParseTbsCertificate(der::Input(&data), {}, &parsed));
 }
 
 // Tests parsing a TBSCertificate for v3 that contains no optional fields.
diff --git a/chromium/net/cert/internal/parse_ocsp.cc b/chromium/net/cert/internal/parse_ocsp.cc
index e06b29abe61..0243d9537b6 100644
--- a/chromium/net/cert/internal/parse_ocsp.cc
+++ b/chromium/net/cert/internal/parse_ocsp.cc
@@ -438,7 +438,7 @@ bool VerifyHash(HashValueTag type,
     return false;
   }
 
-  return target.Equals(value_hash);
+  return target == value_hash;
 }
 
 // Checks that the input |id_tlv| parses to a valid CertID and matches the
@@ -493,16 +493,16 @@ bool CheckCertID(const der::Input& id_tlv,
 }  // namespace
 
 bool GetOCSPCertStatus(const OCSPResponseData& response_data,
-                       const ParsedCertificate& issuer,
-                       const ParsedCertificate& cert,
+                       const der::Input& issuer_tbs_certificate_tlv,
+                       const der::Input& cert_tbs_certificate_tlv,
                        OCSPCertStatus* out) {
   out->status = OCSPCertStatus::Status::GOOD;
 
   ParsedTbsCertificate tbs_cert;
-  if (!ParseTbsCertificate(cert.tbs_certificate_tlv, &tbs_cert))
+  if (!ParseTbsCertificate(cert_tbs_certificate_tlv, {}, &tbs_cert))
     return false;
   ParsedTbsCertificate issuer_tbs_cert;
-  if (!ParseTbsCertificate(issuer.tbs_certificate_tlv, &issuer_tbs_cert))
+  if (!ParseTbsCertificate(issuer_tbs_certificate_tlv, {}, &issuer_tbs_cert))
     return false;
 
   bool found = false;
diff --git a/chromium/net/cert/internal/parse_ocsp.h b/chromium/net/cert/internal/parse_ocsp.h
index 63ee3e8e2a5..b9052aee9f6 100644
--- a/chromium/net/cert/internal/parse_ocsp.h
+++ b/chromium/net/cert/internal/parse_ocsp.h
@@ -5,10 +5,10 @@
 #ifndef NET_CERT_INTERNAL_PARSE_OCSP_H_
 #define NET_CERT_INTERNAL_PARSE_OCSP_H_
 
+#include <memory>
 #include <string>
 #include <vector>
 
-#include "base/memory/scoped_ptr.h"
 #include "net/base/hash_value.h"
 #include "net/cert/internal/parse_certificate.h"
 #include "net/cert/internal/signature_algorithm.h"
@@ -212,7 +212,7 @@ struct NET_EXPORT OCSPResponse {
 
   ResponseStatus status;
   der::Input data;
-  scoped_ptr<SignatureAlgorithm> signature_algorithm;
+  std::unique_ptr<SignatureAlgorithm> signature_algorithm;
   der::BitString signature;
   bool has_certs;
   std::vector<der::Input> certs;
@@ -264,18 +264,19 @@ NET_EXPORT_PRIVATE bool ParseOCSPResponseData(const der::Input& raw_tlv,
 NET_EXPORT_PRIVATE bool ParseOCSPResponse(const der::Input& raw_tlv,
                                           OCSPResponse* out);
 
-// Checks the certificate status of |cert| based on the OCSPResponseData
-// |response_data| and issuer |issuer| and sets the results in |out|. In the
-// case that there are multiple responses for a given certificate, as a result
-// of caching or performance (RFC 6960, 4.2.2.3), the strictest response is
-// returned (REVOKED > UNKNOWN > GOOD).
+// Checks the certificate status of |cert_tbs_certificate_tlv| based on the
+// OCSPResponseData |response_data| and issuer |issuer_tbs_certificate_tlv| and
+// sets the results in |out|. In the case that there are multiple responses for
+// a given certificate, as a result of caching or performance (RFC 6960,
+// 4.2.2.3), the strictest response is returned (REVOKED > UNKNOWN > GOOD).
 //
 // On failure |out| has an undefined state. Some of its fields may have been
 // updated during parsing, whereas others may not have been changed.
-NET_EXPORT_PRIVATE bool GetOCSPCertStatus(const OCSPResponseData& response_data,
-                                          const ParsedCertificate& issuer,
-                                          const ParsedCertificate& cert,
-                                          OCSPCertStatus* out);
+NET_EXPORT_PRIVATE bool GetOCSPCertStatus(
+    const OCSPResponseData& response_data,
+    const der::Input& issuer_tbs_certificate_tlv,
+    const der::Input& cert_tbs_certificate_tlv,
+    OCSPCertStatus* out);
 
 }  // namespace net
 
diff --git a/chromium/net/cert/internal/parse_ocsp_unittest.cc b/chromium/net/cert/internal/parse_ocsp_unittest.cc
index 12657e62695..3a2c60c73c9 100644
--- a/chromium/net/cert/internal/parse_ocsp_unittest.cc
+++ b/chromium/net/cert/internal/parse_ocsp_unittest.cc
@@ -48,11 +48,18 @@ OCSPFailure ParseOCSP(const std::string& file_name) {
   der::Input ca_input(&ca_data);
   der::Input cert_input(&cert_data);
 
-  ParsedCertificate issuer;
-  ParsedCertificate cert;
-  if (!ParseCertificate(ca_input, &issuer))
+  der::Input issuer_tbs_certificate_tlv;
+  der::Input issuer_signature_algorithm_tlv;
+  der::BitString issuer_signature_value;
+  der::Input cert_tbs_certificate_tlv;
+  der::Input cert_signature_algorithm_tlv;
+  der::BitString cert_signature_value;
+  if (!ParseCertificate(ca_input, &issuer_tbs_certificate_tlv,
+                        &issuer_signature_algorithm_tlv,
+                        &issuer_signature_value))
     return PARSE_CERT;
-  if (!ParseCertificate(cert_input, &cert))
+  if (!ParseCertificate(cert_input, &cert_tbs_certificate_tlv,
+                        &cert_signature_algorithm_tlv, &cert_signature_value))
     return PARSE_CERT;
   OCSPResponse parsed_ocsp;
   OCSPResponseData parsed_ocsp_data;
@@ -65,7 +72,8 @@ OCSPFailure ParseOCSP(const std::string& file_name) {
 
   OCSPCertStatus status;
 
-  if (!GetOCSPCertStatus(parsed_ocsp_data, issuer, cert, &status))
+  if (!GetOCSPCertStatus(parsed_ocsp_data, issuer_tbs_certificate_tlv,
+                         cert_tbs_certificate_tlv, &status))
     return PARSE_OCSP_SINGLE_RESPONSE;
 
   switch (status.status) {
diff --git a/chromium/net/cert/internal/signature_algorithm.cc b/chromium/net/cert/internal/signature_algorithm.cc
index 315243f3968..a2f99dd1f31 100644
--- a/chromium/net/cert/internal/signature_algorithm.cc
+++ b/chromium/net/cert/internal/signature_algorithm.cc
@@ -4,8 +4,10 @@
 
 #include "net/cert/internal/signature_algorithm.h"
 
+#include <memory>
 #include <utility>
 
+#include "base/memory/ptr_util.h"
 #include "base/numerics/safe_math.h"
 #include "net/der/input.h"
 #include "net/der/parse_values.h"
@@ -260,8 +262,8 @@ WARN_UNUSED_RESULT bool IsNull(const der::Input& input) {
 //         PUBLIC-KEYS { pk-rsa }
 //         SMIME-CAPS { IDENTIFIED BY sha512WithRSAEncryption }
 //     }
-scoped_ptr<SignatureAlgorithm> ParseRsaPkcs1(DigestAlgorithm digest,
-                                             const der::Input& params) {
+std::unique_ptr<SignatureAlgorithm> ParseRsaPkcs1(DigestAlgorithm digest,
+                                                  const der::Input& params) {
   // TODO(svaldez): Add warning about non-strict parsing.
   if (!IsNull(params) && !IsEmpty(params))
     return nullptr;
@@ -313,8 +315,8 @@ scoped_ptr<SignatureAlgorithm> ParseRsaPkcs1(DigestAlgorithm digest,
 //      PUBLIC-KEYS { pk-ec }
 //      SMIME-CAPS { IDENTIFIED BY ecdsa-with-SHA512 }
 //     }
-scoped_ptr<SignatureAlgorithm> ParseEcdsa(DigestAlgorithm digest,
-                                          const der::Input& params) {
+std::unique_ptr<SignatureAlgorithm> ParseEcdsa(DigestAlgorithm digest,
+                                               const der::Input& params) {
   if (!IsEmpty(params))
     return nullptr;
 
@@ -420,7 +422,7 @@ WARN_UNUSED_RESULT bool ReadOptionalContextSpecificUint32(der::Parser* parser,
 //
 // Which is to say the parameters MUST be present, and of type
 // RSASSA-PSS-params.
-scoped_ptr<SignatureAlgorithm> ParseRsaPss(const der::Input& params) {
+std::unique_ptr<SignatureAlgorithm> ParseRsaPss(const der::Input& params) {
   der::Parser parser(params);
   der::Parser params_parser;
   if (!parser.ReadSequence(&params_parser))
@@ -535,7 +537,7 @@ RsaPssParameters::RsaPssParameters(DigestAlgorithm mgf1_hash,
 SignatureAlgorithm::~SignatureAlgorithm() {
 }
 
-scoped_ptr<SignatureAlgorithm> SignatureAlgorithm::CreateFromDer(
+std::unique_ptr<SignatureAlgorithm> SignatureAlgorithm::CreateFromDer(
     const der::Input& algorithm_identifier) {
   der::Input oid;
   der::Input params;
@@ -578,25 +580,25 @@ scoped_ptr<SignatureAlgorithm> SignatureAlgorithm::CreateFromDer(
   return nullptr;  // Unsupported OID.
 }
 
-scoped_ptr<SignatureAlgorithm> SignatureAlgorithm::CreateRsaPkcs1(
+std::unique_ptr<SignatureAlgorithm> SignatureAlgorithm::CreateRsaPkcs1(
     DigestAlgorithm digest) {
-  return make_scoped_ptr(
+  return base::WrapUnique(
       new SignatureAlgorithm(SignatureAlgorithmId::RsaPkcs1, digest, nullptr));
 }
 
-scoped_ptr<SignatureAlgorithm> SignatureAlgorithm::CreateEcdsa(
+std::unique_ptr<SignatureAlgorithm> SignatureAlgorithm::CreateEcdsa(
     DigestAlgorithm digest) {
-  return make_scoped_ptr(
+  return base::WrapUnique(
       new SignatureAlgorithm(SignatureAlgorithmId::Ecdsa, digest, nullptr));
 }
 
-scoped_ptr<SignatureAlgorithm> SignatureAlgorithm::CreateRsaPss(
+std::unique_ptr<SignatureAlgorithm> SignatureAlgorithm::CreateRsaPss(
     DigestAlgorithm digest,
     DigestAlgorithm mgf1_hash,
     uint32_t salt_length) {
-  return make_scoped_ptr(new SignatureAlgorithm(
+  return base::WrapUnique(new SignatureAlgorithm(
       SignatureAlgorithmId::RsaPss, digest,
-      make_scoped_ptr(new RsaPssParameters(mgf1_hash, salt_length))));
+      base::WrapUnique(new RsaPssParameters(mgf1_hash, salt_length))));
 }
 
 const RsaPssParameters* SignatureAlgorithm::ParamsForRsaPss() const {
@@ -608,7 +610,7 @@ const RsaPssParameters* SignatureAlgorithm::ParamsForRsaPss() const {
 SignatureAlgorithm::SignatureAlgorithm(
     SignatureAlgorithmId algorithm,
     DigestAlgorithm digest,
-    scoped_ptr<SignatureAlgorithmParameters> params)
+    std::unique_ptr<SignatureAlgorithmParameters> params)
     : algorithm_(algorithm), digest_(digest), params_(std::move(params)) {}
 
 }  // namespace net
diff --git a/chromium/net/cert/internal/signature_algorithm.h b/chromium/net/cert/internal/signature_algorithm.h
index d1400bec266..0942cce8354 100644
--- a/chromium/net/cert/internal/signature_algorithm.h
+++ b/chromium/net/cert/internal/signature_algorithm.h
@@ -7,9 +7,10 @@
 
 #include <stdint.h>
 
+#include <memory>
+
 #include "base/compiler_specific.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 
 namespace net {
@@ -87,15 +88,18 @@ class NET_EXPORT SignatureAlgorithm {
 
   // Creates a SignatureAlgorithm by parsing a DER-encoded "AlgorithmIdentifier"
   // (RFC 5280). Returns nullptr on failure.
-  static scoped_ptr<SignatureAlgorithm> CreateFromDer(
+  static std::unique_ptr<SignatureAlgorithm> CreateFromDer(
       const der::Input& algorithm_identifier);
 
   // Creates a new SignatureAlgorithm with the given type and parameters.
-  static scoped_ptr<SignatureAlgorithm> CreateRsaPkcs1(DigestAlgorithm digest);
-  static scoped_ptr<SignatureAlgorithm> CreateEcdsa(DigestAlgorithm digest);
-  static scoped_ptr<SignatureAlgorithm> CreateRsaPss(DigestAlgorithm digest,
-                                                     DigestAlgorithm mgf1_hash,
-                                                     uint32_t salt_length);
+  static std::unique_ptr<SignatureAlgorithm> CreateRsaPkcs1(
+      DigestAlgorithm digest);
+  static std::unique_ptr<SignatureAlgorithm> CreateEcdsa(
+      DigestAlgorithm digest);
+  static std::unique_ptr<SignatureAlgorithm> CreateRsaPss(
+      DigestAlgorithm digest,
+      DigestAlgorithm mgf1_hash,
+      uint32_t salt_length);
 
   // The following methods retrieve the parameters for the signature algorithm.
   //
@@ -109,11 +113,11 @@ class NET_EXPORT SignatureAlgorithm {
  private:
   SignatureAlgorithm(SignatureAlgorithmId algorithm,
                      DigestAlgorithm digest,
-                     scoped_ptr<SignatureAlgorithmParameters> params);
+                     std::unique_ptr<SignatureAlgorithmParameters> params);
 
   const SignatureAlgorithmId algorithm_;
   const DigestAlgorithm digest_;
-  const scoped_ptr<SignatureAlgorithmParameters> params_;
+  const std::unique_ptr<SignatureAlgorithmParameters> params_;
 
   DISALLOW_COPY_AND_ASSIGN(SignatureAlgorithm);
 };
diff --git a/chromium/net/cert/internal/signature_algorithm_unittest.cc b/chromium/net/cert/internal/signature_algorithm_unittest.cc
index fe5dc2fab8a..717c935a9e5 100644
--- a/chromium/net/cert/internal/signature_algorithm_unittest.cc
+++ b/chromium/net/cert/internal/signature_algorithm_unittest.cc
@@ -4,6 +4,8 @@
 
 #include "net/cert/internal/signature_algorithm.h"
 
+#include <memory>
+
 #include "base/files/file_util.h"
 #include "base/strings/string_number_conversions.h"
 #include "net/base/test_data_directory.h"
@@ -19,14 +21,15 @@ namespace {
 // Creates a SignatureAlgorithm given the DER as a byte array. Returns true on
 // success and fills |*out| with a non-null pointer.
 template <size_t N>
-bool ParseDer(const uint8_t(&data)[N], scoped_ptr<SignatureAlgorithm>* out) {
+bool ParseDer(const uint8_t (&data)[N],
+              std::unique_ptr<SignatureAlgorithm>* out) {
   *out = SignatureAlgorithm::CreateFromDer(der::Input(data, N));
   return !!*out;
 }
 
 // Parses a SignatureAlgorithm given an empty DER input.
 TEST(SignatureAlgorithmTest, ParseDerEmpty) {
-  scoped_ptr<SignatureAlgorithm> algorithm =
+  std::unique_ptr<SignatureAlgorithm> algorithm =
       SignatureAlgorithm::CreateFromDer(der::Input());
   ASSERT_FALSE(algorithm);
 }
@@ -34,7 +37,7 @@ TEST(SignatureAlgorithmTest, ParseDerEmpty) {
 // Parses a SignatureAlgorithm given invalid DER input.
 TEST(SignatureAlgorithmTest, ParseDerBogus) {
   const uint8_t kData[] = {0x00};
-  scoped_ptr<SignatureAlgorithm> algorithm;
+  std::unique_ptr<SignatureAlgorithm> algorithm;
   ASSERT_FALSE(ParseDer(kData, &algorithm));
 }
 
@@ -52,7 +55,7 @@ TEST(SignatureAlgorithmTest, ParseDerSha1WithRSAEncryptionNullParams) {
       0x05, 0x00,  // NULL (0 bytes)
   };
   // clang-format on
-  scoped_ptr<SignatureAlgorithm> algorithm;
+  std::unique_ptr<SignatureAlgorithm> algorithm;
   ASSERT_TRUE(ParseDer(kData, &algorithm));
 
   EXPECT_EQ(SignatureAlgorithmId::RsaPkcs1, algorithm->algorithm());
@@ -71,7 +74,7 @@ TEST(SignatureAlgorithmTest, ParseDerSha1WithRSAEncryptionNoParams) {
       0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05,
   };
   // clang-format on
-  scoped_ptr<SignatureAlgorithm> algorithm;
+  std::unique_ptr<SignatureAlgorithm> algorithm;
   ASSERT_TRUE(ParseDer(kData, &algorithm));
 
   EXPECT_EQ(SignatureAlgorithmId::RsaPkcs1, algorithm->algorithm());
@@ -93,7 +96,7 @@ TEST(SignatureAlgorithmTest, ParseDerSha1WithRSAEncryptionNonNullParams) {
       0x02, 0x01, 0x00,  // INTEGER (1 byte)
   };
   // clang-format on
-  scoped_ptr<SignatureAlgorithm> algorithm;
+  std::unique_ptr<SignatureAlgorithm> algorithm;
   ASSERT_FALSE(ParseDer(kData, &algorithm));
 }
 
@@ -111,7 +114,7 @@ TEST(SignatureAlgorithmTest, ParseDerSha1WithRSASignatureNullParams) {
       0x05, 0x00,  // NULL (0 bytes)
   };
   // clang-format on
-  scoped_ptr<SignatureAlgorithm> algorithm;
+  std::unique_ptr<SignatureAlgorithm> algorithm;
   ASSERT_TRUE(ParseDer(kData, &algorithm));
 
   EXPECT_EQ(SignatureAlgorithmId::RsaPkcs1, algorithm->algorithm());
@@ -130,7 +133,7 @@ TEST(SignatureAlgorithmTest, ParseDerSha1WithRSASignatureNoParams) {
       0x2b, 0x0e, 0x03, 0x02, 0x1d,
   };
   // clang-format on
-  scoped_ptr<SignatureAlgorithm> algorithm;
+  std::unique_ptr<SignatureAlgorithm> algorithm;
   ASSERT_TRUE(ParseDer(kData, &algorithm));
 
   EXPECT_EQ(SignatureAlgorithmId::RsaPkcs1, algorithm->algorithm());
@@ -153,7 +156,7 @@ TEST(SignatureAlgorithmTest, ParseDerSha1WithRsaEncryptionDataAfterSequence) {
       0x02, 0x01, 0x00,  // INTEGER (1 byte)
   };
   // clang-format on
-  scoped_ptr<SignatureAlgorithm> algorithm;
+  std::unique_ptr<SignatureAlgorithm> algorithm;
   ASSERT_FALSE(ParseDer(kData, &algorithm));
 }
 
@@ -173,7 +176,7 @@ TEST(SignatureAlgorithmTest, ParseDerSha1WithRSAEncryptionBadNullParams) {
       0x05, 0x01, 0x09,  // NULL (1 byte)
   };
   // clang-format on
-  scoped_ptr<SignatureAlgorithm> algorithm;
+  std::unique_ptr<SignatureAlgorithm> algorithm;
   ASSERT_FALSE(ParseDer(kData, &algorithm));
 }
 
@@ -195,7 +198,7 @@ TEST(SignatureAlgorithmTest,
       0x02, 0x01, 0x00,  // INTEGER (1 byte)
   };
   // clang-format on
-  scoped_ptr<SignatureAlgorithm> algorithm;
+  std::unique_ptr<SignatureAlgorithm> algorithm;
   ASSERT_FALSE(ParseDer(kData, &algorithm));
 }
 
@@ -208,7 +211,7 @@ TEST(SignatureAlgorithmTest, ParseDerNotASequence) {
       0x02, 0x01, 0x00,  // INTEGER (1 byte)
   };
   // clang-format on
-  scoped_ptr<SignatureAlgorithm> algorithm;
+  std::unique_ptr<SignatureAlgorithm> algorithm;
   ASSERT_FALSE(ParseDer(kData, &algorithm));
 }
 
@@ -226,7 +229,7 @@ TEST(SignatureAlgorithmTest, ParseDerSha256WithRSAEncryptionNullParams) {
       0x05, 0x00,  // NULL (0 bytes)
   };
   // clang-format on
-  scoped_ptr<SignatureAlgorithm> algorithm;
+  std::unique_ptr<SignatureAlgorithm> algorithm;
   ASSERT_TRUE(ParseDer(kData, &algorithm));
 
   EXPECT_EQ(SignatureAlgorithmId::RsaPkcs1, algorithm->algorithm());
@@ -245,7 +248,7 @@ TEST(SignatureAlgorithmTest, ParseDerSha256WithRSAEncryptionNoParams) {
       0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
   };
   // clang-format on
-  scoped_ptr<SignatureAlgorithm> algorithm;
+  std::unique_ptr<SignatureAlgorithm> algorithm;
   ASSERT_TRUE(ParseDer(kData, &algorithm));
 
   EXPECT_EQ(SignatureAlgorithmId::RsaPkcs1, algorithm->algorithm());
@@ -266,7 +269,7 @@ TEST(SignatureAlgorithmTest, ParseDerSha384WithRSAEncryptionNullParams) {
       0x05, 0x00,  // NULL (0 bytes)
   };
   // clang-format on
-  scoped_ptr<SignatureAlgorithm> algorithm;
+  std::unique_ptr<SignatureAlgorithm> algorithm;
   ASSERT_TRUE(ParseDer(kData, &algorithm));
 
   EXPECT_EQ(SignatureAlgorithmId::RsaPkcs1, algorithm->algorithm());
@@ -285,7 +288,7 @@ TEST(SignatureAlgorithmTest, ParseDerSha384WithRSAEncryptionNoParams) {
       0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0c,
   };
   // clang-format on
-  scoped_ptr<SignatureAlgorithm> algorithm;
+  std::unique_ptr<SignatureAlgorithm> algorithm;
   ASSERT_TRUE(ParseDer(kData, &algorithm));
 
   EXPECT_EQ(SignatureAlgorithmId::RsaPkcs1, algorithm->algorithm());
@@ -306,7 +309,7 @@ TEST(SignatureAlgorithmTest, ParseDerSha512WithRSAEncryptionNullParams) {
       0x05, 0x00,  // NULL (0 bytes)
   };
   // clang-format on
-  scoped_ptr<SignatureAlgorithm> algorithm;
+  std::unique_ptr<SignatureAlgorithm> algorithm;
   ASSERT_TRUE(ParseDer(kData, &algorithm));
 
   EXPECT_EQ(SignatureAlgorithmId::RsaPkcs1, algorithm->algorithm());
@@ -325,7 +328,7 @@ TEST(SignatureAlgorithmTest, ParseDerSha512WithRSAEncryptionNoParams) {
       0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0d,
   };
   // clang-format on
-  scoped_ptr<SignatureAlgorithm> algorithm;
+  std::unique_ptr<SignatureAlgorithm> algorithm;
   ASSERT_TRUE(ParseDer(kData, &algorithm));
 
   EXPECT_EQ(SignatureAlgorithmId::RsaPkcs1, algorithm->algorithm());
@@ -348,7 +351,7 @@ TEST(SignatureAlgorithmTest, ParseDerSha224WithRSAEncryptionNullParams) {
       0x05, 0x00,  // NULL (0 bytes)
   };
   // clang-format on
-  scoped_ptr<SignatureAlgorithm> algorithm;
+  std::unique_ptr<SignatureAlgorithm> algorithm;
   ASSERT_FALSE(ParseDer(kData, &algorithm));
 }
 
@@ -364,7 +367,7 @@ TEST(SignatureAlgorithmTest, ParseDerEcdsaWithSHA1NoParams) {
       0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x01,
   };
   // clang-format on
-  scoped_ptr<SignatureAlgorithm> algorithm;
+  std::unique_ptr<SignatureAlgorithm> algorithm;
   ASSERT_TRUE(ParseDer(kData, &algorithm));
 
   EXPECT_EQ(SignatureAlgorithmId::Ecdsa, algorithm->algorithm());
@@ -385,7 +388,7 @@ TEST(SignatureAlgorithmTest, ParseDerEcdsaWithSHA1NullParams) {
       0x05, 0x00,  // NULL (0 bytes)
   };
   // clang-format on
-  scoped_ptr<SignatureAlgorithm> algorithm;
+  std::unique_ptr<SignatureAlgorithm> algorithm;
   ASSERT_FALSE(ParseDer(kData, &algorithm));
 }
 
@@ -401,7 +404,7 @@ TEST(SignatureAlgorithmTest, ParseDerEcdsaWithSHA256NoParams) {
       0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02,
   };
   // clang-format on
-  scoped_ptr<SignatureAlgorithm> algorithm;
+  std::unique_ptr<SignatureAlgorithm> algorithm;
   ASSERT_TRUE(ParseDer(kData, &algorithm));
 
   EXPECT_EQ(SignatureAlgorithmId::Ecdsa, algorithm->algorithm());
@@ -422,7 +425,7 @@ TEST(SignatureAlgorithmTest, ParseDerEcdsaWithSHA256NullParams) {
       0x05, 0x00,  // NULL (0 bytes)
   };
   // clang-format on
-  scoped_ptr<SignatureAlgorithm> algorithm;
+  std::unique_ptr<SignatureAlgorithm> algorithm;
   ASSERT_FALSE(ParseDer(kData, &algorithm));
 }
 
@@ -438,7 +441,7 @@ TEST(SignatureAlgorithmTest, ParseDerEcdsaWithSHA384NoParams) {
       0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x03,
   };
   // clang-format on
-  scoped_ptr<SignatureAlgorithm> algorithm;
+  std::unique_ptr<SignatureAlgorithm> algorithm;
   ASSERT_TRUE(ParseDer(kData, &algorithm));
 
   EXPECT_EQ(SignatureAlgorithmId::Ecdsa, algorithm->algorithm());
@@ -459,7 +462,7 @@ TEST(SignatureAlgorithmTest, ParseDerEcdsaWithSHA384NullParams) {
       0x05, 0x00,  // NULL (0 bytes)
   };
   // clang-format on
-  scoped_ptr<SignatureAlgorithm> algorithm;
+  std::unique_ptr<SignatureAlgorithm> algorithm;
   ASSERT_FALSE(ParseDer(kData, &algorithm));
 }
 
@@ -475,7 +478,7 @@ TEST(SignatureAlgorithmTest, ParseDerEcdsaWithSHA512NoParams) {
       0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x04,
   };
   // clang-format on
-  scoped_ptr<SignatureAlgorithm> algorithm;
+  std::unique_ptr<SignatureAlgorithm> algorithm;
   ASSERT_TRUE(ParseDer(kData, &algorithm));
 
   EXPECT_EQ(SignatureAlgorithmId::Ecdsa, algorithm->algorithm());
@@ -496,14 +499,14 @@ TEST(SignatureAlgorithmTest, ParseDerEcdsaWithSHA512NullParams) {
       0x05, 0x00,  // NULL (0 bytes)
   };
   // clang-format on
-  scoped_ptr<SignatureAlgorithm> algorithm;
+  std::unique_ptr<SignatureAlgorithm> algorithm;
   ASSERT_FALSE(ParseDer(kData, &algorithm));
 }
 
 // Tests that the parmeters returned for an ECDSA algorithm are null for
 // non-ECDSA algorithms.
 TEST(SignatureAlgorithmTest, ParamsAreNullForWrongTypeEcdsa) {
-  scoped_ptr<SignatureAlgorithm> alg1 =
+  std::unique_ptr<SignatureAlgorithm> alg1 =
       SignatureAlgorithm::CreateEcdsa(DigestAlgorithm::Sha1);
 
   EXPECT_FALSE(alg1->ParamsForRsaPss());
@@ -512,7 +515,7 @@ TEST(SignatureAlgorithmTest, ParamsAreNullForWrongTypeEcdsa) {
 // Tests that the parmeters returned for an RSA PKCS#1 v1.5 algorithm are null
 // for non-RSA PKCS#1 v1.5 algorithms.
 TEST(SignatureAlgorithmTest, ParamsAreNullForWrongTypeRsaPkcs1) {
-  scoped_ptr<SignatureAlgorithm> alg1 =
+  std::unique_ptr<SignatureAlgorithm> alg1 =
       SignatureAlgorithm::CreateRsaPkcs1(DigestAlgorithm::Sha1);
 
   EXPECT_FALSE(alg1->ParamsForRsaPss());
@@ -565,7 +568,7 @@ TEST(SignatureAlgorithmTest, ParseDerRsaPss) {
       0x01,
   };
   // clang-format on
-  scoped_ptr<SignatureAlgorithm> algorithm;
+  std::unique_ptr<SignatureAlgorithm> algorithm;
   ASSERT_TRUE(ParseDer(kData, &algorithm));
 
   ASSERT_EQ(SignatureAlgorithmId::RsaPss, algorithm->algorithm());
@@ -593,7 +596,7 @@ TEST(SignatureAlgorithmTest, ParseDerRsaPssEmptyParams) {
       0x30, 0x00,  // SEQUENCE (0 bytes)
   };
   // clang-format on
-  scoped_ptr<SignatureAlgorithm> algorithm;
+  std::unique_ptr<SignatureAlgorithm> algorithm;
   ASSERT_TRUE(ParseDer(kData, &algorithm));
 
   ASSERT_EQ(SignatureAlgorithmId::RsaPss, algorithm->algorithm());
@@ -620,7 +623,7 @@ TEST(SignatureAlgorithmTest, ParseDerRsaPssNullParams) {
       0x05, 0x00,  // NULL (0 bytes)
   };
   // clang-format on
-  scoped_ptr<SignatureAlgorithm> algorithm;
+  std::unique_ptr<SignatureAlgorithm> algorithm;
   ASSERT_FALSE(ParseDer(kData, &algorithm));
 }
 
@@ -636,7 +639,7 @@ TEST(SignatureAlgorithmTest, ParseDerRsaPssNoParams) {
       0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A,
   };
   // clang-format on
-  scoped_ptr<SignatureAlgorithm> algorithm;
+  std::unique_ptr<SignatureAlgorithm> algorithm;
   ASSERT_FALSE(ParseDer(kData, &algorithm));
 }
 
@@ -656,7 +659,7 @@ TEST(SignatureAlgorithmTest, ParseDerRsaPssDataAfterParams) {
       0x05, 0x00,  // NULL (0 bytes)
   };
   // clang-format on
-  scoped_ptr<SignatureAlgorithm> algorithm;
+  std::unique_ptr<SignatureAlgorithm> algorithm;
   ASSERT_FALSE(ParseDer(kData, &algorithm));
 }
 
@@ -680,7 +683,7 @@ TEST(SignatureAlgorithmTest, ParseDerRsaPssDefaultsExceptForSaltLength) {
       0x17,
   };
   // clang-format on
-  scoped_ptr<SignatureAlgorithm> algorithm;
+  std::unique_ptr<SignatureAlgorithm> algorithm;
   ASSERT_TRUE(ParseDer(kData, &algorithm));
 
   ASSERT_EQ(SignatureAlgorithmId::RsaPss, algorithm->algorithm());
@@ -715,7 +718,7 @@ TEST(SignatureAlgorithmTest, ParseDerRsaPssNullInsideParams) {
       0x05, 0x00,  // NULL (0 bytes)
   };
   // clang-format on
-  scoped_ptr<SignatureAlgorithm> algorithm;
+  std::unique_ptr<SignatureAlgorithm> algorithm;
   ASSERT_FALSE(ParseDer(kData, &algorithm));
 }
 
@@ -739,7 +742,7 @@ TEST(SignatureAlgorithmTest, ParseDerRsaPssUnsupportedTrailer) {
       0x02,
   };
   // clang-format on
-  scoped_ptr<SignatureAlgorithm> algorithm;
+  std::unique_ptr<SignatureAlgorithm> algorithm;
   ASSERT_FALSE(ParseDer(kData, &algorithm));
 }
 
@@ -765,7 +768,7 @@ TEST(SignatureAlgorithmTest, ParseDerRsaPssBadTrailer) {
       0x05, 0x00,  // NULL (0 bytes)
   };
   // clang-format on
-  scoped_ptr<SignatureAlgorithm> algorithm;
+  std::unique_ptr<SignatureAlgorithm> algorithm;
   ASSERT_FALSE(ParseDer(kData, &algorithm));
 }
 
@@ -793,7 +796,7 @@ TEST(SignatureAlgorithmTest, ParseDerRsaPssNonDefaultHash) {
       0x05, 0x00,  // NULL (0 bytes)
   };
   // clang-format on
-  scoped_ptr<SignatureAlgorithm> algorithm;
+  std::unique_ptr<SignatureAlgorithm> algorithm;
   ASSERT_TRUE(ParseDer(kData, &algorithm));
 
   ASSERT_EQ(SignatureAlgorithmId::RsaPss, algorithm->algorithm());
@@ -829,7 +832,7 @@ TEST(SignatureAlgorithmTest, ParseDerRsaPssNonDefaultHashAbsentParams) {
       0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02,
   };
   // clang-format on
-  scoped_ptr<SignatureAlgorithm> algorithm;
+  std::unique_ptr<SignatureAlgorithm> algorithm;
   ASSERT_TRUE(ParseDer(kData, &algorithm));
 
   ASSERT_EQ(SignatureAlgorithmId::RsaPss, algorithm->algorithm());
@@ -864,7 +867,7 @@ TEST(SignatureAlgorithmTest, ParseDerRsaPssUnsupportedHashOid) {
       0x60, 0x86, 0x48, 0x02, 0x67, 0x13, 0x04, 0x02, 0x02,
   };
   // clang-format on
-  scoped_ptr<SignatureAlgorithm> algorithm;
+  std::unique_ptr<SignatureAlgorithm> algorithm;
   ASSERT_FALSE(ParseDer(kData, &algorithm));
 }
 
@@ -897,7 +900,7 @@ TEST(SignatureAlgorithmTest, ParseDerRsaPssNonDefaultMaskGen) {
       0x05, 0x00,  // NULL (0 bytes)
   };
   // clang-format on
-  scoped_ptr<SignatureAlgorithm> algorithm;
+  std::unique_ptr<SignatureAlgorithm> algorithm;
   ASSERT_TRUE(ParseDer(kData, &algorithm));
 
   ASSERT_EQ(SignatureAlgorithmId::RsaPss, algorithm->algorithm());
@@ -939,7 +942,7 @@ TEST(SignatureAlgorithmTest, ParseDerRsaPssUnsupportedMaskGen) {
       0x05, 0x00,  // NULL (0 bytes)
   };
   // clang-format on
-  scoped_ptr<SignatureAlgorithm> algorithm;
+  std::unique_ptr<SignatureAlgorithm> algorithm;
   ASSERT_FALSE(ParseDer(kData, &algorithm));
 }
 
@@ -981,7 +984,7 @@ TEST(SignatureAlgorithmTest, ParseDerRsaPssNonDefaultHashAndMaskGen) {
       0x05, 0x00,  // NULL (0 bytes)
   };
   // clang-format on
-  scoped_ptr<SignatureAlgorithm> algorithm;
+  std::unique_ptr<SignatureAlgorithm> algorithm;
   ASSERT_TRUE(ParseDer(kData, &algorithm));
 
   ASSERT_EQ(SignatureAlgorithmId::RsaPss, algorithm->algorithm());
@@ -1037,7 +1040,7 @@ TEST(SignatureAlgorithmTest, ParseDerRsaPssNonDefaultHashAndMaskGenAndSalt) {
       0x0A,
   };
   // clang-format on
-  scoped_ptr<SignatureAlgorithm> algorithm;
+  std::unique_ptr<SignatureAlgorithm> algorithm;
   ASSERT_TRUE(ParseDer(kData, &algorithm));
 
   ASSERT_EQ(SignatureAlgorithmId::RsaPss, algorithm->algorithm());
diff --git a/chromium/net/cert/internal/signature_policy.cc b/chromium/net/cert/internal/signature_policy.cc
index 69f22f78a99..c00212ac941 100644
--- a/chromium/net/cert/internal/signature_policy.cc
+++ b/chromium/net/cert/internal/signature_policy.cc
@@ -6,9 +6,7 @@
 
 #include "base/logging.h"
 
-#if defined(USE_OPENSSL)
 #include <openssl/obj.h>
-#endif
 
 namespace net {
 
@@ -18,14 +16,12 @@ bool SignaturePolicy::IsAcceptableSignatureAlgorithm(
 }
 
 bool SignaturePolicy::IsAcceptableCurveForEcdsa(int curve_nid) const {
-#if defined(USE_OPENSSL)
   switch (curve_nid) {
     case NID_X9_62_prime256v1:
     case NID_secp384r1:
     case NID_secp521r1:
       return true;
   }
-#endif
   return false;
 }
 
diff --git a/chromium/net/cert/internal/verify_certificate_chain.cc b/chromium/net/cert/internal/verify_certificate_chain.cc
index 20fafc5303f..97447af05e9 100644
--- a/chromium/net/cert/internal/verify_certificate_chain.cc
+++ b/chromium/net/cert/internal/verify_certificate_chain.cc
@@ -4,6 +4,8 @@
 
 #include "net/cert/internal/verify_certificate_chain.h"
 
+#include <memory>
+
 #include "base/logging.h"
 #include "net/cert/internal/name_constraints.h"
 #include "net/cert/internal/parse_certificate.h"
@@ -24,10 +26,12 @@ using ExtensionsMap = std::map<der::Input, ParsedExtension>;
 // Describes all parsed properties of a certificate that are relevant for
 // certificate verification.
 struct FullyParsedCert {
-  ParsedCertificate cert;
+  der::Input tbs_certificate_tlv;
+  der::Input signature_algorithm_tlv;
+  der::BitString signature_value;
   ParsedTbsCertificate tbs;
 
-  scoped_ptr<SignatureAlgorithm> signature_algorithm;
+  std::unique_ptr<SignatureAlgorithm> signature_algorithm;
 
   // Standard extensions that were parsed.
   bool has_basic_constraints = false;
@@ -36,7 +40,7 @@ struct FullyParsedCert {
   bool has_key_usage = false;
   der::BitString key_usage;
 
-  scoped_ptr<GeneralNames> subject_alt_names;
+  std::unique_ptr<GeneralNames> subject_alt_names;
 
   bool has_name_constraints = false;
   ParsedExtension name_constraints_extension;
@@ -79,22 +83,25 @@ WARN_UNUSED_RESULT bool GetSequenceValue(const der::Input& tlv,
 
 // Parses an X.509 Certificate fully (including the TBSCertificate and
 // standard extensions), saving all the properties to |out_|.
-WARN_UNUSED_RESULT bool FullyParseCertificate(const der::Input& cert_tlv,
-                                              FullyParsedCert* out) {
+WARN_UNUSED_RESULT bool FullyParseCertificate(
+    const der::Input& cert_tlv,
+    const ParseCertificateOptions& options,
+    FullyParsedCert* out) {
   // Parse the outer Certificate.
-  if (!ParseCertificate(cert_tlv, &out->cert))
+  if (!ParseCertificate(cert_tlv, &out->tbs_certificate_tlv,
+                        &out->signature_algorithm_tlv, &out->signature_value))
     return false;
 
   // Parse the signature algorithm contained in the Certificate (there is
   // another one in the TBSCertificate, which is checked later by
   // VerifySignatureAlgorithmsMatch)
   out->signature_algorithm =
-      SignatureAlgorithm::CreateFromDer(out->cert.signature_algorithm_tlv);
+      SignatureAlgorithm::CreateFromDer(out->signature_algorithm_tlv);
   if (!out->signature_algorithm)
     return false;
 
   // Parse the TBSCertificate.
-  if (!ParseTbsCertificate(out->cert.tbs_certificate_tlv, &out->tbs))
+  if (!ParseTbsCertificate(out->tbs_certificate_tlv, options, &out->tbs))
     return false;
 
   // Reset state relating to extensions (which may not get overwritten). This is
@@ -196,24 +203,6 @@ WARN_UNUSED_RESULT bool IsSelfIssued(const FullyParsedCert& cert) {
   return NameMatches(cert.tbs.subject_tlv, cert.tbs.issuer_tlv);
 }
 
-// Finds a trust anchor that matches |name| in |trust_store| or returns
-// nullptr. The returned pointer references data in |trust_store|.
-//
-// TODO(eroman): This implementation is linear in the size of the trust store,
-// and also presumes that all names are unique. In practice it is possible to
-// have multiple SPKIs with the same name. Also this mechanism of
-// searching is fairly primitive, and does not take advantage of other
-// properties like the authority key id.
-WARN_UNUSED_RESULT const TrustAnchor* FindTrustAnchorByName(
-    const TrustStore& trust_store,
-    const der::Input& name) {
-  for (const auto& anchor : trust_store.anchors) {
-    if (NameMatches(name, der::Input(&anchor.name)))
-      return &anchor;
-  }
-  return nullptr;
-}
-
 // Returns true if |cert| is valid at time |time|.
 //
 // The certificate's validity requirements are described by RFC 5280 section
@@ -231,7 +220,7 @@ WARN_UNUSED_RESULT bool VerifyTimeValidity(const FullyParsedCert& cert,
 // RSA with SHA1.
 WARN_UNUSED_RESULT bool IsRsaWithSha1SignatureAlgorithm(
     const der::Input& signature_algorithm_tlv) {
-  scoped_ptr<SignatureAlgorithm> algorithm =
+  std::unique_ptr<SignatureAlgorithm> algorithm =
       SignatureAlgorithm::CreateFromDer(signature_algorithm_tlv);
 
   return algorithm &&
@@ -260,7 +249,7 @@ WARN_UNUSED_RESULT bool IsRsaWithSha1SignatureAlgorithm(
 // compatibility sake.
 WARN_UNUSED_RESULT bool VerifySignatureAlgorithmsMatch(
     const FullyParsedCert& cert) {
-  const der::Input& alg1_tlv = cert.cert.signature_algorithm_tlv;
+  const der::Input& alg1_tlv = cert.signature_algorithm_tlv;
   const der::Input& alg2_tlv = cert.tbs.signature_algorithm_tlv;
 
   // Ensure that the two DER-encoded signature algorithms are byte-for-byte
@@ -271,26 +260,35 @@ WARN_UNUSED_RESULT bool VerifySignatureAlgorithmsMatch(
 
 // This function corresponds to RFC 5280 section 6.1.3's "Basic Certificate
 // Processing" procedure.
+//
+// |skip_issuer_checks| controls whether the function will skip:
+//   - Checking that |cert|'s signature using |working_spki|
+//   - Checkinging that |cert|'s issuer matches |working_issuer_name|
+// This should be set to true only when verifying a trusted root certificate.
 WARN_UNUSED_RESULT bool BasicCertificateProcessing(
     const FullyParsedCert& cert,
     bool is_target_cert,
+    bool skip_issuer_checks,
     const SignaturePolicy* signature_policy,
     const der::GeneralizedTime& time,
     const der::Input& working_spki,
     const der::Input& working_issuer_name,
-    const std::vector<scoped_ptr<NameConstraints>>& name_constraints_list) {
+    const std::vector<std::unique_ptr<NameConstraints>>&
+        name_constraints_list) {
   // Check that the signature algorithms in Certificate vs TBSCertificate
   // match. This isn't part of RFC 5280 section 6.1.3, but is mandated by
   // sections 4.1.1.2 and 4.1.2.3.
   if (!VerifySignatureAlgorithmsMatch(cert))
     return false;
 
-  // Verify the digital signature using the previous certificate's (or trust
-  // anchor's) key (RFC 5280 section 6.1.3 step a.1).
-  if (!VerifySignedData(
-          *cert.signature_algorithm, cert.cert.tbs_certificate_tlv,
-          cert.cert.signature_value, working_spki, signature_policy)) {
-    return false;
+  // Verify the digital signature using the previous certificate's key (RFC
+  // 5280 section 6.1.3 step a.1).
+  if (!skip_issuer_checks) {
+    if (!VerifySignedData(*cert.signature_algorithm, cert.tbs_certificate_tlv,
+                          cert.signature_value, working_spki,
+                          signature_policy)) {
+      return false;
+    }
   }
 
   // Check the time range for the certificate's validity, ensuring it is valid
@@ -301,10 +299,12 @@ WARN_UNUSED_RESULT bool BasicCertificateProcessing(
 
   // TODO(eroman): Check revocation (RFC 5280 section 6.1.3 step a.3)
 
-  // Verify the certificate's issuer name matches the issuing certificate's (or
-  // trust anchor's) subject name. (RFC 5280 section 6.1.3 step a.4)
-  if (!NameMatches(cert.tbs.issuer_tlv, working_issuer_name))
-    return false;
+  // Verify the certificate's issuer name matches the issuing certificate's
+  // subject name. (RFC 5280 section 6.1.3 step a.4)
+  if (!skip_issuer_checks) {
+    if (!NameMatches(cert.tbs.issuer_tlv, working_issuer_name))
+      return false;
+  }
 
   // Name constraints (RFC 5280 section 6.1.3 step b & c)
   // If certificate i is self-issued and it is not the final certificate in the
@@ -333,7 +333,7 @@ WARN_UNUSED_RESULT bool PrepareForNextCertificate(
     size_t* max_path_length_ptr,
     der::Input* working_spki,
     der::Input* working_issuer_name,
-    std::vector<scoped_ptr<NameConstraints>>* name_constraints_list) {
+    std::vector<std::unique_ptr<NameConstraints>>* name_constraints_list) {
   // TODO(eroman): Steps a-b are omitted, as policy constraints are not yet
   // implemented.
 
@@ -353,9 +353,10 @@ WARN_UNUSED_RESULT bool PrepareForNextCertificate(
 
   // From RFC 5280 section 6.1.4 step g:
   if (cert.has_name_constraints) {
-    scoped_ptr<NameConstraints> name_constraints(NameConstraints::CreateFromDer(
-        cert.name_constraints_extension.value,
-        cert.name_constraints_extension.critical));
+    std::unique_ptr<NameConstraints> name_constraints(
+        NameConstraints::CreateFromDer(
+            cert.name_constraints_extension.value,
+            cert.name_constraints_extension.critical));
     if (!name_constraints)
       return false;
     name_constraints_list->push_back(std::move(name_constraints));
@@ -498,26 +499,133 @@ WARN_UNUSED_RESULT bool WrapUp(const FullyParsedCert& cert) {
 
 }  // namespace
 
+TrustAnchor::TrustAnchor() {}
 TrustAnchor::~TrustAnchor() {}
 
+std::unique_ptr<TrustAnchor> TrustAnchor::CreateFromCertificateData(
+    const uint8_t* data,
+    size_t length,
+    const ParseCertificateOptions& options,
+    DataSource source) {
+  std::unique_ptr<TrustAnchor> result(new TrustAnchor);
+
+  switch (source) {
+    case DataSource::INTERNAL_COPY:
+      result->cert_data_.assign(data, data + length);
+      result->cert_ =
+          der::Input(result->cert_data_.data(), result->cert_data_.size());
+      break;
+    case DataSource::EXTERNAL_REFERENCE:
+      result->cert_ = der::Input(data, length);
+      break;
+  }
+
+  // Parse the certificate to get its name.
+  der::Input tbs_certificate_tlv;
+  der::Input signature_algorithm_tlv;
+  der::BitString signature_value;
+  if (!ParseCertificate(result->cert(), &tbs_certificate_tlv,
+                        &signature_algorithm_tlv, &signature_value))
+    return nullptr;
+
+  ParsedTbsCertificate tbs;
+  if (!ParseTbsCertificate(tbs_certificate_tlv, options, &tbs))
+    return nullptr;
+
+  result->name_ = tbs.subject_tlv;
+
+  // TODO(eroman): If adding a self-signed certificate, check that its
+  // signature is correct? This check will not otherwise be done during
+  // verification.
+
+  return result;
+}
+
+bool TrustAnchor::MatchesName(const der::Input& name) const {
+  return NameMatches(name, name_);
+}
+
 TrustStore::TrustStore() {}
-TrustStore::TrustStore(const TrustStore& other) = default;
 TrustStore::~TrustStore() {}
 
+void TrustStore::Clear() {
+  anchors_.clear();
+}
+
+bool TrustStore::AddTrustedCertificate(const uint8_t* data, size_t length) {
+  return AddTrustedCertificate(data, length,
+                               TrustAnchor::DataSource::INTERNAL_COPY);
+}
+
+bool TrustStore::AddTrustedCertificate(const base::StringPiece& data) {
+  return AddTrustedCertificate(reinterpret_cast<const uint8_t*>(data.data()),
+                               data.size());
+}
+
+bool TrustStore::AddTrustedCertificateWithoutCopying(const uint8_t* data,
+                                                     size_t length) {
+  return AddTrustedCertificate(data, length,
+                               TrustAnchor::DataSource::EXTERNAL_REFERENCE);
+}
+
+const TrustAnchor* TrustStore::FindTrustAnchorByName(
+    const der::Input& name) const {
+  for (const auto& anchor : anchors_) {
+    if (anchor->MatchesName(name)) {
+      return anchor.get();
+    }
+  }
+  return nullptr;
+}
+
+bool TrustStore::IsTrustedCertificate(const der::Input& cert_der) const {
+  for (const auto& anchor : anchors_) {
+    if (anchor->cert() == cert_der)
+      return true;
+  }
+  return false;
+}
+
+bool TrustStore::AddTrustedCertificate(const uint8_t* data,
+                                       size_t length,
+                                       TrustAnchor::DataSource source) {
+  auto anchor =
+      TrustAnchor::CreateFromCertificateData(data, length, {}, source);
+  if (!anchor)
+    return false;
+  anchors_.push_back(std::move(anchor));
+  return true;
+}
+
+// TODO(eroman): Move this into existing anonymous namespace.
+namespace {
+
 // This implementation is structured to mimic the description of certificate
 // path verification given by RFC 5280 section 6.1.
-bool VerifyCertificateChain(const std::vector<der::Input>& certs_der,
-                            const TrustStore& trust_store,
-                            const SignaturePolicy* signature_policy,
-                            const der::GeneralizedTime& time) {
+//
+// Unlike RFC 5280, the trust anchor is specified as the root certificate in
+// the chain. This root certificate is assumed to be trusted, and neither its
+// signature nor issuer name are verified. (It needn't be self-signed).
+bool VerifyCertificateChainAssumingTrustedRoot(
+    const std::vector<der::Input>& certs_der,
+    const ParseCertificateOptions& options,
+    // The trust store is only used for assertions.
+    const TrustStore& trust_store,
+    const SignaturePolicy* signature_policy,
+    const der::GeneralizedTime& time) {
   // An empty chain is necessarily invalid.
   if (certs_der.empty())
     return false;
 
+  // IMPORTANT: the assumption being made is that the root certificate in
+  // the given path is the trust anchor (and has already been verified as
+  // such).
+  DCHECK(trust_store.IsTrustedCertificate(certs_der.back()));
+
   // Will contain a NameConstraints for each previous cert in the chain which
   // had nameConstraints. This corresponds to the permitted_subtrees and
   // excluded_subtrees state variables from RFC 5280.
-  std::vector<scoped_ptr<NameConstraints>> name_constraints_list;
+  std::vector<std::unique_ptr<NameConstraints>> name_constraints_list;
 
   // |working_spki| is an amalgamation of 3 separate variables from RFC 5280:
   //    * working_public_key
@@ -532,18 +640,14 @@ bool VerifyCertificateChain(const std::vector<der::Input>& certs_der,
   // 5280 section 6.1.2:
   //
   //    working_public_key:  the public key used to verify the
-  //    signature of a certificate.  The working_public_key is
-  //    initialized from the trusted public key provided in the trust
-  //    anchor information.
+  //    signature of a certificate.
   der::Input working_spki;
 
   // |working_issuer_name| corresponds with the same named variable in RFC 5280
   // section 6.1.2:
   //
   //    working_issuer_name:  the issuer distinguished name expected
-  //    in the next certificate in the chain.  The
-  //    working_issuer_name is initialized to the trusted issuer name
-  //    provided in the trust anchor information.
+  //    in the next certificate in the chain.
   der::Input working_issuer_name;
 
   // |max_path_length| corresponds with the same named variable in RFC 5280
@@ -561,39 +665,34 @@ bool VerifyCertificateChain(const std::vector<der::Input>& certs_der,
   //
   // Note that |i| uses 0-based indexing whereas in RFC 5280 it is 1-based.
   //
-  //   * i=0    :  Certificate signed by a trust anchor.
+  //   * i=0    :  Trust anchor.
   //   * i=N-1  :  Target certificate.
   for (size_t i = 0; i < certs_der.size(); ++i) {
     const size_t index_into_certs_der = certs_der.size() - i - 1;
+
+    // |is_target_cert| is true if the current certificate is the target
+    // certificate being verified. The target certificate isn't necessarily an
+    // end-entity certificate.
     const bool is_target_cert = index_into_certs_der == 0;
 
+    // |is_trust_anchor| is true if the current certificate is the trust
+    // anchor. This certificate is implicitly trusted.
+    const bool is_trust_anchor = i == 0;
+
     // Parse the current certificate into |cert|.
     FullyParsedCert cert;
     const der::Input& cert_der = certs_der[index_into_certs_der];
-    if (!FullyParseCertificate(cert_der, &cert))
+    if (!FullyParseCertificate(cert_der, options, &cert))
       return false;
 
-    // When processing the first certificate, initialize |working_spki|
-    // and |working_issuer_name| to the trust anchor per RFC 5280 section 6.1.2.
-    // This is done inside the loop in order to have access to the parsed
-    // certificate.
-    if (i == 0) {
-      const TrustAnchor* trust_anchor =
-          FindTrustAnchorByName(trust_store, cert.tbs.issuer_tlv);
-      if (!trust_anchor)
-        return false;
-      working_spki = der::Input(&trust_anchor->spki);
-      working_issuer_name = der::Input(&trust_anchor->name);
-    }
-
     // Per RFC 5280 section 6.1:
     //  * Do basic processing for each certificate
     //  * If it is the last certificate in the path (target certificate)
     //     - Then run "Wrap up"
     //     - Otherwise run "Prepare for Next cert"
-    if (!BasicCertificateProcessing(cert, is_target_cert, signature_policy,
-                                    time, working_spki, working_issuer_name,
-                                    name_constraints_list)) {
+    if (!BasicCertificateProcessing(
+            cert, is_target_cert, is_trust_anchor, signature_policy, time,
+            working_spki, working_issuer_name, name_constraints_list)) {
       return false;
     }
     if (!is_target_cert) {
@@ -616,4 +715,65 @@ bool VerifyCertificateChain(const std::vector<der::Input>& certs_der,
   return true;
 }
 
+// TODO(eroman): This function is a temporary hack in the absence of full
+// path building. It may insert 1 certificate at the root of the
+// chain to ensure that the path's root certificate is a trust anchor.
+//
+// Beyond this no other verification is done on the chain. The caller is
+// responsible for verifying the subsequent chain's correctness.
+WARN_UNUSED_RESULT bool BuildSimplePathToTrustAnchor(
+    const std::vector<der::Input>& certs_der,
+    const ParseCertificateOptions& options,
+    const TrustStore& trust_store,
+    std::vector<der::Input>* certs_der_trusted_root) {
+  // Copy the input chain.
+  *certs_der_trusted_root = certs_der;
+
+  if (certs_der.empty())
+    return false;
+
+  // Check if the current root certificate is trusted. If it is then no
+  // extra work is needed.
+  if (trust_store.IsTrustedCertificate(certs_der_trusted_root->back()))
+    return true;
+
+  // Otherwise if it is not trusted, check whether its issuer is trusted. If
+  // so, make *that* trusted certificate the root. If the issuer is not in
+  // the trust store then give up and fail (this is not full path building).
+  der::Input tbs_certificate_tlv;
+  der::Input signature_algorithm_tlv;
+  der::BitString signature_value;
+  ParsedTbsCertificate tbs;
+  if (!ParseCertificate(certs_der.back(), &tbs_certificate_tlv,
+                        &signature_algorithm_tlv, &signature_value) ||
+      !ParseTbsCertificate(tbs_certificate_tlv, options, &tbs)) {
+    return false;
+  }
+
+  auto trust_anchor = trust_store.FindTrustAnchorByName(tbs.issuer_tlv);
+  if (!trust_anchor)
+    return false;
+  certs_der_trusted_root->push_back(trust_anchor->cert());
+  return true;
+}
+
+}  // namespace
+
+bool VerifyCertificateChain(const std::vector<der::Input>& certs_der,
+                            const ParseCertificateOptions& options,
+                            const TrustStore& trust_store,
+                            const SignaturePolicy* signature_policy,
+                            const der::GeneralizedTime& time) {
+  // Modify the certificate chain so that its root is a trusted certificate.
+  std::vector<der::Input> certs_der_trusted_root;
+  if (!BuildSimplePathToTrustAnchor(certs_der, options, trust_store,
+                                    &certs_der_trusted_root)) {
+    return false;
+  }
+
+  // Verify the chain.
+  return VerifyCertificateChainAssumingTrustedRoot(
+      certs_der_trusted_root, options, trust_store, signature_policy, time);
+}
+
 }  // namespace net
diff --git a/chromium/net/cert/internal/verify_certificate_chain.h b/chromium/net/cert/internal/verify_certificate_chain.h
index 35a3ebaea89..fe6af6231f1 100644
--- a/chromium/net/cert/internal/verify_certificate_chain.h
+++ b/chromium/net/cert/internal/verify_certificate_chain.h
@@ -7,47 +7,122 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 #include <vector>
 
 #include "base/compiler_specific.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
+#include "net/cert/internal/parse_certificate.h"
+#include "net/der/input.h"
 
 namespace net {
 
 namespace der {
-class Input;
 struct GeneralizedTime;
 }
 
+struct ParseCertificateOptions;
 class SignaturePolicy;
 
-struct NET_EXPORT TrustAnchor {
+// Represents a trust anchor (i.e. a trusted root certificate).
+class NET_EXPORT TrustAnchor {
+ public:
+  // The certificate data for this trust anchor may either be owned internally
+  // (INTERNAL_COPY) or owned externally (EXTERNAL_REFERENCE). When it is
+  // owned internally the data is held by |cert_data_|
+  enum class DataSource {
+    INTERNAL_COPY,
+    EXTERNAL_REFERENCE,
+  };
+
+  TrustAnchor();
   ~TrustAnchor();
 
-  // DER-encoded SubjectPublicKeyInfo for the trusted key.
-  std::string spki;
+  // Creates a TrustAnchor given a DER-encoded certificate. Returns nullptr on
+  // failure. Failure will occur if the certificate data cannot be parsed to
+  // find a subject.
+  //
+  // The provided certificate data is either copied, or aliased, depending on
+  // the value of |source|. See the comments for DataSource for details.
+  static std::unique_ptr<TrustAnchor> CreateFromCertificateData(
+      const uint8_t* data,
+      size_t length,
+      const ParseCertificateOptions& options,
+      DataSource source);
+
+  // Returns true if the trust anchor matches |name|. In other words, returns
+  // true if the certificate's subject matches |name|.
+  bool MatchesName(const der::Input& name) const;
+
+  // Returns the DER-encoded certificate data for this trust anchor.
+  const der::Input& cert() const { return cert_; }
+
+ private:
+  // The backing store for the certificate data. This is only applicable when
+  // the trust anchor was initialized using DataSource::INTERNAL_COPY.
+  std::vector<uint8_t> cert_data_;
+
+  // Note that the backing data for |cert_| and |name_| may come either form
+  // |cert_data_| or some external buffer (depending on how the anchor was
+  // created).
+
+  // Points to the raw certificate DER.
+  der::Input cert_;
+
+  // Points to the subject TLV for the certificate.
+  der::Input name_;
 
-  // DER-encoded "Name" corresponding to the key.
-  std::string name;
+  DISALLOW_COPY_AND_ASSIGN(TrustAnchor);
 };
 
-// A very simple implementation of a TrustStore, which contains mappings from
-// names to trusted public keys.
-struct NET_EXPORT TrustStore {
+// A very simple implementation of a TrustStore, which contains a set of
+// trusted certificates.
+class NET_EXPORT TrustStore {
+ public:
   TrustStore();
-  TrustStore(const TrustStore& other);
   ~TrustStore();
 
-  std::vector<TrustAnchor> anchors;
+  // Empties the trust store, resetting it to original state.
+  void Clear();
+
+  // Adds a trusted certificate to the store. The trust store makes a copy of
+  // the provided certificate data.
+  bool AddTrustedCertificate(const uint8_t* data,
+                             size_t length) WARN_UNUSED_RESULT;
+  bool AddTrustedCertificate(const base::StringPiece& data) WARN_UNUSED_RESULT;
+
+  // This function is the same as AddTrustedCertificate() except the underlying
+  // data is not copied. The caller is responsible for ensuring that the data
+  // pointer remains alive and is not mutated for the lifetime of the
+  // TrustStore.
+  bool AddTrustedCertificateWithoutCopying(const uint8_t* data,
+                                           size_t length) WARN_UNUSED_RESULT;
+
+  // Returns the trust anchor that matches |name|, or nullptr if there is none.
+  // TODO(eroman): There may be multiple matches.
+  const TrustAnchor* FindTrustAnchorByName(const der::Input& name) const
+      WARN_UNUSED_RESULT;
+
+  // Returns true if |cert_der| matches a certificate in the TrustStore.
+  bool IsTrustedCertificate(const der::Input& cert_der) const
+      WARN_UNUSED_RESULT;
+
+ private:
+  bool AddTrustedCertificate(const uint8_t* data,
+                             size_t length,
+                             TrustAnchor::DataSource source) WARN_UNUSED_RESULT;
+
+  std::vector<std::unique_ptr<TrustAnchor>> anchors_;
+
+  DISALLOW_COPY_AND_ASSIGN(TrustStore);
 };
 
 // VerifyCertificateChain() verifies a certificate path (chain) based on the
 // rules in RFC 5280.
 //
-// WARNING: This implementation is in progress, and is currently
-// incomplete. DO NOT USE IT unless its limitations are acceptable for your use.
+// WARNING: This implementation is in progress, and is currently incomplete.
+// Consult an OWNER before using it.
 //
 // ---------
 // Inputs
@@ -59,7 +134,8 @@ struct NET_EXPORT TrustStore {
 //
 //      * cert_chain[0] is the target certificate to verify.
 //      * cert_chain[i+1] holds the certificate that issued cert_chain[i].
-//      * cert_chain[N-1] must have been issued by a trust anchor
+//      * cert_chain[N-1] must be the trust anchor, or have been directly
+//        issued by a trust anchor.
 //
 //   trust_store:
 //     Contains the set of trusted public keys (and their names).
@@ -77,6 +153,7 @@ struct NET_EXPORT TrustStore {
 //
 //   Returns true if the target certificate can be verified.
 NET_EXPORT bool VerifyCertificateChain(const std::vector<der::Input>& certs_der,
+                                       const ParseCertificateOptions& options,
                                        const TrustStore& trust_store,
                                        const SignaturePolicy* signature_policy,
                                        const der::GeneralizedTime& time)
diff --git a/chromium/net/cert/internal/verify_certificate_chain_pkits_unittest.cc b/chromium/net/cert/internal/verify_certificate_chain_pkits_unittest.cc
index 98b0e7b800a..3499c4c9075 100644
--- a/chromium/net/cert/internal/verify_certificate_chain_pkits_unittest.cc
+++ b/chromium/net/cert/internal/verify_certificate_chain_pkits_unittest.cc
@@ -2,10 +2,6 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-// TODO(eroman): Because VerifySignedData() is only implemented for BoringSSL
-// these tests also depend on BoringSSL.
-#if defined(USE_OPENSSL)
-
 #include "net/cert/internal/verify_certificate_chain.h"
 
 #include "net/cert/internal/parse_certificate.h"
@@ -47,18 +43,6 @@ namespace net {
 
 namespace {
 
-// Adds the certificate |cert_der| as a trust anchor to |trust_store|.
-void AddCertificateToTrustStore(const std::string& cert_der,
-                                TrustStore* trust_store) {
-  ParsedCertificate cert;
-  ASSERT_TRUE(ParseCertificate(der::Input(&cert_der), &cert));
-
-  ParsedTbsCertificate tbs;
-  ASSERT_TRUE(ParseTbsCertificate(cert.tbs_certificate_tlv, &tbs));
-  TrustAnchor anchor = {tbs.spki_tlv.AsString(), tbs.subject_tlv.AsString()};
-  trust_store->anchors.push_back(anchor);
-}
-
 class VerifyCertificateChainPkitsTestDelegate {
  public:
   static bool Verify(std::vector<std::string> cert_ders,
@@ -69,7 +53,7 @@ class VerifyCertificateChainPkitsTestDelegate {
     }
     // First entry in the PKITS chain is the trust anchor.
     TrustStore trust_store;
-    AddCertificateToTrustStore(cert_ders[0], &trust_store);
+    EXPECT_TRUE(trust_store.AddTrustedCertificate(cert_ders[0]));
 
     // PKITS lists chains from trust anchor to target, VerifyCertificateChain
     // takes them starting with the target and not including the trust anchor.
@@ -82,8 +66,8 @@ class VerifyCertificateChainPkitsTestDelegate {
     // Run all tests at the time the PKITS was published.
     der::GeneralizedTime time = {2011, 4, 15, 0, 0, 0};
 
-    return VerifyCertificateChain(input_chain, trust_store, &signature_policy,
-                                  time);
+    return VerifyCertificateChain(input_chain, {}, trust_store,
+                                  &signature_policy, time);
   }
 };
 
@@ -219,5 +203,3 @@ INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain,
 // PkitsTest11InhibitPolicyMapping, PkitsTest12InhibitAnyPolicy
 
 }  // namespace net
-
-#endif  // USE_OPENSSL
diff --git a/chromium/net/cert/internal/verify_certificate_chain_unittest.cc b/chromium/net/cert/internal/verify_certificate_chain_unittest.cc
index c997f5386ef..3c5749943a2 100644
--- a/chromium/net/cert/internal/verify_certificate_chain_unittest.cc
+++ b/chromium/net/cert/internal/verify_certificate_chain_unittest.cc
@@ -17,10 +17,6 @@
 #include "net/der/input.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
-// TODO(eroman): Because VerifySignedData() is only implemented for BoringSSL
-// these tests also depend on BoringSSL.
-#if defined(USE_OPENSSL)
-
 namespace net {
 
 namespace {
@@ -43,18 +39,6 @@ std::string ReadTestFileToString(const std::string& file_name) {
   return file_data;
 }
 
-// Adds the certificate |cert_der| as a trust anchor to |trust_store|.
-void AddCertificateToTrustStore(const std::string& cert_der,
-                                TrustStore* trust_store) {
-  ParsedCertificate cert;
-  ASSERT_TRUE(ParseCertificate(der::Input(&cert_der), &cert));
-
-  ParsedTbsCertificate tbs;
-  ASSERT_TRUE(ParseTbsCertificate(cert.tbs_certificate_tlv, &tbs));
-  TrustAnchor anchor = {tbs.spki_tlv.AsString(), tbs.subject_tlv.AsString()};
-  trust_store->anchors.push_back(anchor);
-}
-
 // Reads a test case from |file_name|. Test cases are comprised of a
 // certificate chain, trust store, a timestamp to validate at, and the
 // expected result of verification.
@@ -64,7 +48,7 @@ void ReadTestFromFile(const std::string& file_name,
                       der::GeneralizedTime* time,
                       bool* verify_result) {
   chain->clear();
-  *trust_store = TrustStore();
+  trust_store->Clear();
 
   std::string file_data = ReadTestFileToString(file_name);
 
@@ -91,7 +75,7 @@ void ReadTestFromFile(const std::string& file_name,
     if (block_type == kCertificateHeader) {
       chain->push_back(block_data);
     } else if (block_type == kTrustedCertificateHeader) {
-      AddCertificateToTrustStore(block_data, trust_store);
+      ASSERT_TRUE(trust_store->AddTrustedCertificate(block_data));
     } else if (block_type == kTimeHeader) {
       ASSERT_FALSE(has_time) << "Duplicate " << kTimeHeader;
       has_time = true;
@@ -123,8 +107,8 @@ void RunTest(const char* file_name) {
 
   SimpleSignaturePolicy signature_policy(1024);
 
-  bool result =
-      VerifyCertificateChain(input_chain, trust_store, &signature_policy, time);
+  bool result = VerifyCertificateChain(input_chain, {}, trust_store,
+                                       &signature_policy, time);
 
   ASSERT_EQ(expected_result, result);
 }
@@ -201,6 +185,10 @@ TEST(VerifyCertificateChainTest, ExpiredTargetNotBefore) {
   RunTest("expired-target-notBefore.pem");
 }
 
+TEST(VerifyCertificateChainTest, ExpiredRoot) {
+  RunTest("expired-root.pem");
+}
+
 TEST(VerifyCertificateChainTest, TargetNotEndEntity) {
   RunTest("target-not-end-entity.pem");
 }
@@ -225,6 +213,14 @@ TEST(VerifyCertificateChainTest, IssuerAndSubjectNotByteForByteEqualAnchor) {
   RunTest("issuer-and-subject-not-byte-for-byte-equal-anchor.pem");
 }
 
+TEST(VerifyCertificateChainTest, ViolatesPathlen1Root) {
+  RunTest("violates-pathlen-1-root.pem");
+}
+
+TEST(VerifyCertificateChainTest, NonSelfSignedRoot) {
+  RunTest("non-self-signed-root.pem");
+}
+
 // Tests that verifying a chain with no certificates fails.
 TEST(VerifyCertificateChainTest, EmptyChainIsInvalid) {
   TrustStore trust_store;
@@ -233,7 +229,7 @@ TEST(VerifyCertificateChainTest, EmptyChainIsInvalid) {
   SimpleSignaturePolicy signature_policy(2048);
 
   ASSERT_FALSE(
-      VerifyCertificateChain(chain, trust_store, &signature_policy, time));
+      VerifyCertificateChain(chain, {}, trust_store, &signature_policy, time));
 }
 
 // TODO(eroman): Add test that invalidate validity dates where the day or month
@@ -242,5 +238,3 @@ TEST(VerifyCertificateChainTest, EmptyChainIsInvalid) {
 }  // namespace
 
 }  // namespace net
-
-#endif
diff --git a/chromium/net/cert/internal/verify_name_match.cc b/chromium/net/cert/internal/verify_name_match.cc
index 444f3c97f30..3cfa4a17586 100644
--- a/chromium/net/cert/internal/verify_name_match.cc
+++ b/chromium/net/cert/internal/verify_name_match.cc
@@ -4,7 +4,13 @@
 
 #include "net/cert/internal/verify_name_match.h"
 
+#include <algorithm>
+#include <vector>
+
+#include "base/strings/string_util.h"
 #include "base/tuple.h"
+#include "crypto/auto_cbb.h"
+#include "crypto/scoped_openssl_types.h"
 #include "net/cert/internal/parse_name.h"
 #include "net/der/input.h"
 #include "net/der/parser.h"
@@ -79,7 +85,7 @@ WARN_UNUSED_RESULT bool NormalizeDirectoryString(
       std::string::const_iterator next_iter = read_iter + 1;
       if (next_iter != output->end() && *next_iter != ' ')
         *(write_iter++) = ' ';
-    } else if (c >= 'A' && c <= 'Z') {
+    } else if (base::IsAsciiUpper(c)) {
       // Fold case.
       *(write_iter++) = c + ('a' - 'A');
     } else {
@@ -89,7 +95,7 @@ WARN_UNUSED_RESULT bool NormalizeDirectoryString(
         case ENFORCE_PRINTABLE_STRING:
           // See NormalizePrintableStringValue comment for the acceptable list
           // of characters.
-          if (!((c >= 'a' && c <= 'z') || (c >= '\'' && c <= ':') || c == '=' ||
+          if (!(base::IsAsciiLower(c) || (c >= '\'' && c <= ':') || c == '=' ||
                 c == '?'))
             return false;
           break;
@@ -247,7 +253,7 @@ bool VerifyNameMatchInternal(const der::Input& a,
   // RDNs, for each RDN in DN1 there is a matching RDN in DN2, and the matching
   // RDNs appear in the same order in both DNs.
 
-  // First just check if the inputs have the same number of RDNs:
+  // As an optimization, first just compare the number of RDNs:
   der::Parser a_rdn_sequence_counter(a);
   der::Parser b_rdn_sequence_counter(b);
   while (a_rdn_sequence_counter.HasMore() && b_rdn_sequence_counter.HasMore()) {
@@ -264,7 +270,7 @@ bool VerifyNameMatchInternal(const der::Input& a,
   if (match_type == EXACT_MATCH && a_rdn_sequence_counter.HasMore())
     return false;
 
-  // Same number of RDNs, now check if they match.
+  // Verify that RDNs in |a| and |b| match.
   der::Parser a_rdn_sequence(a);
   der::Parser b_rdn_sequence(b);
   while (a_rdn_sequence.HasMore() && b_rdn_sequence.HasMore()) {
@@ -282,6 +288,113 @@ bool VerifyNameMatchInternal(const der::Input& a,
 
 }  // namespace
 
+bool NormalizeName(const der::Input& name_rdn_sequence,
+                   std::string* normalized_rdn_sequence) {
+  // RFC 5280 section 4.1.2.4
+  // RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+  der::Parser rdn_sequence_parser(name_rdn_sequence);
+
+  crypto::AutoCBB cbb;
+  if (!CBB_init(cbb.get(), 0))
+    return false;
+
+  while (rdn_sequence_parser.HasMore()) {
+    // RelativeDistinguishedName ::= SET SIZE (1..MAX) OF AttributeTypeAndValue
+    der::Parser rdn_parser;
+    if (!rdn_sequence_parser.ReadConstructed(der::kSet, &rdn_parser))
+      return false;
+    RelativeDistinguishedName type_and_values;
+    if (!ReadRdn(&rdn_parser, &type_and_values))
+      return false;
+
+    // The AttributeTypeAndValue objects in the SET OF need to be sorted on
+    // their DER encodings. Encode each individually and save the encoded values
+    // in |encoded_attribute_type_and_values| so that it can be sorted before
+    // being added to |rdn_cbb|. |scoped_encoded_attribute_type_and_values|
+    // owns the |OPENSSL_malloc|ed memory referred to by
+    // |encoded_attribute_type_and_values|.
+    CBB rdn_cbb;
+    if (!CBB_add_asn1(cbb.get(), &rdn_cbb, CBS_ASN1_SET))
+      return false;
+    std::vector<crypto::ScopedOpenSSLBytes>
+        scoped_encoded_attribute_type_and_values;
+    std::vector<der::Input> encoded_attribute_type_and_values;
+
+    for (const auto& type_and_value : type_and_values) {
+      // A top-level CBB for encoding each individual AttributeTypeAndValue.
+      crypto::AutoCBB type_and_value_encoder_cbb;
+      if (!CBB_init(type_and_value_encoder_cbb.get(), 0))
+        return false;
+
+      // AttributeTypeAndValue ::= SEQUENCE {
+      //   type     AttributeType,
+      //   value    AttributeValue }
+      CBB attribute_type_and_value_cbb, type_cbb, value_cbb;
+      if (!CBB_add_asn1(type_and_value_encoder_cbb.get(),
+                        &attribute_type_and_value_cbb, CBS_ASN1_SEQUENCE)) {
+        return false;
+      }
+
+      // AttributeType ::= OBJECT IDENTIFIER
+      if (!CBB_add_asn1(&attribute_type_and_value_cbb, &type_cbb,
+                        CBS_ASN1_OBJECT) ||
+          !CBB_add_bytes(&type_cbb, type_and_value.type.UnsafeData(),
+                         type_and_value.type.Length())) {
+        return false;
+      }
+
+      // AttributeValue ::= ANY -- DEFINED BY AttributeType
+      if (IsNormalizableDirectoryString(type_and_value.value_tag)) {
+        std::string normalized_value;
+        if (!NormalizeValue(type_and_value, &normalized_value))
+          return false;
+        if (!CBB_add_asn1(&attribute_type_and_value_cbb, &value_cbb,
+                          CBS_ASN1_UTF8STRING) ||
+            !CBB_add_bytes(&value_cbb, reinterpret_cast<const uint8_t*>(
+                                           normalized_value.data()),
+                           normalized_value.size()))
+          return false;
+      } else {
+        if (!CBB_add_asn1(&attribute_type_and_value_cbb, &value_cbb,
+                          type_and_value.value_tag) ||
+            !CBB_add_bytes(&value_cbb, type_and_value.value.UnsafeData(),
+                           type_and_value.value.Length()))
+          return false;
+      }
+
+      uint8_t* bytes;
+      size_t len;
+      if (!CBB_finish(type_and_value_encoder_cbb.get(), &bytes, &len))
+        return false;
+      scoped_encoded_attribute_type_and_values.push_back(
+          crypto::ScopedOpenSSLBytes(bytes));
+      encoded_attribute_type_and_values.push_back(der::Input(bytes, len));
+    }
+
+    std::sort(encoded_attribute_type_and_values.begin(),
+              encoded_attribute_type_and_values.end());
+    for (const auto& encoded_attribute_type_and_value :
+         encoded_attribute_type_and_values) {
+      if (!CBB_add_bytes(&rdn_cbb,
+                         encoded_attribute_type_and_value.UnsafeData(),
+                         encoded_attribute_type_and_value.Length())) {
+        return false;
+      }
+    }
+
+    if (!CBB_flush(cbb.get()))
+      return false;
+  }
+
+  uint8_t* der;
+  size_t der_len;
+  if (!CBB_finish(cbb.get(), &der, &der_len))
+    return false;
+  normalized_rdn_sequence->assign(der, der + der_len);
+  OPENSSL_free(der);
+  return true;
+}
+
 bool VerifyNameMatch(const der::Input& a_rdn_sequence,
                      const der::Input& b_rdn_sequence) {
   return VerifyNameMatchInternal(a_rdn_sequence, b_rdn_sequence, EXACT_MATCH);
diff --git a/chromium/net/cert/internal/verify_name_match.h b/chromium/net/cert/internal/verify_name_match.h
index 5cca36ad2db..02236bb2e20 100644
--- a/chromium/net/cert/internal/verify_name_match.h
+++ b/chromium/net/cert/internal/verify_name_match.h
@@ -5,6 +5,8 @@
 #ifndef NET_CERT_INTERNAL_VERIFY_NAME_MATCH_H_
 #define NET_CERT_INTERNAL_VERIFY_NAME_MATCH_H_
 
+#include <string>
+
 #include "base/compiler_specific.h"
 #include "base/strings/string_piece.h"
 #include "net/base/net_export.h"
@@ -15,6 +17,14 @@ namespace der {
 class Input;
 }  // namespace der
 
+// Normalizes DER-encoded X.501 Name |name_rdn_sequence| (which should not
+// include the Sequence tag).  If successful, returns true and stores the
+// normalized DER-encoded Name into |normalized_rdn_sequence| (not including an
+// outer Sequence tag). Returns false if there was an error parsing or
+// normalizing the input.
+NET_EXPORT bool NormalizeName(const der::Input& name_rdn_sequence,
+                              std::string* normalized_rdn_sequence);
+
 // Compares DER-encoded X.501 Name values according to RFC 5280 rules.
 // |a_rdn_sequence| and |b_rdn_sequence| should be the DER-encoded RDNSequence
 // values (not including the Sequence tag).
diff --git a/chromium/net/cert/internal/verify_name_match_fuzzer.cc b/chromium/net/cert/internal/verify_name_match_fuzzer.cc
new file mode 100644
index 00000000000..8f516931b80
--- /dev/null
+++ b/chromium/net/cert/internal/verify_name_match_fuzzer.cc
@@ -0,0 +1,24 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/cert/internal/verify_name_match.h"
+
+#include "net/base/fuzzed_data_provider.h"
+#include "net/der/input.h"
+
+// Entry point for LibFuzzer.
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  net::FuzzedDataProvider fuzzed_data(data, size);
+  size_t first_part_size = fuzzed_data.ConsumeUint16();
+  base::StringPiece first_part = fuzzed_data.ConsumeBytes(first_part_size);
+  base::StringPiece second_part = fuzzed_data.ConsumeRemainingBytes();
+
+  net::der::Input in1(first_part);
+  net::der::Input in2(second_part);
+  bool match = net::VerifyNameMatch(in1, in2);
+  bool reverse_order_match = net::VerifyNameMatch(in2, in1);
+  // Result should be the same regardless of argument order.
+  CHECK_EQ(match, reverse_order_match);
+  return 0;
+}
diff --git a/chromium/net/cert/internal/verify_name_match_normalizename_fuzzer.cc b/chromium/net/cert/internal/verify_name_match_normalizename_fuzzer.cc
new file mode 100644
index 00000000000..a461caeba21
--- /dev/null
+++ b/chromium/net/cert/internal/verify_name_match_normalizename_fuzzer.cc
@@ -0,0 +1,24 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/cert/internal/verify_name_match.h"
+
+#include "net/der/input.h"
+
+// Entry point for LibFuzzer.
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  net::der::Input in(data, size);
+  std::string normalized_der;
+  bool success = net::NormalizeName(in, &normalized_der);
+  if (success) {
+    // If the input was successfully normalized, re-normalizing it should
+    // produce the same output again.
+    std::string renormalized_der;
+    bool renormalize_success =
+        net::NormalizeName(net::der::Input(&normalized_der), &renormalized_der);
+    CHECK(renormalize_success);
+    CHECK_EQ(normalized_der, renormalized_der);
+  }
+  return 0;
+}
diff --git a/chromium/net/cert/internal/verify_name_match_unittest.cc b/chromium/net/cert/internal/verify_name_match_unittest.cc
index 2bdf82efb68..6eaf701453b 100644
--- a/chromium/net/cert/internal/verify_name_match_unittest.cc
+++ b/chromium/net/cert/internal/verify_name_match_unittest.cc
@@ -352,6 +352,8 @@ TEST(VerifyNameMatchInvalidDataTest, FailOnInvalidPrintableStringChars) {
     // Verification should fail due to the invalid character.
     EXPECT_FALSE(VerifyNameMatch(SequenceValueFromString(&der),
                                  SequenceValueFromString(&der)));
+    std::string normalized_der;
+    EXPECT_FALSE(NormalizeName(SequenceValueFromString(&der), &normalized_der));
   }
 }
 
@@ -368,6 +370,9 @@ TEST(VerifyNameMatchInvalidDataTest, FailOnInvalidIA5StringChars) {
     bool expected_result = (c <= 127);
     EXPECT_EQ(expected_result, VerifyNameMatch(SequenceValueFromString(&der),
                                                SequenceValueFromString(&der)));
+    std::string normalized_der;
+    EXPECT_EQ(expected_result,
+              NormalizeName(SequenceValueFromString(&der), &normalized_der));
   }
 }
 
@@ -379,6 +384,9 @@ TEST(VerifyNameMatchInvalidDataTest, FailOnAttributeTypeAndValueExtraData) {
   // sequence.
   EXPECT_FALSE(VerifyNameMatch(SequenceValueFromString(&invalid),
                                SequenceValueFromString(&invalid)));
+  std::string normalized_der;
+  EXPECT_FALSE(
+      NormalizeName(SequenceValueFromString(&invalid), &normalized_der));
 }
 
 TEST(VerifyNameMatchInvalidDataTest, FailOnAttributeTypeAndValueShort) {
@@ -389,6 +397,9 @@ TEST(VerifyNameMatchInvalidDataTest, FailOnAttributeTypeAndValueShort) {
   // one element.
   EXPECT_FALSE(VerifyNameMatch(SequenceValueFromString(&invalid),
                                SequenceValueFromString(&invalid)));
+  std::string normalized_der;
+  EXPECT_FALSE(
+      NormalizeName(SequenceValueFromString(&invalid), &normalized_der));
 }
 
 TEST(VerifyNameMatchInvalidDataTest, FailOnAttributeTypeAndValueEmpty) {
@@ -398,6 +409,9 @@ TEST(VerifyNameMatchInvalidDataTest, FailOnAttributeTypeAndValueEmpty) {
   // Verification should fail due to empty AttributeTypeAndValue sequence.
   EXPECT_FALSE(VerifyNameMatch(SequenceValueFromString(&invalid),
                                SequenceValueFromString(&invalid)));
+  std::string normalized_der;
+  EXPECT_FALSE(
+      NormalizeName(SequenceValueFromString(&invalid), &normalized_der));
 }
 
 TEST(VerifyNameMatchInvalidDataTest, FailOnBadAttributeType) {
@@ -407,6 +421,9 @@ TEST(VerifyNameMatchInvalidDataTest, FailOnBadAttributeType) {
   // Verification should fail due to Attribute Type not being an OID.
   EXPECT_FALSE(VerifyNameMatch(SequenceValueFromString(&invalid),
                                SequenceValueFromString(&invalid)));
+  std::string normalized_der;
+  EXPECT_FALSE(
+      NormalizeName(SequenceValueFromString(&invalid), &normalized_der));
 }
 
 TEST(VerifyNameMatchInvalidDataTest, FailOnAttributeTypeAndValueNotSequence) {
@@ -417,6 +434,9 @@ TEST(VerifyNameMatchInvalidDataTest, FailOnAttributeTypeAndValueNotSequence) {
   // of a Sequence.
   EXPECT_FALSE(VerifyNameMatch(SequenceValueFromString(&invalid),
                                SequenceValueFromString(&invalid)));
+  std::string normalized_der;
+  EXPECT_FALSE(
+      NormalizeName(SequenceValueFromString(&invalid), &normalized_der));
 }
 
 TEST(VerifyNameMatchInvalidDataTest, FailOnRdnNotSet) {
@@ -425,6 +445,9 @@ TEST(VerifyNameMatchInvalidDataTest, FailOnRdnNotSet) {
   // Verification should fail due to RDN being a Sequence instead of a Set.
   EXPECT_FALSE(VerifyNameMatch(SequenceValueFromString(&invalid),
                                SequenceValueFromString(&invalid)));
+  std::string normalized_der;
+  EXPECT_FALSE(
+      NormalizeName(SequenceValueFromString(&invalid), &normalized_der));
 }
 
 TEST(VerifyNameMatchInvalidDataTest, FailOnEmptyRdn) {
@@ -433,6 +456,9 @@ TEST(VerifyNameMatchInvalidDataTest, FailOnEmptyRdn) {
   // Verification should fail due to RDN having zero AttributeTypeAndValues.
   EXPECT_FALSE(VerifyNameMatch(SequenceValueFromString(&invalid),
                                SequenceValueFromString(&invalid)));
+  std::string normalized_der;
+  EXPECT_FALSE(
+      NormalizeName(SequenceValueFromString(&invalid), &normalized_der));
 }
 
 // Matching should fail if a BMPString contains surrogates.
@@ -449,6 +475,9 @@ TEST(VerifyNameMatchInvalidDataTest, FailOnBmpStringSurrogates) {
   // Verification should fail due to the invalid codepoints.
   EXPECT_FALSE(VerifyNameMatch(SequenceValueFromString(&invalid),
                                SequenceValueFromString(&invalid)));
+  std::string normalized_der;
+  EXPECT_FALSE(
+      NormalizeName(SequenceValueFromString(&invalid), &normalized_der));
 }
 
 TEST(VerifyNameMatchTest, EmptyNameMatching) {
@@ -457,6 +486,11 @@ TEST(VerifyNameMatchTest, EmptyNameMatching) {
   // Empty names are equal.
   EXPECT_TRUE(VerifyNameMatch(SequenceValueFromString(&empty),
                               SequenceValueFromString(&empty)));
+  // An empty name normalized is unchanged.
+  std::string normalized_empty_der;
+  EXPECT_TRUE(
+      NormalizeName(SequenceValueFromString(&empty), &normalized_empty_der));
+  EXPECT_EQ(SequenceValueFromString(&empty), der::Input(&normalized_empty_der));
 
   // An empty name is not equal to non-empty name.
   std::string non_empty;
@@ -527,4 +561,26 @@ TEST(VerifyNameInSubtreeTest, EmptyNameMatching) {
                                    SequenceValueFromString(&non_empty)));
 }
 
+// Verify that the normalized output matches the pre-generated expected value
+// for a single larger input that exercises all of the string types, unicode
+// (basic and supplemental planes), whitespace collapsing, case folding, as
+// well as SET sorting.
+TEST(NameNormalizationTest, TestEverything) {
+  std::string expected_normalized_der;
+  ASSERT_TRUE(
+      LoadTestData("unicode", "mixed", "normalized", &expected_normalized_der));
+
+  std::string raw_der;
+  ASSERT_TRUE(LoadTestData("unicode", "mixed", "unnormalized", &raw_der));
+  std::string normalized_der;
+  ASSERT_TRUE(
+      NormalizeName(SequenceValueFromString(&raw_der), &normalized_der));
+  EXPECT_EQ(SequenceValueFromString(&expected_normalized_der),
+            der::Input(&normalized_der));
+  // Re-normalizing an already normalized Name should not change it.
+  std::string renormalized_der;
+  ASSERT_TRUE(NormalizeName(der::Input(&normalized_der), &renormalized_der));
+  EXPECT_EQ(normalized_der, renormalized_der);
+}
+
 }  // namespace net
diff --git a/chromium/net/cert/internal/verify_name_match_verifynameinsubtree_fuzzer.cc b/chromium/net/cert/internal/verify_name_match_verifynameinsubtree_fuzzer.cc
new file mode 100644
index 00000000000..f0a8828844d
--- /dev/null
+++ b/chromium/net/cert/internal/verify_name_match_verifynameinsubtree_fuzzer.cc
@@ -0,0 +1,25 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/cert/internal/verify_name_match.h"
+
+#include "net/base/fuzzed_data_provider.h"
+#include "net/der/input.h"
+
+// Entry point for LibFuzzer.
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  net::FuzzedDataProvider fuzzed_data(data, size);
+  size_t first_part_size = fuzzed_data.ConsumeUint16();
+  base::StringPiece first_part = fuzzed_data.ConsumeBytes(first_part_size);
+  base::StringPiece second_part = fuzzed_data.ConsumeRemainingBytes();
+
+  net::der::Input in1(first_part);
+  net::der::Input in2(second_part);
+  bool match = net::VerifyNameInSubtree(in1, in2);
+  bool reverse_order_match = net::VerifyNameInSubtree(in2, in1);
+  // If both InSubtree matches are true, then in1 == in2 (modulo normalization).
+  if (match && reverse_order_match)
+    CHECK(net::VerifyNameMatch(in1, in2));
+  return 0;
+}
diff --git a/chromium/net/cert/internal/verify_signed_data.cc b/chromium/net/cert/internal/verify_signed_data.cc
index eb0fd3ff2b6..fe6aae80d94 100644
--- a/chromium/net/cert/internal/verify_signed_data.cc
+++ b/chromium/net/cert/internal/verify_signed_data.cc
@@ -4,31 +4,6 @@
 
 #include "net/cert/internal/verify_signed_data.h"
 
-#include "base/logging.h"
-#include "net/der/parse_values.h"
-
-// TODO(eroman): There is no intention to implement this for non-OpenSSL. Remove
-// this branch once the migration is complete. This could have been done as a
-// conditional file (_openssl.cc) in the build file instead, but that is likely
-// not worth the effort at this point.
-
-#if !defined(USE_OPENSSL)
-
-namespace net {
-
-bool VerifySignedData(const SignatureAlgorithm& signature_algorithm,
-                      const der::Input& signed_data,
-                      const der::BitString& signature_value,
-                      const der::Input& public_key,
-                      const SignaturePolicy* policy) {
-  NOTIMPLEMENTED();
-  return false;
-}
-
-}  // namespace net
-
-#else
-
 #include <openssl/bytestring.h>
 #include <openssl/digest.h>
 #include <openssl/ec.h>
@@ -37,11 +12,13 @@ bool VerifySignedData(const SignatureAlgorithm& signature_algorithm,
 #include <openssl/rsa.h>
 
 #include "base/compiler_specific.h"
+#include "base/logging.h"
 #include "crypto/openssl_util.h"
 #include "crypto/scoped_openssl_types.h"
 #include "net/cert/internal/signature_algorithm.h"
 #include "net/cert/internal/signature_policy.h"
 #include "net/der/input.h"
+#include "net/der/parse_values.h"
 #include "net/der/parser.h"
 
 namespace net {
@@ -312,5 +289,3 @@ bool VerifySignedData(const SignatureAlgorithm& signature_algorithm,
 }
 
 }  // namespace net
-
-#endif
diff --git a/chromium/net/cert/internal/verify_signed_data_unittest.cc b/chromium/net/cert/internal/verify_signed_data_unittest.cc
index 43a4856b312..ba0fab2c215 100644
--- a/chromium/net/cert/internal/verify_signed_data_unittest.cc
+++ b/chromium/net/cert/internal/verify_signed_data_unittest.cc
@@ -4,6 +4,7 @@
 
 #include "net/cert/internal/verify_signed_data.h"
 
+#include <memory>
 #include <set>
 
 #include "net/cert/internal/signature_algorithm.h"
@@ -14,9 +15,7 @@
 #include "net/der/parser.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
-#if defined(USE_OPENSSL)
 #include <openssl/obj.h>
-#endif
 
 namespace net {
 
@@ -38,11 +37,6 @@ enum VerifyResult {
 void RunTestCaseUsingPolicy(VerifyResult expected_result,
                             const char* file_name,
                             const SignaturePolicy* policy) {
-#if !defined(USE_OPENSSL)
-  LOG(INFO) << "Skipping test, only implemented for BoringSSL";
-  return;
-#endif
-
   std::string path =
       std::string("net/data/verify_signed_data_unittest/") + file_name;
 
@@ -60,7 +54,7 @@ void RunTestCaseUsingPolicy(VerifyResult expected_result,
 
   ASSERT_TRUE(ReadTestDataFromPemFile(path, mappings));
 
-  scoped_ptr<SignatureAlgorithm> signature_algorithm =
+  std::unique_ptr<SignatureAlgorithm> signature_algorithm =
       SignatureAlgorithm::CreateFromDer(der::Input(&algorithm));
   ASSERT_TRUE(signature_algorithm);
 
@@ -222,10 +216,8 @@ TEST(VerifySignedDataTest, EcdsaPrime256v1Sha512UnusedBitsSignature) {
 class RejectSecp384r1Policy : public SignaturePolicy {
  public:
   bool IsAcceptableCurveForEcdsa(int curve_nid) const override {
-#if defined(USE_OPENSSL)
     if (curve_nid == NID_secp384r1)
       return false;
-#endif
     return true;
   }
 };
diff --git a/chromium/net/cert/jwk_serializer_openssl.cc b/chromium/net/cert/jwk_serializer.cc
index 12c8e4dae89..3a6a86d3e7c 100644
--- a/chromium/net/cert/jwk_serializer_openssl.cc
+++ b/chromium/net/cert/jwk_serializer.cc
@@ -53,8 +53,8 @@ bool ConvertEcKeyToJwk(EVP_PKEY* pkey,
 
   crypto::ScopedBIGNUM x(BN_new());
   crypto::ScopedBIGNUM y(BN_new());
-  if (!EC_POINT_get_affine_coordinates_GFp(ec_group, ec_point,
-                                           x.get(), y.get(), NULL)) {
+  if (!EC_POINT_get_affine_coordinates_GFp(ec_group, ec_point, x.get(), y.get(),
+                                           NULL)) {
     return false;
   }
 
@@ -88,9 +88,8 @@ bool ConvertEcKeyToJwk(EVP_PKEY* pkey,
 
 }  // namespace
 
-bool ConvertSpkiFromDerToJwk(
-    const base::StringPiece& spki_der,
-    base::DictionaryValue* public_key_jwk) {
+bool ConvertSpkiFromDerToJwk(const base::StringPiece& spki_der,
+                             base::DictionaryValue* public_key_jwk) {
   public_key_jwk->Clear();
 
   crypto::EnsureOpenSSLInit();
diff --git a/chromium/net/cert/jwk_serializer_nss.cc b/chromium/net/cert/jwk_serializer_nss.cc
deleted file mode 100644
index 426a207a854..00000000000
--- a/chromium/net/cert/jwk_serializer_nss.cc
+++ /dev/null
@@ -1,119 +0,0 @@
-// Copyright 2013 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "net/cert/jwk_serializer.h"
-
-#include <cert.h>
-#include <keyhi.h>
-#include <nss.h>
-
-#include "base/base64url.h"
-#include "base/memory/scoped_ptr.h"
-#include "base/values.h"
-#include "crypto/nss_util.h"
-#include "crypto/scoped_nss_types.h"
-
-namespace net {
-
-namespace JwkSerializer {
-
-namespace {
-
-bool ConvertEcPrime256v1PublicKeyInfoToJwk(
-    CERTSubjectPublicKeyInfo* spki,
-    base::DictionaryValue* public_key_jwk) {
-  static const int kUncompressedEncodingType = 4;
-  static const int kPrime256v1PublicKeyLength = 64;
-  // The public key value is encoded as 0x04 + 64 bytes of public key.
-  // NSS gives the length as the bit length.
-  if (spki->subjectPublicKey.len != (kPrime256v1PublicKeyLength + 1) * 8 ||
-      spki->subjectPublicKey.data[0] != kUncompressedEncodingType)
-    return false;
-
-  public_key_jwk->SetString("kty", "EC");
-  public_key_jwk->SetString("crv", "P-256");
-
-  base::StringPiece x(
-      reinterpret_cast<char*>(spki->subjectPublicKey.data + 1),
-      kPrime256v1PublicKeyLength / 2);
-  std::string x_b64;
-  base::Base64UrlEncode(x, base::Base64UrlEncodePolicy::OMIT_PADDING, &x_b64);
-  public_key_jwk->SetString("x", x_b64);
-
-  base::StringPiece y(
-      reinterpret_cast<char*>(spki->subjectPublicKey.data + 1 +
-                              kPrime256v1PublicKeyLength / 2),
-      kPrime256v1PublicKeyLength / 2);
-  std::string y_b64;
-  base::Base64UrlEncode(y, base::Base64UrlEncodePolicy::OMIT_PADDING, &y_b64);
-  public_key_jwk->SetString("y", y_b64);
-  return true;
-}
-
-bool ConvertEcPublicKeyInfoToJwk(
-    CERTSubjectPublicKeyInfo* spki,
-    base::DictionaryValue* public_key_jwk) {
-  // 1.2.840.10045.3.1.7
-  // (iso.member-body.us.ansi-x9-62.ellipticCurve.primeCurve.prime256v1)
-  // (This includes the DER-encoded type (OID) and length: parameters can be
-  // anything, so the DER type isn't implied, and NSS includes it.)
-  static const unsigned char kPrime256v1[] = {
-    0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
-  };
-  if (spki->algorithm.parameters.len == sizeof(kPrime256v1) &&
-      !memcmp(spki->algorithm.parameters.data, kPrime256v1,
-              sizeof(kPrime256v1))) {
-    return ConvertEcPrime256v1PublicKeyInfoToJwk(spki, public_key_jwk);
-  }
-  // TODO(juanlang): other curves
-  return false;
-}
-
-typedef scoped_ptr<
-    CERTSubjectPublicKeyInfo,
-    crypto::NSSDestroyer<CERTSubjectPublicKeyInfo,
-                         SECKEY_DestroySubjectPublicKeyInfo> >
-    ScopedCERTSubjectPublicKeyInfo;
-
-}  // namespace
-
-bool ConvertSpkiFromDerToJwk(
-    const base::StringPiece& spki_der,
-    base::DictionaryValue* public_key_jwk) {
-  public_key_jwk->Clear();
-
-  crypto::EnsureNSSInit();
-
-  if (!NSS_IsInitialized())
-    return false;
-
-  SECItem sec_item;
-  sec_item.data = const_cast<unsigned char*>(
-      reinterpret_cast<const unsigned char*>(spki_der.data()));
-  sec_item.len = spki_der.size();
-  ScopedCERTSubjectPublicKeyInfo spki(
-      SECKEY_DecodeDERSubjectPublicKeyInfo(&sec_item));
-  if (!spki)
-    return false;
-
-  // 1.2.840.10045.2
-  // (iso.member-body.us.ansi-x9-62.id-ecPublicKey)
-  // (This omits the ASN.1 encoding of the type (OID) and length: the fact that
-  // this is an OID is already clear, and NSS omits it here.)
-  static const unsigned char kIdEcPublicKey[] = {
-    0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01
-  };
-  bool rv = false;
-  if (spki->algorithm.algorithm.len == sizeof(kIdEcPublicKey) &&
-      !memcmp(spki->algorithm.algorithm.data, kIdEcPublicKey,
-              sizeof(kIdEcPublicKey))) {
-    rv = ConvertEcPublicKeyInfoToJwk(spki.get(), public_key_jwk);
-  }
-  // TODO(juanlang): other algorithms
-  return rv;
-}
-
-}  // namespace JwkSerializer
-
-}  // namespace net
diff --git a/chromium/net/cert/merkle_tree_leaf.cc b/chromium/net/cert/merkle_tree_leaf.cc
new file mode 100644
index 00000000000..21e2814402c
--- /dev/null
+++ b/chromium/net/cert/merkle_tree_leaf.cc
@@ -0,0 +1,55 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/cert/merkle_tree_leaf.h"
+
+#include "crypto/sha2.h"
+#include "net/cert/ct_objects_extractor.h"
+#include "net/cert/ct_serialization.h"
+#include "net/cert/x509_certificate.h"
+
+namespace net {
+
+namespace ct {
+
+MerkleTreeLeaf::MerkleTreeLeaf() {}
+
+MerkleTreeLeaf::~MerkleTreeLeaf() {}
+
+bool Hash(const MerkleTreeLeaf& tree_leaf, std::string* out) {
+  // Prepend 0 byte as per RFC 6962, section-2.1
+  std::string leaf_in_tls_format("\x00", 1);
+  if (!EncodeTreeLeaf(tree_leaf, &leaf_in_tls_format))
+    return false;
+
+  *out = crypto::SHA256HashString(leaf_in_tls_format);
+  return true;
+}
+
+bool GetMerkleTreeLeaf(const X509Certificate* cert,
+                       const SignedCertificateTimestamp* sct,
+                       MerkleTreeLeaf* merkle_tree_leaf) {
+  if (sct->origin == SignedCertificateTimestamp::SCT_EMBEDDED) {
+    if (cert->GetIntermediateCertificates().empty() ||
+        !GetPrecertLogEntry(cert->os_cert_handle(),
+                            cert->GetIntermediateCertificates().front(),
+                            &merkle_tree_leaf->log_entry)) {
+      return false;
+    }
+  } else {
+    if (!GetX509LogEntry(cert->os_cert_handle(),
+                         &merkle_tree_leaf->log_entry)) {
+      return false;
+    }
+  }
+
+  merkle_tree_leaf->log_id = sct->log_id;
+  merkle_tree_leaf->timestamp = sct->timestamp;
+  merkle_tree_leaf->extensions = sct->extensions;
+  return true;
+}
+
+}  // namespace ct
+
+}  // namespace net
diff --git a/chromium/net/cert/merkle_tree_leaf.h b/chromium/net/cert/merkle_tree_leaf.h
new file mode 100644
index 00000000000..8f314f56a70
--- /dev/null
+++ b/chromium/net/cert/merkle_tree_leaf.h
@@ -0,0 +1,53 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_CERT_MERKLE_TREE_LEAF_H_
+#define NET_CERT_MERKLE_TREE_LEAF_H_
+
+#include <memory>
+#include <string>
+
+#include "base/time/time.h"
+#include "net/base/net_export.h"
+#include "net/cert/signed_certificate_timestamp.h"
+
+namespace net {
+
+class X509Certificate;
+
+namespace ct {
+
+// Represents a MerkleTreeLeaf as defined in RFC6962, section 3.4.
+// Has all the data as the MerkleTreeLeaf defined in the RFC, arranged
+// slightly differently.
+struct NET_EXPORT MerkleTreeLeaf {
+  MerkleTreeLeaf();
+  ~MerkleTreeLeaf();
+
+  // The log id this leaf belongs to.
+  std::string log_id;
+
+  // Certificate / Precertificate and indication of entry type.
+  LogEntry log_entry;
+
+  // Timestamp from the SCT.
+  base::Time timestamp;
+
+  // Extensions from the SCT.
+  std::string extensions;
+};
+
+NET_EXPORT bool GetMerkleTreeLeaf(const X509Certificate* cert,
+                                  const SignedCertificateTimestamp* sct,
+                                  MerkleTreeLeaf* merkle_tree_leaf);
+
+// Sets |*out| to the hash of the Merkle |tree_leaf|, as defined in RFC6962.
+// Returns true if the hash was generated, false if an error occurred.
+NET_EXPORT bool Hash(const MerkleTreeLeaf& tree_leaf, std::string* out);
+
+}  // namespace ct
+
+}  // namespace net
+
+#endif  // NET_CERT_MERKLE_TREE_LEAF_H_
diff --git a/chromium/net/cert/merkle_tree_leaf_unittest.cc b/chromium/net/cert/merkle_tree_leaf_unittest.cc
new file mode 100644
index 00000000000..c685d134014
--- /dev/null
+++ b/chromium/net/cert/merkle_tree_leaf_unittest.cc
@@ -0,0 +1,136 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/cert/merkle_tree_leaf.h"
+
+#include <string.h>
+
+#include <string>
+
+#include "base/strings/string_number_conversions.h"
+#include "net/base/test_data_directory.h"
+#include "net/cert/x509_certificate.h"
+#include "net/test/cert_test_util.h"
+#include "net/test/ct_test_util.h"
+#include "testing/gmock/include/gmock/gmock.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace net {
+
+namespace ct {
+
+namespace {
+
+MATCHER_P(HexEq, hexStr, "") {
+  std::vector<uint8_t> bytes;
+
+  if (!base::HexStringToBytes(hexStr, &bytes)) {
+    *result_listener << "expected value was not a valid hex string";
+    return false;
+  }
+
+  if (bytes.size() != arg.size()) {
+    *result_listener << "expected and actual are different lengths";
+    return false;
+  }
+
+  // Make sure we don't pass nullptrs to memcmp
+  if (arg.empty())
+    return true;
+
+  // Print hex string (easier to read than default GTest representation)
+  *result_listener << "a.k.a. 0x" << base::HexEncode(arg.data(), arg.size());
+  return memcmp(arg.data(), bytes.data(), bytes.size()) == 0;
+}
+
+class MerkleTreeLeafTest : public ::testing::Test {
+ public:
+  void SetUp() override {
+    std::string der_test_cert(ct::GetDerEncodedX509Cert());
+    test_cert_ = X509Certificate::CreateFromBytes(der_test_cert.data(),
+                                                  der_test_cert.length());
+    ASSERT_TRUE(test_cert_);
+
+    GetX509CertSCT(&x509_sct_);
+    x509_sct_->origin = SignedCertificateTimestamp::SCT_FROM_OCSP_RESPONSE;
+
+    test_precert_ = CreateCertificateChainFromFile(
+        GetTestCertsDirectory(), "ct-test-embedded-cert.pem",
+        X509Certificate::FORMAT_AUTO);
+    ASSERT_TRUE(test_precert_);
+    ASSERT_EQ(1u, test_precert_->GetIntermediateCertificates().size());
+    GetPrecertSCT(&precert_sct_);
+    precert_sct_->origin = SignedCertificateTimestamp::SCT_EMBEDDED;
+  }
+
+ protected:
+  scoped_refptr<SignedCertificateTimestamp> x509_sct_;
+  scoped_refptr<SignedCertificateTimestamp> precert_sct_;
+  scoped_refptr<X509Certificate> test_cert_;
+  scoped_refptr<X509Certificate> test_precert_;
+};
+
+TEST_F(MerkleTreeLeafTest, CreatesForX509Cert) {
+  MerkleTreeLeaf leaf;
+  ASSERT_TRUE(GetMerkleTreeLeaf(test_cert_.get(), x509_sct_.get(), &leaf));
+
+  EXPECT_EQ(x509_sct_->log_id, leaf.log_id);
+  EXPECT_EQ(LogEntry::LOG_ENTRY_TYPE_X509, leaf.log_entry.type);
+  EXPECT_FALSE(leaf.log_entry.leaf_certificate.empty());
+  EXPECT_TRUE(leaf.log_entry.tbs_certificate.empty());
+
+  EXPECT_EQ(x509_sct_->timestamp, leaf.timestamp);
+  EXPECT_EQ(x509_sct_->extensions, leaf.extensions);
+}
+
+TEST_F(MerkleTreeLeafTest, CreatesForPrecert) {
+  MerkleTreeLeaf leaf;
+  ASSERT_TRUE(
+      GetMerkleTreeLeaf(test_precert_.get(), precert_sct_.get(), &leaf));
+
+  EXPECT_EQ(precert_sct_->log_id, leaf.log_id);
+  EXPECT_EQ(LogEntry::LOG_ENTRY_TYPE_PRECERT, leaf.log_entry.type);
+  EXPECT_FALSE(leaf.log_entry.tbs_certificate.empty());
+  EXPECT_TRUE(leaf.log_entry.leaf_certificate.empty());
+
+  EXPECT_EQ(precert_sct_->timestamp, leaf.timestamp);
+  EXPECT_EQ(precert_sct_->extensions, leaf.extensions);
+}
+
+TEST_F(MerkleTreeLeafTest, DoesNotCreateForEmbeddedSCTButNotPrecert) {
+  MerkleTreeLeaf leaf;
+  ASSERT_FALSE(GetMerkleTreeLeaf(test_cert_.get(), precert_sct_.get(), &leaf));
+}
+
+// Expected hashes calculated by:
+// 1. Writing the serialized tree leaves from
+//    CtSerialization::EncodesLogEntryFor{X509Cert,Precert} to files.
+// 2. Prepending a zero byte to both files.
+// 3. Passing each file through the sha256sum tool.
+
+TEST_F(MerkleTreeLeafTest, HashForX509Cert) {
+  MerkleTreeLeaf leaf;
+  ct::GetX509CertTreeLeaf(&leaf);
+
+  std::string hash;
+  ASSERT_TRUE(Hash(leaf, &hash));
+  EXPECT_THAT(hash, HexEq("452da788b3b8d15872ff0bb0777354b2a7f1c1887b5633201e76"
+                          "2ba5a4b143fc"));
+}
+
+TEST_F(MerkleTreeLeafTest, HashForPrecert) {
+  MerkleTreeLeaf leaf;
+  ct::GetPrecertTreeLeaf(&leaf);
+
+  std::string hash;
+  ASSERT_TRUE(Hash(leaf, &hash));
+  EXPECT_THAT(hash, HexEq("257ae85f08810445511e35e33f7aee99ee19407971e35e95822b"
+                          "bf42a74be223"));
+}
+
+}  // namespace
+
+}  // namespace ct
+
+}  // namespace net
diff --git a/chromium/net/cert/mock_cert_verifier.cc b/chromium/net/cert/mock_cert_verifier.cc
index 6ee23d6483c..6d98cc36cd3 100644
--- a/chromium/net/cert/mock_cert_verifier.cc
+++ b/chromium/net/cert/mock_cert_verifier.cc
@@ -4,6 +4,8 @@
 
 #include "net/cert/mock_cert_verifier.h"
 
+#include <memory>
+
 #include "base/memory/ref_counted.h"
 #include "base/strings/pattern.h"
 #include "base/strings/string_util.h"
@@ -44,7 +46,7 @@ int MockCertVerifier::Verify(X509Certificate* cert,
                              CRLSet* crl_set,
                              CertVerifyResult* verify_result,
                              const CompletionCallback& callback,
-                             scoped_ptr<Request>* out_req,
+                             std::unique_ptr<Request>* out_req,
                              const BoundNetLog& net_log) {
   RuleList::const_iterator it;
   for (it = rules_.begin(); it != rules_.end(); ++it) {
diff --git a/chromium/net/cert/mock_cert_verifier.h b/chromium/net/cert/mock_cert_verifier.h
index 6486d2ca6a3..b68429ca28c 100644
--- a/chromium/net/cert/mock_cert_verifier.h
+++ b/chromium/net/cert/mock_cert_verifier.h
@@ -6,6 +6,7 @@
 #define NET_CERT_MOCK_CERT_VERIFIER_H_
 
 #include <list>
+#include <memory>
 
 #include "net/cert/cert_verifier.h"
 #include "net/cert/cert_verify_result.h"
@@ -32,7 +33,7 @@ class MockCertVerifier : public CertVerifier {
              CRLSet* crl_set,
              CertVerifyResult* verify_result,
              const CompletionCallback& callback,
-             scoped_ptr<Request>* out_req,
+             std::unique_ptr<Request>* out_req,
              const BoundNetLog& net_log) override;
 
   // Sets the default return value for Verify() for certificates/hosts that do
diff --git a/chromium/net/cert/mock_client_cert_verifier.cc b/chromium/net/cert/mock_client_cert_verifier.cc
index 96e3a0a6aaa..1196e2c701f 100644
--- a/chromium/net/cert/mock_client_cert_verifier.cc
+++ b/chromium/net/cert/mock_client_cert_verifier.cc
@@ -4,6 +4,8 @@
 
 #include "net/cert/mock_client_cert_verifier.h"
 
+#include <memory>
+
 #include "net/base/net_errors.h"
 #include "net/cert/x509_certificate.h"
 
@@ -23,7 +25,7 @@ MockClientCertVerifier::~MockClientCertVerifier() {}
 
 int MockClientCertVerifier::Verify(X509Certificate* cert,
                                    const CompletionCallback& callback,
-                                   scoped_ptr<Request>* out_req) {
+                                   std::unique_ptr<Request>* out_req) {
   for (const Rule& rule : rules_) {
     // Check just the server cert. Intermediates will be ignored.
     if (rule.cert->Equals(cert))
diff --git a/chromium/net/cert/mock_client_cert_verifier.h b/chromium/net/cert/mock_client_cert_verifier.h
index 455df12ccc7..d3413389136 100644
--- a/chromium/net/cert/mock_client_cert_verifier.h
+++ b/chromium/net/cert/mock_client_cert_verifier.h
@@ -6,6 +6,7 @@
 #define NET_CERT_MOCK_CLIENT_CERT_VERIFIER_H_
 
 #include <list>
+#include <memory>
 
 #include "net/cert/client_cert_verifier.h"
 
@@ -26,7 +27,7 @@ class MockClientCertVerifier : public ClientCertVerifier {
   // ClientCertVerifier implementation
   int Verify(X509Certificate* cert,
              const CompletionCallback& callback,
-             scoped_ptr<Request>* out_req) override;
+             std::unique_ptr<Request>* out_req) override;
 
   // Sets the default return value for Verify() for certificates/hosts that do
   // not have explicit results added via the AddResult*() methods.
diff --git a/chromium/net/cert/multi_log_ct_verifier_unittest.cc b/chromium/net/cert/multi_log_ct_verifier_unittest.cc
index e9505d73c05..47114d6375b 100644
--- a/chromium/net/cert/multi_log_ct_verifier_unittest.cc
+++ b/chromium/net/cert/multi_log_ct_verifier_unittest.cc
@@ -4,6 +4,7 @@
 
 #include "net/cert/multi_log_ct_verifier.h"
 
+#include <memory>
 #include <string>
 
 #include "base/files/file_path.h"
@@ -158,7 +159,8 @@ class MultiLogCTVerifierTest : public ::testing::Test {
     if (histogram == NULL)
       return 0;
 
-    scoped_ptr<base::HistogramSamples> samples = histogram->SnapshotSamples();
+    std::unique_ptr<base::HistogramSamples> samples =
+        histogram->SnapshotSamples();
     return samples->GetCount(sample_index);
   }
 
@@ -177,7 +179,7 @@ class MultiLogCTVerifierTest : public ::testing::Test {
   }
 
  protected:
-  scoped_ptr<MultiLogCTVerifier> verifier_;
+  std::unique_ptr<MultiLogCTVerifier> verifier_;
   scoped_refptr<X509Certificate> chain_;
   scoped_refptr<X509Certificate> embedded_sct_chain_;
   std::vector<scoped_refptr<const CTLogVerifier>> log_verifiers_;
diff --git a/chromium/net/cert/multi_threaded_cert_verifier.cc b/chromium/net/cert/multi_threaded_cert_verifier.cc
index 35afe371c67..2d650253dda 100644
--- a/chromium/net/cert/multi_threaded_cert_verifier.cc
+++ b/chromium/net/cert/multi_threaded_cert_verifier.cc
@@ -5,6 +5,7 @@
 #include "net/cert/multi_threaded_cert_verifier.h"
 
 #include <algorithm>
+#include <memory>
 #include <utility>
 
 #include "base/bind.h"
@@ -12,6 +13,7 @@
 #include "base/callback_helpers.h"
 #include "base/compiler_specific.h"
 #include "base/containers/linked_list.h"
+#include "base/memory/ptr_util.h"
 #include "base/message_loop/message_loop.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/profiler/scoped_tracker.h"
@@ -30,7 +32,7 @@
 #include "net/cert/x509_certificate_net_log_param.h"
 #include "net/log/net_log.h"
 
-#if defined(USE_NSS_VERIFIER)
+#if defined(USE_NSS_CERTS)
 #include <private/pprthred.h>  // PR_DetachThread
 #endif
 
@@ -83,10 +85,10 @@ const unsigned kMaxCacheEntries = 256;
 // The number of seconds to cache entries.
 const unsigned kTTLSecs = 1800;  // 30 minutes.
 
-scoped_ptr<base::Value> CertVerifyResultCallback(
+std::unique_ptr<base::Value> CertVerifyResultCallback(
     const CertVerifyResult& verify_result,
     NetLogCaptureMode capture_mode) {
-  scoped_ptr<base::DictionaryValue> results(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> results(new base::DictionaryValue());
   results->SetBoolean("has_md5", verify_result.has_md5);
   results->SetBoolean("has_md2", verify_result.has_md2);
   results->SetBoolean("has_md4", verify_result.has_md4);
@@ -101,7 +103,7 @@ scoped_ptr<base::Value> CertVerifyResultCallback(
                NetLogX509CertificateCallback(verify_result.verified_cert.get(),
                                              capture_mode));
 
-  scoped_ptr<base::ListValue> hashes(new base::ListValue());
+  std::unique_ptr<base::ListValue> hashes(new base::ListValue());
   for (std::vector<HashValue>::const_iterator it =
            verify_result.public_key_hashes.begin();
        it != verify_result.public_key_hashes.end();
@@ -239,7 +241,7 @@ void DoVerifyOnWorkerThread(const scoped_refptr<CertVerifyProc>& verify_proc,
   *error = verify_proc->Verify(cert.get(), hostname, ocsp_response, flags,
                                crl_set.get(), additional_trust_anchors, result);
 
-#if defined(USE_NSS_VERIFIER)
+#if defined(USE_NSS_CERTS)
   // Detach the thread from NSPR.
   // Calling NSS functions attaches the thread to NSPR, which stores
   // the NSPR thread ID in thread-specific data.
@@ -286,7 +288,7 @@ class CertVerifierJob {
              const scoped_refptr<CRLSet>& crl_set,
              const CertificateList& additional_trust_anchors) {
     // Owned by the bound reply callback.
-    scoped_ptr<MultiThreadedCertVerifier::CachedResult> owned_result(
+    std::unique_ptr<MultiThreadedCertVerifier::CachedResult> owned_result(
         new MultiThreadedCertVerifier::CachedResult());
 
     // Parameter evaluation order is undefined in C++. Ensure the pointer value
@@ -320,11 +322,11 @@ class CertVerifierJob {
   }
 
   // Creates and attaches a request to the Job.
-  scoped_ptr<CertVerifierRequest> CreateRequest(
+  std::unique_ptr<CertVerifierRequest> CreateRequest(
       const CompletionCallback& callback,
       CertVerifyResult* verify_result,
       const BoundNetLog& net_log) {
-    scoped_ptr<CertVerifierRequest> request(
+    std::unique_ptr<CertVerifierRequest> request(
         new CertVerifierRequest(this, callback, verify_result, net_log));
 
     request->net_log().AddEvent(
@@ -360,9 +362,10 @@ class CertVerifierJob {
   }
 
   void OnJobCompleted(
-      scoped_ptr<MultiThreadedCertVerifier::CachedResult> verify_result) {
+      std::unique_ptr<MultiThreadedCertVerifier::CachedResult> verify_result) {
     TRACE_EVENT0("net", "CertVerifierJob::OnJobCompleted");
-    scoped_ptr<CertVerifierJob> keep_alive = cert_verifier_->RemoveJob(this);
+    std::unique_ptr<CertVerifierJob> keep_alive =
+        cert_verifier_->RemoveJob(this);
 
     LogMetrics(*verify_result);
     cert_verifier_->SaveResultToCache(key_, *verify_result);
@@ -419,7 +422,7 @@ int MultiThreadedCertVerifier::Verify(X509Certificate* cert,
                                       CRLSet* crl_set,
                                       CertVerifyResult* verify_result,
                                       const CompletionCallback& callback,
-                                      scoped_ptr<Request>* out_req,
+                                      std::unique_ptr<Request>* out_req,
                                       const BoundNetLog& net_log) {
   out_req->reset();
 
@@ -453,7 +456,7 @@ int MultiThreadedCertVerifier::Verify(X509Certificate* cert,
     inflight_joins_++;
   } else {
     // Need to make a new job.
-    scoped_ptr<CertVerifierJob> new_job(
+    std::unique_ptr<CertVerifierJob> new_job(
         new CertVerifierJob(key, net_log.net_log(), cert, this));
 
     if (!new_job->Start(verify_proc_, cert, hostname, ocsp_response, flags,
@@ -470,7 +473,7 @@ int MultiThreadedCertVerifier::Verify(X509Certificate* cert,
       job->set_is_first_job(true);
   }
 
-  scoped_ptr<CertVerifierRequest> request =
+  std::unique_ptr<CertVerifierRequest> request =
       job->CreateRequest(callback, verify_result, net_log);
   *out_req = std::move(request);
   return ERR_IO_PENDING;
@@ -559,12 +562,12 @@ void MultiThreadedCertVerifier::SaveResultToCache(const RequestParams& key,
                           start_time + base::TimeDelta::FromSeconds(kTTLSecs)));
 }
 
-scoped_ptr<CertVerifierJob> MultiThreadedCertVerifier::RemoveJob(
+std::unique_ptr<CertVerifierJob> MultiThreadedCertVerifier::RemoveJob(
     CertVerifierJob* job) {
   DCHECK(CalledOnValidThread());
   bool erased_job = inflight_.erase(job) == 1;
   DCHECK(erased_job);
-  return make_scoped_ptr(job);
+  return base::WrapUnique(job);
 }
 
 void MultiThreadedCertVerifier::OnCACertChanged(
diff --git a/chromium/net/cert/multi_threaded_cert_verifier.h b/chromium/net/cert/multi_threaded_cert_verifier.h
index 83d00dd583e..62d68075483 100644
--- a/chromium/net/cert/multi_threaded_cert_verifier.h
+++ b/chromium/net/cert/multi_threaded_cert_verifier.h
@@ -8,6 +8,7 @@
 #include <stddef.h>
 #include <stdint.h>
 
+#include <memory>
 #include <set>
 #include <string>
 #include <vector>
@@ -64,7 +65,7 @@ class NET_EXPORT_PRIVATE MultiThreadedCertVerifier
              CRLSet* crl_set,
              CertVerifyResult* verify_result,
              const CompletionCallback& callback,
-             scoped_ptr<Request>* out_req,
+             std::unique_ptr<Request>* out_req,
              const BoundNetLog& net_log) override;
 
   bool SupportsOCSPStapling() override;
@@ -159,7 +160,7 @@ class NET_EXPORT_PRIVATE MultiThreadedCertVerifier
 
   // Removes |job| from the inflight set, and passes ownership back to the
   // caller. |job| must already be |inflight_|.
-  scoped_ptr<CertVerifierJob> RemoveJob(CertVerifierJob* job);
+  std::unique_ptr<CertVerifierJob> RemoveJob(CertVerifierJob* job);
 
   // For unit testing.
   void ClearCache() { cache_.Clear(); }
diff --git a/chromium/net/cert/multi_threaded_cert_verifier_unittest.cc b/chromium/net/cert/multi_threaded_cert_verifier_unittest.cc
index aa01511448f..0704a13c323 100644
--- a/chromium/net/cert/multi_threaded_cert_verifier_unittest.cc
+++ b/chromium/net/cert/multi_threaded_cert_verifier_unittest.cc
@@ -4,6 +4,8 @@
 
 #include "net/cert/multi_threaded_cert_verifier.h"
 
+#include <memory>
+
 #include "base/bind.h"
 #include "base/debug/leak_annotations.h"
 #include "base/files/file_path.h"
@@ -85,7 +87,7 @@ TEST_F(MultiThreadedCertVerifierTest, CacheHit) {
   int error;
   CertVerifyResult verify_result;
   TestCompletionCallback callback;
-  scoped_ptr<CertVerifier::Request> request;
+  std::unique_ptr<CertVerifier::Request> request;
 
   error = verifier_.Verify(test_cert.get(), "www.example.com", std::string(), 0,
                            NULL, &verify_result, callback.callback(), &request,
@@ -145,7 +147,7 @@ TEST_F(MultiThreadedCertVerifierTest, DifferentCACerts) {
   int error;
   CertVerifyResult verify_result;
   TestCompletionCallback callback;
-  scoped_ptr<CertVerifier::Request> request;
+  std::unique_ptr<CertVerifier::Request> request;
 
   error = verifier_.Verify(cert_chain1.get(), "www.example.com", std::string(),
                            0, NULL, &verify_result, callback.callback(),
@@ -182,10 +184,10 @@ TEST_F(MultiThreadedCertVerifierTest, InflightJoin) {
   int error;
   CertVerifyResult verify_result;
   TestCompletionCallback callback;
-  scoped_ptr<CertVerifier::Request> request;
+  std::unique_ptr<CertVerifier::Request> request;
   CertVerifyResult verify_result2;
   TestCompletionCallback callback2;
-  scoped_ptr<CertVerifier::Request> request2;
+  std::unique_ptr<CertVerifier::Request> request2;
 
   error = verifier_.Verify(test_cert.get(), "www.example.com", std::string(), 0,
                            NULL, &verify_result, callback.callback(), &request,
@@ -215,7 +217,7 @@ TEST_F(MultiThreadedCertVerifierTest, CancelRequest) {
 
   int error;
   CertVerifyResult verify_result;
-  scoped_ptr<CertVerifier::Request> request;
+  std::unique_ptr<CertVerifier::Request> request;
 
   error = verifier_.Verify(test_cert.get(), "www.example.com", std::string(), 0,
                            NULL, &verify_result, base::Bind(&FailTest),
@@ -249,7 +251,7 @@ TEST_F(MultiThreadedCertVerifierTest, CancelRequestThenQuit) {
   int error;
   CertVerifyResult verify_result;
   TestCompletionCallback callback;
-  scoped_ptr<CertVerifier::Request> request;
+  std::unique_ptr<CertVerifier::Request> request;
 
   {
     // Because shutdown intentionally doesn't join worker threads, memory may
@@ -396,7 +398,7 @@ TEST_F(MultiThreadedCertVerifierTest, CertTrustAnchorProvider) {
   int error;
   CertVerifyResult verify_result;
   TestCompletionCallback callback;
-  scoped_ptr<CertVerifier::Request> request;
+  std::unique_ptr<CertVerifier::Request> request;
   EXPECT_CALL(trust_provider, GetAdditionalTrustAnchors())
       .WillOnce(ReturnRef(empty_cert_list));
   error = verifier_.Verify(test_cert.get(), "www.example.com", std::string(), 0,
@@ -449,19 +451,19 @@ TEST_F(MultiThreadedCertVerifierTest, MultipleInflightJoin) {
   int error;
   CertVerifyResult verify_result1;
   TestCompletionCallback callback1;
-  scoped_ptr<CertVerifier::Request> request1;
+  std::unique_ptr<CertVerifier::Request> request1;
   CertVerifyResult verify_result2;
   TestCompletionCallback callback2;
-  scoped_ptr<CertVerifier::Request> request2;
+  std::unique_ptr<CertVerifier::Request> request2;
   CertVerifyResult verify_result3;
   TestCompletionCallback callback3;
-  scoped_ptr<CertVerifier::Request> request3;
+  std::unique_ptr<CertVerifier::Request> request3;
   CertVerifyResult verify_result4;
   TestCompletionCallback callback4;
-  scoped_ptr<CertVerifier::Request> request4;
+  std::unique_ptr<CertVerifier::Request> request4;
   CertVerifyResult verify_result5;
   TestCompletionCallback callback5;
-  scoped_ptr<CertVerifier::Request> request5;
+  std::unique_ptr<CertVerifier::Request> request5;
 
   const char domain1[] = "www.example1.com";
   const char domain2[] = "www.exampleB.com";
diff --git a/chromium/net/cert/nss_cert_database.cc b/chromium/net/cert/nss_cert_database.cc
index 896d1d3517b..8d143a71298 100644
--- a/chromium/net/cert/nss_cert_database.cc
+++ b/chromium/net/cert/nss_cert_database.cc
@@ -9,13 +9,14 @@
 #include <keyhi.h>
 #include <pk11pub.h>
 #include <secmod.h>
+
+#include <memory>
 #include <utility>
 
 #include "base/bind.h"
 #include "base/callback.h"
 #include "base/logging.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/observer_list_threadsafe.h"
 #include "base/task_runner.h"
 #include "base/task_runner_util.h"
@@ -106,8 +107,9 @@ void NSSCertDatabase::ListCertsSync(CertificateList* certs) {
 }
 
 void NSSCertDatabase::ListCerts(
-    const base::Callback<void(scoped_ptr<CertificateList> certs)>& callback) {
-  scoped_ptr<CertificateList> certs(new CertificateList());
+    const base::Callback<void(std::unique_ptr<CertificateList> certs)>&
+        callback) {
+  std::unique_ptr<CertificateList> certs(new CertificateList());
 
   // base::Passed will NULL out |certs|, so cache the underlying pointer here.
   CertificateList* raw_certs = certs.get();
@@ -122,7 +124,7 @@ void NSSCertDatabase::ListCerts(
 void NSSCertDatabase::ListCertsInSlot(const ListCertsCallback& callback,
                                       PK11SlotInfo* slot) {
   DCHECK(slot);
-  scoped_ptr<CertificateList> certs(new CertificateList());
+  std::unique_ptr<CertificateList> certs(new CertificateList());
 
   // base::Passed will NULL out |certs|, so cache the underlying pointer here.
   CertificateList* raw_certs = certs.get();
diff --git a/chromium/net/cert/nss_cert_database.h b/chromium/net/cert/nss_cert_database.h
index fe267f92af7..00e72f3f19b 100644
--- a/chromium/net/cert/nss_cert_database.h
+++ b/chromium/net/cert/nss_cert_database.h
@@ -7,13 +7,13 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 #include <vector>
 
 #include "base/callback_forward.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "base/strings/string16.h"
 #include "crypto/scoped_nss_types.h"
@@ -100,7 +100,7 @@ class NET_EXPORT NSSCertDatabase {
     DISTRUSTED_OBJ_SIGN   = 1 << 5,
   };
 
-  typedef base::Callback<void(scoped_ptr<CertificateList> certs)>
+  typedef base::Callback<void(std::unique_ptr<CertificateList> certs)>
       ListCertsCallback;
 
   typedef base::Callback<void(bool)> DeleteCertCallback;
@@ -306,7 +306,7 @@ class NET_EXPORT NSSCertDatabase {
   crypto::ScopedPK11Slot private_slot_;
 
   // A helper observer that forwards events from this database to CertDatabase.
-  scoped_ptr<Observer> cert_notification_forwarder_;
+  std::unique_ptr<Observer> cert_notification_forwarder_;
 
   // Task runner that should be used in tests if set.
   scoped_refptr<base::TaskRunner> slow_task_runner_for_test_;
diff --git a/chromium/net/cert/nss_cert_database_chromeos.cc b/chromium/net/cert/nss_cert_database_chromeos.cc
index fda5307f4e3..b6eabcf1dba 100644
--- a/chromium/net/cert/nss_cert_database_chromeos.cc
+++ b/chromium/net/cert/nss_cert_database_chromeos.cc
@@ -6,7 +6,9 @@
 
 #include <cert.h>
 #include <pk11pub.h>
+
 #include <algorithm>
+#include <memory>
 #include <utility>
 
 #include "base/bind.h"
@@ -43,7 +45,7 @@ void NSSCertDatabaseChromeOS::ListCertsSync(CertificateList* certs) {
 
 void NSSCertDatabaseChromeOS::ListCerts(
     const NSSCertDatabase::ListCertsCallback& callback) {
-  scoped_ptr<CertificateList> certs(new CertificateList());
+  std::unique_ptr<CertificateList> certs(new CertificateList());
 
   // base::Pased will NULL out |certs|, so cache the underlying pointer here.
   CertificateList* raw_certs = certs.get();
diff --git a/chromium/net/cert/nss_cert_database_chromeos_unittest.cc b/chromium/net/cert/nss_cert_database_chromeos_unittest.cc
index 5dab020a8ff..8ef458717e0 100644
--- a/chromium/net/cert/nss_cert_database_chromeos_unittest.cc
+++ b/chromium/net/cert/nss_cert_database_chromeos_unittest.cc
@@ -4,10 +4,12 @@
 
 #include "net/cert/nss_cert_database_chromeos.h"
 
+#include <memory>
+
 #include "base/bind.h"
 #include "base/callback.h"
 #include "base/run_loop.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "crypto/nss_util_internal.h"
 #include "crypto/scoped_test_nss_chromeos_user.h"
 #include "crypto/scoped_test_nss_db.h"
@@ -33,7 +35,7 @@ bool IsCertInCertificateList(const X509Certificate* cert,
 }
 
 void SwapCertLists(CertificateList* destination,
-                   scoped_ptr<CertificateList> source) {
+                   std::unique_ptr<CertificateList> source) {
   ASSERT_TRUE(destination);
   ASSERT_TRUE(source);
 
@@ -102,8 +104,8 @@ class NSSCertDatabaseChromeOSTest : public testing::Test,
   crypto::ScopedTestNSSChromeOSUser user_1_;
   crypto::ScopedTestNSSChromeOSUser user_2_;
   crypto::ScopedTestNSSDB system_db_;
-  scoped_ptr<NSSCertDatabaseChromeOS> db_1_;
-  scoped_ptr<NSSCertDatabaseChromeOS> db_2_;
+  std::unique_ptr<NSSCertDatabaseChromeOS> db_1_;
+  std::unique_ptr<NSSCertDatabaseChromeOS> db_2_;
 };
 
 // Test that ListModules() on each user includes that user's NSS software slot,
diff --git a/chromium/net/cert/nss_cert_database_unittest.cc b/chromium/net/cert/nss_cert_database_unittest.cc
index cdb9be0ab78..fffab1d212b 100644
--- a/chromium/net/cert/nss_cert_database_unittest.cc
+++ b/chromium/net/cert/nss_cert_database_unittest.cc
@@ -2,11 +2,14 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "net/cert/nss_cert_database.h"
+
 #include <cert.h>
 #include <certdb.h>
 #include <pk11pub.h>
 
 #include <algorithm>
+#include <memory>
 
 #include "base/bind.h"
 #include "base/files/file_path.h"
@@ -17,7 +20,7 @@
 #include "base/strings/string16.h"
 #include "base/strings/string_util.h"
 #include "base/strings/utf_string_conversions.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "crypto/scoped_nss_types.h"
 #include "crypto/scoped_test_nss_db.h"
 #include "net/base/crypto_module.h"
@@ -26,7 +29,6 @@
 #include "net/cert/cert_status_flags.h"
 #include "net/cert/cert_verify_proc_nss.h"
 #include "net/cert/cert_verify_result.h"
-#include "net/cert/nss_cert_database.h"
 #include "net/cert/x509_certificate.h"
 #include "net/test/cert_test_util.h"
 #include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h"
@@ -45,7 +47,7 @@ namespace net {
 namespace {
 
 void SwapCertList(CertificateList* destination,
-                  scoped_ptr<CertificateList> source) {
+                  std::unique_ptr<CertificateList> source) {
   ASSERT_TRUE(destination);
   destination->swap(*source);
 }
@@ -111,7 +113,7 @@ class CertDatabaseNSSTest : public testing::Test {
     return result;
   }
 
-  scoped_ptr<NSSCertDatabase> cert_db_;
+  std::unique_ptr<NSSCertDatabase> cert_db_;
   const CertificateList empty_cert_list_;
   crypto::ScopedTestNSSDB test_nssdb_;
   scoped_refptr<CryptoModule> public_module_;
diff --git a/chromium/net/cert/nss_profile_filter_chromeos.cc b/chromium/net/cert/nss_profile_filter_chromeos.cc
index 3523931ce70..adb5defb6f8 100644
--- a/chromium/net/cert/nss_profile_filter_chromeos.cc
+++ b/chromium/net/cert/nss_profile_filter_chromeos.cc
@@ -4,6 +4,7 @@
 
 #include "net/cert/nss_profile_filter_chromeos.h"
 
+#include <memory>
 #include <utility>
 
 #include "base/strings/string_piece.h"
@@ -68,7 +69,7 @@ void NSSProfileFilterChromeOS::Init(crypto::ScopedPK11Slot public_slot,
                                     crypto::ScopedPK11Slot private_slot,
                                     crypto::ScopedPK11Slot system_slot) {
   // crypto::ScopedPK11Slot actually holds a reference counted object.
-  // Because scoped_ptr<T> assignment is a no-op if it already points to
+  // Because std::unique_ptr<T> assignment is a no-op if it already points to
   // the same pointer, a reference would be leaked because std::move() does
   // not release its reference, and the receiving object won't free
   // its copy.
diff --git a/chromium/net/cert/nss_profile_filter_chromeos.h b/chromium/net/cert/nss_profile_filter_chromeos.h
index 36c42d007ed..149f081150d 100644
--- a/chromium/net/cert/nss_profile_filter_chromeos.h
+++ b/chromium/net/cert/nss_profile_filter_chromeos.h
@@ -5,7 +5,8 @@
 #ifndef NET_CERT_NSS_PROFILE_FILTER_CHROMEOS_H_
 #define NET_CERT_NSS_PROFILE_FILTER_CHROMEOS_H_
 
-#include "base/memory/scoped_ptr.h"
+#include <memory>
+
 #include "crypto/scoped_nss_types.h"
 #include "net/base/crypto_module.h"
 #include "net/base/net_export.h"
diff --git a/chromium/net/cert/scoped_nss_types.h b/chromium/net/cert/scoped_nss_types.h
index 0eb8d844f9d..07020a4b6e1 100644
--- a/chromium/net/cert/scoped_nss_types.h
+++ b/chromium/net/cert/scoped_nss_types.h
@@ -7,7 +7,7 @@
 
 #include <cert.h>
 
-#include "base/memory/scoped_ptr.h"
+#include <memory>
 
 namespace net {
 
@@ -17,7 +17,8 @@ struct FreeCERTCertificate {
   }
 };
 
-typedef scoped_ptr<CERTCertificate, FreeCERTCertificate> ScopedCERTCertificate;
+typedef std::unique_ptr<CERTCertificate, FreeCERTCertificate>
+    ScopedCERTCertificate;
 
 }  // namespace net
 
diff --git a/chromium/net/cert/signed_certificate_timestamp.h b/chromium/net/cert/signed_certificate_timestamp.h
index 02697dc7a1f..96eded2c54b 100644
--- a/chromium/net/cert/signed_certificate_timestamp.h
+++ b/chromium/net/cert/signed_certificate_timestamp.h
@@ -93,7 +93,7 @@ struct NET_EXPORT SignedCertificateTimestamp
 
   // Version enum in RFC 6962, Section 3.2.
   enum Version {
-    SCT_VERSION_1 = 0,
+    V1 = 0,
   };
 
   // Source of the SCT - supplementary, not defined in CT RFC.
diff --git a/chromium/net/cert/signed_tree_head.cc b/chromium/net/cert/signed_tree_head.cc
index 8bf2b9f3ff7..18164463fec 100644
--- a/chromium/net/cert/signed_tree_head.cc
+++ b/chromium/net/cert/signed_tree_head.cc
@@ -45,5 +45,19 @@ void PrintTo(const SignedTreeHead& sth, std::ostream* os) {
         << "}";
 }
 
+bool operator==(const SignedTreeHead& lhs, const SignedTreeHead& rhs) {
+  return std::tie(lhs.version, lhs.timestamp, lhs.tree_size, lhs.log_id) ==
+             std::tie(rhs.version, rhs.timestamp, rhs.tree_size, rhs.log_id) &&
+         memcmp(lhs.sha256_root_hash, rhs.sha256_root_hash,
+                kSthRootHashLength) == 0 &&
+         lhs.signature.SignatureParametersMatch(
+             rhs.signature.hash_algorithm, rhs.signature.signature_algorithm) &&
+         lhs.signature.signature_data == rhs.signature.signature_data;
+}
+
+bool operator!=(const SignedTreeHead& lhs, const SignedTreeHead& rhs) {
+  return !(lhs == rhs);
+}
+
 }  // namespace ct
 }  // namespace net
diff --git a/chromium/net/cert/signed_tree_head.h b/chromium/net/cert/signed_tree_head.h
index 154c7a9d08d..2d65192fc54 100644
--- a/chromium/net/cert/signed_tree_head.h
+++ b/chromium/net/cert/signed_tree_head.h
@@ -52,6 +52,11 @@ struct NET_EXPORT SignedTreeHead {
 
 NET_EXPORT void PrintTo(const SignedTreeHead& sth, std::ostream* os);
 
+NET_EXPORT bool operator==(const SignedTreeHead& lhs,
+                           const SignedTreeHead& rhs);
+NET_EXPORT bool operator!=(const SignedTreeHead& lhs,
+                           const SignedTreeHead& rhs);
+
 }  // namespace ct
 
 }  // namespace net
diff --git a/chromium/net/cert/sth_distributor.cc b/chromium/net/cert/sth_distributor.cc
index 0b8df260666..c511e27a163 100644
--- a/chromium/net/cert/sth_distributor.cc
+++ b/chromium/net/cert/sth_distributor.cc
@@ -9,9 +9,10 @@
 #include "net/cert/signed_tree_head.h"
 
 namespace {
-const char kPilotLogID[33] =
-    "\xa4\xb9\x09\x90\xb4\x18\x58\x14\x87\xbb\x13\xa2\xcc\x67\x70\x0a\x3c\x35"
-    "\x98\x04\xf9\x1b\xdf\xb8\xe3\x77\xcd\x0e\xc8\x0d\xdc\x10";
+const uint8_t kPilotLogID[] = {0xa4, 0xb9, 0x09, 0x90, 0xb4, 0x18, 0x58, 0x14,
+                               0x87, 0xbb, 0x13, 0xa2, 0xcc, 0x67, 0x70, 0x0a,
+                               0x3c, 0x35, 0x98, 0x04, 0xf9, 0x1b, 0xdf, 0xb8,
+                               0xe3, 0x77, 0xcd, 0x0e, 0xc8, 0x0d, 0xdc, 0x10};
 }
 
 namespace net {
@@ -24,10 +25,21 @@ STHDistributor::STHDistributor()
 STHDistributor::~STHDistributor() {}
 
 void STHDistributor::NewSTHObserved(const SignedTreeHead& sth) {
+  auto it = std::find_if(observed_sths_.begin(), observed_sths_.end(),
+                         [&sth](const SignedTreeHead& other) {
+                           return sth.log_id == other.log_id;
+                         });
+
+  if (it == observed_sths_.end())
+    observed_sths_.push_back(sth);
+  else
+    *it = sth;
+
   FOR_EACH_OBSERVER(STHObserver, observer_list_, NewSTHObserved(sth));
 
-  if (sth.log_id.compare(0, sth.log_id.size(), kPilotLogID,
-                         arraysize(kPilotLogID) - 1) != 0)
+  if (sth.log_id.compare(0, sth.log_id.size(),
+                         reinterpret_cast<const char*>(kPilotLogID),
+                         sizeof(kPilotLogID)) != 0)
     return;
 
   const base::TimeDelta sth_age = base::Time::Now() - sth.timestamp;
@@ -38,6 +50,13 @@ void STHDistributor::NewSTHObserved(const SignedTreeHead& sth) {
 
 void STHDistributor::RegisterObserver(STHObserver* observer) {
   observer_list_.AddObserver(observer);
+  // Make a local copy, because notifying the |observer| of a
+  // new STH may result in this class being notified of a
+  // (different) new STH, thus invalidating the iterator.
+  std::vector<SignedTreeHead> local_sths(observed_sths_);
+
+  for (const auto& sth : local_sths)
+    observer->NewSTHObserved(sth);
 }
 
 void STHDistributor::UnregisterObserver(STHObserver* observer) {
diff --git a/chromium/net/cert/sth_distributor.h b/chromium/net/cert/sth_distributor.h
index 3d9691cc56c..fee3a62dd9b 100644
--- a/chromium/net/cert/sth_distributor.h
+++ b/chromium/net/cert/sth_distributor.h
@@ -5,6 +5,8 @@
 #ifndef NET_CERT_STH_DISTRIBUTOR_H_
 #define NET_CERT_STH_DISTRIBUTOR_H_
 
+#include <vector>
+
 #include "base/observer_list.h"
 #include "net/base/net_export.h"
 #include "net/cert/sth_observer.h"
@@ -14,6 +16,8 @@ namespace net {
 
 namespace ct {
 
+struct SignedTreeHead;
+
 // A proxy for delegating new STH notifications to all registered
 // observers.
 // For each |observer| registered with RegisterObserver, the
@@ -28,10 +32,20 @@ class NET_EXPORT STHDistributor : public STHObserver, public STHReporter {
   void NewSTHObserved(const SignedTreeHead& sth) override;
 
   // STHReporter implementation
+  // Registers |observer| for new STH notifications. On registration,
+  // the |observer| will be notified of the latest STH for each log tha the
+  // STHDistributor has observed.
   void RegisterObserver(STHObserver* observer) override;
+
+  // Unregisters |observer|, which must have been previously
+  // registered via RegisterObserver()
   void UnregisterObserver(STHObserver* observer) override;
 
  private:
+  // STHs from logs, one for each log.
+  std::vector<SignedTreeHead> observed_sths_;
+
+  // The observers for new STH notifications.
   base::ObserverList<STHObserver> observer_list_;
 };
 
diff --git a/chromium/net/cert/sth_distributor_unittest.cc b/chromium/net/cert/sth_distributor_unittest.cc
new file mode 100644
index 00000000000..1dcecf6b09d
--- /dev/null
+++ b/chromium/net/cert/sth_distributor_unittest.cc
@@ -0,0 +1,133 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/cert/sth_distributor.h"
+
+#include <map>
+#include <string>
+
+#include "base/test/histogram_tester.h"
+#include "crypto/sha2.h"
+#include "net/cert/signed_tree_head.h"
+#include "net/cert/sth_observer.h"
+#include "net/test/ct_test_util.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace net {
+
+namespace ct {
+
+namespace {
+
+// An STHObserver implementation that simply stores all
+// observed STHs, keyed by log ID.
+class StoringSTHObserver : public STHObserver {
+ public:
+  void NewSTHObserved(const SignedTreeHead& sth) override {
+    sths[sth.log_id] = sth;
+  }
+
+  std::map<std::string, SignedTreeHead> sths;
+};
+
+class STHDistributorTest : public ::testing::Test {
+ public:
+  STHDistributorTest() {}
+
+  void SetUp() override {
+    ASSERT_TRUE(GetSampleSignedTreeHead(&sample_sth_));
+    sample_sth_.log_id = GetTestPublicKeyId();
+  }
+
+ protected:
+  STHDistributor distributor_;
+  SignedTreeHead sample_sth_;
+};
+
+// Test that when a new observer is registered, the STHDistributor notifies it
+// of all the observed STHs it received so far.
+// This test makes sure that all observed STHs are reported to the observer.
+TEST_F(STHDistributorTest, NotifiesOfExistingSTHs) {
+  // Create an STH that differs from the |sample_sth_| by belonging to a
+  // different log.
+  const std::string other_log = "another log";
+  SignedTreeHead second_sth(sample_sth_);
+  second_sth.log_id = other_log;
+
+  // Notify |distributor_| of both STHs.
+  distributor_.NewSTHObserved(sample_sth_);
+  distributor_.NewSTHObserved(second_sth);
+
+  StoringSTHObserver observer;
+  distributor_.RegisterObserver(&observer);
+
+  // Check that two STHs from different logs received prior to observer
+  // registration were reported to the observer once registered.
+  EXPECT_EQ(2u, observer.sths.size());
+  EXPECT_EQ(1u, observer.sths.count(other_log));
+}
+
+// Test that histograms are properly recorded for the STH age when an STH
+// from Google's Pilot log is observed.
+TEST_F(STHDistributorTest, LogsUMAForPilotSTH) {
+  const char kPilotSTHAgeHistogram[] =
+      "Net.CertificateTransparency.PilotSTHAge";
+  base::HistogramTester histograms;
+  histograms.ExpectTotalCount(kPilotSTHAgeHistogram, 0);
+
+  const uint8_t kPilotLogID[] = {
+      0xa4, 0xb9, 0x09, 0x90, 0xb4, 0x18, 0x58, 0x14, 0x87, 0xbb, 0x13,
+      0xa2, 0xcc, 0x67, 0x70, 0x0a, 0x3c, 0x35, 0x98, 0x04, 0xf9, 0x1b,
+      0xdf, 0xb8, 0xe3, 0x77, 0xcd, 0x0e, 0xc8, 0x0d, 0xdc, 0x10};
+  sample_sth_.log_id = std::string(reinterpret_cast<const char*>(kPilotLogID),
+                                   crypto::kSHA256Length);
+
+  distributor_.NewSTHObserved(sample_sth_);
+  histograms.ExpectTotalCount(kPilotSTHAgeHistogram, 1);
+}
+
+// Test that the STHDistributor updates, rather than accumulates, STHs
+// coming from the same log.
+// This is tested by notifying the STHDistributor of an STH, modifying that
+// STH, notifying the STHDistributor of the modified STH, then registering
+// an observer which should get notified only once, with the modified STH.
+TEST_F(STHDistributorTest, UpdatesObservedSTHData) {
+  // Observe an initial STH
+  StoringSTHObserver observer;
+  distributor_.RegisterObserver(&observer);
+
+  distributor_.NewSTHObserved(sample_sth_);
+
+  EXPECT_EQ(1u, observer.sths.size());
+  EXPECT_EQ(sample_sth_, observer.sths[GetTestPublicKeyId()]);
+
+  // Observe a new STH. "new" simply means that it is a more recently observed
+  // SignedTreeHead for the given log ID, not necessarily that it's newer
+  // chronologically (the timestamp) or the log state (the tree size).
+  // To make sure the more recently observed SignedTreeHead is returned, just
+  // modify some fields.
+  SignedTreeHead new_sth = sample_sth_;
+  new_sth.tree_size++;
+  new_sth.timestamp -= base::TimeDelta::FromSeconds(3);
+
+  distributor_.NewSTHObserved(new_sth);
+  // The STH should have been broadcast to existing observers.
+  EXPECT_EQ(1u, observer.sths.size());
+  EXPECT_NE(sample_sth_, observer.sths[GetTestPublicKeyId()]);
+  EXPECT_EQ(new_sth, observer.sths[GetTestPublicKeyId()]);
+
+  // Registering a new observer should only receive the most recently observed
+  // STH.
+  StoringSTHObserver new_observer;
+  distributor_.RegisterObserver(&new_observer);
+  EXPECT_EQ(1u, new_observer.sths.size());
+  EXPECT_NE(sample_sth_, new_observer.sths[GetTestPublicKeyId()]);
+  EXPECT_EQ(new_sth, new_observer.sths[GetTestPublicKeyId()]);
+}
+
+}  // namespace
+
+}  // namespace ct
+
+}  // namespace net
diff --git a/chromium/net/cert/test_root_certs.h b/chromium/net/cert/test_root_certs.h
index 412bbe8a3be..1775e39379c 100644
--- a/chromium/net/cert/test_root_certs.h
+++ b/chromium/net/cert/test_root_certs.h
@@ -11,7 +11,7 @@
 #include "build/build_config.h"
 #include "net/base/net_export.h"
 
-#if defined(USE_NSS_VERIFIER)
+#if defined(USE_NSS_CERTS)
 #include <list>
 #elif defined(USE_OPENSSL_CERTS) && !defined(OS_ANDROID)
 #include <vector>
@@ -67,7 +67,7 @@ class NET_EXPORT TestRootCerts {
 
 #if defined(USE_NSS_CERTS)
   bool Contains(CERTCertificate* cert) const;
-#elif defined(OS_MACOSX) && !defined(USE_NSS_VERIFIER)
+#elif defined(OS_MACOSX) && !defined(USE_NSS_CERTS)
   CFArrayRef temporary_roots() const { return temporary_roots_; }
 
   // Modifies the root certificates of |trust_ref| to include the
@@ -102,7 +102,7 @@ class NET_EXPORT TestRootCerts {
   // Performs platform-dependent initialization.
   void Init();
 
-#if defined(USE_NSS_VERIFIER)
+#if defined(USE_NSS_CERTS)
   // It is necessary to maintain a cache of the original certificate trust
   // settings, in order to restore them when Clear() is called.
   class TrustEntry;
diff --git a/chromium/net/cert/test_root_certs_unittest.cc b/chromium/net/cert/test_root_certs_unittest.cc
index 2f449e7651e..296e3a863de 100644
--- a/chromium/net/cert/test_root_certs_unittest.cc
+++ b/chromium/net/cert/test_root_certs_unittest.cc
@@ -14,7 +14,7 @@
 #include "net/test/cert_test_util.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
-#if defined(USE_NSS_VERIFIER)
+#if defined(USE_NSS_CERTS)
 #include <nss.h>
 #endif
 
@@ -68,14 +68,13 @@ TEST(TestRootCertsTest, AddFromFile) {
 // the results of the rest of net_unittests, ensuring that the trust status
 // is properly being set and cleared.
 TEST(TestRootCertsTest, OverrideTrust) {
-#if defined(USE_NSS_VERIFIER)
+#if defined(USE_NSS_CERTS)
   if (NSS_VersionCheck("3.14.2") && !NSS_VersionCheck("3.15")) {
     // See http://bugzil.la/863947 for details
     LOG(INFO) << "Skipping test for NSS 3.14.2 - NSS 3.15";
     return;
   }
 #endif
-
   TestRootCerts* test_roots = TestRootCerts::GetInstance();
   ASSERT_NE(static_cast<TestRootCerts*>(NULL), test_roots);
   EXPECT_TRUE(test_roots->IsEmpty());
diff --git a/chromium/net/cert/x509_cert_types.cc b/chromium/net/cert/x509_cert_types.cc
index 766a1f0429b..e2ffb3d1b05 100644
--- a/chromium/net/cert/x509_cert_types.cc
+++ b/chromium/net/cert/x509_cert_types.cc
@@ -23,8 +23,8 @@ namespace {
 // untouched otherwise. Returns the parsed integer.
 int ParseIntAndAdvance(const char** field, size_t field_len, bool* ok) {
   int result = 0;
-  *ok &=
-      ParseNonNegativeDecimalInt(base::StringPiece(*field, field_len), &result);
+  *ok &= ParseInt32(base::StringPiece(*field, field_len),
+                    ParseIntFormat::NON_NEGATIVE, &result);
   *field += field_len;
   return result;
 }
diff --git a/chromium/net/cert/x509_cert_types_win.cc b/chromium/net/cert/x509_cert_types_win.cc
index 032c2480940..9857716e35e 100644
--- a/chromium/net/cert/x509_cert_types_win.cc
+++ b/chromium/net/cert/x509_cert_types_win.cc
@@ -6,9 +6,10 @@
 
 #include <windows.h>
 
+#include <memory>
+
 #include "base/logging.h"
 #include "base/memory/free_deleter.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_util.h"
 #include "base/strings/utf_string_conversions.h"
 #include "crypto/capi_util.h"
@@ -104,7 +105,8 @@ bool CertPrincipal::ParseDistinguishedName(const void* ber_name_data,
                            &name_info, &name_info_size);
   if (!rv)
     return false;
-  scoped_ptr<CERT_NAME_INFO, base::FreeDeleter> scoped_name_info(name_info);
+  std::unique_ptr<CERT_NAME_INFO, base::FreeDeleter> scoped_name_info(
+      name_info);
 
   std::vector<std::string> common_names, locality_names, state_names,
       country_names;
diff --git a/chromium/net/cert/x509_certificate.cc b/chromium/net/cert/x509_certificate.cc
index 797793fa634..adfe9e55ccb 100644
--- a/chromium/net/cert/x509_certificate.cc
+++ b/chromium/net/cert/x509_certificate.cc
@@ -9,6 +9,7 @@
 
 #include <algorithm>
 #include <map>
+#include <memory>
 #include <string>
 #include <vector>
 
@@ -16,7 +17,6 @@
 #include "base/lazy_instance.h"
 #include "base/logging.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/singleton.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/pickle.h"
@@ -715,7 +715,7 @@ SHA256HashValue X509Certificate::CalculateCAFingerprint256(
   SHA256HashValue sha256;
   memset(sha256.data, 0, sizeof(sha256.data));
 
-  scoped_ptr<crypto::SecureHash> hash(
+  std::unique_ptr<crypto::SecureHash> hash(
       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
 
   for (size_t i = 0; i < intermediates.size(); ++i) {
diff --git a/chromium/net/cert/x509_certificate_ios.cc b/chromium/net/cert/x509_certificate_ios.cc
index d458589872d..553c63a4281 100644
--- a/chromium/net/cert/x509_certificate_ios.cc
+++ b/chromium/net/cert/x509_certificate_ios.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Copyright (c) 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -7,40 +7,28 @@
 #include <CommonCrypto/CommonDigest.h>
 #include <Security/Security.h>
 
-#include <cert.h>
-#include <cryptohi.h>
-#include <keyhi.h>
-#include <nss.h>
-#include <pk11pub.h>
-#include <prerror.h>
-#include <prtime.h>
-#include <prtypes.h>
-#include <secder.h>
-#include <secerr.h>
-#include <sslerr.h>
-
-#include <vector>
-
-#include "base/logging.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
 #include "base/mac/scoped_cftyperef.h"
-#include "base/memory/scoped_ptr.h"
-#include "base/numerics/safe_conversions.h"
 #include "base/pickle.h"
-#include "base/time/time.h"
-#include "crypto/nss_util.h"
-#include "crypto/scoped_nss_types.h"
-#include "net/base/net_errors.h"
-#include "net/cert/asn1_util.h"
-#include "net/cert/cert_status_flags.h"
-#include "net/cert/cert_verify_result.h"
-#include "net/cert/ev_root_ca_metadata.h"
-#include "net/cert/x509_util_ios.h"
-#include "net/cert/x509_util_nss.h"
+#include "base/strings/string_piece.h"
+#include "base/strings/string_util.h"
+#include "crypto/openssl_util.h"
+#include "crypto/scoped_openssl_types.h"
+#include "net/base/ip_address.h"
+#include "net/cert/x509_util_openssl.h"
+#include "net/ssl/openssl_ssl_util.h"
 
 using base::ScopedCFTypeRef;
 
 namespace net {
+
 namespace {
+
+using ScopedGENERAL_NAMES =
+    crypto::ScopedOpenSSL<GENERAL_NAMES, GENERAL_NAMES_free>;
+
 // Returns true if a given |cert_handle| is actually a valid X.509 certificate
 // handle.
 //
@@ -53,115 +41,127 @@ namespace {
 bool IsValidOSCertHandle(SecCertificateRef cert_handle) {
   ScopedCFTypeRef<CFStringRef> sanity_check(
       SecCertificateCopySubjectSummary(cert_handle));
-  return sanity_check != NULL;
+  return sanity_check != nullptr;
 }
-}  // namespace
 
-void X509Certificate::Initialize() {
-  x509_util_ios::NSSCertificate nss_cert(cert_handle_);
-  CERTCertificate* cert_handle = nss_cert.cert_handle();
-  if (cert_handle) {
-    x509_util::ParsePrincipal(&cert_handle->subject, &subject_);
-    x509_util::ParsePrincipal(&cert_handle->issuer, &issuer_);
-    x509_util::ParseDate(&cert_handle->validity.notBefore, &valid_start_);
-    x509_util::ParseDate(&cert_handle->validity.notAfter, &valid_expiry_);
-    serial_number_ = x509_util::ParseSerialNumber(cert_handle);
+void CreateOSCertHandlesFromPKCS7Bytes(
+    const char* data,
+    size_t length,
+    X509Certificate::OSCertHandles* handles) {
+  crypto::EnsureOpenSSLInit();
+  crypto::OpenSSLErrStackTracer err_cleaner(FROM_HERE);
+
+  CBS der_data;
+  CBS_init(&der_data, reinterpret_cast<const uint8_t*>(data), length);
+  STACK_OF(X509)* certs = sk_X509_new_null();
+
+  if (PKCS7_get_certificates(certs, &der_data)) {
+    for (size_t i = 0; i < sk_X509_num(certs); ++i) {
+      X509* x509_cert = sk_X509_value(certs, i);
+      base::StringPiece der;
+      if (!x509_util::GetDER(x509_cert, &der))
+        return;
+      handles->push_back(X509Certificate::CreateOSCertHandleFromBytes(
+          der.data(), der.length()));
+    }
   }
-  fingerprint_ = CalculateFingerprint(cert_handle_);
-  ca_fingerprint_ = CalculateCAFingerprint(intermediate_ca_certs_);
+  sk_X509_pop_free(certs, X509_free);
 }
 
-bool X509Certificate::IsIssuedByEncoded(
-    const std::vector<std::string>& valid_issuers) {
-  x509_util_ios::NSSCertChain nss_chain(this);
-  // Convert to scoped CERTName* list.
-  std::vector<CERTName*> issuers;
-  crypto::ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
-  if (!x509_util::GetIssuersFromEncodedList(valid_issuers,
-                                            arena.get(),
-                                            &issuers)) {
-    return false;
+void ParsePrincipalValues(X509_NAME* name,
+                          int nid,
+                          std::vector<std::string>* fields) {
+  for (int index = -1;
+       (index = X509_NAME_get_index_by_NID(name, nid, index)) != -1;) {
+    std::string field;
+    if (!x509_util::ParsePrincipalValueByIndex(name, index, &field))
+      break;
+    fields->push_back(field);
   }
-  return x509_util::IsCertificateIssuedBy(
-      nss_chain.cert_chain(), issuers);
 }
 
-void X509Certificate::GetSubjectAltName(
-    std::vector<std::string>* dns_names,
-    std::vector<std::string>* ip_addrs) const {
-  x509_util_ios::NSSCertificate nss_cert(cert_handle_);
-  CERTCertificate* cert_handle = nss_cert.cert_handle();
-  if (!cert_handle) {
-    if (dns_names)
-      dns_names->clear();
-    if (ip_addrs)
-      ip_addrs->clear();
+void ParsePrincipal(X509Certificate::OSCertHandle os_cert,
+                    X509_NAME* x509_name,
+                    CertPrincipal* principal) {
+  if (!x509_name)
     return;
-  }
-  x509_util::GetSubjectAltName(cert_handle, dns_names, ip_addrs);
-}
 
-// static
-bool X509Certificate::GetDEREncoded(OSCertHandle cert_handle,
-                                    std::string* encoded) {
-  if (!cert_handle)
-    return false;
-  ScopedCFTypeRef<CFDataRef> der_data(SecCertificateCopyData(cert_handle));
-  if (!der_data)
-    return false;
-  encoded->assign(reinterpret_cast<const char*>(CFDataGetBytePtr(der_data)),
-                  CFDataGetLength(der_data));
-  return true;
-}
+  ParsePrincipalValues(x509_name, NID_streetAddress,
+                       &principal->street_addresses);
+  ParsePrincipalValues(x509_name, NID_organizationName,
+                       &principal->organization_names);
+  ParsePrincipalValues(x509_name, NID_organizationalUnitName,
+                       &principal->organization_unit_names);
+  ParsePrincipalValues(x509_name, NID_domainComponent,
+                       &principal->domain_components);
 
-// static
-bool X509Certificate::IsSameOSCert(X509Certificate::OSCertHandle a,
-                                   X509Certificate::OSCertHandle b) {
-  DCHECK(a && b);
-  if (a == b)
-    return true;
-  if (CFEqual(a, b))
-    return true;
-  ScopedCFTypeRef<CFDataRef> a_data(SecCertificateCopyData(a));
-  ScopedCFTypeRef<CFDataRef> b_data(SecCertificateCopyData(b));
-  return a_data && b_data &&
-         CFDataGetLength(a_data) == CFDataGetLength(b_data) &&
-         memcmp(CFDataGetBytePtr(a_data), CFDataGetBytePtr(b_data),
-                CFDataGetLength(a_data)) == 0;
+  x509_util::ParsePrincipalValueByNID(x509_name, NID_commonName,
+                                      &principal->common_name);
+  x509_util::ParsePrincipalValueByNID(x509_name, NID_localityName,
+                                      &principal->locality_name);
+  x509_util::ParsePrincipalValueByNID(x509_name, NID_stateOrProvinceName,
+                                      &principal->state_or_province_name);
+  x509_util::ParsePrincipalValueByNID(x509_name, NID_countryName,
+                                      &principal->country_name);
 }
 
-// static
-X509Certificate::OSCertHandle X509Certificate::CreateOSCertHandleFromBytes(
-    const char* data,
-    size_t length) {
-  ScopedCFTypeRef<CFDataRef> cert_data(CFDataCreateWithBytesNoCopy(
-      kCFAllocatorDefault, reinterpret_cast<const UInt8*>(data),
-      base::checked_cast<CFIndex>(length), kCFAllocatorNull));
-  if (!cert_data)
-    return nullptr;
-  OSCertHandle cert_handle = SecCertificateCreateWithData(NULL, cert_data);
-  if (!cert_handle)
-    return nullptr;
-  if (!IsValidOSCertHandle(cert_handle)) {
-    CFRelease(cert_handle);
-    return nullptr;
+void ParseSubjectAltName(X509Certificate::OSCertHandle os_cert,
+                         std::vector<std::string>* dns_names,
+                         std::vector<std::string>* ip_addresses) {
+  DCHECK(dns_names || ip_addresses);
+  ScopedX509 cert = OSCertHandleToOpenSSL(os_cert);
+  if (!cert.get())
+    return;
+  int index = X509_get_ext_by_NID(cert.get(), NID_subject_alt_name, -1);
+  X509_EXTENSION* alt_name_ext = X509_get_ext(cert.get(), index);
+  if (!alt_name_ext)
+    return;
+
+  ScopedGENERAL_NAMES alt_names(
+      reinterpret_cast<GENERAL_NAMES*>(X509V3_EXT_d2i(alt_name_ext)));
+  if (!alt_names.get())
+    return;
+
+  for (size_t i = 0; i < sk_GENERAL_NAME_num(alt_names.get()); ++i) {
+    const GENERAL_NAME* name = sk_GENERAL_NAME_value(alt_names.get(), i);
+    if (name->type == GEN_DNS && dns_names) {
+      const unsigned char* dns_name = ASN1_STRING_data(name->d.dNSName);
+      if (!dns_name)
+        continue;
+      int dns_name_len = ASN1_STRING_length(name->d.dNSName);
+      dns_names->push_back(
+          std::string(reinterpret_cast<const char*>(dns_name), dns_name_len));
+    } else if (name->type == GEN_IPADD && ip_addresses) {
+      const unsigned char* ip_addr = name->d.iPAddress->data;
+      if (!ip_addr)
+        continue;
+      int ip_addr_len = name->d.iPAddress->length;
+      if (ip_addr_len != static_cast<int>(IPAddress::kIPv4AddressSize) &&
+          ip_addr_len != static_cast<int>(IPAddress::kIPv6AddressSize)) {
+        // http://www.ietf.org/rfc/rfc3280.txt requires subjectAltName iPAddress
+        // to have 4 or 16 bytes, whereas in a name constraint it includes a
+        // net mask hence 8 or 32 bytes. Logging to help diagnose any mixup.
+        LOG(WARNING) << "Bad sized IP Address in cert: " << ip_addr_len;
+        continue;
+      }
+      ip_addresses->push_back(
+          std::string(reinterpret_cast<const char*>(ip_addr), ip_addr_len));
+    }
   }
-  return cert_handle;
 }
 
-// static
-X509Certificate::OSCertHandles X509Certificate::CreateOSCertHandlesFromBytes(
-    const char* data,
-    size_t length,
-    Format format) {
-  return x509_util::CreateOSCertHandlesFromBytes(data, length, format);
+// Used to free a list of X509_NAMEs and the objects it points to.
+void sk_X509_NAME_free_all(STACK_OF(X509_NAME) * sk) {
+  sk_X509_NAME_pop_free(sk, X509_NAME_free);
 }
 
+}  // namespace
+
 // static
 X509Certificate::OSCertHandle X509Certificate::DupOSCertHandle(
     OSCertHandle handle) {
   if (!handle)
-    return NULL;
+    return nullptr;
   return reinterpret_cast<OSCertHandle>(const_cast<void*>(CFRetain(handle)));
 }
 
@@ -171,9 +171,37 @@ void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) {
     CFRelease(cert_handle);
 }
 
+void X509Certificate::Initialize() {
+  crypto::EnsureOpenSSLInit();
+  fingerprint_ = CalculateFingerprint(cert_handle_);
+  ca_fingerprint_ = CalculateCAFingerprint(intermediate_ca_certs_);
+  ScopedX509 x509_cert = OSCertHandleToOpenSSL(cert_handle_);
+  if (!x509_cert)
+    return;
+  ASN1_INTEGER* serial_num = X509_get_serialNumber(x509_cert.get());
+  if (serial_num) {
+    // ASN1_INTEGERS represent the decoded number, in a format internal to
+    // OpenSSL. Most notably, this may have leading zeroes stripped off for
+    // numbers whose first byte is >= 0x80. Thus, it is necessary to
+    // re-encoded the integer back into DER, which is what the interface
+    // of X509Certificate exposes, to ensure callers get the proper (DER)
+    // value.
+    int bytes_required = i2c_ASN1_INTEGER(serial_num, nullptr);
+    unsigned char* buffer = reinterpret_cast<unsigned char*>(
+        base::WriteInto(&serial_number_, bytes_required + 1));
+    int bytes_written = i2c_ASN1_INTEGER(serial_num, &buffer);
+    DCHECK_EQ(static_cast<size_t>(bytes_written), serial_number_.size());
+  }
+
+  ParsePrincipal(cert_handle_, X509_get_subject_name(x509_cert.get()),
+                 &subject_);
+  ParsePrincipal(cert_handle_, X509_get_issuer_name(x509_cert.get()), &issuer_);
+  x509_util::ParseDate(X509_get_notBefore(x509_cert.get()), &valid_start_);
+  x509_util::ParseDate(X509_get_notAfter(x509_cert.get()), &valid_expiry_);
+}
+
 // static
-SHA1HashValue X509Certificate::CalculateFingerprint(
-    OSCertHandle cert) {
+SHA1HashValue X509Certificate::CalculateFingerprint(OSCertHandle cert) {
   SHA1HashValue sha1;
   memset(sha1.data, 0, sizeof(sha1.data));
 
@@ -197,8 +225,8 @@ SHA256HashValue X509Certificate::CalculateFingerprint256(OSCertHandle cert) {
     return sha256;
   DCHECK(CFDataGetBytePtr(cert_data));
   DCHECK_NE(0, CFDataGetLength(cert_data));
-  CC_SHA256(
-      CFDataGetBytePtr(cert_data), CFDataGetLength(cert_data), sha256.data);
+  CC_SHA256(CFDataGetBytePtr(cert_data), CFDataGetLength(cert_data),
+            sha256.data);
 
   return sha256;
 }
@@ -209,17 +237,14 @@ SHA1HashValue X509Certificate::CalculateCAFingerprint(
   SHA1HashValue sha1;
   memset(sha1.data, 0, sizeof(sha1.data));
 
-  // The CC_SHA(3cc) man page says all CC_SHA1_xxx routines return 1, so
-  // we don't check their return values.
   CC_SHA1_CTX sha1_ctx;
   CC_SHA1_Init(&sha1_ctx);
   for (size_t i = 0; i < intermediates.size(); ++i) {
-    ScopedCFTypeRef<CFDataRef>
-        cert_data(SecCertificateCopyData(intermediates[i]));
+    ScopedCFTypeRef<CFDataRef> cert_data(
+        SecCertificateCopyData(intermediates[i]));
     if (!cert_data)
       return sha1;
-    CC_SHA1_Update(&sha1_ctx,
-                   CFDataGetBytePtr(cert_data),
+    CC_SHA1_Update(&sha1_ctx, CFDataGetBytePtr(cert_data),
                    CFDataGetLength(cert_data));
   }
   CC_SHA1_Final(sha1.data, &sha1_ctx);
@@ -227,9 +252,93 @@ SHA1HashValue X509Certificate::CalculateCAFingerprint(
 }
 
 // static
+X509Certificate::OSCertHandle X509Certificate::CreateOSCertHandleFromBytes(
+    const char* data,
+    size_t length) {
+  ScopedCFTypeRef<CFDataRef> cert_data(CFDataCreateWithBytesNoCopy(
+      kCFAllocatorDefault, reinterpret_cast<const UInt8*>(data),
+      base::checked_cast<CFIndex>(length), kCFAllocatorNull));
+  if (!cert_data)
+    return nullptr;
+  OSCertHandle cert_handle = SecCertificateCreateWithData(nullptr, cert_data);
+  if (!cert_handle)
+    return nullptr;
+  if (!IsValidOSCertHandle(cert_handle)) {
+    CFRelease(cert_handle);
+    return nullptr;
+  }
+  return cert_handle;
+}
+
+// static
+X509Certificate::OSCertHandles X509Certificate::CreateOSCertHandlesFromBytes(
+    const char* data,
+    size_t length,
+    Format format) {
+  OSCertHandles results;
+
+  switch (format) {
+    case FORMAT_SINGLE_CERTIFICATE: {
+      OSCertHandle handle =
+          X509Certificate::CreateOSCertHandleFromBytes(data, length);
+      if (handle)
+        results.push_back(handle);
+      break;
+    }
+    case FORMAT_PKCS7: {
+      CreateOSCertHandlesFromPKCS7Bytes(data, length, &results);
+      break;
+    }
+    default: {
+      NOTREACHED() << "Certificate format " << format << " unimplemented";
+      break;
+    }
+  }
+
+  return results;
+}
+
+void X509Certificate::GetSubjectAltName(
+    std::vector<std::string>* dns_names,
+    std::vector<std::string>* ip_addrs) const {
+  if (dns_names)
+    dns_names->clear();
+  if (ip_addrs)
+    ip_addrs->clear();
+
+  ParseSubjectAltName(cert_handle_, dns_names, ip_addrs);
+}
+
+// static
+bool X509Certificate::GetDEREncoded(X509Certificate::OSCertHandle cert_handle,
+                                    std::string* encoded) {
+  base::StringPiece der;
+  if (!cert_handle)
+    return false;
+  ScopedCFTypeRef<CFDataRef> der_data(SecCertificateCopyData(cert_handle));
+  if (!der_data)
+    return false;
+  encoded->assign(reinterpret_cast<const char*>(CFDataGetBytePtr(der_data)),
+                  CFDataGetLength(der_data));
+  return true;
+}
+
+// static
+bool X509Certificate::IsSameOSCert(X509Certificate::OSCertHandle a,
+                                   X509Certificate::OSCertHandle b) {
+  DCHECK(a && b);
+  return CFEqual(a, b);
+}
+
+// static
 X509Certificate::OSCertHandle X509Certificate::ReadOSCertHandleFromPickle(
     base::PickleIterator* pickle_iter) {
-  return x509_util::ReadOSCertHandleFromPickle(pickle_iter);
+  const char* data;
+  int length;
+  if (!pickle_iter->ReadData(&data, &length))
+    return nullptr;
+
+  return X509Certificate::CreateOSCertHandleFromBytes(data, length);
 }
 
 // static
@@ -245,22 +354,121 @@ bool X509Certificate::WriteOSCertHandleToPickle(OSCertHandle cert_handle,
 }
 
 // static
-void X509Certificate::GetPublicKeyInfo(OSCertHandle cert_handle,
+void X509Certificate::GetPublicKeyInfo(OSCertHandle os_cert,
                                        size_t* size_bits,
                                        PublicKeyType* type) {
-  x509_util_ios::NSSCertificate nss_cert(cert_handle);
-  x509_util::GetPublicKeyInfo(nss_cert.cert_handle(), size_bits, type);
+  *type = kPublicKeyTypeUnknown;
+  *size_bits = 0;
+  ScopedX509 cert = OSCertHandleToOpenSSL(os_cert);
+  if (!cert)
+    return;
+  crypto::ScopedEVP_PKEY scoped_key(X509_get_pubkey(cert.get()));
+  if (!scoped_key)
+    return;
+
+  EVP_PKEY* key = scoped_key.get();
+
+  switch (key->type) {
+    case EVP_PKEY_RSA:
+      *type = kPublicKeyTypeRSA;
+      break;
+    case EVP_PKEY_DSA:
+      *type = kPublicKeyTypeDSA;
+      break;
+    case EVP_PKEY_EC:
+      *type = kPublicKeyTypeECDSA;
+      break;
+    case EVP_PKEY_DH:
+      *type = kPublicKeyTypeDH;
+      break;
+  }
+  *size_bits = EVP_PKEY_bits(key);
+}
+
+bool X509Certificate::SupportsSSLClientAuth() const {
+  return false;
+}
+
+CFMutableArrayRef X509Certificate::CreateOSCertChainForCert() const {
+  CFMutableArrayRef cert_list =
+      CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
+  if (!cert_list)
+    return nullptr;
+
+  CFArrayAppendValue(cert_list, os_cert_handle());
+  for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i)
+    CFArrayAppendValue(cert_list, intermediate_ca_certs_[i]);
+
+  return cert_list;
+}
+
+bool X509Certificate::IsIssuedByEncoded(
+    const std::vector<std::string>& valid_issuers) {
+  if (valid_issuers.empty())
+    return false;
+
+  // Convert to a temporary list of X509_NAME objects.
+  // It will own the objects it points to.
+  crypto::ScopedOpenSSL<STACK_OF(X509_NAME), sk_X509_NAME_free_all>
+      issuer_names(sk_X509_NAME_new_null());
+  if (!issuer_names)
+    return false;
+
+  for (std::vector<std::string>::const_iterator it = valid_issuers.begin();
+       it != valid_issuers.end(); ++it) {
+    const unsigned char* p = reinterpret_cast<const unsigned char*>(it->data());
+    long len = static_cast<long>(it->length());
+    X509_NAME* ca_name = d2i_X509_NAME(nullptr, &p, len);
+    if (ca_name == nullptr)
+      return false;
+    sk_X509_NAME_push(issuer_names.get(), ca_name);
+  }
+
+  ScopedX509 x509_cert = OSCertHandleToOpenSSL(cert_handle_);
+  if (!x509_cert)
+    return false;
+  X509_NAME* cert_issuer = X509_get_issuer_name(x509_cert.get());
+  if (cert_issuer == nullptr)
+    return false;
+
+  for (size_t m = 0; m < sk_X509_NAME_num(issuer_names.get()); ++m) {
+    X509_NAME* issuer = sk_X509_NAME_value(issuer_names.get(), m);
+    if (X509_NAME_cmp(issuer, cert_issuer) == 0) {
+      return true;
+    }
+  }
+
+  for (OSCertHandles::iterator it = intermediate_ca_certs_.begin();
+       it != intermediate_ca_certs_.end(); ++it) {
+    ScopedX509 intermediate_cert = OSCertHandleToOpenSSL(*it);
+    if (!intermediate_cert)
+      return false;
+    cert_issuer = X509_get_issuer_name(intermediate_cert.get());
+    if (cert_issuer == nullptr)
+      return false;
+
+    for (size_t m = 0; m < sk_X509_NAME_num(issuer_names.get()); ++m) {
+      X509_NAME* issuer = sk_X509_NAME_value(issuer_names.get(), m);
+      if (X509_NAME_cmp(issuer, cert_issuer) == 0) {
+        return true;
+      }
+    }
+  }
+
+  return false;
 }
 
 // static
-bool X509Certificate::IsSelfSigned(OSCertHandle cert_handle) {
-  x509_util_ios::NSSCertificate nss_cert(cert_handle);
-  crypto::ScopedSECKEYPublicKey public_key(
-      CERT_ExtractPublicKey(nss_cert.cert_handle()));
-  if (!public_key.get())
+bool X509Certificate::IsSelfSigned(OSCertHandle os_cert) {
+  ScopedX509 cert = OSCertHandleToOpenSSL(os_cert);
+  if (!cert)
     return false;
-  return SECSuccess == CERT_VerifySignedDataWithPublicKey(
-      &nss_cert.cert_handle()->signatureWrap, public_key.get(), NULL);
+  crypto::ScopedEVP_PKEY scoped_key(X509_get_pubkey(cert.get()));
+  if (!scoped_key)
+    return false;
+
+  // NOTE: X509_verify() returns 1 in case of success, 0 or -1 on error.
+  return X509_verify(cert.get(), scoped_key.get()) == 1;
 }
 
 }  // namespace net
diff --git a/chromium/net/cert/x509_certificate_net_log_param.cc b/chromium/net/cert/x509_certificate_net_log_param.cc
index 0a1bc8ed85b..801712a9bd8 100644
--- a/chromium/net/cert/x509_certificate_net_log_param.cc
+++ b/chromium/net/cert/x509_certificate_net_log_param.cc
@@ -4,6 +4,7 @@
 
 #include "net/cert/x509_certificate_net_log_param.h"
 
+#include <memory>
 #include <string>
 #include <utility>
 #include <vector>
@@ -13,11 +14,11 @@
 
 namespace net {
 
-scoped_ptr<base::Value> NetLogX509CertificateCallback(
+std::unique_ptr<base::Value> NetLogX509CertificateCallback(
     const X509Certificate* certificate,
     NetLogCaptureMode capture_mode) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
-  scoped_ptr<base::ListValue> certs(new base::ListValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::ListValue> certs(new base::ListValue());
   std::vector<std::string> encoded_chain;
   certificate->GetPEMEncodedChain(&encoded_chain);
   for (size_t i = 0; i < encoded_chain.size(); ++i)
diff --git a/chromium/net/cert/x509_certificate_net_log_param.h b/chromium/net/cert/x509_certificate_net_log_param.h
index 0aa2de3a818..8f073b98629 100644
--- a/chromium/net/cert/x509_certificate_net_log_param.h
+++ b/chromium/net/cert/x509_certificate_net_log_param.h
@@ -5,6 +5,8 @@
 #ifndef NET_BASE_X509_CERT_NET_LOG_PARAM_H_
 #define NET_BASE_X509_CERT_NET_LOG_PARAM_H_
 
+#include <memory>
+
 #include "net/log/net_log.h"
 
 namespace net {
@@ -12,7 +14,7 @@ namespace net {
 class X509Certificate;
 
 // Creates NetLog parameter to describe an X509Certificate.
-scoped_ptr<base::Value> NetLogX509CertificateCallback(
+std::unique_ptr<base::Value> NetLogX509CertificateCallback(
     const X509Certificate* certificate,
     NetLogCaptureMode capture_mode);
 
diff --git a/chromium/net/cert/x509_certificate_nss.cc b/chromium/net/cert/x509_certificate_nss.cc
index 14c8889eb20..4e6380648a3 100644
--- a/chromium/net/cert/x509_certificate_nss.cc
+++ b/chromium/net/cert/x509_certificate_nss.cc
@@ -2,8 +2,6 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "net/cert/x509_certificate.h"
-
 #include <cert.h>
 #include <cryptohi.h>
 #include <keyhi.h>
@@ -14,14 +12,16 @@
 #include <secder.h>
 #include <sechash.h>
 
+#include <memory>
+
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/numerics/safe_conversions.h"
 #include "base/pickle.h"
 #include "base/strings/stringprintf.h"
 #include "base/time/time.h"
 #include "crypto/nss_util.h"
 #include "crypto/scoped_nss_types.h"
+#include "net/cert/x509_certificate.h"
 #include "net/cert/x509_util_nss.h"
 
 namespace net {
diff --git a/chromium/net/cert/x509_certificate_openssl.cc b/chromium/net/cert/x509_certificate_openssl.cc
index ec31e6e371b..dc1b4ee6244 100644
--- a/chromium/net/cert/x509_certificate_openssl.cc
+++ b/chromium/net/cert/x509_certificate_openssl.cc
@@ -23,7 +23,7 @@
 #include "base/strings/string_util.h"
 #include "crypto/openssl_util.h"
 #include "crypto/scoped_openssl_types.h"
-#include "net/base/ip_address_number.h"
+#include "net/base/ip_address.h"
 #include "net/base/net_errors.h"
 #include "net/cert/x509_util_openssl.h"
 
@@ -125,8 +125,8 @@ void ParseSubjectAltName(X509Certificate::OSCertHandle cert,
       if (!ip_addr)
         continue;
       int ip_addr_len = name->d.iPAddress->length;
-      if (ip_addr_len != static_cast<int>(kIPv4AddressSize) &&
-          ip_addr_len != static_cast<int>(kIPv6AddressSize)) {
+      if (ip_addr_len != static_cast<int>(IPAddress::kIPv4AddressSize) &&
+          ip_addr_len != static_cast<int>(IPAddress::kIPv6AddressSize)) {
         // http://www.ietf.org/rfc/rfc3280.txt requires subjectAltName iPAddress
         // to have 4 or 16 bytes, whereas in a name constraint it includes a
         // net mask hence 8 or 32 bytes. Logging to help diagnose any mixup.
diff --git a/chromium/net/cert/x509_certificate_openssl_ios.cc b/chromium/net/cert/x509_certificate_openssl_ios.cc
deleted file mode 100644
index 96ed1dea510..00000000000
--- a/chromium/net/cert/x509_certificate_openssl_ios.cc
+++ /dev/null
@@ -1,474 +0,0 @@
-// Copyright (c) 2016 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "net/cert/x509_certificate.h"
-
-#include <CommonCrypto/CommonDigest.h>
-#include <Security/Security.h>
-
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-#include "base/mac/scoped_cftyperef.h"
-#include "base/pickle.h"
-#include "base/strings/string_piece.h"
-#include "base/strings/string_util.h"
-#include "crypto/openssl_util.h"
-#include "crypto/scoped_openssl_types.h"
-#include "net/base/ip_address_number.h"
-#include "net/cert/x509_util_openssl.h"
-#include "net/ssl/openssl_ssl_util.h"
-
-using base::ScopedCFTypeRef;
-
-namespace net {
-
-namespace {
-
-using ScopedGENERAL_NAMES =
-    crypto::ScopedOpenSSL<GENERAL_NAMES, GENERAL_NAMES_free>;
-
-// Returns true if a given |cert_handle| is actually a valid X.509 certificate
-// handle.
-//
-// SecCertificateCreateFromData() does not always force the immediate parsing of
-// the certificate, and as such, may return a SecCertificateRef for an
-// invalid/unparsable certificate. Force parsing to occur to ensure that the
-// SecCertificateRef is correct. On later versions where
-// SecCertificateCreateFromData() immediately parses, rather than lazily, this
-// call is cheap, as the subject is cached.
-bool IsValidOSCertHandle(SecCertificateRef cert_handle) {
-  ScopedCFTypeRef<CFStringRef> sanity_check(
-      SecCertificateCopySubjectSummary(cert_handle));
-  return sanity_check != nullptr;
-}
-
-void CreateOSCertHandlesFromPKCS7Bytes(
-    const char* data,
-    size_t length,
-    X509Certificate::OSCertHandles* handles) {
-  crypto::EnsureOpenSSLInit();
-  crypto::OpenSSLErrStackTracer err_cleaner(FROM_HERE);
-
-  CBS der_data;
-  CBS_init(&der_data, reinterpret_cast<const uint8_t*>(data), length);
-  STACK_OF(X509)* certs = sk_X509_new_null();
-
-  if (PKCS7_get_certificates(certs, &der_data)) {
-    for (size_t i = 0; i < sk_X509_num(certs); ++i) {
-      X509* x509_cert = sk_X509_value(certs, i);
-      base::StringPiece der;
-      if (!x509_util::GetDER(x509_cert, &der))
-        return;
-      handles->push_back(X509Certificate::CreateOSCertHandleFromBytes(
-          der.data(), der.length()));
-    }
-  }
-  sk_X509_pop_free(certs, X509_free);
-}
-
-void ParsePrincipalValues(X509_NAME* name,
-                          int nid,
-                          std::vector<std::string>* fields) {
-  for (int index = -1;
-       (index = X509_NAME_get_index_by_NID(name, nid, index)) != -1;) {
-    std::string field;
-    if (!x509_util::ParsePrincipalValueByIndex(name, index, &field))
-      break;
-    fields->push_back(field);
-  }
-}
-
-void ParsePrincipal(X509Certificate::OSCertHandle os_cert,
-                    X509_NAME* x509_name,
-                    CertPrincipal* principal) {
-  if (!x509_name)
-    return;
-
-  ParsePrincipalValues(x509_name, NID_streetAddress,
-                       &principal->street_addresses);
-  ParsePrincipalValues(x509_name, NID_organizationName,
-                       &principal->organization_names);
-  ParsePrincipalValues(x509_name, NID_organizationalUnitName,
-                       &principal->organization_unit_names);
-  ParsePrincipalValues(x509_name, NID_domainComponent,
-                       &principal->domain_components);
-
-  x509_util::ParsePrincipalValueByNID(x509_name, NID_commonName,
-                                      &principal->common_name);
-  x509_util::ParsePrincipalValueByNID(x509_name, NID_localityName,
-                                      &principal->locality_name);
-  x509_util::ParsePrincipalValueByNID(x509_name, NID_stateOrProvinceName,
-                                      &principal->state_or_province_name);
-  x509_util::ParsePrincipalValueByNID(x509_name, NID_countryName,
-                                      &principal->country_name);
-}
-
-void ParseSubjectAltName(X509Certificate::OSCertHandle os_cert,
-                         std::vector<std::string>* dns_names,
-                         std::vector<std::string>* ip_addresses) {
-  DCHECK(dns_names || ip_addresses);
-  ScopedX509 cert = OSCertHandleToOpenSSL(os_cert);
-  if (!cert.get())
-    return;
-  int index = X509_get_ext_by_NID(cert.get(), NID_subject_alt_name, -1);
-  X509_EXTENSION* alt_name_ext = X509_get_ext(cert.get(), index);
-  if (!alt_name_ext)
-    return;
-
-  ScopedGENERAL_NAMES alt_names(
-      reinterpret_cast<GENERAL_NAMES*>(X509V3_EXT_d2i(alt_name_ext)));
-  if (!alt_names.get())
-    return;
-
-  for (size_t i = 0; i < sk_GENERAL_NAME_num(alt_names.get()); ++i) {
-    const GENERAL_NAME* name = sk_GENERAL_NAME_value(alt_names.get(), i);
-    if (name->type == GEN_DNS && dns_names) {
-      const unsigned char* dns_name = ASN1_STRING_data(name->d.dNSName);
-      if (!dns_name)
-        continue;
-      int dns_name_len = ASN1_STRING_length(name->d.dNSName);
-      dns_names->push_back(
-          std::string(reinterpret_cast<const char*>(dns_name), dns_name_len));
-    } else if (name->type == GEN_IPADD && ip_addresses) {
-      const unsigned char* ip_addr = name->d.iPAddress->data;
-      if (!ip_addr)
-        continue;
-      int ip_addr_len = name->d.iPAddress->length;
-      if (ip_addr_len != static_cast<int>(kIPv4AddressSize) &&
-          ip_addr_len != static_cast<int>(kIPv6AddressSize)) {
-        // http://www.ietf.org/rfc/rfc3280.txt requires subjectAltName iPAddress
-        // to have 4 or 16 bytes, whereas in a name constraint it includes a
-        // net mask hence 8 or 32 bytes. Logging to help diagnose any mixup.
-        LOG(WARNING) << "Bad sized IP Address in cert: " << ip_addr_len;
-        continue;
-      }
-      ip_addresses->push_back(
-          std::string(reinterpret_cast<const char*>(ip_addr), ip_addr_len));
-    }
-  }
-}
-
-// Used to free a list of X509_NAMEs and the objects it points to.
-void sk_X509_NAME_free_all(STACK_OF(X509_NAME) * sk) {
-  sk_X509_NAME_pop_free(sk, X509_NAME_free);
-}
-
-}  // namespace
-
-// static
-X509Certificate::OSCertHandle X509Certificate::DupOSCertHandle(
-    OSCertHandle handle) {
-  if (!handle)
-    return nullptr;
-  return reinterpret_cast<OSCertHandle>(const_cast<void*>(CFRetain(handle)));
-}
-
-// static
-void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) {
-  if (cert_handle)
-    CFRelease(cert_handle);
-}
-
-void X509Certificate::Initialize() {
-  crypto::EnsureOpenSSLInit();
-  fingerprint_ = CalculateFingerprint(cert_handle_);
-  ca_fingerprint_ = CalculateCAFingerprint(intermediate_ca_certs_);
-  ScopedX509 x509_cert = OSCertHandleToOpenSSL(cert_handle_);
-  if (!x509_cert)
-    return;
-  ASN1_INTEGER* serial_num = X509_get_serialNumber(x509_cert.get());
-  if (serial_num) {
-    // ASN1_INTEGERS represent the decoded number, in a format internal to
-    // OpenSSL. Most notably, this may have leading zeroes stripped off for
-    // numbers whose first byte is >= 0x80. Thus, it is necessary to
-    // re-encoded the integer back into DER, which is what the interface
-    // of X509Certificate exposes, to ensure callers get the proper (DER)
-    // value.
-    int bytes_required = i2c_ASN1_INTEGER(serial_num, nullptr);
-    unsigned char* buffer = reinterpret_cast<unsigned char*>(
-        base::WriteInto(&serial_number_, bytes_required + 1));
-    int bytes_written = i2c_ASN1_INTEGER(serial_num, &buffer);
-    DCHECK_EQ(static_cast<size_t>(bytes_written), serial_number_.size());
-  }
-
-  ParsePrincipal(cert_handle_, X509_get_subject_name(x509_cert.get()),
-                 &subject_);
-  ParsePrincipal(cert_handle_, X509_get_issuer_name(x509_cert.get()), &issuer_);
-  x509_util::ParseDate(X509_get_notBefore(x509_cert.get()), &valid_start_);
-  x509_util::ParseDate(X509_get_notAfter(x509_cert.get()), &valid_expiry_);
-}
-
-// static
-SHA1HashValue X509Certificate::CalculateFingerprint(OSCertHandle cert) {
-  SHA1HashValue sha1;
-  memset(sha1.data, 0, sizeof(sha1.data));
-
-  ScopedCFTypeRef<CFDataRef> cert_data(SecCertificateCopyData(cert));
-  if (!cert_data)
-    return sha1;
-  DCHECK(CFDataGetBytePtr(cert_data));
-  DCHECK_NE(0, CFDataGetLength(cert_data));
-  CC_SHA1(CFDataGetBytePtr(cert_data), CFDataGetLength(cert_data), sha1.data);
-
-  return sha1;
-}
-
-// static
-SHA256HashValue X509Certificate::CalculateFingerprint256(OSCertHandle cert) {
-  SHA256HashValue sha256;
-  memset(sha256.data, 0, sizeof(sha256.data));
-
-  ScopedCFTypeRef<CFDataRef> cert_data(SecCertificateCopyData(cert));
-  if (!cert_data)
-    return sha256;
-  DCHECK(CFDataGetBytePtr(cert_data));
-  DCHECK_NE(0, CFDataGetLength(cert_data));
-  CC_SHA256(CFDataGetBytePtr(cert_data), CFDataGetLength(cert_data),
-            sha256.data);
-
-  return sha256;
-}
-
-// static
-SHA1HashValue X509Certificate::CalculateCAFingerprint(
-    const OSCertHandles& intermediates) {
-  SHA1HashValue sha1;
-  memset(sha1.data, 0, sizeof(sha1.data));
-
-  CC_SHA1_CTX sha1_ctx;
-  CC_SHA1_Init(&sha1_ctx);
-  for (size_t i = 0; i < intermediates.size(); ++i) {
-    ScopedCFTypeRef<CFDataRef> cert_data(
-        SecCertificateCopyData(intermediates[i]));
-    if (!cert_data)
-      return sha1;
-    CC_SHA1_Update(&sha1_ctx, CFDataGetBytePtr(cert_data),
-                   CFDataGetLength(cert_data));
-  }
-  CC_SHA1_Final(sha1.data, &sha1_ctx);
-  return sha1;
-}
-
-// static
-X509Certificate::OSCertHandle X509Certificate::CreateOSCertHandleFromBytes(
-    const char* data,
-    size_t length) {
-  ScopedCFTypeRef<CFDataRef> cert_data(CFDataCreateWithBytesNoCopy(
-      kCFAllocatorDefault, reinterpret_cast<const UInt8*>(data),
-      base::checked_cast<CFIndex>(length), kCFAllocatorNull));
-  if (!cert_data)
-    return nullptr;
-  OSCertHandle cert_handle = SecCertificateCreateWithData(nullptr, cert_data);
-  if (!cert_handle)
-    return nullptr;
-  if (!IsValidOSCertHandle(cert_handle)) {
-    CFRelease(cert_handle);
-    return nullptr;
-  }
-  return cert_handle;
-}
-
-// static
-X509Certificate::OSCertHandles X509Certificate::CreateOSCertHandlesFromBytes(
-    const char* data,
-    size_t length,
-    Format format) {
-  OSCertHandles results;
-
-  switch (format) {
-    case FORMAT_SINGLE_CERTIFICATE: {
-      OSCertHandle handle =
-          X509Certificate::CreateOSCertHandleFromBytes(data, length);
-      if (handle)
-        results.push_back(handle);
-      break;
-    }
-    case FORMAT_PKCS7: {
-      CreateOSCertHandlesFromPKCS7Bytes(data, length, &results);
-      break;
-    }
-    default: {
-      NOTREACHED() << "Certificate format " << format << " unimplemented";
-      break;
-    }
-  }
-
-  return results;
-}
-
-void X509Certificate::GetSubjectAltName(
-    std::vector<std::string>* dns_names,
-    std::vector<std::string>* ip_addrs) const {
-  if (dns_names)
-    dns_names->clear();
-  if (ip_addrs)
-    ip_addrs->clear();
-
-  ParseSubjectAltName(cert_handle_, dns_names, ip_addrs);
-}
-
-// static
-bool X509Certificate::GetDEREncoded(X509Certificate::OSCertHandle cert_handle,
-                                    std::string* encoded) {
-  base::StringPiece der;
-  if (!cert_handle)
-    return false;
-  ScopedCFTypeRef<CFDataRef> der_data(SecCertificateCopyData(cert_handle));
-  if (!der_data)
-    return false;
-  encoded->assign(reinterpret_cast<const char*>(CFDataGetBytePtr(der_data)),
-                  CFDataGetLength(der_data));
-  return true;
-}
-
-// static
-bool X509Certificate::IsSameOSCert(X509Certificate::OSCertHandle a,
-                                   X509Certificate::OSCertHandle b) {
-  DCHECK(a && b);
-  return CFEqual(a, b);
-}
-
-// static
-X509Certificate::OSCertHandle X509Certificate::ReadOSCertHandleFromPickle(
-    base::PickleIterator* pickle_iter) {
-  const char* data;
-  int length;
-  if (!pickle_iter->ReadData(&data, &length))
-    return nullptr;
-
-  return X509Certificate::CreateOSCertHandleFromBytes(data, length);
-}
-
-// static
-bool X509Certificate::WriteOSCertHandleToPickle(OSCertHandle cert_handle,
-                                                base::Pickle* pickle) {
-  ScopedCFTypeRef<CFDataRef> cert_data(SecCertificateCopyData(cert_handle));
-  if (!cert_data)
-    return false;
-
-  return pickle->WriteData(
-      reinterpret_cast<const char*>(CFDataGetBytePtr(cert_data)),
-      CFDataGetLength(cert_data));
-}
-
-// static
-void X509Certificate::GetPublicKeyInfo(OSCertHandle os_cert,
-                                       size_t* size_bits,
-                                       PublicKeyType* type) {
-  *type = kPublicKeyTypeUnknown;
-  *size_bits = 0;
-  ScopedX509 cert = OSCertHandleToOpenSSL(os_cert);
-  if (!cert)
-    return;
-  crypto::ScopedEVP_PKEY scoped_key(X509_get_pubkey(cert.get()));
-  if (!scoped_key)
-    return;
-
-  EVP_PKEY* key = scoped_key.get();
-
-  switch (key->type) {
-    case EVP_PKEY_RSA:
-      *type = kPublicKeyTypeRSA;
-      break;
-    case EVP_PKEY_DSA:
-      *type = kPublicKeyTypeDSA;
-      break;
-    case EVP_PKEY_EC:
-      *type = kPublicKeyTypeECDSA;
-      break;
-    case EVP_PKEY_DH:
-      *type = kPublicKeyTypeDH;
-      break;
-  }
-  *size_bits = EVP_PKEY_bits(key);
-}
-
-bool X509Certificate::SupportsSSLClientAuth() const {
-  return false;
-}
-
-CFMutableArrayRef X509Certificate::CreateOSCertChainForCert() const {
-  CFMutableArrayRef cert_list =
-      CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
-  if (!cert_list)
-    return nullptr;
-
-  CFArrayAppendValue(cert_list, os_cert_handle());
-  for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i)
-    CFArrayAppendValue(cert_list, intermediate_ca_certs_[i]);
-
-  return cert_list;
-}
-
-bool X509Certificate::IsIssuedByEncoded(
-    const std::vector<std::string>& valid_issuers) {
-  if (valid_issuers.empty())
-    return false;
-
-  // Convert to a temporary list of X509_NAME objects.
-  // It will own the objects it points to.
-  crypto::ScopedOpenSSL<STACK_OF(X509_NAME), sk_X509_NAME_free_all>
-      issuer_names(sk_X509_NAME_new_null());
-  if (!issuer_names)
-    return false;
-
-  for (std::vector<std::string>::const_iterator it = valid_issuers.begin();
-       it != valid_issuers.end(); ++it) {
-    const unsigned char* p = reinterpret_cast<const unsigned char*>(it->data());
-    long len = static_cast<long>(it->length());
-    X509_NAME* ca_name = d2i_X509_NAME(nullptr, &p, len);
-    if (ca_name == nullptr)
-      return false;
-    sk_X509_NAME_push(issuer_names.get(), ca_name);
-  }
-
-  ScopedX509 x509_cert = OSCertHandleToOpenSSL(cert_handle_);
-  if (!x509_cert)
-    return false;
-  X509_NAME* cert_issuer = X509_get_issuer_name(x509_cert.get());
-  if (cert_issuer == nullptr)
-    return false;
-
-  for (size_t m = 0; m < sk_X509_NAME_num(issuer_names.get()); ++m) {
-    X509_NAME* issuer = sk_X509_NAME_value(issuer_names.get(), m);
-    if (X509_NAME_cmp(issuer, cert_issuer) == 0) {
-      return true;
-    }
-  }
-
-  for (OSCertHandles::iterator it = intermediate_ca_certs_.begin();
-       it != intermediate_ca_certs_.end(); ++it) {
-    ScopedX509 intermediate_cert = OSCertHandleToOpenSSL(*it);
-    if (!intermediate_cert)
-      return false;
-    cert_issuer = X509_get_issuer_name(intermediate_cert.get());
-    if (cert_issuer == nullptr)
-      return false;
-
-    for (size_t m = 0; m < sk_X509_NAME_num(issuer_names.get()); ++m) {
-      X509_NAME* issuer = sk_X509_NAME_value(issuer_names.get(), m);
-      if (X509_NAME_cmp(issuer, cert_issuer) == 0) {
-        return true;
-      }
-    }
-  }
-
-  return false;
-}
-
-// static
-bool X509Certificate::IsSelfSigned(OSCertHandle os_cert) {
-  ScopedX509 cert = OSCertHandleToOpenSSL(os_cert);
-  if (!cert)
-    return false;
-  crypto::ScopedEVP_PKEY scoped_key(X509_get_pubkey(cert.get()));
-  if (!scoped_key)
-    return false;
-
-  // NOTE: X509_verify() returns 1 in case of success, 0 or -1 on error.
-  return X509_verify(cert.get(), scoped_key.get()) == 1;
-}
-
-}  // namespace net
diff --git a/chromium/net/cert/x509_certificate_unittest.cc b/chromium/net/cert/x509_certificate_unittest.cc
index 0c543078ea4..6e35cdaf37f 100644
--- a/chromium/net/cert/x509_certificate_unittest.cc
+++ b/chromium/net/cert/x509_certificate_unittest.cc
@@ -6,8 +6,9 @@
 
 #include <stdint.h>
 
+#include <memory>
+
 #include "base/files/file_path.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/pickle.h"
 #include "base/sha1.h"
 #include "base/strings/string_number_conversions.h"
@@ -26,10 +27,6 @@
 #include <cert.h>
 #endif
 
-#if defined(OS_WIN)
-#include "base/win/windows_version.h"
-#endif
-
 using base::HexEncode;
 using base::Time;
 
@@ -1210,14 +1207,6 @@ class X509CertificatePublicKeyInfoTest
 TEST_P(X509CertificatePublicKeyInfoTest, GetPublicKeyInfo) {
   PublicKeyInfoTestData data = GetParam();
 
-#if defined(OS_WIN)
-  if (base::win::GetVersion() < base::win::VERSION_VISTA &&
-      data.expected_type == X509Certificate::kPublicKeyTypeECDSA) {
-    // ECC is only supported on Vista+. Skip the test.
-    return;
-  }
-#endif
-
   scoped_refptr<X509Certificate> cert(
       ImportCertFromFile(GetTestCertsDirectory(), data.cert_file));
   ASSERT_TRUE(cert.get());
diff --git a/chromium/net/cert/x509_certificate_win.cc b/chromium/net/cert/x509_certificate_win.cc
index 4c4addaf7a4..7d8e531b1bd 100644
--- a/chromium/net/cert/x509_certificate_win.cc
+++ b/chromium/net/cert/x509_certificate_win.cc
@@ -4,9 +4,12 @@
 
 #include "net/cert/x509_certificate.h"
 
+#include <memory>
+
+#include <openssl/sha.h>
+
 #include "base/logging.h"
 #include "base/memory/free_deleter.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/numerics/safe_conversions.h"
 #include "base/pickle.h"
 #include "base/sha1.h"
@@ -17,13 +20,6 @@
 #include "crypto/sha2.h"
 #include "net/base/net_errors.h"
 
-// Implement CalculateChainFingerprint() with our native crypto library.
-#if defined(USE_OPENSSL)
-#include <openssl/sha.h>
-#else
-#include <blapi.h>
-#endif
-
 using base::Time;
 
 namespace net {
@@ -41,7 +37,7 @@ typedef crypto::ScopedCAPIHandle<
 // structure and stores it in *output.
 void GetCertSubjectAltName(
     PCCERT_CONTEXT cert,
-    scoped_ptr<CERT_ALT_NAME_INFO, base::FreeDeleter>* output) {
+    std::unique_ptr<CERT_ALT_NAME_INFO, base::FreeDeleter>* output) {
   PCERT_EXTENSION extension = CertFindExtension(szOID_SUBJECT_ALT_NAME2,
                                                 cert->pCertInfo->cExtension,
                                                 cert->pCertInfo->rgExtension);
@@ -152,7 +148,7 @@ void X509Certificate::Initialize() {
   ca_fingerprint_ = CalculateCAFingerprint(intermediate_ca_certs_);
 
   const CRYPT_INTEGER_BLOB* serial = &cert_handle_->pCertInfo->SerialNumber;
-  scoped_ptr<uint8_t[]> serial_bytes(new uint8_t[serial->cbData]);
+  std::unique_ptr<uint8_t[]> serial_bytes(new uint8_t[serial->cbData]);
   for (unsigned i = 0; i < serial->cbData; i++)
     serial_bytes[i] = serial->pbData[serial->cbData - i - 1];
   serial_number_ = std::string(
@@ -170,7 +166,7 @@ void X509Certificate::GetSubjectAltName(
   if (!cert_handle_)
     return;
 
-  scoped_ptr<CERT_ALT_NAME_INFO, base::FreeDeleter> alt_name_info;
+  std::unique_ptr<CERT_ALT_NAME_INFO, base::FreeDeleter> alt_name_info;
   GetCertSubjectAltName(cert_handle_, &alt_name_info);
   CERT_ALT_NAME_INFO* alt_name = alt_name_info.get();
   if (alt_name) {
@@ -339,7 +335,6 @@ SHA1HashValue X509Certificate::CalculateCAFingerprint(
   SHA1HashValue sha1;
   memset(sha1.data, 0, sizeof(sha1.data));
 
-#if defined(USE_OPENSSL)
   SHA_CTX ctx;
   if (!SHA1_Init(&ctx))
     return sha1;
@@ -349,19 +344,6 @@ SHA1HashValue X509Certificate::CalculateCAFingerprint(
       return sha1;
   }
   SHA1_Final(sha1.data, &ctx);
-#else  // !USE_OPENSSL
-  SHA1Context* sha1_ctx = SHA1_NewContext();
-  if (!sha1_ctx)
-    return sha1;
-  SHA1_Begin(sha1_ctx);
-  for (size_t i = 0; i < intermediates.size(); ++i) {
-    PCCERT_CONTEXT ca_cert = intermediates[i];
-    SHA1_Update(sha1_ctx, ca_cert->pbCertEncoded, ca_cert->cbCertEncoded);
-  }
-  unsigned int result_len;
-  SHA1_End(sha1_ctx, sha1.data, &result_len, SHA1_LENGTH);
-  SHA1_DestroyContext(sha1_ctx, PR_TRUE);
-#endif  // USE_OPENSSL
 
   return sha1;
 }
diff --git a/chromium/net/cert/x509_util.cc b/chromium/net/cert/x509_util.cc
index b0e343acd91..51e7b6ac176 100644
--- a/chromium/net/cert/x509_util.cc
+++ b/chromium/net/cert/x509_util.cc
@@ -4,7 +4,8 @@
 
 #include "net/cert/x509_util.h"
 
-#include "base/memory/scoped_ptr.h"
+#include <memory>
+
 #include "base/time/time.h"
 #include "crypto/ec_private_key.h"
 #include "crypto/rsa_private_key.h"
@@ -61,9 +62,9 @@ bool CreateKeyAndSelfSignedCert(const std::string& subject,
                                 uint32_t serial_number,
                                 base::Time not_valid_before,
                                 base::Time not_valid_after,
-                                scoped_ptr<crypto::RSAPrivateKey>* key,
+                                std::unique_ptr<crypto::RSAPrivateKey>* key,
                                 std::string* der_cert) {
-  scoped_ptr<crypto::RSAPrivateKey> new_key(
+  std::unique_ptr<crypto::RSAPrivateKey> new_key(
       crypto::RSAPrivateKey::Create(kRSAKeyLength));
   if (!new_key.get())
     return false;
diff --git a/chromium/net/cert/x509_util.h b/chromium/net/cert/x509_util.h
index bd254563717..3ae9a146d86 100644
--- a/chromium/net/cert/x509_util.h
+++ b/chromium/net/cert/x509_util.h
@@ -7,10 +7,10 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/time/time.h"
 #include "net/base/net_export.h"
 
@@ -59,7 +59,7 @@ NET_EXPORT bool CreateKeyAndSelfSignedCert(
     uint32_t serial_number,
     base::Time not_valid_before,
     base::Time not_valid_after,
-    scoped_ptr<crypto::RSAPrivateKey>* key,
+    std::unique_ptr<crypto::RSAPrivateKey>* key,
     std::string* der_cert);
 
 // Creates a self-signed certificate from a provided key, using the specified
diff --git a/chromium/net/cert/x509_util_ios.cc b/chromium/net/cert/x509_util_ios.cc
deleted file mode 100644
index 0c644a8a25a..00000000000
--- a/chromium/net/cert/x509_util_ios.cc
+++ /dev/null
@@ -1,142 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "net/cert/x509_util_ios.h"
-
-#include <cert.h>
-#include <CommonCrypto/CommonDigest.h>
-#include <nss.h>
-#include <prtypes.h>
-
-#include "base/mac/scoped_cftyperef.h"
-#include "base/memory/ref_counted.h"
-#include "crypto/nss_util.h"
-#include "net/cert/x509_certificate.h"
-#include "net/cert/x509_util_nss.h"
-
-using base::ScopedCFTypeRef;
-
-namespace net {
-namespace x509_util_ios {
-
-namespace {
-
-// Creates an NSS certificate handle from |data|, which is |length| bytes in
-// size.
-CERTCertificate* CreateNSSCertHandleFromBytes(const char* data,
-                                              int length) {
-  if (length < 0)
-    return NULL;
-
-  crypto::EnsureNSSInit();
-
-  if (!NSS_IsInitialized())
-    return NULL;
-
-  SECItem der_cert;
-  der_cert.data = reinterpret_cast<unsigned char*>(const_cast<char*>(data));
-  der_cert.len  = length;
-  der_cert.type = siDERCertBuffer;
-
-  // Parse into a certificate structure.
-  return CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &der_cert, NULL,
-                                 PR_FALSE, PR_TRUE);
-}
-
-}  // namespace
-
-CERTCertificate* CreateNSSCertHandleFromOSHandle(
-    SecCertificateRef cert_handle) {
-  ScopedCFTypeRef<CFDataRef> cert_data(SecCertificateCopyData(cert_handle));
-  return CreateNSSCertHandleFromBytes(
-      reinterpret_cast<const char*>(CFDataGetBytePtr(cert_data)),
-      CFDataGetLength(cert_data));
-}
-
-SecCertificateRef CreateOSCertHandleFromNSSHandle(
-    CERTCertificate* nss_cert_handle) {
-  return X509Certificate::CreateOSCertHandleFromBytes(
-      reinterpret_cast<const char*>(nss_cert_handle->derCert.data),
-      nss_cert_handle->derCert.len);
-}
-
-scoped_refptr<X509Certificate> CreateCertFromNSSHandles(
-    CERTCertificate* cert_handle,
-    const std::vector<CERTCertificate*>& intermediates) {
-  ScopedCFTypeRef<SecCertificateRef> os_server_cert(
-      CreateOSCertHandleFromNSSHandle(cert_handle));
-  if (!os_server_cert)
-    return nullptr;
-  std::vector<SecCertificateRef> os_intermediates;
-  for (size_t i = 0; i < intermediates.size(); ++i) {
-    SecCertificateRef intermediate =
-        CreateOSCertHandleFromNSSHandle(intermediates[i]);
-    if (!intermediate)
-      break;
-    os_intermediates.push_back(intermediate);
-  }
-
-  scoped_refptr<X509Certificate> cert = nullptr;
-  if (intermediates.size() == os_intermediates.size()) {
-    cert = X509Certificate::CreateFromHandle(os_server_cert,
-                                             os_intermediates);
-  }
-
-  for (size_t i = 0; i < os_intermediates.size(); ++i)
-    CFRelease(os_intermediates[i]);
-  return cert;
-}
-
-SHA1HashValue CalculateFingerprintNSS(CERTCertificate* cert) {
-  DCHECK(cert->derCert.data);
-  DCHECK_NE(0U, cert->derCert.len);
-  SHA1HashValue sha1;
-  memset(sha1.data, 0, sizeof(sha1.data));
-  CC_SHA1(cert->derCert.data, cert->derCert.len, sha1.data);
-  return sha1;
-}
-
-// NSSCertificate implementation.
-
-NSSCertificate::NSSCertificate(SecCertificateRef cert_handle) {
-  nss_cert_handle_ = CreateNSSCertHandleFromOSHandle(cert_handle);
-  DLOG_IF(ERROR, cert_handle && !nss_cert_handle_)
-      << "Could not convert SecCertificateRef to CERTCertificate*";
-}
-
-NSSCertificate::~NSSCertificate() {
-  CERT_DestroyCertificate(nss_cert_handle_);
-}
-
-CERTCertificate* NSSCertificate::cert_handle() const {
-  return nss_cert_handle_;
-}
-
-// NSSCertChain implementation
-
-NSSCertChain::NSSCertChain(X509Certificate* certificate) {
-  DCHECK(certificate);
-  certs_.push_back(CreateNSSCertHandleFromOSHandle(
-      certificate->os_cert_handle()));
-  const X509Certificate::OSCertHandles& cert_intermediates =
-      certificate->GetIntermediateCertificates();
-  for (size_t i = 0; i < cert_intermediates.size(); ++i)
-    certs_.push_back(CreateNSSCertHandleFromOSHandle(cert_intermediates[i]));
-}
-
-NSSCertChain::~NSSCertChain() {
-  for (size_t i = 0; i < certs_.size(); ++i)
-    CERT_DestroyCertificate(certs_[i]);
-}
-
-CERTCertificate* NSSCertChain::cert_handle() const {
-  return certs_.empty() ? NULL : certs_.front();
-}
-
-const std::vector<CERTCertificate*>& NSSCertChain::cert_chain() const {
-  return certs_;
-}
-
-}  // namespace x509_util_ios
-}  // namespace net
diff --git a/chromium/net/cert/x509_util_ios.h b/chromium/net/cert/x509_util_ios.h
deleted file mode 100644
index eb937552900..00000000000
--- a/chromium/net/cert/x509_util_ios.h
+++ /dev/null
@@ -1,73 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-// This file contains functions for iOS to glue NSS and Security.framework
-// together.
-
-#ifndef NET_CERT_X509_UTIL_IOS_H_
-#define NET_CERT_X509_UTIL_IOS_H_
-
-#include <Security/Security.h>
-#include <vector>
-
-#include "base/memory/ref_counted.h"
-#include "net/cert/x509_cert_types.h"
-
-// Forward declaration; real one in <cert.h>
-typedef struct CERTCertificateStr CERTCertificate;
-
-namespace net {
-
-class X509Certificate;
-
-namespace x509_util_ios {
-
-// Converts a Security.framework certificate handle (SecCertificateRef) into
-// an NSS certificate handle (CERTCertificate*).
-CERTCertificate* CreateNSSCertHandleFromOSHandle(SecCertificateRef cert_handle);
-
-// Converts an NSS certificate handle (CERTCertificate*) into a
-// Security.framework handle (SecCertificateRef)
-SecCertificateRef CreateOSCertHandleFromNSSHandle(
-    CERTCertificate* nss_cert_handle);
-
-// Create a new X509Certificate from the specified NSS server cert and
-// intermediates. This is functionally equivalent to
-// X509Certificate::CreateFromHandle(), except it supports receiving
-// NSS CERTCertificate*s rather than iOS SecCertificateRefs.
-scoped_refptr<X509Certificate> CreateCertFromNSSHandles(
-    CERTCertificate* cert_handle,
-    const std::vector<CERTCertificate*>& intermediates);
-
-SHA1HashValue CalculateFingerprintNSS(CERTCertificate* cert);
-
-// This is a wrapper class around the native NSS certificate handle.
-// The constructor copies the certificate data from |cert_handle| and
-// uses the NSS library to parse it.
-class NSSCertificate {
- public:
-  explicit NSSCertificate(SecCertificateRef cert_handle);
-  ~NSSCertificate();
-  CERTCertificate* cert_handle() const;
- private:
-  CERTCertificate* nss_cert_handle_;
-};
-
-// A wrapper class that loads a certificate and all of its intermediates into
-// NSS. This is necessary for libpkix path building to be able to locate
-// needed intermediates.
-class NSSCertChain {
- public:
-  explicit NSSCertChain(X509Certificate* certificate);
-  ~NSSCertChain();
-  CERTCertificate* cert_handle() const;
-  const std::vector<CERTCertificate*>& cert_chain() const;
- private:
-  std::vector<CERTCertificate*> certs_;
-};
-
-}  // namespace x509_util_ios
-}  // namespace net
-
-#endif  // NET_CERT_X509_UTIL_IOS_H_
diff --git a/chromium/net/cert/x509_util_nss.cc b/chromium/net/cert/x509_util_nss.cc
index db6a97ae2ae..04c34c565f8 100644
--- a/chromium/net/cert/x509_util_nss.cc
+++ b/chromium/net/cert/x509_util_nss.cc
@@ -1,10 +1,7 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "net/cert/x509_util.h"
-#include "net/cert/x509_util_nss.h"
-
 #include <cert.h>  // Must be included before certdb.h
 #include <certdb.h>
 #include <cryptohi.h>
@@ -15,10 +12,12 @@
 #include <secmod.h>
 #include <secport.h>
 
+#include <memory>
+
 #include "base/debug/leak_annotations.h"
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/singleton.h"
+#include "base/numerics/safe_conversions.h"
 #include "base/pickle.h"
 #include "base/strings/stringprintf.h"
 #include "crypto/ec_private_key.h"
@@ -26,166 +25,391 @@
 #include "crypto/nss_util_internal.h"
 #include "crypto/rsa_private_key.h"
 #include "crypto/scoped_nss_types.h"
-#include "crypto/third_party/nss/chromium-nss.h"
 #include "net/cert/x509_certificate.h"
+#include "net/cert/x509_util.h"
+#include "net/cert/x509_util_nss.h"
 
 namespace net {
 
 namespace {
 
-// Creates a Certificate object that may be passed to the SignCertificate
-// method to generate an X509 certificate.
-// Returns NULL if an error is encountered in the certificate creation
-// process.
-// Caller responsible for freeing returned certificate object.
-CERTCertificate* CreateCertificate(SECKEYPublicKey* public_key,
-                                   const std::string& subject,
-                                   uint32_t serial_number,
-                                   base::Time not_valid_before,
-                                   base::Time not_valid_after) {
-  // Create info about public key.
-  CERTSubjectPublicKeyInfo* spki =
-      SECKEY_CreateSubjectPublicKeyInfo(public_key);
-  if (!spki)
+// Microsoft User Principal Name: 1.3.6.1.4.1.311.20.2.3
+const uint8_t kUpnOid[] = {0x2b, 0x6,  0x1,  0x4, 0x1,
+                           0x82, 0x37, 0x14, 0x2, 0x3};
+
+// Callback for CERT_DecodeCertPackage(), used in
+// CreateOSCertHandlesFromBytes().
+SECStatus PR_CALLBACK CollectCertsCallback(void* arg,
+                                           SECItem** certs,
+                                           int num_certs) {
+  X509Certificate::OSCertHandles* results =
+      reinterpret_cast<X509Certificate::OSCertHandles*>(arg);
+
+  for (int i = 0; i < num_certs; ++i) {
+    X509Certificate::OSCertHandle handle =
+        X509Certificate::CreateOSCertHandleFromBytes(
+            reinterpret_cast<char*>(certs[i]->data), certs[i]->len);
+    if (handle)
+      results->push_back(handle);
+  }
+
+  return SECSuccess;
+}
+
+typedef std::unique_ptr<CERTName,
+                        crypto::NSSDestroyer<CERTName, CERT_DestroyName>>
+    ScopedCERTName;
+
+// Create a new CERTName object from its encoded representation.
+// |arena| is the allocation pool to use.
+// |data| points to a DER-encoded X.509 DistinguishedName.
+// Return a new CERTName pointer on success, or NULL.
+CERTName* CreateCertNameFromEncoded(PLArenaPool* arena,
+                                    const base::StringPiece& data) {
+  if (!arena)
     return NULL;
 
-  // Create the certificate request.
-  CERTName* subject_name =
-      CERT_AsciiToName(const_cast<char*>(subject.c_str()));
-  CERTCertificateRequest* cert_request =
-      CERT_CreateCertificateRequest(subject_name, spki, NULL);
-  SECKEY_DestroySubjectPublicKeyInfo(spki);
-
-  if (!cert_request) {
-    PRErrorCode prerr = PR_GetError();
-    LOG(ERROR) << "Failed to create certificate request: " << prerr;
-    CERT_DestroyName(subject_name);
+  ScopedCERTName name(PORT_ArenaZNew(arena, CERTName));
+  if (!name.get())
     return NULL;
-  }
 
-  CERTValidity* validity = CERT_CreateValidity(
-      crypto::BaseTimeToPRTime(not_valid_before),
-      crypto::BaseTimeToPRTime(not_valid_after));
-  if (!validity) {
-    PRErrorCode prerr = PR_GetError();
-    LOG(ERROR) << "Failed to create certificate validity object: " << prerr;
-    CERT_DestroyName(subject_name);
-    CERT_DestroyCertificateRequest(cert_request);
+  SECItem item;
+  item.len = static_cast<unsigned int>(data.length());
+  item.data = reinterpret_cast<unsigned char*>(const_cast<char*>(data.data()));
+
+  SECStatus rv = SEC_ASN1DecodeItem(arena, name.get(),
+                                    SEC_ASN1_GET(CERT_NameTemplate), &item);
+  if (rv != SECSuccess)
     return NULL;
+
+  return name.release();
+}
+
+}  // namespace
+
+namespace x509_util {
+
+void ParsePrincipal(CERTName* name, CertPrincipal* principal) {
+// Starting in NSS 3.15, CERTGetNameFunc takes a const CERTName* argument.
+#if NSS_VMINOR >= 15
+  typedef char* (*CERTGetNameFunc)(const CERTName* name);
+#else
+  typedef char* (*CERTGetNameFunc)(CERTName * name);
+#endif
+
+  // TODO(jcampan): add business_category and serial_number.
+  // TODO(wtc): NSS has the CERT_GetOrgName, CERT_GetOrgUnitName, and
+  // CERT_GetDomainComponentName functions, but they return only the most
+  // general (the first) RDN.  NSS doesn't have a function for the street
+  // address.
+  static const SECOidTag kOIDs[] = {
+      SEC_OID_AVA_STREET_ADDRESS, SEC_OID_AVA_ORGANIZATION_NAME,
+      SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME, SEC_OID_AVA_DC};
+
+  std::vector<std::string>* values[] = {
+      &principal->street_addresses, &principal->organization_names,
+      &principal->organization_unit_names, &principal->domain_components};
+  DCHECK_EQ(arraysize(kOIDs), arraysize(values));
+
+  CERTRDN** rdns = name->rdns;
+  for (size_t rdn = 0; rdns[rdn]; ++rdn) {
+    CERTAVA** avas = rdns[rdn]->avas;
+    for (size_t pair = 0; avas[pair] != 0; ++pair) {
+      SECOidTag tag = CERT_GetAVATag(avas[pair]);
+      for (size_t oid = 0; oid < arraysize(kOIDs); ++oid) {
+        if (kOIDs[oid] == tag) {
+          SECItem* decode_item = CERT_DecodeAVAValue(&avas[pair]->value);
+          if (!decode_item)
+            break;
+          // TODO(wtc): Pass decode_item to CERT_RFC1485_EscapeAndQuote.
+          std::string value(reinterpret_cast<char*>(decode_item->data),
+                            decode_item->len);
+          values[oid]->push_back(value);
+          SECITEM_FreeItem(decode_item, PR_TRUE);
+          break;
+        }
+      }
+    }
   }
-  CERTCertificate* cert = CERT_CreateCertificate(serial_number, subject_name,
-                                                 validity, cert_request);
-  if (!cert) {
-    PRErrorCode prerr = PR_GetError();
-    LOG(ERROR) << "Failed to create certificate: " << prerr;
+
+  // Get CN, L, S, and C.
+  CERTGetNameFunc get_name_funcs[4] = {CERT_GetCommonName, CERT_GetLocalityName,
+                                       CERT_GetStateName, CERT_GetCountryName};
+  std::string* single_values[4] = {
+      &principal->common_name, &principal->locality_name,
+      &principal->state_or_province_name, &principal->country_name};
+  for (size_t i = 0; i < arraysize(get_name_funcs); ++i) {
+    char* value = get_name_funcs[i](name);
+    if (value) {
+      single_values[i]->assign(value);
+      PORT_Free(value);
+    }
   }
+}
+
+void ParseDate(const SECItem* der_date, base::Time* result) {
+  PRTime prtime;
+  SECStatus rv = DER_DecodeTimeChoice(&prtime, der_date);
+  DCHECK_EQ(SECSuccess, rv);
+  *result = crypto::PRTimeToBaseTime(prtime);
+}
+
+std::string ParseSerialNumber(const CERTCertificate* certificate) {
+  return std::string(reinterpret_cast<char*>(certificate->serialNumber.data),
+                     certificate->serialNumber.len);
+}
+
+void GetSubjectAltName(CERTCertificate* cert_handle,
+                       std::vector<std::string>* dns_names,
+                       std::vector<std::string>* ip_addrs) {
+  if (dns_names)
+    dns_names->clear();
+  if (ip_addrs)
+    ip_addrs->clear();
+
+  SECItem alt_name;
+  SECStatus rv = CERT_FindCertExtension(
+      cert_handle, SEC_OID_X509_SUBJECT_ALT_NAME, &alt_name);
+  if (rv != SECSuccess)
+    return;
 
-  // Cleanup for resources used to generate the cert.
-  CERT_DestroyName(subject_name);
-  CERT_DestroyValidity(validity);
-  CERT_DestroyCertificateRequest(cert_request);
+  PLArenaPool* arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+  DCHECK(arena != NULL);
 
-  return cert;
+  CERTGeneralName* alt_name_list;
+  alt_name_list = CERT_DecodeAltNameExtension(arena, &alt_name);
+  SECITEM_FreeItem(&alt_name, PR_FALSE);
+
+  CERTGeneralName* name = alt_name_list;
+  while (name) {
+    // DNSName and IPAddress are encoded as IA5String and OCTET STRINGs
+    // respectively, both of which can be byte copied from
+    // SECItemType::data into the appropriate output vector.
+    if (dns_names && name->type == certDNSName) {
+      dns_names->push_back(
+          std::string(reinterpret_cast<char*>(name->name.other.data),
+                      name->name.other.len));
+    } else if (ip_addrs && name->type == certIPAddress) {
+      ip_addrs->push_back(
+          std::string(reinterpret_cast<char*>(name->name.other.data),
+                      name->name.other.len));
+    }
+    name = CERT_GetNextGeneralName(name);
+    if (name == alt_name_list)
+      break;
+  }
+  PORT_FreeArena(arena, PR_FALSE);
 }
 
-SECOidTag ToSECOid(x509_util::DigestAlgorithm alg) {
-  switch (alg) {
-    case x509_util::DIGEST_SHA1:
-      return SEC_OID_SHA1;
-    case x509_util::DIGEST_SHA256:
-      return SEC_OID_SHA256;
+void GetRFC822SubjectAltNames(CERTCertificate* cert_handle,
+                              std::vector<std::string>* names) {
+  crypto::ScopedSECItem alt_name(SECITEM_AllocItem(NULL, NULL, 0));
+  DCHECK(alt_name.get());
+
+  names->clear();
+  SECStatus rv = CERT_FindCertExtension(
+      cert_handle, SEC_OID_X509_SUBJECT_ALT_NAME, alt_name.get());
+  if (rv != SECSuccess)
+    return;
+
+  crypto::ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+  DCHECK(arena.get());
+
+  CERTGeneralName* alt_name_list;
+  alt_name_list = CERT_DecodeAltNameExtension(arena.get(), alt_name.get());
+
+  CERTGeneralName* name = alt_name_list;
+  while (name) {
+    if (name->type == certRFC822Name) {
+      names->push_back(
+          std::string(reinterpret_cast<char*>(name->name.other.data),
+                      name->name.other.len));
+    }
+    name = CERT_GetNextGeneralName(name);
+    if (name == alt_name_list)
+      break;
   }
-  return SEC_OID_UNKNOWN;
 }
 
-// Signs a certificate object, with |key| generating a new X509Certificate
-// and destroying the passed certificate object (even when NULL is returned).
-// The logic of this method references SignCert() in NSS utility certutil:
-// http://mxr.mozilla.org/security/ident?i=SignCert.
-// Returns true on success or false if an error is encountered in the
-// certificate signing process.
-bool SignCertificate(
-    CERTCertificate* cert,
-    SECKEYPrivateKey* key,
-    SECOidTag hash_algorithm) {
-  // |arena| is used to encode the cert.
-  PLArenaPool* arena = cert->arena;
-  SECOidTag algo_id = SEC_GetSignatureAlgorithmOidTag(key->keyType,
-                                                      hash_algorithm);
-  if (algo_id == SEC_OID_UNKNOWN)
-    return false;
-
-  SECStatus rv = SECOID_SetAlgorithmID(arena, &cert->signature, algo_id, 0);
+void GetUPNSubjectAltNames(CERTCertificate* cert_handle,
+                           std::vector<std::string>* names) {
+  crypto::ScopedSECItem alt_name(SECITEM_AllocItem(NULL, NULL, 0));
+  DCHECK(alt_name.get());
+
+  names->clear();
+  SECStatus rv = CERT_FindCertExtension(
+      cert_handle, SEC_OID_X509_SUBJECT_ALT_NAME, alt_name.get());
   if (rv != SECSuccess)
-    return false;
+    return;
+
+  crypto::ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+  DCHECK(arena.get());
 
-  // Generate a cert of version 3.
-  *(cert->version.data) = 2;
-  cert->version.len = 1;
+  CERTGeneralName* alt_name_list;
+  alt_name_list = CERT_DecodeAltNameExtension(arena.get(), alt_name.get());
 
-  SECItem der = { siBuffer, NULL, 0 };
+  CERTGeneralName* name = alt_name_list;
+  while (name) {
+    if (name->type == certOtherName) {
+      OtherName* on = &name->name.OthName;
+      if (on->oid.len == sizeof(kUpnOid) &&
+          memcmp(on->oid.data, kUpnOid, sizeof(kUpnOid)) == 0) {
+        SECItem decoded;
+        if (SEC_QuickDERDecodeItem(arena.get(), &decoded,
+                                   SEC_ASN1_GET(SEC_UTF8StringTemplate),
+                                   &name->name.OthName.name) == SECSuccess) {
+          names->push_back(
+              std::string(reinterpret_cast<char*>(decoded.data), decoded.len));
+        }
+      }
+    }
+    name = CERT_GetNextGeneralName(name);
+    if (name == alt_name_list)
+      break;
+  }
+}
+
+X509Certificate::OSCertHandles CreateOSCertHandlesFromBytes(
+    const char* data,
+    size_t length,
+    X509Certificate::Format format) {
+  X509Certificate::OSCertHandles results;
 
-  // Use ASN1 DER to encode the cert.
-  void* encode_result = SEC_ASN1EncodeItem(
-      NULL, &der, cert, SEC_ASN1_GET(CERT_CertificateTemplate));
-  if (!encode_result)
-    return false;
+  crypto::EnsureNSSInit();
 
-  // Allocate space to contain the signed cert.
-  SECItem result = { siBuffer, NULL, 0 };
+  if (!NSS_IsInitialized())
+    return results;
 
-  // Sign the ASN1 encoded cert and save it to |result|.
-  rv = DerSignData(arena, &result, &der, key, algo_id);
-  PORT_Free(der.data);
-  if (rv != SECSuccess) {
-    DLOG(ERROR) << "DerSignData: " << PORT_GetError();
-    return false;
+  switch (format) {
+    case X509Certificate::FORMAT_SINGLE_CERTIFICATE: {
+      X509Certificate::OSCertHandle handle =
+          X509Certificate::CreateOSCertHandleFromBytes(data, length);
+      if (handle)
+        results.push_back(handle);
+      break;
+    }
+    case X509Certificate::FORMAT_PKCS7: {
+      // Make a copy since CERT_DecodeCertPackage may modify it
+      std::vector<char> data_copy(data, data + length);
+
+      SECStatus result = CERT_DecodeCertPackage(
+          data_copy.data(), base::checked_cast<int>(data_copy.size()),
+          CollectCertsCallback, &results);
+      if (result != SECSuccess)
+        results.clear();
+      break;
+    }
+    default:
+      NOTREACHED() << "Certificate format " << format << " unimplemented";
+      break;
   }
 
-  // Save the signed result to the cert.
-  cert->derCert = result;
+  return results;
+}
 
-  return true;
+X509Certificate::OSCertHandle ReadOSCertHandleFromPickle(
+    base::PickleIterator* pickle_iter) {
+  const char* data;
+  int length;
+  if (!pickle_iter->ReadData(&data, &length))
+    return NULL;
+
+  return X509Certificate::CreateOSCertHandleFromBytes(data, length);
 }
 
-}  // namespace
+void GetPublicKeyInfo(CERTCertificate* handle,
+                      size_t* size_bits,
+                      X509Certificate::PublicKeyType* type) {
+  // Since we might fail, set the output parameters to default values first.
+  *type = X509Certificate::kPublicKeyTypeUnknown;
+  *size_bits = 0;
 
-namespace x509_util {
+  crypto::ScopedSECKEYPublicKey key(CERT_ExtractPublicKey(handle));
+  if (!key.get())
+    return;
 
-bool CreateSelfSignedCert(crypto::RSAPrivateKey* key,
-                          DigestAlgorithm alg,
-                          const std::string& subject,
-                          uint32_t serial_number,
-                          base::Time not_valid_before,
-                          base::Time not_valid_after,
-                          std::string* der_cert) {
-  DCHECK(key);
-  DCHECK(!strncmp(subject.c_str(), "CN=", 3U));
-  CERTCertificate* cert = CreateCertificate(key->public_key(),
-                                            subject,
-                                            serial_number,
-                                            not_valid_before,
-                                            not_valid_after);
-  if (!cert)
-    return false;
-
-  if (!SignCertificate(cert, key->key(), ToSECOid(alg))) {
-    CERT_DestroyCertificate(cert);
-    return false;
+  *size_bits = SECKEY_PublicKeyStrengthInBits(key.get());
+
+  switch (key->keyType) {
+    case rsaKey:
+      *type = X509Certificate::kPublicKeyTypeRSA;
+      break;
+    case dsaKey:
+      *type = X509Certificate::kPublicKeyTypeDSA;
+      break;
+    case dhKey:
+      *type = X509Certificate::kPublicKeyTypeDH;
+      break;
+    case ecKey:
+      *type = X509Certificate::kPublicKeyTypeECDSA;
+      break;
+    default:
+      *type = X509Certificate::kPublicKeyTypeUnknown;
+      *size_bits = 0;
+      break;
   }
+}
 
-  der_cert->assign(reinterpret_cast<char*>(cert->derCert.data),
-                   cert->derCert.len);
-  CERT_DestroyCertificate(cert);
-  return true;
+bool GetIssuersFromEncodedList(const std::vector<std::string>& encoded_issuers,
+                               PLArenaPool* arena,
+                               std::vector<CERTName*>* out) {
+  std::vector<CERTName*> result;
+  for (size_t n = 0; n < encoded_issuers.size(); ++n) {
+    CERTName* name = CreateCertNameFromEncoded(arena, encoded_issuers[n]);
+    if (name != NULL)
+      result.push_back(name);
+  }
+
+  if (result.size() == encoded_issuers.size()) {
+    out->swap(result);
+    return true;
+  }
+
+  for (size_t n = 0; n < result.size(); ++n)
+    CERT_DestroyName(result[n]);
+  return false;
 }
 
-bool GetTLSServerEndPointChannelBinding(const X509Certificate& certificate,
-                                        std::string* token) {
-  NOTIMPLEMENTED();
+bool IsCertificateIssuedBy(const std::vector<CERTCertificate*>& cert_chain,
+                           const std::vector<CERTName*>& valid_issuers) {
+  for (size_t n = 0; n < cert_chain.size(); ++n) {
+    CERTName* cert_issuer = &cert_chain[n]->issuer;
+    for (size_t i = 0; i < valid_issuers.size(); ++i) {
+      if (CERT_CompareName(valid_issuers[i], cert_issuer) == SECEqual)
+        return true;
+    }
+  }
   return false;
 }
 
-} // namespace x509_util
+std::string GetUniqueNicknameForSlot(const std::string& nickname,
+                                     const SECItem* subject,
+                                     PK11SlotInfo* slot) {
+  int index = 2;
+  std::string new_name = nickname;
+  std::string temp_nickname = new_name;
+  std::string token_name;
+
+  if (!slot)
+    return new_name;
+
+  if (!PK11_IsInternalKeySlot(slot)) {
+    token_name.assign(PK11_GetTokenName(slot));
+    token_name.append(":");
+
+    temp_nickname = token_name + new_name;
+  }
+
+  while (SEC_CertNicknameConflict(temp_nickname.c_str(),
+                                  const_cast<SECItem*>(subject),
+                                  CERT_GetDefaultCertDB())) {
+    base::SStringPrintf(&new_name, "%s #%d", nickname.c_str(), index++);
+    temp_nickname = token_name + new_name;
+  }
+
+  return new_name;
+}
+
+}  // namespace x509_util
 
-} // namespace net
+}  // namespace net
diff --git a/chromium/net/cert/x509_util_nss.h b/chromium/net/cert/x509_util_nss.h
index c656264169e..b0ba5925da2 100644
--- a/chromium/net/cert/x509_util_nss.h
+++ b/chromium/net/cert/x509_util_nss.h
@@ -28,7 +28,7 @@ namespace net {
 
 namespace x509_util {
 
-#if defined(USE_NSS_VERIFIER)
+#if defined(USE_NSS_CERTS)
 // Parses the Principal attribute from |name| and outputs the result in
 // |principal|.
 void ParsePrincipal(CERTName* name,
@@ -127,7 +127,7 @@ bool IsCertificateIssuedBy(const std::vector<CERTCertificate*>& cert_chain,
 std::string GetUniqueNicknameForSlot(const std::string& nickname,
                                      const SECItem* subject,
                                      PK11SlotInfo* slot);
-#endif  // defined(USE_NSS_VERIFIER)
+#endif  // defined(USE_NSS_CERTS)
 
 } // namespace x509_util
 
diff --git a/chromium/net/cert/x509_util_nss_certs.cc b/chromium/net/cert/x509_util_nss_certs.cc
deleted file mode 100644
index b0058895def..00000000000
--- a/chromium/net/cert/x509_util_nss_certs.cc
+++ /dev/null
@@ -1,418 +0,0 @@
-// Copyright 2015 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include <cert.h>  // Must be included before certdb.h
-#include <certdb.h>
-#include <cryptohi.h>
-#include <nss.h>
-#include <pk11pub.h>
-#include <prerror.h>
-#include <secder.h>
-#include <secmod.h>
-#include <secport.h>
-
-#include "base/debug/leak_annotations.h"
-#include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
-#include "base/memory/singleton.h"
-#include "base/numerics/safe_conversions.h"
-#include "base/pickle.h"
-#include "base/strings/stringprintf.h"
-#include "crypto/ec_private_key.h"
-#include "crypto/nss_util.h"
-#include "crypto/nss_util_internal.h"
-#include "crypto/rsa_private_key.h"
-#include "crypto/scoped_nss_types.h"
-#include "crypto/third_party/nss/chromium-nss.h"
-#include "net/cert/x509_certificate.h"
-#include "net/cert/x509_util.h"
-#include "net/cert/x509_util_nss.h"
-
-namespace net {
-
-namespace {
-
-// Microsoft User Principal Name: 1.3.6.1.4.1.311.20.2.3
-const uint8_t kUpnOid[] = {0x2b, 0x6,  0x1,  0x4, 0x1,
-                           0x82, 0x37, 0x14, 0x2, 0x3};
-
-// Callback for CERT_DecodeCertPackage(), used in
-// CreateOSCertHandlesFromBytes().
-SECStatus PR_CALLBACK
-CollectCertsCallback(void* arg, SECItem** certs, int num_certs) {
-  X509Certificate::OSCertHandles* results =
-      reinterpret_cast<X509Certificate::OSCertHandles*>(arg);
-
-  for (int i = 0; i < num_certs; ++i) {
-    X509Certificate::OSCertHandle handle =
-        X509Certificate::CreateOSCertHandleFromBytes(
-            reinterpret_cast<char*>(certs[i]->data), certs[i]->len);
-    if (handle)
-      results->push_back(handle);
-  }
-
-  return SECSuccess;
-}
-
-typedef scoped_ptr<CERTName, crypto::NSSDestroyer<CERTName, CERT_DestroyName>>
-    ScopedCERTName;
-
-// Create a new CERTName object from its encoded representation.
-// |arena| is the allocation pool to use.
-// |data| points to a DER-encoded X.509 DistinguishedName.
-// Return a new CERTName pointer on success, or NULL.
-CERTName* CreateCertNameFromEncoded(PLArenaPool* arena,
-                                    const base::StringPiece& data) {
-  if (!arena)
-    return NULL;
-
-  ScopedCERTName name(PORT_ArenaZNew(arena, CERTName));
-  if (!name.get())
-    return NULL;
-
-  SECItem item;
-  item.len = static_cast<unsigned int>(data.length());
-  item.data = reinterpret_cast<unsigned char*>(const_cast<char*>(data.data()));
-
-  SECStatus rv = SEC_ASN1DecodeItem(arena, name.get(),
-                                    SEC_ASN1_GET(CERT_NameTemplate), &item);
-  if (rv != SECSuccess)
-    return NULL;
-
-  return name.release();
-}
-
-}  // namespace
-
-namespace x509_util {
-
-void ParsePrincipal(CERTName* name, CertPrincipal* principal) {
-// Starting in NSS 3.15, CERTGetNameFunc takes a const CERTName* argument.
-#if NSS_VMINOR >= 15
-  typedef char* (*CERTGetNameFunc)(const CERTName* name);
-#else
-  typedef char* (*CERTGetNameFunc)(CERTName* name);
-#endif
-
-  // TODO(jcampan): add business_category and serial_number.
-  // TODO(wtc): NSS has the CERT_GetOrgName, CERT_GetOrgUnitName, and
-  // CERT_GetDomainComponentName functions, but they return only the most
-  // general (the first) RDN.  NSS doesn't have a function for the street
-  // address.
-  static const SECOidTag kOIDs[] = {SEC_OID_AVA_STREET_ADDRESS,
-                                    SEC_OID_AVA_ORGANIZATION_NAME,
-                                    SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME,
-                                    SEC_OID_AVA_DC};
-
-  std::vector<std::string>* values[] = {&principal->street_addresses,
-                                        &principal->organization_names,
-                                        &principal->organization_unit_names,
-                                        &principal->domain_components};
-  DCHECK_EQ(arraysize(kOIDs), arraysize(values));
-
-  CERTRDN** rdns = name->rdns;
-  for (size_t rdn = 0; rdns[rdn]; ++rdn) {
-    CERTAVA** avas = rdns[rdn]->avas;
-    for (size_t pair = 0; avas[pair] != 0; ++pair) {
-      SECOidTag tag = CERT_GetAVATag(avas[pair]);
-      for (size_t oid = 0; oid < arraysize(kOIDs); ++oid) {
-        if (kOIDs[oid] == tag) {
-          SECItem* decode_item = CERT_DecodeAVAValue(&avas[pair]->value);
-          if (!decode_item)
-            break;
-          // TODO(wtc): Pass decode_item to CERT_RFC1485_EscapeAndQuote.
-          std::string value(reinterpret_cast<char*>(decode_item->data),
-                            decode_item->len);
-          values[oid]->push_back(value);
-          SECITEM_FreeItem(decode_item, PR_TRUE);
-          break;
-        }
-      }
-    }
-  }
-
-  // Get CN, L, S, and C.
-  CERTGetNameFunc get_name_funcs[4] = {CERT_GetCommonName,
-                                       CERT_GetLocalityName,
-                                       CERT_GetStateName,
-                                       CERT_GetCountryName};
-  std::string* single_values[4] = {&principal->common_name,
-                                   &principal->locality_name,
-                                   &principal->state_or_province_name,
-                                   &principal->country_name};
-  for (size_t i = 0; i < arraysize(get_name_funcs); ++i) {
-    char* value = get_name_funcs[i](name);
-    if (value) {
-      single_values[i]->assign(value);
-      PORT_Free(value);
-    }
-  }
-}
-
-void ParseDate(const SECItem* der_date, base::Time* result) {
-  PRTime prtime;
-  SECStatus rv = DER_DecodeTimeChoice(&prtime, der_date);
-  DCHECK_EQ(SECSuccess, rv);
-  *result = crypto::PRTimeToBaseTime(prtime);
-}
-
-std::string ParseSerialNumber(const CERTCertificate* certificate) {
-  return std::string(reinterpret_cast<char*>(certificate->serialNumber.data),
-                     certificate->serialNumber.len);
-}
-
-void GetSubjectAltName(CERTCertificate* cert_handle,
-                       std::vector<std::string>* dns_names,
-                       std::vector<std::string>* ip_addrs) {
-  if (dns_names)
-    dns_names->clear();
-  if (ip_addrs)
-    ip_addrs->clear();
-
-  SECItem alt_name;
-  SECStatus rv = CERT_FindCertExtension(
-      cert_handle, SEC_OID_X509_SUBJECT_ALT_NAME, &alt_name);
-  if (rv != SECSuccess)
-    return;
-
-  PLArenaPool* arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-  DCHECK(arena != NULL);
-
-  CERTGeneralName* alt_name_list;
-  alt_name_list = CERT_DecodeAltNameExtension(arena, &alt_name);
-  SECITEM_FreeItem(&alt_name, PR_FALSE);
-
-  CERTGeneralName* name = alt_name_list;
-  while (name) {
-    // DNSName and IPAddress are encoded as IA5String and OCTET STRINGs
-    // respectively, both of which can be byte copied from
-    // SECItemType::data into the appropriate output vector.
-    if (dns_names && name->type == certDNSName) {
-      dns_names->push_back(
-          std::string(reinterpret_cast<char*>(name->name.other.data),
-                      name->name.other.len));
-    } else if (ip_addrs && name->type == certIPAddress) {
-      ip_addrs->push_back(
-          std::string(reinterpret_cast<char*>(name->name.other.data),
-                      name->name.other.len));
-    }
-    name = CERT_GetNextGeneralName(name);
-    if (name == alt_name_list)
-      break;
-  }
-  PORT_FreeArena(arena, PR_FALSE);
-}
-
-void GetRFC822SubjectAltNames(CERTCertificate* cert_handle,
-                              std::vector<std::string>* names) {
-  crypto::ScopedSECItem alt_name(SECITEM_AllocItem(NULL, NULL, 0));
-  DCHECK(alt_name.get());
-
-  names->clear();
-  SECStatus rv = CERT_FindCertExtension(
-      cert_handle, SEC_OID_X509_SUBJECT_ALT_NAME, alt_name.get());
-  if (rv != SECSuccess)
-    return;
-
-  crypto::ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
-  DCHECK(arena.get());
-
-  CERTGeneralName* alt_name_list;
-  alt_name_list = CERT_DecodeAltNameExtension(arena.get(), alt_name.get());
-
-  CERTGeneralName* name = alt_name_list;
-  while (name) {
-    if (name->type == certRFC822Name) {
-      names->push_back(
-          std::string(reinterpret_cast<char*>(name->name.other.data),
-                      name->name.other.len));
-    }
-    name = CERT_GetNextGeneralName(name);
-    if (name == alt_name_list)
-      break;
-  }
-}
-
-void GetUPNSubjectAltNames(CERTCertificate* cert_handle,
-                           std::vector<std::string>* names) {
-  crypto::ScopedSECItem alt_name(SECITEM_AllocItem(NULL, NULL, 0));
-  DCHECK(alt_name.get());
-
-  names->clear();
-  SECStatus rv = CERT_FindCertExtension(
-      cert_handle, SEC_OID_X509_SUBJECT_ALT_NAME, alt_name.get());
-  if (rv != SECSuccess)
-    return;
-
-  crypto::ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
-  DCHECK(arena.get());
-
-  CERTGeneralName* alt_name_list;
-  alt_name_list = CERT_DecodeAltNameExtension(arena.get(), alt_name.get());
-
-  CERTGeneralName* name = alt_name_list;
-  while (name) {
-    if (name->type == certOtherName) {
-      OtherName* on = &name->name.OthName;
-      if (on->oid.len == sizeof(kUpnOid) &&
-          memcmp(on->oid.data, kUpnOid, sizeof(kUpnOid)) == 0) {
-        SECItem decoded;
-        if (SEC_QuickDERDecodeItem(arena.get(), &decoded,
-                                   SEC_ASN1_GET(SEC_UTF8StringTemplate),
-                                   &name->name.OthName.name) == SECSuccess) {
-          names->push_back(
-              std::string(reinterpret_cast<char*>(decoded.data), decoded.len));
-        }
-      }
-    }
-    name = CERT_GetNextGeneralName(name);
-    if (name == alt_name_list)
-      break;
-  }
-}
-
-X509Certificate::OSCertHandles CreateOSCertHandlesFromBytes(
-    const char* data,
-    size_t length,
-    X509Certificate::Format format) {
-  X509Certificate::OSCertHandles results;
-
-  crypto::EnsureNSSInit();
-
-  if (!NSS_IsInitialized())
-    return results;
-
-  switch (format) {
-    case X509Certificate::FORMAT_SINGLE_CERTIFICATE: {
-      X509Certificate::OSCertHandle handle =
-          X509Certificate::CreateOSCertHandleFromBytes(data, length);
-      if (handle)
-        results.push_back(handle);
-      break;
-    }
-    case X509Certificate::FORMAT_PKCS7: {
-      // Make a copy since CERT_DecodeCertPackage may modify it
-      std::vector<char> data_copy(data, data + length);
-
-      SECStatus result = CERT_DecodeCertPackage(
-          data_copy.data(), base::checked_cast<int>(data_copy.size()),
-          CollectCertsCallback, &results);
-      if (result != SECSuccess)
-        results.clear();
-      break;
-    }
-    default:
-      NOTREACHED() << "Certificate format " << format << " unimplemented";
-      break;
-  }
-
-  return results;
-}
-
-X509Certificate::OSCertHandle ReadOSCertHandleFromPickle(
-    base::PickleIterator* pickle_iter) {
-  const char* data;
-  int length;
-  if (!pickle_iter->ReadData(&data, &length))
-    return NULL;
-
-  return X509Certificate::CreateOSCertHandleFromBytes(data, length);
-}
-
-void GetPublicKeyInfo(CERTCertificate* handle,
-                      size_t* size_bits,
-                      X509Certificate::PublicKeyType* type) {
-  // Since we might fail, set the output parameters to default values first.
-  *type = X509Certificate::kPublicKeyTypeUnknown;
-  *size_bits = 0;
-
-  crypto::ScopedSECKEYPublicKey key(CERT_ExtractPublicKey(handle));
-  if (!key.get())
-    return;
-
-  *size_bits = SECKEY_PublicKeyStrengthInBits(key.get());
-
-  switch (key->keyType) {
-    case rsaKey:
-      *type = X509Certificate::kPublicKeyTypeRSA;
-      break;
-    case dsaKey:
-      *type = X509Certificate::kPublicKeyTypeDSA;
-      break;
-    case dhKey:
-      *type = X509Certificate::kPublicKeyTypeDH;
-      break;
-    case ecKey:
-      *type = X509Certificate::kPublicKeyTypeECDSA;
-      break;
-    default:
-      *type = X509Certificate::kPublicKeyTypeUnknown;
-      *size_bits = 0;
-      break;
-  }
-}
-
-bool GetIssuersFromEncodedList(const std::vector<std::string>& encoded_issuers,
-                               PLArenaPool* arena,
-                               std::vector<CERTName*>* out) {
-  std::vector<CERTName*> result;
-  for (size_t n = 0; n < encoded_issuers.size(); ++n) {
-    CERTName* name = CreateCertNameFromEncoded(arena, encoded_issuers[n]);
-    if (name != NULL)
-      result.push_back(name);
-  }
-
-  if (result.size() == encoded_issuers.size()) {
-    out->swap(result);
-    return true;
-  }
-
-  for (size_t n = 0; n < result.size(); ++n)
-    CERT_DestroyName(result[n]);
-  return false;
-}
-
-bool IsCertificateIssuedBy(const std::vector<CERTCertificate*>& cert_chain,
-                           const std::vector<CERTName*>& valid_issuers) {
-  for (size_t n = 0; n < cert_chain.size(); ++n) {
-    CERTName* cert_issuer = &cert_chain[n]->issuer;
-    for (size_t i = 0; i < valid_issuers.size(); ++i) {
-      if (CERT_CompareName(valid_issuers[i], cert_issuer) == SECEqual)
-        return true;
-    }
-  }
-  return false;
-}
-
-std::string GetUniqueNicknameForSlot(const std::string& nickname,
-                                     const SECItem* subject,
-                                     PK11SlotInfo* slot) {
-  int index = 2;
-  std::string new_name = nickname;
-  std::string temp_nickname = new_name;
-  std::string token_name;
-
-  if (!slot)
-    return new_name;
-
-  if (!PK11_IsInternalKeySlot(slot)) {
-    token_name.assign(PK11_GetTokenName(slot));
-    token_name.append(":");
-
-    temp_nickname = token_name + new_name;
-  }
-
-  while (SEC_CertNicknameConflict(temp_nickname.c_str(),
-                                  const_cast<SECItem*>(subject),
-                                  CERT_GetDefaultCertDB())) {
-    base::SStringPrintf(&new_name, "%s #%d", nickname.c_str(), index++);
-    temp_nickname = token_name + new_name;
-  }
-
-  return new_name;
-}
-
-}  // namespace x509_util
-
-}  // namespace net
diff --git a/chromium/net/cert/x509_util_openssl.cc b/chromium/net/cert/x509_util_openssl.cc
index 2e8ef2e6c7a..2327deddcf2 100644
--- a/chromium/net/cert/x509_util_openssl.cc
+++ b/chromium/net/cert/x509_util_openssl.cc
@@ -10,6 +10,7 @@
 #include <openssl/mem.h>
 
 #include <algorithm>
+#include <memory>
 
 #include "base/lazy_instance.h"
 #include "base/logging.h"
@@ -297,7 +298,7 @@ bool GetDER(X509* x509, base::StringPiece* der_cache) {
   DERCache* internal_cache = static_cast<DERCache*>(
       X509_get_ex_data(x509, x509_der_cache_index));
   if (!internal_cache) {
-    scoped_ptr<DERCache> new_cache(new DERCache);
+    std::unique_ptr<DERCache> new_cache(new DERCache);
     if (!DerEncodeCert(x509, &new_cache->data))
       return false;
     internal_cache = new_cache.get();
@@ -316,14 +317,16 @@ bool GetTLSServerEndPointChannelBinding(const X509Certificate& certificate,
                                       &der_encoded_certificate))
     return false;
 
-  ParsedCertificate parsed_certificate;
-  if (!ParseCertificate(der::Input(base::StringPiece(der_encoded_certificate)),
-                        &parsed_certificate))
+  der::Input tbs_certificate_tlv;
+  der::Input signature_algorithm_tlv;
+  der::BitString signature_value;
+  if (!ParseCertificate(der::Input(&der_encoded_certificate),
+                        &tbs_certificate_tlv, &signature_algorithm_tlv,
+                        &signature_value))
     return false;
 
-  scoped_ptr<SignatureAlgorithm> signature_algorithm =
-      SignatureAlgorithm::CreateFromDer(
-          parsed_certificate.signature_algorithm_tlv);
+  std::unique_ptr<SignatureAlgorithm> signature_algorithm =
+      SignatureAlgorithm::CreateFromDer(signature_algorithm_tlv);
   if (!signature_algorithm)
     return false;
 
diff --git a/chromium/net/cert/x509_util_unittest.cc b/chromium/net/cert/x509_util_unittest.cc
index 6fabe000cfa..2da48d80912 100644
--- a/chromium/net/cert/x509_util_unittest.cc
+++ b/chromium/net/cert/x509_util_unittest.cc
@@ -5,9 +5,9 @@
 #include "net/cert/x509_util.h"
 
 #include <algorithm>
+#include <memory>
 
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/time/time.h"
 #include "crypto/rsa_private_key.h"
 #include "net/cert/x509_certificate.h"
@@ -55,7 +55,7 @@ TEST(X509UtilTest, SortClientCertificates) {
 // This test creates a self-signed cert and a private key and then verifies the
 // content of the certificate.
 TEST(X509UtilTest, CreateKeyAndSelfSigned) {
-  scoped_ptr<crypto::RSAPrivateKey> private_key;
+  std::unique_ptr<crypto::RSAPrivateKey> private_key;
 
   std::string der_cert;
   ASSERT_TRUE(x509_util::CreateKeyAndSelfSignedCert(
@@ -166,7 +166,7 @@ TEST(X509UtilTest, CreateSelfSigned) {
   input.resize(sizeof(private_key_info));
   memcpy(&input.front(), private_key_info, sizeof(private_key_info));
 
-  scoped_ptr<crypto::RSAPrivateKey> private_key(
+  std::unique_ptr<crypto::RSAPrivateKey> private_key(
       crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(input));
   ASSERT_TRUE(private_key.get());
 
@@ -188,7 +188,6 @@ TEST(X509UtilTest, CreateSelfSigned) {
   EXPECT_FALSE(cert->HasExpired());
 }
 
-#if defined(USE_OPENSSL)
 // This is a test case based on
 // http://blogs.msdn.com/b/openspecification/archive/2013/03/26/ntlm-and-channel-binding-hash-aka-exteneded-protection-for-authentication.aspx
 // There doesn't seem to be too many public test vectors for channel bindings.
@@ -698,7 +697,6 @@ TEST(X509UtilTest, CreateChannelBindings_Unsupported_MD4) {
       x509_util::GetTLSServerEndPointChannelBinding(*cert, &channel_bindings));
   EXPECT_TRUE(channel_bindings.empty());
 }
-#endif
 
 }  // namespace x509_util
 
diff --git a/chromium/net/cert_net/cert_net_fetcher_impl.cc b/chromium/net/cert_net/cert_net_fetcher_impl.cc
index e80aa1b4c1a..e46a0f34faf 100644
--- a/chromium/net/cert_net/cert_net_fetcher_impl.cc
+++ b/chromium/net/cert_net/cert_net_fetcher_impl.cc
@@ -11,6 +11,7 @@
 #include "base/containers/linked_list.h"
 #include "base/logging.h"
 #include "base/macros.h"
+#include "base/memory/ptr_util.h"
 #include "base/numerics/safe_math.h"
 #include "base/stl_util.h"
 #include "base/timer/timer.h"
@@ -146,7 +147,8 @@ bool CertNetFetcherImpl::RequestParams::operator<(
 // the pending requests for it.
 class CertNetFetcherImpl::Job : public URLRequest::Delegate {
  public:
-  Job(scoped_ptr<RequestParams> request_params, CertNetFetcherImpl* parent);
+  Job(std::unique_ptr<RequestParams> request_params,
+      CertNetFetcherImpl* parent);
   ~Job() override;
 
   // Cancels the job and all requests attached to it. No callbacks will be
@@ -158,7 +160,7 @@ class CertNetFetcherImpl::Job : public URLRequest::Delegate {
   // Create a request and attaches it to the job. When the job completes it will
   // notify the request of completion through OnJobCompleted. Note that the Job
   // does NOT own the request.
-  scoped_ptr<Request> CreateRequest(const FetchCallback& callback);
+  std::unique_ptr<Request> CreateRequest(const FetchCallback& callback);
 
   // Removes |request| from the job.
   void DetachRequest(RequestImpl* request);
@@ -206,13 +208,13 @@ class CertNetFetcherImpl::Job : public URLRequest::Delegate {
   RequestList requests_;
 
   // The input parameters for starting a URLRequest.
-  scoped_ptr<RequestParams> request_params_;
+  std::unique_ptr<RequestParams> request_params_;
 
   // The URLRequest response information.
   std::vector<uint8_t> response_body_;
   Error result_net_error_;
 
-  scoped_ptr<URLRequest> url_request_;
+  std::unique_ptr<URLRequest> url_request_;
   scoped_refptr<IOBuffer> read_buffer_;
 
   // Used to timeout the job when the URLRequest takes too long. This timer is
@@ -230,7 +232,7 @@ CertNetFetcherImpl::RequestImpl::~RequestImpl() {
     job_->DetachRequest(this);
 }
 
-CertNetFetcherImpl::Job::Job(scoped_ptr<RequestParams> request_params,
+CertNetFetcherImpl::Job::Job(std::unique_ptr<RequestParams> request_params,
                              CertNetFetcherImpl* parent)
     : request_params_(std::move(request_params)),
       result_net_error_(ERR_IO_PENDING),
@@ -257,15 +259,15 @@ void CertNetFetcherImpl::Job::Cancel() {
   Stop();
 }
 
-scoped_ptr<CertNetFetcher::Request> CertNetFetcherImpl::Job::CreateRequest(
+std::unique_ptr<CertNetFetcher::Request> CertNetFetcherImpl::Job::CreateRequest(
     const FetchCallback& callback) {
-  scoped_ptr<RequestImpl> request(new RequestImpl(this, callback));
+  std::unique_ptr<RequestImpl> request(new RequestImpl(this, callback));
   requests_.Append(request.get());
   return std::move(request);
 }
 
 void CertNetFetcherImpl::Job::DetachRequest(RequestImpl* request) {
-  scoped_ptr<Job> delete_this;
+  std::unique_ptr<Job> delete_this;
 
   request->RemoveFromList();
 
@@ -411,7 +413,7 @@ void CertNetFetcherImpl::Job::OnJobCompleted() {
   //   * The parent CertNetFetcherImpl may be deleted
   //   * Requests in this job may be cancelled
 
-  scoped_ptr<Job> delete_this = parent_->RemoveJob(this);
+  std::unique_ptr<Job> delete_this = parent_->RemoveJob(this);
   parent_->SetCurrentlyCompletingJob(this);
 
   while (!requests_.empty()) {
@@ -437,12 +439,12 @@ CertNetFetcherImpl::~CertNetFetcherImpl() {
     currently_completing_job_->Cancel();
 }
 
-scoped_ptr<CertNetFetcher::Request> CertNetFetcherImpl::FetchCaIssuers(
+std::unique_ptr<CertNetFetcher::Request> CertNetFetcherImpl::FetchCaIssuers(
     const GURL& url,
     int timeout_milliseconds,
     int max_response_bytes,
     const FetchCallback& callback) {
-  scoped_ptr<RequestParams> request_params(new RequestParams);
+  std::unique_ptr<RequestParams> request_params(new RequestParams);
 
   request_params->url = url;
   request_params->http_method = HTTP_METHOD_GET;
@@ -453,12 +455,12 @@ scoped_ptr<CertNetFetcher::Request> CertNetFetcherImpl::FetchCaIssuers(
   return Fetch(std::move(request_params), callback);
 }
 
-scoped_ptr<CertNetFetcher::Request> CertNetFetcherImpl::FetchCrl(
+std::unique_ptr<CertNetFetcher::Request> CertNetFetcherImpl::FetchCrl(
     const GURL& url,
     int timeout_milliseconds,
     int max_response_bytes,
     const FetchCallback& callback) {
-  scoped_ptr<RequestParams> request_params(new RequestParams);
+  std::unique_ptr<RequestParams> request_params(new RequestParams);
 
   request_params->url = url;
   request_params->http_method = HTTP_METHOD_GET;
@@ -469,12 +471,12 @@ scoped_ptr<CertNetFetcher::Request> CertNetFetcherImpl::FetchCrl(
   return Fetch(std::move(request_params), callback);
 }
 
-scoped_ptr<CertNetFetcher::Request> CertNetFetcherImpl::FetchOcsp(
+std::unique_ptr<CertNetFetcher::Request> CertNetFetcherImpl::FetchOcsp(
     const GURL& url,
     int timeout_milliseconds,
     int max_response_bytes,
     const FetchCallback& callback) {
-  scoped_ptr<RequestParams> request_params(new RequestParams);
+  std::unique_ptr<RequestParams> request_params(new RequestParams);
 
   request_params->url = url;
   request_params->http_method = HTTP_METHOD_GET;
@@ -490,8 +492,8 @@ bool CertNetFetcherImpl::JobComparator::operator()(const Job* job1,
   return job1->request_params() < job2->request_params();
 }
 
-scoped_ptr<CertNetFetcher::Request> CertNetFetcherImpl::Fetch(
-    scoped_ptr<RequestParams> request_params,
+std::unique_ptr<CertNetFetcher::Request> CertNetFetcherImpl::Fetch(
+    std::unique_ptr<RequestParams> request_params,
     const FetchCallback& callback) {
   DCHECK(thread_checker_.CalledOnValidThread());
 
@@ -528,11 +530,12 @@ CertNetFetcherImpl::Job* CertNetFetcherImpl::FindJob(
   return nullptr;
 }
 
-scoped_ptr<CertNetFetcherImpl::Job> CertNetFetcherImpl::RemoveJob(Job* job) {
+std::unique_ptr<CertNetFetcherImpl::Job> CertNetFetcherImpl::RemoveJob(
+    Job* job) {
   DCHECK(thread_checker_.CalledOnValidThread());
   bool erased_job = jobs_.erase(job) == 1;
   CHECK(erased_job);
-  return make_scoped_ptr(job);
+  return base::WrapUnique(job);
 }
 
 void CertNetFetcherImpl::SetCurrentlyCompletingJob(Job* job) {
diff --git a/chromium/net/cert_net/cert_net_fetcher_impl.h b/chromium/net/cert_net/cert_net_fetcher_impl.h
index c3a1fb68b31..08d1b557e74 100644
--- a/chromium/net/cert_net/cert_net_fetcher_impl.h
+++ b/chromium/net/cert_net/cert_net_fetcher_impl.h
@@ -5,11 +5,11 @@
 #ifndef NET_CERT_NET_CERT_NET_FETCHER_H_
 #define NET_CERT_NET_CERT_NET_FETCHER_H_
 
+#include <memory>
 #include <set>
 
 #include "base/callback.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/threading/thread_checker.h"
 #include "net/base/net_errors.h"
 #include "net/base/net_export.h"
@@ -33,19 +33,19 @@ class NET_EXPORT CertNetFetcherImpl : public CertNetFetcher {
   // Deletion implicitly cancels any outstanding requests.
   ~CertNetFetcherImpl() override;
 
-  WARN_UNUSED_RESULT scoped_ptr<Request> FetchCaIssuers(
+  WARN_UNUSED_RESULT std::unique_ptr<Request> FetchCaIssuers(
       const GURL& url,
       int timeout_milliseconds,
       int max_response_bytes,
       const FetchCallback& callback) override;
 
-  WARN_UNUSED_RESULT scoped_ptr<Request> FetchCrl(
+  WARN_UNUSED_RESULT std::unique_ptr<Request> FetchCrl(
       const GURL& url,
       int timeout_milliseconds,
       int max_response_bytes,
       const FetchCallback& callback) override;
 
-  WARN_UNUSED_RESULT scoped_ptr<Request> FetchOcsp(
+  WARN_UNUSED_RESULT std::unique_ptr<Request> FetchOcsp(
       const GURL& url,
       int timeout_milliseconds,
       int max_response_bytes,
@@ -70,8 +70,8 @@ class NET_EXPORT CertNetFetcherImpl : public CertNetFetcher {
   // Completion of the request will never occur synchronously. In other words it
   // is guaranteed that |callback| will only be invoked once the Fetch*() method
   // has returned.
-  WARN_UNUSED_RESULT scoped_ptr<Request> Fetch(
-      scoped_ptr<RequestParams> request_params,
+  WARN_UNUSED_RESULT std::unique_ptr<Request> Fetch(
+      std::unique_ptr<RequestParams> request_params,
       const FetchCallback& callback);
 
   // Finds a job with a matching RequestPararms or returns nullptr if there was
@@ -80,7 +80,7 @@ class NET_EXPORT CertNetFetcherImpl : public CertNetFetcher {
 
   // Removes |job| from the in progress jobs and transfers ownership to the
   // caller.
-  scoped_ptr<Job> RemoveJob(Job* job);
+  std::unique_ptr<Job> RemoveJob(Job* job);
 
   // Indicates which Job is currently executing inside of OnJobCompleted().
   void SetCurrentlyCompletingJob(Job* job);
diff --git a/chromium/net/cert_net/cert_net_fetcher_impl_unittest.cc b/chromium/net/cert_net/cert_net_fetcher_impl_unittest.cc
index 311e93aee01..42fe60de8f7 100644
--- a/chromium/net/cert_net/cert_net_fetcher_impl_unittest.cc
+++ b/chromium/net/cert_net/cert_net_fetcher_impl_unittest.cc
@@ -8,6 +8,7 @@
 #include <utility>
 
 #include "base/compiler_specific.h"
+#include "base/memory/ptr_util.h"
 #include "base/run_loop.h"
 #include "net/cert/mock_cert_verifier.h"
 #include "net/dns/mock_host_resolver.h"
@@ -34,14 +35,15 @@ class RequestContext : public URLRequestContext {
  public:
   RequestContext() : storage_(this) {
     ProxyConfig no_proxy;
-    storage_.set_host_resolver(scoped_ptr<HostResolver>(new MockHostResolver));
-    storage_.set_cert_verifier(make_scoped_ptr(new MockCertVerifier));
+    storage_.set_host_resolver(
+        std::unique_ptr<HostResolver>(new MockHostResolver));
+    storage_.set_cert_verifier(base::WrapUnique(new MockCertVerifier));
     storage_.set_transport_security_state(
-        make_scoped_ptr(new TransportSecurityState));
+        base::WrapUnique(new TransportSecurityState));
     storage_.set_proxy_service(ProxyService::CreateFixed(no_proxy));
     storage_.set_ssl_config_service(new SSLConfigServiceDefaults);
     storage_.set_http_server_properties(
-        scoped_ptr<HttpServerProperties>(new HttpServerPropertiesImpl()));
+        std::unique_ptr<HttpServerProperties>(new HttpServerPropertiesImpl()));
 
     HttpNetworkSession::Params params;
     params.host_resolver = host_resolver();
@@ -51,11 +53,11 @@ class RequestContext : public URLRequestContext {
     params.ssl_config_service = ssl_config_service();
     params.http_server_properties = http_server_properties();
     storage_.set_http_network_session(
-        make_scoped_ptr(new HttpNetworkSession(params)));
-    storage_.set_http_transaction_factory(make_scoped_ptr(new HttpCache(
+        base::WrapUnique(new HttpNetworkSession(params)));
+    storage_.set_http_transaction_factory(base::WrapUnique(new HttpCache(
         storage_.http_network_session(), HttpCache::DefaultBackend::InMemory(0),
         false /* set_up_quic_server_info */)));
-    storage_.set_job_factory(make_scoped_ptr(new URLRequestJobFactoryImpl()));
+    storage_.set_job_factory(base::WrapUnique(new URLRequestJobFactoryImpl()));
   }
 
   ~RequestContext() override { AssertNoURLRequests(); }
@@ -95,7 +97,7 @@ class TestFetchCallback {
 
   const CertNetFetcher::FetchCallback& callback() const { return callback_; }
 
-  scoped_ptr<FetchResult> WaitForResult() {
+  std::unique_ptr<FetchResult> WaitForResult() {
     DCHECK(quit_closure_.is_null());
     while (!HasResult()) {
       base::RunLoop run_loop;
@@ -127,7 +129,7 @@ class TestFetchCallback {
   }
 
   CertNetFetcher::FetchCallback callback_;
-  scoped_ptr<FetchResult> result_;
+  std::unique_ptr<FetchResult> result_;
   base::Closure quit_closure_;
   base::Closure extra_closure_;
 };
@@ -148,7 +150,7 @@ class CertNetFetcherImplTest : public PlatformTest {
 };
 
 // Helper to start an AIA fetch using default parameters.
-WARN_UNUSED_RESULT scoped_ptr<CertNetFetcher::Request> StartRequest(
+WARN_UNUSED_RESULT std::unique_ptr<CertNetFetcher::Request> StartRequest(
     CertNetFetcher* fetcher,
     const GURL& url,
     const TestFetchCallback& callback) {
@@ -168,23 +170,23 @@ TEST_F(CertNetFetcherImplTest, ParallelFetchNoDuplicates) {
 
   // Request a URL with Content-Type "application/pkix-cert"
   GURL url1 = test_server_.GetURL("/cert.crt");
-  scoped_ptr<CertNetFetcher::Request> request1 =
+  std::unique_ptr<CertNetFetcher::Request> request1 =
       StartRequest(&fetcher, url1, callback1);
 
   // Request a URL with Content-Type "application/pkix-crl"
   GURL url2 = test_server_.GetURL("/root.crl");
-  scoped_ptr<CertNetFetcher::Request> request2 =
+  std::unique_ptr<CertNetFetcher::Request> request2 =
       StartRequest(&fetcher, url2, callback2);
 
   // Request a URL with Content-Type "application/pkcs7-mime"
   GURL url3 = test_server_.GetURL("/certs.p7c");
-  scoped_ptr<CertNetFetcher::Request> request3 =
+  std::unique_ptr<CertNetFetcher::Request> request3 =
       StartRequest(&fetcher, url3, callback3);
 
   // Wait for all of the requests to complete.
-  scoped_ptr<FetchResult> result1 = callback1.WaitForResult();
-  scoped_ptr<FetchResult> result2 = callback2.WaitForResult();
-  scoped_ptr<FetchResult> result3 = callback3.WaitForResult();
+  std::unique_ptr<FetchResult> result1 = callback1.WaitForResult();
+  std::unique_ptr<FetchResult> result2 = callback2.WaitForResult();
+  std::unique_ptr<FetchResult> result3 = callback3.WaitForResult();
 
   // Verify the fetch results.
   result1->VerifySuccess("-cert.crt-\n");
@@ -205,9 +207,9 @@ TEST_F(CertNetFetcherImplTest, ContentTypeDoesntMatter) {
 
   TestFetchCallback callback;
   GURL url = test_server_.GetURL("/foo.txt");
-  scoped_ptr<CertNetFetcher::Request> request =
+  std::unique_ptr<CertNetFetcher::Request> request =
       StartRequest(&fetcher, url, callback);
-  scoped_ptr<FetchResult> result = callback.WaitForResult();
+  std::unique_ptr<FetchResult> result = callback.WaitForResult();
   result->VerifySuccess("-foo.txt-\n");
 }
 
@@ -222,9 +224,9 @@ TEST_F(CertNetFetcherImplTest, HttpStatusCode) {
   {
     TestFetchCallback callback;
     GURL url = test_server_.GetURL("/404.html");
-    scoped_ptr<CertNetFetcher::Request> request =
+    std::unique_ptr<CertNetFetcher::Request> request =
         StartRequest(&fetcher, url, callback);
-    scoped_ptr<FetchResult> result = callback.WaitForResult();
+    std::unique_ptr<FetchResult> result = callback.WaitForResult();
     result->VerifyFailure(ERR_FAILED);
   }
 
@@ -232,9 +234,9 @@ TEST_F(CertNetFetcherImplTest, HttpStatusCode) {
   {
     TestFetchCallback callback;
     GURL url = test_server_.GetURL("/500.html");
-    scoped_ptr<CertNetFetcher::Request> request =
+    std::unique_ptr<CertNetFetcher::Request> request =
         StartRequest(&fetcher, url, callback);
-    scoped_ptr<FetchResult> result = callback.WaitForResult();
+    std::unique_ptr<FetchResult> result = callback.WaitForResult();
     result->VerifyFailure(ERR_FAILED);
   }
 }
@@ -247,9 +249,9 @@ TEST_F(CertNetFetcherImplTest, ContentDisposition) {
 
   TestFetchCallback callback;
   GURL url = test_server_.GetURL("/downloadable.js");
-  scoped_ptr<CertNetFetcher::Request> request =
+  std::unique_ptr<CertNetFetcher::Request> request =
       StartRequest(&fetcher, url, callback);
-  scoped_ptr<FetchResult> result = callback.WaitForResult();
+  std::unique_ptr<FetchResult> result = callback.WaitForResult();
   result->VerifySuccess("-downloadable.js-\n");
 }
 
@@ -265,9 +267,9 @@ TEST_F(CertNetFetcherImplTest, Cache) {
   {
     TestFetchCallback callback;
 
-    scoped_ptr<CertNetFetcher::Request> request =
+    std::unique_ptr<CertNetFetcher::Request> request =
         StartRequest(&fetcher, url, callback);
-    scoped_ptr<FetchResult> result = callback.WaitForResult();
+    std::unique_ptr<FetchResult> result = callback.WaitForResult();
     result->VerifySuccess("-cacheable_1hr.crt-\n");
   }
 
@@ -279,9 +281,9 @@ TEST_F(CertNetFetcherImplTest, Cache) {
   // Fetch again -- will fail unless served from cache.
   {
     TestFetchCallback callback;
-    scoped_ptr<CertNetFetcher::Request> request =
+    std::unique_ptr<CertNetFetcher::Request> request =
         StartRequest(&fetcher, url, callback);
-    scoped_ptr<FetchResult> result = callback.WaitForResult();
+    std::unique_ptr<FetchResult> result = callback.WaitForResult();
     result->VerifySuccess("-cacheable_1hr.crt-\n");
   }
 
@@ -299,10 +301,10 @@ TEST_F(CertNetFetcherImplTest, TooLarge) {
   // bytes will cause it to fail.
   GURL url(test_server_.GetURL("/certs.p7c"));
   TestFetchCallback callback;
-  scoped_ptr<CertNetFetcher::Request> request = fetcher.FetchCaIssuers(
+  std::unique_ptr<CertNetFetcher::Request> request = fetcher.FetchCaIssuers(
       url, CertNetFetcher::DEFAULT, 11, callback.callback());
 
-  scoped_ptr<FetchResult> result = callback.WaitForResult();
+  std::unique_ptr<FetchResult> result = callback.WaitForResult();
   result->VerifyFailure(ERR_FILE_TOO_BIG);
 }
 
@@ -315,9 +317,9 @@ TEST_F(CertNetFetcherImplTest, Hang) {
 
   GURL url(test_server_.GetURL("/slow/certs.p7c?5"));
   TestFetchCallback callback;
-  scoped_ptr<CertNetFetcher::Request> request = fetcher.FetchCaIssuers(
+  std::unique_ptr<CertNetFetcher::Request> request = fetcher.FetchCaIssuers(
       url, 10, CertNetFetcher::DEFAULT, callback.callback());
-  scoped_ptr<FetchResult> result = callback.WaitForResult();
+  std::unique_ptr<FetchResult> result = callback.WaitForResult();
   result->VerifyFailure(ERR_TIMED_OUT);
 }
 
@@ -330,9 +332,9 @@ TEST_F(CertNetFetcherImplTest, Gzip) {
 
   GURL url(test_server_.GetURL("/gzipped_crl"));
   TestFetchCallback callback;
-  scoped_ptr<CertNetFetcher::Request> request =
+  std::unique_ptr<CertNetFetcher::Request> request =
       StartRequest(&fetcher, url, callback);
-  scoped_ptr<FetchResult> result = callback.WaitForResult();
+  std::unique_ptr<FetchResult> result = callback.WaitForResult();
   result->VerifySuccess("-gzipped_crl-\n");
 }
 
@@ -344,12 +346,12 @@ TEST_F(CertNetFetcherImplTest, HttpsNotAllowed) {
 
   GURL url("https://foopy/foo.crt");
   TestFetchCallback callback;
-  scoped_ptr<CertNetFetcher::Request> request =
+  std::unique_ptr<CertNetFetcher::Request> request =
       StartRequest(&fetcher, url, callback);
   // Should NOT complete synchronously despite being a test that could be done
   // immediately.
   EXPECT_FALSE(callback.HasResult());
-  scoped_ptr<FetchResult> result = callback.WaitForResult();
+  std::unique_ptr<FetchResult> result = callback.WaitForResult();
   result->VerifyFailure(ERR_DISALLOWED_URL_SCHEME);
 
   // No request was created because the URL scheme was unsupported.
@@ -365,9 +367,9 @@ TEST_F(CertNetFetcherImplTest, RedirectToHttpsNotAllowed) {
   GURL url(test_server_.GetURL("/redirect_https"));
   TestFetchCallback callback;
 
-  scoped_ptr<CertNetFetcher::Request> request =
+  std::unique_ptr<CertNetFetcher::Request> request =
       StartRequest(&fetcher, url, callback);
-  scoped_ptr<FetchResult> result = callback.WaitForResult();
+  std::unique_ptr<FetchResult> result = callback.WaitForResult();
   result->VerifyFailure(ERR_DISALLOWED_URL_SCHEME);
 
   EXPECT_EQ(1, network_delegate_.created_requests());
@@ -382,7 +384,7 @@ TEST_F(CertNetFetcherImplTest, CancelHttpsNotAllowed) {
 
   GURL url("https://foopy/foo.crt");
   TestFetchCallback callback;
-  scoped_ptr<CertNetFetcher::Request> request =
+  std::unique_ptr<CertNetFetcher::Request> request =
       StartRequest(&fetcher, url, callback);
 
   // Cancel the request.
@@ -409,16 +411,16 @@ TEST_F(CertNetFetcherImplTest, CancelBeforeRunningMessageLoop) {
   TestFetchCallback callback3;
 
   GURL url1 = test_server_.GetURL("/cert.crt");
-  scoped_ptr<CertNetFetcher::Request> request1 =
+  std::unique_ptr<CertNetFetcher::Request> request1 =
       StartRequest(&fetcher, url1, callback1);
 
   GURL url2 = test_server_.GetURL("/root.crl");
-  scoped_ptr<CertNetFetcher::Request> request2 =
+  std::unique_ptr<CertNetFetcher::Request> request2 =
       StartRequest(&fetcher, url2, callback2);
 
   GURL url3 = test_server_.GetURL("/certs.p7c");
 
-  scoped_ptr<CertNetFetcher::Request> request3 =
+  std::unique_ptr<CertNetFetcher::Request> request3 =
       StartRequest(&fetcher, url3, callback3);
 
   EXPECT_EQ(3, network_delegate_.created_requests());
@@ -430,8 +432,8 @@ TEST_F(CertNetFetcherImplTest, CancelBeforeRunningMessageLoop) {
   request2.reset();
 
   // Wait for the non-cancelled requests to complete.
-  scoped_ptr<FetchResult> result1 = callback1.WaitForResult();
-  scoped_ptr<FetchResult> result3 = callback3.WaitForResult();
+  std::unique_ptr<FetchResult> result1 = callback1.WaitForResult();
+  std::unique_ptr<FetchResult> result3 = callback3.WaitForResult();
 
   // Verify the fetch results.
   result1->VerifySuccess("-cert.crt-\n");
@@ -462,15 +464,15 @@ TEST_F(CertNetFetcherImplTest, CancelAfterRunningMessageLoop) {
 
   GURL url1 = test_server_.GetURL("/cert.crt");
 
-  scoped_ptr<CertNetFetcher::Request> request1 =
+  std::unique_ptr<CertNetFetcher::Request> request1 =
       StartRequest(&fetcher, url1, callback1);
 
   GURL url2 = test_server_.GetURL("/certs.p7c");
-  scoped_ptr<CertNetFetcher::Request> request2 =
+  std::unique_ptr<CertNetFetcher::Request> request2 =
       StartRequest(&fetcher, url2, callback2);
 
   GURL url3("ftp://www.not.supported.com/foo");
-  scoped_ptr<CertNetFetcher::Request> request3 =
+  std::unique_ptr<CertNetFetcher::Request> request3 =
       StartRequest(&fetcher, url3, callback3);
 
   EXPECT_FALSE(callback1.HasResult());
@@ -479,14 +481,14 @@ TEST_F(CertNetFetcherImplTest, CancelAfterRunningMessageLoop) {
 
   // Wait for the ftp request to complete (it should complete right away since
   // it doesn't even try to connect to the server).
-  scoped_ptr<FetchResult> result3 = callback3.WaitForResult();
+  std::unique_ptr<FetchResult> result3 = callback3.WaitForResult();
   result3->VerifyFailure(ERR_DISALLOWED_URL_SCHEME);
 
   // Cancel the second outstanding request.
   request2.reset();
 
   // Wait for the first request to complete.
-  scoped_ptr<FetchResult> result2 = callback1.WaitForResult();
+  std::unique_ptr<FetchResult> result2 = callback1.WaitForResult();
 
   // Verify the fetch results.
   result2->VerifySuccess("-cert.crt-\n");
@@ -496,11 +498,12 @@ TEST_F(CertNetFetcherImplTest, CancelAfterRunningMessageLoop) {
 TEST_F(CertNetFetcherImplTest, DeleteCancels) {
   ASSERT_TRUE(test_server_.Start());
 
-  scoped_ptr<CertNetFetcherImpl> fetcher(new CertNetFetcherImpl(&context_));
+  std::unique_ptr<CertNetFetcherImpl> fetcher(
+      new CertNetFetcherImpl(&context_));
 
   GURL url(test_server_.GetURL("/slow/certs.p7c?20"));
   TestFetchCallback callback;
-  scoped_ptr<CertNetFetcher::Request> request =
+  std::unique_ptr<CertNetFetcher::Request> request =
       StartRequest(fetcher.get(), url, callback);
 
   // Destroy the fetcher before the outstanding request.
@@ -519,27 +522,27 @@ TEST_F(CertNetFetcherImplTest, ParallelFetchDuplicates) {
 
   // Issue 3 requests for url1, and 3 requests for url2
   TestFetchCallback callback1;
-  scoped_ptr<CertNetFetcher::Request> request1 =
+  std::unique_ptr<CertNetFetcher::Request> request1 =
       StartRequest(&fetcher, url1, callback1);
 
   TestFetchCallback callback2;
-  scoped_ptr<CertNetFetcher::Request> request2 =
+  std::unique_ptr<CertNetFetcher::Request> request2 =
       StartRequest(&fetcher, url2, callback2);
 
   TestFetchCallback callback3;
-  scoped_ptr<CertNetFetcher::Request> request3 =
+  std::unique_ptr<CertNetFetcher::Request> request3 =
       StartRequest(&fetcher, url1, callback3);
 
   TestFetchCallback callback4;
-  scoped_ptr<CertNetFetcher::Request> request4 =
+  std::unique_ptr<CertNetFetcher::Request> request4 =
       StartRequest(&fetcher, url2, callback4);
 
   TestFetchCallback callback5;
-  scoped_ptr<CertNetFetcher::Request> request5 =
+  std::unique_ptr<CertNetFetcher::Request> request5 =
       StartRequest(&fetcher, url2, callback5);
 
   TestFetchCallback callback6;
-  scoped_ptr<CertNetFetcher::Request> request6 =
+  std::unique_ptr<CertNetFetcher::Request> request6 =
       StartRequest(&fetcher, url1, callback6);
 
   // Cancel all but one of the requests for url1.
@@ -547,10 +550,10 @@ TEST_F(CertNetFetcherImplTest, ParallelFetchDuplicates) {
   request3.reset();
 
   // Wait for the remaining requests to finish.
-  scoped_ptr<FetchResult> result2 = callback2.WaitForResult();
-  scoped_ptr<FetchResult> result4 = callback4.WaitForResult();
-  scoped_ptr<FetchResult> result5 = callback5.WaitForResult();
-  scoped_ptr<FetchResult> result6 = callback6.WaitForResult();
+  std::unique_ptr<FetchResult> result2 = callback2.WaitForResult();
+  std::unique_ptr<FetchResult> result4 = callback4.WaitForResult();
+  std::unique_ptr<FetchResult> result5 = callback5.WaitForResult();
+  std::unique_ptr<FetchResult> result6 = callback6.WaitForResult();
 
   // Verify that none of the cancelled requests for url1 completed (since they
   // were cancelled).
@@ -579,19 +582,19 @@ TEST_F(CertNetFetcherImplTest, CancelThenStart) {
 
   GURL url = test_server_.GetURL("/cert.crt");
 
-  scoped_ptr<CertNetFetcher::Request> request1 =
+  std::unique_ptr<CertNetFetcher::Request> request1 =
       StartRequest(&fetcher, url, callback1);
   request1.reset();
 
-  scoped_ptr<CertNetFetcher::Request> request2 =
+  std::unique_ptr<CertNetFetcher::Request> request2 =
       StartRequest(&fetcher, url, callback2);
 
-  scoped_ptr<CertNetFetcher::Request> request3 =
+  std::unique_ptr<CertNetFetcher::Request> request3 =
       StartRequest(&fetcher, url, callback3);
   request3.reset();
 
   // All but |request2| were canceled.
-  scoped_ptr<FetchResult> result = callback2.WaitForResult();
+  std::unique_ptr<FetchResult> result = callback2.WaitForResult();
 
   result->VerifySuccess("-cert.crt-\n");
 
@@ -608,7 +611,7 @@ TEST_F(CertNetFetcherImplTest, CancelAll) {
 
   CertNetFetcherImpl fetcher(&context_);
   TestFetchCallback callback[3];
-  scoped_ptr<CertNetFetcher::Request> request[3];
+  std::unique_ptr<CertNetFetcher::Request> request[3];
 
   GURL url = test_server_.GetURL("/cert.crt");
 
@@ -640,7 +643,7 @@ TEST_F(CertNetFetcherImplTest, DeleteWithinCallback) {
   GURL url = test_server_.GetURL("/cert.crt");
 
   TestFetchCallback callback[4];
-  scoped_ptr<CertNetFetcher::Request> reqs[4];
+  std::unique_ptr<CertNetFetcher::Request> reqs[4];
   callback[1].set_extra_closure(base::Bind(DeleteCertNetFetcher, fetcher));
 
   for (size_t i = 0; i < arraysize(callback); ++i)
@@ -659,7 +662,7 @@ TEST_F(CertNetFetcherImplTest, DeleteWithinCallback) {
 void FetchRequest(CertNetFetcher* fetcher,
                   const GURL& url,
                   TestFetchCallback* callback,
-                  scoped_ptr<CertNetFetcher::Request>* request) {
+                  std::unique_ptr<CertNetFetcher::Request>* request) {
   *request = StartRequest(fetcher, url, *callback);
 }
 
@@ -672,7 +675,7 @@ TEST_F(CertNetFetcherImplTest, FetchWithinCallback) {
   GURL url = test_server_.GetURL("/cert.crt");
 
   TestFetchCallback callback[5];
-  scoped_ptr<CertNetFetcher::Request> req[5];
+  std::unique_ptr<CertNetFetcher::Request> req[5];
   callback[1].set_extra_closure(
       base::Bind(FetchRequest, &fetcher, url, &callback[4], &req[4]));
 
@@ -682,7 +685,7 @@ TEST_F(CertNetFetcherImplTest, FetchWithinCallback) {
   EXPECT_EQ(1, network_delegate_.created_requests());
 
   for (size_t i = 0; i < arraysize(callback); ++i) {
-    scoped_ptr<FetchResult> result = callback[i].WaitForResult();
+    std::unique_ptr<FetchResult> result = callback[i].WaitForResult();
     result->VerifySuccess("-cert.crt-\n");
   }
 
@@ -691,7 +694,7 @@ TEST_F(CertNetFetcherImplTest, FetchWithinCallback) {
   EXPECT_EQ(2, network_delegate_.created_requests());
 }
 
-void CancelRequest(scoped_ptr<CertNetFetcher::Request>* request) {
+void CancelRequest(std::unique_ptr<CertNetFetcher::Request>* request) {
   request->reset();
 }
 
@@ -704,7 +707,7 @@ TEST_F(CertNetFetcherImplTest, CancelWithinCallback) {
   GURL url = test_server_.GetURL("/cert.crt");
 
   TestFetchCallback callback[4];
-  scoped_ptr<CertNetFetcher::Request> request[4];
+  std::unique_ptr<CertNetFetcher::Request> request[4];
 
   for (size_t i = 0; i < arraysize(callback); ++i)
     request[i] = StartRequest(&fetcher, url, callback[i]);
@@ -718,7 +721,7 @@ TEST_F(CertNetFetcherImplTest, CancelWithinCallback) {
     if (i == 2)
       continue;
 
-    scoped_ptr<FetchResult> result = callback[i].WaitForResult();
+    std::unique_ptr<FetchResult> result = callback[i].WaitForResult();
     result->VerifySuccess("-cert.crt-\n");
   }
 
@@ -736,11 +739,11 @@ TEST_F(CertNetFetcherImplTest, CancelLastRequestWithinCallback) {
   GURL url = test_server_.GetURL("/cert.crt");
 
   TestFetchCallback callback1;
-  scoped_ptr<CertNetFetcher::Request> request1 =
+  std::unique_ptr<CertNetFetcher::Request> request1 =
       StartRequest(&fetcher, url, callback1);
 
   TestFetchCallback callback2;
-  scoped_ptr<CertNetFetcher::Request> request2 =
+  std::unique_ptr<CertNetFetcher::Request> request2 =
       StartRequest(&fetcher, url, callback1);
 
   // Cancel request2 when the callback for request1 runs.
@@ -748,7 +751,7 @@ TEST_F(CertNetFetcherImplTest, CancelLastRequestWithinCallback) {
 
   EXPECT_EQ(1, network_delegate_.created_requests());
 
-  scoped_ptr<FetchResult> result = callback1.WaitForResult();
+  std::unique_ptr<FetchResult> result = callback1.WaitForResult();
   result->VerifySuccess("-cert.crt-\n");
 
   // request2 was cancelled.
diff --git a/chromium/net/cert_net/nss_ocsp.cc b/chromium/net/cert_net/nss_ocsp.cc
index 40b79da9523..50edb9305d3 100644
--- a/chromium/net/cert_net/nss_ocsp.cc
+++ b/chromium/net/cert_net/nss_ocsp.cc
@@ -11,7 +11,9 @@
 #include <ocsp.h>
 #include <pthread.h>
 #include <secerr.h>
+
 #include <algorithm>
+#include <memory>
 #include <string>
 #include <utility>
 
@@ -21,7 +23,6 @@
 #include "base/location.h"
 #include "base/logging.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/single_thread_task_runner.h"
 #include "base/stl_util.h"
@@ -407,7 +408,7 @@ class OCSPRequestSession
       extra_request_headers_.SetHeader(
           HttpRequestHeaders::kContentType, upload_content_type_);
 
-      scoped_ptr<UploadElementReader> reader(new UploadBytesElementReader(
+      std::unique_ptr<UploadElementReader> reader(new UploadBytesElementReader(
           upload_content_.data(), upload_content_.size()));
       request_->set_upload(
           ElementsUploadDataStream::CreateWithReader(std::move(reader), 0));
@@ -422,7 +423,7 @@ class OCSPRequestSession
   GURL url_;                        // The URL we eventually wound up at
   std::string http_request_method_;
   base::TimeDelta timeout_;         // The timeout for OCSP
-  scoped_ptr<URLRequest> request_;  // The actual request this wraps
+  std::unique_ptr<URLRequest> request_;  // The actual request this wraps
   scoped_refptr<IOBuffer> buffer_;  // Read buffer
   HttpRequestHeaders extra_request_headers_;
 
diff --git a/chromium/net/cert_net/nss_ocsp_unittest.cc b/chromium/net/cert_net/nss_ocsp_unittest.cc
index e4367cc30bf..21ccb099626 100644
--- a/chromium/net/cert_net/nss_ocsp_unittest.cc
+++ b/chromium/net/cert_net/nss_ocsp_unittest.cc
@@ -88,7 +88,7 @@ class NssHttpTest : public ::testing::Test {
 
     // Ownership of |handler| is transferred to the URLRequestFilter, but
     // hold onto the original pointer in order to access |request_count()|.
-    scoped_ptr<AiaResponseHandler> handler(
+    std::unique_ptr<AiaResponseHandler> handler(
         new AiaResponseHandler(kAiaHeaders, file_contents));
     handler_ = handler.get();
 
@@ -121,7 +121,7 @@ class NssHttpTest : public ::testing::Test {
   TestURLRequestContext context_;
   AiaResponseHandler* handler_;
   scoped_refptr<CertVerifyProc> verify_proc_;
-  scoped_ptr<CertVerifier> verifier_;
+  std::unique_ptr<CertVerifier> verifier_;
 };
 
 // Tests that when using NSS to verify certificates, and IO is enabled,
@@ -140,7 +140,7 @@ TEST_F(NssHttpTest, TestAia) {
 
   CertVerifyResult verify_result;
   TestCompletionCallback test_callback;
-  scoped_ptr<CertVerifier::Request> request;
+  std::unique_ptr<CertVerifier::Request> request;
 
   int flags = CertVerifier::VERIFY_CERT_IO_ENABLED;
   int error = verifier()->Verify(
diff --git a/chromium/net/cookies/OWNERS b/chromium/net/cookies/OWNERS
index 3f8456354bd..b8c909d7dcc 100644
--- a/chromium/net/cookies/OWNERS
+++ b/chromium/net/cookies/OWNERS
@@ -1 +1,2 @@
+jww@chromium.org
 mkwst@chromium.org
diff --git a/chromium/net/cookies/canonical_cookie.cc b/chromium/net/cookies/canonical_cookie.cc
index bce2b5477fa..1572cc1e793 100644
--- a/chromium/net/cookies/canonical_cookie.cc
+++ b/chromium/net/cookies/canonical_cookie.cc
@@ -46,6 +46,7 @@
 
 #include "base/format_macros.h"
 #include "base/logging.h"
+#include "base/memory/ptr_util.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
@@ -192,7 +193,7 @@ Time CanonicalCookie::CanonExpiration(const ParsedCookie& pc,
 }
 
 // static
-scoped_ptr<CanonicalCookie> CanonicalCookie::Create(
+std::unique_ptr<CanonicalCookie> CanonicalCookie::Create(
     const GURL& url,
     const std::string& cookie_line,
     const base::Time& creation_time,
@@ -245,7 +246,7 @@ scoped_ptr<CanonicalCookie> CanonicalCookie::Create(
     return nullptr;
   }
 
-  return make_scoped_ptr(new CanonicalCookie(
+  return base::WrapUnique(new CanonicalCookie(
       url, parsed_cookie.Name(), parsed_cookie.Value(), cookie_domain,
       cookie_path, creation_time, cookie_expires, creation_time,
       parsed_cookie.IsSecure(), parsed_cookie.IsHttpOnly(),
@@ -253,7 +254,7 @@ scoped_ptr<CanonicalCookie> CanonicalCookie::Create(
 }
 
 // static
-scoped_ptr<CanonicalCookie> CanonicalCookie::Create(
+std::unique_ptr<CanonicalCookie> CanonicalCookie::Create(
     const GURL& url,
     const std::string& name,
     const std::string& value,
@@ -304,7 +305,7 @@ scoped_ptr<CanonicalCookie> CanonicalCookie::Create(
   cookie_path = std::string(canon_path.data() + canon_path_component.begin,
                             canon_path_component.len);
 
-  return make_scoped_ptr(new CanonicalCookie(
+  return base::WrapUnique(new CanonicalCookie(
       url, parsed_name, parsed_value, cookie_domain, cookie_path, creation,
       expiration, creation, secure, http_only, same_site, priority));
 }
diff --git a/chromium/net/cookies/canonical_cookie.h b/chromium/net/cookies/canonical_cookie.h
index f95501c7627..254e1173574 100644
--- a/chromium/net/cookies/canonical_cookie.h
+++ b/chromium/net/cookies/canonical_cookie.h
@@ -5,11 +5,11 @@
 #ifndef NET_COOKIES_CANONICAL_COOKIE_H_
 #define NET_COOKIES_CANONICAL_COOKIE_H_
 
+#include <memory>
 #include <string>
 #include <vector>
 
 #include "base/gtest_prod_util.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/time/time.h"
 #include "net/base/net_export.h"
 #include "net/cookies/cookie_constants.h"
@@ -50,26 +50,27 @@ class NET_EXPORT CanonicalCookie {
   // Creates a new |CanonicalCookie| from the |cookie_line| and the
   // |creation_time|. Canonicalizes and validates inputs. May return NULL if
   // an attribute value is invalid.
-  static scoped_ptr<CanonicalCookie> Create(const GURL& url,
-                                            const std::string& cookie_line,
-                                            const base::Time& creation_time,
-                                            const CookieOptions& options);
+  static std::unique_ptr<CanonicalCookie> Create(
+      const GURL& url,
+      const std::string& cookie_line,
+      const base::Time& creation_time,
+      const CookieOptions& options);
 
   // Creates a canonical cookie from unparsed attribute values.
   // Canonicalizes and validates inputs.  May return NULL if an attribute
   // value is invalid.
-  static scoped_ptr<CanonicalCookie> Create(const GURL& url,
-                                            const std::string& name,
-                                            const std::string& value,
-                                            const std::string& domain,
-                                            const std::string& path,
-                                            const base::Time& creation,
-                                            const base::Time& expiration,
-                                            bool secure,
-                                            bool http_only,
-                                            CookieSameSite same_site,
-                                            bool enforce_strict_secure,
-                                            CookiePriority priority);
+  static std::unique_ptr<CanonicalCookie> Create(const GURL& url,
+                                                 const std::string& name,
+                                                 const std::string& value,
+                                                 const std::string& domain,
+                                                 const std::string& path,
+                                                 const base::Time& creation,
+                                                 const base::Time& expiration,
+                                                 bool secure,
+                                                 bool http_only,
+                                                 CookieSameSite same_site,
+                                                 bool enforce_strict_secure,
+                                                 CookiePriority priority);
 
   const GURL& Source() const { return source_; }
   const std::string& Name() const { return name_; }
diff --git a/chromium/net/cookies/canonical_cookie_unittest.cc b/chromium/net/cookies/canonical_cookie_unittest.cc
index 80b772e9b2f..9bdfc16fd5c 100644
--- a/chromium/net/cookies/canonical_cookie_unittest.cc
+++ b/chromium/net/cookies/canonical_cookie_unittest.cc
@@ -4,7 +4,8 @@
 
 #include "net/cookies/canonical_cookie.h"
 
-#include "base/memory/scoped_ptr.h"
+#include <memory>
+
 #include "base/test/histogram_tester.h"
 #include "net/cookies/cookie_constants.h"
 #include "net/cookies/cookie_options.h"
@@ -49,7 +50,7 @@ TEST(CanonicalCookieTest, Create) {
   base::Time creation_time = base::Time::Now();
   CookieOptions options;
 
-  scoped_ptr<CanonicalCookie> cookie(
+  std::unique_ptr<CanonicalCookie> cookie(
       CanonicalCookie::Create(url, "A=2", creation_time, options));
   EXPECT_EQ(url.GetOrigin(), cookie->Source());
   EXPECT_EQ("A", cookie->Name());
@@ -126,7 +127,7 @@ TEST(CanonicalCookieTest, Create) {
 TEST(CanonicalCookieTest, CreateInvalidSameSite) {
   GURL url("http://www.example.com/test/foo.html");
   base::Time now = base::Time::Now();
-  scoped_ptr<CanonicalCookie> cookie;
+  std::unique_ptr<CanonicalCookie> cookie;
   CookieOptions options;
 
   // Invalid 'SameSite' attribute values.
@@ -147,7 +148,7 @@ TEST(CanonicalCookieTest, EmptyExpiry) {
 
   std::string cookie_line =
       "ACSTM=20130308043820420042; path=/; domain=ipdl.inpit.go.jp; Expires=";
-  scoped_ptr<CanonicalCookie> cookie(
+  std::unique_ptr<CanonicalCookie> cookie(
       CanonicalCookie::Create(url, cookie_line, creation_time, options));
   EXPECT_TRUE(cookie.get());
   EXPECT_FALSE(cookie->IsPersistent());
@@ -185,14 +186,14 @@ TEST(CanonicalCookieTest, IsEquivalent) {
   CookieSameSite same_site(CookieSameSite::NO_RESTRICTION);
 
   // Test that a cookie is equivalent to itself.
-  scoped_ptr<CanonicalCookie> cookie(new CanonicalCookie(
+  std::unique_ptr<CanonicalCookie> cookie(new CanonicalCookie(
       url, cookie_name, cookie_value, cookie_domain, cookie_path, creation_time,
       expiration_time, last_access_time, secure, httponly, same_site,
       COOKIE_PRIORITY_MEDIUM));
   EXPECT_TRUE(cookie->IsEquivalent(*cookie));
 
   // Test that two identical cookies are equivalent.
-  scoped_ptr<CanonicalCookie> other_cookie(new CanonicalCookie(
+  std::unique_ptr<CanonicalCookie> other_cookie(new CanonicalCookie(
       url, cookie_name, cookie_value, cookie_domain, cookie_path, creation_time,
       expiration_time, last_access_time, secure, httponly, same_site,
       COOKIE_PRIORITY_MEDIUM));
@@ -275,14 +276,14 @@ TEST(CanonicalCookieTest, IsEquivalentForSecureCookieMatching) {
   CookieSameSite same_site(CookieSameSite::NO_RESTRICTION);
 
   // Test that a cookie is equivalent to itself.
-  scoped_ptr<CanonicalCookie> cookie(new CanonicalCookie(
+  std::unique_ptr<CanonicalCookie> cookie(new CanonicalCookie(
       url, cookie_name, cookie_value, cookie_domain, cookie_path, creation_time,
       expiration_time, last_access_time, secure, httponly, same_site,
       COOKIE_PRIORITY_MEDIUM));
   EXPECT_TRUE(cookie->IsEquivalentForSecureCookieMatching(*cookie));
 
   // Test that two identical cookies are equivalent.
-  scoped_ptr<CanonicalCookie> other_cookie(new CanonicalCookie(
+  std::unique_ptr<CanonicalCookie> other_cookie(new CanonicalCookie(
       url, cookie_name, cookie_value, cookie_domain, cookie_path, creation_time,
       expiration_time, last_access_time, secure, httponly, same_site,
       COOKIE_PRIORITY_MEDIUM));
@@ -364,7 +365,7 @@ TEST(CanonicalCookieTest, IsDomainMatch) {
   base::Time creation_time = base::Time::Now();
   CookieOptions options;
 
-  scoped_ptr<CanonicalCookie> cookie(
+  std::unique_ptr<CanonicalCookie> cookie(
       CanonicalCookie::Create(url, "A=2", creation_time, options));
   EXPECT_TRUE(cookie->IsHostCookie());
   EXPECT_TRUE(cookie->IsDomainMatch("www.example.com"));
@@ -395,7 +396,7 @@ TEST(CanonicalCookieTest, IsOnPath) {
   base::Time creation_time = base::Time::Now();
   CookieOptions options;
 
-  scoped_ptr<CanonicalCookie> cookie(CanonicalCookie::Create(
+  std::unique_ptr<CanonicalCookie> cookie(CanonicalCookie::Create(
       GURL("http://www.example.com"), "A=2", creation_time, options));
   EXPECT_TRUE(cookie->IsOnPath("/"));
   EXPECT_TRUE(cookie->IsOnPath("/test"));
@@ -417,7 +418,7 @@ TEST(CanonicalCookieTest, IncludeForRequestURL) {
   base::Time creation_time = base::Time::Now();
   CookieOptions options;
 
-  scoped_ptr<CanonicalCookie> cookie(
+  std::unique_ptr<CanonicalCookie> cookie(
       CanonicalCookie::Create(url, "A=2", creation_time, options));
   EXPECT_TRUE(cookie->IncludeForRequestURL(url, options));
   EXPECT_TRUE(cookie->IncludeForRequestURL(
@@ -460,7 +461,7 @@ TEST(CanonicalCookieTest, IncludeSameSiteForSameSiteURL) {
   GURL url("https://example.test");
   base::Time creation_time = base::Time::Now();
   CookieOptions options;
-  scoped_ptr<CanonicalCookie> cookie;
+  std::unique_ptr<CanonicalCookie> cookie;
 
   // `SameSite=Strict` cookies are included for a URL only if the options'
   // SameSiteCookieMode is INCLUDE_STRICT_AND_LAX.
@@ -497,11 +498,11 @@ TEST(CanonicalCookieTest, PartialCompare) {
   GURL url("http://www.example.com");
   base::Time creation_time = base::Time::Now();
   CookieOptions options;
-  scoped_ptr<CanonicalCookie> cookie(
+  std::unique_ptr<CanonicalCookie> cookie(
       CanonicalCookie::Create(url, "a=b", creation_time, options));
-  scoped_ptr<CanonicalCookie> cookie_different_path(
+  std::unique_ptr<CanonicalCookie> cookie_different_path(
       CanonicalCookie::Create(url, "a=b; path=/foo", creation_time, options));
-  scoped_ptr<CanonicalCookie> cookie_different_value(
+  std::unique_ptr<CanonicalCookie> cookie_different_value(
       CanonicalCookie::Create(url, "a=c", creation_time, options));
 
   // Cookie is equivalent to itself.
@@ -524,11 +525,11 @@ TEST(CanonicalCookieTest, FullCompare) {
   GURL url("http://www.example.com");
   base::Time creation_time = base::Time::Now();
   CookieOptions options;
-  scoped_ptr<CanonicalCookie> cookie(
+  std::unique_ptr<CanonicalCookie> cookie(
       CanonicalCookie::Create(url, "a=b", creation_time, options));
-  scoped_ptr<CanonicalCookie> cookie_different_path(
+  std::unique_ptr<CanonicalCookie> cookie_different_path(
       CanonicalCookie::Create(url, "a=b; path=/foo", creation_time, options));
-  scoped_ptr<CanonicalCookie> cookie_different_value(
+  std::unique_ptr<CanonicalCookie> cookie_different_value(
       CanonicalCookie::Create(url, "a=c", creation_time, options));
 
   // Cookie is equivalent to itself.
@@ -638,13 +639,13 @@ TEST(CanonicalCookieTest, EnforceSecureCookiesRequireSecureScheme) {
   CookieOptions options;
   options.set_enforce_strict_secure();
 
-  scoped_ptr<CanonicalCookie> http_cookie_no_secure(
+  std::unique_ptr<CanonicalCookie> http_cookie_no_secure(
       CanonicalCookie::Create(http_url, "a=b", creation_time, options));
-  scoped_ptr<CanonicalCookie> http_cookie_secure(
+  std::unique_ptr<CanonicalCookie> http_cookie_secure(
       CanonicalCookie::Create(http_url, "a=b; Secure", creation_time, options));
-  scoped_ptr<CanonicalCookie> https_cookie_no_secure(
+  std::unique_ptr<CanonicalCookie> https_cookie_no_secure(
       CanonicalCookie::Create(https_url, "a=b", creation_time, options));
-  scoped_ptr<CanonicalCookie> https_cookie_secure(CanonicalCookie::Create(
+  std::unique_ptr<CanonicalCookie> https_cookie_secure(CanonicalCookie::Create(
       https_url, "a=b; Secure", creation_time, options));
 
   EXPECT_TRUE(http_cookie_no_secure.get());
@@ -652,19 +653,19 @@ TEST(CanonicalCookieTest, EnforceSecureCookiesRequireSecureScheme) {
   EXPECT_TRUE(https_cookie_no_secure.get());
   EXPECT_TRUE(https_cookie_secure.get());
 
-  scoped_ptr<CanonicalCookie> http_cookie_no_secure_extended(
+  std::unique_ptr<CanonicalCookie> http_cookie_no_secure_extended(
       CanonicalCookie::Create(
           http_url, "a", "b", "", "", creation_time, creation_time, false,
           false, CookieSameSite::STRICT_MODE, true, COOKIE_PRIORITY_DEFAULT));
-  scoped_ptr<CanonicalCookie> http_cookie_secure_extended(
+  std::unique_ptr<CanonicalCookie> http_cookie_secure_extended(
       CanonicalCookie::Create(
           http_url, "a", "b", "", "", creation_time, creation_time, true, false,
           CookieSameSite::STRICT_MODE, true, COOKIE_PRIORITY_DEFAULT));
-  scoped_ptr<CanonicalCookie> https_cookie_no_secure_extended(
+  std::unique_ptr<CanonicalCookie> https_cookie_no_secure_extended(
       CanonicalCookie::Create(
           https_url, "a", "b", "", "", creation_time, creation_time, false,
           false, CookieSameSite::STRICT_MODE, true, COOKIE_PRIORITY_DEFAULT));
-  scoped_ptr<CanonicalCookie> https_cookie_secure_extended(
+  std::unique_ptr<CanonicalCookie> https_cookie_secure_extended(
       CanonicalCookie::Create(
           https_url, "a", "b", "", "", creation_time, creation_time, true,
           false, CookieSameSite::STRICT_MODE, true, COOKIE_PRIORITY_DEFAULT));
diff --git a/chromium/net/cookies/cookie_monster.cc b/chromium/net/cookies/cookie_monster.cc
index 75c62667dda..3d7124d502e 100644
--- a/chromium/net/cookies/cookie_monster.cc
+++ b/chromium/net/cookies/cookie_monster.cc
@@ -46,6 +46,7 @@
 
 #include <algorithm>
 #include <functional>
+#include <memory>
 #include <set>
 
 #include "base/bind.h"
@@ -53,14 +54,14 @@
 #include "base/location.h"
 #include "base/logging.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
+#include "base/memory/ptr_util.h"
 #include "base/metrics/field_trial.h"
 #include "base/metrics/histogram.h"
 #include "base/profiler/scoped_tracker.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/registry_controlled_domains/registry_controlled_domain.h"
 #include "net/cookies/canonical_cookie.h"
 #include "net/cookies/cookie_util.h"
@@ -308,6 +309,55 @@ void RunAsync(scoped_refptr<base::TaskRunner> proxy,
   proxy->PostTask(FROM_HERE, base::Bind(callback, cookie, removed));
 }
 
+size_t CountProtectedSecureCookiesAtPriority(
+    CookiePriority priority,
+    CookieMonster::CookieItVector* cookies) {
+  size_t num_protected_secure_cookies = 0;
+  for (const auto& cookie : *cookies) {
+    if (!cookie->second->IsSecure())
+      continue;
+    // 1) At low-priority, only low-priority secure cookies are protected as
+    //    part of the quota.
+    // 2) At medium-priority, only medium-priority secure cookies are protected
+    //    as part of the quota (low-priority secure cookies may be deleted).
+    // 3) At high-priority, medium-priority and high-priority secure cookies are
+    //    protected as part of the quota (low-priority secure cookies may be
+    //    deleted).
+    CookiePriority cookie_priority = cookie->second->Priority();
+    switch (cookie_priority) {
+      case COOKIE_PRIORITY_LOW:
+        if (priority == COOKIE_PRIORITY_LOW)
+          num_protected_secure_cookies++;
+        break;
+      case COOKIE_PRIORITY_MEDIUM:
+      case COOKIE_PRIORITY_HIGH:
+        if (cookie_priority <= priority)
+          num_protected_secure_cookies++;
+        break;
+    }
+  }
+
+  return num_protected_secure_cookies;
+}
+
+bool IsCookieEligibleForEviction(CookiePriority current_priority_level,
+                                 bool protect_secure_cookies,
+                                 const CanonicalCookie* cookie) {
+  if (!cookie->IsSecure() || !protect_secure_cookies)
+    return cookie->Priority() <= current_priority_level;
+
+  // Special consideration has to be given for low-priority secure cookies since
+  // they are given lower prority than non-secure medium-priority and non-secure
+  // high-priority cookies. Thus, low-priority secure cookies may be evicted at
+  // a medium and high value of |current_priority_level|. Put another way,
+  // low-priority secure cookies are only protected when the current priority
+  // level is low.
+  if (current_priority_level == COOKIE_PRIORITY_LOW)
+    return false;
+
+  return cookie->Priority() == COOKIE_PRIORITY_LOW;
+}
+
 }  // namespace
 
 CookieMonster::CookieMonster(PersistentCookieStore* store,
@@ -592,37 +642,38 @@ int CookieMonster::DeleteAllCreatedBetweenTask::RunDeleteTask() {
                                                          delete_end_);
 }
 
-// Task class for DeleteAllCreatedBetweenForHost call.
-class CookieMonster::DeleteAllCreatedBetweenForHostTask
+// Task class for DeleteAllCreatedBetweenWithPredicate call.
+class CookieMonster::DeleteAllCreatedBetweenWithPredicateTask
     : public DeleteTask<int> {
  public:
-  DeleteAllCreatedBetweenForHostTask(CookieMonster* cookie_monster,
-                                     Time delete_begin,
-                                     Time delete_end,
-                                     const GURL& url,
-                                     const DeleteCallback& callback)
+  DeleteAllCreatedBetweenWithPredicateTask(
+      CookieMonster* cookie_monster,
+      Time delete_begin,
+      Time delete_end,
+      base::Callback<bool(const CanonicalCookie&)> predicate,
+      const DeleteCallback& callback)
       : DeleteTask<int>(cookie_monster, callback),
         delete_begin_(delete_begin),
         delete_end_(delete_end),
-        url_(url) {}
+        predicate_(predicate) {}
 
   // DeleteTask:
   int RunDeleteTask() override;
 
  protected:
-  ~DeleteAllCreatedBetweenForHostTask() override {}
+  ~DeleteAllCreatedBetweenWithPredicateTask() override {}
 
  private:
   Time delete_begin_;
   Time delete_end_;
-  GURL url_;
+  base::Callback<bool(const CanonicalCookie&)> predicate_;
 
-  DISALLOW_COPY_AND_ASSIGN(DeleteAllCreatedBetweenForHostTask);
+  DISALLOW_COPY_AND_ASSIGN(DeleteAllCreatedBetweenWithPredicateTask);
 };
 
-int CookieMonster::DeleteAllCreatedBetweenForHostTask::RunDeleteTask() {
-  return this->cookie_monster()->DeleteAllCreatedBetweenForHost(
-      delete_begin_, delete_end_, url_);
+int CookieMonster::DeleteAllCreatedBetweenWithPredicateTask::RunDeleteTask() {
+  return this->cookie_monster()->DeleteAllCreatedBetweenWithPredicate(
+      delete_begin_, delete_end_, predicate_);
 }
 
 // Task class for DeleteCanonicalCookie call.
@@ -923,16 +974,19 @@ void CookieMonster::DeleteAllCreatedBetweenAsync(
   DoCookieTask(task);
 }
 
-void CookieMonster::DeleteAllCreatedBetweenForHostAsync(
-    const Time delete_begin,
-    const Time delete_end,
-    const GURL& url,
+void CookieMonster::DeleteAllCreatedBetweenWithPredicateAsync(
+    const Time& delete_begin,
+    const Time& delete_end,
+    const base::Callback<bool(const CanonicalCookie&)>& predicate,
     const DeleteCallback& callback) {
-  scoped_refptr<DeleteAllCreatedBetweenForHostTask> task =
-      new DeleteAllCreatedBetweenForHostTask(this, delete_begin, delete_end,
-                                             url, callback);
-
-  DoCookieTaskForURL(task, url);
+  if (predicate.is_null()) {
+    callback.Run(0);
+    return;
+  }
+  scoped_refptr<DeleteAllCreatedBetweenWithPredicateTask> task =
+      new DeleteAllCreatedBetweenWithPredicateTask(
+          this, delete_begin, delete_end, predicate, callback);
+  DoCookieTask(task);
 }
 
 void CookieMonster::DeleteSessionCookiesAsync(
@@ -974,7 +1028,7 @@ const char* const CookieMonster::kDefaultCookieableSchemes[] = {"http", "https",
 const int CookieMonster::kDefaultCookieableSchemesCount =
     arraysize(kDefaultCookieableSchemes);
 
-scoped_ptr<CookieStore::CookieChangedSubscription>
+std::unique_ptr<CookieStore::CookieChangedSubscription>
 CookieMonster::AddCallbackForCookie(const GURL& gurl,
                                     const std::string& name,
                                     const CookieChangedCallback& callback) {
@@ -1033,7 +1087,7 @@ bool CookieMonster::SetCookieWithDetails(const GURL& url,
     last_time_seen_ = actual_creation_time;
   }
 
-  scoped_ptr<CanonicalCookie> cc(CanonicalCookie::Create(
+  std::unique_ptr<CanonicalCookie> cc(CanonicalCookie::Create(
       url, name, value, domain, path, actual_creation_time, expiration_time,
       secure, http_only, same_site, enforce_strict_secure, priority));
 
@@ -1125,42 +1179,30 @@ int CookieMonster::DeleteAllCreatedBetween(const Time& delete_begin,
   return num_deleted;
 }
 
-int CookieMonster::DeleteAllCreatedBetweenForHost(const Time delete_begin,
-                                                  const Time delete_end,
-                                                  const GURL& url) {
-  DCHECK(thread_checker_.CalledOnValidThread());
-
-  if (!HasCookieableScheme(url))
-    return 0;
-
-  const std::string host(url.host());
-
-  // We store host cookies in the store by their canonical host name;
-  // domain cookies are stored with a leading ".".  So this is a pretty
-  // simple lookup and per-cookie delete.
+int CookieMonster::DeleteAllCreatedBetweenWithPredicate(
+    const base::Time& delete_begin,
+    const base::Time& delete_end,
+    const base::Callback<bool(const CanonicalCookie&)>& predicate) {
   int num_deleted = 0;
-  for (CookieMapItPair its = cookies_.equal_range(GetKey(host));
-       its.first != its.second;) {
-    CookieMap::iterator curit = its.first;
-    ++its.first;
-
-    const CanonicalCookie* const cc = curit->second;
+  for (CookieMap::iterator it = cookies_.begin(); it != cookies_.end();) {
+    CookieMap::iterator curit = it;
+    CanonicalCookie* cc = curit->second;
+    ++it;
 
-    // Delete only on a match as a host cookie.
-    if (cc->IsHostCookie() && cc->IsDomainMatch(host) &&
-        cc->CreationDate() >= delete_begin &&
+    if (cc->CreationDate() >= delete_begin &&
         // The assumption that null |delete_end| is equivalent to
         // Time::Max() is confusing.
-        (delete_end.is_null() || cc->CreationDate() < delete_end)) {
-      num_deleted++;
-
-      InternalDeleteCookie(curit, true, DELETE_COOKIE_EXPLICIT);
+        (delete_end.is_null() || cc->CreationDate() < delete_end) &&
+        predicate.Run(*cc)) {
+      InternalDeleteCookie(curit, true, /*sync_to_store*/
+                           DELETE_COOKIE_EXPLICIT);
+      ++num_deleted;
     }
   }
+
   return num_deleted;
 }
 
-
 bool CookieMonster::SetCookieWithOptions(const GURL& url,
                                          const std::string& cookie_line,
                                          const CookieOptions& options) {
@@ -1727,7 +1769,7 @@ bool CookieMonster::SetCookieWithCreationTimeAndOptions(
     last_time_seen_ = creation_time;
   }
 
-  scoped_ptr<CanonicalCookie> cc(
+  std::unique_ptr<CanonicalCookie> cc(
       CanonicalCookie::Create(url, cookie_line, creation_time, options));
 
   if (!cc.get()) {
@@ -1737,7 +1779,7 @@ bool CookieMonster::SetCookieWithCreationTimeAndOptions(
   return SetCanonicalCookie(std::move(cc), options);
 }
 
-bool CookieMonster::SetCanonicalCookie(scoped_ptr<CanonicalCookie> cc,
+bool CookieMonster::SetCanonicalCookie(std::unique_ptr<CanonicalCookie> cc,
                                        const CookieOptions& options) {
   DCHECK(thread_checker_.CalledOnValidThread());
 
@@ -1795,7 +1837,7 @@ bool CookieMonster::SetCanonicalCookies(const CookieList& list) {
   options.set_include_httponly();
 
   for (const auto& cookie : list) {
-    if (!SetCanonicalCookie(make_scoped_ptr(new CanonicalCookie(cookie)),
+    if (!SetCanonicalCookie(base::WrapUnique(new CanonicalCookie(cookie)),
                             options)) {
       return false;
     }
@@ -1877,15 +1919,6 @@ size_t CookieMonster::GarbageCollect(const Time& current,
     num_deleted +=
         GarbageCollectExpired(current, cookies_.equal_range(key), cookie_its);
 
-    // TODO(mkwst): Soften this.
-    CookieItVector secure_cookie_its;
-    if (enforce_strict_secure && cookie_its->size() > kDomainMaxCookies) {
-      VLOG(kVlogGarbageCollection) << "Garbage collecting non-Secure cookies.";
-      num_deleted +=
-          GarbageCollectNonSecure(non_expired_cookie_its, &secure_cookie_its);
-      cookie_its = &secure_cookie_its;
-    }
-
     if (cookie_its->size() > kDomainMaxCookies) {
       VLOG(kVlogGarbageCollection) << "Deep Garbage Collect domain.";
       size_t purge_goal =
@@ -1895,25 +1928,83 @@ size_t CookieMonster::GarbageCollect(const Time& current,
       // Sort the cookies by access date, from least-recent to most-recent.
       std::sort(cookie_its->begin(), cookie_its->end(), LRACookieSorter);
 
+      size_t additional_quota_low = kDomainCookiesQuotaLow;
+      size_t additional_quota_medium = kDomainCookiesQuotaMedium;
+      size_t additional_quota_high = kDomainCookiesQuotaHigh;
+
       // Remove all but the kDomainCookiesQuotaLow most-recently accessed
       // cookies with low-priority. Then, if cookies still need to be removed,
       // bump the quota and remove low- and medium-priority. Then, if cookies
       // _still_ need to be removed, bump the quota and remove cookies with
       // any priority.
-      const size_t kQuotas[3] = {kDomainCookiesQuotaLow,
-                                 kDomainCookiesQuotaMedium,
-                                 kDomainCookiesQuotaHigh};
+      //
+      // 1.  Low-priority non-secure cookies.
+      // 2.  Low-priority secure cookies.
+      // 3.  Medium-priority non-secure cookies.
+      // 4.  High-priority non-secure cookies.
+      // 5.  Medium-priority secure cookies.
+      // 6.  High-priority secure cookies.
+      const static struct {
+        CookiePriority priority;
+        bool protect_secure_cookies;
+      } purge_rounds[] = {
+          // 1.  Low-priority non-secure cookies.
+          {COOKIE_PRIORITY_LOW, true},
+          // 2.  Low-priority secure cookies.
+          {COOKIE_PRIORITY_LOW, false},
+          // 3.  Medium-priority non-secure cookies.
+          {COOKIE_PRIORITY_MEDIUM, true},
+          // 4.  High-priority non-secure cookies.
+          {COOKIE_PRIORITY_HIGH, true},
+          // 5.  Medium-priority secure cookies.
+          {COOKIE_PRIORITY_MEDIUM, false},
+          // 6.  High-priority secure cookies.
+          {COOKIE_PRIORITY_HIGH, false},
+      };
+
       size_t quota = 0;
-      for (size_t i = 0; i < arraysize(kQuotas) && purge_goal > 0; i++) {
-        quota += kQuotas[i];
-        size_t just_deleted = PurgeLeastRecentMatches(
-            cookie_its, static_cast<CookiePriority>(i), quota, purge_goal);
-        DCHECK_LE(just_deleted, purge_goal);
-        purge_goal -= just_deleted;
-        num_deleted += just_deleted;
+      for (const auto& purge_round : purge_rounds) {
+        // Only observe the non-secure purge rounds if strict secure cookies is
+        // enabled.
+        if (!enforce_strict_secure && purge_round.protect_secure_cookies)
+          continue;
+
+        // Only adjust the quota if the round is executing, otherwise it is
+        // necesary to delay quota adjustments until a later round. This is
+        // because if the high priority, non-secure round is skipped, its quota
+        // should not count until the later high priority, full round later.
+        size_t* additional_quota = nullptr;
+        switch (purge_round.priority) {
+          case COOKIE_PRIORITY_LOW:
+            additional_quota = &additional_quota_low;
+            break;
+          case COOKIE_PRIORITY_MEDIUM:
+            additional_quota = &additional_quota_medium;
+            break;
+          case COOKIE_PRIORITY_HIGH:
+            additional_quota = &additional_quota_high;
+            break;
+        }
+        quota += *additional_quota;
+        *additional_quota = 0u;
+        size_t just_deleted = 0u;
+
+        // Purge up to |purge_goal| for all cookies at the given priority. This
+        // path will always execute if strict secure cookies is disabled since
+        // |purge_goal| must be positive because of the for-loop guard. If
+        // strict secure cookies is enabled, this path will be taken only if the
+        // initial non-secure purge did not evict enough cookies.
+        if (purge_goal > 0) {
+          just_deleted = PurgeLeastRecentMatches(
+              cookie_its, purge_round.priority, quota, purge_goal,
+              purge_round.protect_secure_cookies);
+          DCHECK_LE(just_deleted, purge_goal);
+          purge_goal -= just_deleted;
+          num_deleted += just_deleted;
+        }
       }
 
-      DCHECK_EQ(0U, purge_goal);
+      DCHECK_EQ(0u, purge_goal);
     }
   }
 
@@ -1963,12 +2054,21 @@ size_t CookieMonster::GarbageCollect(const Time& current,
 size_t CookieMonster::PurgeLeastRecentMatches(CookieItVector* cookies,
                                               CookiePriority priority,
                                               size_t to_protect,
-                                              size_t purge_goal) {
+                                              size_t purge_goal,
+                                              bool protect_secure_cookies) {
   DCHECK(thread_checker_.CalledOnValidThread());
 
   // Find the first protected cookie by walking down from the end of the list
   // cookie list (most-recently accessed) until |to_protect| cookies that match
   // |priority| are found.
+  //
+  // If |protect_secure_cookies| is true, do a first pass that counts eligible
+  // secure cookies at the specified priority as protected.
+  if (protect_secure_cookies) {
+    to_protect -= std::min(
+        to_protect, CountProtectedSecureCookiesAtPriority(priority, cookies));
+  }
+
   size_t protection_boundary = cookies->size();
   while (to_protect > 0 && protection_boundary > 0) {
     protection_boundary--;
@@ -1982,7 +2082,12 @@ size_t CookieMonster::PurgeLeastRecentMatches(CookieItVector* cookies,
   size_t removed = 0;
   size_t current = 0;
   while (removed < purge_goal && current < protection_boundary) {
-    if (cookies->at(current)->second->Priority() <= priority) {
+    const CanonicalCookie* current_cookie = cookies->at(current)->second;
+    // Only delete the current cookie if the priority is less than or equal to
+    // the current level. If it is equal to the current level, and secure
+    // cookies are protected, only delete it if it is not secure.
+    if (IsCookieEligibleForEviction(priority, protect_secure_cookies,
+                                    current_cookie)) {
       InternalDeleteCookie(cookies->at(current), true,
                            DELETE_COOKIE_EVICTED_DOMAIN);
       cookies->erase(cookies->begin() + current);
@@ -2020,24 +2125,6 @@ size_t CookieMonster::GarbageCollectExpired(const Time& current,
   return num_deleted;
 }
 
-size_t CookieMonster::GarbageCollectNonSecure(
-    const CookieItVector& valid_cookies,
-    CookieItVector* cookie_its) {
-  DCHECK(thread_checker_.CalledOnValidThread());
-
-  size_t num_deleted = 0;
-  for (const auto& curr_cookie_it : valid_cookies) {
-    if (!curr_cookie_it->second->IsSecure()) {
-      InternalDeleteCookie(curr_cookie_it, true, DELETE_COOKIE_NON_SECURE);
-      ++num_deleted;
-    } else if (cookie_its) {
-      cookie_its->push_back(curr_cookie_it);
-    }
-  }
-
-  return num_deleted;
-}
-
 size_t CookieMonster::GarbageCollectDeleteRange(
     const Time& current,
     DeletionCause cause,
diff --git a/chromium/net/cookies/cookie_monster.h b/chromium/net/cookies/cookie_monster.h
index 747ffdd5d9b..850ad9422b8 100644
--- a/chromium/net/cookies/cookie_monster.h
+++ b/chromium/net/cookies/cookie_monster.h
@@ -12,6 +12,7 @@
 
 #include <deque>
 #include <map>
+#include <memory>
 #include <queue>
 #include <set>
 #include <string>
@@ -23,7 +24,6 @@
 #include "base/macros.h"
 #include "base/memory/linked_ptr.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "base/threading/thread_checker.h"
 #include "base/time/time.h"
@@ -180,10 +180,10 @@ class NET_EXPORT CookieMonster : public CookieStore {
   void DeleteAllCreatedBetweenAsync(const base::Time& delete_begin,
                                     const base::Time& delete_end,
                                     const DeleteCallback& callback) override;
-  void DeleteAllCreatedBetweenForHostAsync(
-      const base::Time delete_begin,
-      const base::Time delete_end,
-      const GURL& url,
+  void DeleteAllCreatedBetweenWithPredicateAsync(
+      const base::Time& delete_begin,
+      const base::Time& delete_end,
+      const base::Callback<bool(const CanonicalCookie&)>& predicate,
       const DeleteCallback& callback) override;
   void DeleteSessionCookiesAsync(const DeleteCallback&) override;
   void FlushStore(const base::Closure& callback) override;
@@ -207,7 +207,7 @@ class NET_EXPORT CookieMonster : public CookieStore {
   static const char* const kDefaultCookieableSchemes[];
   static const int kDefaultCookieableSchemesCount;
 
-  scoped_ptr<CookieChangedSubscription> AddCallbackForCookie(
+  std::unique_ptr<CookieChangedSubscription> AddCallbackForCookie(
       const GURL& url,
       const std::string& name,
       const CookieChangedCallback& callback) override;
@@ -220,7 +220,7 @@ class NET_EXPORT CookieMonster : public CookieStore {
   template <typename Result>
   class DeleteTask;
   class DeleteAllCreatedBetweenTask;
-  class DeleteAllCreatedBetweenForHostTask;
+  class DeleteAllCreatedBetweenWithPredicateTask;
   class DeleteCookieTask;
   class DeleteCanonicalCookieTask;
   class GetCookieListForURLWithOptionsTask;
@@ -236,6 +236,9 @@ class NET_EXPORT CookieMonster : public CookieStore {
   // For SetCookieWithCreationTime.
   FRIEND_TEST_ALL_PREFIXES(CookieMonsterTest,
                            TestCookieDeleteAllCreatedBetweenTimestamps);
+  FRIEND_TEST_ALL_PREFIXES(
+      CookieMonsterTest,
+      TestCookieDeleteAllCreatedBetweenTimestampsWithPredicate);
 
   // For gargage collection constants.
   FRIEND_TEST_ALL_PREFIXES(CookieMonsterTest, TestHostGarbageCollection);
@@ -403,9 +406,11 @@ class NET_EXPORT CookieMonster : public CookieStore {
   int DeleteAllCreatedBetween(const base::Time& delete_begin,
                               const base::Time& delete_end);
 
-  int DeleteAllCreatedBetweenForHost(const base::Time delete_begin,
-                                     const base::Time delete_end,
-                                     const GURL& url);
+  // Predicate will be called with the calling thread.
+  int DeleteAllCreatedBetweenWithPredicate(
+      const base::Time& delete_begin,
+      const base::Time& delete_end,
+      const base::Callback<bool(const CanonicalCookie&)>& predicate);
 
   bool SetCookieWithOptions(const GURL& url,
                             const std::string& cookie_line,
@@ -511,7 +516,7 @@ class NET_EXPORT CookieMonster : public CookieStore {
 
   // Helper function that sets a canonical cookie, deleting equivalents and
   // performing garbage collection.
-  bool SetCanonicalCookie(scoped_ptr<CanonicalCookie> cc,
+  bool SetCanonicalCookie(std::unique_ptr<CanonicalCookie> cc,
                           const CookieOptions& options);
 
   // Helper function calling SetCanonicalCookie() for all cookies in |list|.
@@ -541,6 +546,8 @@ class NET_EXPORT CookieMonster : public CookieStore {
   // Helper for GarbageCollect(). Deletes up to |purge_goal| cookies with a
   // priority less than or equal to |priority| from |cookies|, while ensuring
   // that at least the |to_protect| most-recent cookies are retained.
+  // |protected_secure_cookies| specifies whether or not secure cookies should
+  // be protected from deletion.
   //
   // |cookies| must be sorted from least-recent to most-recent.
   //
@@ -548,7 +555,8 @@ class NET_EXPORT CookieMonster : public CookieStore {
   size_t PurgeLeastRecentMatches(CookieItVector* cookies,
                                  CookiePriority priority,
                                  size_t to_protect,
-                                 size_t purge_goal);
+                                 size_t purge_goal,
+                                 bool protect_secure_cookies);
 
   // Helper for GarbageCollect(); can be called directly as well.  Deletes all
   // expired cookies in |itpair|.  If |cookie_its| is non-NULL, all the
@@ -559,14 +567,6 @@ class NET_EXPORT CookieMonster : public CookieStore {
                                const CookieMapItPair& itpair,
                                CookieItVector* cookie_its);
 
-  // Helper for GarbageCollect(). Deletes all cookies not marked Secure in
-  // |valid_cookies_its|.  If |cookie_its| is non-NULL, all the Secure cookies
-  // from |itpair| are appended to |cookie_its|.
-  //
-  // Returns the numeber of cookies deleted.
-  size_t GarbageCollectNonSecure(const CookieItVector& valid_cookies,
-                                 CookieItVector* cookie_its);
-
   // Helper for GarbageCollect(). Deletes all cookies in the range specified by
   // [|it_begin|, |it_end|). Returns the number of cookies deleted.
   size_t GarbageCollectDeleteRange(const base::Time& current,
diff --git a/chromium/net/cookies/cookie_monster_perftest.cc b/chromium/net/cookies/cookie_monster_perftest.cc
index 1dcb2769733..c56bef6783f 100644
--- a/chromium/net/cookies/cookie_monster_perftest.cc
+++ b/chromium/net/cookies/cookie_monster_perftest.cc
@@ -3,10 +3,10 @@
 // found in the LICENSE file.
 
 #include <algorithm>
+#include <memory>
 
 #include "base/bind.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/message_loop/message_loop.h"
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
@@ -35,7 +35,7 @@ class CookieMonsterTest : public testing::Test {
   CookieMonsterTest() : message_loop_(new base::MessageLoopForIO()) {}
 
  private:
-  scoped_ptr<base::MessageLoop> message_loop_;
+  std::unique_ptr<base::MessageLoop> message_loop_;
 };
 
 class BaseCallback {
@@ -121,7 +121,7 @@ TEST(ParsedCookieTest, TestParseBigCookies) {
 }
 
 TEST_F(CookieMonsterTest, TestAddCookiesOnSingleHost) {
-  scoped_ptr<CookieMonster> cm(new CookieMonster(nullptr, nullptr));
+  std::unique_ptr<CookieMonster> cm(new CookieMonster(nullptr, nullptr));
   std::vector<std::string> cookies;
   for (int i = 0; i < kNumCookies; i++) {
     cookies.push_back(base::StringPrintf("a%03d=b", i));
@@ -154,7 +154,7 @@ TEST_F(CookieMonsterTest, TestAddCookiesOnSingleHost) {
 }
 
 TEST_F(CookieMonsterTest, TestAddCookieOnManyHosts) {
-  scoped_ptr<CookieMonster> cm(new CookieMonster(nullptr, nullptr));
+  std::unique_ptr<CookieMonster> cm(new CookieMonster(nullptr, nullptr));
   std::string cookie(kCookieLine);
   std::vector<GURL> gurls;  // just wanna have ffffuunnn
   for (int i = 0; i < kNumCookies; ++i) {
@@ -187,7 +187,7 @@ TEST_F(CookieMonsterTest, TestAddCookieOnManyHosts) {
 }
 
 TEST_F(CookieMonsterTest, TestDomainTree) {
-  scoped_ptr<CookieMonster> cm(new CookieMonster(nullptr, nullptr));
+  std::unique_ptr<CookieMonster> cm(new CookieMonster(nullptr, nullptr));
   GetCookiesCallback getCookiesCallback;
   SetCookieCallback setCookieCallback;
   const char domain_cookie_format_tree[] = "a=b; domain=%s";
@@ -240,7 +240,7 @@ TEST_F(CookieMonsterTest, TestDomainTree) {
 }
 
 TEST_F(CookieMonsterTest, TestDomainLine) {
-  scoped_ptr<CookieMonster> cm(new CookieMonster(nullptr, nullptr));
+  std::unique_ptr<CookieMonster> cm(new CookieMonster(nullptr, nullptr));
   SetCookieCallback setCookieCallback;
   GetCookiesCallback getCookiesCallback;
   std::vector<std::string> domain_list;
@@ -301,7 +301,7 @@ TEST_F(CookieMonsterTest, TestImport) {
 
   store->SetLoadExpectation(true, initial_cookies);
 
-  scoped_ptr<CookieMonster> cm(new CookieMonster(store.get(), nullptr));
+  std::unique_ptr<CookieMonster> cm(new CookieMonster(store.get(), nullptr));
 
   // Import will happen on first access.
   GURL gurl("www.google.com");
@@ -315,7 +315,7 @@ TEST_F(CookieMonsterTest, TestImport) {
 }
 
 TEST_F(CookieMonsterTest, TestGetKey) {
-  scoped_ptr<CookieMonster> cm(new CookieMonster(nullptr, nullptr));
+  std::unique_ptr<CookieMonster> cm(new CookieMonster(nullptr, nullptr));
   base::PerfTimeLogger timer("Cookie_monster_get_key");
   for (int i = 0; i < kNumCookies; i++)
     cm->GetKey("www.google.com");
@@ -371,7 +371,7 @@ TEST_F(CookieMonsterTest, TestGCTimes) {
   };
   for (int ci = 0; ci < static_cast<int>(arraysize(test_cases)); ++ci) {
     const TestCase& test_case(test_cases[ci]);
-    scoped_ptr<CookieMonster> cm = CreateMonsterFromStoreForGC(
+    std::unique_ptr<CookieMonster> cm = CreateMonsterFromStoreForGC(
         test_case.num_cookies, test_case.num_old_cookies, 0, 0,
         CookieMonster::kSafeFromGlobalPurgeDays * 2);
 
diff --git a/chromium/net/cookies/cookie_monster_store_test.cc b/chromium/net/cookies/cookie_monster_store_test.cc
index 4573d4ad881..9d825900029 100644
--- a/chromium/net/cookies/cookie_monster_store_test.cc
+++ b/chromium/net/cookies/cookie_monster_store_test.cc
@@ -6,9 +6,10 @@
 
 #include "base/bind.h"
 #include "base/location.h"
+#include "base/memory/ptr_util.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/stringprintf.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/time/time.h"
 #include "net/cookies/cookie_constants.h"
 #include "net/cookies/cookie_util.h"
@@ -123,7 +124,7 @@ void MockCookieMonsterDelegate::OnCookieChanged(
 MockCookieMonsterDelegate::~MockCookieMonsterDelegate() {
 }
 
-scoped_ptr<CanonicalCookie> BuildCanonicalCookie(
+std::unique_ptr<CanonicalCookie> BuildCanonicalCookie(
     const GURL& url,
     const std::string& cookie_line,
     const base::Time& creation_time) {
@@ -151,7 +152,7 @@ void AddCookieToList(const GURL& url,
                      const std::string& cookie_line,
                      const base::Time& creation_time,
                      std::vector<CanonicalCookie*>* out_list) {
-  scoped_ptr<CanonicalCookie> cookie(
+  std::unique_ptr<CanonicalCookie> cookie(
       BuildCanonicalCookie(url, cookie_line, creation_time));
 
   out_list->push_back(cookie.release());
@@ -219,7 +220,7 @@ void MockSimplePersistentCookieStore::Flush(const base::Closure& callback) {
 void MockSimplePersistentCookieStore::SetForceKeepSessionState() {
 }
 
-scoped_ptr<CookieMonster> CreateMonsterFromStoreForGC(
+std::unique_ptr<CookieMonster> CreateMonsterFromStoreForGC(
     int num_secure_cookies,
     int num_old_secure_cookies,
     int num_non_secure_cookies,
@@ -258,7 +259,7 @@ scoped_ptr<CookieMonster> CreateMonsterFromStoreForGC(
     store->AddCookie(cc);
   }
 
-  return make_scoped_ptr(new CookieMonster(store.get(), nullptr));
+  return base::WrapUnique(new CookieMonster(store.get(), nullptr));
 }
 
 MockSimplePersistentCookieStore::~MockSimplePersistentCookieStore() {
diff --git a/chromium/net/cookies/cookie_monster_store_test.h b/chromium/net/cookies/cookie_monster_store_test.h
index aac83f82992..9145e184958 100644
--- a/chromium/net/cookies/cookie_monster_store_test.h
+++ b/chromium/net/cookies/cookie_monster_store_test.h
@@ -13,12 +13,12 @@
 #include <stdint.h>
 
 #include <map>
+#include <memory>
 #include <string>
 #include <utility>
 #include <vector>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/cookies/canonical_cookie.h"
 #include "net/cookies/cookie_monster.h"
 
@@ -168,7 +168,7 @@ class MockCookieMonsterDelegate : public CookieMonsterDelegate {
 };
 
 // Helper to build a single CanonicalCookie.
-scoped_ptr<CanonicalCookie> BuildCanonicalCookie(
+std::unique_ptr<CanonicalCookie> BuildCanonicalCookie(
     const GURL& url,
     const std::string& cookie_line,
     const base::Time& creation_time);
@@ -223,7 +223,7 @@ class MockSimplePersistentCookieStore
 // will be marked secure and non-secure, respectively. Do two SetCookies().
 // Return whether each of the two SetCookies() took longer than |gc_perf_micros|
 // to complete, and how many cookie were left in the store afterwards.
-scoped_ptr<CookieMonster> CreateMonsterFromStoreForGC(
+std::unique_ptr<CookieMonster> CreateMonsterFromStoreForGC(
     int num_secure_cookies,
     int num_old_secure_cookies,
     int num_non_secure_cookies,
diff --git a/chromium/net/cookies/cookie_monster_unittest.cc b/chromium/net/cookies/cookie_monster_unittest.cc
index 4665a0fc2ed..ab74c667f19 100644
--- a/chromium/net/cookies/cookie_monster_unittest.cc
+++ b/chromium/net/cookies/cookie_monster_unittest.cc
@@ -2,16 +2,17 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "net/cookies/cookie_store_unittest.h"
+#include "net/cookies/cookie_monster.h"
 
 #include <algorithm>
+#include <memory>
 #include <string>
 #include <vector>
 
 #include "base/bind.h"
 #include "base/location.h"
+#include "base/memory/ptr_util.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/message_loop/message_loop.h"
 #include "base/metrics/histogram.h"
 #include "base/metrics/histogram_samples.h"
@@ -22,13 +23,13 @@
 #include "base/strings/string_tokenizer.h"
 #include "base/strings/stringprintf.h"
 #include "base/test/histogram_tester.h"
-#include "base/thread_task_runner_handle.h"
 #include "base/threading/thread.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/time/time.h"
 #include "net/cookies/canonical_cookie.h"
 #include "net/cookies/cookie_constants.h"
-#include "net/cookies/cookie_monster.h"
 #include "net/cookies/cookie_monster_store_test.h"  // For CookieStore mock
+#include "net/cookies/cookie_store_unittest.h"
 #include "net/cookies/cookie_util.h"
 #include "net/cookies/parsed_cookie.h"
 #include "testing/gmock/include/gmock/gmock.h"
@@ -37,6 +38,7 @@
 
 namespace net {
 
+using CookiePredicate = CookieStore::CookiePredicate;
 using base::Time;
 using base::TimeDelta;
 
@@ -64,15 +66,39 @@ class NewMockPersistentCookieStore
   virtual ~NewMockPersistentCookieStore() {}
 };
 
+// False means 'less than or equal', so we test both ways for full equal.
+MATCHER_P(CookieEquals, expected, "") {
+  return !(arg.FullCompare(expected) || expected.FullCompare(arg));
+}
+
 const char kTopLevelDomainPlus1[] = "http://www.harvard.edu";
 const char kTopLevelDomainPlus2[] = "http://www.math.harvard.edu";
 const char kTopLevelDomainPlus2Secure[] = "https://www.math.harvard.edu";
 const char kTopLevelDomainPlus3[] = "http://www.bourbaki.math.harvard.edu";
 const char kOtherDomain[] = "http://www.mit.edu";
 
+bool AlwaysTrueCookiePredicate(CanonicalCookie* to_save,
+                               const CanonicalCookie& cookie) {
+  if (to_save)
+    *to_save = cookie;
+  return true;
+}
+
+bool AlwaysFalseCookiePredicate(CanonicalCookie* to_save,
+                                const CanonicalCookie& cookie) {
+  if (to_save)
+    *to_save = cookie;
+  return false;
+}
+
+bool CookieValuePredicate(const std::string& true_value,
+                          const CanonicalCookie& cookie) {
+  return cookie.Value() == true_value;
+}
+
 struct CookieMonsterTestTraits {
-  static scoped_ptr<CookieStore> Create() {
-    return make_scoped_ptr(new CookieMonster(nullptr, nullptr));
+  static std::unique_ptr<CookieStore> Create() {
+    return base::WrapUnique(new CookieMonster(nullptr, nullptr));
   }
 
   static const bool supports_http_only = true;
@@ -85,8 +111,8 @@ struct CookieMonsterTestTraits {
 };
 
 struct CookieMonsterEnforcingStrictSecure {
-  static scoped_ptr<CookieStore> Create() {
-    return make_scoped_ptr(new CookieMonster(nullptr, nullptr));
+  static std::unique_ptr<CookieStore> Create() {
+    return base::WrapUnique(new CookieMonster(nullptr, nullptr));
   }
 
   static const bool supports_http_only = true;
@@ -150,23 +176,23 @@ class CookieMonsterTestBase : public CookieStoreTest<T> {
     return callback.result();
   }
 
-  int DeleteAllCreatedBetweenForHost(CookieMonster* cm,
-                                     const base::Time delete_begin,
-                                     const base::Time delete_end,
-                                     const GURL& url) {
+  int DeleteAllCreatedBetweenWithPredicate(CookieMonster* cm,
+                                           const base::Time delete_begin,
+                                           const base::Time delete_end,
+                                           const CookiePredicate& predicate) {
     DCHECK(cm);
     ResultSavingCookieCallback<int> callback;
-    cm->DeleteAllCreatedBetweenForHostAsync(
-        delete_begin, delete_end, url,
+    cm->DeleteAllCreatedBetweenWithPredicateAsync(
+        delete_begin, delete_end, predicate,
         base::Bind(&ResultSavingCookieCallback<int>::Run,
                    base::Unretained(&callback)));
     callback.WaitUntilDone();
     return callback.result();
   }
 
-  // Helper for DeleteAllForHost test; repopulates CM with same layout
+  // Helper for PredicateSeesAllCookies test; repopulates CM with same layout
   // each time.
-  void PopulateCmForDeleteAllForHost(CookieMonster* cm) {
+  void PopulateCmForPredicateCheck(CookieMonster* cm) {
     GURL url_top_level_domain_plus_1(kTopLevelDomainPlus1);
     GURL url_top_level_domain_plus_2(kTopLevelDomainPlus2);
     GURL url_top_level_domain_plus_2_secure(kTopLevelDomainPlus2Secure);
@@ -186,72 +212,72 @@ class CookieMonsterTestBase : public CookieStoreTest<T> {
 
     // Domain cookies
     EXPECT_TRUE(this->SetCookieWithDetails(
-        cm, url_top_level_domain_plus_1, "dom_1", "X", ".harvard.edu", "/",
+        cm, url_top_level_domain_plus_1, "dom_1", "A", ".harvard.edu", "/",
         base::Time(), base::Time(), base::Time(), false, false,
         CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT));
     EXPECT_TRUE(this->SetCookieWithDetails(
-        cm, url_top_level_domain_plus_2, "dom_2", "X", ".math.harvard.edu", "/",
+        cm, url_top_level_domain_plus_2, "dom_2", "B", ".math.harvard.edu", "/",
         base::Time(), base::Time(), base::Time(), false, false,
         CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT));
     EXPECT_TRUE(this->SetCookieWithDetails(
-        cm, url_top_level_domain_plus_3, "dom_3", "X",
+        cm, url_top_level_domain_plus_3, "dom_3", "C",
         ".bourbaki.math.harvard.edu", "/", base::Time(), base::Time(),
         base::Time(), false, false, CookieSameSite::DEFAULT_MODE,
         COOKIE_PRIORITY_DEFAULT));
 
     // Host cookies
     EXPECT_TRUE(this->SetCookieWithDetails(
-        cm, url_top_level_domain_plus_1, "host_1", "X", std::string(), "/",
+        cm, url_top_level_domain_plus_1, "host_1", "A", std::string(), "/",
         base::Time(), base::Time(), base::Time(), false, false,
         CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT));
     EXPECT_TRUE(this->SetCookieWithDetails(
-        cm, url_top_level_domain_plus_2, "host_2", "X", std::string(), "/",
+        cm, url_top_level_domain_plus_2, "host_2", "B", std::string(), "/",
         base::Time(), base::Time(), base::Time(), false, false,
         CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT));
     EXPECT_TRUE(this->SetCookieWithDetails(
-        cm, url_top_level_domain_plus_3, "host_3", "X", std::string(), "/",
+        cm, url_top_level_domain_plus_3, "host_3", "C", std::string(), "/",
         base::Time(), base::Time(), base::Time(), false, false,
         CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT));
 
     // http_only cookie
     EXPECT_TRUE(this->SetCookieWithDetails(
-        cm, url_top_level_domain_plus_2, "httpo_check", "x", std::string(), "/",
+        cm, url_top_level_domain_plus_2, "httpo_check", "A", std::string(), "/",
         base::Time(), base::Time(), base::Time(), false, true,
         CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT));
 
     // same-site cookie
     EXPECT_TRUE(this->SetCookieWithDetails(
-        cm, url_top_level_domain_plus_2, "firstp_check", "x", std::string(),
+        cm, url_top_level_domain_plus_2, "firstp_check", "A", std::string(),
         "/", base::Time(), base::Time(), base::Time(), false, false,
         CookieSameSite::STRICT_MODE, COOKIE_PRIORITY_DEFAULT));
 
     // Secure cookies
     EXPECT_TRUE(this->SetCookieWithDetails(
-        cm, url_top_level_domain_plus_2_secure, "sec_dom", "X",
+        cm, url_top_level_domain_plus_2_secure, "sec_dom", "A",
         ".math.harvard.edu", "/", base::Time(), base::Time(), base::Time(),
         true, false, CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT));
     EXPECT_TRUE(this->SetCookieWithDetails(
-        cm, url_top_level_domain_plus_2_secure, "sec_host", "X", std::string(),
+        cm, url_top_level_domain_plus_2_secure, "sec_host", "B", std::string(),
         "/", base::Time(), base::Time(), base::Time(), true, false,
         CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT));
 
     // Domain path cookies
     EXPECT_TRUE(this->SetCookieWithDetails(
-        cm, url_top_level_domain_plus_2, "dom_path_1", "X", ".math.harvard.edu",
+        cm, url_top_level_domain_plus_2, "dom_path_1", "A", ".math.harvard.edu",
         "/dir1", base::Time(), base::Time(), base::Time(), false, false,
         CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT));
     EXPECT_TRUE(this->SetCookieWithDetails(
-        cm, url_top_level_domain_plus_2, "dom_path_2", "X", ".math.harvard.edu",
+        cm, url_top_level_domain_plus_2, "dom_path_2", "B", ".math.harvard.edu",
         "/dir1/dir2", base::Time(), base::Time(), base::Time(), false, false,
         CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT));
 
     // Host path cookies
     EXPECT_TRUE(this->SetCookieWithDetails(
-        cm, url_top_level_domain_plus_2, "host_path_1", "X", std::string(),
+        cm, url_top_level_domain_plus_2, "host_path_1", "A", std::string(),
         "/dir1", base::Time(), base::Time(), base::Time(), false, false,
         CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT));
     EXPECT_TRUE(this->SetCookieWithDetails(
-        cm, url_top_level_domain_plus_2, "host_path_2", "X", std::string(),
+        cm, url_top_level_domain_plus_2, "host_path_2", "B", std::string(),
         "/dir1/dir2", base::Time(), base::Time(), base::Time(), false, false,
         CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT));
 
@@ -284,7 +310,7 @@ class CookieMonsterTestBase : public CookieStoreTest<T> {
         (domain_max_cookies + domain_purge_cookies) * 2;
     // Add a bunch of cookies on a single host, should purge them.
     {
-      scoped_ptr<CookieMonster> cm(new CookieMonster(nullptr, nullptr));
+      std::unique_ptr<CookieMonster> cm(new CookieMonster(nullptr, nullptr));
       for (int i = 0; i < more_than_enough_cookies; ++i) {
         std::string cookie = base::StringPrintf("a%03d=b", i);
         EXPECT_TRUE(SetCookie(cm.get(), http_www_google_.url(), cookie));
@@ -302,7 +328,7 @@ class CookieMonsterTestBase : public CookieStoreTest<T> {
     // between them.  We shouldn't go above kDomainMaxCookies for both together.
     GURL url_google_specific(http_www_google_.Format("http://www.gmail.%D"));
     {
-      scoped_ptr<CookieMonster> cm(new CookieMonster(nullptr, nullptr));
+      std::unique_ptr<CookieMonster> cm(new CookieMonster(nullptr, nullptr));
       for (int i = 0; i < more_than_enough_cookies; ++i) {
         std::string cookie_general = base::StringPrintf("a%03d=b", i);
         EXPECT_TRUE(
@@ -348,11 +374,12 @@ class CookieMonsterTestBase : public CookieStoreTest<T> {
   // Instantiates a CookieMonster, adds multiple cookies (to http_www_google_)
   // with priorities specified by |coded_priority_str|, and tests priority-aware
   // domain cookie eviction.
-  // |coded_priority_str| specifies a run-length-encoded string of priorities.
-  // Example: "2M 3L M 4H" means "MMLLLMHHHH", and speicifies sequential (i.e.,
-  // from least- to most-recently accessed) insertion of 2 medium-priority
-  // cookies, 3 low-priority cookies, 1 medium-priority cookie, and 4
-  // high-priority cookies.
+  //
+  // Example: |coded_priority_string| of "2MN 3LS MN 4HN" specifies sequential
+  // (i.e., from least- to most-recently accessed) insertion of 2
+  // medium-priority non-secure cookies, 3 low-priority secure cookies, 1
+  // medium-priority non-secure cookie, and 4 high-priority non-secure cookies.
+  //
   // Within each priority, only the least-accessed cookies should be evicted.
   // Thus, to describe expected suriving cookies, it suffices to specify the
   // expected population of surviving cookies per priority, i.e.,
@@ -361,42 +388,55 @@ class CookieMonsterTestBase : public CookieStoreTest<T> {
                               const std::string& coded_priority_str,
                               size_t expected_low_count,
                               size_t expected_medium_count,
-                              size_t expected_high_count) {
+                              size_t expected_high_count,
+                              size_t expected_nonsecure,
+                              size_t expected_secure) {
     SCOPED_TRACE(coded_priority_str);
     this->DeleteAll(cm);
     int next_cookie_id = 0;
-    std::vector<CookiePriority> priority_list;
-    std::vector<int> id_list[3];  // Indexed by CookiePriority.
+    // A list of cookie IDs, indexed by secure status, then by priority.
+    std::vector<int> id_list[2][3];
+    // A list of all the cookies stored, along with their properties.
+    std::vector<std::pair<bool, CookiePriority>> cookie_data;
 
     // Parse |coded_priority_str| and add cookies.
     for (const std::string& token :
          base::SplitString(coded_priority_str, " ", base::TRIM_WHITESPACE,
                            base::SPLIT_WANT_ALL)) {
       DCHECK(!token.empty());
-      // Take last character as priority.
-      CookiePriority priority = CharToPriority(token.back());
-      std::string priority_str = CookiePriorityToString(priority);
-      // The rest of the string (possibly empty) specifies repetition.
+
+      bool is_secure = token[token.size() - 1] == 'S';
+
+      // The second-to-last character is the priority. Grab and discard it.
+      CookiePriority priority = CharToPriority(token[token.size() - 2]);
+
+      // Discard the security status and priority tokens. The rest of the string
+      // (possibly empty) specifies repetition.
       int rep = 1;
       if (!token.empty()) {
         bool result = base::StringToInt(
-            base::StringPiece(token.begin(), token.end() - 1), &rep);
+            base::StringPiece(token.begin(), token.end() - 2), &rep);
         DCHECK(result);
       }
       for (; rep > 0; --rep, ++next_cookie_id) {
-        std::string cookie = base::StringPrintf(
-            "a%d=b;priority=%s", next_cookie_id, priority_str.c_str());
-        EXPECT_TRUE(SetCookie(cm, http_www_google_.url(), cookie));
-        priority_list.push_back(priority);
-        id_list[priority].push_back(next_cookie_id);
+        std::string cookie =
+            base::StringPrintf("a%d=b;priority=%s;%s", next_cookie_id,
+                               CookiePriorityToString(priority).c_str(),
+                               is_secure ? "secure" : "");
+        EXPECT_TRUE(SetCookie(cm, https_www_google_.url(), cookie));
+        cookie_data.push_back(std::make_pair(is_secure, priority));
+        id_list[is_secure][priority].push_back(next_cookie_id);
       }
     }
 
-    int num_cookies = static_cast<int>(priority_list.size());
-    std::vector<int> surviving_id_list[3];  // Indexed by CookiePriority.
+    int num_cookies = static_cast<int>(cookie_data.size());
+    // A list of cookie IDs, indexed by secure status, then by priority.
+    std::vector<int> surviving_id_list[2][3];
 
     // Parse the list of cookies
-    std::string cookie_str = this->GetCookies(cm, http_www_google_.url());
+    std::string cookie_str = this->GetCookies(cm, https_www_google_.url());
+    size_t num_nonsecure = 0;
+    size_t num_secure = 0;
     for (const std::string& token : base::SplitString(
              cookie_str, ";", base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL)) {
       // Assuming *it is "a#=b", so extract and parse "#" portion.
@@ -406,22 +446,40 @@ class CookieMonsterTestBase : public CookieStoreTest<T> {
       DCHECK(result);
       DCHECK_GE(id, 0);
       DCHECK_LT(id, num_cookies);
-      surviving_id_list[priority_list[id]].push_back(id);
+      surviving_id_list[cookie_data[id].first][cookie_data[id].second]
+          .push_back(id);
+      if (cookie_data[id].first)
+        num_secure += 1;
+      else
+        num_nonsecure += 1;
     }
 
+    EXPECT_EQ(expected_nonsecure, num_nonsecure);
+    EXPECT_EQ(expected_secure, num_secure);
+
     // Validate each priority.
     size_t expected_count[3] = {
         expected_low_count, expected_medium_count, expected_high_count};
     for (int i = 0; i < 3; ++i) {
-      DCHECK_LE(surviving_id_list[i].size(), id_list[i].size());
-      EXPECT_EQ(expected_count[i], surviving_id_list[i].size());
+      size_t num_for_priority =
+          surviving_id_list[0][i].size() + surviving_id_list[1][i].size();
+      EXPECT_EQ(expected_count[i], num_for_priority);
       // Verify that the remaining cookies are the most recent among those
       // with the same priorities.
-      if (expected_count[i] == surviving_id_list[i].size()) {
-        std::sort(surviving_id_list[i].begin(), surviving_id_list[i].end());
-        EXPECT_TRUE(std::equal(surviving_id_list[i].begin(),
-                               surviving_id_list[i].end(),
-                               id_list[i].end() - expected_count[i]));
+      if (expected_count[i] == num_for_priority) {
+        // Non-secure:
+        std::sort(surviving_id_list[0][i].begin(),
+                  surviving_id_list[0][i].end());
+        EXPECT_TRUE(std::equal(
+            surviving_id_list[0][i].begin(), surviving_id_list[0][i].end(),
+            id_list[0][i].end() - surviving_id_list[0][i].size()));
+
+        // Secure:
+        std::sort(surviving_id_list[1][i].begin(),
+                  surviving_id_list[1][i].end());
+        EXPECT_TRUE(std::equal(
+            surviving_id_list[1][i].begin(), surviving_id_list[1][i].end(),
+            id_list[1][i].end() - surviving_id_list[1][i].size()));
       }
     }
   }
@@ -446,7 +504,7 @@ class CookieMonsterTestBase : public CookieStoreTest<T> {
                                 size_t expected_secure_cookies,
                                 size_t expected_non_secure_cookies,
                                 const AltHosts* alt_host_entries) {
-    scoped_ptr<CookieMonster> cm;
+    std::unique_ptr<CookieMonster> cm;
 
     if (alt_host_entries == nullptr) {
       cm.reset(new CookieMonster(nullptr, nullptr));
@@ -488,54 +546,197 @@ class CookieMonsterTestBase : public CookieStoreTest<T> {
     EXPECT_EQ(expected_non_secure_cookies, total_non_secure_cookies);
   }
 
-  void TestPriorityAwareGarbageCollectHelper() {
+  void TestPriorityAwareGarbageCollectHelperNonSecure() {
+    // Hard-coding limits in the test, but use DCHECK_EQ to enforce constraint.
+    DCHECK_EQ(180U, CookieMonster::kDomainMaxCookies);
+    DCHECK_EQ(150U, CookieMonster::kDomainMaxCookies -
+                        CookieMonster::kDomainPurgeCookies);
+
+    std::unique_ptr<CookieMonster> cm(new CookieMonster(NULL, NULL));
+
+    // Each test case adds 181 cookies, so 31 cookies are evicted.
+    // Cookie same priority, repeated for each priority.
+    TestPriorityCookieCase(cm.get(), "181LN", 150U, 0U, 0U, 150U, 0U);
+    TestPriorityCookieCase(cm.get(), "181MN", 0U, 150U, 0U, 150U, 0U);
+    TestPriorityCookieCase(cm.get(), "181HN", 0U, 0U, 150U, 150U, 0U);
+
+    // Pairwise scenarios.
+    // Round 1 => none; round2 => 31M; round 3 => none.
+    TestPriorityCookieCase(cm.get(), "10HN 171MN", 0U, 140U, 10U, 150U, 0U);
+    // Round 1 => 10L; round2 => 21M; round 3 => none.
+    TestPriorityCookieCase(cm.get(), "141MN 40LN", 30U, 120U, 0U, 150U, 0U);
+    // Round 1 => none; round2 => none; round 3 => 31H.
+    TestPriorityCookieCase(cm.get(), "101HN 80MN", 0U, 80U, 70U, 150U, 0U);
+
+    // For {low, medium} priorities right on quota, different orders.
+    // Round 1 => 1L; round 2 => none, round3 => 30L.
+    TestPriorityCookieCase(cm.get(), "31LN 50MN 100HN", 0U, 50U, 100U, 150U,
+                           0U);
+    // Round 1 => none; round 2 => 1M, round3 => 30M.
+    TestPriorityCookieCase(cm.get(), "51MN 100HN 30LN", 30U, 20U, 100U, 150U,
+                           0U);
+    // Round 1 => none; round 2 => none; round3 => 31H.
+    TestPriorityCookieCase(cm.get(), "101HN 50MN 30LN", 30U, 50U, 70U, 150U,
+                           0U);
+
+    // Round 1 => 10L; round 2 => 10M; round3 => 11H.
+    TestPriorityCookieCase(cm.get(), "81HN 60MN 40LN", 30U, 50U, 70U, 150U, 0U);
+
+    // More complex scenarios.
+    // Round 1 => 10L; round 2 => 10M; round 3 => 11H.
+    TestPriorityCookieCase(cm.get(), "21HN 60MN 40LN 60HN", 30U, 50U, 70U, 150U,
+                           0U);
+    // Round 1 => 10L; round 2 => 11M, 10L; round 3 => none.
+    TestPriorityCookieCase(cm.get(), "11HN 10MN 20LN 110MN 20LN 10HN", 20U,
+                           109U, 21U, 150U, 0U);
+    // Round 1 => none; round 2 => none; round 3 => 11L, 10M, 10H.
+    TestPriorityCookieCase(cm.get(), "11LN 10MN 140HN 10MN 10LN", 10U, 10U,
+                           130U, 150U, 0U);
+    // Round 1 => none; round 2 => 1M; round 3 => 10L, 10M, 10H.
+    TestPriorityCookieCase(cm.get(), "11MN 10HN 10LN 60MN 90HN", 0U, 60U, 90U,
+                           150U, 0U);
+    // Round 1 => none; round 2 => 10L, 21M; round 3 => none.
+    TestPriorityCookieCase(cm.get(), "11MN 10HN 10LN 90MN 60HN", 0U, 80U, 70U,
+                           150U, 0U);
+
+    // TODO(jww): According to
+    // https://tools.ietf.org/html/draft-west-cookie-priority#section-3, it
+    // seems that quotas are a mechanism for preventing another application on
+    // the same doman from DoS'ing an application by constantly evicting *all*
+    // lower priority cookies.
+    //
+    // Unfortunately, this has never strictly worked in our implementation. Take
+    // the following test as an example:
+    // TestPriorityCookieCase(cm.get(), "50LN 131HN", 30U, 0U, 120U, 150U, 0U);
+    //
+    // According to this theory, we would expect eviction to proceed as:
+    // Round 1 => 20L; round 2 => 0; round 3 => 11H
+    // thus resulting in 30L and 120H at the end.
+    //
+    // However, what happens in practice is that the cookies left are 19L and
+    // 131H. This is because the quotas are accumulated over the rounds and what
+    // priority they apply to is lost information. Since in the last round all
+    // that is known is a total quota, and the low-priority cookies are least
+    // recently accessed, they are evicted first to get down to 150 cookies.
+    //
+    // We should address this and uncomment the test below when it is fixed.
+    //
+    // See https://crbug.com/609550
+    //
+    // Round 1 => 20L; round 2 => 0; round 3 => 11H
+    // TestPriorityCookieCase(cm.get(), "50LN 131HN", 30U, 0U, 120U, 150U, 0U);
+    // Round 1 => 20L; round 2 => 0; round 3 => 11H
+    TestPriorityCookieCase(cm.get(), "131HN 50LN", 30U, 0U, 120U, 150U, 0U);
+    // Round 1 => 20L; round 2 => none; round 3 => 11H.
+    TestPriorityCookieCase(cm.get(), "50HN 50LN 81HN", 30U, 0U, 120U, 150U, 0U);
+    // Round 1 => 20L; round 2 => none; round 3 => 11H.
+    TestPriorityCookieCase(cm.get(), "81HN 50LN 50HN", 30U, 0U, 120U, 150U, 0U);
+  }
+
+  void TestPriorityAwareGarbageCollectHelperSecure() {
     // Hard-coding limits in the test, but use DCHECK_EQ to enforce constraint.
     DCHECK_EQ(180U, CookieMonster::kDomainMaxCookies);
     DCHECK_EQ(150U, CookieMonster::kDomainMaxCookies -
                         CookieMonster::kDomainPurgeCookies);
-    DCHECK_EQ(30U, CookieMonster::kDomainCookiesQuotaLow);
-    DCHECK_EQ(50U, CookieMonster::kDomainCookiesQuotaMedium);
-    DCHECK_EQ(70U, CookieMonster::kDomainCookiesQuotaHigh);
 
-    scoped_ptr<CookieMonster> cm(new CookieMonster(nullptr, nullptr));
+    std::unique_ptr<CookieMonster> cm(new CookieMonster(nullptr, nullptr));
 
     // Each test case adds 181 cookies, so 31 cookies are evicted.
     // Cookie same priority, repeated for each priority.
-    TestPriorityCookieCase(cm.get(), "181L", 150U, 0U, 0U);
-    TestPriorityCookieCase(cm.get(), "181M", 0U, 150U, 0U);
-    TestPriorityCookieCase(cm.get(), "181H", 0U, 0U, 150U);
+    TestPriorityCookieCase(cm.get(), "181LS", 150U, 0U, 0U, 0U, 150U);
+    TestPriorityCookieCase(cm.get(), "181MS", 0U, 150U, 0U, 0U, 150U);
+    TestPriorityCookieCase(cm.get(), "181HS", 0U, 0U, 150U, 0U, 150U);
 
     // Pairwise scenarios.
     // Round 1 => none; round2 => 31M; round 3 => none.
-    TestPriorityCookieCase(cm.get(), "10H 171M", 0U, 140U, 10U);
+    TestPriorityCookieCase(cm.get(), "10HS 171MS", 0U, 140U, 10U, 0U, 150U);
     // Round 1 => 10L; round2 => 21M; round 3 => none.
-    TestPriorityCookieCase(cm.get(), "141M 40L", 30U, 120U, 0U);
+    TestPriorityCookieCase(cm.get(), "141MS 40LS", 30U, 120U, 0U, 0U, 150U);
     // Round 1 => none; round2 => none; round 3 => 31H.
-    TestPriorityCookieCase(cm.get(), "101H 80M", 0U, 80U, 70U);
+    TestPriorityCookieCase(cm.get(), "101HS 80MS", 0U, 80U, 70U, 0U, 150U);
 
     // For {low, medium} priorities right on quota, different orders.
     // Round 1 => 1L; round 2 => none, round3 => 30L.
-    TestPriorityCookieCase(cm.get(), "31L 50M 100H", 0U, 50U, 100U);
+    TestPriorityCookieCase(cm.get(), "31LS 50MS 100HS", 0U, 50U, 100U, 0U,
+                           150U);
     // Round 1 => none; round 2 => 1M, round3 => 30M.
-    TestPriorityCookieCase(cm.get(), "51M 100H 30L", 30U, 20U, 100U);
+    TestPriorityCookieCase(cm.get(), "51MS 100HS 30LS", 30U, 20U, 100U, 0U,
+                           150U);
     // Round 1 => none; round 2 => none; round3 => 31H.
-    TestPriorityCookieCase(cm.get(), "101H 50M 30L", 30U, 50U, 70U);
+    TestPriorityCookieCase(cm.get(), "101HS 50MS 30LS", 30U, 50U, 70U, 0U,
+                           150U);
 
     // Round 1 => 10L; round 2 => 10M; round3 => 11H.
-    TestPriorityCookieCase(cm.get(), "81H 60M 40L", 30U, 50U, 70U);
+    TestPriorityCookieCase(cm.get(), "81HS 60MS 40LS", 30U, 50U, 70U, 0U, 150U);
 
     // More complex scenarios.
     // Round 1 => 10L; round 2 => 10M; round 3 => 11H.
-    TestPriorityCookieCase(cm.get(), "21H 60M 40L 60H", 30U, 50U, 70U);
+    TestPriorityCookieCase(cm.get(), "21HS 60MS 40LS 60HS", 30U, 50U, 70U, 0U,
+                           150U);
     // Round 1 => 10L; round 2 => 11M, 10L; round 3 => none.
-    TestPriorityCookieCase(cm.get(), "11H 10M 20L 110M 20L 10H", 20U, 109U,
-                           21U);
+    TestPriorityCookieCase(cm.get(), "11HS 10MS 20LS 110MS 20LS 10HS", 20U,
+                           109U, 21U, 0U, 150U);
     // Round 1 => none; round 2 => none; round 3 => 11L, 10M, 10H.
-    TestPriorityCookieCase(cm.get(), "11L 10M 140H 10M 10L", 10U, 10U, 130U);
+    TestPriorityCookieCase(cm.get(), "11LS 10MS 140HS 10MS 10LS", 10U, 10U,
+                           130U, 0U, 150U);
     // Round 1 => none; round 2 => 1M; round 3 => 10L, 10M, 10H.
-    TestPriorityCookieCase(cm.get(), "11M 10H 10L 60M 90H", 0U, 60U, 90U);
+    TestPriorityCookieCase(cm.get(), "11MS 10HS 10LS 60MS 90HS", 0U, 60U, 90U,
+                           0U, 150U);
     // Round 1 => none; round 2 => 10L, 21M; round 3 => none.
-    TestPriorityCookieCase(cm.get(), "11M 10H 10L 90M 60H", 0U, 80U, 70U);
+    TestPriorityCookieCase(cm.get(), "11MS 10HS 10LS 90MS 60HS", 0U, 80U, 70U,
+                           0U, 150U);
+  }
+
+  void TestPriorityAwareGarbageCollectHelperMixed() {
+    // Hard-coding limits in the test, but use DCHECK_EQ to enforce constraint.
+    DCHECK_EQ(180U, CookieMonster::kDomainMaxCookies);
+    DCHECK_EQ(150U, CookieMonster::kDomainMaxCookies -
+                        CookieMonster::kDomainPurgeCookies);
+
+    std::unique_ptr<CookieMonster> cm(new CookieMonster(NULL, NULL));
+
+    // Each test case adds 180 secure cookies, and some non-secure cookie. The
+    // secure cookies take priority, so the non-secure cookie is removed, along
+    // with 30 secure cookies. Repeated for each priority, and with the
+    // non-secure cookie as older and newer.
+    TestPriorityCookieCase(cm.get(), "1LN 180LS", 150U, 0U, 0U, 0U, 150U);
+    TestPriorityCookieCase(cm.get(), "1MN 180MS", 0U, 150U, 0U, 0U, 150U);
+    TestPriorityCookieCase(cm.get(), "1HN 180HS", 0U, 0U, 150U, 0U, 150U);
+    TestPriorityCookieCase(cm.get(), "180LS 1LN", 150U, 0U, 0U, 0U, 150U);
+    TestPriorityCookieCase(cm.get(), "180MS 1MN", 0U, 150U, 0U, 0U, 150U);
+    TestPriorityCookieCase(cm.get(), "180HS 1HN", 0U, 0U, 150U, 0U, 150U);
+
+    // Low-priority secure cookies are removed before higher priority non-secure
+    // cookies.
+    TestPriorityCookieCase(cm.get(), "180LS 1MN", 149U, 1U, 0U, 1U, 149U);
+    TestPriorityCookieCase(cm.get(), "180LS 1HN", 149U, 0U, 1U, 1U, 149U);
+    TestPriorityCookieCase(cm.get(), "1MN 180LS", 149U, 1U, 0U, 1U, 149U);
+    TestPriorityCookieCase(cm.get(), "1HN 180LS", 149U, 0U, 1U, 1U, 149U);
+
+    // Higher-priority non-secure cookies are removed before any secure cookie
+    // with greater than low-priority.
+    TestPriorityCookieCase(cm.get(), "180MS 1HN", 0U, 150U, 0U, 0U, 150U);
+    TestPriorityCookieCase(cm.get(), "1HN 180MS", 0U, 150U, 0U, 0U, 150U);
+
+    // Pairwise:
+    TestPriorityCookieCase(cm.get(), "1LS 180LN", 150U, 0U, 0U, 149U, 1U);
+    TestPriorityCookieCase(cm.get(), "100LS 81LN", 150U, 0U, 0U, 50U, 100U);
+    TestPriorityCookieCase(cm.get(), "150LS 31LN", 150U, 0U, 0U, 0U, 150U);
+    TestPriorityCookieCase(cm.get(), "1LS 180HN", 0U, 0U, 150U, 150U, 0U);
+    TestPriorityCookieCase(cm.get(), "100LS 81HN", 69U, 0U, 81U, 81U, 69U);
+    TestPriorityCookieCase(cm.get(), "150LS 31HN", 119U, 0U, 31U, 31U, 119U);
+
+    // Quota calculations inside non-secure/secure blocks remain in place:
+    // Round 1 => 20LS; round 2 => none; round 3 => 11HN.
+    TestPriorityCookieCase(cm.get(), "50HN 50LS 81HS", 30U, 0U, 120U, 39U,
+                           111U);
+    // Round 1 => none; round 2 => 10LS, 21MN; round 3 => none.
+    TestPriorityCookieCase(cm.get(), "11MS 10HN 10LS 90MN 60HN", 0U, 80U, 70U,
+                           139U, 11U);
+
+    // Multiple GC rounds end up with consistent behavior:
+    TestPriorityCookieCase(cm.get(), "100HS 100LN 100MN", 0, 76U, 100U, 76U,
+                           100U);
   }
 
   // Function for creating a CM with a number of cookies in it,
@@ -667,14 +868,14 @@ ACTION_P2(GetAllCookiesAction, cookie_monster, callback) {
   cookie_monster->GetAllCookiesAsync(callback->AsCallback());
 }
 
-ACTION_P5(DeleteAllCreatedBetweenForHostAction,
+ACTION_P5(DeleteAllCreatedBetweenWithPredicateAction,
           cookie_monster,
           delete_begin,
           delete_end,
-          url,
+          predicate,
           callback) {
-  cookie_monster->DeleteAllCreatedBetweenForHostAsync(
-      delete_begin, delete_end, url, callback->AsCallback());
+  cookie_monster->DeleteAllCreatedBetweenWithPredicateAsync(
+      delete_begin, delete_end, predicate, callback->AsCallback());
 }
 
 ACTION_P3(DeleteCanonicalCookieAction, cookie_monster, cookie, callback) {
@@ -804,7 +1005,7 @@ class DeferredCookieTaskTest : public CookieMonsterTest {
   // Indicates whether ExpectLoadCall() has been called.
   bool expect_load_called_;
   // Stores the CookieMonster under test.
-  scoped_ptr<CookieMonster> cookie_monster_;
+  std::unique_ptr<CookieMonster> cookie_monster_;
   // Stores the mock PersistentCookieStore.
   scoped_refptr<NewMockPersistentCookieStore> persistent_store_;
 };
@@ -1050,20 +1251,22 @@ TEST_F(DeferredCookieTaskTest, DeferredDeleteAllCreatedBetweenCookies) {
   loop.Run();
 }
 
-TEST_F(DeferredCookieTaskTest, DeferredDeleteAllForHostCreatedBetweenCookies) {
+TEST_F(DeferredCookieTaskTest,
+       DeferredDeleteAllWithPredicateCreatedBetweenCookies) {
   MockDeleteCallback delete_callback;
 
-  BeginWithForDomainKey(http_www_google_.domain(),
-                        DeleteAllCreatedBetweenForHostAction(
-                            &cookie_monster(), base::Time(), base::Time::Now(),
-                            http_www_google_.url(), &delete_callback));
+  CookiePredicate predicate = base::Bind(&AlwaysTrueCookiePredicate, nullptr);
+
+  BeginWith(DeleteAllCreatedBetweenWithPredicateAction(
+      &cookie_monster(), base::Time(), base::Time::Now(), predicate,
+      &delete_callback));
 
   WaitForLoadCall();
 
   EXPECT_CALL(delete_callback, Invoke(false))
-      .WillOnce(DeleteAllCreatedBetweenForHostAction(
-          &cookie_monster(), base::Time(), base::Time::Now(),
-          http_www_google_.url(), &delete_callback));
+      .WillOnce(DeleteAllCreatedBetweenWithPredicateAction(
+          &cookie_monster(), base::Time(), base::Time::Now(), predicate,
+          &delete_callback));
   base::RunLoop loop;
   EXPECT_CALL(delete_callback, Invoke(false)).WillOnce(QuitRunLoop(&loop));
 
@@ -1073,7 +1276,7 @@ TEST_F(DeferredCookieTaskTest, DeferredDeleteAllForHostCreatedBetweenCookies) {
 
 TEST_F(DeferredCookieTaskTest, DeferredDeleteCanonicalCookie) {
   std::vector<CanonicalCookie*> cookies;
-  scoped_ptr<CanonicalCookie> cookie = BuildCanonicalCookie(
+  std::unique_ptr<CanonicalCookie> cookie = BuildCanonicalCookie(
       http_www_google_.url(), "X=1; path=/", base::Time::Now());
 
   MockDeleteCallback delete_cookie_callback;
@@ -1147,7 +1350,7 @@ TEST_F(DeferredCookieTaskTest, DeferredTaskOrder) {
 
 TEST_F(CookieMonsterTest, TestCookieDeleteAll) {
   scoped_refptr<MockPersistentCookieStore> store(new MockPersistentCookieStore);
-  scoped_ptr<CookieMonster> cm(new CookieMonster(store.get(), nullptr));
+  std::unique_ptr<CookieMonster> cm(new CookieMonster(store.get(), nullptr));
   CookieOptions options;
   options.set_include_httponly();
 
@@ -1180,14 +1383,14 @@ TEST_F(CookieMonsterTest, TestCookieDeleteAll) {
 }
 
 TEST_F(CookieMonsterTest, TestCookieDeleteAllCreatedBetweenTimestamps) {
-  scoped_ptr<CookieMonster> cm(new CookieMonster(nullptr, nullptr));
+  std::unique_ptr<CookieMonster> cm(new CookieMonster(nullptr, nullptr));
   Time now = Time::Now();
 
   // Nothing has been added so nothing should be deleted.
   EXPECT_EQ(0, DeleteAllCreatedBetween(cm.get(), now - TimeDelta::FromDays(99),
                                        Time()));
 
-  // Create 3 cookies with creation date of today, yesterday and the day before.
+  // Create 5 cookies with different creation dates.
   EXPECT_TRUE(
       cm->SetCookieWithCreationTime(http_www_google_.url(), "T-0=Now", now));
   EXPECT_TRUE(cm->SetCookieWithCreationTime(
@@ -1219,13 +1422,97 @@ TEST_F(CookieMonsterTest, TestCookieDeleteAllCreatedBetweenTimestamps) {
   EXPECT_EQ(0, DeleteAll(cm.get()));
 }
 
+TEST_F(CookieMonsterTest,
+       TestCookieDeleteAllCreatedBetweenTimestampsWithPredicate) {
+  std::unique_ptr<CookieMonster> cm(new CookieMonster(nullptr, nullptr));
+  Time now = Time::Now();
+
+  CanonicalCookie test_cookie;
+  CookiePredicate true_predicate =
+      base::Bind(&AlwaysTrueCookiePredicate, &test_cookie);
+
+  CookiePredicate false_predicate =
+      base::Bind(&AlwaysFalseCookiePredicate, &test_cookie);
+
+  // Nothing has been added so nothing should be deleted.
+  EXPECT_EQ(
+      0, DeleteAllCreatedBetweenWithPredicate(
+             cm.get(), now - TimeDelta::FromDays(99), Time(), true_predicate));
+
+  // Create 5 cookies with different creation dates.
+  EXPECT_TRUE(
+      cm->SetCookieWithCreationTime(http_www_google_.url(), "T-0=Now", now));
+  EXPECT_TRUE(cm->SetCookieWithCreationTime(
+      http_www_google_.url(), "T-1=Yesterday", now - TimeDelta::FromDays(1)));
+  EXPECT_TRUE(cm->SetCookieWithCreationTime(
+      http_www_google_.url(), "T-2=DayBefore", now - TimeDelta::FromDays(2)));
+  EXPECT_TRUE(cm->SetCookieWithCreationTime(
+      http_www_google_.url(), "T-3=ThreeDays", now - TimeDelta::FromDays(3)));
+  EXPECT_TRUE(cm->SetCookieWithCreationTime(
+      http_www_google_.url(), "T-7=LastWeek", now - TimeDelta::FromDays(7)));
+
+  // Try to delete threedays and the daybefore, but we should do nothing due
+  // to the predicate.
+  EXPECT_EQ(0, DeleteAllCreatedBetweenWithPredicate(
+                   cm.get(), now - TimeDelta::FromDays(3),
+                   now - TimeDelta::FromDays(1), false_predicate));
+  // Same as above with a null predicate, so it shouldn't delete anything.
+  EXPECT_EQ(0, DeleteAllCreatedBetweenWithPredicate(
+                   cm.get(), now - TimeDelta::FromDays(3),
+                   now - TimeDelta::FromDays(1), CookiePredicate()));
+  // Same as above, but we use the true_predicate, so it works.
+  EXPECT_EQ(2, DeleteAllCreatedBetweenWithPredicate(
+                   cm.get(), now - TimeDelta::FromDays(3),
+                   now - TimeDelta::FromDays(1), true_predicate));
+
+  // Try to delete yesterday, also make sure that delete_end is not
+  // inclusive.
+  EXPECT_EQ(0,
+            DeleteAllCreatedBetweenWithPredicate(
+                cm.get(), now - TimeDelta::FromDays(2), now, false_predicate));
+  EXPECT_EQ(1,
+            DeleteAllCreatedBetweenWithPredicate(
+                cm.get(), now - TimeDelta::FromDays(2), now, true_predicate));
+  // Check our cookie values.
+  std::unique_ptr<CanonicalCookie> expected_cookie =
+      CanonicalCookie::Create(http_www_google_.url(), "T-1=Yesterday",
+                              now - TimeDelta::FromDays(1), CookieOptions());
+  EXPECT_THAT(test_cookie, CookieEquals(*expected_cookie))
+      << "Actual:\n"
+      << test_cookie.DebugString() << "\nExpected:\n"
+      << expected_cookie->DebugString();
+
+  // Make sure the delete_begin is inclusive.
+  EXPECT_EQ(0,
+            DeleteAllCreatedBetweenWithPredicate(
+                cm.get(), now - TimeDelta::FromDays(7), now, false_predicate));
+  EXPECT_EQ(1,
+            DeleteAllCreatedBetweenWithPredicate(
+                cm.get(), now - TimeDelta::FromDays(7), now, true_predicate));
+
+  // Delete the last (now) item.
+  EXPECT_EQ(0, DeleteAllCreatedBetweenWithPredicate(cm.get(), Time(), Time(),
+                                                    false_predicate));
+  EXPECT_EQ(1, DeleteAllCreatedBetweenWithPredicate(cm.get(), Time(), Time(),
+                                                    true_predicate));
+  expected_cookie = CanonicalCookie::Create(http_www_google_.url(), "T-0=Now",
+                                            now, CookieOptions());
+  EXPECT_THAT(test_cookie, CookieEquals(*expected_cookie))
+      << "Actual:\n"
+      << test_cookie.DebugString() << "\nExpected:\n"
+      << expected_cookie->DebugString();
+
+  // Really make sure everything is gone.
+  EXPECT_EQ(0, DeleteAll(cm.get()));
+}
+
 static const base::TimeDelta kLastAccessThreshold =
     base::TimeDelta::FromMilliseconds(200);
 static const base::TimeDelta kAccessDelay =
     kLastAccessThreshold + base::TimeDelta::FromMilliseconds(20);
 
 TEST_F(CookieMonsterTest, TestLastAccess) {
-  scoped_ptr<CookieMonster> cm(
+  std::unique_ptr<CookieMonster> cm(
       new CookieMonster(nullptr, nullptr, kLastAccessThreshold));
 
   EXPECT_TRUE(SetCookie(cm.get(), http_www_google_.url(), "A=B"));
@@ -1267,13 +1554,21 @@ TEST_F(CookieMonsterTest, TestHostGarbageCollection) {
   TestHostGarbageCollectHelper();
 }
 
-TEST_F(CookieMonsterTest, TestPriorityAwareGarbageCollection) {
-  TestPriorityAwareGarbageCollectHelper();
+TEST_F(CookieMonsterTest, TestPriorityAwareGarbageCollectionNonSecure) {
+  TestPriorityAwareGarbageCollectHelperNonSecure();
+}
+
+TEST_F(CookieMonsterTest, TestPriorityAwareGarbageCollectionSecure) {
+  TestPriorityAwareGarbageCollectHelperSecure();
+}
+
+TEST_F(CookieMonsterStrictSecureTest, TestPriorityAwareGarbageCollectionMixed) {
+  TestPriorityAwareGarbageCollectHelperMixed();
 }
 
 TEST_F(CookieMonsterTest, SetCookieableSchemes) {
-  scoped_ptr<CookieMonster> cm(new CookieMonster(nullptr, nullptr));
-  scoped_ptr<CookieMonster> cm_foo(new CookieMonster(nullptr, nullptr));
+  std::unique_ptr<CookieMonster> cm(new CookieMonster(nullptr, nullptr));
+  std::unique_ptr<CookieMonster> cm_foo(new CookieMonster(nullptr, nullptr));
 
   // Only cm_foo should allow foo:// cookies.
   std::vector<std::string> schemes;
@@ -1290,7 +1585,7 @@ TEST_F(CookieMonsterTest, SetCookieableSchemes) {
 }
 
 TEST_F(CookieMonsterTest, GetAllCookiesForURL) {
-  scoped_ptr<CookieMonster> cm(
+  std::unique_ptr<CookieMonster> cm(
       new CookieMonster(nullptr, nullptr, kLastAccessThreshold));
 
   // Create an httponly cookie.
@@ -1358,7 +1653,7 @@ TEST_F(CookieMonsterTest, GetAllCookiesForURL) {
 }
 
 TEST_F(CookieMonsterTest, GetAllCookiesForURLPathMatching) {
-  scoped_ptr<CookieMonster> cm(new CookieMonster(nullptr, nullptr));
+  std::unique_ptr<CookieMonster> cm(new CookieMonster(nullptr, nullptr));
   CookieOptions options;
 
   EXPECT_TRUE(SetCookieWithOptions(cm.get(), www_google_foo_.url(),
@@ -1396,7 +1691,7 @@ TEST_F(CookieMonsterTest, GetAllCookiesForURLPathMatching) {
 }
 
 TEST_F(CookieMonsterTest, CookieSorting) {
-  scoped_ptr<CookieMonster> cm(new CookieMonster(nullptr, nullptr));
+  std::unique_ptr<CookieMonster> cm(new CookieMonster(nullptr, nullptr));
 
   EXPECT_TRUE(SetCookie(cm.get(), http_www_google_.url(), "B=B1; path=/"));
   EXPECT_TRUE(SetCookie(cm.get(), http_www_google_.url(), "B=B2; path=/foo"));
@@ -1426,7 +1721,7 @@ TEST_F(CookieMonsterTest, CookieSorting) {
 }
 
 TEST_F(CookieMonsterTest, DeleteCookieByName) {
-  scoped_ptr<CookieMonster> cm(new CookieMonster(nullptr, nullptr));
+  std::unique_ptr<CookieMonster> cm(new CookieMonster(nullptr, nullptr));
 
   EXPECT_TRUE(SetCookie(cm.get(), http_www_google_.url(), "A=A1; path=/"));
   EXPECT_TRUE(SetCookie(cm.get(), http_www_google_.url(), "A=A2; path=/foo"));
@@ -1502,7 +1797,7 @@ TEST_F(CookieMonsterTest, DontImportDuplicateCookies) {
   // Inject our initial cookies into the mock PersistentCookieStore.
   store->SetLoadExpectation(true, initial_cookies);
 
-  scoped_ptr<CookieMonster> cm(new CookieMonster(store.get(), nullptr));
+  std::unique_ptr<CookieMonster> cm(new CookieMonster(store.get(), nullptr));
 
   // Verify that duplicates were not imported for path "/".
   // (If this had failed, GetCookies() would have also returned X=1, X=2, X=4).
@@ -1558,7 +1853,7 @@ TEST_F(CookieMonsterTest, DontImportDuplicateCreationTimes) {
   // Inject our initial cookies into the mock PersistentCookieStore.
   store->SetLoadExpectation(true, initial_cookies);
 
-  scoped_ptr<CookieMonster> cm(new CookieMonster(store.get(), nullptr));
+  std::unique_ptr<CookieMonster> cm(new CookieMonster(store.get(), nullptr));
 
   CookieList list(GetAllCookies(cm.get()));
   EXPECT_EQ(2U, list.size());
@@ -1574,7 +1869,8 @@ TEST_F(CookieMonsterTest, CookieMonsterDelegate) {
   scoped_refptr<MockPersistentCookieStore> store(new MockPersistentCookieStore);
   scoped_refptr<MockCookieMonsterDelegate> delegate(
       new MockCookieMonsterDelegate);
-  scoped_ptr<CookieMonster> cm(new CookieMonster(store.get(), delegate.get()));
+  std::unique_ptr<CookieMonster> cm(
+      new CookieMonster(store.get(), delegate.get()));
 
   EXPECT_TRUE(SetCookie(cm.get(), http_www_google_.url(), "A=B"));
   EXPECT_TRUE(SetCookie(cm.get(), http_www_google_.url(), "C=D"));
@@ -1652,81 +1948,29 @@ TEST_F(CookieMonsterTest, CookieMonsterDelegate) {
   delegate->reset();
 }
 
-TEST_F(CookieMonsterTest, DeleteAllForHost) {
-  scoped_ptr<CookieMonster> cm(new CookieMonster(nullptr, nullptr));
-
-  // Test probes:
-  //    * Non-secure URL, mid-level (http://w.c.b.a)
-  //    * Secure URL, mid-level (https://w.c.b.a)
-  //    * URL with path, mid-level (https:/w.c.b.a/dir1/xx)
-  // All three tests should nuke only the midlevel host cookie,
-  // the http_only cookie, the host secure cookie, and the two host
-  // path cookies.  http_only, secure, and paths are ignored by
-  // this call, and domain cookies arent touched.
-  PopulateCmForDeleteAllForHost(cm.get());
-  EXPECT_EQ("dom_1=X; dom_2=X; dom_3=X; host_3=X",
-            GetCookies(cm.get(), GURL(kTopLevelDomainPlus3)));
-  EXPECT_EQ("dom_1=X; dom_2=X; host_2=X; sec_dom=X; sec_host=X",
-            GetCookies(cm.get(), GURL(kTopLevelDomainPlus2Secure)));
-  EXPECT_EQ("dom_1=X; host_1=X",
-            GetCookies(cm.get(), GURL(kTopLevelDomainPlus1)));
-  EXPECT_EQ(
-      "dom_path_2=X; host_path_2=X; dom_path_1=X; host_path_1=X; "
-      "dom_1=X; dom_2=X; host_2=X; sec_dom=X; sec_host=X",
-      GetCookies(cm.get(), GURL(kTopLevelDomainPlus2Secure +
-                                std::string("/dir1/dir2/xxx"))));
-
-  EXPECT_EQ(6, DeleteAllCreatedBetweenForHost(cm.get(), base::Time(),
-                                              base::Time::Now(),
-                                              GURL(kTopLevelDomainPlus2)));
-  EXPECT_EQ(8U, GetAllCookies(cm.get()).size());
-
-  EXPECT_EQ("dom_1=X; dom_2=X; dom_3=X; host_3=X",
-            GetCookies(cm.get(), GURL(kTopLevelDomainPlus3)));
-  EXPECT_EQ("dom_1=X; dom_2=X; sec_dom=X",
-            GetCookies(cm.get(), GURL(kTopLevelDomainPlus2Secure)));
-  EXPECT_EQ("dom_1=X; host_1=X",
-            GetCookies(cm.get(), GURL(kTopLevelDomainPlus1)));
-  EXPECT_EQ("dom_path_2=X; dom_path_1=X; dom_1=X; dom_2=X; sec_dom=X",
-            GetCookies(cm.get(), GURL(kTopLevelDomainPlus2Secure +
-                                      std::string("/dir1/dir2/xxx"))));
-
-  PopulateCmForDeleteAllForHost(cm.get());
-  EXPECT_EQ(6, DeleteAllCreatedBetweenForHost(
-                   cm.get(), base::Time(), base::Time::Now(),
-                   GURL(kTopLevelDomainPlus2Secure)));
-  EXPECT_EQ(8U, GetAllCookies(cm.get()).size());
+TEST_F(CookieMonsterTest, PredicateSeesAllCookies) {
+  const std::string kTrueValue = "A";
+  std::unique_ptr<CookieMonster> cm(new CookieMonster(nullptr, nullptr));
+  // We test that we can see all cookies with our predicated. This includes
+  // host, http_only, host secure, and all domain cookies.
+  CookiePredicate value_matcher = base::Bind(&CookieValuePredicate, kTrueValue);
 
-  EXPECT_EQ("dom_1=X; dom_2=X; dom_3=X; host_3=X",
-            GetCookies(cm.get(), GURL(kTopLevelDomainPlus3)));
-  EXPECT_EQ("dom_1=X; dom_2=X; sec_dom=X",
-            GetCookies(cm.get(), GURL(kTopLevelDomainPlus2Secure)));
-  EXPECT_EQ("dom_1=X; host_1=X",
-            GetCookies(cm.get(), GURL(kTopLevelDomainPlus1)));
-  EXPECT_EQ("dom_path_2=X; dom_path_1=X; dom_1=X; dom_2=X; sec_dom=X",
-            GetCookies(cm.get(), GURL(kTopLevelDomainPlus2Secure +
-                                      std::string("/dir1/dir2/xxx"))));
+  PopulateCmForPredicateCheck(cm.get());
+  EXPECT_EQ(7, DeleteAllCreatedBetweenWithPredicate(
+                   cm.get(), base::Time(), base::Time::Now(), value_matcher));
 
-  PopulateCmForDeleteAllForHost(cm.get());
-  EXPECT_EQ(6,
-            DeleteAllCreatedBetweenForHost(
-                cm.get(), base::Time(), base::Time::Now(),
-                GURL(kTopLevelDomainPlus2Secure + std::string("/dir1/xxx"))));
-  EXPECT_EQ(8U, GetAllCookies(cm.get()).size());
-
-  EXPECT_EQ("dom_1=X; dom_2=X; dom_3=X; host_3=X",
+  EXPECT_EQ("dom_2=B; dom_3=C; host_3=C",
             GetCookies(cm.get(), GURL(kTopLevelDomainPlus3)));
-  EXPECT_EQ("dom_1=X; dom_2=X; sec_dom=X",
+  EXPECT_EQ("dom_2=B; host_2=B; sec_host=B",
             GetCookies(cm.get(), GURL(kTopLevelDomainPlus2Secure)));
-  EXPECT_EQ("dom_1=X; host_1=X",
-            GetCookies(cm.get(), GURL(kTopLevelDomainPlus1)));
-  EXPECT_EQ("dom_path_2=X; dom_path_1=X; dom_1=X; dom_2=X; sec_dom=X",
+  EXPECT_EQ("", GetCookies(cm.get(), GURL(kTopLevelDomainPlus1)));
+  EXPECT_EQ("dom_path_2=B; host_path_2=B; dom_2=B; host_2=B; sec_host=B",
             GetCookies(cm.get(), GURL(kTopLevelDomainPlus2Secure +
                                       std::string("/dir1/dir2/xxx"))));
 }
 
 TEST_F(CookieMonsterTest, UniqueCreationTime) {
-  scoped_ptr<CookieMonster> cm(new CookieMonster(nullptr, nullptr));
+  std::unique_ptr<CookieMonster> cm(new CookieMonster(nullptr, nullptr));
   CookieOptions options;
 
   // Add in three cookies through every public interface to the
@@ -1789,7 +2033,7 @@ TEST_F(CookieMonsterTest, UniqueCreationTime) {
 // Mainly a test of GetEffectiveDomain, or more specifically, of the
 // expected behavior of GetEffectiveDomain within the CookieMonster.
 TEST_F(CookieMonsterTest, GetKey) {
-  scoped_ptr<CookieMonster> cm(new CookieMonster(nullptr, nullptr));
+  std::unique_ptr<CookieMonster> cm(new CookieMonster(nullptr, nullptr));
 
   // This test is really only interesting if GetKey() actually does something.
   EXPECT_EQ("google.com", cm->GetKey("www.google.com"));
@@ -1833,7 +2077,8 @@ TEST_F(CookieMonsterTest, BackingStoreCommunication) {
 
   // Create new cookies and flush them to the store.
   {
-    scoped_ptr<CookieMonster> cmout(new CookieMonster(store.get(), nullptr));
+    std::unique_ptr<CookieMonster> cmout(
+        new CookieMonster(store.get(), nullptr));
     for (const CookiesInputInfo* p = input_info;
          p < &input_info[arraysize(input_info)]; p++) {
       EXPECT_TRUE(SetCookieWithDetails(
@@ -1849,7 +2094,8 @@ TEST_F(CookieMonsterTest, BackingStoreCommunication) {
 
   // Create a new cookie monster and make sure that everything is correct
   {
-    scoped_ptr<CookieMonster> cmin(new CookieMonster(store.get(), nullptr));
+    std::unique_ptr<CookieMonster> cmin(
+        new CookieMonster(store.get(), nullptr));
     CookieList cookies(GetAllCookies(cmin.get()));
     ASSERT_EQ(2u, cookies.size());
     // Ordering is path length, then creation time.  So second cookie
@@ -1879,7 +2125,7 @@ TEST_F(CookieMonsterTest, BackingStoreCommunication) {
 TEST_F(CookieMonsterTest, CookieListOrdering) {
   // Put a random set of cookies into a monster and make sure
   // they're returned in the right order.
-  scoped_ptr<CookieMonster> cm(new CookieMonster(nullptr, nullptr));
+  std::unique_ptr<CookieMonster> cm(new CookieMonster(nullptr, nullptr));
   EXPECT_TRUE(
       SetCookie(cm.get(), GURL("http://d.c.b.a.google.com/aa/x.html"), "c=1"));
   EXPECT_TRUE(SetCookie(cm.get(), GURL("http://b.a.google.com/aa/bb/cc/x.html"),
@@ -1936,7 +2182,7 @@ TEST_F(CookieMonsterTest, MAYBE_GarbageCollectionTriggers) {
   // First we check to make sure that a whole lot of recent cookies
   // doesn't get rid of anything after garbage collection is checked for.
   {
-    scoped_ptr<CookieMonster> cm(
+    std::unique_ptr<CookieMonster> cm(
         CreateMonsterForGC(CookieMonster::kMaxCookies * 2));
     EXPECT_EQ(CookieMonster::kMaxCookies * 2, GetAllCookies(cm.get()).size());
     SetCookie(cm.get(), GURL("http://newdomain.com"), "b=2");
@@ -1978,7 +2224,7 @@ TEST_F(CookieMonsterTest, MAYBE_GarbageCollectionTriggers) {
 
   for (int ci = 0; ci < static_cast<int>(arraysize(test_cases)); ++ci) {
     const TestCase* test_case = &test_cases[ci];
-    scoped_ptr<CookieMonster> cm = CreateMonsterFromStoreForGC(
+    std::unique_ptr<CookieMonster> cm = CreateMonsterFromStoreForGC(
         test_case->num_cookies, test_case->num_old_cookies, 0, 0,
         CookieMonster::kSafeFromGlobalPurgeDays * 2);
     EXPECT_EQ(test_case->expected_initial_cookies,
@@ -1999,7 +2245,7 @@ TEST_F(CookieMonsterTest, WhileLoadingLoadCompletesBeforeKeyLoadCompletes) {
 
   scoped_refptr<MockPersistentCookieStore> store(new MockPersistentCookieStore);
   store->set_store_load_commands(true);
-  scoped_ptr<CookieMonster> cm(new CookieMonster(store.get(), nullptr));
+  std::unique_ptr<CookieMonster> cm(new CookieMonster(store.get(), nullptr));
 
   // Get all cookies task that queues a task to set a cookie when executed.
   ResultSavingCookieCallback<bool> set_cookie_callback;
@@ -2051,7 +2297,7 @@ TEST_F(CookieMonsterTest, WhileLoadingDeleteAllGetForURL) {
 
   scoped_refptr<MockPersistentCookieStore> store(new MockPersistentCookieStore);
   store->set_store_load_commands(true);
-  scoped_ptr<CookieMonster> cm(new CookieMonster(store.get(), nullptr));
+  std::unique_ptr<CookieMonster> cm(new CookieMonster(store.get(), nullptr));
 
   ResultSavingCookieCallback<int> delete_callback;
   cm->DeleteAllAsync(base::Bind(&ResultSavingCookieCallback<int>::Run,
@@ -2092,7 +2338,7 @@ TEST_F(CookieMonsterTest, WhileLoadingGetAllSetGetAll) {
 
   scoped_refptr<MockPersistentCookieStore> store(new MockPersistentCookieStore);
   store->set_store_load_commands(true);
-  scoped_ptr<CookieMonster> cm(new CookieMonster(store.get(), nullptr));
+  std::unique_ptr<CookieMonster> cm(new CookieMonster(store.get(), nullptr));
 
   GetCookieListCallback get_cookie_list_callback1;
   cm->GetAllCookiesAsync(
@@ -2144,7 +2390,7 @@ TEST_F(CookieMonsterTest, CheckOrderOfCookieTaskQueueWhenLoadingCompletes) {
 
   scoped_refptr<MockPersistentCookieStore> store(new MockPersistentCookieStore);
   store->set_store_load_commands(true);
-  scoped_ptr<CookieMonster> cm(new CookieMonster(store.get(), nullptr));
+  std::unique_ptr<CookieMonster> cm(new CookieMonster(store.get(), nullptr));
 
   // Get all cookies task that queues a task to set a cookie when executed.
   ResultSavingCookieCallback<bool> set_cookie_callback;
@@ -2246,7 +2492,7 @@ class CallbackCounter : public base::RefCountedThreadSafe<CallbackCounter> {
 TEST_F(CookieMonsterTest, FlushStore) {
   scoped_refptr<CallbackCounter> counter(new CallbackCounter());
   scoped_refptr<FlushablePersistentStore> store(new FlushablePersistentStore());
-  scoped_ptr<CookieMonster> cm(new CookieMonster(store.get(), nullptr));
+  std::unique_ptr<CookieMonster> cm(new CookieMonster(store.get(), nullptr));
 
   ASSERT_EQ(0, store->flush_count());
   ASSERT_EQ(0, counter->callback_count());
@@ -2296,7 +2542,7 @@ TEST_F(CookieMonsterTest, FlushStore) {
 
 TEST_F(CookieMonsterTest, SetAllCookies) {
   scoped_refptr<FlushablePersistentStore> store(new FlushablePersistentStore());
-  scoped_ptr<CookieMonster> cm(new CookieMonster(store.get(), nullptr));
+  std::unique_ptr<CookieMonster> cm(new CookieMonster(store.get(), nullptr));
   cm->SetPersistSessionCookies(true);
 
   EXPECT_TRUE(SetCookie(cm.get(), http_www_google_.url(), "U=V; path=/"));
@@ -2342,56 +2588,59 @@ TEST_F(CookieMonsterTest, SetAllCookies) {
 }
 
 TEST_F(CookieMonsterTest, ComputeCookieDiff) {
-  scoped_ptr<CookieMonster> cm(new CookieMonster(nullptr, nullptr));
+  std::unique_ptr<CookieMonster> cm(new CookieMonster(nullptr, nullptr));
 
   base::Time now = base::Time::Now();
   base::Time creation_time = now - base::TimeDelta::FromSeconds(1);
 
-  scoped_ptr<CanonicalCookie> cookie1(CanonicalCookie::Create(
+  std::unique_ptr<CanonicalCookie> cookie1(CanonicalCookie::Create(
       http_www_google_.url(), "A", "B", http_www_google_.url().host(), "/",
       creation_time, base::Time(), false, false, CookieSameSite::DEFAULT_MODE,
       false, COOKIE_PRIORITY_DEFAULT));
-  scoped_ptr<CanonicalCookie> cookie2(CanonicalCookie::Create(
+  std::unique_ptr<CanonicalCookie> cookie2(CanonicalCookie::Create(
       http_www_google_.url(), "C", "D", http_www_google_.url().host(), "/",
       creation_time, base::Time(), false, false, CookieSameSite::DEFAULT_MODE,
       false, COOKIE_PRIORITY_DEFAULT));
-  scoped_ptr<CanonicalCookie> cookie3(CanonicalCookie::Create(
+  std::unique_ptr<CanonicalCookie> cookie3(CanonicalCookie::Create(
       http_www_google_.url(), "E", "F", http_www_google_.url().host(), "/",
       creation_time, base::Time(), false, false, CookieSameSite::DEFAULT_MODE,
       false, COOKIE_PRIORITY_DEFAULT));
-  scoped_ptr<CanonicalCookie> cookie4(CanonicalCookie::Create(
+  std::unique_ptr<CanonicalCookie> cookie4(CanonicalCookie::Create(
       http_www_google_.url(), "G", "H", http_www_google_.url().host(), "/",
       creation_time, base::Time(), false, false, CookieSameSite::DEFAULT_MODE,
       false, COOKIE_PRIORITY_DEFAULT));
-  scoped_ptr<CanonicalCookie> cookie4_with_new_value(CanonicalCookie::Create(
-      http_www_google_.url(), "G", "iamnew", http_www_google_.url().host(), "/",
-      creation_time, base::Time(), false, false, CookieSameSite::DEFAULT_MODE,
-      false, COOKIE_PRIORITY_DEFAULT));
-  scoped_ptr<CanonicalCookie> cookie5(CanonicalCookie::Create(
+  std::unique_ptr<CanonicalCookie> cookie4_with_new_value(
+      CanonicalCookie::Create(
+          http_www_google_.url(), "G", "iamnew", http_www_google_.url().host(),
+          "/", creation_time, base::Time(), false, false,
+          CookieSameSite::DEFAULT_MODE, false, COOKIE_PRIORITY_DEFAULT));
+  std::unique_ptr<CanonicalCookie> cookie5(CanonicalCookie::Create(
       http_www_google_.url(), "I", "J", http_www_google_.url().host(), "/",
       creation_time, base::Time(), false, false, CookieSameSite::DEFAULT_MODE,
       false, COOKIE_PRIORITY_DEFAULT));
-  scoped_ptr<CanonicalCookie> cookie5_with_new_creation_time(
+  std::unique_ptr<CanonicalCookie> cookie5_with_new_creation_time(
       CanonicalCookie::Create(
           http_www_google_.url(), "I", "J", http_www_google_.url().host(), "/",
           now, base::Time(), false, false, CookieSameSite::DEFAULT_MODE, false,
           COOKIE_PRIORITY_DEFAULT));
-  scoped_ptr<CanonicalCookie> cookie6(CanonicalCookie::Create(
+  std::unique_ptr<CanonicalCookie> cookie6(CanonicalCookie::Create(
       http_www_google_.url(), "K", "L", http_www_google_.url().host(), "/foo",
       creation_time, base::Time(), false, false, CookieSameSite::DEFAULT_MODE,
       false, COOKIE_PRIORITY_DEFAULT));
-  scoped_ptr<CanonicalCookie> cookie6_with_new_path(CanonicalCookie::Create(
-      http_www_google_.url(), "K", "L", http_www_google_.url().host(), "/bar",
-      creation_time, base::Time(), false, false, CookieSameSite::DEFAULT_MODE,
-      false, COOKIE_PRIORITY_DEFAULT));
-  scoped_ptr<CanonicalCookie> cookie7(CanonicalCookie::Create(
+  std::unique_ptr<CanonicalCookie> cookie6_with_new_path(
+      CanonicalCookie::Create(
+          http_www_google_.url(), "K", "L", http_www_google_.url().host(),
+          "/bar", creation_time, base::Time(), false, false,
+          CookieSameSite::DEFAULT_MODE, false, COOKIE_PRIORITY_DEFAULT));
+  std::unique_ptr<CanonicalCookie> cookie7(CanonicalCookie::Create(
       http_www_google_.url(), "M", "N", http_www_google_.url().host(), "/foo",
       creation_time, base::Time(), false, false, CookieSameSite::DEFAULT_MODE,
       false, COOKIE_PRIORITY_DEFAULT));
-  scoped_ptr<CanonicalCookie> cookie7_with_new_path(CanonicalCookie::Create(
-      http_www_google_.url(), "M", "N", http_www_google_.url().host(), "/bar",
-      creation_time, base::Time(), false, false, CookieSameSite::DEFAULT_MODE,
-      false, COOKIE_PRIORITY_DEFAULT));
+  std::unique_ptr<CanonicalCookie> cookie7_with_new_path(
+      CanonicalCookie::Create(
+          http_www_google_.url(), "M", "N", http_www_google_.url().host(),
+          "/bar", creation_time, base::Time(), false, false,
+          CookieSameSite::DEFAULT_MODE, false, COOKIE_PRIORITY_DEFAULT));
 
   CookieList old_cookies;
   old_cookies.push_back(*cookie1);
@@ -2461,7 +2710,7 @@ TEST_F(CookieMonsterTest, ComputeCookieDiff) {
 // works).
 TEST_F(CookieMonsterTest, DeleteAll) {
   scoped_refptr<FlushablePersistentStore> store(new FlushablePersistentStore());
-  scoped_ptr<CookieMonster> cm(new CookieMonster(store.get(), nullptr));
+  std::unique_ptr<CookieMonster> cm(new CookieMonster(store.get(), nullptr));
   cm->SetPersistSessionCookies(true);
 
   EXPECT_TRUE(SetCookie(cm.get(), http_www_google_.url(), "X=Y; path=/"));
@@ -2472,7 +2721,7 @@ TEST_F(CookieMonsterTest, DeleteAll) {
 }
 
 TEST_F(CookieMonsterTest, HistogramCheck) {
-  scoped_ptr<CookieMonster> cm(new CookieMonster(nullptr, nullptr));
+  std::unique_ptr<CookieMonster> cm(new CookieMonster(nullptr, nullptr));
   // Should match call in InitializeHistograms, but doesn't really matter
   // since the histogram should have been initialized by the CM construction
   // above.
@@ -2480,21 +2729,21 @@ TEST_F(CookieMonsterTest, HistogramCheck) {
       "Cookie.ExpirationDurationMinutes", 1, 10 * 365 * 24 * 60, 50,
       base::Histogram::kUmaTargetedHistogramFlag);
 
-  scoped_ptr<base::HistogramSamples> samples1(
+  std::unique_ptr<base::HistogramSamples> samples1(
       expired_histogram->SnapshotSamples());
   ASSERT_TRUE(SetCookieWithDetails(
       cm.get(), GURL("http://fake.a.url"), "a", "b", "a.url", "/", base::Time(),
       base::Time::Now() + base::TimeDelta::FromMinutes(59), base::Time(), false,
       false, CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT));
 
-  scoped_ptr<base::HistogramSamples> samples2(
+  std::unique_ptr<base::HistogramSamples> samples2(
       expired_histogram->SnapshotSamples());
   EXPECT_EQ(samples1->TotalCount() + 1, samples2->TotalCount());
 
   // kValidCookieLine creates a session cookie.
   ASSERT_TRUE(SetCookie(cm.get(), http_www_google_.url(), kValidCookieLine));
 
-  scoped_ptr<base::HistogramSamples> samples3(
+  std::unique_ptr<base::HistogramSamples> samples3(
       expired_histogram->SnapshotSamples());
   EXPECT_EQ(samples2->TotalCount(), samples3->TotalCount());
 }
@@ -2502,7 +2751,7 @@ TEST_F(CookieMonsterTest, HistogramCheck) {
 TEST_F(CookieMonsterTest, InvalidExpiryTime) {
   std::string cookie_line =
       std::string(kValidCookieLine) + "; expires=Blarg arg arg";
-  scoped_ptr<CanonicalCookie> cookie(CanonicalCookie::Create(
+  std::unique_ptr<CanonicalCookie> cookie(CanonicalCookie::Create(
       http_www_google_.url(), cookie_line, Time::Now(), CookieOptions()));
   ASSERT_FALSE(cookie->IsPersistent());
 }
@@ -2511,7 +2760,7 @@ TEST_F(CookieMonsterTest, InvalidExpiryTime) {
 // CookieStore if the "persist session cookies" option is on.
 TEST_F(CookieMonsterTest, PersistSessionCookies) {
   scoped_refptr<MockPersistentCookieStore> store(new MockPersistentCookieStore);
-  scoped_ptr<CookieMonster> cm(new CookieMonster(store.get(), nullptr));
+  std::unique_ptr<CookieMonster> cm(new CookieMonster(store.get(), nullptr));
   cm->SetPersistSessionCookies(true);
 
   // All cookies set with SetCookie are session cookies.
@@ -2547,7 +2796,7 @@ TEST_F(CookieMonsterTest, PersistSessionCookies) {
 // Test the commands sent to the persistent cookie store.
 TEST_F(CookieMonsterTest, PersisentCookieStorageTest) {
   scoped_refptr<MockPersistentCookieStore> store(new MockPersistentCookieStore);
-  scoped_ptr<CookieMonster> cm(new CookieMonster(store.get(), nullptr));
+  std::unique_ptr<CookieMonster> cm(new CookieMonster(store.get(), nullptr));
 
   // Add a cookie.
   EXPECT_TRUE(SetCookie(cm.get(), http_www_google_.url(),
@@ -2603,7 +2852,7 @@ TEST_F(CookieMonsterTest, ControlCharacterPurge) {
 
   // We have to manually build this cookie because it contains a control
   // character, and our cookie line parser rejects control characters.
-  scoped_ptr<CanonicalCookie> cc = CanonicalCookie::Create(
+  std::unique_ptr<CanonicalCookie> cc = CanonicalCookie::Create(
       url, "baz",
       "\x05"
       "boo",
@@ -2616,7 +2865,7 @@ TEST_F(CookieMonsterTest, ControlCharacterPurge) {
   // Inject our initial cookies into the mock PersistentCookieStore.
   store->SetLoadExpectation(true, initial_cookies);
 
-  scoped_ptr<CookieMonster> cm(new CookieMonster(store.get(), nullptr));
+  std::unique_ptr<CookieMonster> cm(new CookieMonster(store.get(), nullptr));
 
   EXPECT_EQ("foo=bar; hello=world", GetCookies(cm.get(), url));
 }
@@ -2627,7 +2876,7 @@ TEST_F(CookieMonsterTest, CookieSourceHistogram) {
   const std::string cookie_source_histogram = "Cookie.CookieSourceScheme";
 
   scoped_refptr<MockPersistentCookieStore> store(new MockPersistentCookieStore);
-  scoped_ptr<CookieMonster> cm(new CookieMonster(store.get(), nullptr));
+  std::unique_ptr<CookieMonster> cm(new CookieMonster(store.get(), nullptr));
 
   histograms.ExpectTotalCount(cookie_source_histogram, 0);
 
@@ -2694,7 +2943,7 @@ TEST_F(CookieMonsterTest, CookieDeleteEquivalentHistogramTest) {
   const std::string cookie_source_histogram = "Cookie.CookieDeleteEquivalent";
 
   scoped_refptr<MockPersistentCookieStore> store(new MockPersistentCookieStore);
-  scoped_ptr<CookieMonster> cm(new CookieMonster(store.get(), nullptr));
+  std::unique_ptr<CookieMonster> cm(new CookieMonster(store.get(), nullptr));
 
   // Set a secure cookie from a secure origin
   EXPECT_TRUE(SetCookie(cm.get(), https_www_google_.url(), "A=B; Secure"));
@@ -2759,7 +3008,7 @@ TEST_F(CookieMonsterTest, CookieDeleteEquivalentHistogramTest) {
 }
 
 TEST_F(CookieMonsterStrictSecureTest, SetSecureCookies) {
-  scoped_ptr<CookieMonster> cm(new CookieMonster(nullptr, nullptr));
+  std::unique_ptr<CookieMonster> cm(new CookieMonster(nullptr, nullptr));
   GURL http_url("http://www.google.com");
   GURL http_superdomain_url("http://google.com");
   GURL https_url("https://www.google.com");
@@ -2836,13 +3085,13 @@ TEST_F(CookieMonsterStrictSecureTest, EvictSecureCookies) {
   // non-secure cookie will not evict them (and, in fact, the non-secure cookie
   // will be removed right after creation).
   const CookiesEntry test1[] = {{180U, true}, {1U, false}};
-  TestSecureCookieEviction(test1, arraysize(test1), 180U, 0U, nullptr);
+  TestSecureCookieEviction(test1, arraysize(test1), 150U, 0U, nullptr);
 
   // If non-secure cookies for one domain hit the per domain limit (180), the
-  // creation of secure cookies will evict all of the non-secure cookies, and
-  // the secure cookies will still be created.
+  // creation of secure cookies will evict the non-secure cookies first, making
+  // room for the secure cookies.
   const CookiesEntry test2[] = {{180U, false}, {20U, true}};
-  TestSecureCookieEviction(test2, arraysize(test2), 20U, 0U, nullptr);
+  TestSecureCookieEviction(test2, arraysize(test2), 20U, 149U, nullptr);
 
   // If secure cookies for one domain go past the per domain limit (180), they
   // will be evicted as normal by the per domain purge amount (30) down to a
@@ -2854,9 +3103,9 @@ TEST_F(CookieMonsterStrictSecureTest, EvictSecureCookies) {
   // If a non-secure cookie is created, and a number of secure cookies exceeds
   // the per domain limit (18), the total cookies will be evicted down to a
   // lower amount (150), enforcing the eviction of the non-secure cookie, and
-  // the remaining secure cookies will be created (another 18 to 168).
+  // the remaining secure cookies will be created (another 19 to 169).
   const CookiesEntry test4[] = {{1U, false}, {199U, true}};
-  TestSecureCookieEviction(test4, arraysize(test4), 168U, 0U, nullptr);
+  TestSecureCookieEviction(test4, arraysize(test4), 169U, 0U, nullptr);
 
   // If an even number of non-secure and secure cookies are created below the
   // per-domain limit (180), all will be created and none evicted.
@@ -2865,38 +3114,40 @@ TEST_F(CookieMonsterStrictSecureTest, EvictSecureCookies) {
 
   // If the same number of secure and non-secure cookies are created (50 each)
   // below the per domain limit (180), and then another set of secure cookies
-  // are created to bring the total above the per-domain limit, all of the
-  // non-secure cookies will be evicted but none of the secure ones will be
-  // evicted.
+  // are created to bring the total above the per-domain limit, all secure
+  // cookies will be retained, and the non-secure cookies will be culled down
+  // to the limit.
   const CookiesEntry test6[] = {{50U, true}, {50U, false}, {81U, true}};
-  TestSecureCookieEviction(test6, arraysize(test6), 131U, 0U, nullptr);
+  TestSecureCookieEviction(test6, arraysize(test6), 131U, 19U, nullptr);
 
   // If the same number of non-secure and secure cookies are created (50 each)
   // below the per domain limit (180), and then another set of non-secure
-  // cookies are created to bring the total above the per-domain limit, all of
-  // the non-secure cookies will be evicted but none of the secure ones will be
-  // evicted.
+  // cookies are created to bring the total above the per-domain limit, all
+  // secure cookies will be retained, and the non-secure cookies will be culled
+  // down to the limit.
   const CookiesEntry test7[] = {{50U, false}, {50U, true}, {81U, false}};
-  TestSecureCookieEviction(test7, arraysize(test7), 50U, 0U, nullptr);
+  TestSecureCookieEviction(test7, arraysize(test7), 50U, 100U, nullptr);
 
   // If the same number of non-secure and secure cookies are created (50 each)
   // below the per domain limit (180), and then another set of non-secure
-  // cookies are created to bring the total above the per-domain limit, all of
-  // the non-secure cookies will be evicted but none of the secure ones will be
-  // evicted, and then the remaining non-secure cookies will be created (9).
+  // cookies are created to bring the total above the per-domain limit, all
+  // secure cookies will be retained, and the non-secure cookies will be culled
+  // down to the limit, then the remaining non-secure cookies will be created
+  // (9).
   const CookiesEntry test8[] = {{50U, false}, {50U, true}, {90U, false}};
-  TestSecureCookieEviction(test8, arraysize(test8), 50U, 9U, nullptr);
+  TestSecureCookieEviction(test8, arraysize(test8), 50U, 109U, nullptr);
 
   // If a number of non-secure cookies are created on other hosts (20) and are
   // past the global 'safe' date, and then the number of non-secure cookies for
   // a single domain are brought to the per-domain limit (180), followed by
-  // another set of secure cookies on that same domain (20), all of the
-  // non-secure cookies for that domain should be evicted, but the non-secure
-  // cookies for other domains should remain, as should the secure cookies for
-  // that domain.
+  // another set of secure cookies on that same domain (20), all the secure
+  // cookies for that domain should be retained, while the non-secure should be
+  // culled down to the per-domain limit. The non-secure cookies for other
+  // domains should remain untouched.
   const CookiesEntry test9[] = {{180U, false}, {20U, true}};
   const AltHosts test9_alt_hosts(0, 20);
-  TestSecureCookieEviction(test9, arraysize(test9), 20U, 20U, &test9_alt_hosts);
+  TestSecureCookieEviction(test9, arraysize(test9), 20U, 169U,
+                           &test9_alt_hosts);
 
   // If a number of secure cookies are created on other hosts and hit the global
   // cookie limit (3300) and are past the global 'safe' date, and then a single
@@ -2952,7 +3203,7 @@ TEST_F(CookieMonsterStrictSecureTest, EvictSecureCookies) {
 // Tests that strict secure cookies doesn't trip equivalent cookie checks
 // accidentally. Regression test for https://crbug.com/569943.
 TEST_F(CookieMonsterStrictSecureTest, EquivalentCookies) {
-  scoped_ptr<CookieMonster> cm(new CookieMonster(nullptr, nullptr));
+  std::unique_ptr<CookieMonster> cm(new CookieMonster(nullptr, nullptr));
   GURL http_url("http://www.google.com");
   GURL http_superdomain_url("http://google.com");
   GURL https_url("https://www.google.com");
@@ -2977,7 +3228,7 @@ TEST_F(CookieMonsterStrictSecureTest, CookieDeleteEquivalentHistogramTest) {
   const std::string cookie_source_histogram = "Cookie.CookieDeleteEquivalent";
 
   scoped_refptr<MockPersistentCookieStore> store(new MockPersistentCookieStore);
-  scoped_ptr<CookieMonster> cm(new CookieMonster(store.get(), nullptr));
+  std::unique_ptr<CookieMonster> cm(new CookieMonster(store.get(), nullptr));
 
   // Set a secure cookie from a secure origin
   EXPECT_TRUE(SetCookie(cm.get(), https_www_google_.url(), "A=B; Secure"));
@@ -3063,7 +3314,7 @@ class CookieMonsterNotificationTest : public CookieMonsterTest {
 
  private:
   scoped_refptr<MockPersistentCookieStore> store_;
-  scoped_ptr<CookieMonster> monster_;
+  std::unique_ptr<CookieMonster> monster_;
 };
 
 void RecordCookieChanges(std::vector<CanonicalCookie>* out_cookies,
@@ -3078,7 +3329,7 @@ void RecordCookieChanges(std::vector<CanonicalCookie>* out_cookies,
 
 TEST_F(CookieMonsterNotificationTest, NoNotifyWithNoCookie) {
   std::vector<CanonicalCookie> cookies;
-  scoped_ptr<CookieStore::CookieChangedSubscription> sub(
+  std::unique_ptr<CookieStore::CookieChangedSubscription> sub(
       monster()->AddCallbackForCookie(
           test_url_, "abc",
           base::Bind(&RecordCookieChanges, &cookies, nullptr)));
@@ -3090,7 +3341,7 @@ TEST_F(CookieMonsterNotificationTest, NoNotifyWithInitialCookie) {
   std::vector<CanonicalCookie> cookies;
   SetCookie(monster(), test_url_, "abc=def");
   base::MessageLoop::current()->RunUntilIdle();
-  scoped_ptr<CookieStore::CookieChangedSubscription> sub(
+  std::unique_ptr<CookieStore::CookieChangedSubscription> sub(
       monster()->AddCallbackForCookie(
           test_url_, "abc",
           base::Bind(&RecordCookieChanges, &cookies, nullptr)));
@@ -3101,7 +3352,7 @@ TEST_F(CookieMonsterNotificationTest, NoNotifyWithInitialCookie) {
 TEST_F(CookieMonsterNotificationTest, NotifyOnSet) {
   std::vector<CanonicalCookie> cookies;
   std::vector<bool> removes;
-  scoped_ptr<CookieStore::CookieChangedSubscription> sub(
+  std::unique_ptr<CookieStore::CookieChangedSubscription> sub(
       monster()->AddCallbackForCookie(
           test_url_, "abc",
           base::Bind(&RecordCookieChanges, &cookies, &removes)));
@@ -3118,7 +3369,7 @@ TEST_F(CookieMonsterNotificationTest, NotifyOnSet) {
 TEST_F(CookieMonsterNotificationTest, NotifyOnDelete) {
   std::vector<CanonicalCookie> cookies;
   std::vector<bool> removes;
-  scoped_ptr<CookieStore::CookieChangedSubscription> sub(
+  std::unique_ptr<CookieStore::CookieChangedSubscription> sub(
       monster()->AddCallbackForCookie(
           test_url_, "abc",
           base::Bind(&RecordCookieChanges, &cookies, &removes)));
@@ -3140,7 +3391,7 @@ TEST_F(CookieMonsterNotificationTest, NotifyOnDelete) {
 TEST_F(CookieMonsterNotificationTest, NotifyOnUpdate) {
   std::vector<CanonicalCookie> cookies;
   std::vector<bool> removes;
-  scoped_ptr<CookieStore::CookieChangedSubscription> sub(
+  std::unique_ptr<CookieStore::CookieChangedSubscription> sub(
       monster()->AddCallbackForCookie(
           test_url_, "abc",
           base::Bind(&RecordCookieChanges, &cookies, &removes)));
@@ -3168,11 +3419,11 @@ TEST_F(CookieMonsterNotificationTest, NotifyOnUpdate) {
 TEST_F(CookieMonsterNotificationTest, MultipleNotifies) {
   std::vector<CanonicalCookie> cookies0;
   std::vector<CanonicalCookie> cookies1;
-  scoped_ptr<CookieStore::CookieChangedSubscription> sub0(
+  std::unique_ptr<CookieStore::CookieChangedSubscription> sub0(
       monster()->AddCallbackForCookie(
           test_url_, "abc",
           base::Bind(&RecordCookieChanges, &cookies0, nullptr)));
-  scoped_ptr<CookieStore::CookieChangedSubscription> sub1(
+  std::unique_ptr<CookieStore::CookieChangedSubscription> sub1(
       monster()->AddCallbackForCookie(
           test_url_, "def",
           base::Bind(&RecordCookieChanges, &cookies1, nullptr)));
@@ -3189,11 +3440,11 @@ TEST_F(CookieMonsterNotificationTest, MultipleNotifies) {
 TEST_F(CookieMonsterNotificationTest, MultipleSameNotifies) {
   std::vector<CanonicalCookie> cookies0;
   std::vector<CanonicalCookie> cookies1;
-  scoped_ptr<CookieStore::CookieChangedSubscription> sub0(
+  std::unique_ptr<CookieStore::CookieChangedSubscription> sub0(
       monster()->AddCallbackForCookie(
           test_url_, "abc",
           base::Bind(&RecordCookieChanges, &cookies0, nullptr)));
-  scoped_ptr<CookieStore::CookieChangedSubscription> sub1(
+  std::unique_ptr<CookieStore::CookieChangedSubscription> sub1(
       monster()->AddCallbackForCookie(
           test_url_, "abc",
           base::Bind(&RecordCookieChanges, &cookies1, nullptr)));
diff --git a/chromium/net/cookies/cookie_store.cc b/chromium/net/cookies/cookie_store.cc
index f1dff9ada43..cb9acc8b41d 100644
--- a/chromium/net/cookies/cookie_store.cc
+++ b/chromium/net/cookies/cookie_store.cc
@@ -4,6 +4,8 @@
 
 #include "net/cookies/cookie_store.h"
 
+#include "base/bind.h"
+#include "base/callback.h"
 #include "net/cookies/cookie_options.h"
 
 namespace net {
diff --git a/chromium/net/cookies/cookie_store.h b/chromium/net/cookies/cookie_store.h
index f6426c5d695..aaf1b743e46 100644
--- a/chromium/net/cookies/cookie_store.h
+++ b/chromium/net/cookies/cookie_store.h
@@ -7,12 +7,12 @@
 #ifndef NET_COOKIES_COOKIE_STORE_H_
 #define NET_COOKIES_COOKIE_STORE_H_
 
+#include <memory>
 #include <string>
 #include <vector>
 
-#include "base/callback.h"
+#include "base/callback_forward.h"
 #include "base/callback_list.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/time/time.h"
 #include "net/base/net_export.h"
 #include "net/cookies/canonical_cookie.h"
@@ -43,6 +43,7 @@ class NET_EXPORT CookieStore {
   typedef base::CallbackList<void(const CanonicalCookie& cookie, bool removed)>
       CookieChangedCallbackList;
   typedef CookieChangedCallbackList::Subscription CookieChangedSubscription;
+  typedef base::Callback<bool(const CanonicalCookie& cookie)> CookiePredicate;
 
   virtual ~CookieStore();
 
@@ -150,21 +151,21 @@ class NET_EXPORT CookieStore {
 
   // Deletes all of the cookies that have a creation_date greater than or equal
   // to |delete_begin| and less than |delete_end|
-  // Returns the number of cookies that have been deleted.
+  // Calls |callback| with the number of cookies deleted.
   virtual void DeleteAllCreatedBetweenAsync(const base::Time& delete_begin,
                                             const base::Time& delete_end,
                                             const DeleteCallback& callback) = 0;
 
-  // Deletes all of the cookies that match the host of the given URL
-  // regardless of path and that have a creation_date greater than or
-  // equal to |delete_begin| and less then |delete_end|. This includes
-  // all http_only and secure cookies, but does not include any domain
-  // cookies that may apply to this host.
-  // Returns the number of cookies deleted.
-  virtual void DeleteAllCreatedBetweenForHostAsync(
-      const base::Time delete_begin,
-      const base::Time delete_end,
-      const GURL& url,
+  // Deletes all of the cookies that match the given predicate and that have a
+  // creation_date greater than or equal to |delete_begin| and less then
+  // |delete_end|. This includes all http_only and secure cookies. Avoid
+  // deleting cookies that could leave websites with a partial set of visible
+  // cookies.
+  // Calls |callback| with the number of cookies deleted.
+  virtual void DeleteAllCreatedBetweenWithPredicateAsync(
+      const base::Time& delete_begin,
+      const base::Time& delete_end,
+      const CookiePredicate& predicate,
       const DeleteCallback& callback) = 0;
 
   virtual void DeleteSessionCookiesAsync(const DeleteCallback&) = 0;
@@ -197,7 +198,7 @@ class NET_EXPORT CookieStore {
   // (url, name) pair are removed. If this method ever needs to support an
   // unbounded amount of such pairs, this contract needs to change and
   // implementors need to be improved to not behave this way.
-  virtual scoped_ptr<CookieChangedSubscription> AddCallbackForCookie(
+  virtual std::unique_ptr<CookieChangedSubscription> AddCallbackForCookie(
       const GURL& url,
       const std::string& name,
       const CookieChangedCallback& callback) = 0;
diff --git a/chromium/net/cookies/cookie_store_test_helpers.cc b/chromium/net/cookies/cookie_store_test_helpers.cc
index d2dc2106192..5ae3629ae19 100644
--- a/chromium/net/cookies/cookie_store_test_helpers.cc
+++ b/chromium/net/cookies/cookie_store_test_helpers.cc
@@ -8,7 +8,7 @@
 #include "base/location.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/string_util.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/registry_controlled_domains/registry_controlled_domain.h"
 
 using net::registry_controlled_domains::GetDomainAndRegistry;
@@ -189,10 +189,10 @@ void DelayedCookieMonster::DeleteAllCreatedBetweenAsync(
   ADD_FAILURE();
 }
 
-void DelayedCookieMonster::DeleteAllCreatedBetweenForHostAsync(
-    const base::Time delete_begin,
-    const base::Time delete_end,
-    const GURL& url,
+void DelayedCookieMonster::DeleteAllCreatedBetweenWithPredicateAsync(
+    const base::Time& delete_begin,
+    const base::Time& delete_end,
+    const base::Callback<bool(const CanonicalCookie&)>& predicate,
     const DeleteCallback& callback) {
   ADD_FAILURE();
 }
@@ -205,13 +205,13 @@ void DelayedCookieMonster::FlushStore(const base::Closure& callback) {
   ADD_FAILURE();
 }
 
-scoped_ptr<CookieStore::CookieChangedSubscription>
+std::unique_ptr<CookieStore::CookieChangedSubscription>
 DelayedCookieMonster::AddCallbackForCookie(
     const GURL& url,
     const std::string& name,
     const CookieChangedCallback& callback) {
   ADD_FAILURE();
-  return scoped_ptr<CookieStore::CookieChangedSubscription>();
+  return std::unique_ptr<CookieStore::CookieChangedSubscription>();
 }
 
 bool DelayedCookieMonster::IsEphemeral() {
diff --git a/chromium/net/cookies/cookie_store_test_helpers.h b/chromium/net/cookies/cookie_store_test_helpers.h
index 0ebae5bb9e2..687261ec7bc 100644
--- a/chromium/net/cookies/cookie_store_test_helpers.h
+++ b/chromium/net/cookies/cookie_store_test_helpers.h
@@ -79,19 +79,20 @@ class DelayedCookieMonster : public CookieStore {
                                     const base::Time& delete_end,
                                     const DeleteCallback& callback) override;
 
-  void DeleteAllCreatedBetweenForHostAsync(
-      const base::Time delete_begin,
-      const base::Time delete_end,
-      const GURL& url,
+  void DeleteAllCreatedBetweenWithPredicateAsync(
+      const base::Time& delete_begin,
+      const base::Time& delete_end,
+      const base::Callback<bool(const CanonicalCookie&)>& predicate,
       const DeleteCallback& callback) override;
 
   void DeleteSessionCookiesAsync(const DeleteCallback&) override;
 
   void FlushStore(const base::Closure& callback) override;
 
-  scoped_ptr<CookieStore::CookieChangedSubscription>
-  AddCallbackForCookie(const GURL& url, const std::string& name,
-                       const CookieChangedCallback& callback) override;
+  std::unique_ptr<CookieStore::CookieChangedSubscription> AddCallbackForCookie(
+      const GURL& url,
+      const std::string& name,
+      const CookieChangedCallback& callback) override;
 
   bool IsEphemeral() override;
 
@@ -116,7 +117,7 @@ class DelayedCookieMonster : public CookieStore {
 
   friend class base::RefCountedThreadSafe<DelayedCookieMonster>;
 
-  scoped_ptr<CookieMonster> cookie_monster_;
+  std::unique_ptr<CookieMonster> cookie_monster_;
 
   bool did_run_;
   bool result_;
diff --git a/chromium/net/cookies/cookie_store_unittest.cc b/chromium/net/cookies/cookie_store_unittest.cc
index 739336594a7..a0c77f403af 100644
--- a/chromium/net/cookies/cookie_store_unittest.cc
+++ b/chromium/net/cookies/cookie_store_unittest.cc
@@ -2,11 +2,12 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "net/cookies/cookie_store.h"
+
+#include <memory>
 #include <vector>
 
 #include "base/time/time.h"
-#include "net/cookies/cookie_store.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/cookies/canonical_cookie.h"
 #include "net/cookies/cookie_options.h"
 #include "testing/gtest/include/gtest/gtest.h"
@@ -19,7 +20,7 @@ namespace {
 // Helper for testing BuildCookieLine
 void MatchCookieLineToVector(
     const std::string& line,
-    const std::vector<scoped_ptr<CanonicalCookie>>& cookies) {
+    const std::vector<std::unique_ptr<CanonicalCookie>>& cookies) {
   // Test the std::vector<CanonicalCookie> variant
   // ('CookieMonster::CookieList'):
   std::vector<CanonicalCookie> list;
@@ -38,7 +39,7 @@ void MatchCookieLineToVector(
 } // namespace
 
 TEST(CookieStoreBaseTest, BuildCookieLine) {
-  std::vector<scoped_ptr<CanonicalCookie>> cookies;
+  std::vector<std::unique_ptr<CanonicalCookie>> cookies;
   GURL url("https://example.com/");
   CookieOptions options;
   base::Time now = base::Time::Now();
diff --git a/chromium/net/cookies/cookie_store_unittest.h b/chromium/net/cookies/cookie_store_unittest.h
index 2b42c897896..3f8b037cef8 100644
--- a/chromium/net/cookies/cookie_store_unittest.h
+++ b/chromium/net/cookies/cookie_store_unittest.h
@@ -14,8 +14,8 @@
 #include "base/message_loop/message_loop.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/string_tokenizer.h"
-#include "base/thread_task_runner_handle.h"
 #include "base/threading/thread.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/cookies/cookie_monster.h"
 #include "net/cookies/cookie_store.h"
 #include "net/cookies/cookie_store_test_callbacks.h"
@@ -42,7 +42,7 @@ const char kValidCookieLine[] = "A=B; path=/";
 // The CookieStoreTestTraits must have the following members:
 // struct CookieStoreTestTraits {
 //   // Factory function. Will be called at most once per test.
-//   static scoped_ptr<CookieStore> Create();
+//   static std::unique_ptr<CookieStore> Create();
 //
 //   // The cookie store supports cookies with the exclude_httponly() option.
 //   static const bool supports_http_only;
@@ -242,17 +242,17 @@ class CookieStoreTest : public testing::Test {
     return callback.result();
   }
 
-  int DeleteAllCreatedBetweenForHost(CookieStore* cs,
-                                     const base::Time delete_begin,
-                                     const base::Time delete_end,
-                                     const GURL& url) {
+  int DeleteAllCreatedBetweenWithPredicate(
+      CookieStore* cs,
+      const base::Time delete_begin,
+      const base::Time delete_end,
+      const CookieStore::CookiePredicate& predicate) {
     DCHECK(cs);
     ResultSavingCookieCallback<int> callback;
-    cs->DeleteAllCreatedBetweenForHostAsync(
-        delete_begin, delete_end, url,
-        base::Bind(
-            &ResultSavingCookieCallback<int>::Run,
-            base::Unretained(&callback)));
+    cs->DeleteAllCreatedBetweenWithPredicateAsync(
+        delete_begin, delete_end, predicate,
+        base::Bind(&ResultSavingCookieCallback<int>::Run,
+                   base::Unretained(&callback)));
     callback.WaitUntilDone();
     return callback.result();
   }
@@ -319,8 +319,8 @@ class CookieStoreTest : public testing::Test {
   const CookieURLHelper http_foo_com_;
   const CookieURLHelper http_bar_com_;
 
-  scoped_ptr<base::WeakPtrFactory<base::MessageLoop> > weak_factory_;
-  scoped_ptr<base::MessageLoop> message_loop_;
+  std::unique_ptr<base::WeakPtrFactory<base::MessageLoop>> weak_factory_;
+  std::unique_ptr<base::MessageLoop> message_loop_;
 
  private:
   // Returns a set of strings of type "name=value". Fails in case of duplicate.
@@ -332,7 +332,7 @@ class CookieStoreTest : public testing::Test {
     return tokens;
   }
 
-  scoped_ptr<CookieStore> cookie_store_;
+  std::unique_ptr<CookieStore> cookie_store_;
 };
 
 TYPED_TEST_CASE_P(CookieStoreTest);
@@ -1044,23 +1044,53 @@ TYPED_TEST_P(CookieStoreTest, TestDeleteAllCreatedBetween) {
                          this->GetCookies(cs, this->http_www_google_.url()));
 }
 
-TYPED_TEST_P(CookieStoreTest, TestDeleteAllCreatedBetweenForHost) {
+namespace {
+static bool CookieHasValue(const std::string& value,
+                           const CanonicalCookie& cookie) {
+  return cookie.Value() == value;
+}
+}
+
+TYPED_TEST_P(CookieStoreTest, TestDeleteAllCreatedBetweenWithPredicate) {
   CookieStore* cs = this->GetCookieStore();
-  GURL url_not_google("http://www.notgoogle.com");
   base::Time now = base::Time::Now();
+  base::Time last_month = base::Time::Now() - base::TimeDelta::FromDays(30);
+  base::Time last_minute = base::Time::Now() - base::TimeDelta::FromMinutes(1);
+  std::string desired_value("B");
 
   // These 3 cookies match the time range and host.
   EXPECT_TRUE(this->SetCookie(cs, this->http_www_google_.url(), "A=B"));
   EXPECT_TRUE(this->SetCookie(cs, this->http_www_google_.url(), "C=D"));
   EXPECT_TRUE(this->SetCookie(cs, this->http_www_google_.url(), "Y=Z"));
-
-  // This cookie does not match host.
-  EXPECT_TRUE(this->SetCookie(cs, url_not_google, "E=F"));
+  EXPECT_TRUE(this->SetCookie(cs, this->https_www_google_.url(), "E=B"));
 
   // Delete cookies.
-  EXPECT_EQ(3,  // Deletes A=B, C=D, Y=Z
-            this->DeleteAllCreatedBetweenForHost(cs, now, base::Time::Max(),
-                                                 this->http_www_google_.url()));
+  EXPECT_EQ(2,  // Deletes A=B, E=B
+            this->DeleteAllCreatedBetweenWithPredicate(
+                cs, now, base::Time::Max(),
+                base::Bind(&CookieHasValue, desired_value)));
+
+  // Check that we deleted the right ones.
+  this->MatchCookieLines("C=D;Y=Z",
+                         this->GetCookies(cs, this->https_www_google_.url()));
+
+  // Now check that using a null predicate will do nothing.
+  EXPECT_EQ(0, this->DeleteAllCreatedBetweenWithPredicate(
+                   cs, now, base::Time::Max(), CookieStore::CookiePredicate()));
+
+  // Finally, check that we don't delete cookies when our time range is off.
+  desired_value = "D";
+  EXPECT_EQ(0, this->DeleteAllCreatedBetweenWithPredicate(
+                   cs, last_month, last_minute,
+                   base::Bind(&CookieHasValue, desired_value)));
+  this->MatchCookieLines("C=D;Y=Z",
+                         this->GetCookies(cs, this->https_www_google_.url()));
+  // Same thing, but with a good time range.
+  EXPECT_EQ(1, this->DeleteAllCreatedBetweenWithPredicate(
+                   cs, now, base::Time::Max(),
+                   base::Bind(&CookieHasValue, desired_value)));
+  this->MatchCookieLines("Y=Z",
+                         this->GetCookies(cs, this->https_www_google_.url()));
 }
 
 TYPED_TEST_P(CookieStoreTest, TestSecure) {
@@ -1370,7 +1400,7 @@ REGISTER_TYPED_TEST_CASE_P(CookieStoreTest,
                            TestCookieDeletion,
                            TestDeleteAll,
                            TestDeleteAllCreatedBetween,
-                           TestDeleteAllCreatedBetweenForHost,
+                           TestDeleteAllCreatedBetweenWithPredicate,
                            TestSecure,
                            NetUtilCookieTest,
                            OverwritePersistentCookie,
diff --git a/chromium/net/data/http/http.dict b/chromium/net/data/http/http.dict
new file mode 100644
index 00000000000..2e750cb8fbb
--- /dev/null
+++ b/chromium/net/data/http/http.dict
@@ -0,0 +1,163 @@
+# Copyright 2016 The Chromium Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+# Fuzzer dictionary targetting HTTP/1.x responses.
+
+# Entries that are generally useful in headers
+":"
+"\x0A"
+"\x0D"
+"0"
+"50"
+"500"
+# Horizontal whitespace. Matters mostly in status line.
+" "
+"\x09"
+# Header continuation
+"\x0D\x0A\x09"
+# Used in a lot of individual headers
+";"
+"="
+","
+"\""
+"-"
+
+# Status line components
+"HTTP"
+"/1.1"
+"/1.0"
+# More interesting status codes.  Leading space so can be inserted into
+# other status lines.
+" 100"
+" 200"
+" 206"
+" 301"
+" 302"
+" 303"
+" 304"
+" 307"
+" 308"
+" 401"
+" 403"
+" 404"
+" 500"
+" 501"
+" 403"
+
+# Full status lines (Some with relevant following headers)
+"HTTP/1.1 200 OK\x0A\x0A"
+"HTTP/1.1 100 Continue\x0A\x0A"
+"HTTP/1.1 401 Unauthorized\x0AWWW-Authenticate: Basic realm=\"Middle-Earth\"\x0A\xA0"
+"HTTP/1.1 407 Proxy Authentication Required\x0AProxy-Authenticate: Digest realm=\"Middle-Earth\", nonce=\"aaaaaaaaaa\"\x0A\x0A"
+"HTTP/1.0 301 Moved Permanently\x0ALocation: /a\x0A\x0A"
+"HTTP/1.1 302 Found\x0ALocation: http://lost/\x0A\x0A"
+
+# Proxy authentication headers. Note that fuzzers don't support NTLM or
+# negotiate.
+"WWW-Authenticate:"
+"Proxy-Authenticate:"
+"Basic"
+"Digest"
+"realm"
+"nonce"
+
+"Connection:"
+"Proxy-Connection:"
+"Keep-Alive"
+"Close"
+"Upgrade"
+"\x0AConnection: Keep-Alive"
+"\x0AConnection: Close"
+"\x0AProxy-Connection: Keep-Alive"
+"\x0AProxy-Connection: Close"
+
+"Content-Length:"
+"Transfer-Encoding:"
+"chunked"
+"\x0AContent-Length: 0"
+"\x0AContent-Length: 500"
+"\x0ATransfer-Encoding: chunked\x0A\x0A5\x0A12345\x0A0\x0A\x0A"
+
+"Location:"
+"\x0ALocation: http://foo/"
+"\x0ALocation: http://bar/"
+"\x0ALocation: https://foo/"
+"\x0ALocation: https://bar/"
+
+"Accept-Ranges:"
+"bytes"
+"\x0AAccept-Ranges: bytes"
+
+"Content-Range:"
+
+"Age:"
+"\x0AAge: 0"
+"\x0AAge: 3153600000"
+
+"Cache-Control:"
+"max-age"
+"no-cache"
+"no-store"
+"must-revalidate"
+"\x0ACache-Control: max-age=3153600000"
+"\x0ACache-Control: max-age=0"
+"\x0ACache-Control: no-cache"
+"\x0ACache-Control: no-store"
+"\x0ACache-Control: must-revalidate"
+
+"Content-Disposition:"
+"attachment"
+"filename"
+
+"Content-Encoding:"
+"gzip"
+"deflate"
+"sdch"
+"br"
+"\x0AContent-Encoding: gzip"
+"\x0AContent-Encoding: deflate"
+"\x0AContent-Encoding: sdch"
+"\x0AContent-Encoding: br"
+
+"Date:"
+"Fri, 01 Apr, 2050 14:14:14 GMT"
+"Mon, 28 Mar, 2016 04:04:04 GMT"
+"\x0ADate: Fri, 01 Apr, 2050 14:14:14 GMT"
+"\x0ADate: Mon, 28 Mar, 2016 04:04:04 GMT"
+
+"Last-Modified:"
+"\x0ALast-Modified: Fri, 01 Apr, 2050 14:14:14 GMT"
+"\x0ALast-Modified: Mon, 28 Mar, 2016 04:04:04 GMT"
+
+"Expires:"
+"\x0AExpires: Fri, 01 Apr, 2050 14:14:14 GMT"
+"\x0AExpires: Mon, 28 Mar, 2016 04:04:04 GMT"
+
+"Set-Cookie:"
+"Expires"
+"Max-Age"
+"Domain"
+"Path"
+"Secure"
+"HttpOnly"
+"Priority"
+"Low"
+"Medium"
+"High"
+"SameSite"
+"Strict"
+"Lax"
+"\x0ASet-Cookie: foo=bar"
+"\x0ASet-Cookie: foo2=bar2;HttpOnly;Priority=Low;SameSite=Strict;Path=/"
+"\x0ASet-Cookie: foo=chicken;SameSite=Lax"
+
+"Strict-Transport-Security:"
+"includeSubDomains"
+
+"Vary:"
+"\x0AVary: Cookie"
+"\x0AVary: Age"
+
+"ETag:"
+"\x0AETag: jumboshrimp"
diff --git a/chromium/net/data/ssl/certificates/1024-rsa-ee-by-1024-rsa-intermediate.pem b/chromium/net/data/ssl/certificates/1024-rsa-ee-by-1024-rsa-intermediate.pem
index d751603cb9c..99b3a7a0c85 100644
--- a/chromium/net/data/ssl/certificates/1024-rsa-ee-by-1024-rsa-intermediate.pem
+++ b/chromium/net/data/ssl/certificates/1024-rsa-ee-by-1024-rsa-intermediate.pem
@@ -1,49 +1,61 @@
 Certificate:
     Data:
-        Version: 1 (0x0)
+        Version: 3 (0x2)
         Serial Number: 2 (0x2)
     Signature Algorithm: sha256WithRSAEncryption
         Issuer: CN=1024 rsa Test intermediate CA
         Validity
-            Not Before: Aug 14 02:47:20 2014 GMT
-            Not After : Aug 11 02:47:20 2024 GMT
+            Not Before: Apr 22 20:28:41 2016 GMT
+            Not After : Apr 20 20:28:41 2026 GMT
         Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (1024 bit)
                 Modulus:
-                    00:b8:47:d6:b7:60:88:5f:94:b2:17:9b:e5:21:74:
-                    97:70:b1:32:fb:23:73:84:f4:32:eb:25:87:2e:33:
-                    f4:25:08:5d:c9:1c:6b:ee:98:bc:dd:69:89:41:df:
-                    38:13:7c:ed:16:ee:f0:7a:51:33:23:5f:ae:e4:5f:
-                    3e:11:54:9f:68:f9:39:c7:6e:1c:76:c8:bd:73:ce:
-                    a1:6c:61:5a:70:88:0e:6f:07:85:f2:be:a6:f0:3c:
-                    49:5b:f4:bd:28:bb:0e:90:d6:00:1f:3f:5b:00:81:
-                    91:64:2e:e6:48:48:5a:e5:99:84:87:44:6f:b5:cc:
-                    f5:a6:ed:7a:d5:99:a4:33:41
+                    00:9f:47:a7:c7:70:ba:de:3c:27:a1:38:8c:be:b4:
+                    25:fe:9d:68:cd:56:69:96:f3:5c:1b:4a:9e:bd:14:
+                    f2:1c:fd:dd:59:ef:1c:9e:52:8a:55:78:ed:63:e1:
+                    19:a0:a3:92:bb:30:1a:1e:32:83:06:94:a9:80:e3:
+                    54:79:2e:79:4b:05:ba:6e:53:b0:e7:17:20:1f:cb:
+                    c3:a4:30:a2:80:e3:9a:ac:8c:80:3f:be:97:24:fd:
+                    ad:bd:98:9e:2b:8e:1b:cf:92:2a:02:25:a5:0f:d8:
+                    1c:1d:fa:e6:ce:76:75:2c:d1:0c:f1:1c:73:85:1c:
+                    9a:bb:cb:73:fa:95:bd:98:e3
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                4F:B4:7F:BD:2E:4A:D8:3A:50:56:3A:5B:24:8A:28:DB:E3:BD:59:FF
+            X509v3 Authority Key Identifier: 
+                keyid:AB:91:E6:2B:C9:C1:2E:7B:A0:65:F1:D4:8A:CE:03:4D:F4:7A:18:13
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication, TLS Web Client Authentication
             X509v3 Subject Alternative Name: 
                 IP Address:127.0.0.1
     Signature Algorithm: sha256WithRSAEncryption
-         28:af:b5:69:46:f0:db:43:d1:d1:df:74:6a:52:ef:40:a5:16:
-         e5:a5:6b:cf:e8:5d:1f:bb:40:2c:74:7f:e5:a4:a4:92:d3:08:
-         de:c4:8f:4d:ad:0f:db:93:89:5b:39:31:67:6c:f1:10:c9:0f:
-         8b:e8:8c:9b:80:fd:2f:b7:a0:87:d2:a8:e3:23:db:63:6c:66:
-         81:41:e7:84:dc:27:d0:7d:27:b5:57:5d:cb:d0:36:e6:91:ce:
-         e7:ce:0b:28:62:e4:f1:3b:ca:9a:46:ed:9d:50:77:d3:d9:c5:
-         83:88:23:b0:49:c3:13:36:82:4e:ca:0f:18:b1:06:38:37:5e:
-         ec:16
+         6e:db:0b:81:ea:0e:a3:bc:55:ba:09:f8:ec:b6:1e:b0:97:d6:
+         53:b2:6b:44:b5:4e:d0:84:86:d1:37:5e:f6:24:28:8d:bf:f4:
+         03:9e:e2:d2:9f:6d:19:17:97:51:c5:fe:f2:b8:95:67:bb:49:
+         4d:d6:6e:0e:6e:9c:40:81:68:c1:44:fb:c3:30:13:e6:91:73:
+         6e:09:a7:27:c8:7b:33:68:d4:ed:b2:81:33:21:63:a9:4f:25:
+         05:2f:d5:20:d5:58:3c:6a:af:27:59:8e:ab:c7:b9:c9:89:d7:
+         cb:94:bd:ba:34:0d:e3:0a:68:1c:c2:d0:1d:b4:d0:8b:89:39:
+         4b:a4
 -----BEGIN CERTIFICATE-----
-MIICDDCCAXUCAQIwDQYJKoZIhvcNAQELBQAwKDEmMCQGA1UEAwwdMTAyNCByc2Eg
-VGVzdCBpbnRlcm1lZGlhdGUgQ0EwHhcNMTQwODE0MDI0NzIwWhcNMjQwODExMDI0
-NzIwWjBgMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UE
-BwwNTW91bnRhaW4gVmlldzEQMA4GA1UECgwHVGVzdCBDQTESMBAGA1UEAwwJMTI3
-LjAuMC4xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4R9a3YIhflLIXm+Uh
-dJdwsTL7I3OE9DLrJYcuM/QlCF3JHGvumLzdaYlB3zgTfO0W7vB6UTMjX67kXz4R
-VJ9o+TnHbhx2yL1zzqFsYVpwiA5vB4XyvqbwPElb9L0ouw6Q1gAfP1sAgZFkLuZI
-SFrlmYSHRG+1zPWm7XrVmaQzQQIDAQABoxMwETAPBgNVHREECDAGhwR/AAABMA0G
-CSqGSIb3DQEBCwUAA4GBACivtWlG8NtD0dHfdGpS70ClFuWla8/oXR+7QCx0f+Wk
-pJLTCN7Ej02tD9uTiVs5MWds8RDJD4vojJuA/S+3oIfSqOMj22NsZoFB54TcJ9B9
-J7VXXcvQNuaRzufOCyhi5PE7yppG7Z1Qd9PZxYOII7BJwxM2gk7KDxixBjg3XuwW
+MIICfzCCAeigAwIBAgIBAjANBgkqhkiG9w0BAQsFADAoMSYwJAYDVQQDDB0xMDI0
+IHJzYSBUZXN0IGludGVybWVkaWF0ZSBDQTAeFw0xNjA0MjIyMDI4NDFaFw0yNjA0
+MjAyMDI4NDFaMGAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYw
+FAYDVQQHDA1Nb3VudGFpbiBWaWV3MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQD
+DAkxMjcuMC4wLjEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ9Hp8dwut48
+J6E4jL60Jf6daM1WaZbzXBtKnr0U8hz93VnvHJ5SilV47WPhGaCjkrswGh4ygwaU
+qYDjVHkueUsFum5TsOcXIB/Lw6QwooDjmqyMgD++lyT9rb2YniuOG8+SKgIlpQ/Y
+HB365s52dSzRDPEcc4UcmrvLc/qVvZjjAgMBAAGjgYAwfjAMBgNVHRMBAf8EAjAA
+MB0GA1UdDgQWBBRPtH+9LkrYOlBWOlskiijb471Z/zAfBgNVHSMEGDAWgBSrkeYr
+ycEue6Bl8dSKzgNN9HoYEzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
+DwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQsFAAOBgQBu2wuB6g6jvFW6Cfjs
+th6wl9ZTsmtEtU7QhIbRN172JCiNv/QDnuLSn20ZF5dRxf7yuJVnu0lN1m4ObpxA
+gWjBRPvDMBPmkXNuCacnyHszaNTtsoEzIWOpTyUFL9Ug1Vg8aq8nWY6rx7nJidfL
+lL26NA3jCmgcwtAdtNCLiTlLpA==
 -----END CERTIFICATE-----
diff --git a/chromium/net/data/ssl/certificates/1024-rsa-ee-by-2048-rsa-intermediate.pem b/chromium/net/data/ssl/certificates/1024-rsa-ee-by-2048-rsa-intermediate.pem
index f681256eb55..7bf1bb9869d 100644
--- a/chromium/net/data/ssl/certificates/1024-rsa-ee-by-2048-rsa-intermediate.pem
+++ b/chromium/net/data/ssl/certificates/1024-rsa-ee-by-2048-rsa-intermediate.pem
@@ -1,59 +1,71 @@
 Certificate:
     Data:
-        Version: 1 (0x0)
+        Version: 3 (0x2)
         Serial Number: 2 (0x2)
     Signature Algorithm: sha256WithRSAEncryption
         Issuer: CN=2048 rsa Test intermediate CA
         Validity
-            Not Before: Aug 14 02:47:20 2014 GMT
-            Not After : Aug 11 02:47:20 2024 GMT
+            Not Before: Apr 22 20:28:41 2016 GMT
+            Not After : Apr 20 20:28:41 2026 GMT
         Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (1024 bit)
                 Modulus:
-                    00:b5:a6:c6:f7:06:44:0c:36:4e:71:1b:06:14:a0:
-                    f5:27:6e:5a:6f:24:a9:e5:8d:2b:f5:fa:34:bf:60:
-                    d9:0b:da:34:50:6e:86:b6:e9:00:00:9e:42:f9:bd:
-                    7f:52:2e:5b:8c:eb:44:17:e0:d2:e7:d6:f8:88:3c:
-                    8a:74:7d:3c:94:fe:74:99:e7:08:d1:2c:40:97:e1:
-                    d1:b7:c4:06:94:8e:c0:d0:dc:e6:0f:21:86:1a:31:
-                    2a:e3:b3:ba:e9:a5:12:15:0c:ac:60:7c:ec:28:81:
-                    bf:f3:bc:5e:b9:bd:3a:10:e5:e5:15:ca:8a:97:ac:
-                    cd:8e:02:a1:fa:3f:11:5e:d5
+                    00:e3:7f:ce:bc:d2:a2:33:36:a5:0b:f1:a3:08:f9:
+                    7d:82:62:0d:ad:f3:63:a7:49:50:ea:7b:eb:24:b6:
+                    9e:0e:8f:9a:63:87:fd:81:cb:17:65:30:f8:8a:27:
+                    59:dd:7b:f2:55:dc:1d:f1:ad:c6:33:ae:eb:d7:4e:
+                    57:47:0c:91:fb:3a:fe:85:13:14:d7:fb:b6:9e:68:
+                    15:d6:38:0e:3b:9e:51:ed:b9:7c:4d:4a:56:24:46:
+                    5a:13:f4:df:3a:16:91:b0:70:c4:dc:86:22:a7:f7:
+                    91:b6:93:35:f4:33:21:7c:eb:f4:90:e4:56:9c:20:
+                    c6:02:6a:93:5d:a2:30:b0:77
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                F1:0B:57:46:80:DA:DF:AE:5F:99:7C:8E:C3:FA:3E:DC:4D:3D:75:6D
+            X509v3 Authority Key Identifier: 
+                keyid:5C:C2:71:76:C1:26:B1:0C:31:73:C8:92:D3:1E:01:12:4B:CC:5A:14
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication, TLS Web Client Authentication
             X509v3 Subject Alternative Name: 
                 IP Address:127.0.0.1
     Signature Algorithm: sha256WithRSAEncryption
-         83:e5:48:b9:21:68:aa:88:1e:42:30:99:2b:5f:bd:27:ed:18:
-         92:fd:13:10:df:cd:9e:3d:40:9e:1f:b0:9f:7a:c0:35:2a:43:
-         22:dd:5e:85:8b:24:d2:fb:b0:c3:a7:5d:d5:a5:b5:b9:1f:8a:
-         6d:a6:f3:20:7b:b0:99:e0:b7:8f:6b:e0:b5:41:d4:7e:43:84:
-         30:54:7a:5d:ef:d2:66:06:29:55:c9:ac:41:33:ab:2a:3a:66:
-         b7:2e:11:99:fa:16:12:77:b3:ab:7a:68:be:a5:d5:1b:1f:11:
-         1a:a5:6a:63:fb:f4:4e:00:ee:ef:70:d0:a8:6c:56:0a:d5:43:
-         08:c2:9c:8b:e8:e1:4b:e0:9b:9b:32:64:25:ee:71:ce:ec:53:
-         52:f3:10:06:e6:21:ed:96:66:cf:83:09:25:e0:e2:19:bd:5b:
-         4b:20:3e:6d:bf:ed:db:4a:26:2e:ee:ae:40:b8:21:24:37:6e:
-         4c:ab:6d:26:e9:87:76:45:df:3d:67:fa:b3:5c:85:46:26:ce:
-         5b:98:c9:31:35:a7:e3:d2:3e:2c:23:ae:dc:2d:87:94:19:01:
-         25:ac:37:ee:e3:46:e9:20:fd:5a:4b:97:7c:01:31:e9:32:ac:
-         95:85:99:d0:3d:85:0f:7a:83:8e:42:11:35:c2:46:f6:27:0f:
-         25:95:92:cf
+         6e:bf:10:0e:c0:2e:0c:7d:b6:4c:ed:e7:72:a4:2c:0d:07:e6:
+         d1:00:79:17:a0:5e:00:5e:94:54:10:2b:ba:94:b9:8e:f9:a5:
+         fa:6a:37:86:bd:b4:5b:47:b1:e7:8b:7a:86:2f:68:ad:af:db:
+         71:bb:60:21:e4:69:19:72:26:90:61:48:d4:62:bf:e1:c0:45:
+         96:29:f8:1c:c7:11:7d:d4:15:90:fb:7e:5f:56:5c:c4:6c:eb:
+         3a:0f:82:fd:d4:d1:cc:42:b1:e9:fc:63:d4:ea:fb:52:0e:3d:
+         54:a1:34:9a:73:66:f9:e7:3b:ca:6e:16:89:31:2a:ec:84:21:
+         ca:e8:4b:02:e8:90:d6:e0:1f:d1:4c:3e:1e:e1:d7:0a:1f:dd:
+         f3:32:b5:7e:c1:97:5c:ce:d7:8b:e1:1e:90:65:76:44:dd:59:
+         8c:2b:67:6f:f0:2e:ee:79:f2:69:6a:75:81:03:85:24:de:d7:
+         9f:12:28:e7:77:f4:49:cb:3a:9f:ec:3c:12:ac:d3:6c:71:31:
+         e7:32:4e:1f:94:1e:cc:0f:7a:02:5e:ce:94:c5:a9:e0:96:94:
+         50:05:ac:df:3b:57:c5:0d:96:5a:b5:14:43:be:31:60:ef:b6:
+         ad:ec:a6:75:20:80:8b:8f:14:d9:6c:96:73:ca:05:10:3f:d5:
+         be:30:ae:37
 -----BEGIN CERTIFICATE-----
-MIICjTCCAXUCAQIwDQYJKoZIhvcNAQELBQAwKDEmMCQGA1UEAwwdMjA0OCByc2Eg
-VGVzdCBpbnRlcm1lZGlhdGUgQ0EwHhcNMTQwODE0MDI0NzIwWhcNMjQwODExMDI0
-NzIwWjBgMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UE
-BwwNTW91bnRhaW4gVmlldzEQMA4GA1UECgwHVGVzdCBDQTESMBAGA1UEAwwJMTI3
-LjAuMC4xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1psb3BkQMNk5xGwYU
-oPUnblpvJKnljSv1+jS/YNkL2jRQboa26QAAnkL5vX9SLluM60QX4NLn1viIPIp0
-fTyU/nSZ5wjRLECX4dG3xAaUjsDQ3OYPIYYaMSrjs7rppRIVDKxgfOwogb/zvF65
-vToQ5eUVyoqXrM2OAqH6PxFe1QIDAQABoxMwETAPBgNVHREECDAGhwR/AAABMA0G
-CSqGSIb3DQEBCwUAA4IBAQCD5Ui5IWiqiB5CMJkrX70n7RiS/RMQ382ePUCeH7Cf
-esA1KkMi3V6FiyTS+7DDp13VpbW5H4ptpvMge7CZ4LePa+C1QdR+Q4QwVHpd79Jm
-BilVyaxBM6sqOma3LhGZ+hYSd7Oremi+pdUbHxEapWpj+/ROAO7vcNCobFYK1UMI
-wpyL6OFL4JubMmQl7nHO7FNS8xAG5iHtlmbPgwkl4OIZvVtLID5tv+3bSiYu7q5A
-uCEkN25Mq20m6Yd2Rd89Z/qzXIVGJs5bmMkxNafj0j4sI67cLYeUGQElrDfu40bp
-IP1aS5d8ATHpMqyVhZnQPYUPeoOOQhE1wkb2Jw8llZLP
+MIIDADCCAeigAwIBAgIBAjANBgkqhkiG9w0BAQsFADAoMSYwJAYDVQQDDB0yMDQ4
+IHJzYSBUZXN0IGludGVybWVkaWF0ZSBDQTAeFw0xNjA0MjIyMDI4NDFaFw0yNjA0
+MjAyMDI4NDFaMGAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYw
+FAYDVQQHDA1Nb3VudGFpbiBWaWV3MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQD
+DAkxMjcuMC4wLjEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAON/zrzSojM2
+pQvxowj5fYJiDa3zY6dJUOp76yS2ng6PmmOH/YHLF2Uw+IonWd178lXcHfGtxjOu
+69dOV0cMkfs6/oUTFNf7tp5oFdY4DjueUe25fE1KViRGWhP03zoWkbBwxNyGIqf3
+kbaTNfQzIXzr9JDkVpwgxgJqk12iMLB3AgMBAAGjgYAwfjAMBgNVHRMBAf8EAjAA
+MB0GA1UdDgQWBBTxC1dGgNrfrl+ZfI7D+j7cTT11bTAfBgNVHSMEGDAWgBRcwnF2
+wSaxDDFzyJLTHgESS8xaFDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
+DwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQsFAAOCAQEAbr8QDsAuDH22TO3n
+cqQsDQfm0QB5F6BeAF6UVBArupS5jvml+mo3hr20W0ex54t6hi9ora/bcbtgIeRp
+GXImkGFI1GK/4cBFlin4HMcRfdQVkPt+X1ZcxGzrOg+C/dTRzEKx6fxj1Or7Ug49
+VKE0mnNm+ec7ym4WiTEq7IQhyuhLAuiQ1uAf0Uw+HuHXCh/d8zK1fsGXXM7Xi+Ee
+kGV2RN1ZjCtnb/Au7nnyaWp1gQOFJN7XnxIo53f0Scs6n+w8EqzTbHEx5zJOH5Qe
+zA96Al7OlMWp4JaUUAWs3ztXxQ2WWrUUQ74xYO+2reymdSCAi48U2WyWc8oFED/V
+vjCuNw==
 -----END CERTIFICATE-----
diff --git a/chromium/net/data/ssl/certificates/1024-rsa-ee-by-768-rsa-intermediate.pem b/chromium/net/data/ssl/certificates/1024-rsa-ee-by-768-rsa-intermediate.pem
index 57cb2bf9aa6..17c5f65826d 100644
--- a/chromium/net/data/ssl/certificates/1024-rsa-ee-by-768-rsa-intermediate.pem
+++ b/chromium/net/data/ssl/certificates/1024-rsa-ee-by-768-rsa-intermediate.pem
@@ -1,47 +1,58 @@
 Certificate:
     Data:
-        Version: 1 (0x0)
+        Version: 3 (0x2)
         Serial Number: 2 (0x2)
     Signature Algorithm: sha256WithRSAEncryption
         Issuer: CN=768 rsa Test intermediate CA
         Validity
-            Not Before: Aug 14 02:47:20 2014 GMT
-            Not After : Aug 11 02:47:20 2024 GMT
+            Not Before: Apr 22 20:28:41 2016 GMT
+            Not After : Apr 20 20:28:41 2026 GMT
         Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (1024 bit)
                 Modulus:
-                    00:d9:85:9c:5a:f9:cf:c6:34:27:47:d7:cc:3f:c6:
-                    7b:33:6f:a7:d8:68:0e:58:8f:ce:2b:a8:3c:fd:2a:
-                    b0:34:46:22:63:96:a5:16:aa:98:04:f8:9f:3d:79:
-                    fb:71:93:8b:84:74:48:a6:fc:73:dc:da:a1:bb:b9:
-                    bb:b3:2b:3c:aa:10:96:54:42:55:e5:92:96:9c:6c:
-                    f6:b2:f0:20:d2:22:e0:7a:2f:4f:41:ea:50:09:39:
-                    7a:b2:71:19:87:60:c1:1d:53:3e:e1:4a:7c:ea:52:
-                    bc:52:db:9f:9c:86:ee:6f:1c:00:a6:00:6b:ce:ee:
-                    96:fc:52:cb:09:44:25:bc:d1
+                    00:df:d6:fb:c9:3c:e5:fd:2a:2a:4c:dd:75:6e:22:
+                    c9:12:91:d5:b9:c2:a8:bd:7e:5c:97:90:3f:73:e9:
+                    9b:a6:96:91:83:4f:8e:09:5f:b0:ab:13:06:1c:c5:
+                    60:f9:1e:fc:c7:e2:69:02:ae:6e:7a:2a:50:3b:26:
+                    06:2b:40:91:16:a5:e0:e0:b1:aa:60:54:8c:25:69:
+                    58:54:d6:b4:8c:0b:43:41:b0:ca:2f:71:6d:f1:0c:
+                    03:8c:84:b0:aa:1c:ac:94:c0:e9:ca:0d:a8:18:9c:
+                    e8:fa:84:f1:1a:67:e8:63:ae:d8:7f:06:94:17:11:
+                    29:41:62:a2:a5:0c:d0:0c:6d
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                02:4E:E8:A0:0B:C1:19:46:8E:1E:C9:9B:D8:AD:92:42:13:62:A3:AF
+            X509v3 Authority Key Identifier: 
+                keyid:9E:E3:A7:83:B0:59:6F:91:9F:C7:D5:34:61:4A:1A:B3:66:C7:44:A0
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication, TLS Web Client Authentication
             X509v3 Subject Alternative Name: 
                 IP Address:127.0.0.1
     Signature Algorithm: sha256WithRSAEncryption
-         a1:7c:6c:cb:cb:1e:ea:13:34:74:83:30:d2:07:ba:a0:86:09:
-         fb:ef:72:62:9a:72:3c:c4:9d:34:2d:fd:ee:cf:c5:4a:3a:20:
-         7e:dd:fa:32:7d:86:bd:b1:5e:14:73:e0:2b:72:a3:d9:b1:3d:
-         25:10:fc:ef:70:bb:ce:70:b7:b2:06:8d:0a:15:32:a9:f0:e8:
-         27:27:9c:ad:2b:24:58:d1:df:92:23:c4:d1:99:22:b2:01:fe:
-         71:cc:8d:3b:0e:e2
+         65:e4:d9:6c:3e:76:68:02:02:8e:88:2c:de:36:11:d3:e0:b6:
+         3a:6d:43:a1:d4:97:21:ad:7a:fa:b5:dd:a6:05:39:61:b3:04:
+         c2:3c:ea:4a:fb:4e:a2:c5:46:f8:a0:fd:d9:4e:c0:fa:dd:87:
+         c3:f8:dc:84:51:a8:72:61:bc:62:35:97:92:84:d1:54:c5:8b:
+         9a:e9:5e:72:4c:2c:23:03:ab:c3:32:b4:a2:39:31:d1:4f:67:
+         f4:9e:7d:2f:d9:23
 -----BEGIN CERTIFICATE-----
-MIIB6jCCAXQCAQIwDQYJKoZIhvcNAQELBQAwJzElMCMGA1UEAwwcNzY4IHJzYSBU
-ZXN0IGludGVybWVkaWF0ZSBDQTAeFw0xNDA4MTQwMjQ3MjBaFw0yNDA4MTEwMjQ3
-MjBaMGAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQH
-DA1Nb3VudGFpbiBWaWV3MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQDDAkxMjcu
-MC4wLjEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANmFnFr5z8Y0J0fXzD/G
-ezNvp9hoDliPziuoPP0qsDRGImOWpRaqmAT4nz15+3GTi4R0SKb8c9zaobu5u7Mr
-PKoQllRCVeWSlpxs9rLwINIi4HovT0HqUAk5erJxGYdgwR1TPuFKfOpSvFLbn5yG
-7m8cAKYAa87ulvxSywlEJbzRAgMBAAGjEzARMA8GA1UdEQQIMAaHBH8AAAEwDQYJ
-KoZIhvcNAQELBQADYQChfGzLyx7qEzR0gzDSB7qghgn773JimnI8xJ00Lf3uz8VK
-OiB+3foyfYa9sV4Uc+ArcqPZsT0lEPzvcLvOcLeyBo0KFTKp8OgnJ5ytKyRY0d+S
-I8TRmSKyAf5xzI07DuI=
+MIICXTCCAeegAwIBAgIBAjANBgkqhkiG9w0BAQsFADAnMSUwIwYDVQQDDBw3Njgg
+cnNhIFRlc3QgaW50ZXJtZWRpYXRlIENBMB4XDTE2MDQyMjIwMjg0MVoXDTI2MDQy
+MDIwMjg0MVowYDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAU
+BgNVBAcMDU1vdW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExEjAQBgNVBAMM
+CTEyNy4wLjAuMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA39b7yTzl/Soq
+TN11biLJEpHVucKovX5cl5A/c+mbppaRg0+OCV+wqxMGHMVg+R78x+JpAq5ueipQ
+OyYGK0CRFqXg4LGqYFSMJWlYVNa0jAtDQbDKL3Ft8QwDjISwqhyslMDpyg2oGJzo
++oTxGmfoY67YfwaUFxEpQWKipQzQDG0CAwEAAaOBgDB+MAwGA1UdEwEB/wQCMAAw
+HQYDVR0OBBYEFAJO6KALwRlGjh7Jm9itkkITYqOvMB8GA1UdIwQYMBaAFJ7jp4Ow
+WW+Rn8fVNGFKGrNmx0SgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAP
+BgNVHREECDAGhwR/AAABMA0GCSqGSIb3DQEBCwUAA2EAZeTZbD52aAICjogs3jYR
+0+C2Om1DodSXIa16+rXdpgU5YbMEwjzqSvtOosVG+KD92U7A+t2Hw/jchFGocmG8
+YjWXkoTRVMWLmuleckwsIwOrwzK0ojkx0U9n9J59L9kj
 -----END CERTIFICATE-----
diff --git a/chromium/net/data/ssl/certificates/1024-rsa-ee-by-prime256v1-ecdsa-intermediate.pem b/chromium/net/data/ssl/certificates/1024-rsa-ee-by-prime256v1-ecdsa-intermediate.pem
index 10c1d147861..45f0faa5cf7 100644
--- a/chromium/net/data/ssl/certificates/1024-rsa-ee-by-prime256v1-ecdsa-intermediate.pem
+++ b/chromium/net/data/ssl/certificates/1024-rsa-ee-by-prime256v1-ecdsa-intermediate.pem
@@ -1,44 +1,56 @@
 Certificate:
     Data:
-        Version: 1 (0x0)
+        Version: 3 (0x2)
         Serial Number: 2 (0x2)
     Signature Algorithm: ecdsa-with-SHA256
         Issuer: CN=prime256v1 ecdsa Test intermediate CA
         Validity
-            Not Before: Aug 14 02:47:21 2014 GMT
-            Not After : Aug 11 02:47:21 2024 GMT
+            Not Before: Apr 22 20:28:41 2016 GMT
+            Not After : Apr 20 20:28:41 2026 GMT
         Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (1024 bit)
                 Modulus:
-                    00:d7:11:5d:04:7a:29:ba:1a:1d:91:70:b8:ce:ff:
-                    8e:f8:17:7f:85:0e:78:e0:43:93:40:ae:75:fd:7d:
-                    fa:c1:c6:76:d8:be:6f:fc:0b:2f:b4:6e:34:65:88:
-                    2c:e5:4d:a2:07:ca:d9:4e:d5:d1:f9:0d:f2:e2:d5:
-                    3f:df:5c:9d:9e:84:c9:d1:f4:c1:8e:ab:1a:49:20:
-                    e6:88:b6:d3:fd:b3:5e:81:af:55:36:2c:a1:72:af:
-                    8a:16:97:29:25:51:3e:7b:37:85:b4:ae:fb:c7:16:
-                    a5:38:ff:4e:7c:dd:21:d7:32:42:9f:05:07:7c:6d:
-                    bf:85:02:33:ca:1c:c7:23:cd
+                    00:d0:22:14:bb:ad:90:dc:97:5c:0a:7e:a0:43:58:
+                    30:59:7b:41:33:a9:48:e4:06:c9:dd:5b:0c:3b:4a:
+                    2f:75:4a:5d:5b:44:b5:24:e7:ec:36:99:98:e0:56:
+                    d2:9d:3f:d4:36:29:2f:87:27:05:3d:73:b9:9d:97:
+                    4c:39:79:3e:95:31:bc:e0:12:f3:26:ca:c7:33:86:
+                    27:a9:5f:b1:a2:66:25:3c:61:95:0c:8b:c8:03:b0:
+                    6a:62:bd:55:f8:07:d0:84:16:75:eb:71:ea:bd:b7:
+                    56:b9:14:e0:f2:41:72:92:72:36:4b:7c:23:d4:b5:
+                    99:85:cc:34:b8:19:69:1c:69
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                44:AD:EF:D9:05:03:83:91:FE:A0:F3:3F:1E:C2:CE:ED:99:FD:78:75
+            X509v3 Authority Key Identifier: 
+                keyid:0D:6B:B6:D7:DD:7F:CD:4E:AD:06:6B:22:E1:11:08:58:10:AB:16:2A
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication, TLS Web Client Authentication
             X509v3 Subject Alternative Name: 
                 IP Address:127.0.0.1
     Signature Algorithm: ecdsa-with-SHA256
-         30:43:02:1f:48:3d:18:92:a1:85:1f:bb:64:1a:b9:43:7c:89:
-         a3:9c:7c:9c:a2:3e:e0:cb:bb:8a:87:2f:99:5d:b7:79:b5:02:
-         20:73:69:6d:79:83:3c:30:6d:6c:5b:29:a5:85:53:28:4b:ea:
-         4e:75:5c:c7:a8:dc:1f:e2:97:de:10:5b:57:af:78
+         30:44:02:20:56:76:a2:15:cf:3a:d3:54:7c:1b:7d:05:85:ea:
+         58:2a:91:02:64:52:63:67:44:c2:ea:b3:74:02:c7:29:1c:ed:
+         02:20:77:82:bf:d2:78:24:dc:a3:5a:77:be:5b:05:44:d2:6d:
+         f9:d4:78:ac:38:d9:69:8a:90:2c:f2:8f:41:d9:62:ad
 -----BEGIN CERTIFICATE-----
-MIIB0jCCAXoCAQIwCgYIKoZIzj0EAwIwMDEuMCwGA1UEAwwlcHJpbWUyNTZ2MSBl
-Y2RzYSBUZXN0IGludGVybWVkaWF0ZSBDQTAeFw0xNDA4MTQwMjQ3MjFaFw0yNDA4
-MTEwMjQ3MjFaMGAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYw
-FAYDVQQHDA1Nb3VudGFpbiBWaWV3MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQD
-DAkxMjcuMC4wLjEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANcRXQR6Kboa
-HZFwuM7/jvgXf4UOeOBDk0Cudf19+sHGdti+b/wLL7RuNGWILOVNogfK2U7V0fkN
-8uLVP99cnZ6EydH0wY6rGkkg5oi20/2zXoGvVTYsoXKvihaXKSVRPns3hbSu+8cW
-pTj/TnzdIdcyQp8FB3xtv4UCM8ocxyPNAgMBAAGjEzARMA8GA1UdEQQIMAaHBH8A
-AAEwCgYIKoZIzj0EAwIDRgAwQwIfSD0YkqGFH7tkGrlDfImjnHycoj7gy7uKhy+Z
-Xbd5tQIgc2lteYM8MG1sWymlhVMoS+pOdVzHqNwf4pfeEFtXr3g=
+MIICRjCCAe2gAwIBAgIBAjAKBggqhkjOPQQDAjAwMS4wLAYDVQQDDCVwcmltZTI1
+NnYxIGVjZHNhIFRlc3QgaW50ZXJtZWRpYXRlIENBMB4XDTE2MDQyMjIwMjg0MVoX
+DTI2MDQyMDIwMjg0MVowYDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3Ju
+aWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExEjAQ
+BgNVBAMMCTEyNy4wLjAuMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0CIU
+u62Q3JdcCn6gQ1gwWXtBM6lI5AbJ3VsMO0ovdUpdW0S1JOfsNpmY4FbSnT/UNikv
+hycFPXO5nZdMOXk+lTG84BLzJsrHM4YnqV+xomYlPGGVDIvIA7BqYr1V+AfQhBZ1
+63HqvbdWuRTg8kFyknI2S3wj1LWZhcw0uBlpHGkCAwEAAaOBgDB+MAwGA1UdEwEB
+/wQCMAAwHQYDVR0OBBYEFESt79kFA4OR/qDzPx7Czu2Z/Xh1MB8GA1UdIwQYMBaA
+FA1rttfdf81OrQZrIuERCFgQqxYqMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
+BQcDAjAPBgNVHREECDAGhwR/AAABMAoGCCqGSM49BAMCA0cAMEQCIFZ2ohXPOtNU
+fBt9BYXqWCqRAmRSY2dEwuqzdALHKRztAiB3gr/SeCTco1p3vlsFRNJt+dR4rDjZ
+aYqQLPKPQdlirQ==
 -----END CERTIFICATE-----
diff --git a/chromium/net/data/ssl/certificates/1024-rsa-intermediate.pem b/chromium/net/data/ssl/certificates/1024-rsa-intermediate.pem
index 334f5d7db11..d84308ed0ab 100644
--- a/chromium/net/data/ssl/certificates/1024-rsa-intermediate.pem
+++ b/chromium/net/data/ssl/certificates/1024-rsa-intermediate.pem
@@ -5,59 +5,59 @@ Certificate:
     Signature Algorithm: sha256WithRSAEncryption
         Issuer: CN=2048 RSA Test Root CA
         Validity
-            Not Before: Aug 14 02:47:20 2014 GMT
-            Not After : Aug 11 02:47:20 2024 GMT
+            Not Before: Apr 22 20:28:41 2016 GMT
+            Not After : Apr 20 20:28:41 2026 GMT
         Subject: CN=1024 rsa Test intermediate CA
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (1024 bit)
                 Modulus:
-                    00:bc:b1:ca:1b:3e:1b:f8:a0:c9:b1:87:d6:1e:e2:
-                    f2:17:8b:d6:ef:69:af:ff:7d:9e:5e:73:32:75:40:
-                    cd:df:37:07:71:3e:ba:c3:55:24:12:4d:e5:38:28:
-                    34:c4:ef:fd:dd:18:a3:26:87:9c:0d:0a:05:ba:c4:
-                    90:2a:69:b2:68:15:f0:99:79:d5:cc:a1:38:f0:2e:
-                    3e:f7:41:39:48:71:17:0d:3d:3d:e2:07:9f:cb:0a:
-                    e3:83:ef:91:0c:ac:d7:4a:f3:58:61:9a:38:91:06:
-                    9a:8c:6b:09:83:6c:98:be:e4:e1:d0:fc:20:d7:05:
-                    bc:eb:4d:c0:3b:2f:31:11:d7
+                    00:cf:5f:2c:84:5d:36:f4:64:c4:92:14:fd:35:63:
+                    e9:92:ff:93:bd:0d:18:5f:b3:1d:8c:2f:28:8f:f3:
+                    2f:8f:a1:4c:f1:1c:e4:15:66:3e:79:e7:aa:39:a0:
+                    46:32:4b:69:67:6b:cb:72:aa:90:e3:d0:d1:36:55:
+                    c6:b5:49:39:7c:d2:16:97:8b:f2:6c:1b:83:ea:f3:
+                    e2:18:6a:06:9f:49:4f:72:fd:4a:b8:42:c5:aa:0a:
+                    0d:2c:5c:74:97:d7:ee:4d:fc:3c:bf:1d:3f:ab:16:
+                    23:7a:28:32:b8:5d:c8:29:72:55:d5:ea:f1:52:37:
+                    f1:9c:a7:6c:f4:6f:3b:79:69
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Subject Key Identifier: 
-                35:63:02:EF:1B:6E:07:8F:BF:86:5B:C0:B1:54:0F:67:B7:EB:6D:FA
+                AB:91:E6:2B:C9:C1:2E:7B:A0:65:F1:D4:8A:CE:03:4D:F4:7A:18:13
             X509v3 Key Usage: critical
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         62:6f:54:44:e1:59:ca:9b:b6:d6:26:81:e7:14:6a:ce:59:a4:
-         14:9b:2d:4b:a8:44:c9:04:c1:5f:a0:46:6a:dc:47:d9:be:aa:
-         b5:d6:10:0d:6f:3b:62:8c:ea:f5:9a:75:c7:9e:be:05:7f:b0:
-         90:ed:fa:9e:01:63:61:29:f3:ce:f1:0b:ac:97:80:a6:63:c8:
-         b1:8d:ba:4f:96:16:01:6f:14:33:b0:0c:f7:79:8c:90:25:1f:
-         2f:54:91:67:9a:7e:f1:dd:cd:6c:10:56:06:4a:55:7f:3c:3e:
-         7e:e0:35:f1:40:54:0a:1a:23:ef:0d:8a:68:dd:1d:d1:10:f5:
-         b4:d7:82:45:ac:c5:83:31:c1:df:a9:d3:c1:c7:b3:ce:16:77:
-         ca:84:db:c0:d9:07:80:bc:6a:b7:bf:d2:24:f2:e5:83:d0:1e:
-         ca:d9:ff:f3:3a:3b:91:f9:81:b3:bb:91:22:71:9f:14:af:02:
-         c7:78:7d:5b:17:5f:62:3c:20:cd:61:fb:b3:45:c6:fb:8f:83:
-         b7:11:5a:4e:5d:79:f7:c8:13:be:88:91:5a:88:a8:1d:bd:93:
-         04:89:47:5d:77:28:0b:4e:25:9b:20:f7:4a:35:eb:e9:52:dd:
-         96:11:cb:aa:2b:45:b8:5b:69:74:7c:90:a0:2b:33:3d:60:5f:
-         51:28:31:5b
+         10:3b:22:dc:6a:83:3f:41:ba:27:2c:2a:ba:71:6b:9f:a5:db:
+         ad:5b:4f:e9:fc:27:c3:e7:76:8f:8a:39:c6:37:a0:15:c4:d4:
+         df:97:d5:af:61:4d:ea:82:59:da:83:a9:5d:7c:91:36:13:c0:
+         6c:a8:b0:be:03:35:ef:2b:28:d3:40:fb:03:ba:f5:ff:d2:40:
+         64:5d:b6:5d:30:a7:fa:3c:58:60:3f:64:96:bf:8a:b4:a8:06:
+         06:e2:3f:86:0e:ea:d7:de:18:64:72:8e:c1:62:1f:a3:d0:fb:
+         c5:19:9b:62:0d:ae:61:36:7d:46:15:01:98:00:b2:c7:25:51:
+         4d:f5:86:eb:a7:4b:15:4f:16:d2:04:f9:c4:b6:33:7a:9c:1d:
+         77:a4:88:72:8d:9b:84:24:e6:9e:d7:e9:56:3e:23:39:74:6d:
+         cd:90:2f:d7:83:0d:87:c4:a6:5b:71:bc:bc:a2:55:9d:2d:a9:
+         3b:05:ab:ac:82:fb:b9:8c:7d:97:24:97:aa:d9:9f:f9:25:ba:
+         4e:90:1f:66:0f:cd:7e:8b:ea:df:73:83:9e:f6:cc:fc:03:47:
+         fc:43:cf:d6:a1:51:4e:dd:eb:c4:38:ca:22:b5:b8:75:0f:6d:
+         88:9e:03:e3:5e:7f:85:8a:b4:e2:05:43:06:09:10:1e:24:93:
+         ae:e6:10:ac
 -----BEGIN CERTIFICATE-----
 MIICgTCCAWmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAgMR4wHAYDVQQDDBUyMDQ4
-IFJTQSBUZXN0IFJvb3QgQ0EwHhcNMTQwODE0MDI0NzIwWhcNMjQwODExMDI0NzIw
+IFJTQSBUZXN0IFJvb3QgQ0EwHhcNMTYwNDIyMjAyODQxWhcNMjYwNDIwMjAyODQx
 WjAoMSYwJAYDVQQDDB0xMDI0IHJzYSBUZXN0IGludGVybWVkaWF0ZSBDQTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvLHKGz4b+KDJsYfWHuLyF4vW72mv/32e
-XnMydUDN3zcHcT66w1UkEk3lOCg0xO/93RijJoecDQoFusSQKmmyaBXwmXnVzKE4
-8C4+90E5SHEXDT094gefywrjg++RDKzXSvNYYZo4kQaajGsJg2yYvuTh0Pwg1wW8
-603AOy8xEdcCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUNWMC
-7xtuB4+/hlvAsVQPZ7frbfowDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUA
-A4IBAQBib1RE4VnKm7bWJoHnFGrOWaQUmy1LqETJBMFfoEZq3EfZvqq11hANbzti
-jOr1mnXHnr4Ff7CQ7fqeAWNhKfPO8Qusl4CmY8ixjbpPlhYBbxQzsAz3eYyQJR8v
-VJFnmn7x3c1sEFYGSlV/PD5+4DXxQFQKGiPvDYpo3R3REPW014JFrMWDMcHfqdPB
-x7POFnfKhNvA2QeAvGq3v9Ik8uWD0B7K2f/zOjuR+YGzu5EicZ8UrwLHeH1bF19i
-PCDNYfuzRcb7j4O3EVpOXXn3yBO+iJFaiKgdvZMEiUdddygLTiWbIPdKNevpUt2W
-EcuqK0W4W2l0fJCgKzM9YF9RKDFb
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAz18shF029GTEkhT9NWPpkv+TvQ0YX7Md
+jC8oj/Mvj6FM8RzkFWY+eeeqOaBGMktpZ2vLcqqQ49DRNlXGtUk5fNIWl4vybBuD
+6vPiGGoGn0lPcv1KuELFqgoNLFx0l9fuTfw8vx0/qxYjeigyuF3IKXJV1erxUjfx
+nKds9G87eWkCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUq5Hm
+K8nBLnugZfHUis4DTfR6GBMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUA
+A4IBAQAQOyLcaoM/QbonLCq6cWufpdutW0/p/CfD53aPijnGN6AVxNTfl9WvYU3q
+glnag6ldfJE2E8BsqLC+AzXvKyjTQPsDuvX/0kBkXbZdMKf6PFhgP2SWv4q0qAYG
+4j+GDurX3hhkco7BYh+j0PvFGZtiDa5hNn1GFQGYALLHJVFN9Ybrp0sVTxbSBPnE
+tjN6nB13pIhyjZuEJOae1+lWPiM5dG3NkC/Xgw2HxKZbcby8olWdLak7Bausgvu5
+jH2XJJeq2Z/5JbpOkB9mD81+i+rfc4Oe9sz8A0f8Q8/WoVFO3evEOMoitbh1D22I
+ngPjXn+FirTiBUMGCRAeJJOu5hCs
 -----END CERTIFICATE-----
diff --git a/chromium/net/data/ssl/certificates/2048-rsa-ee-by-1024-rsa-intermediate.pem b/chromium/net/data/ssl/certificates/2048-rsa-ee-by-1024-rsa-intermediate.pem
index 2b432f4aa54..1627541e3a1 100644
--- a/chromium/net/data/ssl/certificates/2048-rsa-ee-by-1024-rsa-intermediate.pem
+++ b/chromium/net/data/ssl/certificates/2048-rsa-ee-by-1024-rsa-intermediate.pem
@@ -1,61 +1,73 @@
 Certificate:
     Data:
-        Version: 1 (0x0)
+        Version: 3 (0x2)
         Serial Number: 3 (0x3)
     Signature Algorithm: sha256WithRSAEncryption
         Issuer: CN=1024 rsa Test intermediate CA
         Validity
-            Not Before: Aug 14 02:47:21 2014 GMT
-            Not After : Aug 11 02:47:21 2024 GMT
+            Not Before: Apr 22 20:28:41 2016 GMT
+            Not After : Apr 20 20:28:41 2026 GMT
         Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (2048 bit)
                 Modulus:
-                    00:a7:7d:a3:74:e2:4d:23:7f:2d:e8:bd:c7:18:78:
-                    89:17:07:66:d8:29:70:34:51:90:84:3f:0b:01:0a:
-                    43:f2:4b:3f:75:da:b0:6d:7b:32:1b:5f:37:2b:9b:
-                    8a:70:b3:c0:66:48:d4:67:0d:21:8a:9f:c4:3a:25:
-                    8d:79:b3:d1:8e:c2:4c:cf:2f:2e:c5:c9:e1:5a:94:
-                    2e:4e:4a:14:2e:69:1a:67:fc:6d:ee:68:95:28:a8:
-                    bc:99:ff:56:17:c2:5e:f1:12:0b:9a:23:03:30:d9:
-                    68:67:fb:58:d5:50:20:b5:2d:6e:b1:5a:7a:42:00:
-                    86:be:3e:6e:11:9c:8e:20:dd:35:53:63:45:06:b4:
-                    85:ea:d6:65:50:5e:80:08:a4:da:00:7c:e6:0f:03:
-                    10:bf:e5:a7:7d:26:99:d9:1d:b9:f1:d7:75:62:49:
-                    ac:a0:1b:fa:1e:ad:90:01:f1:d9:39:33:3c:c2:8e:
-                    a6:7f:68:ec:57:aa:98:1a:6c:af:3c:ab:96:99:60:
-                    6c:cd:39:3a:57:e3:44:89:3d:ea:8d:75:36:d5:0d:
-                    68:18:de:f8:e6:89:b2:af:5c:ab:bd:2b:0e:d2:e8:
-                    9f:67:3a:3b:0c:17:22:2c:ff:e9:fc:11:26:35:70:
-                    84:ce:bd:3d:dc:ab:a4:b6:67:4e:04:c1:38:21:b1:
-                    fa:4f
+                    00:d6:a4:94:54:db:41:d7:ce:11:35:61:ec:32:eb:
+                    6b:d7:17:92:f3:30:4c:43:67:f6:d1:7a:06:6c:7c:
+                    15:79:35:78:38:ac:5e:4d:87:b7:34:cb:99:f8:4f:
+                    15:f9:68:38:48:de:2e:dc:1e:67:82:f9:b6:f2:82:
+                    bc:13:68:8f:14:fa:11:45:db:f6:fb:43:14:59:c3:
+                    16:e2:df:02:8a:a0:d3:9c:52:05:ff:1c:d1:2a:ab:
+                    e2:bd:a3:f6:6b:1c:cd:e1:2c:97:7b:7c:d1:21:7e:
+                    f1:0b:1c:39:4d:2f:63:fc:ae:f3:4a:8a:a1:04:67:
+                    9b:3c:bd:2d:4d:05:41:d9:16:6f:54:21:56:4c:d3:
+                    57:70:8b:4f:ad:68:96:f2:cb:84:81:c5:b1:e9:91:
+                    5d:22:64:d7:1c:37:b9:f7:ee:52:66:3a:51:5f:80:
+                    e1:22:74:04:3f:6a:8b:c4:e5:be:f0:4e:26:96:44:
+                    e9:e8:62:3a:86:4b:60:b7:31:a6:85:11:b8:6d:e6:
+                    14:3f:1e:ac:6c:7a:2a:64:12:e0:39:64:e3:c8:73:
+                    4b:9b:3d:a3:11:71:8b:c0:9d:2e:43:f2:6b:1f:4c:
+                    51:fb:8d:e7:25:a3:7b:9b:cb:4d:25:9b:d6:b3:44:
+                    36:1c:85:9a:d0:7b:82:73:a5:12:03:1c:0a:0c:72:
+                    5e:e3
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                36:3E:3F:89:C5:E9:92:06:AE:84:D9:26:55:01:41:CC:51:2F:AF:D2
+            X509v3 Authority Key Identifier: 
+                keyid:AB:91:E6:2B:C9:C1:2E:7B:A0:65:F1:D4:8A:CE:03:4D:F4:7A:18:13
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication, TLS Web Client Authentication
             X509v3 Subject Alternative Name: 
                 IP Address:127.0.0.1
     Signature Algorithm: sha256WithRSAEncryption
-         29:5d:8c:f2:97:8a:f6:f5:f0:8a:da:8b:96:2d:fc:9f:78:73:
-         85:6e:b6:6b:6b:18:b0:86:bc:a2:22:98:f8:73:69:31:c3:33:
-         08:d8:ef:7e:6d:98:fa:7b:6d:1d:6f:6b:66:b0:5a:77:e0:fd:
-         dc:01:6e:59:ee:3f:cd:2b:a1:8e:2b:65:4a:d4:bc:38:34:af:
-         c9:21:68:56:7a:f5:a7:31:f3:34:02:27:df:e2:38:3f:fd:23:
-         38:ab:5c:60:4c:e6:17:9b:a5:b7:5c:56:95:22:c8:0b:7d:79:
-         3d:a5:ca:be:0c:b9:37:66:26:97:f3:38:24:ce:0f:e7:7d:4c:
-         40:af
+         1f:19:60:43:08:f6:5f:a8:4a:b3:22:3f:5a:b7:d9:50:e9:18:
+         3e:3e:f4:a4:84:43:63:61:92:8d:47:c4:6b:6b:a8:2e:c7:72:
+         e8:9b:35:5f:28:88:02:23:ff:e3:69:3e:c7:e4:b5:f8:e2:fd:
+         8e:c4:2c:79:c3:d2:51:d6:83:75:d0:85:29:5a:68:0f:32:3d:
+         be:bb:06:9b:8b:ab:2a:61:44:f3:da:65:4c:ba:0d:c7:fa:52:
+         7d:5b:70:44:b6:e4:84:78:bd:9f:ae:25:d3:b9:1f:4f:86:4d:
+         74:2d:cf:1d:80:dc:7b:c1:a1:91:d7:1e:1a:a5:01:59:e3:2a:
+         35:8a
 -----BEGIN CERTIFICATE-----
-MIICkDCCAfkCAQMwDQYJKoZIhvcNAQELBQAwKDEmMCQGA1UEAwwdMTAyNCByc2Eg
-VGVzdCBpbnRlcm1lZGlhdGUgQ0EwHhcNMTQwODE0MDI0NzIxWhcNMjQwODExMDI0
-NzIxWjBgMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UE
-BwwNTW91bnRhaW4gVmlldzEQMA4GA1UECgwHVGVzdCBDQTESMBAGA1UEAwwJMTI3
-LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp32jdOJNI38t
-6L3HGHiJFwdm2ClwNFGQhD8LAQpD8ks/ddqwbXsyG183K5uKcLPAZkjUZw0hip/E
-OiWNebPRjsJMzy8uxcnhWpQuTkoULmkaZ/xt7miVKKi8mf9WF8Je8RILmiMDMNlo
-Z/tY1VAgtS1usVp6QgCGvj5uEZyOIN01U2NFBrSF6tZlUF6ACKTaAHzmDwMQv+Wn
-fSaZ2R258dd1YkmsoBv6Hq2QAfHZOTM8wo6mf2jsV6qYGmyvPKuWmWBszTk6V+NE
-iT3qjXU21Q1oGN745omyr1yrvSsO0uifZzo7DBciLP/p/BEmNXCEzr093KuktmdO
-BME4IbH6TwIDAQABoxMwETAPBgNVHREECDAGhwR/AAABMA0GCSqGSIb3DQEBCwUA
-A4GBACldjPKXivb18Irai5Yt/J94c4VutmtrGLCGvKIimPhzaTHDMwjY735tmPp7
-bR1va2awWnfg/dwBblnuP80roY4rZUrUvDg0r8khaFZ69acx8zQCJ9/iOD/9Izir
-XGBM5hebpbdcVpUiyAt9eT2lyr4MuTdmJpfzOCTOD+d9TECv
+MIIDAzCCAmygAwIBAgIBAzANBgkqhkiG9w0BAQsFADAoMSYwJAYDVQQDDB0xMDI0
+IHJzYSBUZXN0IGludGVybWVkaWF0ZSBDQTAeFw0xNjA0MjIyMDI4NDFaFw0yNjA0
+MjAyMDI4NDFaMGAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYw
+FAYDVQQHDA1Nb3VudGFpbiBWaWV3MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQD
+DAkxMjcuMC4wLjEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWpJRU
+20HXzhE1Yewy62vXF5LzMExDZ/bRegZsfBV5NXg4rF5Nh7c0y5n4TxX5aDhI3i7c
+HmeC+bbygrwTaI8U+hFF2/b7QxRZwxbi3wKKoNOcUgX/HNEqq+K9o/ZrHM3hLJd7
+fNEhfvELHDlNL2P8rvNKiqEEZ5s8vS1NBUHZFm9UIVZM01dwi0+taJbyy4SBxbHp
+kV0iZNccN7n37lJmOlFfgOEidAQ/aovE5b7wTiaWROnoYjqGS2C3MaaFEbht5hQ/
+HqxseipkEuA5ZOPIc0ubPaMRcYvAnS5D8msfTFH7jeclo3uby00lm9azRDYchZrQ
+e4JzpRIDHAoMcl7jAgMBAAGjgYAwfjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQ2
+Pj+JxemSBq6E2SZVAUHMUS+v0jAfBgNVHSMEGDAWgBSrkeYrycEue6Bl8dSKzgNN
+9HoYEzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDwYDVR0RBAgwBocE
+fwAAATANBgkqhkiG9w0BAQsFAAOBgQAfGWBDCPZfqEqzIj9at9lQ6Rg+PvSkhENj
+YZKNR8Rra6gux3LomzVfKIgCI//jaT7H5LX44v2OxCx5w9JR1oN10IUpWmgPMj2+
+uwabi6sqYUTz2mVMug3H+lJ9W3BEtuSEeL2friXTuR9Phk10Lc8dgNx7waGR1x4a
+pQFZ4yo1ig==
 -----END CERTIFICATE-----
diff --git a/chromium/net/data/ssl/certificates/2048-rsa-ee-by-2048-rsa-intermediate.pem b/chromium/net/data/ssl/certificates/2048-rsa-ee-by-2048-rsa-intermediate.pem
index 83144b62c3a..6a59709c779 100644
--- a/chromium/net/data/ssl/certificates/2048-rsa-ee-by-2048-rsa-intermediate.pem
+++ b/chromium/net/data/ssl/certificates/2048-rsa-ee-by-2048-rsa-intermediate.pem
@@ -1,71 +1,82 @@
 Certificate:
     Data:
-        Version: 1 (0x0)
+        Version: 3 (0x2)
         Serial Number: 3 (0x3)
     Signature Algorithm: sha256WithRSAEncryption
         Issuer: CN=2048 rsa Test intermediate CA
         Validity
-            Not Before: Aug 14 02:47:21 2014 GMT
-            Not After : Aug 11 02:47:21 2024 GMT
+            Not Before: Apr 22 20:28:41 2016 GMT
+            Not After : Apr 20 20:28:41 2026 GMT
         Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (2048 bit)
                 Modulus:
-                    00:d6:53:f9:a6:82:3a:36:9d:13:db:bc:53:63:40:
-                    8e:23:a9:31:f3:e7:72:2f:20:c1:49:f9:6e:03:65:
-                    9d:f9:d9:e8:35:b9:9c:dc:d5:b2:dc:ac:e4:da:42:
-                    4e:82:8e:22:11:31:03:e4:ad:a7:66:64:f6:f6:de:
-                    64:a8:ce:43:f9:ba:53:3d:94:4f:ae:db:35:4a:3a:
-                    9a:e9:8d:2d:9a:f1:46:6a:d2:61:a8:8f:2f:6a:a4:
-                    cd:b6:62:5b:d5:e0:48:d9:c4:43:10:fb:a5:53:f5:
-                    25:c6:75:f6:7a:21:fd:29:79:df:0a:b6:20:b1:90:
-                    f2:b4:8c:0b:34:4d:07:c4:7c:98:08:a8:30:ca:46:
-                    03:07:33:d0:c3:60:49:14:b2:f6:4c:1f:d8:e0:b5:
-                    ee:dd:ef:3d:94:ae:54:eb:96:8b:ce:39:32:09:8f:
-                    9e:6b:81:57:c8:ae:3a:49:06:ef:e2:46:e7:f5:13:
-                    d8:b0:2e:09:5e:16:f6:4f:10:54:27:46:df:16:32:
-                    c9:76:0f:dd:11:2e:89:1f:76:9d:d3:98:cb:eb:f0:
-                    9e:e0:9a:c3:65:93:cc:c2:02:e3:b1:dc:0c:aa:24:
-                    df:3f:8c:53:84:e3:b4:27:75:b7:b1:6f:97:94:3c:
-                    a3:5b:2b:a3:57:5b:63:9e:b0:82:da:a3:7c:ee:e7:
-                    65:d7
+                    00:b4:72:22:05:11:c8:e7:3b:0d:1a:c2:7d:ce:14:
+                    07:8f:89:df:ea:29:77:b5:55:dc:eb:69:23:46:81:
+                    fc:9f:8f:8b:ad:a1:f8:3b:a2:55:1e:d8:8d:ef:81:
+                    fd:5d:ae:2e:9c:bb:69:e4:78:80:4a:9b:52:83:e7:
+                    4c:d0:32:f2:13:c8:ca:bc:71:4b:46:75:a7:b1:a1:
+                    aa:f3:0e:1c:06:3a:27:0e:2e:3c:43:7d:38:e7:4f:
+                    03:bf:2b:a1:e3:60:31:bc:ff:31:88:d7:dc:83:8d:
+                    e7:3d:18:5e:b1:10:7f:fe:43:b6:83:c6:c4:3a:56:
+                    d0:f4:26:86:17:47:99:a0:4f:85:05:4e:5c:a5:66:
+                    42:4c:14:28:57:ff:d3:04:d9:2b:88:aa:5a:05:99:
+                    90:e7:50:af:4f:92:00:36:34:47:85:d0:82:63:80:
+                    2e:1a:bf:c4:9f:6b:23:3b:b4:2b:23:7f:bf:09:31:
+                    da:23:06:0c:ab:73:e1:8d:38:a7:64:0d:1c:ef:18:
+                    ed:33:3b:8c:48:e7:ef:67:3d:08:cc:66:27:80:1c:
+                    67:12:a2:a0:ec:fa:3f:84:d7:9b:60:73:fe:cb:6d:
+                    73:c6:fc:f7:4c:75:50:3e:d9:9a:c4:9a:41:c5:af:
+                    c9:1c:d3:a1:b6:02:1f:61:cf:59:21:de:bb:92:3b:
+                    dc:ab
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                22:2C:2F:EC:CC:84:35:E7:25:3D:64:7C:7D:31:75:BD:B5:B1:B3:2A
+            X509v3 Authority Key Identifier: 
+                keyid:5C:C2:71:76:C1:26:B1:0C:31:73:C8:92:D3:1E:01:12:4B:CC:5A:14
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication, TLS Web Client Authentication
             X509v3 Subject Alternative Name: 
                 IP Address:127.0.0.1
     Signature Algorithm: sha256WithRSAEncryption
-         a2:9f:a4:65:86:d1:be:d4:bd:e5:dd:76:aa:24:d6:cd:e0:2b:
-         32:b4:99:5c:5f:15:02:30:d5:33:c0:c8:a4:92:e2:0c:be:bc:
-         e4:a7:06:4d:ef:e0:5f:3a:0a:20:28:ba:2a:0d:4f:91:7e:2c:
-         d1:d8:ca:40:20:33:a2:a6:d1:46:7a:6f:ac:f5:ee:41:d1:90:
-         d3:03:e2:ae:7c:53:6d:48:a2:06:a4:9a:b2:f3:0b:ff:fb:11:
-         22:07:cc:70:d1:a6:fc:d8:18:5c:d2:7f:5d:41:0a:cd:5b:50:
-         4e:f0:53:9e:7a:8a:f6:7a:e3:2e:02:93:d9:44:97:a7:71:f6:
-         90:50:76:91:20:b5:20:aa:07:a7:cf:06:81:64:39:3c:d1:09:
-         f0:12:87:56:27:5d:8f:59:f7:8a:bb:8b:07:d7:6a:37:e8:e7:
-         09:2a:97:c4:61:71:b8:7e:1f:e5:5f:37:a4:0d:f6:2a:69:4a:
-         a3:3d:f2:7d:c5:9d:ba:70:1f:94:d4:03:a7:4e:86:a6:c2:0a:
-         d7:0a:ac:a1:00:4e:84:df:5c:ed:cf:ff:45:53:50:30:69:c0:
-         e9:1d:83:4a:02:a7:0b:bb:55:29:8a:71:5d:8d:60:22:fc:05:
-         ed:d7:64:79:cb:95:fe:2c:28:ab:0f:ee:32:c0:2f:6c:05:c5:
-         61:c2:3a:c6
+         b3:02:f9:ad:d2:ce:96:da:ae:ab:a5:f7:08:0f:c1:53:78:6a:
+         da:c1:2c:5b:97:df:ce:59:cb:98:a6:5a:a9:24:02:58:b8:c1:
+         a5:72:a6:e5:8e:25:2b:9b:09:c6:97:f8:2b:ed:1f:70:e5:e2:
+         7b:f7:8d:42:0b:cb:8d:1b:d7:85:7c:ec:14:ac:27:6a:69:7c:
+         d7:e0:4c:af:8f:1a:47:0b:e1:fb:34:8c:dc:09:30:a6:ff:01:
+         92:43:51:71:e2:a7:3b:55:ff:55:a3:a7:df:28:ef:d7:86:36:
+         e1:8d:c9:5e:69:e7:54:85:9c:09:cc:c6:66:64:b4:41:e9:1d:
+         2d:7c:f2:91:dc:16:1b:f8:e6:b5:8d:14:1c:be:89:6f:da:85:
+         b0:fd:15:d5:a1:d4:21:1d:0f:b5:7e:91:84:68:ab:4d:ff:90:
+         b1:f0:ca:dc:6c:41:a7:f6:7d:3e:f5:e8:1f:24:78:ad:79:ce:
+         03:69:bd:81:e3:d9:c8:8e:48:93:6a:24:7d:57:46:f4:6d:54:
+         69:45:5a:86:8e:91:20:1f:e5:64:0d:f6:f4:b2:d2:df:c8:6d:
+         1c:cb:f0:e5:65:b0:3d:cd:56:66:66:ce:d6:0d:5b:09:99:5e:
+         34:58:6e:81:c7:fd:55:c8:c1:19:e8:cd:bd:df:74:1d:2a:96:
+         5a:d9:27:4d
 -----BEGIN CERTIFICATE-----
-MIIDETCCAfkCAQMwDQYJKoZIhvcNAQELBQAwKDEmMCQGA1UEAwwdMjA0OCByc2Eg
-VGVzdCBpbnRlcm1lZGlhdGUgQ0EwHhcNMTQwODE0MDI0NzIxWhcNMjQwODExMDI0
-NzIxWjBgMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UE
-BwwNTW91bnRhaW4gVmlldzEQMA4GA1UECgwHVGVzdCBDQTESMBAGA1UEAwwJMTI3
-LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1lP5poI6Np0T
-27xTY0COI6kx8+dyLyDBSfluA2Wd+dnoNbmc3NWy3Kzk2kJOgo4iETED5K2nZmT2
-9t5kqM5D+bpTPZRPrts1Sjqa6Y0tmvFGatJhqI8vaqTNtmJb1eBI2cRDEPulU/Ul
-xnX2eiH9KXnfCrYgsZDytIwLNE0HxHyYCKgwykYDBzPQw2BJFLL2TB/Y4LXu3e89
-lK5U65aLzjkyCY+ea4FXyK46SQbv4kbn9RPYsC4JXhb2TxBUJ0bfFjLJdg/dES6J
-H3ad05jL6/Ce4JrDZZPMwgLjsdwMqiTfP4xThOO0J3W3sW+XlDyjWyujV1tjnrCC
-2qN87udl1wIDAQABoxMwETAPBgNVHREECDAGhwR/AAABMA0GCSqGSIb3DQEBCwUA
-A4IBAQCin6RlhtG+1L3l3XaqJNbN4CsytJlcXxUCMNUzwMikkuIMvrzkpwZN7+Bf
-OgogKLoqDU+RfizR2MpAIDOiptFGem+s9e5B0ZDTA+KufFNtSKIGpJqy8wv/+xEi
-B8xw0ab82Bhc0n9dQQrNW1BO8FOeeor2euMuApPZRJencfaQUHaRILUgqgenzwaB
-ZDk80QnwEodWJ12PWfeKu4sH12o36OcJKpfEYXG4fh/lXzekDfYqaUqjPfJ9xZ26
-cB+U1AOnToamwgrXCqyhAE6E31ztz/9FU1AwacDpHYNKAqcLu1UpinFdjWAi/AXt
-12R5y5X+LCirD+4ywC9sBcVhwjrG
+MIIDhDCCAmygAwIBAgIBAzANBgkqhkiG9w0BAQsFADAoMSYwJAYDVQQDDB0yMDQ4
+IHJzYSBUZXN0IGludGVybWVkaWF0ZSBDQTAeFw0xNjA0MjIyMDI4NDFaFw0yNjA0
+MjAyMDI4NDFaMGAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYw
+FAYDVQQHDA1Nb3VudGFpbiBWaWV3MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQD
+DAkxMjcuMC4wLjEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0ciIF
+EcjnOw0awn3OFAePid/qKXe1VdzraSNGgfyfj4utofg7olUe2I3vgf1dri6cu2nk
+eIBKm1KD50zQMvITyMq8cUtGdaexoarzDhwGOicOLjxDfTjnTwO/K6HjYDG8/zGI
+19yDjec9GF6xEH/+Q7aDxsQ6VtD0JoYXR5mgT4UFTlylZkJMFChX/9ME2SuIqloF
+mZDnUK9PkgA2NEeF0IJjgC4av8SfayM7tCsjf78JMdojBgyrc+GNOKdkDRzvGO0z
+O4xI5+9nPQjMZieAHGcSoqDs+j+E15tgc/7LbXPG/PdMdVA+2ZrEmkHFr8kc06G2
+Ah9hz1kh3ruSO9yrAgMBAAGjgYAwfjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQi
+LC/szIQ15yU9ZHx9MXW9tbGzKjAfBgNVHSMEGDAWgBRcwnF2wSaxDDFzyJLTHgES
+S8xaFDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDwYDVR0RBAgwBocE
+fwAAATANBgkqhkiG9w0BAQsFAAOCAQEAswL5rdLOltquq6X3CA/BU3hq2sEsW5ff
+zlnLmKZaqSQCWLjBpXKm5Y4lK5sJxpf4K+0fcOXie/eNQgvLjRvXhXzsFKwnaml8
+1+BMr48aRwvh+zSM3Akwpv8BkkNRceKnO1X/VaOn3yjv14Y24Y3JXmnnVIWcCczG
+ZmS0QekdLXzykdwWG/jmtY0UHL6Jb9qFsP0V1aHUIR0PtX6RhGirTf+QsfDK3GxB
+p/Z9PvXoHyR4rXnOA2m9gePZyI5Ik2okfVdG9G1UaUVaho6RIB/lZA329LLS38ht
+HMvw5WWwPc1WZmbO1g1bCZleNFhugcf9VcjBGejNvd90HSqWWtknTQ==
 -----END CERTIFICATE-----
diff --git a/chromium/net/data/ssl/certificates/2048-rsa-ee-by-768-rsa-intermediate.pem b/chromium/net/data/ssl/certificates/2048-rsa-ee-by-768-rsa-intermediate.pem
index 49fb0426265..0035d83cc4a 100644
--- a/chromium/net/data/ssl/certificates/2048-rsa-ee-by-768-rsa-intermediate.pem
+++ b/chromium/net/data/ssl/certificates/2048-rsa-ee-by-768-rsa-intermediate.pem
@@ -1,59 +1,70 @@
 Certificate:
     Data:
-        Version: 1 (0x0)
+        Version: 3 (0x2)
         Serial Number: 3 (0x3)
     Signature Algorithm: sha256WithRSAEncryption
         Issuer: CN=768 rsa Test intermediate CA
         Validity
-            Not Before: Aug 14 02:47:21 2014 GMT
-            Not After : Aug 11 02:47:21 2024 GMT
+            Not Before: Apr 22 20:28:41 2016 GMT
+            Not After : Apr 20 20:28:41 2026 GMT
         Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (2048 bit)
                 Modulus:
-                    00:b7:4e:8d:88:5b:36:eb:14:fa:f0:39:0c:91:0d:
-                    0b:89:ae:2a:1c:a4:4e:40:8a:d8:f9:4e:a3:fb:b1:
-                    3b:de:aa:cc:16:9a:76:b3:34:c7:3b:2b:24:e8:86:
-                    ab:fc:e5:48:c0:1f:d1:78:8a:6f:08:b6:21:1a:bf:
-                    61:0f:5e:f2:4f:b0:34:54:c9:d2:f2:01:a9:de:75:
-                    82:5a:7f:3d:6a:6f:15:f4:11:c1:62:e4:a4:6b:6c:
-                    10:fe:07:7b:51:fc:a7:e4:1b:d6:8f:f0:da:ae:d1:
-                    66:af:bb:16:ba:8d:36:41:dd:73:b9:8b:dd:4f:fa:
-                    66:56:61:4d:8a:04:45:c2:49:84:ff:01:a6:0c:05:
-                    8d:1a:cf:dc:11:c9:c3:35:5e:90:ee:c0:b6:60:9a:
-                    cd:e1:71:a5:1f:8d:45:4e:23:33:a6:4f:ea:4c:ae:
-                    a0:69:7e:97:71:2a:92:85:13:f2:20:54:11:33:78:
-                    87:a9:28:30:45:05:ac:f9:89:db:18:3d:81:4a:e3:
-                    92:8c:02:17:11:69:86:a1:d0:e5:f5:a8:07:4f:09:
-                    04:96:6f:2c:7e:f2:e9:66:b4:2d:e3:52:23:7b:f8:
-                    25:0a:af:46:ba:1b:28:87:5a:3d:5d:5e:66:15:29:
-                    fa:aa:c4:ee:87:0e:bd:d4:d7:4e:5d:d5:b0:14:02:
-                    d9:f3
+                    00:ba:3a:68:2e:28:8c:de:30:76:83:38:b6:db:fc:
+                    25:57:b3:f7:7d:49:63:3d:5a:0f:e4:d7:0a:d7:73:
+                    62:2c:a7:1e:4b:a3:f6:82:d7:68:b0:77:83:f7:77:
+                    1d:21:16:cf:86:8a:d3:ee:05:e8:85:0b:63:49:f5:
+                    72:aa:80:00:43:36:12:6c:c2:31:07:e5:b8:d8:83:
+                    4b:a7:ff:8a:06:58:c2:00:06:6b:b1:1e:b6:05:ae:
+                    02:8a:0b:71:5a:37:70:70:10:7a:3a:fe:20:e6:6a:
+                    24:fc:a5:93:78:fd:1d:26:bc:68:25:4a:19:41:9d:
+                    33:bb:65:c1:71:aa:b5:0a:cf:44:7a:88:66:2b:98:
+                    d4:30:bd:dc:13:81:fe:c1:6e:04:38:d5:6c:cf:68:
+                    68:fc:d9:16:0d:7a:4d:4b:df:60:2b:af:87:33:48:
+                    6a:8a:11:f9:d8:a2:75:a8:d7:96:19:a2:68:3e:70:
+                    2b:4b:b8:32:a0:f1:6d:91:11:ea:1c:de:43:bb:b6:
+                    7b:ad:c5:bb:c2:76:9e:c2:39:60:fe:0b:c2:45:51:
+                    5e:8f:15:10:9f:31:d6:41:18:37:3f:55:99:81:7c:
+                    2b:49:f9:bd:b2:28:b5:fd:f2:88:11:2f:ba:83:2f:
+                    44:55:14:94:f7:15:36:4c:c4:57:9f:8e:b9:52:d1:
+                    28:8f
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                2D:03:2A:82:88:41:B4:78:09:AD:65:4D:E4:95:80:A0:48:F7:06:45
+            X509v3 Authority Key Identifier: 
+                keyid:9E:E3:A7:83:B0:59:6F:91:9F:C7:D5:34:61:4A:1A:B3:66:C7:44:A0
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication, TLS Web Client Authentication
             X509v3 Subject Alternative Name: 
                 IP Address:127.0.0.1
     Signature Algorithm: sha256WithRSAEncryption
-         3d:49:71:c0:d6:fe:08:5e:27:a8:a4:4d:04:5a:8e:15:16:1d:
-         1e:1f:51:f7:f2:db:db:f1:e8:a5:26:f3:6f:d9:03:5f:b3:b0:
-         55:b5:7c:93:33:a2:48:ba:30:0a:70:e0:cf:e2:d6:7f:38:15:
-         f7:08:c8:25:b0:bb:f3:b5:5e:73:80:77:28:21:c3:66:ca:4c:
-         c9:e3:a6:b8:4c:43:5b:15:43:c4:9a:c4:2d:49:f9:83:73:3b:
-         0a:ca:59:a3:4e:05
+         89:8c:20:d3:4b:32:9a:6b:de:02:e8:73:5d:90:5c:1f:63:80:
+         65:7e:08:9e:af:05:b0:41:d3:d9:44:5c:10:c4:4c:c9:93:d0:
+         ce:55:da:1a:06:30:0a:d3:ff:42:87:2d:83:98:e4:64:68:5b:
+         5b:b5:df:2e:4f:1c:b8:7a:85:a9:3e:38:a8:b0:9a:fc:87:ec:
+         97:27:43:ff:35:0f:13:9f:84:22:a0:27:a7:d4:9a:df:f6:b5:
+         b2:76:d3:71:02:f0
 -----BEGIN CERTIFICATE-----
-MIICbjCCAfgCAQMwDQYJKoZIhvcNAQELBQAwJzElMCMGA1UEAwwcNzY4IHJzYSBU
-ZXN0IGludGVybWVkaWF0ZSBDQTAeFw0xNDA4MTQwMjQ3MjFaFw0yNDA4MTEwMjQ3
-MjFaMGAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQH
-DA1Nb3VudGFpbiBWaWV3MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQDDAkxMjcu
-MC4wLjEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3To2IWzbrFPrw
-OQyRDQuJriocpE5Aitj5TqP7sTveqswWmnazNMc7KyTohqv85UjAH9F4im8ItiEa
-v2EPXvJPsDRUydLyAanedYJafz1qbxX0EcFi5KRrbBD+B3tR/KfkG9aP8Nqu0Wav
-uxa6jTZB3XO5i91P+mZWYU2KBEXCSYT/AaYMBY0az9wRycM1XpDuwLZgms3hcaUf
-jUVOIzOmT+pMrqBpfpdxKpKFE/IgVBEzeIepKDBFBaz5idsYPYFK45KMAhcRaYah
-0OX1qAdPCQSWbyx+8ulmtC3jUiN7+CUKr0a6GyiHWj1dXmYVKfqqxO6HDr3U105d
-1bAUAtnzAgMBAAGjEzARMA8GA1UdEQQIMAaHBH8AAAEwDQYJKoZIhvcNAQELBQAD
-YQA9SXHA1v4IXieopE0EWo4VFh0eH1H38tvb8eilJvNv2QNfs7BVtXyTM6JIujAK
-cODP4tZ/OBX3CMglsLvztV5zgHcoIcNmykzJ46a4TENbFUPEmsQtSfmDczsKylmj
-TgU=
+MIIC4TCCAmugAwIBAgIBAzANBgkqhkiG9w0BAQsFADAnMSUwIwYDVQQDDBw3Njgg
+cnNhIFRlc3QgaW50ZXJtZWRpYXRlIENBMB4XDTE2MDQyMjIwMjg0MVoXDTI2MDQy
+MDIwMjg0MVowYDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAU
+BgNVBAcMDU1vdW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExEjAQBgNVBAMM
+CTEyNy4wLjAuMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALo6aC4o
+jN4wdoM4ttv8JVez931JYz1aD+TXCtdzYiynHkuj9oLXaLB3g/d3HSEWz4aK0+4F
+6IULY0n1cqqAAEM2EmzCMQfluNiDS6f/igZYwgAGa7EetgWuAooLcVo3cHAQejr+
+IOZqJPylk3j9HSa8aCVKGUGdM7tlwXGqtQrPRHqIZiuY1DC93BOB/sFuBDjVbM9o
+aPzZFg16TUvfYCuvhzNIaooR+diidajXlhmiaD5wK0u4MqDxbZER6hzeQ7u2e63F
+u8J2nsI5YP4LwkVRXo8VEJ8x1kEYNz9VmYF8K0n5vbIotf3yiBEvuoMvRFUUlPcV
+NkzEV5+OuVLRKI8CAwEAAaOBgDB+MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFC0D
+KoKIQbR4Ca1lTeSVgKBI9wZFMB8GA1UdIwQYMBaAFJ7jp4OwWW+Rn8fVNGFKGrNm
+x0SgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAPBgNVHREECDAGhwR/
+AAABMA0GCSqGSIb3DQEBCwUAA2EAiYwg00symmveAuhzXZBcH2OAZX4Inq8FsEHT
+2URcEMRMyZPQzlXaGgYwCtP/Qoctg5jkZGhbW7XfLk8cuHqFqT44qLCa/IfslydD
+/zUPE5+EIqAnp9Sa3/a1snbTcQLw
 -----END CERTIFICATE-----
diff --git a/chromium/net/data/ssl/certificates/2048-rsa-ee-by-prime256v1-ecdsa-intermediate.pem b/chromium/net/data/ssl/certificates/2048-rsa-ee-by-prime256v1-ecdsa-intermediate.pem
index 04912393dd8..8c9bee96531 100644
--- a/chromium/net/data/ssl/certificates/2048-rsa-ee-by-prime256v1-ecdsa-intermediate.pem
+++ b/chromium/net/data/ssl/certificates/2048-rsa-ee-by-prime256v1-ecdsa-intermediate.pem
@@ -1,56 +1,67 @@
 Certificate:
     Data:
-        Version: 1 (0x0)
+        Version: 3 (0x2)
         Serial Number: 3 (0x3)
     Signature Algorithm: ecdsa-with-SHA256
         Issuer: CN=prime256v1 ecdsa Test intermediate CA
         Validity
-            Not Before: Aug 14 02:47:21 2014 GMT
-            Not After : Aug 11 02:47:21 2024 GMT
+            Not Before: Apr 22 20:28:41 2016 GMT
+            Not After : Apr 20 20:28:41 2026 GMT
         Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (2048 bit)
                 Modulus:
-                    00:be:62:55:d9:e1:04:3b:1d:4c:2e:0d:2f:dc:8d:
-                    79:ed:66:e3:dd:04:ef:b2:51:91:1f:3f:8b:f9:89:
-                    0d:cf:09:29:06:54:50:d0:fa:29:9d:4f:bb:80:ec:
-                    00:ed:2b:c4:bd:d1:9b:ff:36:fd:9a:76:41:49:98:
-                    e0:ad:49:fd:03:d1:90:74:db:6c:37:fb:fc:55:6c:
-                    08:4d:de:2e:67:a5:8d:9f:5c:48:5f:c9:7b:f9:73:
-                    aa:9d:f6:32:05:63:2e:53:0d:3d:47:92:29:58:aa:
-                    36:74:41:1f:80:db:69:bf:1a:0f:1d:0c:a6:40:27:
-                    71:c4:df:cf:e7:c9:c2:c6:86:47:03:d4:93:6e:74:
-                    f3:11:70:1e:d9:4e:73:60:e5:85:49:41:ff:e3:8d:
-                    7d:9d:cd:77:40:a9:72:c2:c0:91:bb:bc:62:07:b7:
-                    00:78:95:23:55:92:6b:71:b5:df:cc:53:68:47:45:
-                    5b:c0:7a:ed:b5:d8:dd:c7:b3:3b:87:ef:19:8d:bf:
-                    0e:ab:11:35:ea:cb:f9:b8:1f:aa:c6:3e:87:8e:d4:
-                    d1:e0:3a:2f:69:4c:f9:c3:84:2c:7c:a1:82:ca:b3:
-                    05:31:d2:91:6a:73:21:38:0c:61:c8:57:3d:71:01:
-                    b5:a7:36:50:cd:97:6e:da:93:b0:c7:47:cc:c3:94:
-                    b1:8b
+                    00:cf:f1:3b:6f:93:35:88:59:85:00:af:e7:96:90:
+                    e2:58:0b:8f:f3:5f:b9:0c:10:47:8d:1d:18:0f:09:
+                    1d:4e:45:cf:36:25:5c:f8:43:06:30:ce:af:39:5b:
+                    de:e9:c6:66:8b:e2:82:37:fc:8a:74:83:8b:8a:9f:
+                    88:2d:39:15:f4:b2:56:de:50:3a:c2:d4:aa:7c:d6:
+                    a9:b4:1b:e4:4d:25:27:3a:40:bc:8d:07:c1:30:36:
+                    fe:22:4a:68:1f:04:75:46:58:1a:a4:18:ae:57:34:
+                    93:57:04:65:fb:13:80:bd:04:91:8a:41:82:32:fd:
+                    d7:b5:b6:f1:cb:33:16:20:98:47:a5:b4:0e:69:3e:
+                    e2:07:70:d5:b6:47:9b:5a:49:44:6e:83:85:3f:b0:
+                    7c:db:c7:46:5b:99:66:f9:10:5b:8e:88:ea:66:3e:
+                    37:f2:0f:c9:06:8b:0e:3c:b7:fe:59:16:75:ff:3f:
+                    ec:61:94:73:31:84:67:4f:b4:06:70:58:3a:ea:32:
+                    07:02:29:75:8c:d0:52:db:e3:0b:46:54:c6:5b:42:
+                    43:34:a5:92:d8:10:81:15:ad:fd:cf:41:f6:f5:ef:
+                    7d:8f:a0:40:f3:dc:64:17:d4:a3:83:63:9b:3f:af:
+                    af:28:ed:e7:ed:5d:6d:2b:16:61:4d:d3:c3:d6:15:
+                    78:8d
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                52:FC:90:06:58:27:74:55:A2:49:6E:4E:BE:2B:81:E5:D1:E2:1A:14
+            X509v3 Authority Key Identifier: 
+                keyid:0D:6B:B6:D7:DD:7F:CD:4E:AD:06:6B:22:E1:11:08:58:10:AB:16:2A
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication, TLS Web Client Authentication
             X509v3 Subject Alternative Name: 
                 IP Address:127.0.0.1
     Signature Algorithm: ecdsa-with-SHA256
-         30:46:02:21:00:84:38:9b:2e:ce:b0:63:69:ea:52:fe:c9:3d:
-         44:1d:db:77:b5:9e:81:f1:ec:22:70:cd:0d:fc:d5:ad:b7:e9:
-         ce:02:21:00:ff:de:1a:58:ab:80:e9:98:f2:ca:9b:ce:70:c3:
-         26:73:d0:ed:9e:88:b7:7e:fa:2f:31:bb:7a:1c:19:93:6a:08
+         30:44:02:20:72:99:1c:a8:f4:a6:3d:cc:36:4c:ad:46:1e:bb:
+         e3:1e:d0:d5:a4:ec:99:e3:4a:f8:47:bd:7c:dd:12:cb:c0:d1:
+         02:20:64:c7:e9:b1:8e:bd:3d:59:31:17:a1:dd:b3:f9:11:ff:
+         83:f6:be:1d:46:d9:50:cf:b4:47:94:49:4a:06:94:2d
 -----BEGIN CERTIFICATE-----
-MIICWTCCAf4CAQMwCgYIKoZIzj0EAwIwMDEuMCwGA1UEAwwlcHJpbWUyNTZ2MSBl
-Y2RzYSBUZXN0IGludGVybWVkaWF0ZSBDQTAeFw0xNDA4MTQwMjQ3MjFaFw0yNDA4
-MTEwMjQ3MjFaMGAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYw
-FAYDVQQHDA1Nb3VudGFpbiBWaWV3MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQD
-DAkxMjcuMC4wLjEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+YlXZ
-4QQ7HUwuDS/cjXntZuPdBO+yUZEfP4v5iQ3PCSkGVFDQ+imdT7uA7ADtK8S90Zv/
-Nv2adkFJmOCtSf0D0ZB022w3+/xVbAhN3i5npY2fXEhfyXv5c6qd9jIFYy5TDT1H
-kilYqjZ0QR+A22m/Gg8dDKZAJ3HE38/nycLGhkcD1JNudPMRcB7ZTnNg5YVJQf/j
-jX2dzXdAqXLCwJG7vGIHtwB4lSNVkmtxtd/MU2hHRVvAeu212N3HszuH7xmNvw6r
-ETXqy/m4H6rGPoeO1NHgOi9pTPnDhCx8oYLKswUx0pFqcyE4DGHIVz1xAbWnNlDN
-l27ak7DHR8zDlLGLAgMBAAGjEzARMA8GA1UdEQQIMAaHBH8AAAEwCgYIKoZIzj0E
-AwIDSQAwRgIhAIQ4my7OsGNp6lL+yT1EHdt3tZ6B8ewicM0N/NWtt+nOAiEA/94a
-WKuA6ZjyypvOcMMmc9Dtnoi3fvovMbt6HBmTagg=
+MIICyjCCAnGgAwIBAgIBAzAKBggqhkjOPQQDAjAwMS4wLAYDVQQDDCVwcmltZTI1
+NnYxIGVjZHNhIFRlc3QgaW50ZXJtZWRpYXRlIENBMB4XDTE2MDQyMjIwMjg0MVoX
+DTI2MDQyMDIwMjg0MVowYDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3Ju
+aWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExEjAQ
+BgNVBAMMCTEyNy4wLjAuMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AM/xO2+TNYhZhQCv55aQ4lgLj/NfuQwQR40dGA8JHU5FzzYlXPhDBjDOrzlb3unG
+Zovigjf8inSDi4qfiC05FfSyVt5QOsLUqnzWqbQb5E0lJzpAvI0HwTA2/iJKaB8E
+dUZYGqQYrlc0k1cEZfsTgL0EkYpBgjL917W28cszFiCYR6W0Dmk+4gdw1bZHm1pJ
+RG6DhT+wfNvHRluZZvkQW46I6mY+N/IPyQaLDjy3/lkWdf8/7GGUczGEZ0+0BnBY
+OuoyBwIpdYzQUtvjC0ZUxltCQzSlktgQgRWt/c9B9vXvfY+gQPPcZBfUo4Njmz+v
+ryjt5+1dbSsWYU3Tw9YVeI0CAwEAAaOBgDB+MAwGA1UdEwEB/wQCMAAwHQYDVR0O
+BBYEFFL8kAZYJ3RVokluTr4rgeXR4hoUMB8GA1UdIwQYMBaAFA1rttfdf81OrQZr
+IuERCFgQqxYqMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAPBgNVHREE
+CDAGhwR/AAABMAoGCCqGSM49BAMCA0cAMEQCIHKZHKj0pj3MNkytRh674x7Q1aTs
+meNK+Ee9fN0Sy8DRAiBkx+mxjr09WTEXod2z+RH/g/a+HUbZUM+0R5RJSgaULQ==
 -----END CERTIFICATE-----
diff --git a/chromium/net/data/ssl/certificates/2048-rsa-intermediate.pem b/chromium/net/data/ssl/certificates/2048-rsa-intermediate.pem
index 9a76c5ef633..bfb349b36c6 100644
--- a/chromium/net/data/ssl/certificates/2048-rsa-intermediate.pem
+++ b/chromium/net/data/ssl/certificates/2048-rsa-intermediate.pem
@@ -5,71 +5,71 @@ Certificate:
     Signature Algorithm: sha256WithRSAEncryption
         Issuer: CN=2048 RSA Test Root CA
         Validity
-            Not Before: Aug 14 02:47:20 2014 GMT
-            Not After : Aug 11 02:47:20 2024 GMT
+            Not Before: Apr 22 20:28:41 2016 GMT
+            Not After : Apr 20 20:28:41 2026 GMT
         Subject: CN=2048 rsa Test intermediate CA
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (2048 bit)
                 Modulus:
-                    00:d6:1e:ce:64:94:63:23:cb:67:a7:e8:72:85:57:
-                    d2:9b:f0:af:6b:ad:d8:a8:4a:04:24:77:23:ce:44:
-                    94:55:2c:22:42:70:18:95:e0:8d:44:cd:70:76:7e:
-                    eb:4b:be:68:1e:21:25:60:01:36:51:2f:4a:7b:ad:
-                    90:74:a9:7f:53:9a:32:46:da:45:79:e4:73:cf:63:
-                    e8:d6:65:f4:c4:09:3c:95:9e:24:de:8d:65:1b:04:
-                    55:45:92:6e:8d:90:a2:96:ce:d6:4f:7e:1e:af:e8:
-                    70:2e:9b:e5:c4:91:d1:d5:4e:91:71:ca:9c:79:0e:
-                    fa:2f:ce:0f:76:8d:ae:05:9d:1b:fb:da:0d:3a:fc:
-                    28:d4:bf:e2:35:d1:1b:66:d8:33:23:00:3d:69:4d:
-                    60:3f:aa:18:73:0b:61:c0:d0:6f:49:42:26:95:33:
-                    af:57:e3:92:f0:c5:3f:51:24:c9:60:f1:99:c3:b9:
-                    ae:a7:18:9c:7d:16:ac:49:d0:ca:1e:35:c1:91:98:
-                    da:4f:4b:e9:87:ea:61:eb:52:c3:d2:f2:96:cf:7e:
-                    2f:e2:29:ed:35:ac:8b:44:12:7d:a5:16:45:6f:30:
-                    cc:f1:47:ba:ef:ed:ee:fc:e5:6d:a5:d8:ae:65:f9:
-                    6c:65:ea:b1:7f:b2:de:69:44:2a:44:75:2f:d8:90:
-                    21:83
+                    00:c2:7e:77:f6:cb:2f:92:95:d0:ee:f8:6e:01:9c:
+                    60:80:9c:49:fc:44:ff:d4:86:11:9a:18:4c:ce:d4:
+                    43:93:80:6a:f5:f3:a7:d6:88:a4:31:19:56:e1:17:
+                    06:dc:ed:6f:7b:12:cf:2e:77:f1:fc:44:a7:46:86:
+                    58:76:2c:86:e5:1f:8f:3c:60:cf:04:14:b5:58:04:
+                    64:81:9e:9c:36:97:0e:a1:ad:fd:a0:58:80:c0:b7:
+                    8e:49:16:d3:2e:9c:51:01:5a:13:0a:88:c5:35:b1:
+                    2d:1f:11:fd:b2:b4:ce:b6:b3:90:c8:8e:5d:2e:45:
+                    ed:71:09:80:2e:99:76:f7:92:91:a8:ca:82:96:97:
+                    85:8a:ea:d6:9b:ac:36:a9:6a:52:9d:f3:28:b4:3c:
+                    ff:22:75:fc:ad:3b:fc:6b:ee:9b:25:52:ec:63:6f:
+                    ce:eb:64:6d:3f:39:ab:76:bf:76:b1:df:80:eb:28:
+                    c5:b4:c8:cf:9a:2c:2a:76:c9:15:75:24:6a:fb:bf:
+                    4d:43:38:d8:ca:0d:12:64:7c:84:99:82:4c:ff:15:
+                    3b:e9:ef:d6:47:b4:99:93:c5:cb:47:45:df:a7:d5:
+                    f9:c5:b9:d1:ec:e4:4e:bd:13:89:3b:2f:36:32:ff:
+                    0d:ed:a7:b3:88:ca:63:5b:57:58:9e:88:d6:97:6f:
+                    1b:13
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Subject Key Identifier: 
-                57:B4:34:15:0B:1C:1B:9B:BA:76:03:B9:E4:05:28:54:64:29:33:58
+                5C:C2:71:76:C1:26:B1:0C:31:73:C8:92:D3:1E:01:12:4B:CC:5A:14
             X509v3 Key Usage: critical
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         0d:67:2b:5b:17:ca:35:a1:6e:b8:ab:79:70:c0:4c:f7:c2:fb:
-         ee:2f:b4:2a:c4:d8:75:e9:78:31:5f:7a:34:d4:bc:c0:2d:49:
-         34:22:fb:b3:40:27:ab:24:e0:97:ed:e5:7a:a5:ec:5b:bf:01:
-         7e:94:84:43:7e:10:30:82:ad:33:94:01:56:f2:56:14:b5:95:
-         75:48:22:fc:3f:87:74:44:31:01:a9:1a:43:c4:7c:87:0d:97:
-         09:4c:22:4a:78:92:09:df:98:21:c7:8f:fb:e6:6a:7a:92:c6:
-         0a:af:80:b4:d4:10:99:81:82:75:53:3e:42:8f:e6:6b:9c:75:
-         59:17:c7:37:ae:17:72:31:f3:7c:8f:52:d9:ce:39:3a:07:2b:
-         1f:4e:e3:bf:84:17:cf:29:6b:90:48:dc:06:39:a8:84:60:41:
-         15:e8:6e:97:14:8b:51:61:4a:8e:9e:d0:14:73:b2:7c:a1:e6:
-         f5:ca:11:f5:50:1a:1d:fe:4f:c1:18:cc:85:92:7f:7b:e3:97:
-         78:74:48:db:19:ab:5f:12:f9:17:75:1b:e9:52:a3:f7:55:c8:
-         88:7e:bd:a8:a3:ea:a2:28:2b:44:be:f9:81:af:b8:ee:2e:31:
-         3e:67:a0:9f:e7:aa:00:16:6d:70:d4:3a:d8:78:a0:3b:f4:9e:
-         bd:a5:2e:20
+         6c:e3:16:4f:09:81:d2:61:e3:c1:39:35:9d:f3:1e:2c:4f:77:
+         40:26:e7:24:83:55:89:60:3d:6c:65:d4:9e:47:99:5f:09:ea:
+         1a:1a:16:59:8d:82:85:c8:e5:52:cc:e2:89:b1:3f:d7:e2:51:
+         43:5f:d1:ab:bc:5c:0d:22:c7:85:7f:95:db:a1:55:ee:7d:98:
+         c9:41:ee:8b:69:c0:e6:8c:29:3d:fb:d1:66:1f:5a:79:2d:6a:
+         0e:6f:9d:84:60:56:3e:1f:7e:0a:b2:40:af:97:1d:a8:dd:92:
+         d8:b9:57:ee:62:98:f9:f1:0f:32:3c:a0:bd:30:6d:cf:b7:7b:
+         17:83:fe:e8:09:7d:ca:a7:13:61:de:47:55:a5:d0:0d:0c:73:
+         75:8a:34:e3:91:19:1f:e7:09:07:2b:8d:67:5c:1a:bf:83:9f:
+         d3:ca:dd:c5:28:3f:1e:0a:6b:7d:eb:da:60:bb:9a:6c:a2:30:
+         8d:f7:3a:01:56:ba:9e:e1:5b:7a:bb:8d:ba:ff:3c:67:a7:b0:
+         8c:09:42:52:03:ea:33:ff:e9:c4:c0:4f:7b:ad:48:26:f0:f1:
+         11:a8:ba:1d:30:6e:9b:6e:31:b7:70:8a:5d:e7:37:21:c4:f3:
+         38:96:8e:60:fb:19:d3:92:63:b8:8f:14:41:25:fb:62:29:34:
+         11:c5:a0:a2
 -----BEGIN CERTIFICATE-----
 MIIDBTCCAe2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAgMR4wHAYDVQQDDBUyMDQ4
-IFJTQSBUZXN0IFJvb3QgQ0EwHhcNMTQwODE0MDI0NzIwWhcNMjQwODExMDI0NzIw
+IFJTQSBUZXN0IFJvb3QgQ0EwHhcNMTYwNDIyMjAyODQxWhcNMjYwNDIwMjAyODQx
 WjAoMSYwJAYDVQQDDB0yMDQ4IHJzYSBUZXN0IGludGVybWVkaWF0ZSBDQTCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANYezmSUYyPLZ6focoVX0pvwr2ut
-2KhKBCR3I85ElFUsIkJwGJXgjUTNcHZ+60u+aB4hJWABNlEvSnutkHSpf1OaMkba
-RXnkc89j6NZl9MQJPJWeJN6NZRsEVUWSbo2QopbO1k9+Hq/ocC6b5cSR0dVOkXHK
-nHkO+i/OD3aNrgWdG/vaDTr8KNS/4jXRG2bYMyMAPWlNYD+qGHMLYcDQb0lCJpUz
-r1fjkvDFP1EkyWDxmcO5rqcYnH0WrEnQyh41wZGY2k9L6YfqYetSw9Lyls9+L+Ip
-7TWsi0QSfaUWRW8wzPFHuu/t7vzlbaXYrmX5bGXqsX+y3mlEKkR1L9iQIYMCAwEA
-AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUV7Q0FQscG5u6dgO55AUo
-VGQpM1gwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQANZytbF8o1
-oW64q3lwwEz3wvvuL7QqxNh16XgxX3o01LzALUk0IvuzQCerJOCX7eV6pexbvwF+
-lIRDfhAwgq0zlAFW8lYUtZV1SCL8P4d0RDEBqRpDxHyHDZcJTCJKeJIJ35ghx4/7
-5mp6ksYKr4C01BCZgYJ1Uz5Cj+ZrnHVZF8c3rhdyMfN8j1LZzjk6BysfTuO/hBfP
-KWuQSNwGOaiEYEEV6G6XFItRYUqOntAUc7J8oeb1yhH1UBod/k/BGMyFkn9745d4
-dEjbGatfEvkXdRvpUqP3VciIfr2oo+qiKCtEvvmBr7juLjE+Z6Cf56oAFm1w1DrY
-eKA79J69pS4g
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMJ+d/bLL5KV0O74bgGcYICcSfxE
+/9SGEZoYTM7UQ5OAavXzp9aIpDEZVuEXBtztb3sSzy538fxEp0aGWHYshuUfjzxg
+zwQUtVgEZIGenDaXDqGt/aBYgMC3jkkW0y6cUQFaEwqIxTWxLR8R/bK0zrazkMiO
+XS5F7XEJgC6ZdveSkajKgpaXhYrq1pusNqlqUp3zKLQ8/yJ1/K07/GvumyVS7GNv
+zutkbT85q3a/drHfgOsoxbTIz5osKnbJFXUkavu/TUM42MoNEmR8hJmCTP8VO+nv
+1ke0mZPFy0dF36fV+cW50ezkTr0TiTsvNjL/De2ns4jKY1tXWJ6I1pdvGxMCAwEA
+AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUXMJxdsEmsQwxc8iS0x4B
+EkvMWhQwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQBs4xZPCYHS
+YePBOTWd8x4sT3dAJuckg1WJYD1sZdSeR5lfCeoaGhZZjYKFyOVSzOKJsT/X4lFD
+X9GrvFwNIseFf5XboVXufZjJQe6LacDmjCk9+9FmH1p5LWoOb52EYFY+H34KskCv
+lx2o3ZLYuVfuYpj58Q8yPKC9MG3Pt3sXg/7oCX3KpxNh3kdVpdANDHN1ijTjkRkf
+5wkHK41nXBq/g5/Tyt3FKD8eCmt969pgu5psojCN9zoBVrqe4Vt6u426/zxnp7CM
+CUJSA+oz/+nEwE97rUgm8PERqLodMG6bbjG3cIpd5zchxPM4lo5g+xnTkmO4jxRB
+JftiKTQRxaCi
 -----END CERTIFICATE-----
diff --git a/chromium/net/data/ssl/certificates/2048-rsa-root.pem b/chromium/net/data/ssl/certificates/2048-rsa-root.pem
index 5c763962dca..da02ecef748 100644
--- a/chromium/net/data/ssl/certificates/2048-rsa-root.pem
+++ b/chromium/net/data/ssl/certificates/2048-rsa-root.pem
@@ -1,75 +1,75 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number: 14499839070086363067 (0xc939c6cf90d3f7bb)
-    Signature Algorithm: sha1WithRSAEncryption
+        Serial Number: 14510385134211580431 (0xc95f3e6676ca420f)
+    Signature Algorithm: sha256WithRSAEncryption
         Issuer: CN=2048 RSA Test Root CA
         Validity
-            Not Before: Aug 14 02:47:18 2014 GMT
-            Not After : Aug 11 02:47:18 2024 GMT
+            Not Before: Apr 22 20:28:40 2016 GMT
+            Not After : Apr 20 20:28:40 2026 GMT
         Subject: CN=2048 RSA Test Root CA
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (2048 bit)
                 Modulus:
-                    00:be:2f:20:64:17:dd:e9:53:17:6c:a4:51:56:45:
-                    68:0a:49:54:5e:76:96:d3:29:d5:7a:67:bf:ce:bc:
-                    63:46:a4:37:7f:e3:f2:f6:84:9e:5f:7b:69:e8:10:
-                    db:76:cd:18:36:7c:48:d3:16:32:86:5f:78:d0:11:
-                    f4:91:65:fd:4b:95:79:d5:fb:39:24:4b:94:34:75:
-                    3e:52:9d:32:4c:bc:92:5a:2e:ba:d9:f2:77:2b:1a:
-                    e9:26:73:16:ba:92:1c:da:4d:39:10:bb:3c:b2:1a:
-                    c0:c4:5f:92:7d:43:52:05:81:54:64:61:40:d5:73:
-                    f5:19:f5:ab:75:9f:cb:33:49:e9:f9:34:24:20:e3:
-                    7f:7b:d2:59:fb:42:42:70:36:61:1c:94:e7:7b:55:
-                    46:63:6b:66:31:da:46:01:0d:28:0f:16:06:76:49:
-                    e0:61:18:f6:e6:34:fa:96:12:5b:32:f6:ef:02:6e:
-                    c8:40:9c:89:13:7c:00:58:b6:b2:8a:cb:d6:3f:3d:
-                    e2:64:40:37:4b:5a:48:a9:5e:c3:e2:93:ac:72:7a:
-                    2a:b5:f0:56:4b:7f:3b:1a:db:e6:f5:b2:a8:03:82:
-                    73:16:9a:96:fa:86:72:f6:77:ae:74:fe:f9:f3:31:
-                    d3:2d:55:c9:70:df:31:e1:1f:ab:79:49:ce:4d:43:
-                    9d:61
+                    00:a0:0b:c9:40:3e:46:2d:4d:a1:38:35:9d:68:a5:
+                    9d:3e:8f:59:39:ba:8f:a5:42:74:7d:e8:17:3b:da:
+                    75:13:98:6b:73:f1:4b:a9:6d:5e:70:67:5c:7a:08:
+                    92:58:b2:64:a1:05:2d:53:41:bd:ab:a8:31:73:d4:
+                    56:07:ab:68:b9:39:39:52:65:6a:d7:1e:16:38:16:
+                    c5:12:3c:f0:2a:50:59:43:31:4a:d0:fa:51:13:17:
+                    2a:89:84:42:91:1b:50:19:e8:ce:33:d8:a9:0a:ea:
+                    c1:9a:00:9e:c1:14:58:40:51:a4:20:50:1b:a1:93:
+                    b2:20:82:fe:80:b5:52:35:e7:e6:0b:72:b6:f5:a9:
+                    39:67:67:45:4b:be:c6:c0:2a:cd:b7:ef:77:2d:14:
+                    c8:98:a5:8d:24:32:ed:db:1e:e4:6c:95:ee:a5:f0:
+                    ca:39:c2:df:dd:1c:8e:9f:cb:9c:c1:00:9c:ef:48:
+                    09:97:a6:5a:d8:a8:3d:b9:15:95:35:6a:10:bf:40:
+                    58:0e:4a:f4:d8:9a:8a:4f:3e:ee:48:4a:fe:5f:f6:
+                    68:e2:75:3e:5a:32:73:c7:97:e7:0c:25:6f:a3:7d:
+                    db:08:3d:b4:d3:5d:2f:49:e7:59:1f:5a:b9:7e:dc:
+                    cb:e4:97:44:60:a1:d1:6b:2d:3c:79:1c:9f:b8:7b:
+                    6a:1b
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Subject Key Identifier: 
-                C0:5A:F2:F5:09:34:9C:ED:FC:E8:2E:0A:34:D9:C6:43:07:CA:6C:99
+                FD:5B:72:5F:28:F3:AB:A1:0F:21:EF:C3:F9:99:17:60:DC:BD:1F:BD
             X509v3 Key Usage: critical
                 Certificate Sign, CRL Sign
-    Signature Algorithm: sha1WithRSAEncryption
-         63:9f:6a:fd:29:e7:ba:99:8b:94:93:17:22:2e:39:3a:45:fa:
-         1c:18:10:ea:7a:d0:2f:0e:da:3c:18:95:e1:05:0a:40:4d:6f:
-         16:43:ec:19:8d:b7:33:90:fa:70:b3:94:a4:49:e6:7d:e4:c6:
-         91:91:5d:b3:c3:45:08:12:1a:4e:67:c3:c3:70:8d:0d:0f:c6:
-         b2:0c:18:52:db:62:2f:df:db:c9:f8:42:a3:99:a7:35:a6:7f:
-         36:df:8b:29:f0:79:ae:07:4f:e3:5c:3d:53:28:e7:a8:3a:74:
-         02:21:aa:09:97:89:7a:a4:4d:07:93:1e:58:3c:c9:89:9c:0c:
-         07:b9:f3:27:b2:41:61:7a:55:1f:51:93:5e:27:08:74:96:4e:
-         ce:50:0a:d2:a4:0e:9f:84:6c:63:50:05:37:93:0d:c8:19:9c:
-         85:01:04:e5:fc:96:63:2b:d3:a9:eb:b4:81:f7:e1:e7:17:19:
-         cb:da:1e:2a:6b:7c:33:fe:e3:7f:47:82:1e:5f:27:82:39:71:
-         fd:32:9b:c6:b4:fb:9b:08:cf:5f:be:97:fd:aa:64:c8:3d:87:
-         78:dc:6e:00:58:0e:d1:79:0d:7c:d8:75:a2:c0:36:bd:4b:f9:
-         ac:56:c2:5a:4d:dd:12:bb:63:d0:be:fd:5b:89:84:73:31:b3:
-         73:83:de:ac
+    Signature Algorithm: sha256WithRSAEncryption
+         54:78:5d:70:a0:c3:44:48:93:2b:af:9e:41:26:b0:3e:7d:c7:
+         f0:ae:b1:37:d0:93:33:33:30:a6:d0:8c:20:cd:fe:fd:8b:1b:
+         bf:1d:72:25:fd:56:11:56:63:c0:3c:b3:6b:db:db:65:28:4f:
+         6a:19:0b:2d:7c:1d:f1:46:50:14:9d:33:2e:75:dd:a7:45:15:
+         44:54:61:6e:96:8f:a2:c4:60:8d:4e:49:08:07:32:d2:a9:c3:
+         c8:68:96:b2:50:85:3b:c2:4a:f9:e4:16:87:16:ea:47:4e:00:
+         50:43:4d:78:99:c7:aa:ea:23:2a:b8:b8:7a:97:de:ba:97:8d:
+         e7:4b:74:e4:ed:53:5e:d1:5b:ed:5a:e2:95:a3:94:ad:d8:c4:
+         b1:62:25:29:93:8b:77:27:8f:71:51:64:b7:56:d5:33:82:5e:
+         6f:39:56:cf:14:fd:1f:e2:46:9d:dd:2f:74:53:f1:27:87:f7:
+         fe:b0:6c:47:db:ff:fa:7b:17:97:a8:b9:ba:07:1e:dc:b5:47:
+         de:84:38:57:a4:47:6c:39:16:7f:1f:dd:63:99:1b:e1:28:90:
+         aa:42:07:2c:b2:e7:be:ef:8c:ca:a5:1e:33:5c:e5:73:cf:ba:
+         b3:33:d1:06:fb:c4:fa:f2:bc:f1:5c:92:69:fb:71:15:05:e3:
+         99:a6:ba:cb
 -----BEGIN CERTIFICATE-----
-MIIDBTCCAe2gAwIBAgIJAMk5xs+Q0/e7MA0GCSqGSIb3DQEBBQUAMCAxHjAcBgNV
-BAMMFTIwNDggUlNBIFRlc3QgUm9vdCBDQTAeFw0xNDA4MTQwMjQ3MThaFw0yNDA4
-MTEwMjQ3MThaMCAxHjAcBgNVBAMMFTIwNDggUlNBIFRlc3QgUm9vdCBDQTCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL4vIGQX3elTF2ykUVZFaApJVF52
-ltMp1Xpnv868Y0akN3/j8vaEnl97aegQ23bNGDZ8SNMWMoZfeNAR9JFl/UuVedX7
-OSRLlDR1PlKdMky8klouutnydysa6SZzFrqSHNpNORC7PLIawMRfkn1DUgWBVGRh
-QNVz9Rn1q3WfyzNJ6fk0JCDjf3vSWftCQnA2YRyU53tVRmNrZjHaRgENKA8WBnZJ
-4GEY9uY0+pYSWzL27wJuyECciRN8AFi2sorL1j894mRAN0taSKlew+KTrHJ6KrXw
-Vkt/Oxrb5vWyqAOCcxaalvqGcvZ3rnT++fMx0y1VyXDfMeEfq3lJzk1DnWECAwEA
-AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUwFry9Qk0nO386C4KNNnG
-QwfKbJkwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQBjn2r9Kee6
-mYuUkxciLjk6RfocGBDqetAvDto8GJXhBQpATW8WQ+wZjbczkPpws5SkSeZ95MaR
-kV2zw0UIEhpOZ8PDcI0ND8ayDBhS22Iv39vJ+EKjmac1pn8234sp8HmuB0/jXD1T
-KOeoOnQCIaoJl4l6pE0Hkx5YPMmJnAwHufMnskFhelUfUZNeJwh0lk7OUArSpA6f
-hGxjUAU3kw3IGZyFAQTl/JZjK9Op67SB9+HnFxnL2h4qa3wz/uN/R4IeXyeCOXH9
-MpvGtPubCM9fvpf9qmTIPYd43G4AWA7ReQ182HWiwDa9S/msVsJaTd0Su2PQvv1b
-iYRzMbNzg96s
+MIIDBTCCAe2gAwIBAgIJAMlfPmZ2ykIPMA0GCSqGSIb3DQEBCwUAMCAxHjAcBgNV
+BAMMFTIwNDggUlNBIFRlc3QgUm9vdCBDQTAeFw0xNjA0MjIyMDI4NDBaFw0yNjA0
+MjAyMDI4NDBaMCAxHjAcBgNVBAMMFTIwNDggUlNBIFRlc3QgUm9vdCBDQTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKALyUA+Ri1NoTg1nWilnT6PWTm6
+j6VCdH3oFzvadROYa3PxS6ltXnBnXHoIkliyZKEFLVNBvauoMXPUVgeraLk5OVJl
+atceFjgWxRI88CpQWUMxStD6URMXKomEQpEbUBnozjPYqQrqwZoAnsEUWEBRpCBQ
+G6GTsiCC/oC1UjXn5gtytvWpOWdnRUu+xsAqzbfvdy0UyJiljSQy7dse5GyV7qXw
+yjnC390cjp/LnMEAnO9ICZemWtioPbkVlTVqEL9AWA5K9Niaik8+7khK/l/2aOJ1
+Ployc8eX5wwlb6N92wg9tNNdL0nnWR9auX7cy+SXRGCh0WstPHkcn7h7ahsCAwEA
+AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU/VtyXyjzq6EPIe/D+ZkX
+YNy9H70wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQBUeF1woMNE
+SJMrr55BJrA+fcfwrrE30JMzMzCm0Iwgzf79ixu/HXIl/VYRVmPAPLNr29tlKE9q
+GQstfB3xRlAUnTMudd2nRRVEVGFulo+ixGCNTkkIBzLSqcPIaJayUIU7wkr55BaH
+FupHTgBQQ014mceq6iMquLh6l966l43nS3Tk7VNe0VvtWuKVo5St2MSxYiUpk4t3
+J49xUWS3VtUzgl5vOVbPFP0f4kad3S90U/Enh/f+sGxH2//6exeXqLm6Bx7ctUfe
+hDhXpEdsORZ/H91jmRvhKJCqQgcssue+74zKpR4zXOVzz7qzM9EG+8T68rzxXJJp
++3EVBeOZprrL
 -----END CERTIFICATE-----
diff --git a/chromium/net/data/ssl/certificates/768-rsa-ee-by-1024-rsa-intermediate.pem b/chromium/net/data/ssl/certificates/768-rsa-ee-by-1024-rsa-intermediate.pem
index f2b5c4e73ee..725ca3a5545 100644
--- a/chromium/net/data/ssl/certificates/768-rsa-ee-by-1024-rsa-intermediate.pem
+++ b/chromium/net/data/ssl/certificates/768-rsa-ee-by-1024-rsa-intermediate.pem
@@ -1,47 +1,58 @@
 Certificate:
     Data:
-        Version: 1 (0x0)
+        Version: 3 (0x2)
         Serial Number: 1 (0x1)
     Signature Algorithm: sha256WithRSAEncryption
         Issuer: CN=1024 rsa Test intermediate CA
         Validity
-            Not Before: Aug 14 02:47:20 2014 GMT
-            Not After : Aug 11 02:47:20 2024 GMT
+            Not Before: Apr 22 20:28:41 2016 GMT
+            Not After : Apr 20 20:28:41 2026 GMT
         Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (768 bit)
                 Modulus:
-                    00:9d:dd:04:37:3b:8d:87:d7:2b:03:b4:06:96:72:
-                    c3:03:61:8d:57:1c:c8:8e:f4:34:2a:61:ff:37:a9:
-                    f1:b9:25:5d:d2:7c:97:bc:b9:bd:b4:e7:35:dc:2a:
-                    06:74:90:66:c0:b1:4d:93:7c:af:05:57:57:c4:b6:
-                    b5:6e:fc:cb:d7:1a:c4:ae:ba:76:31:4c:f2:5e:7b:
-                    90:fc:6a:c0:72:d1:e7:78:2f:12:e0:24:79:86:dc:
-                    0b:bb:fe:d0:78:dd:09
+                    00:a0:a2:fc:c2:cd:0e:5f:d9:64:7d:c9:6e:26:bc:
+                    04:5f:cb:c4:fb:01:66:5d:76:82:4b:60:11:12:0f:
+                    44:b4:e8:1e:41:86:df:63:22:34:1c:4f:da:80:40:
+                    51:fb:9d:a0:77:1e:af:dd:dd:dc:36:e4:67:d9:2f:
+                    45:56:48:38:58:d8:df:59:21:c6:64:01:eb:7a:e3:
+                    4f:ce:cc:e3:fe:53:98:12:86:c6:76:d1:c2:fb:06:
+                    0e:0c:b0:80:d1:c6:bf
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                85:06:8C:BA:66:3C:B8:5C:2D:85:7B:B2:22:A5:73:48:0F:1B:B7:55
+            X509v3 Authority Key Identifier: 
+                keyid:AB:91:E6:2B:C9:C1:2E:7B:A0:65:F1:D4:8A:CE:03:4D:F4:7A:18:13
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication, TLS Web Client Authentication
             X509v3 Subject Alternative Name: 
                 IP Address:127.0.0.1
     Signature Algorithm: sha256WithRSAEncryption
-         27:68:b7:d7:f5:a8:22:ee:34:94:26:6f:04:37:6d:f0:82:b3:
-         84:5c:c9:f0:a3:8d:94:b0:30:e2:9a:7b:66:7c:d5:67:9a:85:
-         cf:fa:31:cf:63:74:fe:76:55:ec:9f:95:a4:6e:e3:a4:a6:15:
-         0d:ed:1e:c7:52:0b:18:67:dc:e0:b9:dd:e8:86:9b:7a:5c:36:
-         42:c4:de:77:40:b7:57:d0:d8:7e:c6:84:c9:8f:76:14:26:80:
-         66:fd:61:c6:11:89:67:c8:b7:83:6b:bf:c8:7c:86:75:16:99:
-         d9:9f:ca:09:7e:45:5f:a5:83:14:75:4b:74:27:7e:89:9e:4b:
-         14:a8
+         4b:ce:06:5e:cf:bb:09:25:5f:43:b4:9d:08:f5:0e:85:99:d7:
+         b9:d7:c0:51:3e:8e:d2:ad:66:41:6a:a1:c1:cf:f4:0b:de:3c:
+         9b:00:58:7a:7f:da:3f:18:8c:68:c3:35:29:42:94:31:2c:03:
+         a9:88:33:2b:cf:8b:5a:1e:36:8e:a9:ad:30:1f:14:2e:3a:81:
+         eb:c2:48:97:e4:8e:4c:63:8f:51:c2:12:4c:5b:17:bd:b5:18:
+         26:d2:92:35:06:bb:3a:40:1b:b2:3a:35:a5:21:77:15:b4:2a:
+         a6:89:9f:54:7c:73:21:f0:e0:ab:44:46:e6:c2:0a:ed:c8:22:
+         79:ad
 -----BEGIN CERTIFICATE-----
-MIIB6DCCAVECAQEwDQYJKoZIhvcNAQELBQAwKDEmMCQGA1UEAwwdMTAyNCByc2Eg
-VGVzdCBpbnRlcm1lZGlhdGUgQ0EwHhcNMTQwODE0MDI0NzIwWhcNMjQwODExMDI0
-NzIwWjBgMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UE
-BwwNTW91bnRhaW4gVmlldzEQMA4GA1UECgwHVGVzdCBDQTESMBAGA1UEAwwJMTI3
-LjAuMC4xMHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAJ3dBDc7jYfXKwO0BpZywwNh
-jVccyI70NCph/zep8bklXdJ8l7y5vbTnNdwqBnSQZsCxTZN8rwVXV8S2tW78y9ca
-xK66djFM8l57kPxqwHLR53gvEuAkeYbcC7v+0HjdCQIDAQABoxMwETAPBgNVHREE
-CDAGhwR/AAABMA0GCSqGSIb3DQEBCwUAA4GBACdot9f1qCLuNJQmbwQ3bfCCs4Rc
-yfCjjZSwMOKae2Z81Weahc/6Mc9jdP52VeyflaRu46SmFQ3tHsdSCxhn3OC53eiG
-m3pcNkLE3ndAt1fQ2H7GhMmPdhQmgGb9YcYRiWfIt4Nrv8h8hnUWmdmfygl+RV+l
-gxR1S3QnfomeSxSo
+MIICWzCCAcSgAwIBAgIBATANBgkqhkiG9w0BAQsFADAoMSYwJAYDVQQDDB0xMDI0
+IHJzYSBUZXN0IGludGVybWVkaWF0ZSBDQTAeFw0xNjA0MjIyMDI4NDFaFw0yNjA0
+MjAyMDI4NDFaMGAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYw
+FAYDVQQHDA1Nb3VudGFpbiBWaWV3MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQD
+DAkxMjcuMC4wLjEwfDANBgkqhkiG9w0BAQEFAANrADBoAmEAoKL8ws0OX9lkfclu
+JrwEX8vE+wFmXXaCS2AREg9EtOgeQYbfYyI0HE/agEBR+52gdx6v3d3cNuRn2S9F
+Vkg4WNjfWSHGZAHreuNPzszj/lOYEobGdtHC+wYODLCA0ca/AgMBAAGjgYAwfjAM
+BgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSFBoy6Zjy4XC2Fe7IipXNIDxu3VTAfBgNV
+HSMEGDAWgBSrkeYrycEue6Bl8dSKzgNN9HoYEzAdBgNVHSUEFjAUBggrBgEFBQcD
+AQYIKwYBBQUHAwIwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQsFAAOBgQBL
+zgZez7sJJV9DtJ0I9Q6Fmde518BRPo7SrWZBaqHBz/QL3jybAFh6f9o/GIxowzUp
+QpQxLAOpiDMrz4taHjaOqa0wHxQuOoHrwkiX5I5MY49RwhJMWxe9tRgm0pI1Brs6
+QBuyOjWlIXcVtCqmiZ9UfHMh8OCrREbmwgrtyCJ5rQ==
 -----END CERTIFICATE-----
diff --git a/chromium/net/data/ssl/certificates/768-rsa-ee-by-2048-rsa-intermediate.pem b/chromium/net/data/ssl/certificates/768-rsa-ee-by-2048-rsa-intermediate.pem
index e8c6a876339..c661a132834 100644
--- a/chromium/net/data/ssl/certificates/768-rsa-ee-by-2048-rsa-intermediate.pem
+++ b/chromium/net/data/ssl/certificates/768-rsa-ee-by-2048-rsa-intermediate.pem
@@ -1,56 +1,68 @@
 Certificate:
     Data:
-        Version: 1 (0x0)
+        Version: 3 (0x2)
         Serial Number: 1 (0x1)
     Signature Algorithm: sha256WithRSAEncryption
         Issuer: CN=2048 rsa Test intermediate CA
         Validity
-            Not Before: Aug 14 02:47:20 2014 GMT
-            Not After : Aug 11 02:47:20 2024 GMT
+            Not Before: Apr 22 20:28:41 2016 GMT
+            Not After : Apr 20 20:28:41 2026 GMT
         Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (768 bit)
                 Modulus:
-                    00:af:0f:6a:0e:04:14:4c:31:8b:b8:47:58:a7:c0:
-                    53:76:3c:4d:8d:c7:ec:9c:6c:e7:51:53:63:c4:f3:
-                    dc:d4:29:1b:be:89:a8:46:8e:ce:ca:c9:52:36:fe:
-                    4b:79:7a:4a:22:45:6f:ab:18:d8:8c:8a:7b:56:1e:
-                    1f:a0:37:c1:96:eb:83:35:6a:bf:dc:7e:ab:0a:d4:
-                    94:62:ac:03:8b:3a:e6:85:cf:08:4c:30:81:0e:f5:
-                    ab:74:33:82:a6:1e:47
+                    00:c3:4d:cf:b1:46:75:00:21:75:d4:6b:10:dd:a8:
+                    51:9e:90:ea:3a:5f:58:b5:23:a4:d9:30:bc:cb:08:
+                    31:bc:2d:88:64:37:56:67:f8:4b:c5:0f:9f:49:11:
+                    bd:d7:c1:9e:07:46:cb:3b:fa:70:7a:7d:6f:51:3c:
+                    10:81:33:f8:59:98:ed:81:1c:5a:bd:6b:ee:71:97:
+                    c8:0f:c7:a7:9a:d5:e0:3c:fb:ee:3a:0c:7f:69:63:
+                    61:cf:e2:de:44:b1:d7
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                9B:F2:E7:0F:32:A4:54:B7:06:99:EC:CF:8B:5F:E1:BE:E7:09:32:8C
+            X509v3 Authority Key Identifier: 
+                keyid:5C:C2:71:76:C1:26:B1:0C:31:73:C8:92:D3:1E:01:12:4B:CC:5A:14
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication, TLS Web Client Authentication
             X509v3 Subject Alternative Name: 
                 IP Address:127.0.0.1
     Signature Algorithm: sha256WithRSAEncryption
-         0e:3d:28:53:d2:48:e9:6f:45:39:d3:ee:83:1e:70:ae:d3:c3:
-         6c:d0:f0:b3:79:94:35:a7:b1:f1:ab:1f:01:0f:13:79:2c:8b:
-         45:08:30:5b:55:dd:70:a7:80:34:b5:45:20:09:07:4d:a3:11:
-         d5:02:24:55:1f:be:91:b7:60:d3:78:5d:8f:17:e0:a5:af:71:
-         08:12:65:e7:44:85:95:07:4a:7e:74:67:c3:33:79:2c:a2:e0:
-         95:b7:db:7a:ad:c2:a4:c0:7a:b5:e3:9d:15:35:bd:d2:cc:a7:
-         d4:65:21:41:84:5b:4b:b7:d5:26:6f:1e:8f:f8:07:f7:23:c0:
-         03:3c:0b:d1:94:4b:79:a9:0c:aa:4c:58:8c:13:f2:eb:bf:25:
-         51:01:d9:90:46:83:14:72:0a:3c:ba:d9:01:60:b9:e4:57:72:
-         42:3f:a5:db:58:d9:bb:96:9d:81:e8:f3:84:3e:c4:b7:45:06:
-         f9:9b:82:5d:da:4d:ed:d8:12:88:08:4d:47:d2:f6:d4:d1:8d:
-         e5:b2:bb:71:54:da:51:21:55:29:71:00:56:f1:84:49:45:4d:
-         e9:2d:b3:ba:9a:3d:5e:9b:c6:3c:0a:39:9e:8e:e9:87:eb:80:
-         c9:3a:4e:34:27:c8:f2:d0:a5:a3:91:83:35:34:76:d9:3a:69:
-         20:a4:cc:f8
+         4f:8d:a9:be:61:eb:90:8f:59:29:fe:15:40:1d:2d:27:0b:74:
+         84:c0:0b:d6:c0:2a:23:bb:ed:4f:4d:8e:fa:f9:3e:8c:6d:c0:
+         ba:41:0c:b0:77:c8:eb:b5:72:ac:3e:42:07:f2:a5:8e:98:81:
+         82:91:d2:80:63:5c:32:fb:4c:45:8f:70:d2:52:07:26:9a:3f:
+         28:40:10:4d:71:28:eb:78:03:d1:ed:1e:14:c4:fd:74:49:4a:
+         37:ad:59:e6:29:ef:bc:ae:8a:e1:8d:24:7c:34:7b:63:d4:53:
+         6f:68:f7:08:b3:fe:d3:a1:05:d6:44:d2:37:fe:98:83:3d:15:
+         70:a7:c6:d2:05:ea:72:21:eb:46:3f:3a:d8:6f:0e:7d:7d:75:
+         fc:ad:59:7c:28:d3:98:4b:ae:7b:d5:2e:b9:9c:ab:c5:ca:98:
+         13:bd:1a:0d:63:9c:74:a6:f1:2e:16:2d:ba:b6:71:3e:22:6f:
+         b5:b9:e4:63:c4:c3:98:1d:31:76:ef:18:48:52:16:d1:8a:89:
+         5f:a6:25:d6:c0:58:05:0d:57:6d:fa:03:54:87:ae:3f:d5:f0:
+         a0:a2:30:e1:67:da:09:5c:8b:43:14:6a:b8:31:43:c9:7f:1f:
+         7b:73:3e:52:b2:d5:a7:cf:ce:ea:e8:88:ea:4c:0c:d3:41:7c:
+         c2:66:d6:3c
 -----BEGIN CERTIFICATE-----
-MIICaTCCAVECAQEwDQYJKoZIhvcNAQELBQAwKDEmMCQGA1UEAwwdMjA0OCByc2Eg
-VGVzdCBpbnRlcm1lZGlhdGUgQ0EwHhcNMTQwODE0MDI0NzIwWhcNMjQwODExMDI0
-NzIwWjBgMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UE
-BwwNTW91bnRhaW4gVmlldzEQMA4GA1UECgwHVGVzdCBDQTESMBAGA1UEAwwJMTI3
-LjAuMC4xMHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAK8Pag4EFEwxi7hHWKfAU3Y8
-TY3H7Jxs51FTY8Tz3NQpG76JqEaOzsrJUjb+S3l6SiJFb6sY2IyKe1YeH6A3wZbr
-gzVqv9x+qwrUlGKsA4s65oXPCEwwgQ71q3QzgqYeRwIDAQABoxMwETAPBgNVHREE
-CDAGhwR/AAABMA0GCSqGSIb3DQEBCwUAA4IBAQAOPShT0kjpb0U50+6DHnCu08Ns
-0PCzeZQ1p7Hxqx8BDxN5LItFCDBbVd1wp4A0tUUgCQdNoxHVAiRVH76Rt2DTeF2P
-F+Clr3EIEmXnRIWVB0p+dGfDM3ksouCVt9t6rcKkwHq1450VNb3SzKfUZSFBhFtL
-t9Umbx6P+Af3I8ADPAvRlEt5qQyqTFiME/LrvyVRAdmQRoMUcgo8utkBYLnkV3JC
-P6XbWNm7lp2B6POEPsS3RQb5m4Jd2k3t2BKICE1H0vbU0Y3lsrtxVNpRIVUpcQBW
-8YRJRU3pLbO6mj1em8Y8CjmejumH64DJOk40J8jy0KWjkYM1NHbZOmkgpMz4
+MIIC3DCCAcSgAwIBAgIBATANBgkqhkiG9w0BAQsFADAoMSYwJAYDVQQDDB0yMDQ4
+IHJzYSBUZXN0IGludGVybWVkaWF0ZSBDQTAeFw0xNjA0MjIyMDI4NDFaFw0yNjA0
+MjAyMDI4NDFaMGAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYw
+FAYDVQQHDA1Nb3VudGFpbiBWaWV3MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQD
+DAkxMjcuMC4wLjEwfDANBgkqhkiG9w0BAQEFAANrADBoAmEAw03PsUZ1ACF11GsQ
+3ahRnpDqOl9YtSOk2TC8ywgxvC2IZDdWZ/hLxQ+fSRG918GeB0bLO/pwen1vUTwQ
+gTP4WZjtgRxavWvucZfID8enmtXgPPvuOgx/aWNhz+LeRLHXAgMBAAGjgYAwfjAM
+BgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSb8ucPMqRUtwaZ7M+LX+G+5wkyjDAfBgNV
+HSMEGDAWgBRcwnF2wSaxDDFzyJLTHgESS8xaFDAdBgNVHSUEFjAUBggrBgEFBQcD
+AQYIKwYBBQUHAwIwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQsFAAOCAQEA
+T42pvmHrkI9ZKf4VQB0tJwt0hMAL1sAqI7vtT02O+vk+jG3AukEMsHfI67VyrD5C
+B/KljpiBgpHSgGNcMvtMRY9w0lIHJpo/KEAQTXEo63gD0e0eFMT9dElKN61Z5inv
+vK6K4Y0kfDR7Y9RTb2j3CLP+06EF1kTSN/6Ygz0VcKfG0gXqciHrRj862G8OfX11
+/K1ZfCjTmEuue9UuuZyrxcqYE70aDWOcdKbxLhYturZxPiJvtbnkY8TDmB0xdu8Y
+SFIW0YqJX6Yl1sBYBQ1XbfoDVIeuP9XwoKIw4WfaCVyLQxRquDFDyX8fe3M+UrLV
+p8/O6uiI6kwM00F8wmbWPA==
 -----END CERTIFICATE-----
diff --git a/chromium/net/data/ssl/certificates/768-rsa-ee-by-768-rsa-intermediate.pem b/chromium/net/data/ssl/certificates/768-rsa-ee-by-768-rsa-intermediate.pem
index 3b65aa54b94..f9af743b7de 100644
--- a/chromium/net/data/ssl/certificates/768-rsa-ee-by-768-rsa-intermediate.pem
+++ b/chromium/net/data/ssl/certificates/768-rsa-ee-by-768-rsa-intermediate.pem
@@ -1,44 +1,55 @@
 Certificate:
     Data:
-        Version: 1 (0x0)
+        Version: 3 (0x2)
         Serial Number: 1 (0x1)
     Signature Algorithm: sha256WithRSAEncryption
         Issuer: CN=768 rsa Test intermediate CA
         Validity
-            Not Before: Aug 14 02:47:20 2014 GMT
-            Not After : Aug 11 02:47:20 2024 GMT
+            Not Before: Apr 22 20:28:41 2016 GMT
+            Not After : Apr 20 20:28:41 2026 GMT
         Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (768 bit)
                 Modulus:
-                    00:d5:85:17:4b:e9:ba:d9:84:52:9d:d2:67:7d:a3:
-                    b5:9c:45:3d:35:fd:f9:81:75:1c:d4:bd:65:c4:09:
-                    0f:d5:92:d6:c8:cf:74:e8:fd:6f:f4:d9:52:a1:6d:
-                    32:69:0f:9d:bb:1b:74:0e:41:32:e4:8d:ae:f4:70:
-                    c1:3c:37:48:27:5a:ac:91:79:39:67:ac:f8:55:73:
-                    f2:bb:68:b2:d5:f4:2a:df:ce:3e:e4:8b:a3:24:8c:
-                    d7:34:91:f5:67:45:23
+                    00:b8:74:88:ef:f9:04:6b:00:fc:af:a5:c7:f2:10:
+                    0d:be:09:a7:f7:07:4a:a9:08:6d:99:84:84:41:c4:
+                    cc:85:18:a2:c2:2c:ab:91:79:ed:05:42:e7:d2:8c:
+                    b6:2e:19:80:b2:13:4e:fb:eb:8b:96:58:82:0d:02:
+                    c5:9a:0f:54:f5:d5:61:04:6f:f2:8c:e3:48:b6:b6:
+                    c1:28:43:60:0a:5b:ae:fb:8c:82:ca:ae:8a:51:b4:
+                    58:58:44:84:92:ea:63
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                D4:57:45:F6:6C:FA:DE:15:8B:2A:A1:D2:B1:2B:3F:5C:D3:8E:FA:3A
+            X509v3 Authority Key Identifier: 
+                keyid:9E:E3:A7:83:B0:59:6F:91:9F:C7:D5:34:61:4A:1A:B3:66:C7:44:A0
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication, TLS Web Client Authentication
             X509v3 Subject Alternative Name: 
                 IP Address:127.0.0.1
     Signature Algorithm: sha256WithRSAEncryption
-         44:2d:9b:5a:76:f6:4e:ed:dd:c5:9f:ea:d7:f4:72:1e:f9:3d:
-         6e:7b:0e:48:aa:9d:4d:ed:e9:a1:b0:c5:46:3f:91:23:b4:27:
-         49:fd:40:97:d2:b4:e6:4c:f8:18:54:1c:24:7a:53:cd:7d:da:
-         d3:67:21:42:20:ee:37:87:71:22:7d:1a:88:bd:c3:ce:e9:ed:
-         d5:c3:80:72:6f:64:a2:0e:eb:47:de:b1:fe:35:71:43:55:42:
-         e9:d8:f2:d5:78:4f
+         c5:bc:64:9f:b6:c6:f5:d6:e8:cf:46:7b:bc:52:ae:6b:54:97:
+         ce:05:8d:94:81:a9:cb:4f:8d:9e:45:43:22:0a:54:8a:8f:eb:
+         97:10:cf:c1:44:22:b7:e8:e0:a8:d2:ab:1c:be:eb:b8:b2:b1:
+         36:10:62:d8:a4:4e:db:3b:1c:d3:0e:b2:03:ae:34:04:54:f0:
+         ea:2f:0b:e8:45:1d:14:af:8f:be:53:fd:9c:b4:32:92:2f:4a:
+         d3:3e:53:e1:c1:fc
 -----BEGIN CERTIFICATE-----
-MIIBxjCCAVACAQEwDQYJKoZIhvcNAQELBQAwJzElMCMGA1UEAwwcNzY4IHJzYSBU
-ZXN0IGludGVybWVkaWF0ZSBDQTAeFw0xNDA4MTQwMjQ3MjBaFw0yNDA4MTEwMjQ3
-MjBaMGAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQH
-DA1Nb3VudGFpbiBWaWV3MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQDDAkxMjcu
-MC4wLjEwfDANBgkqhkiG9w0BAQEFAANrADBoAmEA1YUXS+m62YRSndJnfaO1nEU9
-Nf35gXUc1L1lxAkP1ZLWyM906P1v9NlSoW0yaQ+duxt0DkEy5I2u9HDBPDdIJ1qs
-kXk5Z6z4VXPyu2iy1fQq384+5IujJIzXNJH1Z0UjAgMBAAGjEzARMA8GA1UdEQQI
-MAaHBH8AAAEwDQYJKoZIhvcNAQELBQADYQBELZtadvZO7d3Fn+rX9HIe+T1uew5I
-qp1N7emhsMVGP5EjtCdJ/UCX0rTmTPgYVBwkelPNfdrTZyFCIO43h3EifRqIvcPO
-6e3Vw4Byb2SiDutH3rH+NXFDVULp2PLVeE8=
+MIICOTCCAcOgAwIBAgIBATANBgkqhkiG9w0BAQsFADAnMSUwIwYDVQQDDBw3Njgg
+cnNhIFRlc3QgaW50ZXJtZWRpYXRlIENBMB4XDTE2MDQyMjIwMjg0MVoXDTI2MDQy
+MDIwMjg0MVowYDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAU
+BgNVBAcMDU1vdW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExEjAQBgNVBAMM
+CTEyNy4wLjAuMTB8MA0GCSqGSIb3DQEBAQUAA2sAMGgCYQC4dIjv+QRrAPyvpcfy
+EA2+Caf3B0qpCG2ZhIRBxMyFGKLCLKuRee0FQufSjLYuGYCyE07764uWWIINAsWa
+D1T11WEEb/KM40i2tsEoQ2AKW677jILKropRtFhYRISS6mMCAwEAAaOBgDB+MAwG
+A1UdEwEB/wQCMAAwHQYDVR0OBBYEFNRXRfZs+t4Viyqh0rErP1zTjvo6MB8GA1Ud
+IwQYMBaAFJ7jp4OwWW+Rn8fVNGFKGrNmx0SgMB0GA1UdJQQWMBQGCCsGAQUFBwMB
+BggrBgEFBQcDAjAPBgNVHREECDAGhwR/AAABMA0GCSqGSIb3DQEBCwUAA2EAxbxk
+n7bG9dboz0Z7vFKua1SXzgWNlIGpy0+NnkVDIgpUio/rlxDPwUQit+jgqNKrHL7r
+uLKxNhBi2KRO2zsc0w6yA640BFTw6i8L6EUdFK+PvlP9nLQyki9K0z5T4cH8
 -----END CERTIFICATE-----
diff --git a/chromium/net/data/ssl/certificates/768-rsa-ee-by-prime256v1-ecdsa-intermediate.pem b/chromium/net/data/ssl/certificates/768-rsa-ee-by-prime256v1-ecdsa-intermediate.pem
index b1b87046c73..f7b3887048b 100644
--- a/chromium/net/data/ssl/certificates/768-rsa-ee-by-prime256v1-ecdsa-intermediate.pem
+++ b/chromium/net/data/ssl/certificates/768-rsa-ee-by-prime256v1-ecdsa-intermediate.pem
@@ -1,42 +1,53 @@
 Certificate:
     Data:
-        Version: 1 (0x0)
+        Version: 3 (0x2)
         Serial Number: 1 (0x1)
     Signature Algorithm: ecdsa-with-SHA256
         Issuer: CN=prime256v1 ecdsa Test intermediate CA
         Validity
-            Not Before: Aug 14 02:47:20 2014 GMT
-            Not After : Aug 11 02:47:20 2024 GMT
+            Not Before: Apr 22 20:28:41 2016 GMT
+            Not After : Apr 20 20:28:41 2026 GMT
         Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (768 bit)
                 Modulus:
-                    00:d9:4a:ff:53:b8:fd:b8:97:11:f5:78:5a:13:eb:
-                    f7:65:1c:ee:13:e1:69:7c:9a:e2:ce:93:84:17:93:
-                    d0:d2:fc:49:e2:8c:0c:53:0a:39:ae:ab:31:b9:52:
-                    c4:35:95:c5:2f:fd:48:ea:6a:b5:cb:04:12:ad:4d:
-                    36:d1:09:43:e8:f3:a7:8f:5d:1e:69:8b:ab:69:13:
-                    53:8d:9f:53:06:a2:77:f4:a6:8d:f8:a1:11:f2:34:
-                    47:f5:14:85:04:fa:65
+                    00:c4:7b:c8:e7:66:93:0b:ef:8d:13:38:7a:cb:2b:
+                    d3:c5:6a:69:06:c6:66:fd:ed:f3:ae:38:ef:4f:81:
+                    84:79:08:93:6d:65:c3:ce:dc:17:23:7c:19:31:ea:
+                    97:ef:54:d7:46:2d:9c:f1:da:94:eb:5b:7b:98:eb:
+                    ed:51:b8:a9:5e:50:6e:d6:2e:48:25:de:5f:26:6b:
+                    dd:a5:a5:99:8c:af:15:a8:db:a7:9e:32:ba:c6:2c:
+                    17:52:59:27:29:67:6d
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                36:C8:ED:4D:53:9C:76:E1:7D:E1:84:A4:DA:DF:AD:6D:68:D0:B3:86
+            X509v3 Authority Key Identifier: 
+                keyid:0D:6B:B6:D7:DD:7F:CD:4E:AD:06:6B:22:E1:11:08:58:10:AB:16:2A
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication, TLS Web Client Authentication
             X509v3 Subject Alternative Name: 
                 IP Address:127.0.0.1
     Signature Algorithm: ecdsa-with-SHA256
-         30:44:02:20:76:92:b0:1c:af:d4:42:7b:9b:2b:24:66:a6:49:
-         99:38:f9:ed:26:94:67:ce:bc:0a:d7:d9:d1:56:c5:c5:82:3d:
-         02:20:06:d2:6e:f5:9a:c8:ed:04:26:22:e3:bb:1b:27:bc:23:
-         1c:ff:ae:ad:f8:7a:98:6f:71:2f:35:08:6f:e5:53:fb
+         30:45:02:20:12:3c:ec:48:76:df:9f:27:f2:73:60:05:9d:c0:
+         24:0d:16:5e:33:43:bb:69:58:4b:c4:1c:0a:7a:e9:44:91:e8:
+         02:21:00:f5:98:73:6a:f3:93:47:a8:89:99:d4:61:41:37:d6:
+         09:e8:4f:a9:e3:72:eb:b4:0a:75:d7:c5:35:5b:8f:90:19
 -----BEGIN CERTIFICATE-----
-MIIBrzCCAVYCAQEwCgYIKoZIzj0EAwIwMDEuMCwGA1UEAwwlcHJpbWUyNTZ2MSBl
-Y2RzYSBUZXN0IGludGVybWVkaWF0ZSBDQTAeFw0xNDA4MTQwMjQ3MjBaFw0yNDA4
-MTEwMjQ3MjBaMGAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYw
-FAYDVQQHDA1Nb3VudGFpbiBWaWV3MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQD
-DAkxMjcuMC4wLjEwfDANBgkqhkiG9w0BAQEFAANrADBoAmEA2Ur/U7j9uJcR9Xha
-E+v3ZRzuE+FpfJrizpOEF5PQ0vxJ4owMUwo5rqsxuVLENZXFL/1I6mq1ywQSrU02
-0QlD6POnj10eaYuraRNTjZ9TBqJ39KaN+KER8jRH9RSFBPplAgMBAAGjEzARMA8G
-A1UdEQQIMAaHBH8AAAEwCgYIKoZIzj0EAwIDRwAwRAIgdpKwHK/UQnubKyRmpkmZ
-OPntJpRnzrwK19nRVsXFgj0CIAbSbvWayO0EJiLjuxsnvCMc/66t+HqYb3EvNQhv
-5VP7
+MIICIzCCAcmgAwIBAgIBATAKBggqhkjOPQQDAjAwMS4wLAYDVQQDDCVwcmltZTI1
+NnYxIGVjZHNhIFRlc3QgaW50ZXJtZWRpYXRlIENBMB4XDTE2MDQyMjIwMjg0MVoX
+DTI2MDQyMDIwMjg0MVowYDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3Ju
+aWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExEjAQ
+BgNVBAMMCTEyNy4wLjAuMTB8MA0GCSqGSIb3DQEBAQUAA2sAMGgCYQDEe8jnZpML
+740TOHrLK9PFamkGxmb97fOuOO9PgYR5CJNtZcPO3BcjfBkx6pfvVNdGLZzx2pTr
+W3uY6+1RuKleUG7WLkgl3l8ma92lpZmMrxWo26eeMrrGLBdSWScpZ20CAwEAAaOB
+gDB+MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFDbI7U1TnHbhfeGEpNrfrW1o0LOG
+MB8GA1UdIwQYMBaAFA1rttfdf81OrQZrIuERCFgQqxYqMB0GA1UdJQQWMBQGCCsG
+AQUFBwMBBggrBgEFBQcDAjAPBgNVHREECDAGhwR/AAABMAoGCCqGSM49BAMCA0gA
+MEUCIBI87Eh2358n8nNgBZ3AJA0WXjNDu2lYS8QcCnrpRJHoAiEA9ZhzavOTR6iJ
+mdRhQTfWCehPqeNy67QKddfFNVuPkBk=
 -----END CERTIFICATE-----
diff --git a/chromium/net/data/ssl/certificates/768-rsa-intermediate.pem b/chromium/net/data/ssl/certificates/768-rsa-intermediate.pem
index 960c2817093..6d4a98c3109 100644
--- a/chromium/net/data/ssl/certificates/768-rsa-intermediate.pem
+++ b/chromium/net/data/ssl/certificates/768-rsa-intermediate.pem
@@ -5,56 +5,56 @@ Certificate:
     Signature Algorithm: sha256WithRSAEncryption
         Issuer: CN=2048 RSA Test Root CA
         Validity
-            Not Before: Aug 14 02:47:20 2014 GMT
-            Not After : Aug 11 02:47:20 2024 GMT
+            Not Before: Apr 22 20:28:41 2016 GMT
+            Not After : Apr 20 20:28:41 2026 GMT
         Subject: CN=768 rsa Test intermediate CA
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (768 bit)
                 Modulus:
-                    00:c5:83:84:fd:2a:0a:93:9f:7d:1b:cc:6a:1f:18:
-                    5a:8c:0f:fc:a0:c2:b6:e6:24:a9:0b:9c:bb:fe:c8:
-                    dc:42:a1:e6:aa:35:f0:dd:59:6e:0e:4b:8a:9e:f0:
-                    b2:ba:64:eb:3d:4d:68:72:fa:80:76:30:d0:7d:f0:
-                    e0:72:51:56:3c:b3:5a:5e:85:9f:03:74:97:8f:d9:
-                    7f:73:1f:e8:d0:b0:88:ca:63:cb:d8:43:9a:d8:fa:
-                    e6:c4:5f:61:d1:76:95
+                    00:c6:10:85:d9:ce:e4:cf:8a:1c:1e:51:62:dc:5e:
+                    f4:0f:7a:25:67:90:e5:45:12:29:55:b0:b7:c0:b0:
+                    1b:37:33:02:5d:17:eb:44:bb:43:23:5f:c9:06:86:
+                    3f:e6:b1:71:76:0b:e1:42:0f:ac:98:e3:12:2a:b4:
+                    15:34:b8:dd:e8:2a:35:3f:62:d0:af:54:b7:e8:e5:
+                    3d:70:f9:fd:61:68:60:52:7b:15:b3:c5:17:75:0c:
+                    a3:bb:df:b7:ca:8e:09
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Subject Key Identifier: 
-                35:4C:BC:B7:37:7B:3F:53:C9:E2:FC:C4:A7:75:DF:7F:C4:F3:94:D2
+                9E:E3:A7:83:B0:59:6F:91:9F:C7:D5:34:61:4A:1A:B3:66:C7:44:A0
             X509v3 Key Usage: critical
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         1c:bd:ad:70:50:7e:a3:36:bf:57:b8:fe:36:d8:77:66:e0:fe:
-         17:0a:d9:47:fd:56:32:f6:b3:e5:8d:fc:56:69:bb:4c:c4:df:
-         31:b2:01:9d:59:b2:03:33:90:22:3c:48:a8:80:8e:f0:32:b4:
-         a5:7a:55:f9:87:8c:38:6e:68:97:5e:1d:b8:f0:22:11:19:45:
-         35:98:65:94:14:7f:ab:be:40:28:4b:78:d5:71:aa:d2:2c:f7:
-         d7:9e:bd:3f:23:fe:0a:4b:cc:38:2d:da:98:1d:89:88:10:2c:
-         ff:23:82:2d:48:ba:aa:61:97:ee:25:70:c9:75:a1:67:6b:68:
-         02:f4:2f:17:80:26:58:f5:a1:5d:d2:ca:84:3f:1e:85:2b:41:
-         15:70:2b:bb:81:04:ea:b2:38:ab:38:7c:7f:4b:97:c8:06:02:
-         02:93:fc:34:ab:23:7e:07:f3:88:cc:e2:6c:b0:13:28:f1:b8:
-         65:ce:de:bc:83:c6:cd:38:70:85:fd:d8:cb:d4:b0:80:26:a7:
-         92:59:5d:0a:36:77:2c:8c:93:ea:ed:d2:18:88:0c:f9:2f:97:
-         ea:31:22:ef:66:bc:61:0b:b3:02:f4:b1:38:1f:48:84:20:c2:
-         0c:95:0e:54:9e:10:b9:fb:fe:3c:71:9a:00:40:7d:c6:22:57:
-         64:4c:26:ea
+         29:62:c0:b7:c7:f2:25:3e:62:fe:ca:3d:46:40:25:ad:df:43:
+         0d:4f:ee:7f:15:e7:ab:12:45:34:8a:e4:32:a7:4a:33:b8:ab:
+         36:06:69:c5:4f:5a:29:05:5f:aa:11:61:16:cd:ba:18:b0:3c:
+         e5:0b:b7:75:07:b0:8d:46:01:19:2f:18:e1:91:f6:94:45:05:
+         8b:ce:18:b1:b0:5b:19:fa:57:f2:ea:24:f7:6e:75:af:2b:4d:
+         7c:c2:d0:2e:46:74:b9:de:fe:4a:b0:dd:29:74:ba:27:c9:45:
+         01:55:65:d4:5b:61:b3:ce:95:8d:7c:73:84:21:50:20:b1:ac:
+         98:0b:d7:c8:61:82:f1:d7:86:6c:cb:da:b4:ef:92:3e:83:90:
+         c4:5e:f3:1a:23:e3:8f:1e:75:d6:58:66:10:05:3c:9b:22:47:
+         01:36:8e:4f:62:19:66:f2:ed:9c:50:f0:28:78:f5:21:ea:b1:
+         6a:d7:7e:d8:24:4e:5e:be:51:3a:8d:1c:b3:d0:97:d0:a6:0a:
+         db:fa:19:0a:b4:ed:bd:22:d0:3f:91:f0:e8:4a:12:82:d1:6d:
+         44:1a:26:ed:2e:aa:af:55:64:c9:bf:d3:0a:81:c2:34:54:5d:
+         32:05:50:50:ea:fe:d8:52:04:5f:08:17:b2:f1:d6:90:87:15:
+         e0:c6:7c:c1
 -----BEGIN CERTIFICATE-----
 MIICXDCCAUSgAwIBAgIBATANBgkqhkiG9w0BAQsFADAgMR4wHAYDVQQDDBUyMDQ4
-IFJTQSBUZXN0IFJvb3QgQ0EwHhcNMTQwODE0MDI0NzIwWhcNMjQwODExMDI0NzIw
+IFJTQSBUZXN0IFJvb3QgQ0EwHhcNMTYwNDIyMjAyODQxWhcNMjYwNDIwMjAyODQx
 WjAnMSUwIwYDVQQDDBw3NjggcnNhIFRlc3QgaW50ZXJtZWRpYXRlIENBMHwwDQYJ
-KoZIhvcNAQEBBQADawAwaAJhAMWDhP0qCpOffRvMah8YWowP/KDCtuYkqQucu/7I
-3EKh5qo18N1Zbg5Lip7wsrpk6z1NaHL6gHYw0H3w4HJRVjyzWl6FnwN0l4/Zf3Mf
-6NCwiMpjy9hDmtj65sRfYdF2lQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0G
-A1UdDgQWBBQ1TLy3N3s/U8ni/MSndd9/xPOU0jAOBgNVHQ8BAf8EBAMCAQYwDQYJ
-KoZIhvcNAQELBQADggEBABy9rXBQfqM2v1e4/jbYd2bg/hcK2Uf9VjL2s+WN/FZp
-u0zE3zGyAZ1ZsgMzkCI8SKiAjvAytKV6VfmHjDhuaJdeHbjwIhEZRTWYZZQUf6u+
-QChLeNVxqtIs99eevT8j/gpLzDgt2pgdiYgQLP8jgi1Iuqphl+4lcMl1oWdraAL0
-LxeAJlj1oV3SyoQ/HoUrQRVwK7uBBOqyOKs4fH9Ll8gGAgKT/DSrI34H84jM4myw
-EyjxuGXO3ryDxs04cIX92MvUsIAmp5JZXQo2dyyMk+rt0hiIDPkvl+oxIu9mvGEL
-swL0sTgfSIQgwgyVDlSeELn7/jxxmgBAfcYiV2RMJuo=
+KoZIhvcNAQEBBQADawAwaAJhAMYQhdnO5M+KHB5RYtxe9A96JWeQ5UUSKVWwt8Cw
+GzczAl0X60S7QyNfyQaGP+axcXYL4UIPrJjjEiq0FTS43egqNT9i0K9Ut+jlPXD5
+/WFoYFJ7FbPFF3UMo7vft8qOCQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0G
+A1UdDgQWBBSe46eDsFlvkZ/H1TRhShqzZsdEoDAOBgNVHQ8BAf8EBAMCAQYwDQYJ
+KoZIhvcNAQELBQADggEBACliwLfH8iU+Yv7KPUZAJa3fQw1P7n8V56sSRTSK5DKn
+SjO4qzYGacVPWikFX6oRYRbNuhiwPOULt3UHsI1GARkvGOGR9pRFBYvOGLGwWxn6
+V/LqJPduda8rTXzC0C5GdLne/kqw3Sl0uifJRQFVZdRbYbPOlY18c4QhUCCxrJgL
+18hhgvHXhmzL2rTvkj6DkMRe8xoj448eddZYZhAFPJsiRwE2jk9iGWby7ZxQ8Ch4
+9SHqsWrXftgkTl6+UTqNHLPQl9CmCtv6GQq07b0i0D+R8OhKEoLRbUQaJu0uqq9V
+ZMm/0wqBwjRUXTIFUFDq/thSBF8IF7Lx1pCHFeDGfME=
 -----END CERTIFICATE-----
diff --git a/chromium/net/data/ssl/certificates/prime256v1-ecdsa-ee-by-1024-rsa-intermediate.pem b/chromium/net/data/ssl/certificates/prime256v1-ecdsa-ee-by-1024-rsa-intermediate.pem
index 6eb582fc77c..728be76d5e8 100644
--- a/chromium/net/data/ssl/certificates/prime256v1-ecdsa-ee-by-1024-rsa-intermediate.pem
+++ b/chromium/net/data/ssl/certificates/prime256v1-ecdsa-ee-by-1024-rsa-intermediate.pem
@@ -1,44 +1,55 @@
 Certificate:
     Data:
-        Version: 1 (0x0)
+        Version: 3 (0x2)
         Serial Number: 4 (0x4)
     Signature Algorithm: sha256WithRSAEncryption
         Issuer: CN=1024 rsa Test intermediate CA
         Validity
-            Not Before: Aug 14 02:47:21 2014 GMT
-            Not After : Aug 11 02:47:21 2024 GMT
+            Not Before: Apr 22 20:28:41 2016 GMT
+            Not After : Apr 20 20:28:41 2026 GMT
         Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
                 Public-Key: (256 bit)
                 pub: 
-                    04:64:08:22:77:98:af:cb:51:76:b6:d5:c2:32:ea:
-                    b2:82:6f:a4:ad:b2:5d:59:69:d7:d3:11:74:5b:e8:
-                    5b:75:c1:6d:32:72:68:4c:63:ad:9f:a8:ce:f1:bb:
-                    8f:9f:c3:ce:75:23:dd:95:6a:3c:13:41:ed:0e:16:
-                    af:1e:c6:09:51
+                    04:ff:00:45:d3:4d:47:ed:e4:11:26:af:71:52:b5:
+                    e5:75:df:a6:54:84:39:14:97:6f:76:af:ef:3f:c3:
+                    77:a5:1f:69:30:b8:7b:ce:ef:fc:89:5e:f4:3f:80:
+                    77:66:35:24:67:16:bc:0f:94:51:99:e4:47:74:d3:
+                    53:5c:df:64:c7
                 ASN1 OID: prime256v1
         X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                2F:C0:D5:37:41:1C:7D:F1:C6:A4:61:44:77:D1:8F:63:EA:00:E2:12
+            X509v3 Authority Key Identifier: 
+                keyid:AB:91:E6:2B:C9:C1:2E:7B:A0:65:F1:D4:8A:CE:03:4D:F4:7A:18:13
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication, TLS Web Client Authentication
             X509v3 Subject Alternative Name: 
                 IP Address:127.0.0.1
     Signature Algorithm: sha256WithRSAEncryption
-         ad:6e:b4:c7:8b:61:65:cb:1c:ec:77:e2:0f:d0:f0:ad:cb:c6:
-         2a:41:04:be:6f:41:36:5b:24:c3:be:2c:83:1f:92:da:44:6f:
-         16:8d:ab:b0:1b:6e:12:95:39:24:52:28:55:79:c5:ea:90:78:
-         54:66:4b:80:ab:af:f4:28:f0:d4:f0:72:dc:39:ee:1f:cf:9d:
-         8d:e1:54:53:62:af:cb:25:e5:97:80:c7:0a:a6:50:31:3b:c3:
-         f1:25:eb:ac:61:0a:f3:41:27:58:81:9b:2a:43:f1:25:0e:cd:
-         ac:28:e6:e2:fc:77:9c:c8:f3:4d:c1:e2:88:20:30:5d:2c:04:
-         a2:db
+         10:cc:07:af:a0:dc:50:d7:9e:27:01:1c:39:69:1b:9b:a6:8e:
+         c6:18:75:4a:30:49:a8:7f:a7:4e:72:6a:e2:ef:72:b1:b2:40:
+         32:11:9d:f0:71:df:64:7e:3d:8c:63:4a:a2:01:f8:4e:e4:15:
+         db:e3:5a:03:cf:d2:10:cf:19:36:e0:cd:2c:c3:56:45:78:86:
+         5f:4e:54:36:fe:94:00:59:d8:8b:6b:6d:02:8f:f4:4b:d4:98:
+         8a:6f:20:4c:5f:b5:72:0c:5f:f4:f8:c4:19:a7:1c:36:de:3b:
+         be:de:ef:2e:4f:96:7a:6a:f4:47:23:7f:cc:c6:8f:27:fe:81:
+         a6:85
 -----BEGIN CERTIFICATE-----
-MIIBxTCCAS4CAQQwDQYJKoZIhvcNAQELBQAwKDEmMCQGA1UEAwwdMTAyNCByc2Eg
-VGVzdCBpbnRlcm1lZGlhdGUgQ0EwHhcNMTQwODE0MDI0NzIxWhcNMjQwODExMDI0
-NzIxWjBgMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UE
-BwwNTW91bnRhaW4gVmlldzEQMA4GA1UECgwHVGVzdCBDQTESMBAGA1UEAwwJMTI3
-LjAuMC4xMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZAgid5ivy1F2ttXCMuqy
-gm+krbJdWWnX0xF0W+hbdcFtMnJoTGOtn6jO8buPn8POdSPdlWo8E0HtDhavHsYJ
-UaMTMBEwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQsFAAOBgQCtbrTHi2Fl
-yxzsd+IP0PCty8YqQQS+b0E2WyTDviyDH5LaRG8WjauwG24SlTkkUihVecXqkHhU
-ZkuAq6/0KPDU8HLcOe4fz52N4VRTYq/LJeWXgMcKplAxO8PxJeusYQrzQSdYgZsq
-Q/ElDs2sKObi/HecyPNNweKIIDBdLASi2w==
+MIICODCCAaGgAwIBAgIBBDANBgkqhkiG9w0BAQsFADAoMSYwJAYDVQQDDB0xMDI0
+IHJzYSBUZXN0IGludGVybWVkaWF0ZSBDQTAeFw0xNjA0MjIyMDI4NDFaFw0yNjA0
+MjAyMDI4NDFaMGAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYw
+FAYDVQQHDA1Nb3VudGFpbiBWaWV3MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQD
+DAkxMjcuMC4wLjEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT/AEXTTUft5BEm
+r3FSteV136ZUhDkUl292r+8/w3elH2kwuHvO7/yJXvQ/gHdmNSRnFrwPlFGZ5Ed0
+01Nc32THo4GAMH4wDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUL8DVN0EcffHGpGFE
+d9GPY+oA4hIwHwYDVR0jBBgwFoAUq5HmK8nBLnugZfHUis4DTfR6GBMwHQYDVR0l
+BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA8GA1UdEQQIMAaHBH8AAAEwDQYJKoZI
+hvcNAQELBQADgYEAEMwHr6DcUNeeJwEcOWkbm6aOxhh1SjBJqH+nTnJq4u9ysbJA
+MhGd8HHfZH49jGNKogH4TuQV2+NaA8/SEM8ZNuDNLMNWRXiGX05UNv6UAFnYi2tt
+Ao/0S9SYim8gTF+1cgxf9PjEGaccNt47vt7vLk+Wemr0RyN/zMaPJ/6BpoU=
 -----END CERTIFICATE-----
diff --git a/chromium/net/data/ssl/certificates/prime256v1-ecdsa-ee-by-2048-rsa-intermediate.pem b/chromium/net/data/ssl/certificates/prime256v1-ecdsa-ee-by-2048-rsa-intermediate.pem
index d5679b1814b..49bbf6085df 100644
--- a/chromium/net/data/ssl/certificates/prime256v1-ecdsa-ee-by-2048-rsa-intermediate.pem
+++ b/chromium/net/data/ssl/certificates/prime256v1-ecdsa-ee-by-2048-rsa-intermediate.pem
@@ -1,54 +1,65 @@
 Certificate:
     Data:
-        Version: 1 (0x0)
+        Version: 3 (0x2)
         Serial Number: 4 (0x4)
     Signature Algorithm: sha256WithRSAEncryption
         Issuer: CN=2048 rsa Test intermediate CA
         Validity
-            Not Before: Aug 14 02:47:21 2014 GMT
-            Not After : Aug 11 02:47:21 2024 GMT
+            Not Before: Apr 22 20:28:41 2016 GMT
+            Not After : Apr 20 20:28:41 2026 GMT
         Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
                 Public-Key: (256 bit)
                 pub: 
-                    04:a4:93:3a:fa:22:dc:0e:41:bb:5b:f8:51:b7:4a:
-                    ea:cd:80:ff:23:61:ff:0a:e3:df:39:12:32:d1:f1:
-                    ee:f6:cb:9b:0f:4b:6d:07:c1:9c:18:6f:c4:76:6d:
-                    f1:9e:7a:95:a4:22:70:d0:9e:03:31:cd:c3:c8:36:
-                    d2:0f:a5:c5:5f
+                    04:36:60:16:6f:f7:3e:5f:1f:63:7e:43:cb:a5:a9:
+                    77:57:77:86:b7:94:b0:83:03:b4:7f:47:25:88:cf:
+                    c3:12:53:85:40:65:49:6e:27:e7:93:0e:f9:88:df:
+                    8c:ac:1c:07:ef:21:c6:5f:8a:83:ad:de:a3:5a:eb:
+                    84:fc:8f:fa:56
                 ASN1 OID: prime256v1
         X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                18:19:4D:A1:C8:87:B6:49:A4:29:F5:DA:95:72:F3:64:41:24:96:C4
+            X509v3 Authority Key Identifier: 
+                keyid:5C:C2:71:76:C1:26:B1:0C:31:73:C8:92:D3:1E:01:12:4B:CC:5A:14
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication, TLS Web Client Authentication
             X509v3 Subject Alternative Name: 
                 IP Address:127.0.0.1
     Signature Algorithm: sha256WithRSAEncryption
-         05:9b:58:98:58:9a:00:b8:e0:fe:92:2f:98:d7:84:ca:d2:75:
-         02:ba:00:12:05:9a:33:ce:10:6d:22:56:5d:3c:ee:3c:0f:e7:
-         02:e0:53:d7:2e:13:9b:20:4e:94:70:ef:79:d4:ad:28:54:3d:
-         a2:0e:bb:1e:a4:86:da:8b:28:07:a9:46:40:86:74:59:bb:99:
-         94:03:9b:b5:27:99:7b:a1:f3:e1:7b:b3:68:d6:ae:c9:7b:dc:
-         c1:f1:2c:14:03:3a:d8:da:7c:48:ab:6b:40:80:1e:a2:f3:b7:
-         ab:df:9c:7a:76:85:ee:1e:5e:be:a7:80:4d:d2:b2:45:f5:79:
-         8c:6b:ab:63:74:4b:f5:8f:85:da:73:32:dc:db:25:97:2c:63:
-         f6:3e:24:ec:47:84:53:48:9b:a8:1e:2e:54:8a:19:32:44:b4:
-         82:37:c6:a0:c9:40:35:75:0b:a2:af:1a:0a:28:0d:50:57:ab:
-         d7:66:37:b6:7b:f2:78:4b:6d:3f:50:4a:1e:7e:ca:89:5c:3b:
-         78:94:b5:f0:e5:ca:4d:10:b9:00:8e:51:43:b3:91:41:eb:f3:
-         1e:be:ac:25:8f:22:82:b2:77:8a:41:2c:6f:ce:92:20:30:c4:
-         d2:9a:86:a1:ae:6a:2a:c2:8f:0f:75:e6:17:cf:c3:5b:34:e1:
-         09:2a:46:66
+         5d:97:40:70:07:0c:8a:2a:f8:5c:10:88:28:7d:a7:1a:db:19:
+         2a:d1:dc:04:09:9e:ca:57:30:80:79:4f:81:d7:05:82:39:97:
+         69:b8:19:7a:55:26:6f:43:d9:74:42:87:b5:1b:7b:d8:48:b1:
+         dd:68:36:a5:2c:04:29:5d:9b:9d:3d:53:98:b1:e9:f4:4d:89:
+         8c:24:1a:24:e6:ca:c3:e3:67:a5:8d:19:b6:9b:52:4a:04:79:
+         db:ad:47:8c:f9:4f:61:6c:7f:ce:0e:50:1c:a9:d6:b2:a2:77:
+         b0:80:e1:f3:d0:a8:8e:e9:20:fa:c5:f5:70:29:3f:a4:0e:f3:
+         07:29:94:93:d7:34:17:a3:17:39:50:e7:d9:7d:6c:f3:2c:a8:
+         0f:87:19:cb:08:13:d8:e1:40:8c:91:95:4d:44:4b:e2:6b:97:
+         74:65:62:fd:53:3b:73:ec:2a:86:f1:05:9e:17:14:60:22:d7:
+         64:3f:f1:ff:1f:8b:7d:8e:b1:37:07:5b:a2:03:e1:18:61:89:
+         3f:38:d2:07:4e:ae:d4:75:22:df:52:58:18:e1:e9:10:a1:8c:
+         76:e3:63:43:96:df:59:74:09:57:54:a7:72:0c:48:d7:52:65:
+         ee:eb:bd:62:80:f7:90:12:91:ec:6b:2c:ea:1e:5c:20:77:96:
+         f8:2b:25:a5
 -----BEGIN CERTIFICATE-----
-MIICRjCCAS4CAQQwDQYJKoZIhvcNAQELBQAwKDEmMCQGA1UEAwwdMjA0OCByc2Eg
-VGVzdCBpbnRlcm1lZGlhdGUgQ0EwHhcNMTQwODE0MDI0NzIxWhcNMjQwODExMDI0
-NzIxWjBgMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UE
-BwwNTW91bnRhaW4gVmlldzEQMA4GA1UECgwHVGVzdCBDQTESMBAGA1UEAwwJMTI3
-LjAuMC4xMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEpJM6+iLcDkG7W/hRt0rq
-zYD/I2H/CuPfORIy0fHu9subD0ttB8GcGG/Edm3xnnqVpCJw0J4DMc3DyDbSD6XF
-X6MTMBEwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQsFAAOCAQEABZtYmFia
-ALjg/pIvmNeEytJ1AroAEgWaM84QbSJWXTzuPA/nAuBT1y4TmyBOlHDvedStKFQ9
-og67HqSG2osoB6lGQIZ0WbuZlAObtSeZe6Hz4XuzaNauyXvcwfEsFAM62Np8SKtr
-QIAeovO3q9+cenaF7h5evqeATdKyRfV5jGurY3RL9Y+F2nMy3Nsllyxj9j4k7EeE
-U0ibqB4uVIoZMkS0gjfGoMlANXULoq8aCigNUFer12Y3tnvyeEttP1BKHn7KiVw7
-eJS18OXKTRC5AI5RQ7ORQevzHr6sJY8igrJ3ikEsb86SIDDE0pqGoa5qKsKPD3Xm
-F8/DWzThCSpGZg==
+MIICuTCCAaGgAwIBAgIBBDANBgkqhkiG9w0BAQsFADAoMSYwJAYDVQQDDB0yMDQ4
+IHJzYSBUZXN0IGludGVybWVkaWF0ZSBDQTAeFw0xNjA0MjIyMDI4NDFaFw0yNjA0
+MjAyMDI4NDFaMGAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYw
+FAYDVQQHDA1Nb3VudGFpbiBWaWV3MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQD
+DAkxMjcuMC4wLjEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ2YBZv9z5fH2N+
+Q8ulqXdXd4a3lLCDA7R/RyWIz8MSU4VAZUluJ+eTDvmI34ysHAfvIcZfioOt3qNa
+64T8j/pWo4GAMH4wDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUGBlNociHtkmkKfXa
+lXLzZEEklsQwHwYDVR0jBBgwFoAUXMJxdsEmsQwxc8iS0x4BEkvMWhQwHQYDVR0l
+BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA8GA1UdEQQIMAaHBH8AAAEwDQYJKoZI
+hvcNAQELBQADggEBAF2XQHAHDIoq+FwQiCh9pxrbGSrR3AQJnspXMIB5T4HXBYI5
+l2m4GXpVJm9D2XRCh7Ube9hIsd1oNqUsBCldm509U5ix6fRNiYwkGiTmysPjZ6WN
+GbabUkoEedutR4z5T2Fsf84OUByp1rKid7CA4fPQqI7pIPrF9XApP6QO8wcplJPX
+NBejFzlQ59l9bPMsqA+HGcsIE9jhQIyRlU1ES+Jrl3RlYv1TO3PsKobxBZ4XFGAi
+12Q/8f8fi32OsTcHW6ID4RhhiT840gdOrtR1It9SWBjh6RChjHbjY0OW31l0CVdU
+p3IMSNdSZe7rvWKA95ASkexrLOoeXCB3lvgrJaU=
 -----END CERTIFICATE-----
diff --git a/chromium/net/data/ssl/certificates/prime256v1-ecdsa-ee-by-768-rsa-intermediate.pem b/chromium/net/data/ssl/certificates/prime256v1-ecdsa-ee-by-768-rsa-intermediate.pem
index 5b44bdd7e5f..65b81e5c873 100644
--- a/chromium/net/data/ssl/certificates/prime256v1-ecdsa-ee-by-768-rsa-intermediate.pem
+++ b/chromium/net/data/ssl/certificates/prime256v1-ecdsa-ee-by-768-rsa-intermediate.pem
@@ -1,41 +1,53 @@
 Certificate:
     Data:
-        Version: 1 (0x0)
+        Version: 3 (0x2)
         Serial Number: 4 (0x4)
     Signature Algorithm: sha256WithRSAEncryption
         Issuer: CN=768 rsa Test intermediate CA
         Validity
-            Not Before: Aug 14 02:47:21 2014 GMT
-            Not After : Aug 11 02:47:21 2024 GMT
+            Not Before: Apr 22 20:28:41 2016 GMT
+            Not After : Apr 20 20:28:41 2026 GMT
         Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
                 Public-Key: (256 bit)
                 pub: 
-                    04:de:e0:79:54:e0:82:bc:3c:b0:63:fc:6e:d4:c8:
-                    7e:9b:b8:0c:77:16:7d:cc:cd:25:3a:23:17:b9:6e:
-                    0f:40:62:20:1b:6a:22:d6:b0:b3:17:19:a9:b2:d3:
-                    c3:24:de:ce:4e:24:de:ff:64:6c:6d:c0:8f:fe:e2:
-                    9f:e3:af:65:c0
+                    04:b8:18:a6:f0:2e:2c:00:5c:33:a0:02:29:f4:8e:
+                    97:f8:c7:72:82:79:11:09:11:d5:30:95:7e:29:24:
+                    68:4b:71:90:3d:74:6b:cb:77:cb:ba:fd:5f:86:91:
+                    10:cf:29:28:8f:f1:1c:f6:ac:18:c4:86:ef:15:bb:
+                    fb:dd:6d:c7:d7
                 ASN1 OID: prime256v1
         X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                16:7F:A6:9F:9D:78:A2:C0:63:49:1C:FF:FF:30:57:23:90:C1:99:10
+            X509v3 Authority Key Identifier: 
+                keyid:9E:E3:A7:83:B0:59:6F:91:9F:C7:D5:34:61:4A:1A:B3:66:C7:44:A0
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication, TLS Web Client Authentication
             X509v3 Subject Alternative Name: 
                 IP Address:127.0.0.1
     Signature Algorithm: sha256WithRSAEncryption
-         2f:64:63:5b:3e:21:8c:df:ae:5d:7f:9c:23:b6:29:03:cf:50:
-         6e:66:c2:44:34:5a:e0:a0:6e:8a:37:8a:d3:f1:54:58:55:d9:
-         af:bb:5b:6e:8e:f7:09:dd:cb:a3:01:12:f7:8c:91:a6:b3:13:
-         eb:d4:48:41:ba:c8:fd:a0:57:f5:30:65:3c:ec:3b:20:da:98:
-         a3:de:c9:22:32:ad:26:6b:21:92:5d:65:69:bf:1a:d0:d7:19:
-         7b:df:15:09:e9:8c
+         bc:f2:7a:f2:cb:90:e4:e5:dc:ed:bb:69:e5:24:cd:a9:46:a4:
+         f9:ee:19:d1:73:08:6c:be:cb:90:7f:d1:1e:b8:09:07:83:4a:
+         42:b7:12:11:ea:3e:ab:8b:e4:f7:cd:d9:94:db:c5:01:1b:d4:
+         f5:f9:be:22:b0:39:72:b6:89:6d:99:cc:43:fd:09:bb:00:a5:
+         51:b0:ee:97:94:e9:d2:86:96:e4:52:f7:76:77:d2:40:37:96:
+         38:cd:f3:59:38:54
 -----BEGIN CERTIFICATE-----
-MIIBozCCAS0CAQQwDQYJKoZIhvcNAQELBQAwJzElMCMGA1UEAwwcNzY4IHJzYSBU
-ZXN0IGludGVybWVkaWF0ZSBDQTAeFw0xNDA4MTQwMjQ3MjFaFw0yNDA4MTEwMjQ3
-MjFaMGAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQH
-DA1Nb3VudGFpbiBWaWV3MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQDDAkxMjcu
-MC4wLjEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATe4HlU4IK8PLBj/G7UyH6b
-uAx3Fn3MzSU6Ixe5bg9AYiAbaiLWsLMXGamy08Mk3s5OJN7/ZGxtwI/+4p/jr2XA
-oxMwETAPBgNVHREECDAGhwR/AAABMA0GCSqGSIb3DQEBCwUAA2EAL2RjWz4hjN+u
-XX+cI7YpA89QbmbCRDRa4KBuijeK0/FUWFXZr7tbbo73Cd3LowES94yRprMT69RI
-QbrI/aBX9TBlPOw7INqYo97JIjKtJmshkl1lab8a0NcZe98VCemM
+MIICFjCCAaCgAwIBAgIBBDANBgkqhkiG9w0BAQsFADAnMSUwIwYDVQQDDBw3Njgg
+cnNhIFRlc3QgaW50ZXJtZWRpYXRlIENBMB4XDTE2MDQyMjIwMjg0MVoXDTI2MDQy
+MDIwMjg0MVowYDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAU
+BgNVBAcMDU1vdW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExEjAQBgNVBAMM
+CTEyNy4wLjAuMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLgYpvAuLABcM6AC
+KfSOl/jHcoJ5EQkR1TCVfikkaEtxkD10a8t3y7r9X4aREM8pKI/xHPasGMSG7xW7
++91tx9ejgYAwfjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQWf6afnXiiwGNJHP//
+MFcjkMGZEDAfBgNVHSMEGDAWgBSe46eDsFlvkZ/H1TRhShqzZsdEoDAdBgNVHSUE
+FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG
+9w0BAQsFAANhALzyevLLkOTl3O27aeUkzalGpPnuGdFzCGy+y5B/0R64CQeDSkK3
+EhHqPquL5PfN2ZTbxQEb1PX5viKwOXK2iW2ZzEP9CbsApVGw7peU6dKGluRS93Z3
+0kA3ljjN81k4VA==
 -----END CERTIFICATE-----
diff --git a/chromium/net/data/ssl/certificates/prime256v1-ecdsa-ee-by-prime256v1-ecdsa-intermediate.pem b/chromium/net/data/ssl/certificates/prime256v1-ecdsa-ee-by-prime256v1-ecdsa-intermediate.pem
index 9c5693f9e9d..763bec712b2 100644
--- a/chromium/net/data/ssl/certificates/prime256v1-ecdsa-ee-by-prime256v1-ecdsa-intermediate.pem
+++ b/chromium/net/data/ssl/certificates/prime256v1-ecdsa-ee-by-prime256v1-ecdsa-intermediate.pem
@@ -1,39 +1,50 @@
 Certificate:
     Data:
-        Version: 1 (0x0)
+        Version: 3 (0x2)
         Serial Number: 4 (0x4)
     Signature Algorithm: ecdsa-with-SHA256
         Issuer: CN=prime256v1 ecdsa Test intermediate CA
         Validity
-            Not Before: Aug 14 02:47:21 2014 GMT
-            Not After : Aug 11 02:47:21 2024 GMT
+            Not Before: Apr 22 20:28:41 2016 GMT
+            Not After : Apr 20 20:28:41 2026 GMT
         Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
                 Public-Key: (256 bit)
                 pub: 
-                    04:6e:c9:75:3b:40:ed:dd:be:67:d1:92:e7:6e:b9:
-                    ef:54:fa:69:db:e8:31:72:f8:43:a1:26:ad:a8:58:
-                    32:90:ac:99:63:4f:a3:39:ad:f7:63:0b:2a:e3:1b:
-                    a9:e9:b2:a5:72:6d:e1:bc:ac:72:29:f0:81:26:fb:
-                    b1:06:ba:58:98
+                    04:f5:4f:70:de:c3:d2:11:bb:c8:08:6e:4c:63:d8:
+                    13:80:10:b0:b8:e9:df:9c:fa:d0:f4:e3:61:5e:1e:
+                    1f:fe:65:8e:4b:a9:3f:d4:47:9f:71:e9:89:82:82:
+                    d8:10:63:fa:af:37:5b:3b:d1:da:56:05:da:a2:20:
+                    e1:20:37:c3:c0
                 ASN1 OID: prime256v1
         X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                7E:DD:18:69:14:9C:D6:E5:9C:DD:47:DB:87:60:79:AD:01:07:9A:66
+            X509v3 Authority Key Identifier: 
+                keyid:0D:6B:B6:D7:DD:7F:CD:4E:AD:06:6B:22:E1:11:08:58:10:AB:16:2A
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication, TLS Web Client Authentication
             X509v3 Subject Alternative Name: 
                 IP Address:127.0.0.1
     Signature Algorithm: ecdsa-with-SHA256
-         30:45:02:21:00:a3:7e:7d:c3:f5:a3:78:c3:6b:a9:29:d9:15:
-         73:17:96:69:0d:47:68:b7:0f:5f:38:ef:5e:27:4c:c9:97:0b:
-         e5:02:20:30:02:f8:2a:42:9a:fe:db:ff:cd:b0:d4:28:32:8f:
-         89:7a:5c:7f:a8:d2:25:0c:33:51:0b:02:e3:38:6c:b4:b5
+         30:45:02:20:25:fd:ba:76:81:1b:d3:25:17:82:31:ad:73:72:
+         50:94:ac:e3:69:a6:b1:58:fe:b7:5e:48:ed:23:0d:a2:05:40:
+         02:21:00:d5:0e:02:63:c9:1c:7a:5a:10:13:1e:b8:05:87:71:
+         9c:b5:e2:66:cb:27:c8:17:b3:b1:68:29:c4:5e:b9:ac:5f
 -----BEGIN CERTIFICATE-----
-MIIBjTCCATMCAQQwCgYIKoZIzj0EAwIwMDEuMCwGA1UEAwwlcHJpbWUyNTZ2MSBl
-Y2RzYSBUZXN0IGludGVybWVkaWF0ZSBDQTAeFw0xNDA4MTQwMjQ3MjFaFw0yNDA4
-MTEwMjQ3MjFaMGAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYw
-FAYDVQQHDA1Nb3VudGFpbiBWaWV3MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQD
-DAkxMjcuMC4wLjEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARuyXU7QO3dvmfR
-kuduue9U+mnb6DFy+EOhJq2oWDKQrJljT6M5rfdjCyrjG6npsqVybeG8rHIp8IEm
-+7EGuliYoxMwETAPBgNVHREECDAGhwR/AAABMAoGCCqGSM49BAMCA0gAMEUCIQCj
-fn3D9aN4w2upKdkVcxeWaQ1HaLcPXzjvXidMyZcL5QIgMAL4KkKa/tv/zbDUKDKP
-iXpcf6jSJQwzUQsC4zhstLU=
+MIICADCCAaagAwIBAgIBBDAKBggqhkjOPQQDAjAwMS4wLAYDVQQDDCVwcmltZTI1
+NnYxIGVjZHNhIFRlc3QgaW50ZXJtZWRpYXRlIENBMB4XDTE2MDQyMjIwMjg0MVoX
+DTI2MDQyMDIwMjg0MVowYDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3Ju
+aWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExEjAQ
+BgNVBAMMCTEyNy4wLjAuMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPVPcN7D
+0hG7yAhuTGPYE4AQsLjp35z60PTjYV4eH/5ljkupP9RHn3HpiYKC2BBj+q83WzvR
+2lYF2qIg4SA3w8CjgYAwfjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBR+3RhpFJzW
+5ZzdR9uHYHmtAQeaZjAfBgNVHSMEGDAWgBQNa7bX3X/NTq0GayLhEQhYEKsWKjAd
+BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDwYDVR0RBAgwBocEfwAAATAK
+BggqhkjOPQQDAgNIADBFAiAl/bp2gRvTJReCMa1zclCUrONpprFY/rdeSO0jDaIF
+QAIhANUOAmPJHHpaEBMeuAWHcZy14mbLJ8gXs7FoKcReuaxf
 -----END CERTIFICATE-----
diff --git a/chromium/net/data/ssl/certificates/prime256v1-ecdsa-intermediate.pem b/chromium/net/data/ssl/certificates/prime256v1-ecdsa-intermediate.pem
index 96090862695..79470bef7bf 100644
--- a/chromium/net/data/ssl/certificates/prime256v1-ecdsa-intermediate.pem
+++ b/chromium/net/data/ssl/certificates/prime256v1-ecdsa-intermediate.pem
@@ -5,54 +5,54 @@ Certificate:
     Signature Algorithm: sha256WithRSAEncryption
         Issuer: CN=2048 RSA Test Root CA
         Validity
-            Not Before: Aug 14 02:47:20 2014 GMT
-            Not After : Aug 11 02:47:20 2024 GMT
+            Not Before: Apr 22 20:28:41 2016 GMT
+            Not After : Apr 20 20:28:41 2026 GMT
         Subject: CN=prime256v1 ecdsa Test intermediate CA
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
                 Public-Key: (256 bit)
                 pub: 
-                    04:db:98:07:bc:61:dd:2d:e6:b3:cc:f7:d5:ea:f7:
-                    a1:0d:28:de:f2:7c:26:97:ca:eb:d1:db:a3:1e:c1:
-                    8f:e9:e0:1e:fe:31:bb:aa:4a:5c:85:37:a6:ff:9e:
-                    2e:96:23:22:b8:30:5f:8f:22:ae:b9:8b:6d:4f:bd:
-                    4e:f3:52:12:d4
+                    04:d5:c1:4a:32:95:95:c5:88:fa:01:fa:c5:9e:dc:
+                    e2:99:62:eb:13:e5:35:42:b3:7a:fc:46:c0:fa:29:
+                    12:c8:2d:ea:30:0f:d2:9a:47:97:2c:7e:89:e6:ef:
+                    49:55:06:c9:37:c7:99:56:16:b2:2b:c9:7c:69:8e:
+                    10:7a:dd:1f:42
                 ASN1 OID: prime256v1
         X509v3 extensions:
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Subject Key Identifier: 
-                F9:79:A6:FA:F2:A4:36:A2:35:25:5F:4C:2A:5E:2A:E5:A0:57:59:3C
+                0D:6B:B6:D7:DD:7F:CD:4E:AD:06:6B:22:E1:11:08:58:10:AB:16:2A
             X509v3 Key Usage: critical
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         66:47:20:8e:c7:41:90:12:7d:7d:56:65:4c:b0:16:f2:8b:6b:
-         78:94:e4:91:b4:a9:67:04:9b:e1:40:9a:e1:a2:16:20:e5:16:
-         6e:4a:24:b3:5f:08:a2:a3:59:1a:01:27:a4:1f:b8:a7:e9:ab:
-         16:05:4f:8b:2a:4d:f5:8c:28:c9:5b:66:57:02:79:35:86:e7:
-         f2:ca:67:0b:8a:a6:1e:09:d6:b1:05:33:ec:10:83:27:c8:c1:
-         1f:84:45:8d:b2:31:c2:3f:b3:5d:e7:b2:cb:70:e7:c7:41:1b:
-         f9:59:6a:ac:f7:54:32:26:18:6b:08:c6:c8:26:ab:8f:6a:0a:
-         bf:56:5a:f0:9a:83:d8:30:fa:39:a0:da:81:e5:0a:ad:c0:08:
-         ae:78:9d:38:9b:55:86:06:91:6b:bc:8e:d3:38:e0:86:f5:fa:
-         66:d9:02:ae:b7:72:0e:f8:bf:5f:d2:a3:8d:a2:4c:f9:e9:f1:
-         38:af:29:2c:0b:4c:59:f9:74:f5:4b:23:e0:44:63:98:a7:80:
-         c8:01:44:93:8a:72:71:6e:a2:29:03:cb:84:c4:eb:d3:88:75:
-         e4:24:1f:75:33:74:b6:77:22:d0:c9:35:ac:7f:c7:cb:c7:89:
-         d0:ca:36:d7:ba:de:52:5a:cf:dd:21:3c:dd:49:b5:f5:2f:8d:
-         27:bf:4b:ec
+         58:01:f0:a4:cb:85:85:72:db:7c:15:af:95:9d:b0:8e:a9:1a:
+         43:ef:d3:a8:15:1b:37:2c:c3:5b:9a:b3:c2:24:88:1b:58:7e:
+         9c:9b:3e:8f:02:06:47:35:85:b7:65:8d:25:72:2d:d3:e9:5f:
+         3a:f9:62:b1:af:43:bc:3d:d8:f9:ef:9d:c4:c7:65:96:db:67:
+         20:ef:b7:3d:40:a0:d3:a4:ad:3e:f9:d1:2e:d7:fd:9d:25:72:
+         82:f5:7f:ce:75:f7:86:77:c7:52:6d:c9:10:13:46:04:88:09:
+         cf:1a:f0:f2:e1:9c:2f:d7:c8:17:32:57:8a:5b:78:36:1c:76:
+         31:24:be:3d:29:5b:3e:92:ca:d5:e0:2c:3e:1c:72:a9:b6:f3:
+         a9:28:72:8c:e4:cf:ea:fe:ca:af:21:8a:dc:6f:f9:84:7c:16:
+         34:5b:d8:21:b5:ec:b5:84:dc:b7:ef:41:e8:5b:74:0b:19:c9:
+         d5:e1:ef:f2:05:33:de:92:24:27:9b:70:ad:e2:9d:8e:42:ca:
+         98:30:5f:f4:32:81:aa:11:bb:10:dc:e6:86:f5:6f:75:70:22:
+         62:29:47:84:36:17:e6:ee:ae:e9:7e:86:ae:dc:bf:81:52:7a:
+         30:7e:f9:35:31:11:cb:ec:1c:8e:ed:32:9e:96:32:9f:05:6f:
+         9c:cb:c9:db
 -----BEGIN CERTIFICATE-----
 MIICQjCCASqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADAgMR4wHAYDVQQDDBUyMDQ4
-IFJTQSBUZXN0IFJvb3QgQ0EwHhcNMTQwODE0MDI0NzIwWhcNMjQwODExMDI0NzIw
+IFJTQSBUZXN0IFJvb3QgQ0EwHhcNMTYwNDIyMjAyODQxWhcNMjYwNDIwMjAyODQx
 WjAwMS4wLAYDVQQDDCVwcmltZTI1NnYxIGVjZHNhIFRlc3QgaW50ZXJtZWRpYXRl
-IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE25gHvGHdLeazzPfV6vehDSje
-8nwml8rr0dujHsGP6eAe/jG7qkpchTem/54uliMiuDBfjyKuuYttT71O81IS1KNC
-MEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU+Xmm+vKkNqI1JV9MKl4q5aBX
-WTwwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQBmRyCOx0GQEn19
-VmVMsBbyi2t4lOSRtKlnBJvhQJrhohYg5RZuSiSzXwiio1kaASekH7in6asWBU+L
-Kk31jCjJW2ZXAnk1hufyymcLiqYeCdaxBTPsEIMnyMEfhEWNsjHCP7Nd57LLcOfH
-QRv5WWqs91QyJhhrCMbIJquPagq/VlrwmoPYMPo5oNqB5QqtwAiueJ04m1WGBpFr
-vI7TOOCG9fpm2QKut3IO+L9f0qONokz56fE4ryksC0xZ+XT1SyPgRGOYp4DIAUST
-inJxbqIpA8uExOvTiHXkJB91M3S2dyLQyTWsf8fLx4nQyjbXut5SWs/dITzdSbX1
-L40nv0vs
+IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1cFKMpWVxYj6AfrFntzimWLr
+E+U1QrN6/EbA+ikSyC3qMA/SmkeXLH6J5u9JVQbJN8eZVhayK8l8aY4Qet0fQqNC
+MEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUDWu2191/zU6tBmsi4REIWBCr
+FiowDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQBYAfCky4WFctt8
+Fa+VnbCOqRpD79OoFRs3LMNbmrPCJIgbWH6cmz6PAgZHNYW3ZY0lci3T6V86+WKx
+r0O8Pdj5753Ex2WW22cg77c9QKDTpK0++dEu1/2dJXKC9X/OdfeGd8dSbckQE0YE
+iAnPGvDy4Zwv18gXMleKW3g2HHYxJL49KVs+ksrV4Cw+HHKptvOpKHKM5M/q/sqv
+IYrcb/mEfBY0W9ghtey1hNy370HoW3QLGcnV4e/yBTPekiQnm3Ct4p2OQsqYMF/0
+MoGqEbsQ3OaG9W91cCJiKUeENhfm7q7pfoau3L+BUnowfvk1MRHL7ByO7TKeljKf
+BW+cy8nb
 -----END CERTIFICATE-----
diff --git a/chromium/net/data/ssl/scripts/generate-weak-test-chains.sh b/chromium/net/data/ssl/scripts/generate-weak-test-chains.sh
index 3bf239c5aaa..fb7f6c69dba 100755
--- a/chromium/net/data/ssl/scripts/generate-weak-test-chains.sh
+++ b/chromium/net/data/ssl/scripts/generate-weak-test-chains.sh
@@ -162,6 +162,7 @@ do
       CERT_TYPE=intermediate \
       try openssl ca \
         -batch \
+        -extensions user_cert \
         -in out/$key_type-ee-by-$signer_key_type-intermediate.csr \
         -out out/$key_type-ee-by-$signer_key_type-intermediate.pem \
         -config ca.cnf
diff --git a/chromium/net/data/update_net_gypi.py b/chromium/net/data/update_net_gypi.py
new file mode 100644
index 00000000000..af252b780b8
--- /dev/null
+++ b/chromium/net/data/update_net_gypi.py
@@ -0,0 +1,139 @@
+# Copyright 2016 The Chromium Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+import os
+import re
+import StringIO
+import sys
+
+
+VARIABLE_PATTERN = re.compile("^(?P<indentation>\s*)'(?P<name>[^']*)':\s*\[$")
+EXCLUSION_PATTERN = re.compile("^(?:README|OWNERS|.*\.(pyc?|sh|swp)|.*~)$")
+
+DATA_SOURCES_PATH_FOR_VARIABLES = {
+  "net_test_support_data_sources": [
+    "net/data/ssl/certificates",
+  ],
+  "net_unittests_data_sources": [
+    "net/data/certificate_policies_unittest",
+    "net/data/name_constraints_unittest",
+    "net/data/parse_certificate_unittest",
+    "net/data/parse_ocsp_unittest",
+    "net/data/test.html",
+    "net/data/url_request_unittest",
+    "net/data/verify_certificate_chain_unittest",
+    "net/data/verify_name_match_unittest/names",
+    "net/data/verify_signed_data_unittest",
+    "net/third_party/nist-pkits/certs",
+    "net/third_party/nist-pkits/crls",
+  ],
+}
+
+
+def list_data_sources(root, paths, exclusion):
+  """Returns the list of data source found in |paths|.
+
+  Args:
+    root: string, path to the repository root
+    paths: list of string, paths relative to repository root
+    exclusion: compiled regular expression, filename matching this pattern
+        will be excluded from the result
+  """
+  data_sources = []
+  for path in paths:
+    fullpath = os.path.normpath(os.path.join(root, path))
+    if os.path.isfile(fullpath):
+      if not exclusion.match(os.path.basename(path)):
+        data_sources.append(path)
+      continue
+
+    for dirpath, dirnames, filenames in os.walk(fullpath):
+      for filename in filenames:
+        if not exclusion.match(filename):
+          data_sources.append(os.path.normpath(os.path.join(dirpath, filename)))
+  return data_sources
+
+
+def format_data_sources(name, dir, data_sources, indentation):
+  """Converts |data_sources| to a gyp variable assignment.
+
+  Args:
+    name: string, name of the variable
+    dir: string, path to the directory containing the gyp file
+    data_sources: list of filenames
+    indentation: string
+  """
+  buffer = StringIO.StringIO()
+  buffer.write("%s'%s': [\n" % (indentation, name))
+  for data_source in sorted(data_sources):
+    buffer.write("  %s'%s',\n" % (
+        indentation, os.path.relpath(data_source, dir)))
+  buffer.write("%s],\n" % (indentation,))
+  return buffer.getvalue()
+
+
+def save_file_if_changed(path, content):
+  """Writes |content| to file at |path| if file has changed.
+
+  Args:
+    path: string, path of the file to save
+    content: string, content to write to file
+  """
+  with open(path, "r") as file:
+    old_content = file.read()
+  if content != old_content:
+    with open(path, "w") as file:
+      file.write(content)
+    sys.stdout.write("updated %s, do not forget to run 'git add'\n" % (path,))
+
+
+def edit_file(path, root, data_sources_for_variables):
+  """Updates file at |path| by rewriting variables values.
+
+  Args:
+    path: string, path of the file to edit
+    root: string, path to the repository root
+    data_sources_for_variables: dictionary mapping variable names to
+        the list of data sources to use
+  """
+  dir = os.path.relpath(os.path.dirname(path), root)
+  buffer = StringIO.StringIO()
+  with open(path, "r") as file:
+    indentation = ""
+    current_var = None
+    for line in file:
+      if not current_var:
+        match = VARIABLE_PATTERN.match(line)
+        if not match:
+          buffer.write(line)
+          continue
+        variable = match.group("name")
+        if variable not in data_sources_for_variables:
+          buffer.write(line)
+          continue
+        current_var = variable
+        indentation = match.group("indentation")
+        buffer.write(format_data_sources(
+            variable, dir, data_sources_for_variables[variable], indentation))
+      else:
+        if line == indentation + "],\n":
+          current_var = None
+  save_file_if_changed(path, buffer.getvalue())
+
+
+def main(args):
+  root_dir = os.path.normpath(os.path.join(
+      os.path.dirname(__file__), os.pardir, os.pardir))
+  net_gypi = os.path.normpath(os.path.join(root_dir, "net", "net.gypi"))
+
+  data_sources_for_variables = {}
+  for variable in DATA_SOURCES_PATH_FOR_VARIABLES:
+    data_sources_for_variables[variable] = list_data_sources(
+        root_dir, DATA_SOURCES_PATH_FOR_VARIABLES[variable], EXCLUSION_PATTERN)
+
+  edit_file(net_gypi, root_dir, data_sources_for_variables)
+
+
+if __name__ == "__main__":
+  sys.exit(main(sys.argv[1:]))
diff --git a/chromium/net/data/verify_certificate_chain_unittest/common.py b/chromium/net/data/verify_certificate_chain_unittest/common.py
index c7e98d1981b..5a6c3ec97e0 100755
--- a/chromium/net/data/verify_certificate_chain_unittest/common.py
+++ b/chromium/net/data/verify_certificate_chain_unittest/common.py
@@ -24,14 +24,20 @@ import openssl_conf
 TYPE_CA = 2
 TYPE_END_ENTITY = 3
 
-# January 1st, 2015 midnight UTC
+# March 1st, 2015 12:00 UTC
+MARCH_1_2015_UTC = '150301120000Z'
+
+# March 2nd, 2015 12:00 UTC
+MARCH_2_2015_UTC = '150302120000Z'
+
+# January 1st, 2015 12:00 UTC
 JANUARY_1_2015_UTC = '150101120000Z'
 
-# January 1st, 2016 midnight UTC
+# January 1st, 2016 12:00 UTC
 JANUARY_1_2016_UTC = '160101120000Z'
 
-# March 2nd, 2015 midnight UTC
-DEFAULT_TIME = '150302120000Z'
+# The default time tests should use when verifying.
+DEFAULT_TIME = MARCH_2_2015_UTC
 
 # Counter used to generate unique (but readable) path names.
 g_cur_path_id = 0
diff --git a/chromium/net/data/verify_certificate_chain_unittest/expired-intermediary.pem b/chromium/net/data/verify_certificate_chain_unittest/expired-intermediary.pem
index f0bad527d3e..f3f205429d0 100644
--- a/chromium/net/data/verify_certificate_chain_unittest/expired-intermediary.pem
+++ b/chromium/net/data/verify_certificate_chain_unittest/expired-intermediary.pem
@@ -17,30 +17,30 @@ Certificate:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (2048 bit)
                 Modulus:
-                    00:b4:33:49:77:46:22:00:7b:a3:98:45:15:f7:e4:
-                    40:bc:c7:d1:86:bf:05:3b:c7:57:d7:12:e4:b0:aa:
-                    58:38:e7:bb:2f:1a:54:91:a8:78:39:d1:bd:67:5c:
-                    c6:d5:08:44:d0:98:7e:7f:69:03:2a:5d:cd:f9:51:
-                    13:44:50:62:c4:ca:44:3e:1d:ea:bc:fd:eb:21:57:
-                    e2:cd:85:3d:fe:70:e1:e8:92:c4:5f:68:67:4e:53:
-                    96:6b:02:59:39:31:c9:8b:fe:71:17:b3:b7:14:77:
-                    1b:89:b4:f8:ec:c5:b1:53:dd:42:ca:40:cd:14:c0:
-                    8a:b7:f6:32:72:16:d0:37:72:de:62:9f:49:e5:c3:
-                    2e:22:bc:a0:04:a7:d5:11:56:54:9f:7f:0e:92:f3:
-                    7a:88:bb:74:2e:19:3f:02:9e:69:fa:b4:bd:57:38:
-                    3d:19:99:48:f4:c1:07:57:91:52:db:63:dc:8b:0c:
-                    ca:74:85:1a:cd:f1:8c:3f:b9:9f:61:44:31:f8:86:
-                    ef:c1:ff:31:e7:fb:cd:7a:59:30:b2:8b:9c:5e:71:
-                    41:04:11:96:e4:8a:a7:8e:0e:58:76:ac:0f:1c:eb:
-                    1e:dc:0f:01:4f:ad:4e:29:ba:9b:40:7f:f5:c8:51:
-                    0c:8b:a9:19:01:51:c3:23:71:25:19:be:0c:10:ea:
-                    46:75
+                    00:aa:15:ea:8b:25:e9:de:1a:5f:39:89:dd:71:6d:
+                    30:a6:24:ca:59:9b:63:ab:c2:18:2d:d4:80:ea:63:
+                    71:70:2e:fe:ac:c0:7d:01:b1:35:06:7c:ad:a8:8c:
+                    18:5f:34:16:23:07:78:07:f1:ee:92:08:39:68:1b:
+                    08:53:c0:4e:68:62:01:e3:5e:3f:6f:bf:84:18:06:
+                    a8:59:8d:81:cc:39:71:b9:49:a8:19:2e:44:49:7b:
+                    8c:a6:71:15:2c:2a:3d:69:b9:42:5f:48:3c:1b:37:
+                    c0:c0:fa:11:a8:d2:5a:bc:70:43:e3:b5:04:62:42:
+                    40:bc:5a:8d:f6:bb:27:7a:70:34:9b:dc:a8:12:75:
+                    0d:1b:5c:1e:81:44:41:7f:57:6e:c6:40:78:f6:a6:
+                    5b:98:93:61:4d:e6:dd:bd:49:8f:ba:1e:c5:ac:e9:
+                    3f:b3:d1:c5:c9:dd:db:88:f0:47:5a:fc:fc:ec:b3:
+                    87:2f:7f:f0:e1:a0:69:05:48:21:58:18:4b:79:e9:
+                    de:92:9c:5f:89:79:68:f7:5e:59:58:9c:09:88:5e:
+                    7e:1c:6d:1e:ad:41:4d:f2:b9:9f:ef:9a:9b:57:8e:
+                    ff:35:c3:69:2c:35:eb:30:f0:e4:07:94:09:87:a6:
+                    ef:f4:1b:4b:61:47:64:d1:c9:8b:ba:08:e3:9a:01:
+                    99:43
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Subject Key Identifier: 
-                77:E8:2F:D7:FB:5C:C4:E2:A0:B9:44:4F:B4:A7:15:35:41:B6:C8:C3
+                40:79:FB:A7:C3:78:BA:A4:08:EC:1C:B2:14:21:D9:DD:6A:9E:B5:29
             X509v3 Authority Key Identifier: 
-                keyid:8C:5E:B2:DE:2B:9F:31:B1:26:55:4D:45:E8:E7:23:87:58:5B:83:D1
+                keyid:6D:48:EB:C2:7F:9A:86:86:39:A3:39:79:C1:5B:A7:BD:A9:4E:23:00
 
             Authority Information Access: 
                 CA Issuers - URI:http://url-for-aia/Intermediary.cer
@@ -55,42 +55,42 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         96:9d:3f:9e:85:d1:f5:b1:b8:42:a6:13:92:77:ea:af:0a:3e:
-         f1:2e:73:e5:db:55:e5:08:d9:54:35:67:ed:0c:7a:ec:b4:a6:
-         3b:6e:7b:db:44:82:36:84:65:6e:f0:95:bc:a2:10:f3:73:39:
-         41:ae:3d:2b:dc:de:3f:9b:8a:bc:67:83:75:83:dd:67:b1:96:
-         fc:79:0f:ca:89:73:7f:48:83:55:f5:e5:dd:b3:fd:8d:8c:1c:
-         c1:7f:41:fd:db:ac:59:33:58:0e:01:cb:8d:d9:c0:7d:bd:e0:
-         a1:1e:ce:cb:eb:a1:c8:97:05:4d:4d:28:26:f6:eb:1a:7d:20:
-         3a:d5:a9:9c:12:2d:b4:56:42:ab:fa:4d:f4:50:68:62:e5:94:
-         2c:9c:e7:83:25:db:d7:8b:40:2d:d7:ba:b8:f4:fe:f4:88:76:
-         5d:b9:a0:6d:ee:ba:82:a1:33:42:3a:e4:10:77:30:9b:60:c2:
-         c7:8b:cd:9e:29:00:0c:2d:01:a1:eb:1b:ce:41:6a:c7:91:79:
-         ff:64:f4:fe:2e:20:34:c6:6e:8a:4b:82:be:09:6b:17:94:aa:
-         cb:75:82:3a:b4:03:16:8a:52:4e:3a:92:a3:85:fd:db:a2:e8:
-         e7:a3:8c:bf:85:7e:6b:2d:7a:53:1d:db:49:1e:30:d0:8d:99:
-         06:f8:95:3a
+         5d:d4:68:d4:44:96:48:60:17:d4:88:12:43:df:6b:f0:b3:4c:
+         b2:ab:70:57:bc:d3:98:ae:34:d2:ab:e9:a3:b7:ae:76:9b:49:
+         e5:c5:bd:45:33:6a:19:e2:58:96:c7:49:98:24:0b:c1:57:5e:
+         64:a7:2d:7a:c6:1f:fb:9d:ba:a9:19:6e:25:31:2a:b1:82:41:
+         47:d4:02:47:ba:03:c3:43:d1:6b:05:10:b0:25:30:5c:0c:17:
+         3c:a6:7c:4e:6d:94:35:b4:65:e6:67:32:9a:9b:df:26:fa:c6:
+         f6:f9:c0:47:62:64:a9:95:02:a3:aa:70:82:38:c3:6d:b3:cd:
+         75:37:bd:4e:c5:91:bc:a1:48:7e:47:a1:bb:39:c4:7d:06:ef:
+         dc:c1:28:6b:6e:c6:d5:a3:e1:a0:d5:ec:c3:0a:ae:e5:5b:da:
+         67:14:af:f5:6e:6a:06:72:2e:0d:61:31:31:b7:d4:a4:7b:45:
+         21:50:cb:2d:30:c4:1f:c5:55:5c:e2:50:ce:35:cc:23:35:b0:
+         c2:92:ae:89:16:93:66:94:36:43:ff:30:79:b1:28:4d:6f:d1:
+         01:83:a4:e5:fd:d2:d8:6f:c0:0e:e2:d1:85:e8:56:ea:a7:9a:
+         d3:ec:f6:96:fc:d2:0c:ec:61:78:97:c8:2a:6d:49:67:ac:66:
+         19:37:0a:f1
 -----BEGIN CERTIFICATE-----
 MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl
 cm1lZGlhcnkwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD
-VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0M0l3
-RiIAe6OYRRX35EC8x9GGvwU7x1fXEuSwqlg457svGlSRqHg50b1nXMbVCETQmH5/
-aQMqXc35URNEUGLEykQ+Heq8/eshV+LNhT3+cOHoksRfaGdOU5ZrAlk5McmL/nEX
-s7cUdxuJtPjsxbFT3ULKQM0UwIq39jJyFtA3ct5in0nlwy4ivKAEp9URVlSffw6S
-83qIu3QuGT8Cnmn6tL1XOD0ZmUj0wQdXkVLbY9yLDMp0hRrN8Yw/uZ9hRDH4hu/B
-/zHn+816WTCyi5xecUEEEZbkiqeODlh2rA8c6x7cDwFPrU4puptAf/XIUQyLqRkB
-UcMjcSUZvgwQ6kZ1AgMBAAGjgekwgeYwHQYDVR0OBBYEFHfoL9f7XMTioLlET7Sn
-FTVBtsjDMB8GA1UdIwQYMBaAFIxest4rnzGxJlVNRejnI4dYW4PRMD8GCCsGAQUF
+VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqFeqL
+JeneGl85id1xbTCmJMpZm2Orwhgt1IDqY3FwLv6swH0BsTUGfK2ojBhfNBYjB3gH
+8e6SCDloGwhTwE5oYgHjXj9vv4QYBqhZjYHMOXG5SagZLkRJe4ymcRUsKj1puUJf
+SDwbN8DA+hGo0lq8cEPjtQRiQkC8Wo32uyd6cDSb3KgSdQ0bXB6BREF/V27GQHj2
+pluYk2FN5t29SY+6HsWs6T+z0cXJ3duI8Eda/Pzss4cvf/DhoGkFSCFYGEt56d6S
+nF+JeWj3XllYnAmIXn4cbR6tQU3yuZ/vmptXjv81w2ksNesw8OQHlAmHpu/0G0th
+R2TRyYu6COOaAZlDAgMBAAGjgekwgeYwHQYDVR0OBBYEFEB5+6fDeLqkCOwcshQh
+2d1qnrUpMB8GA1UdIwQYMBaAFG1I68J/moaGOaM5ecFbp72pTiMAMD8GCCsGAQUF
 BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk
 aWFyeS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu
 dGVybWVkaWFyeS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF
-BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAlp0/noXR9bG4QqYTknfq
-rwo+8S5z5dtV5QjZVDVn7Qx67LSmO25720SCNoRlbvCVvKIQ83M5Qa49K9zeP5uK
-vGeDdYPdZ7GW/HkPyolzf0iDVfXl3bP9jYwcwX9B/dusWTNYDgHLjdnAfb3goR7O
-y+uhyJcFTU0oJvbrGn0gOtWpnBIttFZCq/pN9FBoYuWULJzngyXb14tALde6uPT+
-9Ih2Xbmgbe66gqEzQjrkEHcwm2DCx4vNnikADC0BoesbzkFqx5F5/2T0/i4gNMZu
-ikuCvglrF5Sqy3WCOrQDFopSTjqSo4X926Lo56OMv4V+ay16Ux3bSR4w0I2ZBviV
-Og==
+BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAXdRo1ESWSGAX1IgSQ99r
+8LNMsqtwV7zTmK400qvpo7eudptJ5cW9RTNqGeJYlsdJmCQLwVdeZKctesYf+526
+qRluJTEqsYJBR9QCR7oDw0PRawUQsCUwXAwXPKZ8Tm2UNbRl5mcympvfJvrG9vnA
+R2JkqZUCo6pwgjjDbbPNdTe9TsWRvKFIfkehuznEfQbv3MEoa27G1aPhoNXswwqu
+5VvaZxSv9W5qBnIuDWExMbfUpHtFIVDLLTDEH8VVXOJQzjXMIzWwwpKuiRaTZpQ2
+Q/8webEoTW/RAYOk5f3S2G/ADuLRhehW6qea0+z2lvzSDOxheJfIKm1JZ6xmGTcK
+8Q==
 -----END CERTIFICATE-----
 
 Certificate:
@@ -101,36 +101,36 @@ Certificate:
         Issuer: CN=Root
         Validity
             Not Before: Jan  1 12:00:00 2015 GMT
-            Not After : Jan  1 12:00:00 2016 GMT
+            Not After : Mar  1 12:00:00 2015 GMT
         Subject: CN=Intermediary
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (2048 bit)
                 Modulus:
-                    00:ab:a7:65:bb:25:26:49:f5:55:58:4e:25:97:97:
-                    19:be:89:c0:d7:29:77:db:32:59:71:e5:92:4c:6e:
-                    c3:9c:29:73:65:a7:60:ba:a6:59:06:25:28:df:90:
-                    ec:d7:fb:b9:fd:67:f4:0a:e2:2f:9c:e6:0d:77:77:
-                    12:60:e7:57:71:08:ba:87:50:30:a0:5f:d6:02:0c:
-                    9a:64:6c:fb:cf:f7:6b:12:ce:09:98:27:d9:15:46:
-                    00:14:58:63:08:e1:58:7f:98:5d:86:09:6b:59:78:
-                    69:c1:74:5b:6e:a4:fc:b0:d7:64:30:e6:50:7a:3a:
-                    98:fd:48:ed:b9:d3:b2:04:5a:f6:67:c8:50:f2:bb:
-                    2a:49:4c:82:2c:9c:1a:ab:5c:e8:0d:7b:ae:2b:5f:
-                    4f:77:90:4a:c9:63:cd:0f:07:1d:63:23:7f:e6:6b:
-                    16:f8:70:f1:43:ac:4c:e0:72:05:36:0e:3f:62:ed:
-                    71:61:8f:e1:7c:8b:16:7d:9c:99:e1:18:d4:8e:52:
-                    14:07:3b:49:7e:5d:06:ac:6b:34:63:6c:86:c5:8a:
-                    fb:f0:e5:a3:aa:40:4f:35:da:4b:31:c6:a0:7e:49:
-                    c1:47:22:19:5b:2d:c3:07:ac:25:fe:e8:97:4c:e1:
-                    59:59:2c:6b:bd:96:ee:b5:67:ca:03:1d:a7:e1:8e:
-                    19:a3
+                    00:b5:a7:f6:93:6b:28:98:90:c6:36:f3:31:5e:b2:
+                    6d:43:8a:03:c7:8d:9a:04:1a:23:9d:07:ee:5c:47:
+                    26:da:31:7e:96:34:7e:9d:d8:29:ff:56:2c:05:f9:
+                    d9:ff:e9:10:26:9e:53:12:4b:cb:9d:b6:2f:9d:87:
+                    33:9c:91:7e:d4:81:c7:63:cf:3a:52:b7:62:18:bb:
+                    b5:47:c4:ba:80:79:71:30:31:ed:08:e6:c5:85:03:
+                    d1:e7:05:24:bf:8b:24:f0:2d:44:3c:80:eb:da:75:
+                    f5:8f:a7:6e:dc:1c:46:b8:c6:bf:76:7b:20:e6:f5:
+                    3d:0a:c1:32:54:c6:f1:e6:34:6c:18:c6:11:a5:16:
+                    5b:29:24:75:fa:d3:ee:b9:91:56:80:88:df:fe:7f:
+                    6b:fa:07:49:95:46:b0:0e:61:ce:8d:f0:a7:64:d5:
+                    e5:05:7a:c1:9a:6f:e9:e0:44:05:f8:75:ea:d9:64:
+                    c9:20:98:28:11:d0:c4:fe:31:2f:9b:a5:79:42:2c:
+                    ee:95:6b:7c:34:d4:15:5c:f8:68:e9:de:5c:b7:c8:
+                    1c:33:aa:24:3d:29:60:6e:18:e8:c8:cb:6a:a6:ad:
+                    3c:eb:36:0f:1a:81:aa:0b:8a:0e:fd:7b:e5:8b:12:
+                    7b:76:04:56:7e:b7:1d:cf:cf:65:77:03:fe:a2:6d:
+                    02:29
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Subject Key Identifier: 
-                8C:5E:B2:DE:2B:9F:31:B1:26:55:4D:45:E8:E7:23:87:58:5B:83:D1
+                6D:48:EB:C2:7F:9A:86:86:39:A3:39:79:C1:5B:A7:BD:A9:4E:23:00
             X509v3 Authority Key Identifier: 
-                keyid:15:EB:EA:C0:58:73:9E:53:97:FB:86:13:F2:7A:4E:1C:E1:91:7C:C5
+                keyid:7A:B1:AA:9D:A5:49:7E:15:F6:31:BC:33:C7:B6:57:F7:FD:13:5C:CF
 
             Authority Information Access: 
                 CA Issuers - URI:http://url-for-aia/Root.cer
@@ -145,41 +145,41 @@ Certificate:
             X509v3 Basic Constraints: critical
                 CA:TRUE
     Signature Algorithm: sha256WithRSAEncryption
-         0e:32:41:5f:b0:5f:c7:3e:3e:d7:54:43:2c:7d:d5:49:a0:2f:
-         90:d6:70:2e:f4:d6:a7:13:15:83:3b:44:a0:c2:d8:d8:01:0b:
-         b0:37:ec:14:39:e5:85:99:de:80:f6:da:11:b4:31:5a:66:86:
-         f0:e8:ac:ad:d6:ac:4a:eb:49:4f:af:59:cc:c5:ca:e7:09:8c:
-         98:e1:b7:86:c1:46:c3:85:34:7a:89:72:0b:0a:f5:e7:41:ac:
-         6d:9c:78:ff:d6:ba:fc:86:f3:39:b9:77:44:f4:2f:f4:c0:5e:
-         b2:93:01:9e:85:8d:a8:58:dc:cd:77:37:40:28:0c:d7:42:19:
-         f5:bc:a0:e9:ea:f6:a1:42:6a:1f:d3:d6:01:b0:8e:ef:49:97:
-         7a:d5:8b:37:28:96:95:00:dd:4c:6c:05:5a:59:fd:14:bd:69:
-         ae:03:c3:8b:47:ea:8e:48:92:4c:c9:bc:9c:b7:07:bd:e4:5e:
-         6c:d3:e1:51:57:45:b2:79:bf:7e:22:c1:d5:65:a8:50:db:51:
-         13:28:8e:02:2c:d2:19:09:69:16:6d:60:40:23:44:5b:38:4a:
-         a4:a1:61:27:ec:36:95:81:2e:5c:ac:f1:13:39:f5:d0:d5:3a:
-         94:82:8f:c8:41:da:e8:a4:0e:19:a8:6d:19:6c:fb:29:39:74:
-         af:48:01:e2
+         1f:03:06:d7:ad:e1:fb:5a:3f:20:60:5d:d0:db:54:2b:b7:52:
+         1a:67:c1:06:75:a7:48:d0:de:14:02:e2:6b:c6:71:d0:da:41:
+         8e:59:c9:17:8e:c5:1e:27:2e:4a:16:2c:7c:77:1e:d4:1c:14:
+         84:85:22:b2:d4:49:90:ab:c3:86:a6:b5:52:97:53:1e:1f:2e:
+         e4:ff:60:42:53:03:bb:59:e2:7e:f0:59:a6:4e:04:e6:73:3e:
+         d3:2a:c3:ff:1f:69:cd:29:4b:ce:39:aa:93:b9:97:d6:f0:e6:
+         e4:52:ca:30:5f:7f:2d:60:6f:93:20:ec:74:dc:d6:65:0d:5d:
+         bc:49:cd:ee:56:29:4f:34:8f:9f:5d:54:b6:2b:df:7b:33:8b:
+         2a:b8:7d:f4:39:f3:e1:02:95:3f:e4:28:14:73:58:7d:88:2b:
+         e5:1b:e5:0a:9e:eb:b2:e7:7c:bf:e7:1a:70:5f:0f:3d:50:d9:
+         8c:ea:4b:0a:e9:03:8e:5b:84:68:af:5f:72:6d:96:62:b3:90:
+         de:f7:be:8d:95:cb:59:5e:d8:7b:41:3e:32:3a:76:a6:01:45:
+         54:9c:d5:98:78:f0:f7:bf:6b:00:4f:0e:c6:05:8b:0f:64:6a:
+         ca:0d:fc:ff:db:08:d4:20:11:5e:2b:70:59:bb:5d:46:da:07:
+         94:12:e6:c7
 -----BEGIN CERTIFICATE-----
 MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
-MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50
-ZXJtZWRpYXJ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6dluyUm
-SfVVWE4ll5cZvonA1yl32zJZceWSTG7DnClzZadguqZZBiUo35Ds1/u5/Wf0CuIv
-nOYNd3cSYOdXcQi6h1AwoF/WAgyaZGz7z/drEs4JmCfZFUYAFFhjCOFYf5hdhglr
-WXhpwXRbbqT8sNdkMOZQejqY/UjtudOyBFr2Z8hQ8rsqSUyCLJwaq1zoDXuuK19P
-d5BKyWPNDwcdYyN/5msW+HDxQ6xM4HIFNg4/Yu1xYY/hfIsWfZyZ4RjUjlIUBztJ
-fl0GrGs0Y2yGxYr78OWjqkBPNdpLMcagfknBRyIZWy3DB6wl/uiXTOFZWSxrvZbu
-tWfKAx2n4Y4ZowIDAQABo4HLMIHIMB0GA1UdDgQWBBSMXrLeK58xsSZVTUXo5yOH
-WFuD0TAfBgNVHSMEGDAWgBQV6+rAWHOeU5f7hhPyek4c4ZF8xTA3BggrBgEFBQcB
+MB4XDTE1MDEwMTEyMDAwMFoXDTE1MDMwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50
+ZXJtZWRpYXJ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtaf2k2so
+mJDGNvMxXrJtQ4oDx42aBBojnQfuXEcm2jF+ljR+ndgp/1YsBfnZ/+kQJp5TEkvL
+nbYvnYcznJF+1IHHY886UrdiGLu1R8S6gHlxMDHtCObFhQPR5wUkv4sk8C1EPIDr
+2nX1j6du3BxGuMa/dnsg5vU9CsEyVMbx5jRsGMYRpRZbKSR1+tPuuZFWgIjf/n9r
++gdJlUawDmHOjfCnZNXlBXrBmm/p4EQF+HXq2WTJIJgoEdDE/jEvm6V5QizulWt8
+NNQVXPho6d5ct8gcM6okPSlgbhjoyMtqpq086zYPGoGqC4oO/XvlixJ7dgRWfrcd
+z89ldwP+om0CKQIDAQABo4HLMIHIMB0GA1UdDgQWBBRtSOvCf5qGhjmjOXnBW6e9
+qU4jADAfBgNVHSMEGDAWgBR6saqdpUl+FfYxvDPHtlf3/RNczzA3BggrBgEFBQcB
 AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs
 BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD
 VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB
-AA4yQV+wX8c+PtdUQyx91UmgL5DWcC701qcTFYM7RKDC2NgBC7A37BQ55YWZ3oD2
-2hG0MVpmhvDorK3WrErrSU+vWczFyucJjJjht4bBRsOFNHqJcgsK9edBrG2ceP/W
-uvyG8zm5d0T0L/TAXrKTAZ6FjahY3M13N0AoDNdCGfW8oOnq9qFCah/T1gGwju9J
-l3rVizcolpUA3UxsBVpZ/RS9aa4Dw4tH6o5IkkzJvJy3B73kXmzT4VFXRbJ5v34i
-wdVlqFDbURMojgIs0hkJaRZtYEAjRFs4SqShYSfsNpWBLlys8RM59dDVOpSCj8hB
-2uikDhmobRls+yk5dK9IAeI=
+AB8DBtet4ftaPyBgXdDbVCu3UhpnwQZ1p0jQ3hQC4mvGcdDaQY5ZyReOxR4nLkoW
+LHx3HtQcFISFIrLUSZCrw4amtVKXUx4fLuT/YEJTA7tZ4n7wWaZOBOZzPtMqw/8f
+ac0pS845qpO5l9bw5uRSyjBffy1gb5Mg7HTc1mUNXbxJze5WKU80j59dVLYr33sz
+iyq4ffQ58+EClT/kKBRzWH2IK+Ub5Qqe67LnfL/nGnBfDz1Q2YzqSwrpA45bhGiv
+X3JtlmKzkN73vo2Vy1le2HtBPjI6dqYBRVSc1Zh48Pe/awBPDsYFiw9kasoN/P/b
+CNQgEV4rcFm7XUbaB5QS5sc=
 -----END CERTIFICATE-----
 
 Certificate:
@@ -196,30 +196,30 @@ Certificate:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (2048 bit)
                 Modulus:
-                    00:ca:63:ce:f6:f5:87:1c:17:7d:20:6c:eb:25:52:
-                    83:6a:00:1b:c4:76:25:c4:5e:e0:0e:eb:dc:c2:86:
-                    9f:84:9a:b2:da:cd:05:7f:5b:ad:e0:11:3a:f9:c5:
-                    a9:97:96:77:9c:4a:3c:3d:e8:c2:fe:f0:e5:f4:1f:
-                    c2:bd:cb:33:89:fa:a0:61:c2:85:c1:ea:8b:ec:97:
-                    f4:5d:dc:cf:bd:45:c8:5d:a9:0d:8e:7a:b0:53:67:
-                    8b:37:bd:67:20:f0:e3:fd:20:5d:7e:e8:df:90:ba:
-                    0a:59:b3:08:fb:42:45:ae:83:89:b8:50:93:09:66:
-                    ac:a3:7a:fe:b3:ee:ad:0c:fd:c3:a0:ab:3b:1a:49:
-                    4f:bb:2e:8a:0a:61:ae:99:40:15:79:9a:63:a9:f3:
-                    e0:50:98:eb:11:7d:06:56:85:43:50:8d:9c:1f:a5:
-                    c3:6e:17:6b:f3:07:3a:8a:ce:c2:4f:71:84:eb:c3:
-                    ca:91:1c:71:96:57:14:93:15:f7:93:b6:39:4e:9e:
-                    99:8e:2b:e0:47:ad:86:ff:d4:7f:a4:b1:5b:3f:08:
-                    03:84:95:8f:2a:ff:0c:33:22:28:3e:e8:12:53:5d:
-                    10:3b:86:24:61:1b:85:a8:97:ad:b1:2f:d2:a0:5a:
-                    5f:51:49:7c:ab:4f:4b:4a:43:da:2f:4a:46:6a:c9:
-                    12:d5
+                    00:ea:ec:57:02:47:92:bc:08:b2:1a:2b:0d:03:36:
+                    e3:2c:b0:4a:52:00:ed:12:f6:5d:39:61:ba:1c:fc:
+                    06:9c:11:13:b6:97:b1:ae:bc:66:4c:8a:05:03:29:
+                    4c:8a:59:cb:27:86:96:98:ce:5c:35:17:74:ba:ad:
+                    1f:14:00:2c:84:cf:cf:2c:fa:5e:a4:70:e5:66:e1:
+                    28:79:be:5a:39:42:ad:a5:bb:66:ca:f2:59:d2:cc:
+                    22:30:c7:bd:aa:19:e2:ed:be:4f:67:05:26:71:a1:
+                    39:96:52:e1:42:cf:fe:83:d2:87:00:e2:96:7b:34:
+                    64:cb:a7:76:ed:cf:79:ca:0f:1d:44:49:9e:7c:0a:
+                    cb:3f:f4:f2:95:1f:07:23:12:75:0c:f7:f4:55:4e:
+                    3c:39:ac:0b:93:a4:33:76:27:82:d7:fa:9e:41:17:
+                    d6:98:e5:c9:a8:0d:40:62:b6:80:36:e7:35:71:6a:
+                    aa:bb:ae:25:0d:12:b1:c7:f2:18:e6:05:3f:43:df:
+                    37:0b:92:30:1c:1f:7c:55:36:01:35:0b:8b:f0:19:
+                    81:39:52:70:c6:e8:51:14:41:ae:e8:90:e0:ce:78:
+                    31:98:8a:ed:0c:c7:24:bb:1a:3f:ef:78:80:0e:35:
+                    19:e2:57:f7:3e:f6:ca:03:c2:f5:46:25:80:32:c7:
+                    44:39
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Subject Key Identifier: 
-                15:EB:EA:C0:58:73:9E:53:97:FB:86:13:F2:7A:4E:1C:E1:91:7C:C5
+                7A:B1:AA:9D:A5:49:7E:15:F6:31:BC:33:C7:B6:57:F7:FD:13:5C:CF
             X509v3 Authority Key Identifier: 
-                keyid:15:EB:EA:C0:58:73:9E:53:97:FB:86:13:F2:7A:4E:1C:E1:91:7C:C5
+                keyid:7A:B1:AA:9D:A5:49:7E:15:F6:31:BC:33:C7:B6:57:F7:FD:13:5C:CF
 
             Authority Information Access: 
                 CA Issuers - URI:http://url-for-aia/Root.cer
@@ -234,45 +234,45 @@ Certificate:
             X509v3 Basic Constraints: critical
                 CA:TRUE
     Signature Algorithm: sha256WithRSAEncryption
-         35:78:42:b8:84:7a:f4:0a:9d:ab:2f:a2:95:a7:6a:f5:14:ee:
-         b7:5a:f4:36:43:22:ef:f7:39:c4:85:ff:eb:e4:24:47:c2:04:
-         ac:af:25:a5:04:68:64:a3:41:23:fe:a6:99:d2:2a:95:51:60:
-         2a:97:31:31:01:a0:83:2c:d8:fe:81:5f:dc:2d:3f:5a:5c:6f:
-         2f:df:43:57:61:35:a2:e3:d9:56:f0:26:7d:74:15:3f:24:07:
-         1a:cd:49:d9:d0:2f:94:5b:d8:ae:da:f4:93:fa:7a:34:25:20:
-         a1:d0:ef:d2:1e:c3:eb:b5:63:49:c6:4c:a1:2f:11:d6:5b:88:
-         a8:89:b0:e6:22:92:3f:d2:a9:26:ad:32:85:e4:98:14:3c:9e:
-         4d:9e:49:62:f9:88:25:bd:e0:0d:72:d0:dc:cc:55:b7:bc:38:
-         58:70:6b:cb:e0:ce:6b:1a:f8:3a:b6:33:0f:21:0d:d1:80:e1:
-         5f:2a:ca:b0:29:e0:e0:17:af:4a:39:bb:cc:29:97:30:08:64:
-         26:d9:ba:0b:1f:17:a3:41:e3:0f:a2:d1:cd:21:a1:4e:40:ee:
-         3d:c3:20:4a:6d:c4:35:3c:10:f1:f8:76:f8:04:da:7f:17:22:
-         6a:de:fe:59:24:04:06:e8:57:f1:6b:f8:4d:63:17:c3:0e:dc:
-         3b:26:f3:e2
+         a2:db:fb:36:6b:24:df:02:28:0c:ba:9d:88:82:7b:e7:e0:87:
+         58:75:70:78:40:3d:f6:53:b9:57:0f:a3:01:b6:aa:3e:80:34:
+         2f:b5:dc:9b:30:3e:43:44:79:70:22:48:0a:33:28:87:6d:09:
+         90:92:d8:41:d5:ca:18:72:ba:65:5d:cb:b2:25:50:1c:07:f7:
+         b7:b7:23:93:2c:da:61:b4:c8:15:66:17:17:b4:d3:a8:4a:cd:
+         b6:01:bf:4c:e5:84:5d:b2:fb:fe:24:98:44:e8:84:16:6b:f4:
+         04:f9:88:50:ec:42:1c:31:4b:87:1b:67:76:63:01:8f:46:0b:
+         66:1b:59:a6:83:43:ed:33:4f:f8:74:74:2e:fe:8d:2c:f4:55:
+         9f:c5:f9:c1:eb:44:9b:5b:aa:bd:98:5e:36:87:0f:c8:8e:f3:
+         f7:e3:ef:08:72:a8:f6:d0:f9:86:fa:58:1e:fb:73:43:b0:ba:
+         f9:8d:b0:f5:29:da:64:be:d8:e2:94:88:75:25:54:ce:e6:4d:
+         80:33:be:bc:c0:7e:76:fc:65:2e:dc:74:d7:86:64:08:47:f0:
+         6c:a1:dc:ae:69:2e:71:23:56:eb:a0:6c:f6:2a:15:2c:a7:a5:
+         05:92:68:56:16:07:cd:82:62:02:e8:77:1f:0f:85:31:02:0c:
+         c0:9a:56:cd
 -----BEGIN TRUSTED_CERTIFICATE-----
 MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v
-dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMpjzvb1hxwXfSBs6yVS
-g2oAG8R2JcRe4A7r3MKGn4SastrNBX9breAROvnFqZeWd5xKPD3owv7w5fQfwr3L
-M4n6oGHChcHqi+yX9F3cz71FyF2pDY56sFNnize9ZyDw4/0gXX7o35C6ClmzCPtC
-Ra6DibhQkwlmrKN6/rPurQz9w6CrOxpJT7suigphrplAFXmaY6nz4FCY6xF9BlaF
-Q1CNnB+lw24Xa/MHOorOwk9xhOvDypEccZZXFJMV95O2OU6emY4r4Eethv/Uf6Sx
-Wz8IA4SVjyr/DDMiKD7oElNdEDuGJGEbhaiXrbEv0qBaX1FJfKtPS0pD2i9KRmrJ
-EtUCAwEAAaOByzCByDAdBgNVHQ4EFgQUFevqwFhznlOX+4YT8npOHOGRfMUwHwYD
-VR0jBBgwFoAUFevqwFhznlOX+4YT8npOHOGRfMUwNwYIKwYBBQUHAQEEKzApMCcG
+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOrsVwJHkrwIshorDQM2
+4yywSlIA7RL2XTlhuhz8BpwRE7aXsa68ZkyKBQMpTIpZyyeGlpjOXDUXdLqtHxQA
+LITPzyz6XqRw5WbhKHm+WjlCraW7ZsryWdLMIjDHvaoZ4u2+T2cFJnGhOZZS4ULP
+/oPShwDilns0ZMundu3PecoPHURJnnwKyz/08pUfByMSdQz39FVOPDmsC5OkM3Yn
+gtf6nkEX1pjlyagNQGK2gDbnNXFqqruuJQ0SscfyGOYFP0PfNwuSMBwffFU2ATUL
+i/AZgTlScMboURRBruiQ4M54MZiK7QzHJLsaP+94gA41GeJX9z72ygPC9UYlgDLH
+RDkCAwEAAaOByzCByDAdBgNVHQ4EFgQUerGqnaVJfhX2Mbwzx7ZX9/0TXM8wHwYD
+VR0jBBgwFoAUerGqnaVJfhX2Mbwzx7ZX9/0TXM8wNwYIKwYBBQUHAQEEKzApMCcG
 CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw
 IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE
-AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA1eEK4hHr0
-Cp2rL6KVp2r1FO63WvQ2QyLv9znEhf/r5CRHwgSsryWlBGhko0Ej/qaZ0iqVUWAq
-lzExAaCDLNj+gV/cLT9aXG8v30NXYTWi49lW8CZ9dBU/JAcazUnZ0C+UW9iu2vST
-+no0JSCh0O/SHsPrtWNJxkyhLxHWW4ioibDmIpI/0qkmrTKF5JgUPJ5Nnkli+Ygl
-veANctDczFW3vDhYcGvL4M5rGvg6tjMPIQ3RgOFfKsqwKeDgF69KObvMKZcwCGQm
-2boLHxejQeMPotHNIaFOQO49wyBKbcQ1PBDx+Hb4BNp/FyJq3v5ZJAQG6Ffxa/hN
-YxfDDtw7JvPi
+AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCi2/s2ayTf
+AigMup2Ignvn4IdYdXB4QD32U7lXD6MBtqo+gDQvtdybMD5DRHlwIkgKMyiHbQmQ
+kthB1coYcrplXcuyJVAcB/e3tyOTLNphtMgVZhcXtNOoSs22Ab9M5YRdsvv+JJhE
+6IQWa/QE+YhQ7EIcMUuHG2d2YwGPRgtmG1mmg0PtM0/4dHQu/o0s9FWfxfnB60Sb
+W6q9mF42hw/IjvP34+8Icqj20PmG+lge+3NDsLr5jbD1KdpkvtjilIh1JVTO5k2A
+M768wH52/GUu3HTXhmQIR/BsodyuaS5xI1broGz2KhUsp6UFkmhWFgfNgmIC6Hcf
+D4UxAgzAmlbN
 -----END TRUSTED_CERTIFICATE-----
 
 -----BEGIN TIME-----
-MTYwMzAyMTIwMDAwWg==
+MTUwMzAyMTIwMDAwWg==
 -----END TIME-----
 
 -----BEGIN VERIFY_RESULT-----
diff --git a/chromium/net/data/verify_certificate_chain_unittest/expired-root.pem b/chromium/net/data/verify_certificate_chain_unittest/expired-root.pem
new file mode 100644
index 00000000000..5e9ffcf751b
--- /dev/null
+++ b/chromium/net/data/verify_certificate_chain_unittest/expired-root.pem
@@ -0,0 +1,280 @@
+[Created by: generate-expired-root.py]
+
+Certificate chain with 1 intermediary, where the root certificate is expired
+(violates validity.notAfter). Verification is expected to fail.
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=Intermediary
+        Validity
+            Not Before: Jan  1 12:00:00 2015 GMT
+            Not After : Jan  1 12:00:00 2016 GMT
+        Subject: CN=Target
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:c2:5a:d7:49:58:e0:e3:06:4c:d0:8d:83:ad:7a:
+                    ff:86:7c:0e:00:26:64:44:8a:cb:38:bd:95:8e:b1:
+                    7f:7c:48:7f:02:ef:7d:f9:b4:76:76:eb:5a:1d:71:
+                    99:3a:c8:66:1a:c8:fb:24:d3:e8:9c:af:3b:5c:b5:
+                    10:f0:32:7c:46:87:9a:3f:f6:57:6a:45:5c:18:6e:
+                    92:54:54:16:4e:17:79:1c:a1:05:7c:21:3c:dc:89:
+                    23:5d:aa:f9:1e:a1:8c:9b:9f:d7:a0:f3:c3:23:f0:
+                    f4:b5:12:ac:d3:57:cb:bb:f9:8e:0d:d8:e9:d5:bd:
+                    71:2b:3e:38:d1:fe:f0:17:cb:f0:ce:23:8f:8a:ee:
+                    56:4d:94:18:31:c3:1d:74:07:57:a4:f7:07:e8:b3:
+                    a4:60:53:38:96:83:f7:59:cf:03:f9:38:3c:35:87:
+                    6a:71:92:8a:1b:4f:7e:f0:49:76:ba:65:42:87:fe:
+                    b2:21:e1:17:d6:98:50:36:5a:7f:fe:8d:f6:bf:ab:
+                    46:63:fc:57:e8:57:c5:90:9b:27:07:30:fa:26:1d:
+                    13:eb:f2:e1:b0:99:f9:55:39:76:0f:ca:a4:31:85:
+                    c6:62:df:53:cd:3e:df:bf:83:1d:a9:07:b1:a2:8a:
+                    be:43:f2:05:1e:f9:ca:28:2e:81:39:fa:2c:74:c5:
+                    7c:b1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                14:B3:FA:87:AB:1D:54:2D:2B:B8:C4:5D:33:57:C5:52:F4:15:B8:20
+            X509v3 Authority Key Identifier: 
+                keyid:ED:CC:99:FA:9D:D2:85:7E:0E:02:42:8E:72:48:C3:F4:29:4B:95:D2
+
+            Authority Information Access: 
+                CA Issuers - URI:http://url-for-aia/Intermediary.cer
+
+            X509v3 CRL Distribution Points: 
+
+                Full Name:
+                  URI:http://url-for-crl/Intermediary.crl
+
+            X509v3 Key Usage: critical
+                Digital Signature, Key Encipherment
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication, TLS Web Client Authentication
+    Signature Algorithm: sha256WithRSAEncryption
+         42:13:4f:10:c0:69:c9:ad:88:94:2d:df:24:e6:47:6c:d3:07:
+         33:75:77:ba:c8:40:f4:28:1f:7a:0a:49:14:93:5f:d7:6e:91:
+         49:22:a3:cb:f0:52:f9:d6:22:90:ef:62:79:3d:cc:e5:2f:d0:
+         c9:c3:0e:b0:54:06:6c:31:7e:f3:9e:48:be:02:c8:f3:60:cb:
+         d7:5b:65:f6:82:41:fa:b4:19:34:e2:82:9c:0a:02:ee:ec:2a:
+         53:6d:25:49:19:9a:ce:1a:6c:c4:49:e2:3b:08:fb:6f:05:00:
+         65:d6:64:29:a9:c5:9f:83:27:af:49:a8:b8:14:de:e0:43:c6:
+         b4:c2:ad:49:55:d5:58:42:50:cb:20:54:df:1e:9b:0a:9d:d3:
+         a0:85:4d:a2:5c:cb:07:24:1c:f0:91:d2:89:54:d1:69:7a:68:
+         05:6a:3c:80:00:e5:7d:6d:9a:0b:37:0d:d0:6b:5e:61:d4:04:
+         37:73:41:ae:48:10:0a:3b:b1:d4:67:31:19:19:43:d2:22:f4:
+         29:72:cd:8d:97:5b:f8:11:09:5b:32:07:56:fb:f4:d7:66:cc:
+         72:e4:db:f6:1d:53:70:0e:bf:4c:c2:0f:61:07:a9:f3:1d:5f:
+         03:f9:1e:9c:96:f6:49:1a:b8:51:1d:16:22:1a:f5:2b:ac:da:
+         ce:5a:a6:38
+-----BEGIN CERTIFICATE-----
+MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl
+cm1lZGlhcnkwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD
+VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCWtdJ
+WODjBkzQjYOtev+GfA4AJmREiss4vZWOsX98SH8C7335tHZ261odcZk6yGYayPsk
+0+icrztctRDwMnxGh5o/9ldqRVwYbpJUVBZOF3kcoQV8ITzciSNdqvkeoYybn9eg
+88Mj8PS1EqzTV8u7+Y4N2OnVvXErPjjR/vAXy/DOI4+K7lZNlBgxwx10B1ek9wfo
+s6RgUziWg/dZzwP5ODw1h2pxkoobT37wSXa6ZUKH/rIh4RfWmFA2Wn/+jfa/q0Zj
+/FfoV8WQmycHMPomHRPr8uGwmflVOXYPyqQxhcZi31PNPt+/gx2pB7Giir5D8gUe
++cooLoE5+ix0xXyxAgMBAAGjgekwgeYwHQYDVR0OBBYEFBSz+oerHVQtK7jEXTNX
+xVL0FbggMB8GA1UdIwQYMBaAFO3Mmfqd0oV+DgJCjnJIw/QpS5XSMD8GCCsGAQUF
+BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk
+aWFyeS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu
+dGVybWVkaWFyeS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF
+BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAQhNPEMBpya2IlC3fJOZH
+bNMHM3V3ushA9CgfegpJFJNf126RSSKjy/BS+dYikO9ieT3M5S/QycMOsFQGbDF+
+855IvgLI82DL11tl9oJB+rQZNOKCnAoC7uwqU20lSRmazhpsxEniOwj7bwUAZdZk
+KanFn4Mnr0mouBTe4EPGtMKtSVXVWEJQyyBU3x6bCp3ToIVNolzLByQc8JHSiVTR
+aXpoBWo8gADlfW2aCzcN0GteYdQEN3NBrkgQCjux1GcxGRlD0iL0KXLNjZdb+BEJ
+WzIHVvv012bMcuTb9h1TcA6/TMIPYQep8x1fA/kenJb2SRq4UR0WIhr1K6zazlqm
+OA==
+-----END CERTIFICATE-----
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=Root
+        Validity
+            Not Before: Jan  1 12:00:00 2015 GMT
+            Not After : Jan  1 12:00:00 2016 GMT
+        Subject: CN=Intermediary
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:b0:4e:34:a2:37:40:52:cd:58:5e:d8:18:40:f2:
+                    23:9e:a8:78:10:18:db:5b:87:a3:e2:e3:c8:a5:50:
+                    b7:c3:1c:fa:e5:77:7f:93:b3:44:2a:90:60:39:81:
+                    a4:c4:63:e0:3d:8a:d8:36:c8:5d:df:04:01:c1:f1:
+                    b5:65:12:3d:f5:22:f9:f5:ff:c5:60:2a:48:39:90:
+                    69:df:08:9f:bc:07:6c:c6:ab:3f:e4:2d:05:b5:b3:
+                    11:9e:4d:5a:8d:3c:64:3f:1e:7d:df:05:1c:e2:e4:
+                    b7:d9:42:36:cb:86:df:53:2a:ea:51:2b:53:f8:3a:
+                    07:5a:08:8b:df:fb:9d:2f:1f:94:a9:fb:07:93:87:
+                    20:ee:e6:ae:d9:a5:2e:1a:eb:d9:67:0e:ce:8f:7e:
+                    0b:be:3a:ca:b2:9c:40:38:54:5c:35:99:ac:07:12:
+                    3e:00:a3:39:07:76:e1:fa:df:7b:81:59:0b:a3:8e:
+                    4e:42:b7:1e:09:04:e2:0c:ea:eb:d5:c0:da:dd:6f:
+                    f0:6e:6a:34:2a:38:ae:4f:b4:f3:4f:06:17:c3:83:
+                    0a:66:e8:c6:8a:54:71:86:0b:8b:39:3b:73:07:d2:
+                    0b:dc:4c:86:79:da:86:44:25:3d:dc:f1:38:eb:22:
+                    ce:92:df:8b:9b:ff:47:eb:7a:28:0a:91:cd:ba:30:
+                    77:7d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                ED:CC:99:FA:9D:D2:85:7E:0E:02:42:8E:72:48:C3:F4:29:4B:95:D2
+            X509v3 Authority Key Identifier: 
+                keyid:62:81:A1:85:84:13:F2:70:79:BD:48:5B:29:88:E0:F1:27:35:41:F7
+
+            Authority Information Access: 
+                CA Issuers - URI:http://url-for-aia/Root.cer
+
+            X509v3 CRL Distribution Points: 
+
+                Full Name:
+                  URI:http://url-for-crl/Root.crl
+
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: sha256WithRSAEncryption
+         02:82:8b:cf:81:89:f2:15:d3:a7:a6:30:c8:2a:c8:32:c5:95:
+         7c:18:60:2e:51:48:c5:26:47:b8:5e:49:17:b4:aa:87:f7:8b:
+         22:73:2a:81:20:1d:1c:54:b7:7b:91:e1:48:40:7a:19:13:05:
+         05:6e:e4:21:75:d7:a7:a0:54:bf:da:18:a1:52:08:95:0a:c5:
+         e0:36:f3:6d:ab:ed:21:69:e1:e7:4d:8f:85:85:22:ac:7b:b3:
+         7f:3f:1a:7e:44:be:06:ee:0b:f5:89:53:e3:d1:fa:f7:51:00:
+         7c:61:d2:5e:48:ab:4c:bb:47:03:a2:d4:6a:78:02:7e:33:5a:
+         b9:7c:14:12:5a:c2:bb:66:91:4f:21:cb:c0:b7:80:72:4b:28:
+         6c:d9:7b:02:fa:04:26:f2:de:2a:54:7d:69:89:88:f3:b9:10:
+         ab:0a:07:fa:f8:7c:1e:bb:45:0f:4f:de:2e:36:3e:a4:63:b0:
+         71:a1:be:2b:dd:0c:fa:0b:97:f0:ad:56:b0:dd:76:51:e7:45:
+         aa:a3:82:cd:77:5a:07:3a:e5:bc:fd:37:8f:52:ee:e0:de:ac:
+         99:44:94:65:7d:b1:30:89:4d:12:da:73:29:06:a9:28:42:5d:
+         1f:1a:a7:44:f3:77:5b:99:4a:ca:a6:dd:3a:cd:a1:16:76:11:
+         16:44:34:c0
+-----BEGIN CERTIFICATE-----
+MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
+MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50
+ZXJtZWRpYXJ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsE40ojdA
+Us1YXtgYQPIjnqh4EBjbW4ej4uPIpVC3wxz65Xd/k7NEKpBgOYGkxGPgPYrYNshd
+3wQBwfG1ZRI99SL59f/FYCpIOZBp3wifvAdsxqs/5C0FtbMRnk1ajTxkPx593wUc
+4uS32UI2y4bfUyrqUStT+DoHWgiL3/udLx+UqfsHk4cg7uau2aUuGuvZZw7Oj34L
+vjrKspxAOFRcNZmsBxI+AKM5B3bh+t97gVkLo45OQrceCQTiDOrr1cDa3W/wbmo0
+KjiuT7TzTwYXw4MKZujGilRxhguLOTtzB9IL3EyGedqGRCU93PE46yLOkt+Lm/9H
+63ooCpHNujB3fQIDAQABo4HLMIHIMB0GA1UdDgQWBBTtzJn6ndKFfg4CQo5ySMP0
+KUuV0jAfBgNVHSMEGDAWgBRigaGFhBPycHm9SFspiODxJzVB9zA3BggrBgEFBQcB
+AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs
+BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD
+VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB
+AAKCi8+BifIV06emMMgqyDLFlXwYYC5RSMUmR7heSRe0qof3iyJzKoEgHRxUt3uR
+4UhAehkTBQVu5CF116egVL/aGKFSCJUKxeA2822r7SFp4edNj4WFIqx7s38/Gn5E
+vgbuC/WJU+PR+vdRAHxh0l5Iq0y7RwOi1Gp4An4zWrl8FBJawrtmkU8hy8C3gHJL
+KGzZewL6BCby3ipUfWmJiPO5EKsKB/r4fB67RQ9P3i42PqRjsHGhvivdDPoLl/Ct
+VrDddlHnRaqjgs13Wgc65bz9N49S7uDerJlElGV9sTCJTRLacykGqShCXR8ap0Tz
+d1uZSsqm3TrNoRZ2ERZENMA=
+-----END CERTIFICATE-----
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=Root
+        Validity
+            Not Before: Jan  1 12:00:00 2015 GMT
+            Not After : Mar  1 12:00:00 2015 GMT
+        Subject: CN=Root
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:b5:79:69:47:50:a7:53:24:79:a6:6a:35:e8:33:
+                    74:57:45:da:2c:69:13:1f:76:f9:51:ce:b4:47:ad:
+                    a3:c3:58:50:d1:5f:d6:34:5b:3a:62:f0:6c:ea:e7:
+                    86:c2:09:78:b3:53:0d:7f:45:cb:2b:8e:2e:1f:9b:
+                    c0:7e:47:90:e3:7b:20:cc:01:ed:b6:c3:c6:40:69:
+                    74:2b:f1:db:a5:f8:f4:5b:fd:e9:84:db:1a:fc:4f:
+                    91:4b:e7:f5:2e:99:d0:c9:69:f5:48:5b:8b:19:ca:
+                    dc:5c:0d:3d:15:25:56:77:86:b6:54:fc:d3:1d:8e:
+                    f8:ea:f5:ec:de:30:38:93:28:37:7c:d4:b7:29:26:
+                    6f:2a:4a:56:c3:12:91:18:d6:77:cf:4f:31:4e:13:
+                    b3:8f:ca:bc:7b:a7:7f:f1:af:db:77:80:51:8c:42:
+                    1c:27:37:18:ac:6c:45:8e:d5:21:25:16:09:fb:3b:
+                    0c:84:a8:60:ea:8a:03:65:94:f5:5c:d6:62:36:ae:
+                    b4:de:a3:b1:ee:1b:85:12:8c:6e:ba:ee:14:94:b9:
+                    c7:cb:a3:f1:d1:96:ed:81:79:71:27:d0:d8:26:b4:
+                    80:54:c8:07:a9:34:71:a2:a9:04:33:d6:58:02:59:
+                    f9:14:97:5e:a9:2b:8c:41:2a:5c:3e:ac:30:b8:63:
+                    52:35
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                62:81:A1:85:84:13:F2:70:79:BD:48:5B:29:88:E0:F1:27:35:41:F7
+            X509v3 Authority Key Identifier: 
+                keyid:62:81:A1:85:84:13:F2:70:79:BD:48:5B:29:88:E0:F1:27:35:41:F7
+
+            Authority Information Access: 
+                CA Issuers - URI:http://url-for-aia/Root.cer
+
+            X509v3 CRL Distribution Points: 
+
+                Full Name:
+                  URI:http://url-for-crl/Root.crl
+
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: sha256WithRSAEncryption
+         47:20:58:cf:09:e0:8c:35:aa:91:d7:be:d1:6a:dc:06:11:ef:
+         4a:b2:f1:94:41:3b:b4:00:d5:d3:be:cb:4b:ef:67:e0:1b:91:
+         8b:c3:4f:42:92:9a:5b:8f:84:b1:8e:86:f8:9a:f8:aa:d2:66:
+         34:76:e5:bb:6f:95:4c:f4:23:e4:71:53:6a:02:8d:e4:ad:7f:
+         c3:6c:77:a0:8d:00:80:c9:cf:e3:d0:96:e2:5a:1c:b6:66:96:
+         0d:2a:43:58:66:c8:53:b8:7a:6e:c2:c4:2b:c6:54:33:40:b3:
+         f3:07:67:37:51:92:b2:7f:9a:e3:c1:79:36:4b:d8:9f:e9:6e:
+         04:c6:49:19:51:fd:6f:21:86:09:9a:00:76:e0:5e:73:b0:57:
+         00:25:c5:2a:12:b3:bd:9a:8b:1b:ff:46:90:47:20:76:2b:bf:
+         8e:94:7d:1a:7c:56:f6:0a:03:7b:5a:42:97:76:77:2e:a5:0c:
+         2e:a0:03:13:a8:39:79:82:a0:98:8c:da:bd:1e:7e:af:56:21:
+         95:14:26:ef:06:07:d7:ec:42:6b:2f:b1:e6:f7:97:88:30:5f:
+         79:50:99:92:b4:9e:20:d0:c2:95:8e:f7:61:64:99:c3:13:da:
+         46:a1:63:73:0b:23:e8:d7:e7:97:36:82:2b:2a:12:8e:b8:a9:
+         2d:3c:35:b3
+-----BEGIN TRUSTED_CERTIFICATE-----
+MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
+MB4XDTE1MDEwMTEyMDAwMFoXDTE1MDMwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v
+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALV5aUdQp1MkeaZqNegz
+dFdF2ixpEx92+VHOtEeto8NYUNFf1jRbOmLwbOrnhsIJeLNTDX9FyyuOLh+bwH5H
+kON7IMwB7bbDxkBpdCvx26X49Fv96YTbGvxPkUvn9S6Z0Mlp9UhbixnK3FwNPRUl
+VneGtlT80x2O+Or17N4wOJMoN3zUtykmbypKVsMSkRjWd89PMU4Ts4/KvHunf/Gv
+23eAUYxCHCc3GKxsRY7VISUWCfs7DISoYOqKA2WU9VzWYjautN6jse4bhRKMbrru
+FJS5x8uj8dGW7YF5cSfQ2Ca0gFTIB6k0caKpBDPWWAJZ+RSXXqkrjEEqXD6sMLhj
+UjUCAwEAAaOByzCByDAdBgNVHQ4EFgQUYoGhhYQT8nB5vUhbKYjg8Sc1QfcwHwYD
+VR0jBBgwFoAUYoGhhYQT8nB5vUhbKYjg8Sc1QfcwNwYIKwYBBQUHAQEEKzApMCcG
+CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw
+IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE
+AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBHIFjPCeCM
+NaqR177RatwGEe9KsvGUQTu0ANXTvstL72fgG5GLw09Ckppbj4Sxjob4mviq0mY0
+duW7b5VM9CPkcVNqAo3krX/DbHegjQCAyc/j0JbiWhy2ZpYNKkNYZshTuHpuwsQr
+xlQzQLPzB2c3UZKyf5rjwXk2S9if6W4ExkkZUf1vIYYJmgB24F5zsFcAJcUqErO9
+mosb/0aQRyB2K7+OlH0afFb2CgN7WkKXdncupQwuoAMTqDl5gqCYjNq9Hn6vViGV
+FCbvBgfX7EJrL7Hm95eIMF95UJmStJ4g0MKVjvdhZJnDE9pGoWNzCyPo1+eXNoIr
+KhKOuKktPDWz
+-----END TRUSTED_CERTIFICATE-----
+
+-----BEGIN TIME-----
+MTUwMzAyMTIwMDAwWg==
+-----END TIME-----
+
+-----BEGIN VERIFY_RESULT-----
+RkFJTA==
+-----END VERIFY_RESULT-----
diff --git a/chromium/net/data/verify_certificate_chain_unittest/expired-target-notBefore.pem b/chromium/net/data/verify_certificate_chain_unittest/expired-target-notBefore.pem
index e531d9431df..3a1096d41c1 100644
--- a/chromium/net/data/verify_certificate_chain_unittest/expired-target-notBefore.pem
+++ b/chromium/net/data/verify_certificate_chain_unittest/expired-target-notBefore.pem
@@ -10,37 +10,37 @@ Certificate:
     Signature Algorithm: sha256WithRSAEncryption
         Issuer: CN=Intermediary
         Validity
-            Not Before: Jan  1 12:00:00 2015 GMT
+            Not Before: Mar  2 12:00:00 2015 GMT
             Not After : Jan  1 12:00:00 2016 GMT
         Subject: CN=Target
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (2048 bit)
                 Modulus:
-                    00:e0:ba:cf:dc:e5:4a:42:65:18:58:f0:f8:21:32:
-                    87:ad:b6:d8:ff:96:c7:54:50:9c:6c:ff:f8:ef:1a:
-                    3a:46:57:8b:9f:8d:f3:ea:a3:f8:37:eb:57:73:bb:
-                    cb:0e:bf:2f:b1:2e:7e:0f:10:d8:93:be:20:41:f0:
-                    6d:5c:ce:52:20:10:13:37:c5:fb:88:1a:72:e2:f4:
-                    0a:d2:14:43:21:ae:5f:7e:0f:3e:95:53:38:56:f3:
-                    ab:b3:67:e0:b7:d9:f0:07:98:b0:50:7c:9c:05:9f:
-                    a7:ef:ec:85:cd:e5:ab:22:a3:f1:55:b9:96:5b:c0:
-                    50:7d:8f:1b:37:a8:cf:40:5d:1f:be:6d:48:bc:22:
-                    e4:65:ea:15:79:1c:9f:e2:7d:58:25:01:15:ac:7b:
-                    50:6f:53:4e:ed:14:d9:02:55:8d:84:35:34:bc:46:
-                    11:b3:27:5e:27:47:79:8d:f2:df:d1:43:df:73:19:
-                    e8:06:11:ee:55:87:4b:11:d8:6d:53:12:47:8d:87:
-                    f7:6b:e3:d9:a1:aa:8d:8f:81:ad:dd:6f:52:ce:39:
-                    97:28:83:63:39:3c:e4:f0:b1:93:4c:82:44:b6:2a:
-                    7e:fe:c5:7b:9a:f3:01:35:9c:e0:de:d5:0d:ee:b1:
-                    e9:04:f6:bf:74:94:83:56:bb:3d:57:01:56:f9:24:
-                    2f:e5
+                    00:b8:1e:b0:de:22:2f:b4:13:ca:c4:72:10:b9:bd:
+                    4c:80:81:be:17:f2:45:bb:5a:d2:b4:a1:f6:3e:1c:
+                    50:00:d5:8d:fe:27:5b:a2:21:07:8b:1a:de:56:56:
+                    58:88:25:41:09:4e:fd:04:bb:6c:75:c7:48:3f:98:
+                    6b:4c:54:8a:22:26:28:f3:c6:76:5f:e8:bf:ad:bf:
+                    4f:ad:6d:1a:1d:ba:5e:fc:0d:2f:92:b2:4f:f7:bb:
+                    e5:fd:3a:ff:8d:fb:f1:9f:96:90:18:46:2c:cf:7b:
+                    62:75:b8:c5:e9:40:ce:67:21:e0:4b:9e:78:65:9b:
+                    9e:71:50:bd:33:12:53:78:7f:ad:fd:bf:e0:ae:d2:
+                    72:51:c1:18:d0:96:71:78:23:ff:a6:55:39:d5:9a:
+                    89:3e:21:72:cd:9d:13:fa:04:9f:08:6f:c0:d0:c5:
+                    ab:b2:27:b5:b8:e2:2d:ab:31:a3:7a:c1:94:56:8b:
+                    35:9c:b8:46:71:1c:d6:69:95:c1:0a:98:e4:14:96:
+                    3c:2f:cb:12:ac:71:88:a4:aa:d0:c8:0e:51:98:47:
+                    71:e8:0e:a0:e7:7e:01:95:b3:73:3f:9b:c4:8b:9d:
+                    d0:dc:17:a9:53:35:99:29:67:f3:28:d2:7f:1e:0d:
+                    17:6b:5d:56:c9:91:a6:ae:e8:07:a6:76:d6:8e:2a:
+                    48:47
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Subject Key Identifier: 
-                C3:8F:E4:91:5B:59:E5:5A:12:DF:C4:31:8B:24:14:1F:CE:B1:8B:33
+                27:06:C6:75:1B:30:9B:E0:78:6C:9C:9B:F1:E1:29:B7:11:41:6D:BD
             X509v3 Authority Key Identifier: 
-                keyid:22:8D:DE:5E:4F:B1:54:9D:71:73:E9:6B:39:85:BB:08:D8:87:CA:D0
+                keyid:7A:68:26:1F:EE:59:FA:52:EB:B0:98:D1:5D:F6:19:9F:8D:1C:F5:FB
 
             Authority Information Access: 
                 CA Issuers - URI:http://url-for-aia/Intermediary.cer
@@ -55,42 +55,42 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         59:d5:11:a5:3a:be:47:f7:57:74:59:36:de:85:9f:e1:c4:17:
-         e9:03:98:69:f7:c8:f0:b2:49:f6:ff:96:0e:06:4d:e0:1e:4b:
-         b6:09:67:17:28:a6:3f:56:f5:8b:fe:03:0e:b1:76:a9:6d:7d:
-         07:22:03:ae:df:92:a9:0a:94:96:d9:86:8d:55:34:05:c6:3e:
-         bb:59:c3:a1:84:da:f8:76:4e:cd:42:09:be:d0:72:18:8f:07:
-         f3:8a:04:27:81:05:0a:1a:13:a7:ce:ee:c1:a5:43:b5:a1:64:
-         c5:78:84:4c:fd:02:d7:3b:33:b3:ff:13:32:c3:1f:15:55:92:
-         74:93:21:4c:c9:fd:a9:33:a1:a6:00:5a:ec:42:31:d2:98:58:
-         8e:f3:12:32:3b:3f:96:58:19:a3:6b:fc:40:68:45:80:60:85:
-         30:b3:50:d2:52:74:9c:7f:01:b9:8a:22:8f:60:18:c5:4f:04:
-         0c:10:7e:ff:da:d6:8f:93:f2:80:a0:b3:3e:61:82:8a:c2:a6:
-         a7:6e:e1:85:76:ef:d3:64:ac:41:37:df:9f:1b:51:ac:8b:c6:
-         42:e9:54:57:16:fc:ab:cc:79:b3:5e:6e:84:36:3a:67:fa:bd:
-         8d:c8:b6:1e:a5:c2:af:41:7b:8a:5a:72:5d:bb:87:c8:8d:1e:
-         51:06:44:ab
+         4e:c4:5a:b3:1f:31:4c:04:75:f8:bb:7d:7b:ed:93:07:81:e3:
+         41:b9:50:b0:c4:01:06:7d:64:f3:c5:d8:5b:96:0e:b6:c2:fa:
+         66:50:25:79:c8:6f:6c:03:f1:7b:e6:73:60:cc:68:42:0e:43:
+         85:58:46:c2:51:27:73:dd:f1:6d:9d:d1:7a:80:97:e5:cf:0c:
+         9a:85:a1:92:ed:26:3a:d6:10:fd:19:c8:f2:fb:b9:47:ee:a9:
+         63:1c:52:c5:97:1a:6b:2f:f4:dc:9c:cb:74:86:6a:48:2a:87:
+         ac:24:d5:cc:8c:2b:12:9d:6d:bc:7e:be:95:3f:88:83:18:68:
+         75:59:db:79:fb:f0:c7:38:7b:8f:a3:16:e0:44:4c:19:e3:cd:
+         36:98:fb:fd:c9:17:5e:2f:9c:0c:e1:ba:f2:6e:c0:6e:91:9d:
+         5e:c0:0b:95:d8:62:7e:2e:8a:2d:4c:f9:b4:ca:17:0d:f0:d2:
+         71:b0:4d:15:79:b0:8b:9e:96:cf:2e:44:1a:84:a7:4f:61:38:
+         67:61:1c:a1:70:a0:a4:02:5b:42:f5:a0:09:95:cc:22:89:0d:
+         4e:e2:1b:dd:1d:fe:ae:d7:84:58:db:dd:07:1d:96:6b:32:11:
+         da:c6:56:d9:cd:69:10:25:62:fd:91:2d:63:0f:8c:82:fe:00:
+         8a:eb:87:4f
 -----BEGIN CERTIFICATE-----
 MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl
-cm1lZGlhcnkwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD
-VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgus/c
-5UpCZRhY8PghMoetttj/lsdUUJxs//jvGjpGV4ufjfPqo/g361dzu8sOvy+xLn4P
-ENiTviBB8G1czlIgEBM3xfuIGnLi9ArSFEMhrl9+Dz6VUzhW86uzZ+C32fAHmLBQ
-fJwFn6fv7IXN5asio/FVuZZbwFB9jxs3qM9AXR++bUi8IuRl6hV5HJ/ifVglARWs
-e1BvU07tFNkCVY2ENTS8RhGzJ14nR3mN8t/RQ99zGegGEe5Vh0sR2G1TEkeNh/dr
-49mhqo2Pga3db1LOOZcog2M5POTwsZNMgkS2Kn7+xXua8wE1nODe1Q3usekE9r90
-lINWuz1XAVb5JC/lAgMBAAGjgekwgeYwHQYDVR0OBBYEFMOP5JFbWeVaEt/EMYsk
-FB/OsYszMB8GA1UdIwQYMBaAFCKN3l5PsVSdcXPpazmFuwjYh8rQMD8GCCsGAQUF
+cm1lZGlhcnkwHhcNMTUwMzAyMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD
+VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4HrDe
+Ii+0E8rEchC5vUyAgb4X8kW7WtK0ofY+HFAA1Y3+J1uiIQeLGt5WVliIJUEJTv0E
+u2x1x0g/mGtMVIoiJijzxnZf6L+tv0+tbRodul78DS+Ssk/3u+X9Ov+N+/GflpAY
+RizPe2J1uMXpQM5nIeBLnnhlm55xUL0zElN4f639v+Cu0nJRwRjQlnF4I/+mVTnV
+mok+IXLNnRP6BJ8Ib8DQxauyJ7W44i2rMaN6wZRWizWcuEZxHNZplcEKmOQUljwv
+yxKscYikqtDIDlGYR3HoDqDnfgGVs3M/m8SLndDcF6lTNZkpZ/Mo0n8eDRdrXVbJ
+kaau6AemdtaOKkhHAgMBAAGjgekwgeYwHQYDVR0OBBYEFCcGxnUbMJvgeGycm/Hh
+KbcRQW29MB8GA1UdIwQYMBaAFHpoJh/uWfpS67CY0V32GZ+NHPX7MD8GCCsGAQUF
 BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk
 aWFyeS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu
 dGVybWVkaWFyeS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF
-BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAWdURpTq+R/dXdFk23oWf
-4cQX6QOYaffI8LJJ9v+WDgZN4B5LtglnFyimP1b1i/4DDrF2qW19ByIDrt+SqQqU
-ltmGjVU0BcY+u1nDoYTa+HZOzUIJvtByGI8H84oEJ4EFChoTp87uwaVDtaFkxXiE
-TP0C1zszs/8TMsMfFVWSdJMhTMn9qTOhpgBa7EIx0phYjvMSMjs/llgZo2v8QGhF
-gGCFMLNQ0lJ0nH8BuYoij2AYxU8EDBB+/9rWj5PygKCzPmGCisKmp27hhXbv02Ss
-QTffnxtRrIvGQulUVxb8q8x5s15uhDY6Z/q9jci2HqXCr0F7ilpyXbuHyI0eUQZE
-qw==
+BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEATsRasx8xTAR1+Lt9e+2T
+B4HjQblQsMQBBn1k88XYW5YOtsL6ZlAlechvbAPxe+ZzYMxoQg5DhVhGwlEnc93x
+bZ3ReoCX5c8MmoWhku0mOtYQ/RnI8vu5R+6pYxxSxZcaay/03JzLdIZqSCqHrCTV
+zIwrEp1tvH6+lT+IgxhodVnbefvwxzh7j6MW4ERMGePNNpj7/ckXXi+cDOG68m7A
+bpGdXsALldhifi6KLUz5tMoXDfDScbBNFXmwi56Wzy5EGoSnT2E4Z2EcoXCgpAJb
+QvWgCZXMIokNTuIb3R3+rteEWNvdBx2WazIR2sZW2c1pECVi/ZEtYw+Mgv4AiuuH
+Tw==
 -----END CERTIFICATE-----
 
 Certificate:
@@ -107,30 +107,30 @@ Certificate:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (2048 bit)
                 Modulus:
-                    00:a0:cf:ed:e6:2e:fe:fc:9c:7d:c5:b5:f9:ad:0c:
-                    07:3b:61:9a:29:79:7d:0b:c2:a0:2b:64:10:ce:17:
-                    64:a9:25:35:b4:17:0e:06:73:83:b2:4e:bb:d2:9d:
-                    38:05:06:0d:61:24:87:ee:f8:eb:0a:87:f4:8c:2d:
-                    cf:ec:c2:13:43:f6:a0:ad:bf:e3:94:56:a6:7e:30:
-                    93:3d:65:64:62:88:a5:78:6a:dd:ca:54:3d:36:17:
-                    2b:79:bb:f0:fd:fe:ba:94:99:c7:ce:61:4e:aa:c9:
-                    f3:87:98:05:8a:b8:fe:e9:96:52:e3:c7:3e:e9:60:
-                    e0:7c:94:75:a2:11:d7:11:d3:70:f1:8e:25:c1:20:
-                    af:93:f5:8a:be:76:75:2f:d0:3f:82:8f:99:c7:44:
-                    79:c3:f2:31:d7:24:30:cd:14:ba:b6:c4:a2:16:86:
-                    9c:b7:bf:00:1c:f7:eb:a1:e2:fa:14:f3:08:00:06:
-                    f5:b0:a7:79:05:84:ad:a1:4c:e7:f7:e6:14:68:2f:
-                    67:67:aa:06:c7:31:f2:1f:d3:b7:c2:e8:e7:bc:0f:
-                    1a:69:55:a0:75:8d:45:fa:1e:52:f4:ea:87:5c:0c:
-                    ef:d6:e4:b4:bb:59:7c:34:eb:67:16:5e:06:56:05:
-                    e3:0a:6f:f6:c8:88:e3:1f:a6:cf:ab:6a:93:cd:b8:
-                    e8:ab
+                    00:c0:6b:09:c5:84:c2:5f:1b:c6:98:31:2d:a2:3e:
+                    03:a9:13:4d:b8:4b:03:a6:1d:0a:e4:e1:ba:81:31:
+                    2b:dd:92:7c:6b:81:85:c4:d4:cf:73:30:33:b2:8d:
+                    9f:d9:0b:48:a0:70:51:88:93:d5:f1:ef:bd:14:6e:
+                    7b:da:b6:a4:c5:a9:ca:cd:27:90:38:c8:5e:12:68:
+                    f8:f2:70:01:8a:da:e3:6c:2f:62:c4:67:40:e2:92:
+                    20:fe:77:d9:91:f4:6b:02:0c:40:d6:b5:ef:98:85:
+                    36:58:59:ec:e7:17:c8:72:53:8a:fc:2e:fa:08:70:
+                    ba:ab:ea:42:40:50:e0:6b:14:04:73:78:34:96:db:
+                    8a:c9:22:21:f1:c1:1b:81:7c:95:c6:83:f8:d1:40:
+                    1f:5d:ec:bc:d0:4e:30:7f:b2:07:b4:e2:be:3f:f7:
+                    28:ab:a2:61:fd:98:3b:5a:1c:c9:61:30:13:ea:7c:
+                    7d:13:99:a0:9a:a5:a5:72:3f:a7:e7:7d:3b:a6:b7:
+                    09:6c:48:5c:ec:a3:d6:4c:2e:eb:21:e8:97:aa:44:
+                    32:23:03:dd:24:8d:08:b4:94:df:65:5b:7c:45:59:
+                    11:4b:ce:1f:78:e5:c4:bc:87:00:bb:c4:69:d7:3b:
+                    ae:a6:b7:80:df:4c:e2:0d:be:a4:0e:1c:05:5d:cf:
+                    dc:c9
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Subject Key Identifier: 
-                22:8D:DE:5E:4F:B1:54:9D:71:73:E9:6B:39:85:BB:08:D8:87:CA:D0
+                7A:68:26:1F:EE:59:FA:52:EB:B0:98:D1:5D:F6:19:9F:8D:1C:F5:FB
             X509v3 Authority Key Identifier: 
-                keyid:85:85:73:C1:C8:A5:7B:1C:6D:25:84:2A:CE:2B:A3:E4:21:E4:AE:D0
+                keyid:66:52:63:09:9B:DD:07:2A:2D:E0:F3:6C:29:FB:D9:74:87:F5:02:6A
 
             Authority Information Access: 
                 CA Issuers - URI:http://url-for-aia/Root.cer
@@ -145,41 +145,41 @@ Certificate:
             X509v3 Basic Constraints: critical
                 CA:TRUE
     Signature Algorithm: sha256WithRSAEncryption
-         32:34:d5:49:6d:d1:25:e9:5b:f5:a8:29:b0:9a:ae:56:da:c0:
-         56:b5:e1:76:a8:71:a6:af:c7:3d:a9:cd:d2:7e:56:b4:12:ad:
-         ae:61:94:02:bf:f2:0c:c3:64:1c:a2:70:41:3c:7c:30:3f:db:
-         c7:97:69:52:fc:39:63:a3:ed:27:f8:d1:e1:90:09:b5:8a:75:
-         dc:6b:db:4c:f6:b6:e3:57:84:f8:4d:f2:dd:d6:eb:63:ca:5f:
-         39:d1:c2:52:1a:44:dd:02:b9:7c:4a:46:69:25:52:e9:85:48:
-         a2:22:b4:a6:cc:a3:bb:00:e6:ea:67:e6:ed:40:15:5a:51:d7:
-         a1:a8:e3:58:91:ec:80:65:63:db:f0:85:62:b4:0c:29:b9:c2:
-         0a:f7:96:10:ed:c9:92:b4:71:53:d1:71:12:9c:04:f7:c9:44:
-         57:1f:fc:40:57:a9:e1:df:b8:39:17:d0:79:d9:ae:4c:4b:cb:
-         24:6e:25:01:8b:ad:37:cc:6f:b6:c2:58:ee:54:3f:78:71:45:
-         69:21:c2:15:7c:86:03:1d:64:22:53:d9:65:68:d2:10:d0:38:
-         be:bc:f2:49:11:a2:39:04:e5:36:79:bf:20:fe:10:03:1a:b5:
-         6c:12:c7:8a:06:dd:9d:bb:4d:f8:5b:b6:2d:3e:18:9b:26:b2:
-         6c:59:c3:15
+         b2:03:09:bd:ed:73:cd:8d:d6:d0:f4:86:40:00:10:eb:b9:37:
+         74:1d:f2:b3:dc:2d:df:a4:75:77:f1:62:23:b8:2d:70:14:af:
+         33:4e:0c:8f:6d:13:db:d4:dc:92:04:8d:0e:b6:14:98:07:f6:
+         80:cb:9a:8d:d3:0e:9d:6d:13:12:c1:01:f0:14:9d:a3:c1:05:
+         45:3c:26:16:d2:39:3f:ed:3c:6c:ab:c0:2b:b2:21:29:dc:4b:
+         6b:51:cf:e9:99:ef:fa:14:3a:c4:f1:77:c0:83:f5:7f:af:11:
+         40:db:f3:3f:7c:18:26:79:e9:15:c0:62:79:06:85:15:8a:53:
+         03:be:2f:e9:5c:69:7c:c7:d7:47:6a:7b:00:c8:d8:4f:55:ce:
+         d1:64:58:0f:87:ef:27:b2:7b:59:20:04:7d:4f:16:08:c7:d0:
+         f0:c1:aa:b6:a9:ae:aa:fd:a7:98:2c:40:28:bb:e5:d7:91:e5:
+         72:c9:ab:0a:92:0e:b0:d5:ff:9c:db:73:5d:e1:9d:a5:fd:89:
+         4e:c8:26:8d:f8:76:0b:7e:7f:94:70:73:e4:22:b4:fb:2f:bc:
+         06:84:73:b1:99:78:fa:5f:e8:d7:20:8f:b9:cb:d9:a4:99:7e:
+         be:b9:89:1c:07:0a:19:cb:0c:f0:15:70:81:51:ee:d7:8e:e8:
+         f7:21:3f:fd
 -----BEGIN CERTIFICATE-----
 MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50
-ZXJtZWRpYXJ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoM/t5i7+
-/Jx9xbX5rQwHO2GaKXl9C8KgK2QQzhdkqSU1tBcOBnODsk670p04BQYNYSSH7vjr
-Cof0jC3P7MITQ/agrb/jlFamfjCTPWVkYoileGrdylQ9Nhcrebvw/f66lJnHzmFO
-qsnzh5gFirj+6ZZS48c+6WDgfJR1ohHXEdNw8Y4lwSCvk/WKvnZ1L9A/go+Zx0R5
-w/Ix1yQwzRS6tsSiFoact78AHPfroeL6FPMIAAb1sKd5BYStoUzn9+YUaC9nZ6oG
-xzHyH9O3wujnvA8aaVWgdY1F+h5S9OqHXAzv1uS0u1l8NOtnFl4GVgXjCm/2yIjj
-H6bPq2qTzbjoqwIDAQABo4HLMIHIMB0GA1UdDgQWBBQijd5eT7FUnXFz6Ws5hbsI
-2IfK0DAfBgNVHSMEGDAWgBSFhXPByKV7HG0lhCrOK6PkIeSu0DA3BggrBgEFBQcB
+ZXJtZWRpYXJ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwGsJxYTC
+XxvGmDEtoj4DqRNNuEsDph0K5OG6gTEr3ZJ8a4GFxNTPczAzso2f2QtIoHBRiJPV
+8e+9FG572rakxanKzSeQOMheEmj48nABitrjbC9ixGdA4pIg/nfZkfRrAgxA1rXv
+mIU2WFns5xfIclOK/C76CHC6q+pCQFDgaxQEc3g0ltuKySIh8cEbgXyVxoP40UAf
+Xey80E4wf7IHtOK+P/coq6Jh/Zg7WhzJYTAT6nx9E5mgmqWlcj+n5307prcJbEhc
+7KPWTC7rIeiXqkQyIwPdJI0ItJTfZVt8RVkRS84feOXEvIcAu8Rp1zuupreA30zi
+Db6kDhwFXc/cyQIDAQABo4HLMIHIMB0GA1UdDgQWBBR6aCYf7ln6UuuwmNFd9hmf
+jRz1+zAfBgNVHSMEGDAWgBRmUmMJm90HKi3g82wp+9l0h/UCajA3BggrBgEFBQcB
 AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs
 BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD
 VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB
-ADI01Ult0SXpW/WoKbCarlbawFa14Xaocaavxz2pzdJ+VrQSra5hlAK/8gzDZByi
-cEE8fDA/28eXaVL8OWOj7Sf40eGQCbWKddxr20z2tuNXhPhN8t3W62PKXznRwlIa
-RN0CuXxKRmklUumFSKIitKbMo7sA5upn5u1AFVpR16Go41iR7IBlY9vwhWK0DCm5
-wgr3lhDtyZK0cVPRcRKcBPfJRFcf/EBXqeHfuDkX0HnZrkxLyyRuJQGLrTfMb7bC
-WO5UP3hxRWkhwhV8hgMdZCJT2WVo0hDQOL688kkRojkE5TZ5vyD+EAMatWwSx4oG
-3Z27Tfhbti0+GJsmsmxZwxU=
+ALIDCb3tc82N1tD0hkAAEOu5N3Qd8rPcLd+kdXfxYiO4LXAUrzNODI9tE9vU3JIE
+jQ62FJgH9oDLmo3TDp1tExLBAfAUnaPBBUU8JhbSOT/tPGyrwCuyISncS2tRz+mZ
+7/oUOsTxd8CD9X+vEUDb8z98GCZ56RXAYnkGhRWKUwO+L+lcaXzH10dqewDI2E9V
+ztFkWA+H7yeye1kgBH1PFgjH0PDBqraprqr9p5gsQCi75deR5XLJqwqSDrDV/5zb
+c13hnaX9iU7IJo34dgt+f5Rwc+QitPsvvAaEc7GZePpf6Ncgj7nL2aSZfr65iRwH
+ChnLDPAVcIFR7teO6PchP/0=
 -----END CERTIFICATE-----
 
 Certificate:
@@ -196,30 +196,30 @@ Certificate:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (2048 bit)
                 Modulus:
-                    00:c1:48:07:e3:d2:dc:88:8f:f9:f5:ff:26:b3:cb:
-                    73:09:cf:36:b9:28:23:c0:8c:90:51:61:a7:a1:f6:
-                    73:c6:e2:41:b5:d3:ce:8f:38:99:84:3f:96:be:21:
-                    df:15:74:e4:dc:1d:df:45:68:a1:bd:d8:75:ca:bc:
-                    42:64:74:de:25:3b:a5:0a:0b:fb:d7:6a:63:e3:19:
-                    48:a9:5b:33:07:e2:bc:02:d5:86:06:5d:3c:fc:75:
-                    96:ea:eb:6d:41:ea:96:52:28:63:2c:a7:f2:13:e9:
-                    a9:7f:e3:15:c1:94:31:59:c2:48:e8:b1:9c:ee:10:
-                    57:64:ef:6d:35:66:c2:46:d0:af:5f:b8:60:d8:48:
-                    47:ed:75:5d:ae:86:d4:85:ed:95:5d:0e:e7:ec:be:
-                    85:14:22:03:3e:ed:62:b1:c3:05:b9:b8:2e:77:6a:
-                    86:42:13:68:2c:33:86:f4:89:34:67:db:90:77:51:
-                    0a:a1:23:b4:46:06:22:16:e5:fb:c1:85:ef:2d:60:
-                    60:76:5a:1f:d7:c7:93:83:5c:b7:3b:76:d9:ba:01:
-                    90:29:d3:ea:84:de:26:10:79:7f:05:2f:ab:80:6e:
-                    18:80:bb:eb:26:d1:8c:5d:bd:79:4b:24:05:62:0f:
-                    38:7c:87:fe:1d:6e:5c:16:a2:34:b4:7a:d3:bb:54:
-                    24:d5
+                    00:bb:61:9d:50:28:51:f7:22:01:45:32:28:d0:d0:
+                    b2:c3:41:a4:3a:1f:8b:9a:b0:eb:61:31:39:1a:87:
+                    5b:03:fb:02:82:15:8f:7f:d7:bb:4e:89:ae:08:df:
+                    7e:6f:2f:66:87:8f:57:ab:a0:61:79:25:64:eb:20:
+                    5d:e7:92:17:bd:c4:1b:e0:ea:27:e2:7b:b8:6e:05:
+                    08:07:54:3d:4e:d6:80:8b:b9:50:d0:75:23:93:c3:
+                    e2:1b:de:f7:20:24:35:0f:d4:c3:dd:cf:07:19:29:
+                    6f:08:08:a6:b3:9f:6d:2a:8b:3c:b7:6f:32:fe:81:
+                    6d:1b:ad:88:96:c5:1f:a4:7a:a4:81:b5:e4:b3:9a:
+                    bc:42:b0:40:e5:77:8d:12:32:cc:d9:05:12:6a:47:
+                    62:2b:22:5b:a8:48:fe:14:1a:a1:2f:03:34:f1:2b:
+                    8f:d5:bf:3c:18:ae:f1:67:79:c8:a3:8d:29:d0:ce:
+                    23:03:6f:ee:14:5e:97:dd:4d:c8:f5:1f:c4:1d:49:
+                    08:b5:9c:7d:fa:e1:79:08:27:83:2d:8a:f4:43:d6:
+                    d6:6b:78:f4:0e:4c:42:57:72:03:61:73:b5:82:23:
+                    98:2a:a9:06:f9:b3:95:cd:01:66:c2:3e:96:da:02:
+                    13:95:e1:e6:51:94:67:2d:37:a5:cf:c1:18:62:fb:
+                    56:15
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Subject Key Identifier: 
-                85:85:73:C1:C8:A5:7B:1C:6D:25:84:2A:CE:2B:A3:E4:21:E4:AE:D0
+                66:52:63:09:9B:DD:07:2A:2D:E0:F3:6C:29:FB:D9:74:87:F5:02:6A
             X509v3 Authority Key Identifier: 
-                keyid:85:85:73:C1:C8:A5:7B:1C:6D:25:84:2A:CE:2B:A3:E4:21:E4:AE:D0
+                keyid:66:52:63:09:9B:DD:07:2A:2D:E0:F3:6C:29:FB:D9:74:87:F5:02:6A
 
             Authority Information Access: 
                 CA Issuers - URI:http://url-for-aia/Root.cer
@@ -234,45 +234,45 @@ Certificate:
             X509v3 Basic Constraints: critical
                 CA:TRUE
     Signature Algorithm: sha256WithRSAEncryption
-         37:89:65:ac:ae:76:77:0d:71:a3:1c:e3:bf:80:fe:87:f8:49:
-         d3:8b:7f:cf:2a:51:18:b1:f5:a3:6a:d0:e5:e1:7e:f9:83:ca:
-         11:2b:fc:e5:9e:cc:df:ee:a2:f9:ea:d2:19:32:fa:58:88:cd:
-         59:5c:d6:42:7f:75:2f:17:93:7d:90:8c:7a:60:3a:24:15:15:
-         62:82:97:c1:49:81:81:12:25:4a:b9:83:d7:39:dc:2b:da:39:
-         a9:58:6a:82:5c:7d:49:00:c2:cd:c2:dc:84:4a:23:df:9c:81:
-         a2:42:fc:4b:66:87:0b:63:12:d3:b8:59:9b:a6:5a:b0:5f:ff:
-         51:37:92:03:0c:bb:61:6c:1a:ed:2e:05:e6:d0:a7:2f:d8:7c:
-         5c:31:f2:84:f2:9b:05:bd:b5:35:35:a4:28:55:fa:23:32:33:
-         4f:6b:91:55:9e:0f:1e:c7:1e:9a:12:c3:97:8d:3c:f9:c8:51:
-         27:5b:19:a2:7a:c6:2a:0d:d4:b3:6e:b8:f0:8f:d3:c4:e4:26:
-         3a:64:93:70:65:5f:2d:f7:73:31:e7:95:e6:23:1f:f4:17:b9:
-         d4:ed:20:e2:4f:45:32:a3:e9:7d:6a:2e:02:76:40:8a:ac:64:
-         c0:b2:99:11:63:de:64:f4:1f:6d:65:4c:84:1e:59:4f:e1:07:
-         99:23:0e:d4
+         09:c6:5a:c2:9c:aa:78:6d:66:79:43:2a:1c:a4:0b:04:42:8c:
+         54:6c:89:d7:ce:e0:fd:8e:33:5b:6c:2b:a2:ed:05:de:ea:3b:
+         11:21:bd:e9:23:45:bd:0f:e0:5c:fe:1b:11:8b:46:75:c1:24:
+         84:5a:95:15:a5:b3:73:86:6b:aa:8f:dc:46:3c:64:d9:60:9e:
+         c1:7a:63:a3:d5:d6:b4:27:ed:c3:77:ea:5d:59:e7:93:05:df:
+         be:58:4c:a5:92:52:61:11:d1:7f:27:e6:9b:29:3c:b8:9d:a0:
+         5c:d0:98:5f:a7:ed:39:14:f4:30:81:f6:0d:3b:cd:96:d6:dd:
+         7a:e2:b0:55:7c:ab:87:10:54:a6:5d:ac:27:5b:a6:a1:1e:ee:
+         e7:26:cb:44:1d:fe:84:85:54:e0:cb:62:1b:5a:bb:ed:38:c0:
+         f4:bd:1e:5d:ee:c6:d7:6e:b3:27:56:5c:8d:1f:dd:70:52:35:
+         8a:bc:07:0a:97:99:10:80:16:5b:a3:d1:de:f9:97:59:ca:5f:
+         42:10:c0:26:3e:6e:92:a9:6d:e5:09:1e:4c:92:4b:2e:a7:e8:
+         81:7f:e4:bb:b3:44:3c:71:e3:0c:ba:66:30:4a:fc:30:40:ce:
+         50:98:1b:61:52:91:02:84:ff:a1:a3:09:ad:1b:68:db:52:a6:
+         cf:18:79:af
 -----BEGIN TRUSTED_CERTIFICATE-----
 MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v
-dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFIB+PS3IiP+fX/JrPL
-cwnPNrkoI8CMkFFhp6H2c8biQbXTzo84mYQ/lr4h3xV05Nwd30Voob3Ydcq8QmR0
-3iU7pQoL+9dqY+MZSKlbMwfivALVhgZdPPx1lurrbUHqllIoYyyn8hPpqX/jFcGU
-MVnCSOixnO4QV2TvbTVmwkbQr1+4YNhIR+11Xa6G1IXtlV0O5+y+hRQiAz7tYrHD
-Bbm4LndqhkITaCwzhvSJNGfbkHdRCqEjtEYGIhbl+8GF7y1gYHZaH9fHk4Nctzt2
-2boBkCnT6oTeJhB5fwUvq4BuGIC76ybRjF29eUskBWIPOHyH/h1uXBaiNLR607tU
-JNUCAwEAAaOByzCByDAdBgNVHQ4EFgQUhYVzwcilexxtJYQqziuj5CHkrtAwHwYD
-VR0jBBgwFoAUhYVzwcilexxtJYQqziuj5CHkrtAwNwYIKwYBBQUHAQEEKzApMCcG
+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALthnVAoUfciAUUyKNDQ
+ssNBpDofi5qw62ExORqHWwP7AoIVj3/Xu06Jrgjffm8vZoePV6ugYXklZOsgXeeS
+F73EG+DqJ+J7uG4FCAdUPU7WgIu5UNB1I5PD4hve9yAkNQ/Uw93PBxkpbwgIprOf
+bSqLPLdvMv6BbRutiJbFH6R6pIG15LOavEKwQOV3jRIyzNkFEmpHYisiW6hI/hQa
+oS8DNPErj9W/PBiu8Wd5yKONKdDOIwNv7hRel91NyPUfxB1JCLWcffrheQgngy2K
+9EPW1mt49A5MQldyA2FztYIjmCqpBvmzlc0BZsI+ltoCE5Xh5lGUZy03pc/BGGL7
+VhUCAwEAAaOByzCByDAdBgNVHQ4EFgQUZlJjCZvdByot4PNsKfvZdIf1AmowHwYD
+VR0jBBgwFoAUZlJjCZvdByot4PNsKfvZdIf1AmowNwYIKwYBBQUHAQEEKzApMCcG
 CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw
 IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE
-AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA3iWWsrnZ3
-DXGjHOO/gP6H+EnTi3/PKlEYsfWjatDl4X75g8oRK/zlnszf7qL56tIZMvpYiM1Z
-XNZCf3UvF5N9kIx6YDokFRVigpfBSYGBEiVKuYPXOdwr2jmpWGqCXH1JAMLNwtyE
-SiPfnIGiQvxLZocLYxLTuFmbplqwX/9RN5IDDLthbBrtLgXm0Kcv2HxcMfKE8psF
-vbU1NaQoVfojMjNPa5FVng8exx6aEsOXjTz5yFEnWxmiesYqDdSzbrjwj9PE5CY6
-ZJNwZV8t93Mx55XmIx/0F7nU7SDiT0Uyo+l9ai4CdkCKrGTAspkRY95k9B9tZUyE
-HllP4QeZIw7U
+AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAJxlrCnKp4
+bWZ5QyocpAsEQoxUbInXzuD9jjNbbCui7QXe6jsRIb3pI0W9D+Bc/hsRi0Z1wSSE
+WpUVpbNzhmuqj9xGPGTZYJ7BemOj1da0J+3Dd+pdWeeTBd++WEylklJhEdF/J+ab
+KTy4naBc0Jhfp+05FPQwgfYNO82W1t164rBVfKuHEFSmXawnW6ahHu7nJstEHf6E
+hVTgy2IbWrvtOMD0vR5d7sbXbrMnVlyNH91wUjWKvAcKl5kQgBZbo9He+ZdZyl9C
+EMAmPm6SqW3lCR5Mkksup+iBf+S7s0Q8ceMMumYwSvwwQM5QmBthUpEChP+howmt
+G2jbUqbPGHmv
 -----END TRUSTED_CERTIFICATE-----
 
 -----BEGIN TIME-----
-MTQwMzAyMTIwMDAwWg==
+MTUwMzAxMTIwMDAwWg==
 -----END TIME-----
 
 -----BEGIN VERIFY_RESULT-----
diff --git a/chromium/net/data/verify_certificate_chain_unittest/expired-target.pem b/chromium/net/data/verify_certificate_chain_unittest/expired-target.pem
index 40b08c62bfb..8afcd0f3a7e 100644
--- a/chromium/net/data/verify_certificate_chain_unittest/expired-target.pem
+++ b/chromium/net/data/verify_certificate_chain_unittest/expired-target.pem
@@ -11,36 +11,36 @@ Certificate:
         Issuer: CN=Intermediary
         Validity
             Not Before: Jan  1 12:00:00 2015 GMT
-            Not After : Jan  1 12:00:00 2016 GMT
+            Not After : Mar  1 12:00:00 2015 GMT
         Subject: CN=Target
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (2048 bit)
                 Modulus:
-                    00:e4:45:ec:2b:33:db:da:8a:1f:b0:9c:73:6b:4b:
-                    c2:a7:60:29:4f:61:1c:a6:5d:2a:17:76:d1:87:76:
-                    ec:d7:2c:a6:80:72:62:c1:0c:7b:01:d4:6e:7a:c5:
-                    fe:cc:89:1b:e6:4b:ef:76:0b:b8:46:b0:39:c0:50:
-                    54:44:97:d8:ea:4a:95:ae:3e:2c:38:1a:69:51:06:
-                    cb:4d:85:44:e0:57:49:30:78:cc:fd:40:81:52:1a:
-                    43:c7:4a:02:db:b0:90:3a:b9:5f:7a:bd:a1:b1:7d:
-                    a5:f7:ed:95:c5:e6:da:0e:d5:1a:fa:12:ce:2e:4f:
-                    6b:7c:a4:6b:de:89:47:0d:b9:34:62:c2:3a:06:db:
-                    72:2e:56:29:ca:80:d0:80:27:9e:3f:bf:73:b1:14:
-                    3c:88:f5:31:d3:d9:27:54:46:c3:b2:e3:59:f4:54:
-                    37:b8:73:b5:04:6b:6d:d2:e2:93:e6:57:2e:f8:3a:
-                    36:24:7c:fa:33:da:1a:5b:5d:da:f5:91:87:67:4a:
-                    ca:2e:79:47:df:8c:33:8b:36:76:39:79:63:a9:7d:
-                    26:ef:95:22:e2:16:de:0a:1a:4a:4b:74:e3:d8:c5:
-                    b9:ee:60:8d:ad:f7:cf:d4:d6:4e:b0:27:18:84:d1:
-                    e3:ef:23:b8:00:6d:71:e8:a0:8e:bb:84:72:d9:75:
-                    76:6d
+                    00:e3:02:17:8f:16:37:b7:e0:0b:44:86:f7:4f:de:
+                    18:39:31:91:ed:11:80:67:c4:e0:18:7e:42:8e:be:
+                    dd:a9:0e:e7:ff:47:f2:1d:eb:a8:53:21:5b:c0:3e:
+                    32:59:cf:31:24:e3:0f:00:4a:d2:f7:9a:77:31:10:
+                    45:89:e3:e8:62:9c:c7:06:31:d0:c8:86:2b:3d:a7:
+                    71:83:82:fa:c1:c2:cb:84:74:48:ad:c9:8a:4d:27:
+                    1e:75:bb:4e:ce:54:3c:c1:b5:25:e5:02:d0:b3:8c:
+                    14:f3:f5:9e:f8:30:20:ec:c6:d9:c4:a2:aa:06:f9:
+                    dc:ca:53:2f:76:cf:32:42:fd:7a:1a:c3:da:4a:d3:
+                    82:30:84:f5:fb:02:82:f6:db:6e:87:fc:e8:69:14:
+                    a0:9f:2d:07:c4:ac:64:86:f5:ac:4b:22:f1:b0:d1:
+                    91:2e:29:f7:cf:e0:10:aa:5d:cd:df:d7:a7:b9:9d:
+                    72:cc:fd:16:d5:11:97:90:75:dc:5e:02:ab:7f:d3:
+                    dd:0a:a8:bc:5a:34:c6:8d:bb:8f:7a:04:d5:b6:99:
+                    20:a4:72:c9:ba:00:cf:69:5e:e5:dd:bf:47:b3:3c:
+                    be:83:0d:4b:95:be:91:58:a4:a4:33:2e:3b:b8:da:
+                    85:3d:74:66:8f:f9:0b:be:8e:9d:3e:b6:ca:8b:9b:
+                    7e:19
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Subject Key Identifier: 
-                40:D1:E0:A6:C2:37:1A:32:25:B8:D9:6D:5E:67:E7:CA:E0:76:30:16
+                1C:D2:85:3D:00:41:91:25:0B:8B:C2:CB:0E:D7:97:F1:14:8E:DE:01
             X509v3 Authority Key Identifier: 
-                keyid:DA:CD:B0:93:32:B4:DB:D9:38:FF:99:C6:AF:A7:44:80:D0:C0:4A:A1
+                keyid:90:4B:3E:89:21:25:2A:3C:CA:35:BF:D9:A6:B1:CF:BC:1F:9D:3A:2F
 
             Authority Information Access: 
                 CA Issuers - URI:http://url-for-aia/Intermediary.cer
@@ -55,42 +55,42 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         08:63:be:8b:50:78:97:05:7a:ee:a4:f1:fe:6f:bd:68:84:c4:
-         ce:e6:c9:fd:30:d8:27:a6:3c:37:74:21:4a:69:23:81:5f:da:
-         02:56:45:f4:1e:a0:22:4c:43:8c:f0:65:c2:cb:db:68:05:5b:
-         94:4b:93:3a:08:77:da:a0:67:3f:b2:d3:95:09:ad:ed:1e:e2:
-         91:a4:8e:63:7d:37:d8:90:20:83:60:ab:0f:b7:ec:73:69:69:
-         b3:8e:54:6f:54:5b:95:de:2d:c9:49:73:5e:87:43:7e:37:07:
-         02:a7:b7:df:e5:5e:9b:77:fb:9a:1f:15:29:29:f4:7e:00:e4:
-         6f:5c:d2:66:46:5f:54:c4:6b:b2:50:2f:f4:78:8a:5e:cb:da:
-         32:56:1c:ae:a7:92:d0:8e:71:95:6c:b1:ba:6c:b3:eb:3c:29:
-         57:4e:e1:cd:8a:ef:41:ea:bd:7f:ce:17:cf:f5:9c:ec:d6:21:
-         cf:e2:e8:2d:b6:b9:dd:d9:2a:fe:d0:91:54:0e:15:a0:d3:ae:
-         ea:92:f9:98:c5:a2:da:a6:0d:89:8f:c9:fe:2e:25:9b:f4:f1:
-         7f:ae:1a:5b:0f:94:c0:49:fb:15:0a:bb:1f:2b:fe:ca:d1:8e:
-         10:94:16:c6:a0:a0:af:b9:5d:6a:31:c2:87:94:ee:ca:1e:93:
-         b3:ac:d6:dd
+         6d:36:b8:bc:75:67:0d:8a:5b:00:51:3b:06:31:af:83:23:80:
+         a0:4f:eb:05:d6:5c:15:20:a3:10:7b:3e:31:0a:ba:45:b5:6b:
+         21:2b:02:bf:83:73:2c:cd:81:85:a0:38:ed:4e:bd:b7:36:dc:
+         b6:69:bb:81:7b:75:74:3c:ac:5a:c2:59:74:6d:d9:64:8e:5b:
+         16:19:25:44:98:cb:9d:cd:a0:d4:6f:7f:d2:a3:11:cd:94:aa:
+         b0:74:ee:c2:a3:3b:aa:98:e0:c5:0d:01:a4:f8:a2:84:ab:d0:
+         db:19:9d:4d:ce:84:89:50:e8:3a:44:fb:e5:06:f3:d8:e9:d5:
+         aa:81:69:af:2a:f2:9e:58:35:d5:3d:97:44:3a:79:47:22:d6:
+         9c:1b:b9:93:ea:3f:44:ac:cf:2a:54:52:86:0b:db:17:9d:f9:
+         4d:54:46:4d:af:21:92:cf:8a:01:52:14:07:96:c7:48:75:3c:
+         66:4d:74:fb:44:06:eb:a9:ab:12:2e:91:80:de:02:c1:12:5b:
+         32:76:36:46:13:16:00:31:76:c9:ee:64:e6:75:03:49:7d:63:
+         d6:bf:f1:90:1f:b6:49:38:e5:af:37:63:46:e2:4d:d1:29:b8:
+         b3:24:ec:f5:f8:32:c3:03:fa:1a:ad:30:1a:db:41:4d:5e:43:
+         46:ae:6d:4e
 -----BEGIN CERTIFICATE-----
 MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl
-cm1lZGlhcnkwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD
-VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkRewr
-M9vaih+wnHNrS8KnYClPYRymXSoXdtGHduzXLKaAcmLBDHsB1G56xf7MiRvmS+92
-C7hGsDnAUFREl9jqSpWuPiw4GmlRBstNhUTgV0kweMz9QIFSGkPHSgLbsJA6uV96
-vaGxfaX37ZXF5toO1Rr6Es4uT2t8pGveiUcNuTRiwjoG23IuVinKgNCAJ54/v3Ox
-FDyI9THT2SdURsOy41n0VDe4c7UEa23S4pPmVy74OjYkfPoz2hpbXdr1kYdnSsou
-eUffjDOLNnY5eWOpfSbvlSLiFt4KGkpLdOPYxbnuYI2t98/U1k6wJxiE0ePvI7gA
-bXHooI67hHLZdXZtAgMBAAGjgekwgeYwHQYDVR0OBBYEFEDR4KbCNxoyJbjZbV5n
-58rgdjAWMB8GA1UdIwQYMBaAFNrNsJMytNvZOP+Zxq+nRIDQwEqhMD8GCCsGAQUF
+cm1lZGlhcnkwHhcNMTUwMTAxMTIwMDAwWhcNMTUwMzAxMTIwMDAwWjARMQ8wDQYD
+VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjAheP
+Fje34AtEhvdP3hg5MZHtEYBnxOAYfkKOvt2pDuf/R/Id66hTIVvAPjJZzzEk4w8A
+StL3mncxEEWJ4+hinMcGMdDIhis9p3GDgvrBwsuEdEityYpNJx51u07OVDzBtSXl
+AtCzjBTz9Z74MCDsxtnEoqoG+dzKUy92zzJC/Xoaw9pK04IwhPX7AoL2226H/Ohp
+FKCfLQfErGSG9axLIvGw0ZEuKffP4BCqXc3f16e5nXLM/RbVEZeQddxeAqt/090K
+qLxaNMaNu496BNW2mSCkcsm6AM9pXuXdv0ezPL6DDUuVvpFYpKQzLju42oU9dGaP
++Qu+jp0+tsqLm34ZAgMBAAGjgekwgeYwHQYDVR0OBBYEFBzShT0AQZElC4vCyw7X
+l/EUjt4BMB8GA1UdIwQYMBaAFJBLPokhJSo8yjW/2aaxz7wfnTovMD8GCCsGAQUF
 BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk
 aWFyeS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu
 dGVybWVkaWFyeS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF
-BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEACGO+i1B4lwV67qTx/m+9
-aITEzubJ/TDYJ6Y8N3QhSmkjgV/aAlZF9B6gIkxDjPBlwsvbaAVblEuTOgh32qBn
-P7LTlQmt7R7ikaSOY3032JAgg2CrD7fsc2lps45Ub1Rbld4tyUlzXodDfjcHAqe3
-3+Vem3f7mh8VKSn0fgDkb1zSZkZfVMRrslAv9HiKXsvaMlYcrqeS0I5xlWyxumyz
-6zwpV07hzYrvQeq9f84Xz/Wc7NYhz+LoLba53dkq/tCRVA4VoNOu6pL5mMWi2qYN
-iY/J/i4lm/Txf64aWw+UwEn7FQq7Hyv+ytGOEJQWxqCgr7ldajHCh5Tuyh6Ts6zW
-3Q==
+BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAbTa4vHVnDYpbAFE7BjGv
+gyOAoE/rBdZcFSCjEHs+MQq6RbVrISsCv4NzLM2BhaA47U69tzbctmm7gXt1dDys
+WsJZdG3ZZI5bFhklRJjLnc2g1G9/0qMRzZSqsHTuwqM7qpjgxQ0BpPiihKvQ2xmd
+Tc6EiVDoOkT75Qbz2OnVqoFpryrynlg11T2XRDp5RyLWnBu5k+o/RKzPKlRShgvb
+F535TVRGTa8hks+KAVIUB5bHSHU8Zk10+0QG66mrEi6RgN4CwRJbMnY2RhMWADF2
+ye5k5nUDSX1j1r/xkB+2STjlrzdjRuJN0Sm4syTs9fgywwP6Gq0wGttBTV5DRq5t
+Tg==
 -----END CERTIFICATE-----
 
 Certificate:
@@ -107,30 +107,30 @@ Certificate:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (2048 bit)
                 Modulus:
-                    00:b9:80:44:8f:9b:41:d5:be:e0:1a:a7:a4:4d:4e:
-                    a0:52:ae:81:e7:c4:bd:f9:79:80:36:6e:8e:2a:56:
-                    a9:84:26:da:d5:ad:e2:2a:5a:0e:68:2d:e9:ab:24:
-                    52:89:8e:7e:99:3d:b6:b7:ca:27:b7:80:45:38:4a:
-                    eb:66:54:e1:28:a3:0e:df:a1:b7:63:4c:e1:44:e1:
-                    af:6f:60:b3:35:af:9e:4d:51:cc:51:4c:70:8f:6b:
-                    f2:73:c4:39:cb:a6:0b:9f:14:27:1a:90:f6:75:d3:
-                    3c:a0:b7:ba:3d:7c:27:eb:b3:b1:37:58:2a:e1:d8:
-                    62:09:dc:07:33:41:40:34:2c:93:98:e5:26:bc:d6:
-                    98:ed:75:b2:f1:98:4a:71:b4:21:61:96:12:98:7f:
-                    24:6e:d8:37:f2:2b:54:1e:4a:b0:8a:d9:2c:ab:b7:
-                    88:f5:a7:fb:fe:a7:04:b7:35:82:66:3f:ea:fb:eb:
-                    15:26:ae:52:ae:34:ec:da:fe:08:fa:ef:fd:40:f6:
-                    8d:b4:c5:68:a7:e3:60:2c:dc:b8:e0:3e:54:a9:60:
-                    11:7d:1e:54:37:98:b1:c2:fe:d0:fd:fa:b5:e6:f9:
-                    bd:a6:50:b9:b6:1b:ec:3f:dc:ed:c2:d7:01:37:9e:
-                    69:24:90:05:d5:f2:26:fa:76:f3:76:34:e5:b7:88:
-                    92:95
+                    00:c1:92:e2:bf:d0:e9:8f:c6:45:f0:c9:ef:51:cc:
+                    97:cc:cb:80:ac:c1:7c:da:7e:28:12:0c:84:45:6b:
+                    db:fb:4f:ba:16:3e:33:8b:a1:14:70:42:99:ca:4e:
+                    8e:55:ac:13:e5:ac:d4:30:9e:25:dc:19:d9:b9:de:
+                    46:7a:84:80:29:bd:a1:11:f8:f2:af:ce:c1:0c:73:
+                    43:29:37:c3:76:61:32:70:6d:e7:29:bf:dd:9f:68:
+                    ed:9e:c2:b9:8c:f6:16:7c:b9:06:4b:65:ff:57:26:
+                    9d:62:48:ee:0b:0f:4c:5e:fb:d7:a9:e3:d8:4b:a9:
+                    0c:01:b6:00:f8:48:27:64:03:b6:73:d0:85:10:92:
+                    4c:50:f8:f4:33:95:ea:52:30:72:b0:c1:e1:d3:1e:
+                    8e:67:2a:64:42:c8:61:b8:3f:76:d2:01:1d:e6:dc:
+                    d2:66:09:41:24:c3:22:b4:55:3a:f0:5e:3d:82:af:
+                    5d:0d:b7:d7:96:02:dc:94:e4:d2:24:dc:49:f8:d3:
+                    dc:b9:78:0e:ce:cf:8f:1a:3f:06:8b:57:e4:51:91:
+                    7f:64:1b:cd:db:4d:80:88:26:21:dc:da:64:ae:64:
+                    bb:03:21:1c:de:ce:44:eb:a7:b4:43:50:51:cc:67:
+                    da:16:91:93:94:e4:d0:ed:28:dc:8a:16:8b:3d:d8:
+                    cd:19
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Subject Key Identifier: 
-                DA:CD:B0:93:32:B4:DB:D9:38:FF:99:C6:AF:A7:44:80:D0:C0:4A:A1
+                90:4B:3E:89:21:25:2A:3C:CA:35:BF:D9:A6:B1:CF:BC:1F:9D:3A:2F
             X509v3 Authority Key Identifier: 
-                keyid:CB:65:23:DB:47:DE:B5:40:EC:44:D8:90:A7:D6:C0:78:81:FA:E2:CE
+                keyid:C3:6A:BF:B8:BB:62:64:F0:4C:4C:28:47:94:45:0F:15:0D:DC:CD:5A
 
             Authority Information Access: 
                 CA Issuers - URI:http://url-for-aia/Root.cer
@@ -145,41 +145,41 @@ Certificate:
             X509v3 Basic Constraints: critical
                 CA:TRUE
     Signature Algorithm: sha256WithRSAEncryption
-         9d:a0:3a:08:79:82:a7:ac:d8:e9:bc:8a:e1:32:88:09:c8:de:
-         54:ed:6f:43:fd:ab:68:b2:32:37:8e:74:de:37:da:f9:31:2d:
-         ee:d6:f7:0b:d2:25:f9:16:1e:93:f1:f3:e1:fd:fd:0f:ac:75:
-         7b:a4:60:09:4c:0f:ea:45:5b:46:cf:e5:5a:c9:36:37:17:ee:
-         cf:44:82:51:c9:ba:eb:55:13:2d:f5:6f:83:9e:01:0c:04:ff:
-         58:ad:50:54:7c:ee:a5:a4:e6:3c:93:46:c8:a7:bd:6f:18:7f:
-         d0:5c:1c:8a:a4:f3:1d:e3:d7:a3:1d:7e:a4:ca:cd:1b:92:ff:
-         26:13:cc:b8:89:b2:b8:24:0c:30:df:43:70:20:5d:72:3f:b0:
-         0e:8b:08:3e:e5:52:c9:d8:65:db:c6:31:95:a1:c4:56:b4:1f:
-         eb:af:e8:9c:8b:78:c2:75:c4:f1:98:e1:20:d6:5a:32:9f:94:
-         75:c0:a5:86:da:79:a7:d3:25:20:56:13:dd:04:27:bd:e7:27:
-         21:9d:8d:1d:dd:87:bc:6e:07:fd:9f:64:c5:7e:ac:2a:a4:a8:
-         e5:29:d1:5b:e2:24:6c:db:ca:3a:b6:13:34:00:81:15:08:1d:
-         fb:eb:ac:1a:ab:53:3e:31:db:30:40:4e:17:f3:98:53:00:d8:
-         d1:b8:5c:58
+         bd:cb:4f:22:e2:7a:50:05:dd:e3:d6:41:19:2b:6d:4a:3e:a8:
+         90:27:4f:ce:eb:ee:83:4f:d5:b6:ea:a5:18:1c:00:83:84:76:
+         92:76:a7:2c:54:5f:94:a7:fc:4c:2f:38:08:c5:24:3f:95:57:
+         e4:55:e2:a5:96:b7:c0:7b:cc:8f:ce:a1:81:e2:d2:51:17:d3:
+         7f:6b:76:ed:f5:41:2a:7a:56:e2:d1:ed:55:94:38:2e:9f:cb:
+         9b:a3:8b:d8:d7:42:24:81:55:97:82:a1:77:52:7c:1f:70:db:
+         0b:bf:a5:eb:96:2e:d4:fb:9c:d5:6a:6e:9b:60:75:01:e1:fe:
+         f1:14:64:42:82:2a:f5:ea:b3:e1:2e:40:fe:b2:af:9f:c5:66:
+         25:d8:7d:8c:5f:00:3d:04:b4:02:8c:c7:99:30:d0:c0:02:e4:
+         5f:3b:75:01:59:76:1c:3c:95:5b:28:49:90:2f:c0:af:45:f0:
+         4c:62:ca:40:66:80:7e:25:89:ab:91:55:ee:41:71:af:05:4c:
+         7e:31:2c:99:24:50:c9:dd:97:79:73:97:f9:5a:79:79:05:ff:
+         c6:83:b7:e3:4d:86:b6:a3:60:1d:7c:e6:89:80:a3:50:8f:b1:
+         4a:43:d2:a9:89:92:8b:38:20:71:64:0a:41:8b:fd:2f:4b:ab:
+         3c:45:99:0f
 -----BEGIN CERTIFICATE-----
 MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50
-ZXJtZWRpYXJ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuYBEj5tB
-1b7gGqekTU6gUq6B58S9+XmANm6OKlaphCba1a3iKloOaC3pqyRSiY5+mT22t8on
-t4BFOErrZlThKKMO36G3Y0zhROGvb2CzNa+eTVHMUUxwj2vyc8Q5y6YLnxQnGpD2
-ddM8oLe6PXwn67OxN1gq4dhiCdwHM0FANCyTmOUmvNaY7XWy8ZhKcbQhYZYSmH8k
-btg38itUHkqwitksq7eI9af7/qcEtzWCZj/q++sVJq5SrjTs2v4I+u/9QPaNtMVo
-p+NgLNy44D5UqWARfR5UN5ixwv7Q/fq15vm9plC5thvsP9ztwtcBN55pJJAF1fIm
-+nbzdjTlt4iSlQIDAQABo4HLMIHIMB0GA1UdDgQWBBTazbCTMrTb2Tj/mcavp0SA
-0MBKoTAfBgNVHSMEGDAWgBTLZSPbR961QOxE2JCn1sB4gfrizjA3BggrBgEFBQcB
+ZXJtZWRpYXJ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZLiv9Dp
+j8ZF8MnvUcyXzMuArMF82n4oEgyERWvb+0+6Fj4zi6EUcEKZyk6OVawT5azUMJ4l
+3BnZud5GeoSAKb2hEfjyr87BDHNDKTfDdmEycG3nKb/dn2jtnsK5jPYWfLkGS2X/
+VyadYkjuCw9MXvvXqePYS6kMAbYA+EgnZAO2c9CFEJJMUPj0M5XqUjBysMHh0x6O
+ZypkQshhuD920gEd5tzSZglBJMMitFU68F49gq9dDbfXlgLclOTSJNxJ+NPcuXgO
+zs+PGj8Gi1fkUZF/ZBvN202AiCYh3NpkrmS7AyEc3s5E66e0Q1BRzGfaFpGTlOTQ
+7SjcihaLPdjNGQIDAQABo4HLMIHIMB0GA1UdDgQWBBSQSz6JISUqPMo1v9mmsc+8
+H506LzAfBgNVHSMEGDAWgBTDar+4u2Jk8ExMKEeURQ8VDdzNWjA3BggrBgEFBQcB
 AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs
 BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD
 VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB
-AJ2gOgh5gqes2Om8iuEyiAnI3lTtb0P9q2iyMjeOdN432vkxLe7W9wvSJfkWHpPx
-8+H9/Q+sdXukYAlMD+pFW0bP5VrJNjcX7s9EglHJuutVEy31b4OeAQwE/1itUFR8
-7qWk5jyTRsinvW8Yf9BcHIqk8x3j16MdfqTKzRuS/yYTzLiJsrgkDDDfQ3AgXXI/
-sA6LCD7lUsnYZdvGMZWhxFa0H+uv6JyLeMJ1xPGY4SDWWjKflHXApYbaeafTJSBW
-E90EJ73nJyGdjR3dh7xuB/2fZMV+rCqkqOUp0VviJGzbyjq2EzQAgRUIHfvrrBqr
-Uz4x2zBAThfzmFMA2NG4XFg=
+AL3LTyLielAF3ePWQRkrbUo+qJAnT87r7oNP1bbqpRgcAIOEdpJ2pyxUX5Sn/Ewv
+OAjFJD+VV+RV4qWWt8B7zI/OoYHi0lEX039rdu31QSp6VuLR7VWUOC6fy5uji9jX
+QiSBVZeCoXdSfB9w2wu/peuWLtT7nNVqbptgdQHh/vEUZEKCKvXqs+EuQP6yr5/F
+ZiXYfYxfAD0EtAKMx5kw0MAC5F87dQFZdhw8lVsoSZAvwK9F8ExiykBmgH4liauR
+Ve5Bca8FTH4xLJkkUMndl3lzl/laeXkF/8aDt+NNhrajYB185omAo1CPsUpD0qmJ
+kos4IHFkCkGL/S9LqzxFmQ8=
 -----END CERTIFICATE-----
 
 Certificate:
@@ -196,30 +196,30 @@ Certificate:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (2048 bit)
                 Modulus:
-                    00:c6:2e:8f:2a:f4:b2:4f:96:3c:a7:4e:f6:92:54:
-                    be:34:77:64:65:fe:dd:dc:fd:11:29:a7:6c:56:04:
-                    9d:70:2f:3c:3f:55:e5:54:79:f0:bb:5f:79:97:f0:
-                    7b:0a:22:fb:66:d5:e8:6d:30:81:93:99:a5:8f:a5:
-                    e2:33:b8:bd:05:9e:b1:c7:0a:63:75:12:e6:ac:75:
-                    a3:1c:58:a0:c5:7b:40:45:60:f9:6a:8e:45:2a:59:
-                    7e:5f:8a:b8:a3:c9:bc:9d:dd:aa:d9:1d:85:30:67:
-                    67:db:d3:04:aa:cf:e9:42:fe:5d:df:46:ac:06:59:
-                    51:16:a0:e0:6c:f4:c0:ca:f6:c4:85:24:91:60:84:
-                    b1:d0:92:7f:ab:ef:ce:5c:35:07:bc:03:72:32:c8:
-                    40:67:23:13:08:db:08:f3:cc:a0:75:e4:08:f7:e9:
-                    ba:b3:e1:17:57:b1:16:93:ac:07:fa:04:1c:a7:6c:
-                    d6:12:4f:c5:75:da:d4:6d:99:21:d1:9e:84:15:7a:
-                    34:ff:89:4e:c2:5b:43:89:86:63:90:db:37:93:15:
-                    57:27:0e:7a:c9:bb:21:a8:06:69:5d:41:b5:19:24:
-                    bf:08:ea:67:0c:26:22:a3:86:7e:e0:04:d0:82:48:
-                    b4:f5:48:01:56:20:6e:73:6d:c5:e1:62:1b:8e:f2:
-                    bd:e7
+                    00:fa:da:12:88:da:6c:4d:a4:17:2e:e6:c7:c7:f6:
+                    fc:0b:41:94:b9:ad:5e:72:7f:53:82:c3:9b:bd:f0:
+                    39:fd:6c:be:42:2f:28:fe:76:7e:e6:24:f7:6b:32:
+                    42:c7:0e:6f:b3:9b:4d:61:ab:f3:f1:76:67:29:77:
+                    a5:6a:b9:64:65:40:42:0a:ad:dc:27:16:7a:94:ae:
+                    8f:f0:d2:db:e7:7c:71:21:c9:ca:f0:64:94:58:32:
+                    b7:fa:d3:27:bc:84:95:ce:d2:81:43:dc:7d:b3:e8:
+                    76:aa:eb:0a:a6:c1:03:1f:ae:19:db:8a:c4:ef:a1:
+                    bd:f3:d6:e9:e7:20:a8:83:1c:78:d5:85:c2:be:9f:
+                    c9:e2:4e:ab:e6:a8:53:6b:c7:5d:d6:57:6f:4f:2d:
+                    db:75:89:c6:10:a3:96:36:22:8d:c3:0a:20:7b:5f:
+                    75:04:a6:4a:8d:24:d3:21:0b:16:fe:70:ae:34:d4:
+                    bd:33:27:86:cb:b3:c8:b8:9a:80:70:0c:01:38:af:
+                    e8:dc:0a:32:ca:a8:da:6c:a7:0a:2d:f3:b6:f7:cb:
+                    7f:ea:59:38:66:ce:9d:93:f2:75:89:d3:5f:43:5c:
+                    9b:29:1c:d4:e9:37:6d:7c:79:ee:ad:c9:70:62:58:
+                    4f:25:f6:21:20:44:a8:0b:c6:52:9d:2f:ea:a5:f8:
+                    b3:cf
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Subject Key Identifier: 
-                CB:65:23:DB:47:DE:B5:40:EC:44:D8:90:A7:D6:C0:78:81:FA:E2:CE
+                C3:6A:BF:B8:BB:62:64:F0:4C:4C:28:47:94:45:0F:15:0D:DC:CD:5A
             X509v3 Authority Key Identifier: 
-                keyid:CB:65:23:DB:47:DE:B5:40:EC:44:D8:90:A7:D6:C0:78:81:FA:E2:CE
+                keyid:C3:6A:BF:B8:BB:62:64:F0:4C:4C:28:47:94:45:0F:15:0D:DC:CD:5A
 
             Authority Information Access: 
                 CA Issuers - URI:http://url-for-aia/Root.cer
@@ -234,45 +234,45 @@ Certificate:
             X509v3 Basic Constraints: critical
                 CA:TRUE
     Signature Algorithm: sha256WithRSAEncryption
-         74:69:8a:c4:51:dd:1d:be:5d:53:de:9d:de:c7:91:3a:0d:47:
-         2f:36:0d:d8:a7:c9:89:7e:68:8f:86:ed:af:e6:83:9c:9e:4e:
-         99:df:ae:bb:e7:d0:c2:e4:b9:e7:e5:71:f5:4f:c4:55:a5:1d:
-         a6:93:2c:f8:5f:ab:45:b4:37:74:bc:14:d6:32:b0:f5:c4:82:
-         b0:5e:47:14:52:37:64:14:4e:25:f5:bf:db:41:27:78:56:29:
-         6a:35:87:62:ef:f8:35:fa:51:d7:36:96:b3:6a:6e:bd:3f:ad:
-         a5:0f:c8:25:7e:11:26:96:1b:a2:32:ac:21:ad:a8:ff:31:32:
-         3d:f3:aa:07:df:f7:72:28:12:a7:b9:40:38:b6:6f:69:89:4e:
-         33:52:fc:40:61:85:de:b1:29:92:b5:47:b3:f6:a4:37:1c:8c:
-         b9:1b:02:52:72:a1:4d:46:aa:84:32:8e:d8:c9:e5:87:87:3d:
-         66:8f:a1:af:ef:71:3e:a0:a3:8d:cb:75:4b:57:d6:c8:03:e2:
-         40:e3:85:cd:a7:cb:af:cc:49:9c:4c:a2:2a:8c:75:6a:70:88:
-         3e:6a:24:a1:35:85:e7:6d:0d:7a:b1:35:45:e3:8e:a8:a6:c9:
-         0c:d3:78:41:44:5c:0b:d1:ff:b0:b2:91:ed:a0:83:c7:04:b3:
-         a9:a7:c1:6e
+         48:d9:ed:17:dd:a3:7c:5f:6b:aa:90:6d:f5:d4:61:a3:27:8e:
+         83:92:15:7a:6c:d7:87:71:95:6a:e4:e0:d9:11:4e:2a:af:14:
+         5c:11:ba:a0:2e:15:bd:f0:c6:2d:72:0a:17:ce:02:1a:3b:61:
+         16:5d:1a:ff:e8:45:4d:d6:f2:93:9d:09:ce:e6:ec:a8:c8:de:
+         e6:40:dc:26:cc:15:89:38:b9:59:06:27:d0:93:af:0e:83:08:
+         9f:c3:50:1c:b1:e0:88:69:b2:43:61:c3:4c:bc:d9:19:d7:87:
+         57:c3:e6:99:7b:f0:02:09:ac:e1:f0:a1:55:d5:53:0c:fc:c4:
+         b3:3c:49:67:30:70:d5:c7:cd:94:a6:07:f0:cd:89:fd:68:b4:
+         29:9d:63:91:f6:bf:79:da:6a:93:6d:b5:52:57:d8:1a:62:18:
+         9f:ed:71:5c:d2:5d:53:0b:04:56:5c:05:81:6b:16:9a:dd:ff:
+         fe:5d:98:32:97:07:c1:7b:9c:d5:08:07:2e:b9:17:ab:1e:a3:
+         ea:64:b1:02:1b:04:ca:5f:4c:fd:1f:45:91:d9:f6:de:c7:78:
+         9d:aa:5d:b7:cc:6f:58:7f:2d:71:cc:5c:3a:8c:e5:db:51:3e:
+         af:77:1f:d1:e1:81:cb:74:c0:36:46:be:51:4e:55:94:98:65:
+         7d:33:c0:5e
 -----BEGIN TRUSTED_CERTIFICATE-----
 MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v
-dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMYujyr0sk+WPKdO9pJU
-vjR3ZGX+3dz9ESmnbFYEnXAvPD9V5VR58LtfeZfwewoi+2bV6G0wgZOZpY+l4jO4
-vQWesccKY3US5qx1oxxYoMV7QEVg+WqORSpZfl+KuKPJvJ3dqtkdhTBnZ9vTBKrP
-6UL+Xd9GrAZZURag4Gz0wMr2xIUkkWCEsdCSf6vvzlw1B7wDcjLIQGcjEwjbCPPM
-oHXkCPfpurPhF1exFpOsB/oEHKds1hJPxXXa1G2ZIdGehBV6NP+JTsJbQ4mGY5Db
-N5MVVycOesm7IagGaV1BtRkkvwjqZwwmIqOGfuAE0IJItPVIAVYgbnNtxeFiG47y
-vecCAwEAAaOByzCByDAdBgNVHQ4EFgQUy2Uj20fetUDsRNiQp9bAeIH64s4wHwYD
-VR0jBBgwFoAUy2Uj20fetUDsRNiQp9bAeIH64s4wNwYIKwYBBQUHAQEEKzApMCcG
+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPraEojabE2kFy7mx8f2
+/AtBlLmtXnJ/U4LDm73wOf1svkIvKP52fuYk92syQscOb7ObTWGr8/F2Zyl3pWq5
+ZGVAQgqt3CcWepSuj/DS2+d8cSHJyvBklFgyt/rTJ7yElc7SgUPcfbPodqrrCqbB
+Ax+uGduKxO+hvfPW6ecgqIMceNWFwr6fyeJOq+aoU2vHXdZXb08t23WJxhCjljYi
+jcMKIHtfdQSmSo0k0yELFv5wrjTUvTMnhsuzyLiagHAMATiv6NwKMsqo2mynCi3z
+tvfLf+pZOGbOnZPydYnTX0Ncmykc1Ok3bXx57q3JcGJYTyX2ISBEqAvGUp0v6qX4
+s88CAwEAAaOByzCByDAdBgNVHQ4EFgQUw2q/uLtiZPBMTChHlEUPFQ3czVowHwYD
+VR0jBBgwFoAUw2q/uLtiZPBMTChHlEUPFQ3czVowNwYIKwYBBQUHAQEEKzApMCcG
 CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw
 IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE
-AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB0aYrEUd0d
-vl1T3p3ex5E6DUcvNg3Yp8mJfmiPhu2v5oOcnk6Z366759DC5Lnn5XH1T8RVpR2m
-kyz4X6tFtDd0vBTWMrD1xIKwXkcUUjdkFE4l9b/bQSd4VilqNYdi7/g1+lHXNpaz
-am69P62lD8glfhEmlhuiMqwhraj/MTI986oH3/dyKBKnuUA4tm9piU4zUvxAYYXe
-sSmStUez9qQ3HIy5GwJScqFNRqqEMo7YyeWHhz1mj6Gv73E+oKONy3VLV9bIA+JA
-44XNp8uvzEmcTKIqjHVqcIg+aiShNYXnbQ16sTVF446opskM03hBRFwL0f+wspHt
-oIPHBLOpp8Fu
+AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBI2e0X3aN8
+X2uqkG311GGjJ46DkhV6bNeHcZVq5ODZEU4qrxRcEbqgLhW98MYtcgoXzgIaO2EW
+XRr/6EVN1vKTnQnO5uyoyN7mQNwmzBWJOLlZBifQk68Ogwifw1AcseCIabJDYcNM
+vNkZ14dXw+aZe/ACCazh8KFV1VMM/MSzPElnMHDVx82UpgfwzYn9aLQpnWOR9r95
+2mqTbbVSV9gaYhif7XFc0l1TCwRWXAWBaxaa3f/+XZgylwfBe5zVCAcuuRerHqPq
+ZLECGwTKX0z9H0WR2fbex3idql23zG9Yfy1xzFw6jOXbUT6vdx/R4YHLdMA2Rr5R
+TlWUmGV9M8Be
 -----END TRUSTED_CERTIFICATE-----
 
 -----BEGIN TIME-----
-MTYwMzAyMTIwMDAwWg==
+MTUwMzAyMTIwMDAwWg==
 -----END TIME-----
 
 -----BEGIN VERIFY_RESULT-----
diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-expired-intermediary.py b/chromium/net/data/verify_certificate_chain_unittest/generate-expired-intermediary.py
index 7a97fe36526..463a37bf0e3 100755
--- a/chromium/net/data/verify_certificate_chain_unittest/generate-expired-intermediary.py
+++ b/chromium/net/data/verify_certificate_chain_unittest/generate-expired-intermediary.py
@@ -10,20 +10,23 @@ import common
 
 # Self-signed root certificate (part of trust store).
 root = common.create_self_signed_root_certificate('Root')
+root.set_validity_range(common.JANUARY_1_2015_UTC, common.JANUARY_1_2016_UTC)
 
 # Intermediary certificate.
 intermediary = common.create_intermediary_certificate('Intermediary', root)
 intermediary.set_validity_range(common.JANUARY_1_2015_UTC,
-                                common.JANUARY_1_2016_UTC)
+                                common.MARCH_1_2015_UTC)
 
 # Target certificate.
 target = common.create_end_entity_certificate('Target', intermediary)
+target.set_validity_range(common.JANUARY_1_2015_UTC, common.JANUARY_1_2016_UTC)
 
 chain = [target, intermediary]
 trusted = [root]
 
-# March 2nd, 2016 midnight UTC
-time = '160302120000Z'
+# Both the root and target are valid at this time, however the
+# intermediary certificate is not.
+time = common.MARCH_2_2015_UTC
 verify_result = False
 
 common.write_test_file(__doc__, chain, trusted, time, verify_result)
diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-expired-root.py b/chromium/net/data/verify_certificate_chain_unittest/generate-expired-root.py
new file mode 100755
index 00000000000..83f79171f37
--- /dev/null
+++ b/chromium/net/data/verify_certificate_chain_unittest/generate-expired-root.py
@@ -0,0 +1,32 @@
+#!/usr/bin/python
+# Copyright (c) 2016 The Chromium Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+"""Certificate chain with 1 intermediary, where the root certificate is expired
+(violates validity.notAfter). Verification is expected to fail."""
+
+import common
+
+# Self-signed root certificate (part of trust store).
+root = common.create_self_signed_root_certificate('Root')
+root.set_validity_range(common.JANUARY_1_2015_UTC, common.MARCH_1_2015_UTC)
+
+# Intermediary certificate.
+intermediary = common.create_intermediary_certificate('Intermediary', root)
+intermediary.set_validity_range(common.JANUARY_1_2015_UTC,
+                                common.JANUARY_1_2016_UTC)
+
+# Target certificate.
+target = common.create_end_entity_certificate('Target', intermediary)
+target.set_validity_range(common.JANUARY_1_2015_UTC, common.JANUARY_1_2016_UTC)
+
+chain = [target, intermediary]
+trusted = [root]
+
+# Both the target and intermediary are valid at this time, however the
+# root is not.
+time = common.MARCH_2_2015_UTC
+verify_result = False
+
+common.write_test_file(__doc__, chain, trusted, time, verify_result)
diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-expired-target-notBefore.py b/chromium/net/data/verify_certificate_chain_unittest/generate-expired-target-notBefore.py
index 3ff7d63cb08..fae1831ca5e 100755
--- a/chromium/net/data/verify_certificate_chain_unittest/generate-expired-target-notBefore.py
+++ b/chromium/net/data/verify_certificate_chain_unittest/generate-expired-target-notBefore.py
@@ -10,19 +10,23 @@ import common
 
 # Self-signed root certificate (part of trust store).
 root = common.create_self_signed_root_certificate('Root')
+root.set_validity_range(common.JANUARY_1_2015_UTC, common.JANUARY_1_2016_UTC)
 
 # Intermediary certificate.
 intermediary = common.create_intermediary_certificate('Intermediary', root)
+intermediary.set_validity_range(common.JANUARY_1_2015_UTC,
+                                common.JANUARY_1_2016_UTC)
 
 # Target certificate.
 target = common.create_end_entity_certificate('Target', intermediary)
-target.set_validity_range(common.JANUARY_1_2015_UTC, common.JANUARY_1_2016_UTC)
+target.set_validity_range(common.MARCH_2_2015_UTC, common.JANUARY_1_2016_UTC)
 
 chain = [target, intermediary]
 trusted = [root]
 
-# March 2nd, 2014 midnight UTC
-time = '140302120000Z'
+# Both the root and intermediary are valid at this time, however the
+# target is not.
+time = common.MARCH_1_2015_UTC
 verify_result = False
 
 common.write_test_file(__doc__, chain, trusted, time, verify_result)
diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-expired-target.py b/chromium/net/data/verify_certificate_chain_unittest/generate-expired-target.py
index b3b3c531d14..eaa94d33e58 100755
--- a/chromium/net/data/verify_certificate_chain_unittest/generate-expired-target.py
+++ b/chromium/net/data/verify_certificate_chain_unittest/generate-expired-target.py
@@ -10,19 +10,23 @@ import common
 
 # Self-signed root certificate (part of trust store).
 root = common.create_self_signed_root_certificate('Root')
+root.set_validity_range(common.JANUARY_1_2015_UTC, common.JANUARY_1_2016_UTC)
 
 # Intermediary certificate.
 intermediary = common.create_intermediary_certificate('Intermediary', root)
+intermediary.set_validity_range(common.JANUARY_1_2015_UTC,
+                                common.JANUARY_1_2016_UTC)
 
 # Target certificate.
 target = common.create_end_entity_certificate('Target', intermediary)
-target.set_validity_range(common.JANUARY_1_2015_UTC, common.JANUARY_1_2016_UTC)
+target.set_validity_range(common.JANUARY_1_2015_UTC, common.MARCH_1_2015_UTC)
 
 chain = [target, intermediary]
 trusted = [root]
 
-# March 2nd, 2016 midnight UTC
-time = '160302120000Z'
+# Both the root and intermediary are valid at this time, however the
+# target is not.
+time = common.MARCH_2_2015_UTC
 verify_result = False
 
 common.write_test_file(__doc__, chain, trusted, time, verify_result)
diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-non-self-signed-root.py b/chromium/net/data/verify_certificate_chain_unittest/generate-non-self-signed-root.py
new file mode 100755
index 00000000000..355f61e47aa
--- /dev/null
+++ b/chromium/net/data/verify_certificate_chain_unittest/generate-non-self-signed-root.py
@@ -0,0 +1,28 @@
+#!/usr/bin/python
+# Copyright (c) 2015 The Chromium Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+"""Certificate chain with 1 intermediary and a trusted root. The trusted root
+is NOT self signed, however its issuer is not included in the chain or root
+store. Verification is expected to succeed since the root is trusted."""
+
+import common
+
+shadow_root = common.create_self_signed_root_certificate('ShadowRoot')
+
+# Non-self-signed root (part of trust store).
+root = common.create_intermediary_certificate('Root', shadow_root)
+
+# Intermediary certificate.
+intermediary = common.create_intermediary_certificate('Intermediary', root)
+
+# Target certificate.
+target = common.create_end_entity_certificate('Target', intermediary)
+
+chain = [target, intermediary]
+trusted = [root]
+time = common.DEFAULT_TIME
+verify_result = True
+
+common.write_test_file(__doc__, chain, trusted, time, verify_result)
diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-violates-pathlen-1-root.py b/chromium/net/data/verify_certificate_chain_unittest/generate-violates-pathlen-1-root.py
new file mode 100755
index 00000000000..bda9c25d9ee
--- /dev/null
+++ b/chromium/net/data/verify_certificate_chain_unittest/generate-violates-pathlen-1-root.py
@@ -0,0 +1,31 @@
+#!/usr/bin/python
+# Copyright (c) 2016 The Chromium Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+"""Certificate chain with 2 intermediaries and one end entity certificate. The
+root certificate has a pathlen:1 restriction so this is an invalid chain."""
+
+import common
+
+# Self-signed root certificate (part of trust store).
+root = common.create_self_signed_root_certificate('Root')
+root.get_extensions().set_property('basicConstraints',
+                                   'critical,CA:true,pathlen:1')
+
+# Intermediary 1 (no pathlen restriction).
+intermediary1 = common.create_intermediary_certificate('Intermediary1', root)
+
+# Intermediary 2 (no pathlen restriction).
+intermediary2 = common.create_intermediary_certificate('Intermediary2',
+                                                       intermediary1)
+
+# Target certificate.
+target = common.create_end_entity_certificate('Target', intermediary2)
+
+chain = [target, intermediary2, intermediary1]
+trusted = [root]
+time = common.DEFAULT_TIME
+verify_result = False
+
+common.write_test_file(__doc__, chain, trusted, time, verify_result)
diff --git a/chromium/net/data/verify_certificate_chain_unittest/non-self-signed-root.pem b/chromium/net/data/verify_certificate_chain_unittest/non-self-signed-root.pem
new file mode 100644
index 00000000000..11dddad4fe4
--- /dev/null
+++ b/chromium/net/data/verify_certificate_chain_unittest/non-self-signed-root.pem
@@ -0,0 +1,281 @@
+[Created by: ./generate-non-self-signed-root.py]
+
+Certificate chain with 1 intermediary and a trusted root. The trusted root
+is NOT self signed, however its issuer is not included in the chain or root
+store. Verification is expected to succeed since the root is trusted.
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=Intermediary
+        Validity
+            Not Before: Jan  1 12:00:00 2015 GMT
+            Not After : Jan  1 12:00:00 2016 GMT
+        Subject: CN=Target
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:c2:27:87:8d:77:16:37:79:6a:b5:5d:e7:ee:9f:
+                    a4:5e:f6:f3:9e:a0:f9:9c:05:1a:5f:67:d8:72:c7:
+                    89:73:a5:21:d5:d6:df:39:0d:f7:e7:cb:1e:82:ec:
+                    ae:15:ee:5a:bf:57:12:29:b2:44:8b:40:4b:d6:ea:
+                    a5:34:05:34:5f:37:2e:32:c0:ed:6a:0c:21:ac:c5:
+                    16:80:61:96:e1:82:e3:15:62:34:23:0a:de:ca:ee:
+                    43:f8:3a:e7:42:5f:3a:79:f4:bc:cf:e7:da:c4:3a:
+                    d6:d0:5f:bf:13:58:e7:69:0f:bc:38:7c:05:82:a9:
+                    92:b8:eb:f5:fb:2a:53:ef:5d:12:5e:dc:55:12:b1:
+                    66:67:3f:7c:00:89:b9:50:ea:9c:7f:90:48:02:40:
+                    b3:f5:98:0d:73:ca:d8:f7:3d:0b:48:fe:99:12:90:
+                    92:37:93:34:5b:75:60:1c:16:c2:98:ec:2f:9a:f8:
+                    e3:1f:8d:56:ea:c6:35:14:67:66:21:e5:83:69:59:
+                    ce:c3:a6:f5:1e:94:e8:14:ce:73:83:52:af:ed:df:
+                    63:58:d2:45:07:87:18:ec:7c:11:85:c8:22:b8:ff:
+                    b2:6d:05:2c:70:86:d1:5b:f9:8a:94:22:73:58:f1:
+                    9e:b2:4f:ea:50:7e:7c:db:2e:6a:ab:bc:b5:73:b5:
+                    49:3f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                0B:2F:1A:F2:F7:59:E8:BE:B9:20:D5:71:5F:D3:A1:CA:FB:88:4B:65
+            X509v3 Authority Key Identifier: 
+                keyid:A5:03:4B:C2:60:A5:9F:86:00:2A:8E:36:33:89:B2:7B:17:24:C2:BC
+
+            Authority Information Access: 
+                CA Issuers - URI:http://url-for-aia/Intermediary.cer
+
+            X509v3 CRL Distribution Points: 
+
+                Full Name:
+                  URI:http://url-for-crl/Intermediary.crl
+
+            X509v3 Key Usage: critical
+                Digital Signature, Key Encipherment
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication, TLS Web Client Authentication
+    Signature Algorithm: sha256WithRSAEncryption
+         12:45:9a:a3:e1:5b:0d:8f:1c:b7:39:60:63:7a:e0:fd:34:46:
+         7e:44:1b:32:44:c7:7f:03:fb:94:68:a2:6b:a1:7f:06:c2:60:
+         8d:be:65:fc:a3:45:f9:15:2c:17:16:25:98:03:a2:85:88:b6:
+         4b:4d:86:26:ae:8a:0b:43:46:cd:cc:a3:28:5f:44:3c:92:8a:
+         ae:f3:de:02:93:1b:b7:a3:8e:6e:79:d5:a0:09:d2:c4:65:ff:
+         1b:f5:80:16:66:20:c7:1d:0c:af:32:ff:ec:f6:a4:0f:53:79:
+         41:0c:b6:57:9f:b9:1b:81:9c:56:29:3e:62:f6:f5:75:9f:97:
+         ff:0a:9f:5c:c8:58:f5:d0:e7:ad:c1:4b:ba:62:c1:a3:c6:59:
+         9a:01:11:46:40:c1:54:b6:23:ae:33:58:f9:05:6b:f2:32:0d:
+         09:2e:5f:ff:74:c5:7d:ce:c9:96:a5:8d:ba:4c:d7:49:3c:8b:
+         13:73:36:05:12:56:bf:f8:ad:b5:7a:0a:82:ca:bc:b4:00:d2:
+         9f:39:88:2b:b8:d0:c0:49:8a:f6:3a:e3:3e:3e:fe:b4:4e:20:
+         1e:60:e8:cb:4d:18:80:94:26:47:bf:be:49:8a:2d:e2:41:4a:
+         cd:c3:7e:23:82:90:ba:43:a6:8b:7e:b3:57:f8:ec:59:3c:97:
+         38:52:a0:0d
+-----BEGIN CERTIFICATE-----
+MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl
+cm1lZGlhcnkwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD
+VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCJ4eN
+dxY3eWq1Xefun6Re9vOeoPmcBRpfZ9hyx4lzpSHV1t85Dffnyx6C7K4V7lq/VxIp
+skSLQEvW6qU0BTRfNy4ywO1qDCGsxRaAYZbhguMVYjQjCt7K7kP4OudCXzp59LzP
+59rEOtbQX78TWOdpD7w4fAWCqZK46/X7KlPvXRJe3FUSsWZnP3wAiblQ6px/kEgC
+QLP1mA1zytj3PQtI/pkSkJI3kzRbdWAcFsKY7C+a+OMfjVbqxjUUZ2Yh5YNpWc7D
+pvUelOgUznODUq/t32NY0kUHhxjsfBGFyCK4/7JtBSxwhtFb+YqUInNY8Z6yT+pQ
+fnzbLmqrvLVztUk/AgMBAAGjgekwgeYwHQYDVR0OBBYEFAsvGvL3Wei+uSDVcV/T
+ocr7iEtlMB8GA1UdIwQYMBaAFKUDS8JgpZ+GACqONjOJsnsXJMK8MD8GCCsGAQUF
+BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk
+aWFyeS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu
+dGVybWVkaWFyeS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF
+BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAEkWao+FbDY8ctzlgY3rg
+/TRGfkQbMkTHfwP7lGiia6F/BsJgjb5l/KNF+RUsFxYlmAOihYi2S02GJq6KC0NG
+zcyjKF9EPJKKrvPeApMbt6OObnnVoAnSxGX/G/WAFmYgxx0MrzL/7PakD1N5QQy2
+V5+5G4GcVik+Yvb1dZ+X/wqfXMhY9dDnrcFLumLBo8ZZmgERRkDBVLYjrjNY+QVr
+8jINCS5f/3TFfc7JlqWNukzXSTyLE3M2BRJWv/ittXoKgsq8tADSnzmIK7jQwEmK
+9jrjPj7+tE4gHmDoy00YgJQmR7++SYot4kFKzcN+I4KQukOmi36zV/jsWTyXOFKg
+DQ==
+-----END CERTIFICATE-----
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=Root
+        Validity
+            Not Before: Jan  1 12:00:00 2015 GMT
+            Not After : Jan  1 12:00:00 2016 GMT
+        Subject: CN=Intermediary
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:b0:65:a4:4b:a6:56:90:82:42:cf:e8:65:86:d1:
+                    96:7f:13:8d:b9:46:5a:16:ce:c2:fa:0d:52:ae:93:
+                    62:dc:72:05:a2:31:b7:29:88:77:31:c3:2e:3f:4d:
+                    17:16:08:3a:96:d2:49:1b:bf:0f:a0:56:ac:d2:5a:
+                    b8:ff:e3:46:f1:56:83:c3:72:32:8a:7d:f6:55:a5:
+                    05:8a:68:ca:2e:9b:2a:80:63:4d:fd:46:f2:9f:c9:
+                    95:43:06:79:c4:88:78:b3:73:fb:05:0c:4f:57:75:
+                    9c:ef:eb:9f:b3:5e:65:b6:b3:b1:b7:8d:1c:c4:d9:
+                    03:76:72:4f:b8:4f:dc:36:19:4c:62:d8:0c:e4:c1:
+                    9b:9f:0c:3e:e2:54:69:f5:a6:53:a1:16:88:be:ee:
+                    a8:3e:20:28:3d:a9:3c:12:41:cc:91:ca:b7:fc:d7:
+                    15:d3:1c:63:9e:7b:1d:c4:b4:08:65:2e:bc:b5:61:
+                    b8:84:de:3b:69:05:9c:52:6e:60:d1:79:17:36:69:
+                    06:21:ed:43:07:bf:21:28:0a:6b:48:79:53:21:da:
+                    02:07:79:b6:30:4c:f2:6f:9f:30:55:a2:20:ae:cf:
+                    8c:ac:c6:b0:30:b0:01:80:83:ed:b0:5a:9b:92:35:
+                    d9:7d:51:c5:f5:76:1e:c5:53:c1:33:71:41:35:40:
+                    55:d7
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                A5:03:4B:C2:60:A5:9F:86:00:2A:8E:36:33:89:B2:7B:17:24:C2:BC
+            X509v3 Authority Key Identifier: 
+                keyid:D4:83:FC:D5:EF:E0:C4:8E:32:6D:A2:30:65:12:B4:CD:3A:B2:95:88
+
+            Authority Information Access: 
+                CA Issuers - URI:http://url-for-aia/Root.cer
+
+            X509v3 CRL Distribution Points: 
+
+                Full Name:
+                  URI:http://url-for-crl/Root.crl
+
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: sha256WithRSAEncryption
+         67:ed:d6:55:16:b2:0d:af:79:6e:53:48:70:4c:93:be:5e:ed:
+         50:ea:d7:92:e4:7c:6c:78:05:0c:00:90:15:de:10:18:e5:cc:
+         50:24:23:e6:3e:5f:b0:f4:6f:f9:74:44:db:38:d1:45:c5:84:
+         59:58:cc:b6:f9:e9:1f:ed:41:e8:b9:aa:4b:d8:6e:88:76:d9:
+         2f:44:bf:5d:4f:6e:72:8f:b8:35:d3:e6:a3:a2:ef:3d:e6:f3:
+         be:90:73:a8:80:ed:72:bb:ac:20:96:38:c6:3f:d1:fe:64:3e:
+         1a:ce:21:65:cd:1f:28:54:4a:fb:44:dc:43:cc:b4:61:dd:58:
+         83:1b:08:0c:31:f6:bc:bf:02:99:45:16:88:84:68:91:13:aa:
+         af:f6:6d:4e:8d:dd:26:1d:3a:35:ab:75:7e:f7:64:62:8c:b7:
+         34:f9:5b:73:9b:e9:40:12:1c:f2:32:b9:e0:8c:86:fc:f2:b0:
+         33:6d:56:f2:a0:f7:9c:ea:d7:45:41:8d:de:49:26:90:45:32:
+         35:cf:e2:ce:43:b0:af:28:35:6a:0f:86:87:2b:57:eb:88:92:
+         89:7a:9d:b5:f3:3c:46:11:56:2e:fc:73:32:56:a9:4b:c1:87:
+         f7:f8:46:d5:5d:ad:b2:e7:a2:88:5d:7d:b5:68:b4:ea:a7:1f:
+         35:1d:f9:a6
+-----BEGIN CERTIFICATE-----
+MIIDbTCCAlWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
+MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50
+ZXJtZWRpYXJ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsGWkS6ZW
+kIJCz+hlhtGWfxONuUZaFs7C+g1SrpNi3HIFojG3KYh3McMuP00XFgg6ltJJG78P
+oFas0lq4/+NG8VaDw3Iyin32VaUFimjKLpsqgGNN/Ubyn8mVQwZ5xIh4s3P7BQxP
+V3Wc7+ufs15ltrOxt40cxNkDdnJPuE/cNhlMYtgM5MGbnww+4lRp9aZToRaIvu6o
+PiAoPak8EkHMkcq3/NcV0xxjnnsdxLQIZS68tWG4hN47aQWcUm5g0XkXNmkGIe1D
+B78hKAprSHlTIdoCB3m2MEzyb58wVaIgrs+MrMawMLABgIPtsFqbkjXZfVHF9XYe
+xVPBM3FBNUBV1wIDAQABo4HLMIHIMB0GA1UdDgQWBBSlA0vCYKWfhgAqjjYzibJ7
+FyTCvDAfBgNVHSMEGDAWgBTUg/zV7+DEjjJtojBlErTNOrKViDA3BggrBgEFBQcB
+AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs
+BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD
+VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB
+AGft1lUWsg2veW5TSHBMk75e7VDq15LkfGx4BQwAkBXeEBjlzFAkI+Y+X7D0b/l0
+RNs40UXFhFlYzLb56R/tQei5qkvYboh22S9Ev11PbnKPuDXT5qOi7z3m876Qc6iA
+7XK7rCCWOMY/0f5kPhrOIWXNHyhUSvtE3EPMtGHdWIMbCAwx9ry/AplFFoiEaJET
+qq/2bU6N3SYdOjWrdX73ZGKMtzT5W3Ob6UASHPIyueCMhvzysDNtVvKg95zq10VB
+jd5JJpBFMjXP4s5DsK8oNWoPhocrV+uIkol6nbXzPEYRVi78czJWqUvBh/f4RtVd
+rbLnoohdfbVotOqnHzUd+aY=
+-----END CERTIFICATE-----
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=ShadowRoot
+        Validity
+            Not Before: Jan  1 12:00:00 2015 GMT
+            Not After : Jan  1 12:00:00 2016 GMT
+        Subject: CN=Root
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:a6:37:9c:ac:42:96:1c:fb:44:86:df:16:85:d2:
+                    de:49:73:74:b8:5b:3e:8c:34:4b:42:57:7e:7a:9a:
+                    fd:cf:7f:03:c7:39:22:02:3f:44:1b:62:4b:4a:1b:
+                    9b:d8:8e:7b:a5:b5:92:39:a1:03:bc:3c:1a:1f:5f:
+                    36:54:9d:b4:6d:98:c2:24:a9:fd:f7:6e:8e:41:18:
+                    e1:9b:ae:ef:61:98:5f:91:53:f0:8a:8e:d4:18:cf:
+                    4f:dd:ff:75:01:16:10:f1:76:10:28:ba:70:96:8b:
+                    b7:ac:df:17:68:61:03:56:77:e5:bd:04:58:d8:44:
+                    d6:65:21:97:28:46:5d:a3:62:6d:3d:a1:03:6d:da:
+                    f7:46:f5:76:5c:1a:cd:19:b4:25:cd:17:d7:0e:ac:
+                    6a:3c:d1:35:a0:20:cc:5e:62:7b:e1:11:d6:92:09:
+                    34:3e:1d:d7:d5:27:b9:3b:5b:42:1e:11:f4:1a:2f:
+                    de:93:81:2f:6b:d1:9f:40:9f:d7:8e:7c:9b:37:7b:
+                    d8:3f:ba:e3:00:d7:f7:3c:20:0e:81:b4:df:cc:46:
+                    3c:10:0d:04:8a:b5:ef:ba:e7:ec:7e:0b:98:a1:18:
+                    fb:39:db:2c:76:ae:1b:91:94:22:f4:35:b0:1a:73:
+                    4d:7b:eb:c5:b3:80:80:74:90:79:b9:2f:fd:35:39:
+                    02:ad
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                D4:83:FC:D5:EF:E0:C4:8E:32:6D:A2:30:65:12:B4:CD:3A:B2:95:88
+            X509v3 Authority Key Identifier: 
+                keyid:EE:5C:5F:80:3F:59:C4:A6:5B:70:C2:1C:BA:E4:5D:40:F9:E9:60:8D
+
+            Authority Information Access: 
+                CA Issuers - URI:http://url-for-aia/ShadowRoot.cer
+
+            X509v3 CRL Distribution Points: 
+
+                Full Name:
+                  URI:http://url-for-crl/ShadowRoot.crl
+
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: sha256WithRSAEncryption
+         8c:2a:1f:ee:90:15:b8:41:8b:cc:b4:45:2b:6f:5b:9e:49:f7:
+         a1:9f:9e:2a:ce:8a:c3:ae:57:95:62:b5:f2:c9:a4:6a:57:49:
+         39:00:32:c4:23:4c:b8:15:21:4a:8f:0a:83:98:d8:ba:83:dc:
+         da:88:4c:7e:60:21:1a:ed:75:6d:5e:5d:83:90:e0:71:23:13:
+         4f:2d:94:c0:fb:91:7f:b6:59:41:d6:b3:3e:42:ef:31:02:23:
+         18:a6:d2:9b:00:c6:8c:5a:3d:2c:cb:5e:dc:53:69:ac:71:b8:
+         68:90:62:5a:ba:2f:1f:20:9d:77:f3:b0:aa:2e:52:61:a5:60:
+         53:5b:5c:ab:c9:56:7e:01:4c:bf:26:ab:13:47:c1:28:72:13:
+         a5:d8:b8:4c:65:09:9f:7f:a1:67:93:fc:0d:71:a3:4c:1d:3f:
+         95:9c:4a:28:8d:52:0d:48:fe:34:04:c2:d2:80:61:86:1c:e6:
+         18:cd:bb:62:ca:d2:e6:76:a8:f3:14:e3:41:75:5d:3b:e7:5a:
+         29:6c:6e:2c:bc:53:6f:39:e8:82:ab:73:d1:d5:b9:d3:f8:30:
+         5c:d7:19:d3:49:11:25:7c:01:3a:2a:a6:7f:19:b3:08:bf:0f:
+         dc:4f:7b:fa:5b:20:b8:7e:eb:ea:8f:0a:56:c4:16:cd:e1:2b:
+         a2:bb:66:f0
+-----BEGIN TRUSTED_CERTIFICATE-----
+MIIDdzCCAl+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDApTaGFk
+b3dSb290MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UE
+AwwEUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKY3nKxClhz7
+RIbfFoXS3klzdLhbPow0S0JXfnqa/c9/A8c5IgI/RBtiS0obm9iOe6W1kjmhA7w8
+Gh9fNlSdtG2YwiSp/fdujkEY4Zuu72GYX5FT8IqO1BjPT93/dQEWEPF2ECi6cJaL
+t6zfF2hhA1Z35b0EWNhE1mUhlyhGXaNibT2hA23a90b1dlwazRm0Jc0X1w6sajzR
+NaAgzF5ie+ER1pIJND4d19UnuTtbQh4R9Bov3pOBL2vRn0Cf1458mzd72D+64wDX
+9zwgDoG038xGPBANBIq177rn7H4LmKEY+znbLHauG5GUIvQ1sBpzTXvrxbOAgHSQ
+ebkv/TU5Aq0CAwEAAaOB1zCB1DAdBgNVHQ4EFgQU1IP81e/gxI4ybaIwZRK0zTqy
+lYgwHwYDVR0jBBgwFoAU7lxfgD9ZxKZbcMIcuuRdQPnpYI0wPQYIKwYBBQUHAQEE
+MTAvMC0GCCsGAQUFBzAChiFodHRwOi8vdXJsLWZvci1haWEvU2hhZG93Um9vdC5j
+ZXIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL3VybC1mb3ItY3JsL1NoYWRvd1Jv
+b3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
+DQEBCwUAA4IBAQCMKh/ukBW4QYvMtEUrb1ueSfehn54qzorDrleVYrXyyaRqV0k5
+ADLEI0y4FSFKjwqDmNi6g9zaiEx+YCEa7XVtXl2DkOBxIxNPLZTA+5F/tllB1rM+
+Qu8xAiMYptKbAMaMWj0sy17cU2mscbhokGJaui8fIJ1387CqLlJhpWBTW1yryVZ+
+AUy/JqsTR8EochOl2LhMZQmff6Fnk/wNcaNMHT+VnEoojVINSP40BMLSgGGGHOYY
+zbtiytLmdqjzFONBdV0751opbG4svFNvOeiCq3PR1bnT+DBc1xnTSRElfAE6KqZ/
+GbMIvw/cT3v6WyC4fuvqjwpWxBbN4Suiu2bw
+-----END TRUSTED_CERTIFICATE-----
+
+-----BEGIN TIME-----
+MTUwMzAyMTIwMDAwWg==
+-----END TIME-----
+
+-----BEGIN VERIFY_RESULT-----
+U1VDQ0VTUw==
+-----END VERIFY_RESULT-----
diff --git a/chromium/net/data/verify_certificate_chain_unittest/violates-pathlen-1-root.pem b/chromium/net/data/verify_certificate_chain_unittest/violates-pathlen-1-root.pem
new file mode 100644
index 00000000000..c639e56f786
--- /dev/null
+++ b/chromium/net/data/verify_certificate_chain_unittest/violates-pathlen-1-root.pem
@@ -0,0 +1,369 @@
+[Created by: generate-violates-pathlen-1-root.py]
+
+Certificate chain with 2 intermediaries and one end entity certificate. The
+root certificate has a pathlen:1 restriction so this is an invalid chain.
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=Intermediary2
+        Validity
+            Not Before: Jan  1 12:00:00 2015 GMT
+            Not After : Jan  1 12:00:00 2016 GMT
+        Subject: CN=Target
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:bf:b8:e9:8b:9f:2a:8d:58:f0:93:6a:7a:d2:d4:
+                    29:ec:ce:35:c9:5e:c0:f7:27:2a:78:a3:76:53:25:
+                    54:09:43:e0:30:df:a1:f3:e2:a2:45:21:d7:b0:e6:
+                    ff:d0:cc:81:eb:2b:78:9a:b6:85:97:87:d5:b2:9f:
+                    3b:f2:d7:55:3d:fe:0f:ba:20:39:a6:0d:c8:7c:ea:
+                    23:8a:63:38:8e:70:44:ff:d2:18:66:3e:ad:10:68:
+                    ee:ec:21:f7:18:e4:7f:37:09:c6:e6:a8:d1:a2:4c:
+                    1f:e5:7a:69:04:13:df:09:5e:13:61:7c:15:09:9c:
+                    55:af:27:66:87:0e:bd:fc:2a:9d:7f:1c:73:b5:84:
+                    c2:d6:2b:d9:5d:f6:19:52:58:bb:8c:8c:5f:a7:9c:
+                    de:d7:8d:5f:ef:8f:f3:24:e1:0d:10:59:58:c6:72:
+                    8c:d7:fc:fe:bc:22:a7:58:4d:83:f2:48:4b:cd:55:
+                    36:45:28:e4:cf:93:75:78:0f:5e:35:c0:b7:52:e5:
+                    e2:91:42:04:bb:9c:0c:cf:eb:89:66:5f:90:46:b2:
+                    76:b0:82:c4:af:34:fd:a6:fd:93:7f:54:ce:4f:be:
+                    a4:32:8e:9c:3f:40:c9:6c:db:be:85:0c:e6:df:2b:
+                    7c:9b:ef:8b:7a:4b:15:dc:09:10:3b:b1:b7:e7:c7:
+                    c1:21
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                11:74:6B:48:F5:42:3C:04:F3:A2:04:42:E5:F2:BC:1C:AD:AB:CB:E2
+            X509v3 Authority Key Identifier: 
+                keyid:9A:80:A6:AF:E0:4A:48:D1:70:0A:10:7A:0D:74:57:B8:CE:48:5B:7D
+
+            Authority Information Access: 
+                CA Issuers - URI:http://url-for-aia/Intermediary2.cer
+
+            X509v3 CRL Distribution Points: 
+
+                Full Name:
+                  URI:http://url-for-crl/Intermediary2.crl
+
+            X509v3 Key Usage: critical
+                Digital Signature, Key Encipherment
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication, TLS Web Client Authentication
+    Signature Algorithm: sha256WithRSAEncryption
+         6e:0e:da:63:ae:72:b5:ee:9b:ee:f6:34:18:30:e5:4c:9b:b7:
+         a8:21:ef:fe:fe:55:c9:27:4d:13:ab:32:be:89:76:93:b8:2a:
+         be:c2:3f:6d:f6:23:6d:ed:b2:4f:77:7e:b7:7c:f4:5a:a3:de:
+         80:09:f6:c0:3b:87:34:2d:97:5c:1a:a0:0d:e4:9f:28:93:d4:
+         d6:38:ca:ea:c8:4e:ec:71:07:b8:c7:cb:c0:59:77:e5:99:80:
+         34:7b:9f:77:8f:63:b0:d0:3d:ce:a9:c4:aa:ba:49:02:5e:31:
+         84:a3:7f:8e:51:5c:06:a4:44:49:04:c4:27:7e:04:f7:13:18:
+         61:67:d1:4d:23:b0:16:f2:47:79:bd:e5:40:52:77:06:73:8b:
+         4b:c6:c4:5c:09:46:29:a3:36:b5:3c:75:6d:94:71:13:db:ff:
+         e8:62:e4:76:59:06:88:9d:c5:5b:d7:af:ae:16:72:80:60:6a:
+         23:01:4d:fa:90:33:ad:01:38:47:d6:5d:91:28:9f:78:6f:ba:
+         da:62:5b:17:fa:9f:5a:6e:28:5f:59:96:de:64:a8:3b:b7:de:
+         fe:f7:b5:3c:79:e9:fe:15:b2:73:0f:65:5f:83:2e:6b:85:55:
+         04:42:da:87:48:6b:7d:1c:a2:b0:e2:60:7f:c9:22:70:d1:a4:
+         51:94:40:3c
+-----BEGIN CERTIFICATE-----
+MIIDkDCCAnigAwIBAgIBATANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1JbnRl
+cm1lZGlhcnkyMB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowETEPMA0G
+A1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv7jp
+i58qjVjwk2p60tQp7M41yV7A9ycqeKN2UyVUCUPgMN+h8+KiRSHXsOb/0MyB6yt4
+mraFl4fVsp878tdVPf4PuiA5pg3IfOojimM4jnBE/9IYZj6tEGju7CH3GOR/NwnG
+5qjRokwf5XppBBPfCV4TYXwVCZxVrydmhw69/CqdfxxztYTC1ivZXfYZUli7jIxf
+p5ze141f74/zJOENEFlYxnKM1/z+vCKnWE2D8khLzVU2RSjkz5N1eA9eNcC3UuXi
+kUIEu5wMz+uJZl+QRrJ2sILErzT9pv2Tf1TOT76kMo6cP0DJbNu+hQzm3yt8m++L
+eksV3AkQO7G358fBIQIDAQABo4HrMIHoMB0GA1UdDgQWBBQRdGtI9UI8BPOiBELl
+8rwcravL4jAfBgNVHSMEGDAWgBSagKav4EpI0XAKEHoNdFe4zkhbfTBABggrBgEF
+BQcBAQQ0MDIwMAYIKwYBBQUHMAKGJGh0dHA6Ly91cmwtZm9yLWFpYS9JbnRlcm1l
+ZGlhcnkyLmNlcjA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vdXJsLWZvci1jcmwv
+SW50ZXJtZWRpYXJ5Mi5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsG
+AQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAbg7aY65yte6b7vY0
+GDDlTJu3qCHv/v5VySdNE6syvol2k7gqvsI/bfYjbe2yT3d+t3z0WqPegAn2wDuH
+NC2XXBqgDeSfKJPU1jjK6shO7HEHuMfLwFl35ZmANHufd49jsNA9zqnEqrpJAl4x
+hKN/jlFcBqRESQTEJ34E9xMYYWfRTSOwFvJHeb3lQFJ3BnOLS8bEXAlGKaM2tTx1
+bZRxE9v/6GLkdlkGiJ3FW9evrhZygGBqIwFN+pAzrQE4R9ZdkSifeG+62mJbF/qf
+Wm4oX1mW3mSoO7fe/ve1PHnp/hWycw9lX4Mua4VVBELah0hrfRyisOJgf8kicNGk
+UZRAPA==
+-----END CERTIFICATE-----
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=Intermediary1
+        Validity
+            Not Before: Jan  1 12:00:00 2015 GMT
+            Not After : Jan  1 12:00:00 2016 GMT
+        Subject: CN=Intermediary2
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:9b:e8:f6:41:79:62:c9:06:fd:13:2c:f5:cc:07:
+                    a9:dd:5c:1e:90:76:a5:71:fa:f3:5c:34:1f:c9:3a:
+                    33:77:05:a0:27:7b:6a:eb:8b:d8:de:25:65:6f:b6:
+                    d6:e1:82:34:0a:7b:13:d3:85:37:7d:d9:70:04:43:
+                    b3:e3:46:8b:60:e1:99:ba:28:5b:ef:c2:7e:b3:c4:
+                    20:6f:94:f2:47:79:66:ce:0f:5d:79:58:aa:f7:62:
+                    80:38:14:4a:17:34:59:86:39:1d:ed:38:b8:14:f4:
+                    10:0c:1f:2c:8e:49:e5:5d:fd:d2:0f:37:5c:b8:e5:
+                    a9:86:07:0e:5e:27:ee:05:a0:ad:b5:b6:86:43:30:
+                    8b:0d:35:b5:86:cd:98:98:e8:d6:04:53:4e:2b:81:
+                    be:d2:96:6f:cf:2f:72:2d:f5:6c:c8:ba:f5:42:7a:
+                    f1:67:33:03:bb:cf:6d:67:03:f3:1a:3c:39:d9:cf:
+                    8f:ad:03:ca:2c:dc:e3:33:92:24:18:46:86:8e:dc:
+                    27:b8:76:57:3a:7d:a2:89:96:18:07:96:04:d9:75:
+                    8c:e6:1b:cf:1f:e9:6c:5d:8d:77:2f:4d:9d:00:bb:
+                    16:e9:c5:da:7d:5f:45:e8:3d:17:d8:72:a6:bf:68:
+                    1f:0a:a5:88:c1:74:45:53:b9:0c:d5:05:a5:ba:ed:
+                    55:73
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                9A:80:A6:AF:E0:4A:48:D1:70:0A:10:7A:0D:74:57:B8:CE:48:5B:7D
+            X509v3 Authority Key Identifier: 
+                keyid:1D:4A:1C:48:70:30:B6:65:73:56:A7:6E:A0:48:35:81:6E:3B:95:8A
+
+            Authority Information Access: 
+                CA Issuers - URI:http://url-for-aia/Intermediary1.cer
+
+            X509v3 CRL Distribution Points: 
+
+                Full Name:
+                  URI:http://url-for-crl/Intermediary1.crl
+
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: sha256WithRSAEncryption
+         47:1c:62:1b:7e:69:aa:b6:d8:6c:50:44:09:e8:15:b5:fe:ee:
+         86:5c:69:6d:4c:7a:90:1f:2e:4f:e8:21:a3:44:38:d6:07:0b:
+         43:cf:dd:13:64:64:42:a9:ae:62:f6:1b:ea:03:2e:3b:4f:ed:
+         8a:45:8e:ec:09:d8:1a:67:eb:ef:c6:77:fc:cf:03:9f:b4:4a:
+         59:76:4e:2b:b0:d3:41:5a:a0:8c:bb:1c:61:67:52:7d:48:2e:
+         3f:c2:7d:a6:60:95:25:75:47:9c:1a:c3:1e:25:cd:e9:7d:2b:
+         71:26:fc:97:f1:2e:c6:2f:d4:2a:bb:27:d4:76:7e:c9:bc:05:
+         92:24:86:56:46:27:e0:14:af:d7:c6:72:d2:dc:be:93:2f:b3:
+         44:d3:e1:4a:08:75:47:50:16:e6:50:36:61:e3:6f:b7:a6:40:
+         1c:61:14:ae:66:20:93:0b:fb:6d:b1:a9:4d:d5:ec:8d:2b:d6:
+         84:36:c4:61:70:e5:99:4f:7e:af:97:d2:42:91:11:a7:1f:0e:
+         32:fc:09:37:44:a2:c9:bb:35:82:73:85:e5:90:b4:80:a7:4b:
+         40:ce:cb:62:ca:e1:2b:36:f6:e7:bc:3a:67:71:6d:ab:4b:87:
+         cf:72:70:ad:ef:7a:85:ab:72:5d:c7:c1:ac:5e:b5:81:dc:ff:
+         96:6f:08:02
+-----BEGIN CERTIFICATE-----
+MIIDiTCCAnGgAwIBAgIBATANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1JbnRl
+cm1lZGlhcnkxMB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowGDEWMBQG
+A1UEAwwNSW50ZXJtZWRpYXJ5MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAJvo9kF5YskG/RMs9cwHqd1cHpB2pXH681w0H8k6M3cFoCd7auuL2N4lZW+2
+1uGCNAp7E9OFN33ZcARDs+NGi2DhmbooW+/CfrPEIG+U8kd5Zs4PXXlYqvdigDgU
+Shc0WYY5He04uBT0EAwfLI5J5V390g83XLjlqYYHDl4n7gWgrbW2hkMwiw01tYbN
+mJjo1gRTTiuBvtKWb88vci31bMi69UJ68WczA7vPbWcD8xo8OdnPj60Dyizc4zOS
+JBhGho7cJ7h2Vzp9oomWGAeWBNl1jOYbzx/pbF2Ndy9NnQC7FunF2n1fReg9F9hy
+pr9oHwqliMF0RVO5DNUFpbrtVXMCAwEAAaOB3TCB2jAdBgNVHQ4EFgQUmoCmr+BK
+SNFwChB6DXRXuM5IW30wHwYDVR0jBBgwFoAUHUocSHAwtmVzVqduoEg1gW47lYow
+QAYIKwYBBQUHAQEENDAyMDAGCCsGAQUFBzAChiRodHRwOi8vdXJsLWZvci1haWEv
+SW50ZXJtZWRpYXJ5MS5jZXIwNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL3VybC1m
+b3ItY3JsL0ludGVybWVkaWFyeTEuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB
+Af8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBHHGIbfmmqtthsUEQJ6BW1/u6G
+XGltTHqQHy5P6CGjRDjWBwtDz90TZGRCqa5i9hvqAy47T+2KRY7sCdgaZ+vvxnf8
+zwOftEpZdk4rsNNBWqCMuxxhZ1J9SC4/wn2mYJUldUecGsMeJc3pfStxJvyX8S7G
+L9QquyfUdn7JvAWSJIZWRifgFK/XxnLS3L6TL7NE0+FKCHVHUBbmUDZh42+3pkAc
+YRSuZiCTC/ttsalN1eyNK9aENsRhcOWZT36vl9JCkRGnHw4y/Ak3RKLJuzWCc4Xl
+kLSAp0tAzstiyuErNvbnvDpncW2rS4fPcnCt73qFq3Jdx8GsXrWB3P+WbwgC
+-----END CERTIFICATE-----
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=Root
+        Validity
+            Not Before: Jan  1 12:00:00 2015 GMT
+            Not After : Jan  1 12:00:00 2016 GMT
+        Subject: CN=Intermediary1
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:b9:d1:e1:e9:55:23:09:13:95:52:d6:31:f6:16:
+                    49:28:4d:e9:02:bd:42:73:3b:f6:9a:d4:05:86:6e:
+                    fd:c4:26:b1:59:d5:e1:be:64:f0:84:39:f0:d9:cf:
+                    0a:62:98:68:c6:7b:a1:6c:73:4c:79:5e:92:88:ba:
+                    db:e2:16:f9:0a:5b:46:f7:ef:6b:77:4b:98:d9:40:
+                    ca:1b:2d:7b:fa:9a:92:11:fe:85:6c:ef:2e:39:6f:
+                    2f:16:32:cc:45:c7:a7:bd:62:2a:d7:49:9d:c1:cc:
+                    0d:a8:b1:91:e0:f7:b8:e5:77:f4:0a:ef:01:de:e1:
+                    65:4c:e0:e6:29:3f:2d:3f:aa:0d:a4:38:69:90:5d:
+                    83:b4:e9:b0:04:c4:f4:a4:b9:5f:c0:a8:88:68:13:
+                    86:a1:9b:fe:24:d3:ef:cc:34:be:3d:bb:70:58:64:
+                    74:54:7d:c8:6a:a3:d3:37:9e:91:5c:fe:16:15:5f:
+                    00:45:2f:f9:81:3a:7f:ef:bb:03:60:b8:08:ce:9f:
+                    88:20:62:ba:4d:8a:18:8a:57:1d:ea:12:1e:62:d7:
+                    eb:01:80:e6:a9:72:d2:2f:84:aa:16:20:e8:f8:47:
+                    e1:4e:43:46:16:20:51:cd:20:39:a3:47:70:0f:9f:
+                    4e:e6:7b:fa:5d:c2:9e:67:ce:22:e1:e8:1c:89:bd:
+                    a0:49
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                1D:4A:1C:48:70:30:B6:65:73:56:A7:6E:A0:48:35:81:6E:3B:95:8A
+            X509v3 Authority Key Identifier: 
+                keyid:88:1C:D6:E6:0D:8F:83:DE:9D:9C:2E:3E:1E:E5:61:82:EA:2D:11:F6
+
+            Authority Information Access: 
+                CA Issuers - URI:http://url-for-aia/Root.cer
+
+            X509v3 CRL Distribution Points: 
+
+                Full Name:
+                  URI:http://url-for-crl/Root.crl
+
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: sha256WithRSAEncryption
+         7c:45:39:85:85:2e:2a:47:1a:05:7c:45:0b:9d:1c:94:58:c9:
+         a6:ab:95:85:fb:64:da:a3:cf:96:98:80:8c:c4:fe:5d:10:db:
+         94:df:6c:eb:15:45:d3:e8:d1:80:39:0e:b9:28:4a:b8:0c:aa:
+         87:cc:4b:b2:14:4d:fe:2c:a6:36:5e:40:5c:10:49:e2:90:1d:
+         46:ad:d1:b5:25:85:35:3d:99:da:0b:da:ad:f0:9d:94:50:6e:
+         b8:4c:1c:86:d6:68:cc:d9:7f:7e:b8:8d:0c:43:0c:e9:6a:05:
+         00:0e:7d:00:88:62:70:4f:f9:a1:68:48:9f:c4:c7:cd:78:63:
+         c6:6c:ec:84:c3:09:65:64:14:27:f4:f9:df:a1:f4:bc:c1:43:
+         88:88:ba:98:ba:14:66:8a:47:42:49:dc:9a:35:84:e0:8b:17:
+         9e:5b:bd:8f:4f:b3:01:2e:61:3e:12:45:ab:63:38:77:b1:f2:
+         21:57:04:49:53:e4:23:4b:58:81:23:42:9a:a5:fe:1c:08:7b:
+         d6:bf:7e:ec:9d:b1:15:b7:27:2a:f2:96:81:05:52:ad:97:92:
+         71:20:34:33:99:77:a3:e9:92:e1:68:73:ea:31:eb:54:cb:f9:
+         97:61:03:56:de:4c:35:c5:cd:d4:75:a7:e4:f2:5c:66:f5:5d:
+         34:ab:8f:f8
+-----BEGIN CERTIFICATE-----
+MIIDbjCCAlagAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
+MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowGDEWMBQGA1UEAwwNSW50
+ZXJtZWRpYXJ5MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALnR4elV
+IwkTlVLWMfYWSShN6QK9QnM79prUBYZu/cQmsVnV4b5k8IQ58NnPCmKYaMZ7oWxz
+THlekoi62+IW+QpbRvfva3dLmNlAyhste/qakhH+hWzvLjlvLxYyzEXHp71iKtdJ
+ncHMDaixkeD3uOV39ArvAd7hZUzg5ik/LT+qDaQ4aZBdg7TpsATE9KS5X8CoiGgT
+hqGb/iTT78w0vj27cFhkdFR9yGqj0zeekVz+FhVfAEUv+YE6f++7A2C4CM6fiCBi
+uk2KGIpXHeoSHmLX6wGA5qly0i+EqhYg6PhH4U5DRhYgUc0gOaNHcA+fTuZ7+l3C
+nmfOIuHoHIm9oEkCAwEAAaOByzCByDAdBgNVHQ4EFgQUHUocSHAwtmVzVqduoEg1
+gW47lYowHwYDVR0jBBgwFoAUiBzW5g2Pg96dnC4+HuVhguotEfYwNwYIKwYBBQUH
+AQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIw
+LAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4G
+A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IB
+AQB8RTmFhS4qRxoFfEULnRyUWMmmq5WF+2Tao8+WmICMxP5dENuU32zrFUXT6NGA
+OQ65KEq4DKqHzEuyFE3+LKY2XkBcEEnikB1GrdG1JYU1PZnaC9qt8J2UUG64TByG
+1mjM2X9+uI0MQwzpagUADn0AiGJwT/mhaEifxMfNeGPGbOyEwwllZBQn9PnfofS8
+wUOIiLqYuhRmikdCSdyaNYTgixeeW72PT7MBLmE+EkWrYzh3sfIhVwRJU+QjS1iB
+I0Kapf4cCHvWv37snbEVtycq8paBBVKtl5JxIDQzmXej6ZLhaHPqMetUy/mXYQNW
+3kw1xc3Udafk8lxm9V00q4/4
+-----END CERTIFICATE-----
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=Root
+        Validity
+            Not Before: Jan  1 12:00:00 2015 GMT
+            Not After : Jan  1 12:00:00 2016 GMT
+        Subject: CN=Root
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:a3:90:0c:56:93:34:da:26:53:6e:a9:d5:07:b9:
+                    83:30:70:85:69:ed:18:67:72:bb:1d:c4:06:ff:a8:
+                    b8:00:75:fd:38:ac:f1:e2:4a:86:21:4d:01:77:fc:
+                    f3:2d:90:94:7e:14:2c:8a:89:c2:cd:42:a5:ae:fe:
+                    7a:ca:9d:44:78:21:f6:ab:6d:d3:c8:8a:07:57:eb:
+                    22:10:cf:1e:44:f2:a4:23:e7:10:46:1e:d4:21:60:
+                    9c:01:72:ff:ca:20:c8:48:c4:ad:b0:17:28:f3:14:
+                    af:49:65:52:52:58:9a:1b:68:1a:9d:77:e9:61:52:
+                    54:0b:81:e4:0b:c7:2d:b3:2d:aa:9e:16:1f:51:ec:
+                    7d:e7:2d:2c:e6:c4:88:81:3e:1b:e1:e7:1f:21:12:
+                    21:47:ec:14:a5:d9:ab:a2:2b:ac:1f:3c:b2:a5:c1:
+                    69:4e:55:88:66:e8:5a:4d:9d:08:27:1c:fe:cd:62:
+                    b0:95:62:c4:4b:ff:12:11:4c:d8:10:66:a4:d0:29:
+                    da:d5:79:b7:ee:19:d5:b9:33:92:c5:61:89:56:a8:
+                    4f:48:cf:9a:a0:3e:95:f0:1f:b7:c9:de:82:89:09:
+                    b0:87:a5:c5:71:2c:71:3b:72:4a:0a:51:c4:c4:7d:
+                    ac:84:c3:9b:60:3d:ff:0c:52:05:23:4d:57:57:06:
+                    60:17
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                88:1C:D6:E6:0D:8F:83:DE:9D:9C:2E:3E:1E:E5:61:82:EA:2D:11:F6
+            X509v3 Authority Key Identifier: 
+                keyid:88:1C:D6:E6:0D:8F:83:DE:9D:9C:2E:3E:1E:E5:61:82:EA:2D:11:F6
+
+            Authority Information Access: 
+                CA Issuers - URI:http://url-for-aia/Root.cer
+
+            X509v3 CRL Distribution Points: 
+
+                Full Name:
+                  URI:http://url-for-crl/Root.crl
+
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Basic Constraints: critical
+                CA:TRUE, pathlen:1
+    Signature Algorithm: sha256WithRSAEncryption
+         2e:81:16:b6:af:49:9b:93:4d:84:34:9c:f0:43:ee:76:91:f5:
+         88:9e:6b:cd:a8:95:f2:5e:10:19:f0:41:98:b2:ac:38:2a:ac:
+         3e:4c:0f:49:0b:b9:fd:97:d3:c9:61:6c:8b:7d:26:06:1d:65:
+         7e:e8:92:23:07:82:cc:3c:c9:c7:32:7b:2e:e2:3e:e8:42:52:
+         29:9f:6d:8f:7d:34:57:37:7a:71:8f:f1:28:33:70:aa:59:88:
+         12:95:74:82:60:d0:14:50:b5:d4:5a:ad:7c:03:85:ab:84:c9:
+         e5:bf:7a:4a:3e:1a:d0:44:0b:bc:e1:ae:3b:48:e9:00:1c:92:
+         1b:b5:40:a4:e6:65:88:ec:3b:6e:ab:da:37:10:b7:6d:45:e5:
+         70:89:eb:e4:21:68:2e:77:e6:de:25:e3:5d:7a:a0:f1:33:4c:
+         cc:e2:8b:a9:c8:fd:dc:0b:4b:9e:4c:5c:7c:86:0f:d4:ab:f9:
+         e0:c8:c0:82:76:38:55:d3:dc:4d:57:d0:ca:76:63:9f:92:5c:
+         ff:5f:1b:bd:b6:39:5e:0f:5f:93:0b:86:23:9e:08:d3:e4:11:
+         02:5f:5f:bd:00:af:d3:22:c0:14:3a:f4:4b:8b:fb:be:5e:b7:
+         1c:34:e1:20:69:5d:7c:d9:f5:86:28:ab:92:a6:31:6b:fe:1d:
+         03:00:f0:89
+-----BEGIN TRUSTED_CERTIFICATE-----
+MIIDaDCCAlCgAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
+MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v
+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKOQDFaTNNomU26p1Qe5
+gzBwhWntGGdyux3EBv+ouAB1/Tis8eJKhiFNAXf88y2QlH4ULIqJws1Cpa7+esqd
+RHgh9qtt08iKB1frIhDPHkTypCPnEEYe1CFgnAFy/8ogyEjErbAXKPMUr0llUlJY
+mhtoGp136WFSVAuB5AvHLbMtqp4WH1HsfectLObEiIE+G+HnHyESIUfsFKXZq6Ir
+rB88sqXBaU5ViGboWk2dCCcc/s1isJVixEv/EhFM2BBmpNAp2tV5t+4Z1bkzksVh
+iVaoT0jPmqA+lfAft8negokJsIelxXEscTtySgpRxMR9rITDm2A9/wxSBSNNV1cG
+YBcCAwEAAaOBzjCByzAdBgNVHQ4EFgQUiBzW5g2Pg96dnC4+HuVhguotEfYwHwYD
+VR0jBBgwFoAUiBzW5g2Pg96dnC4+HuVhguotEfYwNwYIKwYBBQUHAQEEKzApMCcG
+CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw
+IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE
+AwIBBjASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAugRa2
+r0mbk02ENJzwQ+52kfWInmvNqJXyXhAZ8EGYsqw4Kqw+TA9JC7n9l9PJYWyLfSYG
+HWV+6JIjB4LMPMnHMnsu4j7oQlIpn22PfTRXN3pxj/EoM3CqWYgSlXSCYNAUULXU
+Wq18A4WrhMnlv3pKPhrQRAu84a47SOkAHJIbtUCk5mWI7Dtuq9o3ELdtReVwievk
+IWgud+beJeNdeqDxM0zM4oupyP3cC0ueTFx8hg/Uq/ngyMCCdjhV09xNV9DKdmOf
+klz/Xxu9tjleD1+TC4YjngjT5BECX1+9AK/TIsAUOvRLi/u+XrccNOEgaV182fWG
+KKuSpjFr/h0DAPCJ
+-----END TRUSTED_CERTIFICATE-----
+
+-----BEGIN TIME-----
+MTUwMzAyMTIwMDAwWg==
+-----END TIME-----
+
+-----BEGIN VERIFY_RESULT-----
+RkFJTA==
+-----END VERIFY_RESULT-----
diff --git a/chromium/net/data/verify_name_match_unittest/names/unicode-mixed-normalized.pem b/chromium/net/data/verify_name_match_unittest/names/unicode-mixed-normalized.pem
new file mode 100644
index 00000000000..209fad2ef6e
--- /dev/null
+++ b/chromium/net/data/verify_name_match_unittest/names/unicode-mixed-normalized.pem
@@ -0,0 +1,36 @@
+    0:d=0  hl=3 l= 154 cons: SEQUENCE          
+    3:d=1  hl=2 l= 111 cons:  SET               
+    5:d=2  hl=2 l=   9 cons:   SEQUENCE          
+    7:d=3  hl=2 l=   3 prim:    OBJECT            :countryName
+   12:d=3  hl=2 l=   2 prim:    UTF8STRING        :aa
+   16:d=2  hl=2 l=  15 cons:   SEQUENCE          
+   18:d=3  hl=2 l=   3 prim:    OBJECT            :localityName
+   23:d=3  hl=2 l=   8 prim:    UTF8STRING        :ab東京
+   33:d=2  hl=2 l=  16 cons:   SEQUENCE          
+   35:d=3  hl=2 l=   3 prim:    OBJECT            :organizationalUnitName
+   40:d=3  hl=2 l=   9 prim:    UTF8STRING        :𝐀 a bc
+   51:d=2  hl=2 l=  19 cons:   SEQUENCE          
+   53:d=3  hl=2 l=   3 prim:    OBJECT            :stateOrProvinceName
+   58:d=3  hl=2 l=  12 prim:    T61STRING         :  AbCd  Ef  
+   72:d=2  hl=2 l=  19 cons:   SEQUENCE          
+   74:d=3  hl=2 l=   3 prim:    OBJECT            :organizationName
+   79:d=3  hl=2 l=  12 prim:    UTF8STRING        :ab 東京 cd
+   93:d=2  hl=2 l=  21 cons:   SEQUENCE          
+   95:d=3  hl=2 l=  10 prim:    OBJECT            :domainComponent
+  107:d=3  hl=2 l=   7 prim:    UTF8STRING        :example
+  116:d=1  hl=2 l=  24 cons:  SET               
+  118:d=2  hl=2 l=  10 cons:   SEQUENCE          
+  120:d=3  hl=2 l=   3 prim:    OBJECT            :localityName
+  125:d=3  hl=2 l=   3 prim:    UTF8STRING        :aaa
+  130:d=2  hl=2 l=  10 cons:   SEQUENCE          
+  132:d=3  hl=2 l=   3 prim:    OBJECT            :localityName
+  137:d=3  hl=2 l=   3 prim:    UTF8STRING        :aaa
+  142:d=1  hl=2 l=  13 cons:  SET               
+  144:d=2  hl=2 l=  11 cons:   SEQUENCE          
+  146:d=3  hl=2 l=   3 prim:    OBJECT            :localityName
+  151:d=3  hl=2 l=   4 prim:    UTF8STRING        :cccc
+-----BEGIN NAME-----
+MIGaMW8wCQYDVQQGDAJhYTAPBgNVBAcMCGFi5p2x5LqsMBAGA1UECwwJ8J2QgCBhIGJjMBMGA1UE
+CBQMICBBYkNkICBFZiAgMBMGA1UECgwMYWIg5p2x5LqsIGNkMBUGCgmSJomT8ixkARkMB2V4YW1w
+bGUxGDAKBgNVBAcMA2FhYTAKBgNVBAcMA2FhYTENMAsGA1UEBwwEY2NjYw==
+-----END NAME-----
diff --git a/chromium/net/data/verify_name_match_unittest/names/unicode-mixed-unnormalized.pem b/chromium/net/data/verify_name_match_unittest/names/unicode-mixed-unnormalized.pem
new file mode 100644
index 00000000000..fa66baab1b9
--- /dev/null
+++ b/chromium/net/data/verify_name_match_unittest/names/unicode-mixed-unnormalized.pem
@@ -0,0 +1,37 @@
+    0:d=0  hl=3 l= 204 cons: SEQUENCE          
+    3:d=1  hl=3 l= 157 cons:  SET               
+    6:d=2  hl=2 l=   9 cons:   SEQUENCE          
+    8:d=3  hl=2 l=   3 prim:    OBJECT            :countryName
+   13:d=3  hl=2 l=   2 prim:    PRINTABLESTRING   :AA
+   17:d=2  hl=2 l=  18 cons:   SEQUENCE          
+   19:d=3  hl=2 l=   3 prim:    OBJECT            :localityName
+   24:d=3  hl=2 l=  11 prim:    UTF8STRING        :  Ab東京 
+   37:d=2  hl=2 l=  19 cons:   SEQUENCE          
+   39:d=3  hl=2 l=   3 prim:    OBJECT            :stateOrProvinceName
+   44:d=3  hl=2 l=  12 prim:    T61STRING         :  AbCd  Ef  
+   58:d=2  hl=2 l=  21 cons:   SEQUENCE          
+   60:d=3  hl=2 l=  10 prim:    OBJECT            :domainComponent
+   72:d=3  hl=2 l=   7 prim:    IA5STRING         :eXaMpLe
+   81:d=2  hl=2 l=  31 cons:   SEQUENCE          
+   83:d=3  hl=2 l=   3 prim:    OBJECT            :organizationName
+   88:d=3  hl=2 l=  24 prim:    BMPSTRING         
+  114:d=2  hl=2 l=  47 cons:   SEQUENCE          
+  116:d=3  hl=2 l=   3 prim:    OBJECT            :organizationalUnitName
+  121:d=3  hl=2 l=  40 prim:    UNIVERSALSTRING   
+  163:d=1  hl=2 l=  27 cons:  SET               
+  165:d=2  hl=2 l=  10 cons:   SEQUENCE          
+  167:d=3  hl=2 l=   3 prim:    OBJECT            :localityName
+  172:d=3  hl=2 l=   3 prim:    UTF8STRING        :AAA
+  177:d=2  hl=2 l=  13 cons:   SEQUENCE          
+  179:d=3  hl=2 l=   3 prim:    OBJECT            :localityName
+  184:d=3  hl=2 l=   6 prim:    BMPSTRING         
+  192:d=1  hl=2 l=  13 cons:  SET               
+  194:d=2  hl=2 l=  11 cons:   SEQUENCE          
+  196:d=3  hl=2 l=   3 prim:    OBJECT            :localityName
+  201:d=3  hl=2 l=   4 prim:    PRINTABLESTRING   :cCcC
+-----BEGIN NAME-----
+MIHMMYGdMAkGA1UEBhMCQUEwEgYDVQQHDAsgIEFi5p2x5LqsIDATBgNVBAgUDCAgQWJDZCAgRWYg
+IDAVBgoJkiaJk/IsZAEZFgdlWGFNcExlMB8GA1UECh4YACAAYQBCACAAIGdxTqwAIAAgAGMARAAg
+MC8GA1UECxwoAAAAIAAB1AAAAAAgAAAAIAAAAEEAAAAgAAAAIAAAAGIAAABDAAAAIDEbMAoGA1UE
+BwwDQUFBMA0GA1UEBx4GAGEAYQBhMQ0wCwYDVQQHEwRjQ2ND
+-----END NAME-----
diff --git a/chromium/net/data/verify_name_match_unittest/scripts/generate_names.py b/chromium/net/data/verify_name_match_unittest/scripts/generate_names.py
index e30533016d1..ed509cedb97 100755
--- a/chromium/net/data/verify_name_match_unittest/scripts/generate_names.py
+++ b/chromium/net/data/verify_name_match_unittest/scripts/generate_names.py
@@ -330,5 +330,46 @@ type=OID:countryName
 value=PRINTABLESTRING:"US"
 """, "valid-minimal")
 
+  # Single Name that exercises all of the string types, unicode (basic and
+  # supplemental planes), whitespace collapsing, case folding, as well as SET
+  # sorting.
+  n = NameGenerator()
+  rdn1 = n.add_rdn()
+  rdn1.add_attr('countryName', 'PRINTABLESTRING', 'AA')
+  rdn1.add_attr('stateOrProvinceName', 'T61STRING', '  AbCd  Ef  ')
+  rdn1.add_attr('localityName', 'UTF8', "  Ab\xe6\x9d\xb1\xe4\xba\xac ",
+                "FORMAT:UTF8")
+  rdn1.add_attr('organizationName',
+                'BMPSTRING', " aB  \xe6\x9d\xb1\xe4\xba\xac  cD ",
+                "FORMAT:UTF8")
+  rdn1.add_attr('organizationalUnitName', 'UNIVERSALSTRING',
+                " \xf0\x9d\x90\x80  A  bC ", "FORMAT:UTF8")
+  rdn1.add_attr('domainComponent', 'IA5STRING', 'eXaMpLe')
+  rdn2 = n.add_rdn()
+  rdn2.add_attr('localityName', 'UTF8', "AAA")
+  rdn2.add_attr('localityName', 'BMPSTRING', "aaa")
+  rdn3 = n.add_rdn()
+  rdn3.add_attr('localityName', 'PRINTABLESTRING', "cCcC")
+  generate(n, "unicode-mixed-unnormalized")
+  # Expected normalized version of above.
+  n = NameGenerator()
+  rdn1 = n.add_rdn()
+  rdn1.add_attr('countryName', 'UTF8', 'aa')
+  rdn1.add_attr('stateOrProvinceName', 'T61STRING', '  AbCd  Ef  ')
+  rdn1.add_attr('localityName', 'UTF8', "ab\xe6\x9d\xb1\xe4\xba\xac",
+                "FORMAT:UTF8")
+  rdn1.add_attr('organizationName', 'UTF8', "ab \xe6\x9d\xb1\xe4\xba\xac cd",
+                "FORMAT:UTF8")
+  rdn1.add_attr('organizationalUnitName', 'UTF8', "\xf0\x9d\x90\x80 a bc",
+                "FORMAT:UTF8")
+  rdn1.add_attr('domainComponent', 'UTF8', 'example')
+  rdn2 = n.add_rdn()
+  rdn2.add_attr('localityName', 'UTF8', "aaa")
+  rdn2.add_attr('localityName', 'UTF8', "aaa")
+  rdn3 = n.add_rdn()
+  rdn3.add_attr('localityName', 'UTF8', "cccc")
+  generate(n, "unicode-mixed-normalized")
+
+
 if __name__ == '__main__':
   main()
diff --git a/chromium/net/der/input_unittest.cc b/chromium/net/der/input_unittest.cc
index 6fcb436606f..d1ee2130ff6 100644
--- a/chromium/net/der/input_unittest.cc
+++ b/chromium/net/der/input_unittest.cc
@@ -107,7 +107,7 @@ TEST(ByteReaderTest, CantReadToWrongMark) {
   Input out;
   Input in1(kInput);
 
-  const uint8_t in2_bytes[] = {'t', 'e', 's', 't'};
+  const uint8_t in2_bytes[] = {'T', 'E', 'S', 'T'};
   Input in2(in2_bytes);
   ByteReader reader1(in1);
   ByteReader reader2(in2);
diff --git a/chromium/net/disk_cache/backend_unittest.cc b/chromium/net/disk_cache/backend_unittest.cc
index 0c57a5bc169..dd15fae2bdc 100644
--- a/chromium/net/disk_cache/backend_unittest.cc
+++ b/chromium/net/disk_cache/backend_unittest.cc
@@ -14,9 +14,9 @@
 #include "base/strings/stringprintf.h"
 #include "base/test/mock_entropy_provider.h"
 #include "base/third_party/dynamic_annotations/dynamic_annotations.h"
-#include "base/thread_task_runner_handle.h"
 #include "base/threading/platform_thread.h"
 #include "base/threading/thread_restrictions.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/cache_type.h"
 #include "net/base/io_buffer.h"
 #include "net/base/net_errors.h"
@@ -33,6 +33,7 @@
 #include "net/disk_cache/simple/simple_backend_impl.h"
 #include "net/disk_cache/simple/simple_entry_format.h"
 #include "net/disk_cache/simple/simple_index.h"
+#include "net/disk_cache/simple/simple_synchronous_entry.h"
 #include "net/disk_cache/simple/simple_test_util.h"
 #include "net/disk_cache/simple/simple_util.h"
 #include "testing/gtest/include/gtest/gtest.h"
@@ -50,21 +51,21 @@ namespace {
 
 const char kExistingEntryKey[] = "existing entry key";
 
-scoped_ptr<disk_cache::BackendImpl> CreateExistingEntryCache(
+std::unique_ptr<disk_cache::BackendImpl> CreateExistingEntryCache(
     const base::Thread& cache_thread,
     base::FilePath& cache_path) {
   net::TestCompletionCallback cb;
 
-  scoped_ptr<disk_cache::BackendImpl> cache(new disk_cache::BackendImpl(
+  std::unique_ptr<disk_cache::BackendImpl> cache(new disk_cache::BackendImpl(
       cache_path, cache_thread.task_runner(), NULL));
   int rv = cache->Init(cb.callback());
   if (cb.GetResult(rv) != net::OK)
-    return scoped_ptr<disk_cache::BackendImpl>();
+    return std::unique_ptr<disk_cache::BackendImpl>();
 
   disk_cache::Entry* entry = NULL;
   rv = cache->CreateEntry(kExistingEntryKey, &entry, cb.callback());
   if (cb.GetResult(rv) != net::OK)
-    return scoped_ptr<disk_cache::BackendImpl>();
+    return std::unique_ptr<disk_cache::BackendImpl>();
   entry->Close();
 
   return cache;
@@ -253,16 +254,19 @@ void DiskCacheBackendTest::InitSparseCache(base::Time* doomed_start,
 bool DiskCacheBackendTest::CreateSetOfRandomEntries(
     std::set<std::string>* key_pool) {
   const int kNumEntries = 10;
+  const int initial_entry_count = cache_->GetEntryCount();
 
   for (int i = 0; i < kNumEntries; ++i) {
     std::string key = GenerateKey(true);
     disk_cache::Entry* entry;
-    if (CreateEntry(key, &entry) != net::OK)
+    if (CreateEntry(key, &entry) != net::OK) {
       return false;
+    }
     key_pool->insert(key);
     entry->Close();
   }
-  return key_pool->size() == static_cast<size_t>(cache_->GetEntryCount());
+  return key_pool->size() ==
+         static_cast<size_t>(cache_->GetEntryCount() - initial_entry_count);
 }
 
 // Performs iteration over the backend and checks that the keys of entries
@@ -448,7 +452,7 @@ TEST_F(DiskCacheTest, CreateBackend) {
         base::Thread::Options(base::MessageLoop::TYPE_IO, 0)));
 
     // Test the private factory method(s).
-    scoped_ptr<disk_cache::Backend> cache;
+    std::unique_ptr<disk_cache::Backend> cache;
     cache = disk_cache::MemBackendImpl::CreateBackend(0, NULL);
     ASSERT_TRUE(cache.get());
     cache.reset();
@@ -491,7 +495,7 @@ TEST_F(DiskCacheBackendTest, CreateBackend_MissingFile) {
   net::TestCompletionCallback cb;
 
   bool prev = base::ThreadRestrictions::SetIOAllowed(false);
-  scoped_ptr<disk_cache::BackendImpl> cache(new disk_cache::BackendImpl(
+  std::unique_ptr<disk_cache::BackendImpl> cache(new disk_cache::BackendImpl(
       cache_path_, cache_thread.task_runner(), NULL));
   int rv = cache->Init(cb.callback());
   EXPECT_EQ(net::ERR_FAILED, cb.GetResult(rv));
@@ -584,7 +588,7 @@ TEST_F(DiskCacheBackendTest, MultipleInstancesWithPendingFileIO) {
   ASSERT_TRUE(store.CreateUniqueTempDir());
 
   net::TestCompletionCallback cb;
-  scoped_ptr<disk_cache::Backend> extra_cache;
+  std::unique_ptr<disk_cache::Backend> extra_cache;
   int rv = disk_cache::CreateCacheBackend(net::DISK_CACHE,
                                           net::CACHE_BACKEND_DEFAULT,
                                           store.path(),
@@ -747,7 +751,7 @@ TEST_F(DiskCacheTest, TruncatedIndex) {
       base::Thread::Options(base::MessageLoop::TYPE_IO, 0)));
   net::TestCompletionCallback cb;
 
-  scoped_ptr<disk_cache::Backend> backend;
+  std::unique_ptr<disk_cache::Backend> backend;
   int rv = disk_cache::CreateCacheBackend(net::DISK_CACHE,
                                           net::CACHE_BACKEND_BLOCKFILE,
                                           cache_path_,
@@ -1300,7 +1304,7 @@ void DiskCacheBackendTest::BackendEnumerations() {
   Time final = Time::Now();
 
   disk_cache::Entry* entry;
-  scoped_ptr<TestIterator> iter = CreateIterator();
+  std::unique_ptr<TestIterator> iter = CreateIterator();
   int count = 0;
   Time last_modified[kNumEntries];
   Time last_used[kNumEntries];
@@ -1372,7 +1376,7 @@ void DiskCacheBackendTest::BackendEnumerations2() {
   // Make sure that the timestamp is not the same.
   AddDelay();
   ASSERT_EQ(net::OK, OpenEntry(second, &entry1));
-  scoped_ptr<TestIterator> iter = CreateIterator();
+  std::unique_ptr<TestIterator> iter = CreateIterator();
   ASSERT_EQ(net::OK, iter->OpenNextEntry(&entry2));
   EXPECT_EQ(entry2->GetKey(), second);
 
@@ -1453,7 +1457,7 @@ TEST_F(DiskCacheBackendTest, ShaderCacheEnumerationReadData) {
   EXPECT_EQ(kSize, ReadData(entry1, 0, 0, buffer1.get(), kSize));
   entry1->Close();
 
-  scoped_ptr<TestIterator> iter = CreateIterator();
+  std::unique_ptr<TestIterator> iter = CreateIterator();
   ASSERT_EQ(net::OK, iter->OpenNextEntry(&entry2));
   EXPECT_EQ(entry2->GetKey(), second);
   entry2->Close();
@@ -1485,7 +1489,7 @@ void DiskCacheBackendTest::BackendInvalidEntryEnumeration() {
 
   SimulateCrash();
 
-  scoped_ptr<TestIterator> iter = CreateIterator();
+  std::unique_ptr<TestIterator> iter = CreateIterator();
   int count = 0;
   while (iter->OpenNextEntry(&entry) == net::OK) {
     ASSERT_TRUE(NULL != entry);
@@ -1527,7 +1531,8 @@ void DiskCacheBackendTest::BackendFixEnumerators() {
   EXPECT_EQ(kNumEntries, cache_->GetEntryCount());
 
   disk_cache::Entry *entry1, *entry2;
-  scoped_ptr<TestIterator> iter1 = CreateIterator(), iter2 = CreateIterator();
+  std::unique_ptr<TestIterator> iter1 = CreateIterator(),
+                                iter2 = CreateIterator();
   ASSERT_EQ(net::OK, iter1->OpenNextEntry(&entry1));
   ASSERT_TRUE(NULL != entry1);
   entry1->Close();
@@ -1970,7 +1975,7 @@ TEST_F(DiskCacheTest, WrongVersion) {
       base::Thread::Options(base::MessageLoop::TYPE_IO, 0)));
   net::TestCompletionCallback cb;
 
-  scoped_ptr<disk_cache::BackendImpl> cache(new disk_cache::BackendImpl(
+  std::unique_ptr<disk_cache::BackendImpl> cache(new disk_cache::BackendImpl(
       cache_path_, cache_thread.task_runner(), NULL));
   int rv = cache->Init(cb.callback());
   ASSERT_EQ(net::ERR_FAILED, cb.GetResult(rv));
@@ -1986,7 +1991,7 @@ TEST_F(DiskCacheTest, SimpleCacheControlJoin) {
   ASSERT_TRUE(cache_thread.StartWithOptions(
                   base::Thread::Options(base::MessageLoop::TYPE_IO, 0)));
 
-  scoped_ptr<disk_cache::BackendImpl> cache =
+  std::unique_ptr<disk_cache::BackendImpl> cache =
       CreateExistingEntryCache(cache_thread, cache_path_);
   ASSERT_TRUE(cache.get());
   cache.reset();
@@ -1997,7 +2002,7 @@ TEST_F(DiskCacheTest, SimpleCacheControlJoin) {
   base::FieldTrialList::CreateFieldTrial("SimpleCacheTrial",
                                          "ExperimentControl");
   net::TestCompletionCallback cb;
-  scoped_ptr<disk_cache::Backend> base_cache;
+  std::unique_ptr<disk_cache::Backend> base_cache;
   int rv = disk_cache::CreateCacheBackend(net::DISK_CACHE,
                                           net::CACHE_BACKEND_BLOCKFILE,
                                           cache_path_,
@@ -2025,7 +2030,7 @@ TEST_F(DiskCacheTest, SimpleCacheControlRestart) {
   ASSERT_TRUE(cache_thread.StartWithOptions(
                   base::Thread::Options(base::MessageLoop::TYPE_IO, 0)));
 
-  scoped_ptr<disk_cache::BackendImpl> cache =
+  std::unique_ptr<disk_cache::BackendImpl> cache =
       CreateExistingEntryCache(cache_thread, cache_path_);
   ASSERT_TRUE(cache.get());
 
@@ -2061,7 +2066,7 @@ TEST_F(DiskCacheTest, SimpleCacheControlLeave) {
     base::FieldTrialList::CreateFieldTrial("SimpleCacheTrial",
                                            "ExperimentControl");
 
-    scoped_ptr<disk_cache::BackendImpl> cache =
+    std::unique_ptr<disk_cache::BackendImpl> cache =
         CreateExistingEntryCache(cache_thread, cache_path_);
     ASSERT_TRUE(cache.get());
   }
@@ -2074,7 +2079,7 @@ TEST_F(DiskCacheTest, SimpleCacheControlLeave) {
 
   const int kRestartCount = 5;
   for (int i = 0; i < kRestartCount; ++i) {
-    scoped_ptr<disk_cache::BackendImpl> cache(new disk_cache::BackendImpl(
+    std::unique_ptr<disk_cache::BackendImpl> cache(new disk_cache::BackendImpl(
         cache_path_, cache_thread.task_runner(), NULL));
     int rv = cache->Init(cb.callback());
     ASSERT_EQ(net::OK, cb.GetResult(rv));
@@ -2151,7 +2156,7 @@ void DiskCacheBackendTest::BackendInvalidEntry3() {
   InitCache();
 
   disk_cache::Entry* entry;
-  scoped_ptr<TestIterator> iter = CreateIterator();
+  std::unique_ptr<TestIterator> iter = CreateIterator();
   while (iter->OpenNextEntry(&entry) == net::OK) {
     entry->Close();
   }
@@ -2296,7 +2301,7 @@ void DiskCacheBackendTest::BackendInvalidEntry7() {
   EXPECT_EQ(1, cache_->GetEntryCount());
 
   // We should delete the cache. The list still has a corrupt node.
-  scoped_ptr<TestIterator> iter = CreateIterator();
+  std::unique_ptr<TestIterator> iter = CreateIterator();
   EXPECT_NE(net::OK, iter->OpenNextEntry(&entry));
   FlushQueueForTest();
   EXPECT_EQ(0, cache_->GetEntryCount());
@@ -2340,7 +2345,7 @@ void DiskCacheBackendTest::BackendInvalidEntry8() {
   EXPECT_EQ(1, cache_->GetEntryCount());
 
   // We should not delete the cache.
-  scoped_ptr<TestIterator> iter = CreateIterator();
+  std::unique_ptr<TestIterator> iter = CreateIterator();
   ASSERT_EQ(net::OK, iter->OpenNextEntry(&entry));
   entry->Close();
   EXPECT_NE(net::OK, iter->OpenNextEntry(&entry));
@@ -2390,7 +2395,7 @@ void DiskCacheBackendTest::BackendInvalidEntry9(bool eviction) {
   } else {
     // We should detect the problem through the list, but we should not delete
     // the entry, just fail the iteration.
-    scoped_ptr<TestIterator> iter = CreateIterator();
+    std::unique_ptr<TestIterator> iter = CreateIterator();
     EXPECT_NE(net::OK, iter->OpenNextEntry(&entry));
 
     // Now a full iteration will work, and return one entry.
@@ -2467,7 +2472,7 @@ void DiskCacheBackendTest::BackendInvalidEntry10(bool eviction) {
     // Detection order: third -> second -> first.
     // We should detect the problem through the list, but we should not delete
     // the entry.
-    scoped_ptr<TestIterator> iter = CreateIterator();
+    std::unique_ptr<TestIterator> iter = CreateIterator();
     ASSERT_EQ(net::OK, iter->OpenNextEntry(&entry));
     entry->Close();
     ASSERT_EQ(net::OK, iter->OpenNextEntry(&entry));
@@ -2534,7 +2539,7 @@ void DiskCacheBackendTest::BackendInvalidEntry11(bool eviction) {
     // Detection order: third -> second.
     // We should detect the problem through the list, but we should not delete
     // the entry, just fail the iteration.
-    scoped_ptr<TestIterator> iter = CreateIterator();
+    std::unique_ptr<TestIterator> iter = CreateIterator();
     ASSERT_EQ(net::OK, iter->OpenNextEntry(&entry));
     entry->Close();
     EXPECT_NE(net::OK, iter->OpenNextEntry(&entry));
@@ -2622,7 +2627,7 @@ TEST_F(DiskCacheBackendTest, NewEvictionInvalidRankings2) {
 // If the LRU is corrupt, we delete the cache.
 void DiskCacheBackendTest::BackendInvalidRankings() {
   disk_cache::Entry* entry;
-  scoped_ptr<TestIterator> iter = CreateIterator();
+  std::unique_ptr<TestIterator> iter = CreateIterator();
   ASSERT_EQ(net::OK, iter->OpenNextEntry(&entry));
   entry->Close();
   EXPECT_EQ(2, cache_->GetEntryCount());
@@ -2667,7 +2672,7 @@ TEST_F(DiskCacheBackendTest, NewEvictionInvalidRankingsFailure) {
 // If the LRU is corrupt and we have open entries, we disable the cache.
 void DiskCacheBackendTest::BackendDisable() {
   disk_cache::Entry *entry1, *entry2;
-  scoped_ptr<TestIterator> iter = CreateIterator();
+  std::unique_ptr<TestIterator> iter = CreateIterator();
   ASSERT_EQ(net::OK, iter->OpenNextEntry(&entry1));
 
   EXPECT_NE(net::OK, iter->OpenNextEntry(&entry2));
@@ -2718,7 +2723,7 @@ void DiskCacheBackendTest::BackendDisable2() {
   EXPECT_EQ(8, cache_->GetEntryCount());
 
   disk_cache::Entry* entry;
-  scoped_ptr<TestIterator> iter = CreateIterator();
+  std::unique_ptr<TestIterator> iter = CreateIterator();
   int count = 0;
   while (iter->OpenNextEntry(&entry) == net::OK) {
     ASSERT_TRUE(NULL != entry);
@@ -2766,7 +2771,7 @@ TEST_F(DiskCacheBackendTest, NewEvictionDisableFailure2) {
 // If the index size changes when we disable the cache, we should not crash.
 void DiskCacheBackendTest::BackendDisable3() {
   disk_cache::Entry *entry1, *entry2;
-  scoped_ptr<TestIterator> iter = CreateIterator();
+  std::unique_ptr<TestIterator> iter = CreateIterator();
   EXPECT_EQ(2, cache_->GetEntryCount());
   ASSERT_EQ(net::OK, iter->OpenNextEntry(&entry1));
   entry1->Close();
@@ -2800,7 +2805,7 @@ TEST_F(DiskCacheBackendTest, NewEvictionDisableSuccess3) {
 // If we disable the cache, already open entries should work as far as possible.
 void DiskCacheBackendTest::BackendDisable4() {
   disk_cache::Entry *entry1, *entry2, *entry3, *entry4;
-  scoped_ptr<TestIterator> iter = CreateIterator();
+  std::unique_ptr<TestIterator> iter = CreateIterator();
   ASSERT_EQ(net::OK, iter->OpenNextEntry(&entry1));
 
   char key2[2000];
@@ -2866,7 +2871,7 @@ void DiskCacheBackendTest::BackendDisabledAPI() {
   cache_impl_->SetUnitTestMode();  // Simulate failure restarting the cache.
 
   disk_cache::Entry* entry1, *entry2;
-  scoped_ptr<TestIterator> iter = CreateIterator();
+  std::unique_ptr<TestIterator> iter = CreateIterator();
   EXPECT_EQ(2, cache_->GetEntryCount());
   ASSERT_EQ(net::OK, iter->OpenNextEntry(&entry1));
   entry1->Close();
@@ -2991,7 +2996,7 @@ TEST_F(DiskCacheTest, Backend_UsageStatsTimer) {
   MessageLoopHelper helper;
 
   ASSERT_TRUE(CleanupCacheDir());
-  scoped_ptr<disk_cache::BackendImpl> cache;
+  std::unique_ptr<disk_cache::BackendImpl> cache;
   cache.reset(new disk_cache::BackendImpl(
       cache_path_, base::ThreadTaskRunnerHandle::Get(), NULL));
   ASSERT_TRUE(NULL != cache.get());
@@ -3006,7 +3011,7 @@ TEST_F(DiskCacheTest, Backend_UsageStatsTimer) {
 TEST_F(DiskCacheBackendTest, TimerNotCreated) {
   ASSERT_TRUE(CopyTestCache("wrong_version"));
 
-  scoped_ptr<disk_cache::BackendImpl> cache;
+  std::unique_ptr<disk_cache::BackendImpl> cache;
   cache.reset(new disk_cache::BackendImpl(
       cache_path_, base::ThreadTaskRunnerHandle::Get(), NULL));
   ASSERT_TRUE(NULL != cache.get());
@@ -3158,7 +3163,7 @@ TEST_F(DiskCacheTest, MultipleInstances) {
   net::TestCompletionCallback cb;
 
   const int kNumberOfCaches = 2;
-  scoped_ptr<disk_cache::Backend> cache[kNumberOfCaches];
+  std::unique_ptr<disk_cache::Backend> cache[kNumberOfCaches];
 
   int rv = disk_cache::CreateCacheBackend(net::DISK_CACHE,
                                           net::CACHE_BACKEND_DEFAULT,
@@ -3625,7 +3630,7 @@ TEST_F(DiskCacheBackendTest, SimpleCacheEnumerationBasics) {
 
   // Check that enumeration returns all entries.
   std::set<std::string> keys_to_match(key_pool);
-  scoped_ptr<TestIterator> iter = CreateIterator();
+  std::unique_ptr<TestIterator> iter = CreateIterator();
   size_t count = 0;
   ASSERT_TRUE(EnumerateAndMatchKeys(-1, iter.get(), &keys_to_match, &count));
   iter.reset();
@@ -3665,7 +3670,7 @@ TEST_F(DiskCacheBackendTest, SimpleCacheEnumerationWhileDoomed) {
 
   // Check that enumeration returns all entries but the doomed one.
   std::set<std::string> keys_to_match(key_pool);
-  scoped_ptr<TestIterator> iter = CreateIterator();
+  std::unique_ptr<TestIterator> iter = CreateIterator();
   size_t count = 0;
   ASSERT_TRUE(EnumerateAndMatchKeys(key_pool.size()/2,
                                     iter.get(),
@@ -3687,9 +3692,6 @@ TEST_F(DiskCacheBackendTest, SimpleCacheEnumerationWhileDoomed) {
 TEST_F(DiskCacheBackendTest, SimpleCacheEnumerationCorruption) {
   SetSimpleCacheMode();
   InitCache();
-  std::set<std::string> key_pool;
-  ASSERT_TRUE(CreateSetOfRandomEntries(&key_pool));
-
   // Create a corrupt entry. The write/read sequence ensures that the entry will
   // have been created before corrupting the platform files, in the case of
   // optimistic operations.
@@ -3706,13 +3708,16 @@ TEST_F(DiskCacheBackendTest, SimpleCacheEnumerationCorruption) {
   ASSERT_EQ(kSize, ReadData(corrupted_entry, 0, 0, buffer.get(), kSize));
   corrupted_entry->Close();
 
+  std::set<std::string> key_pool;
+  ASSERT_TRUE(CreateSetOfRandomEntries(&key_pool));
+
   EXPECT_TRUE(disk_cache::simple_util::CreateCorruptFileForTests(
       key, cache_path_));
   EXPECT_EQ(key_pool.size() + 1, static_cast<size_t>(cache_->GetEntryCount()));
 
   // Check that enumeration returns all entries but the corrupt one.
   std::set<std::string> keys_to_match(key_pool);
-  scoped_ptr<TestIterator> iter = CreateIterator();
+  std::unique_ptr<TestIterator> iter = CreateIterator();
   size_t count = 0;
   ASSERT_TRUE(EnumerateAndMatchKeys(-1, iter.get(), &keys_to_match, &count));
   iter.reset();
@@ -3729,7 +3734,7 @@ TEST_F(DiskCacheBackendTest, SimpleCacheEnumerationDestruction) {
   std::set<std::string> key_pool;
   ASSERT_TRUE(CreateSetOfRandomEntries(&key_pool));
 
-  scoped_ptr<TestIterator> iter = CreateIterator();
+  std::unique_ptr<TestIterator> iter = CreateIterator();
   disk_cache::Entry* entry = NULL;
   ASSERT_EQ(net::OK, iter->OpenNextEntry(&entry));
   EXPECT_TRUE(entry);
@@ -3739,6 +3744,27 @@ TEST_F(DiskCacheBackendTest, SimpleCacheEnumerationDestruction) {
   // This test passes if we don't leak memory.
 }
 
+// Tests that enumerations include entries with long keys.
+TEST_F(DiskCacheBackendTest, SimpleCacheEnumerationLongKeys) {
+  SetSimpleCacheMode();
+  InitCache();
+  std::set<std::string> key_pool;
+  ASSERT_TRUE(CreateSetOfRandomEntries(&key_pool));
+
+  const size_t long_key_length =
+      disk_cache::SimpleSynchronousEntry::kInitialHeaderRead + 10;
+  std::string long_key(long_key_length, 'X');
+  key_pool.insert(long_key);
+  disk_cache::Entry* entry = NULL;
+  ASSERT_EQ(net::OK, CreateEntry(long_key.c_str(), &entry));
+  entry->Close();
+
+  std::unique_ptr<TestIterator> iter = CreateIterator();
+  size_t count = 0;
+  EXPECT_TRUE(EnumerateAndMatchKeys(-1, iter.get(), &key_pool, &count));
+  EXPECT_TRUE(key_pool.empty());
+}
+
 // Tests that a SimpleCache doesn't crash when files are deleted very quickly
 // after closing.
 // NOTE: IF THIS TEST IS FLAKY THEN IT IS FAILING. See https://crbug.com/416940
diff --git a/chromium/net/disk_cache/blockfile/addr.cc b/chromium/net/disk_cache/blockfile/addr.cc
index ab418c4dc03..cbe42f7f5fa 100644
--- a/chromium/net/disk_cache/blockfile/addr.cc
+++ b/chromium/net/disk_cache/blockfile/addr.cc
@@ -26,7 +26,7 @@ bool Addr::SetFileNumber(int file_number) {
   return true;
 }
 
-bool Addr::SanityCheckV2() const {
+bool Addr::SanityCheck() const {
   if (!is_initialized())
     return !value_;
 
@@ -39,22 +39,8 @@ bool Addr::SanityCheckV2() const {
   return !reserved_bits();
 }
 
-bool Addr::SanityCheckV3() const {
-  if (!is_initialized())
-    return !value_;
-
-  // For actual entries, SanityCheckForEntryV3 should be used.
-  if (file_type() > BLOCK_FILES)
-    return false;
-
-  if (is_separate_file())
-    return true;
-
-  return !reserved_bits();
-}
-
-bool Addr::SanityCheckForEntryV2() const {
-  if (!SanityCheckV2() || !is_initialized())
+bool Addr::SanityCheckForEntry() const {
+  if (!SanityCheck() || !is_initialized())
     return false;
 
   if (is_separate_file() || file_type() != BLOCK_256)
@@ -63,24 +49,8 @@ bool Addr::SanityCheckForEntryV2() const {
   return true;
 }
 
-bool Addr::SanityCheckForEntryV3() const {
-  if (!is_initialized())
-    return false;
-
-  if (reserved_bits())
-    return false;
-
-  if (file_type() != BLOCK_ENTRIES && file_type() != BLOCK_EVICTED)
-    return false;
-
-  if (num_blocks() != 1)
-    return false;
-
-  return true;
-}
-
 bool Addr::SanityCheckForRankings() const {
-  if (!SanityCheckV2() || !is_initialized())
+  if (!SanityCheck() || !is_initialized())
     return false;
 
   if (is_separate_file() || file_type() != RANKINGS || num_blocks() != 1)
diff --git a/chromium/net/disk_cache/blockfile/addr.h b/chromium/net/disk_cache/blockfile/addr.h
index cf6071ed9de..f21fbf2aa14 100644
--- a/chromium/net/disk_cache/blockfile/addr.h
+++ b/chromium/net/disk_cache/blockfile/addr.h
@@ -31,7 +31,6 @@ const int kMaxBlockSize = 4096 * 4;
 const int16_t kMaxBlockFile = 255;
 const int kMaxNumBlocks = 4;
 const int16_t kFirstAdditionalBlockFile = 4;
-const size_t kFirstAdditionalBlockFileV3 = 7;
 
 // Defines a storage address for a cache record
 //
@@ -161,10 +160,8 @@ class NET_EXPORT_PRIVATE Addr {
   }
 
   // Returns true if this address looks like a valid one.
-  bool SanityCheckV2() const;
-  bool SanityCheckV3() const;
-  bool SanityCheckForEntryV2() const;
-  bool SanityCheckForEntryV3() const;
+  bool SanityCheck() const;
+  bool SanityCheckForEntry() const;
   bool SanityCheckForRankings() const;
 
  private:
diff --git a/chromium/net/disk_cache/blockfile/addr_unittest.cc b/chromium/net/disk_cache/blockfile/addr_unittest.cc
index b62e31f7925..dbb2dbc04e1 100644
--- a/chromium/net/disk_cache/blockfile/addr_unittest.cc
+++ b/chromium/net/disk_cache/blockfile/addr_unittest.cc
@@ -36,24 +36,22 @@ TEST_F(DiskCacheTest, CacheAddr_InvalidValues) {
 
 TEST_F(DiskCacheTest, CacheAddr_SanityCheck) {
   // First a few valid values.
-  EXPECT_TRUE(Addr(0).SanityCheckV2());
-  EXPECT_TRUE(Addr(0x80001000).SanityCheckV2());
-  EXPECT_TRUE(Addr(0xC3FFFFFF).SanityCheckV2());
-  EXPECT_TRUE(Addr(0xC0FFFFFF).SanityCheckV2());
-  EXPECT_TRUE(Addr(0xD0001000).SanityCheckV3());
+  EXPECT_TRUE(Addr(0).SanityCheck());
+  EXPECT_TRUE(Addr(0x80001000).SanityCheck());
+  EXPECT_TRUE(Addr(0xC3FFFFFF).SanityCheck());
+  EXPECT_TRUE(Addr(0xC0FFFFFF).SanityCheck());
 
   // Not initialized.
-  EXPECT_FALSE(Addr(0x20).SanityCheckV2());
-  EXPECT_FALSE(Addr(0x10001000).SanityCheckV2());
+  EXPECT_FALSE(Addr(0x20).SanityCheck());
+  EXPECT_FALSE(Addr(0x10001000).SanityCheck());
 
   // Invalid file type.
-  EXPECT_FALSE(Addr(0xD0001000).SanityCheckV2());
-  EXPECT_FALSE(Addr(0xE0001000).SanityCheckV3());
-  EXPECT_FALSE(Addr(0xF0000000).SanityCheckV2());
+  EXPECT_FALSE(Addr(0xD0001000).SanityCheck());
+  EXPECT_FALSE(Addr(0xF0000000).SanityCheck());
 
   // Reserved bits.
-  EXPECT_FALSE(Addr(0x14000000).SanityCheckV2());
-  EXPECT_FALSE(Addr(0x18000000).SanityCheckV2());
+  EXPECT_FALSE(Addr(0x14000000).SanityCheck());
+  EXPECT_FALSE(Addr(0x18000000).SanityCheck());
 }
 
 }  // namespace disk_cache
diff --git a/chromium/net/disk_cache/blockfile/backend_impl.cc b/chromium/net/disk_cache/blockfile/backend_impl.cc
index 980ddc73a53..fe05bac3d61 100644
--- a/chromium/net/disk_cache/blockfile/backend_impl.cc
+++ b/chromium/net/disk_cache/blockfile/backend_impl.cc
@@ -22,8 +22,8 @@
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
 #include "base/sys_info.h"
-#include "base/thread_task_runner_handle.h"
 #include "base/threading/thread_restrictions.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/time/time.h"
 #include "base/timer/timer.h"
 #include "net/base/net_errors.h"
@@ -387,7 +387,7 @@ int BackendImpl::SyncDoomEntriesBetween(const base::Time initial_time,
     return net::ERR_FAILED;
 
   EntryImpl* node;
-  scoped_ptr<Rankings::Iterator> iterator(new Rankings::Iterator());
+  std::unique_ptr<Rankings::Iterator> iterator(new Rankings::Iterator());
   EntryImpl* next = OpenNextEntryImpl(iterator.get());
   if (!next)
     return net::OK;
@@ -429,7 +429,7 @@ int BackendImpl::SyncDoomEntriesSince(const base::Time initial_time) {
 
   stats_.OnEvent(Stats::DOOM_RECENT);
   for (;;) {
-    scoped_ptr<Rankings::Iterator> iterator(new Rankings::Iterator());
+    std::unique_ptr<Rankings::Iterator> iterator(new Rankings::Iterator());
     EntryImpl* entry = OpenNextEntryImpl(iterator.get());
     if (!entry)
       return net::OK;
@@ -453,7 +453,8 @@ int BackendImpl::SyncOpenNextEntry(Rankings::Iterator* iterator,
   return (*next_entry) ? net::OK : net::ERR_FAILED;
 }
 
-void BackendImpl::SyncEndEnumeration(scoped_ptr<Rankings::Iterator> iterator) {
+void BackendImpl::SyncEndEnumeration(
+    std::unique_ptr<Rankings::Iterator> iterator) {
   iterator->Reset();
 }
 
@@ -497,12 +498,6 @@ EntryImpl* BackendImpl::OpenEntryImpl(const std::string& key) {
   int64_t use_hours = total_hours - no_use_hours;
 
   if (!cache_entry) {
-    CACHE_UMA(AGE_MS, "OpenTime.Miss", 0, start);
-    CACHE_UMA(COUNTS_10000, "AllOpenBySize.Miss", 0, current_size);
-    CACHE_UMA(HOURS, "AllOpenByTotalHours.Miss", 0,
-              static_cast<base::HistogramBase::Sample>(total_hours));
-    CACHE_UMA(HOURS, "AllOpenByUseHours.Miss", 0,
-              static_cast<base::HistogramBase::Sample>(use_hours));
     stats_.OnEvent(Stats::OPEN_MISS);
     return NULL;
   }
@@ -1296,11 +1291,12 @@ class BackendImpl::IteratorImpl : public Backend::Iterator {
 
  private:
   const base::WeakPtr<InFlightBackendIO> background_queue_;
-  scoped_ptr<Rankings::Iterator> iterator_;
+  std::unique_ptr<Rankings::Iterator> iterator_;
 };
 
-scoped_ptr<Backend::Iterator> BackendImpl::CreateIterator() {
-  return scoped_ptr<Backend::Iterator>(new IteratorImpl(GetBackgroundQueue()));
+std::unique_ptr<Backend::Iterator> BackendImpl::CreateIterator() {
+  return std::unique_ptr<Backend::Iterator>(
+      new IteratorImpl(GetBackgroundQueue()));
 }
 
 void BackendImpl::GetStats(StatsItems* stats) {
@@ -1456,7 +1452,7 @@ bool BackendImpl::InitStats() {
   if (!file)
     return false;
 
-  scoped_ptr<char[]> data(new char[size]);
+  std::unique_ptr<char[]> data(new char[size]);
   size_t offset = address.start_block() * address.BlockSize() +
                   kBlockHeaderSize;
   if (!file->Read(data.get(), size, offset))
@@ -1471,7 +1467,7 @@ bool BackendImpl::InitStats() {
 
 void BackendImpl::StoreStats() {
   int size = stats_.StorageSize();
-  scoped_ptr<char[]> data(new char[size]);
+  std::unique_ptr<char[]> data(new char[size]);
   Addr address;
   size = stats_.SerializeStats(data.get(), size, &address);
   DCHECK(size);
@@ -1545,7 +1541,7 @@ int BackendImpl::NewEntry(Addr address, EntryImpl** entry) {
 
   STRESS_DCHECK(block_files_.IsValid(address));
 
-  if (!address.SanityCheckForEntryV2()) {
+  if (!address.SanityCheckForEntry()) {
     LOG(WARNING) << "Wrong entry address.";
     STRESS_NOTREACHED();
     return ERR_INVALID_ADDRESS;
diff --git a/chromium/net/disk_cache/blockfile/backend_impl.h b/chromium/net/disk_cache/blockfile/backend_impl.h
index 89edef2eb58..5ecd3072ae7 100644
--- a/chromium/net/disk_cache/blockfile/backend_impl.h
+++ b/chromium/net/disk_cache/blockfile/backend_impl.h
@@ -9,7 +9,8 @@
 
 #include <stdint.h>
 
-#include "base/containers/hash_tables.h"
+#include <unordered_map>
+
 #include "base/files/file_path.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
@@ -79,7 +80,7 @@ class NET_EXPORT_PRIVATE BackendImpl : public Backend {
   int SyncCalculateSizeOfAllEntries();
   int SyncDoomEntriesSince(base::Time initial_time);
   int SyncOpenNextEntry(Rankings::Iterator* iterator, Entry** next_entry);
-  void SyncEndEnumeration(scoped_ptr<Rankings::Iterator> iterator);
+  void SyncEndEnumeration(std::unique_ptr<Rankings::Iterator> iterator);
   void SyncOnExternalCacheHit(const std::string& key);
 
   // Open or create an entry for the given |key| or |iter|.
@@ -288,12 +289,12 @@ class NET_EXPORT_PRIVATE BackendImpl : public Backend {
   // the iterator (for example, deleting the entry) will invalidate the
   // iterator. Performing operations on an entry that modify the entry may
   // result in loops in the iteration, skipped entries or similar.
-  scoped_ptr<Iterator> CreateIterator() override;
+  std::unique_ptr<Iterator> CreateIterator() override;
   void GetStats(StatsItems* stats) override;
   void OnExternalCacheHit(const std::string& key) override;
 
  private:
-  typedef base::hash_map<CacheAddr, EntryImpl*> EntriesMap;
+  using EntriesMap = std::unordered_map<CacheAddr, EntryImpl*>;
   class IteratorImpl;
 
   // Creates a new backing file for the cache index.
@@ -403,7 +404,7 @@ class NET_EXPORT_PRIVATE BackendImpl : public Backend {
   net::NetLog* net_log_;
 
   Stats stats_;  // Usage statistics.
-  scoped_ptr<base::RepeatingTimer> timer_;  // Usage timer.
+  std::unique_ptr<base::RepeatingTimer> timer_;  // Usage timer.
   base::WaitableEvent done_;  // Signals the end of background work.
   scoped_refptr<TraceObject> trace_object_;  // Initializes internal tracing.
   base::WeakPtrFactory<BackendImpl> ptr_factory_;
diff --git a/chromium/net/disk_cache/blockfile/backend_impl_v3.cc b/chromium/net/disk_cache/blockfile/backend_impl_v3.cc
deleted file mode 100644
index ae90bd96aef..00000000000
--- a/chromium/net/disk_cache/blockfile/backend_impl_v3.cc
+++ /dev/null
@@ -1,1544 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "net/disk_cache/blockfile/backend_impl_v3.h"
-
-#include <limits>
-
-#include "base/bind.h"
-#include "base/bind_helpers.h"
-#include "base/files/file_path.h"
-#include "base/files/file_util.h"
-#include "base/hash.h"
-#include "base/message_loop/message_loop.h"
-#include "base/metrics/field_trial.h"
-#include "base/rand_util.h"
-#include "base/strings/string_number_conversions.h"
-#include "base/strings/string_util.h"
-#include "base/strings/stringprintf.h"
-#include "base/sys_info.h"
-#include "base/threading/thread_restrictions.h"
-#include "base/time/time.h"
-#include "base/timer/timer.h"
-#include "net/base/net_errors.h"
-#include "net/disk_cache/blockfile/disk_format_v3.h"
-#include "net/disk_cache/blockfile/entry_impl_v3.h"
-#include "net/disk_cache/blockfile/errors.h"
-#include "net/disk_cache/blockfile/experiments.h"
-#include "net/disk_cache/blockfile/file.h"
-#include "net/disk_cache/blockfile/histogram_macros_v3.h"
-#include "net/disk_cache/blockfile/index_table_v3.h"
-#include "net/disk_cache/blockfile/storage_block-inl.h"
-#include "net/disk_cache/cache_util.h"
-
-// Provide a BackendImpl object to macros from histogram_macros.h.
-#define CACHE_UMA_BACKEND_IMPL_OBJ this
-
-using base::Time;
-using base::TimeDelta;
-using base::TimeTicks;
-
-namespace {
-
-#if defined(V3_NOT_JUST_YET_READY)
-const int kDefaultCacheSize = 80 * 1024 * 1024;
-
-// Avoid trimming the cache for the first 5 minutes (10 timer ticks).
-const int kTrimDelay = 10;
-#endif  // defined(V3_NOT_JUST_YET_READY).
-
-}  // namespace
-
-// ------------------------------------------------------------------------
-
-namespace disk_cache {
-
-BackendImplV3::BackendImplV3(
-    const base::FilePath& path,
-    const scoped_refptr<base::SingleThreadTaskRunner>& cache_thread,
-    net::NetLog* net_log)
-    : index_(NULL),
-      path_(path),
-      block_files_(),
-      max_size_(0),
-      up_ticks_(0),
-      cache_type_(net::DISK_CACHE),
-      uma_report_(0),
-      user_flags_(0),
-      init_(false),
-      restarted_(false),
-      read_only_(false),
-      disabled_(false),
-      lru_eviction_(true),
-      first_timer_(true),
-      user_load_(false),
-      net_log_(net_log),
-      ptr_factory_(this) {
-}
-
-BackendImplV3::~BackendImplV3() {
-  CleanupCache();
-}
-
-int BackendImplV3::Init(const CompletionCallback& callback) {
-  DCHECK(!init_);
-  if (init_)
-    return net::ERR_FAILED;
-
-  return net::ERR_IO_PENDING;
-}
-
-// ------------------------------------------------------------------------
-
-bool BackendImplV3::SetMaxSize(int max_bytes) {
-  static_assert(sizeof(max_bytes) == sizeof(max_size_),
-                "unsupported int model");
-  if (max_bytes < 0)
-    return false;
-
-  // Zero size means use the default.
-  if (!max_bytes)
-    return true;
-
-  // Avoid a DCHECK later on.
-  if (max_bytes >= std::numeric_limits<int32_t>::max() -
-                       std::numeric_limits<int32_t>::max() / 10) {
-    max_bytes = std::numeric_limits<int32_t>::max() -
-                std::numeric_limits<int32_t>::max() / 10 - 1;
-  }
-
-  user_flags_ |= MAX_SIZE;
-  max_size_ = max_bytes;
-  return true;
-}
-
-void BackendImplV3::SetType(net::CacheType type) {
-  DCHECK_NE(net::MEMORY_CACHE, type);
-  cache_type_ = type;
-}
-
-bool BackendImplV3::CreateBlock(FileType block_type, int block_count,
-                                Addr* block_address) {
-  return block_files_.CreateBlock(block_type, block_count, block_address);
-}
-
-#if defined(V3_NOT_JUST_YET_READY)
-void BackendImplV3::UpdateRank(EntryImplV3* entry, bool modified) {
-  if (read_only_ || (!modified && cache_type() == net::SHADER_CACHE))
-    return;
-  eviction_.UpdateRank(entry, modified);
-}
-
-void BackendImplV3::InternalDoomEntry(EntryImplV3* entry) {
-  uint32_t hash = entry->GetHash();
-  std::string key = entry->GetKey();
-  Addr entry_addr = entry->entry()->address();
-  bool error;
-  EntryImpl* parent_entry = MatchEntry(key, hash, true, entry_addr, &error);
-  CacheAddr child(entry->GetNextAddress());
-
-  Trace("Doom entry 0x%p", entry);
-
-  if (!entry->doomed()) {
-    // We may have doomed this entry from within MatchEntry.
-    eviction_.OnDoomEntry(entry);
-    entry->InternalDoom();
-    if (!new_eviction_) {
-      DecreaseNumEntries();
-    }
-    stats_.OnEvent(Stats::DOOM_ENTRY);
-  }
-
-  if (parent_entry) {
-    parent_entry->SetNextAddress(Addr(child));
-    parent_entry->Release();
-  } else if (!error) {
-    data_->table[hash & mask_] = child;
-  }
-
-  FlushIndex();
-}
-
-void BackendImplV3::OnEntryDestroyBegin(Addr address) {
-  EntriesMap::iterator it = open_entries_.find(address.value());
-  if (it != open_entries_.end())
-    open_entries_.erase(it);
-}
-
-void BackendImplV3::OnEntryDestroyEnd() {
-  DecreaseNumRefs();
-  if (data_->header.num_bytes > max_size_ && !read_only_ &&
-      (up_ticks_ > kTrimDelay || user_flags_ & kNoRandom))
-    eviction_.TrimCache(false);
-}
-
-EntryImplV3* BackendImplV3::GetOpenEntry(Addr address) const {
-  DCHECK(rankings->HasData());
-  EntriesMap::const_iterator it =
-      open_entries_.find(rankings->Data()->contents);
-  if (it != open_entries_.end()) {
-    // We have this entry in memory.
-    return it->second;
-  }
-
-  return NULL;
-}
-
-int BackendImplV3::MaxFileSize() const {
-  return max_size_ / 8;
-}
-
-void BackendImplV3::ModifyStorageSize(int32_t old_size, int32_t new_size) {
-  if (disabled_ || old_size == new_size)
-    return;
-  if (old_size > new_size)
-    SubstractStorageSize(old_size - new_size);
-  else
-    AddStorageSize(new_size - old_size);
-
-  // Update the usage statistics.
-  stats_.ModifyStorageStats(old_size, new_size);
-}
-
-void BackendImplV3::TooMuchStorageRequested(int32_t size) {
-  stats_.ModifyStorageStats(0, size);
-}
-
-bool BackendImplV3::IsAllocAllowed(int current_size, int new_size) {
-  DCHECK_GT(new_size, current_size);
-  if (user_flags_ & NO_BUFFERING)
-    return false;
-
-  int to_add = new_size - current_size;
-  if (buffer_bytes_ + to_add > MaxBuffersSize())
-    return false;
-
-  buffer_bytes_ += to_add;
-  CACHE_UMA(COUNTS_50000, "BufferBytes", buffer_bytes_ / 1024);
-  return true;
-}
-#endif  // defined(V3_NOT_JUST_YET_READY).
-
-void BackendImplV3::BufferDeleted(int size) {
-  DCHECK_GE(size, 0);
-  buffer_bytes_ -= size;
-  DCHECK_GE(buffer_bytes_, 0);
-}
-
-bool BackendImplV3::IsLoaded() const {
-  if (user_flags_ & NO_LOAD_PROTECTION)
-    return false;
-
-  return user_load_;
-}
-
-std::string BackendImplV3::HistogramName(const char* name) const {
-  static const char* const names[] = {
-    "Http", "", "Media", "AppCache", "Shader" };
-  DCHECK_NE(cache_type_, net::MEMORY_CACHE);
-  return base::StringPrintf("DiskCache3.%s_%s", name, names[cache_type_]);
-}
-
-base::WeakPtr<BackendImplV3> BackendImplV3::GetWeakPtr() {
-  return ptr_factory_.GetWeakPtr();
-}
-
-#if defined(V3_NOT_JUST_YET_READY)
-// We want to remove biases from some histograms so we only send data once per
-// week.
-bool BackendImplV3::ShouldReportAgain() {
-  if (uma_report_)
-    return uma_report_ == 2;
-
-  uma_report_++;
-  int64_t last_report = stats_.GetCounter(Stats::LAST_REPORT);
-  Time last_time = Time::FromInternalValue(last_report);
-  if (!last_report || (Time::Now() - last_time).InDays() >= 7) {
-    stats_.SetCounter(Stats::LAST_REPORT, Time::Now().ToInternalValue());
-    uma_report_++;
-    return true;
-  }
-  return false;
-}
-
-void BackendImplV3::FirstEviction() {
-  IndexHeaderV3* header = index_.header();
-  header->flags |= CACHE_EVICTED;
-  DCHECK(header->create_time);
-  if (!GetEntryCount())
-    return;  // This is just for unit tests.
-
-  Time create_time = Time::FromInternalValue(header->create_time);
-  CACHE_UMA(AGE, "FillupAge", create_time);
-
-  int64_t use_time = stats_.GetCounter(Stats::TIMER);
-  CACHE_UMA(HOURS, "FillupTime", static_cast<int>(use_time / 120));
-  CACHE_UMA(PERCENTAGE, "FirstHitRatio", stats_.GetHitRatio());
-
-  if (!use_time)
-    use_time = 1;
-  CACHE_UMA(COUNTS_10000, "FirstEntryAccessRate",
-            static_cast<int>(header->num_entries / use_time));
-  CACHE_UMA(COUNTS, "FirstByteIORate",
-            static_cast<int>((header->num_bytes / 1024) / use_time));
-
-  int avg_size = header->num_bytes / GetEntryCount();
-  CACHE_UMA(COUNTS, "FirstEntrySize", avg_size);
-
-  int large_entries_bytes = stats_.GetLargeEntriesSize();
-  int large_ratio = large_entries_bytes * 100 / header->num_bytes;
-  CACHE_UMA(PERCENTAGE, "FirstLargeEntriesRatio", large_ratio);
-
-  if (!lru_eviction_) {
-    CACHE_UMA(PERCENTAGE, "FirstResurrectRatio", stats_.GetResurrectRatio());
-    CACHE_UMA(PERCENTAGE, "FirstNoUseRatio",
-              header->num_no_use_entries * 100 / header->num_entries);
-    CACHE_UMA(PERCENTAGE, "FirstLowUseRatio",
-              header->num_low_use_entries * 100 / header->num_entries);
-    CACHE_UMA(PERCENTAGE, "FirstHighUseRatio",
-              header->num_high_use_entries * 100 / header->num_entries);
-  }
-
-  stats_.ResetRatios();
-}
-
-void BackendImplV3::OnEvent(Stats::Counters an_event) {
-  stats_.OnEvent(an_event);
-}
-
-void BackendImplV3::OnRead(int32_t bytes) {
-  DCHECK_GE(bytes, 0);
-  byte_count_ += bytes;
-  if (byte_count_ < 0)
-    byte_count_ = std::numeric_limits<int32_t>::max();
-}
-
-void BackendImplV3::OnWrite(int32_t bytes) {
-  // We use the same implementation as OnRead... just log the number of bytes.
-  OnRead(bytes);
-}
-
-void BackendImplV3::OnTimerTick() {
-  stats_.OnEvent(Stats::TIMER);
-  int64_t time = stats_.GetCounter(Stats::TIMER);
-  int64_t current = stats_.GetCounter(Stats::OPEN_ENTRIES);
-
-  // OPEN_ENTRIES is a sampled average of the number of open entries, avoiding
-  // the bias towards 0.
-  if (num_refs_ && (current != num_refs_)) {
-    int64_t diff = (num_refs_ - current) / 50;
-    if (!diff)
-      diff = num_refs_ > current ? 1 : -1;
-    current = current + diff;
-    stats_.SetCounter(Stats::OPEN_ENTRIES, current);
-    stats_.SetCounter(Stats::MAX_ENTRIES, max_refs_);
-  }
-
-  CACHE_UMA(COUNTS, "NumberOfReferences", num_refs_);
-
-  CACHE_UMA(COUNTS_10000, "EntryAccessRate", entry_count_);
-  CACHE_UMA(COUNTS, "ByteIORate", byte_count_ / 1024);
-
-  // These values cover about 99.5% of the population (Oct 2011).
-  user_load_ = (entry_count_ > 300 || byte_count_ > 7 * 1024 * 1024);
-  entry_count_ = 0;
-  byte_count_ = 0;
-  up_ticks_++;
-
-  if (!data_)
-    first_timer_ = false;
-  if (first_timer_) {
-    first_timer_ = false;
-    if (ShouldReportAgain())
-      ReportStats();
-  }
-
-  // Save stats to disk at 5 min intervals.
-  if (time % 10 == 0)
-    StoreStats();
-}
-
-void BackendImplV3::SetUnitTestMode() {
-  user_flags_ |= UNIT_TEST_MODE;
-}
-
-void BackendImplV3::SetUpgradeMode() {
-  user_flags_ |= UPGRADE_MODE;
-  read_only_ = true;
-}
-
-void BackendImplV3::SetNewEviction() {
-  user_flags_ |= EVICTION_V2;
-  lru_eviction_ = false;
-}
-
-void BackendImplV3::SetFlags(uint32_t flags) {
-  user_flags_ |= flags;
-}
-
-int BackendImplV3::FlushQueueForTest(const CompletionCallback& callback) {
-  background_queue_.FlushQueue(callback);
-  return net::ERR_IO_PENDING;
-}
-
-void BackendImplV3::TrimForTest(bool empty) {
-  eviction_.SetTestMode();
-  eviction_.TrimCache(empty);
-}
-
-void BackendImplV3::TrimDeletedListForTest(bool empty) {
-  eviction_.SetTestMode();
-  eviction_.TrimDeletedList(empty);
-}
-
-int BackendImplV3::SelfCheck() {
-  if (!init_) {
-    LOG(ERROR) << "Init failed";
-    return ERR_INIT_FAILED;
-  }
-
-  int num_entries = rankings_.SelfCheck();
-  if (num_entries < 0) {
-    LOG(ERROR) << "Invalid rankings list, error " << num_entries;
-#if !defined(NET_BUILD_STRESS_CACHE)
-    return num_entries;
-#endif
-  }
-
-  if (num_entries != data_->header.num_entries) {
-    LOG(ERROR) << "Number of entries mismatch";
-#if !defined(NET_BUILD_STRESS_CACHE)
-    return ERR_NUM_ENTRIES_MISMATCH;
-#endif
-  }
-
-  return CheckAllEntries();
-}
-
-// ------------------------------------------------------------------------
-
-net::CacheType BackendImplV3::GetCacheType() const {
-  return cache_type_;
-}
-
-int32_t BackendImplV3::GetEntryCount() const {
-  if (disabled_)
-    return 0;
-  DCHECK(init_);
-  return index_.header()->num_entries;
-}
-
-int BackendImplV3::OpenEntry(const std::string& key, Entry** entry,
-                             const CompletionCallback& callback) {
-  if (disabled_)
-    return NULL;
-
-  TimeTicks start = TimeTicks::Now();
-  uint32_t hash = base::Hash(key);
-  Trace("Open hash 0x%x", hash);
-
-  bool error;
-  EntryImpl* cache_entry = MatchEntry(key, hash, false, Addr(), &error);
-  if (cache_entry && ENTRY_NORMAL != cache_entry->entry()->Data()->state) {
-    // The entry was already evicted.
-    cache_entry->Release();
-    cache_entry = NULL;
-  }
-
-  int current_size = data_->header.num_bytes / (1024 * 1024);
-  int64_t total_hours = stats_.GetCounter(Stats::TIMER) / 120;
-  int64_t no_use_hours = stats_.GetCounter(Stats::LAST_REPORT_TIMER) / 120;
-  int64_t use_hours = total_hours - no_use_hours;
-
-  if (!cache_entry) {
-    CACHE_UMA(AGE_MS, "OpenTime.Miss", 0, start);
-    CACHE_UMA(COUNTS_10000, "AllOpenBySize.Miss", 0, current_size);
-    CACHE_UMA(HOURS, "AllOpenByTotalHours.Miss", 0, total_hours);
-    CACHE_UMA(HOURS, "AllOpenByUseHours.Miss", 0, use_hours);
-    stats_.OnEvent(Stats::OPEN_MISS);
-    return NULL;
-  }
-
-  eviction_.OnOpenEntry(cache_entry);
-  entry_count_++;
-
-  Trace("Open hash 0x%x end: 0x%x", hash,
-        cache_entry->entry()->address().value());
-  CACHE_UMA(AGE_MS, "OpenTime", 0, start);
-  CACHE_UMA(COUNTS_10000, "AllOpenBySize.Hit", 0, current_size);
-  CACHE_UMA(HOURS, "AllOpenByTotalHours.Hit", 0, total_hours);
-  CACHE_UMA(HOURS, "AllOpenByUseHours.Hit", 0, use_hours);
-  stats_.OnEvent(Stats::OPEN_HIT);
-  SIMPLE_STATS_COUNTER("disk_cache.hit");
-  return cache_entry;
-}
-
-int BackendImplV3::CreateEntry(const std::string& key, Entry** entry,
-                               const CompletionCallback& callback) {
-  if (disabled_ || key.empty())
-    return NULL;
-
-  TimeTicks start = TimeTicks::Now();
-  Trace("Create hash 0x%x", hash);
-
-  scoped_refptr<EntryImpl> parent;
-  Addr entry_address(data_->table[hash & mask_]);
-  if (entry_address.is_initialized()) {
-    // We have an entry already. It could be the one we are looking for, or just
-    // a hash conflict.
-    bool error;
-    EntryImpl* old_entry = MatchEntry(key, hash, false, Addr(), &error);
-    if (old_entry)
-      return ResurrectEntry(old_entry);
-
-    EntryImpl* parent_entry = MatchEntry(key, hash, true, Addr(), &error);
-    DCHECK(!error);
-    if (parent_entry) {
-      parent.swap(&parent_entry);
-    } else if (data_->table[hash & mask_]) {
-      // We should have corrected the problem.
-      NOTREACHED();
-      return NULL;
-    }
-  }
-
-  // The general flow is to allocate disk space and initialize the entry data,
-  // followed by saving that to disk, then linking the entry though the index
-  // and finally through the lists. If there is a crash in this process, we may
-  // end up with:
-  // a. Used, unreferenced empty blocks on disk (basically just garbage).
-  // b. Used, unreferenced but meaningful data on disk (more garbage).
-  // c. A fully formed entry, reachable only through the index.
-  // d. A fully formed entry, also reachable through the lists, but still dirty.
-  //
-  // Anything after (b) can be automatically cleaned up. We may consider saving
-  // the current operation (as we do while manipulating the lists) so that we
-  // can detect and cleanup (a) and (b).
-
-  int num_blocks = EntryImpl::NumBlocksForEntry(key.size());
-  if (!block_files_.CreateBlock(BLOCK_256, num_blocks, &entry_address)) {
-    LOG(ERROR) << "Create entry failed " << key.c_str();
-    stats_.OnEvent(Stats::CREATE_ERROR);
-    return NULL;
-  }
-
-  Addr node_address(0);
-  if (!block_files_.CreateBlock(RANKINGS, 1, &node_address)) {
-    block_files_.DeleteBlock(entry_address, false);
-    LOG(ERROR) << "Create entry failed " << key.c_str();
-    stats_.OnEvent(Stats::CREATE_ERROR);
-    return NULL;
-  }
-
-  scoped_refptr<EntryImpl> cache_entry(
-      new EntryImpl(this, entry_address, false));
-  IncreaseNumRefs();
-
-  if (!cache_entry->CreateEntry(node_address, key, hash)) {
-    block_files_.DeleteBlock(entry_address, false);
-    block_files_.DeleteBlock(node_address, false);
-    LOG(ERROR) << "Create entry failed " << key.c_str();
-    stats_.OnEvent(Stats::CREATE_ERROR);
-    return NULL;
-  }
-
-  cache_entry->BeginLogging(net_log_, true);
-
-  // We are not failing the operation; let's add this to the map.
-  open_entries_[entry_address.value()] = cache_entry.get();
-
-  // Save the entry.
-  cache_entry->entry()->Store();
-  cache_entry->rankings()->Store();
-  IncreaseNumEntries();
-  entry_count_++;
-
-  // Link this entry through the index.
-  if (parent.get()) {
-    parent->SetNextAddress(entry_address);
-  } else {
-    data_->table[hash & mask_] = entry_address.value();
-  }
-
-  // Link this entry through the lists.
-  eviction_.OnCreateEntry(cache_entry.get());
-
-  CACHE_UMA(AGE_MS, "CreateTime", 0, start);
-  stats_.OnEvent(Stats::CREATE_HIT);
-  SIMPLE_STATS_COUNTER("disk_cache.miss");
-  Trace("create entry hit ");
-  FlushIndex();
-  cache_entry->AddRef();
-  return cache_entry.get();
-}
-
-int BackendImplV3::DoomEntry(const std::string& key,
-                             const CompletionCallback& callback) {
-  if (disabled_)
-    return net::ERR_FAILED;
-
-  EntryImpl* entry = OpenEntryImpl(key);
-  if (!entry)
-    return net::ERR_FAILED;
-
-  entry->DoomImpl();
-  entry->Release();
-  return net::OK;
-}
-
-int BackendImplV3::DoomAllEntries(const CompletionCallback& callback) {
-  // This is not really an error, but it is an interesting condition.
-  ReportError(ERR_CACHE_DOOMED);
-  stats_.OnEvent(Stats::DOOM_CACHE);
-  if (!num_refs_) {
-    RestartCache(false);
-    return disabled_ ? net::ERR_FAILED : net::OK;
-  } else {
-    if (disabled_)
-      return net::ERR_FAILED;
-
-    eviction_.TrimCache(true);
-    return net::OK;
-  }
-}
-
-int BackendImplV3::DoomEntriesBetween(base::Time initial_time,
-                                      base::Time end_time,
-                                      const CompletionCallback& callback) {
-  DCHECK_NE(net::APP_CACHE, cache_type_);
-  if (end_time.is_null())
-    return SyncDoomEntriesSince(initial_time);
-
-  DCHECK(end_time >= initial_time);
-
-  if (disabled_)
-    return net::ERR_FAILED;
-
-  EntryImpl* node;
-  void* iter = NULL;
-  EntryImpl* next = OpenNextEntryImpl(&iter);
-  if (!next)
-    return net::OK;
-
-  while (next) {
-    node = next;
-    next = OpenNextEntryImpl(&iter);
-
-    if (node->GetLastUsed() >= initial_time &&
-        node->GetLastUsed() < end_time) {
-      node->DoomImpl();
-    } else if (node->GetLastUsed() < initial_time) {
-      if (next)
-        next->Release();
-      next = NULL;
-      SyncEndEnumeration(iter);
-    }
-
-    node->Release();
-  }
-
-  return net::OK;
-}
-
-int BackendImplV3::DoomEntriesSince(base::Time initial_time,
-                                    const CompletionCallback& callback) {
-  DCHECK_NE(net::APP_CACHE, cache_type_);
-  if (disabled_)
-    return net::ERR_FAILED;
-
-  stats_.OnEvent(Stats::DOOM_RECENT);
-  for (;;) {
-    void* iter = NULL;
-    EntryImpl* entry = OpenNextEntryImpl(&iter);
-    if (!entry)
-      return net::OK;
-
-    if (initial_time > entry->GetLastUsed()) {
-      entry->Release();
-      SyncEndEnumeration(iter);
-      return net::OK;
-    }
-
-    entry->DoomImpl();
-    entry->Release();
-    SyncEndEnumeration(iter);  // Dooming the entry invalidates the iterator.
-  }
-}
-
-class BackendImplV3::IteratorImpl : public Backend::Iterator {
- public:
-  explicit IteratorImpl(base::WeakPtr<InFlightBackendIO> background_queue)
-      : background_queue_(background_queue), data_(NULL) {
-  }
-
-  int OpenNextEntry(Entry** next_entry,
-                    const net::CompletionCallback& callback) override {
-    if (!background_queue_)
-      return net::ERR_FAILED;
-    background_queue_->OpenNextEntry(&data_, next_entry, callback);
-    return net::ERR_IO_PENDING;
-  }
-
- private:
-  const base::WeakPtr<InFlightBackendIO> background_queue_;
-  void* data_;
-};
-
-scoped_ptr<Backend::Iterator> BackendImplV3::CreateIterator() {
-  return scoped_ptr<Backend::Iterator>(new IteratorImpl(GetBackgroundQueue()));
-}
-
-void BackendImplV3::GetStats(StatsItems* stats) {
-  if (disabled_)
-    return;
-
-  std::pair<std::string, std::string> item;
-
-  item.first = "Entries";
-  item.second = base::IntToString(data_->header.num_entries);
-  stats->push_back(item);
-
-  item.first = "Pending IO";
-  item.second = base::IntToString(num_pending_io_);
-  stats->push_back(item);
-
-  item.first = "Max size";
-  item.second = base::IntToString(max_size_);
-  stats->push_back(item);
-
-  item.first = "Current size";
-  item.second = base::IntToString(data_->header.num_bytes);
-  stats->push_back(item);
-
-  item.first = "Cache type";
-  item.second = "Blockfile Cache";
-  stats->push_back(item);
-
-  stats_.GetItems(stats);
-}
-
-void BackendImplV3::OnExternalCacheHit(const std::string& key) {
-  if (disabled_)
-    return;
-
-  uint32_t hash = base::Hash(key);
-  bool error;
-  EntryImpl* cache_entry = MatchEntry(key, hash, false, Addr(), &error);
-  if (cache_entry) {
-    if (ENTRY_NORMAL == cache_entry->entry()->Data()->state) {
-      UpdateRank(cache_entry, cache_type() == net::SHADER_CACHE);
-    }
-    cache_entry->Release();
-  }
-}
-
-// ------------------------------------------------------------------------
-
-// The maximum cache size will be either set explicitly by the caller, or
-// calculated by this code.
-void BackendImplV3::AdjustMaxCacheSize(int table_len) {
-  if (max_size_)
-    return;
-
-  // If table_len is provided, the index file exists.
-  DCHECK(!table_len || data_->header.magic);
-
-  // The user is not setting the size, let's figure it out.
-  int64_t available = base::SysInfo::AmountOfFreeDiskSpace(path_);
-  if (available < 0) {
-    max_size_ = kDefaultCacheSize;
-    return;
-  }
-
-  if (table_len)
-    available += data_->header.num_bytes;
-
-  max_size_ = PreferedCacheSize(available);
-
-  // Let's not use more than the default size while we tune-up the performance
-  // of bigger caches. TODO(rvargas): remove this limit.
-  if (max_size_ > kDefaultCacheSize * 4)
-    max_size_ = kDefaultCacheSize * 4;
-
-  if (!table_len)
-    return;
-
-  // If we already have a table, adjust the size to it.
-  int current_max_size = MaxStorageSizeForTable(table_len);
-  if (max_size_ > current_max_size)
-    max_size_= current_max_size;
-}
-
-bool BackendImplV3::InitStats() {
-  Addr address(data_->header.stats);
-  int size = stats_.StorageSize();
-
-  if (!address.is_initialized()) {
-    FileType file_type = Addr::RequiredFileType(size);
-    DCHECK_NE(file_type, EXTERNAL);
-    int num_blocks = Addr::RequiredBlocks(size, file_type);
-
-    if (!CreateBlock(file_type, num_blocks, &address))
-      return false;
-    return stats_.Init(NULL, 0, address);
-  }
-
-  if (!address.is_block_file()) {
-    NOTREACHED();
-    return false;
-  }
-
-  // Load the required data.
-  size = address.num_blocks() * address.BlockSize();
-  MappedFile* file = File(address);
-  if (!file)
-    return false;
-
-  scoped_ptr<char[]> data(new char[size]);
-  size_t offset = address.start_block() * address.BlockSize() +
-                  kBlockHeaderSize;
-  if (!file->Read(data.get(), size, offset))
-    return false;
-
-  if (!stats_.Init(data.get(), size, address))
-    return false;
-  if (cache_type_ == net::DISK_CACHE && ShouldReportAgain())
-    stats_.InitSizeHistogram();
-  return true;
-}
-
-void BackendImplV3::StoreStats() {
-  int size = stats_.StorageSize();
-  scoped_ptr<char[]> data(new char[size]);
-  Addr address;
-  size = stats_.SerializeStats(data.get(), size, &address);
-  DCHECK(size);
-  if (!address.is_initialized())
-    return;
-
-  MappedFile* file = File(address);
-  if (!file)
-    return;
-
-  size_t offset = address.start_block() * address.BlockSize() +
-                  kBlockHeaderSize;
-  file->Write(data.get(), size, offset);  // ignore result.
-}
-
-void BackendImplV3::RestartCache(bool failure) {
-  int64_t errors = stats_.GetCounter(Stats::FATAL_ERROR);
-  int64_t full_dooms = stats_.GetCounter(Stats::DOOM_CACHE);
-  int64_t partial_dooms = stats_.GetCounter(Stats::DOOM_RECENT);
-  int64_t last_report = stats_.GetCounter(Stats::LAST_REPORT);
-
-  PrepareForRestart();
-  if (failure) {
-    DCHECK(!num_refs_);
-    DCHECK(!open_entries_.size());
-    DelayedCacheCleanup(path_);
-  } else {
-    DeleteCache(path_, false);
-  }
-
-  // Don't call Init() if directed by the unit test: we are simulating a failure
-  // trying to re-enable the cache.
-  if (unit_test_)
-    init_ = true;  // Let the destructor do proper cleanup.
-  else if (SyncInit() == net::OK) {
-    stats_.SetCounter(Stats::FATAL_ERROR, errors);
-    stats_.SetCounter(Stats::DOOM_CACHE, full_dooms);
-    stats_.SetCounter(Stats::DOOM_RECENT, partial_dooms);
-    stats_.SetCounter(Stats::LAST_REPORT, last_report);
-  }
-}
-
-void BackendImplV3::PrepareForRestart() {
-  if (!(user_flags_ & EVICTION_V2))
-    lru_eviction_ = true;
-
-  disabled_ = true;
-  data_->header.crash = 0;
-  index_->Flush();
-  index_ = NULL;
-  data_ = NULL;
-  block_files_.CloseFiles();
-  rankings_.Reset();
-  init_ = false;
-  restarted_ = true;
-}
-
-void BackendImplV3::CleanupCache() {
-  Trace("Backend Cleanup");
-  eviction_.Stop();
-  timer_.reset();
-
-  if (init_) {
-    StoreStats();
-    if (data_)
-      data_->header.crash = 0;
-
-    if (user_flags_ & kNoRandom) {
-      // This is a net_unittest, verify that we are not 'leaking' entries.
-      File::WaitForPendingIO(&num_pending_io_);
-      DCHECK(!num_refs_);
-    } else {
-      File::DropPendingIO();
-    }
-  }
-  block_files_.CloseFiles();
-  FlushIndex();
-  index_ = NULL;
-  ptr_factory_.InvalidateWeakPtrs();
-  done_.Signal();
-}
-
-int BackendImplV3::NewEntry(Addr address, EntryImplV3** entry) {
-  EntriesMap::iterator it = open_entries_.find(address.value());
-  if (it != open_entries_.end()) {
-    // Easy job. This entry is already in memory.
-    EntryImpl* this_entry = it->second;
-    this_entry->AddRef();
-    *entry = this_entry;
-    return 0;
-  }
-
-  STRESS_DCHECK(block_files_.IsValid(address));
-
-  if (!address.SanityCheckForEntry()) {
-    LOG(WARNING) << "Wrong entry address.";
-    STRESS_NOTREACHED();
-    return ERR_INVALID_ADDRESS;
-  }
-
-  scoped_refptr<EntryImpl> cache_entry(
-      new EntryImpl(this, address, read_only_));
-  IncreaseNumRefs();
-  *entry = NULL;
-
-  TimeTicks start = TimeTicks::Now();
-  if (!cache_entry->entry()->Load())
-    return ERR_READ_FAILURE;
-
-  if (IsLoaded()) {
-    CACHE_UMA(AGE_MS, "LoadTime", 0, start);
-  }
-
-  if (!cache_entry->SanityCheck()) {
-    LOG(WARNING) << "Messed up entry found.";
-    STRESS_NOTREACHED();
-    return ERR_INVALID_ENTRY;
-  }
-
-  STRESS_DCHECK(block_files_.IsValid(
-                    Addr(cache_entry->entry()->Data()->rankings_node)));
-
-  if (!cache_entry->LoadNodeAddress())
-    return ERR_READ_FAILURE;
-
-  if (!rankings_.SanityCheck(cache_entry->rankings(), false)) {
-    STRESS_NOTREACHED();
-    cache_entry->SetDirtyFlag(0);
-    // Don't remove this from the list (it is not linked properly). Instead,
-    // break the link back to the entry because it is going away, and leave the
-    // rankings node to be deleted if we find it through a list.
-    rankings_.SetContents(cache_entry->rankings(), 0);
-  } else if (!rankings_.DataSanityCheck(cache_entry->rankings(), false)) {
-    STRESS_NOTREACHED();
-    cache_entry->SetDirtyFlag(0);
-    rankings_.SetContents(cache_entry->rankings(), address.value());
-  }
-
-  if (!cache_entry->DataSanityCheck()) {
-    LOG(WARNING) << "Messed up entry found.";
-    cache_entry->SetDirtyFlag(0);
-    cache_entry->FixForDelete();
-  }
-
-  // Prevent overwriting the dirty flag on the destructor.
-  cache_entry->SetDirtyFlag(GetCurrentEntryId());
-
-  if (cache_entry->dirty()) {
-    Trace("Dirty entry 0x%p 0x%x", reinterpret_cast<void*>(cache_entry.get()),
-          address.value());
-  }
-
-  open_entries_[address.value()] = cache_entry.get();
-
-  cache_entry->BeginLogging(net_log_, false);
-  cache_entry.swap(entry);
-  return 0;
-}
-
-void BackendImplV3::AddStorageSize(int32_t bytes) {
-  data_->header.num_bytes += bytes;
-  DCHECK_GE(data_->header.num_bytes, 0);
-}
-
-void BackendImplV3::SubstractStorageSize(int32_t bytes) {
-  data_->header.num_bytes -= bytes;
-  DCHECK_GE(data_->header.num_bytes, 0);
-}
-
-void BackendImplV3::IncreaseNumRefs() {
-  num_refs_++;
-  if (max_refs_ < num_refs_)
-    max_refs_ = num_refs_;
-}
-
-void BackendImplV3::DecreaseNumRefs() {
-  DCHECK(num_refs_);
-  num_refs_--;
-
-  if (!num_refs_ && disabled_)
-    base::MessageLoop::current()->PostTask(
-        FROM_HERE, base::Bind(&BackendImpl::RestartCache, GetWeakPtr(), true));
-}
-
-void BackendImplV3::IncreaseNumEntries() {
-  index_.header()->num_entries++;
-  DCHECK_GT(index_.header()->num_entries, 0);
-}
-
-void BackendImplV3::DecreaseNumEntries() {
-  index_.header()->num_entries--;
-  if (index_.header()->num_entries < 0) {
-    NOTREACHED();
-    index_.header()->num_entries = 0;
-  }
-}
-
-int BackendImplV3::SyncInit() {
-#if defined(NET_BUILD_STRESS_CACHE)
-  // Start evictions right away.
-  up_ticks_ = kTrimDelay * 2;
-#endif
-  DCHECK(!init_);
-  if (init_)
-    return net::ERR_FAILED;
-
-  bool create_files = false;
-  if (!InitBackingStore(&create_files)) {
-    ReportError(ERR_STORAGE_ERROR);
-    return net::ERR_FAILED;
-  }
-
-  num_refs_ = num_pending_io_ = max_refs_ = 0;
-  entry_count_ = byte_count_ = 0;
-
-  if (!restarted_) {
-    buffer_bytes_ = 0;
-    trace_object_ = TraceObject::GetTraceObject();
-    // Create a recurrent timer of 30 secs.
-    int timer_delay = unit_test_ ? 1000 : 30000;
-    timer_.reset(new base::RepeatingTimer());
-    timer_->Start(FROM_HERE, TimeDelta::FromMilliseconds(timer_delay), this,
-                  &BackendImplV3::OnStatsTimer);
-  }
-
-  init_ = true;
-  Trace("Init");
-
-  if (data_->header.experiment != NO_EXPERIMENT &&
-      cache_type_ != net::DISK_CACHE) {
-    // No experiment for other caches.
-    return net::ERR_FAILED;
-  }
-
-  if (!(user_flags_ & kNoRandom)) {
-    // The unit test controls directly what to test.
-    new_eviction_ = (cache_type_ == net::DISK_CACHE);
-  }
-
-  if (!CheckIndex()) {
-    ReportError(ERR_INIT_FAILED);
-    return net::ERR_FAILED;
-  }
-
-  if (!restarted_ && (create_files || !data_->header.num_entries))
-    ReportError(ERR_CACHE_CREATED);
-
-  if (!(user_flags_ & kNoRandom) && cache_type_ == net::DISK_CACHE &&
-      !InitExperiment(&data_->header, create_files)) {
-    return net::ERR_FAILED;
-  }
-
-  // We don't care if the value overflows. The only thing we care about is that
-  // the id cannot be zero, because that value is used as "not dirty".
-  // Increasing the value once per second gives us many years before we start
-  // having collisions.
-  data_->header.this_id++;
-  if (!data_->header.this_id)
-    data_->header.this_id++;
-
-  bool previous_crash = (data_->header.crash != 0);
-  data_->header.crash = 1;
-
-  if (!block_files_.Init(create_files))
-    return net::ERR_FAILED;
-
-  // We want to minimize the changes to cache for an AppCache.
-  if (cache_type() == net::APP_CACHE) {
-    DCHECK(!new_eviction_);
-    read_only_ = true;
-  } else if (cache_type() == net::SHADER_CACHE) {
-    DCHECK(!new_eviction_);
-  }
-
-  eviction_.Init(this);
-
-  // stats_ and rankings_ may end up calling back to us so we better be enabled.
-  disabled_ = false;
-  if (!InitStats())
-    return net::ERR_FAILED;
-
-  disabled_ = !rankings_.Init(this, new_eviction_);
-
-#if defined(STRESS_CACHE_EXTENDED_VALIDATION)
-  trace_object_->EnableTracing(false);
-  int sc = SelfCheck();
-  if (sc < 0 && sc != ERR_NUM_ENTRIES_MISMATCH)
-    NOTREACHED();
-  trace_object_->EnableTracing(true);
-#endif
-
-  if (previous_crash) {
-    ReportError(ERR_PREVIOUS_CRASH);
-  } else if (!restarted_) {
-    ReportError(ERR_NO_ERROR);
-  }
-
-  FlushIndex();
-
-  return disabled_ ? net::ERR_FAILED : net::OK;
-}
-
-EntryImpl* BackendImplV3::ResurrectEntry(EntryImpl* deleted_entry) {
-  if (ENTRY_NORMAL == deleted_entry->entry()->Data()->state) {
-    deleted_entry->Release();
-    stats_.OnEvent(Stats::CREATE_MISS);
-    Trace("create entry miss ");
-    return NULL;
-  }
-
-  // We are attempting to create an entry and found out that the entry was
-  // previously deleted.
-
-  eviction_.OnCreateEntry(deleted_entry);
-  entry_count_++;
-
-  stats_.OnEvent(Stats::RESURRECT_HIT);
-  Trace("Resurrect entry hit ");
-  return deleted_entry;
-}
-
-EntryImpl* BackendImplV3::CreateEntryImpl(const std::string& key) {
-  if (disabled_ || key.empty())
-    return NULL;
-
-  TimeTicks start = TimeTicks::Now();
-  Trace("Create hash 0x%x", hash);
-
-  scoped_refptr<EntryImpl> parent;
-  Addr entry_address(data_->table[hash & mask_]);
-  if (entry_address.is_initialized()) {
-    // We have an entry already. It could be the one we are looking for, or just
-    // a hash conflict.
-    bool error;
-    EntryImpl* old_entry = MatchEntry(key, hash, false, Addr(), &error);
-    if (old_entry)
-      return ResurrectEntry(old_entry);
-
-    EntryImpl* parent_entry = MatchEntry(key, hash, true, Addr(), &error);
-    DCHECK(!error);
-    if (parent_entry) {
-      parent.swap(&parent_entry);
-    } else if (data_->table[hash & mask_]) {
-      // We should have corrected the problem.
-      NOTREACHED();
-      return NULL;
-    }
-  }
-
-  // The general flow is to allocate disk space and initialize the entry data,
-  // followed by saving that to disk, then linking the entry though the index
-  // and finally through the lists. If there is a crash in this process, we may
-  // end up with:
-  // a. Used, unreferenced empty blocks on disk (basically just garbage).
-  // b. Used, unreferenced but meaningful data on disk (more garbage).
-  // c. A fully formed entry, reachable only through the index.
-  // d. A fully formed entry, also reachable through the lists, but still dirty.
-  //
-  // Anything after (b) can be automatically cleaned up. We may consider saving
-  // the current operation (as we do while manipulating the lists) so that we
-  // can detect and cleanup (a) and (b).
-
-  int num_blocks = EntryImpl::NumBlocksForEntry(key.size());
-  if (!block_files_.CreateBlock(BLOCK_256, num_blocks, &entry_address)) {
-    LOG(ERROR) << "Create entry failed " << key.c_str();
-    stats_.OnEvent(Stats::CREATE_ERROR);
-    return NULL;
-  }
-
-  Addr node_address(0);
-  if (!block_files_.CreateBlock(RANKINGS, 1, &node_address)) {
-    block_files_.DeleteBlock(entry_address, false);
-    LOG(ERROR) << "Create entry failed " << key.c_str();
-    stats_.OnEvent(Stats::CREATE_ERROR);
-    return NULL;
-  }
-
-  scoped_refptr<EntryImpl> cache_entry(
-      new EntryImpl(this, entry_address, false));
-  IncreaseNumRefs();
-
-  if (!cache_entry->CreateEntry(node_address, key, hash)) {
-    block_files_.DeleteBlock(entry_address, false);
-    block_files_.DeleteBlock(node_address, false);
-    LOG(ERROR) << "Create entry failed " << key.c_str();
-    stats_.OnEvent(Stats::CREATE_ERROR);
-    return NULL;
-  }
-
-  cache_entry->BeginLogging(net_log_, true);
-
-  // We are not failing the operation; let's add this to the map.
-  open_entries_[entry_address.value()] = cache_entry;
-
-  // Save the entry.
-  cache_entry->entry()->Store();
-  cache_entry->rankings()->Store();
-  IncreaseNumEntries();
-  entry_count_++;
-
-  // Link this entry through the index.
-  if (parent.get()) {
-    parent->SetNextAddress(entry_address);
-  } else {
-    data_->table[hash & mask_] = entry_address.value();
-  }
-
-  // Link this entry through the lists.
-  eviction_.OnCreateEntry(cache_entry);
-
-  CACHE_UMA(AGE_MS, "CreateTime", 0, start);
-  stats_.OnEvent(Stats::CREATE_HIT);
-  SIMPLE_STATS_COUNTER("disk_cache.miss");
-  Trace("create entry hit ");
-  FlushIndex();
-  cache_entry->AddRef();
-  return cache_entry.get();
-}
-
-void BackendImplV3::LogStats() {
-  StatsItems stats;
-  GetStats(&stats);
-
-  for (size_t index = 0; index < stats.size(); index++)
-    VLOG(1) << stats[index].first << ": " << stats[index].second;
-}
-
-void BackendImplV3::ReportStats() {
-  IndexHeaderV3* header = index_.header();
-  CACHE_UMA(COUNTS, "Entries", header->num_entries);
-
-  int current_size = header->num_bytes / (1024 * 1024);
-  int max_size = max_size_ / (1024 * 1024);
-
-  CACHE_UMA(COUNTS_10000, "Size", current_size);
-  CACHE_UMA(COUNTS_10000, "MaxSize", max_size);
-  if (!max_size)
-    max_size++;
-  CACHE_UMA(PERCENTAGE, "UsedSpace", current_size * 100 / max_size);
-
-  CACHE_UMA(COUNTS_10000, "AverageOpenEntries",
-            static_cast<int>(stats_.GetCounter(Stats::OPEN_ENTRIES)));
-  CACHE_UMA(COUNTS_10000, "MaxOpenEntries",
-            static_cast<int>(stats_.GetCounter(Stats::MAX_ENTRIES)));
-  stats_.SetCounter(Stats::MAX_ENTRIES, 0);
-
-  CACHE_UMA(COUNTS_10000, "TotalFatalErrors",
-            static_cast<int>(stats_.GetCounter(Stats::FATAL_ERROR)));
-  CACHE_UMA(COUNTS_10000, "TotalDoomCache",
-            static_cast<int>(stats_.GetCounter(Stats::DOOM_CACHE)));
-  CACHE_UMA(COUNTS_10000, "TotalDoomRecentEntries",
-            static_cast<int>(stats_.GetCounter(Stats::DOOM_RECENT)));
-  stats_.SetCounter(Stats::FATAL_ERROR, 0);
-  stats_.SetCounter(Stats::DOOM_CACHE, 0);
-  stats_.SetCounter(Stats::DOOM_RECENT, 0);
-
-  int64_t total_hours = stats_.GetCounter(Stats::TIMER) / 120;
-  if (!(header->flags & CACHE_EVICTED)) {
-    CACHE_UMA(HOURS, "TotalTimeNotFull", static_cast<int>(total_hours));
-    return;
-  }
-
-  // This is an up to date client that will report FirstEviction() data. After
-  // that event, start reporting this:
-
-  CACHE_UMA(HOURS, "TotalTime", static_cast<int>(total_hours));
-
-  int64_t use_hours = stats_.GetCounter(Stats::LAST_REPORT_TIMER) / 120;
-  stats_.SetCounter(Stats::LAST_REPORT_TIMER, stats_.GetCounter(Stats::TIMER));
-
-  // We may see users with no use_hours at this point if this is the first time
-  // we are running this code.
-  if (use_hours)
-    use_hours = total_hours - use_hours;
-
-  if (!use_hours || !GetEntryCount() || !header->num_bytes)
-    return;
-
-  CACHE_UMA(HOURS, "UseTime", static_cast<int>(use_hours));
-
-  int64_t trim_rate = stats_.GetCounter(Stats::TRIM_ENTRY) / use_hours;
-  CACHE_UMA(COUNTS, "TrimRate", static_cast<int>(trim_rate));
-
-  int avg_size = header->num_bytes / GetEntryCount();
-  CACHE_UMA(COUNTS, "EntrySize", avg_size);
-  CACHE_UMA(COUNTS, "EntriesFull", header->num_entries);
-
-  int large_entries_bytes = stats_.GetLargeEntriesSize();
-  int large_ratio = large_entries_bytes * 100 / header->num_bytes;
-  CACHE_UMA(PERCENTAGE, "LargeEntriesRatio", large_ratio);
-
-  if (!lru_eviction_) {
-    CACHE_UMA(PERCENTAGE, "ResurrectRatio", stats_.GetResurrectRatio());
-    CACHE_UMA(PERCENTAGE, "NoUseRatio",
-              header->num_no_use_entries * 100 / header->num_entries);
-    CACHE_UMA(PERCENTAGE, "LowUseRatio",
-              header->num_low_use_entries * 100 / header->num_entries);
-    CACHE_UMA(PERCENTAGE, "HighUseRatio",
-              header->num_high_use_entries * 100 / header->num_entries);
-    CACHE_UMA(PERCENTAGE, "DeletedRatio",
-              header->num_evicted_entries * 100 / header->num_entries);
-  }
-
-  stats_.ResetRatios();
-  stats_.SetCounter(Stats::TRIM_ENTRY, 0);
-
-  if (cache_type_ == net::DISK_CACHE)
-    block_files_.ReportStats();
-}
-
-void BackendImplV3::ReportError(int error) {
-  STRESS_DCHECK(!error || error == ERR_PREVIOUS_CRASH ||
-                error == ERR_CACHE_CREATED);
-
-  // We transmit positive numbers, instead of direct error codes.
-  DCHECK_LE(error, 0);
-  CACHE_UMA(CACHE_ERROR, "Error", error * -1);
-}
-
-bool BackendImplV3::CheckIndex() {
-  DCHECK(data_);
-
-  size_t current_size = index_->GetLength();
-  if (current_size < sizeof(Index)) {
-    LOG(ERROR) << "Corrupt Index file";
-    return false;
-  }
-
-  if (new_eviction_) {
-    // We support versions 2.0 and 2.1, upgrading 2.0 to 2.1.
-    if (kIndexMagic != data_->header.magic ||
-        kCurrentVersion >> 16 != data_->header.version >> 16) {
-      LOG(ERROR) << "Invalid file version or magic";
-      return false;
-    }
-    if (kCurrentVersion == data_->header.version) {
-      // We need file version 2.1 for the new eviction algorithm.
-      UpgradeTo2_1();
-    }
-  } else {
-    if (kIndexMagic != data_->header.magic ||
-        kCurrentVersion != data_->header.version) {
-      LOG(ERROR) << "Invalid file version or magic";
-      return false;
-    }
-  }
-
-  if (!data_->header.table_len) {
-    LOG(ERROR) << "Invalid table size";
-    return false;
-  }
-
-  if (current_size < GetIndexSize(data_->header.table_len) ||
-      data_->header.table_len & (kBaseTableLen - 1)) {
-    LOG(ERROR) << "Corrupt Index file";
-    return false;
-  }
-
-  AdjustMaxCacheSize(data_->header.table_len);
-
-#if !defined(NET_BUILD_STRESS_CACHE)
-  if (data_->header.num_bytes < 0 ||
-      (max_size_ < std::numeric_limits<int32_t>::max() - kDefaultCacheSize &&
-       data_->header.num_bytes > max_size_ + kDefaultCacheSize)) {
-    LOG(ERROR) << "Invalid cache (current) size";
-    return false;
-  }
-#endif
-
-  if (data_->header.num_entries < 0) {
-    LOG(ERROR) << "Invalid number of entries";
-    return false;
-  }
-
-  if (!mask_)
-    mask_ = data_->header.table_len - 1;
-
-  // Load the table into memory with a single read.
-  scoped_ptr<char[]> buf(new char[current_size]);
-  return index_->Read(buf.get(), current_size, 0);
-}
-
-int BackendImplV3::CheckAllEntries() {
-  int num_dirty = 0;
-  int num_entries = 0;
-  DCHECK(mask_ < std::numeric_limits<uint32_t>::max());
-  for (unsigned int i = 0; i <= mask_; i++) {
-    Addr address(data_->table[i]);
-    if (!address.is_initialized())
-      continue;
-    for (;;) {
-      EntryImpl* tmp;
-      int ret = NewEntry(address, &tmp);
-      if (ret) {
-        STRESS_NOTREACHED();
-        return ret;
-      }
-      scoped_refptr<EntryImpl> cache_entry;
-      cache_entry.swap(&tmp);
-
-      if (cache_entry->dirty())
-        num_dirty++;
-      else if (CheckEntry(cache_entry.get()))
-        num_entries++;
-      else
-        return ERR_INVALID_ENTRY;
-
-      DCHECK_EQ(i, cache_entry->entry()->Data()->hash & mask_);
-      address.set_value(cache_entry->GetNextAddress());
-      if (!address.is_initialized())
-        break;
-    }
-  }
-
-  Trace("CheckAllEntries End");
-  if (num_entries + num_dirty != data_->header.num_entries) {
-    LOG(ERROR) << "Number of entries " << num_entries << " " << num_dirty <<
-                  " " << data_->header.num_entries;
-    DCHECK_LT(num_entries, data_->header.num_entries);
-    return ERR_NUM_ENTRIES_MISMATCH;
-  }
-
-  return num_dirty;
-}
-
-bool BackendImplV3::CheckEntry(EntryImpl* cache_entry) {
-  bool ok = block_files_.IsValid(cache_entry->entry()->address());
-  ok = ok && block_files_.IsValid(cache_entry->rankings()->address());
-  EntryStore* data = cache_entry->entry()->Data();
-  for (size_t i = 0; i < arraysize(data->data_addr); i++) {
-    if (data->data_addr[i]) {
-      Addr address(data->data_addr[i]);
-      if (address.is_block_file())
-        ok = ok && block_files_.IsValid(address);
-    }
-  }
-
-  return ok && cache_entry->rankings()->VerifyHash();
-}
-
-int BackendImplV3::MaxBuffersSize() {
-  static int64_t total_memory = base::SysInfo::AmountOfPhysicalMemory();
-  static bool done = false;
-
-  if (!done) {
-    const int kMaxBuffersSize = 30 * 1024 * 1024;
-
-    // We want to use up to 2% of the computer's memory.
-    total_memory = total_memory * 2 / 100;
-    if (total_memory > kMaxBuffersSize || total_memory <= 0)
-      total_memory = kMaxBuffersSize;
-
-    done = true;
-  }
-
-  return static_cast<int>(total_memory);
-}
-
-#endif  // defined(V3_NOT_JUST_YET_READY).
-
-bool BackendImplV3::IsAllocAllowed(int current_size, int new_size) {
-  return false;
-}
-
-net::CacheType BackendImplV3::GetCacheType() const {
-  return cache_type_;
-}
-
-int32_t BackendImplV3::GetEntryCount() const {
-  return 0;
-}
-
-int BackendImplV3::OpenEntry(const std::string& key, Entry** entry,
-                             const CompletionCallback& callback) {
-  return net::ERR_FAILED;
-}
-
-int BackendImplV3::CreateEntry(const std::string& key, Entry** entry,
-                               const CompletionCallback& callback) {
-  return net::ERR_FAILED;
-}
-
-int BackendImplV3::DoomEntry(const std::string& key,
-                             const CompletionCallback& callback) {
-  return net::ERR_FAILED;
-}
-
-int BackendImplV3::DoomAllEntries(const CompletionCallback& callback) {
-  return net::ERR_FAILED;
-}
-
-int BackendImplV3::DoomEntriesBetween(base::Time initial_time,
-                                      base::Time end_time,
-                                      const CompletionCallback& callback) {
-  return net::ERR_FAILED;
-}
-
-int BackendImplV3::DoomEntriesSince(base::Time initial_time,
-                                    const CompletionCallback& callback) {
-  return net::ERR_FAILED;
-}
-
-int BackendImplV3::CalculateSizeOfAllEntries(
-    const CompletionCallback& callback) {
-  return net::ERR_FAILED;
-}
-
-class BackendImplV3::NotImplementedIterator : public Backend::Iterator {
- public:
-  int OpenNextEntry(disk_cache::Entry** next_entry,
-                    const net::CompletionCallback& callback) override {
-    return net::ERR_NOT_IMPLEMENTED;
-  }
-};
-
-scoped_ptr<Backend::Iterator> BackendImplV3::CreateIterator() {
-  return scoped_ptr<Iterator>(new NotImplementedIterator());
-}
-
-void BackendImplV3::GetStats(StatsItems* stats) {
-  NOTIMPLEMENTED();
-}
-
-void BackendImplV3::OnExternalCacheHit(const std::string& key) {
-  NOTIMPLEMENTED();
-}
-
-void BackendImplV3::CleanupCache() {
-}
-
-}  // namespace disk_cache
diff --git a/chromium/net/disk_cache/blockfile/backend_impl_v3.h b/chromium/net/disk_cache/blockfile/backend_impl_v3.h
deleted file mode 100644
index df51c2137af..00000000000
--- a/chromium/net/disk_cache/blockfile/backend_impl_v3.h
+++ /dev/null
@@ -1,287 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-// See net/disk_cache/disk_cache.h for the public interface of the cache.
-
-#ifndef NET_DISK_CACHE_BLOCKFILE_BACKEND_IMPL_V3_H_
-#define NET_DISK_CACHE_BLOCKFILE_BACKEND_IMPL_V3_H_
-
-#include <stdint.h>
-
-#include "base/containers/hash_tables.h"
-#include "base/files/file_path.h"
-#include "base/macros.h"
-#include "base/memory/ref_counted.h"
-#include "base/timer/timer.h"
-#include "net/disk_cache/blockfile/block_bitmaps_v3.h"
-#include "net/disk_cache/blockfile/block_files.h"
-#include "net/disk_cache/blockfile/eviction_v3.h"
-#include "net/disk_cache/blockfile/index_table_v3.h"
-#include "net/disk_cache/blockfile/stats.h"
-#include "net/disk_cache/blockfile/stress_support.h"
-#include "net/disk_cache/blockfile/trace.h"
-#include "net/disk_cache/disk_cache.h"
-
-namespace base {
-class SingleThreadTaskRunner;
-}  // namespace base
-
-namespace net {
-class NetLog;
-}  // namespace net
-
-namespace disk_cache {
-
-class EntryImplV3;
-
-// This class implements the Backend interface. An object of this
-// class handles the operations of the cache for a particular profile.
-class NET_EXPORT_PRIVATE BackendImplV3 : public Backend {
- public:
-  enum BackendFlags {
-    MAX_SIZE = 1 << 1,            // A maximum size was provided.
-    UNIT_TEST_MODE = 1 << 2,      // We are modifying the behavior for testing.
-    UPGRADE_MODE = 1 << 3,        // This is the upgrade tool (dump).
-    EVICTION_V2 = 1 << 4,         // Use of new eviction was specified.
-    BASIC_UNIT_TEST = 1 << 5,     // Identifies almost all unit tests.
-    NO_LOAD_PROTECTION = 1 << 6,  // Don't act conservatively under load.
-    NO_BUFFERING = 1 << 7,        // Disable extended IO buffering.
-    NO_CLEAN_ON_EXIT = 1 << 8     // Avoid saving data at exit time.
-  };
-
-  BackendImplV3(const base::FilePath& path,
-                const scoped_refptr<base::SingleThreadTaskRunner>& cache_thread,
-                net::NetLog* net_log);
-  ~BackendImplV3() override;
-
-  // Performs general initialization for this current instance of the cache.
-  int Init(const CompletionCallback& callback);
-
-  // Sets the maximum size for the total amount of data stored by this instance.
-  bool SetMaxSize(int max_bytes);
-
-  // Sets the cache type for this backend.
-  void SetType(net::CacheType type);
-
-  // Creates a new storage block of size block_count.
-  bool CreateBlock(FileType block_type, int block_count,
-                   Addr* block_address);
-
-  // Updates the ranking information for an entry.
-  void UpdateRank(EntryImplV3* entry, bool modified);
-
-  // Permanently deletes an entry, but still keeps track of it.
-  void InternalDoomEntry(EntryImplV3* entry);
-
-  // This method must be called when an entry is released for the last time, so
-  // the entry should not be used anymore. |address| is the cache address of the
-  // entry.
-  void OnEntryDestroyBegin(Addr address);
-
-  // This method must be called after all resources for an entry have been
-  // released.
-  void OnEntryDestroyEnd();
-
-  // If the |address| corresponds to an open entry, returns a pointer to that
-  // entry, otherwise returns NULL. Note that this method does not increase the
-  // ref counter for the entry.
-  EntryImplV3* GetOpenEntry(Addr address) const;
-
-  // Returns the id being used on this run of the cache.
-  int32_t GetCurrentEntryId() const;
-
-  // Returns the maximum size for a file to reside on the cache.
-  int MaxFileSize() const;
-
-  // A user data block is being created, extended or truncated.
-  void ModifyStorageSize(int32_t old_size, int32_t new_size);
-
-  // Logs requests that are denied due to being too big.
-  void TooMuchStorageRequested(int32_t size);
-
-  // Returns true if a temporary buffer is allowed to be extended.
-  bool IsAllocAllowed(int current_size, int new_size);
-
-  // Tracks the release of |size| bytes by an entry buffer.
-  void BufferDeleted(int size);
-
-  // Only intended for testing the two previous methods.
-  int GetTotalBuffersSize() const {
-    return buffer_bytes_;
-  }
-
-  // Returns true if this instance seems to be under heavy load.
-  bool IsLoaded() const;
-
-  // Returns the full histogram name, for the given base |name| and the current
-  // cache type. The name will be "DiskCache3.name_type".
-  std::string HistogramName(const char* name) const;
-
-  net::CacheType cache_type() const {
-    return cache_type_;
-  }
-
-  bool read_only() const {
-    return read_only_;
-  }
-
-  // Returns a weak pointer to this object.
-  base::WeakPtr<BackendImplV3> GetWeakPtr();
-
-  // Returns true if we should send histograms for this user again. The caller
-  // must call this function only once per run (because it returns always the
-  // same thing on a given run).
-  bool ShouldReportAgain();
-
-  // Reports some data when we filled up the cache.
-  void FirstEviction();
-
-  // Called when an interesting event should be logged (counted).
-  void OnEvent(Stats::Counters an_event);
-
-  // Keeps track of payload access (doesn't include metadata).
-  void OnRead(int bytes);
-  void OnWrite(int bytes);
-
-  // Timer callback to calculate usage statistics and perform backups.
-  void OnTimerTick();
-
-  // Sets internal parameters to enable unit testing mode.
-  void SetUnitTestMode();
-
-  // Sets internal parameters to enable upgrade mode (for internal tools).
-  void SetUpgradeMode();
-
-  // Sets the eviction algorithm to version 2.
-  void SetNewEviction();
-
-  // Sets an explicit set of BackendFlags.
-  void SetFlags(uint32_t flags);
-
-  // Sends a dummy operation through the operation queue, for unit tests.
-  int FlushQueueForTest(const CompletionCallback& callback);
-
-  // Trims an entry (all if |empty| is true) from the list of deleted
-  // entries. This method should be called directly on the cache thread.
-  void TrimForTest(bool empty);
-
-  // Trims an entry (all if |empty| is true) from the list of deleted
-  // entries. This method should be called directly on the cache thread.
-  void TrimDeletedListForTest(bool empty);
-
-  // Performs a simple self-check, and returns the number of dirty items
-  // or an error code (negative value).
-  int SelfCheck();
-
-  // Backend implementation.
-  net::CacheType GetCacheType() const override;
-  int32_t GetEntryCount() const override;
-  int OpenEntry(const std::string& key,
-                Entry** entry,
-                const CompletionCallback& callback) override;
-  int CreateEntry(const std::string& key,
-                  Entry** entry,
-                  const CompletionCallback& callback) override;
-  int DoomEntry(const std::string& key,
-                const CompletionCallback& callback) override;
-  int DoomAllEntries(const CompletionCallback& callback) override;
-  int DoomEntriesBetween(base::Time initial_time,
-                         base::Time end_time,
-                         const CompletionCallback& callback) override;
-  int DoomEntriesSince(base::Time initial_time,
-                       const CompletionCallback& callback) override;
-  int CalculateSizeOfAllEntries(const CompletionCallback& callback) override;
-  scoped_ptr<Iterator> CreateIterator() override;
-  void GetStats(StatsItems* stats) override;
-  void OnExternalCacheHit(const std::string& key) override;
-
- private:
-  friend class EvictionV3;
-  typedef base::hash_map<CacheAddr, EntryImplV3*> EntriesMap;
-  class IteratorImpl;
-  class NotImplementedIterator;
-  class Worker;
-
-  void AdjustMaxCacheSize();
-  bool InitStats(void* stats_data);
-  void StoreStats();
-
-  // Deletes the cache and starts again.
-  void RestartCache(bool failure);
-  void PrepareForRestart();
-
-  // Performs final cleanup.
-  void CleanupCache();
-
-  // Creates a new entry object. Returns zero on success, or a disk_cache error
-  // on failure.
-  int NewEntry(Addr address, EntryImplV3** entry);
-
-  // Handles the used storage count.
-  void AddStorageSize(int32_t bytes);
-  void SubstractStorageSize(int32_t bytes);
-
-  // Update the number of referenced cache entries.
-  void IncreaseNumRefs();
-  void DecreaseNumRefs();
-  void IncreaseNumEntries();
-  void DecreaseNumEntries();
-
-  // Dumps current cache statistics to the log.
-  void LogStats();
-
-  // Send UMA stats.
-  void ReportStats();
-
-  // Reports an uncommon, recoverable error.
-  void ReportError(int error);
-
-  // Performs basic checks on the index file. Returns false on failure.
-  bool CheckIndex();
-
-  // Part of the self test. Returns the number or dirty entries, or an error.
-  int CheckAllEntries();
-
-  // Part of the self test. Returns false if the entry is corrupt.
-  bool CheckEntry(EntryImplV3* cache_entry);
-
-  // Returns the maximum total memory for the memory buffers.
-  int MaxBuffersSize();
-
-  IndexTable index_;
-  base::FilePath path_;  // Path to the folder used as backing storage.
-  BlockBitmaps block_files_;
-  int32_t max_size_;     // Maximum data size for this instance.
-  EvictionV3 eviction_;  // Handler of the eviction algorithm.
-  EntriesMap open_entries_;
-  int num_refs_;  // Number of referenced cache entries.
-  int max_refs_;  // Max number of referenced cache entries.
-  int entry_count_;  // Number of entries accessed lately.
-  int byte_count_;  // Number of bytes read/written lately.
-  int buffer_bytes_;  // Total size of the temporary entries' buffers.
-  int up_ticks_;  // The number of timer ticks received (OnTimerTick).
-  net::CacheType cache_type_;
-  int uma_report_;  // Controls transmission of UMA data.
-  uint32_t user_flags_;  // Flags set by the user.
-  bool init_;  // controls the initialization of the system.
-  bool restarted_;
-  bool read_only_;  // Prevents updates of the rankings data (used by tools).
-  bool disabled_;
-  bool lru_eviction_;  // What eviction algorithm should be used.
-  bool first_timer_;  // True if the timer has not been called.
-  bool user_load_;  // True if we see a high load coming from the caller.
-
-  net::NetLog* net_log_;
-
-  Stats stats_;  // Usage statistics.
-  scoped_ptr<base::RepeatingTimer> timer_;   // Usage timer.
-  scoped_refptr<TraceObject> trace_object_;  // Initializes internal tracing.
-  base::WeakPtrFactory<BackendImplV3> ptr_factory_;
-
-  DISALLOW_COPY_AND_ASSIGN(BackendImplV3);
-};
-
-}  // namespace disk_cache
-
-#endif  // NET_DISK_CACHE_BLOCKFILE_BACKEND_IMPL_V3_H_
diff --git a/chromium/net/disk_cache/blockfile/backend_worker_v3.cc b/chromium/net/disk_cache/blockfile/backend_worker_v3.cc
deleted file mode 100644
index 897ee3c3d39..00000000000
--- a/chromium/net/disk_cache/blockfile/backend_worker_v3.cc
+++ /dev/null
@@ -1,471 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "net/disk_cache/blockfile/backend_worker_v3.h"
-
-#include <stdint.h>
-
-#include <limits>
-
-#include "base/bind.h"
-#include "base/bind_helpers.h"
-#include "base/files/file_path.h"
-#include "base/files/file_util.h"
-#include "base/message_loop/message_loop.h"
-#include "base/strings/string_util.h"
-#include "base/strings/stringprintf.h"
-#include "base/time/time.h"
-#include "base/timer/timer.h"
-#include "net/base/net_errors.h"
-#include "net/disk_cache/blockfile/errors.h"
-#include "net/disk_cache/blockfile/experiments.h"
-#include "net/disk_cache/blockfile/file.h"
-
-using base::Time;
-using base::TimeDelta;
-using base::TimeTicks;
-
-namespace {
-
-#if defined(V3_NOT_JUST_YET_READY)
-
-const char kIndexName[] = "index";
-
-// Seems like ~240 MB correspond to less than 50k entries for 99% of the people.
-// Note that the actual target is to keep the index table load factor under 55%
-// for most users.
-const int k64kEntriesStore = 240 * 1000 * 1000;
-const int kBaseTableLen = 64 * 1024;
-const int kDefaultCacheSize = 80 * 1024 * 1024;
-
-// Avoid trimming the cache for the first 5 minutes (10 timer ticks).
-const int kTrimDelay = 10;
-
-int DesiredIndexTableLen(int32_t storage_size) {
-  if (storage_size <= k64kEntriesStore)
-    return kBaseTableLen;
-  if (storage_size <= k64kEntriesStore * 2)
-    return kBaseTableLen * 2;
-  if (storage_size <= k64kEntriesStore * 4)
-    return kBaseTableLen * 4;
-  if (storage_size <= k64kEntriesStore * 8)
-    return kBaseTableLen * 8;
-
-  // The biggest storage_size for int32_t requires a 4 MB table.
-  return kBaseTableLen * 16;
-}
-
-int MaxStorageSizeForTable(int table_len) {
-  return table_len * (k64kEntriesStore / kBaseTableLen);
-}
-
-size_t GetIndexSize(int table_len) {
-  size_t table_size = sizeof(disk_cache::CacheAddr) * table_len;
-  return sizeof(disk_cache::IndexHeader) + table_size;
-}
-
-// ------------------------------------------------------------------------
-
-// Sets group for the current experiment. Returns false if the files should be
-// discarded.
-bool InitExperiment(disk_cache::IndexHeader* header, bool cache_created) {
-  if (header->experiment == disk_cache::EXPERIMENT_OLD_FILE1 ||
-      header->experiment == disk_cache::EXPERIMENT_OLD_FILE2) {
-    // Discard current cache.
-    return false;
-  }
-
-  if (base::FieldTrialList::FindFullName("SimpleCacheTrial") ==
-          "ExperimentControl") {
-    if (cache_created) {
-      header->experiment = disk_cache::EXPERIMENT_SIMPLE_CONTROL;
-      return true;
-    } else if (header->experiment != disk_cache::EXPERIMENT_SIMPLE_CONTROL) {
-      return false;
-    }
-  }
-
-  header->experiment = disk_cache::NO_EXPERIMENT;
-  return true;
-}
-#endif  // defined(V3_NOT_JUST_YET_READY).
-
-}  // namespace
-
-// ------------------------------------------------------------------------
-
-namespace disk_cache {
-
-BackendImplV3::Worker::Worker(
-    const base::FilePath& path,
-    const scoped_refptr<base::SingleThreadTaskRunner>& main_thread)
-    : path_(path), block_files_(path), init_(false) {
-}
-
-#if defined(V3_NOT_JUST_YET_READY)
-
-int BackendImpl::SyncInit() {
-#if defined(NET_BUILD_STRESS_CACHE)
-  // Start evictions right away.
-  up_ticks_ = kTrimDelay * 2;
-#endif
-  DCHECK(!init_);
-  if (init_)
-    return net::ERR_FAILED;
-
-  bool create_files = false;
-  if (!InitBackingStore(&create_files)) {
-    ReportError(ERR_STORAGE_ERROR);
-    return net::ERR_FAILED;
-  }
-
-  num_refs_ = num_pending_io_ = max_refs_ = 0;
-  entry_count_ = byte_count_ = 0;
-
-  if (!restarted_) {
-    buffer_bytes_ = 0;
-    trace_object_ = TraceObject::GetTraceObject();
-    // Create a recurrent timer of 30 secs.
-    int timer_delay = unit_test_ ? 1000 : 30000;
-    timer_.reset(new base::RepeatingTimer());
-    timer_->Start(FROM_HERE, TimeDelta::FromMilliseconds(timer_delay), this,
-                  &BackendImpl::OnStatsTimer);
-  }
-
-  init_ = true;
-  Trace("Init");
-
-  if (data_->header.experiment != NO_EXPERIMENT &&
-      cache_type_ != net::DISK_CACHE) {
-    // No experiment for other caches.
-    return net::ERR_FAILED;
-  }
-
-  if (!(user_flags_ & kNoRandom)) {
-    // The unit test controls directly what to test.
-    new_eviction_ = (cache_type_ == net::DISK_CACHE);
-  }
-
-  if (!CheckIndex()) {
-    ReportError(ERR_INIT_FAILED);
-    return net::ERR_FAILED;
-  }
-
-  if (!restarted_ && (create_files || !data_->header.num_entries))
-    ReportError(ERR_CACHE_CREATED);
-
-  if (!(user_flags_ & kNoRandom) && cache_type_ == net::DISK_CACHE &&
-      !InitExperiment(&data_->header, create_files)) {
-    return net::ERR_FAILED;
-  }
-
-  // We don't care if the value overflows. The only thing we care about is that
-  // the id cannot be zero, because that value is used as "not dirty".
-  // Increasing the value once per second gives us many years before we start
-  // having collisions.
-  data_->header.this_id++;
-  if (!data_->header.this_id)
-    data_->header.this_id++;
-
-  bool previous_crash = (data_->header.crash != 0);
-  data_->header.crash = 1;
-
-  if (!block_files_.Init(create_files))
-    return net::ERR_FAILED;
-
-  // We want to minimize the changes to cache for an AppCache.
-  if (cache_type() == net::APP_CACHE) {
-    DCHECK(!new_eviction_);
-    read_only_ = true;
-  } else if (cache_type() == net::SHADER_CACHE) {
-    DCHECK(!new_eviction_);
-  }
-
-  eviction_.Init(this);
-
-  // stats_ and rankings_ may end up calling back to us so we better be enabled.
-  disabled_ = false;
-  if (!InitStats())
-    return net::ERR_FAILED;
-
-  disabled_ = !rankings_.Init(this, new_eviction_);
-
-#if defined(STRESS_CACHE_EXTENDED_VALIDATION)
-  trace_object_->EnableTracing(false);
-  int sc = SelfCheck();
-  if (sc < 0 && sc != ERR_NUM_ENTRIES_MISMATCH)
-    NOTREACHED();
-  trace_object_->EnableTracing(true);
-#endif
-
-  if (previous_crash) {
-    ReportError(ERR_PREVIOUS_CRASH);
-  } else if (!restarted_) {
-    ReportError(ERR_NO_ERROR);
-  }
-
-  FlushIndex();
-
-  return disabled_ ? net::ERR_FAILED : net::OK;
-}
-
-void BackendImpl::PrepareForRestart() {
-  // Reset the mask_ if it was not given by the user.
-  if (!(user_flags_ & kMask))
-    mask_ = 0;
-
-  if (!(user_flags_ & kNewEviction))
-    new_eviction_ = false;
-
-  disabled_ = true;
-  data_->header.crash = 0;
-  index_->Flush();
-  index_ = NULL;
-  data_ = NULL;
-  block_files_.CloseFiles();
-  rankings_.Reset();
-  init_ = false;
-  restarted_ = true;
-}
-
-BackendImpl::~BackendImpl() {
-  if (user_flags_ & kNoRandom) {
-    // This is a unit test, so we want to be strict about not leaking entries
-    // and completing all the work.
-    background_queue_.WaitForPendingIO();
-  } else {
-    // This is most likely not a test, so we want to do as little work as
-    // possible at this time, at the price of leaving dirty entries behind.
-    background_queue_.DropPendingIO();
-  }
-
-  if (background_queue_.BackgroundIsCurrentThread()) {
-    // Unit tests may use the same thread for everything.
-    CleanupCache();
-  } else {
-    background_queue_.background_thread()->PostTask(
-        FROM_HERE, base::Bind(&FinalCleanupCallback, base::Unretained(this)));
-    // http://crbug.com/74623
-    base::ThreadRestrictions::ScopedAllowWait allow_wait;
-    done_.Wait();
-  }
-}
-
-void BackendImpl::CleanupCache() {
-  Trace("Backend Cleanup");
-  eviction_.Stop();
-  timer_.reset();
-
-  if (init_) {
-    StoreStats();
-    if (data_)
-      data_->header.crash = 0;
-
-    if (user_flags_ & kNoRandom) {
-      // This is a net_unittest, verify that we are not 'leaking' entries.
-      File::WaitForPendingIO(&num_pending_io_);
-      DCHECK(!num_refs_);
-    } else {
-      File::DropPendingIO();
-    }
-  }
-  block_files_.CloseFiles();
-  FlushIndex();
-  index_ = NULL;
-  ptr_factory_.InvalidateWeakPtrs();
-  done_.Signal();
-}
-
-base::FilePath BackendImpl::GetFileName(Addr address) const {
-  if (!address.is_separate_file() || !address.is_initialized()) {
-    NOTREACHED();
-    return base::FilePath();
-  }
-
-  std::string tmp = base::StringPrintf("f_%06x", address.FileNumber());
-  return path_.AppendASCII(tmp);
-}
-
-// We just created a new file so we're going to write the header and set the
-// file length to include the hash table (zero filled).
-bool BackendImpl::CreateBackingStore(disk_cache::File* file) {
-  AdjustMaxCacheSize(0);
-
-  IndexHeader header;
-  header.table_len = DesiredIndexTableLen(max_size_);
-
-  // We need file version 2.1 for the new eviction algorithm.
-  if (new_eviction_)
-    header.version = 0x20001;
-
-  header.create_time = Time::Now().ToInternalValue();
-
-  if (!file->Write(&header, sizeof(header), 0))
-    return false;
-
-  return file->SetLength(GetIndexSize(header.table_len));
-}
-
-bool BackendImpl::InitBackingStore(bool* file_created) {
-  if (!base::CreateDirectory(path_))
-    return false;
-
-  base::FilePath index_name = path_.AppendASCII(kIndexName);
-
-  int flags = base::PLATFORM_FILE_READ |
-              base::PLATFORM_FILE_WRITE |
-              base::PLATFORM_FILE_OPEN_ALWAYS |
-              base::PLATFORM_FILE_EXCLUSIVE_WRITE;
-  scoped_refptr<disk_cache::File> file(new disk_cache::File(
-      base::CreatePlatformFile(index_name, flags, file_created, NULL)));
-
-  if (!file->IsValid())
-    return false;
-
-  bool ret = true;
-  if (*file_created)
-    ret = CreateBackingStore(file.get());
-
-  file = NULL;
-  if (!ret)
-    return false;
-
-  index_ = new MappedFile();
-  data_ = reinterpret_cast<Index*>(index_->Init(index_name, 0));
-  if (!data_) {
-    LOG(ERROR) << "Unable to map Index file";
-    return false;
-  }
-
-  if (index_->GetLength() < sizeof(Index)) {
-    // We verify this again on CheckIndex() but it's easier to make sure now
-    // that the header is there.
-    LOG(ERROR) << "Corrupt Index file";
-    return false;
-  }
-
-  return true;
-}
-
-void BackendImpl::ReportError(int error) {
-  STRESS_DCHECK(!error || error == ERR_PREVIOUS_CRASH ||
-                error == ERR_CACHE_CREATED);
-
-  // We transmit positive numbers, instead of direct error codes.
-  DCHECK_LE(error, 0);
-  CACHE_UMA(CACHE_ERROR, "Error", 0, error * -1);
-}
-
-
-bool BackendImpl::CheckIndex() {
-  DCHECK(data_);
-
-  size_t current_size = index_->GetLength();
-  if (current_size < sizeof(Index)) {
-    LOG(ERROR) << "Corrupt Index file";
-    return false;
-  }
-
-  if (new_eviction_) {
-    // We support versions 2.0 and 2.1, upgrading 2.0 to 2.1.
-    if (kIndexMagic != data_->header.magic ||
-        kCurrentVersion >> 16 != data_->header.version >> 16) {
-      LOG(ERROR) << "Invalid file version or magic";
-      return false;
-    }
-    if (kCurrentVersion == data_->header.version) {
-      // We need file version 2.1 for the new eviction algorithm.
-      UpgradeTo2_1();
-    }
-  } else {
-    if (kIndexMagic != data_->header.magic ||
-        kCurrentVersion != data_->header.version) {
-      LOG(ERROR) << "Invalid file version or magic";
-      return false;
-    }
-  }
-
-  if (!data_->header.table_len) {
-    LOG(ERROR) << "Invalid table size";
-    return false;
-  }
-
-  if (current_size < GetIndexSize(data_->header.table_len) ||
-      data_->header.table_len & (kBaseTableLen - 1)) {
-    LOG(ERROR) << "Corrupt Index file";
-    return false;
-  }
-
-  AdjustMaxCacheSize(data_->header.table_len);
-
-#if !defined(NET_BUILD_STRESS_CACHE)
-  if (data_->header.num_bytes < 0 ||
-      (max_size_ < std::numeric_limits<int32_t>::max() - kDefaultCacheSize &&
-       data_->header.num_bytes > max_size_ + kDefaultCacheSize)) {
-    LOG(ERROR) << "Invalid cache (current) size";
-    return false;
-  }
-#endif
-
-  if (data_->header.num_entries < 0) {
-    LOG(ERROR) << "Invalid number of entries";
-    return false;
-  }
-
-  if (!mask_)
-    mask_ = data_->header.table_len - 1;
-
-  // Load the table into memory with a single read.
-  scoped_ptr<char[]> buf(new char[current_size]);
-  return index_->Read(buf.get(), current_size, 0);
-}
-
-bool BackendImpl::InitStats() {
-  Addr address(data_->header.stats);
-  int size = stats_.StorageSize();
-
-  if (!address.is_initialized()) {
-    FileType file_type = Addr::RequiredFileType(size);
-    DCHECK_NE(file_type, EXTERNAL);
-    int num_blocks = Addr::RequiredBlocks(size, file_type);
-
-    if (!CreateBlock(file_type, num_blocks, &address))
-      return false;
-    return stats_.Init(NULL, 0, address);
-  }
-
-  if (!address.is_block_file()) {
-    NOTREACHED();
-    return false;
-  }
-
-  // Load the required data.
-  size = address.num_blocks() * address.BlockSize();
-  MappedFile* file = File(address);
-  if (!file)
-    return false;
-
-  scoped_ptr<char[]> data(new char[size]);
-  size_t offset = address.start_block() * address.BlockSize() +
-                  kBlockHeaderSize;
-  if (!file->Read(data.get(), size, offset))
-    return false;
-
-  if (!stats_.Init(data.get(), size, address))
-    return false;
-  if (cache_type_ == net::DISK_CACHE && ShouldReportAgain())
-    stats_.InitSizeHistogram();
-  return true;
-}
-
-#endif  // defined(V3_NOT_JUST_YET_READY).
-
-int BackendImplV3::Worker::Init(const CompletionCallback& callback) {
-  return net::ERR_FAILED;
-}
-
-BackendImplV3::Worker::~Worker() {
-}
-
-}  // namespace disk_cache
diff --git a/chromium/net/disk_cache/blockfile/backend_worker_v3.h b/chromium/net/disk_cache/blockfile/backend_worker_v3.h
deleted file mode 100644
index fc8b317345e..00000000000
--- a/chromium/net/disk_cache/blockfile/backend_worker_v3.h
+++ /dev/null
@@ -1,57 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-// See net/disk_cache/disk_cache.h for the public interface of the cache.
-
-#ifndef NET_DISK_CACHE_BLOCKFILE_BACKEND_WORKER_V3_H_
-#define NET_DISK_CACHE_BLOCKFILE_BACKEND_WORKER_V3_H_
-
-#include "base/containers/hash_tables.h"
-#include "base/files/file_path.h"
-#include "base/macros.h"
-#include "base/memory/ref_counted.h"
-#include "net/disk_cache/blockfile/addr.h"
-#include "net/disk_cache/blockfile/backend_impl_v3.h"
-#include "net/disk_cache/blockfile/block_files.h"
-
-namespace base {
-class SingleThreadTaskRunner;
-}  // namespace base
-
-namespace disk_cache {
-
-class BackendImplV3::Worker : public base::RefCountedThreadSafe<Worker> {
- public:
-  Worker(const base::FilePath& path,
-         const scoped_refptr<base::SingleThreadTaskRunner>& main_thread);
-
-  // Performs general initialization for this current instance of the cache.
-  int Init(const CompletionCallback& callback);
-
- private:
-  friend class base::RefCountedThreadSafe<Worker>;
-
-  ~Worker();
-  void CleanupCache();
-
-  // Returns the full name for an external storage file.
-  base::FilePath GetFileName(Addr address) const;
-
-  // Creates a new backing file for the cache index.
-  bool CreateBackingStore(disk_cache::File* file);
-  bool InitBackingStore(bool* file_created);
-
-  // Performs basic checks on the index file. Returns false on failure.
-  bool CheckIndex();
-
-  base::FilePath path_;  // Path to the folder used as backing storage.
-  BlockFiles block_files_;  // Set of files used to store all data.
-  bool init_;  // controls the initialization of the system.
-
-  DISALLOW_COPY_AND_ASSIGN(Worker);
-};
-
-}  // namespace disk_cache
-
-#endif  // NET_DISK_CACHE_BLOCKFILE_BACKEND_WORKER_V3_H_
diff --git a/chromium/net/disk_cache/blockfile/block_bitmaps_v3.cc b/chromium/net/disk_cache/blockfile/block_bitmaps_v3.cc
deleted file mode 100644
index 70208aef74f..00000000000
--- a/chromium/net/disk_cache/blockfile/block_bitmaps_v3.cc
+++ /dev/null
@@ -1,179 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "net/disk_cache/blockfile/block_bitmaps_v3.h"
-
-#include "base/metrics/histogram_macros.h"
-#include "base/time/time.h"
-#include "net/disk_cache/blockfile/disk_format_base.h"
-#include "net/disk_cache/blockfile/trace.h"
-
-using base::TimeTicks;
-
-namespace disk_cache {
-
-BlockBitmaps::BlockBitmaps() {
-}
-
-BlockBitmaps::~BlockBitmaps() {
-}
-
-void BlockBitmaps::Init(const BlockFilesBitmaps& bitmaps) {
-  bitmaps_ = bitmaps;
-}
-
-bool BlockBitmaps::CreateBlock(FileType block_type,
-                               int block_count,
-                               Addr* block_address) {
-  DCHECK_NE(block_type, EXTERNAL);
-  DCHECK_NE(block_type, RANKINGS);
-  if (block_count < 1 || block_count > kMaxNumBlocks)
-    return false;
-
-  int header_num = HeaderNumberForNewBlock(block_type, block_count);
-  if (header_num < 0)
-    return false;
-
-  int index;
-  if (!bitmaps_[header_num].CreateMapBlock(block_count, &index))
-    return false;
-
-  if (!index && (block_type == BLOCK_ENTRIES || block_type == BLOCK_EVICTED) &&
-      !bitmaps_[header_num].CreateMapBlock(block_count, &index)) {
-    // index 0 for entries is a reserved value.
-    return false;
-  }
-
-  Addr address(block_type, block_count, bitmaps_[header_num].FileId(), index);
-  block_address->set_value(address.value());
-  Trace("CreateBlock 0x%x", address.value());
-  return true;
-}
-
-void BlockBitmaps::DeleteBlock(Addr address) {
-  if (!address.is_initialized() || address.is_separate_file())
-    return;
-
-  int header_num = GetHeaderNumber(address);
-  if (header_num < 0)
-    return;
-
-  Trace("DeleteBlock 0x%x", address.value());
-  bitmaps_[header_num].DeleteMapBlock(address.start_block(),
-                                      address.num_blocks());
-}
-
-void BlockBitmaps::Clear() {
-  bitmaps_.clear();
-}
-
-void BlockBitmaps::ReportStats() {
-  int used_blocks[kFirstAdditionalBlockFile];
-  int load[kFirstAdditionalBlockFile];
-  for (int16_t i = 0; i < kFirstAdditionalBlockFile; i++) {
-    GetFileStats(i, &used_blocks[i], &load[i]);
-  }
-  UMA_HISTOGRAM_COUNTS("DiskCache.Blocks_0", used_blocks[0]);
-  UMA_HISTOGRAM_COUNTS("DiskCache.Blocks_1", used_blocks[1]);
-  UMA_HISTOGRAM_COUNTS("DiskCache.Blocks_2", used_blocks[2]);
-  UMA_HISTOGRAM_COUNTS("DiskCache.Blocks_3", used_blocks[3]);
-
-  UMA_HISTOGRAM_ENUMERATION("DiskCache.BlockLoad_0", load[0], 101);
-  UMA_HISTOGRAM_ENUMERATION("DiskCache.BlockLoad_1", load[1], 101);
-  UMA_HISTOGRAM_ENUMERATION("DiskCache.BlockLoad_2", load[2], 101);
-  UMA_HISTOGRAM_ENUMERATION("DiskCache.BlockLoad_3", load[3], 101);
-}
-
-bool BlockBitmaps::IsValid(Addr address) {
-#ifdef NDEBUG
-  return true;
-#else
-  if (!address.is_initialized() || address.is_separate_file())
-    return false;
-
-  int header_num = GetHeaderNumber(address);
-  if (header_num < 0)
-    return false;
-
-  bool rv = bitmaps_[header_num].UsedMapBlock(address.start_block(),
-                                              address.num_blocks());
-  DCHECK(rv);
-  return rv;
-#endif
-}
-
-int BlockBitmaps::GetHeaderNumber(Addr address) {
-  DCHECK_GE(bitmaps_.size(), kFirstAdditionalBlockFileV3);
-  DCHECK(address.is_block_file() || !address.is_initialized());
-  if (!address.is_initialized())
-    return -1;
-
-  int file_index = address.FileNumber();
-  if (static_cast<unsigned int>(file_index) >= bitmaps_.size())
-    return -1;
-
-  return file_index;
-}
-
-int BlockBitmaps::HeaderNumberForNewBlock(FileType block_type,
-                                          int block_count) {
-  DCHECK_GT(block_type, 0);
-  int header_num = block_type - 1;
-  bool found = true;
-
-  TimeTicks start = TimeTicks::Now();
-  while (bitmaps_[header_num].NeedToGrowBlockFile(block_count)) {
-    header_num = bitmaps_[header_num].NextFileId();
-    if (!header_num) {
-      found = false;
-      break;
-    }
-  }
-
-  if (!found) {
-    // Restart the search, looking for any file with space. We know that all
-    // files of this type are low on free blocks, but we cannot grow any file
-    // at this time.
-    header_num = block_type - 1;
-    do {
-      if (bitmaps_[header_num].CanAllocate(block_count)) {
-        found = true;  // Make sure file 0 is not mistaken with a failure.
-        break;
-      }
-      header_num = bitmaps_[header_num].NextFileId();
-    } while (header_num);
-
-    if (!found)
-      header_num = -1;
-  }
-
-  LOCAL_HISTOGRAM_TIMES("DiskCache.GetFileForNewBlock",
-                        TimeTicks::Now() - start);
-  return header_num;
-}
-
-// We are interested in the total number of blocks used by this file type, and
-// the max number of blocks that we can store (reported as the percentage of
-// used blocks). In order to find out the number of used blocks, we have to
-// substract the empty blocks from the total blocks for each file in the chain.
-void BlockBitmaps::GetFileStats(int index, int* used_count, int* load) {
-  int max_blocks = 0;
-  *used_count = 0;
-  *load = 0;
-  do {
-    int capacity = bitmaps_[index].Capacity();
-    int used = capacity - bitmaps_[index].EmptyBlocks();
-    DCHECK_GE(used, 0);
-
-    max_blocks += capacity;
-    *used_count += used;
-
-    index = bitmaps_[index].NextFileId();
-  } while (index);
-
-  if (max_blocks)
-    *load = *used_count * 100 / max_blocks;
-}
-
-}  // namespace disk_cache
diff --git a/chromium/net/disk_cache/blockfile/block_bitmaps_v3.h b/chromium/net/disk_cache/blockfile/block_bitmaps_v3.h
deleted file mode 100644
index b2ca46141e7..00000000000
--- a/chromium/net/disk_cache/blockfile/block_bitmaps_v3.h
+++ /dev/null
@@ -1,66 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-// See net/disk_cache/disk_cache.h for the public interface.
-
-#ifndef NET_DISK_CACHE_BLOCKFILE_BLOCK_BITMAPS_V3_H_
-#define NET_DISK_CACHE_BLOCKFILE_BLOCK_BITMAPS_V3_H_
-
-#include "base/files/file_path.h"
-#include "base/macros.h"
-#include "net/base/net_export.h"
-#include "net/disk_cache/blockfile/addr.h"
-#include "net/disk_cache/blockfile/block_files.h"
-
-namespace disk_cache {
-
-class BackendImplV3;
-
-// This class is the interface in the v3 disk cache to the set of files holding
-// cached data that is small enough to not be efficiently stored in a dedicated
-// file (i.e. < kMaxBlockSize). It is primarily used to allocate and free
-// regions in those files used to store data.
-class NET_EXPORT_PRIVATE BlockBitmaps {
- public:
-  BlockBitmaps();
-  ~BlockBitmaps();
-
-  void Init(const BlockFilesBitmaps& bitmaps);
-
-  // Creates a new entry on a block file. block_type indicates the size of block
-  // to be used (as defined on cache_addr.h), block_count is the number of
-  // blocks to allocate, and block_address is the address of the new entry.
-  bool CreateBlock(FileType block_type, int block_count, Addr* block_address);
-
-  // Removes an entry from the block files.
-  void DeleteBlock(Addr address);
-
-  // Releases the internal bitmaps. The cache is being purged.
-  void Clear();
-
-  // Sends UMA stats.
-  void ReportStats();
-
-  // Returns true if the blocks pointed by a given address are currently used.
-  // This method is only intended for debugging.
-  bool IsValid(Addr address);
-
- private:
-  // Returns the header number that stores a given address.
-  int GetHeaderNumber(Addr address);
-
-  // Returns the appropriate header to use for a new block.
-  int HeaderNumberForNewBlock(FileType block_type, int block_count);
-
-  // Retrieves stats for the given file index.
-  void GetFileStats(int index, int* used_count, int* load);
-
-  BlockFilesBitmaps bitmaps_;
-
-  DISALLOW_COPY_AND_ASSIGN(BlockBitmaps);
-};
-
-}  // namespace disk_cache
-
-#endif  // NET_DISK_CACHE_BLOCKFILE_BLOCK_BITMAPS_V3_H_
diff --git a/chromium/net/disk_cache/blockfile/block_bitmaps_v3_unittest.cc b/chromium/net/disk_cache/blockfile/block_bitmaps_v3_unittest.cc
deleted file mode 100644
index 64ca115cded..00000000000
--- a/chromium/net/disk_cache/blockfile/block_bitmaps_v3_unittest.cc
+++ /dev/null
@@ -1,70 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "net/disk_cache/blockfile/addr.h"
-#include "net/disk_cache/blockfile/block_bitmaps_v3.h"
-#include "net/disk_cache/blockfile/block_files.h"
-#include "net/disk_cache/blockfile/disk_format_base.h"
-#include "testing/gtest/include/gtest/gtest.h"
-
-// Tests that we add and remove blocks correctly.
-TEST(DiskCacheBlockBitmaps, V3AllocationMap) {
-  disk_cache::BlockBitmaps block_bitmaps;
-  disk_cache::BlockFilesBitmaps bitmaps;
-
-  const int kNumHeaders = 10;
-  disk_cache::BlockFileHeader headers[kNumHeaders];
-  for (int i = 0; i < kNumHeaders; i++) {
-    memset(&headers[i], 0, sizeof(headers[i]));
-    headers[i].magic = disk_cache::kBlockMagic;
-    headers[i].version = disk_cache::kBlockCurrentVersion;
-    headers[i].this_file = static_cast<int16_t>(i);
-    headers[i].empty[3] = 200;
-    headers[i].max_entries = 800;
-    bitmaps.push_back(disk_cache::BlockHeader(&headers[i]));
-  }
-
-  block_bitmaps.Init(bitmaps);
-
-  // Create a bunch of entries.
-  const int kSize = 100;
-  disk_cache::Addr address[kSize];
-  for (int i = 0; i < kSize; i++) {
-    SCOPED_TRACE(i);
-    int block_size = i % 4 + 1;
-    ASSERT_TRUE(block_bitmaps.CreateBlock(disk_cache::BLOCK_1K, block_size,
-                                          &address[i]));
-    EXPECT_EQ(disk_cache::BLOCK_1K, address[i].file_type());
-    EXPECT_EQ(block_size, address[i].num_blocks());
-    int start = address[i].start_block();
-
-    // Verify that the allocated entry doesn't cross a 4 block boundary.
-    EXPECT_EQ(start / 4, (start + block_size - 1) / 4);
-  }
-
-  for (int i = 0; i < kSize; i++) {
-    SCOPED_TRACE(i);
-    EXPECT_TRUE(block_bitmaps.IsValid(address[i]));
-  }
-
-  // The first part of the allocation map should be completely filled. We used
-  // 10 bits per each of four entries, so 250 bits total. All entries should go
-  // to the third file.
-  uint8_t* buffer = reinterpret_cast<uint8_t*>(&headers[2].allocation_map);
-  for (int i = 0; i < 29; i++) {
-    SCOPED_TRACE(i);
-    EXPECT_EQ(0xff, buffer[i]);
-  }
-
-  for (int i = 0; i < kSize; i++) {
-    SCOPED_TRACE(i);
-    block_bitmaps.DeleteBlock(address[i]);
-  }
-
-  // The allocation map should be empty.
-  for (int i =0; i < 50; i++) {
-    SCOPED_TRACE(i);
-    EXPECT_EQ(0, buffer[i]);
-  }
-}
diff --git a/chromium/net/disk_cache/blockfile/block_files.cc b/chromium/net/disk_cache/blockfile/block_files.cc
index f7cc38178f4..10798dae2bf 100644
--- a/chromium/net/disk_cache/blockfile/block_files.cc
+++ b/chromium/net/disk_cache/blockfile/block_files.cc
@@ -432,7 +432,7 @@ bool BlockFiles::IsValid(Addr address) {
 
   static bool read_contents = false;
   if (read_contents) {
-    scoped_ptr<char[]> buffer;
+    std::unique_ptr<char[]> buffer;
     buffer.reset(new char[Addr::BlockSizeForFileType(BLOCK_4K) * 4]);
     size_t size = address.BlockSize() * address.num_blocks();
     size_t offset = address.start_block() * address.BlockSize() +
diff --git a/chromium/net/disk_cache/blockfile/block_files.h b/chromium/net/disk_cache/blockfile/block_files.h
index 1de3bedb830..056b6a69f0f 100644
--- a/chromium/net/disk_cache/blockfile/block_files.h
+++ b/chromium/net/disk_cache/blockfile/block_files.h
@@ -9,12 +9,12 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <vector>
 
 #include "base/files/file_path.h"
 #include "base/gtest_prod_util.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 #include "net/disk_cache/blockfile/addr.h"
 #include "net/disk_cache/blockfile/disk_format_base.h"
@@ -81,7 +81,6 @@ class NET_EXPORT_PRIVATE BlockHeader {
   int Size() const;
 
   // Returns a pointer to the underlying BlockFileHeader.
-  // TODO(rvargas): This may be removed with the support for V2.
   BlockFileHeader* Header();
 
  private:
@@ -157,7 +156,7 @@ class NET_EXPORT_PRIVATE BlockFiles {
   char* zero_buffer_;  // Buffer to speed-up cleaning deleted entries.
   base::FilePath path_;  // Path to the backing folder.
   std::vector<MappedFile*> block_files_;  // The actual files.
-  scoped_ptr<base::ThreadChecker> thread_checker_;
+  std::unique_ptr<base::ThreadChecker> thread_checker_;
 
   FRIEND_TEST_ALL_PREFIXES(DiskCacheTest, BlockFiles_ZeroSizeFile);
   FRIEND_TEST_ALL_PREFIXES(DiskCacheTest, BlockFiles_TruncatedFile);
diff --git a/chromium/net/disk_cache/blockfile/disk_cache_perftest.cc b/chromium/net/disk_cache/blockfile/disk_cache_perftest.cc
deleted file mode 100644
index 80806532660..00000000000
--- a/chromium/net/disk_cache/blockfile/disk_cache_perftest.cc
+++ /dev/null
@@ -1,260 +0,0 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include <string>
-
-#include "base/bind.h"
-#include "base/bind_helpers.h"
-#include "base/hash.h"
-#include "base/strings/string_util.h"
-#include "base/test/perf_time_logger.h"
-#include "base/test/test_file_util.h"
-#include "base/threading/thread.h"
-#include "net/base/cache_type.h"
-#include "net/base/io_buffer.h"
-#include "net/base/net_errors.h"
-#include "net/base/test_completion_callback.h"
-#include "net/disk_cache/blockfile/backend_impl.h"
-#include "net/disk_cache/blockfile/block_files.h"
-#include "net/disk_cache/disk_cache.h"
-#include "net/disk_cache/disk_cache_test_base.h"
-#include "net/disk_cache/disk_cache_test_util.h"
-#include "testing/gtest/include/gtest/gtest.h"
-#include "testing/platform_test.h"
-
-using base::Time;
-
-namespace {
-
-struct TestEntry {
-  std::string key;
-  int data_len;
-};
-typedef std::vector<TestEntry> TestEntries;
-
-const int kMaxSize = 16 * 1024 - 1;
-
-// Creates num_entries on the cache, and writes 200 bytes of metadata and up
-// to kMaxSize of data to each entry.
-bool TimeWrite(int num_entries, disk_cache::Backend* cache,
-              TestEntries* entries) {
-  const int kSize1 = 200;
-  scoped_refptr<net::IOBuffer> buffer1(new net::IOBuffer(kSize1));
-  scoped_refptr<net::IOBuffer> buffer2(new net::IOBuffer(kMaxSize));
-
-  CacheTestFillBuffer(buffer1->data(), kSize1, false);
-  CacheTestFillBuffer(buffer2->data(), kMaxSize, false);
-
-  int expected = 0;
-
-  MessageLoopHelper helper;
-  CallbackTest callback(&helper, true);
-
-  base::PerfTimeLogger timer("Write disk cache entries");
-
-  for (int i = 0; i < num_entries; i++) {
-    TestEntry entry;
-    entry.key = GenerateKey(true);
-    entry.data_len = rand() % kMaxSize;
-    entries->push_back(entry);
-
-    disk_cache::Entry* cache_entry;
-    net::TestCompletionCallback cb;
-    int rv = cache->CreateEntry(entry.key, &cache_entry, cb.callback());
-    if (net::OK != cb.GetResult(rv))
-      break;
-    int ret = cache_entry->WriteData(
-        0, 0, buffer1.get(), kSize1,
-        base::Bind(&CallbackTest::Run, base::Unretained(&callback)), false);
-    if (net::ERR_IO_PENDING == ret)
-      expected++;
-    else if (kSize1 != ret)
-      break;
-
-    ret = cache_entry->WriteData(
-        1, 0, buffer2.get(), entry.data_len,
-        base::Bind(&CallbackTest::Run, base::Unretained(&callback)), false);
-    if (net::ERR_IO_PENDING == ret)
-      expected++;
-    else if (entry.data_len != ret)
-      break;
-    cache_entry->Close();
-  }
-
-  helper.WaitUntilCacheIoFinished(expected);
-  timer.Done();
-
-  return (expected == helper.callbacks_called());
-}
-
-// Reads the data and metadata from each entry listed on |entries|.
-bool TimeRead(int num_entries, disk_cache::Backend* cache,
-             const TestEntries& entries, bool cold) {
-  const int kSize1 = 200;
-  scoped_refptr<net::IOBuffer> buffer1(new net::IOBuffer(kSize1));
-  scoped_refptr<net::IOBuffer> buffer2(new net::IOBuffer(kMaxSize));
-
-  CacheTestFillBuffer(buffer1->data(), kSize1, false);
-  CacheTestFillBuffer(buffer2->data(), kMaxSize, false);
-
-  int expected = 0;
-
-  MessageLoopHelper helper;
-  CallbackTest callback(&helper, true);
-
-  const char* message = cold ? "Read disk cache entries (cold)" :
-                        "Read disk cache entries (warm)";
-  base::PerfTimeLogger timer(message);
-
-  for (int i = 0; i < num_entries; i++) {
-    disk_cache::Entry* cache_entry;
-    net::TestCompletionCallback cb;
-    int rv = cache->OpenEntry(entries[i].key, &cache_entry, cb.callback());
-    if (net::OK != cb.GetResult(rv))
-      break;
-    int ret = cache_entry->ReadData(
-        0, 0, buffer1.get(), kSize1,
-        base::Bind(&CallbackTest::Run, base::Unretained(&callback)));
-    if (net::ERR_IO_PENDING == ret)
-      expected++;
-    else if (kSize1 != ret)
-      break;
-
-    ret = cache_entry->ReadData(
-        1, 0, buffer2.get(), entries[i].data_len,
-        base::Bind(&CallbackTest::Run, base::Unretained(&callback)));
-    if (net::ERR_IO_PENDING == ret)
-      expected++;
-    else if (entries[i].data_len != ret)
-      break;
-    cache_entry->Close();
-  }
-
-  helper.WaitUntilCacheIoFinished(expected);
-  timer.Done();
-
-  return (expected == helper.callbacks_called());
-}
-
-int BlockSize() {
-  // We can use form 1 to 4 blocks.
-  return (rand() & 0x3) + 1;
-}
-
-}  // namespace
-
-TEST_F(DiskCacheTest, Hash) {
-  int seed = static_cast<int>(Time::Now().ToInternalValue());
-  srand(seed);
-
-  base::PerfTimeLogger timer("Hash disk cache keys");
-  for (int i = 0; i < 300000; i++) {
-    std::string key = GenerateKey(true);
-    base::Hash(key);
-  }
-  timer.Done();
-}
-
-TEST_F(DiskCacheTest, CacheBackendPerformance) {
-  base::Thread cache_thread("CacheThread");
-  ASSERT_TRUE(cache_thread.StartWithOptions(
-                  base::Thread::Options(base::MessageLoop::TYPE_IO, 0)));
-
-  ASSERT_TRUE(CleanupCacheDir());
-  net::TestCompletionCallback cb;
-  scoped_ptr<disk_cache::Backend> cache;
-  int rv = disk_cache::CreateCacheBackend(net::DISK_CACHE,
-                                          net::CACHE_BACKEND_BLOCKFILE,
-                                          cache_path_,
-                                          0,
-                                          false,
-                                          cache_thread.task_runner(),
-                                          NULL,
-                                          &cache,
-                                          cb.callback());
-
-  ASSERT_EQ(net::OK, cb.GetResult(rv));
-
-  int seed = static_cast<int>(Time::Now().ToInternalValue());
-  srand(seed);
-
-  TestEntries entries;
-  int num_entries = 1000;
-
-  EXPECT_TRUE(TimeWrite(num_entries, cache.get(), &entries));
-
-  base::MessageLoop::current()->RunUntilIdle();
-  cache.reset();
-
-  ASSERT_TRUE(base::EvictFileFromSystemCache(
-              cache_path_.AppendASCII("index")));
-  ASSERT_TRUE(base::EvictFileFromSystemCache(
-              cache_path_.AppendASCII("data_0")));
-  ASSERT_TRUE(base::EvictFileFromSystemCache(
-              cache_path_.AppendASCII("data_1")));
-  ASSERT_TRUE(base::EvictFileFromSystemCache(
-              cache_path_.AppendASCII("data_2")));
-  ASSERT_TRUE(base::EvictFileFromSystemCache(
-              cache_path_.AppendASCII("data_3")));
-
-  rv = disk_cache::CreateCacheBackend(net::DISK_CACHE,
-                                      net::CACHE_BACKEND_BLOCKFILE,
-                                      cache_path_,
-                                      0,
-                                      false,
-                                      cache_thread.task_runner(),
-                                      NULL,
-                                      &cache,
-                                      cb.callback());
-  ASSERT_EQ(net::OK, cb.GetResult(rv));
-
-  EXPECT_TRUE(TimeRead(num_entries, cache.get(), entries, true));
-
-  EXPECT_TRUE(TimeRead(num_entries, cache.get(), entries, false));
-
-  base::MessageLoop::current()->RunUntilIdle();
-}
-
-// Creating and deleting "entries" on a block-file is something quite frequent
-// (after all, almost everything is stored on block files). The operation is
-// almost free when the file is empty, but can be expensive if the file gets
-// fragmented, or if we have multiple files. This test measures that scenario,
-// by using multiple, highly fragmented files.
-TEST_F(DiskCacheTest, BlockFilesPerformance) {
-  ASSERT_TRUE(CleanupCacheDir());
-
-  disk_cache::BlockFiles files(cache_path_);
-  ASSERT_TRUE(files.Init(true));
-
-  int seed = static_cast<int>(Time::Now().ToInternalValue());
-  srand(seed);
-
-  const int kNumEntries = 60000;
-  disk_cache::Addr* address = new disk_cache::Addr[kNumEntries];
-
-  base::PerfTimeLogger timer1("Fill three block-files");
-
-  // Fill up the 32-byte block file (use three files).
-  for (int i = 0; i < kNumEntries; i++) {
-    EXPECT_TRUE(files.CreateBlock(disk_cache::RANKINGS, BlockSize(),
-                                  &address[i]));
-  }
-
-  timer1.Done();
-  base::PerfTimeLogger timer2("Create and delete blocks");
-
-  for (int i = 0; i < 200000; i++) {
-    int entry = rand() * (kNumEntries / RAND_MAX + 1);
-    if (entry >= kNumEntries)
-      entry = 0;
-
-    files.DeleteBlock(address[entry], false);
-    EXPECT_TRUE(files.CreateBlock(disk_cache::RANKINGS, BlockSize(),
-                                  &address[entry]));
-  }
-
-  timer2.Done();
-  base::MessageLoop::current()->RunUntilIdle();
-  delete[] address;
-}
diff --git a/chromium/net/disk_cache/blockfile/disk_format_v3.h b/chromium/net/disk_cache/blockfile/disk_format_v3.h
deleted file mode 100644
index da873ed4917..00000000000
--- a/chromium/net/disk_cache/blockfile/disk_format_v3.h
+++ /dev/null
@@ -1,248 +0,0 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-// The cache is stored on disk as a collection of block-files, plus an index
-// plus a collection of external files.
-//
-// Any data blob bigger than kMaxBlockSize (disk_cache/addr.h) will be stored in
-// a separate file named f_xxx where x is a hexadecimal number. Shorter data
-// will be stored as a series of blocks on a block-file. In any case, CacheAddr
-// represents the address of the data inside the cache.
-//
-// The index is actually a collection of four files that store a hash table with
-// allocation bitmaps and backup data. Hash collisions are handled directly by
-// the table, which from some point of view behaves like a 4-way associative
-// cache with overflow buckets (so not really open addressing).
-//
-// Basically the hash table is a collection of buckets. The first part of the
-// table has a fixed number of buckets and it is directly addressed by the hash,
-// while the second part of the table (stored on a second file) has a variable
-// number of buckets. Each bucket stores up to four cells (each cell represents
-// a possibl entry). The index bitmap tracks the state of individual cells.
-//
-// The last element of the cache is the block-file. A block file is a file
-// designed to store blocks of data of a given size. For more details see
-// disk_cache/disk_format_base.h
-//
-// A new cache is initialized with a set of block files (named data_0 through
-// data_6), each one dedicated to store blocks of a given size or function. The
-// number at the end of the file name is the block file number (in decimal).
-//
-// There are three "special" types of blocks: normal entries, evicted entries
-// and control data for external files.
-//
-// The files that store internal information for the cache (blocks and index)
-// are memory mapped. They have a location that is signaled every time the
-// internal structures are modified, so it is possible to detect (most of the
-// time) when the process dies in the middle of an update. There are dedicated
-// backup files for cache bitmaps, used to detect entries out of date.
-//
-// Although cache files are to be consumed on the same machine that creates
-// them, if files are to be moved accross machines, little endian storage is
-// assumed.
-
-#ifndef NET_DISK_CACHE_BLOCKFILE_DISK_FORMAT_V3_H_
-#define NET_DISK_CACHE_BLOCKFILE_DISK_FORMAT_V3_H_
-
-#include <stdint.h>
-#include <string.h>
-
-#include "net/disk_cache/blockfile/disk_format_base.h"
-
-namespace disk_cache {
-
-const int kBaseTableLen = 0x400;
-const uint32_t kIndexMagicV3 = 0xC103CAC3;
-const uint32_t kVersion3 = 0x30000;  // Version 3.0.
-
-// Flags for a given cache.
-enum CacheFlags {
-  SMALL_CACHE = 1 << 0,       // See IndexCell.
-  CACHE_EVICTION_2 = 1 << 1,  // Keep multiple lists for eviction.
-  CACHE_EVICTED = 1 << 2      // Already evicted at least one entry.
-};
-
-// Header for the master index file.
-struct IndexHeaderV3 {
-  uint32_t magic;
-  uint32_t version;
-  int32_t num_entries;  // Number of entries currently stored.
-  int32_t num_bytes;    // Total size of the stored data.
-  int32_t last_file;    // Last external file created.
-  int32_t reserved1;
-  CacheAddr   stats;         // Storage for usage data.
-  int32_t table_len;         // Actual size of the table.
-  int32_t crash;             // Signals a previous crash.
-  int32_t experiment;        // Id of an ongoing test.
-  int32_t max_bytes;         // Total maximum size of the stored data.
-  uint32_t flags;
-  int32_t used_cells;
-  int32_t max_bucket;
-  uint64_t create_time;  // Creation time for this set of files.
-  uint64_t base_time;    // Current base for timestamps.
-  uint64_t old_time;     // Previous time used for timestamps.
-  int32_t max_block_file;
-  int32_t num_no_use_entries;
-  int32_t num_low_use_entries;
-  int32_t num_high_use_entries;
-  int32_t reserved;
-  int32_t num_evicted_entries;
-  int32_t pad[6];
-};
-
-const int kBaseBitmapBytes = 3968;
-// The IndexBitmap is directly saved to a file named index. The file grows in
-// page increments (4096 bytes), but all bits don't have to be in use at any
-// given time. The required file size can be computed from header.table_len.
-struct IndexBitmap {
-  IndexHeaderV3   header;
-  uint32_t bitmap[kBaseBitmapBytes / 4];  // First page of the bitmap.
-};
-static_assert(sizeof(IndexBitmap) == 4096, "bad IndexHeader");
-
-// Possible states for a given entry.
-enum EntryState {
-  ENTRY_FREE = 0,   // Available slot.
-  ENTRY_NEW,        // The entry is being created.
-  ENTRY_OPEN,       // The entry is being accessed.
-  ENTRY_MODIFIED,   // The entry is being modified.
-  ENTRY_DELETED,    // The entry is being deleted.
-  ENTRY_FIXING,     // Inconsistent state. The entry is being verified.
-  ENTRY_USED        // The slot is in use (entry is present).
-};
-static_assert(ENTRY_USED <= 7, "state uses 3 bits");
-
-enum EntryGroup {
-  ENTRY_NO_USE = 0,   // The entry has not been reused.
-  ENTRY_LOW_USE,      // The entry has low reuse.
-  ENTRY_HIGH_USE,     // The entry has high reuse.
-  ENTRY_RESERVED,     // Reserved for future use.
-  ENTRY_EVICTED       // The entry was deleted.
-};
-static_assert(ENTRY_USED <= 7, "group uses 3 bits");
-
-#pragma pack(push, 1)
-struct IndexCell {
-  void Clear() { memset(this, 0, sizeof(*this)); }
-
-  // A cell is a 9 byte bit-field that stores 7 values:
-  //   location : 22 bits
-  //   id : 18 bits
-  //   timestamp : 20 bits
-  //   reuse : 4 bits
-  //   state : 3 bits
-  //   group : 3 bits
-  //   sum : 2 bits
-  // The id is derived from the full hash of the entry.
-  //
-  // The actual layout is as follows:
-  //
-  // first_part (low order 32 bits):
-  //   0000 0000 0011 1111 1111 1111 1111 1111 : location
-  //   1111 1111 1100 0000 0000 0000 0000 0000 : id
-  //
-  // first_part (high order 32 bits):
-  //   0000 0000 0000 0000 0000 0000 1111 1111 : id
-  //   0000 1111 1111 1111 1111 1111 0000 0000 : timestamp
-  //   1111 0000 0000 0000 0000 0000 0000 0000 : reuse
-  //
-  // last_part:
-  //   0000 0111 : state
-  //   0011 1000 : group
-  //   1100 0000 : sum
-  //
-  // The small-cache version of the format moves some bits from the location to
-  // the id fileds, like so:
-  //   location : 16 bits
-  //   id : 24 bits
-  //
-  // first_part (low order 32 bits):
-  //   0000 0000 0000 0000 1111 1111 1111 1111 : location
-  //   1111 1111 1111 1111 0000 0000 0000 0000 : id
-  //
-  // The actual bit distribution between location and id is determined by the
-  // table size (IndexHeaderV3.table_len). Tables smaller than 65536 entries
-  // use the small-cache version; after that size, caches should have the
-  // SMALL_CACHE flag cleared.
-  //
-  // To locate a given entry after recovering the location from the cell, the
-  // file type and file number are appended (see disk_cache/addr.h). For a large
-  // table only the file type is implied; for a small table, the file number
-  // is also implied, and it should be the first file for that type of entry,
-  // as determined by the EntryGroup (two files in total, one for active entries
-  // and another one for evicted entries).
-  //
-  // For example, a small table may store something like 0x1234 as the location
-  // field. That means it stores the entry number 0x1234. If that record belongs
-  // to a deleted entry, the regular cache address may look something like
-  //     BLOCK_EVICTED + 1 block + file number 6 + entry number 0x1234
-  //     so Addr = 0xf0061234
-  //
-  // If that same Addr is stored on a large table, the location field would be
-  // 0x61234
-
-  uint64_t first_part;
-  uint8_t last_part;
-};
-static_assert(sizeof(IndexCell) == 9, "bad IndexCell");
-
-const int kCellsPerBucket = 4;
-struct IndexBucket {
-  IndexCell   cells[kCellsPerBucket];
-  int32_t next;
-  uint32_t hash;  // The high order byte is reserved (should be zero).
-};
-static_assert(sizeof(IndexBucket) == 44, "bad IndexBucket");
-const int kBytesPerCell = 44 / kCellsPerBucket;
-
-// The main cache index. Backed by a file named index_tb1.
-// The extra table (index_tb2) has a similar format, but different size.
-struct Index {
-  // Default size. Actual size controlled by header.table_len.
-  IndexBucket table[kBaseTableLen / kCellsPerBucket];
-};
-#pragma pack(pop)
-
-// Flags that can be applied to an entry.
-enum EntryFlags {
-  PARENT_ENTRY = 1,         // This entry has children (sparse) entries.
-  CHILD_ENTRY = 1 << 1      // Child entry that stores sparse data.
-};
-
-struct EntryRecord {
-  uint32_t hash;
-  uint32_t pad1;
-  uint8_t reuse_count;
-  uint8_t refetch_count;
-  int8_t state;   // Current EntryState.
-  uint8_t flags;  // Any combination of EntryFlags.
-  int32_t key_len;
-  int32_t data_size[4];           // We can store up to 4 data streams for each
-  CacheAddr   data_addr[4];       // entry.
-  uint32_t data_hash[4];
-  uint64_t creation_time;
-  uint64_t last_modified_time;
-  uint64_t last_access_time;
-  int32_t pad[3];
-  uint32_t self_hash;
-};
-static_assert(sizeof(EntryRecord) == 104, "bad EntryRecord");
-
-struct ShortEntryRecord {
-  uint32_t hash;
-  uint32_t pad1;
-  uint8_t reuse_count;
-  uint8_t refetch_count;
-  int8_t state;  // Current EntryState.
-  uint8_t flags;
-  int32_t key_len;
-  uint64_t last_access_time;
-  uint32_t long_hash[5];
-  uint32_t self_hash;
-};
-static_assert(sizeof(ShortEntryRecord) == 48, "bad ShortEntryRecord");
-
-}  // namespace disk_cache
-
-#endif  // NET_DISK_CACHE_BLOCKFILE_DISK_FORMAT_V3_H_
diff --git a/chromium/net/disk_cache/blockfile/entry_impl.cc b/chromium/net/disk_cache/blockfile/entry_impl.cc
index 60204641b9f..b20e10423c2 100644
--- a/chromium/net/disk_cache/blockfile/entry_impl.cc
+++ b/chromium/net/disk_cache/blockfile/entry_impl.cc
@@ -592,7 +592,7 @@ bool EntryImpl::SanityCheck() {
     return false;
 
   Addr next_addr(stored->next);
-  if (next_addr.is_initialized() && !next_addr.SanityCheckForEntryV2()) {
+  if (next_addr.is_initialized() && !next_addr.SanityCheckForEntry()) {
     STRESS_NOTREACHED();
     return false;
   }
@@ -606,7 +606,7 @@ bool EntryImpl::SanityCheck() {
       (stored->key_len > kMaxInternalKeyLength && !key_addr.is_initialized()))
     return false;
 
-  if (!key_addr.SanityCheckV2())
+  if (!key_addr.SanityCheck())
     return false;
 
   if (key_addr.is_initialized() &&
@@ -639,7 +639,7 @@ bool EntryImpl::DataSanityCheck() {
       return false;
     if (!data_size && data_addr.is_initialized())
       return false;
-    if (!data_addr.SanityCheckV2())
+    if (!data_addr.SanityCheck())
       return false;
     if (!data_size)
       continue;
@@ -664,7 +664,7 @@ void EntryImpl::FixForDelete() {
     if (data_addr.is_initialized()) {
       if ((data_size <= kMaxBlockSize && data_addr.is_separate_file()) ||
           (data_size > kMaxBlockSize && data_addr.is_block_file()) ||
-          !data_addr.SanityCheckV2()) {
+          !data_addr.SanityCheck()) {
         STRESS_NOTREACHED();
         // The address is weird so don't attempt to delete it.
         stored->data_addr[i] = 0;
@@ -902,7 +902,7 @@ bool EntryImpl::CouldBeSparse() const {
   if (sparse_.get())
     return true;
 
-  scoped_ptr<SparseControl> sparse;
+  std::unique_ptr<SparseControl> sparse;
   sparse.reset(new SparseControl(const_cast<EntryImpl*>(this)));
   return sparse->CouldBeSparse();
 }
@@ -1505,7 +1505,7 @@ int EntryImpl::InitSparseData() {
     return net::OK;
 
   // Use a local variable so that sparse_ never goes from 'valid' to NULL.
-  scoped_ptr<SparseControl> sparse(new SparseControl(this));
+  std::unique_ptr<SparseControl> sparse(new SparseControl(this));
   int result = sparse->Init();
   if (net::OK == result)
     sparse_.swap(sparse);
diff --git a/chromium/net/disk_cache/blockfile/entry_impl.h b/chromium/net/disk_cache/blockfile/entry_impl.h
index 336ccc9c871..55f68e7c7c2 100644
--- a/chromium/net/disk_cache/blockfile/entry_impl.h
+++ b/chromium/net/disk_cache/blockfile/entry_impl.h
@@ -7,8 +7,9 @@
 
 #include <stdint.h>
 
+#include <memory>
+
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/disk_cache/blockfile/disk_format.h"
 #include "net/disk_cache/blockfile/storage_block-inl.h"
 #include "net/disk_cache/blockfile/storage_block.h"
@@ -277,7 +278,7 @@ class NET_EXPORT_PRIVATE EntryImpl
   CacheRankingsBlock node_;   // Rankings related information for this entry.
   base::WeakPtr<BackendImpl> backend_;  // Back pointer to the cache.
   base::WeakPtr<InFlightBackendIO> background_queue_;  // In-progress queue.
-  scoped_ptr<UserBuffer> user_buffers_[kNumStreams];  // Stores user data.
+  std::unique_ptr<UserBuffer> user_buffers_[kNumStreams];  // Stores user data.
   // Files to store external user data and key.
   scoped_refptr<File> files_[kNumStreams + 1];
   mutable std::string key_;           // Copy of the key.
@@ -285,7 +286,7 @@ class NET_EXPORT_PRIVATE EntryImpl
   bool doomed_;               // True if this entry was removed from the cache.
   bool read_only_;            // True if not yet writing.
   bool dirty_;                // True if we detected that this is a dirty entry.
-  scoped_ptr<SparseControl> sparse_;  // Support for sparse entries.
+  std::unique_ptr<SparseControl> sparse_;  // Support for sparse entries.
 
   net::BoundNetLog net_log_;
 
diff --git a/chromium/net/disk_cache/blockfile/entry_impl_v3.cc b/chromium/net/disk_cache/blockfile/entry_impl_v3.cc
deleted file mode 100644
index 883a6f24ade..00000000000
--- a/chromium/net/disk_cache/blockfile/entry_impl_v3.cc
+++ /dev/null
@@ -1,1483 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "net/disk_cache/blockfile/entry_impl_v3.h"
-
-#include <limits>
-
-#include "base/hash.h"
-#include "base/macros.h"
-#include "base/message_loop/message_loop.h"
-#include "base/strings/string_util.h"
-#include "net/base/io_buffer.h"
-#include "net/base/net_errors.h"
-#include "net/disk_cache/blockfile/backend_impl_v3.h"
-#include "net/disk_cache/blockfile/bitmap.h"
-#include "net/disk_cache/blockfile/disk_format_v3.h"
-#include "net/disk_cache/blockfile/histogram_macros_v3.h"
-#include "net/disk_cache/cache_util.h"
-#include "net/disk_cache/net_log_parameters.h"
-// #include "net/disk_cache/blockfile/sparse_control_v3.h"
-
-// Provide a BackendImpl object to macros from histogram_macros.h.
-#define CACHE_UMA_BACKEND_IMPL_OBJ backend_
-
-using base::Time;
-using base::TimeDelta;
-using base::TimeTicks;
-
-namespace {
-
-const int kMaxBufferSize = 1024 * 1024;  // 1 MB.
-
-}  // namespace
-
-namespace disk_cache {
-
-typedef StorageBlock<EntryRecord> CacheEntryBlockV3;
-typedef StorageBlock<ShortEntryRecord> CacheShortEntryBlock;
-
-// This class handles individual memory buffers that store data before it is
-// sent to disk. The buffer can start at any offset, but if we try to write to
-// anywhere in the first 16KB of the file (kMaxBlockSize), we set the offset to
-// zero. The buffer grows up to a size determined by the backend, to keep the
-// total memory used under control.
-class EntryImplV3::UserBuffer {
- public:
-  explicit UserBuffer(BackendImplV3* backend)
-      : backend_(backend->GetWeakPtr()), offset_(0), grow_allowed_(true) {
-    buffer_.reserve(kMaxBlockSize);
-  }
-  ~UserBuffer() {
-    if (backend_)
-      backend_->BufferDeleted(capacity() - kMaxBlockSize);
-  }
-
-  // Returns true if we can handle writing |len| bytes to |offset|.
-  bool PreWrite(int offset, int len);
-
-  // Truncates the buffer to |offset| bytes.
-  void Truncate(int offset);
-
-  // Writes |len| bytes from |buf| at the given |offset|.
-  void Write(int offset, IOBuffer* buf, int len);
-
-  // Returns true if we can read |len| bytes from |offset|, given that the
-  // actual file has |eof| bytes stored. Note that the number of bytes to read
-  // may be modified by this method even though it returns false: that means we
-  // should do a smaller read from disk.
-  bool PreRead(int eof, int offset, int* len);
-
-  // Read |len| bytes from |buf| at the given |offset|.
-  int Read(int offset, IOBuffer* buf, int len);
-
-  // Prepare this buffer for reuse.
-  void Reset();
-
-  char* Data() { return buffer_.size() ? &buffer_[0] : NULL; }
-  int Size() { return static_cast<int>(buffer_.size()); }
-  int Start() { return offset_; }
-  int End() { return offset_ + Size(); }
-
- private:
-  int capacity() { return static_cast<int>(buffer_.capacity()); }
-  bool GrowBuffer(int required, int limit);
-
-  base::WeakPtr<BackendImplV3> backend_;
-  int offset_;
-  std::vector<char> buffer_;
-  bool grow_allowed_;
-  DISALLOW_COPY_AND_ASSIGN(UserBuffer);
-};
-
-bool EntryImplV3::UserBuffer::PreWrite(int offset, int len) {
-  DCHECK_GE(offset, 0);
-  DCHECK_GE(len, 0);
-  DCHECK_GE(offset + len, 0);
-
-  // We don't want to write before our current start.
-  if (offset < offset_)
-    return false;
-
-  // Lets get the common case out of the way.
-  if (offset + len <= capacity())
-    return true;
-
-  // If we are writing to the first 16K (kMaxBlockSize), we want to keep the
-  // buffer offset_ at 0.
-  if (!Size() && offset > kMaxBlockSize)
-    return GrowBuffer(len, kMaxBufferSize);
-
-  int required = offset - offset_ + len;
-  return GrowBuffer(required, kMaxBufferSize * 6 / 5);
-}
-
-void EntryImplV3::UserBuffer::Truncate(int offset) {
-  DCHECK_GE(offset, 0);
-  DCHECK_GE(offset, offset_);
-  DVLOG(3) << "Buffer truncate at " << offset << " current " << offset_;
-
-  offset -= offset_;
-  if (Size() >= offset)
-    buffer_.resize(offset);
-}
-
-void EntryImplV3::UserBuffer::Write(int offset, IOBuffer* buf, int len) {
-  DCHECK_GE(offset, 0);
-  DCHECK_GE(len, 0);
-  DCHECK_GE(offset + len, 0);
-  DCHECK_GE(offset, offset_);
-  DVLOG(3) << "Buffer write at " << offset << " current " << offset_;
-
-  if (!Size() && offset > kMaxBlockSize)
-    offset_ = offset;
-
-  offset -= offset_;
-
-  if (offset > Size())
-    buffer_.resize(offset);
-
-  if (!len)
-    return;
-
-  char* buffer = buf->data();
-  int valid_len = Size() - offset;
-  int copy_len = std::min(valid_len, len);
-  if (copy_len) {
-    memcpy(&buffer_[offset], buffer, copy_len);
-    len -= copy_len;
-    buffer += copy_len;
-  }
-  if (!len)
-    return;
-
-  buffer_.insert(buffer_.end(), buffer, buffer + len);
-}
-
-bool EntryImplV3::UserBuffer::PreRead(int eof, int offset, int* len) {
-  DCHECK_GE(offset, 0);
-  DCHECK_GT(*len, 0);
-
-  if (offset < offset_) {
-    // We are reading before this buffer.
-    if (offset >= eof)
-      return true;
-
-    // If the read overlaps with the buffer, change its length so that there is
-    // no overlap.
-    *len = std::min(*len, offset_ - offset);
-    *len = std::min(*len, eof - offset);
-
-    // We should read from disk.
-    return false;
-  }
-
-  if (!Size())
-    return false;
-
-  // See if we can fulfill the first part of the operation.
-  return (offset - offset_ < Size());
-}
-
-int EntryImplV3::UserBuffer::Read(int offset, IOBuffer* buf, int len) {
-  DCHECK_GE(offset, 0);
-  DCHECK_GT(len, 0);
-  DCHECK(Size() || offset < offset_);
-
-  int clean_bytes = 0;
-  if (offset < offset_) {
-    // We don't have a file so lets fill the first part with 0.
-    clean_bytes = std::min(offset_ - offset, len);
-    memset(buf->data(), 0, clean_bytes);
-    if (len == clean_bytes)
-      return len;
-    offset = offset_;
-    len -= clean_bytes;
-  }
-
-  int start = offset - offset_;
-  int available = Size() - start;
-  DCHECK_GE(start, 0);
-  DCHECK_GE(available, 0);
-  len = std::min(len, available);
-  memcpy(buf->data() + clean_bytes, &buffer_[start], len);
-  return len + clean_bytes;
-}
-
-void EntryImplV3::UserBuffer::Reset() {
-  if (!grow_allowed_) {
-    if (backend_)
-      backend_->BufferDeleted(capacity() - kMaxBlockSize);
-    grow_allowed_ = true;
-    std::vector<char> tmp;
-    buffer_.swap(tmp);
-    buffer_.reserve(kMaxBlockSize);
-  }
-  offset_ = 0;
-  buffer_.clear();
-}
-
-bool EntryImplV3::UserBuffer::GrowBuffer(int required, int limit) {
-  DCHECK_GE(required, 0);
-  int current_size = capacity();
-  if (required <= current_size)
-    return true;
-
-  if (required > limit)
-    return false;
-
-  if (!backend_)
-    return false;
-
-  int to_add = std::max(required - current_size, kMaxBlockSize * 4);
-  to_add = std::max(current_size, to_add);
-  required = std::min(current_size + to_add, limit);
-
-  grow_allowed_ = backend_->IsAllocAllowed(current_size, required);
-  if (!grow_allowed_)
-    return false;
-
-  DVLOG(3) << "Buffer grow to " << required;
-
-  buffer_.reserve(required);
-  return true;
-}
-
-// ------------------------------------------------------------------------
-
-EntryImplV3::EntryImplV3(BackendImplV3* backend, Addr address, bool read_only)
-    : backend_(backend->GetWeakPtr()),
-      address_(address),
-      doomed_(false),
-      read_only_(read_only),
-      dirty_(true),
-      modified_(false) {
-  for (int i = 0; i < kNumStreams; i++) {
-    unreported_size_[i] = 0;
-  }
-}
-
-#if defined(V3_NOT_JUST_YET_READY)
-
-bool EntryImplV3::CreateEntry(Addr node_address,
-                              const std::string& key,
-                              uint32_t hash) {
-  Trace("Create entry In");
-  EntryStore* entry_store = entry_.Data();
-  RankingsNode* node = node_.Data();
-  memset(entry_store, 0, sizeof(EntryStore) * entry_.address().num_blocks());
-  memset(node, 0, sizeof(RankingsNode));
-  if (!node_.LazyInit(backend_->File(node_address), node_address))
-    return false;
-
-  entry_store->rankings_node = node_address.value();
-  node->contents = entry_.address().value();
-
-  entry_store->hash = hash;
-  entry_store->creation_time = Time::Now().ToInternalValue();
-  entry_store->key_len = static_cast<int32_t>(key.size());
-  if (entry_store->key_len > kMaxInternalKeyLength) {
-    Addr address(0);
-    if (!CreateBlock(entry_store->key_len + 1, &address))
-      return false;
-
-    entry_store->long_key = address.value();
-    File* key_file = GetBackingFile(address, kKeyFileIndex);
-    key_ = key;
-
-    size_t offset = 0;
-    if (address.is_block_file())
-      offset = address.start_block() * address.BlockSize() + kBlockHeaderSize;
-
-    if (!key_file || !key_file->Write(key.data(), key.size(), offset)) {
-      DeleteData(address, kKeyFileIndex);
-      return false;
-    }
-
-    if (address.is_separate_file())
-      key_file->SetLength(key.size() + 1);
-  } else {
-    memcpy(entry_store->key, key.data(), key.size());
-    entry_store->key[key.size()] = '\0';
-  }
-  backend_->ModifyStorageSize(0, static_cast<int32_t>(key.size()));
-  CACHE_UMA(COUNTS, "KeySize", 0, static_cast<int32_t>(key.size()));
-  node->dirty = backend_->GetCurrentEntryId();
-  Log("Create Entry ");
-  return true;
-}
-
-uint32_t EntryImplV3::GetHash() {
-  return entry_.Data()->hash;
-}
-
-bool EntryImplV3::IsSameEntry(const std::string& key, uint32_t hash) {
-  if (entry_.Data()->hash != hash ||
-      static_cast<size_t>(entry_.Data()->key_len) != key.size())
-    return false;
-
-  return (key.compare(GetKey()) == 0);
-}
-
-void EntryImplV3::InternalDoom() {
-  net_log_.AddEvent(net::NetLog::TYPE_ENTRY_DOOM);
-  DCHECK(node_.HasData());
-  if (!node_.Data()->dirty) {
-    node_.Data()->dirty = backend_->GetCurrentEntryId();
-    node_.Store();
-  }
-  doomed_ = true;
-}
-
-// This only includes checks that relate to the first block of the entry (the
-// first 256 bytes), and values that should be set from the entry creation.
-// Basically, even if there is something wrong with this entry, we want to see
-// if it is possible to load the rankings node and delete them together.
-bool EntryImplV3::SanityCheck() {
-  if (!entry_.VerifyHash())
-    return false;
-
-  EntryStore* stored = entry_.Data();
-  if (!stored->rankings_node || stored->key_len <= 0)
-    return false;
-
-  if (stored->reuse_count < 0 || stored->refetch_count < 0)
-    return false;
-
-  Addr rankings_addr(stored->rankings_node);
-  if (!rankings_addr.SanityCheckForRankings())
-    return false;
-
-  Addr next_addr(stored->next);
-  if (next_addr.is_initialized() && !next_addr.SanityCheckForEntry()) {
-    STRESS_NOTREACHED();
-    return false;
-  }
-  STRESS_DCHECK(next_addr.value() != entry_.address().value());
-
-  if (stored->state > ENTRY_DOOMED || stored->state < ENTRY_NORMAL)
-    return false;
-
-  Addr key_addr(stored->long_key);
-  if ((stored->key_len <= kMaxInternalKeyLength && key_addr.is_initialized()) ||
-      (stored->key_len > kMaxInternalKeyLength && !key_addr.is_initialized()))
-    return false;
-
-  if (!key_addr.SanityCheck())
-    return false;
-
-  if (key_addr.is_initialized() &&
-      ((stored->key_len < kMaxBlockSize && key_addr.is_separate_file()) ||
-       (stored->key_len >= kMaxBlockSize && key_addr.is_block_file())))
-    return false;
-
-  int num_blocks = NumBlocksForEntry(stored->key_len);
-  if (entry_.address().num_blocks() != num_blocks)
-    return false;
-
-  return true;
-}
-
-bool EntryImplV3::DataSanityCheck() {
-  EntryStore* stored = entry_.Data();
-  Addr key_addr(stored->long_key);
-
-  // The key must be NULL terminated.
-  if (!key_addr.is_initialized() && stored->key[stored->key_len])
-    return false;
-
-  if (stored->hash != base::Hash(GetKey()))
-    return false;
-
-  for (int i = 0; i < kNumStreams; i++) {
-    Addr data_addr(stored->data_addr[i]);
-    int data_size = stored->data_size[i];
-    if (data_size < 0)
-      return false;
-    if (!data_size && data_addr.is_initialized())
-      return false;
-    if (!data_addr.SanityCheck())
-      return false;
-    if (!data_size)
-      continue;
-    if (data_size <= kMaxBlockSize && data_addr.is_separate_file())
-      return false;
-    if (data_size > kMaxBlockSize && data_addr.is_block_file())
-      return false;
-  }
-  return true;
-}
-
-void EntryImplV3::FixForDelete() {
-  EntryStore* stored = entry_.Data();
-  Addr key_addr(stored->long_key);
-
-  if (!key_addr.is_initialized())
-    stored->key[stored->key_len] = '\0';
-
-  for (int i = 0; i < kNumStreams; i++) {
-    Addr data_addr(stored->data_addr[i]);
-    int data_size = stored->data_size[i];
-    if (data_addr.is_initialized()) {
-      if ((data_size <= kMaxBlockSize && data_addr.is_separate_file()) ||
-          (data_size > kMaxBlockSize && data_addr.is_block_file()) ||
-          !data_addr.SanityCheck()) {
-        STRESS_NOTREACHED();
-        // The address is weird so don't attempt to delete it.
-        stored->data_addr[i] = 0;
-        // In general, trust the stored size as it should be in sync with the
-        // total size tracked by the backend.
-      }
-    }
-    if (data_size < 0)
-      stored->data_size[i] = 0;
-  }
-  entry_.Store();
-}
-
-void EntryImplV3::SetTimes(base::Time last_used, base::Time last_modified) {
-  node_.Data()->last_used = last_used.ToInternalValue();
-  node_.Data()->last_modified = last_modified.ToInternalValue();
-  node_.set_modified();
-}
-
-void EntryImplV3::BeginLogging(net::NetLog* net_log, bool created) {
-  DCHECK(!net_log_.net_log());
-  net_log_ = net::BoundNetLog::Make(
-      net_log, net::NetLog::SOURCE_DISK_CACHE_ENTRY);
-  net_log_.BeginEvent(
-      net::NetLog::TYPE_DISK_CACHE_ENTRY_IMPL,
-      CreateNetLogEntryCreationCallback(this, created));
-}
-
-const net::BoundNetLog& EntryImplV3::net_log() const {
-  return net_log_;
-}
-
-// ------------------------------------------------------------------------
-
-void EntryImplV3::Doom() {
-  if (background_queue_)
-    background_queue_->DoomEntryImpl(this);
-}
-
-void EntryImplV3::DoomImpl() {
-  if (doomed_ || !backend_)
-    return;
-
-  SetPointerForInvalidEntry(backend_->GetCurrentEntryId());
-  backend_->InternalDoomEntry(this);
-}
-
-void EntryImplV3::Close() {
-  if (background_queue_)
-    background_queue_->CloseEntryImpl(this);
-}
-
-std::string EntryImplV3::GetKey() const {
-  CacheEntryBlock* entry = const_cast<CacheEntryBlock*>(&entry_);
-  int key_len = entry->Data()->key_len;
-  if (key_len <= kMaxInternalKeyLength)
-    return std::string(entry->Data()->key);
-
-  // We keep a copy of the key so that we can always return it, even if the
-  // backend is disabled.
-  if (!key_.empty())
-    return key_;
-
-  Addr address(entry->Data()->long_key);
-  DCHECK(address.is_initialized());
-  size_t offset = 0;
-  if (address.is_block_file())
-    offset = address.start_block() * address.BlockSize() + kBlockHeaderSize;
-
-  static_assert(kNumStreams == kKeyFileIndex, "invalid key index");
-  File* key_file = const_cast<EntryImpl*>(this)->GetBackingFile(address,
-                                                                kKeyFileIndex);
-  if (!key_file)
-    return std::string();
-
-  ++key_len;  // We store a trailing \0 on disk that we read back below.
-  if (!offset && key_file->GetLength() != static_cast<size_t>(key_len))
-    return std::string();
-
-  if (!key_file->Read(base::WriteInto(&key_, key_len), key_len, offset))
-    key_.clear();
-  return key_;
-}
-
-Time EntryImplV3::GetLastUsed() const {
-  CacheRankingsBlock* node = const_cast<CacheRankingsBlock*>(&node_);
-  return Time::FromInternalValue(node->Data()->last_used);
-}
-
-Time EntryImplV3::GetLastModified() const {
-  CacheRankingsBlock* node = const_cast<CacheRankingsBlock*>(&node_);
-  return Time::FromInternalValue(node->Data()->last_modified);
-}
-
-int32_t EntryImplV3::GetDataSize(int index) const {
-  if (index < 0 || index >= kNumStreams)
-    return 0;
-
-  CacheEntryBlock* entry = const_cast<CacheEntryBlock*>(&entry_);
-  return entry->Data()->data_size[index];
-}
-
-int EntryImplV3::ReadData(int index, int offset, IOBuffer* buf, int buf_len,
-                          const CompletionCallback& callback) {
-  if (callback.is_null())
-    return ReadDataImpl(index, offset, buf, buf_len, callback);
-
-  DCHECK(node_.Data()->dirty || read_only_);
-  if (index < 0 || index >= kNumStreams)
-    return net::ERR_INVALID_ARGUMENT;
-
-  int entry_size = entry_.Data()->data_size[index];
-  if (offset >= entry_size || offset < 0 || !buf_len)
-    return 0;
-
-  if (buf_len < 0)
-    return net::ERR_INVALID_ARGUMENT;
-
-  if (!background_queue_)
-    return net::ERR_UNEXPECTED;
-
-  background_queue_->ReadData(this, index, offset, buf, buf_len, callback);
-  return net::ERR_IO_PENDING;
-}
-
-int EntryImpl::ReadDataImpl(int index, int offset, IOBuffer* buf, int buf_len,
-                            const CompletionCallback& callback) {
-  if (net_log_.IsCapturing()) {
-    net_log_.BeginEvent(
-        net::NetLog::TYPE_ENTRY_READ_DATA,
-        CreateNetLogReadWriteDataCallback(index, offset, buf_len, false));
-  }
-
-  int result = InternalReadData(index, offset, buf, buf_len, callback);
-
-  if (result != net::ERR_IO_PENDING && net_log_.IsCapturing()) {
-    net_log_.EndEvent(
-        net::NetLog::TYPE_ENTRY_READ_DATA,
-        CreateNetLogReadWriteCompleteCallback(result));
-  }
-  return result;
-}
-
-int EntryImplV3::WriteData(int index, int offset, IOBuffer* buf, int buf_len,
-                           const CompletionCallback& callback, bool truncate) {
-  if (callback.is_null())
-    return WriteDataImpl(index, offset, buf, buf_len, callback, truncate);
-
-  DCHECK(node_.Data()->dirty || read_only_);
-  if (index < 0 || index >= kNumStreams)
-    return net::ERR_INVALID_ARGUMENT;
-
-  if (offset < 0 || buf_len < 0)
-    return net::ERR_INVALID_ARGUMENT;
-
-  if (!background_queue_)
-    return net::ERR_UNEXPECTED;
-
-  background_queue_->WriteData(this, index, offset, buf, buf_len, truncate,
-                               callback);
-  return net::ERR_IO_PENDING;
-}
-
-int EntryImpl::WriteDataImpl(int index, int offset, IOBuffer* buf, int buf_len,
-                             const CompletionCallback& callback,
-                             bool truncate) {
-  if (net_log_.IsCapturing()) {
-    net_log_.BeginEvent(
-        net::NetLog::TYPE_ENTRY_WRITE_DATA,
-        CreateNetLogReadWriteDataCallback(index, offset, buf_len, truncate));
-  }
-
-  int result = InternalWriteData(index, offset, buf, buf_len, callback,
-                                 truncate);
-
-  if (result != net::ERR_IO_PENDING && net_log_.IsCapturing()) {
-    net_log_.EndEvent(
-        net::NetLog::TYPE_ENTRY_WRITE_DATA,
-        CreateNetLogReadWriteCompleteCallback(result));
-  }
-  return result;
-}
-
-int EntryImplV3::ReadSparseData(int64_t offset,
-                                IOBuffer* buf,
-                                int buf_len,
-                                const CompletionCallback& callback) {
-  if (callback.is_null())
-    return ReadSparseDataImpl(offset, buf, buf_len, callback);
-
-  if (!background_queue_)
-    return net::ERR_UNEXPECTED;
-
-  background_queue_->ReadSparseData(this, offset, buf, buf_len, callback);
-  return net::ERR_IO_PENDING;
-}
-
-int EntryImpl::ReadSparseDataImpl(int64_t offset,
-                                  IOBuffer* buf,
-                                  int buf_len,
-                                  const CompletionCallback& callback) {
-  DCHECK(node_.Data()->dirty || read_only_);
-  int result = InitSparseData();
-  if (net::OK != result)
-    return result;
-
-  TimeTicks start = TimeTicks::Now();
-  result = sparse_->StartIO(SparseControl::kReadOperation, offset, buf, buf_len,
-                            callback);
-  ReportIOTime(kSparseRead, start);
-  return result;
-}
-
-int EntryImplV3::WriteSparseData(int64_t offset,
-                                 IOBuffer* buf,
-                                 int buf_len,
-                                 const CompletionCallback& callback) {
-  if (callback.is_null())
-    return WriteSparseDataImpl(offset, buf, buf_len, callback);
-
-  if (!background_queue_)
-    return net::ERR_UNEXPECTED;
-
-  background_queue_->WriteSparseData(this, offset, buf, buf_len, callback);
-  return net::ERR_IO_PENDING;
-}
-
-int EntryImpl::WriteSparseDataImpl(int64_t offset,
-                                   IOBuffer* buf,
-                                   int buf_len,
-                                   const CompletionCallback& callback) {
-  DCHECK(node_.Data()->dirty || read_only_);
-  int result = InitSparseData();
-  if (net::OK != result)
-    return result;
-
-  TimeTicks start = TimeTicks::Now();
-  result = sparse_->StartIO(SparseControl::kWriteOperation, offset, buf,
-                            buf_len, callback);
-  ReportIOTime(kSparseWrite, start);
-  return result;
-}
-
-int EntryImplV3::GetAvailableRange(int64_t offset,
-                                   int len,
-                                   int64_t* start,
-                                   const CompletionCallback& callback) {
-  if (!background_queue_)
-    return net::ERR_UNEXPECTED;
-
-  background_queue_->GetAvailableRange(this, offset, len, start, callback);
-  return net::ERR_IO_PENDING;
-}
-
-int EntryImpl::GetAvailableRangeImpl(int64_t offset, int len, int64_t* start) {
-  int result = InitSparseData();
-  if (net::OK != result)
-    return result;
-
-  return sparse_->GetAvailableRange(offset, len, start);
-}
-
-bool EntryImplV3::CouldBeSparse() const {
-  if (sparse_.get())
-    return true;
-
-  scoped_ptr<SparseControl> sparse;
-  sparse.reset(new SparseControl(const_cast<EntryImpl*>(this)));
-  return sparse->CouldBeSparse();
-}
-
-void EntryImplV3::CancelSparseIO() {
-  if (background_queue_)
-    background_queue_->CancelSparseIO(this);
-}
-
-void EntryImplV3::CancelSparseIOImpl() {
-  if (!sparse_.get())
-    return;
-
-  sparse_->CancelIO();
-}
-
-int EntryImplV3::ReadyForSparseIO(const CompletionCallback& callback) {
-  if (!sparse_.get())
-    return net::OK;
-
-  if (!background_queue_)
-    return net::ERR_UNEXPECTED;
-
-  background_queue_->ReadyForSparseIO(this, callback);
-  return net::ERR_IO_PENDING;
-}
-
-int EntryImplV3::ReadyForSparseIOImpl(const CompletionCallback& callback) {
-  DCHECK(sparse_.get());
-  return sparse_->ReadyToUse(callback);
-}
-
-// ------------------------------------------------------------------------
-
-// When an entry is deleted from the cache, we clean up all the data associated
-// with it for two reasons: to simplify the reuse of the block (we know that any
-// unused block is filled with zeros), and to simplify the handling of write /
-// read partial information from an entry (don't have to worry about returning
-// data related to a previous cache entry because the range was not fully
-// written before).
-EntryImplV3::~EntryImplV3() {
-  if (!backend_) {
-    entry_.clear_modified();
-    node_.clear_modified();
-    return;
-  }
-  Log("~EntryImpl in");
-
-  // Save the sparse info to disk. This will generate IO for this entry and
-  // maybe for a child entry, so it is important to do it before deleting this
-  // entry.
-  sparse_.reset();
-
-  // Remove this entry from the list of open entries.
-  backend_->OnEntryDestroyBegin(entry_.address());
-
-  if (doomed_) {
-    DeleteEntryData(true);
-  } else {
-#if defined(NET_BUILD_STRESS_CACHE)
-    SanityCheck();
-#endif
-    net_log_.AddEvent(net::NetLog::TYPE_ENTRY_CLOSE);
-    bool ret = true;
-    for (int index = 0; index < kNumStreams; index++) {
-      if (user_buffers_[index].get()) {
-        if (!(ret = Flush(index, 0)))
-          LOG(ERROR) << "Failed to save user data";
-      }
-      if (unreported_size_[index]) {
-        backend_->ModifyStorageSize(
-            entry_.Data()->data_size[index] - unreported_size_[index],
-            entry_.Data()->data_size[index]);
-      }
-    }
-
-    if (!ret) {
-      // There was a failure writing the actual data. Mark the entry as dirty.
-      int current_id = backend_->GetCurrentEntryId();
-      node_.Data()->dirty = current_id == 1 ? -1 : current_id - 1;
-      node_.Store();
-    } else if (node_.HasData() && !dirty_ && node_.Data()->dirty) {
-      node_.Data()->dirty = 0;
-      node_.Store();
-    }
-  }
-
-  Trace("~EntryImpl out 0x%p", reinterpret_cast<void*>(this));
-  net_log_.EndEvent(net::NetLog::TYPE_DISK_CACHE_ENTRY_IMPL);
-  backend_->OnEntryDestroyEnd();
-}
-
-int EntryImpl::InternalReadData(int index, int offset,
-                                IOBuffer* buf, int buf_len,
-                                const CompletionCallback& callback) {
-  DCHECK(node_.Data()->dirty || read_only_);
-  DVLOG(2) << "Read from " << index << " at " << offset << " : " << buf_len;
-  if (index < 0 || index >= kNumStreams)
-    return net::ERR_INVALID_ARGUMENT;
-
-  int entry_size = entry_.Data()->data_size[index];
-  if (offset >= entry_size || offset < 0 || !buf_len)
-    return 0;
-
-  if (buf_len < 0)
-    return net::ERR_INVALID_ARGUMENT;
-
-  if (!backend_)
-    return net::ERR_UNEXPECTED;
-
-  TimeTicks start = TimeTicks::Now();
-
-  if (offset + buf_len > entry_size)
-    buf_len = entry_size - offset;
-
-  UpdateRank(false);
-
-  backend_->OnEvent(Stats::READ_DATA);
-  backend_->OnRead(buf_len);
-
-  Addr address(entry_.Data()->data_addr[index]);
-  int eof = address.is_initialized() ? entry_size : 0;
-  if (user_buffers_[index].get() &&
-      user_buffers_[index]->PreRead(eof, offset, &buf_len)) {
-    // Complete the operation locally.
-    buf_len = user_buffers_[index]->Read(offset, buf, buf_len);
-    ReportIOTime(kRead, start);
-    return buf_len;
-  }
-
-  address.set_value(entry_.Data()->data_addr[index]);
-  DCHECK(address.is_initialized());
-  if (!address.is_initialized()) {
-    DoomImpl();
-    return net::ERR_FAILED;
-  }
-
-  File* file = GetBackingFile(address, index);
-  if (!file) {
-    DoomImpl();
-    LOG(ERROR) << "No file for " << std::hex << address.value();
-    return net::ERR_FILE_NOT_FOUND;
-  }
-
-  size_t file_offset = offset;
-  if (address.is_block_file()) {
-    DCHECK_LE(offset + buf_len, kMaxBlockSize);
-    file_offset += address.start_block() * address.BlockSize() +
-                   kBlockHeaderSize;
-  }
-
-  SyncCallback* io_callback = NULL;
-  if (!callback.is_null()) {
-    io_callback = new SyncCallback(this, buf, callback,
-                                   net::NetLog::TYPE_ENTRY_READ_DATA);
-  }
-
-  TimeTicks start_async = TimeTicks::Now();
-
-  bool completed;
-  if (!file->Read(buf->data(), buf_len, file_offset, io_callback, &completed)) {
-    if (io_callback)
-      io_callback->Discard();
-    DoomImpl();
-    return net::ERR_CACHE_READ_FAILURE;
-  }
-
-  if (io_callback && completed)
-    io_callback->Discard();
-
-  if (io_callback)
-    ReportIOTime(kReadAsync1, start_async);
-
-  ReportIOTime(kRead, start);
-  return (completed || callback.is_null()) ? buf_len : net::ERR_IO_PENDING;
-}
-
-int EntryImpl::InternalWriteData(int index, int offset,
-                                 IOBuffer* buf, int buf_len,
-                                 const CompletionCallback& callback,
-                                 bool truncate) {
-  DCHECK(node_.Data()->dirty || read_only_);
-  DVLOG(2) << "Write to " << index << " at " << offset << " : " << buf_len;
-  if (index < 0 || index >= kNumStreams)
-    return net::ERR_INVALID_ARGUMENT;
-
-  if (offset < 0 || buf_len < 0)
-    return net::ERR_INVALID_ARGUMENT;
-
-  if (!backend_)
-    return net::ERR_UNEXPECTED;
-
-  int max_file_size = backend_->MaxFileSize();
-
-  // offset or buf_len could be negative numbers.
-  if (offset > max_file_size || buf_len > max_file_size ||
-      offset + buf_len > max_file_size) {
-    int size = offset + buf_len;
-    if (size <= max_file_size)
-      size = std::numeric_limits<int32_t>::max();
-    backend_->TooMuchStorageRequested(size);
-    return net::ERR_FAILED;
-  }
-
-  TimeTicks start = TimeTicks::Now();
-
-  // Read the size at this point (it may change inside prepare).
-  int entry_size = entry_.Data()->data_size[index];
-  bool extending = entry_size < offset + buf_len;
-  truncate = truncate && entry_size > offset + buf_len;
-  Trace("To PrepareTarget 0x%x", entry_.address().value());
-  if (!PrepareTarget(index, offset, buf_len, truncate))
-    return net::ERR_FAILED;
-
-  Trace("From PrepareTarget 0x%x", entry_.address().value());
-  if (extending || truncate)
-    UpdateSize(index, entry_size, offset + buf_len);
-
-  UpdateRank(true);
-
-  backend_->OnEvent(Stats::WRITE_DATA);
-  backend_->OnWrite(buf_len);
-
-  if (user_buffers_[index].get()) {
-    // Complete the operation locally.
-    user_buffers_[index]->Write(offset, buf, buf_len);
-    ReportIOTime(kWrite, start);
-    return buf_len;
-  }
-
-  Addr address(entry_.Data()->data_addr[index]);
-  if (offset + buf_len == 0) {
-    if (truncate) {
-      DCHECK(!address.is_initialized());
-    }
-    return 0;
-  }
-
-  File* file = GetBackingFile(address, index);
-  if (!file)
-    return net::ERR_FILE_NOT_FOUND;
-
-  size_t file_offset = offset;
-  if (address.is_block_file()) {
-    DCHECK_LE(offset + buf_len, kMaxBlockSize);
-    file_offset += address.start_block() * address.BlockSize() +
-                   kBlockHeaderSize;
-  } else if (truncate || (extending && !buf_len)) {
-    if (!file->SetLength(offset + buf_len))
-      return net::ERR_FAILED;
-  }
-
-  if (!buf_len)
-    return 0;
-
-  SyncCallback* io_callback = NULL;
-  if (!callback.is_null()) {
-    io_callback = new SyncCallback(this, buf, callback,
-                                   net::NetLog::TYPE_ENTRY_WRITE_DATA);
-  }
-
-  TimeTicks start_async = TimeTicks::Now();
-
-  bool completed;
-  if (!file->Write(buf->data(), buf_len, file_offset, io_callback,
-                   &completed)) {
-    if (io_callback)
-      io_callback->Discard();
-    return net::ERR_CACHE_WRITE_FAILURE;
-  }
-
-  if (io_callback && completed)
-    io_callback->Discard();
-
-  if (io_callback)
-    ReportIOTime(kWriteAsync1, start_async);
-
-  ReportIOTime(kWrite, start);
-  return (completed || callback.is_null()) ? buf_len : net::ERR_IO_PENDING;
-}
-
-// ------------------------------------------------------------------------
-
-bool EntryImpl::CreateDataBlock(int index, int size) {
-  DCHECK(index >= 0 && index < kNumStreams);
-
-  Addr address(entry_.Data()->data_addr[index]);
-  if (!CreateBlock(size, &address))
-    return false;
-
-  entry_.Data()->data_addr[index] = address.value();
-  entry_.Store();
-  return true;
-}
-
-bool EntryImpl::CreateBlock(int size, Addr* address) {
-  DCHECK(!address->is_initialized());
-  if (!backend_)
-    return false;
-
-  FileType file_type = Addr::RequiredFileType(size);
-  if (EXTERNAL == file_type) {
-    if (size > backend_->MaxFileSize())
-      return false;
-    if (!backend_->CreateExternalFile(address))
-      return false;
-  } else {
-    int num_blocks = Addr::RequiredBlocks(size, file_type);
-
-    if (!backend_->CreateBlock(file_type, num_blocks, address))
-      return false;
-  }
-  return true;
-}
-
-// Note that this method may end up modifying a block file so upon return the
-// involved block will be free, and could be reused for something else. If there
-// is a crash after that point (and maybe before returning to the caller), the
-// entry will be left dirty... and at some point it will be discarded; it is
-// important that the entry doesn't keep a reference to this address, or we'll
-// end up deleting the contents of |address| once again.
-void EntryImpl::DeleteData(Addr address, int index) {
-  DCHECK(backend_);
-  if (!address.is_initialized())
-    return;
-  if (address.is_separate_file()) {
-    int failure = !DeleteCacheFile(backend_->GetFileName(address));
-    CACHE_UMA(COUNTS, "DeleteFailed", 0, failure);
-    if (failure) {
-      LOG(ERROR) << "Failed to delete " <<
-          backend_->GetFileName(address).value() << " from the cache.";
-    }
-    if (files_[index])
-      files_[index] = NULL;  // Releases the object.
-  } else {
-    backend_->DeleteBlock(address, true);
-  }
-}
-
-void EntryImpl::UpdateRank(bool modified) {
-  if (!backend_)
-    return;
-
-  if (!doomed_) {
-    // Everything is handled by the backend.
-    backend_->UpdateRank(this, modified);
-    return;
-  }
-
-  Time current = Time::Now();
-  node_.Data()->last_used = current.ToInternalValue();
-
-  if (modified)
-    node_.Data()->last_modified = current.ToInternalValue();
-}
-
-void EntryImpl::DeleteEntryData(bool everything) {
-  DCHECK(doomed_ || !everything);
-
-  if (GetEntryFlags() & PARENT_ENTRY) {
-    // We have some child entries that must go away.
-    SparseControl::DeleteChildren(this);
-  }
-
-  if (GetDataSize(0))
-    CACHE_UMA(COUNTS, "DeleteHeader", 0, GetDataSize(0));
-  if (GetDataSize(1))
-    CACHE_UMA(COUNTS, "DeleteData", 0, GetDataSize(1));
-  for (int index = 0; index < kNumStreams; index++) {
-    Addr address(entry_.Data()->data_addr[index]);
-    if (address.is_initialized()) {
-      backend_->ModifyStorageSize(entry_.Data()->data_size[index] -
-                                      unreported_size_[index], 0);
-      entry_.Data()->data_addr[index] = 0;
-      entry_.Data()->data_size[index] = 0;
-      entry_.Store();
-      DeleteData(address, index);
-    }
-  }
-
-  if (!everything)
-    return;
-
-  // Remove all traces of this entry.
-  backend_->RemoveEntry(this);
-
-  // Note that at this point node_ and entry_ are just two blocks of data, and
-  // even if they reference each other, nobody should be referencing them.
-
-  Addr address(entry_.Data()->long_key);
-  DeleteData(address, kKeyFileIndex);
-  backend_->ModifyStorageSize(entry_.Data()->key_len, 0);
-
-  backend_->DeleteBlock(entry_.address(), true);
-  entry_.Discard();
-
-  if (!LeaveRankingsBehind()) {
-    backend_->DeleteBlock(node_.address(), true);
-    node_.Discard();
-  }
-}
-
-// We keep a memory buffer for everything that ends up stored on a block file
-// (because we don't know yet the final data size), and for some of the data
-// that end up on external files. This function will initialize that memory
-// buffer and / or the files needed to store the data.
-//
-// In general, a buffer may overlap data already stored on disk, and in that
-// case, the contents of the buffer are the most accurate. It may also extend
-// the file, but we don't want to read from disk just to keep the buffer up to
-// date. This means that as soon as there is a chance to get confused about what
-// is the most recent version of some part of a file, we'll flush the buffer and
-// reuse it for the new data. Keep in mind that the normal use pattern is quite
-// simple (write sequentially from the beginning), so we optimize for handling
-// that case.
-bool EntryImpl::PrepareTarget(int index, int offset, int buf_len,
-                              bool truncate) {
-  if (truncate)
-    return HandleTruncation(index, offset, buf_len);
-
-  if (!offset && !buf_len)
-    return true;
-
-  Addr address(entry_.Data()->data_addr[index]);
-  if (address.is_initialized()) {
-    if (address.is_block_file() && !MoveToLocalBuffer(index))
-      return false;
-
-    if (!user_buffers_[index].get() && offset < kMaxBlockSize) {
-      // We are about to create a buffer for the first 16KB, make sure that we
-      // preserve existing data.
-      if (!CopyToLocalBuffer(index))
-        return false;
-    }
-  }
-
-  if (!user_buffers_[index].get())
-    user_buffers_[index].reset(new UserBuffer(backend_.get()));
-
-  return PrepareBuffer(index, offset, buf_len);
-}
-
-// We get to this function with some data already stored. If there is a
-// truncation that results on data stored internally, we'll explicitly
-// handle the case here.
-bool EntryImpl::HandleTruncation(int index, int offset, int buf_len) {
-  Addr address(entry_.Data()->data_addr[index]);
-
-  int current_size = entry_.Data()->data_size[index];
-  int new_size = offset + buf_len;
-
-  if (!new_size) {
-    // This is by far the most common scenario.
-    backend_->ModifyStorageSize(current_size - unreported_size_[index], 0);
-    entry_.Data()->data_addr[index] = 0;
-    entry_.Data()->data_size[index] = 0;
-    unreported_size_[index] = 0;
-    entry_.Store();
-    DeleteData(address, index);
-
-    user_buffers_[index].reset();
-    return true;
-  }
-
-  // We never postpone truncating a file, if there is one, but we may postpone
-  // telling the backend about the size reduction.
-  if (user_buffers_[index].get()) {
-    DCHECK_GE(current_size, user_buffers_[index]->Start());
-    if (!address.is_initialized()) {
-      // There is no overlap between the buffer and disk.
-      if (new_size > user_buffers_[index]->Start()) {
-        // Just truncate our buffer.
-        DCHECK_LT(new_size, user_buffers_[index]->End());
-        user_buffers_[index]->Truncate(new_size);
-        return true;
-      }
-
-      // Just discard our buffer.
-      user_buffers_[index]->Reset();
-      return PrepareBuffer(index, offset, buf_len);
-    }
-
-    // There is some overlap or we need to extend the file before the
-    // truncation.
-    if (offset > user_buffers_[index]->Start())
-      user_buffers_[index]->Truncate(new_size);
-    UpdateSize(index, current_size, new_size);
-    if (!Flush(index, 0))
-      return false;
-    user_buffers_[index].reset();
-  }
-
-  // We have data somewhere, and it is not in a buffer.
-  DCHECK(!user_buffers_[index].get());
-  DCHECK(address.is_initialized());
-
-  if (new_size > kMaxBlockSize)
-    return true;  // Let the operation go directly to disk.
-
-  return ImportSeparateFile(index, offset + buf_len);
-}
-
-bool EntryImpl::CopyToLocalBuffer(int index) {
-  Addr address(entry_.Data()->data_addr[index]);
-  DCHECK(!user_buffers_[index].get());
-  DCHECK(address.is_initialized());
-
-  int len = std::min(entry_.Data()->data_size[index], kMaxBlockSize);
-  user_buffers_[index].reset(new UserBuffer(backend_.get()));
-  user_buffers_[index]->Write(len, NULL, 0);
-
-  File* file = GetBackingFile(address, index);
-  int offset = 0;
-
-  if (address.is_block_file())
-    offset = address.start_block() * address.BlockSize() + kBlockHeaderSize;
-
-  if (!file ||
-      !file->Read(user_buffers_[index]->Data(), len, offset, NULL, NULL)) {
-    user_buffers_[index].reset();
-    return false;
-  }
-  return true;
-}
-
-bool EntryImpl::MoveToLocalBuffer(int index) {
-  if (!CopyToLocalBuffer(index))
-    return false;
-
-  Addr address(entry_.Data()->data_addr[index]);
-  entry_.Data()->data_addr[index] = 0;
-  entry_.Store();
-  DeleteData(address, index);
-
-  // If we lose this entry we'll see it as zero sized.
-  int len = entry_.Data()->data_size[index];
-  backend_->ModifyStorageSize(len - unreported_size_[index], 0);
-  unreported_size_[index] = len;
-  return true;
-}
-
-bool EntryImpl::ImportSeparateFile(int index, int new_size) {
-  if (entry_.Data()->data_size[index] > new_size)
-    UpdateSize(index, entry_.Data()->data_size[index], new_size);
-
-  return MoveToLocalBuffer(index);
-}
-
-bool EntryImpl::PrepareBuffer(int index, int offset, int buf_len) {
-  DCHECK(user_buffers_[index].get());
-  if ((user_buffers_[index]->End() && offset > user_buffers_[index]->End()) ||
-      offset > entry_.Data()->data_size[index]) {
-    // We are about to extend the buffer or the file (with zeros), so make sure
-    // that we are not overwriting anything.
-    Addr address(entry_.Data()->data_addr[index]);
-    if (address.is_initialized() && address.is_separate_file()) {
-      if (!Flush(index, 0))
-        return false;
-      // There is an actual file already, and we don't want to keep track of
-      // its length so we let this operation go straight to disk.
-      // The only case when a buffer is allowed to extend the file (as in fill
-      // with zeros before the start) is when there is no file yet to extend.
-      user_buffers_[index].reset();
-      return true;
-    }
-  }
-
-  if (!user_buffers_[index]->PreWrite(offset, buf_len)) {
-    if (!Flush(index, offset + buf_len))
-      return false;
-
-    // Lets try again.
-    if (offset > user_buffers_[index]->End() ||
-        !user_buffers_[index]->PreWrite(offset, buf_len)) {
-      // We cannot complete the operation with a buffer.
-      DCHECK(!user_buffers_[index]->Size());
-      DCHECK(!user_buffers_[index]->Start());
-      user_buffers_[index].reset();
-    }
-  }
-  return true;
-}
-
-bool EntryImpl::Flush(int index, int min_len) {
-  Addr address(entry_.Data()->data_addr[index]);
-  DCHECK(user_buffers_[index].get());
-  DCHECK(!address.is_initialized() || address.is_separate_file());
-  DVLOG(3) << "Flush";
-
-  int size = std::max(entry_.Data()->data_size[index], min_len);
-  if (size && !address.is_initialized() && !CreateDataBlock(index, size))
-    return false;
-
-  if (!entry_.Data()->data_size[index]) {
-    DCHECK(!user_buffers_[index]->Size());
-    return true;
-  }
-
-  address.set_value(entry_.Data()->data_addr[index]);
-
-  int len = user_buffers_[index]->Size();
-  int offset = user_buffers_[index]->Start();
-  if (!len && !offset)
-    return true;
-
-  if (address.is_block_file()) {
-    DCHECK_EQ(len, entry_.Data()->data_size[index]);
-    DCHECK(!offset);
-    offset = address.start_block() * address.BlockSize() + kBlockHeaderSize;
-  }
-
-  File* file = GetBackingFile(address, index);
-  if (!file)
-    return false;
-
-  if (!file->Write(user_buffers_[index]->Data(), len, offset, NULL, NULL))
-    return false;
-  user_buffers_[index]->Reset();
-
-  return true;
-}
-
-void EntryImpl::UpdateSize(int index, int old_size, int new_size) {
-  if (entry_.Data()->data_size[index] == new_size)
-    return;
-
-  unreported_size_[index] += new_size - old_size;
-  entry_.Data()->data_size[index] = new_size;
-  entry_.set_modified();
-}
-
-int EntryImpl::InitSparseData() {
-  if (sparse_.get())
-    return net::OK;
-
-  // Use a local variable so that sparse_ never goes from 'valid' to NULL.
-  scoped_ptr<SparseControl> sparse(new SparseControl(this));
-  int result = sparse->Init();
-  if (net::OK == result)
-    sparse_.swap(sparse);
-
-  return result;
-}
-
-void EntryImpl::SetEntryFlags(uint32_t flags) {
-  entry_.Data()->flags |= flags;
-  entry_.set_modified();
-}
-
-uint32_t EntryImpl::GetEntryFlags() {
-  return entry_.Data()->flags;
-}
-
-void EntryImpl::GetData(int index, char** buffer, Addr* address) {
-  DCHECK(backend_);
-  if (user_buffers_[index].get() && user_buffers_[index]->Size() &&
-      !user_buffers_[index]->Start()) {
-    // The data is already in memory, just copy it and we're done.
-    int data_len = entry_.Data()->data_size[index];
-    if (data_len <= user_buffers_[index]->Size()) {
-      DCHECK(!user_buffers_[index]->Start());
-      *buffer = new char[data_len];
-      memcpy(*buffer, user_buffers_[index]->Data(), data_len);
-      return;
-    }
-  }
-
-  // Bad news: we'd have to read the info from disk so instead we'll just tell
-  // the caller where to read from.
-  *buffer = NULL;
-  address->set_value(entry_.Data()->data_addr[index]);
-  if (address->is_initialized()) {
-    // Prevent us from deleting the block from the backing store.
-    backend_->ModifyStorageSize(entry_.Data()->data_size[index] -
-                                    unreported_size_[index], 0);
-    entry_.Data()->data_addr[index] = 0;
-    entry_.Data()->data_size[index] = 0;
-  }
-}
-
-#endif  // defined(V3_NOT_JUST_YET_READY).
-
-void EntryImplV3::ReportIOTime(Operation op, const base::TimeTicks& start) {
-  if (!backend_)
-    return;
-
-  switch (op) {
-    case kRead:
-      CACHE_UMA(AGE_MS, "ReadTime", start);
-      break;
-    case kWrite:
-      CACHE_UMA(AGE_MS, "WriteTime", start);
-      break;
-    case kSparseRead:
-      CACHE_UMA(AGE_MS, "SparseReadTime", start);
-      break;
-    case kSparseWrite:
-      CACHE_UMA(AGE_MS, "SparseWriteTime", start);
-      break;
-    case kAsyncIO:
-      CACHE_UMA(AGE_MS, "AsyncIOTime", start);
-      break;
-    case kReadAsync1:
-      CACHE_UMA(AGE_MS, "AsyncReadDispatchTime", start);
-      break;
-    case kWriteAsync1:
-      CACHE_UMA(AGE_MS, "AsyncWriteDispatchTime", start);
-      break;
-    default:
-      NOTREACHED();
-  }
-}
-
-void EntryImplV3::Log(const char* msg) {
-  Trace("%s 0x%p 0x%x", msg, reinterpret_cast<void*>(this), address_);
-  Trace("  data: 0x%x 0x%x", entry_->data_addr[0], entry_->data_addr[1]);
-  Trace("  doomed: %d", doomed_);
-}
-
-void EntryImplV3::Doom() {
-  NOTIMPLEMENTED();
-}
-
-void EntryImplV3::Close() {
-  NOTIMPLEMENTED();
-}
-
-std::string EntryImplV3::GetKey() const {
-  return std::string();
-}
-
-Time EntryImplV3::GetLastUsed() const {
-  return Time();
-}
-
-Time EntryImplV3::GetLastModified() const {
-  return Time();
-}
-
-int32_t EntryImplV3::GetDataSize(int index) const {
-  return 0;
-}
-
-int EntryImplV3::ReadData(int index, int offset, IOBuffer* buf, int buf_len,
-                          const CompletionCallback& callback) {
-  return net::ERR_FAILED;
-}
-
-int EntryImplV3::WriteData(int index, int offset, IOBuffer* buf, int buf_len,
-                           const CompletionCallback& callback, bool truncate) {
-  return net::ERR_FAILED;
-}
-
-int EntryImplV3::ReadSparseData(int64_t offset,
-                                IOBuffer* buf,
-                                int buf_len,
-                                const CompletionCallback& callback) {
-  return net::ERR_FAILED;
-}
-
-int EntryImplV3::WriteSparseData(int64_t offset,
-                                 IOBuffer* buf,
-                                 int buf_len,
-                                 const CompletionCallback& callback) {
-  return net::ERR_FAILED;
-}
-
-int EntryImplV3::GetAvailableRange(int64_t offset,
-                                   int len,
-                                   int64_t* start,
-                                   const CompletionCallback& callback) {
-  return net::ERR_FAILED;
-}
-
-bool EntryImplV3::CouldBeSparse() const {
-  return false;
-}
-
-void EntryImplV3::CancelSparseIO() {
-  NOTIMPLEMENTED();
-}
-
-int EntryImplV3::ReadyForSparseIO(const CompletionCallback& callback) {
-  return net::ERR_FAILED;
-}
-
-EntryImplV3::~EntryImplV3() {
-  NOTIMPLEMENTED();
-}
-
-}  // namespace disk_cache
diff --git a/chromium/net/disk_cache/blockfile/entry_impl_v3.h b/chromium/net/disk_cache/blockfile/entry_impl_v3.h
deleted file mode 100644
index a9a5df5170d..00000000000
--- a/chromium/net/disk_cache/blockfile/entry_impl_v3.h
+++ /dev/null
@@ -1,223 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef NET_DISK_CACHE_BLOCKFILE_ENTRY_IMPL_V3_H_
-#define NET_DISK_CACHE_BLOCKFILE_ENTRY_IMPL_V3_H_
-
-#include <stdint.h>
-
-#include <string>
-
-#include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
-#include "net/disk_cache/blockfile/disk_format_v3.h"
-#include "net/disk_cache/blockfile/storage_block.h"
-#include "net/disk_cache/disk_cache.h"
-#include "net/log/net_log.h"
-
-namespace disk_cache {
-
-class BackendImplV3;
-class SparseControlV3;
-
-// This class implements the Entry interface. An object of this
-// class represents a single entry on the cache.
-class NET_EXPORT_PRIVATE EntryImplV3
-    : public Entry,
-      public base::RefCounted<EntryImplV3> {
-  friend class base::RefCounted<EntryImplV3>;
-  // friend class SparseControlV3;
- public:
-  enum Operation {
-    kRead,
-    kWrite,
-    kSparseRead,
-    kSparseWrite,
-    kAsyncIO,
-    kReadAsync1,
-    kWriteAsync1
-  };
-
-  EntryImplV3(BackendImplV3* backend, Addr address, bool read_only);
-
-  // Performs the initialization of a EntryImplV3 that will be added to the
-  // cache.
-  bool CreateEntry(Addr node_address, const std::string& key, uint32_t hash);
-
-  uint32_t GetHash();
-
-  uint32_t GetHash() const;
-  Addr GetAddress() const;
-  int GetReuseCounter() const;
-  void SetReuseCounter(int count);
-  int GetRefetchCounter() const;
-  void SetRefetchCounter(int count);
-
-  // Returns true if this entry matches the lookup arguments.
-  bool IsSameEntry(const std::string& key, uint32_t hash);
-
-  // Permamently destroys this entry.
-  void InternalDoom();
-
-  // Returns false if the entry is clearly invalid.
-  bool SanityCheck();
-  bool DataSanityCheck();
-
-  // Attempts to make this entry reachable though the key.
-  void FixForDelete();
-
-  // Set the access times for this entry. This method provides support for
-  // the upgrade tool.
-  void SetTimes(base::Time last_used, base::Time last_modified);
-
-  // Logs a begin event and enables logging for the EntryImplV3. Will also cause
-  // an end event to be logged on destruction. The EntryImplV3 must have its key
-  // initialized before this is called. |created| is true if the Entry was
-  // created rather than opened.
-  void BeginLogging(net::NetLog* net_log, bool created);
-
-  const net::BoundNetLog& net_log() const;
-
-  // Entry interface.
-  void Doom() override;
-  void Close() override;
-  std::string GetKey() const override;
-  base::Time GetLastUsed() const override;
-  base::Time GetLastModified() const override;
-  int32_t GetDataSize(int index) const override;
-  int ReadData(int index,
-               int offset,
-               IOBuffer* buf,
-               int buf_len,
-               const CompletionCallback& callback) override;
-  int WriteData(int index,
-                int offset,
-                IOBuffer* buf,
-                int buf_len,
-                const CompletionCallback& callback,
-                bool truncate) override;
-  int ReadSparseData(int64_t offset,
-                     IOBuffer* buf,
-                     int buf_len,
-                     const CompletionCallback& callback) override;
-  int WriteSparseData(int64_t offset,
-                      IOBuffer* buf,
-                      int buf_len,
-                      const CompletionCallback& callback) override;
-  int GetAvailableRange(int64_t offset,
-                        int len,
-                        int64_t* start,
-                        const CompletionCallback& callback) override;
-  bool CouldBeSparse() const override;
-  void CancelSparseIO() override;
-  int ReadyForSparseIO(const CompletionCallback& callback) override;
-
- private:
-  enum {
-     kNumStreams = 3
-  };
-  class UserBuffer;
-
-  ~EntryImplV3() override;
-
-  // Do all the work for ReadDataImpl and WriteDataImpl.  Implemented as
-  // separate functions to make logging of results simpler.
-  int InternalReadData(int index, int offset, IOBuffer* buf,
-                       int buf_len, const CompletionCallback& callback);
-  int InternalWriteData(int index, int offset, IOBuffer* buf, int buf_len,
-                        const CompletionCallback& callback, bool truncate);
-
-  // Initializes the storage for an internal or external data block.
-  bool CreateDataBlock(int index, int size);
-
-  // Initializes the storage for an internal or external generic block.
-  bool CreateBlock(int size, Addr* address);
-
-  // Deletes the data pointed by address, maybe backed by files_[index].
-  // Note that most likely the caller should delete (and store) the reference to
-  // |address| *before* calling this method because we don't want to have an
-  // entry using an address that is already free.
-  void DeleteData(Addr address, int index);
-
-  // Updates ranking information.
-  void UpdateRank(bool modified);
-
-  // Deletes this entry from disk. If |everything| is false, only the user data
-  // will be removed, leaving the key and control data intact.
-  void DeleteEntryData(bool everything);
-
-  // Prepares the target file or buffer for a write of buf_len bytes at the
-  // given offset.
-  bool PrepareTarget(int index, int offset, int buf_len, bool truncate);
-
-  // Adjusts the internal buffer and file handle for a write that truncates this
-  // stream.
-  bool HandleTruncation(int index, int offset, int buf_len);
-
-  // Copies data from disk to the internal buffer.
-  bool CopyToLocalBuffer(int index);
-
-  // Reads from a block data file to this object's memory buffer.
-  bool MoveToLocalBuffer(int index);
-
-  // Loads the external file to this object's memory buffer.
-  bool ImportSeparateFile(int index, int new_size);
-
-  // Makes sure that the internal buffer can handle the a write of |buf_len|
-  // bytes to |offset|.
-  bool PrepareBuffer(int index, int offset, int buf_len);
-
-  // Flushes the in-memory data to the backing storage. The data destination
-  // is determined based on the current data length and |min_len|.
-  bool Flush(int index, int min_len);
-
-  // Updates the size of a given data stream.
-  void UpdateSize(int index, int old_size, int new_size);
-
-  // Initializes the sparse control object. Returns a net error code.
-  int InitSparseData();
-
-  // Adds the provided |flags| to the current EntryFlags for this entry.
-  void SetEntryFlags(uint32_t flags);
-
-  // Returns the current EntryFlags for this entry.
-  uint32_t GetEntryFlags();
-
-  // Gets the data stored at the given index. If the information is in memory,
-  // a buffer will be allocated and the data will be copied to it (the caller
-  // can find out the size of the buffer before making this call). Otherwise,
-  // the cache address of the data will be returned, and that address will be
-  // removed from the regular book keeping of this entry so the caller is
-  // responsible for deleting the block (or file) from the backing store at some
-  // point; there is no need to report any storage-size change, only to do the
-  // actual cleanup.
-  void GetData(int index, char** buffer, Addr* address);
-
-  // Generates a histogram for the time spent working on this operation.
-  void ReportIOTime(Operation op, const base::TimeTicks& start);
-
-  // Logs this entry to the internal trace buffer.
-  void Log(const char* msg);
-
-  scoped_ptr<EntryRecord> entry_;  // Basic record for this entry.
-  scoped_ptr<ShortEntryRecord> short_entry_;  // Valid for evicted entries.
-  base::WeakPtr<BackendImplV3> backend_;  // Back pointer to the cache.
-  scoped_ptr<UserBuffer> user_buffers_[kNumStreams];  // Stores user data.
-  mutable std::string key_;           // Copy of the key.
-  Addr address_;
-  int unreported_size_[kNumStreams];  // Bytes not reported yet to the backend.
-  bool doomed_;               // True if this entry was removed from the cache.
-  bool read_only_;
-  bool dirty_;                // True if there is something to write.
-  bool modified_;
-  // scoped_ptr<SparseControlV3> sparse_;  // Support for sparse entries.
-
-  net::BoundNetLog net_log_;
-
-  DISALLOW_COPY_AND_ASSIGN(EntryImplV3);
-};
-
-}  // namespace disk_cache
-
-#endif  // NET_DISK_CACHE_BLOCKFILE_ENTRY_IMPL_V3_H_
diff --git a/chromium/net/disk_cache/blockfile/eviction.cc b/chromium/net/disk_cache/blockfile/eviction.cc
index 6e0dcd5a833..860b8b11006 100644
--- a/chromium/net/disk_cache/blockfile/eviction.cc
+++ b/chromium/net/disk_cache/blockfile/eviction.cc
@@ -38,7 +38,7 @@
 #include "base/logging.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/string_util.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/time/time.h"
 #include "net/disk_cache/blockfile/backend_impl.h"
 #include "net/disk_cache/blockfile/disk_format.h"
diff --git a/chromium/net/disk_cache/blockfile/eviction_v3.cc b/chromium/net/disk_cache/blockfile/eviction_v3.cc
deleted file mode 100644
index c658a8e0e52..00000000000
--- a/chromium/net/disk_cache/blockfile/eviction_v3.cc
+++ /dev/null
@@ -1,516 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-// The eviction policy is a very simple pure LRU, so the elements at the end of
-// the list are evicted until kCleanUpMargin free space is available. There is
-// only one list in use (Rankings::NO_USE), and elements are sent to the front
-// of the list whenever they are accessed.
-
-// The new (in-development) eviction policy adds re-use as a factor to evict
-// an entry. The story so far:
-
-// Entries are linked on separate lists depending on how often they are used.
-// When we see an element for the first time, it goes to the NO_USE list; if
-// the object is reused later on, we move it to the LOW_USE list, until it is
-// used kHighUse times, at which point it is moved to the HIGH_USE list.
-// Whenever an element is evicted, we move it to the DELETED list so that if the
-// element is accessed again, we remember the fact that it was already stored
-// and maybe in the future we don't evict that element.
-
-// When we have to evict an element, first we try to use the last element from
-// the NO_USE list, then we move to the LOW_USE and only then we evict an entry
-// from the HIGH_USE. We attempt to keep entries on the cache for at least
-// kTargetTime hours (with frequently accessed items stored for longer periods),
-// but if we cannot do that, we fall-back to keep each list roughly the same
-// size so that we have a chance to see an element again and move it to another
-// list.
-
-#include "net/disk_cache/blockfile/eviction_v3.h"
-
-#include <stdint.h>
-
-#include <limits>
-
-#include "base/bind.h"
-#include "base/compiler_specific.h"
-#include "base/logging.h"
-#include "base/message_loop/message_loop.h"
-#include "base/strings/string_util.h"
-#include "base/time/time.h"
-#include "net/disk_cache/blockfile/backend_impl_v3.h"
-#include "net/disk_cache/blockfile/entry_impl_v3.h"
-#include "net/disk_cache/blockfile/experiments.h"
-#include "net/disk_cache/blockfile/histogram_macros_v3.h"
-#include "net/disk_cache/blockfile/trace.h"
-
-#define CACHE_UMA_BACKEND_IMPL_OBJ backend_
-
-using base::Time;
-using base::TimeTicks;
-
-namespace {
-
-const int kCleanUpMargin = 1024 * 1024;
-
-#if defined(V3_NOT_JUST_YET_READY)
-const int kHighUse = 10;  // Reuse count to be on the HIGH_USE list.
-const int kTargetTime = 24 * 7;  // Time to be evicted (hours since last use).
-const int kMaxDelayedTrims = 60;
-#endif  // defined(V3_NOT_JUST_YET_READY).
-
-int LowWaterAdjust(int high_water) {
-  if (high_water < kCleanUpMargin)
-    return 0;
-
-  return high_water - kCleanUpMargin;
-}
-
-#if defined(V3_NOT_JUST_YET_READY)
-bool FallingBehind(int current_size, int max_size) {
-  return current_size > max_size - kCleanUpMargin * 20;
-}
-#endif  // defined(V3_NOT_JUST_YET_READY).
-
-}  // namespace
-
-namespace disk_cache {
-
-// The real initialization happens during Init(), init_ is the only member that
-// has to be initialized here.
-EvictionV3::EvictionV3()
-    : backend_(NULL),
-      index_(NULL),
-      header_(NULL),
-      init_(false),
-      ptr_factory_(this) {
-}
-
-EvictionV3::~EvictionV3() {
-}
-
-void EvictionV3::Init(BackendImplV3* backend) {
-  // We grab a bunch of info from the backend to make the code a little cleaner
-  // when we're actually doing work.
-  backend_ = backend;
-  index_ = &backend_->index_;
-  header_ = index_->header();
-  max_size_ = LowWaterAdjust(backend_->max_size_);
-  lru_ = backend->lru_eviction_;
-  first_trim_ = true;
-  trimming_ = false;
-  delay_trim_ = false;
-  trim_delays_ = 0;
-  init_ = true;
-  test_mode_ = false;
-}
-
-void EvictionV3::Stop() {
-  // It is possible for the backend initialization to fail, in which case this
-  // object was never initialized... and there is nothing to do.
-  if (!init_)
-    return;
-
-  // We want to stop further evictions, so let's pretend that we are busy from
-  // this point on.
-  DCHECK(!trimming_);
-  trimming_ = true;
-  ptr_factory_.InvalidateWeakPtrs();
-}
-
-#if defined(V3_NOT_JUST_YET_READY)
-void EvictionV3::TrimCache() {
-  if (backend_->disabled_ || trimming_)
-    return;
-
-  if (!empty && !ShouldTrim())
-    return PostDelayedTrim();
-
-  if (new_eviction_)
-    return TrimCacheV2(empty);
-
-  Trace("*** Trim Cache ***");
-  trimming_ = true;
-  TimeTicks start = TimeTicks::Now();
-  Rankings::ScopedRankingsBlock node(rankings_);
-  Rankings::ScopedRankingsBlock next(
-      rankings_, rankings_->GetPrev(node.get(), Rankings::NO_USE));
-  int deleted_entries = 0;
-  int target_size = empty ? 0 : max_size_;
-  while ((header_->num_bytes > target_size || test_mode_) && next.get()) {
-    // The iterator could be invalidated within EvictEntry().
-    if (!next->HasData())
-      break;
-    node.reset(next.release());
-    next.reset(rankings_->GetPrev(node.get(), Rankings::NO_USE));
-    if (node->Data()->dirty != backend_->GetCurrentEntryId() || empty) {
-      // This entry is not being used by anybody.
-      // Do NOT use node as an iterator after this point.
-      rankings_->TrackRankingsBlock(node.get(), false);
-      if (EvictEntry(node.get(), empty, Rankings::NO_USE) && !test_mode_)
-        deleted_entries++;
-
-      if (!empty && test_mode_)
-        break;
-    }
-    if (!empty && (deleted_entries > 20 ||
-                   (TimeTicks::Now() - start).InMilliseconds() > 20)) {
-      base::MessageLoop::current()->PostTask(
-          FROM_HERE,
-          base::Bind(&EvictionV3::TrimCache, ptr_factory_.GetWeakPtr(), false));
-      break;
-    }
-  }
-
-  if (empty) {
-    CACHE_UMA(AGE_MS, "TotalClearTimeV1", 0, start);
-  } else {
-    CACHE_UMA(AGE_MS, "TotalTrimTimeV1", 0, start);
-  }
-  CACHE_UMA(COUNTS, "TrimItemsV1", 0, deleted_entries);
-
-  trimming_ = false;
-  Trace("*** Trim Cache end ***");
-  return;
-}
-
-void EvictionV3::OnOpenEntry(EntryImplV3* entry) {
-  EntryStore* info = entry->entry()->Data();
-  DCHECK_EQ(ENTRY_NORMAL, info->state);
-
-  if (info->reuse_count < std::numeric_limits<int32_t>::max()) {
-    info->reuse_count++;
-    entry->entry()->set_modified();
-
-    // We may need to move this to a new list.
-    if (1 == info->reuse_count) {
-      rankings_->Remove(entry->rankings(), Rankings::NO_USE, true);
-      rankings_->Insert(entry->rankings(), false, Rankings::LOW_USE);
-      entry->entry()->Store();
-    } else if (kHighUse == info->reuse_count) {
-      rankings_->Remove(entry->rankings(), Rankings::LOW_USE, true);
-      rankings_->Insert(entry->rankings(), false, Rankings::HIGH_USE);
-      entry->entry()->Store();
-    }
-  }
-}
-
-void EvictionV3::OnCreateEntry(EntryImplV3* entry) {
-  EntryStore* info = entry->entry()->Data();
-  switch (info->state) {
-    case ENTRY_NORMAL: {
-      DCHECK(!info->reuse_count);
-      DCHECK(!info->refetch_count);
-      break;
-    };
-    case ENTRY_EVICTED: {
-      if (info->refetch_count < std::numeric_limits<int32_t>::max())
-        info->refetch_count++;
-
-      if (info->refetch_count > kHighUse && info->reuse_count < kHighUse) {
-        info->reuse_count = kHighUse;
-      } else {
-        info->reuse_count++;
-      }
-      info->state = ENTRY_NORMAL;
-      entry->entry()->Store();
-      rankings_->Remove(entry->rankings(), Rankings::DELETED, true);
-      break;
-    };
-    default:
-      NOTREACHED();
-  }
-
-  rankings_->Insert(entry->rankings(), true, GetListForEntryV2(entry));
-}
-
-void EvictionV3::SetTestMode() {
-  test_mode_ = true;
-}
-
-void EvictionV3::TrimDeletedList(bool empty) {
-  DCHECK(test_mode_ && new_eviction_);
-  TrimDeleted(empty);
-}
-
-// -----------------------------------------------------------------------
-
-void EvictionV3::PostDelayedTrim() {
-  // Prevent posting multiple tasks.
-  if (delay_trim_)
-    return;
-  delay_trim_ = true;
-  trim_delays_++;
-  base::MessageLoop::current()->PostDelayedTask(
-      FROM_HERE,
-      base::Bind(&EvictionV3::DelayedTrim, ptr_factory_.GetWeakPtr()),
-      base::TimeDelta::FromMilliseconds(1000));
-}
-
-void EvictionV3::DelayedTrim() {
-  delay_trim_ = false;
-  if (trim_delays_ < kMaxDelayedTrims && backend_->IsLoaded())
-    return PostDelayedTrim();
-
-  TrimCache(false);
-}
-
-bool EvictionV3::ShouldTrim() {
-  if (!FallingBehind(header_->num_bytes, max_size_) &&
-      trim_delays_ < kMaxDelayedTrims && backend_->IsLoaded()) {
-    return false;
-  }
-
-  UMA_HISTOGRAM_COUNTS("DiskCache.TrimDelays", trim_delays_);
-  trim_delays_ = 0;
-  return true;
-}
-
-bool EvictionV3::ShouldTrimDeleted() {
-  int index_load = header_->num_entries * 100 / index_size_;
-
-  // If the index is not loaded, the deleted list will tend to double the size
-  // of the other lists 3 lists (40% of the total). Otherwise, all lists will be
-  // about the same size.
-  int max_length = (index_load < 25) ? header_->num_entries * 2 / 5 :
-                                       header_->num_entries / 4;
-  return (!test_mode_ && header_->lru.sizes[Rankings::DELETED] > max_length);
-}
-
-bool Eviction::EvictEntry(CacheRankingsBlock* node, bool empty,
-                          Rankings::List list) {
-  EntryImplV3* entry = backend_->GetEnumeratedEntry(node, list);
-  if (!entry) {
-    Trace("NewEntry failed on Trim 0x%x", node->address().value());
-    return false;
-  }
-
-  ReportTrimTimes(entry);
-  if (empty || !new_eviction_) {
-    entry->DoomImpl();
-  } else {
-    entry->DeleteEntryData(false);
-    EntryStore* info = entry->entry()->Data();
-    DCHECK_EQ(ENTRY_NORMAL, info->state);
-
-    rankings_->Remove(entry->rankings(), GetListForEntryV2(entry), true);
-    info->state = ENTRY_EVICTED;
-    entry->entry()->Store();
-    rankings_->Insert(entry->rankings(), true, Rankings::DELETED);
-  }
-  if (!empty)
-    backend_->OnEvent(Stats::TRIM_ENTRY);
-
-  entry->Release();
-
-  return true;
-}
-
-void EvictionV3::TrimCacheV2(bool empty) {
-  Trace("*** Trim Cache ***");
-  trimming_ = true;
-  TimeTicks start = TimeTicks::Now();
-
-  const int kListsToSearch = 3;
-  Rankings::ScopedRankingsBlock next[kListsToSearch];
-  int list = Rankings::LAST_ELEMENT;
-
-  // Get a node from each list.
-  for (int i = 0; i < kListsToSearch; i++) {
-    bool done = false;
-    next[i].set_rankings(rankings_);
-    if (done)
-      continue;
-    next[i].reset(rankings_->GetPrev(NULL, static_cast<Rankings::List>(i)));
-    if (!empty && NodeIsOldEnough(next[i].get(), i)) {
-      list = static_cast<Rankings::List>(i);
-      done = true;
-    }
-  }
-
-  // If we are not meeting the time targets lets move on to list length.
-  if (!empty && Rankings::LAST_ELEMENT == list)
-    list = SelectListByLength(next);
-
-  if (empty)
-    list = 0;
-
-  Rankings::ScopedRankingsBlock node(rankings_);
-  int deleted_entries = 0;
-  int target_size = empty ? 0 : max_size_;
-
-  for (; list < kListsToSearch; list++) {
-    while ((header_->num_bytes > target_size || test_mode_) &&
-           next[list].get()) {
-      // The iterator could be invalidated within EvictEntry().
-      if (!next[list]->HasData())
-        break;
-      node.reset(next[list].release());
-      next[list].reset(rankings_->GetPrev(node.get(),
-                                          static_cast<Rankings::List>(list)));
-      if (node->Data()->dirty != backend_->GetCurrentEntryId() || empty) {
-        // This entry is not being used by anybody.
-        // Do NOT use node as an iterator after this point.
-        rankings_->TrackRankingsBlock(node.get(), false);
-        if (EvictEntry(node.get(), empty, static_cast<Rankings::List>(list)))
-          deleted_entries++;
-
-        if (!empty && test_mode_)
-          break;
-      }
-      if (!empty && (deleted_entries > 20 ||
-                     (TimeTicks::Now() - start).InMilliseconds() > 20)) {
-        base::MessageLoop::current()->PostTask(
-            FROM_HERE,
-            base::Bind(&Eviction::TrimCache, ptr_factory_.GetWeakPtr(), false));
-        break;
-      }
-    }
-    if (!empty)
-      list = kListsToSearch;
-  }
-
-  if (empty) {
-    TrimDeleted(true);
-  } else if (ShouldTrimDeleted()) {
-    base::MessageLoop::current()->PostTask(
-        FROM_HERE,
-        base::Bind(&EvictionV3::TrimDeleted, ptr_factory_.GetWeakPtr(), empty));
-  }
-
-  if (empty) {
-    CACHE_UMA(AGE_MS, "TotalClearTimeV2", 0, start);
-  } else {
-    CACHE_UMA(AGE_MS, "TotalTrimTimeV2", 0, start);
-  }
-  CACHE_UMA(COUNTS, "TrimItemsV2", 0, deleted_entries);
-
-  Trace("*** Trim Cache end ***");
-  trimming_ = false;
-  return;
-}
-
-// This is a minimal implementation that just discards the oldest nodes.
-// TODO(rvargas): Do something better here.
-void EvictionV3::TrimDeleted(bool empty) {
-  Trace("*** Trim Deleted ***");
-  if (backend_->disabled_)
-    return;
-
-  TimeTicks start = TimeTicks::Now();
-  Rankings::ScopedRankingsBlock node(rankings_);
-  Rankings::ScopedRankingsBlock next(
-    rankings_, rankings_->GetPrev(node.get(), Rankings::DELETED));
-  int deleted_entries = 0;
-  while (next.get() &&
-         (empty || (deleted_entries < 20 &&
-                    (TimeTicks::Now() - start).InMilliseconds() < 20))) {
-    node.reset(next.release());
-    next.reset(rankings_->GetPrev(node.get(), Rankings::DELETED));
-    if (RemoveDeletedNode(node.get()))
-      deleted_entries++;
-    if (test_mode_)
-      break;
-  }
-
-  if (deleted_entries && !empty && ShouldTrimDeleted()) {
-    base::MessageLoop::current()->PostTask(
-        FROM_HERE,
-        base::Bind(&EvictionV3::TrimDeleted, ptr_factory_.GetWeakPtr(), false));
-  }
-
-  CACHE_UMA(AGE_MS, "TotalTrimDeletedTime", 0, start);
-  CACHE_UMA(COUNTS, "TrimDeletedItems", 0, deleted_entries);
-  Trace("*** Trim Deleted end ***");
-  return;
-}
-
-void EvictionV3::ReportTrimTimes(EntryImplV3* entry) {
-  if (first_trim_) {
-    first_trim_ = false;
-    if (backend_->ShouldReportAgain()) {
-      CACHE_UMA(AGE, "TrimAge", 0, entry->GetLastUsed());
-      ReportListStats();
-    }
-
-    if (header_->lru.filled)
-      return;
-
-    header_->lru.filled = 1;
-
-    if (header_->create_time) {
-      // This is the first entry that we have to evict, generate some noise.
-      backend_->FirstEviction();
-    } else {
-      // This is an old file, but we may want more reports from this user so
-      // lets save some create_time.
-      Time::Exploded old = {0};
-      old.year = 2009;
-      old.month = 3;
-      old.day_of_month = 1;
-      header_->create_time = Time::FromLocalExploded(old).ToInternalValue();
-    }
-  }
-}
-
-bool EvictionV3::NodeIsOldEnough(CacheRankingsBlock* node, int list) {
-  if (!node)
-    return false;
-
-  // If possible, we want to keep entries on each list at least kTargetTime
-  // hours. Each successive list on the enumeration has 2x the target time of
-  // the previous list.
-  Time used = Time::FromInternalValue(node->Data()->last_used);
-  int multiplier = 1 << list;
-  return (Time::Now() - used).InHours() > kTargetTime * multiplier;
-}
-
-int EvictionV3::SelectListByLength(Rankings::ScopedRankingsBlock* next) {
-  int data_entries = header_->num_entries -
-                     header_->lru.sizes[Rankings::DELETED];
-  // Start by having each list to be roughly the same size.
-  if (header_->lru.sizes[0] > data_entries / 3)
-    return 0;
-
-  int list = (header_->lru.sizes[1] > data_entries / 3) ? 1 : 2;
-
-  // Make sure that frequently used items are kept for a minimum time; we know
-  // that this entry is not older than its current target, but it must be at
-  // least older than the target for list 0 (kTargetTime), as long as we don't
-  // exhaust list 0.
-  if (!NodeIsOldEnough(next[list].get(), 0) &&
-      header_->lru.sizes[0] > data_entries / 10)
-    list = 0;
-
-  return list;
-}
-
-void EvictionV3::ReportListStats() {
-  if (!new_eviction_)
-    return;
-
-  Rankings::ScopedRankingsBlock last1(rankings_,
-      rankings_->GetPrev(NULL, Rankings::NO_USE));
-  Rankings::ScopedRankingsBlock last2(rankings_,
-      rankings_->GetPrev(NULL, Rankings::LOW_USE));
-  Rankings::ScopedRankingsBlock last3(rankings_,
-      rankings_->GetPrev(NULL, Rankings::HIGH_USE));
-  Rankings::ScopedRankingsBlock last4(rankings_,
-      rankings_->GetPrev(NULL, Rankings::DELETED));
-
-  if (last1.get())
-    CACHE_UMA(AGE, "NoUseAge", 0,
-              Time::FromInternalValue(last1.get()->Data()->last_used));
-  if (last2.get())
-    CACHE_UMA(AGE, "LowUseAge", 0,
-              Time::FromInternalValue(last2.get()->Data()->last_used));
-  if (last3.get())
-    CACHE_UMA(AGE, "HighUseAge", 0,
-              Time::FromInternalValue(last3.get()->Data()->last_used));
-  if (last4.get())
-    CACHE_UMA(AGE, "DeletedAge", 0,
-              Time::FromInternalValue(last4.get()->Data()->last_used));
-}
-#endif  // defined(V3_NOT_JUST_YET_READY).
-
-}  // namespace disk_cache
diff --git a/chromium/net/disk_cache/blockfile/eviction_v3.h b/chromium/net/disk_cache/blockfile/eviction_v3.h
deleted file mode 100644
index a9b48f41839..00000000000
--- a/chromium/net/disk_cache/blockfile/eviction_v3.h
+++ /dev/null
@@ -1,78 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef NET_DISK_CACHE_BLOCKFILE_EVICTION_V3_H_
-#define NET_DISK_CACHE_BLOCKFILE_EVICTION_V3_H_
-
-#include "base/macros.h"
-#include "base/memory/weak_ptr.h"
-#include "net/disk_cache/blockfile/disk_format_v3.h"
-#include "net/disk_cache/blockfile/index_table_v3.h"
-
-namespace disk_cache {
-
-class BackendImplV3;
-class CacheRankingsBlock;
-class EntryImplV3;
-
-namespace Rankings {
-typedef int List;
-}
-
-// This class implements the eviction algorithm for the cache and it is tightly
-// integrated with BackendImpl.
-class EvictionV3 {
- public:
-  EvictionV3();
-  ~EvictionV3();
-
-  void Init(BackendImplV3* backend);
-  void Stop();
-
-  // Deletes entries from the cache until the current size is below the limit.
-  // If empty is true, the whole cache will be trimmed, regardless of being in
-  // use.
-  void TrimCache(bool empty);
-
-  // Notifications of interesting events for a given entry.
-  void OnOpenEntry(EntryImplV3* entry);
-  void OnCreateEntry(EntryImplV3* entry);
-
-  // Testing interface.
-  void SetTestMode();
-  void TrimDeletedList(bool empty);
-
- private:
-  void PostDelayedTrim();
-  void DelayedTrim();
-  bool ShouldTrim();
-  bool ShouldTrimDeleted();
-  bool EvictEntry(CacheRankingsBlock* node, bool empty, Rankings::List list);
-
-  void TrimCacheV2(bool empty);
-  void TrimDeleted(bool empty);
-
-  bool NodeIsOldEnough(CacheRankingsBlock* node, int list);
-  int SelectListByLength();
-  void ReportListStats();
-
-  BackendImplV3* backend_;
-  IndexTable* index_;
-  IndexHeaderV3* header_;
-  int max_size_;
-  int trim_delays_;
-  bool lru_;
-  bool first_trim_;
-  bool trimming_;
-  bool delay_trim_;
-  bool init_;
-  bool test_mode_;
-  base::WeakPtrFactory<EvictionV3> ptr_factory_;
-
-  DISALLOW_COPY_AND_ASSIGN(EvictionV3);
-};
-
-}  // namespace disk_cache
-
-#endif  // NET_DISK_CACHE_BLOCKFILE_EVICTION_V3_H_
diff --git a/chromium/net/disk_cache/blockfile/file_win.cc b/chromium/net/disk_cache/blockfile/file_win.cc
index 1c5a9668763..f38595d3bf1 100644
--- a/chromium/net/disk_cache/blockfile/file_win.cc
+++ b/chromium/net/disk_cache/blockfile/file_win.cc
@@ -62,8 +62,6 @@ void CompletionHandler::OnIOCompleted(
 
 MyOverlapped::MyOverlapped(disk_cache::File* file, size_t offset,
                            disk_cache::FileIOCallback* callback) {
-  memset(this, 0, sizeof(*this));
-  context_.handler = g_completion_handler.Pointer();
   context_.overlapped.Offset = static_cast<DWORD>(offset);
   file_ = file;
   callback_ = callback;
diff --git a/chromium/net/disk_cache/blockfile/histogram_macros_v3.h b/chromium/net/disk_cache/blockfile/histogram_macros_v3.h
deleted file mode 100644
index 52b75d2118d..00000000000
--- a/chromium/net/disk_cache/blockfile/histogram_macros_v3.h
+++ /dev/null
@@ -1,111 +0,0 @@
-// Copyright 2014 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-// This file contains macros to simplify histogram reporting from the disk
-// cache. The main issue is that we want to have separate histograms for each
-// type of cache (regular vs. media, etc), without adding the complexity of
-// keeping track of a potentially large number of histogram objects that have to
-// survive the backend object that created them.
-
-#ifndef NET_DISK_CACHE_BLOCKFILE_HISTOGRAM_MACROS_V3_H_
-#define NET_DISK_CACHE_BLOCKFILE_HISTOGRAM_MACROS_V3_H_
-
-#include "base/metrics/histogram.h"
-
-// -----------------------------------------------------------------------------
-
-// These histograms follow the definition of UMA_HISTOGRAMN_XXX except that
-// whenever the name changes (the experiment group changes), the histrogram
-// object is re-created.
-
-#define CACHE_HISTOGRAM_CUSTOM_COUNTS(name, sample, min, max, bucket_count) \
-    do { \
-      base::HistogramBase* counter(NULL); \
-      if (!counter || name != counter->histogram_name()) \
-        counter = base::Histogram::FactoryGet( \
-            name, min, max, bucket_count, \
-            base::Histogram::kUmaTargetedHistogramFlag); \
-      counter->Add(sample); \
-    } while (0)
-
-#define CACHE_HISTOGRAM_COUNTS(name, sample) CACHE_HISTOGRAM_CUSTOM_COUNTS( \
-    name, sample, 1, 1000000, 50)
-
-#define CACHE_HISTOGRAM_COUNTS_10000(name, sample) \
-    CACHE_HISTOGRAM_CUSTOM_COUNTS(name, sample, 1, 10000, 50)
-
-#define CACHE_HISTOGRAM_COUNTS_50000(name, sample) \
-    CACHE_HISTOGRAM_CUSTOM_COUNTS(name, sample, 1, 50000000, 50)
-
-#define CACHE_HISTOGRAM_CUSTOM_TIMES(name, sample, min, max, bucket_count) \
-    do { \
-      base::HistogramBase* counter(NULL); \
-      if (!counter || name != counter->histogram_name()) \
-        counter = base::Histogram::FactoryTimeGet( \
-            name, min, max, bucket_count, \
-            base::Histogram::kUmaTargetedHistogramFlag); \
-      counter->AddTime(sample); \
-    } while (0)
-
-#define CACHE_HISTOGRAM_TIMES(name, sample) CACHE_HISTOGRAM_CUSTOM_TIMES( \
-    name, sample, base::TimeDelta::FromMilliseconds(1), \
-    base::TimeDelta::FromSeconds(10), 50)
-
-#define CACHE_HISTOGRAM_ENUMERATION(name, sample, boundary_value) do { \
-    base::HistogramBase* counter(NULL); \
-    if (!counter || name != counter->histogram_name()) \
-      counter = base::LinearHistogram::FactoryGet( \
-                    name, 1, boundary_value, boundary_value + 1, \
-                    base::Histogram::kUmaTargetedHistogramFlag); \
-    counter->Add(sample); \
-  } while (0)
-
-#define CACHE_HISTOGRAM_PERCENTAGE(name, under_one_hundred) \
-    CACHE_HISTOGRAM_ENUMERATION(name, under_one_hundred, 101)
-
-// -----------------------------------------------------------------------------
-
-// HISTOGRAM_HOURS will collect time related data with a granularity of hours
-// and normal values of a few months.
-#define CACHE_HISTOGRAM_HOURS CACHE_HISTOGRAM_COUNTS_10000
-
-// HISTOGRAM_AGE will collect time elapsed since |initial_time|, with a
-// granularity of hours and normal values of a few months.
-#define CACHE_HISTOGRAM_AGE(name, initial_time) \
-    CACHE_HISTOGRAM_COUNTS_10000(name, \
-                                 (base::Time::Now() - initial_time).InHours())
-
-// HISTOGRAM_AGE_MS will collect time elapsed since |initial_time|, with the
-// normal resolution of the UMA_HISTOGRAM_TIMES.
-#define CACHE_HISTOGRAM_AGE_MS(name, initial_time)\
-    CACHE_HISTOGRAM_TIMES(name, base::TimeTicks::Now() - initial_time)
-
-#define CACHE_HISTOGRAM_CACHE_ERROR(name, sample) \
-    CACHE_HISTOGRAM_ENUMERATION(name, sample, 50)
-
-// Generates a UMA histogram of the given type, generating the proper name for
-// it (asking backend_->HistogramName), and adding the provided sample.
-// For example, to generate a regualar UMA_HISTOGRAM_COUNTS, this macro would
-// be used as:
-//  CACHE_UMA(COUNTS, "MyName", 20);
-// which may translate to:
-//  UMA_HISTOGRAM_COUNTS("DiskCache3.MyName_AppCache", 20);
-//
-#define CACHE_UMA(type, name, sample) {\
-    const std::string my_name =\
-        CACHE_UMA_BACKEND_IMPL_OBJ->HistogramName(name);\
-    switch (CACHE_UMA_BACKEND_IMPL_OBJ->cache_type()) {\
-      case net::DISK_CACHE:\
-      case net::MEDIA_CACHE:\
-      case net::APP_CACHE:\
-      case net::SHADER_CACHE:\
-      case net::PNACL_CACHE:\
-        CACHE_HISTOGRAM_##type(my_name.data(), sample);\
-        break;\
-      default:\
-        break;\
-    }\
-  }
-
-#endif  // NET_DISK_CACHE_BLOCKFILE_HISTOGRAM_MACROS_V3_H_
diff --git a/chromium/net/disk_cache/blockfile/in_flight_backend_io.cc b/chromium/net/disk_cache/blockfile/in_flight_backend_io.cc
index 307f7d2a8d0..7cd3a0537a3 100644
--- a/chromium/net/disk_cache/blockfile/in_flight_backend_io.cc
+++ b/chromium/net/disk_cache/blockfile/in_flight_backend_io.cc
@@ -128,7 +128,7 @@ void BackendIO::OpenNextEntry(Rankings::Iterator* iterator,
   entry_ptr_ = next_entry;
 }
 
-void BackendIO::EndEnumeration(scoped_ptr<Rankings::Iterator> iterator) {
+void BackendIO::EndEnumeration(std::unique_ptr<Rankings::Iterator> iterator) {
   operation_ = OP_END_ENUMERATION;
   scoped_iterator_ = std::move(iterator);
 }
@@ -413,7 +413,7 @@ void InFlightBackendIO::OpenNextEntry(Rankings::Iterator* iterator,
 }
 
 void InFlightBackendIO::EndEnumeration(
-    scoped_ptr<Rankings::Iterator> iterator) {
+    std::unique_ptr<Rankings::Iterator> iterator) {
   scoped_refptr<BackendIO> operation(
       new BackendIO(this, backend_, net::CompletionCallback()));
   operation->EndEnumeration(std::move(iterator));
diff --git a/chromium/net/disk_cache/blockfile/in_flight_backend_io.h b/chromium/net/disk_cache/blockfile/in_flight_backend_io.h
index 5ac0bf44235..e1456ceadfc 100644
--- a/chromium/net/disk_cache/blockfile/in_flight_backend_io.h
+++ b/chromium/net/disk_cache/blockfile/in_flight_backend_io.h
@@ -61,7 +61,7 @@ class BackendIO : public BackgroundIO {
   void DoomEntriesSince(const base::Time initial_time);
   void CalculateSizeOfAllEntries();
   void OpenNextEntry(Rankings::Iterator* iterator, Entry** next_entry);
-  void EndEnumeration(scoped_ptr<Rankings::Iterator> iterator);
+  void EndEnumeration(std::unique_ptr<Rankings::Iterator> iterator);
   void OnExternalCacheHit(const std::string& key);
   void CloseEntryImpl(EntryImpl* entry);
   void DoomEntryImpl(EntryImpl* entry);
@@ -140,7 +140,7 @@ class BackendIO : public BackgroundIO {
   base::Time initial_time_;
   base::Time end_time_;
   Rankings::Iterator* iterator_;
-  scoped_ptr<Rankings::Iterator> scoped_iterator_;
+  std::unique_ptr<Rankings::Iterator> scoped_iterator_;
   EntryImpl* entry_;
   int index_;
   int offset_;
@@ -180,7 +180,7 @@ class InFlightBackendIO : public InFlightIO {
   void CalculateSizeOfAllEntries(const net::CompletionCallback& callback);
   void OpenNextEntry(Rankings::Iterator* iterator, Entry** next_entry,
                      const net::CompletionCallback& callback);
-  void EndEnumeration(scoped_ptr<Rankings::Iterator> iterator);
+  void EndEnumeration(std::unique_ptr<Rankings::Iterator> iterator);
   void OnExternalCacheHit(const std::string& key);
   void CloseEntryImpl(EntryImpl* entry);
   void DoomEntryImpl(EntryImpl* entry);
diff --git a/chromium/net/disk_cache/blockfile/in_flight_io.cc b/chromium/net/disk_cache/blockfile/in_flight_io.cc
index f04b8ddae58..0334e80fefd 100644
--- a/chromium/net/disk_cache/blockfile/in_flight_io.cc
+++ b/chromium/net/disk_cache/blockfile/in_flight_io.cc
@@ -10,8 +10,8 @@
 #include "base/profiler/scoped_tracker.h"
 #include "base/single_thread_task_runner.h"
 #include "base/task_runner.h"
-#include "base/thread_task_runner_handle.h"
 #include "base/threading/thread_restrictions.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/trace_event/trace_event.h"
 
 namespace disk_cache {
diff --git a/chromium/net/disk_cache/blockfile/index_table_v3.cc b/chromium/net/disk_cache/blockfile/index_table_v3.cc
deleted file mode 100644
index 9dca3de0596..00000000000
--- a/chromium/net/disk_cache/blockfile/index_table_v3.cc
+++ /dev/null
@@ -1,1152 +0,0 @@
-// Copyright 2014 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "net/disk_cache/blockfile/index_table_v3.h"
-
-#include <algorithm>
-#include <limits>
-#include <set>
-#include <utility>
-
-#include "base/bit_cast.h"
-#include "base/bits.h"
-#include "net/base/io_buffer.h"
-#include "net/base/net_errors.h"
-#include "net/disk_cache/disk_cache.h"
-
-using base::Time;
-using base::TimeDelta;
-using disk_cache::CellInfo;
-using disk_cache::CellList;
-using disk_cache::IndexCell;
-using disk_cache::IndexIterator;
-
-namespace {
-
-// The following constants describe the bitfields of an IndexCell so they are
-// implicitly synchronized with the descrption of IndexCell on file_format_v3.h.
-const uint64_t kCellLocationMask = (1 << 22) - 1;
-const uint64_t kCellIdMask = (1 << 18) - 1;
-const uint64_t kCellTimestampMask = (1 << 20) - 1;
-const uint64_t kCellReuseMask = (1 << 4) - 1;
-const uint8_t kCellStateMask = (1 << 3) - 1;
-const uint8_t kCellGroupMask = (1 << 3) - 1;
-const uint8_t kCellSumMask = (1 << 2) - 1;
-
-const uint64_t kCellSmallTableLocationMask = (1 << 16) - 1;
-const uint64_t kCellSmallTableIdMask = (1 << 24) - 1;
-
-const int kCellIdOffset = 22;
-const int kCellTimestampOffset = 40;
-const int kCellReuseOffset = 60;
-const int kCellGroupOffset = 3;
-const int kCellSumOffset = 6;
-
-const int kCellSmallTableIdOffset = 16;
-
-// The number of bits that a hash has to be shifted to grab the part that
-// defines the cell id.
-const int kHashShift = 14;
-const int kSmallTableHashShift = 8;
-
-// Unfortunately we have to break the abstaction a little here: the file number
-// where entries are stored is outside of the control of this code, and it is
-// usually part of the stored address. However, for small tables we only store
-// 16 bits of the address so the file number is never stored on a cell. We have
-// to infere the file number from the type of entry (normal vs evicted), and
-// the knowledge that given that the table will not keep more than 64k entries,
-// a single file of each type is enough.
-const int kEntriesFile = disk_cache::BLOCK_ENTRIES - 1;
-const int kEvictedEntriesFile = disk_cache::BLOCK_EVICTED - 1;
-const int kMaxLocation = 1 << 22;
-const int kMinFileNumber = 1 << 16;
-
-uint32_t GetCellLocation(const IndexCell& cell) {
-  return cell.first_part & kCellLocationMask;
-}
-
-uint32_t GetCellSmallTableLocation(const IndexCell& cell) {
-  return cell.first_part & kCellSmallTableLocationMask;
-}
-
-uint32_t GetCellId(const IndexCell& cell) {
-  return (cell.first_part >> kCellIdOffset) & kCellIdMask;
-}
-
-uint32_t GetCellSmallTableId(const IndexCell& cell) {
-  return (cell.first_part >> kCellSmallTableIdOffset) &
-         kCellSmallTableIdMask;
-}
-
-int GetCellTimestamp(const IndexCell& cell) {
-  return (cell.first_part >> kCellTimestampOffset) & kCellTimestampMask;
-}
-
-int GetCellReuse(const IndexCell& cell) {
-  return (cell.first_part >> kCellReuseOffset) & kCellReuseMask;
-}
-
-int GetCellState(const IndexCell& cell) {
-  return cell.last_part & kCellStateMask;
-}
-
-int GetCellGroup(const IndexCell& cell) {
-  return (cell.last_part >> kCellGroupOffset) & kCellGroupMask;
-}
-
-int GetCellSum(const IndexCell& cell) {
-  return (cell.last_part >> kCellSumOffset) & kCellSumMask;
-}
-
-void SetCellLocation(IndexCell* cell, uint32_t address) {
-  DCHECK_LE(address, static_cast<uint32_t>(kCellLocationMask));
-  cell->first_part &= ~kCellLocationMask;
-  cell->first_part |= address;
-}
-
-void SetCellSmallTableLocation(IndexCell* cell, uint32_t address) {
-  DCHECK_LE(address, static_cast<uint32_t>(kCellSmallTableLocationMask));
-  cell->first_part &= ~kCellSmallTableLocationMask;
-  cell->first_part |= address;
-}
-
-void SetCellId(IndexCell* cell, uint32_t hash) {
-  DCHECK_LE(hash, static_cast<uint32_t>(kCellIdMask));
-  cell->first_part &= ~(kCellIdMask << kCellIdOffset);
-  cell->first_part |= static_cast<int64_t>(hash) << kCellIdOffset;
-}
-
-void SetCellSmallTableId(IndexCell* cell, uint32_t hash) {
-  DCHECK_LE(hash, static_cast<uint32_t>(kCellSmallTableIdMask));
-  cell->first_part &= ~(kCellSmallTableIdMask << kCellSmallTableIdOffset);
-  cell->first_part |= static_cast<int64_t>(hash) << kCellSmallTableIdOffset;
-}
-
-void SetCellTimestamp(IndexCell* cell, int timestamp) {
-  DCHECK_LT(timestamp, 1 << 20);
-  DCHECK_GE(timestamp, 0);
-  cell->first_part &= ~(kCellTimestampMask << kCellTimestampOffset);
-  cell->first_part |= static_cast<int64_t>(timestamp) << kCellTimestampOffset;
-}
-
-void SetCellReuse(IndexCell* cell, int count) {
-  DCHECK_LT(count, 16);
-  DCHECK_GE(count, 0);
-  cell->first_part &= ~(kCellReuseMask << kCellReuseOffset);
-  cell->first_part |= static_cast<int64_t>(count) << kCellReuseOffset;
-}
-
-void SetCellState(IndexCell* cell, disk_cache::EntryState state) {
-  cell->last_part &= ~kCellStateMask;
-  cell->last_part |= state;
-}
-
-void SetCellGroup(IndexCell* cell, disk_cache::EntryGroup group) {
-  cell->last_part &= ~(kCellGroupMask << kCellGroupOffset);
-  cell->last_part |= group << kCellGroupOffset;
-}
-
-void SetCellSum(IndexCell* cell, int sum) {
-  DCHECK_LT(sum, 4);
-  DCHECK_GE(sum, 0);
-  cell->last_part &= ~(kCellSumMask << kCellSumOffset);
-  cell->last_part |= sum << kCellSumOffset;
-}
-
-// This is a very particular way to calculate the sum, so it will not match if
-// compared a gainst a pure 2 bit, modulo 2 sum.
-int CalculateCellSum(const IndexCell& cell) {
-  uint32_t* words = bit_cast<uint32_t*>(&cell);
-  uint8_t* bytes = bit_cast<uint8_t*>(&cell);
-  uint32_t result = words[0] + words[1];
-  result += result >> 16;
-  result += (result >> 8) + (bytes[8] & 0x3f);
-  result += result >> 4;
-  result += result >> 2;
-  return result & 3;
-}
-
-bool SanityCheck(const IndexCell& cell) {
-  if (GetCellSum(cell) != CalculateCellSum(cell))
-    return false;
-
-  if (GetCellState(cell) > disk_cache::ENTRY_USED ||
-      GetCellGroup(cell) == disk_cache::ENTRY_RESERVED ||
-      GetCellGroup(cell) > disk_cache::ENTRY_EVICTED) {
-    return false;
-  }
-
-  return true;
-}
-
-int FileNumberFromLocation(int location) {
-  return location / kMinFileNumber;
-}
-
-int StartBlockFromLocation(int location) {
-  return location % kMinFileNumber;
-}
-
-bool IsValidAddress(disk_cache::Addr address) {
-  if (!address.is_initialized() ||
-      (address.file_type() != disk_cache::BLOCK_EVICTED &&
-       address.file_type() != disk_cache::BLOCK_ENTRIES)) {
-    return false;
-  }
-
-  return address.FileNumber() < FileNumberFromLocation(kMaxLocation);
-}
-
-bool IsNormalState(const IndexCell& cell) {
-  disk_cache::EntryState state =
-      static_cast<disk_cache::EntryState>(GetCellState(cell));
-  DCHECK_NE(state, disk_cache::ENTRY_FREE);
-  return state != disk_cache::ENTRY_DELETED &&
-         state != disk_cache::ENTRY_FIXING;
-}
-
-inline int GetNextBucket(int min_bucket_num, int max_bucket_num,
-                         disk_cache::IndexBucket* table,
-                         disk_cache::IndexBucket** bucket) {
-  if (!(*bucket)->next)
-    return 0;
-
-  int bucket_num = (*bucket)->next / disk_cache::kCellsPerBucket;
-  if (bucket_num < min_bucket_num || bucket_num > max_bucket_num) {
-    // The next bucket must fall within the extra table. Note that this is not
-    // an uncommon path as growing the table may not cleanup the link from the
-    // main table to the extra table, and that cleanup is performed here when
-    // accessing that bucket for the first time. This behavior has to change if
-    // the tables are ever shrinked.
-    (*bucket)->next = 0;
-    return 0;
-  }
-  *bucket = &table[bucket_num - min_bucket_num];
-  return bucket_num;
-}
-
-// Updates the |iterator| with the current |cell|. This cell may cause all
-// previous cells to be deleted (when a new target timestamp is found), the cell
-// may be added to the list (if it matches the target timestamp), or may it be
-// ignored.
-void UpdateIterator(const disk_cache::EntryCell& cell,
-                    int limit_time,
-                    IndexIterator* iterator) {
-  int time = cell.GetTimestamp();
-  // Look for not interesting times.
-  if (iterator->forward && time <= limit_time)
-    return;
-  if (!iterator->forward && time >= limit_time)
-    return;
-
-  if ((iterator->forward && time < iterator->timestamp) ||
-      (!iterator->forward && time > iterator->timestamp)) {
-    // This timestamp is better than the one we had.
-    iterator->timestamp = time;
-    iterator->cells.clear();
-  }
-  if (time == iterator->timestamp) {
-    CellInfo cell_info = { cell.hash(), cell.GetAddress() };
-    iterator->cells.push_back(cell_info);
-  }
-}
-
-void InitIterator(IndexIterator* iterator) {
-  iterator->cells.clear();
-  iterator->timestamp =
-      iterator->forward ? std::numeric_limits<int32_t>::max() : 0;
-}
-
-}  // namespace
-
-namespace disk_cache {
-
-EntryCell::~EntryCell() {
-}
-
-bool EntryCell::IsValid() const {
-  return GetCellLocation(cell_) != 0;
-}
-
-// This code has to map the cell address (up to 22 bits) to a general cache Addr
-// (up to 24 bits of general addressing). It also set the implied file_number
-// in the case of small tables. See also the comment by the definition of
-// kEntriesFile.
-Addr EntryCell::GetAddress() const {
-  uint32_t location = GetLocation();
-  int file_number = FileNumberFromLocation(location);
-  if (small_table_) {
-    DCHECK_EQ(0, file_number);
-    file_number = (GetGroup() == ENTRY_EVICTED) ? kEvictedEntriesFile :
-                                                  kEntriesFile;
-  }
-  DCHECK_NE(0, file_number);
-  FileType file_type = (GetGroup() == ENTRY_EVICTED) ? BLOCK_EVICTED :
-                                                       BLOCK_ENTRIES;
-  return Addr(file_type, 1, file_number, StartBlockFromLocation(location));
-}
-
-EntryState EntryCell::GetState() const {
-  return static_cast<EntryState>(GetCellState(cell_));
-}
-
-EntryGroup EntryCell::GetGroup() const {
-  return static_cast<EntryGroup>(GetCellGroup(cell_));
-}
-
-int EntryCell::GetReuse() const {
-  return GetCellReuse(cell_);
-}
-
-int EntryCell::GetTimestamp() const {
-  return GetCellTimestamp(cell_);
-}
-
-void EntryCell::SetState(EntryState state) {
-  SetCellState(&cell_, state);
-}
-
-void EntryCell::SetGroup(EntryGroup group) {
-  SetCellGroup(&cell_, group);
-}
-
-void EntryCell::SetReuse(int count) {
-  SetCellReuse(&cell_, count);
-}
-
-void EntryCell::SetTimestamp(int timestamp) {
-  SetCellTimestamp(&cell_, timestamp);
-}
-
-// Static.
-EntryCell EntryCell::GetEntryCellForTest(int32_t cell_num,
-                                         uint32_t hash,
-                                         Addr address,
-                                         IndexCell* cell,
-                                         bool small_table) {
-  if (cell) {
-    EntryCell entry_cell(cell_num, hash, *cell, small_table);
-    return entry_cell;
-  }
-
-  return EntryCell(cell_num, hash, address, small_table);
-}
-
-void EntryCell::SerializaForTest(IndexCell* destination) {
-  FixSum();
-  Serialize(destination);
-}
-
-EntryCell::EntryCell() : cell_num_(0), hash_(0), small_table_(false) {
-  cell_.Clear();
-}
-
-EntryCell::EntryCell(int32_t cell_num,
-                     uint32_t hash,
-                     Addr address,
-                     bool small_table)
-    : cell_num_(cell_num), hash_(hash), small_table_(small_table) {
-  DCHECK(IsValidAddress(address) || !address.value());
-
-  cell_.Clear();
-  SetCellState(&cell_, ENTRY_NEW);
-  SetCellGroup(&cell_, ENTRY_NO_USE);
-  if (small_table) {
-    DCHECK(address.FileNumber() == kEntriesFile ||
-           address.FileNumber() == kEvictedEntriesFile);
-    SetCellSmallTableLocation(&cell_, address.start_block());
-    SetCellSmallTableId(&cell_, hash >> kSmallTableHashShift);
-  } else {
-    uint32_t location = address.FileNumber() << 16 | address.start_block();
-    SetCellLocation(&cell_, location);
-    SetCellId(&cell_, hash >> kHashShift);
-  }
-}
-
-EntryCell::EntryCell(int32_t cell_num,
-                     uint32_t hash,
-                     const IndexCell& cell,
-                     bool small_table)
-    : cell_num_(cell_num),
-      hash_(hash),
-      cell_(cell),
-      small_table_(small_table) {}
-
-void EntryCell::FixSum() {
-  SetCellSum(&cell_, CalculateCellSum(cell_));
-}
-
-uint32_t EntryCell::GetLocation() const {
-  if (small_table_)
-    return GetCellSmallTableLocation(cell_);
-
-  return GetCellLocation(cell_);
-}
-
-uint32_t EntryCell::RecomputeHash() {
-  if (small_table_) {
-    hash_ &= (1 << kSmallTableHashShift) - 1;
-    hash_ |= GetCellSmallTableId(cell_) << kSmallTableHashShift;
-    return hash_;
-  }
-
-  hash_ &= (1 << kHashShift) - 1;
-  hash_ |= GetCellId(cell_) << kHashShift;
-  return hash_;
-}
-
-void EntryCell::Serialize(IndexCell* destination) const {
-  *destination = cell_;
-}
-
-EntrySet::EntrySet() : evicted_count(0), current(0) {
-}
-
-EntrySet::EntrySet(const EntrySet& other) = default;
-
-EntrySet::~EntrySet() {
-}
-
-IndexIterator::IndexIterator() {
-}
-
-IndexIterator::~IndexIterator() {
-}
-
-IndexTableInitData::IndexTableInitData() {
-}
-
-IndexTableInitData::~IndexTableInitData() {
-}
-
-// -----------------------------------------------------------------------
-
-IndexTable::IndexTable(IndexTableBackend* backend)
-    : backend_(backend),
-      header_(NULL),
-      main_table_(NULL),
-      extra_table_(NULL),
-      modified_(false),
-      small_table_(false) {
-}
-
-IndexTable::~IndexTable() {
-}
-
-// For a general description of the index tables see:
-// http://www.chromium.org/developers/design-documents/network-stack/disk-cache/disk-cache-v3#TOC-Index
-//
-// The index is split between two tables: the main_table_ and the extra_table_.
-// The main table can grow only by doubling its number of cells, while the
-// extra table can grow slowly, because it only contain cells that overflow
-// from the main table. In order to locate a given cell, part of the hash is
-// used directly as an index into the main table; once that bucket is located,
-// all cells with that partial hash (i.e., belonging to that bucket) are
-// inspected, and if present, the next bucket (located on the extra table) is
-// then located. For more information on bucket chaining see:
-// http://www.chromium.org/developers/design-documents/network-stack/disk-cache/disk-cache-v3#TOC-Buckets
-//
-// There are two cases when increasing the size:
-//  - Doubling the size of the main table
-//  - Adding more entries to the extra table
-//
-// For example, consider a 64k main table with 8k cells on the extra table (for
-// a total of 72k cells). Init can be called to add another 8k cells at the end
-// (grow to 80k cells). When the size of the extra table approaches 64k, Init
-// can be called to double the main table (to 128k) and go back to a small extra
-// table.
-void IndexTable::Init(IndexTableInitData* params) {
-  bool growing = header_ != NULL;
-  scoped_ptr<IndexBucket[]> old_extra_table;
-  header_ = &params->index_bitmap->header;
-
-  if (params->main_table) {
-    if (main_table_) {
-      // This is doubling the size of main table.
-      DCHECK_EQ(base::bits::Log2Floor(header_->table_len),
-                base::bits::Log2Floor(backup_header_->table_len) + 1);
-      int extra_size = (header()->max_bucket - mask_) * kCellsPerBucket;
-      DCHECK_GE(extra_size, 0);
-
-      // Doubling the size implies deleting the extra table and moving as many
-      // cells as we can to the main table, so we first copy the old one. This
-      // is not required when just growing the extra table because we don't
-      // move any cell in that case.
-      old_extra_table.reset(new IndexBucket[extra_size]);
-      memcpy(old_extra_table.get(), extra_table_,
-             extra_size * sizeof(IndexBucket));
-      memset(params->extra_table, 0, extra_size * sizeof(IndexBucket));
-    }
-    main_table_ = params->main_table;
-  }
-  DCHECK(main_table_);
-  extra_table_ = params->extra_table;
-
-  // extra_bits_ is really measured against table-size specific values.
-  const int kMaxAbsoluteExtraBits = 12;  // From smallest to largest table.
-  const int kMaxExtraBitsSmallTable = 6;  // From smallest to 64K table.
-
-  extra_bits_ = base::bits::Log2Floor(header_->table_len) -
-                base::bits::Log2Floor(kBaseTableLen);
-  DCHECK_GE(extra_bits_, 0);
-  DCHECK_LT(extra_bits_, kMaxAbsoluteExtraBits);
-
-  // Note that following the previous code the constants could be derived as
-  // kMaxAbsoluteExtraBits = base::bits::Log2Floor(max table len) -
-  //                         base::bits::Log2Floor(kBaseTableLen);
-  //                       = 22 - base::bits::Log2Floor(1024) = 22 - 10;
-  // kMaxExtraBitsSmallTable = base::bits::Log2Floor(max 16 bit table) - 10.
-
-  mask_ = ((kBaseTableLen / kCellsPerBucket) << extra_bits_) - 1;
-  small_table_ = extra_bits_ < kMaxExtraBitsSmallTable;
-  if (!small_table_)
-    extra_bits_ -= kMaxExtraBitsSmallTable;
-
-  // table_len keeps the max number of cells stored by the index. We need a
-  // bitmap with 1 bit per cell, and that bitmap has num_words 32-bit words.
-  int num_words = (header_->table_len + 31) / 32;
-
-  if (old_extra_table) {
-    // All the cells from the extra table are moving to the new tables so before
-    // creating the bitmaps, clear the part of the bitmap referring to the extra
-    // table.
-    int old_main_table_bit_words = ((mask_ >> 1) + 1) * kCellsPerBucket / 32;
-    DCHECK_GT(num_words, old_main_table_bit_words);
-    memset(params->index_bitmap->bitmap + old_main_table_bit_words, 0,
-           (num_words - old_main_table_bit_words) * sizeof(int32_t));
-
-    DCHECK(growing);
-    int old_num_words = (backup_header_.get()->table_len + 31) / 32;
-    DCHECK_GT(old_num_words, old_main_table_bit_words);
-    memset(backup_bitmap_storage_.get() + old_main_table_bit_words, 0,
-           (old_num_words - old_main_table_bit_words) * sizeof(int32_t));
-  }
-  bitmap_.reset(new Bitmap(params->index_bitmap->bitmap, header_->table_len,
-                           num_words));
-
-  if (growing) {
-    int old_num_words = (backup_header_.get()->table_len + 31) / 32;
-    DCHECK_GE(num_words, old_num_words);
-    scoped_ptr<uint32_t[]> storage(new uint32_t[num_words]);
-    memcpy(storage.get(), backup_bitmap_storage_.get(),
-           old_num_words * sizeof(int32_t));
-    memset(storage.get() + old_num_words, 0,
-           (num_words - old_num_words) * sizeof(int32_t));
-
-    backup_bitmap_storage_.swap(storage);
-    backup_header_->table_len = header_->table_len;
-  } else {
-    backup_bitmap_storage_.reset(params->backup_bitmap.release());
-    backup_header_.reset(params->backup_header.release());
-  }
-
-  num_words = (backup_header_->table_len + 31) / 32;
-  backup_bitmap_.reset(new Bitmap(backup_bitmap_storage_.get(),
-                                  backup_header_->table_len, num_words));
-  if (old_extra_table)
-    MoveCells(old_extra_table.get());
-
-  if (small_table_)
-    DCHECK(header_->flags & SMALL_CACHE);
-
-  // All tables and backups are needed for operation.
-  DCHECK(main_table_);
-  DCHECK(extra_table_);
-  DCHECK(bitmap_.get());
-}
-
-void IndexTable::Shutdown() {
-  header_ = NULL;
-  main_table_ = NULL;
-  extra_table_ = NULL;
-  bitmap_.reset();
-  backup_bitmap_.reset();
-  backup_header_.reset();
-  backup_bitmap_storage_.reset();
-  modified_ = false;
-}
-
-// The general method for locating cells is to:
-// 1. Get the first bucket. This usually means directly indexing the table (as
-//     this method does), or iterating through all possible buckets.
-// 2. Iterate through all the cells in that first bucket.
-// 3. If there is a linked bucket, locate it directly in the extra table.
-// 4. Go back to 2, as needed.
-//
-// One consequence of this pattern is that we never start looking at buckets in
-// the extra table, unless we are following a link from the main table.
-EntrySet IndexTable::LookupEntries(uint32_t hash) {
-  EntrySet entries;
-  int bucket_num = static_cast<int>(hash & mask_);
-  IndexBucket* bucket = &main_table_[bucket_num];
-  do {
-    for (int i = 0; i < kCellsPerBucket; i++) {
-      IndexCell* current_cell = &bucket->cells[i];
-      if (!GetLocation(*current_cell))
-        continue;
-      if (!SanityCheck(*current_cell)) {
-        NOTREACHED();
-        int cell_num = bucket_num * kCellsPerBucket + i;
-        current_cell->Clear();
-        bitmap_->Set(cell_num, false);
-        backup_bitmap_->Set(cell_num, false);
-        modified_ = true;
-        continue;
-      }
-      int cell_num = bucket_num * kCellsPerBucket + i;
-      if (MisplacedHash(*current_cell, hash)) {
-        HandleMisplacedCell(current_cell, cell_num, hash & mask_);
-      } else if (IsHashMatch(*current_cell, hash)) {
-        EntryCell entry_cell(cell_num, hash, *current_cell, small_table_);
-        CheckState(entry_cell);
-        if (entry_cell.GetState() != ENTRY_DELETED) {
-          entries.cells.push_back(entry_cell);
-          if (entry_cell.GetGroup() == ENTRY_EVICTED)
-            entries.evicted_count++;
-        }
-      }
-    }
-    bucket_num = GetNextBucket(mask_ + 1, header()->max_bucket, extra_table_,
-                               &bucket);
-  } while (bucket_num);
-  return entries;
-}
-
-EntryCell IndexTable::CreateEntryCell(uint32_t hash, Addr address) {
-  DCHECK(IsValidAddress(address));
-  DCHECK(address.FileNumber() || address.start_block());
-
-  int bucket_num = static_cast<int>(hash & mask_);
-  int cell_num = 0;
-  IndexBucket* bucket = &main_table_[bucket_num];
-  IndexCell* current_cell = NULL;
-  bool found = false;
-  do {
-    for (int i = 0; i < kCellsPerBucket && !found; i++) {
-      current_cell = &bucket->cells[i];
-      if (!GetLocation(*current_cell)) {
-        cell_num = bucket_num * kCellsPerBucket + i;
-        found = true;
-      }
-    }
-    if (found)
-      break;
-    bucket_num = GetNextBucket(mask_ + 1, header()->max_bucket, extra_table_,
-                               &bucket);
-  } while (bucket_num);
-
-  if (!found) {
-    bucket_num = NewExtraBucket();
-    if (bucket_num) {
-      cell_num = bucket_num * kCellsPerBucket;
-      bucket->next = cell_num;
-      bucket = &extra_table_[bucket_num - (mask_ + 1)];
-      bucket->hash = hash & mask_;
-      found = true;
-    } else {
-      // address 0 is a reserved value, and the caller interprets it as invalid.
-      address.set_value(0);
-    }
-  }
-
-  EntryCell entry_cell(cell_num, hash, address, small_table_);
-  if (address.file_type() == BLOCK_EVICTED)
-    entry_cell.SetGroup(ENTRY_EVICTED);
-  else
-    entry_cell.SetGroup(ENTRY_NO_USE);
-  Save(&entry_cell);
-
-  if (found) {
-    bitmap_->Set(cell_num, true);
-    backup_bitmap_->Set(cell_num, true);
-    header()->used_cells++;
-    modified_ = true;
-  }
-
-  return entry_cell;
-}
-
-EntryCell IndexTable::FindEntryCell(uint32_t hash, Addr address) {
-  return FindEntryCellImpl(hash, address, false);
-}
-
-int IndexTable::CalculateTimestamp(Time time) {
-  TimeDelta delta = time - Time::FromInternalValue(header_->base_time);
-  return std::max(delta.InMinutes(), 0);
-}
-
-base::Time IndexTable::TimeFromTimestamp(int timestamp) {
-  return Time::FromInternalValue(header_->base_time) +
-         TimeDelta::FromMinutes(timestamp);
-}
-
-void IndexTable::SetSate(uint32_t hash, Addr address, EntryState state) {
-  EntryCell cell = FindEntryCellImpl(hash, address, state == ENTRY_FREE);
-  if (!cell.IsValid()) {
-    NOTREACHED();
-    return;
-  }
-
-  EntryState old_state = cell.GetState();
-  switch (state) {
-    case ENTRY_FREE:
-      DCHECK_EQ(old_state, ENTRY_DELETED);
-      break;
-    case ENTRY_NEW:
-      DCHECK_EQ(old_state, ENTRY_FREE);
-      break;
-    case ENTRY_OPEN:
-      DCHECK_EQ(old_state, ENTRY_USED);
-      break;
-    case ENTRY_MODIFIED:
-      DCHECK_EQ(old_state, ENTRY_OPEN);
-      break;
-    case ENTRY_DELETED:
-      DCHECK(old_state == ENTRY_NEW || old_state == ENTRY_OPEN ||
-             old_state == ENTRY_MODIFIED);
-      break;
-    case ENTRY_USED:
-      DCHECK(old_state == ENTRY_NEW || old_state == ENTRY_OPEN ||
-             old_state == ENTRY_MODIFIED);
-      break;
-    case ENTRY_FIXING:
-      break;
-  };
-
-  modified_ = true;
-  if (state == ENTRY_DELETED) {
-    bitmap_->Set(cell.cell_num(), false);
-    backup_bitmap_->Set(cell.cell_num(), false);
-  } else if (state == ENTRY_FREE) {
-    cell.Clear();
-    Write(cell);
-    header()->used_cells--;
-    return;
-  }
-  cell.SetState(state);
-
-  Save(&cell);
-}
-
-void IndexTable::UpdateTime(uint32_t hash, Addr address, base::Time current) {
-  EntryCell cell = FindEntryCell(hash, address);
-  if (!cell.IsValid())
-    return;
-
-  int minutes = CalculateTimestamp(current);
-
-  // Keep about 3 months of headroom.
-  const int kMaxTimestamp = (1 << 20) - 60 * 24 * 90;
-  if (minutes > kMaxTimestamp) {
-    // TODO(rvargas):
-    // Update header->old_time and trigger a timer
-    // Rebaseline timestamps and don't update sums
-    // Start a timer (about 2 backups)
-    // fix all ckecksums and trigger another timer
-    // update header->old_time because rebaseline is done.
-    minutes = std::min(minutes, (1 << 20) - 1);
-  }
-
-  cell.SetTimestamp(minutes);
-  Save(&cell);
-}
-
-void IndexTable::Save(EntryCell* cell) {
-  cell->FixSum();
-  Write(*cell);
-}
-
-void IndexTable::GetOldest(IndexIterator* no_use,
-                           IndexIterator* low_use,
-                           IndexIterator* high_use) {
-  no_use->forward = true;
-  low_use->forward = true;
-  high_use->forward = true;
-  InitIterator(no_use);
-  InitIterator(low_use);
-  InitIterator(high_use);
-
-  WalkTables(-1, no_use, low_use, high_use);
-}
-
-bool IndexTable::GetNextCells(IndexIterator* iterator) {
-  int current_time = iterator->timestamp;
-  InitIterator(iterator);
-
-  WalkTables(current_time, iterator, iterator, iterator);
-  return !iterator->cells.empty();
-}
-
-void IndexTable::OnBackupTimer() {
-  if (!modified_)
-    return;
-
-  int num_words = (header_->table_len + 31) / 32;
-  int num_bytes = num_words * 4 + static_cast<int>(sizeof(*header_));
-  scoped_refptr<net::IOBuffer> buffer(new net::IOBuffer(num_bytes));
-  memcpy(buffer->data(), header_, sizeof(*header_));
-  memcpy(buffer->data() + sizeof(*header_), backup_bitmap_storage_.get(),
-         num_words * 4);
-  backend_->SaveIndex(buffer.get(), num_bytes);
-  modified_ = false;
-}
-
-// -----------------------------------------------------------------------
-
-EntryCell IndexTable::FindEntryCellImpl(uint32_t hash,
-                                        Addr address,
-                                        bool allow_deleted) {
-  int bucket_num = static_cast<int>(hash & mask_);
-  IndexBucket* bucket = &main_table_[bucket_num];
-  do {
-    for (int i = 0; i < kCellsPerBucket; i++) {
-      IndexCell* current_cell = &bucket->cells[i];
-      if (!GetLocation(*current_cell))
-        continue;
-      DCHECK(SanityCheck(*current_cell));
-      if (IsHashMatch(*current_cell, hash)) {
-        // We have a match.
-        int cell_num = bucket_num * kCellsPerBucket + i;
-        EntryCell entry_cell(cell_num, hash, *current_cell, small_table_);
-        if (entry_cell.GetAddress() != address)
-          continue;
-
-        if (!allow_deleted && entry_cell.GetState() == ENTRY_DELETED)
-          continue;
-
-        return entry_cell;
-      }
-    }
-    bucket_num = GetNextBucket(mask_ + 1, header()->max_bucket, extra_table_,
-                               &bucket);
-  } while (bucket_num);
-  return EntryCell();
-}
-
-void IndexTable::CheckState(const EntryCell& cell) {
-  int current_state = cell.GetState();
-  if (current_state != ENTRY_FIXING) {
-    bool present = ((current_state & 3) != 0);  // Look at the last two bits.
-    if (present != bitmap_->Get(cell.cell_num()) ||
-        present != backup_bitmap_->Get(cell.cell_num())) {
-      // There's a mismatch.
-      if (current_state == ENTRY_DELETED) {
-        // We were in the process of deleting this entry. Finish now.
-        backend_->DeleteCell(cell);
-      } else {
-        current_state = ENTRY_FIXING;
-        EntryCell bad_cell(cell);
-        bad_cell.SetState(ENTRY_FIXING);
-        Save(&bad_cell);
-      }
-    }
-  }
-
-  if (current_state == ENTRY_FIXING)
-    backend_->FixCell(cell);
-}
-
-void IndexTable::Write(const EntryCell& cell) {
-  IndexBucket* bucket = NULL;
-  int bucket_num = cell.cell_num() / kCellsPerBucket;
-  if (bucket_num < static_cast<int32_t>(mask_ + 1)) {
-    bucket = &main_table_[bucket_num];
-  } else {
-    DCHECK_LE(bucket_num, header()->max_bucket);
-    bucket = &extra_table_[bucket_num - (mask_ + 1)];
-  }
-
-  int cell_number = cell.cell_num() % kCellsPerBucket;
-  if (GetLocation(bucket->cells[cell_number]) && cell.GetLocation()) {
-    DCHECK_EQ(cell.GetLocation(),
-              GetLocation(bucket->cells[cell_number]));
-  }
-  cell.Serialize(&bucket->cells[cell_number]);
-}
-
-int IndexTable::NewExtraBucket() {
-  int safe_window = (header()->table_len < kNumExtraBlocks * 2) ?
-                    kNumExtraBlocks / 4 : kNumExtraBlocks;
-  if (header()->table_len - header()->max_bucket * kCellsPerBucket <
-      safe_window) {
-    backend_->GrowIndex();
-  }
-
-  if (header()->max_bucket * kCellsPerBucket ==
-      header()->table_len - kCellsPerBucket) {
-    return 0;
-  }
-
-  header()->max_bucket++;
-  return header()->max_bucket;
-}
-
-void IndexTable::WalkTables(int limit_time,
-                            IndexIterator* no_use,
-                            IndexIterator* low_use,
-                            IndexIterator* high_use) {
-  header_->num_no_use_entries = 0;
-  header_->num_low_use_entries = 0;
-  header_->num_high_use_entries = 0;
-  header_->num_evicted_entries = 0;
-
-  for (int i = 0; i < static_cast<int32_t>(mask_ + 1); i++) {
-    int bucket_num = i;
-    IndexBucket* bucket = &main_table_[i];
-    do {
-      UpdateFromBucket(bucket, i, limit_time, no_use, low_use, high_use);
-
-      bucket_num = GetNextBucket(mask_ + 1, header()->max_bucket, extra_table_,
-                                 &bucket);
-    } while (bucket_num);
-  }
-  header_->num_entries = header_->num_no_use_entries +
-                         header_->num_low_use_entries +
-                         header_->num_high_use_entries +
-                         header_->num_evicted_entries;
-  modified_ = true;
-}
-
-void IndexTable::UpdateFromBucket(IndexBucket* bucket, int bucket_hash,
-                                  int limit_time,
-                                  IndexIterator* no_use,
-                                  IndexIterator* low_use,
-                                  IndexIterator* high_use) {
-  for (int i = 0; i < kCellsPerBucket; i++) {
-    IndexCell& current_cell = bucket->cells[i];
-    if (!GetLocation(current_cell))
-      continue;
-    DCHECK(SanityCheck(current_cell));
-    if (!IsNormalState(current_cell))
-      continue;
-
-    EntryCell entry_cell(0, GetFullHash(current_cell, bucket_hash),
-                         current_cell, small_table_);
-    switch (GetCellGroup(current_cell)) {
-      case ENTRY_NO_USE:
-        UpdateIterator(entry_cell, limit_time, no_use);
-        header_->num_no_use_entries++;
-        break;
-      case ENTRY_LOW_USE:
-        UpdateIterator(entry_cell, limit_time, low_use);
-        header_->num_low_use_entries++;
-        break;
-      case ENTRY_HIGH_USE:
-        UpdateIterator(entry_cell, limit_time, high_use);
-        header_->num_high_use_entries++;
-        break;
-      case ENTRY_EVICTED:
-        header_->num_evicted_entries++;
-        break;
-      default:
-        NOTREACHED();
-    }
-  }
-}
-
-// This code is only called from Init() so the internal state of this object is
-// in flux (this method is performing the last steps of re-initialization). As
-// such, random methods are not supposed to work at this point, so whatever this
-// method calls should be relatively well controlled and it may require some
-// degree of "stable state faking".
-void IndexTable::MoveCells(IndexBucket* old_extra_table) {
-  int max_hash = (mask_ + 1) / 2;
-  int max_bucket = header()->max_bucket;
-  header()->max_bucket = mask_;
-  int used_cells = header()->used_cells;
-
-  // Consider a large cache: a cell stores the upper 18 bits of the hash
-  // (h >> 14). If the table is say 8 times the original size (growing from 4x),
-  // the bit that we are interested in would be the 3rd bit of the stored value,
-  // in other words 'multiplier' >> 1.
-  uint32_t new_bit = (1 << extra_bits_) >> 1;
-
-  scoped_ptr<IndexBucket[]> old_main_table;
-  IndexBucket* source_table = main_table_;
-  bool upgrade_format = !extra_bits_;
-  if (upgrade_format) {
-    // This method should deal with migrating a small table to a big one. Given
-    // that the first thing to do is read the old table, set small_table_ for
-    // the size of the old table. Now, when moving a cell, the result cannot be
-    // placed in the old table or we will end up reading it again and attempting
-    // to move it, so we have to copy the whole table at once.
-    DCHECK(!small_table_);
-    small_table_ = true;
-    old_main_table.reset(new IndexBucket[max_hash]);
-    memcpy(old_main_table.get(), main_table_, max_hash * sizeof(IndexBucket));
-    memset(main_table_, 0, max_hash * sizeof(IndexBucket));
-    source_table = old_main_table.get();
-  }
-
-  for (int i = 0; i < max_hash; i++) {
-    int bucket_num = i;
-    IndexBucket* bucket = &source_table[i];
-    do {
-      for (int j = 0; j < kCellsPerBucket; j++) {
-        IndexCell& current_cell = bucket->cells[j];
-        if (!GetLocation(current_cell))
-          continue;
-        DCHECK(SanityCheck(current_cell));
-        if (bucket_num == i) {
-          if (upgrade_format || (GetHashValue(current_cell) & new_bit)) {
-            // Move this cell to the upper half of the table.
-            MoveSingleCell(&current_cell, bucket_num * kCellsPerBucket + j, i,
-                           true);
-          }
-        } else {
-          // All cells on extra buckets have to move.
-          MoveSingleCell(&current_cell, bucket_num * kCellsPerBucket + j, i,
-                         true);
-        }
-      }
-
-      // There is no need to clear the old bucket->next value because if falls
-      // within the main table so it will be fixed when attempting to follow
-      // the link.
-      bucket_num = GetNextBucket(max_hash, max_bucket, old_extra_table,
-                                 &bucket);
-    } while (bucket_num);
-  }
-
-  DCHECK_EQ(header()->used_cells, used_cells);
-
-  if (upgrade_format) {
-    small_table_ = false;
-    header()->flags &= ~SMALL_CACHE;
-  }
-}
-
-void IndexTable::MoveSingleCell(IndexCell* current_cell, int cell_num,
-                                int main_table_index, bool growing) {
-  uint32_t hash = GetFullHash(*current_cell, main_table_index);
-  EntryCell old_cell(cell_num, hash, *current_cell, small_table_);
-
-  // This method may be called when moving entries from a small table to a
-  // normal table. In that case, the caller (MoveCells) has to read the old
-  // table, so it needs small_table_ set to true, but this method needs to
-  // write to the new table so small_table_ has to be set to false, and the
-  // value restored to true before returning.
-  bool upgrade_format = !extra_bits_ && growing;
-  if (upgrade_format)
-    small_table_ = false;
-  EntryCell new_cell = CreateEntryCell(hash, old_cell.GetAddress());
-
-  if (!new_cell.IsValid()) {
-    // We'll deal with this entry later.
-    if (upgrade_format)
-      small_table_ = true;
-    return;
-  }
-
-  new_cell.SetState(old_cell.GetState());
-  new_cell.SetGroup(old_cell.GetGroup());
-  new_cell.SetReuse(old_cell.GetReuse());
-  new_cell.SetTimestamp(old_cell.GetTimestamp());
-  Save(&new_cell);
-  modified_ = true;
-  if (upgrade_format)
-    small_table_ = true;
-
-  if (old_cell.GetState() == ENTRY_DELETED) {
-    bitmap_->Set(new_cell.cell_num(), false);
-    backup_bitmap_->Set(new_cell.cell_num(), false);
-  }
-
-  if (!growing || cell_num / kCellsPerBucket == main_table_index) {
-    // Only delete entries that live on the main table.
-    if (!upgrade_format) {
-      old_cell.Clear();
-      Write(old_cell);
-    }
-
-    if (cell_num != new_cell.cell_num()) {
-      bitmap_->Set(old_cell.cell_num(), false);
-      backup_bitmap_->Set(old_cell.cell_num(), false);
-    }
-  }
-  header()->used_cells--;
-}
-
-void IndexTable::HandleMisplacedCell(IndexCell* current_cell, int cell_num,
-                                     int main_table_index) {
-  NOTREACHED();  // No unit tests yet.
-
-  // The cell may be misplaced, or a duplicate cell exists with this data.
-  uint32_t hash = GetFullHash(*current_cell, main_table_index);
-  MoveSingleCell(current_cell, cell_num, main_table_index, false);
-
-  // Now look for a duplicate cell.
-  CheckBucketList(hash & mask_);
-}
-
-void IndexTable::CheckBucketList(int bucket_num) {
-  typedef std::pair<int, EntryGroup> AddressAndGroup;
-  std::set<AddressAndGroup> entries;
-  IndexBucket* bucket = &main_table_[bucket_num];
-  int bucket_hash = bucket_num;
-  do {
-    for (int i = 0; i < kCellsPerBucket; i++) {
-      IndexCell* current_cell = &bucket->cells[i];
-      if (!GetLocation(*current_cell))
-        continue;
-      if (!SanityCheck(*current_cell)) {
-        NOTREACHED();
-        current_cell->Clear();
-        continue;
-      }
-      int cell_num = bucket_num * kCellsPerBucket + i;
-      EntryCell cell(cell_num, GetFullHash(*current_cell, bucket_hash),
-                     *current_cell, small_table_);
-      if (!entries.insert(std::make_pair(cell.GetAddress().value(),
-                                         cell.GetGroup())).second) {
-        current_cell->Clear();
-        continue;
-      }
-      CheckState(cell);
-    }
-
-    bucket_num = GetNextBucket(mask_ + 1, header()->max_bucket, extra_table_,
-                              &bucket);
-  } while (bucket_num);
-}
-
-uint32_t IndexTable::GetLocation(const IndexCell& cell) {
-  if (small_table_)
-    return GetCellSmallTableLocation(cell);
-
-  return GetCellLocation(cell);
-}
-
-uint32_t IndexTable::GetHashValue(const IndexCell& cell) {
-  if (small_table_)
-    return GetCellSmallTableId(cell);
-
-  return GetCellId(cell);
-}
-
-uint32_t IndexTable::GetFullHash(const IndexCell& cell, uint32_t lower_part) {
-  // It is OK for the high order bits of lower_part to overlap with the stored
-  // part of the hash.
-  if (small_table_)
-    return (GetCellSmallTableId(cell) << kSmallTableHashShift) | lower_part;
-
-  return (GetCellId(cell) << kHashShift) | lower_part;
-}
-
-// All the bits stored in the cell should match the provided hash.
-bool IndexTable::IsHashMatch(const IndexCell& cell, uint32_t hash) {
-  hash = small_table_ ? hash >> kSmallTableHashShift : hash >> kHashShift;
-  return GetHashValue(cell) == hash;
-}
-
-bool IndexTable::MisplacedHash(const IndexCell& cell, uint32_t hash) {
-  if (!extra_bits_)
-    return false;
-
-  uint32_t mask = (1 << extra_bits_) - 1;
-  hash = small_table_ ? hash >> kSmallTableHashShift : hash >> kHashShift;
-  return (GetHashValue(cell) & mask) != (hash & mask);
-}
-
-}  // namespace disk_cache
diff --git a/chromium/net/disk_cache/blockfile/index_table_v3.h b/chromium/net/disk_cache/blockfile/index_table_v3.h
deleted file mode 100644
index 001b43811f5..00000000000
--- a/chromium/net/disk_cache/blockfile/index_table_v3.h
+++ /dev/null
@@ -1,286 +0,0 @@
-// Copyright 2014 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef NET_DISK_CACHE_BLOCKFILE_INDEX_TABLE_V3_H_
-#define NET_DISK_CACHE_BLOCKFILE_INDEX_TABLE_V3_H_
-
-// The IndexTable class is in charge of handling all the details about the main
-// index table of the cache. It provides methods to locate entries in the cache,
-// create new entries and modify existing entries. It hides the fact that the
-// table is backed up across multiple physical files, and that the files can
-// grow and be remapped while the cache is in use. However, note that this class
-// doesn't do any direct management of the backing files, and it operates only
-// with the tables in memory.
-//
-// When the current index needs to grow, the backend is notified so that files
-// are extended and remapped as needed. After that, the IndexTable should be
-// re-initialized with the new structures. Note that the IndexTable instance is
-// still functional while the backend performs file IO.
-
-#include <stddef.h>
-#include <stdint.h>
-
-#include <vector>
-
-#include "base/macros.h"
-#include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
-#include "base/time/time.h"
-#include "net/base/net_export.h"
-#include "net/disk_cache/blockfile/addr.h"
-#include "net/disk_cache/blockfile/bitmap.h"
-#include "net/disk_cache/blockfile/disk_format_v3.h"
-
-namespace net {
-class IOBuffer;
-}
-
-namespace disk_cache {
-
-class BackendImplV3;
-struct InitResult;
-
-// An EntryCell represents a single entity stored by the index table. Users are
-// expected to handle and store EntryCells on their own to track operations that
-// they are performing with a given entity, as opposed to deal with pointers to
-// individual positions on the table, given that the whole table can be moved to
-// another place, and that would invalidate any pointers to individual cells in
-// the table.
-// However, note that it is also possible for an entity to be moved from one
-// position to another, so an EntryCell may be invalid by the time a long
-// operation completes. In that case, the caller should consult the table again
-// using FindEntryCell().
-class NET_EXPORT_PRIVATE EntryCell {
- public:
-  ~EntryCell();
-
-  bool IsValid() const;
-
-  int32_t cell_num() const { return cell_num_; }
-  uint32_t hash() const { return hash_; }
-
-  Addr GetAddress() const;
-  EntryState GetState() const;
-  EntryGroup GetGroup() const;
-  int GetReuse() const;
-  int GetTimestamp() const;
-
-  void SetState(EntryState state);
-  void SetGroup(EntryGroup group);
-  void SetReuse(int count);
-  void SetTimestamp(int timestamp);
-
-  static EntryCell GetEntryCellForTest(int32_t cell_num,
-                                       uint32_t hash,
-                                       Addr address,
-                                       IndexCell* cell,
-                                       bool small_table);
-  void SerializaForTest(IndexCell* destination);
-
- private:
-  friend class IndexTable;
-  friend class CacheDumperHelper;
-
-  EntryCell();
-  EntryCell(int32_t cell_num, uint32_t hash, Addr address, bool small_table);
-  EntryCell(int32_t cell_num,
-            uint32_t hash,
-            const IndexCell& cell,
-            bool small_table);
-
-  void Clear() { cell_.Clear(); }
-  void FixSum();
-
-  // Returns the raw value stored on the index table.
-  uint32_t GetLocation() const;
-
-  // Recalculates hash_ assuming that only the low order bits are valid and the
-  // rest come from cell_.
-  uint32_t RecomputeHash();
-
-  void Serialize(IndexCell* destination) const;
-
-  int32_t cell_num_;
-  uint32_t hash_;
-  IndexCell cell_;
-  bool small_table_;
-};
-
-// Keeps a collection of EntryCells in order to be processed.
-struct NET_EXPORT_PRIVATE EntrySet {
-  EntrySet();
-  EntrySet(const EntrySet& other);
-  ~EntrySet();
-
-  int evicted_count;  // The numebr of evicted entries in this set.
-  size_t current;     // The number of the cell that is being processed.
-  std::vector<EntryCell> cells;
-};
-
-// A given entity referenced by the index table is uniquely identified by the
-// combination of hash and address.
-struct CellInfo {
-  uint32_t hash;
-  Addr address;
-};
-typedef std::vector<CellInfo> CellList;
-
-// An index iterator is used to get a group of cells that share the same
-// timestamp. When this structure is passed to GetNextCells(), the caller sets
-// the initial timestamp and direction; whet it is used with GetOldest, the
-// initial values are ignored.
-struct NET_EXPORT_PRIVATE IndexIterator {
-  IndexIterator();
-  ~IndexIterator();
-
-  CellList cells;
-  int timestamp;  // The current low resolution timestamp for |cells|.
-  bool forward;   // The direction of the iteration, in time.
-};
-
-// Methods that the backend has to implement to support the table. Note that the
-// backend is expected to own all IndexTable instances, so it is expected to
-// outlive the table.
-class NET_EXPORT_PRIVATE IndexTableBackend {
- public:
-  virtual ~IndexTableBackend() {}
-
-  // The index has to grow.
-  virtual void GrowIndex() = 0;
-
-  // Save the index to the backup file.
-  virtual void SaveIndex(net::IOBuffer* buffer, int buffer_len) = 0;
-
-  // Deletes or fixes an invalid cell from the backend.
-  virtual void DeleteCell(EntryCell cell) = 0;
-  virtual void FixCell(EntryCell cell) = 0;
-};
-
-// The data required to initialize an index. Note that not all fields have to
-// be provided when growing the tables.
-struct NET_EXPORT_PRIVATE IndexTableInitData {
-  IndexTableInitData();
-  ~IndexTableInitData();
-
-  IndexBitmap* index_bitmap;
-  IndexBucket* main_table;
-  IndexBucket* extra_table;
-  scoped_ptr<IndexHeaderV3> backup_header;
-  scoped_ptr<uint32_t[]> backup_bitmap;
-};
-
-// See the description at the top of this file.
-class NET_EXPORT_PRIVATE IndexTable {
- public:
-  explicit IndexTable(IndexTableBackend* backend);
-  ~IndexTable();
-
-  // Initializes the object, or re-initializes it when the backing files grow.
-  // Note that the only supported way to initialize this objeect is using
-  // pointers that come from the files being directly mapped in memory. If that
-  // is not the case, it must be emulated in a convincing way, for example
-  // making sure that the tables for re-init look the same as the tables to be
-  // replaced.
-  void Init(IndexTableInitData* params);
-
-  // Releases the resources acquired during Init().
-  void Shutdown();
-
-  // Locates a resouce on the index. Returns a list of all resources that match
-  // the provided hash.
-  EntrySet LookupEntries(uint32_t hash);
-
-  // Creates a new cell to store a new resource.
-  EntryCell CreateEntryCell(uint32_t hash, Addr address);
-
-  // Locates a particular cell. This method allows a caller to perform slow
-  // operations with some entries while the index evolves, by returning the
-  // current state of a cell. If the desired cell cannot be located, the return
-  // object will be invalid.
-  EntryCell FindEntryCell(uint32_t hash, Addr address);
-
-  // Returns an IndexTable timestamp for a given absolute time. The actual
-  // resolution of the timestamp should be considered an implementation detail,
-  // but it certainly is lower than seconds. The important part is that a group
-  // of cells will share the same timestamp (see IndexIterator).
-  int CalculateTimestamp(base::Time time);
-
-  // Returns the equivalent time for a cell timestamp.
-  base::Time TimeFromTimestamp(int timestamp);
-
-  // Updates a particular cell.
-  void SetSate(uint32_t hash, Addr address, EntryState state);
-  void UpdateTime(uint32_t hash, Addr address, base::Time current);
-
-  // Saves the contents of |cell| to the table.
-  void Save(EntryCell* cell);
-
-  // Returns the oldest entries for each group of entries. The initial values
-  // for the provided iterators are ignored. Entries are assigned to iterators
-  // according to their EntryGroup.
-  void GetOldest(IndexIterator* no_use,
-                 IndexIterator* low_use,
-                 IndexIterator* high_use);
-
-  // Returns the next group of entries for the provided iterator. This method
-  // does not return the cells matching the initial iterator's timestamp,
-  // but rather cells after (or before, depending on the iterator's |forward|
-  // member) that timestamp.
-  bool GetNextCells(IndexIterator* iterator);
-
-  // Called each time the index should save the backup information. The caller
-  // can assume that anything that needs to be saved is saved when this method
-  // is called, and that there is only one source of timming information, and
-  // that source is controlled by the owner of this object.
-  void OnBackupTimer();
-
-  IndexHeaderV3* header() { return header_; }
-  const IndexHeaderV3* header() const { return header_; }
-
- private:
-  EntryCell FindEntryCellImpl(uint32_t hash, Addr address, bool allow_deleted);
-  void CheckState(const EntryCell& cell);
-  void Write(const EntryCell& cell);
-  int NewExtraBucket();
-  void WalkTables(int limit_time,
-                  IndexIterator* no_use,
-                  IndexIterator* low_use,
-                  IndexIterator* high_use);
-  void UpdateFromBucket(IndexBucket* bucket, int bucket_hash,
-                        int limit_time,
-                        IndexIterator* no_use,
-                        IndexIterator* low_use,
-                        IndexIterator* high_use);
-  void MoveCells(IndexBucket* old_extra_table);
-  void MoveSingleCell(IndexCell* current_cell, int cell_num,
-                      int main_table_index, bool growing);
-  void HandleMisplacedCell(IndexCell* current_cell, int cell_num,
-                           int main_table_index);
-  void CheckBucketList(int bucket_id);
-
-  uint32_t GetLocation(const IndexCell& cell);
-  uint32_t GetHashValue(const IndexCell& cell);
-  uint32_t GetFullHash(const IndexCell& cell, uint32_t lower_part);
-  bool IsHashMatch(const IndexCell& cell, uint32_t hash);
-  bool MisplacedHash(const IndexCell& cell, uint32_t hash);
-
-  IndexTableBackend* backend_;
-  IndexHeaderV3* header_;
-  scoped_ptr<Bitmap> bitmap_;
-  scoped_ptr<Bitmap> backup_bitmap_;
-  scoped_ptr<uint32_t[]> backup_bitmap_storage_;
-  scoped_ptr<IndexHeaderV3> backup_header_;
-  IndexBucket* main_table_;
-  IndexBucket* extra_table_;
-  uint32_t mask_;   // Binary mask to map a hash to the hash table.
-  int extra_bits_;  // How many bits are in mask_ above the default value.
-  bool modified_;
-  bool small_table_;
-
-  DISALLOW_COPY_AND_ASSIGN(IndexTable);
-};
-
-}  // namespace disk_cache
-
-#endif  // NET_DISK_CACHE_BLOCKFILE_INDEX_TABLE_V3_H_
diff --git a/chromium/net/disk_cache/blockfile/index_table_v3_unittest.cc b/chromium/net/disk_cache/blockfile/index_table_v3_unittest.cc
deleted file mode 100644
index e2fca1063e4..00000000000
--- a/chromium/net/disk_cache/blockfile/index_table_v3_unittest.cc
+++ /dev/null
@@ -1,711 +0,0 @@
-// Copyright 2014 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "net/disk_cache/blockfile/index_table_v3.h"
-
-#include <stdint.h>
-#include <utility>
-
-#include "base/logging.h"
-#include "base/macros.h"
-#include "net/disk_cache/blockfile/addr.h"
-#include "net/disk_cache/blockfile/disk_format_v3.h"
-#include "testing/gtest/include/gtest/gtest.h"
-
-using disk_cache::EntryCell;
-using disk_cache::IndexCell;
-using disk_cache::IndexTable;
-using disk_cache::IndexTableInitData;
-
-namespace {
-
-int GetChecksum(const IndexCell& source) {
-  // Only the cell pointer is relevant.
-  disk_cache::Addr addr;
-  IndexCell* cell = const_cast<IndexCell*>(&source);
-  EntryCell entry = EntryCell::GetEntryCellForTest(0, 0, addr, cell, false);
-
-  IndexCell result;
-  entry.SerializaForTest(&result);
-  return result.last_part >> 6;
-}
-
-class MockIndexBackend : public disk_cache::IndexTableBackend {
- public:
-  MockIndexBackend() : grow_called_(false), buffer_len_(-1) {}
-  ~MockIndexBackend() override {}
-
-  bool grow_called() const { return grow_called_; }
-  int buffer_len() const { return buffer_len_; }
-
-  void GrowIndex() override { grow_called_ = true; }
-  void SaveIndex(net::IOBuffer* buffer, int buffer_len) override {
-    buffer_len_ = buffer_len;
-  }
-  void DeleteCell(EntryCell cell) override {}
-  void FixCell(EntryCell cell) override {}
-
- private:
-  bool grow_called_;
-  int buffer_len_;
-};
-
-class TestCacheTables {
- public:
-  // |num_entries| is the capacity of the main table. The extra table is half
-  // the size of the main table.
-  explicit TestCacheTables(int num_entries);
-  ~TestCacheTables() {}
-
-  void GetInitData(IndexTableInitData* result);
-  void CopyFrom(const TestCacheTables& other);
-  base::Time start_time() const { return start_time_; }
-
- private:
-  scoped_ptr<uint64_t[]> main_bitmap_;
-  scoped_ptr<disk_cache::IndexBucket[]> main_table_;
-  scoped_ptr<disk_cache::IndexBucket[]> extra_table_;
-  base::Time start_time_;
-  int num_bitmap_bytes_;
-
-  DISALLOW_COPY_AND_ASSIGN(TestCacheTables);
-};
-
-TestCacheTables::TestCacheTables(int num_entries) {
-  DCHECK_GE(num_entries, 1024);
-  DCHECK_EQ(num_entries, num_entries / 1024 * 1024);
-  main_table_.reset(new disk_cache::IndexBucket[num_entries]);
-  extra_table_.reset(new disk_cache::IndexBucket[num_entries / 2]);
-  memset(main_table_.get(), 0, num_entries * sizeof(*main_table_.get()));
-  memset(extra_table_.get(), 0, num_entries / 2 * sizeof(*extra_table_.get()));
-
-  // We allow IndexBitmap smaller than a page because the code should not really
-  // depend on that.
-  num_bitmap_bytes_ = (num_entries + num_entries / 2) / 8;
-  size_t required_size = sizeof(disk_cache::IndexHeaderV3) + num_bitmap_bytes_;
-  main_bitmap_.reset(new uint64_t[required_size / sizeof(uint64_t)]);
-  memset(main_bitmap_.get(), 0, required_size);
-
-  disk_cache::IndexHeaderV3* header =
-      reinterpret_cast<disk_cache::IndexHeaderV3*>(main_bitmap_.get());
-
-  header->magic = disk_cache::kIndexMagicV3;
-  header->version = disk_cache::kVersion3;
-  header->table_len = num_entries + num_entries / 2;
-  header->max_bucket = num_entries / 4 - 1;
-
-  start_time_ = base::Time::Now();
-  header->create_time = start_time_.ToInternalValue();
-  header->base_time =
-      (start_time_ - base::TimeDelta::FromDays(20)).ToInternalValue();
-
-  if (num_entries < 64 * 1024)
-    header->flags = disk_cache::SMALL_CACHE;
-}
-
-void TestCacheTables::GetInitData(IndexTableInitData* result) {
-  result->index_bitmap =
-      reinterpret_cast<disk_cache::IndexBitmap*>(main_bitmap_.get());
-
-  result->main_table = main_table_.get();
-  result->extra_table = extra_table_.get();
-
-  result->backup_header.reset(new disk_cache::IndexHeaderV3);
-  memcpy(result->backup_header.get(), result->index_bitmap,
-         sizeof(result->index_bitmap->header));
-
-  result->backup_bitmap.reset(
-      new uint32_t[num_bitmap_bytes_ / sizeof(uint32_t)]);
-  memcpy(result->backup_bitmap.get(), result->index_bitmap->bitmap,
-         num_bitmap_bytes_);
-}
-
-void TestCacheTables::CopyFrom(const TestCacheTables& other) {
-  disk_cache::IndexBitmap* this_bitmap =
-    reinterpret_cast<disk_cache::IndexBitmap*>(main_bitmap_.get());
-  disk_cache::IndexBitmap* other_bitmap =
-    reinterpret_cast<disk_cache::IndexBitmap*>(other.main_bitmap_.get());
-
-  DCHECK_GE(this_bitmap->header.table_len, other_bitmap->header.table_len);
-  DCHECK_GE(num_bitmap_bytes_, other.num_bitmap_bytes_);
-
-  memcpy(this_bitmap->bitmap, other_bitmap->bitmap, other.num_bitmap_bytes_);
-
-  int main_table_buckets = (other_bitmap->header.table_len * 2 / 3) / 4;
-  int extra_table_buckets = (other_bitmap->header.table_len * 1 / 3) / 4;
-  memcpy(main_table_.get(), other.main_table_.get(),
-         main_table_buckets * sizeof(disk_cache::IndexBucket));
-  memcpy(extra_table_.get(), other.extra_table_.get(),
-         extra_table_buckets * sizeof(disk_cache::IndexBucket));
-
-  this_bitmap->header.num_entries = other_bitmap->header.num_entries;
-  this_bitmap->header.used_cells = other_bitmap->header.used_cells;
-  this_bitmap->header.max_bucket = other_bitmap->header.max_bucket;
-  this_bitmap->header.create_time = other_bitmap->header.create_time;
-  this_bitmap->header.base_time = other_bitmap->header.base_time;
-  this_bitmap->header.flags = other_bitmap->header.flags;
-  start_time_ = other.start_time_;
-}
-
-}  // namespace
-
-TEST(DiskCacheIndexTable, EntryCell) {
-  uint32_t hash = 0x55aa6699;
-  disk_cache::Addr addr(disk_cache::BLOCK_ENTRIES, 1, 5, 0x4531);
-  bool small_table = true;
-  int cell_num = 88;
-  int reuse = 6;
-  int timestamp = 123456;
-  disk_cache::EntryState state = disk_cache::ENTRY_MODIFIED;
-  disk_cache::EntryGroup group = disk_cache::ENTRY_HIGH_USE;
-
-  for (int i = 0; i < 4; i++) {
-    SCOPED_TRACE(i);
-    EntryCell entry = EntryCell::GetEntryCellForTest(cell_num, hash, addr, NULL,
-                                                     small_table);
-    EXPECT_EQ(disk_cache::ENTRY_NO_USE, entry.GetGroup());
-    EXPECT_EQ(disk_cache::ENTRY_NEW, entry.GetState());
-
-    entry.SetGroup(group);
-    entry.SetState(state);
-    entry.SetReuse(reuse);
-    entry.SetTimestamp(timestamp);
-
-    EXPECT_TRUE(entry.IsValid());
-    EXPECT_EQ(hash, entry.hash());
-    EXPECT_EQ(cell_num, entry.cell_num());
-    EXPECT_EQ(addr.value(), entry.GetAddress().value());
-
-    EXPECT_EQ(group, entry.GetGroup());
-    EXPECT_EQ(state, entry.GetState());
-    EXPECT_EQ(reuse, entry.GetReuse());
-    EXPECT_EQ(timestamp, entry.GetTimestamp());
-
-    // Store the data and read it again.
-    IndexCell cell;
-    entry.SerializaForTest(&cell);
-
-    EntryCell entry2 = EntryCell::GetEntryCellForTest(cell_num, hash, addr,
-                                                      &cell, small_table);
-
-    EXPECT_EQ(addr.value(), entry2.GetAddress().value());
-
-    EXPECT_EQ(group, entry2.GetGroup());
-    EXPECT_EQ(state, entry2.GetState());
-    EXPECT_EQ(reuse, entry2.GetReuse());
-    EXPECT_EQ(timestamp, entry2.GetTimestamp());
-
-    small_table = !small_table;
-    if (i == 1) {
-      hash = ~hash;
-      cell_num *= 5;
-      state = disk_cache::ENTRY_USED;
-      group = disk_cache::ENTRY_EVICTED;
-      addr = disk_cache::Addr(disk_cache::BLOCK_EVICTED, 1, 6, 0x18a5);
-      reuse = 15;  // 4 bits
-      timestamp = 0xfffff;  // 20 bits.
-    }
-  }
-}
-
-// Goes over some significant values for a cell's sum.
-TEST(DiskCacheIndexTable, EntryCellSum) {
-  IndexCell source;
-  source.Clear();
-  EXPECT_EQ(0, GetChecksum(source));
-
-  source.first_part++;
-  EXPECT_EQ(1, GetChecksum(source));
-
-  source.Clear();
-  source.last_part = 0x80;
-  EXPECT_EQ(0, GetChecksum(source));
-
-  source.last_part = 0x55;
-  EXPECT_EQ(3, GetChecksum(source));
-
-  source.first_part = 0x555555;
-  EXPECT_EQ(2, GetChecksum(source));
-
-  source.last_part = 0;
-  EXPECT_EQ(1, GetChecksum(source));
-
-  source.first_part = UINT64_C(0x8000000080000000);
-  EXPECT_EQ(0, GetChecksum(source));
-
-  source.first_part = UINT64_C(0x4000000040000000);
-  EXPECT_EQ(2, GetChecksum(source));
-
-  source.first_part = UINT64_C(0x200000020000000);
-  EXPECT_EQ(1, GetChecksum(source));
-
-  source.first_part = UINT64_C(0x100000010010000);
-  EXPECT_EQ(3, GetChecksum(source));
-
-  source.first_part = 0x80008000;
-  EXPECT_EQ(0, GetChecksum(source));
-
-  source.first_part = UINT64_C(0x800000008000);
-  EXPECT_EQ(1, GetChecksum(source));
-
-  source.first_part = 0x8080;
-  EXPECT_EQ(0, GetChecksum(source));
-
-  source.first_part = 0x800080;
-  EXPECT_EQ(1, GetChecksum(source));
-
-  source.first_part = 0x88;
-  EXPECT_EQ(0, GetChecksum(source));
-
-  source.first_part = 0x808;
-  EXPECT_EQ(1, GetChecksum(source));
-
-  source.first_part = 0xA;
-  EXPECT_EQ(0, GetChecksum(source));
-
-  source.first_part = 0x22;
-  EXPECT_EQ(1, GetChecksum(source));
-}
-
-TEST(DiskCacheIndexTable, Basics) {
-  TestCacheTables cache(1024);
-  IndexTableInitData init_data;
-  cache.GetInitData(&init_data);
-
-  IndexTable index(NULL);
-  index.Init(&init_data);
-
-  // Write some entries.
-  disk_cache::CellList entries;
-  for (int i = 0; i < 250; i++) {
-    SCOPED_TRACE(i);
-    uint32_t hash = i * i * 1111 + i * 11;
-    disk_cache::Addr addr(disk_cache::BLOCK_ENTRIES, 1, 5, i * 13 + 1);
-    EntryCell entry = index.CreateEntryCell(hash, addr);
-    EXPECT_TRUE(entry.IsValid());
-
-    disk_cache::CellInfo info = { hash, addr };
-    entries.push_back(info);
-  }
-
-  // Read them back.
-  for (size_t i = 0; i < entries.size(); i++) {
-    SCOPED_TRACE(i);
-    uint32_t hash = entries[i].hash;
-    disk_cache::Addr addr = entries[i].address;
-
-    disk_cache::EntrySet found_entries = index.LookupEntries(hash);
-    ASSERT_EQ(1u, found_entries.cells.size());
-    EXPECT_TRUE(found_entries.cells[0].IsValid());
-    EXPECT_EQ(hash, found_entries.cells[0].hash());
-    EXPECT_EQ(addr.value(), found_entries.cells[0].GetAddress().value());
-
-    EntryCell entry = index.FindEntryCell(hash, addr);
-    EXPECT_TRUE(entry.IsValid());
-    EXPECT_EQ(hash, entry.hash());
-    EXPECT_EQ(addr.value(), entry.GetAddress().value());
-
-    // Delete the first 100 entries.
-    if (i < 100)
-      index.SetSate(hash, addr, disk_cache::ENTRY_DELETED);
-  }
-
-  // See what we have now.
-  for (size_t i = 0; i < entries.size(); i++) {
-    SCOPED_TRACE(i);
-    uint32_t hash = entries[i].hash;
-    disk_cache::Addr addr = entries[i].address;
-
-    disk_cache::EntrySet found_entries = index.LookupEntries(hash);
-    if (i < 100) {
-      EXPECT_EQ(0u, found_entries.cells.size());
-    } else {
-      ASSERT_EQ(1u, found_entries.cells.size());
-      EXPECT_TRUE(found_entries.cells[0].IsValid());
-      EXPECT_EQ(hash, found_entries.cells[0].hash());
-      EXPECT_EQ(addr.value(), found_entries.cells[0].GetAddress().value());
-    }
-  }
-}
-
-// Tests handling of multiple entries with the same hash.
-TEST(DiskCacheIndexTable, SameHash) {
-  TestCacheTables cache(1024);
-  IndexTableInitData init_data;
-  cache.GetInitData(&init_data);
-
-  IndexTable index(NULL);
-  index.Init(&init_data);
-
-  disk_cache::CellList entries;
-  uint32_t hash = 0x55aa55bb;
-  for (int i = 0; i < 6; i++) {
-    SCOPED_TRACE(i);
-    disk_cache::Addr addr(disk_cache::BLOCK_ENTRIES, 1, 5, i * 13 + 1);
-    EntryCell entry = index.CreateEntryCell(hash, addr);
-    EXPECT_TRUE(entry.IsValid());
-
-    disk_cache::CellInfo info = { hash, addr };
-    entries.push_back(info);
-  }
-
-  disk_cache::EntrySet found_entries = index.LookupEntries(hash);
-  EXPECT_EQ(0, found_entries.evicted_count);
-  ASSERT_EQ(6u, found_entries.cells.size());
-
-  for (size_t i = 0; i < found_entries.cells.size(); i++) {
-    SCOPED_TRACE(i);
-    EXPECT_EQ(entries[i].address, found_entries.cells[i].GetAddress());
-  }
-
-  // Now verify handling of entries on different states.
-  index.SetSate(hash, entries[0].address, disk_cache::ENTRY_DELETED);
-  index.SetSate(hash, entries[1].address, disk_cache::ENTRY_DELETED);
-  index.SetSate(hash, entries[2].address, disk_cache::ENTRY_USED);
-  index.SetSate(hash, entries[3].address, disk_cache::ENTRY_USED);
-  index.SetSate(hash, entries[4].address, disk_cache::ENTRY_USED);
-
-  found_entries = index.LookupEntries(hash);
-  EXPECT_EQ(0, found_entries.evicted_count);
-  ASSERT_EQ(4u, found_entries.cells.size());
-
-  index.SetSate(hash, entries[3].address, disk_cache::ENTRY_OPEN);
-  index.SetSate(hash, entries[4].address, disk_cache::ENTRY_OPEN);
-
-  found_entries = index.LookupEntries(hash);
-  EXPECT_EQ(0, found_entries.evicted_count);
-  ASSERT_EQ(4u, found_entries.cells.size());
-
-  index.SetSate(hash, entries[4].address, disk_cache::ENTRY_MODIFIED);
-
-  found_entries = index.LookupEntries(hash);
-  EXPECT_EQ(0, found_entries.evicted_count);
-  ASSERT_EQ(4u, found_entries.cells.size());
-
-  index.SetSate(hash, entries[1].address, disk_cache::ENTRY_FREE);
-
-  found_entries = index.LookupEntries(hash);
-  EXPECT_EQ(0, found_entries.evicted_count);
-  ASSERT_EQ(4u, found_entries.cells.size());
-
-  // FindEntryCell should not see deleted entries.
-  EntryCell entry = index.FindEntryCell(hash, entries[0].address);
-  EXPECT_FALSE(entry.IsValid());
-
-  // A free entry is gone.
-  entry = index.FindEntryCell(hash, entries[1].address);
-  EXPECT_FALSE(entry.IsValid());
-
-  // Locate a used entry, and evict it. This is not really a correct operation
-  // in that an existing cell doesn't transition to evicted; instead a new cell
-  // for the evicted entry (on a different block file) should be created. Still,
-  // at least evicted_count would be valid.
-  entry = index.FindEntryCell(hash, entries[2].address);
-  EXPECT_TRUE(entry.IsValid());
-  entry.SetGroup(disk_cache::ENTRY_EVICTED);
-  index.Save(&entry);
-
-  found_entries = index.LookupEntries(hash);
-  EXPECT_EQ(1, found_entries.evicted_count);
-  ASSERT_EQ(4u, found_entries.cells.size());
-
-  // Now use the proper way to get an evicted entry.
-  disk_cache::Addr addr2(disk_cache::BLOCK_EVICTED, 1, 6, 6);  // Any address.
-  entry = index.CreateEntryCell(hash, addr2);
-  EXPECT_TRUE(entry.IsValid());
-  EXPECT_EQ(disk_cache::ENTRY_EVICTED, entry.GetGroup());
-
-  found_entries = index.LookupEntries(hash);
-  EXPECT_EQ(2, found_entries.evicted_count);
-  ASSERT_EQ(5u, found_entries.cells.size());
-}
-
-TEST(DiskCacheIndexTable, Timestamps) {
-  TestCacheTables cache(1024);
-  IndexTableInitData init_data;
-  cache.GetInitData(&init_data);
-
-  IndexTable index(NULL);
-  index.Init(&init_data);
-
-  // The granularity should be 1 minute.
-  int timestamp1 = index.CalculateTimestamp(cache.start_time());
-  int timestamp2 = index.CalculateTimestamp(cache.start_time() +
-                                            base::TimeDelta::FromSeconds(59));
-  EXPECT_EQ(timestamp1, timestamp2);
-
-  int timestamp3 = index.CalculateTimestamp(cache.start_time() +
-                                            base::TimeDelta::FromSeconds(61));
-  EXPECT_EQ(timestamp1 + 1, timestamp3);
-
-  int timestamp4 = index.CalculateTimestamp(cache.start_time() +
-                                            base::TimeDelta::FromSeconds(119));
-  EXPECT_EQ(timestamp1 + 1, timestamp4);
-
-  int timestamp5 = index.CalculateTimestamp(cache.start_time() +
-                                            base::TimeDelta::FromSeconds(121));
-  EXPECT_EQ(timestamp1 + 2, timestamp5);
-
-  int timestamp6 = index.CalculateTimestamp(cache.start_time() -
-                                            base::TimeDelta::FromSeconds(30));
-  EXPECT_EQ(timestamp1 - 1, timestamp6);
-
-  // The base should be 20 days in the past.
-  int timestamp7 = index.CalculateTimestamp(cache.start_time() -
-                                            base::TimeDelta::FromDays(20));
-  int timestamp8 = index.CalculateTimestamp(cache.start_time() -
-                                            base::TimeDelta::FromDays(35));
-  EXPECT_EQ(timestamp7, timestamp8);
-  EXPECT_EQ(0, timestamp8);
-
-  int timestamp9 = index.CalculateTimestamp(cache.start_time() -
-                                            base::TimeDelta::FromDays(19));
-  EXPECT_NE(0, timestamp9);
-}
-
-// Tests GetOldest and GetNextCells.
-TEST(DiskCacheIndexTable, Iterations) {
-  TestCacheTables cache(1024);
-  IndexTableInitData init_data;
-  cache.GetInitData(&init_data);
-
-  IndexTable index(NULL);
-  index.Init(&init_data);
-
-  base::Time time = cache.start_time();
-
-  // Write some entries.
-  disk_cache::CellList entries;
-  for (int i = 0; i < 44; i++) {
-    SCOPED_TRACE(i);
-    uint32_t hash = i;  // The entries will be ordered on the table.
-    disk_cache::Addr addr(disk_cache::BLOCK_ENTRIES, 1, 5, i * 13 + 1);
-    if (i < 10 || i == 40)
-      addr = disk_cache::Addr(disk_cache::BLOCK_EVICTED, 1, 6, i * 13 + 1);
-
-    EntryCell entry = index.CreateEntryCell(hash, addr);
-    EXPECT_TRUE(entry.IsValid());
-
-    disk_cache::CellInfo info = { hash, addr };
-    entries.push_back(info);
-
-    if (i < 10 || i == 40) {
-      // Do nothing. These are ENTRY_EVICTED by default.
-    } else if (i < 20 || i == 41) {
-      entry.SetGroup(disk_cache::ENTRY_HIGH_USE);
-      index.Save(&entry);
-    } else if (i < 30 || i == 42) {
-      entry.SetGroup(disk_cache::ENTRY_LOW_USE);
-      index.Save(&entry);
-    }
-
-    // Entries [30,39] and 43 are marked as ENTRY_NO_USE (the default).
-
-    if (!(i % 10))
-      time += base::TimeDelta::FromMinutes(1);
-
-    index.UpdateTime(hash, addr, time);
-  }
-
-  // Get the oldest entries of each group.
-  disk_cache::IndexIterator no_use, low_use, high_use;
-  index.GetOldest(&no_use, &low_use, &high_use);
-  ASSERT_EQ(10u, no_use.cells.size());
-  ASSERT_EQ(10u, low_use.cells.size());
-  ASSERT_EQ(10u, high_use.cells.size());
-
-  EXPECT_EQ(entries[10].hash, high_use.cells[0].hash);
-  EXPECT_EQ(entries[19].hash, high_use.cells[9].hash);
-  EXPECT_EQ(entries[20].hash, low_use.cells[0].hash);
-  EXPECT_EQ(entries[29].hash, low_use.cells[9].hash);
-  EXPECT_EQ(entries[30].hash, no_use.cells[0].hash);
-  EXPECT_EQ(entries[39].hash, no_use.cells[9].hash);
-
-  // Now start an iteration from the head (most recent entry).
-  disk_cache::IndexIterator iterator;
-  iterator.timestamp = index.CalculateTimestamp(time) + 1;
-  iterator.forward = false;  // Back in time.
-
-  ASSERT_TRUE(index.GetNextCells(&iterator));
-  ASSERT_EQ(3u, iterator.cells.size());
-  EXPECT_EQ(entries[41].hash, iterator.cells[0].hash);
-  EXPECT_EQ(entries[42].hash, iterator.cells[1].hash);
-  EXPECT_EQ(entries[43].hash, iterator.cells[2].hash);
-
-  ASSERT_TRUE(index.GetNextCells(&iterator));
-  ASSERT_EQ(10u, iterator.cells.size());
-  EXPECT_EQ(entries[30].hash, iterator.cells[0].hash);
-  EXPECT_EQ(entries[39].hash, iterator.cells[9].hash);
-
-  ASSERT_TRUE(index.GetNextCells(&iterator));
-  ASSERT_EQ(10u, iterator.cells.size());
-  EXPECT_EQ(entries[20].hash, iterator.cells[0].hash);
-  EXPECT_EQ(entries[29].hash, iterator.cells[9].hash);
-
-  ASSERT_TRUE(index.GetNextCells(&iterator));
-  ASSERT_EQ(10u, iterator.cells.size());
-  EXPECT_EQ(entries[10].hash, iterator.cells[0].hash);
-  EXPECT_EQ(entries[19].hash, iterator.cells[9].hash);
-
-  ASSERT_FALSE(index.GetNextCells(&iterator));
-
-  // Now start an iteration from the tail (oldest entry).
-  iterator.timestamp = 0;
-  iterator.forward = true;
-
-  ASSERT_TRUE(index.GetNextCells(&iterator));
-  ASSERT_EQ(10u, iterator.cells.size());
-  EXPECT_EQ(entries[10].hash, iterator.cells[0].hash);
-  EXPECT_EQ(entries[19].hash, iterator.cells[9].hash);
-
-  ASSERT_TRUE(index.GetNextCells(&iterator));
-  ASSERT_EQ(10u, iterator.cells.size());
-  EXPECT_EQ(entries[20].hash, iterator.cells[0].hash);
-  EXPECT_EQ(entries[29].hash, iterator.cells[9].hash);
-
-  ASSERT_TRUE(index.GetNextCells(&iterator));
-  ASSERT_EQ(10u, iterator.cells.size());
-  EXPECT_EQ(entries[30].hash, iterator.cells[0].hash);
-  EXPECT_EQ(entries[39].hash, iterator.cells[9].hash);
-
-  ASSERT_TRUE(index.GetNextCells(&iterator));
-  ASSERT_EQ(3u, iterator.cells.size());
-  EXPECT_EQ(entries[41].hash, iterator.cells[0].hash);
-  EXPECT_EQ(entries[42].hash, iterator.cells[1].hash);
-  EXPECT_EQ(entries[43].hash, iterator.cells[2].hash);
-}
-
-// Tests doubling of the table.
-TEST(DiskCacheIndexTable, Doubling) {
-  IndexTable index(NULL);
-  int size = 1024;
-  scoped_ptr<TestCacheTables> cache(new TestCacheTables(size));
-  int entry_id = 0;
-  disk_cache::CellList entries;
-
-  // Go from 1024 to 256k cells.
-  for (int resizes = 0; resizes <= 8; resizes++) {
-    scoped_ptr<TestCacheTables> old_cache(std::move(cache));
-    cache.reset(new TestCacheTables(size));
-    cache.get()->CopyFrom(*old_cache.get());
-
-    IndexTableInitData init_data;
-    cache.get()->GetInitData(&init_data);
-    index.Init(&init_data);
-
-    // Write some entries.
-    for (int i = 0; i < 250; i++, entry_id++) {
-      SCOPED_TRACE(entry_id);
-      uint32_t hash = entry_id * i * 321 + entry_id * 13;
-      disk_cache::Addr addr(disk_cache::BLOCK_ENTRIES, 1, 5, entry_id * 17 + 1);
-      EntryCell entry = index.CreateEntryCell(hash, addr);
-      EXPECT_TRUE(entry.IsValid());
-
-      disk_cache::CellInfo info = { hash, addr };
-      entries.push_back(info);
-    }
-    size *= 2;
-  }
-
-  // Access all the entries.
-  for (size_t i = 0; i < entries.size(); i++) {
-    SCOPED_TRACE(i);
-    disk_cache::EntrySet found_entries = index.LookupEntries(entries[i].hash);
-    ASSERT_EQ(1u, found_entries.cells.size());
-    EXPECT_TRUE(found_entries.cells[0].IsValid());
-  }
-}
-
-// Tests bucket chaining when growing the index.
-TEST(DiskCacheIndexTable, BucketChains) {
-  IndexTable index(NULL);
-  int size = 1024;
-  scoped_ptr<TestCacheTables> cache(new TestCacheTables(size));
-  disk_cache::CellList entries;
-
-  IndexTableInitData init_data;
-  cache.get()->GetInitData(&init_data);
-  index.Init(&init_data);
-
-  // Write some entries.
-  for (int i = 0; i < 8; i++) {
-    SCOPED_TRACE(i);
-    uint32_t hash = i * 256;
-    disk_cache::Addr addr(disk_cache::BLOCK_ENTRIES, 1, 5, i * 7 + 1);
-    EntryCell entry = index.CreateEntryCell(hash, addr);
-    EXPECT_TRUE(entry.IsValid());
-
-    disk_cache::CellInfo info = { hash, addr };
-    entries.push_back(info);
-  }
-
-  // Double the size.
-  scoped_ptr<TestCacheTables> old_cache(std::move(cache));
-  cache.reset(new TestCacheTables(size * 2));
-  cache.get()->CopyFrom(*old_cache.get());
-
-  cache.get()->GetInitData(&init_data);
-  index.Init(&init_data);
-
-  // Write more entries, starting with the upper half of the table.
-  for (int i = 9; i < 11; i++) {
-    SCOPED_TRACE(i);
-    uint32_t hash = i * 256;
-    disk_cache::Addr addr(disk_cache::BLOCK_ENTRIES, 1, 5, i * 7 + 1);
-    EntryCell entry = index.CreateEntryCell(hash, addr);
-    EXPECT_TRUE(entry.IsValid());
-
-    disk_cache::CellInfo info = { hash, addr };
-    entries.push_back(info);
-  }
-
-  // Access all the entries.
-  for (size_t i = 0; i < entries.size(); i++) {
-    SCOPED_TRACE(i);
-    disk_cache::EntrySet found_entries = index.LookupEntries(entries[i].hash);
-    ASSERT_EQ(1u, found_entries.cells.size());
-    EXPECT_TRUE(found_entries.cells[0].IsValid());
-  }
-}
-
-// Tests that GrowIndex is called.
-TEST(DiskCacheIndexTable, GrowIndex) {
-  TestCacheTables cache(1024);
-  IndexTableInitData init_data;
-  cache.GetInitData(&init_data);
-  MockIndexBackend backend;
-
-  IndexTable index(&backend);
-  index.Init(&init_data);
-
-  // Write some entries.
-  for (int i = 0; i < 512; i++) {
-    SCOPED_TRACE(i);
-    uint32_t hash = 0;
-    disk_cache::Addr addr(disk_cache::BLOCK_ENTRIES, 1, 5, i + 1);
-    EntryCell entry = index.CreateEntryCell(hash, addr);
-    EXPECT_TRUE(entry.IsValid());
-  }
-
-  EXPECT_TRUE(backend.grow_called());
-}
-
-TEST(DiskCacheIndexTable, SaveIndex) {
-  TestCacheTables cache(1024);
-  IndexTableInitData init_data;
-  cache.GetInitData(&init_data);
-  MockIndexBackend backend;
-
-  IndexTable index(&backend);
-  index.Init(&init_data);
-
-  uint32_t hash = 0;
-  disk_cache::Addr addr(disk_cache::BLOCK_ENTRIES, 1, 5, 6);
-  EntryCell entry = index.CreateEntryCell(hash, addr);
-  EXPECT_TRUE(entry.IsValid());
-
-  index.OnBackupTimer();
-  int expected = (1024 + 512) / 8 + sizeof(disk_cache::IndexHeaderV3);
-  EXPECT_EQ(expected, backend.buffer_len());
-}
diff --git a/chromium/net/disk_cache/blockfile/mapped_file.cc b/chromium/net/disk_cache/blockfile/mapped_file.cc
index d26cead89aa..571f21fed16 100644
--- a/chromium/net/disk_cache/blockfile/mapped_file.cc
+++ b/chromium/net/disk_cache/blockfile/mapped_file.cc
@@ -5,8 +5,7 @@
 #include "net/disk_cache/blockfile/mapped_file.h"
 
 #include <algorithm>
-
-#include "base/memory/scoped_ptr.h"
+#include <memory>
 
 namespace disk_cache {
 
@@ -38,7 +37,7 @@ bool MappedFile::Store(const FileBlock* block,
 
 bool MappedFile::Preload() {
   size_t file_len = GetLength();
-  scoped_ptr<char[]> buf(new char[file_len]);
+  std::unique_ptr<char[]> buf(new char[file_len]);
   if (!Read(buf.get(), file_len, 0))
     return false;
   return true;
diff --git a/chromium/net/disk_cache/blockfile/mapped_file_posix.cc b/chromium/net/disk_cache/blockfile/mapped_file_posix.cc
index 5ff2824fca6..99cf49c1890 100644
--- a/chromium/net/disk_cache/blockfile/mapped_file_posix.cc
+++ b/chromium/net/disk_cache/blockfile/mapped_file_posix.cc
@@ -31,7 +31,7 @@ void* MappedFile::Init(const base::FilePath& name, size_t size) {
     buffer_ = 0;
 
   // Make sure we detect hardware failures reading the headers.
-  scoped_ptr<char[]> temp(new char[temp_len]);
+  std::unique_ptr<char[]> temp(new char[temp_len]);
   if (!Read(temp.get(), temp_len, 0))
     return NULL;
 
diff --git a/chromium/net/disk_cache/blockfile/mapped_file_win.cc b/chromium/net/disk_cache/blockfile/mapped_file_win.cc
index d725238e32e..9a128a36d0e 100644
--- a/chromium/net/disk_cache/blockfile/mapped_file_win.cc
+++ b/chromium/net/disk_cache/blockfile/mapped_file_win.cc
@@ -4,9 +4,10 @@
 
 #include "net/disk_cache/blockfile/mapped_file.h"
 
+#include <memory>
+
 #include "base/files/file_path.h"
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/disk_cache/disk_cache.h"
 
 namespace disk_cache {
@@ -29,7 +30,7 @@ void* MappedFile::Init(const base::FilePath& name, size_t size) {
 
   // Make sure we detect hardware failures reading the headers.
   size_t temp_len = size ? size : 4096;
-  scoped_ptr<char[]> temp(new char[temp_len]);
+  std::unique_ptr<char[]> temp(new char[temp_len]);
   if (!Read(temp.get(), temp_len, 0))
     return NULL;
 
diff --git a/chromium/net/disk_cache/blockfile/rankings.cc b/chromium/net/disk_cache/blockfile/rankings.cc
index 387950f3567..c5593508ab4 100644
--- a/chromium/net/disk_cache/blockfile/rankings.cc
+++ b/chromium/net/disk_cache/blockfile/rankings.cc
@@ -202,9 +202,9 @@ Rankings::ScopedRankingsBlock::ScopedRankingsBlock() : rankings_(NULL) {}
 Rankings::ScopedRankingsBlock::ScopedRankingsBlock(Rankings* rankings)
     : rankings_(rankings) {}
 
-Rankings::ScopedRankingsBlock::ScopedRankingsBlock(
-    Rankings* rankings, CacheRankingsBlock* node)
-    : scoped_ptr<CacheRankingsBlock>(node), rankings_(rankings) {}
+Rankings::ScopedRankingsBlock::ScopedRankingsBlock(Rankings* rankings,
+                                                   CacheRankingsBlock* node)
+    : std::unique_ptr<CacheRankingsBlock>(node), rankings_(rankings) {}
 
 Rankings::Iterator::Iterator() {
   memset(this, 0, sizeof(Iterator));
@@ -542,8 +542,8 @@ bool Rankings::SanityCheck(CacheRankingsBlock* node, bool from_list) const {
 
   Addr next_addr(data->next);
   Addr prev_addr(data->prev);
-  if (!next_addr.SanityCheckV2() || next_addr.file_type() != RANKINGS ||
-      !prev_addr.SanityCheckV2() || prev_addr.file_type() != RANKINGS)
+  if (!next_addr.SanityCheck() || next_addr.file_type() != RANKINGS ||
+      !prev_addr.SanityCheck() || prev_addr.file_type() != RANKINGS)
     return false;
 
   return true;
@@ -827,7 +827,7 @@ int Rankings::CheckListSection(List list, Addr end1, Addr end2, bool forward,
   if (!current.SanityCheckForRankings())
     return ERR_INVALID_HEAD;
 
-  scoped_ptr<CacheRankingsBlock> node;
+  std::unique_ptr<CacheRankingsBlock> node;
   Addr prev_addr(current);
   do {
     node.reset(new CacheRankingsBlock(backend_->File(current), current));
diff --git a/chromium/net/disk_cache/blockfile/rankings.h b/chromium/net/disk_cache/blockfile/rankings.h
index 637f6a564d6..66ba7b87603 100644
--- a/chromium/net/disk_cache/blockfile/rankings.h
+++ b/chromium/net/disk_cache/blockfile/rankings.h
@@ -8,9 +8,9 @@
 #define NET_DISK_CACHE_BLOCKFILE_RANKINGS_H_
 
 #include <list>
+#include <memory>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/disk_cache/blockfile/addr.h"
 #include "net/disk_cache/blockfile/mapped_file.h"
 #include "net/disk_cache/blockfile/storage_block.h"
@@ -66,7 +66,7 @@ class Rankings {
   // This class provides a specialized version of scoped_ptr, that calls
   // Rankings whenever a CacheRankingsBlock is deleted, to keep track of cache
   // iterators that may go stale.
-  class ScopedRankingsBlock : public scoped_ptr<CacheRankingsBlock> {
+  class ScopedRankingsBlock : public std::unique_ptr<CacheRankingsBlock> {
    public:
     ScopedRankingsBlock();
     explicit ScopedRankingsBlock(Rankings* rankings);
@@ -84,7 +84,7 @@ class Rankings {
     void reset(CacheRankingsBlock* p = NULL) {
       if (p != get())
         rankings_->FreeRankingsBlock(get());
-      scoped_ptr<CacheRankingsBlock>::reset(p);
+      std::unique_ptr<CacheRankingsBlock>::reset(p);
     }
 
    private:
diff --git a/chromium/net/disk_cache/blockfile/sparse_control.cc b/chromium/net/disk_cache/blockfile/sparse_control.cc
index 1de0d60cd11..62c2996cf26 100644
--- a/chromium/net/disk_cache/blockfile/sparse_control.cc
+++ b/chromium/net/disk_cache/blockfile/sparse_control.cc
@@ -14,7 +14,7 @@
 #include "base/single_thread_task_runner.h"
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/time/time.h"
 #include "net/base/io_buffer.h"
 #include "net/base/net_errors.h"
@@ -79,7 +79,7 @@ class ChildrenDeleter
   std::string name_;
   disk_cache::Bitmap children_map_;
   int64_t signature_;
-  scoped_ptr<char[]> buffer_;
+  std::unique_ptr<char[]> buffer_;
   DISALLOW_COPY_AND_ASSIGN(ChildrenDeleter);
 };
 
diff --git a/chromium/net/disk_cache/blockfile/sparse_control_v3.cc b/chromium/net/disk_cache/blockfile/sparse_control_v3.cc
deleted file mode 100644
index 82a322122a0..00000000000
--- a/chromium/net/disk_cache/blockfile/sparse_control_v3.cc
+++ /dev/null
@@ -1,873 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "net/disk_cache/blockfile/sparse_control.h"
-
-#include "base/bind.h"
-#include "base/format_macros.h"
-#include "base/logging.h"
-#include "base/macros.h"
-#include "base/message_loop/message_loop.h"
-#include "base/strings/string_util.h"
-#include "base/strings/stringprintf.h"
-#include "base/time/time.h"
-#include "net/base/io_buffer.h"
-#include "net/base/net_errors.h"
-#include "net/disk_cache/blockfile/backend_impl.h"
-#include "net/disk_cache/blockfile/entry_impl.h"
-#include "net/disk_cache/blockfile/file.h"
-#include "net/disk_cache/net_log_parameters.h"
-
-using base::Time;
-
-namespace {
-
-// Stream of the sparse data index.
-const int kSparseIndex = 2;
-
-// Stream of the sparse data.
-const int kSparseData = 1;
-
-// We can have up to 64k children.
-const int kMaxMapSize = 8 * 1024;
-
-// The maximum number of bytes that a child can store.
-const int kMaxEntrySize = 0x100000;
-
-// The size of each data block (tracked by the child allocation bitmap).
-const int kBlockSize = 1024;
-
-// Returns the name of a child entry given the base_name and signature of the
-// parent and the child_id.
-// If the entry is called entry_name, child entries will be named something
-// like Range_entry_name:XXX:YYY where XXX is the entry signature and YYY is the
-// number of the particular child.
-std::string GenerateChildName(const std::string& base_name,
-                              int64_t signature,
-                              int64_t child_id) {
-  return base::StringPrintf("Range_%s:%" PRIx64 ":%" PRIx64, base_name.c_str(),
-                            signature, child_id);
-}
-
-// This class deletes the children of a sparse entry.
-class ChildrenDeleter
-    : public base::RefCounted<ChildrenDeleter>,
-      public disk_cache::FileIOCallback {
- public:
-  ChildrenDeleter(disk_cache::BackendImpl* backend, const std::string& name)
-      : backend_(backend->GetWeakPtr()), name_(name), signature_(0) {}
-
-  void OnFileIOComplete(int bytes_copied) override;
-
-  // Two ways of deleting the children: if we have the children map, use Start()
-  // directly, otherwise pass the data address to ReadData().
-  void Start(char* buffer, int len);
-  void ReadData(disk_cache::Addr address, int len);
-
- private:
-  friend class base::RefCounted<ChildrenDeleter>;
-  ~ChildrenDeleter() override {}
-
-  void DeleteChildren();
-
-  base::WeakPtr<disk_cache::BackendImpl> backend_;
-  std::string name_;
-  disk_cache::Bitmap children_map_;
-  int64_t signature_;
-  scoped_ptr<char[]> buffer_;
-  DISALLOW_COPY_AND_ASSIGN(ChildrenDeleter);
-};
-
-// This is the callback of the file operation.
-void ChildrenDeleter::OnFileIOComplete(int bytes_copied) {
-  char* buffer = buffer_.release();
-  Start(buffer, bytes_copied);
-}
-
-void ChildrenDeleter::Start(char* buffer, int len) {
-  buffer_.reset(buffer);
-  if (len < static_cast<int>(sizeof(disk_cache::SparseData)))
-    return Release();
-
-  // Just copy the information from |buffer|, delete |buffer| and start deleting
-  // the child entries.
-  disk_cache::SparseData* data =
-      reinterpret_cast<disk_cache::SparseData*>(buffer);
-  signature_ = data->header.signature;
-
-  int num_bits = (len - sizeof(disk_cache::SparseHeader)) * 8;
-  children_map_.Resize(num_bits, false);
-  children_map_.SetMap(data->bitmap, num_bits / 32);
-  buffer_.reset();
-
-  DeleteChildren();
-}
-
-void ChildrenDeleter::ReadData(disk_cache::Addr address, int len) {
-  DCHECK(address.is_block_file());
-  if (!backend_)
-    return Release();
-
-  disk_cache::File* file(backend_->File(address));
-  if (!file)
-    return Release();
-
-  size_t file_offset = address.start_block() * address.BlockSize() +
-                       disk_cache::kBlockHeaderSize;
-
-  buffer_.reset(new char[len]);
-  bool completed;
-  if (!file->Read(buffer_.get(), len, file_offset, this, &completed))
-    return Release();
-
-  if (completed)
-    OnFileIOComplete(len);
-
-  // And wait until OnFileIOComplete gets called.
-}
-
-void ChildrenDeleter::DeleteChildren() {
-  int child_id = 0;
-  if (!children_map_.FindNextSetBit(&child_id) || !backend_) {
-    // We are done. Just delete this object.
-    return Release();
-  }
-  std::string child_name = GenerateChildName(name_, signature_, child_id);
-  backend_->SyncDoomEntry(child_name);
-  children_map_.Set(child_id, false);
-
-  // Post a task to delete the next child.
-  base::MessageLoop::current()->PostTask(
-      FROM_HERE, base::Bind(&ChildrenDeleter::DeleteChildren, this));
-}
-
-// -----------------------------------------------------------------------
-
-// Returns the NetLog event type corresponding to a SparseOperation.
-net::NetLog::EventType GetSparseEventType(
-    disk_cache::SparseControl::SparseOperation operation) {
-  switch (operation) {
-    case disk_cache::SparseControl::kReadOperation:
-      return net::NetLog::TYPE_SPARSE_READ;
-    case disk_cache::SparseControl::kWriteOperation:
-      return net::NetLog::TYPE_SPARSE_WRITE;
-    case disk_cache::SparseControl::kGetRangeOperation:
-      return net::NetLog::TYPE_SPARSE_GET_RANGE;
-    default:
-      NOTREACHED();
-      return net::NetLog::TYPE_CANCELLED;
-  }
-}
-
-// Logs the end event for |operation| on a child entry.  Range operations log
-// no events for each child they search through.
-void LogChildOperationEnd(const net::BoundNetLog& net_log,
-                          disk_cache::SparseControl::SparseOperation operation,
-                          int result) {
-  if (net_log.IsCapturing()) {
-    net::NetLog::EventType event_type;
-    switch (operation) {
-      case disk_cache::SparseControl::kReadOperation:
-        event_type = net::NetLog::TYPE_SPARSE_READ_CHILD_DATA;
-        break;
-      case disk_cache::SparseControl::kWriteOperation:
-        event_type = net::NetLog::TYPE_SPARSE_WRITE_CHILD_DATA;
-        break;
-      case disk_cache::SparseControl::kGetRangeOperation:
-        return;
-      default:
-        NOTREACHED();
-        return;
-    }
-    net_log.EndEventWithNetErrorCode(event_type, result);
-  }
-}
-
-}  // namespace.
-
-namespace disk_cache {
-
-SparseControl::SparseControl(EntryImpl* entry)
-    : entry_(entry),
-      child_(NULL),
-      operation_(kNoOperation),
-      pending_(false),
-      finished_(false),
-      init_(false),
-      range_found_(false),
-      abort_(false),
-      child_map_(child_data_.bitmap, kNumSparseBits, kNumSparseBits / 32),
-      offset_(0),
-      buf_len_(0),
-      child_offset_(0),
-      child_len_(0),
-      result_(0) {
-  memset(&sparse_header_, 0, sizeof(sparse_header_));
-  memset(&child_data_, 0, sizeof(child_data_));
-}
-
-SparseControl::~SparseControl() {
-  if (child_)
-    CloseChild();
-  if (init_)
-    WriteSparseData();
-}
-
-bool SparseControl::CouldBeSparse() const {
-  DCHECK(!init_);
-
-  if (entry_->GetDataSize(kSparseData))
-    return false;
-
-  // We don't verify the data, just see if it could be there.
-  return (entry_->GetDataSize(kSparseIndex) != 0);
-}
-
-int SparseControl::StartIO(SparseOperation op,
-                           int64_t offset,
-                           net::IOBuffer* buf,
-                           int buf_len,
-                           const CompletionCallback& callback) {
-  DCHECK(init_);
-  // We don't support simultaneous IO for sparse data.
-  if (operation_ != kNoOperation)
-    return net::ERR_CACHE_OPERATION_NOT_SUPPORTED;
-
-  if (offset < 0 || buf_len < 0)
-    return net::ERR_INVALID_ARGUMENT;
-
-  // We only support up to 64 GB.
-  if (offset + buf_len >= 0x1000000000LL || offset + buf_len < 0)
-    return net::ERR_CACHE_OPERATION_NOT_SUPPORTED;
-
-  DCHECK(!user_buf_);
-  DCHECK(user_callback_.is_null());
-
-  if (!buf && (op == kReadOperation || op == kWriteOperation))
-    return 0;
-
-  // Copy the operation parameters.
-  operation_ = op;
-  offset_ = offset;
-  user_buf_ = buf ? new net::DrainableIOBuffer(buf, buf_len) : NULL;
-  buf_len_ = buf_len;
-  user_callback_ = callback;
-
-  result_ = 0;
-  pending_ = false;
-  finished_ = false;
-  abort_ = false;
-
-  if (entry_->net_log().IsCapturing()) {
-    entry_->net_log().BeginEvent(
-        GetSparseEventType(operation_),
-        CreateNetLogSparseOperationCallback(offset_, buf_len_));
-  }
-  DoChildrenIO();
-
-  if (!pending_) {
-    // Everything was done synchronously.
-    operation_ = kNoOperation;
-    user_buf_ = NULL;
-    user_callback_.Reset();
-    return result_;
-  }
-
-  return net::ERR_IO_PENDING;
-}
-
-int SparseControl::GetAvailableRange(int64_t offset, int len, int64_t* start) {
-  DCHECK(init_);
-  // We don't support simultaneous IO for sparse data.
-  if (operation_ != kNoOperation)
-    return net::ERR_CACHE_OPERATION_NOT_SUPPORTED;
-
-  DCHECK(start);
-
-  range_found_ = false;
-  int result = StartIO(
-      kGetRangeOperation, offset, NULL, len, CompletionCallback());
-  if (range_found_) {
-    *start = offset_;
-    return result;
-  }
-
-  // This is a failure. We want to return a valid start value in any case.
-  *start = offset;
-  return result < 0 ? result : 0;  // Don't mask error codes to the caller.
-}
-
-void SparseControl::CancelIO() {
-  if (operation_ == kNoOperation)
-    return;
-  abort_ = true;
-}
-
-int SparseControl::ReadyToUse(const CompletionCallback& callback) {
-  if (!abort_)
-    return net::OK;
-
-  // We'll grab another reference to keep this object alive because we just have
-  // one extra reference due to the pending IO operation itself, but we'll
-  // release that one before invoking user_callback_.
-  entry_->AddRef();  // Balanced in DoAbortCallbacks.
-  abort_callbacks_.push_back(callback);
-  return net::ERR_IO_PENDING;
-}
-
-// Static
-void SparseControl::DeleteChildren(EntryImpl* entry) {
-  DCHECK(entry->GetEntryFlags() & PARENT_ENTRY);
-  int data_len = entry->GetDataSize(kSparseIndex);
-  if (data_len < static_cast<int>(sizeof(SparseData)) ||
-      entry->GetDataSize(kSparseData))
-    return;
-
-  int map_len = data_len - sizeof(SparseHeader);
-  if (map_len > kMaxMapSize || map_len % 4)
-    return;
-
-  char* buffer;
-  Addr address;
-  entry->GetData(kSparseIndex, &buffer, &address);
-  if (!buffer && !address.is_initialized())
-    return;
-
-  entry->net_log().AddEvent(net::NetLog::TYPE_SPARSE_DELETE_CHILDREN);
-
-  DCHECK(entry->backend_);
-  ChildrenDeleter* deleter = new ChildrenDeleter(entry->backend_.get(),
-                                                 entry->GetKey());
-  // The object will self destruct when finished.
-  deleter->AddRef();
-
-  if (buffer) {
-    base::MessageLoop::current()->PostTask(
-        FROM_HERE,
-        base::Bind(&ChildrenDeleter::Start, deleter, buffer, data_len));
-  } else {
-    base::MessageLoop::current()->PostTask(
-        FROM_HERE,
-        base::Bind(&ChildrenDeleter::ReadData, deleter, address, data_len));
-  }
-}
-
-// -----------------------------------------------------------------------
-
-int SparseControl::Init() {
-  DCHECK(!init_);
-
-  // We should not have sparse data for the exposed entry.
-  if (entry_->GetDataSize(kSparseData))
-    return net::ERR_CACHE_OPERATION_NOT_SUPPORTED;
-
-  // Now see if there is something where we store our data.
-  int rv = net::OK;
-  int data_len = entry_->GetDataSize(kSparseIndex);
-  if (!data_len) {
-    rv = CreateSparseEntry();
-  } else {
-    rv = OpenSparseEntry(data_len);
-  }
-
-  if (rv == net::OK)
-    init_ = true;
-  return rv;
-}
-
-// We are going to start using this entry to store sparse data, so we have to
-// initialize our control info.
-int SparseControl::CreateSparseEntry() {
-  if (CHILD_ENTRY & entry_->GetEntryFlags())
-    return net::ERR_CACHE_OPERATION_NOT_SUPPORTED;
-
-  memset(&sparse_header_, 0, sizeof(sparse_header_));
-  sparse_header_.signature = Time::Now().ToInternalValue();
-  sparse_header_.magic = kIndexMagic;
-  sparse_header_.parent_key_len = entry_->GetKey().size();
-  children_map_.Resize(kNumSparseBits, true);
-
-  // Save the header. The bitmap is saved in the destructor.
-  scoped_refptr<net::IOBuffer> buf(
-      new net::WrappedIOBuffer(reinterpret_cast<char*>(&sparse_header_)));
-
-  int rv = entry_->WriteData(kSparseIndex, 0, buf.get(), sizeof(sparse_header_),
-                             CompletionCallback(), false);
-  if (rv != sizeof(sparse_header_)) {
-    DLOG(ERROR) << "Unable to save sparse_header_";
-    return net::ERR_CACHE_OPERATION_NOT_SUPPORTED;
-  }
-
-  entry_->SetEntryFlags(PARENT_ENTRY);
-  return net::OK;
-}
-
-// We are opening an entry from disk. Make sure that our control data is there.
-int SparseControl::OpenSparseEntry(int data_len) {
-  if (data_len < static_cast<int>(sizeof(SparseData)))
-    return net::ERR_CACHE_OPERATION_NOT_SUPPORTED;
-
-  if (entry_->GetDataSize(kSparseData))
-    return net::ERR_CACHE_OPERATION_NOT_SUPPORTED;
-
-  if (!(PARENT_ENTRY & entry_->GetEntryFlags()))
-    return net::ERR_CACHE_OPERATION_NOT_SUPPORTED;
-
-  // Dont't go over board with the bitmap. 8 KB gives us offsets up to 64 GB.
-  int map_len = data_len - sizeof(sparse_header_);
-  if (map_len > kMaxMapSize || map_len % 4)
-    return net::ERR_CACHE_OPERATION_NOT_SUPPORTED;
-
-  scoped_refptr<net::IOBuffer> buf(
-      new net::WrappedIOBuffer(reinterpret_cast<char*>(&sparse_header_)));
-
-  // Read header.
-  int rv = entry_->ReadData(kSparseIndex, 0, buf.get(), sizeof(sparse_header_),
-                            CompletionCallback());
-  if (rv != static_cast<int>(sizeof(sparse_header_)))
-    return net::ERR_CACHE_READ_FAILURE;
-
-  // The real validation should be performed by the caller. This is just to
-  // double check.
-  if (sparse_header_.magic != kIndexMagic ||
-      sparse_header_.parent_key_len !=
-          static_cast<int>(entry_->GetKey().size()))
-    return net::ERR_CACHE_OPERATION_NOT_SUPPORTED;
-
-  // Read the actual bitmap.
-  buf = new net::IOBuffer(map_len);
-  rv = entry_->ReadData(kSparseIndex, sizeof(sparse_header_), buf.get(),
-                        map_len, CompletionCallback());
-  if (rv != map_len)
-    return net::ERR_CACHE_READ_FAILURE;
-
-  // Grow the bitmap to the current size and copy the bits.
-  children_map_.Resize(map_len * 8, false);
-  children_map_.SetMap(reinterpret_cast<uint32_t*>(buf->data()), map_len);
-  return net::OK;
-}
-
-bool SparseControl::OpenChild() {
-  DCHECK_GE(result_, 0);
-
-  std::string key = GenerateChildKey();
-  if (child_) {
-    // Keep using the same child or open another one?.
-    if (key == child_->GetKey())
-      return true;
-    CloseChild();
-  }
-
-  // See if we are tracking this child.
-  if (!ChildPresent())
-    return ContinueWithoutChild(key);
-
-  if (!entry_->backend_)
-    return false;
-
-  child_ = entry_->backend_->OpenEntryImpl(key);
-  if (!child_)
-    return ContinueWithoutChild(key);
-
-  EntryImpl* child = static_cast<EntryImpl*>(child_);
-  if (!(CHILD_ENTRY & child->GetEntryFlags()) ||
-      child->GetDataSize(kSparseIndex) <
-          static_cast<int>(sizeof(child_data_)))
-    return KillChildAndContinue(key, false);
-
-  scoped_refptr<net::WrappedIOBuffer> buf(
-      new net::WrappedIOBuffer(reinterpret_cast<char*>(&child_data_)));
-
-  // Read signature.
-  int rv = child_->ReadData(kSparseIndex, 0, buf.get(), sizeof(child_data_),
-                            CompletionCallback());
-  if (rv != sizeof(child_data_))
-    return KillChildAndContinue(key, true);  // This is a fatal failure.
-
-  if (child_data_.header.signature != sparse_header_.signature ||
-      child_data_.header.magic != kIndexMagic)
-    return KillChildAndContinue(key, false);
-
-  if (child_data_.header.last_block_len < 0 ||
-      child_data_.header.last_block_len > kBlockSize) {
-    // Make sure these values are always within range.
-    child_data_.header.last_block_len = 0;
-    child_data_.header.last_block = -1;
-  }
-
-  return true;
-}
-
-void SparseControl::CloseChild() {
-  scoped_refptr<net::WrappedIOBuffer> buf(
-      new net::WrappedIOBuffer(reinterpret_cast<char*>(&child_data_)));
-
-  // Save the allocation bitmap before closing the child entry.
-  int rv = child_->WriteData(kSparseIndex, 0, buf.get(), sizeof(child_data_),
-                             CompletionCallback(),
-      false);
-  if (rv != sizeof(child_data_))
-    DLOG(ERROR) << "Failed to save child data";
-  child_->Release();
-  child_ = NULL;
-}
-
-// We were not able to open this child; see what we can do.
-bool SparseControl::ContinueWithoutChild(const std::string& key) {
-  if (kReadOperation == operation_)
-    return false;
-  if (kGetRangeOperation == operation_)
-    return true;
-
-  if (!entry_->backend_)
-    return false;
-
-  child_ = entry_->backend_->CreateEntryImpl(key);
-  if (!child_) {
-    child_ = NULL;
-    result_ = net::ERR_CACHE_READ_FAILURE;
-    return false;
-  }
-  // Write signature.
-  InitChildData();
-  return true;
-}
-
-void SparseControl::WriteSparseData() {
-  scoped_refptr<net::IOBuffer> buf(new net::WrappedIOBuffer(
-      reinterpret_cast<const char*>(children_map_.GetMap())));
-
-  int len = children_map_.ArraySize() * 4;
-  int rv = entry_->WriteData(kSparseIndex, sizeof(sparse_header_), buf.get(),
-                             len, CompletionCallback(), false);
-  if (rv != len) {
-    DLOG(ERROR) << "Unable to save sparse map";
-  }
-}
-
-bool SparseControl::DoChildIO() {
-  finished_ = true;
-  if (!buf_len_ || result_ < 0)
-    return false;
-
-  if (!OpenChild())
-    return false;
-
-  if (!VerifyRange())
-    return false;
-
-  // We have more work to do. Let's not trigger a callback to the caller.
-  finished_ = false;
-  CompletionCallback callback;
-  if (!user_callback_.is_null()) {
-    callback =
-        base::Bind(&SparseControl::OnChildIOCompleted, base::Unretained(this));
-  }
-
-  int rv = 0;
-  switch (operation_) {
-    case kReadOperation:
-      if (entry_->net_log().IsCapturing()) {
-        entry_->net_log().BeginEvent(
-            net::NetLog::TYPE_SPARSE_READ_CHILD_DATA,
-            CreateNetLogSparseReadWriteCallback(child_->net_log().source(),
-                                                child_len_));
-      }
-      rv = child_->ReadDataImpl(kSparseData, child_offset_, user_buf_.get(),
-                                child_len_, callback);
-      break;
-    case kWriteOperation:
-      if (entry_->net_log().IsCapturing()) {
-        entry_->net_log().BeginEvent(
-            net::NetLog::TYPE_SPARSE_WRITE_CHILD_DATA,
-            CreateNetLogSparseReadWriteCallback(child_->net_log().source(),
-                                                child_len_));
-      }
-      rv = child_->WriteDataImpl(kSparseData, child_offset_, user_buf_.get(),
-                                 child_len_, callback, false);
-      break;
-    case kGetRangeOperation:
-      rv = DoGetAvailableRange();
-      break;
-    default:
-      NOTREACHED();
-  }
-
-  if (rv == net::ERR_IO_PENDING) {
-    if (!pending_) {
-      pending_ = true;
-      // The child will protect himself against closing the entry while IO is in
-      // progress. However, this entry can still be closed, and that would not
-      // be a good thing for us, so we increase the refcount until we're
-      // finished doing sparse stuff.
-      entry_->AddRef();  // Balanced in DoUserCallback.
-    }
-    return false;
-  }
-  if (!rv)
-    return false;
-
-  DoChildIOCompleted(rv);
-  return true;
-}
-
-void SparseControl::DoChildIOCompleted(int result) {
-  LogChildOperationEnd(entry_->net_log(), operation_, result);
-  if (result < 0) {
-    // We fail the whole operation if we encounter an error.
-    result_ = result;
-    return;
-  }
-
-  UpdateRange(result);
-
-  result_ += result;
-  offset_ += result;
-  buf_len_ -= result;
-
-  // We'll be reusing the user provided buffer for the next chunk.
-  if (buf_len_ && user_buf_)
-    user_buf_->DidConsume(result);
-}
-
-std::string SparseControl::GenerateChildKey() {
-  return GenerateChildName(entry_->GetKey(), sparse_header_.signature,
-                           offset_ >> 20);
-}
-
-// We are deleting the child because something went wrong.
-bool SparseControl::KillChildAndContinue(const std::string& key, bool fatal) {
-  SetChildBit(false);
-  child_->DoomImpl();
-  child_->Release();
-  child_ = NULL;
-  if (fatal) {
-    result_ = net::ERR_CACHE_READ_FAILURE;
-    return false;
-  }
-  return ContinueWithoutChild(key);
-}
-
-bool SparseControl::ChildPresent() {
-  int child_bit = static_cast<int>(offset_ >> 20);
-  if (children_map_.Size() <= child_bit)
-    return false;
-
-  return children_map_.Get(child_bit);
-}
-
-void SparseControl::SetChildBit(bool value) {
-  int child_bit = static_cast<int>(offset_ >> 20);
-
-  // We may have to increase the bitmap of child entries.
-  if (children_map_.Size() <= child_bit)
-    children_map_.Resize(Bitmap::RequiredArraySize(child_bit + 1) * 32, true);
-
-  children_map_.Set(child_bit, value);
-}
-
-bool SparseControl::VerifyRange() {
-  DCHECK_GE(result_, 0);
-
-  child_offset_ = static_cast<int>(offset_) & (kMaxEntrySize - 1);
-  child_len_ = std::min(buf_len_, kMaxEntrySize - child_offset_);
-
-  // We can write to (or get info from) anywhere in this child.
-  if (operation_ != kReadOperation)
-    return true;
-
-  // Check that there are no holes in this range.
-  int last_bit = (child_offset_ + child_len_ + 1023) >> 10;
-  int start = child_offset_ >> 10;
-  if (child_map_.FindNextBit(&start, last_bit, false)) {
-    // Something is not here.
-    DCHECK_GE(child_data_.header.last_block_len, 0);
-    DCHECK_LT(child_data_.header.last_block_len, kMaxEntrySize);
-    int partial_block_len = PartialBlockLength(start);
-    if (start == child_offset_ >> 10) {
-      // It looks like we don't have anything.
-      if (partial_block_len <= (child_offset_ & (kBlockSize - 1)))
-        return false;
-    }
-
-    // We have the first part.
-    child_len_ = (start << 10) - child_offset_;
-    if (partial_block_len) {
-      // We may have a few extra bytes.
-      child_len_ = std::min(child_len_ + partial_block_len, buf_len_);
-    }
-    // There is no need to read more after this one.
-    buf_len_ = child_len_;
-  }
-  return true;
-}
-
-void SparseControl::UpdateRange(int result) {
-  if (result <= 0 || operation_ != kWriteOperation)
-    return;
-
-  DCHECK_GE(child_data_.header.last_block_len, 0);
-  DCHECK_LT(child_data_.header.last_block_len, kMaxEntrySize);
-
-  // Write the bitmap.
-  int first_bit = child_offset_ >> 10;
-  int block_offset = child_offset_ & (kBlockSize - 1);
-  if (block_offset && (child_data_.header.last_block != first_bit ||
-                       child_data_.header.last_block_len < block_offset)) {
-    // The first block is not completely filled; ignore it.
-    first_bit++;
-  }
-
-  int last_bit = (child_offset_ + result) >> 10;
-  block_offset = (child_offset_ + result) & (kBlockSize - 1);
-
-  // This condition will hit with the following criteria:
-  // 1. The first byte doesn't follow the last write.
-  // 2. The first byte is in the middle of a block.
-  // 3. The first byte and the last byte are in the same block.
-  if (first_bit > last_bit)
-    return;
-
-  if (block_offset && !child_map_.Get(last_bit)) {
-    // The last block is not completely filled; save it for later.
-    child_data_.header.last_block = last_bit;
-    child_data_.header.last_block_len = block_offset;
-  } else {
-    child_data_.header.last_block = -1;
-  }
-
-  child_map_.SetRange(first_bit, last_bit, true);
-}
-
-int SparseControl::PartialBlockLength(int block_index) const {
-  if (block_index == child_data_.header.last_block)
-    return child_data_.header.last_block_len;
-
-  // This may be the last stored index.
-  int entry_len = child_->GetDataSize(kSparseData);
-  if (block_index == entry_len >> 10)
-    return entry_len & (kBlockSize - 1);
-
-  // This is really empty.
-  return 0;
-}
-
-void SparseControl::InitChildData() {
-  // We know the real type of child_.
-  EntryImpl* child = static_cast<EntryImpl*>(child_);
-  child->SetEntryFlags(CHILD_ENTRY);
-
-  memset(&child_data_, 0, sizeof(child_data_));
-  child_data_.header = sparse_header_;
-
-  scoped_refptr<net::WrappedIOBuffer> buf(
-      new net::WrappedIOBuffer(reinterpret_cast<char*>(&child_data_)));
-
-  int rv = child_->WriteData(kSparseIndex, 0, buf.get(), sizeof(child_data_),
-                             CompletionCallback(), false);
-  if (rv != sizeof(child_data_))
-    DLOG(ERROR) << "Failed to save child data";
-  SetChildBit(true);
-}
-
-int SparseControl::DoGetAvailableRange() {
-  if (!child_)
-    return child_len_;  // Move on to the next child.
-
-  // Check that there are no holes in this range.
-  int last_bit = (child_offset_ + child_len_ + 1023) >> 10;
-  int start = child_offset_ >> 10;
-  int partial_start_bytes = PartialBlockLength(start);
-  int found = start;
-  int bits_found = child_map_.FindBits(&found, last_bit, true);
-
-  // We don't care if there is a partial block in the middle of the range.
-  int block_offset = child_offset_ & (kBlockSize - 1);
-  if (!bits_found && partial_start_bytes <= block_offset)
-    return child_len_;
-
-  // We are done. Just break the loop and reset result_ to our real result.
-  range_found_ = true;
-
-  // found now points to the first 1. Lets see if we have zeros before it.
-  int empty_start = std::max((found << 10) - child_offset_, 0);
-
-  int bytes_found = bits_found << 10;
-  bytes_found += PartialBlockLength(found + bits_found);
-
-  if (start == found)
-    bytes_found -= block_offset;
-
-  // If the user is searching past the end of this child, bits_found is the
-  // right result; otherwise, we have some empty space at the start of this
-  // query that we have to subtract from the range that we searched.
-  result_ = std::min(bytes_found, child_len_ - empty_start);
-
-  if (!bits_found) {
-    result_ = std::min(partial_start_bytes - block_offset, child_len_);
-    empty_start = 0;
-  }
-
-  // Only update offset_ when this query found zeros at the start.
-  if (empty_start)
-    offset_ += empty_start;
-
-  // This will actually break the loop.
-  buf_len_ = 0;
-  return 0;
-}
-
-void SparseControl::DoUserCallback() {
-  DCHECK(!user_callback_.is_null());
-  CompletionCallback cb = user_callback_;
-  user_callback_.Reset();
-  user_buf_ = NULL;
-  pending_ = false;
-  operation_ = kNoOperation;
-  int rv = result_;
-  entry_->Release();  // Don't touch object after this line.
-  cb.Run(rv);
-}
-
-void SparseControl::DoAbortCallbacks() {
-  for (size_t i = 0; i < abort_callbacks_.size(); i++) {
-    // Releasing all references to entry_ may result in the destruction of this
-    // object so we should not be touching it after the last Release().
-    CompletionCallback cb = abort_callbacks_[i];
-    if (i == abort_callbacks_.size() - 1)
-      abort_callbacks_.clear();
-
-    entry_->Release();  // Don't touch object after this line.
-    cb.Run(net::OK);
-  }
-}
-
-void SparseControl::OnChildIOCompleted(int result) {
-  DCHECK_NE(net::ERR_IO_PENDING, result);
-  DoChildIOCompleted(result);
-
-  if (abort_) {
-    // We'll return the current result of the operation, which may be less than
-    // the bytes to read or write, but the user cancelled the operation.
-    abort_ = false;
-    if (entry_->net_log().IsCapturing()) {
-      entry_->net_log().AddEvent(net::NetLog::TYPE_CANCELLED);
-      entry_->net_log().EndEvent(GetSparseEventType(operation_));
-    }
-    // We have an indirect reference to this object for every callback so if
-    // there is only one callback, we may delete this object before reaching
-    // DoAbortCallbacks.
-    bool has_abort_callbacks = !abort_callbacks_.empty();
-    DoUserCallback();
-    if (has_abort_callbacks)
-      DoAbortCallbacks();
-    return;
-  }
-
-  // We are running a callback from the message loop. It's time to restart what
-  // we were doing before.
-  DoChildrenIO();
-}
-
-}  // namespace disk_cache
diff --git a/chromium/net/disk_cache/blockfile/sparse_control_v3.h b/chromium/net/disk_cache/blockfile/sparse_control_v3.h
deleted file mode 100644
index a6c7d19c1cf..00000000000
--- a/chromium/net/disk_cache/blockfile/sparse_control_v3.h
+++ /dev/null
@@ -1,180 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef NET_DISK_CACHE_BLOCKFILE_SPARSE_CONTROL_V3_H_
-#define NET_DISK_CACHE_BLOCKFILE_SPARSE_CONTROL_V3_H_
-
-#include <stdint.h>
-
-#include <string>
-#include <vector>
-
-#include "base/compiler_specific.h"
-#include "base/macros.h"
-#include "net/base/completion_callback.h"
-#include "net/disk_cache/blockfile/bitmap.h"
-#include "net/disk_cache/disk_format.h"
-
-namespace net {
-class IOBuffer;
-class DrainableIOBuffer;
-}
-
-namespace disk_cache {
-
-class Entry;
-class EntryImpl;
-
-// This class provides support for the sparse capabilities of the disk cache.
-// Basically, sparse IO is directed from EntryImpl to this class, and we split
-// the operation into multiple small pieces, sending each one to the
-// appropriate entry. An instance of this class is asociated with each entry
-// used directly for sparse operations (the entry passed in to the constructor).
-class SparseControl {
- public:
-  typedef net::CompletionCallback CompletionCallback;
-
-  // The operation to perform.
-  enum SparseOperation {
-    kNoOperation,
-    kReadOperation,
-    kWriteOperation,
-    kGetRangeOperation
-  };
-
-  explicit SparseControl(EntryImpl* entry);
-  ~SparseControl();
-
-  // Performs a quick test to see if the entry is sparse or not, without
-  // generating disk IO (so the answer provided is only a best effort).
-  bool CouldBeSparse() const;
-
-  // Performs an actual sparse read or write operation for this entry. |op| is
-  // the operation to perform, |offset| is the desired sparse offset, |buf| and
-  // |buf_len| specify the actual data to use and |callback| is the callback
-  // to use for asynchronous operations. See the description of the Read /
-  // WriteSparseData for details about the arguments. The return value is the
-  // number of bytes read or written, or a net error code.
-  int StartIO(SparseOperation op,
-              int64_t offset,
-              net::IOBuffer* buf,
-              int buf_len,
-              const CompletionCallback& callback);
-
-  // Implements Entry::GetAvailableRange().
-  int GetAvailableRange(int64_t offset, int len, int64_t* start);
-
-  // Cancels the current sparse operation (if any).
-  void CancelIO();
-
-  // Returns OK if the entry can be used for new IO or ERR_IO_PENDING if we are
-  // busy. If the entry is busy, we'll invoke the callback when we are ready
-  // again. See disk_cache::Entry::ReadyToUse() for more info.
-  int ReadyToUse(const CompletionCallback& completion_callback);
-
-  // Deletes the children entries of |entry|.
-  static void DeleteChildren(EntryImpl* entry);
-
- private:
-  // Initializes the object for the current entry. If this entry already stores
-  // sparse data, or can be used to do it, it updates the relevant information
-  // on disk and returns net::OK. Otherwise it returns a net error code.
-  int Init();
-
-  // Creates a new sparse entry or opens an aready created entry from disk.
-  // These methods just read / write the required info from disk for the current
-  // entry, and verify that everything is correct. The return value is a net
-  // error code.
-  int CreateSparseEntry();
-  int OpenSparseEntry(int data_len);
-
-  // Opens and closes a child entry. A child entry is a regular EntryImpl object
-  // with a key derived from the key of the resource to store and the range
-  // stored by that child.
-  bool OpenChild();
-  void CloseChild();
-
-  // Continues the current operation (open) without a current child.
-  bool ContinueWithoutChild(const std::string& key);
-
-    // Writes to disk the tracking information for this entry.
-  void WriteSparseData();
-
-  // Performs a single operation with the current child. Returns true when we
-  // should move on to the next child and false when we should interrupt our
-  // work.
-  bool DoChildIO();
-
-  // Performs the required work after a single IO operations finishes.
-  void DoChildIOCompleted(int result);
-
-  std::string GenerateChildKey();
-
-  // Deletes the current child and continues the current operation (open).
-  bool KillChildAndContinue(const std::string& key, bool fatal);
-
-  // Returns true if the required child is tracked by the parent entry, i.e. it
-  // was already created.
-  bool ChildPresent();
-
-  // Sets the bit for the current child to the provided |value|. In other words,
-  // starts or stops tracking this child.
-  void SetChildBit(bool value);
-
-  // Verify that the range to be accessed for the current child is appropriate.
-  // Returns false if an error is detected or there is no need to perform the
-  // current IO operation (for instance if the required range is not stored by
-  // the child).
-  bool VerifyRange();
-
-  // Updates the contents bitmap for the current range, based on the result of
-  // the current operation.
-  void UpdateRange(int result);
-
-  // Returns the number of bytes stored at |block_index|, if its allocation-bit
-  // is off (because it is not completely filled).
-  int PartialBlockLength(int block_index) const;
-
-  // Initializes the sparse info for the current child.
-  void InitChildData();
-
-  // Performs the required work for GetAvailableRange for one child.
-  int DoGetAvailableRange();
-
-  // Reports to the user that we are done.
-  void DoUserCallback();
-  void DoAbortCallbacks();
-
-  // Invoked by the callback of asynchronous operations.
-  void OnChildIOCompleted(int result);
-
-  EntryImpl* entry_;  // The sparse entry.
-  EntryImpl* child_;  // The current child entry.
-  SparseOperation operation_;
-  bool pending_;  // True if any child IO operation returned pending.
-  bool finished_;
-  bool init_;
-  bool range_found_;  // True if GetAvailableRange found something.
-  bool abort_;  // True if we should abort the current operation ASAP.
-
-  SparseHeader sparse_header_;  // Data about the children of entry_.
-  Bitmap children_map_;  // The actual bitmap of children.
-  SparseData child_data_;  // Parent and allocation map of child_.
-  Bitmap child_map_;  // The allocation map as a bitmap.
-
-  CompletionCallback user_callback_;
-  std::vector<CompletionCallback> abort_callbacks_;
-  int64_t offset_;  // Current sparse offset.
-  scoped_refptr<net::DrainableIOBuffer> user_buf_;
-  int buf_len_;  // Bytes to read or write.
-  int child_offset_;  // Offset to use for the current child.
-  int child_len_;  // Bytes to read or write for this child.
-  int result_;
-
-  DISALLOW_COPY_AND_ASSIGN(SparseControl);
-};
-
-}  // namespace disk_cache
-
-#endif  // NET_DISK_CACHE_BLOCKFILE_SPARSE_CONTROL_V3_H_
diff --git a/chromium/net/disk_cache/blockfile/stats_unittest.cc b/chromium/net/disk_cache/blockfile/stats_unittest.cc
index fe47bdd4cf6..22ef4622360 100644
--- a/chromium/net/disk_cache/blockfile/stats_unittest.cc
+++ b/chromium/net/disk_cache/blockfile/stats_unittest.cc
@@ -4,7 +4,8 @@
 
 #include "net/disk_cache/blockfile/stats.h"
 
-#include "base/memory/scoped_ptr.h"
+#include <memory>
+
 #include "testing/gtest/include/gtest/gtest.h"
 
 TEST(DiskCacheStatsTest, Init) {
@@ -16,7 +17,7 @@ TEST(DiskCacheStatsTest, Init) {
 TEST(DiskCacheStatsTest, InitWithEmptyBuffer) {
   disk_cache::Stats stats;
   int required_len = stats.StorageSize();
-  scoped_ptr<char[]> storage(new char[required_len]);
+  std::unique_ptr<char[]> storage(new char[required_len]);
   memset(storage.get(), 0, required_len);
 
   ASSERT_TRUE(stats.Init(storage.get(), required_len, disk_cache::Addr()));
@@ -26,7 +27,7 @@ TEST(DiskCacheStatsTest, InitWithEmptyBuffer) {
 TEST(DiskCacheStatsTest, FailsInit) {
   disk_cache::Stats stats;
   int required_len = stats.StorageSize();
-  scoped_ptr<char[]> storage(new char[required_len]);
+  std::unique_ptr<char[]> storage(new char[required_len]);
   memset(storage.get(), 0, required_len);
 
   // Try a small buffer.
@@ -40,7 +41,7 @@ TEST(DiskCacheStatsTest, FailsInit) {
 }
 
 TEST(DiskCacheStatsTest, SaveRestore) {
-  scoped_ptr<disk_cache::Stats> stats(new disk_cache::Stats);
+  std::unique_ptr<disk_cache::Stats> stats(new disk_cache::Stats);
 
   disk_cache::Addr addr(5);
   ASSERT_TRUE(stats->Init(nullptr, 0, addr));
@@ -51,7 +52,7 @@ TEST(DiskCacheStatsTest, SaveRestore) {
   stats->OnEvent(disk_cache::Stats::DOOM_RECENT);
 
   int required_len = stats->StorageSize();
-  scoped_ptr<char[]> storage(new char[required_len]);
+  std::unique_ptr<char[]> storage(new char[required_len]);
   disk_cache::Addr out_addr;
   int real_len = stats->SerializeStats(storage.get(), required_len, &out_addr);
   EXPECT_GE(required_len, real_len);
diff --git a/chromium/net/disk_cache/cache_creator.cc b/chromium/net/disk_cache/cache_creator.cc
index 54338c1fb08..5245fe83896 100644
--- a/chromium/net/disk_cache/cache_creator.cc
+++ b/chromium/net/disk_cache/cache_creator.cc
@@ -32,7 +32,7 @@ class CacheCreator {
                uint32_t flags,
                const scoped_refptr<base::SingleThreadTaskRunner>& thread,
                net::NetLog* net_log,
-               scoped_ptr<disk_cache::Backend>* backend,
+               std::unique_ptr<disk_cache::Backend>* backend,
                const net::CompletionCallback& callback);
 
   // Creates the backend.
@@ -53,9 +53,9 @@ class CacheCreator {
   net::BackendType backend_type_;
   uint32_t flags_;
   scoped_refptr<base::SingleThreadTaskRunner> thread_;
-  scoped_ptr<disk_cache::Backend>* backend_;
+  std::unique_ptr<disk_cache::Backend>* backend_;
   net::CompletionCallback callback_;
-  scoped_ptr<disk_cache::Backend> created_cache_;
+  std::unique_ptr<disk_cache::Backend> created_cache_;
   net::NetLog* net_log_;
 
   DISALLOW_COPY_AND_ASSIGN(CacheCreator);
@@ -70,7 +70,7 @@ CacheCreator::CacheCreator(
     uint32_t flags,
     const scoped_refptr<base::SingleThreadTaskRunner>& thread,
     net::NetLog* net_log,
-    scoped_ptr<disk_cache::Backend>* backend,
+    std::unique_ptr<disk_cache::Backend>* backend,
     const net::CompletionCallback& callback)
     : path_(path),
       force_(force),
@@ -164,7 +164,7 @@ int CreateCacheBackend(
     bool force,
     const scoped_refptr<base::SingleThreadTaskRunner>& thread,
     net::NetLog* net_log,
-    scoped_ptr<Backend>* backend,
+    std::unique_ptr<Backend>* backend,
     const net::CompletionCallback& callback) {
   DCHECK(!callback.is_null());
   if (type == net::MEMORY_CACHE) {
diff --git a/chromium/net/disk_cache/disk_cache.h b/chromium/net/disk_cache/disk_cache.h
index 5f99c325058..f71bc81964b 100644
--- a/chromium/net/disk_cache/disk_cache.h
+++ b/chromium/net/disk_cache/disk_cache.h
@@ -10,11 +10,11 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 #include <vector>
 
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_split.h"
 #include "base/time/time.h"
 #include "net/base/cache_type.h"
@@ -59,7 +59,7 @@ NET_EXPORT int CreateCacheBackend(
     bool force,
     const scoped_refptr<base::SingleThreadTaskRunner>& thread,
     net::NetLog* net_log,
-    scoped_ptr<Backend>* backend,
+    std::unique_ptr<Backend>* backend,
     const net::CompletionCallback& callback);
 
 // The root interface for a disk cache instance.
@@ -154,7 +154,7 @@ class NET_EXPORT Backend {
 
   // Returns an iterator which will enumerate all entries of the cache in an
   // undefined order.
-  virtual scoped_ptr<Iterator> CreateIterator() = 0;
+  virtual std::unique_ptr<Iterator> CreateIterator() = 0;
 
   // Return a list of cache statistics.
   virtual void GetStats(base::StringPairs* stats) = 0;
@@ -333,7 +333,7 @@ struct EntryDeleter {
 };
 
 // Automatically closes an entry when it goes out of scope.
-typedef scoped_ptr<Entry, EntryDeleter> ScopedEntryPtr;
+typedef std::unique_ptr<Entry, EntryDeleter> ScopedEntryPtr;
 
 }  // namespace disk_cache
 
diff --git a/chromium/net/disk_cache/disk_cache_perftest.cc b/chromium/net/disk_cache/disk_cache_perftest.cc
new file mode 100644
index 00000000000..959143b884d
--- /dev/null
+++ b/chromium/net/disk_cache/disk_cache_perftest.cc
@@ -0,0 +1,304 @@
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <limits>
+#include <string>
+
+#include "base/bind.h"
+#include "base/bind_helpers.h"
+#include "base/files/file_enumerator.h"
+#include "base/files/file_path.h"
+#include "base/hash.h"
+#include "base/process/process_metrics.h"
+#include "base/strings/string_util.h"
+#include "base/test/perf_time_logger.h"
+#include "base/test/test_file_util.h"
+#include "base/threading/thread.h"
+#include "net/base/cache_type.h"
+#include "net/base/io_buffer.h"
+#include "net/base/net_errors.h"
+#include "net/base/test_completion_callback.h"
+#include "net/disk_cache/blockfile/backend_impl.h"
+#include "net/disk_cache/blockfile/block_files.h"
+#include "net/disk_cache/disk_cache.h"
+#include "net/disk_cache/disk_cache_test_base.h"
+#include "net/disk_cache/disk_cache_test_util.h"
+#include "testing/gtest/include/gtest/gtest.h"
+#include "testing/platform_test.h"
+
+using base::Time;
+
+namespace {
+
+size_t MaybeGetMaxFds() {
+#if defined(OS_POSIX)
+  return base::GetMaxFds();
+#else
+  return std::numeric_limits<size_t>::max();
+#endif
+}
+
+void MaybeSetFdLimit(unsigned int max_descriptors) {
+#if defined(OS_POSIX)
+  base::SetFdLimit(max_descriptors);
+#endif
+}
+
+struct TestEntry {
+  std::string key;
+  int data_len;
+};
+
+class DiskCachePerfTest : public DiskCacheTestWithCache {
+ public:
+  DiskCachePerfTest() : saved_fd_limit_(MaybeGetMaxFds()) {
+    if (saved_fd_limit_ < kFdLimitForCacheTests)
+      MaybeSetFdLimit(kFdLimitForCacheTests);
+  }
+
+  ~DiskCachePerfTest() override {
+    if (saved_fd_limit_ < kFdLimitForCacheTests)
+      MaybeSetFdLimit(kFdLimitForCacheTests);
+  }
+
+ protected:
+  enum class WhatToRead {
+    HEADERS_ONLY,
+    HEADERS_AND_BODY,
+  };
+
+  // Helper methods for constructing tests.
+  bool TimeWrite();
+  bool TimeRead(WhatToRead what_to_read, const char* timer_message);
+  void ResetAndEvictSystemDiskCache();
+
+  // Complete perf tests.
+  void CacheBackendPerformance();
+
+  const size_t kFdLimitForCacheTests = 8192;
+
+  const int kNumEntries = 1000;
+  const int kHeadersSize = 200;
+  const int kBodySize = 16 * 1024 - 1;
+
+  std::vector<TestEntry> entries_;
+
+ private:
+  const size_t saved_fd_limit_;
+};
+
+// Creates num_entries on the cache, and writes 200 bytes of metadata and up
+// to kBodySize of data to each entry.
+bool DiskCachePerfTest::TimeWrite() {
+  scoped_refptr<net::IOBuffer> buffer1(new net::IOBuffer(kHeadersSize));
+  scoped_refptr<net::IOBuffer> buffer2(new net::IOBuffer(kBodySize));
+
+  CacheTestFillBuffer(buffer1->data(), kHeadersSize, false);
+  CacheTestFillBuffer(buffer2->data(), kBodySize, false);
+
+  int expected = 0;
+
+  MessageLoopHelper helper;
+  CallbackTest callback(&helper, true);
+
+  base::PerfTimeLogger timer("Write disk cache entries");
+
+  for (int i = 0; i < kNumEntries; i++) {
+    TestEntry entry;
+    entry.key = GenerateKey(true);
+    entry.data_len = rand() % kBodySize;
+    entries_.push_back(entry);
+
+    disk_cache::Entry* cache_entry;
+    net::TestCompletionCallback cb;
+    int rv = cache_->CreateEntry(entry.key, &cache_entry, cb.callback());
+    if (net::OK != cb.GetResult(rv))
+      break;
+    int ret = cache_entry->WriteData(
+        0, 0, buffer1.get(), kHeadersSize,
+        base::Bind(&CallbackTest::Run, base::Unretained(&callback)), false);
+    if (net::ERR_IO_PENDING == ret)
+      expected++;
+    else if (kHeadersSize != ret)
+      break;
+
+    ret = cache_entry->WriteData(
+        1, 0, buffer2.get(), entry.data_len,
+        base::Bind(&CallbackTest::Run, base::Unretained(&callback)), false);
+    if (net::ERR_IO_PENDING == ret)
+      expected++;
+    else if (entry.data_len != ret)
+      break;
+    cache_entry->Close();
+  }
+
+  helper.WaitUntilCacheIoFinished(expected);
+  timer.Done();
+
+  return expected == helper.callbacks_called();
+}
+
+// Reads the data and metadata from each entry listed on |entries|.
+bool DiskCachePerfTest::TimeRead(WhatToRead what_to_read,
+                                 const char* timer_message) {
+  scoped_refptr<net::IOBuffer> buffer1(new net::IOBuffer(kHeadersSize));
+  scoped_refptr<net::IOBuffer> buffer2(new net::IOBuffer(kBodySize));
+
+  CacheTestFillBuffer(buffer1->data(), kHeadersSize, false);
+  CacheTestFillBuffer(buffer2->data(), kBodySize, false);
+
+  int expected = 0;
+
+  MessageLoopHelper helper;
+  CallbackTest callback(&helper, true);
+
+  base::PerfTimeLogger timer(timer_message);
+
+  for (int i = 0; i < kNumEntries; i++) {
+    disk_cache::Entry* cache_entry;
+    net::TestCompletionCallback cb;
+    int rv = cache_->OpenEntry(entries_[i].key, &cache_entry, cb.callback());
+    if (net::OK != cb.GetResult(rv))
+      break;
+    int ret = cache_entry->ReadData(
+        0, 0, buffer1.get(), kHeadersSize,
+        base::Bind(&CallbackTest::Run, base::Unretained(&callback)));
+    if (net::ERR_IO_PENDING == ret)
+      expected++;
+    else if (kHeadersSize != ret)
+      break;
+
+    if (what_to_read == WhatToRead::HEADERS_AND_BODY) {
+      ret = cache_entry->ReadData(
+          1, 0, buffer2.get(), entries_[i].data_len,
+          base::Bind(&CallbackTest::Run, base::Unretained(&callback)));
+      if (net::ERR_IO_PENDING == ret)
+        expected++;
+      else if (entries_[i].data_len != ret)
+        break;
+    }
+
+    cache_entry->Close();
+  }
+
+  helper.WaitUntilCacheIoFinished(expected);
+  timer.Done();
+
+  return (expected == helper.callbacks_called());
+}
+
+TEST_F(DiskCachePerfTest, BlockfileHashes) {
+  int seed = static_cast<int>(Time::Now().ToInternalValue());
+  srand(seed);
+
+  base::PerfTimeLogger timer("Hash disk cache keys");
+  for (int i = 0; i < 300000; i++) {
+    std::string key = GenerateKey(true);
+    base::Hash(key);
+  }
+  timer.Done();
+}
+
+void DiskCachePerfTest::ResetAndEvictSystemDiskCache() {
+  base::MessageLoop::current()->RunUntilIdle();
+  cache_.reset();
+
+  // Flush all files in the cache out of system memory.
+  const base::FilePath::StringType file_pattern = FILE_PATH_LITERAL("*");
+  base::FileEnumerator enumerator(cache_path_, true /* recursive */,
+                                  base::FileEnumerator::FILES, file_pattern);
+  for (base::FilePath file_path = enumerator.Next(); !file_path.empty();
+       file_path = enumerator.Next()) {
+    ASSERT_TRUE(base::EvictFileFromSystemCache(file_path));
+  }
+#if defined(OS_LINUX)
+  // And, cache directories, on platforms where the eviction utility supports
+  // this (currently Linux only).
+  if (simple_cache_mode_) {
+    ASSERT_TRUE(
+        base::EvictFileFromSystemCache(cache_path_.AppendASCII("index-dir")));
+  }
+  ASSERT_TRUE(base::EvictFileFromSystemCache(cache_path_));
+#endif
+
+  DisableFirstCleanup();
+  InitCache();
+}
+
+void DiskCachePerfTest::CacheBackendPerformance() {
+  InitCache();
+  EXPECT_TRUE(TimeWrite());
+
+  ResetAndEvictSystemDiskCache();
+  EXPECT_TRUE(TimeRead(WhatToRead::HEADERS_ONLY,
+                       "Read disk cache headers only (cold)"));
+  EXPECT_TRUE(TimeRead(WhatToRead::HEADERS_ONLY,
+                       "Read disk cache headers only (warm)"));
+  base::MessageLoop::current()->RunUntilIdle();
+
+  ResetAndEvictSystemDiskCache();
+  EXPECT_TRUE(
+      TimeRead(WhatToRead::HEADERS_AND_BODY, "Read disk cache entries (cold)"));
+  EXPECT_TRUE(
+      TimeRead(WhatToRead::HEADERS_AND_BODY, "Read disk cache entries (warm)"));
+  base::MessageLoop::current()->RunUntilIdle();
+}
+
+TEST_F(DiskCachePerfTest, CacheBackendPerformance) {
+  CacheBackendPerformance();
+}
+
+TEST_F(DiskCachePerfTest, SimpleCacheBackendPerformance) {
+  SetSimpleCacheMode();
+  CacheBackendPerformance();
+}
+
+int BlockSize() {
+  // We can use form 1 to 4 blocks.
+  return (rand() & 0x3) + 1;
+}
+
+// Creating and deleting "entries" on a block-file is something quite frequent
+// (after all, almost everything is stored on block files). The operation is
+// almost free when the file is empty, but can be expensive if the file gets
+// fragmented, or if we have multiple files. This test measures that scenario,
+// by using multiple, highly fragmented files.
+TEST_F(DiskCachePerfTest, BlockFilesPerformance) {
+  ASSERT_TRUE(CleanupCacheDir());
+
+  disk_cache::BlockFiles files(cache_path_);
+  ASSERT_TRUE(files.Init(true));
+
+  int seed = static_cast<int>(Time::Now().ToInternalValue());
+  srand(seed);
+
+  const int kNumBlocks = 60000;
+  disk_cache::Addr address[kNumBlocks];
+
+  base::PerfTimeLogger timer1("Fill three block-files");
+
+  // Fill up the 32-byte block file (use three files).
+  for (int i = 0; i < kNumBlocks; i++) {
+    EXPECT_TRUE(
+        files.CreateBlock(disk_cache::RANKINGS, BlockSize(), &address[i]));
+  }
+
+  timer1.Done();
+  base::PerfTimeLogger timer2("Create and delete blocks");
+
+  for (int i = 0; i < 200000; i++) {
+    int entry = rand() * (kNumBlocks / RAND_MAX + 1);
+    if (entry >= kNumBlocks)
+      entry = 0;
+
+    files.DeleteBlock(address[entry], false);
+    EXPECT_TRUE(
+        files.CreateBlock(disk_cache::RANKINGS, BlockSize(), &address[entry]));
+  }
+
+  timer2.Done();
+  base::MessageLoop::current()->RunUntilIdle();
+}
+
+}  // namespace
diff --git a/chromium/net/disk_cache/disk_cache_test_base.cc b/chromium/net/disk_cache/disk_cache_test_base.cc
index d3a21257325..7480cf45848 100644
--- a/chromium/net/disk_cache/disk_cache_test_base.cc
+++ b/chromium/net/disk_cache/disk_cache_test_base.cc
@@ -10,8 +10,8 @@
 #include "base/path_service.h"
 #include "base/run_loop.h"
 #include "base/single_thread_task_runner.h"
-#include "base/thread_task_runner_handle.h"
 #include "base/threading/platform_thread.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/io_buffer.h"
 #include "net/base/net_errors.h"
 #include "net/base/test_completion_callback.h"
@@ -55,7 +55,7 @@ void DiskCacheTest::TearDown() {
 }
 
 DiskCacheTestWithCache::TestIterator::TestIterator(
-    scoped_ptr<disk_cache::Backend::Iterator> iterator)
+    std::unique_ptr<disk_cache::Backend::Iterator> iterator)
     : iterator_(std::move(iterator)) {}
 
 DiskCacheTestWithCache::TestIterator::~TestIterator() {}
@@ -174,9 +174,10 @@ int DiskCacheTestWithCache::CalculateSizeOfAllEntries() {
   return cb.GetResult(rv);
 }
 
-scoped_ptr<DiskCacheTestWithCache::TestIterator>
-    DiskCacheTestWithCache::CreateIterator() {
-  return scoped_ptr<TestIterator>(new TestIterator(cache_->CreateIterator()));
+std::unique_ptr<DiskCacheTestWithCache::TestIterator>
+DiskCacheTestWithCache::CreateIterator() {
+  return std::unique_ptr<TestIterator>(
+      new TestIterator(cache_->CreateIterator()));
 }
 
 void DiskCacheTestWithCache::FlushQueueForTest() {
@@ -312,9 +313,9 @@ void DiskCacheTestWithCache::CreateBackend(uint32_t flags,
 
   if (simple_cache_mode_) {
     net::TestCompletionCallback cb;
-    scoped_ptr<disk_cache::SimpleBackendImpl> simple_backend(
-        new disk_cache::SimpleBackendImpl(
-            cache_path_, size_, type_, runner, NULL));
+    std::unique_ptr<disk_cache::SimpleBackendImpl> simple_backend(
+        new disk_cache::SimpleBackendImpl(cache_path_, size_, type_, runner,
+                                          NULL));
     int rv = simple_backend->Init(cb.callback());
     ASSERT_EQ(net::OK, cb.GetResult(rv));
     simple_cache_impl_ = simple_backend.get();
diff --git a/chromium/net/disk_cache/disk_cache_test_base.h b/chromium/net/disk_cache/disk_cache_test_base.h
index 713bba0e6a2..c94f5ac82ed 100644
--- a/chromium/net/disk_cache/disk_cache_test_base.h
+++ b/chromium/net/disk_cache/disk_cache_test_base.h
@@ -7,10 +7,11 @@
 
 #include <stdint.h>
 
+#include <memory>
+
 #include "base/files/file_path.h"
 #include "base/files/scoped_temp_dir.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/threading/thread.h"
 #include "net/base/cache_type.h"
 #include "net/disk_cache/disk_cache.h"
@@ -54,7 +55,7 @@ class DiskCacheTest : public PlatformTest {
 
  private:
   base::ScopedTempDir temp_dir_;
-  scoped_ptr<base::MessageLoop> message_loop_;
+  std::unique_ptr<base::MessageLoop> message_loop_;
 };
 
 // Provides basic support for cache related tests.
@@ -62,13 +63,14 @@ class DiskCacheTestWithCache : public DiskCacheTest {
  protected:
   class TestIterator {
    public:
-    explicit TestIterator(scoped_ptr<disk_cache::Backend::Iterator> iterator);
+    explicit TestIterator(
+        std::unique_ptr<disk_cache::Backend::Iterator> iterator);
     ~TestIterator();
 
     int OpenNextEntry(disk_cache::Entry** next_entry);
 
    private:
-    scoped_ptr<disk_cache::Backend::Iterator> iterator_;
+    std::unique_ptr<disk_cache::Backend::Iterator> iterator_;
   };
 
   DiskCacheTestWithCache();
@@ -130,7 +132,7 @@ class DiskCacheTestWithCache : public DiskCacheTest {
                          const base::Time end_time);
   int CalculateSizeOfAllEntries();
   int DoomEntriesSince(const base::Time initial_time);
-  scoped_ptr<TestIterator> CreateIterator();
+  std::unique_ptr<TestIterator> CreateIterator();
   void FlushQueueForTest();
   void RunTaskForTest(const base::Closure& closure);
   int ReadData(disk_cache::Entry* entry, int index, int offset,
@@ -163,7 +165,7 @@ class DiskCacheTestWithCache : public DiskCacheTest {
 
   // cache_ will always have a valid object, regardless of how the cache was
   // initialized. The implementation pointers can be NULL.
-  scoped_ptr<disk_cache::Backend> cache_;
+  std::unique_ptr<disk_cache::Backend> cache_;
   disk_cache::BackendImpl* cache_impl_;
   disk_cache::SimpleBackendImpl* simple_cache_impl_;
   disk_cache::MemBackendImpl* mem_cache_;
diff --git a/chromium/net/disk_cache/disk_cache_test_util.cc b/chromium/net/disk_cache/disk_cache_test_util.cc
index 0a2a27ecc8b..64e0a61c84b 100644
--- a/chromium/net/disk_cache/disk_cache_test_util.cc
+++ b/chromium/net/disk_cache/disk_cache_test_util.cc
@@ -7,7 +7,7 @@
 #include "base/files/file.h"
 #include "base/files/file_path.h"
 #include "base/logging.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/net_errors.h"
 #include "net/disk_cache/blockfile/backend_impl.h"
 #include "net/disk_cache/blockfile/file.h"
@@ -61,7 +61,7 @@ bool DeleteCache(const base::FilePath& path) {
 bool CheckCacheIntegrity(const base::FilePath& path,
                          bool new_eviction,
                          uint32_t mask) {
-  scoped_ptr<disk_cache::BackendImpl> cache(new disk_cache::BackendImpl(
+  std::unique_ptr<disk_cache::BackendImpl> cache(new disk_cache::BackendImpl(
       path, mask, base::ThreadTaskRunnerHandle::Get(), NULL));
   if (!cache.get())
     return false;
diff --git a/chromium/net/disk_cache/entry_unittest.cc b/chromium/net/disk_cache/entry_unittest.cc
index 22f793bb88b..07e7b2ae671 100644
--- a/chromium/net/disk_cache/entry_unittest.cc
+++ b/chromium/net/disk_cache/entry_unittest.cc
@@ -9,6 +9,7 @@
 #include "base/files/file.h"
 #include "base/files/file_util.h"
 #include "base/macros.h"
+#include "base/run_loop.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_util.h"
 #include "base/threading/platform_thread.h"
@@ -21,6 +22,7 @@
 #include "net/disk_cache/disk_cache_test_base.h"
 #include "net/disk_cache/disk_cache_test_util.h"
 #include "net/disk_cache/memory/mem_entry_impl.h"
+#include "net/disk_cache/simple/simple_backend_impl.h"
 #include "net/disk_cache/simple/simple_entry_format.h"
 #include "net/disk_cache/simple/simple_entry_impl.h"
 #include "net/disk_cache/simple/simple_synchronous_entry.h"
@@ -1625,7 +1627,7 @@ TEST_F(DiskCacheEntryTest, MemoryOnlyEnumerationWithSparseEntries) {
   parent_entry->Close();
 
   // Perform the enumerations.
-  scoped_ptr<TestIterator> iter = CreateIterator();
+  std::unique_ptr<TestIterator> iter = CreateIterator();
   disk_cache::Entry* entry = NULL;
   int count = 0;
   while (iter->OpenNextEntry(&entry) == net::OK) {
@@ -2185,7 +2187,8 @@ TEST_F(DiskCacheEntryTest, MemoryOnlyDoomSparseEntry) {
 // way to simulate a race is to execute what we want on the callback.
 class SparseTestCompletionCallback: public net::TestCompletionCallback {
  public:
-  explicit SparseTestCompletionCallback(scoped_ptr<disk_cache::Backend> cache)
+  explicit SparseTestCompletionCallback(
+      std::unique_ptr<disk_cache::Backend> cache)
       : cache_(std::move(cache)) {}
 
  private:
@@ -2194,7 +2197,7 @@ class SparseTestCompletionCallback: public net::TestCompletionCallback {
     TestCompletionCallback::SetResult(result);
   }
 
-  scoped_ptr<disk_cache::Backend> cache_;
+  std::unique_ptr<disk_cache::Backend> cache_;
   DISALLOW_COPY_AND_ASSIGN(SparseTestCompletionCallback);
 };
 
@@ -2351,7 +2354,7 @@ TEST_F(DiskCacheEntryTest, CleanupSparseEntry) {
   entry->Close();
   EXPECT_EQ(4, cache_->GetEntryCount());
 
-  scoped_ptr<TestIterator> iter = CreateIterator();
+  std::unique_ptr<TestIterator> iter = CreateIterator();
   int count = 0;
   std::string child_key[2];
   while (iter->OpenNextEntry(&entry) == net::OK) {
@@ -2707,7 +2710,7 @@ TEST_F(DiskCacheEntryTest, SimpleCacheNoEOF) {
   SetSimpleCacheMode();
   InitCache();
 
-  const char key[] = "the first key";
+  const std::string key("the first key");
 
   disk_cache::Entry* entry = NULL;
   ASSERT_EQ(net::OK, CreateEntry(key, &entry));
@@ -2727,9 +2730,8 @@ TEST_F(DiskCacheEntryTest, SimpleCacheNoEOF) {
   int kTruncationBytes = -static_cast<int>(sizeof(disk_cache::SimpleFileEOF));
   const base::FilePath entry_path = cache_path_.AppendASCII(
       disk_cache::simple_util::GetFilenameFromKeyAndFileIndex(key, 0));
-  const int64_t invalid_size =
-      disk_cache::simple_util::GetFileSizeFromKeyAndDataSize(key,
-                                                             kTruncationBytes);
+  const int64_t invalid_size = disk_cache::simple_util::GetFileSizeFromDataSize(
+      key.size(), kTruncationBytes);
   EXPECT_TRUE(TruncatePath(entry_path, invalid_size));
   EXPECT_EQ(net::ERR_FAILED, OpenEntry(key, &entry));
   DisableIntegrityCheck();
@@ -3687,7 +3689,7 @@ TEST_F(DiskCacheEntryTest, SimpleCacheStream1SizeChanges) {
   SetSimpleCacheMode();
   InitCache();
   disk_cache::Entry* entry = NULL;
-  const char key[] = "the key";
+  const std::string key("the key");
   const int kSize = 100;
   scoped_refptr<net::IOBuffer> buffer(new net::IOBuffer(kSize));
   scoped_refptr<net::IOBuffer> buffer_read(new net::IOBuffer(kSize));
@@ -3725,7 +3727,7 @@ TEST_F(DiskCacheEntryTest, SimpleCacheStream1SizeChanges) {
   int sparse_data_size = 0;
   disk_cache::SimpleEntryStat entry_stat(
       base::Time::Now(), base::Time::Now(), data_size, sparse_data_size);
-  int eof_offset = entry_stat.GetEOFOffsetInFile(key, 0);
+  int eof_offset = entry_stat.GetEOFOffsetInFile(key.size(), 0);
   disk_cache::SimpleFileEOF eof_record;
   ASSERT_EQ(static_cast<int>(sizeof(eof_record)),
             entry_file0.Read(eof_offset, reinterpret_cast<char*>(&eof_record),
@@ -4164,3 +4166,102 @@ TEST_F(DiskCacheEntryTest, SimpleCacheTruncateLargeSparseFile) {
 
   entry->Close();
 }
+
+TEST_F(DiskCacheEntryTest, SimpleCacheReadWithoutKeySHA256) {
+  // This test runs as APP_CACHE to make operations more synchronous.
+  SetCacheType(net::APP_CACHE);
+  SetSimpleCacheMode();
+  InitCache();
+  disk_cache::Entry* entry;
+  std::string key("a key");
+  ASSERT_EQ(net::OK, CreateEntry(key, &entry));
+
+  const std::string stream_0_data = "data for stream zero";
+  scoped_refptr<net::IOBuffer> stream_0_iobuffer(
+      new net::StringIOBuffer(stream_0_data));
+  EXPECT_EQ(static_cast<int>(stream_0_data.size()),
+            WriteData(entry, 0, 0, stream_0_iobuffer.get(),
+                      stream_0_data.size(), false));
+  const std::string stream_1_data = "FOR STREAM ONE, QUITE DIFFERENT THINGS";
+  scoped_refptr<net::IOBuffer> stream_1_iobuffer(
+      new net::StringIOBuffer(stream_1_data));
+  EXPECT_EQ(static_cast<int>(stream_1_data.size()),
+            WriteData(entry, 1, 0, stream_1_iobuffer.get(),
+                      stream_1_data.size(), false));
+  entry->Close();
+
+  base::RunLoop().RunUntilIdle();
+  disk_cache::SimpleBackendImpl::FlushWorkerPoolForTesting();
+  base::RunLoop().RunUntilIdle();
+
+  EXPECT_TRUE(
+      disk_cache::simple_util::RemoveKeySHA256FromEntry(key, cache_path_));
+  ASSERT_EQ(net::OK, OpenEntry(key, &entry));
+  ScopedEntryPtr entry_closer(entry);
+
+  EXPECT_EQ(static_cast<int>(stream_0_data.size()), entry->GetDataSize(0));
+  scoped_refptr<net::IOBuffer> check_stream_0_data(
+      new net::IOBuffer(stream_0_data.size()));
+  EXPECT_EQ(
+      static_cast<int>(stream_0_data.size()),
+      ReadData(entry, 0, 0, check_stream_0_data.get(), stream_0_data.size()));
+  EXPECT_EQ(0, stream_0_data.compare(0, std::string::npos,
+                                     check_stream_0_data->data(),
+                                     stream_0_data.size()));
+
+  EXPECT_EQ(static_cast<int>(stream_1_data.size()), entry->GetDataSize(1));
+  scoped_refptr<net::IOBuffer> check_stream_1_data(
+      new net::IOBuffer(stream_1_data.size()));
+  EXPECT_EQ(
+      static_cast<int>(stream_1_data.size()),
+      ReadData(entry, 1, 0, check_stream_1_data.get(), stream_1_data.size()));
+  EXPECT_EQ(0, stream_1_data.compare(0, std::string::npos,
+                                     check_stream_1_data->data(),
+                                     stream_1_data.size()));
+}
+
+TEST_F(DiskCacheEntryTest, SimpleCacheDoubleOpenWithoutKeySHA256) {
+  // This test runs as APP_CACHE to make operations more synchronous.
+  SetCacheType(net::APP_CACHE);
+  SetSimpleCacheMode();
+  InitCache();
+  disk_cache::Entry* entry;
+  std::string key("a key");
+  ASSERT_EQ(net::OK, CreateEntry(key, &entry));
+  entry->Close();
+
+  base::RunLoop().RunUntilIdle();
+  disk_cache::SimpleBackendImpl::FlushWorkerPoolForTesting();
+  base::RunLoop().RunUntilIdle();
+
+  EXPECT_TRUE(
+      disk_cache::simple_util::RemoveKeySHA256FromEntry(key, cache_path_));
+  ASSERT_EQ(net::OK, OpenEntry(key, &entry));
+  entry->Close();
+
+  base::RunLoop().RunUntilIdle();
+  disk_cache::SimpleBackendImpl::FlushWorkerPoolForTesting();
+  base::RunLoop().RunUntilIdle();
+
+  ASSERT_EQ(net::OK, OpenEntry(key, &entry));
+  entry->Close();
+}
+
+TEST_F(DiskCacheEntryTest, SimpleCacheReadCorruptKeySHA256) {
+  // This test runs as APP_CACHE to make operations more synchronous.
+  SetCacheType(net::APP_CACHE);
+  SetSimpleCacheMode();
+  InitCache();
+  disk_cache::Entry* entry;
+  std::string key("a key");
+  ASSERT_EQ(net::OK, CreateEntry(key, &entry));
+  entry->Close();
+
+  base::RunLoop().RunUntilIdle();
+  disk_cache::SimpleBackendImpl::FlushWorkerPoolForTesting();
+  base::RunLoop().RunUntilIdle();
+
+  EXPECT_TRUE(
+      disk_cache::simple_util::CorruptKeySHA256FromEntry(key, cache_path_));
+  EXPECT_NE(net::OK, OpenEntry(key, &entry));
+}
diff --git a/chromium/net/disk_cache/memory/mem_backend_impl.cc b/chromium/net/disk_cache/memory/mem_backend_impl.cc
index 028c022f035..0ba2d3fef1c 100644
--- a/chromium/net/disk_cache/memory/mem_backend_impl.cc
+++ b/chromium/net/disk_cache/memory/mem_backend_impl.cc
@@ -49,9 +49,9 @@ MemBackendImpl::~MemBackendImpl() {
 }
 
 // static
-scoped_ptr<Backend> MemBackendImpl::CreateBackend(int max_bytes,
-                                                  net::NetLog* net_log) {
-  scoped_ptr<MemBackendImpl> cache(new MemBackendImpl(net_log));
+std::unique_ptr<Backend> MemBackendImpl::CreateBackend(int max_bytes,
+                                                       net::NetLog* net_log) {
+  std::unique_ptr<MemBackendImpl> cache(new MemBackendImpl(net_log));
   cache->SetMaxSize(max_bytes);
   if (cache->Init())
     return std::move(cache);
@@ -242,8 +242,8 @@ class MemBackendImpl::MemIterator final : public Backend::Iterator {
   base::LinkNode<MemEntryImpl>* current_;
 };
 
-scoped_ptr<Backend::Iterator> MemBackendImpl::CreateIterator() {
-  return scoped_ptr<Backend::Iterator>(
+std::unique_ptr<Backend::Iterator> MemBackendImpl::CreateIterator() {
+  return std::unique_ptr<Backend::Iterator>(
       new MemIterator(weak_factory_.GetWeakPtr()));
 }
 
diff --git a/chromium/net/disk_cache/memory/mem_backend_impl.h b/chromium/net/disk_cache/memory/mem_backend_impl.h
index 8abcca5b7a2..f6ebbf7b0ce 100644
--- a/chromium/net/disk_cache/memory/mem_backend_impl.h
+++ b/chromium/net/disk_cache/memory/mem_backend_impl.h
@@ -10,9 +10,9 @@
 #include <stdint.h>
 
 #include <string>
+#include <unordered_map>
 
 #include "base/compiler_specific.h"
-#include "base/containers/hash_tables.h"
 #include "base/containers/linked_list.h"
 #include "base/macros.h"
 #include "base/memory/weak_ptr.h"
@@ -39,7 +39,8 @@ class NET_EXPORT_PRIVATE MemBackendImpl final : public Backend {
   // size the cache can grow to. If zero is passed in as max_bytes, the cache
   // will determine the value to use based on the available memory. The returned
   // pointer can be NULL if a fatal error is found.
-  static scoped_ptr<Backend> CreateBackend(int max_bytes, net::NetLog* net_log);
+  static std::unique_ptr<Backend> CreateBackend(int max_bytes,
+                                                net::NetLog* net_log);
 
   // Performs general initialization for this current instance of the cache.
   bool Init();
@@ -89,7 +90,7 @@ class NET_EXPORT_PRIVATE MemBackendImpl final : public Backend {
   int DoomEntriesSince(base::Time initial_time,
                        const CompletionCallback& callback) override;
   int CalculateSizeOfAllEntries(const CompletionCallback& callback) override;
-  scoped_ptr<Iterator> CreateIterator() override;
+  std::unique_ptr<Iterator> CreateIterator() override;
   void GetStats(base::StringPairs* stats) override {}
   void OnExternalCacheHit(const std::string& key) override;
 
@@ -97,7 +98,7 @@ class NET_EXPORT_PRIVATE MemBackendImpl final : public Backend {
   class MemIterator;
   friend class MemIterator;
 
-  typedef base::hash_map<std::string, MemEntryImpl*> EntryMap;
+  using EntryMap = std::unordered_map<std::string, MemEntryImpl*>;
 
   // Deletes entries from the cache until the current size is below the limit.
   void EvictIfNeeded();
diff --git a/chromium/net/disk_cache/memory/mem_entry_impl.cc b/chromium/net/disk_cache/memory/mem_entry_impl.cc
index bcbebb3cf2f..f1efa334af4 100644
--- a/chromium/net/disk_cache/memory/mem_entry_impl.cc
+++ b/chromium/net/disk_cache/memory/mem_entry_impl.cc
@@ -50,10 +50,10 @@ std::string GenerateChildName(const std::string& base_name, int child_id) {
 
 // Returns NetLog parameters for the creation of a MemEntryImpl. A separate
 // function is needed because child entries don't store their key().
-scoped_ptr<base::Value> NetLogEntryCreationCallback(
+std::unique_ptr<base::Value> NetLogEntryCreationCallback(
     const MemEntryImpl* entry,
     net::NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   std::string key;
   switch (entry->type()) {
     case MemEntryImpl::PARENT_ENTRY:
diff --git a/chromium/net/disk_cache/memory/mem_entry_impl.h b/chromium/net/disk_cache/memory/mem_entry_impl.h
index 11634e6ab9a..b366065be18 100644
--- a/chromium/net/disk_cache/memory/mem_entry_impl.h
+++ b/chromium/net/disk_cache/memory/mem_entry_impl.h
@@ -7,14 +7,14 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <string>
+#include <unordered_map>
 #include <vector>
 
-#include "base/containers/hash_tables.h"
 #include "base/containers/linked_list.h"
 #include "base/gtest_prod_util.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/time/time.h"
 #include "net/disk_cache/disk_cache.h"
 #include "net/log/net_log.h"
@@ -133,7 +133,7 @@ class NET_EXPORT_PRIVATE MemEntryImpl final
                MemEntryImpl* parent,
                net::NetLog* net_log);
 
-  typedef base::hash_map<int, MemEntryImpl*> EntryMap;
+  using EntryMap = std::unordered_map<int, MemEntryImpl*>;
 
   static const int kNumStreams = 3;
 
@@ -172,7 +172,7 @@ class NET_EXPORT_PRIVATE MemEntryImpl final
                               // entry.
   // Pointer to the parent entry, or nullptr if this entry is a parent entry.
   MemEntryImpl* parent_;
-  scoped_ptr<EntryMap> children_;
+  std::unique_ptr<EntryMap> children_;
 
   base::Time last_modified_;
   base::Time last_used_;
diff --git a/chromium/net/disk_cache/net_log_parameters.cc b/chromium/net/disk_cache/net_log_parameters.cc
index 842ce25e638..9ab448ff92c 100644
--- a/chromium/net/disk_cache/net_log_parameters.cc
+++ b/chromium/net/disk_cache/net_log_parameters.cc
@@ -15,23 +15,23 @@
 
 namespace {
 
-scoped_ptr<base::Value> NetLogEntryCreationCallback(
+std::unique_ptr<base::Value> NetLogEntryCreationCallback(
     const disk_cache::Entry* entry,
     bool created,
     net::NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetString("key", entry->GetKey());
   dict->SetBoolean("created", created);
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogReadWriteDataCallback(
+std::unique_ptr<base::Value> NetLogReadWriteDataCallback(
     int index,
     int offset,
     int buf_len,
     bool truncate,
     net::NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetInteger("index", index);
   dict->SetInteger("offset", offset);
   dict->SetInteger("buf_len", buf_len);
@@ -40,11 +40,11 @@ scoped_ptr<base::Value> NetLogReadWriteDataCallback(
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogReadWriteCompleteCallback(
+std::unique_ptr<base::Value> NetLogReadWriteCompleteCallback(
     int bytes_copied,
     net::NetLogCaptureMode /* capture_mode */) {
   DCHECK_NE(bytes_copied, net::ERR_IO_PENDING);
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   if (bytes_copied < 0) {
     dict->SetInteger("net_error", bytes_copied);
   } else {
@@ -53,11 +53,11 @@ scoped_ptr<base::Value> NetLogReadWriteCompleteCallback(
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogSparseOperationCallback(
+std::unique_ptr<base::Value> NetLogSparseOperationCallback(
     int64_t offset,
     int buf_len,
     net::NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   // Values can only be created with at most 32-bit integers.  Using a string
   // instead circumvents that restriction.
   dict->SetString("offset", base::Int64ToString(offset));
@@ -65,21 +65,21 @@ scoped_ptr<base::Value> NetLogSparseOperationCallback(
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogSparseReadWriteCallback(
+std::unique_ptr<base::Value> NetLogSparseReadWriteCallback(
     const net::NetLog::Source& source,
     int child_len,
     net::NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   source.AddToEventParameters(dict.get());
   dict->SetInteger("child_len", child_len);
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogGetAvailableRangeResultCallback(
+std::unique_ptr<base::Value> NetLogGetAvailableRangeResultCallback(
     int64_t start,
     int result,
     net::NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   if (result > 0) {
     dict->SetInteger("length", result);
     dict->SetString("start",  base::Int64ToString(start));
diff --git a/chromium/net/disk_cache/simple/simple_backend_impl.cc b/chromium/net/disk_cache/simple/simple_backend_impl.cc
index 00f6d15e129..4587bf9a3f8 100644
--- a/chromium/net/disk_cache/simple/simple_backend_impl.cc
+++ b/chromium/net/disk_cache/simple/simple_backend_impl.cc
@@ -8,6 +8,8 @@
 #include <cstdlib>
 #include <functional>
 
+#include "base/memory/ptr_util.h"
+
 #if defined(OS_POSIX)
 #include <sys/resource.h>
 #endif
@@ -24,8 +26,8 @@
 #include "base/single_thread_task_runner.h"
 #include "base/sys_info.h"
 #include "base/task_runner_util.h"
-#include "base/thread_task_runner_handle.h"
 #include "base/threading/sequenced_worker_pool.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/time/time.h"
 #include "net/base/net_errors.h"
 #include "net/disk_cache/cache_util.h"
@@ -209,11 +211,11 @@ class SimpleBackendImpl::ActiveEntryProxy
     }
   }
 
-  static scoped_ptr<SimpleEntryImpl::ActiveEntryProxy> Create(
+  static std::unique_ptr<SimpleEntryImpl::ActiveEntryProxy> Create(
       int64_t entry_hash,
       SimpleBackendImpl* backend) {
-    scoped_ptr<SimpleEntryImpl::ActiveEntryProxy>
-        proxy(new ActiveEntryProxy(entry_hash, backend));
+    std::unique_ptr<SimpleEntryImpl::ActiveEntryProxy> proxy(
+        new ActiveEntryProxy(entry_hash, backend));
     return proxy;
   }
 
@@ -243,18 +245,16 @@ SimpleBackendImpl::SimpleBackendImpl(
 }
 
 SimpleBackendImpl::~SimpleBackendImpl() {
-  index_->WriteToDisk();
+  index_->WriteToDisk(SimpleIndex::INDEX_WRITE_REASON_SHUTDOWN);
 }
 
 int SimpleBackendImpl::Init(const CompletionCallback& completion_callback) {
   worker_pool_ = g_sequenced_worker_pool.Get().GetTaskRunner();
 
   index_.reset(new SimpleIndex(
-      base::ThreadTaskRunnerHandle::Get(),
-      this,
-      cache_type_,
-      make_scoped_ptr(new SimpleIndexFile(
-          cache_thread_, worker_pool_.get(), cache_type_, path_))));
+      base::ThreadTaskRunnerHandle::Get(), this, cache_type_,
+      base::WrapUnique(new SimpleIndexFile(cache_thread_, worker_pool_.get(),
+                                           cache_type_, path_))));
   index_->ExecuteWhenReady(
       base::Bind(&RecordIndexLoad, cache_type_, base::TimeTicks::Now()));
 
@@ -289,7 +289,7 @@ void SimpleBackendImpl::OnDoomStart(uint64_t entry_hash) {
 
 void SimpleBackendImpl::OnDoomComplete(uint64_t entry_hash) {
   DCHECK_EQ(1u, entries_pending_doom_.count(entry_hash));
-  base::hash_map<uint64_t, std::vector<Closure>>::iterator it =
+  std::unordered_map<uint64_t, std::vector<Closure>>::iterator it =
       entries_pending_doom_.find(entry_hash);
   std::vector<Closure> to_run_closures;
   to_run_closures.swap(it->second);
@@ -301,7 +301,7 @@ void SimpleBackendImpl::OnDoomComplete(uint64_t entry_hash) {
 
 void SimpleBackendImpl::DoomEntries(std::vector<uint64_t>* entry_hashes,
                                     const net::CompletionCallback& callback) {
-  scoped_ptr<std::vector<uint64_t>> mass_doom_entry_hashes(
+  std::unique_ptr<std::vector<uint64_t>> mass_doom_entry_hashes(
       new std::vector<uint64_t>());
   mass_doom_entry_hashes->swap(*entry_hashes);
 
@@ -378,7 +378,7 @@ int SimpleBackendImpl::OpenEntry(const std::string& key,
 
   // TODO(gavinp): Factor out this (not quite completely) repetitive code
   // block from OpenEntry/CreateEntry/DoomEntry.
-  base::hash_map<uint64_t, std::vector<Closure>>::iterator it =
+  std::unordered_map<uint64_t, std::vector<Closure>>::iterator it =
       entries_pending_doom_.find(entry_hash);
   if (it != entries_pending_doom_.end()) {
     Callback<int(const net::CompletionCallback&)> operation =
@@ -390,14 +390,7 @@ int SimpleBackendImpl::OpenEntry(const std::string& key,
   }
   scoped_refptr<SimpleEntryImpl> simple_entry =
       CreateOrFindActiveEntry(entry_hash, key);
-  CompletionCallback backend_callback =
-      base::Bind(&SimpleBackendImpl::OnEntryOpenedFromKey,
-                 AsWeakPtr(),
-                 key,
-                 entry,
-                 simple_entry,
-                 callback);
-  return simple_entry->OpenEntry(entry, backend_callback);
+  return simple_entry->OpenEntry(entry, callback);
 }
 
 int SimpleBackendImpl::CreateEntry(const std::string& key,
@@ -406,7 +399,7 @@ int SimpleBackendImpl::CreateEntry(const std::string& key,
   DCHECK_LT(0u, key.size());
   const uint64_t entry_hash = simple_util::GetEntryHashKey(key);
 
-  base::hash_map<uint64_t, std::vector<Closure>>::iterator it =
+  std::unordered_map<uint64_t, std::vector<Closure>>::iterator it =
       entries_pending_doom_.find(entry_hash);
   if (it != entries_pending_doom_.end()) {
     Callback<int(const net::CompletionCallback&)> operation =
@@ -425,7 +418,7 @@ int SimpleBackendImpl::DoomEntry(const std::string& key,
                                  const net::CompletionCallback& callback) {
   const uint64_t entry_hash = simple_util::GetEntryHashKey(key);
 
-  base::hash_map<uint64_t, std::vector<Closure>>::iterator it =
+  std::unordered_map<uint64_t, std::vector<Closure>>::iterator it =
       entries_pending_doom_.find(entry_hash);
   if (it != entries_pending_doom_.end()) {
     Callback<int(const net::CompletionCallback&)> operation =
@@ -530,12 +523,12 @@ class SimpleBackendImpl::SimpleIterator final : public Iterator {
 
  private:
   base::WeakPtr<SimpleBackendImpl> backend_;
-  scoped_ptr<std::vector<uint64_t>> hashes_to_enumerate_;
+  std::unique_ptr<std::vector<uint64_t>> hashes_to_enumerate_;
   base::WeakPtrFactory<SimpleIterator> weak_factory_;
 };
 
-scoped_ptr<Backend::Iterator> SimpleBackendImpl::CreateIterator() {
-  return scoped_ptr<Iterator>(new SimpleIterator(AsWeakPtr()));
+std::unique_ptr<Backend::Iterator> SimpleBackendImpl::CreateIterator() {
+  return std::unique_ptr<Iterator>(new SimpleIterator(AsWeakPtr()));
 }
 
 void SimpleBackendImpl::GetStats(base::StringPairs* stats) {
@@ -566,7 +559,7 @@ void SimpleBackendImpl::IndexReadyForDoom(Time initial_time,
     callback.Run(result);
     return;
   }
-  scoped_ptr<std::vector<uint64_t>> removed_key_hashes(
+  std::unique_ptr<std::vector<uint64_t>> removed_key_hashes(
       index_->GetEntriesBetween(initial_time, end_time).release());
   DoomEntries(removed_key_hashes.get(), callback);
 }
@@ -631,7 +624,7 @@ scoped_refptr<SimpleEntryImpl> SimpleBackendImpl::CreateOrFindActiveEntry(
 int SimpleBackendImpl::OpenEntryFromHash(uint64_t entry_hash,
                                          Entry** entry,
                                          const CompletionCallback& callback) {
-  base::hash_map<uint64_t, std::vector<Closure>>::iterator it =
+  std::unordered_map<uint64_t, std::vector<Closure>>::iterator it =
       entries_pending_doom_.find(entry_hash);
   if (it != entries_pending_doom_.end()) {
     Callback<int(const net::CompletionCallback&)> operation =
@@ -658,9 +651,9 @@ int SimpleBackendImpl::OpenEntryFromHash(uint64_t entry_hash,
 int SimpleBackendImpl::DoomEntryFromHash(uint64_t entry_hash,
                                          const CompletionCallback& callback) {
   Entry** entry = new Entry*();
-  scoped_ptr<Entry*> scoped_entry(entry);
+  std::unique_ptr<Entry*> scoped_entry(entry);
 
-  base::hash_map<uint64_t, std::vector<Closure>>::iterator pending_it =
+  std::unordered_map<uint64_t, std::vector<Closure>>::iterator pending_it =
       entries_pending_doom_.find(entry_hash);
   if (pending_it != entries_pending_doom_.end()) {
     Callback<int(const net::CompletionCallback&)> operation =
@@ -713,31 +706,8 @@ void SimpleBackendImpl::OnEntryOpenedFromHash(
   }
 }
 
-void SimpleBackendImpl::OnEntryOpenedFromKey(
-    const std::string key,
-    Entry** entry,
-    const scoped_refptr<SimpleEntryImpl>& simple_entry,
-    const CompletionCallback& callback,
-    int error_code) {
-  int final_code = error_code;
-  if (final_code == net::OK) {
-    bool key_matches = key.compare(simple_entry->key()) == 0;
-    if (!key_matches) {
-      // TODO(clamy): Add a unit test to check this code path.
-      DLOG(WARNING) << "Key mismatch on open.";
-      simple_entry->Doom();
-      simple_entry->Close();
-      final_code = net::ERR_FAILED;
-    } else {
-      DCHECK_EQ(simple_entry->entry_hash(), simple_util::GetEntryHashKey(key));
-    }
-    SIMPLE_CACHE_UMA(BOOLEAN, "KeyMatchedOnOpen", cache_type_, key_matches);
-  }
-  callback.Run(final_code);
-}
-
 void SimpleBackendImpl::DoomEntriesComplete(
-    scoped_ptr<std::vector<uint64_t>> entry_hashes,
+    std::unique_ptr<std::vector<uint64_t>> entry_hashes,
     const net::CompletionCallback& callback,
     int result) {
   for (const uint64_t& entry_hash : *entry_hashes)
diff --git a/chromium/net/disk_cache/simple/simple_backend_impl.h b/chromium/net/disk_cache/simple/simple_backend_impl.h
index 6db40163761..e491359392b 100644
--- a/chromium/net/disk_cache/simple/simple_backend_impl.h
+++ b/chromium/net/disk_cache/simple/simple_backend_impl.h
@@ -7,16 +7,16 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <string>
+#include <unordered_map>
 #include <utility>
 #include <vector>
 
 #include "base/callback_forward.h"
 #include "base/compiler_specific.h"
-#include "base/containers/hash_tables.h"
 #include "base/files/file_path.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "base/strings/string_split.h"
 #include "base/task_runner.h"
@@ -108,7 +108,7 @@ class NET_EXPORT_PRIVATE SimpleBackendImpl : public Backend,
   int DoomEntriesSince(base::Time initial_time,
                        const CompletionCallback& callback) override;
   int CalculateSizeOfAllEntries(const CompletionCallback& callback) override;
-  scoped_ptr<Iterator> CreateIterator() override;
+  std::unique_ptr<Iterator> CreateIterator() override;
   void GetStats(base::StringPairs* stats) override;
   void OnExternalCacheHit(const std::string& key) override;
 
@@ -116,10 +116,10 @@ class NET_EXPORT_PRIVATE SimpleBackendImpl : public Backend,
   class SimpleIterator;
   friend class SimpleIterator;
 
-  typedef base::hash_map<uint64_t, SimpleEntryImpl*> EntryMap;
+  using EntryMap = std::unordered_map<uint64_t, SimpleEntryImpl*>;
 
-  typedef base::Callback<void(base::Time mtime, uint64_t max_size, int result)>
-      InitializeIndexCallback;
+  using InitializeIndexCallback =
+      base::Callback<void(base::Time mtime, uint64_t max_size, int result)>;
 
   class ActiveEntryProxy;
   friend class ActiveEntryProxy;
@@ -191,13 +191,13 @@ class NET_EXPORT_PRIVATE SimpleBackendImpl : public Backend,
 
   // A callback thunk used by DoomEntries to clear the |entries_pending_doom_|
   // after a mass doom.
-  void DoomEntriesComplete(scoped_ptr<std::vector<uint64_t>> entry_hashes,
+  void DoomEntriesComplete(std::unique_ptr<std::vector<uint64_t>> entry_hashes,
                            const CompletionCallback& callback,
                            int result);
 
   const base::FilePath path_;
   const net::CacheType cache_type_;
-  scoped_ptr<SimpleIndex> index_;
+  std::unique_ptr<SimpleIndex> index_;
   const scoped_refptr<base::SingleThreadTaskRunner> cache_thread_;
   scoped_refptr<base::TaskRunner> worker_pool_;
 
@@ -210,7 +210,8 @@ class NET_EXPORT_PRIVATE SimpleBackendImpl : public Backend,
   // these entries cannot have Doom/Create/Open operations run until the doom
   // is complete. The base::Closure map target is used to store deferred
   // operations to be run at the completion of the Doom.
-  base::hash_map<uint64_t, std::vector<base::Closure>> entries_pending_doom_;
+  std::unordered_map<uint64_t, std::vector<base::Closure>>
+      entries_pending_doom_;
 
   net::NetLog* const net_log_;
 };
diff --git a/chromium/net/disk_cache/simple/simple_backend_version.h b/chromium/net/disk_cache/simple/simple_backend_version.h
index d6ddf9b61ca..604d0e1a596 100644
--- a/chromium/net/disk_cache/simple/simple_backend_version.h
+++ b/chromium/net/disk_cache/simple/simple_backend_version.h
@@ -18,7 +18,7 @@ namespace disk_cache {
 //     |kSimpleVersion - 1| then the whole cache directory will be cleared.
 //   * Dropping cache data on disk or some of its parts can be a valid way to
 //     Upgrade.
-const uint32_t kSimpleVersion = 6;
+const uint32_t kSimpleVersion = 7;
 
 // The version of the entry file(s) as written to disk. Must be updated iff the
 // entry format changes with the overall backend version update.
diff --git a/chromium/net/disk_cache/simple/simple_entry_format.h b/chromium/net/disk_cache/simple/simple_entry_format.h
index aec7162f2c2..30a369358fb 100644
--- a/chromium/net/disk_cache/simple/simple_entry_format.h
+++ b/chromium/net/disk_cache/simple/simple_entry_format.h
@@ -25,7 +25,15 @@ const uint64_t kSimpleSparseRangeMagicNumber = UINT64_C(0xeb97bf016553676b);
 //   - the data from stream 1.
 //   - a SimpleFileEOF record for stream 1.
 //   - the data from stream 0.
+//   - (optionally) the SHA256 of the key.
 //   - a SimpleFileEOF record for stream 0.
+//
+// Because stream 0 data (typically HTTP headers) is on the critical path of
+// requests, on open, the cache reads the end of the record and does not
+// read the SimpleFileHeader. If the key can be validated with a SHA256, then
+// the stream 0 data can be returned to the caller without reading the
+// SimpleFileHeader. If the key SHA256 is not present, then the cache must
+// read the SimpleFileHeader to confirm key equality.
 
 // A file containing stream 2 in the Simple cache consists of:
 //   - a SimpleFileHeader.
@@ -47,6 +55,7 @@ struct NET_EXPORT_PRIVATE SimpleFileHeader {
 struct NET_EXPORT_PRIVATE SimpleFileEOF {
   enum Flags {
     FLAG_HAS_CRC32 = (1U << 0),
+    FLAG_HAS_KEY_SHA256 = (1U << 1),  // Preceding the record if present.
   };
 
   SimpleFileEOF();
diff --git a/chromium/net/disk_cache/simple/simple_entry_impl.cc b/chromium/net/disk_cache/simple/simple_entry_impl.cc
index 68f1b9e709a..8169b05a6b1 100644
--- a/chromium/net/disk_cache/simple/simple_entry_impl.cc
+++ b/chromium/net/disk_cache/simple/simple_entry_impl.cc
@@ -18,7 +18,7 @@
 #include "base/single_thread_task_runner.h"
 #include "base/task_runner.h"
 #include "base/task_runner_util.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/time/time.h"
 #include "net/base/io_buffer.h"
 #include "net/base/net_errors.h"
@@ -81,8 +81,8 @@ void RecordWriteResult(net::CacheType cache_type, WriteResult result) {
                    "WriteResult2", cache_type, result, WRITE_RESULT_MAX);
 }
 
-// TODO(ttuttle): Consider removing this once we have a good handle on header
-// size changes.
+// TODO(juliatuttle): Consider removing this once we have a good handle on
+// header size changes.
 void RecordHeaderSizeChange(net::CacheType cache_type,
                             int old_size, int new_size) {
   HeaderSizeChange size_change;
@@ -200,7 +200,7 @@ SimpleEntryImpl::SimpleEntryImpl(net::CacheType cache_type,
 }
 
 void SimpleEntryImpl::SetActiveEntryProxy(
-    scoped_ptr<ActiveEntryProxy> active_entry_proxy) {
+    std::unique_ptr<ActiveEntryProxy> active_entry_proxy) {
   DCHECK(!active_entry_proxy_);
   active_entry_proxy_.reset(active_entry_proxy.release());
 }
@@ -521,7 +521,7 @@ int SimpleEntryImpl::GetAvailableRange(int64_t offset,
 
 bool SimpleEntryImpl::CouldBeSparse() const {
   DCHECK(io_thread_checker_.CalledOnValidThread());
-  // TODO(ttuttle): Actually check.
+  // TODO(juliatuttle): Actually check.
   return true;
 }
 
@@ -600,7 +600,7 @@ void SimpleEntryImpl::RunNextOperationIfNeeded() {
                    "EntryOperationsPending", cache_type_,
                    pending_operations_.size(), 0, 100, 20);
   if (!pending_operations_.empty() && state_ != STATE_IO_PENDING) {
-    scoped_ptr<SimpleEntryOperation> operation(
+    std::unique_ptr<SimpleEntryOperation> operation(
         new SimpleEntryOperation(pending_operations_.front()));
     pending_operations_.pop();
     switch (operation->type()) {
@@ -693,23 +693,16 @@ void SimpleEntryImpl::OpenEntryInternal(bool have_index,
   DCHECK(!synchronous_entry_);
   state_ = STATE_IO_PENDING;
   const base::TimeTicks start_time = base::TimeTicks::Now();
-  scoped_ptr<SimpleEntryCreationResults> results(
-      new SimpleEntryCreationResults(
-          SimpleEntryStat(last_used_, last_modified_, data_size_,
-                          sparse_data_size_)));
-  Closure task = base::Bind(&SimpleSynchronousEntry::OpenEntry,
-                            cache_type_,
-                            path_,
-                            entry_hash_,
-                            have_index,
-                            results.get());
-  Closure reply = base::Bind(&SimpleEntryImpl::CreationOperationComplete,
-                             this,
-                             callback,
-                             start_time,
-                             base::Passed(&results),
-                             out_entry,
-                             net::NetLog::TYPE_SIMPLE_CACHE_ENTRY_OPEN_END);
+  std::unique_ptr<SimpleEntryCreationResults> results(
+      new SimpleEntryCreationResults(SimpleEntryStat(
+          last_used_, last_modified_, data_size_, sparse_data_size_)));
+  Closure task =
+      base::Bind(&SimpleSynchronousEntry::OpenEntry, cache_type_, path_, key_,
+                 entry_hash_, have_index, results.get());
+  Closure reply =
+      base::Bind(&SimpleEntryImpl::CreationOperationComplete, this, callback,
+                 start_time, base::Passed(&results), out_entry,
+                 net::NetLog::TYPE_SIMPLE_CACHE_ENTRY_OPEN_END);
   worker_pool_->PostTaskAndReply(FROM_HERE, task, reply);
 }
 
@@ -742,10 +735,9 @@ void SimpleEntryImpl::CreateEntryInternal(bool have_index,
     have_written_[i] = true;
 
   const base::TimeTicks start_time = base::TimeTicks::Now();
-  scoped_ptr<SimpleEntryCreationResults> results(
-      new SimpleEntryCreationResults(
-          SimpleEntryStat(last_used_, last_modified_, data_size_,
-                          sparse_data_size_)));
+  std::unique_ptr<SimpleEntryCreationResults> results(
+      new SimpleEntryCreationResults(SimpleEntryStat(
+          last_used_, last_modified_, data_size_, sparse_data_size_)));
   Closure task = base::Bind(&SimpleSynchronousEntry::CreateEntry,
                             cache_type_,
                             path_,
@@ -766,8 +758,8 @@ void SimpleEntryImpl::CreateEntryInternal(bool have_index,
 void SimpleEntryImpl::CloseInternal() {
   DCHECK(io_thread_checker_.CalledOnValidThread());
   typedef SimpleSynchronousEntry::CRCRecord CRCRecord;
-  scoped_ptr<std::vector<CRCRecord> >
-      crc32s_to_write(new std::vector<CRCRecord>());
+  std::unique_ptr<std::vector<CRCRecord>> crc32s_to_write(
+      new std::vector<CRCRecord>());
 
   net_log_.AddEvent(net::NetLog::TYPE_SIMPLE_CACHE_ENTRY_CLOSE_BEGIN);
 
@@ -868,11 +860,10 @@ void SimpleEntryImpl::ReadDataInternal(int stream_index,
   if (!doomed_ && backend_.get())
     backend_->index()->UseIfExists(entry_hash_);
 
-  scoped_ptr<uint32_t> read_crc32(new uint32_t());
-  scoped_ptr<int> result(new int());
-  scoped_ptr<SimpleEntryStat> entry_stat(
-      new SimpleEntryStat(last_used_, last_modified_, data_size_,
-                          sparse_data_size_));
+  std::unique_ptr<uint32_t> read_crc32(new uint32_t());
+  std::unique_ptr<int> result(new int());
+  std::unique_ptr<SimpleEntryStat> entry_stat(new SimpleEntryStat(
+      last_used_, last_modified_, data_size_, sparse_data_size_));
   Closure task = base::Bind(
       &SimpleSynchronousEntry::ReadData, base::Unretained(synchronous_entry_),
       SimpleSynchronousEntry::EntryOperationData(stream_index, offset, buf_len),
@@ -950,9 +941,8 @@ void SimpleEntryImpl::WriteDataInternal(int stream_index,
   AdvanceCrc(buf, offset, buf_len, stream_index);
 
   // |entry_stat| needs to be initialized before modifying |data_size_|.
-  scoped_ptr<SimpleEntryStat> entry_stat(
-      new SimpleEntryStat(last_used_, last_modified_, data_size_,
-                          sparse_data_size_));
+  std::unique_ptr<SimpleEntryStat> entry_stat(new SimpleEntryStat(
+      last_used_, last_modified_, data_size_, sparse_data_size_));
   if (truncate) {
     data_size_[stream_index] = offset + buf_len;
   } else {
@@ -970,7 +960,7 @@ void SimpleEntryImpl::WriteDataInternal(int stream_index,
   if (stream_index == 1)
     have_written_[0] = true;
 
-  scoped_ptr<int> result(new int());
+  std::unique_ptr<int> result(new int());
   Closure task = base::Bind(
       &SimpleSynchronousEntry::WriteData, base::Unretained(synchronous_entry_),
       SimpleSynchronousEntry::EntryOperationData(stream_index, offset, buf_len,
@@ -1002,8 +992,8 @@ void SimpleEntryImpl::ReadSparseDataInternal(
   DCHECK_EQ(STATE_READY, state_);
   state_ = STATE_IO_PENDING;
 
-  scoped_ptr<int> result(new int());
-  scoped_ptr<base::Time> last_used(new base::Time());
+  std::unique_ptr<int> result(new int());
+  std::unique_ptr<base::Time> last_used(new base::Time());
   Closure task = base::Bind(
       &SimpleSynchronousEntry::ReadSparseData,
       base::Unretained(synchronous_entry_),
@@ -1040,13 +1030,12 @@ void SimpleEntryImpl::WriteSparseDataInternal(
     max_sparse_data_size = max_cache_size / kMaxSparseDataSizeDivisor;
   }
 
-  scoped_ptr<SimpleEntryStat> entry_stat(
-      new SimpleEntryStat(last_used_, last_modified_, data_size_,
-                          sparse_data_size_));
+  std::unique_ptr<SimpleEntryStat> entry_stat(new SimpleEntryStat(
+      last_used_, last_modified_, data_size_, sparse_data_size_));
 
   last_used_ = last_modified_ = base::Time::Now();
 
-  scoped_ptr<int> result(new int());
+  std::unique_ptr<int> result(new int());
   Closure task = base::Bind(
       &SimpleSynchronousEntry::WriteSparseData,
       base::Unretained(synchronous_entry_),
@@ -1072,7 +1061,7 @@ void SimpleEntryImpl::GetAvailableRangeInternal(
   DCHECK_EQ(STATE_READY, state_);
   state_ = STATE_IO_PENDING;
 
-  scoped_ptr<int> result(new int());
+  std::unique_ptr<int> result(new int());
   Closure task = base::Bind(&SimpleSynchronousEntry::GetAvailableRange,
                             base::Unretained(synchronous_entry_),
                             SimpleSynchronousEntry::EntryOperationData(
@@ -1119,7 +1108,7 @@ void SimpleEntryImpl::DoomEntryInternal(const CompletionCallback& callback) {
 void SimpleEntryImpl::CreationOperationComplete(
     const CompletionCallback& completion_callback,
     const base::TimeTicks& start_time,
-    scoped_ptr<SimpleEntryCreationResults> in_results,
+    std::unique_ptr<SimpleEntryCreationResults> in_results,
     Entry** out_entry,
     net::NetLog::EventType end_event_type) {
   DCHECK(io_thread_checker_.CalledOnValidThread());
@@ -1152,11 +1141,14 @@ void SimpleEntryImpl::CreationOperationComplete(
     crc32s_[0] = in_results->stream_0_crc32;
     crc32s_end_offset_[0] = in_results->entry_stat.data_size(0);
   }
+  // If this entry was opened by hash, key_ could still be empty. If so, update
+  // it with the key read from the synchronous entry.
   if (key_.empty()) {
     SetKey(synchronous_entry_->key());
   } else {
-    // This should only be triggered when creating an entry. The key check in
-    // the open case is handled in SimpleBackendImpl.
+    // This should only be triggered when creating an entry. In the open case
+    // the key is either copied from the arguments to open, or checked
+    // in the synchronous entry.
     DCHECK_EQ(key_, synchronous_entry_->key());
   }
   UpdateDataFromEntryStat(in_results->entry_stat);
@@ -1172,7 +1164,7 @@ void SimpleEntryImpl::CreationOperationComplete(
 void SimpleEntryImpl::EntryOperationComplete(
     const CompletionCallback& completion_callback,
     const SimpleEntryStat& entry_stat,
-    scoped_ptr<int> result) {
+    std::unique_ptr<int> result) {
   DCHECK(io_thread_checker_.CalledOnValidThread());
   DCHECK(synchronous_entry_);
   DCHECK_EQ(STATE_IO_PENDING, state_);
@@ -1196,9 +1188,9 @@ void SimpleEntryImpl::ReadOperationComplete(
     int stream_index,
     int offset,
     const CompletionCallback& completion_callback,
-    scoped_ptr<uint32_t> read_crc32,
-    scoped_ptr<SimpleEntryStat> entry_stat,
-    scoped_ptr<int> result) {
+    std::unique_ptr<uint32_t> read_crc32,
+    std::unique_ptr<SimpleEntryStat> entry_stat,
+    std::unique_ptr<int> result) {
   DCHECK(io_thread_checker_.CalledOnValidThread());
   DCHECK(synchronous_entry_);
   DCHECK_EQ(STATE_IO_PENDING, state_);
@@ -1224,7 +1216,7 @@ void SimpleEntryImpl::ReadOperationComplete(
 
       net_log_.AddEvent(net::NetLog::TYPE_SIMPLE_CACHE_ENTRY_CHECKSUM_BEGIN);
 
-      scoped_ptr<int> new_result(new int());
+      std::unique_ptr<int> new_result(new int());
       Closure task = base::Bind(&SimpleSynchronousEntry::CheckEOFRecord,
                                 base::Unretained(synchronous_entry_),
                                 stream_index,
@@ -1266,8 +1258,8 @@ void SimpleEntryImpl::ReadOperationComplete(
 void SimpleEntryImpl::WriteOperationComplete(
     int stream_index,
     const CompletionCallback& completion_callback,
-    scoped_ptr<SimpleEntryStat> entry_stat,
-    scoped_ptr<int> result) {
+    std::unique_ptr<SimpleEntryStat> entry_stat,
+    std::unique_ptr<int> result) {
   if (*result >= 0)
     RecordWriteResult(cache_type_, WRITE_RESULT_SUCCESS);
   else
@@ -1286,8 +1278,8 @@ void SimpleEntryImpl::WriteOperationComplete(
 
 void SimpleEntryImpl::ReadSparseOperationComplete(
     const CompletionCallback& completion_callback,
-    scoped_ptr<base::Time> last_used,
-    scoped_ptr<int> result) {
+    std::unique_ptr<base::Time> last_used,
+    std::unique_ptr<int> result) {
   DCHECK(io_thread_checker_.CalledOnValidThread());
   DCHECK(synchronous_entry_);
   DCHECK(result);
@@ -1304,8 +1296,8 @@ void SimpleEntryImpl::ReadSparseOperationComplete(
 
 void SimpleEntryImpl::WriteSparseOperationComplete(
     const CompletionCallback& completion_callback,
-    scoped_ptr<SimpleEntryStat> entry_stat,
-    scoped_ptr<int> result) {
+    std::unique_ptr<SimpleEntryStat> entry_stat,
+    std::unique_ptr<int> result) {
   DCHECK(io_thread_checker_.CalledOnValidThread());
   DCHECK(synchronous_entry_);
   DCHECK(result);
@@ -1320,7 +1312,7 @@ void SimpleEntryImpl::WriteSparseOperationComplete(
 
 void SimpleEntryImpl::GetAvailableRangeOperationComplete(
     const CompletionCallback& completion_callback,
-    scoped_ptr<int> result) {
+    std::unique_ptr<int> result) {
   DCHECK(io_thread_checker_.CalledOnValidThread());
   DCHECK(synchronous_entry_);
   DCHECK(result);
@@ -1346,7 +1338,7 @@ void SimpleEntryImpl::ChecksumOperationComplete(
     int orig_result,
     int stream_index,
     const CompletionCallback& completion_callback,
-    scoped_ptr<int> result) {
+    std::unique_ptr<int> result) {
   DCHECK(io_thread_checker_.CalledOnValidThread());
   DCHECK(synchronous_entry_);
   DCHECK_EQ(STATE_IO_PENDING, state_);
@@ -1408,7 +1400,7 @@ int64_t SimpleEntryImpl::GetDiskUsage() const {
   int64_t file_size = 0;
   for (int i = 0; i < kSimpleEntryStreamCount; ++i) {
     file_size +=
-        simple_util::GetFileSizeFromKeyAndDataSize(key_, data_size_[i]);
+        simple_util::GetFileSizeFromDataSize(key_.size(), data_size_[i]);
   }
   file_size += sparse_data_size_;
   return file_size;
diff --git a/chromium/net/disk_cache/simple/simple_entry_impl.h b/chromium/net/disk_cache/simple/simple_entry_impl.h
index 4d41edc00f2..3a0317c0ddb 100644
--- a/chromium/net/disk_cache/simple/simple_entry_impl.h
+++ b/chromium/net/disk_cache/simple/simple_entry_impl.h
@@ -7,12 +7,12 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <queue>
 #include <string>
 
 #include "base/files/file_path.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/threading/thread_checker.h"
 #include "net/base/cache_type.h"
 #include "net/base/net_export.h"
@@ -65,7 +65,7 @@ class NET_EXPORT_PRIVATE SimpleEntryImpl : public Entry,
                   net::NetLog* net_log);
 
   void SetActiveEntryProxy(
-      scoped_ptr<ActiveEntryProxy> active_entry_proxy);
+      std::unique_ptr<ActiveEntryProxy> active_entry_proxy);
 
   // Adds another reader/writer to this entry, if possible, returning |this| to
   // |entry|.
@@ -79,6 +79,11 @@ class NET_EXPORT_PRIVATE SimpleEntryImpl : public Entry,
 
   const std::string& key() const { return key_; }
   uint64_t entry_hash() const { return entry_hash_; }
+
+  // The key is not a constructor parameter to the SimpleEntryImpl, because
+  // during cache iteration, it's necessary to open entries by their hash
+  // alone. In that case, the SimpleSynchronousEntry will read the key from disk
+  // and it will be set.
   void SetKey(const std::string& key);
 
   // From Entry:
@@ -219,7 +224,7 @@ class NET_EXPORT_PRIVATE SimpleEntryImpl : public Entry,
   void CreationOperationComplete(
       const CompletionCallback& completion_callback,
       const base::TimeTicks& start_time,
-      scoped_ptr<SimpleEntryCreationResults> in_results,
+      std::unique_ptr<SimpleEntryCreationResults> in_results,
       Entry** out_entry,
       net::NetLog::EventType end_event_type);
 
@@ -232,35 +237,35 @@ class NET_EXPORT_PRIVATE SimpleEntryImpl : public Entry,
   // |completion_callback| after updating state and dooming on errors.
   void EntryOperationComplete(const CompletionCallback& completion_callback,
                               const SimpleEntryStat& entry_stat,
-                              scoped_ptr<int> result);
+                              std::unique_ptr<int> result);
 
   // Called after an asynchronous read. Updates |crc32s_| if possible.
   void ReadOperationComplete(int stream_index,
                              int offset,
                              const CompletionCallback& completion_callback,
-                             scoped_ptr<uint32_t> read_crc32,
-                             scoped_ptr<SimpleEntryStat> entry_stat,
-                             scoped_ptr<int> result);
+                             std::unique_ptr<uint32_t> read_crc32,
+                             std::unique_ptr<SimpleEntryStat> entry_stat,
+                             std::unique_ptr<int> result);
 
   // Called after an asynchronous write completes.
   void WriteOperationComplete(int stream_index,
                               const CompletionCallback& completion_callback,
-                              scoped_ptr<SimpleEntryStat> entry_stat,
-                              scoped_ptr<int> result);
+                              std::unique_ptr<SimpleEntryStat> entry_stat,
+                              std::unique_ptr<int> result);
 
   void ReadSparseOperationComplete(
       const CompletionCallback& completion_callback,
-      scoped_ptr<base::Time> last_used,
-      scoped_ptr<int> result);
+      std::unique_ptr<base::Time> last_used,
+      std::unique_ptr<int> result);
 
   void WriteSparseOperationComplete(
       const CompletionCallback& completion_callback,
-      scoped_ptr<SimpleEntryStat> entry_stat,
-      scoped_ptr<int> result);
+      std::unique_ptr<SimpleEntryStat> entry_stat,
+      std::unique_ptr<int> result);
 
   void GetAvailableRangeOperationComplete(
       const CompletionCallback& completion_callback,
-      scoped_ptr<int> result);
+      std::unique_ptr<int> result);
 
   // Called after an asynchronous doom completes.
   void DoomOperationComplete(const CompletionCallback& callback,
@@ -270,11 +275,10 @@ class NET_EXPORT_PRIVATE SimpleEntryImpl : public Entry,
   // Called after validating the checksums on an entry. Passes through the
   // original result if successful, propagates the error if the checksum does
   // not validate.
-  void ChecksumOperationComplete(
-      int stream_index,
-      int orig_result,
-      const CompletionCallback& completion_callback,
-      scoped_ptr<int> result);
+  void ChecksumOperationComplete(int stream_index,
+                                 int orig_result,
+                                 const CompletionCallback& completion_callback,
+                                 std::unique_ptr<int> result);
 
   // Called after completion of asynchronous IO and receiving file metadata for
   // the entry in |entry_stat|. Updates the metadata in the entry and in the
@@ -304,7 +308,7 @@ class NET_EXPORT_PRIVATE SimpleEntryImpl : public Entry,
                   int length,
                   int stream_index);
 
-  scoped_ptr<ActiveEntryProxy> active_entry_proxy_;
+  std::unique_ptr<ActiveEntryProxy> active_entry_proxy_;
 
   // All nonstatic SimpleEntryImpl methods should always be called on the IO
   // thread, in all cases. |io_thread_checker_| documents and enforces this.
@@ -366,7 +370,7 @@ class NET_EXPORT_PRIVATE SimpleEntryImpl : public Entry,
 
   net::BoundNetLog net_log_;
 
-  scoped_ptr<SimpleEntryOperation> executing_operation_;
+  std::unique_ptr<SimpleEntryOperation> executing_operation_;
 
   // Unlike other streams, stream 0 data is read from the disk when the entry is
   // opened, and then kept in memory. All read/write operations on stream 0
diff --git a/chromium/net/disk_cache/simple/simple_index.cc b/chromium/net/disk_cache/simple/simple_index.cc
index f6ccd3eb1dd..8689b382fbd 100644
--- a/chromium/net/disk_cache/simple/simple_index.cc
+++ b/chromium/net/disk_cache/simple/simple_index.cc
@@ -144,7 +144,7 @@ SimpleIndex::SimpleIndex(
     const scoped_refptr<base::SingleThreadTaskRunner>& io_thread,
     SimpleIndexDelegate* delegate,
     net::CacheType cache_type,
-    scoped_ptr<SimpleIndexFile> index_file)
+    std::unique_ptr<SimpleIndexFile> index_file)
     : delegate_(delegate),
       cache_type_(cache_type),
       cache_size_(0),
@@ -158,7 +158,9 @@ SimpleIndex::SimpleIndex(
       io_thread_(io_thread),
       // Creating the callback once so it is reused every time
       // write_to_disk_timer_.Start() is called.
-      write_to_disk_cb_(base::Bind(&SimpleIndex::WriteToDisk, AsWeakPtr())),
+      write_to_disk_cb_(base::Bind(&SimpleIndex::WriteToDisk,
+                                   AsWeakPtr(),
+                                   INDEX_WRITE_REASON_IDLE)),
       app_on_background_(false) {}
 
 SimpleIndex::~SimpleIndex() {
@@ -182,7 +184,7 @@ void SimpleIndex::Initialize(base::Time cache_mtime) {
 #endif
 
   SimpleIndexLoadResult* load_result = new SimpleIndexLoadResult();
-  scoped_ptr<SimpleIndexLoadResult> load_result_scoped(load_result);
+  std::unique_ptr<SimpleIndexLoadResult> load_result_scoped(load_result);
   base::Closure reply = base::Bind(
       &SimpleIndex::MergeInitializingSet,
       AsWeakPtr(),
@@ -208,8 +210,9 @@ int SimpleIndex::ExecuteWhenReady(const net::CompletionCallback& task) {
   return net::ERR_IO_PENDING;
 }
 
-scoped_ptr<SimpleIndex::HashList> SimpleIndex::GetEntriesBetween(
-    base::Time initial_time, base::Time end_time) {
+std::unique_ptr<SimpleIndex::HashList> SimpleIndex::GetEntriesBetween(
+    base::Time initial_time,
+    base::Time end_time) {
   DCHECK_EQ(true, initialized_);
 
   if (!initial_time.is_null())
@@ -221,7 +224,7 @@ scoped_ptr<SimpleIndex::HashList> SimpleIndex::GetEntriesBetween(
   const base::Time extended_end_time =
       end_time.is_null() ? base::Time::Max() : end_time;
   DCHECK(extended_end_time >= initial_time);
-  scoped_ptr<HashList> ret_hashes(new HashList());
+  std::unique_ptr<HashList> ret_hashes(new HashList());
   for (EntrySet::iterator it = entries_set_.begin(), end = entries_set_.end();
        it != end; ++it) {
     EntryMetadata& metadata = it->second;
@@ -232,7 +235,7 @@ scoped_ptr<SimpleIndex::HashList> SimpleIndex::GetEntriesBetween(
   return ret_hashes;
 }
 
-scoped_ptr<SimpleIndex::HashList> SimpleIndex::GetAllHashes() {
+std::unique_ptr<SimpleIndex::HashList> SimpleIndex::GetAllHashes() {
   return GetEntriesBetween(base::Time(), base::Time());
 }
 
@@ -395,13 +398,14 @@ void SimpleIndex::UpdateEntryIteratorSize(EntrySet::iterator* it,
 }
 
 void SimpleIndex::MergeInitializingSet(
-    scoped_ptr<SimpleIndexLoadResult> load_result) {
+    std::unique_ptr<SimpleIndexLoadResult> load_result) {
   DCHECK(io_thread_checker_.CalledOnValidThread());
   DCHECK(load_result->did_load);
 
   EntrySet* index_file_entries = &load_result->entries;
 
-  for (base::hash_set<uint64_t>::const_iterator it = removed_entries_.begin();
+  for (std::unordered_set<uint64_t>::const_iterator it =
+           removed_entries_.begin();
        it != removed_entries_.end(); ++it) {
     index_file_entries->erase(*it);
   }
@@ -431,7 +435,7 @@ void SimpleIndex::MergeInitializingSet(
   // The actual IO is asynchronous, so calling WriteToDisk() shouldn't slow the
   // merge down much.
   if (load_result->flush_required)
-    WriteToDisk();
+    WriteToDisk(INDEX_WRITE_REASON_STARTUP_MERGE);
 
   SIMPLE_CACHE_UMA(CUSTOM_COUNTS,
                    "IndexInitializationWaiters", cache_type_,
@@ -455,12 +459,12 @@ void SimpleIndex::OnApplicationStateChange(
   } else if (state ==
       base::android::APPLICATION_STATE_HAS_STOPPED_ACTIVITIES) {
     app_on_background_ = true;
-    WriteToDisk();
+    WriteToDisk(INDEX_WRITE_REASON_ANDROID_STOPPED);
   }
 }
 #endif
 
-void SimpleIndex::WriteToDisk() {
+void SimpleIndex::WriteToDisk(IndexWriteToDiskReason reason) {
   DCHECK(io_thread_checker_.CalledOnValidThread());
   if (!initialized_)
     return;
@@ -481,8 +485,8 @@ void SimpleIndex::WriteToDisk() {
   }
   last_write_to_disk_ = start;
 
-  index_file_->WriteToDisk(entries_set_, cache_size_,
-                           start, app_on_background_, base::Closure());
+  index_file_->WriteToDisk(reason, entries_set_, cache_size_, start,
+                           app_on_background_, base::Closure());
 }
 
 }  // namespace disk_cache
diff --git a/chromium/net/disk_cache/simple/simple_index.h b/chromium/net/disk_cache/simple/simple_index.h
index ed37bd076f4..724891bfaeb 100644
--- a/chromium/net/disk_cache/simple/simple_index.h
+++ b/chromium/net/disk_cache/simple/simple_index.h
@@ -8,14 +8,15 @@
 #include <stdint.h>
 
 #include <list>
+#include <memory>
+#include <unordered_map>
+#include <unordered_set>
 #include <vector>
 
 #include "base/callback.h"
-#include "base/containers/hash_tables.h"
 #include "base/files/file_path.h"
 #include "base/gtest_prod_util.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "base/single_thread_task_runner.h"
 #include "base/threading/thread_checker.h"
@@ -85,13 +86,21 @@ class NET_EXPORT_PRIVATE SimpleIndex
     INITIALIZE_METHOD_NEWCACHE = 2,
     INITIALIZE_METHOD_MAX = 3,
   };
+  // Used in histograms. Please only add entries at the end.
+  enum IndexWriteToDiskReason {
+    INDEX_WRITE_REASON_SHUTDOWN = 0,
+    INDEX_WRITE_REASON_STARTUP_MERGE = 1,
+    INDEX_WRITE_REASON_IDLE = 2,
+    INDEX_WRITE_REASON_ANDROID_STOPPED = 3,
+    INDEX_WRITE_REASON_MAX = 4,
+  };
 
   typedef std::vector<uint64_t> HashList;
 
   SimpleIndex(const scoped_refptr<base::SingleThreadTaskRunner>& io_thread,
               SimpleIndexDelegate* delegate,
               net::CacheType cache_type,
-              scoped_ptr<SimpleIndexFile> simple_index_file);
+              std::unique_ptr<SimpleIndexFile> simple_index_file);
 
   virtual ~SimpleIndex();
 
@@ -110,14 +119,14 @@ class NET_EXPORT_PRIVATE SimpleIndex
   // iff the entry exist in the index.
   bool UseIfExists(uint64_t entry_hash);
 
-  void WriteToDisk();
+  void WriteToDisk(IndexWriteToDiskReason reason);
 
   // Update the size (in bytes) of an entry, in the metadata stored in the
   // index. This should be the total disk-file size including all streams of the
   // entry.
   bool UpdateEntrySize(uint64_t entry_hash, int64_t entry_size);
 
-  typedef base::hash_map<uint64_t, EntryMetadata> EntrySet;
+  using EntrySet = std::unordered_map<uint64_t, EntryMetadata>;
 
   static void InsertInEntrySet(uint64_t entry_hash,
                                const EntryMetadata& entry_metadata,
@@ -130,11 +139,11 @@ class NET_EXPORT_PRIVATE SimpleIndex
   // range between |initial_time| and |end_time| where open intervals are
   // possible according to the definition given in |DoomEntriesBetween()| in the
   // disk cache backend interface.
-  scoped_ptr<HashList> GetEntriesBetween(const base::Time initial_time,
-                                         const base::Time end_time);
+  std::unique_ptr<HashList> GetEntriesBetween(const base::Time initial_time,
+                                              const base::Time end_time);
 
   // Returns the list of all entries key hash.
-  scoped_ptr<HashList> GetAllHashes();
+  std::unique_ptr<HashList> GetAllHashes();
 
   // Returns number of indexed entries.
   int32_t GetEntryCount() const;
@@ -163,12 +172,13 @@ class NET_EXPORT_PRIVATE SimpleIndex
   void UpdateEntryIteratorSize(EntrySet::iterator* it, int64_t entry_size);
 
   // Must run on IO Thread.
-  void MergeInitializingSet(scoped_ptr<SimpleIndexLoadResult> load_result);
+  void MergeInitializingSet(std::unique_ptr<SimpleIndexLoadResult> load_result);
 
 #if defined(OS_ANDROID)
   void OnApplicationStateChange(base::android::ApplicationState state);
 
-  scoped_ptr<base::android::ApplicationStatusListener> app_status_listener_;
+  std::unique_ptr<base::android::ApplicationStatusListener>
+      app_status_listener_;
 #endif
 
   // The owner of |this| must ensure the |delegate_| outlives |this|.
@@ -186,11 +196,11 @@ class NET_EXPORT_PRIVATE SimpleIndex
 
   // This stores all the entry_hash of entries that are removed during
   // initialization.
-  base::hash_set<uint64_t> removed_entries_;
+  std::unordered_set<uint64_t> removed_entries_;
   bool initialized_;
   IndexInitMethod init_method_;
 
-  scoped_ptr<SimpleIndexFile> index_file_;
+  std::unique_ptr<SimpleIndexFile> index_file_;
 
   scoped_refptr<base::SingleThreadTaskRunner> io_thread_;
 
diff --git a/chromium/net/disk_cache/simple/simple_index_file.cc b/chromium/net/disk_cache/simple/simple_index_file.cc
index c23d64e6bd8..99eafc36fe2 100644
--- a/chromium/net/disk_cache/simple/simple_index_file.cc
+++ b/chromium/net/disk_cache/simple/simple_index_file.cc
@@ -33,7 +33,7 @@ namespace {
 const int kEntryFilesHashLength = 16;
 const int kEntryFilesSuffixLength = 2;
 
-const uint64_t kMaxEntiresInIndex = 100000000;
+const uint64_t kMaxEntriesInIndex = 100000000;
 
 uint32_t CalculatePickleCRC(const base::Pickle& pickle) {
   return crc32(crc32(0, Z_NULL, 0),
@@ -50,6 +50,14 @@ enum IndexFileState {
   INDEX_STATE_MAX = 4,
 };
 
+enum StaleIndexQuality {
+  STALE_INDEX_OK = 0,
+  STALE_INDEX_MISSED_ENTRIES = 1,
+  STALE_INDEX_EXTRA_ENTRIES = 2,
+  STALE_INDEX_BOTH_MISSED_AND_EXTRA_ENTRIES = 3,
+  STALE_INDEX_MAX = 4,
+};
+
 void UmaRecordIndexFileState(IndexFileState state, net::CacheType cache_type) {
   SIMPLE_CACHE_UMA(ENUMERATION,
                    "IndexFileStateOnLoad", cache_type, state, INDEX_STATE_MAX);
@@ -61,6 +69,39 @@ void UmaRecordIndexInitMethod(SimpleIndex::IndexInitMethod method,
                    SimpleIndex::INITIALIZE_METHOD_MAX);
 }
 
+void UmaRecordIndexWriteReason(SimpleIndex::IndexWriteToDiskReason reason,
+                               net::CacheType cache_type) {
+  SIMPLE_CACHE_UMA(ENUMERATION, "IndexWriteReason", cache_type, reason,
+                   SimpleIndex::INDEX_WRITE_REASON_MAX);
+}
+
+void UmaRecordIndexWriteReasonAtLoad(SimpleIndex::IndexWriteToDiskReason reason,
+                                     net::CacheType cache_type) {
+  SIMPLE_CACHE_UMA(ENUMERATION, "IndexWriteReasonAtLoad", cache_type, reason,
+                   SimpleIndex::INDEX_WRITE_REASON_MAX);
+}
+
+void UmaRecordStaleIndexQuality(int missed_entry_count,
+                                int extra_entry_count,
+                                net::CacheType cache_type) {
+  SIMPLE_CACHE_UMA(CUSTOM_COUNTS, "StaleIndexMissedEntryCount", cache_type,
+                   missed_entry_count, 1, 100, 5);
+  SIMPLE_CACHE_UMA(CUSTOM_COUNTS, "StaleIndexExtraEntryCount", cache_type,
+                   extra_entry_count, 1, 100, 5);
+
+  StaleIndexQuality quality;
+  if (missed_entry_count > 0 && extra_entry_count > 0)
+    quality = STALE_INDEX_BOTH_MISSED_AND_EXTRA_ENTRIES;
+  else if (missed_entry_count > 0)
+    quality = STALE_INDEX_MISSED_ENTRIES;
+  else if (extra_entry_count > 0)
+    quality = STALE_INDEX_EXTRA_ENTRIES;
+  else
+    quality = STALE_INDEX_OK;
+  SIMPLE_CACHE_UMA(ENUMERATION, "StaleIndexQuality", cache_type, quality,
+                   STALE_INDEX_MAX);
+}
+
 bool WritePickleFile(base::Pickle* pickle, const base::FilePath& file_name) {
   File file(
       file_name,
@@ -126,15 +167,17 @@ void ProcessEntryFile(SimpleIndex::EntrySet* entries,
 
 }  // namespace
 
-SimpleIndexLoadResult::SimpleIndexLoadResult() : did_load(false),
-                                                 flush_required(false) {
-}
+SimpleIndexLoadResult::SimpleIndexLoadResult()
+    : did_load(false),
+      index_write_reason(SimpleIndex::INDEX_WRITE_REASON_MAX),
+      flush_required(false) {}
 
 SimpleIndexLoadResult::~SimpleIndexLoadResult() {
 }
 
 void SimpleIndexLoadResult::Reset() {
   did_load = false;
+  index_write_reason = SimpleIndex::INDEX_WRITE_REASON_MAX;
   flush_required = false;
   entries.clear();
 }
@@ -149,22 +192,27 @@ const char SimpleIndexFile::kTempIndexFileName[] = "temp-index";
 SimpleIndexFile::IndexMetadata::IndexMetadata()
     : magic_number_(kSimpleIndexMagicNumber),
       version_(kSimpleVersion),
-      number_of_entries_(0),
+      reason_(SimpleIndex::INDEX_WRITE_REASON_MAX),
+      entry_count_(0),
       cache_size_(0) {}
 
-SimpleIndexFile::IndexMetadata::IndexMetadata(uint64_t number_of_entries,
-                                              uint64_t cache_size)
+SimpleIndexFile::IndexMetadata::IndexMetadata(
+    SimpleIndex::IndexWriteToDiskReason reason,
+    uint64_t entry_count,
+    uint64_t cache_size)
     : magic_number_(kSimpleIndexMagicNumber),
       version_(kSimpleVersion),
-      number_of_entries_(number_of_entries),
+      reason_(reason),
+      entry_count_(entry_count),
       cache_size_(cache_size) {}
 
 void SimpleIndexFile::IndexMetadata::Serialize(base::Pickle* pickle) const {
   DCHECK(pickle);
   pickle->WriteUInt64(magic_number_);
   pickle->WriteUInt32(version_);
-  pickle->WriteUInt64(number_of_entries_);
+  pickle->WriteUInt64(entry_count_);
   pickle->WriteUInt64(cache_size_);
+  pickle->WriteUInt32(static_cast<uint32_t>(reason_));
 }
 
 // static
@@ -179,17 +227,26 @@ bool SimpleIndexFile::SerializeFinalData(base::Time cache_modified,
 
 bool SimpleIndexFile::IndexMetadata::Deserialize(base::PickleIterator* it) {
   DCHECK(it);
-  return it->ReadUInt64(&magic_number_) &&
-      it->ReadUInt32(&version_) &&
-      it->ReadUInt64(&number_of_entries_)&&
-      it->ReadUInt64(&cache_size_);
+
+  bool v6_format_index_read_results =
+      it->ReadUInt64(&magic_number_) && it->ReadUInt32(&version_) &&
+      it->ReadUInt64(&entry_count_) && it->ReadUInt64(&cache_size_);
+  if (!v6_format_index_read_results)
+    return false;
+  if (version_ >= 7) {
+    uint32_t tmp_reason;
+    if (!it->ReadUInt32(&tmp_reason))
+      return false;
+    reason_ = static_cast<SimpleIndex::IndexWriteToDiskReason>(tmp_reason);
+  }
+  return true;
 }
 
 void SimpleIndexFile::SyncWriteToDisk(net::CacheType cache_type,
                                       const base::FilePath& cache_directory,
                                       const base::FilePath& index_filename,
                                       const base::FilePath& temp_index_filename,
-                                      scoped_ptr<base::Pickle> pickle,
+                                      std::unique_ptr<base::Pickle> pickle,
                                       const base::TimeTicks& start_time,
                                       bool app_on_background) {
   DCHECK_EQ(index_filename.DirName().value(),
@@ -236,9 +293,16 @@ void SimpleIndexFile::SyncWriteToDisk(net::CacheType cache_type,
 }
 
 bool SimpleIndexFile::IndexMetadata::CheckIndexMetadata() {
-  return number_of_entries_ <= kMaxEntiresInIndex &&
-      magic_number_ == kSimpleIndexMagicNumber &&
-      version_ == kSimpleVersion;
+  if (entry_count_ > kMaxEntriesInIndex ||
+      magic_number_ != kSimpleIndexMagicNumber) {
+    return false;
+  }
+
+  static_assert(kSimpleVersion == 7, "index metadata reader out of date");
+  // No |reason_| is saved in the version 6 file format.
+  if (version_ == 6)
+    return reason_ == SimpleIndex::INDEX_WRITE_REASON_MAX;
+  return version_ == 7 && reason_ < SimpleIndex::INDEX_WRITE_REASON_MAX;
 }
 
 SimpleIndexFile::SimpleIndexFile(
@@ -268,13 +332,15 @@ void SimpleIndexFile::LoadIndexEntries(base::Time cache_last_modified,
   worker_pool_->PostTaskAndReply(FROM_HERE, task, callback);
 }
 
-void SimpleIndexFile::WriteToDisk(const SimpleIndex::EntrySet& entry_set,
+void SimpleIndexFile::WriteToDisk(SimpleIndex::IndexWriteToDiskReason reason,
+                                  const SimpleIndex::EntrySet& entry_set,
                                   uint64_t cache_size,
                                   const base::TimeTicks& start,
                                   bool app_on_background,
                                   const base::Closure& callback) {
-  IndexMetadata index_metadata(entry_set.size(), cache_size);
-  scoped_ptr<base::Pickle> pickle = Serialize(index_metadata, entry_set);
+  UmaRecordIndexWriteReason(reason, cache_type_);
+  IndexMetadata index_metadata(reason, entry_set.size(), cache_size);
+  std::unique_ptr<base::Pickle> pickle = Serialize(index_metadata, entry_set);
   base::Closure task =
       base::Bind(&SimpleIndexFile::SyncWriteToDisk,
                  cache_type_, cache_directory_, index_file_, temp_index_file_,
@@ -303,6 +369,11 @@ void SimpleIndexFile::SyncLoadIndexEntries(
       UmaRecordIndexFileState(INDEX_STATE_CORRUPT, cache_type);
   } else {
     if (cache_last_modified <= last_cache_seen_by_index) {
+      if (out_result->index_write_reason !=
+          SimpleIndex::INDEX_WRITE_REASON_MAX) {
+        UmaRecordIndexWriteReasonAtLoad(out_result->index_write_reason,
+                                        cache_type);
+      }
       base::Time latest_dir_mtime;
       simple_util::GetMTime(cache_directory, &latest_dir_mtime);
       if (LegacyIsIndexFileStale(latest_dir_mtime, index_file_path)) {
@@ -319,6 +390,8 @@ void SimpleIndexFile::SyncLoadIndexEntries(
   }
 
   // Reconstruct the index by scanning the disk for entries.
+  SimpleIndex::EntrySet entries_from_stale_index;
+  entries_from_stale_index.swap(out_result->entries);
   const base::TimeTicks start = base::TimeTicks::Now();
   SyncRestoreFromDisk(cache_directory, index_file_path, out_result);
   SIMPLE_CACHE_UMA(MEDIUM_TIMES, "IndexRestoreTime", cache_type,
@@ -328,6 +401,18 @@ void SimpleIndexFile::SyncLoadIndexEntries(
   if (index_file_existed) {
     out_result->init_method = SimpleIndex::INITIALIZE_METHOD_RECOVERED;
 
+    int missed_entry_count = 0;
+    for (const auto& i : out_result->entries) {
+      if (entries_from_stale_index.count(i.first) == 0)
+        ++missed_entry_count;
+    }
+    int extra_entry_count = 0;
+    for (const auto& i : entries_from_stale_index) {
+      if (out_result->entries.count(i.first) == 0)
+        ++extra_entry_count;
+    }
+    UmaRecordStaleIndexQuality(missed_entry_count, extra_entry_count,
+                               cache_type);
   } else {
     out_result->init_method = SimpleIndex::INITIALIZE_METHOD_NEWCACHE;
     SIMPLE_CACHE_UMA(COUNTS,
@@ -365,10 +450,10 @@ void SimpleIndexFile::SyncLoadFromDisk(const base::FilePath& index_filename,
 }
 
 // static
-scoped_ptr<base::Pickle> SimpleIndexFile::Serialize(
+std::unique_ptr<base::Pickle> SimpleIndexFile::Serialize(
     const SimpleIndexFile::IndexMetadata& index_metadata,
     const SimpleIndex::EntrySet& entries) {
-  scoped_ptr<base::Pickle> pickle(
+  std::unique_ptr<base::Pickle> pickle(
       new base::Pickle(sizeof(SimpleIndexFile::PickleHeader)));
 
   index_metadata.Serialize(pickle.get());
@@ -417,8 +502,8 @@ void SimpleIndexFile::Deserialize(const char* data, int data_len,
     return;
   }
 
-  entries->reserve(index_metadata.GetNumberOfEntries() + kExtraSizeForMerge);
-  while (entries->size() < index_metadata.GetNumberOfEntries()) {
+  entries->reserve(index_metadata.entry_count() + kExtraSizeForMerge);
+  while (entries->size() < index_metadata.entry_count()) {
     uint64_t hash_key;
     EntryMetadata entry_metadata;
     if (!pickle_it.ReadUInt64(&hash_key) ||
@@ -438,6 +523,7 @@ void SimpleIndexFile::Deserialize(const char* data, int data_len,
   DCHECK(out_cache_last_modified);
   *out_cache_last_modified = base::Time::FromInternalValue(cache_last_modified);
 
+  out_result->index_write_reason = index_metadata.reason();
   out_result->did_load = true;
 }
 
diff --git a/chromium/net/disk_cache/simple/simple_index_file.h b/chromium/net/disk_cache/simple/simple_index_file.h
index a5db59af2bc..981a03dd7d1 100644
--- a/chromium/net/disk_cache/simple/simple_index_file.h
+++ b/chromium/net/disk_cache/simple/simple_index_file.h
@@ -7,15 +7,14 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 #include <vector>
 
-#include "base/containers/hash_tables.h"
 #include "base/files/file_path.h"
 #include "base/gtest_prod_util.h"
 #include "base/logging.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/pickle.h"
 #include "net/base/cache_type.h"
 #include "net/base/net_export.h"
@@ -37,16 +36,16 @@ struct NET_EXPORT_PRIVATE SimpleIndexLoadResult {
 
   bool did_load;
   SimpleIndex::EntrySet entries;
+  SimpleIndex::IndexWriteToDiskReason index_write_reason;
   SimpleIndex::IndexInitMethod init_method;
   bool flush_required;
 };
 
-// Simple Index File format is a pickle serialized data of IndexMetadata and
-// EntryMetadata objects. The file format is as follows: one instance of
-// serialized |IndexMetadata| followed serialized |EntryMetadata| entries
-// repeated |number_of_entries| amount of times. To know more about the format,
-// see SimpleIndexFile::Serialize() and SeeSimpleIndexFile::LoadFromDisk()
-// methods.
+// Simple Index File format is a pickle of IndexMetadata and EntryMetadata
+// objects. The file format is as follows: one instance of |IndexMetadata|
+// followed by |EntryMetadata| repeated |entry_count| times. To learn more about
+// the format see |SimpleIndexFile::Serialize()| and
+// |SimpleIndexFile::LoadFromDisk()|.
 //
 // The non-static methods must run on the IO thread. All the real
 // work is done in the static methods, which are run on the cache thread
@@ -57,22 +56,28 @@ class NET_EXPORT_PRIVATE SimpleIndexFile {
   class NET_EXPORT_PRIVATE IndexMetadata {
    public:
     IndexMetadata();
-    IndexMetadata(uint64_t number_of_entries, uint64_t cache_size);
+    IndexMetadata(SimpleIndex::IndexWriteToDiskReason reason,
+                  uint64_t entry_count,
+                  uint64_t cache_size);
 
-    void Serialize(base::Pickle* pickle) const;
+    virtual void Serialize(base::Pickle* pickle) const;
     bool Deserialize(base::PickleIterator* it);
 
     bool CheckIndexMetadata();
 
-    uint64_t GetNumberOfEntries() { return number_of_entries_; }
+    SimpleIndex::IndexWriteToDiskReason reason() const { return reason_; }
+    uint64_t entry_count() const { return entry_count_; }
 
    private:
     FRIEND_TEST_ALL_PREFIXES(IndexMetadataTest, Basics);
     FRIEND_TEST_ALL_PREFIXES(IndexMetadataTest, Serialize);
+    FRIEND_TEST_ALL_PREFIXES(IndexMetadataTest, ReadV6Format);
+    friend class V6IndexMetadataForTest;
 
     uint64_t magic_number_;
     uint32_t version_;
-    uint64_t number_of_entries_;
+    SimpleIndex::IndexWriteToDiskReason reason_;
+    uint64_t entry_count_;
     uint64_t cache_size_;  // Total cache storage size in bytes.
   };
 
@@ -89,7 +94,8 @@ class NET_EXPORT_PRIVATE SimpleIndexFile {
                                 SimpleIndexLoadResult* out_result);
 
   // Write the specified set of entries to disk.
-  virtual void WriteToDisk(const SimpleIndex::EntrySet& entry_set,
+  virtual void WriteToDisk(SimpleIndex::IndexWriteToDiskReason reason,
+                           const SimpleIndex::EntrySet& entry_set,
                            uint64_t cache_size,
                            const base::TimeTicks& start,
                            bool app_on_background,
@@ -122,7 +128,7 @@ class NET_EXPORT_PRIVATE SimpleIndexFile {
   // data to be written to a file. Note: the pickle is not in a consistent state
   // immediately after calling this menthod, one needs to call
   // SerializeFinalData to make it ready to write to a file.
-  static scoped_ptr<base::Pickle> Serialize(
+  static std::unique_ptr<base::Pickle> Serialize(
       const SimpleIndexFile::IndexMetadata& index_metadata,
       const SimpleIndex::EntrySet& entries);
 
@@ -153,7 +159,7 @@ class NET_EXPORT_PRIVATE SimpleIndexFile {
                               const base::FilePath& cache_directory,
                               const base::FilePath& index_filename,
                               const base::FilePath& temp_index_filename,
-                              scoped_ptr<base::Pickle> pickle,
+                              std::unique_ptr<base::Pickle> pickle,
                               const base::TimeTicks& start_time,
                               bool app_on_background);
 
diff --git a/chromium/net/disk_cache/simple/simple_index_file_posix.cc b/chromium/net/disk_cache/simple/simple_index_file_posix.cc
index 586699d2a8e..e0dd3dd126a 100644
--- a/chromium/net/disk_cache/simple/simple_index_file_posix.cc
+++ b/chromium/net/disk_cache/simple/simple_index_file_posix.cc
@@ -9,10 +9,10 @@
 #include <sys/types.h>
 #include <unistd.h>
 
+#include <memory>
 #include <string>
 
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
 
 namespace disk_cache {
 namespace {
@@ -21,7 +21,7 @@ struct DirCloser {
   void operator()(DIR* dir) { closedir(dir); }
 };
 
-typedef scoped_ptr<DIR, DirCloser> ScopedDir;
+typedef std::unique_ptr<DIR, DirCloser> ScopedDir;
 
 }  // namespace
 
diff --git a/chromium/net/disk_cache/simple/simple_index_file_unittest.cc b/chromium/net/disk_cache/simple/simple_index_file_unittest.cc
index 3f1bca572dd..187ef7796a3 100644
--- a/chromium/net/disk_cache/simple/simple_index_file_unittest.cc
+++ b/chromium/net/disk_cache/simple/simple_index_file_unittest.cc
@@ -2,19 +2,22 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "net/disk_cache/simple/simple_index_file.h"
+
+#include <memory>
+
 #include "base/files/file.h"
 #include "base/files/file_util.h"
 #include "base/files/scoped_temp_dir.h"
 #include "base/hash.h"
 #include "base/location.h"
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/pickle.h"
 #include "base/run_loop.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/stringprintf.h"
-#include "base/thread_task_runner_handle.h"
 #include "base/threading/thread.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/time/time.h"
 #include "net/base/cache_type.h"
 #include "net/base/test_completion_callback.h"
@@ -23,7 +26,6 @@
 #include "net/disk_cache/simple/simple_backend_version.h"
 #include "net/disk_cache/simple/simple_entry_format.h"
 #include "net/disk_cache/simple/simple_index.h"
-#include "net/disk_cache/simple/simple_index_file.h"
 #include "net/disk_cache/simple/simple_util.h"
 #include "net/disk_cache/simple/simple_version_upgrade.h"
 #include "testing/gtest/include/gtest/gtest.h"
@@ -44,14 +46,18 @@ TEST(IndexMetadataTest, Basics) {
 
   EXPECT_EQ(disk_cache::kSimpleIndexMagicNumber, index_metadata.magic_number_);
   EXPECT_EQ(disk_cache::kSimpleVersion, index_metadata.version_);
-  EXPECT_EQ(0U, index_metadata.GetNumberOfEntries());
+  EXPECT_EQ(0U, index_metadata.entry_count());
   EXPECT_EQ(0U, index_metadata.cache_size_);
 
+  // Without setting a |reason_|, the index metadata isn't valid.
+  index_metadata.reason_ = SimpleIndex::INDEX_WRITE_REASON_SHUTDOWN;
+
   EXPECT_TRUE(index_metadata.CheckIndexMetadata());
 }
 
 TEST(IndexMetadataTest, Serialize) {
-  SimpleIndexFile::IndexMetadata index_metadata(123, 456);
+  SimpleIndexFile::IndexMetadata index_metadata(
+      SimpleIndex::INDEX_WRITE_REASON_SHUTDOWN, 123, 456);
   base::Pickle pickle;
   index_metadata.Serialize(&pickle);
   base::PickleIterator it(pickle);
@@ -60,13 +66,56 @@ TEST(IndexMetadataTest, Serialize) {
 
   EXPECT_EQ(new_index_metadata.magic_number_, index_metadata.magic_number_);
   EXPECT_EQ(new_index_metadata.version_, index_metadata.version_);
-  EXPECT_EQ(new_index_metadata.GetNumberOfEntries(),
-            index_metadata.GetNumberOfEntries());
+  EXPECT_EQ(new_index_metadata.reason_, index_metadata.reason_);
+  EXPECT_EQ(new_index_metadata.entry_count(), index_metadata.entry_count());
   EXPECT_EQ(new_index_metadata.cache_size_, index_metadata.cache_size_);
 
   EXPECT_TRUE(new_index_metadata.CheckIndexMetadata());
 }
 
+// This derived index metadata class allows us to serialize the older V6 format
+// of the index metadata, thus allowing us to test deserializing the old format.
+class V6IndexMetadataForTest : public SimpleIndexFile::IndexMetadata {
+ public:
+  // Do not default to |SimpleIndex::INDEX_WRITE_REASON_MAX|, because we want to
+  // ensure we don't serialize that value and then deserialize it and have a
+  // false positive result.
+  V6IndexMetadataForTest(uint64_t entry_count, uint64_t cache_size)
+      : SimpleIndexFile::IndexMetadata(SimpleIndex::INDEX_WRITE_REASON_SHUTDOWN,
+                                       entry_count,
+                                       cache_size) {
+    version_ = 6;
+  }
+
+  // Copied and pasted from the V6 implementation of
+  // |SimpleIndexFile::IndexMetadata()| (removing DCHECKs).
+  void Serialize(base::Pickle* pickle) const override {
+    pickle->WriteUInt64(magic_number_);
+    pickle->WriteUInt32(version_);
+    pickle->WriteUInt64(entry_count_);
+    pickle->WriteUInt64(cache_size_);
+  }
+};
+
+TEST(IndexMetadataTest, ReadV6Format) {
+  V6IndexMetadataForTest v6_index_metadata(123, 456);
+  EXPECT_EQ(6U, v6_index_metadata.version_);
+  base::Pickle pickle;
+  v6_index_metadata.Serialize(&pickle);
+  base::PickleIterator it(pickle);
+  SimpleIndexFile::IndexMetadata new_index_metadata;
+  new_index_metadata.Deserialize(&it);
+
+  EXPECT_EQ(new_index_metadata.magic_number_, v6_index_metadata.magic_number_);
+  EXPECT_EQ(new_index_metadata.version_, v6_index_metadata.version_);
+
+  EXPECT_EQ(new_index_metadata.reason_, SimpleIndex::INDEX_WRITE_REASON_MAX);
+  EXPECT_EQ(new_index_metadata.entry_count(), v6_index_metadata.entry_count());
+  EXPECT_EQ(new_index_metadata.cache_size_, v6_index_metadata.cache_size_);
+
+  EXPECT_TRUE(new_index_metadata.CheckIndexMetadata());
+}
+
 // This friend derived class is able to reexport its ancestors private methods
 // as public, for use in tests.
 class WrappedSimpleIndexFile : public SimpleIndexFile {
@@ -113,6 +162,7 @@ TEST_F(SimpleIndexFileTest, Serialize) {
   EntryMetadata metadata_entries[kNumHashes];
 
   SimpleIndexFile::IndexMetadata index_metadata(
+      SimpleIndex::INDEX_WRITE_REASON_SHUTDOWN,
       static_cast<uint64_t>(kNumHashes), 456);
   for (size_t i = 0; i < kNumHashes; ++i) {
     uint64_t hash = kHashes[i];
@@ -120,7 +170,7 @@ TEST_F(SimpleIndexFileTest, Serialize) {
     SimpleIndex::InsertInEntrySet(hash, metadata_entries[i], &entries);
   }
 
-  scoped_ptr<base::Pickle> pickle =
+  std::unique_ptr<base::Pickle> pickle =
       WrappedSimpleIndexFile::Serialize(index_metadata, entries);
   EXPECT_TRUE(pickle.get() != NULL);
   base::Time now = base::Time::Now();
@@ -194,8 +244,9 @@ TEST_F(SimpleIndexFileTest, WriteThenLoadIndex) {
   net::TestClosure closure;
   {
     WrappedSimpleIndexFile simple_index_file(cache_dir.path());
-    simple_index_file.WriteToDisk(entries, kCacheSize, base::TimeTicks(),
-                                  false, closure.closure());
+    simple_index_file.WriteToDisk(SimpleIndex::INDEX_WRITE_REASON_SHUTDOWN,
+                                  entries, kCacheSize, base::TimeTicks(), false,
+                                  closure.closure());
     closure.WaitForResult();
     EXPECT_TRUE(base::PathExists(simple_index_file.GetIndexFilePath()));
   }
@@ -334,7 +385,8 @@ TEST_F(SimpleIndexFileTest, OverwritesStaleTempFile) {
   SimpleIndex::EntrySet entries;
   SimpleIndex::InsertInEntrySet(11, EntryMetadata(Time(), 11), &entries);
   net::TestClosure closure;
-  simple_index_file.WriteToDisk(entries, 120U, base::TimeTicks(), false,
+  simple_index_file.WriteToDisk(SimpleIndex::INDEX_WRITE_REASON_SHUTDOWN,
+                                entries, 120U, base::TimeTicks(), false,
                                 closure.closure());
   closure.WaitForResult();
 
diff --git a/chromium/net/disk_cache/simple/simple_index_unittest.cc b/chromium/net/disk_cache/simple/simple_index_unittest.cc
index 649d48f538c..d763d7f55e1 100644
--- a/chromium/net/disk_cache/simple/simple_index_unittest.cc
+++ b/chromium/net/disk_cache/simple/simple_index_unittest.cc
@@ -6,12 +6,12 @@
 
 #include <algorithm>
 #include <functional>
+#include <memory>
 #include <utility>
 
 #include "base/files/scoped_temp_dir.h"
 #include "base/hash.h"
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/pickle.h"
 #include "base/sha1.h"
 #include "base/strings/stringprintf.h"
@@ -67,7 +67,8 @@ class MockSimpleIndexFile : public SimpleIndexFile,
     ++load_index_entries_calls_;
   }
 
-  void WriteToDisk(const SimpleIndex::EntrySet& entry_set,
+  void WriteToDisk(SimpleIndex::IndexWriteToDiskReason reason,
+                   const SimpleIndex::EntrySet& entry_set,
                    uint64_t cache_size,
                    const base::TimeTicks& start,
                    bool app_on_background,
@@ -105,7 +106,7 @@ class SimpleIndexTest  : public testing::Test, public SimpleIndexDelegate {
   }
 
   void SetUp() override {
-    scoped_ptr<MockSimpleIndexFile> index_file(new MockSimpleIndexFile());
+    std::unique_ptr<MockSimpleIndexFile> index_file(new MockSimpleIndexFile());
     index_file_ = index_file->AsWeakPtr();
     index_.reset(
         new SimpleIndex(NULL, this, net::DISK_CACHE, std::move(index_file)));
@@ -161,7 +162,7 @@ class SimpleIndexTest  : public testing::Test, public SimpleIndexDelegate {
   int doom_entries_calls() const { return doom_entries_calls_; }
 
   const simple_util::ImmutableArray<uint64_t, 16> hashes_;
-  scoped_ptr<SimpleIndex> index_;
+  std::unique_ptr<SimpleIndex> index_;
   base::WeakPtr<MockSimpleIndexFile> index_file_;
 
   std::vector<uint64_t> last_doom_entry_hashes_;
@@ -207,13 +208,13 @@ TEST_F(SimpleIndexTest, IndexSizeCorrectOnMerge) {
   index()->UpdateEntrySize(hashes_.at<4>(), 4);
   EXPECT_EQ(9U, index()->cache_size_);
   {
-    scoped_ptr<SimpleIndexLoadResult> result(new SimpleIndexLoadResult());
+    std::unique_ptr<SimpleIndexLoadResult> result(new SimpleIndexLoadResult());
     result->did_load = true;
     index()->MergeInitializingSet(std::move(result));
   }
   EXPECT_EQ(9U, index()->cache_size_);
   {
-    scoped_ptr<SimpleIndexLoadResult> result(new SimpleIndexLoadResult());
+    std::unique_ptr<SimpleIndexLoadResult> result(new SimpleIndexLoadResult());
     result->did_load = true;
     const uint64_t new_hash_key = hashes_.at<11>();
     result->entries.insert(
diff --git a/chromium/net/disk_cache/simple/simple_net_log_parameters.cc b/chromium/net/disk_cache/simple/simple_net_log_parameters.cc
index 46c678c2001..fe565ef91da 100644
--- a/chromium/net/disk_cache/simple/simple_net_log_parameters.cc
+++ b/chromium/net/disk_cache/simple/simple_net_log_parameters.cc
@@ -17,20 +17,20 @@
 
 namespace {
 
-scoped_ptr<base::Value> NetLogSimpleEntryConstructionCallback(
+std::unique_ptr<base::Value> NetLogSimpleEntryConstructionCallback(
     const disk_cache::SimpleEntryImpl* entry,
     net::NetLogCaptureMode capture_mode) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetString("entry_hash",
                   base::StringPrintf("%#016" PRIx64, entry->entry_hash()));
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogSimpleEntryCreationCallback(
+std::unique_ptr<base::Value> NetLogSimpleEntryCreationCallback(
     const disk_cache::SimpleEntryImpl* entry,
     int net_error,
     net::NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetInteger("net_error", net_error);
   if (net_error == net::OK)
     dict->SetString("key", entry->key());
diff --git a/chromium/net/disk_cache/simple/simple_synchronous_entry.cc b/chromium/net/disk_cache/simple/simple_synchronous_entry.cc
index 220f6a8fea8..71f1cb9fffb 100644
--- a/chromium/net/disk_cache/simple/simple_synchronous_entry.cc
+++ b/chromium/net/disk_cache/simple/simple_synchronous_entry.cc
@@ -18,6 +18,8 @@
 #include "base/sha1.h"
 #include "base/strings/stringprintf.h"
 #include "base/timer/elapsed_timer.h"
+#include "crypto/secure_hash.h"
+#include "net/base/hash_value.h"
 #include "net/base/io_buffer.h"
 #include "net/base/net_errors.h"
 #include "net/disk_cache/simple/simple_backend_version.h"
@@ -39,7 +41,7 @@ enum OpenEntryResult {
   OPEN_ENTRY_BAD_MAGIC_NUMBER = 3,
   OPEN_ENTRY_BAD_VERSION = 4,
   OPEN_ENTRY_CANT_READ_KEY = 5,
-  // OPEN_ENTRY_KEY_MISMATCH = 6, Deprecated.
+  OPEN_ENTRY_KEY_MISMATCH = 6,
   OPEN_ENTRY_KEY_HASH_MISMATCH = 7,
   OPEN_ENTRY_SPARSE_OPEN_FAILED = 8,
   OPEN_ENTRY_MAX = 9,
@@ -63,6 +65,7 @@ enum CheckEOFResult {
   CHECK_EOF_RESULT_READ_FAILURE,
   CHECK_EOF_RESULT_MAGIC_NUMBER_MISMATCH,
   CHECK_EOF_RESULT_CRC_MISMATCH,
+  CHECK_EOF_RESULT_KEY_SHA256_MISMATCH,
   CHECK_EOF_RESULT_MAX,
 };
 
@@ -72,6 +75,9 @@ enum CloseResult {
   CLOSE_RESULT_WRITE_FAILURE,
 };
 
+// Used in histograms, please only add entries at the end.
+enum class KeySHA256Result { NOT_PRESENT, MATCHED, NO_MATCH, MAX };
+
 void RecordSyncOpenResult(net::CacheType cache_type,
                           OpenEntryResult result,
                           bool had_index) {
@@ -105,6 +111,12 @@ void RecordCloseResult(net::CacheType cache_type, CloseResult result) {
                    "SyncCloseResult", cache_type, result, WRITE_RESULT_MAX);
 }
 
+void RecordKeySHA256Result(net::CacheType cache_type, KeySHA256Result result) {
+  SIMPLE_CACHE_UMA(ENUMERATION, "SyncKeySHA256Result", cache_type,
+                   static_cast<int>(result),
+                   static_cast<int>(KeySHA256Result::MAX));
+}
+
 bool CanOmitEmptyFile(int file_index) {
   DCHECK_GE(file_index, 0);
   DCHECK_LT(file_index, disk_cache::kSimpleEntryFileCount);
@@ -123,6 +135,14 @@ bool TruncatePath(const FilePath& filename_to_truncate) {
   return true;
 }
 
+void CalculateSHA256OfKey(const std::string& key,
+                          net::SHA256HashValue* out_hash_value) {
+  std::unique_ptr<crypto::SecureHash> hash(
+      crypto::SecureHash::Create(crypto::SecureHash::SHA256));
+  hash->Update(key.data(), key.size());
+  hash->Finish(out_hash_value, sizeof(*out_hash_value));
+}
+
 }  // namespace
 
 namespace disk_cache {
@@ -130,8 +150,9 @@ namespace disk_cache {
 using simple_util::GetEntryHashKey;
 using simple_util::GetFilenameFromEntryHashAndFileIndex;
 using simple_util::GetSparseFilenameFromEntryHash;
-using simple_util::GetDataSizeFromKeyAndFileSize;
-using simple_util::GetFileSizeFromKeyAndDataSize;
+using simple_util::GetHeaderSize;
+using simple_util::GetDataSizeFromFileSize;
+using simple_util::GetFileSizeFromDataSize;
 using simple_util::GetFileIndexFromStreamIndex;
 
 SimpleEntryStat::SimpleEntryStat(base::Time last_used,
@@ -144,35 +165,46 @@ SimpleEntryStat::SimpleEntryStat(base::Time last_used,
   memcpy(data_size_, data_size, sizeof(data_size_));
 }
 
-int SimpleEntryStat::GetOffsetInFile(const std::string& key,
+// These size methods all assume the presence of the SHA256 on stream zero,
+// since this version of the cache always writes it. In the read case, it may
+// not be present and these methods can't be relied upon.
+
+int SimpleEntryStat::GetOffsetInFile(size_t key_length,
                                      int offset,
                                      int stream_index) const {
-  const size_t headers_size = sizeof(SimpleFileHeader) + key.size();
+  const size_t headers_size = sizeof(SimpleFileHeader) + key_length;
   const size_t additional_offset =
       stream_index == 0 ? data_size_[1] + sizeof(SimpleFileEOF) : 0;
   return headers_size + offset + additional_offset;
 }
 
-int SimpleEntryStat::GetEOFOffsetInFile(const std::string& key,
+int SimpleEntryStat::GetEOFOffsetInFile(size_t key_length,
                                         int stream_index) const {
-  return GetOffsetInFile(key, data_size_[stream_index], stream_index);
+  size_t additional_offset;
+  if (stream_index != 0)
+    additional_offset = 0;
+  else
+    additional_offset = sizeof(net::SHA256HashValue);
+  return additional_offset +
+         GetOffsetInFile(key_length, data_size_[stream_index], stream_index);
 }
 
-int SimpleEntryStat::GetLastEOFOffsetInFile(const std::string& key,
+int SimpleEntryStat::GetLastEOFOffsetInFile(size_t key_length,
                                             int stream_index) const {
-  const int file_index = GetFileIndexFromStreamIndex(stream_index);
-  const int eof_data_offset =
-      file_index == 0 ? data_size_[0] + data_size_[1] + sizeof(SimpleFileEOF)
-                      : data_size_[2];
-  return GetOffsetInFile(key, eof_data_offset, stream_index);
+  if (stream_index == 1)
+    return GetEOFOffsetInFile(key_length, 0);
+  return GetEOFOffsetInFile(key_length, stream_index);
 }
 
-int64_t SimpleEntryStat::GetFileSize(const std::string& key,
-                                     int file_index) const {
-  const int32_t total_data_size =
-      file_index == 0 ? data_size_[0] + data_size_[1] + sizeof(SimpleFileEOF)
-                      : data_size_[2];
-  return GetFileSizeFromKeyAndDataSize(key, total_data_size);
+int64_t SimpleEntryStat::GetFileSize(size_t key_length, int file_index) const {
+  int32_t total_data_size;
+  if (file_index == 0) {
+    total_data_size = data_size_[0] + data_size_[1] +
+                      sizeof(net::SHA256HashValue) + sizeof(SimpleFileEOF);
+  } else {
+    total_data_size = data_size_[2];
+  }
+  return GetFileSizeFromDataSize(key_length, total_data_size);
 }
 
 SimpleEntryCreationResults::SimpleEntryCreationResults(
@@ -223,17 +255,16 @@ SimpleSynchronousEntry::EntryOperationData::EntryOperationData(
 void SimpleSynchronousEntry::OpenEntry(
     net::CacheType cache_type,
     const FilePath& path,
+    const std::string& key,
     const uint64_t entry_hash,
-    bool had_index,
+    const bool had_index,
     SimpleEntryCreationResults* out_results) {
   base::ElapsedTimer open_time;
   SimpleSynchronousEntry* sync_entry =
-      new SimpleSynchronousEntry(cache_type, path, "", entry_hash);
-  out_results->result =
-      sync_entry->InitializeForOpen(had_index,
-                                    &out_results->entry_stat,
-                                    &out_results->stream_0_data,
-                                    &out_results->stream_0_crc32);
+      new SimpleSynchronousEntry(cache_type, path, key, entry_hash, had_index);
+  out_results->result = sync_entry->InitializeForOpen(
+      &out_results->entry_stat, &out_results->stream_0_data,
+      &out_results->stream_0_crc32);
   if (out_results->result != net::OK) {
     sync_entry->Doom();
     delete sync_entry;
@@ -251,13 +282,13 @@ void SimpleSynchronousEntry::CreateEntry(
     const FilePath& path,
     const std::string& key,
     const uint64_t entry_hash,
-    bool had_index,
+    const bool had_index,
     SimpleEntryCreationResults* out_results) {
   DCHECK_EQ(entry_hash, GetEntryHashKey(key));
   SimpleSynchronousEntry* sync_entry =
-      new SimpleSynchronousEntry(cache_type, path, key, entry_hash);
-  out_results->result = sync_entry->InitializeForCreate(
-      had_index, &out_results->entry_stat);
+      new SimpleSynchronousEntry(cache_type, path, key, entry_hash, had_index);
+  out_results->result =
+      sync_entry->InitializeForCreate(&out_results->entry_stat);
   if (out_results->result != net::OK) {
     if (out_results->result != net::ERR_FILE_EXISTS)
       sync_entry->Doom();
@@ -298,19 +329,24 @@ void SimpleSynchronousEntry::ReadData(const EntryOperationData& in_entry_op,
                                       net::IOBuffer* out_buf,
                                       uint32_t* out_crc32,
                                       SimpleEntryStat* entry_stat,
-                                      int* out_result) const {
+                                      int* out_result) {
   DCHECK(initialized_);
   DCHECK_NE(0, in_entry_op.index);
-  const int64_t file_offset =
-      entry_stat->GetOffsetInFile(key_, in_entry_op.offset, in_entry_op.index);
   int file_index = GetFileIndexFromStreamIndex(in_entry_op.index);
+  if (header_and_key_check_needed_[file_index] &&
+      !CheckHeaderAndKey(file_index)) {
+    *out_result = net::ERR_FAILED;
+    Doom();
+    return;
+  }
+  const int64_t file_offset = entry_stat->GetOffsetInFile(
+      key_.size(), in_entry_op.offset, in_entry_op.index);
   // Zero-length reads and reads to the empty streams of omitted files should
   // be handled in the SimpleEntryImpl.
   DCHECK_GT(in_entry_op.buf_len, 0);
   DCHECK(!empty_file_omitted_[file_index]);
-  File* file = const_cast<File*>(&files_[file_index]);
-  int bytes_read =
-      file->Read(file_offset, out_buf->data(), in_entry_op.buf_len);
+  int bytes_read = files_[file_index].Read(file_offset, out_buf->data(),
+                                           in_entry_op.buf_len);
   if (bytes_read > 0) {
     entry_stat->set_last_used(Time::Now());
     *out_crc32 = crc32(crc32(0L, Z_NULL, 0),
@@ -333,12 +369,18 @@ void SimpleSynchronousEntry::WriteData(const EntryOperationData& in_entry_op,
   DCHECK_NE(0, in_entry_op.index);
   int index = in_entry_op.index;
   int file_index = GetFileIndexFromStreamIndex(index);
+  if (header_and_key_check_needed_[file_index] &&
+      !empty_file_omitted_[file_index] && !CheckHeaderAndKey(file_index)) {
+    *out_result = net::ERR_FAILED;
+    Doom();
+    return;
+  }
   int offset = in_entry_op.offset;
   int buf_len = in_entry_op.buf_len;
   bool truncate = in_entry_op.truncate;
   bool doomed = in_entry_op.doomed;
   const int64_t file_offset = out_entry_stat->GetOffsetInFile(
-      key_, in_entry_op.offset, in_entry_op.index);
+      key_.size(), in_entry_op.offset, in_entry_op.index);
   bool extending_by_write = offset + buf_len > out_entry_stat->data_size(index);
 
   if (empty_file_omitted_[file_index]) {
@@ -371,7 +413,7 @@ void SimpleSynchronousEntry::WriteData(const EntryOperationData& in_entry_op,
   if (extending_by_write) {
     // The EOF record and the eventual stream afterward need to be zeroed out.
     const int64_t file_eof_offset =
-        out_entry_stat->GetEOFOffsetInFile(key_, index);
+        out_entry_stat->GetEOFOffsetInFile(key_.size(), index);
     if (!files_[file_index].SetLength(file_eof_offset)) {
       RecordWriteResult(cache_type_, WRITE_RESULT_PRETRUNCATE_FAILURE);
       Doom();
@@ -393,7 +435,8 @@ void SimpleSynchronousEntry::WriteData(const EntryOperationData& in_entry_op,
         index, std::max(out_entry_stat->data_size(index), offset + buf_len));
   } else {
     out_entry_stat->set_data_size(index, offset + buf_len);
-    int file_eof_offset = out_entry_stat->GetLastEOFOffsetInFile(key_, index);
+    int file_eof_offset =
+        out_entry_stat->GetLastEOFOffsetInFile(key_.size(), index);
     if (!files_[file_index].SetLength(file_eof_offset)) {
       RecordWriteResult(cache_type_, WRITE_RESULT_TRUNCATE_FAILURE);
       Doom();
@@ -621,9 +664,10 @@ void SimpleSynchronousEntry::CheckEOFRecord(int index,
   DCHECK(initialized_);
   uint32_t crc32;
   bool has_crc32;
+  bool has_key_sha256;
   int stream_size;
-  *out_result =
-      GetEOFRecordData(index, entry_stat, &has_crc32, &crc32, &stream_size);
+  *out_result = GetEOFRecordData(index, entry_stat, &has_crc32, &has_key_sha256,
+                                 &crc32, &stream_size);
   if (*out_result != net::OK) {
     Doom();
     return;
@@ -640,18 +684,9 @@ void SimpleSynchronousEntry::CheckEOFRecord(int index,
 
 void SimpleSynchronousEntry::Close(
     const SimpleEntryStat& entry_stat,
-    scoped_ptr<std::vector<CRCRecord> > crc32s_to_write,
+    std::unique_ptr<std::vector<CRCRecord>> crc32s_to_write,
     net::GrowableIOBuffer* stream_0_data) {
   DCHECK(stream_0_data);
-  // Write stream 0 data.
-  int stream_0_offset = entry_stat.GetOffsetInFile(key_, 0, 0);
-  if (files_[0].Write(stream_0_offset, stream_0_data->data(),
-                      entry_stat.data_size(0)) !=
-      entry_stat.data_size(0)) {
-    RecordCloseResult(cache_type_, CLOSE_RESULT_WRITE_FAILURE);
-    DVLOG(1) << "Could not write stream 0 data.";
-    Doom();
-  }
 
   for (std::vector<CRCRecord>::const_iterator it = crc32s_to_write->begin();
        it != crc32s_to_write->end(); ++it) {
@@ -660,14 +695,36 @@ void SimpleSynchronousEntry::Close(
     if (empty_file_omitted_[file_index])
       continue;
 
+    if (stream_index == 0) {
+      // Write stream 0 data.
+      int stream_0_offset = entry_stat.GetOffsetInFile(key_.size(), 0, 0);
+      if (files_[0].Write(stream_0_offset, stream_0_data->data(),
+                          entry_stat.data_size(0)) != entry_stat.data_size(0)) {
+        RecordCloseResult(cache_type_, CLOSE_RESULT_WRITE_FAILURE);
+        DVLOG(1) << "Could not write stream 0 data.";
+        Doom();
+      }
+      net::SHA256HashValue hash_value;
+      CalculateSHA256OfKey(key_, &hash_value);
+      if (files_[0].Write(stream_0_offset + entry_stat.data_size(0),
+                          reinterpret_cast<char*>(hash_value.data),
+                          sizeof(hash_value)) != sizeof(hash_value)) {
+        RecordCloseResult(cache_type_, CLOSE_RESULT_WRITE_FAILURE);
+        DVLOG(1) << "Could not write stream 0 data.";
+        Doom();
+      }
+    }
+
     SimpleFileEOF eof_record;
     eof_record.stream_size = entry_stat.data_size(stream_index);
     eof_record.final_magic_number = kSimpleFinalMagicNumber;
     eof_record.flags = 0;
     if (it->has_crc32)
       eof_record.flags |= SimpleFileEOF::FLAG_HAS_CRC32;
+    if (stream_index == 0)
+      eof_record.flags |= SimpleFileEOF::FLAG_HAS_KEY_SHA256;
     eof_record.data_crc32 = it->data_crc32;
-    int eof_offset = entry_stat.GetEOFOffsetInFile(key_, stream_index);
+    int eof_offset = entry_stat.GetEOFOffsetInFile(key_.size(), stream_index);
     // If stream 0 changed size, the file needs to be resized, otherwise the
     // next open will yield wrong stream sizes. On stream 1 and stream 2 proper
     // resizing of the file is handled in SimpleSynchronousEntry::WriteData().
@@ -692,8 +749,11 @@ void SimpleSynchronousEntry::Close(
     if (empty_file_omitted_[i])
       continue;
 
+    if (header_and_key_check_needed_[i] && !CheckHeaderAndKey(i)) {
+      Doom();
+    }
     files_[i].Close();
-    const int64_t file_size = entry_stat.GetFileSize(key_, i);
+    const int64_t file_size = entry_stat.GetFileSize(key_.size(), i);
     SIMPLE_CACHE_UMA(CUSTOM_COUNTS,
                      "LastClusterSize", cache_type_,
                      file_size % 4096, 0, 4097, 50);
@@ -720,10 +780,12 @@ void SimpleSynchronousEntry::Close(
 SimpleSynchronousEntry::SimpleSynchronousEntry(net::CacheType cache_type,
                                                const FilePath& path,
                                                const std::string& key,
-                                               const uint64_t entry_hash)
+                                               const uint64_t entry_hash,
+                                               const bool had_index)
     : cache_type_(cache_type),
       path_(path),
       entry_hash_(entry_hash),
+      had_index_(had_index),
       key_(key),
       have_open_files_(false),
       initialized_(false) {
@@ -779,20 +841,19 @@ bool SimpleSynchronousEntry::MaybeCreateFile(
   return files_[file_index].IsValid();
 }
 
-bool SimpleSynchronousEntry::OpenFiles(
-    bool had_index,
-    SimpleEntryStat* out_entry_stat) {
+bool SimpleSynchronousEntry::OpenFiles(SimpleEntryStat* out_entry_stat) {
   for (int i = 0; i < kSimpleEntryFileCount; ++i) {
     File::Error error;
     if (!MaybeOpenFile(i, &error)) {
-      // TODO(ttuttle,gavinp): Remove one each of these triplets of histograms.
-      // We can calculate the third as the sum or difference of the other two.
-      RecordSyncOpenResult(
-          cache_type_, OPEN_ENTRY_PLATFORM_FILE_ERROR, had_index);
+      // TODO(juliatuttle,gavinp): Remove one each of these triplets of
+      // histograms. We can calculate the third as the sum or difference of the
+      // other two.
+      RecordSyncOpenResult(cache_type_, OPEN_ENTRY_PLATFORM_FILE_ERROR,
+                           had_index_);
       SIMPLE_CACHE_UMA(ENUMERATION,
                        "SyncOpenPlatformFileError", cache_type_,
                        -error, -base::File::FILE_ERROR_MAX);
-      if (had_index) {
+      if (had_index_) {
         SIMPLE_CACHE_UMA(ENUMERATION,
                          "SyncOpenPlatformFileError_WithIndex", cache_type_,
                          -error, -base::File::FILE_ERROR_MAX);
@@ -859,19 +920,18 @@ bool SimpleSynchronousEntry::OpenFiles(
   return true;
 }
 
-bool SimpleSynchronousEntry::CreateFiles(
-    bool had_index,
-    SimpleEntryStat* out_entry_stat) {
+bool SimpleSynchronousEntry::CreateFiles(SimpleEntryStat* out_entry_stat) {
   for (int i = 0; i < kSimpleEntryFileCount; ++i) {
     File::Error error;
     if (!MaybeCreateFile(i, FILE_NOT_REQUIRED, &error)) {
-      // TODO(ttuttle,gavinp): Remove one each of these triplets of histograms.
-      // We can calculate the third as the sum or difference of the other two.
-      RecordSyncCreateResult(CREATE_ENTRY_PLATFORM_FILE_ERROR, had_index);
+      // TODO(juliatuttle,gavinp): Remove one each of these triplets of
+      // histograms. We can calculate the third as the sum or difference of the
+      // other two.
+      RecordSyncCreateResult(CREATE_ENTRY_PLATFORM_FILE_ERROR, had_index_);
       SIMPLE_CACHE_UMA(ENUMERATION,
                        "SyncCreatePlatformFileError", cache_type_,
                        -error, -base::File::FILE_ERROR_MAX);
-      if (had_index) {
+      if (had_index_) {
         SIMPLE_CACHE_UMA(ENUMERATION,
                          "SyncCreatePlatformFileError_WithIndex", cache_type_,
                          -error, -base::File::FILE_ERROR_MAX);
@@ -917,13 +977,80 @@ void SimpleSynchronousEntry::CloseFiles() {
     CloseFile(i);
 }
 
+bool SimpleSynchronousEntry::CheckHeaderAndKey(int file_index) {
+  // TODO(gavinp): Frequently we are doing this at the same time as we read from
+  // the beginning of an entry. It might improve performance to make a single
+  // read(2) call rather than two separate reads. On the other hand, it would
+  // mean an extra memory to memory copy. In the case where we are opening an
+  // entry without a key, the kInitialHeaderRead setting means that we are
+  // actually already reading stream 1 data here, and tossing it out.
+  std::vector<char> header_data(key_.empty() ? kInitialHeaderRead
+                                             : GetHeaderSize(key_.size()));
+  int bytes_read =
+      files_[file_index].Read(0, header_data.data(), header_data.size());
+  const SimpleFileHeader* header =
+      reinterpret_cast<const SimpleFileHeader*>(header_data.data());
+
+  if (bytes_read == -1 || static_cast<size_t>(bytes_read) < sizeof(*header)) {
+    RecordSyncOpenResult(cache_type_, OPEN_ENTRY_CANT_READ_HEADER, had_index_);
+    return false;
+  }
+  // This resize will not invalidate iterators since it does not enlarge the
+  // header_data.
+  DCHECK_LE(static_cast<size_t>(bytes_read), header_data.size());
+  header_data.resize(bytes_read);
+
+  if (header->initial_magic_number != kSimpleInitialMagicNumber) {
+    RecordSyncOpenResult(cache_type_, OPEN_ENTRY_BAD_MAGIC_NUMBER, had_index_);
+    return false;
+  }
+
+  if (header->version != kSimpleEntryVersionOnDisk) {
+    RecordSyncOpenResult(cache_type_, OPEN_ENTRY_BAD_VERSION, had_index_);
+    return false;
+  }
+
+  size_t expected_header_size = GetHeaderSize(header->key_length);
+  if (header_data.size() < expected_header_size) {
+    size_t old_size = header_data.size();
+    int bytes_to_read = expected_header_size - old_size;
+    // This resize will invalidate iterators, since it is enlarging header_data.
+    header_data.resize(expected_header_size);
+    int bytes_read = files_[file_index].Read(
+        old_size, header_data.data() + old_size, bytes_to_read);
+    if (bytes_read != bytes_to_read) {
+      RecordSyncOpenResult(cache_type_, OPEN_ENTRY_CANT_READ_KEY, had_index_);
+      return false;
+    }
+    header = reinterpret_cast<const SimpleFileHeader*>(header_data.data());
+  }
+
+  char* key_data = header_data.data() + sizeof(*header);
+  if (base::Hash(key_data, header->key_length) != header->key_hash) {
+    RecordSyncOpenResult(cache_type_, OPEN_ENTRY_KEY_HASH_MISMATCH, had_index_);
+    return false;
+  }
+
+  std::string key_from_header(key_data, header->key_length);
+  if (key_.empty()) {
+    key_.swap(key_from_header);
+  } else {
+    if (key_ != key_from_header) {
+      RecordSyncOpenResult(cache_type_, OPEN_ENTRY_KEY_MISMATCH, had_index_);
+      return false;
+    }
+  }
+
+  header_and_key_check_needed_[file_index] = false;
+  return true;
+}
+
 int SimpleSynchronousEntry::InitializeForOpen(
-    bool had_index,
     SimpleEntryStat* out_entry_stat,
     scoped_refptr<net::GrowableIOBuffer>* stream_0_data,
     uint32_t* out_stream_0_crc32) {
   DCHECK(!initialized_);
-  if (!OpenFiles(had_index, out_entry_stat)) {
+  if (!OpenFiles(out_entry_stat)) {
     DLOG(WARNING) << "Could not open platform files for entry.";
     return net::ERR_FAILED;
   }
@@ -931,69 +1058,35 @@ int SimpleSynchronousEntry::InitializeForOpen(
     if (empty_file_omitted_[i])
       continue;
 
-    SimpleFileHeader header;
-    int header_read_result =
-        files_[i].Read(0, reinterpret_cast<char*>(&header), sizeof(header));
-    if (header_read_result != sizeof(header)) {
-      DLOG(WARNING) << "Cannot read header from entry.";
-      RecordSyncOpenResult(cache_type_, OPEN_ENTRY_CANT_READ_HEADER, had_index);
-      return net::ERR_FAILED;
-    }
-
-    if (header.initial_magic_number != kSimpleInitialMagicNumber) {
-      // TODO(gavinp): This seems very bad; for now we log at WARNING, but we
-      // should give consideration to not saturating the log with these if that
-      // becomes a problem.
-      DLOG(WARNING) << "Magic number did not match.";
-      RecordSyncOpenResult(cache_type_, OPEN_ENTRY_BAD_MAGIC_NUMBER, had_index);
-      return net::ERR_FAILED;
-    }
-
-    if (header.version != kSimpleEntryVersionOnDisk) {
-      DLOG(WARNING) << "Unreadable version.";
-      RecordSyncOpenResult(cache_type_, OPEN_ENTRY_BAD_VERSION, had_index);
-      return net::ERR_FAILED;
-    }
-
-    scoped_ptr<char[]> key(new char[header.key_length]);
-    int key_read_result = files_[i].Read(sizeof(header), key.get(),
-                                         header.key_length);
-    if (key_read_result != base::checked_cast<int>(header.key_length)) {
-      DLOG(WARNING) << "Cannot read key from entry.";
-      RecordSyncOpenResult(cache_type_, OPEN_ENTRY_CANT_READ_KEY, had_index);
-      return net::ERR_FAILED;
+    if (!key_.empty()) {
+      header_and_key_check_needed_[i] = true;
+    } else {
+      if (!CheckHeaderAndKey(i))
+        return net::ERR_FAILED;
     }
 
-    key_ = std::string(key.get(), header.key_length);
     if (i == 0) {
       // File size for stream 0 has been stored temporarily in data_size[1].
-      int total_data_size =
-          GetDataSizeFromKeyAndFileSize(key_, out_entry_stat->data_size(1));
-      int ret_value_stream_0 = ReadAndValidateStream0(
-          total_data_size, out_entry_stat, stream_0_data, out_stream_0_crc32);
+      int ret_value_stream_0 =
+          ReadAndValidateStream0(out_entry_stat->data_size(1), out_entry_stat,
+                                 stream_0_data, out_stream_0_crc32);
       if (ret_value_stream_0 != net::OK)
         return ret_value_stream_0;
     } else {
       out_entry_stat->set_data_size(
-          2, GetDataSizeFromKeyAndFileSize(key_, out_entry_stat->data_size(2)));
+          2,
+          GetDataSizeFromFileSize(key_.size(), out_entry_stat->data_size(2)));
       if (out_entry_stat->data_size(2) < 0) {
         DLOG(WARNING) << "Stream 2 file is too small.";
         return net::ERR_FAILED;
       }
     }
-
-    if (base::Hash(key.get(), header.key_length) != header.key_hash) {
-      DLOG(WARNING) << "Hash mismatch on key.";
-      RecordSyncOpenResult(
-          cache_type_, OPEN_ENTRY_KEY_HASH_MISMATCH, had_index);
-      return net::ERR_FAILED;
-    }
   }
 
   int32_t sparse_data_size = 0;
   if (!OpenSparseFileIfExists(&sparse_data_size)) {
-    RecordSyncOpenResult(
-        cache_type_, OPEN_ENTRY_SPARSE_OPEN_FAILED, had_index);
+    RecordSyncOpenResult(cache_type_, OPEN_ENTRY_SPARSE_OPEN_FAILED,
+                         had_index_);
     return net::ERR_FAILED;
   }
   out_entry_stat->set_sparse_data_size(sparse_data_size);
@@ -1013,7 +1106,7 @@ int SimpleSynchronousEntry::InitializeForOpen(
   SIMPLE_CACHE_UMA(BOOLEAN, "EntryOpenedAndStream2Removed", cache_type_,
                    removed_stream2);
 
-  RecordSyncOpenResult(cache_type_, OPEN_ENTRY_SUCCESS, had_index);
+  RecordSyncOpenResult(cache_type_, OPEN_ENTRY_SUCCESS, had_index_);
   initialized_ = true;
   return net::OK;
 }
@@ -1046,10 +1139,9 @@ bool SimpleSynchronousEntry::InitializeCreatedFile(
 }
 
 int SimpleSynchronousEntry::InitializeForCreate(
-    bool had_index,
     SimpleEntryStat* out_entry_stat) {
   DCHECK(!initialized_);
-  if (!CreateFiles(had_index, out_entry_stat)) {
+  if (!CreateFiles(out_entry_stat)) {
     DLOG(WARNING) << "Could not create platform files.";
     return net::ERR_FILE_EXISTS;
   }
@@ -1059,49 +1151,56 @@ int SimpleSynchronousEntry::InitializeForCreate(
 
     CreateEntryResult result;
     if (!InitializeCreatedFile(i, &result)) {
-      RecordSyncCreateResult(result, had_index);
+      RecordSyncCreateResult(result, had_index_);
       return net::ERR_FAILED;
     }
   }
-  RecordSyncCreateResult(CREATE_ENTRY_SUCCESS, had_index);
+  RecordSyncCreateResult(CREATE_ENTRY_SUCCESS, had_index_);
   initialized_ = true;
   return net::OK;
 }
 
 int SimpleSynchronousEntry::ReadAndValidateStream0(
-    int total_data_size,
+    int file_size,
     SimpleEntryStat* out_entry_stat,
     scoped_refptr<net::GrowableIOBuffer>* stream_0_data,
-    uint32_t* out_stream_0_crc32) const {
-  // Temporarily assign all the data size to stream 1 in order to read the
-  // EOF record for stream 0, which contains the size of stream 0.
+    uint32_t* out_stream_0_crc32) {
+  // Pretend this file has a null stream zero, and contains the optional key
+  // SHA256. This is good enough to read the EOF record on the file, which gives
+  // the actual size of stream 0.
+  int total_data_size = GetDataSizeFromFileSize(key_.size(), file_size);
   out_entry_stat->set_data_size(0, 0);
-  out_entry_stat->set_data_size(1, total_data_size - sizeof(SimpleFileEOF));
+  out_entry_stat->set_data_size(
+      1,
+      total_data_size - sizeof(net::SHA256HashValue) - sizeof(SimpleFileEOF));
 
   bool has_crc32;
+  bool has_key_sha256;
   uint32_t read_crc32;
   int stream_0_size;
-  int ret_value_crc32 = GetEOFRecordData(
-      0, *out_entry_stat, &has_crc32, &read_crc32, &stream_0_size);
+  int ret_value_crc32 =
+      GetEOFRecordData(0, *out_entry_stat, &has_crc32, &has_key_sha256,
+                       &read_crc32, &stream_0_size);
   if (ret_value_crc32 != net::OK)
     return ret_value_crc32;
-
-  if (stream_0_size > out_entry_stat->data_size(1))
+  // Calculate and set the real values for data size.
+  int stream_1_size = out_entry_stat->data_size(1) - stream_0_size;
+  if (!has_key_sha256)
+    stream_1_size += sizeof(net::SHA256HashValue);
+  if (stream_1_size < 0)
     return net::ERR_FAILED;
-
-  // These are the real values of data size.
   out_entry_stat->set_data_size(0, stream_0_size);
-  out_entry_stat->set_data_size(
-      1, out_entry_stat->data_size(1) - stream_0_size);
+  out_entry_stat->set_data_size(1, stream_1_size);
 
   // Put stream 0 data in memory.
   *stream_0_data = new net::GrowableIOBuffer();
-  (*stream_0_data)->SetCapacity(stream_0_size);
-  int file_offset = out_entry_stat->GetOffsetInFile(key_, 0, 0);
-  File* file = const_cast<File*>(&files_[0]);
-  int bytes_read =
-      file->Read(file_offset, (*stream_0_data)->data(), stream_0_size);
-  if (bytes_read != stream_0_size)
+  (*stream_0_data)->SetCapacity(stream_0_size + sizeof(net::SHA256HashValue));
+  int file_offset = out_entry_stat->GetOffsetInFile(key_.size(), 0, 0);
+  int read_size = stream_0_size;
+  if (has_key_sha256)
+    read_size += sizeof(net::SHA256HashValue);
+  if (files_[0].Read(file_offset, (*stream_0_data)->data(), read_size) !=
+      read_size)
     return net::ERR_FAILED;
 
   // Check the CRC32.
@@ -1117,6 +1216,27 @@ int SimpleSynchronousEntry::ReadAndValidateStream0(
     return net::ERR_FAILED;
   }
   *out_stream_0_crc32 = expected_crc32;
+
+  // If present, check the key SHA256.
+  if (has_key_sha256) {
+    net::SHA256HashValue hash_value;
+    CalculateSHA256OfKey(key_, &hash_value);
+    bool matched =
+        std::memcmp(&hash_value, (*stream_0_data)->data() + stream_0_size,
+                    sizeof(hash_value)) == 0;
+    if (!matched) {
+      RecordKeySHA256Result(cache_type_, KeySHA256Result::NO_MATCH);
+      return net::ERR_FAILED;
+    }
+    RecordKeySHA256Result(cache_type_, KeySHA256Result::MATCHED);
+  } else {
+    RecordKeySHA256Result(cache_type_, KeySHA256Result::NOT_PRESENT);
+  }
+
+  // Ensure the key is validated before completion.
+  if (!has_key_sha256 && header_and_key_check_needed_[0])
+    CheckHeaderAndKey(0);
+
   RecordCheckEOFResult(cache_type_, CHECK_EOF_RESULT_SUCCESS);
   return net::OK;
 }
@@ -1124,10 +1244,11 @@ int SimpleSynchronousEntry::ReadAndValidateStream0(
 int SimpleSynchronousEntry::GetEOFRecordData(int index,
                                              const SimpleEntryStat& entry_stat,
                                              bool* out_has_crc32,
+                                             bool* out_has_key_sha256,
                                              uint32_t* out_crc32,
                                              int* out_data_size) const {
   SimpleFileEOF eof_record;
-  int file_offset = entry_stat.GetEOFOffsetInFile(key_, index);
+  int file_offset = entry_stat.GetEOFOffsetInFile(key_.size(), index);
   int file_index = GetFileIndexFromStreamIndex(index);
   File* file = const_cast<File*>(&files_[file_index]);
   if (file->Read(file_offset, reinterpret_cast<char*>(&eof_record),
@@ -1145,6 +1266,9 @@ int SimpleSynchronousEntry::GetEOFRecordData(int index,
 
   *out_has_crc32 = (eof_record.flags & SimpleFileEOF::FLAG_HAS_CRC32) ==
                    SimpleFileEOF::FLAG_HAS_CRC32;
+  *out_has_key_sha256 =
+      (eof_record.flags & SimpleFileEOF::FLAG_HAS_KEY_SHA256) ==
+      SimpleFileEOF::FLAG_HAS_KEY_SHA256;
   *out_crc32 = eof_record.data_crc32;
   *out_data_size = eof_record.stream_size;
   SIMPLE_CACHE_UMA(BOOLEAN, "SyncCheckEOFHasCrc", cache_type_, *out_has_crc32);
@@ -1381,7 +1505,7 @@ bool SimpleSynchronousEntry::ReadSparseRange(const SparseRange* range,
       return false;
     }
   }
-  // TODO(ttuttle): Incremental crc32 calculation?
+  // TODO(juliatuttle): Incremental crc32 calculation?
 
   return true;
 }
diff --git a/chromium/net/disk_cache/simple/simple_synchronous_entry.h b/chromium/net/disk_cache/simple/simple_synchronous_entry.h
index 963f665b931..3c939a835a5 100644
--- a/chromium/net/disk_cache/simple/simple_synchronous_entry.h
+++ b/chromium/net/disk_cache/simple/simple_synchronous_entry.h
@@ -9,14 +9,15 @@
 
 #include <algorithm>
 #include <map>
+#include <memory>
 #include <string>
 #include <utility>
 #include <vector>
 
 #include "base/files/file.h"
 #include "base/files/file_path.h"
+#include "base/gtest_prod_util.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/time/time.h"
 #include "net/base/cache_type.h"
 #include "net/base/net_export.h"
@@ -27,6 +28,8 @@ class GrowableIOBuffer;
 class IOBuffer;
 }
 
+FORWARD_DECLARE_TEST(DiskCacheBackendTest, SimpleCacheEnumerationLongKeys);
+
 namespace disk_cache {
 
 class SimpleSynchronousEntry;
@@ -41,12 +44,10 @@ class NET_EXPORT_PRIVATE SimpleEntryStat {
                   const int32_t data_size[],
                   const int32_t sparse_data_size);
 
-  int GetOffsetInFile(const std::string& key,
-                      int offset,
-                      int stream_index) const;
-  int GetEOFOffsetInFile(const std::string& key, int stream_index) const;
-  int GetLastEOFOffsetInFile(const std::string& key, int file_index) const;
-  int64_t GetFileSize(const std::string& key, int file_index) const;
+  int GetOffsetInFile(size_t key_length, int offset, int stream_index) const;
+  int GetEOFOffsetInFile(size_t key_length, int stream_index) const;
+  int GetLastEOFOffsetInFile(size_t key_length, int file_index) const;
+  int64_t GetFileSize(size_t key_length, int file_index) const;
 
   base::Time last_used() const { return last_used_; }
   base::Time last_modified() const { return last_modified_; }
@@ -114,8 +115,12 @@ class SimpleSynchronousEntry {
     bool doomed;
   };
 
+  // Opens a disk cache entry on disk. The |key| parameter is optional, if empty
+  // the operation may be slower. The |entry_hash| parameter is required.
+  // |had_index| is provided only for histograms.
   static void OpenEntry(net::CacheType cache_type,
                         const base::FilePath& path,
+                        const std::string& key,
                         uint64_t entry_hash,
                         bool had_index,
                         SimpleEntryCreationResults* out_results);
@@ -150,7 +155,7 @@ class SimpleSynchronousEntry {
                 net::IOBuffer* out_buf,
                 uint32_t* out_crc32,
                 SimpleEntryStat* entry_stat,
-                int* out_result) const;
+                int* out_result);
   void WriteData(const EntryOperationData& in_entry_op,
                  net::IOBuffer* in_buf,
                  SimpleEntryStat* out_entry_stat,
@@ -176,13 +181,16 @@ class SimpleSynchronousEntry {
   // Close all streams, and add write EOF records to streams indicated by the
   // CRCRecord entries in |crc32s_to_write|.
   void Close(const SimpleEntryStat& entry_stat,
-             scoped_ptr<std::vector<CRCRecord> > crc32s_to_write,
+             std::unique_ptr<std::vector<CRCRecord>> crc32s_to_write,
              net::GrowableIOBuffer* stream_0_data);
 
   const base::FilePath& path() const { return path_; }
   std::string key() const { return key_; }
 
  private:
+  FRIEND_TEST_ALL_PREFIXES(::DiskCacheBackendTest,
+                           SimpleCacheEnumerationLongKeys);
+
   enum CreateEntryResult {
     CREATE_ENTRY_SUCCESS = 0,
     CREATE_ENTRY_PLATFORM_FILE_ERROR = 1,
@@ -207,10 +215,16 @@ class SimpleSynchronousEntry {
     }
   };
 
+  // When opening an entry without knowing the key, the header must be read
+  // without knowing the size of the key. This is how much to read initially, to
+  // make it likely the entire key is read.
+  static const size_t kInitialHeaderRead = 64 * 1024;
+
   SimpleSynchronousEntry(net::CacheType cache_type,
                          const base::FilePath& path,
                          const std::string& key,
-                         uint64_t entry_hash);
+                         uint64_t entry_hash,
+                         bool had_index);
 
   // Like Entry, the SimpleSynchronousEntry self releases when Close() is
   // called.
@@ -227,18 +241,19 @@ class SimpleSynchronousEntry {
   bool MaybeCreateFile(int file_index,
                        FileRequired file_required,
                        base::File::Error* out_error);
-  bool OpenFiles(bool had_index,
-                 SimpleEntryStat* out_entry_stat);
-  bool CreateFiles(bool had_index,
-                   SimpleEntryStat* out_entry_stat);
+  bool OpenFiles(SimpleEntryStat* out_entry_stat);
+  bool CreateFiles(SimpleEntryStat* out_entry_stat);
   void CloseFile(int index);
   void CloseFiles();
 
-  // Returns a net error, i.e. net::OK on success. |had_index| is passed
-  // from the main entry for metrics purposes, and is true if the index was
-  // initialized when the open operation began.
-  int InitializeForOpen(bool had_index,
-                        SimpleEntryStat* out_entry_stat,
+  // Read the header and key at the beginning of the file, and validate that
+  // they are correct. If this entry was opened with a key, the key is checked
+  // for a match. If not, then the |key_| member is set based on the value in
+  // this header. Records histograms if any check is failed.
+  bool CheckHeaderAndKey(int file_index);
+
+  // Returns a net error, i.e. net::OK on success.
+  int InitializeForOpen(SimpleEntryStat* out_entry_stat,
                         scoped_refptr<net::GrowableIOBuffer>* stream_0_data,
                         uint32_t* out_stream_0_crc32);
 
@@ -248,22 +263,21 @@ class SimpleSynchronousEntry {
   bool InitializeCreatedFile(int index, CreateEntryResult* out_result);
 
   // Returns a net error, including net::OK on success and net::FILE_EXISTS
-  // when the entry already exists. |had_index| is passed from the main entry
-  // for metrics purposes, and is true if the index was initialized when the
-  // create operation began.
-  int InitializeForCreate(bool had_index, SimpleEntryStat* out_entry_stat);
+  // when the entry already exists.
+  int InitializeForCreate(SimpleEntryStat* out_entry_stat);
 
   // Allocates and fills a buffer with stream 0 data in |stream_0_data|, then
   // checks its crc32.
   int ReadAndValidateStream0(
-      int total_data_size,
+      int file_size,
       SimpleEntryStat* out_entry_stat,
       scoped_refptr<net::GrowableIOBuffer>* stream_0_data,
-      uint32_t* out_stream_0_crc32) const;
+      uint32_t* out_stream_0_crc32);
 
   int GetEOFRecordData(int index,
                        const SimpleEntryStat& entry_stat,
                        bool* out_has_crc32,
+                       bool* out_has_key_sha256,
                        uint32_t* out_crc32,
                        int* out_data_size) const;
   void Doom() const;
@@ -320,11 +334,19 @@ class SimpleSynchronousEntry {
   const net::CacheType cache_type_;
   const base::FilePath path_;
   const uint64_t entry_hash_;
+  const bool had_index_;
   std::string key_;
 
   bool have_open_files_;
   bool initialized_;
 
+  // Normally false. This is set to true when an entry is opened without
+  // checking the file headers. Any subsequent read will perform the check
+  // before completing.
+  bool header_and_key_check_needed_[kSimpleEntryFileCount] = {
+      false,
+  };
+
   base::File files_[kSimpleEntryFileCount];
 
   // True if the corresponding stream is empty and therefore no on-disk file
diff --git a/chromium/net/disk_cache/simple/simple_test_util.cc b/chromium/net/disk_cache/simple/simple_test_util.cc
index 2d3edcb22a1..97982ff10b8 100644
--- a/chromium/net/disk_cache/simple/simple_test_util.cc
+++ b/chromium/net/disk_cache/simple/simple_test_util.cc
@@ -6,17 +6,22 @@
 
 #include "base/files/file.h"
 #include "base/files/file_path.h"
+#include "net/base/hash_value.h"
+#include "net/disk_cache/simple/simple_entry_format.h"
 #include "net/disk_cache/simple/simple_util.h"
 
 namespace disk_cache {
 namespace simple_util {
 
+using base::File;
+using base::FilePath;
+
 bool CreateCorruptFileForTests(const std::string& key,
-                               const base::FilePath& cache_path) {
-  base::FilePath entry_file_path = cache_path.AppendASCII(
+                               const FilePath& cache_path) {
+  FilePath entry_file_path = cache_path.AppendASCII(
       disk_cache::simple_util::GetFilenameFromKeyAndFileIndex(key, 0));
-  int flags = base::File::FLAG_CREATE_ALWAYS | base::File::FLAG_WRITE;
-  base::File entry_file(entry_file_path, flags);
+  int flags = File::FLAG_CREATE_ALWAYS | File::FLAG_WRITE;
+  File entry_file(entry_file_path, flags);
 
   if (!entry_file.IsValid())
     return false;
@@ -24,5 +29,73 @@ bool CreateCorruptFileForTests(const std::string& key,
   return entry_file.Write(0, "dummy", 1) == 1;
 }
 
+bool RemoveKeySHA256FromEntry(const std::string& key,
+                              const FilePath& cache_path) {
+  FilePath entry_file_path = cache_path.AppendASCII(
+      disk_cache::simple_util::GetFilenameFromKeyAndFileIndex(key, 0));
+  int flags = File::FLAG_OPEN | File::FLAG_READ | File::FLAG_WRITE;
+  File entry_file(entry_file_path, flags);
+  if (!entry_file.IsValid())
+    return false;
+  int file_length = entry_file.GetLength();
+  SimpleFileEOF eof_record;
+  if (entry_file.Read(file_length - sizeof(eof_record),
+                      reinterpret_cast<char*>(&eof_record),
+                      sizeof(eof_record)) != sizeof(eof_record)) {
+    return false;
+  }
+  if (eof_record.final_magic_number != disk_cache::kSimpleFinalMagicNumber ||
+      (eof_record.flags & SimpleFileEOF::FLAG_HAS_KEY_SHA256) !=
+          SimpleFileEOF::FLAG_HAS_KEY_SHA256) {
+    return false;
+  }
+  // Remove the key SHA256 flag, and rewrite the header on top of the
+  // SHA256. Truncate the file afterwards, and we have an identical entry
+  // lacking a key SHA256.
+  eof_record.flags &= ~SimpleFileEOF::FLAG_HAS_KEY_SHA256;
+  if (entry_file.Write(
+          file_length - sizeof(eof_record) - sizeof(net::SHA256HashValue),
+          reinterpret_cast<char*>(&eof_record),
+          sizeof(eof_record)) != sizeof(eof_record)) {
+    return false;
+  }
+  if (!entry_file.SetLength(file_length - sizeof(net::SHA256HashValue))) {
+    return false;
+  }
+  return true;
+}
+
+bool CorruptKeySHA256FromEntry(const std::string& key,
+                               const base::FilePath& cache_path) {
+  FilePath entry_file_path = cache_path.AppendASCII(
+      disk_cache::simple_util::GetFilenameFromKeyAndFileIndex(key, 0));
+  int flags = File::FLAG_OPEN | File::FLAG_READ | File::FLAG_WRITE;
+  File entry_file(entry_file_path, flags);
+  if (!entry_file.IsValid())
+    return false;
+  int file_length = entry_file.GetLength();
+  SimpleFileEOF eof_record;
+  if (entry_file.Read(file_length - sizeof(eof_record),
+                      reinterpret_cast<char*>(&eof_record),
+                      sizeof(eof_record)) != sizeof(eof_record)) {
+    return false;
+  }
+  if (eof_record.final_magic_number != disk_cache::kSimpleFinalMagicNumber ||
+      (eof_record.flags & SimpleFileEOF::FLAG_HAS_KEY_SHA256) !=
+          SimpleFileEOF::FLAG_HAS_KEY_SHA256) {
+    return false;
+  }
+
+  const char corrupt_data[] = "corrupt data";
+  static_assert(sizeof(corrupt_data) <= sizeof(net::SHA256HashValue),
+                "corrupt data should not be larger than a SHA-256");
+  if (entry_file.Write(
+          file_length - sizeof(eof_record) - sizeof(net::SHA256HashValue),
+          corrupt_data, sizeof(corrupt_data)) != sizeof(corrupt_data)) {
+    return false;
+  }
+  return true;
+}
+
 }  // namespace simple_util
 }  // namespace disk_cache
diff --git a/chromium/net/disk_cache/simple/simple_test_util.h b/chromium/net/disk_cache/simple/simple_test_util.h
index 95ab0550e35..cef6b47c868 100644
--- a/chromium/net/disk_cache/simple/simple_test_util.h
+++ b/chromium/net/disk_cache/simple/simple_test_util.h
@@ -43,6 +43,14 @@ class ImmutableArray {
 bool CreateCorruptFileForTests(const std::string& key,
                                const base::FilePath& cache_path);
 
+// Removes the key SHA256 from an entry.
+bool RemoveKeySHA256FromEntry(const std::string& key,
+                              const base::FilePath& cache_path);
+
+// Modifies the key SHA256 from an entry so that it is corrupt.
+bool CorruptKeySHA256FromEntry(const std::string& key,
+                               const base::FilePath& cache_path);
+
 }  // namespace simple_backend
 }  // namespace disk_cache
 
diff --git a/chromium/net/disk_cache/simple/simple_util.cc b/chromium/net/disk_cache/simple/simple_util.cc
index a81c28ff4f6..eac565bc7b6 100644
--- a/chromium/net/disk_cache/simple/simple_util.cc
+++ b/chromium/net/disk_cache/simple/simple_util.cc
@@ -97,17 +97,19 @@ std::string GetFilenameFromKeyAndFileIndex(const std::string& key,
          base::StringPrintf("_%1d", file_index);
 }
 
-int32_t GetDataSizeFromKeyAndFileSize(const std::string& key,
-                                      int64_t file_size) {
+size_t GetHeaderSize(size_t key_length) {
+  return sizeof(SimpleFileHeader) + key_length;
+}
+
+int32_t GetDataSizeFromFileSize(size_t key_length, int64_t file_size) {
   int64_t data_size =
-      file_size - key.size() - sizeof(SimpleFileHeader) - sizeof(SimpleFileEOF);
+      file_size - key_length - sizeof(SimpleFileHeader) - sizeof(SimpleFileEOF);
   return base::checked_cast<int32_t>(data_size);
 }
 
-int64_t GetFileSizeFromKeyAndDataSize(const std::string& key,
-                                      int32_t data_size) {
-  return data_size + key.size() + sizeof(SimpleFileHeader) +
-      sizeof(SimpleFileEOF);
+int64_t GetFileSizeFromDataSize(size_t key_length, int32_t data_size) {
+  return data_size + key_length + sizeof(SimpleFileHeader) +
+         sizeof(SimpleFileEOF);
 }
 
 int GetFileIndexFromStreamIndex(int stream_index) {
diff --git a/chromium/net/disk_cache/simple/simple_util.h b/chromium/net/disk_cache/simple/simple_util.h
index faf36b6a90c..aa3eb036ff0 100644
--- a/chromium/net/disk_cache/simple/simple_util.h
+++ b/chromium/net/disk_cache/simple/simple_util.h
@@ -53,15 +53,19 @@ std::string GetFilenameFromEntryHashAndFileIndex(uint64_t entry_hash,
 // Given a |key| for an entry, returns the name of the sparse data file.
 std::string GetSparseFilenameFromEntryHash(uint64_t entry_hash);
 
+// Given the size of a key, the size in bytes of the header at the beginning
+// of a simple cache file.
+size_t GetHeaderSize(size_t key_length);
+
 // Given the size of a file holding a stream in the simple backend and the key
 // to an entry, returns the number of bytes in the stream.
-NET_EXPORT_PRIVATE int32_t GetDataSizeFromKeyAndFileSize(const std::string& key,
-                                                         int64_t file_size);
+NET_EXPORT_PRIVATE int32_t GetDataSizeFromFileSize(size_t key_length,
+                                                   int64_t file_size);
 
 // Given the size of a stream in the simple backend and the key to an entry,
 // returns the number of bytes in the file.
-NET_EXPORT_PRIVATE int64_t GetFileSizeFromKeyAndDataSize(const std::string& key,
-                                                         int32_t data_size);
+NET_EXPORT_PRIVATE int64_t GetFileSizeFromDataSize(size_t key_length,
+                                                   int32_t data_size);
 
 // Given the stream index, returns the number of the file the stream is stored
 // in.
diff --git a/chromium/net/disk_cache/simple/simple_util_unittest.cc b/chromium/net/disk_cache/simple/simple_util_unittest.cc
index 2956f27f17d..442dc425f8c 100644
--- a/chromium/net/disk_cache/simple/simple_util_unittest.cc
+++ b/chromium/net/disk_cache/simple/simple_util_unittest.cc
@@ -3,6 +3,7 @@
 // found in the LICENSE file.
 
 #include <stdint.h>
+#include <string>
 
 #include "base/logging.h"
 #include "net/disk_cache/simple/simple_util.h"
@@ -12,8 +13,8 @@ using disk_cache::simple_util::ConvertEntryHashKeyToHexString;
 using disk_cache::simple_util::GetEntryHashKeyAsHexString;
 using disk_cache::simple_util::GetEntryHashKeyFromHexString;
 using disk_cache::simple_util::GetEntryHashKey;
-using disk_cache::simple_util::GetFileSizeFromKeyAndDataSize;
-using disk_cache::simple_util::GetDataSizeFromKeyAndFileSize;
+using disk_cache::simple_util::GetFileSizeFromDataSize;
+using disk_cache::simple_util::GetDataSizeFromFileSize;
 
 class SimpleUtilTest : public testing::Test {};
 
@@ -70,8 +71,8 @@ TEST_F(SimpleUtilTest, GetEntryHashKeyFromHexString) {
 }
 
 TEST_F(SimpleUtilTest, SizesAndOffsets) {
-  const char key[] = "This is an example key";
+  const std::string key("This is an example key");
   const int data_size = 1000;
-  const int file_size = GetFileSizeFromKeyAndDataSize(key, data_size);
-  EXPECT_EQ(data_size, GetDataSizeFromKeyAndFileSize(key, file_size));
+  const int file_size = GetFileSizeFromDataSize(key.size(), data_size);
+  EXPECT_EQ(data_size, GetDataSizeFromFileSize(key.size(), file_size));
 }
diff --git a/chromium/net/disk_cache/simple/simple_version_upgrade.cc b/chromium/net/disk_cache/simple/simple_version_upgrade.cc
index 91d1b9c5f35..460d6b18bdd 100644
--- a/chromium/net/disk_cache/simple/simple_version_upgrade.cc
+++ b/chromium/net/disk_cache/simple/simple_version_upgrade.cc
@@ -161,39 +161,44 @@ bool UpgradeSimpleCacheOnDisk(const base::FilePath& path) {
     LOG(ERROR) << "Inconsistent cache version.";
     return false;
   }
-  bool upgrade_needed = (version_from != kSimpleVersion);
-  if (version_from == kMinVersionAbleToUpgrade) {
-    // Upgrade only the index for V4 -> V5 move.
+  bool new_fake_index_needed = (version_from != kSimpleVersion);
+
+  // There should be one upgrade routine here for each incremental upgrade
+  // starting at kMinVersionAbleToUpgrade.
+  static_assert(kMinVersionAbleToUpgrade == 5, "upgrade routines don't match");
+  DCHECK_LE(5U, version_from);
+  if (version_from == 5) {
+    // Upgrade only the index for V5 -> V6 move.
     if (!UpgradeIndexV5V6(path)) {
       LogMessageFailedUpgradeFromVersion(file_header.version);
       return false;
     }
     version_from++;
   }
-  if (version_from == kSimpleVersion) {
-    if (!upgrade_needed) {
-      return true;
-    } else {
-      const base::FilePath temp_fake_index = path.AppendASCII("upgrade-index");
-      if (!WriteFakeIndexFile(temp_fake_index)) {
-        base::DeleteFile(temp_fake_index, /* recursive = */ false);
-        LOG(ERROR) << "Failed to write a new fake index.";
-        LogMessageFailedUpgradeFromVersion(file_header.version);
-        return false;
-      }
-      if (!base::ReplaceFile(temp_fake_index, fake_index, NULL)) {
-        LOG(ERROR) << "Failed to replace the fake index.";
-        LogMessageFailedUpgradeFromVersion(file_header.version);
-        return false;
-      }
-      return true;
-    }
+  DCHECK_LE(6U, version_from);
+  if (version_from == 6) {
+    // No upgrade from V6 -> V7, because the entry format has not changed and
+    // the V7 index reader is backwards compatible.
+    version_from++;
   }
-  // Verify during the test stage that the upgraders are implemented for all
-  // versions. The release build would cause backend initialization failure
-  // which would then later lead to removing all files known to the backend.
   DCHECK_EQ(kSimpleVersion, version_from);
-  return false;
+
+  if (!new_fake_index_needed)
+    return true;
+
+  const base::FilePath temp_fake_index = path.AppendASCII("upgrade-index");
+  if (!WriteFakeIndexFile(temp_fake_index)) {
+    base::DeleteFile(temp_fake_index, /* recursive = */ false);
+    LOG(ERROR) << "Failed to write a new fake index.";
+    LogMessageFailedUpgradeFromVersion(file_header.version);
+    return false;
+  }
+  if (!base::ReplaceFile(temp_fake_index, fake_index, NULL)) {
+    LOG(ERROR) << "Failed to replace the fake index.";
+    LogMessageFailedUpgradeFromVersion(file_header.version);
+    return false;
+  }
+  return true;
 }
 
 }  // namespace disk_cache
diff --git a/chromium/net/dns/address_sorter.h b/chromium/net/dns/address_sorter.h
index 31115a617a6..14a7d238cc7 100644
--- a/chromium/net/dns/address_sorter.h
+++ b/chromium/net/dns/address_sorter.h
@@ -5,9 +5,10 @@
 #ifndef NET_DNS_ADDRESS_SORTER_H_
 #define NET_DNS_ADDRESS_SORTER_H_
 
+#include <memory>
+
 #include "base/callback.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 
 namespace net {
@@ -32,7 +33,7 @@ class NET_EXPORT AddressSorter {
                     const CallbackType& callback) const = 0;
 
   // Creates platform-dependent AddressSorter.
-  static scoped_ptr<AddressSorter> CreateAddressSorter();
+  static std::unique_ptr<AddressSorter> CreateAddressSorter();
 
  protected:
   AddressSorter() {}
diff --git a/chromium/net/dns/address_sorter_posix.cc b/chromium/net/dns/address_sorter_posix.cc
index 479748a0688..38a7d74ddb9 100644
--- a/chromium/net/dns/address_sorter_posix.cc
+++ b/chromium/net/dns/address_sorter_posix.cc
@@ -5,6 +5,8 @@
 #include "net/dns/address_sorter_posix.h"
 
 #include <netinet/in.h>
+
+#include <memory>
 #include <utility>
 
 #if defined(OS_MACOSX) || defined(OS_BSD)
@@ -20,7 +22,6 @@
 #include <vector>
 
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_errors.h"
 #include "net/socket/client_socket_factory.h"
 #include "net/udp/datagram_client_socket.h"
@@ -184,8 +185,8 @@ struct DestinationInfo {
 
 // Returns true iff |dst_a| should precede |dst_b| in the address list.
 // RFC 3484, section 6.
-bool CompareDestinations(const scoped_ptr<DestinationInfo>& dst_a,
-                         const scoped_ptr<DestinationInfo>& dst_b) {
+bool CompareDestinations(const std::unique_ptr<DestinationInfo>& dst_a,
+                         const std::unique_ptr<DestinationInfo>& dst_b) {
   // Rule 1: Avoid unusable destinations.
   // Unusable destinations are already filtered out.
   DCHECK(dst_a->src);
@@ -255,21 +256,19 @@ AddressSorterPosix::~AddressSorterPosix() {
 void AddressSorterPosix::Sort(const AddressList& list,
                               const CallbackType& callback) const {
   DCHECK(CalledOnValidThread());
-  std::vector<scoped_ptr<DestinationInfo>> sort_list;
+  std::vector<std::unique_ptr<DestinationInfo>> sort_list;
 
   for (size_t i = 0; i < list.size(); ++i) {
-    scoped_ptr<DestinationInfo> info(new DestinationInfo());
+    std::unique_ptr<DestinationInfo> info(new DestinationInfo());
     info->address = list[i].address();
     info->scope = GetScope(ipv4_scope_table_, info->address);
     info->precedence = GetPolicyValue(precedence_table_, info->address);
     info->label = GetPolicyValue(label_table_, info->address);
 
     // Each socket can only be bound once.
-    scoped_ptr<DatagramClientSocket> socket(
+    std::unique_ptr<DatagramClientSocket> socket(
         socket_factory_->CreateDatagramClientSocket(
-            DatagramSocket::DEFAULT_BIND,
-            RandIntCallback(),
-            NULL /* NetLog */,
+            DatagramSocket::DEFAULT_BIND, RandIntCallback(), NULL /* NetLog */,
             NetLog::Source()));
 
     // Even though no packets are sent, cannot use port 0 in Connect.
@@ -391,8 +390,8 @@ void AddressSorterPosix::FillPolicy(const IPAddress& address,
 }
 
 // static
-scoped_ptr<AddressSorter> AddressSorter::CreateAddressSorter() {
-  return scoped_ptr<AddressSorter>(
+std::unique_ptr<AddressSorter> AddressSorter::CreateAddressSorter() {
+  return std::unique_ptr<AddressSorter>(
       new AddressSorterPosix(ClientSocketFactory::GetDefaultFactory()));
 }
 
diff --git a/chromium/net/dns/address_sorter_posix.h b/chromium/net/dns/address_sorter_posix.h
index 3f3840ed0de..e370f226003 100644
--- a/chromium/net/dns/address_sorter_posix.h
+++ b/chromium/net/dns/address_sorter_posix.h
@@ -30,7 +30,7 @@ class NET_EXPORT_PRIVATE AddressSorterPosix
   // Generic policy entry.
   struct PolicyEntry {
     // IPv4 addresses must be mapped to IPv6.
-    unsigned char prefix[kIPv6AddressSize];
+    unsigned char prefix[IPAddress::kIPv6AddressSize];
     unsigned prefix_length;
     unsigned value;
   };
diff --git a/chromium/net/dns/address_sorter_posix_unittest.cc b/chromium/net/dns/address_sorter_posix_unittest.cc
index c10745bb92d..997ac483dcd 100644
--- a/chromium/net/dns/address_sorter_posix_unittest.cc
+++ b/chromium/net/dns/address_sorter_posix_unittest.cc
@@ -11,6 +11,7 @@
 #include "net/base/net_errors.h"
 #include "net/base/test_completion_callback.h"
 #include "net/socket/client_socket_factory.h"
+#include "net/socket/socket_performance_watcher.h"
 #include "net/socket/ssl_client_socket.h"
 #include "net/socket/stream_socket.h"
 #include "net/udp/datagram_client_socket.h"
@@ -99,27 +100,29 @@ class TestSocketFactory : public ClientSocketFactory {
   TestSocketFactory() {}
   ~TestSocketFactory() override {}
 
-  scoped_ptr<DatagramClientSocket> CreateDatagramClientSocket(
+  std::unique_ptr<DatagramClientSocket> CreateDatagramClientSocket(
       DatagramSocket::BindType,
       const RandIntCallback&,
       NetLog*,
       const NetLog::Source&) override {
-    return scoped_ptr<DatagramClientSocket>(new TestUDPClientSocket(&mapping_));
+    return std::unique_ptr<DatagramClientSocket>(
+        new TestUDPClientSocket(&mapping_));
   }
-  scoped_ptr<StreamSocket> CreateTransportClientSocket(
+  std::unique_ptr<StreamSocket> CreateTransportClientSocket(
       const AddressList&,
+      std::unique_ptr<SocketPerformanceWatcher>,
       NetLog*,
       const NetLog::Source&) override {
     NOTIMPLEMENTED();
-    return scoped_ptr<StreamSocket>();
+    return std::unique_ptr<StreamSocket>();
   }
-  scoped_ptr<SSLClientSocket> CreateSSLClientSocket(
-      scoped_ptr<ClientSocketHandle>,
+  std::unique_ptr<SSLClientSocket> CreateSSLClientSocket(
+      std::unique_ptr<ClientSocketHandle>,
       const HostPortPair&,
       const SSLConfig&,
       const SSLClientSocketContext&) override {
     NOTIMPLEMENTED();
-    return scoped_ptr<SSLClientSocket>();
+    return std::unique_ptr<SSLClientSocket>();
   }
   void ClearSSLSessionCache() override { NOTIMPLEMENTED(); }
 
diff --git a/chromium/net/dns/address_sorter_unittest.cc b/chromium/net/dns/address_sorter_unittest.cc
index ec27a2f9b3f..6c023997a33 100644
--- a/chromium/net/dns/address_sorter_unittest.cc
+++ b/chromium/net/dns/address_sorter_unittest.cc
@@ -48,7 +48,7 @@ TEST(AddressSorterTest, Sort) {
     closesocket(sock);
   }
 #endif
-  scoped_ptr<AddressSorter> sorter(AddressSorter::CreateAddressSorter());
+  std::unique_ptr<AddressSorter> sorter(AddressSorter::CreateAddressSorter());
   AddressList list;
   list.push_back(MakeEndPoint("10.0.0.1"));
   list.push_back(MakeEndPoint("8.8.8.8"));
diff --git a/chromium/net/dns/address_sorter_win.cc b/chromium/net/dns/address_sorter_win.cc
index 232369887f4..71ad0c0b71d 100644
--- a/chromium/net/dns/address_sorter_win.cc
+++ b/chromium/net/dns/address_sorter_win.cc
@@ -14,8 +14,8 @@
 #include "base/macros.h"
 #include "base/memory/free_deleter.h"
 #include "base/threading/worker_pool.h"
-#include "base/win/windows_version.h"
 #include "net/base/address_list.h"
+#include "net/base/ip_address.h"
 #include "net/base/ip_endpoint.h"
 #include "net/base/winsock_init.h"
 
@@ -60,8 +60,8 @@ class AddressSorterWin : public AddressSorter {
       for (size_t i = 0; i < list.size(); ++i) {
         IPEndPoint ipe = list[i];
         // Addresses must be sockaddr_in6.
-        if (ipe.GetFamily() == ADDRESS_FAMILY_IPV4) {
-          ipe = IPEndPoint(ConvertIPv4NumberToIPv6Number(ipe.address().bytes()),
+        if (ipe.address().IsIPv4()) {
+          ipe = IPEndPoint(ConvertIPv4ToIPv4MappedIPv6(ipe.address()),
                            ipe.port());
         }
 
@@ -117,8 +117,8 @@ class AddressSorterWin : public AddressSorter {
           DCHECK(result) << "Unable to roundtrip between IPEndPoint and "
                          << "SOCKET_ADDRESS!";
           // Unmap V4MAPPED IPv6 addresses so that Happy Eyeballs works.
-          if (IsIPv4Mapped(ipe.address().bytes())) {
-            ipe = IPEndPoint(ConvertIPv4MappedToIPv4(ipe.address().bytes()),
+          if (ipe.address().IsIPv4MappedIPv6()) {
+            ipe = IPEndPoint(ConvertIPv4MappedIPv6ToIPv4(ipe.address()),
                              ipe.port());
           }
           list.push_back(ipe);
@@ -129,8 +129,8 @@ class AddressSorterWin : public AddressSorter {
 
     const CallbackType callback_;
     const size_t buffer_size_;
-    scoped_ptr<SOCKET_ADDRESS_LIST, base::FreeDeleter> input_buffer_;
-    scoped_ptr<SOCKET_ADDRESS_LIST, base::FreeDeleter> output_buffer_;
+    std::unique_ptr<SOCKET_ADDRESS_LIST, base::FreeDeleter> input_buffer_;
+    std::unique_ptr<SOCKET_ADDRESS_LIST, base::FreeDeleter> output_buffer_;
     bool success_;
 
     DISALLOW_COPY_AND_ASSIGN(Job);
@@ -139,64 +139,11 @@ class AddressSorterWin : public AddressSorter {
   DISALLOW_COPY_AND_ASSIGN(AddressSorterWin);
 };
 
-// Merges |list_ipv4| and |list_ipv6| before passing it to |callback|, but
-// only if |success| is true.
-void MergeResults(const AddressSorter::CallbackType& callback,
-                  const AddressList& list_ipv4,
-                  bool success,
-                  const AddressList& list_ipv6) {
-  if (!success) {
-    callback.Run(false, AddressList());
-    return;
-  }
-  AddressList list;
-  list.insert(list.end(), list_ipv6.begin(), list_ipv6.end());
-  list.insert(list.end(), list_ipv4.begin(), list_ipv4.end());
-  callback.Run(true, list);
-}
-
-// Wrapper for AddressSorterWin which does not sort IPv4 or IPv4-mapped
-// addresses but always puts them at the end of the list. Needed because the
-// SIO_ADDRESS_LIST_SORT does not support IPv4 addresses on Windows XP.
-class AddressSorterWinXP : public AddressSorter {
- public:
-  AddressSorterWinXP() {}
-  ~AddressSorterWinXP() override {}
-
-  // AddressSorter:
-  void Sort(const AddressList& list,
-            const CallbackType& callback) const override {
-    AddressList list_ipv4;
-    AddressList list_ipv6;
-    for (size_t i = 0; i < list.size(); ++i) {
-      const IPEndPoint& ipe = list[i];
-      if (ipe.GetFamily() == ADDRESS_FAMILY_IPV4) {
-        list_ipv4.push_back(ipe);
-      } else {
-        list_ipv6.push_back(ipe);
-      }
-    }
-    if (!list_ipv6.empty()) {
-      sorter_.Sort(list_ipv6, base::Bind(&MergeResults, callback, list_ipv4));
-    } else {
-      NOTREACHED() << "Should not be called with IPv4-only addresses.";
-      callback.Run(true, list);
-    }
-  }
-
- private:
-  AddressSorterWin sorter_;
-
-  DISALLOW_COPY_AND_ASSIGN(AddressSorterWinXP);
-};
-
 }  // namespace
 
 // static
-scoped_ptr<AddressSorter> AddressSorter::CreateAddressSorter() {
-  if (base::win::GetVersion() < base::win::VERSION_VISTA)
-    return scoped_ptr<AddressSorter>(new AddressSorterWinXP());
-  return scoped_ptr<AddressSorter>(new AddressSorterWin());
+std::unique_ptr<AddressSorter> AddressSorter::CreateAddressSorter() {
+  return std::unique_ptr<AddressSorter>(new AddressSorterWin());
 }
 
 }  // namespace net
diff --git a/chromium/net/dns/dns_client.cc b/chromium/net/dns/dns_client.cc
index a9531523ae3..5cf0c45acef 100644
--- a/chromium/net/dns/dns_client.cc
+++ b/chromium/net/dns/dns_client.cc
@@ -31,7 +31,7 @@ class DnsClientImpl : public DnsClient {
     session_ = NULL;
     if (config.IsValid() && !config.unhandled_options) {
       ClientSocketFactory* factory = ClientSocketFactory::GetDefaultFactory();
-      scoped_ptr<DnsSocketPool> socket_pool(
+      std::unique_ptr<DnsSocketPool> socket_pool(
           config.randomize_ports ? DnsSocketPool::CreateDefault(factory)
                                  : DnsSocketPool::CreateNull(factory));
       session_ = new DnsSession(config, std::move(socket_pool),
@@ -52,8 +52,8 @@ class DnsClientImpl : public DnsClient {
 
  private:
   scoped_refptr<DnsSession> session_;
-  scoped_ptr<DnsTransactionFactory> factory_;
-  scoped_ptr<AddressSorter> address_sorter_;
+  std::unique_ptr<DnsTransactionFactory> factory_;
+  std::unique_ptr<AddressSorter> address_sorter_;
 
   NetLog* net_log_;
 };
@@ -61,8 +61,8 @@ class DnsClientImpl : public DnsClient {
 }  // namespace
 
 // static
-scoped_ptr<DnsClient> DnsClient::CreateClient(NetLog* net_log) {
-  return scoped_ptr<DnsClient>(new DnsClientImpl(net_log));
+std::unique_ptr<DnsClient> DnsClient::CreateClient(NetLog* net_log) {
+  return std::unique_ptr<DnsClient>(new DnsClientImpl(net_log));
 }
 
 }  // namespace net
diff --git a/chromium/net/dns/dns_client.h b/chromium/net/dns/dns_client.h
index 0484d44c0c6..01d024b9a17 100644
--- a/chromium/net/dns/dns_client.h
+++ b/chromium/net/dns/dns_client.h
@@ -5,7 +5,8 @@
 #ifndef NET_DNS_DNS_CLIENT_H_
 #define NET_DNS_DNS_CLIENT_H_
 
-#include "base/memory/scoped_ptr.h"
+#include <memory>
+
 #include "net/base/net_export.h"
 
 namespace net {
@@ -36,7 +37,7 @@ class NET_EXPORT DnsClient {
   virtual AddressSorter* GetAddressSorter() = 0;
 
   // Creates default client.
-  static scoped_ptr<DnsClient> CreateClient(NetLog* net_log);
+  static std::unique_ptr<DnsClient> CreateClient(NetLog* net_log);
 };
 
 }  // namespace net
diff --git a/chromium/net/dns/dns_config_service.cc b/chromium/net/dns/dns_config_service.cc
index e30ed7a23de..9661850f12f 100644
--- a/chromium/net/dns/dns_config_service.cc
+++ b/chromium/net/dns/dns_config_service.cc
@@ -59,8 +59,8 @@ void DnsConfig::CopyIgnoreHosts(const DnsConfig& d) {
   use_local_ipv6 = d.use_local_ipv6;
 }
 
-scoped_ptr<base::Value> DnsConfig::ToValue() const {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+std::unique_ptr<base::Value> DnsConfig::ToValue() const {
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
 
   base::ListValue* list = new base::ListValue();
   for (size_t i = 0; i < nameservers.size(); ++i)
diff --git a/chromium/net/dns/dns_config_service.h b/chromium/net/dns/dns_config_service.h
index e62a5af31fb..5c372262a6c 100644
--- a/chromium/net/dns/dns_config_service.h
+++ b/chromium/net/dns/dns_config_service.h
@@ -6,11 +6,11 @@
 #define NET_DNS_DNS_CONFIG_SERVICE_H_
 
 #include <map>
+#include <memory>
 #include <string>
 #include <vector>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/scoped_vector.h"
 #include "base/threading/non_thread_safe.h"
 #include "base/time/time.h"
@@ -47,7 +47,7 @@ struct NET_EXPORT_PRIVATE DnsConfig {
 
   // Returns a Value representation of |this|. For performance reasons, the
   // Value only contains the number of hosts rather than the full list.
-  scoped_ptr<base::Value> ToValue() const;
+  std::unique_ptr<base::Value> ToValue() const;
 
   bool IsValid() const {
     return !nameservers.empty();
@@ -102,7 +102,7 @@ class NET_EXPORT_PRIVATE DnsConfigService
   typedef base::Callback<void(const DnsConfig& config)> CallbackType;
 
   // Creates the platform-specific DnsConfigService.
-  static scoped_ptr<DnsConfigService> CreateSystemService();
+  static std::unique_ptr<DnsConfigService> CreateSystemService();
 
   DnsConfigService();
   virtual ~DnsConfigService();
diff --git a/chromium/net/dns/dns_config_service_posix.cc b/chromium/net/dns/dns_config_service_posix.cc
index 28c471ee81b..ba8a3691331 100644
--- a/chromium/net/dns/dns_config_service_posix.cc
+++ b/chromium/net/dns/dns_config_service_posix.cc
@@ -4,6 +4,7 @@
 
 #include "net/dns/dns_config_service_posix.h"
 
+#include <memory>
 #include <string>
 
 #include "base/bind.h"
@@ -13,10 +14,9 @@
 #include "base/lazy_instance.h"
 #include "base/location.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/single_thread_task_runner.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/time/time.h"
 #include "net/base/ip_address.h"
 #include "net/base/ip_endpoint.h"
@@ -40,20 +40,19 @@ namespace internal {
 
 namespace {
 
-#if !defined(OS_ANDROID)
-const base::FilePath::CharType* kFilePathHosts =
-    FILE_PATH_LITERAL("/etc/hosts");
-#else
-const base::FilePath::CharType* kFilePathHosts =
+#if defined(OS_ANDROID)
+const base::FilePath::CharType kFilePathHosts[] =
     FILE_PATH_LITERAL("/system/etc/hosts");
+#else
+const base::FilePath::CharType kFilePathHosts[] =
+    FILE_PATH_LITERAL("/etc/hosts");
 #endif
 
 #if defined(OS_IOS)
-
 // There is no public API to watch the DNS configuration on iOS.
 class DnsConfigWatcher {
  public:
-  typedef base::Callback<void(bool succeeded)> CallbackType;
+  using CallbackType = base::Callback<void(bool succeeded)>;
 
   bool Watch(const CallbackType& callback) {
     return false;
@@ -65,7 +64,9 @@ class DnsConfigWatcher {
 // On Android, assume DNS config may have changed on every network change.
 class DnsConfigWatcher {
  public:
-  bool Watch(const base::Callback<void(bool succeeded)>& callback) {
+  using CallbackType = base::Callback<void(bool succeeded)>;
+
+  bool Watch(const CallbackType& callback) {
     callback_ = callback;
     return true;
   }
@@ -76,7 +77,7 @@ class DnsConfigWatcher {
   }
 
  private:
-  base::Callback<void(bool succeeded)> callback_;
+  CallbackType callback_;
 };
 
 #elif defined(OS_MACOSX)
@@ -89,12 +90,12 @@ class DnsConfigWatcher {
 #define _PATH_RESCONF "/etc/resolv.conf"
 #endif
 
-static const base::FilePath::CharType* kFilePathConfig =
+const base::FilePath::CharType kFilePathConfig[] =
     FILE_PATH_LITERAL(_PATH_RESCONF);
 
 class DnsConfigWatcher {
  public:
-  typedef base::Callback<void(bool succeeded)> CallbackType;
+  using CallbackType = base::Callback<void(bool succeeded)>;
 
   bool Watch(const CallbackType& callback) {
     callback_ = callback;
@@ -111,8 +112,7 @@ class DnsConfigWatcher {
   base::FilePathWatcher watcher_;
   CallbackType callback_;
 };
-
-#endif
+#endif  // defined(OS_IOS)
 
 #if !defined(OS_ANDROID)
 ConfigParsePosixResult ReadDnsConfig(DnsConfig* config) {
@@ -140,8 +140,8 @@ ConfigParsePosixResult ReadDnsConfig(DnsConfig* config) {
   res_ndestroy(&res);
 #else
   res_nclose(&res);
-#endif
-#endif
+#endif  // defined(OS_MACOSX) || defined(OS_FREEBSD)
+#endif  // defined(OS_OPENBSD)
 
 #if defined(OS_MACOSX) && !defined(OS_IOS)
   ConfigParsePosixResult error = DnsConfigWatcher::CheckDnsConfig();
@@ -167,19 +167,19 @@ ConfigParsePosixResult ReadDnsConfig(DnsConfig* config) {
 // DNS code (and its clients) are already robust against failing to get the DNS
 // config for whatever reason, so the properties can disappear and the world
 // won't end.
-// TODO(ttuttle): Depend on libcutils, then switch this (and other uses of
-//                __system_property_get) to property_get.
+// TODO(juliatuttle): Depend on libcutils, then switch this (and other uses of
+//                    __system_property_get) to property_get.
 ConfigParsePosixResult ReadDnsConfig(DnsConfig* dns_config) {
-   std::string dns1_string, dns2_string;
   char property_value[PROP_VALUE_MAX];
   __system_property_get("net.dns1", property_value);
-  dns1_string = property_value;
+  std::string dns1_string = property_value;
   __system_property_get("net.dns2", property_value);
-  dns2_string = property_value;
-  if (dns1_string.length() == 0 && dns2_string.length() == 0)
+  std::string dns2_string = property_value;
+  if (dns1_string.empty() && dns2_string.empty())
     return CONFIG_PARSE_POSIX_NO_NAMESERVERS;
 
-  IPAddress dns1_address, dns2_address;
+  IPAddress dns1_address;
+  IPAddress dns2_address;
   bool parsed1 = dns1_address.AssignFromIPLiteral(dns1_string);
   bool parsed2 = dns2_address.AssignFromIPLiteral(dns2_string);
   if (!parsed1 && !parsed2)
@@ -196,7 +196,7 @@ ConfigParsePosixResult ReadDnsConfig(DnsConfig* dns_config) {
 
   return CONFIG_PARSE_POSIX_OK;
 }
-#endif
+#endif  // !defined(OS_ANDROID)
 
 }  // namespace
 
@@ -250,14 +250,16 @@ class DnsConfigServicePosix::Watcher {
                               weak_factory_.GetWeakPtr(), succeeded),
         kDelay);
   }
+
   void OnConfigChangedDelayed(bool succeeded) {
     service_->OnConfigChanged(succeeded);
   }
+
   void OnHostsChanged(const base::FilePath& path, bool error) {
     service_->OnHostsChanged(!error);
   }
 
-  DnsConfigServicePosix* service_;
+  DnsConfigServicePosix* const service_;
   DnsConfigWatcher config_watcher_;
 #if !defined(OS_ANDROID) && !defined(OS_IOS)
   base::FilePathWatcher hosts_watcher_;
@@ -323,7 +325,7 @@ class DnsConfigServicePosix::ConfigReader : public SerialWorker {
   // on worker thread.
   DnsConfigServicePosix* const service_;
   // Dns config value to always return for testing.
-  scoped_ptr<const DnsConfig> dns_config_for_testing_;
+  std::unique_ptr<const DnsConfig> dns_config_for_testing_;
   // Written in DoWork, read in OnWorkFinished, no locking necessary.
   DnsConfig dns_config_;
   bool success_;
@@ -453,7 +455,8 @@ void DnsConfigServicePosix::SetHostsFilePathForTesting(
 #if !defined(OS_ANDROID)
 ConfigParsePosixResult ConvertResStateToDnsConfig(const struct __res_state& res,
                                                   DnsConfig* dns_config) {
-  CHECK(dns_config != NULL);
+  DCHECK(dns_config);
+
   if (!(res.options & RES_INIT))
     return CONFIG_PARSE_POSIX_RES_INIT_UNSET;
 
@@ -483,12 +486,12 @@ ConfigParsePosixResult ConvertResStateToDnsConfig(const struct __res_state& res,
   // but we have to combine the two arrays ourselves.
   for (int i = 0; i < res.nscount; ++i) {
     IPEndPoint ipe;
-    const struct sockaddr* addr = NULL;
+    const struct sockaddr* addr = nullptr;
     size_t addr_len = 0;
     if (res.nsaddr_list[i].sin_family) {  // The indicator used by res_nsend.
       addr = reinterpret_cast<const struct sockaddr*>(&res.nsaddr_list[i]);
       addr_len = sizeof res.nsaddr_list[i];
-    } else if (res._u._ext.nsaddrs[i] != NULL) {
+    } else if (res._u._ext.nsaddrs[i]) {
       addr = reinterpret_cast<const struct sockaddr*>(res._u._ext.nsaddrs[i]);
       addr_len = sizeof *res._u._ext.nsaddrs[i];
     } else {
@@ -509,7 +512,7 @@ ConfigParsePosixResult ConvertResStateToDnsConfig(const struct __res_state& res,
     }
     dns_config->nameservers.push_back(ipe);
   }
-#endif
+#endif  // defined(OS_MACOSX) || defined(OS_FREEBSD)
 
   dns_config->search.clear();
   for (int i = 0; (i < MAXDNSRCH) && res.dnsrch[i]; ++i) {
@@ -533,13 +536,13 @@ ConfigParsePosixResult ConvertResStateToDnsConfig(const struct __res_state& res,
 
   // The current implementation assumes these options are set. They normally
   // cannot be overwritten by /etc/resolv.conf
-  unsigned kRequiredOptions = RES_RECURSE | RES_DEFNAMES | RES_DNSRCH;
+  const unsigned kRequiredOptions = RES_RECURSE | RES_DEFNAMES | RES_DNSRCH;
   if ((res.options & kRequiredOptions) != kRequiredOptions) {
     dns_config->unhandled_options = true;
     return CONFIG_PARSE_POSIX_MISSING_OPTIONS;
   }
 
-  unsigned kUnhandledOptions = RES_USEVC | RES_IGNTC | RES_USE_DNSSEC;
+  const unsigned kUnhandledOptions = RES_USEVC | RES_IGNTC | RES_USE_DNSSEC;
   if (res.options & kUnhandledOptions) {
     dns_config->unhandled_options = true;
     return CONFIG_PARSE_POSIX_UNHANDLED_OPTIONS;
@@ -571,13 +574,14 @@ void DnsConfigServicePosix::OnNetworkChanged(
   DCHECK(watcher_);
   watcher_->OnNetworkChanged(type);
 }
-#endif  // defined(OS_ANDROID)
+#endif  // !defined(OS_ANDROID)
 
 }  // namespace internal
 
 // static
-scoped_ptr<DnsConfigService> DnsConfigService::CreateSystemService() {
-  return scoped_ptr<DnsConfigService>(new internal::DnsConfigServicePosix());
+std::unique_ptr<DnsConfigService> DnsConfigService::CreateSystemService() {
+  return std::unique_ptr<DnsConfigService>(
+      new internal::DnsConfigServicePosix());
 }
 
 }  // namespace net
diff --git a/chromium/net/dns/dns_config_service_posix.h b/chromium/net/dns/dns_config_service_posix.h
index 18cb5a0c327..69e00e9ccad 100644
--- a/chromium/net/dns/dns_config_service_posix.h
+++ b/chromium/net/dns/dns_config_service_posix.h
@@ -64,7 +64,7 @@ class NET_EXPORT_PRIVATE DnsConfigServicePosix : public DnsConfigService {
   void OnConfigChanged(bool succeeded);
   void OnHostsChanged(bool succeeded);
 
-  scoped_ptr<Watcher> watcher_;
+  std::unique_ptr<Watcher> watcher_;
   // Allow a mock hosts file for testing purposes.
   const base::FilePath::CharType* file_path_hosts_;
   // Allow a mock DNS server for testing purposes.
diff --git a/chromium/net/dns/dns_config_service_posix_unittest.cc b/chromium/net/dns/dns_config_service_posix_unittest.cc
index 18a71176b84..88448b16567 100644
--- a/chromium/net/dns/dns_config_service_posix_unittest.cc
+++ b/chromium/net/dns/dns_config_service_posix_unittest.cc
@@ -179,7 +179,7 @@ TEST(DnsConfigServicePosixTest, RejectEmptyNameserver) {
 TEST(DnsConfigServicePosixTest, DestroyWhileJobsWorking) {
   // Regression test to verify crash does not occur if DnsConfigServicePosix
   // instance is destroyed while SerialWorker jobs have posted to worker pool.
-  scoped_ptr<internal::DnsConfigServicePosix> service(
+  std::unique_ptr<internal::DnsConfigServicePosix> service(
       new internal::DnsConfigServicePosix());
   service->ReadConfig(base::Bind(&DummyConfigCallback));
   service.reset();
@@ -274,7 +274,7 @@ class DnsConfigServicePosixTest : public testing::Test {
   bool seen_config_;
   base::Time creation_time_;
   base::FilePath temp_file_;
-  scoped_ptr<DnsConfigServicePosix> service_;
+  std::unique_ptr<DnsConfigServicePosix> service_;
   DnsConfig test_config_;
 };
 
diff --git a/chromium/net/dns/dns_config_service_unittest.cc b/chromium/net/dns/dns_config_service_unittest.cc
index ae8e5f6112e..97359ee9fb8 100644
--- a/chromium/net/dns/dns_config_service_unittest.cc
+++ b/chromium/net/dns/dns_config_service_unittest.cc
@@ -4,15 +4,16 @@
 
 #include "net/dns/dns_config_service.h"
 
+#include <memory>
+
 #include "base/bind.h"
 #include "base/cancelable_callback.h"
 #include "base/location.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/message_loop/message_loop.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/string_split.h"
 #include "base/test/test_timeouts.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/dns/dns_protocol.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
@@ -98,7 +99,7 @@ class DnsConfigServiceTest : public testing::Test {
   bool quit_on_config_;
 
   // Service under test.
-  scoped_ptr<TestDnsConfigService> service_;
+  std::unique_ptr<TestDnsConfigService> service_;
 };
 
 }  // namespace
diff --git a/chromium/net/dns/dns_config_service_win.cc b/chromium/net/dns/dns_config_service_win.cc
index 546c78fd407..4e568a3996e 100644
--- a/chromium/net/dns/dns_config_service_win.cc
+++ b/chromium/net/dns/dns_config_service_win.cc
@@ -5,6 +5,7 @@
 #include "net/dns/dns_config_service_win.h"
 
 #include <algorithm>
+#include <memory>
 #include <string>
 
 #include "base/bind.h"
@@ -15,7 +16,6 @@
 #include "base/logging.h"
 #include "base/macros.h"
 #include "base/memory/free_deleter.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/strings/string_split.h"
 #include "base/strings/string_util.h"
@@ -26,7 +26,6 @@
 #include "base/time/time.h"
 #include "base/win/registry.h"
 #include "base/win/scoped_handle.h"
-#include "base/win/windows_version.h"
 #include "net/base/ip_address.h"
 #include "net/base/network_change_notifier.h"
 #include "net/dns/dns_hosts.h"
@@ -113,10 +112,11 @@ class RegistryReader : public base::NonThreadSafe {
 };
 
 // Wrapper for GetAdaptersAddresses. Returns NULL if failed.
-scoped_ptr<IP_ADAPTER_ADDRESSES, base::FreeDeleter> ReadIpHelper(ULONG flags) {
+std::unique_ptr<IP_ADAPTER_ADDRESSES, base::FreeDeleter> ReadIpHelper(
+    ULONG flags) {
   base::ThreadRestrictions::AssertIOAllowed();
 
-  scoped_ptr<IP_ADAPTER_ADDRESSES, base::FreeDeleter> out;
+  std::unique_ptr<IP_ADAPTER_ADDRESSES, base::FreeDeleter> out;
   ULONG len = 15000;  // As recommended by MSDN for GetAdaptersAddresses.
   UINT rv = ERROR_BUFFER_OVERFLOW;
   // Try up to three times.
@@ -246,11 +246,9 @@ HostsParseWinResult AddLocalhostEntries(DnsHosts* hosts) {
   if (have_ipv4 && have_ipv6)
     return HOSTS_PARSE_WIN_OK;
 
-  scoped_ptr<IP_ADAPTER_ADDRESSES, base::FreeDeleter> addresses =
-      ReadIpHelper(GAA_FLAG_SKIP_ANYCAST |
-                   GAA_FLAG_SKIP_DNS_SERVER |
-                   GAA_FLAG_SKIP_MULTICAST |
-                   GAA_FLAG_SKIP_FRIENDLY_NAME);
+  std::unique_ptr<IP_ADAPTER_ADDRESSES, base::FreeDeleter> addresses =
+      ReadIpHelper(GAA_FLAG_SKIP_ANYCAST | GAA_FLAG_SKIP_DNS_SERVER |
+                   GAA_FLAG_SKIP_MULTICAST | GAA_FLAG_SKIP_FRIENDLY_NAME);
   if (!addresses.get())
     return HOSTS_PARSE_WIN_IPHELPER_FAILED;
 
@@ -532,12 +530,7 @@ ConfigParseWinResult ConvertSettingsToDnsConfig(
   config->ndots = 1;
 
   if (!settings.append_to_multi_label_name.set) {
-    // The default setting is true for XP, false for Vista+.
-    if (base::win::GetVersion() >= base::win::VERSION_VISTA) {
-      config->append_to_multi_label_name = false;
-    } else {
-      config->append_to_multi_label_name = true;
-    }
+    config->append_to_multi_label_name = false;
   } else {
     config->append_to_multi_label_name =
         (settings.append_to_multi_label_name.value != 0);
@@ -771,8 +764,8 @@ void DnsConfigServiceWin::OnHostsChanged(bool succeeded) {
 }  // namespace internal
 
 // static
-scoped_ptr<DnsConfigService> DnsConfigService::CreateSystemService() {
-  return scoped_ptr<DnsConfigService>(new internal::DnsConfigServiceWin());
+std::unique_ptr<DnsConfigService> DnsConfigService::CreateSystemService() {
+  return std::unique_ptr<DnsConfigService>(new internal::DnsConfigServiceWin());
 }
 
 }  // namespace net
diff --git a/chromium/net/dns/dns_config_service_win.h b/chromium/net/dns/dns_config_service_win.h
index 0485afd5f77..47a1c05e165 100644
--- a/chromium/net/dns/dns_config_service_win.h
+++ b/chromium/net/dns/dns_config_service_win.h
@@ -10,13 +10,13 @@
 #include <winsock2.h>
 #include <iphlpapi.h>
 
+#include <memory>
 #include <string>
 #include <vector>
 
 #include "base/macros.h"
 #include "base/memory/free_deleter.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string16.h"
 #include "net/base/net_export.h"
 #include "net/dns/dns_config_service.h"
@@ -70,7 +70,7 @@ struct NET_EXPORT_PRIVATE DnsSystemSettings {
 
   // Filled in by GetAdapterAddresses. Note that the alternative
   // GetNetworkParams does not include IPv6 addresses.
-  scoped_ptr<IP_ADAPTER_ADDRESSES, base::FreeDeleter> addresses;
+  std::unique_ptr<IP_ADAPTER_ADDRESSES, base::FreeDeleter> addresses;
 
   // SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\SearchList
   RegString policy_search_list;
@@ -136,7 +136,7 @@ class NET_EXPORT_PRIVATE DnsConfigServiceWin : public DnsConfigService {
   void OnConfigChanged(bool succeeded);
   void OnHostsChanged(bool succeeded);
 
-  scoped_ptr<Watcher> watcher_;
+  std::unique_ptr<Watcher> watcher_;
   scoped_refptr<ConfigReader> config_reader_;
   scoped_refptr<HostsReader> hosts_reader_;
 
diff --git a/chromium/net/dns/dns_config_service_win_unittest.cc b/chromium/net/dns/dns_config_service_win_unittest.cc
index 30bd418742e..5975e88a3b4 100644
--- a/chromium/net/dns/dns_config_service_win_unittest.cc
+++ b/chromium/net/dns/dns_config_service_win_unittest.cc
@@ -6,7 +6,6 @@
 
 #include "base/logging.h"
 #include "base/memory/free_deleter.h"
-#include "base/win/windows_version.h"
 #include "net/base/ip_address.h"
 #include "net/dns/dns_protocol.h"
 #include "testing/gtest/include/gtest/gtest.h"
@@ -56,7 +55,7 @@ struct AdapterInfo {
   uint16_t ports[4];
 };
 
-scoped_ptr<IP_ADAPTER_ADDRESSES, base::FreeDeleter> CreateAdapterAddresses(
+std::unique_ptr<IP_ADAPTER_ADDRESSES, base::FreeDeleter> CreateAdapterAddresses(
     const AdapterInfo* infos) {
   size_t num_adapters = 0;
   size_t num_addresses = 0;
@@ -70,7 +69,7 @@ scoped_ptr<IP_ADAPTER_ADDRESSES, base::FreeDeleter> CreateAdapterAddresses(
   size_t heap_size = num_adapters * sizeof(IP_ADAPTER_ADDRESSES) +
                      num_addresses * (sizeof(IP_ADAPTER_DNS_SERVER_ADDRESS) +
                                       sizeof(struct sockaddr_storage));
-  scoped_ptr<IP_ADAPTER_ADDRESSES, base::FreeDeleter> heap(
+  std::unique_ptr<IP_ADAPTER_ADDRESSES, base::FreeDeleter> heap(
       static_cast<IP_ADAPTER_ADDRESSES*>(malloc(heap_size)));
   CHECK(heap.get());
   memset(heap.get(), 0, heap_size);
@@ -329,7 +328,6 @@ TEST(DnsConfigServiceWinTest, ConvertSuffixSearch) {
       { "a.b", "connection.suffix" },
     },
     {  // Devolution disabled when no explicit level.
-       // Windows XP and Vista use a default level = 2, but we don't.
       {
         { false },
         { false },
@@ -395,16 +393,11 @@ TEST(DnsConfigServiceWinTest, AppendToMultiLabelName) {
     { 0 },
   };
 
-  // The default setting was true pre-Vista.
-  bool default_value = (base::win::GetVersion() < base::win::VERSION_VISTA);
-
   const struct TestCase {
     internal::DnsSystemSettings::RegDword input;
     bool expected_output;
   } cases[] = {
-    { { true, 0 }, false },
-    { { true, 1 }, true },
-    { { false, 0 }, default_value },
+      {{true, 0}, false}, {{true, 1}, true}, {{false, 0}, false},
   };
 
   for (const auto& t : cases) {
diff --git a/chromium/net/dns/dns_config_watcher_mac.cc b/chromium/net/dns/dns_config_watcher_mac.cc
index 0139472cbd1..64d833acf2c 100644
--- a/chromium/net/dns/dns_config_watcher_mac.cc
+++ b/chromium/net/dns/dns_config_watcher_mac.cc
@@ -81,7 +81,7 @@ bool DnsConfigWatcher::Watch(
 ConfigParsePosixResult DnsConfigWatcher::CheckDnsConfig() {
   if (!GetDnsInfoApi().dns_configuration_copy)
     return CONFIG_PARSE_POSIX_NO_DNSINFO;
-  scoped_ptr<dns_config_t, DnsConfigTDeleter> dns_config(
+  std::unique_ptr<dns_config_t, DnsConfigTDeleter> dns_config(
       GetDnsInfoApi().dns_configuration_copy());
   if (!dns_config)
     return CONFIG_PARSE_POSIX_NO_DNSINFO;
diff --git a/chromium/net/dns/dns_hosts.h b/chromium/net/dns/dns_hosts.h
index 2ce7c52dc16..e55772b7e35 100644
--- a/chromium/net/dns/dns_hosts.h
+++ b/chromium/net/dns/dns_hosts.h
@@ -9,32 +9,26 @@
 
 #include <map>
 #include <string>
+#include <unordered_map>
 #include <utility>
 #include <vector>
 
-#include "base/containers/hash_tables.h"
 #include "base/files/file_path.h"
+#include "base/strings/string_piece.h"
 #include "net/base/address_family.h"
 #include "net/base/ip_address.h"
 #include "net/base/net_export.h"
 
 namespace net {
-  typedef std::pair<std::string, AddressFamily> DnsHostsKey;
-};
 
-namespace BASE_HASH_NAMESPACE {
+using DnsHostsKey = std::pair<std::string, AddressFamily>;
 
-template<>
-struct hash<net::DnsHostsKey> {
-  std::size_t operator()(const net::DnsHostsKey& key) const {
+struct DnsHostsKeyHash {
+  std::size_t operator()(const DnsHostsKey& key) const {
     return base::StringPieceHash()(key.first) + key.second;
   }
 };
 
-}  // namespace BASE_HASH_NAMESPACE
-
-namespace net {
-
 // There are OS-specific variations in how commas in the hosts file behave.
 enum ParseHostsCommaMode {
   // Comma is treated as part of a hostname:
@@ -56,13 +50,7 @@ enum ParseHostsCommaMode {
 // 127.0.0.1 localhost
 // 10.0.0.1 localhost
 // The expected resolution of localhost is 127.0.0.1.
-#if !defined(OS_ANDROID)
-typedef base::hash_map<DnsHostsKey, IPAddress> DnsHosts;
-#else
-// Android's hash_map doesn't support ==, so fall back to map.  (Chromium on
-// Android doesn't use the built-in DNS resolver anyway, so it's irrelevant.)
-typedef std::map<DnsHostsKey, IPAddress> DnsHosts;
-#endif
+using DnsHosts = std::unordered_map<DnsHostsKey, IPAddress, DnsHostsKeyHash>;
 
 // Parses |contents| (as read from /etc/hosts or equivalent) and stores results
 // in |dns_hosts|. Invalid lines are ignored (as in most implementations).
diff --git a/chromium/net/dns/dns_hosts_parse_fuzzer.cc b/chromium/net/dns/dns_hosts_parse_fuzzer.cc
new file mode 100644
index 00000000000..194cb2b4b8f
--- /dev/null
+++ b/chromium/net/dns/dns_hosts_parse_fuzzer.cc
@@ -0,0 +1,22 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include <string>
+
+#include "net/dns/dns_hosts.h"
+
+// Entry point for LibFuzzer.
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  std::string input(reinterpret_cast<const char*>(data), size);
+  net::DnsHosts dns_hosts;
+  net::ParseHostsWithCommaModeForTesting(input, &dns_hosts,
+                                         net::PARSE_HOSTS_COMMA_IS_TOKEN);
+  dns_hosts.clear();
+  net::ParseHostsWithCommaModeForTesting(input, &dns_hosts,
+                                         net::PARSE_HOSTS_COMMA_IS_WHITESPACE);
+  return 0;
+}
diff --git a/chromium/net/dns/dns_query.cc b/chromium/net/dns/dns_query.cc
index b5ebd46f761..aa9bc70454e 100644
--- a/chromium/net/dns/dns_query.cc
+++ b/chromium/net/dns/dns_query.cc
@@ -5,6 +5,7 @@
 #include "net/dns/dns_query.h"
 
 #include "base/big_endian.h"
+#include "base/memory/ptr_util.h"
 #include "base/sys_byteorder.h"
 #include "net/base/io_buffer.h"
 #include "net/dns/dns_protocol.h"
@@ -38,8 +39,8 @@ DnsQuery::DnsQuery(uint16_t id, const base::StringPiece& qname, uint16_t qtype)
 DnsQuery::~DnsQuery() {
 }
 
-scoped_ptr<DnsQuery> DnsQuery::CloneWithNewId(uint16_t id) const {
-  return make_scoped_ptr(new DnsQuery(*this, id));
+std::unique_ptr<DnsQuery> DnsQuery::CloneWithNewId(uint16_t id) const {
+  return base::WrapUnique(new DnsQuery(*this, id));
 }
 
 uint16_t DnsQuery::id() const {
diff --git a/chromium/net/dns/dns_query.h b/chromium/net/dns/dns_query.h
index 8547570ac48..8266a720d83 100644
--- a/chromium/net/dns/dns_query.h
+++ b/chromium/net/dns/dns_query.h
@@ -8,9 +8,10 @@
 #include <stddef.h>
 #include <stdint.h>
 
+#include <memory>
+
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_piece.h"
 #include "net/base/net_export.h"
 
@@ -32,7 +33,7 @@ class NET_EXPORT_PRIVATE DnsQuery {
   ~DnsQuery();
 
   // Clones |this| verbatim, with ID field of the header set to |id|.
-  scoped_ptr<DnsQuery> CloneWithNewId(uint16_t id) const;
+  std::unique_ptr<DnsQuery> CloneWithNewId(uint16_t id) const;
 
   // DnsQuery field accessors.
   uint16_t id() const;
diff --git a/chromium/net/dns/dns_query_unittest.cc b/chromium/net/dns/dns_query_unittest.cc
index 2a4648e244f..775fb6c7676 100644
--- a/chromium/net/dns/dns_query_unittest.cc
+++ b/chromium/net/dns/dns_query_unittest.cc
@@ -50,7 +50,7 @@ TEST(DnsQueryTest, Clone) {
 
   DnsQuery q1(0, qname, dns_protocol::kTypeA);
   EXPECT_EQ(0, q1.id());
-  scoped_ptr<DnsQuery> q2 = q1.CloneWithNewId(42);
+  std::unique_ptr<DnsQuery> q2 = q1.CloneWithNewId(42);
   EXPECT_EQ(42, q2->id());
   EXPECT_EQ(q1.io_buffer()->size(), q2->io_buffer()->size());
   EXPECT_EQ(q1.qtype(), q2->qtype());
diff --git a/chromium/net/dns/dns_response_unittest.cc b/chromium/net/dns/dns_response_unittest.cc
index 46f50ed2459..5b0635cac26 100644
--- a/chromium/net/dns/dns_response_unittest.cc
+++ b/chromium/net/dns/dns_response_unittest.cc
@@ -151,7 +151,8 @@ TEST(DnsResponseTest, InitParse) {
   const char qname_data[] = "\x0A""codereview""\x08""chromium""\x03""org";
   const base::StringPiece qname(qname_data, sizeof(qname_data));
   // Compilers want to copy when binding temporary to const &, so must use heap.
-  scoped_ptr<DnsQuery> query(new DnsQuery(0xcafe, qname, dns_protocol::kTypeA));
+  std::unique_ptr<DnsQuery> query(
+      new DnsQuery(0xcafe, qname, dns_protocol::kTypeA));
 
   const uint8_t response_data[] = {
       // Header
@@ -197,12 +198,12 @@ TEST(DnsResponseTest, InitParse) {
   EXPECT_FALSE(resp.IsValid());
 
   // Reject wrong id.
-  scoped_ptr<DnsQuery> other_query = query->CloneWithNewId(0xbeef);
+  std::unique_ptr<DnsQuery> other_query = query->CloneWithNewId(0xbeef);
   EXPECT_FALSE(resp.InitParse(sizeof(response_data), *other_query));
   EXPECT_FALSE(resp.IsValid());
 
   // Reject wrong question.
-  scoped_ptr<DnsQuery> wrong_query(
+  std::unique_ptr<DnsQuery> wrong_query(
       new DnsQuery(0xcafe, qname, dns_protocol::kTypeCNAME));
   EXPECT_FALSE(resp.InitParse(sizeof(response_data), *wrong_query));
   EXPECT_FALSE(resp.IsValid());
diff --git a/chromium/net/dns/dns_session.cc b/chromium/net/dns/dns_session.cc
index 6a43eb08ca8..82b947e12f7 100644
--- a/chromium/net/dns/dns_session.cc
+++ b/chromium/net/dns/dns_session.cc
@@ -5,12 +5,14 @@
 #include "net/dns/dns_session.h"
 
 #include <stdint.h>
+
 #include <limits>
 #include <utility>
 
 #include "base/bind.h"
 #include "base/lazy_instance.h"
 #include "base/macros.h"
+#include "base/memory/ptr_util.h"
 #include "base/metrics/field_trial.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/metrics/sample_vector.h"
@@ -70,7 +72,7 @@ struct DnsSession::ServerStats {
   base::TimeDelta rtt_deviation;
 
   // A histogram of observed RTT .
-  scoped_ptr<base::SampleVector> rtt_histogram;
+  std::unique_ptr<base::SampleVector> rtt_histogram;
 
   DISALLOW_COPY_AND_ASSIGN(ServerStats);
 };
@@ -83,9 +85,10 @@ DnsSession::RttBuckets::RttBuckets() : base::BucketRanges(kRTTBucketCount + 1) {
   base::Histogram::InitializeBucketRanges(1, kRTTMaxMs, this);
 }
 
-DnsSession::SocketLease::SocketLease(scoped_refptr<DnsSession> session,
-                                     unsigned server_index,
-                                     scoped_ptr<DatagramClientSocket> socket)
+DnsSession::SocketLease::SocketLease(
+    scoped_refptr<DnsSession> session,
+    unsigned server_index,
+    std::unique_ptr<DatagramClientSocket> socket)
     : session_(session),
       server_index_(server_index),
       socket_(std::move(socket)) {}
@@ -95,7 +98,7 @@ DnsSession::SocketLease::~SocketLease() {
 }
 
 DnsSession::DnsSession(const DnsConfig& config,
-                       scoped_ptr<DnsSocketPool> socket_pool,
+                       std::unique_ptr<DnsSocketPool> socket_pool,
                        const RandIntCallback& rand_int_callback,
                        NetLog* net_log)
     : config_(config),
@@ -129,7 +132,7 @@ void DnsSession::UpdateTimeouts(NetworkChangeNotifier::ConnectionType type) {
 void DnsSession::InitializeServerStats() {
   server_stats_.clear();
   for (size_t i = 0; i < config_.nameservers.size(); ++i) {
-    server_stats_.push_back(make_scoped_ptr(
+    server_stats_.push_back(base::WrapUnique(
         new ServerStats(initial_timeout_, rtt_buckets_.Pointer())));
   }
 }
@@ -264,29 +267,31 @@ base::TimeDelta DnsSession::NextTimeout(unsigned server_index, int attempt) {
 }
 
 // Allocate a socket, already connected to the server address.
-scoped_ptr<DnsSession::SocketLease> DnsSession::AllocateSocket(
-    unsigned server_index, const NetLog::Source& source) {
-  scoped_ptr<DatagramClientSocket> socket;
+std::unique_ptr<DnsSession::SocketLease> DnsSession::AllocateSocket(
+    unsigned server_index,
+    const NetLog::Source& source) {
+  std::unique_ptr<DatagramClientSocket> socket;
 
   socket = socket_pool_->AllocateSocket(server_index);
   if (!socket.get())
-    return scoped_ptr<SocketLease>();
+    return std::unique_ptr<SocketLease>();
 
   socket->NetLog().BeginEvent(NetLog::TYPE_SOCKET_IN_USE,
                               source.ToEventParametersCallback());
 
   SocketLease* lease = new SocketLease(this, server_index, std::move(socket));
-  return scoped_ptr<SocketLease>(lease);
+  return std::unique_ptr<SocketLease>(lease);
 }
 
-scoped_ptr<StreamSocket> DnsSession::CreateTCPSocket(
-    unsigned server_index, const NetLog::Source& source) {
+std::unique_ptr<StreamSocket> DnsSession::CreateTCPSocket(
+    unsigned server_index,
+    const NetLog::Source& source) {
   return socket_pool_->CreateTCPSocket(server_index, source);
 }
 
 // Release a socket.
 void DnsSession::FreeSocket(unsigned server_index,
-                            scoped_ptr<DatagramClientSocket> socket) {
+                            std::unique_ptr<DatagramClientSocket> socket) {
   DCHECK(socket.get());
 
   socket->NetLog().EndEvent(NetLog::TYPE_SOCKET_IN_USE);
diff --git a/chromium/net/dns/dns_session.h b/chromium/net/dns/dns_session.h
index b401a64f138..43228e4c5f1 100644
--- a/chromium/net/dns/dns_session.h
+++ b/chromium/net/dns/dns_session.h
@@ -7,12 +7,12 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <vector>
 
 #include "base/lazy_instance.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/metrics/bucket_ranges.h"
 #include "base/time/time.h"
 #include "net/base/net_export.h"
@@ -46,7 +46,7 @@ class NET_EXPORT_PRIVATE DnsSession
    public:
     SocketLease(scoped_refptr<DnsSession> session,
                 unsigned server_index,
-                scoped_ptr<DatagramClientSocket> socket);
+                std::unique_ptr<DatagramClientSocket> socket);
     ~SocketLease();
 
     unsigned server_index() const { return server_index_; }
@@ -56,13 +56,13 @@ class NET_EXPORT_PRIVATE DnsSession
    private:
     scoped_refptr<DnsSession> session_;
     unsigned server_index_;
-    scoped_ptr<DatagramClientSocket> socket_;
+    std::unique_ptr<DatagramClientSocket> socket_;
 
     DISALLOW_COPY_AND_ASSIGN(SocketLease);
   };
 
   DnsSession(const DnsConfig& config,
-             scoped_ptr<DnsSocketPool> socket_pool,
+             std::unique_ptr<DnsSocketPool> socket_pool,
              const RandIntCallback& rand_int_callback,
              NetLog* net_log);
 
@@ -102,13 +102,13 @@ class NET_EXPORT_PRIVATE DnsSession
 
   // Allocate a socket, already connected to the server address.
   // When the SocketLease is destroyed, the socket will be freed.
-  scoped_ptr<SocketLease> AllocateSocket(unsigned server_index,
-                                         const NetLog::Source& source);
+  std::unique_ptr<SocketLease> AllocateSocket(unsigned server_index,
+                                              const NetLog::Source& source);
 
   // Creates a StreamSocket from the factory for a transaction over TCP. These
   // sockets are not pooled.
-  scoped_ptr<StreamSocket> CreateTCPSocket(unsigned server_index,
-                                           const NetLog::Source& source);
+  std::unique_ptr<StreamSocket> CreateTCPSocket(unsigned server_index,
+                                                const NetLog::Source& source);
 
  private:
   friend class base::RefCounted<DnsSession>;
@@ -119,7 +119,7 @@ class NET_EXPORT_PRIVATE DnsSession
 
   // Release a socket.
   void FreeSocket(unsigned server_index,
-                  scoped_ptr<DatagramClientSocket> socket);
+                  std::unique_ptr<DatagramClientSocket> socket);
 
   // Return the timeout using the TCP timeout method.
   base::TimeDelta NextTimeoutFromJacobson(unsigned server_index, int attempt);
@@ -132,7 +132,7 @@ class NET_EXPORT_PRIVATE DnsSession
       NetworkChangeNotifier::ConnectionType type) override;
 
   const DnsConfig config_;
-  scoped_ptr<DnsSocketPool> socket_pool_;
+  std::unique_ptr<DnsSocketPool> socket_pool_;
   RandCallback rand_callback_;
   NetLog* net_log_;
 
@@ -145,7 +145,7 @@ class NET_EXPORT_PRIVATE DnsSession
   struct ServerStats;
 
   // Track runtime statistics of each DNS server.
-  std::vector<scoped_ptr<ServerStats>> server_stats_;
+  std::vector<std::unique_ptr<ServerStats>> server_stats_;
 
   // Buckets shared for all |ServerStats::rtt_histogram|.
   struct RttBuckets : public base::BucketRanges {
diff --git a/chromium/net/dns/dns_session_unittest.cc b/chromium/net/dns/dns_session_unittest.cc
index e6040850bf6..88cefbe0a79 100644
--- a/chromium/net/dns/dns_session_unittest.cc
+++ b/chromium/net/dns/dns_session_unittest.cc
@@ -5,16 +5,17 @@
 #include "net/dns/dns_session.h"
 
 #include <list>
+#include <memory>
 #include <utility>
 
 #include "base/bind.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/rand_util.h"
 #include "base/stl_util.h"
 #include "net/base/ip_address.h"
 #include "net/dns/dns_protocol.h"
 #include "net/dns/dns_socket_pool.h"
 #include "net/log/net_log.h"
+#include "net/socket/socket_performance_watcher.h"
 #include "net/socket/socket_test_util.h"
 #include "net/socket/ssl_client_socket.h"
 #include "net/socket/stream_socket.h"
@@ -28,27 +29,28 @@ class TestClientSocketFactory : public ClientSocketFactory {
  public:
   ~TestClientSocketFactory() override;
 
-  scoped_ptr<DatagramClientSocket> CreateDatagramClientSocket(
+  std::unique_ptr<DatagramClientSocket> CreateDatagramClientSocket(
       DatagramSocket::BindType bind_type,
       const RandIntCallback& rand_int_cb,
       NetLog* net_log,
       const NetLog::Source& source) override;
 
-  scoped_ptr<StreamSocket> CreateTransportClientSocket(
+  std::unique_ptr<StreamSocket> CreateTransportClientSocket(
       const AddressList& addresses,
+      std::unique_ptr<SocketPerformanceWatcher>,
       NetLog*,
       const NetLog::Source&) override {
     NOTIMPLEMENTED();
-    return scoped_ptr<StreamSocket>();
+    return std::unique_ptr<StreamSocket>();
   }
 
-  scoped_ptr<SSLClientSocket> CreateSSLClientSocket(
-      scoped_ptr<ClientSocketHandle> transport_socket,
+  std::unique_ptr<SSLClientSocket> CreateSSLClientSocket(
+      std::unique_ptr<ClientSocketHandle> transport_socket,
       const HostPortPair& host_and_port,
       const SSLConfig& ssl_config,
       const SSLClientSocketContext& context) override {
     NOTIMPLEMENTED();
-    return scoped_ptr<SSLClientSocket>();
+    return std::unique_ptr<SSLClientSocket>();
   }
 
   void ClearSSLSessionCache() override { NOTIMPLEMENTED(); }
@@ -69,13 +71,13 @@ class DnsSessionTest : public testing::Test {
 
  protected:
   void Initialize(unsigned num_servers);
-  scoped_ptr<DnsSession::SocketLease> Allocate(unsigned server_index);
+  std::unique_ptr<DnsSession::SocketLease> Allocate(unsigned server_index);
   bool DidAllocate(unsigned server_index);
   bool DidFree(unsigned server_index);
   bool NoMoreEvents();
 
   DnsConfig config_;
-  scoped_ptr<TestClientSocketFactory> test_client_socket_factory_;
+  std::unique_ptr<TestClientSocketFactory> test_client_socket_factory_;
   scoped_refptr<DnsSession> session_;
   NetLog::Source source_;
 
@@ -96,14 +98,14 @@ class MockDnsSocketPool : public DnsSocketPool {
     InitializeInternal(nameservers, net_log);
   }
 
-  scoped_ptr<DatagramClientSocket> AllocateSocket(
+  std::unique_ptr<DatagramClientSocket> AllocateSocket(
       unsigned server_index) override {
     test_->OnSocketAllocated(server_index);
     return CreateConnectedSocket(server_index);
   }
 
   void FreeSocket(unsigned server_index,
-                  scoped_ptr<DatagramClientSocket> socket) override {
+                  std::unique_ptr<DatagramClientSocket> socket) override {
     test_->OnSocketFreed(server_index);
   }
 
@@ -125,15 +127,14 @@ void DnsSessionTest::Initialize(unsigned num_servers) {
   DnsSocketPool* dns_socket_pool =
       new MockDnsSocketPool(test_client_socket_factory_.get(), this);
 
-  session_ = new DnsSession(config_,
-                            scoped_ptr<DnsSocketPool>(dns_socket_pool),
-                            base::Bind(&base::RandInt),
-                            NULL /* NetLog */);
+  session_ =
+      new DnsSession(config_, std::unique_ptr<DnsSocketPool>(dns_socket_pool),
+                     base::Bind(&base::RandInt), NULL /* NetLog */);
 
   events_.clear();
 }
 
-scoped_ptr<DnsSession::SocketLease> DnsSessionTest::Allocate(
+std::unique_ptr<DnsSession::SocketLease> DnsSessionTest::Allocate(
     unsigned server_index) {
   return session_->AllocateSocket(server_index, source_);
 }
@@ -177,7 +178,7 @@ bool DnsSessionTest::ExpectEvent(const PoolEvent& expected) {
   return true;
 }
 
-scoped_ptr<DatagramClientSocket>
+std::unique_ptr<DatagramClientSocket>
 TestClientSocketFactory::CreateDatagramClientSocket(
     DatagramSocket::BindType bind_type,
     const RandIntCallback& rand_int_cb,
@@ -187,7 +188,7 @@ TestClientSocketFactory::CreateDatagramClientSocket(
   // simplest SocketDataProvider with no data supplied.
   SocketDataProvider* data_provider = new StaticSocketDataProvider();
   data_providers_.push_back(data_provider);
-  scoped_ptr<MockUDPClientSocket> socket(
+  std::unique_ptr<MockUDPClientSocket> socket(
       new MockUDPClientSocket(data_provider, net_log));
   return std::move(socket);
 }
@@ -197,7 +198,7 @@ TestClientSocketFactory::~TestClientSocketFactory() {
 }
 
 TEST_F(DnsSessionTest, AllocateFree) {
-  scoped_ptr<DnsSession::SocketLease> lease1, lease2;
+  std::unique_ptr<DnsSession::SocketLease> lease1, lease2;
 
   Initialize(2);
   EXPECT_TRUE(NoMoreEvents());
diff --git a/chromium/net/dns/dns_socket_pool.cc b/chromium/net/dns/dns_socket_pool.cc
index e365d57a190..d1f32a24c3d 100644
--- a/chromium/net/dns/dns_socket_pool.cc
+++ b/chromium/net/dns/dns_socket_pool.cc
@@ -57,21 +57,21 @@ void DnsSocketPool::InitializeInternal(
   initialized_ = true;
 }
 
-scoped_ptr<StreamSocket> DnsSocketPool::CreateTCPSocket(
+std::unique_ptr<StreamSocket> DnsSocketPool::CreateTCPSocket(
     unsigned server_index,
     const NetLog::Source& source) {
   DCHECK_LT(server_index, nameservers_->size());
 
-  return scoped_ptr<StreamSocket>(
+  return std::unique_ptr<StreamSocket>(
       socket_factory_->CreateTransportClientSocket(
-          AddressList((*nameservers_)[server_index]), net_log_, source));
+          AddressList((*nameservers_)[server_index]), NULL, net_log_, source));
 }
 
-scoped_ptr<DatagramClientSocket> DnsSocketPool::CreateConnectedSocket(
+std::unique_ptr<DatagramClientSocket> DnsSocketPool::CreateConnectedSocket(
     unsigned server_index) {
   DCHECK_LT(server_index, nameservers_->size());
 
-  scoped_ptr<DatagramClientSocket> socket;
+  std::unique_ptr<DatagramClientSocket> socket;
 
   NetLog::Source no_source;
   socket = socket_factory_->CreateDatagramClientSocket(
@@ -101,22 +101,22 @@ class NullDnsSocketPool : public DnsSocketPool {
     InitializeInternal(nameservers, net_log);
   }
 
-  scoped_ptr<DatagramClientSocket> AllocateSocket(
+  std::unique_ptr<DatagramClientSocket> AllocateSocket(
       unsigned server_index) override {
     return CreateConnectedSocket(server_index);
   }
 
   void FreeSocket(unsigned server_index,
-                  scoped_ptr<DatagramClientSocket> socket) override {}
+                  std::unique_ptr<DatagramClientSocket> socket) override {}
 
  private:
   DISALLOW_COPY_AND_ASSIGN(NullDnsSocketPool);
 };
 
 // static
-scoped_ptr<DnsSocketPool> DnsSocketPool::CreateNull(
+std::unique_ptr<DnsSocketPool> DnsSocketPool::CreateNull(
     ClientSocketFactory* factory) {
-  return scoped_ptr<DnsSocketPool>(new NullDnsSocketPool(factory));
+  return std::unique_ptr<DnsSocketPool>(new NullDnsSocketPool(factory));
 }
 
 class DefaultDnsSocketPool : public DnsSocketPool {
@@ -130,11 +130,11 @@ class DefaultDnsSocketPool : public DnsSocketPool {
   void Initialize(const std::vector<IPEndPoint>* nameservers,
                   NetLog* net_log) override;
 
-  scoped_ptr<DatagramClientSocket> AllocateSocket(
+  std::unique_ptr<DatagramClientSocket> AllocateSocket(
       unsigned server_index) override;
 
   void FreeSocket(unsigned server_index,
-                  scoped_ptr<DatagramClientSocket> socket) override;
+                  std::unique_ptr<DatagramClientSocket> socket) override;
 
  private:
   void FillPool(unsigned server_index, unsigned size);
@@ -147,9 +147,9 @@ class DefaultDnsSocketPool : public DnsSocketPool {
 };
 
 // static
-scoped_ptr<DnsSocketPool> DnsSocketPool::CreateDefault(
+std::unique_ptr<DnsSocketPool> DnsSocketPool::CreateDefault(
     ClientSocketFactory* factory) {
-  return scoped_ptr<DnsSocketPool>(new DefaultDnsSocketPool(factory));
+  return std::unique_ptr<DnsSocketPool>(new DefaultDnsSocketPool(factory));
 }
 
 void DefaultDnsSocketPool::Initialize(
@@ -172,7 +172,7 @@ DefaultDnsSocketPool::~DefaultDnsSocketPool() {
   }
 }
 
-scoped_ptr<DatagramClientSocket> DefaultDnsSocketPool::AllocateSocket(
+std::unique_ptr<DatagramClientSocket> DefaultDnsSocketPool::AllocateSocket(
     unsigned server_index) {
   DCHECK_LT(server_index, pools_.size());
   SocketVector& pool = pools_[server_index];
@@ -180,7 +180,7 @@ scoped_ptr<DatagramClientSocket> DefaultDnsSocketPool::AllocateSocket(
   FillPool(server_index, kAllocateMinSize);
   if (pool.size() == 0) {
     LOG(WARNING) << "No DNS sockets available in pool " << server_index << "!";
-    return scoped_ptr<DatagramClientSocket>();
+    return std::unique_ptr<DatagramClientSocket>();
   }
 
   if (pool.size() < kAllocateMinSize) {
@@ -194,12 +194,12 @@ scoped_ptr<DatagramClientSocket> DefaultDnsSocketPool::AllocateSocket(
   pool[socket_index] = pool.back();
   pool.pop_back();
 
-  return scoped_ptr<DatagramClientSocket>(socket);
+  return std::unique_ptr<DatagramClientSocket>(socket);
 }
 
 void DefaultDnsSocketPool::FreeSocket(
     unsigned server_index,
-    scoped_ptr<DatagramClientSocket> socket) {
+    std::unique_ptr<DatagramClientSocket> socket) {
   DCHECK_LT(server_index, pools_.size());
 }
 
diff --git a/chromium/net/dns/dns_socket_pool.h b/chromium/net/dns/dns_socket_pool.h
index 195393866d8..1e88a87691e 100644
--- a/chromium/net/dns/dns_socket_pool.h
+++ b/chromium/net/dns/dns_socket_pool.h
@@ -5,10 +5,10 @@
 #ifndef NET_DNS_DNS_SOCKET_POOL_H_
 #define NET_DNS_DNS_SOCKET_POOL_H_
 
+#include <memory>
 #include <vector>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 #include "net/log/net_log.h"
 
@@ -30,13 +30,13 @@ class NET_EXPORT_PRIVATE DnsSocketPool {
   // Creates a DnsSocketPool that implements the default strategy for managing
   // sockets.  (This varies by platform; see DnsSocketPoolImpl in
   // dns_socket_pool.cc for details.)
-  static scoped_ptr<DnsSocketPool> CreateDefault(
+  static std::unique_ptr<DnsSocketPool> CreateDefault(
       ClientSocketFactory* factory);
 
   // Creates a DnsSocketPool that implements a "null" strategy -- no sockets are
   // preallocated, allocation requests are satisfied by calling the factory
   // directly, and returned sockets are deleted immediately.
-  static scoped_ptr<DnsSocketPool> CreateNull(
+  static std::unique_ptr<DnsSocketPool> CreateNull(
       ClientSocketFactory* factory);
 
   // Initializes the DnsSocketPool.  |nameservers| is the list of nameservers
@@ -53,20 +53,18 @@ class NET_EXPORT_PRIVATE DnsSocketPool {
   // by |server_index|.  May return a scoped_ptr to NULL if no sockets are
   // available to reuse and the factory fails to produce a socket (or produces
   // one on which Connect fails).
-  virtual scoped_ptr<DatagramClientSocket> AllocateSocket(
+  virtual std::unique_ptr<DatagramClientSocket> AllocateSocket(
       unsigned server_index) = 0;
 
   // Frees a socket allocated by AllocateSocket.  |server_index| must be the
   // same index passed to AllocateSocket.
-  virtual void FreeSocket(
-      unsigned server_index,
-      scoped_ptr<DatagramClientSocket> socket) = 0;
+  virtual void FreeSocket(unsigned server_index,
+                          std::unique_ptr<DatagramClientSocket> socket) = 0;
 
   // Creates a StreamSocket from the factory for a transaction over TCP. These
   // sockets are not pooled.
-  scoped_ptr<StreamSocket> CreateTCPSocket(
-      unsigned server_index,
-      const NetLog::Source& source);
+  std::unique_ptr<StreamSocket> CreateTCPSocket(unsigned server_index,
+                                                const NetLog::Source& source);
 
  protected:
   DnsSocketPool(ClientSocketFactory* socket_factory);
@@ -75,7 +73,7 @@ class NET_EXPORT_PRIVATE DnsSocketPool {
       const std::vector<IPEndPoint>* nameservers,
       NetLog* net_log);
 
-  scoped_ptr<DatagramClientSocket> CreateConnectedSocket(
+  std::unique_ptr<DatagramClientSocket> CreateConnectedSocket(
       unsigned server_index);
 
  private:
diff --git a/chromium/net/dns/dns_test_util.cc b/chromium/net/dns/dns_test_util.cc
index de91048c9fe..6f94b7f9e29 100644
--- a/chromium/net/dns/dns_test_util.cc
+++ b/chromium/net/dns/dns_test_util.cc
@@ -12,7 +12,7 @@
 #include "base/memory/weak_ptr.h"
 #include "base/single_thread_task_runner.h"
 #include "base/sys_byteorder.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/io_buffer.h"
 #include "net/base/net_errors.h"
 #include "net/dns/address_sorter.h"
@@ -108,8 +108,9 @@ class MockTransaction : public DnsTransaction,
           const uint32_t kTTL = 86400;  // One day.
 
           // Size of RDATA which is a IPv4 or IPv6 address.
-          size_t rdata_size = qtype_ == dns_protocol::kTypeA ? kIPv4AddressSize
-                                                             : kIPv6AddressSize;
+          size_t rdata_size = qtype_ == dns_protocol::kTypeA
+                                  ? IPAddress::kIPv4AddressSize
+                                  : IPAddress::kIPv6AddressSize;
 
           // 12 is the sum of sizes of the compressed name reference, TYPE,
           // CLASS, TTL and RDLENGTH.
@@ -166,7 +167,7 @@ class MockTransactionFactory : public DnsTransactionFactory {
 
   ~MockTransactionFactory() override {}
 
-  scoped_ptr<DnsTransaction> CreateTransaction(
+  std::unique_ptr<DnsTransaction> CreateTransaction(
       const std::string& hostname,
       uint16_t qtype,
       const DnsTransactionFactory::CallbackType& callback,
@@ -175,7 +176,7 @@ class MockTransactionFactory : public DnsTransactionFactory {
         new MockTransaction(rules_, hostname, qtype, callback);
     if (transaction->delayed())
       delayed_transactions_.push_back(transaction->AsWeakPtr());
-    return scoped_ptr<DnsTransaction>(transaction);
+    return std::unique_ptr<DnsTransaction>(transaction);
   }
 
   void CompleteDelayedTransactions() {
diff --git a/chromium/net/dns/dns_test_util.h b/chromium/net/dns/dns_test_util.h
index fc325005610..d28c9e44609 100644
--- a/chromium/net/dns/dns_test_util.h
+++ b/chromium/net/dns/dns_test_util.h
@@ -8,10 +8,10 @@
 #include <stddef.h>
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 #include <vector>
 
-#include "base/memory/scoped_ptr.h"
 #include "net/dns/dns_client.h"
 #include "net/dns/dns_config_service.h"
 #include "net/dns/dns_protocol.h"
@@ -201,8 +201,8 @@ class MockDnsClient : public DnsClient {
 
  private:
   DnsConfig config_;
-  scoped_ptr<MockTransactionFactory> factory_;
-  scoped_ptr<AddressSorter> address_sorter_;
+  std::unique_ptr<MockTransactionFactory> factory_;
+  std::unique_ptr<AddressSorter> address_sorter_;
 };
 
 }  // namespace net
diff --git a/chromium/net/dns/dns_transaction.cc b/chromium/net/dns/dns_transaction.cc
index f726bd21c52..a3aa8e12e67 100644
--- a/chromium/net/dns/dns_transaction.cc
+++ b/chromium/net/dns/dns_transaction.cc
@@ -5,6 +5,7 @@
 #include "net/dns/dns_transaction.h"
 
 #include <deque>
+#include <memory>
 #include <string>
 #include <utility>
 #include <vector>
@@ -13,8 +14,8 @@
 #include "base/bind.h"
 #include "base/location.h"
 #include "base/macros.h"
+#include "base/memory/ptr_util.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "base/metrics/histogram.h"
 #include "base/profiler/scoped_tracker.h"
@@ -22,8 +23,8 @@
 #include "base/single_thread_task_runner.h"
 #include "base/stl_util.h"
 #include "base/strings/string_piece.h"
-#include "base/thread_task_runner_handle.h"
 #include "base/threading/non_thread_safe.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/timer/timer.h"
 #include "base/values.h"
 #include "net/base/completion_callback.h"
@@ -62,11 +63,11 @@ bool IsIPLiteral(const std::string& hostname) {
   return ip.AssignFromIPLiteral(hostname);
 }
 
-scoped_ptr<base::Value> NetLogStartCallback(
+std::unique_ptr<base::Value> NetLogStartCallback(
     const std::string* hostname,
     uint16_t qtype,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetString("hostname", *hostname);
   dict->SetInteger("query_type", qtype);
   return std::move(dict);
@@ -103,11 +104,11 @@ class DnsAttempt {
   // Returns a Value representing the received response, along with a reference
   // to the NetLog source source of the UDP socket used.  The request must have
   // completed before this is called.
-  scoped_ptr<base::Value> NetLogResponseCallback(
+  std::unique_ptr<base::Value> NetLogResponseCallback(
       NetLogCaptureMode capture_mode) const {
     DCHECK(GetResponse()->IsValid());
 
-    scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+    std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
     dict->SetInteger("rcode", GetResponse()->rcode());
     dict->SetInteger("answer_count", GetResponse()->answer_count());
     GetSocketNetLog().source().AddToEventParameters(dict.get());
@@ -139,8 +140,8 @@ class DnsAttempt {
 class DnsUDPAttempt : public DnsAttempt {
  public:
   DnsUDPAttempt(unsigned server_index,
-                scoped_ptr<DnsSession::SocketLease> socket_lease,
-                scoped_ptr<DnsQuery> query)
+                std::unique_ptr<DnsSession::SocketLease> socket_lease,
+                std::unique_ptr<DnsQuery> query)
       : DnsAttempt(server_index),
         next_state_(STATE_NONE),
         received_malformed_response_(false),
@@ -288,10 +289,10 @@ class DnsUDPAttempt : public DnsAttempt {
   bool received_malformed_response_;
   base::TimeTicks start_time_;
 
-  scoped_ptr<DnsSession::SocketLease> socket_lease_;
-  scoped_ptr<DnsQuery> query_;
+  std::unique_ptr<DnsSession::SocketLease> socket_lease_;
+  std::unique_ptr<DnsQuery> query_;
 
-  scoped_ptr<DnsResponse> response_;
+  std::unique_ptr<DnsResponse> response_;
 
   CompletionCallback callback_;
 
@@ -301,8 +302,8 @@ class DnsUDPAttempt : public DnsAttempt {
 class DnsTCPAttempt : public DnsAttempt {
  public:
   DnsTCPAttempt(unsigned server_index,
-                scoped_ptr<StreamSocket> socket,
-                scoped_ptr<DnsQuery> query)
+                std::unique_ptr<StreamSocket> socket,
+                std::unique_ptr<DnsQuery> query)
       : DnsAttempt(server_index),
         next_state_(STATE_NONE),
         socket_(std::move(socket)),
@@ -532,13 +533,13 @@ class DnsTCPAttempt : public DnsAttempt {
   State next_state_;
   base::TimeTicks start_time_;
 
-  scoped_ptr<StreamSocket> socket_;
-  scoped_ptr<DnsQuery> query_;
+  std::unique_ptr<StreamSocket> socket_;
+  std::unique_ptr<DnsQuery> query_;
   scoped_refptr<IOBufferWithSize> length_buffer_;
   scoped_refptr<DrainableIOBuffer> buffer_;
 
   uint16_t response_length_;
-  scoped_ptr<DnsResponse> response_;
+  std::unique_ptr<DnsResponse> response_;
 
   CompletionCallback callback_;
 
@@ -706,7 +707,7 @@ class DnsTransactionImpl : public DnsTransaction,
     unsigned attempt_number = attempts_.size();
 
     uint16_t id = session_->NextQueryId();
-    scoped_ptr<DnsQuery> query;
+    std::unique_ptr<DnsQuery> query;
     if (attempts_.empty()) {
       query.reset(new DnsQuery(id, qnames_.front(), qtype_));
     } else {
@@ -720,7 +721,7 @@ class DnsTransactionImpl : public DnsTransaction,
     // Skip over known failed servers.
     server_index = session_->NextGoodServerIndex(server_index);
 
-    scoped_ptr<DnsSession::SocketLease> lease =
+    std::unique_ptr<DnsSession::SocketLease> lease =
         session_->AllocateSocket(server_index, net_log_.source());
 
     bool got_socket = !!lease.get();
@@ -728,7 +729,7 @@ class DnsTransactionImpl : public DnsTransaction,
     DnsUDPAttempt* attempt =
         new DnsUDPAttempt(server_index, std::move(lease), std::move(query));
 
-    attempts_.push_back(make_scoped_ptr(attempt));
+    attempts_.push_back(base::WrapUnique(attempt));
     ++attempts_count_;
 
     if (!got_socket)
@@ -756,12 +757,12 @@ class DnsTransactionImpl : public DnsTransaction,
 
     unsigned server_index = previous_attempt->server_index();
 
-    scoped_ptr<StreamSocket> socket(
+    std::unique_ptr<StreamSocket> socket(
         session_->CreateTCPSocket(server_index, net_log_.source()));
 
     // TODO(szym): Reuse the same id to help the server?
     uint16_t id = session_->NextQueryId();
-    scoped_ptr<DnsQuery> query =
+    std::unique_ptr<DnsQuery> query =
         previous_attempt->GetQuery()->CloneWithNewId(id);
 
     RecordLostPacketsIfAny();
@@ -773,7 +774,7 @@ class DnsTransactionImpl : public DnsTransaction,
     DnsTCPAttempt* attempt =
         new DnsTCPAttempt(server_index, std::move(socket), std::move(query));
 
-    attempts_.push_back(make_scoped_ptr(attempt));
+    attempts_.push_back(base::WrapUnique(attempt));
     ++attempts_count_;
     had_tcp_attempt_ = true;
 
@@ -955,7 +956,7 @@ class DnsTransactionImpl : public DnsTransaction,
   size_t qnames_initial_size_;
 
   // List of attempts for the current name.
-  std::vector<scoped_ptr<DnsAttempt>> attempts_;
+  std::vector<std::unique_ptr<DnsAttempt>> attempts_;
   // Count of attempts, not reset when |attempts_| vector is cleared.
   int  attempts_count_;
   bool had_tcp_attempt_;
@@ -978,12 +979,12 @@ class DnsTransactionFactoryImpl : public DnsTransactionFactory {
     session_ = session;
   }
 
-  scoped_ptr<DnsTransaction> CreateTransaction(
+  std::unique_ptr<DnsTransaction> CreateTransaction(
       const std::string& hostname,
       uint16_t qtype,
       const CallbackType& callback,
       const BoundNetLog& net_log) override {
-    return scoped_ptr<DnsTransaction>(new DnsTransactionImpl(
+    return std::unique_ptr<DnsTransaction>(new DnsTransactionImpl(
         session_.get(), hostname, qtype, callback, net_log));
   }
 
@@ -994,9 +995,9 @@ class DnsTransactionFactoryImpl : public DnsTransactionFactory {
 }  // namespace
 
 // static
-scoped_ptr<DnsTransactionFactory> DnsTransactionFactory::CreateFactory(
+std::unique_ptr<DnsTransactionFactory> DnsTransactionFactory::CreateFactory(
     DnsSession* session) {
-  return scoped_ptr<DnsTransactionFactory>(
+  return std::unique_ptr<DnsTransactionFactory>(
       new DnsTransactionFactoryImpl(session));
 }
 
diff --git a/chromium/net/dns/dns_transaction.h b/chromium/net/dns/dns_transaction.h
index 198b4b81164..fdd05421ccf 100644
--- a/chromium/net/dns/dns_transaction.h
+++ b/chromium/net/dns/dns_transaction.h
@@ -7,11 +7,11 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 
 #include "base/callback_forward.h"
 #include "base/compiler_specific.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 
 namespace net {
@@ -62,7 +62,7 @@ class NET_EXPORT_PRIVATE DnsTransactionFactory {
   //
   // The transaction will run |callback| upon asynchronous completion.
   // The |net_log| is used as the parent log.
-  virtual scoped_ptr<DnsTransaction> CreateTransaction(
+  virtual std::unique_ptr<DnsTransaction> CreateTransaction(
       const std::string& hostname,
       uint16_t qtype,
       const CallbackType& callback,
@@ -70,7 +70,7 @@ class NET_EXPORT_PRIVATE DnsTransactionFactory {
 
   // Creates a DnsTransactionFactory which creates DnsTransactionImpl using the
   // |session|.
-  static scoped_ptr<DnsTransactionFactory> CreateFactory(
+  static std::unique_ptr<DnsTransactionFactory> CreateFactory(
       DnsSession* session) WARN_UNUSED_RESULT;
 };
 
diff --git a/chromium/net/dns/dns_transaction_unittest.cc b/chromium/net/dns/dns_transaction_unittest.cc
index 2f8e67553ee..beb00a1684b 100644
--- a/chromium/net/dns/dns_transaction_unittest.cc
+++ b/chromium/net/dns/dns_transaction_unittest.cc
@@ -5,12 +5,14 @@
 #include "net/dns/dns_transaction.h"
 
 #include <stdint.h>
+
 #include <limits>
+#include <memory>
 #include <utility>
 
 #include "base/bind.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
+#include "base/memory/ptr_util.h"
 #include "base/rand_util.h"
 #include "base/sys_byteorder.h"
 #include "base/test/test_timeouts.h"
@@ -47,7 +49,7 @@ class DnsSocketData {
       : query_(new DnsQuery(id, DomainFromDot(dotted_name), qtype)),
         use_tcp_(use_tcp) {
     if (use_tcp_) {
-      scoped_ptr<uint16_t> length(new uint16_t);
+      std::unique_ptr<uint16_t> length(new uint16_t);
       *length = base::HostToNet16(query_->io_buffer()->size());
       writes_.push_back(MockWrite(mode,
                                   reinterpret_cast<const char*>(length.get()),
@@ -63,12 +65,12 @@ class DnsSocketData {
   // All responses must be added before GetProvider.
 
   // Adds pre-built DnsResponse. |tcp_length| will be used in TCP mode only.
-  void AddResponseWithLength(scoped_ptr<DnsResponse> response,
+  void AddResponseWithLength(std::unique_ptr<DnsResponse> response,
                              IoMode mode,
                              uint16_t tcp_length) {
     CHECK(!provider_.get());
     if (use_tcp_) {
-      scoped_ptr<uint16_t> length(new uint16_t);
+      std::unique_ptr<uint16_t> length(new uint16_t);
       *length = base::HostToNet16(tcp_length);
       reads_.push_back(MockRead(mode,
                                 reinterpret_cast<const char*>(length.get()),
@@ -82,7 +84,7 @@ class DnsSocketData {
   }
 
   // Adds pre-built DnsResponse.
-  void AddResponse(scoped_ptr<DnsResponse> response, IoMode mode) {
+  void AddResponse(std::unique_ptr<DnsResponse> response, IoMode mode) {
     uint16_t tcp_length = response->io_buffer()->size();
     AddResponseWithLength(std::move(response), mode, tcp_length);
   }
@@ -90,16 +92,15 @@ class DnsSocketData {
   // Adds pre-built response from |data| buffer.
   void AddResponseData(const uint8_t* data, size_t length, IoMode mode) {
     CHECK(!provider_.get());
-    AddResponse(make_scoped_ptr(
-        new DnsResponse(reinterpret_cast<const char*>(data), length, 0)), mode);
+    AddResponse(base::WrapUnique(new DnsResponse(
+                    reinterpret_cast<const char*>(data), length, 0)),
+                mode);
   }
 
   // Add no-answer (RCODE only) response matching the query.
   void AddRcode(int rcode, IoMode mode) {
-    scoped_ptr<DnsResponse> response(
-        new DnsResponse(query_->io_buffer()->data(),
-                        query_->io_buffer()->size(),
-                        0));
+    std::unique_ptr<DnsResponse> response(new DnsResponse(
+        query_->io_buffer()->data(), query_->io_buffer()->size(), 0));
     dns_protocol::Header* header =
         reinterpret_cast<dns_protocol::Header*>(response->io_buffer()->data());
     header->flags |= base::HostToNet16(dns_protocol::kFlagResponse | rcode);
@@ -133,13 +134,13 @@ class DnsSocketData {
  private:
   size_t num_reads_and_writes() const { return reads_.size() + writes_.size(); }
 
-  scoped_ptr<DnsQuery> query_;
+  std::unique_ptr<DnsQuery> query_;
   bool use_tcp_;
-  std::vector<scoped_ptr<uint16_t>> lengths_;
-  std::vector<scoped_ptr<DnsResponse>> responses_;
+  std::vector<std::unique_ptr<uint16_t>> lengths_;
+  std::vector<std::unique_ptr<DnsResponse>> responses_;
   std::vector<MockWrite> writes_;
   std::vector<MockRead> reads_;
-  scoped_ptr<SequencedSocketData> provider_;
+  std::unique_ptr<SequencedSocketData> provider_;
 
   DISALLOW_COPY_AND_ASSIGN(DnsSocketData);
 };
@@ -185,18 +186,18 @@ class TestSocketFactory : public MockClientSocketFactory {
   TestSocketFactory() : fail_next_socket_(false) {}
   ~TestSocketFactory() override {}
 
-  scoped_ptr<DatagramClientSocket> CreateDatagramClientSocket(
+  std::unique_ptr<DatagramClientSocket> CreateDatagramClientSocket(
       DatagramSocket::BindType bind_type,
       const RandIntCallback& rand_int_cb,
       NetLog* net_log,
       const NetLog::Source& source) override {
     if (fail_next_socket_) {
       fail_next_socket_ = false;
-      return scoped_ptr<DatagramClientSocket>(
+      return std::unique_ptr<DatagramClientSocket>(
           new FailingUDPClientSocket(&empty_data_, net_log));
     }
     SocketDataProvider* data_provider = mock_data().GetNext();
-    scoped_ptr<TestUDPClientSocket> socket(
+    std::unique_ptr<TestUDPClientSocket> socket(
         new TestUDPClientSocket(this, data_provider, net_log));
     return std::move(socket);
   }
@@ -318,7 +319,7 @@ class TransactionHelper {
  private:
   std::string hostname_;
   uint16_t qtype_;
-  scoped_ptr<DnsTransaction> transaction_;
+  std::unique_ptr<DnsTransaction> transaction_;
   int expected_answer_count_;
   bool cancel_in_callback_;
   bool quit_in_callback_;
@@ -351,7 +352,7 @@ class DnsTransactionTest : public testing::Test {
     transaction_factory_ = DnsTransactionFactory::CreateFactory(session_.get());
   }
 
-  void AddSocketData(scoped_ptr<DnsSocketData> data) {
+  void AddSocketData(std::unique_ptr<DnsSocketData> data) {
     CHECK(socket_factory_.get());
     transaction_ids_.push_back(data->query_id());
     socket_factory_->AddSocketDataProvider(data->GetProvider());
@@ -369,7 +370,7 @@ class DnsTransactionTest : public testing::Test {
                            IoMode mode,
                            bool use_tcp) {
     CHECK(socket_factory_.get());
-    scoped_ptr<DnsSocketData> data(
+    std::unique_ptr<DnsSocketData> data(
         new DnsSocketData(id, dotted_name, qtype, mode, use_tcp));
     data->AddResponseData(response_data, response_length, mode);
     AddSocketData(std::move(data));
@@ -396,7 +397,7 @@ class DnsTransactionTest : public testing::Test {
   // Add expected query of |dotted_name| and |qtype| and no response.
   void AddQueryAndTimeout(const char* dotted_name, uint16_t qtype) {
     uint16_t id = base::RandInt(0, std::numeric_limits<uint16_t>::max());
-    scoped_ptr<DnsSocketData> data(
+    std::unique_ptr<DnsSocketData> data(
         new DnsSocketData(id, dotted_name, qtype, ASYNC, false));
     AddSocketData(std::move(data));
   }
@@ -410,7 +411,7 @@ class DnsTransactionTest : public testing::Test {
                         bool use_tcp) {
     CHECK_NE(dns_protocol::kRcodeNOERROR, rcode);
     uint16_t id = base::RandInt(0, std::numeric_limits<uint16_t>::max());
-    scoped_ptr<DnsSocketData> data(
+    std::unique_ptr<DnsSocketData> data(
         new DnsSocketData(id, dotted_name, qtype, mode, use_tcp));
     data->AddRcode(rcode, mode);
     AddSocketData(std::move(data));
@@ -467,12 +468,12 @@ class DnsTransactionTest : public testing::Test {
 
   DnsConfig config_;
 
-  std::vector<scoped_ptr<DnsSocketData>> socket_data_;
+  std::vector<std::unique_ptr<DnsSocketData>> socket_data_;
 
   std::deque<int> transaction_ids_;
-  scoped_ptr<TestSocketFactory> socket_factory_;
+  std::unique_ptr<TestSocketFactory> socket_factory_;
   scoped_refptr<DnsSession> session_;
-  scoped_ptr<DnsTransactionFactory> transaction_factory_;
+  std::unique_ptr<DnsTransactionFactory> transaction_factory_;
 };
 
 TEST_F(DnsTransactionTest, Lookup) {
@@ -551,7 +552,7 @@ TEST_F(DnsTransactionTest, MismatchedResponseSync) {
   ConfigureFactory();
 
   // Attempt receives mismatched response followed by valid response.
-  scoped_ptr<DnsSocketData> data(
+  std::unique_ptr<DnsSocketData> data(
       new DnsSocketData(0 /* id */, kT0HostName, kT0Qtype, SYNCHRONOUS, false));
   data->AddResponseData(kT1ResponseDatagram,
                         arraysize(kT1ResponseDatagram), SYNCHRONOUS);
@@ -570,7 +571,7 @@ TEST_F(DnsTransactionTest, MismatchedResponseAsync) {
 
   // First attempt receives mismatched response followed by valid response.
   // Second attempt times out.
-  scoped_ptr<DnsSocketData> data(
+  std::unique_ptr<DnsSocketData> data(
       new DnsSocketData(0 /* id */, kT0HostName, kT0Qtype, ASYNC, false));
   data->AddResponseData(kT1ResponseDatagram,
                         arraysize(kT1ResponseDatagram), ASYNC);
@@ -897,14 +898,14 @@ TEST_F(DnsTransactionTest, TCPFailure) {
 TEST_F(DnsTransactionTest, TCPMalformed) {
   AddAsyncQueryAndRcode(kT0HostName, kT0Qtype,
                         dns_protocol::kRcodeNOERROR | dns_protocol::kFlagTC);
-  scoped_ptr<DnsSocketData> data(
+  std::unique_ptr<DnsSocketData> data(
       new DnsSocketData(0 /* id */, kT0HostName, kT0Qtype, ASYNC, true));
   // Valid response but length too short.
   // This must be truncated in the question section. The DnsResponse doesn't
   // examine the answer section until asked to parse it, so truncating it in
   // the answer section would result in the DnsTransaction itself succeeding.
   data->AddResponseWithLength(
-      make_scoped_ptr(
+      base::WrapUnique(
           new DnsResponse(reinterpret_cast<const char*>(kT0ResponseDatagram),
                           arraysize(kT0ResponseDatagram), 0)),
       ASYNC, static_cast<uint16_t>(kT0QuerySize - 1));
@@ -919,7 +920,7 @@ TEST_F(DnsTransactionTest, TCPTimeout) {
   ConfigureFactory();
   AddAsyncQueryAndRcode(kT0HostName, kT0Qtype,
                         dns_protocol::kRcodeNOERROR | dns_protocol::kFlagTC);
-  AddSocketData(make_scoped_ptr(
+  AddSocketData(base::WrapUnique(
       new DnsSocketData(1 /* id */, kT0HostName, kT0Qtype, ASYNC, true)));
 
   TransactionHelper helper0(kT0HostName, kT0Qtype, ERR_DNS_TIMED_OUT);
@@ -929,11 +930,11 @@ TEST_F(DnsTransactionTest, TCPTimeout) {
 TEST_F(DnsTransactionTest, TCPReadReturnsZeroAsync) {
   AddAsyncQueryAndRcode(kT0HostName, kT0Qtype,
                         dns_protocol::kRcodeNOERROR | dns_protocol::kFlagTC);
-  scoped_ptr<DnsSocketData> data(
+  std::unique_ptr<DnsSocketData> data(
       new DnsSocketData(0 /* id */, kT0HostName, kT0Qtype, ASYNC, true));
   // Return all but the last byte of the response.
   data->AddResponseWithLength(
-      make_scoped_ptr(
+      base::WrapUnique(
           new DnsResponse(reinterpret_cast<const char*>(kT0ResponseDatagram),
                           arraysize(kT0ResponseDatagram) - 1, 0)),
       ASYNC, static_cast<uint16_t>(arraysize(kT0ResponseDatagram)));
@@ -948,11 +949,11 @@ TEST_F(DnsTransactionTest, TCPReadReturnsZeroAsync) {
 TEST_F(DnsTransactionTest, TCPReadReturnsZeroSynchronous) {
   AddAsyncQueryAndRcode(kT0HostName, kT0Qtype,
                         dns_protocol::kRcodeNOERROR | dns_protocol::kFlagTC);
-  scoped_ptr<DnsSocketData> data(
+  std::unique_ptr<DnsSocketData> data(
       new DnsSocketData(0 /* id */, kT0HostName, kT0Qtype, ASYNC, true));
   // Return all but the last byte of the response.
   data->AddResponseWithLength(
-      make_scoped_ptr(
+      base::WrapUnique(
           new DnsResponse(reinterpret_cast<const char*>(kT0ResponseDatagram),
                           arraysize(kT0ResponseDatagram) - 1, 0)),
       SYNCHRONOUS, static_cast<uint16_t>(arraysize(kT0ResponseDatagram)));
@@ -967,7 +968,7 @@ TEST_F(DnsTransactionTest, TCPReadReturnsZeroSynchronous) {
 TEST_F(DnsTransactionTest, TCPConnectionClosedAsync) {
   AddAsyncQueryAndRcode(kT0HostName, kT0Qtype,
                         dns_protocol::kRcodeNOERROR | dns_protocol::kFlagTC);
-  scoped_ptr<DnsSocketData> data(
+  std::unique_ptr<DnsSocketData> data(
       new DnsSocketData(0 /* id */, kT0HostName, kT0Qtype, ASYNC, true));
   data->AddReadError(ERR_CONNECTION_CLOSED, ASYNC);
   AddSocketData(std::move(data));
@@ -979,7 +980,7 @@ TEST_F(DnsTransactionTest, TCPConnectionClosedAsync) {
 TEST_F(DnsTransactionTest, TCPConnectionClosedSynchronous) {
   AddAsyncQueryAndRcode(kT0HostName, kT0Qtype,
                         dns_protocol::kRcodeNOERROR | dns_protocol::kFlagTC);
-  scoped_ptr<DnsSocketData> data(
+  std::unique_ptr<DnsSocketData> data(
       new DnsSocketData(0 /* id */, kT0HostName, kT0Qtype, ASYNC, true));
   data->AddReadError(ERR_CONNECTION_CLOSED, SYNCHRONOUS);
   AddSocketData(std::move(data));
diff --git a/chromium/net/dns/dns_util.cc b/chromium/net/dns/dns_util.cc
index 5f10ad2365f..48be035c0e3 100644
--- a/chromium/net/dns/dns_util.cc
+++ b/chromium/net/dns/dns_util.cc
@@ -13,6 +13,7 @@
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_split.h"
 #include "build/build_config.h"
+#include "net/base/address_list.h"
 
 #if defined(OS_POSIX)
 #include <netinet/in.h>
@@ -192,4 +193,35 @@ base::TimeDelta GetTimeDeltaForConnectionTypeFromFieldTrialOrDefault(
 }
 #endif  // !defined(OS_NACL)
 
+AddressListDeltaType FindAddressListDeltaType(const AddressList& a,
+                                              const AddressList& b) {
+  bool pairwise_mismatch = false;
+  bool any_match = false;
+  bool any_missing = false;
+  bool same_size = a.size() == b.size();
+
+  for (size_t i = 0; i < a.size(); ++i) {
+    bool this_match = false;
+    for (size_t j = 0; j < b.size(); ++j) {
+      if (a[i] == b[j]) {
+        any_match = true;
+        this_match = true;
+      } else if (i == j) {
+        pairwise_mismatch = true;
+      }
+    }
+    if (!this_match)
+      any_missing = true;
+  }
+
+  if (same_size && !pairwise_mismatch)
+    return DELTA_IDENTICAL;
+  else if (same_size && !any_missing)
+    return DELTA_REORDERED;
+  else if (any_match)
+    return DELTA_OVERLAP;
+  else
+    return DELTA_DISJOINT;
+}
+
 }  // namespace net
diff --git a/chromium/net/dns/dns_util.h b/chromium/net/dns/dns_util.h
index 1acbd668cdc..470242c0ced 100644
--- a/chromium/net/dns/dns_util.h
+++ b/chromium/net/dns/dns_util.h
@@ -14,6 +14,8 @@
 
 namespace net {
 
+class AddressList;
+
 // DNSDomainFromDot - convert a domain string to DNS format. From DJB's
 // public domain DNS library.
 //
@@ -40,6 +42,25 @@ base::TimeDelta GetTimeDeltaForConnectionTypeFromFieldTrialOrDefault(
     NetworkChangeNotifier::ConnectionType connection_type);
 #endif  // !defined(OS_NACL)
 
+// How similar or different two AddressLists are (see values for details).
+// Used in histograms; do not modify existing values.
+enum AddressListDeltaType {
+  // Both lists contain the same addresses in the same order.
+  DELTA_IDENTICAL = 0,
+  // Both lists contain the same addresses in a different order.
+  DELTA_REORDERED = 1,
+  // The two lists have at least one address in common, but not all of them.
+  DELTA_OVERLAP = 2,
+  // The two lists have no addresses in common.
+  DELTA_DISJOINT = 3,
+  MAX_DELTA_TYPE
+};
+
+// Compares two AddressLists to see how similar or different their addresses
+// are. (See |AddressListDeltaType| for details of exactly what's checked.)
+AddressListDeltaType FindAddressListDeltaType(const AddressList& a,
+                                              const AddressList& b);
+
 }  // namespace net
 
 #endif  // NET_DNS_DNS_UTIL_H_
diff --git a/chromium/net/dns/host_cache.cc b/chromium/net/dns/host_cache.cc
index 4bb2533ba1e..e5dc823a49a 100644
--- a/chromium/net/dns/host_cache.cc
+++ b/chromium/net/dns/host_cache.cc
@@ -5,49 +5,157 @@
 #include "net/dns/host_cache.h"
 
 #include "base/logging.h"
+#include "base/memory/ptr_util.h"
 #include "base/metrics/field_trial.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/trace_event/trace_event.h"
 #include "net/base/net_errors.h"
+#include "net/dns/dns_util.h"
 
 namespace net {
 
-//-----------------------------------------------------------------------------
+namespace {
 
-HostCache::Entry::Entry(int error, const AddressList& addrlist,
+#define CACHE_HISTOGRAM_TIME(name, time) \
+  UMA_HISTOGRAM_LONG_TIMES("DNS.HostCache." name, time)
+
+#define CACHE_HISTOGRAM_COUNT(name, count) \
+  UMA_HISTOGRAM_COUNTS_1000("DNS.HostCache." name, count)
+
+#define CACHE_HISTOGRAM_ENUM(name, value, max) \
+  UMA_HISTOGRAM_ENUMERATION("DNS.HostCache." name, value, max)
+
+}  // namespace
+
+// Used in histograms; do not modify existing values.
+enum HostCache::SetOutcome : int {
+  SET_INSERT = 0,
+  SET_UPDATE_VALID = 1,
+  SET_UPDATE_STALE = 2,
+  MAX_SET_OUTCOME
+};
+
+// Used in histograms; do not modify existing values.
+enum HostCache::LookupOutcome : int {
+  LOOKUP_MISS_ABSENT = 0,
+  LOOKUP_MISS_STALE = 1,
+  LOOKUP_HIT_VALID = 2,
+  LOOKUP_HIT_STALE = 3,
+  MAX_LOOKUP_OUTCOME
+};
+
+// Used in histograms; do not modify existing values.
+enum HostCache::EraseReason : int {
+  ERASE_EVICT = 0,
+  ERASE_CLEAR = 1,
+  ERASE_DESTRUCT = 2,
+  MAX_ERASE_REASON
+};
+
+HostCache::Entry::Entry(int error,
+                        const AddressList& addresses,
                         base::TimeDelta ttl)
-    : error(error),
-      addrlist(addrlist),
-      ttl(ttl) {
+    : error_(error), addresses_(addresses), ttl_(ttl) {
   DCHECK(ttl >= base::TimeDelta());
 }
 
-HostCache::Entry::Entry(int error, const AddressList& addrlist)
-    : error(error),
-      addrlist(addrlist),
-      ttl(base::TimeDelta::FromSeconds(-1)) {
+HostCache::Entry::Entry(int error, const AddressList& addresses)
+    : error_(error),
+      addresses_(addresses),
+      ttl_(base::TimeDelta::FromSeconds(-1)) {}
+
+HostCache::Entry::~Entry() {}
+
+HostCache::Entry::Entry(const HostCache::Entry& entry,
+                        base::TimeTicks now,
+                        base::TimeDelta ttl,
+                        int network_changes)
+    : error_(entry.error()),
+      addresses_(entry.addresses()),
+      ttl_(entry.ttl()),
+      expires_(now + ttl),
+      network_changes_(network_changes),
+      total_hits_(0),
+      stale_hits_(0) {}
+
+bool HostCache::Entry::IsStale(base::TimeTicks now, int network_changes) const {
+  EntryStaleness stale;
+  stale.expired_by = now - expires_;
+  stale.network_changes = network_changes - network_changes_;
+  stale.stale_hits = stale_hits_;
+  return stale.is_stale();
 }
 
-HostCache::Entry::~Entry() {
+void HostCache::Entry::CountHit(bool hit_is_stale) {
+  ++total_hits_;
+  if (hit_is_stale)
+    ++stale_hits_;
 }
 
-//-----------------------------------------------------------------------------
+void HostCache::Entry::GetStaleness(base::TimeTicks now,
+                                    int network_changes,
+                                    EntryStaleness* out) const {
+  DCHECK(out);
+  out->expired_by = now - expires_;
+  out->network_changes = network_changes - network_changes_;
+  out->stale_hits = stale_hits_;
+}
 
 HostCache::HostCache(size_t max_entries)
-    : entries_(max_entries) {
-}
+    : max_entries_(max_entries), network_changes_(0) {}
 
 HostCache::~HostCache() {
+  RecordEraseAll(ERASE_DESTRUCT, base::TimeTicks::Now());
 }
 
 const HostCache::Entry* HostCache::Lookup(const Key& key,
                                           base::TimeTicks now) {
   DCHECK(CalledOnValidThread());
   if (caching_is_disabled())
-    return NULL;
+    return nullptr;
+
+  HostCache::Entry* entry = LookupInternal(key);
+  if (!entry) {
+    RecordLookup(LOOKUP_MISS_ABSENT, now, nullptr);
+    return nullptr;
+  }
+  if (entry->IsStale(now, network_changes_)) {
+    RecordLookup(LOOKUP_MISS_STALE, now, entry);
+    return nullptr;
+  }
+
+  entry->CountHit(/* hit_is_stale= */ false);
+  RecordLookup(LOOKUP_HIT_VALID, now, entry);
+  return entry;
+}
+
+const HostCache::Entry* HostCache::LookupStale(
+    const Key& key,
+    base::TimeTicks now,
+    HostCache::EntryStaleness* stale_out) {
+  DCHECK(CalledOnValidThread());
+  if (caching_is_disabled())
+    return nullptr;
+
+  HostCache::Entry* entry = LookupInternal(key);
+  if (!entry) {
+    RecordLookup(LOOKUP_MISS_ABSENT, now, nullptr);
+    return nullptr;
+  }
+
+  bool is_stale = entry->IsStale(now, network_changes_);
+  entry->CountHit(/* hit_is_stale= */ is_stale);
+  RecordLookup(is_stale ? LOOKUP_HIT_STALE : LOOKUP_HIT_VALID, now, entry);
+
+  if (stale_out)
+    entry->GetStaleness(now, network_changes_, stale_out);
+  return entry;
+}
 
-  return entries_.Get(key, now);
+HostCache::Entry* HostCache::LookupInternal(const Key& key) {
+  auto it = entries_.find(key);
+  return (it != entries_.end()) ? &it->second : nullptr;
 }
 
 void HostCache::Set(const Key& key,
@@ -59,12 +167,35 @@ void HostCache::Set(const Key& key,
   if (caching_is_disabled())
     return;
 
-  entries_.Put(key, entry, now, now + ttl);
+  auto it = entries_.find(key);
+  if (it != entries_.end()) {
+    bool is_stale = it->second.IsStale(now, network_changes_);
+    RecordSet(is_stale ? SET_UPDATE_STALE : SET_UPDATE_VALID, now, &it->second,
+              entry);
+    // TODO(juliatuttle): Remember some old metadata (hit count or frequency or
+    // something like that) if it's useful for better eviction algorithms?
+    entries_.erase(it);
+  } else {
+    if (size() == max_entries_)
+      EvictOneEntry(now);
+    RecordSet(SET_INSERT, now, nullptr, entry);
+  }
+
+  DCHECK_GT(max_entries_, size());
+  DCHECK_EQ(0u, entries_.count(key));
+  entries_.insert(
+      std::make_pair(Key(key), Entry(entry, now, ttl, network_changes_)));
+  DCHECK_GE(max_entries_, size());
+}
+
+void HostCache::OnNetworkChange() {
+  ++network_changes_;
 }
 
 void HostCache::clear() {
   DCHECK(CalledOnValidThread());
-  entries_.Clear();
+  RecordEraseAll(ERASE_CLEAR, base::TimeTicks::Now());
+  entries_.clear();
 }
 
 size_t HostCache::size() const {
@@ -74,18 +205,12 @@ size_t HostCache::size() const {
 
 size_t HostCache::max_entries() const {
   DCHECK(CalledOnValidThread());
-  return entries_.max_entries();
-}
-
-// Note that this map may contain expired entries.
-const HostCache::EntryMap& HostCache::entries() const {
-  DCHECK(CalledOnValidThread());
-  return entries_;
+  return max_entries_;
 }
 
 // static
-scoped_ptr<HostCache> HostCache::CreateDefaultCache() {
-  // Cache capacity is determined by the field trial.
+std::unique_ptr<HostCache> HostCache::CreateDefaultCache() {
+// Cache capacity is determined by the field trial.
 #if defined(ENABLE_BUILT_IN_DNS)
   const size_t kDefaultMaxEntries = 1000;
 #else
@@ -97,28 +222,121 @@ scoped_ptr<HostCache> HostCache::CreateDefaultCache() {
                       &max_entries);
   if ((max_entries == 0) || (max_entries > kSaneMaxEntries))
     max_entries = kDefaultMaxEntries;
-  return make_scoped_ptr(new HostCache(max_entries));
+  return base::WrapUnique(new HostCache(max_entries));
 }
 
-void HostCache::EvictionHandler::Handle(
-    const Key& key,
-    const Entry& entry,
-    const base::TimeTicks& expiration,
-    const base::TimeTicks& now,
-    bool on_get) const {
-  if (on_get) {
-    DCHECK(now >= expiration);
-    UMA_HISTOGRAM_CUSTOM_TIMES("DNS.CacheExpiredOnGet", now - expiration,
-        base::TimeDelta::FromSeconds(1), base::TimeDelta::FromDays(1), 100);
-    return;
+void HostCache::EvictOneEntry(base::TimeTicks now) {
+  DCHECK_LT(0u, entries_.size());
+
+  auto oldest_it = entries_.begin();
+  for (auto it = entries_.begin(); it != entries_.end(); ++it) {
+    if (it->second.expires() < oldest_it->second.expires())
+      oldest_it = it;
   }
-  if (expiration > now) {
-    UMA_HISTOGRAM_CUSTOM_TIMES("DNS.CacheEvicted", expiration - now,
-        base::TimeDelta::FromSeconds(1), base::TimeDelta::FromDays(1), 100);
+
+  RecordErase(ERASE_EVICT, now, oldest_it->second);
+  entries_.erase(oldest_it);
+}
+
+void HostCache::RecordSet(SetOutcome outcome,
+                          base::TimeTicks now,
+                          const Entry* old_entry,
+                          const Entry& new_entry) {
+  CACHE_HISTOGRAM_ENUM("Set", outcome, MAX_SET_OUTCOME);
+  switch (outcome) {
+    case SET_INSERT:
+    case SET_UPDATE_VALID:
+      // Nothing to log here.
+      break;
+    case SET_UPDATE_STALE: {
+      EntryStaleness stale;
+      old_entry->GetStaleness(now, network_changes_, &stale);
+      CACHE_HISTOGRAM_TIME("UpdateStale.ExpiredBy", stale.expired_by);
+      CACHE_HISTOGRAM_COUNT("UpdateStale.NetworkChanges",
+                            stale.network_changes);
+      CACHE_HISTOGRAM_COUNT("UpdateStale.StaleHits", stale.stale_hits);
+      if (old_entry->error() == OK && new_entry.error() == OK) {
+        AddressListDeltaType delta = FindAddressListDeltaType(
+            old_entry->addresses(), new_entry.addresses());
+        RecordUpdateStale(delta, stale);
+      }
+      break;
+    }
+    case MAX_SET_OUTCOME:
+      NOTREACHED();
+      break;
+  }
+}
+
+void HostCache::RecordUpdateStale(AddressListDeltaType delta,
+                                  const EntryStaleness& stale) {
+  CACHE_HISTOGRAM_ENUM("UpdateStale.AddressListDelta", delta, MAX_DELTA_TYPE);
+  switch (delta) {
+    case DELTA_IDENTICAL:
+      CACHE_HISTOGRAM_TIME("UpdateStale.ExpiredBy_Identical", stale.expired_by);
+      CACHE_HISTOGRAM_COUNT("UpdateStale.NetworkChanges_Identical",
+                            stale.network_changes);
+      break;
+    case DELTA_REORDERED:
+      CACHE_HISTOGRAM_TIME("UpdateStale.ExpiredBy_Reordered", stale.expired_by);
+      CACHE_HISTOGRAM_COUNT("UpdateStale.NetworkChanges_Reordered",
+                            stale.network_changes);
+      break;
+    case DELTA_OVERLAP:
+      CACHE_HISTOGRAM_TIME("UpdateStale.ExpiredBy_Overlap", stale.expired_by);
+      CACHE_HISTOGRAM_COUNT("UpdateStale.NetworkChanges_Overlap",
+                            stale.network_changes);
+      break;
+    case DELTA_DISJOINT:
+      CACHE_HISTOGRAM_TIME("UpdateStale.ExpiredBy_Disjoint", stale.expired_by);
+      CACHE_HISTOGRAM_COUNT("UpdateStale.NetworkChanges_Dijsoint",
+                            stale.network_changes);
+      break;
+    case MAX_DELTA_TYPE:
+      NOTREACHED();
+      break;
+  }
+}
+
+void HostCache::RecordLookup(LookupOutcome outcome,
+                             base::TimeTicks now,
+                             const Entry* entry) {
+  CACHE_HISTOGRAM_ENUM("Lookup", outcome, MAX_LOOKUP_OUTCOME);
+  switch (outcome) {
+    case LOOKUP_MISS_ABSENT:
+    case LOOKUP_MISS_STALE:
+    case LOOKUP_HIT_VALID:
+      // Nothing to log here.
+      break;
+    case LOOKUP_HIT_STALE:
+      CACHE_HISTOGRAM_TIME("LookupStale.ExpiredBy", now - entry->expires());
+      CACHE_HISTOGRAM_COUNT("LookupStale.NetworkChanges",
+                            network_changes_ - entry->network_changes());
+      break;
+    case MAX_LOOKUP_OUTCOME:
+      NOTREACHED();
+      break;
+  }
+}
+
+void HostCache::RecordErase(EraseReason reason,
+                            base::TimeTicks now,
+                            const Entry& entry) {
+  HostCache::EntryStaleness stale;
+  entry.GetStaleness(now, network_changes_, &stale);
+  CACHE_HISTOGRAM_ENUM("Erase", reason, MAX_ERASE_REASON);
+  if (stale.is_stale()) {
+    CACHE_HISTOGRAM_TIME("EvictStale.ExpiredBy", stale.expired_by);
+    CACHE_HISTOGRAM_COUNT("EvictStale.NetworkChanges", stale.network_changes);
+    CACHE_HISTOGRAM_COUNT("EvictStale.StaleHits", entry.stale_hits());
   } else {
-    UMA_HISTOGRAM_CUSTOM_TIMES("DNS.CacheExpired", now - expiration,
-        base::TimeDelta::FromSeconds(1), base::TimeDelta::FromDays(1), 100);
+    CACHE_HISTOGRAM_TIME("EvictValid.ValidFor", -stale.expired_by);
   }
 }
 
+void HostCache::RecordEraseAll(EraseReason reason, base::TimeTicks now) {
+  for (const auto& it : entries_)
+    RecordErase(reason, now, it.second);
+}
+
 }  // namespace net
diff --git a/chromium/net/dns/host_cache.h b/chromium/net/dns/host_cache.h
index 70b18930a2a..700d5c2e801 100644
--- a/chromium/net/dns/host_cache.h
+++ b/chromium/net/dns/host_cache.h
@@ -8,40 +8,25 @@
 #include <stddef.h>
 
 #include <functional>
+#include <memory>
 #include <string>
 #include <tuple>
 
 #include "base/gtest_prod_util.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/threading/non_thread_safe.h"
 #include "base/time/time.h"
 #include "net/base/address_family.h"
 #include "net/base/address_list.h"
 #include "net/base/expiring_cache.h"
 #include "net/base/net_export.h"
+#include "net/dns/dns_util.h"
 
 namespace net {
 
 // Cache used by HostResolver to map hostnames to their resolved result.
 class NET_EXPORT HostCache : NON_EXPORTED_BASE(public base::NonThreadSafe) {
  public:
-  // Stores the latest address list that was looked up for a hostname.
-  struct NET_EXPORT Entry {
-    Entry(int error, const AddressList& addrlist, base::TimeDelta ttl);
-    // Use when |ttl| is unknown.
-    Entry(int error, const AddressList& addrlist);
-    ~Entry();
-
-    bool has_ttl() const { return ttl >= base::TimeDelta(); }
-
-    // The resolve results for this entry.
-    int error;
-    AddressList addrlist;
-    // TTL obtained from the nameserver. Negative if unknown.
-    base::TimeDelta ttl;
-  };
-
   struct Key {
     Key(const std::string& hostname, AddressFamily address_family,
         HostResolverFlags host_resolver_flags)
@@ -64,17 +49,70 @@ class NET_EXPORT HostCache : NON_EXPORTED_BASE(public base::NonThreadSafe) {
     HostResolverFlags host_resolver_flags;
   };
 
-  struct EvictionHandler {
-    void Handle(const Key& key,
-                const Entry& entry,
-                const base::TimeTicks& expiration,
-                const base::TimeTicks& now,
-                bool onGet) const;
+  struct NET_EXPORT EntryStaleness {
+    // Time since the entry's TTL has expired. Negative if not expired.
+    base::TimeDelta expired_by;
+
+    // Number of network changes since this result was cached.
+    int network_changes;
+
+    // Number of hits to the cache entry while stale (expired or past-network).
+    int stale_hits;
+
+    bool is_stale() const {
+      return network_changes > 0 || expired_by >= base::TimeDelta();
+    }
   };
 
-  typedef ExpiringCache<Key, Entry, base::TimeTicks,
-                        std::less<base::TimeTicks>,
-                        EvictionHandler> EntryMap;
+  // Stores the latest address list that was looked up for a hostname.
+  class NET_EXPORT Entry {
+   public:
+    Entry(int error, const AddressList& addresses, base::TimeDelta ttl);
+    // Use when |ttl| is unknown.
+    Entry(int error, const AddressList& addresses);
+    ~Entry();
+
+    int error() const { return error_; }
+    const AddressList& addresses() const { return addresses_; }
+    bool has_ttl() const { return ttl_ >= base::TimeDelta(); }
+    base::TimeDelta ttl() const { return ttl_; }
+
+    base::TimeTicks expires() const { return expires_; }
+
+   private:
+    friend class HostCache;
+
+    Entry(const Entry& entry,
+          base::TimeTicks now,
+          base::TimeDelta ttl,
+          int network_changes);
+
+    int network_changes() const { return network_changes_; }
+    int total_hits() const { return total_hits_; }
+    int stale_hits() const { return stale_hits_; }
+
+    bool IsStale(base::TimeTicks now, int network_changes) const;
+    void CountHit(bool hit_is_stale);
+    void GetStaleness(base::TimeTicks now,
+                      int network_changes,
+                      EntryStaleness* out) const;
+
+    // The resolve results for this entry.
+    int error_;
+    AddressList addresses_;
+    // TTL obtained from the nameserver. Negative if unknown.
+    base::TimeDelta ttl_;
+
+    base::TimeTicks expires_;
+    // Copied from the cache's network_changes_ when the entry is set; can0
+    // later be compared to it to see if the entry was received on the current
+    // network.
+    int network_changes_;
+    int total_hits_;
+    int stale_hits_;
+  };
+
+  using EntryMap = std::map<Key, Entry>;
 
   // Constructs a HostCache that stores up to |max_entries|.
   explicit HostCache(size_t max_entries);
@@ -85,6 +123,13 @@ class NET_EXPORT HostCache : NON_EXPORTED_BASE(public base::NonThreadSafe) {
   // |now|. If there is no such entry, returns NULL.
   const Entry* Lookup(const Key& key, base::TimeTicks now);
 
+  // Returns a pointer to the entry for |key|, whether it is valid or stale at
+  // time |now|. Fills in |stale_out| with information about how stale it is.
+  // If there is no entry for |key| at all, returns NULL.
+  const Entry* LookupStale(const Key& key,
+                           base::TimeTicks now,
+                           EntryStaleness* stale_out);
+
   // Overwrites or creates an entry for |key|.
   // |entry| is the value to set, |now| is the current time
   // |ttl| is the "time to live".
@@ -93,6 +138,9 @@ class NET_EXPORT HostCache : NON_EXPORTED_BASE(public base::NonThreadSafe) {
            base::TimeTicks now,
            base::TimeDelta ttl);
 
+  // Marks all entries as stale on account of a network change.
+  void OnNetworkChange();
+
   // Empties the cache
   void clear();
 
@@ -102,22 +150,42 @@ class NET_EXPORT HostCache : NON_EXPORTED_BASE(public base::NonThreadSafe) {
   // Following are used by net_internals UI.
   size_t max_entries() const;
 
-  const EntryMap& entries() const;
+  const EntryMap& entries() const { return entries_; }
 
   // Creates a default cache.
-  static scoped_ptr<HostCache> CreateDefaultCache();
+  static std::unique_ptr<HostCache> CreateDefaultCache();
 
  private:
   FRIEND_TEST_ALL_PREFIXES(HostCacheTest, NoCache);
 
+  enum SetOutcome : int;
+  enum LookupOutcome : int;
+  enum EraseReason : int;
+
+  Entry* LookupInternal(const Key& key);
+
+  void RecordSet(SetOutcome outcome,
+                 base::TimeTicks now,
+                 const Entry* old_entry,
+                 const Entry& new_entry);
+  void RecordUpdateStale(AddressListDeltaType delta,
+                         const EntryStaleness& stale);
+  void RecordLookup(LookupOutcome outcome,
+                    base::TimeTicks now,
+                    const Entry* entry);
+  void RecordErase(EraseReason reason, base::TimeTicks now, const Entry& entry);
+  void RecordEraseAll(EraseReason reason, base::TimeTicks now);
+
   // Returns true if this HostCache can contain no entries.
-  bool caching_is_disabled() const {
-    return entries_.max_entries() == 0;
-  }
+  bool caching_is_disabled() const { return max_entries_ == 0; }
+
+  void EvictOneEntry(base::TimeTicks now);
 
   // Map from hostname (presumably in lowercase canonicalized format) to
   // a resolved result entry.
   EntryMap entries_;
+  size_t max_entries_;
+  int network_changes_;
 
   DISALLOW_COPY_AND_ASSIGN(HostCache);
 };
diff --git a/chromium/net/dns/host_cache_unittest.cc b/chromium/net/dns/host_cache_unittest.cc
index 838fedcfaa8..c34627b1696 100644
--- a/chromium/net/dns/host_cache_unittest.cc
+++ b/chromium/net/dns/host_cache_unittest.cc
@@ -42,7 +42,7 @@ TEST(HostCacheTest, Basic) {
   EXPECT_FALSE(cache.Lookup(key1, now));
   cache.Set(key1, entry, now, kTTL);
   EXPECT_TRUE(cache.Lookup(key1, now));
-  EXPECT_TRUE(cache.Lookup(key1, now)->error == entry.error);
+  EXPECT_TRUE(cache.Lookup(key1, now)->error() == entry.error());
 
   EXPECT_EQ(1U, cache.size());
 
@@ -253,9 +253,9 @@ TEST(HostCacheTest, HostResolverFlagsArePartOfKey) {
 }
 
 TEST(HostCacheTest, NoCache) {
-  // Disable caching.
   const base::TimeDelta kTTL = base::TimeDelta::FromSeconds(10);
 
+  // Disable caching.
   HostCache cache(0);
   EXPECT_TRUE(cache.caching_is_disabled());
 
@@ -296,6 +296,105 @@ TEST(HostCacheTest, Clear) {
   EXPECT_EQ(0u, cache.size());
 }
 
+// Try to add too many entries to cache; it should evict the one with the oldest
+// expiration time.
+TEST(HostCacheTest, Evict) {
+  HostCache cache(2);
+
+  base::TimeTicks now;
+
+  HostCache::Key key1 = Key("foobar.com");
+  HostCache::Key key2 = Key("foobar2.com");
+  HostCache::Key key3 = Key("foobar3.com");
+  HostCache::Entry entry = HostCache::Entry(OK, AddressList());
+
+  EXPECT_EQ(0u, cache.size());
+  EXPECT_FALSE(cache.Lookup(key1, now));
+  EXPECT_FALSE(cache.Lookup(key2, now));
+  EXPECT_FALSE(cache.Lookup(key3, now));
+
+  // |key1| expires in 10 seconds, but |key2| in just 5.
+  cache.Set(key1, entry, now, base::TimeDelta::FromSeconds(10));
+  cache.Set(key2, entry, now, base::TimeDelta::FromSeconds(5));
+  EXPECT_EQ(2u, cache.size());
+  EXPECT_TRUE(cache.Lookup(key1, now));
+  EXPECT_TRUE(cache.Lookup(key2, now));
+  EXPECT_FALSE(cache.Lookup(key3, now));
+
+  // |key2| should be chosen for eviction, since it expires sooner.
+  cache.Set(key3, entry, now, base::TimeDelta::FromSeconds(10));
+  EXPECT_EQ(2u, cache.size());
+  EXPECT_TRUE(cache.Lookup(key1, now));
+  EXPECT_FALSE(cache.Lookup(key2, now));
+  EXPECT_TRUE(cache.Lookup(key3, now));
+}
+
+// Try to retrieve stale entries from the cache. They should be returned by
+// |LookupStale()| but not |Lookup()|, with correct |EntryStaleness| data.
+TEST(HostCacheTest, Stale) {
+  const base::TimeDelta kTTL = base::TimeDelta::FromSeconds(10);
+
+  HostCache cache(kMaxCacheEntries);
+
+  // Start at t=0.
+  base::TimeTicks now;
+  HostCache::EntryStaleness stale;
+
+  HostCache::Key key = Key("foobar.com");
+  HostCache::Entry entry = HostCache::Entry(OK, AddressList());
+
+  EXPECT_EQ(0U, cache.size());
+
+  // Add an entry for "foobar.com" at t=0.
+  EXPECT_FALSE(cache.Lookup(key, now));
+  EXPECT_FALSE(cache.LookupStale(key, now, &stale));
+  cache.Set(key, entry, now, kTTL);
+  EXPECT_TRUE(cache.Lookup(key, now));
+  EXPECT_TRUE(cache.LookupStale(key, now, &stale));
+  EXPECT_FALSE(stale.is_stale());
+  EXPECT_EQ(0, stale.stale_hits);
+
+  EXPECT_EQ(1U, cache.size());
+
+  // Advance to t=5.
+  now += base::TimeDelta::FromSeconds(5);
+
+  EXPECT_TRUE(cache.Lookup(key, now));
+  EXPECT_TRUE(cache.LookupStale(key, now, &stale));
+  EXPECT_FALSE(stale.is_stale());
+  EXPECT_EQ(0, stale.stale_hits);
+
+  // Advance to t=15.
+  now += base::TimeDelta::FromSeconds(10);
+
+  EXPECT_FALSE(cache.Lookup(key, now));
+  EXPECT_TRUE(cache.LookupStale(key, now, &stale));
+  EXPECT_TRUE(stale.is_stale());
+  EXPECT_EQ(base::TimeDelta::FromSeconds(5), stale.expired_by);
+  EXPECT_EQ(0, stale.network_changes);
+  EXPECT_EQ(1, stale.stale_hits);
+
+  // Advance to t=20.
+  now += base::TimeDelta::FromSeconds(5);
+
+  EXPECT_FALSE(cache.Lookup(key, now));
+  EXPECT_TRUE(cache.LookupStale(key, now, &stale));
+  EXPECT_TRUE(stale.is_stale());
+  EXPECT_EQ(base::TimeDelta::FromSeconds(10), stale.expired_by);
+  EXPECT_EQ(0, stale.network_changes);
+  EXPECT_EQ(2, stale.stale_hits);
+
+  // Simulate network change.
+  cache.OnNetworkChange();
+
+  EXPECT_FALSE(cache.Lookup(key, now));
+  EXPECT_TRUE(cache.LookupStale(key, now, &stale));
+  EXPECT_TRUE(stale.is_stale());
+  EXPECT_EQ(base::TimeDelta::FromSeconds(10), stale.expired_by);
+  EXPECT_EQ(1, stale.network_changes);
+  EXPECT_EQ(3, stale.stale_hits);
+}
+
 // Tests the less than and equal operators for HostCache::Key work.
 TEST(HostCacheTest, KeyComparators) {
   struct {
diff --git a/chromium/net/dns/host_resolver.cc b/chromium/net/dns/host_resolver.cc
index a4750674937..f0a751e767d 100644
--- a/chromium/net/dns/host_resolver.cc
+++ b/chromium/net/dns/host_resolver.cc
@@ -103,24 +103,31 @@ HostResolver::~HostResolver() {
 void HostResolver::SetDnsClientEnabled(bool enabled) {
 }
 
+void HostResolver::ChangeRequestPriority(RequestHandle req,
+                                         RequestPriority priority) {
+  NOTIMPLEMENTED();
+}
+
 HostCache* HostResolver::GetHostCache() {
   return NULL;
 }
 
-scoped_ptr<base::Value> HostResolver::GetDnsConfigAsValue() const {
+std::unique_ptr<base::Value> HostResolver::GetDnsConfigAsValue() const {
   return nullptr;
 }
 
 // static
-scoped_ptr<HostResolver> HostResolver::CreateSystemResolver(
+std::unique_ptr<HostResolver> HostResolver::CreateSystemResolver(
     const Options& options,
     NetLog* net_log) {
-  return scoped_ptr<HostResolver>(new HostResolverImpl(options, net_log));
+  return std::unique_ptr<HostResolver>(new HostResolverImpl(options, net_log));
 }
 
 // static
-scoped_ptr<HostResolver> HostResolver::CreateDefaultResolver(NetLog* net_log) {
-  return scoped_ptr<HostResolver>(new HostResolverImpl(Options(), net_log));
+std::unique_ptr<HostResolver> HostResolver::CreateDefaultResolver(
+    NetLog* net_log) {
+  return std::unique_ptr<HostResolver>(
+      new HostResolverImpl(Options(), net_log));
 }
 
 HostResolver::HostResolver() {
diff --git a/chromium/net/dns/host_resolver.h b/chromium/net/dns/host_resolver.h
index 93bc62ec549..840aeb80e35 100644
--- a/chromium/net/dns/host_resolver.h
+++ b/chromium/net/dns/host_resolver.h
@@ -8,10 +8,10 @@
 #include <stddef.h>
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/address_family.h"
 #include "net/base/completion_callback.h"
 #include "net/base/host_port_pair.h"
@@ -163,6 +163,12 @@ class NET_EXPORT HostResolver {
                                AddressList* addresses,
                                const BoundNetLog& net_log) = 0;
 
+  // Changes the priority of the specified request. |req| is the handle returned
+  // by Resolve(). ChangeRequestPriority must NOT be called after the request's
+  // completion callback has already run or the request was canceled.
+  virtual void ChangeRequestPriority(RequestHandle req,
+                                     RequestPriority priority);
+
   // Cancels the specified request. |req| is the handle returned by Resolve().
   // After a request is canceled, its completion callback will not be called.
   // CancelRequest must NOT be called after the request's completion callback
@@ -178,17 +184,17 @@ class NET_EXPORT HostResolver {
 
   // Returns the current DNS configuration |this| is using, as a Value, or
   // nullptr if it's configured to always use the system host resolver.
-  virtual scoped_ptr<base::Value> GetDnsConfigAsValue() const;
+  virtual std::unique_ptr<base::Value> GetDnsConfigAsValue() const;
 
   // Creates a HostResolver implementation that queries the underlying system.
   // (Except if a unit-test has changed the global HostResolverProc using
   // ScopedHostResolverProc to intercept requests to the system).
-  static scoped_ptr<HostResolver> CreateSystemResolver(
+  static std::unique_ptr<HostResolver> CreateSystemResolver(
       const Options& options,
       NetLog* net_log);
 
   // As above, but uses default parameters.
-  static scoped_ptr<HostResolver> CreateDefaultResolver(NetLog* net_log);
+  static std::unique_ptr<HostResolver> CreateDefaultResolver(NetLog* net_log);
 
  protected:
   HostResolver();
diff --git a/chromium/net/dns/host_resolver_impl.cc b/chromium/net/dns/host_resolver_impl.cc
index 1a6bd612b99..5fc531bbf46 100644
--- a/chromium/net/dns/host_resolver_impl.cc
+++ b/chromium/net/dns/host_resolver_impl.cc
@@ -4,8 +4,11 @@
 
 #include "net/dns/host_resolver_impl.h"
 
+#include <memory>
 #include <utility>
 
+#include "base/memory/ptr_util.h"
+
 #if defined(OS_WIN)
 #include <Winsock2.h>
 #elif defined(OS_POSIX)
@@ -23,7 +26,6 @@
 #include "base/debug/debugger.h"
 #include "base/debug/stack_trace.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/metrics/field_trial.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/metrics/sparse_histogram.h"
@@ -32,7 +34,7 @@
 #include "base/stl_util.h"
 #include "base/strings/string_util.h"
 #include "base/strings/utf_string_conversions.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/threading/worker_pool.h"
 #include "base/time/time.h"
 #include "base/trace_event/trace_event.h"
@@ -206,11 +208,9 @@ bool IsGloballyReachable(const IPAddress& dest, const BoundNetLog& net_log) {
   tracked_objects::ScopedTracker tracking_profile_1(
       FROM_HERE_WITH_EXPLICIT_FUNCTION("455942 IsGloballyReachable"));
 
-  scoped_ptr<DatagramClientSocket> socket(
+  std::unique_ptr<DatagramClientSocket> socket(
       ClientSocketFactory::GetDefaultFactory()->CreateDatagramClientSocket(
-          DatagramSocket::DEFAULT_BIND,
-          RandIntCallback(),
-          net_log.net_log(),
+          DatagramSocket::DEFAULT_BIND, RandIntCallback(), net_log.net_log(),
           net_log.source()));
   int rv = socket->Connect(IPEndPoint(dest, 53));
   if (rv != OK)
@@ -322,12 +322,12 @@ bool IsAllIPv4Loopback(const AddressList& addresses) {
 }
 
 // Creates NetLog parameters when the resolve failed.
-scoped_ptr<base::Value> NetLogProcTaskFailedCallback(
+std::unique_ptr<base::Value> NetLogProcTaskFailedCallback(
     uint32_t attempt_number,
     int net_error,
     int os_error,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   if (attempt_number)
     dict->SetInteger("attempt_number", attempt_number);
 
@@ -356,11 +356,11 @@ scoped_ptr<base::Value> NetLogProcTaskFailedCallback(
 }
 
 // Creates NetLog parameters when the DnsTask failed.
-scoped_ptr<base::Value> NetLogDnsTaskFailedCallback(
+std::unique_ptr<base::Value> NetLogDnsTaskFailedCallback(
     int net_error,
     int dns_error,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetInteger("net_error", net_error);
   if (dns_error)
     dict->SetInteger("dns_error", dns_error);
@@ -369,10 +369,10 @@ scoped_ptr<base::Value> NetLogDnsTaskFailedCallback(
 
 // Creates NetLog parameters containing the information in a RequestInfo object,
 // along with the associated NetLog::Source.
-scoped_ptr<base::Value> NetLogRequestInfoCallback(
+std::unique_ptr<base::Value> NetLogRequestInfoCallback(
     const HostResolver::RequestInfo* info,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
 
   dict->SetString("host", info->host_port_pair().ToString());
   dict->SetInteger("address_family",
@@ -383,39 +383,39 @@ scoped_ptr<base::Value> NetLogRequestInfoCallback(
 }
 
 // Creates NetLog parameters for the creation of a HostResolverImpl::Job.
-scoped_ptr<base::Value> NetLogJobCreationCallback(
+std::unique_ptr<base::Value> NetLogJobCreationCallback(
     const NetLog::Source& source,
     const std::string* host,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   source.AddToEventParameters(dict.get());
   dict->SetString("host", *host);
   return std::move(dict);
 }
 
 // Creates NetLog parameters for HOST_RESOLVER_IMPL_JOB_ATTACH/DETACH events.
-scoped_ptr<base::Value> NetLogJobAttachCallback(
+std::unique_ptr<base::Value> NetLogJobAttachCallback(
     const NetLog::Source& source,
     RequestPriority priority,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   source.AddToEventParameters(dict.get());
   dict->SetString("priority", RequestPriorityToString(priority));
   return std::move(dict);
 }
 
 // Creates NetLog parameters for the DNS_CONFIG_CHANGED event.
-scoped_ptr<base::Value> NetLogDnsConfigCallback(
+std::unique_ptr<base::Value> NetLogDnsConfigCallback(
     const DnsConfig* config,
     NetLogCaptureMode /* capture_mode */) {
   return config->ToValue();
 }
 
-scoped_ptr<base::Value> NetLogIPv6AvailableCallback(
+std::unique_ptr<base::Value> NetLogIPv6AvailableCallback(
     bool ipv6_available,
     bool cached,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetBoolean("ipv6_available", ipv6_available);
   dict->SetBoolean("cached", cached);
   return std::move(dict);
@@ -574,6 +574,7 @@ class HostResolverImpl::Request {
   }
 
   RequestPriority priority() const { return priority_; }
+  void set_priority(RequestPriority priority) { priority_ = priority; }
 
   base::TimeTicks request_time() const { return request_time_; }
 
@@ -583,8 +584,7 @@ class HostResolverImpl::Request {
   // The request info that started the request.
   const RequestInfo info_;
 
-  // TODO(akalin): Support reprioritization.
-  const RequestPriority priority_;
+  RequestPriority priority_;
 
   // The resolve job that this request is dependent on.
   Job* job_;
@@ -1108,7 +1108,7 @@ class HostResolverImpl::DnsTask : public base::SupportsWeakPtr<DnsTask> {
     transaction_aaaa_->Start();
   }
 
-  scoped_ptr<DnsTransaction> CreateTransaction(AddressFamily family) {
+  std::unique_ptr<DnsTransaction> CreateTransaction(AddressFamily family) {
     DCHECK_NE(ADDRESS_FAMILY_UNSPECIFIED, family);
     return client_->GetTransactionFactory()->CreateTransaction(
         key_.hostname,
@@ -1244,8 +1244,8 @@ class HostResolverImpl::DnsTask : public base::SupportsWeakPtr<DnsTask> {
   Delegate* delegate_;
   const BoundNetLog net_log_;
 
-  scoped_ptr<DnsTransaction> transaction_a_;
-  scoped_ptr<DnsTransaction> transaction_aaaa_;
+  std::unique_ptr<DnsTransaction> transaction_a_;
+  std::unique_ptr<DnsTransaction> transaction_aaaa_;
 
   unsigned num_completed_transactions_;
 
@@ -1312,7 +1312,7 @@ class HostResolverImpl::Job : public PrioritizedDispatcher::Job,
     // else CompleteRequests logged EndEvent.
 
     // Log any remaining Requests as cancelled.
-    for (const scoped_ptr<Request>& req : requests_) {
+    for (const std::unique_ptr<Request>& req : requests_) {
       if (req->was_canceled())
         continue;
       DCHECK_EQ(this, req->job());
@@ -1339,7 +1339,7 @@ class HostResolverImpl::Job : public PrioritizedDispatcher::Job,
     }
   }
 
-  void AddRequest(scoped_ptr<Request> req) {
+  void AddRequest(std::unique_ptr<Request> req) {
     DCHECK_EQ(key_.hostname, req->info().hostname());
 
     req->set_job(this);
@@ -1367,6 +1367,16 @@ class HostResolverImpl::Job : public PrioritizedDispatcher::Job,
     UpdatePriority();
   }
 
+  void ChangeRequestPriority(Request* req, RequestPriority priority) {
+    DCHECK_EQ(key_.hostname, req->info().hostname());
+    DCHECK(!req->was_canceled());
+
+    priority_tracker_.Remove(req->priority());
+    req->set_priority(priority);
+    priority_tracker_.Add(req->priority());
+    UpdatePriority();
+  }
+
   // Marks |req| as cancelled. If it was the last active Request, also finishes
   // this Job, marking it as cancelled, and deletes it.
   void CancelRequest(Request* req) {
@@ -1474,6 +1484,12 @@ class HostResolverImpl::Job : public PrioritizedDispatcher::Job,
     DCHECK_EQ(1u, num_occupied_job_slots_);
   }
 
+  AddressList MakeAddressListForRequest(const AddressList& list) const {
+    if (requests_.empty())
+      return list;
+    return AddressList::CopyWithPort(list, requests_.front()->info().port());
+  }
+
   void UpdatePriority() {
     if (is_queued()) {
       if (priority() != static_cast<RequestPriority>(handle_.priority()))
@@ -1482,12 +1498,6 @@ class HostResolverImpl::Job : public PrioritizedDispatcher::Job,
     }
   }
 
-  AddressList MakeAddressListForRequest(const AddressList& list) const {
-    if (requests_.empty())
-      return list;
-    return AddressList::CopyWithPort(list, requests_.front()->info().port());
-  }
-
   // PriorityDispatch::Job:
   void Start() override {
     DCHECK_LE(num_occupied_job_slots_, 1u);
@@ -1711,7 +1721,7 @@ class HostResolverImpl::Job : public PrioritizedDispatcher::Job,
     // new job with the same key in case one of the OnComplete callbacks decides
     // to spawn one. Consequently, the job deletes itself when CompleteRequests
     // is done.
-    scoped_ptr<Job> self_deleter(this);
+    std::unique_ptr<Job> self_deleter(this);
 
     resolver_->RemoveJob(this);
 
@@ -1738,36 +1748,36 @@ class HostResolverImpl::Job : public PrioritizedDispatcher::Job,
     }
 
     net_log_.EndEventWithNetErrorCode(NetLog::TYPE_HOST_RESOLVER_IMPL_JOB,
-                                      entry.error);
+                                      entry.error());
 
     DCHECK(!requests_.empty());
 
-    if (entry.error == OK) {
+    if (entry.error() == OK) {
       // Record this histogram here, when we know the system has a valid DNS
       // configuration.
       UMA_HISTOGRAM_BOOLEAN("AsyncDNS.HaveDnsConfig",
                             resolver_->received_dns_config_);
     }
 
-    bool did_complete = (entry.error != ERR_NETWORK_CHANGED) &&
-                        (entry.error != ERR_HOST_RESOLVER_QUEUE_TOO_LARGE);
+    bool did_complete = (entry.error() != ERR_NETWORK_CHANGED) &&
+                        (entry.error() != ERR_HOST_RESOLVER_QUEUE_TOO_LARGE);
     if (did_complete)
       resolver_->CacheResult(key_, entry, ttl);
 
     // Complete all of the requests that were attached to the job.
-    for (const scoped_ptr<Request>& req : requests_) {
+    for (const std::unique_ptr<Request>& req : requests_) {
       if (req->was_canceled())
         continue;
 
       DCHECK_EQ(this, req->job());
       // Update the net log and notify registered observers.
-      LogFinishRequest(req->source_net_log(), req->info(), entry.error);
+      LogFinishRequest(req->source_net_log(), req->info(), entry.error());
       if (did_complete) {
         // Record effective total time from creation to completion.
         RecordTotalTime(had_dns_config_, req->info().is_speculative(),
                         base::TimeTicks::Now() - req->request_time());
       }
-      req->OnComplete(entry.error, entry.addrlist);
+      req->OnComplete(entry.error(), entry.addresses());
 
       // Check if the resolver was destroyed as a result of running the
       // callback. If it was, we could continue, but we choose to bail.
@@ -1826,10 +1836,10 @@ class HostResolverImpl::Job : public PrioritizedDispatcher::Job,
   scoped_refptr<ProcTask> proc_task_;
 
   // Resolves the host using a DnsTransaction.
-  scoped_ptr<DnsTask> dns_task_;
+  std::unique_ptr<DnsTask> dns_task_;
 
   // All Requests waiting for the result of this Job. Some can be canceled.
-  std::vector<scoped_ptr<Request>> requests_;
+  std::vector<std::unique_ptr<Request>> requests_;
 
   // A handle used in |HostResolverImpl::dispatcher_|.
   PrioritizedDispatcher::Handle handle_;
@@ -1983,8 +1993,8 @@ int HostResolverImpl::Resolve(const RequestInfo& info,
   }
 
   // Can't complete synchronously. Create and attach request.
-  scoped_ptr<Request> req(new Request(
-      source_net_log, info, priority, callback, addresses));
+  std::unique_ptr<Request> req(
+      new Request(source_net_log, info, priority, callback, addresses));
   if (out_req)
     *out_req = reinterpret_cast<RequestHandle>(req.get());
 
@@ -2045,6 +2055,16 @@ int HostResolverImpl::ResolveFromCache(const RequestInfo& info,
   return rv;
 }
 
+void HostResolverImpl::ChangeRequestPriority(RequestHandle req_handle,
+                                             RequestPriority priority) {
+  DCHECK(CalledOnValidThread());
+  Request* req = reinterpret_cast<Request*>(req_handle);
+  DCHECK(req);
+  Job* job = req->job();
+  DCHECK(job);
+  job->ChangeRequestPriority(req, priority);
+}
+
 void HostResolverImpl::CancelRequest(RequestHandle req_handle) {
   DCHECK(CalledOnValidThread());
   Request* req = reinterpret_cast<Request*>(req_handle);
@@ -2060,7 +2080,7 @@ void HostResolverImpl::SetDnsClientEnabled(bool enabled) {
   if (enabled && !dns_client_) {
     SetDnsClient(DnsClient::CreateClient(net_log_));
   } else if (!enabled && dns_client_) {
-    SetDnsClient(scoped_ptr<DnsClient>());
+    SetDnsClient(std::unique_ptr<DnsClient>());
   }
 #endif
 }
@@ -2069,7 +2089,7 @@ HostCache* HostResolverImpl::GetHostCache() {
   return cache_.get();
 }
 
-scoped_ptr<base::Value> HostResolverImpl::GetDnsConfigAsValue() const {
+std::unique_ptr<base::Value> HostResolverImpl::GetDnsConfigAsValue() const {
   // Check if async DNS is disabled.
   if (!dns_client_.get())
     return nullptr;
@@ -2078,7 +2098,7 @@ scoped_ptr<base::Value> HostResolverImpl::GetDnsConfigAsValue() const {
   // for it.
   const DnsConfig* dns_config = dns_client_->GetConfig();
   if (dns_config == NULL)
-    return make_scoped_ptr(new base::DictionaryValue());
+    return base::WrapUnique(new base::DictionaryValue());
 
   return dns_config->ToValue();
 }
@@ -2121,11 +2141,11 @@ bool HostResolverImpl::ServeFromCache(const Key& key,
   if (!cache_entry)
     return false;
 
-  *net_error = cache_entry->error;
+  *net_error = cache_entry->error();
   if (*net_error == OK) {
     if (cache_entry->has_ttl())
-      RecordTTL(cache_entry->ttl);
-    *addresses = EnsurePortOnAddressList(cache_entry->addrlist, info.port());
+      RecordTTL(cache_entry->ttl());
+    *addresses = EnsurePortOnAddressList(cache_entry->addresses(), info.port());
   }
   return true;
 }
@@ -2274,11 +2294,11 @@ bool HostResolverImpl::IsIPv6Reachable(const BoundNetLog& net_log) {
 void HostResolverImpl::AbortAllInProgressJobs() {
   // In Abort, a Request callback could spawn new Jobs with matching keys, so
   // first collect and remove all running jobs from |jobs_|.
-  std::vector<scoped_ptr<Job>> jobs_to_abort;
+  std::vector<std::unique_ptr<Job>> jobs_to_abort;
   for (JobMap::iterator it = jobs_.begin(); it != jobs_.end(); ) {
     Job* job = it->second;
     if (job->is_running()) {
-      jobs_to_abort.push_back(make_scoped_ptr(job));
+      jobs_to_abort.push_back(base::WrapUnique(job));
       jobs_.erase(it++);
     } else {
       DCHECK(job->is_queued());
@@ -2451,7 +2471,7 @@ void HostResolverImpl::OnDnsTaskResolve(int net_error) {
                               std::abs(net_error));
 }
 
-void HostResolverImpl::SetDnsClient(scoped_ptr<DnsClient> dns_client) {
+void HostResolverImpl::SetDnsClient(std::unique_ptr<DnsClient> dns_client) {
   // DnsClient and config must be updated before aborting DnsTasks, since doing
   // so may start new jobs.
   dns_client_ = std::move(dns_client);
diff --git a/chromium/net/dns/host_resolver_impl.h b/chromium/net/dns/host_resolver_impl.h
index 5334f7bd62f..5c3124cba59 100644
--- a/chromium/net/dns/host_resolver_impl.h
+++ b/chromium/net/dns/host_resolver_impl.h
@@ -9,9 +9,9 @@
 #include <stdint.h>
 
 #include <map>
+#include <memory>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "base/strings/string_piece.h"
 #include "base/threading/non_thread_safe.h"
@@ -128,7 +128,7 @@ class NET_EXPORT HostResolverImpl
   // HostResolverProc from ProcTaskParams will be queried. If the DnsClient is
   // not pre-configured with a valid DnsConfig, a new config is fetched from
   // NetworkChangeNotifier.
-  void SetDnsClient(scoped_ptr<DnsClient> dns_client);
+  void SetDnsClient(std::unique_ptr<DnsClient> dns_client);
 
   // HostResolver methods:
   int Resolve(const RequestInfo& info,
@@ -140,10 +140,12 @@ class NET_EXPORT HostResolverImpl
   int ResolveFromCache(const RequestInfo& info,
                        AddressList* addresses,
                        const BoundNetLog& source_net_log) override;
+  void ChangeRequestPriority(RequestHandle req,
+                             RequestPriority priority) override;
   void CancelRequest(RequestHandle req) override;
   void SetDnsClientEnabled(bool enabled) override;
   HostCache* GetHostCache() override;
-  scoped_ptr<base::Value> GetDnsConfigAsValue() const override;
+  std::unique_ptr<base::Value> GetDnsConfigAsValue() const override;
 
   void set_proc_params_for_test(const ProcTaskParams& proc_params) {
     proc_params_ = proc_params;
@@ -266,13 +268,13 @@ class NET_EXPORT HostResolverImpl
   }
 
   // Cache of host resolution results.
-  scoped_ptr<HostCache> cache_;
+  std::unique_ptr<HostCache> cache_;
 
   // Map from HostCache::Key to a Job.
   JobMap jobs_;
 
   // Starts Jobs according to their priority and the configured limits.
-  scoped_ptr<PrioritizedDispatcher> dispatcher_;
+  std::unique_ptr<PrioritizedDispatcher> dispatcher_;
 
   // Limit on the maximum number of jobs queued in |dispatcher_|.
   size_t max_queued_jobs_;
@@ -283,7 +285,7 @@ class NET_EXPORT HostResolverImpl
   NetLog* net_log_;
 
   // If present, used by DnsTask and ServeFromHosts to resolve requests.
-  scoped_ptr<DnsClient> dns_client_;
+  std::unique_ptr<DnsClient> dns_client_;
 
   // True if received valid config from |dns_config_service_|. Temporary, used
   // to measure performance of DnsConfigService: http://crbug.com/125599
diff --git a/chromium/net/dns/host_resolver_impl_unittest.cc b/chromium/net/dns/host_resolver_impl_unittest.cc
index 4fc447423d6..ff840d9ddb3 100644
--- a/chromium/net/dns/host_resolver_impl_unittest.cc
+++ b/chromium/net/dns/host_resolver_impl_unittest.cc
@@ -5,6 +5,7 @@
 #include "net/dns/host_resolver_impl.h"
 
 #include <algorithm>
+#include <memory>
 #include <string>
 #include <tuple>
 #include <vector>
@@ -13,8 +14,8 @@
 #include "base/bind_helpers.h"
 #include "base/location.h"
 #include "base/macros.h"
+#include "base/memory/ptr_util.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/message_loop/message_loop.h"
 #include "base/run_loop.h"
 #include "base/single_thread_task_runner.h"
@@ -23,7 +24,7 @@
 #include "base/synchronization/condition_variable.h"
 #include "base/synchronization/lock.h"
 #include "base/test/test_timeouts.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/time/time.h"
 #include "net/base/address_list.h"
 #include "net/base/ip_address.h"
@@ -243,6 +244,13 @@ class Request {
     return resolver_->ResolveFromCache(info_, &list_, BoundNetLog());
   }
 
+  void ChangePriority(RequestPriority priority) {
+    DCHECK(resolver_);
+    DCHECK(handle_);
+    resolver_->ChangeRequestPriority(handle_, priority);
+    priority_ = priority;
+  }
+
   void Cancel() {
     DCHECK(resolver_);
     DCHECK(handle_);
@@ -514,7 +522,9 @@ class HostResolverImplTest : public testing::Test {
     Request* CreateRequest(const std::string& hostname) {
       return test->CreateRequest(hostname);
     }
-    std::vector<scoped_ptr<Request>>& requests() { return test->requests_; }
+    std::vector<std::unique_ptr<Request>>& requests() {
+      return test->requests_;
+    }
 
     void DeleteResolver() { test->resolver_.reset(); }
 
@@ -543,7 +553,7 @@ class HostResolverImplTest : public testing::Test {
   // not start until released by |proc_->SignalXXX|.
   Request* CreateRequest(const HostResolver::RequestInfo& info,
                          RequestPriority priority) {
-    requests_.push_back(make_scoped_ptr(new Request(
+    requests_.push_back(base::WrapUnique(new Request(
         info, priority, requests_.size(), resolver_.get(), handler_.get())));
     return requests_.back().get();
   }
@@ -596,10 +606,10 @@ class HostResolverImplTest : public testing::Test {
   }
 
   scoped_refptr<MockHostResolverProc> proc_;
-  scoped_ptr<HostResolverImpl> resolver_;
-  std::vector<scoped_ptr<Request>> requests_;
+  std::unique_ptr<HostResolverImpl> resolver_;
+  std::vector<std::unique_ptr<Request>> requests_;
 
-  scoped_ptr<Handler> handler_;
+  std::unique_ptr<Handler> handler_;
 };
 
 TEST_F(HostResolverImplTest, AsynchronousLookup) {
@@ -1188,6 +1198,41 @@ TEST_F(HostResolverImplTest, HigherPriorityRequestsStartedFirst) {
   EXPECT_EQ("req6", capture_list[6].hostname);
 }
 
+// Test that changing a job's priority affects the dequeueing order.
+TEST_F(HostResolverImplTest, ChangePriority) {
+  CreateSerialResolver();
+
+  CreateRequest("req0", 80, MEDIUM);
+  CreateRequest("req1", 80, LOW);
+  CreateRequest("req2", 80, LOWEST);
+
+  ASSERT_EQ(3u, requests_.size());
+
+  // req0 starts immediately; without ChangePriority, req1 and then req2 should
+  // run.
+  EXPECT_EQ(ERR_IO_PENDING, requests_[0]->Resolve());
+  EXPECT_EQ(ERR_IO_PENDING, requests_[1]->Resolve());
+  EXPECT_EQ(ERR_IO_PENDING, requests_[2]->Resolve());
+
+  // Changing req2 to HIGH should make it run before req1.
+  // (It can't run before req0, since req0 started immediately.)
+  requests_[2]->ChangePriority(HIGHEST);
+
+  // Let all 3 requests finish.
+  proc_->SignalMultiple(3u);
+
+  EXPECT_EQ(OK, requests_[0]->WaitForResult());
+  EXPECT_EQ(OK, requests_[1]->WaitForResult());
+  EXPECT_EQ(OK, requests_[2]->WaitForResult());
+
+  MockHostResolverProc::CaptureList capture_list = proc_->GetCaptureList();
+  ASSERT_EQ(3u, capture_list.size());
+
+  EXPECT_EQ("req0", capture_list[0].hostname);
+  EXPECT_EQ("req2", capture_list[1].hostname);
+  EXPECT_EQ("req1", capture_list[2].hostname);
+}
+
 // Try cancelling a job which has not started yet.
 TEST_F(HostResolverImplTest, CancelPendingRequest) {
   CreateSerialResolver();
@@ -1514,7 +1559,7 @@ class HostResolverImplDnsTest : public HostResolverImplTest {
     resolver_.reset(new TestHostResolverImpl(options, NULL));
     resolver_->set_proc_params_for_test(params);
     dns_client_ = new MockDnsClient(DnsConfig(), dns_rules_);
-    resolver_->SetDnsClient(scoped_ptr<DnsClient>(dns_client_));
+    resolver_->SetDnsClient(std::unique_ptr<DnsClient>(dns_client_));
   }
 
   // Adds a rule to |dns_rules_|. Must be followed by |CreateResolver| to apply.
@@ -1604,7 +1649,7 @@ TEST_F(HostResolverImplDnsTest, NoFallbackToProcTask) {
   // Simulate the case when the preference or policy has disabled the DNS client
   // causing AbortDnsTasks.
   resolver_->SetDnsClient(
-      scoped_ptr<DnsClient>(new MockDnsClient(DnsConfig(), dns_rules_)));
+      std::unique_ptr<DnsClient>(new MockDnsClient(DnsConfig(), dns_rules_)));
   ChangeDnsConfig(CreateValidDnsConfig());
 
   // First request is resolved by MockDnsClient, others should fail due to
@@ -1845,7 +1890,7 @@ TEST_F(HostResolverImplDnsTest, DualFamilyLocalhost) {
   resolver_->set_proc_params_for_test(DefaultParams(proc.get()));
 
   resolver_->SetDnsClient(
-      scoped_ptr<DnsClient>(new MockDnsClient(DnsConfig(), dns_rules_)));
+      std::unique_ptr<DnsClient>(new MockDnsClient(DnsConfig(), dns_rules_)));
 
   // Get the expected output.
   AddressList addrlist;
@@ -2205,7 +2250,7 @@ TEST_F(HostResolverImplDnsTest, ManuallyDisableDnsClientWithPendingRequests) {
 
   // Clear DnsClient.  The two in-progress jobs should fall back to a ProcTask,
   // and the next one should be started with a ProcTask.
-  resolver_->SetDnsClient(scoped_ptr<DnsClient>());
+  resolver_->SetDnsClient(std::unique_ptr<DnsClient>());
 
   // All three in-progress requests should now be running a ProcTask.
   EXPECT_EQ(3u, num_running_dispatcher_jobs());
diff --git a/chromium/net/dns/host_resolver_mojo.cc b/chromium/net/dns/host_resolver_mojo.cc
index 1daf6338fd4..42801461c0a 100644
--- a/chromium/net/dns/host_resolver_mojo.cc
+++ b/chromium/net/dns/host_resolver_mojo.cc
@@ -92,6 +92,11 @@ int HostResolverMojo::ResolveFromCache(const RequestInfo& info,
   return ResolveFromCacheInternal(info, CacheKeyForRequest(info), addresses);
 }
 
+void HostResolverMojo::ChangeRequestPriority(RequestHandle req,
+                                             RequestPriority priority) {
+  // Do nothing, since Resolve() discarded the priority anyway.
+}
+
 void HostResolverMojo::CancelRequest(RequestHandle req) {
   DCHECK(thread_checker_.CalledOnValidThread());
   // Deleting the Job closes the HostResolverRequestClient connection,
@@ -114,8 +119,8 @@ int HostResolverMojo::ResolveFromCacheInternal(const RequestInfo& info,
   if (!entry)
     return ERR_DNS_CACHE_MISS;
 
-  *addresses = AddressList::CopyWithPort(entry->addrlist, info.port());
-  return entry->error;
+  *addresses = AddressList::CopyWithPort(entry->addresses(), info.port());
+  return entry->error();
 }
 
 HostResolverMojo::Job::Job(
diff --git a/chromium/net/dns/host_resolver_mojo.h b/chromium/net/dns/host_resolver_mojo.h
index 905d6c944d2..08519d2fc42 100644
--- a/chromium/net/dns/host_resolver_mojo.h
+++ b/chromium/net/dns/host_resolver_mojo.h
@@ -32,6 +32,7 @@ class HostResolverMojo : public HostResolver {
   ~HostResolverMojo() override;
 
   // HostResolver overrides.
+  // Note: |Resolve()| currently ignores |priority|.
   int Resolve(const RequestInfo& info,
               RequestPriority priority,
               AddressList* addresses,
@@ -41,6 +42,8 @@ class HostResolverMojo : public HostResolver {
   int ResolveFromCache(const RequestInfo& info,
                        AddressList* addresses,
                        const BoundNetLog& source_net_log) override;
+  void ChangeRequestPriority(RequestHandle req,
+                             RequestPriority priority) override;
   void CancelRequest(RequestHandle req) override;
   HostCache* GetHostCache() override;
 
@@ -53,7 +56,7 @@ class HostResolverMojo : public HostResolver {
 
   Impl* const impl_;
 
-  scoped_ptr<HostCache> host_cache_;
+  std::unique_ptr<HostCache> host_cache_;
   base::WeakPtrFactory<HostCache> host_cache_weak_factory_;
 
   base::ThreadChecker thread_checker_;
diff --git a/chromium/net/dns/host_resolver_mojo_unittest.cc b/chromium/net/dns/host_resolver_mojo_unittest.cc
index a210d78303b..0c791a101f3 100644
--- a/chromium/net/dns/host_resolver_mojo_unittest.cc
+++ b/chromium/net/dns/host_resolver_mojo_unittest.cc
@@ -7,6 +7,7 @@
 #include <string>
 #include <utility>
 
+#include "base/memory/ptr_util.h"
 #include "mojo/public/cpp/bindings/binding.h"
 #include "net/base/address_list.h"
 #include "net/base/ip_address.h"
@@ -54,27 +55,27 @@ struct HostResolverAction {
     RETAIN,
   };
 
-  static scoped_ptr<HostResolverAction> ReturnError(Error error) {
-    scoped_ptr<HostResolverAction> result(new HostResolverAction);
+  static std::unique_ptr<HostResolverAction> ReturnError(Error error) {
+    std::unique_ptr<HostResolverAction> result(new HostResolverAction);
     result->error = error;
     return result;
   }
 
-  static scoped_ptr<HostResolverAction> ReturnResult(
+  static std::unique_ptr<HostResolverAction> ReturnResult(
       const AddressList& address_list) {
-    scoped_ptr<HostResolverAction> result(new HostResolverAction);
+    std::unique_ptr<HostResolverAction> result(new HostResolverAction);
     result->addresses = interfaces::AddressList::From(address_list);
     return result;
   }
 
-  static scoped_ptr<HostResolverAction> DropRequest() {
-    scoped_ptr<HostResolverAction> result(new HostResolverAction);
+  static std::unique_ptr<HostResolverAction> DropRequest() {
+    std::unique_ptr<HostResolverAction> result(new HostResolverAction);
     result->action = DROP;
     return result;
   }
 
-  static scoped_ptr<HostResolverAction> RetainRequest() {
-    scoped_ptr<HostResolverAction> result(new HostResolverAction);
+  static std::unique_ptr<HostResolverAction> RetainRequest() {
+    std::unique_ptr<HostResolverAction> result(new HostResolverAction);
     result->action = RETAIN;
     return result;
   }
@@ -90,7 +91,7 @@ class MockMojoHostResolver : public HostResolverMojo::Impl {
       const base::Closure& request_connection_error_callback);
   ~MockMojoHostResolver() override;
 
-  void AddAction(scoped_ptr<HostResolverAction> action);
+  void AddAction(std::unique_ptr<HostResolverAction> action);
 
   const mojo::Array<interfaces::HostResolverRequestInfoPtr>& requests() {
     return requests_received_;
@@ -100,11 +101,11 @@ class MockMojoHostResolver : public HostResolverMojo::Impl {
                   interfaces::HostResolverRequestClientPtr client) override;
 
  private:
-  std::vector<scoped_ptr<HostResolverAction>> actions_;
+  std::vector<std::unique_ptr<HostResolverAction>> actions_;
   size_t results_returned_ = 0;
   mojo::Array<interfaces::HostResolverRequestInfoPtr> requests_received_;
   const base::Closure request_connection_error_callback_;
-  std::vector<scoped_ptr<MockMojoHostResolverRequest>> requests_;
+  std::vector<std::unique_ptr<MockMojoHostResolverRequest>> requests_;
 };
 
 MockMojoHostResolver::MockMojoHostResolver(
@@ -116,7 +117,8 @@ MockMojoHostResolver::~MockMojoHostResolver() {
   EXPECT_EQ(results_returned_, actions_.size());
 }
 
-void MockMojoHostResolver::AddAction(scoped_ptr<HostResolverAction> action) {
+void MockMojoHostResolver::AddAction(
+    std::unique_ptr<HostResolverAction> action) {
   actions_.push_back(std::move(action));
 }
 
@@ -131,7 +133,7 @@ void MockMojoHostResolver::ResolveDns(
                            std::move(actions_[results_returned_]->addresses));
       break;
     case HostResolverAction::RETAIN:
-      requests_.push_back(make_scoped_ptr(new MockMojoHostResolverRequest(
+      requests_.push_back(base::WrapUnique(new MockMojoHostResolverRequest(
           std::move(client), request_connection_error_callback_)));
       break;
     case HostResolverAction::DROP:
@@ -166,9 +168,9 @@ class HostResolverMojoTest : public testing::Test {
         &request_handle, BoundNetLog()));
   }
 
-  scoped_ptr<MockMojoHostResolver> mock_resolver_;
+  std::unique_ptr<MockMojoHostResolver> mock_resolver_;
 
-  scoped_ptr<HostResolverMojo> resolver_;
+  std::unique_ptr<HostResolverMojo> resolver_;
 
   Waiter waiter_;
 };
diff --git a/chromium/net/dns/mapped_host_resolver.cc b/chromium/net/dns/mapped_host_resolver.cc
index 5474cc3defa..e102d502444 100644
--- a/chromium/net/dns/mapped_host_resolver.cc
+++ b/chromium/net/dns/mapped_host_resolver.cc
@@ -13,7 +13,7 @@
 
 namespace net {
 
-MappedHostResolver::MappedHostResolver(scoped_ptr<HostResolver> impl)
+MappedHostResolver::MappedHostResolver(std::unique_ptr<HostResolver> impl)
     : impl_(std::move(impl)) {}
 
 MappedHostResolver::~MappedHostResolver() {
@@ -56,7 +56,7 @@ HostCache* MappedHostResolver::GetHostCache() {
   return impl_->GetHostCache();
 }
 
-scoped_ptr<base::Value> MappedHostResolver::GetDnsConfigAsValue() const {
+std::unique_ptr<base::Value> MappedHostResolver::GetDnsConfigAsValue() const {
   return impl_->GetDnsConfigAsValue();
 }
 
diff --git a/chromium/net/dns/mapped_host_resolver.h b/chromium/net/dns/mapped_host_resolver.h
index b5b946002ec..20c249f7b09 100644
--- a/chromium/net/dns/mapped_host_resolver.h
+++ b/chromium/net/dns/mapped_host_resolver.h
@@ -5,9 +5,9 @@
 #ifndef NET_DNS_MAPPED_HOST_RESOLVER_H_
 #define NET_DNS_MAPPED_HOST_RESOLVER_H_
 
+#include <memory>
 #include <string>
 
-#include "base/memory/scoped_ptr.h"
 #include "net/base/host_mapping_rules.h"
 #include "net/base/net_export.h"
 #include "net/dns/host_resolver.h"
@@ -22,7 +22,7 @@ class NET_EXPORT MappedHostResolver : public HostResolver {
  public:
   // Creates a MappedHostResolver that forwards all of its requests through
   // |impl|.
-  explicit MappedHostResolver(scoped_ptr<HostResolver> impl);
+  explicit MappedHostResolver(std::unique_ptr<HostResolver> impl);
   ~MappedHostResolver() override;
 
   // Adds a rule to this mapper. The format of the rule can be one of:
@@ -57,14 +57,14 @@ class NET_EXPORT MappedHostResolver : public HostResolver {
   void CancelRequest(RequestHandle req) override;
   void SetDnsClientEnabled(bool enabled) override;
   HostCache* GetHostCache() override;
-  scoped_ptr<base::Value> GetDnsConfigAsValue() const override;
+  std::unique_ptr<base::Value> GetDnsConfigAsValue() const override;
 
  private:
   // Modify the request |info| according to |rules_|. Returns either OK or
   // the network error code that the hostname's resolution mapped to.
   int ApplyRules(RequestInfo* info) const;
 
-  scoped_ptr<HostResolver> impl_;
+  std::unique_ptr<HostResolver> impl_;
 
   HostMappingRules rules_;
 };
diff --git a/chromium/net/dns/mapped_host_resolver_unittest.cc b/chromium/net/dns/mapped_host_resolver_unittest.cc
index dd772ac4b8e..f7840047e96 100644
--- a/chromium/net/dns/mapped_host_resolver_unittest.cc
+++ b/chromium/net/dns/mapped_host_resolver_unittest.cc
@@ -25,14 +25,14 @@ std::string FirstAddress(const AddressList& address_list) {
 
 TEST(MappedHostResolverTest, Inclusion) {
   // Create a mock host resolver, with specific hostname to IP mappings.
-  scoped_ptr<MockHostResolver> resolver_impl(new MockHostResolver());
+  std::unique_ptr<MockHostResolver> resolver_impl(new MockHostResolver());
   resolver_impl->rules()->AddSimulatedFailure("*google.com");
   resolver_impl->rules()->AddRule("baz.com", "192.168.1.5");
   resolver_impl->rules()->AddRule("foo.com", "192.168.1.8");
   resolver_impl->rules()->AddRule("proxy", "192.168.1.11");
 
   // Create a remapped resolver that uses |resolver_impl|.
-  scoped_ptr<MappedHostResolver> resolver(
+  std::unique_ptr<MappedHostResolver> resolver(
       new MappedHostResolver(std::move(resolver_impl)));
 
   int rv;
@@ -101,12 +101,12 @@ TEST(MappedHostResolverTest, Inclusion) {
 // Tests that exclusions are respected.
 TEST(MappedHostResolverTest, Exclusion) {
   // Create a mock host resolver, with specific hostname to IP mappings.
-  scoped_ptr<MockHostResolver> resolver_impl(new MockHostResolver());
+  std::unique_ptr<MockHostResolver> resolver_impl(new MockHostResolver());
   resolver_impl->rules()->AddRule("baz", "192.168.1.5");
   resolver_impl->rules()->AddRule("www.google.com", "192.168.1.3");
 
   // Create a remapped resolver that uses |resolver_impl|.
-  scoped_ptr<MappedHostResolver> resolver(
+  std::unique_ptr<MappedHostResolver> resolver(
       new MappedHostResolver(std::move(resolver_impl)));
 
   int rv;
@@ -148,12 +148,12 @@ TEST(MappedHostResolverTest, Exclusion) {
 
 TEST(MappedHostResolverTest, SetRulesFromString) {
   // Create a mock host resolver, with specific hostname to IP mappings.
-  scoped_ptr<MockHostResolver> resolver_impl(new MockHostResolver());
+  std::unique_ptr<MockHostResolver> resolver_impl(new MockHostResolver());
   resolver_impl->rules()->AddRule("baz", "192.168.1.7");
   resolver_impl->rules()->AddRule("bar", "192.168.1.9");
 
   // Create a remapped resolver that uses |resolver_impl|.
-  scoped_ptr<MappedHostResolver> resolver(
+  std::unique_ptr<MappedHostResolver> resolver(
       new MappedHostResolver(std::move(resolver_impl)));
 
   int rv;
@@ -192,8 +192,8 @@ TEST(MappedHostResolverTest, SetRulesFromString) {
 
 // Parsing bad rules should silently discard the rule (and never crash).
 TEST(MappedHostResolverTest, ParseInvalidRules) {
-  scoped_ptr<MappedHostResolver> resolver(
-      new MappedHostResolver(scoped_ptr<HostResolver>()));
+  std::unique_ptr<MappedHostResolver> resolver(
+      new MappedHostResolver(std::unique_ptr<HostResolver>()));
 
   EXPECT_FALSE(resolver->AddRuleFromString("xyz"));
   EXPECT_FALSE(resolver->AddRuleFromString(std::string()));
@@ -207,10 +207,10 @@ TEST(MappedHostResolverTest, ParseInvalidRules) {
 
 // Test mapping hostnames to resolving failures.
 TEST(MappedHostResolverTest, MapToError) {
-  scoped_ptr<MockHostResolver> resolver_impl(new MockHostResolver());
+  std::unique_ptr<MockHostResolver> resolver_impl(new MockHostResolver());
   resolver_impl->rules()->AddRule("*", "192.168.1.5");
 
-  scoped_ptr<MappedHostResolver> resolver(
+  std::unique_ptr<MappedHostResolver> resolver(
       new MappedHostResolver(std::move(resolver_impl)));
 
   int rv;
diff --git a/chromium/net/dns/mdns_cache.cc b/chromium/net/dns/mdns_cache.cc
index 2c57828ba72..308027a7c6b 100644
--- a/chromium/net/dns/mdns_cache.cc
+++ b/chromium/net/dns/mdns_cache.cc
@@ -76,7 +76,7 @@ const RecordParsed* MDnsCache::LookupKey(const Key& key) {
 }
 
 MDnsCache::UpdateType MDnsCache::UpdateDnsRecord(
-    scoped_ptr<const RecordParsed> record) {
+    std::unique_ptr<const RecordParsed> record) {
   Key cache_key = Key::CreateFor(record.get());
 
   // Ignore "goodbye" packets for records not in cache.
@@ -154,18 +154,18 @@ void MDnsCache::FindDnsRecords(unsigned type,
   }
 }
 
-scoped_ptr<const RecordParsed> MDnsCache::RemoveRecord(
+std::unique_ptr<const RecordParsed> MDnsCache::RemoveRecord(
     const RecordParsed* record) {
   Key key = Key::CreateFor(record);
   RecordMap::iterator found = mdns_cache_.find(key);
 
   if (found != mdns_cache_.end() && found->second.get() == record) {
-    scoped_ptr<const RecordParsed> result = std::move(found->second);
+    std::unique_ptr<const RecordParsed> result = std::move(found->second);
     mdns_cache_.erase(key);
     return result;
   }
 
-  return scoped_ptr<const RecordParsed>();
+  return std::unique_ptr<const RecordParsed>();
 }
 
 // static
diff --git a/chromium/net/dns/mdns_cache.h b/chromium/net/dns/mdns_cache.h
index 38f121a9ef3..a2d3d0fc0e5 100644
--- a/chromium/net/dns/mdns_cache.h
+++ b/chromium/net/dns/mdns_cache.h
@@ -6,12 +6,12 @@
 #define NET_DNS_MDNS_CACHE_H_
 
 #include <map>
+#include <memory>
 #include <string>
 #include <vector>
 
 #include "base/callback.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/time/time.h"
 #include "net/base/net_export.h"
 
@@ -66,7 +66,7 @@ class NET_EXPORT_PRIVATE MDnsCache {
   // Return value indicates whether the record was added, changed
   // (existed previously with different value) or not changed (existed
   // previously with same value).
-  UpdateType UpdateDnsRecord(scoped_ptr<const RecordParsed> record);
+  UpdateType UpdateDnsRecord(std::unique_ptr<const RecordParsed> record);
 
   // Check cache for record with key |key|. Return the record if it exists, or
   // NULL if it doesn't.
@@ -91,10 +91,10 @@ class NET_EXPORT_PRIVATE MDnsCache {
 
   // Remove a record from the cache.  Returns a scoped version of the pointer
   // passed in if it was removed, scoped null otherwise.
-  scoped_ptr<const RecordParsed> RemoveRecord(const RecordParsed* record);
+  std::unique_ptr<const RecordParsed> RemoveRecord(const RecordParsed* record);
 
  private:
-  typedef std::map<Key, scoped_ptr<const RecordParsed>> RecordMap;
+  typedef std::map<Key, std::unique_ptr<const RecordParsed>> RecordMap;
 
   // Get the effective expiration of a cache entry, based on its creation time
   // and TTL. Does adjustments so entries with a TTL of zero will have a
diff --git a/chromium/net/dns/mdns_cache_unittest.cc b/chromium/net/dns/mdns_cache_unittest.cc
index 0659e4f97c8..1d8ceef401e 100644
--- a/chromium/net/dns/mdns_cache_unittest.cc
+++ b/chromium/net/dns/mdns_cache_unittest.cc
@@ -122,8 +122,8 @@ TEST_F(MDnsCacheTest, InsertLookupSingle) {
                          sizeof(dns_protocol::Header));
   parser.SkipQuestion();
 
-  scoped_ptr<const RecordParsed> record1;
-  scoped_ptr<const RecordParsed> record2;
+  std::unique_ptr<const RecordParsed> record1;
+  std::unique_ptr<const RecordParsed> record2;
   std::vector<const RecordParsed*> results;
 
   record1 = RecordParsed::CreateFrom(&parser, default_time_);
@@ -153,8 +153,8 @@ TEST_F(MDnsCacheTest, Expiration) {
   DnsRecordParser parser(kT1ResponseDatagram, sizeof(kT1ResponseDatagram),
                          sizeof(dns_protocol::Header));
   parser.SkipQuestion();
-  scoped_ptr<const RecordParsed> record1;
-  scoped_ptr<const RecordParsed> record2;
+  std::unique_ptr<const RecordParsed> record1;
+  std::unique_ptr<const RecordParsed> record2;
 
   std::vector<const RecordParsed*> results;
   const RecordParsed* record_to_be_deleted;
@@ -204,8 +204,8 @@ TEST_F(MDnsCacheTest, RecordChange) {
                          sizeof(kTestResponsesDifferentAnswers),
                          0);
 
-  scoped_ptr<const RecordParsed> record1;
-  scoped_ptr<const RecordParsed> record2;
+  std::unique_ptr<const RecordParsed> record1;
+  std::unique_ptr<const RecordParsed> record2;
   std::vector<const RecordParsed*> results;
 
   record1 = RecordParsed::CreateFrom(&parser, default_time_);
@@ -223,8 +223,8 @@ TEST_F(MDnsCacheTest, RecordNoChange) {
                          sizeof(kTestResponsesSameAnswers),
                          0);
 
-  scoped_ptr<const RecordParsed> record1;
-  scoped_ptr<const RecordParsed> record2;
+  std::unique_ptr<const RecordParsed> record1;
+  std::unique_ptr<const RecordParsed> record2;
   std::vector<const RecordParsed*> results;
 
   record1 = RecordParsed::CreateFrom(&parser, default_time_);
@@ -242,8 +242,8 @@ TEST_F(MDnsCacheTest, RecordPreemptExpirationTime) {
                          sizeof(kTestResponsesSameAnswers),
                          0);
 
-  scoped_ptr<const RecordParsed> record1;
-  scoped_ptr<const RecordParsed> record2;
+  std::unique_ptr<const RecordParsed> record1;
+  std::unique_ptr<const RecordParsed> record2;
   std::vector<const RecordParsed*> results;
 
   record1 = RecordParsed::CreateFrom(&parser, default_time_);
@@ -266,9 +266,9 @@ TEST_F(MDnsCacheTest, GoodbyePacket) {
                          sizeof(kTestResponsesGoodbyePacket),
                          0);
 
-  scoped_ptr<const RecordParsed> record_goodbye;
-  scoped_ptr<const RecordParsed> record_hello;
-  scoped_ptr<const RecordParsed> record_goodbye2;
+  std::unique_ptr<const RecordParsed> record_goodbye;
+  std::unique_ptr<const RecordParsed> record_hello;
+  std::unique_ptr<const RecordParsed> record_goodbye2;
   std::vector<const RecordParsed*> results;
 
   record_goodbye = RecordParsed::CreateFrom(&parser, default_time_);
@@ -298,8 +298,8 @@ TEST_F(MDnsCacheTest, AnyRRType) {
                          sizeof(kTestResponseTwoRecords),
                          0);
 
-  scoped_ptr<const RecordParsed> record1;
-  scoped_ptr<const RecordParsed> record2;
+  std::unique_ptr<const RecordParsed> record1;
+  std::unique_ptr<const RecordParsed> record2;
   std::vector<const RecordParsed*> results;
 
   record1 = RecordParsed::CreateFrom(&parser, default_time_);
@@ -325,7 +325,7 @@ TEST_F(MDnsCacheTest, RemoveRecord) {
                          sizeof(dns_protocol::Header));
   parser.SkipQuestion();
 
-  scoped_ptr<const RecordParsed> record1;
+  std::unique_ptr<const RecordParsed> record1;
   std::vector<const RecordParsed*> results;
 
   record1 = RecordParsed::CreateFrom(&parser, default_time_);
@@ -336,7 +336,7 @@ TEST_F(MDnsCacheTest, RemoveRecord) {
 
   EXPECT_EQ(1u, results.size());
 
-  scoped_ptr<const RecordParsed> record_out =
+  std::unique_ptr<const RecordParsed> record_out =
       cache_.RemoveRecord(results.front());
 
   EXPECT_EQ(record_out.get(), results.front());
diff --git a/chromium/net/dns/mdns_client.cc b/chromium/net/dns/mdns_client.cc
index f72d9c2d2b8..6add12c4fed 100644
--- a/chromium/net/dns/mdns_client.cc
+++ b/chromium/net/dns/mdns_client.cc
@@ -44,13 +44,13 @@ int Bind(const IPEndPoint& multicast_addr,
 }  // namespace
 
 // static
-scoped_ptr<MDnsSocketFactory> MDnsSocketFactory::CreateDefault() {
-  return scoped_ptr<MDnsSocketFactory>(new MDnsSocketFactoryImpl);
+std::unique_ptr<MDnsSocketFactory> MDnsSocketFactory::CreateDefault() {
+  return std::unique_ptr<MDnsSocketFactory>(new MDnsSocketFactoryImpl);
 }
 
 // static
-scoped_ptr<MDnsClient> MDnsClient::CreateDefault() {
-  return scoped_ptr<MDnsClient>(new MDnsClientImpl());
+std::unique_ptr<MDnsClient> MDnsClient::CreateDefault() {
+  return std::unique_ptr<MDnsClient>(new MDnsClientImpl());
 }
 
 IPEndPoint GetMDnsIPEndPoint(AddressFamily address_family) {
@@ -84,10 +84,10 @@ InterfaceIndexFamilyList GetMDnsInterfacesToBind() {
   return interfaces;
 }
 
-scoped_ptr<DatagramServerSocket> CreateAndBindMDnsSocket(
+std::unique_ptr<DatagramServerSocket> CreateAndBindMDnsSocket(
     AddressFamily address_family,
     uint32_t interface_index) {
-  scoped_ptr<DatagramServerSocket> socket(
+  std::unique_ptr<DatagramServerSocket> socket(
       new UDPServerSocket(NULL, NetLog::Source()));
 
   IPEndPoint multicast_addr = GetMDnsIPEndPoint(address_family);
diff --git a/chromium/net/dns/mdns_client.h b/chromium/net/dns/mdns_client.h
index 279aa6d8d17..8d2e6597809 100644
--- a/chromium/net/dns/mdns_client.h
+++ b/chromium/net/dns/mdns_client.h
@@ -7,11 +7,11 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 #include <vector>
 
 #include "base/callback.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/ip_endpoint.h"
 #include "net/dns/dns_query.h"
 #include "net/dns/dns_response.h"
@@ -132,9 +132,9 @@ class NET_EXPORT MDnsSocketFactory {
  public:
   virtual ~MDnsSocketFactory() {}
   virtual void CreateSockets(
-      std::vector<scoped_ptr<DatagramServerSocket>>* sockets) = 0;
+      std::vector<std::unique_ptr<DatagramServerSocket>>* sockets) = 0;
 
-  static scoped_ptr<MDnsSocketFactory> CreateDefault();
+  static std::unique_ptr<MDnsSocketFactory> CreateDefault();
 };
 
 // Listens for Multicast DNS on the local network. You can access information
@@ -147,7 +147,7 @@ class NET_EXPORT MDnsClient {
   virtual ~MDnsClient() {}
 
   // Create listener object for RRType |rrtype| and name |name|.
-  virtual scoped_ptr<MDnsListener> CreateListener(
+  virtual std::unique_ptr<MDnsListener> CreateListener(
       uint16_t rrtype,
       const std::string& name,
       MDnsListener::Delegate* delegate) = 0;
@@ -155,7 +155,7 @@ class NET_EXPORT MDnsClient {
   // Create a transaction that can be used to query either the MDns cache, the
   // network, or both for records of type |rrtype| and name |name|. |flags| is
   // defined by MDnsTransactionFlags.
-  virtual scoped_ptr<MDnsTransaction> CreateTransaction(
+  virtual std::unique_ptr<MDnsTransaction> CreateTransaction(
       uint16_t rrtype,
       const std::string& name,
       int flags,
@@ -169,7 +169,7 @@ class NET_EXPORT MDnsClient {
   virtual bool IsListening() const = 0;
 
   // Create the default MDnsClient
-  static scoped_ptr<MDnsClient> CreateDefault();
+  static std::unique_ptr<MDnsClient> CreateDefault();
 };
 
 NET_EXPORT IPEndPoint GetMDnsIPEndPoint(AddressFamily address_family);
@@ -183,7 +183,7 @@ NET_EXPORT InterfaceIndexFamilyList GetMDnsInterfacesToBind();
 // Create sockets, binds socket to MDns endpoint, and sets multicast interface
 // and joins multicast group on for |interface_index|.
 // Returns NULL if failed.
-NET_EXPORT scoped_ptr<DatagramServerSocket> CreateAndBindMDnsSocket(
+NET_EXPORT std::unique_ptr<DatagramServerSocket> CreateAndBindMDnsSocket(
     AddressFamily address_family,
     uint32_t interface_index);
 
diff --git a/chromium/net/dns/mdns_client_impl.cc b/chromium/net/dns/mdns_client_impl.cc
index cb717fc44b4..346b7bc702d 100644
--- a/chromium/net/dns/mdns_client_impl.cc
+++ b/chromium/net/dns/mdns_client_impl.cc
@@ -10,9 +10,10 @@
 
 #include "base/bind.h"
 #include "base/location.h"
+#include "base/memory/ptr_util.h"
 #include "base/single_thread_task_runner.h"
 #include "base/stl_util.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/time/clock.h"
 #include "base/time/default_clock.h"
 #include "base/time/time.h"
@@ -45,12 +46,12 @@ const double kListenerRefreshRatio2 = 0.95;
 }  // namespace
 
 void MDnsSocketFactoryImpl::CreateSockets(
-    std::vector<scoped_ptr<DatagramServerSocket>>* sockets) {
+    std::vector<std::unique_ptr<DatagramServerSocket>>* sockets) {
   InterfaceIndexFamilyList interfaces(GetMDnsInterfacesToBind());
   for (size_t i = 0; i < interfaces.size(); ++i) {
     DCHECK(interfaces[i].second == ADDRESS_FAMILY_IPV4 ||
            interfaces[i].second == ADDRESS_FAMILY_IPV6);
-    scoped_ptr<DatagramServerSocket> socket(
+    std::unique_ptr<DatagramServerSocket> socket(
         CreateAndBindMDnsSocket(interfaces[i].second, interfaces[i].first));
     if (socket)
       sockets->push_back(std::move(socket));
@@ -58,7 +59,7 @@ void MDnsSocketFactoryImpl::CreateSockets(
 }
 
 MDnsConnection::SocketHandler::SocketHandler(
-    scoped_ptr<DatagramServerSocket> socket,
+    std::unique_ptr<DatagramServerSocket> socket,
     MDnsConnection* connection)
     : socket_(std::move(socket)),
       connection_(connection),
@@ -142,11 +143,11 @@ MDnsConnection::~MDnsConnection() {
 }
 
 bool MDnsConnection::Init(MDnsSocketFactory* socket_factory) {
-  std::vector<scoped_ptr<DatagramServerSocket>> sockets;
+  std::vector<std::unique_ptr<DatagramServerSocket>> sockets;
   socket_factory->CreateSockets(&sockets);
 
-  for (scoped_ptr<DatagramServerSocket>& socket : sockets) {
-    socket_handlers_.push_back(make_scoped_ptr(
+  for (std::unique_ptr<DatagramServerSocket>& socket : sockets) {
+    socket_handlers_.push_back(base::WrapUnique(
         new MDnsConnection::SocketHandler(std::move(socket), this)));
   }
 
@@ -168,7 +169,7 @@ bool MDnsConnection::Init(MDnsSocketFactory* socket_factory) {
 
 void MDnsConnection::Send(const scoped_refptr<IOBuffer>& buffer,
                           unsigned size) {
-  for (scoped_ptr<SocketHandler>& handler : socket_handlers_)
+  for (std::unique_ptr<SocketHandler>& handler : socket_handlers_)
     handler->Send(buffer, size);
 }
 
@@ -250,7 +251,7 @@ void MDnsClientImpl::Core::HandlePacket(DnsResponse* response,
 
   for (unsigned i = 0; i < answer_count; i++) {
     offset = parser.GetOffset();
-    scoped_ptr<const RecordParsed> record =
+    std::unique_ptr<const RecordParsed> record =
         RecordParsed::CreateFrom(&parser, clock_->Now());
 
     if (!record) {
@@ -311,7 +312,8 @@ void MDnsClientImpl::Core::NotifyNsecRecord(const RecordParsed* record) {
     if ((*i)->type() == dns_protocol::kTypeNSEC)
       continue;
     if (!rdata->GetBit((*i)->type())) {
-      scoped_ptr<const RecordParsed> record_removed = cache_.RemoveRecord((*i));
+      std::unique_ptr<const RecordParsed> record_removed =
+          cache_.RemoveRecord((*i));
       DCHECK(record_removed);
       OnRecordRemoved(record_removed.get());
     }
@@ -432,8 +434,8 @@ MDnsClientImpl::MDnsClientImpl()
       cleanup_timer_(new base::Timer(false, false)) {
 }
 
-MDnsClientImpl::MDnsClientImpl(scoped_ptr<base::Clock> clock,
-                               scoped_ptr<base::Timer> timer)
+MDnsClientImpl::MDnsClientImpl(std::unique_ptr<base::Clock> clock,
+                               std::unique_ptr<base::Timer> timer)
     : clock_(std::move(clock)), cleanup_timer_(std::move(timer)) {}
 
 MDnsClientImpl::~MDnsClientImpl() {
@@ -457,20 +459,20 @@ bool MDnsClientImpl::IsListening() const {
   return core_.get() != NULL;
 }
 
-scoped_ptr<MDnsListener> MDnsClientImpl::CreateListener(
+std::unique_ptr<MDnsListener> MDnsClientImpl::CreateListener(
     uint16_t rrtype,
     const std::string& name,
     MDnsListener::Delegate* delegate) {
-  return scoped_ptr<MDnsListener>(
+  return std::unique_ptr<MDnsListener>(
       new MDnsListenerImpl(rrtype, name, clock_.get(), delegate, this));
 }
 
-scoped_ptr<MDnsTransaction> MDnsClientImpl::CreateTransaction(
+std::unique_ptr<MDnsTransaction> MDnsClientImpl::CreateTransaction(
     uint16_t rrtype,
     const std::string& name,
     int flags,
     const MDnsTransaction::ResultCallback& callback) {
-  return scoped_ptr<MDnsTransaction>(
+  return std::unique_ptr<MDnsTransaction>(
       new MDnsTransactionImpl(rrtype, name, flags, callback, this));
 }
 
diff --git a/chromium/net/dns/mdns_client_impl.h b/chromium/net/dns/mdns_client_impl.h
index 16a216e8b3a..9db82b0d6d3 100644
--- a/chromium/net/dns/mdns_client_impl.h
+++ b/chromium/net/dns/mdns_client_impl.h
@@ -8,6 +8,7 @@
 #include <stdint.h>
 
 #include <map>
+#include <memory>
 #include <queue>
 #include <string>
 #include <utility>
@@ -16,7 +17,6 @@
 #include "base/cancelable_callback.h"
 #include "base/gtest_prod_util.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/observer_list.h"
 #include "net/base/io_buffer.h"
 #include "net/base/ip_endpoint.h"
@@ -39,7 +39,7 @@ class MDnsSocketFactoryImpl : public MDnsSocketFactory {
   ~MDnsSocketFactoryImpl() override{};
 
   void CreateSockets(
-      std::vector<scoped_ptr<DatagramServerSocket>>* sockets) override;
+      std::vector<std::unique_ptr<DatagramServerSocket>>* sockets) override;
 
  private:
   DISALLOW_COPY_AND_ASSIGN(MDnsSocketFactoryImpl);
@@ -67,7 +67,7 @@ class NET_EXPORT_PRIVATE MDnsConnection {
  private:
   class SocketHandler {
    public:
-    SocketHandler(scoped_ptr<DatagramServerSocket> socket,
+    SocketHandler(std::unique_ptr<DatagramServerSocket> socket,
                   MDnsConnection* connection);
     ~SocketHandler();
 
@@ -81,7 +81,7 @@ class NET_EXPORT_PRIVATE MDnsConnection {
     // Callback for when sending a query has finished.
     void SendDone(int rv);
 
-    scoped_ptr<DatagramServerSocket> socket_;
+    std::unique_ptr<DatagramServerSocket> socket_;
     MDnsConnection* connection_;
     IPEndPoint recv_addr_;
     DnsResponse response_;
@@ -101,7 +101,7 @@ class NET_EXPORT_PRIVATE MDnsConnection {
   void OnError(int rv);
 
   // Only socket handlers which successfully bound and started are kept.
-  std::vector<scoped_ptr<SocketHandler>> socket_handlers_;
+  std::vector<std::unique_ptr<SocketHandler>> socket_handlers_;
 
   Delegate* delegate_;
 
@@ -177,7 +177,7 @@ class NET_EXPORT_PRIVATE MDnsClientImpl : public MDnsClient {
     base::Timer* cleanup_timer_;
     base::Time scheduled_cleanup_;
 
-    scoped_ptr<MDnsConnection> connection_;
+    std::unique_ptr<MDnsConnection> connection_;
 
     DISALLOW_COPY_AND_ASSIGN(Core);
   };
@@ -186,12 +186,12 @@ class NET_EXPORT_PRIVATE MDnsClientImpl : public MDnsClient {
   ~MDnsClientImpl() override;
 
   // MDnsClient implementation:
-  scoped_ptr<MDnsListener> CreateListener(
+  std::unique_ptr<MDnsListener> CreateListener(
       uint16_t rrtype,
       const std::string& name,
       MDnsListener::Delegate* delegate) override;
 
-  scoped_ptr<MDnsTransaction> CreateTransaction(
+  std::unique_ptr<MDnsTransaction> CreateTransaction(
       uint16_t rrtype,
       const std::string& name,
       int flags,
@@ -207,12 +207,12 @@ class NET_EXPORT_PRIVATE MDnsClientImpl : public MDnsClient {
   FRIEND_TEST_ALL_PREFIXES(MDnsTest, CacheCleanupWithShortTTL);
 
   // Test constructor, takes a mock clock and mock timer.
-  MDnsClientImpl(scoped_ptr<base::Clock> clock,
-                 scoped_ptr<base::Timer> cleanup_timer);
+  MDnsClientImpl(std::unique_ptr<base::Clock> clock,
+                 std::unique_ptr<base::Timer> cleanup_timer);
 
-  scoped_ptr<Core> core_;
-  scoped_ptr<base::Clock> clock_;
-  scoped_ptr<base::Timer> cleanup_timer_;
+  std::unique_ptr<Core> core_;
+  std::unique_ptr<base::Clock> clock_;
+  std::unique_ptr<base::Timer> cleanup_timer_;
 
   DISALLOW_COPY_AND_ASSIGN(MDnsClientImpl);
 };
@@ -318,7 +318,7 @@ class MDnsTransactionImpl : public base::SupportsWeakPtr<MDnsTransactionImpl>,
   std::string name_;
   MDnsTransaction::ResultCallback callback_;
 
-  scoped_ptr<MDnsListener> listener_;
+  std::unique_ptr<MDnsListener> listener_;
   base::CancelableCallback<void()> timeout_;
 
   MDnsClientImpl* client_;
diff --git a/chromium/net/dns/mdns_client_unittest.cc b/chromium/net/dns/mdns_client_unittest.cc
index b8f38cffac1..d0e6dfb6adc 100644
--- a/chromium/net/dns/mdns_client_unittest.cc
+++ b/chromium/net/dns/mdns_client_unittest.cc
@@ -2,16 +2,17 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include <memory>
 #include <queue>
 #include <vector>
 
 #include "base/location.h"
 #include "base/macros.h"
+#include "base/memory/ptr_util.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/message_loop/message_loop.h"
 #include "base/single_thread_task_runner.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/time/clock.h"
 #include "base/time/default_clock.h"
 #include "base/timer/mock_timer.h"
@@ -415,15 +416,15 @@ class MDnsTest : public ::testing::Test {
   void ExpectPacket(const uint8_t* packet, unsigned size);
   void SimulatePacketReceive(const uint8_t* packet, unsigned size);
 
-  scoped_ptr<MDnsClientImpl> test_client_;
+  std::unique_ptr<MDnsClientImpl> test_client_;
   IPEndPoint mdns_ipv4_endpoint_;
   StrictMock<MockMDnsSocketFactory> socket_factory_;
 
   // Transactions and listeners that can be deleted by class methods for
   // reentrancy tests.
-  scoped_ptr<MDnsTransaction> transaction_;
-  scoped_ptr<MDnsListener> listener1_;
-  scoped_ptr<MDnsListener> listener2_;
+  std::unique_ptr<MDnsTransaction> transaction_;
+  std::unique_ptr<MDnsListener> listener1_;
+  std::unique_ptr<MDnsListener> listener2_;
 };
 
 class MockListenerDelegate : public MDnsListener::Delegate {
@@ -479,9 +480,9 @@ TEST_F(MDnsTest, PassiveListeners) {
   PtrRecordCopyContainer record_privet;
   PtrRecordCopyContainer record_printer;
 
-  scoped_ptr<MDnsListener> listener_privet = test_client_->CreateListener(
+  std::unique_ptr<MDnsListener> listener_privet = test_client_->CreateListener(
       dns_protocol::kTypePTR, "_privet._tcp.local", &delegate_privet);
-  scoped_ptr<MDnsListener> listener_printer = test_client_->CreateListener(
+  std::unique_ptr<MDnsListener> listener_printer = test_client_->CreateListener(
       dns_protocol::kTypePTR, "_printer._tcp.local", &delegate_printer);
 
   ASSERT_TRUE(listener_privet->Start());
@@ -521,7 +522,7 @@ TEST_F(MDnsTest, PassiveListenersCacheCleanup) {
   PtrRecordCopyContainer record_privet;
   PtrRecordCopyContainer record_privet2;
 
-  scoped_ptr<MDnsListener> listener_privet = test_client_->CreateListener(
+  std::unique_ptr<MDnsListener> listener_privet = test_client_->CreateListener(
       dns_protocol::kTypePTR, "_privet._tcp.local", &delegate_privet);
 
   ASSERT_TRUE(listener_privet->Start());
@@ -561,7 +562,7 @@ TEST_F(MDnsTest, CacheCleanupWithShortTTL) {
   MockTimer* timer = new MockTimer;
 
   test_client_.reset(
-      new MDnsClientImpl(make_scoped_ptr(clock), make_scoped_ptr(timer)));
+      new MDnsClientImpl(base::WrapUnique(clock), base::WrapUnique(timer)));
   test_client_->StartListening(&socket_factory_);
 
   EXPECT_CALL(*timer, StartObserver(_, _, _)).Times(1);
@@ -579,9 +580,9 @@ TEST_F(MDnsTest, CacheCleanupWithShortTTL) {
   PtrRecordCopyContainer record_privet;
   PtrRecordCopyContainer record_printer;
 
-  scoped_ptr<MDnsListener> listener_privet = test_client_->CreateListener(
+  std::unique_ptr<MDnsListener> listener_privet = test_client_->CreateListener(
       dns_protocol::kTypePTR, "_privet._tcp.local", &delegate_privet);
-  scoped_ptr<MDnsListener> listener_printer = test_client_->CreateListener(
+  std::unique_ptr<MDnsListener> listener_printer = test_client_->CreateListener(
       dns_protocol::kTypePTR, "_printer._tcp.local", &delegate_printer);
 
   ASSERT_TRUE(listener_privet->Start());
@@ -617,7 +618,7 @@ TEST_F(MDnsTest, MalformedPacket) {
 
   PtrRecordCopyContainer record_printer;
 
-  scoped_ptr<MDnsListener> listener_printer = test_client_->CreateListener(
+  std::unique_ptr<MDnsListener> listener_printer = test_client_->CreateListener(
       dns_protocol::kTypePTR, "_printer._tcp.local", &delegate_printer);
 
   ASSERT_TRUE(listener_printer->Start());
@@ -647,7 +648,7 @@ TEST_F(MDnsTest, MalformedPacket) {
 TEST_F(MDnsTest, TransactionWithEmptyCache) {
   ExpectPacket(kQueryPacketPrivet, sizeof(kQueryPacketPrivet));
 
-  scoped_ptr<MDnsTransaction> transaction_privet =
+  std::unique_ptr<MDnsTransaction> transaction_privet =
       test_client_->CreateTransaction(
           dns_protocol::kTypePTR, "_privet._tcp.local",
           MDnsTransaction::QUERY_NETWORK | MDnsTransaction::QUERY_CACHE |
@@ -671,7 +672,7 @@ TEST_F(MDnsTest, TransactionWithEmptyCache) {
 }
 
 TEST_F(MDnsTest, TransactionCacheOnlyNoResult) {
-  scoped_ptr<MDnsTransaction> transaction_privet =
+  std::unique_ptr<MDnsTransaction> transaction_privet =
       test_client_->CreateTransaction(
           dns_protocol::kTypePTR, "_privet._tcp.local",
           MDnsTransaction::QUERY_CACHE | MDnsTransaction::SINGLE_RESULT,
@@ -688,8 +689,10 @@ TEST_F(MDnsTest, TransactionCacheOnlyNoResult) {
 TEST_F(MDnsTest, TransactionWithCache) {
   // Listener to force the client to listen
   StrictMock<MockListenerDelegate> delegate_irrelevant;
-  scoped_ptr<MDnsListener> listener_irrelevant = test_client_->CreateListener(
-      dns_protocol::kTypeA, "codereview.chromium.local", &delegate_irrelevant);
+  std::unique_ptr<MDnsListener> listener_irrelevant =
+      test_client_->CreateListener(dns_protocol::kTypeA,
+                                   "codereview.chromium.local",
+                                   &delegate_irrelevant);
 
   ASSERT_TRUE(listener_irrelevant->Start());
 
@@ -702,7 +705,7 @@ TEST_F(MDnsTest, TransactionWithCache) {
       .WillOnce(Invoke(&record_privet,
                        &PtrRecordCopyContainer::SaveWithDummyArg));
 
-  scoped_ptr<MDnsTransaction> transaction_privet =
+  std::unique_ptr<MDnsTransaction> transaction_privet =
       test_client_->CreateTransaction(
           dns_protocol::kTypePTR, "_privet._tcp.local",
           MDnsTransaction::QUERY_NETWORK | MDnsTransaction::QUERY_CACHE |
@@ -721,7 +724,7 @@ TEST_F(MDnsTest, AdditionalRecords) {
 
   PtrRecordCopyContainer record_privet;
 
-  scoped_ptr<MDnsListener> listener_privet = test_client_->CreateListener(
+  std::unique_ptr<MDnsListener> listener_privet = test_client_->CreateListener(
       dns_protocol::kTypePTR, "_privet._tcp.local", &delegate_privet);
 
   ASSERT_TRUE(listener_privet->Start());
@@ -742,7 +745,7 @@ TEST_F(MDnsTest, AdditionalRecords) {
 TEST_F(MDnsTest, TransactionTimeout) {
   ExpectPacket(kQueryPacketPrivet, sizeof(kQueryPacketPrivet));
 
-  scoped_ptr<MDnsTransaction> transaction_privet =
+  std::unique_ptr<MDnsTransaction> transaction_privet =
       test_client_->CreateTransaction(
           dns_protocol::kTypePTR, "_privet._tcp.local",
           MDnsTransaction::QUERY_NETWORK | MDnsTransaction::QUERY_CACHE |
@@ -763,7 +766,7 @@ TEST_F(MDnsTest, TransactionTimeout) {
 TEST_F(MDnsTest, TransactionMultipleRecords) {
   ExpectPacket(kQueryPacketPrivet, sizeof(kQueryPacketPrivet));
 
-  scoped_ptr<MDnsTransaction> transaction_privet =
+  std::unique_ptr<MDnsTransaction> transaction_privet =
       test_client_->CreateTransaction(
           dns_protocol::kTypePTR, "_privet._tcp.local",
           MDnsTransaction::QUERY_NETWORK | MDnsTransaction::QUERY_CACHE,
@@ -821,8 +824,10 @@ TEST_F(MDnsTest, TransactionReentrantDelete) {
 
 TEST_F(MDnsTest, TransactionReentrantDeleteFromCache) {
   StrictMock<MockListenerDelegate> delegate_irrelevant;
-  scoped_ptr<MDnsListener> listener_irrelevant = test_client_->CreateListener(
-      dns_protocol::kTypeA, "codereview.chromium.local", &delegate_irrelevant);
+  std::unique_ptr<MDnsListener> listener_irrelevant =
+      test_client_->CreateListener(dns_protocol::kTypeA,
+                                   "codereview.chromium.local",
+                                   &delegate_irrelevant);
   ASSERT_TRUE(listener_irrelevant->Start());
 
   SimulatePacketReceive(kSamplePacket1, sizeof(kSamplePacket1));
@@ -844,16 +849,20 @@ TEST_F(MDnsTest, TransactionReentrantDeleteFromCache) {
 TEST_F(MDnsTest, TransactionReentrantCacheLookupStart) {
   ExpectPacket(kQueryPacketPrivet, sizeof(kQueryPacketPrivet));
 
-  scoped_ptr<MDnsTransaction> transaction1 = test_client_->CreateTransaction(
-      dns_protocol::kTypePTR, "_privet._tcp.local",
-      MDnsTransaction::QUERY_NETWORK | MDnsTransaction::QUERY_CACHE |
-          MDnsTransaction::SINGLE_RESULT,
-      base::Bind(&MDnsTest::MockableRecordCallback, base::Unretained(this)));
+  std::unique_ptr<MDnsTransaction> transaction1 =
+      test_client_->CreateTransaction(
+          dns_protocol::kTypePTR, "_privet._tcp.local",
+          MDnsTransaction::QUERY_NETWORK | MDnsTransaction::QUERY_CACHE |
+              MDnsTransaction::SINGLE_RESULT,
+          base::Bind(&MDnsTest::MockableRecordCallback,
+                     base::Unretained(this)));
 
-  scoped_ptr<MDnsTransaction> transaction2 = test_client_->CreateTransaction(
-      dns_protocol::kTypePTR, "_printer._tcp.local",
-      MDnsTransaction::QUERY_CACHE | MDnsTransaction::SINGLE_RESULT,
-      base::Bind(&MDnsTest::MockableRecordCallback2, base::Unretained(this)));
+  std::unique_ptr<MDnsTransaction> transaction2 =
+      test_client_->CreateTransaction(
+          dns_protocol::kTypePTR, "_printer._tcp.local",
+          MDnsTransaction::QUERY_CACHE | MDnsTransaction::SINGLE_RESULT,
+          base::Bind(&MDnsTest::MockableRecordCallback2,
+                     base::Unretained(this)));
 
   EXPECT_CALL(*this, MockableRecordCallback2(MDnsTransaction::RESULT_RECORD,
                                              _))
@@ -873,7 +882,7 @@ TEST_F(MDnsTest, TransactionReentrantCacheLookupStart) {
 TEST_F(MDnsTest, GoodbyePacketNotification) {
   StrictMock<MockListenerDelegate> delegate_privet;
 
-  scoped_ptr<MDnsListener> listener_privet = test_client_->CreateListener(
+  std::unique_ptr<MDnsListener> listener_privet = test_client_->CreateListener(
       dns_protocol::kTypePTR, "_privet._tcp.local", &delegate_privet);
   ASSERT_TRUE(listener_privet->Start());
 
@@ -885,7 +894,7 @@ TEST_F(MDnsTest, GoodbyePacketNotification) {
 TEST_F(MDnsTest, GoodbyePacketRemoval) {
   StrictMock<MockListenerDelegate> delegate_privet;
 
-  scoped_ptr<MDnsListener> listener_privet = test_client_->CreateListener(
+  std::unique_ptr<MDnsListener> listener_privet = test_client_->CreateListener(
       dns_protocol::kTypePTR, "_privet._tcp.local", &delegate_privet);
   ASSERT_TRUE(listener_privet->Start());
 
@@ -940,7 +949,7 @@ TEST_F(MDnsTest, DoubleRecordDisagreeing) {
   IPAddress address;
   StrictMock<MockListenerDelegate> delegate_privet;
 
-  scoped_ptr<MDnsListener> listener_privet = test_client_->CreateListener(
+  std::unique_ptr<MDnsListener> listener_privet = test_client_->CreateListener(
       dns_protocol::kTypeA, "privet.local", &delegate_privet);
 
   ASSERT_TRUE(listener_privet->Start());
@@ -957,13 +966,13 @@ TEST_F(MDnsTest, DoubleRecordDisagreeing) {
 
 TEST_F(MDnsTest, NsecWithListener) {
   StrictMock<MockListenerDelegate> delegate_privet;
-  scoped_ptr<MDnsListener> listener_privet = test_client_->CreateListener(
+  std::unique_ptr<MDnsListener> listener_privet = test_client_->CreateListener(
       dns_protocol::kTypeA, "_privet._tcp.local", &delegate_privet);
 
   // Test to make sure nsec callback is NOT called for PTR
   // (which is marked as existing).
   StrictMock<MockListenerDelegate> delegate_privet2;
-  scoped_ptr<MDnsListener> listener_privet2 = test_client_->CreateListener(
+  std::unique_ptr<MDnsListener> listener_privet2 = test_client_->CreateListener(
       dns_protocol::kTypePTR, "_privet._tcp.local", &delegate_privet2);
 
   ASSERT_TRUE(listener_privet->Start());
@@ -976,7 +985,7 @@ TEST_F(MDnsTest, NsecWithListener) {
 }
 
 TEST_F(MDnsTest, NsecWithTransactionFromNetwork) {
-  scoped_ptr<MDnsTransaction> transaction_privet =
+  std::unique_ptr<MDnsTransaction> transaction_privet =
       test_client_->CreateTransaction(
           dns_protocol::kTypeA, "_privet._tcp.local",
           MDnsTransaction::QUERY_NETWORK | MDnsTransaction::QUERY_CACHE |
@@ -998,8 +1007,9 @@ TEST_F(MDnsTest, NsecWithTransactionFromNetwork) {
 TEST_F(MDnsTest, NsecWithTransactionFromCache) {
   // Force mDNS to listen.
   StrictMock<MockListenerDelegate> delegate_irrelevant;
-  scoped_ptr<MDnsListener> listener_irrelevant = test_client_->CreateListener(
-      dns_protocol::kTypePTR, "_privet._tcp.local", &delegate_irrelevant);
+  std::unique_ptr<MDnsListener> listener_irrelevant =
+      test_client_->CreateListener(dns_protocol::kTypePTR, "_privet._tcp.local",
+                                   &delegate_irrelevant);
   listener_irrelevant->Start();
 
   SimulatePacketReceive(kSamplePacketNsec,
@@ -1008,7 +1018,7 @@ TEST_F(MDnsTest, NsecWithTransactionFromCache) {
   EXPECT_CALL(*this,
               MockableRecordCallback(MDnsTransaction::RESULT_NSEC, NULL));
 
-  scoped_ptr<MDnsTransaction> transaction_privet_a =
+  std::unique_ptr<MDnsTransaction> transaction_privet_a =
       test_client_->CreateTransaction(
           dns_protocol::kTypeA, "_privet._tcp.local",
           MDnsTransaction::QUERY_NETWORK | MDnsTransaction::QUERY_CACHE |
@@ -1021,7 +1031,7 @@ TEST_F(MDnsTest, NsecWithTransactionFromCache) {
   // Test that a PTR transaction does NOT consider the same NSEC record to be a
   // valid answer to the query
 
-  scoped_ptr<MDnsTransaction> transaction_privet_ptr =
+  std::unique_ptr<MDnsTransaction> transaction_privet_ptr =
       test_client_->CreateTransaction(
           dns_protocol::kTypePTR, "_privet._tcp.local",
           MDnsTransaction::QUERY_NETWORK | MDnsTransaction::QUERY_CACHE |
@@ -1036,7 +1046,7 @@ TEST_F(MDnsTest, NsecWithTransactionFromCache) {
 
 TEST_F(MDnsTest, NsecConflictRemoval) {
   StrictMock<MockListenerDelegate> delegate_privet;
-  scoped_ptr<MDnsListener> listener_privet = test_client_->CreateListener(
+  std::unique_ptr<MDnsListener> listener_privet = test_client_->CreateListener(
       dns_protocol::kTypeA, "_privet._tcp.local", &delegate_privet);
 
   ASSERT_TRUE(listener_privet->Start());
@@ -1065,7 +1075,7 @@ TEST_F(MDnsTest, NsecConflictRemoval) {
 
 TEST_F(MDnsTest, RefreshQuery) {
   StrictMock<MockListenerDelegate> delegate_privet;
-  scoped_ptr<MDnsListener> listener_privet = test_client_->CreateListener(
+  std::unique_ptr<MDnsListener> listener_privet = test_client_->CreateListener(
       dns_protocol::kTypeA, "_privet._tcp.local", &delegate_privet);
 
   listener_privet->SetActiveRefresh(true);
@@ -1092,17 +1102,17 @@ TEST_F(MDnsTest, RefreshQuery) {
 class SimpleMockSocketFactory : public MDnsSocketFactory {
  public:
   void CreateSockets(
-      std::vector<scoped_ptr<DatagramServerSocket>>* sockets) override {
+      std::vector<std::unique_ptr<DatagramServerSocket>>* sockets) override {
     sockets->clear();
     sockets->swap(sockets_);
   }
 
-  void PushSocket(scoped_ptr<DatagramServerSocket> socket) {
+  void PushSocket(std::unique_ptr<DatagramServerSocket> socket) {
     sockets_.push_back(std::move(socket));
   }
 
  private:
-  std::vector<scoped_ptr<DatagramServerSocket>> sockets_;
+  std::vector<std::unique_ptr<DatagramServerSocket>> sockets_;
 };
 
 class MockMDnsConnectionDelegate : public MDnsConnection::Delegate {
@@ -1126,8 +1136,8 @@ class MDnsConnectionTest : public ::testing::Test {
   void SetUp() override {
     socket_ipv4_ = new MockMDnsDatagramServerSocket(ADDRESS_FAMILY_IPV4);
     socket_ipv6_ = new MockMDnsDatagramServerSocket(ADDRESS_FAMILY_IPV6);
-    factory_.PushSocket(make_scoped_ptr(socket_ipv6_));
-    factory_.PushSocket(make_scoped_ptr(socket_ipv4_));
+    factory_.PushSocket(base::WrapUnique(socket_ipv6_));
+    factory_.PushSocket(base::WrapUnique(socket_ipv4_));
     sample_packet_ = MakeString(kSamplePacket1, sizeof(kSamplePacket1));
     sample_buffer_ = new StringIOBuffer(sample_packet_);
   }
diff --git a/chromium/net/dns/mock_host_resolver.cc b/chromium/net/dns/mock_host_resolver.cc
index b734cd319da..01030aa3537 100644
--- a/chromium/net/dns/mock_host_resolver.cc
+++ b/chromium/net/dns/mock_host_resolver.cc
@@ -15,8 +15,8 @@
 #include "base/strings/pattern.h"
 #include "base/strings/string_split.h"
 #include "base/strings/string_util.h"
-#include "base/thread_task_runner_handle.h"
 #include "base/threading/platform_thread.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/ip_address.h"
 #include "net/base/ip_endpoint.h"
 #include "net/base/net_errors.h"
@@ -116,7 +116,7 @@ void MockHostResolverBase::CancelRequest(RequestHandle handle) {
   size_t id = reinterpret_cast<size_t>(handle);
   RequestMap::iterator it = requests_.find(id);
   if (it != requests_.end()) {
-    scoped_ptr<Request> req(it->second);
+    std::unique_ptr<Request> req(it->second);
     requests_.erase(it);
   } else {
     NOTREACHED() << "CancelRequest must NOT be called after request is "
@@ -175,9 +175,9 @@ int MockHostResolverBase::ResolveFromIPLiteralOrCache(const RequestInfo& info,
                        info.host_resolver_flags());
     const HostCache::Entry* entry = cache_->Lookup(key, base::TimeTicks::Now());
     if (entry) {
-      rv = entry->error;
+      rv = entry->error();
       if (rv == OK)
-        *addresses = AddressList::CopyWithPort(entry->addrlist, info.port());
+        *addresses = AddressList::CopyWithPort(entry->addresses(), info.port());
     }
   }
   return rv;
@@ -212,7 +212,7 @@ void MockHostResolverBase::ResolveNow(size_t id) {
   if (it == requests_.end())
     return;  // was canceled
 
-  scoped_ptr<Request> req(it->second);
+  std::unique_ptr<Request> req(it->second);
   requests_.erase(it);
   int rv = ResolveProc(id, req->info, req->addresses);
   if (!req->callback.is_null())
diff --git a/chromium/net/dns/mock_host_resolver.h b/chromium/net/dns/mock_host_resolver.h
index 71f557ea080..c4312fb2151 100644
--- a/chromium/net/dns/mock_host_resolver.h
+++ b/chromium/net/dns/mock_host_resolver.h
@@ -135,7 +135,7 @@ class MockHostResolverBase : public HostResolver,
   bool synchronous_mode_;
   bool ondemand_mode_;
   scoped_refptr<RuleBasedHostResolverProc> rules_;
-  scoped_ptr<HostCache> cache_;
+  std::unique_ptr<HostCache> cache_;
   RequestMap requests_;
   size_t next_request_id_;
 
diff --git a/chromium/net/dns/mock_mdns_socket_factory.cc b/chromium/net/dns/mock_mdns_socket_factory.cc
index ae46d2f428d..f2745069a80 100644
--- a/chromium/net/dns/mock_mdns_socket_factory.cc
+++ b/chromium/net/dns/mock_mdns_socket_factory.cc
@@ -9,7 +9,7 @@
 
 #include "base/location.h"
 #include "base/single_thread_task_runner.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/net_errors.h"
 
 using testing::_;
@@ -67,15 +67,15 @@ MockMDnsSocketFactory::~MockMDnsSocketFactory() {
 }
 
 void MockMDnsSocketFactory::CreateSockets(
-    std::vector<scoped_ptr<DatagramServerSocket>>* sockets) {
+    std::vector<std::unique_ptr<DatagramServerSocket>>* sockets) {
   CreateSocket(ADDRESS_FAMILY_IPV4, sockets);
   CreateSocket(ADDRESS_FAMILY_IPV6, sockets);
 }
 
 void MockMDnsSocketFactory::CreateSocket(
     AddressFamily address_family,
-    std::vector<scoped_ptr<DatagramServerSocket>>* sockets) {
-  scoped_ptr<testing::NiceMock<MockMDnsDatagramServerSocket> > new_socket(
+    std::vector<std::unique_ptr<DatagramServerSocket>>* sockets) {
+  std::unique_ptr<testing::NiceMock<MockMDnsDatagramServerSocket>> new_socket(
       new testing::NiceMock<MockMDnsDatagramServerSocket>(address_family));
 
   ON_CALL(*new_socket, SendToInternal(_, _, _))
diff --git a/chromium/net/dns/mock_mdns_socket_factory.h b/chromium/net/dns/mock_mdns_socket_factory.h
index 179fb390e98..a55d51734fa 100644
--- a/chromium/net/dns/mock_mdns_socket_factory.h
+++ b/chromium/net/dns/mock_mdns_socket_factory.h
@@ -7,10 +7,10 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 #include <vector>
 
-#include "base/memory/scoped_ptr.h"
 #include "net/dns/mdns_client_impl.h"
 #include "testing/gmock/include/gmock/gmock.h"
 
@@ -83,7 +83,7 @@ class MockMDnsSocketFactory : public MDnsSocketFactory {
   ~MockMDnsSocketFactory() override;
 
   void CreateSockets(
-      std::vector<scoped_ptr<DatagramServerSocket>>* sockets) override;
+      std::vector<std::unique_ptr<DatagramServerSocket>>* sockets) override;
 
   void SimulateReceive(const uint8_t* packet, int size);
 
@@ -99,8 +99,9 @@ class MockMDnsSocketFactory : public MDnsSocketFactory {
                        IPEndPoint* address,
                        const CompletionCallback& callback);
 
-  void CreateSocket(AddressFamily address_family,
-                    std::vector<scoped_ptr<DatagramServerSocket>>* sockets);
+  void CreateSocket(
+      AddressFamily address_family,
+      std::vector<std::unique_ptr<DatagramServerSocket>>* sockets);
 
   scoped_refptr<IOBuffer> recv_buffer_;
   int recv_buffer_size_;
diff --git a/chromium/net/dns/mojo_host_resolver_impl_unittest.cc b/chromium/net/dns/mojo_host_resolver_impl_unittest.cc
index 6816a6b8e3d..0bb28a97257 100644
--- a/chromium/net/dns/mojo_host_resolver_impl_unittest.cc
+++ b/chromium/net/dns/mojo_host_resolver_impl_unittest.cc
@@ -4,10 +4,10 @@
 
 #include "net/dns/mojo_host_resolver_impl.h"
 
+#include <memory>
 #include <string>
 #include <utility>
 
-#include "base/memory/scoped_ptr.h"
 #include "base/run_loop.h"
 #include "base/time/time.h"
 #include "mojo/public/cpp/bindings/binding.h"
@@ -157,7 +157,7 @@ class MojoHostResolverImplTest : public testing::Test {
   }
 
   CallbackMockHostResolver mock_host_resolver_;
-  scoped_ptr<MojoHostResolverImpl> resolver_service_;
+  std::unique_ptr<MojoHostResolverImpl> resolver_service_;
 };
 
 TEST_F(MojoHostResolverImplTest, Resolve) {
@@ -267,7 +267,7 @@ TEST_F(MojoHostResolverImplTest, ResolveFailure) {
 
 TEST_F(MojoHostResolverImplTest, DestroyClient) {
   interfaces::HostResolverRequestClientPtr client_ptr;
-  scoped_ptr<TestRequestClient> client(
+  std::unique_ptr<TestRequestClient> client(
       new TestRequestClient(mojo::GetProxy(&client_ptr)));
 
   mock_host_resolver_.set_ondemand_mode(true);
diff --git a/chromium/net/dns/mojo_host_type_converters.cc b/chromium/net/dns/mojo_host_type_converters.cc
index 2e404e0f056..760ee3ba164 100644
--- a/chromium/net/dns/mojo_host_type_converters.cc
+++ b/chromium/net/dns/mojo_host_type_converters.cc
@@ -89,8 +89,8 @@ TypeConverter<net::AddressList, net::interfaces::AddressList>::Convert(
   net::AddressList address_list;
   for (size_t i = 0; i < obj.addresses.size(); i++) {
     const net::interfaces::IPEndPointPtr& ep = obj.addresses[i];
-    address_list.push_back(
-        net::IPEndPoint(ep->address.To<net::IPAddressNumber>(), ep->port));
+    net::IPAddress ip_address(ep->address.To<std::vector<uint8_t>>());
+    address_list.push_back(net::IPEndPoint(ip_address, ep->port));
   }
   return address_list;
 }
diff --git a/chromium/net/dns/record_parsed.cc b/chromium/net/dns/record_parsed.cc
index c5a72ef59dc..68948f6abe5 100644
--- a/chromium/net/dns/record_parsed.cc
+++ b/chromium/net/dns/record_parsed.cc
@@ -16,7 +16,7 @@ RecordParsed::RecordParsed(const std::string& name,
                            uint16_t type,
                            uint16_t klass,
                            uint32_t ttl,
-                           scoped_ptr<const RecordRdata> rdata,
+                           std::unique_ptr<const RecordRdata> rdata,
                            base::Time time_created)
     : name_(name),
       type_(type),
@@ -29,14 +29,14 @@ RecordParsed::~RecordParsed() {
 }
 
 // static
-scoped_ptr<const RecordParsed> RecordParsed::CreateFrom(
+std::unique_ptr<const RecordParsed> RecordParsed::CreateFrom(
     DnsRecordParser* parser,
     base::Time time_created) {
   DnsResourceRecord record;
-  scoped_ptr<const RecordRdata> rdata;
+  std::unique_ptr<const RecordRdata> rdata;
 
   if (!parser->ReadRecord(&record))
-    return scoped_ptr<const RecordParsed>();
+    return std::unique_ptr<const RecordParsed>();
 
   switch (record.type) {
     case ARecordRdata::kType:
@@ -62,13 +62,13 @@ scoped_ptr<const RecordParsed> RecordParsed::CreateFrom(
       break;
     default:
       DVLOG(1) << "Unknown RData type for received record: " << record.type;
-      return scoped_ptr<const RecordParsed>();
+      return std::unique_ptr<const RecordParsed>();
   }
 
   if (!rdata.get())
-    return scoped_ptr<const RecordParsed>();
+    return std::unique_ptr<const RecordParsed>();
 
-  return scoped_ptr<const RecordParsed>(
+  return std::unique_ptr<const RecordParsed>(
       new RecordParsed(record.name, record.type, record.klass, record.ttl,
                        std::move(rdata), time_created));
 }
diff --git a/chromium/net/dns/record_parsed.h b/chromium/net/dns/record_parsed.h
index 654574cc26e..be227d4bbaa 100644
--- a/chromium/net/dns/record_parsed.h
+++ b/chromium/net/dns/record_parsed.h
@@ -7,9 +7,9 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 
-#include "base/memory/scoped_ptr.h"
 #include "base/time/time.h"
 #include "net/base/net_export.h"
 
@@ -25,8 +25,9 @@ class NET_EXPORT_PRIVATE RecordParsed {
   virtual ~RecordParsed();
 
   // All records are inherently immutable. Return a const pointer.
-  static scoped_ptr<const RecordParsed> CreateFrom(DnsRecordParser* parser,
-                                                   base::Time time_created);
+  static std::unique_ptr<const RecordParsed> CreateFrom(
+      DnsRecordParser* parser,
+      base::Time time_created);
 
   const std::string& name() const { return name_; }
   uint16_t type() const { return type_; }
@@ -51,7 +52,7 @@ class NET_EXPORT_PRIVATE RecordParsed {
                uint16_t type,
                uint16_t klass,
                uint32_t ttl,
-               scoped_ptr<const RecordRdata> rdata,
+               std::unique_ptr<const RecordRdata> rdata,
                base::Time time_created);
 
   std::string name_;  // in dotted form
@@ -59,7 +60,7 @@ class NET_EXPORT_PRIVATE RecordParsed {
   const uint16_t klass_;
   const uint32_t ttl_;
 
-  const scoped_ptr<const RecordRdata> rdata_;
+  const std::unique_ptr<const RecordRdata> rdata_;
 
   const base::Time time_created_;
 };
diff --git a/chromium/net/dns/record_parsed_unittest.cc b/chromium/net/dns/record_parsed_unittest.cc
index cfaac31c03b..558d196e9bb 100644
--- a/chromium/net/dns/record_parsed_unittest.cc
+++ b/chromium/net/dns/record_parsed_unittest.cc
@@ -26,7 +26,7 @@ static const uint8_t kT1ResponseWithCacheFlushBit[] = {
 TEST(RecordParsedTest, ParseSingleRecord) {
   DnsRecordParser parser(kT1ResponseDatagram, sizeof(kT1ResponseDatagram),
                          sizeof(dns_protocol::Header));
-  scoped_ptr<const RecordParsed> record;
+  std::unique_ptr<const RecordParsed> record;
   const CnameRecordRdata* rdata;
 
   parser.SkipQuestion();
@@ -49,14 +49,14 @@ TEST(RecordParsedTest, CacheFlushBitCompare) {
   DnsRecordParser parser1(kT1ResponseDatagram, sizeof(kT1ResponseDatagram),
                          sizeof(dns_protocol::Header));
   parser1.SkipQuestion();
-  scoped_ptr<const RecordParsed> record1 =
+  std::unique_ptr<const RecordParsed> record1 =
       RecordParsed::CreateFrom(&parser1, base::Time());
 
   DnsRecordParser parser2(kT1ResponseWithCacheFlushBit,
                           sizeof(kT1ResponseWithCacheFlushBit),
                           0);
 
-  scoped_ptr<const RecordParsed> record2 =
+  std::unique_ptr<const RecordParsed> record2 =
       RecordParsed::CreateFrom(&parser2, base::Time());
 
   EXPECT_FALSE(record1->IsEqual(record2.get(), false));
diff --git a/chromium/net/dns/record_rdata.cc b/chromium/net/dns/record_rdata.cc
index be9d387f36a..ff9434b489e 100644
--- a/chromium/net/dns/record_rdata.cc
+++ b/chromium/net/dns/record_rdata.cc
@@ -5,7 +5,6 @@
 #include "net/dns/record_rdata.h"
 
 #include "base/big_endian.h"
-#include "net/base/ip_address_number.h"
 #include "net/dns/dns_protocol.h"
 #include "net/dns/dns_response.h"
 
@@ -22,12 +21,13 @@ SrvRecordRdata::SrvRecordRdata() : priority_(0), weight_(0), port_(0) {
 SrvRecordRdata::~SrvRecordRdata() {}
 
 // static
-scoped_ptr<SrvRecordRdata> SrvRecordRdata::Create(
+std::unique_ptr<SrvRecordRdata> SrvRecordRdata::Create(
     const base::StringPiece& data,
     const DnsRecordParser& parser) {
-  if (data.size() < kSrvRecordMinimumSize) return scoped_ptr<SrvRecordRdata>();
+  if (data.size() < kSrvRecordMinimumSize)
+    return std::unique_ptr<SrvRecordRdata>();
 
-  scoped_ptr<SrvRecordRdata> rdata(new SrvRecordRdata);
+  std::unique_ptr<SrvRecordRdata> rdata(new SrvRecordRdata);
 
   base::BigEndianReader reader(data.data(), data.size());
   // 2 bytes for priority, 2 bytes for weight, 2 bytes for port.
@@ -37,7 +37,7 @@ scoped_ptr<SrvRecordRdata> SrvRecordRdata::Create(
 
   if (!parser.ReadName(data.substr(kSrvRecordMinimumSize).begin(),
                        &rdata->target_))
-    return scoped_ptr<SrvRecordRdata>();
+    return std::unique_ptr<SrvRecordRdata>();
 
   return rdata;
 }
@@ -62,13 +62,13 @@ ARecordRdata::~ARecordRdata() {
 }
 
 // static
-scoped_ptr<ARecordRdata> ARecordRdata::Create(
+std::unique_ptr<ARecordRdata> ARecordRdata::Create(
     const base::StringPiece& data,
     const DnsRecordParser& parser) {
   if (data.size() != IPAddress::kIPv4AddressSize)
-    return scoped_ptr<ARecordRdata>();
+    return std::unique_ptr<ARecordRdata>();
 
-  scoped_ptr<ARecordRdata> rdata(new ARecordRdata);
+  std::unique_ptr<ARecordRdata> rdata(new ARecordRdata);
   rdata->address_ =
       IPAddress(reinterpret_cast<const uint8_t*>(data.data()), data.length());
   return rdata;
@@ -91,13 +91,13 @@ AAAARecordRdata::~AAAARecordRdata() {
 }
 
 // static
-scoped_ptr<AAAARecordRdata> AAAARecordRdata::Create(
+std::unique_ptr<AAAARecordRdata> AAAARecordRdata::Create(
     const base::StringPiece& data,
     const DnsRecordParser& parser) {
   if (data.size() != IPAddress::kIPv6AddressSize)
-    return scoped_ptr<AAAARecordRdata>();
+    return std::unique_ptr<AAAARecordRdata>();
 
-  scoped_ptr<AAAARecordRdata> rdata(new AAAARecordRdata);
+  std::unique_ptr<AAAARecordRdata> rdata(new AAAARecordRdata);
   rdata->address_ =
       IPAddress(reinterpret_cast<const uint8_t*>(data.data()), data.length());
   return rdata;
@@ -120,13 +120,13 @@ CnameRecordRdata::~CnameRecordRdata() {
 }
 
 // static
-scoped_ptr<CnameRecordRdata> CnameRecordRdata::Create(
+std::unique_ptr<CnameRecordRdata> CnameRecordRdata::Create(
     const base::StringPiece& data,
     const DnsRecordParser& parser) {
-  scoped_ptr<CnameRecordRdata> rdata(new CnameRecordRdata);
+  std::unique_ptr<CnameRecordRdata> rdata(new CnameRecordRdata);
 
   if (!parser.ReadName(data.begin(), &rdata->cname_))
-    return scoped_ptr<CnameRecordRdata>();
+    return std::unique_ptr<CnameRecordRdata>();
 
   return rdata;
 }
@@ -149,13 +149,13 @@ PtrRecordRdata::~PtrRecordRdata() {
 }
 
 // static
-scoped_ptr<PtrRecordRdata> PtrRecordRdata::Create(
+std::unique_ptr<PtrRecordRdata> PtrRecordRdata::Create(
     const base::StringPiece& data,
     const DnsRecordParser& parser) {
-  scoped_ptr<PtrRecordRdata> rdata(new PtrRecordRdata);
+  std::unique_ptr<PtrRecordRdata> rdata(new PtrRecordRdata);
 
   if (!parser.ReadName(data.begin(), &rdata->ptrdomain_))
-    return scoped_ptr<PtrRecordRdata>();
+    return std::unique_ptr<PtrRecordRdata>();
 
   return rdata;
 }
@@ -177,16 +177,16 @@ TxtRecordRdata::~TxtRecordRdata() {
 }
 
 // static
-scoped_ptr<TxtRecordRdata> TxtRecordRdata::Create(
+std::unique_ptr<TxtRecordRdata> TxtRecordRdata::Create(
     const base::StringPiece& data,
     const DnsRecordParser& parser) {
-  scoped_ptr<TxtRecordRdata> rdata(new TxtRecordRdata);
+  std::unique_ptr<TxtRecordRdata> rdata(new TxtRecordRdata);
 
   for (size_t i = 0; i < data.size(); ) {
     uint8_t length = data[i];
 
     if (i + length >= data.size())
-      return scoped_ptr<TxtRecordRdata>();
+      return std::unique_ptr<TxtRecordRdata>();
 
     rdata->texts_.push_back(data.substr(i + 1, length).as_string());
 
@@ -214,10 +214,10 @@ NsecRecordRdata::~NsecRecordRdata() {
 }
 
 // static
-scoped_ptr<NsecRecordRdata> NsecRecordRdata::Create(
+std::unique_ptr<NsecRecordRdata> NsecRecordRdata::Create(
     const base::StringPiece& data,
     const DnsRecordParser& parser) {
-  scoped_ptr<NsecRecordRdata> rdata(new NsecRecordRdata);
+  std::unique_ptr<NsecRecordRdata> rdata(new NsecRecordRdata);
 
   // Read the "next domain". This part for the NSEC record format is
   // ignored for mDNS, since it has no semantic meaning.
@@ -226,7 +226,7 @@ scoped_ptr<NsecRecordRdata> NsecRecordRdata::Create(
   // If we did not succeed in getting the next domain or the data length
   // is too short for reading the bitmap header, return.
   if (next_domain_length == 0 || data.length() < next_domain_length + 2)
-    return scoped_ptr<NsecRecordRdata>();
+    return std::unique_ptr<NsecRecordRdata>();
 
   struct BitmapHeader {
     uint8_t block_number;  // The block number should be zero.
@@ -239,14 +239,14 @@ scoped_ptr<NsecRecordRdata> NsecRecordRdata::Create(
   // The block number must be zero in mDns-specific NSEC records. The bitmap
   // length must be between 1 and 32.
   if (header->block_number != 0 || header->length == 0 || header->length > 32)
-    return scoped_ptr<NsecRecordRdata>();
+    return std::unique_ptr<NsecRecordRdata>();
 
   base::StringPiece bitmap_data = data.substr(next_domain_length + 2);
 
   // Since we may only have one block, the data length must be exactly equal to
   // the domain length plus bitmap size.
   if (bitmap_data.length() != header->length)
-    return scoped_ptr<NsecRecordRdata>();
+    return std::unique_ptr<NsecRecordRdata>();
 
   rdata->bitmap_.insert(rdata->bitmap_.begin(),
                         bitmap_data.begin(),
diff --git a/chromium/net/dns/record_rdata.h b/chromium/net/dns/record_rdata.h
index fea1f6b544d..d2ca587c5e7 100644
--- a/chromium/net/dns/record_rdata.h
+++ b/chromium/net/dns/record_rdata.h
@@ -7,12 +7,12 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 #include <vector>
 
 #include "base/compiler_specific.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_piece.h"
 #include "net/base/ip_address.h"
 #include "net/base/net_export.h"
@@ -47,8 +47,8 @@ class NET_EXPORT_PRIVATE SrvRecordRdata : public RecordRdata {
   static const uint16_t kType = dns_protocol::kTypeSRV;
 
   ~SrvRecordRdata() override;
-  static scoped_ptr<SrvRecordRdata> Create(const base::StringPiece& data,
-                                           const DnsRecordParser& parser);
+  static std::unique_ptr<SrvRecordRdata> Create(const base::StringPiece& data,
+                                                const DnsRecordParser& parser);
 
   bool IsEqual(const RecordRdata* other) const override;
   uint16_t Type() const override;
@@ -78,8 +78,8 @@ class NET_EXPORT_PRIVATE ARecordRdata : public RecordRdata {
   static const uint16_t kType = dns_protocol::kTypeA;
 
   ~ARecordRdata() override;
-  static scoped_ptr<ARecordRdata> Create(const base::StringPiece& data,
-                                         const DnsRecordParser& parser);
+  static std::unique_ptr<ARecordRdata> Create(const base::StringPiece& data,
+                                              const DnsRecordParser& parser);
   bool IsEqual(const RecordRdata* other) const override;
   uint16_t Type() const override;
 
@@ -100,8 +100,8 @@ class NET_EXPORT_PRIVATE AAAARecordRdata : public RecordRdata {
   static const uint16_t kType = dns_protocol::kTypeAAAA;
 
   ~AAAARecordRdata() override;
-  static scoped_ptr<AAAARecordRdata> Create(const base::StringPiece& data,
-                                         const DnsRecordParser& parser);
+  static std::unique_ptr<AAAARecordRdata> Create(const base::StringPiece& data,
+                                                 const DnsRecordParser& parser);
   bool IsEqual(const RecordRdata* other) const override;
   uint16_t Type() const override;
 
@@ -122,8 +122,9 @@ class NET_EXPORT_PRIVATE CnameRecordRdata : public RecordRdata {
   static const uint16_t kType = dns_protocol::kTypeCNAME;
 
   ~CnameRecordRdata() override;
-  static scoped_ptr<CnameRecordRdata> Create(const base::StringPiece& data,
-                                             const DnsRecordParser& parser);
+  static std::unique_ptr<CnameRecordRdata> Create(
+      const base::StringPiece& data,
+      const DnsRecordParser& parser);
   bool IsEqual(const RecordRdata* other) const override;
   uint16_t Type() const override;
 
@@ -144,8 +145,8 @@ class NET_EXPORT_PRIVATE PtrRecordRdata : public RecordRdata {
   static const uint16_t kType = dns_protocol::kTypePTR;
 
   ~PtrRecordRdata() override;
-  static scoped_ptr<PtrRecordRdata> Create(const base::StringPiece& data,
-                                           const DnsRecordParser& parser);
+  static std::unique_ptr<PtrRecordRdata> Create(const base::StringPiece& data,
+                                                const DnsRecordParser& parser);
   bool IsEqual(const RecordRdata* other) const override;
   uint16_t Type() const override;
 
@@ -167,8 +168,8 @@ class NET_EXPORT_PRIVATE TxtRecordRdata : public RecordRdata {
   static const uint16_t kType = dns_protocol::kTypeTXT;
 
   ~TxtRecordRdata() override;
-  static scoped_ptr<TxtRecordRdata> Create(const base::StringPiece& data,
-                                           const DnsRecordParser& parser);
+  static std::unique_ptr<TxtRecordRdata> Create(const base::StringPiece& data,
+                                                const DnsRecordParser& parser);
   bool IsEqual(const RecordRdata* other) const override;
   uint16_t Type() const override;
 
@@ -191,8 +192,8 @@ class NET_EXPORT_PRIVATE NsecRecordRdata : public RecordRdata {
   static const uint16_t kType = dns_protocol::kTypeNSEC;
 
   ~NsecRecordRdata() override;
-  static scoped_ptr<NsecRecordRdata> Create(const base::StringPiece& data,
-                                            const DnsRecordParser& parser);
+  static std::unique_ptr<NsecRecordRdata> Create(const base::StringPiece& data,
+                                                 const DnsRecordParser& parser);
   bool IsEqual(const RecordRdata* other) const override;
   uint16_t Type() const override;
 
diff --git a/chromium/net/dns/record_rdata_unittest.cc b/chromium/net/dns/record_rdata_unittest.cc
index 5db22e64473..c41e39aa5e6 100644
--- a/chromium/net/dns/record_rdata_unittest.cc
+++ b/chromium/net/dns/record_rdata_unittest.cc
@@ -4,7 +4,8 @@
 
 #include "net/dns/record_rdata.h"
 
-#include "base/memory/scoped_ptr.h"
+#include <memory>
+
 #include "net/dns/dns_response.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
@@ -16,8 +17,8 @@ base::StringPiece MakeStringPiece(const uint8_t* data, unsigned size) {
 }
 
 TEST(RecordRdataTest, ParseSrvRecord) {
-  scoped_ptr<SrvRecordRdata> record1_obj;
-  scoped_ptr<SrvRecordRdata> record2_obj;
+  std::unique_ptr<SrvRecordRdata> record1_obj;
+  std::unique_ptr<SrvRecordRdata> record2_obj;
 
   // These are just the rdata portions of the DNS records, rather than complete
   // records, but it works well enough for this test.
@@ -60,7 +61,7 @@ TEST(RecordRdataTest, ParseSrvRecord) {
 }
 
 TEST(RecordRdataTest, ParseARecord) {
-  scoped_ptr<ARecordRdata> record_obj;
+  std::unique_ptr<ARecordRdata> record_obj;
 
   // These are just the rdata portions of the DNS records, rather than complete
   // records, but it works well enough for this test.
@@ -81,7 +82,7 @@ TEST(RecordRdataTest, ParseARecord) {
 }
 
 TEST(RecordRdataTest, ParseAAAARecord) {
-  scoped_ptr<AAAARecordRdata> record_obj;
+  std::unique_ptr<AAAARecordRdata> record_obj;
 
   // These are just the rdata portions of the DNS records, rather than complete
   // records, but it works well enough for this test.
@@ -103,7 +104,7 @@ TEST(RecordRdataTest, ParseAAAARecord) {
 }
 
 TEST(RecordRdataTest, ParseCnameRecord) {
-  scoped_ptr<CnameRecordRdata> record_obj;
+  std::unique_ptr<CnameRecordRdata> record_obj;
 
   // These are just the rdata portions of the DNS records, rather than complete
   // records, but it works well enough for this test.
@@ -123,7 +124,7 @@ TEST(RecordRdataTest, ParseCnameRecord) {
 }
 
 TEST(RecordRdataTest, ParsePtrRecord) {
-  scoped_ptr<PtrRecordRdata> record_obj;
+  std::unique_ptr<PtrRecordRdata> record_obj;
 
   // These are just the rdata portions of the DNS records, rather than complete
   // records, but it works well enough for this test.
@@ -143,7 +144,7 @@ TEST(RecordRdataTest, ParsePtrRecord) {
 }
 
 TEST(RecordRdataTest, ParseTxtRecord) {
-  scoped_ptr<TxtRecordRdata> record_obj;
+  std::unique_ptr<TxtRecordRdata> record_obj;
 
   // These are just the rdata portions of the DNS records, rather than complete
   // records, but it works well enough for this test.
@@ -168,7 +169,7 @@ TEST(RecordRdataTest, ParseTxtRecord) {
 }
 
 TEST(RecordRdataTest, ParseNsecRecord) {
-  scoped_ptr<NsecRecordRdata> record_obj;
+  std::unique_ptr<NsecRecordRdata> record_obj;
 
   // These are just the rdata portions of the DNS records, rather than complete
   // records, but it works well enough for this test.
diff --git a/chromium/net/dns/serial_worker.cc b/chromium/net/dns/serial_worker.cc
index 6cf692d0aca..8a715f37f83 100644
--- a/chromium/net/dns/serial_worker.cc
+++ b/chromium/net/dns/serial_worker.cc
@@ -6,7 +6,7 @@
 
 #include "base/bind.h"
 #include "base/location.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/threading/worker_pool.h"
 
 namespace net {
diff --git a/chromium/net/docs/bug-triage-labels.md b/chromium/net/docs/bug-triage-labels.md
index b8da2028d74..8c532217ed1 100644
--- a/chromium/net/docs/bug-triage-labels.md
+++ b/chromium/net/docs/bug-triage-labels.md
@@ -84,6 +84,9 @@ they fall largely outside the purview of the network stack team:
 **Blink>Network>XHR**
 : Generic issues with sync/async XHR requests.
 
+**Blink>WebRTC>Network**
+: Anything WebRTC-related does not use the net stack and should go here.
+
 **Services>Sync**
 : Sharing data/tabs/history/passwords/etc between machines not working.
 
diff --git a/chromium/net/docs/bug-triage-suggested-workflow.md b/chromium/net/docs/bug-triage-suggested-workflow.md
index 9be9f3c1a80..e19e21637e8 100644
--- a/chromium/net/docs/bug-triage-suggested-workflow.md
+++ b/chromium/net/docs/bug-triage-suggested-workflow.md
@@ -130,9 +130,10 @@ For each alert that fires, determine if it's a real alert and file a bug if so.
 1. Go to [go/chromecrash](https://goto.google.com/chromecrash).
 
 2. For each platform, look through the releases for which releases to
-   investigate.  As per bug-triage.txt, this should be the most recent canary,
-   the previous canary (if the most recent is less than a day old), and any of
-   dev/beta/stable that were released in the last couple of days.
+   investigate.  As per [bug-triage.md](bug-triage.md), this should be the most
+   recent canary, the previous canary (if the most recent is less than a day
+   old), and any of dev/beta/stable that were released in the last couple of
+   days.
 
 3. For each release, in the "Process Type" frame, click on "browser".
 
diff --git a/chromium/net/extras/sqlite/sqlite_channel_id_store.cc b/chromium/net/extras/sqlite/sqlite_channel_id_store.cc
index 5b8b351b433..238577fd18d 100644
--- a/chromium/net/extras/sqlite/sqlite_channel_id_store.cc
+++ b/chromium/net/extras/sqlite/sqlite_channel_id_store.cc
@@ -4,6 +4,7 @@
 
 #include "net/extras/sqlite/sqlite_channel_id_store.h"
 
+#include <memory>
 #include <set>
 #include <utility>
 #include <vector>
@@ -14,7 +15,6 @@
 #include "base/location.h"
 #include "base/logging.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/sequenced_task_runner.h"
 #include "base/strings/string_util.h"
@@ -83,7 +83,8 @@ class SQLiteChannelIDStore::Backend
   }
 
   void LoadInBackground(
-      std::vector<scoped_ptr<DefaultChannelIDStore::ChannelID>>* channel_ids);
+      std::vector<std::unique_ptr<DefaultChannelIDStore::ChannelID>>*
+          channel_ids);
 
   // Database upgrade statements.
   bool EnsureDatabaseVersion();
@@ -126,7 +127,7 @@ class SQLiteChannelIDStore::Backend
   void KillDatabase();
 
   const base::FilePath path_;
-  scoped_ptr<sql::Connection> db_;
+  std::unique_ptr<sql::Connection> db_;
   sql::MetaTable meta_table_;
 
   typedef std::list<PendingOperation*> PendingOperationsList;
@@ -149,11 +150,12 @@ void SQLiteChannelIDStore::Backend::Load(
     const LoadedCallback& loaded_callback) {
   // This function should be called only once per instance.
   DCHECK(!db_.get());
-  scoped_ptr<std::vector<scoped_ptr<DefaultChannelIDStore::ChannelID>>>
+  std::unique_ptr<
+      std::vector<std::unique_ptr<DefaultChannelIDStore::ChannelID>>>
       channel_ids(
-          new std::vector<scoped_ptr<DefaultChannelIDStore::ChannelID>>());
-  std::vector<scoped_ptr<DefaultChannelIDStore::ChannelID>>* channel_ids_ptr =
-      channel_ids.get();
+          new std::vector<std::unique_ptr<DefaultChannelIDStore::ChannelID>>());
+  std::vector<std::unique_ptr<DefaultChannelIDStore::ChannelID>>*
+      channel_ids_ptr = channel_ids.get();
 
   background_task_runner_->PostTaskAndReply(
       FROM_HERE,
@@ -162,7 +164,8 @@ void SQLiteChannelIDStore::Backend::Load(
 }
 
 void SQLiteChannelIDStore::Backend::LoadInBackground(
-    std::vector<scoped_ptr<DefaultChannelIDStore::ChannelID>>* channel_ids) {
+    std::vector<std::unique_ptr<DefaultChannelIDStore::ChannelID>>*
+        channel_ids) {
   DCHECK(background_task_runner_->RunsTasksOnCurrentThread());
 
   // This method should be called only once per instance.
@@ -222,13 +225,13 @@ void SQLiteChannelIDStore::Backend::LoadInBackground(
     std::vector<uint8_t> private_key_from_db, public_key_from_db;
     smt.ColumnBlobAsVector(1, &private_key_from_db);
     smt.ColumnBlobAsVector(2, &public_key_from_db);
-    scoped_ptr<crypto::ECPrivateKey> key(
+    std::unique_ptr<crypto::ECPrivateKey> key(
         crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo(
             ChannelIDService::kEPKIPassword, private_key_from_db,
             public_key_from_db));
     if (!key)
       continue;
-    scoped_ptr<DefaultChannelIDStore::ChannelID> channel_id(
+    std::unique_ptr<DefaultChannelIDStore::ChannelID> channel_id(
         new DefaultChannelIDStore::ChannelID(
             smt.ColumnString(0),  // host
             base::Time::FromInternalValue(smt.ColumnInt64(3)), std::move(key)));
@@ -412,7 +415,7 @@ void SQLiteChannelIDStore::Backend::BatchOperation(
   static const size_t kCommitAfterBatchSize = 512;
 
   // We do a full copy of the cert here, and hopefully just here.
-  scoped_ptr<PendingOperation> po(new PendingOperation(op, channel_id));
+  std::unique_ptr<PendingOperation> po(new PendingOperation(op, channel_id));
 
   PendingOperationsList::size_type num_pending;
   {
@@ -447,7 +450,7 @@ void SQLiteChannelIDStore::Backend::PrunePendingOperationsForDeletes(
         server_identifiers.end();
 
     if (remove) {
-      scoped_ptr<PendingOperation> po(*it);
+      std::unique_ptr<PendingOperation> po(*it);
       it = pending_.erase(it);
       --num_pending_;
     } else {
@@ -489,7 +492,7 @@ void SQLiteChannelIDStore::Backend::Commit() {
   for (PendingOperationsList::iterator it = ops.begin(); it != ops.end();
        ++it) {
     // Free the certs as we commit them to the database.
-    scoped_ptr<PendingOperation> po(*it);
+    std::unique_ptr<PendingOperation> po(*it);
     switch (po->op()) {
       case PendingOperation::CHANNEL_ID_ADD: {
         add_statement.Reset(true);
diff --git a/chromium/net/extras/sqlite/sqlite_channel_id_store_unittest.cc b/chromium/net/extras/sqlite/sqlite_channel_id_store_unittest.cc
index 2b5e80a3aa2..8d2fb8fcac6 100644
--- a/chromium/net/extras/sqlite/sqlite_channel_id_store_unittest.cc
+++ b/chromium/net/extras/sqlite/sqlite_channel_id_store_unittest.cc
@@ -2,19 +2,21 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "net/extras/sqlite/sqlite_channel_id_store.h"
+
+#include <memory>
 #include <vector>
 
 #include "base/bind.h"
 #include "base/files/file_util.h"
 #include "base/files/scoped_temp_dir.h"
+#include "base/memory/ptr_util.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/run_loop.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "crypto/ec_private_key.h"
 #include "net/base/test_data_directory.h"
 #include "net/cert/asn1_util.h"
-#include "net/extras/sqlite/sqlite_channel_id_store.h"
 #include "net/ssl/channel_id_service.h"
 #include "net/ssl/ssl_client_cert_type.h"
 #include "net/test/cert_test_util.h"
@@ -29,8 +31,8 @@ const base::FilePath::CharType kTestChannelIDFilename[] =
 
 class SQLiteChannelIDStoreTest : public testing::Test {
  public:
-  void Load(
-      std::vector<scoped_ptr<DefaultChannelIDStore::ChannelID>>* channel_ids) {
+  void Load(std::vector<std::unique_ptr<DefaultChannelIDStore::ChannelID>>*
+                channel_ids) {
     base::RunLoop run_loop;
     store_->Load(base::Bind(&SQLiteChannelIDStoreTest::OnLoaded,
                             base::Unretained(this),
@@ -42,8 +44,8 @@ class SQLiteChannelIDStoreTest : public testing::Test {
 
   void OnLoaded(
       base::RunLoop* run_loop,
-      scoped_ptr<std::vector<scoped_ptr<DefaultChannelIDStore::ChannelID>>>
-          channel_ids) {
+      std::unique_ptr<std::vector<
+          std::unique_ptr<DefaultChannelIDStore::ChannelID>>> channel_ids) {
     channel_ids_.swap(*channel_ids);
     run_loop->Quit();
   }
@@ -51,7 +53,7 @@ class SQLiteChannelIDStoreTest : public testing::Test {
  protected:
   static void ReadTestKeyAndCert(std::string* key_data,
                                  std::string* cert_data,
-                                 scoped_ptr<crypto::ECPrivateKey>* key) {
+                                 std::unique_ptr<crypto::ECPrivateKey>* key) {
     base::FilePath key_path =
         GetTestCertsDirectory().AppendASCII("unittest.originbound.key.der");
     base::FilePath cert_path =
@@ -105,30 +107,30 @@ class SQLiteChannelIDStoreTest : public testing::Test {
     store_ = new SQLiteChannelIDStore(
         temp_dir_.path().Append(kTestChannelIDFilename),
         base::ThreadTaskRunnerHandle::Get());
-    std::vector<scoped_ptr<DefaultChannelIDStore::ChannelID>> channel_ids;
+    std::vector<std::unique_ptr<DefaultChannelIDStore::ChannelID>> channel_ids;
     Load(&channel_ids);
     ASSERT_EQ(0u, channel_ids.size());
     // Make sure the store gets written at least once.
     google_key_.reset(crypto::ECPrivateKey::Create());
     store_->AddChannelID(DefaultChannelIDStore::ChannelID(
         "google.com", base::Time::FromInternalValue(1),
-        make_scoped_ptr(google_key_->Copy())));
+        base::WrapUnique(google_key_->Copy())));
   }
 
   base::ScopedTempDir temp_dir_;
   scoped_refptr<SQLiteChannelIDStore> store_;
-  std::vector<scoped_ptr<DefaultChannelIDStore::ChannelID>> channel_ids_;
-  scoped_ptr<crypto::ECPrivateKey> google_key_;
+  std::vector<std::unique_ptr<DefaultChannelIDStore::ChannelID>> channel_ids_;
+  std::unique_ptr<crypto::ECPrivateKey> google_key_;
 };
 
 // Test if data is stored as expected in the SQLite database.
 TEST_F(SQLiteChannelIDStoreTest, TestPersistence) {
-  scoped_ptr<crypto::ECPrivateKey> foo_key(crypto::ECPrivateKey::Create());
+  std::unique_ptr<crypto::ECPrivateKey> foo_key(crypto::ECPrivateKey::Create());
   store_->AddChannelID(DefaultChannelIDStore::ChannelID(
       "foo.com", base::Time::FromInternalValue(3),
-      make_scoped_ptr(foo_key->Copy())));
+      base::WrapUnique(foo_key->Copy())));
 
-  std::vector<scoped_ptr<DefaultChannelIDStore::ChannelID>> channel_ids;
+  std::vector<std::unique_ptr<DefaultChannelIDStore::ChannelID>> channel_ids;
   // Replace the store effectively destroying the current one and forcing it
   // to write its data to disk. Then we can see if after loading it again it
   // is still there.
@@ -182,9 +184,9 @@ TEST_F(SQLiteChannelIDStoreTest, TestPersistence) {
 TEST_F(SQLiteChannelIDStoreTest, TestDeleteAll) {
   store_->AddChannelID(DefaultChannelIDStore::ChannelID(
       "foo.com", base::Time::FromInternalValue(3),
-      make_scoped_ptr(crypto::ECPrivateKey::Create())));
+      base::WrapUnique(crypto::ECPrivateKey::Create())));
 
-  std::vector<scoped_ptr<DefaultChannelIDStore::ChannelID>> channel_ids;
+  std::vector<std::unique_ptr<DefaultChannelIDStore::ChannelID>> channel_ids;
   // Replace the store effectively destroying the current one and forcing it
   // to write its data to disk. Then we can see if after loading it again it
   // is still there.
@@ -231,7 +233,7 @@ TEST_F(SQLiteChannelIDStoreTest, TestUpgradeV1) {
 
   std::string key_data;
   std::string cert_data;
-  scoped_ptr<crypto::ECPrivateKey> key;
+  std::unique_ptr<crypto::ECPrivateKey> key;
   ASSERT_NO_FATAL_FAILURE(ReadTestKeyAndCert(&key_data, &cert_data, &key));
 
   // Create a version 1 database.
@@ -266,7 +268,7 @@ TEST_F(SQLiteChannelIDStoreTest, TestUpgradeV1) {
   for (int i = 0; i < 2; ++i) {
     SCOPED_TRACE(i);
 
-    std::vector<scoped_ptr<DefaultChannelIDStore::ChannelID>> channel_ids;
+    std::vector<std::unique_ptr<DefaultChannelIDStore::ChannelID>> channel_ids;
     store_ = new SQLiteChannelIDStore(v1_db_path,
                                       base::ThreadTaskRunnerHandle::Get());
 
@@ -299,7 +301,7 @@ TEST_F(SQLiteChannelIDStoreTest, TestUpgradeV2) {
 
   std::string key_data;
   std::string cert_data;
-  scoped_ptr<crypto::ECPrivateKey> key;
+  std::unique_ptr<crypto::ECPrivateKey> key;
   ASSERT_NO_FATAL_FAILURE(ReadTestKeyAndCert(&key_data, &cert_data, &key));
 
   // Create a version 2 database.
@@ -338,7 +340,7 @@ TEST_F(SQLiteChannelIDStoreTest, TestUpgradeV2) {
   for (int i = 0; i < 2; ++i) {
     SCOPED_TRACE(i);
 
-    std::vector<scoped_ptr<DefaultChannelIDStore::ChannelID>> channel_ids;
+    std::vector<std::unique_ptr<DefaultChannelIDStore::ChannelID>> channel_ids;
     store_ = new SQLiteChannelIDStore(v2_db_path,
                                       base::ThreadTaskRunnerHandle::Get());
 
@@ -375,7 +377,7 @@ TEST_F(SQLiteChannelIDStoreTest, TestUpgradeV3) {
 
   std::string key_data;
   std::string cert_data;
-  scoped_ptr<crypto::ECPrivateKey> key;
+  std::unique_ptr<crypto::ECPrivateKey> key;
   ASSERT_NO_FATAL_FAILURE(ReadTestKeyAndCert(&key_data, &cert_data, &key));
 
   // Create a version 3 database.
@@ -416,7 +418,7 @@ TEST_F(SQLiteChannelIDStoreTest, TestUpgradeV3) {
   for (int i = 0; i < 2; ++i) {
     SCOPED_TRACE(i);
 
-    std::vector<scoped_ptr<DefaultChannelIDStore::ChannelID>> channel_ids;
+    std::vector<std::unique_ptr<DefaultChannelIDStore::ChannelID>> channel_ids;
     store_ = new SQLiteChannelIDStore(v3_db_path,
                                       base::ThreadTaskRunnerHandle::Get());
 
@@ -453,7 +455,7 @@ TEST_F(SQLiteChannelIDStoreTest, TestUpgradeV4) {
 
   std::string key_data;
   std::string cert_data;
-  scoped_ptr<crypto::ECPrivateKey> key;
+  std::unique_ptr<crypto::ECPrivateKey> key;
   ASSERT_NO_FATAL_FAILURE(ReadTestKeyAndCert(&key_data, &cert_data, &key));
 
   // Create a version 4 database.
@@ -510,7 +512,7 @@ TEST_F(SQLiteChannelIDStoreTest, TestUpgradeV4) {
   for (int i = 0; i < 2; ++i) {
     SCOPED_TRACE(i);
 
-    std::vector<scoped_ptr<DefaultChannelIDStore::ChannelID>> channel_ids;
+    std::vector<std::unique_ptr<DefaultChannelIDStore::ChannelID>> channel_ids;
     store_ = new SQLiteChannelIDStore(v4_db_path,
                                       base::ThreadTaskRunnerHandle::Get());
 
diff --git a/chromium/net/extras/sqlite/sqlite_persistent_cookie_store.cc b/chromium/net/extras/sqlite/sqlite_persistent_cookie_store.cc
index 911f05a9581..8ee2d07e5e7 100644
--- a/chromium/net/extras/sqlite/sqlite_persistent_cookie_store.cc
+++ b/chromium/net/extras/sqlite/sqlite_persistent_cookie_store.cc
@@ -5,6 +5,7 @@
 #include "net/extras/sqlite/sqlite_persistent_cookie_store.h"
 
 #include <map>
+#include <memory>
 #include <set>
 
 #include "base/bind.h"
@@ -15,7 +16,6 @@
 #include "base/logging.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/profiler/scoped_tracker.h"
 #include "base/sequenced_task_runner.h"
@@ -242,7 +242,7 @@ class SQLitePersistentCookieStore::Backend
                               bool success);
 
   const base::FilePath path_;
-  scoped_ptr<sql::Connection> db_;
+  std::unique_ptr<sql::Connection> db_;
   sql::MetaTable meta_table_;
 
   typedef std::list<PendingOperation*> PendingOperationsList;
@@ -819,7 +819,7 @@ void SQLitePersistentCookieStore::Backend::MakeCookiesFromSQLStatement(
     } else {
       value = smt.ColumnString(3);
     }
-    scoped_ptr<CanonicalCookie> cc(new CanonicalCookie(
+    std::unique_ptr<CanonicalCookie> cc(new CanonicalCookie(
         // The "source" URL is not used with persisted cookies.
         GURL(),                                        // Source
         smt.ColumnString(2),                           // name
@@ -1081,7 +1081,7 @@ void SQLitePersistentCookieStore::Backend::BatchOperation(
   DCHECK(!background_task_runner_->RunsTasksOnCurrentThread());
 
   // We do a full copy of the cookie here, and hopefully just here.
-  scoped_ptr<PendingOperation> po(new PendingOperation(op, cc));
+  std::unique_ptr<PendingOperation> po(new PendingOperation(op, cc));
 
   PendingOperationsList::size_type num_pending;
   {
@@ -1144,7 +1144,7 @@ void SQLitePersistentCookieStore::Backend::Commit() {
   for (PendingOperationsList::iterator it = ops.begin(); it != ops.end();
        ++it) {
     // Free the cookies as we commit them to the database.
-    scoped_ptr<PendingOperation> po(*it);
+    std::unique_ptr<PendingOperation> po(*it);
     switch (po->op()) {
       case PendingOperation::COOKIE_ADD:
         add_smt.Reset(true);
diff --git a/chromium/net/extras/sqlite/sqlite_persistent_cookie_store_perftest.cc b/chromium/net/extras/sqlite/sqlite_persistent_cookie_store_perftest.cc
index bbf594cd10b..3aef494cf2f 100644
--- a/chromium/net/extras/sqlite/sqlite_persistent_cookie_store_perftest.cc
+++ b/chromium/net/extras/sqlite/sqlite_persistent_cookie_store_perftest.cc
@@ -104,7 +104,7 @@ class SQLitePersistentCookieStorePerfTest : public testing::Test {
 
  protected:
   base::MessageLoop main_loop_;
-  scoped_ptr<base::SequencedWorkerPoolOwner> pool_owner_;
+  std::unique_ptr<base::SequencedWorkerPoolOwner> pool_owner_;
   base::WaitableEvent loaded_event_;
   base::WaitableEvent key_loaded_event_;
   std::vector<CanonicalCookie*> cookies_;
diff --git a/chromium/net/extras/sqlite/sqlite_persistent_cookie_store_unittest.cc b/chromium/net/extras/sqlite/sqlite_persistent_cookie_store_unittest.cc
index 8315d74e10e..58382ebb4ec 100644
--- a/chromium/net/extras/sqlite/sqlite_persistent_cookie_store_unittest.cc
+++ b/chromium/net/extras/sqlite/sqlite_persistent_cookie_store_unittest.cc
@@ -48,7 +48,7 @@ class CookieCryptor : public CookieCryptoDelegate {
   bool should_encrypt_;
 
  private:
-  scoped_ptr<crypto::SymmetricKey> key_;
+  std::unique_ptr<crypto::SymmetricKey> key_;
   crypto::Encryptor encryptor_;
 };
 
@@ -199,14 +199,14 @@ class SQLitePersistentCookieStoreTest : public testing::Test {
   }
 
  protected:
-  scoped_ptr<base::SequencedWorkerPoolOwner> pool_owner_;
+  std::unique_ptr<base::SequencedWorkerPoolOwner> pool_owner_;
   base::WaitableEvent loaded_event_;
   base::WaitableEvent key_loaded_event_;
   base::WaitableEvent db_thread_event_;
   CanonicalCookieVector cookies_;
   base::ScopedTempDir temp_dir_;
   scoped_refptr<SQLitePersistentCookieStore> store_;
-  scoped_ptr<CookieCryptor> cookie_crypto_delegate_;
+  std::unique_ptr<CookieCryptor> cookie_crypto_delegate_;
 };
 
 TEST_F(SQLitePersistentCookieStoreTest, TestInvalidMetaTableRecovery) {
diff --git a/chromium/net/filter/brotli_filter_unittest.cc b/chromium/net/filter/brotli_filter_unittest.cc
index 38cfc82d954..d9feca161c0 100644
--- a/chromium/net/filter/brotli_filter_unittest.cc
+++ b/chromium/net/filter/brotli_filter_unittest.cc
@@ -2,11 +2,13 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "net/filter/brotli_filter.h"
+
+#include <memory>
+
 #include "base/files/file_util.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/path_service.h"
 #include "net/base/io_buffer.h"
-#include "net/filter/brotli_filter.h"
 #include "net/filter/mock_filter_context.h"
 #include "testing/gtest/include/gtest/gtest.h"
 #include "testing/platform_test.h"
@@ -116,7 +118,7 @@ class BrotliUnitTest : public PlatformTest {
   void InitFilter() {
     std::vector<Filter::FilterType> filter_types;
     filter_types.push_back(Filter::FILTER_TYPE_BROTLI);
-    filter_.reset(Filter::Factory(filter_types, filter_context_));
+    filter_ = Filter::Factory(filter_types, filter_context_);
     ASSERT_TRUE(filter_.get());
     ASSERT_LE(kDefaultBufferSize, filter_->stream_buffer_size());
   }
@@ -124,8 +126,8 @@ class BrotliUnitTest : public PlatformTest {
   void InitFilterWithBufferSize(int buffer_size) {
     std::vector<Filter::FilterType> filter_types;
     filter_types.push_back(Filter::FILTER_TYPE_BROTLI);
-    filter_.reset(
-        Filter::FactoryForTests(filter_types, filter_context_, buffer_size));
+    filter_ =
+        Filter::FactoryForTests(filter_types, filter_context_, buffer_size);
     ASSERT_TRUE(filter_.get());
   }
 
@@ -135,7 +137,7 @@ class BrotliUnitTest : public PlatformTest {
   const char* encoded_buffer() const { return encoded_buffer_.data(); }
   int encoded_len() const { return static_cast<int>(encoded_buffer_.size()); }
 
-  scoped_ptr<Filter> filter_;
+  std::unique_ptr<Filter> filter_;
 
  private:
   MockFilterContext filter_context_;
diff --git a/chromium/net/filter/filter.cc b/chromium/net/filter/filter.cc
index 502ce5bb5d7..6e415f369bb 100644
--- a/chromium/net/filter/filter.cc
+++ b/chromium/net/filter/filter.cc
@@ -92,39 +92,41 @@ FilterContext::~FilterContext() {
 Filter::~Filter() {}
 
 // static
-Filter* Filter::Factory(const std::vector<FilterType>& filter_types,
-                        const FilterContext& filter_context) {
+std::unique_ptr<Filter> Filter::Factory(
+    const std::vector<FilterType>& filter_types,
+    const FilterContext& filter_context) {
   if (filter_types.empty())
-    return NULL;
+    return nullptr;
 
-  Filter* filter_list = NULL;  // Linked list of filters.
+  std::unique_ptr<Filter> filter_list = nullptr;  // Linked list of filters.
   for (size_t i = 0; i < filter_types.size(); i++) {
     filter_list = PrependNewFilter(filter_types[i], filter_context,
-                                   kFilterBufSize, filter_list);
+                                   kFilterBufSize, std::move(filter_list));
     if (!filter_list)
-      return NULL;
+      return nullptr;
   }
   return filter_list;
 }
 
 // static
-Filter* Filter::GZipFactory() {
+std::unique_ptr<Filter> Filter::GZipFactory() {
   return InitGZipFilter(FILTER_TYPE_GZIP, kFilterBufSize);
 }
 
 // static
-Filter* Filter::FactoryForTests(const std::vector<FilterType>& filter_types,
-                                const FilterContext& filter_context,
-                                int buffer_size) {
+std::unique_ptr<Filter> Filter::FactoryForTests(
+    const std::vector<FilterType>& filter_types,
+    const FilterContext& filter_context,
+    int buffer_size) {
   if (filter_types.empty())
-    return NULL;
+    return nullptr;
 
-  Filter* filter_list = NULL;  // Linked list of filters.
+  std::unique_ptr<Filter> filter_list;  // Linked list of filters.
   for (size_t i = 0; i < filter_types.size(); i++) {
-    filter_list = PrependNewFilter(filter_types[i], filter_context,
-                                   buffer_size, filter_list);
+    filter_list = PrependNewFilter(filter_types[i], filter_context, buffer_size,
+                                   std::move(filter_list));
     if (!filter_list)
-      return NULL;
+      return nullptr;
   }
   return filter_list;
 }
@@ -329,9 +331,9 @@ std::string Filter::OrderedFilterList() const {
 }
 
 Filter::Filter(FilterType type_id)
-    : stream_buffer_(NULL),
+    : stream_buffer_(nullptr),
       stream_buffer_size_(0),
-      next_stream_data_(NULL),
+      next_stream_data_(nullptr),
       stream_data_len_(0),
       last_status_(FILTER_NEED_MORE_DATA),
       type_id_(type_id) {}
@@ -349,7 +351,7 @@ Filter::FilterStatus Filter::CopyOut(char* dest_buffer, int* dest_len) {
   *dest_len += out_len;
   stream_data_len_ -= out_len;
   if (0 == stream_data_len_) {
-    next_stream_data_ = NULL;
+    next_stream_data_ = nullptr;
     return Filter::FILTER_NEED_MORE_DATA;
   } else {
     next_stream_data_ += out_len;
@@ -358,51 +360,55 @@ Filter::FilterStatus Filter::CopyOut(char* dest_buffer, int* dest_len) {
 }
 
 // static
-Filter* Filter::InitBrotliFilter(FilterType type_id, int buffer_size) {
-  scoped_ptr<Filter> brotli_filter(CreateBrotliFilter(type_id));
+std::unique_ptr<Filter> Filter::InitBrotliFilter(FilterType type_id,
+                                                 int buffer_size) {
+  std::unique_ptr<Filter> brotli_filter(CreateBrotliFilter(type_id));
   if (!brotli_filter.get())
     return nullptr;
 
   brotli_filter->InitBuffer(buffer_size);
-  return brotli_filter.release();
+  return brotli_filter;
 }
 
 // static
-Filter* Filter::InitGZipFilter(FilterType type_id, int buffer_size) {
-  scoped_ptr<GZipFilter> gz_filter(new GZipFilter(type_id));
+std::unique_ptr<Filter> Filter::InitGZipFilter(FilterType type_id,
+                                               int buffer_size) {
+  std::unique_ptr<GZipFilter> gz_filter(new GZipFilter(type_id));
   gz_filter->InitBuffer(buffer_size);
-  return gz_filter->InitDecoding(type_id) ? gz_filter.release() : NULL;
+  return gz_filter->InitDecoding(type_id) ? std::move(gz_filter) : nullptr;
 }
 
 // static
-Filter* Filter::InitSdchFilter(FilterType type_id,
-                               const FilterContext& filter_context,
-                               int buffer_size) {
-  scoped_ptr<SdchFilter> sdch_filter(new SdchFilter(type_id, filter_context));
+std::unique_ptr<Filter> Filter::InitSdchFilter(
+    FilterType type_id,
+    const FilterContext& filter_context,
+    int buffer_size) {
+  std::unique_ptr<SdchFilter> sdch_filter(
+      new SdchFilter(type_id, filter_context));
   sdch_filter->InitBuffer(buffer_size);
-  return sdch_filter->InitDecoding(type_id) ? sdch_filter.release() : NULL;
+  return sdch_filter->InitDecoding(type_id) ? std::move(sdch_filter) : nullptr;
 }
 
 // static
-Filter* Filter::PrependNewFilter(FilterType type_id,
-                                 const FilterContext& filter_context,
-                                 int buffer_size,
-                                 Filter* filter_list) {
-  scoped_ptr<Filter> first_filter;  // Soon to be start of chain.
+std::unique_ptr<Filter> Filter::PrependNewFilter(
+    FilterType type_id,
+    const FilterContext& filter_context,
+    int buffer_size,
+    std::unique_ptr<Filter> filter_list) {
+  std::unique_ptr<Filter> first_filter;  // Soon to be start of chain.
   switch (type_id) {
     case FILTER_TYPE_BROTLI:
-      first_filter.reset(InitBrotliFilter(type_id, buffer_size));
+      first_filter = InitBrotliFilter(type_id, buffer_size);
       break;
     case FILTER_TYPE_GZIP_HELPING_SDCH:
     case FILTER_TYPE_DEFLATE:
     case FILTER_TYPE_GZIP:
-      first_filter.reset(InitGZipFilter(type_id, buffer_size));
+      first_filter = InitGZipFilter(type_id, buffer_size);
       break;
     case FILTER_TYPE_SDCH:
     case FILTER_TYPE_SDCH_POSSIBLE:
       if (filter_context.GetURLRequestContext()->sdch_manager()) {
-        first_filter.reset(
-            InitSdchFilter(type_id, filter_context, buffer_size));
+        first_filter = InitSdchFilter(type_id, filter_context, buffer_size);
       }
       break;
     default:
@@ -410,10 +416,10 @@ Filter* Filter::PrependNewFilter(FilterType type_id,
   }
 
   if (!first_filter.get())
-    return NULL;
+    return nullptr;
 
-  first_filter->next_filter_.reset(filter_list);
-  return first_filter.release();
+  first_filter->next_filter_ = std::move(filter_list);
+  return first_filter;
 }
 
 void Filter::InitBuffer(int buffer_size) {
diff --git a/chromium/net/filter/filter.h b/chromium/net/filter/filter.h
index 31d08d4980f..78b8c34b02e 100644
--- a/chromium/net/filter/filter.h
+++ b/chromium/net/filter/filter.h
@@ -6,7 +6,7 @@
 //
 //   IStream* pre_filter_source;
 //   ...
-//   Filter* filter = Filter::Factory(filter_type, size);
+//   std::unique_ptr<Filter> filter = Filter::Factory(filter_type, size);
 //   int pre_filter_data_len = filter->stream_buffer_size();
 //   pre_filter_source->read(filter->stream_buffer(), pre_filter_data_len);
 //
@@ -48,13 +48,13 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 #include <vector>
 
 #include "base/gtest_prod_util.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/time/time.h"
 #include "net/base/net_export.h"
 #include "net/base/sdch_manager.h"
@@ -182,13 +182,14 @@ class NET_EXPORT_PRIVATE Filter {
   // (decoding) order. For example, types[0] = FILTER_TYPE_SDCH,
   // types[1] = FILTER_TYPE_GZIP will cause data to first be gunzip filtered,
   // and the resulting output from that filter will be sdch decoded.
-  static Filter* Factory(const std::vector<FilterType>& filter_types,
-                         const FilterContext& filter_context);
+  static std::unique_ptr<Filter> Factory(
+      const std::vector<FilterType>& filter_types,
+      const FilterContext& filter_context);
 
   // A simpler version of Factory() which creates a single, unchained
   // Filter of type FILTER_TYPE_GZIP, or NULL if the filter could not be
   // initialized.
-  static Filter* GZipFactory();
+  static std::unique_ptr<Filter> GZipFactory();
 
   // External call to obtain data from this filter chain. If ther is no
   // next_filter_, then it obtains data from this specific filter.
@@ -285,30 +286,35 @@ class NET_EXPORT_PRIVATE Filter {
   // called multiple times during the filter creation process. In most simple
   // cases, this is only called once. Returns NULL and cleans up (deleting
   // filter_list) if a new filter can't be constructed.
-  static Filter* PrependNewFilter(FilterType type_id,
-                                  const FilterContext& filter_context,
-                                  int buffer_size,
-                                  Filter* filter_list);
+  static std::unique_ptr<Filter> PrependNewFilter(
+      FilterType type_id,
+      const FilterContext& filter_context,
+      int buffer_size,
+      std::unique_ptr<Filter> filter_list);
 
   // Helper methods for PrependNewFilter. If initialization is successful,
   // they return a fully initialized Filter. Otherwise, return NULL.
-  static Filter* InitBrotliFilter(FilterType type_id, int buffer_size);
-  static Filter* InitGZipFilter(FilterType type_id, int buffer_size);
-  static Filter* InitSdchFilter(FilterType type_id,
-                                const FilterContext& filter_context,
-                                int buffer_size);
+  static std::unique_ptr<Filter> InitBrotliFilter(FilterType type_id,
+                                                  int buffer_size);
+  static std::unique_ptr<Filter> InitGZipFilter(FilterType type_id,
+                                                int buffer_size);
+  static std::unique_ptr<Filter> InitSdchFilter(
+      FilterType type_id,
+      const FilterContext& filter_context,
+      int buffer_size);
 
   // Helper function to empty our output into the next filter's input.
   void PushDataIntoNextFilter();
 
   // Constructs a filter with an internal buffer of the given size.
   // Only meant to be called by unit tests that need to control the buffer size.
-  static Filter* FactoryForTests(const std::vector<FilterType>& filter_types,
-                                 const FilterContext& filter_context,
-                                 int buffer_size);
+  static std::unique_ptr<Filter> FactoryForTests(
+      const std::vector<FilterType>& filter_types,
+      const FilterContext& filter_context,
+      int buffer_size);
 
   // An optional filter to process output from this filter.
-  scoped_ptr<Filter> next_filter_;
+  std::unique_ptr<Filter> next_filter_;
 
   // Remember what status or local filter last returned so we can better handle
   // chained filters.
diff --git a/chromium/net/filter/filter_unittest.cc b/chromium/net/filter/filter_unittest.cc
index d10fadc637b..d2b6afcf9ec 100644
--- a/chromium/net/filter/filter_unittest.cc
+++ b/chromium/net/filter/filter_unittest.cc
@@ -149,9 +149,9 @@ TEST(FilterTest, Gzip) {
 // Make sure a series of three pass-through filters copies the data cleanly.
 // Regression test for http://crbug.com/418975.
 TEST(FilterTest, ThreeFilterChain) {
-  scoped_ptr<PassThroughFilter> filter1(new PassThroughFilter);
-  scoped_ptr<PassThroughFilter> filter2(new PassThroughFilter);
-  scoped_ptr<PassThroughFilter> filter3(new PassThroughFilter);
+  std::unique_ptr<PassThroughFilter> filter1(new PassThroughFilter);
+  std::unique_ptr<PassThroughFilter> filter2(new PassThroughFilter);
+  std::unique_ptr<PassThroughFilter> filter3(new PassThroughFilter);
 
   filter1->InitBuffer(32 * 1024);
   filter2->InitBuffer(32 * 1024);
diff --git a/chromium/net/filter/gzip_filter.h b/chromium/net/filter/gzip_filter.h
index 67330d73473..c0d80b68593 100644
--- a/chromium/net/filter/gzip_filter.h
+++ b/chromium/net/filter/gzip_filter.h
@@ -15,8 +15,9 @@
 #ifndef NET_FILTER_GZIP_FILTER_H_
 #define NET_FILTER_GZIP_FILTER_H_
 
+#include <memory>
+
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/filter/filter.h"
 
 typedef struct z_stream_s z_stream;
@@ -115,7 +116,7 @@ class GZipFilter : public Filter {
 
   // Used to parse the gzip header in gzip stream.
   // It is used when the decoding_mode_ is DECODE_MODE_GZIP.
-  scoped_ptr<GZipHeader> gzip_header_;
+  std::unique_ptr<GZipHeader> gzip_header_;
 
   // Tracks the progress of parsing gzip header.
   // This variable is maintained by gzip_header_.
@@ -131,7 +132,7 @@ class GZipFilter : public Filter {
   // The control block of zlib which actually does the decoding.
   // This data structure is initialized by InitDecoding and updated only by
   // DoInflate, with InsertZlibHeader being the exception as a workaround.
-  scoped_ptr<z_stream> zlib_stream_;
+  std::unique_ptr<z_stream> zlib_stream_;
 
   // For robustness, when we see the solo sdch filter, we chain in a gzip filter
   // in front of it, with this flag to indicate that the gzip decoding might not
diff --git a/chromium/net/filter/gzip_filter_unittest.cc b/chromium/net/filter/gzip_filter_unittest.cc
index e25cc1c83f7..3760819a2b4 100644
--- a/chromium/net/filter/gzip_filter_unittest.cc
+++ b/chromium/net/filter/gzip_filter_unittest.cc
@@ -2,15 +2,16 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "net/filter/gzip_filter.h"
+
 #include <fstream>
+#include <memory>
 #include <ostream>
 
 #include "base/bit_cast.h"
 #include "base/files/file_util.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/path_service.h"
 #include "net/base/io_buffer.h"
-#include "net/filter/gzip_filter.h"
 #include "net/filter/mock_filter_context.h"
 #include "testing/gtest/include/gtest/gtest.h"
 #include "testing/platform_test.h"
@@ -217,7 +218,7 @@ class GZipUnitTest : public PlatformTest {
   void InitFilter(Filter::FilterType type) {
     std::vector<Filter::FilterType> filter_types;
     filter_types.push_back(type);
-    filter_.reset(Filter::Factory(filter_types, filter_context_));
+    filter_ = Filter::Factory(filter_types, filter_context_);
     ASSERT_TRUE(filter_.get());
     ASSERT_GE(filter_->stream_buffer_size(), kDefaultBufferSize);
   }
@@ -225,15 +226,15 @@ class GZipUnitTest : public PlatformTest {
   void InitFilterWithBufferSize(Filter::FilterType type, int buffer_size) {
     std::vector<Filter::FilterType> filter_types;
     filter_types.push_back(type);
-    filter_.reset(Filter::FactoryForTests(filter_types, filter_context_,
-                                          buffer_size));
+    filter_ =
+        Filter::FactoryForTests(filter_types, filter_context_, buffer_size);
     ASSERT_TRUE(filter_.get());
   }
 
   const char* source_buffer() const { return source_buffer_.data(); }
   int source_len() const { return static_cast<int>(source_buffer_.size()); }
 
-  scoped_ptr<Filter> filter_;
+  std::unique_ptr<Filter> filter_;
 
   std::string source_buffer_;
 
diff --git a/chromium/net/filter/mock_filter_context.h b/chromium/net/filter/mock_filter_context.h
index 50858c4df48..3237829fab4 100644
--- a/chromium/net/filter/mock_filter_context.h
+++ b/chromium/net/filter/mock_filter_context.h
@@ -6,11 +6,12 @@
 #define NET_FILTER_MOCK_FILTER_CONTEXT_H_
 
 #include <stdint.h>
+
+#include <memory>
 #include <string>
 #include <utility>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/sdch_manager.h"
 #include "net/filter/filter.h"
 #include "net/log/net_log.h"
@@ -30,7 +31,7 @@ class MockFilterContext : public FilterContext {
   void SetRequestTime(const base::Time time) { request_time_ = time; }
   void SetCached(bool is_cached) { is_cached_content_ = is_cached; }
   void SetResponseCode(int response_code) { response_code_ = response_code; }
-  void SetSdchResponse(scoped_ptr<SdchManager::DictionarySet> handle) {
+  void SetSdchResponse(std::unique_ptr<SdchManager::DictionarySet> handle) {
     dictionaries_handle_ = std::move(handle);
   }
   URLRequestContext* GetModifiableURLRequestContext() const {
@@ -74,10 +75,10 @@ class MockFilterContext : public FilterContext {
   GURL gurl_;
   base::Time request_time_;
   bool is_cached_content_;
-  scoped_ptr<SdchManager::DictionarySet> dictionaries_handle_;
+  std::unique_ptr<SdchManager::DictionarySet> dictionaries_handle_;
   bool ok_to_call_get_url_;
   int response_code_;
-  scoped_ptr<URLRequestContext> context_;
+  std::unique_ptr<URLRequestContext> context_;
   BoundNetLog net_log_;
 
   DISALLOW_COPY_AND_ASSIGN(MockFilterContext);
diff --git a/chromium/net/filter/sdch_filter.cc b/chromium/net/filter/sdch_filter.cc
index 67b4b10e287..85be8905fa7 100644
--- a/chromium/net/filter/sdch_filter.cc
+++ b/chromium/net/filter/sdch_filter.cc
@@ -89,11 +89,11 @@ const char* ResponseCorruptionDetectionCauseToString(
   return cause_string;
 }
 
-scoped_ptr<base::Value> NetLogSdchResponseCorruptionDetectionCallback(
+std::unique_ptr<base::Value> NetLogSdchResponseCorruptionDetectionCallback(
     ResponseCorruptionDetectionCause cause,
     bool cached,
     NetLogCaptureMode capture_mode) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetString("cause", ResponseCorruptionDetectionCauseToString(cause));
   dict->SetBoolean("cached", cached);
   return std::move(dict);
diff --git a/chromium/net/filter/sdch_filter.h b/chromium/net/filter/sdch_filter.h
index 83e29c525e0..3ba06930ffd 100644
--- a/chromium/net/filter/sdch_filter.h
+++ b/chromium/net/filter/sdch_filter.h
@@ -16,10 +16,10 @@
 
 #include <stddef.h>
 
+#include <memory>
 #include <string>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 #include "net/base/sdch_dictionary.h"
 #include "net/base/sdch_manager.h"
@@ -82,7 +82,8 @@ class NET_EXPORT_PRIVATE SdchFilter : public Filter {
   // The underlying decoder that processes data.
   // This data structure is initialized by InitDecoding and updated in
   // ReadFilteredData.
-  scoped_ptr<open_vcdiff::VCDiffStreamingDecoder> vcdiff_streaming_decoder_;
+  std::unique_ptr<open_vcdiff::VCDiffStreamingDecoder>
+      vcdiff_streaming_decoder_;
 
   // After the encoded response SDCH header is read, this variable contains
   // the server hash with trailing null byte.
@@ -131,7 +132,7 @@ class NET_EXPORT_PRIVATE SdchFilter : public Filter {
   // If the response was encoded with a dictionary different than those
   // advertised (e.g. a cached response using an old dictionary), this
   // variable preserves that dictionary from deletion during decoding.
-  scoped_ptr<SdchManager::DictionarySet> unexpected_dictionary_handle_;
+  std::unique_ptr<SdchManager::DictionarySet> unexpected_dictionary_handle_;
 
   DISALLOW_COPY_AND_ASSIGN(SdchFilter);
 };
diff --git a/chromium/net/filter/sdch_filter_unittest.cc b/chromium/net/filter/sdch_filter_unittest.cc
index 701aba00660..1880bbcbf00 100644
--- a/chromium/net/filter/sdch_filter_unittest.cc
+++ b/chromium/net/filter/sdch_filter_unittest.cc
@@ -2,16 +2,18 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "net/filter/sdch_filter.h"
+
 #include <limits.h>
 
 #include <algorithm>
+#include <memory>
 #include <string>
 #include <vector>
 
 #include "base/bit_cast.h"
 #include "base/logging.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/test/histogram_tester.h"
 #include "base/test/simple_test_clock.h"
 #include "net/base/io_buffer.h"
@@ -19,7 +21,6 @@
 #include "net/base/sdch_manager.h"
 #include "net/base/sdch_observer.h"
 #include "net/filter/mock_filter_context.h"
-#include "net/filter/sdch_filter.h"
 #include "net/url_request/url_request_context.h"
 #include "net/url_request/url_request_http_job.h"
 #include "testing/gtest/include/gtest/gtest.h"
@@ -102,8 +103,8 @@ class SdchFilterTest : public testing::Test {
   const std::string vcdiff_compressed_data_;
   const std::string expanded_;  // Desired final, decompressed data.
 
-  scoped_ptr<SdchManager> sdch_manager_;
-  scoped_ptr<MockFilterContext> filter_context_;
+  std::unique_ptr<SdchManager> sdch_manager_;
+  std::unique_ptr<MockFilterContext> filter_context_;
 };
 
 TEST_F(SdchFilterTest, Hashing) {
@@ -132,7 +133,7 @@ static bool FilterTestData(const std::string& source,
   CHECK_GT(input_block_length, 0u);
   Filter::FilterStatus status(Filter::FILTER_NEED_MORE_DATA);
   size_t source_index = 0;
-  scoped_ptr<char[]> output_buffer(new char[output_buffer_length]);
+  std::unique_ptr<char[]> output_buffer(new char[output_buffer_length]);
   size_t input_amount = std::min(input_block_length,
       static_cast<size_t>(filter->stream_buffer_size()));
 
@@ -188,7 +189,8 @@ TEST_F(SdchFilterTest, EmptyInputOk) {
   char output_buffer[20];
   std::string url_string("http://ignore.com");
   filter_context()->SetURL(GURL(url_string));
-  scoped_ptr<Filter> filter(Filter::Factory(filter_types, *filter_context()));
+  std::unique_ptr<Filter> filter(
+      Filter::Factory(filter_types, *filter_context()));
 
   // With no input data, try to read output.
   int output_bytes_or_buffer_size = sizeof(output_buffer);
@@ -208,7 +210,8 @@ TEST_F(SdchFilterTest, SparseContextOk) {
   char output_buffer[20];
   std::string url_string("http://ignore.com");
   filter_context()->SetURL(GURL(url_string));
-  scoped_ptr<Filter> filter(Filter::Factory(filter_types, *filter_context()));
+  std::unique_ptr<Filter> filter(
+      Filter::Factory(filter_types, *filter_context()));
 
   // With no input data, try to read output.
   int output_bytes_or_buffer_size = sizeof(output_buffer);
@@ -235,7 +238,8 @@ TEST_F(SdchFilterTest, PassThroughWhenTentative) {
   filter_context()->SetResponseCode(200);
   std::string url_string("http://ignore.com");
   filter_context()->SetURL(GURL(url_string));
-  scoped_ptr<Filter> filter(Filter::Factory(filter_types, *filter_context()));
+  std::unique_ptr<Filter> filter(
+      Filter::Factory(filter_types, *filter_context()));
 
   // Supply enough data to force a pass-through mode..
   std::string non_gzip_content("not GZIPed data");
@@ -274,7 +278,8 @@ TEST_F(SdchFilterTest, RefreshBadReturnCode) {
   filter_context()->SetMimeType("text/html");
   std::string url_string("http://ignore.com");
   filter_context()->SetURL(GURL(url_string));
-  scoped_ptr<Filter> filter(Filter::Factory(filter_types, *filter_context()));
+  std::unique_ptr<Filter> filter(
+      Filter::Factory(filter_types, *filter_context()));
 
   // Supply enough data to force a pass-through mode, which means we have
   // provided more than 9 characters that can't be a dictionary hash.
@@ -315,7 +320,8 @@ TEST_F(SdchFilterTest, ErrorOnBadReturnCode) {
   filter_context()->SetMimeType("anything");
   std::string url_string("http://ignore.com");
   filter_context()->SetURL(GURL(url_string));
-  scoped_ptr<Filter> filter(Filter::Factory(filter_types, *filter_context()));
+  std::unique_ptr<Filter> filter(
+      Filter::Factory(filter_types, *filter_context()));
 
   // Supply enough data to force a pass-through mode, which means we have
   // provided more than 9 characters that can't be a dictionary hash.
@@ -350,7 +356,8 @@ TEST_F(SdchFilterTest, ErrorOnBadReturnCodeWithHtml) {
   filter_context()->SetMimeType("text/html");
   std::string url_string("http://ignore.com");
   filter_context()->SetURL(GURL(url_string));
-  scoped_ptr<Filter> filter(Filter::Factory(filter_types, *filter_context()));
+  std::unique_ptr<Filter> filter(
+      Filter::Factory(filter_types, *filter_context()));
 
   // Supply enough data to force a pass-through mode, which means we have
   // provided more than 9 characters that can't be a dictionary hash.
@@ -386,7 +393,8 @@ TEST_F(SdchFilterTest, BasicBadDictionary) {
   char output_buffer[20];
   std::string url_string("http://ignore.com");
   filter_context()->SetURL(GURL(url_string));
-  scoped_ptr<Filter> filter(Filter::Factory(filter_types, *filter_context()));
+  std::unique_ptr<Filter> filter(
+      Filter::Factory(filter_types, *filter_context()));
 
   // Supply bogus data (which doesn't yet specify a full dictionary hash).
   // Dictionary hash is 8 characters followed by a null.
@@ -471,7 +479,8 @@ TEST_F(SdchFilterTest, BasicDictionary) {
 
   SetupFilterContextWithGURL(url);
 
-  scoped_ptr<Filter> filter(Filter::Factory(filter_types, *filter_context()));
+  std::unique_ptr<Filter> filter(
+      Filter::Factory(filter_types, *filter_context()));
 
   size_t feed_block_size = 100;
   size_t output_block_size = 100;
@@ -481,7 +490,7 @@ TEST_F(SdchFilterTest, BasicDictionary) {
   EXPECT_EQ(output, expanded_);
 
   // Decode with really small buffers (size 1) to check for edge effects.
-  filter.reset(Filter::Factory(filter_types, *filter_context()));
+  filter = Filter::Factory(filter_types, *filter_context());
 
   feed_block_size = 1;
   output_block_size = 1;
@@ -508,7 +517,8 @@ TEST_F(SdchFilterTest, NoDecodeHttps) {
 
   GURL filter_context_gurl("https://" + kSampleDomain);
   SetupFilterContextWithGURL(GURL("https://" + kSampleDomain));
-  scoped_ptr<Filter> filter(Filter::Factory(filter_types, *filter_context()));
+  std::unique_ptr<Filter> filter(
+      Filter::Factory(filter_types, *filter_context()));
 
   const size_t feed_block_size(100);
   const size_t output_block_size(100);
@@ -538,7 +548,8 @@ TEST_F(SdchFilterTest, NoDecodeFtp) {
   filter_types.push_back(Filter::FILTER_TYPE_SDCH);
 
   SetupFilterContextWithGURL(GURL("ftp://" + kSampleDomain));
-  scoped_ptr<Filter> filter(Filter::Factory(filter_types, *filter_context()));
+  std::unique_ptr<Filter> filter(
+      Filter::Factory(filter_types, *filter_context()));
 
   const size_t feed_block_size(100);
   const size_t output_block_size(100);
@@ -564,7 +575,8 @@ TEST_F(SdchFilterTest, NoDecodeFileColon) {
   filter_types.push_back(Filter::FILTER_TYPE_SDCH);
 
   SetupFilterContextWithGURL(GURL("file://" + kSampleDomain));
-  scoped_ptr<Filter> filter(Filter::Factory(filter_types, *filter_context()));
+  std::unique_ptr<Filter> filter(
+      Filter::Factory(filter_types, *filter_context()));
 
   const size_t feed_block_size(100);
   const size_t output_block_size(100);
@@ -590,7 +602,8 @@ TEST_F(SdchFilterTest, NoDecodeAboutColon) {
   filter_types.push_back(Filter::FILTER_TYPE_SDCH);
 
   SetupFilterContextWithGURL(GURL("about://" + kSampleDomain));
-  scoped_ptr<Filter> filter(Filter::Factory(filter_types, *filter_context()));
+  std::unique_ptr<Filter> filter(
+      Filter::Factory(filter_types, *filter_context()));
 
   const size_t feed_block_size(100);
   const size_t output_block_size(100);
@@ -616,7 +629,8 @@ TEST_F(SdchFilterTest, NoDecodeJavaScript) {
   filter_types.push_back(Filter::FILTER_TYPE_SDCH);
 
   SetupFilterContextWithGURL(GURL("javascript://" + kSampleDomain));
-  scoped_ptr<Filter> filter(Filter::Factory(filter_types, *filter_context()));
+  std::unique_ptr<Filter> filter(
+      Filter::Factory(filter_types, *filter_context()));
 
   const size_t feed_block_size(100);
   const size_t output_block_size(100);
@@ -642,7 +656,8 @@ TEST_F(SdchFilterTest, CanStillDecodeHttp) {
   filter_types.push_back(Filter::FILTER_TYPE_SDCH);
 
   SetupFilterContextWithGURL(GURL("http://" + kSampleDomain));
-  scoped_ptr<Filter> filter(Filter::Factory(filter_types, *filter_context()));
+  std::unique_ptr<Filter> filter(
+      Filter::Factory(filter_types, *filter_context()));
 
   const size_t feed_block_size(100);
   const size_t output_block_size(100);
@@ -679,7 +694,8 @@ TEST_F(SdchFilterTest, CrossDomainDictionaryUse) {
   // This tests SdchManager::CanSet().
   GURL wrong_domain_url("http://www.wrongdomain.com");
   SetupFilterContextWithGURL(wrong_domain_url);
-  scoped_ptr<Filter> filter(Filter::Factory(filter_types,  *filter_context()));
+  std::unique_ptr<Filter> filter(
+      Filter::Factory(filter_types, *filter_context()));
 
   size_t feed_block_size = 100;
   size_t output_block_size = 100;
@@ -719,7 +735,8 @@ TEST_F(SdchFilterTest, DictionaryPathValidation) {
 
   // Test decode the path data, arriving from a valid path.
   SetupFilterContextWithGURL(GURL(url_string + path));
-  scoped_ptr<Filter> filter(Filter::Factory(filter_types, *filter_context()));
+  std::unique_ptr<Filter> filter(
+      Filter::Factory(filter_types, *filter_context()));
 
   size_t feed_block_size = 100;
   size_t output_block_size = 100;
@@ -731,7 +748,7 @@ TEST_F(SdchFilterTest, DictionaryPathValidation) {
 
   // Test decode the path data, arriving from a invalid path.
   SetupFilterContextWithGURL(GURL(url_string));
-  filter.reset(Filter::Factory(filter_types, *filter_context()));
+  filter = Filter::Factory(filter_types, *filter_context());
 
   feed_block_size = 100;
   output_block_size = 100;
@@ -771,7 +788,8 @@ TEST_F(SdchFilterTest, DictionaryPortValidation) {
 
   // Test decode the port data, arriving from a valid port.
   SetupFilterContextWithGURL(GURL(url_string + ":" + port));
-  scoped_ptr<Filter> filter(Filter::Factory(filter_types, *filter_context()));
+  std::unique_ptr<Filter> filter(
+      Filter::Factory(filter_types, *filter_context()));
 
   size_t feed_block_size = 100;
   size_t output_block_size = 100;
@@ -782,7 +800,7 @@ TEST_F(SdchFilterTest, DictionaryPortValidation) {
 
   // Test decode the port data, arriving from a valid (default) port.
   SetupFilterContextWithGURL(GURL(url_string));  // Default port.
-  filter.reset(Filter::Factory(filter_types, *filter_context()));
+  filter = Filter::Factory(filter_types, *filter_context());
 
   feed_block_size = 100;
   output_block_size = 100;
@@ -793,7 +811,7 @@ TEST_F(SdchFilterTest, DictionaryPortValidation) {
 
   // Test decode the port data, arriving from a invalid port.
   SetupFilterContextWithGURL(GURL(url_string + ":" + port + "1"));
-  filter.reset(Filter::Factory(filter_types, *filter_context()));
+  filter = Filter::Factory(filter_types, *filter_context());
 
   feed_block_size = 100;
   output_block_size = 100;
@@ -828,7 +846,7 @@ static std::string gzip_compress(const std::string &input) {
 
   // Assume we can compress into similar buffer (add 100 bytes to be sure).
   size_t gzip_compressed_length = zlib_stream.avail_in + 100;
-  scoped_ptr<char[]> gzip_compressed(new char[gzip_compressed_length]);
+  std::unique_ptr<char[]> gzip_compressed(new char[gzip_compressed_length]);
   zlib_stream.next_out = bit_cast<Bytef*>(gzip_compressed.get());
   zlib_stream.avail_out = gzip_compressed_length;
 
@@ -864,8 +882,10 @@ static std::string gzip_compress(const std::string &input) {
 
 class SdchFilterChainingTest {
  public:
-  static Filter* Factory(const std::vector<Filter::FilterType>& types,
-                           const FilterContext& context, int size) {
+  static std::unique_ptr<Filter> Factory(
+      const std::vector<Filter::FilterType>& types,
+      const FilterContext& context,
+      int size) {
     return Filter::FactoryForTests(types, context, size);
   }
 };
@@ -900,9 +920,8 @@ TEST_F(SdchFilterTest, FilterChaining) {
   CHECK_GT(kLargeInputBufferSize, sdch_compressed.size());
   CHECK_GT(kLargeInputBufferSize, expanded_.size());
   SetupFilterContextWithGURL(url);
-  scoped_ptr<Filter> filter(
-      SdchFilterChainingTest::Factory(filter_types, *filter_context(),
-                                      kLargeInputBufferSize));
+  std::unique_ptr<Filter> filter(SdchFilterChainingTest::Factory(
+      filter_types, *filter_context(), kLargeInputBufferSize));
   EXPECT_EQ(static_cast<int>(kLargeInputBufferSize),
             filter->stream_buffer_size());
 
@@ -929,9 +948,8 @@ TEST_F(SdchFilterTest, FilterChaining) {
   // two filters more than once (that is why we multiply by 2).
   CHECK_LT(kMidSizedInputBufferSize * 2, sdch_compressed.size());
   filter_context()->SetURL(url);
-  filter.reset(
-      SdchFilterChainingTest::Factory(filter_types, *filter_context(),
-                                      kMidSizedInputBufferSize));
+  filter = SdchFilterChainingTest::Factory(filter_types, *filter_context(),
+                                           kMidSizedInputBufferSize);
   EXPECT_EQ(static_cast<int>(kMidSizedInputBufferSize),
             filter->stream_buffer_size());
 
@@ -943,8 +961,8 @@ TEST_F(SdchFilterTest, FilterChaining) {
   EXPECT_EQ(output, expanded_);
 
   // Next try with a tiny input and output buffer to cover edge effects.
-  filter.reset(SdchFilterChainingTest::Factory(filter_types, *filter_context(),
-                                               kLargeInputBufferSize));
+  filter = SdchFilterChainingTest::Factory(filter_types, *filter_context(),
+                                           kLargeInputBufferSize);
   EXPECT_EQ(static_cast<int>(kLargeInputBufferSize),
             filter->stream_buffer_size());
 
@@ -985,7 +1003,8 @@ TEST_F(SdchFilterTest, DefaultGzipIfSdch) {
   EXPECT_EQ(filter_types[1], Filter::FILTER_TYPE_GZIP_HELPING_SDCH);
 
   // First try with a large buffer (larger than test input, or compressed data).
-  scoped_ptr<Filter> filter(Filter::Factory(filter_types, *filter_context()));
+  std::unique_ptr<Filter> filter(
+      Filter::Factory(filter_types, *filter_context()));
 
   // Verify that chained filter is waiting for data.
   char tiny_output_buffer[10];
@@ -1001,7 +1020,7 @@ TEST_F(SdchFilterTest, DefaultGzipIfSdch) {
   EXPECT_EQ(output, expanded_);
 
   // Next try with a tiny buffer to cover edge effects.
-  filter.reset(Filter::Factory(filter_types, *filter_context()));
+  filter = Filter::Factory(filter_types, *filter_context());
 
   feed_block_size = 1;
   output_block_size = 1;
@@ -1042,7 +1061,8 @@ TEST_F(SdchFilterTest, AcceptGzipSdchIfGzip) {
   EXPECT_EQ(filter_types[2], Filter::FILTER_TYPE_GZIP);
 
   // First try with a large buffer (larger than test input, or compressed data).
-  scoped_ptr<Filter> filter(Filter::Factory(filter_types, *filter_context()));
+  std::unique_ptr<Filter> filter(
+      Filter::Factory(filter_types, *filter_context()));
 
   // Verify that chained filter is waiting for data.
   char tiny_output_buffer[10];
@@ -1058,7 +1078,7 @@ TEST_F(SdchFilterTest, AcceptGzipSdchIfGzip) {
   EXPECT_EQ(output, expanded_);
 
   // Next try with a tiny buffer to cover edge effects.
-  filter.reset(Filter::Factory(filter_types, *filter_context()));
+  filter = Filter::Factory(filter_types, *filter_context());
 
   feed_block_size = 1;
   output_block_size = 1;
@@ -1096,7 +1116,8 @@ TEST_F(SdchFilterTest, DefaultSdchGzipIfEmpty) {
   EXPECT_EQ(filter_types[1], Filter::FILTER_TYPE_GZIP_HELPING_SDCH);
 
   // First try with a large buffer (larger than test input, or compressed data).
-  scoped_ptr<Filter> filter(Filter::Factory(filter_types, *filter_context()));
+  std::unique_ptr<Filter> filter(
+      Filter::Factory(filter_types, *filter_context()));
 
   // Verify that chained filter is waiting for data.
   char tiny_output_buffer[10];
@@ -1112,7 +1133,7 @@ TEST_F(SdchFilterTest, DefaultSdchGzipIfEmpty) {
   EXPECT_EQ(output, expanded_);
 
   // Next try with a tiny buffer to cover edge effects.
-  filter.reset(Filter::Factory(filter_types, *filter_context()));
+  filter = Filter::Factory(filter_types, *filter_context());
 
   feed_block_size = 1;
   output_block_size = 1;
@@ -1156,7 +1177,8 @@ TEST_F(SdchFilterTest, AcceptGzipGzipSdchIfGzip) {
   EXPECT_EQ(filter_types[2], Filter::FILTER_TYPE_GZIP);
 
   // First try with a large buffer (larger than test input, or compressed data).
-  scoped_ptr<Filter> filter(Filter::Factory(filter_types, *filter_context()));
+  std::unique_ptr<Filter> filter(
+      Filter::Factory(filter_types, *filter_context()));
 
   // Verify that chained filter is waiting for data.
   char tiny_output_buffer[10];
@@ -1172,7 +1194,7 @@ TEST_F(SdchFilterTest, AcceptGzipGzipSdchIfGzip) {
   EXPECT_EQ(output, expanded_);
 
   // Next try with a tiny buffer to cover edge effects.
-  filter.reset(Filter::Factory(filter_types, *filter_context()));
+  filter = Filter::Factory(filter_types, *filter_context());
 
   feed_block_size = 1;
   output_block_size = 1;
@@ -1196,7 +1218,8 @@ TEST_F(SdchFilterTest, UnexpectedDictionary) {
 
   std::vector<Filter::FilterType> filter_types;
   filter_types.push_back(Filter::FILTER_TYPE_SDCH);
-  scoped_ptr<Filter> filter(Filter::Factory(filter_types, *filter_context()));
+  std::unique_ptr<Filter> filter(
+      Filter::Factory(filter_types, *filter_context()));
 
   // Setup another dictionary, expired. Don't add it to the filter context.
   // Delete stored dictionaries first to handle platforms which only
@@ -1213,7 +1236,7 @@ TEST_F(SdchFilterTest, UnexpectedDictionary) {
   SdchManager::GenerateHash(expired_dictionary, &client_hash, &server_hash);
 
   SdchProblemCode problem_code;
-  scoped_ptr<SdchManager::DictionarySet> hash_set(
+  std::unique_ptr<SdchManager::DictionarySet> hash_set(
       sdch_manager_->GetDictionarySetByHash(url, server_hash, &problem_code));
   ASSERT_TRUE(hash_set);
   ASSERT_EQ(SDCH_OK, problem_code);
@@ -1281,7 +1304,8 @@ TEST_F(SdchFilterTest, DictionaryUsedSignaled) {
 
   SetupFilterContextWithGURL(url);
 
-  scoped_ptr<Filter> filter(Filter::Factory(filter_types, *filter_context()));
+  std::unique_ptr<Filter> filter(
+      Filter::Factory(filter_types, *filter_context()));
 
   size_t feed_block_size = 100;
   size_t output_block_size = 100;
diff --git a/chromium/net/ftp/ftp_ctrl_response_buffer.cc b/chromium/net/ftp/ftp_ctrl_response_buffer.cc
index 8dd631b6c45..1195d66b54a 100644
--- a/chromium/net/ftp/ftp_ctrl_response_buffer.cc
+++ b/chromium/net/ftp/ftp_ctrl_response_buffer.cc
@@ -8,7 +8,7 @@
 
 #include "base/bind.h"
 #include "base/logging.h"
-#include "base/strings/string_number_conversions.h"
+#include "net/base/parse_number.h"
 #include "base/strings/string_piece.h"
 #include "base/values.h"
 #include "net/base/net_errors.h"
@@ -83,13 +83,13 @@ int FtpCtrlResponseBuffer::ConsumeData(const char* data, int data_length) {
 
 namespace {
 
-scoped_ptr<base::Value> NetLogFtpCtrlResponseCallback(
+std::unique_ptr<base::Value> NetLogFtpCtrlResponseCallback(
     const FtpCtrlResponse* response,
     NetLogCaptureMode capture_mode) {
-  scoped_ptr<base::ListValue> lines(new base::ListValue());
+  std::unique_ptr<base::ListValue> lines(new base::ListValue());
   lines->AppendStrings(response->lines);
 
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetInteger("status_code", response->status_code);
   dict->Set("lines", std::move(lines));
   return std::move(dict);
@@ -123,10 +123,11 @@ FtpCtrlResponseBuffer::ParsedLine FtpCtrlResponseBuffer::ParseLine(
   ParsedLine result;
 
   if (line.length() >= 3) {
-    if (base::StringToInt(base::StringPiece(line.begin(), line.begin() + 3),
-                          &result.status_code))
-      result.has_status_code = (100 <= result.status_code &&
-                                result.status_code <= 599);
+    if (ParseInt32(base::StringPiece(line.begin(), line.begin() + 3),
+                   ParseIntFormat::NON_NEGATIVE, &result.status_code)) {
+      result.has_status_code =
+          (100 <= result.status_code && result.status_code <= 599);
+    }
     if (result.has_status_code && line.length() >= 4 && line[3] == ' ') {
       result.is_complete = true;
     } else if (result.has_status_code && line.length() >= 4 && line[3] == '-') {
diff --git a/chromium/net/ftp/ftp_network_layer.cc b/chromium/net/ftp/ftp_network_layer.cc
index c8658d0a5b0..bc9c25a0b7f 100644
--- a/chromium/net/ftp/ftp_network_layer.cc
+++ b/chromium/net/ftp/ftp_network_layer.cc
@@ -4,6 +4,7 @@
 
 #include "net/ftp/ftp_network_layer.h"
 
+#include "base/memory/ptr_util.h"
 #include "net/ftp/ftp_network_session.h"
 #include "net/ftp/ftp_network_transaction.h"
 #include "net/socket/client_socket_factory.h"
@@ -18,11 +19,11 @@ FtpNetworkLayer::FtpNetworkLayer(HostResolver* host_resolver)
 FtpNetworkLayer::~FtpNetworkLayer() {
 }
 
-scoped_ptr<FtpTransaction> FtpNetworkLayer::CreateTransaction() {
+std::unique_ptr<FtpTransaction> FtpNetworkLayer::CreateTransaction() {
   if (suspended_)
-    return scoped_ptr<FtpTransaction>();
+    return std::unique_ptr<FtpTransaction>();
 
-  return make_scoped_ptr(new FtpNetworkTransaction(
+  return base::WrapUnique(new FtpNetworkTransaction(
       session_->host_resolver(), ClientSocketFactory::GetDefaultFactory()));
 }
 
diff --git a/chromium/net/ftp/ftp_network_layer.h b/chromium/net/ftp/ftp_network_layer.h
index 877f8c01ee7..9a904acc6ad 100644
--- a/chromium/net/ftp/ftp_network_layer.h
+++ b/chromium/net/ftp/ftp_network_layer.h
@@ -5,9 +5,10 @@
 #ifndef NET_FTP_FTP_NETWORK_LAYER_H_
 #define NET_FTP_FTP_NETWORK_LAYER_H_
 
+#include <memory>
+
 #include "base/compiler_specific.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 #include "net/ftp/ftp_transaction_factory.h"
 
@@ -22,11 +23,11 @@ class NET_EXPORT FtpNetworkLayer : public FtpTransactionFactory {
   ~FtpNetworkLayer() override;
 
   // FtpTransactionFactory methods:
-  scoped_ptr<FtpTransaction> CreateTransaction() override;
+  std::unique_ptr<FtpTransaction> CreateTransaction() override;
   void Suspend(bool suspend) override;
 
  private:
-  scoped_ptr<FtpNetworkSession> session_;
+  std::unique_ptr<FtpNetworkSession> session_;
   bool suspended_;
   DISALLOW_COPY_AND_ASSIGN(FtpNetworkLayer);
 };
diff --git a/chromium/net/ftp/ftp_network_transaction.cc b/chromium/net/ftp/ftp_network_transaction.cc
index 0b458007e90..45e57fd06f7 100644
--- a/chromium/net/ftp/ftp_network_transaction.cc
+++ b/chromium/net/ftp/ftp_network_transaction.cc
@@ -655,7 +655,7 @@ int FtpNetworkTransaction::DoCtrlResolveHostComplete(int result) {
 int FtpNetworkTransaction::DoCtrlConnect() {
   next_state_ = STATE_CTRL_CONNECT_COMPLETE;
   ctrl_socket_ = socket_factory_->CreateTransportClientSocket(
-      addresses_, net_log_.net_log(), net_log_.source());
+      addresses_, NULL, net_log_.net_log(), net_log_.source());
   net_log_.AddEvent(
       NetLog::TYPE_FTP_CONTROL_CONNECTION,
       ctrl_socket_->NetLog().source().ToEventParametersCallback());
@@ -1232,7 +1232,7 @@ int FtpNetworkTransaction::DoDataConnect() {
   data_address = AddressList::CreateFromIPAddress(
       ip_endpoint.address(), data_connection_port_);
   data_socket_ = socket_factory_->CreateTransportClientSocket(
-        data_address, net_log_.net_log(), net_log_.source());
+      data_address, NULL, net_log_.net_log(), net_log_.source());
   net_log_.AddEvent(
       NetLog::TYPE_FTP_DATA_CONNECTION,
       data_socket_->NetLog().source().ToEventParametersCallback());
diff --git a/chromium/net/ftp/ftp_network_transaction.h b/chromium/net/ftp/ftp_network_transaction.h
index ec0c1f8de2b..d5fc67d4b49 100644
--- a/chromium/net/ftp/ftp_network_transaction.h
+++ b/chromium/net/ftp/ftp_network_transaction.h
@@ -7,13 +7,13 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 #include <utility>
 
 #include "base/compiler_specific.h"
 #include "base/gtest_prod_util.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/address_list.h"
 #include "net/base/auth.h"
 #include "net/dns/host_resolver.h"
@@ -213,7 +213,7 @@ class NET_EXPORT_PRIVATE FtpNetworkTransaction : public FtpTransaction {
   // User buffer passed to the Read method for control socket.
   scoped_refptr<IOBuffer> read_ctrl_buf_;
 
-  scoped_ptr<FtpCtrlResponseBuffer> ctrl_response_buffer_;
+  std::unique_ptr<FtpCtrlResponseBuffer> ctrl_response_buffer_;
 
   scoped_refptr<IOBuffer> read_data_buf_;
   int read_data_buf_len_;
@@ -249,8 +249,8 @@ class NET_EXPORT_PRIVATE FtpNetworkTransaction : public FtpTransaction {
 
   ClientSocketFactory* socket_factory_;
 
-  scoped_ptr<StreamSocket> ctrl_socket_;
-  scoped_ptr<StreamSocket> data_socket_;
+  std::unique_ptr<StreamSocket> ctrl_socket_;
+  std::unique_ptr<StreamSocket> data_socket_;
 
   State next_state_;
 
diff --git a/chromium/net/ftp/ftp_network_transaction_unittest.cc b/chromium/net/ftp/ftp_network_transaction_unittest.cc
index cf0b14e08c0..1c0cc8970d4 100644
--- a/chromium/net/ftp/ftp_network_transaction_unittest.cc
+++ b/chromium/net/ftp/ftp_network_transaction_unittest.cc
@@ -884,7 +884,7 @@ class FtpNetworkTransactionTest
       MockRead(mock_data.c_str()),
     };
 
-    scoped_ptr<StaticSocketDataProvider> data_socket(
+    std::unique_ptr<StaticSocketDataProvider> data_socket(
         new StaticSocketDataProvider(data_reads, arraysize(data_reads), NULL,
                                      0));
     mock_socket_factory_.AddSocketDataProvider(data_socket.get());
@@ -928,7 +928,7 @@ class FtpNetworkTransactionTest
     ExecuteTransaction(ctrl_socket, request, expected_result);
   }
 
-  scoped_ptr<MockHostResolver> host_resolver_;
+  std::unique_ptr<MockHostResolver> host_resolver_;
   MockClientSocketFactory mock_socket_factory_;
   FtpNetworkTransaction transaction_;
   TestCompletionCallback callback_;
diff --git a/chromium/net/ftp/ftp_transaction_factory.h b/chromium/net/ftp/ftp_transaction_factory.h
index 6b7cdb93212..5f4270f25ca 100644
--- a/chromium/net/ftp/ftp_transaction_factory.h
+++ b/chromium/net/ftp/ftp_transaction_factory.h
@@ -5,7 +5,8 @@
 #ifndef NET_FTP_FTP_TRANSACTION_FACTORY_H_
 #define NET_FTP_FTP_TRANSACTION_FACTORY_H_
 
-#include "base/memory/scoped_ptr.h"
+#include <memory>
+
 #include "net/base/net_export.h"
 
 namespace net {
@@ -18,7 +19,7 @@ class NET_EXPORT FtpTransactionFactory {
   virtual ~FtpTransactionFactory() {}
 
   // Creates a FtpTransaction object.
-  virtual scoped_ptr<FtpTransaction> CreateTransaction() = 0;
+  virtual std::unique_ptr<FtpTransaction> CreateTransaction() = 0;
 
   // Suspends the creation of new transactions. If |suspend| is false, creation
   // of new transactions is resumed.
diff --git a/chromium/net/http/bidirectional_stream.cc b/chromium/net/http/bidirectional_stream.cc
index 5c04ca3c2e5..12aa0f63fe1 100644
--- a/chromium/net/http/bidirectional_stream.cc
+++ b/chromium/net/http/bidirectional_stream.cc
@@ -4,19 +4,26 @@
 
 #include "net/http/bidirectional_stream.h"
 
+#include <memory>
+#include <string>
+
 #include "base/bind.h"
 #include "base/location.h"
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/memory/ptr_util.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/time/time.h"
 #include "base/timer/timer.h"
+#include "base/values.h"
 #include "net/base/load_flags.h"
 #include "net/base/net_errors.h"
 #include "net/http/bidirectional_stream_request_info.h"
+#include "net/http/http_log_util.h"
 #include "net/http/http_network_session.h"
 #include "net/http/http_response_headers.h"
 #include "net/http/http_stream.h"
+#include "net/log/net_log_capture_mode.h"
+#include "net/spdy/spdy_header_block.h"
 #include "net/spdy/spdy_http_utils.h"
 #include "net/ssl/ssl_cert_request_info.h"
 #include "net/ssl/ssl_config.h"
@@ -24,33 +31,72 @@
 
 namespace net {
 
+namespace {
+
+std::unique_ptr<base::Value> NetLogHeadersCallback(
+    const SpdyHeaderBlock* headers,
+    NetLogCaptureMode capture_mode) {
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  dict->Set("headers", ElideSpdyHeaderBlockForNetLog(*headers, capture_mode));
+  return std::move(dict);
+}
+
+std::unique_ptr<base::Value> NetLogCallback(const GURL* url,
+                                            const std::string* method,
+                                            const HttpRequestHeaders* headers,
+                                            NetLogCaptureMode capture_mode) {
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  dict->SetString("url", url->possibly_invalid_spec());
+  dict->SetString("method", *method);
+  std::string empty;
+  std::unique_ptr<base::Value> headers_param(
+      headers->NetLogCallback(&empty, capture_mode));
+  dict->Set("headers", std::move(headers_param));
+  return std::move(dict);
+}
+
+}  // namespace
+
 BidirectionalStream::Delegate::Delegate() {}
 
 BidirectionalStream::Delegate::~Delegate() {}
 
 BidirectionalStream::BidirectionalStream(
-    scoped_ptr<BidirectionalStreamRequestInfo> request_info,
+    std::unique_ptr<BidirectionalStreamRequestInfo> request_info,
     HttpNetworkSession* session,
+    bool send_request_headers_automatically,
     Delegate* delegate)
     : BidirectionalStream(std::move(request_info),
                           session,
+                          send_request_headers_automatically,
                           delegate,
-                          make_scoped_ptr(new base::Timer(false, false))) {}
+                          base::WrapUnique(new base::Timer(false, false))) {}
 
 BidirectionalStream::BidirectionalStream(
-    scoped_ptr<BidirectionalStreamRequestInfo> request_info,
+    std::unique_ptr<BidirectionalStreamRequestInfo> request_info,
     HttpNetworkSession* session,
+    bool send_request_headers_automatically,
     Delegate* delegate,
-    scoped_ptr<base::Timer> timer)
+    std::unique_ptr<base::Timer> timer)
     : request_info_(std::move(request_info)),
       net_log_(BoundNetLog::Make(session->net_log(),
                                  NetLog::SOURCE_BIDIRECTIONAL_STREAM)),
       session_(session),
+      send_request_headers_automatically_(send_request_headers_automatically),
+      request_headers_sent_(false),
       delegate_(delegate),
-      timer_(std::move(timer)) {
+      timer_(std::move(timer)),
+      weak_factory_(this) {
   DCHECK(delegate_);
   DCHECK(request_info_);
 
+  if (net_log_.IsCapturing()) {
+    net_log_.BeginEvent(
+        NetLog::TYPE_BIDIRECTIONAL_STREAM_ALIVE,
+        base::Bind(&NetLogCallback, &request_info_->url, &request_info_->method,
+                   base::Unretained(&request_info_->extra_headers)));
+  }
+
   SSLConfig server_ssl_config;
   session->ssl_config_service()->GetSSLConfig(&server_ssl_config);
   session->GetAlpnProtos(&server_ssl_config.alpn_protos);
@@ -59,8 +105,8 @@ BidirectionalStream::BidirectionalStream(
   if (!request_info_->url.SchemeIs(url::kHttpsScheme)) {
     base::ThreadTaskRunnerHandle::Get()->PostTask(
         FROM_HERE,
-        base::Bind(&BidirectionalStream::Delegate::OnFailed,
-                   base::Unretained(delegate_), ERR_DISALLOWED_URL_SCHEME));
+        base::Bind(&BidirectionalStream::NotifyFailed,
+                   weak_factory_.GetWeakPtr(), ERR_DISALLOWED_URL_SCHEME));
     return;
   }
 
@@ -81,20 +127,59 @@ BidirectionalStream::BidirectionalStream(
 
 BidirectionalStream::~BidirectionalStream() {
   Cancel();
+  if (net_log_.IsCapturing()) {
+    net_log_.EndEvent(NetLog::TYPE_BIDIRECTIONAL_STREAM_ALIVE);
+  }
+}
+
+void BidirectionalStream::SendRequestHeaders() {
+  DCHECK(stream_impl_);
+  DCHECK(!request_headers_sent_);
+  DCHECK(!send_request_headers_automatically_);
+
+  stream_impl_->SendRequestHeaders();
 }
 
 int BidirectionalStream::ReadData(IOBuffer* buf, int buf_len) {
   DCHECK(stream_impl_);
 
-  return stream_impl_->ReadData(buf, buf_len);
+  int rv = stream_impl_->ReadData(buf, buf_len);
+  if (rv > 0) {
+    net_log_.AddByteTransferEvent(
+        NetLog::TYPE_BIDIRECTIONAL_STREAM_BYTES_RECEIVED, rv, buf->data());
+  } else if (rv == ERR_IO_PENDING) {
+    read_buffer_ = buf;
+    // Bytes will be logged in OnDataRead().
+  }
+  return rv;
 }
 
-void BidirectionalStream::SendData(IOBuffer* data,
+void BidirectionalStream::SendData(const scoped_refptr<IOBuffer>& data,
                                    int length,
                                    bool end_stream) {
   DCHECK(stream_impl_);
+  DCHECK(write_buffer_list_.empty());
+  DCHECK(write_buffer_len_list_.empty());
 
   stream_impl_->SendData(data, length, end_stream);
+  write_buffer_list_.push_back(data);
+  write_buffer_len_list_.push_back(length);
+}
+
+void BidirectionalStream::SendvData(
+    const std::vector<scoped_refptr<IOBuffer>>& buffers,
+    const std::vector<int>& lengths,
+    bool end_stream) {
+  DCHECK(stream_impl_);
+  DCHECK_EQ(buffers.size(), lengths.size());
+  DCHECK(write_buffer_list_.empty());
+  DCHECK(write_buffer_len_list_.empty());
+
+  stream_impl_->SendvData(buffers, lengths, end_stream);
+  for (size_t i = 0; i < buffers.size(); ++i) {
+    write_buffer_list_.push_back(buffers[i]);
+    write_buffer_len_list_.push_back(lengths[i]);
+  }
 }
 
 void BidirectionalStream::Cancel() {
@@ -126,8 +211,9 @@ int64_t BidirectionalStream::GetTotalSentBytes() const {
   return stream_impl_->GetTotalSentBytes();
 }
 
-void BidirectionalStream::OnHeadersSent() {
-  delegate_->OnHeadersSent();
+void BidirectionalStream::OnStreamReady(bool request_headers_sent) {
+  request_headers_sent_ = request_headers_sent;
+  delegate_->OnStreamReady(request_headers_sent);
 }
 
 void BidirectionalStream::OnHeadersReceived(
@@ -135,30 +221,57 @@ void BidirectionalStream::OnHeadersReceived(
   HttpResponseInfo response_info;
   if (!SpdyHeadersToHttpResponse(response_headers, HTTP2, &response_info)) {
     DLOG(WARNING) << "Invalid headers";
-    delegate_->OnFailed(ERR_FAILED);
+    NotifyFailed(ERR_FAILED);
     return;
   }
-
+  if (net_log_.IsCapturing()) {
+    net_log_.AddEvent(NetLog::TYPE_BIDIRECTIONAL_STREAM_RECV_HEADERS,
+                      base::Bind(&NetLogHeadersCallback, &response_headers));
+  }
   session_->http_stream_factory()->ProcessAlternativeServices(
       session_, response_info.headers.get(),
-      HostPortPair::FromURL(request_info_->url));
+      url::SchemeHostPort(request_info_->url));
   delegate_->OnHeadersReceived(response_headers);
 }
 
 void BidirectionalStream::OnDataRead(int bytes_read) {
+  DCHECK(read_buffer_);
+
+  if (net_log_.IsCapturing()) {
+    net_log_.AddByteTransferEvent(
+        NetLog::TYPE_BIDIRECTIONAL_STREAM_BYTES_RECEIVED, bytes_read,
+        read_buffer_->data());
+  }
+  read_buffer_ = nullptr;
   delegate_->OnDataRead(bytes_read);
 }
 
 void BidirectionalStream::OnDataSent() {
+  DCHECK(!write_buffer_list_.empty());
+  DCHECK_EQ(write_buffer_list_.size(), write_buffer_len_list_.size());
+
+  if (net_log_.IsCapturing()) {
+    for (size_t i = 0; i < write_buffer_list_.size(); ++i) {
+      net_log_.AddByteTransferEvent(
+          NetLog::TYPE_BIDIRECTIONAL_STREAM_BYTES_SENT,
+          write_buffer_len_list_[i], write_buffer_list_[i]->data());
+    }
+  }
+  write_buffer_list_.clear();
+  write_buffer_len_list_.clear();
   delegate_->OnDataSent();
 }
 
 void BidirectionalStream::OnTrailersReceived(const SpdyHeaderBlock& trailers) {
+  if (net_log_.IsCapturing()) {
+    net_log_.AddEvent(NetLog::TYPE_BIDIRECTIONAL_STREAM_RECV_TRAILERS,
+                      base::Bind(&NetLogHeadersCallback, &trailers));
+  }
   delegate_->OnTrailersReceived(trailers);
 }
 
 void BidirectionalStream::OnFailed(int status) {
-  delegate_->OnFailed(status);
+  NotifyFailed(status);
 }
 
 void BidirectionalStream::OnStreamReady(const SSLConfig& used_ssl_config,
@@ -175,7 +288,9 @@ void BidirectionalStream::OnBidirectionalStreamImplReady(
 
   stream_request_.reset();
   stream_impl_.reset(stream);
-  stream_impl_->Start(request_info_.get(), net_log_, this, std::move(timer_));
+  stream_impl_->Start(request_info_.get(), net_log_,
+                      send_request_headers_automatically_, this,
+                      std::move(timer_));
 }
 
 void BidirectionalStream::OnWebSocketHandshakeStreamReady(
@@ -192,7 +307,7 @@ void BidirectionalStream::OnStreamFailed(int result,
   DCHECK_NE(result, ERR_IO_PENDING);
   DCHECK(stream_request_);
 
-  delegate_->OnFailed(result);
+  NotifyFailed(result);
 }
 
 void BidirectionalStream::OnCertificateError(int result,
@@ -202,7 +317,7 @@ void BidirectionalStream::OnCertificateError(int result,
   DCHECK_NE(result, ERR_IO_PENDING);
   DCHECK(stream_request_);
 
-  delegate_->OnFailed(result);
+  NotifyFailed(result);
 }
 
 void BidirectionalStream::OnNeedsProxyAuth(
@@ -212,14 +327,14 @@ void BidirectionalStream::OnNeedsProxyAuth(
     HttpAuthController* auth_controller) {
   DCHECK(stream_request_);
 
-  delegate_->OnFailed(ERR_PROXY_AUTH_REQUESTED);
+  NotifyFailed(ERR_PROXY_AUTH_REQUESTED);
 }
 
 void BidirectionalStream::OnNeedsClientAuth(const SSLConfig& used_ssl_config,
                                             SSLCertRequestInfo* cert_info) {
   DCHECK(stream_request_);
 
-  delegate_->OnFailed(ERR_SSL_CLIENT_AUTH_CERT_NEEDED);
+  NotifyFailed(ERR_SSL_CLIENT_AUTH_CERT_NEEDED);
 }
 
 void BidirectionalStream::OnHttpsProxyTunnelResponse(
@@ -229,9 +344,13 @@ void BidirectionalStream::OnHttpsProxyTunnelResponse(
     HttpStream* stream) {
   DCHECK(stream_request_);
 
-  delegate_->OnFailed(ERR_HTTPS_PROXY_TUNNEL_RESPONSE);
+  NotifyFailed(ERR_HTTPS_PROXY_TUNNEL_RESPONSE);
 }
 
 void BidirectionalStream::OnQuicBroken() {}
 
+void BidirectionalStream::NotifyFailed(int error) {
+  delegate_->OnFailed(error);
+}
+
 }  // namespace net
diff --git a/chromium/net/http/bidirectional_stream.h b/chromium/net/http/bidirectional_stream.h
index 7e6152a48f9..85e8780dd4a 100644
--- a/chromium/net/http/bidirectional_stream.h
+++ b/chromium/net/http/bidirectional_stream.h
@@ -7,9 +7,12 @@
 
 #include <stdint.h>
 
+#include <memory>
+
 #include "base/compiler_specific.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
+#include "base/memory/ref_counted.h"
+#include "base/memory/weak_ptr.h"
 #include "net/http/bidirectional_stream_impl.h"
 #include "net/http/http_stream_factory.h"
 #include "net/log/net_log.h"
@@ -29,8 +32,9 @@ struct BidirectionalStreamRequestInfo;
 struct SSLConfig;
 
 // A class to do HTTP/2 bidirectional streaming. Note that at most one each of
-// ReadData or SendData should be in flight until the operation completes.
-// The BidirectionalStream must be torn down before the HttpNetworkSession.
+// ReadData or SendData/SendvData should be in flight until the operation
+// completes. The BidirectionalStream must be torn down before the
+// HttpNetworkSession.
 class NET_EXPORT BidirectionalStream
     : public NON_EXPORTED_BASE(BidirectionalStreamImpl::Delegate),
       public NON_EXPORTED_BASE(HttpStreamRequest::Delegate) {
@@ -41,13 +45,15 @@ class NET_EXPORT BidirectionalStream
    public:
     Delegate();
 
-    // Called when headers have been sent. This is called at most once for
-    // the lifetime of a stream.
+    // Called when the stream is ready for writing and reading. This is called
+    // at most once for the lifetime of a stream.
     // The delegate may call BidirectionalStream::ReadData to start reading,
     // or call BidirectionalStream::SendData to send data.
     // The delegate should not call BidirectionalStream::Cancel
     // during this callback.
-    virtual void OnHeadersSent() = 0;
+    // |request_headers_sent| if true, request headers have been sent. If false,
+    // SendRequestHeaders() needs to be explicitly called.
+    virtual void OnStreamReady(bool request_headers_sent) = 0;
 
     // Called when headers are received. This is called at most once for the
     // lifetime of a stream.
@@ -76,8 +82,8 @@ class NET_EXPORT BidirectionalStream
     // EOF has not been received, or to send data if there is no pending send.
     virtual void OnTrailersReceived(const SpdyHeaderBlock& trailers) = 0;
 
-    // Called when the stream is closed or an error occurred.
-    // No other delegate functions will be called after this.
+    // Called when an error occurred. Do not call into the stream after this
+    // point. No other delegate functions will be called after this.
     virtual void OnFailed(int error) = 0;
 
    protected:
@@ -91,22 +97,42 @@ class NET_EXPORT BidirectionalStream
   // the request, and must be non-NULL. |session| is the http network session
   // with which this request will be made. |delegate| must be non-NULL.
   // |session| and |delegate| must outlive |this|.
-  BidirectionalStream(scoped_ptr<BidirectionalStreamRequestInfo> request_info,
-                      HttpNetworkSession* session,
-                      Delegate* delegate);
+  // |send_request_headers_automatically| if true, request headers will be sent
+  // automatically when stream is negotiated. If false, request headers will be
+  // sent only when SendRequestHeaders() is invoked or with
+  // next SendData/SendvData.
+  BidirectionalStream(
+      std::unique_ptr<BidirectionalStreamRequestInfo> request_info,
+      HttpNetworkSession* session,
+      bool send_request_headers_automatically,
+      Delegate* delegate);
 
   // Constructor that accepts a Timer, which can be used in tests to control
   // the buffering of received data.
-  BidirectionalStream(scoped_ptr<BidirectionalStreamRequestInfo> request_info,
-                      HttpNetworkSession* session,
-                      Delegate* delegate,
-                      scoped_ptr<base::Timer> timer);
+  BidirectionalStream(
+      std::unique_ptr<BidirectionalStreamRequestInfo> request_info,
+      HttpNetworkSession* session,
+      bool send_request_headers_automatically,
+      Delegate* delegate,
+      std::unique_ptr<base::Timer> timer);
 
   // Cancels |stream_request_| or |stream_impl_| if applicable.
   // |this| should not be destroyed during Delegate::OnHeadersSent or
   // Delegate::OnDataSent.
   ~BidirectionalStream() override;
 
+  // Sends request headers to server.
+  // When |send_request_headers_automatically_| is
+  // false and OnStreamReady() is invoked with request_headers_sent = false,
+  // headers will be combined with next SendData/SendvData unless this
+  // method is called first, in which case headers will be sent separately
+  // without delay.
+  // (This method cannot be called when |send_request_headers_automatically_| is
+  // true nor when OnStreamReady() is invoked with request_headers_sent = true,
+  // since headers have been sent by the stream when stream is negotiated
+  // successfully.)
+  void SendRequestHeaders();
+
   // Reads at most |buf_len| bytes into |buf|. Returns the number of bytes read,
   // or ERR_IO_PENDING if the read is to be completed asynchronously, or an
   // error code if any error occurred. If returns 0, there is no more data to
@@ -119,7 +145,14 @@ class NET_EXPORT BidirectionalStream
   // invoked, and should not be called again until Delegate::OnDataSent is
   // invoked. If |end_stream| is true, the DATA frame will have an END_STREAM
   // flag.
-  void SendData(IOBuffer* data, int length, bool end_stream);
+  void SendData(const scoped_refptr<IOBuffer>& data,
+                int length,
+                bool end_stream);
+
+  // Same as SendData except this takes in a vector of IOBuffers.
+  void SendvData(const std::vector<scoped_refptr<IOBuffer>>& buffers,
+                 const std::vector<int>& lengths,
+                 bool end_stream);
 
   // If |stream_request_| is non-NULL, cancel it. If |stream_impl_| is
   // established, cancel it. No delegate method will be called after Cancel().
@@ -147,7 +180,7 @@ class NET_EXPORT BidirectionalStream
 
  private:
   // BidirectionalStreamImpl::Delegate implementation:
-  void OnHeadersSent() override;
+  void OnStreamReady(bool request_headers_sent) override;
   void OnHeadersReceived(const SpdyHeaderBlock& response_headers) override;
   void OnDataRead(int bytes_read) override;
   void OnDataSent() override;
@@ -184,23 +217,40 @@ class NET_EXPORT BidirectionalStream
                                   HttpStream* stream) override;
   void OnQuicBroken() override;
 
+  // Helper method to notify delegate if there is an error.
+  void NotifyFailed(int error);
+
   // BidirectionalStreamRequestInfo used when requesting the stream.
-  scoped_ptr<BidirectionalStreamRequestInfo> request_info_;
+  std::unique_ptr<BidirectionalStreamRequestInfo> request_info_;
   const BoundNetLog net_log_;
 
   HttpNetworkSession* session_;
 
+  bool send_request_headers_automatically_;
+  // Whether request headers have been sent, as indicated in OnStreamReady()
+  // callback.
+  bool request_headers_sent_;
+
   Delegate* const delegate_;
 
   // Timer used to buffer data received in short time-spans and send a single
   // read completion notification.
-  scoped_ptr<base::Timer> timer_;
+  std::unique_ptr<base::Timer> timer_;
   // HttpStreamRequest used to request a BidirectionalStreamImpl. This is NULL
   // if the request has been canceled or completed.
-  scoped_ptr<HttpStreamRequest> stream_request_;
+  std::unique_ptr<HttpStreamRequest> stream_request_;
   // The underlying BidirectioanlStreamImpl used for this stream. It is
   // non-NULL, if the |stream_request_| successfully finishes.
-  scoped_ptr<BidirectionalStreamImpl> stream_impl_;
+  std::unique_ptr<BidirectionalStreamImpl> stream_impl_;
+
+  // Buffer used for reading.
+  scoped_refptr<IOBuffer> read_buffer_;
+  // List of buffers used for writing.
+  std::vector<scoped_refptr<IOBuffer>> write_buffer_list_;
+  // List of buffer length.
+  std::vector<int> write_buffer_len_list_;
+
+  base::WeakPtrFactory<BidirectionalStream> weak_factory_;
 
   DISALLOW_COPY_AND_ASSIGN(BidirectionalStream);
 };
diff --git a/chromium/net/http/bidirectional_stream_impl.h b/chromium/net/http/bidirectional_stream_impl.h
index 3f82e6f6e41..4f53918ef1d 100644
--- a/chromium/net/http/bidirectional_stream_impl.h
+++ b/chromium/net/http/bidirectional_stream_impl.h
@@ -7,8 +7,10 @@
 
 #include <stdint.h>
 
+#include <memory>
+
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
+#include "base/memory/ref_counted.h"
 #include "net/base/net_export.h"
 #include "net/socket/next_proto.h"
 
@@ -35,13 +37,15 @@ class NET_EXPORT_PRIVATE BidirectionalStreamImpl {
    public:
     Delegate();
 
-    // Called when the request headers have been sent.
+    // Called when the stream is ready for reading and writing.
     // The delegate may call BidirectionalStreamImpl::ReadData to start reading,
     // call BidirectionalStreamImpl::SendData to send data,
     // or call BidirectionalStreamImpl::Cancel to cancel the stream.
     // The delegate should not call BidirectionalStreamImpl::Cancel
     // during this callback.
-    virtual void OnHeadersSent() = 0;
+    // |request_headers_sent| if true, request headers have been sent. If false,
+    // SendRequestHeaders() needs to be explicitly called.
+    virtual void OnStreamReady(bool request_headers_sent) = 0;
 
     // Called when response headers are received.
     // This is called at most once for the lifetime of a stream.
@@ -70,8 +74,8 @@ class NET_EXPORT_PRIVATE BidirectionalStreamImpl {
     // EOF has not been received, or to send data if there is no pending send.
     virtual void OnTrailersReceived(const SpdyHeaderBlock& trailers) = 0;
 
-    // Called when an error occurred.
-    // No other delegate functions will be called after this.
+    // Called when an error occurred. Do not call into the stream after this
+    // point. No other delegate functions will be called after this.
     virtual void OnFailed(int status) = 0;
 
    protected:
@@ -88,10 +92,27 @@ class NET_EXPORT_PRIVATE BidirectionalStreamImpl {
   virtual ~BidirectionalStreamImpl();
 
   // Starts the BidirectionalStreamImpl and sends request headers.
+  // |send_request_headers_automatically| if true, request headers will be sent
+  // automatically when stream is negotiated. If false, request headers will be
+  // sent only when SendRequestHeaders() is invoked or with next
+  // SendData/SendvData.
   virtual void Start(const BidirectionalStreamRequestInfo* request_info,
                      const BoundNetLog& net_log,
+                     bool send_request_headers_automatically,
                      BidirectionalStreamImpl::Delegate* delegate,
-                     scoped_ptr<base::Timer> timer) = 0;
+                     std::unique_ptr<base::Timer> timer) = 0;
+
+  // Sends request headers to server.
+  // When |send_request_headers_automatically_| is
+  // false and OnStreamReady() is invoked with request_headers_sent = false,
+  // headers will be combined with next SendData/SendvData unless this
+  // method is called first, in which case headers will be sent separately
+  // without delay.
+  // (This method cannot be called when |send_request_headers_automatically_| is
+  // true nor when OnStreamReady() is invoked with request_headers_sent = true,
+  // since headers have been sent by the stream when stream is negotiated
+  // successfully.)
+  virtual void SendRequestHeaders() = 0;
 
   // Reads at most |buf_len| bytes into |buf|. Returns the number of bytes read,
   // ERR_IO_PENDING if the read is to be completed asynchronously, or an error
@@ -105,7 +126,13 @@ class NET_EXPORT_PRIVATE BidirectionalStreamImpl {
   // Delegate::OnHeadersSent is invoked, and should not be called again until
   // Delegate::OnDataSent is invoked. If |end_stream| is true, the DATA frame
   // will have an END_STREAM flag.
-  virtual void SendData(IOBuffer* data, int length, bool end_stream) = 0;
+  virtual void SendData(const scoped_refptr<IOBuffer>& data,
+                        int length,
+                        bool end_stream) = 0;
+
+  virtual void SendvData(const std::vector<scoped_refptr<IOBuffer>>& buffers,
+                         const std::vector<int>& lengths,
+                         bool end_stream) = 0;
 
   // Cancels the stream. No Delegate method will be called. Any pending
   // operations may or may not succeed.
diff --git a/chromium/net/http/bidirectional_stream_unittest.cc b/chromium/net/http/bidirectional_stream_unittest.cc
index 4d6445f4631..8d7a9ed2063 100644
--- a/chromium/net/http/bidirectional_stream_unittest.cc
+++ b/chromium/net/http/bidirectional_stream_unittest.cc
@@ -4,8 +4,10 @@
 
 #include "net/http/bidirectional_stream.h"
 
+#include <memory>
+
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
+#include "base/memory/ptr_util.h"
 #include "base/run_loop.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_piece.h"
@@ -18,6 +20,8 @@
 #include "net/http/http_response_headers.h"
 #include "net/http/http_server_properties.h"
 #include "net/log/net_log.h"
+#include "net/log/test_net_log.h"
+#include "net/log/test_net_log_util.h"
 #include "net/socket/socket_test_util.h"
 #include "net/spdy/spdy_session.h"
 #include "net/spdy/spdy_test_util_common.h"
@@ -40,11 +44,11 @@ class TestDelegateBase : public BidirectionalStream::Delegate {
   TestDelegateBase(IOBuffer* read_buf, int read_buf_len)
       : TestDelegateBase(read_buf,
                          read_buf_len,
-                         make_scoped_ptr(new base::Timer(false, false))) {}
+                         base::WrapUnique(new base::Timer(false, false))) {}
 
   TestDelegateBase(IOBuffer* read_buf,
                    int read_buf_len,
-                   scoped_ptr<base::Timer> timer)
+                   std::unique_ptr<base::Timer> timer)
       : read_buf_(read_buf),
         read_buf_len_(read_buf_len),
         timer_(std::move(timer)),
@@ -58,7 +62,15 @@ class TestDelegateBase : public BidirectionalStream::Delegate {
 
   ~TestDelegateBase() override {}
 
-  void OnHeadersSent() override { CHECK(!not_expect_callback_); }
+  void OnStreamReady(bool request_headers_sent) override {
+    // Request headers should always be sent in H2's case, because the
+    // functionality to combine header frame with data frames is not
+    // implemented.
+    EXPECT_TRUE(request_headers_sent);
+    if (callback_.is_null())
+      return;
+    callback_.Run(OK);
+  }
 
   void OnHeadersReceived(const SpdyHeaderBlock& response_headers) override {
     CHECK(!not_expect_callback_);
@@ -102,20 +114,40 @@ class TestDelegateBase : public BidirectionalStream::Delegate {
       loop_->Quit();
   }
 
-  void Start(scoped_ptr<BidirectionalStreamRequestInfo> request_info,
+  void Start(std::unique_ptr<BidirectionalStreamRequestInfo> request_info,
              HttpNetworkSession* session) {
     stream_.reset(new BidirectionalStream(std::move(request_info), session,
-                                          this, std::move(timer_)));
+                                          true, this, std::move(timer_)));
     if (run_until_completion_)
       loop_->Run();
   }
 
-  void SendData(IOBuffer* data, int length, bool end_of_stream) {
+  void Start(std::unique_ptr<BidirectionalStreamRequestInfo> request_info,
+             HttpNetworkSession* session,
+             const CompletionCallback& cb) {
+    callback_ = cb;
+    stream_.reset(new BidirectionalStream(std::move(request_info), session,
+                                          true, this, std::move(timer_)));
+    if (run_until_completion_)
+      loop_->Run();
+  }
+
+  void SendData(const scoped_refptr<IOBuffer>& data,
+                int length,
+                bool end_of_stream) {
     not_expect_callback_ = true;
     stream_->SendData(data, length, end_of_stream);
     not_expect_callback_ = false;
   }
 
+  void SendvData(const std::vector<scoped_refptr<IOBuffer>>& data,
+                 const std::vector<int>& length,
+                 bool end_of_stream) {
+    not_expect_callback_ = true;
+    stream_->SendvData(data, length, end_of_stream);
+    not_expect_callback_ = false;
+  }
+
   // Starts or continues reading data from |stream_| until no more bytes
   // can be read synchronously.
   void StartOrContinueReading() {
@@ -174,12 +206,12 @@ class TestDelegateBase : public BidirectionalStream::Delegate {
   void QuitLoop() { loop_->Quit(); }
 
  private:
-  scoped_ptr<BidirectionalStream> stream_;
+  std::unique_ptr<BidirectionalStream> stream_;
   scoped_refptr<IOBuffer> read_buf_;
   int read_buf_len_;
-  scoped_ptr<base::Timer> timer_;
+  std::unique_ptr<base::Timer> timer_;
   std::string data_received_;
-  scoped_ptr<base::RunLoop> loop_;
+  std::unique_ptr<base::RunLoop> loop_;
   SpdyHeaderBlock response_headers_;
   SpdyHeaderBlock trailers_;
   int error_;
@@ -191,6 +223,7 @@ class TestDelegateBase : public BidirectionalStream::Delegate {
   // calling into |stream_|.
   bool not_expect_callback_;
 
+  CompletionCallback callback_;
   DISALLOW_COPY_AND_ASSIGN(TestDelegateBase);
 };
 
@@ -302,6 +335,7 @@ class BidirectionalStreamTest : public testing::TestWithParam<bool> {
         ssl_data_(SSLSocketDataProvider(ASYNC, OK)) {
     ssl_data_.SetNextProto(kProtoHTTP2);
     ssl_data_.cert = ImportCertFromFile(GetTestCertsDirectory(), "ok_cert.pem");
+    net_log_.SetCaptureMode(NetLogCaptureMode::IncludeSocketBytes());
   }
 
  protected:
@@ -323,14 +357,17 @@ class BidirectionalStreamTest : public testing::TestWithParam<bool> {
     sequenced_data_.reset(
         new SequencedSocketData(reads, reads_count, writes, writes_count));
     session_deps_.socket_factory->AddSocketDataProvider(sequenced_data_.get());
+    session_deps_.net_log = net_log_.bound().net_log();
     http_session_ = SpdySessionDependencies::SpdyCreateSession(&session_deps_);
-    session_ = CreateSecureSpdySession(http_session_.get(), key, BoundNetLog());
+    session_ =
+        CreateSecureSpdySession(http_session_.get(), key, net_log_.bound());
   }
 
+  BoundTestNetLog net_log_;
   SpdyTestUtil spdy_util_;
   SpdySessionDependencies session_deps_;
-  scoped_ptr<SequencedSocketData> sequenced_data_;
-  scoped_ptr<HttpNetworkSession> http_session_;
+  std::unique_ptr<SequencedSocketData> sequenced_data_;
+  std::unique_ptr<HttpNetworkSession> http_session_;
 
  private:
   SSLSocketDataProvider ssl_data_;
@@ -338,7 +375,7 @@ class BidirectionalStreamTest : public testing::TestWithParam<bool> {
 };
 
 TEST_F(BidirectionalStreamTest, CreateInsecureStream) {
-  scoped_ptr<BidirectionalStreamRequestInfo> request_info(
+  std::unique_ptr<BidirectionalStreamRequestInfo> request_info(
       new BidirectionalStreamRequestInfo);
   request_info->method = "GET";
   request_info->url = GURL("http://www.example.org/");
@@ -346,20 +383,40 @@ TEST_F(BidirectionalStreamTest, CreateInsecureStream) {
   TestDelegateBase delegate(nullptr, 0);
   HttpNetworkSession::Params params =
       SpdySessionDependencies::CreateSessionParams(&session_deps_);
-  scoped_ptr<HttpNetworkSession> session(new HttpNetworkSession(params));
+  std::unique_ptr<HttpNetworkSession> session(new HttpNetworkSession(params));
   delegate.SetRunUntilCompletion(true);
   delegate.Start(std::move(request_info), session.get());
 
   EXPECT_EQ(ERR_DISALLOWED_URL_SCHEME, delegate.error());
 }
 
+// Creates a BidirectionalStream with an insecure scheme. Destroy the stream
+// without waiting for the OnFailed task to be executed.
+TEST_F(BidirectionalStreamTest,
+       CreateInsecureStreamAndDestroyStreamRightAfter) {
+  std::unique_ptr<BidirectionalStreamRequestInfo> request_info(
+      new BidirectionalStreamRequestInfo);
+  request_info->method = "GET";
+  request_info->url = GURL("http://www.example.org/");
+
+  std::unique_ptr<TestDelegateBase> delegate(new TestDelegateBase(nullptr, 0));
+  HttpNetworkSession::Params params =
+      SpdySessionDependencies::CreateSessionParams(&session_deps_);
+  std::unique_ptr<HttpNetworkSession> session(new HttpNetworkSession(params));
+  delegate->Start(std::move(request_info), session.get());
+  // Reset stream right before the OnFailed task is executed.
+  delegate.reset();
+
+  base::RunLoop().RunUntilIdle();
+}
+
 // Simulates user calling ReadData after END_STREAM has been received in
 // BidirectionalStreamSpdyImpl.
 TEST_F(BidirectionalStreamTest, TestReadDataAfterClose) {
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet("https://www.example.org", 1, LOWEST));
   // Empty DATA frame with an END_STREAM flag.
-  scoped_ptr<SpdySerializedFrame> end_stream(
+  std::unique_ptr<SpdySerializedFrame> end_stream(
       spdy_util_.ConstructSpdyBodyFrame(1, nullptr, 0, true));
   MockWrite writes[] = {
       CreateMockWrite(*req.get(), 0),
@@ -367,13 +424,13 @@ TEST_F(BidirectionalStreamTest, TestReadDataAfterClose) {
 
   const char* const kExtraResponseHeaders[] = {"header-name", "header-value"};
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(kExtraResponseHeaders, 1, 1));
 
-  scoped_ptr<SpdySerializedFrame> body_frame(
+  std::unique_ptr<SpdySerializedFrame> body_frame(
       spdy_util_.ConstructSpdyBodyFrame(1, false));
   // Last body frame has END_STREAM flag set.
-  scoped_ptr<SpdySerializedFrame> last_body_frame(
+  std::unique_ptr<SpdySerializedFrame> last_body_frame(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
 
   MockRead reads[] = {
@@ -391,7 +448,7 @@ TEST_F(BidirectionalStreamTest, TestReadDataAfterClose) {
                      PRIVACY_MODE_DISABLED);
   InitSession(reads, arraysize(reads), writes, arraysize(writes), key);
 
-  scoped_ptr<BidirectionalStreamRequestInfo> request_info(
+  std::unique_ptr<BidirectionalStreamRequestInfo> request_info(
       new BidirectionalStreamRequestInfo);
   request_info->method = "GET";
   request_info->url = GURL("https://www.example.org/");
@@ -402,8 +459,8 @@ TEST_F(BidirectionalStreamTest, TestReadDataAfterClose) {
   // Create a MockTimer. Retain a raw pointer since the underlying
   // BidirectionalStreamImpl owns it.
   MockTimer* timer = new MockTimer();
-  scoped_ptr<TestDelegateBase> delegate(new TestDelegateBase(
-      read_buffer.get(), kReadBufferSize, make_scoped_ptr(timer)));
+  std::unique_ptr<TestDelegateBase> delegate(new TestDelegateBase(
+      read_buffer.get(), kReadBufferSize, base::WrapUnique(timer)));
   delegate->set_do_not_start_read(true);
 
   delegate->Start(std::move(request_info), http_session_.get());
@@ -444,27 +501,162 @@ TEST_F(BidirectionalStreamTest, TestReadDataAfterClose) {
             delegate->GetTotalReceivedBytes());
 }
 
+// Tests that the NetLog contains correct entries.
+TEST_F(BidirectionalStreamTest, TestNetLogContainEntries) {
+  BufferedSpdyFramer framer(spdy_util_.spdy_version());
+
+  std::unique_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
+      "https://www.example.org", 1, kBodyDataSize * 3, LOWEST, nullptr, 0));
+  std::unique_ptr<SpdySerializedFrame> data_frame(
+      framer.CreateDataFrame(1, kBodyData, kBodyDataSize, DATA_FLAG_FIN));
+  MockWrite writes[] = {
+      CreateMockWrite(*req, 0), CreateMockWrite(*data_frame, 3),
+  };
+
+  std::unique_ptr<SpdySerializedFrame> resp(
+      spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 1));
+  std::unique_ptr<SpdySerializedFrame> response_body_frame1(
+      spdy_util_.ConstructSpdyBodyFrame(1, false));
+  std::unique_ptr<SpdySerializedFrame> response_body_frame2(
+      spdy_util_.ConstructSpdyBodyFrame(1, false));
+
+  SpdyHeaderBlock trailers;
+  trailers["foo"] = "bar";
+  std::unique_ptr<SpdySerializedFrame> response_trailers(
+      spdy_util_.ConstructSpdyResponseHeaders(1, trailers, true));
+
+  MockRead reads[] = {
+      CreateMockRead(*resp, 1),
+      MockRead(ASYNC, ERR_IO_PENDING, 2),  // Force a pause.
+      CreateMockRead(*response_body_frame1, 4),
+      MockRead(ASYNC, ERR_IO_PENDING, 5),  // Force a pause.
+      CreateMockRead(*response_body_frame2, 6),
+      CreateMockRead(*response_trailers, 7),
+      MockRead(ASYNC, 0, 8),
+  };
+
+  HostPortPair host_port_pair("www.example.org", 443);
+  SpdySessionKey key(host_port_pair, ProxyServer::Direct(),
+                     PRIVACY_MODE_DISABLED);
+  InitSession(reads, arraysize(reads), writes, arraysize(writes), key);
+
+  std::unique_ptr<BidirectionalStreamRequestInfo> request_info(
+      new BidirectionalStreamRequestInfo);
+  request_info->method = "POST";
+  request_info->url = GURL("https://www.example.org/");
+  request_info->priority = LOWEST;
+  request_info->extra_headers.SetHeader(net::HttpRequestHeaders::kContentLength,
+                                        base::SizeTToString(kBodyDataSize * 3));
+
+  scoped_refptr<IOBuffer> read_buffer(new IOBuffer(kReadBufferSize));
+  MockTimer* timer = new MockTimer();
+  std::unique_ptr<TestDelegateBase> delegate(new TestDelegateBase(
+      read_buffer.get(), kReadBufferSize, base::WrapUnique(timer)));
+  delegate->set_do_not_start_read(true);
+  delegate->Start(std::move(request_info), http_session_.get());
+  // Send the request and receive response headers.
+  sequenced_data_->RunUntilPaused();
+  EXPECT_FALSE(timer->IsRunning());
+
+  scoped_refptr<StringIOBuffer> buf(
+      new StringIOBuffer(std::string(kBodyData, kBodyDataSize)));
+  // Send a DATA frame.
+  delegate->SendData(buf, buf->size(), true);
+  // ReadData returns asynchronously because no data is buffered.
+  int rv = delegate->ReadData();
+  EXPECT_EQ(ERR_IO_PENDING, rv);
+  // Deliver the first DATA frame.
+  sequenced_data_->Resume();
+  sequenced_data_->RunUntilPaused();
+  // |sequenced_data_| is now stopped after delivering first DATA frame but
+  // before the second DATA frame.
+  // Fire the timer to allow the first ReadData to complete asynchronously.
+  timer->Fire();
+  base::RunLoop().RunUntilIdle();
+  EXPECT_EQ(1, delegate->on_data_read_count());
+
+  // Now let |sequenced_data_| run until completion.
+  sequenced_data_->Resume();
+  base::RunLoop().RunUntilIdle();
+  // All data has been delivered, and OnClosed() has been invoked.
+  // Read now, and it should complete synchronously.
+  rv = delegate->ReadData();
+  EXPECT_EQ(kUploadDataSize, rv);
+  EXPECT_EQ("200", delegate->response_headers().find(":status")->second);
+  EXPECT_EQ(1, delegate->on_data_read_count());
+  EXPECT_EQ(1, delegate->on_data_sent_count());
+  EXPECT_EQ(kProtoHTTP2, delegate->GetProtocol());
+  EXPECT_EQ("bar", delegate->trailers().find("foo")->second);
+  EXPECT_EQ(CountWriteBytes(writes, arraysize(writes)),
+            delegate->GetTotalSentBytes());
+  EXPECT_EQ(CountReadBytes(reads, arraysize(reads)),
+            delegate->GetTotalReceivedBytes());
+
+  // Destroy the delegate will destroy the stream, so we can get an end event
+  // for BIDIRECTIONAL_STREAM_ALIVE.
+  delegate.reset();
+  TestNetLogEntry::List entries;
+  net_log_.GetEntries(&entries);
+  size_t index = ExpectLogContainsSomewhere(
+      entries, 0, NetLog::TYPE_BIDIRECTIONAL_STREAM_ALIVE, NetLog::PHASE_BEGIN);
+  // HTTP_STREAM_REQUEST is nested inside in BIDIRECTIONAL_STREAM_ALIVE.
+  index = ExpectLogContainsSomewhere(
+      entries, index, NetLog::TYPE_HTTP_STREAM_REQUEST, NetLog::PHASE_BEGIN);
+  index = ExpectLogContainsSomewhere(
+      entries, index, NetLog::TYPE_HTTP_STREAM_REQUEST, NetLog::PHASE_END);
+  // Headers received should happen after HTTP_STREAM_REQUEST.
+  index = ExpectLogContainsSomewhere(
+      entries, index, NetLog::TYPE_BIDIRECTIONAL_STREAM_RECV_HEADERS,
+      NetLog::PHASE_NONE);
+  // Trailers received should happen after headers received. It might happen
+  // before the reads complete.
+  ExpectLogContainsSomewhere(entries, index,
+                             NetLog::TYPE_BIDIRECTIONAL_STREAM_RECV_TRAILERS,
+                             NetLog::PHASE_NONE);
+  // Sent bytes. Sending data is always asynchronous.
+  index = ExpectLogContainsSomewhere(
+      entries, index, NetLog::TYPE_BIDIRECTIONAL_STREAM_BYTES_SENT,
+      NetLog::PHASE_NONE);
+  TestNetLogEntry entry = entries[index];
+  EXPECT_EQ(NetLog::SOURCE_BIDIRECTIONAL_STREAM, entry.source.type);
+  // Received bytes for asynchronous read.
+  index = ExpectLogContainsSomewhere(
+      entries, index, NetLog::TYPE_BIDIRECTIONAL_STREAM_BYTES_RECEIVED,
+      NetLog::PHASE_NONE);
+  entry = entries[index];
+  EXPECT_EQ(NetLog::SOURCE_BIDIRECTIONAL_STREAM, entry.source.type);
+  // Received bytes for synchronous read.
+  index = ExpectLogContainsSomewhere(
+      entries, index, NetLog::TYPE_BIDIRECTIONAL_STREAM_BYTES_RECEIVED,
+      NetLog::PHASE_NONE);
+  entry = entries[index];
+  EXPECT_EQ(NetLog::SOURCE_BIDIRECTIONAL_STREAM, entry.source.type);
+  ExpectLogContainsSomewhere(entries, index,
+                             NetLog::TYPE_BIDIRECTIONAL_STREAM_ALIVE,
+                             NetLog::PHASE_END);
+}
+
 TEST_F(BidirectionalStreamTest, TestInterleaveReadDataAndSendData) {
   BufferedSpdyFramer framer(spdy_util_.spdy_version());
 
-  scoped_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
+  std::unique_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
       "https://www.example.org", 1, kBodyDataSize * 3, LOWEST, nullptr, 0));
-  scoped_ptr<SpdySerializedFrame> data_frame1(
+  std::unique_ptr<SpdySerializedFrame> data_frame1(
       framer.CreateDataFrame(1, kBodyData, kBodyDataSize, DATA_FLAG_NONE));
-  scoped_ptr<SpdySerializedFrame> data_frame2(
+  std::unique_ptr<SpdySerializedFrame> data_frame2(
       framer.CreateDataFrame(1, kBodyData, kBodyDataSize, DATA_FLAG_NONE));
-  scoped_ptr<SpdySerializedFrame> data_frame3(
+  std::unique_ptr<SpdySerializedFrame> data_frame3(
       framer.CreateDataFrame(1, kBodyData, kBodyDataSize, DATA_FLAG_FIN));
   MockWrite writes[] = {
       CreateMockWrite(*req, 0), CreateMockWrite(*data_frame1, 3),
       CreateMockWrite(*data_frame2, 6), CreateMockWrite(*data_frame3, 9),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 1));
-  scoped_ptr<SpdySerializedFrame> response_body_frame1(
+  std::unique_ptr<SpdySerializedFrame> response_body_frame1(
       spdy_util_.ConstructSpdyBodyFrame(1, false));
-  scoped_ptr<SpdySerializedFrame> response_body_frame2(
+  std::unique_ptr<SpdySerializedFrame> response_body_frame2(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
 
   MockRead reads[] = {
@@ -482,7 +674,7 @@ TEST_F(BidirectionalStreamTest, TestInterleaveReadDataAndSendData) {
                      PRIVACY_MODE_DISABLED);
   InitSession(reads, arraysize(reads), writes, arraysize(writes), key);
 
-  scoped_ptr<BidirectionalStreamRequestInfo> request_info(
+  std::unique_ptr<BidirectionalStreamRequestInfo> request_info(
       new BidirectionalStreamRequestInfo);
   request_info->method = "POST";
   request_info->url = GURL("https://www.example.org/");
@@ -492,8 +684,8 @@ TEST_F(BidirectionalStreamTest, TestInterleaveReadDataAndSendData) {
 
   scoped_refptr<IOBuffer> read_buffer(new IOBuffer(kReadBufferSize));
   MockTimer* timer = new MockTimer();
-  scoped_ptr<TestDelegateBase> delegate(new TestDelegateBase(
-      read_buffer.get(), kReadBufferSize, make_scoped_ptr(timer)));
+  std::unique_ptr<TestDelegateBase> delegate(new TestDelegateBase(
+      read_buffer.get(), kReadBufferSize, base::WrapUnique(timer)));
   delegate->set_do_not_start_read(true);
   delegate->Start(std::move(request_info), http_session_.get());
   // Send the request and receive response headers.
@@ -505,7 +697,7 @@ TEST_F(BidirectionalStreamTest, TestInterleaveReadDataAndSendData) {
       new StringIOBuffer(std::string(kBodyData, kBodyDataSize)));
 
   // Send a DATA frame.
-  delegate->SendData(buf.get(), buf->size(), false);
+  delegate->SendData(buf, buf->size(), false);
   // ReadData and it should return asynchronously because no data is buffered.
   int rv = delegate->ReadData();
   EXPECT_EQ(ERR_IO_PENDING, rv);
@@ -518,7 +710,7 @@ TEST_F(BidirectionalStreamTest, TestInterleaveReadDataAndSendData) {
   EXPECT_EQ(1, delegate->on_data_read_count());
 
   // Send a DATA frame.
-  delegate->SendData(buf.get(), buf->size(), false);
+  delegate->SendData(buf, buf->size(), false);
   // ReadData and it should return asynchronously because no data is buffered.
   rv = delegate->ReadData();
   EXPECT_EQ(ERR_IO_PENDING, rv);
@@ -532,7 +724,7 @@ TEST_F(BidirectionalStreamTest, TestInterleaveReadDataAndSendData) {
   EXPECT_EQ(2, delegate->on_data_sent_count());
 
   // Send the last body frame. Client half closes.
-  delegate->SendData(buf.get(), buf->size(), true);
+  delegate->SendData(buf, buf->size(), true);
   sequenced_data_->Resume();
   base::RunLoop().RunUntilIdle();
   EXPECT_EQ(3, delegate->on_data_sent_count());
@@ -551,21 +743,89 @@ TEST_F(BidirectionalStreamTest, TestInterleaveReadDataAndSendData) {
             delegate->GetTotalReceivedBytes());
 }
 
+TEST_F(BidirectionalStreamTest, TestCoalesceSmallDataBuffers) {
+  BufferedSpdyFramer framer(spdy_util_.spdy_version());
+
+  std::unique_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
+      "https://www.example.org", 1, kBodyDataSize * 1, LOWEST, nullptr, 0));
+  std::string body_data = "some really long piece of data";
+  std::unique_ptr<SpdySerializedFrame> data_frame1(framer.CreateDataFrame(
+      1, body_data.c_str(), body_data.size(), DATA_FLAG_FIN));
+  MockWrite writes[] = {
+      CreateMockWrite(*req, 0), CreateMockWrite(*data_frame1, 1),
+  };
+
+  std::unique_ptr<SpdySerializedFrame> resp(
+      spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 1));
+  std::unique_ptr<SpdySerializedFrame> response_body_frame1(
+      spdy_util_.ConstructSpdyBodyFrame(1, true));
+  MockRead reads[] = {
+      CreateMockRead(*resp, 2),
+      MockRead(ASYNC, ERR_IO_PENDING, 3),  // Force a pause.
+      CreateMockRead(*response_body_frame1, 4), MockRead(ASYNC, 0, 5),
+  };
+
+  HostPortPair host_port_pair("www.example.org", 443);
+  SpdySessionKey key(host_port_pair, ProxyServer::Direct(),
+                     PRIVACY_MODE_DISABLED);
+  InitSession(reads, arraysize(reads), writes, arraysize(writes), key);
+
+  std::unique_ptr<BidirectionalStreamRequestInfo> request_info(
+      new BidirectionalStreamRequestInfo);
+  request_info->method = "POST";
+  request_info->url = GURL("https://www.example.org/");
+  request_info->priority = LOWEST;
+  request_info->extra_headers.SetHeader(net::HttpRequestHeaders::kContentLength,
+                                        base::SizeTToString(kBodyDataSize * 1));
+
+  scoped_refptr<IOBuffer> read_buffer(new IOBuffer(kReadBufferSize));
+  MockTimer* timer = new MockTimer();
+  std::unique_ptr<TestDelegateBase> delegate(new TestDelegateBase(
+      read_buffer.get(), kReadBufferSize, base::WrapUnique(timer)));
+  delegate->set_do_not_start_read(true);
+  TestCompletionCallback callback;
+  delegate->Start(std::move(request_info), http_session_.get(),
+                  callback.callback());
+  // Wait until the stream is ready.
+  callback.WaitForResult();
+  // Send a DATA frame.
+  scoped_refptr<StringIOBuffer> buf(new StringIOBuffer(body_data.substr(0, 5)));
+  scoped_refptr<StringIOBuffer> buf2(
+      new StringIOBuffer(body_data.substr(5, body_data.size() - 5)));
+  delegate->SendvData({buf, buf2.get()}, {buf->size(), buf2->size()}, true);
+  sequenced_data_->RunUntilPaused();  // OnHeadersReceived.
+  // ReadData and it should return asynchronously because no data is buffered.
+  EXPECT_EQ(ERR_IO_PENDING, delegate->ReadData());
+  sequenced_data_->Resume();
+  base::RunLoop().RunUntilIdle();
+  EXPECT_EQ(1, delegate->on_data_sent_count());
+  EXPECT_EQ(1, delegate->on_data_read_count());
+
+  EXPECT_EQ("200", delegate->response_headers().find(":status")->second);
+  EXPECT_EQ(1, delegate->on_data_read_count());
+  EXPECT_EQ(1, delegate->on_data_sent_count());
+  EXPECT_EQ(kProtoHTTP2, delegate->GetProtocol());
+  EXPECT_EQ(CountWriteBytes(writes, arraysize(writes)),
+            delegate->GetTotalSentBytes());
+  EXPECT_EQ(CountReadBytes(reads, arraysize(reads)),
+            delegate->GetTotalReceivedBytes());
+}
+
 // Tests that BidirectionalStreamSpdyImpl::OnClose will complete any remaining
 // read even if the read queue is empty.
 TEST_F(BidirectionalStreamTest, TestCompleteAsyncRead) {
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet("https://www.example.org", 1, LOWEST));
   // Empty DATA frame with an END_STREAM flag.
-  scoped_ptr<SpdySerializedFrame> end_stream(
+  std::unique_ptr<SpdySerializedFrame> end_stream(
       spdy_util_.ConstructSpdyBodyFrame(1, nullptr, 0, true));
 
   MockWrite writes[] = {CreateMockWrite(*req.get(), 0)};
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 1));
 
-  scoped_ptr<SpdySerializedFrame> response_body_frame(
+  std::unique_ptr<SpdySerializedFrame> response_body_frame(
       spdy_util_.ConstructSpdyBodyFrame(1, nullptr, 0, true));
 
   MockRead reads[] = {
@@ -579,7 +839,7 @@ TEST_F(BidirectionalStreamTest, TestCompleteAsyncRead) {
                      PRIVACY_MODE_DISABLED);
   InitSession(reads, arraysize(reads), writes, arraysize(writes), key);
 
-  scoped_ptr<BidirectionalStreamRequestInfo> request_info(
+  std::unique_ptr<BidirectionalStreamRequestInfo> request_info(
       new BidirectionalStreamRequestInfo);
   request_info->method = "GET";
   request_info->url = GURL("https://www.example.org/");
@@ -588,8 +848,8 @@ TEST_F(BidirectionalStreamTest, TestCompleteAsyncRead) {
 
   scoped_refptr<IOBuffer> read_buffer(new IOBuffer(kReadBufferSize));
   MockTimer* timer = new MockTimer();
-  scoped_ptr<TestDelegateBase> delegate(new TestDelegateBase(
-      read_buffer.get(), kReadBufferSize, make_scoped_ptr(timer)));
+  std::unique_ptr<TestDelegateBase> delegate(new TestDelegateBase(
+      read_buffer.get(), kReadBufferSize, base::WrapUnique(timer)));
   delegate->set_do_not_start_read(true);
   delegate->Start(std::move(request_info), http_session_.get());
   // Write request, and deliver response headers.
@@ -616,23 +876,23 @@ TEST_F(BidirectionalStreamTest, TestCompleteAsyncRead) {
 }
 
 TEST_F(BidirectionalStreamTest, TestBuffering) {
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet("https://www.example.org", 1, LOWEST));
   // Empty DATA frame with an END_STREAM flag.
-  scoped_ptr<SpdySerializedFrame> end_stream(
+  std::unique_ptr<SpdySerializedFrame> end_stream(
       spdy_util_.ConstructSpdyBodyFrame(1, nullptr, 0, true));
 
   MockWrite writes[] = {CreateMockWrite(*req.get(), 0)};
 
   const char* const kExtraResponseHeaders[] = {"header-name", "header-value"};
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(kExtraResponseHeaders, 1, 1));
 
-  scoped_ptr<SpdySerializedFrame> body_frame(
+  std::unique_ptr<SpdySerializedFrame> body_frame(
       spdy_util_.ConstructSpdyBodyFrame(1, false));
   // Last body frame has END_STREAM flag set.
-  scoped_ptr<SpdySerializedFrame> last_body_frame(
+  std::unique_ptr<SpdySerializedFrame> last_body_frame(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
 
   MockRead reads[] = {
@@ -649,7 +909,7 @@ TEST_F(BidirectionalStreamTest, TestBuffering) {
                      PRIVACY_MODE_DISABLED);
   InitSession(reads, arraysize(reads), writes, arraysize(writes), key);
 
-  scoped_ptr<BidirectionalStreamRequestInfo> request_info(
+  std::unique_ptr<BidirectionalStreamRequestInfo> request_info(
       new BidirectionalStreamRequestInfo);
   request_info->method = "GET";
   request_info->url = GURL("https://www.example.org/");
@@ -658,8 +918,8 @@ TEST_F(BidirectionalStreamTest, TestBuffering) {
 
   scoped_refptr<IOBuffer> read_buffer(new IOBuffer(kReadBufferSize));
   MockTimer* timer = new MockTimer();
-  scoped_ptr<TestDelegateBase> delegate(new TestDelegateBase(
-      read_buffer.get(), kReadBufferSize, make_scoped_ptr(timer)));
+  std::unique_ptr<TestDelegateBase> delegate(new TestDelegateBase(
+      read_buffer.get(), kReadBufferSize, base::WrapUnique(timer)));
   delegate->Start(std::move(request_info), http_session_.get());
   // Deliver two DATA frames together.
   sequenced_data_->RunUntilPaused();
@@ -698,10 +958,10 @@ TEST_F(BidirectionalStreamTest, TestBuffering) {
 }
 
 TEST_F(BidirectionalStreamTest, TestBufferingWithTrailers) {
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet("https://www.example.org", 1, LOWEST));
   // Empty DATA frame with an END_STREAM flag.
-  scoped_ptr<SpdySerializedFrame> end_stream(
+  std::unique_ptr<SpdySerializedFrame> end_stream(
       spdy_util_.ConstructSpdyBodyFrame(1, nullptr, 0, true));
 
   MockWrite writes[] = {
@@ -710,22 +970,25 @@ TEST_F(BidirectionalStreamTest, TestBufferingWithTrailers) {
 
   const char* const kExtraResponseHeaders[] = {"header-name", "header-value"};
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(kExtraResponseHeaders, 1, 1));
 
-  scoped_ptr<SpdySerializedFrame> body_frame(
+  std::unique_ptr<SpdySerializedFrame> body_frame(
       spdy_util_.ConstructSpdyBodyFrame(1, false));
 
-  SpdyHeaderBlock late_headers;
-  late_headers["foo"] = "bar";
-  scoped_ptr<SpdySerializedFrame> trailers(
-      spdy_util_.ConstructSpdyResponseHeaders(1, late_headers, true));
+  SpdyHeaderBlock trailers;
+  trailers["foo"] = "bar";
+  std::unique_ptr<SpdySerializedFrame> response_trailers(
+      spdy_util_.ConstructSpdyResponseHeaders(1, trailers, true));
 
   MockRead reads[] = {
-      CreateMockRead(*resp, 1),           CreateMockRead(*body_frame, 2),
-      CreateMockRead(*body_frame, 3),     CreateMockRead(*body_frame, 4),
+      CreateMockRead(*resp, 1),
+      CreateMockRead(*body_frame, 2),
+      CreateMockRead(*body_frame, 3),
+      CreateMockRead(*body_frame, 4),
       MockRead(ASYNC, ERR_IO_PENDING, 5),  // Force a pause.
-      CreateMockRead(*trailers, 6),       MockRead(SYNCHRONOUS, 0, 7),
+      CreateMockRead(*response_trailers, 6),
+      MockRead(SYNCHRONOUS, 0, 7),
   };
 
   HostPortPair host_port_pair("www.example.org", 443);
@@ -735,10 +998,10 @@ TEST_F(BidirectionalStreamTest, TestBufferingWithTrailers) {
 
   scoped_refptr<IOBuffer> read_buffer(new IOBuffer(kReadBufferSize));
   MockTimer* timer = new MockTimer();
-  scoped_ptr<TestDelegateBase> delegate(new TestDelegateBase(
-      read_buffer.get(), kReadBufferSize, make_scoped_ptr(timer)));
+  std::unique_ptr<TestDelegateBase> delegate(new TestDelegateBase(
+      read_buffer.get(), kReadBufferSize, base::WrapUnique(timer)));
 
-  scoped_ptr<BidirectionalStreamRequestInfo> request_info(
+  std::unique_ptr<BidirectionalStreamRequestInfo> request_info(
       new BidirectionalStreamRequestInfo);
   request_info->method = "GET";
   request_info->url = GURL("https://www.example.org/");
@@ -778,11 +1041,11 @@ TEST_F(BidirectionalStreamTest, TestBufferingWithTrailers) {
 TEST_F(BidirectionalStreamTest, CancelStreamAfterSendData) {
   BufferedSpdyFramer framer(spdy_util_.spdy_version());
 
-  scoped_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
+  std::unique_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
       "https://www.example.org", 1, kBodyDataSize * 3, LOWEST, nullptr, 0));
-  scoped_ptr<SpdySerializedFrame> data_frame(
+  std::unique_ptr<SpdySerializedFrame> data_frame(
       framer.CreateDataFrame(1, kBodyData, kBodyDataSize, DATA_FLAG_NONE));
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(1, RST_STREAM_CANCEL));
 
   MockWrite writes[] = {
@@ -790,9 +1053,9 @@ TEST_F(BidirectionalStreamTest, CancelStreamAfterSendData) {
       CreateMockWrite(*rst, 5),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 1));
-  scoped_ptr<SpdySerializedFrame> response_body_frame(
+  std::unique_ptr<SpdySerializedFrame> response_body_frame(
       spdy_util_.ConstructSpdyBodyFrame(1, false));
 
   MockRead reads[] = {
@@ -807,7 +1070,7 @@ TEST_F(BidirectionalStreamTest, CancelStreamAfterSendData) {
                      PRIVACY_MODE_DISABLED);
   InitSession(reads, arraysize(reads), writes, arraysize(writes), key);
 
-  scoped_ptr<BidirectionalStreamRequestInfo> request_info(
+  std::unique_ptr<BidirectionalStreamRequestInfo> request_info(
       new BidirectionalStreamRequestInfo);
   request_info->method = "POST";
   request_info->url = GURL("https://www.example.org/");
@@ -816,7 +1079,7 @@ TEST_F(BidirectionalStreamTest, CancelStreamAfterSendData) {
                                         base::SizeTToString(kBodyDataSize * 3));
 
   scoped_refptr<IOBuffer> read_buffer(new IOBuffer(kReadBufferSize));
-  scoped_ptr<TestDelegateBase> delegate(
+  std::unique_ptr<TestDelegateBase> delegate(
       new TestDelegateBase(read_buffer.get(), kReadBufferSize));
   delegate->set_do_not_start_read(true);
   delegate->Start(std::move(request_info), http_session_.get());
@@ -827,7 +1090,7 @@ TEST_F(BidirectionalStreamTest, CancelStreamAfterSendData) {
   // Send a DATA frame.
   scoped_refptr<StringIOBuffer> buf(
       new StringIOBuffer(std::string(kBodyData, kBodyDataSize)));
-  delegate->SendData(buf.get(), buf->size(), false);
+  delegate->SendData(buf, buf->size(), false);
   sequenced_data_->Resume();
   base::RunLoop().RunUntilIdle();
   // Cancel the stream.
@@ -848,20 +1111,20 @@ TEST_F(BidirectionalStreamTest, CancelStreamAfterSendData) {
 TEST_F(BidirectionalStreamTest, CancelStreamDuringReadData) {
   BufferedSpdyFramer framer(spdy_util_.spdy_version());
 
-  scoped_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
+  std::unique_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
       "https://www.example.org", 1, kBodyDataSize * 3, LOWEST, nullptr, 0));
-  scoped_ptr<SpdySerializedFrame> data_frame(
+  std::unique_ptr<SpdySerializedFrame> data_frame(
       framer.CreateDataFrame(1, kBodyData, kBodyDataSize, DATA_FLAG_NONE));
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(1, RST_STREAM_CANCEL));
 
   MockWrite writes[] = {
       CreateMockWrite(*req, 0), CreateMockWrite(*rst, 4),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 1));
-  scoped_ptr<SpdySerializedFrame> response_body_frame(
+  std::unique_ptr<SpdySerializedFrame> response_body_frame(
       spdy_util_.ConstructSpdyBodyFrame(1, false));
 
   MockRead reads[] = {
@@ -875,7 +1138,7 @@ TEST_F(BidirectionalStreamTest, CancelStreamDuringReadData) {
                      PRIVACY_MODE_DISABLED);
   InitSession(reads, arraysize(reads), writes, arraysize(writes), key);
 
-  scoped_ptr<BidirectionalStreamRequestInfo> request_info(
+  std::unique_ptr<BidirectionalStreamRequestInfo> request_info(
       new BidirectionalStreamRequestInfo);
   request_info->method = "POST";
   request_info->url = GURL("https://www.example.org/");
@@ -884,7 +1147,7 @@ TEST_F(BidirectionalStreamTest, CancelStreamDuringReadData) {
                                         base::SizeTToString(kBodyDataSize * 3));
 
   scoped_refptr<IOBuffer> read_buffer(new IOBuffer(kReadBufferSize));
-  scoped_ptr<TestDelegateBase> delegate(
+  std::unique_ptr<TestDelegateBase> delegate(
       new TestDelegateBase(read_buffer.get(), kReadBufferSize));
   delegate->set_do_not_start_read(true);
   delegate->Start(std::move(request_info), http_session_.get());
@@ -911,9 +1174,9 @@ TEST_F(BidirectionalStreamTest, CancelStreamDuringReadData) {
 // Receiving a header with uppercase ASCII will result in a protocol error,
 // which should be propagated via Delegate::OnFailed.
 TEST_F(BidirectionalStreamTest, PropagateProtocolError) {
-  scoped_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
+  std::unique_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
       "https://www.example.org", 1, kBodyDataSize * 3, LOW, nullptr, 0));
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(1, RST_STREAM_PROTOCOL_ERROR));
 
   MockWrite writes[] = {
@@ -921,7 +1184,7 @@ TEST_F(BidirectionalStreamTest, PropagateProtocolError) {
   };
 
   const char* const kExtraHeaders[] = {"X-UpperCase", "yes"};
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(kExtraHeaders, 1, 1));
 
   MockRead reads[] = {
@@ -933,7 +1196,7 @@ TEST_F(BidirectionalStreamTest, PropagateProtocolError) {
                      PRIVACY_MODE_DISABLED);
   InitSession(reads, arraysize(reads), writes, arraysize(writes), key);
 
-  scoped_ptr<BidirectionalStreamRequestInfo> request_info(
+  std::unique_ptr<BidirectionalStreamRequestInfo> request_info(
       new BidirectionalStreamRequestInfo);
   request_info->method = "POST";
   request_info->url = GURL("https://www.example.org/");
@@ -941,7 +1204,7 @@ TEST_F(BidirectionalStreamTest, PropagateProtocolError) {
                                         base::SizeTToString(kBodyDataSize * 3));
 
   scoped_refptr<IOBuffer> read_buffer(new IOBuffer(kReadBufferSize));
-  scoped_ptr<TestDelegateBase> delegate(
+  std::unique_ptr<TestDelegateBase> delegate(
       new TestDelegateBase(read_buffer.get(), kReadBufferSize));
   delegate->SetRunUntilCompletion(true);
   delegate->Start(std::move(request_info), http_session_.get());
@@ -965,10 +1228,10 @@ INSTANTIATE_TEST_CASE_P(CancelOrDeleteTests,
                         ::testing::Values(true, false));
 
 TEST_P(BidirectionalStreamTest, CancelOrDeleteStreamDuringOnHeadersReceived) {
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet("https://www.example.org", 1, LOWEST));
 
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(1, RST_STREAM_CANCEL));
   MockWrite writes[] = {
       CreateMockWrite(*req, 0), CreateMockWrite(*rst, 2),
@@ -976,7 +1239,7 @@ TEST_P(BidirectionalStreamTest, CancelOrDeleteStreamDuringOnHeadersReceived) {
 
   const char* const kExtraResponseHeaders[] = {"header-name", "header-value"};
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(kExtraResponseHeaders, 1, 1));
 
   MockRead reads[] = {
@@ -988,7 +1251,7 @@ TEST_P(BidirectionalStreamTest, CancelOrDeleteStreamDuringOnHeadersReceived) {
                      PRIVACY_MODE_DISABLED);
   InitSession(reads, arraysize(reads), writes, arraysize(writes), key);
 
-  scoped_ptr<BidirectionalStreamRequestInfo> request_info(
+  std::unique_ptr<BidirectionalStreamRequestInfo> request_info(
       new BidirectionalStreamRequestInfo);
   request_info->method = "GET";
   request_info->url = GURL("https://www.example.org/");
@@ -996,7 +1259,7 @@ TEST_P(BidirectionalStreamTest, CancelOrDeleteStreamDuringOnHeadersReceived) {
   request_info->end_stream_on_headers = true;
 
   scoped_refptr<IOBuffer> read_buffer(new IOBuffer(kReadBufferSize));
-  scoped_ptr<CancelOrDeleteStreamDelegate> delegate(
+  std::unique_ptr<CancelOrDeleteStreamDelegate> delegate(
       new CancelOrDeleteStreamDelegate(
           read_buffer.get(), kReadBufferSize,
           CancelOrDeleteStreamDelegate::Phase::ON_HEADERS_RECEIVED,
@@ -1021,10 +1284,10 @@ TEST_P(BidirectionalStreamTest, CancelOrDeleteStreamDuringOnHeadersReceived) {
 }
 
 TEST_P(BidirectionalStreamTest, CancelOrDeleteStreamDuringOnDataRead) {
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet("https://www.example.org", 1, LOWEST));
 
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(1, RST_STREAM_CANCEL));
   MockWrite writes[] = {
       CreateMockWrite(*req, 0), CreateMockWrite(*rst, 3),
@@ -1032,10 +1295,10 @@ TEST_P(BidirectionalStreamTest, CancelOrDeleteStreamDuringOnDataRead) {
 
   const char* const kExtraResponseHeaders[] = {"header-name", "header-value"};
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(kExtraResponseHeaders, 1, 1));
 
-  scoped_ptr<SpdySerializedFrame> response_body_frame(
+  std::unique_ptr<SpdySerializedFrame> response_body_frame(
       spdy_util_.ConstructSpdyBodyFrame(1, false));
 
   MockRead reads[] = {
@@ -1048,7 +1311,7 @@ TEST_P(BidirectionalStreamTest, CancelOrDeleteStreamDuringOnDataRead) {
                      PRIVACY_MODE_DISABLED);
   InitSession(reads, arraysize(reads), writes, arraysize(writes), key);
 
-  scoped_ptr<BidirectionalStreamRequestInfo> request_info(
+  std::unique_ptr<BidirectionalStreamRequestInfo> request_info(
       new BidirectionalStreamRequestInfo);
   request_info->method = "GET";
   request_info->url = GURL("https://www.example.org/");
@@ -1056,7 +1319,7 @@ TEST_P(BidirectionalStreamTest, CancelOrDeleteStreamDuringOnDataRead) {
   request_info->end_stream_on_headers = true;
 
   scoped_refptr<IOBuffer> read_buffer(new IOBuffer(kReadBufferSize));
-  scoped_ptr<CancelOrDeleteStreamDelegate> delegate(
+  std::unique_ptr<CancelOrDeleteStreamDelegate> delegate(
       new CancelOrDeleteStreamDelegate(
           read_buffer.get(), kReadBufferSize,
           CancelOrDeleteStreamDelegate::Phase::ON_DATA_READ, GetParam()));
@@ -1080,10 +1343,10 @@ TEST_P(BidirectionalStreamTest, CancelOrDeleteStreamDuringOnDataRead) {
 }
 
 TEST_P(BidirectionalStreamTest, CancelOrDeleteStreamDuringOnTrailersReceived) {
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet("https://www.example.org", 1, LOWEST));
 
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(1, RST_STREAM_CANCEL));
   MockWrite writes[] = {
       CreateMockWrite(*req, 0), CreateMockWrite(*rst, 4),
@@ -1091,20 +1354,20 @@ TEST_P(BidirectionalStreamTest, CancelOrDeleteStreamDuringOnTrailersReceived) {
 
   const char* const kExtraResponseHeaders[] = {"header-name", "header-value"};
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(kExtraResponseHeaders, 1, 1));
 
-  scoped_ptr<SpdySerializedFrame> response_body_frame(
+  std::unique_ptr<SpdySerializedFrame> response_body_frame(
       spdy_util_.ConstructSpdyBodyFrame(1, false));
 
-  SpdyHeaderBlock late_headers;
-  late_headers["foo"] = "bar";
-  scoped_ptr<SpdySerializedFrame> trailers(
-      spdy_util_.ConstructSpdyResponseHeaders(1, late_headers, true));
+  SpdyHeaderBlock trailers;
+  trailers["foo"] = "bar";
+  std::unique_ptr<SpdySerializedFrame> response_trailers(
+      spdy_util_.ConstructSpdyResponseHeaders(1, trailers, true));
 
   MockRead reads[] = {
       CreateMockRead(*resp, 1), CreateMockRead(*response_body_frame, 2),
-      CreateMockRead(*trailers, 3), MockRead(ASYNC, 0, 5),
+      CreateMockRead(*response_trailers, 3), MockRead(ASYNC, 0, 5),
   };
 
   HostPortPair host_port_pair("www.example.org", 443);
@@ -1112,7 +1375,7 @@ TEST_P(BidirectionalStreamTest, CancelOrDeleteStreamDuringOnTrailersReceived) {
                      PRIVACY_MODE_DISABLED);
   InitSession(reads, arraysize(reads), writes, arraysize(writes), key);
 
-  scoped_ptr<BidirectionalStreamRequestInfo> request_info(
+  std::unique_ptr<BidirectionalStreamRequestInfo> request_info(
       new BidirectionalStreamRequestInfo);
   request_info->method = "GET";
   request_info->url = GURL("https://www.example.org/");
@@ -1120,7 +1383,7 @@ TEST_P(BidirectionalStreamTest, CancelOrDeleteStreamDuringOnTrailersReceived) {
   request_info->end_stream_on_headers = true;
 
   scoped_refptr<IOBuffer> read_buffer(new IOBuffer(kReadBufferSize));
-  scoped_ptr<CancelOrDeleteStreamDelegate> delegate(
+  std::unique_ptr<CancelOrDeleteStreamDelegate> delegate(
       new CancelOrDeleteStreamDelegate(
           read_buffer.get(), kReadBufferSize,
           CancelOrDeleteStreamDelegate::Phase::ON_TRAILERS_RECEIVED,
@@ -1146,10 +1409,10 @@ TEST_P(BidirectionalStreamTest, CancelOrDeleteStreamDuringOnTrailersReceived) {
 }
 
 TEST_P(BidirectionalStreamTest, CancelOrDeleteStreamDuringOnFailed) {
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet("https://www.example.org", 1, LOWEST));
 
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(1, RST_STREAM_PROTOCOL_ERROR));
 
   MockWrite writes[] = {
@@ -1157,7 +1420,7 @@ TEST_P(BidirectionalStreamTest, CancelOrDeleteStreamDuringOnFailed) {
   };
 
   const char* const kExtraHeaders[] = {"X-UpperCase", "yes"};
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(kExtraHeaders, 1, 1));
 
   MockRead reads[] = {
@@ -1169,7 +1432,7 @@ TEST_P(BidirectionalStreamTest, CancelOrDeleteStreamDuringOnFailed) {
                      PRIVACY_MODE_DISABLED);
   InitSession(reads, arraysize(reads), writes, arraysize(writes), key);
 
-  scoped_ptr<BidirectionalStreamRequestInfo> request_info(
+  std::unique_ptr<BidirectionalStreamRequestInfo> request_info(
       new BidirectionalStreamRequestInfo);
   request_info->method = "GET";
   request_info->url = GURL("https://www.example.org/");
@@ -1177,7 +1440,7 @@ TEST_P(BidirectionalStreamTest, CancelOrDeleteStreamDuringOnFailed) {
   request_info->end_stream_on_headers = true;
 
   scoped_refptr<IOBuffer> read_buffer(new IOBuffer(kReadBufferSize));
-  scoped_ptr<CancelOrDeleteStreamDelegate> delegate(
+  std::unique_ptr<CancelOrDeleteStreamDelegate> delegate(
       new CancelOrDeleteStreamDelegate(
           read_buffer.get(), kReadBufferSize,
           CancelOrDeleteStreamDelegate::Phase::ON_FAILED, GetParam()));
@@ -1200,10 +1463,10 @@ TEST_P(BidirectionalStreamTest, CancelOrDeleteStreamDuringOnFailed) {
 }
 
 TEST_F(BidirectionalStreamTest, TestHonorAlternativeServiceHeader) {
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet("https://www.example.org", 1, LOWEST));
   // Empty DATA frame with an END_STREAM flag.
-  scoped_ptr<SpdySerializedFrame> end_stream(
+  std::unique_ptr<SpdySerializedFrame> end_stream(
       spdy_util_.ConstructSpdyBodyFrame(1, nullptr, 0, true));
 
   MockWrite writes[] = {CreateMockWrite(*req.get(), 0)};
@@ -1213,9 +1476,9 @@ TEST_F(BidirectionalStreamTest, TestHonorAlternativeServiceHeader) {
   const char* const kExtraResponseHeaders[] = {"alt-svc",
                                                alt_svc_header_value.c_str()};
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(kExtraResponseHeaders, 1, 1));
-  scoped_ptr<SpdySerializedFrame> body_frame(
+  std::unique_ptr<SpdySerializedFrame> body_frame(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
 
   MockRead reads[] = {
@@ -1224,6 +1487,7 @@ TEST_F(BidirectionalStreamTest, TestHonorAlternativeServiceHeader) {
   };
 
   HostPortPair host_port_pair("www.example.org", 443);
+  url::SchemeHostPort server("https", "www.example.org", 443);
   SpdySessionKey key(host_port_pair, ProxyServer::Direct(),
                      PRIVACY_MODE_DISABLED);
   session_deps_.parse_alternative_services = true;
@@ -1232,7 +1496,7 @@ TEST_F(BidirectionalStreamTest, TestHonorAlternativeServiceHeader) {
   session_deps_.enable_quic = true;
   InitSession(reads, arraysize(reads), writes, arraysize(writes), key);
 
-  scoped_ptr<BidirectionalStreamRequestInfo> request_info(
+  std::unique_ptr<BidirectionalStreamRequestInfo> request_info(
       new BidirectionalStreamRequestInfo);
   request_info->method = "GET";
   request_info->url = GURL("https://www.example.org/");
@@ -1241,8 +1505,8 @@ TEST_F(BidirectionalStreamTest, TestHonorAlternativeServiceHeader) {
 
   scoped_refptr<IOBuffer> read_buffer(new IOBuffer(kReadBufferSize));
   MockTimer* timer = new MockTimer();
-  scoped_ptr<TestDelegateBase> delegate(new TestDelegateBase(
-      read_buffer.get(), kReadBufferSize, make_scoped_ptr(timer)));
+  std::unique_ptr<TestDelegateBase> delegate(new TestDelegateBase(
+      read_buffer.get(), kReadBufferSize, base::WrapUnique(timer)));
   delegate->SetRunUntilCompletion(true);
   delegate->Start(std::move(request_info), http_session_.get());
 
@@ -1258,8 +1522,7 @@ TEST_F(BidirectionalStreamTest, TestHonorAlternativeServiceHeader) {
             delegate->GetTotalReceivedBytes());
 
   AlternativeServiceVector alternative_service_vector =
-      http_session_->http_server_properties()->GetAlternativeServices(
-          host_port_pair);
+      http_session_->http_server_properties()->GetAlternativeServices(server);
   ASSERT_EQ(1u, alternative_service_vector.size());
   EXPECT_EQ(AlternateProtocolFromNextProto(kProtoQUIC1SPDY3),
             alternative_service_vector[0].protocol);
diff --git a/chromium/net/http/des.cc b/chromium/net/http/des.cc
index 4fce9ccd00d..4f050225479 100644
--- a/chromium/net/http/des.cc
+++ b/chromium/net/http/des.cc
@@ -4,16 +4,10 @@
 
 #include "net/http/des.h"
 
-#include "base/logging.h"
-
-#if defined(USE_OPENSSL)
 #include <openssl/des.h>
+
+#include "base/logging.h"
 #include "crypto/openssl_util.h"
-#elif defined(OS_IOS)
-#include <CommonCrypto/CommonCryptor.h>
-#else
-#error "Unknown platform"
-#endif
 
 // The iOS version of DESEncrypt is our own code.
 // DESSetKeyParity and DESMakeKey are based on
@@ -80,8 +74,6 @@ void DESMakeKey(const uint8_t* raw, uint8_t* key) {
   key[7] = DESSetKeyParity((raw[6] << 1));
 }
 
-#if defined(USE_OPENSSL)
-
 void DESEncrypt(const uint8_t* key, const uint8_t* src, uint8_t* hash) {
   crypto::EnsureOpenSSLInit();
 
@@ -93,17 +85,4 @@ void DESEncrypt(const uint8_t* key, const uint8_t* src, uint8_t* hash) {
                   reinterpret_cast<DES_cblock*>(hash), &ks, DES_ENCRYPT);
 }
 
-#elif defined(OS_IOS)
-
-void DESEncrypt(const uint8_t* key, const uint8_t* src, uint8_t* hash) {
-  CCCryptorStatus status;
-  size_t data_out_moved = 0;
-  status = CCCrypt(kCCEncrypt, kCCAlgorithmDES, kCCOptionECBMode,
-                   key, 8, NULL, src, 8, hash, 8, &data_out_moved);
-  DCHECK(status == kCCSuccess);
-  DCHECK(data_out_moved == 8);
-}
-
-#endif
-
 }  // namespace net
diff --git a/chromium/net/http/disk_cache_based_quic_server_info_unittest.cc b/chromium/net/http/disk_cache_based_quic_server_info_unittest.cc
index 490b935811d..853559e2656 100644
--- a/chromium/net/http/disk_cache_based_quic_server_info_unittest.cc
+++ b/chromium/net/http/disk_cache_based_quic_server_info_unittest.cc
@@ -8,6 +8,7 @@
 #include "base/bind_helpers.h"
 #include "base/compiler_specific.h"
 #include "base/macros.h"
+#include "base/memory/ptr_util.h"
 #include "base/message_loop/message_loop.h"
 #include "net/base/net_errors.h"
 #include "net/http/mock_http_cache.h"
@@ -86,9 +87,9 @@ TEST(DiskCacheBasedQuicServerInfo, DeleteInCallback) {
   // Use the blocking mock backend factory to force asynchronous completion
   // of quic_server_info->WaitForDataReady(), so that the callback will run.
   MockBlockingBackendFactory* factory = new MockBlockingBackendFactory();
-  MockHttpCache cache(make_scoped_ptr(factory));
+  MockHttpCache cache(base::WrapUnique(factory));
   QuicServerId server_id("www.verisign.com", 443, PRIVACY_MODE_DISABLED);
-  scoped_ptr<QuicServerInfo> quic_server_info(
+  std::unique_ptr<QuicServerInfo> quic_server_info(
       new DiskCacheBasedQuicServerInfo(server_id, cache.http_cache()));
   quic_server_info->Start();
   TestCompletionCallback callback;
@@ -106,7 +107,7 @@ TEST(DiskCacheBasedQuicServerInfo, Update) {
   TestCompletionCallback callback;
 
   QuicServerId server_id("www.google.com", 443, PRIVACY_MODE_DISABLED);
-  scoped_ptr<QuicServerInfo> quic_server_info(
+  std::unique_ptr<QuicServerInfo> quic_server_info(
       new DiskCacheBasedQuicServerInfo(server_id, cache.http_cache()));
   quic_server_info->Start();
   int rv = quic_server_info->WaitForDataReady(callback.callback());
@@ -179,7 +180,7 @@ TEST(DiskCacheBasedQuicServerInfo, UpdateDifferentPorts) {
 
   // Persist data for port 443.
   QuicServerId server_id1("www.google.com", 443, PRIVACY_MODE_DISABLED);
-  scoped_ptr<QuicServerInfo> quic_server_info1(
+  std::unique_ptr<QuicServerInfo> quic_server_info1(
       new DiskCacheBasedQuicServerInfo(server_id1, cache.http_cache()));
   quic_server_info1->Start();
   int rv = quic_server_info1->WaitForDataReady(callback.callback());
@@ -207,7 +208,7 @@ TEST(DiskCacheBasedQuicServerInfo, UpdateDifferentPorts) {
 
   // Persist data for port 80.
   QuicServerId server_id2("www.google.com", 80, PRIVACY_MODE_DISABLED);
-  scoped_ptr<QuicServerInfo> quic_server_info2(
+  std::unique_ptr<QuicServerInfo> quic_server_info2(
       new DiskCacheBasedQuicServerInfo(server_id2, cache.http_cache()));
   quic_server_info2->Start();
   rv = quic_server_info2->WaitForDataReady(callback.callback());
@@ -234,7 +235,7 @@ TEST(DiskCacheBasedQuicServerInfo, UpdateDifferentPorts) {
   base::MessageLoop::current()->RunUntilIdle();
 
   // Verify the stored QuicServerInfo for port 443.
-  scoped_ptr<QuicServerInfo> quic_server_info(
+  std::unique_ptr<QuicServerInfo> quic_server_info(
       new DiskCacheBasedQuicServerInfo(server_id1, cache.http_cache()));
   quic_server_info->Start();
   rv = quic_server_info->WaitForDataReady(callback.callback());
@@ -278,7 +279,7 @@ TEST(DiskCacheBasedQuicServerInfo, IsReadyToPersist) {
   TestCompletionCallback callback;
 
   QuicServerId server_id("www.google.com", 443, PRIVACY_MODE_DISABLED);
-  scoped_ptr<QuicServerInfo> quic_server_info(
+  std::unique_ptr<QuicServerInfo> quic_server_info(
       new DiskCacheBasedQuicServerInfo(server_id, cache.http_cache()));
   EXPECT_FALSE(quic_server_info->IsDataReady());
   quic_server_info->Start();
@@ -340,7 +341,7 @@ TEST(DiskCacheBasedQuicServerInfo, MultiplePersist) {
   TestCompletionCallback callback;
 
   QuicServerId server_id("www.google.com", 443, PRIVACY_MODE_DISABLED);
-  scoped_ptr<QuicServerInfo> quic_server_info(
+  std::unique_ptr<QuicServerInfo> quic_server_info(
       new DiskCacheBasedQuicServerInfo(server_id, cache.http_cache()));
   EXPECT_FALSE(quic_server_info->IsDataReady());
   quic_server_info->Start();
@@ -425,10 +426,10 @@ TEST(DiskCacheBasedQuicServerInfo, MultiplePersist) {
 
 TEST(DiskCacheBasedQuicServerInfo, CancelWaitForDataReady) {
   MockBlockingBackendFactory* factory = new MockBlockingBackendFactory();
-  MockHttpCache cache(make_scoped_ptr(factory));
+  MockHttpCache cache(base::WrapUnique(factory));
   TestCompletionCallback callback;
   QuicServerId server_id("www.google.com", 443, PRIVACY_MODE_DISABLED);
-  scoped_ptr<QuicServerInfo> quic_server_info(
+  std::unique_ptr<QuicServerInfo> quic_server_info(
       new DiskCacheBasedQuicServerInfo(server_id, cache.http_cache()));
   EXPECT_FALSE(quic_server_info->IsDataReady());
   quic_server_info->Start();
@@ -448,7 +449,7 @@ TEST(DiskCacheBasedQuicServerInfo, CancelWaitForDataReadyButDataIsReady) {
   TestCompletionCallback callback;
 
   QuicServerId server_id("www.google.com", 443, PRIVACY_MODE_DISABLED);
-  scoped_ptr<QuicServerInfo> quic_server_info(
+  std::unique_ptr<QuicServerInfo> quic_server_info(
       new DiskCacheBasedQuicServerInfo(server_id, cache.http_cache()));
   EXPECT_FALSE(quic_server_info->IsDataReady());
   quic_server_info->Start();
@@ -460,7 +461,7 @@ TEST(DiskCacheBasedQuicServerInfo, CancelWaitForDataReadyButDataIsReady) {
 }
 
 TEST(DiskCacheBasedQuicServerInfo, CancelWaitForDataReadyAfterDeleteCache) {
-  scoped_ptr<QuicServerInfo> quic_server_info;
+  std::unique_ptr<QuicServerInfo> quic_server_info;
   {
     MockHttpCache cache;
     AddMockTransaction(&kHostInfoTransaction1);
@@ -487,7 +488,7 @@ TEST(DiskCacheBasedQuicServerInfo, StartAndPersist) {
   AddMockTransaction(&kHostInfoTransaction1);
 
   QuicServerId server_id("www.google.com", 443, PRIVACY_MODE_DISABLED);
-  scoped_ptr<QuicServerInfo> quic_server_info(
+  std::unique_ptr<QuicServerInfo> quic_server_info(
       new DiskCacheBasedQuicServerInfo(server_id, cache.http_cache()));
   EXPECT_FALSE(quic_server_info->IsDataReady());
   quic_server_info->Start();
@@ -549,12 +550,12 @@ TEST(DiskCacheBasedQuicServerInfo, StartAndPersist) {
 // persists the data when Start() finishes.
 TEST(DiskCacheBasedQuicServerInfo, PersistWhenNotReadyToPersist) {
   MockBlockingBackendFactory* factory = new MockBlockingBackendFactory();
-  MockHttpCache cache(make_scoped_ptr(factory));
+  MockHttpCache cache(base::WrapUnique(factory));
   AddMockTransaction(&kHostInfoTransaction1);
   TestCompletionCallback callback;
 
   QuicServerId server_id("www.google.com", 443, PRIVACY_MODE_DISABLED);
-  scoped_ptr<QuicServerInfo> quic_server_info(
+  std::unique_ptr<QuicServerInfo> quic_server_info(
       new DiskCacheBasedQuicServerInfo(server_id, cache.http_cache()));
   EXPECT_FALSE(quic_server_info->IsDataReady());
   // We do a Start(), but don't call WaitForDataReady(). Because we haven't
@@ -615,7 +616,7 @@ TEST(DiskCacheBasedQuicServerInfo, MultiplePersistsWithoutWaiting) {
   TestCompletionCallback callback;
 
   QuicServerId server_id("www.google.com", 443, PRIVACY_MODE_DISABLED);
-  scoped_ptr<QuicServerInfo> quic_server_info(
+  std::unique_ptr<QuicServerInfo> quic_server_info(
       new DiskCacheBasedQuicServerInfo(server_id, cache.http_cache()));
   EXPECT_FALSE(quic_server_info->IsDataReady());
   quic_server_info->Start();
@@ -696,7 +697,7 @@ TEST(DiskCacheBasedQuicServerInfo, DeleteServerInfoInCallback) {
   // Use the blocking mock backend factory to force asynchronous completion
   // of quic_server_info->WaitForDataReady(), so that the callback will run.
   MockBlockingBackendFactory* factory = new MockBlockingBackendFactory();
-  MockHttpCache cache(make_scoped_ptr(factory));
+  MockHttpCache cache(base::WrapUnique(factory));
   QuicServerId server_id("www.verisign.com", 443, PRIVACY_MODE_DISABLED);
   QuicServerInfo* quic_server_info =
       new DiskCacheBasedQuicServerInfo(server_id, cache.http_cache());
diff --git a/chromium/net/http/failing_http_transaction_factory.cc b/chromium/net/http/failing_http_transaction_factory.cc
index be824076278..05b1a889db9 100644
--- a/chromium/net/http/failing_http_transaction_factory.cc
+++ b/chromium/net/http/failing_http_transaction_factory.cc
@@ -11,7 +11,7 @@
 #include "base/location.h"
 #include "base/logging.h"
 #include "base/single_thread_task_runner.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/load_timing_info.h"
 #include "net/base/net_error_details.h"
 #include "net/base/upload_progress.h"
@@ -207,7 +207,7 @@ FailingHttpTransactionFactory::~FailingHttpTransactionFactory() {}
 // HttpTransactionFactory:
 int FailingHttpTransactionFactory::CreateTransaction(
     RequestPriority priority,
-    scoped_ptr<HttpTransaction>* trans) {
+    std::unique_ptr<HttpTransaction>* trans) {
   trans->reset(new FailingHttpTransaction(error_));
   return OK;
 }
diff --git a/chromium/net/http/failing_http_transaction_factory.h b/chromium/net/http/failing_http_transaction_factory.h
index dd4a811151d..6b85d28d841 100644
--- a/chromium/net/http/failing_http_transaction_factory.h
+++ b/chromium/net/http/failing_http_transaction_factory.h
@@ -5,7 +5,8 @@
 #ifndef NET_FAILING_HTTP_TRANSACTION_FACTORY_H_
 #define NET_FAILING_HTTP_TRANSACTION_FACTORY_H_
 
-#include "base/memory/scoped_ptr.h"
+#include <memory>
+
 #include "net/base/net_errors.h"
 #include "net/base/request_priority.h"
 #include "net/http/http_transaction.h"
@@ -27,7 +28,7 @@ class NET_EXPORT FailingHttpTransactionFactory : public HttpTransactionFactory {
 
   // HttpTransactionFactory:
   int CreateTransaction(RequestPriority priority,
-                        scoped_ptr<HttpTransaction>* trans) override;
+                        std::unique_ptr<HttpTransaction>* trans) override;
   HttpCache* GetCache() override;
   HttpNetworkSession* GetSession() override;
 
diff --git a/chromium/net/http/http_auth.cc b/chromium/net/http/http_auth.cc
index 570d8f7f5a9..738c1b8d7d0 100644
--- a/chromium/net/http/http_auth.cc
+++ b/chromium/net/http/http_auth.cc
@@ -30,17 +30,17 @@ void HttpAuth::ChooseBestChallenge(
     const GURL& origin,
     const std::set<Scheme>& disabled_schemes,
     const BoundNetLog& net_log,
-    scoped_ptr<HttpAuthHandler>* handler) {
+    std::unique_ptr<HttpAuthHandler>* handler) {
   DCHECK(http_auth_handler_factory);
   DCHECK(handler->get() == NULL);
 
   // Choose the challenge whose authentication handler gives the maximum score.
-  scoped_ptr<HttpAuthHandler> best;
+  std::unique_ptr<HttpAuthHandler> best;
   const std::string header_name = GetChallengeHeaderName(target);
   std::string cur_challenge;
   size_t iter = 0;
   while (response_headers.EnumerateHeader(&iter, header_name, &cur_challenge)) {
-    scoped_ptr<HttpAuthHandler> cur;
+    std::unique_ptr<HttpAuthHandler> cur;
     int rv = http_auth_handler_factory->CreateAuthHandlerFromString(
         cur_challenge, target, ssl_info, origin, net_log, &cur);
     if (rv != OK) {
diff --git a/chromium/net/http/http_auth.h b/chromium/net/http/http_auth.h
index f804a4d13bd..464a39e1b79 100644
--- a/chromium/net/http/http_auth.h
+++ b/chromium/net/http/http_auth.h
@@ -5,10 +5,10 @@
 #ifndef NET_HTTP_HTTP_AUTH_H_
 #define NET_HTTP_HTTP_AUTH_H_
 
+#include <memory>
 #include <set>
 #include <string>
 
-#include "base/memory/scoped_ptr.h"
 #include "net/base/auth.h"
 #include "net/base/net_export.h"
 #include "net/http/http_util.h"
@@ -143,7 +143,7 @@ class NET_EXPORT_PRIVATE HttpAuth {
       const GURL& origin,
       const std::set<Scheme>& disabled_schemes,
       const BoundNetLog& net_log,
-      scoped_ptr<HttpAuthHandler>* handler);
+      std::unique_ptr<HttpAuthHandler>* handler);
 
   // Handle a 401/407 response from a server/proxy after a previous
   // authentication attempt. For connection-based authentication schemes, the
diff --git a/chromium/net/http/http_auth_cache_unittest.cc b/chromium/net/http/http_auth_cache_unittest.cc
index cb7d640f829..c0509ce1d50 100644
--- a/chromium/net/http/http_auth_cache_unittest.cc
+++ b/chromium/net/http/http_auth_cache_unittest.cc
@@ -87,28 +87,22 @@ TEST(HttpAuthCacheTest, Basic) {
   // Add cache entries for 4 realms: "Realm1", "Realm2", "Realm3" and
   // "Realm4"
 
-  scoped_ptr<HttpAuthHandler> realm1_handler(
-      new MockAuthHandler(HttpAuth::AUTH_SCHEME_BASIC,
-                          kRealm1,
-                          HttpAuth::AUTH_SERVER));
+  std::unique_ptr<HttpAuthHandler> realm1_handler(new MockAuthHandler(
+      HttpAuth::AUTH_SCHEME_BASIC, kRealm1, HttpAuth::AUTH_SERVER));
   cache.Add(origin, realm1_handler->realm(), realm1_handler->auth_scheme(),
             "Basic realm=Realm1",
             CreateASCIICredentials("realm1-user", "realm1-password"),
             "/foo/bar/index.html");
 
-  scoped_ptr<HttpAuthHandler> realm2_handler(
-      new MockAuthHandler(HttpAuth::AUTH_SCHEME_BASIC,
-                          kRealm2,
-                          HttpAuth::AUTH_SERVER));
+  std::unique_ptr<HttpAuthHandler> realm2_handler(new MockAuthHandler(
+      HttpAuth::AUTH_SCHEME_BASIC, kRealm2, HttpAuth::AUTH_SERVER));
   cache.Add(origin, realm2_handler->realm(), realm2_handler->auth_scheme(),
             "Basic realm=Realm2",
             CreateASCIICredentials("realm2-user", "realm2-password"),
             "/foo2/index.html");
 
-  scoped_ptr<HttpAuthHandler> realm3_basic_handler(
-      new MockAuthHandler(HttpAuth::AUTH_SCHEME_BASIC,
-                          kRealm3,
-                          HttpAuth::AUTH_PROXY));
+  std::unique_ptr<HttpAuthHandler> realm3_basic_handler(new MockAuthHandler(
+      HttpAuth::AUTH_SCHEME_BASIC, kRealm3, HttpAuth::AUTH_PROXY));
   cache.Add(
       origin,
       realm3_basic_handler->realm(),
@@ -117,20 +111,16 @@ TEST(HttpAuthCacheTest, Basic) {
       CreateASCIICredentials("realm3-basic-user", "realm3-basic-password"),
       std::string());
 
-  scoped_ptr<HttpAuthHandler> realm3_digest_handler(
-      new MockAuthHandler(HttpAuth::AUTH_SCHEME_DIGEST,
-                          kRealm3,
-                          HttpAuth::AUTH_PROXY));
+  std::unique_ptr<HttpAuthHandler> realm3_digest_handler(new MockAuthHandler(
+      HttpAuth::AUTH_SCHEME_DIGEST, kRealm3, HttpAuth::AUTH_PROXY));
   cache.Add(origin, realm3_digest_handler->realm(),
             realm3_digest_handler->auth_scheme(), "Digest realm=Realm3",
             CreateASCIICredentials("realm3-digest-user",
                                    "realm3-digest-password"),
             "/baz/index.html");
 
-  scoped_ptr<HttpAuthHandler> realm4_basic_handler(
-      new MockAuthHandler(HttpAuth::AUTH_SCHEME_BASIC,
-                          kRealm4,
-                          HttpAuth::AUTH_SERVER));
+  std::unique_ptr<HttpAuthHandler> realm4_basic_handler(new MockAuthHandler(
+      HttpAuth::AUTH_SCHEME_BASIC, kRealm4, HttpAuth::AUTH_SERVER));
   cache.Add(origin, realm4_basic_handler->realm(),
             realm4_basic_handler->auth_scheme(), "Basic realm=Realm4",
             CreateASCIICredentials("realm4-basic-user",
@@ -281,9 +271,8 @@ TEST(HttpAuthCacheTest, AddToExistingEntry) {
   GURL origin("http://www.foobar.com:70");
   const std::string auth_challenge = "Basic realm=MyRealm";
 
-  scoped_ptr<HttpAuthHandler> handler(
-      new MockAuthHandler(
-          HttpAuth::AUTH_SCHEME_BASIC, "MyRealm", HttpAuth::AUTH_SERVER));
+  std::unique_ptr<HttpAuthHandler> handler(new MockAuthHandler(
+      HttpAuth::AUTH_SCHEME_BASIC, "MyRealm", HttpAuth::AUTH_SERVER));
   HttpAuthCache::Entry* orig_entry = cache.Add(
       origin, handler->realm(), handler->auth_scheme(), auth_challenge,
       CreateASCIICredentials("user1", "password1"), "/x/y/z/");
@@ -307,21 +296,17 @@ TEST(HttpAuthCacheTest, AddToExistingEntry) {
 TEST(HttpAuthCacheTest, Remove) {
   GURL origin("http://foobar2.com");
 
-  scoped_ptr<HttpAuthHandler> realm1_handler(
-      new MockAuthHandler(
-          HttpAuth::AUTH_SCHEME_BASIC, kRealm1, HttpAuth::AUTH_SERVER));
+  std::unique_ptr<HttpAuthHandler> realm1_handler(new MockAuthHandler(
+      HttpAuth::AUTH_SCHEME_BASIC, kRealm1, HttpAuth::AUTH_SERVER));
 
-  scoped_ptr<HttpAuthHandler> realm2_handler(
-      new MockAuthHandler(
-          HttpAuth::AUTH_SCHEME_BASIC, kRealm2, HttpAuth::AUTH_SERVER));
+  std::unique_ptr<HttpAuthHandler> realm2_handler(new MockAuthHandler(
+      HttpAuth::AUTH_SCHEME_BASIC, kRealm2, HttpAuth::AUTH_SERVER));
 
-  scoped_ptr<HttpAuthHandler> realm3_basic_handler(
-      new MockAuthHandler(
-          HttpAuth::AUTH_SCHEME_BASIC, kRealm3, HttpAuth::AUTH_SERVER));
+  std::unique_ptr<HttpAuthHandler> realm3_basic_handler(new MockAuthHandler(
+      HttpAuth::AUTH_SCHEME_BASIC, kRealm3, HttpAuth::AUTH_SERVER));
 
-  scoped_ptr<HttpAuthHandler> realm3_digest_handler(
-      new MockAuthHandler(
-          HttpAuth::AUTH_SCHEME_DIGEST, kRealm3, HttpAuth::AUTH_SERVER));
+  std::unique_ptr<HttpAuthHandler> realm3_digest_handler(new MockAuthHandler(
+      HttpAuth::AUTH_SCHEME_DIGEST, kRealm3, HttpAuth::AUTH_SERVER));
 
   HttpAuthCache cache;
   cache.Add(origin, realm1_handler->realm(), realm1_handler->auth_scheme(),
@@ -395,9 +380,8 @@ TEST(HttpAuthCacheTest, Remove) {
 TEST(HttpAuthCacheTest, UpdateStaleChallenge) {
   HttpAuthCache cache;
   GURL origin("http://foobar2.com");
-  scoped_ptr<HttpAuthHandler> digest_handler(
-      new MockAuthHandler(
-          HttpAuth::AUTH_SCHEME_DIGEST, kRealm1, HttpAuth::AUTH_PROXY));
+  std::unique_ptr<HttpAuthHandler> digest_handler(new MockAuthHandler(
+      HttpAuth::AUTH_SCHEME_DIGEST, kRealm1, HttpAuth::AUTH_PROXY));
   HttpAuthCache::Entry* entry_pre = cache.Add(
       origin,
       digest_handler->realm(),
@@ -446,21 +430,17 @@ TEST(HttpAuthCacheTest, UpdateAllFrom) {
   std::string path("/some/path");
   std::string another_path("/another/path");
 
-  scoped_ptr<HttpAuthHandler> realm1_handler(
-      new MockAuthHandler(
-          HttpAuth::AUTH_SCHEME_BASIC, kRealm1, HttpAuth::AUTH_SERVER));
+  std::unique_ptr<HttpAuthHandler> realm1_handler(new MockAuthHandler(
+      HttpAuth::AUTH_SCHEME_BASIC, kRealm1, HttpAuth::AUTH_SERVER));
 
-  scoped_ptr<HttpAuthHandler> realm2_handler(
-      new MockAuthHandler(
-          HttpAuth::AUTH_SCHEME_BASIC, kRealm2, HttpAuth::AUTH_PROXY));
+  std::unique_ptr<HttpAuthHandler> realm2_handler(new MockAuthHandler(
+      HttpAuth::AUTH_SCHEME_BASIC, kRealm2, HttpAuth::AUTH_PROXY));
 
-  scoped_ptr<HttpAuthHandler> realm3_digest_handler(
-      new MockAuthHandler(
-          HttpAuth::AUTH_SCHEME_DIGEST, kRealm3, HttpAuth::AUTH_SERVER));
+  std::unique_ptr<HttpAuthHandler> realm3_digest_handler(new MockAuthHandler(
+      HttpAuth::AUTH_SCHEME_DIGEST, kRealm3, HttpAuth::AUTH_SERVER));
 
-  scoped_ptr<HttpAuthHandler> realm4_handler(
-      new MockAuthHandler(
-          HttpAuth::AUTH_SCHEME_BASIC, kRealm4, HttpAuth::AUTH_SERVER));
+  std::unique_ptr<HttpAuthHandler> realm4_handler(new MockAuthHandler(
+      HttpAuth::AUTH_SCHEME_BASIC, kRealm4, HttpAuth::AUTH_SERVER));
 
   HttpAuthCache first_cache;
   HttpAuthCache::Entry* entry;
diff --git a/chromium/net/http/http_auth_controller.cc b/chromium/net/http/http_auth_controller.cc
index fa7d5aeb61b..d5c0c891da6 100644
--- a/chromium/net/http/http_auth_controller.cc
+++ b/chromium/net/http/http_auth_controller.cc
@@ -186,7 +186,7 @@ bool HttpAuthController::SelectPreemptiveAuth(const BoundNetLog& net_log) {
     return false;
 
   // Try to create a handler using the previous auth challenge.
-  scoped_ptr<HttpAuthHandler> handler_preemptive;
+  std::unique_ptr<HttpAuthHandler> handler_preemptive;
   int rv_create = http_auth_handler_factory_->
       CreatePreemptiveAuthHandlerFromString(entry->auth_challenge(), target_,
                                             auth_origin_,
@@ -465,7 +465,7 @@ void HttpAuthController::PopulateAuthChallenge() {
 
   auth_info_ = new AuthChallengeInfo;
   auth_info_->is_proxy = (target_ == HttpAuth::AUTH_PROXY);
-  auth_info_->challenger = HostPortPair::FromURL(auth_origin_);
+  auth_info_->challenger = url::Origin(auth_origin_);
   auth_info_->scheme = HttpAuth::SchemeToString(handler_->auth_scheme());
   auth_info_->realm = handler_->realm();
 }
diff --git a/chromium/net/http/http_auth_controller.h b/chromium/net/http/http_auth_controller.h
index 9b016f73c18..04f3264e70c 100644
--- a/chromium/net/http/http_auth_controller.h
+++ b/chromium/net/http/http_auth_controller.h
@@ -5,11 +5,11 @@
 #ifndef NET_HTTP_HTTP_AUTH_CONTROLLER_H_
 #define NET_HTTP_HTTP_AUTH_CONTROLLER_H_
 
+#include <memory>
 #include <set>
 #include <string>
 
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/threading/non_thread_safe.h"
 #include "net/base/completion_callback.h"
 #include "net/base/net_export.h"
@@ -133,7 +133,7 @@ class NET_EXPORT_PRIVATE HttpAuthController
   // |handler_| encapsulates the logic for the particular auth-scheme.
   // This includes the challenge's parameters. If NULL, then there is no
   // associated auth handler.
-  scoped_ptr<HttpAuthHandler> handler_;
+  std::unique_ptr<HttpAuthHandler> handler_;
 
   // |identity_| holds the credentials that should be used by
   // the handler_ to generate challenge responses. This identity can come from
diff --git a/chromium/net/http/http_auth_filter_unittest.cc b/chromium/net/http/http_auth_filter_unittest.cc
index a23d73b8b17..40d67ce799a 100644
--- a/chromium/net/http/http_auth_filter_unittest.cc
+++ b/chromium/net/http/http_auth_filter_unittest.cc
@@ -2,10 +2,11 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "net/http/http_auth_filter.h"
+
+#include <memory>
 #include <ostream>
 
-#include "base/memory/scoped_ptr.h"
-#include "net/http/http_auth_filter.h"
 #include "testing/gtest/include/gtest/gtest.h"
 #include "url/gurl.h"
 
diff --git a/chromium/net/http/http_auth_gssapi_posix_unittest.cc b/chromium/net/http/http_auth_gssapi_posix_unittest.cc
index 82087010b20..21eecacf35b 100644
--- a/chromium/net/http/http_auth_gssapi_posix_unittest.cc
+++ b/chromium/net/http/http_auth_gssapi_posix_unittest.cc
@@ -4,8 +4,9 @@
 
 #include "net/http/http_auth_gssapi_posix.h"
 
+#include <memory>
+
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/native_library.h"
 #include "net/base/net_errors.h"
 #include "net/http/http_auth_challenge_tokenizer.h"
@@ -82,21 +83,22 @@ TEST(HttpAuthGSSAPIPOSIXTest, GSSAPIStartup) {
   // TODO(ahendrickson): Manipulate the libraries and paths to test each of the
   // libraries we expect, and also whether or not they have the interface
   // functions we want.
-  scoped_ptr<GSSAPILibrary> gssapi(new GSSAPISharedLibrary(std::string()));
+  std::unique_ptr<GSSAPILibrary> gssapi(new GSSAPISharedLibrary(std::string()));
   DCHECK(gssapi.get());
   EXPECT_TRUE(gssapi.get()->Init());
 }
 
 #if defined(DLOPEN_KERBEROS)
 TEST(HttpAuthGSSAPIPOSIXTest, GSSAPILoadCustomLibrary) {
-  scoped_ptr<GSSAPILibrary> gssapi(
+  std::unique_ptr<GSSAPILibrary> gssapi(
       new GSSAPISharedLibrary("/this/library/does/not/exist"));
   EXPECT_FALSE(gssapi.get()->Init());
 }
 #endif  // defined(DLOPEN_KERBEROS)
 
 TEST(HttpAuthGSSAPIPOSIXTest, GSSAPICycle) {
-  scoped_ptr<test::MockGSSAPILibrary> mock_library(new test::MockGSSAPILibrary);
+  std::unique_ptr<test::MockGSSAPILibrary> mock_library(
+      new test::MockGSSAPILibrary);
   DCHECK(mock_library.get());
   mock_library->Init();
   const char kAuthResponse[] = "Mary had a little lamb";
diff --git a/chromium/net/http/http_auth_handler_basic.cc b/chromium/net/http/http_auth_handler_basic.cc
index c5a1d235315..276c128b125 100644
--- a/chromium/net/http/http_auth_handler_basic.cc
+++ b/chromium/net/http/http_auth_handler_basic.cc
@@ -115,10 +115,10 @@ int HttpAuthHandlerBasic::Factory::CreateAuthHandler(
     CreateReason reason,
     int digest_nonce_count,
     const BoundNetLog& net_log,
-    scoped_ptr<HttpAuthHandler>* handler) {
+    std::unique_ptr<HttpAuthHandler>* handler) {
   // TODO(cbentzel): Move towards model of parsing in the factory
   //                 method and only constructing when valid.
-  scoped_ptr<HttpAuthHandler> tmp_handler(new HttpAuthHandlerBasic());
+  std::unique_ptr<HttpAuthHandler> tmp_handler(new HttpAuthHandlerBasic());
   if (!tmp_handler->InitFromChallenge(challenge, target, ssl_info, origin,
                                       net_log))
     return ERR_INVALID_RESPONSE;
diff --git a/chromium/net/http/http_auth_handler_basic.h b/chromium/net/http/http_auth_handler_basic.h
index 9ad311a2dca..98415f14b66 100644
--- a/chromium/net/http/http_auth_handler_basic.h
+++ b/chromium/net/http/http_auth_handler_basic.h
@@ -28,7 +28,7 @@ class NET_EXPORT_PRIVATE HttpAuthHandlerBasic : public HttpAuthHandler {
                           CreateReason reason,
                           int digest_nonce_count,
                           const BoundNetLog& net_log,
-                          scoped_ptr<HttpAuthHandler>* handler) override;
+                          std::unique_ptr<HttpAuthHandler>* handler) override;
   };
 
   HttpAuth::AuthorizationResult HandleAnotherChallenge(
diff --git a/chromium/net/http/http_auth_handler_basic_unittest.cc b/chromium/net/http/http_auth_handler_basic_unittest.cc
index 0b0e115c559..4b8c9ff5a99 100644
--- a/chromium/net/http/http_auth_handler_basic_unittest.cc
+++ b/chromium/net/http/http_auth_handler_basic_unittest.cc
@@ -2,15 +2,16 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "net/http/http_auth_handler_basic.h"
+
+#include <memory>
 #include <string>
 
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_util.h"
 #include "base/strings/utf_string_conversions.h"
 #include "net/base/net_errors.h"
 #include "net/base/test_completion_callback.h"
 #include "net/http/http_auth_challenge_tokenizer.h"
-#include "net/http/http_auth_handler_basic.h"
 #include "net/http/http_request_info.h"
 #include "net/ssl/ssl_info.h"
 #include "testing/gtest/include/gtest/gtest.h"
@@ -36,7 +37,7 @@ TEST(HttpAuthHandlerBasicTest, GenerateAuthToken) {
   for (size_t i = 0; i < arraysize(tests); ++i) {
     std::string challenge = "Basic realm=\"Atlantis\"";
     SSLInfo null_ssl_info;
-    scoped_ptr<HttpAuthHandler> basic;
+    std::unique_ptr<HttpAuthHandler> basic;
     EXPECT_EQ(OK, factory.CreateAuthHandlerFromString(
                       challenge, HttpAuth::AUTH_SERVER, null_ssl_info, origin,
                       BoundNetLog(), &basic));
@@ -90,7 +91,7 @@ TEST(HttpAuthHandlerBasicTest, HandleAnotherChallenge) {
   GURL origin("http://www.example.com");
   HttpAuthHandlerBasic::Factory factory;
   SSLInfo null_ssl_info;
-  scoped_ptr<HttpAuthHandler> basic;
+  std::unique_ptr<HttpAuthHandler> basic;
   EXPECT_EQ(OK, factory.CreateAuthHandlerFromString(
                     tests[0].challenge, HttpAuth::AUTH_SERVER, null_ssl_info,
                     origin, BoundNetLog(), &basic));
@@ -191,7 +192,7 @@ TEST(HttpAuthHandlerBasicTest, InitFromChallenge) {
   for (size_t i = 0; i < arraysize(tests); ++i) {
     std::string challenge = tests[i].challenge;
     SSLInfo null_ssl_info;
-    scoped_ptr<HttpAuthHandler> basic;
+    std::unique_ptr<HttpAuthHandler> basic;
     int rv = factory.CreateAuthHandlerFromString(
         challenge, HttpAuth::AUTH_SERVER, null_ssl_info, origin, BoundNetLog(),
         &basic);
diff --git a/chromium/net/http/http_auth_handler_digest.cc b/chromium/net/http/http_auth_handler_digest.cc
index eb03ad75b1e..e4c8c16f0f0 100644
--- a/chromium/net/http/http_auth_handler_digest.cc
+++ b/chromium/net/http/http_auth_handler_digest.cc
@@ -98,10 +98,10 @@ int HttpAuthHandlerDigest::Factory::CreateAuthHandler(
     CreateReason reason,
     int digest_nonce_count,
     const BoundNetLog& net_log,
-    scoped_ptr<HttpAuthHandler>* handler) {
+    std::unique_ptr<HttpAuthHandler>* handler) {
   // TODO(cbentzel): Move towards model of parsing in the factory
   //                 method and only constructing when valid.
-  scoped_ptr<HttpAuthHandler> tmp_handler(
+  std::unique_ptr<HttpAuthHandler> tmp_handler(
       new HttpAuthHandlerDigest(digest_nonce_count, nonce_generator_.get()));
   if (!tmp_handler->InitFromChallenge(challenge, target, ssl_info, origin,
                                       net_log))
diff --git a/chromium/net/http/http_auth_handler_digest.h b/chromium/net/http/http_auth_handler_digest.h
index 2b98946e8ba..c5c172ab967 100644
--- a/chromium/net/http/http_auth_handler_digest.h
+++ b/chromium/net/http/http_auth_handler_digest.h
@@ -5,11 +5,11 @@
 #ifndef NET_HTTP_HTTP_AUTH_HANDLER_DIGEST_H_
 #define NET_HTTP_HTTP_AUTH_HANDLER_DIGEST_H_
 
+#include <memory>
 #include <string>
 
 #include "base/gtest_prod_util.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 #include "net/http/http_auth_handler.h"
 #include "net/http/http_auth_handler_factory.h"
@@ -72,10 +72,10 @@ class NET_EXPORT_PRIVATE HttpAuthHandlerDigest : public HttpAuthHandler {
                           CreateReason reason,
                           int digest_nonce_count,
                           const BoundNetLog& net_log,
-                          scoped_ptr<HttpAuthHandler>* handler) override;
+                          std::unique_ptr<HttpAuthHandler>* handler) override;
 
    private:
-    scoped_ptr<const NonceGenerator> nonce_generator_;
+    std::unique_ptr<const NonceGenerator> nonce_generator_;
   };
 
   HttpAuth::AuthorizationResult HandleAnotherChallenge(
diff --git a/chromium/net/http/http_auth_handler_digest_unittest.cc b/chromium/net/http/http_auth_handler_digest_unittest.cc
index 92e3455072d..3f7e44211a0 100644
--- a/chromium/net/http/http_auth_handler_digest_unittest.cc
+++ b/chromium/net/http/http_auth_handler_digest_unittest.cc
@@ -45,12 +45,12 @@ bool RespondToChallenge(HttpAuth::Target target,
   EXPECT_FALSE(challenge.empty());
 
   token->clear();
-  scoped_ptr<HttpAuthHandlerDigest::Factory> factory(
+  std::unique_ptr<HttpAuthHandlerDigest::Factory> factory(
       new HttpAuthHandlerDigest::Factory());
   HttpAuthHandlerDigest::NonceGenerator* nonce_generator =
       new HttpAuthHandlerDigest::FixedNonceGenerator("client_nonce");
   factory->set_nonce_generator(nonce_generator);
-  scoped_ptr<HttpAuthHandler> handler;
+  std::unique_ptr<HttpAuthHandler> handler;
 
   // Create a handler for a particular challenge.
   SSLInfo null_ssl_info;
@@ -68,7 +68,7 @@ bool RespondToChallenge(HttpAuth::Target target,
   // completes synchronously. That's why this test can get away with a
   // TestCompletionCallback without an IO thread.
   TestCompletionCallback callback;
-  scoped_ptr<HttpRequestInfo> request(new HttpRequestInfo());
+  std::unique_ptr<HttpRequestInfo> request(new HttpRequestInfo());
   request->url = GURL(request_url);
   AuthCredentials credentials(base::ASCIIToUTF16("foo"),
                               base::ASCIIToUTF16("bar"));
@@ -351,11 +351,11 @@ TEST(HttpAuthHandlerDigestTest, ParseChallenge) {
   };
 
   GURL origin("http://www.example.com");
-  scoped_ptr<HttpAuthHandlerDigest::Factory> factory(
+  std::unique_ptr<HttpAuthHandlerDigest::Factory> factory(
       new HttpAuthHandlerDigest::Factory());
   for (size_t i = 0; i < arraysize(tests); ++i) {
     SSLInfo null_ssl_info;
-    scoped_ptr<HttpAuthHandler> handler;
+    std::unique_ptr<HttpAuthHandler> handler;
     int rv = factory->CreateAuthHandlerFromString(
         tests[i].challenge, HttpAuth::AUTH_SERVER, null_ssl_info, origin,
         BoundNetLog(), &handler);
@@ -515,11 +515,11 @@ TEST(HttpAuthHandlerDigestTest, AssembleCredentials) {
     }
   };
   GURL origin("http://www.example.com");
-  scoped_ptr<HttpAuthHandlerDigest::Factory> factory(
+  std::unique_ptr<HttpAuthHandlerDigest::Factory> factory(
       new HttpAuthHandlerDigest::Factory());
   for (size_t i = 0; i < arraysize(tests); ++i) {
     SSLInfo null_ssl_info;
-    scoped_ptr<HttpAuthHandler> handler;
+    std::unique_ptr<HttpAuthHandler> handler;
     int rv = factory->CreateAuthHandlerFromString(
         tests[i].challenge, HttpAuth::AUTH_SERVER, null_ssl_info, origin,
         BoundNetLog(), &handler);
@@ -542,9 +542,9 @@ TEST(HttpAuthHandlerDigestTest, AssembleCredentials) {
 }
 
 TEST(HttpAuthHandlerDigest, HandleAnotherChallenge) {
-  scoped_ptr<HttpAuthHandlerDigest::Factory> factory(
+  std::unique_ptr<HttpAuthHandlerDigest::Factory> factory(
       new HttpAuthHandlerDigest::Factory());
-  scoped_ptr<HttpAuthHandler> handler;
+  std::unique_ptr<HttpAuthHandler> handler;
   std::string default_challenge =
       "Digest realm=\"Oblivion\", nonce=\"nonce-value\"";
   GURL origin("intranet.google.com");
diff --git a/chromium/net/http/http_auth_handler_factory.cc b/chromium/net/http/http_auth_handler_factory.cc
index af682e12d98..a30f7e62469 100644
--- a/chromium/net/http/http_auth_handler_factory.cc
+++ b/chromium/net/http/http_auth_handler_factory.cc
@@ -4,6 +4,7 @@
 
 #include "net/http/http_auth_handler_factory.h"
 
+#include "base/memory/ptr_util.h"
 #include "base/stl_util.h"
 #include "base/strings/string_util.h"
 #include "net/base/net_errors.h"
@@ -28,7 +29,7 @@ int HttpAuthHandlerFactory::CreateAuthHandlerFromString(
     const SSLInfo& ssl_info,
     const GURL& origin,
     const BoundNetLog& net_log,
-    scoped_ptr<HttpAuthHandler>* handler) {
+    std::unique_ptr<HttpAuthHandler>* handler) {
   HttpAuthChallengeTokenizer props(challenge.begin(), challenge.end());
   return CreateAuthHandler(&props, target, ssl_info, origin, CREATE_CHALLENGE,
                            1, net_log, handler);
@@ -40,7 +41,7 @@ int HttpAuthHandlerFactory::CreatePreemptiveAuthHandlerFromString(
     const GURL& origin,
     int digest_nonce_count,
     const BoundNetLog& net_log,
-    scoped_ptr<HttpAuthHandler>* handler) {
+    std::unique_ptr<HttpAuthHandler>* handler) {
   HttpAuthChallengeTokenizer props(challenge.begin(), challenge.end());
   SSLInfo null_ssl_info;
   return CreateAuthHandler(&props, target, null_ssl_info, origin,
@@ -60,10 +61,10 @@ const char* const kDefaultAuthSchemes[] = {kBasicAuthScheme, kDigestAuthScheme,
 // should only be used to create the factories. It should not be passed
 // to the registry factory or its children as the preferences they should
 // use.
-scoped_ptr<HttpAuthHandlerRegistryFactory> CreateAuthHandlerRegistryFactory(
-    const HttpAuthPreferences& prefs,
-    HostResolver* host_resolver) {
-  scoped_ptr<HttpAuthHandlerRegistryFactory> registry_factory(
+std::unique_ptr<HttpAuthHandlerRegistryFactory>
+CreateAuthHandlerRegistryFactory(const HttpAuthPreferences& prefs,
+                                 HostResolver* host_resolver) {
+  std::unique_ptr<HttpAuthHandlerRegistryFactory> registry_factory(
       new HttpAuthHandlerRegistryFactory());
   if (prefs.IsSupportedScheme(kBasicAuthScheme))
     registry_factory->RegisterSchemeFactory(
@@ -85,10 +86,10 @@ scoped_ptr<HttpAuthHandlerRegistryFactory> CreateAuthHandlerRegistryFactory(
     HttpAuthHandlerNegotiate::Factory* negotiate_factory =
         new HttpAuthHandlerNegotiate::Factory();
 #if defined(OS_WIN)
-    negotiate_factory->set_library(make_scoped_ptr(new SSPILibraryDefault()));
+    negotiate_factory->set_library(base::WrapUnique(new SSPILibraryDefault()));
 #elif defined(OS_POSIX) && !defined(OS_ANDROID)
     negotiate_factory->set_library(
-        make_scoped_ptr(new GSSAPISharedLibrary(prefs.GssapiLibraryName())));
+        base::WrapUnique(new GSSAPISharedLibrary(prefs.GssapiLibraryName())));
 #endif  // defined(OS_POSIX) && !defined(OS_ANDROID)
     negotiate_factory->set_host_resolver(host_resolver);
     registry_factory->RegisterSchemeFactory(kNegotiateAuthScheme,
@@ -120,7 +121,7 @@ void HttpAuthHandlerRegistryFactory::RegisterSchemeFactory(
   factory->set_http_auth_preferences(http_auth_preferences());
   std::string lower_scheme = base::ToLowerASCII(scheme);
   if (factory)
-    factory_map_[lower_scheme] = make_scoped_ptr(factory);
+    factory_map_[lower_scheme] = base::WrapUnique(factory);
   else
     factory_map_.erase(lower_scheme);
 }
@@ -136,7 +137,7 @@ HttpAuthHandlerFactory* HttpAuthHandlerRegistryFactory::GetSchemeFactory(
 }
 
 // static
-scoped_ptr<HttpAuthHandlerRegistryFactory>
+std::unique_ptr<HttpAuthHandlerRegistryFactory>
 HttpAuthHandlerFactory::CreateDefault(HostResolver* host_resolver) {
   std::vector<std::string> auth_types(std::begin(kDefaultAuthSchemes),
                                       std::end(kDefaultAuthSchemes));
@@ -150,10 +151,10 @@ HttpAuthHandlerFactory::CreateDefault(HostResolver* host_resolver) {
 }
 
 // static
-scoped_ptr<HttpAuthHandlerRegistryFactory>
+std::unique_ptr<HttpAuthHandlerRegistryFactory>
 HttpAuthHandlerRegistryFactory::Create(const HttpAuthPreferences* prefs,
                                        HostResolver* host_resolver) {
-  scoped_ptr<HttpAuthHandlerRegistryFactory> registry_factory(
+  std::unique_ptr<HttpAuthHandlerRegistryFactory> registry_factory(
       CreateAuthHandlerRegistryFactory(*prefs, host_resolver));
   registry_factory->set_http_auth_preferences(prefs);
   for (auto& factory_entry : registry_factory->factory_map_) {
@@ -170,7 +171,7 @@ int HttpAuthHandlerRegistryFactory::CreateAuthHandler(
     CreateReason reason,
     int digest_nonce_count,
     const BoundNetLog& net_log,
-    scoped_ptr<HttpAuthHandler>* handler) {
+    std::unique_ptr<HttpAuthHandler>* handler) {
   std::string scheme = challenge->scheme();
   if (scheme.empty()) {
     handler->reset();
diff --git a/chromium/net/http/http_auth_handler_factory.h b/chromium/net/http/http_auth_handler_factory.h
index 60ec3f928c5..f17adc57874 100644
--- a/chromium/net/http/http_auth_handler_factory.h
+++ b/chromium/net/http/http_auth_handler_factory.h
@@ -6,11 +6,11 @@
 #define NET_HTTP_HTTP_AUTH_HANDLER_FACTORY_H_
 
 #include <map>
+#include <memory>
 #include <string>
 #include <vector>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 #include "net/http/http_auth.h"
 #include "net/http/url_security_manager.h"
@@ -89,7 +89,7 @@ class NET_EXPORT HttpAuthHandlerFactory {
                                 CreateReason create_reason,
                                 int digest_nonce_count,
                                 const BoundNetLog& net_log,
-                                scoped_ptr<HttpAuthHandler>* handler) = 0;
+                                std::unique_ptr<HttpAuthHandler>* handler) = 0;
 
   // Creates an HTTP authentication handler based on the authentication
   // challenge string |challenge|.
@@ -101,7 +101,7 @@ class NET_EXPORT HttpAuthHandlerFactory {
                                   const SSLInfo& ssl_info,
                                   const GURL& origin,
                                   const BoundNetLog& net_log,
-                                  scoped_ptr<HttpAuthHandler>* handler);
+                                  std::unique_ptr<HttpAuthHandler>* handler);
 
   // Creates an HTTP authentication handler based on the authentication
   // challenge string |challenge|.
@@ -114,7 +114,7 @@ class NET_EXPORT HttpAuthHandlerFactory {
       const GURL& origin,
       int digest_nonce_count,
       const BoundNetLog& net_log,
-      scoped_ptr<HttpAuthHandler>* handler);
+      std::unique_ptr<HttpAuthHandler>* handler);
 
   // Creates a standard HttpAuthHandlerRegistryFactory. The caller is
   // responsible for deleting the factory.
@@ -125,7 +125,7 @@ class NET_EXPORT HttpAuthHandlerFactory {
   // non-NULL.  |resolver| must remain valid for the lifetime of the
   // HttpAuthHandlerRegistryFactory and any HttpAuthHandlers created by said
   // factory.
-  static scoped_ptr<HttpAuthHandlerRegistryFactory> CreateDefault(
+  static std::unique_ptr<HttpAuthHandlerRegistryFactory> CreateDefault(
       HostResolver* resolver);
 
  private:
@@ -175,7 +175,7 @@ class NET_EXPORT HttpAuthHandlerRegistryFactory
   // CNAME lookups to generate a Kerberos SPN for the server. If the "negotiate"
   // scheme is used and |negotiate_disable_cname_lookup| is false,
   // |host_resolver| must not be NULL.
-  static scoped_ptr<HttpAuthHandlerRegistryFactory> Create(
+  static std::unique_ptr<HttpAuthHandlerRegistryFactory> Create(
       const HttpAuthPreferences* prefs,
       HostResolver* host_resolver);
   // Creates an auth handler by dispatching out to the registered factories
@@ -187,10 +187,11 @@ class NET_EXPORT HttpAuthHandlerRegistryFactory
                         CreateReason reason,
                         int digest_nonce_count,
                         const BoundNetLog& net_log,
-                        scoped_ptr<HttpAuthHandler>* handler) override;
+                        std::unique_ptr<HttpAuthHandler>* handler) override;
 
  private:
-  using FactoryMap = std::map<std::string, scoped_ptr<HttpAuthHandlerFactory>>;
+  using FactoryMap =
+      std::map<std::string, std::unique_ptr<HttpAuthHandlerFactory>>;
 
   FactoryMap factory_map_;
   DISALLOW_COPY_AND_ASSIGN(HttpAuthHandlerRegistryFactory);
diff --git a/chromium/net/http/http_auth_handler_factory_unittest.cc b/chromium/net/http/http_auth_handler_factory_unittest.cc
index 6d851211670..6ed7c2fc9c9 100644
--- a/chromium/net/http/http_auth_handler_factory_unittest.cc
+++ b/chromium/net/http/http_auth_handler_factory_unittest.cc
@@ -2,11 +2,13 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "base/memory/scoped_ptr.h"
+#include "net/http/http_auth_handler_factory.h"
+
+#include <memory>
+
 #include "net/base/net_errors.h"
 #include "net/dns/mock_host_resolver.h"
 #include "net/http/http_auth_handler.h"
-#include "net/http/http_auth_handler_factory.h"
 #include "net/http/http_auth_scheme.h"
 #include "net/http/mock_allow_http_auth_preferences.h"
 #include "net/http/url_security_manager.h"
@@ -30,7 +32,7 @@ class MockHttpAuthHandlerFactory : public HttpAuthHandlerFactory {
                         CreateReason reason,
                         int nonce_count,
                         const BoundNetLog& net_log,
-                        scoped_ptr<HttpAuthHandler>* handler) override {
+                        std::unique_ptr<HttpAuthHandler>* handler) override {
     handler->reset();
     return return_code_;
   }
@@ -57,7 +59,7 @@ TEST(HttpAuthHandlerFactoryTest, RegistryFactory) {
   MockHttpAuthHandlerFactory* mock_factory_digest_replace =
       new MockHttpAuthHandlerFactory(kDigestReturnCodeReplace);
 
-  scoped_ptr<HttpAuthHandler> handler;
+  std::unique_ptr<HttpAuthHandler> handler;
 
   // No schemes should be supported in the beginning.
   EXPECT_EQ(ERR_UNSUPPORTED_AUTH_SCHEME,
@@ -102,9 +104,9 @@ TEST(HttpAuthHandlerFactoryTest, RegistryFactory) {
 }
 
 TEST(HttpAuthHandlerFactoryTest, DefaultFactory) {
-  scoped_ptr<HostResolver> host_resolver(new MockHostResolver());
+  std::unique_ptr<HostResolver> host_resolver(new MockHostResolver());
   MockAllowHttpAuthPreferences http_auth_preferences;
-  scoped_ptr<HttpAuthHandlerRegistryFactory> http_auth_handler_factory(
+  std::unique_ptr<HttpAuthHandlerRegistryFactory> http_auth_handler_factory(
       HttpAuthHandlerFactory::CreateDefault(host_resolver.get()));
   http_auth_handler_factory->SetHttpAuthPreferences(kNegotiateAuthScheme,
                                                     &http_auth_preferences);
@@ -112,7 +114,7 @@ TEST(HttpAuthHandlerFactoryTest, DefaultFactory) {
   GURL proxy_origin("http://cache.example.com:3128");
   SSLInfo null_ssl_info;
   {
-    scoped_ptr<HttpAuthHandler> handler;
+    std::unique_ptr<HttpAuthHandler> handler;
     int rv = http_auth_handler_factory->CreateAuthHandlerFromString(
         "Basic realm=\"FooBar\"", HttpAuth::AUTH_SERVER, null_ssl_info,
         server_origin, BoundNetLog(), &handler);
@@ -125,7 +127,7 @@ TEST(HttpAuthHandlerFactoryTest, DefaultFactory) {
     EXPECT_FALSE(handler->is_connection_based());
   }
   {
-    scoped_ptr<HttpAuthHandler> handler;
+    std::unique_ptr<HttpAuthHandler> handler;
     int rv = http_auth_handler_factory->CreateAuthHandlerFromString(
         "UNSUPPORTED realm=\"FooBar\"", HttpAuth::AUTH_SERVER, null_ssl_info,
         server_origin, BoundNetLog(), &handler);
@@ -133,7 +135,7 @@ TEST(HttpAuthHandlerFactoryTest, DefaultFactory) {
     EXPECT_TRUE(handler.get() == NULL);
   }
   {
-    scoped_ptr<HttpAuthHandler> handler;
+    std::unique_ptr<HttpAuthHandler> handler;
     int rv = http_auth_handler_factory->CreateAuthHandlerFromString(
         "Digest realm=\"FooBar\", nonce=\"xyz\"", HttpAuth::AUTH_PROXY,
         null_ssl_info, proxy_origin, BoundNetLog(), &handler);
@@ -146,7 +148,7 @@ TEST(HttpAuthHandlerFactoryTest, DefaultFactory) {
     EXPECT_FALSE(handler->is_connection_based());
   }
   {
-    scoped_ptr<HttpAuthHandler> handler;
+    std::unique_ptr<HttpAuthHandler> handler;
     int rv = http_auth_handler_factory->CreateAuthHandlerFromString(
         "NTLM", HttpAuth::AUTH_SERVER, null_ssl_info, server_origin,
         BoundNetLog(), &handler);
@@ -159,7 +161,7 @@ TEST(HttpAuthHandlerFactoryTest, DefaultFactory) {
     EXPECT_TRUE(handler->is_connection_based());
   }
   {
-    scoped_ptr<HttpAuthHandler> handler;
+    std::unique_ptr<HttpAuthHandler> handler;
     int rv = http_auth_handler_factory->CreateAuthHandlerFromString(
         "Negotiate", HttpAuth::AUTH_SERVER, null_ssl_info, server_origin,
         BoundNetLog(), &handler);
diff --git a/chromium/net/http/http_auth_handler_mock.cc b/chromium/net/http/http_auth_handler_mock.cc
index 513cbb69112..073e71c3aae 100644
--- a/chromium/net/http/http_auth_handler_mock.cc
+++ b/chromium/net/http/http_auth_handler_mock.cc
@@ -6,9 +6,10 @@
 
 #include "base/bind.h"
 #include "base/location.h"
+#include "base/memory/ptr_util.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/string_util.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/net_errors.h"
 #include "net/http/http_auth_challenge_tokenizer.h"
 #include "net/http/http_request_info.h"
@@ -162,7 +163,7 @@ HttpAuthHandlerMock::Factory::~Factory() {
 
 void HttpAuthHandlerMock::Factory::AddMockHandler(
     HttpAuthHandler* handler, HttpAuth::Target target) {
-  handlers_[target].push_back(make_scoped_ptr(handler));
+  handlers_[target].push_back(base::WrapUnique(handler));
 }
 
 int HttpAuthHandlerMock::Factory::CreateAuthHandler(
@@ -173,11 +174,12 @@ int HttpAuthHandlerMock::Factory::CreateAuthHandler(
     CreateReason reason,
     int nonce_count,
     const BoundNetLog& net_log,
-    scoped_ptr<HttpAuthHandler>* handler) {
+    std::unique_ptr<HttpAuthHandler>* handler) {
   if (handlers_[target].empty())
     return ERR_UNEXPECTED;
-  scoped_ptr<HttpAuthHandler> tmp_handler = std::move(handlers_[target][0]);
-  std::vector<scoped_ptr<HttpAuthHandler>>& handlers = handlers_[target];
+  std::unique_ptr<HttpAuthHandler> tmp_handler =
+      std::move(handlers_[target][0]);
+  std::vector<std::unique_ptr<HttpAuthHandler>>& handlers = handlers_[target];
   handlers.erase(handlers.begin());
   if (do_init_from_challenge_ &&
       !tmp_handler->InitFromChallenge(challenge, target, ssl_info, origin,
diff --git a/chromium/net/http/http_auth_handler_mock.h b/chromium/net/http/http_auth_handler_mock.h
index 41aaa2d6d98..06546af012e 100644
--- a/chromium/net/http/http_auth_handler_mock.h
+++ b/chromium/net/http/http_auth_handler_mock.h
@@ -5,10 +5,10 @@
 #ifndef NET_HTTP_HTTP_AUTH_HANDLER_MOCK_H_
 #define NET_HTTP_HTTP_AUTH_HANDLER_MOCK_H_
 
+#include <memory>
 #include <string>
 #include <vector>
 
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "net/http/http_auth_handler.h"
 #include "net/http/http_auth_handler_factory.h"
@@ -50,10 +50,10 @@ class HttpAuthHandlerMock : public HttpAuthHandler {
                           CreateReason reason,
                           int nonce_count,
                           const BoundNetLog& net_log,
-                          scoped_ptr<HttpAuthHandler>* handler) override;
+                          std::unique_ptr<HttpAuthHandler>* handler) override;
 
    private:
-    std::vector<scoped_ptr<HttpAuthHandler>>
+    std::vector<std::unique_ptr<HttpAuthHandler>>
         handlers_[HttpAuth::AUTH_NUM_TARGETS];
     bool do_init_from_challenge_;
   };
diff --git a/chromium/net/http/http_auth_handler_negotiate.cc b/chromium/net/http/http_auth_handler_negotiate.cc
index 1ca6d5478d9..ca1cddce9f8 100644
--- a/chromium/net/http/http_auth_handler_negotiate.cc
+++ b/chromium/net/http/http_auth_handler_negotiate.cc
@@ -25,10 +25,10 @@ namespace net {
 
 namespace {
 
-scoped_ptr<base::Value> NetLogParameterChannelBindings(
+std::unique_ptr<base::Value> NetLogParameterChannelBindings(
     const std::string& channel_binding_token,
     NetLogCaptureMode capture_mode) {
-  scoped_ptr<base::DictionaryValue> dict;
+  std::unique_ptr<base::DictionaryValue> dict;
   if (!capture_mode.include_socket_bytes())
     return std::move(dict);
 
@@ -64,7 +64,7 @@ int HttpAuthHandlerNegotiate::Factory::CreateAuthHandler(
     CreateReason reason,
     int digest_nonce_count,
     const BoundNetLog& net_log,
-    scoped_ptr<HttpAuthHandler>* handler) {
+    std::unique_ptr<HttpAuthHandler>* handler) {
 #if defined(OS_WIN)
   if (is_unsupported_ || reason == CREATE_PREEMPTIVE)
     return ERR_UNSUPPORTED_AUTH_SCHEME;
@@ -78,7 +78,7 @@ int HttpAuthHandlerNegotiate::Factory::CreateAuthHandler(
   }
   // TODO(cbentzel): Move towards model of parsing in the factory
   //                 method and only constructing when valid.
-  scoped_ptr<HttpAuthHandler> tmp_handler(
+  std::unique_ptr<HttpAuthHandler> tmp_handler(
       new HttpAuthHandlerNegotiate(auth_library_.get(), max_token_length_,
                                    http_auth_preferences(), resolver_));
 #elif defined(OS_ANDROID)
@@ -88,7 +88,7 @@ int HttpAuthHandlerNegotiate::Factory::CreateAuthHandler(
     return ERR_UNSUPPORTED_AUTH_SCHEME;
   // TODO(cbentzel): Move towards model of parsing in the factory
   //                 method and only constructing when valid.
-  scoped_ptr<HttpAuthHandler> tmp_handler(
+  std::unique_ptr<HttpAuthHandler> tmp_handler(
       new HttpAuthHandlerNegotiate(http_auth_preferences(), resolver_));
 #elif defined(OS_POSIX)
   if (is_unsupported_)
@@ -99,7 +99,7 @@ int HttpAuthHandlerNegotiate::Factory::CreateAuthHandler(
   }
   // TODO(ahendrickson): Move towards model of parsing in the factory
   //                     method and only constructing when valid.
-  scoped_ptr<HttpAuthHandler> tmp_handler(new HttpAuthHandlerNegotiate(
+  std::unique_ptr<HttpAuthHandler> tmp_handler(new HttpAuthHandlerNegotiate(
       auth_library_.get(), http_auth_preferences(), resolver_));
 #endif
   if (!tmp_handler->InitFromChallenge(challenge, target, ssl_info, origin,
diff --git a/chromium/net/http/http_auth_handler_negotiate.h b/chromium/net/http/http_auth_handler_negotiate.h
index abdbe93f799..0f9154e1246 100644
--- a/chromium/net/http/http_auth_handler_negotiate.h
+++ b/chromium/net/http/http_auth_handler_negotiate.h
@@ -55,7 +55,7 @@ class NET_EXPORT_PRIVATE HttpAuthHandlerNegotiate : public HttpAuthHandler {
 #if !defined(OS_ANDROID)
     // Sets the system library to use, thereby assuming ownership of
     // |auth_library|.
-    void set_library(scoped_ptr<AuthLibrary> auth_provider) {
+    void set_library(std::unique_ptr<AuthLibrary> auth_provider) {
       auth_library_ = std::move(auth_provider);
     }
 #endif
@@ -68,7 +68,7 @@ class NET_EXPORT_PRIVATE HttpAuthHandlerNegotiate : public HttpAuthHandler {
                           CreateReason reason,
                           int digest_nonce_count,
                           const BoundNetLog& net_log,
-                          scoped_ptr<HttpAuthHandler>* handler) override;
+                          std::unique_ptr<HttpAuthHandler>* handler) override;
 
    private:
     HostResolver* resolver_;
@@ -77,7 +77,7 @@ class NET_EXPORT_PRIVATE HttpAuthHandlerNegotiate : public HttpAuthHandler {
 #endif
     bool is_unsupported_;
 #if !defined(OS_ANDROID)
-    scoped_ptr<AuthLibrary> auth_library_;
+    std::unique_ptr<AuthLibrary> auth_library_;
 #endif
   };
 
@@ -137,7 +137,7 @@ class NET_EXPORT_PRIVATE HttpAuthHandlerNegotiate : public HttpAuthHandler {
 
   // Members which are needed for DNS lookup + SPN.
   AddressList address_list_;
-  scoped_ptr<SingleRequestHostResolver> single_resolve_;
+  std::unique_ptr<SingleRequestHostResolver> single_resolve_;
 
   // Things which should be consistent after first call to GenerateAuthToken.
   bool already_called_;
diff --git a/chromium/net/http/http_auth_handler_negotiate_unittest.cc b/chromium/net/http/http_auth_handler_negotiate_unittest.cc
index 57a7b7eb406..775a5b4606b 100644
--- a/chromium/net/http/http_auth_handler_negotiate_unittest.cc
+++ b/chromium/net/http/http_auth_handler_negotiate_unittest.cc
@@ -6,6 +6,7 @@
 
 #include <string>
 
+#include "base/memory/ptr_util.h"
 #include "base/strings/string_util.h"
 #include "base/strings/utf_string_conversions.h"
 #include "net/base/net_errors.h"
@@ -52,7 +53,7 @@ class HttpAuthHandlerNegotiateTest : public PlatformTest {
     MockAuthLibrary::EnsureTestAccountExists();
 #endif
 #if defined(OS_WIN) || (defined(OS_POSIX) && !defined(OS_ANDROID))
-    factory_->set_library(make_scoped_ptr(auth_library_));
+    factory_->set_library(base::WrapUnique(auth_library_));
 #endif
     factory_->set_host_resolver(resolver_.get());
   }
@@ -195,7 +196,7 @@ class HttpAuthHandlerNegotiateTest : public PlatformTest {
                     bool use_port,
                     bool synchronous_resolve_mode,
                     const std::string& url_string,
-                    scoped_ptr<HttpAuthHandlerNegotiate>* handler) {
+                    std::unique_ptr<HttpAuthHandlerNegotiate>* handler) {
     http_auth_preferences_->set_negotiate_disable_cname_lookup(
         disable_cname_lookup);
     http_auth_preferences_->set_negotiate_enable_port(use_port);
@@ -203,11 +204,11 @@ class HttpAuthHandlerNegotiateTest : public PlatformTest {
     GURL gurl(url_string);
 
     // Note: This is a little tricky because CreateAuthHandlerFromString
-    // expects a scoped_ptr<HttpAuthHandler>* rather than a
-    // scoped_ptr<HttpAuthHandlerNegotiate>*. This needs to do the cast
+    // expects a std::unique_ptr<HttpAuthHandler>* rather than a
+    // std::unique_ptr<HttpAuthHandlerNegotiate>*. This needs to do the cast
     // after creating the handler, and make sure that generic_handler
     // no longer holds on to the HttpAuthHandlerNegotiate object.
-    scoped_ptr<HttpAuthHandler> generic_handler;
+    std::unique_ptr<HttpAuthHandler> generic_handler;
     SSLInfo null_ssl_info;
     int rv = factory_->CreateAuthHandlerFromString(
         "Negotiate", HttpAuth::AUTH_SERVER, null_ssl_info, gurl, BoundNetLog(),
@@ -224,20 +225,20 @@ class HttpAuthHandlerNegotiateTest : public PlatformTest {
 
  private:
 #if defined(OS_WIN)
-  scoped_ptr<SecPkgInfoW> security_package_;
+  std::unique_ptr<SecPkgInfoW> security_package_;
 #endif
   // |auth_library_| is passed to |factory_|, which assumes ownership of it, but
   // can't be a scoped pointer to it since the tests need access when they set
   // up the mocks after passing ownership.
   MockAuthLibrary* auth_library_;
-  scoped_ptr<MockHostResolver> resolver_;
-  scoped_ptr<MockAllowHttpAuthPreferences> http_auth_preferences_;
-  scoped_ptr<HttpAuthHandlerNegotiate::Factory> factory_;
+  std::unique_ptr<MockHostResolver> resolver_;
+  std::unique_ptr<MockAllowHttpAuthPreferences> http_auth_preferences_;
+  std::unique_ptr<HttpAuthHandlerNegotiate::Factory> factory_;
 };
 
 TEST_F(HttpAuthHandlerNegotiateTest, DisableCname) {
   SetupMocks(AuthLibrary());
-  scoped_ptr<HttpAuthHandlerNegotiate> auth_handler;
+  std::unique_ptr<HttpAuthHandlerNegotiate> auth_handler;
   EXPECT_EQ(OK, CreateHandler(
       true, false, true, "http://alias:500", &auth_handler));
 
@@ -256,7 +257,7 @@ TEST_F(HttpAuthHandlerNegotiateTest, DisableCname) {
 
 TEST_F(HttpAuthHandlerNegotiateTest, DisableCnameStandardPort) {
   SetupMocks(AuthLibrary());
-  scoped_ptr<HttpAuthHandlerNegotiate> auth_handler;
+  std::unique_ptr<HttpAuthHandlerNegotiate> auth_handler;
   EXPECT_EQ(OK, CreateHandler(
       true, true, true, "http://alias:80", &auth_handler));
   ASSERT_TRUE(auth_handler.get() != NULL);
@@ -274,7 +275,7 @@ TEST_F(HttpAuthHandlerNegotiateTest, DisableCnameStandardPort) {
 
 TEST_F(HttpAuthHandlerNegotiateTest, DisableCnameNonstandardPort) {
   SetupMocks(AuthLibrary());
-  scoped_ptr<HttpAuthHandlerNegotiate> auth_handler;
+  std::unique_ptr<HttpAuthHandlerNegotiate> auth_handler;
   EXPECT_EQ(OK, CreateHandler(
       true, true, true, "http://alias:500", &auth_handler));
   ASSERT_TRUE(auth_handler.get() != NULL);
@@ -292,7 +293,7 @@ TEST_F(HttpAuthHandlerNegotiateTest, DisableCnameNonstandardPort) {
 
 TEST_F(HttpAuthHandlerNegotiateTest, CnameSync) {
   SetupMocks(AuthLibrary());
-  scoped_ptr<HttpAuthHandlerNegotiate> auth_handler;
+  std::unique_ptr<HttpAuthHandlerNegotiate> auth_handler;
   EXPECT_EQ(OK, CreateHandler(
       false, false, true, "http://alias:500", &auth_handler));
   ASSERT_TRUE(auth_handler.get() != NULL);
@@ -310,7 +311,7 @@ TEST_F(HttpAuthHandlerNegotiateTest, CnameSync) {
 
 TEST_F(HttpAuthHandlerNegotiateTest, CnameAsync) {
   SetupMocks(AuthLibrary());
-  scoped_ptr<HttpAuthHandlerNegotiate> auth_handler;
+  std::unique_ptr<HttpAuthHandlerNegotiate> auth_handler;
   EXPECT_EQ(OK, CreateHandler(
       false, false, false, "http://alias:500", &auth_handler));
   ASSERT_TRUE(auth_handler.get() != NULL);
@@ -333,7 +334,7 @@ TEST_F(HttpAuthHandlerNegotiateTest, CnameAsync) {
 // that library.
 TEST_F(HttpAuthHandlerNegotiateTest, ServerNotInKerberosDatabase) {
   SetupErrorMocks(AuthLibrary(), GSS_S_FAILURE, 0x96C73A07);  // No server
-  scoped_ptr<HttpAuthHandlerNegotiate> auth_handler;
+  std::unique_ptr<HttpAuthHandlerNegotiate> auth_handler;
   EXPECT_EQ(OK, CreateHandler(
       false, false, false, "http://alias:500", &auth_handler));
   ASSERT_TRUE(auth_handler.get() != NULL);
@@ -349,7 +350,7 @@ TEST_F(HttpAuthHandlerNegotiateTest, ServerNotInKerberosDatabase) {
 // that library.
 TEST_F(HttpAuthHandlerNegotiateTest, NoKerberosCredentials) {
   SetupErrorMocks(AuthLibrary(), GSS_S_FAILURE, 0x96C73AC3);  // No credentials
-  scoped_ptr<HttpAuthHandlerNegotiate> auth_handler;
+  std::unique_ptr<HttpAuthHandlerNegotiate> auth_handler;
   EXPECT_EQ(OK, CreateHandler(
       false, false, false, "http://alias:500", &auth_handler));
   ASSERT_TRUE(auth_handler.get() != NULL);
@@ -363,17 +364,17 @@ TEST_F(HttpAuthHandlerNegotiateTest, NoKerberosCredentials) {
 
 #if defined(DLOPEN_KERBEROS)
 TEST_F(HttpAuthHandlerNegotiateTest, MissingGSSAPI) {
-  scoped_ptr<HostResolver> host_resolver(new MockHostResolver());
+  std::unique_ptr<HostResolver> host_resolver(new MockHostResolver());
   MockAllowHttpAuthPreferences http_auth_preferences;
-  scoped_ptr<HttpAuthHandlerNegotiate::Factory> negotiate_factory(
+  std::unique_ptr<HttpAuthHandlerNegotiate::Factory> negotiate_factory(
       new HttpAuthHandlerNegotiate::Factory());
   negotiate_factory->set_host_resolver(host_resolver);
   negotiate_factory->set_http_auth_preferences(&http_auth_preferences);
-  negotiate_factory->set_library(
-      make_scoped_ptr(new GSSAPISharedLibrary("/this/library/does/not/exist")));
+  negotiate_factory->set_library(base::WrapUnique(
+      new GSSAPISharedLibrary("/this/library/does/not/exist")));
 
   GURL gurl("http://www.example.com");
-  scoped_ptr<HttpAuthHandler> generic_handler;
+  std::unique_ptr<HttpAuthHandler> generic_handler;
   int rv = negotiate_factory->CreateAuthHandlerFromString(
       "Negotiate",
       HttpAuth::AUTH_SERVER,
diff --git a/chromium/net/http/http_auth_handler_ntlm.h b/chromium/net/http/http_auth_handler_ntlm.h
index 58e2993bf62..d1d2314f8c0 100644
--- a/chromium/net/http/http_auth_handler_ntlm.h
+++ b/chromium/net/http/http_auth_handler_ntlm.h
@@ -50,7 +50,7 @@ class NET_EXPORT_PRIVATE HttpAuthHandlerNTLM : public HttpAuthHandler {
                           CreateReason reason,
                           int digest_nonce_count,
                           const BoundNetLog& net_log,
-                          scoped_ptr<HttpAuthHandler>* handler) override;
+                          std::unique_ptr<HttpAuthHandler>* handler) override;
 #if defined(NTLM_SSPI)
     // Set the SSPILibrary to use. Typically the only callers which need to use
     // this are unit tests which pass in a mocked-out version of the SSPI
@@ -64,7 +64,7 @@ class NET_EXPORT_PRIVATE HttpAuthHandlerNTLM : public HttpAuthHandler {
 #if defined(NTLM_SSPI)
     ULONG max_token_length_;
     bool is_unsupported_;
-    scoped_ptr<SSPILibrary> sspi_library_;
+    std::unique_ptr<SSPILibrary> sspi_library_;
 #endif  // defined(NTLM_SSPI)
   };
 
diff --git a/chromium/net/http/http_auth_handler_ntlm_portable.cc b/chromium/net/http/http_auth_handler_ntlm_portable.cc
index b5a488260b7..5c4e0100fe0 100644
--- a/chromium/net/http/http_auth_handler_ntlm_portable.cc
+++ b/chromium/net/http/http_auth_handler_ntlm_portable.cc
@@ -719,14 +719,14 @@ int HttpAuthHandlerNTLM::Factory::CreateAuthHandler(
     CreateReason reason,
     int digest_nonce_count,
     const BoundNetLog& net_log,
-    scoped_ptr<HttpAuthHandler>* handler) {
+    std::unique_ptr<HttpAuthHandler>* handler) {
   if (reason == CREATE_PREEMPTIVE)
     return ERR_UNSUPPORTED_AUTH_SCHEME;
   // TODO(cbentzel): Move towards model of parsing in the factory
   //                 method and only constructing when valid.
   // NOTE: Default credentials are not supported for the portable implementation
   // of NTLM.
-  scoped_ptr<HttpAuthHandler> tmp_handler(new HttpAuthHandlerNTLM);
+  std::unique_ptr<HttpAuthHandler> tmp_handler(new HttpAuthHandlerNTLM);
   if (!tmp_handler->InitFromChallenge(challenge, target, ssl_info, origin,
                                       net_log))
     return ERR_INVALID_RESPONSE;
diff --git a/chromium/net/http/http_auth_handler_ntlm_win.cc b/chromium/net/http/http_auth_handler_ntlm_win.cc
index 844a0a07193..c069f736c3d 100644
--- a/chromium/net/http/http_auth_handler_ntlm_win.cc
+++ b/chromium/net/http/http_auth_handler_ntlm_win.cc
@@ -55,7 +55,7 @@ int HttpAuthHandlerNTLM::Factory::CreateAuthHandler(
     CreateReason reason,
     int digest_nonce_count,
     const BoundNetLog& net_log,
-    scoped_ptr<HttpAuthHandler>* handler) {
+    std::unique_ptr<HttpAuthHandler>* handler) {
   if (is_unsupported_ || reason == CREATE_PREEMPTIVE)
     return ERR_UNSUPPORTED_AUTH_SCHEME;
   if (max_token_length_ == 0) {
@@ -68,7 +68,7 @@ int HttpAuthHandlerNTLM::Factory::CreateAuthHandler(
   }
   // TODO(cbentzel): Move towards model of parsing in the factory
   //                 method and only constructing when valid.
-  scoped_ptr<HttpAuthHandler> tmp_handler(new HttpAuthHandlerNTLM(
+  std::unique_ptr<HttpAuthHandler> tmp_handler(new HttpAuthHandlerNTLM(
       sspi_library_.get(), max_token_length_, http_auth_preferences()));
   if (!tmp_handler->InitFromChallenge(challenge, target, ssl_info, origin,
                                       net_log))
diff --git a/chromium/net/http/http_auth_preferences.cc b/chromium/net/http/http_auth_preferences.cc
index bdb12b31d0e..01df88c2f45 100644
--- a/chromium/net/http/http_auth_preferences.cc
+++ b/chromium/net/http/http_auth_preferences.cc
@@ -62,9 +62,9 @@ bool HttpAuthPreferences::CanDelegate(const GURL& auth_origin) const {
 void HttpAuthPreferences::set_server_whitelist(
     const std::string& server_whitelist) {
   if (server_whitelist.empty()) {
-    security_manager_->SetDefaultWhitelist(scoped_ptr<HttpAuthFilter>());
+    security_manager_->SetDefaultWhitelist(std::unique_ptr<HttpAuthFilter>());
   } else {
-    security_manager_->SetDefaultWhitelist(scoped_ptr<HttpAuthFilter>(
+    security_manager_->SetDefaultWhitelist(std::unique_ptr<HttpAuthFilter>(
         new net::HttpAuthFilterWhitelist(server_whitelist)));
   }
 }
@@ -72,9 +72,9 @@ void HttpAuthPreferences::set_server_whitelist(
 void HttpAuthPreferences::set_delegate_whitelist(
     const std::string& delegate_whitelist) {
   if (delegate_whitelist.empty()) {
-    security_manager_->SetDelegateWhitelist(scoped_ptr<HttpAuthFilter>());
+    security_manager_->SetDelegateWhitelist(std::unique_ptr<HttpAuthFilter>());
   } else {
-    security_manager_->SetDelegateWhitelist(scoped_ptr<HttpAuthFilter>(
+    security_manager_->SetDelegateWhitelist(std::unique_ptr<HttpAuthFilter>(
         new net::HttpAuthFilterWhitelist(delegate_whitelist)));
   }
 }
diff --git a/chromium/net/http/http_auth_unittest.cc b/chromium/net/http/http_auth_unittest.cc
index 82b37411814..ca9410fb4a4 100644
--- a/chromium/net/http/http_auth_unittest.cc
+++ b/chromium/net/http/http_auth_unittest.cc
@@ -2,15 +2,16 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "net/http/http_auth.h"
+
+#include <memory>
 #include <set>
 #include <string>
 
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_util.h"
 #include "net/base/net_errors.h"
 #include "net/dns/mock_host_resolver.h"
-#include "net/http/http_auth.h"
 #include "net/http/http_auth_challenge_tokenizer.h"
 #include "net/http/http_auth_filter.h"
 #include "net/http/http_auth_handler.h"
@@ -49,7 +50,7 @@ HttpAuth::AuthorizationResult HandleChallengeResponse(
     bool connection_based,
     const std::string& headers_text,
     std::string* challenge_used) {
-  scoped_ptr<HttpAuthHandlerMock> mock_handler(
+  std::unique_ptr<HttpAuthHandlerMock> mock_handler(
       CreateMockHandler(connection_based));
   std::set<HttpAuth::Scheme> disabled_schemes;
   scoped_refptr<HttpResponseHeaders> headers(
@@ -120,8 +121,8 @@ TEST(HttpAuthTest, ChooseBestChallenge) {
   GURL origin("http://www.example.com");
   std::set<HttpAuth::Scheme> disabled_schemes;
   MockAllowHttpAuthPreferences http_auth_preferences;
-  scoped_ptr<HostResolver> host_resolver(new MockHostResolver());
-  scoped_ptr<HttpAuthHandlerRegistryFactory> http_auth_handler_factory(
+  std::unique_ptr<HostResolver> host_resolver(new MockHostResolver());
+  std::unique_ptr<HttpAuthHandlerRegistryFactory> http_auth_handler_factory(
       HttpAuthHandlerFactory::CreateDefault(host_resolver.get()));
   http_auth_handler_factory->SetHttpAuthPreferences(kNegotiateAuthScheme,
                                                     &http_auth_preferences);
@@ -134,7 +135,7 @@ TEST(HttpAuthTest, ChooseBestChallenge) {
         HeadersFromResponseText(headers_with_status_line));
 
     SSLInfo null_ssl_info;
-    scoped_ptr<HttpAuthHandler> handler;
+    std::unique_ptr<HttpAuthHandler> handler;
     HttpAuth::ChooseBestChallenge(http_auth_handler_factory.get(), *headers,
                                   null_ssl_info, HttpAuth::AUTH_SERVER, origin,
                                   disabled_schemes, BoundNetLog(), &handler);
diff --git a/chromium/net/http/http_basic_state.cc b/chromium/net/http/http_basic_state.cc
index b6e04df0373..2e5ca06ebe8 100644
--- a/chromium/net/http/http_basic_state.cc
+++ b/chromium/net/http/http_basic_state.cc
@@ -36,7 +36,7 @@ int HttpBasicState::Initialize(const HttpRequestInfo* request_info,
   return OK;
 }
 
-scoped_ptr<ClientSocketHandle> HttpBasicState::ReleaseConnection() {
+std::unique_ptr<ClientSocketHandle> HttpBasicState::ReleaseConnection() {
   return std::move(connection_);
 }
 
diff --git a/chromium/net/http/http_basic_state.h b/chromium/net/http/http_basic_state.h
index 41298e4f7aa..b21548040f9 100644
--- a/chromium/net/http/http_basic_state.h
+++ b/chromium/net/http/http_basic_state.h
@@ -8,11 +8,11 @@
 #ifndef NET_HTTP_HTTP_BASIC_STATE_H_
 #define NET_HTTP_HTTP_BASIC_STATE_H_
 
+#include <memory>
 #include <string>
 
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/completion_callback.h"
 #include "net/base/net_export.h"
 #include "net/base/request_priority.h"
@@ -45,7 +45,7 @@ class NET_EXPORT_PRIVATE HttpBasicState {
 
   ClientSocketHandle* connection() const { return connection_.get(); }
 
-  scoped_ptr<ClientSocketHandle> ReleaseConnection();
+  std::unique_ptr<ClientSocketHandle> ReleaseConnection();
 
   scoped_refptr<GrowableIOBuffer> read_buf() const;
 
@@ -56,9 +56,9 @@ class NET_EXPORT_PRIVATE HttpBasicState {
  private:
   scoped_refptr<GrowableIOBuffer> read_buf_;
 
-  scoped_ptr<HttpStreamParser> parser_;
+  std::unique_ptr<HttpStreamParser> parser_;
 
-  scoped_ptr<ClientSocketHandle> connection_;
+  std::unique_ptr<ClientSocketHandle> connection_;
 
   const bool using_proxy_;
 
diff --git a/chromium/net/http/http_basic_state_unittest.cc b/chromium/net/http/http_basic_state_unittest.cc
index e95cfd26b59..98540e0e232 100644
--- a/chromium/net/http/http_basic_state_unittest.cc
+++ b/chromium/net/http/http_basic_state_unittest.cc
@@ -29,7 +29,7 @@ TEST(HttpBasicStateTest, UsingProxyCanBeFalse) {
 TEST(HttpBasicStateTest, ReleaseConnectionWorks) {
   ClientSocketHandle* const handle = new ClientSocketHandle;
   HttpBasicState state(handle, false);
-  const scoped_ptr<ClientSocketHandle> released_connection(
+  const std::unique_ptr<ClientSocketHandle> released_connection(
       state.ReleaseConnection());
   EXPECT_EQ(NULL, state.connection());
   EXPECT_EQ(handle, released_connection.get());
diff --git a/chromium/net/http/http_basic_stream.cc b/chromium/net/http/http_basic_stream.cc
index 0dd7a9e1dcd..9ebb5e32d86 100644
--- a/chromium/net/http/http_basic_stream.cc
+++ b/chromium/net/http/http_basic_stream.cc
@@ -4,7 +4,8 @@
 
 #include "net/http/http_basic_stream.h"
 
-#include "base/memory/scoped_ptr.h"
+#include <memory>
+
 #include "net/http/http_request_info.h"
 #include "net/http/http_response_body_drainer.h"
 #include "net/http/http_stream_parser.h"
diff --git a/chromium/net/http/http_cache.cc b/chromium/net/http/http_cache.cc
index f572c14f569..6d83854f774 100644
--- a/chromium/net/http/http_cache.cc
+++ b/chromium/net/http/http_cache.cc
@@ -15,6 +15,7 @@
 #include "base/format_macros.h"
 #include "base/location.h"
 #include "base/macros.h"
+#include "base/memory/ptr_util.h"
 #include "base/memory/ref_counted.h"
 #include "base/metrics/field_trial.h"
 #include "base/metrics/histogram_macros.h"
@@ -24,7 +25,7 @@
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/threading/worker_pool.h"
 #include "base/time/default_clock.h"
 #include "base/time/time.h"
@@ -66,15 +67,16 @@ HttpCache::DefaultBackend::DefaultBackend(
 HttpCache::DefaultBackend::~DefaultBackend() {}
 
 // static
-scoped_ptr<HttpCache::BackendFactory> HttpCache::DefaultBackend::InMemory(
+std::unique_ptr<HttpCache::BackendFactory> HttpCache::DefaultBackend::InMemory(
     int max_bytes) {
-  return make_scoped_ptr(new DefaultBackend(MEMORY_CACHE, CACHE_BACKEND_DEFAULT,
-                                            base::FilePath(), max_bytes,
-                                            nullptr));
+  return base::WrapUnique(
+      new DefaultBackend(MEMORY_CACHE, CACHE_BACKEND_DEFAULT, base::FilePath(),
+                         max_bytes, nullptr));
 }
 
 int HttpCache::DefaultBackend::CreateBackend(
-    NetLog* net_log, scoped_ptr<disk_cache::Backend>* backend,
+    NetLog* net_log,
+    std::unique_ptr<disk_cache::Backend>* backend,
     const CompletionCallback& callback) {
   DCHECK_GE(max_bytes_, 0);
   return disk_cache::CreateCacheBackend(type_,
@@ -113,7 +115,7 @@ struct HttpCache::PendingOp {
   ~PendingOp() {}
 
   disk_cache::Entry* disk_entry;
-  scoped_ptr<disk_cache::Backend> backend;
+  std::unique_ptr<disk_cache::Backend> backend;
   WorkItem* writer;
   CompletionCallback callback;  // BackendCallback.
   WorkItemList pending_queue;
@@ -210,7 +212,7 @@ class HttpCache::MetadataWriter {
   void SelfDestroy();
   void OnIOComplete(int result);
 
-  scoped_ptr<HttpCache::Transaction> transaction_;
+  std::unique_ptr<HttpCache::Transaction> transaction_;
   bool verified_;
   scoped_refptr<IOBuffer> buf_;
   int buf_len_;
@@ -289,14 +291,14 @@ class HttpCache::QuicServerInfoFactoryAdaptor : public QuicServerInfoFactory {
 
 //-----------------------------------------------------------------------------
 HttpCache::HttpCache(HttpNetworkSession* session,
-                     scoped_ptr<BackendFactory> backend_factory,
+                     std::unique_ptr<BackendFactory> backend_factory,
                      bool set_up_quic_server_info)
-    : HttpCache(make_scoped_ptr(new HttpNetworkLayer(session)),
+    : HttpCache(base::WrapUnique(new HttpNetworkLayer(session)),
                 std::move(backend_factory),
                 set_up_quic_server_info) {}
 
-HttpCache::HttpCache(scoped_ptr<HttpTransactionFactory> network_layer,
-                     scoped_ptr<BackendFactory> backend_factory,
+HttpCache::HttpCache(std::unique_ptr<HttpTransactionFactory> network_layer,
+                     std::unique_ptr<BackendFactory> backend_factory,
                      bool set_up_quic_server_info)
     : net_log_(nullptr),
       backend_factory_(std::move(backend_factory)),
@@ -441,7 +443,7 @@ void HttpCache::OnExternalCacheHit(const GURL& url,
 }
 
 int HttpCache::CreateTransaction(RequestPriority priority,
-                                 scoped_ptr<HttpTransaction>* trans) {
+                                 std::unique_ptr<HttpTransaction>* trans) {
   // Do lazy initialization of disk cache if needed.
   if (!disk_cache_.get()) {
     // We don't care about the result.
@@ -467,10 +469,10 @@ HttpNetworkSession* HttpCache::GetSession() {
   return network_layer_->GetSession();
 }
 
-scoped_ptr<HttpTransactionFactory>
+std::unique_ptr<HttpTransactionFactory>
 HttpCache::SetHttpNetworkTransactionFactoryForTesting(
-    scoped_ptr<HttpTransactionFactory> new_network_layer) {
-  scoped_ptr<HttpTransactionFactory> old_network_layer(
+    std::unique_ptr<HttpTransactionFactory> new_network_layer) {
+  std::unique_ptr<HttpTransactionFactory> old_network_layer(
       std::move(network_layer_));
   network_layer_ = std::move(new_network_layer);
   return old_network_layer;
@@ -485,8 +487,8 @@ int HttpCache::CreateBackend(disk_cache::Backend** backend,
 
   building_backend_ = true;
 
-  scoped_ptr<WorkItem> item(new WorkItem(WI_CREATE_BACKEND, NULL, callback,
-                                         backend));
+  std::unique_ptr<WorkItem> item(
+      new WorkItem(WI_CREATE_BACKEND, NULL, callback, backend));
 
   // This is the only operation that we can do that is not related to any given
   // entry, so we use an empty key for it.
@@ -1023,7 +1025,7 @@ void HttpCache::OnIOComplete(int result, PendingOp* pending_op) {
   if (op == WI_CREATE_BACKEND)
     return OnBackendCreated(result, pending_op);
 
-  scoped_ptr<WorkItem> item(pending_op->writer);
+  std::unique_ptr<WorkItem> item(pending_op->writer);
   bool fail_requests = false;
 
   ActiveEntry* entry = NULL;
@@ -1119,7 +1121,7 @@ void HttpCache::OnPendingOpComplete(const base::WeakPtr<HttpCache>& cache,
 }
 
 void HttpCache::OnBackendCreated(int result, PendingOp* pending_op) {
-  scoped_ptr<WorkItem> item(pending_op->writer);
+  std::unique_ptr<WorkItem> item(pending_op->writer);
   WorkItemOperation op = item->operation();
   DCHECK_EQ(WI_CREATE_BACKEND, op);
 
diff --git a/chromium/net/http/http_cache.h b/chromium/net/http/http_cache.h
index 1c9c8910fa8..7a8f8ffe2b4 100644
--- a/chromium/net/http/http_cache.h
+++ b/chromium/net/http/http_cache.h
@@ -15,13 +15,13 @@
 #define NET_HTTP_HTTP_CACHE_H_
 
 #include <list>
+#include <memory>
 #include <set>
 #include <string>
+#include <unordered_map>
 
-#include "base/containers/hash_tables.h"
 #include "base/files/file_path.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "base/threading/non_thread_safe.h"
 #include "base/time/clock.h"
@@ -87,7 +87,7 @@ class NET_EXPORT HttpCache : public HttpTransactionFactory,
     // The implementation must not access the factory object after invoking the
     // |callback| because the object can be deleted from within the callback.
     virtual int CreateBackend(NetLog* net_log,
-                              scoped_ptr<disk_cache::Backend>* backend,
+                              std::unique_ptr<disk_cache::Backend>* backend,
                               const CompletionCallback& callback) = 0;
   };
 
@@ -105,11 +105,11 @@ class NET_EXPORT HttpCache : public HttpTransactionFactory,
     ~DefaultBackend() override;
 
     // Returns a factory for an in-memory cache.
-    static scoped_ptr<BackendFactory> InMemory(int max_bytes);
+    static std::unique_ptr<BackendFactory> InMemory(int max_bytes);
 
     // BackendFactory implementation.
     int CreateBackend(NetLog* net_log,
-                      scoped_ptr<disk_cache::Backend>* backend,
+                      std::unique_ptr<disk_cache::Backend>* backend,
                       const CompletionCallback& callback) override;
 
    private:
@@ -135,13 +135,13 @@ class NET_EXPORT HttpCache : public HttpTransactionFactory,
   // If |set_up_quic_server_info| is true, configures the cache to track
   // information about servers supporting QUIC.
   HttpCache(HttpNetworkSession* session,
-            scoped_ptr<BackendFactory> backend_factory,
+            std::unique_ptr<BackendFactory> backend_factory,
             bool set_up_quic_server_info);
 
   // Initialize the cache from its component parts. |network_layer| and
   // |backend_factory| will be destroyed when the HttpCache is.
-  HttpCache(scoped_ptr<HttpTransactionFactory> network_layer,
-            scoped_ptr<BackendFactory> backend_factory,
+  HttpCache(std::unique_ptr<HttpTransactionFactory> network_layer,
+            std::unique_ptr<BackendFactory> backend_factory,
             bool set_up_quic_server_info);
 
   ~HttpCache() override;
@@ -180,7 +180,7 @@ class NET_EXPORT HttpCache : public HttpTransactionFactory,
   Mode mode() { return mode_; }
 
   // Get/Set the cache's clock. These are public only for testing.
-  void SetClockForTesting(scoped_ptr<base::Clock> clock) {
+  void SetClockForTesting(std::unique_ptr<base::Clock> clock) {
     clock_.reset(clock.release());
   }
   base::Clock* clock() const { return clock_.get(); }
@@ -211,7 +211,7 @@ class NET_EXPORT HttpCache : public HttpTransactionFactory,
 
   // HttpTransactionFactory implementation:
   int CreateTransaction(RequestPriority priority,
-                        scoped_ptr<HttpTransaction>* trans) override;
+                        std::unique_ptr<HttpTransaction>* trans) override;
   HttpCache* GetCache() override;
   HttpNetworkSession* GetSession() override;
 
@@ -221,9 +221,9 @@ class NET_EXPORT HttpCache : public HttpTransactionFactory,
   // network changes (e.g. host unreachable).  The old network layer is
   // returned to allow for filter patterns that only intercept
   // some creation requests.  Note ownership exchange.
-  scoped_ptr<HttpTransactionFactory>
-      SetHttpNetworkTransactionFactoryForTesting(
-          scoped_ptr<HttpTransactionFactory> new_network_layer);
+  std::unique_ptr<HttpTransactionFactory>
+  SetHttpNetworkTransactionFactoryForTesting(
+      std::unique_ptr<HttpTransactionFactory> new_network_layer);
 
  private:
   // Types --------------------------------------------------------------------
@@ -261,10 +261,10 @@ class NET_EXPORT HttpCache : public HttpTransactionFactory,
     bool               doomed;
   };
 
-  typedef base::hash_map<std::string, ActiveEntry*> ActiveEntriesMap;
-  typedef base::hash_map<std::string, PendingOp*> PendingOpsMap;
-  typedef std::set<ActiveEntry*> ActiveEntriesSet;
-  typedef base::hash_map<std::string, int> PlaybackCacheMap;
+  using ActiveEntriesMap = std::unordered_map<std::string, ActiveEntry*>;
+  using PendingOpsMap = std::unordered_map<std::string, PendingOp*>;
+  using ActiveEntriesSet = std::set<ActiveEntry*>;
+  using PlaybackCacheMap = std::unordered_map<std::string, int>;
 
   // Methods ------------------------------------------------------------------
 
@@ -405,16 +405,16 @@ class NET_EXPORT HttpCache : public HttpTransactionFactory,
   NetLog* net_log_;
 
   // Used when lazily constructing the disk_cache_.
-  scoped_ptr<BackendFactory> backend_factory_;
+  std::unique_ptr<BackendFactory> backend_factory_;
   bool building_backend_;
   bool bypass_lock_for_test_;
   bool fail_conditionalization_for_test_;
 
   Mode mode_;
 
-  scoped_ptr<HttpTransactionFactory> network_layer_;
+  std::unique_ptr<HttpTransactionFactory> network_layer_;
 
-  scoped_ptr<disk_cache::Backend> disk_cache_;
+  std::unique_ptr<disk_cache::Backend> disk_cache_;
 
   // The set of active entries indexed by cache key.
   ActiveEntriesMap active_entries_;
@@ -425,10 +425,10 @@ class NET_EXPORT HttpCache : public HttpTransactionFactory,
   // The set of entries "under construction".
   PendingOpsMap pending_ops_;
 
-  scoped_ptr<PlaybackCacheMap> playback_cache_map_;
+  std::unique_ptr<PlaybackCacheMap> playback_cache_map_;
 
   // A clock that can be swapped out for testing.
-  scoped_ptr<base::Clock> clock_;
+  std::unique_ptr<base::Clock> clock_;
 
   base::WeakPtrFactory<HttpCache> weak_factory_;
 
diff --git a/chromium/net/http/http_cache_transaction.cc b/chromium/net/http/http_cache_transaction.cc
index 178df98d6e1..42009262070 100644
--- a/chromium/net/http/http_cache_transaction.cc
+++ b/chromium/net/http/http_cache_transaction.cc
@@ -26,7 +26,7 @@
 #include "base/strings/string_piece.h"
 #include "base/strings/string_util.h"  // For LowerCaseEqualsASCII.
 #include "base/strings/stringprintf.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/time/clock.h"
 #include "base/values.h"
 #include "net/base/auth.h"
@@ -166,6 +166,7 @@ HttpCache::Transaction::Transaction(RequestPriority priority, HttpCache* cache)
       effective_load_flags_(0),
       write_len_(0),
       transaction_pattern_(PATTERN_UNDEFINED),
+      validation_cause_(VALIDATION_CAUSE_UNDEFINED),
       total_received_bytes_(0),
       total_sent_bytes_(0),
       websocket_handshake_stream_base_create_helper_(NULL),
@@ -413,7 +414,7 @@ bool HttpCache::Transaction::GetFullRequestHeaders(
   if (network_trans_)
     return network_trans_->GetFullRequestHeaders(headers);
 
-  // TODO(ttuttle): Read headers from cache.
+  // TODO(juliatuttle): Read headers from cache.
   return false;
 }
 
@@ -2158,6 +2159,7 @@ ValidationType HttpCache::Transaction::RequiresValidation() {
       !response_.vary_data.MatchesRequest(*request_,
                                           *response_.headers.get())) {
     vary_mismatch_ = true;
+    validation_cause_ = VALIDATION_CAUSE_VARY_MISMATCH;
     return VALIDATION_SYNCHRONOUS;
   }
 
@@ -2174,8 +2176,10 @@ ValidationType HttpCache::Transaction::RequiresValidation() {
     return VALIDATION_NONE;
   }
 
-  if (effective_load_flags_ & LOAD_VALIDATE_CACHE)
+  if (effective_load_flags_ & LOAD_VALIDATE_CACHE) {
+    validation_cause_ = VALIDATION_CAUSE_VALIDATE_FLAG;
     return VALIDATION_SYNCHRONOUS;
+  }
 
   if (request_->method == "PUT" || request_->method == "DELETE")
     return VALIDATION_SYNCHRONOUS;
@@ -2185,6 +2189,14 @@ ValidationType HttpCache::Transaction::RequiresValidation() {
                                             response_.response_time,
                                             cache_->clock_->Now());
 
+  if (validation_required_by_headers != VALIDATION_NONE) {
+    validation_cause_ =
+        response_.headers->GetFreshnessLifetimes(response_.response_time)
+                    .freshness == base::TimeDelta()
+            ? VALIDATION_CAUSE_ZERO_FRESHNESS
+            : VALIDATION_CAUSE_STALE;
+  }
+
   if (validation_required_by_headers == VALIDATION_ASYNCHRONOUS) {
     // Asynchronous revalidation is only supported for GET methods.
     if (request_->method != "GET")
@@ -2705,40 +2717,92 @@ void HttpCache::Transaction::RecordHistograms() {
     return;
   }
 
+  bool validation_request = transaction_pattern_ == PATTERN_ENTRY_VALIDATED ||
+                            transaction_pattern_ == PATTERN_ENTRY_UPDATED;
   std::string mime_type;
-  if (GetResponseInfo()->headers &&
-      GetResponseInfo()->headers->GetMimeType(&mime_type)) {
+  HttpResponseHeaders* response_headers = GetResponseInfo()->headers.get();
+  if (response_headers && response_headers->GetMimeType(&mime_type)) {
     // Record the cache pattern by resource type. The type is inferred by
     // response header mime type, which could be incorrect, so this is just an
     // estimate.
     if (mime_type == "text/html" && (request_->load_flags & LOAD_MAIN_FRAME)) {
-      UMA_HISTOGRAM_ENUMERATION(std::string("HttpCache.Pattern.MainFrameHTML"),
+      UMA_HISTOGRAM_ENUMERATION("HttpCache.Pattern.MainFrameHTML",
                                 transaction_pattern_, PATTERN_MAX);
+      if (validation_request) {
+        UMA_HISTOGRAM_ENUMERATION("HttpCache.ValidationCause.MainFrameHTML",
+                                  validation_cause_, VALIDATION_CAUSE_MAX);
+      }
     } else if (mime_type == "text/html") {
-      UMA_HISTOGRAM_ENUMERATION(
-          std::string("HttpCache.Pattern.NonMainFrameHTML"),
-          transaction_pattern_, PATTERN_MAX);
-    } else if (mime_type == "text/css") {
-      UMA_HISTOGRAM_ENUMERATION(std::string("HttpCache.Pattern.CSS"),
+      UMA_HISTOGRAM_ENUMERATION("HttpCache.Pattern.NonMainFrameHTML",
                                 transaction_pattern_, PATTERN_MAX);
+      if (validation_request) {
+        UMA_HISTOGRAM_ENUMERATION("HttpCache.ValidationCause.NonMainFrameHTML",
+                                  validation_cause_, VALIDATION_CAUSE_MAX);
+      }
+    } else if (mime_type == "text/css") {
+      UMA_HISTOGRAM_ENUMERATION("HttpCache.Pattern.CSS", transaction_pattern_,
+                                PATTERN_MAX);
+      if (validation_request) {
+        UMA_HISTOGRAM_ENUMERATION("HttpCache.ValidationCause.CSS",
+                                  validation_cause_, VALIDATION_CAUSE_MAX);
+      }
     } else if (base::StartsWith(mime_type, "image/",
                                 base::CompareCase::SENSITIVE)) {
-      UMA_HISTOGRAM_ENUMERATION(std::string("HttpCache.Pattern.Image"),
-                                transaction_pattern_, PATTERN_MAX);
+      int64_t content_length = response_headers->GetContentLength();
+      if (content_length >= 0 && content_length < 100) {
+        UMA_HISTOGRAM_ENUMERATION("HttpCache.Pattern.TinyImage",
+                                  transaction_pattern_, PATTERN_MAX);
+        if (validation_request) {
+          UMA_HISTOGRAM_ENUMERATION("HttpCache.ValidationCause.TinyImage",
+                                    validation_cause_, VALIDATION_CAUSE_MAX);
+        }
+      } else if (content_length >= 100) {
+        UMA_HISTOGRAM_ENUMERATION("HttpCache.Pattern.NonTinyImage",
+                                  transaction_pattern_, PATTERN_MAX);
+        if (validation_request) {
+          UMA_HISTOGRAM_ENUMERATION("HttpCache.ValidationCause.NonTinyImage",
+                                    validation_cause_, VALIDATION_CAUSE_MAX);
+        }
+      }
+      UMA_HISTOGRAM_ENUMERATION("HttpCache.Pattern.Image", transaction_pattern_,
+                                PATTERN_MAX);
+      if (validation_request) {
+        UMA_HISTOGRAM_ENUMERATION("HttpCache.ValidationCause.Image",
+                                  validation_cause_, VALIDATION_CAUSE_MAX);
+      }
     } else if (base::EndsWith(mime_type, "javascript",
                               base::CompareCase::SENSITIVE) ||
                base::EndsWith(mime_type, "ecmascript",
                               base::CompareCase::SENSITIVE)) {
-      UMA_HISTOGRAM_ENUMERATION(std::string("HttpCache.Pattern.JavaScript"),
+      UMA_HISTOGRAM_ENUMERATION("HttpCache.Pattern.JavaScript",
                                 transaction_pattern_, PATTERN_MAX);
+      if (validation_request) {
+        UMA_HISTOGRAM_ENUMERATION("HttpCache.ValidationCause.JavaScript",
+                                  validation_cause_, VALIDATION_CAUSE_MAX);
+      }
     } else if (mime_type.find("font") != std::string::npos) {
-      UMA_HISTOGRAM_ENUMERATION(std::string("HttpCache.Pattern.Font"),
-                                transaction_pattern_, PATTERN_MAX);
+      UMA_HISTOGRAM_ENUMERATION("HttpCache.Pattern.Font", transaction_pattern_,
+                                PATTERN_MAX);
+      if (validation_request) {
+        UMA_HISTOGRAM_ENUMERATION("HttpCache.ValidationCause.Font",
+                                  validation_cause_, VALIDATION_CAUSE_MAX);
+      }
     }
   }
 
   UMA_HISTOGRAM_ENUMERATION(
       "HttpCache.Pattern", transaction_pattern_, PATTERN_MAX);
+
+  if (validation_request) {
+    UMA_HISTOGRAM_ENUMERATION("HttpCache.ValidationCause", validation_cause_,
+                              VALIDATION_CAUSE_MAX);
+  }
+
+  if (transaction_pattern_ == PATTERN_ENTRY_CANT_CONDITIONALIZE) {
+    UMA_HISTOGRAM_ENUMERATION("HttpCache.CantConditionalizeCause",
+                              validation_cause_, VALIDATION_CAUSE_MAX);
+  }
+
   if (transaction_pattern_ == PATTERN_NOT_COVERED)
     return;
   DCHECK(!range_requested_);
diff --git a/chromium/net/http/http_cache_transaction.h b/chromium/net/http/http_cache_transaction.h
index b3c90e94578..8e263378203 100644
--- a/chromium/net/http/http_cache_transaction.h
+++ b/chromium/net/http/http_cache_transaction.h
@@ -11,11 +11,11 @@
 #include <stddef.h>
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "base/time/time.h"
 #include "net/base/completion_callback.h"
@@ -246,6 +246,18 @@ class HttpCache::Transaction : public HttpTransaction {
     PATTERN_MAX,
   };
 
+  // Used for categorizing validation triggers in histograms.
+  // NOTE: This enumeration is used in histograms, so please do not add entries
+  // in the middle.
+  enum ValidationCause {
+    VALIDATION_CAUSE_UNDEFINED,
+    VALIDATION_CAUSE_VARY_MISMATCH,
+    VALIDATION_CAUSE_VALIDATE_FLAG,
+    VALIDATION_CAUSE_STALE,
+    VALIDATION_CAUSE_ZERO_FRESHNESS,
+    VALIDATION_CAUSE_MAX
+  };
+
   // Runs the state transition loop. Resets and calls |callback_| on exit,
   // unless the return value is ERR_IO_PENDING.
   int DoLoop(int result);
@@ -430,7 +442,7 @@ class HttpCache::Transaction : public HttpTransaction {
   const HttpRequestInfo* request_;
   RequestPriority priority_;
   BoundNetLog net_log_;
-  scoped_ptr<HttpRequestInfo> custom_request_;
+  std::unique_ptr<HttpRequestInfo> custom_request_;
   HttpRequestHeaders request_headers_copy_;
   // If extra_headers specified a "if-modified-since" or "if-none-match",
   // |external_validation_| contains the value of those headers.
@@ -438,7 +450,7 @@ class HttpCache::Transaction : public HttpTransaction {
   base::WeakPtr<HttpCache> cache_;
   HttpCache::ActiveEntry* entry_;
   HttpCache::ActiveEntry* new_entry_;
-  scoped_ptr<HttpTransaction> network_trans_;
+  std::unique_ptr<HttpTransaction> network_trans_;
   CompletionCallback callback_;  // Consumer's callback.
   HttpResponseInfo response_;
   HttpResponseInfo auth_response_;
@@ -462,12 +474,13 @@ class HttpCache::Transaction : public HttpTransaction {
   int read_offset_;
   int effective_load_flags_;
   int write_len_;
-  scoped_ptr<PartialData> partial_;  // We are dealing with range requests.
+  std::unique_ptr<PartialData> partial_;  // We are dealing with range requests.
   UploadProgress final_upload_progress_;
   CompletionCallback io_callback_;
 
   // Members used to track data for histograms.
   TransactionPattern transaction_pattern_;
+  ValidationCause validation_cause_;
   base::TimeTicks entry_lock_waiting_since_;
   base::TimeTicks first_cache_access_since_;
   base::TimeTicks send_request_since_;
@@ -478,7 +491,7 @@ class HttpCache::Transaction : public HttpTransaction {
   // Load timing information for the last network request, if any.  Set in the
   // 304 and 206 response cases, as the network transaction may be destroyed
   // before the caller requests load timing information.
-  scoped_ptr<LoadTimingInfo> old_network_trans_load_timing_;
+  std::unique_ptr<LoadTimingInfo> old_network_trans_load_timing_;
 
   ConnectionAttempts old_connection_attempts_;
   IPEndPoint old_remote_endpoint_;
diff --git a/chromium/net/http/http_cache_unittest.cc b/chromium/net/http/http_cache_unittest.cc
index 44039e41a3d..9ae7f8471de 100644
--- a/chromium/net/http/http_cache_unittest.cc
+++ b/chromium/net/http/http_cache_unittest.cc
@@ -5,14 +5,16 @@
 #include "net/http/http_cache.h"
 
 #include <stdint.h>
+
 #include <algorithm>
+#include <memory>
 #include <utility>
 #include <vector>
 
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
+#include "base/memory/ptr_util.h"
 #include "base/message_loop/message_loop.h"
 #include "base/run_loop.h"
 #include "base/strings/string_util.h"
@@ -148,7 +150,7 @@ void RunTransactionTestBase(HttpCache* cache,
 
   // write to the cache
 
-  scoped_ptr<HttpTransaction> trans;
+  std::unique_ptr<HttpTransaction> trans;
   int rv = cache->CreateTransaction(DEFAULT_PRIORITY, &trans);
   EXPECT_EQ(OK, rv);
   ASSERT_TRUE(trans.get());
@@ -570,7 +572,7 @@ struct Context {
 
   int result;
   TestCompletionCallback callback;
-  scoped_ptr<HttpTransaction> trans;
+  std::unique_ptr<HttpTransaction> trans;
 };
 
 class FakeWebSocketHandshakeStreamCreateHelper
@@ -578,7 +580,7 @@ class FakeWebSocketHandshakeStreamCreateHelper
  public:
   ~FakeWebSocketHandshakeStreamCreateHelper() override {}
   WebSocketHandshakeStreamBase* CreateBasicStream(
-      scoped_ptr<ClientSocketHandle> connect,
+      std::unique_ptr<ClientSocketHandle> connect,
       bool using_proxy) override {
     return NULL;
   }
@@ -634,7 +636,7 @@ bool LogContainsEventType(const BoundTestNetLog& log,
 TEST(HttpCache, CreateThenDestroy) {
   MockHttpCache cache;
 
-  scoped_ptr<HttpTransaction> trans;
+  std::unique_ptr<HttpTransaction> trans;
   EXPECT_EQ(OK, cache.CreateTransaction(&trans));
   ASSERT_TRUE(trans.get());
 }
@@ -704,7 +706,7 @@ TEST(HttpCache, SimpleGETNoDiskCache) {
 
 TEST(HttpCache, SimpleGETNoDiskCache2) {
   // This will initialize a cache object with NULL backend.
-  scoped_ptr<MockBlockingBackendFactory> factory(
+  std::unique_ptr<MockBlockingBackendFactory> factory(
       new MockBlockingBackendFactory());
   factory->set_fail(true);
   factory->FinishCreation();  // We'll complete synchronously.
@@ -725,7 +727,7 @@ TEST(HttpCache, ReleaseBuffer) {
   RunTransactionTest(cache.http_cache(), kSimpleGET_Transaction);
 
   MockHttpRequest request(kSimpleGET_Transaction);
-  scoped_ptr<HttpTransaction> trans;
+  std::unique_ptr<HttpTransaction> trans;
   ASSERT_EQ(OK, cache.CreateTransaction(&trans));
 
   const int kBufferSize = 10;
@@ -766,7 +768,7 @@ TEST(HttpCache, SimpleGETWithDiskFailures2) {
 
   MockHttpRequest request(kSimpleGET_Transaction);
 
-  scoped_ptr<Context> c(new Context());
+  std::unique_ptr<Context> c(new Context());
   int rv = cache.CreateTransaction(&c->trans);
   ASSERT_EQ(OK, rv);
 
@@ -811,7 +813,7 @@ TEST(HttpCache, SimpleGETWithDiskFailures3) {
   cache.disk_cache()->set_soft_failures(true);
 
   // Now fail to read from the cache.
-  scoped_ptr<Context> c(new Context());
+  std::unique_ptr<Context> c(new Context());
   int rv = cache.CreateTransaction(&c->trans);
   ASSERT_EQ(OK, rv);
 
@@ -915,7 +917,7 @@ TEST(HttpCache, SimpleGET_LoadOnlyFromCache_Miss) {
   MockHttpRequest request(transaction);
   TestCompletionCallback callback;
 
-  scoped_ptr<HttpTransaction> trans;
+  std::unique_ptr<HttpTransaction> trans;
   ASSERT_EQ(OK, cache.CreateTransaction(&trans));
 
   int rv = trans->Start(&request, callback.callback(), BoundNetLog());
@@ -1032,7 +1034,7 @@ TEST(HttpCache, SimpleGET_CacheSignal_Failure) {
 
   MockHttpRequest request(transaction);
   TestCompletionCallback callback;
-  scoped_ptr<HttpTransaction> trans;
+  std::unique_ptr<HttpTransaction> trans;
   int rv = cache.http_cache()->CreateTransaction(DEFAULT_PRIORITY, &trans);
   EXPECT_EQ(OK, rv);
   ASSERT_TRUE(trans.get());
@@ -1416,11 +1418,11 @@ TEST(HttpCache, SimpleGET_DoomWithPending) {
   MockHttpRequest writer_request(kSimpleGET_Transaction);
   writer_request.load_flags = LOAD_BYPASS_CACHE;
 
-  std::vector<scoped_ptr<Context>> context_list;
+  std::vector<std::unique_ptr<Context>> context_list;
   const int kNumTransactions = 4;
 
   for (int i = 0; i < kNumTransactions; ++i) {
-    context_list.push_back(make_scoped_ptr(new Context()));
+    context_list.push_back(base::WrapUnique(new Context()));
     Context* c = context_list[i].get();
 
     c->result = cache.CreateTransaction(&c->trans);
@@ -1723,7 +1725,7 @@ TEST(HttpCache, SimpleGET_AbandonedCacheRead) {
   MockHttpRequest request(kSimpleGET_Transaction);
   TestCompletionCallback callback;
 
-  scoped_ptr<HttpTransaction> trans;
+  std::unique_ptr<HttpTransaction> trans;
   ASSERT_EQ(OK, cache.CreateTransaction(&trans));
   int rv = trans->Start(&request, callback.callback(), BoundNetLog());
   if (rv == ERR_IO_PENDING)
@@ -1746,8 +1748,8 @@ TEST(HttpCache, SimpleGET_AbandonedCacheRead) {
 // Tests that we can delete the HttpCache and deal with queued transactions
 // ("waiting for the backend" as opposed to Active or Doomed entries).
 TEST(HttpCache, SimpleGET_ManyWriters_DeleteCache) {
-  scoped_ptr<MockHttpCache> cache(
-      new MockHttpCache(make_scoped_ptr(new MockBackendNoCbFactory())));
+  std::unique_ptr<MockHttpCache> cache(
+      new MockHttpCache(base::WrapUnique(new MockBackendNoCbFactory())));
 
   MockHttpRequest request(kSimpleGET_Transaction);
 
@@ -1784,7 +1786,7 @@ TEST(HttpCache, SimpleGET_ManyWriters_DeleteCache) {
 // Tests that we queue requests when initializing the backend.
 TEST(HttpCache, SimpleGET_WaitForBackend) {
   MockBlockingBackendFactory* factory = new MockBlockingBackendFactory();
-  MockHttpCache cache(make_scoped_ptr(factory));
+  MockHttpCache cache(base::WrapUnique(factory));
 
   MockHttpRequest request0(kSimpleGET_Transaction);
   MockHttpRequest request1(kTypicalGET_Transaction);
@@ -1830,7 +1832,7 @@ TEST(HttpCache, SimpleGET_WaitForBackend) {
 // to be initialized.
 TEST(HttpCache, SimpleGET_WaitForBackend_CancelCreate) {
   MockBlockingBackendFactory* factory = new MockBlockingBackendFactory();
-  MockHttpCache cache(make_scoped_ptr(factory));
+  MockHttpCache cache(base::WrapUnique(factory));
 
   MockHttpRequest request0(kSimpleGET_Transaction);
   MockHttpRequest request1(kTypicalGET_Transaction);
@@ -1884,11 +1886,12 @@ TEST(HttpCache, SimpleGET_WaitForBackend_CancelCreate) {
 // Tests that we can delete the cache while creating the backend.
 TEST(HttpCache, DeleteCacheWaitingForBackend) {
   MockBlockingBackendFactory* factory = new MockBlockingBackendFactory();
-  scoped_ptr<MockHttpCache> cache(new MockHttpCache(make_scoped_ptr(factory)));
+  std::unique_ptr<MockHttpCache> cache(
+      new MockHttpCache(base::WrapUnique(factory)));
 
   MockHttpRequest request(kSimpleGET_Transaction);
 
-  scoped_ptr<Context> c(new Context());
+  std::unique_ptr<Context> c(new Context());
   c->result = cache->CreateTransaction(&c->trans);
   ASSERT_EQ(OK, c->result);
 
@@ -1903,7 +1906,7 @@ TEST(HttpCache, DeleteCacheWaitingForBackend) {
   // We cannot call FinishCreation because the factory itself will go away with
   // the cache, so grab the callback and attempt to use it.
   CompletionCallback callback = factory->callback();
-  scoped_ptr<disk_cache::Backend>* backend = factory->backend();
+  std::unique_ptr<disk_cache::Backend>* backend = factory->backend();
 
   cache.reset();
   base::MessageLoop::current()->RunUntilIdle();
@@ -1916,7 +1919,7 @@ TEST(HttpCache, DeleteCacheWaitingForBackend) {
 // one of the callbacks.
 TEST(HttpCache, DeleteCacheWaitingForBackend2) {
   MockBlockingBackendFactory* factory = new MockBlockingBackendFactory();
-  MockHttpCache* cache = new MockHttpCache(make_scoped_ptr(factory));
+  MockHttpCache* cache = new MockHttpCache(base::WrapUnique(factory));
 
   DeleteCacheCompletionCallback cb(cache);
   disk_cache::Backend* backend;
@@ -1926,7 +1929,7 @@ TEST(HttpCache, DeleteCacheWaitingForBackend2) {
   // Now let's queue a regular transaction
   MockHttpRequest request(kSimpleGET_Transaction);
 
-  scoped_ptr<Context> c(new Context());
+  std::unique_ptr<Context> c(new Context());
   c->result = cache->CreateTransaction(&c->trans);
   ASSERT_EQ(OK, c->result);
 
@@ -2904,7 +2907,7 @@ TEST(HttpCache, SimplePOST_LoadOnlyFromCache_Miss) {
   MockHttpRequest request(transaction);
   TestCompletionCallback callback;
 
-  scoped_ptr<HttpTransaction> trans;
+  std::unique_ptr<HttpTransaction> trans;
   ASSERT_EQ(OK, cache.CreateTransaction(&trans));
   ASSERT_TRUE(trans.get());
 
@@ -2927,9 +2930,9 @@ TEST(HttpCache, SimplePOST_LoadOnlyFromCache_Hit) {
 
   const int64_t kUploadId = 1;  // Just a dummy value.
 
-  std::vector<scoped_ptr<UploadElementReader>> element_readers;
+  std::vector<std::unique_ptr<UploadElementReader>> element_readers;
   element_readers.push_back(
-      make_scoped_ptr(new UploadBytesElementReader("hello", 5)));
+      base::WrapUnique(new UploadBytesElementReader("hello", 5)));
   ElementsUploadDataStream upload_data_stream(std::move(element_readers),
                                               kUploadId);
   MockHttpRequest request(transaction);
@@ -2960,9 +2963,9 @@ TEST(HttpCache, SimplePOST_WithRanges) {
 
   const int64_t kUploadId = 1;  // Just a dummy value.
 
-  std::vector<scoped_ptr<UploadElementReader>> element_readers;
+  std::vector<std::unique_ptr<UploadElementReader>> element_readers;
   element_readers.push_back(
-      make_scoped_ptr(new UploadBytesElementReader("hello", 5)));
+      base::WrapUnique(new UploadBytesElementReader("hello", 5)));
   ElementsUploadDataStream upload_data_stream(std::move(element_readers),
                                               kUploadId);
 
@@ -2977,13 +2980,13 @@ TEST(HttpCache, SimplePOST_WithRanges) {
   EXPECT_EQ(0, cache.disk_cache()->create_count());
 }
 
-// Tests that a POST is cached separately from a previously cached GET.
+// Tests that a POST is cached separately from a GET.
 TEST(HttpCache, SimplePOST_SeparateCache) {
   MockHttpCache cache;
 
-  std::vector<scoped_ptr<UploadElementReader>> element_readers;
+  std::vector<std::unique_ptr<UploadElementReader>> element_readers;
   element_readers.push_back(
-      make_scoped_ptr(new UploadBytesElementReader("hello", 5)));
+      base::WrapUnique(new UploadBytesElementReader("hello", 5)));
   ElementsUploadDataStream upload_data_stream(std::move(element_readers), 1);
 
   MockTransaction transaction(kSimplePOST_Transaction);
@@ -3021,9 +3024,9 @@ TEST(HttpCache, SimplePOST_Invalidate_205) {
   EXPECT_EQ(0, cache.disk_cache()->open_count());
   EXPECT_EQ(1, cache.disk_cache()->create_count());
 
-  std::vector<scoped_ptr<UploadElementReader>> element_readers;
+  std::vector<std::unique_ptr<UploadElementReader>> element_readers;
   element_readers.push_back(
-      make_scoped_ptr(new UploadBytesElementReader("hello", 5)));
+      base::WrapUnique(new UploadBytesElementReader("hello", 5)));
   ElementsUploadDataStream upload_data_stream(std::move(element_readers), 1);
 
   transaction.method = "POST";
@@ -3061,9 +3064,9 @@ TEST(HttpCache, SimplePOST_NoUploadId_Invalidate_205) {
   EXPECT_EQ(0, cache.disk_cache()->open_count());
   EXPECT_EQ(1, cache.disk_cache()->create_count());
 
-  std::vector<scoped_ptr<UploadElementReader>> element_readers;
+  std::vector<std::unique_ptr<UploadElementReader>> element_readers;
   element_readers.push_back(
-      make_scoped_ptr(new UploadBytesElementReader("hello", 5)));
+      base::WrapUnique(new UploadBytesElementReader("hello", 5)));
   ElementsUploadDataStream upload_data_stream(std::move(element_readers), 0);
 
   transaction.method = "POST";
@@ -3088,15 +3091,15 @@ TEST(HttpCache, SimplePOST_NoUploadId_Invalidate_205) {
 // Tests that processing a POST before creating the backend doesn't crash.
 TEST(HttpCache, SimplePOST_NoUploadId_NoBackend) {
   // This will initialize a cache object with NULL backend.
-  scoped_ptr<MockBlockingBackendFactory> factory(
+  std::unique_ptr<MockBlockingBackendFactory> factory(
       new MockBlockingBackendFactory());
   factory->set_fail(true);
   factory->FinishCreation();
   MockHttpCache cache(std::move(factory));
 
-  std::vector<scoped_ptr<UploadElementReader>> element_readers;
+  std::vector<std::unique_ptr<UploadElementReader>> element_readers;
   element_readers.push_back(
-      make_scoped_ptr(new UploadBytesElementReader("hello", 5)));
+      base::WrapUnique(new UploadBytesElementReader("hello", 5)));
   ElementsUploadDataStream upload_data_stream(std::move(element_readers), 0);
 
   MockTransaction transaction(kSimplePOST_Transaction);
@@ -3124,9 +3127,9 @@ TEST(HttpCache, SimplePOST_DontInvalidate_100) {
   EXPECT_EQ(0, cache.disk_cache()->open_count());
   EXPECT_EQ(1, cache.disk_cache()->create_count());
 
-  std::vector<scoped_ptr<UploadElementReader>> element_readers;
+  std::vector<std::unique_ptr<UploadElementReader>> element_readers;
   element_readers.push_back(
-      make_scoped_ptr(new UploadBytesElementReader("hello", 5)));
+      base::WrapUnique(new UploadBytesElementReader("hello", 5)));
   ElementsUploadDataStream upload_data_stream(std::move(element_readers), 1);
 
   transaction.method = "POST";
@@ -3159,7 +3162,7 @@ TEST(HttpCache, SimpleHEAD_LoadOnlyFromCache_Miss) {
   MockHttpRequest request(transaction);
   TestCompletionCallback callback;
 
-  scoped_ptr<HttpTransaction> trans;
+  std::unique_ptr<HttpTransaction> trans;
   ASSERT_EQ(OK, cache.CreateTransaction(&trans));
   ASSERT_TRUE(trans.get());
 
@@ -3436,9 +3439,9 @@ TEST(HttpCache, SimplePUT_Miss) {
   MockTransaction transaction(kSimplePOST_Transaction);
   transaction.method = "PUT";
 
-  std::vector<scoped_ptr<UploadElementReader>> element_readers;
+  std::vector<std::unique_ptr<UploadElementReader>> element_readers;
   element_readers.push_back(
-      make_scoped_ptr(new UploadBytesElementReader("hello", 5)));
+      base::WrapUnique(new UploadBytesElementReader("hello", 5)));
   ElementsUploadDataStream upload_data_stream(std::move(element_readers), 0);
 
   MockHttpRequest request(transaction);
@@ -3466,9 +3469,9 @@ TEST(HttpCache, SimplePUT_Invalidate) {
   EXPECT_EQ(0, cache.disk_cache()->open_count());
   EXPECT_EQ(1, cache.disk_cache()->create_count());
 
-  std::vector<scoped_ptr<UploadElementReader>> element_readers;
+  std::vector<std::unique_ptr<UploadElementReader>> element_readers;
   element_readers.push_back(
-      make_scoped_ptr(new UploadBytesElementReader("hello", 5)));
+      base::WrapUnique(new UploadBytesElementReader("hello", 5)));
   ElementsUploadDataStream upload_data_stream(std::move(element_readers), 0);
 
   transaction.method = "PUT";
@@ -3503,9 +3506,9 @@ TEST(HttpCache, SimplePUT_Invalidate_305) {
   EXPECT_EQ(0, cache.disk_cache()->open_count());
   EXPECT_EQ(1, cache.disk_cache()->create_count());
 
-  std::vector<scoped_ptr<UploadElementReader>> element_readers;
+  std::vector<std::unique_ptr<UploadElementReader>> element_readers;
   element_readers.push_back(
-      make_scoped_ptr(new UploadBytesElementReader("hello", 5)));
+      base::WrapUnique(new UploadBytesElementReader("hello", 5)));
   ElementsUploadDataStream upload_data_stream(std::move(element_readers), 0);
 
   transaction.method = "PUT";
@@ -3542,9 +3545,9 @@ TEST(HttpCache, SimplePUT_DontInvalidate_404) {
   EXPECT_EQ(0, cache.disk_cache()->open_count());
   EXPECT_EQ(1, cache.disk_cache()->create_count());
 
-  std::vector<scoped_ptr<UploadElementReader>> element_readers;
+  std::vector<std::unique_ptr<UploadElementReader>> element_readers;
   element_readers.push_back(
-      make_scoped_ptr(new UploadBytesElementReader("hello", 5)));
+      base::WrapUnique(new UploadBytesElementReader("hello", 5)));
   ElementsUploadDataStream upload_data_stream(std::move(element_readers), 0);
 
   transaction.method = "PUT";
@@ -3573,9 +3576,9 @@ TEST(HttpCache, SimpleDELETE_Miss) {
   MockTransaction transaction(kSimplePOST_Transaction);
   transaction.method = "DELETE";
 
-  std::vector<scoped_ptr<UploadElementReader>> element_readers;
+  std::vector<std::unique_ptr<UploadElementReader>> element_readers;
   element_readers.push_back(
-      make_scoped_ptr(new UploadBytesElementReader("hello", 5)));
+      base::WrapUnique(new UploadBytesElementReader("hello", 5)));
   ElementsUploadDataStream upload_data_stream(std::move(element_readers), 0);
 
   MockHttpRequest request(transaction);
@@ -3603,9 +3606,9 @@ TEST(HttpCache, SimpleDELETE_Invalidate) {
   EXPECT_EQ(0, cache.disk_cache()->open_count());
   EXPECT_EQ(1, cache.disk_cache()->create_count());
 
-  std::vector<scoped_ptr<UploadElementReader>> element_readers;
+  std::vector<std::unique_ptr<UploadElementReader>> element_readers;
   element_readers.push_back(
-      make_scoped_ptr(new UploadBytesElementReader("hello", 5)));
+      base::WrapUnique(new UploadBytesElementReader("hello", 5)));
   ElementsUploadDataStream upload_data_stream(std::move(element_readers), 0);
 
   transaction.method = "DELETE";
@@ -5433,7 +5436,7 @@ TEST(HttpCache, RangeGET_LargeValues) {
 // Tests that we don't crash with a range request if the disk cache was not
 // initialized properly.
 TEST(HttpCache, RangeGET_NoDiskCache) {
-  scoped_ptr<MockBlockingBackendFactory> factory(
+  std::unique_ptr<MockBlockingBackendFactory> factory(
       new MockBlockingBackendFactory());
   factory->set_fail(true);
   factory->FinishCreation();  // We'll complete synchronously.
@@ -5554,7 +5557,7 @@ TEST(HttpCache, RangeGET_OK_LoadOnlyFromCache) {
   MockHttpRequest request(transaction);
   TestCompletionCallback callback;
 
-  scoped_ptr<HttpTransaction> trans;
+  std::unique_ptr<HttpTransaction> trans;
   int rv = cache.http_cache()->CreateTransaction(DEFAULT_PRIORITY, &trans);
   EXPECT_EQ(OK, rv);
   ASSERT_TRUE(trans.get());
@@ -5747,7 +5750,7 @@ TEST(HttpCache, SetTruncatedFlag) {
       "Etag: \"foopy\"\n";
   MockHttpRequest request(transaction);
 
-  scoped_ptr<Context> c(new Context());
+  std::unique_ptr<Context> c(new Context());
 
   int rv = cache.CreateTransaction(&c->trans);
   ASSERT_EQ(OK, rv);
@@ -5800,7 +5803,7 @@ TEST(HttpCache, DontSetTruncatedFlag) {
       "Etag: \"foopy\"\n";
   MockHttpRequest request(transaction);
 
-  scoped_ptr<Context> c(new Context());
+  std::unique_ptr<Context> c(new Context());
   int rv = cache.CreateTransaction(&c->trans);
   ASSERT_EQ(OK, rv);
 
@@ -5826,8 +5829,8 @@ TEST(HttpCache, RangeGET_DontTruncate) {
   ScopedMockTransaction transaction(kRangeGET_TransactionOK);
   transaction.request_headers = "Range: bytes = 0-19\r\n" EXTRA_HEADER;
 
-  scoped_ptr<MockHttpRequest> request(new MockHttpRequest(transaction));
-  scoped_ptr<HttpTransaction> trans;
+  std::unique_ptr<MockHttpRequest> request(new MockHttpRequest(transaction));
+  std::unique_ptr<HttpTransaction> trans;
 
   int rv = cache.http_cache()->CreateTransaction(DEFAULT_PRIORITY, &trans);
   EXPECT_EQ(OK, rv);
@@ -5853,8 +5856,8 @@ TEST(HttpCache, RangeGET_DontTruncate2) {
   ScopedMockTransaction transaction(kRangeGET_TransactionOK);
   transaction.request_headers = "Range: bytes = 30-49\r\n" EXTRA_HEADER;
 
-  scoped_ptr<MockHttpRequest> request(new MockHttpRequest(transaction));
-  scoped_ptr<HttpTransaction> trans;
+  std::unique_ptr<MockHttpRequest> request(new MockHttpRequest(transaction));
+  std::unique_ptr<HttpTransaction> trans;
 
   int rv = cache.http_cache()->CreateTransaction(DEFAULT_PRIORITY, &trans);
   EXPECT_EQ(OK, rv);
@@ -6067,7 +6070,7 @@ TEST(HttpCache, GET_IncompleteResource3) {
   transaction.request_headers = EXTRA_HEADER;
   transaction.data = kFullRangeData;
 
-  scoped_ptr<Context> c(new Context);
+  std::unique_ptr<Context> c(new Context);
   int rv = cache.CreateTransaction(&c->trans);
   ASSERT_EQ(OK, rv);
 
@@ -6102,7 +6105,7 @@ TEST(HttpCache, GET_IncompleteResourceWithAuth) {
   transaction.data = kFullRangeData;
   RangeTransactionServer handler;
 
-  scoped_ptr<Context> c(new Context);
+  std::unique_ptr<Context> c(new Context);
   int rv = cache.CreateTransaction(&c->trans);
   ASSERT_EQ(OK, rv);
 
@@ -6153,7 +6156,7 @@ TEST(HttpCache, TransactionRetryLimit) {
       "Range: bytes = 0-79\r\n"
       "X-Require-Mock-Auth-Alt: dummy\r\n" EXTRA_HEADER;
 
-  scoped_ptr<Context> c(new Context);
+  std::unique_ptr<Context> c(new Context);
   int rv = cache.CreateTransaction(&c->trans);
   ASSERT_EQ(OK, rv);
 
@@ -6332,7 +6335,7 @@ TEST(HttpCache, CachedRedirect) {
 
   // Write to the cache.
   {
-    scoped_ptr<HttpTransaction> trans;
+    std::unique_ptr<HttpTransaction> trans;
     ASSERT_EQ(OK, cache.CreateTransaction(&trans));
 
     int rv = trans->Start(&request, callback.callback(), BoundNetLog());
@@ -6366,7 +6369,7 @@ TEST(HttpCache, CachedRedirect) {
 
   // Read from the cache.
   {
-    scoped_ptr<HttpTransaction> trans;
+    std::unique_ptr<HttpTransaction> trans;
     ASSERT_EQ(OK, cache.CreateTransaction(&trans));
 
     int rv = trans->Start(&request, callback.callback(), BoundNetLog());
@@ -6547,7 +6550,7 @@ TEST(HttpCache, SimpleGET_SSLError) {
   MockHttpRequest request(transaction);
   TestCompletionCallback callback;
 
-  scoped_ptr<HttpTransaction> trans;
+  std::unique_ptr<HttpTransaction> trans;
   ASSERT_EQ(OK, cache.CreateTransaction(&trans));
 
   int rv = trans->Start(&request, callback.callback(), BoundNetLog());
@@ -6560,7 +6563,7 @@ TEST(HttpCache, SimpleGET_SSLError) {
 TEST(HttpCache, OutlivedTransactions) {
   MockHttpCache* cache = new MockHttpCache;
 
-  scoped_ptr<HttpTransaction> trans;
+  std::unique_ptr<HttpTransaction> trans;
   EXPECT_EQ(OK, cache->CreateTransaction(&trans));
 
   delete cache;
@@ -6801,7 +6804,7 @@ TEST(HttpCache, FilterCompletion) {
   TestCompletionCallback callback;
 
   {
-    scoped_ptr<HttpTransaction> trans;
+    std::unique_ptr<HttpTransaction> trans;
     ASSERT_EQ(OK, cache.CreateTransaction(&trans));
 
     MockHttpRequest request(kSimpleGET_Transaction);
@@ -6837,7 +6840,7 @@ TEST(HttpCache, DoneReading) {
   ScopedMockTransaction transaction(kSimpleGET_Transaction);
   transaction.data = "";
 
-  scoped_ptr<HttpTransaction> trans;
+  std::unique_ptr<HttpTransaction> trans;
   ASSERT_EQ(OK, cache.CreateTransaction(&trans));
 
   MockHttpRequest request(transaction);
@@ -6865,7 +6868,7 @@ TEST(HttpCache, StopCachingDeletesEntry) {
   MockHttpRequest request(kSimpleGET_Transaction);
 
   {
-    scoped_ptr<HttpTransaction> trans;
+    std::unique_ptr<HttpTransaction> trans;
     ASSERT_EQ(OK, cache.CreateTransaction(&trans));
 
     int rv = trans->Start(&request, callback.callback(), BoundNetLog());
@@ -6903,7 +6906,7 @@ TEST(HttpCache, StopCachingThenDoneReadingDeletesEntry) {
   MockHttpRequest request(kSimpleGET_Transaction);
 
   {
-    scoped_ptr<HttpTransaction> trans;
+    std::unique_ptr<HttpTransaction> trans;
     ASSERT_EQ(OK, cache.CreateTransaction(&trans));
 
     int rv = trans->Start(&request, callback.callback(), BoundNetLog());
@@ -6946,7 +6949,7 @@ TEST(HttpCache, StopCachingWithAuthDeletesEntry) {
   MockHttpRequest request(mock_transaction);
 
   {
-    scoped_ptr<HttpTransaction> trans;
+    std::unique_ptr<HttpTransaction> trans;
     ASSERT_EQ(OK, cache.CreateTransaction(&trans));
 
     int rv = trans->Start(&request, callback.callback(), BoundNetLog());
@@ -6978,7 +6981,7 @@ TEST(HttpCache, StopCachingSavesEntry) {
   MockHttpRequest request(kSimpleGET_Transaction);
 
   {
-    scoped_ptr<HttpTransaction> trans;
+    std::unique_ptr<HttpTransaction> trans;
     ASSERT_EQ(OK, cache.CreateTransaction(&trans));
 
     // Force a response that can be resumed.
@@ -7026,7 +7029,7 @@ TEST(HttpCache, StopCachingTruncatedEntry) {
 
   {
     // Now make a regular request.
-    scoped_ptr<HttpTransaction> trans;
+    std::unique_ptr<HttpTransaction> trans;
     ASSERT_EQ(OK, cache.CreateTransaction(&trans));
 
     int rv = trans->Start(&request, callback.callback(), BoundNetLog());
@@ -7097,7 +7100,7 @@ TEST(HttpCache, TruncatedByContentLength2) {
 TEST(HttpCache, SetPriority) {
   MockHttpCache cache;
 
-  scoped_ptr<HttpTransaction> trans;
+  std::unique_ptr<HttpTransaction> trans;
   ASSERT_EQ(OK, cache.http_cache()->CreateTransaction(IDLE, &trans));
 
   // Shouldn't crash, but doesn't do anything either.
@@ -7135,7 +7138,7 @@ TEST(HttpCache, SetWebSocketHandshakeStreamCreateHelper) {
   MockHttpCache cache;
 
   FakeWebSocketHandshakeStreamCreateHelper create_helper;
-  scoped_ptr<HttpTransaction> trans;
+  std::unique_ptr<HttpTransaction> trans;
   ASSERT_EQ(OK, cache.http_cache()->CreateTransaction(IDLE, &trans));
 
   EXPECT_FALSE(cache.network_layer()->last_transaction());
@@ -7175,7 +7178,7 @@ TEST(HttpCache, SetPriorityNewTransaction) {
   transaction.request_headers = EXTRA_HEADER;
   transaction.data = kFullRangeData;
 
-  scoped_ptr<HttpTransaction> trans;
+  std::unique_ptr<HttpTransaction> trans;
   ASSERT_EQ(OK, cache.http_cache()->CreateTransaction(MEDIUM, &trans));
   EXPECT_EQ(DEFAULT_PRIORITY,
             cache.network_layer()->last_create_transaction_priority());
@@ -7312,7 +7315,7 @@ class HttpCachePrefetchValidationTest : public ::testing::Test {
     DCHECK_LT(kMaxAgeSecs, prefetch_reuse_mins() * kNumSecondsPerMinute);
 
     clock_ = new base::SimpleTestClock();
-    cache_.http_cache()->SetClockForTesting(make_scoped_ptr(clock_));
+    cache_.http_cache()->SetClockForTesting(base::WrapUnique(clock_));
     cache_.network_layer()->SetClock(clock_);
 
     transaction_.response_headers = "Cache-Control: max-age=100\n";
@@ -7568,7 +7571,7 @@ TEST(HttpCache, RangeGET_MultipleRequests) {
   AddMockTransaction(&transaction);
 
   TestCompletionCallback callback;
-  scoped_ptr<HttpTransaction> trans;
+  std::unique_ptr<HttpTransaction> trans;
   int rv = cache.http_cache()->CreateTransaction(DEFAULT_PRIORITY, &trans);
   EXPECT_EQ(OK, rv);
   ASSERT_TRUE(trans.get());
@@ -7597,7 +7600,7 @@ TEST(HttpCache, NoStoreResponseShouldNotBlockFollowingRequests) {
   mock_transaction.response_headers = "Cache-Control: no-store\n";
   MockHttpRequest request(mock_transaction);
 
-  scoped_ptr<Context> first(new Context);
+  std::unique_ptr<Context> first(new Context);
   first->result = cache.CreateTransaction(&first->trans);
   ASSERT_EQ(OK, first->result);
   EXPECT_EQ(LOAD_STATE_IDLE, first->trans->GetLoadState());
@@ -7613,7 +7616,7 @@ TEST(HttpCache, NoStoreResponseShouldNotBlockFollowingRequests) {
   // Here we have read the response header but not read the response body yet.
 
   // Let us create the second (read) transaction.
-  scoped_ptr<Context> second(new Context);
+  std::unique_ptr<Context> second(new Context);
   second->result = cache.CreateTransaction(&second->trans);
   ASSERT_EQ(OK, second->result);
   EXPECT_EQ(LOAD_STATE_IDLE, second->trans->GetLoadState());
diff --git a/chromium/net/http/http_chunked_decoder_unittest.cc b/chromium/net/http/http_chunked_decoder_unittest.cc
index 2f2ab2501e0..2cd4fc172d3 100644
--- a/chromium/net/http/http_chunked_decoder_unittest.cc
+++ b/chromium/net/http/http_chunked_decoder_unittest.cc
@@ -4,7 +4,8 @@
 
 #include "net/http/http_chunked_decoder.h"
 
-#include "base/memory/scoped_ptr.h"
+#include <memory>
+
 #include "net/base/net_errors.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
@@ -327,7 +328,7 @@ TEST(HttpChunkedDecoderTest, MultipleExtraDataBlocks) {
 // Test when the line with the chunk length is too long.
 TEST(HttpChunkedDecoderTest, LongChunkLengthLine) {
   int big_chunk_length = HttpChunkedDecoder::kMaxLineBufLen;
-  scoped_ptr<char[]> big_chunk(new char[big_chunk_length + 1]);
+  std::unique_ptr<char[]> big_chunk(new char[big_chunk_length + 1]);
   memset(big_chunk.get(), '0', big_chunk_length);
   big_chunk[big_chunk_length] = 0;
   const char* const inputs[] = {
@@ -341,7 +342,7 @@ TEST(HttpChunkedDecoderTest, LongChunkLengthLine) {
 // long.
 TEST(HttpChunkedDecoderTest, LongLengthLengthLine) {
   int big_chunk_length = HttpChunkedDecoder::kMaxLineBufLen;
-  scoped_ptr<char[]> big_chunk(new char[big_chunk_length + 1]);
+  std::unique_ptr<char[]> big_chunk(new char[big_chunk_length + 1]);
   memset(big_chunk.get(), '0', big_chunk_length);
   big_chunk[big_chunk_length] = 0;
   const char* const inputs[] = {
diff --git a/chromium/net/http/http_log_util.cc b/chromium/net/http/http_log_util.cc
index 8146f0d6b17..9d86c4de31d 100644
--- a/chromium/net/http/http_log_util.cc
+++ b/chromium/net/http/http_log_util.cc
@@ -7,6 +7,7 @@
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
+#include "base/values.h"
 #include "net/http/http_auth_challenge_tokenizer.h"
 #include "net/http/http_auth_scheme.h"
 #include "net/http/http_util.h"
@@ -87,4 +88,18 @@ std::string ElideGoAwayDebugDataForNetLog(NetLogCaptureMode capture_mode,
          std::string(" bytes were stripped]");
 }
 
+std::unique_ptr<base::ListValue> ElideSpdyHeaderBlockForNetLog(
+    const SpdyHeaderBlock& headers,
+    NetLogCaptureMode capture_mode) {
+  std::unique_ptr<base::ListValue> headers_list(new base::ListValue());
+  for (SpdyHeaderBlock::const_iterator it = headers.begin();
+       it != headers.end(); ++it) {
+    headers_list->AppendString(
+        it->first.as_string() + ": " +
+        ElideHeaderValueForNetLog(capture_mode, it->first.as_string(),
+                                  it->second.as_string()));
+  }
+  return headers_list;
+}
+
 }  // namespace net
diff --git a/chromium/net/http/http_log_util.h b/chromium/net/http/http_log_util.h
index 5fda79ccf13..ce4713930a7 100644
--- a/chromium/net/http/http_log_util.h
+++ b/chromium/net/http/http_log_util.h
@@ -10,6 +10,11 @@
 #include "base/strings/string_piece.h"
 #include "net/base/net_export.h"
 #include "net/log/net_log.h"
+#include "net/spdy/spdy_header_block.h"
+
+namespace base {
+class ListValue;
+}  // namespace base
 
 namespace net {
 
@@ -26,6 +31,11 @@ NET_EXPORT_PRIVATE std::string ElideGoAwayDebugDataForNetLog(
     NetLogCaptureMode capture_mode,
     base::StringPiece debug_data);
 
+// Given a SpdyHeaderBlock, return its base::ListValue representation.
+std::unique_ptr<base::ListValue> ElideSpdyHeaderBlockForNetLog(
+    const SpdyHeaderBlock& headers,
+    NetLogCaptureMode capture_mode);
+
 }  // namespace net
 
 #endif  // NET_HTTP_HTTP_LOG_UTIL_
diff --git a/chromium/net/http/http_network_layer.cc b/chromium/net/http/http_network_layer.cc
index 169a1cc1be5..60fd5a8aee5 100644
--- a/chromium/net/http/http_network_layer.cc
+++ b/chromium/net/http/http_network_layer.cc
@@ -38,8 +38,9 @@ HttpNetworkLayer::~HttpNetworkLayer() {
 #endif
 }
 
-int HttpNetworkLayer::CreateTransaction(RequestPriority priority,
-                                        scoped_ptr<HttpTransaction>* trans) {
+int HttpNetworkLayer::CreateTransaction(
+    RequestPriority priority,
+    std::unique_ptr<HttpTransaction>* trans) {
   if (suspended_)
     return ERR_NETWORK_IO_SUSPENDED;
 
diff --git a/chromium/net/http/http_network_layer.h b/chromium/net/http/http_network_layer.h
index 3026f2e1eea..86679ddb002 100644
--- a/chromium/net/http/http_network_layer.h
+++ b/chromium/net/http/http_network_layer.h
@@ -5,12 +5,12 @@
 #ifndef NET_HTTP_HTTP_NETWORK_LAYER_H_
 #define NET_HTTP_HTTP_NETWORK_LAYER_H_
 
+#include <memory>
 #include <string>
 
 #include "base/compiler_specific.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/power_monitor/power_observer.h"
 #include "base/threading/non_thread_safe.h"
 #include "net/base/net_export.h"
@@ -33,7 +33,7 @@ class NET_EXPORT HttpNetworkLayer
 
   // HttpTransactionFactory methods:
   int CreateTransaction(RequestPriority priority,
-                        scoped_ptr<HttpTransaction>* trans) override;
+                        std::unique_ptr<HttpTransaction>* trans) override;
   HttpCache* GetCache() override;
   HttpNetworkSession* GetSession() override;
 
diff --git a/chromium/net/http/http_network_layer_unittest.cc b/chromium/net/http/http_network_layer_unittest.cc
index 8589cbf2acc..6753309e6f4 100644
--- a/chromium/net/http/http_network_layer_unittest.cc
+++ b/chromium/net/http/http_network_layer_unittest.cc
@@ -33,7 +33,7 @@ class HttpNetworkLayerTest : public PlatformTest {
     ConfigureTestDependencies(ProxyService::CreateDirect());
   }
 
-  void ConfigureTestDependencies(scoped_ptr<ProxyService> proxy_service) {
+  void ConfigureTestDependencies(std::unique_ptr<ProxyService> proxy_service) {
     cert_verifier_.reset(new MockCertVerifier);
     transport_security_state_.reset(new TransportSecurityState);
     proxy_service_ = std::move(proxy_service);
@@ -61,7 +61,7 @@ class HttpNetworkLayerTest : public PlatformTest {
     request_info.method = method;
     request_info.load_flags = LOAD_NORMAL;
 
-    scoped_ptr<HttpTransaction> trans;
+    std::unique_ptr<HttpTransaction> trans;
     int rv = factory_->CreateTransaction(DEFAULT_PRIORITY, &trans);
     EXPECT_EQ(OK, rv);
 
@@ -256,24 +256,24 @@ class HttpNetworkLayerTest : public PlatformTest {
 
   MockClientSocketFactory mock_socket_factory_;
   MockHostResolver host_resolver_;
-  scoped_ptr<CertVerifier> cert_verifier_;
-  scoped_ptr<TransportSecurityState> transport_security_state_;
-  scoped_ptr<ProxyService> proxy_service_;
+  std::unique_ptr<CertVerifier> cert_verifier_;
+  std::unique_ptr<TransportSecurityState> transport_security_state_;
+  std::unique_ptr<ProxyService> proxy_service_;
   const scoped_refptr<SSLConfigService> ssl_config_service_;
-  scoped_ptr<HttpNetworkSession> network_session_;
-  scoped_ptr<HttpNetworkLayer> factory_;
+  std::unique_ptr<HttpNetworkSession> network_session_;
+  std::unique_ptr<HttpNetworkLayer> factory_;
   HttpServerPropertiesImpl http_server_properties_;
 };
 
 TEST_F(HttpNetworkLayerTest, CreateAndDestroy) {
-  scoped_ptr<HttpTransaction> trans;
+  std::unique_ptr<HttpTransaction> trans;
   int rv = factory_->CreateTransaction(DEFAULT_PRIORITY, &trans);
   EXPECT_EQ(OK, rv);
   EXPECT_TRUE(trans.get() != NULL);
 }
 
 TEST_F(HttpNetworkLayerTest, Suspend) {
-  scoped_ptr<HttpTransaction> trans;
+  std::unique_ptr<HttpTransaction> trans;
   int rv = factory_->CreateTransaction(DEFAULT_PRIORITY, &trans);
   EXPECT_EQ(OK, rv);
 
@@ -317,7 +317,7 @@ TEST_F(HttpNetworkLayerTest, GET) {
                                        "Foo/1.0");
   request_info.load_flags = LOAD_NORMAL;
 
-  scoped_ptr<HttpTransaction> trans;
+  std::unique_ptr<HttpTransaction> trans;
   int rv = factory_->CreateTransaction(DEFAULT_PRIORITY, &trans);
   EXPECT_EQ(OK, rv);
 
@@ -356,7 +356,7 @@ TEST_F(HttpNetworkLayerTest, NetworkVerified) {
                                        "Foo/1.0");
   request_info.load_flags = LOAD_NORMAL;
 
-  scoped_ptr<HttpTransaction> trans;
+  std::unique_ptr<HttpTransaction> trans;
   int rv = factory_->CreateTransaction(DEFAULT_PRIORITY, &trans);
   EXPECT_EQ(OK, rv);
 
@@ -389,7 +389,7 @@ TEST_F(HttpNetworkLayerTest, NetworkUnVerified) {
                                        "Foo/1.0");
   request_info.load_flags = LOAD_NORMAL;
 
-  scoped_ptr<HttpTransaction> trans;
+  std::unique_ptr<HttpTransaction> trans;
   int rv = factory_->CreateTransaction(DEFAULT_PRIORITY, &trans);
   EXPECT_EQ(OK, rv);
 
diff --git a/chromium/net/http/http_network_session.cc b/chromium/net/http/http_network_session.cc
index 9d3a2292de2..f3317a7218a 100644
--- a/chromium/net/http/http_network_session.cc
+++ b/chromium/net/http/http_network_session.cc
@@ -48,7 +48,8 @@ ClientSocketPoolManager* CreateSocketPoolManager(
       params.net_log,
       params.client_socket_factory ? params.client_socket_factory
                                    : ClientSocketFactory::GetDefaultFactory(),
-      params.host_resolver, params.cert_verifier, params.channel_id_service,
+      params.socket_performance_watcher_factory, params.host_resolver,
+      params.cert_verifier, params.channel_id_service,
       params.transport_security_state, params.cert_transparency_verifier,
       params.ct_policy_enforcer, ssl_session_cache_shard,
       params.ssl_config_service, pool_type);
@@ -95,14 +96,13 @@ HttpNetworkSession::Params::Params()
       spdy_session_max_recv_window_size(kSpdySessionMaxRecvWindowSize),
       spdy_stream_max_recv_window_size(kSpdyStreamMaxRecvWindowSize),
       time_func(&base::TimeTicks::Now),
-      parse_alternative_services(false),
-      enable_alternative_service_with_different_host(false),
+      parse_alternative_services(true),
+      enable_alternative_service_with_different_host(true),
+      enable_alternative_service_for_insecure_origins(false),
       enable_npn(false),
-      enable_brotli(false),
       enable_priority_dependencies(true),
       enable_quic(false),
       disable_quic_on_timeout_with_open_streams(false),
-      enable_quic_for_proxies(false),
       enable_quic_port_selection(true),
       quic_always_require_handshake_confirmation(false),
       quic_disable_connection_pooling(false),
@@ -114,7 +114,7 @@ HttpNetworkSession::Params::Params()
       quic_max_number_of_lossy_connections(0),
       quic_packet_loss_threshold(1.0f),
       quic_socket_receive_buffer_size(kQuicSocketReceiveBufferSize),
-      quic_delay_tcp_race(false),
+      quic_delay_tcp_race(true),
       quic_max_server_configs_stored_in_properties(0u),
       quic_clock(NULL),
       quic_random(NULL),
@@ -133,7 +133,7 @@ HttpNetworkSession::Params::Params()
       quic_disable_bidirectional_streams(false),
       proxy_delegate(NULL),
       enable_token_binding(false) {
-  quic_supported_versions.push_back(QUIC_VERSION_30);
+  quic_supported_versions.push_back(QUIC_VERSION_32);
 }
 
 HttpNetworkSession::Params::Params(const Params& other) = default;
@@ -294,23 +294,23 @@ SSLClientSocketPool* HttpNetworkSession::GetSocketPoolForSSLWithProxy(
       proxy_server);
 }
 
-scoped_ptr<base::Value> HttpNetworkSession::SocketPoolInfoToValue() const {
+std::unique_ptr<base::Value> HttpNetworkSession::SocketPoolInfoToValue() const {
   // TODO(yutak): Should merge values from normal pools and WebSocket pools.
   return normal_socket_pool_manager_->SocketPoolInfoToValue();
 }
 
-scoped_ptr<base::Value> HttpNetworkSession::SpdySessionPoolInfoToValue() const {
+std::unique_ptr<base::Value> HttpNetworkSession::SpdySessionPoolInfoToValue()
+    const {
   return spdy_session_pool_.SpdySessionPoolInfoToValue();
 }
 
-scoped_ptr<base::Value> HttpNetworkSession::QuicInfoToValue() const {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+std::unique_ptr<base::Value> HttpNetworkSession::QuicInfoToValue() const {
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->Set("sessions", quic_stream_factory_.QuicStreamFactoryInfoToValue());
   dict->SetBoolean("quic_enabled", params_.enable_quic);
-  dict->SetBoolean("quic_enabled_for_proxies", params_.enable_quic_for_proxies);
   dict->SetBoolean("enable_quic_port_selection",
                    params_.enable_quic_port_selection);
-  scoped_ptr<base::ListValue> connection_options(new base::ListValue);
+  std::unique_ptr<base::ListValue> connection_options(new base::ListValue);
   for (QuicTagVector::const_iterator it =
            params_.quic_connection_options.begin();
        it != params_.quic_connection_options.end(); ++it) {
@@ -318,7 +318,8 @@ scoped_ptr<base::Value> HttpNetworkSession::QuicInfoToValue() const {
   }
   dict->Set("connection_options", std::move(connection_options));
 
-  scoped_ptr<base::ListValue> origins_to_force_quic_on(new base::ListValue);
+  std::unique_ptr<base::ListValue> origins_to_force_quic_on(
+      new base::ListValue);
   for (const auto& origin : params_.origins_to_force_quic_on) {
     origins_to_force_quic_on->AppendString("'" + origin.ToString() + "'");
   }
@@ -382,6 +383,20 @@ void HttpNetworkSession::GetNpnProtos(NextProtoVector* npn_protos) const {
   }
 }
 
+void HttpNetworkSession::GetSSLConfig(const HttpRequestInfo& request,
+                                      SSLConfig* server_config,
+                                      SSLConfig* proxy_config) const {
+  ssl_config_service_->GetSSLConfig(server_config);
+  GetAlpnProtos(&server_config->alpn_protos);
+  GetNpnProtos(&server_config->npn_protos);
+  *proxy_config = *server_config;
+  if (request.privacy_mode == PRIVACY_MODE_ENABLED) {
+    server_config->channel_id_enabled = false;
+  } else if (params_.enable_token_binding && params_.channel_id_service) {
+    server_config->token_binding_params.push_back(TB_PARAM_ECDSAP256);
+  }
+}
+
 ClientSocketPoolManager* HttpNetworkSession::GetSocketPoolManager(
     SocketPoolType pool_type) {
   switch (pool_type) {
diff --git a/chromium/net/http/http_network_session.h b/chromium/net/http/http_network_session.h
index c77953924bc..2903c650f2f 100644
--- a/chromium/net/http/http_network_session.h
+++ b/chromium/net/http/http_network_session.h
@@ -99,13 +99,14 @@ class NET_EXPORT HttpNetworkSession
     // Whether to enable Alt-Svc entries with hostname different than that of
     // the origin.
     bool enable_alternative_service_with_different_host;
+    // Only set for tests.
+    // TODO(bnc) https://crbug.com/615497:
+    // Adapt tests to https requests, remove this member.
+    bool enable_alternative_service_for_insecure_origins;
 
     // Enables NPN support.  Note that ALPN is always enabled.
     bool enable_npn;
 
-    // Enables Brotli Content-Encoding support.
-    bool enable_brotli;
-
     // Enable setting of HTTP/2 dependencies based on priority.
     bool enable_priority_dependencies;
 
@@ -113,8 +114,6 @@ class NET_EXPORT HttpNetworkSession
     bool enable_quic;
     // Disable QUIC if a connection times out with open streams.
     bool disable_quic_on_timeout_with_open_streams;
-    // Enables QUIC for proxies.
-    bool enable_quic_for_proxies;
     // Instruct QUIC to use consistent ephemeral ports when talking to
     // the same server.
     bool enable_quic_port_selection;
@@ -244,14 +243,14 @@ class NET_EXPORT HttpNetworkSession
   }
 
   // Creates a Value summary of the state of the socket pools.
-  scoped_ptr<base::Value> SocketPoolInfoToValue() const;
+  std::unique_ptr<base::Value> SocketPoolInfoToValue() const;
 
   // Creates a Value summary of the state of the SPDY sessions.
-  scoped_ptr<base::Value> SpdySessionPoolInfoToValue() const;
+  std::unique_ptr<base::Value> SpdySessionPoolInfoToValue() const;
 
   // Creates a Value summary of the state of the QUIC sessions and
   // configuration.
-  scoped_ptr<base::Value> QuicInfoToValue() const;
+  std::unique_ptr<base::Value> QuicInfoToValue() const;
 
   void CloseAllConnections();
   void CloseIdleConnections();
@@ -267,6 +266,12 @@ class NET_EXPORT HttpNetworkSession
   // Populates |*npn_protos| with protocols to be used with NPN.
   void GetNpnProtos(NextProtoVector* npn_protos) const;
 
+  // Populates |server_config| and |proxy_config| based on this session and
+  // |request|.
+  void GetSSLConfig(const HttpRequestInfo& request,
+                    SSLConfig* server_config,
+                    SSLConfig* proxy_config) const;
+
  private:
   friend class HttpNetworkSessionPeer;
 
@@ -283,12 +288,12 @@ class NET_EXPORT HttpNetworkSession
 
   HttpAuthCache http_auth_cache_;
   SSLClientAuthCache ssl_client_auth_cache_;
-  scoped_ptr<ClientSocketPoolManager> normal_socket_pool_manager_;
-  scoped_ptr<ClientSocketPoolManager> websocket_socket_pool_manager_;
+  std::unique_ptr<ClientSocketPoolManager> normal_socket_pool_manager_;
+  std::unique_ptr<ClientSocketPoolManager> websocket_socket_pool_manager_;
   QuicStreamFactory quic_stream_factory_;
   SpdySessionPool spdy_session_pool_;
-  scoped_ptr<HttpStreamFactory> http_stream_factory_;
-  scoped_ptr<HttpStreamFactory> http_stream_factory_for_websocket_;
+  std::unique_ptr<HttpStreamFactory> http_stream_factory_;
+  std::unique_ptr<HttpStreamFactory> http_stream_factory_for_websocket_;
   std::set<HttpResponseBodyDrainer*> response_drainers_;
 
   NextProtoVector next_protos_;
diff --git a/chromium/net/http/http_network_session_peer.cc b/chromium/net/http/http_network_session_peer.cc
index a5fb8a594a5..df729762345 100644
--- a/chromium/net/http/http_network_session_peer.cc
+++ b/chromium/net/http/http_network_session_peer.cc
@@ -20,7 +20,7 @@ HttpNetworkSessionPeer::HttpNetworkSessionPeer(HttpNetworkSession* session)
 HttpNetworkSessionPeer::~HttpNetworkSessionPeer() {}
 
 void HttpNetworkSessionPeer::SetClientSocketPoolManager(
-    scoped_ptr<ClientSocketPoolManager> socket_pool_manager) {
+    std::unique_ptr<ClientSocketPoolManager> socket_pool_manager) {
   session_->normal_socket_pool_manager_.swap(socket_pool_manager);
 }
 
@@ -29,12 +29,12 @@ void HttpNetworkSessionPeer::SetProxyService(ProxyService* proxy_service) {
 }
 
 void HttpNetworkSessionPeer::SetHttpStreamFactory(
-    scoped_ptr<HttpStreamFactory> http_stream_factory) {
+    std::unique_ptr<HttpStreamFactory> http_stream_factory) {
   session_->http_stream_factory_.swap(http_stream_factory);
 }
 
 void HttpNetworkSessionPeer::SetHttpStreamFactoryForWebSocket(
-    scoped_ptr<HttpStreamFactory> http_stream_factory) {
+    std::unique_ptr<HttpStreamFactory> http_stream_factory) {
   session_->http_stream_factory_for_websocket_.swap(http_stream_factory);
 }
 
diff --git a/chromium/net/http/http_network_session_peer.h b/chromium/net/http/http_network_session_peer.h
index 18d7a23a876..da057f06ab9 100644
--- a/chromium/net/http/http_network_session_peer.h
+++ b/chromium/net/http/http_network_session_peer.h
@@ -5,9 +5,10 @@
 #ifndef NET_HTTP_HTTP_NETWORK_SESSION_PEER_H_
 #define NET_HTTP_HTTP_NETWORK_SESSION_PEER_H_
 
+#include <memory>
+
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 
 namespace net {
@@ -24,13 +25,14 @@ class NET_EXPORT_PRIVATE HttpNetworkSessionPeer {
   ~HttpNetworkSessionPeer();
 
   void SetClientSocketPoolManager(
-      scoped_ptr<ClientSocketPoolManager> socket_pool_manager);
+      std::unique_ptr<ClientSocketPoolManager> socket_pool_manager);
 
   void SetProxyService(ProxyService* proxy_service);
 
-  void SetHttpStreamFactory(scoped_ptr<HttpStreamFactory> http_stream_factory);
+  void SetHttpStreamFactory(
+      std::unique_ptr<HttpStreamFactory> http_stream_factory);
   void SetHttpStreamFactoryForWebSocket(
-      scoped_ptr<HttpStreamFactory> http_stream_factory_for_websocket);
+      std::unique_ptr<HttpStreamFactory> http_stream_factory_for_websocket);
 
  private:
   HttpNetworkSession* const session_;
diff --git a/chromium/net/http/http_network_transaction.cc b/chromium/net/http/http_network_transaction.cc
index ebbe1552250..26bd1a65925 100644
--- a/chromium/net/http/http_network_transaction.cc
+++ b/chromium/net/http/http_network_transaction.cc
@@ -4,6 +4,7 @@
 
 #include "net/http/http_network_transaction.h"
 
+#include <memory>
 #include <set>
 #include <utility>
 #include <vector>
@@ -13,7 +14,6 @@
 #include "base/bind_helpers.h"
 #include "base/compiler_specific.h"
 #include "base/format_macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/metrics/field_trial.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/metrics/sparse_histogram.h"
@@ -71,14 +71,14 @@ namespace net {
 
 namespace {
 
-scoped_ptr<base::Value> NetLogSSLVersionFallbackCallback(
+std::unique_ptr<base::Value> NetLogSSLVersionFallbackCallback(
     const GURL* url,
     int net_error,
     SSLFailureState ssl_failure_state,
     uint16_t version_before,
     uint16_t version_after,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetString("host_and_port", GetHostAndPort(*url));
   dict->SetInteger("net_error", net_error);
   dict->SetInteger("ssl_failure_state", ssl_failure_state);
@@ -87,11 +87,11 @@ scoped_ptr<base::Value> NetLogSSLVersionFallbackCallback(
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogSSLCipherFallbackCallback(
+std::unique_ptr<base::Value> NetLogSSLCipherFallbackCallback(
     const GURL* url,
     int net_error,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetString("host_and_port", GetHostAndPort(*url));
   dict->SetInteger("net_error", net_error);
   return std::move(dict);
@@ -121,10 +121,6 @@ HttpNetworkTransaction::HttpNetworkTransaction(RequestPriority priority,
       establishing_tunnel_(false),
       websocket_handshake_stream_base_create_helper_(NULL),
       net_error_details_() {
-  session->ssl_config_service()->GetSSLConfig(&server_ssl_config_);
-  session->GetAlpnProtos(&server_ssl_config_.alpn_protos);
-  session->GetNpnProtos(&server_ssl_config_.npn_protos);
-  proxy_ssl_config_ = server_ssl_config_;
 }
 
 HttpNetworkTransaction::~HttpNetworkTransaction() {
@@ -154,6 +150,9 @@ int HttpNetworkTransaction::Start(const HttpRequestInfo* request_info,
   net_log_ = net_log;
   request_ = request_info;
 
+  // Now that we have an HttpRequestInfo object, update server_ssl_config_.
+  session_->GetSSLConfig(*request_, &server_ssl_config_, &proxy_ssl_config_);
+
   if (request_->load_flags & LOAD_DISABLE_CERT_REVOCATION_CHECKING) {
     server_ssl_config_.rev_checking_enabled = false;
     proxy_ssl_config_.rev_checking_enabled = false;
@@ -162,14 +161,6 @@ int HttpNetworkTransaction::Start(const HttpRequestInfo* request_info,
   if (request_->load_flags & LOAD_PREFETCH)
     response_.unused_since_prefetch = true;
 
-  // Channel ID is disabled if privacy mode is enabled for this request.
-  if (request_->privacy_mode == PRIVACY_MODE_ENABLED) {
-    server_ssl_config_.channel_id_enabled = false;
-  } else if (session_->params().enable_token_binding &&
-             session_->params().channel_id_service) {
-    server_ssl_config_.token_binding_params.push_back(TB_PARAM_ECDSAP256);
-  }
-
   next_state_ = STATE_NOTIFY_BEFORE_CREATE_STREAM;
   int rv = DoLoop(OK);
   if (rv == ERR_IO_PENDING)
@@ -359,7 +350,7 @@ void HttpNetworkTransaction::StopCaching() {}
 
 bool HttpNetworkTransaction::GetFullRequestHeaders(
     HttpRequestHeaders* headers) const {
-  // TODO(ttuttle): Make sure we've populated request_headers_.
+  // TODO(juliatuttle): Make sure we've populated request_headers_.
   *headers = request_headers_;
   return true;
 }
@@ -1247,8 +1238,11 @@ int HttpNetworkTransaction::DoReadHeadersComplete(int result) {
     return OK;
   }
 
-  session_->http_stream_factory()->ProcessAlternativeServices(
-      session_, response_.headers.get(), HostPortPair::FromURL(request_->url));
+  if (session_->params().enable_alternative_service_for_insecure_origins ||
+      IsSecureRequest()) {
+    session_->http_stream_factory()->ProcessAlternativeServices(
+        session_, response_.headers.get(), url::SchemeHostPort(request_->url));
+  }
 
   if (IsSecureRequest())
     stream_->GetSSLInfo(&response_.ssl_info);
diff --git a/chromium/net/http/http_network_transaction.h b/chromium/net/http/http_network_transaction.h
index 98b2e72982e..f95cd36d821 100644
--- a/chromium/net/http/http_network_transaction.h
+++ b/chromium/net/http/http_network_transaction.h
@@ -7,12 +7,12 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 
 #include "base/gtest_prod_util.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/time/time.h"
 #include "crypto/ec_private_key.h"
 #include "net/base/net_error_details.h"
@@ -325,8 +325,8 @@ class NET_EXPORT_PRIVATE HttpNetworkTransaction
   // |proxy_info_| is the ProxyInfo used by the HttpStreamRequest.
   ProxyInfo proxy_info_;
 
-  scoped_ptr<HttpStreamRequest> stream_request_;
-  scoped_ptr<HttpStream> stream_;
+  std::unique_ptr<HttpStreamRequest> stream_request_;
+  std::unique_ptr<HttpStream> stream_;
 
   // True if we've validated the headers that the stream parser has returned.
   bool headers_valid_;
@@ -345,8 +345,8 @@ class NET_EXPORT_PRIVATE HttpNetworkTransaction
   SSLFailureState fallback_failure_state_;
 
   // Keys to use for signing message in Token Binding header.
-  scoped_ptr<crypto::ECPrivateKey> provided_token_binding_key_;
-  scoped_ptr<crypto::ECPrivateKey> referred_token_binding_key_;
+  std::unique_ptr<crypto::ECPrivateKey> provided_token_binding_key_;
+  std::unique_ptr<crypto::ECPrivateKey> referred_token_binding_key_;
   // Object to manage lookup of |provided_token_binding_key_| and
   // |referred_token_binding_key_|.
   ChannelIDService::Request token_binding_request_;
diff --git a/chromium/net/http/http_network_transaction_ssl_unittest.cc b/chromium/net/http/http_network_transaction_ssl_unittest.cc
index 575b2b949e4..45c46e46fed 100644
--- a/chromium/net/http/http_network_transaction_ssl_unittest.cc
+++ b/chromium/net/http/http_network_transaction_ssl_unittest.cc
@@ -2,11 +2,12 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include <memory>
 #include <string>
 #include <vector>
 
+#include "base/memory/ptr_util.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/request_priority.h"
 #include "net/dns/mock_host_resolver.h"
 #include "net/http/http_auth_handler_mock.h"
@@ -93,7 +94,7 @@ class HttpNetworkTransactionSSLTest : public testing::Test {
     HttpRequestInfo* request_info = new HttpRequestInfo;
     request_info->url = GURL(url);
     request_info->method = "GET";
-    request_info_vector_.push_back(make_scoped_ptr(request_info));
+    request_info_vector_.push_back(base::WrapUnique(request_info));
     return request_info;
   }
 
@@ -102,15 +103,15 @@ class HttpNetworkTransactionSSLTest : public testing::Test {
   }
 
   scoped_refptr<SSLConfigService> ssl_config_service_;
-  scoped_ptr<HttpAuthHandlerMock::Factory> auth_handler_factory_;
-  scoped_ptr<ProxyService> proxy_service_;
+  std::unique_ptr<HttpAuthHandlerMock::Factory> auth_handler_factory_;
+  std::unique_ptr<ProxyService> proxy_service_;
 
   MockClientSocketFactory mock_socket_factory_;
   MockHostResolver mock_resolver_;
   HttpServerPropertiesImpl http_server_properties_;
   TransportSecurityState transport_security_state_;
   HttpNetworkSession::Params session_params_;
-  std::vector<scoped_ptr<HttpRequestInfo>> request_info_vector_;
+  std::vector<std::unique_ptr<HttpRequestInfo>> request_info_vector_;
 };
 
 // Tests that HttpNetworkTransaction attempts to fallback from
diff --git a/chromium/net/http/http_network_transaction_unittest.cc b/chromium/net/http/http_network_transaction_unittest.cc
index 6be19d7e408..c7c68b4981c 100644
--- a/chromium/net/http/http_network_transaction_unittest.cc
+++ b/chromium/net/http/http_network_transaction_unittest.cc
@@ -7,7 +7,9 @@
 #include <math.h>  // ceil
 #include <stdarg.h>
 #include <stdint.h>
+
 #include <limits>
+#include <memory>
 #include <string>
 #include <utility>
 #include <vector>
@@ -18,13 +20,13 @@
 #include "base/json/json_writer.h"
 #include "base/logging.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
+#include "base/memory/ptr_util.h"
 #include "base/memory/weak_ptr.h"
 #include "base/run_loop.h"
 #include "base/strings/string_util.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/test/test_file_util.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/auth.h"
 #include "net/base/chunked_upload_data_stream.h"
 #include "net/base/completion_callback.h"
@@ -253,7 +255,7 @@ void AddWebSocketHeaders(HttpRequestHeaders* headers) {
   headers->SetHeader("Sec-WebSocket-Key", "dGhlIHNhbXBsZSBub25jZQ==");
 }
 
-scoped_ptr<HttpNetworkSession> CreateSession(
+std::unique_ptr<HttpNetworkSession> CreateSession(
     SpdySessionDependencies* session_deps) {
   return SpdySessionDependencies::SpdyCreateSession(session_deps);
 }
@@ -325,7 +327,7 @@ class HttpNetworkTransactionTest
 
   std::string GetAlternativeServiceHttpHeader() {
     return std::string("Alt-Svc: ") + GetAlternateProtocolFromParam() +
-           "=\"www.example.com:443\"\r\n";
+           "=\"www.example.org:443\"\r\n";
   }
 
   std::string GetAlternateProtocolHttpHeader() {
@@ -359,8 +361,8 @@ class HttpNetworkTransactionTest
 
     BoundTestNetLog log;
     session_deps_.net_log = log.bound().net_log();
-    scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-    scoped_ptr<HttpTransaction> trans(
+    std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+    std::unique_ptr<HttpTransaction> trans(
         new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
     for (size_t i = 0; i < data_count; ++i) {
@@ -599,7 +601,7 @@ class CaptureGroupNameSocketPool : public ParentPool {
   void CancelRequest(const std::string& group_name,
                      ClientSocketHandle* handle) override {}
   void ReleaseSocket(const std::string& group_name,
-                     scoped_ptr<StreamSocket> socket,
+                     std::unique_ptr<StreamSocket> socket,
                      int id) override {}
   void CloseIdleSockets() override {}
   int IdleSocketCount() const override { return 0; }
@@ -631,8 +633,7 @@ template <typename ParentPool>
 CaptureGroupNameSocketPool<ParentPool>::CaptureGroupNameSocketPool(
     HostResolver* host_resolver,
     CertVerifier* /* cert_verifier */)
-    : ParentPool(0, 0, host_resolver, NULL, NULL) {
-}
+    : ParentPool(0, 0, host_resolver, NULL, NULL, NULL) {}
 
 template <>
 CaptureGroupNameHttpProxySocketPool::CaptureGroupNameSocketPool(
@@ -669,7 +670,7 @@ bool CheckBasicServerAuth(const AuthChallengeInfo* auth_challenge) {
   if (!auth_challenge)
     return false;
   EXPECT_FALSE(auth_challenge->is_proxy);
-  EXPECT_EQ("www.example.org:80", auth_challenge->challenger.ToString());
+  EXPECT_EQ("http://www.example.org", auth_challenge->challenger.Serialize());
   EXPECT_EQ("MyRealm1", auth_challenge->realm);
   EXPECT_EQ(kBasicAuthScheme, auth_challenge->scheme);
   return true;
@@ -679,7 +680,17 @@ bool CheckBasicProxyAuth(const AuthChallengeInfo* auth_challenge) {
   if (!auth_challenge)
     return false;
   EXPECT_TRUE(auth_challenge->is_proxy);
-  EXPECT_EQ("myproxy:70", auth_challenge->challenger.ToString());
+  EXPECT_EQ("http://myproxy:70", auth_challenge->challenger.Serialize());
+  EXPECT_EQ("MyRealm1", auth_challenge->realm);
+  EXPECT_EQ(kBasicAuthScheme, auth_challenge->scheme);
+  return true;
+}
+
+bool CheckBasicSecureProxyAuth(const AuthChallengeInfo* auth_challenge) {
+  if (!auth_challenge)
+    return false;
+  EXPECT_TRUE(auth_challenge->is_proxy);
+  EXPECT_EQ("https://myproxy:70", auth_challenge->challenger.Serialize());
   EXPECT_EQ("MyRealm1", auth_challenge->realm);
   EXPECT_EQ(kBasicAuthScheme, auth_challenge->scheme);
   return true;
@@ -689,7 +700,7 @@ bool CheckDigestServerAuth(const AuthChallengeInfo* auth_challenge) {
   if (!auth_challenge)
     return false;
   EXPECT_FALSE(auth_challenge->is_proxy);
-  EXPECT_EQ("www.example.org:80", auth_challenge->challenger.ToString());
+  EXPECT_EQ("http://www.example.org", auth_challenge->challenger.Serialize());
   EXPECT_EQ("digestive", auth_challenge->realm);
   EXPECT_EQ(kDigestAuthScheme, auth_challenge->scheme);
   return true;
@@ -700,7 +711,7 @@ bool CheckNTLMServerAuth(const AuthChallengeInfo* auth_challenge) {
   if (!auth_challenge)
     return false;
   EXPECT_FALSE(auth_challenge->is_proxy);
-  EXPECT_EQ("172.22.68.17:80", auth_challenge->challenger.ToString());
+  EXPECT_EQ("http://172.22.68.17", auth_challenge->challenger.Serialize());
   EXPECT_EQ(std::string(), auth_challenge->realm);
   EXPECT_EQ(kNtlmAuthScheme, auth_challenge->scheme);
   return true;
@@ -710,8 +721,8 @@ bool CheckNTLMServerAuth(const AuthChallengeInfo* auth_challenge) {
 }  // namespace
 
 TEST_P(HttpNetworkTransactionTest, Basic) {
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 }
 
@@ -1031,8 +1042,8 @@ TEST_P(HttpNetworkTransactionTest, TwoIdenticalLocationHeaders) {
   request.url = GURL("http://redirect.com/");
   request.load_flags = 0;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   StaticSocketDataProvider data(data_reads, arraysize(data_reads), NULL, 0);
@@ -1076,8 +1087,8 @@ TEST_P(HttpNetworkTransactionTest, Head) {
   request.url = GURL("http://www.example.org/");
   request.load_flags = 0;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   BeforeProxyHeadersSentHandler proxy_headers_handler;
   trans->SetBeforeProxyHeadersSentCallback(
@@ -1135,7 +1146,7 @@ TEST_P(HttpNetworkTransactionTest, Head) {
 }
 
 TEST_P(HttpNetworkTransactionTest, ReuseConnection) {
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   MockRead data_reads[] = {
     MockRead("HTTP/1.1 200 OK\r\nContent-Length: 5\r\n\r\n"),
@@ -1157,7 +1168,7 @@ TEST_P(HttpNetworkTransactionTest, ReuseConnection) {
     request.url = GURL("http://www.example.org/");
     request.load_flags = 0;
 
-    scoped_ptr<HttpTransaction> trans(
+    std::unique_ptr<HttpTransaction> trans(
         new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
     TestCompletionCallback callback;
@@ -1183,9 +1194,9 @@ TEST_P(HttpNetworkTransactionTest, ReuseConnection) {
 }
 
 TEST_P(HttpNetworkTransactionTest, Ignores100) {
-  std::vector<scoped_ptr<UploadElementReader>> element_readers;
+  std::vector<std::unique_ptr<UploadElementReader>> element_readers;
   element_readers.push_back(
-      make_scoped_ptr(new UploadBytesElementReader("foo", 3)));
+      base::WrapUnique(new UploadBytesElementReader("foo", 3)));
   ElementsUploadDataStream upload_data_stream(std::move(element_readers), 0);
 
   HttpRequestInfo request;
@@ -1194,8 +1205,8 @@ TEST_P(HttpNetworkTransactionTest, Ignores100) {
   request.upload_data_stream = &upload_data_stream;
   request.load_flags = 0;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   MockRead data_reads[] = {
@@ -1236,8 +1247,8 @@ TEST_P(HttpNetworkTransactionTest, Ignores1xx) {
   request.url = GURL("http://www.foo.com/");
   request.load_flags = 0;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   MockRead data_reads[] = {
@@ -1275,8 +1286,8 @@ TEST_P(HttpNetworkTransactionTest, Incomplete100ThenEOF) {
   request.url = GURL("http://www.foo.com/");
   request.load_flags = 0;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   MockRead data_reads[] = {
@@ -1306,8 +1317,8 @@ TEST_P(HttpNetworkTransactionTest, EmptyResponse) {
   request.url = GURL("http://www.foo.com/");
   request.load_flags = 0;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   MockRead data_reads[] = {
@@ -1335,7 +1346,7 @@ void HttpNetworkTransactionTest::KeepAliveConnectionResendRequestTest(
 
   TestNetLog net_log;
   session_deps_.net_log = &net_log;
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   // Written data for successfully sending both requests.
   MockWrite data1_writes[] = {
@@ -1382,7 +1393,7 @@ void HttpNetworkTransactionTest::KeepAliveConnectionResendRequestTest(
   for (int i = 0; i < 2; ++i) {
     TestCompletionCallback callback;
 
-    scoped_ptr<HttpTransaction> trans(
+    std::unique_ptr<HttpTransaction> trans(
         new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
     int rv = trans->Start(&request, callback.callback(), BoundNetLog());
@@ -1425,7 +1436,7 @@ void HttpNetworkTransactionTest::PreconnectErrorResendRequestTest(
 
   TestNetLog net_log;
   session_deps_.net_log = &net_log;
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   SSLSocketDataProvider ssl1(ASYNC, OK);
   SSLSocketDataProvider ssl2(ASYNC, OK);
@@ -1437,11 +1448,11 @@ void HttpNetworkTransactionTest::PreconnectErrorResendRequestTest(
   session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl2);
 
   // SPDY versions of the request and response.
-  scoped_ptr<SpdySerializedFrame> spdy_request(spdy_util_.ConstructSpdyGet(
+  std::unique_ptr<SpdySerializedFrame> spdy_request(spdy_util_.ConstructSpdyGet(
       request.url.spec().c_str(), 1, DEFAULT_PRIORITY));
-  scoped_ptr<SpdySerializedFrame> spdy_response(
+  std::unique_ptr<SpdySerializedFrame> spdy_response(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> spdy_data(
+  std::unique_ptr<SpdySerializedFrame> spdy_data(
       spdy_util_.ConstructSpdyBodyFrame(1, "hello", 5, true));
 
   // HTTP/1.1 versions of the request and response.
@@ -1494,12 +1505,7 @@ void HttpNetworkTransactionTest::PreconnectErrorResendRequestTest(
   session_deps_.socket_factory->AddSocketDataProvider(&data2);
 
   // Preconnect a socket.
-  SSLConfig ssl_config;
-  session->ssl_config_service()->GetSSLConfig(&ssl_config);
-  session->GetAlpnProtos(&ssl_config.alpn_protos);
-  session->GetNpnProtos(&ssl_config.npn_protos);
-  session->http_stream_factory()->PreconnectStreams(1, request, ssl_config,
-                                                    ssl_config);
+  session->http_stream_factory()->PreconnectStreams(1, request);
   // Wait for the preconnect to complete.
   // TODO(davidben): Some way to wait for an idle socket count might be handy.
   base::RunLoop().RunUntilIdle();
@@ -1508,7 +1514,7 @@ void HttpNetworkTransactionTest::PreconnectErrorResendRequestTest(
   // Make the request.
   TestCompletionCallback callback;
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   int rv = trans->Start(&request, callback.callback(), BoundNetLog());
@@ -1626,8 +1632,8 @@ TEST_P(HttpNetworkTransactionTest, NonKeepAliveConnectionReset) {
   request.url = GURL("http://www.example.org/");
   request.load_flags = 0;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   MockRead data_reads[] = {
@@ -1680,8 +1686,8 @@ TEST_P(HttpNetworkTransactionTest, ThrottleBeforeNetworkStart) {
   request.url = GURL("http://www.example.org/");
   request.load_flags = 0;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   // Defer on OnBeforeNetworkStart.
@@ -1729,8 +1735,8 @@ TEST_P(HttpNetworkTransactionTest, ThrottleAndCancelBeforeNetworkStart) {
   request.url = GURL("http://www.example.org/");
   request.load_flags = 0;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   // Defer on OnBeforeNetworkStart.
@@ -1760,8 +1766,8 @@ TEST_P(HttpNetworkTransactionTest, KeepAliveEarlyClose) {
   request.url = GURL("http://www.example.org/");
   request.load_flags = 0;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   MockRead data_reads[] = {
@@ -1801,8 +1807,8 @@ TEST_P(HttpNetworkTransactionTest, KeepAliveEarlyClose2) {
   request.url = GURL("http://www.example.org/");
   request.load_flags = 0;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   MockRead data_reads[] = {
@@ -1843,7 +1849,7 @@ TEST_P(HttpNetworkTransactionTest, KeepAliveAfterUnreadBody) {
 
   TestNetLog net_log;
   session_deps_.net_log = &net_log;
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   const char* request_data =
       "GET / HTTP/1.1\r\n"
@@ -1910,7 +1916,7 @@ TEST_P(HttpNetworkTransactionTest, KeepAliveAfterUnreadBody) {
   for (size_t i = 0; i < kNumUnreadBodies; ++i) {
     TestCompletionCallback callback;
 
-    scoped_ptr<HttpTransaction> trans(
+    std::unique_ptr<HttpTransaction> trans(
         new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
     int rv = trans->Start(&request, callback.callback(), BoundNetLog());
@@ -1957,7 +1963,7 @@ TEST_P(HttpNetworkTransactionTest, KeepAliveAfterUnreadBody) {
     EXPECT_EQ(kStatusLines[i], response_lines[i]);
 
   TestCompletionCallback callback;
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   int rv = trans->Start(&request, callback.callback(), BoundNetLog());
   EXPECT_EQ(OK, callback.GetResult(rv));
@@ -1981,8 +1987,8 @@ TEST_P(HttpNetworkTransactionTest, BasicAuth) {
 
   TestNetLog log;
   session_deps_.net_log = &log;
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   MockWrite data_writes1[] = {
@@ -2092,8 +2098,8 @@ TEST_P(HttpNetworkTransactionTest, BasicAuthWithAddressChange) {
   MockHostResolver* resolver = new MockHostResolver();
   session_deps_.net_log = &log;
   session_deps_.host_resolver.reset(resolver);
-  scoped_ptr<HttpNetworkSession> session = CreateSession(&session_deps_);
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session = CreateSession(&session_deps_);
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   resolver->rules()->ClearRules();
@@ -2202,8 +2208,8 @@ TEST_P(HttpNetworkTransactionTest, DoNotSendAuth) {
   request.url = GURL("http://www.example.org/");
   request.load_flags = LOAD_DO_NOT_SEND_AUTH_DATA;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   MockWrite data_writes[] = {
@@ -2257,7 +2263,7 @@ TEST_P(HttpNetworkTransactionTest, BasicAuthKeepAlive) {
 
     TestNetLog log;
     session_deps_.net_log = &log;
-    scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+    std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
     MockWrite data_writes[] = {
         MockWrite(ASYNC, 0,
@@ -2295,7 +2301,7 @@ TEST_P(HttpNetworkTransactionTest, BasicAuthKeepAlive) {
 
     TestCompletionCallback callback1;
 
-    scoped_ptr<HttpTransaction> trans(
+    std::unique_ptr<HttpTransaction> trans(
         new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
     int rv = trans->Start(&request, callback1.callback(), BoundNetLog());
     ASSERT_EQ(OK, callback1.GetResult(rv));
@@ -2346,7 +2352,7 @@ TEST_P(HttpNetworkTransactionTest, BasicAuthKeepAliveNoBody) {
   request.url = GURL("http://www.example.org/");
   request.load_flags = 0;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   MockWrite data_writes1[] = {
       MockWrite(
@@ -2389,7 +2395,7 @@ TEST_P(HttpNetworkTransactionTest, BasicAuthKeepAliveNoBody) {
 
   TestCompletionCallback callback1;
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   int rv = trans->Start(&request, callback1.callback(), BoundNetLog());
   EXPECT_EQ(ERR_IO_PENDING, rv);
@@ -2424,7 +2430,7 @@ TEST_P(HttpNetworkTransactionTest, BasicAuthKeepAliveLargeBody) {
   request.url = GURL("http://www.example.org/");
   request.load_flags = 0;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   MockWrite data_writes1[] = {
       MockWrite(
@@ -2475,7 +2481,7 @@ TEST_P(HttpNetworkTransactionTest, BasicAuthKeepAliveLargeBody) {
 
   TestCompletionCallback callback1;
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   int rv = trans->Start(&request, callback1.callback(), BoundNetLog());
   EXPECT_EQ(ERR_IO_PENDING, rv);
@@ -2510,7 +2516,7 @@ TEST_P(HttpNetworkTransactionTest, BasicAuthKeepAliveImpatientServer) {
   request.url = GURL("http://www.example.org/");
   request.load_flags = 0;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   MockWrite data_writes1[] = {
       MockWrite(
@@ -2564,7 +2570,7 @@ TEST_P(HttpNetworkTransactionTest, BasicAuthKeepAliveImpatientServer) {
 
   TestCompletionCallback callback1;
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   int rv = trans->Start(&request, callback1.callback(), BoundNetLog());
   EXPECT_EQ(ERR_IO_PENDING, rv);
@@ -2605,7 +2611,7 @@ TEST_P(HttpNetworkTransactionTest, BasicAuthProxyNoKeepAliveHttp10) {
       ProxyService::CreateFixedFromPacResult("PROXY myproxy:70");
   BoundTestNetLog log;
   session_deps_.net_log = log.bound().net_log();
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   // Since we have proxy, should try to establish tunnel.
   MockWrite data_writes1[] = {
@@ -2657,7 +2663,7 @@ TEST_P(HttpNetworkTransactionTest, BasicAuthProxyNoKeepAliveHttp10) {
 
   TestCompletionCallback callback1;
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   int rv = trans->Start(&request, callback1.callback(), log.bound());
@@ -2729,7 +2735,7 @@ TEST_P(HttpNetworkTransactionTest, BasicAuthProxyNoKeepAliveHttp11) {
       ProxyService::CreateFixedFromPacResult("PROXY myproxy:70");
   BoundTestNetLog log;
   session_deps_.net_log = log.bound().net_log();
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   // Since we have proxy, should try to establish tunnel.
   MockWrite data_writes1[] = {
@@ -2780,7 +2786,7 @@ TEST_P(HttpNetworkTransactionTest, BasicAuthProxyNoKeepAliveHttp11) {
 
   TestCompletionCallback callback1;
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   int rv = trans->Start(&request, callback1.callback(), log.bound());
@@ -2857,9 +2863,9 @@ TEST_P(HttpNetworkTransactionTest, BasicAuthProxyKeepAliveHttp10) {
     session_deps_.proxy_service = ProxyService::CreateFixed("myproxy:70");
     BoundTestNetLog log;
     session_deps_.net_log = log.bound().net_log();
-    scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+    std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
-    scoped_ptr<HttpTransaction> trans(
+    std::unique_ptr<HttpTransaction> trans(
         new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
     // Since we have proxy, should try to establish tunnel.
@@ -2968,9 +2974,9 @@ TEST_P(HttpNetworkTransactionTest, BasicAuthProxyKeepAliveHttp11) {
     session_deps_.proxy_service = ProxyService::CreateFixed("myproxy:70");
     BoundTestNetLog log;
     session_deps_.net_log = log.bound().net_log();
-    scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+    std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
-    scoped_ptr<HttpTransaction> trans(
+    std::unique_ptr<HttpTransaction> trans(
         new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
     // Since we have proxy, should try to establish tunnel.
@@ -3075,7 +3081,7 @@ TEST_P(HttpNetworkTransactionTest, BasicAuthProxyKeepAliveExtraData) {
       ProxyService::CreateFixedFromPacResult("PROXY myproxy:70");
   BoundTestNetLog log;
   session_deps_.net_log = log.bound().net_log();
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   // Since we have proxy, should try to establish tunnel.
   MockWrite data_writes1[] = {
@@ -3135,7 +3141,7 @@ TEST_P(HttpNetworkTransactionTest, BasicAuthProxyKeepAliveExtraData) {
 
   TestCompletionCallback callback1;
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   int rv = trans->Start(&request, callback1.callback(), log.bound());
@@ -3198,9 +3204,9 @@ TEST_P(HttpNetworkTransactionTest, BasicAuthProxyKeepAliveHangupDuringBody) {
 
   // Configure against proxy server "myproxy:70".
   session_deps_.proxy_service = ProxyService::CreateFixed("myproxy:70");
-  scoped_ptr<HttpNetworkSession> session = CreateSession(&session_deps_);
+  std::unique_ptr<HttpNetworkSession> session = CreateSession(&session_deps_);
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   // Since we have proxy, should try to establish tunnel.
@@ -3288,9 +3294,9 @@ TEST_P(HttpNetworkTransactionTest, BasicAuthProxyCancelTunnel) {
   // Configure against proxy server "myproxy:70".
   session_deps_.proxy_service = ProxyService::CreateFixed("myproxy:70");
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   // Since we have proxy, should try to establish tunnel.
@@ -3347,9 +3353,9 @@ TEST_P(HttpNetworkTransactionTest, SanitizeProxyAuthHeaders) {
   // Configure against proxy server "myproxy:70".
   session_deps_.proxy_service = ProxyService::CreateFixed("myproxy:70");
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   // Since we have proxy, should try to establish tunnel.
@@ -3407,8 +3413,8 @@ TEST_P(HttpNetworkTransactionTest, UnexpectedProxyAuth) {
   request.load_flags = 0;
 
   // We are using a DIRECT connection (i.e. no proxy) for this session.
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   MockWrite data_writes1[] = {
@@ -3455,7 +3461,7 @@ TEST_P(HttpNetworkTransactionTest,
   session_deps_.proxy_service = ProxyService::CreateFixed("myproxy:70");
   BoundTestNetLog log;
   session_deps_.net_log = log.bound().net_log();
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   // Since we have proxy, should try to establish tunnel.
   MockWrite data_writes1[] = {
@@ -3485,7 +3491,7 @@ TEST_P(HttpNetworkTransactionTest,
 
   TestCompletionCallback callback1;
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   int rv = trans->Start(&request, callback1.callback(), log.bound());
@@ -3516,10 +3522,10 @@ TEST_P(HttpNetworkTransactionTest,
   session_deps_.proxy_service =
       ProxyService::CreateFixedFromPacResult("PROXY myproxy:70");
 
-  scoped_ptr<HttpAuthHandlerMock::Factory> auth_handler_factory(
+  std::unique_ptr<HttpAuthHandlerMock::Factory> auth_handler_factory(
       new HttpAuthHandlerMock::Factory());
   auth_handler_factory->set_do_init_from_challenge(true);
-  scoped_ptr<HttpAuthHandlerMock> mock_handler(new HttpAuthHandlerMock());
+  std::unique_ptr<HttpAuthHandlerMock> mock_handler(new HttpAuthHandlerMock());
   mock_handler->set_allows_default_credentials(true);
   auth_handler_factory->AddMockHandler(mock_handler.release(),
                                        HttpAuth::AUTH_PROXY);
@@ -3528,7 +3534,7 @@ TEST_P(HttpNetworkTransactionTest,
   // Add NetLog just so can verify load timing information gets a NetLog ID.
   NetLog net_log;
   session_deps_.net_log = &net_log;
-  scoped_ptr<HttpNetworkSession> session = CreateSession(&session_deps_);
+  std::unique_ptr<HttpNetworkSession> session = CreateSession(&session_deps_);
 
   // Since we have proxy, should try to establish tunnel.
   MockWrite data_writes1[] = {
@@ -3579,7 +3585,7 @@ TEST_P(HttpNetworkTransactionTest,
   SSLSocketDataProvider ssl(ASYNC, OK);
   session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl);
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   TestCompletionCallback callback;
@@ -3633,10 +3639,10 @@ TEST_P(HttpNetworkTransactionTest,
   session_deps_.proxy_service =
       ProxyService::CreateFixedFromPacResult("PROXY myproxy:70");
 
-  scoped_ptr<HttpAuthHandlerMock::Factory> auth_handler_factory(
+  std::unique_ptr<HttpAuthHandlerMock::Factory> auth_handler_factory(
       new HttpAuthHandlerMock::Factory());
   auth_handler_factory->set_do_init_from_challenge(true);
-  scoped_ptr<HttpAuthHandlerMock> mock_handler(new HttpAuthHandlerMock());
+  std::unique_ptr<HttpAuthHandlerMock> mock_handler(new HttpAuthHandlerMock());
   mock_handler->set_allows_default_credentials(true);
   auth_handler_factory->AddMockHandler(mock_handler.release(),
                                        HttpAuth::AUTH_PROXY);
@@ -3645,7 +3651,7 @@ TEST_P(HttpNetworkTransactionTest,
   // Add NetLog just so can verify load timing information gets a NetLog ID.
   NetLog net_log;
   session_deps_.net_log = &net_log;
-  scoped_ptr<HttpNetworkSession> session = CreateSession(&session_deps_);
+  std::unique_ptr<HttpNetworkSession> session = CreateSession(&session_deps_);
 
   // Should try to establish tunnel.
   MockWrite data_writes1[] = {
@@ -3699,7 +3705,7 @@ TEST_P(HttpNetworkTransactionTest,
   SSLSocketDataProvider ssl(ASYNC, OK);
   session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl);
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   TestCompletionCallback callback;
@@ -3755,10 +3761,10 @@ TEST_P(HttpNetworkTransactionTest,
   session_deps_.proxy_service =
       ProxyService::CreateFixedFromPacResult("PROXY myproxy:70");
 
-  scoped_ptr<HttpAuthHandlerMock::Factory> auth_handler_factory(
+  std::unique_ptr<HttpAuthHandlerMock::Factory> auth_handler_factory(
       new HttpAuthHandlerMock::Factory());
   auth_handler_factory->set_do_init_from_challenge(true);
-  scoped_ptr<HttpAuthHandlerMock> mock_handler(new HttpAuthHandlerMock());
+  std::unique_ptr<HttpAuthHandlerMock> mock_handler(new HttpAuthHandlerMock());
   mock_handler->set_allows_default_credentials(true);
   auth_handler_factory->AddMockHandler(mock_handler.release(),
                                        HttpAuth::AUTH_PROXY);
@@ -3767,7 +3773,7 @@ TEST_P(HttpNetworkTransactionTest,
   // Add NetLog just so can verify load timing information gets a NetLog ID.
   NetLog net_log;
   session_deps_.net_log = &net_log;
-  scoped_ptr<HttpNetworkSession> session = CreateSession(&session_deps_);
+  std::unique_ptr<HttpNetworkSession> session = CreateSession(&session_deps_);
 
   // Should try to establish tunnel.
   MockWrite data_writes1[] = {
@@ -3814,7 +3820,7 @@ TEST_P(HttpNetworkTransactionTest,
                                  data_writes2, arraysize(data_writes2));
   session_deps_.socket_factory->AddSocketDataProvider(&data2);
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   TestCompletionCallback callback;
@@ -3853,10 +3859,10 @@ TEST_P(HttpNetworkTransactionTest,
   session_deps_.proxy_service =
       ProxyService::CreateFixedFromPacResult("PROXY myproxy:70");
 
-  scoped_ptr<HttpAuthHandlerMock::Factory> auth_handler_factory(
+  std::unique_ptr<HttpAuthHandlerMock::Factory> auth_handler_factory(
       new HttpAuthHandlerMock::Factory());
   auth_handler_factory->set_do_init_from_challenge(true);
-  scoped_ptr<HttpAuthHandlerMock> mock_handler(new HttpAuthHandlerMock());
+  std::unique_ptr<HttpAuthHandlerMock> mock_handler(new HttpAuthHandlerMock());
   mock_handler->set_allows_default_credentials(true);
   auth_handler_factory->AddMockHandler(mock_handler.release(),
                                        HttpAuth::AUTH_PROXY);
@@ -3871,7 +3877,7 @@ TEST_P(HttpNetworkTransactionTest,
   // Add NetLog just so can verify load timing information gets a NetLog ID.
   NetLog net_log;
   session_deps_.net_log = &net_log;
-  scoped_ptr<HttpNetworkSession> session = CreateSession(&session_deps_);
+  std::unique_ptr<HttpNetworkSession> session = CreateSession(&session_deps_);
 
   // Should try to establish tunnel.
   MockWrite data_writes1[] = {
@@ -3913,7 +3919,7 @@ TEST_P(HttpNetworkTransactionTest,
   SSLSocketDataProvider ssl(ASYNC, OK);
   session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl);
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   TestCompletionCallback callback;
@@ -3958,7 +3964,7 @@ TEST_P(HttpNetworkTransactionTest, HttpProxyLoadTimingNoPacTwoRequests) {
   session_deps_.proxy_service = ProxyService::CreateFixed("PROXY myproxy:70");
   BoundTestNetLog log;
   session_deps_.net_log = log.bound().net_log();
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   // Since we have proxy, should try to establish tunnel.
   MockWrite data_writes1[] = {
@@ -3996,7 +4002,7 @@ TEST_P(HttpNetworkTransactionTest, HttpProxyLoadTimingNoPacTwoRequests) {
   session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl);
 
   TestCompletionCallback callback1;
-  scoped_ptr<HttpTransaction> trans1(
+  std::unique_ptr<HttpTransaction> trans1(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   int rv = trans1->Start(&request1, callback1.callback(), log.bound());
@@ -4017,7 +4023,7 @@ TEST_P(HttpNetworkTransactionTest, HttpProxyLoadTimingNoPacTwoRequests) {
   trans1.reset();
 
   TestCompletionCallback callback2;
-  scoped_ptr<HttpTransaction> trans2(
+  std::unique_ptr<HttpTransaction> trans2(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   rv = trans2->Start(&request2, callback2.callback(), log.bound());
@@ -4056,7 +4062,7 @@ TEST_P(HttpNetworkTransactionTest, HttpProxyLoadTimingWithPacTwoRequests) {
       ProxyService::CreateFixedFromPacResult("PROXY myproxy:70");
   BoundTestNetLog log;
   session_deps_.net_log = log.bound().net_log();
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   // Since we have proxy, should try to establish tunnel.
   MockWrite data_writes1[] = {
@@ -4094,7 +4100,7 @@ TEST_P(HttpNetworkTransactionTest, HttpProxyLoadTimingWithPacTwoRequests) {
   session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl);
 
   TestCompletionCallback callback1;
-  scoped_ptr<HttpTransaction> trans1(
+  std::unique_ptr<HttpTransaction> trans1(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   int rv = trans1->Start(&request1, callback1.callback(), log.bound());
@@ -4116,7 +4122,7 @@ TEST_P(HttpNetworkTransactionTest, HttpProxyLoadTimingWithPacTwoRequests) {
   trans1.reset();
 
   TestCompletionCallback callback2;
-  scoped_ptr<HttpTransaction> trans2(
+  std::unique_ptr<HttpTransaction> trans2(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   rv = trans2->Start(&request2, callback2.callback(), log.bound());
@@ -4150,7 +4156,7 @@ TEST_P(HttpNetworkTransactionTest, HttpsProxyGet) {
   session_deps_.proxy_service = ProxyService::CreateFixed("https://proxy:70");
   BoundTestNetLog log;
   session_deps_.net_log = log.bound().net_log();
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   // Since we have proxy, should use full url
   MockWrite data_writes1[] = {
@@ -4175,7 +4181,7 @@ TEST_P(HttpNetworkTransactionTest, HttpsProxyGet) {
 
   TestCompletionCallback callback1;
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   int rv = trans->Start(&request, callback1.callback(), log.bound());
@@ -4212,16 +4218,16 @@ TEST_P(HttpNetworkTransactionTest, HttpsProxySpdyGet) {
   session_deps_.proxy_service = ProxyService::CreateFixed("https://proxy:70");
   BoundTestNetLog log;
   session_deps_.net_log = log.bound().net_log();
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   // fetch http://www.example.org/ via SPDY
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, false));
   MockWrite spdy_writes[] = {CreateMockWrite(*req, 0)};
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 1));
-  scoped_ptr<SpdySerializedFrame> data(
+  std::unique_ptr<SpdySerializedFrame> data(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockRead spdy_reads[] = {
       CreateMockRead(*resp, 1), CreateMockRead(*data, 2), MockRead(ASYNC, 0, 3),
@@ -4237,7 +4243,7 @@ TEST_P(HttpNetworkTransactionTest, HttpsProxySpdyGet) {
 
   TestCompletionCallback callback1;
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   int rv = trans->Start(&request, callback1.callback(), log.bound());
@@ -4274,16 +4280,16 @@ TEST_P(HttpNetworkTransactionTest, HttpsProxySpdyGetWithSessionRace) {
   session_deps_.proxy_service = ProxyService::CreateFixed("https://proxy:70");
   BoundTestNetLog log;
   session_deps_.net_log = log.bound().net_log();
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   // Fetch http://www.example.org/ through the SPDY proxy.
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, false));
   MockWrite spdy_writes[] = {CreateMockWrite(*req, 0)};
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> data(
+  std::unique_ptr<SpdySerializedFrame> data(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockRead spdy_reads[] = {
       CreateMockRead(*resp, 1), CreateMockRead(*data, 2), MockRead(ASYNC, 0, 3),
@@ -4299,7 +4305,7 @@ TEST_P(HttpNetworkTransactionTest, HttpsProxySpdyGetWithSessionRace) {
 
   TestCompletionCallback callback1;
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   // Stall the hostname resolution begun by the transaction.
@@ -4345,17 +4351,17 @@ TEST_P(HttpNetworkTransactionTest, HttpsProxySpdyGetWithProxyAuth) {
   session_deps_.proxy_service = ProxyService::CreateFixed("https://myproxy:70");
   BoundTestNetLog log;
   session_deps_.net_log = log.bound().net_log();
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   // The first request will be a bare GET, the second request will be a
   // GET with a Proxy-Authorization header.
-  scoped_ptr<SpdySerializedFrame> req_get(
+  std::unique_ptr<SpdySerializedFrame> req_get(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, false));
   spdy_util_.UpdateWithStreamDestruction(1);
   const char* const kExtraAuthorizationHeaders[] = {
     "proxy-authorization", "Basic Zm9vOmJhcg=="
   };
-  scoped_ptr<SpdySerializedFrame> req_get_authorization(
+  std::unique_ptr<SpdySerializedFrame> req_get_authorization(
       spdy_util_.ConstructSpdyGet(kExtraAuthorizationHeaders,
                                   arraysize(kExtraAuthorizationHeaders) / 2, 3,
                                   LOWEST, false));
@@ -4369,15 +4375,15 @@ TEST_P(HttpNetworkTransactionTest, HttpsProxySpdyGetWithProxyAuth) {
   const char* const kExtraAuthenticationHeaders[] = {
     "proxy-authenticate", "Basic realm=\"MyRealm1\""
   };
-  scoped_ptr<SpdySerializedFrame> resp_authentication(
+  std::unique_ptr<SpdySerializedFrame> resp_authentication(
       spdy_util_.ConstructSpdySynReplyError(
           "407 Proxy Authentication Required", kExtraAuthenticationHeaders,
           arraysize(kExtraAuthenticationHeaders) / 2, 1));
-  scoped_ptr<SpdySerializedFrame> body_authentication(
+  std::unique_ptr<SpdySerializedFrame> body_authentication(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
-  scoped_ptr<SpdySerializedFrame> resp_data(
+  std::unique_ptr<SpdySerializedFrame> resp_data(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 3));
-  scoped_ptr<SpdySerializedFrame> body_data(
+  std::unique_ptr<SpdySerializedFrame> body_data(
       spdy_util_.ConstructSpdyBodyFrame(3, true));
   MockRead spdy_reads[] = {
       CreateMockRead(*resp_authentication, 1),
@@ -4397,7 +4403,7 @@ TEST_P(HttpNetworkTransactionTest, HttpsProxySpdyGetWithProxyAuth) {
 
   TestCompletionCallback callback1;
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   int rv = trans->Start(&request, callback1.callback(), log.bound());
@@ -4412,7 +4418,7 @@ TEST_P(HttpNetworkTransactionTest, HttpsProxySpdyGetWithProxyAuth) {
   ASSERT_TRUE(response->headers.get() != NULL);
   EXPECT_EQ(407, response->headers->response_code());
   EXPECT_TRUE(response->was_fetched_via_spdy);
-  EXPECT_TRUE(CheckBasicProxyAuth(response->auth_challenge.get()));
+  EXPECT_TRUE(CheckBasicSecureProxyAuth(response->auth_challenge.get()));
 
   TestCompletionCallback callback2;
 
@@ -4443,13 +4449,13 @@ TEST_P(HttpNetworkTransactionTest, HttpsProxySpdyConnectHttps) {
   session_deps_.proxy_service = ProxyService::CreateFixed("https://proxy:70");
   BoundTestNetLog log;
   session_deps_.net_log = log.bound().net_log();
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   // CONNECT to www.example.org:443 via SPDY
-  scoped_ptr<SpdySerializedFrame> connect(spdy_util_.ConstructSpdyConnect(
+  std::unique_ptr<SpdySerializedFrame> connect(spdy_util_.ConstructSpdyConnect(
       NULL, 0, 1, LOWEST, HostPortPair("www.example.org", 443)));
   // fetch https://www.example.org/ via HTTP
 
@@ -4457,17 +4463,17 @@ TEST_P(HttpNetworkTransactionTest, HttpsProxySpdyConnectHttps) {
       "GET / HTTP/1.1\r\n"
       "Host: www.example.org\r\n"
       "Connection: keep-alive\r\n\r\n";
-  scoped_ptr<SpdySerializedFrame> wrapped_get(
+  std::unique_ptr<SpdySerializedFrame> wrapped_get(
       spdy_util_.ConstructSpdyBodyFrame(1, get, strlen(get), false));
-  scoped_ptr<SpdySerializedFrame> conn_resp(
+  std::unique_ptr<SpdySerializedFrame> conn_resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
   const char resp[] = "HTTP/1.1 200 OK\r\n"
       "Content-Length: 10\r\n\r\n";
-  scoped_ptr<SpdySerializedFrame> wrapped_get_resp(
+  std::unique_ptr<SpdySerializedFrame> wrapped_get_resp(
       spdy_util_.ConstructSpdyBodyFrame(1, resp, strlen(resp), false));
-  scoped_ptr<SpdySerializedFrame> wrapped_body(
+  std::unique_ptr<SpdySerializedFrame> wrapped_body(
       spdy_util_.ConstructSpdyBodyFrame(1, "1234567890", 10, false));
-  scoped_ptr<SpdySerializedFrame> window_update(
+  std::unique_ptr<SpdySerializedFrame> window_update(
       spdy_util_.ConstructSpdyWindowUpdate(1, wrapped_get_resp->size()));
 
   MockWrite spdy_writes[] = {
@@ -4529,33 +4535,33 @@ TEST_P(HttpNetworkTransactionTest, HttpsProxySpdyConnectSpdy) {
   session_deps_.proxy_service = ProxyService::CreateFixed("https://proxy:70");
   BoundTestNetLog log;
   session_deps_.net_log = log.bound().net_log();
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   // CONNECT to www.example.org:443 via SPDY
-  scoped_ptr<SpdySerializedFrame> connect(spdy_util_.ConstructSpdyConnect(
+  std::unique_ptr<SpdySerializedFrame> connect(spdy_util_.ConstructSpdyConnect(
       NULL, 0, 1, LOWEST, HostPortPair("www.example.org", 443)));
   // fetch https://www.example.org/ via SPDY
   const char kMyUrl[] = "https://www.example.org/";
-  scoped_ptr<SpdySerializedFrame> get(
+  std::unique_ptr<SpdySerializedFrame> get(
       spdy_util_wrapped.ConstructSpdyGet(kMyUrl, 1, LOWEST));
-  scoped_ptr<SpdySerializedFrame> wrapped_get(
+  std::unique_ptr<SpdySerializedFrame> wrapped_get(
       spdy_util_.ConstructWrappedSpdyFrame(get, 1));
-  scoped_ptr<SpdySerializedFrame> conn_resp(
+  std::unique_ptr<SpdySerializedFrame> conn_resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> get_resp(
+  std::unique_ptr<SpdySerializedFrame> get_resp(
       spdy_util_wrapped.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> wrapped_get_resp(
+  std::unique_ptr<SpdySerializedFrame> wrapped_get_resp(
       spdy_util_.ConstructWrappedSpdyFrame(get_resp, 1));
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       spdy_util_wrapped.ConstructSpdyBodyFrame(1, true));
-  scoped_ptr<SpdySerializedFrame> wrapped_body(
+  std::unique_ptr<SpdySerializedFrame> wrapped_body(
       spdy_util_.ConstructWrappedSpdyFrame(body, 1));
-  scoped_ptr<SpdySerializedFrame> window_update_get_resp(
+  std::unique_ptr<SpdySerializedFrame> window_update_get_resp(
       spdy_util_.ConstructSpdyWindowUpdate(1, wrapped_get_resp->size()));
-  scoped_ptr<SpdySerializedFrame> window_update_body(
+  std::unique_ptr<SpdySerializedFrame> window_update_body(
       spdy_util_.ConstructSpdyWindowUpdate(1, wrapped_body->size()));
 
   MockWrite spdy_writes[] = {
@@ -4621,24 +4627,24 @@ TEST_P(HttpNetworkTransactionTest, HttpsProxySpdyConnectFailure) {
   session_deps_.proxy_service = ProxyService::CreateFixed("https://proxy:70");
   BoundTestNetLog log;
   session_deps_.net_log = log.bound().net_log();
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   // CONNECT to www.example.org:443 via SPDY
-  scoped_ptr<SpdySerializedFrame> connect(spdy_util_.ConstructSpdyConnect(
+  std::unique_ptr<SpdySerializedFrame> connect(spdy_util_.ConstructSpdyConnect(
       NULL, 0, 1, LOWEST, HostPortPair("www.example.org", 443)));
-  scoped_ptr<SpdySerializedFrame> get(
+  std::unique_ptr<SpdySerializedFrame> get(
       spdy_util_.ConstructSpdyRstStream(1, RST_STREAM_CANCEL));
 
   MockWrite spdy_writes[] = {
       CreateMockWrite(*connect, 0), CreateMockWrite(*get, 2),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdySynReplyError(1));
-  scoped_ptr<SpdySerializedFrame> data(
+  std::unique_ptr<SpdySerializedFrame> data(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockRead spdy_reads[] = {
       CreateMockRead(*resp, 1, ASYNC), MockRead(ASYNC, 0, 3),
@@ -4663,7 +4669,7 @@ TEST_P(HttpNetworkTransactionTest, HttpsProxySpdyConnectFailure) {
   rv = callback1.WaitForResult();
   EXPECT_EQ(ERR_TUNNEL_CONNECTION_FAILED, rv);
 
-  // TODO(ttuttle): Anything else to check here?
+  // TODO(juliatuttle): Anything else to check here?
 }
 
 // Test load timing in the case of two HTTPS (non-SPDY) requests through a SPDY
@@ -4674,7 +4680,7 @@ TEST_P(HttpNetworkTransactionTest,
   session_deps_.proxy_service = ProxyService::CreateFixed("https://proxy:70");
   BoundTestNetLog log;
   session_deps_.net_log = log.bound().net_log();
-  scoped_ptr<HttpNetworkSession> session(
+  std::unique_ptr<HttpNetworkSession> session(
       SpdySessionDependencies::SpdyCreateSession(&session_deps_));
 
   HttpRequestInfo request1;
@@ -4688,9 +4694,9 @@ TEST_P(HttpNetworkTransactionTest,
   request2.load_flags = 0;
 
   // CONNECT to www.example.org:443 via SPDY.
-  scoped_ptr<SpdySerializedFrame> connect1(spdy_util_.ConstructSpdyConnect(
+  std::unique_ptr<SpdySerializedFrame> connect1(spdy_util_.ConstructSpdyConnect(
       NULL, 0, 1, LOWEST, HostPortPair("www.example.org", 443)));
-  scoped_ptr<SpdySerializedFrame> conn_resp1(
+  std::unique_ptr<SpdySerializedFrame> conn_resp1(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
 
   // Fetch https://www.example.org/ via HTTP.
@@ -4698,15 +4704,15 @@ TEST_P(HttpNetworkTransactionTest,
       "GET / HTTP/1.1\r\n"
       "Host: www.example.org\r\n"
       "Connection: keep-alive\r\n\r\n";
-  scoped_ptr<SpdySerializedFrame> wrapped_get1(
+  std::unique_ptr<SpdySerializedFrame> wrapped_get1(
       spdy_util_.ConstructSpdyBodyFrame(1, get1, strlen(get1), false));
   const char resp1[] = "HTTP/1.1 200 OK\r\n"
       "Content-Length: 1\r\n\r\n";
-  scoped_ptr<SpdySerializedFrame> wrapped_get_resp1(
+  std::unique_ptr<SpdySerializedFrame> wrapped_get_resp1(
       spdy_util_.ConstructSpdyBodyFrame(1, resp1, strlen(resp1), false));
-  scoped_ptr<SpdySerializedFrame> wrapped_body1(
+  std::unique_ptr<SpdySerializedFrame> wrapped_body1(
       spdy_util_.ConstructSpdyBodyFrame(1, "1", 1, false));
-  scoped_ptr<SpdySerializedFrame> window_update(
+  std::unique_ptr<SpdySerializedFrame> window_update(
       spdy_util_.ConstructSpdyWindowUpdate(1, wrapped_get_resp1->size()));
 
   // CONNECT to mail.example.org:443 via SPDY.
@@ -4719,10 +4725,10 @@ TEST_P(HttpNetworkTransactionTest,
     connect2_block[spdy_util_.GetHostKey()] = "mail.example.org";
     connect2_block[spdy_util_.GetPathKey()] = "mail.example.org:443";
   }
-  scoped_ptr<SpdySerializedFrame> connect2(
+  std::unique_ptr<SpdySerializedFrame> connect2(
       spdy_util_.ConstructSpdySyn(3, connect2_block, LOWEST, false));
 
-  scoped_ptr<SpdySerializedFrame> conn_resp2(
+  std::unique_ptr<SpdySerializedFrame> conn_resp2(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 3));
 
   // Fetch https://mail.example.org/ via HTTP.
@@ -4730,13 +4736,13 @@ TEST_P(HttpNetworkTransactionTest,
       "GET / HTTP/1.1\r\n"
       "Host: mail.example.org\r\n"
       "Connection: keep-alive\r\n\r\n";
-  scoped_ptr<SpdySerializedFrame> wrapped_get2(
+  std::unique_ptr<SpdySerializedFrame> wrapped_get2(
       spdy_util_.ConstructSpdyBodyFrame(3, get2, strlen(get2), false));
   const char resp2[] = "HTTP/1.1 200 OK\r\n"
       "Content-Length: 2\r\n\r\n";
-  scoped_ptr<SpdySerializedFrame> wrapped_get_resp2(
+  std::unique_ptr<SpdySerializedFrame> wrapped_get_resp2(
       spdy_util_.ConstructSpdyBodyFrame(3, resp2, strlen(resp2), false));
-  scoped_ptr<SpdySerializedFrame> wrapped_body2(
+  std::unique_ptr<SpdySerializedFrame> wrapped_body2(
       spdy_util_.ConstructSpdyBodyFrame(3, "22", 2, false));
 
   MockWrite spdy_writes[] = {
@@ -4770,7 +4776,7 @@ TEST_P(HttpNetworkTransactionTest,
 
   TestCompletionCallback callback;
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   int rv = trans->Start(&request1, callback.callback(), BoundNetLog());
   EXPECT_EQ(OK, callback.GetResult(rv));
@@ -4789,7 +4795,7 @@ TEST_P(HttpNetworkTransactionTest,
   rv = trans->Read(buf.get(), 256, callback.callback());
   EXPECT_EQ(1, callback.GetResult(rv));
 
-  scoped_ptr<HttpTransaction> trans2(
+  std::unique_ptr<HttpTransaction> trans2(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   rv = trans2->Start(&request2, callback.callback(), BoundNetLog());
   EXPECT_EQ(OK, callback.GetResult(rv));
@@ -4816,7 +4822,7 @@ TEST_P(HttpNetworkTransactionTest,
   session_deps_.proxy_service = ProxyService::CreateFixed("https://proxy:70");
   BoundTestNetLog log;
   session_deps_.net_log = log.bound().net_log();
-  scoped_ptr<HttpNetworkSession> session(
+  std::unique_ptr<HttpNetworkSession> session(
       SpdySessionDependencies::SpdyCreateSession(&session_deps_));
 
   HttpRequestInfo request1;
@@ -4830,9 +4836,9 @@ TEST_P(HttpNetworkTransactionTest,
   request2.load_flags = 0;
 
   // CONNECT to www.example.org:443 via SPDY.
-  scoped_ptr<SpdySerializedFrame> connect1(spdy_util_.ConstructSpdyConnect(
+  std::unique_ptr<SpdySerializedFrame> connect1(spdy_util_.ConstructSpdyConnect(
       NULL, 0, 1, LOWEST, HostPortPair("www.example.org", 443)));
-  scoped_ptr<SpdySerializedFrame> conn_resp1(
+  std::unique_ptr<SpdySerializedFrame> conn_resp1(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
 
   // Fetch https://www.example.org/ via HTTP.
@@ -4840,15 +4846,15 @@ TEST_P(HttpNetworkTransactionTest,
       "GET / HTTP/1.1\r\n"
       "Host: www.example.org\r\n"
       "Connection: keep-alive\r\n\r\n";
-  scoped_ptr<SpdySerializedFrame> wrapped_get1(
+  std::unique_ptr<SpdySerializedFrame> wrapped_get1(
       spdy_util_.ConstructSpdyBodyFrame(1, get1, strlen(get1), false));
   const char resp1[] = "HTTP/1.1 200 OK\r\n"
       "Content-Length: 1\r\n\r\n";
-  scoped_ptr<SpdySerializedFrame> wrapped_get_resp1(
+  std::unique_ptr<SpdySerializedFrame> wrapped_get_resp1(
       spdy_util_.ConstructSpdyBodyFrame(1, resp1, strlen(resp1), false));
-  scoped_ptr<SpdySerializedFrame> wrapped_body1(
+  std::unique_ptr<SpdySerializedFrame> wrapped_body1(
       spdy_util_.ConstructSpdyBodyFrame(1, "1", 1, false));
-  scoped_ptr<SpdySerializedFrame> window_update(
+  std::unique_ptr<SpdySerializedFrame> window_update(
       spdy_util_.ConstructSpdyWindowUpdate(1, wrapped_get_resp1->size()));
 
   // Fetch https://www.example.org/2 via HTTP.
@@ -4856,13 +4862,13 @@ TEST_P(HttpNetworkTransactionTest,
       "GET /2 HTTP/1.1\r\n"
       "Host: www.example.org\r\n"
       "Connection: keep-alive\r\n\r\n";
-  scoped_ptr<SpdySerializedFrame> wrapped_get2(
+  std::unique_ptr<SpdySerializedFrame> wrapped_get2(
       spdy_util_.ConstructSpdyBodyFrame(1, get2, strlen(get2), false));
   const char resp2[] = "HTTP/1.1 200 OK\r\n"
       "Content-Length: 2\r\n\r\n";
-  scoped_ptr<SpdySerializedFrame> wrapped_get_resp2(
+  std::unique_ptr<SpdySerializedFrame> wrapped_get_resp2(
       spdy_util_.ConstructSpdyBodyFrame(1, resp2, strlen(resp2), false));
-  scoped_ptr<SpdySerializedFrame> wrapped_body2(
+  std::unique_ptr<SpdySerializedFrame> wrapped_body2(
       spdy_util_.ConstructSpdyBodyFrame(1, "22", 2, false));
 
   MockWrite spdy_writes[] = {
@@ -4892,7 +4898,7 @@ TEST_P(HttpNetworkTransactionTest,
 
   TestCompletionCallback callback;
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   int rv = trans->Start(&request1, callback.callback(), BoundNetLog());
   EXPECT_EQ(ERR_IO_PENDING, rv);
@@ -4914,7 +4920,7 @@ TEST_P(HttpNetworkTransactionTest,
   EXPECT_EQ(1, trans->Read(buf.get(), 256, callback.callback()));
   trans.reset();
 
-  scoped_ptr<HttpTransaction> trans2(
+  std::unique_ptr<HttpTransaction> trans2(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   rv = trans2->Start(&request2, callback.callback(), BoundNetLog());
   EXPECT_EQ(ERR_IO_PENDING, rv);
@@ -4939,7 +4945,7 @@ TEST_P(HttpNetworkTransactionTest, HttpsProxySpdyLoadTimingTwoHttpRequests) {
   session_deps_.proxy_service = ProxyService::CreateFixed("https://proxy:70");
   BoundTestNetLog log;
   session_deps_.net_log = log.bound().net_log();
-  scoped_ptr<HttpNetworkSession> session(
+  std::unique_ptr<HttpNetworkSession> session(
       SpdySessionDependencies::SpdyCreateSession(&session_deps_));
 
   HttpRequestInfo request1;
@@ -4953,24 +4959,24 @@ TEST_P(HttpNetworkTransactionTest, HttpsProxySpdyLoadTimingTwoHttpRequests) {
   request2.load_flags = 0;
 
   // http://www.example.org/
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructGetHeaderBlockForProxy("http://www.example.org/"));
-  scoped_ptr<SpdySerializedFrame> get1(
+  std::unique_ptr<SpdySerializedFrame> get1(
       spdy_util_.ConstructSpdySyn(1, *headers, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> get_resp1(
+  std::unique_ptr<SpdySerializedFrame> get_resp1(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> body1(
+  std::unique_ptr<SpdySerializedFrame> body1(
       spdy_util_.ConstructSpdyBodyFrame(1, "1", 1, true));
   spdy_util_.UpdateWithStreamDestruction(1);
 
   // http://mail.example.org/
-  scoped_ptr<SpdyHeaderBlock> headers2(
+  std::unique_ptr<SpdyHeaderBlock> headers2(
       spdy_util_.ConstructGetHeaderBlockForProxy("http://mail.example.org/"));
-  scoped_ptr<SpdySerializedFrame> get2(
+  std::unique_ptr<SpdySerializedFrame> get2(
       spdy_util_.ConstructSpdySyn(3, *headers2, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> get_resp2(
+  std::unique_ptr<SpdySerializedFrame> get_resp2(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 3));
-  scoped_ptr<SpdySerializedFrame> body2(
+  std::unique_ptr<SpdySerializedFrame> body2(
       spdy_util_.ConstructSpdyBodyFrame(3, "22", 2, true));
 
   MockWrite spdy_writes[] = {
@@ -4996,7 +5002,7 @@ TEST_P(HttpNetworkTransactionTest, HttpsProxySpdyLoadTimingTwoHttpRequests) {
 
   TestCompletionCallback callback;
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   int rv = trans->Start(&request1, callback.callback(), BoundNetLog());
   EXPECT_EQ(OK, callback.GetResult(rv));
@@ -5018,7 +5024,7 @@ TEST_P(HttpNetworkTransactionTest, HttpsProxySpdyLoadTimingTwoHttpRequests) {
   // Delete the first request, so the second one can reuse the socket.
   trans.reset();
 
-  scoped_ptr<HttpTransaction> trans2(
+  std::unique_ptr<HttpTransaction> trans2(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   rv = trans2->Start(&request2, callback.callback(), BoundNetLog());
   EXPECT_EQ(OK, callback.GetResult(rv));
@@ -5046,7 +5052,7 @@ TEST_P(HttpNetworkTransactionTest, HttpsProxyAuthRetry) {
   session_deps_.proxy_service = ProxyService::CreateFixed("https://myproxy:70");
   BoundTestNetLog log;
   session_deps_.net_log = log.bound().net_log();
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   // Since we have proxy, should use full url
   MockWrite data_writes1[] = {
@@ -5087,7 +5093,7 @@ TEST_P(HttpNetworkTransactionTest, HttpsProxyAuthRetry) {
 
   TestCompletionCallback callback1;
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   int rv = trans->Start(&request, callback1.callback(), log.bound());
@@ -5106,7 +5112,7 @@ TEST_P(HttpNetworkTransactionTest, HttpsProxyAuthRetry) {
   ASSERT_FALSE(response->headers.get() == NULL);
   EXPECT_EQ(407, response->headers->response_code());
   EXPECT_TRUE(HttpVersion(1, 1) == response->headers->GetHttpVersion());
-  EXPECT_TRUE(CheckBasicProxyAuth(response->auth_challenge.get()));
+  EXPECT_TRUE(CheckBasicSecureProxyAuth(response->auth_challenge.get()));
 
   TestCompletionCallback callback2;
 
@@ -5143,7 +5149,7 @@ void HttpNetworkTransactionTest::ConnectStatusHelperWithExpectedStatus(
 
   // Configure against proxy server "myproxy:70".
   session_deps_.proxy_service = ProxyService::CreateFixed("myproxy:70");
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   // Since we have proxy, should try to establish tunnel.
   MockWrite data_writes[] = {
@@ -5164,7 +5170,7 @@ void HttpNetworkTransactionTest::ConnectStatusHelperWithExpectedStatus(
 
   TestCompletionCallback callback;
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   int rv = trans->Start(&request, callback.callback(), BoundNetLog());
@@ -5359,9 +5365,9 @@ TEST_P(HttpNetworkTransactionTest, BasicAuthProxyThenServer) {
 
   // Configure against proxy server "myproxy:70".
   session_deps_.proxy_service = ProxyService::CreateFixed("myproxy:70");
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   MockWrite data_writes1[] = {
@@ -5495,7 +5501,7 @@ TEST_P(HttpNetworkTransactionTest, NTLMAuth1) {
 
   HttpAuthHandlerNTLM::ScopedProcSetter proc_setter(MockGenerateRandom1,
                                                     MockGetHostName);
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   MockWrite data_writes1[] = {
     MockWrite("GET /kids/login.aspx HTTP/1.1\r\n"
@@ -5571,7 +5577,7 @@ TEST_P(HttpNetworkTransactionTest, NTLMAuth1) {
 
   TestCompletionCallback callback1;
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   int rv = trans->Start(&request, callback1.callback(), BoundNetLog());
@@ -5624,7 +5630,7 @@ TEST_P(HttpNetworkTransactionTest, NTLMAuth2) {
 
   HttpAuthHandlerNTLM::ScopedProcSetter proc_setter(MockGenerateRandom2,
                                                     MockGetHostName);
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   MockWrite data_writes1[] = {
     MockWrite("GET /kids/login.aspx HTTP/1.1\r\n"
@@ -5751,7 +5757,7 @@ TEST_P(HttpNetworkTransactionTest, NTLMAuth2) {
 
   TestCompletionCallback callback1;
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   int rv = trans->Start(&request, callback1.callback(), BoundNetLog());
@@ -5824,8 +5830,8 @@ TEST_P(HttpNetworkTransactionTest, LargeHeadersNoBody) {
   request.url = GURL("http://www.example.org/");
   request.load_flags = 0;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   // Respond with 300 kb of headers (we should fail after 256 kb).
@@ -5863,9 +5869,9 @@ TEST_P(HttpNetworkTransactionTest,
   // Configure against proxy server "myproxy:70".
   session_deps_.proxy_service = ProxyService::CreateFixed("myproxy:70");
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   // Since we have proxy, should try to establish tunnel.
@@ -5916,9 +5922,9 @@ TEST_P(HttpNetworkTransactionTest, RecycleSocket) {
   request.url = GURL("http://www.example.org/");
   request.load_flags = 0;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   MockRead data_reads[] = {
@@ -5995,8 +6001,8 @@ TEST_P(HttpNetworkTransactionTest, RecycleSSLSocket) {
 
   TestCompletionCallback callback;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   int rv = trans->Start(&request, callback.callback(), BoundNetLog());
@@ -6061,8 +6067,8 @@ TEST_P(HttpNetworkTransactionTest, RecycleDeadSSLSocket) {
 
   TestCompletionCallback callback;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   int rv = trans->Start(&request, callback.callback(), BoundNetLog());
@@ -6129,7 +6135,7 @@ TEST_P(HttpNetworkTransactionTest, RecycleSocketAfterZeroContentLength) {
       "rt=prt.2642,ol.2649,xjs.2951");
   request.load_flags = 0;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   MockRead data_reads[] = {
     MockRead("HTTP/1.1 204 No Content\r\n"
@@ -6144,7 +6150,7 @@ TEST_P(HttpNetworkTransactionTest, RecycleSocketAfterZeroContentLength) {
 
   // Transaction must be created after the MockReads, so it's destroyed before
   // them.
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   TestCompletionCallback callback;
@@ -6178,9 +6184,9 @@ TEST_P(HttpNetworkTransactionTest, RecycleSocketAfterZeroContentLength) {
 }
 
 TEST_P(HttpNetworkTransactionTest, ResendRequestOnWriteBodyError) {
-  std::vector<scoped_ptr<UploadElementReader>> element_readers;
+  std::vector<std::unique_ptr<UploadElementReader>> element_readers;
   element_readers.push_back(
-      make_scoped_ptr(new UploadBytesElementReader("foo", 3)));
+      base::WrapUnique(new UploadBytesElementReader("foo", 3)));
   ElementsUploadDataStream upload_data_stream(std::move(element_readers), 0);
 
   HttpRequestInfo request[2];
@@ -6198,7 +6204,7 @@ TEST_P(HttpNetworkTransactionTest, ResendRequestOnWriteBodyError) {
   request[1].upload_data_stream = &upload_data_stream;
   request[1].load_flags = 0;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   // The first socket is used for transaction 1 and the first attempt of
   // transaction 2.
@@ -6243,7 +6249,7 @@ TEST_P(HttpNetworkTransactionTest, ResendRequestOnWriteBodyError) {
   };
 
   for (int i = 0; i < 2; ++i) {
-    scoped_ptr<HttpTransaction> trans(
+    std::unique_ptr<HttpTransaction> trans(
         new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
     TestCompletionCallback callback;
@@ -6276,8 +6282,8 @@ TEST_P(HttpNetworkTransactionTest, AuthIdentityInURL) {
   request.url = GURL("http://foo:b@r@www.example.org/");
   request.load_flags = LOAD_NORMAL;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   // The password contains an escaped character -- for this test to pass it
@@ -6359,8 +6365,8 @@ TEST_P(HttpNetworkTransactionTest, WrongAuthIdentityInURL) {
 
   request.load_flags = LOAD_NORMAL;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   MockWrite data_writes1[] = {
@@ -6470,8 +6476,8 @@ TEST_P(HttpNetworkTransactionTest, AuthIdentityInURLSuppressed) {
   request.url = GURL("http://foo:bar@www.example.org/");
   request.load_flags = LOAD_DO_NOT_USE_EMBEDDED_IDENTITY;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   MockWrite data_writes1[] = {
@@ -6544,7 +6550,7 @@ TEST_P(HttpNetworkTransactionTest, AuthIdentityInURLSuppressed) {
 
 // Test that previously tried username/passwords for a realm get re-used.
 TEST_P(HttpNetworkTransactionTest, BasicAuthCacheAndPreauth) {
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   // Transaction 1: authenticate (foo, bar) on MyRealm1
   {
@@ -6553,7 +6559,7 @@ TEST_P(HttpNetworkTransactionTest, BasicAuthCacheAndPreauth) {
     request.url = GURL("http://www.example.org/x/y/z");
     request.load_flags = 0;
 
-    scoped_ptr<HttpTransaction> trans(
+    std::unique_ptr<HttpTransaction> trans(
         new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
     MockWrite data_writes1[] = {
@@ -6631,7 +6637,7 @@ TEST_P(HttpNetworkTransactionTest, BasicAuthCacheAndPreauth) {
     request.url = GURL("http://www.example.org/x/y/a/b");
     request.load_flags = 0;
 
-    scoped_ptr<HttpTransaction> trans(
+    std::unique_ptr<HttpTransaction> trans(
         new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
     MockWrite data_writes1[] = {
@@ -6687,8 +6693,8 @@ TEST_P(HttpNetworkTransactionTest, BasicAuthCacheAndPreauth) {
     ASSERT_TRUE(response != NULL);
     ASSERT_TRUE(response->auth_challenge.get());
     EXPECT_FALSE(response->auth_challenge->is_proxy);
-    EXPECT_EQ("www.example.org:80",
-              response->auth_challenge->challenger.ToString());
+    EXPECT_EQ("http://www.example.org",
+              response->auth_challenge->challenger.Serialize());
     EXPECT_EQ("MyRealm2", response->auth_challenge->realm);
     EXPECT_EQ(kBasicAuthScheme, response->auth_challenge->scheme);
 
@@ -6717,7 +6723,7 @@ TEST_P(HttpNetworkTransactionTest, BasicAuthCacheAndPreauth) {
     request.url = GURL("http://www.example.org/x/y/z2");
     request.load_flags = 0;
 
-    scoped_ptr<HttpTransaction> trans(
+    std::unique_ptr<HttpTransaction> trans(
         new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
     MockWrite data_writes1[] = {
@@ -6766,7 +6772,7 @@ TEST_P(HttpNetworkTransactionTest, BasicAuthCacheAndPreauth) {
     request.url = GURL("http://www.example.org/x/1");
     request.load_flags = 0;
 
-    scoped_ptr<HttpTransaction> trans(
+    std::unique_ptr<HttpTransaction> trans(
         new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
     MockWrite data_writes1[] = {
@@ -6838,7 +6844,7 @@ TEST_P(HttpNetworkTransactionTest, BasicAuthCacheAndPreauth) {
     request.url = GURL("http://www.example.org/p/q/t");
     request.load_flags = 0;
 
-    scoped_ptr<HttpTransaction> trans(
+    std::unique_ptr<HttpTransaction> trans(
         new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
     MockWrite data_writes1[] = {
@@ -6944,7 +6950,7 @@ TEST_P(HttpNetworkTransactionTest, DigestPreAuthNonceCount) {
       new HttpAuthHandlerDigest::FixedNonceGenerator("0123456789abcdef");
   digest_factory->set_nonce_generator(nonce_generator);
   session_deps_.http_auth_handler_factory.reset(digest_factory);
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   // Transaction 1: authenticate (foo, bar) on MyRealm1
   {
@@ -6953,7 +6959,7 @@ TEST_P(HttpNetworkTransactionTest, DigestPreAuthNonceCount) {
     request.url = GURL("http://www.example.org/x/y/z");
     request.load_flags = 0;
 
-    scoped_ptr<HttpTransaction> trans(
+    std::unique_ptr<HttpTransaction> trans(
         new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
     MockWrite data_writes1[] = {
@@ -7034,7 +7040,7 @@ TEST_P(HttpNetworkTransactionTest, DigestPreAuthNonceCount) {
     request.url = GURL("http://www.example.org/x/y/a/b");
     request.load_flags = 0;
 
-    scoped_ptr<HttpTransaction> trans(
+    std::unique_ptr<HttpTransaction> trans(
         new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
     MockWrite data_writes1[] = {
@@ -7076,8 +7082,8 @@ TEST_P(HttpNetworkTransactionTest, DigestPreAuthNonceCount) {
 // Test the ResetStateForRestart() private method.
 TEST_P(HttpNetworkTransactionTest, ResetStateForRestart) {
   // Create a transaction (the dependencies aren't important).
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpNetworkTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   // Setup some state (which we expect ResetStateForRestart() will clear).
@@ -7123,8 +7129,8 @@ TEST_P(HttpNetworkTransactionTest, HTTPSBadCertificate) {
   request.url = GURL("https://www.example.org/");
   request.load_flags = 0;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   MockWrite data_writes[] = {
@@ -7228,8 +7234,8 @@ TEST_P(HttpNetworkTransactionTest, HTTPSBadCertificateViaProxy) {
   for (int i = 0; i < 2; i++) {
     session_deps_.socket_factory->ResetNextMockIndexes();
 
-    scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-    scoped_ptr<HttpTransaction> trans(
+    std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+    std::unique_ptr<HttpTransaction> trans(
         new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
     int rv = trans->Start(&request, callback.callback(), BoundNetLog());
@@ -7292,8 +7298,8 @@ TEST_P(HttpNetworkTransactionTest, HTTPSViaHttpsProxy) {
 
   TestCompletionCallback callback;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   int rv = trans->Start(&request, callback.callback(), BoundNetLog());
@@ -7350,8 +7356,8 @@ TEST_P(HttpNetworkTransactionTest, RedirectOfHttpsConnectViaHttpsProxy) {
 
   TestCompletionCallback callback;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   int rv = trans->Start(&request, callback.callback(), BoundNetLog());
@@ -7401,9 +7407,9 @@ TEST_P(HttpNetworkTransactionTest, RedirectOfHttpsConnectViaSpdyProxy) {
   request.url = GURL("https://www.example.org/");
   request.load_flags = 0;
 
-  scoped_ptr<SpdySerializedFrame> conn(spdy_util_.ConstructSpdyConnect(
+  std::unique_ptr<SpdySerializedFrame> conn(spdy_util_.ConstructSpdyConnect(
       NULL, 0, 1, LOWEST, HostPortPair("www.example.org", 443)));
-  scoped_ptr<SpdySerializedFrame> goaway(
+  std::unique_ptr<SpdySerializedFrame> goaway(
       spdy_util_.ConstructSpdyRstStream(1, RST_STREAM_CANCEL));
   MockWrite data_writes[] = {
       CreateMockWrite(*conn.get(), 0, SYNCHRONOUS),
@@ -7414,8 +7420,9 @@ TEST_P(HttpNetworkTransactionTest, RedirectOfHttpsConnectViaSpdyProxy) {
     "location",
     "http://login.example.com/",
   };
-  scoped_ptr<SpdySerializedFrame> resp(spdy_util_.ConstructSpdySynReplyError(
-      "302 Redirect", kExtraHeaders, arraysize(kExtraHeaders) / 2, 1));
+  std::unique_ptr<SpdySerializedFrame> resp(
+      spdy_util_.ConstructSpdySynReplyError("302 Redirect", kExtraHeaders,
+                                            arraysize(kExtraHeaders) / 2, 1));
   MockRead data_reads[] = {
       CreateMockRead(*resp.get(), 1), MockRead(ASYNC, 0, 3),  // EOF
   };
@@ -7430,8 +7437,8 @@ TEST_P(HttpNetworkTransactionTest, RedirectOfHttpsConnectViaSpdyProxy) {
 
   TestCompletionCallback callback;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   int rv = trans->Start(&request, callback.callback(), BoundNetLog());
@@ -7481,8 +7488,8 @@ TEST_P(HttpNetworkTransactionTest,
 
   TestCompletionCallback callback;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   int rv = trans->Start(&request, callback.callback(), BoundNetLog());
@@ -7491,7 +7498,7 @@ TEST_P(HttpNetworkTransactionTest,
   rv = callback.WaitForResult();
   EXPECT_EQ(ERR_TUNNEL_CONNECTION_FAILED, rv);
 
-  // TODO(ttuttle): Anything else to check here?
+  // TODO(juliatuttle): Anything else to check here?
 }
 
 // Test that a SPDY proxy's response to a CONNECT request is filtered.
@@ -7504,9 +7511,9 @@ TEST_P(HttpNetworkTransactionTest,
   request.url = GURL("https://www.example.org/");
   request.load_flags = 0;
 
-  scoped_ptr<SpdySerializedFrame> conn(spdy_util_.ConstructSpdyConnect(
+  std::unique_ptr<SpdySerializedFrame> conn(spdy_util_.ConstructSpdyConnect(
       NULL, 0, 1, LOWEST, HostPortPair("www.example.org", 443)));
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(1, RST_STREAM_CANCEL));
   MockWrite data_writes[] = {
       CreateMockWrite(*conn.get(), 0), CreateMockWrite(*rst.get(), 3),
@@ -7516,9 +7523,10 @@ TEST_P(HttpNetworkTransactionTest,
     "location",
     "http://login.example.com/",
   };
-  scoped_ptr<SpdySerializedFrame> resp(spdy_util_.ConstructSpdySynReplyError(
-      "404 Not Found", kExtraHeaders, arraysize(kExtraHeaders) / 2, 1));
-  scoped_ptr<SpdySerializedFrame> body(spdy_util_.ConstructSpdyBodyFrame(
+  std::unique_ptr<SpdySerializedFrame> resp(
+      spdy_util_.ConstructSpdySynReplyError("404 Not Found", kExtraHeaders,
+                                            arraysize(kExtraHeaders) / 2, 1));
+  std::unique_ptr<SpdySerializedFrame> body(spdy_util_.ConstructSpdyBodyFrame(
       1, "The host does not exist", 23, true));
   MockRead data_reads[] = {
       CreateMockRead(*resp.get(), 1),
@@ -7536,8 +7544,8 @@ TEST_P(HttpNetworkTransactionTest,
 
   TestCompletionCallback callback;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   int rv = trans->Start(&request, callback.callback(), BoundNetLog());
@@ -7546,7 +7554,7 @@ TEST_P(HttpNetworkTransactionTest,
   rv = callback.WaitForResult();
   EXPECT_EQ(ERR_TUNNEL_CONNECTION_FAILED, rv);
 
-  // TODO(ttuttle): Anything else to check here?
+  // TODO(juliatuttle): Anything else to check here?
 }
 
 // Test the request-challenge-retry sequence for basic auth, through
@@ -7563,12 +7571,12 @@ TEST_P(HttpNetworkTransactionTest, BasicAuthSpdyProxy) {
       ProxyService::CreateFixedFromPacResult("HTTPS myproxy:70");
   BoundTestNetLog log;
   session_deps_.net_log = log.bound().net_log();
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   // Since we have proxy, should try to establish tunnel.
-  scoped_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyConnect(
+  std::unique_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyConnect(
       NULL, 0, 1, LOWEST, HostPortPair("www.example.org", 443)));
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(1, RST_STREAM_CANCEL));
   spdy_util_.UpdateWithStreamDestruction(1);
 
@@ -7577,7 +7585,7 @@ TEST_P(HttpNetworkTransactionTest, BasicAuthSpdyProxy) {
   const char* const kAuthCredentials[] = {
       "proxy-authorization", "Basic Zm9vOmJhcg==",
   };
-  scoped_ptr<SpdySerializedFrame> connect2(spdy_util_.ConstructSpdyConnect(
+  std::unique_ptr<SpdySerializedFrame> connect2(spdy_util_.ConstructSpdyConnect(
       kAuthCredentials, arraysize(kAuthCredentials) / 2, 3, LOWEST,
       HostPortPair("www.example.org", 443)));
   // fetch https://www.example.org/ via HTTP
@@ -7585,7 +7593,7 @@ TEST_P(HttpNetworkTransactionTest, BasicAuthSpdyProxy) {
       "GET / HTTP/1.1\r\n"
       "Host: www.example.org\r\n"
       "Connection: keep-alive\r\n\r\n";
-  scoped_ptr<SpdySerializedFrame> wrapped_get(
+  std::unique_ptr<SpdySerializedFrame> wrapped_get(
       spdy_util_.ConstructSpdyBodyFrame(3, get, strlen(get), false));
 
   MockWrite spdy_writes[] = {
@@ -7601,18 +7609,18 @@ TEST_P(HttpNetworkTransactionTest, BasicAuthSpdyProxy) {
   const char* const kAuthChallenge[] = {
     "proxy-authenticate", "Basic realm=\"MyRealm1\"",
   };
-  scoped_ptr<SpdySerializedFrame> conn_auth_resp(
+  std::unique_ptr<SpdySerializedFrame> conn_auth_resp(
       spdy_util_.ConstructSpdySynReplyError(kAuthStatus, kAuthChallenge,
                                             arraysize(kAuthChallenge) / 2, 1));
 
-  scoped_ptr<SpdySerializedFrame> conn_resp(
+  std::unique_ptr<SpdySerializedFrame> conn_resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 3));
   const char resp[] = "HTTP/1.1 200 OK\r\n"
       "Content-Length: 5\r\n\r\n";
 
-  scoped_ptr<SpdySerializedFrame> wrapped_get_resp(
+  std::unique_ptr<SpdySerializedFrame> wrapped_get_resp(
       spdy_util_.ConstructSpdyBodyFrame(3, resp, strlen(resp), false));
-  scoped_ptr<SpdySerializedFrame> wrapped_body(
+  std::unique_ptr<SpdySerializedFrame> wrapped_body(
       spdy_util_.ConstructSpdyBodyFrame(3, "hello", 5, false));
   MockRead spdy_reads[] = {
       CreateMockRead(*conn_auth_resp, 1, ASYNC),
@@ -7635,7 +7643,7 @@ TEST_P(HttpNetworkTransactionTest, BasicAuthSpdyProxy) {
 
   TestCompletionCallback callback1;
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   int rv = trans->Start(&request, callback1.callback(), log.bound());
@@ -7659,7 +7667,7 @@ TEST_P(HttpNetworkTransactionTest, BasicAuthSpdyProxy) {
   EXPECT_EQ(407, response->headers->response_code());
   EXPECT_TRUE(HttpVersion(1, 1) == response->headers->GetHttpVersion());
   EXPECT_TRUE(response->auth_challenge.get() != NULL);
-  EXPECT_TRUE(CheckBasicProxyAuth(response->auth_challenge.get()));
+  EXPECT_TRUE(CheckBasicSecureProxyAuth(response->auth_challenge.get()));
 
   TestCompletionCallback callback2;
 
@@ -7694,7 +7702,7 @@ TEST_P(HttpNetworkTransactionTest, BasicAuthSpdyProxy) {
 // origin that is different from that of its associated resource.
 TEST_P(HttpNetworkTransactionTest, CrossOriginSPDYProxyPush) {
   // Configure the proxy delegate to allow cross-origin SPDY pushes.
-  scoped_ptr<TestProxyDelegate> proxy_delegate(new TestProxyDelegate());
+  std::unique_ptr<TestProxyDelegate> proxy_delegate(new TestProxyDelegate());
   proxy_delegate->set_trusted_spdy_proxy(net::ProxyServer::FromURI(
       "https://myproxy:443", net::ProxyServer::SCHEME_HTTP));
   HttpRequestInfo request;
@@ -7713,25 +7721,25 @@ TEST_P(HttpNetworkTransactionTest, CrossOriginSPDYProxyPush) {
 
   session_deps_.proxy_delegate.reset(proxy_delegate.release());
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
-  scoped_ptr<SpdySerializedFrame> stream1_syn(
+  std::unique_ptr<SpdySerializedFrame> stream1_syn(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, false));
 
   MockWrite spdy_writes[] = {
       CreateMockWrite(*stream1_syn, 0, ASYNC),
   };
 
-  scoped_ptr<SpdySerializedFrame> stream1_reply(
+  std::unique_ptr<SpdySerializedFrame> stream1_reply(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
 
-  scoped_ptr<SpdySerializedFrame> stream1_body(
+  std::unique_ptr<SpdySerializedFrame> stream1_body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
 
-  scoped_ptr<SpdySerializedFrame> stream2_syn(spdy_util_.ConstructSpdyPush(
+  std::unique_ptr<SpdySerializedFrame> stream2_syn(spdy_util_.ConstructSpdyPush(
       NULL, 0, 2, 1, "http://www.another-origin.com/foo.dat"));
   const char kPushedData[] = "pushed";
-  scoped_ptr<SpdySerializedFrame> stream2_body(
+  std::unique_ptr<SpdySerializedFrame> stream2_body(
       spdy_util_.ConstructSpdyBodyFrame(2, kPushedData, strlen(kPushedData),
                                         true));
 
@@ -7751,7 +7759,7 @@ TEST_P(HttpNetworkTransactionTest, CrossOriginSPDYProxyPush) {
   proxy.SetNextProto(GetProtocol());
   session_deps_.socket_factory->AddSSLSocketDataProvider(&proxy);
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   TestCompletionCallback callback;
   int rv = trans->Start(&request, callback.callback(), log.bound());
@@ -7761,7 +7769,7 @@ TEST_P(HttpNetworkTransactionTest, CrossOriginSPDYProxyPush) {
   EXPECT_EQ(OK, rv);
   const HttpResponseInfo* response = trans->GetResponseInfo();
 
-  scoped_ptr<HttpTransaction> push_trans(
+  std::unique_ptr<HttpTransaction> push_trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   rv = push_trans->Start(&push_request, callback.callback(), log.bound());
   EXPECT_EQ(ERR_IO_PENDING, rv);
@@ -7810,7 +7818,7 @@ TEST_P(HttpNetworkTransactionTest, CrossOriginSPDYProxyPush) {
 // Test that an explicitly trusted SPDY proxy cannot push HTTPS content.
 TEST_P(HttpNetworkTransactionTest, CrossOriginProxyPushCorrectness) {
   // Configure the proxy delegate to allow cross-origin SPDY pushes.
-  scoped_ptr<TestProxyDelegate> proxy_delegate(new TestProxyDelegate());
+  std::unique_ptr<TestProxyDelegate> proxy_delegate(new TestProxyDelegate());
   proxy_delegate->set_trusted_spdy_proxy(net::ProxyServer::FromURI(
       "https://myproxy:443", net::ProxyServer::SCHEME_HTTP));
   HttpRequestInfo request;
@@ -7826,25 +7834,25 @@ TEST_P(HttpNetworkTransactionTest, CrossOriginProxyPushCorrectness) {
   // Enable cross-origin push.
   session_deps_.proxy_delegate.reset(proxy_delegate.release());
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
-  scoped_ptr<SpdySerializedFrame> stream1_syn(
+  std::unique_ptr<SpdySerializedFrame> stream1_syn(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, false));
 
-  scoped_ptr<SpdySerializedFrame> push_rst(
+  std::unique_ptr<SpdySerializedFrame> push_rst(
       spdy_util_.ConstructSpdyRstStream(2, RST_STREAM_REFUSED_STREAM));
 
   MockWrite spdy_writes[] = {
       CreateMockWrite(*stream1_syn, 0, ASYNC), CreateMockWrite(*push_rst, 3),
   };
 
-  scoped_ptr<SpdySerializedFrame> stream1_reply(
+  std::unique_ptr<SpdySerializedFrame> stream1_reply(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
 
-  scoped_ptr<SpdySerializedFrame> stream1_body(
+  std::unique_ptr<SpdySerializedFrame> stream1_body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
 
-  scoped_ptr<SpdySerializedFrame> stream2_syn(spdy_util_.ConstructSpdyPush(
+  std::unique_ptr<SpdySerializedFrame> stream2_syn(spdy_util_.ConstructSpdyPush(
       NULL, 0, 2, 1, "https://www.another-origin.com/foo.dat"));
 
   MockRead spdy_reads[] = {
@@ -7862,7 +7870,7 @@ TEST_P(HttpNetworkTransactionTest, CrossOriginProxyPushCorrectness) {
   proxy.SetNextProto(GetProtocol());
   session_deps_.socket_factory->AddSSLSocketDataProvider(&proxy);
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   TestCompletionCallback callback;
   int rv = trans->Start(&request, callback.callback(), log.bound());
@@ -7891,7 +7899,7 @@ TEST_P(HttpNetworkTransactionTest, CrossOriginProxyPushCorrectness) {
 // resources.
 TEST_P(HttpNetworkTransactionTest, SameOriginProxyPushCorrectness) {
   // Configure the proxy delegate to allow cross-origin SPDY pushes.
-  scoped_ptr<TestProxyDelegate> proxy_delegate(new TestProxyDelegate());
+  std::unique_ptr<TestProxyDelegate> proxy_delegate(new TestProxyDelegate());
   proxy_delegate->set_trusted_spdy_proxy(
       net::ProxyServer::FromURI("myproxy:70", net::ProxyServer::SCHEME_HTTP));
 
@@ -7908,28 +7916,28 @@ TEST_P(HttpNetworkTransactionTest, SameOriginProxyPushCorrectness) {
   // Enable cross-origin push.
   session_deps_.proxy_delegate.reset(proxy_delegate.release());
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
-  scoped_ptr<SpdySerializedFrame> stream1_syn(
+  std::unique_ptr<SpdySerializedFrame> stream1_syn(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, false));
 
   MockWrite spdy_writes[] = {
       CreateMockWrite(*stream1_syn, 0, ASYNC),
   };
 
-  scoped_ptr<SpdySerializedFrame> stream1_reply(
+  std::unique_ptr<SpdySerializedFrame> stream1_reply(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 1));
 
-  scoped_ptr<SpdySerializedFrame> stream2_syn(spdy_util_.ConstructSpdyPush(
+  std::unique_ptr<SpdySerializedFrame> stream2_syn(spdy_util_.ConstructSpdyPush(
       nullptr, 0, 2, 1, "https://myproxy:70/foo.dat"));
 
-  scoped_ptr<SpdySerializedFrame> stream1_body(
+  std::unique_ptr<SpdySerializedFrame> stream1_body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
 
-  scoped_ptr<SpdySerializedFrame> stream2_reply(
+  std::unique_ptr<SpdySerializedFrame> stream2_reply(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 1));
 
-  scoped_ptr<SpdySerializedFrame> stream2_body(
+  std::unique_ptr<SpdySerializedFrame> stream2_body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
 
   MockRead spdy_reads[] = {
@@ -7948,7 +7956,7 @@ TEST_P(HttpNetworkTransactionTest, SameOriginProxyPushCorrectness) {
   proxy.SetNextProto(GetProtocol());
   session_deps_.socket_factory->AddSSLSocketDataProvider(&proxy);
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   TestCompletionCallback callback;
   int rv = trans->Start(&request, callback.callback(), log.bound());
@@ -8033,8 +8041,8 @@ TEST_P(HttpNetworkTransactionTest, HTTPSBadCertificateViaHttpsProxy) {
 
   TestCompletionCallback callback;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   int rv = trans->Start(&request, callback.callback(), BoundNetLog());
@@ -8062,8 +8070,8 @@ TEST_P(HttpNetworkTransactionTest, BuildRequest_UserAgent) {
   request.extra_headers.SetHeader(HttpRequestHeaders::kUserAgent,
                                   "Chromium Ultra Awesome X Edition");
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   MockWrite data_writes[] = {
@@ -8103,8 +8111,8 @@ TEST_P(HttpNetworkTransactionTest, BuildRequest_UserAgentOverTunnel) {
                                   "Chromium Ultra Awesome X Edition");
 
   session_deps_.proxy_service = ProxyService::CreateFixed("myproxy:70");
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   MockWrite data_writes[] = {
@@ -8142,8 +8150,8 @@ TEST_P(HttpNetworkTransactionTest, BuildRequest_Referer) {
   request.extra_headers.SetHeader(HttpRequestHeaders::kReferer,
                                   "http://the.previous.site.com/");
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   MockWrite data_writes[] = {
@@ -8180,8 +8188,8 @@ TEST_P(HttpNetworkTransactionTest, BuildRequest_PostContentLengthZero) {
   request.method = "POST";
   request.url = GURL("http://www.example.org/");
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   MockWrite data_writes[] = {
@@ -8218,8 +8226,8 @@ TEST_P(HttpNetworkTransactionTest, BuildRequest_PutContentLengthZero) {
   request.method = "PUT";
   request.url = GURL("http://www.example.org/");
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   MockWrite data_writes[] = {
@@ -8256,8 +8264,8 @@ TEST_P(HttpNetworkTransactionTest, BuildRequest_HeadContentLengthZero) {
   request.method = "HEAD";
   request.url = GURL("http://www.example.org/");
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   MockWrite data_writes[] = {
@@ -8293,8 +8301,8 @@ TEST_P(HttpNetworkTransactionTest, BuildRequest_CacheControlNoCache) {
   request.url = GURL("http://www.example.org/");
   request.load_flags = LOAD_BYPASS_CACHE;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   MockWrite data_writes[] = {
@@ -8334,8 +8342,8 @@ TEST_P(HttpNetworkTransactionTest,
   request.url = GURL("http://www.example.org/");
   request.load_flags = LOAD_VALIDATE_CACHE;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   MockWrite data_writes[] = {
@@ -8373,8 +8381,8 @@ TEST_P(HttpNetworkTransactionTest, BuildRequest_ExtraHeaders) {
   request.url = GURL("http://www.example.org/");
   request.extra_headers.SetHeader("FooHeader", "Bar");
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   MockWrite data_writes[] = {
@@ -8414,8 +8422,8 @@ TEST_P(HttpNetworkTransactionTest, BuildRequest_ExtraHeadersStripped) {
   request.extra_headers.SetHeader("hEllo", "Kitty");
   request.extra_headers.SetHeader("FoO", "bar");
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   MockWrite data_writes[] = {
@@ -8460,8 +8468,8 @@ TEST_P(HttpNetworkTransactionTest, SOCKS4_HTTP_GET) {
   TestNetLog net_log;
   session_deps_.net_log = &net_log;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   char write_buffer[] = { 0x04, 0x01, 0x00, 0x50, 127, 0, 0, 1, 0 };
@@ -8519,8 +8527,8 @@ TEST_P(HttpNetworkTransactionTest, SOCKS4_SSL_GET) {
   TestNetLog net_log;
   session_deps_.net_log = &net_log;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   unsigned char write_buffer[] = { 0x04, 0x01, 0x01, 0xBB, 127, 0, 0, 1, 0 };
@@ -8583,8 +8591,8 @@ TEST_P(HttpNetworkTransactionTest, SOCKS4_HTTP_GET_no_PAC) {
   TestNetLog net_log;
   session_deps_.net_log = &net_log;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   char write_buffer[] = { 0x04, 0x01, 0x00, 0x50, 127, 0, 0, 1, 0 };
@@ -8642,8 +8650,8 @@ TEST_P(HttpNetworkTransactionTest, SOCKS5_HTTP_GET) {
   TestNetLog net_log;
   session_deps_.net_log = &net_log;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   const char kSOCKS5GreetRequest[] = { 0x05, 0x01, 0x00 };
@@ -8714,8 +8722,8 @@ TEST_P(HttpNetworkTransactionTest, SOCKS5_SSL_GET) {
   TestNetLog net_log;
   session_deps_.net_log = &net_log;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   const char kSOCKS5GreetRequest[] = { 0x05, 0x01, 0x00 };
@@ -8791,10 +8799,10 @@ struct GroupNameTest {
   bool ssl;
 };
 
-scoped_ptr<HttpNetworkSession> SetupSessionForGroupNameTests(
+std::unique_ptr<HttpNetworkSession> SetupSessionForGroupNameTests(
     NextProto next_proto,
     SpdySessionDependencies* session_deps_) {
-  scoped_ptr<HttpNetworkSession> session(CreateSession(session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(session_deps_));
 
   base::WeakPtr<HttpServerProperties> http_server_properties =
       session->http_server_properties();
@@ -8802,7 +8810,8 @@ scoped_ptr<HttpNetworkSession> SetupSessionForGroupNameTests(
       AlternateProtocolFromNextProto(next_proto), "", 443);
   base::Time expiration = base::Time::Now() + base::TimeDelta::FromDays(1);
   http_server_properties->SetAlternativeService(
-      HostPortPair("host.with.alternate", 80), alternative_service, expiration);
+      url::SchemeHostPort("http", "host.with.alternate", 80),
+      alternative_service, expiration);
 
   return session;
 }
@@ -8814,7 +8823,7 @@ int GroupNameTransactionHelper(const std::string& url,
   request.url = GURL(url);
   request.load_flags = 0;
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session));
 
   TestCompletionCallback callback;
@@ -8867,7 +8876,7 @@ TEST_P(HttpNetworkTransactionTest, GroupNameForDirectConnections) {
   for (size_t i = 0; i < arraysize(tests); ++i) {
     session_deps_.proxy_service =
         ProxyService::CreateFixed(tests[i].proxy_server);
-    scoped_ptr<HttpNetworkSession> session(
+    std::unique_ptr<HttpNetworkSession> session(
         SetupSessionForGroupNameTests(GetProtocol(), &session_deps_));
 
     HttpNetworkSessionPeer peer(session.get());
@@ -8875,7 +8884,7 @@ TEST_P(HttpNetworkTransactionTest, GroupNameForDirectConnections) {
         new CaptureGroupNameTransportSocketPool(NULL, NULL);
     CaptureGroupNameSSLSocketPool* ssl_conn_pool =
         new CaptureGroupNameSSLSocketPool(NULL, NULL);
-    scoped_ptr<MockClientSocketPoolManager> mock_pool_manager(
+    std::unique_ptr<MockClientSocketPoolManager> mock_pool_manager(
         new MockClientSocketPoolManager);
     mock_pool_manager->SetTransportSocketPool(transport_conn_pool);
     mock_pool_manager->SetSSLSocketPool(ssl_conn_pool);
@@ -8930,7 +8939,7 @@ TEST_P(HttpNetworkTransactionTest, GroupNameForHTTPProxyConnections) {
   for (size_t i = 0; i < arraysize(tests); ++i) {
     session_deps_.proxy_service =
         ProxyService::CreateFixed(tests[i].proxy_server);
-    scoped_ptr<HttpNetworkSession> session(
+    std::unique_ptr<HttpNetworkSession> session(
         SetupSessionForGroupNameTests(GetProtocol(), &session_deps_));
 
     HttpNetworkSessionPeer peer(session.get());
@@ -8941,7 +8950,7 @@ TEST_P(HttpNetworkTransactionTest, GroupNameForHTTPProxyConnections) {
     CaptureGroupNameSSLSocketPool* ssl_conn_pool =
         new CaptureGroupNameSSLSocketPool(NULL, NULL);
 
-    scoped_ptr<MockClientSocketPoolManager> mock_pool_manager(
+    std::unique_ptr<MockClientSocketPoolManager> mock_pool_manager(
         new MockClientSocketPoolManager);
     mock_pool_manager->SetSocketPoolForHTTPProxy(proxy_host, http_proxy_pool);
     mock_pool_manager->SetSocketPoolForSSLWithProxy(proxy_host, ssl_conn_pool);
@@ -9001,7 +9010,7 @@ TEST_P(HttpNetworkTransactionTest, GroupNameForSOCKSConnections) {
   for (size_t i = 0; i < arraysize(tests); ++i) {
     session_deps_.proxy_service =
         ProxyService::CreateFixed(tests[i].proxy_server);
-    scoped_ptr<HttpNetworkSession> session(
+    std::unique_ptr<HttpNetworkSession> session(
         SetupSessionForGroupNameTests(GetProtocol(), &session_deps_));
 
     HttpNetworkSessionPeer peer(session.get());
@@ -9012,13 +9021,13 @@ TEST_P(HttpNetworkTransactionTest, GroupNameForSOCKSConnections) {
     CaptureGroupNameSSLSocketPool* ssl_conn_pool =
         new CaptureGroupNameSSLSocketPool(NULL, NULL);
 
-    scoped_ptr<MockClientSocketPoolManager> mock_pool_manager(
+    std::unique_ptr<MockClientSocketPoolManager> mock_pool_manager(
         new MockClientSocketPoolManager);
     mock_pool_manager->SetSocketPoolForSOCKSProxy(proxy_host, socks_conn_pool);
     mock_pool_manager->SetSocketPoolForSSLWithProxy(proxy_host, ssl_conn_pool);
     peer.SetClientSocketPoolManager(std::move(mock_pool_manager));
 
-    scoped_ptr<HttpTransaction> trans(
+    std::unique_ptr<HttpTransaction> trans(
         new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
     EXPECT_EQ(ERR_IO_PENDING,
@@ -9044,8 +9053,8 @@ TEST_P(HttpNetworkTransactionTest, ReconsiderProxyAfterFailedConnection) {
   // connecting to both proxies (myproxy:70 and foobar:80).
   session_deps_.host_resolver->rules()->AddSimulatedFailure("*");
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   TestCompletionCallback callback;
@@ -9070,8 +9079,8 @@ void HttpNetworkTransactionTest::BypassHostCacheOnRefreshHelper(
   // Select a host resolver that does caching.
   session_deps_.host_resolver.reset(new MockCachingHostResolver);
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   // Warm up the host cache so it has an entry for "www.example.org".
@@ -9139,11 +9148,11 @@ TEST_P(HttpNetworkTransactionTest, RequestWriteError) {
   StaticSocketDataProvider data(NULL, 0,
                                 write_failure, arraysize(write_failure));
   session_deps_.socket_factory->AddSocketDataProvider(&data);
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   TestCompletionCallback callback;
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   int rv = trans->Start(&request, callback.callback(), BoundNetLog());
@@ -9171,11 +9180,11 @@ TEST_P(HttpNetworkTransactionTest, ConnectionClosedAfterStartOfHeaders) {
 
   StaticSocketDataProvider data(data_reads, arraysize(data_reads), NULL, 0);
   session_deps_.socket_factory->AddSocketDataProvider(&data);
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   TestCompletionCallback callback;
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   int rv = trans->Start(&request, callback.callback(), BoundNetLog());
@@ -9249,11 +9258,11 @@ TEST_P(HttpNetworkTransactionTest, DrainResetOK) {
   StaticSocketDataProvider data2(data_reads2, arraysize(data_reads2),
                                  data_writes2, arraysize(data_writes2));
   session_deps_.socket_factory->AddSocketDataProvider(&data2);
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   TestCompletionCallback callback1;
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   int rv = trans->Start(&request, callback1.callback(), BoundNetLog());
@@ -9305,8 +9314,8 @@ TEST_P(HttpNetworkTransactionTest, HTTPSViaProxyWithExtraData) {
 
   session_deps_.socket_factory->ResetNextMockIndexes();
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   int rv = trans->Start(&request, callback.callback(), BoundNetLog());
@@ -9322,8 +9331,8 @@ TEST_P(HttpNetworkTransactionTest, LargeContentLengthThenClose) {
   request.url = GURL("http://www.example.org/");
   request.load_flags = 0;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   MockRead data_reads[] = {
@@ -9359,8 +9368,8 @@ TEST_P(HttpNetworkTransactionTest, UploadFileSmallerThanLength) {
   UploadFileElementReader::ScopedOverridingContentLengthForTests
       overriding_content_length(kFakeSize);
 
-  std::vector<scoped_ptr<UploadElementReader>> element_readers;
-  element_readers.push_back(make_scoped_ptr(new UploadFileElementReader(
+  std::vector<std::unique_ptr<UploadElementReader>> element_readers;
+  element_readers.push_back(base::WrapUnique(new UploadFileElementReader(
       base::ThreadTaskRunnerHandle::Get().get(), temp_file_path, 0,
       std::numeric_limits<uint64_t>::max(), base::Time())));
   ElementsUploadDataStream upload_data_stream(std::move(element_readers), 0);
@@ -9371,8 +9380,8 @@ TEST_P(HttpNetworkTransactionTest, UploadFileSmallerThanLength) {
   request.upload_data_stream = &upload_data_stream;
   request.load_flags = 0;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   MockRead data_reads[] = {
@@ -9413,8 +9422,8 @@ TEST_P(HttpNetworkTransactionTest, UploadUnreadableFile) {
                                    temp_file_content.length()));
   ASSERT_TRUE(base::MakeFileUnreadable(temp_file));
 
-  std::vector<scoped_ptr<UploadElementReader>> element_readers;
-  element_readers.push_back(make_scoped_ptr(new UploadFileElementReader(
+  std::vector<std::unique_ptr<UploadElementReader>> element_readers;
+  element_readers.push_back(base::WrapUnique(new UploadFileElementReader(
       base::ThreadTaskRunnerHandle::Get().get(), temp_file, 0,
       std::numeric_limits<uint64_t>::max(), base::Time())));
   ElementsUploadDataStream upload_data_stream(std::move(element_readers), 0);
@@ -9426,8 +9435,8 @@ TEST_P(HttpNetworkTransactionTest, UploadUnreadableFile) {
   request.load_flags = 0;
 
   // If we try to upload an unreadable file, the transaction should fail.
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   StaticSocketDataProvider data(NULL, 0, NULL, 0);
@@ -9470,8 +9479,8 @@ TEST_P(HttpNetworkTransactionTest, CancelDuringInitRequestBody) {
   };
 
   FakeUploadElementReader* fake_reader = new FakeUploadElementReader;
-  std::vector<scoped_ptr<UploadElementReader>> element_readers;
-  element_readers.push_back(make_scoped_ptr(fake_reader));
+  std::vector<std::unique_ptr<UploadElementReader>> element_readers;
+  element_readers.push_back(base::WrapUnique(fake_reader));
   ElementsUploadDataStream upload_data_stream(std::move(element_readers), 0);
 
   HttpRequestInfo request;
@@ -9480,8 +9489,8 @@ TEST_P(HttpNetworkTransactionTest, CancelDuringInitRequestBody) {
   request.upload_data_stream = &upload_data_stream;
   request.load_flags = 0;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   StaticSocketDataProvider data;
@@ -9587,8 +9596,8 @@ TEST_P(HttpNetworkTransactionTest, ChangeAuthRealms) {
 
   TestCompletionCallback callback1;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   // Issue the first request with Authorize headers. There should be a
@@ -9603,7 +9612,7 @@ TEST_P(HttpNetworkTransactionTest, ChangeAuthRealms) {
   const AuthChallengeInfo* challenge = response->auth_challenge.get();
   ASSERT_FALSE(challenge == NULL);
   EXPECT_FALSE(challenge->is_proxy);
-  EXPECT_EQ("www.example.org:80", challenge->challenger.ToString());
+  EXPECT_EQ("http://www.example.org", challenge->challenger.Serialize());
   EXPECT_EQ("first_realm", challenge->realm);
   EXPECT_EQ(kBasicAuthScheme, challenge->scheme);
 
@@ -9621,7 +9630,7 @@ TEST_P(HttpNetworkTransactionTest, ChangeAuthRealms) {
   challenge = response->auth_challenge.get();
   ASSERT_FALSE(challenge == NULL);
   EXPECT_FALSE(challenge->is_proxy);
-  EXPECT_EQ("www.example.org:80", challenge->challenger.ToString());
+  EXPECT_EQ("http://www.example.org", challenge->challenger.Serialize());
   EXPECT_EQ("second_realm", challenge->realm);
   EXPECT_EQ(kBasicAuthScheme, challenge->scheme);
 
@@ -9640,7 +9649,7 @@ TEST_P(HttpNetworkTransactionTest, ChangeAuthRealms) {
   challenge = response->auth_challenge.get();
   ASSERT_FALSE(challenge == NULL);
   EXPECT_FALSE(challenge->is_proxy);
-  EXPECT_EQ("www.example.org:80", challenge->challenger.ToString());
+  EXPECT_EQ("http://www.example.org", challenge->challenger.Serialize());
   EXPECT_EQ("first_realm", challenge->realm);
   EXPECT_EQ(kBasicAuthScheme, challenge->scheme);
 
@@ -9682,18 +9691,18 @@ TEST_P(HttpNetworkTransactionTest, HonorAlternativeServiceHeader) {
 
   TestCompletionCallback callback;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   int rv = trans->Start(&request, callback.callback(), BoundNetLog());
   EXPECT_EQ(ERR_IO_PENDING, rv);
 
-  HostPortPair http_host_port_pair("www.example.org", 80);
+  url::SchemeHostPort test_server("http", "www.example.org", 80);
   HttpServerProperties& http_server_properties =
       *session->http_server_properties();
   AlternativeServiceVector alternative_service_vector =
-      http_server_properties.GetAlternativeServices(http_host_port_pair);
+      http_server_properties.GetAlternativeServices(test_server);
   EXPECT_TRUE(alternative_service_vector.empty());
 
   EXPECT_EQ(OK, callback.WaitForResult());
@@ -9710,29 +9719,174 @@ TEST_P(HttpNetworkTransactionTest, HonorAlternativeServiceHeader) {
   EXPECT_EQ("hello world", response_data);
 
   alternative_service_vector =
-      http_server_properties.GetAlternativeServices(http_host_port_pair);
+      http_server_properties.GetAlternativeServices(test_server);
   ASSERT_EQ(1u, alternative_service_vector.size());
   EXPECT_EQ(AlternateProtocolFromNextProto(GetProtocol()),
             alternative_service_vector[0].protocol);
-  EXPECT_EQ("www.example.com", alternative_service_vector[0].host);
+  EXPECT_EQ("www.example.org", alternative_service_vector[0].host);
   EXPECT_EQ(443, alternative_service_vector[0].port);
 }
 
+// Regression test for https://crbug.com/615497.
+TEST_P(HttpNetworkTransactionTest,
+       DoNotParseAlternativeServiceHeaderOnInsecureRequest) {
+  session_deps_.enable_alternative_service_for_insecure_origins = false;
+
+  std::string alternative_service_http_header =
+      GetAlternativeServiceHttpHeader();
+
+  MockRead data_reads[] = {
+      MockRead("HTTP/1.1 200 OK\r\n"),
+      MockRead(alternative_service_http_header.c_str()),
+      MockRead("\r\n"),
+      MockRead("hello world"),
+      MockRead(SYNCHRONOUS, OK),
+  };
+
+  HttpRequestInfo request;
+  request.method = "GET";
+  request.url = GURL("http://www.example.org/");
+  request.load_flags = 0;
+
+  StaticSocketDataProvider data(data_reads, arraysize(data_reads), NULL, 0);
+  session_deps_.socket_factory->AddSocketDataProvider(&data);
+
+  TestCompletionCallback callback;
+
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
+      new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
+
+  url::SchemeHostPort test_server(request.url);
+  HttpServerProperties& http_server_properties =
+      *session->http_server_properties();
+  AlternativeServiceVector alternative_service_vector =
+      http_server_properties.GetAlternativeServices(test_server);
+  EXPECT_TRUE(alternative_service_vector.empty());
+
+  int rv = trans->Start(&request, callback.callback(), BoundNetLog());
+  EXPECT_EQ(ERR_IO_PENDING, rv);
+  EXPECT_EQ(OK, callback.WaitForResult());
+
+  const HttpResponseInfo* response = trans->GetResponseInfo();
+  ASSERT_TRUE(response);
+  ASSERT_TRUE(response->headers);
+  EXPECT_EQ("HTTP/1.1 200 OK", response->headers->GetStatusLine());
+  EXPECT_FALSE(response->was_fetched_via_spdy);
+  EXPECT_FALSE(response->was_npn_negotiated);
+
+  std::string response_data;
+  ASSERT_EQ(OK, ReadTransaction(trans.get(), &response_data));
+  EXPECT_EQ("hello world", response_data);
+
+  alternative_service_vector =
+      http_server_properties.GetAlternativeServices(test_server);
+  EXPECT_TRUE(alternative_service_vector.empty());
+}
+
+// HTTP/2 Alternative Services should be disabled if alternative service
+// hostname is different from that of origin.
+// TODO(bnc): Remove when https://crbug.com/615413 is fixed.
+TEST_P(HttpNetworkTransactionTest,
+       DisableHTTP2AlternativeServicesWithDifferentHost) {
+  session_deps_.enable_alternative_service_with_different_host = true;
+
+  HttpRequestInfo request;
+  request.method = "GET";
+  request.url = GURL("http://www.example.org/");
+  request.load_flags = 0;
+
+  MockConnect mock_connect(ASYNC, ERR_CONNECTION_REFUSED);
+  StaticSocketDataProvider first_data;
+  first_data.set_connect_data(mock_connect);
+  session_deps_.socket_factory->AddSocketDataProvider(&first_data);
+
+  MockRead data_reads[] = {
+      MockRead("HTTP/1.1 200 OK\r\n\r\n"), MockRead("hello world"),
+      MockRead(ASYNC, OK),
+  };
+  StaticSocketDataProvider second_data(data_reads, arraysize(data_reads), NULL,
+                                       0);
+  session_deps_.socket_factory->AddSocketDataProvider(&second_data);
+
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+
+  base::WeakPtr<HttpServerProperties> http_server_properties =
+      session->http_server_properties();
+  AlternativeService alternative_service(
+      AlternateProtocolFromNextProto(GetProtocol()), "different.example.org",
+      444);
+  base::Time expiration = base::Time::Now() + base::TimeDelta::FromDays(1);
+  http_server_properties->SetAlternativeService(
+      url::SchemeHostPort(request.url), alternative_service, expiration);
+
+  std::unique_ptr<HttpTransaction> trans(
+      new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
+  TestCompletionCallback callback;
+
+  int rv = trans->Start(&request, callback.callback(), BoundNetLog());
+  // Alternative service is not used, request fails.
+  EXPECT_EQ(ERR_CONNECTION_REFUSED, callback.GetResult(rv));
+}
+
+// Regression test for https://crbug.com/615497:
+// Alternative Services should be disabled for http origin.
+TEST_P(HttpNetworkTransactionTest,
+       DisableAlternativeServicesForInsecureOrigin) {
+  session_deps_.enable_alternative_service_for_insecure_origins = false;
+
+  HttpRequestInfo request;
+  request.method = "GET";
+  request.url = GURL("http://www.example.org/");
+  request.load_flags = 0;
+
+  MockConnect mock_connect(ASYNC, ERR_CONNECTION_REFUSED);
+  StaticSocketDataProvider first_data;
+  first_data.set_connect_data(mock_connect);
+  session_deps_.socket_factory->AddSocketDataProvider(&first_data);
+
+  MockRead data_reads[] = {
+      MockRead("HTTP/1.1 200 OK\r\n\r\n"), MockRead("hello world"),
+      MockRead(ASYNC, OK),
+  };
+  StaticSocketDataProvider second_data(data_reads, arraysize(data_reads), NULL,
+                                       0);
+  session_deps_.socket_factory->AddSocketDataProvider(&second_data);
+
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+
+  base::WeakPtr<HttpServerProperties> http_server_properties =
+      session->http_server_properties();
+  AlternativeService alternative_service(
+      AlternateProtocolFromNextProto(GetProtocol()), "", 444);
+  base::Time expiration = base::Time::Now() + base::TimeDelta::FromDays(1);
+  http_server_properties->SetAlternativeService(
+      url::SchemeHostPort(request.url), alternative_service, expiration);
+
+  std::unique_ptr<HttpTransaction> trans(
+      new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
+  TestCompletionCallback callback;
+
+  int rv = trans->Start(&request, callback.callback(), BoundNetLog());
+  // Alternative service is not used, request fails.
+  EXPECT_EQ(ERR_CONNECTION_REFUSED, callback.GetResult(rv));
+}
+
 TEST_P(HttpNetworkTransactionTest, ClearAlternativeServices) {
   session_deps_.parse_alternative_services = true;
   session_deps_.enable_alternative_service_with_different_host = false;
 
   // Set an alternative service for origin.
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
   HttpServerProperties& http_server_properties =
       *session->http_server_properties();
-  HostPortPair http_host_port_pair("www.example.org", 80);
+  url::SchemeHostPort test_server("http", "www.example.org", 80);
   AlternativeService alternative_service(QUIC, "", 80);
   base::Time expiration = base::Time::Now() + base::TimeDelta::FromDays(1);
-  http_server_properties.SetAlternativeService(http_host_port_pair,
-                                               alternative_service, expiration);
+  http_server_properties.SetAlternativeService(test_server, alternative_service,
+                                               expiration);
   AlternativeServiceVector alternative_service_vector =
-      http_server_properties.GetAlternativeServices(http_host_port_pair);
+      http_server_properties.GetAlternativeServices(test_server);
   EXPECT_EQ(1u, alternative_service_vector.size());
 
   // Send a clear header.
@@ -9753,7 +9907,7 @@ TEST_P(HttpNetworkTransactionTest, ClearAlternativeServices) {
 
   TestCompletionCallback callback;
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   int rv = trans->Start(&request, callback.callback(), BoundNetLog());
@@ -9771,7 +9925,7 @@ TEST_P(HttpNetworkTransactionTest, ClearAlternativeServices) {
   EXPECT_EQ("hello world", response_data);
 
   alternative_service_vector =
-      http_server_properties.GetAlternativeServices(http_host_port_pair);
+      http_server_properties.GetAlternativeServices(test_server);
   EXPECT_TRUE(alternative_service_vector.empty());
 }
 
@@ -9802,18 +9956,18 @@ TEST_P(HttpNetworkTransactionTest, DoNotHonorAlternativeServiceHeader) {
 
   TestCompletionCallback callback;
 
-  scoped_ptr<HttpNetworkSession> session = CreateSession(&session_deps_);
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session = CreateSession(&session_deps_);
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   int rv = trans->Start(&request, callback.callback(), BoundNetLog());
   EXPECT_EQ(ERR_IO_PENDING, rv);
 
-  HostPortPair http_host_port_pair("www.example.org", 80);
+  url::SchemeHostPort test_server("http", "www.example.org", 80);
   HttpServerProperties& http_server_properties =
       *session->http_server_properties();
   AlternativeServiceVector alternative_service_vector =
-      http_server_properties.GetAlternativeServices(http_host_port_pair);
+      http_server_properties.GetAlternativeServices(test_server);
   EXPECT_TRUE(alternative_service_vector.empty());
 
   EXPECT_EQ(OK, callback.WaitForResult());
@@ -9830,7 +9984,7 @@ TEST_P(HttpNetworkTransactionTest, DoNotHonorAlternativeServiceHeader) {
   EXPECT_EQ("hello world", response_data);
 
   alternative_service_vector =
-      http_server_properties.GetAlternativeServices(http_host_port_pair);
+      http_server_properties.GetAlternativeServices(test_server);
   EXPECT_TRUE(alternative_service_vector.empty());
 }
 
@@ -9860,18 +10014,18 @@ TEST_P(HttpNetworkTransactionTest, HonorMultipleAlternativeServiceHeader) {
 
   TestCompletionCallback callback;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   int rv = trans->Start(&request, callback.callback(), BoundNetLog());
   EXPECT_EQ(ERR_IO_PENDING, rv);
 
-  HostPortPair http_host_port_pair("www.example.org", 80);
+  url::SchemeHostPort test_server("http", "www.example.org", 80);
   HttpServerProperties& http_server_properties =
       *session->http_server_properties();
   AlternativeServiceVector alternative_service_vector =
-      http_server_properties.GetAlternativeServices(http_host_port_pair);
+      http_server_properties.GetAlternativeServices(test_server);
   EXPECT_TRUE(alternative_service_vector.empty());
 
   EXPECT_EQ(OK, callback.WaitForResult());
@@ -9888,7 +10042,7 @@ TEST_P(HttpNetworkTransactionTest, HonorMultipleAlternativeServiceHeader) {
   EXPECT_EQ("hello world", response_data);
 
   alternative_service_vector =
-      http_server_properties.GetAlternativeServices(http_host_port_pair);
+      http_server_properties.GetAlternativeServices(test_server);
   ASSERT_EQ(2u, alternative_service_vector.size());
   EXPECT_EQ(AlternateProtocolFromNextProto(GetProtocol()),
             alternative_service_vector[0].protocol);
@@ -9927,18 +10081,18 @@ TEST_P(HttpNetworkTransactionTest, HonorAlternateProtocolHeader) {
 
   TestCompletionCallback callback;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   int rv = trans->Start(&request, callback.callback(), BoundNetLog());
   EXPECT_EQ(ERR_IO_PENDING, rv);
 
-  HostPortPair http_host_port_pair("www.example.org", 80);
+  url::SchemeHostPort test_server("http", "www.example.org", 80);
   HttpServerProperties& http_server_properties =
       *session->http_server_properties();
   AlternativeServiceVector alternative_service_vector =
-      http_server_properties.GetAlternativeServices(http_host_port_pair);
+      http_server_properties.GetAlternativeServices(test_server);
   EXPECT_TRUE(alternative_service_vector.empty());
 
   EXPECT_EQ(OK, callback.WaitForResult());
@@ -9955,7 +10109,7 @@ TEST_P(HttpNetworkTransactionTest, HonorAlternateProtocolHeader) {
   EXPECT_EQ("hello world", response_data);
 
   alternative_service_vector =
-      http_server_properties.GetAlternativeServices(http_host_port_pair);
+      http_server_properties.GetAlternativeServices(test_server);
   ASSERT_EQ(1u, alternative_service_vector.size());
   EXPECT_EQ(443, alternative_service_vector[0].port);
   EXPECT_EQ(AlternateProtocolFromNextProto(GetProtocol()),
@@ -9984,22 +10138,22 @@ TEST_P(HttpNetworkTransactionTest, EmptyAlternateProtocolHeader) {
 
   TestCompletionCallback callback;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
-  HostPortPair http_host_port_pair("www.example.org", 80);
+  url::SchemeHostPort test_server("http", "www.example.org", 80);
   HttpServerProperties& http_server_properties =
       *session->http_server_properties();
   AlternativeService alternative_service(QUIC, "", 80);
   base::Time expiration = base::Time::Now() + base::TimeDelta::FromDays(1);
-  http_server_properties.SetAlternativeService(http_host_port_pair,
-                                               alternative_service, expiration);
+  http_server_properties.SetAlternativeService(test_server, alternative_service,
+                                               expiration);
 
   AlternativeServiceVector alternative_service_vector =
-      http_server_properties.GetAlternativeServices(http_host_port_pair);
+      http_server_properties.GetAlternativeServices(test_server);
   ASSERT_EQ(1u, alternative_service_vector.size());
   EXPECT_EQ(QUIC, alternative_service_vector[0].protocol);
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   int rv = trans->Start(&request, callback.callback(), BoundNetLog());
@@ -10019,7 +10173,7 @@ TEST_P(HttpNetworkTransactionTest, EmptyAlternateProtocolHeader) {
   EXPECT_EQ("hello world", response_data);
 
   alternative_service_vector =
-      http_server_properties.GetAlternativeServices(http_host_port_pair);
+      http_server_properties.GetAlternativeServices(test_server);
   EXPECT_TRUE(alternative_service_vector.empty());
 }
 
@@ -10053,18 +10207,18 @@ TEST_P(HttpNetworkTransactionTest, AltSvcOverwritesAlternateProtocol) {
 
   TestCompletionCallback callback;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   int rv = trans->Start(&request, callback.callback(), BoundNetLog());
   EXPECT_EQ(ERR_IO_PENDING, rv);
 
-  HostPortPair http_host_port_pair("www.example.org", 80);
+  url::SchemeHostPort test_server("http", "www.example.org", 80);
   HttpServerProperties& http_server_properties =
       *session->http_server_properties();
   AlternativeServiceVector alternative_service_vector =
-      http_server_properties.GetAlternativeServices(http_host_port_pair);
+      http_server_properties.GetAlternativeServices(test_server);
   EXPECT_TRUE(alternative_service_vector.empty());
 
   EXPECT_EQ(OK, callback.WaitForResult());
@@ -10081,11 +10235,11 @@ TEST_P(HttpNetworkTransactionTest, AltSvcOverwritesAlternateProtocol) {
   EXPECT_EQ("hello world", response_data);
 
   alternative_service_vector =
-      http_server_properties.GetAlternativeServices(http_host_port_pair);
+      http_server_properties.GetAlternativeServices(test_server);
   ASSERT_EQ(1u, alternative_service_vector.size());
   EXPECT_EQ(AlternateProtocolFromNextProto(GetProtocol()),
             alternative_service_vector[0].protocol);
-  EXPECT_EQ("www.example.com", alternative_service_vector[0].host);
+  EXPECT_EQ("www.example.org", alternative_service_vector[0].host);
   EXPECT_EQ(443, alternative_service_vector[0].port);
 }
 
@@ -10113,7 +10267,7 @@ TEST_P(HttpNetworkTransactionTest, DisableAlternativeServiceToDifferentHost) {
                                        nullptr, 0);
   session_deps_.socket_factory->AddSocketDataProvider(&second_data);
 
-  scoped_ptr<HttpNetworkSession> session = CreateSession(&session_deps_);
+  std::unique_ptr<HttpNetworkSession> session = CreateSession(&session_deps_);
 
   base::WeakPtr<HttpServerProperties> http_server_properties =
       session->http_server_properties();
@@ -10122,9 +10276,9 @@ TEST_P(HttpNetworkTransactionTest, DisableAlternativeServiceToDifferentHost) {
       80);
   base::Time expiration = base::Time::Now() + base::TimeDelta::FromDays(1);
   http_server_properties->SetAlternativeService(
-      HostPortPair::FromURL(request.url), alternative_service, expiration);
+      url::SchemeHostPort(request.url), alternative_service, expiration);
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   TestCompletionCallback callback;
 
@@ -10136,7 +10290,7 @@ TEST_P(HttpNetworkTransactionTest, DisableAlternativeServiceToDifferentHost) {
 }
 
 TEST_P(HttpNetworkTransactionTest, IdentifyQuicBroken) {
-  HostPortPair origin("origin.example.org", 443);
+  url::SchemeHostPort server("https", "origin.example.org", 443);
   HostPortPair alternative("alternative.example.org", 443);
   std::string origin_url = "https://origin.example.org:443";
   std::string alternative_url = "https://alternative.example.org:443";
@@ -10167,20 +10321,20 @@ TEST_P(HttpNetworkTransactionTest, IdentifyQuicBroken) {
   data_refused.set_connect_data(MockConnect(ASYNC, ERR_CONNECTION_REFUSED));
   session_deps_.socket_factory->AddSocketDataProvider(&data_refused);
 
-  // Set up a QUIC alternative service for origin.
+  // Set up a QUIC alternative service for server.
   session_deps_.parse_alternative_services = true;
   session_deps_.enable_alternative_service_with_different_host = false;
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
   base::WeakPtr<HttpServerProperties> http_server_properties =
       session->http_server_properties();
   AlternativeService alternative_service(QUIC, alternative);
   base::Time expiration = base::Time::Now() + base::TimeDelta::FromDays(1);
-  http_server_properties->SetAlternativeService(origin, alternative_service,
+  http_server_properties->SetAlternativeService(server, alternative_service,
                                                 expiration);
   // Mark the QUIC alternative service as broken.
   http_server_properties->MarkAlternativeServiceBroken(alternative_service);
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   HttpRequestInfo request;
   request.method = "GET";
@@ -10196,7 +10350,7 @@ TEST_P(HttpNetworkTransactionTest, IdentifyQuicBroken) {
 }
 
 TEST_P(HttpNetworkTransactionTest, IdentifyQuicNotBroken) {
-  HostPortPair origin("origin.example.org", 443);
+  url::SchemeHostPort server("https", "origin.example.org", 443);
   HostPortPair alternative1("alternative1.example.org", 443);
   HostPortPair alternative2("alternative2.example.org", 443);
   std::string origin_url = "https://origin.example.org:443";
@@ -10231,11 +10385,11 @@ TEST_P(HttpNetworkTransactionTest, IdentifyQuicNotBroken) {
 
   session_deps_.parse_alternative_services = true;
   session_deps_.enable_alternative_service_with_different_host = true;
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
   base::WeakPtr<HttpServerProperties> http_server_properties =
       session->http_server_properties();
 
-  // Set up two QUIC alternative services for origin.
+  // Set up two QUIC alternative services for server.
   AlternativeServiceInfoVector alternative_service_info_vector;
   base::Time expiration = base::Time::Now() + base::TimeDelta::FromDays(1);
 
@@ -10249,15 +10403,15 @@ TEST_P(HttpNetworkTransactionTest, IdentifyQuicNotBroken) {
   alternative_service_info_vector.push_back(alternative_service_info2);
 
   http_server_properties->SetAlternativeServices(
-      origin, alternative_service_info_vector);
+      server, alternative_service_info_vector);
 
   // Mark one of the QUIC alternative service as broken.
   http_server_properties->MarkAlternativeServiceBroken(alternative_service1);
 
   const AlternativeServiceVector alternative_service_vector =
-      http_server_properties->GetAlternativeServices(origin);
+      http_server_properties->GetAlternativeServices(server);
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   HttpRequestInfo request;
   request.method = "GET";
@@ -10296,21 +10450,21 @@ TEST_P(HttpNetworkTransactionTest,
       data_reads, arraysize(data_reads), NULL, 0);
   session_deps_.socket_factory->AddSocketDataProvider(&second_data);
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   base::WeakPtr<HttpServerProperties> http_server_properties =
       session->http_server_properties();
-  const HostPortPair host_port_pair = HostPortPair::FromURL(request.url);
+  const url::SchemeHostPort server(request.url);
   // Port must be < 1024, or the header will be ignored (since initial port was
   // port 80 (another restricted port).
   const AlternativeService alternative_service(
       AlternateProtocolFromNextProto(GetProtocol()), "www.example.org",
       666);  // Port is ignored by MockConnect anyway.
   base::Time expiration = base::Time::Now() + base::TimeDelta::FromDays(1);
-  http_server_properties->SetAlternativeService(
-      host_port_pair, alternative_service, expiration);
+  http_server_properties->SetAlternativeService(server, alternative_service,
+                                                expiration);
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   TestCompletionCallback callback;
 
@@ -10328,7 +10482,7 @@ TEST_P(HttpNetworkTransactionTest,
   EXPECT_EQ("hello world", response_data);
 
   const AlternativeServiceVector alternative_service_vector =
-      http_server_properties->GetAlternativeServices(host_port_pair);
+      http_server_properties->GetAlternativeServices(server);
   ASSERT_EQ(1u, alternative_service_vector.size());
   EXPECT_EQ(alternative_service, alternative_service_vector[0]);
   EXPECT_TRUE(http_server_properties->IsAlternativeServiceBroken(
@@ -10363,7 +10517,7 @@ TEST_P(HttpNetworkTransactionTest,
       data_reads, arraysize(data_reads), NULL, 0);
   session_deps_.socket_factory->AddSocketDataProvider(&second_data);
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   base::WeakPtr<HttpServerProperties> http_server_properties =
       session->http_server_properties();
@@ -10373,10 +10527,10 @@ TEST_P(HttpNetworkTransactionTest,
       kUnrestrictedAlternatePort);
   base::Time expiration = base::Time::Now() + base::TimeDelta::FromDays(1);
   http_server_properties->SetAlternativeService(
-      HostPortPair::FromURL(restricted_port_request.url), alternative_service,
+      url::SchemeHostPort(restricted_port_request.url), alternative_service,
       expiration);
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   TestCompletionCallback callback;
 
@@ -10416,7 +10570,7 @@ TEST_P(HttpNetworkTransactionTest,
       data_reads, arraysize(data_reads), NULL, 0);
   session_deps_.socket_factory->AddSocketDataProvider(&second_data);
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   base::WeakPtr<HttpServerProperties> http_server_properties =
       session->http_server_properties();
@@ -10426,10 +10580,10 @@ TEST_P(HttpNetworkTransactionTest,
       kUnrestrictedAlternatePort);
   base::Time expiration = base::Time::Now() + base::TimeDelta::FromDays(1);
   http_server_properties->SetAlternativeService(
-      HostPortPair::FromURL(restricted_port_request.url), alternative_service,
+      url::SchemeHostPort(restricted_port_request.url), alternative_service,
       expiration);
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   TestCompletionCallback callback;
 
@@ -10468,7 +10622,7 @@ TEST_P(HttpNetworkTransactionTest,
       data_reads, arraysize(data_reads), NULL, 0);
   session_deps_.socket_factory->AddSocketDataProvider(&second_data);
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   base::WeakPtr<HttpServerProperties> http_server_properties =
       session->http_server_properties();
@@ -10478,10 +10632,10 @@ TEST_P(HttpNetworkTransactionTest,
       kRestrictedAlternatePort);
   base::Time expiration = base::Time::Now() + base::TimeDelta::FromDays(1);
   http_server_properties->SetAlternativeService(
-      HostPortPair::FromURL(restricted_port_request.url), alternative_service,
+      url::SchemeHostPort(restricted_port_request.url), alternative_service,
       expiration);
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   TestCompletionCallback callback;
 
@@ -10521,7 +10675,7 @@ TEST_P(HttpNetworkTransactionTest,
       data_reads, arraysize(data_reads), NULL, 0);
   session_deps_.socket_factory->AddSocketDataProvider(&second_data);
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   base::WeakPtr<HttpServerProperties> http_server_properties =
       session->http_server_properties();
@@ -10531,10 +10685,10 @@ TEST_P(HttpNetworkTransactionTest,
       kRestrictedAlternatePort);
   base::Time expiration = base::Time::Now() + base::TimeDelta::FromDays(1);
   http_server_properties->SetAlternativeService(
-      HostPortPair::FromURL(unrestricted_port_request.url), alternative_service,
+      url::SchemeHostPort(unrestricted_port_request.url), alternative_service,
       expiration);
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   TestCompletionCallback callback;
 
@@ -10573,7 +10727,7 @@ TEST_P(HttpNetworkTransactionTest,
       data_reads, arraysize(data_reads), NULL, 0);
   session_deps_.socket_factory->AddSocketDataProvider(&second_data);
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   base::WeakPtr<HttpServerProperties> http_server_properties =
       session->http_server_properties();
@@ -10583,10 +10737,10 @@ TEST_P(HttpNetworkTransactionTest,
       kUnrestrictedAlternatePort);
   base::Time expiration = base::Time::Now() + base::TimeDelta::FromDays(1);
   http_server_properties->SetAlternativeService(
-      HostPortPair::FromURL(unrestricted_port_request.url), alternative_service,
+      url::SchemeHostPort(unrestricted_port_request.url), alternative_service,
       expiration);
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   TestCompletionCallback callback;
 
@@ -10620,7 +10774,7 @@ TEST_P(HttpNetworkTransactionTest, AlternateProtocolUnsafeBlocked) {
       data_reads, arraysize(data_reads), NULL, 0);
   session_deps_.socket_factory->AddSocketDataProvider(&data);
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   base::WeakPtr<HttpServerProperties> http_server_properties =
       session->http_server_properties();
@@ -10630,9 +10784,9 @@ TEST_P(HttpNetworkTransactionTest, AlternateProtocolUnsafeBlocked) {
       kUnsafePort);
   base::Time expiration = base::Time::Now() + base::TimeDelta::FromDays(1);
   http_server_properties->SetAlternativeService(
-      HostPortPair::FromURL(request.url), alternative_service, expiration);
+      url::SchemeHostPort(request.url), alternative_service, expiration);
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   TestCompletionCallback callback;
 
@@ -10681,13 +10835,13 @@ TEST_P(HttpNetworkTransactionTest, UseAlternateProtocolForNpnSpdy) {
   ASSERT_TRUE(ssl.cert.get());
   session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl);
 
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
   MockWrite spdy_writes[] = {CreateMockWrite(*req, 0)};
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> data(
+  std::unique_ptr<SpdySerializedFrame> data(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockRead spdy_reads[] = {
       CreateMockRead(*resp, 1), CreateMockRead(*data, 2), MockRead(ASYNC, 0, 3),
@@ -10707,8 +10861,8 @@ TEST_P(HttpNetworkTransactionTest, UseAlternateProtocolForNpnSpdy) {
 
   TestCompletionCallback callback;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   int rv = trans->Start(&request, callback.callback(), BoundNetLog());
@@ -10784,20 +10938,20 @@ TEST_P(HttpNetworkTransactionTest, AlternateProtocolWithSpdyLateBinding) {
   ASSERT_TRUE(ssl.cert.get());
   session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl);
 
-  scoped_ptr<SpdySerializedFrame> req1(
+  std::unique_ptr<SpdySerializedFrame> req1(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> req2(
+  std::unique_ptr<SpdySerializedFrame> req2(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 3, LOWEST, true));
   MockWrite spdy_writes[] = {
       CreateMockWrite(*req1, 0), CreateMockWrite(*req2, 1),
   };
-  scoped_ptr<SpdySerializedFrame> resp1(
+  std::unique_ptr<SpdySerializedFrame> resp1(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> data1(
+  std::unique_ptr<SpdySerializedFrame> data1(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
-  scoped_ptr<SpdySerializedFrame> resp2(
+  std::unique_ptr<SpdySerializedFrame> resp2(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 3));
-  scoped_ptr<SpdySerializedFrame> data2(
+  std::unique_ptr<SpdySerializedFrame> data2(
       spdy_util_.ConstructSpdyBodyFrame(3, true));
   MockRead spdy_reads[] = {
       CreateMockRead(*resp1, 2),
@@ -10817,7 +10971,7 @@ TEST_P(HttpNetworkTransactionTest, AlternateProtocolWithSpdyLateBinding) {
   hanging_socket3.set_connect_data(never_finishing_connect);
   session_deps_.socket_factory->AddSocketDataProvider(&hanging_socket3);
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
   TestCompletionCallback callback1;
   HttpNetworkTransaction trans1(DEFAULT_PRIORITY, session.get());
 
@@ -10910,8 +11064,8 @@ TEST_P(HttpNetworkTransactionTest, StallAlternateProtocolForNpnSpdy) {
 
   TestCompletionCallback callback;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   int rv = trans->Start(&request, callback.callback(), BoundNetLog());
@@ -10983,9 +11137,9 @@ class CapturingProxyResolverFactory : public ProxyResolverFactory {
 
   int CreateProxyResolver(
       const scoped_refptr<ProxyResolverScriptData>& pac_script,
-      scoped_ptr<ProxyResolver>* resolver,
+      std::unique_ptr<ProxyResolver>* resolver,
       const net::CompletionCallback& callback,
-      scoped_ptr<Request>* request) override {
+      std::unique_ptr<Request>* request) override {
     resolver->reset(new ForwardingProxyResolver(resolver_));
     return OK;
   }
@@ -11005,8 +11159,8 @@ TEST_P(HttpNetworkTransactionTest,
 
   CapturingProxyResolver capturing_proxy_resolver;
   session_deps_.proxy_service.reset(new ProxyService(
-      make_scoped_ptr(new ProxyConfigServiceFixed(proxy_config)),
-      make_scoped_ptr(
+      base::WrapUnique(new ProxyConfigServiceFixed(proxy_config)),
+      base::WrapUnique(
           new CapturingProxyResolverFactory(&capturing_proxy_resolver)),
       NULL));
   TestNetLog net_log;
@@ -11039,7 +11193,7 @@ TEST_P(HttpNetworkTransactionTest,
   ASSERT_TRUE(ssl.cert.get());
   session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl);
 
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
   MockWrite spdy_writes[] = {
       MockWrite(ASYNC, 0,
@@ -11051,9 +11205,9 @@ TEST_P(HttpNetworkTransactionTest,
 
   const char kCONNECTResponse[] = "HTTP/1.1 200 Connected\r\n\r\n";
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> data(
+  std::unique_ptr<SpdySerializedFrame> data(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockRead spdy_reads[] = {
       MockRead(ASYNC, 1, kCONNECTResponse), CreateMockRead(*resp.get(), 3),
@@ -11074,8 +11228,8 @@ TEST_P(HttpNetworkTransactionTest,
 
   TestCompletionCallback callback;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   int rv = trans->Start(&request, callback.callback(), BoundNetLog());
@@ -11151,13 +11305,13 @@ TEST_P(HttpNetworkTransactionTest,
   ASSERT_TRUE(ssl.cert.get());
   session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl);
 
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
   MockWrite spdy_writes[] = {CreateMockWrite(*req, 0)};
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> data(
+  std::unique_ptr<SpdySerializedFrame> data(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockRead spdy_reads[] = {
       CreateMockRead(*resp, 1), CreateMockRead(*data, 2), MockRead(ASYNC, 0, 3),
@@ -11169,9 +11323,9 @@ TEST_P(HttpNetworkTransactionTest,
 
   TestCompletionCallback callback;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   int rv = trans->Start(&request, callback.callback(), BoundNetLog());
@@ -11562,7 +11716,7 @@ TEST_P(HttpNetworkTransactionTest, GenerateAuthToken) {
     request.url = GURL(test_config.server_url);
     request.load_flags = 0;
 
-    scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+    std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
     SSLSocketDataProvider ssl_socket_data_provider(SYNCHRONOUS, OK);
 
@@ -11595,9 +11749,9 @@ TEST_P(HttpNetworkTransactionTest, GenerateAuthToken) {
             &ssl_socket_data_provider);
     }
 
-    std::vector<scoped_ptr<StaticSocketDataProvider>> data_providers;
+    std::vector<std::unique_ptr<StaticSocketDataProvider>> data_providers;
     for (size_t i = 0; i < mock_reads.size(); ++i) {
-      data_providers.push_back(make_scoped_ptr(new StaticSocketDataProvider(
+      data_providers.push_back(base::WrapUnique(new StaticSocketDataProvider(
           mock_reads[i].data(), mock_reads[i].size(), mock_writes[i].data(),
           mock_writes[i].size())));
       session_deps_.socket_factory->AddSocketDataProvider(
@@ -11665,7 +11819,7 @@ TEST_P(HttpNetworkTransactionTest, MultiRoundAuth) {
   request.url = origin;
   request.load_flags = 0;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   // Use a TCP Socket Pool with only one connection per group. This is used
   // to validate that the TCP socket is not released to the pool between
@@ -11674,15 +11828,14 @@ TEST_P(HttpNetworkTransactionTest, MultiRoundAuth) {
   TransportClientSocketPool* transport_pool = new TransportClientSocketPool(
       50,  // Max sockets for pool
       1,   // Max sockets per group
-      session_deps_.host_resolver.get(),
-      session_deps_.socket_factory.get(),
-      session_deps_.net_log);
-  scoped_ptr<MockClientSocketPoolManager> mock_pool_manager(
+      session_deps_.host_resolver.get(), session_deps_.socket_factory.get(),
+      NULL, session_deps_.net_log);
+  std::unique_ptr<MockClientSocketPoolManager> mock_pool_manager(
       new MockClientSocketPoolManager);
   mock_pool_manager->SetTransportSocketPool(transport_pool);
   session_peer.SetClientSocketPoolManager(std::move(mock_pool_manager));
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   TestCompletionCallback callback;
 
@@ -11752,7 +11905,7 @@ TEST_P(HttpNetworkTransactionTest, MultiRoundAuth) {
   // In between rounds, another request comes in for the same domain.
   // It should not be able to grab the TCP socket that trans has already
   // claimed.
-  scoped_ptr<HttpTransaction> trans_compete(
+  std::unique_ptr<HttpTransaction> trans_compete(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   TestCompletionCallback callback_compete;
   rv = trans_compete->Start(
@@ -11863,8 +12016,8 @@ TEST_P(HttpNetworkTransactionTest, NpnWithHttpOverSSL) {
 
   TestCompletionCallback callback;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   int rv = trans->Start(&request, callback.callback(), BoundNetLog());
@@ -11901,7 +12054,7 @@ TEST_P(HttpNetworkTransactionTest, SpdyPostNPNServerHangup) {
   ssl.SetNextProto(GetProtocol());
   session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl);
 
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
   MockWrite spdy_writes[] = {CreateMockWrite(*req, 1)};
 
@@ -11915,8 +12068,8 @@ TEST_P(HttpNetworkTransactionTest, SpdyPostNPNServerHangup) {
 
   TestCompletionCallback callback;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   int rv = trans->Start(&request, callback.callback(), BoundNetLog());
@@ -12010,11 +12163,11 @@ TEST_P(HttpNetworkTransactionTest, SpdyAlternateProtocolThroughProxy) {
   // retry-http-when-alternate-protocol fails logic kicks in, which was more
   // complicated to set up expectations for than the SPDY session.
 
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> data(
+  std::unique_ptr<SpdySerializedFrame> data(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
 
   MockWrite data_writes_2[] = {
@@ -12071,11 +12224,11 @@ TEST_P(HttpNetworkTransactionTest, SpdyAlternateProtocolThroughProxy) {
   session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl);
   session_deps_.socket_factory->AddSocketDataProvider(
       &hanging_non_alternate_protocol_socket);
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   // First round should work and provide the Alternate-Protocol state.
   TestCompletionCallback callback_1;
-  scoped_ptr<HttpTransaction> trans_1(
+  std::unique_ptr<HttpTransaction> trans_1(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   int rv = trans_1->Start(&request, callback_1.callback(), BoundNetLog());
   EXPECT_EQ(ERR_IO_PENDING, rv);
@@ -12083,7 +12236,7 @@ TEST_P(HttpNetworkTransactionTest, SpdyAlternateProtocolThroughProxy) {
 
   // Second round should attempt a tunnel connect and get an auth challenge.
   TestCompletionCallback callback_2;
-  scoped_ptr<HttpTransaction> trans_2(
+  std::unique_ptr<HttpTransaction> trans_2(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   rv = trans_2->Start(&request, callback_2.callback(), BoundNetLog());
   EXPECT_EQ(ERR_IO_PENDING, rv);
@@ -12131,8 +12284,8 @@ TEST_P(HttpNetworkTransactionTest, SimpleCancel) {
   request.load_flags = 0;
 
   session_deps_.host_resolver->set_synchronous_mode(true);
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   StaticSocketDataProvider data(data_reads, arraysize(data_reads), NULL, 0);
@@ -12169,7 +12322,7 @@ TEST_P(HttpNetworkTransactionTest, CancelAfterHeaders) {
   StaticSocketDataProvider data(data_reads, arraysize(data_reads), NULL, 0);
   session_deps_.socket_factory->AddSocketDataProvider(&data);
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   {
     HttpRequestInfo request;
@@ -12205,7 +12358,7 @@ TEST_P(HttpNetworkTransactionTest, ProxyGet) {
       ProxyService::CreateFixedFromPacResult("PROXY myproxy:70");
   BoundTestNetLog log;
   session_deps_.net_log = log.bound().net_log();
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   HttpRequestInfo request;
   request.method = "GET";
@@ -12231,7 +12384,7 @@ TEST_P(HttpNetworkTransactionTest, ProxyGet) {
 
   TestCompletionCallback callback1;
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   BeforeProxyHeadersSentHandler proxy_headers_handler;
   trans->SetBeforeProxyHeadersSentCallback(
@@ -12269,7 +12422,7 @@ TEST_P(HttpNetworkTransactionTest, ProxyTunnelGet) {
       ProxyService::CreateFixedFromPacResult("PROXY myproxy:70");
   BoundTestNetLog log;
   session_deps_.net_log = log.bound().net_log();
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   HttpRequestInfo request;
   request.method = "GET";
@@ -12303,7 +12456,7 @@ TEST_P(HttpNetworkTransactionTest, ProxyTunnelGet) {
 
   TestCompletionCallback callback1;
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   int rv = trans->Start(&request, callback1.callback(), log.bound());
@@ -12345,7 +12498,7 @@ TEST_P(HttpNetworkTransactionTest, ProxyTunnelGetIPv6) {
       ProxyService::CreateFixedFromPacResult("PROXY myproxy:70");
   BoundTestNetLog log;
   session_deps_.net_log = log.bound().net_log();
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   HttpRequestInfo request;
   request.method = "GET";
@@ -12379,7 +12532,7 @@ TEST_P(HttpNetworkTransactionTest, ProxyTunnelGetIPv6) {
 
   TestCompletionCallback callback1;
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   int rv = trans->Start(&request, callback1.callback(), log.bound());
@@ -12419,7 +12572,7 @@ TEST_P(HttpNetworkTransactionTest, ProxyTunnelGetHangup) {
   session_deps_.proxy_service = ProxyService::CreateFixed("myproxy:70");
   BoundTestNetLog log;
   session_deps_.net_log = log.bound().net_log();
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   HttpRequestInfo request;
   request.method = "GET";
@@ -12450,7 +12603,7 @@ TEST_P(HttpNetworkTransactionTest, ProxyTunnelGetHangup) {
 
   TestCompletionCallback callback1;
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   int rv = trans->Start(&request, callback1.callback(), log.bound());
@@ -12471,13 +12624,13 @@ TEST_P(HttpNetworkTransactionTest, ProxyTunnelGetHangup) {
 
 // Test for crbug.com/55424.
 TEST_P(HttpNetworkTransactionTest, PreconnectWithExistingSpdySession) {
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet("https://www.example.org", 1, LOWEST));
   MockWrite spdy_writes[] = {CreateMockWrite(*req, 0)};
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> data(
+  std::unique_ptr<SpdySerializedFrame> data(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockRead spdy_reads[] = {
       CreateMockRead(*resp, 1), CreateMockRead(*data, 2), MockRead(ASYNC, 0, 3),
@@ -12491,7 +12644,7 @@ TEST_P(HttpNetworkTransactionTest, PreconnectWithExistingSpdySession) {
   ssl.SetNextProto(GetProtocol());
   session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl);
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   // Set up an initial SpdySession in the pool to reuse.
   HostPortPair host_port_pair("www.example.org", 443);
@@ -12508,7 +12661,7 @@ TEST_P(HttpNetworkTransactionTest, PreconnectWithExistingSpdySession) {
   // This is the important line that marks this as a preconnect.
   request.motivation = HttpRequestInfo::PRECONNECT_MOTIVATED;
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   TestCompletionCallback callback;
@@ -12534,8 +12687,8 @@ void HttpNetworkTransactionTest::CheckErrorIsPassedBack(
   session_deps_.socket_factory->AddSocketDataProvider(&data);
   session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl_data);
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   TestCompletionCallback callback;
@@ -12621,8 +12774,8 @@ TEST_P(HttpNetworkTransactionTest,
   StaticSocketDataProvider data4(NULL, 0, NULL, 0);
   session_deps_.socket_factory->AddSocketDataProvider(&data4);
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   // Begin the SSL handshake with the peer. This consumes ssl_data1.
@@ -12739,8 +12892,8 @@ TEST_P(HttpNetworkTransactionTest,
   StaticSocketDataProvider data5(data2_reads, arraysize(data2_reads), NULL, 0);
   session_deps_.socket_factory->AddSocketDataProvider(&data5);
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   // Begin the initial SSL handshake.
@@ -12832,8 +12985,8 @@ TEST_P(HttpNetworkTransactionTest, ClientAuthCertCache_Proxy_Fail) {
 
   for (size_t i = 0; i < arraysize(requests); ++i) {
     session_deps_.socket_factory->ResetNextMockIndexes();
-    scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-    scoped_ptr<HttpNetworkTransaction> trans(
+    std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+    std::unique_ptr<HttpNetworkTransaction> trans(
         new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
     // Begin the SSL handshake with the proxy.
@@ -12888,7 +13041,7 @@ TEST_P(HttpNetworkTransactionTest, UseIPConnectionPooling) {
 
   // Set up a special HttpNetworkSession with a MockCachingHostResolver.
   session_deps_.host_resolver.reset(new MockCachingHostResolver());
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
   SpdySessionPoolPeer pool_peer(session->spdy_session_pool());
   pool_peer.DisableDomainAuthenticationVerification();
 
@@ -12896,21 +13049,21 @@ TEST_P(HttpNetworkTransactionTest, UseIPConnectionPooling) {
   ssl.SetNextProto(GetProtocol());
   session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl);
 
-  scoped_ptr<SpdySerializedFrame> host1_req(
+  std::unique_ptr<SpdySerializedFrame> host1_req(
       spdy_util_.ConstructSpdyGet("https://www.example.org", 1, LOWEST));
   spdy_util_.UpdateWithStreamDestruction(1);
-  scoped_ptr<SpdySerializedFrame> host2_req(
+  std::unique_ptr<SpdySerializedFrame> host2_req(
       spdy_util_.ConstructSpdyGet("https://www.gmail.com", 3, LOWEST));
   MockWrite spdy_writes[] = {
       CreateMockWrite(*host1_req, 0), CreateMockWrite(*host2_req, 3),
   };
-  scoped_ptr<SpdySerializedFrame> host1_resp(
+  std::unique_ptr<SpdySerializedFrame> host1_resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> host1_resp_body(
+  std::unique_ptr<SpdySerializedFrame> host1_resp_body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
-  scoped_ptr<SpdySerializedFrame> host2_resp(
+  std::unique_ptr<SpdySerializedFrame> host2_resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 3));
-  scoped_ptr<SpdySerializedFrame> host2_resp_body(
+  std::unique_ptr<SpdySerializedFrame> host2_resp_body(
       spdy_util_.ConstructSpdyBodyFrame(3, true));
   MockRead spdy_reads[] = {
       CreateMockRead(*host1_resp, 1),
@@ -12986,7 +13139,7 @@ TEST_P(HttpNetworkTransactionTest, UseIPConnectionPoolingAfterResolution) {
 
   // Set up a special HttpNetworkSession with a MockCachingHostResolver.
   session_deps_.host_resolver.reset(new MockCachingHostResolver());
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
   SpdySessionPoolPeer pool_peer(session->spdy_session_pool());
   pool_peer.DisableDomainAuthenticationVerification();
 
@@ -12994,21 +13147,21 @@ TEST_P(HttpNetworkTransactionTest, UseIPConnectionPoolingAfterResolution) {
   ssl.SetNextProto(GetProtocol());
   session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl);
 
-  scoped_ptr<SpdySerializedFrame> host1_req(
+  std::unique_ptr<SpdySerializedFrame> host1_req(
       spdy_util_.ConstructSpdyGet("https://www.example.org", 1, LOWEST));
   spdy_util_.UpdateWithStreamDestruction(1);
-  scoped_ptr<SpdySerializedFrame> host2_req(
+  std::unique_ptr<SpdySerializedFrame> host2_req(
       spdy_util_.ConstructSpdyGet("https://www.gmail.com", 3, LOWEST));
   MockWrite spdy_writes[] = {
       CreateMockWrite(*host1_req, 0), CreateMockWrite(*host2_req, 3),
   };
-  scoped_ptr<SpdySerializedFrame> host1_resp(
+  std::unique_ptr<SpdySerializedFrame> host1_resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> host1_resp_body(
+  std::unique_ptr<SpdySerializedFrame> host1_resp_body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
-  scoped_ptr<SpdySerializedFrame> host2_resp(
+  std::unique_ptr<SpdySerializedFrame> host2_resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 3));
-  scoped_ptr<SpdySerializedFrame> host2_resp_body(
+  std::unique_ptr<SpdySerializedFrame> host2_resp_body(
       spdy_util_.ConstructSpdyBodyFrame(3, true));
   MockRead spdy_reads[] = {
       CreateMockRead(*host1_resp, 1),
@@ -13115,7 +13268,7 @@ TEST_P(HttpNetworkTransactionTest,
   HttpNetworkSession::Params params =
       SpdySessionDependencies::CreateSessionParams(&session_deps_);
   params.host_resolver = &host_resolver;
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
   SpdySessionPoolPeer pool_peer(session->spdy_session_pool());
   pool_peer.DisableDomainAuthenticationVerification();
 
@@ -13123,21 +13276,21 @@ TEST_P(HttpNetworkTransactionTest,
   ssl.SetNextProto(GetProtocol());
   session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl);
 
-  scoped_ptr<SpdySerializedFrame> host1_req(
+  std::unique_ptr<SpdySerializedFrame> host1_req(
       spdy_util_.ConstructSpdyGet("https://www.example.org", 1, LOWEST));
   spdy_util_.UpdateWithStreamDestruction(1);
-  scoped_ptr<SpdySerializedFrame> host2_req(
+  std::unique_ptr<SpdySerializedFrame> host2_req(
       spdy_util_.ConstructSpdyGet("https://www.gmail.com", 3, LOWEST));
   MockWrite spdy_writes[] = {
       CreateMockWrite(*host1_req, 0), CreateMockWrite(*host2_req, 3),
   };
-  scoped_ptr<SpdySerializedFrame> host1_resp(
+  std::unique_ptr<SpdySerializedFrame> host1_resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> host1_resp_body(
+  std::unique_ptr<SpdySerializedFrame> host1_resp_body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
-  scoped_ptr<SpdySerializedFrame> host2_resp(
+  std::unique_ptr<SpdySerializedFrame> host2_resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 3));
-  scoped_ptr<SpdySerializedFrame> host2_resp_body(
+  std::unique_ptr<SpdySerializedFrame> host2_resp_body(
       spdy_util_.ConstructSpdyBodyFrame(3, true));
   MockRead spdy_reads[] = {
       CreateMockRead(*host1_resp, 1),
@@ -13211,16 +13364,16 @@ TEST_P(HttpNetworkTransactionTest, DoNotUseSpdySessionForHttp) {
   const std::string http_url = "http://www.example.org:8080/";
 
   // SPDY GET for HTTPS URL
-  scoped_ptr<SpdySerializedFrame> req1(
+  std::unique_ptr<SpdySerializedFrame> req1(
       spdy_util_.ConstructSpdyGet(https_url.c_str(), 1, LOWEST));
 
   MockWrite writes1[] = {
     CreateMockWrite(*req1, 0),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp1(
+  std::unique_ptr<SpdySerializedFrame> resp1(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> body1(
+  std::unique_ptr<SpdySerializedFrame> body1(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockRead reads1[] = {CreateMockRead(*resp1, 1), CreateMockRead(*body1, 2),
                        MockRead(SYNCHRONOUS, ERR_IO_PENDING, 3)};
@@ -13253,7 +13406,7 @@ TEST_P(HttpNetworkTransactionTest, DoNotUseSpdySessionForHttp) {
   session_deps_.socket_factory->AddSocketDataProvider(&data1);
   session_deps_.socket_factory->AddSocketDataProvider(&data2);
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   // Start the first transaction to set up the SpdySession
   HttpRequestInfo request1;
@@ -13287,8 +13440,8 @@ TEST_P(HttpNetworkTransactionTest, DoNotUseSpdySessionForHttp) {
 class AltSvcCertificateVerificationTest : public HttpNetworkTransactionTest {
  public:
   void Run(bool pooling, bool valid) {
-    HostPortPair origin(valid ? "mail.example.org" : "invalid.example.org",
-                        443);
+    url::SchemeHostPort server(GURL(valid ? "https://mail.example.org:443"
+                                          : "https://invalid.example.org:443"));
     HostPortPair alternative("www.example.org", 443);
 
     base::FilePath certs_dir = GetTestCertsDirectory();
@@ -13297,7 +13450,7 @@ class AltSvcCertificateVerificationTest : public HttpNetworkTransactionTest {
     ASSERT_TRUE(cert.get());
     bool common_name_fallback_used;
     EXPECT_EQ(valid,
-              cert->VerifyNameMatch(origin.host(), &common_name_fallback_used));
+              cert->VerifyNameMatch(server.host(), &common_name_fallback_used));
     EXPECT_TRUE(
         cert->VerifyNameMatch(alternative.host(), &common_name_fallback_used));
     SSLSocketDataProvider ssl(ASYNC, OK);
@@ -13308,18 +13461,18 @@ class AltSvcCertificateVerificationTest : public HttpNetworkTransactionTest {
     // If pooling, then start a request to alternative first to create a
     // SpdySession.
     std::string url0 = "https://www.example.org:443";
-    // Second request to origin, which has an alternative service, and could
+    // Second request to server, which has an alternative service, and could
     // open a connection to the alternative host or pool to the existing one.
     std::string url1("https://");
-    url1.append(origin.host());
+    url1.append(server.host());
     url1.append(":443");
 
-    scoped_ptr<SpdySerializedFrame> req0;
-    scoped_ptr<SpdySerializedFrame> req1;
-    scoped_ptr<SpdySerializedFrame> resp0;
-    scoped_ptr<SpdySerializedFrame> body0;
-    scoped_ptr<SpdySerializedFrame> resp1;
-    scoped_ptr<SpdySerializedFrame> body1;
+    std::unique_ptr<SpdySerializedFrame> req0;
+    std::unique_ptr<SpdySerializedFrame> req1;
+    std::unique_ptr<SpdySerializedFrame> resp0;
+    std::unique_ptr<SpdySerializedFrame> body0;
+    std::unique_ptr<SpdySerializedFrame> resp1;
+    std::unique_ptr<SpdySerializedFrame> body1;
     std::vector<MockWrite> writes;
     std::vector<MockRead> reads;
 
@@ -13359,7 +13512,7 @@ class AltSvcCertificateVerificationTest : public HttpNetworkTransactionTest {
                              writes.size());
     session_deps_.socket_factory->AddSocketDataProvider(&data);
 
-    // Connection to the origin fails.
+    // Connection to the server fails.
     MockConnect mock_connect(ASYNC, ERR_CONNECTION_REFUSED);
     StaticSocketDataProvider data_refused;
     data_refused.set_connect_data(mock_connect);
@@ -13367,18 +13520,18 @@ class AltSvcCertificateVerificationTest : public HttpNetworkTransactionTest {
 
     session_deps_.parse_alternative_services = true;
     session_deps_.enable_alternative_service_with_different_host = true;
-    scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+    std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
     base::WeakPtr<HttpServerProperties> http_server_properties =
         session->http_server_properties();
     AlternativeService alternative_service(
         AlternateProtocolFromNextProto(GetProtocol()), alternative);
     base::Time expiration = base::Time::Now() + base::TimeDelta::FromDays(1);
-    http_server_properties->SetAlternativeService(origin, alternative_service,
+    http_server_properties->SetAlternativeService(server, alternative_service,
                                                   expiration);
 
     // First request to alternative.
     if (pooling) {
-      scoped_ptr<HttpTransaction> trans0(
+      std::unique_ptr<HttpTransaction> trans0(
           new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
       HttpRequestInfo request0;
       request0.method = "GET";
@@ -13393,7 +13546,7 @@ class AltSvcCertificateVerificationTest : public HttpNetworkTransactionTest {
     }
 
     // Second request to origin.
-    scoped_ptr<HttpTransaction> trans1(
+    std::unique_ptr<HttpTransaction> trans1(
         new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
     HttpRequestInfo request1;
     request1.method = "GET";
@@ -13442,17 +13595,18 @@ TEST_P(AltSvcCertificateVerificationTest, NewConnectionValid) {
   Run(false, true);
 }
 
-TEST_P(AltSvcCertificateVerificationTest, NewConnectionInvalid) {
+// TODO(bnc): Re-enable when https://crbug.com/615413 is fixed.
+TEST_P(AltSvcCertificateVerificationTest, DISABLED_NewConnectionInvalid) {
   Run(false, false);
 }
 
 // Alternative service requires HTTP/2 (or SPDY), but HTTP/1.1 is negotiated
 // with the alternative server.  That connection should not be used.
 TEST_P(HttpNetworkTransactionTest, AlternativeServiceNotOnHttp11) {
-  HostPortPair origin("origin.example.org", 443);
-  HostPortPair alternative("alternative.example.org", 443);
+  url::SchemeHostPort server("https", "www.example.org", 443);
+  HostPortPair alternative("www.example.org", 444);
 
-  // Negotiate HTTP/1.1 with alternative.example.org.
+  // Negotiate HTTP/1.1 with alternative.
   SSLSocketDataProvider ssl(ASYNC, OK);
   ssl.SetNextProto(kProtoHTTP11);
   session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl);
@@ -13463,29 +13617,29 @@ TEST_P(HttpNetworkTransactionTest, AlternativeServiceNotOnHttp11) {
   session_deps_.socket_factory->AddSocketDataProvider(&data);
 
   // This test documents that an alternate Job should not be used if HTTP/1.1 is
-  // negotiated.  In order to test this, a failed connection to the origin is
+  // negotiated.  In order to test this, a failed connection to the server is
   // mocked.  This way the request relies on the alternate Job.
   StaticSocketDataProvider data_refused;
   data_refused.set_connect_data(MockConnect(ASYNC, ERR_CONNECTION_REFUSED));
   session_deps_.socket_factory->AddSocketDataProvider(&data_refused);
 
-  // Set up alternative service for origin.
+  // Set up alternative service for server.
   session_deps_.parse_alternative_services = true;
   session_deps_.enable_alternative_service_with_different_host = true;
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
   base::WeakPtr<HttpServerProperties> http_server_properties =
       session->http_server_properties();
   AlternativeService alternative_service(
       AlternateProtocolFromNextProto(GetProtocol()), alternative);
   base::Time expiration = base::Time::Now() + base::TimeDelta::FromDays(1);
-  http_server_properties->SetAlternativeService(origin, alternative_service,
+  http_server_properties->SetAlternativeService(server, alternative_service,
                                                 expiration);
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   HttpRequestInfo request;
   request.method = "GET";
-  request.url = GURL("https://origin.example.org:443");
+  request.url = GURL("https://www.example.org:443");
   request.load_flags = 0;
   TestCompletionCallback callback;
 
@@ -13496,12 +13650,12 @@ TEST_P(HttpNetworkTransactionTest, AlternativeServiceNotOnHttp11) {
 }
 
 // A request to a server with an alternative service fires two Jobs: one to the
-// origin, and an alternate one to the alternative server.  If the former
+// server, and an alternate one to the alternative server.  If the former
 // succeeds, the request should succeed,  even if the latter fails because
 // HTTP/1.1 is negotiated which is insufficient for alternative service.
 TEST_P(HttpNetworkTransactionTest, FailedAlternativeServiceIsNotUserVisible) {
-  HostPortPair origin("origin.example.org", 443);
-  HostPortPair alternative("alternative.example.org", 443);
+  url::SchemeHostPort server("https", "www.example.org", 443);
+  HostPortPair alternative("www.example.org", 444);
 
   // Negotiate HTTP/1.1 with alternative.
   SSLSocketDataProvider alternative_ssl(ASYNC, OK);
@@ -13513,20 +13667,18 @@ TEST_P(HttpNetworkTransactionTest, FailedAlternativeServiceIsNotUserVisible) {
   StaticSocketDataProvider data;
   session_deps_.socket_factory->AddSocketDataProvider(&data);
 
-  // Negotiate HTTP/1.1 with origin.
+  // Negotiate HTTP/1.1 with server.
   SSLSocketDataProvider origin_ssl(ASYNC, OK);
   origin_ssl.SetNextProto(kProtoHTTP11);
   session_deps_.socket_factory->AddSSLSocketDataProvider(&origin_ssl);
 
   MockWrite http_writes[] = {
-      MockWrite(
-          "GET / HTTP/1.1\r\n"
-          "Host: origin.example.org\r\n"
-          "Connection: keep-alive\r\n\r\n"),
-      MockWrite(
-          "GET /second HTTP/1.1\r\n"
-          "Host: origin.example.org\r\n"
-          "Connection: keep-alive\r\n\r\n"),
+      MockWrite("GET / HTTP/1.1\r\n"
+                "Host: www.example.org\r\n"
+                "Connection: keep-alive\r\n\r\n"),
+      MockWrite("GET /second HTTP/1.1\r\n"
+                "Host: www.example.org\r\n"
+                "Connection: keep-alive\r\n\r\n"),
   };
 
   MockRead http_reads[] = {
@@ -13543,22 +13695,22 @@ TEST_P(HttpNetworkTransactionTest, FailedAlternativeServiceIsNotUserVisible) {
                                      http_writes, arraysize(http_writes));
   session_deps_.socket_factory->AddSocketDataProvider(&http_data);
 
-  // Set up alternative service for origin.
+  // Set up alternative service for server.
   session_deps_.parse_alternative_services = true;
   session_deps_.enable_alternative_service_with_different_host = true;
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
   base::WeakPtr<HttpServerProperties> http_server_properties =
       session->http_server_properties();
   AlternativeService alternative_service(
       AlternateProtocolFromNextProto(GetProtocol()), alternative);
   base::Time expiration = base::Time::Now() + base::TimeDelta::FromDays(1);
-  http_server_properties->SetAlternativeService(origin, alternative_service,
+  http_server_properties->SetAlternativeService(server, alternative_service,
                                                 expiration);
 
   HttpNetworkTransaction trans1(DEFAULT_PRIORITY, session.get());
   HttpRequestInfo request1;
   request1.method = "GET";
-  request1.url = GURL("https://origin.example.org:443");
+  request1.url = GURL("https://www.example.org:443");
   request1.load_flags = 0;
   TestCompletionCallback callback1;
 
@@ -13580,13 +13732,13 @@ TEST_P(HttpNetworkTransactionTest, FailedAlternativeServiceIsNotUserVisible) {
   EXPECT_TRUE(
       http_server_properties->IsAlternativeServiceBroken(alternative_service));
 
-  // Since |alternative_service| is broken, a second transaction to origin
+  // Since |alternative_service| is broken, a second transaction to server
   // should not start an alternate Job.  It should pool to existing connection
-  // to origin.
+  // to server.
   HttpNetworkTransaction trans2(DEFAULT_PRIORITY, session.get());
   HttpRequestInfo request2;
   request2.method = "GET";
-  request2.url = GURL("https://origin.example.org:443/second");
+  request2.url = GURL("https://www.example.org:443/second");
   request2.load_flags = 0;
   TestCompletionCallback callback2;
 
@@ -13608,7 +13760,7 @@ TEST_P(HttpNetworkTransactionTest, FailedAlternativeServiceIsNotUserVisible) {
 // HTTP/1.1 socket open to the alternative server.  That socket should not be
 // used.
 TEST_P(HttpNetworkTransactionTest, AlternativeServiceShouldNotPoolToHttp11) {
-  HostPortPair origin("origin.example.org", 443);
+  url::SchemeHostPort server("https", "origin.example.org", 443);
   HostPortPair alternative("alternative.example.org", 443);
   std::string origin_url = "https://origin.example.org:443";
   std::string alternative_url = "https://alternative.example.org:443";
@@ -13648,25 +13800,25 @@ TEST_P(HttpNetworkTransactionTest, AlternativeServiceShouldNotPoolToHttp11) {
 
   // This test documents that an alternate Job should not pool to an already
   // existing HTTP/1.1 connection.  In order to test this, a failed connection
-  // to the origin is mocked.  This way |request2| relies on the alternate Job.
+  // to the server is mocked.  This way |request2| relies on the alternate Job.
   StaticSocketDataProvider data_refused;
   data_refused.set_connect_data(MockConnect(ASYNC, ERR_CONNECTION_REFUSED));
   session_deps_.socket_factory->AddSocketDataProvider(&data_refused);
 
-  // Set up alternative service for origin.
+  // Set up alternative service for server.
   session_deps_.parse_alternative_services = true;
   session_deps_.enable_alternative_service_with_different_host = false;
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
   base::WeakPtr<HttpServerProperties> http_server_properties =
       session->http_server_properties();
   AlternativeService alternative_service(
       AlternateProtocolFromNextProto(GetProtocol()), alternative);
   base::Time expiration = base::Time::Now() + base::TimeDelta::FromDays(1);
-  http_server_properties->SetAlternativeService(origin, alternative_service,
+  http_server_properties->SetAlternativeService(server, alternative_service,
                                                 expiration);
 
   // First transaction to alternative to open an HTTP/1.1 socket.
-  scoped_ptr<HttpTransaction> trans1(
+  std::unique_ptr<HttpTransaction> trans1(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   HttpRequestInfo request1;
   request1.method = "GET";
@@ -13689,9 +13841,9 @@ TEST_P(HttpNetworkTransactionTest, AlternativeServiceShouldNotPoolToHttp11) {
   // Request for origin.example.org, which has an alternative service.  This
   // will start two Jobs: the alternative looks for connections to pool to,
   // finds one which is HTTP/1.1, and should ignore it, and should not try to
-  // open other connections to alternative server.  The Job to origin fails, so
+  // open other connections to alternative server.  The Job to server fails, so
   // this request fails.
-  scoped_ptr<HttpTransaction> trans2(
+  std::unique_ptr<HttpTransaction> trans2(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   HttpRequestInfo request2;
   request2.method = "GET";
@@ -13704,7 +13856,7 @@ TEST_P(HttpNetworkTransactionTest, AlternativeServiceShouldNotPoolToHttp11) {
 
   // Another transaction to alternative.  This is to test that the HTTP/1.1
   // socket is still open and in the pool.
-  scoped_ptr<HttpTransaction> trans3(
+  std::unique_ptr<HttpTransaction> trans3(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   HttpRequestInfo request3;
   request3.method = "GET";
@@ -13734,11 +13886,11 @@ TEST_P(HttpNetworkTransactionTest, DoNotUseSpdySessionForHttpOverTunnel) {
 
   // SPDY GET for HTTPS URL (through CONNECT tunnel)
   const HostPortPair host_port_pair("www.example.org", 8080);
-  scoped_ptr<SpdySerializedFrame> connect(
+  std::unique_ptr<SpdySerializedFrame> connect(
       spdy_util_.ConstructSpdyConnect(NULL, 0, 1, LOWEST, host_port_pair));
-  scoped_ptr<SpdySerializedFrame> req1(
+  std::unique_ptr<SpdySerializedFrame> req1(
       spdy_util_wrapped.ConstructSpdyGet(https_url.c_str(), 1, LOWEST));
-  scoped_ptr<SpdySerializedFrame> wrapped_req1(
+  std::unique_ptr<SpdySerializedFrame> wrapped_req1(
       spdy_util_.ConstructWrappedSpdyFrame(req1, 1));
 
   // SPDY GET for HTTP URL (through the proxy, but not the tunnel).
@@ -13748,7 +13900,7 @@ TEST_P(HttpNetworkTransactionTest, DoNotUseSpdySessionForHttpOverTunnel) {
   req2_block[spdy_util_.GetHostKey()] = "www.example.org:8080";
   req2_block[spdy_util_.GetSchemeKey()] = "http";
   req2_block[spdy_util_.GetPathKey()] = "/";
-  scoped_ptr<SpdySerializedFrame> req2(
+  std::unique_ptr<SpdySerializedFrame> req2(
       spdy_util_.ConstructSpdySyn(3, req2_block, MEDIUM, true));
 
   MockWrite writes1[] = {
@@ -13756,19 +13908,19 @@ TEST_P(HttpNetworkTransactionTest, DoNotUseSpdySessionForHttpOverTunnel) {
       CreateMockWrite(*req2, 6),
   };
 
-  scoped_ptr<SpdySerializedFrame> conn_resp(
+  std::unique_ptr<SpdySerializedFrame> conn_resp(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 1));
-  scoped_ptr<SpdySerializedFrame> resp1(
+  std::unique_ptr<SpdySerializedFrame> resp1(
       spdy_util_wrapped.ConstructSpdyGetSynReply(nullptr, 0, 1));
-  scoped_ptr<SpdySerializedFrame> body1(
+  std::unique_ptr<SpdySerializedFrame> body1(
       spdy_util_wrapped.ConstructSpdyBodyFrame(1, true));
-  scoped_ptr<SpdySerializedFrame> wrapped_resp1(
+  std::unique_ptr<SpdySerializedFrame> wrapped_resp1(
       spdy_util_wrapped.ConstructWrappedSpdyFrame(resp1, 1));
-  scoped_ptr<SpdySerializedFrame> wrapped_body1(
+  std::unique_ptr<SpdySerializedFrame> wrapped_body1(
       spdy_util_wrapped.ConstructWrappedSpdyFrame(body1, 1));
-  scoped_ptr<SpdySerializedFrame> resp2(
+  std::unique_ptr<SpdySerializedFrame> resp2(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 3));
-  scoped_ptr<SpdySerializedFrame> body2(
+  std::unique_ptr<SpdySerializedFrame> body2(
       spdy_util_.ConstructSpdyBodyFrame(3, true));
   MockRead reads1[] = {
       CreateMockRead(*conn_resp, 1),
@@ -13798,7 +13950,7 @@ TEST_P(HttpNetworkTransactionTest, DoNotUseSpdySessionForHttpOverTunnel) {
   session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl2);
   session_deps_.socket_factory->AddSocketDataProvider(&data1);
 
-  scoped_ptr<HttpNetworkSession> session = CreateSession(&session_deps_);
+  std::unique_ptr<HttpNetworkSession> session = CreateSession(&session_deps_);
 
   // Start the first transaction to set up the SpdySession
   HttpRequestInfo request1;
@@ -13860,18 +14012,18 @@ TEST_P(HttpNetworkTransactionTest, DoNotUseSpdySessionIfCertDoesNotMatch) {
   SpdyTestUtil spdy_util_secure(GetProtocol(), GetDependenciesFromPriority());
 
   // SPDY GET for HTTP URL (through SPDY proxy)
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructGetHeaderBlockForProxy("http://www.example.org/"));
-  scoped_ptr<SpdySerializedFrame> req1(
+  std::unique_ptr<SpdySerializedFrame> req1(
       spdy_util_.ConstructSpdySyn(1, *headers, LOWEST, true));
 
   MockWrite writes1[] = {
     CreateMockWrite(*req1, 0),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp1(
+  std::unique_ptr<SpdySerializedFrame> resp1(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> body1(
+  std::unique_ptr<SpdySerializedFrame> body1(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockRead reads1[] = {
       MockRead(ASYNC, ERR_IO_PENDING, 1), CreateMockRead(*resp1, 2),
@@ -13887,16 +14039,16 @@ TEST_P(HttpNetworkTransactionTest, DoNotUseSpdySessionIfCertDoesNotMatch) {
   data1.set_connect_data(connect_data1);
 
   // SPDY GET for HTTPS URL (direct)
-  scoped_ptr<SpdySerializedFrame> req2(
+  std::unique_ptr<SpdySerializedFrame> req2(
       spdy_util_secure.ConstructSpdyGet(url2.c_str(), 1, MEDIUM));
 
   MockWrite writes2[] = {
     CreateMockWrite(*req2, 0),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp2(
+  std::unique_ptr<SpdySerializedFrame> resp2(
       spdy_util_secure.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> body2(
+  std::unique_ptr<SpdySerializedFrame> body2(
       spdy_util_secure.ConstructSpdyBodyFrame(1, true));
   MockRead reads2[] = {CreateMockRead(*resp2, 1), CreateMockRead(*body2, 2),
                        MockRead(ASYNC, OK, 3)};
@@ -13911,7 +14063,7 @@ TEST_P(HttpNetworkTransactionTest, DoNotUseSpdySessionIfCertDoesNotMatch) {
   ProxyConfig proxy_config;
   proxy_config.proxy_rules().ParseFromString("http=https://proxy:443");
   session_deps_.proxy_service.reset(new ProxyService(
-      make_scoped_ptr(new ProxyConfigServiceFixed(proxy_config)), nullptr,
+      base::WrapUnique(new ProxyConfigServiceFixed(proxy_config)), nullptr,
       NULL));
 
   SSLSocketDataProvider ssl1(ASYNC, OK);  // to the proxy
@@ -13934,7 +14086,7 @@ TEST_P(HttpNetworkTransactionTest, DoNotUseSpdySessionIfCertDoesNotMatch) {
   session_deps_.host_resolver->rules()->AddRule("news.example.org", ip_addr);
   session_deps_.host_resolver->rules()->AddRule("proxy", ip_addr);
 
-  scoped_ptr<HttpNetworkSession> session = CreateSession(&session_deps_);
+  std::unique_ptr<HttpNetworkSession> session = CreateSession(&session_deps_);
 
   // Start the first transaction to set up the SpdySession
   HttpRequestInfo request1;
@@ -13982,15 +14134,15 @@ TEST_P(HttpNetworkTransactionTest, ErrorSocketNotConnected) {
 
   SequencedSocketData data1(reads1, arraysize(reads1), NULL, 0);
 
-  scoped_ptr<SpdySerializedFrame> req2(
+  std::unique_ptr<SpdySerializedFrame> req2(
       spdy_util_.ConstructSpdyGet(https_url.c_str(), 1, MEDIUM));
   MockWrite writes2[] = {
     CreateMockWrite(*req2, 0),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp2(
+  std::unique_ptr<SpdySerializedFrame> resp2(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> body2(
+  std::unique_ptr<SpdySerializedFrame> body2(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockRead reads2[] = {
     CreateMockRead(*resp2, 1),
@@ -14011,7 +14163,7 @@ TEST_P(HttpNetworkTransactionTest, ErrorSocketNotConnected) {
   session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl2);
   session_deps_.socket_factory->AddSocketDataProvider(&data2);
 
-  scoped_ptr<HttpNetworkSession> session(
+  std::unique_ptr<HttpNetworkSession> session(
       SpdySessionDependencies::SpdyCreateSession(&session_deps_));
 
   // Start the first transaction to set up the SpdySession and verify that
@@ -14049,7 +14201,7 @@ TEST_P(HttpNetworkTransactionTest, CloseIdleSpdySessionToOpenNewOne) {
   // Use two different hosts with different IPs so they don't get pooled.
   session_deps_.host_resolver->rules()->AddRule("www.a.com", "10.0.0.1");
   session_deps_.host_resolver->rules()->AddRule("www.b.com", "10.0.0.2");
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   SSLSocketDataProvider ssl1(ASYNC, OK);
   ssl1.SetNextProto(GetProtocol());
@@ -14058,14 +14210,14 @@ TEST_P(HttpNetworkTransactionTest, CloseIdleSpdySessionToOpenNewOne) {
   session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl1);
   session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl2);
 
-  scoped_ptr<SpdySerializedFrame> host1_req(
+  std::unique_ptr<SpdySerializedFrame> host1_req(
       spdy_util_.ConstructSpdyGet("https://www.a.com", 1, DEFAULT_PRIORITY));
   MockWrite spdy1_writes[] = {
       CreateMockWrite(*host1_req, 0),
   };
-  scoped_ptr<SpdySerializedFrame> host1_resp(
+  std::unique_ptr<SpdySerializedFrame> host1_resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> host1_resp_body(
+  std::unique_ptr<SpdySerializedFrame> host1_resp_body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockRead spdy1_reads[] = {
       CreateMockRead(*host1_resp, 1), CreateMockRead(*host1_resp_body, 2),
@@ -14075,26 +14227,26 @@ TEST_P(HttpNetworkTransactionTest, CloseIdleSpdySessionToOpenNewOne) {
   // Use a separate test instance for the separate SpdySession that will be
   // created.
   SpdyTestUtil spdy_util_2(GetProtocol(), GetDependenciesFromPriority());
-  scoped_ptr<SequencedSocketData> spdy1_data(
+  std::unique_ptr<SequencedSocketData> spdy1_data(
       new SequencedSocketData(spdy1_reads, arraysize(spdy1_reads), spdy1_writes,
                               arraysize(spdy1_writes)));
   session_deps_.socket_factory->AddSocketDataProvider(spdy1_data.get());
 
-  scoped_ptr<SpdySerializedFrame> host2_req(
+  std::unique_ptr<SpdySerializedFrame> host2_req(
       spdy_util_2.ConstructSpdyGet("https://www.b.com", 1, DEFAULT_PRIORITY));
   MockWrite spdy2_writes[] = {
       CreateMockWrite(*host2_req, 0),
   };
-  scoped_ptr<SpdySerializedFrame> host2_resp(
+  std::unique_ptr<SpdySerializedFrame> host2_resp(
       spdy_util_2.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> host2_resp_body(
+  std::unique_ptr<SpdySerializedFrame> host2_resp_body(
       spdy_util_2.ConstructSpdyBodyFrame(1, true));
   MockRead spdy2_reads[] = {
       CreateMockRead(*host2_resp, 1), CreateMockRead(*host2_resp_body, 2),
       MockRead(SYNCHRONOUS, ERR_IO_PENDING, 3),
   };
 
-  scoped_ptr<SequencedSocketData> spdy2_data(
+  std::unique_ptr<SequencedSocketData> spdy2_data(
       new SequencedSocketData(spdy2_reads, arraysize(spdy2_reads), spdy2_writes,
                               arraysize(spdy2_writes)));
   session_deps_.socket_factory->AddSocketDataProvider(spdy2_data.get());
@@ -14126,7 +14278,7 @@ TEST_P(HttpNetworkTransactionTest, CloseIdleSpdySessionToOpenNewOne) {
   request1.method = "GET";
   request1.url = GURL("https://www.a.com/");
   request1.load_flags = 0;
-  scoped_ptr<HttpNetworkTransaction> trans(
+  std::unique_ptr<HttpNetworkTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   int rv = trans->Start(&request1, callback.callback(), BoundNetLog());
@@ -14210,8 +14362,8 @@ TEST_P(HttpNetworkTransactionTest, HttpSyncConnectError) {
   request.url = GURL("http://www.example.org/");
   request.load_flags = 0;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   MockConnect mock_connect(SYNCHRONOUS, ERR_NAME_NOT_RESOLVED);
@@ -14247,8 +14399,8 @@ TEST_P(HttpNetworkTransactionTest, HttpAsyncConnectError) {
   request.url = GURL("http://www.example.org/");
   request.load_flags = 0;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   MockConnect mock_connect(ASYNC, ERR_NAME_NOT_RESOLVED);
@@ -14284,8 +14436,8 @@ TEST_P(HttpNetworkTransactionTest, HttpSyncWriteError) {
   request.url = GURL("http://www.example.org/");
   request.load_flags = 0;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   MockWrite data_writes[] = {
@@ -14318,8 +14470,8 @@ TEST_P(HttpNetworkTransactionTest, HttpAsyncWriteError) {
   request.url = GURL("http://www.example.org/");
   request.load_flags = 0;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   MockWrite data_writes[] = {
@@ -14352,8 +14504,8 @@ TEST_P(HttpNetworkTransactionTest, HttpSyncReadError) {
   request.url = GURL("http://www.example.org/");
   request.load_flags = 0;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   MockWrite data_writes[] = {
@@ -14389,8 +14541,8 @@ TEST_P(HttpNetworkTransactionTest, HttpAsyncReadError) {
   request.url = GURL("http://www.example.org/");
   request.load_flags = 0;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   MockWrite data_writes[] = {
@@ -14427,8 +14579,8 @@ TEST_P(HttpNetworkTransactionTest, GetFullRequestHeadersIncludesExtraHeader) {
   request.load_flags = 0;
   request.extra_headers.SetHeader("X-Foo", "bar");
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   MockWrite data_writes[] = {
@@ -14680,9 +14832,7 @@ class FakeStreamFactory : public HttpStreamFactory {
   }
 
   void PreconnectStreams(int num_streams,
-                         const HttpRequestInfo& info,
-                         const SSLConfig& server_ssl_config,
-                         const SSLConfig& proxy_ssl_config) override {
+                         const HttpRequestInfo& info) override {
     ADD_FAILURE();
   }
 
@@ -14701,8 +14851,9 @@ class FakeStreamFactory : public HttpStreamFactory {
 // url_request_http_job_unittest.cc ?
 class FakeWebSocketBasicHandshakeStream : public WebSocketHandshakeStreamBase {
  public:
-  FakeWebSocketBasicHandshakeStream(scoped_ptr<ClientSocketHandle> connection,
-                                    bool using_proxy)
+  FakeWebSocketBasicHandshakeStream(
+      std::unique_ptr<ClientSocketHandle> connection,
+      bool using_proxy)
       : state_(connection.release(), using_proxy) {}
 
   // Fake implementation of HttpStreamBase methods.
@@ -14800,9 +14951,9 @@ class FakeWebSocketBasicHandshakeStream : public WebSocketHandshakeStreamBase {
   }
 
   // Fake implementation of WebSocketHandshakeStreamBase method(s)
-  scoped_ptr<WebSocketStream> Upgrade() override {
+  std::unique_ptr<WebSocketStream> Upgrade() override {
     NOTREACHED();
-    return scoped_ptr<WebSocketStream>();
+    return std::unique_ptr<WebSocketStream>();
   }
 
  private:
@@ -14818,7 +14969,7 @@ class FakeWebSocketStreamCreateHelper :
       public WebSocketHandshakeStreamBase::CreateHelper {
  public:
   WebSocketHandshakeStreamBase* CreateBasicStream(
-      scoped_ptr<ClientSocketHandle> connection,
+      std::unique_ptr<ClientSocketHandle> connection,
       bool using_proxy) override {
     return new FakeWebSocketBasicHandshakeStream(std::move(connection),
                                                  using_proxy);
@@ -14833,9 +14984,9 @@ class FakeWebSocketStreamCreateHelper :
 
   ~FakeWebSocketStreamCreateHelper() override {}
 
-  virtual scoped_ptr<WebSocketStream> Upgrade() {
+  virtual std::unique_ptr<WebSocketStream> Upgrade() {
     NOTREACHED();
-    return scoped_ptr<WebSocketStream>();
+    return std::unique_ptr<WebSocketStream>();
   }
 };
 
@@ -14844,10 +14995,10 @@ class FakeWebSocketStreamCreateHelper :
 // Make sure that HttpNetworkTransaction passes on its priority to its
 // stream request on start.
 TEST_P(HttpNetworkTransactionTest, SetStreamRequestPriorityOnStart) {
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
   HttpNetworkSessionPeer peer(session.get());
   FakeStreamFactory* fake_factory = new FakeStreamFactory();
-  peer.SetHttpStreamFactory(scoped_ptr<HttpStreamFactory>(fake_factory));
+  peer.SetHttpStreamFactory(std::unique_ptr<HttpStreamFactory>(fake_factory));
 
   HttpNetworkTransaction trans(LOW, session.get());
 
@@ -14867,10 +15018,10 @@ TEST_P(HttpNetworkTransactionTest, SetStreamRequestPriorityOnStart) {
 // Make sure that HttpNetworkTransaction passes on its priority
 // updates to its stream request.
 TEST_P(HttpNetworkTransactionTest, SetStreamRequestPriority) {
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
   HttpNetworkSessionPeer peer(session.get());
   FakeStreamFactory* fake_factory = new FakeStreamFactory();
-  peer.SetHttpStreamFactory(scoped_ptr<HttpStreamFactory>(fake_factory));
+  peer.SetHttpStreamFactory(std::unique_ptr<HttpStreamFactory>(fake_factory));
 
   HttpNetworkTransaction trans(LOW, session.get());
 
@@ -14892,10 +15043,10 @@ TEST_P(HttpNetworkTransactionTest, SetStreamRequestPriority) {
 // Make sure that HttpNetworkTransaction passes on its priority
 // updates to its stream.
 TEST_P(HttpNetworkTransactionTest, SetStreamPriority) {
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
   HttpNetworkSessionPeer peer(session.get());
   FakeStreamFactory* fake_factory = new FakeStreamFactory();
-  peer.SetHttpStreamFactory(scoped_ptr<HttpStreamFactory>(fake_factory));
+  peer.SetHttpStreamFactory(std::unique_ptr<HttpStreamFactory>(fake_factory));
 
   HttpNetworkTransaction trans(LOW, session.get());
 
@@ -14922,12 +15073,12 @@ TEST_P(HttpNetworkTransactionTest, CreateWebSocketHandshakeStream) {
   std::string test_cases[] = {"ws://www.example.org/",
                               "wss://www.example.org/"};
   for (size_t i = 0; i < arraysize(test_cases); ++i) {
-    scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+    std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
     HttpNetworkSessionPeer peer(session.get());
     FakeStreamFactory* fake_factory = new FakeStreamFactory();
     FakeWebSocketStreamCreateHelper websocket_stream_create_helper;
     peer.SetHttpStreamFactoryForWebSocket(
-        scoped_ptr<HttpStreamFactory>(fake_factory));
+        std::unique_ptr<HttpStreamFactory>(fake_factory));
 
     HttpNetworkTransaction trans(LOW, session.get());
     trans.SetWebSocketHandshakeStreamCreateHelper(
@@ -15004,11 +15155,11 @@ TEST_P(HttpNetworkTransactionTest, CloseSSLSocketOnIdleForHttpRequest) {
                                      http_writes, arraysize(http_writes));
   session_deps_.socket_factory->AddSocketDataProvider(&http_data);
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   // Start the SSL request.
   TestCompletionCallback ssl_callback;
-  scoped_ptr<HttpTransaction> ssl_trans(
+  std::unique_ptr<HttpTransaction> ssl_trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   ASSERT_EQ(ERR_IO_PENDING,
             ssl_trans->Start(&ssl_request, ssl_callback.callback(),
@@ -15016,7 +15167,7 @@ TEST_P(HttpNetworkTransactionTest, CloseSSLSocketOnIdleForHttpRequest) {
 
   // Start the HTTP request.  Pool should stall.
   TestCompletionCallback http_callback;
-  scoped_ptr<HttpTransaction> http_trans(
+  std::unique_ptr<HttpTransaction> http_trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   ASSERT_EQ(ERR_IO_PENDING,
             http_trans->Start(&http_request, http_callback.callback(),
@@ -15086,20 +15237,17 @@ TEST_P(HttpNetworkTransactionTest, CloseSSLSocketOnIdleForHttpRequest2) {
                                      http_writes, arraysize(http_writes));
   session_deps_.socket_factory->AddSocketDataProvider(&http_data);
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   // Preconnect an SSL socket.  A preconnect is needed because connect jobs are
   // cancelled when a normal transaction is cancelled.
   HttpStreamFactory* http_stream_factory = session->http_stream_factory();
-  SSLConfig ssl_config;
-  session->ssl_config_service()->GetSSLConfig(&ssl_config);
-  http_stream_factory->PreconnectStreams(1, ssl_request, ssl_config,
-                                         ssl_config);
+  http_stream_factory->PreconnectStreams(1, ssl_request);
   EXPECT_EQ(0, GetIdleSocketCountInSSLSocketPool(session.get()));
 
   // Start the HTTP request.  Pool should stall.
   TestCompletionCallback http_callback;
-  scoped_ptr<HttpTransaction> http_trans(
+  std::unique_ptr<HttpTransaction> http_trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   ASSERT_EQ(ERR_IO_PENDING,
             http_trans->Start(&http_request, http_callback.callback(),
@@ -15117,9 +15265,9 @@ TEST_P(HttpNetworkTransactionTest, CloseSSLSocketOnIdleForHttpRequest2) {
 }
 
 TEST_P(HttpNetworkTransactionTest, PostReadsErrorResponseAfterReset) {
-  std::vector<scoped_ptr<UploadElementReader>> element_readers;
+  std::vector<std::unique_ptr<UploadElementReader>> element_readers;
   element_readers.push_back(
-      make_scoped_ptr(new UploadBytesElementReader("foo", 3)));
+      base::WrapUnique(new UploadBytesElementReader("foo", 3)));
   ElementsUploadDataStream upload_data_stream(std::move(element_readers), 0);
 
   HttpRequestInfo request;
@@ -15128,8 +15276,8 @@ TEST_P(HttpNetworkTransactionTest, PostReadsErrorResponseAfterReset) {
   request.upload_data_stream = &upload_data_stream;
   request.load_flags = 0;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   // Send headers successfully, but get an error while sending the body.
   MockWrite data_writes[] = {
@@ -15173,7 +15321,7 @@ TEST_P(HttpNetworkTransactionTest, PostReadsErrorResponseAfterReset) {
 // response from a server that rejected a POST with a CONNECTION_RESET.
 TEST_P(HttpNetworkTransactionTest,
        PostReadsErrorResponseAfterResetOnReusedSocket) {
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
   MockWrite data_writes[] = {
     MockWrite("GET / HTTP/1.1\r\n"
               "Host: www.foo.com\r\n"
@@ -15204,7 +15352,7 @@ TEST_P(HttpNetworkTransactionTest,
   request1.url = GURL("http://www.foo.com/");
   request1.load_flags = 0;
 
-  scoped_ptr<HttpTransaction> trans1(
+  std::unique_ptr<HttpTransaction> trans1(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   int rv = trans1->Start(&request1, callback.callback(), BoundNetLog());
   EXPECT_EQ(ERR_IO_PENDING, rv);
@@ -15225,9 +15373,9 @@ TEST_P(HttpNetworkTransactionTest,
   // Delete the transaction to release the socket back into the socket pool.
   trans1.reset();
 
-  std::vector<scoped_ptr<UploadElementReader>> element_readers;
+  std::vector<std::unique_ptr<UploadElementReader>> element_readers;
   element_readers.push_back(
-      make_scoped_ptr(new UploadBytesElementReader("foo", 3)));
+      base::WrapUnique(new UploadBytesElementReader("foo", 3)));
   ElementsUploadDataStream upload_data_stream(std::move(element_readers), 0);
 
   HttpRequestInfo request2;
@@ -15236,7 +15384,7 @@ TEST_P(HttpNetworkTransactionTest,
   request2.upload_data_stream = &upload_data_stream;
   request2.load_flags = 0;
 
-  scoped_ptr<HttpTransaction> trans2(
+  std::unique_ptr<HttpTransaction> trans2(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   rv = trans2->Start(&request2, callback.callback(), BoundNetLog());
   EXPECT_EQ(ERR_IO_PENDING, rv);
@@ -15258,9 +15406,9 @@ TEST_P(HttpNetworkTransactionTest,
 
 TEST_P(HttpNetworkTransactionTest,
        PostReadsErrorResponseAfterResetPartialBodySent) {
-  std::vector<scoped_ptr<UploadElementReader>> element_readers;
+  std::vector<std::unique_ptr<UploadElementReader>> element_readers;
   element_readers.push_back(
-      make_scoped_ptr(new UploadBytesElementReader("foo", 3)));
+      base::WrapUnique(new UploadBytesElementReader("foo", 3)));
   ElementsUploadDataStream upload_data_stream(std::move(element_readers), 0);
 
   HttpRequestInfo request;
@@ -15269,8 +15417,8 @@ TEST_P(HttpNetworkTransactionTest,
   request.upload_data_stream = &upload_data_stream;
   request.load_flags = 0;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   // Send headers successfully, but get an error while sending the body.
   MockWrite data_writes[] = {
@@ -15322,8 +15470,8 @@ TEST_P(HttpNetworkTransactionTest, ChunkedPostReadsErrorResponseAfterReset) {
   request.upload_data_stream = &upload_data_stream;
   request.load_flags = 0;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   // Send headers successfully, but get an error while sending the body.
   MockWrite data_writes[] = {
@@ -15371,9 +15519,9 @@ TEST_P(HttpNetworkTransactionTest, ChunkedPostReadsErrorResponseAfterReset) {
 }
 
 TEST_P(HttpNetworkTransactionTest, PostReadsErrorResponseAfterResetAnd100) {
-  std::vector<scoped_ptr<UploadElementReader>> element_readers;
+  std::vector<std::unique_ptr<UploadElementReader>> element_readers;
   element_readers.push_back(
-      make_scoped_ptr(new UploadBytesElementReader("foo", 3)));
+      base::WrapUnique(new UploadBytesElementReader("foo", 3)));
   ElementsUploadDataStream upload_data_stream(std::move(element_readers), 0);
 
   HttpRequestInfo request;
@@ -15382,8 +15530,8 @@ TEST_P(HttpNetworkTransactionTest, PostReadsErrorResponseAfterResetAnd100) {
   request.upload_data_stream = &upload_data_stream;
   request.load_flags = 0;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 
   MockWrite data_writes[] = {
@@ -15425,9 +15573,9 @@ TEST_P(HttpNetworkTransactionTest, PostReadsErrorResponseAfterResetAnd100) {
 }
 
 TEST_P(HttpNetworkTransactionTest, PostIgnoresNonErrorResponseAfterReset) {
-  std::vector<scoped_ptr<UploadElementReader>> element_readers;
+  std::vector<std::unique_ptr<UploadElementReader>> element_readers;
   element_readers.push_back(
-      make_scoped_ptr(new UploadBytesElementReader("foo", 3)));
+      base::WrapUnique(new UploadBytesElementReader("foo", 3)));
   ElementsUploadDataStream upload_data_stream(std::move(element_readers), 0);
 
   HttpRequestInfo request;
@@ -15436,8 +15584,8 @@ TEST_P(HttpNetworkTransactionTest, PostIgnoresNonErrorResponseAfterReset) {
   request.upload_data_stream = &upload_data_stream;
   request.load_flags = 0;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   // Send headers successfully, but get an error while sending the body.
   MockWrite data_writes[] = {
@@ -15468,9 +15616,9 @@ TEST_P(HttpNetworkTransactionTest, PostIgnoresNonErrorResponseAfterReset) {
 
 TEST_P(HttpNetworkTransactionTest,
        PostIgnoresNonErrorResponseAfterResetAnd100) {
-  std::vector<scoped_ptr<UploadElementReader>> element_readers;
+  std::vector<std::unique_ptr<UploadElementReader>> element_readers;
   element_readers.push_back(
-      make_scoped_ptr(new UploadBytesElementReader("foo", 3)));
+      base::WrapUnique(new UploadBytesElementReader("foo", 3)));
   ElementsUploadDataStream upload_data_stream(std::move(element_readers), 0);
 
   HttpRequestInfo request;
@@ -15479,8 +15627,8 @@ TEST_P(HttpNetworkTransactionTest,
   request.upload_data_stream = &upload_data_stream;
   request.load_flags = 0;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   // Send headers successfully, but get an error while sending the body.
   MockWrite data_writes[] = {
@@ -15512,9 +15660,9 @@ TEST_P(HttpNetworkTransactionTest,
 }
 
 TEST_P(HttpNetworkTransactionTest, PostIgnoresHttp09ResponseAfterReset) {
-  std::vector<scoped_ptr<UploadElementReader>> element_readers;
+  std::vector<std::unique_ptr<UploadElementReader>> element_readers;
   element_readers.push_back(
-      make_scoped_ptr(new UploadBytesElementReader("foo", 3)));
+      base::WrapUnique(new UploadBytesElementReader("foo", 3)));
   ElementsUploadDataStream upload_data_stream(std::move(element_readers), 0);
 
   HttpRequestInfo request;
@@ -15523,8 +15671,8 @@ TEST_P(HttpNetworkTransactionTest, PostIgnoresHttp09ResponseAfterReset) {
   request.upload_data_stream = &upload_data_stream;
   request.load_flags = 0;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   // Send headers successfully, but get an error while sending the body.
   MockWrite data_writes[] = {
@@ -15553,9 +15701,9 @@ TEST_P(HttpNetworkTransactionTest, PostIgnoresHttp09ResponseAfterReset) {
 }
 
 TEST_P(HttpNetworkTransactionTest, PostIgnoresPartial400HeadersAfterReset) {
-  std::vector<scoped_ptr<UploadElementReader>> element_readers;
+  std::vector<std::unique_ptr<UploadElementReader>> element_readers;
   element_readers.push_back(
-      make_scoped_ptr(new UploadBytesElementReader("foo", 3)));
+      base::WrapUnique(new UploadBytesElementReader("foo", 3)));
   ElementsUploadDataStream upload_data_stream(std::move(element_readers), 0);
 
   HttpRequestInfo request;
@@ -15564,8 +15712,8 @@ TEST_P(HttpNetworkTransactionTest, PostIgnoresPartial400HeadersAfterReset) {
   request.upload_data_stream = &upload_data_stream;
   request.load_flags = 0;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   // Send headers successfully, but get an error while sending the body.
   MockWrite data_writes[] = {
@@ -15605,7 +15753,7 @@ TEST_P(HttpNetworkTransactionTest, ProxyHeadersNotSentOverWssTunnel) {
   session_deps_.proxy_service =
       ProxyService::CreateFixedFromPacResult("PROXY myproxy:70");
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   // Since a proxy is configured, try to establish a tunnel.
   MockWrite data_writes[] = {
@@ -15652,7 +15800,7 @@ TEST_P(HttpNetworkTransactionTest, ProxyHeadersNotSentOverWssTunnel) {
   SSLSocketDataProvider ssl(ASYNC, OK);
   session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl);
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   FakeWebSocketStreamCreateHelper websocket_stream_create_helper;
   trans->SetWebSocketHandshakeStreamCreateHelper(
@@ -15709,7 +15857,7 @@ TEST_P(HttpNetworkTransactionTest, ProxyHeadersNotSentOverWsTunnel) {
   session_deps_.proxy_service =
       ProxyService::CreateFixedFromPacResult("PROXY myproxy:70");
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   MockWrite data_writes[] = {
       // Try to establish a tunnel for the WebSocket connection, with
@@ -15751,7 +15899,7 @@ TEST_P(HttpNetworkTransactionTest, ProxyHeadersNotSentOverWsTunnel) {
       GURL("http://myproxy:70/"), "MyRealm1", HttpAuth::AUTH_SCHEME_BASIC,
       "Basic realm=MyRealm1", AuthCredentials(kFoo, kBar), "/");
 
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   FakeWebSocketStreamCreateHelper websocket_stream_create_helper;
   trans->SetWebSocketHandshakeStreamCreateHelper(
@@ -15776,9 +15924,9 @@ TEST_P(HttpNetworkTransactionTest, ProxyHeadersNotSentOverWsTunnel) {
 }
 
 TEST_P(HttpNetworkTransactionTest, TotalNetworkBytesPost) {
-  std::vector<scoped_ptr<UploadElementReader>> element_readers;
+  std::vector<std::unique_ptr<UploadElementReader>> element_readers;
   element_readers.push_back(
-      make_scoped_ptr(new UploadBytesElementReader("foo", 3)));
+      base::WrapUnique(new UploadBytesElementReader("foo", 3)));
   ElementsUploadDataStream upload_data_stream(std::move(element_readers), 0);
 
   HttpRequestInfo request;
@@ -15786,8 +15934,8 @@ TEST_P(HttpNetworkTransactionTest, TotalNetworkBytesPost) {
   request.url = GURL("http://www.foo.com/");
   request.upload_data_stream = &upload_data_stream;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   MockWrite data_writes[] = {
       MockWrite("POST / HTTP/1.1\r\n"
@@ -15821,9 +15969,9 @@ TEST_P(HttpNetworkTransactionTest, TotalNetworkBytesPost) {
 }
 
 TEST_P(HttpNetworkTransactionTest, TotalNetworkBytesPost100Continue) {
-  std::vector<scoped_ptr<UploadElementReader>> element_readers;
+  std::vector<std::unique_ptr<UploadElementReader>> element_readers;
   element_readers.push_back(
-      make_scoped_ptr(new UploadBytesElementReader("foo", 3)));
+      base::WrapUnique(new UploadBytesElementReader("foo", 3)));
   ElementsUploadDataStream upload_data_stream(std::move(element_readers), 0);
 
   HttpRequestInfo request;
@@ -15831,8 +15979,8 @@ TEST_P(HttpNetworkTransactionTest, TotalNetworkBytesPost100Continue) {
   request.url = GURL("http://www.foo.com/");
   request.upload_data_stream = &upload_data_stream;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   MockWrite data_writes[] = {
       MockWrite("POST / HTTP/1.1\r\n"
@@ -15874,8 +16022,8 @@ TEST_P(HttpNetworkTransactionTest, TotalNetworkBytesChunkedPost) {
   request.url = GURL("http://www.foo.com/");
   request.upload_data_stream = &upload_data_stream;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   // Send headers successfully, but get an error while sending the body.
   MockWrite data_writes[] = {
@@ -15919,8 +16067,12 @@ TEST_P(HttpNetworkTransactionTest, TotalNetworkBytesChunkedPost) {
 TEST_P(HttpNetworkTransactionTest, EnableNPN) {
   session_deps_.enable_npn = true;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
   HttpNetworkTransaction trans(DEFAULT_PRIORITY, session.get());
+  HttpRequestInfo request;
+  TestCompletionCallback callback;
+  EXPECT_EQ(ERR_IO_PENDING,
+            trans.Start(&request, callback.callback(), BoundNetLog()));
 
   EXPECT_THAT(trans.server_ssl_config_.alpn_protos,
               testing::ElementsAre(kProtoHTTP2, kProtoSPDY31, kProtoHTTP11));
@@ -15931,8 +16083,12 @@ TEST_P(HttpNetworkTransactionTest, EnableNPN) {
 TEST_P(HttpNetworkTransactionTest, DisableNPN) {
   session_deps_.enable_npn = false;
 
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
   HttpNetworkTransaction trans(DEFAULT_PRIORITY, session.get());
+  HttpRequestInfo request;
+  TestCompletionCallback callback;
+  EXPECT_EQ(ERR_IO_PENDING,
+            trans.Start(&request, callback.callback(), BoundNetLog()));
 
   EXPECT_THAT(trans.server_ssl_config_.alpn_protos,
               testing::ElementsAre(kProtoHTTP2, kProtoSPDY31, kProtoHTTP11));
@@ -15952,9 +16108,9 @@ TEST_P(HttpNetworkTransactionTest, TokenBindingSpdy) {
   ssl.SetNextProto(GetProtocol());
   session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl);
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 1));
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockRead reads[] = {CreateMockRead(*resp), CreateMockRead(*body),
                       MockRead(ASYNC, ERR_IO_PENDING)};
@@ -15962,7 +16118,7 @@ TEST_P(HttpNetworkTransactionTest, TokenBindingSpdy) {
   session_deps_.socket_factory->AddSocketDataProvider(&data);
   session_deps_.channel_id_service.reset(new ChannelIDService(
       new DefaultChannelIDStore(nullptr), base::ThreadTaskRunnerHandle::Get()));
-  scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
 
   HttpNetworkTransaction trans(DEFAULT_PRIORITY, session.get());
   TestCompletionCallback callback;
diff --git a/chromium/net/http/http_proxy_client_socket.h b/chromium/net/http/http_proxy_client_socket.h
index fb090e6d92e..1c433eadd14 100644
--- a/chromium/net/http/http_proxy_client_socket.h
+++ b/chromium/net/http/http_proxy_client_socket.h
@@ -14,6 +14,7 @@
 #include "net/base/completion_callback.h"
 #include "net/base/host_port_pair.h"
 #include "net/base/load_timing_info.h"
+#include "net/base/net_export.h"
 #include "net/http/http_auth_controller.h"
 #include "net/http/http_request_headers.h"
 #include "net/http/http_request_info.h"
@@ -32,7 +33,7 @@ class HttpStreamParser;
 class IOBuffer;
 class ProxyDelegate;
 
-class HttpProxyClientSocket : public ProxyClientSocket {
+class NET_EXPORT_PRIVATE HttpProxyClientSocket : public ProxyClientSocket {
  public:
   // Takes ownership of |transport_socket|, which should already be connected
   // by the time Connect() is called.  If tunnel is true then on Connect()
@@ -135,11 +136,11 @@ class HttpProxyClientSocket : public ProxyClientSocket {
   HttpResponseInfo response_;
 
   scoped_refptr<GrowableIOBuffer> parser_buf_;
-  scoped_ptr<HttpStreamParser> http_stream_parser_;
+  std::unique_ptr<HttpStreamParser> http_stream_parser_;
   scoped_refptr<IOBuffer> drain_buf_;
 
   // Stores the underlying socket.
-  scoped_ptr<ClientSocketHandle> transport_;
+  std::unique_ptr<ClientSocketHandle> transport_;
 
   // The hostname and port of the endpoint.  This is not necessarily the one
   // specified by the URL, due to Alternate-Protocol or fixed testing ports.
diff --git a/chromium/net/http/http_proxy_client_socket_fuzzer.cc b/chromium/net/http/http_proxy_client_socket_fuzzer.cc
new file mode 100644
index 00000000000..8c4b80e8ec3
--- /dev/null
+++ b/chromium/net/http/http_proxy_client_socket_fuzzer.cc
@@ -0,0 +1,83 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/http/http_proxy_client_socket.h"
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include <memory>
+#include <string>
+
+#include "base/logging.h"
+#include "base/strings/utf_string_conversions.h"
+#include "net/base/address_list.h"
+#include "net/base/auth.h"
+#include "net/base/fuzzed_data_provider.h"
+#include "net/base/host_port_pair.h"
+#include "net/base/test_completion_callback.h"
+#include "net/http/http_auth_cache.h"
+#include "net/http/http_auth_handler_basic.h"
+#include "net/http/http_auth_handler_digest.h"
+#include "net/http/http_auth_handler_factory.h"
+#include "net/http/http_auth_scheme.h"
+#include "net/log/test_net_log.h"
+#include "net/socket/client_socket_handle.h"
+#include "net/socket/fuzzed_socket.h"
+#include "net/socket/next_proto.h"
+
+// Fuzzer for HttpProxyClientSocket only tests establishing a connection when
+// using the proxy as a tunnel.
+//
+// |data| is used to create a FuzzedSocket to fuzz reads and writes, see that
+// class for details.
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  // Use a test NetLog, to exercise logging code.
+  net::TestNetLog test_net_log;
+
+  net::FuzzedDataProvider data_provider(data, size);
+
+  net::TestCompletionCallback callback;
+  std::unique_ptr<net::FuzzedSocket> fuzzed_socket(
+      new net::FuzzedSocket(&data_provider, &test_net_log));
+  CHECK_EQ(net::OK, fuzzed_socket->Connect(callback.callback()));
+
+  std::unique_ptr<net::ClientSocketHandle> socket_handle(
+      new net::ClientSocketHandle());
+  socket_handle->SetSocket(std::move(fuzzed_socket));
+
+  // Create auth handler supporting basic and digest schemes.  Other schemes can
+  // make system calls, which doesn't seem like a great idea.
+  net::HttpAuthCache auth_cache;
+  net::HttpAuthHandlerRegistryFactory auth_handler_factory;
+  auth_handler_factory.RegisterSchemeFactory(
+      net::kBasicAuthScheme, new net::HttpAuthHandlerBasic::Factory());
+  auth_handler_factory.RegisterSchemeFactory(
+      net::kDigestAuthScheme, new net::HttpAuthHandlerDigest::Factory());
+
+  scoped_refptr<net::HttpAuthController> auth_controller(
+      new net::HttpAuthController(net::HttpAuth::AUTH_PROXY,
+                                  GURL("http://proxy:42/"), &auth_cache,
+                                  &auth_handler_factory));
+  // Determine if the HttpProxyClientSocket should be told the underlying socket
+  // is HTTPS.
+  bool is_https_proxy = data_provider.ConsumeBool();
+  net::HttpProxyClientSocket socket(
+      socket_handle.release(), "Bond/007", net::HostPortPair("foo", 80),
+      net::HostPortPair("proxy", 42), auth_controller.get(), true /* tunnel */,
+      false /* using_spdy */, net::kProtoUnknown, nullptr /* proxy_delegate */,
+      is_https_proxy);
+  int result = socket.Connect(callback.callback());
+  result = callback.GetResult(result);
+
+  // Repeatedly try to log in with the same credentials.
+  while (result == net::ERR_PROXY_AUTH_REQUESTED) {
+    auth_controller->ResetAuth(net::AuthCredentials(
+        base::ASCIIToUTF16("user"), base::ASCIIToUTF16("pass")));
+    result = socket.RestartWithAuth(callback.callback());
+    result = callback.GetResult(result);
+  }
+
+  return 0;
+}
diff --git a/chromium/net/http/http_proxy_client_socket_pool.cc b/chromium/net/http/http_proxy_client_socket_pool.cc
index 5368ab9684d..11bf04d0935 100644
--- a/chromium/net/http/http_proxy_client_socket_pool.cc
+++ b/chromium/net/http/http_proxy_client_socket_pool.cc
@@ -169,13 +169,12 @@ HttpProxyConnectJobFactory::HttpProxyConnectJobFactory(
     base::TimeDelta::FromSeconds(kHttpProxyConnectJobTimeoutInSeconds);
 }
 
-
-scoped_ptr<ConnectJob>
+std::unique_ptr<ConnectJob>
 HttpProxyClientSocketPool::HttpProxyConnectJobFactory::NewConnectJob(
     const std::string& group_name,
     const PoolBase::Request& request,
     ConnectJob::Delegate* delegate) const {
-  return scoped_ptr<ConnectJob>(new HttpProxyConnectJob(
+  return std::unique_ptr<ConnectJob>(new HttpProxyConnectJob(
       group_name, request.priority(), request.respect_limits(),
       request.params(), ConnectionTimeout(), transport_pool_, ssl_pool_,
       delegate, net_log_));
@@ -242,9 +241,10 @@ void HttpProxyClientSocketPool::CancelRequest(
   base_.CancelRequest(group_name, handle);
 }
 
-void HttpProxyClientSocketPool::ReleaseSocket(const std::string& group_name,
-                                              scoped_ptr<StreamSocket> socket,
-                                              int id) {
+void HttpProxyClientSocketPool::ReleaseSocket(
+    const std::string& group_name,
+    std::unique_ptr<StreamSocket> socket,
+    int id) {
   base_.ReleaseSocket(group_name, std::move(socket), id);
 }
 
@@ -270,11 +270,11 @@ LoadState HttpProxyClientSocketPool::GetLoadState(
   return base_.GetLoadState(group_name, handle);
 }
 
-scoped_ptr<base::DictionaryValue> HttpProxyClientSocketPool::GetInfoAsValue(
-    const std::string& name,
-    const std::string& type,
-    bool include_nested_pools) const {
-  scoped_ptr<base::DictionaryValue> dict(base_.GetInfoAsValue(name, type));
+std::unique_ptr<base::DictionaryValue>
+HttpProxyClientSocketPool::GetInfoAsValue(const std::string& name,
+                                          const std::string& type,
+                                          bool include_nested_pools) const {
+  std::unique_ptr<base::DictionaryValue> dict(base_.GetInfoAsValue(name, type));
   if (include_nested_pools) {
     base::ListValue* list = new base::ListValue();
     if (transport_pool_) {
diff --git a/chromium/net/http/http_proxy_client_socket_pool.h b/chromium/net/http/http_proxy_client_socket_pool.h
index 64c13f17cd3..167aa615d47 100644
--- a/chromium/net/http/http_proxy_client_socket_pool.h
+++ b/chromium/net/http/http_proxy_client_socket_pool.h
@@ -5,11 +5,11 @@
 #ifndef NET_HTTP_HTTP_PROXY_CLIENT_SOCKET_POOL_H_
 #define NET_HTTP_HTTP_PROXY_CLIENT_SOCKET_POOL_H_
 
+#include <memory>
 #include <string>
 
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "base/time/time.h"
 #include "net/base/host_port_pair.h"
@@ -126,9 +126,9 @@ class HttpProxyConnectJob : public ConnectJob {
 
   int HandleConnectResult(int result);
 
-  scoped_ptr<HttpProxyClientSocketWrapper> client_socket_;
+  std::unique_ptr<HttpProxyClientSocketWrapper> client_socket_;
 
-  scoped_ptr<HttpResponseInfo> error_response_info_;
+  std::unique_ptr<HttpResponseInfo> error_response_info_;
 
   DISALLOW_COPY_AND_ASSIGN(HttpProxyConnectJob);
 };
@@ -165,7 +165,7 @@ class NET_EXPORT_PRIVATE HttpProxyClientSocketPool
                      ClientSocketHandle* handle) override;
 
   void ReleaseSocket(const std::string& group_name,
-                     scoped_ptr<StreamSocket> socket,
+                     std::unique_ptr<StreamSocket> socket,
                      int id) override;
 
   void FlushWithError(int error) override;
@@ -179,7 +179,7 @@ class NET_EXPORT_PRIVATE HttpProxyClientSocketPool
   LoadState GetLoadState(const std::string& group_name,
                          const ClientSocketHandle* handle) const override;
 
-  scoped_ptr<base::DictionaryValue> GetInfoAsValue(
+  std::unique_ptr<base::DictionaryValue> GetInfoAsValue(
       const std::string& name,
       const std::string& type,
       bool include_nested_pools) const override;
@@ -206,7 +206,7 @@ class NET_EXPORT_PRIVATE HttpProxyClientSocketPool
                                NetLog* net_log);
 
     // ClientSocketPoolBase::ConnectJobFactory methods.
-    scoped_ptr<ConnectJob> NewConnectJob(
+    std::unique_ptr<ConnectJob> NewConnectJob(
         const std::string& group_name,
         const PoolBase::Request& request,
         ConnectJob::Delegate* delegate) const override;
diff --git a/chromium/net/http/http_proxy_client_socket_pool_unittest.cc b/chromium/net/http/http_proxy_client_socket_pool_unittest.cc
index 1daca24825c..f9d853dbaa9 100644
--- a/chromium/net/http/http_proxy_client_socket_pool_unittest.cc
+++ b/chromium/net/http/http_proxy_client_socket_pool_unittest.cc
@@ -201,7 +201,7 @@ class HttpProxyClientSocketPoolTest
     ssl_data_->SetNextProto(GetParam().protocol);
   }
 
-  scoped_ptr<HttpNetworkSession> CreateNetworkSession() {
+  std::unique_ptr<HttpNetworkSession> CreateNetworkSession() {
     return SpdySessionDependencies::SpdyCreateSession(&session_deps_);
   }
 
@@ -214,15 +214,15 @@ class HttpProxyClientSocketPoolTest
 
   MockTransportClientSocketPool transport_socket_pool_;
   MockHostResolver host_resolver_;
-  scoped_ptr<CertVerifier> cert_verifier_;
+  std::unique_ptr<CertVerifier> cert_verifier_;
   SSLClientSocketPool ssl_socket_pool_;
 
-  scoped_ptr<HttpNetworkSession> session_;
+  std::unique_ptr<HttpNetworkSession> session_;
 
  protected:
   SpdyTestUtil spdy_util_;
-  scoped_ptr<SSLSocketDataProvider> ssl_data_;
-  scoped_ptr<SequencedSocketData> data_;
+  std::unique_ptr<SSLSocketDataProvider> ssl_data_;
+  std::unique_ptr<SequencedSocketData> data_;
   HttpProxyClientSocketPool pool_;
   ClientSocketHandle handle_;
   TestCompletionCallback callback_;
@@ -251,7 +251,7 @@ INSTANTIATE_TEST_CASE_P(
 TEST_P(HttpProxyClientSocketPoolTest, NoTunnel) {
   Initialize(NULL, 0, NULL, 0, NULL, 0, NULL, 0);
 
-  scoped_ptr<TestProxyDelegate> proxy_delegate(new TestProxyDelegate());
+  std::unique_ptr<TestProxyDelegate> proxy_delegate(new TestProxyDelegate());
   int rv = handle_.Init("a", CreateNoTunnelParams(proxy_delegate.get()), LOW,
                         ClientSocketPool::RespectLimits::ENABLED,
                         CompletionCallback(), &pool_, BoundNetLog());
@@ -288,9 +288,9 @@ TEST_P(HttpProxyClientSocketPoolTest, NeedAuth) {
     MockRead(ASYNC, 3, "Content-Length: 10\r\n\r\n"),
     MockRead(ASYNC, 4, "0123456789"),
   };
-  scoped_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyConnect(
+  std::unique_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyConnect(
       NULL, 0, 1, LOW, HostPortPair("www.google.com", 443)));
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(1, RST_STREAM_CANCEL));
   MockWrite spdy_writes[] = {
     CreateMockWrite(*req, 0, ASYNC),
@@ -301,7 +301,7 @@ TEST_P(HttpProxyClientSocketPoolTest, NeedAuth) {
   resp_block["proxy-authenticate"] = "Basic realm=\"MyRealm1\"";
   spdy_util_.MaybeAddVersionHeader(&resp_block);
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyReply(1, resp_block));
   MockRead spdy_reads[] = {
     CreateMockRead(*resp, 1, ASYNC),
@@ -361,7 +361,7 @@ TEST_P(HttpProxyClientSocketPoolTest, HaveAuth) {
              NULL, 0);
   AddAuthToCache();
 
-  scoped_ptr<TestProxyDelegate> proxy_delegate(new TestProxyDelegate());
+  std::unique_ptr<TestProxyDelegate> proxy_delegate(new TestProxyDelegate());
   int rv = handle_.Init("a", CreateTunnelParams(proxy_delegate.get()), LOW,
                         ClientSocketPool::RespectLimits::ENABLED,
                         callback_.callback(), &pool_, BoundNetLog());
@@ -397,13 +397,13 @@ TEST_P(HttpProxyClientSocketPoolTest, AsyncHaveAuth) {
     MockRead(ASYNC, 1, "HTTP/1.1 200 Connection Established\r\n\r\n"),
   };
 
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyConnect(kAuthHeaders, kAuthHeadersSize, 1, LOW,
                                       HostPortPair("www.google.com", 443)));
   MockWrite spdy_writes[] = {
     CreateMockWrite(*req, 0, ASYNC)
   };
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
   MockRead spdy_reads[] = {
       CreateMockRead(*resp, 1, ASYNC),
@@ -416,7 +416,7 @@ TEST_P(HttpProxyClientSocketPoolTest, AsyncHaveAuth) {
              arraysize(spdy_writes));
   AddAuthToCache();
 
-  scoped_ptr<TestProxyDelegate> proxy_delegate(new TestProxyDelegate());
+  std::unique_ptr<TestProxyDelegate> proxy_delegate(new TestProxyDelegate());
   int rv = handle_.Init("a", CreateTunnelParams(proxy_delegate.get()), LOW,
                         ClientSocketPool::RespectLimits::ENABLED,
                         callback_.callback(), &pool_, BoundNetLog());
@@ -440,13 +440,13 @@ TEST_P(HttpProxyClientSocketPoolTest,
   if (GetParam().proxy_type != SPDY)
     return;
 
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyConnect(kAuthHeaders, kAuthHeadersSize, 1, MEDIUM,
                                       HostPortPair("www.google.com", 443)));
   MockWrite spdy_writes[] = {
     CreateMockWrite(*req, 0, ASYNC)
   };
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
   MockRead spdy_reads[] = {
     CreateMockRead(*resp, 1, ASYNC),
@@ -551,7 +551,7 @@ TEST_P(HttpProxyClientSocketPoolTest, TunnelUnexpectedClose) {
     MockRead(ASYNC, 1, "HTTP/1.1 200 Conn"),
     MockRead(ASYNC, ERR_CONNECTION_CLOSED, 2),
   };
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyConnect(kAuthHeaders, kAuthHeadersSize, 1, LOW,
                                       HostPortPair("www.google.com", 443)));
   MockWrite spdy_writes[] = {
@@ -626,16 +626,16 @@ TEST_P(HttpProxyClientSocketPoolTest, TunnelSetupError) {
   MockRead reads[] = {
     MockRead(ASYNC, 1, "HTTP/1.1 304 Not Modified\r\n\r\n"),
   };
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyConnect(kAuthHeaders, kAuthHeadersSize, 1, LOW,
                                       HostPortPair("www.google.com", 443)));
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(1, RST_STREAM_CANCEL));
   MockWrite spdy_writes[] = {
     CreateMockWrite(*req, 0, ASYNC),
     CreateMockWrite(*rst, 2, ASYNC),
   };
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdySynReplyError(1));
   MockRead spdy_reads[] = {
     CreateMockRead(*resp, 1, ASYNC),
@@ -678,10 +678,10 @@ TEST_P(HttpProxyClientSocketPoolTest, TunnelSetupRedirect) {
   MockRead reads[] = {
     MockRead(ASYNC, 1, responseText.c_str()),
   };
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyConnect(kAuthHeaders, kAuthHeadersSize, 1, LOW,
                                       HostPortPair("www.google.com", 443)));
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(1, RST_STREAM_CANCEL));
 
   MockWrite spdy_writes[] = {
@@ -694,8 +694,9 @@ TEST_P(HttpProxyClientSocketPoolTest, TunnelSetupRedirect) {
     "set-cookie", "foo=bar",
   };
   const int responseHeadersSize = arraysize(responseHeaders) / 2;
-  scoped_ptr<SpdySerializedFrame> resp(spdy_util_.ConstructSpdySynReplyError(
-      "302 Found", responseHeaders, responseHeadersSize, 1));
+  std::unique_ptr<SpdySerializedFrame> resp(
+      spdy_util_.ConstructSpdySynReplyError("302 Found", responseHeaders,
+                                            responseHeadersSize, 1));
   MockRead spdy_reads[] = {
     CreateMockRead(*resp, 1, ASYNC),
     MockRead(ASYNC, 0, 2),
diff --git a/chromium/net/http/http_proxy_client_socket_wrapper.cc b/chromium/net/http/http_proxy_client_socket_wrapper.cc
index bf9acbfa8a3..b63ee4ef3a8 100644
--- a/chromium/net/http/http_proxy_client_socket_wrapper.cc
+++ b/chromium/net/http/http_proxy_client_socket_wrapper.cc
@@ -108,7 +108,7 @@ LoadState HttpProxyClientSocketWrapper::GetConnectLoadState() const {
   return LOAD_STATE_IDLE;
 }
 
-scoped_ptr<HttpResponseInfo>
+std::unique_ptr<HttpResponseInfo>
 HttpProxyClientSocketWrapper::GetAdditionalErrorState() {
   return std::move(error_response_info_);
 }
diff --git a/chromium/net/http/http_proxy_client_socket_wrapper.h b/chromium/net/http/http_proxy_client_socket_wrapper.h
index c83ccd690a6..f39d6bef953 100644
--- a/chromium/net/http/http_proxy_client_socket_wrapper.h
+++ b/chromium/net/http/http_proxy_client_socket_wrapper.h
@@ -7,11 +7,11 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/time/time.h"
 #include "base/timer/timer.h"
 #include "net/base/completion_callback.h"
@@ -78,7 +78,7 @@ class HttpProxyClientSocketWrapper : public ProxyClientSocket {
   // LOAD_STATE_IDLE at other times.
   LoadState GetConnectLoadState() const;
 
-  scoped_ptr<HttpResponseInfo> GetAdditionalErrorState();
+  std::unique_ptr<HttpResponseInfo> GetAdditionalErrorState();
 
   // ProxyClientSocket implementation.
   const HttpResponseInfo* GetConnectResponseInfo() const override;
@@ -189,10 +189,10 @@ class HttpProxyClientSocketWrapper : public ProxyClientSocket {
   bool using_spdy_;
   NextProto protocol_negotiated_;
 
-  scoped_ptr<HttpResponseInfo> error_response_info_;
+  std::unique_ptr<HttpResponseInfo> error_response_info_;
 
-  scoped_ptr<ClientSocketHandle> transport_socket_handle_;
-  scoped_ptr<ProxyClientSocket> transport_socket_;
+  std::unique_ptr<ClientSocketHandle> transport_socket_handle_;
+  std::unique_ptr<ProxyClientSocket> transport_socket_;
 
   // Called when a connection is established. Also used when restarting with
   // AUTH, which will invoke this when ready to restart, after reconnecting
diff --git a/chromium/net/http/http_request_headers.cc b/chromium/net/http/http_request_headers.cc
index 312702c03f7..b04a0b578e0 100644
--- a/chromium/net/http/http_request_headers.cc
+++ b/chromium/net/http/http_request_headers.cc
@@ -187,10 +187,10 @@ std::string HttpRequestHeaders::ToString() const {
   return output;
 }
 
-scoped_ptr<base::Value> HttpRequestHeaders::NetLogCallback(
+std::unique_ptr<base::Value> HttpRequestHeaders::NetLogCallback(
     const std::string* request_line,
     NetLogCaptureMode capture_mode) const {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetString("line", *request_line);
   base::ListValue* headers = new base::ListValue();
   for (HeaderVector::const_iterator it = headers_.begin();
diff --git a/chromium/net/http/http_request_headers.h b/chromium/net/http/http_request_headers.h
index c500d8c3aad..62ec37cab9f 100644
--- a/chromium/net/http/http_request_headers.h
+++ b/chromium/net/http/http_request_headers.h
@@ -153,8 +153,9 @@ class NET_EXPORT HttpRequestHeaders {
 
   // Takes in the request line and returns a Value for use with the NetLog
   // containing both the request line and all headers fields.
-  scoped_ptr<base::Value> NetLogCallback(const std::string* request_line,
-                                         NetLogCaptureMode capture_mode) const;
+  std::unique_ptr<base::Value> NetLogCallback(
+      const std::string* request_line,
+      NetLogCaptureMode capture_mode) const;
 
   // Takes in a Value created by the above function, and attempts to extract the
   // request line and create a copy of the original headers.  Returns true on
diff --git a/chromium/net/http/http_request_headers_unittest.cc b/chromium/net/http/http_request_headers_unittest.cc
index 7c00c6eead9..6a09e4631e7 100644
--- a/chromium/net/http/http_request_headers_unittest.cc
+++ b/chromium/net/http/http_request_headers_unittest.cc
@@ -4,7 +4,8 @@
 
 #include "net/http/http_request_headers.h"
 
-#include "base/memory/scoped_ptr.h"
+#include <memory>
+
 #include "base/values.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
@@ -171,7 +172,7 @@ TEST(HttpRequestHeaders, ToNetLogParamAndBackAgain) {
   headers.SetHeader("A", "a");
   std::string request_line("GET /stuff");
 
-  scoped_ptr<base::Value> event_param(headers.NetLogCallback(
+  std::unique_ptr<base::Value> event_param(headers.NetLogCallback(
       &request_line, NetLogCaptureMode::IncludeCookiesAndCredentials()));
   HttpRequestHeaders headers2;
   std::string request_line2;
diff --git a/chromium/net/http/http_response_body_drainer.h b/chromium/net/http/http_response_body_drainer.h
index 2ff4a767f95..e2d159d831d 100644
--- a/chromium/net/http/http_response_body_drainer.h
+++ b/chromium/net/http/http_response_body_drainer.h
@@ -5,9 +5,10 @@
 #ifndef NET_HTTP_HTTP_RESPONSE_BODY_DRAINER_H_
 #define NET_HTTP_HTTP_RESPONSE_BODY_DRAINER_H_
 
+#include <memory>
+
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/timer/timer.h"
 #include "net/base/completion_callback.h"
 #include "net/base/net_export.h"
@@ -52,7 +53,7 @@ class NET_EXPORT_PRIVATE HttpResponseBodyDrainer {
   void Finish(int result);
 
   scoped_refptr<IOBuffer> read_buf_;
-  const scoped_ptr<HttpStream> stream_;
+  const std::unique_ptr<HttpStream> stream_;
   State next_state_;
   int total_read_;
   CompletionCallback user_callback_;
diff --git a/chromium/net/http/http_response_body_drainer_unittest.cc b/chromium/net/http/http_response_body_drainer_unittest.cc
index 9ee6f84e03a..5cc7f343f7c 100644
--- a/chromium/net/http/http_response_body_drainer_unittest.cc
+++ b/chromium/net/http/http_response_body_drainer_unittest.cc
@@ -15,7 +15,7 @@
 #include "base/memory/weak_ptr.h"
 #include "base/message_loop/message_loop.h"
 #include "base/single_thread_task_runner.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/io_buffer.h"
 #include "net/base/net_errors.h"
 #include "net/base/test_completion_callback.h"
@@ -236,11 +236,11 @@ class HttpResponseBodyDrainerTest : public testing::Test {
     return new HttpNetworkSession(params);
   }
 
-  scoped_ptr<ProxyService> proxy_service_;
+  std::unique_ptr<ProxyService> proxy_service_;
   scoped_refptr<SSLConfigService> ssl_config_service_;
-  scoped_ptr<HttpServerPropertiesImpl> http_server_properties_;
-  scoped_ptr<TransportSecurityState> transport_security_state_;
-  const scoped_ptr<HttpNetworkSession> session_;
+  std::unique_ptr<HttpServerPropertiesImpl> http_server_properties_;
+  std::unique_ptr<TransportSecurityState> transport_security_state_;
+  const std::unique_ptr<HttpNetworkSession> session_;
   CloseResultWaiter result_waiter_;
   MockHttpStream* const mock_stream_;  // Owned by |drainer_|.
   HttpResponseBodyDrainer* const drainer_;  // Deletes itself.
diff --git a/chromium/net/http/http_response_headers.cc b/chromium/net/http/http_response_headers.cc
index 8f8ce9d38aa..9574b03bc85 100644
--- a/chromium/net/http/http_response_headers.cc
+++ b/chromium/net/http/http_response_headers.cc
@@ -10,6 +10,7 @@
 #include "net/http/http_response_headers.h"
 
 #include <algorithm>
+#include <unordered_map>
 #include <utility>
 
 #include "base/format_macros.h"
@@ -23,6 +24,7 @@
 #include "base/time/time.h"
 #include "base/values.h"
 #include "net/base/escape.h"
+#include "net/base/parse_number.h"
 #include "net/http/http_byte_range.h"
 #include "net/http/http_log_util.h"
 #include "net/http/http_util.h"
@@ -456,7 +458,7 @@ void HttpResponseHeaders::GetNormalizedHeaders(std::string* output) const {
   // be a web app, we cannot be certain of the semantics of commas despite the
   // fact that RFC 2616 says that they should be regarded as value separators.
   //
-  typedef base::hash_map<std::string, size_t> HeadersMap;
+  using HeadersMap = std::unordered_map<std::string, size_t>;
   HeadersMap headers_map;
   HeadersMap::iterator iter = headers_map.end();
 
@@ -654,7 +656,7 @@ HttpVersion HttpResponseHeaders::ParseVersion(
   ++p;  // from / to first digit.
   ++dot;  // from . to second digit.
 
-  if (!(*p >= '0' && *p <= '9' && *dot >= '0' && *dot <= '9')) {
+  if (!(base::IsAsciiDigit(*p) && base::IsAsciiDigit(*dot))) {
     DVLOG(1) << "malformed version number";
     return HttpVersion();
   }
@@ -709,7 +711,7 @@ void HttpResponseHeaders::ParseStatusLine(
     ++p;
 
   std::string::const_iterator code = p;
-  while (p < line_end && *p >= '0' && *p <= '9')
+  while (p < line_end && base::IsAsciiDigit(*p))
     ++p;
 
   if (p == code) {
@@ -961,7 +963,7 @@ ValidationType HttpResponseHeaders::RequiresValidation(
     const Time& response_time,
     const Time& current_time) const {
   FreshnessLifetimes lifetimes = GetFreshnessLifetimes(response_time);
-  if (lifetimes.freshness == TimeDelta() && lifetimes.staleness == TimeDelta())
+  if (lifetimes.freshness.is_zero() && lifetimes.staleness.is_zero())
     return VALIDATION_SYNCHRONOUS;
 
   TimeDelta age = GetCurrentAge(request_time, response_time, current_time);
@@ -1155,8 +1157,20 @@ bool HttpResponseHeaders::GetAgeValue(TimeDelta* result) const {
   if (!EnumerateHeader(nullptr, "Age", &value))
     return false;
 
-  int64_t seconds;
-  base::StringToInt64(value, &seconds);
+  // Parse the delta-seconds as 1*DIGIT.
+  uint32_t seconds;
+  ParseIntError error;
+  if (!ParseUint32(value, &seconds, &error)) {
+    if (error == ParseIntError::FAILED_OVERFLOW) {
+      // If the Age value cannot fit in a uint32_t, saturate it to a maximum
+      // value. This is similar to what RFC 2616 says in section 14.6 for how
+      // caches should transmit values that overflow.
+      seconds = std::numeric_limits<decltype(seconds)>::max();
+    } else {
+      return false;
+    }
+  }
+
   *result = TimeDelta::FromSeconds(seconds);
   return true;
 }
@@ -1398,11 +1412,11 @@ bool HttpResponseHeaders::GetContentRange(int64_t* first_byte_position,
   return true;
 }
 
-scoped_ptr<base::Value> HttpResponseHeaders::NetLogCallback(
+std::unique_ptr<base::Value> HttpResponseHeaders::NetLogCallback(
     NetLogCaptureMode capture_mode) const {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   base::ListValue* headers = new base::ListValue();
-  headers->Append(new base::StringValue(GetStatusLine()));
+  headers->Append(new base::StringValue(EscapeNonASCII(GetStatusLine())));
   size_t iterator = 0;
   std::string name;
   std::string value;
diff --git a/chromium/net/http/http_response_headers.h b/chromium/net/http/http_response_headers.h
index a3126aa72d7..653eacc4d44 100644
--- a/chromium/net/http/http_response_headers.h
+++ b/chromium/net/http/http_response_headers.h
@@ -9,9 +9,9 @@
 #include <stdint.h>
 
 #include <string>
+#include <unordered_set>
 #include <vector>
 
-#include "base/containers/hash_tables.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
 #include "base/strings/string_piece.h"
@@ -253,8 +253,8 @@ class NET_EXPORT HttpResponseHeaders
                                 const base::Time& current_time) const;
 
   // The following methods extract values from the response headers.  If a
-  // value is not present, then false is returned.  Otherwise, true is returned
-  // and the out param is assigned to the corresponding value.
+  // value is not present, or is invalid, then false is returned.  Otherwise,
+  // true is returned and the out param is assigned to the corresponding value.
   bool GetMaxAgeValue(base::TimeDelta* value) const;
   bool GetAgeValue(base::TimeDelta* value) const;
   bool GetDateValue(base::Time* value) const;
@@ -301,7 +301,8 @@ class NET_EXPORT HttpResponseHeaders
   bool IsChunkEncoded() const;
 
   // Creates a Value for use with the NetLog containing the response headers.
-  scoped_ptr<base::Value> NetLogCallback(NetLogCaptureMode capture_mode) const;
+  std::unique_ptr<base::Value> NetLogCallback(
+      NetLogCaptureMode capture_mode) const;
 
   // Takes in a Value created by the above function, and attempts to create a
   // copy of the original headers.  Returns true on success.  On failure,
@@ -323,7 +324,7 @@ class NET_EXPORT HttpResponseHeaders
  private:
   friend class base::RefCountedThreadSafe<HttpResponseHeaders>;
 
-  typedef base::hash_set<std::string> HeaderSet;
+  using HeaderSet = std::unordered_set<std::string>;
 
   // The members of this structure point into raw_headers_.
   struct ParsedHeader;
diff --git a/chromium/net/http/http_response_headers_unittest.cc b/chromium/net/http/http_response_headers_unittest.cc
index 70a5d09562a..a9567c6512a 100644
--- a/chromium/net/http/http_response_headers_unittest.cc
+++ b/chromium/net/http/http_response_headers_unittest.cc
@@ -2,18 +2,19 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "net/http/http_response_headers.h"
+
 #include <stdint.h>
 
 #include <algorithm>
 #include <iostream>
 #include <limits>
+#include <memory>
 
-#include "base/memory/scoped_ptr.h"
 #include "base/pickle.h"
 #include "base/time/time.h"
 #include "base/values.h"
 #include "net/http/http_byte_range.h"
-#include "net/http/http_response_headers.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 namespace net {
@@ -533,6 +534,71 @@ TEST(HttpResponseHeadersTest, DefaultDateToGMT) {
     EXPECT_EQ(expected_value, value);
 }
 
+TEST(HttpResponseHeadersTest, GetAgeValue10) {
+  std::string headers =
+      "HTTP/1.1 200 OK\n"
+      "Age: 10\n";
+  HeadersToRaw(&headers);
+  scoped_refptr<HttpResponseHeaders> parsed(new HttpResponseHeaders(headers));
+  base::TimeDelta age;
+  ASSERT_TRUE(parsed->GetAgeValue(&age));
+  EXPECT_EQ(10, age.InSeconds());
+}
+
+TEST(HttpResponseHeadersTest, GetAgeValue0) {
+  std::string headers =
+      "HTTP/1.1 200 OK\n"
+      "Age: 0\n";
+  HeadersToRaw(&headers);
+  scoped_refptr<HttpResponseHeaders> parsed(new HttpResponseHeaders(headers));
+  base::TimeDelta age;
+  ASSERT_TRUE(parsed->GetAgeValue(&age));
+  EXPECT_EQ(0, age.InSeconds());
+}
+
+TEST(HttpResponseHeadersTest, GetAgeValueBogus) {
+  std::string headers =
+      "HTTP/1.1 200 OK\n"
+      "Age: donkey\n";
+  HeadersToRaw(&headers);
+  scoped_refptr<HttpResponseHeaders> parsed(new HttpResponseHeaders(headers));
+  base::TimeDelta age;
+  ASSERT_FALSE(parsed->GetAgeValue(&age));
+}
+
+TEST(HttpResponseHeadersTest, GetAgeValueNegative) {
+  std::string headers =
+      "HTTP/1.1 200 OK\n"
+      "Age: -10\n";
+  HeadersToRaw(&headers);
+  scoped_refptr<HttpResponseHeaders> parsed(new HttpResponseHeaders(headers));
+  base::TimeDelta age;
+  ASSERT_FALSE(parsed->GetAgeValue(&age));
+}
+
+TEST(HttpResponseHeadersTest, GetAgeValueLeadingPlus) {
+  std::string headers =
+      "HTTP/1.1 200 OK\n"
+      "Age: +10\n";
+  HeadersToRaw(&headers);
+  scoped_refptr<HttpResponseHeaders> parsed(new HttpResponseHeaders(headers));
+  base::TimeDelta age;
+  ASSERT_FALSE(parsed->GetAgeValue(&age));
+}
+
+TEST(HttpResponseHeadersTest, GetAgeValueOverflow) {
+  std::string headers =
+      "HTTP/1.1 200 OK\n"
+      "Age: 999999999999999999999999999999999999999999\n";
+  HeadersToRaw(&headers);
+  scoped_refptr<HttpResponseHeaders> parsed(new HttpResponseHeaders(headers));
+  base::TimeDelta age;
+  ASSERT_TRUE(parsed->GetAgeValue(&age));
+
+  // Should have saturated to 2^32 - 1.
+  EXPECT_EQ(static_cast<int64_t>(0xFFFFFFFFL), age.InSeconds());
+}
+
 struct ContentTypeTestData {
   const std::string raw_headers;
   const std::string mime_type;
@@ -2022,7 +2088,7 @@ TEST(HttpResponseHeadersTest, ToNetLogParamAndBackAgain) {
   HeadersToRaw(&headers);
   scoped_refptr<HttpResponseHeaders> parsed(new HttpResponseHeaders(headers));
 
-  scoped_ptr<base::Value> event_param(parsed->NetLogCallback(
+  std::unique_ptr<base::Value> event_param(parsed->NetLogCallback(
       NetLogCaptureMode::IncludeCookiesAndCredentials()));
   scoped_refptr<HttpResponseHeaders> recreated;
 
diff --git a/chromium/net/http/http_security_headers.cc b/chromium/net/http/http_security_headers.cc
index 5174825cc9a..8225385ee8a 100644
--- a/chromium/net/http/http_security_headers.cc
+++ b/chromium/net/http/http_security_headers.cc
@@ -5,10 +5,10 @@
 #include <limits>
 
 #include "base/base64.h"
-#include "base/strings/string_number_conversions.h"
 #include "base/strings/string_piece.h"
 #include "base/strings/string_tokenizer.h"
 #include "base/strings/string_util.h"
+#include "net/base/parse_number.h"
 #include "net/http/http_security_headers.h"
 #include "net/http/http_util.h"
 #include "url/gurl.h"
@@ -19,9 +19,6 @@ namespace {
 
 enum MaxAgeParsing { REQUIRE_MAX_AGE, DO_NOT_REQUIRE_MAX_AGE };
 
-static_assert(kMaxHSTSAgeSecs <= UINT32_MAX, "kMaxHSTSAgeSecs too large");
-static_assert(kMaxHPKPAgeSecs <= UINT32_MAX, "kMaxHPKPAgeSecs too large");
-
 // MaxAgeToLimitedInt converts a string representation of a "whole number" of
 // seconds into a uint32_t. The string may contain an arbitrarily large number,
 // which will be clipped to a supplied limit and which is guaranteed to fit
@@ -31,25 +28,19 @@ bool MaxAgeToLimitedInt(std::string::const_iterator begin,
                         uint32_t limit,
                         uint32_t* result) {
   const base::StringPiece s(begin, end);
-  if (s.empty())
-    return false;
 
-  int64_t i = 0;
+  ParseIntError error;
+  if (!ParseUint32(s, result, &error)) {
+    if (error == ParseIntError::FAILED_OVERFLOW) {
+      *result = limit;
+    } else {
+      return false;
+    }
+  }
+
+  if (*result > limit)
+    *result = limit;
 
-  // Return false on any StringToInt64 parse errors *except* for int64_t
-  // overflow. StringToInt64 is used, rather than StringToUint64, in order to
-  // properly handle and reject negative numbers (StringToUint64 does not return
-  // false on negative numbers). For values too large to be stored in an
-  // int64_t, StringToInt64 will return false with i set to
-  // std::numeric_limits<int64_t>::max(), so this case is allowed to fall
-  // through so that i gets clipped to limit.
-  if (!base::StringToInt64(s, &i) && i != std::numeric_limits<int64_t>::max())
-    return false;
-  if (i < 0)
-    return false;
-  if (i > limit)
-    i = limit;
-  *result = (uint32_t)i;
   return true;
 }
 
@@ -57,15 +48,11 @@ bool MaxAgeToLimitedInt(std::string::const_iterator begin,
 // |from_cert_chain|. Such an SPKI hash is called a "backup pin".
 bool IsBackupPinPresent(const HashValueVector& pins,
                         const HashValueVector& from_cert_chain) {
-  for (HashValueVector::const_iterator i = pins.begin(); i != pins.end();
-       ++i) {
-    HashValueVector::const_iterator j =
-        std::find_if(from_cert_chain.begin(), from_cert_chain.end(),
-                     HashValuesEqual(*i));
-    if (j == from_cert_chain.end())
+  for (const auto& pin : pins) {
+    auto p = std::find(from_cert_chain.begin(), from_cert_chain.end(), pin);
+    if (p == from_cert_chain.end())
       return true;
   }
-
   return false;
 }
 
@@ -73,10 +60,9 @@ bool IsBackupPinPresent(const HashValueVector& pins,
 // |a| or |b| is empty, returns false.
 bool HashesIntersect(const HashValueVector& a,
                      const HashValueVector& b) {
-  for (HashValueVector::const_iterator i = a.begin(); i != a.end(); ++i) {
-    HashValueVector::const_iterator j =
-        std::find_if(b.begin(), b.end(), HashValuesEqual(*i));
-    if (j != b.end())
+  for (const auto& pin : a) {
+    auto p = std::find(b.begin(), b.end(), pin);
+    if (p != b.end())
       return true;
   }
   return false;
@@ -137,7 +123,8 @@ bool ParseHPKPHeaderImpl(const std::string& value,
 
   HttpUtil::NameValuePairsIterator name_value_pairs(
       value.begin(), value.end(), ';',
-      HttpUtil::NameValuePairsIterator::VALUES_OPTIONAL);
+      HttpUtil::NameValuePairsIterator::Values::NOT_REQUIRED,
+      HttpUtil::NameValuePairsIterator::Quotes::NOT_STRICT);
 
   while (name_value_pairs.GetNext()) {
     if (base::LowerCaseEqualsASCII(
diff --git a/chromium/net/http/http_security_headers.h b/chromium/net/http/http_security_headers.h
index a2ddad2d46e..34f37b9f921 100644
--- a/chromium/net/http/http_security_headers.h
+++ b/chromium/net/http/http_security_headers.h
@@ -18,11 +18,11 @@ class GURL;
 
 namespace net {
 
-const int64_t kMaxHSTSAgeSecs = 86400 * 365;  // 1 year
+const uint32_t kMaxHSTSAgeSecs = 86400 * 365;  // 1 year
 
 // RFC7469 suggests that 60 days is a reasonable maximum max-age value
 // http://tools.ietf.org/html/rfc7469#section-4.1
-const int64_t kMaxHPKPAgeSecs = 86400 * 60;  // 60 days
+const uint32_t kMaxHPKPAgeSecs = 86400 * 60;  // 60 days
 
 // Parses |value| as a Strict-Transport-Security header value. If successful,
 // returns true and sets |*max_age| and |*include_subdomains|.
diff --git a/chromium/net/http/http_security_headers_unittest.cc b/chromium/net/http/http_security_headers_unittest.cc
index 7e80efa3270..4c7bff32eb0 100644
--- a/chromium/net/http/http_security_headers_unittest.cc
+++ b/chromium/net/http/http_security_headers_unittest.cc
@@ -81,16 +81,10 @@ bool ParseAsHPKPHeader(const std::string& value,
   bool result = ParseHPKPHeader(value, chain_hashes, max_age,
                                 include_subdomains, hashes, report_uri);
   if (!result || report_only_include_subdomains != *include_subdomains ||
-      report_only_uri != *report_uri ||
-      report_only_hashes.size() != hashes->size()) {
+      report_only_uri != *report_uri || report_only_hashes != *hashes) {
     return false;
   }
 
-  for (size_t i = 0; i < report_only_hashes.size(); i++) {
-    if (!(*hashes)[i].Equals(report_only_hashes[i]))
-      return false;
-  }
-
   return true;
 }
 
@@ -138,6 +132,16 @@ TEST_F(HttpSecurityHeadersTest, BogusHeaders) {
                                &include_subdomains));
   EXPECT_FALSE(ParseHSTSHeader("max-age=-3488923", &max_age,
                                &include_subdomains));
+  EXPECT_FALSE(
+      ParseHSTSHeader("max-age=+3488923", &max_age, &include_subdomains));
+  EXPECT_FALSE(
+      ParseHSTSHeader("max-age=13####", &max_age, &include_subdomains));
+  EXPECT_FALSE(ParseHSTSHeader("max-age=9223372036854775807#####", &max_age,
+                               &include_subdomains));
+  EXPECT_FALSE(ParseHSTSHeader("max-age=18446744073709551615####", &max_age,
+                               &include_subdomains));
+  EXPECT_FALSE(ParseHSTSHeader("max-age=999999999999999999999999$.&#!",
+                               &max_age, &include_subdomains));
   EXPECT_FALSE(ParseHSTSHeader("max-age=3488923     e", &max_age,
                                &include_subdomains));
   EXPECT_FALSE(ParseHSTSHeader("max-age=3488923     includesubdomain",
@@ -388,56 +392,56 @@ TEST_F(HttpSecurityHeadersTest, ValidSTSHeaders) {
   EXPECT_TRUE(ParseHSTSHeader(
       "max-age=39408299  ;incLudesUbdOmains", &max_age,
       &include_subdomains));
-  expect_max_age = base::TimeDelta::FromSeconds(
-      std::min(kMaxHSTSAgeSecs, static_cast<int64_t>(INT64_C(39408299))));
+  expect_max_age =
+      base::TimeDelta::FromSeconds(std::min(kMaxHSTSAgeSecs, 39408299u));
   EXPECT_EQ(expect_max_age, max_age);
   EXPECT_TRUE(include_subdomains);
 
   EXPECT_TRUE(ParseHSTSHeader(
       "max-age=394082038  ; incLudesUbdOmains", &max_age,
       &include_subdomains));
-  expect_max_age = base::TimeDelta::FromSeconds(
-      std::min(kMaxHSTSAgeSecs, static_cast<int64_t>(INT64_C(394082038))));
+  expect_max_age =
+      base::TimeDelta::FromSeconds(std::min(kMaxHSTSAgeSecs, 394082038u));
   EXPECT_EQ(expect_max_age, max_age);
   EXPECT_TRUE(include_subdomains);
 
   EXPECT_TRUE(ParseHSTSHeader(
       "max-age=394082038  ; incLudesUbdOmains;", &max_age,
       &include_subdomains));
-  expect_max_age = base::TimeDelta::FromSeconds(
-      std::min(kMaxHSTSAgeSecs, static_cast<int64_t>(INT64_C(394082038))));
+  expect_max_age =
+      base::TimeDelta::FromSeconds(std::min(kMaxHSTSAgeSecs, 394082038u));
   EXPECT_EQ(expect_max_age, max_age);
   EXPECT_TRUE(include_subdomains);
 
   EXPECT_TRUE(ParseHSTSHeader(
       ";; max-age=394082038  ; incLudesUbdOmains; ;", &max_age,
       &include_subdomains));
-  expect_max_age = base::TimeDelta::FromSeconds(
-      std::min(kMaxHSTSAgeSecs, static_cast<int64_t>(INT64_C(394082038))));
+  expect_max_age =
+      base::TimeDelta::FromSeconds(std::min(kMaxHSTSAgeSecs, 394082038u));
   EXPECT_EQ(expect_max_age, max_age);
   EXPECT_TRUE(include_subdomains);
 
   EXPECT_TRUE(ParseHSTSHeader(
       ";; max-age=394082038  ;", &max_age,
       &include_subdomains));
-  expect_max_age = base::TimeDelta::FromSeconds(
-      std::min(kMaxHSTSAgeSecs, static_cast<int64_t>(INT64_C(394082038))));
+  expect_max_age =
+      base::TimeDelta::FromSeconds(std::min(kMaxHSTSAgeSecs, 394082038u));
   EXPECT_EQ(expect_max_age, max_age);
   EXPECT_FALSE(include_subdomains);
 
   EXPECT_TRUE(ParseHSTSHeader(
       ";;    ; ; max-age=394082038;;; includeSubdomains     ;;  ;", &max_age,
       &include_subdomains));
-  expect_max_age = base::TimeDelta::FromSeconds(
-      std::min(kMaxHSTSAgeSecs, static_cast<int64_t>(INT64_C(394082038))));
+  expect_max_age =
+      base::TimeDelta::FromSeconds(std::min(kMaxHSTSAgeSecs, 394082038u));
   EXPECT_EQ(expect_max_age, max_age);
   EXPECT_TRUE(include_subdomains);
 
   EXPECT_TRUE(ParseHSTSHeader(
       "incLudesUbdOmains   ; max-age=394082038 ;;", &max_age,
       &include_subdomains));
-  expect_max_age = base::TimeDelta::FromSeconds(
-      std::min(kMaxHSTSAgeSecs, static_cast<int64_t>(INT64_C(394082038))));
+  expect_max_age =
+      base::TimeDelta::FromSeconds(std::min(kMaxHSTSAgeSecs, 394082038u));
   EXPECT_EQ(expect_max_age, max_age);
   EXPECT_TRUE(include_subdomains);
 
@@ -529,8 +533,8 @@ static void TestValidPKPHeaders(HashValueTag tag) {
   EXPECT_TRUE(ParseAsHPKPHeader(
       "max-age=39408299  ;" + backup_pin + ";" + good_pin + ";  ", chain_hashes,
       &max_age, &include_subdomains, &hashes, &report_uri));
-  expect_max_age = base::TimeDelta::FromSeconds(
-      std::min(kMaxHPKPAgeSecs, static_cast<int64_t>(INT64_C(39408299))));
+  expect_max_age =
+      base::TimeDelta::FromSeconds(std::min(kMaxHPKPAgeSecs, 39408299u));
   EXPECT_EQ(expect_max_age, max_age);
   EXPECT_FALSE(include_subdomains);
 
@@ -538,8 +542,8 @@ static void TestValidPKPHeaders(HashValueTag tag) {
       "max-age=39408038  ;    cybers=39408038  ;  includeSubdomains; " +
           good_pin + ";" + backup_pin + ";   ",
       chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri));
-  expect_max_age = base::TimeDelta::FromSeconds(
-      std::min(kMaxHPKPAgeSecs, static_cast<int64_t>(INT64_C(394082038))));
+  expect_max_age =
+      base::TimeDelta::FromSeconds(std::min(kMaxHPKPAgeSecs, 394082038u));
   EXPECT_EQ(expect_max_age, max_age);
   EXPECT_TRUE(include_subdomains);
 
@@ -682,10 +686,7 @@ TEST_F(HttpSecurityHeadersTest, UpdateDynamicPKPOnly) {
   TransportSecurityState::PKPState new_static_pkp_state;
   EXPECT_TRUE(state.GetStaticDomainState(domain, &new_static_sts_state,
                                          &new_static_pkp_state));
-  for (size_t i = 0; i < saved_hashes.size(); ++i) {
-    EXPECT_TRUE(
-        HashValuesEqual(saved_hashes[i])(new_static_pkp_state.spki_hashes[i]));
-  }
+  EXPECT_EQ(saved_hashes, new_static_pkp_state.spki_hashes);
 
   // Expect the dynamic state to reflect the header.
   TransportSecurityState::PKPState dynamic_pkp_state;
@@ -693,14 +694,13 @@ TEST_F(HttpSecurityHeadersTest, UpdateDynamicPKPOnly) {
   EXPECT_EQ(2UL, dynamic_pkp_state.spki_hashes.size());
   EXPECT_EQ(report_uri, dynamic_pkp_state.report_uri);
 
-  HashValueVector::const_iterator hash = std::find_if(
-      dynamic_pkp_state.spki_hashes.begin(),
-      dynamic_pkp_state.spki_hashes.end(), HashValuesEqual(good_hash));
+  HashValueVector::const_iterator hash =
+      std::find(dynamic_pkp_state.spki_hashes.begin(),
+                dynamic_pkp_state.spki_hashes.end(), good_hash);
   EXPECT_NE(dynamic_pkp_state.spki_hashes.end(), hash);
 
-  hash = std::find_if(dynamic_pkp_state.spki_hashes.begin(),
-                      dynamic_pkp_state.spki_hashes.end(),
-                      HashValuesEqual(backup_hash));
+  hash = std::find(dynamic_pkp_state.spki_hashes.begin(),
+                   dynamic_pkp_state.spki_hashes.end(), backup_hash);
   EXPECT_NE(dynamic_pkp_state.spki_hashes.end(), hash);
 
   // Expect the overall state to reflect the header, too.
@@ -719,14 +719,12 @@ TEST_F(HttpSecurityHeadersTest, UpdateDynamicPKPOnly) {
   EXPECT_EQ(2UL, new_dynamic_pkp_state.spki_hashes.size());
   EXPECT_EQ(report_uri, new_dynamic_pkp_state.report_uri);
 
-  hash = std::find_if(new_dynamic_pkp_state.spki_hashes.begin(),
-                      new_dynamic_pkp_state.spki_hashes.end(),
-                      HashValuesEqual(good_hash));
+  hash = std::find(new_dynamic_pkp_state.spki_hashes.begin(),
+                   new_dynamic_pkp_state.spki_hashes.end(), good_hash);
   EXPECT_NE(new_dynamic_pkp_state.spki_hashes.end(), hash);
 
-  hash = std::find_if(new_dynamic_pkp_state.spki_hashes.begin(),
-                      new_dynamic_pkp_state.spki_hashes.end(),
-                      HashValuesEqual(backup_hash));
+  hash = std::find(new_dynamic_pkp_state.spki_hashes.begin(),
+                   new_dynamic_pkp_state.spki_hashes.end(), backup_hash);
   EXPECT_NE(new_dynamic_pkp_state.spki_hashes.end(), hash);
 }
 
@@ -760,11 +758,7 @@ TEST_F(HttpSecurityHeadersTest, UpdateDynamicPKPMaxAge0) {
   TransportSecurityState::PKPState new_static_pkp_state;
   EXPECT_TRUE(state.GetStaticDomainState(domain, &new_static_sts_state,
                                          &new_static_pkp_state));
-  EXPECT_EQ(saved_hashes.size(), new_static_pkp_state.spki_hashes.size());
-  for (size_t i = 0; i < saved_hashes.size(); ++i) {
-    EXPECT_TRUE(
-        HashValuesEqual(saved_hashes[i])(new_static_pkp_state.spki_hashes[i]));
-  }
+  EXPECT_EQ(saved_hashes, new_static_pkp_state.spki_hashes);
 
   // Expect the dynamic state to have pins.
   TransportSecurityState::PKPState new_dynamic_pkp_state;
@@ -781,11 +775,7 @@ TEST_F(HttpSecurityHeadersTest, UpdateDynamicPKPMaxAge0) {
   TransportSecurityState::PKPState new_static_pkp_state2;
   EXPECT_TRUE(state.GetStaticDomainState(domain, &static_sts_state,
                                          &new_static_pkp_state2));
-  EXPECT_EQ(saved_hashes.size(), new_static_pkp_state2.spki_hashes.size());
-  for (size_t i = 0; i < saved_hashes.size(); ++i) {
-    EXPECT_TRUE(
-        HashValuesEqual(saved_hashes[i])(new_static_pkp_state2.spki_hashes[i]));
-  }
+  EXPECT_EQ(saved_hashes, new_static_pkp_state2.spki_hashes);
 
   // Expect the dynamic pins to be gone.
   TransportSecurityState::PKPState new_dynamic_pkp_state2;
diff --git a/chromium/net/http/http_server_properties.h b/chromium/net/http/http_server_properties.h
index 44224db76f6..fb8aaa405c2 100644
--- a/chromium/net/http/http_server_properties.h
+++ b/chromium/net/http/http_server_properties.h
@@ -23,6 +23,7 @@
 #include "net/socket/next_proto.h"
 #include "net/spdy/spdy_framer.h"  // TODO(willchan): Reconsider this.
 #include "net/spdy/spdy_protocol.h"
+#include "url/scheme_host_port.h"
 
 namespace base {
 class Value;
@@ -203,10 +204,11 @@ struct NET_EXPORT ServerNetworkStats {
 
 typedef std::vector<AlternativeService> AlternativeServiceVector;
 typedef std::vector<AlternativeServiceInfo> AlternativeServiceInfoVector;
-typedef base::MRUCache<HostPortPair, AlternativeServiceInfoVector>
+typedef base::MRUCache<url::SchemeHostPort, AlternativeServiceInfoVector>
     AlternativeServiceMap;
-typedef base::MRUCache<HostPortPair, SettingsMap> SpdySettingsMap;
-typedef base::MRUCache<HostPortPair, ServerNetworkStats> ServerNetworkStatsMap;
+typedef base::MRUCache<url::SchemeHostPort, SettingsMap> SpdySettingsMap;
+typedef base::MRUCache<url::SchemeHostPort, ServerNetworkStats>
+    ServerNetworkStatsMap;
 typedef base::MRUCache<QuicServerId, std::string> QuicServerInfoMap;
 
 // Persist 5 QUIC Servers. This is mainly used by cronet.
@@ -237,14 +239,14 @@ class NET_EXPORT HttpServerProperties {
 
   // Returns true if |server| supports a network protocol which honors
   // request prioritization.
-  virtual bool SupportsRequestPriority(const HostPortPair& server) = 0;
+  virtual bool SupportsRequestPriority(const url::SchemeHostPort& server) = 0;
 
   // Returns the value set by SetSupportsSpdy(). If not set, returns false.
-  virtual bool GetSupportsSpdy(const HostPortPair& server) = 0;
+  virtual bool GetSupportsSpdy(const url::SchemeHostPort& server) = 0;
 
   // Add |server| into the persistent store. Should only be called from IO
   // thread.
-  virtual void SetSupportsSpdy(const HostPortPair& server,
+  virtual void SetSupportsSpdy(const url::SchemeHostPort& server,
                                bool support_spdy) = 0;
 
   // Returns true if |server| has required HTTP/1.1 via HTTP/2 error code.
@@ -263,14 +265,14 @@ class NET_EXPORT HttpServerProperties {
   // Return all alternative services for |origin|, including broken ones.
   // Returned alternative services never have empty hostnames.
   virtual AlternativeServiceVector GetAlternativeServices(
-      const HostPortPair& origin) = 0;
+      const url::SchemeHostPort& origin) = 0;
 
   // Set a single alternative service for |origin|.  Previous alternative
   // services for |origin| are discarded.
   // |alternative_service.host| may be empty.
   // Return true if |alternative_service_map_| is changed.
   virtual bool SetAlternativeService(
-      const HostPortPair& origin,
+      const url::SchemeHostPort& origin,
       const AlternativeService& alternative_service,
       base::Time expiration) = 0;
 
@@ -279,7 +281,7 @@ class NET_EXPORT HttpServerProperties {
   // Hostnames in |alternative_service_info_vector| may be empty.
   // Return true if |alternative_service_map_| is changed.
   virtual bool SetAlternativeServices(
-      const HostPortPair& origin,
+      const url::SchemeHostPort& origin,
       const AlternativeServiceInfoVector& alternative_service_info_vector) = 0;
 
   // Marks |alternative_service| as broken.
@@ -308,7 +310,7 @@ class NET_EXPORT HttpServerProperties {
       const AlternativeService& alternative_service) = 0;
 
   // Clear all alternative services for |origin|.
-  virtual void ClearAlternativeServices(const HostPortPair& origin) = 0;
+  virtual void ClearAlternativeServices(const url::SchemeHostPort& origin) = 0;
 
   // Returns all alternative service mappings.
   // Returned alternative services may have empty hostnames.
@@ -316,22 +318,23 @@ class NET_EXPORT HttpServerProperties {
 
   // Returns all alternative service mappings as human readable strings.
   // Empty alternative service hostnames will be printed as such.
-  virtual scoped_ptr<base::Value> GetAlternativeServiceInfoAsValue() const = 0;
+  virtual std::unique_ptr<base::Value> GetAlternativeServiceInfoAsValue()
+      const = 0;
 
   // Gets a reference to the SettingsMap stored for a host.
   // If no settings are stored, returns an empty SettingsMap.
   virtual const SettingsMap& GetSpdySettings(
-      const HostPortPair& host_port_pair) = 0;
+      const url::SchemeHostPort& server) = 0;
 
   // Saves an individual SPDY setting for a host. Returns true if SPDY setting
   // is to be persisted.
-  virtual bool SetSpdySetting(const HostPortPair& host_port_pair,
+  virtual bool SetSpdySetting(const url::SchemeHostPort& server,
                               SpdySettingsIds id,
                               SpdySettingsFlags flags,
                               uint32_t value) = 0;
 
   // Clears all SPDY settings for a host.
-  virtual void ClearSpdySettings(const HostPortPair& host_port_pair) = 0;
+  virtual void ClearSpdySettings(const url::SchemeHostPort& server) = 0;
 
   // Clears all SPDY settings for all hosts.
   virtual void ClearAllSpdySettings() = 0;
@@ -345,11 +348,11 @@ class NET_EXPORT HttpServerProperties {
                                const IPAddress& last_address) = 0;
 
   // Sets |stats| for |host_port_pair|.
-  virtual void SetServerNetworkStats(const HostPortPair& host_port_pair,
+  virtual void SetServerNetworkStats(const url::SchemeHostPort& server,
                                      ServerNetworkStats stats) = 0;
 
   virtual const ServerNetworkStats* GetServerNetworkStats(
-      const HostPortPair& host_port_pair) = 0;
+      const url::SchemeHostPort& server) = 0;
 
   virtual const ServerNetworkStatsMap& server_network_stats_map() const = 0;
 
diff --git a/chromium/net/http/http_server_properties_impl.cc b/chromium/net/http/http_server_properties_impl.cc
index a0a6bfe644f..bc8838fcf8d 100644
--- a/chromium/net/http/http_server_properties_impl.cc
+++ b/chromium/net/http/http_server_properties_impl.cc
@@ -5,18 +5,18 @@
 #include "net/http/http_server_properties_impl.h"
 
 #include <algorithm>
+#include <memory>
 #include <utility>
 
 #include "base/bind.h"
 #include "base/location.h"
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/single_thread_task_runner.h"
 #include "base/stl_util.h"
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/values.h"
 
 namespace net {
@@ -28,13 +28,14 @@ const uint64_t kBrokenAlternativeProtocolDelaySecs = 300;
 }  // namespace
 
 HttpServerPropertiesImpl::HttpServerPropertiesImpl()
-    : spdy_servers_map_(SpdyServerHostPortMap::NO_AUTO_EVICT),
+    : spdy_servers_map_(SpdyServersMap::NO_AUTO_EVICT),
       alternative_service_map_(AlternativeServiceMap::NO_AUTO_EVICT),
       spdy_settings_map_(SpdySettingsMap::NO_AUTO_EVICT),
       server_network_stats_map_(ServerNetworkStatsMap::NO_AUTO_EVICT),
       quic_server_info_map_(QuicServerInfoMap::NO_AUTO_EVICT),
       max_server_configs_stored_in_properties_(kMaxQuicServersToPersist),
       weak_ptr_factory_(this) {
+  canonical_suffixes_.push_back(".ggpht.com");
   canonical_suffixes_.push_back(".c.youtube.com");
   canonical_suffixes_.push_back(".googlevideo.com");
   canonical_suffixes_.push_back(".googleusercontent.com");
@@ -51,7 +52,7 @@ void HttpServerPropertiesImpl::InitializeSpdyServers(
     return;
 
   // Add the entries from persisted data.
-  SpdyServerHostPortMap spdy_servers_map(SpdyServerHostPortMap::NO_AUTO_EVICT);
+  SpdyServersMap spdy_servers_map(SpdyServersMap::NO_AUTO_EVICT);
   for (std::vector<std::string>::reverse_iterator it = spdy_servers->rbegin();
        it != spdy_servers->rend(); ++it) {
     spdy_servers_map.Put(*it, support_spdy);
@@ -61,7 +62,7 @@ void HttpServerPropertiesImpl::InitializeSpdyServers(
   spdy_servers_map_.Swap(spdy_servers_map);
 
   // Add the entries from the memory cache.
-  for (SpdyServerHostPortMap::reverse_iterator it = spdy_servers_map.rbegin();
+  for (SpdyServersMap::reverse_iterator it = spdy_servers_map.rbegin();
        it != spdy_servers_map.rend(); ++it) {
     // Add the entry if it is not in the cache, otherwise move it to the front
     // of recency list.
@@ -104,29 +105,30 @@ void HttpServerPropertiesImpl::InitializeAlternativeServiceServers(
     }
   }
 
-  // Attempt to find canonical servers.
-  uint16_t canonical_ports[] = {80, 443};
+  // Attempt to find canonical servers. Canonical suffix only apply to HTTPS.
+  uint16_t canonical_port = 443;
+  const char* canonical_scheme = "https";
   for (size_t i = 0; i < canonical_suffixes_.size(); ++i) {
     std::string canonical_suffix = canonical_suffixes_[i];
-    for (size_t j = 0; j < arraysize(canonical_ports); ++j) {
-      HostPortPair canonical_host(canonical_suffix, canonical_ports[j]);
-      // If we already have a valid canonical server, we're done.
-      if (ContainsKey(canonical_host_to_origin_map_, canonical_host) &&
-          (alternative_service_map_.Peek(
-               canonical_host_to_origin_map_[canonical_host]) !=
-           alternative_service_map_.end())) {
-        continue;
-      }
-      // Now attempt to find a server which matches this origin and set it as
-      // canonical.
-      for (AlternativeServiceMap::const_iterator it =
-               alternative_service_map_.begin();
-           it != alternative_service_map_.end(); ++it) {
-        if (base::EndsWith(it->first.host(), canonical_suffixes_[i],
-                           base::CompareCase::INSENSITIVE_ASCII)) {
-          canonical_host_to_origin_map_[canonical_host] = it->first;
-          break;
-        }
+    url::SchemeHostPort canonical_server(canonical_scheme, canonical_suffix,
+                                         canonical_port);
+    // If we already have a valid canonical server, we're done.
+    if (ContainsKey(canonical_host_to_origin_map_, canonical_server) &&
+        (alternative_service_map_.Peek(
+             canonical_host_to_origin_map_[canonical_server]) !=
+         alternative_service_map_.end())) {
+      continue;
+    }
+    // Now attempt to find a server which matches this origin and set it as
+    // canonical.
+    for (AlternativeServiceMap::const_iterator it =
+             alternative_service_map_.begin();
+         it != alternative_service_map_.end(); ++it) {
+      if (base::EndsWith(it->first.host(), canonical_suffixes_[i],
+                         base::CompareCase::INSENSITIVE_ASCII) &&
+          it->first.scheme() == canonical_server.scheme()) {
+        canonical_host_to_origin_map_[canonical_server] = it->first;
+        break;
       }
     }
   }
@@ -207,12 +209,12 @@ void HttpServerPropertiesImpl::GetSpdyServerList(
   DCHECK(spdy_server_list);
   spdy_server_list->Clear();
   size_t count = 0;
-  // Get the list of servers (host/port) that support SPDY.
-  for (SpdyServerHostPortMap::const_iterator it = spdy_servers_map_.begin();
+  // Get the list of servers (scheme/host/port) that support SPDY.
+  for (SpdyServersMap::const_iterator it = spdy_servers_map_.begin();
        it != spdy_servers_map_.end() && count < max_size; ++it) {
-    const std::string spdy_server_host_port = it->first;
+    const std::string spdy_server = it->first;
     if (it->second) {
-      spdy_server_list->Append(new base::StringValue(spdy_server_host_port));
+      spdy_server_list->Append(new base::StringValue(spdy_server));
       ++count;
     }
   }
@@ -234,16 +236,15 @@ void HttpServerPropertiesImpl::Clear() {
 }
 
 bool HttpServerPropertiesImpl::SupportsRequestPriority(
-    const HostPortPair& host_port_pair) {
+    const url::SchemeHostPort& server) {
   DCHECK(CalledOnValidThread());
-  if (host_port_pair.host().empty())
+  if (server.host().empty())
     return false;
 
-  if (GetSupportsSpdy(host_port_pair))
+  if (GetSupportsSpdy(server))
     return true;
-
   const AlternativeServiceVector alternative_service_vector =
-      GetAlternativeServices(host_port_pair);
+      GetAlternativeServices(server);
   for (const AlternativeService& alternative_service :
        alternative_service_vector) {
     if (alternative_service.protocol == QUIC) {
@@ -254,31 +255,31 @@ bool HttpServerPropertiesImpl::SupportsRequestPriority(
 }
 
 bool HttpServerPropertiesImpl::GetSupportsSpdy(
-    const HostPortPair& host_port_pair) {
+    const url::SchemeHostPort& server) {
   DCHECK(CalledOnValidThread());
-  if (host_port_pair.host().empty())
+  if (server.host().empty())
     return false;
 
-  SpdyServerHostPortMap::iterator spdy_host_port =
-      spdy_servers_map_.Get(host_port_pair.ToString());
-  return spdy_host_port != spdy_servers_map_.end() && spdy_host_port->second;
+  SpdyServersMap::iterator spdy_server =
+      spdy_servers_map_.Get(server.Serialize());
+  return spdy_server != spdy_servers_map_.end() && spdy_server->second;
 }
 
 void HttpServerPropertiesImpl::SetSupportsSpdy(
-    const HostPortPair& host_port_pair,
+    const url::SchemeHostPort& server,
     bool support_spdy) {
   DCHECK(CalledOnValidThread());
-  if (host_port_pair.host().empty())
+  if (server.host().empty())
     return;
 
-  SpdyServerHostPortMap::iterator spdy_host_port =
-      spdy_servers_map_.Get(host_port_pair.ToString());
-  if ((spdy_host_port != spdy_servers_map_.end()) &&
-      (spdy_host_port->second == support_spdy)) {
+  SpdyServersMap::iterator spdy_server =
+      spdy_servers_map_.Get(server.Serialize());
+  if ((spdy_server != spdy_servers_map_.end()) &&
+      (spdy_server->second == support_spdy)) {
     return;
   }
   // Cache the data.
-  spdy_servers_map_.Put(host_port_pair.ToString(), support_spdy);
+  spdy_servers_map_.Put(server.Serialize(), support_spdy);
 }
 
 bool HttpServerPropertiesImpl::RequiresHTTP11(
@@ -321,12 +322,13 @@ std::string HttpServerPropertiesImpl::GetCanonicalSuffix(
 }
 
 AlternativeServiceVector HttpServerPropertiesImpl::GetAlternativeServices(
-    const HostPortPair& origin) {
+    const url::SchemeHostPort& origin) {
   // Copy valid alternative services into |valid_alternative_services|.
   AlternativeServiceVector valid_alternative_services;
   const base::Time now = base::Time::Now();
   AlternativeServiceMap::iterator map_it = alternative_service_map_.Get(origin);
   if (map_it != alternative_service_map_.end()) {
+    HostPortPair host_port_pair(origin.host(), origin.port());
     for (AlternativeServiceInfoVector::iterator it = map_it->second.begin();
          it != map_it->second.end();) {
       if (it->expiration < now) {
@@ -338,9 +340,8 @@ AlternativeServiceVector HttpServerPropertiesImpl::GetAlternativeServices(
         alternative_service.host = origin.host();
       }
       // If the alternative service is equivalent to the origin (same host, same
-      // port, and both TCP), then there is already a Job for it, so do not
-      // return it here.
-      if (origin.Equals(alternative_service.host_port_pair()) &&
+      // port, and both TCP), skip it.
+      if (host_port_pair.Equals(alternative_service.host_port_pair()) &&
           NPN_SPDY_MINIMUM_VERSION <= alternative_service.protocol &&
           alternative_service.protocol <= NPN_SPDY_MAXIMUM_VERSION) {
         ++it;
@@ -391,7 +392,7 @@ AlternativeServiceVector HttpServerPropertiesImpl::GetAlternativeServices(
 }
 
 bool HttpServerPropertiesImpl::SetAlternativeService(
-    const HostPortPair& origin,
+    const url::SchemeHostPort& origin,
     const AlternativeService& alternative_service,
     base::Time expiration) {
   return SetAlternativeServices(
@@ -401,16 +402,14 @@ bool HttpServerPropertiesImpl::SetAlternativeService(
 }
 
 bool HttpServerPropertiesImpl::SetAlternativeServices(
-    const HostPortPair& origin,
+    const url::SchemeHostPort& origin,
     const AlternativeServiceInfoVector& alternative_service_info_vector) {
   AlternativeServiceMap::iterator it = alternative_service_map_.Peek(origin);
 
   if (alternative_service_info_vector.empty()) {
-    if (it == alternative_service_map_.end()) {
-      return false;
-    }
+    bool found = it != alternative_service_map_.end();
     ClearAlternativeServices(origin);
-    return true;
+    return found;
   }
 
   bool changed = true;
@@ -437,12 +436,16 @@ bool HttpServerPropertiesImpl::SetAlternativeServices(
 
   // If this host ends with a canonical suffix, then set it as the
   // canonical host.
+  const char* canonical_scheme = "https";
   for (size_t i = 0; i < canonical_suffixes_.size(); ++i) {
     std::string canonical_suffix = canonical_suffixes_[i];
-    if (base::EndsWith(origin.host(), canonical_suffixes_[i],
+    // canonical suffixes only apply to HTTPS.
+    if (origin.scheme() == canonical_scheme &&
+        base::EndsWith(origin.host(), canonical_suffixes_[i],
                        base::CompareCase::INSENSITIVE_ASCII)) {
-      HostPortPair canonical_host(canonical_suffix, origin.port());
-      canonical_host_to_origin_map_[canonical_host] = origin;
+      url::SchemeHostPort canonical_server(canonical_scheme, canonical_suffix,
+                                           origin.port());
+      canonical_host_to_origin_map_[canonical_server] = origin;
       break;
     }
   }
@@ -506,7 +509,7 @@ void HttpServerPropertiesImpl::ConfirmAlternativeService(
 }
 
 void HttpServerPropertiesImpl::ClearAlternativeServices(
-    const HostPortPair& origin) {
+    const url::SchemeHostPort& origin) {
   RemoveCanonicalHost(origin);
 
   AlternativeServiceMap::iterator it = alternative_service_map_.Peek(origin);
@@ -521,13 +524,13 @@ const AlternativeServiceMap& HttpServerPropertiesImpl::alternative_service_map()
   return alternative_service_map_;
 }
 
-scoped_ptr<base::Value>
-HttpServerPropertiesImpl::GetAlternativeServiceInfoAsValue()
-    const {
-  scoped_ptr<base::ListValue> dict_list(new base::ListValue);
+std::unique_ptr<base::Value>
+HttpServerPropertiesImpl::GetAlternativeServiceInfoAsValue() const {
+  std::unique_ptr<base::ListValue> dict_list(new base::ListValue);
   for (const auto& alternative_service_map_item : alternative_service_map_) {
-    scoped_ptr<base::ListValue> alternative_service_list(new base::ListValue);
-    const HostPortPair& host_port_pair = alternative_service_map_item.first;
+    std::unique_ptr<base::ListValue> alternative_service_list(
+        new base::ListValue);
+    const url::SchemeHostPort& server = alternative_service_map_item.first;
     for (const AlternativeServiceInfo& alternative_service_info :
          alternative_service_map_item.second) {
       std::string alternative_service_string(
@@ -535,7 +538,7 @@ HttpServerPropertiesImpl::GetAlternativeServiceInfoAsValue()
       AlternativeService alternative_service(
           alternative_service_info.alternative_service);
       if (alternative_service.host.empty()) {
-        alternative_service.host = host_port_pair.host();
+        alternative_service.host = server.host();
       }
       if (IsAlternativeServiceBroken(alternative_service)) {
         alternative_service_string.append(" (broken)");
@@ -545,18 +548,18 @@ HttpServerPropertiesImpl::GetAlternativeServiceInfoAsValue()
     }
     if (alternative_service_list->empty())
       continue;
-    scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
-    dict->SetString("host_port_pair", host_port_pair.ToString());
-    dict->Set("alternative_service",
-              scoped_ptr<base::Value>(std::move(alternative_service_list)));
+    std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+    dict->SetString("server", server.Serialize());
+    dict->Set("alternative_service", std::unique_ptr<base::Value>(
+                                         std::move(alternative_service_list)));
     dict_list->Append(std::move(dict));
   }
   return std::move(dict_list);
 }
 
 const SettingsMap& HttpServerPropertiesImpl::GetSpdySettings(
-    const HostPortPair& host_port_pair) {
-  SpdySettingsMap::iterator it = spdy_settings_map_.Get(host_port_pair);
+    const url::SchemeHostPort& server) {
+  SpdySettingsMap::iterator it = spdy_settings_map_.Get(server);
   if (it == spdy_settings_map_.end()) {
     CR_DEFINE_STATIC_LOCAL(SettingsMap, kEmptySettingsMap, ());
     return kEmptySettingsMap;
@@ -564,20 +567,19 @@ const SettingsMap& HttpServerPropertiesImpl::GetSpdySettings(
   return it->second;
 }
 
-bool HttpServerPropertiesImpl::SetSpdySetting(
-    const HostPortPair& host_port_pair,
-    SpdySettingsIds id,
-    SpdySettingsFlags flags,
-    uint32_t value) {
+bool HttpServerPropertiesImpl::SetSpdySetting(const url::SchemeHostPort& server,
+                                              SpdySettingsIds id,
+                                              SpdySettingsFlags flags,
+                                              uint32_t value) {
   if (!(flags & SETTINGS_FLAG_PLEASE_PERSIST))
       return false;
 
   SettingsFlagsAndValue flags_and_value(SETTINGS_FLAG_PERSISTED, value);
-  SpdySettingsMap::iterator it = spdy_settings_map_.Get(host_port_pair);
+  SpdySettingsMap::iterator it = spdy_settings_map_.Get(server);
   if (it == spdy_settings_map_.end()) {
     SettingsMap settings_map;
     settings_map[id] = flags_and_value;
-    spdy_settings_map_.Put(host_port_pair, settings_map);
+    spdy_settings_map_.Put(server, settings_map);
   } else {
     SettingsMap& settings_map = it->second;
     settings_map[id] = flags_and_value;
@@ -586,8 +588,8 @@ bool HttpServerPropertiesImpl::SetSpdySetting(
 }
 
 void HttpServerPropertiesImpl::ClearSpdySettings(
-    const HostPortPair& host_port_pair) {
-  SpdySettingsMap::iterator it = spdy_settings_map_.Peek(host_port_pair);
+    const url::SchemeHostPort& server) {
+  SpdySettingsMap::iterator it = spdy_settings_map_.Peek(server);
   if (it != spdy_settings_map_.end())
     spdy_settings_map_.Erase(it);
 }
@@ -619,15 +621,14 @@ void HttpServerPropertiesImpl::SetSupportsQuic(bool used_quic,
 }
 
 void HttpServerPropertiesImpl::SetServerNetworkStats(
-    const HostPortPair& host_port_pair,
+    const url::SchemeHostPort& server,
     ServerNetworkStats stats) {
-  server_network_stats_map_.Put(host_port_pair, stats);
+  server_network_stats_map_.Put(server, stats);
 }
 
 const ServerNetworkStats* HttpServerPropertiesImpl::GetServerNetworkStats(
-    const HostPortPair& host_port_pair) {
-  ServerNetworkStatsMap::iterator it =
-      server_network_stats_map_.Get(host_port_pair);
+    const url::SchemeHostPort& server) {
+  ServerNetworkStatsMap::iterator it = server_network_stats_map_.Get(server);
   if (it == server_network_stats_map_.end()) {
     return NULL;
   }
@@ -686,7 +687,7 @@ void HttpServerPropertiesImpl::SetMaxServerConfigsStoredInProperties(
 
 AlternativeServiceMap::const_iterator
 HttpServerPropertiesImpl::GetAlternateProtocolIterator(
-    const HostPortPair& server) {
+    const url::SchemeHostPort& server) {
   AlternativeServiceMap::const_iterator it =
       alternative_service_map_.Get(server);
   if (it != alternative_service_map_.end())
@@ -697,8 +698,8 @@ HttpServerPropertiesImpl::GetAlternateProtocolIterator(
     return alternative_service_map_.end();
   }
 
-  const HostPortPair canonical_host_port = canonical->second;
-  it = alternative_service_map_.Get(canonical_host_port);
+  const url::SchemeHostPort canonical_server = canonical->second;
+  it = alternative_service_map_.Get(canonical_server);
   if (it == alternative_service_map_.end()) {
     return alternative_service_map_.end();
   }
@@ -707,25 +708,31 @@ HttpServerPropertiesImpl::GetAlternateProtocolIterator(
     AlternativeService alternative_service(
         alternative_service_info.alternative_service);
     if (alternative_service.host.empty()) {
-      alternative_service.host = canonical_host_port.host();
+      alternative_service.host = canonical_server.host();
     }
     if (!IsAlternativeServiceBroken(alternative_service)) {
       return it;
     }
   }
 
-  RemoveCanonicalHost(canonical_host_port);
+  RemoveCanonicalHost(canonical_server);
   return alternative_service_map_.end();
 }
 
 HttpServerPropertiesImpl::CanonicalHostMap::const_iterator
-HttpServerPropertiesImpl::GetCanonicalHost(HostPortPair server) const {
+HttpServerPropertiesImpl::GetCanonicalHost(
+    const url::SchemeHostPort& server) const {
+  const char* canonical_scheme = "https";
+  if (server.scheme() != canonical_scheme)
+    return canonical_host_to_origin_map_.end();
+
   for (size_t i = 0; i < canonical_suffixes_.size(); ++i) {
     std::string canonical_suffix = canonical_suffixes_[i];
     if (base::EndsWith(server.host(), canonical_suffixes_[i],
                        base::CompareCase::INSENSITIVE_ASCII)) {
-      HostPortPair canonical_host(canonical_suffix, server.port());
-      return canonical_host_to_origin_map_.find(canonical_host);
+      url::SchemeHostPort canonical_server(canonical_scheme, canonical_suffix,
+                                           server.port());
+      return canonical_host_to_origin_map_.find(canonical_server);
     }
   }
 
@@ -733,14 +740,11 @@ HttpServerPropertiesImpl::GetCanonicalHost(HostPortPair server) const {
 }
 
 void HttpServerPropertiesImpl::RemoveCanonicalHost(
-    const HostPortPair& server) {
+    const url::SchemeHostPort& server) {
   CanonicalHostMap::const_iterator canonical = GetCanonicalHost(server);
   if (canonical == canonical_host_to_origin_map_.end())
     return;
 
-  if (!canonical->second.Equals(server))
-    return;
-
   canonical_host_to_origin_map_.erase(canonical->first);
 }
 
diff --git a/chromium/net/http/http_server_properties_impl.h b/chromium/net/http/http_server_properties_impl.h
index d6686733db1..462c2784efb 100644
--- a/chromium/net/http/http_server_properties_impl.h
+++ b/chromium/net/http/http_server_properties_impl.h
@@ -79,19 +79,20 @@ class NET_EXPORT HttpServerPropertiesImpl
 
   base::WeakPtr<HttpServerProperties> GetWeakPtr() override;
   void Clear() override;
-  bool SupportsRequestPriority(const HostPortPair& server) override;
-  bool GetSupportsSpdy(const HostPortPair& server) override;
-  void SetSupportsSpdy(const HostPortPair& server, bool support_spdy) override;
+  bool SupportsRequestPriority(const url::SchemeHostPort& server) override;
+  bool GetSupportsSpdy(const url::SchemeHostPort& server) override;
+  void SetSupportsSpdy(const url::SchemeHostPort& server,
+                       bool support_spdy) override;
   bool RequiresHTTP11(const HostPortPair& server) override;
   void SetHTTP11Required(const HostPortPair& server) override;
   void MaybeForceHTTP11(const HostPortPair& server,
                         SSLConfig* ssl_config) override;
   AlternativeServiceVector GetAlternativeServices(
-      const HostPortPair& origin) override;
-  bool SetAlternativeService(const HostPortPair& origin,
+      const url::SchemeHostPort& origin) override;
+  bool SetAlternativeService(const url::SchemeHostPort& origin,
                              const AlternativeService& alternative_service,
                              base::Time expiration) override;
-  bool SetAlternativeServices(const HostPortPair& origin,
+  bool SetAlternativeServices(const url::SchemeHostPort& origin,
                               const AlternativeServiceInfoVector&
                                   alternative_service_info_vector) override;
   void MarkAlternativeServiceBroken(
@@ -104,24 +105,25 @@ class NET_EXPORT HttpServerPropertiesImpl
       const AlternativeService& alternative_service) override;
   void ConfirmAlternativeService(
       const AlternativeService& alternative_service) override;
-  void ClearAlternativeServices(const HostPortPair& origin) override;
+  void ClearAlternativeServices(const url::SchemeHostPort& origin) override;
   const AlternativeServiceMap& alternative_service_map() const override;
-  scoped_ptr<base::Value> GetAlternativeServiceInfoAsValue() const override;
+  std::unique_ptr<base::Value> GetAlternativeServiceInfoAsValue()
+      const override;
   const SettingsMap& GetSpdySettings(
-      const HostPortPair& host_port_pair) override;
-  bool SetSpdySetting(const HostPortPair& host_port_pair,
+      const url::SchemeHostPort& server) override;
+  bool SetSpdySetting(const url::SchemeHostPort& server,
                       SpdySettingsIds id,
                       SpdySettingsFlags flags,
                       uint32_t value) override;
-  void ClearSpdySettings(const HostPortPair& host_port_pair) override;
+  void ClearSpdySettings(const url::SchemeHostPort& server) override;
   void ClearAllSpdySettings() override;
   const SpdySettingsMap& spdy_settings_map() const override;
   bool GetSupportsQuic(IPAddress* last_address) const override;
   void SetSupportsQuic(bool used_quic, const IPAddress& address) override;
-  void SetServerNetworkStats(const HostPortPair& host_port_pair,
+  void SetServerNetworkStats(const url::SchemeHostPort& server,
                              ServerNetworkStats stats) override;
   const ServerNetworkStats* GetServerNetworkStats(
-      const HostPortPair& host_port_pair) override;
+      const url::SchemeHostPort& server) override;
   const ServerNetworkStatsMap& server_network_stats_map() const override;
   bool SetQuicServerInfo(const QuicServerId& server_id,
                          const std::string& server_info) override;
@@ -134,10 +136,10 @@ class NET_EXPORT HttpServerPropertiesImpl
  private:
   friend class HttpServerPropertiesImplPeer;
 
-  // |spdy_servers_map_| has flattened representation of servers (host, port)
-  // that either support or not support SPDY protocol.
-  typedef base::MRUCache<std::string, bool> SpdyServerHostPortMap;
-  typedef std::map<HostPortPair, HostPortPair> CanonicalHostMap;
+  // |spdy_servers_map_| has flattened representation of servers
+  // (scheme, host, port) that either support or not support SPDY protocol.
+  typedef base::MRUCache<std::string, bool> SpdyServersMap;
+  typedef std::map<url::SchemeHostPort, url::SchemeHostPort> CanonicalHostMap;
   typedef std::vector<std::string> CanonicalSufficList;
   typedef std::set<HostPortPair> Http11ServerHostPortSet;
 
@@ -153,16 +155,18 @@ class NET_EXPORT HttpServerPropertiesImpl
 
   // Return the iterator for |server|, or for its canonical host, or end.
   AlternativeServiceMap::const_iterator GetAlternateProtocolIterator(
-      const HostPortPair& server);
+      const url::SchemeHostPort& server);
 
   // Return the canonical host for |server|, or end if none exists.
-  CanonicalHostMap::const_iterator GetCanonicalHost(HostPortPair server) const;
+  CanonicalHostMap::const_iterator GetCanonicalHost(
+      const url::SchemeHostPort& server) const;
 
-  void RemoveCanonicalHost(const HostPortPair& server);
+  // Remove the cononical host for |server|.
+  void RemoveCanonicalHost(const url::SchemeHostPort& server);
   void ExpireBrokenAlternateProtocolMappings();
   void ScheduleBrokenAlternateProtocolMappingsExpiration();
 
-  SpdyServerHostPortMap spdy_servers_map_;
+  SpdyServersMap spdy_servers_map_;
   Http11ServerHostPortSet http11_servers_;
 
   AlternativeServiceMap alternative_service_map_;
@@ -175,8 +179,8 @@ class NET_EXPORT HttpServerPropertiesImpl
   SpdySettingsMap spdy_settings_map_;
   ServerNetworkStatsMap server_network_stats_map_;
   // Contains a map of servers which could share the same alternate protocol.
-  // Map from a Canonical host/port (host is some postfix of host names) to an
-  // actual origin, which has a plausible alternate protocol mapping.
+  // Map from a Canonical scheme/host/port (host is some postfix of host names)
+  // to an actual origin, which has a plausible alternate protocol mapping.
   CanonicalHostMap canonical_host_to_origin_map_;
   // Contains list of suffixes (for exmaple ".c.youtube.com",
   // ".googlevideo.com", ".googleusercontent.com") of canonical hostnames.
diff --git a/chromium/net/http/http_server_properties_impl_unittest.cc b/chromium/net/http/http_server_properties_impl_unittest.cc
index f4edadb6a79..ea6177b83ad 100644
--- a/chromium/net/http/http_server_properties_impl_unittest.cc
+++ b/chromium/net/http/http_server_properties_impl_unittest.cc
@@ -4,16 +4,16 @@
 
 #include "net/http/http_server_properties_impl.h"
 
+#include <memory>
 #include <string>
 #include <vector>
 
-#include "base/containers/hash_tables.h"
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/values.h"
 #include "net/base/host_port_pair.h"
 #include "net/base/ip_address.h"
 #include "testing/gtest/include/gtest/gtest.h"
+#include "url/gurl.h"
 
 namespace base {
 class ListValue;
@@ -49,28 +49,29 @@ const SpdySettingsIds kSpdySettingsId = SETTINGS_UPLOAD_BANDWIDTH;
 const SpdySettingsFlags kSpdySettingsFlags = SETTINGS_FLAG_PERSISTED;
 
 struct SpdySettingsDataToVerify {
-  HostPortPair spdy_server;
+  url::SchemeHostPort spdy_server;
   uint32_t value;
 };
 
 class HttpServerPropertiesImplTest : public testing::Test {
  protected:
-  bool HasAlternativeService(const HostPortPair& origin) {
+  bool HasAlternativeService(const url::SchemeHostPort& origin) {
     const AlternativeServiceVector alternative_service_vector =
         impl_.GetAlternativeServices(origin);
     return !alternative_service_vector.empty();
   }
 
-  bool SetAlternativeService(const HostPortPair& origin,
+  bool SetAlternativeService(const url::SchemeHostPort& origin,
                              const AlternativeService& alternative_service) {
     const base::Time expiration =
         base::Time::Now() + base::TimeDelta::FromDays(1);
     return impl_.SetAlternativeService(origin, alternative_service, expiration);
   }
 
-  void InitializeSpdySettingsUploadBandwidth(SpdySettingsMap* spdy_settings_map,
-                                             const HostPortPair& spdy_server,
-                                             uint32_t value) {
+  void InitializeSpdySettingsUploadBandwidth(
+      SpdySettingsMap* spdy_settings_map,
+      const url::SchemeHostPort& spdy_server,
+      uint32_t value) {
     SettingsMap settings_map;
     settings_map[kSpdySettingsId] =
         SettingsFlagsAndValue(kSpdySettingsFlags, value);
@@ -102,18 +103,44 @@ class HttpServerPropertiesImplTest : public testing::Test {
 
 typedef HttpServerPropertiesImplTest SpdyServerPropertiesTest;
 
+TEST_F(SpdyServerPropertiesTest, InitializeWithSchemeHostPort) {
+  // Check spdy servers are correctly set with SchemeHostPort key.
+  url::SchemeHostPort https_www_server("https", "www.google.com", 443);
+  url::SchemeHostPort http_photo_server("http", "photos.google.com", 80);
+  // Servers with port equal to default port in scheme will drop port components
+  // when calling Serialize().
+  std::string spdy_server_g = https_www_server.Serialize();
+  std::string spdy_server_p = http_photo_server.Serialize();
+
+  url::SchemeHostPort http_google_server("http", "www.google.com", 443);
+  url::SchemeHostPort https_photos_server("https", "photos.google.com", 443);
+  url::SchemeHostPort valid_google_server((GURL("https://www.google.com")));
+
+  // Initializing https://www.google.com:443 and https://photos.google.com:443
+  // as spdy servers.
+  std::vector<std::string> spdy_servers1;
+  spdy_servers1.push_back(spdy_server_g);  // Will be 0th index.
+  spdy_servers1.push_back(spdy_server_p);  // Will be 1st index.
+  impl_.InitializeSpdyServers(&spdy_servers1, true);
+  EXPECT_TRUE(impl_.SupportsRequestPriority(http_photo_server));
+  EXPECT_TRUE(impl_.SupportsRequestPriority(https_www_server));
+  EXPECT_FALSE(impl_.SupportsRequestPriority(http_google_server));
+  EXPECT_FALSE(impl_.SupportsRequestPriority(https_photos_server));
+  EXPECT_TRUE(impl_.SupportsRequestPriority(valid_google_server));
+}
+
 TEST_F(SpdyServerPropertiesTest, Initialize) {
-  HostPortPair spdy_server_google("www.google.com", 443);
-  std::string spdy_server_g = spdy_server_google.ToString();
+  url::SchemeHostPort spdy_server_google("https", "www.google.com", 443);
+  std::string spdy_server_g = spdy_server_google.Serialize();
 
-  HostPortPair spdy_server_photos("photos.google.com", 443);
-  std::string spdy_server_p = spdy_server_photos.ToString();
+  url::SchemeHostPort spdy_server_photos("https", "photos.google.com", 443);
+  std::string spdy_server_p = spdy_server_photos.Serialize();
 
-  HostPortPair spdy_server_docs("docs.google.com", 443);
-  std::string spdy_server_d = spdy_server_docs.ToString();
+  url::SchemeHostPort spdy_server_docs("https", "docs.google.com", 443);
+  std::string spdy_server_d = spdy_server_docs.Serialize();
 
-  HostPortPair spdy_server_mail("mail.google.com", 443);
-  std::string spdy_server_m = spdy_server_mail.ToString();
+  url::SchemeHostPort spdy_server_mail("https", "mail.google.com", 443);
+  std::string spdy_server_m = spdy_server_mail.Serialize();
 
   // Check by initializing NULL spdy servers.
   impl_.InitializeSpdyServers(NULL, true);
@@ -201,49 +228,49 @@ TEST_F(SpdyServerPropertiesTest, Initialize) {
 }
 
 TEST_F(SpdyServerPropertiesTest, SupportsRequestPriorityTest) {
-  HostPortPair spdy_server_empty(std::string(), 443);
+  url::SchemeHostPort spdy_server_empty("https", std::string(), 443);
   EXPECT_FALSE(impl_.SupportsRequestPriority(spdy_server_empty));
 
   // Add www.google.com:443 as supporting SPDY.
-  HostPortPair spdy_server_google("www.google.com", 443);
+  url::SchemeHostPort spdy_server_google("https", "www.google.com", 443);
   impl_.SetSupportsSpdy(spdy_server_google, true);
   EXPECT_TRUE(impl_.SupportsRequestPriority(spdy_server_google));
 
   // Add mail.google.com:443 as not supporting SPDY.
-  HostPortPair spdy_server_mail("mail.google.com", 443);
+  url::SchemeHostPort spdy_server_mail("https", "mail.google.com", 443);
   EXPECT_FALSE(impl_.SupportsRequestPriority(spdy_server_mail));
 
   // Add docs.google.com:443 as supporting SPDY.
-  HostPortPair spdy_server_docs("docs.google.com", 443);
+  url::SchemeHostPort spdy_server_docs("https", "docs.google.com", 443);
   impl_.SetSupportsSpdy(spdy_server_docs, true);
   EXPECT_TRUE(impl_.SupportsRequestPriority(spdy_server_docs));
 
   // Add www.youtube.com:443 as supporting QUIC.
-  HostPortPair quic_server_youtube("www.youtube.com", 443);
+  url::SchemeHostPort youtube_server("https", "www.youtube.com", 443);
   const AlternativeService alternative_service1(QUIC, "www.youtube.com", 443);
-  SetAlternativeService(quic_server_youtube, alternative_service1);
-  EXPECT_TRUE(impl_.SupportsRequestPriority(quic_server_youtube));
+  SetAlternativeService(youtube_server, alternative_service1);
+  EXPECT_TRUE(impl_.SupportsRequestPriority(youtube_server));
 
   // Add www.example.com:443 with two alternative services, one supporting QUIC.
-  HostPortPair quic_server_example("www.example.com", 443);
+  url::SchemeHostPort example_server("https", "www.example.com", 443);
   const AlternativeService alternative_service2(NPN_HTTP_2, "", 443);
-  SetAlternativeService(quic_server_example, alternative_service2);
-  SetAlternativeService(quic_server_example, alternative_service1);
-  EXPECT_TRUE(impl_.SupportsRequestPriority(quic_server_example));
+  SetAlternativeService(example_server, alternative_service2);
+  SetAlternativeService(example_server, alternative_service1);
+  EXPECT_TRUE(impl_.SupportsRequestPriority(example_server));
 
   // Verify all the entries are the same after additions.
   EXPECT_TRUE(impl_.SupportsRequestPriority(spdy_server_google));
   EXPECT_FALSE(impl_.SupportsRequestPriority(spdy_server_mail));
   EXPECT_TRUE(impl_.SupportsRequestPriority(spdy_server_docs));
-  EXPECT_TRUE(impl_.SupportsRequestPriority(quic_server_youtube));
-  EXPECT_TRUE(impl_.SupportsRequestPriority(quic_server_example));
+  EXPECT_TRUE(impl_.SupportsRequestPriority(youtube_server));
+  EXPECT_TRUE(impl_.SupportsRequestPriority(example_server));
 }
 
 TEST_F(SpdyServerPropertiesTest, Clear) {
   // Add www.google.com:443 and mail.google.com:443 as supporting SPDY.
-  HostPortPair spdy_server_google("www.google.com", 443);
+  url::SchemeHostPort spdy_server_google("https", "www.google.com", 443);
   impl_.SetSupportsSpdy(spdy_server_google, true);
-  HostPortPair spdy_server_mail("mail.google.com", 443);
+  url::SchemeHostPort spdy_server_mail("https", "mail.google.com", 443);
   impl_.SetSupportsSpdy(spdy_server_mail, true);
 
   EXPECT_TRUE(impl_.SupportsRequestPriority(spdy_server_google));
@@ -262,17 +289,17 @@ TEST_F(SpdyServerPropertiesTest, GetSpdyServerList) {
   EXPECT_EQ(0U, spdy_server_list.GetSize());
 
   // Check empty server is not added.
-  HostPortPair spdy_server_empty(std::string(), 443);
+  url::SchemeHostPort spdy_server_empty("https", std::string(), 443);
   impl_.SetSupportsSpdy(spdy_server_empty, true);
   impl_.GetSpdyServerList(&spdy_server_list, kMaxSupportsSpdyServerHosts);
   EXPECT_EQ(0U, spdy_server_list.GetSize());
 
   std::string string_value_g;
   std::string string_value_m;
-  HostPortPair spdy_server_google("www.google.com", 443);
-  std::string spdy_server_g = spdy_server_google.ToString();
-  HostPortPair spdy_server_mail("mail.google.com", 443);
-  std::string spdy_server_m = spdy_server_mail.ToString();
+  url::SchemeHostPort spdy_server_google("https", "www.google.com", 443);
+  std::string spdy_server_g = spdy_server_google.Serialize();
+  url::SchemeHostPort spdy_server_mail("https", "mail.google.com", 443);
+  std::string spdy_server_m = spdy_server_mail.Serialize();
 
   // Add www.google.com:443 as not supporting SPDY.
   impl_.SetSupportsSpdy(spdy_server_google, false);
@@ -316,10 +343,10 @@ TEST_F(SpdyServerPropertiesTest, MRUOfGetSpdyServerList) {
 
   std::string string_value_g;
   std::string string_value_m;
-  HostPortPair spdy_server_google("www.google.com", 443);
-  std::string spdy_server_g = spdy_server_google.ToString();
-  HostPortPair spdy_server_mail("mail.google.com", 443);
-  std::string spdy_server_m = spdy_server_mail.ToString();
+  url::SchemeHostPort spdy_server_google("https", "www.google.com", 443);
+  std::string spdy_server_g = spdy_server_google.Serialize();
+  url::SchemeHostPort spdy_server_mail("https", "mail.google.com", 443);
+  std::string spdy_server_m = spdy_server_mail.Serialize();
 
   // Add www.google.com:443 as supporting SPDY.
   impl_.SetSupportsSpdy(spdy_server_google, true);
@@ -352,18 +379,18 @@ TEST_F(SpdyServerPropertiesTest, MRUOfGetSpdyServerList) {
 typedef HttpServerPropertiesImplTest AlternateProtocolServerPropertiesTest;
 
 TEST_F(AlternateProtocolServerPropertiesTest, Basic) {
-  HostPortPair test_host_port_pair("foo", 80);
-  EXPECT_FALSE(HasAlternativeService(test_host_port_pair));
+  url::SchemeHostPort test_server("http", "foo", 80);
+  EXPECT_FALSE(HasAlternativeService(test_server));
 
   AlternativeService alternative_service(NPN_HTTP_2, "foo", 443);
-  SetAlternativeService(test_host_port_pair, alternative_service);
+  SetAlternativeService(test_server, alternative_service);
   const AlternativeServiceVector alternative_service_vector =
-      impl_.GetAlternativeServices(test_host_port_pair);
+      impl_.GetAlternativeServices(test_server);
   ASSERT_EQ(1u, alternative_service_vector.size());
   EXPECT_EQ(alternative_service, alternative_service_vector[0]);
 
   impl_.Clear();
-  EXPECT_FALSE(HasAlternativeService(test_host_port_pair));
+  EXPECT_FALSE(HasAlternativeService(test_server));
 }
 
 TEST_F(AlternateProtocolServerPropertiesTest, ExcludeOrigin) {
@@ -386,12 +413,11 @@ TEST_F(AlternateProtocolServerPropertiesTest, ExcludeOrigin) {
   alternative_service_info_vector.push_back(
       AlternativeServiceInfo(alternative_service4, expiration));
 
-  HostPortPair test_host_port_pair("foo", 443);
-  impl_.SetAlternativeServices(test_host_port_pair,
-                               alternative_service_info_vector);
+  url::SchemeHostPort test_server("https", "foo", 443);
+  impl_.SetAlternativeServices(test_server, alternative_service_info_vector);
 
   const AlternativeServiceVector alternative_service_vector =
-      impl_.GetAlternativeServices(test_host_port_pair);
+      impl_.GetAlternativeServices(test_server);
   ASSERT_EQ(3u, alternative_service_vector.size());
   EXPECT_EQ(alternative_service2, alternative_service_vector[0]);
   EXPECT_EQ(alternative_service3, alternative_service_vector[1]);
@@ -399,31 +425,29 @@ TEST_F(AlternateProtocolServerPropertiesTest, ExcludeOrigin) {
 }
 
 TEST_F(AlternateProtocolServerPropertiesTest, Initialize) {
-  // |test_host_port_pair1| has an alternative service, which will not be
+  // |test_server1| has an alternative service, which will not be
   // affected by InitializeAlternativeServiceServers(), because
   // |alternative_service_map| does not have an entry for
-  // |test_host_port_pair1|.
-  HostPortPair test_host_port_pair1("foo1", 80);
+  // |test_server1|.
+  url::SchemeHostPort test_server1("http", "foo1", 80);
   const AlternativeService alternative_service1(NPN_HTTP_2, "bar1", 443);
   const base::Time now = base::Time::Now();
   base::Time expiration1 = now + base::TimeDelta::FromDays(1);
   // 1st entry in the memory.
-  impl_.SetAlternativeService(test_host_port_pair1, alternative_service1,
-                              expiration1);
+  impl_.SetAlternativeService(test_server1, alternative_service1, expiration1);
 
-  // |test_host_port_pair2| has an alternative service, which will be
+  // |test_server2| has an alternative service, which will be
   // overwritten by InitializeAlternativeServiceServers(), because
   // |alternative_service_map| has an entry for
-  // |test_host_port_pair2|.
+  // |test_server2|.
   AlternativeServiceInfoVector alternative_service_info_vector;
   const AlternativeService alternative_service2(NPN_SPDY_3_1, "bar2", 443);
   base::Time expiration2 = now + base::TimeDelta::FromDays(2);
   alternative_service_info_vector.push_back(
       AlternativeServiceInfo(alternative_service2, expiration2));
-  HostPortPair test_host_port_pair2("foo2", 80);
+  url::SchemeHostPort test_server2("http", "foo2", 80);
   // 0th entry in the memory.
-  impl_.SetAlternativeServices(test_host_port_pair2,
-                               alternative_service_info_vector);
+  impl_.SetAlternativeServices(test_server2, alternative_service_info_vector);
 
   // Prepare |alternative_service_map| to be loaded by
   // InitializeAlternativeServiceServers().
@@ -435,10 +459,10 @@ TEST_F(AlternateProtocolServerPropertiesTest, Initialize) {
                                                          expiration3);
   // Simulate updating data for 0th entry with data from Preferences.
   alternative_service_map.Put(
-      test_host_port_pair2,
+      test_server2,
       AlternativeServiceInfoVector(/*size=*/1, alternative_service_info1));
 
-  HostPortPair test_host_port_pair3("foo3", 80);
+  url::SchemeHostPort test_server3("http", "foo3", 80);
   const AlternativeService alternative_service4(NPN_HTTP_2, "bar4", 1234);
   base::Time expiration4 = now + base::TimeDelta::FromDays(4);
   const AlternativeServiceInfo alternative_service_info2(alternative_service4,
@@ -446,11 +470,10 @@ TEST_F(AlternateProtocolServerPropertiesTest, Initialize) {
   // Add an old entry from Preferences, this will be added to end of recency
   // list.
   alternative_service_map.Put(
-      test_host_port_pair3,
+      test_server3,
       AlternativeServiceInfoVector(/*size=*/1, alternative_service_info2));
 
-  // MRU list will be test_host_port_pair2, test_host_port_pair1,
-  // test_host_port_pair3.
+  // MRU list will be test_server2, test_server1, test_server3.
   impl_.InitializeAlternativeServiceServers(&alternative_service_map);
 
   // Verify alternative_service_map.
@@ -458,17 +481,17 @@ TEST_F(AlternateProtocolServerPropertiesTest, Initialize) {
   ASSERT_EQ(3u, map.size());
   AlternativeServiceMap::const_iterator map_it = map.begin();
 
-  EXPECT_TRUE(map_it->first.Equals(test_host_port_pair2));
+  EXPECT_TRUE(map_it->first.Equals(test_server2));
   ASSERT_EQ(1u, map_it->second.size());
   EXPECT_EQ(alternative_service3, map_it->second[0].alternative_service);
   EXPECT_EQ(expiration3, map_it->second[0].expiration);
   ++map_it;
-  EXPECT_TRUE(map_it->first.Equals(test_host_port_pair1));
+  EXPECT_TRUE(map_it->first.Equals(test_server1));
   ASSERT_EQ(1u, map_it->second.size());
   EXPECT_EQ(alternative_service1, map_it->second[0].alternative_service);
   EXPECT_EQ(expiration1, map_it->second[0].expiration);
   ++map_it;
-  EXPECT_TRUE(map_it->first.Equals(test_host_port_pair3));
+  EXPECT_TRUE(map_it->first.Equals(test_server3));
   ASSERT_EQ(1u, map_it->second.size());
   EXPECT_EQ(alternative_service4, map_it->second[0].alternative_service);
   EXPECT_EQ(expiration4, map_it->second[0].expiration);
@@ -478,13 +501,12 @@ TEST_F(AlternateProtocolServerPropertiesTest, Initialize) {
 // InitializeAlternativeServiceServers() should not crash if there is an empty
 // hostname is the mapping.
 TEST_F(AlternateProtocolServerPropertiesTest, InitializeWithEmptyHostname) {
-  const HostPortPair host_port_pair("foo", 443);
+  url::SchemeHostPort server("https", "foo", 443);
   const AlternativeService alternative_service_with_empty_hostname(NPN_HTTP_2,
                                                                    "", 1234);
   const AlternativeService alternative_service_with_foo_hostname(NPN_HTTP_2,
                                                                  "foo", 1234);
-  SetAlternativeService(host_port_pair,
-                        alternative_service_with_empty_hostname);
+  SetAlternativeService(server, alternative_service_with_empty_hostname);
   impl_.MarkAlternativeServiceBroken(alternative_service_with_foo_hostname);
 
   AlternativeServiceMap alternative_service_map(
@@ -494,7 +516,7 @@ TEST_F(AlternateProtocolServerPropertiesTest, InitializeWithEmptyHostname) {
   EXPECT_TRUE(
       impl_.IsAlternativeServiceBroken(alternative_service_with_foo_hostname));
   const AlternativeServiceVector alternative_service_vector =
-      impl_.GetAlternativeServices(host_port_pair);
+      impl_.GetAlternativeServices(server);
   ASSERT_EQ(1u, alternative_service_vector.size());
   EXPECT_EQ(alternative_service_with_foo_hostname,
             alternative_service_vector[0]);
@@ -504,7 +526,7 @@ TEST_F(AlternateProtocolServerPropertiesTest, InitializeWithEmptyHostname) {
 // GetAlternativeServices() should remove |alternative_service_map_| elements
 // with empty value.
 TEST_F(AlternateProtocolServerPropertiesTest, EmptyVector) {
-  HostPortPair host_port_pair("foo", 443);
+  url::SchemeHostPort server("https", "foo", 443);
   const AlternativeService alternative_service(NPN_HTTP_2, "bar", 443);
   base::Time expiration = base::Time::Now() - base::TimeDelta::FromDays(1);
   const AlternativeServiceInfo alternative_service_info(alternative_service,
@@ -512,7 +534,7 @@ TEST_F(AlternateProtocolServerPropertiesTest, EmptyVector) {
   AlternativeServiceMap alternative_service_map(
       AlternativeServiceMap::NO_AUTO_EVICT);
   alternative_service_map.Put(
-      host_port_pair,
+      server,
       AlternativeServiceInfoVector(/*size=*/1, alternative_service_info));
 
   // Prepare |alternative_service_map_| with a single key that has a single
@@ -521,26 +543,26 @@ TEST_F(AlternateProtocolServerPropertiesTest, EmptyVector) {
 
   // GetAlternativeServices() should remove such AlternativeServiceInfo from
   // |alternative_service_map_|, emptying the AlternativeServiceInfoVector
-  // corresponding to |host_port_pair|.
+  // corresponding to |server|.
   AlternativeServiceVector alternative_service_vector =
-      impl_.GetAlternativeServices(host_port_pair);
+      impl_.GetAlternativeServices(server);
   ASSERT_TRUE(alternative_service_vector.empty());
 
   // GetAlternativeServices() should remove this key from
   // |alternative_service_map_|, and SetAlternativeServices() should not crash.
   impl_.SetAlternativeServices(
-      host_port_pair,
+      server,
       AlternativeServiceInfoVector(/*size=*/1, alternative_service_info));
 
-  // There should still be no alternative service assigned to |host_port_pair|.
-  alternative_service_vector = impl_.GetAlternativeServices(host_port_pair);
+  // There should still be no alternative service assigned to |server|.
+  alternative_service_vector = impl_.GetAlternativeServices(server);
   ASSERT_TRUE(alternative_service_vector.empty());
 }
 
 // Regression test for https://crbug.com/516486 for the canonical host case.
 TEST_F(AlternateProtocolServerPropertiesTest, EmptyVectorForCanonical) {
-  HostPortPair host_port_pair("foo.c.youtube.com", 443);
-  HostPortPair canonical_host_port_pair("bar.c.youtube.com", 443);
+  url::SchemeHostPort server("https", "foo.c.youtube.com", 443);
+  url::SchemeHostPort canonical_server("https", "bar.c.youtube.com", 443);
   const AlternativeService alternative_service(NPN_HTTP_2, "", 443);
   base::Time expiration = base::Time::Now() - base::TimeDelta::FromDays(1);
   const AlternativeServiceInfo alternative_service_info(alternative_service,
@@ -548,7 +570,7 @@ TEST_F(AlternateProtocolServerPropertiesTest, EmptyVectorForCanonical) {
   AlternativeServiceMap alternative_service_map(
       AlternativeServiceMap::NO_AUTO_EVICT);
   alternative_service_map.Put(
-      canonical_host_port_pair,
+      canonical_server,
       AlternativeServiceInfoVector(/*size=*/1, alternative_service_info));
 
   // Prepare |alternative_service_map_| with a single key that has a single
@@ -557,65 +579,91 @@ TEST_F(AlternateProtocolServerPropertiesTest, EmptyVectorForCanonical) {
 
   // GetAlternativeServices() should remove such AlternativeServiceInfo from
   // |alternative_service_map_|, emptying the AlternativeServiceInfoVector
-  // corresponding to |canonical_host_port_pair|, even when looking up
-  // alternative services for |host_port_pair|.
+  // corresponding to |canonical_server|, even when looking up
+  // alternative services for |server|.
   AlternativeServiceVector alternative_service_vector =
-      impl_.GetAlternativeServices(host_port_pair);
+      impl_.GetAlternativeServices(server);
   ASSERT_TRUE(alternative_service_vector.empty());
 
   // GetAlternativeServices() should remove this key from
   // |alternative_service_map_|, and SetAlternativeServices() should not crash.
   impl_.SetAlternativeServices(
-      canonical_host_port_pair,
+      canonical_server,
       AlternativeServiceInfoVector(/*size=*/1, alternative_service_info));
 
   // There should still be no alternative service assigned to
-  // |canonical_host_port_pair|.
-  alternative_service_vector =
-      impl_.GetAlternativeServices(canonical_host_port_pair);
+  // |canonical_server|.
+  alternative_service_vector = impl_.GetAlternativeServices(canonical_server);
   ASSERT_TRUE(alternative_service_vector.empty());
 }
 
+TEST_F(AlternateProtocolServerPropertiesTest, ClearServerWithCanonical) {
+  url::SchemeHostPort server("https", "foo.c.youtube.com", 443);
+  url::SchemeHostPort canonical_server("https", "bar.c.youtube.com", 443);
+  const AlternativeService alternative_service(QUIC, "", 443);
+  base::Time expiration = base::Time::Now() + base::TimeDelta::FromDays(1);
+  const AlternativeServiceInfo alternative_service_info(alternative_service,
+                                                        expiration);
+
+  impl_.SetAlternativeServices(
+      canonical_server,
+      AlternativeServiceInfoVector(/*size=*/1, alternative_service_info));
+
+  // Make sure the canonical service is returned for the other server.
+  const AlternativeServiceVector alternative_service_vector =
+      impl_.GetAlternativeServices(server);
+  ASSERT_EQ(1u, alternative_service_vector.size());
+  EXPECT_EQ(QUIC, alternative_service_vector[0].protocol);
+  EXPECT_EQ(443, alternative_service_vector[0].port);
+
+  // Now clear the alternatives for the other server and make sure it stays
+  // cleared.
+  // GetAlternativeServices() should remove this key from
+  // |alternative_service_map_|, and SetAlternativeServices() should not crash.
+  impl_.SetAlternativeServices(server, AlternativeServiceInfoVector());
+
+  ASSERT_TRUE(impl_.GetAlternativeServices(server).empty());
+}
+
 TEST_F(AlternateProtocolServerPropertiesTest, MRUOfGetAlternativeServices) {
-  HostPortPair test_host_port_pair1("foo1", 80);
+  url::SchemeHostPort test_server1("http", "foo1", 80);
   const AlternativeService alternative_service1(NPN_SPDY_3_1, "foo1", 443);
-  SetAlternativeService(test_host_port_pair1, alternative_service1);
-  HostPortPair test_host_port_pair2("foo2", 80);
+  SetAlternativeService(test_server1, alternative_service1);
+  url::SchemeHostPort test_server2("http", "foo2", 80);
   const AlternativeService alternative_service2(NPN_HTTP_2, "foo2", 1234);
-  SetAlternativeService(test_host_port_pair2, alternative_service2);
+  SetAlternativeService(test_server2, alternative_service2);
 
   const AlternativeServiceMap& map = impl_.alternative_service_map();
   AlternativeServiceMap::const_iterator it = map.begin();
-  EXPECT_TRUE(it->first.Equals(test_host_port_pair2));
+  EXPECT_TRUE(it->first.Equals(test_server2));
   ASSERT_EQ(1u, it->second.size());
   EXPECT_EQ(alternative_service2, it->second[0].alternative_service);
 
   const AlternativeServiceVector alternative_service_vector =
-      impl_.GetAlternativeServices(test_host_port_pair1);
+      impl_.GetAlternativeServices(test_server1);
   ASSERT_EQ(1u, alternative_service_vector.size());
   EXPECT_EQ(alternative_service1, alternative_service_vector[0]);
 
   // GetAlternativeServices should reorder the AlternateProtocol map.
   it = map.begin();
-  EXPECT_TRUE(it->first.Equals(test_host_port_pair1));
+  EXPECT_TRUE(it->first.Equals(test_server1));
   ASSERT_EQ(1u, it->second.size());
   EXPECT_EQ(alternative_service1, it->second[0].alternative_service);
 }
 
 TEST_F(AlternateProtocolServerPropertiesTest, SetBroken) {
-  HostPortPair test_host_port_pair("foo", 80);
+  url::SchemeHostPort test_server("http", "foo", 80);
   const AlternativeService alternative_service1(NPN_HTTP_2, "foo", 443);
-  SetAlternativeService(test_host_port_pair, alternative_service1);
+  SetAlternativeService(test_server, alternative_service1);
   AlternativeServiceVector alternative_service_vector =
-      impl_.GetAlternativeServices(test_host_port_pair);
+      impl_.GetAlternativeServices(test_server);
   ASSERT_EQ(1u, alternative_service_vector.size());
   EXPECT_EQ(alternative_service1, alternative_service_vector[0]);
   EXPECT_FALSE(impl_.IsAlternativeServiceBroken(alternative_service1));
 
   // GetAlternativeServices should return the broken alternative service.
   impl_.MarkAlternativeServiceBroken(alternative_service1);
-  alternative_service_vector =
-      impl_.GetAlternativeServices(test_host_port_pair);
+  alternative_service_vector = impl_.GetAlternativeServices(test_server);
   ASSERT_EQ(1u, alternative_service_vector.size());
   EXPECT_EQ(alternative_service1, alternative_service_vector[0]);
   EXPECT_TRUE(impl_.IsAlternativeServiceBroken(alternative_service1));
@@ -628,10 +676,8 @@ TEST_F(AlternateProtocolServerPropertiesTest, SetBroken) {
   const AlternativeService alternative_service2(NPN_HTTP_2, "foo", 1234);
   alternative_service_info_vector.push_back(
       AlternativeServiceInfo(alternative_service2, expiration));
-  impl_.SetAlternativeServices(test_host_port_pair,
-                               alternative_service_info_vector);
-  alternative_service_vector =
-      impl_.GetAlternativeServices(test_host_port_pair);
+  impl_.SetAlternativeServices(test_server, alternative_service_info_vector);
+  alternative_service_vector = impl_.GetAlternativeServices(test_server);
   ASSERT_EQ(2u, alternative_service_vector.size());
   EXPECT_EQ(alternative_service1, alternative_service_vector[0]);
   EXPECT_EQ(alternative_service2, alternative_service_vector[1]);
@@ -639,9 +685,8 @@ TEST_F(AlternateProtocolServerPropertiesTest, SetBroken) {
   EXPECT_FALSE(impl_.IsAlternativeServiceBroken(alternative_service_vector[1]));
 
   // SetAlternativeService should add a broken alternative service to the map.
-  SetAlternativeService(test_host_port_pair, alternative_service1);
-  alternative_service_vector =
-      impl_.GetAlternativeServices(test_host_port_pair);
+  SetAlternativeService(test_server, alternative_service1);
+  alternative_service_vector = impl_.GetAlternativeServices(test_server);
   ASSERT_EQ(1u, alternative_service_vector.size());
   EXPECT_EQ(alternative_service1, alternative_service_vector[0]);
   EXPECT_TRUE(impl_.IsAlternativeServiceBroken(alternative_service_vector[0]));
@@ -664,12 +709,11 @@ TEST_F(AlternateProtocolServerPropertiesTest, MaxAge) {
   alternative_service_info_vector.push_back(
       AlternativeServiceInfo(alternative_service2, now + one_day));
 
-  HostPortPair test_host_port_pair("foo", 80);
-  impl_.SetAlternativeServices(test_host_port_pair,
-                               alternative_service_info_vector);
+  url::SchemeHostPort test_server("http", "foo", 80);
+  impl_.SetAlternativeServices(test_server, alternative_service_info_vector);
 
   AlternativeServiceVector alternative_service_vector =
-      impl_.GetAlternativeServices(test_host_port_pair);
+      impl_.GetAlternativeServices(test_server);
   ASSERT_EQ(1u, alternative_service_vector.size());
   EXPECT_EQ(alternative_service2, alternative_service_vector[0]);
 }
@@ -691,17 +735,52 @@ TEST_F(AlternateProtocolServerPropertiesTest, MaxAgeCanonical) {
   alternative_service_info_vector.push_back(
       AlternativeServiceInfo(alternative_service2, now + one_day));
 
-  HostPortPair canonical_host_port_pair("bar.c.youtube.com", 80);
-  impl_.SetAlternativeServices(canonical_host_port_pair,
+  url::SchemeHostPort canonical_server("https", "bar.c.youtube.com", 443);
+  impl_.SetAlternativeServices(canonical_server,
                                alternative_service_info_vector);
 
-  HostPortPair test_host_port_pair("foo.c.youtube.com", 80);
+  url::SchemeHostPort test_server("https", "foo.c.youtube.com", 443);
   AlternativeServiceVector alternative_service_vector =
-      impl_.GetAlternativeServices(test_host_port_pair);
+      impl_.GetAlternativeServices(test_server);
   ASSERT_EQ(1u, alternative_service_vector.size());
   EXPECT_EQ(alternative_service2, alternative_service_vector[0]);
 }
 
+TEST_F(AlternateProtocolServerPropertiesTest, AlternativeServiceWithScheme) {
+  AlternativeServiceInfoVector alternative_service_info_vector;
+  const AlternativeService alternative_service1(NPN_SPDY_3_1, "foo", 443);
+  base::Time expiration = base::Time::Now() + base::TimeDelta::FromDays(1);
+  alternative_service_info_vector.push_back(
+      AlternativeServiceInfo(alternative_service1, expiration));
+  const AlternativeService alternative_service2(NPN_HTTP_2, "bar", 1234);
+  alternative_service_info_vector.push_back(
+      AlternativeServiceInfo(alternative_service2, expiration));
+  // Set Alt-Svc list for |http_server|.
+  url::SchemeHostPort http_server("http", "foo", 80);
+  impl_.SetAlternativeServices(http_server, alternative_service_info_vector);
+
+  const net::AlternativeServiceMap& map = impl_.alternative_service_map();
+  net::AlternativeServiceMap::const_iterator it = map.begin();
+  EXPECT_TRUE(it->first.Equals(http_server));
+  ASSERT_EQ(2u, it->second.size());
+  EXPECT_EQ(alternative_service1, it->second[0].alternative_service);
+  EXPECT_EQ(alternative_service2, it->second[1].alternative_service);
+
+  // Check Alt-Svc list should not be set for |https_server|.
+  url::SchemeHostPort https_server("https", "foo", 80);
+  EXPECT_EQ(0u, impl_.GetAlternativeServices(https_server).size());
+
+  // Set Alt-Svc list for |https_server|.
+  impl_.SetAlternativeServices(https_server, alternative_service_info_vector);
+  EXPECT_EQ(2u, impl_.GetAlternativeServices(https_server).size());
+  EXPECT_EQ(2u, impl_.GetAlternativeServices(http_server).size());
+
+  // Clear Alt-Svc list for |http_server|.
+  impl_.ClearAlternativeServices(http_server);
+  EXPECT_EQ(0u, impl_.GetAlternativeServices(http_server).size());
+  EXPECT_EQ(2u, impl_.GetAlternativeServices(https_server).size());
+}
+
 TEST_F(AlternateProtocolServerPropertiesTest, ClearAlternativeServices) {
   AlternativeServiceInfoVector alternative_service_info_vector;
   const AlternativeService alternative_service1(NPN_SPDY_3_1, "foo", 443);
@@ -711,18 +790,17 @@ TEST_F(AlternateProtocolServerPropertiesTest, ClearAlternativeServices) {
   const AlternativeService alternative_service2(NPN_HTTP_2, "bar", 1234);
   alternative_service_info_vector.push_back(
       AlternativeServiceInfo(alternative_service2, expiration));
-  HostPortPair test_host_port_pair("foo", 80);
-  impl_.SetAlternativeServices(test_host_port_pair,
-                               alternative_service_info_vector);
+  url::SchemeHostPort test_server("http", "foo", 80);
+  impl_.SetAlternativeServices(test_server, alternative_service_info_vector);
 
   const net::AlternativeServiceMap& map = impl_.alternative_service_map();
   net::AlternativeServiceMap::const_iterator it = map.begin();
-  EXPECT_TRUE(it->first.Equals(test_host_port_pair));
+  EXPECT_TRUE(it->first.Equals(test_server));
   ASSERT_EQ(2u, it->second.size());
   EXPECT_EQ(alternative_service1, it->second[0].alternative_service);
   EXPECT_EQ(alternative_service2, it->second[1].alternative_service);
 
-  impl_.ClearAlternativeServices(test_host_port_pair);
+  impl_.ClearAlternativeServices(test_server);
   EXPECT_TRUE(map.empty());
 }
 
@@ -731,14 +809,13 @@ TEST_F(AlternateProtocolServerPropertiesTest, ClearAlternativeServices) {
 // particular, an alternative service mapped to an origin shadows alternative
 // services of canonical hosts.
 TEST_F(AlternateProtocolServerPropertiesTest, BrokenShadowsCanonical) {
-  HostPortPair test_host_port_pair("foo.c.youtube.com", 80);
-  HostPortPair canonical_host_port_pair("bar.c.youtube.com", 80);
+  url::SchemeHostPort test_server("https", "foo.c.youtube.com", 443);
+  url::SchemeHostPort canonical_server("https", "bar.c.youtube.com", 443);
   AlternativeService canonical_alternative_service(QUIC, "bar.c.youtube.com",
                                                    1234);
-  SetAlternativeService(canonical_host_port_pair,
-                        canonical_alternative_service);
+  SetAlternativeService(canonical_server, canonical_alternative_service);
   AlternativeServiceVector alternative_service_vector =
-      impl_.GetAlternativeServices(test_host_port_pair);
+      impl_.GetAlternativeServices(test_server);
   ASSERT_EQ(1u, alternative_service_vector.size());
   EXPECT_EQ(canonical_alternative_service, alternative_service_vector[0]);
 
@@ -746,31 +823,30 @@ TEST_F(AlternateProtocolServerPropertiesTest, BrokenShadowsCanonical) {
   impl_.MarkAlternativeServiceBroken(broken_alternative_service);
   EXPECT_TRUE(impl_.IsAlternativeServiceBroken(broken_alternative_service));
 
-  SetAlternativeService(test_host_port_pair, broken_alternative_service);
-  alternative_service_vector =
-      impl_.GetAlternativeServices(test_host_port_pair);
+  SetAlternativeService(test_server, broken_alternative_service);
+  alternative_service_vector = impl_.GetAlternativeServices(test_server);
   ASSERT_EQ(1u, alternative_service_vector.size());
   EXPECT_EQ(broken_alternative_service, alternative_service_vector[0]);
   EXPECT_TRUE(impl_.IsAlternativeServiceBroken(broken_alternative_service));
 }
 
 TEST_F(AlternateProtocolServerPropertiesTest, ClearBroken) {
-  HostPortPair test_host_port_pair("foo", 80);
+  url::SchemeHostPort test_server("http", "foo", 80);
   const AlternativeService alternative_service(NPN_HTTP_2, "foo", 443);
-  SetAlternativeService(test_host_port_pair, alternative_service);
+  SetAlternativeService(test_server, alternative_service);
   impl_.MarkAlternativeServiceBroken(alternative_service);
-  ASSERT_TRUE(HasAlternativeService(test_host_port_pair));
+  ASSERT_TRUE(HasAlternativeService(test_server));
   EXPECT_TRUE(impl_.IsAlternativeServiceBroken(alternative_service));
   // ClearAlternativeServices should leave a broken alternative service marked
   // as such.
-  impl_.ClearAlternativeServices(test_host_port_pair);
+  impl_.ClearAlternativeServices(test_server);
   EXPECT_TRUE(impl_.IsAlternativeServiceBroken(alternative_service));
 }
 
 TEST_F(AlternateProtocolServerPropertiesTest, MarkRecentlyBroken) {
-  HostPortPair host_port_pair("foo", 80);
+  url::SchemeHostPort server("http", "foo", 80);
   const AlternativeService alternative_service(NPN_HTTP_2, "foo", 443);
-  SetAlternativeService(host_port_pair, alternative_service);
+  SetAlternativeService(server, alternative_service);
 
   EXPECT_FALSE(impl_.IsAlternativeServiceBroken(alternative_service));
   EXPECT_FALSE(impl_.WasAlternativeServiceRecentlyBroken(alternative_service));
@@ -785,11 +861,11 @@ TEST_F(AlternateProtocolServerPropertiesTest, MarkRecentlyBroken) {
 }
 
 TEST_F(AlternateProtocolServerPropertiesTest, Canonical) {
-  HostPortPair test_host_port_pair("foo.c.youtube.com", 80);
-  EXPECT_FALSE(HasAlternativeService(test_host_port_pair));
+  url::SchemeHostPort test_server("https", "foo.c.youtube.com", 443);
+  EXPECT_FALSE(HasAlternativeService(test_server));
 
-  HostPortPair canonical_host_port_pair("bar.c.youtube.com", 80);
-  EXPECT_FALSE(HasAlternativeService(canonical_host_port_pair));
+  url::SchemeHostPort canonical_server("https", "bar.c.youtube.com", 443);
+  EXPECT_FALSE(HasAlternativeService(canonical_server));
 
   AlternativeServiceInfoVector alternative_service_info_vector;
   const AlternativeService canonical_alternative_service1(
@@ -800,94 +876,89 @@ TEST_F(AlternateProtocolServerPropertiesTest, Canonical) {
   const AlternativeService canonical_alternative_service2(NPN_HTTP_2, "", 443);
   alternative_service_info_vector.push_back(
       AlternativeServiceInfo(canonical_alternative_service2, expiration));
-  impl_.SetAlternativeServices(canonical_host_port_pair,
+  impl_.SetAlternativeServices(canonical_server,
                                alternative_service_info_vector);
 
-  // Since |test_host_port_pair| does not have an alternative service itself,
-  // GetAlternativeServices should return those of |canonical_host_port_pair|.
+  // Since |test_server| does not have an alternative service itself,
+  // GetAlternativeServices should return those of |canonical_server|.
   AlternativeServiceVector alternative_service_vector =
-      impl_.GetAlternativeServices(test_host_port_pair);
+      impl_.GetAlternativeServices(test_server);
   ASSERT_EQ(2u, alternative_service_vector.size());
   EXPECT_EQ(canonical_alternative_service1, alternative_service_vector[0]);
 
   // Since |canonical_alternative_service2| has an empty host,
   // GetAlternativeServices should substitute the hostname of its |origin|
   // argument.
-  EXPECT_EQ(test_host_port_pair.host(), alternative_service_vector[1].host);
+  EXPECT_EQ(test_server.host(), alternative_service_vector[1].host);
   EXPECT_EQ(canonical_alternative_service2.protocol,
             alternative_service_vector[1].protocol);
   EXPECT_EQ(canonical_alternative_service2.port,
             alternative_service_vector[1].port);
 
   // Verify the canonical suffix.
+  EXPECT_EQ(".c.youtube.com", impl_.GetCanonicalSuffix(test_server.host()));
   EXPECT_EQ(".c.youtube.com",
-            impl_.GetCanonicalSuffix(test_host_port_pair.host()));
-  EXPECT_EQ(".c.youtube.com",
-            impl_.GetCanonicalSuffix(canonical_host_port_pair.host()));
+            impl_.GetCanonicalSuffix(canonical_server.host()));
 }
 
 TEST_F(AlternateProtocolServerPropertiesTest, ClearCanonical) {
-  HostPortPair test_host_port_pair("foo.c.youtube.com", 80);
-  HostPortPair canonical_host_port_pair("bar.c.youtube.com", 80);
+  url::SchemeHostPort test_server("https", "foo.c.youtube.com", 443);
+  url::SchemeHostPort canonical_server("https", "bar.c.youtube.com", 443);
   AlternativeService canonical_alternative_service(QUIC, "bar.c.youtube.com",
                                                    1234);
 
-  SetAlternativeService(canonical_host_port_pair,
-                        canonical_alternative_service);
-  impl_.ClearAlternativeServices(canonical_host_port_pair);
-  EXPECT_FALSE(HasAlternativeService(test_host_port_pair));
+  SetAlternativeService(canonical_server, canonical_alternative_service);
+  impl_.ClearAlternativeServices(canonical_server);
+  EXPECT_FALSE(HasAlternativeService(test_server));
 }
 
 TEST_F(AlternateProtocolServerPropertiesTest, CanonicalBroken) {
-  HostPortPair test_host_port_pair("foo.c.youtube.com", 80);
-  HostPortPair canonical_host_port_pair("bar.c.youtube.com", 80);
+  url::SchemeHostPort test_server("https", "foo.c.youtube.com", 443);
+  url::SchemeHostPort canonical_server("https", "bar.c.youtube.com", 443);
   AlternativeService canonical_alternative_service(QUIC, "bar.c.youtube.com",
                                                    1234);
 
-  SetAlternativeService(canonical_host_port_pair,
-                        canonical_alternative_service);
+  SetAlternativeService(canonical_server, canonical_alternative_service);
   impl_.MarkAlternativeServiceBroken(canonical_alternative_service);
-  EXPECT_FALSE(HasAlternativeService(test_host_port_pair));
+  EXPECT_FALSE(HasAlternativeService(test_server));
 }
 
 // Adding an alternative service for a new host overrides canonical host.
 TEST_F(AlternateProtocolServerPropertiesTest, CanonicalOverride) {
-  HostPortPair test_host_port_pair("foo.c.youtube.com", 80);
-  HostPortPair bar_host_port_pair("bar.c.youtube.com", 80);
+  url::SchemeHostPort foo_server("https", "foo.c.youtube.com", 443);
+  url::SchemeHostPort bar_server("https", "bar.c.youtube.com", 443);
   AlternativeService bar_alternative_service(QUIC, "bar.c.youtube.com", 1234);
-  SetAlternativeService(bar_host_port_pair, bar_alternative_service);
+  SetAlternativeService(bar_server, bar_alternative_service);
   AlternativeServiceVector alternative_service_vector =
-      impl_.GetAlternativeServices(test_host_port_pair);
+      impl_.GetAlternativeServices(foo_server);
   ASSERT_EQ(1u, alternative_service_vector.size());
   EXPECT_EQ(bar_alternative_service, alternative_service_vector[0]);
 
-  HostPortPair qux_host_port_pair("qux.c.youtube.com", 80);
+  url::SchemeHostPort qux_server("https", "qux.c.youtube.com", 443);
   AlternativeService qux_alternative_service(QUIC, "qux.c.youtube.com", 443);
-  SetAlternativeService(qux_host_port_pair, qux_alternative_service);
-  alternative_service_vector =
-      impl_.GetAlternativeServices(test_host_port_pair);
+  SetAlternativeService(qux_server, qux_alternative_service);
+  alternative_service_vector = impl_.GetAlternativeServices(foo_server);
   ASSERT_EQ(1u, alternative_service_vector.size());
   EXPECT_EQ(qux_alternative_service, alternative_service_vector[0]);
 }
 
 TEST_F(AlternateProtocolServerPropertiesTest, ClearWithCanonical) {
-  HostPortPair test_host_port_pair("foo.c.youtube.com", 80);
-  HostPortPair canonical_host_port_pair("bar.c.youtube.com", 80);
+  url::SchemeHostPort test_server("https", "foo.c.youtube.com", 443);
+  url::SchemeHostPort canonical_server("https", "bar.c.youtube.com", 443);
   AlternativeService canonical_alternative_service(QUIC, "bar.c.youtube.com",
                                                    1234);
 
-  SetAlternativeService(canonical_host_port_pair,
-                        canonical_alternative_service);
+  SetAlternativeService(canonical_server, canonical_alternative_service);
   impl_.Clear();
-  EXPECT_FALSE(HasAlternativeService(test_host_port_pair));
+  EXPECT_FALSE(HasAlternativeService(test_server));
 }
 
 TEST_F(AlternateProtocolServerPropertiesTest,
        ExpireBrokenAlternateProtocolMappings) {
-  HostPortPair host_port_pair("foo", 443);
+  url::SchemeHostPort server("https", "foo", 443);
   AlternativeService alternative_service(QUIC, "foo", 443);
-  SetAlternativeService(host_port_pair, alternative_service);
-  EXPECT_TRUE(HasAlternativeService(host_port_pair));
+  SetAlternativeService(server, alternative_service);
+  EXPECT_TRUE(HasAlternativeService(server));
   EXPECT_FALSE(impl_.IsAlternativeServiceBroken(alternative_service));
   EXPECT_FALSE(impl_.WasAlternativeServiceRecentlyBroken(alternative_service));
 
@@ -905,20 +976,20 @@ TEST_F(AlternateProtocolServerPropertiesTest,
 
 // Regression test for https://crbug.com/505413.
 TEST_F(AlternateProtocolServerPropertiesTest, RemoveExpiredBrokenAltSvc) {
-  HostPortPair foo_host_port_pair("foo", 443);
+  url::SchemeHostPort foo_server("https", "foo", 443);
   AlternativeService bar_alternative_service(QUIC, "bar", 443);
-  SetAlternativeService(foo_host_port_pair, bar_alternative_service);
-  EXPECT_TRUE(HasAlternativeService(foo_host_port_pair));
+  SetAlternativeService(foo_server, bar_alternative_service);
+  EXPECT_TRUE(HasAlternativeService(foo_server));
 
-  HostPortPair bar_host_port_pair1("bar", 80);
+  url::SchemeHostPort bar_server1("http", "bar", 80);
   AlternativeService nohost_alternative_service(QUIC, "", 443);
-  SetAlternativeService(bar_host_port_pair1, nohost_alternative_service);
-  EXPECT_TRUE(HasAlternativeService(bar_host_port_pair1));
+  SetAlternativeService(bar_server1, nohost_alternative_service);
+  EXPECT_TRUE(HasAlternativeService(bar_server1));
 
-  HostPortPair bar_host_port_pair2("bar", 443);
+  url::SchemeHostPort bar_server2("https", "bar", 443);
   AlternativeService baz_alternative_service(QUIC, "baz", 1234);
-  SetAlternativeService(bar_host_port_pair2, baz_alternative_service);
-  EXPECT_TRUE(HasAlternativeService(bar_host_port_pair2));
+  SetAlternativeService(bar_server2, baz_alternative_service);
+  EXPECT_TRUE(HasAlternativeService(bar_server2));
 
   // Mark "bar:443" as broken.
   base::TimeTicks past =
@@ -930,11 +1001,11 @@ TEST_F(AlternateProtocolServerPropertiesTest, RemoveExpiredBrokenAltSvc) {
   HttpServerPropertiesImplPeer::ExpireBrokenAlternateProtocolMappings(impl_);
 
   // "foo:443" should have no alternative service now.
-  EXPECT_FALSE(HasAlternativeService(foo_host_port_pair));
+  EXPECT_FALSE(HasAlternativeService(foo_server));
   // "bar:80" should have no alternative service now.
-  EXPECT_FALSE(HasAlternativeService(bar_host_port_pair1));
+  EXPECT_FALSE(HasAlternativeService(bar_server1));
   // The alternative service of "bar:443" should be unaffected.
-  EXPECT_TRUE(HasAlternativeService(bar_host_port_pair2));
+  EXPECT_TRUE(HasAlternativeService(bar_server2));
 
   EXPECT_TRUE(
       impl_.WasAlternativeServiceRecentlyBroken(bar_alternative_service));
@@ -945,10 +1016,10 @@ TEST_F(AlternateProtocolServerPropertiesTest, RemoveExpiredBrokenAltSvc) {
 typedef HttpServerPropertiesImplTest SpdySettingsServerPropertiesTest;
 
 TEST_F(SpdySettingsServerPropertiesTest, Initialize) {
-  HostPortPair spdy_server_google("www.google.com", 443);
-  HostPortPair spdy_server_photos("photos.google.com", 443);
-  HostPortPair spdy_server_docs("docs.google.com", 443);
-  HostPortPair spdy_server_mail("mail.google.com", 443);
+  url::SchemeHostPort spdy_server_google("https", "www.google.com", 443);
+  url::SchemeHostPort spdy_server_photos("https", "photos.google.com", 443);
+  url::SchemeHostPort spdy_server_docs("https", "docs.google.com", 443);
+  url::SchemeHostPort spdy_server_mail("https", "mail.google.com", 443);
 
   // Check by initializing empty spdy settings.
   SpdySettingsMap spdy_settings_map(SpdySettingsMap::NO_AUTO_EVICT);
@@ -1010,12 +1081,12 @@ TEST_F(SpdySettingsServerPropertiesTest, Initialize) {
 }
 
 TEST_F(SpdySettingsServerPropertiesTest, SetSpdySetting) {
-  HostPortPair spdy_server_empty(std::string(), 443);
+  url::SchemeHostPort spdy_server_empty("https", std::string(), 443);
   const SettingsMap& settings_map0 = impl_.GetSpdySettings(spdy_server_empty);
   EXPECT_EQ(0U, settings_map0.size());  // Returns kEmptySettingsMap.
 
   // Add www.google.com:443 as persisting.
-  HostPortPair spdy_server_google("www.google.com", 443);
+  url::SchemeHostPort spdy_server_google("https", "www.google.com", 443);
   const SpdySettingsIds id1 = SETTINGS_UPLOAD_BANDWIDTH;
   const SpdySettingsFlags flags1 = SETTINGS_FLAG_PLEASE_PERSIST;
   const uint32_t value1 = 31337;
@@ -1031,7 +1102,7 @@ TEST_F(SpdySettingsServerPropertiesTest, SetSpdySetting) {
   EXPECT_EQ(value1, flags_and_value1_ret.second);
 
   // Add mail.google.com:443 as not persisting.
-  HostPortPair spdy_server_mail("mail.google.com", 443);
+  url::SchemeHostPort spdy_server_mail("https", "mail.google.com", 443);
   const SpdySettingsIds id2 = SETTINGS_DOWNLOAD_BANDWIDTH;
   const SpdySettingsFlags flags2 = SETTINGS_FLAG_NONE;
   const uint32_t value2 = 62667;
@@ -1041,7 +1112,7 @@ TEST_F(SpdySettingsServerPropertiesTest, SetSpdySetting) {
   EXPECT_EQ(0U, settings_map2_ret.size());  // Returns kEmptySettingsMap.
 
   // Add docs.google.com:443 as persisting
-  HostPortPair spdy_server_docs("docs.google.com", 443);
+  url::SchemeHostPort spdy_server_docs("https", "docs.google.com", 443);
   const SpdySettingsIds id3 = SETTINGS_ROUND_TRIP_TIME;
   const SpdySettingsFlags flags3 = SETTINGS_FLAG_PLEASE_PERSIST;
   const uint32_t value3 = 93997;
@@ -1080,9 +1151,65 @@ TEST_F(SpdySettingsServerPropertiesTest, SetSpdySetting) {
   ASSERT_EQ(0U, impl_.spdy_settings_map().size());
 }
 
+TEST_F(SpdySettingsServerPropertiesTest, SpdySettingWithSchemeHostPort) {
+  // Test SpdySettingMap is correctly maintained with setting and
+  // clearing method.
+  // Add https://www.google.com:443 as persisting.
+  url::SchemeHostPort https_www_server("https", "www.google.com", 443);
+  url::SchemeHostPort http_www_server("http", "www.google.com", 443);
+  const SpdySettingsIds id1 = SETTINGS_UPLOAD_BANDWIDTH;
+  const SpdySettingsFlags flags1 = SETTINGS_FLAG_PLEASE_PERSIST;
+  const uint32_t value1 = 31337;
+  EXPECT_TRUE(impl_.SetSpdySetting(https_www_server, id1, flags1, value1));
+  // Check the values.
+  const SettingsMap& settings_map1_ret =
+      impl_.GetSpdySettings(https_www_server);
+  ASSERT_EQ(1U, settings_map1_ret.size());
+  SettingsMap::const_iterator it1_ret = settings_map1_ret.find(id1);
+  EXPECT_TRUE(it1_ret != settings_map1_ret.end());
+  SettingsFlagsAndValue flags_and_value1_ret = it1_ret->second;
+  EXPECT_EQ(SETTINGS_FLAG_PERSISTED, flags_and_value1_ret.first);
+  EXPECT_EQ(value1, flags_and_value1_ret.second);
+  // Check the values is not set for http server.
+  const SettingsMap& settings_map1_ret2 =
+      impl_.GetSpdySettings(http_www_server);
+  ASSERT_EQ(0U, settings_map1_ret2.size());
+
+  // Add http://www.google.com:443 as persisting
+  const SpdySettingsIds id2 = SETTINGS_ROUND_TRIP_TIME;
+  const SpdySettingsFlags flags2 = SETTINGS_FLAG_PLEASE_PERSIST;
+  const uint32_t value2 = 93997;
+  SettingsFlagsAndValue flags_and_value2(flags2, value2);
+  EXPECT_TRUE(impl_.SetSpdySetting(http_www_server, id2, flags2, value2));
+  // Check the values.
+  const SettingsMap& settings_map2_ret = impl_.GetSpdySettings(http_www_server);
+  ASSERT_EQ(1U, settings_map2_ret.size());
+  SettingsMap::const_iterator it2_ret = settings_map2_ret.find(id2);
+  EXPECT_TRUE(it2_ret != settings_map2_ret.end());
+  SettingsFlagsAndValue flags_and_value2_ret = it2_ret->second;
+  EXPECT_EQ(SETTINGS_FLAG_PERSISTED, flags_and_value2_ret.first);
+  EXPECT_EQ(value2, flags_and_value2_ret.second);
+
+  // Clear https://www.google.com:443 as persisting.
+  impl_.ClearSpdySettings(https_www_server);
+  // Check the values.
+  const SettingsMap& settings_map3_ret =
+      impl_.GetSpdySettings(https_www_server);
+  ASSERT_EQ(0U, settings_map3_ret.size());
+  // Check the setting is not cleared for http server.
+  const SettingsMap& settings_map3_ret2 =
+      impl_.GetSpdySettings(http_www_server);
+  ASSERT_EQ(1U, settings_map3_ret2.size());
+
+  // Clear all settings.
+  ASSERT_GT(impl_.spdy_settings_map().size(), 0U);
+  impl_.ClearAllSpdySettings();
+  ASSERT_EQ(0U, impl_.spdy_settings_map().size());
+}
+
 TEST_F(SpdySettingsServerPropertiesTest, Clear) {
   // Add www.google.com:443 as persisting.
-  HostPortPair spdy_server_google("www.google.com", 443);
+  url::SchemeHostPort spdy_server_google("https", "www.google.com", 443);
   const SpdySettingsIds id1 = SETTINGS_UPLOAD_BANDWIDTH;
   const SpdySettingsFlags flags1 = SETTINGS_FLAG_PLEASE_PERSIST;
   const uint32_t value1 = 31337;
@@ -1098,7 +1225,7 @@ TEST_F(SpdySettingsServerPropertiesTest, Clear) {
   EXPECT_EQ(value1, flags_and_value1_ret.second);
 
   // Add docs.google.com:443 as persisting
-  HostPortPair spdy_server_docs("docs.google.com", 443);
+  url::SchemeHostPort spdy_server_docs("https", "docs.google.com", 443);
   const SpdySettingsIds id3 = SETTINGS_ROUND_TRIP_TIME;
   const SpdySettingsFlags flags3 = SETTINGS_FLAG_PLEASE_PERSIST;
   const uint32_t value3 = 93997;
@@ -1120,14 +1247,14 @@ TEST_F(SpdySettingsServerPropertiesTest, Clear) {
 
 TEST_F(SpdySettingsServerPropertiesTest, MRUOfGetSpdySettings) {
   // Add www.google.com:443 as persisting.
-  HostPortPair spdy_server_google("www.google.com", 443);
+  url::SchemeHostPort spdy_server_google("https", "www.google.com", 443);
   const SpdySettingsIds id1 = SETTINGS_UPLOAD_BANDWIDTH;
   const SpdySettingsFlags flags1 = SETTINGS_FLAG_PLEASE_PERSIST;
   const uint32_t value1 = 31337;
   EXPECT_TRUE(impl_.SetSpdySetting(spdy_server_google, id1, flags1, value1));
 
   // Add docs.google.com:443 as persisting
-  HostPortPair spdy_server_docs("docs.google.com", 443);
+  url::SchemeHostPort spdy_server_docs("https", "docs.google.com", 443);
   const SpdySettingsIds id2 = SETTINGS_ROUND_TRIP_TIME;
   const SpdySettingsFlags flags2 = SETTINGS_FLAG_PLEASE_PERSIST;
   const uint32_t value2 = 93997;
@@ -1207,7 +1334,7 @@ TEST_F(SupportsQuicServerPropertiesTest, SetSupportsQuic) {
 typedef HttpServerPropertiesImplTest ServerNetworkStatsServerPropertiesTest;
 
 TEST_F(ServerNetworkStatsServerPropertiesTest, Initialize) {
-  HostPortPair google_server("www.google.com", 443);
+  url::SchemeHostPort google_server("https", "www.google.com", 443);
 
   // Check by initializing empty ServerNetworkStats.
   ServerNetworkStatsMap init_server_network_stats_map(
@@ -1232,7 +1359,7 @@ TEST_F(ServerNetworkStatsServerPropertiesTest, Initialize) {
   // |docs_server| has a ServerNetworkStats, which will be overwritten by
   // InitializeServerNetworkStats(), because |server_network_stats_map| has an
   // entry for |docs_server|.
-  HostPortPair docs_server("docs.google.com", 443);
+  url::SchemeHostPort docs_server("https", "docs.google.com", 443);
   ServerNetworkStats stats_docs;
   stats_docs.srtt = base::TimeDelta::FromMicroseconds(20);
   stats_docs.bandwidth_estimate = QuicBandwidth::FromBitsPerSecond(200);
@@ -1250,7 +1377,7 @@ TEST_F(ServerNetworkStatsServerPropertiesTest, Initialize) {
   new_stats_docs.bandwidth_estimate = QuicBandwidth::FromBitsPerSecond(250);
   server_network_stats_map.Put(docs_server, new_stats_docs);
   // Add data for mail.google.com:443.
-  HostPortPair mail_server("mail.google.com", 443);
+  url::SchemeHostPort mail_server("https", "mail.google.com", 443);
   ServerNetworkStats stats_mail;
   stats_mail.srtt = base::TimeDelta::FromMicroseconds(30);
   stats_mail.bandwidth_estimate = QuicBandwidth::FromBitsPerSecond(300);
@@ -1274,22 +1401,26 @@ TEST_F(ServerNetworkStatsServerPropertiesTest, Initialize) {
 }
 
 TEST_F(ServerNetworkStatsServerPropertiesTest, SetServerNetworkStats) {
-  HostPortPair foo_server("foo", 80);
-  const ServerNetworkStats* stats = impl_.GetServerNetworkStats(foo_server);
-  EXPECT_EQ(NULL, stats);
+  url::SchemeHostPort foo_http_server("http", "foo", 443);
+  url::SchemeHostPort foo_https_server("https", "foo", 443);
+  EXPECT_EQ(NULL, impl_.GetServerNetworkStats(foo_http_server));
+  EXPECT_EQ(NULL, impl_.GetServerNetworkStats(foo_https_server));
 
   ServerNetworkStats stats1;
   stats1.srtt = base::TimeDelta::FromMicroseconds(10);
   stats1.bandwidth_estimate = QuicBandwidth::FromBitsPerSecond(100);
-  impl_.SetServerNetworkStats(foo_server, stats1);
+  impl_.SetServerNetworkStats(foo_http_server, stats1);
 
-  const ServerNetworkStats* stats2 = impl_.GetServerNetworkStats(foo_server);
+  const ServerNetworkStats* stats2 =
+      impl_.GetServerNetworkStats(foo_http_server);
   EXPECT_EQ(10, stats2->srtt.ToInternalValue());
   EXPECT_EQ(100, stats2->bandwidth_estimate.ToBitsPerSecond());
+  // Https server should have nothing set for server network stats.
+  EXPECT_EQ(NULL, impl_.GetServerNetworkStats(foo_https_server));
 
   impl_.Clear();
-  const ServerNetworkStats* stats3 = impl_.GetServerNetworkStats(foo_server);
-  EXPECT_EQ(NULL, stats3);
+  EXPECT_EQ(NULL, impl_.GetServerNetworkStats(foo_http_server));
+  EXPECT_EQ(NULL, impl_.GetServerNetworkStats(foo_https_server));
 }
 
 typedef HttpServerPropertiesImplTest QuicServerInfoServerPropertiesTest;
diff --git a/chromium/net/http/http_server_properties_manager.cc b/chromium/net/http/http_server_properties_manager.cc
index a592f441bb0..67dd80e8c6c 100644
--- a/chromium/net/http/http_server_properties_manager.cc
+++ b/chromium/net/http/http_server_properties_manager.cc
@@ -10,10 +10,11 @@
 #include "base/stl_util.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/stringprintf.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/values.h"
 #include "net/base/ip_address.h"
 #include "net/base/port_util.h"
+#include "url/gurl.h"
 
 namespace net {
 
@@ -34,7 +35,7 @@ const int64_t kUpdatePrefsDelayMs = 60000;
 const int kMissingVersion = 0;
 
 // The version number of persisted http_server_properties.
-const int kVersionNumber = 4;
+const int kVersionNumber = 5;
 
 // Persist 200 MRU AlternateProtocolHostPortPairs.
 const int kMaxAlternateProtocolHostsToPersist = 200;
@@ -145,18 +146,20 @@ void HttpServerPropertiesManager::Clear(const base::Closure& completion) {
 }
 
 bool HttpServerPropertiesManager::SupportsRequestPriority(
-    const HostPortPair& server) {
+    const url::SchemeHostPort& server) {
   DCHECK(network_task_runner_->RunsTasksOnCurrentThread());
   return http_server_properties_impl_->SupportsRequestPriority(server);
 }
 
-bool HttpServerPropertiesManager::GetSupportsSpdy(const HostPortPair& server) {
+bool HttpServerPropertiesManager::GetSupportsSpdy(
+    const url::SchemeHostPort& server) {
   DCHECK(network_task_runner_->RunsTasksOnCurrentThread());
   return http_server_properties_impl_->GetSupportsSpdy(server);
 }
 
-void HttpServerPropertiesManager::SetSupportsSpdy(const HostPortPair& server,
-                                                  bool support_spdy) {
+void HttpServerPropertiesManager::SetSupportsSpdy(
+    const url::SchemeHostPort& server,
+    bool support_spdy) {
   DCHECK(network_task_runner_->RunsTasksOnCurrentThread());
 
   bool old_support_spdy = http_server_properties_impl_->GetSupportsSpdy(server);
@@ -186,13 +189,13 @@ void HttpServerPropertiesManager::MaybeForceHTTP11(const HostPortPair& server,
 }
 
 AlternativeServiceVector HttpServerPropertiesManager::GetAlternativeServices(
-    const HostPortPair& origin) {
+    const url::SchemeHostPort& origin) {
   DCHECK(network_task_runner_->RunsTasksOnCurrentThread());
   return http_server_properties_impl_->GetAlternativeServices(origin);
 }
 
 bool HttpServerPropertiesManager::SetAlternativeService(
-    const HostPortPair& origin,
+    const url::SchemeHostPort& origin,
     const AlternativeService& alternative_service,
     base::Time expiration) {
   DCHECK(network_task_runner_->RunsTasksOnCurrentThread());
@@ -205,7 +208,7 @@ bool HttpServerPropertiesManager::SetAlternativeService(
 }
 
 bool HttpServerPropertiesManager::SetAlternativeServices(
-    const HostPortPair& origin,
+    const url::SchemeHostPort& origin,
     const AlternativeServiceInfoVector& alternative_service_info_vector) {
   DCHECK(network_task_runner_->RunsTasksOnCurrentThread());
   const bool changed = http_server_properties_impl_->SetAlternativeServices(
@@ -261,7 +264,7 @@ void HttpServerPropertiesManager::ConfirmAlternativeService(
 }
 
 void HttpServerPropertiesManager::ClearAlternativeServices(
-    const HostPortPair& origin) {
+    const url::SchemeHostPort& origin) {
   DCHECK(network_task_runner_->RunsTasksOnCurrentThread());
   const AlternativeServiceMap& map =
       http_server_properties_impl_->alternative_service_map();
@@ -279,36 +282,35 @@ HttpServerPropertiesManager::alternative_service_map() const {
   return http_server_properties_impl_->alternative_service_map();
 }
 
-scoped_ptr<base::Value>
-HttpServerPropertiesManager::GetAlternativeServiceInfoAsValue()
-    const {
+std::unique_ptr<base::Value>
+HttpServerPropertiesManager::GetAlternativeServiceInfoAsValue() const {
   DCHECK(network_task_runner_->RunsTasksOnCurrentThread());
   return http_server_properties_impl_->GetAlternativeServiceInfoAsValue();
 }
 
 const SettingsMap& HttpServerPropertiesManager::GetSpdySettings(
-    const HostPortPair& host_port_pair) {
+    const url::SchemeHostPort& server) {
   DCHECK(network_task_runner_->RunsTasksOnCurrentThread());
-  return http_server_properties_impl_->GetSpdySettings(host_port_pair);
+  return http_server_properties_impl_->GetSpdySettings(server);
 }
 
 bool HttpServerPropertiesManager::SetSpdySetting(
-    const HostPortPair& host_port_pair,
+    const url::SchemeHostPort& server,
     SpdySettingsIds id,
     SpdySettingsFlags flags,
     uint32_t value) {
   DCHECK(network_task_runner_->RunsTasksOnCurrentThread());
-  bool persist = http_server_properties_impl_->SetSpdySetting(
-      host_port_pair, id, flags, value);
+  bool persist =
+      http_server_properties_impl_->SetSpdySetting(server, id, flags, value);
   if (persist)
     ScheduleUpdatePrefsOnNetworkThread(SET_SPDY_SETTING);
   return persist;
 }
 
 void HttpServerPropertiesManager::ClearSpdySettings(
-    const HostPortPair& host_port_pair) {
+    const url::SchemeHostPort& server) {
   DCHECK(network_task_runner_->RunsTasksOnCurrentThread());
-  http_server_properties_impl_->ClearSpdySettings(host_port_pair);
+  http_server_properties_impl_->ClearSpdySettings(server);
   ScheduleUpdatePrefsOnNetworkThread(CLEAR_SPDY_SETTINGS);
 }
 
@@ -343,25 +345,25 @@ void HttpServerPropertiesManager::SetSupportsQuic(bool used_quic,
 }
 
 void HttpServerPropertiesManager::SetServerNetworkStats(
-    const HostPortPair& host_port_pair,
+    const url::SchemeHostPort& server,
     ServerNetworkStats stats) {
   DCHECK(network_task_runner_->RunsTasksOnCurrentThread());
   ServerNetworkStats old_stats;
   const ServerNetworkStats* old_stats_ptr =
-      http_server_properties_impl_->GetServerNetworkStats(host_port_pair);
-  if (http_server_properties_impl_->GetServerNetworkStats(host_port_pair))
+      http_server_properties_impl_->GetServerNetworkStats(server);
+  if (http_server_properties_impl_->GetServerNetworkStats(server))
     old_stats = *old_stats_ptr;
-  http_server_properties_impl_->SetServerNetworkStats(host_port_pair, stats);
+  http_server_properties_impl_->SetServerNetworkStats(server, stats);
   ServerNetworkStats new_stats =
-      *(http_server_properties_impl_->GetServerNetworkStats(host_port_pair));
+      *(http_server_properties_impl_->GetServerNetworkStats(server));
   if (old_stats != new_stats)
     ScheduleUpdatePrefsOnNetworkThread(SET_SERVER_NETWORK_STATS);
 }
 
 const ServerNetworkStats* HttpServerPropertiesManager::GetServerNetworkStats(
-    const HostPortPair& host_port_pair) {
+    const url::SchemeHostPort& server) {
   DCHECK(network_task_runner_->RunsTasksOnCurrentThread());
-  return http_server_properties_impl_->GetServerNetworkStats(host_port_pair);
+  return http_server_properties_impl_->GetServerNetworkStats(server);
 }
 
 const ServerNetworkStatsMap&
@@ -458,7 +460,7 @@ void HttpServerPropertiesManager::UpdateCacheFromPrefsOnPrefThread() {
     //      "servers": {
     //         "0-edge-chat.facebook.com:443" : {...},
     //         "0.client-channel.google.com:443" : {...},
-    //         "yt3.ggpht.com:443" : {...},
+    //         "yt3.ggpht.com:80" : {...},
     //         ...
     //      }, ...
     // },
@@ -468,14 +470,27 @@ void HttpServerPropertiesManager::UpdateCacheFromPrefsOnPrefThread() {
       return;
     }
   } else {
-    // From Version 4 onwards, data was stored in the following format.
+    // For Version 4, data was stored in the following format.
     // |servers| are saved in MRU order.
     //
     // "http_server_properties": {
     //      "servers": [
     //          {"yt3.ggpht.com:443" : {...}},
     //          {"0.client-channel.google.com:443" : {...}},
-    //          {"0-edge-chat.facebook.com:443" : {...}},
+    //          {"0-edge-chat.facebook.com:80" : {...}},
+    //          ...
+    //      ], ...
+    // },
+    // For Version 5, data was stored in the following format.
+    // |servers| are saved in MRU order. |servers| are in the format flattened
+    // representation of (scheme/host/port) where port might be ignored if is
+    // default with scheme.
+    //
+    // "http_server_properties": {
+    //      "servers": [
+    //          {"https://yt3.ggpht.com" : {...}},
+    //          {"http://0.client-channel.google.com:443" : {...}},
+    //          {"http://0-edge-chat.facebook.com" : {...}},
     //          ...
     //      ], ...
     // },
@@ -489,21 +504,21 @@ void HttpServerPropertiesManager::UpdateCacheFromPrefsOnPrefThread() {
   IPAddress* addr = new IPAddress;
   ReadSupportsQuic(http_server_properties_dict, addr);
 
-  // String is host/port pair of spdy server.
-  scoped_ptr<ServerList> spdy_servers(new ServerList);
-  scoped_ptr<SpdySettingsMap> spdy_settings_map(
+  // String is "scheme://host:port" tuple of spdy server.
+  std::unique_ptr<ServerList> spdy_servers(new ServerList);
+  std::unique_ptr<SpdySettingsMap> spdy_settings_map(
       new SpdySettingsMap(kMaxSpdySettingsHostsToPersist));
-  scoped_ptr<AlternativeServiceMap> alternative_service_map(
+  std::unique_ptr<AlternativeServiceMap> alternative_service_map(
       new AlternativeServiceMap(kMaxAlternateProtocolHostsToPersist));
-  scoped_ptr<ServerNetworkStatsMap> server_network_stats_map(
+  std::unique_ptr<ServerNetworkStatsMap> server_network_stats_map(
       new ServerNetworkStatsMap(kMaxServerNetworkStatsHostsToPersist));
-  scoped_ptr<QuicServerInfoMap> quic_server_info_map(
+  std::unique_ptr<QuicServerInfoMap> quic_server_info_map(
       new QuicServerInfoMap(QuicServerInfoMap::NO_AUTO_EVICT));
 
   if (version < 4) {
     if (!AddServersData(*servers_dict, spdy_servers.get(),
                         spdy_settings_map.get(), alternative_service_map.get(),
-                        server_network_stats_map.get())) {
+                        server_network_stats_map.get(), version)) {
       detected_corrupted_prefs = true;
     }
   } else {
@@ -514,9 +529,10 @@ void HttpServerPropertiesManager::UpdateCacheFromPrefsOnPrefThread() {
         detected_corrupted_prefs = true;
         continue;
       }
-      if (!AddServersData(
-              *servers_dict, spdy_servers.get(), spdy_settings_map.get(),
-              alternative_service_map.get(), server_network_stats_map.get())) {
+      if (!AddServersData(*servers_dict, spdy_servers.get(),
+                          spdy_settings_map.get(),
+                          alternative_service_map.get(),
+                          server_network_stats_map.get(), version)) {
         detected_corrupted_prefs = true;
       }
     }
@@ -544,13 +560,19 @@ bool HttpServerPropertiesManager::AddServersData(
     ServerList* spdy_servers,
     SpdySettingsMap* spdy_settings_map,
     AlternativeServiceMap* alternative_service_map,
-    ServerNetworkStatsMap* network_stats_map) {
+    ServerNetworkStatsMap* network_stats_map,
+    int version) {
   for (base::DictionaryValue::Iterator it(servers_dict); !it.IsAtEnd();
        it.Advance()) {
-    // Get server's host/pair.
+    // Get server's scheme/host/pair.
     const std::string& server_str = it.key();
-    HostPortPair server = HostPortPair::FromString(server_str);
-    if (server.host().empty()) {
+    std::string spdy_server_url = server_str;
+    if (version < 5) {
+      // For old version disk data, always use HTTPS as the scheme.
+      spdy_server_url.insert(0, "https://");
+    }
+    url::SchemeHostPort spdy_server((GURL(spdy_server_url)));
+    if (spdy_server.host().empty()) {
       DVLOG(1) << "Malformed http_server_properties for server: " << server_str;
       return false;
     }
@@ -565,13 +587,14 @@ bool HttpServerPropertiesManager::AddServersData(
     bool supports_spdy = false;
     if ((server_pref_dict->GetBoolean(kSupportsSpdyKey, &supports_spdy)) &&
         supports_spdy) {
-      spdy_servers->push_back(server_str);
+      spdy_servers->push_back(spdy_server.Serialize());
     }
 
-    AddToSpdySettingsMap(server, *server_pref_dict, spdy_settings_map);
-    if (!AddToAlternativeServiceMap(server, *server_pref_dict,
+    AddToSpdySettingsMap(spdy_server, *server_pref_dict, spdy_settings_map);
+    if (!AddToAlternativeServiceMap(spdy_server, *server_pref_dict,
                                     alternative_service_map) ||
-        !AddToNetworkStatsMap(server, *server_pref_dict, network_stats_map)) {
+        !AddToNetworkStatsMap(spdy_server, *server_pref_dict,
+                              network_stats_map)) {
       return false;
     }
   }
@@ -579,7 +602,7 @@ bool HttpServerPropertiesManager::AddServersData(
 }
 
 void HttpServerPropertiesManager::AddToSpdySettingsMap(
-    const HostPortPair& server,
+    const url::SchemeHostPort& server,
     const base::DictionaryValue& server_pref_dict,
     SpdySettingsMap* spdy_settings_map) {
   // Get SpdySettings.
@@ -596,14 +619,14 @@ void HttpServerPropertiesManager::AddToSpdySettingsMap(
     int id = 0;
     if (!base::StringToInt(id_str, &id)) {
       DVLOG(1) << "Malformed id in SpdySettings for server: "
-               << server.ToString();
+               << server.Serialize();
       NOTREACHED();
       continue;
     }
     int value = 0;
     if (!dict_it.value().GetAsInteger(&value)) {
       DVLOG(1) << "Malformed value in SpdySettings for server: "
-               << server.ToString();
+               << server.Serialize();
       NOTREACHED();
       continue;
     }
@@ -681,7 +704,7 @@ bool HttpServerPropertiesManager::ParseAlternativeServiceDict(
 }
 
 bool HttpServerPropertiesManager::AddToAlternativeServiceMap(
-    const HostPortPair& server,
+    const url::SchemeHostPort& server,
     const base::DictionaryValue& server_pref_dict,
     AlternativeServiceMap* alternative_service_map) {
   DCHECK(alternative_service_map->Peek(server) ==
@@ -701,7 +724,7 @@ bool HttpServerPropertiesManager::AddToAlternativeServiceMap(
       return false;
     AlternativeServiceInfo alternative_service_info;
     if (!ParseAlternativeServiceDict(*alternative_service_dict,
-                                     server.ToString(),
+                                     server.Serialize(),
                                      &alternative_service_info)) {
       return false;
     }
@@ -746,7 +769,7 @@ bool HttpServerPropertiesManager::ReadSupportsQuic(
 }
 
 bool HttpServerPropertiesManager::AddToNetworkStatsMap(
-    const HostPortPair& server,
+    const url::SchemeHostPort& server,
     const base::DictionaryValue& server_pref_dict,
     ServerNetworkStatsMap* network_stats_map) {
   DCHECK(network_stats_map->Peek(server) == network_stats_map->end());
@@ -759,7 +782,7 @@ bool HttpServerPropertiesManager::AddToNetworkStatsMap(
   if (!server_network_stats_dict->GetIntegerWithoutPathExpansion(kSrttKey,
                                                                  &srtt)) {
     DVLOG(1) << "Malformed ServerNetworkStats for server: "
-             << server.ToString();
+             << server.Serialize();
     return false;
   }
   ServerNetworkStats server_network_stats;
@@ -918,7 +941,7 @@ void HttpServerPropertiesManager::UpdatePrefsFromCacheOnNetworkThread(
   // Maintain MRU order.
   for (AlternativeServiceMap::const_reverse_iterator it = map.rbegin();
        it != map.rend() && count < kMaxAlternateProtocolHostsToPersist; ++it) {
-    const HostPortPair& server = it->first;
+    const url::SchemeHostPort& server = it->first;
     AlternativeServiceInfoVector notbroken_alternative_service_info_vector;
     for (const AlternativeServiceInfo& alternative_service_info : it->second) {
       // Do not persist expired entries.
@@ -1029,16 +1052,16 @@ void HttpServerPropertiesManager::UpdatePrefsOnPrefThread(
     ServerNetworkStatsMap* server_network_stats_map,
     QuicServerInfoMap* quic_server_info_map,
     const base::Closure& completion) {
-  typedef base::MRUCache<HostPortPair, ServerPref> ServerPrefMap;
+  typedef base::MRUCache<url::SchemeHostPort, ServerPref> ServerPrefMap;
   ServerPrefMap server_pref_map(ServerPrefMap::NO_AUTO_EVICT);
 
   DCHECK(pref_task_runner_->RunsTasksOnCurrentThread());
 
   // Add servers that support spdy to server_pref_map in the MRU order.
   for (size_t index = spdy_server_list->GetSize(); index > 0; --index) {
-    std::string s;
-    if (spdy_server_list->GetString(index - 1, &s)) {
-      HostPortPair server = HostPortPair::FromString(s);
+    std::string server_str;
+    if (spdy_server_list->GetString(index - 1, &server_str)) {
+      url::SchemeHostPort server((GURL(server_str)));
       ServerPrefMap::iterator it = server_pref_map.Get(server);
       if (it == server_pref_map.end()) {
         ServerPref server_pref;
@@ -1053,7 +1076,7 @@ void HttpServerPropertiesManager::UpdatePrefsOnPrefThread(
   // Add servers that have SpdySettings to server_pref_map in the MRU order.
   for (SpdySettingsMap::reverse_iterator map_it = spdy_settings_map->rbegin();
        map_it != spdy_settings_map->rend(); ++map_it) {
-    const HostPortPair& server = map_it->first;
+    const url::SchemeHostPort server = map_it->first;
     ServerPrefMap::iterator it = server_pref_map.Get(server);
     if (it == server_pref_map.end()) {
       ServerPref server_pref;
@@ -1068,7 +1091,7 @@ void HttpServerPropertiesManager::UpdatePrefsOnPrefThread(
   for (AlternativeServiceMap::const_reverse_iterator map_it =
            alternative_service_map->rbegin();
        map_it != alternative_service_map->rend(); ++map_it) {
-    const HostPortPair& server = map_it->first;
+    const url::SchemeHostPort server = map_it->first;
     ServerPrefMap::iterator it = server_pref_map.Get(server);
     if (it == server_pref_map.end()) {
       ServerPref server_pref;
@@ -1083,7 +1106,7 @@ void HttpServerPropertiesManager::UpdatePrefsOnPrefThread(
   for (ServerNetworkStatsMap::const_reverse_iterator map_it =
            server_network_stats_map->rbegin();
        map_it != server_network_stats_map->rend(); ++map_it) {
-    const HostPortPair& server = map_it->first;
+    const url::SchemeHostPort server = map_it->first;
     ServerPrefMap::iterator it = server_pref_map.Get(server);
     if (it == server_pref_map.end()) {
       ServerPref server_pref;
@@ -1099,7 +1122,7 @@ void HttpServerPropertiesManager::UpdatePrefsOnPrefThread(
   base::ListValue* servers_list = new base::ListValue;
   for (ServerPrefMap::const_reverse_iterator map_it = server_pref_map.rbegin();
        map_it != server_pref_map.rend(); ++map_it) {
-    const HostPortPair& server = map_it->first;
+    const url::SchemeHostPort server = map_it->first;
     const ServerPref& server_pref = map_it->second;
 
     base::DictionaryValue* servers_dict = new base::DictionaryValue;
@@ -1114,7 +1137,7 @@ void HttpServerPropertiesManager::UpdatePrefsOnPrefThread(
     SaveNetworkStatsToServerPrefs(server_pref.server_network_stats,
                                   server_pref_dict);
 
-    servers_dict->SetWithoutPathExpansion(server.ToString(), server_pref_dict);
+    servers_dict->SetWithoutPathExpansion(server.Serialize(), server_pref_dict);
     bool value = servers_list->AppendIfNotPresent(servers_dict);
     DCHECK(value);  // Should never happen.
   }
@@ -1164,7 +1187,8 @@ void HttpServerPropertiesManager::SaveAlternativeServiceToServerPrefs(
       alternative_service_info_vector->empty()) {
     return;
   }
-  scoped_ptr<base::ListValue> alternative_service_list(new base::ListValue);
+  std::unique_ptr<base::ListValue> alternative_service_list(
+      new base::ListValue);
   for (const AlternativeServiceInfo& alternative_service_info :
        *alternative_service_info_vector) {
     const AlternativeService alternative_service =
diff --git a/chromium/net/http/http_server_properties_manager.h b/chromium/net/http/http_server_properties_manager.h
index a7ede48f0c6..36d08d13913 100644
--- a/chromium/net/http/http_server_properties_manager.h
+++ b/chromium/net/http/http_server_properties_manager.h
@@ -7,13 +7,13 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 #include <vector>
 
 #include "base/compiler_specific.h"
 #include "base/gtest_prod_util.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "base/timer/timer.h"
 #include "base/values.h"
@@ -108,19 +108,20 @@ class NET_EXPORT HttpServerPropertiesManager : public HttpServerProperties {
 
   base::WeakPtr<HttpServerProperties> GetWeakPtr() override;
   void Clear() override;
-  bool SupportsRequestPriority(const HostPortPair& server) override;
-  bool GetSupportsSpdy(const HostPortPair& server) override;
-  void SetSupportsSpdy(const HostPortPair& server, bool support_spdy) override;
+  bool SupportsRequestPriority(const url::SchemeHostPort& server) override;
+  bool GetSupportsSpdy(const url::SchemeHostPort& server) override;
+  void SetSupportsSpdy(const url::SchemeHostPort& server,
+                       bool support_spdy) override;
   bool RequiresHTTP11(const HostPortPair& server) override;
   void SetHTTP11Required(const HostPortPair& server) override;
   void MaybeForceHTTP11(const HostPortPair& server,
                         SSLConfig* ssl_config) override;
   AlternativeServiceVector GetAlternativeServices(
-      const HostPortPair& origin) override;
-  bool SetAlternativeService(const HostPortPair& origin,
+      const url::SchemeHostPort& origin) override;
+  bool SetAlternativeService(const url::SchemeHostPort& origin,
                              const AlternativeService& alternative_service,
                              base::Time expiration) override;
-  bool SetAlternativeServices(const HostPortPair& origin,
+  bool SetAlternativeServices(const url::SchemeHostPort& origin,
                               const AlternativeServiceInfoVector&
                                   alternative_service_info_vector) override;
   void MarkAlternativeServiceBroken(
@@ -133,24 +134,25 @@ class NET_EXPORT HttpServerPropertiesManager : public HttpServerProperties {
       const AlternativeService& alternative_service) override;
   void ConfirmAlternativeService(
       const AlternativeService& alternative_service) override;
-  void ClearAlternativeServices(const HostPortPair& origin) override;
+  void ClearAlternativeServices(const url::SchemeHostPort& origin) override;
   const AlternativeServiceMap& alternative_service_map() const override;
-  scoped_ptr<base::Value> GetAlternativeServiceInfoAsValue() const override;
+  std::unique_ptr<base::Value> GetAlternativeServiceInfoAsValue()
+      const override;
   const SettingsMap& GetSpdySettings(
-      const HostPortPair& host_port_pair) override;
-  bool SetSpdySetting(const HostPortPair& host_port_pair,
+      const url::SchemeHostPort& server) override;
+  bool SetSpdySetting(const url::SchemeHostPort& server,
                       SpdySettingsIds id,
                       SpdySettingsFlags flags,
                       uint32_t value) override;
-  void ClearSpdySettings(const HostPortPair& host_port_pair) override;
+  void ClearSpdySettings(const url::SchemeHostPort& server) override;
   void ClearAllSpdySettings() override;
   const SpdySettingsMap& spdy_settings_map() const override;
   bool GetSupportsQuic(IPAddress* last_address) const override;
   void SetSupportsQuic(bool used_quic, const IPAddress& last_address) override;
-  void SetServerNetworkStats(const HostPortPair& host_port_pair,
+  void SetServerNetworkStats(const url::SchemeHostPort& server,
                              ServerNetworkStats stats) override;
   const ServerNetworkStats* GetServerNetworkStats(
-      const HostPortPair& host_port_pair) override;
+      const url::SchemeHostPort& server) override;
   const ServerNetworkStatsMap& server_network_stats_map() const override;
   bool SetQuicServerInfo(const QuicServerId& server_id,
                          const std::string& server_info) override;
@@ -253,8 +255,9 @@ class NET_EXPORT HttpServerPropertiesManager : public HttpServerProperties {
                       ServerList* spdy_servers,
                       SpdySettingsMap* spdy_settings_map,
                       AlternativeServiceMap* alternative_service_map,
-                      ServerNetworkStatsMap* network_stats_map);
-  void AddToSpdySettingsMap(const HostPortPair& server,
+                      ServerNetworkStatsMap* network_stats_map,
+                      int version);
+  void AddToSpdySettingsMap(const url::SchemeHostPort& server,
                             const base::DictionaryValue& server_dict,
                             SpdySettingsMap* spdy_settings_map);
   bool ParseAlternativeServiceDict(
@@ -262,12 +265,12 @@ class NET_EXPORT HttpServerPropertiesManager : public HttpServerProperties {
       const std::string& server_str,
       AlternativeServiceInfo* alternative_service_info);
   bool AddToAlternativeServiceMap(
-      const HostPortPair& server,
+      const url::SchemeHostPort& server,
       const base::DictionaryValue& server_dict,
       AlternativeServiceMap* alternative_service_map);
   bool ReadSupportsQuic(const base::DictionaryValue& server_dict,
                         IPAddress* last_quic_address);
-  bool AddToNetworkStatsMap(const HostPortPair& server,
+  bool AddToNetworkStatsMap(const url::SchemeHostPort& server,
                             const base::DictionaryValue& server_dict,
                             ServerNetworkStatsMap* network_stats_map);
   bool AddToQuicServerInfoMap(const base::DictionaryValue& server_dict,
@@ -297,9 +300,9 @@ class NET_EXPORT HttpServerPropertiesManager : public HttpServerProperties {
   base::WeakPtr<HttpServerPropertiesManager> pref_weak_ptr_;
 
   // Used to post cache update tasks.
-  scoped_ptr<base::OneShotTimer> pref_cache_update_timer_;
+  std::unique_ptr<base::OneShotTimer> pref_cache_update_timer_;
 
-  scoped_ptr<PrefDelegate> pref_delegate_;
+  std::unique_ptr<PrefDelegate> pref_delegate_;
   bool setting_prefs_;
 
   // --------------
@@ -309,16 +312,16 @@ class NET_EXPORT HttpServerPropertiesManager : public HttpServerProperties {
   const scoped_refptr<base::SequencedTaskRunner> network_task_runner_;
 
   // Used to post |prefs::kHttpServerProperties| pref update tasks.
-  scoped_ptr<base::OneShotTimer> network_prefs_update_timer_;
+  std::unique_ptr<base::OneShotTimer> network_prefs_update_timer_;
 
-  scoped_ptr<HttpServerPropertiesImpl> http_server_properties_impl_;
+  std::unique_ptr<HttpServerPropertiesImpl> http_server_properties_impl_;
 
   // Used to get |weak_ptr_| to self on the pref thread.
-  scoped_ptr<base::WeakPtrFactory<HttpServerPropertiesManager> >
+  std::unique_ptr<base::WeakPtrFactory<HttpServerPropertiesManager>>
       pref_weak_ptr_factory_;
 
   // Used to get |weak_ptr_| to self on the network thread.
-  scoped_ptr<base::WeakPtrFactory<HttpServerPropertiesManager> >
+  std::unique_ptr<base::WeakPtrFactory<HttpServerPropertiesManager>>
       network_weak_ptr_factory_;
 
   DISALLOW_COPY_AND_ASSIGN(HttpServerPropertiesManager);
diff --git a/chromium/net/http/http_server_properties_manager_unittest.cc b/chromium/net/http/http_server_properties_manager_unittest.cc
index bf83ff78ec6..2099b850e63 100644
--- a/chromium/net/http/http_server_properties_manager_unittest.cc
+++ b/chromium/net/http/http_server_properties_manager_unittest.cc
@@ -13,7 +13,7 @@
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/stringprintf.h"
 #include "base/test/test_simple_task_runner.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/values.h"
 #include "net/base/ip_address.h"
 #include "testing/gmock/include/gmock/gmock.h"
@@ -143,7 +143,7 @@ class TestingHttpServerPropertiesManager : public HttpServerPropertiesManager {
 
 // TODO(rtenneti): After we stop supporting version 3 and everyone has migrated
 // to version 4, delete the following code.
-static const int kHttpServerPropertiesVersions[] = {3, 4};
+static const int kHttpServerPropertiesVersions[] = {3, 4, 5};
 
 class HttpServerPropertiesManagerTest : public testing::TestWithParam<int> {
  protected:
@@ -206,14 +206,15 @@ class HttpServerPropertiesManagerTest : public testing::TestWithParam<int> {
                        UpdatePrefsFromCacheOnNetworkThreadConcrete));
   }
 
-  bool HasAlternativeService(const HostPortPair& server) {
+  bool HasAlternativeService(const url::SchemeHostPort& server) {
     const AlternativeServiceVector alternative_service_vector =
         http_server_props_manager_->GetAlternativeServices(server);
     return !alternative_service_vector.empty();
   }
 
   MockPrefDelegate* pref_delegate_;  // Owned by HttpServerPropertiesManager.
-  scoped_ptr<TestingHttpServerPropertiesManager> http_server_props_manager_;
+  std::unique_ptr<TestingHttpServerPropertiesManager>
+      http_server_props_manager_;
   base::Time one_day_from_now_;
 
  private:
@@ -232,13 +233,15 @@ TEST_P(HttpServerPropertiesManagerTest,
   // it twice. Only expect a single cache update.
 
   base::DictionaryValue* server_pref_dict = new base::DictionaryValue;
-  HostPortPair google_server("www.google.com", 80);
-  HostPortPair mail_server("mail.google.com", 80);
+  url::SchemeHostPort google_server(GetParam() >= 5 ? "http" : "https",
+                                    "www.google.com", 80);
+  url::SchemeHostPort mail_server(GetParam() >= 5 ? "http" : "https",
+                                  "mail.google.com", 80);
 
-  // Set supports_spdy for www.google.com:80.
+  // Set supports_spdy for http://www.google.com:80.
   server_pref_dict->SetBoolean("supports_spdy", true);
 
-  // Set up alternative_services for www.google.com:80.
+  // Set up alternative_services for http://www.google.com:80.
   base::DictionaryValue* alternative_service_dict0 = new base::DictionaryValue;
   alternative_service_dict0->SetInteger("port", 443);
   alternative_service_dict0->SetString("protocol_str", "npn-h2");
@@ -251,16 +254,18 @@ TEST_P(HttpServerPropertiesManagerTest,
   server_pref_dict->SetWithoutPathExpansion("alternative_service",
                                             alternative_service_list0);
 
-  // Set up ServerNetworkStats for www.google.com:80.
+  // Set up ServerNetworkStats for http://www.google.com:80.
   base::DictionaryValue* stats = new base::DictionaryValue;
   stats->SetInteger("srtt", 10);
   server_pref_dict->SetWithoutPathExpansion("network_stats", stats);
 
-  // Set the server preference for www.google.com:80.
+  // Set the server preference for http://www.google.com:80.
   base::DictionaryValue* servers_dict = new base::DictionaryValue;
-  servers_dict->SetWithoutPathExpansion("www.google.com:80", server_pref_dict);
+  servers_dict->SetWithoutPathExpansion(
+      GetParam() >= 5 ? "http://www.google.com" : "www.google.com:80",
+      server_pref_dict);
   base::ListValue* servers_list = nullptr;
-  if (GetParam() == 4) {
+  if (GetParam() >= 4) {
     servers_list = new base::ListValue;
     // |servers_list| takes ownership of |servers_dict|.
     servers_list->AppendIfNotPresent(servers_dict);
@@ -282,18 +287,25 @@ TEST_P(HttpServerPropertiesManagerTest,
   server_pref_dict1->SetWithoutPathExpansion("alternative_service",
                                              alternative_service_list1);
 
-  // Set up ServerNetworkStats for mail.google.com:80 and it is the MRU server.
+  // Set up ServerNetworkStats for http://mail.google.com:80 and it is the MRU
+  // server.
   base::DictionaryValue* stats1 = new base::DictionaryValue;
   stats1->SetInteger("srtt", 20);
   server_pref_dict1->SetWithoutPathExpansion("network_stats", stats1);
-  // Set the server preference for mail.google.com:80.
-  servers_dict->SetWithoutPathExpansion("mail.google.com:80",
-                                        server_pref_dict1);
+  // Set the server preference for http://mail.google.com:80.
+  servers_dict->SetWithoutPathExpansion(
+      GetParam() >= 5 ? "http://mail.google.com" : "mail.google.com:80",
+      server_pref_dict1);
   base::DictionaryValue http_server_properties_dict;
-  if (GetParam() == 4) {
+  if (GetParam() >= 4) {
     // |servers_list| takes ownership of |servers_dict|.
     servers_list->AppendIfNotPresent(servers_dict);
-    HttpServerPropertiesManager::SetVersion(&http_server_properties_dict, -1);
+    if (GetParam() == 5) {
+      HttpServerPropertiesManager::SetVersion(&http_server_properties_dict, -1);
+    } else {
+      HttpServerPropertiesManager::SetVersion(&http_server_properties_dict,
+                                              GetParam());
+    }
     http_server_properties_dict.SetWithoutPathExpansion("servers",
                                                         servers_list);
   } else {
@@ -350,11 +362,15 @@ TEST_P(HttpServerPropertiesManagerTest,
   EXPECT_TRUE(
       http_server_props_manager_->SupportsRequestPriority(google_server));
   EXPECT_TRUE(http_server_props_manager_->SupportsRequestPriority(mail_server));
-  EXPECT_FALSE(http_server_props_manager_->SupportsRequestPriority(
-      HostPortPair::FromString("foo.google.com:1337")));
+  HostPortPair foo_host_port_pair =
+      HostPortPair::FromString("foo.google.com:1337");
+  url::SchemeHostPort foo_server("http", foo_host_port_pair.host(),
+                                 foo_host_port_pair.port());
+
+  EXPECT_FALSE(http_server_props_manager_->SupportsRequestPriority(foo_server));
 
   // Verify alternative service.
-  if (GetParam() == 4) {
+  if (GetParam() >= 4) {
     const AlternativeServiceMap& map =
         http_server_props_manager_->alternative_service_map();
     ASSERT_EQ(2u, map.size());
@@ -456,11 +472,16 @@ TEST_P(HttpServerPropertiesManagerTest, BadCachedHostPortPair) {
   servers_dict->SetWithoutPathExpansion("www.google.com:65536",
                                         server_pref_dict);
   base::DictionaryValue http_server_properties_dict;
-  if (GetParam() == 4) {
+  if (GetParam() >= 4) {
     base::ListValue* servers_list = new base::ListValue;
     // |servers_list| takes ownership of |servers_dict|.
     servers_list->AppendIfNotPresent(servers_dict);
-    HttpServerPropertiesManager::SetVersion(&http_server_properties_dict, -1);
+    if (GetParam() == 5) {
+      HttpServerPropertiesManager::SetVersion(&http_server_properties_dict, -1);
+    } else {
+      HttpServerPropertiesManager::SetVersion(&http_server_properties_dict,
+                                              GetParam());
+    }
     http_server_properties_dict.SetWithoutPathExpansion("servers",
                                                         servers_list);
   } else {
@@ -488,13 +509,16 @@ TEST_P(HttpServerPropertiesManagerTest, BadCachedHostPortPair) {
   Mock::VerifyAndClearExpectations(http_server_props_manager_.get());
 
   // Verify that nothing is set.
-  EXPECT_FALSE(http_server_props_manager_->SupportsRequestPriority(
-      HostPortPair::FromString("www.google.com:65536")));
+  HostPortPair google_host_port_pair =
+      HostPortPair::FromString("www.google.com:65536");
+  url::SchemeHostPort gooler_server("http", google_host_port_pair.host(),
+                                    google_host_port_pair.port());
+
   EXPECT_FALSE(
-      HasAlternativeService(HostPortPair::FromString("www.google.com:65536")));
+      http_server_props_manager_->SupportsRequestPriority(gooler_server));
+  EXPECT_FALSE(HasAlternativeService(gooler_server));
   const ServerNetworkStats* stats1 =
-      http_server_props_manager_->GetServerNetworkStats(
-          HostPortPair::FromString("www.google.com:65536"));
+      http_server_props_manager_->GetServerNetworkStats(gooler_server);
   EXPECT_EQ(nullptr, stats1);
   EXPECT_EQ(0u, http_server_props_manager_->quic_server_info_map().size());
 }
@@ -523,11 +547,16 @@ TEST_P(HttpServerPropertiesManagerTest, BadCachedAltProtocolPort) {
   base::DictionaryValue* servers_dict = new base::DictionaryValue;
   servers_dict->SetWithoutPathExpansion("www.google.com:80", server_pref_dict);
   base::DictionaryValue http_server_properties_dict;
-  if (GetParam() == 4) {
+  if (GetParam() >= 4) {
     base::ListValue* servers_list = new base::ListValue;
     // |servers_list| takes ownership of |servers_dict|.
     servers_list->AppendIfNotPresent(servers_dict);
-    HttpServerPropertiesManager::SetVersion(&http_server_properties_dict, -1);
+    if (GetParam() == 5) {
+      HttpServerPropertiesManager::SetVersion(&http_server_properties_dict, -1);
+    } else {
+      HttpServerPropertiesManager::SetVersion(&http_server_properties_dict,
+                                              GetParam());
+    }
     http_server_properties_dict.SetWithoutPathExpansion("servers",
                                                         servers_list);
   } else {
@@ -545,7 +574,7 @@ TEST_P(HttpServerPropertiesManagerTest, BadCachedAltProtocolPort) {
 
   // Verify alternative service is not set.
   EXPECT_FALSE(
-      HasAlternativeService(HostPortPair::FromString("www.google.com:80")));
+      HasAlternativeService(url::SchemeHostPort("http", "www.google.com", 80)));
 }
 
 TEST_P(HttpServerPropertiesManagerTest, SupportsSpdy) {
@@ -556,18 +585,17 @@ TEST_P(HttpServerPropertiesManagerTest, SupportsSpdy) {
   // ScheduleUpdatePrefsOnNetworkThread.
 
   // Add mail.google.com:443 as a supporting spdy server.
-  HostPortPair spdy_server_mail("mail.google.com", 443);
+  url::SchemeHostPort spdy_server("https", "mail.google.com", 443);
   EXPECT_FALSE(
-      http_server_props_manager_->SupportsRequestPriority(spdy_server_mail));
-  http_server_props_manager_->SetSupportsSpdy(spdy_server_mail, true);
+      http_server_props_manager_->SupportsRequestPriority(spdy_server));
+  http_server_props_manager_->SetSupportsSpdy(spdy_server, true);
   // ExpectScheduleUpdatePrefsOnNetworkThread() should be called only once.
-  http_server_props_manager_->SetSupportsSpdy(spdy_server_mail, true);
+  http_server_props_manager_->SetSupportsSpdy(spdy_server, true);
 
   // Run the task.
   base::RunLoop().RunUntilIdle();
 
-  EXPECT_TRUE(
-      http_server_props_manager_->SupportsRequestPriority(spdy_server_mail));
+  EXPECT_TRUE(http_server_props_manager_->SupportsRequestPriority(spdy_server));
   Mock::VerifyAndClearExpectations(http_server_props_manager_.get());
 }
 
@@ -576,7 +604,7 @@ TEST_P(HttpServerPropertiesManagerTest, SetSpdySetting) {
   ExpectScheduleUpdatePrefsOnNetworkThread();
 
   // Add SpdySetting for mail.google.com:443.
-  HostPortPair spdy_server_mail("mail.google.com", 443);
+  url::SchemeHostPort spdy_server_mail("https", "mail.google.com", 443);
   const SpdySettingsIds id1 = SETTINGS_UPLOAD_BANDWIDTH;
   const SpdySettingsFlags flags1 = SETTINGS_FLAG_PLEASE_PERSIST;
   const uint32_t value1 = 31337;
@@ -603,7 +631,7 @@ TEST_P(HttpServerPropertiesManagerTest, ClearSpdySetting) {
   ExpectScheduleUpdatePrefsOnNetworkThreadRepeatedly();
 
   // Add SpdySetting for mail.google.com:443.
-  HostPortPair spdy_server_mail("mail.google.com", 443);
+  url::SchemeHostPort spdy_server_mail("https", "mail.google.com", 443);
   const SpdySettingsIds id1 = SETTINGS_UPLOAD_BANDWIDTH;
   const SpdySettingsFlags flags1 = SETTINGS_FLAG_PLEASE_PERSIST;
   const uint32_t value1 = 31337;
@@ -642,7 +670,7 @@ TEST_P(HttpServerPropertiesManagerTest, ClearAllSpdySetting) {
   ExpectScheduleUpdatePrefsOnNetworkThreadRepeatedly();
 
   // Add SpdySetting for mail.google.com:443.
-  HostPortPair spdy_server_mail("mail.google.com", 443);
+  url::SchemeHostPort spdy_server_mail("https", "mail.google.com", 443);
   const SpdySettingsIds id1 = SETTINGS_UPLOAD_BANDWIDTH;
   const SpdySettingsFlags flags1 = SETTINGS_FLAG_PLEASE_PERSIST;
   const uint32_t value1 = 31337;
@@ -679,7 +707,7 @@ TEST_P(HttpServerPropertiesManagerTest, GetAlternativeServices) {
   ExpectPrefsUpdate();
   ExpectScheduleUpdatePrefsOnNetworkThread();
 
-  HostPortPair spdy_server_mail("mail.google.com", 80);
+  url::SchemeHostPort spdy_server_mail("http", "mail.google.com", 80);
   EXPECT_FALSE(HasAlternativeService(spdy_server_mail));
   const AlternativeService alternative_service(NPN_HTTP_2, "mail.google.com",
                                                443);
@@ -703,7 +731,7 @@ TEST_P(HttpServerPropertiesManagerTest, SetAlternativeServices) {
   ExpectPrefsUpdate();
   ExpectScheduleUpdatePrefsOnNetworkThread();
 
-  HostPortPair spdy_server_mail("mail.google.com", 80);
+  url::SchemeHostPort spdy_server_mail("http", "mail.google.com", 80);
   EXPECT_FALSE(HasAlternativeService(spdy_server_mail));
   AlternativeServiceInfoVector alternative_service_info_vector;
   const AlternativeService alternative_service1(NPN_HTTP_2, "mail.google.com",
@@ -731,7 +759,7 @@ TEST_P(HttpServerPropertiesManagerTest, SetAlternativeServices) {
 }
 
 TEST_P(HttpServerPropertiesManagerTest, SetAlternativeServicesEmpty) {
-  HostPortPair spdy_server_mail("mail.google.com", 80);
+  url::SchemeHostPort spdy_server_mail("http", "mail.google.com", 80);
   EXPECT_FALSE(HasAlternativeService(spdy_server_mail));
   const AlternativeService alternative_service(NPN_HTTP_2, "mail.google.com",
                                                443);
@@ -750,7 +778,7 @@ TEST_P(HttpServerPropertiesManagerTest, ClearAlternativeServices) {
   ExpectPrefsUpdate();
   ExpectScheduleUpdatePrefsOnNetworkThread();
 
-  HostPortPair spdy_server_mail("mail.google.com", 80);
+  url::SchemeHostPort spdy_server_mail("http", "mail.google.com", 80);
   EXPECT_FALSE(HasAlternativeService(spdy_server_mail));
   AlternativeService alternative_service(NPN_HTTP_2, "mail.google.com", 443);
   http_server_props_manager_->SetAlternativeService(
@@ -770,7 +798,7 @@ TEST_P(HttpServerPropertiesManagerTest, ClearAlternativeServices) {
 TEST_P(HttpServerPropertiesManagerTest, ConfirmAlternativeService) {
   ExpectPrefsUpdate();
 
-  HostPortPair spdy_server_mail("mail.google.com", 80);
+  url::SchemeHostPort spdy_server_mail("http", "mail.google.com", 80);
   EXPECT_FALSE(HasAlternativeService(spdy_server_mail));
   AlternativeService alternative_service(NPN_HTTP_2, "mail.google.com", 443);
 
@@ -837,7 +865,7 @@ TEST_P(HttpServerPropertiesManagerTest, ServerNetworkStats) {
   ExpectPrefsUpdate();
   ExpectScheduleUpdatePrefsOnNetworkThread();
 
-  HostPortPair mail_server("mail.google.com", 80);
+  url::SchemeHostPort mail_server("http", "mail.google.com", 80);
   const ServerNetworkStats* stats =
       http_server_props_manager_->GetServerNetworkStats(mail_server);
   EXPECT_EQ(nullptr, stats);
@@ -882,16 +910,16 @@ TEST_P(HttpServerPropertiesManagerTest, Clear) {
   ExpectPrefsUpdate();
   ExpectScheduleUpdatePrefsOnNetworkThreadRepeatedly();
 
-  HostPortPair spdy_server_mail("mail.google.com", 443);
-  http_server_props_manager_->SetSupportsSpdy(spdy_server_mail, true);
+  url::SchemeHostPort spdy_server("https", "mail.google.com", 443);
+  http_server_props_manager_->SetSupportsSpdy(spdy_server, true);
   AlternativeService alternative_service(NPN_HTTP_2, "mail.google.com", 1234);
   http_server_props_manager_->SetAlternativeService(
-      spdy_server_mail, alternative_service, one_day_from_now_);
+      spdy_server, alternative_service, one_day_from_now_);
   IPAddress actual_address(127, 0, 0, 1);
   http_server_props_manager_->SetSupportsQuic(true, actual_address);
   ServerNetworkStats stats;
   stats.srtt = base::TimeDelta::FromMicroseconds(10);
-  http_server_props_manager_->SetServerNetworkStats(spdy_server_mail, stats);
+  http_server_props_manager_->SetServerNetworkStats(spdy_server, stats);
 
   QuicServerId mail_quic_server_id("mail.google.com", 80);
   std::string quic_server_info1("quic_server_info1");
@@ -901,27 +929,25 @@ TEST_P(HttpServerPropertiesManagerTest, Clear) {
   const SpdySettingsIds id1 = SETTINGS_UPLOAD_BANDWIDTH;
   const SpdySettingsFlags flags1 = SETTINGS_FLAG_PLEASE_PERSIST;
   const uint32_t value1 = 31337;
-  http_server_props_manager_->SetSpdySetting(spdy_server_mail, id1, flags1,
-                                             value1);
+  http_server_props_manager_->SetSpdySetting(spdy_server, id1, flags1, value1);
 
   // Run the task.
   base::RunLoop().RunUntilIdle();
 
-  EXPECT_TRUE(
-      http_server_props_manager_->SupportsRequestPriority(spdy_server_mail));
-  EXPECT_TRUE(HasAlternativeService(spdy_server_mail));
+  EXPECT_TRUE(http_server_props_manager_->SupportsRequestPriority(spdy_server));
+  EXPECT_TRUE(HasAlternativeService(spdy_server));
   IPAddress address;
   EXPECT_TRUE(http_server_props_manager_->GetSupportsQuic(&address));
   EXPECT_EQ(actual_address, address);
   const ServerNetworkStats* stats1 =
-      http_server_props_manager_->GetServerNetworkStats(spdy_server_mail);
+      http_server_props_manager_->GetServerNetworkStats(spdy_server);
   EXPECT_EQ(10, stats1->srtt.ToInternalValue());
   EXPECT_EQ(quic_server_info1, *http_server_props_manager_->GetQuicServerInfo(
                                    mail_quic_server_id));
 
   // Check SPDY settings values.
   const SettingsMap& settings_map1_ret =
-      http_server_props_manager_->GetSpdySettings(spdy_server_mail);
+      http_server_props_manager_->GetSpdySettings(spdy_server);
   ASSERT_EQ(1U, settings_map1_ret.size());
   SettingsMap::const_iterator it1_ret = settings_map1_ret.find(id1);
   EXPECT_TRUE(it1_ret != settings_map1_ret.end());
@@ -938,17 +964,17 @@ TEST_P(HttpServerPropertiesManagerTest, Clear) {
   base::RunLoop().Run();
 
   EXPECT_FALSE(
-      http_server_props_manager_->SupportsRequestPriority(spdy_server_mail));
-  EXPECT_FALSE(HasAlternativeService(spdy_server_mail));
+      http_server_props_manager_->SupportsRequestPriority(spdy_server));
+  EXPECT_FALSE(HasAlternativeService(spdy_server));
   EXPECT_FALSE(http_server_props_manager_->GetSupportsQuic(&address));
   const ServerNetworkStats* stats2 =
-      http_server_props_manager_->GetServerNetworkStats(spdy_server_mail);
+      http_server_props_manager_->GetServerNetworkStats(spdy_server);
   EXPECT_EQ(nullptr, stats2);
   EXPECT_EQ(nullptr,
             http_server_props_manager_->GetQuicServerInfo(mail_quic_server_id));
 
   const SettingsMap& settings_map2_ret =
-      http_server_props_manager_->GetSpdySettings(spdy_server_mail);
+      http_server_props_manager_->GetSpdySettings(spdy_server);
   EXPECT_EQ(0U, settings_map2_ret.size());
 
   Mock::VerifyAndClearExpectations(http_server_props_manager_.get());
@@ -961,10 +987,10 @@ TEST_P(HttpServerPropertiesManagerTest, BadSupportsQuic) {
 
   base::DictionaryValue* servers_dict = new base::DictionaryValue;
   base::ListValue* servers_list = nullptr;
-  if (GetParam() == 4)
+  if (GetParam() >= 4)
     servers_list = new base::ListValue;
 
-  for (int i = 0; i < 200; ++i) {
+  for (int i = 1; i <= 200; ++i) {
     // Set up alternative_service for www.google.com:i.
     base::DictionaryValue* alternative_service_dict = new base::DictionaryValue;
     alternative_service_dict->SetString("protocol_str", "quic");
@@ -974,29 +1000,39 @@ TEST_P(HttpServerPropertiesManagerTest, BadSupportsQuic) {
     base::DictionaryValue* server_pref_dict = new base::DictionaryValue;
     server_pref_dict->SetWithoutPathExpansion("alternative_service",
                                               alternative_service_list);
-    if (GetParam() == 4) {
+    if (GetParam() >= 5) {
+      servers_dict->SetWithoutPathExpansion(
+          StringPrintf("http://www.google.com:%d", i), server_pref_dict);
+    } else {
       servers_dict->SetWithoutPathExpansion(
           StringPrintf("www.google.com:%d", i), server_pref_dict);
+    }
+    if (GetParam() >= 4) {
       // |servers_list| takes ownership of |servers_dict|.
       servers_list->AppendIfNotPresent(servers_dict);
       servers_dict = new base::DictionaryValue;
-    } else {
-      servers_dict->SetWithoutPathExpansion(
-          StringPrintf("www.google.com:%d", i), server_pref_dict);
     }
   }
 
-  // Set the preference for mail.google.com server.
+  // Set the server preference for http://mail.google.com server.
   base::DictionaryValue* server_pref_dict1 = new base::DictionaryValue;
-
-  // Set the server preference for mail.google.com:80.
-  servers_dict->SetWithoutPathExpansion("mail.google.com:80",
-                                        server_pref_dict1);
+  if (GetParam() >= 5) {
+    servers_dict->SetWithoutPathExpansion("http://mail.google.com",
+                                          server_pref_dict1);
+  } else {
+    servers_dict->SetWithoutPathExpansion("mail.google.com:80",
+                                          server_pref_dict1);
+  }
   base::DictionaryValue http_server_properties_dict;
-  if (GetParam() == 4) {
+  if (GetParam() >= 4) {
     // |servers_list| takes ownership of |servers_dict|.
     servers_list->AppendIfNotPresent(servers_dict);
-    HttpServerPropertiesManager::SetVersion(&http_server_properties_dict, -1);
+    if (GetParam() == 5) {
+      HttpServerPropertiesManager::SetVersion(&http_server_properties_dict, -1);
+    } else {
+      HttpServerPropertiesManager::SetVersion(&http_server_properties_dict,
+                                              GetParam());
+    }
     http_server_properties_dict.SetWithoutPathExpansion("servers",
                                                         servers_list);
   } else {
@@ -1020,11 +1056,16 @@ TEST_P(HttpServerPropertiesManagerTest, BadSupportsQuic) {
   Mock::VerifyAndClearExpectations(http_server_props_manager_.get());
 
   // Verify alternative service.
-  for (int i = 0; i < 200; ++i) {
-    std::string server = StringPrintf("www.google.com:%d", i);
+  for (int i = 1; i <= 200; ++i) {
+    GURL server_gurl;
+    if (GetParam() >= 5) {
+      server_gurl = GURL(StringPrintf("http://www.google.com:%d", i));
+    } else {
+      server_gurl = GURL(StringPrintf("https://www.google.com:%d", i));
+    }
+    url::SchemeHostPort server(server_gurl);
     AlternativeServiceVector alternative_service_vector =
-        http_server_props_manager_->GetAlternativeServices(
-            HostPortPair::FromString(server));
+        http_server_props_manager_->GetAlternativeServices(server);
     ASSERT_EQ(1u, alternative_service_vector.size());
     EXPECT_EQ(QUIC, alternative_service_vector[0].protocol);
     EXPECT_EQ(i, alternative_service_vector[0].port);
@@ -1039,8 +1080,8 @@ TEST_P(HttpServerPropertiesManagerTest, BadSupportsQuic) {
 TEST_P(HttpServerPropertiesManagerTest, UpdateCacheWithPrefs) {
   ExpectScheduleUpdatePrefsOnNetworkThreadRepeatedly();
 
-  const HostPortPair server_www("www.google.com", 80);
-  const HostPortPair server_mail("mail.google.com", 80);
+  const url::SchemeHostPort server_www("http", "www.google.com", 80);
+  const url::SchemeHostPort server_mail("http", "mail.google.com", 80);
 
   // Set alternate protocol.
   AlternativeServiceInfoVector alternative_service_info_vector;
@@ -1090,18 +1131,18 @@ TEST_P(HttpServerPropertiesManagerTest, UpdateCacheWithPrefs) {
       "{\"quic_servers\":{\"https://"
       "mail.google.com:80\":{\"server_info\":\"quic_server_info1\"}},"
       "\"servers\":["
-      "{\"www.google.com:80\":{"
+      "{\"http://www.google.com\":{"
       "\"alternative_service\":[{\"expiration\":\"13756212000000000\","
       "\"port\":443,\"protocol_str\":\"npn-h2\"},"
       "{\"expiration\":\"13758804000000000\",\"host\":\"www.google.com\","
       "\"port\":1234,\"protocol_str\":\"npn-h2\"}]}},"
-      "{\"mail.google.com:80\":{\"alternative_service\":[{"
+      "{\"http://mail.google.com\":{\"alternative_service\":[{"
       "\"expiration\":\"9223372036854775807\",\"host\":\"foo.google.com\","
       "\"port\":444,\"protocol_str\":\"npn-spdy/3.1\"}],"
       "\"network_stats\":{\"srtt\":42}}}"
       "],"
       "\"supports_quic\":{\"address\":\"127.0.0.1\",\"used_quic\":true},"
-      "\"version\":4}";
+      "\"version\":5}";
 
   const base::Value* http_server_properties =
       &pref_delegate_->GetServerProperties();
@@ -1112,7 +1153,7 @@ TEST_P(HttpServerPropertiesManagerTest, UpdateCacheWithPrefs) {
 }
 
 TEST_P(HttpServerPropertiesManagerTest, AddToAlternativeServiceMap) {
-  scoped_ptr<base::Value> server_value = base::JSONReader::Read(
+  std::unique_ptr<base::Value> server_value = base::JSONReader::Read(
       "{\"alternative_service\":[{\"port\":443,\"protocol_str\":\"npn-h2\"},"
       "{\"port\":123,\"protocol_str\":\"quic\","
       "\"expiration\":\"9223372036854775807\"},{\"host\":\"example.org\","
@@ -1122,13 +1163,12 @@ TEST_P(HttpServerPropertiesManagerTest, AddToAlternativeServiceMap) {
   base::DictionaryValue* server_dict;
   ASSERT_TRUE(server_value->GetAsDictionary(&server_dict));
 
-  const HostPortPair host_port_pair("example.com", 443);
+  const url::SchemeHostPort server("https", "example.com", 443);
   AlternativeServiceMap alternative_service_map(/*max_size=*/5);
   EXPECT_TRUE(http_server_props_manager_->AddToAlternativeServiceMap(
-      host_port_pair, *server_dict, &alternative_service_map));
+      server, *server_dict, &alternative_service_map));
 
-  AlternativeServiceMap::iterator it =
-      alternative_service_map.Get(host_port_pair);
+  AlternativeServiceMap::iterator it = alternative_service_map.Get(server);
   ASSERT_NE(alternative_service_map.end(), it);
   AlternativeServiceInfoVector alternative_service_info_vector = it->second;
   ASSERT_EQ(3u, alternative_service_info_vector.size());
@@ -1189,9 +1229,9 @@ TEST_P(HttpServerPropertiesManagerTest,
   alternative_service_info_vector.push_back(
       AlternativeServiceInfo(valid_alternative_service, time_one_day_later));
 
-  const HostPortPair host_port_pair("www.example.com", 443);
+  const url::SchemeHostPort server("https", "www.example.com", 443);
   http_server_props_manager_->SetAlternativeServices(
-      host_port_pair, alternative_service_info_vector);
+      server, alternative_service_info_vector);
 
   // Update cache.
   ExpectPrefsUpdate();
@@ -1209,8 +1249,9 @@ TEST_P(HttpServerPropertiesManagerTest,
   ASSERT_TRUE((*it)->GetAsDictionary(&server_pref_dict));
 
   const base::DictionaryValue* example_pref_dict;
+
   ASSERT_TRUE(server_pref_dict->GetDictionaryWithoutPathExpansion(
-      "www.example.com:443", &example_pref_dict));
+      "https://www.example.com", &example_pref_dict));
 
   const base::ListValue* altsvc_list;
   ASSERT_TRUE(example_pref_dict->GetList("alternative_service", &altsvc_list));
@@ -1227,7 +1268,8 @@ TEST_P(HttpServerPropertiesManagerTest,
 
 // Test that expired alternative service entries on disk are ignored.
 TEST_P(HttpServerPropertiesManagerTest, DoNotLoadExpiredAlternativeService) {
-  scoped_ptr<base::ListValue> alternative_service_list(new base::ListValue);
+  std::unique_ptr<base::ListValue> alternative_service_list(
+      new base::ListValue);
   base::DictionaryValue* expired_dict = new base::DictionaryValue;
   expired_dict->SetString("protocol_str", "npn-h2");
   expired_dict->SetString("host", "expired.example.com");
@@ -1250,13 +1292,12 @@ TEST_P(HttpServerPropertiesManagerTest, DoNotLoadExpiredAlternativeService) {
   server_pref_dict.SetWithoutPathExpansion("alternative_service",
                                            alternative_service_list.release());
 
-  const HostPortPair host_port_pair("example.com", 443);
+  const url::SchemeHostPort server("https", "example.com", 443);
   AlternativeServiceMap alternative_service_map(/*max_size=*/5);
   ASSERT_TRUE(http_server_props_manager_->AddToAlternativeServiceMap(
-      host_port_pair, server_pref_dict, &alternative_service_map));
+      server, server_pref_dict, &alternative_service_map));
 
-  AlternativeServiceMap::iterator it =
-      alternative_service_map.Get(host_port_pair);
+  AlternativeServiceMap::iterator it = alternative_service_map.Get(server);
   ASSERT_NE(alternative_service_map.end(), it);
   AlternativeServiceInfoVector alternative_service_info_vector = it->second;
   ASSERT_EQ(1u, alternative_service_info_vector.size());
diff --git a/chromium/net/http/http_stream.h b/chromium/net/http/http_stream.h
index 096dd462299..8aeec0650ab 100644
--- a/chromium/net/http/http_stream.h
+++ b/chromium/net/http/http_stream.h
@@ -13,10 +13,10 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <vector>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/completion_callback.h"
 #include "net/base/net_error_details.h"
 #include "net/base/net_errors.h"
diff --git a/chromium/net/http/http_stream_factory.cc b/chromium/net/http/http_stream_factory.cc
index 6ea3224dc96..b0f1780a762 100644
--- a/chromium/net/http/http_stream_factory.cc
+++ b/chromium/net/http/http_stream_factory.cc
@@ -11,6 +11,7 @@
 #include "base/time/time.h"
 #include "net/base/host_mapping_rules.h"
 #include "net/base/host_port_pair.h"
+#include "net/base/parse_number.h"
 #include "net/base/port_util.h"
 #include "net/http/http_network_session.h"
 #include "net/http/http_response_headers.h"
@@ -36,15 +37,14 @@ void HttpStreamFactory::ResetStaticSettingsToInit() {
 void HttpStreamFactory::ProcessAlternativeServices(
     HttpNetworkSession* session,
     const HttpResponseHeaders* headers,
-    const HostPortPair& http_host_port_pair) {
+    const url::SchemeHostPort& http_server) {
   if (session->params().parse_alternative_services) {
     if (headers->HasHeader(kAlternativeServiceHeader)) {
       std::string alternative_service_str;
       headers->GetNormalizedHeader(kAlternativeServiceHeader,
                                    &alternative_service_str);
       ProcessAlternativeService(session->http_server_properties(),
-                                alternative_service_str, http_host_port_pair,
-                                *session);
+                                alternative_service_str, http_server, *session);
     }
     // If "Alt-Svc" is enabled, then ignore "Alternate-Protocol".
     return;
@@ -66,8 +66,7 @@ void HttpStreamFactory::ProcessAlternativeServices(
   }
 
   ProcessAlternateProtocol(session->http_server_properties(),
-                           alternate_protocol_values, http_host_port_pair,
-                           *session);
+                           alternate_protocol_values, http_server, *session);
 }
 
 GURL HttpStreamFactory::ApplyHostMappingRules(const GURL& url,
@@ -89,7 +88,7 @@ HttpStreamFactory::HttpStreamFactory() {}
 void HttpStreamFactory::ProcessAlternativeService(
     const base::WeakPtr<HttpServerProperties>& http_server_properties,
     base::StringPiece alternative_service_str,
-    const HostPortPair& http_host_port_pair,
+    const url::SchemeHostPort& http_server,
     const HttpNetworkSession& session) {
   SpdyAltSvcWireFormat::AlternativeServiceVector alternative_service_vector;
   if (!SpdyAltSvcWireFormat::ParseHeaderFieldValue(
@@ -139,13 +138,13 @@ void HttpStreamFactory::ProcessAlternativeService(
   }
 
   http_server_properties->SetAlternativeServices(
-      RewriteHost(http_host_port_pair), alternative_service_info_vector);
+      RewriteHost(http_server), alternative_service_info_vector);
 }
 
 void HttpStreamFactory::ProcessAlternateProtocol(
     const base::WeakPtr<HttpServerProperties>& http_server_properties,
     const std::vector<std::string>& alternate_protocol_values,
-    const HostPortPair& http_host_port_pair,
+    const url::SchemeHostPort& http_server,
     const HttpNetworkSession& session) {
   AlternateProtocol protocol = UNINITIALIZED_ALTERNATE_PROTOCOL;
   int port = 0;
@@ -168,7 +167,8 @@ void HttpStreamFactory::ProcessAlternateProtocol(
       break;
     }
 
-    if (!base::StringToInt(port_protocol_vector[0], &port) ||
+    if (!ParseInt32(port_protocol_vector[0], ParseIntFormat::NON_NEGATIVE,
+                    &port) ||
         port == 0 || !IsPortValid(port)) {
       DVLOG(1) << kAlternateProtocolHeader
                << " header has unrecognizable port: "
@@ -190,21 +190,24 @@ void HttpStreamFactory::ProcessAlternateProtocol(
   }
 
   if (!is_valid || protocol == UNINITIALIZED_ALTERNATE_PROTOCOL) {
-    http_server_properties->ClearAlternativeServices(http_host_port_pair);
+    http_server_properties->ClearAlternativeServices(http_server);
     return;
   }
 
   http_server_properties->SetAlternativeService(
-      RewriteHost(http_host_port_pair),
+      RewriteHost(http_server),
       AlternativeService(protocol, "", static_cast<uint16_t>(port)),
       base::Time::Now() + base::TimeDelta::FromDays(30));
 }
 
-HostPortPair HttpStreamFactory::RewriteHost(HostPortPair host_port_pair) {
+url::SchemeHostPort HttpStreamFactory::RewriteHost(
+    const url::SchemeHostPort& server) {
+  HostPortPair host_port_pair(server.host(), server.port());
   const HostMappingRules* mapping_rules = GetHostMappingRules();
   if (mapping_rules)
     mapping_rules->RewriteHost(&host_port_pair);
-  return host_port_pair;
+  return url::SchemeHostPort(server.scheme(), host_port_pair.host(),
+                             host_port_pair.port());
 }
 
 }  // namespace net
diff --git a/chromium/net/http/http_stream_factory.h b/chromium/net/http/http_stream_factory.h
index 59956e1c24f..6371a6e7359 100644
--- a/chromium/net/http/http_stream_factory.h
+++ b/chromium/net/http/http_stream_factory.h
@@ -203,7 +203,7 @@ class NET_EXPORT HttpStreamFactory {
 
   void ProcessAlternativeServices(HttpNetworkSession* session,
                                   const HttpResponseHeaders* headers,
-                                  const HostPortPair& http_host_port_pair);
+                                  const url::SchemeHostPort& http_server);
 
   GURL ApplyHostMappingRules(const GURL& url, HostPortPair* endpoint);
 
@@ -244,9 +244,7 @@ class NET_EXPORT HttpStreamFactory {
 
   // Requests that enough connections for |num_streams| be opened.
   virtual void PreconnectStreams(int num_streams,
-                                 const HttpRequestInfo& info,
-                                 const SSLConfig& server_ssl_config,
-                                 const SSLConfig& proxy_ssl_config) = 0;
+                                 const HttpRequestInfo& info) = 0;
 
   virtual const HostMappingRules* GetHostMappingRules() const = 0;
 
@@ -270,18 +268,18 @@ class NET_EXPORT HttpStreamFactory {
   void ProcessAlternativeService(
       const base::WeakPtr<HttpServerProperties>& http_server_properties,
       base::StringPiece alternative_service_str,
-      const HostPortPair& http_host_port_pair,
+      const url::SchemeHostPort& http_server,
       const HttpNetworkSession& session);
 
   void ProcessAlternateProtocol(
       const base::WeakPtr<HttpServerProperties>& http_server_properties,
       const std::vector<std::string>& alternate_protocol_values,
-      const HostPortPair& http_host_port_pair,
+      const url::SchemeHostPort& http_server,
       const HttpNetworkSession& session);
 
   static bool spdy_enabled_;
 
-  HostPortPair RewriteHost(HostPortPair host_port_pair);
+  url::SchemeHostPort RewriteHost(const url::SchemeHostPort& server);
 
   DISALLOW_COPY_AND_ASSIGN(HttpStreamFactory);
 };
diff --git a/chromium/net/http/http_stream_factory_impl.cc b/chromium/net/http/http_stream_factory_impl.cc
index d160c317468..8b916580d9a 100644
--- a/chromium/net/http/http_stream_factory_impl.cc
+++ b/chromium/net/http/http_stream_factory_impl.cc
@@ -98,11 +98,12 @@ HttpStreamRequest* HttpStreamFactoryImpl::RequestStreamInternal(
   Request* request = new Request(request_info.url, this, delegate,
                                  websocket_handshake_stream_create_helper,
                                  net_log, stream_type);
-  HostPortPair server = HostPortPair::FromURL(request_info.url);
-  GURL origin_url = ApplyHostMappingRules(request_info.url, &server);
+  HostPortPair destination(HostPortPair::FromURL(request_info.url));
+  GURL origin_url = ApplyHostMappingRules(request_info.url, &destination);
 
-  Job* job = new Job(this, session_, request_info, priority, server_ssl_config,
-                     proxy_ssl_config, server, origin_url, net_log.net_log());
+  Job* job =
+      new Job(this, session_, request_info, priority, server_ssl_config,
+              proxy_ssl_config, destination, origin_url, net_log.net_log());
   request->AttachJob(job);
 
   const AlternativeService alternative_service =
@@ -115,13 +116,14 @@ HttpStreamRequest* HttpStreamFactoryImpl::RequestStreamInternal(
              << " port: " << alternative_service.host_port_pair().port() << ")";
 
     DCHECK(!request_info.url.SchemeIs("ftp"));
-    HostPortPair server = alternative_service.host_port_pair();
-    GURL origin_url = ApplyHostMappingRules(request_info.url, &server);
+    HostPortPair alternative_destination(alternative_service.host_port_pair());
+    ignore_result(
+        ApplyHostMappingRules(request_info.url, &alternative_destination));
 
     Job* alternative_job =
         new Job(this, session_, request_info, priority, server_ssl_config,
-                proxy_ssl_config, server, origin_url, alternative_service,
-                net_log.net_log());
+                proxy_ssl_config, alternative_destination, origin_url,
+                alternative_service, net_log.net_log());
     request->AttachJob(alternative_job);
 
     job->WaitFor(alternative_job);
@@ -140,32 +142,36 @@ HttpStreamRequest* HttpStreamFactoryImpl::RequestStreamInternal(
 
 void HttpStreamFactoryImpl::PreconnectStreams(
     int num_streams,
-    const HttpRequestInfo& request_info,
-    const SSLConfig& server_ssl_config,
-    const SSLConfig& proxy_ssl_config) {
+    const HttpRequestInfo& request_info) {
+  SSLConfig server_ssl_config;
+  SSLConfig proxy_ssl_config;
+  session_->GetSSLConfig(request_info, &server_ssl_config, &proxy_ssl_config);
+  // All preconnects should perform EV certificate verification.
+  server_ssl_config.verify_ev_cert = true;
+  proxy_ssl_config.verify_ev_cert = true;
+
   DCHECK(!for_websockets_);
   AlternativeService alternative_service = GetAlternativeServiceFor(
       request_info, nullptr, HttpStreamRequest::HTTP_STREAM);
-  HostPortPair server;
+  HostPortPair destination(HostPortPair::FromURL(request_info.url));
+  GURL origin_url = ApplyHostMappingRules(request_info.url, &destination);
   if (alternative_service.protocol != UNINITIALIZED_ALTERNATE_PROTOCOL) {
-    server = alternative_service.host_port_pair();
     if (session_->params().quic_disable_preconnect_if_0rtt &&
         alternative_service.protocol == QUIC &&
         session_->quic_stream_factory()->ZeroRTTEnabledFor(QuicServerId(
             alternative_service.host_port_pair(), request_info.privacy_mode))) {
       return;
     }
-  } else {
-    server = HostPortPair::FromURL(request_info.url);
+    destination = alternative_service.host_port_pair();
+    ignore_result(ApplyHostMappingRules(request_info.url, &destination));
   }
-  GURL origin_url = ApplyHostMappingRules(request_info.url, &server);
   // Due to how the socket pools handle priorities and idle sockets, only IDLE
   // priority currently makes sense for preconnects. The priority for
   // preconnects is currently ignored (see RequestSocketsForPool()), but could
   // be used at some point for proxy resolution or something.
   Job* job = new Job(this, session_, request_info, IDLE, server_ssl_config,
-                     proxy_ssl_config, server, origin_url, alternative_service,
-                     session_->net_log());
+                     proxy_ssl_config, destination, origin_url,
+                     alternative_service, session_->net_log());
   preconnect_job_set_.insert(job);
   job->Preconnect(num_streams);
 }
@@ -183,7 +189,11 @@ AlternativeService HttpStreamFactoryImpl::GetAlternativeServiceFor(
   if (original_url.SchemeIs("ftp"))
     return AlternativeService();
 
-  HostPortPair origin = HostPortPair::FromURL(original_url);
+  if (!session_->params().enable_alternative_service_for_insecure_origins &&
+      !original_url.SchemeIs("https"))
+    return AlternativeService();
+
+  url::SchemeHostPort origin(original_url);
   HttpServerProperties& http_server_properties =
       *session_->http_server_properties();
   const AlternativeServiceVector alternative_service_vector =
@@ -226,12 +236,15 @@ AlternativeService HttpStreamFactoryImpl::GetAlternativeServiceFor(
          origin.port() < kUnrestrictedPort))
       continue;
 
-    origin.set_port(alternative_service.port);
     if (alternative_service.protocol >= NPN_SPDY_MINIMUM_VERSION &&
         alternative_service.protocol <= NPN_SPDY_MAXIMUM_VERSION) {
       if (!HttpStreamFactory::spdy_enabled())
         continue;
 
+      // TODO(bnc): Re-enable when https://crbug.com/615413 is fixed.
+      if (origin.host() != alternative_service.host)
+        continue;
+
       // Cache this entry if we don't have a non-broken Alt-Svc yet.
       if (first_alternative_service.protocol ==
           UNINITIALIZED_ALTERNATE_PROTOCOL)
@@ -252,20 +265,25 @@ AlternativeService HttpStreamFactoryImpl::GetAlternativeServiceFor(
       continue;
     }
 
-    if (session_->quic_stream_factory()->IsQuicDisabled(origin.port()))
+    if (session_->quic_stream_factory()->IsQuicDisabled(
+            alternative_service.port))
       continue;
 
     if (!original_url.SchemeIs("https"))
       continue;
 
-    // Check whether there's an existing session to use for this QUIC Alt-Svc.
-    HostPortPair destination = alternative_service.host_port_pair();
-    std::string origin_host =
-        ApplyHostMappingRules(request_info.url, &destination).host();
-    QuicServerId server_id(destination, request_info.privacy_mode);
-    if (session_->quic_stream_factory()->CanUseExistingSession(
-            server_id, request_info.privacy_mode, origin_host))
+    // Check whether there is an existing QUIC session to use for this origin.
+    HostPortPair mapped_origin(origin.host(), origin.port());
+    ignore_result(ApplyHostMappingRules(original_url, &mapped_origin));
+    QuicServerId server_id(mapped_origin, request_info.privacy_mode);
+
+    HostPortPair destination(alternative_service.host_port_pair());
+    ignore_result(ApplyHostMappingRules(original_url, &destination));
+
+    if (session_->quic_stream_factory()->CanUseExistingSession(server_id,
+                                                               destination)) {
       return alternative_service;
+    }
 
     // Cache this entry if we don't have a non-broken Alt-Svc yet.
     if (first_alternative_service.protocol == UNINITIALIZED_ALTERNATE_PROTOCOL)
diff --git a/chromium/net/http/http_stream_factory_impl.h b/chromium/net/http/http_stream_factory_impl.h
index 97a9a6c9b1d..4e20033bc20 100644
--- a/chromium/net/http/http_stream_factory_impl.h
+++ b/chromium/net/http/http_stream_factory_impl.h
@@ -59,10 +59,7 @@ class NET_EXPORT_PRIVATE HttpStreamFactoryImpl : public HttpStreamFactory {
       HttpStreamRequest::Delegate* delegate,
       const BoundNetLog& net_log) override;
 
-  void PreconnectStreams(int num_streams,
-                         const HttpRequestInfo& info,
-                         const SSLConfig& server_ssl_config,
-                         const SSLConfig& proxy_ssl_config) override;
+  void PreconnectStreams(int num_streams, const HttpRequestInfo& info) override;
   const HostMappingRules* GetHostMappingRules() const override;
 
   size_t num_orphaned_jobs() const { return orphaned_job_set_.size(); }
diff --git a/chromium/net/http/http_stream_factory_impl_job.cc b/chromium/net/http/http_stream_factory_impl_job.cc
index 8da356fdac3..0f0d3bfe045 100644
--- a/chromium/net/http/http_stream_factory_impl_job.cc
+++ b/chromium/net/http/http_stream_factory_impl_job.cc
@@ -20,7 +20,7 @@
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/trace_event/trace_event.h"
 #include "base/values.h"
 #include "build/build_config.h"
@@ -66,7 +66,7 @@ void RecordChannelIDKeyMatch(SSLClientSocket* ssl_socket,
   ssl_socket->GetSSLInfo(&ssl_info);
   if (!ssl_info.channel_id_sent)
     return;
-  scoped_ptr<crypto::ECPrivateKey> request_key;
+  std::unique_ptr<crypto::ECPrivateKey> request_key;
   ChannelIDService::Request request;
   int result = channel_id_service->GetOrCreateChannelID(
       host, &request_key, base::Bind(&DoNothingAsyncCallback), &request);
@@ -114,14 +114,14 @@ void RecordChannelIDKeyMatch(SSLClientSocket* ssl_socket,
 }  // namespace
 
 // Returns parameters associated with the start of a HTTP stream job.
-scoped_ptr<base::Value> NetLogHttpStreamJobCallback(
+std::unique_ptr<base::Value> NetLogHttpStreamJobCallback(
     const NetLog::Source& source,
     const GURL* original_url,
     const GURL* url,
     const AlternativeService* alternative_service,
     RequestPriority priority,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   if (source.IsValid())
     source.AddToEventParameters(dict.get());
   dict->SetString("original_url", original_url->GetOrigin().spec());
@@ -132,21 +132,21 @@ scoped_ptr<base::Value> NetLogHttpStreamJobCallback(
 }
 
 // Returns parameters associated with the delay of the HTTP stream job.
-scoped_ptr<base::Value> NetLogHttpStreamJobDelayCallback(
+std::unique_ptr<base::Value> NetLogHttpStreamJobDelayCallback(
     base::TimeDelta delay,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetInteger("resume_after_ms", static_cast<int>(delay.InMilliseconds()));
   return std::move(dict);
 }
 
 // Returns parameters associated with the Proto (with NPN negotiation) of a HTTP
 // stream.
-scoped_ptr<base::Value> NetLogHttpStreamProtoCallback(
+std::unique_ptr<base::Value> NetLogHttpStreamProtoCallback(
     const SSLClientSocket::NextProtoStatus status,
     const std::string* proto,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
 
   dict->SetString("next_proto_status",
                   SSLClientSocket::NextProtoStatusToString(status));
@@ -160,7 +160,7 @@ HttpStreamFactoryImpl::Job::Job(HttpStreamFactoryImpl* stream_factory,
                                 RequestPriority priority,
                                 const SSLConfig& server_ssl_config,
                                 const SSLConfig& proxy_ssl_config,
-                                HostPortPair server,
+                                HostPortPair destination,
                                 GURL origin_url,
                                 NetLog* net_log)
     : Job(stream_factory,
@@ -169,7 +169,7 @@ HttpStreamFactoryImpl::Job::Job(HttpStreamFactoryImpl* stream_factory,
           priority,
           server_ssl_config,
           proxy_ssl_config,
-          server,
+          destination,
           origin_url,
           AlternativeService(),
           net_log) {}
@@ -180,7 +180,7 @@ HttpStreamFactoryImpl::Job::Job(HttpStreamFactoryImpl* stream_factory,
                                 RequestPriority priority,
                                 const SSLConfig& server_ssl_config,
                                 const SSLConfig& proxy_ssl_config,
-                                HostPortPair server,
+                                HostPortPair destination,
                                 GURL origin_url,
                                 AlternativeService alternative_service,
                                 NetLog* net_log)
@@ -196,7 +196,7 @@ HttpStreamFactoryImpl::Job::Job(HttpStreamFactoryImpl* stream_factory,
       stream_factory_(stream_factory),
       next_state_(STATE_NONE),
       pac_request_(NULL),
-      server_(server),
+      destination_(destination),
       origin_url_(origin_url),
       alternative_service_(alternative_service),
       blocking_job_(NULL),
@@ -218,6 +218,10 @@ HttpStreamFactoryImpl::Job::Job(HttpStreamFactoryImpl* stream_factory,
       ptr_factory_(this) {
   DCHECK(stream_factory);
   DCHECK(session);
+  if (IsSpdyAlternative() &&
+      !session_->params().enable_alternative_service_for_insecure_origins) {
+    DCHECK(origin_url_.SchemeIs("https"));
+  }
   if (IsQuicAlternative()) {
     DCHECK(session_->params().enable_quic);
     using_quic_ = true;
@@ -257,7 +261,7 @@ int HttpStreamFactoryImpl::Job::Preconnect(int num_streams) {
       session_->http_server_properties();
   if (http_server_properties &&
       http_server_properties->SupportsRequestPriority(
-          HostPortPair::FromURL(request_info_.url))) {
+          url::SchemeHostPort(request_info_.url))) {
     num_streams_ = 1;
   } else {
     num_streams_ = num_streams;
@@ -399,7 +403,7 @@ SpdySessionKey HttpStreamFactoryImpl::Job::GetSpdySessionKey() const {
     return SpdySessionKey(proxy_info_.proxy_server().host_port_pair(),
                           ProxyServer::Direct(), PRIVACY_MODE_DISABLED);
   }
-  return SpdySessionKey(server_, proxy_info_.proxy_server(),
+  return SpdySessionKey(destination_, proxy_info_.proxy_server(),
                         request_info_.privacy_mode);
 }
 
@@ -817,7 +821,8 @@ int HttpStreamFactoryImpl::Job::DoStart() {
   }
 
   // Don't connect to restricted ports.
-  if (!IsPortAllowedForScheme(server_.port(), request_info_.url.scheme())) {
+  if (!IsPortAllowedForScheme(destination_.port(),
+                              request_info_.url.scheme())) {
     if (waiting_job_) {
       waiting_job_->Resume(this, base::TimeDelta());
       waiting_job_ = NULL;
@@ -876,7 +881,7 @@ int HttpStreamFactoryImpl::Job::DoResolveProxyComplete(int result) {
         ProxyServer::SCHEME_HTTPS | ProxyServer::SCHEME_SOCKS4 |
         ProxyServer::SCHEME_SOCKS5;
 
-    if (session_->params().enable_quic_for_proxies)
+    if (session_->params().enable_quic)
       supported_proxies |= ProxyServer::SCHEME_QUIC;
 
     proxy_info_.RemoveProxiesWithoutScheme(supported_proxies);
@@ -907,7 +912,8 @@ int HttpStreamFactoryImpl::Job::DoResolveProxyComplete(int result) {
 
 bool HttpStreamFactoryImpl::Job::ShouldForceQuic() const {
   return session_->params().enable_quic &&
-         ContainsKey(session_->params().origins_to_force_quic_on, server_) &&
+         ContainsKey(session_->params().origins_to_force_quic_on,
+                     destination_) &&
          proxy_info_.is_direct() && origin_url_.SchemeIs("https");
 }
 
@@ -957,7 +963,7 @@ int HttpStreamFactoryImpl::Job::DoInitConnection() {
 
   if (proxy_info_.is_quic()) {
     using_quic_ = true;
-    DCHECK(session_->params().enable_quic_for_proxies);
+    DCHECK(session_->params().enable_quic);
   }
 
   if (proxy_info_.is_https() || proxy_info_.is_quic()) {
@@ -1003,7 +1009,7 @@ int HttpStreamFactoryImpl::Job::DoInitConnection() {
       // The certificate of a QUIC alternative server is expected to be valid
       // for the origin of the request (in addition to being valid for the
       // server itself).
-      destination = server_;
+      destination = destination_;
       ssl_config = &server_ssl_config_;
     }
     int rv =
@@ -1074,7 +1080,7 @@ int HttpStreamFactoryImpl::Job::DoInitConnection() {
   base::WeakPtr<HttpServerProperties> http_server_properties =
       session_->http_server_properties();
   if (http_server_properties) {
-    http_server_properties->MaybeForceHTTP11(server_, &server_ssl_config_);
+    http_server_properties->MaybeForceHTTP11(destination_, &server_ssl_config_);
     if (proxy_info_.is_http() || proxy_info_.is_https()) {
       http_server_properties->MaybeForceHTTP11(
           proxy_info_.proxy_server().host_port_pair(), &proxy_ssl_config_);
@@ -1084,7 +1090,7 @@ int HttpStreamFactoryImpl::Job::DoInitConnection() {
   if (IsPreconnecting()) {
     DCHECK(!stream_factory_->for_websockets_);
     return PreconnectSocketsForHttpRequest(
-        GetSocketGroup(), server_, request_info_.extra_headers,
+        GetSocketGroup(), destination_, request_info_.extra_headers,
         request_info_.load_flags, priority_, session_, proxy_info_, expect_spdy,
         server_ssl_config_, proxy_ssl_config_, request_info_.privacy_mode,
         net_log_, num_streams_);
@@ -1103,7 +1109,7 @@ int HttpStreamFactoryImpl::Job::DoInitConnection() {
     websocket_server_ssl_config.alpn_protos.clear();
     websocket_server_ssl_config.npn_protos.clear();
     return InitSocketHandleForWebSocketRequest(
-        GetSocketGroup(), server_, request_info_.extra_headers,
+        GetSocketGroup(), destination_, request_info_.extra_headers,
         request_info_.load_flags, priority_, session_, proxy_info_, expect_spdy,
         websocket_server_ssl_config, proxy_ssl_config_,
         request_info_.privacy_mode, net_log_, connection_.get(),
@@ -1111,7 +1117,7 @@ int HttpStreamFactoryImpl::Job::DoInitConnection() {
   }
 
   return InitSocketHandleForHttpRequest(
-      GetSocketGroup(), server_, request_info_.extra_headers,
+      GetSocketGroup(), destination_, request_info_.extra_headers,
       request_info_.load_flags, priority_, session_, proxy_info_, expect_spdy,
       server_ssl_config_, proxy_ssl_config_, request_info_.privacy_mode,
       net_log_, connection_.get(), resolution_callback, io_callback_);
@@ -1345,7 +1351,7 @@ int HttpStreamFactoryImpl::Job::DoCreateStream() {
     SSLClientSocket* ssl_socket =
         static_cast<SSLClientSocket*>(connection_->socket());
     RecordChannelIDKeyMatch(ssl_socket, session_->params().channel_id_service,
-                            server_.HostForURL());
+                            destination_.HostForURL());
   }
 
   // We only set the socket motivation if we're the first to use
@@ -1414,9 +1420,9 @@ int HttpStreamFactoryImpl::Job::DoCreateStream() {
   SSLInfo ssl_info;
   bool was_npn_negotiated;
   NextProto protocol_negotiated;
-  if (spdy_session->GetProtocolVersion() >= HTTP2 &&
-      spdy_session->GetSSLInfo(&ssl_info, &was_npn_negotiated,
-                               &protocol_negotiated)) {
+  if (spdy_session->GetSSLInfo(&ssl_info, &was_npn_negotiated,
+                               &protocol_negotiated) &&
+      spdy_session->GetProtocolVersion() >= HTTP2) {
     UMA_HISTOGRAM_SPARSE_SLOWLY(
         "Net.Http2SSLCipherSuite",
         SSLConnectionStatusToCipherSuite(ssl_info.connection_status));
@@ -1424,11 +1430,16 @@ int HttpStreamFactoryImpl::Job::DoCreateStream() {
 
   new_spdy_session_ = spdy_session;
   spdy_session_direct_ = direct;
-  const HostPortPair& host_port_pair = spdy_session_key.host_port_pair();
+  const HostPortPair host_port_pair = spdy_session_key.host_port_pair();
+  bool is_https = ssl_info.is_valid();
+  url::SchemeHostPort scheme_host_port(is_https ? "https" : "http",
+                                       host_port_pair.host(),
+                                       host_port_pair.port());
+
   base::WeakPtr<HttpServerProperties> http_server_properties =
       session_->http_server_properties();
   if (http_server_properties)
-    http_server_properties->SetSupportsSpdy(host_port_pair, true);
+    http_server_properties->SetSupportsSpdy(scheme_host_port, true);
 
   // Create a SpdyHttpStream or a BidirectionalStreamImpl attached to the
   // session; OnNewSpdySessionReadyCallback is not called until an event loop
@@ -1749,12 +1760,13 @@ int HttpStreamFactoryImpl::Job::ValidSpdySessionPool::FindAvailableSession(
 }
 
 int HttpStreamFactoryImpl::Job::ValidSpdySessionPool::
-    CreateAvailableSessionFromSocket(const SpdySessionKey& key,
-                                     scoped_ptr<ClientSocketHandle> connection,
-                                     const BoundNetLog& net_log,
-                                     int certificate_error_code,
-                                     bool is_secure,
-                                     base::WeakPtr<SpdySession>* spdy_session) {
+    CreateAvailableSessionFromSocket(
+        const SpdySessionKey& key,
+        std::unique_ptr<ClientSocketHandle> connection,
+        const BoundNetLog& net_log,
+        int certificate_error_code,
+        bool is_secure,
+        base::WeakPtr<SpdySession>* spdy_session) {
   TRACE_EVENT0(TRACE_DISABLED_BY_DEFAULT("net"),
                "HttpStreamFactoryImpl::Job::CreateAvailableSessionFromSocket");
   *spdy_session = spdy_session_pool_->CreateAvailableSessionFromSocket(
@@ -1765,7 +1777,7 @@ int HttpStreamFactoryImpl::Job::ValidSpdySessionPool::
 int HttpStreamFactoryImpl::Job::ValidSpdySessionPool::
     CheckAlternativeServiceValidityForOrigin(
         base::WeakPtr<SpdySession> spdy_session) {
-  // For an alternative Job, server_.host() might be different than
+  // For an alternative Job, destination_.host() might be different than
   // origin_url_.host(), therefore it needs to be verified that the former
   // provides a certificate that is valid for the latter.
   if (!is_spdy_alternative_ || !spdy_session ||
diff --git a/chromium/net/http/http_stream_factory_impl_job.h b/chromium/net/http/http_stream_factory_impl_job.h
index 17519741959..c7c69f06027 100644
--- a/chromium/net/http/http_stream_factory_impl_job.h
+++ b/chromium/net/http/http_stream_factory_impl_job.h
@@ -5,9 +5,10 @@
 #ifndef NET_HTTP_HTTP_STREAM_FACTORY_IMPL_JOB_H_
 #define NET_HTTP_HTTP_STREAM_FACTORY_IMPL_JOB_H_
 
+#include <memory>
+
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "base/time/time.h"
 #include "net/base/completion_callback.h"
@@ -46,7 +47,7 @@ class HttpStreamFactoryImpl::Job {
       RequestPriority priority,
       const SSLConfig& server_ssl_config,
       const SSLConfig& proxy_ssl_config,
-      HostPortPair server,
+      HostPortPair destination,
       GURL origin_url,
       NetLog* net_log);
   // Constructor for alternative Job.
@@ -56,7 +57,7 @@ class HttpStreamFactoryImpl::Job {
       RequestPriority priority,
       const SSLConfig& server_ssl_config,
       const SSLConfig& proxy_ssl_config,
-      HostPortPair server,
+      HostPortPair destination,
       GURL origin_url,
       AlternativeService alternative_service,
       NetLog* net_log);
@@ -185,7 +186,7 @@ class HttpStreamFactoryImpl::Job {
     // |spdy_session| should not be used.
     int CreateAvailableSessionFromSocket(
         const SpdySessionKey& key,
-        scoped_ptr<ClientSocketHandle> connection,
+        std::unique_ptr<ClientSocketHandle> connection,
         const BoundNetLog& net_log,
         int certificate_error_code,
         bool is_secure,
@@ -327,7 +328,7 @@ class HttpStreamFactoryImpl::Job {
   const BoundNetLog net_log_;
 
   CompletionCallback io_callback_;
-  scoped_ptr<ClientSocketHandle> connection_;
+  std::unique_ptr<ClientSocketHandle> connection_;
   HttpNetworkSession* const session_;
   HttpStreamFactoryImpl* const stream_factory_;
   State next_state_;
@@ -335,8 +336,8 @@ class HttpStreamFactoryImpl::Job {
   SSLInfo ssl_info_;
 
   // The server we are trying to reach, could be that of the origin or of the
-  // alternative service.
-  HostPortPair server_;
+  // alternative service (after applying host mapping rules).
+  HostPortPair destination_;
 
   // The origin url we're trying to reach. This url may be different from the
   // original request when host mapping rules are set-up.
@@ -385,9 +386,9 @@ class HttpStreamFactoryImpl::Job {
   // read from the socket until the tunnel is done.
   bool establishing_tunnel_;
 
-  scoped_ptr<HttpStream> stream_;
-  scoped_ptr<WebSocketHandshakeStreamBase> websocket_stream_;
-  scoped_ptr<BidirectionalStreamImpl> bidirectional_stream_impl_;
+  std::unique_ptr<HttpStream> stream_;
+  std::unique_ptr<WebSocketHandshakeStreamBase> websocket_stream_;
+  std::unique_ptr<BidirectionalStreamImpl> bidirectional_stream_impl_;
 
   // True if we negotiated NPN.
   bool was_npn_negotiated_;
@@ -399,7 +400,7 @@ class HttpStreamFactoryImpl::Job {
   // preconnect.
   int num_streams_;
 
-  scoped_ptr<ValidSpdySessionPool> valid_spdy_session_pool_;
+  std::unique_ptr<ValidSpdySessionPool> valid_spdy_session_pool_;
 
   // Initialized when we create a new SpdySession.
   base::WeakPtr<SpdySession> new_spdy_session_;
diff --git a/chromium/net/http/http_stream_factory_impl_request.cc b/chromium/net/http/http_stream_factory_impl_request.cc
index 7c5cbc92ab5..923e9e0ebe7 100644
--- a/chromium/net/http/http_stream_factory_impl_request.cc
+++ b/chromium/net/http/http_stream_factory_impl_request.cc
@@ -271,8 +271,8 @@ bool HttpStreamFactoryImpl::Request::HasSpdySessionKey() const {
 // request which spawned it).
 void HttpStreamFactoryImpl::Request::OnNewSpdySessionReady(
     Job* job,
-    scoped_ptr<HttpStream> stream,
-    scoped_ptr<BidirectionalStreamImpl> bidirectional_stream_impl,
+    std::unique_ptr<HttpStream> stream,
+    std::unique_ptr<BidirectionalStreamImpl> bidirectional_stream_impl,
     const base::WeakPtr<SpdySession>& spdy_session,
     bool direct) {
   DCHECK(job);
diff --git a/chromium/net/http/http_stream_factory_impl_request.h b/chromium/net/http/http_stream_factory_impl_request.h
index a84615fc54b..d6371563161 100644
--- a/chromium/net/http/http_stream_factory_impl_request.h
+++ b/chromium/net/http/http_stream_factory_impl_request.h
@@ -5,10 +5,10 @@
 #ifndef NET_HTTP_HTTP_STREAM_FACTORY_IMPL_REQUEST_H_
 #define NET_HTTP_HTTP_STREAM_FACTORY_IMPL_REQUEST_H_
 
+#include <memory>
 #include <set>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/http/http_stream_factory_impl.h"
 #include "net/log/net_log.h"
 #include "net/socket/connection_attempts.h"
@@ -67,8 +67,8 @@ class HttpStreamFactoryImpl::Request : public HttpStreamRequest {
   // HttpStreamRequest::BIDIRECTIONAL_STREAM.
   void OnNewSpdySessionReady(
       Job* job,
-      scoped_ptr<HttpStream> stream,
-      scoped_ptr<BidirectionalStreamImpl> bidirectional_stream_spdy_impl,
+      std::unique_ptr<HttpStream> stream,
+      std::unique_ptr<BidirectionalStreamImpl> bidirectional_stream_spdy_impl,
       const base::WeakPtr<SpdySession>& spdy_session,
       bool direct);
 
@@ -152,9 +152,9 @@ class HttpStreamFactoryImpl::Request : public HttpStreamRequest {
   const BoundNetLog net_log_;
 
   // At the point where Job is irrevocably tied to the Request, we set this.
-  scoped_ptr<Job> bound_job_;
+  std::unique_ptr<Job> bound_job_;
   std::set<HttpStreamFactoryImpl::Job*> jobs_;
-  scoped_ptr<const SpdySessionKey> spdy_session_key_;
+  std::unique_ptr<const SpdySessionKey> spdy_session_key_;
 
   bool completed_;
   bool was_npn_negotiated_;
diff --git a/chromium/net/http/http_stream_factory_impl_request_unittest.cc b/chromium/net/http/http_stream_factory_impl_request_unittest.cc
index 6a08a00ffae..06c9445170c 100644
--- a/chromium/net/http/http_stream_factory_impl_request_unittest.cc
+++ b/chromium/net/http/http_stream_factory_impl_request_unittest.cc
@@ -4,7 +4,8 @@
 
 #include "net/http/http_stream_factory_impl_request.h"
 
-#include "base/memory/scoped_ptr.h"
+#include <memory>
+
 #include "net/http/http_stream_factory_impl_job.h"
 #include "net/proxy/proxy_info.h"
 #include "net/proxy/proxy_service.h"
@@ -70,7 +71,7 @@ TEST_P(HttpStreamFactoryImplRequestTest, SetPriority) {
   SpdySessionDependencies session_deps(GetParam(),
                                        ProxyService::CreateDirect());
 
-  scoped_ptr<HttpNetworkSession> session =
+  std::unique_ptr<HttpNetworkSession> session =
       SpdySessionDependencies::SpdyCreateSession(&session_deps);
   HttpStreamFactoryImpl* factory =
       static_cast<HttpStreamFactoryImpl*>(session->http_stream_factory());
@@ -105,7 +106,7 @@ TEST_P(HttpStreamFactoryImplRequestTest, DelayMainJob) {
   SpdySessionDependencies session_deps(GetParam(),
                                        ProxyService::CreateDirect());
 
-  scoped_ptr<HttpNetworkSession> session =
+  std::unique_ptr<HttpNetworkSession> session =
       SpdySessionDependencies::SpdyCreateSession(&session_deps);
 
   StaticSocketDataProvider socket_data;
diff --git a/chromium/net/http/http_stream_factory_impl_unittest.cc b/chromium/net/http/http_stream_factory_impl_unittest.cc
index f95ea511fa3..8ee9657a00e 100644
--- a/chromium/net/http/http_stream_factory_impl_unittest.cc
+++ b/chromium/net/http/http_stream_factory_impl_unittest.cc
@@ -121,8 +121,8 @@ class MockWebSocketHandshakeStream : public WebSocketHandshakeStreamBase {
   UploadProgress GetUploadProgress() const override { return UploadProgress(); }
   HttpStream* RenewStreamForAuth() override { return nullptr; }
 
-  scoped_ptr<WebSocketStream> Upgrade() override {
-    return scoped_ptr<WebSocketStream>();
+  std::unique_ptr<WebSocketStream> Upgrade() override {
+    return std::unique_ptr<WebSocketStream>();
   }
 
  private:
@@ -262,9 +262,9 @@ class StreamRequestWaiter : public HttpStreamRequest::Delegate {
  private:
   bool waiting_for_stream_;
   bool stream_done_;
-  scoped_ptr<HttpStream> stream_;
-  scoped_ptr<WebSocketHandshakeStreamBase> websocket_stream_;
-  scoped_ptr<BidirectionalStreamImpl> bidirectional_stream_impl_;
+  std::unique_ptr<HttpStream> stream_;
+  std::unique_ptr<WebSocketHandshakeStreamBase> websocket_stream_;
+  std::unique_ptr<BidirectionalStreamImpl> bidirectional_stream_impl_;
   SSLConfig used_ssl_config_;
   ProxyInfo used_proxy_info_;
   int error_status_;
@@ -290,7 +290,7 @@ class WebSocketSpdyHandshakeStream : public MockWebSocketHandshakeStream {
 class WebSocketBasicHandshakeStream : public MockWebSocketHandshakeStream {
  public:
   explicit WebSocketBasicHandshakeStream(
-      scoped_ptr<ClientSocketHandle> connection)
+      std::unique_ptr<ClientSocketHandle> connection)
       : MockWebSocketHandshakeStream(kStreamTypeBasic),
         connection_(std::move(connection)) {}
 
@@ -301,7 +301,7 @@ class WebSocketBasicHandshakeStream : public MockWebSocketHandshakeStream {
   ClientSocketHandle* connection() { return connection_.get(); }
 
  private:
-  scoped_ptr<ClientSocketHandle> connection_;
+  std::unique_ptr<ClientSocketHandle> connection_;
 };
 
 class WebSocketStreamCreateHelper
@@ -310,7 +310,7 @@ class WebSocketStreamCreateHelper
   ~WebSocketStreamCreateHelper() override {}
 
   WebSocketHandshakeStreamBase* CreateBasicStream(
-      scoped_ptr<ClientSocketHandle> connection,
+      std::unique_ptr<ClientSocketHandle> connection,
       bool using_proxy) override {
     return new WebSocketBasicHandshakeStream(std::move(connection));
   }
@@ -340,17 +340,14 @@ void PreconnectHelperForURL(int num_streams,
   HttpNetworkSessionPeer peer(session);
   MockHttpStreamFactoryImplForPreconnect* mock_factory =
       new MockHttpStreamFactoryImplForPreconnect(session);
-  peer.SetHttpStreamFactory(scoped_ptr<HttpStreamFactory>(mock_factory));
-  SSLConfig ssl_config;
-  session->ssl_config_service()->GetSSLConfig(&ssl_config);
+  peer.SetHttpStreamFactory(std::unique_ptr<HttpStreamFactory>(mock_factory));
 
   HttpRequestInfo request;
   request.method = "GET";
   request.url = url;
   request.load_flags = 0;
 
-  session->http_stream_factory()->PreconnectStreams(num_streams, request,
-                                                    ssl_config, ssl_config);
+  session->http_stream_factory()->PreconnectStreams(num_streams, request);
   mock_factory->WaitForPreconnects();
 }
 
@@ -394,7 +391,7 @@ class CapturePreconnectsSocketPool : public ParentPool {
     ADD_FAILURE();
   }
   void ReleaseSocket(const std::string& group_name,
-                     scoped_ptr<StreamSocket> socket,
+                     std::unique_ptr<StreamSocket> socket,
                      int id) override {
     ADD_FAILURE();
   }
@@ -433,8 +430,8 @@ template <typename ParentPool>
 CapturePreconnectsSocketPool<ParentPool>::CapturePreconnectsSocketPool(
     HostResolver* host_resolver,
     CertVerifier* /* cert_verifier */)
-    : ParentPool(0, 0, host_resolver, nullptr, nullptr), last_num_streams_(-1) {
-}
+    : ParentPool(0, 0, host_resolver, nullptr, nullptr, nullptr),
+      last_num_streams_(-1) {}
 
 template <>
 CapturePreconnectsHttpProxySocketPool::CapturePreconnectsSocketPool(
@@ -478,7 +475,7 @@ TEST_P(HttpStreamFactoryTest, PreconnectDirect) {
   for (size_t i = 0; i < arraysize(kTests); ++i) {
     SpdySessionDependencies session_deps(
         GetParam(), ProxyService::CreateDirect());
-    scoped_ptr<HttpNetworkSession> session(
+    std::unique_ptr<HttpNetworkSession> session(
         SpdySessionDependencies::SpdyCreateSession(&session_deps));
     HttpNetworkSessionPeer peer(session.get());
     CapturePreconnectsTransportSocketPool* transport_conn_pool =
@@ -489,7 +486,7 @@ TEST_P(HttpStreamFactoryTest, PreconnectDirect) {
         new CapturePreconnectsSSLSocketPool(
             session_deps.host_resolver.get(),
             session_deps.cert_verifier.get());
-    scoped_ptr<MockClientSocketPoolManager> mock_pool_manager(
+    std::unique_ptr<MockClientSocketPoolManager> mock_pool_manager(
         new MockClientSocketPoolManager);
     mock_pool_manager->SetTransportSocketPool(transport_conn_pool);
     mock_pool_manager->SetSSLSocketPool(ssl_conn_pool);
@@ -506,7 +503,7 @@ TEST_P(HttpStreamFactoryTest, PreconnectHttpProxy) {
   for (size_t i = 0; i < arraysize(kTests); ++i) {
     SpdySessionDependencies session_deps(
         GetParam(), ProxyService::CreateFixed("http_proxy"));
-    scoped_ptr<HttpNetworkSession> session(
+    std::unique_ptr<HttpNetworkSession> session(
         SpdySessionDependencies::SpdyCreateSession(&session_deps));
     HttpNetworkSessionPeer peer(session.get());
     HostPortPair proxy_host("http_proxy", 80);
@@ -518,7 +515,7 @@ TEST_P(HttpStreamFactoryTest, PreconnectHttpProxy) {
         new CapturePreconnectsSSLSocketPool(
             session_deps.host_resolver.get(),
             session_deps.cert_verifier.get());
-    scoped_ptr<MockClientSocketPoolManager> mock_pool_manager(
+    std::unique_ptr<MockClientSocketPoolManager> mock_pool_manager(
         new MockClientSocketPoolManager);
     mock_pool_manager->SetSocketPoolForHTTPProxy(proxy_host, http_proxy_pool);
     mock_pool_manager->SetSocketPoolForSSLWithProxy(proxy_host, ssl_conn_pool);
@@ -535,7 +532,7 @@ TEST_P(HttpStreamFactoryTest, PreconnectSocksProxy) {
   for (size_t i = 0; i < arraysize(kTests); ++i) {
     SpdySessionDependencies session_deps(
         GetParam(), ProxyService::CreateFixed("socks4://socks_proxy:1080"));
-    scoped_ptr<HttpNetworkSession> session(
+    std::unique_ptr<HttpNetworkSession> session(
         SpdySessionDependencies::SpdyCreateSession(&session_deps));
     HttpNetworkSessionPeer peer(session.get());
     HostPortPair proxy_host("socks_proxy", 1080);
@@ -547,7 +544,7 @@ TEST_P(HttpStreamFactoryTest, PreconnectSocksProxy) {
         new CapturePreconnectsSSLSocketPool(
             session_deps.host_resolver.get(),
             session_deps.cert_verifier.get());
-    scoped_ptr<MockClientSocketPoolManager> mock_pool_manager(
+    std::unique_ptr<MockClientSocketPoolManager> mock_pool_manager(
         new MockClientSocketPoolManager);
     mock_pool_manager->SetSocketPoolForSOCKSProxy(proxy_host, socks_proxy_pool);
     mock_pool_manager->SetSocketPoolForSSLWithProxy(proxy_host, ssl_conn_pool);
@@ -564,7 +561,7 @@ TEST_P(HttpStreamFactoryTest, PreconnectDirectWithExistingSpdySession) {
   for (size_t i = 0; i < arraysize(kTests); ++i) {
     SpdySessionDependencies session_deps(
         GetParam(), ProxyService::CreateDirect());
-    scoped_ptr<HttpNetworkSession> session(
+    std::unique_ptr<HttpNetworkSession> session(
         SpdySessionDependencies::SpdyCreateSession(&session_deps));
     HttpNetworkSessionPeer peer(session.get());
 
@@ -582,7 +579,7 @@ TEST_P(HttpStreamFactoryTest, PreconnectDirectWithExistingSpdySession) {
         new CapturePreconnectsSSLSocketPool(
             session_deps.host_resolver.get(),
             session_deps.cert_verifier.get());
-    scoped_ptr<MockClientSocketPoolManager> mock_pool_manager(
+    std::unique_ptr<MockClientSocketPoolManager> mock_pool_manager(
         new MockClientSocketPoolManager);
     mock_pool_manager->SetTransportSocketPool(transport_conn_pool);
     mock_pool_manager->SetSSLSocketPool(ssl_conn_pool);
@@ -605,14 +602,14 @@ TEST_P(HttpStreamFactoryTest, PreconnectUnsafePort) {
 
   SpdySessionDependencies session_deps(
       GetParam(), ProxyService::CreateDirect());
-  scoped_ptr<HttpNetworkSession> session(
+  std::unique_ptr<HttpNetworkSession> session(
       SpdySessionDependencies::SpdyCreateSession(&session_deps));
   HttpNetworkSessionPeer peer(session.get());
   CapturePreconnectsTransportSocketPool* transport_conn_pool =
       new CapturePreconnectsTransportSocketPool(
           session_deps.host_resolver.get(),
           session_deps.cert_verifier.get());
-  scoped_ptr<MockClientSocketPoolManager> mock_pool_manager(
+  std::unique_ptr<MockClientSocketPoolManager> mock_pool_manager(
       new MockClientSocketPoolManager);
   mock_pool_manager->SetTransportSocketPool(transport_conn_pool);
   peer.SetClientSocketPoolManager(std::move(mock_pool_manager));
@@ -636,7 +633,7 @@ TEST_P(HttpStreamFactoryTest, JobNotifiesProxy) {
   socket_data2.set_connect_data(MockConnect(ASYNC, OK));
   session_deps.socket_factory->AddSocketDataProvider(&socket_data2);
 
-  scoped_ptr<HttpNetworkSession> session(
+  std::unique_ptr<HttpNetworkSession> session(
       SpdySessionDependencies::SpdyCreateSession(&session_deps));
 
   // Now request a stream. It should succeed using the second proxy in the
@@ -647,10 +644,10 @@ TEST_P(HttpStreamFactoryTest, JobNotifiesProxy) {
 
   SSLConfig ssl_config;
   StreamRequestWaiter waiter;
-  scoped_ptr<HttpStreamRequest> request(
+  std::unique_ptr<HttpStreamRequest> request(
       session->http_stream_factory()->RequestStream(
-          request_info, DEFAULT_PRIORITY, ssl_config, ssl_config,
-          &waiter, BoundNetLog()));
+          request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter,
+          BoundNetLog()));
   waiter.WaitForStream();
 
   // The proxy that failed should now be known to the proxy_service as bad.
@@ -680,14 +677,13 @@ TEST_P(HttpStreamFactoryTest, UnreachableQuicProxyMarkedAsBad) {
                             ERR_SSL_PROTOCOL_ERROR,
                             ERR_MSG_TOO_BIG};
   for (size_t i = 0; i < arraysize(mock_error); ++i) {
-    scoped_ptr<ProxyService> proxy_service;
+    std::unique_ptr<ProxyService> proxy_service;
     proxy_service =
         ProxyService::CreateFixedFromPacResult("QUIC bad:99; DIRECT");
 
     HttpNetworkSession::Params params;
     params.enable_quic = true;
     params.quic_disable_preconnect_if_0rtt = false;
-    params.enable_quic_for_proxies = true;
     scoped_refptr<SSLConfigServiceDefaults> ssl_config_service(
         new SSLConfigServiceDefaults);
     HttpServerPropertiesImpl http_server_properties;
@@ -701,7 +697,7 @@ TEST_P(HttpStreamFactoryTest, UnreachableQuicProxyMarkedAsBad) {
     params.ssl_config_service = ssl_config_service.get();
     params.http_server_properties = http_server_properties.GetWeakPtr();
 
-    scoped_ptr<HttpNetworkSession> session(new HttpNetworkSession(params));
+    std::unique_ptr<HttpNetworkSession> session(new HttpNetworkSession(params));
     session->quic_stream_factory()->set_require_confirmation(false);
 
     StaticSocketDataProvider socket_data1;
@@ -721,7 +717,7 @@ TEST_P(HttpStreamFactoryTest, UnreachableQuicProxyMarkedAsBad) {
 
     SSLConfig ssl_config;
     StreamRequestWaiter waiter;
-    scoped_ptr<HttpStreamRequest> request(
+    std::unique_ptr<HttpStreamRequest> request(
         session->http_stream_factory()->RequestStream(
             request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter,
             BoundNetLog()));
@@ -747,7 +743,7 @@ class TestBidirectionalDelegate : public BidirectionalStreamImpl::Delegate {
   const SpdyHeaderBlock& response_headers() const { return response_headers_; }
 
  private:
-  void OnHeadersSent() override {}
+  void OnStreamReady(bool request_headers_sent) override {}
   void OnHeadersReceived(const SpdyHeaderBlock& response_headers) override {
     response_headers_ = response_headers;
     loop_.Quit();
@@ -770,7 +766,7 @@ class MockQuicData {
 
   ~MockQuicData() { STLDeleteElements(&packets_); }
 
-  void AddRead(scoped_ptr<QuicEncryptedPacket> packet) {
+  void AddRead(std::unique_ptr<QuicEncryptedPacket> packet) {
     reads_.push_back(
         MockRead(ASYNC, packet->data(), packet->length(), packet_number_++));
     packets_.push_back(packet.release());
@@ -780,7 +776,7 @@ class MockQuicData {
     reads_.push_back(MockRead(mode, rv, packet_number_++));
   }
 
-  void AddWrite(scoped_ptr<QuicEncryptedPacket> packet) {
+  void AddWrite(std::unique_ptr<QuicEncryptedPacket> packet) {
     writes_.push_back(MockWrite(SYNCHRONOUS, packet->data(), packet->length(),
                                 packet_number_++));
     packets_.push_back(packet.release());
@@ -799,19 +795,18 @@ class MockQuicData {
   std::vector<MockWrite> writes_;
   std::vector<MockRead> reads_;
   size_t packet_number_;
-  scoped_ptr<SequencedSocketData> socket_data_;
+  std::unique_ptr<SequencedSocketData> socket_data_;
 };
 
 }  // namespace
 
 TEST_P(HttpStreamFactoryTest, QuicLossyProxyMarkedAsBad) {
   // Checks if a
-  scoped_ptr<ProxyService> proxy_service;
+  std::unique_ptr<ProxyService> proxy_service;
   proxy_service = ProxyService::CreateFixedFromPacResult("QUIC bad:99; DIRECT");
 
   HttpNetworkSession::Params params;
   params.enable_quic = true;
-  params.enable_quic_for_proxies = true;
   params.quic_disable_preconnect_if_0rtt = false;
   scoped_refptr<SSLConfigServiceDefaults> ssl_config_service(
       new SSLConfigServiceDefaults);
@@ -827,7 +822,7 @@ TEST_P(HttpStreamFactoryTest, QuicLossyProxyMarkedAsBad) {
   params.http_server_properties = http_server_properties.GetWeakPtr();
   params.quic_max_number_of_lossy_connections = 2;
 
-  scoped_ptr<HttpNetworkSession> session(new HttpNetworkSession(params));
+  std::unique_ptr<HttpNetworkSession> session(new HttpNetworkSession(params));
   session->quic_stream_factory()->set_require_confirmation(false);
 
   session->quic_stream_factory()->number_of_lossy_connections_[99] =
@@ -847,7 +842,7 @@ TEST_P(HttpStreamFactoryTest, QuicLossyProxyMarkedAsBad) {
 
   SSLConfig ssl_config;
   StreamRequestWaiter waiter;
-  scoped_ptr<HttpStreamRequest> request(
+  std::unique_ptr<HttpStreamRequest> request(
       session->http_stream_factory()->RequestStream(
           request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter,
           BoundNetLog()));
@@ -876,8 +871,10 @@ TEST_P(HttpStreamFactoryTest, UsePreConnectIfNoZeroRTT) {
     alternative_service_info_vector.push_back(
         AlternativeServiceInfo(alternative_service, expiration));
     HostPortPair host_port_pair(alternative_service.host_port_pair());
+    url::SchemeHostPort server("https", host_port_pair.host(),
+                               host_port_pair.port());
     http_server_properties.SetAlternativeServices(
-        host_port_pair, alternative_service_info_vector);
+        server, alternative_service_info_vector);
 
     SpdySessionDependencies session_deps(
         GetParam(), ProxyService::CreateFixed("http_proxy"));
@@ -889,7 +886,7 @@ TEST_P(HttpStreamFactoryTest, UsePreConnectIfNoZeroRTT) {
     params.quic_disable_preconnect_if_0rtt = true;
     params.http_server_properties = http_server_properties.GetWeakPtr();
 
-    scoped_ptr<HttpNetworkSession> session(new HttpNetworkSession(params));
+    std::unique_ptr<HttpNetworkSession> session(new HttpNetworkSession(params));
     HttpNetworkSessionPeer peer(session.get());
     HostPortPair proxy_host("http_proxy", 80);
     CapturePreconnectsHttpProxySocketPool* http_proxy_pool =
@@ -898,7 +895,7 @@ TEST_P(HttpStreamFactoryTest, UsePreConnectIfNoZeroRTT) {
     CapturePreconnectsSSLSocketPool* ssl_conn_pool =
         new CapturePreconnectsSSLSocketPool(session_deps.host_resolver.get(),
                                             session_deps.cert_verifier.get());
-    scoped_ptr<MockClientSocketPoolManager> mock_pool_manager(
+    std::unique_ptr<MockClientSocketPoolManager> mock_pool_manager(
         new MockClientSocketPoolManager);
     mock_pool_manager->SetSocketPoolForHTTPProxy(proxy_host, http_proxy_pool);
     mock_pool_manager->SetSocketPoolForSSLWithProxy(proxy_host, ssl_conn_pool);
@@ -920,8 +917,10 @@ TEST_P(HttpStreamFactoryTest, QuicDisablePreConnectIfZeroRtt) {
     alternative_service_info_vector.push_back(
         AlternativeServiceInfo(alternative_service, expiration));
     HostPortPair host_port_pair(alternative_service.host_port_pair());
+    url::SchemeHostPort server("https", host_port_pair.host(),
+                               host_port_pair.port());
     http_server_properties.SetAlternativeServices(
-        host_port_pair, alternative_service_info_vector);
+        server, alternative_service_info_vector);
 
     SpdySessionDependencies session_deps(GetParam());
 
@@ -932,7 +931,7 @@ TEST_P(HttpStreamFactoryTest, QuicDisablePreConnectIfZeroRtt) {
     params.quic_disable_preconnect_if_0rtt = true;
     params.http_server_properties = http_server_properties.GetWeakPtr();
 
-    scoped_ptr<HttpNetworkSession> session(new HttpNetworkSession(params));
+    std::unique_ptr<HttpNetworkSession> session(new HttpNetworkSession(params));
 
     // Setup 0RTT for QUIC.
     QuicStreamFactory* factory = session->quic_stream_factory();
@@ -944,7 +943,7 @@ TEST_P(HttpStreamFactoryTest, QuicDisablePreConnectIfZeroRtt) {
     CapturePreconnectsTransportSocketPool* transport_conn_pool =
         new CapturePreconnectsTransportSocketPool(
             session_deps.host_resolver.get(), session_deps.cert_verifier.get());
-    scoped_ptr<MockClientSocketPoolManager> mock_pool_manager(
+    std::unique_ptr<MockClientSocketPoolManager> mock_pool_manager(
         new MockClientSocketPoolManager);
     mock_pool_manager->SetTransportSocketPool(transport_conn_pool);
     peer.SetClientSocketPoolManager(std::move(mock_pool_manager));
@@ -954,10 +953,7 @@ TEST_P(HttpStreamFactoryTest, QuicDisablePreConnectIfZeroRtt) {
     request.url = url;
     request.load_flags = 0;
 
-    SSLConfig ssl_config;
-    session->ssl_config_service()->GetSSLConfig(&ssl_config);
-    session->http_stream_factory()->PreconnectStreams(num_streams, request,
-                                                      ssl_config, ssl_config);
+    session->http_stream_factory()->PreconnectStreams(num_streams, request);
     EXPECT_EQ(-1, transport_conn_pool->last_num_streams());
   }
 }
@@ -975,7 +971,7 @@ TEST_P(HttpStreamFactoryTest, PrivacyModeDisablesChannelId) {
   SSLSocketDataProvider ssl(ASYNC, OK);
   session_deps.socket_factory->AddSSLSocketDataProvider(&ssl);
 
-  scoped_ptr<HttpNetworkSession> session(
+  std::unique_ptr<HttpNetworkSession> session(
       SpdySessionDependencies::SpdyCreateSession(&session_deps));
 
   // Set an existing SpdySession in the pool.
@@ -991,10 +987,10 @@ TEST_P(HttpStreamFactoryTest, PrivacyModeDisablesChannelId) {
 
   SSLConfig ssl_config;
   StreamRequestWaiter waiter;
-  scoped_ptr<HttpStreamRequest> request(
+  std::unique_ptr<HttpStreamRequest> request(
       session->http_stream_factory()->RequestStream(
-          request_info, DEFAULT_PRIORITY, ssl_config, ssl_config,
-          &waiter, BoundNetLog()));
+          request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter,
+          BoundNetLog()));
   waiter.WaitForStream();
 
   // The stream shouldn't come from spdy as we are using different privacy mode
@@ -1009,7 +1005,8 @@ namespace {
 // Return count of distinct groups in given socket pool.
 int GetSocketPoolGroupCount(ClientSocketPool* pool) {
   int count = 0;
-  scoped_ptr<base::DictionaryValue> dict(pool->GetInfoAsValue("", "", false));
+  std::unique_ptr<base::DictionaryValue> dict(
+      pool->GetInfoAsValue("", "", false));
   EXPECT_TRUE(dict != nullptr);
   base::DictionaryValue* groups = nullptr;
   if (dict->GetDictionary("groups", &groups) && (groups != nullptr)) {
@@ -1020,7 +1017,7 @@ int GetSocketPoolGroupCount(ClientSocketPool* pool) {
 
 // Return count of distinct spdy sessions.
 int GetSpdySessionCount(HttpNetworkSession* session) {
-  scoped_ptr<base::Value> value(
+  std::unique_ptr<base::Value> value(
       session->spdy_session_pool()->SpdySessionPoolInfoToValue());
   base::ListValue* session_list;
   if (!value || !value->GetAsList(&session_list))
@@ -1041,7 +1038,7 @@ TEST_P(HttpStreamFactoryTest, PrivacyModeUsesDifferentSocketPoolGroup) {
   SSLSocketDataProvider ssl(ASYNC, OK);
   session_deps.socket_factory->AddSSLSocketDataProvider(&ssl);
 
-  scoped_ptr<HttpNetworkSession> session(
+  std::unique_ptr<HttpNetworkSession> session(
       SpdySessionDependencies::SpdyCreateSession(&session_deps));
   SSLClientSocketPool* ssl_pool = session->GetSSLSocketPool(
       HttpNetworkSession::NORMAL_SOCKET_POOL);
@@ -1057,27 +1054,27 @@ TEST_P(HttpStreamFactoryTest, PrivacyModeUsesDifferentSocketPoolGroup) {
   SSLConfig ssl_config;
   StreamRequestWaiter waiter;
 
-  scoped_ptr<HttpStreamRequest> request1(
+  std::unique_ptr<HttpStreamRequest> request1(
       session->http_stream_factory()->RequestStream(
-          request_info, DEFAULT_PRIORITY, ssl_config, ssl_config,
-          &waiter, BoundNetLog()));
+          request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter,
+          BoundNetLog()));
   waiter.WaitForStream();
 
   EXPECT_EQ(GetSocketPoolGroupCount(ssl_pool), 1);
 
-  scoped_ptr<HttpStreamRequest> request2(
+  std::unique_ptr<HttpStreamRequest> request2(
       session->http_stream_factory()->RequestStream(
-          request_info, DEFAULT_PRIORITY, ssl_config, ssl_config,
-          &waiter, BoundNetLog()));
+          request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter,
+          BoundNetLog()));
   waiter.WaitForStream();
 
   EXPECT_EQ(GetSocketPoolGroupCount(ssl_pool), 1);
 
   request_info.privacy_mode = PRIVACY_MODE_ENABLED;
-  scoped_ptr<HttpStreamRequest> request3(
+  std::unique_ptr<HttpStreamRequest> request3(
       session->http_stream_factory()->RequestStream(
-          request_info, DEFAULT_PRIORITY, ssl_config, ssl_config,
-          &waiter, BoundNetLog()));
+          request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter,
+          BoundNetLog()));
   waiter.WaitForStream();
 
   EXPECT_EQ(GetSocketPoolGroupCount(ssl_pool), 2);
@@ -1091,7 +1088,7 @@ TEST_P(HttpStreamFactoryTest, GetLoadState) {
   socket_data.set_connect_data(MockConnect(ASYNC, OK));
   session_deps.socket_factory->AddSocketDataProvider(&socket_data);
 
-  scoped_ptr<HttpNetworkSession> session(
+  std::unique_ptr<HttpNetworkSession> session(
       SpdySessionDependencies::SpdyCreateSession(&session_deps));
 
   HttpRequestInfo request_info;
@@ -1100,10 +1097,10 @@ TEST_P(HttpStreamFactoryTest, GetLoadState) {
 
   SSLConfig ssl_config;
   StreamRequestWaiter waiter;
-  scoped_ptr<HttpStreamRequest> request(
+  std::unique_ptr<HttpStreamRequest> request(
       session->http_stream_factory()->RequestStream(
-          request_info, DEFAULT_PRIORITY, ssl_config, ssl_config,
-          &waiter, BoundNetLog()));
+          request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter,
+          BoundNetLog()));
 
   EXPECT_EQ(LOAD_STATE_RESOLVING_HOST, request->GetLoadState());
 
@@ -1118,7 +1115,7 @@ TEST_P(HttpStreamFactoryTest, RequestHttpStream) {
   socket_data.set_connect_data(MockConnect(ASYNC, OK));
   session_deps.socket_factory->AddSocketDataProvider(&socket_data);
 
-  scoped_ptr<HttpNetworkSession> session(
+  std::unique_ptr<HttpNetworkSession> session(
       SpdySessionDependencies::SpdyCreateSession(&session_deps));
 
   // Now request a stream.  It should succeed using the second proxy in the
@@ -1130,13 +1127,9 @@ TEST_P(HttpStreamFactoryTest, RequestHttpStream) {
 
   SSLConfig ssl_config;
   StreamRequestWaiter waiter;
-  scoped_ptr<HttpStreamRequest> request(
+  std::unique_ptr<HttpStreamRequest> request(
       session->http_stream_factory()->RequestStream(
-          request_info,
-          DEFAULT_PRIORITY,
-          ssl_config,
-          ssl_config,
-          &waiter,
+          request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter,
           BoundNetLog()));
   waiter.WaitForStream();
   EXPECT_TRUE(waiter.stream_done());
@@ -1168,7 +1161,7 @@ TEST_P(HttpStreamFactoryTest, RequestHttpStreamOverSSL) {
   SSLSocketDataProvider ssl_socket_data(ASYNC, OK);
   session_deps.socket_factory->AddSSLSocketDataProvider(&ssl_socket_data);
 
-  scoped_ptr<HttpNetworkSession> session(
+  std::unique_ptr<HttpNetworkSession> session(
       SpdySessionDependencies::SpdyCreateSession(&session_deps));
 
   // Now request a stream.
@@ -1179,13 +1172,9 @@ TEST_P(HttpStreamFactoryTest, RequestHttpStreamOverSSL) {
 
   SSLConfig ssl_config;
   StreamRequestWaiter waiter;
-  scoped_ptr<HttpStreamRequest> request(
+  std::unique_ptr<HttpStreamRequest> request(
       session->http_stream_factory()->RequestStream(
-          request_info,
-          DEFAULT_PRIORITY,
-          ssl_config,
-          ssl_config,
-          &waiter,
+          request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter,
           BoundNetLog()));
   waiter.WaitForStream();
   EXPECT_TRUE(waiter.stream_done());
@@ -1213,7 +1202,7 @@ TEST_P(HttpStreamFactoryTest, RequestHttpStreamOverProxy) {
   socket_data.set_connect_data(MockConnect(ASYNC, OK));
   session_deps.socket_factory->AddSocketDataProvider(&socket_data);
 
-  scoped_ptr<HttpNetworkSession> session(
+  std::unique_ptr<HttpNetworkSession> session(
       SpdySessionDependencies::SpdyCreateSession(&session_deps));
 
   // Now request a stream.  It should succeed using the second proxy in the
@@ -1225,13 +1214,9 @@ TEST_P(HttpStreamFactoryTest, RequestHttpStreamOverProxy) {
 
   SSLConfig ssl_config;
   StreamRequestWaiter waiter;
-  scoped_ptr<HttpStreamRequest> request(
+  std::unique_ptr<HttpStreamRequest> request(
       session->http_stream_factory()->RequestStream(
-          request_info,
-          DEFAULT_PRIORITY,
-          ssl_config,
-          ssl_config,
-          &waiter,
+          request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter,
           BoundNetLog()));
   waiter.WaitForStream();
   EXPECT_TRUE(waiter.stream_done());
@@ -1266,7 +1251,7 @@ TEST_P(HttpStreamFactoryTest, RequestWebSocketBasicHandshakeStream) {
   socket_data.set_connect_data(MockConnect(ASYNC, OK));
   session_deps.socket_factory->AddSocketDataProvider(&socket_data);
 
-  scoped_ptr<HttpNetworkSession> session(
+  std::unique_ptr<HttpNetworkSession> session(
       SpdySessionDependencies::SpdyCreateSession(&session_deps));
 
   // Now request a stream.
@@ -1278,15 +1263,11 @@ TEST_P(HttpStreamFactoryTest, RequestWebSocketBasicHandshakeStream) {
   SSLConfig ssl_config;
   StreamRequestWaiter waiter;
   WebSocketStreamCreateHelper create_helper;
-  scoped_ptr<HttpStreamRequest> request(
+  std::unique_ptr<HttpStreamRequest> request(
       session->http_stream_factory_for_websocket()
-          ->RequestWebSocketHandshakeStream(request_info,
-                                            DEFAULT_PRIORITY,
-                                            ssl_config,
-                                            ssl_config,
-                                            &waiter,
-                                            &create_helper,
-                                            BoundNetLog()));
+          ->RequestWebSocketHandshakeStream(request_info, DEFAULT_PRIORITY,
+                                            ssl_config, ssl_config, &waiter,
+                                            &create_helper, BoundNetLog()));
   waiter.WaitForStream();
   EXPECT_TRUE(waiter.stream_done());
   EXPECT_TRUE(nullptr == waiter.stream());
@@ -1314,7 +1295,7 @@ TEST_P(HttpStreamFactoryTest, RequestWebSocketBasicHandshakeStreamOverSSL) {
   SSLSocketDataProvider ssl_socket_data(ASYNC, OK);
   session_deps.socket_factory->AddSSLSocketDataProvider(&ssl_socket_data);
 
-  scoped_ptr<HttpNetworkSession> session(
+  std::unique_ptr<HttpNetworkSession> session(
       SpdySessionDependencies::SpdyCreateSession(&session_deps));
 
   // Now request a stream.
@@ -1326,15 +1307,11 @@ TEST_P(HttpStreamFactoryTest, RequestWebSocketBasicHandshakeStreamOverSSL) {
   SSLConfig ssl_config;
   StreamRequestWaiter waiter;
   WebSocketStreamCreateHelper create_helper;
-  scoped_ptr<HttpStreamRequest> request(
+  std::unique_ptr<HttpStreamRequest> request(
       session->http_stream_factory_for_websocket()
-          ->RequestWebSocketHandshakeStream(request_info,
-                                            DEFAULT_PRIORITY,
-                                            ssl_config,
-                                            ssl_config,
-                                            &waiter,
-                                            &create_helper,
-                                            BoundNetLog()));
+          ->RequestWebSocketHandshakeStream(request_info, DEFAULT_PRIORITY,
+                                            ssl_config, ssl_config, &waiter,
+                                            &create_helper, BoundNetLog()));
   waiter.WaitForStream();
   EXPECT_TRUE(waiter.stream_done());
   EXPECT_TRUE(nullptr == waiter.stream());
@@ -1359,7 +1336,7 @@ TEST_P(HttpStreamFactoryTest, RequestWebSocketBasicHandshakeStreamOverProxy) {
   socket_data.set_connect_data(MockConnect(ASYNC, OK));
   session_deps.socket_factory->AddSocketDataProvider(&socket_data);
 
-  scoped_ptr<HttpNetworkSession> session(
+  std::unique_ptr<HttpNetworkSession> session(
       SpdySessionDependencies::SpdyCreateSession(&session_deps));
 
   // Now request a stream.
@@ -1371,15 +1348,11 @@ TEST_P(HttpStreamFactoryTest, RequestWebSocketBasicHandshakeStreamOverProxy) {
   SSLConfig ssl_config;
   StreamRequestWaiter waiter;
   WebSocketStreamCreateHelper create_helper;
-  scoped_ptr<HttpStreamRequest> request(
+  std::unique_ptr<HttpStreamRequest> request(
       session->http_stream_factory_for_websocket()
-          ->RequestWebSocketHandshakeStream(request_info,
-                                            DEFAULT_PRIORITY,
-                                            ssl_config,
-                                            ssl_config,
-                                            &waiter,
-                                            &create_helper,
-                                            BoundNetLog()));
+          ->RequestWebSocketHandshakeStream(request_info, DEFAULT_PRIORITY,
+                                            ssl_config, ssl_config, &waiter,
+                                            &create_helper, BoundNetLog()));
   waiter.WaitForStream();
   EXPECT_TRUE(waiter.stream_done());
   EXPECT_TRUE(nullptr == waiter.stream());
@@ -1420,7 +1393,7 @@ TEST_P(HttpStreamFactoryTest, RequestSpdyHttpStream) {
   session_deps.socket_factory->AddSSLSocketDataProvider(&ssl_socket_data);
 
   HostPortPair host_port_pair("www.google.com", 443);
-  scoped_ptr<HttpNetworkSession> session(
+  std::unique_ptr<HttpNetworkSession> session(
       SpdySessionDependencies::SpdyCreateSession(&session_deps));
 
   // Now request a stream.
@@ -1431,13 +1404,9 @@ TEST_P(HttpStreamFactoryTest, RequestSpdyHttpStream) {
 
   SSLConfig ssl_config;
   StreamRequestWaiter waiter;
-  scoped_ptr<HttpStreamRequest> request(
+  std::unique_ptr<HttpStreamRequest> request(
       session->http_stream_factory()->RequestStream(
-          request_info,
-          DEFAULT_PRIORITY,
-          ssl_config,
-          ssl_config,
-          &waiter,
+          request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter,
           BoundNetLog()));
   waiter.WaitForStream();
   EXPECT_TRUE(waiter.stream_done());
@@ -1471,7 +1440,7 @@ TEST_P(HttpStreamFactoryTest, RequestBidirectionalStreamImpl) {
   session_deps.socket_factory->AddSSLSocketDataProvider(&ssl_socket_data);
 
   HostPortPair host_port_pair("www.google.com", 443);
-  scoped_ptr<HttpNetworkSession> session(
+  std::unique_ptr<HttpNetworkSession> session(
       SpdySessionDependencies::SpdyCreateSession(&session_deps));
 
   // Now request a stream.
@@ -1482,7 +1451,7 @@ TEST_P(HttpStreamFactoryTest, RequestBidirectionalStreamImpl) {
 
   SSLConfig ssl_config;
   StreamRequestWaiter waiter;
-  scoped_ptr<HttpStreamRequest> request(
+  std::unique_ptr<HttpStreamRequest> request(
       session->http_stream_factory()->RequestBidirectionalStreamImpl(
           request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter,
           BoundNetLog()));
@@ -1511,7 +1480,16 @@ class HttpStreamFactoryBidirectionalQuicTest
  protected:
   HttpStreamFactoryBidirectionalQuicTest()
       : clock_(new MockClock),
-        packet_maker_(GetParam(), 0, clock_, "www.example.org"),
+        client_packet_maker_(GetParam(),
+                             0,
+                             clock_,
+                             "www.example.org",
+                             Perspective::IS_CLIENT),
+        server_packet_maker_(GetParam(),
+                             0,
+                             clock_,
+                             "www.example.org",
+                             Perspective::IS_SERVER),
         random_generator_(0),
         proxy_service_(ProxyService::CreateDirect()),
         ssl_config_service_(new SSLConfigServiceDefaults) {
@@ -1557,12 +1535,17 @@ class HttpStreamFactoryBidirectionalQuicTest
     base::Time expiration = base::Time::Now() + base::TimeDelta::FromDays(1);
     alternative_service_info_vector.push_back(
         AlternativeServiceInfo(alternative_service, expiration));
-    HostPortPair host_port_pair(alternative_service.host_port_pair());
+    url::SchemeHostPort server("https", "www.example.org", 443);
     http_server_properties_.SetAlternativeServices(
-        host_port_pair, alternative_service_info_vector);
+        server, alternative_service_info_vector);
   };
 
-  test::QuicTestPacketMaker& packet_maker() { return packet_maker_; }
+  test::QuicTestPacketMaker& client_packet_maker() {
+    return client_packet_maker_;
+  }
+  test::QuicTestPacketMaker& server_packet_maker() {
+    return server_packet_maker_;
+  }
 
   MockClientSocketFactory& socket_factory() { return socket_factory_; }
 
@@ -1570,16 +1553,17 @@ class HttpStreamFactoryBidirectionalQuicTest
 
  private:
   MockClock* clock_;  // Owned by QuicStreamFactory
-  test::QuicTestPacketMaker packet_maker_;
+  test::QuicTestPacketMaker client_packet_maker_;
+  test::QuicTestPacketMaker server_packet_maker_;
   MockClientSocketFactory socket_factory_;
-  scoped_ptr<HttpNetworkSession> session_;
+  std::unique_ptr<HttpNetworkSession> session_;
   test::MockRandom random_generator_;
   ProofVerifyDetailsChromium verify_details_;
   MockCryptoClientStreamFactory crypto_client_stream_factory_;
   HttpServerPropertiesImpl http_server_properties_;
   TransportSecurityState transport_security_state_;
   MockHostResolver host_resolver_;
-  scoped_ptr<ProxyService> proxy_service_;
+  std::unique_ptr<ProxyService> proxy_service_;
   scoped_refptr<SSLConfigServiceDefaults> ssl_config_service_;
   HttpNetworkSession::Params params_;
 };
@@ -1596,21 +1580,21 @@ TEST_P(HttpStreamFactoryBidirectionalQuicTest,
   SpdyPriority priority =
       ConvertRequestPriorityToQuicPriority(DEFAULT_PRIORITY);
   size_t spdy_headers_frame_length;
-  mock_quic_data.AddWrite(packet_maker().MakeRequestHeadersPacket(
+  mock_quic_data.AddWrite(client_packet_maker().MakeRequestHeadersPacket(
       1, test::kClientDataStreamId1, /*should_include_version=*/true,
       /*fin=*/true, priority,
-      packet_maker().GetRequestHeaders("GET", "https", "/"),
+      client_packet_maker().GetRequestHeaders("GET", "https", "/"),
       &spdy_headers_frame_length));
   size_t spdy_response_headers_frame_length;
-  mock_quic_data.AddRead(packet_maker().MakeResponseHeadersPacket(
+  mock_quic_data.AddRead(server_packet_maker().MakeResponseHeadersPacket(
       1, test::kClientDataStreamId1, /*should_include_version=*/false,
-      /*fin=*/true, packet_maker().GetResponseHeaders("200"),
+      /*fin=*/true, server_packet_maker().GetResponseHeaders("200"),
       &spdy_response_headers_frame_length));
   mock_quic_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING);  // No more read data.
   mock_quic_data.AddSocketDataToFactory(&socket_factory());
 
   // Add hanging data for http job.
-  scoped_ptr<StaticSocketDataProvider> hanging_data;
+  std::unique_ptr<StaticSocketDataProvider> hanging_data;
   hanging_data.reset(new StaticSocketDataProvider());
   MockConnect hanging_connect(SYNCHRONOUS, ERR_IO_PENDING);
   hanging_data->set_connect_data(hanging_connect);
@@ -1630,7 +1614,7 @@ TEST_P(HttpStreamFactoryBidirectionalQuicTest,
   request_info.load_flags = 0;
 
   StreamRequestWaiter waiter;
-  scoped_ptr<HttpStreamRequest> request(
+  std::unique_ptr<HttpStreamRequest> request(
       session()->http_stream_factory()->RequestBidirectionalStreamImpl(
           request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter,
           BoundNetLog()));
@@ -1649,16 +1633,18 @@ TEST_P(HttpStreamFactoryBidirectionalQuicTest,
   bidi_request_info.priority = LOWEST;
 
   TestBidirectionalDelegate delegate;
-  stream_impl->Start(&bidi_request_info, BoundNetLog(), &delegate, nullptr);
+  stream_impl->Start(&bidi_request_info, BoundNetLog(),
+                     /*send_request_headers_automatically=*/true, &delegate,
+                     nullptr);
   delegate.WaitUntilDone();
 
   scoped_refptr<IOBuffer> buffer = new net::IOBuffer(1);
   EXPECT_EQ(OK, stream_impl->ReadData(buffer.get(), 1));
   EXPECT_EQ(kProtoQUIC1SPDY3, stream_impl->GetProtocol());
   EXPECT_EQ("200", delegate.response_headers().find(":status")->second);
-  EXPECT_EQ(1, GetSocketPoolGroupCount(session()->GetTransportSocketPool(
+  EXPECT_EQ(0, GetSocketPoolGroupCount(session()->GetTransportSocketPool(
                    HttpNetworkSession::NORMAL_SOCKET_POOL)));
-  EXPECT_EQ(1, GetSocketPoolGroupCount(session()->GetSSLSocketPool(
+  EXPECT_EQ(0, GetSocketPoolGroupCount(session()->GetSSLSocketPool(
                    HttpNetworkSession::NORMAL_SOCKET_POOL)));
   EXPECT_EQ(0, GetSocketPoolGroupCount(session()->GetTransportSocketPool(
                    HttpNetworkSession::WEBSOCKET_SOCKET_POOL)));
@@ -1674,7 +1660,7 @@ TEST_P(HttpStreamFactoryBidirectionalQuicTest,
   GURL url = GURL("https://www.example.org");
 
   // Make the http job fail.
-  scoped_ptr<StaticSocketDataProvider> http_job_data;
+  std::unique_ptr<StaticSocketDataProvider> http_job_data;
   http_job_data.reset(new StaticSocketDataProvider());
   MockConnect failed_connect(ASYNC, ERR_CONNECTION_REFUSED);
   http_job_data->set_connect_data(failed_connect);
@@ -1695,7 +1681,7 @@ TEST_P(HttpStreamFactoryBidirectionalQuicTest,
   request_info.load_flags = 0;
 
   StreamRequestWaiter waiter;
-  scoped_ptr<HttpStreamRequest> request(
+  std::unique_ptr<HttpStreamRequest> request(
       session()->http_stream_factory()->RequestBidirectionalStreamImpl(
           request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter,
           BoundNetLog()));
@@ -1721,21 +1707,21 @@ TEST_P(HttpStreamFactoryBidirectionalQuicTest,
   SpdyPriority priority =
       ConvertRequestPriorityToQuicPriority(DEFAULT_PRIORITY);
   size_t spdy_headers_frame_length;
-  mock_quic_data.AddWrite(packet_maker().MakeRequestHeadersPacket(
+  mock_quic_data.AddWrite(client_packet_maker().MakeRequestHeadersPacket(
       1, test::kClientDataStreamId1, /*should_include_version=*/true,
       /*fin=*/true, priority,
-      packet_maker().GetRequestHeaders("GET", "https", "/"),
+      client_packet_maker().GetRequestHeaders("GET", "https", "/"),
       &spdy_headers_frame_length));
   size_t spdy_response_headers_frame_length;
-  mock_quic_data.AddRead(packet_maker().MakeResponseHeadersPacket(
+  mock_quic_data.AddRead(server_packet_maker().MakeResponseHeadersPacket(
       1, test::kClientDataStreamId1, /*should_include_version=*/false,
-      /*fin=*/true, packet_maker().GetResponseHeaders("200"),
+      /*fin=*/true, server_packet_maker().GetResponseHeaders("200"),
       &spdy_response_headers_frame_length));
   mock_quic_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING);  // No more read data.
   mock_quic_data.AddSocketDataToFactory(&socket_factory());
 
   // Make the http job fail.
-  scoped_ptr<StaticSocketDataProvider> http_job_data;
+  std::unique_ptr<StaticSocketDataProvider> http_job_data;
   http_job_data.reset(new StaticSocketDataProvider());
   MockConnect failed_connect(ASYNC, ERR_CONNECTION_REFUSED);
   http_job_data->set_connect_data(failed_connect);
@@ -1755,7 +1741,7 @@ TEST_P(HttpStreamFactoryBidirectionalQuicTest,
   request_info.load_flags = 0;
 
   StreamRequestWaiter waiter;
-  scoped_ptr<HttpStreamRequest> request(
+  std::unique_ptr<HttpStreamRequest> request(
       session()->http_stream_factory()->RequestBidirectionalStreamImpl(
           request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter,
           BoundNetLog()));
@@ -1774,7 +1760,9 @@ TEST_P(HttpStreamFactoryBidirectionalQuicTest,
   bidi_request_info.priority = LOWEST;
 
   TestBidirectionalDelegate delegate;
-  stream_impl->Start(&bidi_request_info, BoundNetLog(), &delegate, nullptr);
+  stream_impl->Start(&bidi_request_info, BoundNetLog(),
+                     /*send_request_headers_automatically=*/true, &delegate,
+                     nullptr);
   delegate.WaitUntilDone();
 
   // Make sure the BidirectionalStream negotiated goes through QUIC.
@@ -1810,7 +1798,7 @@ TEST_P(HttpStreamFactoryTest, RequestBidirectionalStreamImplFailure) {
   session_deps.socket_factory->AddSSLSocketDataProvider(&ssl_socket_data);
 
   HostPortPair host_port_pair("www.google.com", 443);
-  scoped_ptr<HttpNetworkSession> session(
+  std::unique_ptr<HttpNetworkSession> session(
       SpdySessionDependencies::SpdyCreateSession(&session_deps));
 
   // Now request a stream.
@@ -1821,7 +1809,7 @@ TEST_P(HttpStreamFactoryTest, RequestBidirectionalStreamImplFailure) {
 
   SSLConfig ssl_config;
   StreamRequestWaiter waiter;
-  scoped_ptr<HttpStreamRequest> request(
+  std::unique_ptr<HttpStreamRequest> request(
       session->http_stream_factory()->RequestBidirectionalStreamImpl(
           request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter,
           BoundNetLog()));
@@ -1860,7 +1848,7 @@ TEST_P(HttpStreamFactoryTest, RequestWebSocketSpdyHandshakeStreamButGetSSL) {
   session_deps.socket_factory->AddSSLSocketDataProvider(&ssl_socket_data);
 
   HostPortPair host_port_pair("www.google.com", 80);
-  scoped_ptr<HttpNetworkSession> session(
+  std::unique_ptr<HttpNetworkSession> session(
       SpdySessionDependencies::SpdyCreateSession(&session_deps));
 
   // Now request a stream.
@@ -1872,15 +1860,11 @@ TEST_P(HttpStreamFactoryTest, RequestWebSocketSpdyHandshakeStreamButGetSSL) {
   SSLConfig ssl_config;
   StreamRequestWaiter waiter1;
   WebSocketStreamCreateHelper create_helper;
-  scoped_ptr<HttpStreamRequest> request1(
+  std::unique_ptr<HttpStreamRequest> request1(
       session->http_stream_factory_for_websocket()
-          ->RequestWebSocketHandshakeStream(request_info,
-                                            DEFAULT_PRIORITY,
-                                            ssl_config,
-                                            ssl_config,
-                                            &waiter1,
-                                            &create_helper,
-                                            BoundNetLog()));
+          ->RequestWebSocketHandshakeStream(request_info, DEFAULT_PRIORITY,
+                                            ssl_config, ssl_config, &waiter1,
+                                            &create_helper, BoundNetLog()));
   waiter1.WaitForStream();
   EXPECT_TRUE(waiter1.stream_done());
   ASSERT_TRUE(nullptr != waiter1.websocket_stream());
@@ -1912,7 +1896,7 @@ TEST_P(HttpStreamFactoryTest, DISABLED_RequestWebSocketSpdyHandshakeStream) {
   session_deps.socket_factory->AddSSLSocketDataProvider(&ssl_socket_data);
 
   HostPortPair host_port_pair("www.google.com", 80);
-  scoped_ptr<HttpNetworkSession> session(
+  std::unique_ptr<HttpNetworkSession> session(
       SpdySessionDependencies::SpdyCreateSession(&session_deps));
 
   // Now request a stream.
@@ -1924,15 +1908,11 @@ TEST_P(HttpStreamFactoryTest, DISABLED_RequestWebSocketSpdyHandshakeStream) {
   SSLConfig ssl_config;
   StreamRequestWaiter waiter1;
   WebSocketStreamCreateHelper create_helper;
-  scoped_ptr<HttpStreamRequest> request1(
+  std::unique_ptr<HttpStreamRequest> request1(
       session->http_stream_factory_for_websocket()
-          ->RequestWebSocketHandshakeStream(request_info,
-                                            DEFAULT_PRIORITY,
-                                            ssl_config,
-                                            ssl_config,
-                                            &waiter1,
-                                            &create_helper,
-                                            BoundNetLog()));
+          ->RequestWebSocketHandshakeStream(request_info, DEFAULT_PRIORITY,
+                                            ssl_config, ssl_config, &waiter1,
+                                            &create_helper, BoundNetLog()));
   waiter1.WaitForStream();
   EXPECT_TRUE(waiter1.stream_done());
   ASSERT_TRUE(nullptr != waiter1.websocket_stream());
@@ -1941,15 +1921,11 @@ TEST_P(HttpStreamFactoryTest, DISABLED_RequestWebSocketSpdyHandshakeStream) {
   EXPECT_TRUE(nullptr == waiter1.stream());
 
   StreamRequestWaiter waiter2;
-  scoped_ptr<HttpStreamRequest> request2(
+  std::unique_ptr<HttpStreamRequest> request2(
       session->http_stream_factory_for_websocket()
-          ->RequestWebSocketHandshakeStream(request_info,
-                                            DEFAULT_PRIORITY,
-                                            ssl_config,
-                                            ssl_config,
-                                            &waiter2,
-                                            &create_helper,
-                                            BoundNetLog()));
+          ->RequestWebSocketHandshakeStream(request_info, DEFAULT_PRIORITY,
+                                            ssl_config, ssl_config, &waiter2,
+                                            &create_helper, BoundNetLog()));
   waiter2.WaitForStream();
   EXPECT_TRUE(waiter2.stream_done());
   ASSERT_TRUE(nullptr != waiter2.websocket_stream());
@@ -1995,7 +1971,7 @@ TEST_P(HttpStreamFactoryTest, DISABLED_OrphanedWebSocketStream) {
   ssl_socket_data.SetNextProto(GetParam());
   session_deps.socket_factory->AddSSLSocketDataProvider(&ssl_socket_data);
 
-  scoped_ptr<HttpNetworkSession> session(
+  std::unique_ptr<HttpNetworkSession> session(
       SpdySessionDependencies::SpdyCreateSession(&session_deps));
 
   // Now request a stream.
@@ -2005,22 +1981,21 @@ TEST_P(HttpStreamFactoryTest, DISABLED_OrphanedWebSocketStream) {
   request_info.load_flags = 0;
 
   base::Time expiration = base::Time::Now() + base::TimeDelta::FromDays(1);
+  HostPortPair host_port_pair("www.google.com", 8888);
+
   session->http_server_properties()->SetAlternativeService(
-      HostPortPair("www.google.com", 8888),
+      url::SchemeHostPort(request_info.url.scheme(), host_port_pair.host(),
+                          host_port_pair.port()),
       AlternativeService(NPN_HTTP_2, "www.google.com", 9999), expiration);
 
   SSLConfig ssl_config;
   StreamRequestWaiter waiter;
   WebSocketStreamCreateHelper create_helper;
-  scoped_ptr<HttpStreamRequest> request(
+  std::unique_ptr<HttpStreamRequest> request(
       session->http_stream_factory_for_websocket()
-          ->RequestWebSocketHandshakeStream(request_info,
-                                            DEFAULT_PRIORITY,
-                                            ssl_config,
-                                            ssl_config,
-                                            &waiter,
-                                            &create_helper,
-                                            BoundNetLog()));
+          ->RequestWebSocketHandshakeStream(request_info, DEFAULT_PRIORITY,
+                                            ssl_config, ssl_config, &waiter,
+                                            &create_helper, BoundNetLog()));
   waiter.WaitForStream();
   EXPECT_TRUE(waiter.stream_done());
   EXPECT_TRUE(nullptr == waiter.stream());
diff --git a/chromium/net/http/http_stream_parser.cc b/chromium/net/http/http_stream_parser.cc
index 1c33557ecb7..c718761ec78 100644
--- a/chromium/net/http/http_stream_parser.cc
+++ b/chromium/net/http/http_stream_parser.cc
@@ -81,12 +81,12 @@ bool HeadersContainMultipleCopiesOfField(const HttpResponseHeaders& headers,
   return false;
 }
 
-scoped_ptr<base::Value> NetLogSendRequestBodyCallback(
+std::unique_ptr<base::Value> NetLogSendRequestBodyCallback(
     uint64_t length,
     bool is_chunked,
     bool did_merge,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetInteger("length", static_cast<int>(length));
   dict->SetBoolean("is_chunked", is_chunked);
   dict->SetBoolean("did_merge", did_merge);
@@ -367,6 +367,8 @@ int HttpStreamParser::ReadResponseBody(IOBuffer* buf, int buf_len,
   DCHECK(callback_.is_null());
   DCHECK(!callback.is_null());
   DCHECK_LE(buf_len, kMaxBufSize);
+  // Added to investigate crbug.com/499663.
+  CHECK(buf);
 
   if (io_state_ == STATE_DONE)
     return OK;
@@ -645,6 +647,9 @@ int HttpStreamParser::DoReadHeadersComplete(int result) {
 int HttpStreamParser::DoReadBody() {
   io_state_ = STATE_READ_BODY_COMPLETE;
 
+  // Added to investigate crbug.com/499663.
+  CHECK(user_read_buf_.get());
+
   // There may be some data left over from reading the response headers.
   if (read_buf_->offset()) {
     int available = read_buf_->offset() - read_buf_unused_offset_;
diff --git a/chromium/net/http/http_stream_parser.h b/chromium/net/http/http_stream_parser.h
index b8bb23a2073..bdd796b22a2 100644
--- a/chromium/net/http/http_stream_parser.h
+++ b/chromium/net/http/http_stream_parser.h
@@ -8,11 +8,11 @@
 #include <stddef.h>
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "base/strings/string_piece.h"
 #include "crypto/ec_private_key.h"
@@ -238,7 +238,7 @@ class NET_EXPORT_PRIVATE HttpStreamParser {
   int64_t response_body_read_;
 
   // Helper if the data is chunked.
-  scoped_ptr<HttpChunkedDecoder> chunked_decoder_;
+  std::unique_ptr<HttpChunkedDecoder> chunked_decoder_;
 
   // Where the caller wants the body data.
   scoped_refptr<IOBuffer> user_read_buf_;
diff --git a/chromium/net/http/http_stream_parser_fuzzer.cc b/chromium/net/http/http_stream_parser_fuzzer.cc
index 19cd9af8c8a..421aaac4c47 100644
--- a/chromium/net/http/http_stream_parser_fuzzer.cc
+++ b/chromium/net/http/http_stream_parser_fuzzer.cc
@@ -8,16 +8,14 @@
 #include <stdint.h>
 
 #include <algorithm>
+#include <memory>
 #include <string>
 #include <vector>
 
 #include "base/logging.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
-#include "base/message_loop/message_loop.h"
-#include "base/numerics/safe_conversions.h"
-#include "net/base/address_list.h"
+#include "net/base/fuzzed_data_provider.h"
 #include "net/base/io_buffer.h"
 #include "net/base/net_errors.h"
 #include "net/base/test_completion_callback.h"
@@ -27,87 +25,22 @@
 #include "net/log/net_log.h"
 #include "net/log/test_net_log.h"
 #include "net/socket/client_socket_handle.h"
-#include "net/socket/socket_test_util.h"
+#include "net/socket/fuzzed_socket.h"
 #include "url/gurl.h"
 
 // Fuzzer for HttpStreamParser.
 //
-// |data| is the data received over a mock HTTP connection through one or more
-// reads, along with metadata about the size of each read, and whether or not
-// the read completely synchronously.
+// |data| is used to create a FuzzedSocket.
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
-  // Needed for thread checks and waits.
-  base::MessageLoopForIO message_loop;
-
-  net::MockWrite writes[] = {
-      net::MockWrite(net::ASYNC, 0, "GET / HTTP/1.1\r\n\r\n"),
-  };
-
-  // Break the buffer into a sequence of variable sized sync and async
-  // reads.  Use the last bytes of |data| exclusively for determining
-  // the size and type of each read.
-  std::vector<net::MockRead> reads;
-  // Sequence number for socket operations.
-  int last_sequence_number = 0;
-
-  // IoMode for the final read, where the server closes the mock socket.
-  net::IoMode close_socket_io_mode = net::ASYNC;
-
-  // Break |data| up into reads.  The test may or may not make to the final
-  // read, where the server closes the socket.
-
-  // Each read needs a one byte seed to determine read size and whether it
-  // should be sync or async, so if there's only one byte left unused, can't use
-  // it here.  The bytes used to get this metadata are not used as over-the-wire
-  // bytes.
-  while (size > 0) {
-    size_t read_seed = data[size - 1];
-    size--;
-    net::IoMode io_mode = net::ASYNC;
-    // Low order bit determines IoMode.
-    if (read_seed & 0x1)
-      io_mode = net::SYNCHRONOUS;
-
-    // Use second bit to determine if the last read, when the socket is closed,
-    // is synchronous.  The second bit only matters the last time this loop is
-    // runs.
-    if (read_seed & 0x2) {
-      close_socket_io_mode = net::SYNCHRONOUS;
-    } else {
-      close_socket_io_mode = net::ASYNC;
-    }
-
-    // If there are no more bytes in |data|, next read is the connection close.
-    if (size == 0)
-      break;
-
-    read_seed >>= 2;
-
-    // Last 6 bits determine how many bytes are returned by the read.
-    int read_size = static_cast<int>(std::min(1 + read_seed, size));
-    reads.push_back(net::MockRead(io_mode, reinterpret_cast<const char*>(data),
-                                  read_size, ++last_sequence_number));
-
-    data += read_size;
-    size -= read_size;
-  }
-
-  // Server closes the socket.
-  reads.push_back(net::MockRead(close_socket_io_mode,
-                                net::ERR_CONNECTION_CLOSED,
-                                ++last_sequence_number));
-  net::SequencedSocketData socket_data(reads.data(), reads.size(), writes,
-                                       arraysize(writes));
-  socket_data.set_connect_data(net::MockConnect(net::SYNCHRONOUS, net::OK));
-
-  scoped_ptr<net::MockTCPClientSocket> socket(
-      new net::MockTCPClientSocket(net::AddressList(), nullptr, &socket_data));
-
   net::TestCompletionCallback callback;
-  CHECK_EQ(net::OK, socket->Connect(callback.callback()));
+  net::BoundTestNetLog bound_test_net_log;
+  net::FuzzedDataProvider data_provider(data, size);
+  std::unique_ptr<net::FuzzedSocket> fuzzed_socket(new net::FuzzedSocket(
+      &data_provider, bound_test_net_log.bound().net_log()));
+  CHECK_EQ(net::OK, fuzzed_socket->Connect(callback.callback()));
 
   net::ClientSocketHandle socket_handle;
-  socket_handle.SetSocket(std::move(socket));
+  socket_handle.SetSocket(std::move(fuzzed_socket));
 
   net::HttpRequestInfo request_info;
   request_info.method = "GET";
@@ -116,15 +49,16 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
   scoped_refptr<net::GrowableIOBuffer> read_buffer(new net::GrowableIOBuffer());
   // Use a NetLog that listens to events, to get coverage of logging
   // callbacks.
-  net::BoundTestNetLog net_log;
   net::HttpStreamParser parser(&socket_handle, &request_info, read_buffer.get(),
-                               net_log.bound());
+                               bound_test_net_log.bound());
 
   net::HttpResponseInfo response_info;
   int result =
       parser.SendRequest("GET / HTTP/1.1\r\n", net::HttpRequestHeaders(),
                          &response_info, callback.callback());
-  CHECK_EQ(net::OK, callback.GetResult(result));
+  result = callback.GetResult(result);
+  if (net::OK != result)
+    return 0;
 
   result = parser.ReadResponseHeaders(callback.callback());
   result = callback.GetResult(result);
@@ -133,8 +67,6 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
     return 0;
 
   while (true) {
-    // 64 exactly matches the maximum amount of data returned by a single
-    // MockRead, as created above.
     scoped_refptr<net::IOBufferWithSize> io_buffer(
         new net::IOBufferWithSize(64));
     result = parser.ReadResponseBody(io_buffer.get(), io_buffer->size(),
@@ -143,7 +75,6 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
     // Releasing the pointer to IOBuffer immediately is more likely to lead to a
     // use-after-free.
     io_buffer = nullptr;
-
     if (callback.GetResult(result) <= 0)
       break;
   }
diff --git a/chromium/net/http/http_stream_parser_unittest.cc b/chromium/net/http/http_stream_parser_unittest.cc
index 1fa10c9c3ba..89e75be3008 100644
--- a/chromium/net/http/http_stream_parser_unittest.cc
+++ b/chromium/net/http/http_stream_parser_unittest.cc
@@ -5,7 +5,9 @@
 #include "net/http/http_stream_parser.h"
 
 #include <stdint.h>
+
 #include <algorithm>
+#include <memory>
 #include <string>
 #include <utility>
 #include <vector>
@@ -13,12 +15,12 @@
 #include "base/files/file_path.h"
 #include "base/files/file_util.h"
 #include "base/files/scoped_temp_dir.h"
+#include "base/memory/ptr_util.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/run_loop.h"
 #include "base/strings/string_piece.h"
 #include "base/strings/stringprintf.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/chunked_upload_data_stream.h"
 #include "net/base/elements_upload_data_stream.h"
 #include "net/base/io_buffer.h"
@@ -46,17 +48,17 @@ const size_t kMaxPayloadSize =
 
 // Helper method to create a connected ClientSocketHandle using |data|.
 // Modifies |data|.
-scoped_ptr<ClientSocketHandle> CreateConnectedSocketHandle(
+std::unique_ptr<ClientSocketHandle> CreateConnectedSocketHandle(
     SequencedSocketData* data) {
   data->set_connect_data(MockConnect(SYNCHRONOUS, OK));
 
-  scoped_ptr<MockTCPClientSocket> socket(
+  std::unique_ptr<MockTCPClientSocket> socket(
       new MockTCPClientSocket(net::AddressList(), nullptr, data));
 
   TestCompletionCallback callback;
   EXPECT_EQ(OK, socket->Connect(callback.callback()));
 
-  scoped_ptr<ClientSocketHandle> socket_handle(new ClientSocketHandle);
+  std::unique_ptr<ClientSocketHandle> socket_handle(new ClientSocketHandle);
   socket_handle->SetSocket(std::move(socket));
   return socket_handle;
 }
@@ -126,8 +128,8 @@ TEST(HttpStreamParser, ShouldMergeRequestHeadersAndBody_NoBody) {
 }
 
 TEST(HttpStreamParser, ShouldMergeRequestHeadersAndBody_EmptyBody) {
-  std::vector<scoped_ptr<UploadElementReader>> element_readers;
-  scoped_ptr<UploadDataStream> body(make_scoped_ptr(
+  std::vector<std::unique_ptr<UploadElementReader>> element_readers;
+  std::unique_ptr<UploadDataStream> body(base::WrapUnique(
       new ElementsUploadDataStream(std::move(element_readers), 0)));
   ASSERT_EQ(OK, body->Init(CompletionCallback()));
   // Shouldn't be merged if upload data is empty.
@@ -137,7 +139,7 @@ TEST(HttpStreamParser, ShouldMergeRequestHeadersAndBody_EmptyBody) {
 
 TEST(HttpStreamParser, ShouldMergeRequestHeadersAndBody_ChunkedBody) {
   const std::string payload = "123";
-  scoped_ptr<ChunkedUploadDataStream> body(new ChunkedUploadDataStream(0));
+  std::unique_ptr<ChunkedUploadDataStream> body(new ChunkedUploadDataStream(0));
   body->AppendData(payload.data(), payload.size(), true);
   ASSERT_EQ(OK, body->Init(TestCompletionCallback().callback()));
   // Shouldn't be merged if upload data carries chunked data.
@@ -153,13 +155,13 @@ TEST(HttpStreamParser, ShouldMergeRequestHeadersAndBody_FileBody) {
   ASSERT_TRUE(base::CreateTemporaryFileInDir(temp_dir.path(), &temp_file_path));
 
   {
-    std::vector<scoped_ptr<UploadElementReader>> element_readers;
+    std::vector<std::unique_ptr<UploadElementReader>> element_readers;
 
-    element_readers.push_back(make_scoped_ptr(
+    element_readers.push_back(base::WrapUnique(
         new UploadFileElementReader(base::ThreadTaskRunnerHandle::Get().get(),
                                     temp_file_path, 0, 0, base::Time())));
 
-    scoped_ptr<UploadDataStream> body(
+    std::unique_ptr<UploadDataStream> body(
         new ElementsUploadDataStream(std::move(element_readers), 0));
     TestCompletionCallback callback;
     ASSERT_EQ(ERR_IO_PENDING, body->Init(callback.callback()));
@@ -174,12 +176,12 @@ TEST(HttpStreamParser, ShouldMergeRequestHeadersAndBody_FileBody) {
 }
 
 TEST(HttpStreamParser, ShouldMergeRequestHeadersAndBody_SmallBodyInMemory) {
-  std::vector<scoped_ptr<UploadElementReader>> element_readers;
+  std::vector<std::unique_ptr<UploadElementReader>> element_readers;
   const std::string payload = "123";
-  element_readers.push_back(make_scoped_ptr(
+  element_readers.push_back(base::WrapUnique(
       new UploadBytesElementReader(payload.data(), payload.size())));
 
-  scoped_ptr<UploadDataStream> body(
+  std::unique_ptr<UploadDataStream> body(
       new ElementsUploadDataStream(std::move(element_readers), 0));
   ASSERT_EQ(OK, body->Init(CompletionCallback()));
   // Yes, should be merged if the in-memory body is small here.
@@ -188,12 +190,12 @@ TEST(HttpStreamParser, ShouldMergeRequestHeadersAndBody_SmallBodyInMemory) {
 }
 
 TEST(HttpStreamParser, ShouldMergeRequestHeadersAndBody_LargeBodyInMemory) {
-  std::vector<scoped_ptr<UploadElementReader>> element_readers;
+  std::vector<std::unique_ptr<UploadElementReader>> element_readers;
   const std::string payload(10000, 'a');  // 'a' x 10000.
-  element_readers.push_back(make_scoped_ptr(
+  element_readers.push_back(base::WrapUnique(
       new UploadBytesElementReader(payload.data(), payload.size())));
 
-  scoped_ptr<UploadDataStream> body(
+  std::unique_ptr<UploadDataStream> body(
       new ElementsUploadDataStream(std::move(element_readers), 0));
   ASSERT_EQ(OK, body->Init(CompletionCallback()));
   // Shouldn't be merged if the in-memory body is large here.
@@ -207,7 +209,7 @@ TEST(HttpStreamParser, SentBytesNoHeaders) {
   };
 
   SequencedSocketData data(nullptr, 0, writes, arraysize(writes));
-  scoped_ptr<ClientSocketHandle> socket_handle =
+  std::unique_ptr<ClientSocketHandle> socket_handle =
       CreateConnectedSocketHandle(&data);
 
   HttpRequestInfo request;
@@ -235,7 +237,7 @@ TEST(HttpStreamParser, SentBytesWithHeaders) {
   };
 
   SequencedSocketData data(nullptr, 0, writes, arraysize(writes));
-  scoped_ptr<ClientSocketHandle> socket_handle =
+  std::unique_ptr<ClientSocketHandle> socket_handle =
       CreateConnectedSocketHandle(&data);
 
   HttpRequestInfo request;
@@ -266,7 +268,7 @@ TEST(HttpStreamParser, SentBytesWithHeadersMultiWrite) {
   };
 
   SequencedSocketData data(nullptr, 0, writes, arraysize(writes));
-  scoped_ptr<ClientSocketHandle> socket_handle =
+  std::unique_ptr<ClientSocketHandle> socket_handle =
       CreateConnectedSocketHandle(&data);
 
   HttpRequestInfo request;
@@ -298,7 +300,7 @@ TEST(HttpStreamParser, SentBytesWithErrorWritingHeaders) {
   };
 
   SequencedSocketData data(nullptr, 0, writes, arraysize(writes));
-  scoped_ptr<ClientSocketHandle> socket_handle =
+  std::unique_ptr<ClientSocketHandle> socket_handle =
       CreateConnectedSocketHandle(&data);
 
   HttpRequestInfo request;
@@ -330,12 +332,12 @@ TEST(HttpStreamParser, SentBytesPost) {
   };
 
   SequencedSocketData data(nullptr, 0, writes, arraysize(writes));
-  scoped_ptr<ClientSocketHandle> socket_handle =
+  std::unique_ptr<ClientSocketHandle> socket_handle =
       CreateConnectedSocketHandle(&data);
 
-  std::vector<scoped_ptr<UploadElementReader>> element_readers;
+  std::vector<std::unique_ptr<UploadElementReader>> element_readers;
   element_readers.push_back(
-      make_scoped_ptr(new UploadBytesElementReader("hello world!", 12)));
+      base::WrapUnique(new UploadBytesElementReader("hello world!", 12)));
   ElementsUploadDataStream upload_data_stream(std::move(element_readers), 0);
   ASSERT_EQ(OK, upload_data_stream.Init(TestCompletionCallback().callback()));
 
@@ -370,7 +372,7 @@ TEST(HttpStreamParser, SentBytesChunkedPostError) {
   };
 
   SequencedSocketData data(nullptr, 0, writes, arraysize(writes));
-  scoped_ptr<ClientSocketHandle> socket_handle =
+  std::unique_ptr<ClientSocketHandle> socket_handle =
       CreateConnectedSocketHandle(&data);
 
   ChunkedUploadDataStream upload_data_stream(0);
@@ -433,7 +435,7 @@ TEST(HttpStreamParser, AsyncSingleChunkAndAsyncSocket) {
   ASSERT_EQ(OK, upload_stream.Init(TestCompletionCallback().callback()));
 
   SequencedSocketData data(reads, arraysize(reads), writes, arraysize(writes));
-  scoped_ptr<ClientSocketHandle> socket_handle =
+  std::unique_ptr<ClientSocketHandle> socket_handle =
       CreateConnectedSocketHandle(&data);
 
   HttpRequestInfo request_info;
@@ -510,7 +512,7 @@ TEST(HttpStreamParser, SyncSingleChunkAndAsyncSocket) {
   upload_stream.AppendData(kChunk, arraysize(kChunk) - 1, true);
 
   SequencedSocketData data(reads, arraysize(reads), writes, arraysize(writes));
-  scoped_ptr<ClientSocketHandle> socket_handle =
+  std::unique_ptr<ClientSocketHandle> socket_handle =
       CreateConnectedSocketHandle(&data);
 
   HttpRequestInfo request_info;
@@ -587,7 +589,7 @@ TEST(HttpStreamParser, AsyncChunkAndAsyncSocketWithMultipleChunks) {
   ASSERT_EQ(OK, upload_stream.Init(TestCompletionCallback().callback()));
 
   SequencedSocketData data(reads, arraysize(reads), writes, arraysize(writes));
-  scoped_ptr<ClientSocketHandle> socket_handle =
+  std::unique_ptr<ClientSocketHandle> socket_handle =
       CreateConnectedSocketHandle(&data);
 
   HttpRequestInfo request_info;
@@ -668,7 +670,7 @@ TEST(HttpStreamParser, AsyncEmptyChunkedUpload) {
   ASSERT_EQ(OK, upload_stream.Init(TestCompletionCallback().callback()));
 
   SequencedSocketData data(reads, arraysize(reads), writes, arraysize(writes));
-  scoped_ptr<ClientSocketHandle> socket_handle =
+  std::unique_ptr<ClientSocketHandle> socket_handle =
       CreateConnectedSocketHandle(&data);
 
   HttpRequestInfo request_info;
@@ -740,7 +742,7 @@ TEST(HttpStreamParser, SyncEmptyChunkedUpload) {
   upload_stream.AppendData(nullptr, 0, true);
 
   SequencedSocketData data(reads, arraysize(reads), writes, arraysize(writes));
-  scoped_ptr<ClientSocketHandle> socket_handle =
+  std::unique_ptr<ClientSocketHandle> socket_handle =
       CreateConnectedSocketHandle(&data);
 
   HttpRequestInfo request_info;
@@ -837,7 +839,7 @@ TEST(HttpStreamParser, TruncatedHeaders) {
     for (size_t i = 0; i < arraysize(reads); i++) {
       SCOPED_TRACE(i);
       SequencedSocketData data(reads[i], 2, writes, arraysize(writes));
-      scoped_ptr<ClientSocketHandle> socket_handle(
+      std::unique_ptr<ClientSocketHandle> socket_handle(
           CreateConnectedSocketHandle(&data));
 
       HttpRequestInfo request_info;
@@ -898,7 +900,7 @@ TEST(HttpStreamParser, Websocket101Response) {
   };
 
   SequencedSocketData data(reads, arraysize(reads), writes, arraysize(writes));
-  scoped_ptr<ClientSocketHandle> socket_handle =
+  std::unique_ptr<ClientSocketHandle> socket_handle =
       CreateConnectedSocketHandle(&data);
 
   HttpRequestInfo request_info;
@@ -1002,9 +1004,9 @@ class SimpleGetRunner {
   scoped_refptr<GrowableIOBuffer> read_buffer_;
   std::vector<MockRead> reads_;
   std::vector<MockWrite> writes_;
-  scoped_ptr<ClientSocketHandle> socket_handle_;
-  scoped_ptr<SequencedSocketData> data_;
-  scoped_ptr<HttpStreamParser> parser_;
+  std::unique_ptr<ClientSocketHandle> socket_handle_;
+  std::unique_ptr<SequencedSocketData> data_;
+  std::unique_ptr<HttpStreamParser> parser_;
   int sequence_number_;
 };
 
@@ -1254,10 +1256,10 @@ TEST(HttpStreamParser, ReadAfterUnownedObjectsDestroyed) {
   };
 
   SequencedSocketData data(reads, arraysize(reads), writes, arraysize(writes));
-  scoped_ptr<ClientSocketHandle> socket_handle =
+  std::unique_ptr<ClientSocketHandle> socket_handle =
       CreateConnectedSocketHandle(&data);
 
-  scoped_ptr<HttpRequestInfo> request_info(new HttpRequestInfo());
+  std::unique_ptr<HttpRequestInfo> request_info(new HttpRequestInfo());
   request_info->method = "GET";
   request_info->url = GURL("http://somewhere/foo.html");
 
@@ -1265,8 +1267,8 @@ TEST(HttpStreamParser, ReadAfterUnownedObjectsDestroyed) {
   HttpStreamParser parser(socket_handle.get(), request_info.get(),
                           read_buffer.get(), BoundNetLog());
 
-  scoped_ptr<HttpRequestHeaders> request_headers(new HttpRequestHeaders());
-  scoped_ptr<HttpResponseInfo> response_info(new HttpResponseInfo());
+  std::unique_ptr<HttpRequestHeaders> request_headers(new HttpRequestHeaders());
+  std::unique_ptr<HttpResponseInfo> response_info(new HttpResponseInfo());
   TestCompletionCallback callback;
   ASSERT_EQ(OK, parser.SendRequest("GET /foo.html HTTP/1.1\r\n",
             *request_headers, response_info.get(), callback.callback()));
diff --git a/chromium/net/http/http_transaction_factory.h b/chromium/net/http/http_transaction_factory.h
index 673a6f921e3..d787c69b8f0 100644
--- a/chromium/net/http/http_transaction_factory.h
+++ b/chromium/net/http/http_transaction_factory.h
@@ -5,7 +5,8 @@
 #ifndef NET_HTTP_HTTP_TRANSACTION_FACTORY_H_
 #define NET_HTTP_HTTP_TRANSACTION_FACTORY_H_
 
-#include "base/memory/scoped_ptr.h"
+#include <memory>
+
 #include "net/base/net_export.h"
 #include "net/base/request_priority.h"
 
@@ -23,7 +24,7 @@ class NET_EXPORT HttpTransactionFactory {
   // Creates a HttpTransaction object. On success, saves the new
   // transaction to |*trans| and returns OK.
   virtual int CreateTransaction(RequestPriority priority,
-                                scoped_ptr<HttpTransaction>* trans) = 0;
+                                std::unique_ptr<HttpTransaction>* trans) = 0;
 
   // Returns the associated cache if any (may be NULL).
   virtual HttpCache* GetCache() = 0;
diff --git a/chromium/net/http/http_transaction_test_util.cc b/chromium/net/http/http_transaction_test_util.cc
index 2bbe2e9b225..d3e2e9c5a6f 100644
--- a/chromium/net/http/http_transaction_test_util.cc
+++ b/chromium/net/http/http_transaction_test_util.cc
@@ -5,6 +5,7 @@
 #include "net/http/http_transaction_test_util.h"
 
 #include <algorithm>
+#include <unordered_map>
 #include <utility>
 
 #include "base/bind.h"
@@ -12,7 +13,7 @@
 #include "base/message_loop/message_loop.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/stringprintf.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/time/clock.h"
 #include "base/time/time.h"
 #include "net/base/load_flags.h"
@@ -29,7 +30,8 @@
 namespace net {
 
 namespace {
-typedef base::hash_map<std::string, const MockTransaction*> MockTransactionMap;
+using MockTransactionMap =
+    std::unordered_map<std::string, const MockTransaction*>;
 static MockTransactionMap mock_transactions;
 }  // namespace
 
@@ -519,11 +521,12 @@ void MockNetworkLayer::TransactionStopCaching() {
   stop_caching_called_ = true;
 }
 
-int MockNetworkLayer::CreateTransaction(RequestPriority priority,
-                                        scoped_ptr<HttpTransaction>* trans) {
+int MockNetworkLayer::CreateTransaction(
+    RequestPriority priority,
+    std::unique_ptr<HttpTransaction>* trans) {
   transaction_count_++;
   last_create_transaction_priority_ = priority;
-  scoped_ptr<MockNetworkTransaction> mock_transaction(
+  std::unique_ptr<MockNetworkTransaction> mock_transaction(
       new MockNetworkTransaction(priority, this));
   last_transaction_ = mock_transaction->AsWeakPtr();
   *trans = std::move(mock_transaction);
diff --git a/chromium/net/http/http_transaction_test_util.h b/chromium/net/http/http_transaction_test_util.h
index 3a9532ed432..4d78f4d4cb2 100644
--- a/chromium/net/http/http_transaction_test_util.h
+++ b/chromium/net/http/http_transaction_test_util.h
@@ -152,7 +152,7 @@ class TestTransactionConsumer {
   void OnIOComplete(int result);
 
   State state_;
-  scoped_ptr<HttpTransaction> trans_;
+  std::unique_ptr<HttpTransaction> trans_;
   std::string content_;
   scoped_refptr<IOBuffer> read_buf_;
   int error_;
@@ -312,7 +312,7 @@ class MockNetworkLayer : public HttpTransactionFactory,
 
   // HttpTransactionFactory:
   int CreateTransaction(RequestPriority priority,
-                        scoped_ptr<HttpTransaction>* trans) override;
+                        std::unique_ptr<HttpTransaction>* trans) override;
   HttpCache* GetCache() override;
   HttpNetworkSession* GetSession() override;
 
diff --git a/chromium/net/http/http_util.cc b/chromium/net/http/http_util.cc
index 932f8386dad..06fc15edd36 100644
--- a/chromium/net/http/http_util.cc
+++ b/chromium/net/http/http_util.cc
@@ -445,54 +445,99 @@ bool HttpUtil::IsQuote(char c) {
   return c == '"' || c == '\'';
 }
 
+namespace {
+bool IsTokenChar(unsigned char c) {
+  return !(c >= 0x80 || c <= 0x1F || c == 0x7F || c == '(' || c == ')' ||
+           c == '<' || c == '>' || c == '@' || c == ',' || c == ';' ||
+           c == ':' || c == '\\' || c == '"' || c == '/' || c == '[' ||
+           c == ']' || c == '?' || c == '=' || c == '{' || c == '}' ||
+           c == ' ' || c == '\t');
+}
+}  // anonymous namespace
+
 // See RFC 2616 Sec 2.2 for the definition of |token|.
 bool HttpUtil::IsToken(std::string::const_iterator begin,
                        std::string::const_iterator end) {
   if (begin == end)
     return false;
   for (std::string::const_iterator iter = begin; iter != end; ++iter) {
+    if (!IsTokenChar(*iter))
+      return false;
+  }
+  return true;
+}
+
+// See RFC 5987 Sec 3.2.1 for the definition of |parmname|.
+bool HttpUtil::IsParmName(std::string::const_iterator begin,
+                          std::string::const_iterator end) {
+  if (begin == end)
+    return false;
+  for (std::string::const_iterator iter = begin; iter != end; ++iter) {
     unsigned char c = *iter;
-    if (c >= 0x80 || c <= 0x1F || c == 0x7F ||
-        c == '(' || c == ')' || c == '<' || c == '>' || c == '@' ||
-        c == ',' || c == ';' || c == ':' || c == '\\' || c == '"' ||
-        c == '/' || c == '[' || c == ']' || c == '?' || c == '=' ||
-        c == '{' || c == '}' || c == ' ' || c == '\t')
+    if (!IsTokenChar(c) || c == '*' || c == '\'' || c == '%')
       return false;
   }
   return true;
 }
 
-std::string HttpUtil::Unquote(std::string::const_iterator begin,
-                              std::string::const_iterator end) {
+namespace {
+bool UnquoteImpl(std::string::const_iterator begin,
+                 std::string::const_iterator end,
+                 bool strict_quotes,
+                 std::string* out) {
   // Empty string
   if (begin == end)
-    return std::string();
+    return false;
 
   // Nothing to unquote.
-  if (!IsQuote(*begin))
-    return std::string(begin, end);
+  if (!HttpUtil::IsQuote(*begin))
+    return false;
+
+  // Anything other than double quotes in strict mode.
+  if (strict_quotes && *begin != '"')
+    return false;
 
   // No terminal quote mark.
   if (end - begin < 2 || *begin != *(end - 1))
-    return std::string(begin, end);
+    return false;
+
+  char quote = *begin;
 
   // Strip quotemarks
   ++begin;
   --end;
 
   // Unescape quoted-pair (defined in RFC 2616 section 2.2)
-  std::string unescaped;
   bool prev_escape = false;
+  std::string unescaped;
   for (; begin != end; ++begin) {
     char c = *begin;
     if (c == '\\' && !prev_escape) {
       prev_escape = true;
       continue;
     }
+    if (strict_quotes && !prev_escape && c == quote)
+      return false;
     prev_escape = false;
     unescaped.push_back(c);
   }
-  return unescaped;
+
+  // Terminal quote is escaped.
+  if (strict_quotes && prev_escape)
+    return false;
+
+  *out = std::move(unescaped);
+  return true;
+}
+}  // anonymous namespace
+
+std::string HttpUtil::Unquote(std::string::const_iterator begin,
+                              std::string::const_iterator end) {
+  std::string result;
+  if (!UnquoteImpl(begin, end, false, &result))
+    return std::string(begin, end);
+
+  return result;
 }
 
 // static
@@ -501,6 +546,18 @@ std::string HttpUtil::Unquote(const std::string& str) {
 }
 
 // static
+bool HttpUtil::StrictUnquote(std::string::const_iterator begin,
+                             std::string::const_iterator end,
+                             std::string* out) {
+  return UnquoteImpl(begin, end, true, out);
+}
+
+// static
+bool HttpUtil::StrictUnquote(const std::string& str, std::string* out) {
+  return StrictUnquote(str.begin(), str.end(), out);
+}
+
+// static
 std::string HttpUtil::Quote(const std::string& str) {
   std::string escaped;
   escaped.reserve(2 + str.size());
@@ -910,7 +967,8 @@ HttpUtil::NameValuePairsIterator::NameValuePairsIterator(
     std::string::const_iterator begin,
     std::string::const_iterator end,
     char delimiter,
-    OptionalValues optional_values)
+    Values optional_values,
+    Quotes strict_quotes)
     : props_(begin, end, delimiter),
       valid_(true),
       name_begin_(end),
@@ -918,13 +976,21 @@ HttpUtil::NameValuePairsIterator::NameValuePairsIterator(
       value_begin_(end),
       value_end_(end),
       value_is_quoted_(false),
-      values_optional_(optional_values == VALUES_OPTIONAL) {}
+      values_optional_(optional_values == Values::NOT_REQUIRED),
+      strict_quotes_(strict_quotes == Quotes::STRICT_QUOTES) {
+  if (strict_quotes_)
+    props_.set_quote_chars("\"");
+}
 
 HttpUtil::NameValuePairsIterator::NameValuePairsIterator(
     std::string::const_iterator begin,
     std::string::const_iterator end,
     char delimiter)
-    : NameValuePairsIterator(begin, end, delimiter, VALUES_NOT_OPTIONAL) {}
+    : NameValuePairsIterator(begin,
+                             end,
+                             delimiter,
+                             Values::REQUIRED,
+                             Quotes::NOT_STRICT) {}
 
 HttpUtil::NameValuePairsIterator::NameValuePairsIterator(
     const NameValuePairsIterator& other) = default;
@@ -960,7 +1026,7 @@ bool HttpUtil::NameValuePairsIterator::GetNext() {
   // If an equals sign was found, verify that it wasn't inside of quote marks.
   if (equals != value_end_) {
     for (std::string::const_iterator it = value_begin_; it != equals; ++it) {
-      if (HttpUtil::IsQuote(*it))
+      if (IsQuote(*it))
         return valid_ = false;  // Malformed, quote appears before equals sign
     }
   }
@@ -979,7 +1045,15 @@ bool HttpUtil::NameValuePairsIterator::GetNext() {
     return valid_ = false;
   }
 
-  if (value_begin_ != value_end_ && HttpUtil::IsQuote(*value_begin_)) {
+  if (value_begin_ != value_end_ && IsQuote(*value_begin_)) {
+    value_is_quoted_ = true;
+
+    if (strict_quotes_) {
+      if (!HttpUtil::StrictUnquote(value_begin_, value_end_, &unquoted_value_))
+        return valid_ = false;
+      return true;
+    }
+
     // Trim surrounding quotemarks off the value
     if (*value_begin_ != *(value_end_ - 1) || value_begin_ + 1 == value_end_) {
       // NOTE: This is not as graceful as it sounds:
@@ -987,9 +1061,9 @@ bool HttpUtil::NameValuePairsIterator::GetNext() {
       //   (["\"hello] should give ["hello]).
       // * Does not detect when the final quote is escaped
       //   (["value\"] should give [value"])
+      value_is_quoted_ = false;
       ++value_begin_;  // Gracefully recover from mismatching quotes.
     } else {
-      value_is_quoted_ = true;
       // Do not store iterators into this. See declaration of unquoted_value_.
       unquoted_value_ = HttpUtil::Unquote(value_begin_, value_end_);
     }
@@ -998,4 +1072,10 @@ bool HttpUtil::NameValuePairsIterator::GetNext() {
   return true;
 }
 
+bool HttpUtil::NameValuePairsIterator::IsQuote(char c) const {
+  if (strict_quotes_)
+    return c == '"';
+  return HttpUtil::IsQuote(c);
+}
+
 }  // namespace net
diff --git a/chromium/net/http/http_util.h b/chromium/net/http/http_util.h
index 458a7187441..2b70e20d341 100644
--- a/chromium/net/http/http_util.h
+++ b/chromium/net/http/http_util.h
@@ -10,6 +10,7 @@
 #include <string>
 #include <vector>
 
+#include "base/macros.h"
 #include "base/memory/ref_counted.h"
 #include "base/strings/string_tokenizer.h"
 #include "base/time/time.h"
@@ -123,6 +124,13 @@ class NET_EXPORT HttpUtil {
     return IsToken(str.begin(), str.end());
   }
 
+  // Whether the string is a valid |parmname| as defined in RFC 5987 Sec 3.2.1.
+  static bool IsParmName(std::string::const_iterator begin,
+                         std::string::const_iterator end);
+  static bool IsParmName(const std::string& str) {
+    return IsParmName(str.begin(), str.end());
+  }
+
   // RFC 2616 Sec 2.2:
   // quoted-string = ( <"> *(qdtext | quoted-pair ) <"> )
   // Unquote() strips the surrounding quotemarks off a string, and unescapes
@@ -134,6 +142,20 @@ class NET_EXPORT HttpUtil {
   // Same as above.
   static std::string Unquote(const std::string& str);
 
+  // Similar to Unquote(), but additionally validates that the string being
+  // unescaped actually is a valid quoted string. Returns false for an empty
+  // string, a string without quotes, a string with mismatched quotes, and
+  // a string with unescaped embeded quotes.
+  // In accordance with RFC 2616 this method only allows double quotes to
+  // enclose the string.
+  static bool StrictUnquote(std::string::const_iterator begin,
+                            std::string::const_iterator end,
+                            std::string* out) WARN_UNUSED_RESULT;
+
+  // Same as above.
+  static bool StrictUnquote(const std::string& str,
+                            std::string* out) WARN_UNUSED_RESULT;
+
   // The reverse of Unquote() -- escapes and surrounds with "
   static std::string Quote(const std::string& str);
 
@@ -303,6 +325,12 @@ class NET_EXPORT HttpUtil {
     ValuesIterator(const ValuesIterator& other);
     ~ValuesIterator();
 
+    // Set the characters to regard as quotes.  By default, this includes both
+    // single and double quotes.
+    void set_quote_chars(const char* quotes) {
+      values_.set_quote_chars(quotes);
+    }
+
     // Advances the iterator to the next value, if any.  Returns true if there
     // is a next value.  Use value* methods to access the resultant value.
     bool GetNext();
@@ -332,18 +360,26 @@ class NET_EXPORT HttpUtil {
   // calls to GetNext() or after the NameValuePairsIterator is destroyed.
   class NET_EXPORT NameValuePairsIterator {
    public:
-    // Whether or not values are optional. VALUES_OPTIONAL allows
-    // e.g. name1=value1;name2;name3=value3, whereas VALUES_NOT_OPTIONAL
+    // Whether or not values are optional. Values::NOT_REQUIRED allows
+    // e.g. name1=value1;name2;name3=value3, whereas Vaues::REQUIRED
     // will treat it as a parse error because name2 does not have a
     // corresponding equals sign.
-    enum OptionalValues { VALUES_OPTIONAL, VALUES_NOT_OPTIONAL };
+    enum class Values { NOT_REQUIRED, REQUIRED };
+
+    // Whether or not unmatched quotes should be considered a failure. By
+    // default this class is pretty lenient and does a best effort to parse
+    // values with mismatched quotes. When set to STRICT_QUOTES a value with
+    // mismatched or otherwise invalid quotes is considered a parse error.
+    enum class Quotes { STRICT_QUOTES, NOT_STRICT };
 
     NameValuePairsIterator(std::string::const_iterator begin,
                            std::string::const_iterator end,
                            char delimiter,
-                           OptionalValues optional_values);
+                           Values optional_values,
+                           Quotes strict_quotes);
 
-    // Treats values as not optional by default (VALUES_NOT_OPTIONAL).
+    // Treats values as not optional by default (Values::REQUIRED) and
+    // treats quotes as not strict.
     NameValuePairsIterator(std::string::const_iterator begin,
                            std::string::const_iterator end,
                            char delimiter);
@@ -384,6 +420,8 @@ class NET_EXPORT HttpUtil {
                                                        value_end_); }
 
    private:
+    bool IsQuote(char c) const;
+
     HttpUtil::ValuesIterator props_;
     bool valid_;
 
@@ -403,6 +441,11 @@ class NET_EXPORT HttpUtil {
     // True if values are required for each name/value pair; false if a
     // name is permitted to appear without a corresponding value.
     bool values_optional_;
+
+    // True if quotes values are required to be properly quoted; false if
+    // mismatched quotes and other problems with quoted values should be more
+    // or less gracefully treated as valid.
+    bool strict_quotes_;
   };
 };
 
diff --git a/chromium/net/http/http_util_unittest.cc b/chromium/net/http/http_util_unittest.cc
index 2b456605d70..557d92367a1 100644
--- a/chromium/net/http/http_util_unittest.cc
+++ b/chromium/net/http/http_util_unittest.cc
@@ -247,6 +247,57 @@ TEST(HttpUtilTest, Unquote) {
   // Allow single quotes to act as quote marks.
   // Not part of RFC 2616.
   EXPECT_STREQ("x\"", HttpUtil::Unquote("'x\"'").c_str());
+
+  // Allow quotes in the middle of the input.
+  EXPECT_STREQ("foo\"bar", HttpUtil::Unquote("\"foo\"bar\"").c_str());
+
+  // Allow the final quote to be escaped.
+  EXPECT_STREQ("foo", HttpUtil::Unquote("\"foo\\\"").c_str());
+}
+
+TEST(HttpUtilTest, StrictUnquote) {
+  std::string out;
+
+  // Replace <backslash> " with ".
+  EXPECT_TRUE(HttpUtil::StrictUnquote("\"xyz\\\"abc\"", &out));
+  EXPECT_STREQ("xyz\"abc", out.c_str());
+
+  // Replace <backslash> <backslash> with <backslash>.
+  EXPECT_TRUE(HttpUtil::StrictUnquote("\"xyz\\\\abc\"", &out));
+  EXPECT_STREQ("xyz\\abc", out.c_str());
+  EXPECT_TRUE(HttpUtil::StrictUnquote("\"xyz\\\\\\\\\\\\abc\"", &out));
+  EXPECT_STREQ("xyz\\\\\\abc", out.c_str());
+
+  // Replace <backslash> X with X.
+  EXPECT_TRUE(HttpUtil::StrictUnquote("\"xyz\\Xabc\"", &out));
+  EXPECT_STREQ("xyzXabc", out.c_str());
+
+  // Empty quoted string.
+  EXPECT_TRUE(HttpUtil::StrictUnquote("\"\"", &out));
+  EXPECT_STREQ("", out.c_str());
+
+  // Return false on unquoted inputs.
+  EXPECT_FALSE(HttpUtil::StrictUnquote("X", &out));
+  EXPECT_FALSE(HttpUtil::StrictUnquote("", &out));
+
+  // Return false on mismatched quotes.
+  EXPECT_FALSE(HttpUtil::StrictUnquote("\"", &out));
+  EXPECT_FALSE(HttpUtil::StrictUnquote("\"xyz", &out));
+  EXPECT_FALSE(HttpUtil::StrictUnquote("\"abc'", &out));
+
+  // Return false on escaped terminal quote.
+  EXPECT_FALSE(HttpUtil::StrictUnquote("\"abc\\\"", &out));
+  EXPECT_FALSE(HttpUtil::StrictUnquote("\"\\\"", &out));
+
+  // Allow escaped backslash before terminal quote.
+  EXPECT_TRUE(HttpUtil::StrictUnquote("\"\\\\\"", &out));
+  EXPECT_STREQ("\\", out.c_str());
+
+  // Don't allow single quotes to act as quote marks.
+  EXPECT_FALSE(HttpUtil::StrictUnquote("'x\"'", &out));
+  EXPECT_TRUE(HttpUtil::StrictUnquote("\"x'\"", &out));
+  EXPECT_STREQ("x'", out.c_str());
+  EXPECT_FALSE(HttpUtil::StrictUnquote("''", &out));
 }
 
 TEST(HttpUtilTest, Quote) {
@@ -1102,7 +1153,8 @@ TEST(HttpUtilTest, NameValuePairsIteratorOptionalValues) {
 
   HttpUtil::NameValuePairsIterator values_required_parser(
       data.begin(), data.end(), ';',
-      HttpUtil::NameValuePairsIterator::VALUES_NOT_OPTIONAL);
+      HttpUtil::NameValuePairsIterator::Values::REQUIRED,
+      HttpUtil::NameValuePairsIterator::Quotes::NOT_STRICT);
   EXPECT_TRUE(values_required_parser.valid());
   ASSERT_NO_FATAL_FAILURE(CheckNextNameValuePair(&values_required_parser, true,
                                                  true, "alpha", "1"));
@@ -1111,7 +1163,8 @@ TEST(HttpUtilTest, NameValuePairsIteratorOptionalValues) {
 
   HttpUtil::NameValuePairsIterator parser(
       data.begin(), data.end(), ';',
-      HttpUtil::NameValuePairsIterator::VALUES_OPTIONAL);
+      HttpUtil::NameValuePairsIterator::Values::NOT_REQUIRED,
+      HttpUtil::NameValuePairsIterator::Quotes::NOT_STRICT);
   EXPECT_TRUE(parser.valid());
 
   ASSERT_NO_FATAL_FAILURE(
@@ -1177,6 +1230,64 @@ TEST(HttpUtilTest, NameValuePairsIteratorMissingEndQuote) {
       &parser, false, true, std::string(), std::string()));
 }
 
+TEST(HttpUtilTest, NameValuePairsIteratorStrictQuotesEscapedEndQuote) {
+  std::string data = "foo=bar; name=\"value\\\"";
+  HttpUtil::NameValuePairsIterator parser(
+      data.begin(), data.end(), ';',
+      HttpUtil::NameValuePairsIterator::Values::REQUIRED,
+      HttpUtil::NameValuePairsIterator::Quotes::STRICT_QUOTES);
+  EXPECT_TRUE(parser.valid());
+
+  ASSERT_NO_FATAL_FAILURE(
+      CheckNextNameValuePair(&parser, true, true, "foo", "bar"));
+  ASSERT_NO_FATAL_FAILURE(CheckNextNameValuePair(&parser, false, false,
+                                                 std::string(), std::string()));
+}
+
+TEST(HttpUtilTest, NameValuePairsIteratorStrictQuotesQuoteInValue) {
+  std::string data = "foo=\"bar\"; name=\"va\"lue\"";
+  HttpUtil::NameValuePairsIterator parser(
+      data.begin(), data.end(), ';',
+      HttpUtil::NameValuePairsIterator::Values::REQUIRED,
+      HttpUtil::NameValuePairsIterator::Quotes::STRICT_QUOTES);
+  EXPECT_TRUE(parser.valid());
+
+  ASSERT_NO_FATAL_FAILURE(
+      CheckNextNameValuePair(&parser, true, true, "foo", "bar"));
+  ASSERT_NO_FATAL_FAILURE(CheckNextNameValuePair(&parser, false, false,
+                                                 std::string(), std::string()));
+}
+
+TEST(HttpUtilTest, NameValuePairsIteratorStrictQuotesMissingEndQuote) {
+  std::string data = "foo=\"bar\"; name=\"value";
+  HttpUtil::NameValuePairsIterator parser(
+      data.begin(), data.end(), ';',
+      HttpUtil::NameValuePairsIterator::Values::REQUIRED,
+      HttpUtil::NameValuePairsIterator::Quotes::STRICT_QUOTES);
+  EXPECT_TRUE(parser.valid());
+
+  ASSERT_NO_FATAL_FAILURE(
+      CheckNextNameValuePair(&parser, true, true, "foo", "bar"));
+  ASSERT_NO_FATAL_FAILURE(CheckNextNameValuePair(&parser, false, false,
+                                                 std::string(), std::string()));
+}
+
+TEST(HttpUtilTest, NameValuePairsIteratorStrictQuotesSingleQuotes) {
+  std::string data = "foo=\"bar\"; name='value; ok=it'";
+  HttpUtil::NameValuePairsIterator parser(
+      data.begin(), data.end(), ';',
+      HttpUtil::NameValuePairsIterator::Values::REQUIRED,
+      HttpUtil::NameValuePairsIterator::Quotes::STRICT_QUOTES);
+  EXPECT_TRUE(parser.valid());
+
+  ASSERT_NO_FATAL_FAILURE(
+      CheckNextNameValuePair(&parser, true, true, "foo", "bar"));
+  ASSERT_NO_FATAL_FAILURE(
+      CheckNextNameValuePair(&parser, true, true, "name", "'value"));
+  ASSERT_NO_FATAL_FAILURE(
+      CheckNextNameValuePair(&parser, true, true, "ok", "it'"));
+}
+
 TEST(HttpUtilTest, IsValidHeaderValueRFC7230) {
   EXPECT_TRUE(HttpUtil::IsValidHeaderValueRFC7230(""));
 
diff --git a/chromium/net/http/http_vary_data.cc b/chromium/net/http/http_vary_data.cc
index 6b3a02a9214..3e81fc96f52 100644
--- a/chromium/net/http/http_vary_data.cc
+++ b/chromium/net/http/http_vary_data.cc
@@ -41,22 +41,6 @@ bool HttpVaryData::Init(const HttpRequestInfo& request_info,
     processed_header = true;
   }
 
-  // Add an implicit 'Vary: cookie' header to any redirect to avoid redirect
-  // loops which may result from redirects that are incorrectly marked as
-  // cachable by the server.  Unfortunately, other browsers do not cache
-  // redirects that result from requests containing a cookie header.  We are
-  // treading on untested waters here, so we want to be extra careful to make
-  // sure we do not end up with a redirect loop served from cache.
-  //
-  // If there is an explicit 'Vary: cookie' header, then we will just end up
-  // digesting the cookie header twice.  Not a problem.
-  //
-  std::string location;
-  if (response_headers.IsRedirect(&location)) {
-    AddField(request_info, "cookie", &ctx);
-    processed_header = true;
-  }
-
   if (!processed_header)
     return false;
 
@@ -84,9 +68,8 @@ bool HttpVaryData::MatchesRequest(
     const HttpResponseHeaders& cached_response_headers) const {
   HttpVaryData new_vary_data;
   if (!new_vary_data.Init(request_info, cached_response_headers)) {
-    // This shouldn't happen provided the same response headers passed here
-    // were also used when initializing |this|.
-    NOTREACHED();
+    // This case can happen if |this| was loaded from a cache that was populated
+    // by a build before crbug.com/469675 was fixed.
     return false;
   }
   return memcmp(&new_vary_data.request_digest_, &request_digest_,
diff --git a/chromium/net/http/http_vary_data_unittest.cc b/chromium/net/http/http_vary_data_unittest.cc
index c9bff658451..f1d881a9203 100644
--- a/chromium/net/http/http_vary_data_unittest.cc
+++ b/chromium/net/http/http_vary_data_unittest.cc
@@ -120,32 +120,12 @@ TEST(HttpVaryDataTest, DoesntVary2) {
   EXPECT_TRUE(v.MatchesRequest(b.request, *b.response.get()));
 }
 
-TEST(HttpVaryDataTest, ImplicitCookieForRedirect) {
+TEST(HttpVaryDataTest, DoesntVaryByCookieForRedirect) {
   TestTransaction a;
   a.Init("Cookie: 1", "HTTP/1.1 301 Moved\nLocation: x\n\n");
 
-  TestTransaction b;
-  b.Init("Cookie: 2", "HTTP/1.1 301 Moved\nLocation: x\n\n");
-
-  HttpVaryData v;
-  EXPECT_TRUE(v.Init(a.request, *a.response.get()));
-
-  EXPECT_FALSE(v.MatchesRequest(b.request, *b.response.get()));
-}
-
-TEST(HttpVaryDataTest, ImplicitCookieForRedirect2) {
-  // This should be no different than the test above
-
-  TestTransaction a;
-  a.Init("Cookie: 1", "HTTP/1.1 301 Moved\nLocation: x\nVary: coOkie\n\n");
-
-  TestTransaction b;
-  b.Init("Cookie: 2", "HTTP/1.1 301 Moved\nLocation: x\nVary: cooKie\n\n");
-
   HttpVaryData v;
-  EXPECT_TRUE(v.Init(a.request, *a.response.get()));
-
-  EXPECT_FALSE(v.MatchesRequest(b.request, *b.response.get()));
+  EXPECT_FALSE(v.Init(a.request, *a.response.get()));
 }
 
 }  // namespace net
diff --git a/chromium/net/http/mock_http_cache.cc b/chromium/net/http/mock_http_cache.cc
index 533177a9f89..3f8cce4bc0a 100644
--- a/chromium/net/http/mock_http_cache.cc
+++ b/chromium/net/http/mock_http_cache.cc
@@ -9,8 +9,9 @@
 
 #include "base/bind.h"
 #include "base/location.h"
+#include "base/memory/ptr_util.h"
 #include "base/single_thread_task_runner.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/completion_callback.h"
 #include "net/base/net_errors.h"
 #include "testing/gtest/include/gtest/gtest.h"
@@ -493,8 +494,8 @@ class MockDiskCache::NotImplementedIterator : public Iterator {
   }
 };
 
-scoped_ptr<disk_cache::Backend::Iterator> MockDiskCache::CreateIterator() {
-  return scoped_ptr<Iterator>(new NotImplementedIterator());
+std::unique_ptr<disk_cache::Backend::Iterator> MockDiskCache::CreateIterator() {
+  return std::unique_ptr<Iterator>(new NotImplementedIterator());
 }
 
 void MockDiskCache::GetStats(base::StringPairs* stats) {
@@ -518,9 +519,10 @@ void MockDiskCache::CallbackLater(const CompletionCallback& callback,
 
 //-----------------------------------------------------------------------------
 
-int MockBackendFactory::CreateBackend(NetLog* net_log,
-                                      scoped_ptr<disk_cache::Backend>* backend,
-                                      const CompletionCallback& callback) {
+int MockBackendFactory::CreateBackend(
+    NetLog* net_log,
+    std::unique_ptr<disk_cache::Backend>* backend,
+    const CompletionCallback& callback) {
   backend->reset(new MockDiskCache());
   return OK;
 }
@@ -528,11 +530,11 @@ int MockBackendFactory::CreateBackend(NetLog* net_log,
 //-----------------------------------------------------------------------------
 
 MockHttpCache::MockHttpCache()
-    : MockHttpCache(make_scoped_ptr(new MockBackendFactory())) {}
+    : MockHttpCache(base::WrapUnique(new MockBackendFactory())) {}
 
 MockHttpCache::MockHttpCache(
-    scoped_ptr<HttpCache::BackendFactory> disk_cache_factory)
-    : http_cache_(make_scoped_ptr(new MockNetworkLayer()),
+    std::unique_ptr<HttpCache::BackendFactory> disk_cache_factory)
+    : http_cache_(base::WrapUnique(new MockNetworkLayer()),
                   std::move(disk_cache_factory),
                   true) {}
 
@@ -548,7 +550,7 @@ MockDiskCache* MockHttpCache::disk_cache() {
   return static_cast<MockDiskCache*>(backend());
 }
 
-int MockHttpCache::CreateTransaction(scoped_ptr<HttpTransaction>* trans) {
+int MockHttpCache::CreateTransaction(std::unique_ptr<HttpTransaction>* trans) {
   return http_cache_.CreateTransaction(DEFAULT_PRIORITY, trans);
 }
 
@@ -633,7 +635,7 @@ int MockDiskCacheNoCB::CreateEntry(const std::string& key,
 
 int MockBackendNoCbFactory::CreateBackend(
     NetLog* net_log,
-    scoped_ptr<disk_cache::Backend>* backend,
+    std::unique_ptr<disk_cache::Backend>* backend,
     const CompletionCallback& callback) {
   backend->reset(new MockDiskCacheNoCB());
   return OK;
@@ -652,7 +654,7 @@ MockBlockingBackendFactory::~MockBlockingBackendFactory() {
 
 int MockBlockingBackendFactory::CreateBackend(
     NetLog* net_log,
-    scoped_ptr<disk_cache::Backend>* backend,
+    std::unique_ptr<disk_cache::Backend>* backend,
     const CompletionCallback& callback) {
   if (!block_) {
     if (!fail_)
diff --git a/chromium/net/http/mock_http_cache.h b/chromium/net/http/mock_http_cache.h
index 86b8e51d758..7cf03db4051 100644
--- a/chromium/net/http/mock_http_cache.h
+++ b/chromium/net/http/mock_http_cache.h
@@ -12,7 +12,8 @@
 
 #include <stdint.h>
 
-#include "base/containers/hash_tables.h"
+#include <unordered_map>
+
 #include "base/strings/string_split.h"
 #include "net/disk_cache/disk_cache.h"
 #include "net/http/http_cache.h"
@@ -130,7 +131,7 @@ class MockDiskCache : public disk_cache::Backend {
   int DoomEntriesSince(base::Time initial_time,
                        const CompletionCallback& callback) override;
   int CalculateSizeOfAllEntries(const CompletionCallback& callback) override;
-  scoped_ptr<Iterator> CreateIterator() override;
+  std::unique_ptr<Iterator> CreateIterator() override;
   void GetStats(base::StringPairs* stats) override;
   void OnExternalCacheHit(const std::string& key) override;
 
@@ -155,7 +156,7 @@ class MockDiskCache : public disk_cache::Backend {
   void ReleaseAll();
 
  private:
-  typedef base::hash_map<std::string, MockDiskEntry*> EntryMap;
+  using EntryMap = std::unordered_map<std::string, MockDiskEntry*>;
   class NotImplementedIterator;
 
   void CallbackLater(const CompletionCallback& callback, int result);
@@ -172,7 +173,7 @@ class MockDiskCache : public disk_cache::Backend {
 class MockBackendFactory : public HttpCache::BackendFactory {
  public:
   int CreateBackend(NetLog* net_log,
-                    scoped_ptr<disk_cache::Backend>* backend,
+                    std::unique_ptr<disk_cache::Backend>* backend,
                     const CompletionCallback& callback) override;
 };
 
@@ -180,7 +181,7 @@ class MockHttpCache {
  public:
   MockHttpCache();
   explicit MockHttpCache(
-      scoped_ptr<HttpCache::BackendFactory> disk_cache_factory);
+      std::unique_ptr<HttpCache::BackendFactory> disk_cache_factory);
 
   HttpCache* http_cache() { return &http_cache_; }
 
@@ -191,7 +192,7 @@ class MockHttpCache {
   MockDiskCache* disk_cache();
 
   // Wrapper around http_cache()->CreateTransaction(DEFAULT_PRIORITY...)
-  int CreateTransaction(scoped_ptr<HttpTransaction>* trans);
+  int CreateTransaction(std::unique_ptr<HttpTransaction>* trans);
 
   // Wrapper to bypass the cache lock for new transactions.
   void BypassCacheLock();
@@ -239,7 +240,7 @@ class MockDiskCacheNoCB : public MockDiskCache {
 class MockBackendNoCbFactory : public HttpCache::BackendFactory {
  public:
   int CreateBackend(NetLog* net_log,
-                    scoped_ptr<disk_cache::Backend>* backend,
+                    std::unique_ptr<disk_cache::Backend>* backend,
                     const CompletionCallback& callback) override;
 };
 
@@ -250,14 +251,14 @@ class MockBlockingBackendFactory : public HttpCache::BackendFactory {
   ~MockBlockingBackendFactory() override;
 
   int CreateBackend(NetLog* net_log,
-                    scoped_ptr<disk_cache::Backend>* backend,
+                    std::unique_ptr<disk_cache::Backend>* backend,
                     const CompletionCallback& callback) override;
 
   // Completes the backend creation. Any blocked call will be notified via the
   // provided callback.
   void FinishCreation();
 
-  scoped_ptr<disk_cache::Backend>* backend() { return backend_; }
+  std::unique_ptr<disk_cache::Backend>* backend() { return backend_; }
   void set_fail(bool fail) { fail_ = fail; }
 
   const CompletionCallback& callback() { return callback_; }
@@ -265,7 +266,7 @@ class MockBlockingBackendFactory : public HttpCache::BackendFactory {
  private:
   int Result() { return fail_ ? ERR_FAILED : OK; }
 
-  scoped_ptr<disk_cache::Backend>* backend_;
+  std::unique_ptr<disk_cache::Backend>* backend_;
   CompletionCallback callback_;
   bool block_;
   bool fail_;
diff --git a/chromium/net/http/proxy_connect_redirect_http_stream.h b/chromium/net/http/proxy_connect_redirect_http_stream.h
index 36e595c585b..7368e1d7cb6 100644
--- a/chromium/net/http/proxy_connect_redirect_http_stream.h
+++ b/chromium/net/http/proxy_connect_redirect_http_stream.h
@@ -7,8 +7,9 @@
 
 #include <stdint.h>
 
+#include <memory>
+
 #include "base/compiler_specific.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/load_timing_info.h"
 #include "net/http/http_stream.h"
 
diff --git a/chromium/net/http/transport_security_persister.cc b/chromium/net/http/transport_security_persister.cc
index de5d831b034..e383c392ebc 100644
--- a/chromium/net/http/transport_security_persister.cc
+++ b/chromium/net/http/transport_security_persister.cc
@@ -4,6 +4,7 @@
 
 #include "net/http/transport_security_persister.h"
 
+#include <memory>
 #include <utility>
 
 #include "base/base64.h"
@@ -13,10 +14,9 @@
 #include "base/json/json_reader.h"
 #include "base/json/json_writer.h"
 #include "base/location.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/sequenced_task_runner.h"
 #include "base/task_runner_util.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/values.h"
 #include "crypto/sha2.h"
 #include "net/cert/x509_certificate.h"
@@ -146,7 +146,8 @@ bool TransportSecurityPersister::SerializeData(std::string* output) {
         sts_iterator.domain_state();
 
     const std::string key = HashedDomainToExternalString(hostname);
-    scoped_ptr<base::DictionaryValue> serialized(new base::DictionaryValue);
+    std::unique_ptr<base::DictionaryValue> serialized(
+        new base::DictionaryValue);
     PopulateEntryWithDefaults(serialized.get());
 
     serialized->SetBoolean(kStsIncludeSubdomains, sts_state.include_subdomains);
@@ -180,7 +181,7 @@ bool TransportSecurityPersister::SerializeData(std::string* output) {
     const std::string key = HashedDomainToExternalString(hostname);
     base::DictionaryValue* serialized = nullptr;
     if (!toplevel.GetDictionary(key, &serialized)) {
-      scoped_ptr<base::DictionaryValue> serialized_scoped(
+      std::unique_ptr<base::DictionaryValue> serialized_scoped(
           new base::DictionaryValue);
       serialized = serialized_scoped.get();
       PopulateEntryWithDefaults(serialized);
@@ -222,7 +223,7 @@ bool TransportSecurityPersister::LoadEntries(const std::string& serialized,
 bool TransportSecurityPersister::Deserialize(const std::string& serialized,
                                              bool* dirty,
                                              TransportSecurityState* state) {
-  scoped_ptr<base::Value> value = base::JSONReader::Read(serialized);
+  std::unique_ptr<base::Value> value = base::JSONReader::Read(serialized);
   base::DictionaryValue* dict_value = NULL;
   if (!value.get() || !value->GetAsDictionary(&dict_value))
     return false;
diff --git a/chromium/net/http/transport_security_persister_unittest.cc b/chromium/net/http/transport_security_persister_unittest.cc
index dd5ae5ce117..5809c92719f 100644
--- a/chromium/net/http/transport_security_persister_unittest.cc
+++ b/chromium/net/http/transport_security_persister_unittest.cc
@@ -5,13 +5,13 @@
 #include "net/http/transport_security_persister.h"
 
 #include <map>
+#include <memory>
 #include <string>
 #include <vector>
 
 #include "base/files/file_path.h"
 #include "base/files/file_util.h"
 #include "base/files/scoped_temp_dir.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/message_loop/message_loop.h"
 #include "net/http/transport_security_state.h"
 #include "testing/gtest/include/gtest/gtest.h"
@@ -41,7 +41,7 @@ class TransportSecurityPersisterTest : public testing::Test {
  protected:
   base::ScopedTempDir temp_dir_;
   TransportSecurityState state_;
-  scoped_ptr<TransportSecurityPersister> persister_;
+  std::unique_ptr<TransportSecurityPersister> persister_;
 };
 
 TEST_F(TransportSecurityPersisterTest, SerializeData1) {
diff --git a/chromium/net/http/transport_security_state.cc b/chromium/net/http/transport_security_state.cc
index 1a91f8a2c54..6bbe0b032a5 100644
--- a/chromium/net/http/transport_security_state.cc
+++ b/chromium/net/http/transport_security_state.cc
@@ -5,13 +5,14 @@
 #include "net/http/transport_security_state.h"
 
 #include <algorithm>
+#include <memory>
 #include <utility>
 
 #include "base/base64.h"
 #include "base/build_time.h"
 #include "base/json/json_writer.h"
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
+#include "base/memory/ptr_util.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/metrics/sparse_histogram.h"
 #include "base/sha1.h"
@@ -54,16 +55,16 @@ std::string TimeToISO8601(const base::Time& t) {
       exploded.millisecond);
 }
 
-scoped_ptr<base::ListValue> GetPEMEncodedChainAsList(
+std::unique_ptr<base::ListValue> GetPEMEncodedChainAsList(
     const net::X509Certificate* cert_chain) {
   if (!cert_chain)
-    return make_scoped_ptr(new base::ListValue());
+    return base::WrapUnique(new base::ListValue());
 
-  scoped_ptr<base::ListValue> result(new base::ListValue());
+  std::unique_ptr<base::ListValue> result(new base::ListValue());
   std::vector<std::string> pem_encoded_chain;
   cert_chain->GetPEMEncodedChain(&pem_encoded_chain);
   for (const std::string& cert : pem_encoded_chain)
-    result->Append(make_scoped_ptr(new base::StringValue(cert)));
+    result->Append(base::WrapUnique(new base::StringValue(cert)));
 
   return result;
 }
@@ -99,16 +100,16 @@ bool GetHPKPReport(const HostPortPair& host_port_pair,
   report.SetBoolean("include-subdomains", pkp_state.include_subdomains);
   report.SetString("noted-hostname", pkp_state.domain);
 
-  scoped_ptr<base::ListValue> served_certificate_chain_list =
+  std::unique_ptr<base::ListValue> served_certificate_chain_list =
       GetPEMEncodedChainAsList(served_certificate_chain);
-  scoped_ptr<base::ListValue> validated_certificate_chain_list =
+  std::unique_ptr<base::ListValue> validated_certificate_chain_list =
       GetPEMEncodedChainAsList(validated_certificate_chain);
   report.Set("served-certificate-chain",
              std::move(served_certificate_chain_list));
   report.Set("validated-certificate-chain",
              std::move(validated_certificate_chain_list));
 
-  scoped_ptr<base::ListValue> known_pin_list(new base::ListValue());
+  std::unique_ptr<base::ListValue> known_pin_list(new base::ListValue());
   for (const auto& hash_value : pkp_state.spki_hashes) {
     std::string known_pin;
 
@@ -129,7 +130,7 @@ bool GetHPKPReport(const HostPortPair& host_port_pair,
     known_pin += "\"" + base64_value + "\"";
 
     known_pin_list->Append(
-        scoped_ptr<base::Value>(new base::StringValue(known_pin)));
+        std::unique_ptr<base::Value>(new base::StringValue(known_pin)));
   }
 
   report.Set("known-pins", std::move(known_pin_list));
@@ -184,10 +185,9 @@ std::string HashHost(const std::string& canonicalized_host) {
 // |a| or |b| is empty, returns false.
 bool HashesIntersect(const HashValueVector& a,
                      const HashValueVector& b) {
-  for (HashValueVector::const_iterator i = a.begin(); i != a.end(); ++i) {
-    HashValueVector::const_iterator j =
-        std::find_if(b.begin(), b.end(), HashValuesEqual(*i));
-    if (j != b.end())
+  for (const auto& hash : a) {
+    auto p = std::find(b.begin(), b.end(), hash);
+    if (p != b.end())
       return true;
   }
   return false;
diff --git a/chromium/net/http/transport_security_state.h b/chromium/net/http/transport_security_state.h
index 84b229bbd95..14c080a4b65 100644
--- a/chromium/net/http/transport_security_state.h
+++ b/chromium/net/http/transport_security_state.h
@@ -367,9 +367,6 @@ class NET_EXPORT TransportSecurityState
                              const HostPortPair& host_port_pair,
                              const SSLInfo& ssl_info);
 
-  // The maximum number of seconds for which we'll cache an HSTS request.
-  static const long int kMaxHSTSAgeSecs;
-
  private:
   friend class TransportSecurityStateTest;
   FRIEND_TEST_ALL_PREFIXES(HttpSecurityHeadersTest, UpdateDynamicPKPOnly);
diff --git a/chromium/net/http/transport_security_state_static.h b/chromium/net/http/transport_security_state_static.h
index c71b8e53b9f..8d0c5938bb1 100644
--- a/chromium/net/http/transport_security_state_static.h
+++ b/chromium/net/http/transport_security_state_static.h
@@ -740,8373 +740,9297 @@ static const struct Pinset kPinsets[] = {
 // uint8_t value has the MSB set then it represents a literal leaf value.
 // Otherwise it's a pointer to the n'th element of the array.
 static const uint8_t kHSTSHuffmanTree[] = {
-    0xf0, 0xf5, 0xb4, 0xb2, 0xb7, 0xb9, 0xb6, 0x02, 0x03, 0xf1, 0x01, 0x04,
-    0x05, 0xae, 0xf9, 0x06, 0x07, 0xe4, 0x00, 0x08, 0xf7, 0xe6, 0x0a, 0xed,
-    0xf2, 0x0b, 0x09, 0x0c, 0xe9, 0xef, 0x80, 0x0e, 0x0d, 0x0f, 0xb5, 0xb8,
-    0xb3, 0x11, 0xb1, 0xb0, 0x12, 0x13, 0x14, 0xf8, 0xad, 0x15, 0xeb, 0x16,
-    0xe3, 0x17, 0xe1, 0x18, 0x19, 0xff, 0xea, 0xfa, 0x1b, 0xf6, 0xe2, 0x1c,
-    0xec, 0x1d, 0xe5, 0x1e, 0xe8, 0xe7, 0xf3, 0x20, 0xf4, 0xee, 0x21, 0x22,
-    0x1f, 0x23, 0x1a, 0x24, 0x10, 0x25,
+    0xb0, 0xb2, 0xb9, 0xb7, 0xb6, 0x01, 0x02, 0xf1, 0x00, 0x03, 0xae, 0x04,
+    0x05, 0xf9, 0xf0, 0x06, 0xf5, 0xe4, 0x07, 0x08, 0xf7, 0xe6, 0x0a, 0xed,
+    0xf2, 0x0b, 0x09, 0x0c, 0xe9, 0xef, 0x80, 0x0e, 0x0d, 0x0f, 0xeb, 0xe2,
+    0xe3, 0x11, 0x12, 0xe1, 0x13, 0xff, 0xb5, 0xb8, 0xb3, 0x15, 0xb1, 0xb4,
+    0x16, 0x17, 0x18, 0xf8, 0x19, 0xad, 0xea, 0xfa, 0x1b, 0xf6, 0x1a, 0x1c,
+    0xec, 0x1d, 0xe5, 0x1e, 0xe7, 0xe8, 0xf3, 0x20, 0xee, 0xf4, 0x21, 0x22,
+    0x1f, 0x23, 0x14, 0x24, 0x10, 0x25,
 };
 
 static const uint8_t kPreloadedHSTSData[] = {
-    0xfb, 0x5d, 0xbb, 0xf6, 0xa8, 0x89, 0x57, 0xbe, 0xda, 0x59, 0x7f, 0xcf,
-    0x2c, 0xd6, 0x7b, 0xad, 0x96, 0x5f, 0xf3, 0x0f, 0x0a, 0x4d, 0xf0, 0xac,
-    0xb0, 0xbc, 0x46, 0x1c, 0xc6, 0xc7, 0x1c, 0xf1, 0xd5, 0xd3, 0xd9, 0xab,
-    0x2e, 0x00, 0x56, 0x5e, 0x91, 0x6e, 0x2c, 0xbb, 0xaf, 0x2c, 0xbf, 0xfe,
-    0x8f, 0xc4, 0x89, 0xcd, 0xea, 0x51, 0x9e, 0x59, 0x7f, 0xd8, 0x7e, 0xbc,
-    0xdf, 0xcd, 0xd5, 0x96, 0xe2, 0xca, 0x19, 0xe6, 0xb9, 0xe5, 0xf0, 0x77,
-    0x47, 0x0b, 0x2a, 0x48, 0xfa, 0x18, 0xc3, 0x42, 0x73, 0xe4, 0x37, 0xfb,
-    0x0c, 0x28, 0xf7, 0xd9, 0x65, 0xef, 0xbb, 0x2c, 0xbf, 0xfc, 0x11, 0x5f,
-    0x3b, 0xfb, 0x7e, 0x33, 0x52, 0x59, 0x7f, 0xd9, 0xf1, 0x26, 0xe3, 0x74,
-    0x62, 0xca, 0x84, 0x46, 0x12, 0x7d, 0x89, 0x65, 0xfe, 0x91, 0x66, 0xf2,
-    0xce, 0x2c, 0xac, 0x3c, 0x37, 0x10, 0xbf, 0xf8, 0x27, 0xf9, 0x67, 0x5e,
-    0x27, 0xfa, 0xcb, 0xff, 0xf4, 0x89, 0xfc, 0xe7, 0xe4, 0x0e, 0x3f, 0x12,
-    0x59, 0x5c, 0x44, 0xb8, 0x88, 0x97, 0x67, 0x16, 0x5e, 0x77, 0xed, 0x51,
-    0x16, 0xaa, 0x47, 0xc7, 0x84, 0x9d, 0x8b, 0x5f, 0xff, 0xdf, 0x7c, 0x27,
-    0xf7, 0x39, 0xdf, 0xdb, 0x7c, 0x71, 0x65, 0xf7, 0x89, 0xcd, 0x59, 0x7e,
-    0x8d, 0x67, 0x5e, 0x59, 0x66, 0xd2, 0x29, 0xbe, 0xb8, 0x02, 0x2b, 0xf3,
-    0x1b, 0xed, 0x42, 0xcb, 0xb5, 0xc5, 0x97, 0xfc, 0xde, 0x73, 0xbc, 0x9f,
-    0x4b, 0x2f, 0x70, 0x4f, 0x2c, 0xa1, 0xaa, 0xb8, 0xd4, 0x63, 0x5f, 0x86,
-    0xa9, 0x1a, 0xf0, 0xa3, 0x78, 0xb8, 0x86, 0xf7, 0x7b, 0xcb, 0x2f, 0xff,
-    0x83, 0xee, 0x0f, 0xf1, 0xc8, 0xf8, 0x63, 0x8b, 0x2f, 0xff, 0x9f, 0xf8,
-    0x5a, 0xd6, 0x75, 0x2f, 0x31, 0xd6, 0x54, 0x91, 0x6c, 0x68, 0xb8, 0x54,
-    0x2e, 0xee, 0x16, 0x5f, 0x1d, 0x8c, 0xe2, 0xcb, 0xff, 0xc6, 0xb6, 0xbd,
-    0xd7, 0x6d, 0x86, 0x4b, 0x65, 0x94, 0x73, 0xf2, 0xf1, 0x1d, 0xff, 0x38,
-    0x85, 0x93, 0x6a, 0x0c, 0x59, 0x4c, 0x7b, 0x81, 0x22, 0xb8, 0x8c, 0x59,
-    0x58, 0x98, 0xef, 0xe1, 0xca, 0x61, 0x0d, 0xfc, 0x76, 0xeb, 0x91, 0xd2,
-    0xcb, 0xff, 0xa3, 0x0b, 0xc1, 0x71, 0xf2, 0x0d, 0x59, 0x7f, 0x40, 0xfa,
-    0xe4, 0x4c, 0xb2, 0xa1, 0x14, 0x32, 0x2f, 0xe2, 0x1d, 0xcf, 0xbd, 0x65,
-    0xf4, 0x76, 0x70, 0xac, 0xa6, 0x37, 0x64, 0x31, 0x7b, 0x4d, 0xd2, 0xca,
-    0x19, 0xbc, 0xf0, 0xfd, 0xfb, 0xa1, 0xe9, 0xe4, 0xb2, 0xff, 0x04, 0x05,
-    0x9b, 0x09, 0x25, 0x97, 0xfa, 0x3d, 0xc3, 0x86, 0x36, 0x59, 0x50, 0x89,
-    0x2f, 0x94, 0x91, 0xad, 0xff, 0x8b, 0xdf, 0xc9, 0x19, 0x1d, 0x71, 0x65,
-    0xff, 0xa3, 0xae, 0x79, 0xb6, 0xd9, 0xbc, 0xb2, 0xe1, 0xc2, 0xca, 0x84,
-    0x4b, 0xe9, 0x00, 0x90, 0x6f, 0x30, 0x1d, 0x65, 0x86, 0xb2, 0xff, 0x72,
-    0x35, 0x34, 0xcd, 0xf5, 0x94, 0x33, 0xc6, 0xe0, 0x8d, 0xfd, 0xa8, 0x3e,
-    0x11, 0xd6, 0x5f, 0xe2, 0x6e, 0x31, 0x75, 0x25, 0x95, 0xa3, 0xde, 0x30,
-    0xb2, 0xe6, 0xd9, 0x65, 0xe3, 0x81, 0x96, 0x5f, 0xda, 0x7e, 0x3e, 0x7d,
-    0x65, 0xbc, 0xe7, 0x90, 0x11, 0xcb, 0xa3, 0x71, 0x65, 0x0d, 0x13, 0xec,
-    0xbe, 0x72, 0x7a, 0xc4, 0xdc, 0x5a, 0x10, 0x0f, 0x0c, 0x2b, 0xfe, 0x3e,
-    0x6b, 0x4d, 0xbd, 0xfb, 0x59, 0x7f, 0xf7, 0x7a, 0x83, 0x60, 0xbd, 0x3c,
-    0xe7, 0x9c, 0xf4, 0xb2, 0xf0, 0xa4, 0x86, 0xb2, 0xfe, 0xd6, 0x7d, 0xba,
-    0x25, 0x97, 0xc6, 0x82, 0x3c, 0xb2, 0xdf, 0x83, 0xd0, 0x62, 0xdb, 0xfb,
-    0xe4, 0x17, 0x37, 0xb5, 0x97, 0xf4, 0x6b, 0x06, 0xf2, 0x59, 0x43, 0x44,
-    0x0b, 0x13, 0x08, 0x5f, 0x71, 0x71, 0x65, 0x42, 0x71, 0xc3, 0x57, 0xc8,
-    0x78, 0x91, 0x85, 0xff, 0x76, 0x27, 0x9a, 0x46, 0x67, 0xd6, 0x5f, 0xfe,
-    0xf7, 0x32, 0x62, 0x83, 0xeb, 0x51, 0xd2, 0xcb, 0xfe, 0x08, 0xac, 0x79,
-    0xee, 0x67, 0xd6, 0x5b, 0xd0, 0x88, 0x87, 0x4b, 0xbf, 0xee, 0xf0, 0xb3,
-    0x6d, 0x82, 0x4b, 0x2d, 0xb8, 0xb2, 0xfb, 0x5c, 0xc3, 0x16, 0x5f, 0x88,
-    0xa3, 0xa1, 0x20, 0xdb, 0xe0, 0xa5, 0xfc, 0xdc, 0xd6, 0xa2, 0x4b, 0x2f,
-    0xff, 0x9b, 0xc1, 0xd3, 0xf3, 0xcd, 0x3f, 0x80, 0x85, 0x95, 0xd9, 0xff,
-    0x39, 0x6d, 0xff, 0xfb, 0x01, 0xc6, 0xe8, 0xcc, 0xee, 0x08, 0x2f, 0x25,
-    0x97, 0xfc, 0x5e, 0xe7, 0xb3, 0x0c, 0xe2, 0xcb, 0x9f, 0xeb, 0x2b, 0x0f,
-    0x3f, 0xa3, 0x9b, 0xff, 0xf4, 0xd2, 0x80, 0x6b, 0x3b, 0x89, 0x36, 0x9b,
-    0x8b, 0x2a, 0x0f, 0xe3, 0x08, 0xaf, 0xd9, 0xf9, 0xec, 0x54, 0x15, 0x6b,
-    0x2a, 0x15, 0xd6, 0xe4, 0x31, 0x3b, 0x27, 0x67, 0x1f, 0xc2, 0xe8, 0x88,
-    0xbd, 0x18, 0xe9, 0x84, 0x17, 0xfe, 0xcf, 0x39, 0x01, 0xce, 0x76, 0x59,
-    0x7f, 0xff, 0xe0, 0xff, 0x07, 0xef, 0xe1, 0xf3, 0xff, 0x76, 0xf4, 0x7b,
-    0x8b, 0x2f, 0x9b, 0x98, 0x4b, 0x2a, 0x48, 0xc7, 0x63, 0xce, 0x35, 0xde,
-    0x37, 0x37, 0x56, 0x5d, 0xbb, 0xba, 0xb2, 0xec, 0xe9, 0x25, 0xa1, 0x25,
-    0x81, 0xa3, 0x4e, 0x01, 0x7b, 0xfd, 0xec, 0xd0, 0x0e, 0xdc, 0x48, 0x2c,
-    0xd3, 0xdf, 0xd2, 0xfb, 0x6f, 0xc9, 0x96, 0x54, 0x1f, 0xab, 0xa2, 0xdf,
-    0xdf, 0x6e, 0xe0, 0xec, 0xb2, 0xff, 0x40, 0x36, 0x79, 0x46, 0xe2, 0xca,
-    0x83, 0xe3, 0x22, 0xdb, 0xff, 0xf1, 0x60, 0x1c, 0x80, 0x21, 0xfc, 0x17,
-    0xda, 0x16, 0x51, 0x1f, 0xaf, 0x88, 0x2c, 0x2e, 0x7b, 0x6d, 0x9b, 0x67,
-    0xa1, 0xd1, 0x56, 0x2f, 0x11, 0x8c, 0xec, 0x83, 0x23, 0x21, 0xc2, 0x9f,
-    0x25, 0x8e, 0x1b, 0x19, 0x4f, 0x71, 0xa7, 0x75, 0x0d, 0x76, 0x85, 0x34,
-    0xd0, 0xb3, 0xd4, 0x31, 0x4e, 0x5d, 0xf8, 0xf4, 0x9c, 0xe0, 0xa3, 0xc9,
-    0xe4, 0xbe, 0xdf, 0x46, 0x90, 0x12, 0xf3, 0x08, 0x27, 0xe1, 0xc0, 0x24,
-    0x3e, 0x2f, 0xff, 0xfe, 0x73, 0x8b, 0x6d, 0x68, 0x3a, 0xd4, 0x16, 0x1a,
-    0xdf, 0xfe, 0x08, 0xb2, 0xfb, 0x41, 0xf6, 0x2c, 0xbf, 0xf8, 0xd3, 0x37,
-    0x36, 0x18, 0xa2, 0x74, 0xef, 0xcf, 0xac, 0xbf, 0x46, 0xcf, 0xae, 0xd6,
-    0x5c, 0xdb, 0xd6, 0x5e, 0x8f, 0x71, 0x65, 0xee, 0x04, 0xfa, 0x3d, 0xd0,
-    0x14, 0x90, 0xc5, 0x4f, 0x34, 0x7a, 0xb4, 0x2d, 0x6f, 0xf6, 0x03, 0x99,
-    0xdb, 0x8d, 0x65, 0xf8, 0x9c, 0xce, 0x71, 0x65, 0x61, 0xed, 0xe8, 0xce,
-    0xfb, 0xb7, 0x7e, 0xd5, 0x15, 0x12, 0xf1, 0xb1, 0xc5, 0x97, 0xf7, 0xe3,
-    0xd1, 0xd1, 0x8b, 0x2f, 0x8a, 0x4c, 0x75, 0x97, 0xe9, 0x61, 0x30, 0xd6,
-    0x56, 0x22, 0x4d, 0x87, 0x5c, 0xbf, 0xc4, 0x35, 0xa4, 0x7e, 0x9e, 0x18,
-    0x77, 0xdf, 0xcd, 0x62, 0xcb, 0xcd, 0x36, 0xea, 0xca, 0x83, 0xc1, 0xf9,
-    0x0d, 0xfb, 0xb7, 0xfc, 0x7d, 0x65, 0xff, 0xfc, 0x12, 0x73, 0x67, 0x78,
-    0xd8, 0x29, 0x67, 0xd8, 0xeb, 0x2e, 0x08, 0x8b, 0x2f, 0x86, 0x38, 0x3a,
-    0xcb, 0xff, 0xe9, 0x6d, 0x3c, 0xe2, 0x78, 0xdb, 0xbd, 0x4e, 0x9d, 0xf9,
-    0xf5, 0x95, 0x08, 0xa1, 0x61, 0x80, 0x11, 0x5f, 0xb4, 0xdd, 0xb6, 0xf5,
-    0x97, 0xc3, 0x8c, 0x25, 0x97, 0xe7, 0x37, 0x3e, 0xeb, 0x2b, 0x0f, 0x1c,
-    0x24, 0x17, 0xff, 0xf0, 0x49, 0xcd, 0x9d, 0xe3, 0x60, 0xa5, 0x9f, 0x63,
-    0xac, 0xbe, 0xd6, 0xb2, 0x7d, 0x65, 0x1d, 0x10, 0x4e, 0xbb, 0x7f, 0xfe,
-    0x79, 0x14, 0x73, 0x3a, 0xec, 0x9f, 0x3a, 0xed, 0x65, 0xfa, 0x0c, 0xcf,
-    0xba, 0xcb, 0xc3, 0x6d, 0xeb, 0x2c, 0x2e, 0x17, 0x9b, 0x25, 0x18, 0xb8,
-    0xe1, 0x11, 0x91, 0x8f, 0x76, 0xd2, 0xc4, 0x27, 0x28, 0xfc, 0x3f, 0x9c,
-    0xb8, 0x9c, 0x79, 0x0a, 0x3d, 0xe4, 0x42, 0x2b, 0x6e, 0x93, 0xdf, 0xf6,
-    0x1c, 0x5c, 0xfe, 0x13, 0x79, 0x65, 0xff, 0x7d, 0xb5, 0xf7, 0xe6, 0x08,
-    0xb2, 0xe1, 0x92, 0xcb, 0xf9, 0x9e, 0x5e, 0x6d, 0x96, 0x5e, 0x7f, 0x32,
-    0xcb, 0xa0, 0x5e, 0x22, 0x5f, 0xa3, 0x9f, 0x8b, 0x70, 0xb6, 0x86, 0x98,
-    0xef, 0x21, 0xa7, 0x7b, 0x0c, 0xc5, 0x97, 0x83, 0x1b, 0x2c, 0xbf, 0x9e,
-    0x5d, 0x72, 0x36, 0x59, 0x7f, 0xcf, 0xd1, 0x66, 0xfd, 0x37, 0x16, 0x5f,
-    0x9a, 0x24, 0xf2, 0x59, 0x43, 0x44, 0x79, 0xcb, 0xfe, 0x75, 0x7f, 0x66,
-    0xc3, 0x8c, 0x1a, 0xcb, 0xe1, 0xfd, 0xa6, 0x59, 0x58, 0x7a, 0x0e, 0x5b,
-    0x7e, 0x27, 0xdd, 0xcd, 0x96, 0x5e, 0x31, 0xfe, 0xb2, 0xe8, 0x1a, 0xca,
-    0x83, 0x67, 0xf1, 0xdb, 0xfe, 0x72, 0xf7, 0x35, 0x90, 0x75, 0x97, 0xe6,
-    0x22, 0x0e, 0xe2, 0xcb, 0xfe, 0xe6, 0x0f, 0x35, 0x28, 0xd2, 0xca, 0x83,
-    0xe1, 0xd1, 0x4d, 0xb6, 0x59, 0x50, 0x6c, 0xf0, 0x86, 0xfb, 0xb8, 0xd1,
-    0xab, 0x2f, 0xd2, 0x7f, 0x49, 0xd6, 0x5f, 0x40, 0x01, 0x0b, 0x2a, 0x0f,
-    0x20, 0x89, 0xef, 0xf8, 0x87, 0x9a, 0x1b, 0xb8, 0xd6, 0x58, 0x2b, 0x2a,
-    0x0f, 0x21, 0xcd, 0xec, 0x4b, 0x2f, 0xdb, 0x69, 0xdf, 0xcb, 0x29, 0x8d,
-    0xc3, 0x88, 0x5f, 0x7d, 0xbe, 0x2c, 0x52, 0xb8, 0x34, 0x31, 0xcc, 0x85,
-    0x61, 0xb0, 0x80, 0xec, 0x82, 0x65, 0xd3, 0x90, 0x7e, 0x19, 0x7c, 0x1f,
-    0xf3, 0x61, 0x8d, 0x13, 0xeb, 0x17, 0xb9, 0x84, 0xb2, 0xfd, 0xae, 0xdd,
-    0xfb, 0x54, 0x57, 0xab, 0xf3, 0x6e, 0xf6, 0x1d, 0x96, 0x5a, 0x4b, 0x2c,
-    0x75, 0x95, 0x06, 0x89, 0xc4, 0x6e, 0x80, 0x2c, 0xbd, 0xf8, 0xe9, 0x65,
-    0xfd, 0xb0, 0x93, 0xee, 0x40, 0x59, 0x7f, 0xe7, 0x20, 0x67, 0xa0, 0x98,
-    0x0b, 0x2a, 0x0f, 0xb6, 0x7c, 0xca, 0xc2, 0xe4, 0x9c, 0x1e, 0x0d, 0xe8,
-    0xd9, 0xd3, 0xc0, 0x3e, 0x11, 0x61, 0x21, 0x15, 0x7f, 0xf0, 0xb7, 0x90,
-    0xbc, 0xd7, 0x6e, 0xfd, 0xaa, 0x24, 0x65, 0xff, 0xe1, 0x67, 0x79, 0x0b,
-    0xcd, 0x76, 0xef, 0xda, 0xa2, 0x78, 0x5f, 0xfe, 0x16, 0x77, 0x90, 0xbc,
-    0xd7, 0x6e, 0xfd, 0xaa, 0x27, 0xf5, 0xff, 0xe1, 0x67, 0x79, 0x0b, 0xcd,
-    0x76, 0xef, 0xda, 0xa2, 0x86, 0x5f, 0xf9, 0xe4, 0x2f, 0x35, 0xdb, 0xbf,
-    0x6a, 0x8a, 0x21, 0x7f, 0x3f, 0x62, 0xc0, 0xdb, 0x2c, 0xa3, 0x9f, 0xfe,
-    0xf4, 0xeb, 0xff, 0x48, 0x58, 0x79, 0x3a, 0x39, 0x12, 0x59, 0x42, 0xcf,
-    0x9e, 0x09, 0x2f, 0xfd, 0x33, 0x7f, 0xac, 0xf0, 0xf0, 0xeb, 0x2f, 0xff,
-    0x38, 0xb1, 0xb9, 0x3f, 0x73, 0x84, 0x73, 0xac, 0xbf, 0x9b, 0xcd, 0xa7,
-    0x02, 0xcb, 0xec, 0xf6, 0x01, 0x65, 0xf8, 0x82, 0xf2, 0xe2, 0xcb, 0x1d,
-    0x65, 0xff, 0x6f, 0xce, 0xa5, 0xa7, 0x79, 0x2c, 0xbc, 0x4e, 0x2e, 0x48,
-    0xc0, 0x22, 0xcf, 0x10, 0xcf, 0x93, 0x88, 0x23, 0x7f, 0xfe, 0xfe, 0x16,
-    0x1b, 0xf7, 0x97, 0xcc, 0x71, 0x0e, 0xb2, 0xfb, 0xb7, 0x7e, 0xd5, 0x14,
-    0x8a, 0xa4, 0x88, 0x7d, 0x2b, 0xdf, 0x83, 0xe2, 0x8f, 0xac, 0xbf, 0xfb,
-    0xfb, 0xdf, 0x5c, 0x7f, 0xf2, 0x36, 0x59, 0x7f, 0xf3, 0xf5, 0xcf, 0x99,
-    0x00, 0x9c, 0x21, 0xd6, 0x5f, 0xf4, 0x4a, 0x35, 0xb4, 0x6b, 0x65, 0x97,
-    0xff, 0x8b, 0x3f, 0xe2, 0x80, 0x61, 0x3c, 0x96, 0x5f, 0xe2, 0x83, 0xf0,
-    0x1e, 0x75, 0x97, 0xf9, 0xfc, 0x76, 0xf7, 0xd9, 0x65, 0xe7, 0x90, 0xbc,
-    0x4e, 0xfe, 0x62, 0x37, 0x27, 0x02, 0x39, 0x25, 0x70, 0xeb, 0xc8, 0xc2,
-    0x19, 0x5f, 0x0b, 0x8c, 0x3a, 0xcb, 0xff, 0xf0, 0xb1, 0x3b, 0xcf, 0x41,
-    0x7b, 0x8e, 0x41, 0xc5, 0x94, 0xc7, 0xf5, 0xbc, 0x8e, 0xff, 0xf4, 0x85,
-    0xe9, 0xc0, 0xfe, 0x6d, 0x61, 0xd6, 0x5f, 0xfb, 0xae, 0x49, 0xb9, 0xc8,
-    0xd4, 0x96, 0x5f, 0xf3, 0x77, 0x07, 0xe7, 0xa2, 0x4b, 0x2e, 0xfe, 0x2c,
-    0xba, 0x0c, 0x59, 0x7f, 0x07, 0x40, 0x9c, 0x39, 0x96, 0x58, 0x5c, 0x91,
-    0x30, 0x33, 0x9f, 0x8b, 0x70, 0x5e, 0x9d, 0x31, 0xd0, 0x43, 0x62, 0xfe,
-    0x96, 0x7f, 0xef, 0x25, 0x97, 0xff, 0xcd, 0x30, 0xbf, 0x7d, 0x9c, 0x10,
-    0x11, 0x5c, 0x2c, 0xbf, 0xf7, 0x62, 0xc6, 0xd3, 0x9c, 0xbb, 0x85, 0x95,
-    0x88, 0x98, 0x75, 0x5b, 0xff, 0xfb, 0x07, 0xf8, 0x10, 0x5f, 0x89, 0xc1,
-    0xce, 0x40, 0x12, 0x58, 0x5c, 0x2f, 0xf3, 0x8d, 0x03, 0xb8, 0xc3, 0x8f,
-    0x2a, 0x97, 0xf0, 0xfe, 0x72, 0x30, 0x46, 0xd1, 0xe2, 0x8d, 0xf0, 0xc5,
-    0x9f, 0x21, 0xbd, 0xcc, 0xe2, 0xcb, 0xe0, 0xee, 0x8e, 0x16, 0x57, 0x47,
-    0x83, 0xf1, 0xcb, 0xff, 0xef, 0xc7, 0xd8, 0xde, 0x73, 0x08, 0x13, 0xf8,
-    0xb2, 0xfb, 0xb7, 0x7e, 0xd5, 0x12, 0x82, 0xff, 0xd0, 0x03, 0xbc, 0xbf,
-    0x0f, 0xa5, 0x95, 0x24, 0x5f, 0xe9, 0x48, 0x8c, 0x2f, 0xf3, 0x98, 0x58,
-    0x08, 0x02, 0xcb, 0xfd, 0x83, 0xc1, 0xc1, 0x79, 0x65, 0x11, 0xf1, 0xf0,
-    0xca, 0xfd, 0x22, 0x68, 0x35, 0x65, 0xff, 0xcf, 0xee, 0x08, 0x41, 0x91,
-    0x61, 0xd6, 0x53, 0x9f, 0x59, 0x13, 0xdf, 0xfd, 0x9e, 0xe4, 0x1f, 0x3c,
-    0xe1, 0x15, 0xac, 0xbc, 0x3d, 0x42, 0xcb, 0xce, 0x3c, 0x59, 0x58, 0x6d,
-    0xf8, 0x39, 0x7f, 0xd2, 0xcf, 0x96, 0x7b, 0xec, 0xb2, 0xff, 0xf3, 0xec,
-    0xda, 0xd3, 0x75, 0x2f, 0x3f, 0x4b, 0x2f, 0x7f, 0xc7, 0x59, 0x7c, 0x2d,
-    0xe4, 0x2e, 0x15, 0xaf, 0x64, 0x38, 0xa6, 0x84, 0x91, 0xe1, 0x18, 0x44,
-    0x1c, 0x7e, 0xf1, 0x04, 0xf9, 0xbe, 0xea, 0x65, 0x6c, 0xed, 0xef, 0x65,
-    0x5b, 0x59, 0x0e, 0x3b, 0x8e, 0xe7, 0xb8, 0x1a, 0x50, 0x26, 0xe4, 0xe2,
-    0x1e, 0xa5, 0x2e, 0x9d, 0xc7, 0xea, 0xc0, 0x5c, 0x15, 0xae, 0x72, 0x34,
-    0x20, 0xd2, 0x02, 0xb7, 0x67, 0x15, 0xaf, 0xff, 0x0b, 0x3b, 0xc8, 0x5e,
-    0x6b, 0xb7, 0x7e, 0xd5, 0x13, 0x9a, 0xff, 0xf0, 0xb3, 0xbc, 0x85, 0xe6,
-    0xbb, 0x77, 0xed, 0x51, 0x44, 0xaf, 0xf8, 0x2f, 0xa9, 0x0a, 0x9b, 0xc0,
-    0xcb, 0x2f, 0x37, 0x5c, 0x59, 0x78, 0xa0, 0xeb, 0x2f, 0xf8, 0x9f, 0xaf,
-    0x3f, 0xa4, 0xeb, 0x2f, 0xef, 0xe6, 0x7b, 0xf8, 0xb2, 0xb6, 0x44, 0xe3,
-    0x0e, 0x80, 0x6f, 0xc7, 0x17, 0x6f, 0x85, 0x97, 0xf0, 0xf5, 0x1b, 0xdb,
-    0x7a, 0xcb, 0xf9, 0xb9, 0x34, 0x98, 0x0b, 0x2f, 0xec, 0x18, 0x83, 0x73,
-    0xac, 0xbf, 0xff, 0x61, 0x4a, 0x76, 0x0d, 0xb9, 0xd7, 0x82, 0xfc, 0x59,
-    0x7f, 0xa3, 0x61, 0x27, 0xdc, 0x80, 0xb2, 0xe9, 0x0b, 0x1a, 0xa4, 0xcc,
-    0x86, 0xe7, 0x67, 0xac, 0x31, 0xf3, 0x1d, 0xe5, 0xc6, 0x17, 0x08, 0xaf,
-    0x7f, 0x70, 0xa7, 0x4f, 0x63, 0x65, 0x97, 0xfe, 0x2c, 0x04, 0x03, 0x5a,
-    0x83, 0x16, 0x58, 0x5c, 0x1f, 0x97, 0x0d, 0x2b, 0x49, 0x92, 0x02, 0x1f,
-    0x75, 0xa5, 0xc5, 0x1e, 0x2e, 0x06, 0x5e, 0x65, 0xfb, 0x5d, 0xbb, 0xf6,
-    0xa8, 0x87, 0x17, 0xf0, 0x7b, 0xd3, 0x41, 0x2c, 0xbf, 0x31, 0x7a, 0x0e,
-    0xb2, 0xc2, 0xf1, 0x11, 0x3f, 0x36, 0x9f, 0x2d, 0xbf, 0xf3, 0x0f, 0x0e,
-    0x59, 0xd7, 0x9d, 0x65, 0xfe, 0xd6, 0x77, 0xf8, 0xea, 0x4b, 0x2c, 0x62,
-    0xca, 0x83, 0xc7, 0xc3, 0x5a, 0x59, 0x7f, 0xf1, 0x39, 0xbd, 0xfd, 0xb5,
-    0xa8, 0x31, 0x65, 0xff, 0xdd, 0xfe, 0x0d, 0x6e, 0x0a, 0xa9, 0xe9, 0xfe,
-    0xb2, 0xc1, 0x59, 0x5b, 0x87, 0xc4, 0x75, 0x1b, 0x88, 0x96, 0x5f, 0x76,
-    0xef, 0xda, 0xa2, 0x2f, 0x5f, 0xec, 0xe8, 0x1c, 0x76, 0xd9, 0x65, 0xf8,
-    0x9c, 0x0f, 0xc5, 0x97, 0xec, 0x9a, 0x4f, 0xc5, 0x94, 0xc8, 0xec, 0x98,
-    0x97, 0x42, 0xa4, 0x61, 0xe3, 0x41, 0x09, 0xaf, 0xf6, 0xdf, 0xcf, 0xe3,
-    0x6c, 0xb2, 0xf4, 0x19, 0xe5, 0x96, 0x7d, 0x1e, 0x89, 0x1a, 0x5f, 0x1f,
-    0xed, 0xa5, 0x97, 0xdb, 0xac, 0x53, 0x2c, 0xbf, 0xb0, 0x7f, 0xc0, 0x3a,
-    0xcb, 0xe8, 0x08, 0xaf, 0x8b, 0x2b, 0x0f, 0xdf, 0x84, 0xa6, 0x16, 0x5f,
-    0xf6, 0x30, 0x38, 0x00, 0x37, 0x96, 0x5c, 0x27, 0x16, 0x5a, 0x4b, 0x2a,
-    0x0d, 0x4b, 0x8c, 0x5f, 0xe0, 0x7b, 0x9f, 0xc6, 0x1a, 0xcb, 0x6c, 0xb2,
-    0xb4, 0x78, 0xa4, 0x67, 0x7f, 0xde, 0x28, 0x38, 0x83, 0xfc, 0x2c, 0xbf,
-    0x3c, 0x8f, 0x12, 0x59, 0x63, 0xac, 0xa8, 0x44, 0x93, 0x10, 0xfc, 0xe7,
-    0xc4, 0xf7, 0xd3, 0x49, 0xe4, 0xb2, 0xee, 0x74, 0xb2, 0xfb, 0xd2, 0x83,
-    0x52, 0x5f, 0x60, 0xfd, 0xc5, 0x95, 0x88, 0x80, 0x39, 0x1b, 0x8c, 0x11,
-    0x1d, 0xfe, 0x2c, 0xea, 0x5c, 0x63, 0x56, 0x5f, 0xbf, 0x9d, 0xbc, 0x96,
-    0x5f, 0x9f, 0xa0, 0xbf, 0x96, 0x5d, 0x3e, 0x4b, 0x2f, 0xcf, 0xb7, 0xb3,
-    0xeb, 0x2f, 0xf4, 0x03, 0x08, 0x3c, 0x85, 0x96, 0x17, 0x0b, 0xe3, 0x7b,
-    0x42, 0x12, 0x44, 0x03, 0x0b, 0xc8, 0xe5, 0x3b, 0x85, 0x43, 0x13, 0x4d,
-    0x09, 0x9d, 0x17, 0x9d, 0x87, 0xf0, 0xf6, 0x28, 0x5d, 0xf0, 0xeb, 0xc6,
-    0x81, 0x28, 0xde, 0x51, 0x3e, 0x32, 0x21, 0x45, 0xff, 0x3f, 0x62, 0xe5,
-    0x9a, 0xc9, 0x2c, 0xbf, 0xff, 0xfe, 0x27, 0x17, 0x81, 0x15, 0xb1, 0xad,
-    0xef, 0xe3, 0x4b, 0x93, 0xb0, 0xd8, 0x92, 0xcb, 0xf6, 0x70, 0xe3, 0x85,
-    0x97, 0xfe, 0x79, 0x0b, 0xcd, 0x76, 0xef, 0xda, 0xa2, 0x64, 0x58, 0x5e,
-    0xc9, 0x9a, 0x76, 0x77, 0xa8, 0x42, 0x1c, 0x9e, 0xf7, 0xb0, 0xeb, 0x2e,
-    0xf9, 0xd6, 0x5f, 0xb5, 0xdb, 0xbf, 0x6a, 0x8b, 0x79, 0x61, 0x70, 0x7d,
-    0x23, 0x1c, 0xc1, 0x7b, 0x9f, 0x75, 0x65, 0xfe, 0x04, 0x0c, 0x2f, 0xa9,
-    0x2c, 0xbf, 0xf3, 0xc8, 0x5e, 0x6b, 0xb7, 0x7e, 0xd5, 0x14, 0x9a, 0xc2,
-    0xf1, 0x13, 0x4c, 0x32, 0x73, 0x3b, 0xa7, 0xb9, 0xe1, 0x65, 0xff, 0xb0,
-    0xb3, 0xda, 0x63, 0x7e, 0x15, 0x96, 0x3a, 0xcb, 0xfe, 0x0b, 0xf5, 0xad,
-    0x06, 0x6e, 0x2c, 0xa9, 0x1e, 0x6f, 0x04, 0x6e, 0x3f, 0x4b, 0x2f, 0xec,
-    0xf1, 0x44, 0x1d, 0x65, 0xfd, 0xd0, 0x04, 0xd3, 0x81, 0x65, 0xdf, 0x16,
-    0x29, 0x4d, 0x04, 0x64, 0x39, 0x08, 0xb3, 0x91, 0x7c, 0x61, 0xca, 0xea,
-    0x19, 0xa2, 0x92, 0x9f, 0x55, 0xc9, 0x4a, 0xdc, 0x85, 0xb6, 0xf8, 0x67,
-    0x89, 0x1b, 0xbd, 0xfe, 0x17, 0x9a, 0xed, 0xdf, 0xb5, 0x44, 0x3a, 0xbf,
-    0x6b, 0xb7, 0x7e, 0xd5, 0x12, 0xc2, 0xfb, 0x00, 0x76, 0x59, 0x7e, 0x16,
-    0x77, 0x90, 0xbc, 0x3d, 0x79, 0xf3, 0x6b, 0xfc, 0x2f, 0x35, 0xdb, 0xbf,
-    0x6a, 0x88, 0xc1, 0x78, 0xc8, 0x3a, 0xcb, 0xd2, 0x61, 0xac, 0xbf, 0x4b,
-    0x38, 0xfc, 0x59, 0x61, 0x78, 0x7c, 0x13, 0x0e, 0x84, 0x72, 0xff, 0xfc,
-    0xe0, 0x9f, 0xc1, 0x64, 0xfe, 0x96, 0x7b, 0x06, 0xb2, 0xff, 0xfc, 0xc7,
-    0x6d, 0x0b, 0xf4, 0xfe, 0x7f, 0xd1, 0xd1, 0x8b, 0x28, 0x91, 0xd7, 0xc3,
-    0x7f, 0x2c, 0x5f, 0x0b, 0x96, 0x71, 0x65, 0xef, 0x34, 0xcb, 0x2f, 0xff,
-    0xff, 0xff, 0xb0, 0xc1, 0x7d, 0x41, 0x04, 0xfa, 0x8f, 0x37, 0x6c, 0x3f,
-    0xc7, 0x7f, 0x8d, 0x8e, 0xde, 0x79, 0x9f, 0xcb, 0x2f, 0xff, 0xfa, 0x5c,
-    0x17, 0xdf, 0xde, 0x6e, 0xff, 0x9a, 0x9e, 0xbf, 0x31, 0xf8, 0xb2, 0xfa,
-    0x3e, 0x1f, 0x2c, 0xbf, 0x67, 0x81, 0x1d, 0xac, 0xbf, 0xfd, 0x1e, 0x60,
-    0x44, 0x87, 0xf8, 0x2e, 0xd6, 0x5f, 0x31, 0x01, 0x96, 0x5f, 0x76, 0xef,
-    0xda, 0xa2, 0x3d, 0x54, 0x8f, 0x43, 0x44, 0x17, 0xff, 0xb7, 0x0a, 0x1c,
-    0x6d, 0xc3, 0xc0, 0xc0, 0xb2, 0xfb, 0x8f, 0xd6, 0xf5, 0x97, 0x48, 0x5e,
-    0x22, 0x49, 0xc8, 0xbc, 0x97, 0x7f, 0xf8, 0x39, 0xfc, 0x20, 0x61, 0x7b,
-    0xf8, 0xb2, 0xf4, 0x6a, 0x65, 0x97, 0x38, 0xb2, 0x3e, 0x4e, 0x23, 0xd8,
-    0x5c, 0x2b, 0x84, 0xd8, 0x77, 0xa8, 0x58, 0x33, 0xa4, 0xc4, 0x5a, 0x28,
-    0x78, 0xca, 0xca, 0x14, 0x17, 0xff, 0xf1, 0x39, 0x82, 0xf9, 0xe2, 0x89,
-    0xc0, 0x38, 0x9a, 0x75, 0x97, 0xed, 0x76, 0xef, 0xda, 0xa2, 0xc3, 0x5f,
-    0xe9, 0x14, 0x67, 0x30, 0x96, 0x5c, 0xd2, 0x59, 0x61, 0x78, 0x7f, 0x9d,
-    0x1b, 0x00, 0xc2, 0xf8, 0x58, 0x0b, 0x16, 0x5d, 0xd7, 0x96, 0x5f, 0xc1,
-    0xd9, 0x88, 0x27, 0x59, 0x50, 0x78, 0xc4, 0x31, 0x7a, 0x0b, 0x65, 0x96,
-    0x85, 0x97, 0xd0, 0x09, 0x1d, 0x65, 0x7c, 0xd9, 0x10, 0x85, 0x32, 0x23,
-    0xbe, 0x41, 0xe4, 0xeb, 0xff, 0xfe, 0x88, 0xe0, 0xbf, 0x0d, 0x8f, 0xd4,
-    0xb9, 0xd4, 0xb3, 0x5b, 0x2c, 0xa1, 0x68, 0x9b, 0x22, 0xfb, 0x46, 0xc9,
-    0xdb, 0x6a, 0x39, 0x2b, 0xfc, 0x2f, 0x35, 0xdb, 0xbf, 0x6a, 0x8b, 0x9d,
-    0x7c, 0xda, 0xd3, 0xac, 0xbe, 0xe4, 0x11, 0xab, 0x2b, 0x0f, 0x0c, 0x42,
-    0x1b, 0xc5, 0x1d, 0x2c, 0xbe, 0x7d, 0x48, 0x5f, 0x0d, 0xf6, 0xe9, 0x15,
-    0xff, 0xff, 0xff, 0xd1, 0x3c, 0xa5, 0xb7, 0x7f, 0x9d, 0x3b, 0xf3, 0xe2,
-    0xf6, 0x09, 0xa2, 0xae, 0x05, 0x3d, 0x6d, 0xb7, 0x67, 0x9d, 0x3b, 0xf3,
-    0xeb, 0x2a, 0x19, 0x72, 0xbb, 0x42, 0x6a, 0x48, 0xb9, 0x1c, 0x77, 0x65,
-    0xed, 0x2e, 0xa3, 0x50, 0x8a, 0x3c, 0x37, 0x3f, 0x1f, 0x6f, 0x8c, 0x03,
-    0x0c, 0x4d, 0xd3, 0xdb, 0xf6, 0xbb, 0x77, 0xed, 0x51, 0x0f, 0x2f, 0xff,
-    0x7d, 0xa0, 0xee, 0x31, 0x37, 0x60, 0xa4, 0xb2, 0xc2, 0xf1, 0x10, 0x5c,
-    0x36, 0xbf, 0xfb, 0x7e, 0x9b, 0x90, 0x37, 0x26, 0x3a, 0xcb, 0xde, 0xec,
-    0x0b, 0x2f, 0xf6, 0xa1, 0xbc, 0x50, 0x75, 0x97, 0xf8, 0x3c, 0x9c, 0x32,
-    0x7f, 0xac, 0xbf, 0xff, 0xfe, 0xfe, 0x6b, 0x51, 0xd4, 0x84, 0xf3, 0x10,
-    0x65, 0x9c, 0x2c, 0xd8, 0x49, 0x2c, 0xbe, 0xed, 0xdf, 0xb5, 0x44, 0x4c,
-    0xbf, 0x63, 0x7b, 0x41, 0x59, 0x7d, 0xb9, 0xf8, 0x35, 0x65, 0xff, 0xfe,
-    0xd1, 0x66, 0xd8, 0x3c, 0x30, 0x3a, 0xce, 0xff, 0x1b, 0xd6, 0x5d, 0x9b,
-    0x2c, 0xbe, 0x09, 0xf0, 0x6b, 0x2a, 0x11, 0x3b, 0xd3, 0x26, 0xe8, 0xbd,
-    0xfb, 0xdc, 0xdb, 0x0c, 0x59, 0x7f, 0xde, 0x09, 0xb3, 0xbf, 0x80, 0x75,
-    0x95, 0x88, 0x99, 0x73, 0x30, 0x95, 0x58, 0x2b, 0x2f, 0xf7, 0x82, 0xfd,
-    0x7e, 0x37, 0xac, 0xae, 0xd5, 0x54, 0x6a, 0x10, 0x07, 0x30, 0x72, 0x72,
-    0x8d, 0x73, 0x85, 0xde, 0x11, 0xbf, 0xe7, 0x72, 0x06, 0x9a, 0x0d, 0x59,
-    0x70, 0x76, 0x59, 0x6c, 0x59, 0x73, 0x0a, 0xd6, 0x51, 0x1e, 0x16, 0xf1,
-    0x83, 0x04, 0x2f, 0xf1, 0x61, 0x9a, 0xcf, 0xf1, 0x65, 0xf8, 0x1c, 0x9d,
-    0x83, 0x59, 0x7f, 0x98, 0xcc, 0x2c, 0xeb, 0xcb, 0x29, 0x8f, 0x77, 0x45,
-    0x57, 0x66, 0xea, 0xcb, 0xdd, 0xb0, 0xd6, 0x5e, 0x72, 0x1e, 0x1b, 0x66,
-    0x19, 0xbf, 0x34, 0xe3, 0xf7, 0x32, 0xca, 0x73, 0xdb, 0x22, 0xfb, 0xfe,
-    0x8f, 0xc6, 0xf3, 0xc1, 0x6c, 0xb2, 0xff, 0xe0, 0xfb, 0x84, 0x10, 0xfa,
-    0x50, 0x6a, 0xcb, 0xdc, 0x72, 0x59, 0x7f, 0xfe, 0x8d, 0x03, 0xf1, 0xbe,
-    0x68, 0x83, 0xf3, 0x06, 0xb2, 0xff, 0xbf, 0xf8, 0xdf, 0x2c, 0xd4, 0x2c,
-    0xaf, 0xa2, 0x45, 0xd5, 0xea, 0x64, 0xd3, 0x88, 0xeb, 0x88, 0xde, 0x85,
-    0x65, 0xfe, 0x27, 0x01, 0x3c, 0x89, 0x65, 0xfb, 0xd8, 0x08, 0xd2, 0xcb,
-    0x9b, 0xd0, 0x7a, 0xec, 0x61, 0x7d, 0xb7, 0xc3, 0xb2, 0xca, 0xc4, 0x75,
-    0x3c, 0x26, 0x82, 0x57, 0x7d, 0xb1, 0xe3, 0x4b, 0x2f, 0xbb, 0x09, 0x1a,
-    0xb2, 0xe7, 0x75, 0x94, 0xe7, 0xb8, 0x44, 0x62, 0x12, 0x5f, 0xf9, 0xfa,
-    0xe4, 0xdb, 0x8c, 0x5e, 0xe2, 0xcb, 0x87, 0xf5, 0x97, 0xff, 0xbd, 0x2c,
-    0xd6, 0x9e, 0x58, 0x78, 0xed, 0x65, 0x61, 0xf0, 0xb8, 0xbd, 0xff, 0x78,
-    0x3f, 0x81, 0xfd, 0x80, 0xb2, 0xff, 0xa2, 0x58, 0xc5, 0x90, 0x6a, 0xcb,
-    0xff, 0xf7, 0xe3, 0x40, 0xe6, 0x0f, 0xc1, 0x7e, 0xf3, 0x4b, 0x2b, 0x71,
-    0x18, 0xb3, 0x1c, 0xf8, 0xda, 0xef, 0x1d, 0x65, 0xfb, 0x0e, 0x78, 0x1a,
-    0xcb, 0xff, 0x09, 0xb7, 0x21, 0xba, 0xf4, 0x1d, 0x65, 0xff, 0xdc, 0x77,
-    0xef, 0x3b, 0x82, 0x8e, 0xd6, 0x5b, 0x26, 0x45, 0x67, 0xc9, 0xf8, 0x83,
-    0x7a, 0x35, 0xc5, 0x97, 0xff, 0xb3, 0x79, 0x67, 0x3b, 0xfb, 0x6e, 0xb7,
-    0x16, 0x5f, 0xf4, 0x48, 0x4c, 0xd7, 0x30, 0xc5, 0x97, 0xfa, 0x50, 0x6b,
-    0x7d, 0xf6, 0x59, 0x5b, 0x1f, 0x73, 0x1d, 0x5e, 0x20, 0x8d, 0x65, 0x62,
-    0xa4, 0x3e, 0x8d, 0x3f, 0x0c, 0x30, 0x1b, 0x10, 0xe0, 0x61, 0x78, 0x21,
-    0x15, 0xf8, 0x9d, 0x88, 0x0b, 0x2f, 0xc6, 0x06, 0x35, 0xb2, 0xca, 0x9c,
-    0x79, 0xe6, 0x12, 0xdf, 0xfc, 0xce, 0x0d, 0x41, 0x7b, 0xf9, 0x25, 0x94,
-    0xc7, 0xcf, 0xf2, 0x5b, 0x98, 0xeb, 0x2f, 0xa5, 0xf1, 0x38, 0xb2, 0xe7,
-    0x11, 0x51, 0x0b, 0xab, 0xa3, 0xc8, 0x09, 0x25, 0x4c, 0x88, 0x1f, 0x2f,
-    0x5f, 0xbf, 0x9b, 0x04, 0x96, 0x5f, 0x3e, 0xa3, 0x7a, 0xca, 0x19, 0xe5,
-    0x80, 0xa2, 0xfd, 0x34, 0xb1, 0xc9, 0x65, 0xe8, 0x3c, 0x96, 0x5e, 0x20,
-    0x9a, 0xb2, 0xba, 0x37, 0x24, 0x39, 0x7d, 0xf6, 0x89, 0x96, 0x58, 0x5c,
-    0x33, 0xea, 0x76, 0x44, 0x90, 0xf0, 0xcc, 0x72, 0x56, 0xe9, 0xae, 0x0c,
-    0xf3, 0x31, 0x8e, 0xa1, 0x20, 0x78, 0x59, 0x7e, 0x52, 0xc3, 0xc2, 0x3c,
-    0x05, 0xc5, 0x0a, 0x4e, 0x4b, 0x28, 0xf4, 0x64, 0xc1, 0x85, 0x16, 0xf6,
-    0xf9, 0xf2, 0x21, 0x18, 0x37, 0x48, 0x6f, 0xd9, 0xae, 0x34, 0x2c, 0xbc,
-    0x2a, 0x85, 0x41, 0x42, 0xcb, 0xff, 0x68, 0x3b, 0x67, 0xe6, 0x28, 0x1a,
-    0xcb, 0xe2, 0x8c, 0x35, 0x65, 0xfe, 0xf7, 0xf3, 0x3d, 0xfc, 0x59, 0x7f,
-    0x7e, 0x1f, 0xa1, 0xf4, 0xb2, 0xfb, 0x0e, 0x13, 0xac, 0xbf, 0xda, 0x82,
-    0xc1, 0x8e, 0x16, 0x5f, 0xf9, 0xc8, 0xd7, 0xf4, 0x79, 0xc0, 0xb2, 0xf8,
-    0x62, 0x41, 0x2c, 0xbf, 0xff, 0x9b, 0xc1, 0xd3, 0xf3, 0x0b, 0xf9, 0x85,
-    0x2e, 0x2c, 0xa8, 0x3f, 0xa7, 0x22, 0xa5, 0x97, 0xe7, 0xcf, 0x61, 0xd6,
-    0x5c, 0x08, 0x83, 0x62, 0x41, 0x77, 0xe0, 0xe8, 0x13, 0xa1, 0x65, 0xdf,
-    0x75, 0x97, 0x31, 0xab, 0x2c, 0x15, 0x95, 0x86, 0xfa, 0x61, 0x6e, 0x0b,
-    0xdf, 0x7a, 0x0b, 0x7a, 0xcb, 0x79, 0x65, 0x7c, 0xda, 0x78, 0x8e, 0xf0,
-    0x38, 0x2e, 0x78, 0x57, 0x08, 0x2a, 0xc9, 0xa0, 0xb0, 0x68, 0x18, 0x43,
-    0xd9, 0x93, 0x17, 0xe8, 0x88, 0xe6, 0x3f, 0x85, 0xb8, 0x14, 0x78, 0x55,
-    0xe6, 0x81, 0x18, 0xaf, 0xc3, 0x17, 0x8d, 0xb8, 0xb2, 0xff, 0xf3, 0x4b,
-    0x82, 0xf3, 0xa9, 0x3e, 0xc2, 0x76, 0xb2, 0xa0, 0xff, 0x30, 0xb2, 0xa1,
-    0x38, 0x0f, 0xc6, 0xc1, 0x7f, 0xd3, 0xd8, 0xa7, 0x59, 0xe6, 0xf8, 0x56,
-    0x5f, 0x71, 0xb6, 0x14, 0xac, 0xbf, 0x04, 0x89, 0xa4, 0xb2, 0xa7, 0xb4,
-    0x47, 0xcf, 0x48, 0x5c, 0x27, 0xbf, 0xf4, 0xf6, 0x29, 0x6d, 0xa2, 0x77,
-    0x7c, 0xc5, 0x97, 0x4f, 0x32, 0x59, 0x7b, 0xf9, 0xa5, 0x95, 0x3d, 0xa2,
-    0x0e, 0x7a, 0x4b, 0xf8, 0xe5, 0xff, 0xb2, 0x44, 0xe6, 0xcd, 0xc8, 0xf2,
-    0xcb, 0xef, 0x36, 0xb1, 0x65, 0x4f, 0x23, 0xe0, 0xc3, 0xfb, 0xfe, 0xcf,
-    0x09, 0xb3, 0xe9, 0xa6, 0x59, 0x7f, 0x4a, 0x79, 0xec, 0x29, 0x15, 0x62,
-    0xa2, 0xcb, 0xc5, 0x9f, 0x59, 0x7f, 0x31, 0xf2, 0x34, 0x6a, 0xca, 0x19,
-    0xe4, 0x76, 0x37, 0x78, 0x55, 0x4f, 0x29, 0xe1, 0x65, 0xfe, 0xce, 0x73,
-    0x18, 0xbb, 0x59, 0x53, 0xd2, 0x6e, 0x42, 0x92, 0x79, 0xe0, 0xec, 0x51,
-    0x08, 0xd1, 0x56, 0x46, 0x45, 0xd7, 0xb4, 0xfc, 0x59, 0x7f, 0x4f, 0x62,
-    0x7f, 0xf9, 0xb2, 0xcb, 0xa7, 0xfa, 0x59, 0x6f, 0xac, 0xa9, 0xc7, 0xfb,
-    0x3d, 0x8e, 0x4f, 0x23, 0x50, 0x8d, 0xdf, 0xfa, 0x7b, 0x14, 0xf3, 0x08,
-    0xb1, 0xfb, 0x59, 0x71, 0xb0, 0xb2, 0xf8, 0x78, 0x53, 0x2c, 0xb9, 0xbc,
-    0xb2, 0xde, 0x63, 0x71, 0xf2, 0x2b, 0xfd, 0xd7, 0xba, 0x90, 0x48, 0xd5,
-    0x97, 0xfe, 0x89, 0x8b, 0x37, 0xb9, 0xce, 0xcb, 0x29, 0xcf, 0xd8, 0x26,
-    0xf7, 0xff, 0xff, 0x7c, 0x23, 0x6c, 0xd4, 0xc5, 0x9b, 0xff, 0x83, 0x8e,
-    0x72, 0x0d, 0x59, 0x7f, 0xf9, 0xa6, 0x96, 0x75, 0x29, 0xc7, 0x77, 0x25,
-    0x97, 0x3e, 0xea, 0xcb, 0xff, 0xfd, 0xcc, 0xf4, 0xef, 0xe7, 0x70, 0x61,
-    0x60, 0xfe, 0xd3, 0x2c, 0xad, 0x95, 0x24, 0xe2, 0x79, 0xb0, 0x9c, 0xec,
-    0x87, 0xee, 0x8e, 0x99, 0xe1, 0x9a, 0x9e, 0x95, 0x7d, 0x8a, 0x65, 0x47,
-    0xdf, 0xee, 0xa3, 0xd9, 0x9d, 0x49, 0x65, 0xfd, 0x8d, 0xe2, 0x8e, 0x96,
-    0x58, 0xd5, 0x95, 0x3c, 0xcf, 0xc8, 0x55, 0x9a, 0x4f, 0x96, 0x5d, 0xb7,
-    0xd6, 0x5e, 0xd7, 0x38, 0xb2, 0xe2, 0xe2, 0xca, 0x14, 0x9b, 0x3d, 0xe3,
-    0xb7, 0x8f, 0x1d, 0xac, 0xa1, 0x41, 0xe2, 0x61, 0x3d, 0xfd, 0x3c, 0x41,
-    0x8f, 0xdc, 0x2c, 0xbf, 0x85, 0x5c, 0xf4, 0x53, 0xf0, 0x75, 0x95, 0x3c,
-    0x1f, 0x70, 0xab, 0x33, 0xbf, 0xff, 0x0e, 0x76, 0x70, 0xb6, 0xd9, 0xf7,
-    0x27, 0x4e, 0xfc, 0xfa, 0xcb, 0xf9, 0xcb, 0x6f, 0xc6, 0xe2, 0xcb, 0xd2,
-    0x80, 0x2c, 0xa1, 0x9e, 0x63, 0x98, 0x5f, 0xbe, 0xfe, 0x79, 0x2c, 0xbf,
-    0x9b, 0x45, 0x99, 0xa5, 0x97, 0xbb, 0xdb, 0xeb, 0x2f, 0xd1, 0xc1, 0x55,
-    0x3d, 0xcf, 0x6b, 0x2e, 0x39, 0xd6, 0x57, 0x0f, 0x3c, 0x27, 0x17, 0xe8,
-    0xe0, 0x7e, 0xcb, 0x2a, 0x72, 0x2d, 0xe4, 0xdd, 0xc2, 0x2a, 0x59, 0x7e,
-    0x93, 0xe9, 0xfb, 0x59, 0x73, 0x4c, 0xb2, 0xa0, 0xdf, 0xe1, 0x45, 0xfe,
-    0x2c, 0xea, 0x44, 0xfb, 0x2c, 0xad, 0x1e, 0x97, 0x07, 0xef, 0xdc, 0x0b,
-    0x90, 0x16, 0x54, 0xe3, 0xc9, 0xf1, 0x15, 0xfc, 0x59, 0xbc, 0xb3, 0x8b,
-    0x28, 0xe7, 0xa2, 0x02, 0x4b, 0xdc, 0x60, 0x2c, 0xbe, 0x62, 0x8e, 0x2c,
-    0xac, 0x3d, 0xe6, 0x22, 0xf8, 0xe5, 0xe3, 0x0c, 0x31, 0x25, 0xf9, 0xcb,
-    0xdf, 0xc4, 0x82, 0xcd, 0x05, 0xff, 0xff, 0xd1, 0xb4, 0xee, 0x06, 0x3a,
-    0xf7, 0xf0, 0xf9, 0xe2, 0x80, 0x02, 0x16, 0x5d, 0x3f, 0x8b, 0x2f, 0xbd,
-    0x36, 0x79, 0x65, 0x86, 0xb2, 0x86, 0x8c, 0x1c, 0x74, 0x71, 0x90, 0x91,
-    0xd4, 0x2b, 0x15, 0x1c, 0x72, 0x80, 0x4d, 0x28, 0x7c, 0xdf, 0xbe, 0x42,
-    0xa4, 0xfe, 0xea, 0xcb, 0x9d, 0xd6, 0x5b, 0xec, 0x79, 0x0e, 0x67, 0x7f,
-    0xff, 0x03, 0x51, 0x3b, 0x51, 0xee, 0xa5, 0x06, 0xe9, 0xcc, 0x59, 0x7c,
-    0x27, 0x1c, 0x0b, 0x2e, 0x9b, 0xeb, 0x2f, 0xfc, 0x79, 0xd8, 0xda, 0x63,
-    0xc1, 0xab, 0x29, 0x8f, 0x61, 0xc6, 0x2f, 0xfc, 0xd3, 0x4e, 0xfc, 0x36,
-    0x83, 0xb8, 0xb2, 0xa1, 0x33, 0xfd, 0x30, 0x7d, 0xec, 0x04, 0x17, 0xff,
-    0xee, 0xfe, 0x41, 0xf4, 0xe2, 0xcd, 0xdf, 0x36, 0x6e, 0xac, 0xb8, 0x3f,
-    0x59, 0x7e, 0x6d, 0xdd, 0x73, 0x8b, 0x2a, 0x11, 0x3e, 0x6a, 0xee, 0x85,
-    0xef, 0xe2, 0x0f, 0x9b, 0x68, 0x59, 0x7f, 0xa0, 0xa3, 0x90, 0xc7, 0x59,
-    0x79, 0xfd, 0xc5, 0x94, 0x69, 0xe6, 0x68, 0xc2, 0xf6, 0xe8, 0xe1, 0x65,
-    0x31, 0xe1, 0x04, 0x8e, 0xf7, 0xdc, 0x56, 0xb2, 0xfd, 0xbc, 0x32, 0xce,
-    0x2c, 0xbe, 0x03, 0x10, 0x56, 0x56, 0x1e, 0x58, 0x4a, 0xaf, 0xb0, 0x79,
-    0xb2, 0xcb, 0xed, 0xc9, 0xd1, 0x3d, 0x2c, 0xbf, 0xc5, 0x13, 0xf8, 0x4c,
-    0x6a, 0xcb, 0xfd, 0xe7, 0xeb, 0x8f, 0xd1, 0x8b, 0x2d, 0x0b, 0x2f, 0x34,
-    0x12, 0xca, 0xd1, 0xaa, 0xf0, 0x85, 0x4f, 0x4c, 0xa8, 0xd1, 0xc2, 0xc3,
-    0x08, 0x7b, 0x27, 0xea, 0x1c, 0x4d, 0x2d, 0x1f, 0x72, 0x12, 0x13, 0x46,
-    0xcb, 0xa8, 0x6e, 0x1c, 0xc3, 0xf0, 0xbb, 0x15, 0x90, 0x93, 0x5f, 0x88,
-    0x77, 0x91, 0x4f, 0x96, 0x08, 0x69, 0xba, 0xc1, 0x7e, 0xd6, 0x6f, 0x8e,
-    0x96, 0x5e, 0x2c, 0xf2, 0xcb, 0xff, 0xdd, 0x4b, 0x9c, 0x86, 0xeb, 0xde,
-    0x83, 0xac, 0xad, 0x22, 0x44, 0x8a, 0x8c, 0x1b, 0xbf, 0xf6, 0xd8, 0x50,
-    0x67, 0x8d, 0x7e, 0x2c, 0xbf, 0xd9, 0xbd, 0xdb, 0xbc, 0x25, 0x97, 0x17,
-    0xb0, 0xfc, 0xc9, 0x02, 0xfa, 0x30, 0x6c, 0xb2, 0x98, 0xf2, 0xcc, 0x2b,
-    0xbc, 0x1f, 0x71, 0x65, 0xff, 0x6e, 0x3f, 0xa6, 0x93, 0x6a, 0x65, 0x97,
-    0xfd, 0x12, 0x31, 0xf5, 0xe8, 0xc5, 0x97, 0xff, 0xff, 0xfd, 0xc9, 0xdf,
-    0xcd, 0xa0, 0xce, 0xa5, 0xc9, 0xc1, 0xef, 0x5a, 0x89, 0xd3, 0x1b, 0xd4,
-    0xe9, 0xdf, 0x9f, 0x59, 0x7f, 0x75, 0x3a, 0x6c, 0xce, 0xd6, 0x54, 0x2a,
-    0x81, 0xc8, 0x77, 0x76, 0x44, 0xe3, 0xa4, 0x7d, 0xe3, 0x80, 0xc2, 0xb2,
-    0xfd, 0xf8, 0x04, 0x6e, 0x2c, 0xb1, 0x8b, 0x2f, 0xe9, 0x48, 0xf3, 0x46,
-    0xea, 0xcb, 0x01, 0x65, 0x31, 0xff, 0x80, 0xa8, 0x84, 0x82, 0x65, 0x74,
-    0xfc, 0x2c, 0xbd, 0x06, 0xb2, 0xcb, 0xa0, 0xeb, 0x2e, 0x8e, 0x96, 0x50,
-    0xcd, 0x6c, 0xc2, 0xd4, 0x48, 0x84, 0xe0, 0xcf, 0x92, 0x6e, 0x9f, 0x9e,
-    0xd6, 0x5f, 0xfe, 0x04, 0x17, 0x73, 0xb0, 0x83, 0x2c, 0xe2, 0xcb, 0xfc,
-    0xfd, 0x03, 0x4d, 0xd0, 0x16, 0x5f, 0xf8, 0x27, 0x8c, 0xe1, 0x66, 0xf7,
-    0x59, 0x7f, 0x80, 0xe5, 0x9b, 0x09, 0x25, 0x95, 0xd2, 0x3c, 0xbe, 0x97,
-    0xc3, 0x5f, 0x1f, 0x5e, 0x9d, 0x2e, 0xd6, 0x5f, 0xe6, 0x9d, 0xc7, 0x8e,
-    0xa4, 0xb2, 0xff, 0xb9, 0x3b, 0x0a, 0x02, 0x2b, 0xe2, 0xca, 0x85, 0x59,
-    0xf9, 0x0b, 0xe3, 0x4b, 0xda, 0x31, 0x13, 0x9f, 0x7c, 0x80, 0x8d, 0x6f,
-    0xff, 0xed, 0x4e, 0x2c, 0xdf, 0x9a, 0x94, 0xe8, 0x1b, 0xcd, 0xc5, 0x97,
-    0xff, 0xb5, 0xf3, 0x1c, 0x73, 0x84, 0x00, 0x1b, 0x75, 0x65, 0xff, 0xd8,
-    0x66, 0xe9, 0xc2, 0xc7, 0xc2, 0x02, 0xcb, 0xff, 0xff, 0x75, 0x06, 0x96,
-    0x0f, 0xed, 0x34, 0xee, 0x67, 0x52, 0xd6, 0x18, 0xb2, 0x99, 0x17, 0x24,
-    0x8f, 0x58, 0x9c, 0x6b, 0xb0, 0x94, 0x61, 0x77, 0xde, 0x0c, 0x6c, 0xb2,
-    0xfe, 0x93, 0xeb, 0x8c, 0x35, 0x97, 0xf6, 0x7f, 0x0f, 0x1d, 0xac, 0xa8,
-    0x3d, 0xa9, 0x16, 0xdf, 0x9b, 0x4d, 0xbf, 0x16, 0x53, 0x23, 0x1b, 0xcf,
-    0xbb, 0xa4, 0x37, 0xd3, 0xf9, 0xa8, 0x59, 0x7f, 0x47, 0x3f, 0x05, 0xe5,
-    0x97, 0xff, 0xf7, 0x52, 0xe1, 0xf0, 0xa7, 0x6e, 0xb7, 0xf6, 0x6c, 0xd2,
-    0xcb, 0x6e, 0x2c, 0xbd, 0xec, 0xe2, 0xca, 0x92, 0x2f, 0x70, 0xb3, 0xb6,
-    0x10, 0x8a, 0x5f, 0xff, 0xe2, 0xce, 0xfe, 0xc5, 0x81, 0xeb, 0xd3, 0x9c,
-    0xcc, 0x35, 0x65, 0xff, 0xb3, 0xb7, 0xdb, 0xf9, 0xde, 0x12, 0xcb, 0x19,
-    0x39, 0x14, 0x7f, 0x64, 0xbf, 0xc6, 0x8c, 0x31, 0xf2, 0x85, 0x97, 0xf4,
-    0xb8, 0x68, 0x63, 0xa5, 0x97, 0xd8, 0x37, 0x92, 0xca, 0xe8, 0xf4, 0x4c,
-    0x30, 0xbe, 0xd4, 0x46, 0xcb, 0x2f, 0xa6, 0x8f, 0x3a, 0xcb, 0xfe, 0xda,
-    0x36, 0xe4, 0x4c, 0xdb, 0xd6, 0x5c, 0xe6, 0x71, 0x10, 0x21, 0x22, 0x10,
-    0x8a, 0xf6, 0xff, 0x08, 0xb2, 0xa1, 0x3b, 0x2c, 0x2c, 0x68, 0x42, 0x14,
-    0x29, 0x4c, 0x3d, 0xbf, 0xe6, 0xd6, 0xc1, 0x06, 0x16, 0x2c, 0xba, 0x63,
-    0xac, 0xbf, 0xd2, 0xe7, 0x83, 0x83, 0x9d, 0x31, 0xe8, 0x00, 0xe2, 0xff,
-    0xfb, 0x07, 0xf0, 0x99, 0xc6, 0xf7, 0xd9, 0xc0, 0xb2, 0xba, 0x44, 0xf1,
-    0x27, 0x5c, 0x79, 0x2c, 0xbf, 0xfd, 0x1a, 0xec, 0xd0, 0x63, 0x97, 0x52,
-    0xe2, 0xca, 0x91, 0xf1, 0xf0, 0x5e, 0xfb, 0x35, 0x07, 0x59, 0x78, 0xb3,
-    0x7c, 0xe3, 0xc3, 0x22, 0x2a, 0xd2, 0x3f, 0xb9, 0x0c, 0x9b, 0xfc, 0x46,
-    0x96, 0x37, 0x5e, 0x59, 0x6d, 0xeb, 0x2b, 0x0f, 0x1b, 0x86, 0x75, 0x08,
-    0x8f, 0x0b, 0x75, 0xf4, 0x67, 0xf8, 0xb2, 0xe6, 0xd9, 0x65, 0x81, 0x31,
-    0xb8, 0xf1, 0x0d, 0xfe, 0xec, 0xb0, 0x7f, 0x7e, 0x2c, 0xbf, 0x81, 0x84,
-    0x3f, 0xc2, 0xcb, 0xfb, 0xec, 0x40, 0x10, 0xeb, 0x29, 0x8f, 0x6b, 0xc5,
-    0x97, 0x0d, 0x96, 0x5f, 0xff, 0xdf, 0x6c, 0x2c, 0x61, 0xe4, 0x01, 0xfb,
-    0x7d, 0x2c, 0xbf, 0xdb, 0x41, 0xca, 0x3a, 0x02, 0xca, 0x84, 0xd3, 0xe5,
-    0x08, 0xde, 0xc8, 0x7a, 0x16, 0x75, 0x7b, 0xf7, 0xe7, 0x3e, 0x71, 0x65,
-    0x41, 0xfc, 0xe2, 0x85, 0x82, 0xb2, 0xfe, 0xf1, 0x44, 0xb3, 0xcb, 0x2f,
-    0x88, 0xb3, 0xcb, 0x2f, 0x18, 0xfc, 0x59, 0x79, 0xf5, 0x29, 0xc7, 0xd3,
-    0x05, 0x9f, 0x20, 0xa8, 0x65, 0x48, 0xe4, 0x3e, 0xba, 0x32, 0x68, 0x70,
-    0xea, 0x54, 0x97, 0xe5, 0x66, 0xba, 0xd1, 0x47, 0xe1, 0xc2, 0x00, 0xbd,
-    0x5b, 0x71, 0x65, 0xbc, 0xb2, 0xe8, 0x02, 0xcb, 0xff, 0xcc, 0x11, 0x5c,
-    0x4e, 0xe0, 0x40, 0x7c, 0xf2, 0xca, 0xe8, 0xf9, 0xb4, 0x2d, 0x7f, 0xe8,
-    0xef, 0x90, 0xdd, 0x7a, 0x0e, 0xb2, 0x96, 0x5e, 0xd0, 0x77, 0x16, 0x54,
-    0x8d, 0x5f, 0x82, 0xe8, 0x91, 0x16, 0x16, 0xab, 0xe0, 0x73, 0x6f, 0x2c,
-    0xbf, 0x9f, 0xf0, 0x51, 0x25, 0x97, 0xff, 0xfe, 0xf6, 0x41, 0x67, 0x64,
-    0xfb, 0x46, 0xb5, 0x1e, 0xfe, 0x0d, 0x65, 0xf6, 0xf2, 0xce, 0x4e, 0x44,
-    0xae, 0x15, 0xdf, 0xff, 0x61, 0x61, 0xbf, 0x79, 0x7c, 0xc7, 0x10, 0xeb,
-    0x2f, 0xfc, 0xe6, 0xce, 0xf3, 0xb9, 0x4e, 0xd9, 0x65, 0x42, 0x71, 0x2d,
-    0x0b, 0x9f, 0x9e, 0x12, 0x8d, 0xe7, 0xf7, 0x16, 0x5c, 0x1d, 0x96, 0x54,
-    0x8d, 0xa6, 0x87, 0x2f, 0xd9, 0x2f, 0xbc, 0x96, 0x5c, 0x5e, 0x98, 0xf2,
-    0x3e, 0x43, 0x7f, 0x9c, 0x84, 0xff, 0xe0, 0x6b, 0x2f, 0xff, 0xbd, 0xc8,
-    0xc9, 0xda, 0x8f, 0x37, 0x6c, 0x35, 0x97, 0xee, 0xe7, 0x0f, 0xa3, 0x16,
-    0x57, 0x0f, 0xfc, 0x2a, 0x37, 0xf8, 0xcf, 0xe1, 0x75, 0x06, 0xac, 0xbe,
-    0x0c, 0xce, 0x35, 0x97, 0xec, 0xf6, 0xb0, 0xc5, 0x96, 0xee, 0x71, 0xe5,
-    0xfc, 0x8e, 0xa1, 0x15, 0x6d, 0x08, 0x0b, 0xb5, 0x25, 0x97, 0xf8, 0xd7,
-    0xe6, 0x78, 0x4d, 0x96, 0x5f, 0x4e, 0xec, 0xc8, 0x59, 0x52, 0x3d, 0xc3,
-    0x9b, 0x54, 0x2a, 0x68, 0xe8, 0xb9, 0xa1, 0x65, 0xa8, 0x66, 0x9c, 0x99,
-    0xdc, 0xef, 0xe3, 0x45, 0x1a, 0x68, 0x35, 0x65, 0xf8, 0x64, 0xef, 0xf5,
-    0x94, 0x47, 0xb3, 0xc3, 0x3b, 0xf6, 0x73, 0xcf, 0xa5, 0x97, 0xff, 0xb9,
-    0x8e, 0x53, 0xb9, 0xd4, 0x14, 0x71, 0x65, 0xa5, 0xf3, 0xf1, 0xf1, 0x3d,
-    0xfd, 0x03, 0x8f, 0xc4, 0x96, 0x5f, 0xe8, 0xf4, 0xe7, 0xed, 0xb7, 0xac,
-    0xad, 0x1f, 0x19, 0x16, 0x5f, 0xff, 0xf9, 0xba, 0xf3, 0xfc, 0xb0, 0x7f,
-    0x69, 0xb9, 0xde, 0x31, 0x4c, 0xb2, 0xff, 0xfa, 0x3d, 0x38, 0x83, 0xbb,
-    0x3b, 0x3d, 0x3f, 0x9e, 0x59, 0x50, 0x9b, 0x93, 0x42, 0x2f, 0x44, 0x21,
-    0x6d, 0xb9, 0xfc, 0xb2, 0xff, 0xef, 0xc1, 0xb3, 0xbc, 0x4f, 0xe8, 0xf2,
-    0xcb, 0xfd, 0x3b, 0xa9, 0x37, 0xc2, 0x75, 0x95, 0xf4, 0x49, 0x80, 0x58,
-    0x91, 0xaf, 0xc6, 0x3f, 0xe6, 0x9e, 0xd6, 0x5f, 0xf6, 0x0e, 0x77, 0x8d,
-    0x63, 0x38, 0xb2, 0xd9, 0xa3, 0xec, 0xde, 0x5f, 0x7f, 0x3f, 0xcd, 0x8d,
-    0x3a, 0xcb, 0xff, 0x6a, 0x69, 0xdc, 0x86, 0xd9, 0xfc, 0xb2, 0xa1, 0x33,
-    0x31, 0xc2, 0x6c, 0x8a, 0x42, 0x5b, 0x73, 0x81, 0x65, 0xff, 0xf4, 0xe2,
-    0x8e, 0x46, 0xc5, 0x83, 0xfb, 0x4c, 0xb2, 0xff, 0xff, 0xee, 0x68, 0xa2,
-    0x69, 0xc2, 0x79, 0xa5, 0x9d, 0x7b, 0x37, 0x96, 0x71, 0x65, 0x69, 0x19,
-    0x04, 0xa3, 0x5e, 0x4c, 0x00, 0x30, 0xde, 0xa5, 0x94, 0xb2, 0xfe, 0x86,
-    0x27, 0xd1, 0xab, 0x2e, 0xf4, 0xe3, 0x4d, 0xbf, 0xc2, 0xee, 0x9a, 0x4b,
-    0x2a, 0x11, 0x15, 0xd2, 0x16, 0x8c, 0x2f, 0xfe, 0x2f, 0x73, 0x7b, 0x7a,
-    0x30, 0xa6, 0x59, 0x7e, 0xd3, 0x72, 0x3a, 0x59, 0x58, 0x7d, 0xae, 0x8b,
-    0x7f, 0xfe, 0x97, 0x00, 0x19, 0xa7, 0x63, 0x69, 0x8f, 0x06, 0xac, 0xbf,
-    0x85, 0x33, 0x49, 0xbd, 0xc5, 0x97, 0xb8, 0x27, 0x16, 0x56, 0xc7, 0xa2,
-    0x73, 0x3b, 0xa0, 0x0b, 0x2f, 0xc5, 0xef, 0xe6, 0xea, 0xcb, 0xf4, 0xdc,
-    0x7d, 0x1a, 0xb2, 0xf3, 0x99, 0xa8, 0x3d, 0x4c, 0x2a, 0xbf, 0xe2, 0x36,
-    0x26, 0x62, 0x83, 0xac, 0xbf, 0x8d, 0x79, 0x14, 0x1d, 0x65, 0x41, 0xf2,
-    0xb1, 0xc5, 0x49, 0x50, 0x77, 0x44, 0x0d, 0x0a, 0xa9, 0x88, 0xf4, 0xd5,
-    0xf8, 0x4b, 0xdf, 0x37, 0x6f, 0xa5, 0x97, 0x8e, 0xe6, 0x2c, 0xb7, 0x24,
-    0x6f, 0xdc, 0x8a, 0xff, 0x30, 0xf0, 0xa5, 0xfc, 0x59, 0x7f, 0xfe, 0xe4,
-    0xec, 0x63, 0x27, 0x16, 0x00, 0xb1, 0xe6, 0x59, 0x7f, 0xdf, 0x6d, 0x4d,
-    0xf7, 0xcd, 0x2c, 0xbf, 0xff, 0xff, 0x81, 0xc2, 0xc7, 0xea, 0x70, 0xfe,
-    0x19, 0xc5, 0x9d, 0x4b, 0x03, 0xb1, 0x63, 0xf4, 0xb2, 0xb1, 0x31, 0xfe,
-    0xd6, 0x18, 0xe6, 0xe7, 0xed, 0x51, 0x4c, 0x2c, 0x6a, 0xca, 0x73, 0x6c,
-    0x12, 0x4b, 0xf6, 0xce, 0x7e, 0x4f, 0xac, 0xa8, 0x54, 0x51, 0xb1, 0x36,
-    0x46, 0xa1, 0xdb, 0x33, 0x10, 0x5f, 0xff, 0xef, 0x70, 0x4e, 0x4e, 0xc9,
-    0x7e, 0x1b, 0x40, 0x3b, 0xc9, 0x65, 0xff, 0x17, 0x52, 0xe7, 0xa3, 0x53,
-    0x2c, 0xbf, 0xf7, 0x5d, 0x85, 0xff, 0x9e, 0x7f, 0xac, 0xac, 0x3f, 0xbf,
-    0x1d, 0xdf, 0xf9, 0xfa, 0xc6, 0xd3, 0x1e, 0x0d, 0x59, 0x7b, 0x18, 0x0b,
-    0x2d, 0x8b, 0x2d, 0x80, 0x35, 0x7b, 0xc6, 0xe9, 0x65, 0xda, 0xc5, 0x96,
-    0xe8, 0x8f, 0x27, 0x85, 0x01, 0x0b, 0xac, 0x4f, 0x9d, 0xa1, 0xbf, 0xa2,
-    0x17, 0x85, 0x95, 0xec, 0x0e, 0x96, 0x5a, 0x65, 0x97, 0xc1, 0xce, 0x89,
-    0x65, 0x6c, 0x6d, 0x0e, 0x25, 0x63, 0x16, 0x5c, 0xc3, 0x59, 0x5b, 0x86,
-    0xa3, 0x82, 0x57, 0x0e, 0x65, 0x97, 0xfd, 0xac, 0x1f, 0xe0, 0xc3, 0x85,
-    0x65, 0xfd, 0xfc, 0x1b, 0x17, 0x96, 0x5b, 0x65, 0x97, 0x7f, 0x8b, 0x28,
-    0xd3, 0x52, 0xe2, 0x55, 0x09, 0x9b, 0x62, 0x51, 0xc9, 0x3e, 0x31, 0xe3,
-    0xa3, 0x15, 0x6f, 0xdf, 0x09, 0xb9, 0xb2, 0xcb, 0xf6, 0x1c, 0xee, 0x75,
-    0x97, 0x1c, 0x0b, 0x2e, 0xfb, 0xce, 0x45, 0xf8, 0xd5, 0xf4, 0x54, 0x02,
-    0x7b, 0xfb, 0x51, 0xe2, 0x70, 0x2c, 0xad, 0x1f, 0xb6, 0xea, 0x55, 0xfe,
-    0x9d, 0xd4, 0x8a, 0x33, 0x8b, 0x2b, 0xa5, 0x62, 0xad, 0x2a, 0xed, 0xc9,
-    0x6f, 0xff, 0xc0, 0x6e, 0x4e, 0xfb, 0xf3, 0xd1, 0x37, 0x3f, 0x8b, 0x29,
-    0x65, 0xfc, 0x16, 0x1b, 0x13, 0x2c, 0xb1, 0xac, 0x6d, 0x8e, 0x17, 0x7e,
-    0x7e, 0x7d, 0xe4, 0xb2, 0xf9, 0xe4, 0xc7, 0x59, 0x7e, 0xed, 0xf5, 0x9d,
-    0xac, 0xbf, 0xe0, 0xf5, 0x2e, 0x4e, 0xe7, 0xbb, 0x59, 0x7f, 0x17, 0xa5,
-    0x80, 0xe2, 0xcb, 0xc6, 0xbf, 0x27, 0x22, 0x57, 0x45, 0x2e, 0x7f, 0x5f,
-    0x47, 0xcf, 0xa1, 0x6d, 0x5a, 0x4d, 0xbf, 0xe4, 0xe6, 0x46, 0x41, 0x7f,
-    0x37, 0xdd, 0xb6, 0x85, 0x97, 0xa5, 0x1d, 0x2c, 0xbf, 0x8d, 0xd6, 0xb3,
-    0xae, 0x2c, 0xbf, 0xff, 0x16, 0x75, 0xe9, 0xdf, 0x7d, 0xf3, 0x87, 0xf0,
-    0xec, 0xb2, 0xfd, 0xf8, 0xdb, 0x0c, 0x59, 0x63, 0xc2, 0x21, 0xc6, 0xbd,
-    0x7f, 0x67, 0x24, 0xc0, 0xc5, 0x97, 0xa5, 0x9e, 0x59, 0x52, 0x3c, 0x8f,
-    0x16, 0x54, 0x27, 0x95, 0x87, 0x1d, 0x16, 0x30, 0xeb, 0xc2, 0xdc, 0x2e,
-    0x17, 0xef, 0xb7, 0x23, 0xa5, 0x97, 0xee, 0xbb, 0x28, 0xde, 0xb2, 0xfe,
-    0x7d, 0x4d, 0x26, 0xfa, 0xcb, 0xfc, 0x1d, 0xbe, 0xdb, 0xf2, 0x65, 0x97,
-    0xf0, 0x9f, 0xfc, 0x17, 0x6b, 0x2f, 0x8a, 0x0f, 0xc5, 0x97, 0x3f, 0x5c,
-    0x3d, 0x0f, 0x17, 0xd4, 0x26, 0x6d, 0x85, 0x0e, 0x57, 0xc2, 0xe0, 0xc2,
-    0x1e, 0xee, 0x71, 0x65, 0xb1, 0x65, 0xff, 0x31, 0xad, 0xe2, 0xcd, 0xd9,
-    0xda, 0x34, 0xfb, 0xc5, 0xef, 0xf3, 0x10, 0x30, 0xef, 0xd2, 0xca, 0x99,
-    0x10, 0xfb, 0xd5, 0x6f, 0xff, 0xf1, 0x67, 0x7e, 0xf4, 0x7b, 0x93, 0x16,
-    0x19, 0x3a, 0x27, 0xa5, 0x97, 0xfe, 0xee, 0x0f, 0xfc, 0xe6, 0x31, 0x2c,
-    0xa8, 0x45, 0x37, 0xda, 0x6f, 0xda, 0x8d, 0xf1, 0xa5, 0x97, 0xd1, 0xde,
-    0x1d, 0x65, 0xfe, 0x9d, 0x9c, 0xe3, 0x61, 0x8b, 0x2c, 0xd3, 0x1e, 0xbe,
-    0x88, 0xaf, 0xe7, 0x29, 0xc3, 0x82, 0x59, 0x50, 0x9e, 0x1e, 0x43, 0x31,
-    0x88, 0xb9, 0x08, 0x00, 0x94, 0x5f, 0x61, 0xe3, 0xb5, 0x97, 0xf7, 0x6d,
-    0xb6, 0x75, 0xe5, 0x96, 0x89, 0x1e, 0x91, 0x84, 0x57, 0xa3, 0x52, 0x59,
-    0x7f, 0xff, 0xb4, 0x1e, 0xa5, 0xc9, 0xd0, 0x43, 0xfc, 0x4f, 0xe6, 0xa1,
-    0x65, 0x4f, 0x0e, 0x85, 0x90, 0x55, 0x0a, 0x43, 0xbe, 0xd0, 0xae, 0x94,
-    0x75, 0x63, 0x96, 0x49, 0x90, 0xba, 0x36, 0x50, 0x27, 0x72, 0x81, 0xfa,
-    0x8d, 0x05, 0xa1, 0x67, 0x34, 0xaa, 0xbd, 0x4a, 0xcb, 0x3c, 0xa3, 0x8f,
-    0xcb, 0x5a, 0x01, 0xc1, 0x4b, 0xc7, 0xe4, 0x72, 0x1e, 0x95, 0x7d, 0xbe,
-    0x14, 0x86, 0x14, 0x6e, 0x8e, 0x5e, 0xdb, 0x36, 0x59, 0x7f, 0xda, 0x73,
-    0x27, 0x38, 0xdf, 0x65, 0x97, 0xa5, 0xd7, 0x6b, 0x2f, 0xe7, 0x32, 0x62,
-    0x61, 0xac, 0xba, 0x40, 0x59, 0x76, 0xc7, 0x59, 0x53, 0x8d, 0x7b, 0x0b,
-    0xdf, 0xff, 0x89, 0xb6, 0x9c, 0xd8, 0x59, 0xde, 0xef, 0xb0, 0xeb, 0x2f,
-    0x1e, 0x3b, 0x59, 0x7b, 0xaf, 0xe4, 0xc7, 0xec, 0x05, 0x9b, 0xff, 0xfb,
-    0x36, 0x72, 0xf7, 0x23, 0xb9, 0xc7, 0x3b, 0x17, 0x6b, 0x2f, 0xe9, 0x72,
-    0x69, 0x44, 0xcb, 0x28, 0x68, 0x8e, 0xe9, 0x7a, 0xfe, 0x1f, 0x1e, 0x3a,
-    0x92, 0xca, 0x83, 0xd2, 0x72, 0x4b, 0xfd, 0x37, 0xda, 0x0e, 0xe3, 0x59,
-    0x7f, 0xa7, 0x6b, 0x1b, 0xf0, 0x35, 0x95, 0x07, 0xce, 0x46, 0x75, 0x8a,
-    0xca, 0x8d, 0x1e, 0x63, 0xcd, 0x0f, 0xfd, 0x75, 0xe1, 0x30, 0x51, 0x8a,
-    0x86, 0x10, 0xf7, 0xd8, 0x46, 0xee, 0x2c, 0xbf, 0xff, 0xff, 0x7d, 0xbd,
-    0xfc, 0xd4, 0x6f, 0x9c, 0x70, 0xee, 0xce, 0xce, 0xa5, 0x81, 0x20, 0x71,
-    0x65, 0xbc, 0xc8, 0xb2, 0xe1, 0x2d, 0xff, 0xf1, 0x4d, 0xf8, 0x6d, 0x31,
-    0xda, 0x7e, 0x0e, 0xb2, 0xe6, 0x3a, 0xca, 0x63, 0xe7, 0x99, 0x46, 0xff,
-    0xc7, 0x3b, 0x4d, 0xf7, 0x28, 0x85, 0x97, 0xf9, 0xe5, 0x37, 0xdb, 0xaf,
-    0x2c, 0xbf, 0xe9, 0x04, 0xbd, 0x1b, 0xdf, 0xeb, 0x2f, 0xfd, 0x1d, 0xce,
-    0x27, 0xe1, 0xe0, 0x96, 0x5f, 0xa0, 0xbd, 0x38, 0x6b, 0x2f, 0xde, 0x9c,
-    0x0e, 0x80, 0xb2, 0x98, 0xf5, 0x42, 0x53, 0x7f, 0xfb, 0xed, 0xdf, 0xf2,
-    0x77, 0x03, 0xf8, 0xdc, 0x59, 0x7f, 0x14, 0x75, 0x26, 0x25, 0x94, 0xb2,
-    0xff, 0x67, 0xcb, 0x3d, 0xf6, 0x59, 0x43, 0x3e, 0x82, 0x2c, 0xf0, 0x5d,
-    0xff, 0x7a, 0x25, 0xc9, 0xa5, 0x1b, 0x2c, 0xb6, 0x62, 0x64, 0x3d, 0x42,
-    0xe3, 0xc5, 0xd7, 0xff, 0xde, 0xfe, 0x02, 0x71, 0xe3, 0x3c, 0x3c, 0x25,
-    0x96, 0xd2, 0xcb, 0x18, 0xb2, 0xfe, 0x71, 0xeb, 0x41, 0xd9, 0x65, 0xfa,
-    0x30, 0xbd, 0x3e, 0xb2, 0xd3, 0xc2, 0xca, 0xc4, 0x48, 0x9a, 0x23, 0xd8,
-    0x91, 0xcb, 0xf8, 0x53, 0x7d, 0xe6, 0xd6, 0x2c, 0xb7, 0x53, 0x8f, 0xb3,
-    0x12, 0xed, 0xcc, 0x4d, 0xdd, 0xe3, 0x4d, 0xa1, 0xae, 0x12, 0xcc, 0x6a,
-    0x73, 0xaf, 0xc2, 0x50, 0xa3, 0x42, 0xf4, 0x76, 0x57, 0xff, 0xff, 0x9b,
-    0x0f, 0x9f, 0x6c, 0x3c, 0xe2, 0xcf, 0x7f, 0x25, 0xf6, 0xc3, 0xac, 0xbf,
-    0xff, 0xfa, 0x4d, 0xc2, 0xcd, 0xff, 0xc9, 0xbf, 0x05, 0x34, 0xe7, 0xed,
-    0xb7, 0xac, 0xbf, 0xfc, 0xd8, 0x61, 0x67, 0x33, 0xff, 0x6e, 0x2c, 0xb6,
-    0x74, 0x8c, 0x0f, 0x3c, 0x5f, 0xff, 0xcd, 0x86, 0x16, 0x6d, 0x81, 0xf1,
-    0x39, 0xaf, 0xc5, 0x97, 0xfe, 0xcd, 0x7e, 0x27, 0x3f, 0x83, 0x0b, 0x2f,
-    0xff, 0xff, 0x41, 0x85, 0x9b, 0xff, 0x9a, 0xd6, 0x7b, 0x9b, 0xbe, 0x8e,
-    0x7d, 0xb1, 0x65, 0x32, 0x2e, 0xb4, 0x7f, 0x7f, 0xff, 0xd8, 0x46, 0xce,
-    0xd4, 0x6f, 0x6f, 0x73, 0x0d, 0x6d, 0x3f, 0x4b, 0x2b, 0xea, 0xbf, 0xca,
-    0x33, 0x5e, 0x14, 0xfa, 0x31, 0x41, 0x08, 0xa9, 0x95, 0xe1, 0x06, 0x5b,
-    0x55, 0xff, 0xe6, 0x1c, 0xe3, 0xb4, 0xe8, 0x1b, 0xcd, 0xc5, 0x97, 0xef,
-    0xb7, 0xb0, 0xeb, 0x2d, 0x25, 0x94, 0x29, 0x37, 0x12, 0x27, 0xb6, 0xa1,
-    0x15, 0x7b, 0x42, 0x1a, 0xff, 0xff, 0x6d, 0xf7, 0x29, 0xa7, 0x7f, 0xb6,
-    0xe6, 0x0f, 0x6c, 0x31, 0x65, 0xfa, 0x51, 0xd4, 0xb8, 0xb2, 0xff, 0xff,
-    0xff, 0xd8, 0x46, 0xce, 0x6f, 0x84, 0x5c, 0xcd, 0xe8, 0x39, 0x39, 0xbf,
-    0x61, 0x79, 0xfe, 0x81, 0x03, 0x49, 0x7f, 0xff, 0xe6, 0x30, 0x61, 0xd4,
-    0xe0, 0xc6, 0xdc, 0xef, 0xe1, 0xff, 0x4e, 0x62, 0xcb, 0xff, 0xfb, 0x37,
-    0xc1, 0x4e, 0xe3, 0x69, 0xc0, 0xe5, 0x34, 0x2c, 0xae, 0xd1, 0xa3, 0xf7,
-    0x5b, 0x6d, 0xd2, 0x77, 0xec, 0x53, 0xc8, 0xdc, 0xab, 0x15, 0x32, 0x06,
-    0x51, 0x35, 0xfc, 0x69, 0x67, 0xbe, 0xcb, 0x2e, 0x1e, 0x2c, 0xa8, 0x66,
-    0x55, 0xe4, 0x23, 0xd8, 0x8b, 0xf4, 0x82, 0x47, 0x86, 0xb1, 0x4a, 0x92,
-    0x09, 0x5c, 0xf9, 0x6d, 0xb7, 0x56, 0x58, 0xeb, 0x2f, 0xf3, 0xcb, 0x0e,
-    0xe4, 0x05, 0x97, 0xd9, 0xf8, 0x99, 0x65, 0x4f, 0x07, 0xc9, 0xf1, 0x17,
-    0x31, 0xbb, 0x98, 0xb2, 0xe3, 0xf7, 0x38, 0xf2, 0x58, 0xce, 0xdb, 0x8b,
-    0x2f, 0xff, 0xfe, 0xec, 0xb3, 0x7c, 0xee, 0x36, 0x10, 0x27, 0x16, 0x6f,
-    0x2c, 0xe6, 0xf5, 0x97, 0xce, 0x76, 0xe2, 0xcb, 0xf7, 0xdc, 0xed, 0xc5,
-    0x95, 0xf3, 0xc8, 0xe1, 0x0d, 0x69, 0x1c, 0x65, 0x0c, 0x1b, 0xff, 0xdf,
-    0x0e, 0x11, 0xb3, 0xbd, 0xd4, 0xb0, 0x96, 0x5f, 0xec, 0x73, 0xce, 0x9f,
-    0x83, 0xac, 0xbf, 0xfd, 0x28, 0xe7, 0xc3, 0xac, 0xf7, 0x98, 0xeb, 0x28,
-    0x68, 0xce, 0xed, 0x37, 0xa3, 0x7b, 0xff, 0x16, 0x04, 0xdd, 0x34, 0x1f,
-    0x16, 0x5f, 0xff, 0x83, 0x13, 0x8b, 0x07, 0xf6, 0x34, 0x70, 0x68, 0x16,
-    0x56, 0x27, 0x79, 0xa8, 0x7a, 0x9c, 0xc8, 0x8f, 0x6f, 0xff, 0x7b, 0xf9,
-    0xbb, 0xe9, 0xb3, 0x71, 0xc8, 0x0b, 0x2f, 0xf4, 0x1d, 0xcb, 0xa9, 0x42,
-    0xca, 0x24, 0x41, 0x79, 0x42, 0xff, 0xec, 0x60, 0x4e, 0x2c, 0xde, 0xda,
-    0x75, 0x94, 0xc7, 0xcf, 0xe2, 0x2b, 0xe3, 0x27, 0x72, 0x65, 0x96, 0xf2,
-    0xca, 0x83, 0x70, 0xe4, 0xf7, 0xfe, 0x2d, 0x8b, 0x37, 0xf0, 0x31, 0xd2,
-    0xcb, 0xfe, 0xfc, 0x75, 0x38, 0x54, 0xde, 0x06, 0x59, 0x7e, 0xf7, 0x52,
-    0x69, 0xf5, 0x94, 0x33, 0xef, 0xe2, 0x1d, 0x42, 0x34, 0xb6, 0x85, 0x85,
-    0x49, 0x75, 0x3d, 0xa5, 0x59, 0xf2, 0x32, 0xaf, 0x2c, 0x86, 0x1e, 0x37,
-    0xed, 0xfb, 0xbe, 0xcf, 0xac, 0xbf, 0xf6, 0x70, 0x30, 0x6f, 0x23, 0x53,
-    0x2c, 0xa6, 0x3e, 0xd3, 0x0b, 0x6f, 0xb5, 0x27, 0x1a, 0xcb, 0x9f, 0xb5,
-    0x97, 0xed, 0x64, 0xfb, 0x01, 0x65, 0xfe, 0xef, 0xed, 0xf2, 0x0e, 0xcb,
-    0x2f, 0xd1, 0xd0, 0x35, 0x0b, 0x2a, 0x47, 0xbb, 0xe3, 0x5a, 0xd9, 0x15,
-    0x25, 0x08, 0x7b, 0xde, 0xc1, 0x5a, 0xca, 0x14, 0xa6, 0x11, 0x10, 0xc0,
-    0xc2, 0x8b, 0xfd, 0x19, 0xe0, 0x08, 0x52, 0x59, 0x76, 0x7d, 0x65, 0x11,
-    0xe4, 0xcf, 0x99, 0xdc, 0x6c, 0x2c, 0xbb, 0x06, 0xb2, 0xa7, 0xa6, 0x49,
-    0x4e, 0xd0, 0xc1, 0x94, 0xeb, 0xfe, 0x43, 0x2d, 0xc8, 0xb9, 0x19, 0x57,
-    0xa1, 0x02, 0x12, 0x4d, 0xe2, 0xf7, 0xe6, 0xf7, 0x30, 0x0b, 0x2f, 0xdf,
-    0xcd, 0xed, 0xbd, 0x65, 0xff, 0xff, 0x89, 0xfd, 0xf8, 0x9a, 0x71, 0x67,
-    0xdb, 0xdc, 0x0f, 0x61, 0x85, 0x97, 0x60, 0x16, 0x5f, 0xfc, 0x40, 0x2c,
-    0x69, 0xbf, 0x04, 0x6a, 0xca, 0x63, 0xd9, 0x71, 0x6b, 0xfa, 0x5c, 0xf3,
-    0x47, 0x4b, 0x2f, 0xff, 0xf9, 0xe6, 0x9d, 0xce, 0x67, 0xf5, 0xac, 0x30,
-    0xb0, 0xc7, 0x02, 0xcb, 0xf4, 0x17, 0xde, 0x4b, 0x2f, 0xfb, 0xd9, 0xb4,
-    0x71, 0xb5, 0x8b, 0x2f, 0x40, 0xe1, 0x65, 0x0c, 0xfe, 0x7a, 0x26, 0x39,
-    0xc5, 0x2c, 0xa5, 0x97, 0xfd, 0xec, 0xda, 0x38, 0xda, 0xc5, 0x97, 0xa0,
-    0x70, 0xb2, 0xf7, 0x1e, 0x69, 0xc8, 0x99, 0x83, 0x0c, 0x0b, 0xe8, 0x2c,
-    0xe7, 0x16, 0xc2, 0x4f, 0x67, 0xd1, 0xbe, 0x5f, 0x4f, 0x02, 0xa8, 0x51,
-    0x3c, 0x2c, 0xbe, 0x67, 0x21, 0xac, 0xb1, 0x93, 0x8f, 0x5c, 0x66, 0xf7,
-    0xec, 0x7e, 0xa5, 0xc5, 0x97, 0xf3, 0xcd, 0xec, 0x2f, 0x2c, 0xa0, 0x1e,
-    0xa9, 0x85, 0x15, 0x24, 0xca, 0x1a, 0x10, 0xbc, 0x84, 0x05, 0xf7, 0x7f,
-    0x6e, 0xd6, 0x5f, 0x07, 0xf0, 0x75, 0x97, 0xff, 0xc1, 0xd6, 0xa0, 0xb0,
-    0xd6, 0xff, 0xf0, 0x45, 0x95, 0x08, 0x96, 0xc2, 0x4d, 0x11, 0x5f, 0x7e,
-    0x02, 0x4b, 0x2f, 0x82, 0xfd, 0x79, 0x65, 0xc5, 0xe5, 0x97, 0xff, 0xff,
-    0x1b, 0x9a, 0xd3, 0x1e, 0x74, 0xd2, 0x09, 0xfa, 0x97, 0x39, 0x1a, 0xed,
-    0x65, 0xdf, 0x75, 0x96, 0x76, 0x44, 0x86, 0xf7, 0xab, 0xf4, 0x31, 0xb0,
-    0x75, 0x97, 0xb4, 0xdd, 0x2c, 0xbc, 0x11, 0xc2, 0xcb, 0xff, 0xe6, 0x1b,
-    0x3f, 0x99, 0xfd, 0x3b, 0x8d, 0x32, 0xca, 0x92, 0xf9, 0x48, 0xc9, 0xf0,
-    0xac, 0xd8, 0x63, 0xf4, 0x41, 0x34, 0xb2, 0xfd, 0x43, 0x40, 0xe5, 0xdf,
-    0x21, 0x72, 0x32, 0x85, 0x37, 0x0a, 0x7c, 0x4f, 0xbc, 0x76, 0x7c, 0x72,
-    0xdb, 0xab, 0x2f, 0x6d, 0x1b, 0x2c, 0xa5, 0x97, 0xf6, 0x1c, 0x7f, 0xce,
-    0x2c, 0xbf, 0x6d, 0x3b, 0xb6, 0xd9, 0x65, 0xfd, 0xce, 0xfb, 0x72, 0x35,
-    0x65, 0x4f, 0x34, 0x4a, 0xec, 0x17, 0xa2, 0xdf, 0x16, 0xdf, 0xe2, 0x9d,
-    0xbf, 0xa9, 0x72, 0x65, 0x97, 0xff, 0xf8, 0x7f, 0xcf, 0x79, 0xcb, 0xbc,
-    0x6d, 0x31, 0xe0, 0xd5, 0x97, 0x6d, 0xd2, 0xcb, 0xf7, 0xdf, 0x72, 0x00,
-    0xb2, 0x86, 0x8d, 0xd6, 0x3a, 0x76, 0x0d, 0xd1, 0x9b, 0xf4, 0xe1, 0x36,
-    0x8d, 0x96, 0x5f, 0x8b, 0x3e, 0xfe, 0x59, 0x52, 0x3d, 0x39, 0x8b, 0x6f,
-    0xe3, 0x5b, 0xae, 0x07, 0x8b, 0x2b, 0x47, 0xa6, 0x44, 0x75, 0x0a, 0x89,
-    0xb2, 0x32, 0x16, 0x87, 0x25, 0xfe, 0x89, 0xc5, 0x9b, 0xf3, 0xeb, 0x2c,
-    0xcb, 0x2f, 0xf8, 0x25, 0x3a, 0x66, 0xd8, 0x33, 0x2c, 0xbf, 0xb0, 0x73,
-    0x4a, 0x37, 0x16, 0x5f, 0xf1, 0xc9, 0xcd, 0xfb, 0x6c, 0x75, 0x97, 0xfc,
-    0x7e, 0x3c, 0xdb, 0xbf, 0xcd, 0x96, 0x54, 0x1f, 0xc6, 0x1d, 0x56, 0xc9,
-    0x83, 0xe8, 0xfb, 0xd0, 0xa9, 0xbb, 0x09, 0x65, 0xe9, 0x40, 0x16, 0x5b,
-    0x43, 0x36, 0x38, 0x2b, 0x7c, 0x0e, 0x6e, 0x76, 0xb2, 0x98, 0xf3, 0x42,
-    0x4d, 0x7e, 0x06, 0x78, 0x4d, 0x96, 0x5f, 0xe2, 0xc3, 0x37, 0x7d, 0x9f,
-    0x59, 0x7f, 0x73, 0x3f, 0xe6, 0x35, 0x65, 0xff, 0x73, 0xe1, 0x9a, 0x71,
-    0x9b, 0x9d, 0x2c, 0xb1, 0x93, 0x22, 0x9f, 0x86, 0xde, 0x2e, 0xb7, 0x96,
-    0x5b, 0x8b, 0x2f, 0xc6, 0x7b, 0x3f, 0x38, 0xd3, 0x45, 0xd0, 0x8d, 0xed,
-    0xa4, 0x6a, 0xca, 0x84, 0xe3, 0x72, 0x1a, 0x2e, 0xb4, 0x14, 0x3a, 0x14,
-    0x2f, 0x8b, 0x40, 0xa4, 0xa5, 0x6c, 0x9a, 0x75, 0xd9, 0xab, 0x46, 0x2f,
-    0xf8, 0x5a, 0x94, 0x75, 0xd7, 0xff, 0x49, 0xf9, 0x9b, 0x3f, 0xb6, 0xc3,
-    0x16, 0x5f, 0xf6, 0x7e, 0x70, 0x8f, 0xb9, 0xfc, 0x59, 0x7f, 0x7f, 0x3b,
-    0x94, 0x1d, 0x65, 0xfe, 0xfe, 0x49, 0xcb, 0x3a, 0x59, 0x58, 0x7c, 0x1e,
-    0x2e, 0xbf, 0xff, 0xf4, 0xa3, 0x6e, 0xa5, 0xc6, 0x36, 0x77, 0x33, 0xb6,
-    0x38, 0x75, 0xb2, 0xcb, 0xfd, 0x86, 0x4e, 0xfb, 0x61, 0xd6, 0x5f, 0xff,
-    0x6d, 0x8c, 0x5e, 0x2c, 0xdf, 0x3b, 0x86, 0x12, 0xcb, 0x9c, 0x1b, 0x22,
-    0x23, 0x86, 0xb5, 0xd2, 0x65, 0x65, 0x0f, 0xcb, 0xfb, 0xf8, 0x5d, 0x41,
-    0xab, 0x2f, 0xe7, 0x2f, 0x07, 0x5b, 0x2c, 0xa6, 0x55, 0x6a, 0x04, 0x62,
-    0x84, 0xf7, 0xa3, 0x4c, 0x30, 0xa4, 0x42, 0xeb, 0x87, 0xba, 0xb2, 0xf6,
-    0x34, 0xcb, 0x2f, 0xfc, 0xd9, 0x34, 0xee, 0x47, 0xdf, 0x71, 0x65, 0xff,
-    0x63, 0xf5, 0xfc, 0xf0, 0x1d, 0x65, 0xff, 0xa3, 0xf3, 0xb5, 0x9b, 0x63,
-    0x9d, 0x65, 0xff, 0xee, 0x07, 0x0a, 0x71, 0x67, 0xfe, 0xe3, 0x59, 0x7f,
-    0xb3, 0x69, 0xd3, 0x6c, 0x0d, 0x2c, 0xa9, 0x22, 0x0f, 0xc9, 0x57, 0xc5,
-    0x1a, 0x85, 0x97, 0xff, 0xf0, 0xe7, 0x71, 0xa7, 0xe0, 0x81, 0xfc, 0x2c,
-    0x6f, 0xac, 0xbf, 0xfc, 0xd3, 0xf0, 0x40, 0xfe, 0x16, 0x37, 0xd6, 0x5f,
-    0x16, 0x1e, 0x71, 0x22, 0x9b, 0x8b, 0xb7, 0xfd, 0xd6, 0x47, 0x53, 0x14,
-    0x1d, 0x65, 0xfd, 0xd7, 0x3f, 0x8f, 0xa5, 0x97, 0xff, 0xfe, 0x63, 0xe9,
-    0xb3, 0xa2, 0x0f, 0xa3, 0xf3, 0xb7, 0xb7, 0xa6, 0x85, 0x94, 0xe8, 0x9e,
-    0xf1, 0x75, 0xff, 0xa0, 0xbd, 0x12, 0x62, 0x36, 0x16, 0x56, 0xca, 0xec,
-    0xc6, 0x38, 0x6a, 0x1f, 0x67, 0x1d, 0x43, 0x0d, 0x88, 0xe6, 0x86, 0x37,
-    0xce, 0xbd, 0x0d, 0x8d, 0xe4, 0x57, 0xff, 0xd8, 0xfb, 0x7e, 0x1b, 0xdc,
-    0x8d, 0xb3, 0x8b, 0x2f, 0xf6, 0xb6, 0x86, 0xd6, 0x12, 0xcb, 0xc6, 0xf2,
-    0x65, 0x95, 0x87, 0xa3, 0xd1, 0x95, 0x8e, 0xb2, 0x71, 0xa2, 0xbe, 0x99,
-    0xb3, 0x65, 0x97, 0x8b, 0x06, 0xb2, 0xfe, 0xc0, 0x60, 0x75, 0xb2, 0xcb,
-    0xe9, 0xdf, 0x79, 0x96, 0x54, 0x22, 0xd3, 0x08, 0xfa, 0x23, 0x21, 0xbe,
-    0x17, 0x5f, 0x8a, 0x30, 0xcd, 0x96, 0x5e, 0x9f, 0x0f, 0x96, 0x5f, 0xbd,
-    0xc2, 0x63, 0x56, 0x50, 0xa0, 0xfc, 0x24, 0x50, 0x72, 0x0b, 0xfb, 0xae,
-    0x66, 0x11, 0xab, 0x2f, 0x8e, 0x24, 0x01, 0x65, 0xff, 0xed, 0x87, 0xa7,
-    0xec, 0xb3, 0x7e, 0x9b, 0x8b, 0x2a, 0x11, 0xa3, 0x86, 0x6c, 0x5c, 0x12,
-    0x3b, 0xbd, 0xc5, 0x97, 0xf7, 0xbe, 0xf3, 0x08, 0x75, 0x94, 0xb2, 0xdf,
-    0x59, 0x5f, 0x2f, 0x1c, 0x2e, 0xec, 0xe2, 0xcb, 0x9f, 0x4b, 0x2c, 0x09,
-    0x1a, 0xcd, 0x0b, 0x5f, 0x3c, 0x84, 0x1a, 0xcb, 0x7a, 0x0f, 0x2b, 0xe4,
-    0xf4, 0xe9, 0x84, 0x01, 0x30, 0xa1, 0x2b, 0x74, 0x0d, 0x65, 0xdc, 0x65,
-    0x97, 0x74, 0x05, 0x95, 0xf3, 0xc4, 0x15, 0x8b, 0x04, 0x5a, 0xfe, 0xe4,
-    0x74, 0x0d, 0x42, 0xcb, 0x86, 0xcb, 0x2a, 0x19, 0x43, 0x5b, 0x32, 0x64,
-    0xbc, 0xde, 0xe1, 0x44, 0xd1, 0xbb, 0x6a, 0x38, 0x9f, 0x9d, 0x3c, 0x63,
-    0xe4, 0xf1, 0xc3, 0x3d, 0xe5, 0xd7, 0xb7, 0xff, 0x16, 0x5f, 0x31, 0xe3,
-    0xeb, 0x2f, 0xcf, 0xf9, 0xc3, 0x85, 0x94, 0xc7, 0xd1, 0xf1, 0xef, 0x10,
-    0xdf, 0xde, 0x28, 0x96, 0x79, 0x65, 0xf6, 0x13, 0xc9, 0x65, 0xf7, 0xb8,
-    0x27, 0x27, 0x1e, 0x60, 0xa0, 0xb2, 0xff, 0x79, 0xb6, 0xcf, 0x87, 0xcb,
-    0x2d, 0x8b, 0x2f, 0x72, 0x0d, 0x59, 0x5f, 0x35, 0xbe, 0x10, 0xb4, 0xcb,
-    0x2f, 0xec, 0x0e, 0x7f, 0xbd, 0x96, 0x54, 0x1e, 0x0f, 0x04, 0xaf, 0xd3,
-    0xb0, 0x78, 0x4b, 0x2b, 0xa3, 0xc9, 0x22, 0x1b, 0xdf, 0x81, 0xac, 0xa8,
-    0x47, 0x4e, 0x42, 0xae, 0x62, 0x2b, 0xff, 0xf8, 0x33, 0xbb, 0xfb, 0x0c,
-    0xa1, 0xf6, 0xef, 0xef, 0xa5, 0x97, 0xf6, 0x68, 0x0c, 0x5e, 0x59, 0x77,
-    0x5d, 0x2c, 0xb1, 0xe7, 0x1e, 0x29, 0xcb, 0x2f, 0xde, 0x6d, 0x89, 0xd6,
-    0x5f, 0xfd, 0xee, 0x4e, 0xdd, 0xf6, 0x7f, 0xcc, 0x75, 0x95, 0x23, 0xf1,
-    0x22, 0x7b, 0xfb, 0xef, 0x23, 0xe9, 0x96, 0x5f, 0xfc, 0x69, 0xaf, 0xee,
-    0x78, 0xa3, 0xa9, 0x2c, 0xbf, 0xb3, 0x1c, 0xbd, 0xc5, 0x97, 0xe2, 0x89,
-    0x67, 0x96, 0x51, 0x1e, 0x8f, 0x8a, 0xea, 0x11, 0x73, 0x28, 0x4c, 0x5c,
-    0xdc, 0x59, 0x63, 0xac, 0xbd, 0xac, 0xe9, 0x65, 0xec, 0x6d, 0x96, 0x5f,
-    0x41, 0xce, 0xcb, 0x2d, 0x9b, 0x1b, 0xdf, 0x0e, 0x50, 0xd1, 0x51, 0xf1,
-    0x60, 0x08, 0x92, 0xd5, 0xf6, 0xc1, 0xd7, 0x6b, 0x2f, 0xf8, 0xd8, 0x29,
-    0x67, 0xd8, 0xeb, 0x2e, 0x73, 0x76, 0x3d, 0xdf, 0x12, 0xdf, 0x9b, 0x9c,
-    0x83, 0xac, 0xa6, 0x47, 0x79, 0x42, 0x67, 0x79, 0x7d, 0x42, 0xf3, 0x96,
-    0x3d, 0x1a, 0x82, 0xd1, 0xa5, 0x68, 0xd0, 0xf0, 0xa4, 0x78, 0x4d, 0x80,
-    0x84, 0xa1, 0xcc, 0x18, 0xef, 0xaf, 0xc3, 0x62, 0x71, 0xac, 0xbd, 0xc1,
-    0xf4, 0xb2, 0xe0, 0x76, 0xb2, 0xff, 0xf6, 0x4d, 0xf8, 0x23, 0x4b, 0x3d,
-    0xf0, 0xac, 0xa3, 0x4f, 0x8b, 0xe3, 0x17, 0xdd, 0x85, 0xe4, 0xb2, 0xa7,
-    0x23, 0x1a, 0x50, 0x80, 0xe8, 0x8e, 0x99, 0x32, 0x4d, 0x43, 0xb2, 0xfe,
-    0xd7, 0xf3, 0x41, 0xc5, 0x97, 0xff, 0xf6, 0x75, 0x2e, 0x7b, 0xf0, 0x78,
-    0x61, 0xce, 0x89, 0xe9, 0x65, 0x62, 0x23, 0xd8, 0xb6, 0xff, 0xb4, 0x59,
-    0xb6, 0xc1, 0xd6, 0xcb, 0x2f, 0xe2, 0x9d, 0xdf, 0x00, 0x35, 0x95, 0x07,
-    0xda, 0xe7, 0x97, 0xfe, 0x0f, 0x27, 0x1c, 0x4f, 0xbf, 0xe1, 0x65, 0xfb,
-    0x3c, 0x1c, 0xe9, 0x65, 0xe3, 0x73, 0xa5, 0x97, 0x44, 0xd3, 0x8f, 0x1b,
-    0xc5, 0x14, 0x48, 0xb8, 0x0c, 0x22, 0x2f, 0xff, 0xe3, 0x3d, 0x8c, 0x79,
-    0xc5, 0x9d, 0xb6, 0xb4, 0xdb, 0x2c, 0xbf, 0xff, 0xff, 0x04, 0xa7, 0x18,
-    0xfd, 0x4b, 0x4e, 0x09, 0xdc, 0x0c, 0x75, 0xfc, 0x62, 0xc3, 0x56, 0x5f,
-    0xff, 0xff, 0xee, 0xf3, 0xb2, 0xcf, 0x7c, 0x3f, 0x7e, 0xa5, 0xcf, 0x6b,
-    0x0c, 0xc6, 0x1f, 0xb8, 0xcb, 0x2f, 0xff, 0xf7, 0x83, 0x85, 0x39, 0xb3,
-    0xc5, 0x00, 0x9d, 0x8c, 0x35, 0x97, 0xfc, 0x7c, 0x3c, 0xe3, 0xee, 0x6f,
-    0x92, 0xcb, 0xff, 0xff, 0xd9, 0x3b, 0x42, 0x72, 0x27, 0x71, 0xb0, 0xa6,
-    0xe7, 0x9b, 0x36, 0x28, 0x59, 0x5a, 0x4c, 0x74, 0xec, 0x3f, 0x41, 0xbf,
-    0xfe, 0xd6, 0xb3, 0xdc, 0xfb, 0x64, 0xef, 0x82, 0x16, 0x54, 0x2a, 0x30,
-    0x68, 0xeb, 0x82, 0x63, 0x7f, 0xff, 0x47, 0xf0, 0x66, 0x86, 0x3f, 0x9e,
-    0x83, 0xbf, 0x96, 0x54, 0x2b, 0xa7, 0xc5, 0xef, 0xca, 0xb9, 0x09, 0xb5,
-    0xff, 0xff, 0xf3, 0x4d, 0xfc, 0xe6, 0xb3, 0xb9, 0xdf, 0x6c, 0x2c, 0xde,
-    0x58, 0x30, 0x92, 0xcb, 0xf6, 0x17, 0x62, 0x1d, 0x65, 0xff, 0xdf, 0xc8,
-    0x29, 0x8b, 0x3d, 0xc7, 0x59, 0x69, 0x12, 0x3a, 0xbc, 0xff, 0xba, 0x53,
-    0x7f, 0xed, 0xdf, 0x47, 0x26, 0x93, 0xeb, 0x65, 0x97, 0xbc, 0xc6, 0xac,
-    0xbb, 0x0f, 0x38, 0xf8, 0x45, 0x08, 0x97, 0xff, 0x36, 0xce, 0x73, 0xb4,
-    0xe1, 0xb6, 0xf5, 0x94, 0x33, 0xfb, 0xd1, 0x9d, 0xe9, 0x9b, 0x71, 0x65,
-    0xff, 0xfd, 0xe6, 0xdb, 0x07, 0x38, 0xef, 0x2d, 0x36, 0xce, 0x75, 0x97,
-    0xfb, 0x67, 0x39, 0x46, 0xa6, 0x59, 0x7f, 0xdd, 0x61, 0xa0, 0x3e, 0x4e,
-    0xd6, 0x22, 0x49, 0x97, 0xaf, 0x80, 0xef, 0x32, 0xcb, 0x42, 0xcb, 0xd8,
-    0x5b, 0x4e, 0x36, 0x5d, 0x91, 0x5f, 0xff, 0x60, 0x75, 0x3a, 0x6f, 0x84,
-    0xd6, 0xc2, 0x35, 0x65, 0xfc, 0x70, 0x82, 0x71, 0xf4, 0xb2, 0xff, 0xf9,
-    0xfd, 0x1a, 0x09, 0xdb, 0x93, 0xb9, 0x2e, 0x2c, 0xbf, 0xed, 0x6d, 0x1b,
-    0x6c, 0x1d, 0x6c, 0xb2, 0xff, 0xd3, 0xa6, 0xf8, 0x4d, 0x6c, 0x23, 0x56,
-    0x5f, 0xe2, 0x9d, 0xc0, 0xcf, 0x87, 0x4b, 0x2b, 0x0f, 0xf0, 0x28, 0x77,
-    0xff, 0xfe, 0x8e, 0xb7, 0x7d, 0x05, 0x9b, 0x4e, 0xd8, 0x3a, 0x97, 0xa2,
-    0x6e, 0x2c, 0xa8, 0x4d, 0x43, 0x90, 0xba, 0x09, 0x0d, 0xf8, 0x79, 0xd3,
-    0x92, 0xcb, 0xff, 0xa7, 0x73, 0xe1, 0x9d, 0xee, 0x72, 0x34, 0xb2, 0xff,
-    0xfe, 0x8d, 0x02, 0x74, 0x6f, 0x7f, 0xc6, 0xb5, 0x9e, 0xe2, 0xca, 0xd9,
-    0x15, 0x1f, 0x4a, 0xbf, 0xf4, 0xa3, 0xc1, 0xee, 0x77, 0x3c, 0xcb, 0x2f,
-    0xff, 0xbf, 0x1b, 0x4e, 0x2c, 0xde, 0xff, 0xfc, 0x74, 0xb2, 0xff, 0xff,
-    0xba, 0xe3, 0x61, 0x93, 0xbf, 0x9e, 0xe6, 0x6d, 0x3b, 0x18, 0x6b, 0x28,
-    0x68, 0xc0, 0xc5, 0x4b, 0xff, 0xb3, 0xcd, 0xd4, 0x8a, 0x27, 0x6e, 0xf6,
-    0xb2, 0xff, 0xfa, 0x3a, 0x97, 0x3e, 0xd9, 0xee, 0xa4, 0xdf, 0x59, 0x7f,
-    0xc5, 0x9a, 0xce, 0xf1, 0x86, 0xb2, 0xfe, 0xdb, 0xd3, 0x14, 0x1d, 0x65,
-    0xf9, 0xe2, 0x68, 0x99, 0x65, 0xfb, 0x07, 0xf0, 0x98, 0xb2, 0xe8, 0x9a,
-    0x71, 0xe8, 0x91, 0x45, 0xff, 0xfd, 0x9b, 0x63, 0x0c, 0x83, 0xf9, 0xd0,
-    0x37, 0x9b, 0x8b, 0x2f, 0xec, 0xfb, 0x6b, 0xee, 0xb2, 0xfd, 0xf6, 0xd7,
-    0xdd, 0x65, 0xd8, 0x64, 0xe3, 0xd3, 0xc2, 0xca, 0x85, 0xc7, 0x7c, 0x86,
-    0x7f, 0x44, 0x8d, 0x18, 0x14, 0xc4, 0x5a, 0x4a, 0xfa, 0x8b, 0x9b, 0x94,
-    0x20, 0x38, 0x5f, 0xe8, 0x58, 0x5f, 0x7b, 0x30, 0x6b, 0x2b, 0x66, 0xc2,
-    0x94, 0x70, 0x8e, 0x36, 0x1b, 0x1d, 0xcb, 0xce, 0xea, 0x32, 0xe6, 0x8c,
-    0x52, 0x62, 0x2d, 0x42, 0xc8, 0xf0, 0x85, 0xf9, 0xa8, 0x15, 0x08, 0xc7,
-    0x91, 0xd1, 0x7a, 0x72, 0xb3, 0x76, 0x15, 0xb7, 0xff, 0xcd, 0xcc, 0x1e,
-    0xd8, 0x64, 0xe2, 0x2c, 0xe9, 0x65, 0xfe, 0xf1, 0x67, 0xbf, 0x9b, 0x2c,
-    0xbf, 0xbd, 0xcc, 0x8d, 0x8e, 0xb2, 0xff, 0x4e, 0xd6, 0x75, 0x26, 0x3a,
-    0xca, 0xd1, 0xf2, 0x18, 0x5d, 0x7f, 0xe7, 0xd7, 0xf3, 0xd0, 0x4c, 0x05,
-    0x96, 0xdd, 0x59, 0x7f, 0xfc, 0x59, 0xb4, 0xe0, 0x07, 0xd9, 0x87, 0x01,
-    0x8b, 0x2f, 0xa5, 0xe6, 0xd9, 0x65, 0xfe, 0xed, 0xb9, 0x83, 0x9c, 0x35,
-    0x97, 0xf7, 0x52, 0xe4, 0xef, 0x32, 0xcb, 0x67, 0xcf, 0x9c, 0xc3, 0x6b,
-    0xff, 0x4a, 0x30, 0x1f, 0xcc, 0x2e, 0xd6, 0x5f, 0xfe, 0xfb, 0x10, 0xe7,
-    0x09, 0xd9, 0x67, 0xf1, 0x65, 0xff, 0x3f, 0xb9, 0x34, 0x82, 0x5e, 0x59,
-    0x58, 0x8c, 0x39, 0x8f, 0x40, 0x99, 0x7f, 0xdf, 0x63, 0xc6, 0x17, 0xb8,
-    0xb2, 0xff, 0xff, 0x07, 0xda, 0x0c, 0xd3, 0xbd, 0x37, 0xc2, 0x0f, 0x36,
-    0x6e, 0xac, 0xbe, 0x8e, 0xe0, 0xf3, 0x91, 0xa3, 0xd9, 0x81, 0x1b, 0xd4,
-    0x2b, 0xec, 0xc8, 0x4b, 0xf6, 0x46, 0xc7, 0x9a, 0x14, 0x75, 0x32, 0x84,
-    0x56, 0xec, 0x77, 0x97, 0xff, 0xf6, 0xb1, 0xcf, 0x38, 0xd7, 0xeb, 0xf9,
-    0xff, 0xc7, 0x96, 0x5f, 0x66, 0x03, 0x8b, 0x2f, 0xb3, 0x53, 0x49, 0x65,
-    0xff, 0xcd, 0xd4, 0xb9, 0x38, 0x6d, 0xbe, 0x06, 0xb2, 0xf7, 0x51, 0xb8,
-    0xb2, 0x8d, 0x3e, 0x97, 0x49, 0xbe, 0xcf, 0xbe, 0xf5, 0x97, 0xf4, 0xb3,
-    0xf9, 0xbf, 0x8b, 0x2d, 0x83, 0x3d, 0x29, 0x88, 0xef, 0xff, 0xbe, 0x1e,
-    0x4e, 0xfb, 0x7b, 0xf9, 0xa8, 0xde, 0xb2, 0xfd, 0xc6, 0xce, 0x8e, 0xb2,
-    0x86, 0x7f, 0x9e, 0x54, 0xbf, 0xb3, 0xa2, 0xcc, 0x02, 0xca, 0xc3, 0xce,
-    0x22, 0x2b, 0xf8, 0xa3, 0xaf, 0xe6, 0xcb, 0x2e, 0x83, 0x8d, 0x53, 0x0e,
-    0x10, 0x9b, 0x08, 0xcd, 0x3a, 0x14, 0x3c, 0xbc, 0x41, 0x7f, 0xf6, 0xa0,
-    0xcd, 0xd2, 0x83, 0x3a, 0x97, 0x16, 0x5a, 0x16, 0x5f, 0x36, 0x9f, 0xa5,
-    0x96, 0xf3, 0x1b, 0x2e, 0x08, 0x50, 0xd1, 0x44, 0xcf, 0x97, 0xfc, 0xe5,
-    0xdf, 0xd8, 0xe5, 0x0b, 0x2f, 0xfe, 0x19, 0x3c, 0xd3, 0x47, 0x81, 0x9c,
-    0x59, 0x7f, 0xfc, 0x51, 0xb7, 0xe1, 0xbd, 0xc6, 0x2e, 0xa4, 0xb2, 0xe3,
-    0x88, 0xb2, 0xe8, 0x99, 0x65, 0x41, 0xaf, 0x61, 0x8b, 0xff, 0x9b, 0x7b,
-    0x0e, 0x74, 0x4c, 0x37, 0x31, 0x65, 0xff, 0xff, 0xe2, 0x63, 0x7e, 0xf3,
-    0x4e, 0x20, 0xee, 0xce, 0xce, 0xa5, 0x81, 0x20, 0x71, 0x65, 0xff, 0xf3,
-    0x4b, 0xdc, 0xcd, 0xfa, 0xc0, 0x71, 0xfb, 0x59, 0x7f, 0xec, 0x1e, 0x39,
-    0xb3, 0x8c, 0x73, 0x16, 0x5f, 0xbe, 0xd0, 0x5b, 0x2c, 0xa3, 0xa6, 0x77,
-    0xf8, 0x40, 0x12, 0x96, 0xf4, 0x2b, 0xff, 0xf8, 0x23, 0x72, 0x04, 0xef,
-    0x67, 0xe3, 0xda, 0xc1, 0xac, 0xbe, 0x3b, 0x31, 0x8b, 0x2a, 0x11, 0x85,
-    0x24, 0x47, 0x5c, 0xa2, 0x55, 0x27, 0xc1, 0xff, 0x4a, 0x46, 0xbf, 0xda,
-    0x8d, 0xbe, 0xd8, 0x35, 0x97, 0xd1, 0x37, 0x19, 0x65, 0x49, 0x70, 0xf0,
-    0x64, 0x58, 0x6f, 0xda, 0x2b, 0x4b, 0x11, 0xd1, 0xc1, 0x19, 0xdf, 0xff,
-    0xd2, 0x8d, 0x1a, 0x72, 0x6e, 0xa5, 0xc1, 0xe9, 0xb6, 0x59, 0x7f, 0xff,
-    0xb8, 0xc1, 0x1c, 0xe3, 0x49, 0xc6, 0x1c, 0xfc, 0xe9, 0xa6, 0x59, 0x6c,
-    0x99, 0x18, 0xdc, 0x5e, 0xbd, 0x13, 0x71, 0x65, 0xc1, 0x1a, 0xcb, 0xfb,
-    0x84, 0x58, 0x0e, 0x2c, 0xa9, 0x8f, 0x0f, 0xc2, 0xf7, 0xff, 0xfe, 0x71,
-    0xe1, 0x3f, 0xb9, 0x9a, 0x00, 0x23, 0x3a, 0xf7, 0x19, 0x65, 0x43, 0xa1,
-    0x7f, 0xca, 0xc5, 0x73, 0xb8, 0xc4, 0x5a, 0x70, 0xfb, 0x50, 0x82, 0xfc,
-    0xab, 0xf7, 0x9d, 0x4b, 0x28, 0xcc, 0xbc, 0x52, 0x16, 0x03, 0x08, 0xef,
-    0xe8, 0x93, 0x0f, 0x09, 0x65, 0xf1, 0x79, 0xb7, 0xac, 0xbe, 0x90, 0x5f,
-    0xcb, 0x2e, 0x8d, 0xc5, 0x97, 0x07, 0x71, 0x65, 0xe8, 0x28, 0x59, 0x5d,
-    0x9e, 0x6e, 0x86, 0x4e, 0x35, 0x50, 0x8c, 0x2c, 0x23, 0x66, 0xfb, 0xef,
-    0x71, 0xc0, 0xb2, 0xff, 0xef, 0xb4, 0xe6, 0xd0, 0x76, 0x7d, 0x76, 0xb2,
-    0xf9, 0xbe, 0xfb, 0x2c, 0xbf, 0x41, 0x1c, 0xd3, 0x56, 0x5f, 0xe6, 0xe3,
-    0x04, 0x56, 0x38, 0x59, 0x7a, 0x3d, 0x0b, 0x28, 0x67, 0xf5, 0xe2, 0x9d,
-    0xe6, 0xd7, 0xef, 0x9d, 0x8b, 0xb5, 0x97, 0xd9, 0xe6, 0xe2, 0xca, 0xc3,
-    0xc9, 0xe1, 0x45, 0xe9, 0x41, 0xd6, 0x5c, 0xe2, 0x2c, 0xaf, 0x9b, 0x3e,
-    0x0e, 0x5f, 0xfb, 0xdf, 0x6c, 0xc1, 0x96, 0x18, 0xb2, 0xb0, 0xf7, 0x98,
-    0x86, 0xff, 0xdc, 0x89, 0xb3, 0xed, 0xaf, 0xba, 0xcb, 0xb3, 0xeb, 0x29,
-    0x8f, 0x50, 0xe7, 0xd7, 0xb4, 0xc6, 0xac, 0xbf, 0xfe, 0x0e, 0x37, 0xf3,
-    0xbf, 0xb4, 0xe3, 0x0f, 0xda, 0xcb, 0xde, 0xc3, 0x16, 0x5c, 0x1d, 0x88,
-    0xfc, 0x7c, 0xa9, 0x7b, 0x60, 0xf9, 0x65, 0xf7, 0xd9, 0xc0, 0xb2, 0xb0,
-    0xdf, 0xf8, 0x7a, 0xb1, 0x11, 0xa0, 0x6d, 0xbf, 0x04, 0x56, 0x4f, 0xe5,
-    0x97, 0xed, 0x9c, 0xbd, 0xc5, 0x97, 0xf7, 0xdf, 0x69, 0xd2, 0xf2, 0xcb,
-    0xf1, 0x02, 0x1b, 0x7a, 0xcb, 0xf4, 0xc2, 0x72, 0x31, 0x65, 0x31, 0xe8,
-    0xb9, 0x45, 0xf9, 0xf4, 0x5d, 0x32, 0xcb, 0xd3, 0x47, 0x96, 0x54, 0x26,
-    0x73, 0x85, 0x6c, 0x51, 0xf8, 0x41, 0x78, 0x80, 0x24, 0xf7, 0xbe, 0xe4,
-    0xb2, 0xb6, 0x5e, 0xcc, 0x1c, 0x3b, 0x70, 0xb4, 0xd2, 0x2e, 0xd2, 0x1a,
-    0x13, 0x93, 0x3d, 0x1e, 0x16, 0x5f, 0x74, 0x72, 0x12, 0x8c, 0x6f, 0xd1,
-    0xad, 0x98, 0xb5, 0x73, 0x74, 0xb2, 0xc2, 0x95, 0x97, 0xbd, 0x07, 0x59,
-    0x42, 0x83, 0x62, 0x42, 0xb7, 0x4b, 0x65, 0x97, 0x74, 0x6a, 0xcb, 0xf8,
-    0xef, 0x2d, 0x61, 0x8b, 0x2e, 0xce, 0x86, 0x78, 0xf8, 0x33, 0x7c, 0x29,
-    0xe7, 0xb1, 0x65, 0xf7, 0x78, 0x40, 0x59, 0x7f, 0xef, 0xc1, 0x47, 0x7a,
-    0x8c, 0x25, 0x94, 0xe7, 0xbd, 0xe2, 0x2b, 0xfb, 0x36, 0x83, 0x5f, 0x8b,
-    0x2f, 0xef, 0xb0, 0xdb, 0x5d, 0xac, 0xbf, 0xff, 0x3f, 0x43, 0xd1, 0x39,
-    0x85, 0x80, 0x06, 0x01, 0x65, 0xdd, 0x72, 0x72, 0x34, 0x86, 0x43, 0xd9,
-    0x77, 0x8b, 0xaf, 0xf7, 0xe1, 0x89, 0xf4, 0x6a, 0xcb, 0xfa, 0x18, 0x9f,
-    0x46, 0xac, 0xbe, 0xd6, 0x9b, 0x53, 0x8f, 0x7b, 0xe6, 0x57, 0xfb, 0xb2,
-    0xc9, 0xb4, 0xfb, 0xd6, 0x59, 0xc0, 0x7e, 0x24, 0x77, 0x78, 0xb0, 0xeb,
-    0x2d, 0xd2, 0xcb, 0x9e, 0x52, 0x35, 0xbc, 0x1b, 0xbf, 0xff, 0xfd, 0x38,
-    0xf1, 0x9e, 0x9d, 0x92, 0x6d, 0xe5, 0x9c, 0x9d, 0x03, 0x79, 0xb8, 0xb2,
-    0xf1, 0x9c, 0x02, 0xcb, 0xfb, 0x0e, 0x37, 0x7e, 0xd6, 0x5c, 0x5d, 0xce,
-    0x3c, 0xbf, 0x8f, 0x54, 0x91, 0xf2, 0xf0, 0xc9, 0xae, 0xd7, 0x42, 0x59,
-    0x22, 0x62, 0x4d, 0x2f, 0x9c, 0xb5, 0xe3, 0x56, 0x04, 0x63, 0x84, 0xa6,
-    0x18, 0xc9, 0x6f, 0x73, 0xcc, 0xb2, 0xf4, 0xc0, 0xe9, 0x65, 0xe8, 0x36,
-    0x77, 0x66, 0xec, 0x03, 0x97, 0xc0, 0x00, 0x77, 0x16, 0x58, 0x0b, 0x2f,
-    0xda, 0xda, 0x35, 0xb2, 0xcb, 0xf3, 0x17, 0x84, 0x3a, 0xca, 0x83, 0xd2,
-    0x01, 0x55, 0xe9, 0x73, 0x16, 0x5f, 0x85, 0x25, 0x18, 0x05, 0x95, 0xa3,
-    0xc6, 0x00, 0xe5, 0xff, 0x9b, 0x0c, 0xe0, 0x66, 0x28, 0x3a, 0xcb, 0xc1,
-    0x7e, 0x2c, 0xa9, 0x23, 0x93, 0x19, 0xce, 0x44, 0x21, 0xfd, 0xfe, 0x30,
-    0xf0, 0xda, 0x0e, 0xe2, 0xcb, 0x88, 0x2b, 0x29, 0x65, 0xd1, 0xa9, 0xc6,
-    0x87, 0x82, 0xd5, 0x88, 0x86, 0x0a, 0xc5, 0xff, 0xfc, 0xda, 0x9d, 0x8d,
-    0x84, 0x6f, 0xdb, 0x0f, 0x9d, 0xac, 0xbf, 0xec, 0xea, 0x5c, 0xea, 0x41,
-    0xd2, 0xcb, 0xff, 0xff, 0x1f, 0x9d, 0xfe, 0x3b, 0xea, 0x44, 0x11, 0xce,
-    0x63, 0x5c, 0x80, 0xb2, 0xff, 0xff, 0x6d, 0xa8, 0x3f, 0x03, 0x13, 0xa3,
-    0x50, 0x3f, 0xc1, 0xd6, 0x56, 0x23, 0x55, 0x9c, 0xaf, 0xfa, 0x53, 0xa2,
-    0x77, 0xbf, 0x84, 0xb2, 0xb1, 0x3c, 0x96, 0x5b, 0xd4, 0x62, 0x2e, 0x43,
-    0x7e, 0x07, 0x1b, 0xa3, 0x16, 0x5f, 0xba, 0x83, 0xed, 0x0b, 0x2f, 0xba,
-    0x93, 0x7d, 0x65, 0xed, 0x67, 0x5f, 0x3c, 0xcf, 0x14, 0xdf, 0xdd, 0x3c,
-    0x8a, 0x0e, 0xb2, 0xff, 0xff, 0x8a, 0x6f, 0xe7, 0x52, 0x82, 0x1c, 0xe2,
-    0xcd, 0xfa, 0x6e, 0x2c, 0xbf, 0xe2, 0x9b, 0xc5, 0x9b, 0x39, 0x2c, 0xa6,
-    0x45, 0x10, 0x5a, 0xaf, 0xff, 0xff, 0x6b, 0x4d, 0xb4, 0xef, 0xe7, 0x8a,
-    0x26, 0xfe, 0x6d, 0x1d, 0x78, 0x3d, 0xac, 0xbf, 0xff, 0xfa, 0x0d, 0xfc,
-    0x4e, 0x2c, 0x09, 0xb3, 0xba, 0x97, 0x18, 0x84, 0x8d, 0x96, 0x5f, 0x88,
-    0x1c, 0x20, 0xac, 0xbf, 0x75, 0xc6, 0xc2, 0x59, 0x58, 0x8c, 0x76, 0x79,
-    0x09, 0x3d, 0xff, 0xf6, 0x6e, 0x96, 0x1d, 0xcb, 0xdc, 0x9d, 0x06, 0x2c,
-    0xa8, 0x55, 0x6f, 0x90, 0xcf, 0x62, 0x2f, 0xc6, 0x8a, 0x12, 0xeb, 0xff,
-    0x78, 0xe7, 0x79, 0xa7, 0x16, 0x18, 0xb2, 0xff, 0xed, 0x17, 0x59, 0xc0,
-    0xcc, 0x50, 0x75, 0x97, 0xfc, 0xc6, 0xfe, 0x1b, 0x68, 0x35, 0x65, 0x31,
-    0xff, 0xf1, 0x16, 0xa7, 0x23, 0x8a, 0x50, 0xc1, 0xbf, 0xf7, 0x33, 0xa9,
-    0x36, 0x8b, 0xac, 0x59, 0x7f, 0x83, 0x31, 0x67, 0xdf, 0xcb, 0x2b, 0x63,
-    0xf2, 0x23, 0xfb, 0xff, 0xa4, 0x10, 0x70, 0xb3, 0x9c, 0x83, 0x16, 0x5f,
-    0x19, 0x3b, 0x66, 0x59, 0x7f, 0x41, 0x83, 0xfb, 0x9d, 0x65, 0x61, 0xea,
-    0x7c, 0x9a, 0xff, 0xd9, 0x37, 0xe1, 0x89, 0xf4, 0x6a, 0xcb, 0xfe, 0x3e,
-    0x72, 0x74, 0xc5, 0x07, 0x59, 0x7f, 0xfe, 0xe6, 0xcf, 0x38, 0x7f, 0x8d,
-    0x6b, 0x37, 0xc7, 0x4b, 0x28, 0x68, 0xf5, 0xd1, 0x09, 0xcf, 0xbc, 0x77,
-    0x7f, 0xfe, 0x8c, 0xda, 0x70, 0xf4, 0xdb, 0x79, 0xb0, 0xb6, 0x59, 0x7d,
-    0xbf, 0x03, 0xda, 0xcb, 0xff, 0xfe, 0x7d, 0x7f, 0x3c, 0xd8, 0x5b, 0x72,
-    0x30, 0x87, 0xf8, 0x59, 0x6d, 0x2c, 0xbf, 0xb3, 0x77, 0xcc, 0x5b, 0x2c,
-    0xbb, 0xd3, 0xb6, 0x3c, 0x12, 0x11, 0xac, 0x47, 0xcf, 0x44, 0xaf, 0x0a,
-    0x4b, 0xff, 0xff, 0x75, 0x9b, 0x07, 0x76, 0x77, 0x52, 0xf4, 0x19, 0x3b,
-    0x34, 0x00, 0x42, 0xcb, 0xfe, 0xc9, 0xa7, 0xc3, 0xec, 0xeb, 0xcb, 0x2f,
-    0x66, 0x86, 0xb2, 0xe8, 0x92, 0xcb, 0xff, 0xee, 0x4e, 0xd4, 0x77, 0x85,
-    0x34, 0xb3, 0xdc, 0x59, 0x58, 0x8c, 0x33, 0x9f, 0x00, 0x70, 0x22, 0xd7,
-    0xff, 0x6c, 0xe5, 0x9f, 0xcf, 0x6b, 0x0c, 0x59, 0x7f, 0xff, 0xfe, 0xc0,
-    0x9a, 0x41, 0xf4, 0xd9, 0xe6, 0xea, 0x45, 0x05, 0x9f, 0x6c, 0xd4, 0xcb,
-    0x2b, 0x11, 0x8f, 0xd2, 0x25, 0xff, 0x61, 0x9f, 0x83, 0x73, 0xdc, 0x59,
-    0x7f, 0xf3, 0x96, 0xc7, 0x0b, 0x0d, 0x89, 0x96, 0x53, 0x1f, 0xe1, 0x87,
-    0x57, 0xf4, 0xdd, 0x48, 0x31, 0xe5, 0x97, 0xfc, 0x1e, 0xbf, 0x9e, 0xd6,
-    0x18, 0xb2, 0xff, 0xfe, 0x94, 0x6b, 0xa9, 0x72, 0x77, 0xe1, 0x89, 0xf4,
-    0x6a, 0xcb, 0xf4, 0xbc, 0x59, 0x25, 0x97, 0xfe, 0xe8, 0x7f, 0x0b, 0xf0,
-    0xb0, 0x6b, 0x2b, 0x0f, 0x98, 0x24, 0xf7, 0xfc, 0xfe, 0xf6, 0x4d, 0x26,
-    0xf2, 0xcb, 0xfb, 0x0d, 0x35, 0xfd, 0xc5, 0x97, 0xd9, 0xf7, 0xf2, 0xcb,
-    0x9c, 0xf3, 0x8f, 0x40, 0x8b, 0xea, 0x11, 0x6f, 0xf8, 0x44, 0xdc, 0x03,
-    0x16, 0x5f, 0x4f, 0xe6, 0xa1, 0x65, 0xb3, 0x46, 0xf3, 0x78, 0xc5, 0x42,
-    0xa9, 0x2c, 0x30, 0xe8, 0xef, 0xf0, 0xc4, 0xe4, 0x36, 0x3c, 0xc7, 0x7f,
-    0xf6, 0x7b, 0x93, 0xb5, 0x8d, 0xf8, 0x1a, 0xcb, 0xfe, 0xff, 0xe3, 0xa9,
-    0xc6, 0x1f, 0xb5, 0x97, 0xf6, 0x7b, 0x5a, 0xc9, 0x2c, 0xa5, 0x97, 0xec,
-    0xf9, 0x67, 0x6b, 0x28, 0x06, 0xc8, 0x82, 0xea, 0x63, 0xff, 0xf2, 0xfd,
-    0xec, 0xeb, 0xcb, 0x2f, 0xf6, 0x0d, 0xb7, 0xf9, 0xb4, 0xb2, 0xec, 0xe4,
-    0xe3, 0xf4, 0xdc, 0x23, 0x71, 0xda, 0x74, 0xdc, 0x0a, 0x33, 0x2b, 0xfe,
-    0xc3, 0xfe, 0x1b, 0x41, 0xdc, 0x59, 0x7f, 0x79, 0xb6, 0x27, 0x3a, 0xca,
-    0xd9, 0xb3, 0x09, 0x1c, 0x7d, 0x78, 0x82, 0x6b, 0xb7, 0x72, 0xba, 0xfa,
-    0x8c, 0xd9, 0xa1, 0x39, 0x31, 0x16, 0xa3, 0x8e, 0x39, 0xef, 0xe3, 0x51,
-    0x73, 0x40, 0x46, 0x76, 0x51, 0x81, 0xf2, 0x13, 0xfe, 0x95, 0x68, 0x16,
-    0x2d, 0xf1, 0xda, 0x88, 0x51, 0xba, 0x77, 0x7f, 0xd0, 0x72, 0xc1, 0xe9,
-    0xb6, 0x59, 0x7f, 0xff, 0x8c, 0xf8, 0x63, 0xa9, 0xda, 0xd4, 0x6c, 0x4e,
-    0xfa, 0x35, 0x65, 0xfe, 0x2c, 0x0e, 0x1b, 0x20, 0x2c, 0xa7, 0x44, 0xc9,
-    0x8c, 0xd5, 0x24, 0x7a, 0x64, 0x34, 0x6f, 0x1b, 0x1a, 0x59, 0x7f, 0xfd,
-    0x13, 0xbe, 0xfb, 0xe7, 0x61, 0xcf, 0x1a, 0x35, 0x65, 0xf8, 0x07, 0xcc,
-    0xf2, 0xcb, 0xfe, 0xc9, 0xda, 0xcf, 0x96, 0x4c, 0xb2, 0xb0, 0xf8, 0x48,
-    0x9e, 0xff, 0xff, 0x7d, 0xc1, 0xc9, 0xc5, 0x9b, 0xcb, 0x39, 0x87, 0x8e,
-    0xd6, 0x5f, 0xff, 0xff, 0x68, 0x27, 0x6e, 0x4e, 0x9a, 0x41, 0x2f, 0x4e,
-    0xfc, 0x49, 0x8b, 0x0f, 0x0b, 0x2d, 0xc5, 0x97, 0xef, 0x4e, 0xef, 0xc7,
-    0x59, 0x50, 0x8b, 0xe7, 0x84, 0x08, 0x44, 0x6a, 0x65, 0x49, 0x1f, 0x1d,
-    0x28, 0x5b, 0xf0, 0x83, 0xd1, 0x90, 0xdf, 0xc1, 0x39, 0xb0, 0x5d, 0xac,
-    0xa9, 0xed, 0xba, 0x7d, 0x9e, 0x64, 0xd1, 0x1a, 0x3e, 0x56, 0x79, 0x9d,
-    0x4a, 0x4f, 0x79, 0x4d, 0xe4, 0xaf, 0x7e, 0xf8, 0x85, 0xd0, 0x16, 0x5f,
-    0xf4, 0xed, 0xdf, 0x67, 0xfc, 0xc7, 0x59, 0x7f, 0xf6, 0xcf, 0xed, 0x66,
-    0xce, 0x5e, 0xe2, 0xca, 0xc4, 0x56, 0xf6, 0x54, 0xc7, 0xd7, 0xff, 0xf4,
-    0xbf, 0x8d, 0x2e, 0x61, 0x07, 0xc5, 0x80, 0x85, 0x96, 0x65, 0x96, 0xd6,
-    0x1f, 0x40, 0x16, 0x2f, 0xff, 0xb3, 0xdf, 0xc1, 0x87, 0xdc, 0x8e, 0x07,
-    0x8b, 0x2f, 0xe8, 0xc2, 0xec, 0x43, 0xac, 0xbf, 0xde, 0x0c, 0x66, 0xc2,
-    0x1d, 0x65, 0xff, 0xbf, 0x04, 0x19, 0xb3, 0x9c, 0x85, 0x96, 0xdc, 0xfa,
-    0x3c, 0x7c, 0xa0, 0x21, 0x76, 0xe9, 0xad, 0x42, 0x6c, 0x4f, 0x18, 0xc5,
-    0xfd, 0xfc, 0x2f, 0x00, 0x2b, 0x2f, 0xff, 0xfc, 0xdb, 0xcb, 0x39, 0x3b,
-    0xcd, 0x3b, 0x3d, 0x1d, 0xb6, 0xf8, 0xfa, 0xcb, 0xfc, 0x38, 0x04, 0xec,
-    0xeb, 0xcb, 0x2f, 0xff, 0x9f, 0x4f, 0xfe, 0xa5, 0x9e, 0x9d, 0xdf, 0x37,
-    0x16, 0x5f, 0xcd, 0x27, 0xf7, 0xd9, 0x65, 0xff, 0xf3, 0x9c, 0x7f, 0x8d,
-    0x16, 0x0f, 0xee, 0x62, 0xca, 0x1a, 0x61, 0x1d, 0x9b, 0x79, 0x5f, 0x79,
-    0x65, 0xfc, 0xfb, 0x83, 0x2c, 0xfa, 0xcb, 0x8f, 0xc5, 0x97, 0x9f, 0x8c,
-    0xb2, 0xa0, 0xd9, 0x00, 0x5e, 0xff, 0x84, 0xdb, 0x09, 0xce, 0xff, 0x59,
-    0x7c, 0xda, 0x27, 0x59, 0x52, 0x55, 0x2a, 0xd1, 0xbd, 0x4c, 0x82, 0x4c,
-    0x3e, 0x20, 0xde, 0x73, 0x7f, 0xb9, 0xc8, 0x6d, 0x9f, 0xcb, 0x2f, 0xfb,
-    0x8e, 0x66, 0xeb, 0x61, 0x0d, 0x65, 0xfd, 0x9e, 0xc7, 0x29, 0x96, 0x5f,
-    0x67, 0x23, 0x4b, 0x2c, 0x6f, 0xcf, 0x34, 0x8b, 0x2d, 0x28, 0x47, 0x1e,
-    0x19, 0x86, 0x11, 0x16, 0x92, 0xcb, 0xc3, 0x08, 0x16, 0x5f, 0xff, 0xd1,
-    0xb9, 0x39, 0xb0, 0xb3, 0xed, 0x85, 0xd4, 0xb8, 0xb2, 0xff, 0x6e, 0xb6,
-    0x75, 0xf6, 0xc5, 0x96, 0x2e, 0x91, 0x24, 0x05, 0xdb, 0xe8, 0x3b, 0x8d,
-    0x65, 0x42, 0x61, 0x43, 0x11, 0xc8, 0x57, 0x91, 0x4d, 0xfe, 0xc9, 0xbf,
-    0x9e, 0x81, 0xac, 0xbe, 0x83, 0xf0, 0xeb, 0x2f, 0xfd, 0x86, 0xff, 0x3d,
-    0xc2, 0x89, 0x2c, 0xa6, 0x3e, 0x00, 0x91, 0x5f, 0x6d, 0xe6, 0xd9, 0x65,
-    0xfb, 0xce, 0x76, 0xf2, 0xca, 0xc3, 0xcb, 0x22, 0x4b, 0xc3, 0x61, 0xac,
-    0xbf, 0xff, 0xf0, 0x63, 0x53, 0xa3, 0xf0, 0x39, 0xde, 0x6c, 0xdd, 0xea,
-    0x4f, 0xd2, 0xcb, 0xc0, 0x7d, 0xc5, 0x97, 0xee, 0x14, 0x4d, 0xe5, 0x94,
-    0x34, 0x6b, 0x90, 0xe7, 0x1d, 0x3c, 0x3f, 0x77, 0x05, 0x52, 0xcb, 0x49,
-    0x65, 0x42, 0x6c, 0x39, 0x0f, 0x77, 0x3c, 0xf0, 0xed, 0xe2, 0xee, 0x16,
-    0x5f, 0xff, 0xff, 0x7f, 0x3d, 0xc7, 0x9a, 0x71, 0x67, 0x52, 0xc0, 0xec,
-    0x58, 0x3f, 0xb4, 0xcb, 0x2f, 0xff, 0x9b, 0x91, 0x2f, 0x67, 0xcb, 0x3d,
-    0xf6, 0x59, 0x70, 0x4d, 0x59, 0x4c, 0x98, 0x16, 0x87, 0x3f, 0x08, 0x1f,
-    0x26, 0xde, 0x3f, 0xdd, 0x65, 0xff, 0x81, 0x37, 0xd8, 0x04, 0xfd, 0x49,
-    0x65, 0x2c, 0xb6, 0x39, 0xe5, 0xf1, 0x02, 0xf7, 0xcd, 0xf2, 0xcb, 0xf7,
-    0xbd, 0xec, 0x31, 0x65, 0x41, 0xe3, 0xb0, 0xf5, 0x42, 0x3d, 0x0e, 0xce,
-    0x06, 0xdb, 0xc7, 0x8e, 0xd6, 0x5d, 0xac, 0x59, 0x7b, 0x18, 0x6b, 0x2d,
-    0xc5, 0x97, 0x16, 0x76, 0x6b, 0x3a, 0x1b, 0xbc, 0xd8, 0x4b, 0x2f, 0x34,
-    0x4c, 0xb2, 0xff, 0xec, 0x04, 0xef, 0xb7, 0xb8, 0x4d, 0x32, 0xcb, 0xff,
-    0x16, 0x72, 0x77, 0x00, 0x7c, 0xe2, 0xca, 0xd9, 0x1d, 0x27, 0x2d, 0xe0,
-    0xd7, 0x87, 0x37, 0xa3, 0x54, 0xf0, 0x9c, 0xac, 0x0e, 0xe4, 0x65, 0x77,
-    0xff, 0x10, 0x27, 0xf3, 0xed, 0x07, 0x71, 0xac, 0xbf, 0xb5, 0x92, 0x28,
-    0x3a, 0xcb, 0xf6, 0x48, 0xa0, 0xeb, 0x2e, 0x20, 0x4e, 0x3d, 0x2d, 0x16,
-    0x5f, 0xff, 0xff, 0xa5, 0xce, 0x06, 0x3c, 0xc3, 0xc2, 0x9a, 0x71, 0x66,
-    0xa0, 0xbd, 0xfc, 0xdd, 0x59, 0x7f, 0xe8, 0xc6, 0xf7, 0xe0, 0xa3, 0xb5,
-    0x97, 0xf1, 0xfa, 0x8f, 0xfe, 0x16, 0x5e, 0xea, 0x5c, 0xd8, 0xfa, 0xb0,
-    0xf2, 0xb1, 0x35, 0x4e, 0x8b, 0xf5, 0x0f, 0x0b, 0x71, 0x65, 0x62, 0xa3,
-    0x20, 0xc7, 0xd6, 0x21, 0xb5, 0xb6, 0x59, 0x7e, 0xda, 0x3d, 0x80, 0x59,
-    0x7f, 0x0d, 0xca, 0x4c, 0x75, 0x97, 0xed, 0x67, 0x52, 0xe2, 0xcb, 0xdd,
-    0xff, 0x16, 0x5b, 0x36, 0x3c, 0x6d, 0x14, 0xdf, 0xf7, 0x51, 0xad, 0xa7,
-    0x63, 0x0d, 0x65, 0xd3, 0x32, 0xca, 0xc4, 0xc9, 0xd8, 0x49, 0xca, 0x09,
-    0xc8, 0x25, 0x1b, 0xcf, 0x2f, 0xbf, 0x3c, 0x77, 0x3e, 0xb2, 0xfe, 0xce,
-    0xa5, 0x00, 0x85, 0x97, 0xe2, 0xcf, 0xbf, 0x96, 0x57, 0x47, 0xa6, 0x72,
-    0xdb, 0xed, 0x64, 0xd0, 0xb2, 0xf9, 0xb7, 0xe6, 0x96, 0x54, 0xf4, 0x8e,
-    0x78, 0x7f, 0x62, 0x3f, 0x91, 0x5f, 0x4e, 0xef, 0x63, 0x16, 0x5f, 0xc5,
-    0x80, 0x3c, 0x49, 0x65, 0xf8, 0xb3, 0xdf, 0x65, 0x94, 0x33, 0xd2, 0x30,
-    0xb2, 0xfd, 0xb4, 0xe0, 0xc4, 0xcb, 0x2f, 0xff, 0xf8, 0xa0, 0x1d, 0x4b,
-    0x81, 0x8f, 0x16, 0x0d, 0xb3, 0x53, 0x2c, 0xa8, 0x45, 0xab, 0x91, 0xf8,
-    0xb2, 0xa1, 0xb4, 0xea, 0xda, 0x3f, 0x91, 0x94, 0x64, 0xac, 0x2e, 0xa3,
-    0x43, 0x68, 0xd0, 0xe6, 0x40, 0xd4, 0x24, 0xff, 0x1e, 0x6b, 0xc6, 0x84,
-    0x08, 0xcd, 0x8a, 0x3c, 0x4e, 0x4a, 0x6c, 0xf4, 0x6b, 0xe1, 0x8c, 0xf7,
-    0x7a, 0x00, 0x91, 0x97, 0xdf, 0xa4, 0xda, 0xce, 0x96, 0x5e, 0xe7, 0xf1,
-    0x65, 0xfb, 0x39, 0xb6, 0x18, 0xb2, 0xff, 0xef, 0x84, 0x7f, 0x0f, 0xb9,
-    0xf0, 0xcc, 0xb2, 0xba, 0x45, 0xac, 0xc5, 0x1f, 0x1c, 0x22, 0x9b, 0xff,
-    0xcd, 0xa6, 0xce, 0xa7, 0x7a, 0x62, 0x83, 0xac, 0xbf, 0xfb, 0x1f, 0xa9,
-    0xc3, 0x8d, 0xa7, 0x1a, 0x6a, 0xca, 0xed, 0x13, 0x1d, 0x26, 0x5f, 0xd0,
-    0x72, 0xcd, 0xb1, 0x65, 0xef, 0x73, 0xf8, 0x7a, 0x3f, 0x25, 0xbf, 0xff,
-    0x1f, 0xa9, 0x73, 0x5d, 0x47, 0xb9, 0x1f, 0x6f, 0x2c, 0xbf, 0xec, 0x34,
-    0xb3, 0xdf, 0x63, 0x16, 0x5f, 0xb0, 0xcc, 0x19, 0xd6, 0x5f, 0xfe, 0x8e,
-    0xbe, 0xd8, 0x43, 0x6d, 0xf0, 0x35, 0x95, 0x09, 0x9b, 0x31, 0x9e, 0x96,
-    0x3e, 0x72, 0x45, 0x17, 0x6e, 0x0d, 0x65, 0xff, 0xf6, 0xd9, 0xd8, 0xfe,
-    0xd8, 0x6c, 0xe3, 0x43, 0x0b, 0x2f, 0xec, 0xd6, 0xb3, 0xdc, 0x59, 0x7f,
-    0x13, 0x9a, 0x77, 0x92, 0xcb, 0xd2, 0x6f, 0x7c, 0xf6, 0xbc, 0x5b, 0x7e,
-    0xc3, 0x96, 0x74, 0xb2, 0xfe, 0xf3, 0x6f, 0x82, 0xed, 0x65, 0x70, 0xf5,
-    0x84, 0x27, 0xbb, 0xf8, 0xb2, 0xfd, 0x07, 0x6f, 0xc2, 0xcb, 0xc4, 0x27,
-    0xd6, 0x5f, 0xec, 0xf7, 0xdb, 0xd9, 0xda, 0xcb, 0xe8, 0xc2, 0xed, 0x65,
-    0x4e, 0x46, 0x84, 0x88, 0xf4, 0x2c, 0xe4, 0xc4, 0x3b, 0xe3, 0x3a, 0x14,
-    0x2a, 0x79, 0x61, 0xa9, 0xa1, 0x5f, 0xf8, 0xd6, 0x6f, 0xfd, 0x2e, 0x79,
-    0xf6, 0xdd, 0x2c, 0xe9, 0x65, 0xfd, 0xf8, 0x90, 0x5c, 0x45, 0x97, 0xe1,
-    0xff, 0x0b, 0xcb, 0x2a, 0x47, 0xab, 0x31, 0x75, 0x74, 0x8b, 0xb2, 0x84,
-    0xc5, 0xff, 0x69, 0xb0, 0xcf, 0x79, 0xc9, 0x65, 0xdd, 0x1a, 0xb2, 0xe6,
-    0xea, 0x71, 0xe8, 0x8c, 0xe2, 0xf3, 0x03, 0x16, 0x58, 0x0b, 0x2d, 0xc9,
-    0x1a, 0xcf, 0x0d, 0xdf, 0xfe, 0xc3, 0x37, 0x7f, 0x9e, 0xc0, 0x1d, 0xe6,
-    0x59, 0x50, 0x9a, 0x56, 0x9e, 0x5d, 0x70, 0x89, 0xef, 0xfc, 0xfb, 0xcb,
-    0x3d, 0x80, 0x21, 0xac, 0xb0, 0x16, 0x53, 0x1e, 0x7c, 0xc7, 0xd7, 0xfd,
-    0xfd, 0x9b, 0x0b, 0xa9, 0x71, 0x65, 0xff, 0x75, 0xfc, 0xec, 0xb0, 0x3b,
-    0x8b, 0x2f, 0xff, 0x8c, 0xce, 0xf9, 0x9e, 0x9b, 0x0d, 0x2c, 0x02, 0xcb,
-    0x4a, 0x11, 0x93, 0x87, 0x4c, 0x7b, 0x7f, 0xe2, 0x80, 0xf7, 0xd7, 0x9b,
-    0x09, 0x65, 0xfc, 0xdd, 0x03, 0x4e, 0x35, 0x97, 0xb3, 0x40, 0x59, 0x7e,
-    0xe3, 0x61, 0x01, 0x65, 0xb1, 0x8f, 0x0b, 0x83, 0x97, 0xe6, 0x00, 0x33,
-    0x4b, 0x28, 0x68, 0xfb, 0xf9, 0xf1, 0x38, 0x70, 0x9a, 0xd3, 0xd2, 0xcb,
-    0xf3, 0xe1, 0x31, 0xab, 0x2f, 0x7b, 0x3e, 0xb2, 0x88, 0xf0, 0xb7, 0x49,
-    0xae, 0x63, 0xac, 0xbf, 0xff, 0xf7, 0x52, 0x7e, 0xa7, 0x10, 0x77, 0x67,
-    0x67, 0x52, 0xc0, 0x90, 0x38, 0xb2, 0x8e, 0x88, 0xcd, 0xd1, 0x6b, 0xfe,
-    0x14, 0x7b, 0xcc, 0x5d, 0x4b, 0x8b, 0x2f, 0xb7, 0x3f, 0x9b, 0x8b, 0x2f,
-    0x4f, 0xb0, 0xad, 0x65, 0x4e, 0x4f, 0xcc, 0x50, 0x79, 0xb2, 0xc6, 0x42,
-    0xc0, 0xd2, 0x67, 0x3e, 0x9f, 0x28, 0xbf, 0xff, 0xfe, 0xeb, 0x81, 0x8e,
-    0xa7, 0x7f, 0x07, 0x38, 0xb0, 0x26, 0xce, 0xe0, 0x00, 0xde, 0x59, 0x7f,
-    0xff, 0xec, 0x19, 0xcf, 0x1e, 0xe6, 0x7b, 0x9a, 0x6c, 0xec, 0xb0, 0x6b,
-    0x2f, 0xff, 0x78, 0x31, 0x9b, 0x4e, 0xe3, 0x13, 0x69, 0x65, 0x8c, 0x24,
-    0x5b, 0x08, 0xd7, 0x50, 0x9b, 0x3e, 0x46, 0x7b, 0x7e, 0x82, 0xe9, 0xf6,
-    0x59, 0x7f, 0x4c, 0xc3, 0xc3, 0xb2, 0xcb, 0xff, 0xff, 0xfe, 0xee, 0x3f,
-    0x07, 0xf6, 0x73, 0x91, 0xad, 0x41, 0x66, 0xd8, 0x1e, 0x06, 0x62, 0x83,
-    0xac, 0xa8, 0x46, 0x0e, 0x16, 0xde, 0x0e, 0x8d, 0x59, 0x47, 0x37, 0xf3,
-    0xe4, 0x37, 0xe7, 0x00, 0x8f, 0xb2, 0xcb, 0xff, 0xff, 0xb6, 0x9d, 0xed,
-    0x9b, 0x35, 0xb4, 0xe9, 0xa4, 0xdf, 0xc1, 0xf5, 0x9b, 0xab, 0x2b, 0x11,
-    0x96, 0xc4, 0x81, 0x29, 0xbc, 0xc0, 0x85, 0x97, 0xfa, 0x71, 0x66, 0x9a,
-    0x0e, 0xb2, 0xff, 0xda, 0x7f, 0x6b, 0x1b, 0xf0, 0x35, 0x97, 0xf0, 0xcb,
-    0x3e, 0xfe, 0x59, 0x7e, 0xf7, 0x52, 0x6d, 0x2c, 0xac, 0x3d, 0x5e, 0x16,
-    0x56, 0xc9, 0x80, 0x8c, 0x6f, 0x46, 0x60, 0x84, 0x95, 0xed, 0x38, 0x8b,
-    0x2f, 0xd1, 0xe3, 0xb7, 0x96, 0x53, 0x9e, 0x20, 0x47, 0x6f, 0x8b, 0xac,
-    0x3a, 0xca, 0xd8, 0xf0, 0xcc, 0x21, 0xbf, 0xf4, 0x1b, 0xba, 0x1c, 0x29,
-    0x84, 0x3a, 0xcb, 0xfe, 0x33, 0x34, 0x36, 0xcf, 0x71, 0x65, 0xfe, 0x07,
-    0x32, 0x77, 0x7e, 0x3a, 0xcb, 0xff, 0xff, 0xfc, 0x69, 0x64, 0xe6, 0xc2,
-    0x7f, 0x7e, 0x26, 0x9c, 0x59, 0xf6, 0xf7, 0x03, 0xd8, 0x61, 0x65, 0x62,
-    0x6d, 0x3d, 0x12, 0x32, 0x23, 0x9c, 0x84, 0xde, 0xff, 0xf3, 0x9b, 0x84,
-    0x1f, 0x7f, 0x37, 0x8e, 0x16, 0x5f, 0xfd, 0x9e, 0xc6, 0xdb, 0x3b, 0x69,
-    0xb8, 0xb2, 0xff, 0xd9, 0x80, 0xe4, 0xed, 0x70, 0x7c, 0x59, 0x7f, 0xb5,
-    0x9d, 0xfd, 0xb5, 0x32, 0xca, 0x9c, 0x8b, 0xb1, 0xa2, 0xe2, 0x0d, 0xff,
-    0xf7, 0xda, 0x76, 0x4d, 0xd4, 0xb9, 0xef, 0xe7, 0x4b, 0x28, 0x93, 0x8c,
-    0xf4, 0x60, 0xdb, 0xcc, 0x6f, 0xbd, 0xa0, 0x9d, 0x65, 0xff, 0xfe, 0xc3,
-    0x9d, 0xba, 0x9c, 0x69, 0xb8, 0x5e, 0x34, 0x31, 0xa5, 0x97, 0x67, 0x6c,
-    0x88, 0x9d, 0x11, 0xdf, 0x74, 0x59, 0x3e, 0xb2, 0xb1, 0x31, 0x46, 0x86,
-    0x0b, 0x97, 0x5f, 0xb0, 0xf2, 0x26, 0x59, 0x79, 0x8b, 0xcb, 0x2f, 0xe9,
-    0x71, 0xce, 0x1e, 0x2c, 0xad, 0x8f, 0x25, 0xc6, 0xef, 0xd9, 0xff, 0xbc,
-    0x96, 0x5f, 0xde, 0x6d, 0x6d, 0x9d, 0xac, 0xa8, 0x6d, 0xd8, 0x87, 0x29,
-    0x77, 0x25, 0x60, 0x9b, 0x29, 0x4f, 0xb8, 0x45, 0x75, 0x0e, 0xb6, 0x96,
-    0x43, 0xa8, 0xf6, 0x8e, 0x51, 0xf8, 0xfc, 0xde, 0x32, 0xf2, 0x94, 0x69,
-    0xc9, 0x5d, 0x3e, 0x33, 0x0b, 0x7c, 0xf9, 0x16, 0xe9, 0x3d, 0xfe, 0x27,
-    0x37, 0x30, 0x8d, 0x59, 0x77, 0x78, 0xb2, 0x8e, 0x79, 0x2e, 0x65, 0x4b,
-    0x2f, 0xfe, 0x9d, 0x93, 0x75, 0x2e, 0x7b, 0xf9, 0xd2, 0xcb, 0xed, 0xdf,
-    0xb6, 0x96, 0x5f, 0xe9, 0x40, 0xe7, 0x0d, 0xa6, 0x59, 0x7f, 0xd3, 0xbc,
-    0x58, 0x66, 0x37, 0x16, 0x5f, 0xff, 0xfb, 0xcf, 0x31, 0x66, 0xcf, 0x38,
-    0xba, 0xc3, 0x0b, 0x03, 0x86, 0xac, 0xa9, 0xed, 0x35, 0x9d, 0x82, 0xfb,
-    0x4a, 0xe8, 0x96, 0x63, 0x6d, 0xd3, 0xab, 0xdf, 0x80, 0x2c, 0xbf, 0xdf,
-    0x60, 0x47, 0x9b, 0x7a, 0xcb, 0xf9, 0x9a, 0x0c, 0x89, 0x96, 0x5f, 0x79,
-    0xc8, 0x0b, 0x2f, 0xff, 0xce, 0x69, 0xa0, 0x79, 0xb7, 0x4a, 0x0c, 0xea,
-    0x5c, 0x59, 0x61, 0x1c, 0xff, 0x88, 0x86, 0xf9, 0xf7, 0x20, 0x0b, 0x28,
-    0x50, 0xac, 0x92, 0x23, 0x7a, 0xc6, 0x4e, 0xc7, 0x26, 0x34, 0x78, 0x55,
-    0x98, 0x4f, 0x7b, 0x9e, 0x65, 0x94, 0xb2, 0xfe, 0xc3, 0xc7, 0xdf, 0xeb,
-    0x2d, 0xa5, 0x94, 0xb2, 0xd3, 0xb0, 0xbc, 0x98, 0x46, 0xf7, 0xd8, 0xd5,
-    0x95, 0x39, 0x11, 0xa3, 0x48, 0x34, 0xa2, 0xff, 0xfb, 0xa9, 0x14, 0x4e,
-    0x39, 0x41, 0xbe, 0x6d, 0x96, 0x5f, 0xfd, 0x3b, 0xda, 0xc3, 0x33, 0x62,
-    0xc3, 0x16, 0x54, 0xe4, 0xe0, 0xa0, 0x73, 0x21, 0x30, 0xc6, 0x7e, 0x53,
-    0xbf, 0x6a, 0x71, 0x6f, 0x31, 0x65, 0xb8, 0xb2, 0xf3, 0x82, 0x16, 0x51,
-    0xcd, 0x67, 0xc4, 0x6f, 0x3c, 0xd0, 0xb2, 0xf7, 0xf3, 0x4b, 0x2a, 0x11,
-    0x64, 0xeb, 0x26, 0x10, 0xee, 0x8e, 0x5f, 0xdb, 0x4d, 0x21, 0x46, 0xb6,
-    0x59, 0x7c, 0x21, 0x66, 0xf5, 0x97, 0xcc, 0x3c, 0x1a, 0xca, 0xe8, 0xf1,
-    0x4e, 0x49, 0x69, 0x96, 0x5d, 0x07, 0x59, 0x6f, 0x2c, 0xad, 0x1a, 0x77,
-    0x16, 0xa1, 0x9e, 0xcf, 0xce, 0x6f, 0xa0, 0x6f, 0x25, 0x97, 0xbd, 0x9c,
-    0x59, 0x7f, 0xec, 0x7e, 0x81, 0x34, 0xa3, 0x5b, 0x2c, 0xbd, 0xa8, 0x99,
-    0x65, 0xc1, 0x31, 0x65, 0xcf, 0xd2, 0xca, 0xc3, 0x5f, 0xc1, 0x8a, 0xd9,
-    0x1d, 0x46, 0x90, 0xfc, 0x71, 0xd0, 0x7c, 0x99, 0x7d, 0x27, 0x29, 0xf5,
-    0x97, 0x4c, 0xeb, 0x2e, 0x96, 0xcb, 0x2f, 0xa7, 0x7a, 0x24, 0xb2, 0xff,
-    0xfb, 0x20, 0x81, 0x0d, 0xef, 0xe1, 0xf0, 0x6b, 0x2f, 0x08, 0x1d, 0x96,
-    0x5d, 0x06, 0xac, 0xad, 0x91, 0x4d, 0x22, 0x43, 0x53, 0x3c, 0x3f, 0x7f,
-    0x39, 0x91, 0xec, 0xd9, 0x65, 0xfc, 0xda, 0xea, 0x45, 0x0b, 0x2f, 0xd1,
-    0xe9, 0x37, 0x96, 0x5f, 0xdf, 0x8e, 0xa5, 0x9e, 0x59, 0x52, 0x3d, 0x51,
-    0x93, 0xd7, 0xd1, 0x49, 0xe8, 0x41, 0x5f, 0xf6, 0xda, 0xc9, 0xa4, 0xc4,
-    0x6a, 0xcb, 0xfe, 0x82, 0xf6, 0x9b, 0x7e, 0x0d, 0x65, 0x39, 0xfa, 0x4f,
-    0x9d, 0xdd, 0x9e, 0x59, 0x69, 0x96, 0x57, 0xcd, 0x41, 0x0b, 0x54, 0xf6,
-    0xba, 0xc1, 0x0f, 0x78, 0xf8, 0xd1, 0x86, 0x4c, 0x96, 0x72, 0x4f, 0x8b,
-    0xbc, 0x2f, 0x88, 0xfc, 0x30, 0xd2, 0x9f, 0x84, 0xe0, 0x89, 0x97, 0xf8,
-    0xcc, 0x91, 0x05, 0xf8, 0xb2, 0xfd, 0xd1, 0x8e, 0x40, 0x59, 0x71, 0x1a,
-    0xb2, 0xdc, 0x63, 0xc0, 0x09, 0x4d, 0xcf, 0xf5, 0x97, 0xfe, 0x3c, 0x1b,
-    0xef, 0xe7, 0xa0, 0x0b, 0x2f, 0xce, 0x38, 0xc2, 0x59, 0x63, 0x56, 0x56,
-    0xc8, 0x8c, 0x61, 0x6f, 0x9f, 0x91, 0x2d, 0xff, 0xf8, 0xe5, 0x9d, 0xf5,
-    0xe2, 0x7f, 0x9e, 0x33, 0xcb, 0x2f, 0xff, 0xb3, 0x67, 0x2e, 0xe7, 0x72,
-    0x0e, 0xfd, 0x79, 0x65, 0x42, 0x2a, 0x34, 0xab, 0x7f, 0xb7, 0x3f, 0x9b,
-    0x6b, 0x50, 0xb2, 0x96, 0x5f, 0xfc, 0xf2, 0xc2, 0x19, 0x44, 0x87, 0xc5,
-    0x96, 0xcc, 0x3c, 0xdd, 0xe1, 0x77, 0x72, 0x7a, 0x59, 0x7f, 0xf8, 0xb0,
-    0xf1, 0xdc, 0xe1, 0x36, 0xd9, 0xfa, 0x59, 0x7f, 0x04, 0xe7, 0x79, 0x4e,
-    0xf1, 0xf6, 0x6e, 0x8e, 0x5f, 0x83, 0x21, 0x35, 0xc5, 0x96, 0x6f, 0x9f,
-    0xa1, 0x25, 0x5f, 0xff, 0xa3, 0x51, 0xde, 0x1e, 0x3b, 0x93, 0x70, 0x27,
-    0x59, 0x50, 0xb8, 0x69, 0x33, 0x9e, 0xa1, 0x67, 0xf8, 0x72, 0x39, 0x11,
-    0x42, 0x13, 0xd1, 0x84, 0x4f, 0x93, 0x5f, 0xda, 0xc8, 0x36, 0x09, 0x65,
-    0xcf, 0xf5, 0x97, 0x89, 0xce, 0xb2, 0xff, 0xff, 0xec, 0xdd, 0x9a, 0x3f,
-    0x9e, 0x28, 0x9a, 0x76, 0x16, 0x75, 0x26, 0xe2, 0xcb, 0xff, 0xfb, 0xef,
-    0x31, 0xc2, 0x4e, 0x6f, 0x33, 0xbf, 0x87, 0x71, 0x65, 0xd1, 0xe0, 0x23,
-    0x5f, 0x8e, 0xd7, 0x02, 0x16, 0x5d, 0x9c, 0x59, 0x7f, 0xe3, 0xe7, 0x52,
-    0xe3, 0xc7, 0x52, 0x59, 0x5d, 0x9e, 0xb7, 0xc5, 0xae, 0x13, 0x65, 0x94,
-    0xc6, 0xf0, 0x88, 0xea, 0x4a, 0x8a, 0x70, 0xb1, 0x85, 0xbf, 0x0f, 0x22,
-    0x2e, 0xf4, 0x2a, 0x2a, 0x7b, 0x8c, 0x71, 0xb2, 0x7a, 0x85, 0xe8, 0xa6,
-    0x50, 0x64, 0xf1, 0x0f, 0x11, 0x44, 0xb4, 0x49, 0xe5, 0x0a, 0x71, 0x50,
-    0xf8, 0x55, 0x42, 0x3e, 0x79, 0xc2, 0x4e, 0x29, 0x57, 0x5b, 0x4e, 0x22,
-    0x4a, 0x5d, 0xd8, 0xe9, 0x91, 0x99, 0x68, 0x83, 0x4d, 0x9c, 0xce, 0xee,
-    0x9b, 0xbb, 0xd5, 0x26, 0xd9, 0xa7, 0xf3, 0xa6, 0xa4, 0x00, 0x6a, 0x9a,
-    0xbc, 0x79, 0xf9, 0x3f, 0xda, 0x34, 0x87, 0x9f, 0x99, 0x04, 0xee, 0xd0,
-    0xae, 0x19, 0xa5, 0x5d, 0x59, 0xf2, 0xb6, 0x26, 0xf5, 0x72, 0xa4, 0x19,
-    0xca, 0x2d, 0xf1, 0xfb, 0x99, 0x18, 0x0c, 0xfc, 0xec, 0xf8, 0x93, 0x9e,
-    0xdb, 0xb2, 0xac, 0xef, 0xff, 0xe0, 0xf6, 0x2f, 0xaf, 0x6a, 0x33, 0xa1,
-    0x40, 0xdd, 0xcd, 0x59, 0x42, 0xd5, 0xb2, 0xb4, 0xb0, 0x0b, 0xf9, 0xdb,
-    0xdc, 0x62, 0x59, 0x79, 0xb5, 0x8b, 0x2b, 0x70, 0xf1, 0xb8, 0x57, 0x7e,
-    0xd7, 0x6e, 0xfd, 0xaa, 0x29, 0xd5, 0xd9, 0xd2, 0xcb, 0xef, 0x69, 0xba,
-    0x59, 0x7f, 0xf8, 0x21, 0x26, 0x28, 0xfb, 0x1f, 0x38, 0xb2, 0xed, 0x1d,
-    0x65, 0x85, 0xc2, 0x3c, 0xf0, 0x97, 0xa3, 0x66, 0x17, 0x39, 0x18, 0x11,
-    0xef, 0xff, 0xd2, 0x17, 0x92, 0xfe, 0x34, 0xb9, 0x1e, 0x81, 0xac, 0xbd,
-    0x99, 0xc5, 0x97, 0xf3, 0xed, 0xee, 0x38, 0x16, 0x5d, 0xa1, 0x7f, 0x3c,
-    0x99, 0xf1, 0xba, 0x84, 0x69, 0x34, 0x27, 0xef, 0xda, 0xed, 0xdf, 0xb5,
-    0x45, 0x46, 0xbf, 0xf3, 0xc8, 0x5e, 0x6b, 0xb7, 0x7e, 0xd5, 0x13, 0x42,
-    0xff, 0xf1, 0x64, 0xd2, 0x7d, 0x48, 0xb3, 0x7b, 0xac, 0xbe, 0x28, 0xce,
-    0x96, 0x56, 0x23, 0xbc, 0xe6, 0xdc, 0x4e, 0xf2, 0x55, 0xfe, 0x11, 0xf7,
-    0x8b, 0xf3, 0x6c, 0xb2, 0x85, 0x9f, 0xac, 0x1e, 0x5f, 0xb6, 0x13, 0x68,
-    0xd9, 0x65, 0xf7, 0x6e, 0xfd, 0xaa, 0x2a, 0xf5, 0x61, 0xee, 0x68, 0xb2,
-    0xff, 0xf7, 0xdb, 0xdc, 0x89, 0x7e, 0x0c, 0x72, 0x59, 0x7f, 0xf7, 0x81,
-    0x83, 0xfe, 0x0c, 0x6d, 0xd2, 0xcb, 0xef, 0x69, 0xba, 0x59, 0x7e, 0xdf,
-    0x05, 0xf0, 0xac, 0xbf, 0xf3, 0xf5, 0x2e, 0x67, 0x63, 0xce, 0x96, 0x56,
-    0x1f, 0x53, 0x94, 0xdf, 0xcc, 0x31, 0xc6, 0xa1, 0x65, 0xfb, 0x84, 0xf1,
-    0xc5, 0x97, 0xff, 0xfe, 0xc2, 0x61, 0x9d, 0xdc, 0xbb, 0x1f, 0xe3, 0x06,
-    0xc5, 0xb2, 0xca, 0x84, 0x47, 0xc8, 0x9a, 0xff, 0xe7, 0xfc, 0xcf, 0xef,
-    0x75, 0xdb, 0x12, 0xcb, 0xff, 0xf0, 0x08, 0x27, 0x10, 0x63, 0x80, 0x1e,
-    0x33, 0xcb, 0x2f, 0xe7, 0xf7, 0x33, 0xaf, 0x2c, 0xae, 0x91, 0x08, 0x4a,
-    0xd6, 0x17, 0x8a, 0xc9, 0xbb, 0x21, 0xe9, 0x25, 0x91, 0x75, 0x08, 0xdf,
-    0x90, 0x7a, 0x17, 0x66, 0x11, 0x09, 0x0c, 0xab, 0xf6, 0xbb, 0x77, 0xed,
-    0x51, 0x5b, 0x2f, 0xfa, 0x42, 0xf3, 0x5d, 0xbb, 0xf6, 0xa8, 0x90, 0x57,
-    0xd8, 0x78, 0xdc, 0x59, 0x61, 0x78, 0x8a, 0x37, 0x36, 0xe2, 0x4d, 0xf1,
-    0xd8, 0xa1, 0x65, 0xfb, 0x5d, 0xbb, 0xf6, 0xa8, 0x90, 0xd7, 0xf6, 0x83,
-    0xbe, 0x0c, 0x3a, 0xcb, 0xf8, 0xb3, 0x9e, 0x94, 0x2c, 0xbe, 0x16, 0xf2,
-    0x17, 0x08, 0xb3, 0xc2, 0x06, 0x36, 0xde, 0x63, 0x7f, 0xb3, 0xcc, 0x3c,
-    0x29, 0x96, 0x5f, 0xe7, 0x34, 0x59, 0xa6, 0xe6, 0xe2, 0xcb, 0x70, 0x59,
-    0xf6, 0x91, 0x95, 0xe7, 0x7e, 0xd7, 0x18, 0x1a, 0xa0, 0xf4, 0xbb, 0x29,
-    0xb7, 0x6b, 0x2d, 0xb8, 0xb2, 0xb0, 0xd3, 0x7c, 0x4a, 0xe3, 0x3c, 0xb2,
-    0xf7, 0x18, 0xd5, 0x94, 0x33, 0x6b, 0xd0, 0xc5, 0xd3, 0xc6, 0xcb, 0x2f,
-    0xfb, 0xf1, 0xee, 0x4f, 0x5c, 0x9e, 0x09, 0x65, 0x4f, 0x67, 0xc1, 0x21,
-    0xdb, 0xef, 0x7b, 0x37, 0x56, 0x58, 0x96, 0x59, 0x96, 0x54, 0xf4, 0x68,
-    0x05, 0x58, 0x85, 0xff, 0xe1, 0x56, 0x2a, 0xe7, 0xaf, 0xc1, 0xc9, 0xfe,
-    0xda, 0x59, 0x6e, 0x96, 0x5e, 0xf6, 0x01, 0x65, 0xcc, 0x4b, 0x2f, 0x07,
-    0xd8, 0xb2, 0xe8, 0x99, 0x65, 0xfc, 0x7c, 0xec, 0x9f, 0x71, 0x65, 0xec,
-    0x6d, 0x96, 0x58, 0x45, 0x95, 0x87, 0xbd, 0xa3, 0x00, 0x8e, 0x5f, 0x87,
-    0x1e, 0x71, 0xac, 0xb9, 0xb7, 0xac, 0xa8, 0x37, 0xfe, 0x27, 0xbd, 0xfc,
-    0xe2, 0xcb, 0x3a, 0xca, 0x19, 0xac, 0xf0, 0xe5, 0x0d, 0x3a, 0xed, 0xc1,
-    0x29, 0x87, 0x34, 0x2b, 0xf1, 0xce, 0x3a, 0xf9, 0xb4, 0x44, 0xcb, 0xef,
-    0x71, 0xb7, 0xac, 0xb1, 0x2c, 0xbf, 0x0e, 0x0b, 0x6d, 0xc5, 0x97, 0xfa,
-    0x0d, 0x10, 0x00, 0x8e, 0x96, 0x54, 0x1f, 0x0e, 0xc5, 0x77, 0xe7, 0xfb,
-    0x1f, 0x16, 0x56, 0x22, 0xe4, 0x9c, 0x77, 0x91, 0x5f, 0xd9, 0xdf, 0xe2,
-    0x26, 0x59, 0x69, 0xf5, 0x94, 0xc7, 0xe5, 0xf3, 0x00, 0x97, 0x5e, 0x20,
-    0x71, 0x65, 0xf9, 0xf6, 0x13, 0x26, 0x59, 0x58, 0x78, 0xc4, 0x39, 0x7b,
-    0xb2, 0xdc, 0x59, 0x7f, 0xe7, 0x33, 0xec, 0xf2, 0xf3, 0x6c, 0xb2, 0x9c,
-    0xf7, 0xc8, 0x82, 0xff, 0xc0, 0xce, 0xb8, 0x26, 0x98, 0xf8, 0xb2, 0xe6,
-    0x99, 0x65, 0xb3, 0xa3, 0xd7, 0xd2, 0x05, 0xf6, 0xdc, 0xe9, 0x96, 0x5f,
-    0xfe, 0x8e, 0xa4, 0xc7, 0x33, 0x08, 0x7f, 0x85, 0x95, 0x89, 0xc6, 0x69,
-    0xfc, 0x9d, 0xf8, 0x50, 0x12, 0x4b, 0xf3, 0x8c, 0x48, 0x25, 0x97, 0xf9,
-    0x83, 0xb9, 0xf8, 0xcd, 0x96, 0x5f, 0xfb, 0x5e, 0x10, 0x9f, 0xbc, 0x2e,
-    0xd6, 0x5f, 0x41, 0xda, 0x7d, 0x65, 0xd1, 0xba, 0xb2, 0xff, 0xc6, 0x3c,
-    0xb5, 0x8d, 0xf8, 0x1a, 0xcb, 0xee, 0xdd, 0xfb, 0x54, 0x58, 0x8b, 0xf6,
-    0xb4, 0xe5, 0xe5, 0x97, 0xf6, 0xbe, 0xfc, 0xc1, 0x16, 0x5e, 0x1f, 0xc2,
-    0xb2, 0x98, 0xf2, 0xdc, 0xba, 0xc6, 0x2c, 0xbb, 0x8c, 0xb2, 0x98, 0xd4,
-    0x00, 0x4a, 0xff, 0xd2, 0xce, 0x7b, 0xf8, 0xda, 0x92, 0xca, 0x63, 0xde,
-    0x09, 0x05, 0xfd, 0x11, 0xd1, 0xdc, 0x6b, 0x2f, 0x04, 0xa4, 0xb2, 0xff,
-    0x77, 0x19, 0xa0, 0x03, 0xcb, 0x2b, 0x65, 0x5f, 0xd2, 0x27, 0xc3, 0x6e,
-    0xd0, 0x3a, 0x24, 0x61, 0x9d, 0x1f, 0x1c, 0xc3, 0xee, 0x45, 0x0a, 0x6e,
-    0x10, 0xf8, 0xb4, 0x23, 0x97, 0xda, 0x82, 0x35, 0x65, 0xe9, 0x46, 0xe2,
-    0xca, 0xc3, 0xc1, 0x98, 0x8a, 0xcc, 0xb2, 0xcc, 0xb2, 0xd2, 0x34, 0xd0,
-    0x00, 0x42, 0xfc, 0x24, 0xfe, 0x6a, 0x16, 0x5c, 0x1d, 0x2c, 0xbe, 0xf4,
-    0x16, 0xcb, 0x2a, 0x63, 0x73, 0xe1, 0x7b, 0x12, 0xcb, 0xa0, 0x96, 0x5f,
-    0xd1, 0xc1, 0x36, 0x8d, 0x96, 0x51, 0x1e, 0xaf, 0x04, 0x04, 0x15, 0xbe,
-    0xdc, 0xf8, 0x77, 0x16, 0x54, 0x26, 0x67, 0x8c, 0x8c, 0xee, 0x12, 0xfb,
-    0xfe, 0x0e, 0xc5, 0x83, 0xf8, 0x4d, 0x59, 0x46, 0xa7, 0xa3, 0xf8, 0xd6,
-    0xc8, 0xee, 0xfb, 0xfc, 0x0c, 0x2c, 0xbf, 0xfd, 0x9d, 0x74, 0x07, 0xf7,
-    0x18, 0xba, 0x92, 0xcb, 0xff, 0xa3, 0x39, 0x84, 0x36, 0x04, 0x12, 0xcb,
-    0xc5, 0x1b, 0x2c, 0xa6, 0x45, 0x41, 0x26, 0x05, 0x02, 0xfa, 0x35, 0x07,
-    0x59, 0x50, 0x98, 0xcc, 0xa1, 0x95, 0xc2, 0xeb, 0xe1, 0x89, 0x3d, 0x49,
-    0x65, 0xf8, 0x1d, 0xfd, 0x85, 0x6b, 0x2f, 0x7f, 0x00, 0xb2, 0xfe, 0xeb,
-    0x9f, 0x86, 0xf2, 0xcb, 0x9f, 0xcb, 0x29, 0x8f, 0x10, 0xe5, 0xd7, 0xbf,
-    0x00, 0x59, 0x70, 0x67, 0xd6, 0x5f, 0x31, 0x46, 0xcb, 0x2f, 0xff, 0xbd,
-    0x9d, 0x48, 0x83, 0xe7, 0x62, 0x81, 0xac, 0xbf, 0x8e, 0x59, 0x1b, 0x93,
-    0x2c, 0xb0, 0x16, 0x54, 0x1e, 0x0b, 0x18, 0x5e, 0x78, 0xe9, 0x65, 0x4f,
-    0x09, 0xfc, 0xe1, 0x4f, 0x65, 0xba, 0x60, 0xf9, 0x09, 0x0e, 0x70, 0x6b,
-    0xc4, 0x33, 0xf0, 0x8f, 0xdd, 0x20, 0xbc, 0xfe, 0xe2, 0xcb, 0xff, 0xed,
-    0x48, 0xe5, 0x1a, 0x81, 0xe4, 0xd1, 0xf5, 0x94, 0xc7, 0xd6, 0xe3, 0x97,
-    0xd9, 0xdb, 0xf1, 0x65, 0xf6, 0xf0, 0xbf, 0x16, 0x59, 0x96, 0x5f, 0xf4,
-    0x7b, 0x9c, 0xf4, 0x74, 0x62, 0xcb, 0xf3, 0x69, 0x8c, 0x15, 0xac, 0xb7,
-    0x4b, 0x2a, 0x48, 0xef, 0xc2, 0x06, 0x22, 0x98, 0x93, 0x42, 0x1f, 0x3b,
-    0x10, 0xb2, 0xff, 0xcd, 0xfe, 0xa5, 0x9e, 0xce, 0xbc, 0xb2, 0xff, 0x7f,
-    0x0f, 0x8f, 0xad, 0x96, 0x54, 0x8f, 0xcc, 0x68, 0x17, 0xef, 0x79, 0xe5,
-    0xc5, 0x97, 0xb3, 0x50, 0xb2, 0xf1, 0x61, 0xd6, 0x4f, 0x97, 0x77, 0xfe,
-    0x0e, 0x74, 0x3d, 0xff, 0xc7, 0x99, 0x65, 0x74, 0x8b, 0x29, 0x90, 0xf7,
-    0x96, 0xda, 0x4b, 0x2f, 0x75, 0xc7, 0x59, 0x7d, 0x98, 0x67, 0x16, 0x54,
-    0x1e, 0x86, 0x08, 0xf8, 0x76, 0xdb, 0xd6, 0x5c, 0x12, 0x59, 0x61, 0x5a,
-    0xcb, 0x6f, 0x59, 0x50, 0x9e, 0xb6, 0x43, 0x53, 0x50, 0x84, 0x01, 0x6f,
-    0x04, 0xfc, 0x2d, 0xbc, 0x56, 0xfe, 0xee, 0x3d, 0xfc, 0x02, 0xcb, 0xf8,
-    0x4c, 0xd6, 0x64, 0xcb, 0x28, 0x8f, 0x73, 0x85, 0xd7, 0xee, 0xb9, 0x1a,
-    0xe2, 0xcb, 0xfe, 0x7f, 0x70, 0x61, 0x7d, 0x49, 0x65, 0xfe, 0xdb, 0xa9,
-    0x70, 0x9a, 0x65, 0x97, 0xde, 0x20, 0xec, 0xb2, 0xa0, 0xf6, 0x48, 0xda,
-    0xa1, 0x1f, 0x98, 0x42, 0x45, 0x21, 0x84, 0x95, 0xfd, 0xa9, 0x03, 0x32,
-    0x65, 0x97, 0x04, 0x45, 0x97, 0xcf, 0x0d, 0x3e, 0xb2, 0xfe, 0x1f, 0xdb,
-    0x7c, 0x12, 0xcb, 0xb9, 0x32, 0xcb, 0xda, 0x13, 0x8b, 0x2b, 0x11, 0x9a,
-    0x69, 0x76, 0x86, 0x08, 0x8f, 0xc5, 0xdb, 0xc6, 0x2f, 0xfb, 0x86, 0xea,
-    0x07, 0xf8, 0xde, 0xb2, 0xfa, 0x42, 0x7e, 0x16, 0x5e, 0xd4, 0x49, 0x65,
-    0x39, 0xbf, 0xde, 0x47, 0x7e, 0x3e, 0x36, 0xa6, 0x59, 0x6d, 0xc5, 0x95,
-    0x06, 0xf1, 0xca, 0x2f, 0x84, 0x8d, 0xde, 0x2c, 0xbf, 0xf1, 0x13, 0x9f,
-    0x98, 0x78, 0xdc, 0x59, 0x7f, 0xe6, 0xd9, 0xcb, 0xef, 0xc8, 0xdc, 0x59,
-    0x7b, 0xf1, 0xf5, 0x94, 0xb2, 0xd8, 0x33, 0x4e, 0x71, 0xcb, 0xed, 0x31,
-    0x9b, 0x8b, 0x29, 0x91, 0xe5, 0xf3, 0xf2, 0x67, 0xe1, 0x35, 0xff, 0xed,
-    0x31, 0xe3, 0xaf, 0xc0, 0xc9, 0xf7, 0x16, 0x50, 0xd3, 0x9f, 0xe4, 0x63,
-    0x1e, 0x3b, 0xbe, 0xef, 0xf1, 0xa5, 0x97, 0x9b, 0x34, 0xb2, 0xba, 0x37,
-    0xc2, 0x11, 0xdf, 0xe0, 0x05, 0xc4, 0xfc, 0x49, 0x65, 0x42, 0xbb, 0xbc,
-    0x58, 0x67, 0xbf, 0xaf, 0x3c, 0x77, 0xc1, 0x75, 0x30, 0x8e, 0xe8, 0x92,
-    0xcb, 0xf7, 0x7f, 0x8e, 0xb7, 0x56, 0x50, 0xcf, 0x0f, 0xa1, 0x6b, 0x0d,
-    0x65, 0xf8, 0x9c, 0xf1, 0xf5, 0x95, 0x86, 0xdd, 0x84, 0x6f, 0xff, 0x41,
-    0xe2, 0x43, 0x28, 0xfb, 0xe6, 0x96, 0x5c, 0xdf, 0x59, 0x4b, 0x2a, 0x47,
-    0xd1, 0xe4, 0x79, 0xf1, 0x6b, 0xf1, 0x47, 0xe3, 0x71, 0x65, 0xef, 0x60,
-    0x16, 0x5f, 0xc7, 0x6e, 0x71, 0x86, 0xb2, 0xf3, 0xe8, 0xd5, 0x94, 0x13,
-    0xca, 0x30, 0xb6, 0xfe, 0x2c, 0xde, 0x59, 0xc5, 0x97, 0x36, 0x96, 0x57,
-    0x67, 0x87, 0xf2, 0xdb, 0xfd, 0xb9, 0x38, 0x48, 0x27, 0x35, 0x65, 0xfe,
-    0x93, 0xe1, 0x67, 0xb8, 0xb2, 0xfe, 0x1e, 0x61, 0x75, 0xe5, 0x95, 0x88,
-    0x97, 0xe8, 0xe4, 0x06, 0x37, 0xc3, 0x87, 0xd2, 0xcb, 0xff, 0x67, 0x52,
-    0xfc, 0x70, 0xdf, 0xc2, 0xca, 0x85, 0x6a, 0x72, 0x5a, 0xea, 0x10, 0xec,
-    0x65, 0x31, 0x4e, 0x99, 0xbe, 0xcc, 0x50, 0xba, 0xe1, 0x86, 0xe9, 0x0d,
-    0xf7, 0x9d, 0xf6, 0x59, 0x69, 0xf5, 0x97, 0x4b, 0x8b, 0x2c, 0xf2, 0x35,
-    0x7d, 0x0a, 0x5f, 0x79, 0x88, 0xc4, 0x96, 0x0a, 0xcb, 0x46, 0x1b, 0x3f,
-    0x91, 0x5d, 0x9a, 0x59, 0x7f, 0x8b, 0xdc, 0xeb, 0x8f, 0xb8, 0xb2, 0xfe,
-    0xc1, 0xee, 0x67, 0x5b, 0x8b, 0x29, 0xcf, 0xac, 0x8d, 0xeb, 0x71, 0x36,
-    0xd7, 0x4d, 0x02, 0xd1, 0x12, 0x86, 0x10, 0x37, 0x84, 0xf8, 0x56, 0x5f,
-    0xf8, 0xe1, 0x9b, 0xae, 0x44, 0xcd, 0xbd, 0x65, 0xfe, 0x6e, 0x7d, 0xca,
-    0x21, 0x65, 0xc1, 0xfa, 0xca, 0xd1, 0xe3, 0x9c, 0xc2, 0xff, 0xfb, 0x3f,
-    0xd4, 0xb9, 0x34, 0x98, 0xbd, 0x00, 0x59, 0x7f, 0x41, 0xca, 0x3a, 0x92,
-    0xca, 0x63, 0xfe, 0xfa, 0x8d, 0xed, 0x6b, 0x16, 0x5e, 0xea, 0x5c, 0x59,
-    0x77, 0xdb, 0x86, 0xe8, 0xc1, 0xcb, 0xed, 0x63, 0xee, 0xac, 0xbd, 0x06,
-    0x49, 0x65, 0xff, 0x67, 0xb9, 0xac, 0xe4, 0x74, 0xb2, 0xf6, 0x3f, 0x6b,
-    0x2b, 0xb3, 0xf2, 0x61, 0xd2, 0x39, 0xbf, 0xf4, 0x18, 0x26, 0xdc, 0xc3,
-    0xc6, 0xe2, 0xca, 0xd9, 0x51, 0x80, 0xe1, 0x41, 0xda, 0xde, 0x8b, 0x7f,
-    0x09, 0x6f, 0x17, 0x5d, 0xce, 0x96, 0x5d, 0x9c, 0x59, 0x76, 0xee, 0x96,
-    0x54, 0x2b, 0x68, 0xc9, 0x57, 0x6c, 0xca, 0x20, 0xc6, 0xe8, 0xb5, 0xff,
-    0xda, 0xec, 0x2e, 0x3c, 0x21, 0xfd, 0x96, 0x5f, 0xb3, 0xfd, 0x4b, 0x8b,
-    0x2f, 0xc7, 0x17, 0xde, 0xf3, 0x16, 0x53, 0x1e, 0xc0, 0x85, 0x37, 0x1e,
-    0x16, 0x5e, 0x6d, 0xf8, 0xb2, 0xff, 0xbb, 0x27, 0xe7, 0x03, 0x1d, 0xac,
-    0xac, 0x3e, 0xdf, 0x0b, 0x04, 0x76, 0xff, 0xce, 0xde, 0x96, 0x1a, 0x58,
-    0x05, 0x97, 0xee, 0xa4, 0x58, 0x35, 0x95, 0xf3, 0xe5, 0x23, 0xdb, 0xdf,
-    0xc3, 0x16, 0x5f, 0xcd, 0xcf, 0xb4, 0x32, 0xcb, 0xff, 0xf1, 0x66, 0x77,
-    0xf8, 0xdc, 0x2c, 0xf6, 0x30, 0x16, 0x51, 0xd1, 0x00, 0xe5, 0x77, 0xfb,
-    0x0b, 0xa8, 0xe3, 0xee, 0x2c, 0xbf, 0x14, 0xd1, 0xf8, 0x59, 0x4b, 0x2e,
-    0xc1, 0xac, 0xb8, 0x0f, 0xd1, 0xa1, 0xde, 0x17, 0x7e, 0xcf, 0xf4, 0xfb,
-    0x8b, 0x2f, 0x81, 0xc8, 0x25, 0x97, 0xfb, 0x5f, 0x76, 0xe3, 0x6f, 0x59,
-    0x71, 0xac, 0xb2, 0xa0, 0xfb, 0x30, 0x85, 0xcd, 0x2f, 0xfd, 0x84, 0x4f,
-    0xe9, 0xd2, 0x83, 0xac, 0xb7, 0x6b, 0x2b, 0xe7, 0xa0, 0x13, 0xeb, 0xf3,
-    0xf8, 0x2e, 0x22, 0xca, 0x85, 0xca, 0x71, 0xc2, 0x73, 0x21, 0x1e, 0xd0,
-    0x93, 0xdc, 0x21, 0x3c, 0x27, 0x7e, 0x44, 0xe6, 0xa0, 0x48, 0x22, 0xfe,
-    0x42, 0x5f, 0xcf, 0x81, 0x22, 0xbf, 0x8c, 0x8d, 0x69, 0xe6, 0x59, 0x7f,
-    0xc3, 0x8e, 0xc4, 0x00, 0x23, 0xa5, 0x97, 0xb8, 0xfd, 0x2c, 0xbf, 0xe7,
-    0xd6, 0x1d, 0xa7, 0xe0, 0xeb, 0x2b, 0xb4, 0x49, 0xb1, 0xe0, 0x47, 0x6f,
-    0x9f, 0x9b, 0x82, 0x2c, 0xbf, 0x74, 0x31, 0xb7, 0x16, 0x5e, 0xd6, 0x71,
-    0x65, 0x41, 0xe2, 0xe1, 0x4d, 0xf7, 0xa3, 0xa9, 0x2c, 0xbf, 0x98, 0x13,
-    0xe4, 0xc0, 0x59, 0x76, 0x01, 0x65, 0x6c, 0x7d, 0x1a, 0x23, 0x22, 0xfb,
-    0xff, 0xbe, 0xed, 0xec, 0xd0, 0x0e, 0xf2, 0x59, 0x78, 0x7f, 0x65, 0x94,
-    0xc7, 0xbe, 0x14, 0x3b, 0xfd, 0x31, 0x39, 0x98, 0x40, 0x59, 0x78, 0xa3,
-    0x65, 0x94, 0xe7, 0x9e, 0x46, 0x77, 0xbd, 0x82, 0x2c, 0xa8, 0x56, 0x41,
-    0x90, 0xc2, 0x34, 0xc3, 0xed, 0x6f, 0x08, 0x8e, 0x42, 0x38, 0x2e, 0x1b,
-    0xa4, 0x17, 0xf1, 0x44, 0xa3, 0x7c, 0x2c, 0xb0, 0x16, 0x5f, 0x8d, 0x72,
-    0x0c, 0xcb, 0x2a, 0x0d, 0xd0, 0x44, 0x6f, 0x82, 0xdb, 0xa7, 0x59, 0x7f,
-    0x6f, 0xd3, 0xc3, 0x4f, 0xac, 0xb9, 0xb6, 0x59, 0x6c, 0x59, 0x4c, 0x98,
-    0x24, 0xcc, 0xfa, 0x20, 0x39, 0x2b, 0x98, 0x90, 0xbd, 0xfb, 0x3f, 0xbd,
-    0xb4, 0xb2, 0xff, 0x14, 0xbe, 0xdb, 0xf0, 0x6b, 0x2d, 0x0b, 0x29, 0xcf,
-    0x10, 0x8d, 0x2f, 0x66, 0xa1, 0x65, 0xf4, 0xc6, 0x41, 0xab, 0x2f, 0x8b,
-    0xdb, 0xb0, 0xb2, 0xfb, 0x6f, 0x67, 0x6b, 0x2f, 0xf3, 0x9a, 0x27, 0xff,
-    0x12, 0x59, 0x50, 0x8b, 0xdc, 0x1b, 0x62, 0x57, 0x24, 0x9f, 0x24, 0xbf,
-    0xf7, 0xf0, 0x63, 0x6e, 0xb3, 0xaf, 0x2c, 0xbf, 0xa7, 0x0c, 0x47, 0xd6,
-    0x96, 0x56, 0xc7, 0xe2, 0x34, 0x0b, 0xfc, 0x3c, 0xf7, 0xe0, 0xbb, 0x59,
-    0x7a, 0x1a, 0x7d, 0x65, 0xf7, 0xb8, 0x21, 0xd6, 0x53, 0x9e, 0x10, 0x47,
-    0xaf, 0xf8, 0x73, 0xb3, 0x91, 0x9a, 0x02, 0xcb, 0xdf, 0x13, 0x8b, 0x2b,
-    0x0f, 0x61, 0xce, 0xaf, 0x73, 0xec, 0xb2, 0xff, 0x30, 0xfc, 0x4f, 0xd7,
-    0x16, 0x52, 0xcb, 0xfb, 0x8d, 0xd6, 0x75, 0xe5, 0x95, 0xd1, 0xba, 0xf0,
-    0x5d, 0xdb, 0x42, 0xca, 0x84, 0x53, 0x3b, 0x68, 0x48, 0xaf, 0xb3, 0x8c,
-    0x05, 0x95, 0x0a, 0x90, 0xb6, 0x23, 0x1b, 0xaf, 0xde, 0x40, 0x40, 0x50,
-    0xc2, 0x9f, 0x2e, 0xa9, 0xe9, 0xda, 0xc9, 0x0a, 0x55, 0x67, 0x88, 0x41,
-    0x0a, 0x09, 0xe7, 0x92, 0x28, 0xaa, 0x2c, 0x89, 0x41, 0x1b, 0x3b, 0xca,
-    0x34, 0xf1, 0xca, 0x00, 0xc9, 0x68, 0xe6, 0xc3, 0xeb, 0xb9, 0x42, 0x7d,
-    0x46, 0xa0, 0xd2, 0x8b, 0xa6, 0x8f, 0xd7, 0x52, 0xab, 0x4f, 0x1e, 0x3f,
-    0xe7, 0x31, 0xde, 0x5f, 0xf8, 0x25, 0x03, 0x0a, 0xd4, 0x4a, 0x5c, 0x37,
-    0x27, 0x3e, 0xfd, 0x2f, 0xb0, 0x31, 0xc3, 0xef, 0x56, 0x31, 0xb6, 0x7e,
-    0x1b, 0xa2, 0x4a, 0xfc, 0xbb, 0xb8, 0x59, 0x7c, 0xfd, 0xc6, 0x96, 0x51,
-    0x86, 0xe7, 0x74, 0x5e, 0xe3, 0x31, 0x65, 0xff, 0x9a, 0x3d, 0xf7, 0x37,
-    0x08, 0x0b, 0x2f, 0xff, 0x3e, 0xa7, 0x3f, 0xa7, 0x7b, 0xae, 0xd8, 0x96,
-    0x53, 0x22, 0x8f, 0xe2, 0xfb, 0xcf, 0x6f, 0x6b, 0x24, 0xb2, 0xe6, 0x3a,
-    0xca, 0xf1, 0xb2, 0xdd, 0x1c, 0xbf, 0xb3, 0xd0, 0xc7, 0xe2, 0xcb, 0xd0,
-    0x06, 0x59, 0x7f, 0x44, 0xb3, 0x59, 0xc5, 0x97, 0xef, 0xe7, 0xa3, 0xeb,
-    0x28, 0x67, 0xa6, 0xe5, 0x97, 0xff, 0xb5, 0xa0, 0xcb, 0x59, 0x1d, 0x49,
-    0x8e, 0xb2, 0xe9, 0x99, 0x65, 0x61, 0xf1, 0x3a, 0x5d, 0xee, 0x09, 0xc5,
-    0x97, 0xff, 0x4b, 0xc1, 0xd8, 0x5f, 0xdc, 0xed, 0xc5, 0x97, 0xfe, 0xf8,
-    0x7a, 0xe4, 0x1d, 0xfa, 0xf2, 0xcb, 0x67, 0x48, 0x89, 0xf2, 0x45, 0xff,
-    0xbd, 0x07, 0xe4, 0x36, 0xcf, 0xe5, 0x97, 0xf3, 0xee, 0x3e, 0x75, 0xe5,
-    0x95, 0xd1, 0xf7, 0x7c, 0xfa, 0xff, 0x3e, 0x0d, 0xba, 0x27, 0x59, 0x58,
-    0x7a, 0x81, 0x23, 0xb8, 0x66, 0xac, 0xbe, 0x8f, 0x49, 0xd6, 0x5f, 0x6b,
-    0x76, 0x09, 0x65, 0x89, 0x65, 0x41, 0xb4, 0x30, 0x92, 0xf7, 0x8a, 0x16,
-    0x5d, 0xf1, 0x70, 0xb9, 0xd1, 0x90, 0xc8, 0x66, 0x39, 0x89, 0x34, 0x58,
-    0x76, 0xef, 0xc2, 0x0d, 0xc8, 0x0a, 0x14, 0xfc, 0x87, 0x5f, 0x88, 0x77,
-    0x8c, 0x18, 0xaa, 0x21, 0x0d, 0x0b, 0x64, 0x26, 0xc4, 0xfb, 0x4d, 0xfd,
-    0x9a, 0xed, 0xdf, 0xb5, 0x45, 0x9a, 0xbf, 0xc0, 0x8e, 0x33, 0xf4, 0x62,
-    0xcb, 0xf0, 0x66, 0xfb, 0x0d, 0x65, 0xff, 0xb0, 0x79, 0x86, 0x8c, 0x9b,
-    0x65, 0x97, 0x9f, 0x3c, 0xb2, 0xfb, 0x5f, 0x71, 0x6c, 0x8b, 0x63, 0x9a,
-    0x11, 0x4f, 0x0f, 0xaf, 0xf7, 0xbf, 0x8d, 0xb1, 0xe1, 0x65, 0xff, 0xa3,
-    0x40, 0xf7, 0x3f, 0x8c, 0x35, 0x97, 0x4f, 0x6e, 0xb2, 0xdb, 0x2c, 0xbd,
-    0x28, 0xe9, 0x65, 0xb2, 0x0d, 0x7c, 0xc2, 0x57, 0xcc, 0x4f, 0xb2, 0xca,
-    0xc4, 0xc0, 0xbe, 0x66, 0xe7, 0xc4, 0x95, 0xc2, 0x6b, 0x7d, 0x65, 0xfb,
-    0xf1, 0xcf, 0xb2, 0xcb, 0xff, 0x37, 0xa0, 0xe4, 0xe6, 0xfd, 0x96, 0x5d,
-    0x1f, 0x59, 0x7f, 0x16, 0x6f, 0xfb, 0xc9, 0x65, 0x85, 0xec, 0x8b, 0x9c,
-    0x11, 0x98, 0x9f, 0xe7, 0xbe, 0x16, 0xa1, 0x69, 0xaa, 0x6e, 0xc6, 0x03,
-    0x7f, 0xfc, 0x17, 0xdb, 0x58, 0x71, 0x7f, 0x8d, 0x88, 0x2b, 0x28, 0x5a,
-    0xe0, 0xeb, 0x43, 0xc5, 0xe5, 0x55, 0x11, 0x7d, 0xf3, 0x1c, 0x4d, 0x2c,
-    0xbd, 0xf6, 0x31, 0x65, 0xf7, 0x0a, 0x0c, 0x59, 0x7b, 0xbc, 0xfa, 0xcb,
-    0xb9, 0x0b, 0x2f, 0xc1, 0xe7, 0xa3, 0x8b, 0x2a, 0x46, 0xfa, 0x61, 0x6a,
-    0x83, 0xfd, 0x65, 0xbb, 0xf8, 0xa0, 0xfc, 0x6d, 0x96, 0x5e, 0x2d, 0x05,
-    0x65, 0x48, 0xf2, 0x58, 0xb6, 0xe3, 0x34, 0xb2, 0xfc, 0x16, 0x15, 0x05,
-    0x33, 0xd2, 0xcb, 0xc1, 0xeb, 0x8b, 0x2f, 0xc2, 0x78, 0xa0, 0x0b, 0x2b,
-    0x47, 0x8d, 0xbc, 0x7a, 0xfd, 0xb0, 0x64, 0x18, 0x59, 0x50, 0x79, 0xac,
-    0x49, 0x7c, 0xc7, 0x6d, 0xd5, 0x97, 0x04, 0x45, 0x97, 0x8b, 0x38, 0xb2,
-    0xa0, 0xf5, 0xe6, 0x24, 0x10, 0x62, 0xfb, 0xed, 0xd7, 0x16, 0x5d, 0x1d,
-    0x2c, 0xb9, 0xa7, 0xd6, 0x56, 0xe1, 0xe9, 0xcc, 0x46, 0x20, 0xbd, 0xda,
-    0x35, 0x65, 0xc7, 0x17, 0x0a, 0xe4, 0x06, 0x47, 0xd0, 0xeb, 0x42, 0x7e,
-    0x66, 0x9d, 0x10, 0x9c, 0x63, 0xf0, 0xc9, 0x77, 0x70, 0xc2, 0x0c, 0x43,
-    0x4b, 0xb1, 0x96, 0x5d, 0x83, 0x59, 0x7e, 0xd7, 0x6e, 0xfd, 0xaa, 0x28,
-    0x05, 0xfc, 0xfa, 0x6f, 0x73, 0x16, 0x5e, 0x79, 0x0b, 0xc3, 0xe2, 0xe1,
-    0xb5, 0xfe, 0x63, 0xc6, 0xe7, 0xf3, 0x65, 0x96, 0x17, 0x24, 0x7b, 0xe0,
-    0xa9, 0xde, 0x3e, 0x69, 0x7f, 0x17, 0xb9, 0x03, 0x85, 0x97, 0x48, 0xeb,
-    0x2f, 0xe6, 0xe4, 0xc5, 0x03, 0x59, 0x7b, 0x5d, 0x49, 0x65, 0x0c, 0xf2,
-    0xdc, 0xb6, 0xfd, 0x1d, 0x79, 0xf4, 0xb2, 0xfd, 0xee, 0x49, 0x80, 0xb2,
-    0xdb, 0xd6, 0x5b, 0xcb, 0x2a, 0x46, 0x93, 0xb1, 0x3b, 0xf9, 0xbf, 0x05,
-    0x1e, 0x59, 0x78, 0x6e, 0xcb, 0x2a, 0x13, 0x8b, 0x91, 0x66, 0x31, 0x31,
-    0x0b, 0x94, 0x12, 0x67, 0x08, 0x82, 0x57, 0x7a, 0x68, 0x92, 0xcb, 0xb5,
-    0xe5, 0x96, 0x17, 0x86, 0xd3, 0x83, 0xb7, 0xfd, 0x1e, 0xfe, 0x1f, 0x35,
-    0x8b, 0x2f, 0xa6, 0xcc, 0xed, 0x65, 0xfb, 0xc6, 0xbf, 0x05, 0xe8, 0xf6,
-    0x84, 0x37, 0xa9, 0x23, 0x14, 0xc8, 0x41, 0x50, 0xb4, 0xe3, 0xe2, 0x36,
-    0x6b, 0xb9, 0xe5, 0x96, 0x85, 0x96, 0xfa, 0xca, 0x39, 0xa1, 0x08, 0x85,
-    0xf0, 0xa7, 0x7f, 0x5c, 0x59, 0x78, 0x78, 0x75, 0x97, 0xff, 0x79, 0x83,
-    0xc1, 0x0f, 0xad, 0x31, 0xab, 0x2f, 0xff, 0xdb, 0xe3, 0xec, 0x3f, 0xc4,
-    0xb8, 0xff, 0x6e, 0x2c, 0xbf, 0xb9, 0x07, 0x28, 0x99, 0x65, 0xbe, 0xb2,
-    0xf0, 0x85, 0x32, 0xcb, 0x7b, 0x0d, 0x78, 0x04, 0x6e, 0xcd, 0x96, 0x56,
-    0x1b, 0xd2, 0x26, 0xbe, 0x63, 0xc4, 0xcb, 0x2b, 0x64, 0xe4, 0xe4, 0x38,
-    0xc8, 0xe0, 0x56, 0x28, 0x4c, 0xcf, 0x8f, 0xdf, 0xfe, 0x0e, 0xa5, 0x9c,
-    0x60, 0x8a, 0xca, 0x0e, 0xb2, 0xdc, 0x59, 0x7c, 0x36, 0x20, 0x2c, 0xa9,
-    0xc6, 0xc9, 0xc4, 0x6f, 0xff, 0xb5, 0xb0, 0xfe, 0xda, 0xe4, 0x6a, 0x66,
-    0xfa, 0xcb, 0xff, 0xb0, 0x1c, 0x27, 0x37, 0x37, 0xb6, 0x96, 0x5e, 0x08,
-    0xf1, 0x65, 0xfd, 0xaf, 0x14, 0x1f, 0x8b, 0x2f, 0xff, 0xda, 0x1b, 0x91,
-    0xbf, 0xcd, 0xcd, 0x31, 0xe0, 0xd5, 0x95, 0x88, 0x86, 0x09, 0x6d, 0xa7,
-    0xd6, 0x54, 0x26, 0xdf, 0x8a, 0x4c, 0x8b, 0xf8, 0x51, 0x00, 0x8a, 0xf3,
-    0xeb, 0x16, 0x5e, 0xe4, 0x01, 0x65, 0xf4, 0x98, 0xb1, 0x65, 0x78, 0xde,
-    0x18, 0x39, 0x7d, 0xdb, 0xbf, 0x6a, 0x8b, 0x7d, 0x7a, 0x7d, 0xfc, 0xb2,
-    0xff, 0x31, 0x41, 0xc0, 0xfe, 0x59, 0x7a, 0x6c, 0x02, 0xcb, 0xf0, 0x9b,
-    0x7e, 0x34, 0xb2, 0xbb, 0x4d, 0x01, 0x95, 0xf4, 0x44, 0x73, 0x0f, 0x8f,
-    0xb9, 0x8f, 0x87, 0x6f, 0xf9, 0xbf, 0x1d, 0x46, 0xe6, 0x74, 0xb2, 0xff,
-    0xff, 0x9e, 0x61, 0xb6, 0xbf, 0x83, 0x28, 0xed, 0xf6, 0x28, 0x3a, 0xcb,
-    0xfe, 0xd0, 0x79, 0xf7, 0x90, 0x19, 0x65, 0x98, 0x08, 0x9f, 0xf3, 0x35,
-    0xf7, 0xb8, 0xfe, 0x59, 0x7f, 0xed, 0x66, 0xe4, 0xdf, 0x73, 0xb7, 0x16,
-    0x5d, 0x9b, 0x61, 0xf2, 0x68, 0x8a, 0xbe, 0x8b, 0x92, 0x84, 0x65, 0x8c,
-    0x59, 0x7f, 0xce, 0x5d, 0xf2, 0x3e, 0xfb, 0x8b, 0x28, 0xd3, 0xcd, 0xf0,
-    0x95, 0xf6, 0x13, 0x4c, 0xb2, 0xf9, 0xb3, 0x5b, 0xd6, 0x5f, 0x75, 0x2d,
-    0xa1, 0x65, 0xe8, 0x32, 0x7d, 0x65, 0x61, 0xe2, 0x68, 0x92, 0xf7, 0xe3,
-    0x4b, 0x2f, 0xdf, 0x6d, 0x7d, 0xd6, 0x5f, 0xfe, 0xfc, 0x6d, 0xec, 0xf9,
-    0x67, 0xbe, 0xcb, 0x2f, 0x1f, 0x06, 0xb2, 0xc7, 0x59, 0x7f, 0xa3, 0x61,
-    0xe1, 0x9c, 0x17, 0x08, 0xb9, 0xc1, 0xc9, 0x89, 0xdd, 0x24, 0x41, 0xca,
-    0x92, 0x69, 0xff, 0x86, 0xd5, 0xf0, 0xcf, 0x9d, 0x2c, 0xbe, 0x97, 0x04,
-    0xe2, 0xca, 0x83, 0xc7, 0xf1, 0x1d, 0xf6, 0x7b, 0x98, 0xb2, 0xfe, 0x7e,
-    0x86, 0xc5, 0xb2, 0xca, 0x83, 0xcf, 0xd1, 0x0d, 0xee, 0x7c, 0x6b, 0x2f,
-    0xc2, 0x78, 0xa0, 0x0b, 0x28, 0xe7, 0x8b, 0xbc, 0x76, 0xe2, 0x85, 0x97,
-    0xff, 0x7b, 0x8d, 0xc8, 0x2c, 0xf7, 0xd9, 0x65, 0xff, 0x9f, 0x77, 0x4c,
-    0x6e, 0x7d, 0xa4, 0xb2, 0xff, 0x80, 0xde, 0x27, 0xf4, 0x0d, 0x65, 0xe2,
-    0xcf, 0xac, 0xad, 0x23, 0xa8, 0xe2, 0xbf, 0x42, 0xe2, 0x0e, 0xf3, 0x7b,
-    0xfe, 0x6e, 0x60, 0xe2, 0x66, 0x3a, 0xcb, 0xf0, 0xe3, 0x70, 0x27, 0x59,
-    0x7f, 0xcf, 0xc8, 0xc2, 0x1f, 0xe1, 0x65, 0xfe, 0xfc, 0x0d, 0xb7, 0xc0,
-    0xd6, 0x5f, 0xf6, 0xb3, 0xaf, 0x93, 0xee, 0x6c, 0xb2, 0xd8, 0x33, 0xf1,
-    0x39, 0xa5, 0xdc, 0xe6, 0x91, 0x9c, 0x50, 0xa7, 0xa8, 0x55, 0x7d, 0x91,
-    0x87, 0x76, 0x98, 0xc7, 0x0f, 0x0f, 0x9b, 0xf0, 0x99, 0xf7, 0x3a, 0xcb,
-    0x82, 0x6a, 0xcb, 0xe3, 0xcd, 0x02, 0x2c, 0xba, 0x3e, 0xb2, 0xff, 0xdb,
-    0xae, 0x71, 0x34, 0x03, 0xb7, 0x16, 0x57, 0x68, 0xbd, 0x39, 0x43, 0x8c,
-    0x11, 0x26, 0xe8, 0xb5, 0xe6, 0x2f, 0x2c, 0xb8, 0x3d, 0x2c, 0xbf, 0xe7,
-    0x97, 0xb9, 0x86, 0x7d, 0x96, 0x5e, 0xe9, 0xfe, 0xb2, 0x9d, 0x11, 0x20,
-    0x1b, 0x21, 0x80, 0x9c, 0xdf, 0xf6, 0xa3, 0x99, 0xd7, 0x9b, 0x4b, 0x2f,
-    0xf7, 0xc2, 0x43, 0xfb, 0x18, 0xb2, 0xff, 0xe9, 0x82, 0x37, 0x20, 0x4e,
-    0x63, 0xf9, 0x65, 0x7c, 0xfe, 0xfc, 0x69, 0x7b, 0x51, 0xe5, 0x97, 0xfe,
-    0x8f, 0x05, 0xf6, 0x8f, 0xc1, 0xd6, 0x5f, 0xd3, 0x38, 0xfe, 0xc7, 0x59,
-    0x7f, 0x79, 0xb0, 0x70, 0x75, 0x95, 0xd2, 0x26, 0x3c, 0x7c, 0x61, 0x75,
-    0xf3, 0xec, 0x12, 0x59, 0x77, 0x09, 0x65, 0xfd, 0xd7, 0x23, 0xbc, 0x3a,
-    0xcb, 0xe3, 0xf7, 0x84, 0xb2, 0xa1, 0x52, 0x2e, 0x42, 0xd3, 0x44, 0x4f,
-    0x0b, 0x42, 0x32, 0xe1, 0x10, 0x45, 0x84, 0x2f, 0xa5, 0x97, 0xe9, 0xa0,
-    0x8a, 0x16, 0x5d, 0xde, 0x96, 0x5c, 0xe4, 0xb2, 0xa0, 0xf7, 0x98, 0x2f,
-    0xc4, 0xc1, 0x18, 0xbf, 0x3e, 0xd1, 0xf7, 0x59, 0x78, 0xa0, 0xd5, 0x97,
-    0xd9, 0xb8, 0xff, 0x59, 0x78, 0x9f, 0xdd, 0x9e, 0x07, 0x07, 0x2f, 0xf8,
-    0xb3, 0xde, 0xc9, 0x9e, 0x65, 0x97, 0xa6, 0x0f, 0xd6, 0x5c, 0x33, 0xac,
-    0xbf, 0x64, 0xd2, 0x8e, 0x96, 0x56, 0x1e, 0xf1, 0xa3, 0xc4, 0x2f, 0x74,
-    0x12, 0xca, 0xed, 0x30, 0xd6, 0x33, 0xfc, 0x25, 0xcc, 0x2e, 0xbd, 0xf3,
-    0x1d, 0x65, 0xff, 0xc1, 0xe7, 0xde, 0x62, 0xc0, 0x07, 0x8b, 0x2f, 0xd8,
-    0x5e, 0x8e, 0x2c, 0xbc, 0xe4, 0x6a, 0xcb, 0x49, 0x65, 0xfe, 0x00, 0x03,
-    0xcd, 0xcc, 0xe9, 0x65, 0x61, 0xe4, 0xb8, 0x8d, 0xff, 0x9f, 0xae, 0xb8,
-    0xc3, 0xc3, 0x38, 0xb2, 0xa1, 0x58, 0x36, 0x46, 0xe8, 0xc8, 0x9a, 0x1d,
-    0xfa, 0x2b, 0x93, 0x13, 0x2f, 0x08, 0x2f, 0xff, 0x9f, 0xad, 0x66, 0x74,
-    0x67, 0xc3, 0x1d, 0x71, 0x65, 0xf9, 0xf6, 0xed, 0xc6, 0xb2, 0xff, 0x79,
-    0xb8, 0xfd, 0xbe, 0xcb, 0x2f, 0xce, 0x43, 0xfc, 0x2c, 0xbe, 0x03, 0x11,
-    0xab, 0x29, 0xcf, 0x20, 0x04, 0xd4, 0x29, 0x6e, 0x21, 0xe7, 0x83, 0x89,
-    0xe4, 0x43, 0x11, 0xde, 0xec, 0xbf, 0x27, 0xf1, 0xc7, 0x23, 0x91, 0xc6,
-    0x9a, 0xc9, 0xdc, 0x72, 0x9d, 0x3a, 0x31, 0x1e, 0xe1, 0x0c, 0xd1, 0xdb,
-    0x69, 0xc0, 0xee, 0x1f, 0x96, 0x48, 0xf1, 0x88, 0x82, 0x1a, 0xa5, 0x2a,
-    0x03, 0x90, 0xd8, 0xf4, 0xb4, 0x00, 0xba, 0x4f, 0xa9, 0x88, 0x53, 0xba,
-    0xf9, 0x74, 0x6c, 0xb2, 0xe7, 0xf2, 0xcb, 0xcf, 0xd0, 0xb1, 0x9a, 0xd3,
-    0x8b, 0xd0, 0xb5, 0x43, 0xc5, 0x1f, 0x4d, 0xfc, 0x31, 0x7c, 0xf7, 0x3a,
-    0x59, 0x7b, 0xb7, 0xed, 0x65, 0xff, 0xc2, 0x77, 0x3a, 0x35, 0xa6, 0x27,
-    0xed, 0x65, 0xfe, 0x9f, 0x72, 0x07, 0xa2, 0x65, 0x95, 0x88, 0x9c, 0x38,
-    0xf0, 0x89, 0x17, 0x4f, 0x73, 0xc2, 0xcb, 0xc7, 0x7e, 0x96, 0x5e, 0x03,
-    0xfd, 0x65, 0xff, 0x79, 0x8f, 0xcf, 0xe1, 0x8e, 0xb2, 0xed, 0xec, 0xb2,
-    0xfb, 0x5a, 0xc1, 0x16, 0x5f, 0xf4, 0x48, 0xc7, 0xd6, 0xb0, 0x45, 0x97,
-    0xb0, 0xc1, 0x73, 0xd2, 0x61, 0x10, 0x43, 0x83, 0xbd, 0x0e, 0x4c, 0x72,
-    0xe3, 0x04, 0x47, 0x6e, 0x0b, 0x4e, 0xd3, 0x68, 0xce, 0x2f, 0xff, 0xfb,
-    0xcd, 0xee, 0x7d, 0x85, 0xfb, 0xec, 0xe0, 0xc0, 0xeb, 0x65, 0x95, 0x0a,
-    0xc7, 0x9a, 0x54, 0x10, 0x4c, 0xef, 0xdb, 0x0b, 0x00, 0x7a, 0x59, 0x7f,
-    0xff, 0x9b, 0xc1, 0x7d, 0x85, 0xe4, 0xbf, 0x1a, 0xcc, 0x23, 0x56, 0x56,
-    0x91, 0x1e, 0x2b, 0x2d, 0xbf, 0xff, 0xfb, 0xb7, 0xd3, 0xfe, 0x59, 0xec,
-    0x1f, 0x1c, 0xf9, 0xad, 0xa3, 0xa5, 0x97, 0xf6, 0x0d, 0xcf, 0x84, 0xb2,
-    0xff, 0xfb, 0x02, 0x2b, 0xc2, 0x76, 0xfb, 0xfb, 0xf0, 0xb2, 0x99, 0x1d,
-    0xda, 0x73, 0xf9, 0x5d, 0xfb, 0x5d, 0xbb, 0xf6, 0xa8, 0xa5, 0x17, 0xff,
-    0xcf, 0xe2, 0xcd, 0xb5, 0x1f, 0x6f, 0xe6, 0x96, 0x5d, 0xc3, 0x16, 0x5f,
-    0xfb, 0xf0, 0x03, 0xbc, 0xb9, 0xc3, 0x16, 0x5e, 0x79, 0x0b, 0x84, 0xc2,
-    0xf0, 0xbc, 0x06, 0xdc, 0x4e, 0x10, 0x62, 0xff, 0xcd, 0xdb, 0xe9, 0xe4,
-    0xdc, 0x02, 0xcb, 0xf6, 0xbb, 0x77, 0xed, 0x51, 0x27, 0x2e, 0x90, 0xb8,
-    0x3f, 0x4c, 0x3e, 0xa3, 0xa3, 0xfd, 0xe1, 0xa3, 0x7d, 0xf8, 0x99, 0xd6,
-    0x5f, 0x76, 0x41, 0x35, 0x65, 0xda, 0x17, 0x87, 0x8c, 0xe4, 0x54, 0x2d,
-    0x13, 0x6e, 0xdb, 0x51, 0x1d, 0x7e, 0xce, 0xd4, 0xfd, 0x39, 0x4f, 0x32,
-    0x8f, 0x32, 0x08, 0x9c, 0x8d, 0x98, 0xd8, 0xcb, 0xfb, 0x8e, 0x29, 0xa5,
-    0xd2, 0xee, 0x46, 0x79, 0x34, 0x3a, 0x75, 0x18, 0xb1, 0xed, 0xf1, 0x3f,
-    0xe7, 0x13, 0x5e, 0x5e, 0xd8, 0x23, 0xae, 0x29, 0x6b, 0xdc, 0xae, 0xb4,
-    0x3d, 0x2d, 0x28, 0x30, 0xc6, 0xdf, 0x2e, 0xea, 0xfd, 0xae, 0xdd, 0xfb,
-    0x54, 0x43, 0xeb, 0xff, 0x3c, 0x85, 0xe6, 0xbb, 0x77, 0xed, 0x51, 0x29,
-    0xac, 0x2f, 0x11, 0x08, 0x73, 0x6b, 0xfc, 0x2f, 0x35, 0xdb, 0xbf, 0x6a,
-    0x88, 0x9d, 0x7e, 0x6f, 0x70, 0x27, 0x59, 0x7e, 0x09, 0xc9, 0xcd, 0x59,
-    0x7b, 0xf1, 0x32, 0xcb, 0xba, 0x92, 0xca, 0x99, 0x10, 0xba, 0x28, 0xf9,
-    0x40, 0x47, 0x6f, 0xf0, 0x7a, 0x10, 0x61, 0xf7, 0x16, 0x5f, 0xfe, 0x9e,
-    0x66, 0x99, 0xb9, 0xb0, 0xc5, 0x13, 0xa7, 0x7e, 0x7d, 0x65, 0xfb, 0x5d,
-    0xbb, 0xf6, 0xa8, 0x8c, 0x57, 0xee, 0x36, 0xf8, 0x3a, 0xcb, 0xdd, 0x4b,
-    0x65, 0x96, 0xfc, 0x1e, 0x46, 0x14, 0xdf, 0xd2, 0x80, 0x7d, 0x8c, 0x59,
-    0x7f, 0xff, 0x04, 0x9c, 0xd9, 0xde, 0x36, 0x0a, 0x59, 0xf6, 0x3a, 0xcb,
-    0xf4, 0xd1, 0xd4, 0x9d, 0x65, 0xf4, 0x1f, 0xb0, 0x2c, 0xbf, 0xfe, 0x96,
-    0xd3, 0xce, 0x27, 0x8d, 0xbb, 0xd4, 0xe9, 0xdf, 0x9f, 0x59, 0x58, 0x8b,
-    0x3f, 0x94, 0x80, 0x8e, 0xfd, 0xa6, 0xed, 0xb7, 0xac, 0xbf, 0x07, 0xd1,
-    0xd4, 0x96, 0x5e, 0xce, 0xbc, 0xb2, 0xff, 0x61, 0x7f, 0x3d, 0x03, 0x59,
-    0x76, 0x7a, 0x0f, 0x39, 0x87, 0x6f, 0xfd, 0xe3, 0x60, 0xa5, 0x9f, 0x63,
-    0xac, 0xbf, 0xe3, 0x60, 0xa5, 0x9f, 0x63, 0xac, 0xbe, 0x09, 0x39, 0xb3,
-    0x8f, 0xdb, 0xc7, 0xd7, 0xed, 0x01, 0xbf, 0x0b, 0x28, 0xe7, 0xc4, 0x13,
-    0xbb, 0xdd, 0x4a, 0x78, 0x59, 0x7f, 0x7f, 0xdc, 0xce, 0xa4, 0xb2, 0x98,
-    0xf4, 0x82, 0x47, 0x7e, 0x9d, 0x31, 0x40, 0xd6, 0x5e, 0x12, 0x5b, 0x8b,
-    0x2c, 0x2e, 0x17, 0x5b, 0xb6, 0x3e, 0x91, 0xbe, 0x32, 0x76, 0xfd, 0x31,
-    0x31, 0xcb, 0xbf, 0x18, 0x83, 0x97, 0x80, 0xa8, 0x9d, 0xf9, 0x18, 0x1f,
-    0x9d, 0x27, 0xc8, 0x77, 0x4a, 0xaf, 0xff, 0x0b, 0x3b, 0xc8, 0x5e, 0x6b,
-    0xb7, 0x7e, 0xd5, 0x13, 0xca, 0xf6, 0xf8, 0xfa, 0xcb, 0x42, 0xca, 0x83,
-    0x5d, 0xa1, 0xeb, 0xe8, 0x29, 0x71, 0x65, 0xd9, 0xc5, 0x97, 0xbd, 0x07,
-    0x59, 0x7e, 0xfb, 0x16, 0x6f, 0x59, 0x5a, 0x44, 0xd8, 0x08, 0x05, 0x64,
-    0x3e, 0x16, 0x10, 0x72, 0xfd, 0xc0, 0x8f, 0x0e, 0xb2, 0xe9, 0x08, 0xb2,
-    0xf8, 0x2f, 0xa9, 0x2c, 0xbd, 0xe1, 0x36, 0x59, 0x78, 0xe1, 0xdc, 0x59,
-    0x7e, 0x71, 0xfe, 0x38, 0xb2, 0xff, 0x67, 0xff, 0x1d, 0x3e, 0xe2, 0xcb,
-    0x0b, 0x84, 0x7f, 0x48, 0xa0, 0x63, 0x18, 0x44, 0x01, 0xf2, 0x20, 0xe1,
-    0x3d, 0x0b, 0x4e, 0xd8, 0xc8, 0xd3, 0x6a, 0x19, 0x4a, 0x1b, 0x15, 0x4a,
-    0x78, 0xdb, 0xf0, 0xe8, 0xf4, 0xad, 0xbb, 0xf6, 0xbb, 0x77, 0xed, 0x51,
-    0x10, 0x2f, 0xfc, 0xf2, 0x17, 0x9a, 0xed, 0xdf, 0xb5, 0x44, 0xa8, 0xbf,
-    0xb4, 0x1f, 0xc1, 0x76, 0xb2, 0xfe, 0xed, 0xb3, 0x77, 0xf0, 0xb2, 0xa0,
-    0xf7, 0xb0, 0xba, 0xc2, 0xf1, 0x30, 0x23, 0x9b, 0x14, 0x2b, 0x2f, 0xda,
-    0xed, 0xdf, 0xb5, 0x44, 0x50, 0xbf, 0x6a, 0x0f, 0x1d, 0x2c, 0xbf, 0x7d,
-    0x8e, 0x11, 0xac, 0xbc, 0x70, 0xee, 0x2c, 0xbf, 0xe7, 0x96, 0x0c, 0x9d,
-    0xc6, 0xb2, 0xff, 0xc1, 0x7d, 0x3c, 0xbc, 0xdc, 0x0a, 0xcb, 0xfe, 0x8e,
-    0x8b, 0x3d, 0xc8, 0x3a, 0xca, 0x23, 0xf6, 0x09, 0xf5, 0xe8, 0x06, 0x2c,
-    0xb0, 0xbc, 0x4e, 0x39, 0x8d, 0x9c, 0xa0, 0x05, 0x04, 0x41, 0xc8, 0x56,
-    0x08, 0x43, 0x7f, 0x85, 0xe6, 0xbb, 0x77, 0xed, 0x51, 0x19, 0x2f, 0xda,
-    0xed, 0xdf, 0xb5, 0x44, 0xca, 0xbf, 0x4b, 0x3c, 0xfd, 0xac, 0xbf, 0x0b,
-    0x3b, 0xc8, 0x5e, 0x1e, 0xf7, 0x46, 0xd7, 0x74, 0x15, 0x97, 0xed, 0x76,
-    0xef, 0xda, 0xa2, 0xa4, 0x58, 0x96, 0x5d, 0x23, 0xac, 0xbe, 0x3e, 0x67,
-    0x96, 0x58, 0x45, 0x96, 0x17, 0x24, 0x54, 0x60, 0xc6, 0xe1, 0xb6, 0x84,
-    0x1c, 0x5c, 0x24, 0x37, 0xf8, 0x5e, 0x6b, 0xb7, 0x7e, 0xd5, 0x15, 0xd2,
-    0xff, 0x0b, 0xcd, 0x76, 0xef, 0xda, 0xa2, 0xc5, 0x5f, 0xf4, 0x73, 0x90,
-    0x7f, 0x67, 0x6b, 0x2f, 0xbb, 0x77, 0xed, 0x51, 0x3d, 0x2f, 0xc7, 0x79,
-    0x0b, 0xce, 0xcf, 0xa7, 0x47, 0x37, 0x8c, 0x7e, 0xd6, 0x5f, 0xdf, 0x86,
-    0xd3, 0x0a, 0xd6, 0x5f, 0xa1, 0xa7, 0xdb, 0x75, 0x65, 0xf4, 0x74, 0xfb,
-    0xab, 0x2e, 0x30, 0x5e, 0x22, 0x7f, 0xb1, 0xe7, 0x30, 0x22, 0xcb, 0xff,
-    0xd0, 0x42, 0xf3, 0xef, 0x38, 0xf1, 0x9e, 0x59, 0x7f, 0xff, 0xf8, 0x78,
-    0x60, 0xb2, 0xc3, 0x4d, 0x7f, 0x71, 0x8a, 0x68, 0xef, 0x59, 0xd2, 0xcb,
-    0xff, 0xff, 0xf7, 0x9f, 0x52, 0x17, 0x9c, 0x0b, 0xf5, 0x85, 0x06, 0x09,
-    0xe6, 0x96, 0x75, 0xe5, 0x97, 0xec, 0xf7, 0xd8, 0xc5, 0x97, 0xfe, 0xe6,
-    0x13, 0x9b, 0xf6, 0x82, 0x59, 0x7f, 0xd9, 0x9f, 0x6e, 0xff, 0x82, 0xc8,
-    0xf9, 0x3c, 0x51, 0x7f, 0xfe, 0x98, 0xa0, 0xe2, 0xf3, 0x8c, 0x60, 0xdd,
-    0xcd, 0x59, 0x77, 0x3c, 0xb2, 0xec, 0xe2, 0xcb, 0xff, 0x66, 0xba, 0x83,
-    0xfd, 0xf3, 0x4b, 0x2e, 0xe0, 0x16, 0x5f, 0x89, 0xce, 0x50, 0xb2, 0xfe,
-    0x0f, 0x3e, 0xf2, 0x17, 0x3c, 0x22, 0x9d, 0xc5, 0xc8, 0x58, 0xc3, 0xe1,
-    0x05, 0xef, 0x6d, 0x1b, 0x8b, 0x2e, 0xd7, 0x96, 0x5f, 0xb3, 0xdc, 0x63,
-    0xac, 0xbf, 0xfd, 0x1d, 0x7b, 0x26, 0x6d, 0x7b, 0x81, 0xdc, 0x59, 0x79,
-    0xfa, 0x17, 0x08, 0xad, 0x72, 0x02, 0x17, 0xf1, 0x3d, 0x62, 0xa6, 0xed,
-    0x43, 0xff, 0x91, 0x90, 0xd4, 0x97, 0x2b, 0x46, 0x97, 0xd3, 0xe9, 0x43,
-    0xaf, 0xd2, 0xaf, 0xa8, 0x5a, 0xf1, 0x84, 0x43, 0x81, 0xa7, 0x3d, 0xef,
-    0xff, 0x0c, 0x5f, 0xbc, 0x1d, 0x84, 0x9b, 0x81, 0xe9, 0x65, 0xe8, 0x08,
-    0xad, 0x65, 0xfb, 0x5d, 0xfd, 0xb8, 0xb2, 0x98, 0xf2, 0x42, 0x41, 0x77,
-    0xa1, 0x65, 0x4f, 0x46, 0xdf, 0xa2, 0x1b, 0xfe, 0x2c, 0xde, 0x59, 0xc0,
-    0x1d, 0x65, 0xf9, 0xbe, 0x4f, 0x32, 0xcb, 0xf4, 0xb0, 0x73, 0xb1, 0x65,
-    0xf9, 0xdb, 0x6d, 0x42, 0xcb, 0xf7, 0x88, 0x2e, 0x28, 0x59, 0x53, 0xd2,
-    0x36, 0xc5, 0x27, 0x30, 0x4f, 0xf2, 0x91, 0x09, 0xee, 0x38, 0x16, 0x5f,
-    0xb3, 0xcc, 0x1e, 0x2c, 0xba, 0x7a, 0x15, 0x4b, 0x2a, 0x7a, 0x3e, 0x01,
-    0x54, 0x2f, 0x3c, 0xc9, 0xef, 0xc2, 0xae, 0x7a, 0xe6, 0xbc, 0xb2, 0xff,
-    0x08, 0x59, 0xad, 0x47, 0x6b, 0x2a, 0x7a, 0x3e, 0x81, 0x41, 0xa5, 0xf6,
-    0x8f, 0xee, 0x96, 0x5f, 0xa7, 0xb1, 0x49, 0xf8, 0x6a, 0xcb, 0x9b, 0x8b,
-    0x2a, 0x7a, 0x3c, 0x9e, 0xcc, 0xef, 0xd3, 0xd8, 0xa6, 0x24, 0x75, 0x97,
-    0xbf, 0x1b, 0x8b, 0x2f, 0xfd, 0x3c, 0xe7, 0x81, 0x40, 0xa4, 0x50, 0x28,
-    0x15, 0x05, 0x13, 0xd2, 0xcb, 0xff, 0x0a, 0xb1, 0x40, 0xa8, 0x2a, 0xc5,
-    0x58, 0xa4, 0x53, 0x3d, 0xcf, 0x4b, 0x2f, 0xfc, 0x2a, 0x4f, 0x31, 0x56,
-    0x2a, 0x0a, 0xb1, 0x48, 0xaa, 0x15, 0x73, 0xd2, 0xcb, 0xfe, 0xf8, 0xe4,
-    0x2e, 0x5c, 0x21, 0x62, 0x94, 0xd2, 0xa7, 0x86, 0xa1, 0x54, 0xdd, 0x53,
-    0xd2, 0xa0, 0xd1, 0x49, 0x88, 0xaa, 0x8d, 0xa6, 0xfc, 0x29, 0x3b, 0xb9,
-    0x2c, 0xbf, 0xa1, 0xbd, 0xe8, 0x3a, 0xcb, 0x87, 0xb8, 0xb2, 0xa7, 0xb3,
-    0xf0, 0x15, 0x65, 0x5d, 0x16, 0x5e, 0xef, 0x3e, 0x92, 0xee, 0x69, 0x65,
-    0xe3, 0xc7, 0x16, 0x5f, 0xff, 0xef, 0x09, 0xa8, 0xfc, 0x67, 0x63, 0x62,
-    0xd8, 0xf1, 0x25, 0x97, 0x6a, 0x16, 0x53, 0x1f, 0xc0, 0x18, 0xaf, 0xd1,
-    0xad, 0x3c, 0x96, 0x5f, 0xfd, 0xf8, 0xe3, 0x89, 0xff, 0xb7, 0x5c, 0x59,
-    0x7f, 0xcd, 0x05, 0x9b, 0xf5, 0x1c, 0x59, 0x5d, 0x9f, 0xf7, 0xd1, 0xaf,
-    0x4c, 0xc6, 0x2c, 0xbb, 0x24, 0xb2, 0xc0, 0x63, 0x68, 0xe3, 0xd7, 0xfe,
-    0x69, 0xdf, 0x67, 0x97, 0x9b, 0x65, 0x95, 0x87, 0xcb, 0xf2, 0x5b, 0xf7,
-    0x80, 0x21, 0x4c, 0xb2, 0xff, 0xcf, 0xc9, 0xdc, 0xe6, 0x4a, 0x50, 0xb2,
-    0xdc, 0x59, 0x7f, 0x47, 0x6d, 0xb3, 0x92, 0xcb, 0xff, 0xf1, 0x39, 0xad,
-    0xa8, 0x94, 0xb3, 0x80, 0x04, 0x2c, 0xbf, 0xcf, 0xe0, 0xe6, 0x11, 0xab,
-    0x28, 0x69, 0xa7, 0xe1, 0x09, 0xa5, 0x53, 0x20, 0x68, 0x47, 0xe5, 0xa0,
-    0x54, 0xbf, 0xb3, 0xd0, 0x51, 0x32, 0xcb, 0xff, 0x16, 0x07, 0xb2, 0xcd,
-    0x84, 0x92, 0xcb, 0xff, 0xce, 0x71, 0x71, 0xad, 0x36, 0xef, 0x61, 0xd9,
-    0x65, 0xda, 0x62, 0x44, 0x8e, 0xea, 0x05, 0xf3, 0x7c, 0x43, 0xac, 0xbf,
-    0xfc, 0xc6, 0xce, 0xc2, 0x7e, 0xb8, 0x69, 0xae, 0xb2, 0xbb, 0x3f, 0x12,
-    0x23, 0xbf, 0xfc, 0xfc, 0x2c, 0x00, 0xbf, 0xb7, 0x6f, 0xa5, 0x97, 0x11,
-    0x8b, 0x2f, 0xdc, 0x20, 0xbc, 0x96, 0x5f, 0xde, 0x9a, 0x4f, 0xa3, 0x56,
-    0x5d, 0x9d, 0xac, 0xbc, 0x3c, 0x35, 0xcf, 0x1f, 0xc6, 0x17, 0xdf, 0x83,
-    0xf6, 0xb2, 0xa1, 0x1b, 0x78, 0x2e, 0xed, 0xde, 0x33, 0xb8, 0x20, 0x59,
-    0x7e, 0xf7, 0xd8, 0x22, 0xb5, 0x95, 0x23, 0xc3, 0xc1, 0x7b, 0xec, 0xc2,
-    0x35, 0x65, 0x70, 0xf0, 0xbc, 0x43, 0x78, 0x79, 0xf5, 0x97, 0xa6, 0x63,
-    0x16, 0x58, 0x72, 0x37, 0x4c, 0x39, 0x7f, 0xfb, 0x3b, 0x1b, 0x10, 0x99,
-    0xad, 0x46, 0xf5, 0x97, 0xff, 0x4e, 0x88, 0x28, 0x3c, 0xe9, 0xdf, 0x9f,
-    0x59, 0x50, 0x8b, 0xe0, 0x13, 0x12, 0x65, 0xff, 0x0a, 0xe5, 0x18, 0x43,
-    0x83, 0xac, 0xbf, 0xf7, 0xf2, 0x6f, 0xb7, 0xe3, 0x50, 0xb2, 0xe7, 0xe9,
-    0x65, 0xe2, 0x8d, 0xc5, 0x97, 0xf9, 0xf8, 0xff, 0x09, 0x6c, 0xb2, 0x88,
-    0xfa, 0x3c, 0x2e, 0x11, 0xea, 0x9c, 0xc9, 0x9e, 0xd8, 0x5e, 0x50, 0x94,
-    0x19, 0x0f, 0x50, 0xa5, 0x69, 0x41, 0x73, 0x33, 0x6a, 0x17, 0xa7, 0x85,
-    0x0f, 0xc8, 0x8a, 0x32, 0x6e, 0x42, 0xff, 0xd1, 0x8d, 0x04, 0xb8, 0x43,
-    0xbd, 0xd8, 0x53, 0x5d, 0xc0, 0xac, 0xb6, 0x96, 0x5d, 0x1a, 0x59, 0x76,
-    0x7d, 0x65, 0xfb, 0x5d, 0x4b, 0xd0, 0xb2, 0xf6, 0x6f, 0xc5, 0x95, 0x87,
-    0x8c, 0x45, 0x35, 0x39, 0x14, 0x7d, 0x88, 0xcf, 0x8b, 0x08, 0xb9, 0x7d,
-    0x87, 0x6f, 0x2c, 0xa8, 0x4c, 0x7f, 0x50, 0xba, 0xf2, 0x25, 0xee, 0xc3,
-    0xa5, 0x97, 0x68, 0x0b, 0x2e, 0x7c, 0x59, 0x5d, 0x1a, 0xcd, 0x0b, 0xde,
-    0x27, 0xf2, 0xcb, 0xc4, 0xdc, 0x59, 0x63, 0x05, 0x26, 0xda, 0x06, 0xee,
-    0x8f, 0xac, 0xbe, 0xd6, 0xf7, 0x3a, 0xcb, 0xfb, 0xb3, 0x94, 0x74, 0x05,
-    0x97, 0xf0, 0x39, 0x99, 0x8c, 0xb2, 0xff, 0xf3, 0x4e, 0x89, 0x9b, 0xda,
-    0x8e, 0xc3, 0xda, 0xcb, 0xc0, 0x7e, 0x96, 0x5f, 0x67, 0xa0, 0xc5, 0x95,
-    0x86, 0xfc, 0x87, 0x6f, 0xff, 0x34, 0xef, 0xe4, 0xcd, 0xd7, 0x3f, 0x9d,
-    0xac, 0xb8, 0xb8, 0xb2, 0xf8, 0x9f, 0xdc, 0x59, 0x52, 0x36, 0xe7, 0x16,
-    0xbd, 0x19, 0xa5, 0x97, 0xff, 0xbb, 0x7d, 0x3f, 0x9b, 0x90, 0x50, 0x05,
-    0x96, 0x97, 0xcf, 0x8c, 0x41, 0xba, 0xe9, 0x15, 0xba, 0x84, 0x25, 0x42,
-    0xb9, 0xdd, 0x8d, 0x46, 0x95, 0x8b, 0x1d, 0x95, 0xb0, 0xb4, 0xc4, 0x87,
-    0x2f, 0x01, 0x5f, 0x21, 0x1b, 0xe1, 0xf0, 0xc6, 0x65, 0x7c, 0x33, 0x99,
-    0xc5, 0x97, 0xfc, 0x0e, 0xfe, 0xda, 0x6c, 0x92, 0xcb, 0xcc, 0x21, 0xd6,
-    0x5c, 0xc3, 0x59, 0x4e, 0x6c, 0xc4, 0x1d, 0xbd, 0xf8, 0x25, 0x97, 0xb9,
-    0xbb, 0xba, 0xb2, 0xfa, 0x74, 0x80, 0x75, 0x97, 0xb5, 0x83, 0x59, 0x7f,
-    0x9f, 0xd1, 0x37, 0x18, 0xeb, 0x28, 0xd3, 0xcf, 0xf8, 0xe5, 0xfe, 0x89,
-    0x16, 0x75, 0xec, 0x59, 0x7e, 0xed, 0xba, 0xd8, 0x96, 0x5f, 0xfc, 0xfd,
-    0xc1, 0x0e, 0x69, 0x46, 0xb6, 0x59, 0x5d, 0x1f, 0x87, 0xca, 0xad, 0xc5,
-    0x94, 0xc6, 0xd3, 0x84, 0x77, 0xf1, 0x69, 0xdd, 0xfc, 0xb2, 0xff, 0xfb,
-    0xdc, 0x1e, 0xb1, 0x8d, 0xf9, 0x8e, 0x5b, 0x2c, 0xbe, 0x21, 0xe1, 0xab,
-    0x2f, 0x7c, 0x27, 0x59, 0x76, 0xf1, 0xac, 0xa9, 0xe4, 0xad, 0x46, 0x09,
-    0x24, 0xd8, 0x32, 0x1c, 0x1b, 0xe8, 0x8d, 0x9d, 0x34, 0x47, 0xf8, 0x6b,
-    0x39, 0x07, 0x0a, 0xfc, 0xa4, 0x12, 0x23, 0x07, 0x6f, 0xd8, 0x45, 0x1b,
-    0x2c, 0xb7, 0x4b, 0x34, 0x69, 0xaf, 0x04, 0xa4, 0xb2, 0xfd, 0xc9, 0xa0,
-    0xb6, 0x59, 0x58, 0x7c, 0xe6, 0x91, 0x78, 0x72, 0xf4, 0xe9, 0x6c, 0xb2,
-    0xfc, 0x46, 0xb6, 0x71, 0x65, 0xfb, 0xed, 0xc6, 0x1a, 0xcb, 0xcd, 0x07,
-    0x59, 0x6d, 0x48, 0xf0, 0xbe, 0x4f, 0x7c, 0xfe, 0x7e, 0xd6, 0x53, 0x1e,
-    0x51, 0x85, 0x17, 0xc1, 0x15, 0xf3, 0x65, 0x97, 0xfe, 0x31, 0xc1, 0x9d,
-    0xfd, 0xc1, 0xc5, 0x95, 0x07, 0xd1, 0x85, 0x17, 0xfe, 0xe3, 0xf5, 0x04,
-    0xe3, 0xc3, 0x56, 0x53, 0x27, 0x37, 0xf8, 0x59, 0x94, 0x22, 0xbc, 0x41,
-    0x7f, 0xfb, 0xdf, 0xc3, 0x81, 0xf5, 0x9b, 0xf0, 0x6b, 0x2e, 0x8f, 0xac,
-    0xb0, 0xd6, 0x51, 0xcd, 0x39, 0x0b, 0x58, 0xd5, 0x97, 0x88, 0x10, 0xb2,
-    0xe2, 0x1c, 0xe3, 0x5b, 0xc1, 0x2b, 0xb3, 0xcb, 0x2f, 0xec, 0xe1, 0x8e,
-    0x5b, 0x2c, 0xa8, 0x4c, 0xc7, 0x1c, 0x9d, 0x34, 0x05, 0xc4, 0x2d, 0x7f,
-    0x89, 0xcc, 0x9c, 0xfd, 0xe2, 0xcb, 0xe0, 0xf1, 0xfb, 0x59, 0x7f, 0xe0,
-    0x8f, 0xed, 0x1b, 0xf4, 0x27, 0x16, 0x56, 0x8f, 0x94, 0x88, 0xef, 0x70,
-    0x70, 0xb2, 0xff, 0xb9, 0xec, 0xec, 0x20, 0x7c, 0x59, 0x46, 0x9e, 0xab,
-    0x8e, 0x54, 0x22, 0x60, 0x2e, 0xd6, 0xe2, 0xcb, 0x62, 0xca, 0x63, 0x43,
-    0xba, 0x23, 0x7d, 0xd1, 0x41, 0xab, 0x28, 0xe7, 0x8c, 0xe4, 0x77, 0xfd,
-    0x84, 0xf2, 0xe4, 0x8c, 0xd9, 0x65, 0xf4, 0xb8, 0xc4, 0xb2, 0xfb, 0xfd,
-    0xc7, 0x6b, 0x2f, 0xfd, 0xd9, 0x3f, 0xdf, 0xac, 0xeb, 0xcb, 0x2a, 0x48,
-    0xbf, 0xe8, 0xe9, 0x88, 0x42, 0x49, 0x7d, 0xac, 0x73, 0xac, 0xa8, 0x3d,
-    0xe7, 0x3d, 0xbf, 0xa3, 0x91, 0xf8, 0xe2, 0xcb, 0xfb, 0x52, 0x8e, 0xdb,
-    0xb5, 0x95, 0xa3, 0xdb, 0x72, 0xcb, 0xbd, 0x8b, 0x2a, 0x17, 0xd4, 0xf6,
-    0x2f, 0xc8, 0xee, 0xda, 0x37, 0x7d, 0x23, 0xfe, 0x33, 0x27, 0x84, 0x49,
-    0x46, 0x7c, 0x17, 0xb1, 0x08, 0x6f, 0xff, 0x1a, 0xf9, 0xd7, 0xbd, 0x19,
-    0xbd, 0xbb, 0x59, 0x7f, 0x8b, 0x39, 0xe7, 0x72, 0x59, 0x46, 0x9f, 0xee,
-    0xf4, 0xdb, 0xed, 0xdd, 0xd8, 0xdc, 0x59, 0x7f, 0xfd, 0xe6, 0x20, 0xcb,
-    0x38, 0x30, 0xbe, 0xa4, 0xb2, 0xd1, 0x38, 0xfe, 0x84, 0x2b, 0xbf, 0xf1,
-    0xde, 0x59, 0xf6, 0xd7, 0xdd, 0x65, 0xcd, 0xad, 0x1f, 0x38, 0x0a, 0xaf,
-    0xff, 0xe2, 0xc3, 0x70, 0xa7, 0x73, 0xdf, 0xc3, 0x89, 0x00, 0x59, 0x50,
-    0x88, 0xac, 0x2d, 0xbf, 0xc1, 0x7e, 0x34, 0xcc, 0x62, 0xca, 0x64, 0xf9,
-    0x7f, 0x1c, 0x81, 0x10, 0xde, 0xfc, 0x12, 0xcb, 0xbc, 0x75, 0x96, 0x9f,
-    0x59, 0x5d, 0x1a, 0xbf, 0x8b, 0xd7, 0x67, 0xd0, 0xe8, 0xd7, 0xc3, 0xd3,
-    0x18, 0xb2, 0xfe, 0xcc, 0xdb, 0x33, 0xcb, 0x2e, 0x37, 0x7a, 0xcb, 0xd8,
-    0x11, 0xac, 0xad, 0x91, 0x0a, 0x32, 0x32, 0x2c, 0xe0, 0xd5, 0xe6, 0x2f,
-    0x2c, 0xbe, 0x8e, 0xf3, 0x4b, 0x2f, 0xbf, 0x1b, 0xf1, 0x65, 0xfc, 0xfb,
-    0xda, 0x66, 0x31, 0x65, 0x1d, 0x12, 0x04, 0x37, 0xe2, 0x21, 0x08, 0xef,
-    0xf0, 0x75, 0xb1, 0xe3, 0x3c, 0xb2, 0xff, 0xb9, 0x07, 0x1f, 0xe0, 0xbb,
-    0x59, 0x73, 0x16, 0x1f, 0x69, 0xa6, 0x95, 0x08, 0xd6, 0x1c, 0x2a, 0xaf,
-    0x48, 0x3c, 0x59, 0x7f, 0x0d, 0xf4, 0x09, 0xfc, 0x59, 0x7b, 0xe2, 0x6f,
-    0x59, 0x7f, 0xd0, 0x72, 0xce, 0xf4, 0xc0, 0x59, 0x61, 0xac, 0xbd, 0xce,
-    0x62, 0xcb, 0x0e, 0x0d, 0x6b, 0x88, 0xd4, 0x91, 0x55, 0xc2, 0x00, 0xb2,
-    0xdf, 0xdf, 0x76, 0xef, 0x09, 0x65, 0xfe, 0x96, 0x37, 0x38, 0x18, 0x59,
-    0x7f, 0x0f, 0x0a, 0x5f, 0xc5, 0x97, 0xff, 0xff, 0xb3, 0x9f, 0xcd, 0x41,
-    0x3f, 0x52, 0xfc, 0x7b, 0xd1, 0xd7, 0xe0, 0xeb, 0x2a, 0x11, 0xaa, 0xc6,
-    0x47, 0x2c, 0xbf, 0xf7, 0xa0, 0xfd, 0x76, 0xdd, 0x66, 0x96, 0x5f, 0xbf,
-    0x9a, 0x6e, 0x2c, 0xbc, 0x4d, 0x2e, 0x8f, 0xa3, 0xc8, 0x37, 0xfd, 0x80,
-    0x82, 0x71, 0xe1, 0xab, 0x2f, 0xe8, 0xf6, 0x30, 0x45, 0x6b, 0x29, 0xcf,
-    0x9c, 0x06, 0xf7, 0xfd, 0x9b, 0x60, 0xf0, 0xa3, 0x71, 0x65, 0x42, 0xa8,
-    0xcd, 0xa3, 0x01, 0x94, 0x25, 0x81, 0x09, 0xa2, 0x21, 0xbf, 0xfc, 0x5e,
-    0x9f, 0xc9, 0xa4, 0xfa, 0xd8, 0x70, 0xb2, 0xff, 0xfe, 0x29, 0x47, 0x9f,
-    0xfc, 0x67, 0xf0, 0x04, 0x29, 0x2c, 0xbe, 0xf7, 0xb3, 0x71, 0x65, 0xff,
-    0x46, 0x4b, 0xf8, 0xd2, 0xe2, 0xca, 0xe1, 0xee, 0x78, 0x96, 0xfc, 0x39,
-    0xbe, 0x1d, 0xc5, 0x95, 0xd1, 0xe7, 0x91, 0x15, 0x62, 0x6e, 0xac, 0x9c,
-    0xf1, 0x82, 0xdf, 0xb4, 0x4d, 0x86, 0xac, 0xbf, 0x47, 0xdb, 0xa9, 0x2c,
-    0xb8, 0xf2, 0x59, 0x7f, 0xcf, 0x9d, 0x8f, 0x34, 0x06, 0x59, 0x53, 0x8f,
-    0xdc, 0x65, 0x1f, 0x17, 0xbf, 0xdd, 0x70, 0x42, 0x68, 0x1a, 0xca, 0xd1,
-    0xf2, 0x91, 0x8d, 0x42, 0x64, 0x8d, 0x18, 0x1d, 0xfe, 0x97, 0x0a, 0x00,
-    0xe7, 0x59, 0x7e, 0x7e, 0xbd, 0xb4, 0x2c, 0xa8, 0x3d, 0xb2, 0x32, 0xbf,
-    0xb4, 0x6e, 0x07, 0x5b, 0x2c, 0xbf, 0x9b, 0x5b, 0x04, 0x18, 0xb2, 0xfd,
-    0xe8, 0xc2, 0xed, 0x65, 0xf7, 0x5e, 0x83, 0xac, 0xa3, 0x4f, 0x2b, 0xa2,
-    0x7b, 0xfe, 0x90, 0x9e, 0x6f, 0xb1, 0x79, 0x65, 0xff, 0xb3, 0x70, 0x7f,
-    0x8f, 0xc7, 0xb8, 0xb2, 0xff, 0xf4, 0x67, 0x5e, 0xfc, 0x78, 0xa0, 0x1c,
-    0x59, 0x74, 0x01, 0x65, 0xdf, 0x3a, 0xcb, 0xff, 0xfd, 0xa0, 0xc9, 0x8b,
-    0x02, 0x09, 0xd9, 0xc2, 0x0b, 0xec, 0xb2, 0xbb, 0x44, 0x7f, 0x05, 0xbc,
-    0x2f, 0x50, 0xa9, 0x3f, 0x63, 0x06, 0x78, 0x72, 0x42, 0x39, 0xf2, 0x08,
-    0x61, 0xb1, 0x7e, 0x1b, 0x90, 0x4e, 0xb2, 0xff, 0xc1, 0x06, 0x77, 0x9a,
-    0xd3, 0xc9, 0x65, 0xff, 0xc1, 0x79, 0x1c, 0x3e, 0xfc, 0x04, 0x56, 0xb2,
-    0xe8, 0x3a, 0xca, 0xc4, 0x62, 0xe8, 0x9c, 0x8f, 0xf8, 0x93, 0x7b, 0x66,
-    0xd2, 0xcb, 0xfe, 0xe3, 0x75, 0xe9, 0xa5, 0x1d, 0x2c, 0xbf, 0x73, 0xdc,
-    0xcf, 0x2c, 0xae, 0x1f, 0x20, 0x4f, 0x2f, 0xc2, 0xb6, 0x99, 0x8c, 0x59,
-    0x7f, 0x14, 0x4c, 0x17, 0x11, 0x65, 0x04, 0xf6, 0xc4, 0x2d, 0xbb, 0x3e,
-    0xb2, 0xf1, 0x86, 0x18, 0x92, 0xff, 0xf7, 0x9b, 0xdc, 0xfb, 0x4f, 0x89,
-    0xa8, 0x92, 0x41, 0x66, 0x82, 0x8d, 0x4e, 0xdd, 0xa1, 0x02, 0xef, 0xbe,
-    0x23, 0x09, 0xb5, 0xff, 0x0a, 0xdb, 0x5b, 0x04, 0x18, 0x4b, 0x2e, 0x99,
-    0x96, 0x5f, 0xff, 0xd2, 0x82, 0xcf, 0x7d, 0xb3, 0xd0, 0x76, 0xd4, 0x96,
-    0x56, 0x8f, 0xbf, 0xc2, 0xf7, 0xf1, 0xc4, 0x2c, 0xdf, 0x8b, 0x2f, 0xd9,
-    0xc0, 0x97, 0x96, 0x53, 0x1f, 0xc3, 0x91, 0x11, 0x7d, 0xff, 0xfa, 0x35,
-    0xb4, 0x7d, 0xdb, 0x5a, 0x63, 0xcf, 0x73, 0xc9, 0x65, 0x49, 0xb1, 0xf9,
-    0x1c, 0x27, 0x72, 0x14, 0xfd, 0xc7, 0x47, 0xd1, 0x3b, 0x0e, 0xcd, 0x0d,
-    0xad, 0x4a, 0xbc, 0x3c, 0x7a, 0x1f, 0x8d, 0x60, 0x10, 0x83, 0x29, 0x4d,
-    0xfc, 0x8c, 0xb7, 0xd1, 0xf9, 0x05, 0x3f, 0x7c, 0x64, 0x9b, 0xa5, 0x97,
-    0xfd, 0xd4, 0xb9, 0xcc, 0x1b, 0xf9, 0x65, 0xfd, 0xaf, 0x40, 0x45, 0x7c,
-    0x59, 0x73, 0x4f, 0xac, 0xbf, 0x66, 0xbc, 0x1f, 0xac, 0xad, 0x1e, 0x08,
-    0x83, 0x36, 0xc5, 0x96, 0xc5, 0x9b, 0x85, 0x85, 0xf6, 0x89, 0xf7, 0xac,
-    0xbd, 0x8e, 0x4b, 0x2e, 0x73, 0x16, 0x54, 0x26, 0xac, 0x33, 0xac, 0x73,
-    0x34, 0xcd, 0x88, 0xb4, 0x46, 0x71, 0xab, 0xff, 0xf8, 0xb3, 0xdf, 0xc9,
-    0x6a, 0x3e, 0xed, 0xe8, 0xfa, 0xcb, 0xc0, 0xe6, 0x2c, 0xbf, 0xcf, 0x29,
-    0xbe, 0xdd, 0x79, 0x65, 0xf4, 0xa0, 0xa4, 0xb2, 0xce, 0xb2, 0xf4, 0x7f,
-    0x8b, 0x2b, 0xa3, 0x58, 0xc2, 0x17, 0xfe, 0x8e, 0xe7, 0x61, 0x40, 0x45,
-    0x7c, 0x59, 0x7f, 0xff, 0x3f, 0x9b, 0xee, 0x79, 0xd9, 0xc8, 0xcd, 0x61,
-    0x2c, 0xbf, 0xfb, 0x8f, 0xd7, 0x39, 0x84, 0x09, 0xfc, 0x59, 0x7f, 0xf9,
-    0xbb, 0xe4, 0x4f, 0xe7, 0xa5, 0x2c, 0xe2, 0xca, 0x1a, 0x7a, 0x93, 0x1a,
-    0xe9, 0x34, 0xe4, 0x24, 0x89, 0xe5, 0x9d, 0xe8, 0xf7, 0xda, 0xfe, 0x12,
-    0xcb, 0xff, 0xf1, 0x63, 0x71, 0xb5, 0x01, 0xf4, 0xd1, 0x83, 0x59, 0x4c,
-    0x8d, 0xb7, 0x67, 0x09, 0x0d, 0xf8, 0x49, 0x30, 0x38, 0xb2, 0xf6, 0x44,
-    0x2c, 0xbf, 0x09, 0xc3, 0x33, 0xeb, 0x2b, 0x63, 0xc4, 0xe0, 0xd5, 0x0d,
-    0x12, 0x1a, 0x6d, 0xbf, 0x8a, 0x70, 0x9c, 0x8c, 0x59, 0x7d, 0xa7, 0x3b,
-    0x2c, 0xbe, 0xf4, 0x74, 0x62, 0xca, 0xc5, 0xc7, 0x8e, 0xd6, 0x3f, 0x2b,
-    0x2d, 0xe1, 0x7c, 0x02, 0x30, 0x97, 0x98, 0x43, 0x7f, 0xfe, 0xf0, 0x44,
-    0xf1, 0x40, 0x1f, 0xc0, 0x10, 0xa4, 0xb2, 0xfd, 0xef, 0x61, 0x1d, 0x65,
-    0xff, 0xfe, 0x8c, 0xe6, 0x16, 0xa2, 0x4c, 0x7c, 0xea, 0x53, 0x05, 0x65,
-    0x32, 0x21, 0xc8, 0x9e, 0xe3, 0x3e, 0xb2, 0xff, 0xf4, 0x17, 0x62, 0x69,
-    0xc0, 0xde, 0xfc, 0x2c, 0xbe, 0x7d, 0x9c, 0x96, 0x5f, 0xbd, 0xfc, 0x03,
-    0xac, 0xae, 0x8f, 0x20, 0x88, 0x6f, 0xe3, 0xce, 0xfe, 0x01, 0xd6, 0x5f,
-    0xc6, 0x73, 0x30, 0xb6, 0x59, 0x50, 0x7f, 0xf8, 0x44, 0xc5, 0xf7, 0xf6,
-    0xb0, 0x83, 0x1a, 0x59, 0x7d, 0x1c, 0x8d, 0xeb, 0x2f, 0xfe, 0x82, 0x7f,
-    0x4a, 0x0d, 0x73, 0x3c, 0xb2, 0x85, 0x08, 0x93, 0xf9, 0x60, 0x48, 0xef,
-    0x4e, 0x7e, 0xd6, 0x54, 0x2b, 0x3a, 0x94, 0x37, 0xbb, 0x21, 0x00, 0xc7,
-    0x23, 0x11, 0xf4, 0x2f, 0xf7, 0x4d, 0x2f, 0xe9, 0x08, 0x73, 0xb6, 0xe2,
-    0xcb, 0xec, 0xe4, 0x49, 0x65, 0xf6, 0xbe, 0xc2, 0x2c, 0xbf, 0xa5, 0xcf,
-    0x34, 0x74, 0xb2, 0xf8, 0xe2, 0x41, 0x2c, 0xbe, 0x61, 0xe1, 0xd6, 0x5f,
-    0x3b, 0x90, 0x16, 0x58, 0xc8, 0x3c, 0x13, 0x48, 0x6e, 0x09, 0xd6, 0x5f,
-    0xe3, 0x1e, 0x6c, 0x94, 0x6e, 0x2c, 0xbf, 0x6e, 0x86, 0x66, 0x99, 0x65,
-    0x32, 0x29, 0x3e, 0x53, 0xc1, 0x70, 0x9b, 0xdf, 0xf3, 0x1f, 0xfd, 0x3e,
-    0xe7, 0xb8, 0xb2, 0xfe, 0xed, 0xff, 0xfc, 0x1a, 0xca, 0x83, 0xeb, 0x09,
-    0xed, 0xf4, 0x18, 0xe6, 0x2c, 0xbf, 0xd0, 0xfa, 0xf9, 0x8e, 0x34, 0x97,
-    0x18, 0x62, 0x4a, 0x19, 0xe6, 0x18, 0x67, 0x7b, 0xcd, 0xb8, 0x90, 0x59,
-    0xa3, 0xbf, 0xba, 0xed, 0xb9, 0xf6, 0x59, 0x78, 0xf0, 0x75, 0x97, 0xa4,
-    0x1f, 0x2c, 0xa8, 0x37, 0x21, 0x1c, 0xa8, 0x57, 0x7c, 0x33, 0x2c, 0x21,
-    0xe8, 0x8d, 0x8b, 0xa6, 0x8c, 0x1c, 0xf0, 0xa7, 0x01, 0x0f, 0x21, 0x25,
-    0xe3, 0x19, 0xf6, 0x8b, 0xe2, 0x1f, 0xdd, 0x65, 0xec, 0x7d, 0xc5, 0x97,
-    0xb5, 0x83, 0x59, 0x58, 0x7b, 0x7a, 0x21, 0xde, 0x3d, 0x7b, 0xf1, 0xa5,
-    0x97, 0xf6, 0x00, 0xa3, 0xdc, 0x59, 0x71, 0x9c, 0x59, 0x6c, 0x59, 0x6e,
-    0xb0, 0xd4, 0x78, 0x62, 0xfb, 0xa9, 0x0a, 0x7a, 0x59, 0x6f, 0xac, 0xbf,
-    0xf7, 0x06, 0x50, 0x3f, 0xc7, 0xb8, 0xb2, 0xa0, 0xf3, 0xf8, 0x23, 0x50,
-    0x8c, 0x0c, 0x27, 0x0b, 0xc5, 0xff, 0xff, 0x61, 0x99, 0x2f, 0xe3, 0x4b,
-    0x9d, 0x71, 0xbc, 0xc5, 0xb2, 0xcb, 0xbf, 0x32, 0xcb, 0xfd, 0xf6, 0x79,
-    0x79, 0xb6, 0x59, 0x7f, 0xef, 0x36, 0x9c, 0x1b, 0xbe, 0xcf, 0xac, 0xbf,
-    0xe6, 0x30, 0xb3, 0xcc, 0x10, 0x2c, 0xbf, 0xbd, 0x0c, 0x42, 0x71, 0x65,
-    0xf8, 0xed, 0x33, 0x18, 0xb2, 0xa0, 0xf5, 0x98, 0xb6, 0xfc, 0xda, 0x1c,
-    0x6c, 0xb2, 0xff, 0x3e, 0xbd, 0xc2, 0x63, 0x56, 0x5f, 0xdd, 0x73, 0x3c,
-    0x26, 0xcb, 0x2f, 0xf1, 0x9e, 0xcf, 0x8e, 0x0e, 0xb2, 0xa0, 0xf9, 0x5c,
-    0xc6, 0xff, 0xf7, 0x30, 0xdc, 0x0e, 0x9c, 0x71, 0xf8, 0x59, 0x7c, 0x20,
-    0xff, 0x0b, 0x28, 0x52, 0xb8, 0x97, 0x03, 0x92, 0x8c, 0x53, 0x0b, 0xbb,
-    0x67, 0xe8, 0x61, 0x8c, 0xf7, 0x10, 0x75, 0x08, 0xef, 0x90, 0x39, 0x41,
-    0x42, 0x63, 0x84, 0x01, 0x49, 0xbd, 0x33, 0xe9, 0x65, 0xff, 0x7b, 0xf8,
-    0x00, 0xc7, 0x42, 0x2c, 0xbf, 0xff, 0xf3, 0xb7, 0xa3, 0xe5, 0x9e, 0xfb,
-    0x09, 0x28, 0xde, 0xc4, 0x05, 0x97, 0xee, 0xf0, 0xf1, 0xc5, 0x97, 0x82,
-    0x43, 0x59, 0x7f, 0xfb, 0xf8, 0xdb, 0x1e, 0x1d, 0xa4, 0xfc, 0x59, 0x7f,
-    0xfb, 0x3f, 0x85, 0xee, 0x66, 0xf2, 0x8e, 0x96, 0x54, 0x27, 0x33, 0xd0,
-    0xef, 0xce, 0xdd, 0xac, 0x05, 0x1e, 0x1c, 0x31, 0x22, 0xe6, 0xe9, 0x65,
-    0xe8, 0x2f, 0x2c, 0xb9, 0xb4, 0xb2, 0xb6, 0x36, 0x38, 0x37, 0x7f, 0xa4,
-    0xc7, 0xff, 0x4f, 0xb8, 0xb2, 0xf9, 0xf5, 0x12, 0x59, 0x7d, 0xd6, 0x06,
-    0x65, 0x97, 0xfe, 0x0c, 0x68, 0xd7, 0x13, 0xcd, 0x25, 0x97, 0xfc, 0xfd,
-    0x4e, 0xeb, 0x98, 0x46, 0xac, 0xad, 0x93, 0x1a, 0xe8, 0x84, 0xe6, 0xff,
-    0x21, 0x22, 0x4f, 0x20, 0x5f, 0x7f, 0x71, 0x8e, 0xb2, 0xf1, 0x40, 0x16,
-    0x54, 0xe3, 0xc0, 0xe1, 0x2d, 0xfd, 0xe7, 0x39, 0xe0, 0xeb, 0x2c, 0x7c,
-    0x3d, 0x1e, 0x89, 0x2f, 0xf7, 0x5f, 0xc9, 0xbe, 0xda, 0x59, 0x50, 0x7b,
-    0xb8, 0x51, 0x7f, 0xe8, 0xeb, 0xf0, 0x7e, 0xfe, 0xd3, 0x2c, 0xbe, 0x7e,
-    0x74, 0xeb, 0x2f, 0xfa, 0x5c, 0xfb, 0xf7, 0x04, 0x35, 0x97, 0x81, 0xef,
-    0xac, 0xa9, 0x1f, 0xc7, 0x44, 0x40, 0x39, 0xbf, 0xff, 0xf6, 0xb0, 0x7c,
-    0x7d, 0xc6, 0xeb, 0xee, 0xd2, 0x81, 0xfc, 0x26, 0xac, 0xb0, 0x16, 0x53,
-    0xa2, 0xc7, 0x86, 0x02, 0x38, 0x5f, 0x9b, 0xbc, 0x73, 0xac, 0xa8, 0x5c,
-    0xef, 0x93, 0x2e, 0x46, 0xc4, 0xd1, 0xa3, 0xe8, 0x81, 0xe3, 0x6a, 0x23,
-    0x0b, 0xf8, 0x87, 0xce, 0x31, 0xd6, 0x5f, 0xbb, 0x7d, 0xb0, 0xc5, 0x97,
-    0xe8, 0xd0, 0xf0, 0x96, 0x56, 0x1f, 0xe9, 0x16, 0xf8, 0xaa, 0xfd, 0x13,
-    0xed, 0xf0, 0xac, 0xbf, 0x04, 0x8b, 0x0d, 0x59, 0x7b, 0x4d, 0xf5, 0x95,
-    0xd9, 0xe1, 0x91, 0x3d, 0xf6, 0xef, 0x98, 0xd5, 0x97, 0x40, 0x8b, 0x2b,
-    0x86, 0xf6, 0x7c, 0x9a, 0xff, 0xe8, 0x04, 0x7c, 0xe4, 0xe6, 0xfd, 0x96,
-    0x58, 0x50, 0xb2, 0xfe, 0xfc, 0x11, 0x8f, 0xd2, 0xcb, 0xff, 0x14, 0xd1,
-    0x85, 0xb6, 0x75, 0xe5, 0x94, 0x33, 0xed, 0x72, 0xeb, 0xff, 0x98, 0x7f,
-    0x8e, 0xe0, 0x0e, 0x40, 0x59, 0x7c, 0x63, 0xc1, 0xd6, 0x5f, 0x9f, 0x9b,
-    0x36, 0x96, 0x5f, 0x69, 0x83, 0xb2, 0xe2, 0xf5, 0x5e, 0xec, 0x3b, 0x2e,
-    0x2f, 0x55, 0xff, 0xb1, 0xb7, 0xe1, 0x60, 0xde, 0x4b, 0x8b, 0xd5, 0x7e,
-    0x72, 0xea, 0x42, 0xc6, 0x8a, 0x6e, 0x18, 0x18, 0x59, 0x73, 0xee, 0xac,
-    0xa1, 0xa6, 0x6e, 0x78, 0x67, 0x12, 0x85, 0xf8, 0xdf, 0x3b, 0x92, 0xcb,
-    0xc4, 0x1d, 0x96, 0x53, 0x9e, 0x27, 0x89, 0xe9, 0x91, 0x34, 0x4f, 0x35,
-    0x0b, 0x8b, 0x43, 0x2d, 0xc6, 0xd6, 0x5f, 0xd1, 0x21, 0xd0, 0xde, 0x10,
-    0x5c, 0x21, 0xf2, 0x18, 0x63, 0xf3, 0xbf, 0xc4, 0xe7, 0xfc, 0x60, 0xd6,
-    0x5d, 0x3d, 0x4f, 0x0b, 0x2f, 0x34, 0x69, 0x65, 0x0a, 0x0d, 0xe7, 0xc8,
-    0x6f, 0xfe, 0xd3, 0x1e, 0x37, 0x0b, 0x0f, 0xd4, 0x2c, 0xa9, 0x1f, 0x5c,
-    0xc4, 0xb7, 0x89, 0xc6, 0xb2, 0xf7, 0x36, 0x75, 0x94, 0xc6, 0xe0, 0x41,
-    0xbb, 0xfd, 0xe6, 0xd4, 0x77, 0x9b, 0xd6, 0x5c, 0x76, 0x59, 0x50, 0x79,
-    0x7b, 0x1a, 0xdf, 0xb0, 0xfa, 0x7e, 0x96, 0x50, 0xd1, 0x6c, 0x4d, 0x9c,
-    0x22, 0xbf, 0x4b, 0x37, 0xc4, 0x96, 0x5e, 0xcd, 0x42, 0xcb, 0xdb, 0xf0,
-    0x6b, 0x2b, 0xb5, 0x4f, 0x5d, 0x43, 0x61, 0xa3, 0x11, 0xd1, 0x7f, 0xca,
-    0x42, 0x37, 0x63, 0x16, 0x5f, 0xe6, 0x32, 0x18, 0x78, 0x75, 0x96, 0x6c,
-    0x3c, 0x49, 0x84, 0xaf, 0x3e, 0xb6, 0x59, 0x4b, 0x2c, 0x5d, 0x9a, 0x89,
-    0x87, 0x6f, 0xef, 0xbc, 0xda, 0x8d, 0x96, 0x5f, 0xcd, 0xd7, 0x3f, 0x9d,
-    0xac, 0xbe, 0xfe, 0x34, 0xcb, 0x2f, 0xe8, 0xdf, 0x9f, 0xfc, 0x2c, 0xbf,
-    0x67, 0xb9, 0x93, 0x2c, 0xf9, 0xae, 0xbf, 0xff, 0xfe, 0xce, 0xb8, 0xd8,
-    0x64, 0xec, 0xea, 0x5c, 0x6f, 0x71, 0xba, 0x18, 0xc3, 0xb2, 0xcb, 0xff,
-    0x47, 0x65, 0x93, 0x7c, 0x3a, 0x99, 0x65, 0x32, 0x31, 0x4a, 0x10, 0x97,
-    0xff, 0xe6, 0x21, 0xce, 0x13, 0xcd, 0xc7, 0x62, 0x0c, 0x96, 0x5f, 0x3e,
-    0xdf, 0x65, 0x95, 0x8a, 0x9c, 0x58, 0xa2, 0x62, 0xfd, 0x17, 0x92, 0x87,
-    0xa1, 0xfb, 0xbc, 0x9a, 0x7d, 0x5a, 0xf0, 0x75, 0x25, 0x97, 0xfe, 0x3b,
-    0x8f, 0x51, 0xef, 0xe0, 0xd6, 0x5f, 0xcf, 0xe0, 0x08, 0x52, 0x59, 0x7e,
-    0xdb, 0xbf, 0xc6, 0x96, 0x5f, 0xe7, 0x73, 0x00, 0xfe, 0xe2, 0xcb, 0x84,
-    0xe2, 0xca, 0x19, 0xe5, 0xfc, 0xce, 0xff, 0xc3, 0x8f, 0x3c, 0xb3, 0x7b,
-    0x8d, 0x65, 0xf9, 0xb6, 0xd9, 0xb4, 0xb2, 0xfd, 0x04, 0x41, 0x3a, 0xcb,
-    0x4b, 0xc7, 0x9e, 0x21, 0x4d, 0x4e, 0x4f, 0x5e, 0x07, 0x76, 0x3e, 0xc2,
-    0xe3, 0x5d, 0x4e, 0x44, 0xf0, 0x8e, 0xbf, 0x30, 0xb3, 0x0c, 0x31, 0x25,
-    0xff, 0x8d, 0x7e, 0xa7, 0x7d, 0xce, 0xdc, 0x59, 0x68, 0x91, 0xf7, 0x9c,
-    0xb6, 0xec, 0xfa, 0xcb, 0xb0, 0x6b, 0x2f, 0xde, 0x00, 0x85, 0x25, 0x94,
-    0x69, 0xbf, 0x71, 0x6b, 0xf3, 0xeb, 0xb8, 0xf2, 0xcb, 0x9b, 0x4b, 0x2b,
-    0xe6, 0xf8, 0x25, 0x16, 0xed, 0x65, 0xce, 0x35, 0x97, 0xf6, 0x9f, 0x9f,
-    0x79, 0x2c, 0xb7, 0x4b, 0x2e, 0x63, 0x16, 0x5c, 0x20, 0x16, 0x54, 0xc6,
-    0xbc, 0x02, 0xf7, 0xa4, 0xe3, 0x59, 0x71, 0x86, 0x2c, 0xa9, 0x23, 0x6f,
-    0x05, 0xbb, 0x2d, 0x64, 0x1e, 0x11, 0x18, 0x39, 0x70, 0x80, 0x48, 0x2c,
-    0xf5, 0xe9, 0xd3, 0x6f, 0xf4, 0x68, 0x97, 0xfb, 0x0e, 0xc3, 0xd8, 0x3c,
-    0x59, 0x7f, 0xff, 0x02, 0x7f, 0x35, 0x1e, 0x6e, 0xd8, 0x7b, 0x41, 0x42,
-    0xcb, 0xd9, 0xd7, 0x96, 0x5b, 0x08, 0xfe, 0xb8, 0xbb, 0x5f, 0x46, 0xa7,
-    0x21, 0x5d, 0x7f, 0xcc, 0x3c, 0x3b, 0x4c, 0xc6, 0x2c, 0xbf, 0xff, 0xe9,
-    0x7e, 0x07, 0x0d, 0xd0, 0x35, 0x83, 0x8d, 0x37, 0x40, 0x59, 0x7f, 0xff,
-    0xd1, 0xf7, 0x6f, 0x44, 0x82, 0x3c, 0x13, 0x35, 0xe0, 0xfd, 0x65, 0xff,
-    0xe7, 0x1e, 0x61, 0x1b, 0xce, 0x61, 0x01, 0x65, 0xf7, 0xc2, 0xe6, 0xc2,
-    0x69, 0xd8, 0x73, 0xa6, 0x73, 0xb3, 0x5e, 0x28, 0xfa, 0xcb, 0xff, 0xfa,
-    0x4f, 0xce, 0x46, 0x6c, 0x19, 0x0f, 0x44, 0xe6, 0x2c, 0xb4, 0x0d, 0x19,
-    0x66, 0xaa, 0x30, 0xdd, 0x71, 0x53, 0xb7, 0xa5, 0x20, 0xdf, 0x4b, 0xed,
-    0xc5, 0x97, 0xf3, 0xed, 0x98, 0x46, 0xac, 0xbf, 0x98, 0xfd, 0xe1, 0x76,
-    0xb2, 0xf9, 0xf6, 0xe7, 0xd6, 0x56, 0x8f, 0x47, 0x85, 0xd5, 0x39, 0x7a,
-    0x96, 0x4a, 0xa3, 0x5f, 0xea, 0x39, 0x06, 0x96, 0xe6, 0x45, 0x9c, 0x22,
-    0xf3, 0xf5, 0xa7, 0xa5, 0x97, 0x9d, 0xce, 0xb2, 0xf7, 0xdb, 0xcb, 0x2d,
-    0xbc, 0x52, 0x79, 0xbf, 0x16, 0x10, 0x6e, 0xff, 0xb3, 0xdf, 0x8d, 0x7b,
-    0x3b, 0x59, 0x71, 0xae, 0xb2, 0xfb, 0x08, 0x33, 0x2c, 0xbf, 0xff, 0x71,
-    0xfd, 0xc2, 0xce, 0x47, 0x40, 0xf6, 0x71, 0x65, 0x74, 0x7e, 0xfe, 0x22,
-    0xbb, 0x53, 0x2c, 0xbb, 0x50, 0xb2, 0xa0, 0xd7, 0x60, 0xc5, 0x43, 0x3e,
-    0x8e, 0x50, 0xa9, 0xc9, 0x58, 0x0d, 0x29, 0x4b, 0xf0, 0xda, 0x79, 0xec,
-    0xc0, 0x43, 0x3c, 0x8f, 0x3c, 0x72, 0x18, 0x47, 0x4f, 0xa8, 0xdf, 0xff,
-    0xff, 0xff, 0xe9, 0xfc, 0x3b, 0xc9, 0xb8, 0x0c, 0x07, 0xdd, 0xa5, 0x03,
-    0xf8, 0x4d, 0x86, 0x27, 0xf4, 0x49, 0xf7, 0xfd, 0xe4, 0xb2, 0xfd, 0xf6,
-    0xdf, 0x9b, 0x2c, 0xa6, 0x47, 0x3f, 0x21, 0x7b, 0x7f, 0xdf, 0x0f, 0xbf,
-    0x9a, 0x6e, 0x2c, 0xbd, 0xc7, 0x99, 0x65, 0xff, 0x87, 0x05, 0x30, 0x7e,
-    0xff, 0x85, 0x97, 0xc7, 0x8e, 0xa4, 0xb2, 0xff, 0xd9, 0xbe, 0x06, 0x59,
-    0xec, 0x02, 0xcb, 0xb0, 0x96, 0x5b, 0x3a, 0x3d, 0x3d, 0xe7, 0xd7, 0xef,
-    0xfa, 0x24, 0x75, 0x97, 0x08, 0x05, 0x94, 0xc8, 0xe0, 0xd3, 0xb7, 0xca,
-    0x80, 0x51, 0x79, 0x88, 0x6b, 0x2f, 0xfe, 0x61, 0xbf, 0x9b, 0x99, 0x2c,
-    0xfa, 0xcb, 0x9f, 0x75, 0x65, 0xec, 0xeb, 0xcb, 0x2b, 0xe7, 0xf1, 0xe4,
-    0x2d, 0xd1, 0x9b, 0xfb, 0x35, 0x1e, 0xe6, 0x2c, 0xbf, 0xfe, 0x7e, 0xa5,
-    0x12, 0xc1, 0xf2, 0x25, 0x04, 0xb2, 0xb1, 0x15, 0x8c, 0x64, 0x45, 0x97,
-    0xf7, 0x1f, 0xed, 0x00, 0x59, 0x7e, 0x2f, 0x73, 0x09, 0x65, 0xff, 0x84,
-    0x29, 0x16, 0x7b, 0xd9, 0xb2, 0xca, 0x63, 0xe5, 0x01, 0x35, 0xfb, 0x4f,
-    0xbf, 0x75, 0xd6, 0x54, 0x97, 0x08, 0x46, 0x4f, 0xd1, 0xcb, 0x0e, 0xea,
-    0x31, 0xef, 0x9e, 0x14, 0x67, 0xfc, 0x2d, 0xf4, 0x24, 0x77, 0x90, 0xdf,
-    0xa7, 0xa1, 0x44, 0xf7, 0x3f, 0xe5, 0x97, 0xfb, 0x6f, 0x1f, 0xf8, 0x07,
-    0x59, 0x7d, 0x84, 0xc6, 0xac, 0xa9, 0x22, 0x3c, 0xe7, 0x5b, 0xcd, 0x2e,
-    0xef, 0x75, 0x65, 0xee, 0x4b, 0xeb, 0x28, 0x8d, 0xc7, 0x86, 0xef, 0xff,
-    0xee, 0xb8, 0x4f, 0xcf, 0xe4, 0xb3, 0xed, 0xaf, 0xba, 0xcb, 0xec, 0xeb,
-    0x6d, 0xeb, 0x2f, 0xb3, 0xd3, 0x1d, 0x65, 0xfe, 0xe0, 0xdc, 0xf1, 0xee,
-    0xd6, 0x5f, 0xe1, 0xe1, 0x06, 0x59, 0xc5, 0x95, 0xd1, 0xf3, 0x11, 0xa5,
-    0xf7, 0x5c, 0x08, 0x16, 0x5c, 0x5d, 0xac, 0xa8, 0x37, 0x6e, 0x49, 0x7f,
-    0x84, 0xf1, 0x66, 0xcd, 0xa5, 0x97, 0xe2, 0xec, 0xd1, 0xf4, 0xb2, 0xf9,
-    0xf7, 0x70, 0x96, 0x5e, 0x6e, 0x32, 0xca, 0x73, 0xe9, 0xe1, 0x5f, 0x88,
-    0xef, 0xec, 0xee, 0x3f, 0x07, 0x59, 0x50, 0xac, 0x1f, 0x1a, 0x98, 0x83,
-    0x4b, 0x47, 0x26, 0x78, 0x44, 0x81, 0x74, 0x87, 0xc3, 0x09, 0xd3, 0x0b,
-    0xaf, 0xfd, 0x02, 0x00, 0x32, 0x93, 0xfc, 0x2b, 0x2f, 0x66, 0x1a, 0xb2,
-    0xfa, 0x50, 0x0e, 0x2c, 0xa1, 0x9b, 0xec, 0x1c, 0xad, 0x91, 0x3d, 0xd3,
-    0xf5, 0xf7, 0x82, 0xe4, 0xb2, 0xff, 0xbe, 0xc3, 0x61, 0x5c, 0x13, 0x2c,
-    0xbf, 0xfe, 0x63, 0x71, 0x8f, 0xa8, 0x08, 0xad, 0xff, 0xc5, 0x97, 0xf9,
-    0xe5, 0x83, 0xd7, 0x38, 0xb2, 0xfa, 0x30, 0x41, 0xac, 0xbf, 0xff, 0xa4,
-    0x51, 0x9c, 0xc2, 0xf7, 0xf0, 0x61, 0xf7, 0x16, 0x5f, 0xb9, 0xff, 0xc1,
-    0x2c, 0xbf, 0x9b, 0xcf, 0xf3, 0x37, 0x16, 0x56, 0x1e, 0xc1, 0xa4, 0xf7,
-    0xf4, 0x6d, 0x3f, 0x9a, 0x85, 0x97, 0xfb, 0x26, 0xfe, 0x71, 0xc9, 0x65,
-    0xff, 0x87, 0x9d, 0x4b, 0x9e, 0xe3, 0x81, 0x65, 0x68, 0xfc, 0x82, 0x65,
-    0x7d, 0xce, 0x61, 0x8b, 0x2f, 0xf1, 0x83, 0xfe, 0x6f, 0xcd, 0x2c, 0xbf,
-    0xf9, 0x8f, 0x3b, 0xbf, 0xb7, 0xfb, 0x6e, 0x2c, 0xbf, 0xd9, 0x2c, 0x08,
-    0xad, 0xc9, 0x65, 0xff, 0xd1, 0x2f, 0xc7, 0x5e, 0x8f, 0xbe, 0xe2, 0xca,
-    0x84, 0x7d, 0x68, 0xdb, 0xe9, 0x04, 0x6b, 0x7f, 0xff, 0x98, 0xb3, 0xaf,
-    0x1a, 0xfe, 0xfc, 0x7f, 0x37, 0xbc, 0x96, 0x5e, 0xcc, 0x25, 0x95, 0xb2,
-    0xe0, 0x98, 0xd4, 0xfb, 0x33, 0xe8, 0x89, 0xa1, 0x63, 0x31, 0x16, 0xa1,
-    0x45, 0xf2, 0x2f, 0x46, 0x3b, 0xbc, 0xef, 0x75, 0x8a, 0xe2, 0x85, 0x97,
-    0xf0, 0xf9, 0xf8, 0x33, 0x8b, 0x2f, 0xf8, 0x6d, 0xa8, 0xde, 0x0e, 0x49,
-    0x65, 0xd0, 0x75, 0x95, 0x07, 0xa3, 0xf3, 0xba, 0xfa, 0x2d, 0x9c, 0x57,
-    0xd0, 0x80, 0xbf, 0xee, 0x3f, 0xd8, 0x7d, 0xb6, 0xcb, 0x2f, 0xf3, 0xcb,
-    0x07, 0xce, 0x42, 0xcb, 0xfb, 0xdf, 0x83, 0xcc, 0x4b, 0x2a, 0x11, 0x35,
-    0x87, 0x40, 0x32, 0xa9, 0xed, 0x7b, 0x4e, 0x08, 0x72, 0x71, 0x35, 0xe3,
-    0x69, 0x0c, 0x33, 0xae, 0x2f, 0x2c, 0xbc, 0x1d, 0x6c, 0xb2, 0xf7, 0x61,
-    0x85, 0x95, 0x07, 0xa3, 0x21, 0x66, 0x1e, 0xbe, 0xc0, 0xeb, 0x65, 0x97,
-    0xfe, 0xde, 0xde, 0x00, 0x4b, 0x8c, 0x35, 0x97, 0xec, 0xe7, 0xc3, 0xb2,
-    0xcb, 0x6a, 0x72, 0x23, 0x30, 0x8f, 0xe8, 0x17, 0xff, 0xf9, 0xe4, 0x24,
-    0xbf, 0x81, 0x15, 0xe1, 0x1a, 0x45, 0x93, 0x2c, 0xa8, 0x44, 0xe1, 0xcd,
-    0xef, 0xfa, 0x70, 0xc9, 0xcd, 0x35, 0xcc, 0x59, 0x7e, 0x6d, 0x4a, 0x68,
-    0x59, 0x7f, 0xf7, 0xf0, 0x9c, 0xdf, 0xb7, 0xa4, 0xcb, 0x2b, 0xe7, 0xd7,
-    0xc2, 0x8a, 0xc4, 0x65, 0x34, 0x2a, 0x2f, 0xff, 0x83, 0xd8, 0x9d, 0x01,
-    0xf8, 0xfa, 0x6e, 0x80, 0xb2, 0xfd, 0x1f, 0x2c, 0x35, 0x65, 0x31, 0xfd,
-    0xfd, 0x52, 0xfd, 0x13, 0x7d, 0xb4, 0xb2, 0xfe, 0x0f, 0xb9, 0x00, 0xd9,
-    0x65, 0xf3, 0xea, 0x24, 0xb2, 0xff, 0xfe, 0x62, 0x76, 0x20, 0x6a, 0x3e,
-    0xed, 0xe8, 0xfa, 0xca, 0x1a, 0x29, 0x88, 0xbf, 0xc4, 0x37, 0xde, 0xe0,
-    0x76, 0x59, 0x7f, 0xff, 0xdd, 0x6a, 0x03, 0xe0, 0x9f, 0x4e, 0xe0, 0x2c,
-    0xde, 0xda, 0x59, 0x4c, 0x88, 0xc7, 0x24, 0xbf, 0xf4, 0x84, 0x1b, 0xed,
-    0x87, 0x7e, 0x2c, 0xbf, 0xe9, 0x47, 0xe3, 0xdf, 0x73, 0xac, 0xa8, 0x3f,
-    0x80, 0xa0, 0x5f, 0xfe, 0x26, 0x07, 0xba, 0xed, 0xb4, 0x24, 0x0d, 0x65,
-    0xff, 0x7c, 0x41, 0x87, 0xdc, 0x04, 0x2c, 0xa8, 0x44, 0x3b, 0xa6, 0x50,
-    0xd5, 0x86, 0x76, 0x42, 0xd0, 0xce, 0x3c, 0x2e, 0xca, 0x13, 0x3e, 0x85,
-    0x45, 0xff, 0xf0, 0x0f, 0x87, 0xc2, 0x73, 0xc4, 0x84, 0xe2, 0xcb, 0xf9,
-    0xc0, 0xec, 0x36, 0x59, 0x7c, 0xe7, 0xe3, 0xac, 0xbd, 0x07, 0x85, 0x95,
-    0xd2, 0x2d, 0xb4, 0x9f, 0xc2, 0xbd, 0xe4, 0x37, 0xed, 0x07, 0xbf, 0xc2,
-    0xcb, 0xfb, 0x53, 0x49, 0xbd, 0xc5, 0x96, 0x28, 0x3d, 0x8c, 0x29, 0xbe,
-    0xcd, 0x47, 0x16, 0x5f, 0xe9, 0x9e, 0x67, 0xea, 0x5c, 0x59, 0x7f, 0x3e,
-    0xcd, 0x33, 0x18, 0xb2, 0xff, 0xff, 0x39, 0x9e, 0xcf, 0xce, 0x1e, 0x4d,
-    0x27, 0xd6, 0xdf, 0x0a, 0xca, 0x84, 0x76, 0x61, 0x0b, 0x9b, 0x11, 0x7d,
-    0xfb, 0x0b, 0x6c, 0x31, 0x65, 0xf9, 0xcf, 0xf6, 0x31, 0x65, 0x6c, 0x7a,
-    0x03, 0x28, 0xbf, 0xe8, 0xd8, 0x49, 0x7c, 0x2f, 0xb2, 0xcb, 0xfc, 0xfe,
-    0xe7, 0x7d, 0xb7, 0x4b, 0x2f, 0xf9, 0xbb, 0xc9, 0x9c, 0xb6, 0x14, 0xac,
-    0xac, 0x46, 0x9e, 0x88, 0xdc, 0xf0, 0x8d, 0xac, 0x28, 0x59, 0x7e, 0x8d,
-    0x6b, 0x3e, 0xb2, 0xf3, 0xcb, 0xcb, 0x2f, 0xff, 0xa0, 0xd3, 0x31, 0xb7,
-    0x98, 0xe3, 0x8c, 0x3a, 0xcb, 0xf8, 0x9c, 0xd8, 0x3c, 0x2c, 0xa1, 0x4a,
-    0x35, 0xa4, 0x2a, 0x72, 0x72, 0x1c, 0x0a, 0x95, 0xed, 0x8d, 0x35, 0x65,
-    0xe9, 0xe7, 0xb8, 0x05, 0x96, 0xdc, 0x59, 0x7d, 0x20, 0x8c, 0x5c, 0xf0,
-    0x6e, 0x8d, 0x26, 0xbf, 0x8e, 0xfd, 0x4f, 0x59, 0xf5, 0x97, 0x8c, 0x7e,
-    0x2c, 0xbf, 0x8f, 0x18, 0x5e, 0xe2, 0xcb, 0xf4, 0x6d, 0x92, 0x65, 0x97,
-    0x84, 0x18, 0xbc, 0x45, 0x1f, 0xcc, 0xf8, 0x3b, 0xe2, 0xca, 0x99, 0x33,
-    0x5f, 0xc3, 0x92, 0xfb, 0xff, 0xce, 0x96, 0x5f, 0xce, 0x38, 0x28, 0x02,
-    0xcb, 0xe6, 0xe6, 0x0e, 0x0f, 0x3a, 0x7c, 0x8e, 0xf7, 0xdc, 0x6b, 0x2f,
-    0xf9, 0xa0, 0xf3, 0xb0, 0x6d, 0xbd, 0x65, 0x7c, 0xf5, 0xf8, 0x39, 0x50,
-    0xaa, 0xe8, 0x71, 0xc7, 0xf6, 0xf0, 0xf0, 0x91, 0xbf, 0xff, 0x37, 0x70,
-    0x7e, 0x3e, 0xb0, 0xe1, 0xed, 0xe4, 0xb2, 0xff, 0x9f, 0x4f, 0xe6, 0xd3,
-    0x81, 0x65, 0xcd, 0xbd, 0x65, 0xfe, 0x82, 0x7f, 0x84, 0xb6, 0x59, 0x7f,
-    0xe6, 0x36, 0x06, 0xc4, 0xfa, 0x35, 0x65, 0xff, 0xec, 0xeb, 0xdd, 0x79,
-    0x8c, 0xc1, 0xbc, 0x96, 0x56, 0x22, 0x28, 0x07, 0xd6, 0xfa, 0xcb, 0xf9,
-    0xb4, 0x03, 0xb7, 0x16, 0x54, 0x93, 0xc1, 0xed, 0x5b, 0x70, 0xdc, 0xe3,
-    0x05, 0x0b, 0xc0, 0x91, 0x4f, 0x88, 0xde, 0x1c, 0x1d, 0x65, 0xfc, 0x0c,
-    0x9a, 0x3a, 0xe2, 0xcb, 0xff, 0x7f, 0x0b, 0xb9, 0xd8, 0x36, 0xde, 0xb2,
-    0xff, 0xff, 0x13, 0x99, 0xfc, 0x3b, 0x99, 0xee, 0x61, 0x83, 0x63, 0xac,
-    0xbd, 0xfc, 0x99, 0x65, 0xfe, 0xf6, 0x6b, 0x26, 0x83, 0x56, 0x5f, 0xff,
-    0xfd, 0xcf, 0xc7, 0xe1, 0xba, 0x06, 0xb0, 0x71, 0xee, 0x31, 0x75, 0x25,
-    0x95, 0x89, 0xcb, 0x31, 0x7c, 0xc8, 0x5f, 0x62, 0xf0, 0xe9, 0x86, 0x97,
-    0x86, 0xc7, 0x59, 0x7f, 0x8d, 0x2c, 0xdb, 0x60, 0x92, 0xca, 0x85, 0x4b,
-    0x79, 0x1d, 0x93, 0x2c, 0x04, 0x72, 0xfe, 0xfb, 0xca, 0x39, 0x25, 0x97,
-    0xfd, 0x9f, 0x6e, 0xb9, 0xf0, 0xf1, 0x65, 0xd8, 0x5d, 0x9f, 0x38, 0x0b,
-    0x6f, 0xff, 0xe0, 0xbe, 0xe4, 0xe9, 0xf0, 0xc4, 0xec, 0xe1, 0x05, 0xf6,
-    0x59, 0x7f, 0xee, 0xa5, 0x1e, 0xf4, 0x39, 0xf6, 0x59, 0x7f, 0xfb, 0x3e,
-    0xee, 0x72, 0x7d, 0x34, 0x71, 0x65, 0xb0, 0xe8, 0x86, 0xde, 0x81, 0x7e,
-    0xdb, 0x76, 0x3a, 0xe2, 0xcb, 0xf3, 0x80, 0x78, 0x4b, 0x2b, 0x13, 0x68,
-    0xfc, 0x3a, 0xdc, 0xa8, 0x8b, 0x6f, 0xf7, 0x71, 0x2f, 0x7d, 0xc6, 0xb2,
-    0xfc, 0xd3, 0xf9, 0xa3, 0x56, 0x5f, 0x6f, 0x2c, 0xe2, 0xcb, 0xf8, 0x9c,
-    0xd2, 0xc0, 0x2c, 0xa6, 0x3c, 0xf3, 0x91, 0xdc, 0xf0, 0xb2, 0xfe, 0x8f,
-    0x72, 0x77, 0xa4, 0xb2, 0xe3, 0x64, 0xb2, 0xfd, 0xf6, 0xde, 0xdd, 0xac,
-    0xbb, 0x3f, 0x23, 0xc2, 0xec, 0x62, 0xb1, 0x38, 0x43, 0x9a, 0x3b, 0xd7,
-    0x08, 0x7c, 0x2b, 0x3e, 0xe5, 0x78, 0xc3, 0x0c, 0x49, 0x7f, 0xed, 0x10,
-    0x5c, 0x4c, 0x9a, 0x0e, 0xb0, 0x59, 0xa0, 0xbd, 0x33, 0x18, 0xb2, 0xf7,
-    0xc2, 0x05, 0x96, 0xfb, 0x1b, 0xb9, 0x87, 0xad, 0xda, 0xca, 0x84, 0x62,
-    0xe4, 0x23, 0x34, 0x4f, 0x7f, 0xa0, 0x79, 0x28, 0x2e, 0xd6, 0x54, 0x37,
-    0x14, 0xdb, 0x46, 0xab, 0x28, 0x76, 0x64, 0xba, 0xd6, 0x8c, 0x8b, 0x72,
-    0x13, 0x13, 0x46, 0x23, 0xa8, 0xd7, 0x0f, 0x18, 0x87, 0xe5, 0x83, 0xbc,
-    0xa0, 0xa2, 0x95, 0x97, 0xc8, 0x54, 0xfa, 0x39, 0x50, 0xc7, 0x88, 0x64,
-    0x67, 0xc2, 0x19, 0xdf, 0x36, 0x9c, 0x0b, 0x2f, 0xf0, 0xff, 0x1b, 0x16,
-    0x74, 0xb2, 0xf0, 0xff, 0x0b, 0x28, 0xe7, 0xe2, 0x02, 0x1e, 0x1a, 0x5f,
-    0x6b, 0x59, 0xf5, 0x97, 0xf7, 0xdb, 0x77, 0x74, 0x26, 0xac, 0xa8, 0x3d,
-    0x7e, 0xc8, 0xac, 0x2b, 0x59, 0x71, 0x71, 0x65, 0x99, 0x65, 0xfd, 0xae,
-    0x7e, 0x0b, 0xcb, 0x2e, 0x80, 0x2c, 0xb7, 0xa0, 0xf0, 0xf8, 0x5b, 0x7f,
-    0xfb, 0x5b, 0x09, 0xe6, 0xf8, 0x4e, 0x77, 0x92, 0xcb, 0x0a, 0xd6, 0x5f,
-    0xf7, 0xa3, 0x5c, 0xfc, 0x17, 0x96, 0x5d, 0xc8, 0x59, 0x78, 0xe3, 0x85,
-    0x97, 0xf8, 0xbc, 0xf3, 0x72, 0x3c, 0xb2, 0x98, 0xf3, 0xdc, 0x72, 0xf9,
-    0x9f, 0x3b, 0x59, 0x7f, 0xec, 0xde, 0x59, 0xc9, 0x8a, 0x06, 0xb2, 0xfb,
-    0xb1, 0xc6, 0xcb, 0x2e, 0x04, 0x2c, 0xbd, 0xc6, 0xd2, 0xca, 0xc3, 0xd6,
-    0x01, 0x27, 0x85, 0xaf, 0xf4, 0xb0, 0x98, 0x78, 0x4b, 0x2e, 0xe0, 0xb8,
-    0x4f, 0x9b, 0x05, 0x66, 0x38, 0xfb, 0x28, 0x08, 0x08, 0x87, 0x90, 0x95,
-    0xf1, 0x75, 0x3a, 0xab, 0x6f, 0x4a, 0x33, 0xbe, 0xe8, 0x6f, 0xb2, 0xcb,
-    0xb9, 0x0b, 0x2f, 0x1c, 0x70, 0xb2, 0xff, 0x17, 0x9e, 0x6e, 0x47, 0x96,
-    0x53, 0x1e, 0x7b, 0x8e, 0x5f, 0x33, 0xe7, 0x6b, 0x2f, 0xfd, 0x9b, 0xcb,
-    0x39, 0x31, 0x40, 0xd6, 0x5f, 0x76, 0x38, 0xd9, 0x65, 0xfd, 0x30, 0x1b,
-    0x71, 0xe6, 0x59, 0x79, 0x81, 0xc5, 0x97, 0x02, 0x16, 0x5e, 0xe3, 0x69,
-    0x65, 0xd9, 0x32, 0xca, 0xc4, 0x5d, 0xf6, 0x49, 0xf3, 0x20, 0x0e, 0x78,
-    0x58, 0x41, 0xcb, 0xfb, 0x09, 0x87, 0x84, 0xb2, 0xfd, 0x84, 0x4f, 0xe5,
-    0x97, 0xed, 0xbd, 0x98, 0x75, 0x95, 0x23, 0xf7, 0xf9, 0x53, 0x92, 0xdf,
-    0xc4, 0xe3, 0xc3, 0x45, 0xc2, 0xf2, 0x3c, 0x85, 0x46, 0x2d, 0x8a, 0x7d,
-    0xca, 0xdd, 0x62, 0xb9, 0x89, 0x3e, 0xca, 0x02, 0x02, 0x21, 0xe4, 0x3e,
-    0xbd, 0x0c, 0xfb, 0xff, 0xb5, 0x1d, 0x70, 0xa0, 0xf9, 0xd7, 0x96, 0x5f,
-    0xff, 0x9c, 0x79, 0x84, 0x68, 0x85, 0x05, 0xb3, 0x69, 0x65, 0xe7, 0xd6,
-    0xcb, 0x90, 0x49, 0x7d, 0x2c, 0xea, 0x4b, 0x90, 0x49, 0x7b, 0x8c, 0x35,
-    0xc8, 0x24, 0xb8, 0xc3, 0x17, 0x20, 0x92, 0xbb, 0x45, 0x4c, 0xc5, 0x5e,
-    0x30, 0x30, 0xa6, 0xe7, 0xf2, 0x64, 0x12, 0x05, 0x9e, 0x05, 0xff, 0xff,
-    0xc3, 0x28, 0x1f, 0xe3, 0xdc, 0x8f, 0x40, 0xe3, 0xd8, 0x70, 0x18, 0xb2,
-    0xfe, 0xcf, 0xe6, 0x11, 0xab, 0x2f, 0x39, 0x02, 0x73, 0x26, 0x6a, 0x27,
-    0x9a, 0x75, 0x0d, 0xb3, 0xa2, 0x94, 0x67, 0xbc, 0x37, 0xf3, 0x8d, 0xf4,
-    0xfe, 0x3f, 0xd6, 0x5b, 0x37, 0x11, 0x5e, 0x08, 0x45, 0xda, 0x4b, 0x2f,
-    0xe9, 0x07, 0x6f, 0x36, 0xc9, 0x2f, 0xb4, 0x06, 0xf2, 0xcb, 0xdb, 0xe3,
-    0x8b, 0x2f, 0x9c, 0x7f, 0xc5, 0x97, 0x86, 0xc7, 0x59, 0x7f, 0xef, 0xc7,
-    0x98, 0xa0, 0xf1, 0xc5, 0x96, 0xdc, 0x59, 0x50, 0x8c, 0xdc, 0x22, 0x34,
-    0x79, 0xc8, 0x78, 0x39, 0xba, 0x79, 0x53, 0x26, 0xab, 0xf8, 0x7e, 0xdf,
-    0xf4, 0x14, 0x8a, 0x00, 0xe7, 0x59, 0x7f, 0x76, 0xdc, 0xf6, 0x7d, 0x65,
-    0xf9, 0xbd, 0xa0, 0x9d, 0x65, 0xf4, 0x7c, 0x3a, 0x59, 0x7b, 0xef, 0xe5,
-    0x95, 0xb1, 0xf3, 0x4c, 0x51, 0xc2, 0x2b, 0xa3, 0xeb, 0x2d, 0x0b, 0x3c,
-    0x5b, 0x5f, 0xe6, 0x90, 0x5f, 0x9f, 0x65, 0x97, 0xf6, 0x6f, 0x73, 0xe7,
-    0xd6, 0x5a, 0x49, 0x2f, 0x3e, 0xb6, 0x49, 0x49, 0x2a, 0x0d, 0xcf, 0x62,
-    0x27, 0x1d, 0xbd, 0x00, 0xed, 0x20, 0xb3, 0x5d, 0x47, 0x46, 0x21, 0x42,
-    0x56, 0xf1, 0x4b, 0xeb, 0x2f, 0x75, 0x2e, 0x2c, 0xa8, 0x4d, 0x5f, 0x21,
-    0xec, 0x72, 0x77, 0x1c, 0xbf, 0xcf, 0xb6, 0x16, 0xcd, 0xa5, 0x97, 0xed,
-    0x00, 0xed, 0xc5, 0x97, 0xf0, 0x85, 0x2e, 0x7c, 0x6b, 0x30, 0xd4, 0x5f,
-    0xde, 0xe0, 0x1d, 0xf4, 0xb2, 0xfa, 0x3b, 0x6e, 0x2c, 0xbe, 0x0b, 0xea,
-    0x4b, 0x2c, 0x75, 0x96, 0x90, 0xcd, 0x9c, 0xc4, 0x57, 0xff, 0xff, 0xf8,
-    0x00, 0x0f, 0x1f, 0xde, 0x96, 0x7f, 0xef, 0x29, 0xfc, 0xe7, 0x03, 0xcf,
-    0x73, 0x0c, 0x59, 0x50, 0x99, 0xf6, 0xc5, 0xb8, 0xaa, 0xe5, 0x17, 0xff,
-    0x67, 0x5e, 0xe3, 0x14, 0x01, 0xce, 0xb2, 0xf4, 0xa3, 0xa5, 0x97, 0x60,
-    0xd6, 0x5f, 0x64, 0xcc, 0x75, 0x95, 0xb2, 0x26, 0x26, 0x43, 0xf0, 0xe9,
-    0x82, 0xd7, 0xe8, 0x9a, 0x50, 0x04, 0x97, 0x10, 0x16, 0x5f, 0xde, 0x6d,
-    0x36, 0xd0, 0xb2, 0xb0, 0xf0, 0xc4, 0x16, 0xbf, 0xff, 0x7f, 0x1a, 0x5c,
-    0x9d, 0xef, 0xe0, 0xc3, 0xee, 0x2c, 0xae, 0xd1, 0xcb, 0xa6, 0xbf, 0x11,
-    0x5f, 0xf0, 0x1c, 0xbd, 0x36, 0x6b, 0x16, 0x5f, 0xfb, 0xdf, 0xc1, 0x87,
-    0xdc, 0x9a, 0x16, 0x59, 0x96, 0x5f, 0xf6, 0xc1, 0x90, 0xfe, 0x17, 0x25,
-    0x97, 0xf3, 0x41, 0xf6, 0xc3, 0x16, 0x5f, 0xb3, 0x63, 0xe1, 0xd6, 0x5e,
-    0xe3, 0x69, 0x65, 0x11, 0xe2, 0x78, 0xa2, 0xfe, 0x27, 0x00, 0x03, 0xc5,
-    0x97, 0xa0, 0xe2, 0xc6, 0x98, 0x56, 0x08, 0x68, 0xeb, 0x8e, 0x5e, 0x21,
-    0xb9, 0x8d, 0xe2, 0x74, 0xe2, 0x46, 0x95, 0x58, 0xad, 0xb1, 0xa3, 0x25,
-    0x73, 0x12, 0x8f, 0x7e, 0xfe, 0xff, 0xf3, 0x6f, 0x71, 0x65, 0xec, 0xd8,
-    0x2b, 0x2b, 0x0f, 0x30, 0x8b, 0xef, 0xfb, 0x3d, 0x38, 0xb0, 0x02, 0x74,
-    0xb2, 0xa1, 0xb6, 0x5c, 0x95, 0x2b, 0x3c, 0x66, 0x19, 0x1b, 0x31, 0xa5,
-    0x5d, 0x1b, 0x34, 0x25, 0x34, 0x8f, 0xf8, 0xdd, 0x9d, 0x00, 0x0b, 0x65,
-    0x1b, 0xe7, 0x27, 0x10, 0x3d, 0x09, 0x39, 0xf2, 0x0b, 0xff, 0xf6, 0xda,
-    0xd6, 0x0d, 0xcf, 0xf7, 0xf1, 0x44, 0xcb, 0x2f, 0xff, 0xff, 0x07, 0x41,
-    0x98, 0x9c, 0x1c, 0xe6, 0x1b, 0x81, 0xd3, 0x8e, 0x3f, 0x0b, 0x2f, 0xff,
-    0xb3, 0xd1, 0xee, 0x6a, 0x0b, 0xdf, 0xc9, 0x2c, 0xbf, 0x98, 0x48, 0xea,
-    0x3a, 0x59, 0x7f, 0x06, 0x35, 0xa6, 0xd9, 0x65, 0xfe, 0x61, 0x6d, 0xed,
-    0x64, 0x96, 0x5f, 0xdf, 0x6d, 0xe1, 0x04, 0x96, 0x5f, 0xee, 0x43, 0x6b,
-    0x59, 0xb2, 0xcb, 0xfa, 0x50, 0x0f, 0xb1, 0x8b, 0x2f, 0xe7, 0x1f, 0xe0,
-    0x82, 0xb2, 0xff, 0xa0, 0xe5, 0x83, 0x6f, 0xf1, 0x65, 0xec, 0x60, 0x2c,
-    0xbe, 0xec, 0xdd, 0x01, 0x65, 0xe7, 0x72, 0x59, 0x7f, 0x4a, 0x26, 0xc6,
-    0x02, 0xcb, 0x0b, 0x1a, 0x7b, 0xb8, 0x5c, 0x69, 0xa7, 0x46, 0x13, 0x19,
-    0x9c, 0xbb, 0xe5, 0x82, 0xb3, 0x72, 0x1b, 0xf1, 0x2e, 0xe8, 0xd5, 0xc1,
-    0x31, 0x65, 0xf4, 0x6e, 0x0e, 0x16, 0x5f, 0x6e, 0xfc, 0x22, 0x2c, 0xbf,
-    0x82, 0x27, 0x1b, 0x09, 0x65, 0xd9, 0x32, 0xcb, 0x84, 0x99, 0x65, 0x31,
-    0xb0, 0x71, 0x7b, 0x44, 0xc7, 0xf9, 0xc5, 0xdb, 0xc6, 0x18, 0x62, 0x4b,
-    0x42, 0x41, 0x66, 0x82, 0xe9, 0x6c, 0xb2, 0xa4, 0x6e, 0x8e, 0x45, 0x7b,
-    0xf0, 0x05, 0x97, 0xf0, 0xa3, 0xf0, 0x08, 0xdc, 0x59, 0x5e, 0x3d, 0x01,
-    0x07, 0x2e, 0xfe, 0x96, 0x5e, 0xf8, 0xa0, 0xc5, 0x97, 0xd3, 0x66, 0x76,
-    0xb2, 0xa1, 0x78, 0x8b, 0x65, 0x69, 0x3c, 0x0d, 0x3b, 0x25, 0x06, 0x1b,
-    0x0a, 0x9e, 0xc6, 0x3a, 0x24, 0x9a, 0x14, 0x7a, 0x84, 0x13, 0xb8, 0xf8,
-    0x8f, 0x78, 0xb9, 0x84, 0x57, 0xc3, 0xcc, 0xd2, 0xcb, 0xff, 0xde, 0x9b,
-    0x35, 0xa7, 0x9b, 0x35, 0x9e, 0x59, 0x58, 0x7d, 0x8c, 0x43, 0x7f, 0xf8,
-    0xa5, 0x3a, 0x4d, 0xe9, 0x46, 0xa3, 0xb5, 0x97, 0xe8, 0xd6, 0xb3, 0xeb,
-    0x2b, 0x0f, 0xcc, 0xd4, 0xcb, 0xfb, 0x69, 0xa4, 0x28, 0xd6, 0xcb, 0x2f,
-    0xff, 0x00, 0xef, 0x29, 0xd0, 0x3d, 0x8f, 0x1a, 0x59, 0x7c, 0xd0, 0x5e,
-    0x59, 0x7b, 0x67, 0x25, 0x95, 0xa4, 0x44, 0xfd, 0x37, 0xc4, 0x17, 0xfe,
-    0x34, 0x3c, 0x93, 0x6b, 0x60, 0x81, 0x65, 0xc5, 0x8b, 0x2f, 0x09, 0xd1,
-    0x2c, 0xbf, 0x16, 0x74, 0x0e, 0x2c, 0xbb, 0xa3, 0x16, 0x5f, 0x66, 0xe4,
-    0x1d, 0x65, 0x61, 0xf2, 0xb9, 0x47, 0x06, 0x68, 0xd4, 0xc1, 0xd9, 0x08,
-    0xe2, 0xbf, 0x84, 0x1d, 0xe6, 0x3c, 0x2c, 0xbc, 0xd0, 0x75, 0x97, 0x38,
-    0xd6, 0x56, 0x8d, 0x8f, 0x86, 0xef, 0xdb, 0x7f, 0x00, 0xeb, 0x2b, 0x63,
-    0xc9, 0xd1, 0x0d, 0xf7, 0xc7, 0x84, 0xb2, 0xff, 0xfa, 0x04, 0xf1, 0x40,
-    0x1f, 0xc0, 0x10, 0xa4, 0xb2, 0xa7, 0xb5, 0x6c, 0x59, 0x0b, 0xf6, 0x8c,
-    0xdf, 0x48, 0x6f, 0x09, 0x5e, 0x11, 0xf8, 0x86, 0xf8, 0x41, 0xfd, 0x96,
-    0x5f, 0xf9, 0xfd, 0xc3, 0x33, 0xe0, 0x7f, 0x2c, 0xbf, 0x03, 0x06, 0xf2,
-    0x59, 0x7d, 0xbc, 0x2e, 0x4b, 0x2f, 0xff, 0xfd, 0x9e, 0x8e, 0xcb, 0x30,
-    0xa2, 0x5e, 0xfb, 0x9c, 0xb3, 0x7a, 0xca, 0xd9, 0x31, 0x61, 0x91, 0xe8,
-    0xfc, 0x89, 0xcc, 0x23, 0xbc, 0x20, 0xe6, 0x59, 0x7a, 0x4c, 0x4b, 0x2f,
-    0xfe, 0x63, 0x93, 0x9b, 0xcf, 0xc1, 0x79, 0x65, 0xfb, 0x8f, 0xf6, 0xe2,
-    0xcb, 0x84, 0x92, 0xcb, 0xfd, 0x06, 0x16, 0x00, 0x3c, 0x59, 0x46, 0x9e,
-    0x5e, 0x86, 0x2f, 0xff, 0xff, 0x4b, 0x9f, 0x76, 0xf0, 0x74, 0xfc, 0xc2,
-    0x89, 0x0f, 0x4d, 0xd4, 0x96, 0x5e, 0x13, 0x74, 0xc5, 0x97, 0xff, 0xc0,
-    0xc1, 0xfb, 0x8d, 0xef, 0xe6, 0xf1, 0xc2, 0xcb, 0x9b, 0xa5, 0x95, 0xb2,
-    0x22, 0xb4, 0x45, 0xe5, 0x1b, 0xf9, 0xdb, 0xd3, 0x31, 0x8b, 0x2f, 0xfe,
-    0xd9, 0xb5, 0x03, 0xfc, 0x18, 0xfe, 0x59, 0x68, 0xf9, 0xf9, 0x91, 0x75,
-    0xff, 0x81, 0x9a, 0x60, 0x60, 0x34, 0x75, 0x97, 0xff, 0x8d, 0x8e, 0x6a,
-    0x3e, 0x59, 0xe8, 0x3a, 0xcb, 0x82, 0x22, 0xcb, 0xfe, 0x0c, 0xb3, 0x82,
-    0x6c, 0x12, 0x59, 0x7f, 0x8b, 0x37, 0xb4, 0xcc, 0x62, 0xca, 0xfa, 0x22,
-    0x08, 0x63, 0x87, 0x77, 0xff, 0xf0, 0x5f, 0x6e, 0xc3, 0xb7, 0xb3, 0xe5,
-    0x9e, 0xfb, 0x2c, 0xbf, 0x44, 0xc4, 0x1e, 0x2c, 0xac, 0x4e, 0x15, 0xa1,
-    0xa3, 0xf2, 0xff, 0x2e, 0xdc, 0xc4, 0xb2, 0xfe, 0x72, 0x06, 0x78, 0xd5,
-    0x95, 0x0b, 0xad, 0xfb, 0x26, 0x48, 0x7c, 0xd1, 0xb9, 0x90, 0xf4, 0xe5,
-    0xf2, 0x37, 0x8c, 0x04, 0xa1, 0x49, 0xc2, 0x6f, 0x47, 0x87, 0xbd, 0x06,
-    0x7c, 0x56, 0xf8, 0xbd, 0x13, 0xeb, 0x2f, 0x41, 0x79, 0x65, 0xf4, 0x69,
-    0xfe, 0xb2, 0x86, 0x6f, 0x37, 0x8d, 0xdd, 0x93, 0x2c, 0xbe, 0xf8, 0x4f,
-    0x0b, 0x29, 0x65, 0x2c, 0xb3, 0x9c, 0xb6, 0xe0, 0x5d, 0xc1, 0x15, 0xac,
-    0xbe, 0xfe, 0x01, 0xd6, 0x5f, 0x79, 0xbe, 0x15, 0x97, 0xf6, 0x6b, 0xa9,
-    0x7a, 0x16, 0x5d, 0x1b, 0x82, 0xa8, 0xf4, 0x04, 0x22, 0xa9, 0xed, 0x3b,
-    0xa6, 0x60, 0x98, 0x8d, 0xc5, 0xc8, 0xe0, 0x24, 0xbb, 0xc6, 0xf7, 0x5c,
-    0x6c, 0x2e, 0x7b, 0x86, 0x2c, 0xa8, 0xa6, 0x30, 0x29, 0xe2, 0x16, 0x62,
-    0x88, 0x54, 0x4f, 0x22, 0xb1, 0x51, 0xb4, 0x55, 0x4a, 0x35, 0x9e, 0x70,
-    0xb7, 0x15, 0x67, 0x71, 0x49, 0xbb, 0xda, 0x77, 0x46, 0x53, 0x80, 0x63,
-    0xa4, 0x55, 0x65, 0x6a, 0x06, 0x6c, 0xa8, 0xce, 0xe7, 0x36, 0xfa, 0x97,
-    0x5a, 0xd3, 0x86, 0xfb, 0x91, 0x83, 0xcd, 0x38, 0xf7, 0xa9, 0xf5, 0xe3,
-    0xce, 0xa5, 0xfe, 0xb2, 0xb2, 0x79, 0xdc, 0xc0, 0x4e, 0x1b, 0x0a, 0xe3,
-    0x31, 0x29, 0xef, 0x8e, 0x57, 0x2b, 0x3e, 0xae, 0x05, 0x43, 0x3e, 0x41,
-    0xbe, 0x34, 0x93, 0x21, 0x27, 0x3f, 0x2e, 0x10, 0x49, 0xef, 0xdd, 0xd9,
-    0x50, 0xb7, 0xff, 0xb6, 0x3c, 0x74, 0x2e, 0x7b, 0x9e, 0x7e, 0x27, 0x02,
-    0xca, 0x75, 0x6c, 0x41, 0x96, 0x13, 0x7c, 0xc4, 0x06, 0x59, 0x79, 0xcf,
-    0xc5, 0x95, 0x23, 0x79, 0xbc, 0x82, 0xfc, 0x7c, 0x67, 0x02, 0xcb, 0xee,
-    0xdd, 0xfb, 0x54, 0x51, 0x4b, 0xff, 0xf3, 0x82, 0x3b, 0xfb, 0x73, 0xed,
-    0xef, 0xe1, 0x2c, 0xad, 0x22, 0x10, 0x8c, 0x2f, 0xbd, 0xa6, 0xe9, 0x65,
-    0xff, 0xa3, 0xcc, 0x08, 0x97, 0xb9, 0x3d, 0x2c, 0xbf, 0x77, 0x05, 0x00,
-    0x59, 0x7d, 0xe3, 0x5b, 0xb5, 0x94, 0xe7, 0x97, 0xc2, 0x7b, 0xfb, 0x00,
-    0x26, 0x9c, 0x0b, 0x2f, 0x3c, 0x85, 0xc2, 0x79, 0x99, 0x0a, 0xa6, 0x22,
-    0xd1, 0x1f, 0xe1, 0x1d, 0xe2, 0x1b, 0xff, 0xa1, 0xf4, 0x41, 0x7e, 0xb3,
-    0xee, 0xb2, 0xff, 0xf9, 0xa6, 0x28, 0xf7, 0x3d, 0xd7, 0x6c, 0x5b, 0x2c,
-    0xbf, 0xfe, 0xcf, 0xf9, 0x8c, 0x6c, 0x93, 0x69, 0xc0, 0xb2, 0x86, 0x8a,
-    0x0e, 0x29, 0x58, 0x5e, 0x2b, 0x66, 0x3c, 0x7d, 0xff, 0x72, 0xe4, 0x38,
-    0xaf, 0xf0, 0xbc, 0xd7, 0x6e, 0xfd, 0xaa, 0x2e, 0x85, 0xff, 0xc2, 0xde,
-    0x42, 0xf3, 0x5d, 0xbb, 0xf6, 0xa8, 0x92, 0xd7, 0xed, 0x76, 0xef, 0xda,
-    0xa2, 0xf2, 0x5c, 0xfb, 0xd6, 0x58, 0x5e, 0x1e, 0x74, 0xf9, 0xb5, 0x44,
-    0x36, 0x9f, 0xf6, 0x8f, 0x2a, 0x4d, 0xf9, 0x0a, 0x1e, 0xe1, 0xd7, 0x33,
-    0x01, 0xd0, 0xff, 0x3d, 0xb8, 0xe8, 0x05, 0x8c, 0x9c, 0xae, 0x4b, 0xcd,
-    0xf2, 0x88, 0x50, 0xf7, 0xc2, 0x92, 0xff, 0xf0, 0xb3, 0xbc, 0x85, 0xe6,
-    0xbb, 0x77, 0xed, 0x51, 0x2c, 0xaf, 0xa7, 0xb3, 0x67, 0xe7, 0xb5, 0x96,
-    0x14, 0x2c, 0xb6, 0xea, 0xcb, 0x7d, 0x65, 0x4f, 0x66, 0xea, 0x78, 0x15,
-    0x08, 0xa5, 0xfe, 0x61, 0xff, 0x18, 0x8d, 0x59, 0x7d, 0xf7, 0xf0, 0x56,
-    0x5f, 0x7e, 0x37, 0x0e, 0xb2, 0xff, 0xd9, 0xf6, 0x91, 0x66, 0x04, 0x56,
-    0xb2, 0xff, 0xd8, 0xdb, 0xd8, 0x83, 0x2c, 0xe2, 0xcb, 0xfe, 0x81, 0xce,
-    0x8f, 0x6b, 0x06, 0xb2, 0xf0, 0x7b, 0x75, 0x95, 0x24, 0xd3, 0x98, 0xcb,
-    0x70, 0x88, 0xe4, 0xa4, 0x81, 0xe3, 0xe1, 0x0e, 0xaf, 0xe1, 0xf8, 0x2f,
-    0x2e, 0x2c, 0xbf, 0xe0, 0x4e, 0x6f, 0x72, 0x34, 0x05, 0x97, 0xee, 0x39,
-    0xbf, 0x65, 0x97, 0x46, 0xcb, 0x2f, 0xfd, 0x87, 0xe3, 0xc8, 0x4e, 0x46,
-    0x2c, 0xad, 0xc3, 0xd5, 0xf0, 0xbd, 0x42, 0x37, 0x70, 0xed, 0x9f, 0x6f,
-    0x7c, 0xc7, 0x59, 0x7f, 0x1e, 0x08, 0xdc, 0xd9, 0x65, 0xce, 0x75, 0x97,
-    0xfe, 0x7d, 0x4a, 0x3d, 0xf8, 0x08, 0xad, 0x65, 0x4f, 0x08, 0xa3, 0xc1,
-    0xdf, 0x17, 0x04, 0x5a, 0xfc, 0x1f, 0x37, 0xe1, 0x65, 0xff, 0xbf, 0x1f,
-    0x63, 0x7d, 0xc7, 0x02, 0xcb, 0xfe, 0x79, 0x70, 0x3e, 0x8f, 0x71, 0x65,
-    0xfc, 0x5e, 0xd4, 0x3f, 0x6b, 0x2e, 0x7e, 0x2c, 0xbf, 0xff, 0x3b, 0xc9,
-    0xff, 0x3b, 0x36, 0x0f, 0x9b, 0xf0, 0xb2, 0xb6, 0x3e, 0xc9, 0x85, 0xae,
-    0x0e, 0x96, 0x5f, 0xa5, 0xc7, 0x9f, 0xc5, 0x97, 0x9d, 0xfb, 0x54, 0x46,
-    0x6b, 0xfd, 0x1d, 0x4a, 0x34, 0x79, 0x2c, 0xbf, 0xff, 0xee, 0x7b, 0xcd,
-    0xfe, 0xa5, 0xc2, 0x0e, 0x1a, 0x6b, 0x3c, 0x96, 0x5b, 0x00, 0x89, 0xdf,
-    0x1a, 0x5f, 0xff, 0xf4, 0xb2, 0x73, 0xf8, 0x31, 0x38, 0x65, 0x1a, 0xd3,
-    0x61, 0xd6, 0x54, 0x27, 0x01, 0xd9, 0x56, 0xa1, 0x8c, 0xe5, 0x17, 0xf3,
-    0x41, 0xf6, 0xc3, 0x16, 0x5c, 0x52, 0x59, 0x63, 0xac, 0xbf, 0x36, 0xbe,
-    0xe2, 0xf4, 0x7a, 0xa7, 0x2e, 0x10, 0x5a, 0xdf, 0x59, 0x74, 0x69, 0x65,
-    0x9b, 0xb3, 0x4f, 0xbc, 0x46, 0xf9, 0xb4, 0xfa, 0x59, 0x77, 0x37, 0x16,
-    0x59, 0xe4, 0x6e, 0xfc, 0x43, 0x7f, 0xf7, 0x18, 0x3c, 0xc2, 0x0c, 0xb3,
-    0x8b, 0x2e, 0x8e, 0x96, 0x5e, 0x62, 0xed, 0x65, 0x70, 0xd9, 0xf8, 0x5e,
-    0xff, 0xf8, 0x56, 0xde, 0xe3, 0x78, 0xa0, 0x2f, 0xa3, 0x56, 0x56, 0xcb,
-    0xae, 0x72, 0x27, 0x19, 0xfe, 0x1c, 0xb4, 0x26, 0x66, 0x24, 0xd4, 0x72,
-    0xe7, 0x84, 0xbf, 0xdd, 0x49, 0x93, 0x84, 0xde, 0x76, 0x09, 0x0d, 0xfe,
-    0x73, 0x3e, 0xd1, 0xa8, 0x59, 0x7f, 0xff, 0xfe, 0x71, 0xf3, 0xf8, 0x72,
-    0x6d, 0xa7, 0x1c, 0x24, 0xe6, 0xfc, 0xb3, 0xda, 0xc5, 0x95, 0xa4, 0x5b,
-    0x11, 0x95, 0xff, 0xfe, 0xfb, 0x7b, 0xcd, 0xc1, 0x36, 0x8d, 0x8b, 0x00,
-    0x1e, 0x2c, 0xbf, 0x79, 0x8f, 0x13, 0x2c, 0xbf, 0xb2, 0x27, 0x47, 0x0e,
-    0xb2, 0xb0, 0xf5, 0xb8, 0x51, 0x7f, 0x89, 0xcc, 0xf1, 0x39, 0xab, 0x2a,
-    0x47, 0xa9, 0xe2, 0x1b, 0xed, 0x69, 0xf8, 0xb2, 0xfd, 0xfc, 0x27, 0x3a,
-    0xcb, 0xee, 0xbf, 0x1c, 0x59, 0x7a, 0x67, 0x25, 0x97, 0xa3, 0xdc, 0x59,
-    0x7f, 0xec, 0x37, 0x91, 0x84, 0x3f, 0xc2, 0xca, 0xe1, 0xec, 0x84, 0x72,
-    0xa7, 0x26, 0x05, 0x22, 0x2c, 0x26, 0x98, 0x8f, 0x8e, 0xb7, 0xed, 0xd2,
-    0x73, 0x06, 0xb2, 0xff, 0x46, 0xb6, 0xd6, 0x0f, 0x16, 0x5f, 0xfd, 0xe6,
-    0xd3, 0x82, 0x77, 0x52, 0x83, 0xac, 0xbf, 0x14, 0x4b, 0x8e, 0xb2, 0xa1,
-    0x19, 0x72, 0x2b, 0x63, 0x3d, 0xe8, 0xf7, 0xfd, 0xdf, 0xe0, 0xfb, 0xb8,
-    0xf3, 0x2c, 0xb7, 0xd6, 0x5f, 0xff, 0xfd, 0xe6, 0x3e, 0x9b, 0x3a, 0x20,
-    0xfa, 0x3f, 0x3b, 0x7b, 0x7a, 0x68, 0x59, 0x58, 0x88, 0x7f, 0x08, 0xdf,
-    0xf4, 0x1f, 0xef, 0xe7, 0x20, 0x2c, 0xbf, 0x39, 0x09, 0x00, 0x59, 0x50,
-    0x9a, 0x26, 0x43, 0x11, 0x88, 0xb4, 0x6f, 0x7f, 0x4b, 0x9c, 0x72, 0x92,
-    0xcb, 0xdb, 0x73, 0x8b, 0x2f, 0xc5, 0xee, 0x07, 0x4b, 0x29, 0xcf, 0xcc,
-    0x8b, 0x42, 0x3d, 0x73, 0x8d, 0x65, 0xfa, 0x4e, 0x41, 0xed, 0x65, 0x76,
-    0x6f, 0xba, 0x16, 0xb9, 0xfb, 0x59, 0x74, 0x6e, 0x2c, 0xad, 0x8d, 0x80,
-    0xac, 0x5e, 0xff, 0xde, 0x72, 0x04, 0xe1, 0x33, 0xa3, 0x16, 0x5f, 0x7b,
-    0xd0, 0x75, 0x97, 0xd2, 0xf3, 0x6c, 0xb2, 0xb1, 0x11, 0x06, 0xa1, 0xb9,
-    0x15, 0xe2, 0xce, 0xd6, 0x5f, 0xfb, 0xb6, 0xf3, 0x1e, 0x6e, 0x31, 0x2c,
-    0xbf, 0xf4, 0x36, 0xbd, 0xec, 0x8d, 0x01, 0x65, 0xbd, 0x07, 0xf9, 0x31,
-    0xfd, 0xfe, 0x3e, 0x68, 0x04, 0x10, 0x2c, 0xb4, 0x96, 0x56, 0x26, 0x08,
-    0xd0, 0x98, 0x72, 0x81, 0x0c, 0xef, 0xc0, 0x8f, 0x40, 0xd6, 0x54, 0x2a,
-    0x9c, 0xc5, 0x36, 0x85, 0x73, 0xc6, 0x66, 0x14, 0x1b, 0xff, 0xe0, 0xfb,
-    0x9d, 0x4a, 0x08, 0x1c, 0x9c, 0x12, 0x59, 0x7a, 0x3d, 0x0b, 0x28, 0x67,
-    0xdd, 0xbd, 0x4e, 0xf8, 0xe1, 0xf0, 0x56, 0x5e, 0xfe, 0x12, 0xca, 0x63,
-    0xe2, 0xf9, 0x20, 0x48, 0xee, 0xfc, 0xcb, 0x2f, 0xb2, 0x6c, 0x99, 0x65,
-    0xfb, 0x41, 0xf6, 0x6c, 0xb2, 0xfb, 0x34, 0x38, 0x59, 0x6e, 0x4e, 0x3e,
-    0xd8, 0x23, 0x22, 0x9b, 0x7d, 0x65, 0x74, 0x78, 0xce, 0x6b, 0x7d, 0x12,
-    0xc2, 0x59, 0x4c, 0x98, 0x6b, 0xc3, 0x2c, 0x04, 0x57, 0xb3, 0x3b, 0x59,
-    0x7f, 0xde, 0xe6, 0x68, 0x04, 0x10, 0x2c, 0xbf, 0xfa, 0x3d, 0xcf, 0xc3,
-    0x7b, 0x91, 0xb2, 0xcb, 0xf6, 0x6a, 0x26, 0xe2, 0xca, 0xd1, 0xf6, 0x7d,
-    0x12, 0xfb, 0xcf, 0xf8, 0x59, 0x7d, 0xef, 0x86, 0x7d, 0x65, 0xfe, 0xc8,
-    0xd3, 0xc9, 0xbe, 0xb2, 0xff, 0x31, 0x9c, 0x8f, 0xbe, 0xe2, 0xca, 0xd1,
-    0xf3, 0xf8, 0xc6, 0xfd, 0xef, 0xf5, 0x9b, 0xab, 0x28, 0x69, 0x8f, 0x74,
-    0x44, 0xc4, 0x27, 0x84, 0x6f, 0xc8, 0xaf, 0xdc, 0x73, 0x7e, 0xcb, 0x2f,
-    0xfb, 0x70, 0x7f, 0x0f, 0x3a, 0x93, 0xac, 0xb9, 0xbf, 0x87, 0xcc, 0x12,
-    0x8a, 0x85, 0x54, 0xb9, 0x1e, 0x1b, 0xc2, 0xda, 0xff, 0x34, 0xa2, 0x50,
-    0x79, 0x2c, 0xbc, 0x26, 0x0a, 0x16, 0x5f, 0xfe, 0x8d, 0x40, 0x3e, 0xd1,
-    0xa0, 0x1e, 0x4b, 0x2f, 0xff, 0x04, 0x07, 0x62, 0xc0, 0x16, 0x3c, 0xcb,
-    0x2f, 0xf3, 0x7d, 0xa0, 0xa6, 0x0a, 0xcb, 0xd1, 0xf1, 0x4a, 0xcb, 0xfc,
-    0xda, 0xcc, 0x2e, 0xbc, 0xb2, 0xa1, 0x10, 0x8c, 0x64, 0xe4, 0x17, 0xfe,
-    0x08, 0xf5, 0x81, 0xfc, 0x1f, 0x16, 0x5f, 0xff, 0x66, 0xfc, 0x9c, 0x27,
-    0x9b, 0x4d, 0xb3, 0x9d, 0x65, 0xff, 0xff, 0x60, 0x27, 0xf2, 0x71, 0x66,
-    0xc2, 0x4a, 0x77, 0x38, 0xc6, 0x71, 0x65, 0x7d, 0x18, 0x84, 0xa9, 0x50,
-    0xaa, 0xe7, 0x0c, 0x98, 0x87, 0x49, 0x3f, 0x86, 0x67, 0x0b, 0x7d, 0x18,
-    0x15, 0xff, 0xf1, 0x6a, 0x3e, 0xed, 0xe8, 0xf9, 0x74, 0xcb, 0x2f, 0xfd,
-    0xf8, 0xd0, 0x35, 0xa8, 0x3f, 0x16, 0x5f, 0x9f, 0x84, 0xd0, 0xb2, 0xff,
-    0xe6, 0xd0, 0xfe, 0x1d, 0x67, 0x7f, 0xc5, 0x97, 0xe6, 0xd3, 0xee, 0xb2,
-    0xca, 0x91, 0xf7, 0x76, 0x8b, 0x7f, 0x6c, 0xfb, 0x10, 0x7c, 0xb2, 0xfb,
-    0xc1, 0x7f, 0x2c, 0xbc, 0x17, 0xf2, 0xca, 0x9c, 0x6f, 0xbc, 0x45, 0x7b,
-    0x7e, 0x69, 0x65, 0x41, 0xe0, 0xe1, 0x1d, 0x42, 0xa1, 0x0c, 0x4d, 0x34,
-    0xff, 0xa8, 0x49, 0xb1, 0x19, 0x42, 0xba, 0xf0, 0x42, 0x35, 0x97, 0xf4,
-    0xcd, 0xfd, 0x61, 0xd6, 0x5c, 0xc6, 0x2c, 0xbb, 0x77, 0x16, 0x53, 0x9e,
-    0xf7, 0x0b, 0xbc, 0x2f, 0x7f, 0x72, 0x3d, 0xcf, 0xb2, 0xcb, 0xf1, 0x61,
-    0xf5, 0x8b, 0x2f, 0xb5, 0xbf, 0x06, 0xb2, 0xb0, 0xfd, 0xce, 0x5a, 0x12,
-    0x6b, 0xf7, 0xe3, 0x47, 0x92, 0xcb, 0xc3, 0xcf, 0x2c, 0xbf, 0xd8, 0x53,
-    0xbf, 0x19, 0xb8, 0xb2, 0xff, 0xcd, 0xee, 0x60, 0xe6, 0x28, 0x1a, 0xcb,
-    0xe0, 0x37, 0x52, 0x59, 0x7f, 0xa0, 0xbc, 0xdb, 0x14, 0x2c, 0xbf, 0xfc,
-    0xda, 0x6d, 0xa0, 0xb3, 0xfa, 0x0e, 0xf5, 0x95, 0x24, 0xd5, 0xc6, 0x50,
-    0x71, 0xcf, 0x9b, 0x00, 0xf8, 0x88, 0xfc, 0x63, 0x7f, 0xfa, 0x0b, 0xb7,
-    0xf3, 0x9a, 0x26, 0xd1, 0xb2, 0xcb, 0xff, 0x30, 0xc3, 0xee, 0x3f, 0x9c,
-    0xd5, 0x97, 0xf6, 0x19, 0xd4, 0xb9, 0x38, 0xd4, 0x46, 0x3a, 0x6d, 0xff,
-    0xfd, 0x85, 0x86, 0xfd, 0xe6, 0xfb, 0x9b, 0x9a, 0xcf, 0x2c, 0xbf, 0xf8,
-    0x48, 0xe8, 0x42, 0x2c, 0x6e, 0xbc, 0xb2, 0x99, 0x1d, 0x7f, 0x4a, 0x75,
-    0xba, 0x9e, 0xdd, 0x1e, 0xd4, 0xf0, 0xd7, 0x11, 0xc3, 0x6c, 0xcf, 0x28,
-    0xc2, 0xc7, 0x0d, 0x0c, 0x9d, 0xb4, 0x36, 0x37, 0xae, 0xc8, 0xba, 0x8c,
-    0x35, 0xa3, 0x24, 0x9a, 0x31, 0x8d, 0x47, 0x02, 0x78, 0x59, 0xfe, 0x58,
-    0x3b, 0xc6, 0x46, 0x08, 0xce, 0xc5, 0x66, 0x85, 0x2b, 0x07, 0x92, 0xbc,
-    0xfd, 0x29, 0xf8, 0x2c, 0x3b, 0xde, 0xe7, 0xe1, 0x4a, 0x24, 0x70, 0xbb,
-    0xb1, 0xed, 0xdf, 0xf7, 0xa0, 0x7a, 0xd4, 0x1f, 0x8b, 0x2e, 0x37, 0xb5,
-    0x97, 0xf1, 0xe5, 0x11, 0xc6, 0x59, 0x73, 0x81, 0x65, 0x41, 0xe1, 0x39,
-    0x65, 0xf0, 0xdd, 0xfa, 0x59, 0x7f, 0x37, 0x4d, 0xdc, 0x08, 0xb2, 0x9c,
-    0xf4, 0x48, 0x8a, 0xf3, 0x08, 0x75, 0x97, 0xf1, 0x67, 0xfa, 0x7d, 0xc5,
-    0x97, 0xbb, 0x7d, 0xeb, 0x2e, 0xf0, 0xb8, 0x4e, 0x44, 0xe7, 0x3f, 0x5b,
-    0x77, 0x10, 0x10, 0x70, 0x77, 0xc6, 0x17, 0xff, 0xff, 0x07, 0xa9, 0x0b,
-    0x72, 0xf6, 0x1f, 0x83, 0xfc, 0x68, 0x6e, 0xe6, 0x2c, 0xbf, 0xfa, 0x0c,
-    0x17, 0x85, 0x06, 0x6a, 0x0e, 0xb2, 0x85, 0xae, 0x55, 0x64, 0xb7, 0xe2,
-    0x71, 0xf3, 0xad, 0xff, 0xe1, 0x67, 0x79, 0x0b, 0xcd, 0x76, 0xef, 0xda,
-    0xa2, 0x69, 0x5f, 0xfe, 0x16, 0x77, 0x90, 0xbc, 0xd7, 0x6e, 0xfd, 0xaa,
-    0x27, 0x15, 0xe0, 0x14, 0x2c, 0xbf, 0x49, 0x88, 0x0c, 0xb2, 0xfd, 0x2c,
-    0xf4, 0xa4, 0xb2, 0xff, 0x6f, 0x8f, 0xce, 0x28, 0x92, 0xcb, 0xff, 0x3c,
-    0x85, 0xe6, 0xbb, 0x77, 0xed, 0x51, 0x40, 0xaf, 0xff, 0x34, 0x1d, 0xc7,
-    0xa8, 0xf7, 0xf0, 0x6b, 0x2f, 0xb8, 0x5d, 0x49, 0x65, 0x85, 0xc2, 0x6b,
-    0x18, 0x37, 0xd1, 0x33, 0x14, 0x1c, 0xdb, 0xe9, 0xde, 0x48, 0xba, 0x7b,
-    0x14, 0x2c, 0xbe, 0xed, 0xdf, 0xb5, 0x45, 0xc0, 0xbf, 0xc3, 0xfc, 0x4f,
-    0xe6, 0xa1, 0x65, 0x68, 0xf9, 0x48, 0xc2, 0xee, 0xb8, 0xb2, 0xf8, 0xde,
-    0xdc, 0x6b, 0x2e, 0x81, 0x16, 0x5f, 0xc5, 0x9e, 0xed, 0xb8, 0xb2, 0xe8,
-    0x65, 0x97, 0xdf, 0x0b, 0xc9, 0x65, 0xfe, 0x29, 0x43, 0x0f, 0x0e, 0xb2,
-    0x85, 0x09, 0xc7, 0x64, 0x21, 0x7a, 0x21, 0x61, 0x8d, 0x12, 0x1c, 0x5f,
-    0xe5, 0xbe, 0x15, 0x09, 0x15, 0xfa, 0x42, 0xcd, 0x14, 0x9a, 0xb2, 0x85,
-    0xa2, 0xe2, 0x21, 0x0f, 0x7f, 0xa7, 0xa9, 0xec, 0x53, 0x20, 0x49, 0x96,
-    0x5f, 0xc7, 0x8f, 0x06, 0x67, 0x59, 0x73, 0x81, 0x65, 0xfa, 0x69, 0x41,
-    0x49, 0x65, 0x2c, 0xac, 0x36, 0x64, 0x51, 0x7f, 0x4b, 0x0d, 0x2c, 0x02,
-    0xcb, 0xc0, 0xc3, 0x16, 0x5f, 0x14, 0x67, 0xd6, 0x54, 0x1b, 0xdd, 0x87,
-    0x6e, 0x61, 0x62, 0xa2, 0x6c, 0x70, 0x85, 0xa2, 0xe2, 0x49, 0xf0, 0xf8,
-    0x8d, 0x57, 0xfe, 0x2c, 0xf7, 0x5d, 0xb7, 0x3e, 0xcb, 0x2f, 0xda, 0xed,
-    0xdf, 0xb5, 0x44, 0x92, 0xba, 0x42, 0xe0, 0xfd, 0x70, 0xfe, 0xc2, 0xfe,
-    0x98, 0x63, 0xc3, 0x7a, 0xfd, 0x86, 0x00, 0x3c, 0x59, 0x71, 0x80, 0x59,
-    0x7f, 0xee, 0xff, 0x1a, 0xcf, 0x14, 0x1d, 0x65, 0xfe, 0x7f, 0x16, 0x6c,
-    0xe4, 0xb2, 0xfd, 0x13, 0x14, 0x0d, 0x65, 0xc6, 0x98, 0xb2, 0xfe, 0x93,
-    0xeb, 0x61, 0xc2, 0xcb, 0xfb, 0x09, 0xfa, 0x97, 0x16, 0x5f, 0xff, 0x82,
-    0x4e, 0x6f, 0x8d, 0x82, 0x96, 0x7d, 0x8e, 0xb2, 0xff, 0xfd, 0x9d, 0xc7,
-    0xe0, 0xfd, 0xfd, 0xbd, 0x98, 0x75, 0x97, 0xe3, 0xeb, 0x07, 0xe5, 0x97,
-    0xfa, 0x3a, 0x13, 0xc5, 0x00, 0x59, 0x50, 0x7b, 0x81, 0x28, 0xbf, 0x6e,
-    0xfe, 0x08, 0xd5, 0x96, 0x1a, 0xcb, 0xfb, 0x62, 0xcd, 0xe1, 0x85, 0x95,
-    0xb1, 0xe0, 0x38, 0x8d, 0xce, 0x2f, 0x65, 0x5f, 0xe3, 0x29, 0xc1, 0x83,
-    0x4f, 0xbb, 0x31, 0xe8, 0x9e, 0x61, 0x9d, 0x17, 0x1c, 0xb4, 0x95, 0x79,
-    0x0b, 0x1f, 0x10, 0xcf, 0xb5, 0xd6, 0xce, 0xd1, 0xee, 0x56, 0xa3, 0x83,
-    0xb4, 0x79, 0x97, 0x01, 0x1d, 0xa7, 0x25, 0x58, 0xfa, 0x54, 0xc6, 0xf9,
-    0x65, 0xf7, 0xed, 0x78, 0x83, 0xe5, 0x97, 0xfe, 0x35, 0xc5, 0xe6, 0xbb,
-    0x77, 0xed, 0x51, 0x6a, 0x2f, 0xb9, 0x1e, 0xe2, 0xcb, 0xff, 0x3c, 0x85,
-    0xe6, 0xbb, 0x77, 0xed, 0x51, 0x2a, 0xae, 0x63, 0x16, 0x52, 0xcb, 0x0b,
-    0xc4, 0xc2, 0x4d, 0x28, 0xe9, 0x3c, 0xe4, 0x5e, 0x4e, 0xdd, 0x17, 0xbf,
-    0xb3, 0x5d, 0xbb, 0xf6, 0xa8, 0x8a, 0x57, 0xfe, 0x77, 0x3e, 0x68, 0x04,
-    0x10, 0x2c, 0xbf, 0xf4, 0x7b, 0x99, 0xa0, 0x10, 0x40, 0xb2, 0xf9, 0xb9,
-    0x0e, 0xb2, 0xff, 0x13, 0x83, 0x9e, 0xce, 0xd6, 0x5c, 0x71, 0x7f, 0x46,
-    0x71, 0x1e, 0xf0, 0xfb, 0xc4, 0x14, 0x2d, 0x35, 0x37, 0x8c, 0x26, 0xfd,
-    0xae, 0xdd, 0xfb, 0x54, 0x46, 0x8b, 0xf8, 0x98, 0x7a, 0x6d, 0x96, 0x58,
-    0x5e, 0x1f, 0x1b, 0x1b, 0x5e, 0x15, 0x73, 0xf3, 0xda, 0xcb, 0xe9, 0xea,
-    0x79, 0x0a, 0xb1, 0x56, 0xb2, 0xe0, 0xfd, 0x65, 0xff, 0x87, 0x87, 0x6d,
-    0x67, 0x26, 0x85, 0x97, 0xfb, 0xde, 0x67, 0xdf, 0x1e, 0x59, 0x7f, 0xff,
-    0x83, 0xcf, 0xe0, 0xc4, 0x13, 0x8c, 0x27, 0x9b, 0x93, 0x08, 0xb2, 0xa1,
-    0x13, 0x6e, 0x69, 0x7f, 0xfa, 0x66, 0x6f, 0xcd, 0x9e, 0x8f, 0x40, 0xd6,
-    0x5e, 0x67, 0x31, 0x25, 0xff, 0xa2, 0x37, 0xc1, 0x44, 0xd1, 0x32, 0xcb,
-    0xf4, 0xdc, 0x7c, 0xf2, 0xcb, 0xfd, 0xad, 0x47, 0x5c, 0xf8, 0xd6, 0x5b,
-    0xf0, 0x7b, 0xac, 0x51, 0x7f, 0xfd, 0x1f, 0x89, 0xb8, 0x1f, 0x04, 0x33,
-    0x46, 0xf5, 0x94, 0xca, 0x9d, 0xb7, 0x21, 0xb3, 0x31, 0x09, 0xd2, 0x88,
-    0x73, 0xd0, 0x9c, 0xde, 0x4d, 0x7d, 0xdb, 0xbf, 0x6a, 0x8a, 0x7d, 0x7f,
-    0xf9, 0xb5, 0xf7, 0xf7, 0x1f, 0xa7, 0x20, 0x2c, 0xbb, 0xd0, 0xb2, 0xb4,
-    0x88, 0xff, 0x98, 0x79, 0x26, 0xf8, 0xce, 0xe6, 0x14, 0xac, 0xbf, 0xfe,
-    0xfb, 0x7b, 0x99, 0xbf, 0xed, 0x3f, 0x9a, 0x35, 0x65, 0xfe, 0x6f, 0x37,
-    0xbe, 0x1f, 0x2c, 0xbe, 0x83, 0xe9, 0xd6, 0x5f, 0xe8, 0xf7, 0xde, 0x69,
-    0xd8, 0xb2, 0xe6, 0xe9, 0x65, 0x4c, 0x79, 0x9a, 0x35, 0xad, 0x23, 0x0c,
-    0x8c, 0xfc, 0xdb, 0x7f, 0xcf, 0x26, 0x1f, 0xe2, 0x5c, 0x59, 0x7e, 0x0f,
-    0xbd, 0x1b, 0xd6, 0x5f, 0xfd, 0x13, 0x4c, 0xc0, 0x89, 0xa6, 0xc0, 0x2c,
-    0xbd, 0xf6, 0x8d, 0x1f, 0x89, 0x15, 0x5d, 0xf0, 0xac, 0xac, 0x3c, 0x80,
-    0x98, 0xdf, 0xb3, 0xec, 0x5e, 0x59, 0x7f, 0xf1, 0xc8, 0x3f, 0x6d, 0x67,
-    0x26, 0x85, 0x97, 0xff, 0xff, 0xe8, 0xf3, 0x13, 0xf3, 0x99, 0xef, 0xb9,
-    0xff, 0x85, 0x11, 0xc7, 0x0e, 0xf5, 0x97, 0xcf, 0x33, 0x7d, 0x65, 0xff,
-    0xed, 0x63, 0x4d, 0xc0, 0xc7, 0x45, 0x1e, 0x59, 0x7e, 0xde, 0x1d, 0xc8,
-    0x02, 0xca, 0x92, 0x70, 0x6c, 0x4d, 0xa4, 0x43, 0xc2, 0x03, 0xc4, 0x41,
-    0x4a, 0xbe, 0xeb, 0xc1, 0xd2, 0xcb, 0xff, 0x7b, 0x41, 0x9b, 0x9d, 0xbc,
-    0xdc, 0x59, 0x58, 0x7c, 0xe1, 0x24, 0xbf, 0xce, 0x51, 0xe2, 0x8f, 0x2c,
-    0xbf, 0xf4, 0x7b, 0xac, 0xf4, 0x4c, 0xdc, 0x59, 0x7f, 0xe9, 0x82, 0x5b,
-    0x73, 0xb7, 0x9b, 0x8b, 0x2a, 0x11, 0x05, 0x87, 0xf7, 0x3f, 0x16, 0x5f,
-    0x83, 0x34, 0xce, 0x6a, 0xcb, 0xfe, 0xf4, 0x74, 0xf3, 0x6a, 0x37, 0xac,
-    0xad, 0xc3, 0xfd, 0xe0, 0xb7, 0x8a, 0xef, 0x83, 0xf6, 0xd2, 0xcb, 0x62,
-    0xcb, 0x0b, 0x9e, 0xd9, 0x58, 0x73, 0xd1, 0x5c, 0xf0, 0x75, 0x12, 0xa3,
-    0x72, 0x30, 0x33, 0x4c, 0x3b, 0x2a, 0x68, 0xc6, 0x0e, 0x5f, 0xf8, 0x78,
-    0xbc, 0x74, 0x85, 0x0c, 0x3e, 0x10, 0xfa, 0x16, 0x41, 0x84, 0xf4, 0xf9,
-    0x96, 0xe9, 0x15, 0xff, 0xe1, 0x67, 0x79, 0x0b, 0xcd, 0x76, 0xef, 0xda,
-    0xa2, 0x6a, 0x5f, 0xd9, 0xae, 0xdd, 0xfb, 0x54, 0x57, 0x6b, 0xff, 0xd9,
-    0xba, 0xde, 0x69, 0x4e, 0x28, 0xf7, 0x16, 0x52, 0xcb, 0x8c, 0x17, 0xf3,
-    0xd8, 0x31, 0x36, 0x85, 0xa3, 0x15, 0xa1, 0x27, 0x70, 0x19, 0x65, 0x86,
-    0xb2, 0xe8, 0x3a, 0xca, 0xf9, 0xa7, 0xe0, 0x8d, 0xa7, 0xd6, 0x58, 0x96,
-    0x56, 0xc6, 0x90, 0xe2, 0x97, 0x6d, 0x0b, 0x2f, 0xbb, 0x77, 0xed, 0x51,
-    0x5f, 0x2f, 0x18, 0x61, 0x89, 0x2c, 0x49, 0x05, 0x9a, 0x0a, 0xd1, 0xf9,
-    0x1d, 0x42, 0xff, 0x7f, 0x0d, 0x78, 0xeb, 0x75, 0x65, 0xe9, 0x47, 0x4b,
-    0x2f, 0xb3, 0xdf, 0x65, 0x97, 0x07, 0x8b, 0x2e, 0xcf, 0xac, 0xa1, 0x9a,
-    0xd9, 0x85, 0xee, 0x7d, 0xeb, 0x2f, 0xf1, 0x8f, 0xee, 0x46, 0x6c, 0xb2,
-    0xf7, 0x20, 0x0b, 0x2b, 0xe7, 0xa1, 0xe3, 0x4b, 0xe2, 0x7e, 0xb8, 0xb2,
-    0xb0, 0xf1, 0x3c, 0x45, 0x78, 0xcc, 0xd2, 0xcb, 0x79, 0x65, 0xff, 0x36,
-    0xb3, 0x66, 0x96, 0x0d, 0x65, 0xfe, 0xd0, 0x3d, 0xc7, 0x06, 0x2c, 0xa6,
-    0x44, 0xce, 0x87, 0x5c, 0x44, 0x27, 0x17, 0xbe, 0x40, 0x59, 0x7d, 0xbb,
-    0xf0, 0x88, 0xb2, 0xf4, 0xd9, 0x32, 0xcb, 0x32, 0xca, 0xe8, 0xf5, 0x66,
-    0x27, 0x38, 0xf5, 0xb4, 0xb2, 0x96, 0x53, 0x17, 0x9a, 0x11, 0xa5, 0x96,
-    0x65, 0x96, 0xd8, 0xd2, 0xef, 0xe1, 0x76, 0xde, 0xb2, 0xbe, 0x7e, 0xae,
-    0x74, 0x12, 0x8b, 0xec, 0x28, 0x92, 0xcb, 0x0b, 0x15, 0x17, 0x4d, 0x60,
-    0xf7, 0x64, 0x59, 0x11, 0x64, 0x22, 0x7b, 0x22, 0x98, 0xdf, 0x43, 0xae,
-    0x9c, 0x02, 0x22, 0x85, 0x67, 0x21, 0x75, 0xe3, 0xb0, 0xb8, 0xcf, 0xc3,
-    0x08, 0x42, 0xeb, 0xff, 0xc2, 0xce, 0xf2, 0x17, 0x9a, 0xed, 0xdf, 0xb5,
-    0x44, 0xf6, 0xb0, 0xad, 0x65, 0xff, 0x0d, 0xfb, 0x8e, 0xc2, 0x43, 0x59,
-    0x7f, 0xfc, 0xd2, 0xe6, 0xe7, 0xc3, 0xde, 0x6d, 0x38, 0x7a, 0x59, 0x7d,
-    0x1b, 0xaf, 0xd2, 0xcb, 0xcc, 0x40, 0x59, 0x5b, 0x23, 0x4a, 0x47, 0x5f,
-    0x58, 0xde, 0x4b, 0x7f, 0xf0, 0x75, 0x36, 0x9b, 0x67, 0x3b, 0x71, 0x65,
-    0xf9, 0x87, 0x1a, 0xe2, 0xcb, 0xf6, 0xbb, 0x77, 0xed, 0x51, 0x70, 0xaf,
-    0x8e, 0x1f, 0x71, 0x65, 0xfe, 0xfb, 0x48, 0x20, 0x89, 0x96, 0x5f, 0xd0,
-    0xda, 0xd3, 0x18, 0xb2, 0xc2, 0xc5, 0x2a, 0x93, 0xa2, 0x1c, 0xfb, 0x20,
-    0x49, 0x1b, 0x09, 0xcd, 0x36, 0x62, 0x33, 0x9a, 0x5f, 0xfc, 0x2d, 0xe4,
-    0x2f, 0x35, 0xdb, 0xbf, 0x6a, 0x89, 0x3d, 0x7f, 0xe6, 0x98, 0x5c, 0x06,
-    0x3d, 0x00, 0x59, 0x7f, 0x8d, 0x17, 0x37, 0xe0, 0x8d, 0x59, 0x50, 0xdc,
-    0xed, 0xed, 0x1d, 0xbc, 0xa1, 0x1c, 0x6d, 0x2b, 0xaf, 0xb8, 0xcc, 0x66,
-    0x8c, 0x87, 0x53, 0xab, 0xdf, 0x8c, 0x03, 0x92, 0xaa, 0xb7, 0xc2, 0x0c,
-    0xc5, 0x61, 0x10, 0x2f, 0xf0, 0xbc, 0xd7, 0x6e, 0xfd, 0xaa, 0x22, 0xa5,
-    0xfb, 0x5d, 0xbb, 0xf6, 0xa8, 0xa6, 0x57, 0xf3, 0x7f, 0x1f, 0xa0, 0x2c,
-    0xb0, 0xbc, 0x3e, 0x39, 0xf3, 0x6b, 0xff, 0xc2, 0xce, 0xf2, 0x17, 0x9a,
-    0xed, 0xdf, 0xb5, 0x44, 0xce, 0xbf, 0xfc, 0x2c, 0xef, 0x21, 0x79, 0xae,
-    0xdd, 0xfb, 0x54, 0x51, 0xaa, 0xd9, 0x38, 0xa1, 0xc2, 0x98, 0xd2, 0xcf,
-    0x2e, 0x5f, 0xf9, 0xe4, 0x2f, 0x35, 0xdb, 0xbf, 0x6a, 0x88, 0xe9, 0x7f,
-    0x16, 0x7b, 0x90, 0x75, 0x97, 0xa3, 0xdc, 0x59, 0x7b, 0x5b, 0x0b, 0xe1,
-    0xe4, 0x08, 0x59, 0x7f, 0xff, 0xb5, 0x21, 0x78, 0x41, 0xf0, 0x4d, 0xf7,
-    0x5d, 0xb6, 0xb8, 0xb2, 0x85, 0xa6, 0x6b, 0x10, 0x96, 0x63, 0x8b, 0x83,
-    0xf5, 0x97, 0xe1, 0x40, 0xa7, 0x5c, 0xe2, 0xcb, 0xee, 0xfb, 0x0f, 0x6b,
-    0x2f, 0xb8, 0x13, 0xb2, 0xcb, 0x8c, 0xfa, 0xca, 0x63, 0x74, 0x61, 0x15,
-    0xfb, 0x08, 0x79, 0xb2, 0xcb, 0xfe, 0x6d, 0x70, 0xb0, 0x7f, 0x85, 0x97,
-    0xfa, 0x23, 0xbc, 0xd6, 0xb1, 0x65, 0x32, 0x24, 0x3e, 0x4e, 0x46, 0xf7,
-    0xec, 0xd7, 0x61, 0x35, 0x65, 0xff, 0x77, 0x07, 0xc6, 0x3c, 0x6e, 0x2c,
-    0xbe, 0x6d, 0x3b, 0x2c, 0xbf, 0xf1, 0x61, 0xaf, 0x37, 0x3f, 0x03, 0x59,
-    0x7a, 0x67, 0xf2, 0xcb, 0xee, 0xdd, 0xfb, 0x54, 0x53, 0x4b, 0xf6, 0x74,
-    0x63, 0xfd, 0x65, 0xff, 0xdc, 0xc2, 0x1c, 0x4e, 0x15, 0x37, 0x81, 0x96,
-    0x50, 0xd3, 0x86, 0xc2, 0xa3, 0x4e, 0xd8, 0x82, 0x63, 0xfd, 0x0e, 0x91,
-    0x87, 0x0a, 0x6f, 0xb4, 0xe3, 0x65, 0x97, 0xff, 0xbb, 0x7d, 0x73, 0xee,
-    0xdc, 0xe6, 0x71, 0x65, 0xff, 0xff, 0x61, 0x7b, 0x8d, 0xde, 0x17, 0x3b,
-    0xfb, 0x7f, 0xb1, 0x36, 0x59, 0x7f, 0xdc, 0x7e, 0xb2, 0x68, 0xff, 0x16,
-    0x59, 0xbe, 0x8e, 0xe2, 0x4a, 0xf3, 0x55, 0xfe, 0xd6, 0xdc, 0xd6, 0xa0,
-    0xc5, 0x97, 0xf6, 0x6d, 0x9d, 0xe0, 0xd6, 0x57, 0xd1, 0x30, 0xe6, 0x84,
-    0x6d, 0x7f, 0xef, 0xb1, 0x6d, 0xc0, 0xc6, 0xa6, 0x59, 0x7f, 0xfe, 0xcd,
-    0xa3, 0x8d, 0xac, 0x9d, 0x8c, 0x50, 0x75, 0x95, 0x24, 0x4a, 0x79, 0x02,
-    0xf4, 0x8f, 0x25, 0x97, 0xde, 0xe3, 0x81, 0x65, 0xe0, 0x79, 0x96, 0x5f,
-    0xee, 0x76, 0xda, 0xd3, 0x6c, 0xb2, 0xa0, 0xfc, 0xdc, 0x8b, 0x83, 0x97,
-    0xff, 0xf6, 0xc1, 0xd4, 0xdc, 0xda, 0x26, 0xe7, 0xf0, 0x6d, 0xbd, 0x65,
-    0xff, 0xfe, 0xfb, 0x9a, 0x59, 0x2f, 0xc4, 0xb3, 0xe5, 0x8f, 0xb2, 0xcb,
-    0xfe, 0xcd, 0x3c, 0x31, 0x41, 0xd6, 0x5f, 0xff, 0xff, 0x47, 0x5d, 0xff,
-    0x27, 0x7f, 0x3b, 0xfb, 0x7f, 0x09, 0xcd, 0xcd, 0xf1, 0xd2, 0xcb, 0xf6,
-    0xd3, 0xbe, 0x0d, 0xeb, 0x2b, 0x64, 0xe9, 0xc6, 0xc5, 0xc5, 0xfd, 0xe6,
-    0xa2, 0x42, 0x0e, 0xff, 0xb7, 0xf7, 0xf6, 0x07, 0xd8, 0xeb, 0x2f, 0xf4,
-    0xa7, 0x41, 0x1b, 0xf6, 0x59, 0x58, 0x8c, 0x56, 0x54, 0x73, 0xcb, 0xb4,
-    0x15, 0x97, 0xd9, 0xf1, 0x34, 0xb2, 0x8e, 0x6e, 0x88, 0x5e, 0xe3, 0xcf,
-    0xac, 0xbf, 0x9c, 0xbb, 0x9d, 0xb7, 0x16, 0x50, 0x0f, 0x2c, 0x23, 0x57,
-    0xf4, 0x17, 0xa7, 0xf3, 0xcb, 0x2f, 0xfd, 0x1f, 0x83, 0xc1, 0x7b, 0xec,
-    0xb2, 0xff, 0x38, 0x1f, 0xde, 0xcf, 0xac, 0xa9, 0x22, 0x77, 0xb2, 0xf3,
-    0x0f, 0x2f, 0xbe, 0xd9, 0xa5, 0x97, 0x7c, 0x2b, 0x2d, 0x25, 0x95, 0x87,
-    0xf6, 0xc6, 0x40, 0x21, 0xde, 0x2f, 0x7b, 0xe6, 0x01, 0x65, 0xbc, 0xb2,
-    0x98, 0xd7, 0xfc, 0x7a, 0xe1, 0xc2, 0xcb, 0xff, 0xf7, 0xb8, 0x27, 0x35,
-    0x03, 0xcf, 0xf7, 0x85, 0xb2, 0xca, 0x83, 0xee, 0xc1, 0x6b, 0xfa, 0x18,
-    0x0f, 0xe0, 0xac, 0xbf, 0xf6, 0x03, 0x32, 0x69, 0x8a, 0x06, 0xb2, 0xb1,
-    0x31, 0x83, 0xc2, 0x3b, 0xe4, 0x04, 0x59, 0x7b, 0xd1, 0x25, 0x97, 0xfc,
-    0x1f, 0x7f, 0x26, 0x94, 0x74, 0xb2, 0xff, 0xf1, 0x3f, 0xb3, 0xdc, 0xcf,
-    0xe6, 0xe7, 0x96, 0x57, 0xd1, 0x44, 0x43, 0x9b, 0xce, 0xed, 0x32, 0xcb,
-    0x9f, 0xeb, 0x2f, 0xd9, 0xf7, 0x21, 0xac, 0xad, 0x8f, 0x3a, 0x42, 0x40,
-    0x16, 0xba, 0x0d, 0x59, 0x7f, 0x38, 0x39, 0x3c, 0xe7, 0x9c, 0xf3, 0x59,
-    0x7f, 0x34, 0x1f, 0x6c, 0x31, 0x65, 0xff, 0xf6, 0x7b, 0xf9, 0x2d, 0x39,
-    0x7b, 0xef, 0x25, 0x97, 0x40, 0x16, 0x5f, 0xe7, 0xea, 0x3b, 0x6e, 0xc5,
-    0xe9, 0x12, 0x44, 0x5c, 0x22, 0x75, 0x62, 0x7e, 0x8c, 0xff, 0xf3, 0x02,
-    0x17, 0xe4, 0x34, 0xaf, 0x3c, 0xdc, 0x59, 0x7e, 0x2e, 0x7f, 0x37, 0x16,
-    0x5b, 0x4b, 0x2b, 0x0d, 0xd8, 0x85, 0x57, 0xe0, 0x7e, 0x25, 0xc5, 0x97,
-    0x88, 0x26, 0xac, 0xbc, 0x63, 0xec, 0xb2, 0xff, 0xa0, 0x0f, 0xe0, 0x08,
-    0x52, 0x59, 0x5f, 0x3d, 0x72, 0x1e, 0xa8, 0x45, 0xe9, 0x14, 0x79, 0xd2,
-    0xc2, 0xe7, 0x86, 0xc5, 0x28, 0x55, 0x0b, 0xc1, 0x8c, 0x98, 0x07, 0x0b,
-    0x1c, 0x8e, 0xd0, 0xd7, 0x1e, 0xe3, 0xa7, 0xea, 0x18, 0x4c, 0x47, 0xa8,
-    0x48, 0x7e, 0x54, 0xcb, 0xb3, 0x81, 0xac, 0xa3, 0x3a, 0xe4, 0x70, 0x7e,
-    0x95, 0xae, 0x14, 0xd9, 0xf5, 0x81, 0x21, 0xbd, 0x76, 0xd3, 0xeb, 0x2f,
-    0x98, 0x80, 0xcb, 0x2f, 0xbb, 0x77, 0xed, 0x51, 0x55, 0x2a, 0x47, 0xa1,
-    0xa2, 0x0b, 0xf6, 0xbb, 0x77, 0xed, 0x51, 0x36, 0xaf, 0xbd, 0xa6, 0xe9,
-    0x65, 0xe7, 0x90, 0xbc, 0x3d, 0x96, 0x36, 0xb0, 0xbd, 0x93, 0x19, 0xc6,
-    0xb3, 0xbd, 0xdf, 0xe1, 0x79, 0xae, 0xdd, 0xfb, 0x54, 0x57, 0xeb, 0xf6,
-    0xbb, 0x77, 0xed, 0x51, 0x63, 0x2e, 0xdd, 0x92, 0xcb, 0x0b, 0xc3, 0xd0,
-    0x98, 0xda, 0xfd, 0xce, 0xff, 0x06, 0xac, 0xbf, 0xed, 0xa3, 0x8e, 0x0e,
-    0x30, 0xd6, 0x5f, 0xc1, 0x96, 0x71, 0xfc, 0xb2, 0xff, 0x07, 0x35, 0xdf,
-    0xdb, 0x8b, 0x2b, 0x48, 0x9a, 0x23, 0x9e, 0x16, 0xdf, 0xed, 0x41, 0x93,
-    0xe2, 0x7d, 0xd6, 0x5f, 0x87, 0x3c, 0x4f, 0x04, 0x6a, 0xcb, 0xef, 0x71,
-    0xfa, 0x59, 0x53, 0xd9, 0xeb, 0x41, 0x9d, 0xff, 0x10, 0x76, 0x9a, 0x51,
-    0xad, 0x96, 0x5d, 0xaf, 0x2c, 0xbe, 0x79, 0x60, 0xd6, 0x5f, 0xde, 0xcd,
-    0x0f, 0x09, 0x65, 0xb0, 0x67, 0x9b, 0xe2, 0x1b, 0xa5, 0x8b, 0x2f, 0xe7,
-    0x7f, 0x7b, 0x3e, 0xb2, 0xff, 0xf6, 0x1c, 0x9c, 0xd2, 0xc0, 0x4e, 0x30,
-    0x50, 0xb2, 0x8d, 0x44, 0x96, 0x85, 0x88, 0xb2, 0xff, 0x19, 0x06, 0x39,
-    0x75, 0xe5, 0x97, 0xed, 0x7b, 0xf9, 0xb2, 0xca, 0x83, 0xde, 0xc3, 0x5b,
-    0xfb, 0xcc, 0x7e, 0xa5, 0xc5, 0x96, 0x17, 0x8a, 0xc6, 0x74, 0x5e, 0x78,
-    0x47, 0x7c, 0x99, 0xcf, 0x09, 0x93, 0x90, 0xb9, 0x12, 0x11, 0xdb, 0xa4,
-    0x16, 0x61, 0x6b, 0x8e, 0xba, 0x97, 0xbb, 0x7e, 0xd7, 0x6e, 0xfd, 0xaa,
-    0x2d, 0x55, 0xfb, 0x5d, 0xbb, 0xf6, 0xa8, 0xa0, 0x97, 0x6d, 0xf5, 0x97,
-    0x9e, 0x42, 0xf0, 0xf3, 0x80, 0x6d, 0x7e, 0x83, 0x27, 0xf3, 0x4b, 0x2c,
-    0x2f, 0x11, 0xc6, 0x78, 0x42, 0x08, 0x69, 0x7d, 0xed, 0x3f, 0xd6, 0x5f,
-    0xdf, 0x6d, 0xb6, 0x0f, 0x16, 0x5f, 0xd8, 0x3d, 0x47, 0xb8, 0xb2, 0xfe,
-    0x83, 0xbf, 0x5e, 0x92, 0xca, 0xc4, 0x56, 0xf6, 0x44, 0x46, 0x1c, 0x2d,
-    0xbf, 0xb3, 0xe2, 0xdf, 0x5e, 0x59, 0x73, 0x98, 0x2c, 0xfa, 0xfc, 0x79,
-    0x7f, 0x0a, 0xa9, 0xeb, 0xd3, 0xf9, 0xf5, 0x97, 0xfa, 0x08, 0x11, 0xb8,
-    0xe7, 0x59, 0x7f, 0xfa, 0x68, 0xde, 0xfa, 0xe7, 0x1b, 0x58, 0x6a, 0xcb,
-    0xfc, 0xd3, 0x46, 0xf7, 0xd7, 0x16, 0x5b, 0x8b, 0x2a, 0x0f, 0x18, 0x8d,
-    0x6f, 0xfe, 0x80, 0x07, 0xdc, 0x28, 0xdd, 0x8d, 0x96, 0x5d, 0xa8, 0x59,
-    0x52, 0x4d, 0x11, 0x8d, 0x3f, 0x09, 0x3d, 0xe4, 0x1b, 0xa8, 0xf7, 0xcd,
-    0xf7, 0xe2, 0xcb, 0xee, 0xdd, 0xfb, 0x54, 0x5c, 0x4b, 0xf8, 0x2f, 0xd0,
-    0xf3, 0x4b, 0x2b, 0x47, 0xbd, 0xc3, 0x0b, 0xff, 0xf4, 0x84, 0xfc, 0x9f,
-    0xce, 0x00, 0x93, 0xef, 0x1a, 0xcb, 0x84, 0x99, 0x65, 0xff, 0x73, 0x18,
-    0x02, 0x79, 0xfe, 0xb2, 0xfd, 0xdb, 0x73, 0xec, 0xb2, 0xe6, 0xe9, 0x65,
-    0x74, 0x6f, 0xf4, 0x51, 0x5b, 0x22, 0xcf, 0xe3, 0x3e, 0x78, 0xbf, 0xfe,
-    0x94, 0x78, 0x13, 0xb3, 0xfa, 0xc0, 0x06, 0x65, 0x97, 0x61, 0xab, 0x2f,
-    0xf6, 0xfc, 0xf7, 0x37, 0xc7, 0xd6, 0x54, 0x8f, 0x3b, 0xe2, 0xf5, 0x88,
-    0xc3, 0x68, 0x50, 0xdf, 0xfb, 0xc4, 0xe0, 0xe7, 0xe0, 0xbc, 0xb2, 0xfd,
-    0x87, 0x6d, 0xd1, 0xac, 0xba, 0x0e, 0xb2, 0xa0, 0xff, 0x77, 0x0f, 0x74,
-    0x55, 0x7f, 0x04, 0x9c, 0xd9, 0x01, 0x65, 0xf3, 0xee, 0xb6, 0xcb, 0x2f,
-    0xdf, 0x09, 0xb8, 0x4b, 0x2f, 0xc3, 0xcd, 0xc8, 0xfa, 0xcb, 0xdb, 0xad,
-    0xda, 0xca, 0x19, 0xf9, 0x68, 0xa3, 0x74, 0xaa, 0xff, 0x1d, 0xe5, 0xc6,
-    0x1e, 0x2c, 0xbc, 0x6c, 0x71, 0x65, 0xfe, 0x94, 0x4c, 0xff, 0x8d, 0xc5,
-    0x97, 0xfe, 0x98, 0x32, 0x13, 0x7c, 0x7d, 0xf7, 0xac, 0xa8, 0x44, 0xc6,
-    0x0e, 0xb9, 0xb5, 0xb8, 0xb2, 0xff, 0xb3, 0xfe, 0x28, 0x04, 0xe6, 0x59,
-    0x7e, 0x2f, 0x13, 0x9a, 0xb2, 0x96, 0x56, 0x1b, 0x29, 0xf2, 0x7a, 0x74,
-    0x4f, 0x90, 0x8f, 0x1a, 0xef, 0xe3, 0xbe, 0xf8, 0xd6, 0xea, 0xcb, 0xff,
-    0x30, 0xf3, 0x79, 0xf2, 0x5d, 0x49, 0x65, 0xf9, 0xf8, 0xe4, 0x05, 0x97,
-    0xf3, 0x6f, 0x91, 0xe2, 0x65, 0x97, 0xfe, 0x8c, 0x23, 0xc7, 0xf7, 0x5f,
-    0x75, 0x65, 0x48, 0xfc, 0xb4, 0x61, 0x7f, 0xd8, 0x7c, 0xd6, 0x6d, 0x86,
-    0x2c, 0xa8, 0x4d, 0x9b, 0x0c, 0x8d, 0x41, 0x68, 0x4c, 0x7c, 0x8a, 0xd3,
-    0xda, 0xcb, 0xfb, 0x34, 0xfe, 0x0c, 0x2c, 0xbf, 0xfe, 0x72, 0x86, 0xdd,
-    0xe3, 0x73, 0x3f, 0x93, 0xeb, 0x28, 0x67, 0xfd, 0xbc, 0xb2, 0xff, 0xe6,
-    0x20, 0xcb, 0x39, 0xc6, 0x1e, 0x2c, 0xa9, 0x8f, 0x9b, 0xc4, 0x96, 0x16,
-    0x2a, 0x32, 0xb5, 0x22, 0x38, 0x09, 0x2a, 0x63, 0xff, 0x44, 0x4d, 0x18,
-    0x5c, 0xd0, 0xf4, 0xd4, 0x28, 0xce, 0x63, 0xf2, 0xe7, 0x84, 0xb8, 0x0c,
-    0x8a, 0x19, 0x5c, 0x86, 0x67, 0xa3, 0x94, 0x9f, 0x4e, 0x12, 0x1f, 0x57,
-    0xf4, 0xf5, 0x3d, 0x69, 0xde, 0x4b, 0x2f, 0xf4, 0xf6, 0x53, 0xc7, 0xa7,
-    0xe7, 0x81, 0xac, 0xbf, 0xd3, 0xd6, 0x04, 0x4f, 0xc1, 0xab, 0x2e, 0x71,
-    0x4a, 0xca, 0x14, 0x9e, 0xa1, 0x1d, 0x5f, 0x85, 0x13, 0xc8, 0x06, 0xc2,
-    0xcb, 0xff, 0x37, 0x53, 0xcf, 0x9a, 0x9d, 0x3b, 0xf3, 0xeb, 0x2f, 0xbf,
-    0x1e, 0xed, 0x65, 0x0a, 0xa3, 0xf1, 0x1a, 0x75, 0xff, 0x46, 0x9f, 0xc0,
-    0x10, 0xa4, 0xb2, 0xff, 0xe3, 0x4c, 0xdc, 0xd8, 0x62, 0x89, 0xd3, 0xbf,
-    0x3e, 0xb2, 0xfa, 0x33, 0x52, 0x59, 0x53, 0xcc, 0xfe, 0x49, 0x62, 0xfd,
-    0xce, 0x3e, 0xfc, 0x59, 0x7d, 0xdb, 0xbf, 0x6a, 0x8b, 0xa5, 0x7e, 0x20,
-    0xfa, 0x38, 0xb2, 0xb4, 0x7a, 0xff, 0x30, 0xbf, 0xce, 0x31, 0x24, 0xc0,
-    0xe2, 0xcb, 0xe2, 0x71, 0xc2, 0xcb, 0xfd, 0x1b, 0xdc, 0xa3, 0x7f, 0x16,
-    0x54, 0x1e, 0xaf, 0xc8, 0x2f, 0xfe, 0x9e, 0xf9, 0xc9, 0xa4, 0x2b, 0x9d,
-    0x3b, 0xf3, 0xeb, 0x2f, 0xe9, 0x47, 0x4f, 0xc9, 0x2c, 0xbf, 0xe2, 0x9b,
-    0x51, 0xd4, 0x98, 0xeb, 0x2f, 0xfd, 0xbe, 0x0b, 0xdc, 0x0f, 0xb3, 0x4b,
-    0x2a, 0x0f, 0xeb, 0x0e, 0xaf, 0xa5, 0xbb, 0x9e, 0x59, 0x7d, 0xc8, 0xdd,
-    0xe2, 0xca, 0x83, 0xca, 0xdd, 0x25, 0xbd, 0x1e, 0xdd, 0x59, 0x7f, 0x64,
-    0x9a, 0x25, 0xb8, 0xb2, 0xf0, 0xf0, 0x6b, 0x28, 0x67, 0x97, 0x85, 0xf7,
-    0xfb, 0x68, 0x2e, 0xc6, 0x27, 0x16, 0x5f, 0xf3, 0x61, 0x7f, 0x3d, 0x03,
-    0x59, 0x7f, 0xe6, 0x2d, 0x47, 0x9b, 0xb6, 0x1a, 0xca, 0xd9, 0x15, 0x3e,
-    0x36, 0xde, 0x6d, 0x7f, 0xb7, 0xc7, 0xb8, 0x1e, 0xc5, 0x6b, 0x2b, 0x0f,
-    0xb9, 0xcc, 0xef, 0xfc, 0x3f, 0xb1, 0x9e, 0xeb, 0xb6, 0xfa, 0xcb, 0x9c,
-    0x45, 0x97, 0xfe, 0xf4, 0xee, 0x39, 0x77, 0xf6, 0xd2, 0xcb, 0x73, 0x63,
-    0xd8, 0xc1, 0x7b, 0xfd, 0x1e, 0x7d, 0x82, 0xd2, 0x59, 0x70, 0x9f, 0x59,
-    0x44, 0x79, 0x62, 0x19, 0xdf, 0xff, 0x9e, 0x45, 0x1c, 0xce, 0xbb, 0x27,
-    0xce, 0xbb, 0x59, 0x7f, 0xcd, 0xfc, 0xe8, 0x12, 0x1e, 0x2c, 0xb0, 0xb9,
-    0xed, 0x91, 0xeb, 0x3d, 0x1b, 0xcf, 0x10, 0x9a, 0x9e, 0x64, 0xb1, 0x0a,
-    0x4d, 0x8a, 0x25, 0x0b, 0x21, 0x93, 0xe4, 0x20, 0x3b, 0x22, 0x68, 0x44,
-    0xee, 0x10, 0xcc, 0xb1, 0xa8, 0x54, 0x1d, 0xab, 0xe4, 0x8e, 0xd4, 0x51,
-    0x9c, 0x70, 0x83, 0xd0, 0x9a, 0x0b, 0x9e, 0xf2, 0x29, 0xf5, 0x6b, 0xa2,
-    0x7d, 0x65, 0xff, 0xe2, 0xf3, 0x1f, 0xf0, 0xc4, 0xfa, 0x35, 0x65, 0xfc,
-    0xfe, 0x83, 0xc1, 0x2c, 0xac, 0x3f, 0x3d, 0x24, 0x5f, 0xf8, 0xfc, 0x0f,
-    0xa4, 0xdb, 0xfe, 0xcb, 0x2f, 0xec, 0xce, 0x77, 0xe8, 0x59, 0x7f, 0x6d,
-    0x1e, 0x73, 0x42, 0xb2, 0x96, 0x5f, 0xfd, 0x1a, 0x04, 0xee, 0x7e, 0x0e,
-    0xe4, 0xb2, 0xff, 0x46, 0x84, 0xff, 0xf0, 0x0b, 0x2a, 0x47, 0xf3, 0xf4,
-    0x5b, 0xfa, 0x4f, 0x27, 0x2e, 0xd6, 0x5c, 0x50, 0xb2, 0xdc, 0x59, 0x50,
-    0x69, 0xbc, 0x2b, 0x7f, 0xfb, 0x3d, 0x06, 0x09, 0xb7, 0x30, 0xf1, 0xb8,
-    0xb2, 0xc7, 0x59, 0x7f, 0x3c, 0xb4, 0xc6, 0x32, 0xcb, 0xe2, 0x81, 0xe9,
-    0x65, 0xff, 0x9a, 0x4d, 0xae, 0xa0, 0xa3, 0x8b, 0x2b, 0x63, 0xde, 0xf1,
-    0x0d, 0x85, 0xcf, 0x6a, 0x89, 0xf2, 0x10, 0x93, 0x11, 0x7d, 0x4c, 0x88,
-    0x3c, 0x9f, 0x3e, 0x22, 0x24, 0x22, 0xeb, 0x4a, 0xb8, 0xcf, 0x29, 0x5a,
-    0xfb, 0x0c, 0x9e, 0xce, 0xb2, 0xfe, 0x28, 0xe8, 0xef, 0xe5, 0x97, 0xff,
-    0x8c, 0x71, 0xfe, 0x3a, 0xf4, 0x7d, 0xf7, 0x16, 0x59, 0xb4, 0x7f, 0x7f,
-    0x2d, 0xbf, 0xff, 0xe0, 0xea, 0x5c, 0xfb, 0xb6, 0xb5, 0xa0, 0xf4, 0xda,
-    0x7e, 0x2c, 0xbf, 0xfb, 0x5d, 0xc6, 0x7e, 0x3c, 0x51, 0xe5, 0x97, 0x83,
-    0xfe, 0x2c, 0xbf, 0xf3, 0x9b, 0xdf, 0xda, 0x6d, 0x41, 0x8b, 0x2f, 0x46,
-    0x75, 0xd9, 0xef, 0x90, 0xed, 0xff, 0xce, 0x7e, 0x78, 0x9c, 0x1d, 0x7a,
-    0x79, 0xac, 0xb7, 0xb4, 0x7f, 0xc1, 0x33, 0xbf, 0xf1, 0x39, 0x9e, 0xcf,
-    0xbc, 0xce, 0xb2, 0xff, 0xfc, 0x00, 0x44, 0xef, 0xc7, 0x83, 0xdf, 0xe0,
-    0x9d, 0x65, 0xff, 0xf8, 0x82, 0xfb, 0x99, 0x2f, 0xe1, 0xb8, 0x39, 0x82,
-    0xb2, 0xb1, 0x16, 0x1f, 0x57, 0xbb, 0xbc, 0x59, 0x7f, 0x44, 0x9b, 0xaf,
-    0x62, 0xcb, 0xff, 0xe7, 0xea, 0x5c, 0xeb, 0xc4, 0xff, 0xce, 0xbc, 0xb2,
-    0xa1, 0x17, 0x06, 0x91, 0x68, 0x5d, 0xcb, 0x6f, 0xb5, 0xc6, 0xd2, 0xcb,
-    0xff, 0xff, 0xef, 0x43, 0x49, 0xf9, 0xc8, 0xe6, 0x7d, 0x8a, 0x0f, 0xa8,
-    0x11, 0xc9, 0x65, 0xfb, 0x91, 0xf1, 0x26, 0x59, 0x4c, 0x8a, 0x3f, 0x3c,
-    0xd4, 0x23, 0x9d, 0xe1, 0x8b, 0x7a, 0x50, 0x75, 0x96, 0x9e, 0x16, 0x5d,
-    0xc9, 0x2c, 0xbf, 0xff, 0x7f, 0x06, 0x1f, 0x73, 0xbf, 0xb7, 0x02, 0xfd,
-    0x2c, 0xa3, 0x4f, 0xbf, 0xc2, 0xf7, 0xfb, 0x5a, 0x79, 0x6d, 0x86, 0x2c,
-    0xa5, 0x97, 0x4c, 0x15, 0x95, 0x87, 0xb1, 0xf3, 0x53, 0x02, 0xef, 0xfb,
-    0xe2, 0x79, 0xb4, 0xdb, 0x42, 0xcb, 0xed, 0x41, 0x9c, 0x59, 0x7b, 0xf9,
-    0x32, 0xcb, 0xff, 0xe0, 0x97, 0xb9, 0x8c, 0x7c, 0x1c, 0x4a, 0x30, 0xf0,
-    0x3c, 0x47, 0x52, 0x4c, 0x33, 0x0b, 0xf8, 0xf5, 0x7f, 0xf6, 0x0e, 0x25,
-    0x1a, 0x81, 0x1c, 0x96, 0x5f, 0xfb, 0x7e, 0x48, 0xe3, 0x6d, 0xf0, 0x35,
-    0x97, 0xff, 0xcd, 0xf0, 0x9c, 0xef, 0x2f, 0xb9, 0xdb, 0x8b, 0x28, 0xe8,
-    0xd3, 0x74, 0x2f, 0x21, 0x5c, 0xe2, 0xf6, 0x5f, 0xf9, 0xc6, 0x8e, 0xa3,
-    0x20, 0x98, 0xa3, 0x51, 0xd3, 0x7e, 0x32, 0x37, 0x26, 0x21, 0xce, 0x42,
-    0x17, 0xd1, 0xc3, 0x89, 0x18, 0x1d, 0x7d, 0x91, 0xd8, 0x54, 0x82, 0x0b,
-    0xfd, 0x2c, 0xf7, 0xe0, 0x42, 0x59, 0x7f, 0xef, 0x37, 0x6c, 0x37, 0x23,
-    0x61, 0x65, 0xff, 0x47, 0x5f, 0x7e, 0x7a, 0x0c, 0x59, 0x50, 0x7f, 0x1a,
-    0x3e, 0xbf, 0xcf, 0xe2, 0x0e, 0xdd, 0x6e, 0x2c, 0xb0, 0xa5, 0x65, 0xc1,
-    0xfa, 0xcb, 0xf1, 0x67, 0xdf, 0xcb, 0x2f, 0xe9, 0x3e, 0x6f, 0x81, 0xac,
-    0xa1, 0x49, 0xea, 0x0a, 0x84, 0xd7, 0xe1, 0x40, 0xa7, 0x5c, 0xe2, 0xcb,
-    0xe6, 0x0c, 0xa1, 0x65, 0xf6, 0x75, 0x07, 0x59, 0x7c, 0xc5, 0x00, 0x59,
-    0x7e, 0x8d, 0xef, 0x9a, 0x59, 0x7b, 0x74, 0x70, 0xb2, 0xbe, 0x78, 0xe1,
-    0x28, 0xbf, 0x3c, 0xd2, 0x6f, 0x2c, 0xbf, 0xc1, 0xdd, 0x6d, 0xfe, 0xcf,
-    0xac, 0xbf, 0xf4, 0x0f, 0x51, 0x26, 0xeb, 0xd8, 0xb2, 0xff, 0xf9, 0xff,
-    0x12, 0x1f, 0xe3, 0xaf, 0x31, 0xf8, 0xb2, 0xa4, 0x9d, 0xd1, 0xa4, 0x3d,
-    0x91, 0x7d, 0x9c, 0x04, 0x44, 0x51, 0xe3, 0x8d, 0xe7, 0xd7, 0xfd, 0xae,
-    0x7d, 0xbb, 0xec, 0x3b, 0x2c, 0xbf, 0x8c, 0xcd, 0xe4, 0x19, 0x2c, 0xbf,
-    0x82, 0x6e, 0x16, 0xee, 0x2c, 0xbf, 0xff, 0xfb, 0x52, 0xef, 0xec, 0x73,
-    0xb1, 0x9c, 0xeb, 0xb6, 0xcd, 0x0e, 0x3a, 0x59, 0x50, 0x98, 0xa6, 0x1e,
-    0x91, 0x80, 0x4c, 0x2f, 0xff, 0xfa, 0x07, 0xfc, 0xeb, 0xc4, 0xff, 0x03,
-    0xf3, 0x8f, 0xae, 0xd6, 0x5f, 0x6d, 0x3e, 0xe6, 0xac, 0xbf, 0xd9, 0x98,
-    0x69, 0xaf, 0x25, 0x94, 0x6a, 0x30, 0x7e, 0xcf, 0xe2, 0x7b, 0xf6, 0x73,
-    0xbf, 0x42, 0xcb, 0xff, 0xcc, 0x67, 0x3b, 0xfb, 0x75, 0xed, 0x6a, 0x16,
-    0x5f, 0xfb, 0x5e, 0x79, 0x73, 0x78, 0x74, 0xcb, 0x2f, 0xfe, 0x7e, 0x13,
-    0x9a, 0x3f, 0x85, 0xf8, 0xb2, 0xa1, 0x10, 0xa1, 0x41, 0xbf, 0xff, 0xe7,
-    0x30, 0x4c, 0xd1, 0x3f, 0x52, 0xee, 0x3d, 0xcc, 0xeb, 0xcb, 0x2f, 0xc5,
-    0x80, 0x80, 0x2c, 0xbf, 0xb6, 0x13, 0x3e, 0xfd, 0x2c, 0xbf, 0xd2, 0x62,
-    0x9a, 0x4d, 0xf5, 0x96, 0x89, 0x22, 0x27, 0x09, 0xa6, 0x30, 0xac, 0x54,
-    0x89, 0xa2, 0x8f, 0xc3, 0x49, 0xc8, 0x8a, 0x1e, 0x77, 0xed, 0xed, 0xac,
-    0x1a, 0xcb, 0xff, 0xee, 0x7d, 0xb9, 0xef, 0xe0, 0xdb, 0x98, 0x4b, 0x2f,
-    0x7e, 0x0b, 0x0f, 0xdc, 0x25, 0x37, 0xe7, 0xfc, 0x8b, 0xb5, 0x97, 0xfa,
-    0x0f, 0x8c, 0x78, 0xdc, 0x59, 0x7f, 0xa4, 0x7e, 0x31, 0x75, 0x25, 0x95,
-    0xd9, 0xf4, 0x4c, 0x69, 0x7f, 0x9b, 0x4e, 0x40, 0xc2, 0x59, 0x7f, 0xbc,
-    0xc5, 0x9d, 0x4a, 0x16, 0x5f, 0xfd, 0xad, 0x3c, 0xb8, 0x58, 0x71, 0x3a,
-    0x59, 0x50, 0x7f, 0x18, 0x65, 0x7f, 0xcd, 0x22, 0xcf, 0x93, 0xc9, 0x65,
-    0xff, 0xfa, 0x58, 0x43, 0xfc, 0x61, 0x40, 0x0e, 0xf2, 0x59, 0x44, 0x88,
-    0x81, 0x0d, 0xaf, 0x3b, 0xf6, 0xa8, 0x93, 0x17, 0xb7, 0x5b, 0x8b, 0x2a,
-    0x47, 0xd7, 0xd9, 0x1e, 0xe9, 0x4d, 0xfb, 0xb9, 0xe6, 0x28, 0x9e, 0xc5,
-    0x2b, 0x2f, 0xff, 0xff, 0x67, 0x70, 0x1e, 0xff, 0x1a, 0x9d, 0x84, 0xdd,
-    0x70, 0x4d, 0x8b, 0x06, 0xb2, 0xff, 0x6f, 0x73, 0xe1, 0xb1, 0xc5, 0x97,
-    0xba, 0x97, 0x27, 0x22, 0xc7, 0x1f, 0x2f, 0xf6, 0x75, 0xef, 0x3c, 0xb8,
-    0xb2, 0xa1, 0x35, 0x9c, 0x87, 0x76, 0x8d, 0xef, 0xf1, 0x3f, 0xb9, 0xd8,
-    0x49, 0x65, 0xff, 0xf0, 0x18, 0x06, 0x63, 0x6f, 0x2c, 0xf7, 0xd9, 0x65,
-    0xed, 0xbc, 0xcb, 0x2f, 0xfe, 0x27, 0x33, 0x86, 0x38, 0xe3, 0xae, 0x2c,
-    0xb6, 0x2c, 0xad, 0x1e, 0xb7, 0x91, 0xaf, 0xdc, 0x77, 0x97, 0x16, 0x5f,
-    0xcf, 0x2e, 0x61, 0x01, 0x65, 0x9e, 0x72, 0x3a, 0x06, 0xe7, 0xd1, 0x17,
-    0x89, 0xed, 0xac, 0x4d, 0xf7, 0xf1, 0x9c, 0x5f, 0xff, 0xcf, 0xb1, 0x47,
-    0x5d, 0x76, 0x17, 0xd0, 0x33, 0xaf, 0x2c, 0xac, 0x54, 0x7c, 0xd1, 0xd8,
-    0x11, 0x7d, 0xff, 0x3c, 0xb9, 0x85, 0x1d, 0x71, 0x65, 0xf7, 0x24, 0xc0,
-    0x59, 0x7f, 0xfd, 0xe3, 0x5f, 0x9a, 0xd6, 0x6c, 0x03, 0xc4, 0x96, 0x54,
-    0x8f, 0xd0, 0xc2, 0x2b, 0xff, 0xff, 0x7f, 0x25, 0xfc, 0x19, 0x47, 0x62,
-    0x41, 0x99, 0xce, 0x39, 0xab, 0x2a, 0x11, 0x23, 0xe2, 0x3b, 0xff, 0x19,
-    0x83, 0x79, 0x7b, 0x8e, 0x05, 0x97, 0xff, 0x8a, 0x0c, 0x13, 0xc5, 0x00,
-    0xce, 0xbc, 0xb2, 0xff, 0x66, 0xbe, 0x51, 0xd4, 0x96, 0x5c, 0xfd, 0x61,
-    0xff, 0x08, 0x97, 0x4c, 0x8e, 0xb0, 0xc2, 0xf6, 0xff, 0xe6, 0xe8, 0xcf,
-    0x7d, 0xa0, 0xb3, 0xb5, 0x97, 0xff, 0x0c, 0x9c, 0xe0, 0x6d, 0x37, 0x40,
-    0x59, 0x7f, 0xcc, 0x6c, 0x0f, 0x63, 0xc6, 0x96, 0x54, 0x99, 0x40, 0xe3,
-    0x31, 0xc8, 0x48, 0x1a, 0x49, 0xdc, 0x2a, 0x35, 0x18, 0x99, 0xe3, 0x8c,
-    0xfc, 0xa7, 0x20, 0x1a, 0x94, 0x67, 0xbc, 0x8c, 0x37, 0xc4, 0xe1, 0x45,
-    0xde, 0x89, 0x7f, 0x0c, 0x02, 0x9e, 0x02, 0x7d, 0x65, 0xed, 0xdd, 0xd8,
-    0x59, 0x7f, 0xf8, 0x78, 0x67, 0xdf, 0xdc, 0x8f, 0x89, 0x32, 0xcb, 0xdc,
-    0x61, 0xac, 0xbf, 0x8a, 0x3a, 0x3b, 0xf9, 0x65, 0xff, 0x47, 0x7e, 0x0f,
-    0xf5, 0x06, 0x2c, 0xbf, 0xe6, 0xc3, 0x3b, 0xfc, 0x34, 0xfa, 0xcb, 0xff,
-    0xd0, 0x52, 0xc0, 0xeb, 0x60, 0x66, 0x0d, 0x65, 0xfe, 0xed, 0xb5, 0xc9,
-    0xa1, 0xd6, 0x5f, 0xe6, 0xf0, 0x23, 0xe2, 0x71, 0x65, 0xf3, 0xca, 0x09,
-    0x65, 0xf8, 0x3c, 0xfb, 0xca, 0x47, 0xa9, 0xf3, 0x4b, 0xf9, 0xc1, 0x84,
-    0x39, 0x2c, 0xbf, 0xf9, 0xfa, 0xf7, 0xf1, 0x87, 0x05, 0xda, 0xca, 0x35,
-    0x38, 0x0e, 0x92, 0x75, 0x08, 0x82, 0x3f, 0xe1, 0x65, 0x98, 0x6a, 0xb7,
-    0xa6, 0x4d, 0xd0, 0xe1, 0xcb, 0x45, 0x67, 0x7e, 0x8e, 0xf2, 0xfc, 0x38,
-    0xe7, 0x99, 0x65, 0xfb, 0x36, 0x3b, 0x4c, 0xb2, 0xa1, 0x5d, 0xcf, 0xe5,
-    0x80, 0x3b, 0x49, 0x13, 0xdf, 0x79, 0x8e, 0xeb, 0x2f, 0x8c, 0xf8, 0x7b,
-    0x59, 0x63, 0x56, 0x5f, 0xdf, 0xe4, 0x7a, 0x06, 0xb2, 0xa0, 0xf9, 0x30,
-    0x95, 0x84, 0xab, 0x11, 0x63, 0xe8, 0x42, 0xdf, 0xfe, 0x0b, 0xfd, 0xc7,
-    0x23, 0xfe, 0x04, 0x25, 0x97, 0xf7, 0xdb, 0x9f, 0x8d, 0x2c, 0xbf, 0xe8,
-    0xff, 0x9b, 0x63, 0xc7, 0x6b, 0x2f, 0xff, 0xcf, 0xde, 0xa3, 0xe5, 0x9e,
-    0xc1, 0x66, 0x18, 0x62, 0x4a, 0x92, 0x66, 0x5d, 0x93, 0xba, 0x57, 0x0b,
-    0x7c, 0x75, 0x7e, 0xec, 0x3d, 0x94, 0x2c, 0xbf, 0x72, 0x6f, 0xc7, 0x96,
-    0x5e, 0xd3, 0x74, 0xb2, 0xbb, 0x3e, 0xf9, 0x8a, 0x7c, 0x53, 0x7f, 0xf7,
-    0x52, 0x28, 0x96, 0xa3, 0xcf, 0xe5, 0x97, 0xfc, 0x31, 0x23, 0xa9, 0xfc,
-    0xd4, 0x2c, 0xba, 0x24, 0xb2, 0xb1, 0x12, 0xee, 0x88, 0x47, 0xb7, 0xc1,
-    0xdc, 0x89, 0x2c, 0xbf, 0xf3, 0xfa, 0x35, 0xcf, 0xc1, 0x79, 0x65, 0xfb,
-    0x24, 0xcf, 0xbd, 0x65, 0x7d, 0x11, 0x44, 0x4b, 0xc3, 0xda, 0x92, 0x39,
-    0x83, 0x0b, 0x7b, 0xc7, 0x7f, 0xac, 0xbf, 0xfc, 0x51, 0x2d, 0x68, 0x3d,
-    0x36, 0x9f, 0x8b, 0x2f, 0xff, 0xb9, 0x86, 0x96, 0x7b, 0x99, 0x22, 0x73,
-    0x16, 0x59, 0xbe, 0x89, 0x9f, 0x25, 0x53, 0x23, 0x77, 0x7c, 0x2d, 0x6f,
-    0xb7, 0x63, 0xfc, 0x59, 0x7f, 0xd0, 0x7f, 0x7f, 0x0a, 0x00, 0xb2, 0xfc,
-    0x78, 0x96, 0xe7, 0x6b, 0x2f, 0xc5, 0x01, 0xf7, 0x16, 0x50, 0x0f, 0x4f,
-    0xc5, 0x97, 0xfd, 0xc9, 0x37, 0x80, 0x21, 0x49, 0x65, 0x6c, 0x7b, 0x9d,
-    0x11, 0x5f, 0xe3, 0xfb, 0x26, 0x93, 0x92, 0xca, 0xc3, 0xd7, 0x62, 0x4a,
-    0x84, 0xea, 0xf0, 0xa5, 0x89, 0x75, 0x19, 0xed, 0xff, 0xff, 0x75, 0xdf,
-    0xd8, 0xe4, 0xdb, 0x47, 0xb8, 0x27, 0xbf, 0x83, 0x59, 0x7f, 0xc6, 0xce,
-    0x13, 0x35, 0x3e, 0xe6, 0xac, 0xb0, 0xad, 0x65, 0x41, 0xeb, 0x3a, 0x0d,
-    0xff, 0xfc, 0x4e, 0x6f, 0xe1, 0xa4, 0xc5, 0xe9, 0x66, 0xb1, 0x65, 0x42,
-    0x67, 0x05, 0x0c, 0x00, 0x90, 0x5f, 0xfe, 0x06, 0x75, 0xec, 0x20, 0xf8,
-    0x11, 0x25, 0x97, 0xe0, 0xff, 0xd1, 0x32, 0xcb, 0xff, 0xef, 0x47, 0x6d,
-    0xe6, 0x3c, 0xee, 0x38, 0xc6, 0xb2, 0xff, 0x7d, 0xce, 0x3c, 0x9c, 0x75,
-    0x97, 0x02, 0x16, 0x50, 0xcf, 0x2c, 0x06, 0xb7, 0xfe, 0xfb, 0x6f, 0xcd,
-    0xc1, 0x93, 0xe9, 0x65, 0xf0, 0x76, 0xeb, 0x71, 0x65, 0x76, 0x7d, 0x44,
-    0x85, 0x4c, 0x9a, 0x5f, 0x21, 0x3b, 0xe8, 0x46, 0x5f, 0xfe, 0x8d, 0x8b,
-    0x33, 0x6f, 0x1b, 0x05, 0x25, 0x97, 0xfe, 0x72, 0xdb, 0xee, 0x76, 0xe3,
-    0x2c, 0xac, 0x54, 0xff, 0xf4, 0xa7, 0x8d, 0xd0, 0x8e, 0x8c, 0x4a, 0xbf,
-    0xf8, 0x3b, 0x9f, 0xcc, 0x19, 0x66, 0xd0, 0xb2, 0xff, 0xbc, 0xdc, 0x60,
-    0x8a, 0xc7, 0x0b, 0x2f, 0x18, 0x61, 0x89, 0x2f, 0xb6, 0x3b, 0x71, 0x20,
-    0xb3, 0x41, 0x74, 0x0d, 0x65, 0x39, 0xe5, 0x91, 0xad, 0xff, 0x37, 0x22,
-    0x53, 0x7d, 0x80, 0xb2, 0xff, 0x67, 0x5a, 0xc9, 0xf6, 0x02, 0xca, 0x1a,
-    0x6f, 0x8c, 0x8d, 0xa8, 0x53, 0xfc, 0x80, 0x8e, 0x6e, 0x13, 0xeb, 0x2f,
-    0xd1, 0x84, 0xe7, 0x59, 0x7f, 0xe7, 0x97, 0xdb, 0xa0, 0x69, 0xc6, 0xb2,
-    0xe1, 0x98, 0xb2, 0xff, 0xfd, 0x9b, 0xe0, 0xbc, 0x78, 0xc2, 0x1e, 0x75,
-    0xe5, 0x97, 0x9c, 0xbb, 0xd8, 0xfb, 0x74, 0x31, 0x4c, 0x98, 0xe8, 0x06,
-    0x08, 0x94, 0x30, 0xac, 0xbf, 0x6b, 0x68, 0xd6, 0xcb, 0x2f, 0xcc, 0x5e,
-    0x10, 0xeb, 0x2d, 0x28, 0x3d, 0x20, 0x15, 0x5f, 0xf7, 0xe0, 0xf0, 0x5e,
-    0xfb, 0x2c, 0xbf, 0xfb, 0x39, 0xcc, 0x38, 0xdb, 0x7c, 0x0d, 0x65, 0x41,
-    0xfe, 0x7c, 0xde, 0xfe, 0x83, 0xcd, 0xf6, 0xd2, 0xcb, 0xfb, 0x39, 0x87,
-    0x7e, 0x96, 0x5f, 0xb8, 0xd8, 0x40, 0x59, 0x5a, 0x3d, 0x3e, 0x16, 0xde,
-    0xd6, 0x6e, 0x2c, 0xbf, 0xfc, 0x1e, 0x7d, 0xb2, 0x66, 0xdb, 0x3a, 0xf2,
-    0xcb, 0xfe, 0x30, 0x4d, 0xb9, 0x87, 0x8d, 0xc5, 0x97, 0xff, 0x83, 0xd6,
-    0x68, 0x4f, 0x73, 0x0d, 0x6d, 0x2c, 0xbf, 0xfc, 0xdd, 0xe1, 0x0f, 0x4f,
-    0xde, 0x75, 0xe5, 0x95, 0x08, 0xd7, 0xf9, 0xff, 0x13, 0x6f, 0xfc, 0xc4,
-    0x26, 0x4d, 0xc6, 0xe8, 0xc5, 0x97, 0xce, 0x0f, 0x0a, 0xd6, 0x57, 0x6a,
-    0xa7, 0x26, 0x21, 0xd4, 0x20, 0x4e, 0x44, 0x43, 0xfe, 0x8c, 0x8f, 0x79,
-    0x79, 0x88, 0x37, 0xec, 0xeb, 0xdf, 0x85, 0x97, 0xe6, 0xdf, 0xe8, 0xc5,
-    0x95, 0xf3, 0xd0, 0xe1, 0x45, 0x42, 0xe1, 0x9e, 0x4b, 0x3f, 0x78, 0x69,
-    0x5f, 0xff, 0x9b, 0x9c, 0x8d, 0x4b, 0x51, 0xee, 0x08, 0x52, 0x59, 0x7f,
-    0x09, 0x9a, 0x9f, 0x73, 0x56, 0x5f, 0xb3, 0x53, 0xee, 0x6a, 0xcb, 0xb3,
-    0x93, 0x8f, 0x74, 0x43, 0x2b, 0xff, 0xd3, 0x14, 0x7b, 0x9e, 0xeb, 0xb6,
-    0x2d, 0x96, 0x5f, 0xfb, 0x0b, 0xda, 0x77, 0xea, 0x5c, 0x59, 0x7f, 0xce,
-    0x6c, 0xef, 0xc0, 0x23, 0x71, 0x65, 0x62, 0x3e, 0x58, 0xc3, 0xe9, 0xae,
-    0x7d, 0x7f, 0xff, 0xe0, 0x08, 0x59, 0xad, 0x61, 0x99, 0xb9, 0x85, 0x00,
-    0x3b, 0xc9, 0x65, 0xff, 0xff, 0xff, 0x16, 0x70, 0x1d, 0xe1, 0x37, 0x5c,
-    0x2c, 0xf7, 0x32, 0x44, 0xe6, 0x75, 0xe0, 0xbf, 0x16, 0x59, 0x89, 0x30,
-    0x2d, 0xed, 0xd7, 0xff, 0xf7, 0xb8, 0x11, 0xfd, 0xb2, 0x67, 0x6d, 0xc6,
-    0xea, 0x4b, 0x2f, 0xff, 0xe2, 0xc0, 0x39, 0x03, 0x5a, 0xc3, 0x30, 0x0f,
-    0xd2, 0xca, 0x24, 0x5c, 0xf9, 0x7e, 0xfc, 0xde, 0xdb, 0x0c, 0x59, 0x7f,
-    0xd1, 0xdf, 0xc8, 0x3e, 0x8e, 0x2c, 0xbf, 0xf6, 0xec, 0x77, 0x07, 0xc1,
-    0xb9, 0xd6, 0x5f, 0xb7, 0x04, 0x28, 0xed, 0x65, 0x31, 0xf6, 0xba, 0x0d,
-    0xff, 0xd2, 0xe6, 0x40, 0xd8, 0x9f, 0x46, 0xac, 0xbf, 0x6a, 0x30, 0x6c,
-    0xb2, 0xfe, 0xfb, 0x0c, 0x78, 0x62, 0xcb, 0xf6, 0xb3, 0x7f, 0xf2, 0x71,
-    0xea, 0x76, 0x4d, 0x50, 0x8d, 0xa7, 0x84, 0xbd, 0xff, 0xff, 0xf0, 0x39,
-    0x92, 0xfc, 0x36, 0x80, 0x08, 0xd6, 0x04, 0xd1, 0xb6, 0x9f, 0x8b, 0x2f,
-    0xff, 0xbf, 0x92, 0x9d, 0xdf, 0xdb, 0xdd, 0x76, 0xda, 0x59, 0x50, 0x8d,
-    0x2f, 0x3e, 0xd4, 0x95, 0xf4, 0x34, 0x38, 0xf4, 0x44, 0x72, 0x9f, 0xc2,
-    0x98, 0x10, 0xfa, 0x28, 0x7c, 0x5f, 0xfe, 0xf4, 0x1f, 0xb7, 0x1e, 0x18,
-    0x26, 0xa4, 0xb2, 0xf8, 0xb6, 0xde, 0x35, 0x97, 0xfe, 0x7d, 0x4e, 0x27,
-    0xf4, 0x9c, 0x6b, 0x2f, 0xff, 0xe6, 0x21, 0xeb, 0x3b, 0xfc, 0x7f, 0x35,
-    0xa8, 0x35, 0x65, 0x49, 0x13, 0x5f, 0x3f, 0xbf, 0x9d, 0xfd, 0x3e, 0xdd,
-    0xac, 0xbf, 0xe3, 0xb8, 0xc4, 0xdd, 0x82, 0x92, 0xcb, 0xfe, 0xec, 0x3b,
-    0x9c, 0x63, 0x33, 0x4b, 0x2a, 0x0f, 0xeb, 0xb3, 0xcb, 0xff, 0xfe, 0xf0,
-    0x74, 0xfc, 0xef, 0xed, 0x31, 0x39, 0x9e, 0xcf, 0x9d, 0x65, 0xff, 0xee,
-    0x66, 0xa7, 0x77, 0xf6, 0xde, 0xc4, 0x35, 0x94, 0xc8, 0xb7, 0xe3, 0x4d,
-    0x32, 0x3e, 0xde, 0x1b, 0x37, 0xfe, 0x61, 0x87, 0xdc, 0x82, 0x6c, 0x59,
-    0x7f, 0xc7, 0x8d, 0x6f, 0xcd, 0x44, 0xcb, 0x2f, 0xff, 0xf6, 0x7b, 0xe1,
-    0xeb, 0xdc, 0x7e, 0xbb, 0x9f, 0xce, 0x73, 0x16, 0x5f, 0xfb, 0x5d, 0x9e,
-    0x3a, 0xe6, 0x6f, 0xc5, 0x97, 0x3e, 0xe2, 0xcb, 0xcf, 0xa3, 0x56, 0x5f,
-    0xff, 0xd3, 0x14, 0x0f, 0x3a, 0xf6, 0x4a, 0x0b, 0x63, 0xe2, 0xcb, 0xf8,
-    0x13, 0xf8, 0x3c, 0x3a, 0xca, 0xd2, 0x2a, 0x3e, 0x3a, 0x4b, 0x77, 0xde,
-    0x7d, 0x71, 0x65, 0xfa, 0x74, 0xfe, 0x6a, 0x16, 0x56, 0xc7, 0x9c, 0x44,
-    0x55, 0x09, 0xd1, 0x6c, 0x85, 0x90, 0xc1, 0x77, 0xdb, 0xfe, 0x93, 0x7b,
-    0x9d, 0xc7, 0xb8, 0xb2, 0xfe, 0x04, 0xec, 0x1b, 0xc9, 0x65, 0x4c, 0x7d,
-    0x2e, 0x75, 0x63, 0x56, 0x5f, 0xfd, 0x9d, 0xfe, 0x3f, 0x9a, 0xd4, 0x1a,
-    0xb2, 0xfd, 0x9a, 0xd4, 0x1a, 0xb2, 0xf8, 0x98, 0x1c, 0x83, 0xff, 0xd0,
-    0x97, 0xd1, 0x6f, 0xfb, 0xee, 0x03, 0xbc, 0x9f, 0x8b, 0x2f, 0xf3, 0xca,
-    0x51, 0x2e, 0xf8, 0xb2, 0xb0, 0xfb, 0x02, 0x71, 0x7f, 0xff, 0xf3, 0x7b,
-    0xf8, 0x39, 0x37, 0xb0, 0xfc, 0x79, 0x4f, 0xe7, 0x39, 0x8b, 0x2b, 0x13,
-    0xe5, 0x68, 0x50, 0xfe, 0x16, 0x1c, 0x21, 0xbf, 0xfc, 0xfb, 0x7d, 0xa0,
-    0xb2, 0x66, 0xd3, 0x2c, 0xa9, 0x33, 0xf7, 0xc7, 0x1d, 0x66, 0x4e, 0x92,
-    0x74, 0xf0, 0xc9, 0xb3, 0x42, 0xff, 0x44, 0x7f, 0x8e, 0x95, 0xc9, 0x80,
-    0x78, 0x47, 0x7c, 0x94, 0x13, 0xe9, 0x51, 0xe6, 0x23, 0x5f, 0xff, 0xb0,
-    0x98, 0x7c, 0xfb, 0xf1, 0x88, 0xa3, 0xa5, 0x97, 0xe2, 0xcf, 0xbf, 0x96,
-    0x5f, 0xfa, 0x50, 0x5b, 0x09, 0xa2, 0x0c, 0x96, 0x5e, 0xe6, 0x69, 0x65,
-    0xfc, 0x4e, 0x30, 0x74, 0x05, 0x95, 0xb8, 0x8b, 0x09, 0x89, 0xbe, 0x81,
-    0xc1, 0xcb, 0xff, 0x9c, 0xa5, 0xa7, 0xeb, 0xf1, 0x9c, 0x59, 0x7f, 0xf7,
-    0x6d, 0xaf, 0xe4, 0xdf, 0x6d, 0x6c, 0xb2, 0xfb, 0xdb, 0x60, 0xd6, 0x5f,
-    0xf3, 0x1a, 0x26, 0x80, 0x76, 0xe2, 0xca, 0x98, 0xf7, 0xa7, 0xc8, 0xef,
-    0xfc, 0xdd, 0x70, 0x0e, 0x43, 0x98, 0x2b, 0x2f, 0x18, 0x61, 0x8b, 0x2f,
-    0xfe, 0x28, 0x06, 0x0f, 0x98, 0x78, 0xed, 0x20, 0xb3, 0x41, 0x40, 0x45,
-    0xaf, 0x98, 0x2f, 0xf7, 0xdb, 0x07, 0x05, 0xe5, 0x94, 0x73, 0xd4, 0xde,
-    0x47, 0x7f, 0xe7, 0x07, 0x7f, 0x69, 0x8a, 0x00, 0xb2, 0xb0, 0xf8, 0xd8,
-    0x92, 0xfe, 0xd6, 0x6e, 0xfd, 0xc6, 0xb2, 0xff, 0xd9, 0xd4, 0xe2, 0xcd,
-    0xfa, 0x6e, 0x2c, 0xbf, 0xbb, 0xfb, 0x41, 0x76, 0xb2, 0xa0, 0xfc, 0x31,
-    0x0a, 0xff, 0x6a, 0x3c, 0xdd, 0xb0, 0xd6, 0x5f, 0xa5, 0x36, 0x67, 0x6b,
-    0x2f, 0xf0, 0x76, 0x86, 0x1e, 0x1d, 0x65, 0xb4, 0xb2, 0xa7, 0xa4, 0x50,
-    0x41, 0x99, 0x14, 0x88, 0x67, 0x7e, 0x33, 0x0e, 0xfd, 0x2c, 0xbe, 0x06,
-    0x3e, 0xe2, 0xca, 0x83, 0xcd, 0x62, 0x9a, 0x92, 0xef, 0x5e, 0x46, 0x04,
-    0x6a, 0x0f, 0x48, 0x6d, 0x0a, 0x5f, 0xc7, 0x24, 0xe4, 0x05, 0x0a, 0x0e,
-    0x43, 0x03, 0xd0, 0x8e, 0xbe, 0x2d, 0xa3, 0xeb, 0x2f, 0xdf, 0xf7, 0x03,
-    0xb8, 0xb2, 0xe3, 0x27, 0xa5, 0x95, 0x07, 0x93, 0xd1, 0x65, 0xfb, 0xde,
-    0x63, 0xf1, 0x65, 0xce, 0xcb, 0x2f, 0xdd, 0x7b, 0x7e, 0x12, 0xcb, 0xf3,
-    0xfa, 0x4e, 0x35, 0x96, 0x37, 0x0f, 0x44, 0x8a, 0xae, 0x97, 0xd6, 0x53,
-    0x23, 0x33, 0xe5, 0x0e, 0xcd, 0xe2, 0x7b, 0x32, 0xcb, 0xff, 0xfc, 0x64,
-    0x14, 0x1a, 0x50, 0x68, 0x93, 0xf1, 0xa8, 0xee, 0x16, 0x5f, 0xdf, 0x89,
-    0xdd, 0xb6, 0xcb, 0x2f, 0xfc, 0xe7, 0xcd, 0x1a, 0x68, 0x4b, 0xcb, 0x2f,
-    0xf4, 0x7b, 0x9c, 0x62, 0x99, 0x65, 0x7c, 0xfc, 0xc9, 0x02, 0xff, 0xc6,
-    0x39, 0x4b, 0xe1, 0x8e, 0xb8, 0xb2, 0xff, 0xfe, 0x73, 0xeb, 0x37, 0xc1,
-    0x7b, 0x3e, 0xda, 0xfb, 0xac, 0xbf, 0xe7, 0xf7, 0x3d, 0xe7, 0x97, 0x16,
-    0x54, 0xc8, 0xf4, 0xd1, 0x0f, 0xd0, 0x09, 0x6a, 0xff, 0xe7, 0xd3, 0xcb,
-    0x38, 0xfe, 0xc9, 0x96, 0x5f, 0xf7, 0xb5, 0x19, 0xd4, 0xe7, 0xe2, 0xcb,
-    0xfb, 0x4f, 0xa2, 0x89, 0x2c, 0xbf, 0xff, 0xde, 0xf4, 0x48, 0x9f, 0xf0,
-    0x7f, 0xe0, 0xdf, 0xa2, 0x59, 0x7f, 0xfb, 0xdf, 0xcd, 0xff, 0x69, 0xdc,
-    0xe3, 0x1d, 0x65, 0x62, 0x2b, 0x5d, 0x7e, 0xff, 0xa4, 0xda, 0xea, 0x0a,
-    0x38, 0xb2, 0xff, 0xa3, 0x36, 0xd4, 0x79, 0xfc, 0xb2, 0x98, 0xfc, 0x02,
-    0x71, 0x53, 0xc9, 0x71, 0x4e, 0x04, 0x06, 0xcb, 0x91, 0xcc, 0x76, 0x7b,
-    0xd2, 0x1e, 0x8e, 0xca, 0x1b, 0x3e, 0x84, 0x8d, 0xfd, 0x28, 0x9b, 0x18,
-    0x0b, 0x2c, 0x2e, 0x7a, 0x7c, 0x8e, 0xa9, 0xe0, 0x54, 0x50, 0xd6, 0x2a,
-    0x8a, 0xe2, 0x3e, 0xbd, 0xa3, 0x89, 0x94, 0x3f, 0x07, 0x29, 0xd7, 0x29,
-    0x5a, 0x26, 0xc3, 0xbb, 0xb9, 0x7d, 0xfd, 0x4a, 0x26, 0x68, 0x5d, 0x4d,
-    0x1d, 0x76, 0xa5, 0x58, 0x1e, 0x37, 0x9f, 0xca, 0xb3, 0x78, 0xf3, 0x01,
-    0x1b, 0x59, 0x4e, 0x63, 0x72, 0xb0, 0x1b, 0xf4, 0xf6, 0xa0, 0x61, 0x58,
-    0x63, 0x5c, 0xfc, 0x3b, 0x84, 0x9c, 0x8e, 0xdd, 0x84, 0xb5, 0xfa, 0x5d,
-    0x41, 0x0d, 0x65, 0x49, 0x52, 0x59, 0x4a, 0x23, 0xbf, 0xfd, 0xac, 0x30,
-    0x7f, 0xc9, 0x8b, 0x35, 0x25, 0x97, 0xb5, 0x9b, 0x8b, 0x2f, 0xfd, 0x06,
-    0x09, 0xb7, 0x30, 0xf1, 0xb8, 0xb2, 0xb4, 0x8a, 0xe3, 0xa5, 0xf8, 0x7e,
-    0xff, 0xf9, 0xcf, 0x1a, 0xef, 0x41, 0x37, 0x41, 0x7e, 0x2c, 0xac, 0x44,
-    0x10, 0x4c, 0x2f, 0xf6, 0xbb, 0x0b, 0x8c, 0xf0, 0xb2, 0xff, 0xe8, 0xd0,
-    0x9e, 0x6f, 0x7f, 0x06, 0xcb, 0x2f, 0xf1, 0x74, 0x0c, 0xe3, 0xee, 0x2c,
-    0xbf, 0xe2, 0x8d, 0x84, 0xff, 0xdf, 0x71, 0x65, 0xf4, 0x60, 0xfa, 0x59,
-    0x58, 0x89, 0x5f, 0x9b, 0x6f, 0x3d, 0xbf, 0x9d, 0xfd, 0x3e, 0xdd, 0xac,
-    0xbb, 0x7e, 0xea, 0xcb, 0xff, 0xfe, 0x62, 0x60, 0x73, 0x59, 0xdf, 0xe3,
-    0xf9, 0xad, 0x41, 0xab, 0x2a, 0x13, 0xf0, 0xd8, 0xd3, 0x21, 0xb3, 0xa3,
-    0x10, 0x18, 0x78, 0x72, 0xf0, 0xa9, 0x3d, 0x49, 0x65, 0xe7, 0xd6, 0xcb,
-    0x2f, 0xf6, 0x7b, 0x8d, 0xde, 0x12, 0xcb, 0x8c, 0x31, 0x65, 0xe7, 0xec,
-    0x5f, 0x67, 0xd0, 0x43, 0xa6, 0x19, 0x5f, 0xb4, 0xf2, 0x6f, 0xac, 0xbf,
-    0xfb, 0x5c, 0xfb, 0x19, 0xf6, 0xd9, 0xc9, 0x65, 0x41, 0xf6, 0x39, 0x3d,
-    0xfb, 0x0f, 0xf7, 0x1a, 0xcb, 0x0b, 0x9e, 0x9f, 0x7d, 0xc2, 0x21, 0x19,
-    0x22, 0x11, 0xa0, 0xe4, 0xb1, 0x03, 0x4b, 0x3b, 0xa4, 0xc7, 0xcc, 0x5f,
-    0xa8, 0x55, 0xfc, 0x85, 0xef, 0x2d, 0xb4, 0xa3, 0x5b, 0xe4, 0xa1, 0x2f,
-    0x2e, 0x6f, 0x84, 0x79, 0x90, 0xb0, 0xdd, 0x20, 0xa9, 0x42, 0x4c, 0x88,
-    0x75, 0x8c, 0x07, 0x52, 0x9e, 0xb4, 0x72, 0x78, 0x49, 0xfe, 0x72, 0x7c,
-    0x11, 0x8b, 0x94, 0x6a, 0xbc, 0xa5, 0x82, 0x7a, 0x94, 0x3a, 0x1b, 0xe0,
-    0xf4, 0xbf, 0x60, 0xff, 0x06, 0x2c, 0xbf, 0xb9, 0x13, 0x49, 0xa6, 0x59,
-    0x7f, 0xde, 0x82, 0x60, 0x67, 0x5e, 0x59, 0x7d, 0x3e, 0xe4, 0x05, 0x97,
-    0x46, 0xd8, 0x7b, 0x82, 0x1c, 0x51, 0x23, 0x87, 0x85, 0x02, 0x42, 0x2e,
-    0xff, 0x3e, 0xbb, 0x17, 0x2c, 0xe9, 0x65, 0xff, 0xe9, 0x3f, 0x05, 0x94,
-    0x67, 0xa3, 0xa9, 0x2c, 0xbc, 0x6b, 0x69, 0x65, 0xd0, 0x05, 0x97, 0xde,
-    0xf4, 0x1d, 0x65, 0xe6, 0x18, 0xb6, 0x3d, 0x5f, 0x8e, 0x88, 0x2d, 0x7f,
-    0xe8, 0x90, 0xb1, 0x20, 0xc1, 0x26, 0xe2, 0xcb, 0x37, 0x68, 0x87, 0x02,
-    0x15, 0x0b, 0x4e, 0xf3, 0x63, 0x56, 0x37, 0xf4, 0x64, 0xf7, 0xfe, 0x7e,
-    0xc5, 0x84, 0x0d, 0x2c, 0x92, 0xcb, 0xf6, 0xbb, 0x77, 0xed, 0x51, 0x1a,
-    0xaf, 0xff, 0xbe, 0xc6, 0x39, 0x77, 0xa8, 0x69, 0x3f, 0x16, 0x5f, 0x7b,
-    0x4d, 0xd2, 0xcb, 0xf0, 0x7c, 0x19, 0xa1, 0x65, 0xf9, 0x86, 0xf9, 0xe5,
-    0x97, 0x8d, 0xeb, 0x8b, 0x2c, 0x2f, 0x64, 0xd5, 0xf1, 0x07, 0xb3, 0x66,
-    0x4f, 0xf9, 0x1b, 0x94, 0xf8, 0x9a, 0xff, 0xff, 0x6f, 0x82, 0xf0, 0xb7,
-    0xde, 0xe3, 0xc1, 0xb9, 0xdc, 0x6b, 0x2f, 0xda, 0xed, 0xdf, 0xb5, 0x45,
-    0x4a, 0xb7, 0x6a, 0x88, 0x69, 0x4b, 0x29, 0xcd, 0x50, 0x07, 0xec, 0x2f,
-    0x11, 0x00, 0xec, 0x17, 0xde, 0x7e, 0x80, 0xb2, 0xff, 0xf6, 0x7d, 0x84,
-    0xf3, 0x10, 0x65, 0x9c, 0x59, 0x7f, 0xb3, 0xe4, 0xfe, 0xf4, 0x2c, 0xbc,
-    0x4e, 0x2d, 0xd1, 0x3b, 0xe2, 0x31, 0x12, 0x6f, 0x4f, 0x73, 0xc8, 0x50,
-    0xb2, 0xfc, 0xe7, 0xd9, 0xf7, 0x16, 0x5f, 0x76, 0xef, 0xda, 0xa2, 0x3e,
-    0x5c, 0x38, 0x59, 0x5a, 0x3c, 0x63, 0x98, 0x5f, 0xee, 0x37, 0xcc, 0x7d,
-    0x49, 0x65, 0xe1, 0xfc, 0x2b, 0x2e, 0xeb, 0x8b, 0x2c, 0x6a, 0xca, 0xc3,
-    0x55, 0x3e, 0x31, 0x7f, 0xf0, 0x74, 0x0e, 0xfe, 0xd3, 0x14, 0x01, 0x65,
-    0xfe, 0x96, 0x6e, 0x39, 0x00, 0x50, 0xb2, 0xf7, 0xa3, 0x16, 0x5f, 0xfd,
-    0xe9, 0x41, 0xb3, 0xa3, 0xdc, 0x80, 0x2c, 0xb1, 0x61, 0xf1, 0x38, 0xdd,
-    0xd2, 0x17, 0x3d, 0xaa, 0x63, 0xd8, 0xb3, 0x1c, 0x7a, 0x22, 0x73, 0x40,
-    0x23, 0xf0, 0x8f, 0xc8, 0xc2, 0x42, 0x6e, 0xbb, 0x56, 0x7c, 0xf2, 0xa9,
-    0x6f, 0xe1, 0x7c, 0x78, 0xea, 0x4b, 0x2f, 0xde, 0xfc, 0x11, 0xab, 0x2f,
-    0xed, 0x38, 0x1f, 0x34, 0xb2, 0xfb, 0xe1, 0x2d, 0x96, 0x5f, 0xf9, 0xf6,
-    0x8f, 0xb6, 0x9a, 0x0e, 0xb2, 0xff, 0x46, 0xb0, 0xbd, 0x9f, 0x59, 0x76,
-    0x0b, 0x84, 0x72, 0x8c, 0xa3, 0xe5, 0x93, 0xe4, 0x62, 0x1e, 0xd1, 0xa9,
-    0xb7, 0x9e, 0x31, 0x5a, 0x16, 0x9e, 0x34, 0x47, 0x37, 0x7f, 0xff, 0x83,
-    0xa3, 0x5f, 0x98, 0x38, 0xeb, 0x82, 0x78, 0xd6, 0x35, 0x65, 0xf4, 0x71,
-    0xf8, 0xb2, 0xa4, 0x88, 0x79, 0x99, 0xaf, 0x18, 0x6f, 0x6b, 0x2f, 0xdd,
-    0x75, 0x2c, 0xf2, 0xca, 0xe1, 0xe5, 0x04, 0x82, 0xff, 0xf4, 0xf3, 0x34,
-    0xcd, 0xcd, 0x86, 0x28, 0x9d, 0x3b, 0xf3, 0xeb, 0x2f, 0xfc, 0x17, 0xd4,
-    0x8b, 0x39, 0x1a, 0x59, 0x7d, 0xdb, 0xbf, 0x6a, 0x8b, 0x1d, 0x7e, 0x8f,
-    0x93, 0x88, 0xb2, 0xb4, 0x7a, 0xe7, 0x30, 0xbf, 0xd8, 0xc5, 0xb7, 0xb3,
-    0xeb, 0x2e, 0x7e, 0x2c, 0xbf, 0xb6, 0x13, 0x5a, 0xcd, 0x2c, 0xbc, 0x7e,
-    0x42, 0xca, 0x91, 0xf1, 0x38, 0xb0, 0x4c, 0x2f, 0xf8, 0x9c, 0xdf, 0xb4,
-    0x16, 0xcb, 0x2f, 0xe2, 0xf6, 0x83, 0x07, 0x59, 0x7f, 0xfe, 0x27, 0x36,
-    0x77, 0x8d, 0x82, 0x96, 0x7d, 0x8e, 0xb2, 0x9d, 0x10, 0x81, 0x2d, 0xbf,
-    0x80, 0xfe, 0xe4, 0x1a, 0xb2, 0xed, 0xf8, 0xb2, 0xff, 0x37, 0xa3, 0x46,
-    0xfd, 0x96, 0x5f, 0xff, 0x4b, 0x69, 0xe7, 0x13, 0xc6, 0xdd, 0xea, 0x74,
-    0xef, 0xcf, 0xac, 0xbf, 0xec, 0xdf, 0x12, 0xea, 0x59, 0xe5, 0x95, 0x89,
-    0x8d, 0xb1, 0x73, 0x8c, 0x00, 0xcc, 0x99, 0xee, 0x69, 0x2c, 0xbf, 0xd8,
-    0x5f, 0xcf, 0x40, 0xd6, 0x5f, 0xb3, 0x7f, 0xde, 0x4b, 0x2d, 0xe6, 0x3d,
-    0xa2, 0x31, 0xa1, 0xa2, 0x5b, 0x1c, 0x2f, 0xfa, 0x4d, 0xe1, 0x35, 0x1f,
-    0x85, 0x97, 0xe6, 0xf7, 0x9b, 0xcb, 0x2f, 0xff, 0xc1, 0x27, 0x37, 0xc6,
-    0xc1, 0x4b, 0x3e, 0xc7, 0x59, 0x7d, 0xad, 0x64, 0xfa, 0xcb, 0xf6, 0x80,
-    0xdf, 0x85, 0x95, 0x39, 0x30, 0x1c, 0x39, 0x39, 0x3b, 0xaa, 0x84, 0x96,
-    0xfd, 0x9a, 0xcc, 0x99, 0x65, 0x85, 0xc2, 0xf6, 0xbe, 0xcd, 0xd2, 0x22,
-    0x1b, 0x26, 0x42, 0x50, 0xd2, 0x26, 0x84, 0xa4, 0xc5, 0xc7, 0x85, 0xe7,
-    0xe3, 0x3d, 0x28, 0x6e, 0xf2, 0x32, 0x31, 0x12, 0xef, 0x75, 0xec, 0x59,
-    0x79, 0xb5, 0x32, 0xcb, 0xe9, 0x78, 0x23, 0x59, 0x46, 0x9e, 0x07, 0x43,
-    0xb7, 0xff, 0xff, 0xef, 0xe3, 0xb7, 0x3f, 0x80, 0x9d, 0xcc, 0x1e, 0x1d,
-    0xba, 0x91, 0x41, 0xa0, 0x59, 0x7f, 0x13, 0x99, 0xec, 0xfa, 0xca, 0x9e,
-    0x91, 0x63, 0x34, 0x21, 0x2e, 0x39, 0xab, 0x28, 0x52, 0x78, 0xd3, 0xcc,
-    0xba, 0xfc, 0x59, 0xf7, 0xf2, 0xcb, 0xc2, 0xae, 0x7a, 0x02, 0xca, 0x14,
-    0x9e, 0x74, 0xf3, 0x26, 0xbf, 0xf4, 0xf5, 0x3d, 0x8a, 0x43, 0x9a, 0x28,
-    0x02, 0xcb, 0xfb, 0x3b, 0x8f, 0x36, 0xf5, 0x97, 0xfe, 0xc3, 0x39, 0x8d,
-    0xcf, 0x66, 0xe2, 0xca, 0xf9, 0xf8, 0x11, 0x7d, 0xef, 0x84, 0x6b, 0x2f,
-    0xe1, 0xe1, 0xe7, 0xb9, 0xe5, 0x3d, 0xac, 0xbf, 0xe8, 0x99, 0xbd, 0xc6,
-    0x29, 0x96, 0x5f, 0xfe, 0xee, 0x01, 0xfd, 0xc6, 0x3f, 0xb8, 0xfd, 0x2c,
-    0xbd, 0xba, 0x38, 0x59, 0x4c, 0x7d, 0xc1, 0x4f, 0xbf, 0xce, 0x0e, 0x3f,
-    0xbc, 0xeb, 0x2e, 0x3f, 0x6b, 0x2f, 0xf9, 0xc6, 0xdd, 0x4b, 0xcd, 0xa5,
-    0x97, 0xfe, 0x8d, 0x00, 0xb2, 0x69, 0x34, 0xcb, 0x28, 0x6a, 0x81, 0xb0,
-    0x85, 0x87, 0x74, 0x7d, 0xf8, 0x53, 0x91, 0x0f, 0x8c, 0xb7, 0x8c, 0x6e,
-    0x9c, 0xdf, 0xf1, 0x9a, 0xc2, 0x7e, 0xa5, 0xc5, 0x97, 0x11, 0xab, 0x2e,
-    0xc1, 0xac, 0xac, 0x3e, 0x77, 0x3a, 0xde, 0x2f, 0x7e, 0xfb, 0x9e, 0x09,
-    0x65, 0xf7, 0x3e, 0xc6, 0x2c, 0xbf, 0xfa, 0x6d, 0xc6, 0xdb, 0xf9, 0x31,
-    0x61, 0x8b, 0x2f, 0xee, 0xdf, 0x53, 0xef, 0xf5, 0x97, 0x7f, 0xeb, 0x2f,
-    0xd0, 0x67, 0xb3, 0xeb, 0x2e, 0x13, 0x16, 0x5f, 0x0f, 0x3a, 0xf2, 0xca,
-    0x83, 0x74, 0xc2, 0xf5, 0x39, 0x35, 0xcc, 0x26, 0x34, 0x8d, 0x92, 0x85,
-    0x66, 0x24, 0x2f, 0xc6, 0x2b, 0xf8, 0xa0, 0x12, 0xef, 0x65, 0x97, 0xff,
-    0x44, 0x6e, 0xff, 0x1c, 0x79, 0x87, 0x59, 0x77, 0xb9, 0x31, 0xf9, 0xfc,
-    0xbe, 0xdd, 0xac, 0xbc, 0x09, 0xef, 0xeb, 0x2a, 0x79, 0x1b, 0x4e, 0x09,
-    0x5f, 0x07, 0x9f, 0xc5, 0x95, 0xa3, 0xc9, 0x22, 0x7b, 0xff, 0xd9, 0xbb,
-    0x9d, 0xfb, 0xa9, 0x61, 0x01, 0xd6, 0x5f, 0xff, 0xfc, 0xc5, 0xbf, 0x06,
-    0x4e, 0xfb, 0xf3, 0x73, 0xdb, 0x8d, 0xe2, 0x80, 0x2c, 0xbc, 0xc1, 0x02,
-    0xcb, 0x75, 0xb8, 0x89, 0x39, 0x9d, 0xef, 0x1d, 0xb4, 0xb2, 0xb0, 0xf2,
-    0x80, 0x5d, 0x7b, 0x1c, 0x96, 0x5e, 0xfc, 0x4c, 0xb2, 0xe6, 0xf3, 0x1b,
-    0x77, 0x1a, 0xba, 0x43, 0x59, 0x7f, 0xf6, 0x19, 0xc2, 0xc9, 0xa4, 0x12,
-    0xf2, 0xcb, 0xe9, 0x6e, 0x31, 0xd6, 0x5f, 0x71, 0xdf, 0x71, 0x65, 0xfb,
-    0x3f, 0xb8, 0xc4, 0xe7, 0x93, 0xe2, 0x5b, 0x61, 0x23, 0x37, 0x7c, 0x23,
-    0xaf, 0xff, 0x7e, 0x3a, 0xcd, 0x88, 0x21, 0xf4, 0x7d, 0x65, 0xff, 0x37,
-    0x7f, 0x6f, 0x71, 0xfa, 0x59, 0x7e, 0x2c, 0x1e, 0x7f, 0xb4, 0x42, 0xfd,
-    0x2e, 0xff, 0x76, 0xc6, 0x64, 0xcf, 0xb8, 0xb2, 0xb4, 0x7e, 0xff, 0x3f,
-    0xbf, 0xff, 0xf1, 0x61, 0xc8, 0x20, 0x37, 0x71, 0x88, 0x79, 0xb1, 0x81,
-    0x7d, 0x96, 0x54, 0x22, 0x4f, 0x08, 0xaf, 0xff, 0xf4, 0x19, 0xfc, 0xd3,
-    0x9f, 0x3d, 0xfc, 0xc3, 0xe7, 0x6b, 0x2f, 0xff, 0xa6, 0xcd, 0xd2, 0xcd,
-    0xe5, 0x80, 0x3c, 0x49, 0x65, 0x42, 0x2c, 0xf1, 0x82, 0xff, 0x9f, 0xa2,
-    0xcf, 0x73, 0x0c, 0x59, 0x50, 0xbc, 0x91, 0x90, 0xac, 0xec, 0x85, 0xa3,
-    0x2a, 0xdc, 0x58, 0x98, 0xab, 0x50, 0xe4, 0xfc, 0x77, 0xa5, 0x0d, 0x40,
-    0x90, 0xdf, 0xbe, 0xda, 0x0c, 0x96, 0x5f, 0xf6, 0xcd, 0xf9, 0x9e, 0x4d,
-    0xf5, 0x97, 0xed, 0x02, 0x7c, 0x3e, 0x59, 0x7f, 0xb7, 0xfd, 0x87, 0xfc,
-    0xe2, 0xcb, 0xff, 0xfe, 0x08, 0x7a, 0x2c, 0xdf, 0x38, 0x79, 0xe9, 0x67,
-    0xfe, 0xf2, 0x59, 0x7f, 0xc7, 0xe7, 0xf3, 0xc5, 0x07, 0x59, 0x78, 0xb3,
-    0x84, 0x8a, 0x39, 0xf6, 0xba, 0x74, 0xc3, 0x77, 0xc3, 0x62, 0xff, 0xf6,
-    0xb5, 0x1b, 0x61, 0x9d, 0x4b, 0xc1, 0x1a, 0xcb, 0xec, 0xc2, 0x35, 0x65,
-    0xff, 0x98, 0xdc, 0x93, 0x3e, 0xff, 0xb2, 0xcb, 0x43, 0x22, 0xbb, 0x49,
-    0xdf, 0x21, 0xa8, 0x54, 0x8a, 0xd1, 0x9c, 0xfe, 0x1b, 0x17, 0xf8, 0xbc,
-    0x28, 0x7f, 0x06, 0x16, 0x5f, 0xd2, 0x2c, 0xeb, 0xce, 0xb2, 0xfe, 0x1f,
-    0x8d, 0x62, 0x1a, 0xca, 0x84, 0x48, 0xb9, 0xb0, 0x4b, 0x6f, 0x0f, 0x09,
-    0x65, 0xfe, 0x7d, 0xbd, 0xc7, 0x7d, 0xc5, 0x95, 0xb1, 0xe8, 0xef, 0x1b,
-    0xbf, 0xf3, 0x6b, 0xbf, 0xb4, 0xce, 0xf2, 0x59, 0x7f, 0xf7, 0xe0, 0xfd,
-    0xfd, 0xbd, 0x98, 0x75, 0x97, 0xda, 0xda, 0x0d, 0x59, 0x66, 0x59, 0x73,
-    0x9b, 0x86, 0xd3, 0xc4, 0x95, 0x08, 0xa4, 0x27, 0x8b, 0xff, 0xc5, 0x9f,
-    0x13, 0x9c, 0x09, 0xf8, 0xfd, 0x2c, 0xbe, 0x06, 0x33, 0xac, 0xbc, 0x06,
-    0x11, 0x65, 0xff, 0xff, 0xe8, 0x2f, 0x71, 0xbe, 0xc7, 0x1c, 0x7f, 0x37,
-    0xee, 0x31, 0x0f, 0x36, 0x59, 0x5d, 0xa6, 0x06, 0xe9, 0x80, 0x20, 0xf0,
-    0xed, 0xff, 0x3e, 0xb6, 0xfb, 0x66, 0xa6, 0x59, 0x7f, 0xf3, 0xb9, 0x03,
-    0x99, 0xb9, 0x33, 0xba, 0xcb, 0xff, 0xff, 0xfd, 0x8d, 0xfd, 0xc6, 0x2c,
-    0xf7, 0xa3, 0x61, 0x94, 0x40, 0x3d, 0x2c, 0x22, 0x79, 0x2c, 0xae, 0xd3,
-    0x0b, 0x98, 0xeb, 0xc8, 0xb7, 0xe9, 0x73, 0x6c, 0x31, 0x65, 0xec, 0xd6,
-    0xcb, 0x2f, 0x39, 0x4c, 0xb2, 0xbe, 0x6e, 0x5c, 0x76, 0xf3, 0xbf, 0x6a,
-    0x8b, 0x41, 0x7f, 0xff, 0xb0, 0x71, 0xdb, 0x16, 0xdc, 0xef, 0xec, 0x31,
-    0xe1, 0x2c, 0xbf, 0x3e, 0xb6, 0xc3, 0x16, 0x5e, 0x73, 0x37, 0x67, 0x22,
-    0x2b, 0xb6, 0x1b, 0xf8, 0x10, 0x51, 0xee, 0x2c, 0xa8, 0x4e, 0x74, 0x6c,
-    0x7d, 0x90, 0x6a, 0x16, 0x60, 0x3b, 0xbd, 0x26, 0x02, 0xcb, 0xfe, 0xeb,
-    0xd0, 0x6e, 0xe3, 0x04, 0x6b, 0x2f, 0xe6, 0xf7, 0xdc, 0x8d, 0x59, 0x53,
-    0x22, 0x1d, 0xc7, 0x38, 0x7d, 0x78, 0x21, 0xd2, 0xcb, 0xc5, 0x1a, 0x59,
-    0x76, 0xa6, 0x98, 0xdc, 0x70, 0x76, 0xff, 0xff, 0x71, 0xcb, 0xf1, 0xbf,
-    0xf9, 0xec, 0x72, 0xef, 0x06, 0xb2, 0xff, 0xff, 0x34, 0x79, 0xbf, 0x1c,
-    0xfe, 0x73, 0x59, 0xde, 0x79, 0x65, 0xff, 0xd0, 0x0e, 0x16, 0x6e, 0x0e,
-    0x3d, 0xc5, 0x96, 0x72, 0x45, 0x2f, 0x17, 0xed, 0xa8, 0x4c, 0xb3, 0xf1,
-    0x82, 0xdf, 0xdb, 0x4e, 0x9a, 0x51, 0xb2, 0xca, 0xc4, 0xef, 0x5a, 0x35,
-    0xb7, 0x2f, 0xbf, 0x0e, 0x26, 0x63, 0xac, 0xbf, 0x8c, 0x2c, 0xd8, 0x49,
-    0x2c, 0xbf, 0x0f, 0x00, 0xf0, 0xb2, 0xff, 0xff, 0xcf, 0xa9, 0x71, 0x87,
-    0x9a, 0xd9, 0xb9, 0xf7, 0x07, 0x30, 0x96, 0x56, 0x22, 0x47, 0x84, 0xd4,
-    0xc8, 0xe3, 0x0c, 0x30, 0x6f, 0xdb, 0x1d, 0xdc, 0x96, 0x5f, 0xf3, 0x83,
-    0x1b, 0x9c, 0x80, 0x2c, 0xa8, 0x3d, 0xee, 0x13, 0xdf, 0xf8, 0x73, 0xf9,
-    0xc1, 0xfd, 0xb5, 0xb2, 0xcb, 0xff, 0xec, 0x33, 0xc7, 0x8c, 0xf7, 0xf3,
-    0x0b, 0xb5, 0x95, 0x08, 0x92, 0xfa, 0x1d, 0xe9, 0xe8, 0x53, 0x3c, 0x2c,
-    0xbe, 0xc2, 0x93, 0x2c, 0xbf, 0xfb, 0x35, 0xa7, 0x90, 0x84, 0xfe, 0xe2,
-    0xca, 0x83, 0xe4, 0x91, 0x05, 0x9b, 0x48, 0xb0, 0xf4, 0x23, 0xef, 0xf4,
-    0xdf, 0x8f, 0x7e, 0x26, 0x59, 0x50, 0xcf, 0xde, 0xd8, 0xa2, 0x52, 0x9f,
-    0xc7, 0x0c, 0xcc, 0x7f, 0x34, 0x97, 0xb8, 0x71, 0xb4, 0x64, 0x9b, 0x91,
-    0xa4, 0xea, 0x3d, 0x03, 0xc3, 0x5f, 0xf2, 0x89, 0x5c, 0xd0, 0xa3, 0x0b,
-    0xe4, 0x21, 0x7d, 0x0b, 0x3d, 0xf0, 0xd2, 0x10, 0xb6, 0xff, 0xfc, 0xdd,
-    0x48, 0xa1, 0xc6, 0xdd, 0xe7, 0xdf, 0xcb, 0x2c, 0x05, 0x97, 0x87, 0xf8,
-    0x59, 0x7d, 0x9d, 0x79, 0xd6, 0x5b, 0x93, 0x8d, 0xf1, 0x0e, 0x58, 0x3a,
-    0x3f, 0x7f, 0x27, 0xdb, 0x16, 0x5f, 0xfe, 0x1f, 0xe2, 0x1b, 0xdc, 0x62,
-    0xea, 0x4b, 0x2c, 0x11, 0x9e, 0xc9, 0x08, 0x5d, 0x87, 0x59, 0x7f, 0xfc,
-    0x6b, 0x6b, 0x3a, 0xf7, 0xd8, 0x48, 0x1c, 0x2c, 0xbf, 0xf7, 0x5b, 0xff,
-    0xb8, 0xde, 0x28, 0x3a, 0xca, 0xc4, 0x4a, 0xba, 0x8d, 0xe8, 0xd9, 0x96,
-    0x56, 0x2a, 0x5b, 0x36, 0x19, 0x6d, 0x08, 0x1d, 0x13, 0xbc, 0x2a, 0xc8,
-    0x86, 0xff, 0xff, 0xb5, 0x83, 0x27, 0x7d, 0xfc, 0xcd, 0xcf, 0x16, 0x66,
-    0xa6, 0x59, 0x7e, 0x2f, 0x4e, 0x3e, 0xcb, 0x2f, 0x82, 0x77, 0xf2, 0xcb,
-    0xff, 0xf3, 0x6c, 0x59, 0xbf, 0xed, 0xee, 0xa5, 0x05, 0x32, 0xca, 0x84,
-    0x52, 0x8c, 0xaf, 0xe4, 0x57, 0xff, 0xfe, 0x6d, 0x36, 0x6f, 0xcd, 0xb1,
-    0xbd, 0x07, 0x27, 0x37, 0xec, 0xb2, 0xff, 0xe9, 0x43, 0xca, 0x73, 0x4c,
-    0xd8, 0x4b, 0x2f, 0xfa, 0x62, 0x83, 0xfe, 0x37, 0x9d, 0x65, 0xff, 0xe9,
-    0x36, 0x80, 0xfe, 0xc9, 0xa4, 0xde, 0x59, 0x7e, 0xf3, 0x4f, 0xe6, 0xcb,
-    0x2f, 0x4f, 0x53, 0xdc, 0xf4, 0xb2, 0xff, 0x73, 0x3e, 0xdc, 0x0e, 0xcb,
-    0x2f, 0x9a, 0x7f, 0x36, 0x59, 0x73, 0xf5, 0x39, 0x16, 0x13, 0xcc, 0xaf,
-    0x85, 0x9e, 0x34, 0xb9, 0xfa, 0x59, 0x58, 0x9c, 0xef, 0x47, 0x7c, 0x87,
-    0xd7, 0x94, 0x6c, 0xc3, 0x55, 0x7d, 0xd9, 0x7f, 0x4d, 0x7e, 0x8f, 0x86,
-    0xff, 0xbe, 0xde, 0xe3, 0xf4, 0x03, 0x16, 0x5e, 0x1b, 0xec, 0xb2, 0xed,
-    0x6d, 0xd9, 0xec, 0x08, 0x77, 0x7f, 0xfc, 0x1d, 0xb4, 0xde, 0xd8, 0x3a,
-    0x97, 0x37, 0x19, 0x65, 0x32, 0xe7, 0xbf, 0xe5, 0xe6, 0x3c, 0x29, 0x08,
-    0xc6, 0xfe, 0xcf, 0x61, 0x3c, 0xcb, 0x2f, 0xed, 0x37, 0x65, 0x1f, 0x59,
-    0x7f, 0xc1, 0x7f, 0x3c, 0x9f, 0xa9, 0x2c, 0xbf, 0x38, 0x99, 0xd7, 0x96,
-    0x5d, 0xae, 0x2c, 0xa9, 0x23, 0x4b, 0x0b, 0x3b, 0x2d, 0xe1, 0xcc, 0xf9,
-    0x4d, 0xfe, 0x61, 0xe1, 0xe7, 0x60, 0xd6, 0x5c, 0xfc, 0x59, 0x7e, 0x63,
-    0x27, 0xb1, 0x4c, 0xf6, 0xb2, 0xff, 0xf8, 0x3a, 0xd4, 0x16, 0x1a, 0xdf,
-    0xfe, 0x08, 0xb2, 0xc2, 0xb5, 0x95, 0xa3, 0xe5, 0x0a, 0x85, 0xf4, 0x6a,
-    0x26, 0x59, 0x78, 0xa0, 0xeb, 0x2d, 0x0b, 0x2a, 0x63, 0x56, 0x71, 0xbb,
-    0xfc, 0x70, 0x97, 0xb8, 0x1d, 0x2c, 0xa9, 0x27, 0x56, 0x33, 0x43, 0x45,
-    0xb5, 0x09, 0xc3, 0x91, 0x12, 0x6c, 0xf9, 0x15, 0xb4, 0xb2, 0xf6, 0xb3,
-    0x16, 0x50, 0x0d, 0x66, 0xe8, 0x8d, 0xff, 0xfd, 0xd7, 0x22, 0x5a, 0xcd,
-    0xa3, 0x59, 0xe6, 0xe8, 0xc5, 0x96, 0x35, 0x65, 0x6c, 0x7e, 0x04, 0xbd,
-    0x7e, 0xea, 0x5a, 0xe7, 0x16, 0x54, 0x1e, 0x66, 0x11, 0x5f, 0xfd, 0xba,
-    0x13, 0xfe, 0x0f, 0x36, 0xe3, 0x0d, 0x65, 0xfe, 0xeb, 0xf9, 0x34, 0xcf,
-    0xc5, 0x94, 0xc8, 0x82, 0x74, 0xcb, 0xf8, 0xba, 0x97, 0x82, 0x35, 0x97,
-    0xed, 0xcc, 0x23, 0xb2, 0xca, 0x83, 0xd8, 0x72, 0xfb, 0xe2, 0x8c, 0x31,
-    0x65, 0xe2, 0xc0, 0x2c, 0xbf, 0xfe, 0x69, 0xdb, 0x8d, 0xb4, 0xef, 0xe4,
-    0xc5, 0x86, 0x2c, 0xbe, 0x9b, 0x33, 0x65, 0x97, 0xee, 0x37, 0x8a, 0x16,
-    0x5d, 0x9f, 0xe1, 0xe4, 0xf8, 0x8e, 0xc6, 0x0a, 0x53, 0x0a, 0xd1, 0x0f,
-    0xc6, 0xfd, 0x0a, 0x1b, 0xf8, 0xcf, 0x14, 0x1f, 0x8b, 0x29, 0xcf, 0xf0,
-    0x29, 0xd7, 0xe9, 0xbf, 0x80, 0x75, 0x95, 0x0a, 0xfa, 0xa5, 0x0e, 0x0c,
-    0x85, 0x17, 0xde, 0x4a, 0x3a, 0x6d, 0xe4, 0x37, 0xff, 0xfd, 0xfc, 0xf7,
-    0x9f, 0x6c, 0xf1, 0xd8, 0x25, 0x31, 0x61, 0x8b, 0x2f, 0xfc, 0xfa, 0xf6,
-    0x74, 0x07, 0x79, 0x96, 0x5f, 0xff, 0xf1, 0x38, 0x39, 0xdf, 0xd8, 0xb1,
-    0xa5, 0xf8, 0xfb, 0x1a, 0xb2, 0x86, 0x98, 0x5c, 0xcc, 0xfe, 0x3f, 0xbf,
-    0xbd, 0xfc, 0x94, 0x80, 0xb2, 0xa0, 0xf8, 0x08, 0xca, 0xff, 0x13, 0xbe,
-    0xf9, 0x6f, 0x02, 0xcb, 0xff, 0xee, 0x44, 0xdf, 0x8d, 0xe5, 0x83, 0xfc,
-    0x71, 0x65, 0x0d, 0x10, 0xfe, 0x36, 0xbe, 0xee, 0x01, 0xc5, 0x97, 0xf7,
-    0xd8, 0xc9, 0xf8, 0x02, 0xcb, 0xff, 0xc7, 0x6e, 0xa5, 0xc2, 0xce, 0xfc,
-    0x12, 0x59, 0x7f, 0xb9, 0x9b, 0x80, 0x77, 0x99, 0x65, 0x62, 0x3e, 0x3b,
-    0x23, 0x98, 0x8c, 0xe6, 0x3f, 0x4b, 0xbf, 0xfb, 0xdf, 0xcd, 0xfb, 0x8c,
-    0x11, 0xe0, 0xd6, 0x5f, 0xf3, 0xf8, 0xb0, 0x7f, 0xcf, 0x2c, 0xbf, 0x80,
-    0xd2, 0xe3, 0x0d, 0x65, 0x42, 0xa9, 0x7c, 0x8e, 0x7d, 0x92, 0xdd, 0x24,
-    0x26, 0xf7, 0xe2, 0xed, 0xf8, 0xcb, 0x2f, 0xff, 0xed, 0x14, 0x47, 0x53,
-    0xb9, 0xe2, 0x81, 0xfe, 0x3c, 0xb2, 0xe6, 0xfa, 0xcb, 0xe9, 0x13, 0x88,
-    0xb2, 0xff, 0x0d, 0xc1, 0xad, 0x38, 0x16, 0x5f, 0x6b, 0xbd, 0xc3, 0x16,
-    0x5f, 0x1a, 0x29, 0x73, 0x16, 0x56, 0x1e, 0x83, 0x94, 0x53, 0x22, 0x8c,
-    0xa1, 0x07, 0x50, 0x9c, 0x26, 0x13, 0xee, 0x2e, 0x38, 0xb0, 0x61, 0x8b,
-    0x7f, 0xf6, 0x8b, 0x37, 0xeb, 0x1b, 0xf0, 0x35, 0x97, 0x9f, 0x71, 0x96,
-    0x5f, 0xf8, 0x4f, 0x1a, 0xc6, 0xc6, 0x14, 0x2c, 0xb7, 0x4b, 0x2f, 0xff,
-    0x33, 0xbc, 0xde, 0xfe, 0x4b, 0xed, 0xbd, 0x65, 0xff, 0xf6, 0x7b, 0x98,
-    0x66, 0x7d, 0xb4, 0x18, 0x02, 0xca, 0x84, 0x56, 0x6e, 0x09, 0x12, 0x5d,
-    0xf8, 0x4f, 0x14, 0x01, 0x65, 0x42, 0x74, 0xdd, 0x22, 0x68, 0x78, 0xf0,
-    0xeb, 0xde, 0x63, 0x7e, 0x8f, 0x67, 0xe1, 0x65, 0xff, 0x82, 0x53, 0x7f,
-    0x0b, 0x18, 0x6b, 0x2f, 0x6d, 0x36, 0x2c, 0xbf, 0xfe, 0xdf, 0x9d, 0xe9,
-    0xdf, 0xa9, 0x73, 0x71, 0x89, 0x65, 0x41, 0xf9, 0xb8, 0xf5, 0xff, 0xdb,
-    0x8d, 0x9f, 0x8d, 0xfc, 0xfc, 0x74, 0xb2, 0x99, 0x31, 0x9f, 0xc2, 0xc3,
-    0x84, 0x17, 0xd1, 0xec, 0x3a, 0xcb, 0xff, 0x73, 0xf8, 0x67, 0xd8, 0xc2,
-    0xc5, 0x94, 0x03, 0xe0, 0xde, 0x43, 0x7e, 0xea, 0x45, 0x07, 0x59, 0x7f,
-    0xff, 0xff, 0x8f, 0xb8, 0xdf, 0x06, 0x39, 0x77, 0x9d, 0x4b, 0x8d, 0xee,
-    0x37, 0x52, 0x28, 0xfc, 0x2c, 0xbf, 0xb3, 0xed, 0x9a, 0x99, 0x65, 0xff,
-    0xb3, 0xa9, 0x71, 0xbc, 0xe5, 0x8b, 0x2f, 0xf6, 0x1f, 0xf9, 0x33, 0xcc,
-    0xb2, 0xfc, 0xdb, 0x7e, 0x22, 0x71, 0xf8, 0xf8, 0xf6, 0xa7, 0x23, 0x7b,
-    0x21, 0x3d, 0x7f, 0xfb, 0xf1, 0xd6, 0x6a, 0x3c, 0xdd, 0xb0, 0xd6, 0x5e,
-    0x0e, 0xa6, 0x59, 0x7d, 0x93, 0x67, 0x86, 0x7d, 0x1c, 0x4a, 0xb3, 0x0d,
-    0x19, 0x5f, 0x84, 0x8d, 0x42, 0xa8, 0xec, 0x28, 0xfc, 0xa3, 0x9b, 0xff,
-    0xff, 0x31, 0x67, 0xa0, 0xe6, 0x05, 0xf6, 0x9d, 0x9f, 0x6d, 0x7d, 0xd6,
-    0x5f, 0x8d, 0x35, 0xfd, 0xc5, 0x97, 0xff, 0xd9, 0xb3, 0x8d, 0x83, 0xde,
-    0x98, 0xc9, 0x99, 0x65, 0x42, 0x3a, 0x71, 0xb7, 0x45, 0x57, 0x3e, 0xea,
-    0xcb, 0xdf, 0x63, 0x16, 0x5f, 0xba, 0x97, 0x0b, 0x0e, 0x6d, 0xbc, 0x33,
-    0x7f, 0xec, 0xea, 0x5c, 0x9b, 0x4f, 0xee, 0x2c, 0xbf, 0x14, 0x77, 0x23,
-    0xac, 0xbf, 0xfd, 0x9b, 0x9f, 0x0c, 0xdf, 0xc9, 0xa5, 0x1d, 0x2c, 0xbf,
-    0xfb, 0x99, 0x37, 0xe3, 0x7e, 0x7f, 0xf0, 0xb2, 0x86, 0x8b, 0xed, 0x14,
-    0x79, 0x42, 0xff, 0x38, 0x38, 0x77, 0xeb, 0xcb, 0x29, 0x65, 0xff, 0x70,
-    0x82, 0x1f, 0x4a, 0x0d, 0x59, 0x5d, 0x1e, 0x2f, 0x82, 0xeb, 0x11, 0x98,
-    0xe6, 0x01, 0x79, 0xbf, 0xf6, 0x6d, 0xa8, 0x8f, 0x37, 0xe1, 0x65, 0xff,
-    0x9a, 0x6e, 0x13, 0xb8, 0xfe, 0xcb, 0x2f, 0xe2, 0xce, 0x7e, 0x06, 0xb2,
-    0xa0, 0xfa, 0x70, 0xf6, 0x89, 0x18, 0xdc, 0x85, 0x35, 0xff, 0xe9, 0x31,
-    0xad, 0xe2, 0xc9, 0x6b, 0x9c, 0x59, 0x7f, 0xf6, 0x1c, 0x32, 0x71, 0xce,
-    0xf1, 0xc0, 0xb2, 0xfe, 0x89, 0xb3, 0x7b, 0x69, 0x65, 0xff, 0xe9, 0x7d,
-    0xe5, 0xd9, 0x3e, 0xee, 0xee, 0xeb, 0x2c, 0xa8, 0x44, 0x16, 0x17, 0xdf,
-    0x36, 0xb0, 0x96, 0x54, 0x26, 0xa9, 0xf4, 0xa2, 0x86, 0x4f, 0x08, 0x6f,
-    0xff, 0x30, 0x47, 0x84, 0x19, 0x30, 0xf0, 0x0b, 0x2f, 0xfe, 0x0b, 0x9f,
-    0xc5, 0x9b, 0x16, 0x74, 0xb2, 0xff, 0xb3, 0xb8, 0xfb, 0x41, 0x0d, 0x65,
-    0xff, 0xdf, 0xc3, 0x03, 0x8d, 0xfe, 0x46, 0xcb, 0x2e, 0x60, 0xec, 0x7f,
-    0x9d, 0x1b, 0xd6, 0xcc, 0xbf, 0xa1, 0xc6, 0x7f, 0x90, 0x95, 0xee, 0x55,
-    0x96, 0xa3, 0x20, 0x76, 0x40, 0x1f, 0x14, 0x79, 0x7c, 0x87, 0xa7, 0xa3,
-    0x7b, 0xde, 0x82, 0x62, 0x46, 0xec, 0x30, 0x2f, 0xa6, 0x93, 0x4c, 0xb2,
-    0xe2, 0xd9, 0x65, 0xf0, 0x34, 0xf3, 0xeb, 0x2a, 0x71, 0xf0, 0x4f, 0x04,
-    0x9d, 0x0b, 0xdf, 0xf9, 0x8c, 0xdc, 0x6d, 0xb9, 0x11, 0x32, 0xcb, 0x6e,
-    0xac, 0xbb, 0xfb, 0xab, 0x2f, 0xff, 0x66, 0xff, 0xbc, 0x80, 0xfd, 0x01,
-    0xba, 0x59, 0x6f, 0x41, 0xf3, 0xfc, 0x6a, 0xff, 0xfb, 0x5b, 0x46, 0xe7,
-    0x0b, 0x3d, 0xe6, 0xd7, 0x6b, 0x2f, 0xec, 0xdb, 0x85, 0x9b, 0xd6, 0x54,
-    0x93, 0x25, 0x67, 0xb7, 0x27, 0xf2, 0xa5, 0x8d, 0x59, 0x50, 0xcf, 0x82,
-    0xca, 0x62, 0x63, 0x46, 0x93, 0xb8, 0x6e, 0xf1, 0xb4, 0x08, 0x79, 0x7f,
-    0xfe, 0x96, 0x71, 0xc8, 0x1f, 0xc8, 0xf7, 0x20, 0x0b, 0x2f, 0x9c, 0xef,
-    0x25, 0x97, 0xff, 0x7d, 0xa7, 0x61, 0x63, 0x69, 0xf7, 0xac, 0xbf, 0xf9,
-    0x89, 0xc6, 0x58, 0x3f, 0xc7, 0x16, 0x5e, 0x12, 0x34, 0xb2, 0xff, 0xb6,
-    0x3c, 0x6b, 0xc5, 0x1b, 0x2c, 0xbe, 0xef, 0xa3, 0x7b, 0x59, 0x78, 0x48,
-    0x02, 0xca, 0x63, 0xc4, 0x01, 0x3d, 0xf6, 0xf8, 0x2e, 0xd6, 0x5f, 0xff,
-    0xd0, 0x58, 0x0e, 0x60, 0xff, 0x1b, 0x1c, 0x24, 0x35, 0x94, 0xc7, 0xfd,
-    0xf2, 0x4b, 0xf3, 0x7b, 0xd1, 0x25, 0x97, 0x47, 0x4b, 0x2a, 0x4a, 0xa4,
-    0xc6, 0xa6, 0x69, 0x0f, 0x68, 0xba, 0x41, 0x71, 0xd2, 0x7e, 0xf4, 0x27,
-    0xf7, 0x90, 0xcf, 0x93, 0xdf, 0xc5, 0xe8, 0xe7, 0x99, 0x65, 0xff, 0xfd,
-    0x13, 0x60, 0xff, 0x1b, 0xff, 0x9e, 0x28, 0x83, 0xac, 0xbf, 0xba, 0x18,
-    0xf1, 0xf6, 0x59, 0x7f, 0xfe, 0xfb, 0x6f, 0x2c, 0x33, 0x1b, 0xcd, 0xa7,
-    0x02, 0xcb, 0xc5, 0x03, 0x59, 0x7d, 0x2c, 0xfe, 0x2c, 0xbd, 0xb0, 0x49,
-    0x65, 0xdd, 0x72, 0x11, 0xbb, 0xd9, 0x7c, 0xca, 0xae, 0x36, 0x21, 0x0d,
-    0xfd, 0xf6, 0x99, 0xdf, 0x65, 0x97, 0xa3, 0x00, 0xb2, 0xd1, 0xd9, 0xe4,
-    0xcc, 0x5d, 0x50, 0xa8, 0xb8, 0xe5, 0x8f, 0x19, 0xc0, 0x21, 0x43, 0x7c,
-    0xdb, 0x1e, 0x16, 0x5f, 0xd1, 0xad, 0xa3, 0x5b, 0x2c, 0xbf, 0xfc, 0x4e,
-    0x67, 0xe2, 0x4c, 0x58, 0x78, 0x59, 0x7f, 0xf6, 0x75, 0xe8, 0xcd, 0x6a,
-    0x23, 0x75, 0x65, 0x8c, 0x99, 0x11, 0xa4, 0x8f, 0x52, 0x47, 0x36, 0x42,
-    0xf2, 0xff, 0xb7, 0xb9, 0x03, 0xf8, 0x07, 0x59, 0x7e, 0x63, 0x7c, 0xdb,
-    0x2c, 0xbf, 0xfd, 0x98, 0x03, 0xc4, 0xdc, 0x1f, 0xdf, 0x65, 0x94, 0xc8,
-    0xad, 0xf9, 0xc9, 0x14, 0xdf, 0xfe, 0x8f, 0xc1, 0xe6, 0x2c, 0x33, 0xd9,
-    0xf5, 0x97, 0xcf, 0xf6, 0x25, 0x97, 0xd8, 0x08, 0x25, 0x96, 0x2d, 0x8f,
-    0x03, 0xe4, 0x14, 0xb2, 0xfd, 0x2d, 0x46, 0x0d, 0x65, 0xcc, 0x1e, 0x8d,
-    0x91, 0x05, 0xdf, 0xff, 0xec, 0x97, 0x7f, 0x6f, 0xc6, 0x6a, 0x5e, 0x28,
-    0x3f, 0x16, 0x5f, 0xfb, 0x4f, 0xb0, 0x63, 0x08, 0x3b, 0x2c, 0xaf, 0xa2,
-    0x7f, 0x8c, 0x17, 0xff, 0x47, 0x0b, 0x0d, 0x6f, 0xff, 0x37, 0x16, 0x5f,
-    0xf0, 0x7d, 0xb9, 0xcc, 0x62, 0x1a, 0xcb, 0xe0, 0xc7, 0x43, 0x59, 0x7f,
-    0xb0, 0xf9, 0x34, 0x9b, 0x16, 0x50, 0xd5, 0x6b, 0x76, 0x5c, 0xf0, 0x8a,
-    0xe2, 0xd7, 0xa1, 0x96, 0x12, 0x3d, 0xe8, 0xc6, 0x1d, 0x88, 0x47, 0x70,
-    0xce, 0xb2, 0xfb, 0x76, 0x35, 0xb2, 0xcb, 0xc1, 0xf7, 0x16, 0x5e, 0xdd,
-    0x63, 0x16, 0x54, 0x2e, 0x59, 0x64, 0xba, 0xa9, 0xa1, 0x1c, 0xe2, 0xe1,
-    0x26, 0xdd, 0x1d, 0xbf, 0xda, 0xee, 0x6c, 0x6f, 0x85, 0x65, 0xff, 0xf9,
-    0xbd, 0xc6, 0xed, 0xf5, 0xdf, 0xdb, 0x7b, 0x9d, 0x65, 0xff, 0xff, 0x39,
-    0xbc, 0x1b, 0x67, 0x5d, 0xb1, 0x3f, 0x47, 0x88, 0xe2, 0xcb, 0xfd, 0x12,
-    0xf1, 0xad, 0xdb, 0x2c, 0xaf, 0xa2, 0x6c, 0x99, 0xef, 0x0f, 0x24, 0xb2,
-    0xf6, 0xe3, 0x18, 0xb2, 0xf1, 0xad, 0xda, 0xcb, 0xf3, 0x6f, 0x2c, 0xe4,
-    0xe3, 0xda, 0xf8, 0xe7, 0x88, 0x2f, 0xfb, 0x7e, 0x0e, 0x6c, 0xc2, 0x35,
-    0x65, 0xff, 0xe9, 0x47, 0x3f, 0x05, 0xef, 0xee, 0x31, 0xd6, 0x51, 0x22,
-    0x1f, 0xc7, 0x77, 0xfb, 0xdf, 0xdc, 0x6f, 0xbc, 0xcb, 0x2f, 0xe8, 0xec,
-    0x9f, 0xaf, 0x2c, 0xbf, 0xdc, 0xd4, 0x6c, 0xfa, 0xed, 0x65, 0xf6, 0xd3,
-    0xf0, 0x75, 0x94, 0xc7, 0xb6, 0x21, 0xad, 0x49, 0x3d, 0x96, 0x86, 0xae,
-    0xe1, 0x11, 0xcd, 0xfd, 0x08, 0x9b, 0xf4, 0x7b, 0x6c, 0x31, 0x65, 0xff,
-    0xba, 0xec, 0x9f, 0x67, 0x93, 0x7d, 0x65, 0x68, 0xfa, 0x42, 0x53, 0x7d,
-    0x8c, 0x0e, 0x2c, 0xbf, 0xfb, 0x8f, 0xd7, 0xbd, 0x9d, 0x8c, 0x3b, 0x2c,
-    0xb6, 0x76, 0x7d, 0x3e, 0x21, 0xbf, 0x0f, 0xb0, 0xe6, 0xe2, 0xcb, 0xff,
-    0x14, 0x75, 0xf8, 0x62, 0x71, 0xac, 0xa9, 0x8f, 0xa0, 0xe5, 0x97, 0xdc,
-    0xc2, 0x35, 0x65, 0xf4, 0x64, 0x9d, 0x65, 0x74, 0x78, 0x5f, 0x22, 0xbf,
-    0x68, 0x13, 0xc0, 0xa6, 0x7a, 0x59, 0x50, 0x8b, 0xf1, 0xb2, 0xb9, 0x1d,
-    0xfe, 0x1e, 0xf8, 0x2f, 0x60, 0x16, 0x5f, 0xa3, 0xdf, 0x8f, 0x2c, 0xb8,
-    0x80, 0xb2, 0xb6, 0x3f, 0x1d, 0x1a, 0x39, 0x3d, 0xff, 0xff, 0xe0, 0xeb,
-    0xf9, 0x34, 0xcf, 0xa9, 0xbd, 0xf0, 0x83, 0x98, 0xdb, 0xc7, 0x0b, 0x2f,
-    0xf9, 0xbf, 0xcd, 0x31, 0x41, 0xd6, 0x5f, 0xd1, 0xcd, 0xc6, 0xeb, 0xcb,
-    0x2f, 0xe8, 0xe4, 0xc5, 0x93, 0x2c, 0xa6, 0x4c, 0x4f, 0x71, 0xf7, 0x46,
-    0xff, 0x31, 0xbf, 0x7b, 0xee, 0x46, 0xac, 0xbf, 0xdb, 0xa4, 0x10, 0xf6,
-    0xc6, 0xac, 0xb7, 0x96, 0x52, 0xcb, 0xe6, 0x30, 0xef, 0xd1, 0x79, 0xe1,
-    0x1b, 0xfc, 0x1d, 0x87, 0xfc, 0x28, 0x59, 0x50, 0x8b, 0xfe, 0xd5, 0x08,
-    0xe2, 0xff, 0xfa, 0x0f, 0xb8, 0xd1, 0x05, 0xac, 0x63, 0xe2, 0xcb, 0xff,
-    0xb0, 0x7f, 0x83, 0x3a, 0x97, 0x82, 0x35, 0x97, 0xff, 0x03, 0xec, 0x1f,
-    0x73, 0xe1, 0xcf, 0x2c, 0xbb, 0x38, 0xb2, 0xe7, 0xf2, 0xcb, 0x4b, 0x46,
-    0xb3, 0xe2, 0xd6, 0xe3, 0xa2, 0x60, 0x2e, 0x36, 0xc1, 0xaa, 0xab, 0xc4,
-    0x0e, 0xe1, 0xcf, 0x31, 0x79, 0x27, 0x7a, 0x1b, 0xf7, 0xff, 0xb3, 0x42,
-    0x8e, 0x78, 0x9b, 0xae, 0x4e, 0xf2, 0xcb, 0xff, 0xd9, 0x05, 0x9d, 0x96,
-    0x78, 0x2e, 0x62, 0xcb, 0xff, 0xd0, 0x5f, 0xc8, 0xe9, 0xdb, 0x82, 0x1a,
-    0xb2, 0xff, 0xb0, 0x13, 0xf8, 0xe3, 0xce, 0x2c, 0xbf, 0xf9, 0xbd, 0xfc,
-    0x69, 0x73, 0x3a, 0xf2, 0xca, 0x1a, 0x62, 0x18, 0x90, 0x49, 0x5c, 0x3a,
-    0xbf, 0xe0, 0x16, 0x7b, 0x8e, 0xe4, 0xb2, 0xff, 0xe0, 0xe4, 0xd8, 0xdd,
-    0x96, 0x7f, 0x16, 0x58, 0x1d, 0x9f, 0xc9, 0x1b, 0x5e, 0x3b, 0xf4, 0xb2,
-    0xff, 0xfe, 0x93, 0x0f, 0x3f, 0x9b, 0x44, 0x9b, 0x9c, 0xcd, 0xc5, 0x95,
-    0xa4, 0x51, 0x00, 0xa3, 0xc3, 0xb7, 0x04, 0xd5, 0x97, 0xfb, 0x3e, 0x3f,
-    0xc1, 0x6c, 0xb2, 0xc3, 0xf9, 0xe5, 0x98, 0x31, 0x7d, 0xfc, 0x1b, 0x2c,
-    0xa8, 0x3c, 0xae, 0x14, 0xd4, 0x33, 0xaa, 0x64, 0x6a, 0x38, 0x79, 0xe4,
-    0xa5, 0x56, 0x86, 0x06, 0xa1, 0x17, 0xf8, 0xd3, 0xde, 0x13, 0xe5, 0x2f,
-    0xb7, 0x8d, 0x1e, 0x8d, 0x84, 0x31, 0xab, 0x89, 0x0c, 0x5b, 0xfd, 0x83,
-    0xdb, 0x41, 0x80, 0x2c, 0xbf, 0xfe, 0x03, 0xff, 0x00, 0x07, 0xd6, 0x6f,
-    0xfe, 0x2c, 0xbf, 0xff, 0x7b, 0x84, 0x10, 0xf5, 0x2e, 0x0f, 0xf8, 0xde,
-    0x59, 0x68, 0xd2, 0x36, 0xce, 0x68, 0x4a, 0x17, 0xff, 0x89, 0x86, 0x38,
-    0xf7, 0x07, 0xf8, 0x25, 0x96, 0x3a, 0xcb, 0xf0, 0x18, 0xa5, 0xc5, 0x95,
-    0xd1, 0xb8, 0xf0, 0x8d, 0x62, 0x28, 0x9a, 0x10, 0x17, 0xf7, 0xe6, 0x6f,
-    0xb1, 0xd6, 0x5c, 0x0e, 0x2c, 0xbe, 0xec, 0x83, 0xc5, 0x97, 0xfc, 0x3c,
-    0x39, 0x67, 0xbe, 0xcb, 0x2f, 0xc1, 0xd0, 0x27, 0xb9, 0xe4, 0xb2, 0xb1,
-    0x11, 0xcc, 0x47, 0xc3, 0x7a, 0xc4, 0xc0, 0x58, 0xbb, 0xf0, 0xa5, 0xbf,
-    0x6b, 0x85, 0x1b, 0x2c, 0xbf, 0xff, 0x6e, 0x96, 0x6f, 0x7e, 0x36, 0x17,
-    0xf7, 0x18, 0xeb, 0x2d, 0x2c, 0x44, 0x13, 0x14, 0x5f, 0x6a, 0x30, 0x96,
-    0x5f, 0x1b, 0xa8, 0x3a, 0xcb, 0xdb, 0x61, 0x8b, 0x2e, 0xcd, 0x96, 0x54,
-    0xe3, 0xf8, 0x82, 0x03, 0x08, 0xe7, 0xc7, 0xaf, 0xf3, 0x17, 0xa5, 0x9a,
-    0xc5, 0x97, 0xf4, 0x77, 0xa6, 0x83, 0xac, 0xa9, 0x1e, 0xf1, 0x18, 0xdf,
-    0xfe, 0x38, 0x1f, 0x59, 0xbf, 0x18, 0x7f, 0x65, 0x97, 0xfe, 0x70, 0x6a,
-    0x0b, 0xdf, 0xc9, 0x2c, 0xbf, 0xfc, 0x0c, 0x62, 0xf6, 0x1d, 0xfc, 0x07,
-    0x59, 0x50, 0x8e, 0xfc, 0x21, 0x64, 0xa0, 0x9e, 0xde, 0xcf, 0xba, 0xcb,
-    0xc1, 0x09, 0x2c, 0xbf, 0x37, 0xff, 0x83, 0x59, 0x69, 0x96, 0x0c, 0xf0,
-    0xf8, 0x39, 0x43, 0x44, 0x73, 0xaf, 0x5f, 0xfb, 0x25, 0xf7, 0x94, 0xef,
-    0x49, 0x96, 0x5f, 0x8b, 0x00, 0x1e, 0x2c, 0xbf, 0xd1, 0xef, 0xe3, 0x13,
-    0xac, 0xad, 0x8f, 0x5f, 0x44, 0xf7, 0xf8, 0x13, 0xf8, 0xe3, 0xce, 0x2c,
-    0xbd, 0xb8, 0xc7, 0x59, 0x7f, 0xfc, 0xe0, 0xe4, 0x03, 0xd8, 0xc3, 0xc2,
-    0x99, 0x67, 0xcb, 0xfa, 0x84, 0x6a, 0x61, 0x1b, 0xaa, 0x5f, 0xe9, 0x7b,
-    0xf9, 0xa8, 0xf2, 0xcb, 0xf8, 0xcc, 0xef, 0xbc, 0x31, 0x65, 0xdd, 0xef,
-    0x59, 0x60, 0x2c, 0xbf, 0xfd, 0x2e, 0x66, 0xa3, 0x85, 0x80, 0x0f, 0x16,
-    0x56, 0x1e, 0xd3, 0x88, 0xd4, 0x22, 0x53, 0xee, 0x95, 0x88, 0xe7, 0xf4,
-    0x31, 0x6f, 0xff, 0x66, 0xe8, 0x0f, 0x13, 0x79, 0x83, 0xae, 0x2c, 0xbf,
-    0xc7, 0xcc, 0x2f, 0x4f, 0xe2, 0xcb, 0xff, 0xb9, 0xe8, 0x8d, 0x02, 0x62,
-    0xc3, 0x16, 0x5f, 0x7d, 0xb3, 0xa5, 0x95, 0xd2, 0x26, 0xdc, 0xd0, 0x08,
-    0xb7, 0x8d, 0x90, 0x56, 0x5f, 0xbf, 0x1a, 0xd8, 0xeb, 0x2f, 0xf0, 0x5c,
-    0xbf, 0x8f, 0x32, 0xcb, 0x75, 0x31, 0xed, 0x98, 0x53, 0x4c, 0x8a, 0x47,
-    0x79, 0xa8, 0x56, 0x3f, 0x91, 0x8d, 0x31, 0x3b, 0xc3, 0xa4, 0xa1, 0xa9,
-    0x50, 0xca, 0xd8, 0x94, 0x35, 0xb2, 0x32, 0x7e, 0xa1, 0x6c, 0xd0, 0x9f,
-    0xfc, 0x71, 0xcf, 0x0c, 0x80, 0x11, 0x14, 0x6d, 0x7c, 0x96, 0x99, 0x70,
-    0x49, 0x65, 0xf7, 0x5c, 0x8e, 0x96, 0x50, 0xac, 0xdd, 0x10, 0xb5, 0xfa,
-    0x66, 0xdb, 0x3a, 0x59, 0x7b, 0x41, 0x92, 0xca, 0xe8, 0xf1, 0xfc, 0x55,
-    0x7f, 0x4e, 0xf1, 0x41, 0xf8, 0xb2, 0x98, 0xf4, 0x9c, 0x8e, 0xff, 0xcf,
-    0xad, 0x60, 0x98, 0x37, 0x92, 0xcb, 0xc5, 0x80, 0x59, 0x68, 0x59, 0x40,
-    0x35, 0x7e, 0x1b, 0xb9, 0xfc, 0xb2, 0xb4, 0x6d, 0xfe, 0x43, 0x7c, 0x78,
-    0xd7, 0x16, 0x5f, 0xe8, 0x39, 0x60, 0x03, 0xc5, 0x97, 0xfd, 0xac, 0xfe,
-    0x6d, 0x39, 0xb8, 0xb2, 0xb1, 0x16, 0x0c, 0x42, 0x44, 0x41, 0x32, 0xbf,
-    0xd2, 0x6e, 0x72, 0x35, 0x25, 0x97, 0xce, 0x78, 0x65, 0x97, 0xbc, 0xc6,
-    0x2c, 0xa1, 0x9f, 0x84, 0xc6, 0x66, 0x10, 0x5f, 0xcc, 0x41, 0x96, 0x71,
-    0x65, 0xff, 0xfa, 0x4d, 0xee, 0x77, 0xf6, 0xf7, 0x52, 0x6f, 0x71, 0x65,
-    0xff, 0x40, 0x0e, 0xf2, 0xd6, 0x6c, 0xb2, 0xf6, 0xd9, 0xba, 0xb2, 0xfe,
-    0x8c, 0xf7, 0x1f, 0xa5, 0x97, 0xfd, 0xe8, 0xe8, 0x0f, 0xff, 0xb2, 0xcb,
-    0xe6, 0x9f, 0xcd, 0x96, 0x56, 0x1e, 0xf7, 0x8e, 0x6c, 0x75, 0x97, 0xf3,
-    0x10, 0x65, 0x9c, 0x9c, 0x6c, 0xb7, 0x90, 0xd4, 0x2a, 0x11, 0x34, 0xc6,
-    0x62, 0xcf, 0xac, 0x11, 0xcf, 0x08, 0x3d, 0x0b, 0xdb, 0xef, 0x87, 0x3c,
-    0xb2, 0xff, 0xc1, 0xea, 0x5c, 0xfe, 0x6c, 0x12, 0x59, 0x7e, 0x27, 0xf3,
-    0x9d, 0x65, 0x32, 0x22, 0x74, 0x44, 0x22, 0x0d, 0x85, 0xcf, 0x6f, 0xeb,
-    0x77, 0x3d, 0x2e, 0xcf, 0x11, 0x8d, 0x8a, 0x1e, 0x85, 0x42, 0xc8, 0x95,
-    0x85, 0xb4, 0x3b, 0xa5, 0x1c, 0x58, 0xe7, 0xc9, 0x32, 0xb0, 0x88, 0x36,
-    0x5c, 0xd7, 0x73, 0xab, 0x9d, 0x46, 0x36, 0xd1, 0xfc, 0x4d, 0x39, 0x07,
-    0xa9, 0xc6, 0xa3, 0xc7, 0xa5, 0xfa, 0xc5, 0xe1, 0xe5, 0x81, 0x82, 0x56,
-    0x28, 0xad, 0x20, 0xa7, 0x6e, 0xb9, 0x4f, 0x10, 0xf5, 0x32, 0x78, 0x30,
-    0xf2, 0xdf, 0x0b, 0xd3, 0x08, 0x27, 0xe3, 0x50, 0x12, 0x55, 0xde, 0xec,
-    0x3d, 0x2f, 0xed, 0x0b, 0x1e, 0xf6, 0x85, 0x97, 0xf6, 0xeb, 0x0c, 0xa2,
-    0x65, 0x97, 0xa1, 0xc9, 0x65, 0xf6, 0x7d, 0xfc, 0xb2, 0xc2, 0x9c, 0x3e,
-    0xbf, 0x98, 0x10, 0xd5, 0xfc, 0x2a, 0x4f, 0x0f, 0xec, 0xdd, 0x59, 0x7f,
-    0xf4, 0x1c, 0xa2, 0x74, 0xd2, 0x8d, 0x6c, 0xb2, 0xff, 0xf4, 0x68, 0x33,
-    0x4c, 0xdf, 0x63, 0xb8, 0xd6, 0x5f, 0xc4, 0xfe, 0xe4, 0x6e, 0x2c, 0xbf,
-    0xbe, 0x26, 0xec, 0x10, 0x16, 0x5f, 0xff, 0xf8, 0xbd, 0xc8, 0x69, 0x66,
-    0xe9, 0x7a, 0x3f, 0x06, 0x86, 0x37, 0x56, 0x5e, 0xdd, 0x1c, 0x2c, 0xa7,
-    0x44, 0x78, 0x5c, 0x2f, 0xc1, 0xf4, 0xd0, 0x6a, 0xcb, 0xfe, 0x8d, 0xb9,
-    0x33, 0x1d, 0xe6, 0x59, 0x43, 0x54, 0x11, 0xda, 0x3b, 0x25, 0xcc, 0x5f,
-    0xf8, 0x60, 0x11, 0x16, 0xe9, 0x55, 0xff, 0xff, 0xd9, 0xba, 0x4f, 0xde,
-    0xe8, 0xbe, 0x31, 0x85, 0x9c, 0x9c, 0xfe, 0x0c, 0x2c, 0xb8, 0x0c, 0xb2,
-    0xb4, 0x89, 0x1e, 0x3d, 0xdf, 0xdd, 0xbe, 0xb6, 0xc3, 0x16, 0x56, 0x1e,
-    0x9b, 0x11, 0xdf, 0xff, 0xbf, 0x85, 0x86, 0xfd, 0xe5, 0xf3, 0x1c, 0x43,
-    0xac, 0xb7, 0x4b, 0x2f, 0xfa, 0x1b, 0x98, 0xdf, 0x8f, 0x2c, 0xa9, 0x1e,
-    0x47, 0xc4, 0xaf, 0xbb, 0x77, 0xed, 0x51, 0x6b, 0x2f, 0xfe, 0x6d, 0x7d,
-    0xf8, 0xfe, 0x27, 0x02, 0xcb, 0xe6, 0xd6, 0xe0, 0xd6, 0x54, 0x93, 0x58,
-    0x68, 0x4f, 0xe8, 0x8b, 0xe6, 0x1b, 0xd0, 0xaf, 0xd9, 0x26, 0xf8, 0x56,
-    0x5f, 0xf4, 0x82, 0xdf, 0xd9, 0xc8, 0x6b, 0x2f, 0xfc, 0x4f, 0xa8, 0x9a,
-    0x76, 0x69, 0x96, 0x5f, 0xcc, 0x77, 0x9b, 0x3e, 0xb2, 0x98, 0xfb, 0x0e,
-    0x7f, 0x7e, 0x06, 0x6e, 0x97, 0x96, 0x5f, 0xe0, 0x96, 0x6e, 0xb1, 0x8c,
-    0xb2, 0xfb, 0x8e, 0x5d, 0xac, 0xaf, 0x9e, 0xbe, 0xe9, 0xad, 0x42, 0x29,
-    0xb2, 0x10, 0x37, 0xb5, 0x07, 0x59, 0x7f, 0x7f, 0x39, 0x1b, 0x6e, 0xac,
-    0xbf, 0xfc, 0x38, 0x39, 0x44, 0xe9, 0xa5, 0x1a, 0xd9, 0x65, 0xc0, 0x1a,
-    0xcb, 0xf6, 0xbb, 0x77, 0xed, 0x51, 0x41, 0xaf, 0xb3, 0xbc, 0xe9, 0x65,
-    0xd2, 0x17, 0x08, 0xbd, 0x1a, 0x6e, 0x0b, 0xfc, 0xda, 0xb1, 0x33, 0x77,
-    0x87, 0x75, 0xff, 0x7f, 0x75, 0xc0, 0x2e, 0x38, 0x62, 0xcb, 0xd3, 0x47,
-    0x96, 0x54, 0x1e, 0xe6, 0x1f, 0xdb, 0xb5, 0x97, 0xf7, 0xf3, 0xdf, 0x73,
-    0xac, 0xbf, 0xd3, 0xbd, 0x07, 0x6d, 0x4c, 0xb2, 0xb0, 0xf8, 0xc0, 0x5b,
-    0x7f, 0x61, 0x76, 0xe4, 0x05, 0x95, 0x39, 0x18, 0x44, 0xeb, 0xc2, 0x1b,
-    0xfd, 0x28, 0xd6, 0xd1, 0xad, 0x96, 0x5f, 0xee, 0xa5, 0x19, 0xe9, 0xd8,
-    0xb2, 0xf7, 0x71, 0xda, 0xca, 0x84, 0x44, 0x61, 0xab, 0x9a, 0xdf, 0x8f,
-    0x9b, 0xa4, 0x05, 0x97, 0xb0, 0xec, 0xb2, 0xfb, 0x4c, 0x69, 0xd6, 0x5e,
-    0xf6, 0x7d, 0x65, 0xfe, 0x82, 0xf4, 0x69, 0x8e, 0xb2, 0xef, 0x32, 0xcb,
-    0xff, 0xec, 0x03, 0xeb, 0x37, 0xe0, 0xf0, 0xf1, 0xda, 0xca, 0x84, 0xc6,
-    0xc6, 0x55, 0x83, 0x66, 0x91, 0xfc, 0x71, 0xcc, 0x48, 0x5a, 0xe3, 0xcc,
-    0xb2, 0xf8, 0x01, 0x29, 0x96, 0x5c, 0xdd, 0xac, 0xa8, 0x37, 0x53, 0xe4,
-    0x76, 0xfc, 0xe3, 0xf5, 0x16, 0xa5, 0x7e, 0x7e, 0x1e, 0x00, 0xb2, 0xfd,
-    0x30, 0x1c, 0xa6, 0x59, 0x71, 0x32, 0xca, 0x83, 0x7d, 0xd9, 0x4d, 0xf3,
-    0x83, 0x34, 0xb2, 0xfa, 0x05, 0x8c, 0x6b, 0x2f, 0xf6, 0x07, 0xbf, 0xc6,
-    0xb1, 0x65, 0xff, 0x6a, 0x0c, 0x2c, 0x1b, 0x69, 0x65, 0xff, 0xf6, 0x7f,
-    0xee, 0xde, 0x82, 0xcf, 0xe7, 0x6b, 0x2b, 0x13, 0xaf, 0x34, 0xb1, 0x99,
-    0x7e, 0x42, 0x44, 0x3c, 0x24, 0x09, 0x9c, 0xf9, 0xc5, 0xfe, 0x99, 0xbc,
-    0x19, 0x9b, 0xcb, 0x2f, 0xfe, 0x7d, 0xde, 0x66, 0xe9, 0x3f, 0xb3, 0x75,
-    0x65, 0xff, 0xff, 0xda, 0x03, 0x8e, 0x35, 0xbb, 0xcc, 0xdd, 0x20, 0x44,
-    0xc2, 0x6e, 0x84, 0xeb, 0x2f, 0xff, 0xe7, 0xf6, 0x1f, 0x1a, 0x69, 0x7f,
-    0x06, 0x1f, 0x71, 0x65, 0xff, 0xf7, 0x1b, 0x67, 0xe3, 0x93, 0xfb, 0xf1,
-    0x32, 0xcb, 0xff, 0x39, 0x03, 0x3d, 0x04, 0xc0, 0x59, 0x50, 0x9b, 0x10,
-    0xdf, 0x7c, 0xb7, 0x3e, 0x9f, 0x61, 0x62, 0x86, 0xc4, 0x86, 0x79, 0x1b,
-    0xc4, 0xa4, 0x29, 0x46, 0xa5, 0x91, 0xbc, 0x1a, 0xa3, 0xd1, 0x3b, 0x42,
-    0x96, 0x68, 0x63, 0xe8, 0x98, 0xf1, 0xa9, 0xfe, 0x10, 0x6f, 0x0e, 0x22,
-    0x85, 0xcf, 0x23, 0x48, 0xf4, 0xa8, 0x60, 0xb9, 0x98, 0x6a, 0x24, 0x75,
-    0xb7, 0xf8, 0xd1, 0x6f, 0xff, 0xe6, 0xcb, 0x2f, 0xff, 0x0b, 0x3b, 0xc8,
-    0x5e, 0x6b, 0xb7, 0x7e, 0xd5, 0x14, 0x5a, 0xff, 0x0b, 0xcd, 0x76, 0xef,
-    0xda, 0xa2, 0xea, 0x54, 0x42, 0x74, 0xd2, 0x51, 0xce, 0xe3, 0x67, 0x70,
-    0xe4, 0x69, 0xdc, 0xa3, 0xcf, 0xc4, 0xfe, 0xfd, 0xa6, 0x1e, 0x53, 0x68,
-    0x2b, 0x1b, 0xd2, 0x8d, 0x73, 0x86, 0xfe, 0x5c, 0xbf, 0x6b, 0xb7, 0x7e,
-    0xd5, 0x11, 0x0a, 0xdb, 0x2c, 0xbd, 0xf6, 0x25, 0x97, 0x60, 0xd6, 0x5b,
-    0xb5, 0x95, 0xd9, 0xe1, 0xfc, 0x6c, 0x85, 0xaf, 0xb3, 0x7b, 0x69, 0x65,
-    0xf3, 0x6b, 0x3a, 0x59, 0x58, 0x8f, 0xf3, 0x4d, 0xba, 0x55, 0xdc, 0x2f,
-    0x9f, 0x23, 0xbe, 0x28, 0x07, 0x16, 0x5f, 0xda, 0x0f, 0xf7, 0xe0, 0xd6,
-    0x5e, 0xcc, 0x1a, 0xcb, 0xbc, 0x2e, 0x63, 0xec, 0xd1, 0x09, 0x18, 0x50,
-    0xb4, 0x7d, 0x64, 0x2f, 0x6f, 0xfe, 0x16, 0x2b, 0x82, 0xf0, 0x87, 0x2c,
-    0xd9, 0x65, 0xa7, 0xd6, 0x5f, 0x47, 0xe0, 0xeb, 0x2f, 0xbb, 0x77, 0xed,
-    0x51, 0x1b, 0x2b, 0xb3, 0xd1, 0xd1, 0x0d, 0x85, 0x8d, 0x11, 0x18, 0xcb,
-    0x7f, 0x85, 0xe6, 0xbb, 0x77, 0xed, 0x51, 0x4d, 0xae, 0x79, 0x2c, 0xbe,
-    0xed, 0xdf, 0xb5, 0x45, 0x40, 0xa1, 0x9e, 0x36, 0x85, 0xaf, 0x67, 0x46,
-    0x2c, 0xb0, 0xbc, 0x3c, 0x0f, 0x91, 0x5f, 0xe1, 0x79, 0xae, 0xdd, 0xfb,
-    0x54, 0x54, 0xcb, 0x80, 0xcb, 0x2f, 0x05, 0xb4, 0xb2, 0xfb, 0xb7, 0x7e,
-    0xd5, 0x15, 0x82, 0xfb, 0xd1, 0xd4, 0x96, 0x56, 0x8f, 0x4c, 0xe6, 0x17,
-    0xe6, 0x30, 0x61, 0xd2, 0xcb, 0x6c, 0xb2, 0xe1, 0x24, 0xb2, 0xf3, 0x97,
-    0x6b, 0x2a, 0x0f, 0x18, 0x02, 0x5e, 0x18, 0xbb, 0x84, 0xb2, 0xe1, 0x9a,
-    0xb2, 0xf4, 0x01, 0x96, 0x5c, 0x7e, 0x2c, 0xbf, 0x3c, 0xbc, 0xdb, 0x2c,
-    0xbf, 0x73, 0x85, 0x80, 0x59, 0x4c, 0x79, 0xee, 0x51, 0x73, 0x4f, 0xac,
-    0xb6, 0x96, 0x5e, 0x69, 0xf7, 0x83, 0x54, 0x11, 0x9b, 0xfc, 0x2f, 0x35,
-    0xdb, 0xbf, 0x6a, 0x88, 0xfd, 0x70, 0x78, 0xb2, 0xf1, 0x40, 0xd6, 0x54,
-    0x22, 0xa2, 0x46, 0x63, 0x43, 0x61, 0x7b, 0xec, 0xc2, 0x92, 0xcb, 0x42,
-    0xcb, 0x6c, 0xb2, 0xfc, 0xdc, 0xf0, 0x5d, 0x65, 0x41, 0xb9, 0x18, 0x95,
-    0x48, 0xfa, 0x71, 0x26, 0xf4, 0xc1, 0xd2, 0xcb, 0x86, 0x4b, 0x2a, 0x0d,
-    0xa7, 0xc7, 0xaf, 0xee, 0xa4, 0xf2, 0x62, 0x59, 0x7a, 0x0a, 0x65, 0x97,
-    0xd3, 0x4a, 0x3a, 0x59, 0x7d, 0x1c, 0x69, 0x96, 0x56, 0x22, 0x3c, 0xd2,
-    0xd6, 0x1c, 0xd1, 0x25, 0xe3, 0x5f, 0xcb, 0x2e, 0x7f, 0x2c, 0xb8, 0xfb,
-    0xab, 0x2e, 0xf7, 0x96, 0x58, 0x58, 0xa8, 0xba, 0x9a, 0x31, 0x6c, 0x6f,
-    0xec, 0x8b, 0xa6, 0xf6, 0x2e, 0xdc, 0x16, 0xd0, 0xc1, 0xc6, 0xfe, 0xcc,
-    0xf0, 0xf2, 0x01, 0xd9, 0x42, 0x27, 0x8a, 0xbe, 0x85, 0x78, 0x4f, 0x27,
-    0xc7, 0x44, 0x16, 0xdd, 0x1a, 0xbf, 0xfc, 0x2c, 0xef, 0x21, 0x79, 0xae,
-    0xdd, 0xfb, 0x54, 0x4d, 0xeb, 0xff, 0x8e, 0xf2, 0x17, 0x9a, 0xed, 0xdf,
-    0xb5, 0x44, 0xfc, 0xbd, 0x3d, 0x4f, 0x73, 0xd2, 0xcb, 0xff, 0xfe, 0xf8,
-    0x7c, 0x4e, 0x6f, 0x5e, 0xd4, 0x67, 0x4e, 0xdd, 0x3a, 0xcb, 0x4f, 0x53,
-    0xd2, 0x25, 0x30, 0xb2, 0xfe, 0x73, 0xc1, 0xe0, 0x45, 0x97, 0xfe, 0x9e,
-    0xc5, 0x2f, 0x2f, 0xb6, 0xfc, 0xd9, 0x65, 0xcf, 0x25, 0x97, 0x31, 0xd6,
-    0x54, 0xf6, 0x8d, 0x59, 0xe8, 0xc8, 0x52, 0x5b, 0x3c, 0x92, 0xb4, 0x2d,
-    0x7f, 0xe9, 0xea, 0x07, 0x9b, 0xc8, 0x22, 0x42, 0xcb, 0xe9, 0xeb, 0x6e,
-    0x01, 0x65, 0xf9, 0xf6, 0xf0, 0x4d, 0x59, 0x7e, 0xef, 0x45, 0x12, 0x59,
-    0x42, 0xac, 0xfe, 0xf4, 0x52, 0xe5, 0x57, 0x08, 0x75, 0x97, 0xf6, 0x1a,
-    0xde, 0x28, 0x59, 0x5d, 0x9e, 0x24, 0xf8, 0xc5, 0xd2, 0x3a, 0xcb, 0xfb,
-    0x8e, 0x7d, 0x47, 0x16, 0x5f, 0xb5, 0x1f, 0x0c, 0x2c, 0xbf, 0x7f, 0x3d,
-    0x03, 0x59, 0x53, 0xda, 0x7e, 0x13, 0xd4, 0x30, 0x05, 0x2f, 0x13, 0xcc,
-    0x98, 0x55, 0x8b, 0xb1, 0x6b, 0x93, 0xdf, 0xa7, 0xa8, 0xf4, 0x0d, 0x65,
-    0xee, 0x61, 0x2c, 0xbf, 0x85, 0x13, 0xc1, 0xe3, 0x3c, 0xb2, 0xff, 0x0a,
-    0xb9, 0xe9, 0xa7, 0xfe, 0xc2, 0xb5, 0x97, 0x17, 0x6b, 0x2f, 0xb9, 0x31,
-    0xf8, 0xb2, 0xfc, 0x5e, 0xfb, 0x1d, 0x65, 0xf4, 0xc1, 0x71, 0x16, 0x54,
-    0x1e, 0x5b, 0x93, 0xde, 0x3c, 0x71, 0x65, 0xdd, 0xf6, 0xb2, 0xff, 0x77,
-    0xf6, 0xf6, 0x61, 0xd6, 0x5d, 0xbf, 0xb5, 0xc6, 0x04, 0xa9, 0xed, 0x3f,
-    0x71, 0x41, 0x64, 0xf3, 0x1b, 0x15, 0x66, 0xd0, 0x8a, 0xc2, 0xf3, 0x37,
-    0xe8, 0x80, 0x03, 0x9c, 0x19, 0xf1, 0x9d, 0xfa, 0x7b, 0x14, 0xcf, 0xe7,
-    0x4b, 0x2f, 0xe9, 0xe9, 0xf6, 0xfb, 0x6e, 0x2c, 0xbf, 0xe9, 0xde, 0xfe,
-    0x1f, 0x35, 0x8b, 0x2f, 0xe1, 0x55, 0x3d, 0xcf, 0x62, 0x9e, 0x42, 0xcb,
-    0xf4, 0xf0, 0x69, 0xb9, 0xb8, 0xb2, 0xfe, 0xf3, 0x11, 0x98, 0x4b, 0x2e,
-    0xdf, 0xda, 0xe3, 0x01, 0x5b, 0xeb, 0x2e, 0x00, 0x16, 0x54, 0xf4, 0x9c,
-    0xa0, 0xa4, 0xd4, 0x50, 0x6d, 0x3c, 0x8e, 0x85, 0x5a, 0x16, 0x19, 0x78,
-    0xb0, 0x24, 0xe2, 0x08, 0xdf, 0x49, 0xc6, 0xcb, 0x2f, 0xef, 0xb7, 0x8a,
-    0x26, 0x59, 0x73, 0xe2, 0xca, 0xec, 0xf0, 0xb4, 0x5b, 0x7c, 0xe3, 0xc3,
-    0xac, 0xbd, 0xdc, 0x12, 0xcb, 0xff, 0x6f, 0x8f, 0xb4, 0x4d, 0x34, 0x76,
-    0xb2, 0x85, 0x29, 0x82, 0xcf, 0x0c, 0x62, 0xa1, 0x1e, 0x10, 0xb0, 0xe5,
-    0xf0, 0xa3, 0x63, 0xf1, 0x65, 0xfd, 0x93, 0x41, 0x37, 0x4b, 0x2f, 0xe2,
-    0x63, 0x7e, 0xf2, 0x59, 0x7f, 0xfc, 0xfe, 0x82, 0xed, 0x8e, 0x30, 0xbe,
-    0xa4, 0xb2, 0x8e, 0x7f, 0x84, 0x5b, 0x7e, 0x33, 0xde, 0x83, 0xac, 0xa9,
-    0xe0, 0xf2, 0xb6, 0x21, 0xbf, 0xe7, 0xfb, 0x6f, 0x16, 0x61, 0x86, 0x24,
-    0xbf, 0xdf, 0x7f, 0x79, 0xdc, 0xc5, 0x97, 0x40, 0xd6, 0x5f, 0xb3, 0xb7,
-    0xe3, 0x2c, 0xa1, 0x42, 0x7e, 0x73, 0xc8, 0xa0, 0x54, 0x87, 0x98, 0xaa,
-    0x28, 0x15, 0x68, 0x1d, 0x19, 0xfc, 0x5a, 0xff, 0xff, 0x7d, 0xb9, 0x12,
-    0xcf, 0xb6, 0xbe, 0xf8, 0x1c, 0xfa, 0xcb, 0xff, 0xed, 0x43, 0x7b, 0xf8,
-    0x36, 0xe6, 0x10, 0x16, 0x58, 0x52, 0xe8, 0xab, 0xe2, 0xf5, 0xdc, 0x85,
-    0x95, 0x3d, 0x9e, 0x14, 0x8b, 0x2f, 0xed, 0xc8, 0xd3, 0xbc, 0x96, 0x5f,
-    0xbe, 0xce, 0x01, 0x56, 0xb2, 0xf4, 0x75, 0x25, 0x95, 0x3d, 0x22, 0x82,
-    0x79, 0x93, 0xf8, 0xbf, 0x74, 0xb6, 0xff, 0xd3, 0xc4, 0xf5, 0x31, 0x40,
-    0xf3, 0xaf, 0x2c, 0xbe, 0xc1, 0xbc, 0x96, 0x5f, 0xec, 0x10, 0xf8, 0x59,
-    0xb8, 0xb2, 0xf6, 0x83, 0xba, 0xb2, 0xa7, 0x84, 0x60, 0x0a, 0x89, 0x42,
-    0xa8, 0x84, 0x26, 0xb7, 0xff, 0xe9, 0xe8, 0x9f, 0xd1, 0x85, 0x23, 0xc6,
-    0x10, 0xd6, 0x5f, 0x16, 0x30, 0x16, 0x5f, 0x4f, 0x20, 0x1b, 0x0b, 0x2f,
-    0xcd, 0xa0, 0x02, 0x16, 0x5c, 0xdb, 0x2c, 0xa9, 0xed, 0x1b, 0xa2, 0x95,
-    0x61, 0x41, 0x04, 0x8a, 0x7c, 0x4f, 0x79, 0xf3, 0xeb, 0x2f, 0xf9, 0xfd,
-    0xd4, 0xbd, 0x9a, 0x35, 0x65, 0xcc, 0x05, 0x95, 0x3d, 0x1f, 0x60, 0xab,
-    0x1b, 0x23, 0xbb, 0xe1, 0x52, 0x78, 0x15, 0xcf, 0x4b, 0x2f, 0xfd, 0x11,
-    0x11, 0x11, 0x1d, 0x71, 0x65, 0xe9, 0xa3, 0xcb, 0x2e, 0x88, 0x83, 0xd8,
-    0x98, 0xee, 0xff, 0xf7, 0xe2, 0x6e, 0xb9, 0x9d, 0x6e, 0x44, 0x12, 0xcb,
-    0xcd, 0xd6, 0x2c, 0xbf, 0x69, 0xb6, 0x73, 0xa4, 0xb8, 0xc3, 0x12, 0x56,
-    0x1e, 0x09, 0x85, 0x16, 0x0a, 0x41, 0x66, 0x8a, 0xf7, 0xf3, 0xb5, 0x95,
-    0x09, 0x9c, 0xfc, 0xb0, 0x09, 0xdc, 0x7f, 0x10, 0x8e, 0xfc, 0x19, 0xf8,
-    0x0f, 0x4b, 0x2f, 0xfd, 0x1f, 0xc0, 0x60, 0xfe, 0xf2, 0x59, 0x7c, 0xe5,
-    0x1b, 0xab, 0x2f, 0xe9, 0x41, 0xe3, 0x5a, 0x59, 0x58, 0x8b, 0x9d, 0x16,
-    0x39, 0xe8, 0x48, 0xef, 0xff, 0xef, 0x31, 0xf0, 0xbd, 0xc8, 0x37, 0x81,
-    0x1f, 0xd9, 0x65, 0xfe, 0xea, 0x53, 0xb8, 0xc1, 0xd2, 0xcb, 0xff, 0xce,
-    0xc5, 0x80, 0x9d, 0x1a, 0xda, 0x3c, 0xb2, 0xff, 0xdb, 0xad, 0xb9, 0xf9,
-    0xa3, 0x71, 0xce, 0xb2, 0xff, 0xd8, 0x78, 0xe7, 0x32, 0x53, 0xf8, 0xb2,
-    0x86, 0x8d, 0x2f, 0xa5, 0x12, 0x45, 0xf8, 0xee, 0x7c, 0x1a, 0xcb, 0xfe,
-    0xf7, 0x7f, 0x62, 0x28, 0xe9, 0x65, 0x41, 0xf0, 0x39, 0x3d, 0xff, 0xa3,
-    0x68, 0xe3, 0x4f, 0xe6, 0xa1, 0x65, 0x4e, 0x54, 0xa7, 0x8b, 0x6d, 0x18,
-    0x4f, 0xe1, 0x1e, 0x44, 0x17, 0xfc, 0x51, 0x3a, 0x69, 0x46, 0xb6, 0x59,
-    0x7f, 0xb0, 0x6d, 0xbf, 0x80, 0xed, 0x65, 0xff, 0xff, 0xb3, 0x7b, 0x7a,
-    0x58, 0x0e, 0x16, 0x03, 0x51, 0xb3, 0xeb, 0xb5, 0x97, 0x44, 0x9d, 0x14,
-    0x9c, 0x36, 0xbf, 0xbd, 0xcc, 0xcd, 0xa1, 0x65, 0x1d, 0x33, 0xaf, 0xc3,
-    0x80, 0x8b, 0x6f, 0xb8, 0x3f, 0x05, 0x65, 0xff, 0xff, 0xdb, 0xe3, 0x58,
-    0x32, 0x7d, 0x1a, 0xfe, 0x0f, 0x9b, 0xdc, 0xfb, 0x2c, 0xbf, 0xda, 0x09,
-    0x07, 0xc1, 0xf2, 0xcb, 0xdf, 0x82, 0x59, 0x4c, 0x79, 0xfe, 0x34, 0xbe,
-    0xd0, 0x9e, 0xe2, 0xca, 0x83, 0xc5, 0xc2, 0x1b, 0xfd, 0x13, 0x14, 0x1c,
-    0x3b, 0x2c, 0xbf, 0x3f, 0x18, 0xe1, 0x59, 0x47, 0x3d, 0xbf, 0x9a, 0x5c,
-    0x69, 0x8b, 0x2f, 0xff, 0xd2, 0x82, 0x28, 0xd8, 0xc7, 0xdb, 0xed, 0x04,
-    0xb2, 0xa1, 0x53, 0x4f, 0x66, 0xac, 0x47, 0xf8, 0xc1, 0xdd, 0xef, 0xc4,
-    0x41, 0x19, 0xbe, 0x6d, 0x9c, 0xeb, 0x2f, 0x13, 0x42, 0xcb, 0xf4, 0x08,
-    0x7f, 0xb2, 0xca, 0x19, 0xf2, 0x68, 0x88, 0x86, 0xaf, 0xb7, 0xc8, 0xf0,
-    0xb2, 0xfc, 0xfb, 0x43, 0xf6, 0xb2, 0xfa, 0x39, 0x07, 0x59, 0x7f, 0xa3,
-    0x62, 0x0e, 0x75, 0xe5, 0x96, 0x12, 0x71, 0xea, 0xfc, 0x86, 0xb1, 0x19,
-    0x9f, 0x24, 0x77, 0xdb, 0xfa, 0x5c, 0xf6, 0x11, 0xab, 0x2f, 0xb8, 0xf2,
-    0xdc, 0x59, 0x7f, 0xe9, 0x72, 0x25, 0x00, 0xe6, 0x6f, 0x59, 0x7a, 0x06,
-    0xcb, 0x2f, 0xf6, 0x84, 0xf7, 0x36, 0xc3, 0x16, 0x5f, 0xfd, 0x1d, 0xe6,
-    0xb3, 0xed, 0xaf, 0xba, 0xcb, 0xff, 0xcd, 0xcc, 0x1e, 0xa0, 0x3e, 0x26,
-    0xde, 0xb2, 0xe7, 0x31, 0x65, 0x76, 0x7c, 0x26, 0x25, 0x5f, 0xfd, 0x1a,
-    0x97, 0x7f, 0x69, 0x89, 0xcc, 0x59, 0x7f, 0xf6, 0x9f, 0x61, 0xfe, 0x39,
-    0xe0, 0xfd, 0x65, 0x71, 0x11, 0x9e, 0x46, 0xbd, 0xe6, 0x99, 0x65, 0x8f,
-    0x24, 0xf9, 0xb0, 0x6f, 0x46, 0xff, 0x85, 0x27, 0x21, 0x61, 0xe2, 0x3b,
-    0xe8, 0x3c, 0x7d, 0x65, 0xfa, 0x0c, 0x1e, 0x1d, 0x65, 0x9a, 0x47, 0x92,
-    0x21, 0x0d, 0x42, 0xaf, 0xec, 0x94, 0x4d, 0xf8, 0x58, 0x5f, 0xce, 0x07,
-    0xed, 0xf4, 0xb2, 0xff, 0xf8, 0x24, 0x50, 0x69, 0xff, 0x1d, 0x7a, 0x3e,
-    0xb2, 0xff, 0xfe, 0x2f, 0x70, 0x31, 0xf8, 0x39, 0x60, 0x0f, 0x12, 0x59,
-    0x78, 0x6f, 0xf5, 0x97, 0xfd, 0x1f, 0x8e, 0xa5, 0x28, 0xd9, 0x65, 0xf7,
-    0x7f, 0x6d, 0x2c, 0xbf, 0xb7, 0x0b, 0x36, 0xc3, 0x16, 0x54, 0x26, 0x07,
-    0x8b, 0x3a, 0x1c, 0x73, 0xa0, 0x91, 0xdf, 0xfe, 0xfb, 0x1c, 0x71, 0x3a,
-    0x7c, 0x3f, 0x6d, 0x2c, 0xbf, 0xbd, 0x1f, 0x28, 0x92, 0xca, 0x9c, 0x7f,
-    0x6c, 0x9f, 0x4b, 0x2f, 0xe2, 0x73, 0x5b, 0x51, 0x23, 0x5d, 0xf2, 0x3b,
-    0xe7, 0xf6, 0xa1, 0x65, 0xfa, 0x35, 0xa7, 0x99, 0x65, 0xcd, 0xd2, 0xcb,
-    0xfc, 0x00, 0xe0, 0x0e, 0xf2, 0x59, 0x76, 0x42, 0xca, 0x91, 0xef, 0xf4,
-    0x2e, 0x73, 0x3a, 0xd9, 0x16, 0xef, 0x08, 0x7b, 0xff, 0xfd, 0xf6, 0xea,
-    0x0a, 0x38, 0x3f, 0xc7, 0x18, 0xba, 0x92, 0xcb, 0xff, 0xfe, 0xfb, 0x8f,
-    0xec, 0x4f, 0xe8, 0x99, 0x8d, 0x62, 0xcd, 0xeb, 0x2f, 0xf9, 0xbd, 0x9a,
-    0xd0, 0x76, 0xde, 0xb2, 0xff, 0xb9, 0x9e, 0x1e, 0x60, 0x38, 0xb2, 0xbe,
-    0x7e, 0x9e, 0x3c, 0xbf, 0xe6, 0xf6, 0x6b, 0x41, 0xdb, 0x7a, 0xcb, 0x82,
-    0x53, 0x8f, 0x7b, 0xe4, 0x55, 0x09, 0xe3, 0xe3, 0x07, 0x23, 0x38, 0xa9,
-    0x32, 0x43, 0x87, 0x2c, 0x8f, 0x0f, 0x3b, 0x2d, 0xd4, 0x6a, 0x7f, 0x87,
-    0x88, 0x10, 0x8a, 0x1b, 0x1c, 0x8f, 0xbe, 0xf8, 0xec, 0x38, 0x59, 0x7f,
-    0x37, 0xf5, 0xa6, 0xd9, 0x65, 0x41, 0xe7, 0xfc, 0x86, 0xe3, 0x3c, 0xb2,
-    0xff, 0xe6, 0x6f, 0xcd, 0x9e, 0x8f, 0x40, 0xd6, 0x5f, 0x08, 0x68, 0x86,
-    0xac, 0xb4, 0x2c, 0xbf, 0xfe, 0x8e, 0xa4, 0xe4, 0x09, 0xc0, 0x6d, 0x31,
-    0xab, 0x2a, 0x11, 0xc9, 0x30, 0xc1, 0x88, 0x73, 0xe4, 0xfb, 0xa2, 0x17,
-    0xfa, 0x3a, 0x9b, 0xf0, 0x46, 0xac, 0xb8, 0xa6, 0x59, 0x7b, 0x9f, 0x65,
-    0x94, 0x73, 0x67, 0xe1, 0x7b, 0xed, 0x8e, 0xd2, 0x59, 0x7d, 0x00, 0x10,
-    0xeb, 0x2f, 0x88, 0x2f, 0x25, 0x95, 0xd9, 0xe2, 0x70, 0x8e, 0xfe, 0x83,
-    0x8b, 0x00, 0x21, 0x65, 0xe1, 0x5c, 0x79, 0x65, 0xfc, 0x78, 0xc2, 0xf7,
-    0x16, 0x57, 0xcf, 0xec, 0x25, 0xfb, 0xa4, 0x15, 0x09, 0x9b, 0xe3, 0x3b,
-    0x42, 0x7a, 0xfc, 0xdf, 0xf6, 0x76, 0xb2, 0xf6, 0x10, 0x16, 0x54, 0xc7,
-    0x87, 0xba, 0x51, 0x50, 0xa9, 0x73, 0x1a, 0x35, 0x1a, 0xc3, 0xbb, 0x5f,
-    0xe1, 0x89, 0x1b, 0x9f, 0x0f, 0x16, 0x5f, 0xb7, 0x58, 0xf9, 0xe5, 0x97,
-    0xef, 0x67, 0x8a, 0x16, 0x57, 0x48, 0x88, 0x39, 0xc1, 0x15, 0x5e, 0x0b,
-    0xf1, 0x65, 0xd0, 0x62, 0xca, 0xd1, 0xb3, 0xe0, 0xe5, 0xcf, 0xf5, 0x97,
-    0x4d, 0x0b, 0x2e, 0x8f, 0x2c, 0xa8, 0x35, 0xa6, 0x8b, 0xdf, 0x0f, 0x0a,
-    0x4b, 0x2f, 0xd8, 0xd2, 0xfc, 0x2c, 0xba, 0x6f, 0x31, 0xe3, 0xfc, 0x86,
-    0xff, 0xfc, 0x3f, 0xc6, 0x98, 0x10, 0x24, 0x4c, 0x50, 0x75, 0x97, 0xf8,
-    0xd8, 0x2f, 0x71, 0xfe, 0xb2, 0xa1, 0x16, 0xcc, 0x5c, 0xea, 0xb7, 0xe2,
-    0xc7, 0x2d, 0x96, 0x54, 0x2a, 0x38, 0xc6, 0x36, 0x21, 0x74, 0x32, 0x8c,
-    0x7b, 0x85, 0xb7, 0x9f, 0x34, 0xb2, 0xff, 0xb3, 0x90, 0x3e, 0x43, 0x0d,
-    0x65, 0xfd, 0x1b, 0x6a, 0x30, 0x6b, 0x2f, 0xfd, 0x87, 0xe7, 0xe3, 0xaf,
-    0x47, 0xd6, 0x5f, 0xdf, 0x8f, 0x7a, 0x0e, 0xb2, 0xff, 0xfe, 0xd6, 0x0f,
-    0x84, 0x1c, 0x90, 0x5c, 0x7c, 0xcd, 0x2c, 0xa1, 0xa2, 0x1d, 0x8b, 0x6b,
-    0x49, 0xb3, 0x9c, 0x6f, 0xe6, 0xfe, 0x2d, 0x12, 0x18, 0xd7, 0xc5, 0x07,
-    0xe2, 0xcb, 0xc7, 0x7e, 0x96, 0x78, 0xd0, 0xdd, 0xee, 0xd6, 0x5f, 0x36,
-    0x81, 0xc5, 0x95, 0x87, 0xcf, 0xa2, 0xdf, 0x0c, 0x5f, 0xc5, 0x13, 0x80,
-    0x08, 0x59, 0x7c, 0xe0, 0x89, 0x2c, 0xbf, 0xa5, 0xf0, 0x6f, 0x14, 0xcf,
-    0x4b, 0x2f, 0xe7, 0x28, 0xff, 0xe1, 0x65, 0xfe, 0x8d, 0x3c, 0x4a, 0x24,
-    0xb2, 0xe0, 0x92, 0xcb, 0xb3, 0xb5, 0x97, 0x44, 0xbe, 0x6b, 0x7c, 0x2d,
-    0x5d, 0x23, 0xbe, 0x63, 0xad, 0x15, 0x92, 0xf5, 0xff, 0xf1, 0x66, 0xfe,
-    0xdf, 0x5b, 0x3f, 0x9f, 0xa0, 0x2c, 0xbf, 0xd8, 0x36, 0xe1, 0x8f, 0xa5,
-    0x95, 0x0a, 0xc2, 0x47, 0x0d, 0x9c, 0x2e, 0xec, 0xb9, 0xa3, 0x10, 0x73,
-    0xef, 0x29, 0xdf, 0xe2, 0x7d, 0xba, 0x94, 0x6e, 0xac, 0xbf, 0xdc, 0xfb,
-    0x89, 0xf8, 0x92, 0xca, 0xd8, 0xfa, 0xfa, 0x37, 0xbb, 0x26, 0x59, 0x7f,
-    0xe7, 0xeb, 0xf0, 0xc0, 0x7f, 0x05, 0x65, 0xff, 0xfe, 0x86, 0x93, 0xf3,
-    0x91, 0x85, 0x12, 0xc3, 0xbf, 0x4b, 0x2d, 0x87, 0x44, 0xdf, 0x8f, 0xab,
-    0x11, 0xb5, 0xc8, 0x59, 0x5f, 0xb3, 0x6c, 0xea, 0x4b, 0x2f, 0xff, 0xbf,
-    0x07, 0x6d, 0x36, 0xec, 0x09, 0xb6, 0x18, 0xb2, 0xff, 0xd8, 0x38, 0x10,
-    0xe5, 0x1d, 0x49, 0x65, 0xfd, 0x81, 0xec, 0x4c, 0xe9, 0x65, 0x0d, 0x1d,
-    0x93, 0x14, 0xf1, 0x53, 0x79, 0xfd, 0xff, 0x9b, 0x51, 0xc1, 0x08, 0xa3,
-    0x4b, 0x2f, 0xfa, 0x24, 0x4f, 0xe9, 0x36, 0xf5, 0x97, 0x84, 0x80, 0x2c,
-    0xaf, 0x9e, 0xb7, 0x0e, 0x6d, 0xb8, 0xb2, 0xff, 0xb2, 0x62, 0x8d, 0xb9,
-    0x1d, 0xac, 0xba, 0x58, 0xb2, 0xbe, 0x7a, 0x1e, 0x3a, 0xbb, 0x98, 0xb2,
-    0xfd, 0x13, 0x34, 0x71, 0x65, 0xff, 0xdc, 0x8d, 0x77, 0xe2, 0xcd, 0x9c,
-    0x96, 0x5f, 0xfb, 0xdf, 0xcd, 0xee, 0x43, 0xc0, 0x2c, 0xb7, 0xd6, 0x54,
-    0x2a, 0x4c, 0xd9, 0x03, 0x21, 0x26, 0xc4, 0x4e, 0xc8, 0x02, 0x22, 0x16,
-    0xf1, 0x38, 0x51, 0x0c, 0x3f, 0xbb, 0xc7, 0x59, 0x7f, 0x3e, 0x68, 0x00,
-    0x85, 0x97, 0xec, 0xfb, 0x3c, 0x96, 0x5f, 0x73, 0xa2, 0xd2, 0xcb, 0xfd,
-    0xac, 0xfb, 0x14, 0x1d, 0x65, 0xff, 0xf6, 0x31, 0x64, 0xd1, 0xb3, 0xec,
-    0x76, 0xd9, 0x65, 0x42, 0x20, 0x78, 0x63, 0x50, 0x99, 0x7b, 0x8b, 0xf0,
-    0xb3, 0xc4, 0xc1, 0x85, 0x25, 0xff, 0x79, 0xf9, 0x9f, 0xfb, 0x1d, 0x65,
-    0xdf, 0xe2, 0xcb, 0xfe, 0xce, 0x63, 0x0d, 0xdb, 0x65, 0x97, 0xfe, 0x27,
-    0x06, 0x17, 0xb8, 0xf2, 0x59, 0x50, 0x8c, 0x23, 0x4e, 0x34, 0x2f, 0xe3,
-    0x7b, 0xf1, 0x46, 0xd1, 0xb2, 0xca, 0x19, 0xf2, 0xcc, 0x7b, 0x7f, 0x0e,
-    0x1f, 0x40, 0x0a, 0xcb, 0xb3, 0xeb, 0x2b, 0x63, 0xc3, 0xde, 0x5b, 0x7f,
-    0x60, 0xc0, 0xc5, 0xe5, 0x97, 0xff, 0xd8, 0xc7, 0x60, 0x3f, 0x8b, 0x36,
-    0xd4, 0x2c, 0xbd, 0xff, 0x32, 0xcb, 0xfb, 0x73, 0x37, 0x96, 0x49, 0x65,
-    0xcd, 0x32, 0xca, 0x63, 0xc8, 0xf1, 0x8d, 0xef, 0xfe, 0x16, 0x5f, 0xc6,
-    0xbc, 0xb8, 0xc3, 0x59, 0x58, 0x79, 0x4c, 0x39, 0x50, 0x9f, 0x9e, 0x33,
-    0x68, 0x97, 0xe5, 0x8e, 0x9b, 0xc6, 0x4f, 0x35, 0xdc, 0x19, 0x2c, 0xbf,
-    0xbe, 0xda, 0xd6, 0x79, 0x65, 0xff, 0x13, 0x6f, 0x82, 0x2c, 0xf2, 0xca,
-    0xd8, 0xfe, 0xfb, 0x17, 0xf1, 0x6d, 0xfe, 0x6e, 0x7d, 0xcf, 0x1b, 0x8b,
-    0x2f, 0xff, 0x4d, 0x26, 0xdf, 0x1a, 0xc6, 0x90, 0x74, 0xb2, 0xb4, 0x88,
-    0x17, 0x35, 0xb9, 0xe4, 0xb2, 0xfc, 0x5e, 0x9f, 0x83, 0xac, 0xa7, 0x3c,
-    0x00, 0x8b, 0x5f, 0x6e, 0x31, 0x9d, 0xac, 0xb9, 0xa4, 0xb2, 0xa0, 0xde,
-    0xf8, 0x9e, 0xff, 0xb0, 0xfc, 0x69, 0xfc, 0xd4, 0x2c, 0xa9, 0xe4, 0xeb,
-    0x7d, 0x22, 0x3c, 0x7d, 0xa3, 0x04, 0x94, 0xa8, 0xe1, 0xcb, 0xf9, 0xc8,
-    0x67, 0x77, 0x0f, 0xae, 0x8b, 0x9a, 0x92, 0x79, 0xb9, 0x0e, 0xd9, 0xa3,
-    0x05, 0xd4, 0xaa, 0xd3, 0xcb, 0x02, 0xfc, 0xe6, 0x53, 0xc3, 0x64, 0x10,
-    0xfe, 0x29, 0x6b, 0xfc, 0x8e, 0xfb, 0xd2, 0xda, 0x03, 0x0d, 0xdd, 0xf0,
-    0xb2, 0x9f, 0x62, 0x11, 0x7b, 0x74, 0x82, 0xcc, 0xb2, 0xe9, 0xc0, 0x59,
-    0x53, 0x8d, 0x4f, 0x04, 0x2e, 0x37, 0xcb, 0x2f, 0xff, 0xf8, 0x54, 0x14,
-    0x46, 0x0a, 0xad, 0x0a, 0x27, 0x9e, 0xfd, 0xc1, 0x56, 0x19, 0xd3, 0xbf,
-    0x3e, 0xb2, 0xff, 0xa5, 0x00, 0xe4, 0xc5, 0x03, 0x59, 0x7a, 0x61, 0x0e,
-    0xb2, 0xff, 0xb3, 0xdc, 0xcf, 0x7f, 0x00, 0xb2, 0xff, 0x4e, 0x89, 0xc7,
-    0x62, 0xf2, 0xcb, 0xfc, 0xc6, 0xb9, 0x7b, 0x09, 0x65, 0xfe, 0x73, 0x5b,
-    0x9c, 0x76, 0x59, 0x58, 0x99, 0x4b, 0x9c, 0x90, 0xff, 0x0e, 0x3c, 0x6d,
-    0xbc, 0xc6, 0xe7, 0x25, 0x95, 0xa3, 0xec, 0x3a, 0xbd, 0xf4, 0x7b, 0x0e,
-    0xb2, 0xfd, 0xe8, 0x26, 0x02, 0xcb, 0xba, 0xe9, 0x65, 0xfb, 0x41, 0xde,
-    0x03, 0x16, 0x5c, 0x5c, 0x59, 0x7f, 0x61, 0x8e, 0x03, 0xe2, 0xcb, 0xf8,
-    0xb3, 0xc1, 0x73, 0x16, 0x54, 0xe4, 0x7e, 0x61, 0x0f, 0x44, 0xdf, 0x19,
-    0x01, 0x61, 0x0b, 0x6f, 0x2d, 0xbf, 0xf4, 0x1d, 0xba, 0xe0, 0x66, 0x09,
-    0xab, 0x2f, 0xc5, 0xef, 0xe4, 0x96, 0x5d, 0xcc, 0x59, 0x4c, 0x6f, 0x5c,
-    0x9e, 0xff, 0x14, 0x19, 0x3f, 0x9a, 0x85, 0x97, 0xfe, 0x0b, 0x7f, 0xf9,
-    0xad, 0x31, 0xd6, 0x5f, 0x10, 0xe3, 0x75, 0x65, 0x8c, 0x9c, 0x99, 0xac,
-    0x9f, 0xc6, 0x3e, 0x73, 0x57, 0x3e, 0xbe, 0xda, 0x3d, 0xc5, 0x97, 0xa0,
-    0x1c, 0x59, 0x5a, 0x37, 0xe4, 0x47, 0x7c, 0xfa, 0x79, 0x2c, 0xb6, 0xb0,
-    0xf0, 0x48, 0x82, 0xf1, 0x86, 0x18, 0xb2, 0xfb, 0x62, 0x68, 0x48, 0x2c,
-    0xd0, 0x5e, 0x09, 0x79, 0x65, 0xfc, 0xe5, 0x21, 0xc6, 0xcb, 0x2d, 0xb9,
-    0x87, 0x93, 0xf1, 0xcb, 0xe7, 0xf4, 0x0d, 0x65, 0xec, 0x2e, 0xd6, 0x5d,
-    0xd4, 0x96, 0x5f, 0xe3, 0x63, 0xdc, 0xfb, 0x85, 0x65, 0xf9, 0xb6, 0xce,
-    0xbc, 0xb2, 0xff, 0x3f, 0xcb, 0x37, 0xbf, 0x6b, 0x2c, 0x05, 0x96, 0xed,
-    0x65, 0x61, 0xa3, 0x61, 0x1a, 0x84, 0x75, 0x9a, 0x30, 0x73, 0x42, 0x29,
-    0xf2, 0xbd, 0xff, 0x4b, 0xae, 0x36, 0xbb, 0xfe, 0x2c, 0xbf, 0x1a, 0xfc,
-    0xdf, 0x25, 0x95, 0xd2, 0x2b, 0xf4, 0x93, 0xe3, 0xbb, 0xf3, 0x94, 0x98,
-    0xeb, 0x2f, 0x60, 0x67, 0xd6, 0x54, 0xe6, 0x49, 0x50, 0xa4, 0x8e, 0x79,
-    0x8c, 0x44, 0xa2, 0x91, 0xc6, 0x3d, 0x91, 0xce, 0x34, 0x34, 0xfe, 0x8c,
-    0xef, 0x84, 0x55, 0xc2, 0x10, 0xc7, 0x6d, 0xbc, 0xc6, 0x7c, 0x9a, 0xf4,
-    0xf5, 0x3c, 0xa7, 0xb5, 0x97, 0xfd, 0xf7, 0x98, 0xa3, 0x35, 0x25, 0x97,
-    0xfe, 0x72, 0x12, 0x6e, 0x31, 0x75, 0x25, 0x97, 0xfe, 0x33, 0x38, 0x4d,
-    0x1a, 0xcd, 0x96, 0x56, 0xe2, 0x2d, 0x82, 0x71, 0xbd, 0x02, 0xf8, 0x3b,
-    0x44, 0xcb, 0x2f, 0xff, 0xff, 0xfa, 0x77, 0xf3, 0xa9, 0x7c, 0xf3, 0xbb,
-    0xf8, 0x7d, 0xec, 0x2f, 0xe7, 0xa0, 0x73, 0xa7, 0x7e, 0x7d, 0x65, 0x42,
-    0x31, 0xf7, 0x09, 0x2f, 0xc5, 0x1a, 0x7e, 0x2c, 0xbf, 0xe1, 0xe0, 0x45,
-    0x6d, 0xf7, 0x3a, 0xcb, 0xf4, 0x1c, 0xb2, 0x65, 0x98, 0x6f, 0x2f, 0xdc,
-    0xcf, 0xb7, 0xd6, 0x5e, 0xd4, 0x6f, 0x59, 0x7b, 0x7e, 0x0d, 0x65, 0xfd,
-    0xf6, 0x82, 0x0c, 0x2c, 0xbf, 0xd1, 0xb8, 0x6e, 0x71, 0xf7, 0x16, 0x51,
-    0xa7, 0xc9, 0xf2, 0xbb, 0xf6, 0x0c, 0x40, 0x71, 0x65, 0xf7, 0x1c, 0xa4,
-    0xb2, 0xa7, 0x26, 0x1b, 0xf1, 0xe7, 0x84, 0x11, 0x11, 0xf0, 0xa6, 0xfb,
-    0xf0, 0x27, 0xd6, 0x5f, 0x9e, 0x6e, 0x47, 0x4b, 0x2a, 0x72, 0xa6, 0x81,
-    0xb1, 0x00, 0xdb, 0x91, 0x9a, 0x79, 0x43, 0x79, 0x1d, 0xfd, 0x12, 0xfc,
-    0x6f, 0x65, 0x97, 0xec, 0x3e, 0xcf, 0xb8, 0xb2, 0xf7, 0xc4, 0xe2, 0xcb,
-    0xfc, 0xd2, 0x80, 0x7e, 0x50, 0xb2, 0xf8, 0x25, 0x07, 0x59, 0x79, 0xdc,
-    0xeb, 0x28, 0xe6, 0xf3, 0xe4, 0x36, 0x1a, 0xcb, 0x9f, 0x8b, 0x2d, 0xa3,
-    0x9a, 0x70, 0x88, 0xd4, 0x1f, 0x7b, 0xa4, 0x5d, 0x2f, 0x2c, 0xbe, 0x9a,
-    0x3c, 0xeb, 0x2f, 0x82, 0x0c, 0x2e, 0xcd, 0xc8, 0x45, 0xed, 0x25, 0x95,
-    0xb1, 0xe4, 0xfc, 0xe2, 0xff, 0xe8, 0xf8, 0x83, 0xf3, 0x64, 0xd0, 0x75,
-    0x97, 0xff, 0x76, 0x4f, 0xe8, 0xc3, 0x1c, 0x9d, 0x65, 0xe8, 0x23, 0x56,
-    0x5f, 0xfb, 0xcc, 0x67, 0x7f, 0x6d, 0xec, 0x35, 0x97, 0xfb, 0x52, 0xfe,
-    0x6f, 0x83, 0xac, 0xbe, 0x08, 0xaf, 0x98, 0xb2, 0xa1, 0x1f, 0x7d, 0xa1,
-    0x74, 0x38, 0xc8, 0x4e, 0x6b, 0x7e, 0x79, 0x71, 0xb7, 0xac, 0xbe, 0xcd,
-    0x40, 0xd6, 0x5f, 0x4d, 0xfc, 0x99, 0x65, 0xec, 0xd6, 0x4e, 0x3c, 0x57,
-    0x21, 0xbc, 0x70, 0xef, 0x59, 0x7f, 0x64, 0xba, 0x96, 0x79, 0x65, 0xbd,
-    0x24, 0x40, 0x61, 0x9f, 0xc7, 0xee, 0x6e, 0xd6, 0x5f, 0x8e, 0x28, 0xdd,
-    0xdc, 0x1a, 0xca, 0x01, 0xe5, 0x04, 0x5e, 0xf7, 0x82, 0x75, 0x97, 0xdd,
-    0x4b, 0xec, 0xb2, 0xa0, 0xf0, 0x1c, 0x76, 0xfe, 0xf4, 0x6f, 0x62, 0x02,
-    0xca, 0x54, 0x41, 0xcb, 0xf9, 0xf6, 0x03, 0x90, 0xd1, 0x58, 0x35, 0x6e,
-    0x62, 0x20, 0x7b, 0x2e, 0x9f, 0x18, 0xa3, 0xa3, 0x6b, 0xd0, 0xa1, 0xbf,
-    0xe6, 0xcf, 0x73, 0x58, 0x3c, 0x59, 0x7f, 0x7d, 0xce, 0x51, 0xd2, 0xcb,
-    0xe3, 0xf1, 0xe5, 0xf3, 0xe4, 0x10, 0xde, 0xfe, 0x07, 0xcb, 0x3d, 0xc5,
-    0x97, 0xf1, 0x66, 0xf2, 0xce, 0x2c, 0xb4, 0x68, 0xf6, 0xbc, 0x5b, 0x50,
-    0x9a, 0x3e, 0x42, 0x33, 0x90, 0x94, 0xb7, 0x16, 0x5f, 0xbf, 0x1b, 0x81,
-    0x92, 0xca, 0x83, 0x78, 0xe2, 0x37, 0xcf, 0xec, 0x31, 0x65, 0x49, 0x90,
-    0x90, 0x32, 0xec, 0x2b, 0x34, 0x7b, 0xb8, 0x6e, 0xea, 0x14, 0x47, 0x23,
-    0xfc, 0x68, 0x00, 0x49, 0x28, 0x77, 0x71, 0xff, 0xd2, 0xa0, 0xf7, 0xba,
-    0xcf, 0x8f, 0xdf, 0xd2, 0x2c, 0xeb, 0xd8, 0xb2, 0xf4, 0xbd, 0xb2, 0xcb,
-    0xff, 0xc5, 0x9f, 0xc7, 0xef, 0xf0, 0x41, 0x1a, 0xcb, 0xff, 0xc0, 0x8e,
-    0xb3, 0x61, 0xbb, 0xf6, 0xe3, 0x59, 0x61, 0x3b, 0x44, 0x98, 0x12, 0x2a,
-    0x13, 0x09, 0x19, 0x6e, 0xa1, 0x63, 0x7f, 0x17, 0xa5, 0x9a, 0xc5, 0x97,
-    0x4f, 0xba, 0xca, 0x73, 0xc5, 0x10, 0xb2, 0xff, 0x6b, 0x6e, 0x3f, 0x7a,
-    0xc5, 0x97, 0xfb, 0xf9, 0xdb, 0xfe, 0x3e, 0xb2, 0xff, 0xe7, 0x6f, 0x41,
-    0x77, 0x9e, 0xfb, 0x2c, 0xbf, 0x89, 0x81, 0xcf, 0xb2, 0xcb, 0xb4, 0x35,
-    0x97, 0x18, 0x62, 0xca, 0x91, 0xb0, 0x30, 0x5e, 0xf4, 0x36, 0xf4, 0x82,
-    0xcd, 0x15, 0xff, 0x31, 0x30, 0x39, 0x9f, 0x75, 0x97, 0xf1, 0x61, 0x98,
-    0x43, 0x59, 0x58, 0x9c, 0x27, 0xcc, 0xdd, 0x0b, 0x8f, 0xde, 0x2f, 0x10,
-    0xda, 0xfe, 0x82, 0xf7, 0xf2, 0x4b, 0x2e, 0x07, 0x16, 0x5f, 0xcd, 0xf6,
-    0x34, 0xd8, 0x59, 0x61, 0x06, 0x78, 0xbe, 0x17, 0xad, 0x22, 0x6b, 0x8e,
-    0x37, 0xc4, 0x17, 0x11, 0x65, 0x42, 0xae, 0xf6, 0x8e, 0xe4, 0x48, 0x78,
-    0xee, 0x91, 0xdd, 0xcf, 0x2c, 0xbc, 0xc4, 0xeb, 0x2d, 0xb2, 0xcb, 0x64,
-    0x8d, 0x61, 0x0d, 0x5f, 0xf4, 0x1e, 0x76, 0x6b, 0x66, 0xd9, 0x65, 0x76,
-    0x8a, 0x4d, 0xc4, 0x32, 0x25, 0xbd, 0xf8, 0x85, 0x97, 0xf1, 0xf0, 0x70,
-    0x5d, 0xac, 0xa3, 0x9e, 0x40, 0x83, 0x77, 0x8c, 0x30, 0xc4, 0x94, 0x90,
-    0x59, 0xa0, 0xbe, 0x63, 0x1a, 0x64, 0x95, 0xd9, 0xe0, 0x30, 0xed, 0xf6,
-    0xa3, 0x7e, 0x2c, 0xbd, 0x36, 0x7d, 0x65, 0x61, 0xe0, 0x39, 0x1d, 0xf6,
-    0x78, 0x2e, 0xb2, 0xec, 0x15, 0xac, 0xa9, 0xe1, 0xb5, 0x3a, 0x88, 0x71,
-    0xed, 0x0f, 0xcc, 0x95, 0x1a, 0xd4, 0x8a, 0xbd, 0x47, 0xda, 0x77, 0xaf,
-    0xcb, 0x11, 0x78, 0x78, 0x01, 0xec, 0xa1, 0x07, 0xc6, 0x2f, 0x10, 0x18,
-    0x43, 0x7e, 0x27, 0x96, 0x0d, 0x65, 0xf6, 0xa4, 0x1c, 0x59, 0x7f, 0xdf,
-    0xed, 0xa0, 0x07, 0x89, 0x2c, 0xbf, 0x8b, 0x00, 0x0c, 0x02, 0xcb, 0xff,
-    0xfe, 0xf7, 0x33, 0x79, 0x47, 0x58, 0x77, 0xe6, 0x69, 0xfa, 0x31, 0x65,
-    0xfb, 0xc2, 0x7d, 0xc0, 0xb2, 0xb6, 0x44, 0x97, 0x4d, 0x35, 0xd2, 0x38,
-    0xca, 0x17, 0xd7, 0x89, 0xb8, 0xb2, 0xf3, 0xe7, 0x6b, 0x2f, 0x36, 0x6c,
-    0xb2, 0xff, 0xf6, 0xbe, 0x63, 0x8e, 0x70, 0x80, 0x03, 0x6e, 0xac, 0xbe,
-    0x1b, 0x90, 0x16, 0x5f, 0xf3, 0x9d, 0xbf, 0xd7, 0x20, 0x6b, 0x2f, 0xfe,
-    0x82, 0x01, 0x47, 0x53, 0x41, 0x01, 0x65, 0x4e, 0x55, 0x0d, 0x91, 0x8e,
-    0x31, 0x46, 0x86, 0xfe, 0x38, 0xe3, 0x80, 0x52, 0x22, 0x1e, 0x1c, 0xdf,
-    0x48, 0x12, 0x25, 0x97, 0xe9, 0xa7, 0xc1, 0x3f, 0x8b, 0x2f, 0x79, 0xfe,
-    0xb2, 0xfd, 0xe2, 0x83, 0xf1, 0x65, 0x41, 0xe1, 0xf4, 0x39, 0x7f, 0xe1,
-    0xe6, 0xc7, 0xce, 0xbd, 0x07, 0x59, 0x7e, 0xd6, 0x6f, 0x7f, 0xac, 0xb3,
-    0x2c, 0xbf, 0xe7, 0x37, 0xbf, 0xb0, 0xde, 0x4b, 0x2f, 0xb6, 0xd9, 0xfa,
-    0x59, 0x6e, 0x31, 0xf7, 0x90, 0x80, 0x87, 0x57, 0xff, 0xfb, 0xf0, 0x50,
-    0x1e, 0xfc, 0xff, 0xc3, 0xb7, 0x80, 0x15, 0x94, 0x6a, 0x65, 0x80, 0x84,
-    0xc7, 0x8d, 0x2f, 0xff, 0x1a, 0xde, 0x2c, 0x94, 0xee, 0xce, 0x08, 0x59,
-    0x7d, 0x9a, 0xfb, 0x2c, 0xbf, 0xfc, 0xf2, 0x2c, 0xde, 0xf3, 0x46, 0x7b,
-    0x8b, 0x2a, 0x0f, 0xad, 0xc8, 0x6d, 0x3e, 0xb2, 0xf8, 0x6e, 0xc3, 0x59,
-    0x53, 0xc1, 0xb5, 0xc1, 0x4b, 0xdb, 0xf0, 0x96, 0x5e, 0xf0, 0x02, 0xb2,
-    0xff, 0x98, 0xc9, 0xa7, 0x46, 0xb5, 0x8b, 0x2a, 0x0f, 0xd9, 0x87, 0x66,
-    0x1d, 0xbf, 0xd9, 0xb0, 0x9f, 0xfe, 0x6e, 0x2c, 0xbf, 0xf8, 0x1f, 0xcc,
-    0xd9, 0xb3, 0x7c, 0x74, 0xb2, 0xa0, 0xff, 0x8c, 0x38, 0xbf, 0xfa, 0x0f,
-    0xad, 0x46, 0xde, 0x77, 0x35, 0x65, 0xd0, 0x62, 0xca, 0x01, 0xee, 0x12,
-    0x2d, 0xff, 0xf0, 0x45, 0x7c, 0xe7, 0x7f, 0x6e, 0xbd, 0xad, 0x42, 0xcb,
-    0xdc, 0xfe, 0x2c, 0xa8, 0x3f, 0x30, 0xab, 0xde, 0x3c, 0x76, 0xb2, 0xff,
-    0x9e, 0x5c, 0x03, 0xef, 0xc1, 0xac, 0xbb, 0x3f, 0x87, 0xaf, 0xf1, 0xdb,
-    0xff, 0xf3, 0x6b, 0xe1, 0xfb, 0xb7, 0xa2, 0x41, 0x1e, 0x2c, 0xbf, 0x69,
-    0xb6, 0x73, 0xac, 0xb8, 0xc3, 0x16, 0x56, 0x1e, 0x09, 0x85, 0x16, 0x0a,
-    0x41, 0x66, 0x8a, 0x8e, 0x8d, 0xaf, 0xc2, 0xde, 0xff, 0xf6, 0xff, 0xb6,
-    0x17, 0x7f, 0x63, 0xc7, 0x6b, 0x2f, 0xe7, 0x07, 0x52, 0xcf, 0x2c, 0xac,
-    0x3f, 0xa6, 0x4c, 0xbd, 0x21, 0x0e, 0xb2, 0xf9, 0xfa, 0x18, 0xd6, 0x5e,
-    0x80, 0x71, 0x65, 0x49, 0x51, 0x2b, 0x46, 0x0d, 0xf8, 0x51, 0x39, 0x07,
-    0x07, 0x82, 0x47, 0x7b, 0x0f, 0xb8, 0xb2, 0xff, 0xcf, 0xbf, 0x04, 0x28,
-    0xfb, 0x6c, 0xb2, 0xff, 0x67, 0x0b, 0x3d, 0xf6, 0x59, 0x43, 0x44, 0x86,
-    0x87, 0xc9, 0x02, 0xfe, 0x6f, 0xb9, 0x31, 0xd6, 0x50, 0xd9, 0x1e, 0x59,
-    0x1b, 0x63, 0x1b, 0xcd, 0x0b, 0x8d, 0x2a, 0x9e, 0x13, 0x7f, 0x85, 0x60,
-    0x1f, 0x8a, 0x12, 0x9e, 0x95, 0x3b, 0xbe, 0x1e, 0x5b, 0xa5, 0xf4, 0xb2,
-    0xfe, 0x8e, 0x37, 0x8a, 0x16, 0x54, 0x1b, 0x6f, 0x85, 0xdf, 0x67, 0xd8,
-    0xc5, 0x97, 0xd2, 0x06, 0x01, 0x65, 0xf3, 0xe0, 0x98, 0xb2, 0xfe, 0xf6,
-    0x4c, 0x50, 0x75, 0xc4, 0x04, 0xbe, 0x21, 0xfe, 0x15, 0x10, 0x10, 0x59,
-    0xba, 0xad, 0x91, 0xbf, 0xd1, 0x17, 0xc8, 0x9d, 0x6e, 0xff, 0xdd, 0x48,
-    0x9b, 0x6f, 0x3c, 0xb8, 0xb2, 0xff, 0xb8, 0x3c, 0x28, 0x20, 0xc2, 0xcb,
-    0x31, 0xa7, 0xed, 0xd2, 0x05, 0xff, 0xfd, 0xf8, 0xff, 0x6d, 0xcc, 0x19,
-    0x64, 0xd3, 0x46, 0xcb, 0x2f, 0xc7, 0x06, 0xb3, 0xa5, 0x94, 0x34, 0x43,
-    0x62, 0xed, 0xfb, 0x4c, 0x11, 0x5c, 0x2c, 0xbf, 0xda, 0xce, 0xb8, 0x07,
-    0xf2, 0xcb, 0xe9, 0x8c, 0x8e, 0x96, 0x54, 0x22, 0x10, 0xd2, 0xbe, 0x1a,
-    0x58, 0x3b, 0x23, 0x5b, 0xb8, 0x53, 0x5f, 0xa2, 0x4f, 0xd1, 0x8b, 0x2f,
-    0xfa, 0x76, 0xb5, 0x9f, 0xea, 0x5c, 0x59, 0x7f, 0xff, 0xb3, 0x81, 0x7e,
-    0xb3, 0x08, 0xde, 0x73, 0x0b, 0xdc, 0x59, 0x7f, 0xd2, 0x62, 0xf7, 0xf2,
-    0x53, 0xeb, 0x2b, 0xb4, 0x6c, 0x74, 0x7a, 0x76, 0x0b, 0x8d, 0xde, 0xb2,
-    0xff, 0xbd, 0xa8, 0xce, 0xa7, 0x90, 0xa9, 0x3c, 0x2c, 0xbf, 0xef, 0x06,
-    0x33, 0x69, 0xe4, 0x2a, 0x4f, 0x0b, 0x2e, 0x73, 0x06, 0x8a, 0xee, 0x86,
-    0x84, 0x4a, 0xac, 0x57, 0xa8, 0xd1, 0xc2, 0xe8, 0xc1, 0xe3, 0x01, 0x28,
-    0x70, 0x5f, 0x7b, 0x81, 0x92, 0xcb, 0xf0, 0x67, 0xf3, 0x40, 0x59, 0x7e,
-    0xd0, 0x0e, 0xf2, 0x59, 0x4e, 0x7e, 0xdc, 0x23, 0x10, 0xae, 0xdb, 0x2c,
-    0xbf, 0x4e, 0xc9, 0x98, 0xeb, 0x2f, 0xfd, 0x1d, 0x7b, 0x24, 0xc4, 0x06,
-    0x59, 0x7f, 0xf8, 0x31, 0x3b, 0x77, 0xcd, 0xcf, 0xf4, 0xe6, 0x2c, 0xad,
-    0x91, 0x70, 0xc5, 0x5c, 0x3d, 0xbf, 0xf6, 0x0f, 0xee, 0x2e, 0x3f, 0x1d,
-    0x2c, 0xbf, 0xef, 0xbf, 0x18, 0x8a, 0x3a, 0x59, 0x4b, 0x05, 0x29, 0xb8,
-    0xea, 0x19, 0x47, 0x30, 0xe2, 0x05, 0xff, 0x11, 0xba, 0x26, 0xec, 0x24,
-    0xb2, 0xfd, 0xe8, 0xc2, 0x85, 0x94, 0xc7, 0xbc, 0x47, 0x37, 0x84, 0x2f,
-    0x2c, 0xbc, 0xc7, 0x75, 0x97, 0xfc, 0x3c, 0x63, 0x58, 0x6e, 0x75, 0x95,
-    0xb1, 0xf8, 0x1a, 0x3a, 0x71, 0xbb, 0xff, 0x43, 0x72, 0x3d, 0xc8, 0xfc,
-    0x2c, 0xbf, 0xec, 0xd8, 0xa0, 0xdc, 0xeb, 0xcb, 0x28, 0xd3, 0xf6, 0x10,
-    0xf2, 0xfd, 0xde, 0x37, 0x0e, 0xb2, 0xff, 0xee, 0x41, 0x78, 0x49, 0xbe,
-    0xde, 0xe2, 0xcb, 0xec, 0xd4, 0x6f, 0x59, 0x5d, 0x1f, 0x4f, 0x91, 0xaf,
-    0xff, 0xf7, 0x60, 0x3c, 0x4b, 0x3b, 0x1b, 0x16, 0x6b, 0xb8, 0xc5, 0x95,
-    0xd2, 0x21, 0x08, 0x8e, 0x8e, 0x99, 0xc3, 0xc6, 0x2b, 0x50, 0xad, 0xa3,
-    0x21, 0x58, 0xd0, 0x90, 0x78, 0x53, 0x86, 0x35, 0xcb, 0xdb, 0xb1, 0xd2,
-    0xcb, 0xfc, 0x58, 0x0e, 0x08, 0xfe, 0x59, 0x7a, 0x30, 0xeb, 0x2e, 0x6c,
-    0x59, 0x7f, 0x66, 0xb4, 0xd3, 0x71, 0x65, 0x48, 0xf0, 0xfc, 0x2b, 0x78,
-    0xfb, 0x42, 0xcb, 0xfd, 0x85, 0x1d, 0x71, 0xfb, 0x59, 0x46, 0x9f, 0x97,
-    0x64, 0x46, 0x0e, 0xdf, 0x67, 0x25, 0xda, 0xcb, 0xc0, 0x3f, 0x96, 0x54,
-    0x93, 0x95, 0x62, 0x03, 0x99, 0xbc, 0x34, 0x00, 0x64, 0x44, 0x77, 0xfe,
-    0xc3, 0xc7, 0x6d, 0xed, 0x04, 0xeb, 0x2f, 0xdf, 0x7d, 0x87, 0xbd, 0x65,
-    0xff, 0xb4, 0xdb, 0x6a, 0x1a, 0x4f, 0xc5, 0x97, 0xfe, 0x7c, 0xc2, 0x34,
-    0x4f, 0x04, 0x6b, 0x2f, 0x4c, 0xe3, 0x59, 0x6d, 0xb4, 0x89, 0xaf, 0x9f,
-    0x04, 0xfe, 0xf3, 0x75, 0xc5, 0x97, 0xff, 0x72, 0x36, 0xcd, 0x4c, 0x50,
-    0x0e, 0x2c, 0xbf, 0xcd, 0xfc, 0xd6, 0xb3, 0xa5, 0x97, 0xe9, 0x8a, 0x35,
-    0x25, 0x96, 0x89, 0x1e, 0xde, 0x19, 0xd4, 0x95, 0x0f, 0x76, 0x7e, 0xf0,
-    0xc5, 0x01, 0xbf, 0x87, 0x4c, 0x85, 0x05, 0xf6, 0x9e, 0x53, 0x2c, 0xbf,
-    0xf7, 0x5e, 0xc2, 0x80, 0x61, 0x01, 0x65, 0xf7, 0x20, 0x13, 0xd2, 0xca,
-    0xc3, 0xe4, 0xe1, 0xed, 0x1a, 0x8a, 0x83, 0x21, 0x0f, 0x7d, 0xfc, 0x03,
-    0xac, 0xa8, 0x4d, 0x5d, 0xe3, 0x0c, 0xe1, 0x55, 0xfe, 0xd4, 0xdc, 0x62,
-    0xf3, 0x2c, 0xbf, 0xf4, 0x98, 0xe6, 0x61, 0x0f, 0xf0, 0xb2, 0xff, 0x1b,
-    0x9a, 0x01, 0xdb, 0x8b, 0x2b, 0xa3, 0xf2, 0x23, 0xeb, 0xfd, 0xf6, 0xe8,
-    0x1a, 0x71, 0xac, 0xb4, 0xcb, 0x2f, 0xba, 0x06, 0xa1, 0x25, 0xc6, 0x18,
-    0x92, 0xa0, 0xde, 0x18, 0x47, 0x66, 0x48, 0x2c, 0xd0, 0xd7, 0xd1, 0x22,
-    0x4d, 0xf7, 0xff, 0xff, 0x10, 0xbc, 0xcd, 0xd8, 0x99, 0x8f, 0x13, 0x4e,
-    0x2e, 0xa5, 0xf0, 0x81, 0x65, 0xcd, 0xda, 0xcb, 0x6e, 0xac, 0xbe, 0x79,
-    0xc2, 0x1d, 0x65, 0x6f, 0x37, 0x26, 0x0a, 0x5f, 0xc3, 0x6d, 0xff, 0xcd,
-    0xd5, 0x96, 0x99, 0x65, 0x61, 0xe2, 0x31, 0x95, 0x2c, 0xbb, 0x52, 0x9c,
-    0xa9, 0x12, 0x50, 0xc5, 0xe8, 0x8b, 0x4f, 0x5f, 0x50, 0x76, 0x80, 0x10,
-    0x54, 0x2a, 0xdf, 0x79, 0x4c, 0xd7, 0xe2, 0x97, 0x61, 0xd9, 0x65, 0xe8,
-    0xd4, 0xcb, 0x29, 0xcf, 0x1c, 0x25, 0x57, 0xf0, 0x87, 0x27, 0xf7, 0x16,
-    0x54, 0xe7, 0x47, 0x35, 0x3c, 0x13, 0x44, 0xaa, 0x8d, 0xa1, 0x09, 0x22,
-    0x21, 0xb9, 0x65, 0x24, 0x53, 0xa8, 0xc2, 0x1a, 0x1f, 0xfa, 0x9c, 0x88,
-    0x3c, 0x33, 0xff, 0x3a, 0x10, 0xf1, 0xf9, 0x14, 0xbc, 0xff, 0x1a, 0x86,
-    0x5c, 0x21, 0x8e, 0x22, 0x10, 0xde, 0xf3, 0x18, 0xb2, 0xc6, 0xac, 0xbf,
-    0xb6, 0x9f, 0x0f, 0xdb, 0x4b, 0x2f, 0xf1, 0x4b, 0x83, 0xfb, 0x18, 0xb2,
-    0xf6, 0xce, 0x75, 0x97, 0x74, 0x4b, 0x2f, 0xdd, 0x4b, 0xe2, 0x71, 0x65,
-    0x9f, 0x0f, 0x08, 0x85, 0xee, 0x61, 0xac, 0xb4, 0xcb, 0x2e, 0x3c, 0x2c,
-    0xbd, 0xe6, 0x31, 0x71, 0x84, 0x2e, 0x71, 0x15, 0x10, 0x3b, 0xa3, 0x55,
-    0x53, 0x91, 0x0e, 0xc2, 0x41, 0x40, 0xa9, 0x23, 0xcf, 0xe4, 0xbe, 0x84,
-    0xed, 0x4e, 0x4f, 0xfe, 0x04, 0x98, 0xc9, 0xcd, 0x03, 0x1a, 0x95, 0xfc,
-    0x0c, 0x28, 0xda, 0x16, 0x5d, 0xa1, 0x5a, 0xca, 0xd1, 0xe3, 0x91, 0x65,
-    0xfd, 0x84, 0x0c, 0xc1, 0xac, 0xbf, 0xc6, 0xbb, 0x75, 0xc6, 0x75, 0x97,
-    0xff, 0xfe, 0x97, 0x7f, 0x6d, 0x6c, 0x78, 0xef, 0xf0, 0xc3, 0x8f, 0xc4,
-    0x96, 0x5e, 0xfc, 0x1a, 0xb2, 0xba, 0x44, 0x5e, 0xf6, 0xeb, 0xf8, 0x1a,
-    0xd3, 0x74, 0x05, 0x97, 0xff, 0x4a, 0x08, 0x19, 0xa0, 0x1d, 0xb8, 0xb2,
-    0xff, 0x67, 0x71, 0xb1, 0x47, 0x6b, 0x2f, 0xdd, 0x94, 0x75, 0x25, 0x96,
-    0x02, 0xcb, 0x6e, 0x4e, 0x3e, 0xec, 0x34, 0x62, 0x9b, 0xf6, 0x7b, 0x8f,
-    0xd2, 0xcb, 0xa0, 0x2b, 0x2f, 0xc1, 0x20, 0x09, 0x25, 0x97, 0xfb, 0xf0,
-    0x03, 0xbc, 0xa7, 0x61, 0xbf, 0xe0, 0xb5, 0x0d, 0x16, 0x22, 0x33, 0xdf,
-    0xe8, 0x04, 0xd2, 0x60, 0x8a, 0xd6, 0x5e, 0x2c, 0xe4, 0xe3, 0xdc, 0x10,
-    0x92, 0x8d, 0x56, 0x7c, 0xf0, 0xbe, 0x22, 0x6f, 0x17, 0x86, 0x16, 0x3b,
-    0xe3, 0x45, 0xbf, 0xfb, 0x4d, 0xd0, 0x9e, 0xc6, 0x93, 0xf1, 0x65, 0xff,
-    0x07, 0x68, 0x9d, 0x1e, 0x81, 0xac, 0xad, 0x22, 0x03, 0xe8, 0xb7, 0xf4,
-    0x4e, 0xdd, 0xdd, 0x8d, 0xc5, 0x97, 0xe3, 0xbc, 0x80, 0x75, 0x96, 0xd6,
-    0x8f, 0x80, 0x07, 0x17, 0x9f, 0x5b, 0x2c, 0xb8, 0xc3, 0x16, 0x5f, 0xed,
-    0x36, 0x6f, 0x12, 0x42, 0xfb, 0x36, 0xc6, 0x0e, 0xdf, 0x13, 0xf4, 0x05,
-    0x97, 0xfe, 0x63, 0x67, 0x70, 0x20, 0x3c, 0x49, 0x65, 0xfe, 0xe6, 0x79,
-    0xcf, 0x84, 0xb2, 0x86, 0x9e, 0x33, 0x42, 0x0f, 0x4b, 0xc7, 0x50, 0xf9,
-    0x17, 0x90, 0xaf, 0xfd, 0xcc, 0x2c, 0xfe, 0x77, 0x84, 0xb2, 0xff, 0xf3,
-    0x73, 0x0a, 0x70, 0x9a, 0x9b, 0x30, 0xc5, 0x97, 0xda, 0x68, 0x3a, 0xcb,
-    0xfd, 0xcf, 0x7f, 0x0f, 0x92, 0x59, 0x74, 0x71, 0x65, 0x48, 0xf2, 0x40,
-    0x67, 0x7c, 0x63, 0x88, 0x75, 0x97, 0x9f, 0xa8, 0x59, 0x7e, 0xc3, 0x7e,
-    0xf2, 0xf9, 0xe0, 0x08, 0x49, 0x52, 0x4e, 0x54, 0x67, 0x86, 0xa6, 0xb3,
-    0x51, 0x31, 0x54, 0x2a, 0x3b, 0xc8, 0xfc, 0x6f, 0xf6, 0xf3, 0x30, 0x87,
-    0xf8, 0x59, 0x7f, 0x30, 0xf5, 0x87, 0xc5, 0x97, 0xfd, 0xee, 0x09, 0xa8,
-    0xf4, 0x49, 0x65, 0xf7, 0x6e, 0xfd, 0xaa, 0x21, 0x85, 0xfe, 0x68, 0xd4,
-    0x83, 0x18, 0xb2, 0xa7, 0x22, 0x6f, 0x47, 0x44, 0x61, 0x7c, 0x73, 0xbc,
-    0xa7, 0x23, 0xe3, 0x21, 0x8f, 0x7f, 0xff, 0xc5, 0x9d, 0xfe, 0x3a, 0x94,
-    0xfe, 0x7f, 0xb6, 0xc2, 0x73, 0x56, 0x5d, 0xd8, 0x16, 0x5c, 0xfc, 0xc4,
-    0x41, 0x1d, 0xaa, 0xb1, 0x1d, 0xe1, 0x86, 0x15, 0xfe, 0xe7, 0x9f, 0xa9,
-    0xf6, 0x35, 0x65, 0xfb, 0x26, 0x82, 0x1a, 0xca, 0x83, 0xdf, 0xd1, 0xc5,
-    0x43, 0x2d, 0x86, 0x44, 0x2d, 0x2d, 0xa7, 0xf3, 0x9d, 0x6e, 0x52, 0x52,
-    0x87, 0x03, 0x08, 0x6b, 0xf1, 0x40, 0x3a, 0x02, 0xcb, 0xf6, 0x4a, 0x34,
-    0x05, 0x97, 0x40, 0x8b, 0x2f, 0xcf, 0xb1, 0x44, 0x92, 0x54, 0xc6, 0xfb,
-    0xe2, 0xf7, 0xf9, 0xdb, 0xd1, 0xa8, 0x02, 0xcb, 0xff, 0x78, 0xa0, 0x03,
-    0x26, 0xeb, 0xcb, 0x2d, 0xef, 0x9f, 0x78, 0x86, 0x37, 0xef, 0xb9, 0x09,
-    0xb2, 0xca, 0x92, 0x6e, 0x06, 0x94, 0x1d, 0x94, 0xa1, 0x22, 0x61, 0x4d,
-    0xff, 0x9b, 0xb8, 0xe3, 0xeb, 0x4c, 0x62, 0xcb, 0xfe, 0xda, 0x47, 0x8f,
-    0xbb, 0x1a, 0xb2, 0xff, 0xde, 0x62, 0xdb, 0x3a, 0xf7, 0xdd, 0x65, 0xff,
-    0xcd, 0xa3, 0x7b, 0xfb, 0x7c, 0x83, 0xb2, 0xca, 0xc4, 0x43, 0x00, 0xfe,
-    0xff, 0xfe, 0x1e, 0x89, 0xcc, 0x9c, 0xda, 0x82, 0xcf, 0xe7, 0x6b, 0x28,
-    0x93, 0x3e, 0xe4, 0x30, 0x0c, 0x22, 0xbe, 0x0e, 0x71, 0x96, 0x5d, 0xc0,
-    0xac, 0xbf, 0xa5, 0xf7, 0x72, 0x85, 0x96, 0x8e, 0xcf, 0x0b, 0xa1, 0x7b,
-    0xff, 0xb3, 0xd1, 0xf6, 0xc3, 0x4d, 0x89, 0x2c, 0xbf, 0x6b, 0xb7, 0x7e,
-    0xd5, 0x10, 0x52, 0xf7, 0xe0, 0xeb, 0x2f, 0xfd, 0x1b, 0x3f, 0xb5, 0x92,
-    0x9f, 0xc5, 0x97, 0xb6, 0x6d, 0x2c, 0xa1, 0xa3, 0xd3, 0x11, 0x18, 0xd8,
-    0x87, 0x38, 0x83, 0x7e, 0xfc, 0x1c, 0x3d, 0x2c, 0xbd, 0xc8, 0xe9, 0x65,
-    0xf7, 0xb9, 0x00, 0x49, 0x79, 0xf5, 0xb2, 0x4b, 0xe0, 0x93, 0x9a, 0x92,
-    0xff, 0x36, 0xd9, 0xee, 0x40, 0x12, 0x52, 0x4b, 0xfb, 0x3b, 0x8f, 0xc1,
-    0xd2, 0x5c, 0x61, 0x89, 0x2f, 0xe2, 0x82, 0xd9, 0xb4, 0x92, 0xb1, 0x31,
-    0x1e, 0xc8, 0x8e, 0x3b, 0xf2, 0x20, 0x19, 0x90, 0x59, 0x85, 0xa2, 0x0c,
-    0xdb, 0x49, 0x05, 0x9f, 0x9d, 0x2c, 0xae, 0x93, 0xd0, 0x68, 0xe8, 0x44,
-    0x24, 0xa9, 0x2a, 0x78, 0x99, 0x1f, 0xf1, 0xfc, 0xdf, 0xff, 0x19, 0xc2,
-    0xce, 0xbc, 0xe5, 0xb6, 0x75, 0xe5, 0x97, 0xf6, 0xf9, 0xcf, 0x29, 0x62,
-    0xca, 0x84, 0x41, 0xe2, 0x95, 0xff, 0xf8, 0xb3, 0xc1, 0x01, 0xde, 0x42,
-    0x1e, 0x7d, 0x8d, 0x59, 0x73, 0xe9, 0x65, 0xfb, 0x6c, 0x1c, 0x1d, 0x65,
-    0xf9, 0xbf, 0xdc, 0x1c, 0xc3, 0x7c, 0x20, 0xb5, 0x0d, 0x1b, 0x1e, 0x84,
-    0xc5, 0x42, 0xfe, 0xce, 0x28, 0xb4, 0x6f, 0xba, 0x36, 0xfb, 0x1b, 0xcb,
-    0x95, 0x28, 0x5e, 0x06, 0x1f, 0x37, 0xff, 0xf3, 0xcb, 0xc5, 0x19, 0xd6,
-    0x77, 0x1e, 0xfb, 0x6f, 0x59, 0x73, 0x8d, 0x65, 0x1a, 0x7e, 0x47, 0x5c,
-    0xbf, 0xff, 0xe2, 0xcf, 0x7a, 0x3a, 0x94, 0xef, 0xc1, 0xc3, 0xd7, 0x3f,
-    0x0b, 0x2f, 0xec, 0x2e, 0x31, 0x62, 0xcb, 0xf8, 0xf8, 0x3f, 0xe6, 0xcb,
-    0x2f, 0xff, 0x13, 0x9b, 0xc0, 0x7b, 0xdd, 0x7b, 0x3b, 0x59, 0x7e, 0xf4,
-    0xef, 0x6a, 0x16, 0x54, 0x22, 0x94, 0xd2, 0xee, 0x93, 0x6f, 0x7c, 0x27,
-    0x59, 0x46, 0xa7, 0x55, 0xb8, 0x47, 0xf6, 0xa2, 0x86, 0x7e, 0xe9, 0x8d,
-    0xfc, 0x59, 0xcd, 0x47, 0x16, 0x5e, 0x0c, 0xb1, 0x65, 0x39, 0xe4, 0x00,
-    0xb2, 0xfd, 0x84, 0xfe, 0xe2, 0xcb, 0xef, 0xc1, 0x49, 0x65, 0xfb, 0x3e,
-    0x4f, 0x32, 0xca, 0x19, 0xf7, 0x61, 0x31, 0x10, 0xd4, 0x91, 0x79, 0xc8,
-    0x47, 0xdf, 0x3c, 0xd9, 0xf5, 0x97, 0xfd, 0x0c, 0x4f, 0xe9, 0x98, 0xc5,
-    0x97, 0xfe, 0xcc, 0x33, 0x9d, 0x41, 0x47, 0x16, 0x5b, 0x53, 0x91, 0x31,
-    0xc2, 0x2f, 0x1c, 0x54, 0x23, 0xe1, 0xa1, 0x81, 0x7f, 0x1d, 0xc7, 0xf8,
-    0x25, 0x97, 0xed, 0x75, 0x2c, 0xf2, 0xcb, 0xfc, 0xcf, 0xec, 0xee, 0x00,
-    0xb2, 0xff, 0xf9, 0xd8, 0x1c, 0xc3, 0x5c, 0xfa, 0x8c, 0x25, 0x97, 0xbb,
-    0x10, 0x0b, 0x2f, 0xff, 0xef, 0x73, 0xf9, 0xba, 0xe4, 0x68, 0xf1, 0xb5,
-    0xa8, 0x59, 0x50, 0x7f, 0x8e, 0x3f, 0x7d, 0xf8, 0xeb, 0x8b, 0x2f, 0x9b,
-    0x3a, 0xf2, 0xca, 0xc3, 0xc5, 0xf1, 0x1d, 0xff, 0xff, 0x7d, 0xb5, 0x83,
-    0x73, 0xe1, 0x78, 0xa0, 0xcc, 0xf7, 0x16, 0x5a, 0x16, 0x5f, 0x46, 0xf1,
-    0xc7, 0x67, 0xe8, 0x06, 0x4b, 0xff, 0x3c, 0xbe, 0xfe, 0xe6, 0x14, 0x96,
-    0x57, 0xcf, 0xe3, 0xc7, 0x75, 0x25, 0x5c, 0x9a, 0x2c, 0x39, 0x4f, 0xcc,
-    0x8a, 0x19, 0x3c, 0x65, 0xf4, 0x61, 0xb7, 0xff, 0xb3, 0x40, 0xf6, 0xb3,
-    0x6f, 0x46, 0x71, 0x65, 0xee, 0xf0, 0xeb, 0x2f, 0xff, 0xec, 0xee, 0x03,
-    0xdf, 0xe3, 0x5f, 0x71, 0xfd, 0xf4, 0xb2, 0xfe, 0x1b, 0xfb, 0x81, 0x92,
-    0xcb, 0xa5, 0x3f, 0x08, 0xa7, 0xc1, 0xd1, 0x17, 0x2f, 0xe7, 0xd4, 0x79,
-    0xb7, 0xac, 0xae, 0x8f, 0xb0, 0x8f, 0xaf, 0xff, 0xfd, 0xad, 0x47, 0x52,
-    0xeb, 0x8d, 0xae, 0xff, 0x82, 0x69, 0xa0, 0x6b, 0x2f, 0xc4, 0x68, 0x99,
-    0xd2, 0xcb, 0xfe, 0x7d, 0x67, 0x52, 0x80, 0x42, 0xca, 0x84, 0x7a, 0x61,
-    0x13, 0x38, 0x04, 0xaa, 0xff, 0xba, 0x97, 0xb3, 0x9e, 0xcd, 0xc5, 0x97,
-    0xff, 0xee, 0xcd, 0x7e, 0x66, 0xa4, 0xdf, 0x72, 0xea, 0x4b, 0x2f, 0xfd,
-    0xdc, 0x7b, 0x99, 0xe6, 0xe8, 0xc5, 0x95, 0x88, 0x98, 0x35, 0x5e, 0xa1,
-    0x1f, 0x0f, 0x0d, 0x5a, 0x85, 0xc1, 0x91, 0xb8, 0x7e, 0x52, 0x89, 0x46,
-    0x65, 0x7e, 0xe1, 0x07, 0x7c, 0x96, 0x5f, 0xb0, 0xbf, 0x84, 0xb2, 0xf6,
-    0xc2, 0x76, 0xb2, 0xf8, 0x9a, 0x6d, 0xc5, 0x95, 0x08, 0x94, 0xf9, 0x53,
-    0x92, 0xf0, 0x82, 0xe7, 0x02, 0xca, 0x91, 0xe8, 0xf8, 0xee, 0xff, 0xa5,
-    0x9e, 0x3c, 0x61, 0x0d, 0x65, 0xff, 0xf9, 0xde, 0x4f, 0xf9, 0xd9, 0xb0,
-    0x7c, 0x17, 0x11, 0x51, 0x7d, 0xaf, 0x6f, 0x0f, 0x96, 0x5d, 0x03, 0x59,
-    0x50, 0x6d, 0x40, 0x3f, 0x7f, 0x3f, 0x70, 0x50, 0x05, 0x97, 0xfe, 0xe3,
-    0x17, 0x52, 0xd0, 0x63, 0x8b, 0x2f, 0xd9, 0xac, 0x1c, 0x2c, 0xae, 0x93,
-    0x82, 0x98, 0xdf, 0x50, 0x9a, 0xf9, 0x07, 0x8b, 0x37, 0x9f, 0xdf, 0xbf,
-    0x93, 0x46, 0xe2, 0xcb, 0xf0, 0xf5, 0xac, 0x31, 0x65, 0x6c, 0x7a, 0x84,
-    0x57, 0x7f, 0x31, 0x67, 0xa2, 0x65, 0x97, 0xfb, 0xf0, 0x1e, 0xa4, 0xd3,
-    0xeb, 0x2f, 0xfe, 0x97, 0x20, 0xf9, 0xd9, 0x3e, 0x76, 0xb2, 0xfa, 0x08,
-    0xd1, 0xac, 0xbc, 0xe0, 0x85, 0x97, 0xff, 0x86, 0xc7, 0xea, 0x5c, 0x2c,
-    0xd0, 0x9e, 0x59, 0x50, 0x9a, 0x94, 0x88, 0xbb, 0x2c, 0xe8, 0xdf, 0xe8,
-    0x9c, 0x22, 0xf0, 0xdd, 0xd2, 0xe2, 0xcb, 0xf4, 0x9b, 0xb7, 0xd2, 0xcb,
-    0xff, 0xce, 0x59, 0xe8, 0x6d, 0x31, 0xa6, 0xc2, 0xca, 0xe1, 0xf8, 0x08,
-    0x51, 0x6e, 0xd6, 0x5f, 0xff, 0xe0, 0x36, 0x8d, 0xfc, 0x1e, 0x69, 0x31,
-    0x7e, 0x35, 0x0b, 0x2d, 0xec, 0x3f, 0x3e, 0x09, 0x5e, 0x6d, 0x62, 0xcb,
-    0xc5, 0x92, 0x59, 0x5d, 0x9b, 0x6f, 0x0d, 0xde, 0x28, 0x3a, 0xca, 0x84,
-    0x4d, 0x32, 0xef, 0x08, 0xaf, 0xf9, 0xa5, 0xef, 0xe6, 0x9b, 0x8b, 0x2f,
-    0xff, 0xd2, 0xc2, 0x1f, 0xe3, 0x0a, 0x00, 0x77, 0x92, 0xca, 0x24, 0x45,
-    0x08, 0x71, 0x7f, 0xb3, 0xfd, 0x4b, 0xd0, 0x75, 0x97, 0xe9, 0x16, 0x66,
-    0xcb, 0x2e, 0xd6, 0xcb, 0x2f, 0xfa, 0x61, 0x4f, 0x98, 0x63, 0xc2, 0x59,
-    0x50, 0x7f, 0x98, 0x4e, 0xc3, 0x17, 0xf9, 0xc7, 0x00, 0x83, 0x38, 0xb2,
-    0xb1, 0x30, 0xff, 0xc2, 0xc1, 0xcb, 0x2f, 0xe9, 0xf1, 0x55, 0x3a, 0x77,
-    0xe7, 0xd7, 0x10, 0x0a, 0xff, 0x78, 0x02, 0x14, 0xbf, 0x8b, 0x88, 0x05,
-    0x79, 0xf5, 0x25, 0xc4, 0x02, 0xac, 0x3e, 0xa0, 0xa0, 0xdc, 0xf2, 0x5c,
-    0x40, 0x2b, 0xe7, 0x2e, 0xa4, 0xb8, 0x80, 0x57, 0xf9, 0xbb, 0xfe, 0x00,
-    0x10, 0xb8, 0x80, 0x57, 0x98, 0x86, 0xb8, 0x80, 0x54, 0x34, 0x5d, 0x1c,
-    0x8f, 0xe5, 0xfb, 0xd0, 0x2c, 0x6a, 0xe2, 0x01, 0x5e, 0xd4, 0x79, 0x71,
-    0x00, 0xa9, 0x71, 0x00, 0xaf, 0x4f, 0xb0, 0x17, 0x10, 0x0a, 0xe8, 0x3a,
-    0xe2, 0x01, 0x50, 0xcf, 0x9f, 0x06, 0x18, 0xb2, 0xf9, 0x8e, 0x38, 0x5c,
-    0x40, 0x2b, 0xde, 0x7e, 0xd7, 0x10, 0x0a, 0xff, 0xc4, 0xf2, 0x17, 0xf6,
-    0xed, 0xf4, 0xb8, 0x80, 0x57, 0xff, 0x3f, 0x83, 0xb3, 0x17, 0xbe, 0xf2,
-    0x5c, 0x40, 0x2b, 0x9c, 0x6b, 0x88, 0x05, 0x7f, 0x89, 0xcc, 0xe7, 0x20,
-    0x0b, 0x88, 0x05, 0x7e, 0x63, 0x5c, 0x80, 0xb8, 0x80, 0x57, 0x37, 0x17,
-    0x10, 0x0a, 0xb4, 0x7a, 0xfe, 0x34, 0xbf, 0xfd, 0xf6, 0xf7, 0xb3, 0x93,
-    0xb4, 0xd0, 0x75, 0xc4, 0x02, 0xbf, 0x78, 0xa3, 0xa9, 0x2a, 0x20, 0x15,
-    0xc0, 0x85, 0xc4, 0x02, 0x16, 0x6d, 0x69, 0x71, 0x00, 0xaf, 0xa0, 0xee,
-    0x35, 0xc4, 0x02, 0xa1, 0x9e, 0x33, 0x0c, 0x5f, 0x05, 0xcb, 0xb5, 0xc4,
-    0x02, 0xbd, 0x1a, 0xed, 0x71, 0x00, 0xaf, 0xfd, 0x9d, 0x70, 0x71, 0x84,
-    0x0e, 0x2e, 0x20, 0x15, 0xf8, 0x2f, 0x29, 0x42, 0xe2, 0x01, 0x5f, 0x9f,
-    0xbf, 0xc7, 0x4b, 0x88, 0x05, 0x58, 0x8b, 0x5f, 0xa5, 0x84, 0xd2, 0xed,
-    0x01, 0x71, 0x00, 0xaa, 0x4a, 0xd9, 0x86, 0x47, 0x90, 0x97, 0xec, 0x89,
-    0xa1, 0x1b, 0xf7, 0xb0, 0x10, 0xf0, 0xbf, 0xd0, 0xdf, 0x09, 0x7d, 0xfb,
-    0x3d, 0xc7, 0xe9, 0x71, 0x00, 0xaf, 0xf0, 0xe3, 0xb9, 0xb5, 0x1e, 0x5c,
-    0x40, 0x21, 0x9b, 0x5b, 0xda, 0x83, 0x17, 0x10, 0x0a, 0xbb, 0x3f, 0xcd,
-    0x29, 0x5f, 0xe0, 0xbc, 0xa5, 0x02, 0x1d, 0x71, 0x00, 0xaf, 0x98, 0xa5,
-    0xc5, 0xc4, 0x02, 0xbf, 0x9e, 0x69, 0x67, 0x52, 0x5c, 0x40, 0x2a, 0xc4,
-    0x67, 0x7c, 0x8c, 0x08, 0x21, 0x2e, 0xbf, 0xef, 0xc7, 0x05, 0xf0, 0x3a,
-    0x02, 0xe2, 0x01, 0x59, 0x97, 0x10, 0x0a, 0xe7, 0xd8, 0x67, 0xcd, 0xf4,
-    0x9b, 0xb4, 0x05, 0xc4, 0x02, 0xbf, 0x3f, 0xb8, 0xdd, 0x2e, 0x20, 0x15,
-    0xfc, 0xc4, 0x19, 0x67, 0x17, 0x10, 0x0a, 0xa1, 0x12, 0x44, 0x49, 0xe3,
-    0x5a, 0x86, 0x55, 0x90, 0xe1, 0x6d, 0x90, 0xdb, 0x63, 0xf9, 0x87, 0xf5,
-    0x09, 0x0f, 0x96, 0xb9, 0x70, 0x0a, 0x89, 0x37, 0x92, 0xed, 0xfd, 0x28,
-    0x6a, 0x7e, 0x14, 0x42, 0x43, 0x02, 0xf7, 0x98, 0xc5, 0xc6, 0x12, 0xbc,
-    0xef, 0xda, 0xa2, 0x01, 0x0b, 0x4c, 0x53, 0xa8, 0x75, 0x5e, 0x83, 0x38,
-    0xb2, 0xde, 0x59, 0x78, 0xb3, 0xbe, 0xcd, 0x73, 0x0e, 0xdc, 0x33, 0xac,
-    0xbf, 0xfe, 0x20, 0x7b, 0xf9, 0xdc, 0x1f, 0x9b, 0x4b, 0x65, 0x97, 0xf8,
-    0x3e, 0xce, 0x7b, 0x3b, 0x59, 0x53, 0xc9, 0x13, 0xce, 0x2e, 0x05, 0x3b,
-    0xfb, 0xc5, 0x80, 0x9f, 0xc5, 0x94, 0x34, 0xcd, 0x0d, 0x86, 0x81, 0xcd,
-    0x6f, 0xf4, 0x9b, 0xc6, 0x9b, 0x9b, 0x8b, 0x2f, 0xa3, 0xd0, 0x35, 0x96,
-    0xd9, 0x65, 0x48, 0xd9, 0xef, 0x21, 0xbf, 0xb6, 0x8d, 0x7d, 0xf7, 0x16,
-    0x5b, 0x8b, 0x2f, 0x8a, 0x07, 0xf5, 0x95, 0xf3, 0x65, 0xbc, 0x46, 0xa1,
-    0x15, 0x38, 0x46, 0xcc, 0x77, 0xfe, 0x2c, 0xef, 0xec, 0x00, 0x06, 0x65,
-    0x97, 0xfc, 0x3c, 0x34, 0xb3, 0xd0, 0x62, 0xcb, 0xfb, 0x35, 0x92, 0x94,
-    0x2c, 0xa9, 0x22, 0x94, 0x08, 0x04, 0x73, 0x7e, 0xf6, 0x0d, 0xfe, 0xb2,
-    0xe0, 0x42, 0x4b, 0x1a, 0x92, 0xf7, 0xe3, 0x65, 0x97, 0x18, 0x62, 0x4a,
-    0x63, 0xde, 0xdc, 0x16, 0x98, 0x48, 0xc1, 0xdb, 0x71, 0x20, 0xb3, 0xc0,
-    0xac, 0x47, 0x4b, 0x43, 0x16, 0xff, 0xec, 0x04, 0x9b, 0xd0, 0x78, 0x21,
-    0xac, 0xa3, 0x9f, 0x43, 0x93, 0x5f, 0xd8, 0x3f, 0xc1, 0x0d, 0x65, 0xfd,
-    0xee, 0x61, 0x9f, 0x65, 0x96, 0xf2, 0xca, 0xf1, 0xbf, 0x09, 0x75, 0xfa,
-    0x36, 0xe1, 0xe4, 0xb2, 0x98, 0xf2, 0xbc, 0x43, 0x7f, 0xfe, 0xea, 0x5c,
-    0x2e, 0xa0, 0xde, 0x47, 0x52, 0x63, 0xac, 0xbf, 0xfd, 0xee, 0x61, 0xad,
-    0xa1, 0x00, 0x08, 0xe9, 0x65, 0x0a, 0x1b, 0x68, 0x88, 0x84, 0x3e, 0xd1,
-    0x98, 0x4a, 0x17, 0x03, 0x8c, 0xcb, 0xba, 0x5f, 0xd3, 0x47, 0x67, 0x31,
-    0xbe, 0xa3, 0x14, 0x78, 0x69, 0x02, 0x38, 0x02, 0x21, 0xf4, 0x2d, 0x42,
-    0x42, 0x22, 0xcd, 0xff, 0x64, 0x98, 0x6f, 0xdf, 0x24, 0xb2, 0xff, 0x31,
-    0x76, 0xda, 0x60, 0x2c, 0xbd, 0x98, 0x05, 0x94, 0x73, 0xcd, 0x23, 0x2a,
-    0xed, 0x14, 0xff, 0x84, 0x35, 0xfd, 0xe1, 0xfc, 0x2e, 0x4b, 0x2f, 0x77,
-    0xf2, 0x59, 0x7f, 0xf7, 0xa7, 0xf2, 0x69, 0x3e, 0xb6, 0x1c, 0x2c, 0xae,
-    0x91, 0x26, 0x72, 0xd2, 0x1d, 0xbf, 0xfd, 0xf6, 0xde, 0xdd, 0xea, 0x36,
-    0x7d, 0x76, 0xb2, 0xfe, 0x8e, 0xa0, 0x9f, 0xcb, 0x2e, 0x20, 0x2c, 0xba,
-    0x38, 0xb2, 0x98, 0xd6, 0x6f, 0x16, 0xaf, 0x9f, 0xd6, 0xf5, 0x8b, 0x7b,
-    0xb4, 0x76, 0x09, 0x0c, 0x8b, 0xfd, 0x9d, 0x7b, 0xcf, 0x2e, 0x2c, 0xbf,
-    0xc2, 0x41, 0x9a, 0x8c, 0x25, 0x97, 0xa4, 0x2b, 0x92, 0xcb, 0xba, 0x92,
-    0xe3, 0x00, 0x5f, 0xfe, 0xc3, 0x23, 0xd9, 0x34, 0x9b, 0xdc, 0x75, 0x97,
-    0xd3, 0x6a, 0x3c, 0xb2, 0xa4, 0x8e, 0x6e, 0x8c, 0xc8, 0x87, 0x84, 0xbe,
-    0x4a, 0xbf, 0xff, 0x46, 0x7f, 0x84, 0xfe, 0x0f, 0x87, 0xf6, 0x35, 0x65,
-    0xff, 0x37, 0x5c, 0xf1, 0x41, 0xf8, 0xb2, 0xff, 0xff, 0xff, 0xfe, 0x0e,
-    0xe1, 0x3e, 0x7d, 0xc4, 0x2c, 0xdf, 0x84, 0xe6, 0xcd, 0x20, 0xf3, 0x86,
-    0x38, 0xfe, 0xc6, 0x73, 0x1c, 0x6b, 0x28, 0xd4, 0x7a, 0xf0, 0xe6, 0xa1,
-    0x73, 0x6b, 0x21, 0x78, 0xd1, 0x8e, 0x68, 0xc1, 0xe3, 0x1a, 0x24, 0xaf,
-    0x46, 0x95, 0x7f, 0xfe, 0x22, 0x0f, 0x59, 0xd7, 0x87, 0xa7, 0xeb, 0x36,
-    0x59, 0x7e, 0xcf, 0x6a, 0x38, 0xb2, 0x98, 0xff, 0xc9, 0x62, 0xf0, 0x22,
-    0x4b, 0x2d, 0xb2, 0xca, 0x59, 0x7a, 0x69, 0x46, 0x8b, 0xd0, 0x09, 0x5f,
-    0x41, 0xb0, 0x75, 0x95, 0x24, 0x56, 0xf4, 0x41, 0xa3, 0x93, 0x99, 0x5f,
-    0xfa, 0x5c, 0x9c, 0x58, 0x78, 0xd1, 0xab, 0x2f, 0xff, 0xfa, 0x50, 0x71,
-    0x33, 0xee, 0x7c, 0x3b, 0x7b, 0x0d, 0x6d, 0x2c, 0xbf, 0x4e, 0x9d, 0x9f,
-    0x75, 0x97, 0xfd, 0xf7, 0x6f, 0x4b, 0xe1, 0x35, 0x65, 0xe7, 0xff, 0x16,
-    0x57, 0x0f, 0x58, 0xc3, 0xab, 0xfa, 0x51, 0xa0, 0x08, 0x75, 0x97, 0xff,
-    0x31, 0xa6, 0xb1, 0x77, 0x3b, 0x6f, 0x9a, 0xb2, 0xff, 0xed, 0xe5, 0x9c,
-    0xf6, 0x14, 0xb3, 0x8b, 0x2f, 0x8f, 0x01, 0xf2, 0xca, 0xc3, 0xe6, 0x74,
-    0x4b, 0xef, 0x79, 0xf4, 0xb2, 0xfd, 0x93, 0x7e, 0x36, 0x59, 0x4e, 0x79,
-    0x64, 0x45, 0x7f, 0xe2, 0x7f, 0x71, 0xba, 0x28, 0x31, 0x65, 0xef, 0x39,
-    0x2c, 0xb3, 0xce, 0x4f, 0x9f, 0x08, 0xfe, 0x5e, 0x50, 0xb1, 0xe3, 0x58,
-    0x84, 0x1b, 0xa7, 0xd5, 0x39, 0x56, 0xdf, 0xe5, 0x34, 0x5f, 0xf4, 0x6e,
-    0x0f, 0xf1, 0xb3, 0x92, 0xcb, 0xff, 0xe8, 0x38, 0x85, 0xef, 0x85, 0xe5,
-    0xf0, 0xf1, 0x65, 0xff, 0x47, 0x70, 0x76, 0x38, 0x19, 0x65, 0x74, 0xb8,
-    0x67, 0xa9, 0x68, 0x3f, 0x2e, 0x23, 0xbd, 0xd5, 0x1b, 0xf8, 0x43, 0x34,
-    0xd9, 0xf4, 0x97, 0xf9, 0xfd, 0x12, 0x08, 0xf1, 0x65, 0xf7, 0xe3, 0x36,
-    0x59, 0x44, 0x7a, 0x9c, 0x32, 0xbe, 0xe3, 0x40, 0x16, 0x5f, 0x4d, 0x98,
-    0x62, 0xcb, 0xe9, 0x36, 0xb8, 0xb2, 0xf9, 0xbd, 0x1a, 0x59, 0x7f, 0xcd,
-    0x9d, 0x7a, 0x69, 0x3e, 0x96, 0x58, 0x1f, 0x3d, 0xb2, 0x21, 0xbe, 0x9b,
-    0xef, 0x32, 0xcb, 0xee, 0xdf, 0x5b, 0x2c, 0xbd, 0x33, 0xf9, 0x65, 0xfb,
-    0x26, 0x94, 0x74, 0xb2, 0xe6, 0x99, 0x65, 0xe6, 0x82, 0x59, 0x7e, 0xcd,
-    0x0f, 0xf8, 0xb2, 0x86, 0x78, 0x3c, 0x1a, 0xaf, 0x9f, 0xd7, 0x16, 0x2f,
-    0x39, 0x01, 0x65, 0xe2, 0x89, 0x24, 0xbf, 0xf1, 0x01, 0xb7, 0x77, 0x43,
-    0x28, 0xdc, 0x59, 0x63, 0xac, 0xa9, 0xc8, 0x8e, 0xc1, 0xb7, 0x1b, 0x11,
-    0x1e, 0xa7, 0x2a, 0xff, 0x82, 0x11, 0x90, 0xe1, 0x1f, 0x4f, 0xba, 0x27,
-    0xf9, 0x23, 0x92, 0x10, 0xef, 0xa1, 0x47, 0xbb, 0x0b, 0x0a, 0x86, 0x49,
-    0x8e, 0x1f, 0x34, 0xe3, 0xa7, 0xd5, 0xde, 0x5c, 0x15, 0xfb, 0x9a, 0xd4,
-    0x79, 0x65, 0xfe, 0xcf, 0xbe, 0x00, 0x4f, 0x2c, 0xbd, 0xe6, 0xd9, 0x65,
-    0x74, 0x7f, 0x1b, 0x85, 0x07, 0x33, 0xbf, 0x70, 0xdd, 0x3f, 0x6b, 0x2e,
-    0xe4, 0x96, 0x54, 0x8f, 0x07, 0x79, 0x55, 0xe2, 0xf7, 0x16, 0x5f, 0xee,
-    0xfe, 0xc3, 0x82, 0xf2, 0xcb, 0x9a, 0x4b, 0x2b, 0xa3, 0xc9, 0x23, 0x3b,
-    0x88, 0x0b, 0x2f, 0xda, 0xfb, 0xb9, 0xd6, 0x5f, 0x04, 0x83, 0xda, 0xca,
-    0x73, 0xca, 0xe1, 0x3d, 0xfd, 0xe9, 0xa5, 0x9d, 0x49, 0x65, 0x42, 0x6b,
-    0x8c, 0x48, 0xec, 0xbe, 0x22, 0x0b, 0x00, 0x84, 0x37, 0xfc, 0x26, 0x60,
-    0x7f, 0x9b, 0xe1, 0x65, 0xff, 0x8c, 0x8d, 0x73, 0x0c, 0x7d, 0x1a, 0xb2,
-    0xf6, 0x70, 0x2b, 0x2f, 0xff, 0xdf, 0xce, 0xc8, 0x23, 0x28, 0x13, 0x4d,
-    0x04, 0xb2, 0xb1, 0x1d, 0x7f, 0x3a, 0x24, 0x1f, 0x0e, 0x5f, 0xe3, 0x33,
-    0xaf, 0x7a, 0x0e, 0xb2, 0xfc, 0x58, 0x00, 0xf1, 0x65, 0xff, 0x76, 0xd8,
-    0x59, 0xbd, 0xf8, 0xb2, 0xb6, 0x3e, 0x0f, 0x93, 0xd3, 0xa2, 0xe3, 0x90,
-    0x95, 0xbe, 0x18, 0xf0, 0xeb, 0x2e, 0x04, 0x24, 0xb8, 0xc3, 0x12, 0x53,
-    0x1a, 0xf3, 0x05, 0xaf, 0xc3, 0x0b, 0xea, 0x49, 0x05, 0x9a, 0x1a, 0xc4,
-    0x56, 0x1a, 0xe5, 0x7f, 0xfb, 0xdd, 0x76, 0xdf, 0x9f, 0x8f, 0x7c, 0x4e,
-    0x2c, 0xb0, 0xa8, 0xb2, 0xff, 0x44, 0x9b, 0xd2, 0x8f, 0x2c, 0xb8, 0x57,
-    0xc5, 0x82, 0xac, 0xf2, 0x34, 0x2d, 0x7f, 0xdf, 0x7f, 0x73, 0xb2, 0xcd,
-    0x96, 0x5e, 0x9e, 0x42, 0x81, 0x42, 0xcb, 0xbb, 0x65, 0x97, 0xc4, 0xdd,
-    0x49, 0x65, 0xff, 0x37, 0x5f, 0xc1, 0xe9, 0xfb, 0x59, 0x50, 0x7b, 0x9a,
-    0x22, 0xbe, 0xcd, 0xf8, 0x4b, 0x2f, 0xf7, 0x31, 0xbc, 0x6b, 0x7d, 0x65,
-    0xff, 0x7e, 0x35, 0x1d, 0xb1, 0x76, 0xb2, 0xf1, 0xaf, 0xc9, 0xe4, 0x9a,
-    0x6f, 0x65, 0x7a, 0x73, 0xf9, 0x0f, 0x88, 0xb7, 0x4c, 0xeb, 0x13, 0xfb,
-    0xf4, 0x70, 0xf5, 0x25, 0xce, 0x5e, 0xa1, 0xe7, 0xa8, 0x69, 0x9c, 0x8c,
-    0x30, 0x99, 0x32, 0x51, 0xd5, 0xfb, 0xed, 0xc0, 0xec, 0xb2, 0xfe, 0x30,
-    0xd7, 0xf1, 0x42, 0xcb, 0xc7, 0x0e, 0x96, 0x5e, 0xed, 0xb8, 0xb2, 0xf8,
-    0x27, 0xc1, 0xac, 0xae, 0x91, 0x14, 0xc5, 0xdf, 0x1d, 0xdd, 0x1d, 0xbf,
-    0xff, 0xb5, 0x20, 0xc6, 0x7f, 0xb6, 0xe6, 0x0f, 0x6c, 0x31, 0x65, 0xff,
-    0xbf, 0x9b, 0xae, 0x46, 0xe7, 0x5e, 0x59, 0x7f, 0x7d, 0x87, 0xf0, 0x9a,
-    0xb2, 0xfc, 0x51, 0x33, 0x74, 0xb2, 0xd9, 0xd9, 0xeb, 0xb1, 0x7d, 0xef,
-    0x67, 0x6b, 0x28, 0xe7, 0x89, 0xc2, 0x7b, 0xd2, 0x38, 0x16, 0x5f, 0xbc,
-    0x59, 0xa8, 0x59, 0x50, 0x9c, 0xf9, 0xab, 0xa0, 0x86, 0xef, 0x88, 0x8c,
-    0x1d, 0xbe, 0xc2, 0x63, 0x56, 0x5f, 0xf1, 0xaf, 0x3a, 0x0e, 0x4c, 0x6a,
-    0xcb, 0xff, 0x3f, 0x0f, 0x0d, 0xad, 0x31, 0x8b, 0x2f, 0xdb, 0x60, 0xe0,
-    0xeb, 0x2d, 0xc3, 0x51, 0x43, 0xf3, 0xb1, 0x0f, 0xaf, 0xff, 0xfe, 0xfc,
-    0x73, 0x01, 0x1e, 0xe6, 0xb3, 0x68, 0xd7, 0x3f, 0xdb, 0x71, 0x65, 0xe9,
-    0x3e, 0x96, 0x50, 0xd1, 0x1e, 0xee, 0x77, 0xf1, 0xf5, 0xa6, 0xe8, 0x0b,
-    0x2f, 0xbc, 0xff, 0x99, 0x65, 0xfc, 0x51, 0xdf, 0xdb, 0x75, 0x65, 0xe3,
-    0x63, 0x8b, 0x2f, 0xfb, 0x3d, 0xe6, 0x37, 0xd9, 0xda, 0xcb, 0xfa, 0x3a,
-    0xe6, 0x75, 0xe5, 0x97, 0x6a, 0x16, 0x50, 0xcf, 0x17, 0xc5, 0xf7, 0xe0,
-    0x90, 0xe7, 0x89, 0xe1, 0x65, 0xff, 0xf7, 0xb5, 0x19, 0xd4, 0xf9, 0x1c,
-    0x3e, 0x03, 0xac, 0xbf, 0xde, 0x6e, 0xd8, 0x71, 0xe5, 0x97, 0xee, 0x47,
-    0x78, 0x75, 0x95, 0x07, 0xb7, 0xc3, 0x3b, 0x72, 0x72, 0xa1, 0x28, 0x23,
-    0x91, 0x80, 0xc7, 0x71, 0xff, 0xb2, 0x2e, 0x8c, 0xb5, 0x0a, 0xea, 0x92,
-    0xe3, 0x67, 0x50, 0xc2, 0x3c, 0x31, 0xdc, 0x8b, 0xd2, 0x90, 0x6f, 0xfb,
-    0xcd, 0xb4, 0x74, 0x0d, 0x42, 0xcb, 0xbf, 0xb2, 0xcb, 0xdc, 0xf6, 0x2c,
-    0xbb, 0x39, 0x38, 0xfb, 0xbb, 0x3a, 0x10, 0x62, 0xfc, 0xe0, 0x9f, 0x63,
-    0xac, 0xbf, 0xbb, 0x6e, 0x06, 0x4c, 0xb2, 0xf1, 0x07, 0x8b, 0x2b, 0xe7,
-    0x95, 0xbc, 0xba, 0xff, 0xec, 0xf3, 0x75, 0x22, 0x81, 0x40, 0xa9, 0x3e,
-    0xb2, 0xff, 0x9d, 0xbc, 0xc5, 0xe0, 0xfd, 0x65, 0xef, 0xb6, 0xf5, 0x97,
-    0x06, 0x5f, 0x3d, 0x51, 0x0d, 0xef, 0xff, 0xf6, 0x6f, 0x1c, 0x7b, 0x81,
-    0xd1, 0x60, 0xff, 0x06, 0x42, 0xcb, 0xfc, 0x6f, 0xba, 0xed, 0xb5, 0xc5,
-    0x97, 0xec, 0xf0, 0x1f, 0xcb, 0x2a, 0x13, 0xb8, 0x91, 0x26, 0xa1, 0x4b,
-    0xf2, 0xf0, 0xb1, 0x4f, 0x9b, 0xdf, 0xff, 0xa3, 0xef, 0x85, 0x1a, 0x34,
-    0x61, 0x7d, 0x49, 0x65, 0x49, 0x58, 0xef, 0x0f, 0xbd, 0x28, 0xb3, 0x75,
-    0x7e, 0xa1, 0x97, 0xe6, 0x37, 0x2c, 0x85, 0x9b, 0x47, 0xbe, 0xf3, 0x97,
-    0xa1, 0x97, 0xd3, 0x79, 0x9e, 0x4b, 0x2d, 0x3e, 0xb2, 0xbe, 0x6b, 0xe7,
-    0xc6, 0xef, 0xf6, 0x14, 0xb3, 0x82, 0x1d, 0x65, 0xf8, 0xfc, 0x03, 0xba,
-    0xca, 0xf1, 0xed, 0x08, 0x67, 0x7f, 0xb0, 0xa7, 0x7f, 0x3a, 0x31, 0x65,
-    0xfd, 0x1f, 0x6d, 0xf9, 0x32, 0xca, 0xd1, 0xf2, 0x80, 0xda, 0xff, 0xa4,
-    0x41, 0x04, 0xee, 0xce, 0x05, 0x95, 0xb2, 0x6c, 0xb2, 0x7e, 0xc8, 0x44,
-    0x74, 0x45, 0x7f, 0xd9, 0xd4, 0xbf, 0xbb, 0xbb, 0x1b, 0x8b, 0x2f, 0xfd,
-    0xfe, 0x34, 0x9b, 0xd1, 0xee, 0x2c, 0xbf, 0xfc, 0x02, 0x0f, 0x3d, 0xc8,
-    0xd6, 0x75, 0xe5, 0x94, 0xe8, 0x89, 0x23, 0xeb, 0xff, 0x9b, 0x53, 0x9e,
-    0x25, 0x04, 0x19, 0x2c, 0xbe, 0x8d, 0x66, 0xf5, 0x97, 0xef, 0xb4, 0xfb,
-    0xec, 0xb2, 0xa4, 0x89, 0x2e, 0x22, 0x78, 0x8e, 0xff, 0x03, 0x98, 0x59,
-    0xc0, 0xac, 0xac, 0x3e, 0x27, 0x30, 0xb4, 0x96, 0x5f, 0xe8, 0xce, 0xbd,
-    0x9a, 0x85, 0x95, 0xa3, 0xc3, 0x21, 0x1b, 0xff, 0x47, 0xc4, 0xe1, 0x67,
-    0xbf, 0x8b, 0x2f, 0xfe, 0xf8, 0x79, 0xc8, 0xd7, 0x78, 0x26, 0x2c, 0xbd,
-    0x80, 0x75, 0x96, 0xde, 0xc7, 0xc3, 0xf4, 0x6b, 0xd0, 0x0c, 0x59, 0x7f,
-    0xf4, 0x8d, 0x71, 0x3c, 0xda, 0x80, 0x8a, 0xd6, 0x57, 0xcf, 0x95, 0xc6,
-    0xeb, 0x11, 0x5e, 0x18, 0x47, 0x5f, 0xf3, 0xf4, 0x1d, 0xa0, 0xa3, 0xa5,
-    0x95, 0x0b, 0x8b, 0x18, 0x88, 0xd0, 0xcc, 0xfc, 0x62, 0xae, 0xc6, 0x02,
-    0x12, 0x8d, 0x38, 0x24, 0xf7, 0xff, 0xe3, 0x5b, 0xc5, 0x92, 0xeb, 0xc4,
-    0xdb, 0x70, 0x2b, 0x2f, 0xb7, 0x8c, 0x70, 0xb2, 0xff, 0xec, 0xd4, 0xec,
-    0xfb, 0x9a, 0x41, 0xe2, 0xca, 0x64, 0x60, 0xba, 0xb8, 0x49, 0x2f, 0xff,
-    0xed, 0x4a, 0x70, 0xff, 0x13, 0x8b, 0x3a, 0xf4, 0x61, 0x8b, 0x2e, 0xe7,
-    0x16, 0x5f, 0xa3, 0x3d, 0xc7, 0x59, 0x78, 0xc3, 0x0c, 0x59, 0x70, 0x1d,
-    0x20, 0xb3, 0x41, 0x7f, 0xb5, 0x1b, 0xf3, 0x0e, 0x35, 0x94, 0xc9, 0x8c,
-    0xe9, 0x80, 0xe2, 0xfc, 0x46, 0x09, 0x45, 0xff, 0xb3, 0x84, 0xe6, 0xcc,
-    0x4d, 0x32, 0xcb, 0xf8, 0x11, 0x2f, 0x89, 0xc5, 0x97, 0xfc, 0xc0, 0x13,
-    0x37, 0x90, 0x78, 0xb2, 0xfd, 0xc0, 0x83, 0x09, 0x65, 0xfc, 0xc4, 0x0e,
-    0xfb, 0x65, 0x97, 0x9c, 0x18, 0x92, 0xa4, 0xaa, 0xa8, 0xf1, 0xa3, 0xfd,
-    0x28, 0x07, 0xe4, 0x5f, 0xe3, 0xbd, 0xe4, 0xf3, 0xe5, 0xd7, 0xd0, 0x36,
-    0x1a, 0xcb, 0xfb, 0x9f, 0x6e, 0xdf, 0x4b, 0x2f, 0xc3, 0xd3, 0x07, 0x65,
-    0x97, 0xec, 0xf7, 0x1f, 0xa5, 0x97, 0xf8, 0xcc, 0x2c, 0xde, 0xda, 0x59,
-    0x7f, 0x16, 0x74, 0x01, 0x24, 0xb2, 0xff, 0xfb, 0x9e, 0xcf, 0x88, 0x7c,
-    0xee, 0x3f, 0x07, 0x59, 0x6e, 0x2c, 0xac, 0x4d, 0x12, 0x62, 0xed, 0x14,
-    0x91, 0x47, 0x8d, 0x02, 0x5e, 0x62, 0x8d, 0xfb, 0x33, 0xdf, 0xc5, 0x97,
-    0x39, 0xd6, 0x5f, 0xff, 0xd8, 0x45, 0x12, 0xd4, 0x70, 0xb3, 0x7b, 0x7c,
-    0x2b, 0x2f, 0xf8, 0x3c, 0xf4, 0x4c, 0x1e, 0xb8, 0xb2, 0xf9, 0xb5, 0xa8,
-    0x59, 0x7f, 0xb3, 0x7e, 0x0b, 0x30, 0xc3, 0x12, 0x5e, 0x33, 0x3e, 0xb2,
-    0xfd, 0x34, 0x67, 0xf8, 0xb2, 0xa7, 0x23, 0x73, 0xe7, 0x84, 0x43, 0xe3,
-    0xa1, 0x07, 0x6f, 0xf0, 0xae, 0x03, 0xdf, 0xdb, 0x4b, 0x2f, 0x1d, 0xfc,
-    0xb2, 0xfe, 0x28, 0x98, 0x2e, 0x22, 0xca, 0x99, 0x50, 0xc9, 0xc5, 0xbf,
-    0x19, 0xa8, 0x53, 0x37, 0x9c, 0x08, 0x39, 0x7f, 0xfd, 0x83, 0x76, 0x27,
-    0xf3, 0x14, 0xb9, 0x8b, 0x2f, 0xef, 0xbe, 0x9b, 0x34, 0xb2, 0xa0, 0xfd,
-    0xdd, 0x2e, 0x96, 0x5f, 0x75, 0xdb, 0x69, 0x65, 0x81, 0x3d, 0x9a, 0xff,
-    0x05, 0xdf, 0xed, 0xff, 0x6c, 0x93, 0xef, 0x59, 0x7e, 0xde, 0xe7, 0x63,
-    0xac, 0xa8, 0x44, 0x5e, 0x16, 0x11, 0xb5, 0xfb, 0x26, 0x94, 0x49, 0x65,
-    0xf4, 0x08, 0xc0, 0x59, 0x7f, 0xc7, 0x79, 0x64, 0xa0, 0x1c, 0x59, 0x7f,
-    0xfc, 0xde, 0xe7, 0xd8, 0x67, 0xf1, 0x46, 0x74, 0xb2, 0xb6, 0x45, 0x48,
-    0x08, 0xbc, 0x71, 0x7f, 0x6c, 0x38, 0xc2, 0x1a, 0xca, 0x85, 0xf9, 0x69,
-    0x3e, 0xb4, 0x6c, 0xbf, 0x65, 0x79, 0x47, 0xe5, 0x0d, 0xae, 0x43, 0x6b,
-    0xc5, 0xa1, 0x86, 0x88, 0x86, 0x37, 0x9c, 0x0c, 0xb2, 0xff, 0xd9, 0xbe,
-    0x23, 0xf1, 0xb4, 0x74, 0xb2, 0xff, 0x86, 0x41, 0xe6, 0x6d, 0x9b, 0x2c,
-    0xbd, 0x1a, 0x25, 0x97, 0xfb, 0x06, 0x4f, 0xc6, 0x1a, 0xcb, 0x7d, 0x65,
-    0xe0, 0xbe, 0xc4, 0x78, 0x5c, 0x31, 0xad, 0x22, 0x43, 0xcb, 0xb7, 0xc7,
-    0xe6, 0x1d, 0x65, 0x31, 0xe2, 0xb9, 0x1d, 0xfd, 0x1a, 0xf7, 0xb3, 0x71,
-    0x65, 0xd1, 0xbd, 0x65, 0x1d, 0x3d, 0x2f, 0x8d, 0xba, 0x00, 0xae, 0x30,
-    0xf2, 0x20, 0xdd, 0x30, 0xbf, 0x84, 0x19, 0x46, 0x6c, 0xb2, 0xc4, 0xb2,
-    0xfa, 0x36, 0x89, 0x2c, 0xa1, 0x9f, 0x03, 0x97, 0x10, 0x85, 0xfd, 0xf6,
-    0xf1, 0x41, 0xd6, 0x5f, 0xfe, 0xc1, 0xb9, 0xf3, 0xa9, 0x60, 0x30, 0x6b,
-    0x2e, 0xfb, 0xac, 0xba, 0x6e, 0x2c, 0xbf, 0x66, 0xf6, 0x21, 0xe1, 0xae,
-    0x10, 0x5a, 0xfe, 0x9d, 0xec, 0xe7, 0x21, 0x65, 0xf6, 0x75, 0xe8, 0x59,
-    0x7f, 0xf3, 0xeb, 0x0d, 0x6d, 0x66, 0xf7, 0xd2, 0xca, 0xf9, 0xf3, 0xef,
-    0x22, 0xbf, 0xf1, 0x66, 0xb4, 0xc7, 0xce, 0xbc, 0xb2, 0xfd, 0xba, 0xfb,
-    0x09, 0x25, 0x95, 0x39, 0x3d, 0xa1, 0x6e, 0xf0, 0x7d, 0x90, 0x96, 0xe1,
-    0x20, 0x4f, 0xae, 0xfb, 0xac, 0xbf, 0xf7, 0xd9, 0xc1, 0x85, 0x1d, 0x71,
-    0x65, 0x87, 0x87, 0xa7, 0xe1, 0x6b, 0xfe, 0x29, 0x7f, 0x08, 0xa0, 0xc5,
-    0x97, 0xff, 0x9f, 0x68, 0xd6, 0x9e, 0x53, 0x80, 0x3c, 0x59, 0x58, 0x88,
-    0x32, 0x37, 0xbf, 0xf1, 0x67, 0xbe, 0xd1, 0xb8, 0x7c, 0x59, 0x7f, 0xda,
-    0xd3, 0xca, 0x76, 0xf8, 0xdc, 0x59, 0x50, 0x7f, 0xf8, 0x7f, 0x50, 0x8c,
-    0x09, 0x42, 0x82, 0xb4, 0xa9, 0x0c, 0xa1, 0x65, 0xe8, 0xda, 0xaf, 0xd8,
-    0x4f, 0xee, 0x2c, 0xbf, 0xb9, 0xfc, 0x26, 0xe2, 0xcb, 0xfb, 0xb3, 0x1c,
-    0x8a, 0x16, 0x54, 0x8f, 0xff, 0x44, 0xc4, 0x59, 0x7d, 0x37, 0xdb, 0x4b,
-    0x2f, 0x9c, 0x62, 0x1d, 0x65, 0xd9, 0xc1, 0x49, 0xe3, 0x48, 0x8e, 0xa1,
-    0x77, 0x5b, 0x0b, 0x5a, 0x71, 0x25, 0xe1, 0x76, 0x4e, 0x97, 0xfd, 0x83,
-    0xc2, 0x82, 0x0c, 0x2c, 0xb1, 0x8b, 0x2f, 0xff, 0x03, 0x3a, 0xf4, 0x75,
-    0x2f, 0x02, 0x24, 0xb2, 0xff, 0x78, 0x9b, 0xae, 0x08, 0x75, 0x94, 0x48,
-    0x81, 0xe2, 0x65, 0xf9, 0xdf, 0xa9, 0x71, 0x65, 0x42, 0x37, 0x5a, 0x12,
-    0x7a, 0x22, 0xa8, 0x84, 0x13, 0x3e, 0xd2, 0x87, 0x25, 0x4b, 0xf8, 0x1d,
-    0x27, 0x23, 0x25, 0x51, 0x1b, 0x29, 0x4b, 0xb9, 0xf2, 0x3e, 0xa3, 0x30,
-    0x68, 0xe9, 0x26, 0x94, 0x0f, 0xaa, 0xdb, 0xb8, 0xf3, 0xd2, 0x3f, 0xa5,
-    0x6b, 0x3c, 0x34, 0x41, 0x1e, 0x81, 0x56, 0x43, 0x3c, 0x9e, 0x5d, 0xf5,
-    0x2e, 0x04, 0x32, 0x9e, 0x77, 0xcf, 0x4c, 0x88, 0xab, 0xbb, 0x18, 0x95,
-    0xfe, 0xd1, 0x47, 0xa5, 0x9f, 0x59, 0x7b, 0x90, 0x05, 0x95, 0x87, 0x9d,
-    0xe3, 0x2b, 0xff, 0x7f, 0x07, 0xfc, 0x72, 0xcd, 0xc5, 0x97, 0xf4, 0x8b,
-    0x3b, 0x6f, 0x2c, 0xbf, 0xf8, 0xbb, 0x35, 0xf9, 0x92, 0x82, 0xed, 0x65,
-    0xf6, 0x0d, 0xe4, 0xb2, 0xe6, 0xd9, 0x65, 0x00, 0xdc, 0x78, 0x86, 0xb1,
-    0x30, 0xae, 0x8f, 0xd8, 0xb4, 0x9f, 0x6f, 0xfb, 0xdc, 0xfb, 0x41, 0xdc,
-    0x6b, 0x2f, 0x87, 0xa7, 0x92, 0xcb, 0xc2, 0x40, 0x16, 0x5f, 0x7c, 0x31,
-    0xc5, 0x97, 0x9d, 0xc0, 0xb2, 0xf7, 0xe3, 0x90, 0x6f, 0x74, 0x45, 0x7f,
-    0xef, 0xb1, 0x47, 0x5c, 0x63, 0xc2, 0xcb, 0xdc, 0x8d, 0x2c, 0xbb, 0xdc,
-    0x1a, 0x22, 0xbb, 0x31, 0xe8, 0xf6, 0xa1, 0x37, 0xc3, 0x4e, 0x1c, 0x88,
-    0x30, 0xe4, 0xbd, 0x2f, 0x1d, 0x65, 0xfc, 0x59, 0x29, 0x3f, 0x16, 0x5f,
-    0xd0, 0x27, 0x07, 0xd1, 0xd6, 0x57, 0x67, 0xb8, 0x45, 0x97, 0xf3, 0x99,
-    0x80, 0x13, 0xcb, 0x2e, 0x1b, 0x2c, 0xbe, 0xeb, 0x91, 0xd2, 0xcb, 0x9e,
-    0x53, 0x8d, 0xd3, 0x0b, 0x5e, 0x37, 0xec, 0xb2, 0xff, 0xe9, 0xb5, 0x1b,
-    0xff, 0x0d, 0xa6, 0x99, 0x65, 0x48, 0xf9, 0x3a, 0x1d, 0xbf, 0x87, 0xfc,
-    0xf7, 0x1d, 0x65, 0xfe, 0xe1, 0x61, 0xdd, 0xf6, 0x59, 0x4e, 0x7b, 0xe1,
-    0x2d, 0xbf, 0xb9, 0x83, 0x6e, 0x6c, 0xb2, 0xf4, 0xa0, 0x0b, 0x2f, 0xc2,
-    0x4d, 0x28, 0xdc, 0x49, 0x50, 0xbb, 0xa9, 0x91, 0x95, 0x9b, 0x1d, 0xc7,
-    0x68, 0x4c, 0xf3, 0xa2, 0x2f, 0xb4, 0xbc, 0x24, 0x4a, 0x10, 0x5c, 0x21,
-    0xf1, 0x70, 0x83, 0x97, 0xf0, 0xf4, 0xfd, 0xbf, 0x6b, 0x2f, 0xff, 0xf8,
-    0x55, 0x6d, 0x13, 0xc1, 0xe0, 0x55, 0x0a, 0x05, 0x5f, 0xb6, 0x04, 0xe9,
-    0xdf, 0x9f, 0x59, 0x6e, 0xd6, 0x5f, 0xf8, 0x82, 0xe2, 0x67, 0x1a, 0x09,
-    0x65, 0xfa, 0x5c, 0xf6, 0xf0, 0x2c, 0xa3, 0x4f, 0x9f, 0xa3, 0xcb, 0xd3,
-    0xec, 0x35, 0x95, 0xa3, 0xc3, 0x39, 0x25, 0xfd, 0x38, 0xb3, 0x7b, 0xe9,
-    0x65, 0xe8, 0x7d, 0x2c, 0xbf, 0xb7, 0x89, 0xef, 0x07, 0xeb, 0x2f, 0xe3,
-    0xfb, 0xf1, 0xbe, 0x16, 0x5f, 0x61, 0x76, 0x05, 0x97, 0xfb, 0xd2, 0x8f,
-    0x7d, 0xe4, 0xb2, 0xff, 0xde, 0x09, 0xff, 0x0c, 0x4e, 0x35, 0x97, 0xd2,
-    0x93, 0xf9, 0x65, 0x6c, 0x89, 0x2e, 0x8c, 0xdc, 0xf6, 0xf8, 0xdd, 0x39,
-    0x8b, 0x2e, 0xef, 0x7a, 0xcb, 0x08, 0xa8, 0x81, 0x56, 0xf2, 0xa8, 0x14,
-    0x56, 0x8f, 0x5f, 0xc3, 0x46, 0x0f, 0xd6, 0x22, 0xad, 0x9e, 0xef, 0xee,
-    0xdb, 0x6f, 0x38, 0xd6, 0x5f, 0xcc, 0x2b, 0xef, 0xf0, 0x62, 0xcb, 0xfd,
-    0xf6, 0x10, 0x58, 0x01, 0x09, 0x2b, 0x47, 0xd3, 0x3e, 0x67, 0x7e, 0xc3,
-    0xbb, 0xec, 0xb2, 0xfd, 0x1d, 0xfe, 0x34, 0xb2, 0xf7, 0xc2, 0x6a, 0xcb,
-    0xdb, 0xa2, 0xbe, 0x2c, 0xaf, 0x9e, 0x11, 0x0f, 0x56, 0xc9, 0xb7, 0xb4,
-    0x26, 0x08, 0x97, 0xc4, 0xe2, 0x35, 0x5f, 0xc7, 0xfc, 0x07, 0xa6, 0x59,
-    0x7f, 0xc4, 0x01, 0xfd, 0xc4, 0xcd, 0x96, 0x5f, 0xb0, 0x22, 0xbc, 0xe2,
-    0xca, 0x63, 0xe5, 0xf9, 0xd5, 0xff, 0xe2, 0x35, 0xdc, 0x80, 0x41, 0x7e,
-    0xa7, 0xa5, 0x97, 0xfb, 0xdc, 0x0f, 0x5e, 0x63, 0x16, 0x56, 0x22, 0x10,
-    0x93, 0xaf, 0xff, 0xd8, 0x64, 0x1c, 0x2e, 0x3f, 0x75, 0xdb, 0x11, 0x8b,
-    0x2f, 0xfd, 0xd7, 0xbb, 0xfb, 0x0f, 0xf9, 0xb2, 0xcb, 0xf9, 0xba, 0xe7,
-    0xd8, 0xc5, 0x96, 0x15, 0xac, 0xa0, 0x1e, 0x21, 0x17, 0xd6, 0x22, 0x9f,
-    0x50, 0x86, 0xbf, 0x9f, 0x99, 0x84, 0x6a, 0xca, 0xc3, 0xd3, 0x09, 0x3d,
-    0xe7, 0x73, 0x16, 0x54, 0x27, 0x60, 0x32, 0x1f, 0xc6, 0xa4, 0x44, 0x37,
-    0xfb, 0xdc, 0x9d, 0x87, 0x61, 0xac, 0xbf, 0xe7, 0xd4, 0xc5, 0x00, 0xe0,
-    0x56, 0x54, 0x1f, 0x70, 0xcd, 0x6f, 0xde, 0xc0, 0x97, 0x96, 0x5f, 0xa5,
-    0xc1, 0x23, 0x71, 0x65, 0xa3, 0x0f, 0x4d, 0xc9, 0xef, 0xfd, 0x38, 0x9c,
-    0xd9, 0xdc, 0x00, 0x21, 0x65, 0xff, 0xed, 0x82, 0x0e, 0x49, 0xb9, 0xc8,
-    0xd4, 0x96, 0x59, 0x8d, 0x44, 0x7e, 0x90, 0xef, 0xf3, 0xff, 0xae, 0x41,
-    0x79, 0x65, 0x49, 0x31, 0x0e, 0x42, 0xd3, 0xc5, 0x37, 0xff, 0xf8, 0x7f,
-    0x8e, 0xfe, 0xd3, 0x3b, 0xc8, 0xd7, 0x11, 0xf7, 0x16, 0x5f, 0xff, 0xfb,
-    0xee, 0xdc, 0x69, 0x60, 0xfd, 0xf8, 0x6d, 0x69, 0x8b, 0x65, 0x97, 0xc5,
-    0x9b, 0xf1, 0x65, 0x6c, 0x8f, 0x23, 0xb3, 0x18, 0xd5, 0x7f, 0xbe, 0xd3,
-    0x4a, 0x0a, 0x4b, 0x2f, 0xff, 0xe8, 0xf7, 0x04, 0x2f, 0x7c, 0x2f, 0x2f,
-    0x73, 0x0c, 0x59, 0x7f, 0xe8, 0xdb, 0x3d, 0x2c, 0x26, 0x1a, 0xcb, 0xff,
-    0x39, 0x9e, 0xcf, 0xf9, 0xa3, 0x71, 0x65, 0xff, 0xa0, 0xce, 0x0a, 0x5f,
-    0xbc, 0xeb, 0xcb, 0x2a, 0x13, 0x85, 0xec, 0xcb, 0x46, 0x7f, 0x5d, 0x23,
-    0xdf, 0x20, 0xdf, 0x4b, 0xf9, 0xb2, 0xcb, 0xe6, 0xdb, 0xb9, 0x2c, 0xbf,
-    0xe8, 0xe8, 0xef, 0xec, 0xeb, 0xcb, 0x2e, 0x7d, 0x96, 0x57, 0x48, 0x98,
-    0xd1, 0x19, 0x12, 0x18, 0x75, 0x7b, 0xef, 0xc5, 0x96, 0xe9, 0x65, 0x41,
-    0xae, 0x18, 0xe5, 0xfe, 0x3b, 0xf0, 0xa3, 0x0d, 0x59, 0x60, 0xac, 0xbf,
-    0xe0, 0x87, 0xed, 0xef, 0xbc, 0x96, 0x5e, 0x96, 0x79, 0x65, 0xf3, 0xff,
-    0x34, 0xb2, 0xbe, 0x6f, 0x77, 0x8e, 0x5f, 0x83, 0xfd, 0x41, 0x8b, 0x2e,
-    0x9f, 0x75, 0x97, 0x47, 0x73, 0x93, 0x3e, 0xc2, 0x03, 0x4c, 0x8e, 0x22,
-    0xee, 0xde, 0x23, 0x10, 0xa6, 0xf1, 0x0a, 0xf8, 0xb2, 0xfa, 0x5f, 0x6d,
-    0xeb, 0x2f, 0x41, 0x7a, 0x71, 0xe2, 0x31, 0x05, 0xda, 0x75, 0x97, 0xff,
-    0x6f, 0x6e, 0x73, 0x0b, 0xb7, 0x20, 0x2c, 0xbf, 0xdf, 0x61, 0x8f, 0x0c,
-    0x99, 0x65, 0xe6, 0xeb, 0x8b, 0x2f, 0xd9, 0xbf, 0x24, 0x2b, 0x59, 0x46,
-    0x9e, 0x57, 0xc7, 0x6c, 0x0c, 0x47, 0x3f, 0x68, 0xbe, 0x7f, 0xbe, 0x13,
-    0xef, 0xe5, 0x96, 0x8d, 0x1e, 0xc9, 0xcd, 0xa9, 0x93, 0xb0, 0xd1, 0x9f,
-    0xe3, 0x56, 0xbf, 0xf3, 0xf5, 0xcc, 0xf3, 0x1d, 0xe4, 0xb2, 0xde, 0x59,
-    0x40, 0x3c, 0xf1, 0x0f, 0xaf, 0xff, 0x89, 0xf3, 0xed, 0xaf, 0xb8, 0x7f,
-    0x87, 0x59, 0x7f, 0xef, 0xb7, 0x7f, 0xcf, 0x61, 0xb2, 0x59, 0x43, 0x44,
-    0x6e, 0x26, 0xdf, 0xff, 0xf9, 0xf4, 0x68, 0xff, 0x1c, 0xfe, 0x75, 0x2f,
-    0x34, 0xd1, 0xc0, 0xac, 0xac, 0x44, 0x8b, 0x91, 0x5f, 0x14, 0xee, 0xe6,
-    0x59, 0x7f, 0xff, 0xa6, 0x28, 0x3e, 0xa3, 0xbc, 0xd6, 0x7d, 0xb5, 0xf7,
-    0x59, 0x7f, 0xfc, 0xfa, 0x04, 0xfe, 0x6a, 0x24, 0xdd, 0x7b, 0x16, 0x5f,
-    0xff, 0xfc, 0x1e, 0x7d, 0xe5, 0xc9, 0x37, 0x84, 0xd4, 0x7e, 0x3d, 0xc7,
-    0xe9, 0x65, 0xff, 0xe7, 0x06, 0x14, 0x4a, 0x27, 0x41, 0xce, 0xb2, 0xfd,
-    0x18, 0x5e, 0x9f, 0x59, 0x7f, 0x37, 0x40, 0xd3, 0x8d, 0x65, 0xff, 0xed,
-    0xe5, 0x9c, 0x9d, 0x84, 0x19, 0x67, 0x16, 0x52, 0xca, 0xc3, 0xd7, 0x3a,
-    0x65, 0x1d, 0x19, 0xff, 0x29, 0x28, 0x42, 0xdf, 0xbf, 0x1a, 0xe3, 0x2c,
-    0xbb, 0x5b, 0x8b, 0x2f, 0x48, 0x23, 0x59, 0x73, 0xf5, 0x39, 0x12, 0x43,
-    0x34, 0x98, 0x9d, 0xc6, 0xaf, 0xf3, 0x90, 0x8f, 0x2c, 0x1a, 0xca, 0x85,
-    0x6e, 0x78, 0x4c, 0xcc, 0x1a, 0x52, 0x27, 0x4e, 0x47, 0x54, 0x14, 0xbb,
-    0xf9, 0xb4, 0x28, 0xe7, 0x99, 0x65, 0xff, 0xfd, 0x85, 0xb7, 0x39, 0x00,
-    0xcf, 0xb6, 0x9c, 0xcf, 0x2c, 0xbf, 0x87, 0x84, 0x6e, 0xa1, 0x65, 0xd3,
-    0xfd, 0x2c, 0xa9, 0x36, 0x59, 0x83, 0x94, 0xab, 0xdc, 0x2c, 0x3a, 0x8e,
-    0x12, 0x69, 0x55, 0xba, 0x87, 0x79, 0xe3, 0xaa, 0xfc, 0xa6, 0x70, 0x42,
-    0x14, 0xa3, 0x41, 0xf4, 0xb9, 0x4d, 0xed, 0x06, 0x18, 0xcf, 0xad, 0x88,
-    0x5b, 0x7c, 0xfb, 0x04, 0xc5, 0x97, 0x0a, 0xf7, 0x56, 0x5e, 0x63, 0xe2,
-    0xcb, 0xa0, 0xd5, 0x95, 0x23, 0xf4, 0xe8, 0x93, 0x43, 0xc6, 0x0d, 0xdb,
-    0xb5, 0x97, 0xff, 0xf6, 0x0f, 0xf0, 0x61, 0x63, 0x6d, 0x3e, 0x1f, 0xb6,
-    0x96, 0x56, 0xe1, 0xf8, 0x10, 0x95, 0x43, 0x6c, 0x19, 0x8a, 0x0d, 0x59,
-    0xaf, 0xbc, 0x71, 0x61, 0x85, 0x75, 0xf4, 0x76, 0xdd, 0xac, 0xbd, 0xa6,
-    0x31, 0x65, 0xfe, 0xe6, 0x68, 0x64, 0xf2, 0x59, 0x43, 0x3c, 0xfe, 0x0e,
-    0xdf, 0xe7, 0x9c, 0x58, 0x00, 0xf1, 0x65, 0xef, 0xe0, 0x16, 0x5a, 0x16,
-    0x5f, 0xff, 0x4c, 0xef, 0x2e, 0x41, 0xc7, 0xf8, 0x2e, 0xd6, 0x54, 0x1f,
-    0x03, 0x08, 0x5f, 0xf0, 0x7b, 0xcd, 0x6d, 0xb0, 0x76, 0x59, 0x7f, 0xd9,
-    0x34, 0xa3, 0xac, 0xeb, 0xcb, 0x2a, 0x72, 0x69, 0x30, 0x69, 0x8f, 0x87,
-    0x20, 0x23, 0xeb, 0xdb, 0x37, 0x4b, 0x2e, 0xf8, 0xd6, 0x56, 0xc7, 0xfe,
-    0xc9, 0x5c, 0x1e, 0xa9, 0x2a, 0x8b, 0x1b, 0x96, 0xa3, 0xea, 0xbe, 0x1f,
-    0xc3, 0xb2, 0xcb, 0xf9, 0xe5, 0x9b, 0x04, 0x96, 0x5d, 0x83, 0x59, 0x43,
-    0x3c, 0x3e, 0xcb, 0x6f, 0xfd, 0xac, 0xdc, 0x9b, 0xee, 0x76, 0xe2, 0xcb,
-    0xfe, 0xcf, 0x79, 0x8c, 0x3b, 0x79, 0x65, 0xb6, 0x84, 0xc1, 0x71, 0x9f,
-    0x44, 0x7f, 0x42, 0xb3, 0x2c, 0xb8, 0x57, 0x8b, 0x2b, 0x0f, 0xb7, 0x48,
-    0x6e, 0x21, 0x7f, 0xed, 0xed, 0xe9, 0x44, 0xef, 0x40, 0x56, 0x5a, 0x65,
-    0x97, 0xb7, 0xe0, 0xd6, 0x5f, 0xa7, 0xc3, 0xfc, 0xed, 0x65, 0xc7, 0xe2,
-    0xca, 0xc4, 0x5a, 0xcc, 0x84, 0x71, 0x2f, 0x0f, 0x04, 0xb2, 0xfe, 0x8f,
-    0x30, 0x22, 0x4b, 0x2e, 0x93, 0xac, 0xad, 0x1e, 0x13, 0x96, 0x5f, 0xdd,
-    0x6c, 0xf2, 0x8d, 0xc5, 0x97, 0x14, 0x96, 0x54, 0x1e, 0x46, 0xc6, 0x57,
-    0x19, 0x0b, 0x2a, 0x73, 0xa2, 0x17, 0x9e, 0x8b, 0xc5, 0x30, 0x8d, 0x88,
-    0x5e, 0x6c, 0x45, 0x23, 0x0c, 0x1b, 0x34, 0xcb, 0xb2, 0xf6, 0x85, 0xa1,
-    0xe1, 0xb9, 0xfa, 0xde, 0x71, 0xe5, 0x75, 0x94, 0x75, 0x5c, 0x87, 0x17,
-    0xa1, 0x18, 0x16, 0x99, 0xf2, 0x2b, 0xff, 0x0a, 0x44, 0x83, 0xf7, 0xf7,
-    0xe8, 0x0b, 0x2f, 0xf4, 0xa6, 0xc2, 0x7f, 0xe2, 0xcb, 0xee, 0xa5, 0x07,
-    0x59, 0x7f, 0xd0, 0x5b, 0x73, 0x0f, 0x1b, 0x8b, 0x2f, 0xff, 0xb6, 0xf6,
-    0x73, 0xe1, 0xe4, 0x6c, 0x12, 0x85, 0x97, 0x47, 0xd6, 0x5f, 0xcf, 0x30,
-    0xe0, 0xb6, 0x59, 0x5b, 0x23, 0xcc, 0x64, 0x78, 0x76, 0x4a, 0x3b, 0xc5,
-    0xaf, 0xf7, 0xdf, 0xdc, 0x33, 0x3e, 0xb2, 0xfa, 0x26, 0x6f, 0xac, 0xbf,
-    0xd1, 0xe2, 0xcd, 0x9b, 0x4b, 0x2f, 0x6e, 0xc1, 0xd6, 0x56, 0x22, 0x9d,
-    0xcd, 0x38, 0x45, 0xba, 0x65, 0x7e, 0x21, 0xfe, 0x24, 0xb2, 0xf1, 0x47,
-    0x6b, 0x2f, 0xa2, 0x59, 0xc5, 0x97, 0xfc, 0xe6, 0x08, 0x45, 0x9d, 0x49,
-    0x65, 0x61, 0xfb, 0xfc, 0x71, 0xc8, 0x6f, 0xb7, 0x60, 0xbb, 0x59, 0x7f,
-    0x7f, 0x0d, 0x78, 0xd9, 0x65, 0xf4, 0x4d, 0xa8, 0x59, 0x68, 0x59, 0x6c,
-    0x59, 0x5a, 0x34, 0x07, 0x10, 0xa3, 0x9f, 0x1f, 0xd0, 0xaf, 0xa0, 0x22,
-    0xb6, 0x59, 0x7d, 0xc2, 0x83, 0x16, 0x5f, 0x87, 0xfc, 0x29, 0x2c, 0xac,
-    0x3c, 0x97, 0x22, 0xbd, 0x26, 0x02, 0xcb, 0xff, 0xfb, 0x3d, 0xc1, 0x39,
-    0xef, 0xb9, 0x1b, 0x9b, 0xe0, 0xc5, 0x97, 0xdc, 0xf3, 0x4c, 0xb2, 0x8e,
-    0x88, 0x27, 0x5f, 0xbf, 0xcd, 0xa8, 0xd9, 0xf5, 0xda, 0xcb, 0xbb, 0x99,
-    0x65, 0xbd, 0x39, 0x5b, 0xe4, 0x1f, 0x0e, 0x13, 0xd8, 0x5b, 0xd9, 0x2b,
-    0x42, 0x47, 0x44, 0x5f, 0x6e, 0x72, 0x0e, 0x42, 0x7b, 0xc4, 0x53, 0xe6,
-    0x97, 0xff, 0xb5, 0xd9, 0x66, 0xf2, 0xc8, 0xd4, 0x71, 0x65, 0xff, 0x8e,
-    0xd9, 0xd6, 0x30, 0xe3, 0x75, 0x65, 0xfe, 0x79, 0xbf, 0x87, 0xce, 0x2c,
-    0xac, 0x45, 0xee, 0x92, 0xb7, 0xa0, 0x5e, 0x9f, 0x8f, 0x2c, 0xbe, 0x8d,
-    0xed, 0xbd, 0x65, 0xd8, 0x75, 0x96, 0x36, 0x71, 0xbb, 0x62, 0x5a, 0xd9,
-    0x10, 0x64, 0xb5, 0x7e, 0x37, 0xd9, 0x87, 0x59, 0x7f, 0xe9, 0x49, 0xbb,
-    0x83, 0xcd, 0xc8, 0x59, 0x7f, 0xfb, 0x61, 0x3e, 0xd0, 0x5b, 0x00, 0xf1,
-    0x25, 0x95, 0x88, 0xd7, 0x62, 0x37, 0x28, 0x0a, 0x05, 0xff, 0xc5, 0x86,
-    0x9a, 0xfe, 0xe3, 0x14, 0xcb, 0x2f, 0x64, 0x99, 0x65, 0x4c, 0x7c, 0x1a,
-    0x45, 0xbd, 0x9b, 0x12, 0xcb, 0xd8, 0x1e, 0x96, 0x57, 0xcd, 0xc9, 0x0e,
-    0x5f, 0xb0, 0x6d, 0xae, 0x2c, 0xbf, 0x09, 0x26, 0x07, 0x16, 0x5e, 0x0b,
-    0xe9, 0x65, 0xf7, 0x71, 0x9b, 0x2c, 0xa6, 0x37, 0xfa, 0x1c, 0xbd, 0xef,
-    0x74, 0xb2, 0xff, 0xee, 0xbb, 0x6f, 0xce, 0xdd, 0xcf, 0xb1, 0xd6, 0x50,
-    0x0f, 0xa7, 0xc3, 0xd7, 0x07, 0x4b, 0x2b, 0x11, 0x85, 0xc8, 0x44, 0xcf,
-    0x91, 0x56, 0xc9, 0xc4, 0x1c, 0x9c, 0xc8, 0xca, 0xaf, 0x84, 0xfe, 0x76,
-    0xb2, 0xfd, 0xcf, 0x3b, 0x92, 0xca, 0xe8, 0xf2, 0x8c, 0x24, 0xa8, 0x45,
-    0x3b, 0x42, 0x0e, 0xa1, 0x95, 0xbf, 0x93, 0x8d, 0xcd, 0x1b, 0xdf, 0xe3,
-    0x8b, 0x78, 0x4d, 0x71, 0x73, 0xd2, 0x93, 0xef, 0xfc, 0x4c, 0x27, 0x59,
-    0xbf, 0xa8, 0x11, 0x65, 0xa4, 0xb2, 0xff, 0xf3, 0x66, 0x87, 0x06, 0x67,
-    0xe3, 0xae, 0x2c, 0xbe, 0x12, 0x34, 0x05, 0x97, 0xfe, 0x8e, 0xbf, 0xf8,
-    0xda, 0x02, 0x75, 0x97, 0xff, 0x6b, 0x4e, 0x0c, 0xfb, 0x6b, 0xee, 0xb2,
-    0xd2, 0x59, 0x5c, 0x3d, 0x41, 0x10, 0xee, 0x7d, 0x2c, 0xbf, 0xff, 0x1b,
-    0x9e, 0x6e, 0x7c, 0x39, 0xe0, 0x38, 0xe1, 0x65, 0xfd, 0xe6, 0xd8, 0xf1,
-    0xda, 0xca, 0x1a, 0x26, 0xb4, 0x2d, 0xf5, 0x5b, 0xe9, 0x36, 0xa4, 0xb2,
-    0xfe, 0x04, 0xd2, 0x6d, 0x49, 0x64, 0xc6, 0x8a, 0xff, 0x7f, 0x3f, 0x9d,
-    0xbf, 0x6b, 0x2e, 0x6d, 0x96, 0x57, 0x67, 0x97, 0xe3, 0x4a, 0xe9, 0x15,
-    0xda, 0x84, 0x5d, 0xfe, 0xee, 0x66, 0x38, 0x5f, 0x8b, 0x2f, 0xb0, 0x3a,
-    0xd9, 0x65, 0xd1, 0xb8, 0xb2, 0xba, 0x3f, 0x13, 0x9a, 0xfc, 0x8e, 0xfb,
-    0x50, 0x1d, 0xc5, 0x97, 0xa0, 0x63, 0x59, 0x76, 0x6e, 0xac, 0xbe, 0x00,
-    0x85, 0x25, 0x96, 0x72, 0x37, 0x9e, 0x19, 0xbf, 0x73, 0x98, 0x40, 0x59,
-    0x40, 0x3c, 0xc2, 0x25, 0xa8, 0x55, 0x68, 0xd1, 0x80, 0x3c, 0x26, 0xb8,
-    0x61, 0xe2, 0x50, 0xc2, 0x92, 0xd3, 0x2c, 0xbf, 0xe0, 0xb8, 0x93, 0x4b,
-    0x3a, 0x92, 0xca, 0xe8, 0xf3, 0x88, 0x4a, 0xf8, 0x9f, 0xae, 0x2c, 0xbe,
-    0xf0, 0x0f, 0x8b, 0x2b, 0xc7, 0x88, 0x21, 0x15, 0x1d, 0x11, 0x20, 0x66,
-    0xba, 0x38, 0xb2, 0xfa, 0x3f, 0x03, 0x59, 0x5d, 0x9b, 0x79, 0x85, 0xaf,
-    0xf8, 0xd1, 0xfe, 0x34, 0x51, 0x25, 0x97, 0xef, 0xb1, 0x3e, 0xcb, 0x2f,
-    0xfa, 0x4f, 0xaf, 0x14, 0x1f, 0x8b, 0x2f, 0xf4, 0x0e, 0x34, 0x18, 0x02,
-    0xcb, 0xc5, 0x9d, 0x2c, 0xb7, 0x3b, 0x45, 0x6c, 0xc4, 0xe7, 0x38, 0x23,
-    0x2a, 0x84, 0xca, 0x8f, 0x0e, 0x6b, 0xff, 0xe8, 0xce, 0xbd, 0xfc, 0x69,
-    0x31, 0xa6, 0xe2, 0xcb, 0xf1, 0x46, 0xe9, 0x42, 0xcb, 0xff, 0xce, 0xfa,
-    0xdb, 0xef, 0xef, 0xb6, 0xa4, 0xb2, 0xfd, 0xa1, 0xfd, 0xa6, 0x59, 0x73,
-    0x98, 0x33, 0xf3, 0xc4, 0xab, 0xfe, 0x72, 0xcf, 0x79, 0x8c, 0xf2, 0xcb,
-    0xff, 0xff, 0xa6, 0x93, 0x17, 0xa0, 0x1b, 0xbe, 0x63, 0x75, 0x91, 0xd4,
-    0x98, 0xeb, 0x2a, 0x11, 0x5c, 0x47, 0x15, 0x0a, 0xed, 0xb1, 0x69, 0xa3,
-    0x4d, 0xd1, 0x43, 0xa8, 0x14, 0x26, 0xc3, 0x0d, 0xba, 0x14, 0x36, 0xdf,
-    0x10, 0x8d, 0x2a, 0x60, 0x26, 0x42, 0x10, 0xd4, 0x3e, 0xc4, 0x66, 0x4a,
-    0xf9, 0x18, 0x21, 0x29, 0xc9, 0x6e, 0x3e, 0x9c, 0xf3, 0xbf, 0x30, 0x81,
-    0x7e, 0x2c, 0xbf, 0xfb, 0xdd, 0x4b, 0x3c, 0xdb, 0xe0, 0xbb, 0x59, 0x7f,
-    0x40, 0x7a, 0x6e, 0xb7, 0x56, 0x5f, 0xb0, 0xcc, 0xeb, 0xcb, 0x2a, 0x71,
-    0xed, 0xb1, 0x95, 0xfe, 0xea, 0x58, 0x3f, 0xe6, 0xcb, 0x28, 0x69, 0x91,
-    0x74, 0x51, 0xa8, 0x51, 0x11, 0x1d, 0xfa, 0x35, 0xd4, 0xb8, 0xb2, 0xff,
-    0xff, 0xb5, 0x33, 0xfd, 0xb9, 0x13, 0x37, 0xbd, 0x9f, 0x03, 0x6f, 0x59,
-    0x5b, 0x22, 0x48, 0x25, 0x37, 0xb5, 0x9c, 0x59, 0x7e, 0x62, 0xdf, 0x92,
-    0x59, 0x7b, 0x1b, 0x65, 0x94, 0x69, 0xf0, 0x1c, 0x73, 0xe5, 0x17, 0xf4,
-    0x6d, 0x9e, 0xc3, 0xac, 0xbf, 0x09, 0x3b, 0xfc, 0xc5, 0x97, 0xff, 0x61,
-    0x07, 0xbf, 0xe1, 0xe6, 0x7e, 0xd6, 0x53, 0x23, 0x3b, 0x46, 0x00, 0x2d,
-    0xe1, 0x5d, 0xf1, 0xda, 0x06, 0xb2, 0xff, 0x11, 0xbf, 0x83, 0x9c, 0x96,
-    0x5f, 0xdb, 0x8d, 0x1b, 0xa1, 0xf2, 0xcb, 0xf4, 0x4d, 0x99, 0xda, 0xcb,
-    0xc5, 0x9b, 0xab, 0x2a, 0x11, 0x9b, 0x84, 0x2c, 0x67, 0xf3, 0x30, 0x94,
-    0x5e, 0x3b, 0xf9, 0x65, 0xf1, 0xde, 0x3a, 0x59, 0x44, 0x6f, 0x8c, 0x1c,
-    0xbf, 0xde, 0xe3, 0x6f, 0xd3, 0x71, 0x65, 0xff, 0x19, 0x26, 0xd0, 0x85,
-    0x28, 0x59, 0x73, 0x49, 0x65, 0x62, 0x21, 0x58, 0xd4, 0x8e, 0xaf, 0x1b,
-    0x1d, 0xac, 0xbf, 0xf7, 0xf2, 0x66, 0x98, 0x3b, 0xa1, 0xe2, 0xcb, 0xcd,
-    0xa3, 0x56, 0x5f, 0x79, 0xa3, 0xa5, 0x95, 0x08, 0xa1, 0x61, 0xe2, 0x44,
-    0xe0, 0xed, 0xff, 0x44, 0xd1, 0xef, 0xe6, 0xbb, 0x59, 0x7b, 0xf1, 0x32,
-    0xcb, 0x47, 0x47, 0xaf, 0xba, 0x75, 0x52, 0x45, 0xe7, 0x21, 0x23, 0x78,
-    0x99, 0x96, 0x5c, 0xfb, 0x2c, 0xbf, 0x9c, 0xf9, 0xbd, 0xf4, 0xb2, 0xb6,
-    0x3c, 0x53, 0x8b, 0xdf, 0xfa, 0x66, 0xfc, 0x75, 0x28, 0x9a, 0x16, 0x53,
-    0x1f, 0x18, 0x48, 0xef, 0x8f, 0x1e, 0x3a, 0xcb, 0xfe, 0xe0, 0x76, 0x89,
-    0xa7, 0x03, 0xcb, 0x2f, 0xc3, 0x72, 0x8f, 0xac, 0xbf, 0xa5, 0x1d, 0x7b,
-    0x3e, 0xb2, 0xff, 0xf7, 0xb8, 0xc0, 0x89, 0x73, 0x33, 0xaf, 0x2c, 0xa9,
-    0x8f, 0xe3, 0x85, 0xd5, 0xd2, 0x3f, 0xfe, 0x7c, 0x64, 0x27, 0xaf, 0xf1,
-    0xe2, 0x63, 0xc0, 0xe1, 0x65, 0xfa, 0x6c, 0x6d, 0xd1, 0xac, 0xb7, 0xd8,
-    0xf7, 0x9c, 0xce, 0xa1, 0x3d, 0xc6, 0x8c, 0x87, 0x90, 0x95, 0xbf, 0x67,
-    0x52, 0xfb, 0x2c, 0xbe, 0xdd, 0x20, 0xec, 0xb2, 0xa7, 0x1e, 0x71, 0xca,
-    0x2f, 0xe6, 0xfb, 0x4c, 0xdb, 0x2c, 0xb4, 0x2c, 0xae, 0x1b, 0xef, 0x17,
-    0x5f, 0xbc, 0xc5, 0x28, 0x59, 0x7f, 0x75, 0x2c, 0x0e, 0xb6, 0x59, 0x7f,
-    0xfb, 0x5a, 0x82, 0xc3, 0x5b, 0xff, 0xc1, 0x16, 0x56, 0x22, 0x81, 0x89,
-    0x82, 0x61, 0x50, 0x9a, 0x8e, 0x31, 0x6a, 0x18, 0x37, 0xf3, 0x1a, 0xde,
-    0x7f, 0xac, 0xbd, 0xdf, 0xe1, 0x65, 0xda, 0x85, 0x95, 0x23, 0xe0, 0xe8,
-    0xb6, 0x61, 0xdb, 0xf4, 0x37, 0xa7, 0xa1, 0x56, 0xb2, 0xfc, 0xec, 0x38,
-    0x25, 0x97, 0x40, 0x56, 0x54, 0x22, 0x7b, 0xe6, 0x24, 0x65, 0xc2, 0x5b,
-    0xb7, 0x61, 0x65, 0xc5, 0xda, 0xca, 0x83, 0x60, 0xc3, 0x37, 0xf8, 0x2c,
-    0x59, 0xce, 0x62, 0xca, 0xd8, 0xf4, 0x0e, 0x3f, 0x7d, 0xf0, 0x3f, 0x96,
-    0x5b, 0xeb, 0x29, 0xcd, 0x98, 0x48, 0xaf, 0xf1, 0x67, 0xa2, 0x41, 0xd2,
-    0xca, 0xde, 0x7a, 0x5b, 0xa4, 0x17, 0xff, 0x31, 0xdb, 0x9f, 0x86, 0xd0,
-    0x77, 0x16, 0x54, 0x26, 0x2a, 0xd0, 0xa8, 0x72, 0x7b, 0xf8, 0xb8, 0xdb,
-    0xe0, 0x6b, 0x2f, 0xf8, 0x0c, 0x5e, 0x8e, 0x07, 0xeb, 0x2f, 0xf6, 0xb6,
-    0x6e, 0xdb, 0x58, 0xb2, 0xf1, 0x31, 0xab, 0x2f, 0xcf, 0xad, 0x46, 0xcb,
-    0x2f, 0xef, 0x36, 0x9b, 0xc1, 0x59, 0x53, 0x91, 0xbb, 0x87, 0x07, 0x34,
-    0xf0, 0xe0, 0x85, 0x17, 0xb8, 0xe0, 0x59, 0x50, 0x7d, 0x1e, 0x4c, 0xbf,
-    0x09, 0xfc, 0xeb, 0x8b, 0x2e, 0x7d, 0xc5, 0x94, 0x13, 0xc3, 0x10, 0xaa,
-    0xff, 0xff, 0xfa, 0x3c, 0x4f, 0xdb, 0x72, 0x66, 0xd7, 0x71, 0xcf, 0x47,
-    0x50, 0x26, 0x71, 0x65, 0xfe, 0xe6, 0x6a, 0x37, 0xc6, 0xe2, 0xca, 0xd2,
-    0x2d, 0xbc, 0xff, 0x7f, 0xbf, 0x9d, 0x46, 0x98, 0xeb, 0x2f, 0xbd, 0x07,
-    0x85, 0x97, 0xfe, 0x89, 0xc7, 0x27, 0x35, 0xbe, 0x15, 0x97, 0xff, 0xff,
-    0xfd, 0xcc, 0xf7, 0xdc, 0xfc, 0xd6, 0x9b, 0xaf, 0x3b, 0x9b, 0x99, 0x30,
-    0x7d, 0x06, 0x75, 0x0b, 0x2f, 0xc1, 0x9b, 0x27, 0xf1, 0x65, 0xdf, 0x75,
-    0x95, 0xc4, 0x6c, 0x7a, 0x12, 0xfb, 0xca, 0xef, 0xfb, 0xae, 0x13, 0x1f,
-    0xd9, 0xb8, 0xb2, 0xec, 0xd2, 0xca, 0x83, 0xd2, 0xf9, 0xe5, 0xfd, 0xe2,
-    0x70, 0x61, 0x2c, 0xba, 0x0d, 0x59, 0x7c, 0xe0, 0xc2, 0x59, 0x53, 0x1b,
-    0x72, 0x17, 0xa9, 0xc8, 0x83, 0xf3, 0x15, 0x42, 0xae, 0x11, 0x91, 0xe1,
-    0x9f, 0x64, 0x2f, 0x18, 0xc7, 0xa1, 0x12, 0x18, 0x52, 0x5f, 0xe9, 0x3f,
-    0x4d, 0xba, 0xc3, 0x59, 0x7f, 0xef, 0x37, 0x09, 0xfd, 0x33, 0x8d, 0x65,
-    0xf0, 0x1f, 0xae, 0x2c, 0xb8, 0xc3, 0x16, 0x57, 0x0d, 0xe1, 0x84, 0x77,
-    0xdf, 0x7c, 0xfa, 0x41, 0x66, 0x8a, 0xff, 0xfc, 0x23, 0x1c, 0x3c, 0x81,
-    0x18, 0xf1, 0x34, 0x18, 0xb2, 0xe6, 0xd9, 0x65, 0x42, 0x6e, 0x98, 0x6c,
-    0xd0, 0x9c, 0x73, 0x3d, 0xeb, 0x17, 0xe1, 0x30, 0xed, 0xa5, 0x97, 0xe6,
-    0xd7, 0xb3, 0xb5, 0x97, 0xee, 0xdb, 0x9f, 0x65, 0x97, 0xf7, 0x4d, 0xb1,
-    0xdb, 0x8b, 0x2e, 0x3b, 0xac, 0xbf, 0xde, 0x82, 0xee, 0x78, 0x01, 0xd6,
-    0x54, 0x1f, 0xf7, 0xcb, 0xc2, 0x2d, 0x73, 0x74, 0xb2, 0xf7, 0xe0, 0x0b,
-    0x2f, 0x6e, 0xee, 0xc2, 0xcb, 0xfe, 0x1f, 0xdb, 0x4d, 0xd4, 0xd0, 0xb2,
-    0x9c, 0xf7, 0x02, 0x45, 0x74, 0xf7, 0xbd, 0x65, 0x62, 0x7e, 0x46, 0x94,
-    0x74, 0x50, 0xd0, 0xa6, 0xd1, 0x73, 0x8b, 0x93, 0xc7, 0x88, 0x6f, 0x7e,
-    0x76, 0xe2, 0xcb, 0xc5, 0xdb, 0x2c, 0xbf, 0x7e, 0x0b, 0x36, 0x59, 0x50,
-    0x7c, 0xac, 0x44, 0xe3, 0x97, 0xe6, 0xd9, 0xc2, 0x4b, 0x2f, 0xe8, 0xf0,
-    0x4e, 0x1f, 0x2c, 0xbf, 0xd0, 0x5f, 0x70, 0x06, 0x65, 0x95, 0xf3, 0xe1,
-    0xdd, 0x2e, 0xa8, 0x6e, 0x51, 0xb6, 0x86, 0xac, 0xa3, 0x52, 0x1c, 0x61,
-    0x39, 0x08, 0x53, 0x61, 0x4d, 0xd4, 0x71, 0x4c, 0x51, 0xb9, 0x0c, 0x29,
-    0xa3, 0xfd, 0xd4, 0x7b, 0x27, 0x8c, 0xcb, 0xf1, 0xe8, 0x39, 0x98, 0x23,
-    0x73, 0x15, 0xb2, 0x14, 0xbb, 0xae, 0x47, 0xd1, 0xe9, 0x48, 0x1b, 0xe1,
-    0xb4, 0x21, 0x66, 0xec, 0x22, 0x2f, 0xb5, 0x9e, 0xc5, 0x97, 0xfb, 0xbf,
-    0xb7, 0xb8, 0xfd, 0x2c, 0xbd, 0x9a, 0xde, 0xb2, 0xf6, 0x84, 0x99, 0x65,
-    0xc7, 0xfa, 0xca, 0x63, 0x6d, 0xc1, 0xfb, 0xff, 0x10, 0x0e, 0xf2, 0x28,
-    0xf7, 0x16, 0x5d, 0x98, 0xb2, 0xfb, 0xbf, 0xb0, 0x8b, 0x2b, 0x13, 0x40,
-    0x34, 0x85, 0x8d, 0x7e, 0xa8, 0xe4, 0x02, 0xb3, 0xd1, 0x05, 0x6f, 0xd3,
-    0x44, 0xdf, 0x85, 0x97, 0xff, 0x8b, 0xdc, 0x13, 0xcc, 0x41, 0x96, 0x71,
-    0x65, 0xc2, 0x42, 0xcb, 0xfb, 0xf9, 0x33, 0x96, 0xcb, 0x2f, 0x18, 0x61,
-    0x89, 0x2f, 0xa5, 0xec, 0xed, 0x20, 0xb3, 0x41, 0x7e, 0xc1, 0xb0, 0x38,
-    0xbb, 0xbf, 0x95, 0x39, 0x16, 0xfa, 0x4e, 0x23, 0x5b, 0xb9, 0x25, 0x97,
-    0xb8, 0xe0, 0x59, 0x50, 0x6c, 0xfa, 0x17, 0xbd, 0x87, 0x9f, 0x59, 0x50,
-    0x9f, 0x2e, 0x14, 0xe9, 0x29, 0xe1, 0x9c, 0x06, 0x42, 0x21, 0xbe, 0x38,
-    0xf0, 0x96, 0x5d, 0xee, 0x2c, 0xbf, 0xfc, 0x3c, 0xc3, 0x67, 0x67, 0x9b,
-    0x9f, 0x65, 0x97, 0xfb, 0xdf, 0x8f, 0x73, 0xec, 0xb2, 0xe7, 0x92, 0xcb,
-    0xf4, 0xec, 0x99, 0xb6, 0x59, 0x53, 0x8f, 0xd0, 0xe6, 0x7c, 0x16, 0xb7,
-    0x16, 0x5f, 0xef, 0x75, 0x2f, 0xc1, 0x6c, 0x92, 0xff, 0xd9, 0xd4, 0x9b,
-    0x08, 0xb0, 0x6b, 0x2f, 0x8e, 0x1e, 0xbc, 0xb2, 0xfb, 0x3f, 0x1b, 0xd6,
-    0x56, 0xc7, 0x8f, 0xc2, 0x4a, 0x84, 0xfc, 0xf6, 0x17, 0xea, 0x17, 0xfa,
-    0x31, 0x21, 0x1e, 0x1a, 0xfa, 0x10, 0x77, 0xfb, 0xbf, 0xb0, 0xe1, 0xf4,
-    0xb2, 0xf3, 0x71, 0x96, 0x59, 0x96, 0x5f, 0x38, 0x8e, 0x35, 0x97, 0xa3,
-    0x46, 0xac, 0xb4, 0xbe, 0x7d, 0x4e, 0x36, 0x11, 0x03, 0x08, 0xaf, 0xff,
-    0xf0, 0xff, 0x9e, 0xf3, 0x97, 0x7c, 0x8d, 0x3c, 0xcd, 0xf5, 0x94, 0x34,
-    0xd0, 0x3a, 0x84, 0xeb, 0x21, 0x5f, 0xf1, 0x41, 0x9c, 0x62, 0xea, 0x4b,
-    0x2f, 0xff, 0xfd, 0xc0, 0x36, 0x87, 0x85, 0xf6, 0xef, 0xed, 0xe3, 0x60,
-    0xa4, 0xb2, 0xe8, 0xed, 0x65, 0x12, 0x2f, 0x3c, 0x73, 0xbd, 0xb2, 0xf0,
-    0x91, 0xb8, 0xb2, 0xef, 0xb2, 0xcb, 0x01, 0x65, 0x1a, 0x69, 0xc8, 0x5a,
-    0xb6, 0x3e, 0x86, 0x47, 0xbf, 0xef, 0x7d, 0xa0, 0x1b, 0x70, 0xd5, 0x97,
-    0xe2, 0x83, 0x30, 0x96, 0x5f, 0xf7, 0xfa, 0x83, 0x66, 0x94, 0x6e, 0x2c,
-    0xb7, 0x06, 0x7c, 0xb8, 0x4d, 0x5a, 0x47, 0x49, 0x11, 0x7a, 0x14, 0x14,
-    0xb2, 0xfd, 0x2d, 0x34, 0x1d, 0x65, 0xe1, 0x3a, 0x31, 0x65, 0x6c, 0x7a,
-    0x5d, 0x05, 0xf0, 0x9e, 0xa1, 0x73, 0x6b, 0x23, 0xaf, 0x68, 0x79, 0x3c,
-    0x70, 0x41, 0x84, 0x35, 0xe6, 0x04, 0x2c, 0xbe, 0x96, 0x79, 0x96, 0x54,
-    0xe3, 0x79, 0xd0, 0xdd, 0xfe, 0x97, 0xe3, 0xaf, 0x47, 0xd6, 0x5f, 0xfe,
-    0x97, 0x83, 0xfd, 0x41, 0x92, 0x60, 0x62, 0xcb, 0x9c, 0xeb, 0x2b, 0xb4,
-    0x5c, 0xf4, 0x48, 0x46, 0x9b, 0xd2, 0xef, 0xff, 0xde, 0x7d, 0x63, 0x03,
-    0x99, 0xf6, 0xd7, 0xdd, 0x65, 0xff, 0x7d, 0xb5, 0x31, 0x44, 0x74, 0xb2,
-    0xf4, 0x10, 0xd6, 0x5f, 0xba, 0xe4, 0xd9, 0xe5, 0x95, 0x89, 0x88, 0xf4,
-    0x80, 0xca, 0x7f, 0x39, 0x21, 0xbb, 0xf9, 0xbc, 0x4e, 0x0e, 0x2c, 0xbf,
-    0x41, 0xfd, 0x9f, 0x59, 0x7c, 0x24, 0x14, 0xcb, 0x2f, 0xb8, 0xd1, 0xda,
-    0xcb, 0xff, 0xa6, 0xcd, 0x63, 0x9e, 0x3e, 0xc3, 0x59, 0x58, 0x7c, 0xbe,
-    0x22, 0xbf, 0x82, 0x7c, 0xff, 0x4e, 0xb2, 0x8d, 0x4c, 0xab, 0xb2, 0xcf,
-    0x93, 0x94, 0x22, 0x38, 0x43, 0x7f, 0xf9, 0x86, 0x4f, 0xd1, 0x67, 0xb1,
-    0x80, 0xb2, 0xfb, 0x6d, 0x9f, 0x71, 0x65, 0xf7, 0x63, 0x0e, 0xcb, 0x2f,
-    0x4b, 0x81, 0x59, 0x7f, 0x17, 0x9b, 0xf2, 0x25, 0x97, 0xff, 0xff, 0xef,
-    0xc6, 0x6d, 0x26, 0xf7, 0x23, 0x58, 0x2d, 0x81, 0x11, 0xbe, 0x20, 0xbb,
-    0x59, 0x6f, 0x62, 0x3c, 0xbe, 0x4a, 0xe3, 0xbc, 0x2c, 0xbc, 0x61, 0x86,
-    0x2c, 0xbf, 0xfe, 0x3e, 0x75, 0xe2, 0xcd, 0x8f, 0x87, 0xc2, 0x48, 0x2c,
-    0xd0, 0x54, 0x23, 0x09, 0x98, 0x6f, 0xb6, 0xcf, 0xba, 0xcb, 0xfd, 0xa2,
-    0x73, 0x33, 0xee, 0xb2, 0xff, 0xde, 0x8f, 0x73, 0x1f, 0x5f, 0xc5, 0x97,
-    0xef, 0xbe, 0xb3, 0x4b, 0x2f, 0xfe, 0xd8, 0x83, 0xb0, 0x79, 0xee, 0x61,
-    0x8b, 0x2f, 0xdd, 0x76, 0xc5, 0xb2, 0xcb, 0xfd, 0xf8, 0x94, 0xd2, 0x72,
-    0x59, 0x5e, 0x3d, 0xd1, 0x0a, 0xaa, 0x11, 0x90, 0xf0, 0xa5, 0xb8, 0x2e,
-    0xb2, 0x86, 0x9c, 0xd6, 0x19, 0x76, 0x7b, 0xf8, 0x77, 0x91, 0x35, 0xff,
-    0x00, 0xb3, 0xb6, 0xcf, 0x71, 0x65, 0xef, 0x40, 0xd6, 0x5f, 0x4b, 0xc1,
-    0x1a, 0xcb, 0xf4, 0x34, 0x9f, 0x8b, 0x2a, 0x0f, 0x97, 0xa1, 0xcd, 0x11,
-    0xdf, 0xd9, 0xef, 0x86, 0x3a, 0x59, 0x7d, 0xe6, 0xd6, 0x2c, 0xbe, 0xeb,
-    0x8c, 0x68, 0xcf, 0x3f, 0x0b, 0xab, 0x64, 0xe9, 0x34, 0x9e, 0x50, 0x9d,
-    0xf3, 0xf5, 0xfe, 0xce, 0x16, 0x6f, 0xfb, 0x2c, 0xbf, 0xf1, 0xe3, 0xa2,
-    0xc0, 0x72, 0x37, 0x16, 0x56, 0x8f, 0xd0, 0xe6, 0x77, 0xf8, 0x65, 0x9b,
-    0xdb, 0x4e, 0xb2, 0x85, 0x0b, 0x8d, 0x91, 0x2d, 0x81, 0xa1, 0x6e, 0x12,
-    0x2b, 0xf6, 0xdb, 0x8d, 0x9d, 0x2c, 0xbf, 0x37, 0x23, 0x63, 0xae, 0xcf,
-    0xd5, 0xfa, 0x1f, 0x40, 0x0a, 0xec, 0xfd, 0x5c, 0xf2, 0x5d, 0x9f, 0xab,
-    0xe0, 0xcb, 0x38, 0xbb, 0x3f, 0x54, 0x33, 0xd2, 0x22, 0x3b, 0xf4, 0x67,
-    0x30, 0x97, 0x67, 0xea, 0x97, 0x67, 0xea, 0xe7, 0xf2, 0xec, 0xfd, 0x1c,
-    0xb8, 0xb4, 0x88, 0xff, 0x02, 0x95, 0x7d, 0x93, 0xec, 0x05, 0xd9, 0xfa,
-    0xa5, 0xd9, 0xfa, 0xb8, 0x10, 0xbb, 0x3f, 0x57, 0xfd, 0x80, 0x7d, 0x66,
-    0xfc, 0x1a, 0xec, 0xfd, 0x5f, 0xd9, 0xf6, 0xe0, 0x76, 0x5d, 0x9f, 0xaa,
-    0x02, 0x29, 0x08, 0x8f, 0x88, 0xd7, 0xda, 0xda, 0x3c, 0xbb, 0x3f, 0x54,
-    0xbb, 0x3f, 0x58, 0x6c, 0x2e, 0x30, 0xc5, 0xd9, 0xfa, 0xa9, 0x2b, 0x18,
-    0x19, 0xae, 0x42, 0x1b, 0xa8, 0x4e, 0xe8, 0x9c, 0xe6, 0x3c, 0x85, 0xe7,
-    0x97, 0xcc, 0x27, 0xba, 0x0d, 0x4d, 0x9f, 0xa0, 0xb4, 0x48, 0x5f, 0xf6,
-    0xd1, 0xbf, 0x1b, 0x59, 0xb2, 0xcb, 0xff, 0x9f, 0xfd, 0xfd, 0x89, 0xf4,
-    0xf2, 0x59, 0x52, 0x45, 0xbe, 0x8e, 0x7c, 0x77, 0x7f, 0x46, 0x09, 0x12,
-    0x92, 0xcb, 0xfd, 0xcc, 0x94, 0xa3, 0xdd, 0x2c, 0xbf, 0xe8, 0xd0, 0x3c,
-    0xce, 0x6c, 0x96, 0x56, 0x23, 0x28, 0x8c, 0x38, 0x5a, 0x21, 0xa5, 0xff,
-    0xb3, 0xb1, 0xe6, 0x8c, 0x7f, 0xcc, 0xb2, 0x96, 0x5f, 0xf8, 0xb2, 0x68,
-    0xd8, 0x0f, 0xd7, 0x16, 0x54, 0x1e, 0x5f, 0x02, 0xee, 0x96, 0xc9, 0x2f,
-    0xa6, 0x77, 0xd2, 0xca, 0xd9, 0x32, 0x3e, 0x8f, 0x3f, 0x08, 0xc2, 0x21,
-    0xdd, 0x18, 0xbe, 0x28, 0x9b, 0x8b, 0x2e, 0x6d, 0x96, 0x56, 0x97, 0xc1,
-    0x5e, 0x79, 0xe0, 0x95, 0x3c, 0x45, 0x74, 0xf9, 0xab, 0x2f, 0xee, 0x14,
-    0x7c, 0x3a, 0x59, 0x7f, 0x70, 0xb3, 0xd8, 0x05, 0x95, 0xd1, 0xec, 0x9c,
-    0xb6, 0xff, 0xa6, 0x2c, 0xdf, 0xfe, 0x9f, 0x71, 0x65, 0xfd, 0xec, 0xfc,
-    0x68, 0x0b, 0x2f, 0xb4, 0xd9, 0xbd, 0x65, 0xfb, 0x39, 0x9d, 0x79, 0x65,
-    0xf1, 0xe0, 0x8d, 0x9c, 0x79, 0x6e, 0x47, 0x7f, 0xda, 0x63, 0xf0, 0x48,
-    0xc9, 0x96, 0x5f, 0xf7, 0x70, 0x01, 0x85, 0xf5, 0x25, 0x97, 0xfe, 0x77,
-    0xdb, 0x0e, 0xe5, 0xd4, 0x96, 0x5e, 0x73, 0x79, 0x87, 0xf1, 0x31, 0xd5,
-    0xfe, 0xf7, 0xf0, 0xe2, 0x40, 0x16, 0x5f, 0xa7, 0xa3, 0x74, 0xfd, 0xac,
-    0xb7, 0xe7, 0x1f, 0x1c, 0xf3, 0x34, 0xbf, 0xfd, 0x1c, 0xc3, 0xc7, 0x6f,
-    0x83, 0x6d, 0xeb, 0x2b, 0x0f, 0xe8, 0x8c, 0x2c, 0x64, 0xe5, 0x52, 0xb8,
-    0xf1, 0xa3, 0xa2, 0x85, 0x97, 0xa3, 0x11, 0xa9, 0xca, 0xf2, 0x61, 0xd3,
-    0x08, 0xde, 0x56, 0xa5, 0xf3, 0x1a, 0xc6, 0x2c, 0xbe, 0xf7, 0xf3, 0x65,
-    0x94, 0x73, 0xc6, 0x22, 0x3b, 0x86, 0x62, 0xcb, 0xfc, 0x31, 0x37, 0xbb,
-    0x97, 0x6b, 0x2a, 0x0f, 0xbf, 0x08, 0x58, 0x62, 0xf1, 0xc1, 0xa5, 0x97,
-    0x78, 0x96, 0x5f, 0x9f, 0xd3, 0xf9, 0xc5, 0x97, 0x88, 0x1d, 0xac, 0xa1,
-    0x9e, 0xef, 0xc5, 0xb8, 0x55, 0x7f, 0xfb, 0xaf, 0x7d, 0x84, 0x1e, 0x61,
-    0x71, 0x96, 0x5f, 0xff, 0xa5, 0xa8, 0xde, 0xf3, 0x40, 0xff, 0x07, 0x79,
-    0x96, 0x5f, 0xed, 0xd7, 0xe3, 0x72, 0x6c, 0x59, 0x7f, 0xfa, 0x34, 0x0c,
-    0xde, 0xde, 0x8c, 0x29, 0x2c, 0xa9, 0xc9, 0xe5, 0x0b, 0x7a, 0xc2, 0xfe,
-    0x92, 0xb4, 0xb0, 0x21, 0xb5, 0xbc, 0xb2, 0xfd, 0x9c, 0xe1, 0xfa, 0x59,
-    0x74, 0x75, 0x38, 0xdd, 0x40, 0x8d, 0xe6, 0x29, 0x2c, 0xa8, 0x74, 0x2a,
-    0x3b, 0x2c, 0xca, 0x7b, 0xbb, 0x25, 0x32, 0xb4, 0x6e, 0x7b, 0x8a, 0x33,
-    0x23, 0xea, 0x3d, 0xbf, 0xce, 0x46, 0xbc, 0xfa, 0x99, 0x4e, 0x07, 0xf2,
-    0x1f, 0x41, 0x8f, 0xd8, 0xc8, 0x4b, 0xee, 0x97, 0x5f, 0xbe, 0x78, 0x9e,
-    0x31, 0x65, 0xfe, 0xee, 0x3d, 0xf8, 0xdf, 0x8b, 0x2e, 0xdb, 0x16, 0x5b,
-    0xbc, 0x3c, 0xc0, 0x1a, 0xd2, 0xcb, 0x3e, 0x8d, 0x99, 0xca, 0x2f, 0xec,
-    0x3c, 0xce, 0xf2, 0x59, 0x7f, 0xff, 0x3f, 0xe2, 0x42, 0xf0, 0x11, 0x2e,
-    0x0f, 0xf1, 0xa5, 0x96, 0x61, 0xa2, 0x27, 0xe5, 0xb7, 0xfe, 0x36, 0x3a,
-    0x28, 0xff, 0xc3, 0xda, 0xcb, 0xff, 0xb5, 0x18, 0x59, 0x26, 0xfe, 0x6f,
-    0x59, 0x7d, 0x9a, 0x63, 0x56, 0x5f, 0xbe, 0xdc, 0x89, 0x2c, 0xbf, 0xfc,
-    0xe6, 0xf3, 0x37, 0xc7, 0x5e, 0xe0, 0x4e, 0xb2, 0x9c, 0xfd, 0x48, 0x9e,
-    0x86, 0x8f, 0xa3, 0xa1, 0x94, 0x25, 0xef, 0xfe, 0x2c, 0x3b, 0xca, 0x7c,
-    0x23, 0x6f, 0xac, 0xbf, 0xc5, 0x1e, 0xea, 0x67, 0x3a, 0xcb, 0xf7, 0x83,
-    0xec, 0x1a, 0xcb, 0x62, 0xca, 0x73, 0x71, 0xbc, 0xa2, 0xff, 0xef, 0xe7,
-    0x39, 0x93, 0xba, 0x96, 0x79, 0x65, 0x49, 0x31, 0xb3, 0xa3, 0x13, 0x67,
-    0x88, 0xaf, 0xda, 0x03, 0xe0, 0x16, 0x5f, 0xd9, 0xba, 0xde, 0x69, 0x2c,
-    0xbe, 0xfc, 0x6d, 0xcc, 0x3d, 0x6f, 0x93, 0xdf, 0xc4, 0xe6, 0xfd, 0xe4,
-    0xb2, 0xff, 0xc7, 0x2c, 0xf1, 0x47, 0x6d, 0x25, 0x97, 0xff, 0xf7, 0xa3,
-    0xe5, 0x9e, 0xfb, 0x4e, 0x3e, 0x79, 0xfc, 0xb2, 0x96, 0x53, 0x1f, 0x36,
-    0x96, 0xe9, 0x91, 0x88, 0xf0, 0xa3, 0xbf, 0x77, 0x87, 0x8e, 0x2c, 0xbc,
-    0x61, 0x86, 0x24, 0xbc, 0x24, 0x01, 0x20, 0xb3, 0x41, 0x7f, 0xcf, 0x21,
-    0x35, 0x9b, 0xdf, 0x4b, 0x2d, 0xa5, 0x97, 0xf8, 0xa2, 0x46, 0xeb, 0x38,
-    0xb2, 0xff, 0xc4, 0x59, 0xb4, 0xd2, 0x8d, 0x6c, 0xb2, 0xf7, 0xf2, 0x50,
-    0x88, 0x4c, 0x11, 0x10, 0xce, 0x89, 0x1f, 0xfe, 0x85, 0xfd, 0xfe, 0x29,
-    0x31, 0xf3, 0xaf, 0x2c, 0xbe, 0xeb, 0xb6, 0x25, 0x94, 0xe7, 0xad, 0xe3,
-    0x3a, 0x59, 0x70, 0x22, 0x46, 0xb0, 0x56, 0x43, 0x7e, 0x9d, 0x1d, 0xe6,
-    0x96, 0x5f, 0xff, 0xf3, 0x7b, 0xef, 0x21, 0x79, 0xf7, 0xe8, 0x1e, 0x28,
-    0x3f, 0x16, 0x5f, 0xfa, 0x74, 0x10, 0x4f, 0x06, 0x47, 0x16, 0x5b, 0x06,
-    0x8d, 0x2f, 0x95, 0x13, 0x45, 0xff, 0x79, 0xcb, 0x39, 0xa8, 0xe2, 0xcb,
-    0xe9, 0x40, 0x3a, 0x59, 0x7f, 0xff, 0x9d, 0xbd, 0x12, 0x6d, 0x6c, 0x10,
-    0x4f, 0xcf, 0xe0, 0xd9, 0x65, 0xff, 0xff, 0x3e, 0xf6, 0xde, 0x41, 0xe0,
-    0x85, 0x03, 0xfb, 0xcb, 0x38, 0xb2, 0xfe, 0x04, 0x16, 0x75, 0xe5, 0x97,
-    0x38, 0x27, 0x26, 0x3f, 0xf2, 0x32, 0x66, 0x11, 0xa6, 0xff, 0xf0, 0x85,
-    0x31, 0xae, 0x3f, 0xe7, 0x79, 0xa5, 0x94, 0xca, 0xc9, 0x3f, 0x18, 0x13,
-    0x9a, 0x14, 0x6a, 0xdc, 0x4b, 0xbd, 0xe9, 0x32, 0xcb, 0xdb, 0xe3, 0x4b,
-    0x2f, 0x07, 0x3e, 0xb2, 0xb6, 0x65, 0x99, 0x4a, 0x15, 0xe3, 0x28, 0xc8,
-    0xce, 0xda, 0x34, 0xf9, 0xa1, 0x26, 0x73, 0x9f, 0xc3, 0xc5, 0xc9, 0x80,
-    0x90, 0x51, 0x97, 0x7a, 0x5e, 0x68, 0x55, 0x77, 0x8e, 0x18, 0x3d, 0x73,
-    0x6c, 0xb2, 0xff, 0x17, 0x63, 0x6d, 0xf0, 0x35, 0x94, 0x33, 0xcc, 0x08,
-    0xbd, 0xff, 0xf6, 0x36, 0xbf, 0x0d, 0xee, 0x31, 0x75, 0x25, 0x97, 0xf6,
-    0x77, 0xe9, 0xfc, 0xfa, 0xca, 0x59, 0x5f, 0x37, 0x80, 0x31, 0xbf, 0xfa,
-    0x6f, 0xc6, 0xc2, 0x7b, 0xe1, 0x79, 0x2c, 0xbf, 0x1a, 0x19, 0x38, 0xd6,
-    0x5f, 0xe8, 0xdc, 0x9d, 0xf7, 0xcd, 0x2c, 0xbd, 0x9a, 0x85, 0x97, 0xdf,
-    0xfe, 0x74, 0xb2, 0xec, 0x3c, 0xf9, 0xbe, 0x10, 0x6e, 0xb1, 0x14, 0xa4,
-    0xeb, 0x6d, 0xc5, 0x96, 0x99, 0x65, 0x8e, 0xb2, 0x98, 0xd1, 0xb8, 0x95,
-    0x1a, 0x7a, 0xc7, 0x37, 0xbf, 0x60, 0x39, 0x12, 0x59, 0x7e, 0x63, 0x8c,
-    0x78, 0xb2, 0xc0, 0x23, 0xce, 0x9f, 0x27, 0xbf, 0xef, 0x7f, 0x39, 0x3b,
-    0xcd, 0xb2, 0xcb, 0xfb, 0x26, 0xcd, 0x0d, 0x96, 0x54, 0x22, 0x4d, 0x8a,
-    0x88, 0xf2, 0xff, 0x89, 0x82, 0x2b, 0xe4, 0xfc, 0x79, 0x65, 0xfe, 0x06,
-    0x9b, 0x3e, 0x1e, 0x2c, 0xbd, 0x9d, 0x1d, 0x65, 0xfd, 0x80, 0xdd, 0xf3,
-    0x1d, 0x65, 0x42, 0x20, 0x08, 0xcf, 0xc3, 0xb7, 0xff, 0x3f, 0xb4, 0x13,
-    0x73, 0xcc, 0x0e, 0x2c, 0xbc, 0xfa, 0x02, 0xca, 0xd9, 0x72, 0xde, 0x50,
-    0x8a, 0x19, 0x0b, 0x24, 0x4d, 0x0c, 0xe3, 0xbb, 0xfe, 0x30, 0x42, 0x2d,
-    0xf4, 0x2f, 0xcc, 0x2e, 0x9f, 0x45, 0xbe, 0xcf, 0x09, 0xb2, 0xcb, 0xf1,
-    0x43, 0x75, 0x25, 0x97, 0x8c, 0x30, 0xc4, 0xc4, 0x20, 0x5f, 0x76, 0xef,
-    0xda, 0x62, 0x10, 0x05, 0x9a, 0xeb, 0xe7, 0xd6, 0x18, 0xb2, 0xb4, 0x7c,
-    0xbb, 0xd0, 0xef, 0x18, 0x61, 0x89, 0x88, 0x3c, 0xa4, 0xc4, 0x1e, 0x0b,
-    0x35, 0xd7, 0xf7, 0x9c, 0xe7, 0x83, 0xac, 0xbf, 0x3f, 0x9c, 0x80, 0xb2,
-    0xfe, 0xcf, 0x7c, 0x2f, 0x25, 0x97, 0x8c, 0x30, 0xc5, 0x97, 0xb9, 0x06,
-    0xa4, 0x16, 0x68, 0x2a, 0x15, 0x03, 0x64, 0x2e, 0xbb, 0x52, 0xe8, 0xaf,
-    0xe5, 0xa4, 0x4d, 0xe4, 0xda, 0xdc, 0x55, 0x28, 0x79, 0x45, 0x57, 0x8c,
-    0x82, 0x59, 0x7f, 0xff, 0xf4, 0x16, 0xdc, 0xfb, 0x9c, 0xef, 0x21, 0x0b,
-    0x7e, 0x0f, 0x3a, 0xf2, 0xcb, 0xff, 0xbf, 0x12, 0x6f, 0x67, 0xfb, 0x83,
-    0xac, 0xa8, 0x4c, 0x11, 0xcb, 0xf8, 0x39, 0xbd, 0xd6, 0xff, 0xdf, 0x69,
-    0x89, 0xcc, 0xf6, 0x7d, 0x65, 0xd1, 0xc5, 0x95, 0xd9, 0xea, 0xf8, 0xfe,
-    0xff, 0xdf, 0x61, 0xc1, 0x7b, 0x3a, 0xf2, 0xcb, 0xfc, 0x50, 0x7e, 0x70,
-    0x24, 0xb2, 0xbb, 0x3f, 0x0e, 0x1f, 0x5f, 0xfd, 0xf6, 0xd7, 0xdf, 0x38,
-    0xcf, 0xb2, 0xcb, 0xff, 0x47, 0xb3, 0x59, 0xcc, 0xeb, 0xcb, 0x2b, 0x11,
-    0x02, 0x48, 0x77, 0xfe, 0xd8, 0xf8, 0x7c, 0x2f, 0x67, 0x6b, 0x2f, 0xa3,
-    0xd0, 0x75, 0x97, 0xfb, 0x09, 0x8d, 0x9d, 0xdf, 0xd6, 0x50, 0xa1, 0x3e,
-    0xee, 0xa1, 0x26, 0x78, 0x52, 0x11, 0x0f, 0x8f, 0xcc, 0x21, 0xbf, 0xef,
-    0xc1, 0x77, 0xd7, 0x1f, 0x71, 0x65, 0xed, 0xd8, 0xd9, 0x65, 0xf1, 0x07,
-    0x62, 0x59, 0x79, 0xba, 0x92, 0xca, 0x91, 0xbf, 0x01, 0x15, 0xfc, 0x3e,
-    0x61, 0xe3, 0x71, 0x65, 0xe0, 0xb8, 0x8b, 0x2e, 0xdb, 0xa5, 0x96, 0x71,
-    0x9b, 0x60, 0x0e, 0xd4, 0x93, 0x49, 0x19, 0xef, 0x4b, 0xee, 0x42, 0x63,
-    0x35, 0xfe, 0xe7, 0xf3, 0x9e, 0xce, 0xd6, 0x5f, 0x8b, 0xdf, 0xc9, 0x2c,
-    0xbc, 0xd0, 0x6a, 0xca, 0x63, 0xf7, 0x73, 0x42, 0x27, 0xbf, 0xec, 0x28,
-    0xff, 0xe0, 0xc6, 0x59, 0x7d, 0xdf, 0xd8, 0xc5, 0x97, 0x84, 0x80, 0x2c,
-    0xbf, 0xff, 0xff, 0xe9, 0xc5, 0x86, 0xb7, 0xff, 0x9b, 0x93, 0xa3, 0xb7,
-    0x12, 0x76, 0x16, 0xcd, 0xa6, 0x08, 0xaf, 0x16, 0x56, 0xc9, 0xa2, 0x9a,
-    0x59, 0xd1, 0xb9, 0xc9, 0x0c, 0x1d, 0xbf, 0x77, 0x1f, 0x83, 0xa4, 0xbf,
-    0x13, 0x91, 0x62, 0x4b, 0xb3, 0xb4, 0x97, 0x18, 0x62, 0x4a, 0xc3, 0xfc,
-    0xe1, 0x47, 0x89, 0x0c, 0x17, 0xbf, 0xc4, 0x24, 0x03, 0xf9, 0xba, 0x90,
-    0x59, 0xbc, 0xbf, 0xfd, 0xb0, 0xf4, 0xfd, 0x96, 0x6f, 0xd3, 0x71, 0x65,
-    0x42, 0xea, 0xa6, 0x47, 0x60, 0xd2, 0x82, 0x1e, 0x30, 0x70, 0xa4, 0x5f,
-    0xfd, 0xf8, 0x07, 0xbf, 0x92, 0xfb, 0x6f, 0x59, 0x7f, 0xf4, 0x03, 0x99,
-    0x83, 0x72, 0x73, 0x56, 0x5f, 0xf7, 0xb8, 0xfd, 0x34, 0x75, 0xe5, 0x97,
-    0xfc, 0x40, 0xfb, 0xfb, 0xcc, 0x05, 0x97, 0xff, 0xef, 0xb6, 0xf6, 0x21,
-    0xf2, 0x34, 0xd9, 0xd7, 0x16, 0x5f, 0xec, 0xdf, 0x05, 0xe9, 0x0a, 0xd6,
-    0x5f, 0xee, 0xdb, 0x98, 0x39, 0x0a, 0xd6, 0x5f, 0xec, 0xc2, 0x89, 0x48,
-    0x56, 0xb2, 0xfe, 0x28, 0xcd, 0x38, 0x16, 0x5f, 0xfa, 0x35, 0xf8, 0x6f,
-    0xc1, 0x32, 0xcb, 0xa5, 0xcc, 0x4e, 0x67, 0xb3, 0x8d, 0x2b, 0x7c, 0xe0,
-    0x8e, 0x3c, 0x6a, 0x61, 0x5d, 0xfe, 0x82, 0xc3, 0xb7, 0x52, 0x59, 0x7f,
-    0xbf, 0x19, 0x28, 0xc0, 0x2c, 0xbf, 0xfc, 0x59, 0xd0, 0x1f, 0x8f, 0xa6,
-    0xe8, 0x0b, 0x28, 0x67, 0xf7, 0xc3, 0x1a, 0x92, 0xb1, 0x3e, 0xa3, 0xd3,
-    0xf3, 0x89, 0x90, 0xad, 0xbf, 0xde, 0xfb, 0xc8, 0xa0, 0xeb, 0x2f, 0xbd,
-    0xc0, 0xf1, 0x65, 0x49, 0x70, 0xf3, 0xe8, 0xcf, 0x2d, 0x54, 0x93, 0x38,
-    0x65, 0x7b, 0x78, 0x87, 0x59, 0x7d, 0xfd, 0xb0, 0xc5, 0x97, 0xc3, 0x09,
-    0x49, 0x65, 0xb8, 0xe7, 0x8c, 0x21, 0x25, 0xfb, 0xb1, 0xe3, 0x81, 0x65,
-    0x85, 0x5a, 0xcb, 0xff, 0x67, 0x3d, 0x2c, 0x34, 0xb0, 0x0b, 0x2f, 0x0f,
-    0x09, 0x65, 0x0a, 0x4f, 0xc1, 0xc5, 0xf7, 0x4f, 0xa9, 0x91, 0x9a, 0x18,
-    0x4c, 0x5f, 0x37, 0xce, 0xeb, 0x2f, 0xfc, 0x60, 0xf5, 0x1f, 0x71, 0xc8,
-    0xeb, 0x2f, 0xff, 0xde, 0xe7, 0x53, 0x87, 0x83, 0x87, 0xd6, 0x10, 0x16,
-    0x5f, 0xff, 0xfa, 0x77, 0xa5, 0x80, 0x9f, 0xc9, 0xc3, 0xc1, 0xc3, 0xeb,
-    0x08, 0x08, 0x42, 0xff, 0xec, 0xf4, 0xee, 0xfe, 0xdf, 0xfb, 0x01, 0x50,
-    0x85, 0xaa, 0x48, 0xc9, 0xe3, 0xad, 0xe8, 0xd8, 0x5f, 0x13, 0x43, 0xf4,
-    0x64, 0x17, 0xd9, 0xdb, 0xf6, 0xb2, 0xfc, 0x7e, 0x18, 0xfd, 0x2c, 0xa1,
-    0xa2, 0x2f, 0xc7, 0xc2, 0x11, 0xd4, 0x2a, 0x60, 0xe8, 0x87, 0x92, 0x83,
-    0xaf, 0xec, 0x9a, 0x4d, 0xae, 0x2c, 0xbf, 0x6d, 0x1e, 0x69, 0x96, 0x5f,
-    0x09, 0xc8, 0xc5, 0x95, 0xd9, 0xe5, 0xf4, 0x53, 0x7d, 0xc9, 0xda, 0xc5,
-    0x97, 0xdf, 0xed, 0xb8, 0xb2, 0xa0, 0xfa, 0xdc, 0x93, 0xc4, 0x97, 0xff,
-    0xfc, 0x20, 0xff, 0x12, 0xf6, 0x61, 0x9c, 0x2c, 0xf7, 0x9b, 0x65, 0x96,
-    0xc5, 0x96, 0x7d, 0x8f, 0xe3, 0x7b, 0x45, 0xe6, 0x2c, 0x59, 0x7e, 0xd6,
-    0x9c, 0x10, 0xb2, 0xa4, 0x78, 0x2e, 0x35, 0x42, 0x97, 0x52, 0x6d, 0x14,
-    0xbd, 0xd1, 0xc6, 0x8b, 0x93, 0x9b, 0x2d, 0x38, 0x99, 0xa9, 0xfd, 0x57,
-    0x9c, 0x98, 0x02, 0x90, 0xad, 0x98, 0xa1, 0xeb, 0xc9, 0x50, 0xfe, 0x39,
-    0x0c, 0x39, 0x0c, 0x85, 0x28, 0x8d, 0x77, 0x4f, 0x73, 0xc2, 0xcb, 0xc6,
-    0x18, 0x62, 0x4b, 0xce, 0x43, 0x48, 0x2c, 0xd0, 0x5f, 0x66, 0xb3, 0xcb,
-    0x28, 0x07, 0x9d, 0xc2, 0xdb, 0xef, 0xb3, 0xc9, 0x65, 0xfe, 0x2c, 0xff,
-    0x8a, 0x00, 0xb2, 0xff, 0xf0, 0x84, 0x59, 0xb4, 0x75, 0x29, 0x41, 0xd6,
-    0x5e, 0x28, 0x92, 0xcb, 0xed, 0x69, 0x8e, 0xb2, 0xdc, 0x19, 0xbd, 0x61,
-    0xba, 0x92, 0x2b, 0xbd, 0x08, 0x8b, 0xc7, 0xd8, 0x6b, 0x2b, 0x64, 0xc9,
-    0x4a, 0x1b, 0xfe, 0x28, 0xbf, 0x6b, 0x3b, 0x8f, 0xac, 0xbd, 0x38, 0xd9,
-    0xf5, 0x97, 0xbc, 0xe3, 0x59, 0x5a, 0x37, 0xfc, 0x23, 0xbf, 0xd1, 0xdf,
-    0xe0, 0xb2, 0x65, 0x97, 0xf8, 0xde, 0xbd, 0xa8, 0xce, 0x96, 0x5f, 0x01,
-    0xb4, 0x6a, 0x4b, 0xed, 0x69, 0xb6, 0x59, 0x6e, 0xe0, 0xf1, 0x9c, 0x8e,
-    0xfe, 0x13, 0x35, 0x99, 0x32, 0xcb, 0xf3, 0xfe, 0x70, 0xe1, 0x65, 0x49,
-    0x5a, 0x98, 0xc8, 0xb2, 0x34, 0x63, 0x4d, 0x99, 0x9f, 0x44, 0x2e, 0x66,
-    0x4f, 0x9c, 0x27, 0xf1, 0x75, 0xf9, 0xf5, 0xac, 0xe9, 0x65, 0xff, 0xef,
-    0x7d, 0x9c, 0x19, 0xa1, 0xc1, 0x49, 0x65, 0xff, 0xee, 0xa7, 0x74, 0x08,
-    0x2e, 0xdf, 0x62, 0x75, 0x95, 0x08, 0xbe, 0xc2, 0x82, 0x48, 0xbf, 0x47,
-    0x04, 0x29, 0x2c, 0xbd, 0xdb, 0x49, 0x65, 0xfe, 0x8f, 0x3e, 0xb5, 0x9d,
-    0x2c, 0xa9, 0xc7, 0xa1, 0xf1, 0xdb, 0xff, 0x77, 0x9a, 0xc6, 0xe7, 0xe3,
-    0x7a, 0xcb, 0xff, 0x3f, 0x4e, 0x37, 0xeb, 0x4c, 0x6a, 0xcb, 0xf4, 0x6e,
-    0xed, 0x86, 0x2c, 0xbf, 0xff, 0xf9, 0xdb, 0xcd, 0xfe, 0xda, 0x74, 0x9b,
-    0xee, 0x5e, 0x96, 0x6b, 0x16, 0x5d, 0x9f, 0x59, 0x76, 0x6e, 0xac, 0xa9,
-    0x8d, 0x7f, 0xc5, 0xab, 0xe8, 0xc2, 0x78, 0x50, 0x5f, 0x98, 0x0e, 0x40,
-    0x59, 0x7f, 0xa3, 0xae, 0x47, 0xa0, 0x6b, 0x28, 0x07, 0xb2, 0x44, 0xd7,
-    0xb8, 0x27, 0x27, 0x22, 0x87, 0x21, 0x01, 0x43, 0x54, 0xdf, 0xd1, 0x21,
-    0xd0, 0x3e, 0x81, 0xe8, 0xe3, 0xee, 0xe4, 0x96, 0x5f, 0xf6, 0xa2, 0x4d,
-    0xe6, 0x29, 0x2c, 0xbf, 0xff, 0xff, 0xe8, 0xe4, 0x7b, 0x6c, 0x33, 0x59,
-    0xf7, 0x13, 0x98, 0x6b, 0x90, 0x20, 0xa2, 0x6f, 0xc2, 0xcb, 0xfd, 0x26,
-    0xde, 0x21, 0xf3, 0x65, 0x97, 0xee, 0x7d, 0xfb, 0x85, 0x97, 0xe7, 0xd8,
-    0xc7, 0x92, 0xca, 0x84, 0xd4, 0xc8, 0xdf, 0xd0, 0x94, 0x30, 0xdc, 0x42,
-    0x8b, 0xfe, 0xe7, 0xe1, 0xf5, 0xac, 0xe9, 0x65, 0xff, 0xff, 0x8d, 0xea,
-    0x5e, 0xc2, 0xf7, 0x27, 0x73, 0x99, 0xac, 0x27, 0x92, 0xca, 0xc4, 0x54,
-    0x31, 0xcd, 0xf0, 0x3d, 0x9b, 0x2c, 0xb1, 0xd6, 0x54, 0x1b, 0x43, 0x91,
-    0xdf, 0xfc, 0x2c, 0x65, 0x01, 0xef, 0x0d, 0x6d, 0x2c, 0xbd, 0xa7, 0xe2,
-    0xcb, 0xb0, 0xc5, 0x95, 0x07, 0xf4, 0x34, 0x7e, 0x0e, 0x5f, 0x43, 0xeb,
-    0x8b, 0x2f, 0x7b, 0xf0, 0xb2, 0xb0, 0xfa, 0xfe, 0x5c, 0xe4, 0x37, 0xef,
-    0xc1, 0x3f, 0xd6, 0x5f, 0xdb, 0x7d, 0xfd, 0xa8, 0x59, 0x7a, 0x59, 0xc5,
-    0x97, 0xa3, 0xae, 0x2c, 0xbf, 0xc3, 0xfc, 0x4c, 0xef, 0xd2, 0xcb, 0xf7,
-    0x5c, 0x09, 0x49, 0x65, 0xef, 0x83, 0x7a, 0xca, 0xd9, 0x16, 0xa3, 0x1c,
-    0xd0, 0xe9, 0x1a, 0x6e, 0x94, 0xdc, 0xdb, 0x2c, 0xbd, 0xd3, 0xee, 0x2c,
-    0xad, 0x1b, 0x7f, 0x8b, 0xdf, 0x44, 0xfb, 0x1a, 0xb2, 0xa4, 0xa8, 0x00,
-    0x65, 0xba, 0x26, 0x78, 0x71, 0x94, 0x21, 0x3c, 0x43, 0x7f, 0xff, 0x1b,
-    0xef, 0xb3, 0x83, 0x0a, 0x3a, 0xe6, 0x75, 0xe5, 0x97, 0xff, 0x66, 0x80,
-    0x76, 0xe0, 0x9c, 0x8c, 0x59, 0x7a, 0x3a, 0xdc, 0x59, 0x7d, 0xc2, 0x63,
-    0x56, 0x56, 0x8f, 0x0b, 0xc4, 0x17, 0xd8, 0x37, 0x92, 0xca, 0x19, 0xe1,
-    0x9a, 0x45, 0x7f, 0xf1, 0xa6, 0x46, 0xbf, 0x0c, 0xfe, 0xe2, 0xcb, 0xe3,
-    0x94, 0x4c, 0xb2, 0xff, 0xfb, 0xed, 0x26, 0xd3, 0x83, 0xc5, 0x07, 0xe2,
-    0xcb, 0xef, 0x46, 0x81, 0x07, 0xe1, 0xd9, 0x15, 0xdb, 0x9c, 0x59, 0x7f,
-    0xdc, 0xef, 0xee, 0x39, 0xec, 0x52, 0x28, 0x59, 0x46, 0xa2, 0x6d, 0xce,
-    0x7c, 0x35, 0x50, 0xab, 0x22, 0x4b, 0x99, 0x0c, 0x96, 0x23, 0x78, 0xd4,
-    0x2f, 0x4f, 0x44, 0x05, 0x97, 0xe8, 0x10, 0x9e, 0x4b, 0x2f, 0xff, 0x69,
-    0xcb, 0xd8, 0x09, 0xf8, 0x18, 0xe1, 0x65, 0xff, 0xc5, 0x00, 0x18, 0x63,
-    0x68, 0xea, 0x4b, 0x2f, 0xe9, 0x6a, 0x24, 0xfa, 0x59, 0x76, 0x1d, 0x65,
-    0xef, 0x41, 0x8b, 0x2f, 0x7c, 0x4d, 0x2c, 0xa9, 0x1b, 0xbf, 0x0e, 0xdf,
-    0xf0, 0x74, 0x6b, 0xb7, 0x1b, 0x7a, 0xcb, 0xf6, 0x80, 0x76, 0xe2, 0xcb,
-    0xec, 0x20, 0x4e, 0x9f, 0x3e, 0x31, 0x0e, 0xef, 0x9f, 0xb2, 0xc5, 0x97,
-    0xf3, 0x7d, 0xb3, 0xaf, 0x2c, 0xa1, 0xa6, 0xc3, 0xd2, 0x89, 0xe1, 0x08,
-    0x47, 0xde, 0x21, 0xa5, 0x97, 0xc0, 0xf6, 0x01, 0x65, 0xf7, 0x38, 0xdb,
-    0xd6, 0x5f, 0xff, 0xb0, 0x8d, 0x7e, 0x7d, 0xd8, 0x07, 0x8e, 0xa4, 0xb2,
-    0xa0, 0xfe, 0x7b, 0x24, 0xbe, 0x39, 0x14, 0x2c, 0xbf, 0xe6, 0x1f, 0xe2,
-    0x59, 0xd7, 0x96, 0x5f, 0xf7, 0x71, 0xbe, 0x38, 0xc0, 0xe9, 0x65, 0xce,
-    0x6c, 0x22, 0x54, 0x64, 0x18, 0x73, 0x7e, 0xf3, 0xf8, 0x30, 0xb2, 0xff,
-    0xfe, 0xfb, 0x7b, 0xef, 0x21, 0x06, 0xfb, 0x0f, 0xec, 0x75, 0x97, 0xfe,
-    0x6f, 0x4b, 0x01, 0xc2, 0xc0, 0x2c, 0xa1, 0xae, 0x76, 0xe1, 0x39, 0xa9,
-    0x7d, 0x22, 0xb4, 0x71, 0xd3, 0x28, 0x68, 0x2f, 0xf0, 0x9b, 0x28, 0x5b,
-    0xf0, 0xe8, 0x24, 0xfb, 0xd7, 0x6f, 0x4f, 0xf5, 0x0b, 0x2f, 0xf7, 0xca,
-    0x3a, 0x68, 0xfa, 0xcb, 0xf9, 0xfc, 0x01, 0x0a, 0x4b, 0x2b, 0xb3, 0xe0,
-    0xf9, 0x95, 0x4f, 0x6d, 0xc1, 0xd4, 0x4b, 0xe2, 0x94, 0x69, 0xc3, 0x2d,
-    0xc9, 0x5c, 0xe6, 0xa9, 0xb4, 0x6d, 0x5a, 0x87, 0xc1, 0xd5, 0x5e, 0x58,
-    0x29, 0x4b, 0x29, 0xe2, 0x98, 0x67, 0x43, 0xa7, 0xe1, 0x74, 0x24, 0x20,
-    0x2f, 0xfc, 0xec, 0x30, 0xfb, 0x9b, 0x61, 0x8b, 0x2e, 0x9e, 0x89, 0x65,
-    0xfb, 0x98, 0x6c, 0x71, 0x65, 0xfa, 0x7f, 0x09, 0xcd, 0x59, 0x7e, 0xe8,
-    0xee, 0x40, 0x59, 0x53, 0x8f, 0x4a, 0x0a, 0xaf, 0xed, 0xce, 0x31, 0x75,
-    0x25, 0x97, 0xfe, 0x7d, 0x4f, 0xb7, 0xf1, 0xfa, 0x02, 0xcb, 0xf8, 0x02,
-    0x17, 0xf3, 0xa5, 0x97, 0xff, 0xe6, 0xf4, 0x1f, 0x3a, 0xf4, 0x1c, 0x4d,
-    0x38, 0x16, 0x5f, 0x31, 0x38, 0xd6, 0x5f, 0xf7, 0x23, 0x5e, 0x81, 0x63,
-    0x65, 0x95, 0x24, 0x58, 0x0d, 0x5b, 0x84, 0x17, 0xff, 0xf6, 0x7e, 0x76,
-    0x1d, 0xbf, 0x13, 0xb9, 0xcc, 0x20, 0x2c, 0xbf, 0xf9, 0xb5, 0x12, 0xfc,
-    0x4c, 0x41, 0x35, 0x65, 0x7d, 0x14, 0x5c, 0x5d, 0xbf, 0xf6, 0xd1, 0x31,
-    0x47, 0x32, 0x24, 0xb2, 0xee, 0xe7, 0xd6, 0x5f, 0xc6, 0xfa, 0x3f, 0x1c,
-    0x59, 0x7f, 0xdc, 0x2c, 0xf7, 0x23, 0x5b, 0x2c, 0xbf, 0xbe, 0xdd, 0x71,
-    0xfa, 0x59, 0x7f, 0xb0, 0x79, 0xa9, 0x46, 0x96, 0x5e, 0xfb, 0x79, 0x65,
-    0x42, 0x67, 0xb2, 0x3e, 0x61, 0xb9, 0x8b, 0x80, 0x73, 0xc2, 0xf1, 0x0c,
-    0xaf, 0xcf, 0xfc, 0xeb, 0xcb, 0x2f, 0xfc, 0xfe, 0xe4, 0x61, 0x0f, 0xf0,
-    0xb2, 0xfb, 0xbf, 0xc0, 0x56, 0x57, 0xcf, 0x7f, 0xc7, 0x97, 0xfe, 0x72,
-    0xd8, 0xcc, 0x21, 0xfe, 0x16, 0x5c, 0xdb, 0x2c, 0xac, 0x3d, 0x52, 0x3e,
-    0xbf, 0xc1, 0xea, 0x5c, 0x12, 0x37, 0x16, 0x5e, 0xee, 0x37, 0x16, 0x5f,
-    0xe9, 0xbe, 0xfa, 0xd3, 0x0d, 0x65, 0x61, 0xea, 0x39, 0x05, 0xfe, 0x7e,
-    0x84, 0xd3, 0x1f, 0x16, 0x5f, 0xce, 0x5b, 0x1d, 0xfc, 0xb2, 0x88, 0xf8,
-    0x78, 0x69, 0x7c, 0xdf, 0x73, 0xac, 0xbf, 0xe2, 0x2c, 0xdb, 0xde, 0x83,
-    0xac, 0xa9, 0x2a, 0xa6, 0xc8, 0x43, 0xcc, 0xef, 0xa2, 0x02, 0x84, 0x6f,
-    0x21, 0x03, 0xe2, 0x11, 0x08, 0x6f, 0xda, 0xce, 0x31, 0x8b, 0x2f, 0x8f,
-    0x1a, 0xe2, 0xcb, 0xff, 0xd0, 0x3f, 0x84, 0xd1, 0x20, 0x7f, 0x0f, 0x16,
-    0x5b, 0x70, 0x67, 0xde, 0x21, 0x15, 0xd9, 0xb2, 0xca, 0x83, 0xc3, 0xc2,
-    0xcb, 0xff, 0x10, 0x64, 0x0f, 0xc3, 0x16, 0xcb, 0x2e, 0x15, 0x1d, 0x65,
-    0xff, 0xff, 0xf7, 0xa0, 0xbb, 0xc2, 0x83, 0x3c, 0x6b, 0xf0, 0x70, 0xfa,
-    0xf9, 0x8e, 0x35, 0x97, 0xd8, 0x78, 0xdc, 0x59, 0x7f, 0xfe, 0x71, 0x84,
-    0xd0, 0x88, 0x17, 0x12, 0x69, 0xc0, 0xf2, 0xca, 0x84, 0xc6, 0x98, 0x6f,
-    0x8f, 0xc1, 0x24, 0xbf, 0x84, 0x80, 0xf6, 0x13, 0xac, 0xb9, 0x89, 0x65,
-    0xf4, 0xa0, 0xbb, 0x59, 0x43, 0x36, 0xf8, 0x2b, 0x69, 0x96, 0x5f, 0x0a,
-    0x5e, 0x3a, 0x59, 0x68, 0x23, 0x71, 0xe1, 0x2a, 0x9c, 0x7f, 0xac, 0xb1,
-    0x7d, 0x00, 0xc2, 0x59, 0x52, 0x65, 0xb1, 0x0d, 0xeb, 0x08, 0xfb, 0x31,
-    0xe9, 0x05, 0xa1, 0xbf, 0x34, 0x34, 0xb5, 0x1b, 0x01, 0xe5, 0x85, 0xbc,
-    0x20, 0x81, 0x0d, 0xa2, 0x20, 0xe4, 0x6b, 0x01, 0x3c, 0x32, 0x1c, 0x93,
-    0xe4, 0x77, 0xc7, 0x9e, 0x62, 0xa4, 0xf0, 0xb2, 0xef, 0x71, 0x65, 0x31,
-    0xe5, 0x4c, 0x67, 0x7c, 0x24, 0x19, 0xc5, 0x97, 0x03, 0xcb, 0x2e, 0x07,
-    0xd6, 0x5f, 0x6b, 0x59, 0xc5, 0x97, 0x64, 0xcb, 0x2d, 0x29, 0xc8, 0x8b,
-    0xd8, 0x90, 0xe2, 0xee, 0x2e, 0x21, 0x15, 0xf7, 0x9c, 0xb1, 0x65, 0xf6,
-    0xec, 0x14, 0x96, 0x53, 0x1e, 0x20, 0x84, 0x17, 0xc4, 0xfe, 0xe2, 0xcb,
-    0xf6, 0x87, 0x98, 0x4b, 0x2f, 0x8d, 0xd3, 0x98, 0xb2, 0xff, 0xcd, 0x9f,
-    0x8d, 0xfc, 0xfc, 0x74, 0xb2, 0xb0, 0xf9, 0x37, 0x09, 0x2f, 0xee, 0xb4,
-    0x1e, 0xbd, 0x25, 0x97, 0xfc, 0xfd, 0x19, 0x84, 0x3f, 0xc2, 0xcb, 0xa3,
-    0x65, 0x95, 0x89, 0xa8, 0x39, 0x0f, 0x21, 0x14, 0x12, 0x43, 0x0c, 0x44,
-    0x39, 0xbf, 0x19, 0xef, 0x66, 0xcb, 0x2f, 0xe7, 0x80, 0x67, 0x52, 0x59,
-    0x4b, 0x2f, 0xf1, 0x6b, 0x39, 0x8d, 0xf5, 0x94, 0x29, 0x37, 0x98, 0x17,
-    0x7f, 0xfd, 0x2f, 0x16, 0x3f, 0x8b, 0x3d, 0xec, 0x31, 0x65, 0xfd, 0xa6,
-    0xf7, 0xf2, 0x4b, 0x2f, 0x7e, 0x37, 0xac, 0xad, 0x1e, 0x5f, 0x8b, 0x6e,
-    0x7d, 0xd5, 0x97, 0xfb, 0xd9, 0xad, 0xa3, 0xdc, 0x59, 0x52, 0x3c, 0xd7,
-    0x19, 0xbf, 0xfe, 0xc1, 0xb7, 0xb0, 0xff, 0x88, 0xec, 0xee, 0xb2, 0xec,
-    0xde, 0xb2, 0xff, 0xbb, 0xfe, 0x0c, 0xed, 0xac, 0x59, 0x7f, 0x47, 0x3f,
-    0x04, 0x6a, 0xca, 0x84, 0x66, 0x6c, 0x9d, 0x83, 0x1a, 0x39, 0xbd, 0x3f,
-    0x86, 0xac, 0xbf, 0xa2, 0x35, 0xf8, 0xde, 0xb2, 0xf9, 0x8a, 0x6d, 0xc5,
-    0x97, 0xc5, 0x1d, 0x49, 0x65, 0x00, 0xf1, 0xfc, 0x4b, 0x7f, 0x46, 0xfc,
-    0xff, 0xe1, 0x65, 0xf7, 0xb9, 0x93, 0x2c, 0xf9, 0xae, 0xbf, 0xbe, 0x36,
-    0xdf, 0x03, 0x59, 0x58, 0x7c, 0x4e, 0x67, 0x7d, 0xa6, 0x7d, 0x96, 0x5e,
-    0x6c, 0x02, 0xca, 0xc3, 0x7b, 0xc2, 0x2b, 0xfc, 0xc1, 0xd7, 0xf3, 0x7f,
-    0x16, 0x5f, 0xff, 0xec, 0xf3, 0x75, 0x22, 0x89, 0xde, 0x6c, 0xdd, 0x1f,
-    0xf1, 0x65, 0xf6, 0x79, 0xb8, 0xb2, 0xfe, 0x9e, 0xa6, 0x29, 0xe3, 0x60,
-    0xac, 0xad, 0xc4, 0x7a, 0x4c, 0x6b, 0xc6, 0x4f, 0x10, 0xdf, 0xf8, 0x2e,
-    0x7e, 0x31, 0x3e, 0x8d, 0x59, 0x52, 0x5f, 0xee, 0x1c, 0x6e, 0x58, 0xba,
-    0x69, 0x57, 0x6d, 0x3d, 0x12, 0x34, 0x26, 0x66, 0x6f, 0xd4, 0x3b, 0x4e,
-    0x79, 0xf2, 0x00, 0x3a, 0x94, 0x2c, 0xb8, 0xbb, 0xe8, 0xc5, 0x0c, 0x41,
-    0xbe, 0xf7, 0x9a, 0x4b, 0x2f, 0xec, 0x30, 0xb7, 0xea, 0x4b, 0x2f, 0xff,
-    0xde, 0x6e, 0x6d, 0x86, 0x71, 0xb6, 0x27, 0xeb, 0xcb, 0x2f, 0xfa, 0x59,
-    0xec, 0x1b, 0x10, 0x16, 0x5e, 0x33, 0x3e, 0xb2, 0xfe, 0xcd, 0x68, 0x26,
-    0xe9, 0x65, 0xfc, 0x52, 0x31, 0xff, 0xc5, 0x97, 0xe3, 0x7e, 0xe4, 0xcb,
-    0x2d, 0xcc, 0x3d, 0x56, 0x2e, 0xbe, 0xd0, 0x90, 0x62, 0xcb, 0xe1, 0x93,
-    0x9a, 0xb2, 0xff, 0xe6, 0x93, 0xeb, 0x37, 0xf5, 0xdb, 0x74, 0xb2, 0xa1,
-    0x11, 0xdb, 0x12, 0x78, 0x8a, 0xf9, 0xb9, 0x83, 0x85, 0x4c, 0xdb, 0x11,
-    0x61, 0x87, 0x4b, 0x0e, 0x6e, 0x43, 0xbe, 0x84, 0x20, 0x90, 0xb4, 0xbf,
-    0xc0, 0x0f, 0x18, 0xba, 0x92, 0xcb, 0xf8, 0x0d, 0xa6, 0xe8, 0x0b, 0x2c,
-    0xfb, 0x87, 0xc5, 0x31, 0xa5, 0x80, 0xb2, 0xff, 0x0f, 0x09, 0x8c, 0xf8,
-    0x56, 0x5f, 0xff, 0x7d, 0xa3, 0xcc, 0x08, 0x90, 0xb3, 0x0c, 0x31, 0x25,
-    0xff, 0xcd, 0x1e, 0x04, 0x48, 0x59, 0x86, 0x18, 0x92, 0xb1, 0x13, 0xbf,
-    0x54, 0xad, 0x91, 0xe5, 0xe8, 0x68, 0x5f, 0xef, 0x85, 0xce, 0x37, 0x3a,
-    0xca, 0x23, 0xdc, 0xf1, 0x4d, 0xec, 0xc3, 0x52, 0x5f, 0x73, 0x20, 0x0b,
-    0x28, 0x66, 0xf7, 0xc3, 0x97, 0x80, 0xfe, 0x59, 0x7d, 0xee, 0x07, 0x71,
-    0x65, 0x39, 0xe1, 0x04, 0x72, 0xff, 0xb4, 0xfd, 0xce, 0xfc, 0x08, 0x4b,
-    0x2f, 0x06, 0x34, 0xb2, 0xef, 0x70, 0x67, 0xb1, 0x31, 0xe5, 0xf1, 0xa1,
-    0x07, 0x16, 0x5c, 0x41, 0x54, 0x43, 0x2b, 0xfa, 0x0f, 0x1c, 0xd6, 0x2c,
-    0xa9, 0x1e, 0x7c, 0xc4, 0x77, 0xbf, 0x1b, 0x2c, 0xbf, 0x7a, 0x24, 0x69,
-    0xd6, 0x5f, 0xe0, 0x97, 0x7f, 0x8e, 0xb7, 0x56, 0x5e, 0x30, 0xc3, 0x12,
-    0x5e, 0xc2, 0xed, 0x20, 0xb3, 0x41, 0x7f, 0xec, 0xdb, 0x06, 0xf2, 0x28,
-    0xd9, 0x65, 0x42, 0x3b, 0x58, 0xa4, 0x0b, 0x04, 0x5d, 0x7f, 0xfb, 0x35,
-    0xef, 0x67, 0x0a, 0x33, 0x52, 0x59, 0x7e, 0x6f, 0xff, 0x3c, 0xb2, 0xd1,
-    0x38, 0xfb, 0xf8, 0x91, 0x7d, 0xf7, 0x23, 0x56, 0x50, 0xcf, 0x2f, 0xc5,
-    0x37, 0xf7, 0x52, 0xe1, 0x3f, 0x6b, 0x2f, 0x9f, 0x73, 0xdc, 0x59, 0x78,
-    0x85, 0x50, 0xa1, 0x65, 0x61, 0xfd, 0x74, 0x5e, 0xe4, 0xb7, 0x0a, 0xa1,
-    0x54, 0xb2, 0xfd, 0x2e, 0xf3, 0xaf, 0x2c, 0xbf, 0x67, 0xbc, 0x1d, 0x96,
-    0x5f, 0xf9, 0xb6, 0xfb, 0x3c, 0xbc, 0xdb, 0x2c, 0xb4, 0x85, 0x52, 0x2d,
-    0x64, 0x46, 0x45, 0x5e, 0x29, 0xbf, 0x73, 0x06, 0xff, 0x59, 0x7c, 0x3f,
-    0xe7, 0x6b, 0x2f, 0x3e, 0xe4, 0x2c, 0xbf, 0x60, 0xfe, 0xfb, 0x8b, 0x2f,
-    0xc5, 0x83, 0x83, 0xac, 0xa9, 0xe1, 0x7f, 0x6e, 0x23, 0x5f, 0xd9, 0x78,
-    0x6c, 0x78, 0xf2, 0x69, 0x7f, 0x4e, 0x73, 0x11, 0xea, 0x30, 0xa3, 0xc3,
-    0xd3, 0xf0, 0x9c, 0x78, 0x71, 0x81, 0x20, 0x89, 0xc2, 0x47, 0xbc, 0x78,
-    0xc2, 0xab, 0xf8, 0xf8, 0xda, 0x9a, 0x4b, 0x2f, 0xff, 0x8d, 0x11, 0xcb,
-    0xef, 0x2e, 0x61, 0xe3, 0x71, 0x65, 0x42, 0x20, 0x58, 0xba, 0xfa, 0x3c,
-    0x11, 0x16, 0x5e, 0xf3, 0x42, 0xcb, 0xb0, 0x96, 0x53, 0x1b, 0x00, 0x8d,
-    0xdf, 0x8a, 0x3a, 0x8e, 0x2c, 0xbf, 0xf6, 0x31, 0x3f, 0xb8, 0x64, 0x12,
-    0xcb, 0xdf, 0x7d, 0x41, 0xf1, 0xf0, 0x9e, 0xf9, 0xb5, 0x1e, 0x59, 0x7d,
-    0xcc, 0x89, 0x2c, 0xa1, 0x9e, 0x11, 0x10, 0xde, 0xfe, 0x74, 0xb2, 0xfc,
-    0x3d, 0x34, 0x1d, 0x65, 0xa2, 0x47, 0x88, 0x43, 0xb7, 0xd2, 0x68, 0xed,
-    0x65, 0xdd, 0x01, 0x65, 0xfc, 0x78, 0xe0, 0x1b, 0xb5, 0x97, 0xb9, 0x06,
-    0x80, 0xf1, 0xb8, 0x31, 0x7f, 0x16, 0x6e, 0xb4, 0x4c, 0xb2, 0xfe, 0xcd,
-    0x00, 0x0c, 0x4b, 0x29, 0xcf, 0x6c, 0x25, 0xf7, 0xf1, 0x79, 0xb6, 0x28,
-    0x59, 0x6e, 0x2c, 0xba, 0x78, 0xd9, 0x65, 0x41, 0xed, 0x48, 0xb1, 0xc4,
-    0x6f, 0xf3, 0x0f, 0x58, 0x37, 0x3a, 0xcb, 0xe9, 0xb9, 0x1c, 0x59, 0x6c,
-    0x39, 0xea, 0x80, 0xca, 0xfb, 0x0e, 0x20, 0xd6, 0x5f, 0x8d, 0x9a, 0x0b,
-    0xcb, 0x2b, 0xe7, 0xe6, 0x44, 0xe1, 0x23, 0xbf, 0xff, 0xed, 0xf0, 0x36,
-    0x27, 0xd1, 0xa4, 0xec, 0x58, 0x00, 0xf1, 0x65, 0xff, 0xbe, 0x27, 0x33,
-    0x5d, 0xbb, 0xf6, 0xa8, 0x83, 0x17, 0xff, 0x6d, 0x06, 0xe6, 0xbd, 0xe8,
-    0xce, 0x2c, 0xa1, 0xa2, 0x4c, 0x93, 0xaa, 0x13, 0x1a, 0x68, 0x7c, 0x5f,
-    0xfb, 0xe1, 0x73, 0x73, 0xde, 0xcf, 0xac, 0xbf, 0xdb, 0xe0, 0xb0, 0x4c,
-    0x3a, 0xcb, 0xfd, 0xf8, 0x2f, 0x01, 0xfc, 0xb2, 0xff, 0xf4, 0xb5, 0x12,
-    0xef, 0xed, 0xf2, 0x73, 0xac, 0xae, 0x1f, 0xe0, 0x4c, 0xaf, 0xff, 0xe3,
-    0xc1, 0x76, 0xe4, 0x0c, 0x1f, 0x08, 0x2f, 0x25, 0x97, 0xfd, 0xdb, 0x1c,
-    0xed, 0x3b, 0x81, 0x59, 0x7f, 0xee, 0x01, 0xfa, 0xe0, 0x9a, 0xfb, 0xac,
-    0xbf, 0x9f, 0xf8, 0x47, 0xc5, 0x97, 0xc1, 0xfe, 0x76, 0xb2, 0xa4, 0xa9,
-    0x70, 0x64, 0xec, 0x7f, 0xa8, 0x58, 0x1c, 0x88, 0x96, 0x7c, 0x79, 0xbd,
-    0x06, 0x7c, 0xae, 0xff, 0xef, 0x73, 0x68, 0x10, 0xa3, 0xed, 0xb2, 0xcb,
-    0xfd, 0xc8, 0xd4, 0xbb, 0x6d, 0x96, 0x5f, 0x7d, 0x9c, 0x0b, 0x28, 0x91,
-    0x39, 0xc4, 0x6f, 0x1a, 0xdf, 0xff, 0xf6, 0xb4, 0xf2, 0xe0, 0xff, 0x9d,
-    0xe6, 0xb9, 0xd7, 0x84, 0x3a, 0xcb, 0xf8, 0x26, 0x96, 0x6c, 0x15, 0x95,
-    0x08, 0xc9, 0xc2, 0xff, 0xb5, 0xdf, 0xff, 0x8b, 0xc1, 0xf8, 0x9e, 0x62,
-    0x7e, 0xbc, 0x18, 0x59, 0x7b, 0xe1, 0xdc, 0x59, 0x7f, 0xe6, 0x2f, 0x71,
-    0x86, 0x0e, 0x80, 0xb2, 0xff, 0xe7, 0xdf, 0x85, 0xdf, 0xd8, 0x02, 0x79,
-    0x65, 0x6c, 0x88, 0x6d, 0x1f, 0xd4, 0x2b, 0x3b, 0x94, 0x7d, 0xac, 0x5c,
-    0x2b, 0x56, 0x0c, 0x29, 0xaf, 0x61, 0x1a, 0xb2, 0xff, 0x38, 0xff, 0x99,
-    0xd7, 0x96, 0x56, 0x1e, 0x79, 0xa3, 0x95, 0xd3, 0x26, 0xa3, 0xf0, 0x8f,
-    0x27, 0xbe, 0x43, 0xd7, 0xd3, 0xdb, 0xfb, 0xb0, 0xa8, 0xbc, 0x50, 0x62,
-    0xcb, 0xe6, 0xed, 0x86, 0xb2, 0xb0, 0xdf, 0x78, 0x72, 0xff, 0xf7, 0x5e,
-    0x86, 0x2f, 0x6a, 0x3c, 0xfe, 0x59, 0x7d, 0x1e, 0x69, 0x96, 0x5f, 0xc1,
-    0x71, 0x02, 0xe2, 0x2c, 0xa9, 0x8f, 0x47, 0x44, 0x57, 0x6f, 0xc5, 0x95,
-    0x86, 0xed, 0xc8, 0xef, 0xfe, 0x79, 0x4e, 0xcf, 0x67, 0xe3, 0x40, 0x59,
-    0x70, 0x00, 0xb2, 0xff, 0xbb, 0xfb, 0x68, 0x9b, 0xdc, 0x59, 0x52, 0x44,
-    0xa9, 0xd1, 0x40, 0x2f, 0x7f, 0x80, 0xdf, 0xfe, 0x01, 0xd6, 0x5f, 0xee,
-    0x36, 0x16, 0x74, 0x62, 0xcb, 0xff, 0xfd, 0x9e, 0xf3, 0xe8, 0xa3, 0xa9,
-    0x09, 0xa0, 0x1d, 0xb8, 0xb2, 0xb7, 0x11, 0x2a, 0x73, 0x3b, 0xf0, 0x7a,
-    0xef, 0x0e, 0xb2, 0xff, 0x31, 0x98, 0x43, 0xfc, 0x2c, 0xbe, 0x7e, 0x88,
-    0x6b, 0x28, 0xe7, 0xa8, 0x03, 0x2b, 0xff, 0xd1, 0xee, 0x07, 0xb9, 0xdf,
-    0x72, 0x88, 0x59, 0x77, 0xc2, 0xb2, 0xff, 0xfd, 0x26, 0x21, 0xff, 0x3a,
-    0x11, 0xcb, 0xc4, 0x35, 0x97, 0xff, 0xf3, 0x19, 0xf7, 0xee, 0x08, 0x79,
-    0xd7, 0xbe, 0xe3, 0x59, 0x7f, 0xdb, 0x7a, 0x59, 0xb8, 0xe4, 0x05, 0x97,
-    0xfc, 0xfb, 0x9f, 0x13, 0x52, 0x8d, 0xc5, 0x97, 0xd3, 0x7d, 0xfc, 0xb2,
-    0xb1, 0x13, 0xfd, 0x1e, 0x32, 0x05, 0xfe, 0xc1, 0xff, 0x3a, 0xce, 0x2c,
-    0xbc, 0xc6, 0x6e, 0x2c, 0xbf, 0xd9, 0xbf, 0x9e, 0xf4, 0x1d, 0x65, 0x68,
-    0xf5, 0x7e, 0x41, 0x50, 0xad, 0x44, 0x64, 0xd8, 0xfc, 0x69, 0x13, 0x25,
-    0xcc, 0x2f, 0xa5, 0x5f, 0xc3, 0xec, 0x8b, 0xf9, 0x08, 0x8b, 0xff, 0x49,
-    0x8a, 0x42, 0x7f, 0xf0, 0x35, 0x97, 0x18, 0xcb, 0x2f, 0xc7, 0xef, 0x0b,
-    0xb5, 0x95, 0x07, 0x80, 0xc2, 0xf7, 0xfd, 0x83, 0x35, 0xe6, 0xfc, 0x6c,
-    0xb2, 0xfc, 0x1f, 0x6d, 0xc3, 0x56, 0x5f, 0xfc, 0xfb, 0x71, 0xc7, 0x1b,
-    0x44, 0xa1, 0x65, 0xfd, 0x9c, 0x9f, 0xcd, 0x42, 0xca, 0xe9, 0x37, 0x8d,
-    0x3f, 0xfc, 0x80, 0x8e, 0xf8, 0x57, 0x3e, 0x89, 0x7c, 0xd0, 0x53, 0x2c,
-    0xad, 0x9b, 0x51, 0x29, 0x29, 0x8e, 0x10, 0x78, 0xe9, 0xdb, 0x2f, 0x44,
-    0xcd, 0x4a, 0x10, 0x9a, 0x16, 0x7a, 0x20, 0x3c, 0x35, 0x5e, 0x16, 0x80,
-    0x30, 0xe4, 0xe0, 0xc7, 0xa5, 0x06, 0x98, 0xb7, 0x7f, 0xb9, 0xcc, 0x20,
-    0x4f, 0xe2, 0xcb, 0xe2, 0x6d, 0xd8, 0x59, 0x70, 0x21, 0x65, 0xe2, 0xce,
-    0x2c, 0xa2, 0x36, 0x22, 0x0b, 0x5a, 0x65, 0x97, 0xf7, 0x30, 0x81, 0x3f,
-    0x8b, 0x2a, 0x72, 0x3a, 0xf0, 0xd5, 0xd5, 0x00, 0x43, 0xc1, 0x2b, 0xef,
-    0x3b, 0x92, 0xca, 0xde, 0x7d, 0x46, 0x25, 0x5f, 0xe0, 0x38, 0x23, 0x72,
-    0x24, 0xb2, 0xff, 0xe9, 0x36, 0x7d, 0xff, 0xf8, 0xeb, 0x8b, 0x2f, 0xf7,
-    0xf0, 0x65, 0x18, 0x4b, 0x2a, 0x48, 0xa9, 0xe8, 0xd4, 0x08, 0x97, 0x87,
-    0x84, 0xb2, 0xfc, 0x13, 0xc6, 0x79, 0x65, 0xf6, 0x02, 0x00, 0xb2, 0x80,
-    0x79, 0x04, 0x4f, 0x5b, 0x22, 0x13, 0xcc, 0x74, 0xe8, 0xd9, 0x0c, 0x2d,
-    0x6f, 0xff, 0x16, 0xd3, 0xa6, 0x62, 0xc1, 0xe1, 0x1a, 0xb2, 0xff, 0x82,
-    0x11, 0x09, 0xa7, 0x03, 0xcb, 0x2f, 0xfd, 0x9b, 0xe3, 0xa9, 0xf8, 0xd6,
-    0x12, 0xcb, 0xf9, 0xba, 0xdd, 0xfc, 0x79, 0x65, 0xf8, 0x3c, 0x66, 0xe9,
-    0x65, 0xf8, 0xb3, 0xdf, 0x65, 0x97, 0x84, 0xc8, 0x59, 0x70, 0x4d, 0x59,
-    0x7e, 0x82, 0x20, 0x9d, 0x65, 0x7c, 0xdf, 0x08, 0x31, 0x7b, 0xd0, 0x22,
-    0xcb, 0xfd, 0x83, 0xd3, 0xf7, 0xe0, 0x2c, 0xbf, 0x61, 0x0f, 0xf0, 0xb2,
-    0xb0, 0xfd, 0xfe, 0x3a, 0x61, 0xa5, 0xe9, 0x67, 0x16, 0x54, 0x2a, 0x87,
-    0xd9, 0x30, 0xd3, 0xcd, 0xc4, 0x29, 0x8c, 0x74, 0x50, 0xe4, 0xc4, 0xb5,
-    0xc8, 0x4c, 0xf8, 0xbe, 0xf8, 0x7a, 0x79, 0x2c, 0xbf, 0xff, 0xd8, 0x4f,
-    0xee, 0x66, 0x80, 0x08, 0xce, 0xbd, 0xc6, 0x59, 0x74, 0xa1, 0x65, 0xa7,
-    0xd6, 0x54, 0xe3, 0x55, 0x82, 0xd4, 0x34, 0x55, 0xfa, 0x11, 0x35, 0x08,
-    0xf5, 0x78, 0x66, 0xde, 0x8d, 0x4c, 0xb2, 0xf0, 0xe0, 0x96, 0x54, 0xe7,
-    0xc1, 0xef, 0x9e, 0xd0, 0x22, 0x96, 0xfb, 0xb4, 0x6a, 0xc3, 0x85, 0x6e,
-    0x52, 0x21, 0x7b, 0x96, 0xbf, 0xd4, 0x3d, 0x1a, 0x90, 0x0d, 0xf8, 0xe3,
-    0x5e, 0xb5, 0x33, 0x04, 0xa5, 0x42, 0x8e, 0x9c, 0x32, 0xab, 0x8c, 0x8e,
-    0x2a, 0x7c, 0x98, 0x41, 0xdb, 0xdd, 0x6d, 0xbd, 0x65, 0xfe, 0xef, 0xee,
-    0x50, 0x1e, 0x96, 0x5f, 0xbb, 0xfc, 0x75, 0xba, 0xb2, 0xe0, 0x8a, 0xd6,
-    0x5f, 0xbe, 0xfa, 0x3b, 0x2c, 0xbc, 0x24, 0x6e, 0x2c, 0xbf, 0x84, 0xef,
-    0xf1, 0xd6, 0xea, 0xca, 0x9c, 0x8c, 0x39, 0x16, 0xf6, 0x37, 0xc2, 0x70,
-    0x90, 0x5e, 0x62, 0xc5, 0x97, 0xf7, 0xd8, 0x57, 0xf8, 0xd9, 0x65, 0x87,
-    0x23, 0xcc, 0xec, 0x6a, 0xe0, 0x18, 0xb2, 0xfe, 0xfc, 0x36, 0xe1, 0xd9,
-    0x65, 0x4e, 0x3c, 0x7e, 0xc6, 0x28, 0x6a, 0x89, 0x7a, 0x87, 0xbb, 0x42,
-    0x67, 0xce, 0x17, 0xf6, 0x19, 0x98, 0x46, 0xac, 0xb9, 0xb6, 0x59, 0x74,
-    0x08, 0xb2, 0xf3, 0xe7, 0x16, 0x5f, 0x9f, 0x66, 0x0c, 0x96, 0x5e, 0x00,
-    0x21, 0x65, 0x48, 0xfd, 0x8e, 0x2f, 0xf1, 0xb2, 0x28, 0xbd, 0x84, 0x6a,
-    0xca, 0x64, 0xc4, 0x4e, 0x5a, 0xf0, 0x8d, 0xdd, 0x3b, 0xbf, 0xf7, 0x35,
-    0x1e, 0x27, 0x39, 0xd9, 0x65, 0xff, 0xe8, 0xe7, 0x20, 0xf9, 0xe6, 0xe7,
-    0xdd, 0x65, 0xe6, 0x2f, 0x2c, 0xae, 0xcf, 0x8f, 0xe9, 0x17, 0xfe, 0xfb,
-    0x7e, 0x33, 0x52, 0xd4, 0x96, 0x5f, 0xfc, 0x78, 0xf7, 0x1f, 0x34, 0x03,
-    0xe2, 0xcb, 0xf8, 0xa2, 0x47, 0x86, 0x59, 0x40, 0x3e, 0xe2, 0x43, 0xbf,
-    0x7e, 0x36, 0x8f, 0xac, 0xbf, 0x69, 0xcf, 0x1d, 0xac, 0xbf, 0x66, 0xf2,
-    0xce, 0x2c, 0xbf, 0xde, 0x6d, 0xed, 0xe9, 0x42, 0x4b, 0x1d, 0x65, 0xfd,
-    0x84, 0x6e, 0xa0, 0x5b, 0x1e, 0x28, 0x86, 0x97, 0x61, 0xab, 0x2a, 0x72,
-    0xaa, 0xac, 0x85, 0x07, 0x64, 0x6d, 0x0a, 0xc9, 0x88, 0x5c, 0xa0, 0x8a,
-    0x38, 0xdb, 0x3e, 0x8d, 0x7f, 0xf9, 0xf7, 0xc6, 0x0d, 0xe5, 0x9f, 0x63,
-    0x16, 0x5e, 0x0f, 0x52, 0x59, 0x7b, 0x4f, 0xbd, 0x65, 0xf8, 0x7a, 0xd6,
-    0x71, 0x65, 0x48, 0xf1, 0x9c, 0x7a, 0xa4, 0x8c, 0xfd, 0x25, 0x13, 0x25,
-    0xfe, 0x29, 0x16, 0x1e, 0x3b, 0x59, 0x7a, 0x67, 0xf2, 0xcb, 0xc5, 0x07,
-    0x59, 0x50, 0x6e, 0x26, 0x1d, 0xbf, 0x37, 0xca, 0x24, 0xb2, 0xfb, 0x4e,
-    0xdb, 0x2c, 0xbb, 0x8c, 0xb2, 0x98, 0xdc, 0x39, 0x15, 0xb1, 0x65, 0xec,
-    0xc3, 0x56, 0x58, 0xe3, 0x35, 0x9b, 0xa2, 0x17, 0xfe, 0xe0, 0x9a, 0xf4,
-    0x98, 0xbd, 0xc5, 0x95, 0x09, 0xe6, 0xe1, 0x7b, 0x35, 0x68, 0x87, 0xeb,
-    0xce, 0x96, 0x12, 0xab, 0xfe, 0x6d, 0xf9, 0xae, 0xdd, 0xfb, 0x54, 0x61,
-    0xab, 0xd3, 0xe1, 0xf2, 0xcb, 0x9b, 0x7a, 0xcb, 0xff, 0x77, 0xf8, 0x27,
-    0xf7, 0x33, 0x65, 0x97, 0xb4, 0xe2, 0x2c, 0xac, 0x3d, 0xc7, 0x3f, 0xbb,
-    0x0d, 0x59, 0x7f, 0xf4, 0x1d, 0x87, 0x84, 0x6f, 0xe0, 0xeb, 0x2b, 0xe7,
-    0xb5, 0xe1, 0x7b, 0xec, 0x3c, 0x08, 0xb2, 0x86, 0x9c, 0xd7, 0x69, 0x07,
-    0x20, 0xe3, 0xa7, 0x9e, 0xb7, 0x91, 0x5c, 0x27, 0xd6, 0x5f, 0x89, 0xcc,
-    0x10, 0xeb, 0x2f, 0x9f, 0xaf, 0x62, 0xcb, 0x34, 0xc7, 0x97, 0xc2, 0x9a,
-    0x35, 0x11, 0x7f, 0x63, 0xbf, 0xfe, 0x6f, 0x7e, 0x39, 0x1f, 0x86, 0xda,
-    0x0d, 0x59, 0x7f, 0xbf, 0x13, 0x49, 0xb5, 0x25, 0x97, 0xe2, 0x98, 0xa0,
-    0xeb, 0x2f, 0xf7, 0x98, 0xc9, 0x89, 0xcc, 0x59, 0x77, 0xd9, 0x65, 0xff,
-    0x66, 0xf8, 0x1f, 0xf1, 0xbc, 0xb2, 0xf7, 0x1c, 0x0b, 0x28, 0x8f, 0x57,
-    0xc7, 0x35, 0xb8, 0x88, 0xcf, 0x35, 0xdf, 0xc1, 0x10, 0x00, 0x8e, 0x96,
-    0x5f, 0x1f, 0xd9, 0xda, 0xcb, 0xed, 0xa3, 0xa8, 0x59, 0x50, 0x78, 0xcc,
-    0x47, 0x71, 0x9e, 0x59, 0x7e, 0x89, 0x00, 0xb1, 0x65, 0xcd, 0xb2, 0xca,
-    0x85, 0x4f, 0x83, 0x4f, 0xc3, 0x4e, 0x89, 0xda, 0x18, 0x33, 0x13, 0x7d,
-    0xd9, 0xc8, 0x08, 0x63, 0xc4, 0xd7, 0xe7, 0xf6, 0xa3, 0x7a, 0xcb, 0xe8,
-    0xe8, 0x3b, 0x8b, 0x2f, 0xff, 0xdd, 0x87, 0xe6, 0xb1, 0x47, 0xe0, 0xc8,
-    0x2c, 0x59, 0x53, 0x1f, 0xd9, 0x13, 0x5f, 0x30, 0xf7, 0x59, 0x65, 0x42,
-    0x3a, 0x9e, 0x14, 0x86, 0x11, 0x5f, 0xf7, 0xe2, 0x4c, 0x58, 0x78, 0x59,
-    0x7c, 0xe3, 0x96, 0xcb, 0x2f, 0xfb, 0x3d, 0xfc, 0x39, 0x3f, 0x96, 0x5f,
-    0xdb, 0xdb, 0x5d, 0x46, 0xe2, 0xca, 0x19, 0xf5, 0x61, 0xbd, 0x7d, 0x15,
-    0xc5, 0x08, 0xdb, 0x88, 0x0b, 0x2f, 0xc7, 0x8e, 0xf6, 0x1a, 0xcb, 0xe9,
-    0x41, 0xdd, 0x65, 0xfb, 0x40, 0x3b, 0x71, 0x65, 0xde, 0xe0, 0xa5, 0x11,
-    0x38, 0x2c, 0xe5, 0x42, 0x10, 0xd4, 0x23, 0xf0, 0x30, 0xb0, 0xb7, 0x16,
-    0x5f, 0xd1, 0xb6, 0x13, 0x1a, 0xb2, 0xb4, 0x6f, 0xb8, 0x23, 0x7f, 0xe2,
-    0x7f, 0xc0, 0x05, 0xeb, 0x9c, 0x49, 0x7b, 0xf8, 0x35, 0x95, 0x07, 0xb8,
-    0xc8, 0x17, 0xd1, 0xe9, 0x3a, 0xcb, 0xf8, 0x02, 0x14, 0xbf, 0x8b, 0x2e,
-    0xdb, 0x65, 0x97, 0xb3, 0xb8, 0x59, 0x5b, 0x2b, 0x66, 0x1c, 0x7c, 0x18,
-    0xca, 0x77, 0xdf, 0x90, 0x78, 0x84, 0x25, 0xdb, 0xc6, 0x6f, 0x1e, 0x3b,
-    0x59, 0x7e, 0x79, 0x9b, 0x38, 0xb2, 0xfb, 0x91, 0xa9, 0x2c, 0xb0, 0xe7,
-    0x1e, 0x4f, 0x09, 0xea, 0x11, 0x20, 0xec, 0xd7, 0xfc, 0x43, 0xfc, 0x7b,
-    0xd0, 0x75, 0x97, 0x07, 0x65, 0x97, 0xd0, 0x26, 0xe8, 0xd6, 0x5f, 0x71,
-    0xbd, 0x0b, 0x2e, 0xea, 0x5b, 0x1e, 0x3f, 0x44, 0xd7, 0x9b, 0xae, 0x2c,
-    0xac, 0x3c, 0xe6, 0x31, 0xac, 0x4c, 0x15, 0x8e, 0x3f, 0x0a, 0xdb, 0xb3,
-    0xb5, 0x96, 0xe2, 0xcf, 0x16, 0xf7, 0xe1, 0xc1, 0xdc, 0x6b, 0x2b, 0x0f,
-    0x1d, 0x88, 0x2f, 0x7b, 0x3e, 0xb2, 0xfb, 0x6f, 0x31, 0xab, 0x2b, 0x47,
-    0xc0, 0x12, 0x01, 0x07, 0x2f, 0xff, 0x4e, 0x76, 0xce, 0x46, 0xd8, 0x4c,
-    0x6a, 0xcb, 0xb7, 0xc2, 0xca, 0x19, 0xf1, 0x1d, 0x2a, 0xff, 0x68, 0xf1,
-    0xd7, 0x9f, 0xb5, 0x97, 0xff, 0xf1, 0x67, 0xbf, 0x92, 0xce, 0xe3, 0xbf,
-    0x13, 0x9d, 0x65, 0x62, 0x2c, 0x58, 0x8b, 0x86, 0xb7, 0xfc, 0xd2, 0x6e,
-    0x75, 0x26, 0x25, 0x97, 0xf8, 0x0d, 0x2d, 0x69, 0x8c, 0x59, 0x5a, 0x3e,
-    0xc2, 0x38, 0xbe, 0x63, 0xc4, 0xcb, 0x2f, 0xfe, 0xe3, 0x74, 0x59, 0x36,
-    0xa3, 0xdc, 0x59, 0x7d, 0x9b, 0x06, 0x4b, 0x2f, 0x9b, 0x51, 0xb2, 0xca,
-    0x64, 0x66, 0xcc, 0x42, 0x02, 0x23, 0x11, 0x44, 0x23, 0xbf, 0xfb, 0x91,
-    0x28, 0x9b, 0x9f, 0xcd, 0xfc, 0x59, 0x7c, 0xfa, 0x7e, 0x96, 0x5f, 0xc0,
-    0xd9, 0xe5, 0x1b, 0x8b, 0x2f, 0xd3, 0xa2, 0x68, 0x31, 0x65, 0xe1, 0x8e,
-    0x16, 0x5c, 0xc4, 0xb2, 0x8d, 0x45, 0x7f, 0x44, 0x47, 0x31, 0x09, 0x58,
-    0x83, 0x95, 0x09, 0xc7, 0xb2, 0x63, 0xc3, 0xda, 0xfb, 0x51, 0x87, 0x59,
-    0x76, 0x18, 0xb2, 0x93, 0x88, 0x61, 0x7f, 0x70, 0x48, 0xd4, 0x1d, 0x38,
-    0x86, 0x14, 0x9c, 0x43, 0x0a, 0x4e, 0x21, 0x85, 0x27, 0x10, 0xc2, 0x93,
-    0x88, 0x61, 0x52, 0x45, 0xcb, 0x0c, 0x80, 0xf0, 0x23, 0x33, 0xe3, 0x3b,
-    0xa3, 0x37, 0x7f, 0x13, 0x88, 0x61, 0x7f, 0x3b, 0xfa, 0x68, 0x3a, 0x71,
-    0x0c, 0x27, 0x1a, 0x4b, 0x0a, 0xd3, 0x88, 0x61, 0x49, 0xc4, 0x30, 0xa4,
-    0xe2, 0x18, 0x54, 0x8d, 0x93, 0x0c, 0xd2, 0x71, 0x0c, 0x29, 0x38, 0x86,
-    0x14, 0x9c, 0x43, 0x0a, 0x4e, 0x21, 0x85, 0x27, 0x10, 0xc2, 0x93, 0x88,
-    0x61, 0x5b, 0x22, 0x58, 0x63, 0x2c, 0x32, 0x01, 0x9e, 0x0c, 0xef, 0x19,
-    0xa4, 0xe2, 0x18, 0x52, 0x71, 0x0c, 0x2a, 0x46, 0xcb, 0x83, 0x34, 0x9c,
-    0x43, 0x0a, 0x4e, 0x21, 0x85, 0x27, 0x10, 0xc2, 0x93, 0x88, 0x61, 0x52,
-    0x3e, 0x40, 0x0c, 0xf8, 0x67, 0x74, 0x66, 0x93, 0x88, 0x61, 0x49, 0xc4,
-    0x30, 0xa4, 0xe2, 0x18, 0x52, 0x71, 0x0c, 0x2b, 0x63, 0xe4, 0x34, 0x67,
-    0x43, 0x3f, 0x19, 0xb1, 0xa9, 0xc4, 0x30, 0xa4, 0xe2, 0x18, 0x52, 0x71,
-    0x0c, 0x29, 0x38, 0x86, 0x14, 0x9c, 0x43, 0x0a, 0x19, 0xf2, 0x74, 0x32,
-    0x01, 0x90, 0x8c, 0xd2, 0x71, 0x0c, 0x29, 0x38, 0x86, 0x14, 0x9c, 0x43,
-    0x0b, 0xf7, 0xe0, 0x1c, 0xc4, 0xe2, 0x18, 0x52, 0x71, 0x0c, 0x2a, 0x48,
-    0x99, 0xec, 0x67, 0xe3, 0x2e, 0x32, 0x03, 0x5b, 0x76, 0x9c, 0x43, 0x0a,
+    0xfb, 0x5d, 0x3b, 0xf4, 0xa8, 0x89, 0x57, 0xbc, 0xda, 0x59, 0x7f, 0xcf,
+    0x0c, 0xd6, 0x7f, 0xb8, 0xd6, 0x5f, 0xf3, 0x0f, 0x0a, 0x0d, 0xe1, 0x2c,
+    0xb0, 0x4c, 0x46, 0x1c, 0x46, 0xc7, 0x1c, 0xf9, 0xd5, 0xc1, 0x43, 0x56,
+    0x5c, 0x01, 0x2c, 0xbd, 0x02, 0xdc, 0x59, 0x77, 0x7f, 0x59, 0x7f, 0xfd,
+    0x3e, 0x98, 0x13, 0x9b, 0xdc, 0x27, 0x3e, 0xb2, 0xff, 0xb0, 0xfd, 0xfd,
+    0xbd, 0x9b, 0xab, 0x2d, 0xc5, 0x94, 0x33, 0xcd, 0x73, 0xcb, 0xe1, 0x6e,
+    0x8e, 0x56, 0x54, 0x11, 0xf4, 0x31, 0x86, 0x84, 0xe7, 0x88, 0x6f, 0xf6,
+    0x18, 0x53, 0xff, 0x32, 0xcb, 0xde, 0x76, 0x59, 0x7f, 0xf8, 0x41, 0x7e,
+    0x75, 0xe6, 0xf4, 0xe6, 0xa0, 0xb2, 0xff, 0xb3, 0xc1, 0xc5, 0xc6, 0xec,
+    0xc5, 0x95, 0x28, 0x8c, 0x24, 0xfb, 0x12, 0xcb, 0xfd, 0x02, 0xcd, 0xe5,
+    0x9c, 0x59, 0x58, 0x78, 0x6e, 0x21, 0x7f, 0xf0, 0x8f, 0xe2, 0xce, 0xfe,
+    0x4f, 0xe5, 0x97, 0xff, 0xe8, 0x13, 0xfd, 0xcf, 0xc9, 0x1c, 0xfa, 0x60,
+    0xb2, 0xb8, 0x89, 0x70, 0xd1, 0x2e, 0xce, 0x2c, 0xbc, 0xef, 0xd2, 0xa2,
+    0x2d, 0x54, 0x0f, 0x8f, 0x09, 0x3a, 0x16, 0xbf, 0xff, 0xbc, 0xf8, 0x4f,
+    0xfe, 0x73, 0xaf, 0x36, 0xf9, 0xe2, 0xcb, 0xef, 0x93, 0x9a, 0xb2, 0xfd,
+    0x3a, 0xce, 0xfe, 0xb2, 0xcd, 0xa4, 0x53, 0x79, 0x70, 0x04, 0x57, 0xe6,
+    0x37, 0xfa, 0x95, 0x97, 0x6b, 0x8b, 0x2f, 0xc6, 0x4e, 0xf7, 0xf2, 0xcb,
+    0xfd, 0xf7, 0x3b, 0xc1, 0xf4, 0xb2, 0xa4, 0xf7, 0x18, 0xaa, 0xf7, 0x03,
+    0xfa, 0xca, 0x1a, 0xaf, 0xdd, 0x46, 0x35, 0xe8, 0x6a, 0x91, 0xaf, 0x0a,
+    0x37, 0xb9, 0x86, 0x41, 0x77, 0xfe, 0xb2, 0xff, 0xf8, 0x5f, 0xe0, 0xfd,
+    0x3c, 0x9f, 0x0a, 0x78, 0xb2, 0xff, 0xf9, 0xfd, 0x85, 0xad, 0x67, 0x70,
+    0xfb, 0x1d, 0x65, 0x41, 0x16, 0xc6, 0x8b, 0x89, 0x42, 0xee, 0xa5, 0x65,
+    0xf1, 0xd8, 0xce, 0x2c, 0xbf, 0xfc, 0x6b, 0x6b, 0xfd, 0xf4, 0xd8, 0x64,
+    0x23, 0x59, 0x47, 0x3f, 0x2f, 0x91, 0xdf, 0xf3, 0x86, 0x59, 0x16, 0xa4,
+    0xc5, 0x94, 0xc7, 0xb8, 0x22, 0x2b, 0x88, 0xc5, 0x95, 0x89, 0x8e, 0xfa,
+    0x1c, 0xa6, 0x10, 0xdf, 0xc7, 0x6e, 0xf9, 0x3d, 0xac, 0xbf, 0xfa, 0x70,
+    0xbe, 0x27, 0x1f, 0x24, 0xd5, 0x97, 0xf4, 0x8f, 0xbe, 0x4c, 0x4b, 0x2a,
+    0x51, 0x43, 0x02, 0xfe, 0x21, 0xdc, 0xfb, 0xd6, 0x5f, 0x4f, 0x47, 0x12,
+    0xca, 0x63, 0x76, 0x43, 0x17, 0xb4, 0xdd, 0xac, 0xa1, 0x9b, 0xcf, 0x8f,
+    0xdf, 0xbb, 0x1e, 0x9e, 0x0b, 0x2f, 0xf0, 0x80, 0x59, 0x18, 0x70, 0x59,
+    0x7f, 0xa7, 0xfc, 0x38, 0xa6, 0x35, 0x95, 0x28, 0x92, 0xf1, 0x49, 0x1a,
+    0xdf, 0xf8, 0xbf, 0xec, 0x81, 0x93, 0xdf, 0x16, 0x5f, 0xfa, 0x7b, 0xe7,
+    0xda, 0x38, 0xdb, 0xeb, 0x2e, 0x1c, 0xac, 0xa9, 0x44, 0xbe, 0x90, 0x09,
+    0x06, 0xf3, 0x01, 0xd6, 0x5f, 0xe6, 0xde, 0xdb, 0xce, 0xdf, 0x59, 0x61,
+    0xac, 0xbf, 0xdc, 0x9d, 0x45, 0x13, 0x79, 0x65, 0x0c, 0xf1, 0xb8, 0x23,
+    0x7f, 0x6a, 0x4f, 0x84, 0x75, 0x97, 0xf8, 0x9b, 0x8c, 0x5d, 0xc1, 0x65,
+    0x68, 0xf7, 0x8c, 0x2c, 0xb9, 0xa3, 0x59, 0x78, 0xe0, 0x65, 0x97, 0xf6,
+    0x9f, 0x8f, 0x9e, 0x59, 0x6f, 0xb9, 0xe4, 0x08, 0x72, 0xe9, 0xdc, 0x59,
+    0x43, 0x44, 0xfb, 0x2f, 0x9c, 0x9e, 0xa5, 0x3e, 0xdc, 0x7c, 0x68, 0x40,
+    0x3c, 0x30, 0xaf, 0xf8, 0xf9, 0xad, 0x36, 0xf7, 0xe9, 0x65, 0xff, 0xdd,
+    0x6a, 0x4d, 0x92, 0xfe, 0xc3, 0xd8, 0x7b, 0x12, 0xcb, 0xc1, 0x52, 0x1a,
+    0xcb, 0xfb, 0x59, 0xe6, 0xec, 0x96, 0x5f, 0x1a, 0x09, 0xfa, 0xcb, 0x7a,
+    0x4f, 0x41, 0x8b, 0x6f, 0xef, 0x10, 0x9c, 0xde, 0x96, 0x5f, 0xd3, 0xac,
+    0x1b, 0xc1, 0x65, 0x0d, 0x10, 0x2c, 0x4c, 0x19, 0x7d, 0xc5, 0xc5, 0x95,
+    0x29, 0xc7, 0x0d, 0x5f, 0x21, 0xe2, 0x46, 0x17, 0xfd, 0xd0, 0x7f, 0x68,
+    0x19, 0x9e, 0x59, 0x7f, 0xc5, 0x39, 0x1f, 0xf9, 0x91, 0xac, 0xbf, 0xfd,
+    0xfe, 0x64, 0x45, 0x27, 0xd6, 0xa7, 0xb5, 0x97, 0xfc, 0x20, 0xb8, 0xf3,
+    0xfc, 0xcf, 0x2c, 0xb7, 0xe5, 0x11, 0x0e, 0x97, 0x7f, 0xdd, 0x61, 0x64,
+    0x71, 0x88, 0x96, 0x5b, 0x71, 0x65, 0xf6, 0xb9, 0x86, 0x2c, 0xbf, 0x11,
+    0x4f, 0x61, 0xc9, 0xb7, 0xc1, 0x4b, 0xf9, 0xb9, 0xad, 0x4c, 0x16, 0x5f,
+    0xfe, 0xf8, 0xb4, 0xfc, 0xfb, 0x6c, 0xe0, 0x25, 0x65, 0x2c, 0x63, 0xcc,
+    0xae, 0x91, 0x28, 0xef, 0x37, 0xff, 0xec, 0x07, 0x1b, 0xb3, 0x33, 0xa9,
+    0x21, 0x3c, 0x16, 0x5f, 0xf1, 0x7f, 0x9f, 0xcc, 0x33, 0x8b, 0x2e, 0x7f,
+    0x2c, 0xac, 0x3c, 0xfe, 0xce, 0x6f, 0xff, 0xd1, 0x42, 0x41, 0xac, 0xea,
+    0x60, 0xda, 0x6e, 0x2c, 0xa9, 0x3f, 0x8c, 0x22, 0xbf, 0x67, 0x82, 0x81,
+    0x60, 0x5a, 0x59, 0x52, 0xaf, 0xf0, 0x67, 0x99, 0x0c, 0x1e, 0x89, 0xd9,
+    0xc7, 0xd0, 0xd0, 0x22, 0x3f, 0xc6, 0x3a, 0x61, 0x05, 0xff, 0xb3, 0xee,
+    0x40, 0x73, 0x9d, 0x96, 0x5e, 0xe9, 0xa3, 0x59, 0x7f, 0xff, 0xe1, 0x7b,
+    0x07, 0xff, 0x61, 0xf3, 0xde, 0x76, 0xfc, 0xff, 0x8b, 0x2f, 0x9b, 0x98,
+    0x4b, 0x2a, 0x08, 0xe5, 0xec, 0xf1, 0x87, 0xb8, 0xd7, 0x78, 0xdc, 0xdd,
+    0x59, 0x76, 0xee, 0xea, 0xcb, 0xb3, 0xb4, 0x96, 0x94, 0x96, 0x06, 0x8d,
+    0x38, 0x05, 0xef, 0xf7, 0xf3, 0x40, 0x3b, 0x71, 0x20, 0x43, 0x4f, 0x7f,
+    0x43, 0xcd, 0xbf, 0x22, 0x59, 0x52, 0x7e, 0xae, 0x8b, 0x7e, 0xde, 0x53,
+    0xdf, 0x16, 0x5f, 0xf0, 0xf9, 0xcc, 0xd0, 0xfd, 0x8b, 0x2f, 0xef, 0x37,
+    0x52, 0x76, 0x59, 0x7f, 0xa4, 0x11, 0xbc, 0x27, 0x71, 0x65, 0xff, 0xfd,
+    0xc6, 0xff, 0xb0, 0x79, 0xd4, 0xfd, 0x8b, 0x3b, 0x59, 0x52, 0x8b, 0xd2,
+    0x2d, 0xf9, 0xb5, 0xff, 0xf8, 0xb0, 0x0e, 0x40, 0x0c, 0xff, 0x13, 0xc7,
+    0x2b, 0x2b, 0x13, 0xa3, 0x62, 0xa2, 0x87, 0xb7, 0xcb, 0xac, 0x10, 0x28,
+    0xdc, 0x32, 0xec, 0x43, 0x81, 0x68, 0x5e, 0x63, 0x19, 0x8d, 0x06, 0x06,
+    0x43, 0x85, 0x3e, 0x4b, 0x61, 0x36, 0x32, 0x9e, 0xa3, 0x4e, 0xee, 0x1a,
+    0xed, 0x0a, 0x68, 0xa1, 0x67, 0xa8, 0x62, 0x9c, 0xbb, 0xd2, 0x82, 0x1d,
+    0x10, 0xa3, 0xc9, 0xe4, 0xe1, 0xe7, 0xe3, 0x73, 0x11, 0xe9, 0x84, 0x1b,
+    0x30, 0xe0, 0x0e, 0x3c, 0x3b, 0xff, 0xff, 0x9c, 0xe1, 0x1b, 0x5a, 0x16,
+    0xb5, 0x25, 0x86, 0xb7, 0xbd, 0x81, 0xac, 0xbe, 0xd0, 0xbf, 0x8b, 0x2f,
+    0xfe, 0x34, 0xcd, 0xc8, 0xc7, 0xb1, 0xed, 0xdb, 0xed, 0x95, 0x97, 0xe9,
+    0x8d, 0xf5, 0xd2, 0xcb, 0x9b, 0x7a, 0xcb, 0xd3, 0xfe, 0x2c, 0xbd, 0xc1,
+    0x1f, 0x47, 0xba, 0x02, 0x92, 0x18, 0xad, 0x86, 0x8f, 0x66, 0x85, 0xb5,
+    0xfe, 0xc0, 0x73, 0x3a, 0x71, 0xac, 0xbf, 0x13, 0x99, 0xce, 0x2c, 0xac,
+    0x3d, 0xbd, 0x19, 0xdf, 0x74, 0xef, 0xd2, 0xa2, 0xa2, 0x5e, 0x36, 0x78,
+    0xb2, 0xfe, 0xf4, 0xfe, 0x7b, 0x31, 0x65, 0xf1, 0x41, 0x8e, 0xb2, 0xfd,
+    0x0c, 0x26, 0x1a, 0xca, 0xc4, 0x49, 0xb0, 0xeb, 0x97, 0xfc, 0x86, 0xb4,
+    0x8f, 0xd3, 0xc3, 0x0e, 0xfb, 0xd9, 0xac, 0x59, 0x79, 0xa2, 0xdd, 0x59,
+    0x52, 0x78, 0x3e, 0x21, 0xbf, 0x74, 0xfe, 0x9f, 0x2c, 0xbf, 0xff, 0x84,
+    0x4e, 0x6e, 0xdf, 0x9b, 0x25, 0x0c, 0xf3, 0x1d, 0x65, 0xc2, 0x0d, 0x65,
+    0xe1, 0xc9, 0xd6, 0x5f, 0x1a, 0x19, 0x74, 0xb2, 0x86, 0x78, 0x26, 0x8e,
+    0x5f, 0xff, 0x42, 0x3d, 0x87, 0x3b, 0x04, 0x7d, 0x6b, 0x6e, 0xdf, 0x6c,
+    0xac, 0xa9, 0x47, 0x1b, 0x2c, 0x80, 0x8e, 0xfd, 0xa6, 0xe9, 0xb7, 0xac,
+    0xbe, 0x1c, 0xe1, 0x2c, 0xbf, 0x39, 0xb9, 0xe7, 0x59, 0x58, 0x78, 0xe2,
+    0x20, 0xbf, 0xff, 0x84, 0x4e, 0x6e, 0xdf, 0x9b, 0x25, 0x0c, 0xf3, 0x1d,
+    0x65, 0xf6, 0xb5, 0x9b, 0x2b, 0x28, 0xe8, 0x82, 0x75, 0xdb, 0xfd, 0x25,
+    0x01, 0xf9, 0x8e, 0xb2, 0xff, 0xff, 0xd9, 0xfc, 0xfe, 0x68, 0x07, 0x78,
+    0x4f, 0x1b, 0x8d, 0xdf, 0xd6, 0x51, 0xa8, 0x9d, 0xe1, 0x95, 0xff, 0xf9,
+    0xe0, 0x53, 0xcc, 0xef, 0xa2, 0x7c, 0xef, 0xa5, 0x97, 0xe9, 0x33, 0x3c,
+    0xeb, 0x2f, 0x0d, 0xb7, 0xac, 0xb0, 0x49, 0x5f, 0x70, 0x84, 0x63, 0x03,
+    0x84, 0x46, 0x46, 0x3d, 0xd3, 0x4b, 0x10, 0x9c, 0xa3, 0xd1, 0xa0, 0x39,
+    0x71, 0x38, 0xf2, 0x14, 0x7f, 0x85, 0xfe, 0xf2, 0x40, 0xd5, 0xb7, 0x49,
+    0xef, 0xdc, 0x13, 0x90, 0x16, 0x5f, 0x61, 0x37, 0xd6, 0x5e, 0xc3, 0x84,
+    0xf9, 0xe3, 0xec, 0x93, 0xdf, 0xf7, 0x9b, 0x5e, 0x7e, 0x60, 0x6b, 0x2e,
+    0x19, 0x2c, 0xbf, 0x45, 0x3e, 0x14, 0x6b, 0x2f, 0xcf, 0x0f, 0xb4, 0x6b,
+    0x2b, 0x0f, 0x49, 0x8a, 0xaf, 0x3f, 0xd9, 0x65, 0xd2, 0x13, 0x11, 0xb9,
+    0xd9, 0xcf, 0x9a, 0x38, 0x41, 0x43, 0x4d, 0x7b, 0x91, 0x8a, 0x5e, 0xc3,
+    0x31, 0x65, 0xe1, 0x4c, 0x6b, 0x2e, 0x17, 0x96, 0x5f, 0xcf, 0x0e, 0xf9,
+    0x31, 0xac, 0xbf, 0xe7, 0xec, 0xb3, 0x7e, 0x9b, 0x8b, 0x2f, 0xcd, 0x30,
+    0x78, 0x2c, 0xa8, 0xd1, 0x4c, 0x31, 0x73, 0x97, 0xf8, 0xea, 0xfe, 0xc8,
+    0xc7, 0x38, 0x35, 0x97, 0xc3, 0xf3, 0x44, 0xb2, 0xb0, 0xf4, 0x1c, 0xb6,
+    0xfc, 0x4f, 0xbb, 0x91, 0xac, 0xbc, 0x63, 0xf9, 0x65, 0xd2, 0x35, 0x95,
+    0x26, 0xcf, 0xc3, 0xb7, 0xfc, 0xe5, 0xfe, 0x6b, 0x24, 0xeb, 0x2f, 0xcc,
+    0x44, 0x2d, 0xc5, 0x97, 0xfd, 0xcc, 0x1e, 0x6a, 0x13, 0xa5, 0x95, 0x27,
+    0xc3, 0xa2, 0x9b, 0x46, 0xb2, 0xa4, 0xd9, 0xe1, 0x0d, 0xf7, 0x53, 0xa3,
+    0x56, 0x5f, 0xa0, 0xff, 0x83, 0xac, 0xbe, 0x90, 0x02, 0x56, 0x54, 0x9e,
+    0x41, 0x13, 0xdf, 0xf1, 0x0f, 0x34, 0x37, 0x71, 0xac, 0xb0, 0x96, 0x54,
+    0x9e, 0x43, 0x9b, 0xd8, 0x96, 0x5f, 0xa3, 0xd3, 0xbf, 0xd6, 0x53, 0x1b,
+    0x87, 0x10, 0xb8, 0xe3, 0x59, 0x7d, 0xe6, 0xf0, 0x40, 0xaa, 0xe2, 0xb0,
+    0xc7, 0x32, 0x18, 0x66, 0xc2, 0x3b, 0xa2, 0x08, 0x97, 0x4e, 0x41, 0xe8,
+    0x65, 0xf0, 0x7f, 0xed, 0x86, 0x34, 0x6c, 0xac, 0x6e, 0x8f, 0xde, 0xe6,
+    0x12, 0xcb, 0xf6, 0xba, 0x77, 0xe9, 0x51, 0x5e, 0xaf, 0xcd, 0xbb, 0xd0,
+    0xa3, 0x59, 0x68, 0x2c, 0xb1, 0xd6, 0x54, 0x9a, 0x27, 0x11, 0xba, 0x40,
+    0xb2, 0xf7, 0xa7, 0xb5, 0x97, 0xd9, 0xf6, 0x8d, 0x65, 0xfd, 0x18, 0x7b,
+    0x2e, 0x40, 0x59, 0x7f, 0xe7, 0x20, 0x67, 0xe4, 0x98, 0x0b, 0x2a, 0x4f,
+    0xb7, 0x64, 0xca, 0xc1, 0x20, 0x9d, 0x2e, 0x0d, 0xe8, 0xd9, 0xd3, 0xc0,
+    0x3e, 0x21, 0x6d, 0x91, 0xd0, 0xe1, 0x1f, 0x7f, 0xf0, 0x47, 0x80, 0x4c,
+    0xd7, 0x4e, 0xfd, 0x2a, 0x24, 0x65, 0xff, 0xe0, 0x87, 0x78, 0x04, 0xcd,
+    0x74, 0xef, 0xd2, 0xa2, 0x78, 0x5f, 0xfe, 0x08, 0x77, 0x80, 0x4c, 0xd7,
+    0x4e, 0xfd, 0x2a, 0x27, 0xf5, 0xff, 0xe0, 0x87, 0x78, 0x04, 0xcd, 0x74,
+    0xef, 0xd2, 0xa2, 0x86, 0x5f, 0xf9, 0xe0, 0x13, 0x35, 0xd3, 0xbf, 0x4a,
+    0x8a, 0x21, 0x7f, 0x3f, 0x41, 0x00, 0xd1, 0xac, 0xa3, 0x9f, 0xfe, 0xf4,
+    0xeb, 0xff, 0x40, 0x20, 0xb9, 0xb6, 0x79, 0x30, 0x59, 0x41, 0x0f, 0x9e,
+    0x49, 0x2f, 0xfd, 0x13, 0x7b, 0xbc, 0xf8, 0xf0, 0xeb, 0x2f, 0xff, 0x38,
+    0x41, 0xb9, 0x3f, 0x5b, 0x43, 0x73, 0xac, 0xbf, 0x9b, 0xed, 0xa7, 0x02,
+    0xcb, 0xec, 0xfe, 0x01, 0x65, 0xf8, 0x84, 0xf0, 0xe2, 0xcb, 0x1d, 0x65,
+    0xff, 0x6f, 0xce, 0xe1, 0xa7, 0x78, 0x2c, 0xbc, 0x4e, 0x12, 0x08, 0xc0,
+    0x22, 0xcf, 0x90, 0xec, 0x93, 0x86, 0x23, 0x7e, 0x1c, 0x94, 0xf9, 0x65,
+    0xff, 0xfb, 0xd8, 0x58, 0x6f, 0x9e, 0x1e, 0x31, 0xc3, 0x3a, 0xcb, 0xee,
+    0x9d, 0xfa, 0x54, 0x52, 0x2a, 0x82, 0x21, 0xf4, 0xaf, 0x7e, 0x17, 0xca,
+    0x7c, 0xb2, 0xff, 0xef, 0x6f, 0x7d, 0x71, 0xfd, 0xc9, 0x8d, 0x65, 0xff,
+    0xcf, 0xdf, 0x3c, 0x64, 0x83, 0x68, 0x67, 0x59, 0x7f, 0xa1, 0x3a, 0x8e,
+    0x75, 0x1a, 0xcb, 0x09, 0x65, 0x49, 0xe3, 0x00, 0xd6, 0xff, 0xf1, 0x67,
+    0xbe, 0x52, 0x0c, 0x27, 0x82, 0xcb, 0xfc, 0x52, 0x7e, 0x03, 0xee, 0xb2,
+    0xff, 0x3f, 0xce, 0xdf, 0xf3, 0x2c, 0xbc, 0xf0, 0x09, 0x2a, 0xa6, 0x72,
+    0x15, 0xb1, 0x11, 0xb9, 0x38, 0x11, 0xca, 0x12, 0x1c, 0x21, 0xfa, 0x30,
+    0x66, 0x57, 0xc1, 0x27, 0x0e, 0xb2, 0xff, 0xfc, 0x10, 0x3e, 0xb3, 0xf2,
+    0x5f, 0xe3, 0x90, 0xb1, 0x65, 0x31, 0xfd, 0x6f, 0x23, 0xbf, 0xfd, 0x00,
+    0x9a, 0x70, 0x3f, 0xdb, 0x58, 0x75, 0x97, 0xfe, 0xef, 0x90, 0x6e, 0x72,
+    0x75, 0x05, 0x97, 0xfc, 0xdd, 0x49, 0xf9, 0xf9, 0x82, 0xcb, 0xbd, 0x8b,
+    0x2e, 0x93, 0x16, 0x5f, 0xc2, 0xd0, 0x36, 0x8e, 0x25, 0x96, 0x09, 0x04,
+    0x4c, 0x0c, 0xe7, 0xc2, 0xdc, 0x17, 0xa7, 0x4c, 0x74, 0x10, 0xd8, 0xbf,
+    0xa1, 0x9e, 0xf3, 0xc1, 0x65, 0xff, 0xf3, 0x44, 0x13, 0xfe, 0x67, 0x04,
+    0x88, 0x2f, 0x2b, 0x2f, 0xfd, 0xd0, 0x41, 0xb6, 0xd7, 0x2e, 0xa5, 0x65,
+    0x62, 0x26, 0x1d, 0x56, 0xff, 0xfe, 0xc1, 0xfa, 0x43, 0x09, 0xf2, 0x70,
+    0x73, 0x92, 0x04, 0x96, 0x09, 0x2c, 0x85, 0x11, 0xa0, 0x75, 0x18, 0x71,
+    0xe5, 0x7c, 0x7a, 0x31, 0x57, 0x23, 0x04, 0x6d, 0x1f, 0x28, 0xdf, 0x0c,
+    0x5d, 0x92, 0x1b, 0xdc, 0xce, 0x2c, 0xbe, 0x16, 0xe8, 0xe5, 0x65, 0x76,
+    0x78, 0x3e, 0x1c, 0xbf, 0xfe, 0xf4, 0xf9, 0x8d, 0xe7, 0x30, 0x81, 0xb3,
+    0x8b, 0x2f, 0xba, 0x77, 0xe9, 0x51, 0x28, 0x2f, 0xfd, 0x20, 0x3b, 0xc3,
+    0xd2, 0xfa, 0x59, 0x50, 0x45, 0xfe, 0x94, 0x88, 0xc2, 0xff, 0xf7, 0x9a,
+    0x33, 0x8b, 0x40, 0xe7, 0x1c, 0x6b, 0x2f, 0xfb, 0xd3, 0xa8, 0x9b, 0xd3,
+    0x12, 0xcb, 0xfc, 0xe6, 0x16, 0x02, 0x40, 0xb2, 0xff, 0x60, 0xf0, 0x72,
+    0x5f, 0x59, 0x44, 0x7c, 0x7c, 0x32, 0xbf, 0x40, 0x9a, 0x4d, 0x59, 0x7f,
+    0xf3, 0xff, 0x81, 0x90, 0xa0, 0x58, 0x75, 0x94, 0xe7, 0xd6, 0x44, 0xf7,
+    0xff, 0x3f, 0x7c, 0x8f, 0x0c, 0x11, 0x4f, 0x16, 0x5f, 0xf7, 0x24, 0xf9,
+    0xf7, 0x10, 0x5d, 0x65, 0xfe, 0x9e, 0x0f, 0x4c, 0x28, 0xd6, 0x5b, 0x3e,
+    0x7e, 0x1b, 0xcf, 0x2e, 0xd4, 0xac, 0xbf, 0xd0, 0x0e, 0x18, 0x09, 0x82,
+    0xca, 0x19, 0xe5, 0x68, 0x5a, 0xfa, 0x0d, 0xa8, 0x2c, 0xbc, 0xe3, 0xc5,
+    0x95, 0x87, 0xbf, 0x11, 0x17, 0x08, 0xaf, 0xfa, 0x19, 0xe2, 0xcf, 0xf9,
+    0x96, 0x5f, 0xfe, 0x78, 0xdb, 0x5a, 0x6e, 0xe1, 0xf7, 0xed, 0x65, 0xff,
+    0xff, 0xf7, 0xd8, 0x85, 0x0c, 0xe1, 0x64, 0x61, 0xc3, 0xe6, 0xb7, 0x7c,
+    0x1e, 0x12, 0xcb, 0xde, 0xf9, 0xd6, 0x5f, 0x04, 0x78, 0x04, 0x95, 0xd7,
+    0xcc, 0x87, 0x17, 0x45, 0xec, 0x99, 0x14, 0x27, 0x4f, 0x08, 0xc0, 0x10,
+    0x14, 0x2d, 0xb9, 0x0d, 0x2f, 0x97, 0xec, 0x9b, 0x86, 0x99, 0xba, 0xff,
+    0x51, 0xbb, 0xe9, 0xf8, 0x57, 0x15, 0x43, 0x8e, 0xeb, 0xa9, 0xfe, 0x46,
+    0x95, 0x3f, 0xb9, 0x39, 0x01, 0xa9, 0x51, 0xe7, 0x84, 0x0f, 0x95, 0x80,
+    0xb8, 0x17, 0x5c, 0xe4, 0x68, 0x42, 0xa4, 0x3a, 0x6e, 0xcf, 0x3b, 0x5f,
+    0xfe, 0x08, 0x77, 0x80, 0x4c, 0xd7, 0x4e, 0xfd, 0x2a, 0x27, 0x35, 0xff,
+    0xe0, 0x87, 0x78, 0x04, 0xcd, 0x74, 0xef, 0xd2, 0xa2, 0x89, 0x5c, 0x16,
+    0x46, 0xb2, 0xff, 0x84, 0xfa, 0x80, 0x59, 0xbc, 0x0c, 0xb2, 0xf3, 0x77,
+    0xc5, 0x97, 0x8a, 0x4e, 0xb2, 0xff, 0x89, 0xfb, 0xfb, 0xfe, 0x0e, 0xb2,
+    0xfe, 0xf6, 0x67, 0xfd, 0x8b, 0x2a, 0x34, 0x4e, 0x30, 0xe8, 0x06, 0xfe,
+    0x71, 0x76, 0xf9, 0x59, 0x7f, 0x0f, 0x53, 0xbd, 0xb7, 0xac, 0xbe, 0xe1,
+    0xe7, 0x8b, 0x2f, 0xdc, 0x8a, 0x0c, 0x05, 0x95, 0x87, 0x96, 0xc4, 0x57,
+    0xff, 0x4f, 0x79, 0xf6, 0xec, 0xcc, 0xef, 0xeb, 0x2f, 0xec, 0x18, 0x63,
+    0x73, 0xac, 0xbf, 0xff, 0x61, 0x43, 0x6e, 0x0d, 0xb9, 0xdf, 0xc4, 0xfc,
+    0x59, 0x7f, 0xa6, 0x30, 0xf6, 0x5c, 0x80, 0xb2, 0xe8, 0x04, 0xd8, 0xd5,
+    0x76, 0x8c, 0x77, 0x21, 0xb9, 0xd1, 0xeb, 0x0c, 0x79, 0xf3, 0xe4, 0x1b,
+    0xd1, 0xcc, 0x2e, 0x0d, 0x5e, 0xfe, 0xe1, 0x6d, 0x0a, 0x0d, 0x96, 0x5f,
+    0xf8, 0xb0, 0x12, 0x0d, 0x6a, 0x4c, 0x59, 0x60, 0x92, 0x7e, 0x3c, 0x33,
+    0xad, 0x26, 0x84, 0x08, 0xc6, 0x6b, 0x4b, 0xa2, 0x3c, 0x5c, 0x14, 0xe4,
+    0x5d, 0xfb, 0x5d, 0x3b, 0xf4, 0xa8, 0x87, 0x17, 0xf0, 0xba, 0xd3, 0x49,
+    0x2c, 0xbf, 0x31, 0x7e, 0x4e, 0xb2, 0xc1, 0x31, 0x11, 0x3e, 0x36, 0xd9,
+    0x2d, 0xbf, 0xf3, 0x0f, 0x0e, 0x59, 0xdf, 0xdd, 0x65, 0xfe, 0xd6, 0x75,
+    0xe9, 0xee, 0x0b, 0x2c, 0x62, 0xca, 0x93, 0xc7, 0xc3, 0x5a, 0x59, 0x7f,
+    0xf1, 0x39, 0xbd, 0x79, 0xb5, 0xa9, 0x31, 0x65, 0xf4, 0x63, 0x98, 0xd6,
+    0x5f, 0xfd, 0xd7, 0xa4, 0xd6, 0xe0, 0x5b, 0xd8, 0x9f, 0xcb, 0x2c, 0x25,
+    0x97, 0xf4, 0xff, 0xd3, 0xd8, 0x16, 0x56, 0xe2, 0x24, 0x0e, 0xa3, 0xc1,
+    0x1b, 0x88, 0x96, 0x5f, 0x74, 0xef, 0xd2, 0xa2, 0x2f, 0x5f, 0xec, 0xec,
+    0x1c, 0x76, 0x8d, 0x65, 0xf8, 0x9c, 0x0f, 0xc5, 0x97, 0xec, 0x8a, 0x0f,
+    0xc5, 0x95, 0x89, 0xd7, 0x34, 0x2d, 0x22, 0x33, 0xd0, 0xa9, 0x18, 0x7c,
+    0xd0, 0x32, 0x6b, 0xfd, 0x1f, 0xb3, 0xd8, 0xd1, 0xac, 0xbd, 0x26, 0x7d,
+    0x65, 0x9f, 0x47, 0xa2, 0x46, 0x97, 0x0b, 0x71, 0x65, 0xc2, 0xd2, 0xca,
+    0x81, 0xb1, 0x71, 0xab, 0xe3, 0xf9, 0xb4, 0xb2, 0xfb, 0x75, 0x8a, 0x25,
+    0x97, 0x19, 0x12, 0xcb, 0xfb, 0x07, 0xec, 0x03, 0xac, 0xbe, 0x91, 0x05,
+    0xf8, 0xb2, 0xb1, 0x12, 0x0e, 0x4b, 0xc1, 0x93, 0x0b, 0x2f, 0xf3, 0x03,
+    0x80, 0x03, 0x7d, 0x65, 0xfa, 0x4e, 0x0e, 0x80, 0xb2, 0xb0, 0xf7, 0x18,
+    0xce, 0xe0, 0xf8, 0xb2, 0xd0, 0x59, 0x52, 0x6a, 0x5c, 0x62, 0xff, 0x03,
+    0xfc, 0xf6, 0x30, 0xd6, 0x5a, 0x35, 0x95, 0xa3, 0xc5, 0x23, 0x3b, 0xfe,
+    0xf9, 0x49, 0xc3, 0x1f, 0xa5, 0x65, 0xf9, 0xe0, 0x79, 0x82, 0xcb, 0x1d,
+    0x65, 0x4a, 0x24, 0x98, 0x87, 0xc7, 0x3f, 0x27, 0xbf, 0xd8, 0x7c, 0xeb,
+    0xa6, 0xf2, 0xcb, 0xd0, 0x78, 0x2c, 0xa6, 0x3d, 0x08, 0x8d, 0x2e, 0xe7,
+    0x6b, 0x2f, 0xbf, 0x09, 0x35, 0x25, 0xf6, 0x0f, 0xfc, 0x59, 0x58, 0x7f,
+    0xe7, 0x22, 0x71, 0x82, 0x23, 0xbf, 0xc5, 0x9d, 0xc3, 0x8c, 0x6a, 0xcb,
+    0xf7, 0xb3, 0xa7, 0x82, 0xcb, 0xf3, 0xf6, 0x27, 0xfa, 0xcb, 0xb6, 0x49,
+    0x65, 0xfc, 0x76, 0x2c, 0x3c, 0xac, 0xbe, 0x8f, 0xf9, 0xe5, 0x95, 0x87,
+    0x9c, 0xe5, 0x77, 0xfa, 0x41, 0x84, 0x2e, 0x4a, 0xcb, 0x04, 0x96, 0x46,
+    0xe4, 0x70, 0x84, 0x81, 0x00, 0xc2, 0xf2, 0x3f, 0x4e, 0xa1, 0x75, 0xda,
+    0xbb, 0x10, 0x45, 0x0b, 0x2d, 0x42, 0x60, 0xe9, 0x3e, 0x87, 0xb1, 0x46,
+    0x15, 0xc3, 0x9f, 0x9a, 0x08, 0xa3, 0x79, 0x46, 0xcb, 0x38, 0x64, 0x17,
+    0xfc, 0xfd, 0x04, 0x86, 0x6b, 0x20, 0xb2, 0xff, 0xff, 0xf8, 0x9c, 0x26,
+    0x08, 0x2e, 0xc6, 0xb7, 0xfd, 0x8d, 0x0e, 0x6d, 0xc3, 0x66, 0x0b, 0x2f,
+    0xd9, 0xc3, 0x8e, 0x56, 0x5f, 0xf9, 0xe0, 0x13, 0x35, 0xd3, 0xbf, 0x4a,
+    0x89, 0x91, 0x60, 0x91, 0xa6, 0x69, 0xd1, 0xde, 0xa1, 0x08, 0x72, 0x7b,
+    0xf0, 0x4f, 0x3b, 0x9d, 0x65, 0xef, 0xe1, 0xd6, 0x5d, 0xe3, 0xac, 0xbf,
+    0x6b, 0xa7, 0x7e, 0x95, 0x16, 0xf2, 0xc1, 0x24, 0xfa, 0x46, 0x39, 0x82,
+    0xf7, 0xc1, 0x36, 0x70, 0x96, 0x5c, 0xfb, 0xab, 0x2f, 0xf0, 0x24, 0x62,
+    0x7d, 0x41, 0x65, 0xff, 0x9e, 0x01, 0x33, 0x5d, 0x3b, 0xf4, 0xa8, 0xa4,
+    0xd6, 0x09, 0x88, 0x9a, 0x61, 0x93, 0x99, 0xdc, 0x14, 0xd8, 0x16, 0x5f,
+    0xfb, 0x0b, 0x3f, 0xa6, 0x37, 0xc2, 0x59, 0x63, 0xac, 0xbf, 0xe1, 0x3f,
+    0x7a, 0xd0, 0xa2, 0xe2, 0xca, 0x81, 0xe6, 0xf0, 0x46, 0xe3, 0xf6, 0xb2,
+    0xfe, 0xcf, 0x94, 0xc9, 0xd6, 0x5f, 0xdd, 0x80, 0x3d, 0x38, 0x16, 0x5d,
+    0xe0, 0x81, 0x54, 0xd0, 0x06, 0x41, 0x90, 0x8b, 0x39, 0x17, 0x86, 0x1c,
+    0xae, 0xa5, 0x9e, 0x71, 0x0a, 0x48, 0xb6, 0x4a, 0x6b, 0xd2, 0x6f, 0x21,
+    0x25, 0xf3, 0x5d, 0xf0, 0xc0, 0x0e, 0x37, 0x6b, 0xfc, 0x13, 0x35, 0xd3,
+    0xbf, 0x4a, 0x88, 0x75, 0x7e, 0xd7, 0x4e, 0xfd, 0x2a, 0x25, 0x85, 0xf6,
+    0x00, 0xec, 0xb2, 0xfc, 0x10, 0xef, 0x00, 0x98, 0x7a, 0xfb, 0x26, 0xd7,
+    0xf8, 0x26, 0x6b, 0xa7, 0x7e, 0x95, 0x11, 0x82, 0xf1, 0x92, 0x75, 0x97,
+    0xa0, 0xc3, 0x59, 0x7e, 0x86, 0x71, 0xf8, 0xb2, 0xf6, 0x10, 0xd6, 0x58,
+    0x26, 0x1f, 0xdc, 0x43, 0xa2, 0x1c, 0x30, 0x9e, 0xff, 0xfc, 0xe0, 0xd9,
+    0xc0, 0x84, 0xff, 0x86, 0x7f, 0x06, 0xb2, 0xff, 0xfc, 0xc7, 0x6d, 0x04,
+    0xfe, 0xce, 0x7b, 0xf3, 0xd9, 0x8b, 0x28, 0x91, 0xf3, 0xc4, 0x5f, 0xac,
+    0x5f, 0x04, 0x86, 0x71, 0x65, 0xef, 0xb4, 0x4b, 0x2f, 0xff, 0xff, 0xfa,
+    0x48, 0x47, 0xd4, 0xfd, 0xba, 0x61, 0xfa, 0x7a, 0xf4, 0xc6, 0x76, 0xfb,
+    0xc4, 0xff, 0x59, 0x7c, 0xc4, 0xe0, 0x59, 0x7b, 0x0c, 0x09, 0xda, 0x2d,
+    0x79, 0x09, 0x5b, 0xfb, 0x91, 0xfb, 0x00, 0xeb, 0x2f, 0xff, 0xfa, 0x1c,
+    0x09, 0xd7, 0x9e, 0x2e, 0xbd, 0x9a, 0xd8, 0xbd, 0x11, 0xf8, 0xb2, 0xfa,
+    0x7c, 0x2f, 0xac, 0xbf, 0x67, 0xc1, 0x3d, 0x2c, 0xbf, 0xfd, 0x3f, 0x60,
+    0x4c, 0x07, 0xe9, 0x2e, 0x96, 0x5f, 0x77, 0x07, 0x25, 0x97, 0x8e, 0xdc,
+    0x59, 0x69, 0x39, 0xbe, 0x01, 0x15, 0xf3, 0x10, 0x19, 0x65, 0xf7, 0x4e,
+    0xfd, 0x2a, 0x23, 0xd5, 0x40, 0xf4, 0x34, 0x41, 0x7f, 0xfb, 0x70, 0xa5,
+    0xc6, 0xdc, 0x3c, 0x8c, 0x0b, 0x2f, 0xb8, 0xfd, 0xef, 0x59, 0x60, 0x98,
+    0x89, 0x27, 0x22, 0xfa, 0x5d, 0xff, 0xff, 0x82, 0x47, 0x31, 0x31, 0x37,
+    0x4f, 0xe7, 0x33, 0x68, 0xc8, 0x03, 0x59, 0x50, 0x45, 0x47, 0x46, 0xd7,
+    0xfd, 0xd3, 0xe9, 0xfd, 0x16, 0x7d, 0x65, 0xff, 0xe1, 0x67, 0xb0, 0x81,
+    0x85, 0xff, 0x62, 0xcb, 0xd3, 0xa8, 0x96, 0x5c, 0xe1, 0x19, 0x13, 0xc4,
+    0x75, 0xc4, 0x7b, 0xff, 0xe9, 0xee, 0x28, 0x4e, 0xa3, 0xd6, 0x9b, 0xfc,
+    0x59, 0x7f, 0xff, 0x8e, 0x11, 0xcc, 0x78, 0xd8, 0xc7, 0x0d, 0x8b, 0xf3,
+    0xc5, 0x96, 0x09, 0x2b, 0xbc, 0xd1, 0xc3, 0x48, 0x67, 0xbd, 0x97, 0x33,
+    0xa4, 0x44, 0x5a, 0x28, 0xf4, 0x21, 0xde, 0x3b, 0x02, 0x86, 0x17, 0xce,
+    0xc3, 0x53, 0xbf, 0xff, 0x89, 0xcc, 0x09, 0xcf, 0x94, 0xed, 0x01, 0xc3,
+    0xd3, 0xac, 0xbf, 0x6b, 0xa7, 0x7e, 0x95, 0x16, 0x1a, 0xff, 0x40, 0xa7,
+    0x39, 0x84, 0xb2, 0xe6, 0x82, 0xcb, 0x04, 0xc3, 0xfc, 0xec, 0xd8, 0x06,
+    0x17, 0xc1, 0x00, 0x58, 0xb2, 0xf3, 0xfb, 0x8b, 0x2e, 0xef, 0xeb, 0x2f,
+    0xe1, 0x46, 0xc4, 0x23, 0xac, 0xa9, 0x3c, 0x62, 0x18, 0xbe, 0x9d, 0xc9,
+    0x89, 0x65, 0xe9, 0x28, 0xd6, 0x5a, 0x56, 0x5f, 0x48, 0x20, 0x75, 0x95,
+    0xe3, 0x64, 0x42, 0x14, 0x34, 0xc5, 0x59, 0x8a, 0x22, 0x0f, 0x12, 0xfd,
+    0x3a, 0xff, 0xff, 0xa6, 0x78, 0x13, 0xe3, 0x63, 0xf7, 0x0e, 0x77, 0x0c,
+    0xd4, 0x6b, 0x28, 0x22, 0x2d, 0xc9, 0x2e, 0xd3, 0x1a, 0xa1, 0x3d, 0x47,
+    0xdf, 0x7f, 0x82, 0x66, 0xba, 0x77, 0xe9, 0x51, 0x73, 0xae, 0xf6, 0xf5,
+    0x97, 0x39, 0xd6, 0x5f, 0x36, 0xb4, 0xeb, 0x2f, 0xb9, 0x24, 0x6a, 0xca,
+    0xc3, 0xc3, 0x0c, 0x86, 0xf1, 0x4f, 0x6b, 0x2f, 0x9f, 0x50, 0x08, 0x34,
+    0x58, 0x10, 0xcf, 0x16, 0x77, 0x48, 0xaf, 0xff, 0xff, 0xfe, 0x9d, 0x85,
+    0x08, 0xfa, 0xf6, 0xdd, 0xbe, 0xd9, 0x09, 0x18, 0x8d, 0x0b, 0x52, 0x15,
+    0xee, 0x38, 0xfa, 0x3e, 0xdd, 0xbe, 0xd9, 0x59, 0x52, 0xcf, 0x03, 0x8e,
+    0x13, 0x50, 0x45, 0xc8, 0xed, 0xfa, 0x2f, 0x69, 0xe0, 0xad, 0x43, 0x14,
+    0xf0, 0xdc, 0xf4, 0xa4, 0xaf, 0x98, 0x8a, 0x1e, 0x7b, 0xab, 0x17, 0xfd,
+    0xc3, 0xe6, 0xd8, 0x60, 0xe5, 0x65, 0xfb, 0x5d, 0x3b, 0xf4, 0xa8, 0x87,
+    0x97, 0xff, 0xbc, 0xd2, 0x77, 0x18, 0x7b, 0xb2, 0x50, 0x59, 0x60, 0x92,
+    0x8b, 0xcc, 0x3a, 0xe1, 0xb5, 0xff, 0x4f, 0xa6, 0x3d, 0x4e, 0x0d, 0x65,
+    0xff, 0xb4, 0xdc, 0x91, 0xb9, 0x31, 0xd6, 0x57, 0x8f, 0xd3, 0x79, 0xc5,
+    0xef, 0xf4, 0x05, 0x97, 0xfb, 0x52, 0xdf, 0x29, 0x3a, 0xcb, 0xfc, 0x2e,
+    0x6d, 0x19, 0x3f, 0x96, 0x5f, 0xff, 0xf1, 0x39, 0xb1, 0x72, 0x7f, 0xb4,
+    0x3f, 0xb1, 0x0a, 0x19, 0xc5, 0x97, 0xff, 0xff, 0xde, 0xcd, 0x6a, 0x7b,
+    0x80, 0x7f, 0x62, 0x14, 0x33, 0x85, 0x91, 0x87, 0x05, 0x97, 0xff, 0xe2,
+    0xce, 0x33, 0xc7, 0x83, 0x3b, 0x6c, 0xc9, 0xd6, 0x5f, 0x74, 0xef, 0xd2,
+    0xa2, 0x26, 0x5f, 0xb1, 0xbf, 0xa1, 0x2c, 0xbe, 0xdc, 0xf4, 0x9a, 0xb2,
+    0xff, 0xff, 0x68, 0xb2, 0x3c, 0x1e, 0x18, 0x2d, 0x67, 0x5e, 0x9d, 0xeb,
+    0x2e, 0xc8, 0xd6, 0x5f, 0x08, 0xf8, 0x35, 0x95, 0x28, 0x9d, 0xed, 0x93,
+    0x74, 0x5e, 0xfd, 0xfe, 0x47, 0x86, 0x2c, 0xbf, 0xef, 0x88, 0xdd, 0xbe,
+    0xc0, 0x3a, 0xca, 0xc4, 0x4c, 0xb9, 0x98, 0x8a, 0xac, 0x25, 0x97, 0xfb,
+    0xe2, 0x7e, 0xfd, 0x3b, 0xd6, 0x54, 0x15, 0xb4, 0x74, 0xd4, 0xd0, 0x80,
+    0xd2, 0xb1, 0xcc, 0x1c, 0x9c, 0xa3, 0x5c, 0xe1, 0x77, 0xc4, 0x6f, 0xf9,
+    0xdc, 0x81, 0xa6, 0x93, 0x56, 0x5c, 0x28, 0xd6, 0x5b, 0x16, 0x5c, 0xc1,
+    0x75, 0x94, 0x47, 0x85, 0xbc, 0x60, 0xc1, 0x0b, 0xf8, 0xe1, 0x91, 0x64,
+    0x6b, 0x2f, 0xc6, 0x6b, 0x3d, 0xc5, 0x96, 0x29, 0x3d, 0x7c, 0x2e, 0xbf,
+    0xbe, 0x53, 0xd3, 0x12, 0xcb, 0xf1, 0x4f, 0x4c, 0x4b, 0x2f, 0xd3, 0xdc,
+    0x18, 0xfb, 0x4f, 0x4b, 0xe5, 0x97, 0xe0, 0x73, 0x6e, 0x0d, 0x65, 0xfe,
+    0x63, 0x30, 0xb3, 0xbf, 0xac, 0xac, 0x44, 0xf3, 0x20, 0xe8, 0xaa, 0xec,
+    0xdd, 0x59, 0x7b, 0xa6, 0x1a, 0xcb, 0xce, 0x43, 0xc3, 0x6c, 0xc3, 0x37,
+    0xe6, 0xda, 0x7e, 0xa2, 0x59, 0x4e, 0x7b, 0x64, 0x5f, 0x7f, 0xe3, 0xf8,
+    0x5d, 0x6d, 0xcf, 0x3e, 0x96, 0x5f, 0xfd, 0xfe, 0x72, 0x5b, 0xbf, 0xfe,
+    0x4e, 0xb2, 0xff, 0xa7, 0xd3, 0xbc, 0xf2, 0x51, 0xac, 0xbf, 0xf8, 0x5f,
+    0xe1, 0x08, 0x5f, 0x84, 0x9a, 0xb2, 0xf7, 0x1c, 0x96, 0x5f, 0xff, 0xa7,
+    0x40, 0xf4, 0xef, 0x8a, 0x64, 0xfc, 0xc1, 0xac, 0xbf, 0xef, 0x7a, 0x77,
+    0xc3, 0x35, 0x2b, 0x2f, 0xf4, 0xcc, 0x59, 0xbd, 0xb4, 0xb2, 0xbc, 0x8c,
+    0x57, 0x57, 0x23, 0xaa, 0xc4, 0xf4, 0xe2, 0x45, 0x23, 0xae, 0x23, 0x7e,
+    0x1c, 0x17, 0xf8, 0x9c, 0x04, 0xf0, 0x25, 0x97, 0xef, 0xe0, 0x27, 0x4b,
+    0x2e, 0x6f, 0xc9, 0xeb, 0xb1, 0x85, 0xf4, 0x7e, 0x14, 0x6b, 0x2a, 0x55,
+    0x85, 0xe4, 0xa1, 0x57, 0x85, 0x30, 0x8a, 0xef, 0xa3, 0x3c, 0xe9, 0x65,
+    0xf7, 0x42, 0x23, 0x56, 0x5c, 0xee, 0xb2, 0x9c, 0xf7, 0x08, 0x8c, 0x32,
+    0x4b, 0xff, 0x3f, 0x7c, 0x8b, 0x71, 0x8b, 0xfc, 0x59, 0x70, 0xfc, 0xb2,
+    0xff, 0xf7, 0xe1, 0x9a, 0xd3, 0xc3, 0x0f, 0x3d, 0x2c, 0xac, 0x3e, 0x17,
+    0x17, 0xbf, 0xda, 0x9f, 0x38, 0xe0, 0x75, 0x97, 0xfd, 0xf1, 0x7a, 0x47,
+    0xe6, 0x02, 0xcb, 0xfe, 0x98, 0x63, 0x16, 0x49, 0xab, 0x2f, 0xff, 0xde,
+    0x9d, 0x03, 0x98, 0x3f, 0x89, 0xfa, 0xcd, 0x2c, 0xad, 0xc4, 0x62, 0xc4,
+    0x73, 0xf3, 0x6b, 0xbe, 0x75, 0x97, 0xec, 0x39, 0xe4, 0x6b, 0x2f, 0xfc,
+    0x1c, 0x7c, 0x96, 0xef, 0xf2, 0x75, 0x97, 0xff, 0x71, 0xdf, 0xac, 0xea,
+    0x4a, 0x7a, 0x59, 0x6c, 0x89, 0x15, 0x9e, 0x27, 0xe2, 0x0d, 0xe9, 0xd7,
+    0x16, 0x5f, 0xfe, 0xcd, 0xe5, 0x9c, 0xeb, 0xcd, 0xba, 0xdc, 0x59, 0x7f,
+    0xd3, 0x00, 0xf3, 0x5c, 0xc3, 0x16, 0x5f, 0xe8, 0x49, 0xad, 0xe7, 0x8d,
+    0x65, 0xff, 0x00, 0x65, 0x30, 0xf7, 0x00, 0xb2, 0xa3, 0x45, 0x3b, 0x1d,
+    0x68, 0xd2, 0xf1, 0x08, 0x6b, 0x28, 0x6a, 0xe0, 0xb2, 0x1f, 0x1d, 0x9a,
+    0x7a, 0x18, 0x60, 0x36, 0x21, 0xc1, 0x43, 0xd4, 0x33, 0x0b, 0xf1, 0x3b,
+    0x10, 0x16, 0x5f, 0x8c, 0x14, 0xea, 0x35, 0x95, 0xb4, 0xf3, 0xcc, 0x25,
+    0xbf, 0xf9, 0x9c, 0x1a, 0x92, 0xff, 0xb2, 0x0b, 0x2f, 0xf6, 0xb2, 0x7b,
+    0x83, 0x1d, 0x65, 0xfd, 0x93, 0xdc, 0x18, 0xeb, 0x2f, 0xa7, 0xa6, 0x2d,
+    0xa7, 0xc1, 0xa3, 0x3a, 0x64, 0xc0, 0x7c, 0x4a, 0x50, 0xa2, 0xb9, 0x8e,
+    0xb2, 0xfa, 0x1e, 0x0f, 0x8b, 0x2e, 0x70, 0xd5, 0x10, 0xba, 0xbb, 0x3c,
+    0x81, 0x12, 0x54, 0x48, 0x81, 0xfa, 0xf5, 0xfb, 0xd9, 0x18, 0x89, 0x65,
+    0xf3, 0xea, 0x77, 0xac, 0xa1, 0x9e, 0x58, 0x0a, 0x2f, 0xef, 0x39, 0x7f,
+    0x3c, 0xb2, 0xfa, 0x18, 0xe4, 0xb2, 0xff, 0x47, 0x90, 0x21, 0x3f, 0x16,
+    0x53, 0x1f, 0xfc, 0x45, 0x8e, 0x41, 0x7a, 0x4f, 0x05, 0x97, 0x88, 0x46,
+    0xac, 0xae, 0xcd, 0xc9, 0x0e, 0x5f, 0x79, 0xa6, 0x25, 0x96, 0x09, 0x2d,
+    0x9f, 0x94, 0x64, 0x90, 0x1e, 0x19, 0x8e, 0x4b, 0x9d, 0x36, 0x11, 0x2c,
+    0xf3, 0x14, 0x22, 0x35, 0x18, 0xa9, 0xe1, 0x7f, 0xe9, 0x65, 0x6f, 0x0a,
+    0x40, 0x17, 0x14, 0x29, 0x39, 0x2e, 0x8b, 0xf1, 0xe9, 0x0a, 0x16, 0xbb,
+    0xdb, 0xf6, 0x61, 0x42, 0x1b, 0x3e, 0xe9, 0x0d, 0xfb, 0x35, 0xc6, 0x95,
+    0x97, 0x82, 0xd8, 0x59, 0xb1, 0xac, 0xbf, 0xf6, 0x85, 0x1e, 0x7a, 0x22,
+    0x91, 0xac, 0xbe, 0x29, 0xc3, 0x56, 0x5f, 0xef, 0xfb, 0x33, 0xfe, 0xc5,
+    0x97, 0xf7, 0xa5, 0xfb, 0x1f, 0x6b, 0x2f, 0x1b, 0xae, 0xd6, 0x5f, 0x61,
+    0xc4, 0x75, 0x97, 0xfb, 0x52, 0x58, 0x31, 0xca, 0xcb, 0xff, 0x39, 0x1a,
+    0xff, 0x9f, 0xb8, 0x16, 0x5f, 0x0c, 0x39, 0x25, 0x97, 0xff, 0xf3, 0x7c,
+    0x5a, 0x7e, 0x61, 0x7b, 0x30, 0xa1, 0xc5, 0x95, 0x27, 0xf4, 0xe4, 0x54,
+    0xb2, 0xfc, 0xf9, 0xfc, 0x3a, 0xcb, 0x81, 0x32, 0x6c, 0x48, 0x2e, 0xfc,
+    0x2d, 0x03, 0x6c, 0xac, 0xbb, 0xce, 0xb2, 0xe6, 0x35, 0x65, 0x84, 0xb2,
+    0xb0, 0xdf, 0x44, 0x2d, 0xc1, 0x7b, 0xee, 0x7a, 0x40, 0xb2, 0xfb, 0xf2,
+    0x5b, 0xd6, 0x5b, 0xeb, 0x2f, 0xfe, 0x9d, 0x4f, 0x52, 0xc0, 0x7f, 0x89,
+    0x65, 0x78, 0xfd, 0xfe, 0x47, 0xb2, 0x23, 0x78, 0x1c, 0x09, 0xb0, 0x2e,
+    0x0d, 0x05, 0xa2, 0x69, 0x2d, 0x1a, 0x06, 0x10, 0xf4, 0x65, 0xd9, 0x7b,
+    0x0f, 0xe8, 0x88, 0xe6, 0x3e, 0x85, 0xb8, 0x14, 0x78, 0x55, 0xf6, 0x81,
+    0x17, 0x07, 0x09, 0x9b, 0xf0, 0xc2, 0x63, 0x6e, 0x2c, 0xbf, 0xfc, 0xd0,
+    0xe0, 0x4c, 0xee, 0x0f, 0x18, 0x7d, 0x2c, 0xa9, 0x3f, 0xcc, 0x2c, 0xa9,
+    0x4e, 0x87, 0xd1, 0xc0, 0xdf, 0xf0, 0x50, 0x2b, 0xac, 0xfb, 0x78, 0x4b,
+    0x2f, 0xb8, 0xd1, 0x85, 0x56, 0x5f, 0x84, 0x44, 0xd0, 0x59, 0x41, 0x44,
+    0x47, 0x6c, 0x48, 0x3c, 0x27, 0xbf, 0xf0, 0x50, 0x2a, 0xd1, 0xce, 0xde,
+    0xb9, 0x8b, 0x2e, 0xd8, 0x64, 0xb2, 0xf7, 0xb3, 0x4b, 0x28, 0x28, 0x88,
+    0x2d, 0x89, 0x2b, 0xc3, 0x97, 0xfe, 0xc8, 0x13, 0x9b, 0x17, 0x27, 0xeb,
+    0x2f, 0xbe, 0xda, 0xc5, 0x95, 0xb0, 0x8f, 0x83, 0x0f, 0xef, 0xfb, 0x3e,
+    0x1c, 0x6f, 0xa6, 0x89, 0x65, 0xfd, 0x0d, 0x87, 0x18, 0x54, 0x2d, 0x05,
+    0x8b, 0x2f, 0x16, 0x79, 0x65, 0xfc, 0xc7, 0xc9, 0xd1, 0xab, 0x28, 0x67,
+    0x91, 0xd0, 0xdd, 0xe0, 0xb7, 0xb0, 0xb6, 0x05, 0x97, 0xfb, 0x39, 0xcc,
+    0x62, 0xe9, 0x65, 0x6c, 0x49, 0xb9, 0x05, 0x49, 0xf6, 0x03, 0xbd, 0x8e,
+    0x11, 0xa1, 0x68, 0x8c, 0x8b, 0xaf, 0x69, 0xf8, 0xb2, 0xfe, 0x0a, 0x07,
+    0xef, 0x64, 0x6b, 0x2e, 0xd9, 0xed, 0x65, 0xbc, 0xb2, 0xb6, 0x9f, 0xe0,
+    0x50, 0x73, 0x61, 0x1a, 0x08, 0x6e, 0xff, 0x82, 0xbc, 0xc2, 0x2c, 0x7e,
+    0x96, 0x59, 0xd6, 0x50, 0x50, 0xf2, 0xfb, 0x3b, 0xb8, 0xd9, 0x59, 0x7c,
+    0x3c, 0x28, 0x96, 0x5c, 0xdf, 0x59, 0x6f, 0xb1, 0xb8, 0xf1, 0x15, 0xfe,
+    0xef, 0xfd, 0xc0, 0x44, 0x6a, 0xcb, 0xff, 0x4c, 0x45, 0x9b, 0xdc, 0xe7,
+    0x65, 0x94, 0xe7, 0xec, 0x23, 0x7b, 0xff, 0xff, 0xbc, 0x21, 0xb6, 0x6a,
+    0x22, 0xcd, 0xfe, 0xc1, 0xcf, 0x39, 0x26, 0xac, 0xbf, 0xfc, 0xd1, 0x43,
+    0x3b, 0x86, 0xd3, 0xbb, 0x92, 0xcb, 0x9f, 0x75, 0x65, 0xff, 0xfe, 0xe6,
+    0x7f, 0x6f, 0xb3, 0xa9, 0x30, 0xb0, 0x7e, 0x68, 0x96, 0x54, 0x6a, 0x92,
+    0x71, 0x3c, 0xd8, 0x4e, 0x74, 0x43, 0xe7, 0x47, 0x4c, 0xf8, 0xcd, 0x6c,
+    0x4a, 0xb7, 0x02, 0xb2, 0x9c, 0x2f, 0x6c, 0x44, 0x4b, 0x2f, 0xf7, 0x73,
+    0xfc, 0xce, 0xe0, 0xb2, 0xfe, 0xc6, 0xf9, 0x4f, 0x6b, 0x2c, 0x6a, 0xca,
+    0x0a, 0x22, 0x4b, 0x61, 0x90, 0x05, 0xa3, 0x4d, 0x92, 0xcb, 0xa3, 0xf2,
+    0xcb, 0xda, 0xe7, 0x16, 0x5c, 0x5c, 0x59, 0x41, 0x53, 0x67, 0xbc, 0x76,
+    0xf1, 0xe7, 0xa5, 0x95, 0xb1, 0x9e, 0x26, 0x13, 0xdf, 0xdb, 0x04, 0x98,
+    0xfd, 0x4a, 0xcb, 0xf8, 0x2d, 0x6c, 0x45, 0xb3, 0x27, 0x59, 0x5b, 0x01,
+    0xf7, 0x05, 0xa3, 0x3b, 0xff, 0xf0, 0xf6, 0xe7, 0x0a, 0x38, 0xdf, 0x73,
+    0x6e, 0xdf, 0x6c, 0xac, 0xbf, 0x9c, 0xa3, 0xf4, 0xee, 0x2c, 0xbd, 0x09,
+    0x02, 0xca, 0x19, 0xe6, 0x39, 0x85, 0xfb, 0xcf, 0xf7, 0x82, 0xcb, 0xfc,
+    0x15, 0xdb, 0xc0, 0x1f, 0x38, 0xb2, 0xfe, 0x6d, 0x16, 0x66, 0x96, 0x5e,
+    0xea, 0x3f, 0x2c, 0xbf, 0x4f, 0x02, 0xd8, 0x50, 0x28, 0xb2, 0xe3, 0x9d,
+    0x65, 0x70, 0xf3, 0x44, 0x6d, 0x7e, 0x9e, 0x0b, 0xcc, 0xb2, 0xb6, 0xa2,
+    0xd6, 0x0d, 0x9c, 0x22, 0xa5, 0x97, 0xe8, 0x3e, 0x9f, 0xa5, 0x97, 0x34,
+    0x4b, 0x2a, 0x4d, 0xfe, 0x14, 0x5f, 0xe2, 0xce, 0xe0, 0x4f, 0x1a, 0xca,
+    0xd1, 0xe9, 0x70, 0x7e, 0xfd, 0xc1, 0x39, 0x01, 0x65, 0x6d, 0x3c, 0x9f,
+    0x91, 0x5f, 0xc5, 0x9b, 0xcb, 0x38, 0xb2, 0x8e, 0x7a, 0x20, 0x24, 0xbd,
+    0xc6, 0x02, 0xcb, 0xe6, 0x29, 0xe2, 0xca, 0xc3, 0xde, 0x62, 0x2f, 0x0e,
+    0x5e, 0x30, 0xc3, 0x12, 0x5f, 0x9c, 0xbf, 0xec, 0x48, 0x10, 0xd0, 0x5f,
+    0xff, 0xfd, 0x31, 0xed, 0xe0, 0xa7, 0xbf, 0xfb, 0x0f, 0x9f, 0x29, 0x00,
+    0x25, 0x65, 0xdb, 0x38, 0xb2, 0xfb, 0xf1, 0x67, 0xd6, 0x58, 0x6b, 0x28,
+    0x68, 0xc1, 0xc7, 0x47, 0x19, 0x11, 0x1d, 0x4a, 0xb1, 0x51, 0xc7, 0x28,
+    0x04, 0xd2, 0x87, 0xcd, 0xfb, 0xc4, 0x16, 0x6c, 0xee, 0xac, 0xb9, 0xdd,
+    0x65, 0xbc, 0xc7, 0x90, 0xe6, 0x77, 0xff, 0xf0, 0x35, 0x3b, 0x75, 0x3f,
+    0xee, 0x12, 0x6e, 0x9c, 0xc5, 0x97, 0xc1, 0xf1, 0xc0, 0xb2, 0xe8, 0xbc,
+    0xb2, 0xff, 0xc7, 0xdb, 0x8d, 0xa6, 0x3c, 0x9a, 0xb2, 0x98, 0xf6, 0x1c,
+    0x62, 0xff, 0xcd, 0x16, 0xdf, 0x4b, 0x68, 0x5b, 0x8b, 0x2a, 0x53, 0x3f,
+    0xd3, 0x07, 0x9e, 0xc0, 0x41, 0x7f, 0xfe, 0xeb, 0xc4, 0x2f, 0xed, 0x2c,
+    0xdd, 0xfb, 0x66, 0xea, 0xcb, 0x85, 0xe5, 0x97, 0xbe, 0x2d, 0xc5, 0x97,
+    0xdb, 0xba, 0xe7, 0x16, 0x56, 0x1e, 0x33, 0x10, 0x54, 0xa3, 0x68, 0xd5,
+    0xdd, 0x2e, 0xdf, 0xfd, 0x85, 0xdf, 0xf6, 0xf0, 0x07, 0xce, 0x2c, 0xbf,
+    0x0b, 0xed, 0x1c, 0xac, 0xac, 0x3e, 0xf2, 0x47, 0xbf, 0xde, 0x98, 0xf5,
+    0x38, 0x35, 0x97, 0xe6, 0xe7, 0xf3, 0xcb, 0x2f, 0xf4, 0x94, 0xf2, 0x58,
+    0xeb, 0x2f, 0x3f, 0xf8, 0xb2, 0x8d, 0x3c, 0xcd, 0x18, 0x5e, 0xdd, 0x1c,
+    0xac, 0xa9, 0x47, 0x47, 0x46, 0x6c, 0xe6, 0x22, 0x3b, 0xde, 0x70, 0xba,
+    0xcb, 0xf6, 0xf1, 0x43, 0x38, 0xb2, 0xf8, 0x0c, 0x42, 0x59, 0x58, 0x79,
+    0x62, 0x2a, 0xbe, 0xc1, 0xe4, 0x6b, 0x2f, 0xb7, 0x36, 0xce, 0xc4, 0xb2,
+    0xff, 0x14, 0xec, 0xe1, 0x31, 0xab, 0x2f, 0xf7, 0xdf, 0xbe, 0x3f, 0x66,
+    0x2c, 0xb4, 0xac, 0xbc, 0xd2, 0x4b, 0x2b, 0x46, 0xab, 0xe2, 0x15, 0xb1,
+    0x32, 0xf5, 0xc7, 0x0b, 0x0c, 0x21, 0x34, 0x9f, 0xa3, 0xae, 0xe1, 0xc0,
+    0xd2, 0xd1, 0xf7, 0x21, 0x21, 0x14, 0x6c, 0xba, 0x8c, 0x5c, 0xf0, 0x9f,
+    0xf4, 0x61, 0x01, 0x73, 0xc2, 0x6b, 0xf9, 0x0e, 0xf2, 0x2d, 0x92, 0xc0,
+    0xcd, 0x37, 0x58, 0x2f, 0xda, 0xcd, 0xf3, 0xda, 0xcb, 0xc5, 0x9f, 0x59,
+    0x7f, 0xfb, 0xb8, 0x73, 0x92, 0xdd, 0xff, 0xf2, 0x75, 0x95, 0xa4, 0x48,
+    0x91, 0x51, 0x83, 0x77, 0xfe, 0x8f, 0x0a, 0x4c, 0xf9, 0xaf, 0xc5, 0x97,
+    0xfb, 0x37, 0xbb, 0x75, 0x84, 0xb2, 0xe2, 0xfe, 0x1f, 0x99, 0x20, 0x5e,
+    0xfb, 0x62, 0xcb, 0xd8, 0x36, 0x59, 0x5b, 0x4d, 0xb4, 0x8d, 0xd3, 0x22,
+    0x0c, 0xc6, 0x1b, 0xc2, 0xff, 0x16, 0x5f, 0xf6, 0xe3, 0xfe, 0x28, 0x36,
+    0xa2, 0x59, 0x7e, 0xdb, 0xd4, 0x99, 0xda, 0xcb, 0xfe, 0x98, 0x18, 0xfa,
+    0xfc, 0xe2, 0xcb, 0xff, 0xff, 0xfe, 0xe6, 0xdf, 0x64, 0x72, 0x67, 0x70,
+    0xe6, 0xd1, 0x75, 0xad, 0x4e, 0xd8, 0x8d, 0xef, 0x6e, 0xdf, 0x6c, 0xac,
+    0xbf, 0xbb, 0xdb, 0x16, 0x67, 0x4b, 0x2a, 0x55, 0x73, 0xe4, 0x64, 0xdd,
+    0x11, 0xb8, 0xe8, 0x0f, 0x88, 0xb7, 0xe7, 0x02, 0x85, 0x65, 0xfb, 0xd2,
+    0x09, 0xdc, 0x59, 0x63, 0x16, 0x5f, 0xd0, 0x81, 0xe2, 0x9d, 0xd5, 0x96,
+    0x02, 0xca, 0x63, 0xff, 0x01, 0x51, 0x09, 0x08, 0xca, 0xed, 0x99, 0x59,
+    0x7a, 0x4d, 0x65, 0x97, 0x49, 0xd6, 0x5d, 0x3d, 0xac, 0xbf, 0xb9, 0x87,
+    0xde, 0x3c, 0x59, 0x43, 0x3d, 0xc8, 0x85, 0xb8, 0x2f, 0x44, 0x8c, 0x1e,
+    0x0c, 0xfd, 0xe2, 0xed, 0x90, 0xa2, 0xcb, 0xff, 0xc0, 0x92, 0xeb, 0x6e,
+    0x10, 0xa1, 0x9c, 0x59, 0x7f, 0x9f, 0xb0, 0x69, 0xbb, 0x02, 0xcb, 0xff,
+    0x08, 0xf3, 0x9c, 0x2c, 0xde, 0xeb, 0x2f, 0xf0, 0x1c, 0xb2, 0x30, 0xe0,
+    0xb2, 0xbb, 0x47, 0x97, 0x92, 0xf8, 0x6b, 0xf3, 0xeb, 0xdb, 0x61, 0xd2,
+    0xcb, 0xfc, 0xdb, 0x78, 0xf3, 0xdc, 0x16, 0x5f, 0xf7, 0x36, 0xe1, 0x48,
+    0x82, 0xfc, 0x59, 0x7b, 0x6f, 0x70, 0x59, 0x52, 0xac, 0xaf, 0x21, 0xf6,
+    0x69, 0x7b, 0x46, 0x20, 0x73, 0xef, 0x10, 0x11, 0xaf, 0x0f, 0xaf, 0xff,
+    0xed, 0x6d, 0x2c, 0xdf, 0x9a, 0x86, 0xd9, 0x1b, 0xc5, 0xc5, 0x97, 0xff,
+    0xb5, 0xe3, 0x1c, 0x7b, 0x43, 0x00, 0x1b, 0x75, 0x65, 0xff, 0xd8, 0x66,
+    0xe9, 0xc4, 0xc7, 0xc2, 0x02, 0xcb, 0xff, 0xff, 0x77, 0x26, 0x96, 0x0f,
+    0xcd, 0x16, 0xde, 0x67, 0x70, 0xd6, 0x18, 0xb2, 0x99, 0x17, 0x24, 0x8f,
+    0x58, 0x9c, 0x6b, 0xb0, 0x94, 0x61, 0x77, 0xdf, 0x14, 0xc6, 0xb2, 0xfe,
+    0x83, 0xeb, 0x8c, 0x35, 0x97, 0xf6, 0x7b, 0x0f, 0x3d, 0x2c, 0xa9, 0x3d,
+    0xa8, 0x16, 0xdf, 0x9b, 0x4d, 0xbf, 0x16, 0x53, 0x23, 0x1b, 0xef, 0xbb,
+    0xa4, 0x37, 0xdb, 0x39, 0xa9, 0x59, 0x7f, 0x4f, 0x3d, 0x25, 0xf5, 0x97,
+    0xff, 0xf7, 0x70, 0xe1, 0xf0, 0xb6, 0xee, 0xb7, 0xa3, 0x6c, 0xd2, 0xcb,
+    0x6e, 0x2c, 0xbd, 0xfc, 0xe2, 0xca, 0x82, 0x2f, 0x70, 0xb3, 0xa6, 0x11,
+    0x0a, 0x5f, 0xff, 0xe2, 0xce, 0xbc, 0xc5, 0x82, 0xef, 0xfb, 0x5c, 0xcc,
+    0x35, 0x65, 0xff, 0xb3, 0xa7, 0x8f, 0xd9, 0xd6, 0x12, 0xcb, 0x19, 0xb5,
+    0x14, 0x7e, 0x64, 0xbf, 0xc6, 0x8c, 0x53, 0xe2, 0x95, 0x97, 0xf4, 0x38,
+    0x68, 0xa7, 0xb5, 0x97, 0xd8, 0x37, 0x82, 0xca, 0xec, 0xf4, 0x4c, 0x30,
+    0xbe, 0xd4, 0xcc, 0x6b, 0x2f, 0xa2, 0x9f, 0xba, 0xcb, 0xfe, 0x8e, 0x63,
+    0xe4, 0xc4, 0xdb, 0xd6, 0x5c, 0xe6, 0x71, 0x10, 0x22, 0x22, 0x0c, 0x8a,
+    0xf6, 0xff, 0x86, 0xb2, 0xa5, 0x3b, 0x2c, 0x2c, 0x68, 0x42, 0x14, 0x29,
+    0x4c, 0x3d, 0xbc, 0x1c, 0x92, 0xcb, 0xfe, 0x6d, 0x46, 0x20, 0x61, 0x62,
+    0xcb, 0xa2, 0x3a, 0xcb, 0xfd, 0x0e, 0x7c, 0x58, 0x3d, 0xb1, 0x1e, 0x80,
+    0x0e, 0x2f, 0xff, 0xb0, 0x7e, 0x11, 0x9c, 0x6f, 0xf9, 0x9c, 0x0b, 0x2b,
+    0xb4, 0x4f, 0x12, 0x75, 0xc7, 0x82, 0xcb, 0xff, 0xd3, 0xae, 0x8d, 0x06,
+    0x39, 0x77, 0x0e, 0x2c, 0xa8, 0x1f, 0x1f, 0x05, 0xef, 0xb3, 0x52, 0x75,
+    0x97, 0x8b, 0x37, 0xed, 0x3c, 0x32, 0x22, 0xbf, 0xff, 0xee, 0x16, 0x0d,
+    0x8c, 0xda, 0x59, 0xbb, 0xf6, 0xe0, 0xa7, 0x4b, 0x2b, 0x49, 0xb4, 0x72,
+    0x19, 0x3f, 0x35, 0xbf, 0xc4, 0x69, 0x63, 0x77, 0xf5, 0x96, 0xde, 0xb2,
+    0xb0, 0xf1, 0xb8, 0x67, 0x52, 0x89, 0xd1, 0x3e, 0x5f, 0x4e, 0x7b, 0x8b,
+    0x2e, 0x68, 0xd6, 0x58, 0x11, 0x1b, 0x8f, 0x90, 0xdf, 0xee, 0x8b, 0x07,
+    0xe7, 0xe2, 0xcb, 0xf8, 0x18, 0x43, 0xf4, 0xac, 0xbf, 0xbc, 0xc4, 0x00,
+    0xce, 0xb2, 0x98, 0xf6, 0xbe, 0x59, 0x70, 0xd9, 0x65, 0xff, 0xfd, 0xe6,
+    0xc2, 0xc6, 0x1e, 0x48, 0x1f, 0xa7, 0xd2, 0xcb, 0xfd, 0x1c, 0x9c, 0xa7,
+    0xb0, 0x2c, 0xa9, 0x4d, 0x3e, 0x10, 0x8d, 0xe8, 0x87, 0xb1, 0x67, 0x57,
+    0xbf, 0x7b, 0x6b, 0xe7, 0x16, 0x54, 0x9f, 0xce, 0x28, 0x58, 0x4b, 0x2f,
+    0xef, 0x94, 0xc3, 0x3e, 0xb2, 0xf8, 0x8b, 0x3e, 0xb2, 0xe8, 0xc4, 0xb2,
+    0xf1, 0x8f, 0xc5, 0x97, 0x9f, 0x50, 0xda, 0x88, 0x19, 0x2c, 0x62, 0x0f,
+    0x0c, 0x54, 0xb2, 0xd2, 0xb2, 0x1f, 0x5d, 0x99, 0x34, 0x38, 0x75, 0x2a,
+    0x48, 0xea, 0x5e, 0x96, 0x1e, 0xeb, 0x45, 0x1f, 0x87, 0x08, 0x05, 0x09,
+    0x2b, 0xff, 0x69, 0xa3, 0x73, 0x97, 0x62, 0x25, 0x96, 0xdc, 0x59, 0x6f,
+    0xac, 0xba, 0x40, 0xb2, 0xff, 0xf3, 0x08, 0x2f, 0x3b, 0x78, 0x20, 0x1f,
+    0x3e, 0xb2, 0xbb, 0x3e, 0x6d, 0x0b, 0x5f, 0xfa, 0x7a, 0xe4, 0xb7, 0x7f,
+    0x93, 0xac, 0xa5, 0x97, 0xb4, 0x2d, 0xc5, 0x95, 0x03, 0x57, 0xf0, 0xba,
+    0x24, 0x45, 0x89, 0xaa, 0xf8, 0x1c, 0x8f, 0xeb, 0x2f, 0xe7, 0xf4, 0x94,
+    0xc1, 0x65, 0xff, 0xff, 0xbf, 0x92, 0x59, 0xd1, 0x3c, 0x73, 0xad, 0x4f,
+    0xfd, 0x83, 0x59, 0x7d, 0xbc, 0xb3, 0x9b, 0x51, 0x2b, 0x85, 0x77, 0xff,
+    0xd8, 0x58, 0x6f, 0x9e, 0x1e, 0x31, 0xc3, 0x3a, 0xcb, 0xff, 0x39, 0xbb,
+    0x7e, 0xee, 0x5b, 0x63, 0x59, 0x52, 0x9c, 0x4b, 0x42, 0xe7, 0xc7, 0x84,
+    0xa3, 0x7e, 0x06, 0x1e, 0x7a, 0x59, 0x79, 0xff, 0xc5, 0x97, 0x0a, 0x35,
+    0x95, 0x03, 0x69, 0xa1, 0xcb, 0xf6, 0x43, 0xcf, 0x05, 0x95, 0x11, 0xe4,
+    0x78, 0x86, 0xc5, 0x28, 0xc7, 0xfc, 0x29, 0x2f, 0xf3, 0x90, 0x7e, 0xf4,
+    0x8d, 0x65, 0xff, 0xf7, 0xf9, 0x39, 0xb7, 0x53, 0xf6, 0xe9, 0x86, 0xb2,
+    0xfd, 0xd6, 0xd1, 0xf6, 0x62, 0xca, 0xe1, 0xff, 0x89, 0x46, 0xff, 0x19,
+    0xec, 0x2e, 0xe4, 0xd5, 0x97, 0xc2, 0x89, 0xc6, 0xb2, 0xfd, 0x9f, 0xd6,
+    0x18, 0xb2, 0xdd, 0x6d, 0x3c, 0xbf, 0x11, 0xd4, 0xa2, 0xad, 0xa1, 0x01,
+    0x76, 0xa0, 0xb2, 0xff, 0x1a, 0xfc, 0xcf, 0x87, 0x1a, 0xcb, 0xed, 0xbd,
+    0x19, 0x2b, 0x2a, 0x07, 0xb8, 0x73, 0x6a, 0x95, 0x4c, 0xdd, 0x96, 0x34,
+    0x2c, 0xb5, 0x0c, 0xd3, 0x93, 0x3b, 0x9d, 0xfb, 0x63, 0xd3, 0x49, 0xab,
+    0x2f, 0xdf, 0xf4, 0xb7, 0x4b, 0x28, 0xd3, 0xd5, 0xf9, 0x6d, 0xf8, 0x64,
+    0xef, 0xe5, 0x94, 0x47, 0x93, 0xc2, 0x3b, 0xf6, 0x73, 0xef, 0xa5, 0x97,
+    0xff, 0xb9, 0x8e, 0x5b, 0x79, 0xdc, 0x94, 0xf1, 0x65, 0xa1, 0xe3, 0xf1,
+    0xf9, 0x3d, 0xfd, 0x23, 0x9f, 0x4c, 0x16, 0x5f, 0xe9, 0xfe, 0xd7, 0xe9,
+    0xb7, 0xac, 0xad, 0x1f, 0x19, 0x16, 0x5f, 0xff, 0xf9, 0xbb, 0xfb, 0xf8,
+    0xb0, 0x7e, 0x68, 0xb9, 0xd6, 0x31, 0x44, 0xb2, 0xff, 0xfa, 0x7f, 0xb4,
+    0x85, 0xbb, 0xb7, 0x3f, 0xb3, 0x9f, 0x59, 0x52, 0x9b, 0x93, 0x42, 0x2f,
+    0x44, 0x22, 0x6d, 0xb9, 0xfe, 0xb2, 0xff, 0xef, 0x49, 0xbb, 0x7e, 0x4f,
+    0xf9, 0xfa, 0xcb, 0xfd, 0xb7, 0xb8, 0x37, 0x84, 0x75, 0x95, 0xe4, 0x49,
+    0x80, 0x58, 0x91, 0xaf, 0xc6, 0x3f, 0xa2, 0x0a, 0x2c, 0xbf, 0xec, 0x1e,
+    0xdf, 0x9a, 0xc6, 0x71, 0x65, 0xb3, 0x47, 0xd7, 0xbc, 0xba, 0xfe, 0x7f,
+    0x1b, 0x3a, 0x75, 0x97, 0xfe, 0xd4, 0x5b, 0x79, 0x2d, 0x1b, 0xfd, 0x65,
+    0x4a, 0x66, 0x43, 0x84, 0xd1, 0x14, 0x88, 0xb6, 0xe7, 0x02, 0xcb, 0xff,
+    0xed, 0xa5, 0x3c, 0x98, 0xcb, 0x07, 0xe6, 0x89, 0x65, 0xff, 0xff, 0xdc,
+    0xd1, 0x4c, 0x5b, 0x43, 0xfb, 0x43, 0x3b, 0xfe, 0x6f, 0x2c, 0xe2, 0xca,
+    0xd2, 0x32, 0x09, 0x46, 0xbe, 0x98, 0x00, 0xa1, 0xbd, 0x4b, 0x29, 0x65,
+    0xfd, 0x2c, 0x4f, 0xa3, 0x56, 0x5d, 0xfd, 0xa6, 0x9b, 0x7f, 0x05, 0xde,
+    0x34, 0xd9, 0x59, 0x68, 0x2c, 0xa6, 0x35, 0xf1, 0x0f, 0x54, 0xa3, 0x0b,
+    0xb4, 0x2d, 0x2f, 0xdf, 0xfc, 0x5f, 0xe6, 0xf6, 0xfc, 0xe1, 0x44, 0xb2,
+    0xff, 0xda, 0x8f, 0x33, 0x83, 0x27, 0xf2, 0xcb, 0xf6, 0x9b, 0x93, 0xda,
+    0xca, 0xc4, 0x55, 0xb2, 0x2b, 0x9f, 0x5f, 0xff, 0xa1, 0xc0, 0x0a, 0x2d,
+    0xb8, 0xda, 0x63, 0xc9, 0xab, 0x2f, 0xe0, 0xac, 0x50, 0x6f, 0xf1, 0x65,
+    0xee, 0x07, 0xc5, 0x95, 0x19, 0xe8, 0x9c, 0xce, 0xe9, 0x02, 0xcb, 0xf1,
+    0x7f, 0xd9, 0xba, 0xb2, 0xfd, 0x17, 0x1f, 0x46, 0xac, 0xbc, 0xe6, 0x6a,
+    0x4f, 0x53, 0x0a, 0xaf, 0xf8, 0x8d, 0x98, 0x98, 0xa4, 0xeb, 0x2f, 0xe3,
+    0x5e, 0x05, 0x27, 0x59, 0x52, 0x7c, 0xac, 0x71, 0x50, 0x54, 0x37, 0xd9,
+    0x6b, 0x42, 0xaa, 0x22, 0x3d, 0x35, 0x7a, 0x12, 0xf7, 0xcd, 0xd3, 0xe9,
+    0x65, 0xe3, 0xb9, 0x8b, 0x2d, 0xc8, 0x1b, 0xf7, 0x22, 0xbf, 0xcc, 0x3c,
+    0x28, 0x7b, 0x16, 0x5f, 0xff, 0xb9, 0xb7, 0x18, 0xcd, 0xa5, 0x80, 0x2c,
+    0x78, 0x96, 0x5f, 0xf7, 0x9b, 0x51, 0x79, 0xf3, 0x4b, 0x2f, 0xff, 0xff,
+    0xe0, 0x70, 0xb1, 0xfb, 0xda, 0x3f, 0x0b, 0x69, 0x67, 0x70, 0xc1, 0x46,
+    0x58, 0xfd, 0xac, 0xac, 0x4c, 0x7f, 0xa5, 0x86, 0x39, 0xb9, 0xfa, 0x54,
+    0x53, 0x0b, 0x1a, 0xb2, 0x9c, 0xdb, 0x08, 0x92, 0xfd, 0x1b, 0x9f, 0x9b,
+    0x2b, 0x2a, 0x55, 0x14, 0x46, 0x4d, 0x91, 0xa8, 0x74, 0xcc, 0xc4, 0x17,
+    0xff, 0xfb, 0xfc, 0x0f, 0x9b, 0x72, 0x1e, 0x96, 0xd0, 0x0e, 0xf0, 0x59,
+    0x7f, 0xc5, 0xdc, 0x39, 0xf9, 0xd4, 0x4b, 0x2f, 0x16, 0x79, 0x65, 0xff,
+    0x74, 0x27, 0xf6, 0x7d, 0xfc, 0xb2, 0x86, 0x7a, 0x9d, 0x8d, 0xd6, 0x22,
+    0xcb, 0xf0, 0x8f, 0xbf, 0xf3, 0xf7, 0x8d, 0xa6, 0x3c, 0x9a, 0xb2, 0xf0,
+    0x72, 0x4b, 0x2f, 0x63, 0x01, 0x65, 0xb1, 0x65, 0xb0, 0x06, 0xaf, 0x78,
+    0xdd, 0xcd, 0x1a, 0xca, 0x58, 0xe5, 0xbd, 0xda, 0xc5, 0x96, 0xef, 0x6a,
+    0x2d, 0x49, 0x1f, 0x87, 0xe2, 0x19, 0xac, 0x54, 0xea, 0xd1, 0x8b, 0x68,
+    0x9d, 0xe1, 0xe7, 0x7b, 0x05, 0xa5, 0x96, 0x89, 0x65, 0xf0, 0xb3, 0xb2,
+    0x59, 0x51, 0x9b, 0x43, 0x89, 0x58, 0xc5, 0x97, 0x30, 0xd6, 0x56, 0xe1,
+    0xa8, 0xe0, 0x95, 0xc3, 0x89, 0x65, 0xff, 0x6b, 0x07, 0xe9, 0x30, 0xe2,
+    0x59, 0x7f, 0x7b, 0x06, 0xc5, 0xf5, 0x96, 0x8d, 0x65, 0xde, 0xe2, 0xca,
+    0x34, 0xd4, 0xb8, 0x95, 0xfc, 0x4e, 0x67, 0xf3, 0xcb, 0x2a, 0x53, 0x63,
+    0xc4, 0xa3, 0x92, 0x78, 0x63, 0xe7, 0x46, 0x2a, 0xec, 0x90, 0xdf, 0xbc,
+    0x23, 0x72, 0x35, 0x97, 0xec, 0x39, 0xdc, 0xeb, 0x2e, 0x38, 0x16, 0x5d,
+    0xe7, 0xda, 0x8c, 0xf1, 0xb3, 0xe8, 0xa8, 0x04, 0xf7, 0xf6, 0xa7, 0xe4,
+    0xe0, 0x59, 0x5a, 0x3f, 0x6d, 0xd4, 0xab, 0xfd, 0xb7, 0xb8, 0x14, 0xe7,
+    0x16, 0x57, 0x6a, 0xd4, 0x9a, 0x57, 0xc3, 0x92, 0xdf, 0xff, 0x80, 0xdc,
+    0xdb, 0xe7, 0xe7, 0xe6, 0x2e, 0x7b, 0x16, 0x52, 0xcb, 0xf8, 0x4c, 0x36,
+    0x26, 0x59, 0x63, 0x58, 0xdb, 0x1c, 0x2e, 0xfc, 0xfc, 0xf3, 0xc1, 0x65,
+    0xf3, 0xc1, 0x8e, 0xb2, 0xfd, 0xd3, 0xeb, 0x3a, 0x59, 0x7f, 0xc2, 0xee,
+    0x1c, 0xdb, 0xcf, 0xf4, 0xb2, 0xfe, 0x2f, 0xc3, 0x01, 0xc5, 0x97, 0x8d,
+    0x7e, 0x6d, 0x44, 0xae, 0x8a, 0x5c, 0xfe, 0xbc, 0x8f, 0x9f, 0xc2, 0xda,
+    0xb4, 0x9b, 0x7f, 0x89, 0xcc, 0x8c, 0x82, 0xfe, 0x6f, 0x3b, 0x47, 0x2b,
+    0x2f, 0x42, 0x7b, 0x59, 0x7f, 0x1b, 0xad, 0x67, 0x7c, 0x59, 0x7f, 0xfe,
+    0x2c, 0xef, 0xfb, 0x7c, 0xfb, 0xf6, 0x8f, 0xc2, 0x8d, 0x65, 0xfb, 0xd3,
+    0x1e, 0x18, 0xb2, 0xc7, 0x94, 0x43, 0x8d, 0x7a, 0xfe, 0xce, 0x41, 0x81,
+    0x8b, 0x2f, 0x43, 0x3e, 0xb2, 0xa0, 0x79, 0x1f, 0x2c, 0xa9, 0x4f, 0x2b,
+    0x0e, 0x3b, 0x2c, 0x61, 0xd7, 0x85, 0xb8, 0x9c, 0x2f, 0xde, 0x6e, 0x4f,
+    0x6b, 0x2f, 0xdd, 0xf4, 0x53, 0xbd, 0x65, 0xfc, 0xfa, 0x8a, 0x0d, 0xe5,
+    0x97, 0xf8, 0x51, 0xf9, 0xb7, 0xe4, 0x4b, 0x2f, 0xe0, 0xfd, 0xe9, 0x2e,
+    0x96, 0x5f, 0x14, 0x9f, 0x8b, 0x2e, 0x7e, 0xf8, 0x7a, 0x1f, 0x2f, 0xa9,
+    0x4c, 0xdb, 0x0a, 0x1c, 0xaf, 0x85, 0xc2, 0x84, 0x3d, 0xdc, 0xe2, 0xcb,
+    0x62, 0xcb, 0xfe, 0x63, 0x5b, 0xe5, 0x9b, 0xbb, 0x74, 0x69, 0xf7, 0x8b,
+    0xdf, 0xe6, 0x20, 0x61, 0xdf, 0xb5, 0x95, 0x12, 0x21, 0xf7, 0xaa, 0xdf,
+    0xff, 0xe2, 0xce, 0xbf, 0xf9, 0xff, 0x22, 0x2c, 0x33, 0x6c, 0xec, 0x4b,
+    0x2f, 0xfd, 0xd4, 0x9f, 0xd9, 0xcc, 0x62, 0x59, 0x52, 0x8a, 0x6f, 0x34,
+    0xdf, 0xff, 0xfa, 0x13, 0xae, 0xe1, 0xcd, 0xbc, 0x14, 0xf6, 0x4f, 0xff,
+    0x3c, 0x4b, 0x2f, 0xda, 0x9d, 0xf3, 0xa5, 0x97, 0xd3, 0xd6, 0x1d, 0x65,
+    0xfe, 0xdb, 0x9c, 0xe3, 0x61, 0x8b, 0x2a, 0x23, 0xd7, 0xd1, 0x15, 0xff,
+    0xff, 0xf6, 0x30, 0xf6, 0xe7, 0x9b, 0x5e, 0x7d, 0xbe, 0xc1, 0x96, 0x3f,
+    0x79, 0x1a, 0xca, 0x64, 0x51, 0x78, 0x8e, 0xfe, 0x72, 0xda, 0x39, 0x25,
+    0x95, 0x2a, 0xb4, 0x32, 0x19, 0x9d, 0x91, 0x33, 0x8f, 0x23, 0x22, 0x11,
+    0x15, 0xf6, 0x1e, 0x7a, 0x59, 0x7f, 0x74, 0xd1, 0xe7, 0x7f, 0x59, 0x50,
+    0x3d, 0x23, 0x08, 0xad, 0xb2, 0xb2, 0xff, 0xa7, 0x0a, 0x1b, 0x67, 0x7c,
+    0xac, 0xa3, 0x4f, 0x3b, 0xe2, 0x95, 0x28, 0x94, 0x67, 0x1b, 0xd3, 0xa8,
+    0x2c, 0xbf, 0xff, 0xda, 0x17, 0x70, 0xe6, 0xd9, 0x21, 0xfa, 0x76, 0x73,
+    0x52, 0xb2, 0xb6, 0xba, 0x52, 0xad, 0x80, 0xfc, 0x2d, 0x8a, 0x4b, 0xbc,
+    0x70, 0xae, 0x84, 0x75, 0x63, 0x96, 0xdb, 0x90, 0xff, 0x36, 0x50, 0x27,
+    0x52, 0x81, 0xbb, 0x8d, 0x05, 0xa1, 0xd7, 0x14, 0xaf, 0x6d, 0x4a, 0xcb,
+    0x3c, 0xac, 0x6f, 0x4b, 0x99, 0x01, 0xc1, 0x4b, 0xc7, 0xe4, 0x72, 0x1f,
+    0x97, 0x97, 0xbe, 0x34, 0x83, 0x08, 0x77, 0x47, 0x2f, 0x47, 0x91, 0xac,
+    0xbf, 0xed, 0x39, 0x9b, 0x5c, 0x6f, 0x1a, 0xcb, 0xd0, 0xef, 0xa5, 0x97,
+    0xf3, 0x99, 0x11, 0x30, 0xd6, 0x5d, 0x00, 0x2c, 0xba, 0x33, 0xac, 0xad,
+    0xa6, 0xbd, 0x85, 0xef, 0xff, 0xc4, 0xd1, 0xed, 0x6c, 0x2c, 0xeb, 0x77,
+    0xf8, 0x75, 0x97, 0x8f, 0x3d, 0x2c, 0xbd, 0xdf, 0xb2, 0x23, 0xf6, 0x02,
+    0xcd, 0xff, 0xfd, 0x91, 0xb9, 0x7f, 0x93, 0xd6, 0xd3, 0x9d, 0x8b, 0xa5,
+    0x97, 0xf4, 0x39, 0x14, 0x26, 0x25, 0x94, 0x34, 0x47, 0x76, 0xbd, 0x7f,
+    0x0f, 0x8f, 0x3d, 0xc1, 0x65, 0x49, 0xe9, 0x39, 0x25, 0xfe, 0x8b, 0xcd,
+    0x27, 0x71, 0xac, 0xbf, 0xdb, 0x75, 0x8d, 0xe9, 0x1a, 0xca, 0x93, 0xe7,
+    0x23, 0x3a, 0xc5, 0x65, 0x46, 0x8f, 0x31, 0xe6, 0x87, 0xfc, 0xba, 0xf0,
+    0x98, 0x28, 0xc5, 0x45, 0x08, 0x7b, 0xec, 0x23, 0x77, 0x16, 0x5f, 0xff,
+    0xff, 0xbc, 0xdf, 0xf6, 0x6a, 0x77, 0xed, 0x38, 0xb7, 0x76, 0xe7, 0x70,
+    0xc1, 0x10, 0x38, 0xb2, 0xdf, 0x64, 0x59, 0x70, 0x96, 0xff, 0xf8, 0xa2,
+    0xf4, 0xb6, 0x98, 0xed, 0xb3, 0x27, 0x59, 0x73, 0x1d, 0x65, 0xff, 0xf7,
+    0x70, 0x26, 0x8b, 0x69, 0x67, 0xf8, 0xda, 0x59, 0x4c, 0x8b, 0x98, 0x94,
+    0x4c, 0x16, 0xbf, 0xf1, 0xce, 0xd1, 0x79, 0xca, 0x65, 0x65, 0xfe, 0x78,
+    0x45, 0xe6, 0xef, 0xeb, 0x2f, 0xfa, 0x02, 0x2f, 0xce, 0xf7, 0xf2, 0xcb,
+    0xff, 0x4f, 0x5b, 0x49, 0xf8, 0x79, 0x25, 0x97, 0xe9, 0x2f, 0xed, 0x1a,
+    0xcb, 0xfa, 0x4f, 0x98, 0x46, 0xac, 0xbf, 0x7f, 0x68, 0x3b, 0x02, 0xca,
+    0x64, 0x40, 0xf8, 0xa4, 0x45, 0x97, 0xff, 0xbc, 0xdd, 0x7b, 0x36, 0xf0,
+    0x5e, 0x9d, 0xc5, 0x97, 0xf1, 0x4f, 0x70, 0x62, 0x59, 0x4b, 0x2f, 0xf6,
+    0x78, 0xb3, 0xfe, 0x65, 0x94, 0x33, 0xe8, 0x22, 0xcf, 0x85, 0xdf, 0xf7,
+    0xe6, 0x1c, 0x8a, 0x13, 0x1a, 0xcb, 0x66, 0x26, 0x43, 0xdc, 0x2e, 0x3e,
+    0x5d, 0x7f, 0xfd, 0xff, 0x60, 0x36, 0x9e, 0x73, 0xe3, 0xc2, 0x59, 0x6d,
+    0x2c, 0xb1, 0x8b, 0x2f, 0xe7, 0x1e, 0xb4, 0x28, 0xd6, 0x5f, 0xa7, 0x0b,
+    0xfb, 0x2b, 0x2d, 0xb0, 0x2c, 0xac, 0x44, 0x89, 0xa2, 0x3d, 0x09, 0x1c,
+    0xbf, 0x85, 0x37, 0xdf, 0x6d, 0x62, 0xcb, 0x77, 0xb4, 0xfb, 0x31, 0x2e,
+    0xdc, 0xc4, 0xdd, 0xde, 0x34, 0xda, 0x1a, 0xe2, 0xfc, 0x46, 0xa7, 0x3a,
+    0xf4, 0x30, 0x0a, 0x35, 0x0f, 0xc7, 0x65, 0x7f, 0xff, 0x16, 0x19, 0x91,
+    0xed, 0xdc, 0xc7, 0x37, 0x6e, 0x8c, 0xd2, 0xcb, 0xff, 0xff, 0xcd, 0x87,
+    0xcf, 0x36, 0x1f, 0x69, 0x67, 0xfd, 0x90, 0xf3, 0x61, 0xd6, 0x5f, 0xff,
+    0xfd, 0x06, 0xe1, 0x66, 0xff, 0x64, 0x5e, 0x92, 0x8b, 0x6b, 0xf4, 0xdb,
+    0xd6, 0x5f, 0xfe, 0x6c, 0x30, 0xb3, 0x99, 0xef, 0x37, 0x16, 0x5b, 0x3b,
+    0x46, 0x07, 0xde, 0x2f, 0xff, 0xe6, 0xc3, 0x0b, 0x23, 0xc1, 0x7c, 0x9c,
+    0xd7, 0xe2, 0xcb, 0xff, 0x66, 0xbd, 0x3b, 0x5f, 0xe2, 0x95, 0x97, 0xff,
+    0x73, 0x3a, 0xdb, 0xdc, 0x38, 0x4d, 0x12, 0xcb, 0xff, 0xff, 0x16, 0x6f,
+    0xf6, 0x6b, 0x59, 0xfe, 0x6e, 0xfe, 0x79, 0xe6, 0xc5, 0x96, 0x9f, 0xa2,
+    0xe0, 0xc4, 0x9a, 0x64, 0xc8, 0x35, 0x0f, 0x7b, 0xff, 0xfe, 0xc2, 0x37,
+    0x6e, 0xa7, 0x7b, 0x7f, 0x98, 0x6b, 0x69, 0xfb, 0x59, 0x51, 0xab, 0xd0,
+    0xf3, 0x29, 0x46, 0x6b, 0xc2, 0x9f, 0xc6, 0xf4, 0x19, 0x45, 0x32, 0xe5,
+    0x08, 0xa7, 0x0e, 0xef, 0xff, 0x30, 0xf6, 0x9d, 0xb6, 0xc8, 0xde, 0x2e,
+    0x2c, 0xbf, 0x79, 0xbf, 0x87, 0x59, 0x68, 0x2c, 0xa0, 0xa9, 0xb8, 0x81,
+    0x3d, 0xb5, 0x28, 0xab, 0x8e, 0x10, 0xd7, 0xee, 0x72, 0x4b, 0xa5, 0x97,
+    0xff, 0xc5, 0x16, 0xdf, 0x74, 0xdc, 0xc1, 0xc7, 0x86, 0x2c, 0xba, 0x3f,
+    0x61, 0xfe, 0xb9, 0x45, 0xfa, 0x13, 0xdc, 0x38, 0xb2, 0xff, 0xff, 0xff,
+    0xd8, 0x46, 0xed, 0x6f, 0x08, 0x24, 0x4d, 0xf9, 0x39, 0x39, 0xbe, 0x60,
+    0x99, 0xee, 0xc1, 0x23, 0x49, 0x7f, 0xff, 0x9b, 0x5e, 0xce, 0xdf, 0xbd,
+    0xa7, 0x21, 0x7f, 0x6e, 0xfe, 0x2c, 0xbf, 0xff, 0xf3, 0x18, 0x31, 0x6b,
+    0x68, 0xa6, 0x3e, 0x75, 0xe1, 0x7b, 0xb7, 0x31, 0x65, 0xff, 0xfd, 0x9b,
+    0xe4, 0xb6, 0xf1, 0xb4, 0xe0, 0x72, 0x8a, 0x56, 0x57, 0x48, 0xd1, 0xf3,
+    0xad, 0xa3, 0xed, 0x51, 0x43, 0x14, 0x9e, 0x14, 0x3c, 0x8c, 0xea, 0xb1,
+    0x55, 0x30, 0xa5, 0x2a, 0xdf, 0x8b, 0x3f, 0xe6, 0x59, 0x7f, 0xef, 0x36,
+    0x75, 0x3f, 0xf3, 0x62, 0xca, 0x34, 0xf8, 0xf7, 0x49, 0xae, 0x1e, 0x2c,
+    0xa9, 0x67, 0xa1, 0x64, 0x38, 0x58, 0xc7, 0xd4, 0x93, 0xd7, 0x86, 0xc1,
+    0x4b, 0x51, 0x14, 0x23, 0xb6, 0x49, 0xae, 0xcd, 0x2c, 0xb6, 0xea, 0xcb,
+    0x1d, 0x65, 0xfe, 0x78, 0x61, 0xdc, 0x80, 0xb2, 0xfb, 0x3d, 0x31, 0x2c,
+    0xad, 0x80, 0xf9, 0x3c, 0x22, 0xe6, 0x37, 0x73, 0x16, 0x5c, 0x7e, 0xb6,
+    0x9e, 0x4b, 0x19, 0xdb, 0x71, 0x65, 0xfb, 0xe2, 0x20, 0x71, 0x65, 0xff,
+    0xff, 0xdd, 0x16, 0x6f, 0xdb, 0xc6, 0xc2, 0x06, 0xd2, 0xcd, 0xe5, 0x9c,
+    0xde, 0xb2, 0xff, 0x8d, 0x7f, 0xf2, 0x22, 0x63, 0x16, 0x5f, 0x39, 0xdb,
+    0x8b, 0x2f, 0xde, 0x73, 0xb7, 0x16, 0x51, 0xa8, 0x83, 0xf1, 0xdf, 0x08,
+    0x6b, 0x49, 0x96, 0x94, 0x3f, 0x2f, 0xff, 0x78, 0x58, 0x46, 0xed, 0xff,
+    0x70, 0xc2, 0x59, 0x7f, 0xb1, 0xcf, 0xb7, 0x66, 0x4e, 0xb2, 0xff, 0xf4,
+    0x27, 0x9e, 0x16, 0xb3, 0xff, 0x63, 0xac, 0xa1, 0xa3, 0x3b, 0xa4, 0xde,
+    0xcd, 0xef, 0xfc, 0x58, 0x23, 0x74, 0xd2, 0x7c, 0x59, 0x7f, 0xfe, 0x14,
+    0xed, 0x2c, 0x1f, 0x98, 0xd1, 0xc9, 0xa0, 0x59, 0x58, 0x9d, 0xee, 0xa1,
+    0xec, 0x73, 0x22, 0x3d, 0xbf, 0xfd, 0xff, 0x66, 0xef, 0xe2, 0xcd, 0xc7,
+    0x20, 0x2c, 0xbf, 0xd2, 0x77, 0x2e, 0xe1, 0x2b, 0x28, 0x91, 0x05, 0xf5,
+    0x0b, 0xff, 0xb1, 0x81, 0xb4, 0xb3, 0x7b, 0x69, 0xd6, 0x53, 0x1f, 0x3f,
+    0xc8, 0xaf, 0x8c, 0xdb, 0xc8, 0x96, 0x5b, 0xeb, 0x2a, 0x4d, 0xc3, 0x93,
+    0xdf, 0xf8, 0xa3, 0x2c, 0xdf, 0xc1, 0x4f, 0x6b, 0x2f, 0xfb, 0xd3, 0xde,
+    0xd0, 0xb3, 0x78, 0x19, 0x65, 0xfb, 0xfd, 0xc1, 0xb6, 0x56, 0x50, 0xcf,
+    0xbf, 0x88, 0x75, 0x28, 0xd2, 0x8e, 0x16, 0x15, 0x05, 0xdc, 0x2c, 0x14,
+    0x69, 0x62, 0x5c, 0x8c, 0xab, 0xeb, 0x22, 0x87, 0x8d, 0xfb, 0x7e, 0xef,
+    0xf3, 0xcb, 0x2f, 0xfd, 0x9c, 0x14, 0x9b, 0xc9, 0xd4, 0x4b, 0x29, 0x8f,
+    0xb4, 0xc2, 0xdb, 0xed, 0x41, 0xc6, 0xb2, 0xe7, 0xe9, 0x65, 0xfb, 0x59,
+    0xb2, 0xc0, 0x59, 0x7f, 0xba, 0xf3, 0x78, 0x85, 0x1a, 0xcb, 0xf4, 0xf6,
+    0x0d, 0x4a, 0xca, 0x81, 0xee, 0xfc, 0xd6, 0xa3, 0x45, 0x49, 0x42, 0x1e,
+    0xf7, 0xf0, 0x2e, 0xb2, 0x82, 0xa9, 0x84, 0x4c, 0x30, 0x30, 0xa2, 0xff,
+    0x4e, 0x7c, 0x01, 0x94, 0x16, 0x5d, 0x9e, 0x59, 0x44, 0x79, 0x3b, 0x26,
+    0x77, 0x1b, 0x2b, 0x2e, 0xc1, 0xac, 0xad, 0xac, 0x9b, 0xed, 0x88, 0x5a,
+    0x38, 0x60, 0xc2, 0x77, 0xcb, 0x21, 0xae, 0xe4, 0x5c, 0x8c, 0xab, 0xf0,
+    0x81, 0x11, 0x26, 0xf1, 0x7b, 0xf3, 0x7f, 0x98, 0x05, 0x97, 0xef, 0x66,
+    0xf6, 0xde, 0xb2, 0xff, 0xfb, 0x35, 0xdb, 0xc5, 0xb7, 0xcd, 0xa2, 0xc8,
+    0xd6, 0x5f, 0xff, 0xef, 0xfa, 0x62, 0xda, 0x59, 0xe6, 0xff, 0x05, 0xd0,
+    0xa5, 0x65, 0x88, 0xd4, 0x5b, 0xba, 0x9d, 0xd8, 0x05, 0x97, 0xff, 0x10,
+    0x0b, 0x1a, 0x2f, 0x49, 0x1a, 0xb2, 0x98, 0xf6, 0x5c, 0x5a, 0xfe, 0x87,
+    0x3e, 0xd3, 0xda, 0xcb, 0xff, 0xfe, 0x78, 0xb6, 0xf3, 0x99, 0xed, 0x6b,
+    0x0c, 0x2c, 0x31, 0xc0, 0xb2, 0xfd, 0x25, 0xe7, 0x82, 0xcb, 0xfe, 0xfe,
+    0x47, 0x3c, 0x6d, 0x62, 0xcb, 0xd2, 0x39, 0x59, 0x43, 0x3f, 0x9e, 0xc9,
+    0x8e, 0x71, 0x4b, 0x29, 0x65, 0xff, 0x7f, 0x23, 0x9e, 0x36, 0xb1, 0x65,
+    0xe9, 0x1c, 0xac, 0xbd, 0xc7, 0x8b, 0x6a, 0x26, 0x64, 0xc3, 0x02, 0xfb,
+    0x0b, 0x39, 0xc5, 0xb0, 0x93, 0xd9, 0xfc, 0x6f, 0x97, 0xdb, 0x00, 0x5b,
+    0xd8, 0xf6, 0x05, 0x97, 0xcc, 0xe4, 0x35, 0x96, 0x33, 0x69, 0xec, 0x0c,
+    0xe2, 0xfd, 0x8f, 0xdc, 0x38, 0xb2, 0xfe, 0x78, 0xbf, 0x85, 0xf5, 0x94,
+    0x03, 0xd5, 0x30, 0xa2, 0xa0, 0x99, 0x4b, 0x42, 0x1b, 0x90, 0x80, 0xbe,
+    0xeb, 0xcd, 0xd2, 0xcb, 0xe1, 0x7a, 0x4e, 0xb2, 0xff, 0xf8, 0x5a, 0xd4,
+    0x96, 0x1a, 0xde, 0xf6, 0x06, 0xb2, 0xa5, 0x12, 0xd8, 0x49, 0xa2, 0x2b,
+    0xef, 0x48, 0x89, 0x65, 0xf0, 0x9f, 0xbf, 0xac, 0xb8, 0xbe, 0xb2, 0xff,
+    0xff, 0xe3, 0x73, 0x5a, 0x63, 0xed, 0x8a, 0x02, 0x3f, 0x70, 0xe7, 0x27,
+    0x5d, 0x2c, 0xbb, 0xce, 0xb2, 0xce, 0xc8, 0x90, 0xde, 0xf5, 0x7e, 0x96,
+    0x36, 0x4e, 0xb2, 0xf6, 0x9b, 0xb5, 0x97, 0x84, 0x39, 0x59, 0x7f, 0xfc,
+    0xc3, 0x67, 0xfb, 0x3f, 0xf6, 0xf1, 0xa2, 0x59, 0x50, 0x5f, 0x9b, 0x19,
+    0x3e, 0x43, 0x88, 0xd8, 0x40, 0xf6, 0x41, 0x14, 0xb3, 0x0d, 0x43, 0x40,
+    0xe5, 0xde, 0x21, 0x72, 0x32, 0x85, 0x37, 0x0a, 0x7e, 0x4f, 0xbc, 0x77,
+    0x64, 0x72, 0xdb, 0xab, 0x2f, 0x47, 0x31, 0xac, 0xa5, 0x97, 0xf6, 0x1c,
+    0x7e, 0xce, 0x2c, 0xbf, 0x47, 0xb7, 0xa6, 0x8d, 0x65, 0xfd, 0xce, 0xba,
+    0x72, 0x35, 0x65, 0x6c, 0x34, 0x4a, 0xc6, 0x17, 0xa2, 0xdf, 0x96, 0xdf,
+    0xe2, 0xdb, 0xbf, 0xb8, 0x72, 0x25, 0x97, 0xfd, 0x0e, 0x79, 0xb0, 0xb3,
+    0x7a, 0xcb, 0xff, 0xfc, 0x3f, 0x67, 0xfe, 0xe5, 0xd6, 0x36, 0x98, 0xf2,
+    0x6a, 0xcb, 0xa3, 0xed, 0x65, 0xfb, 0xcf, 0xb9, 0x20, 0x59, 0x43, 0x4c,
+    0x5b, 0xb3, 0xa6, 0x39, 0x76, 0x0d, 0xd1, 0x9b, 0xf6, 0xd0, 0xe3, 0x98,
+    0xd6, 0x5f, 0x8b, 0x3c, 0xff, 0x59, 0x50, 0x3d, 0x38, 0x8b, 0x6f, 0xe3,
+    0x5b, 0xbe, 0x0b, 0x8b, 0x2b, 0x47, 0xa6, 0x44, 0x77, 0xc3, 0xdb, 0x3b,
+    0x8b, 0x2a, 0x55, 0x4a, 0xe4, 0x6b, 0x4d, 0x0f, 0x30, 0xc8, 0x6f, 0xf4,
+    0xed, 0x2c, 0xdf, 0x9e, 0x59, 0x66, 0x59, 0x7f, 0xc2, 0x2d, 0xb1, 0x34,
+    0x62, 0x89, 0x65, 0xfd, 0x83, 0x8a, 0x13, 0xb8, 0xb2, 0xff, 0xef, 0x9b,
+    0x3d, 0xc3, 0x9d, 0xc2, 0x4d, 0x59, 0x63, 0xac, 0xbf, 0x8e, 0x4e, 0x6f,
+    0x9b, 0x69, 0xed, 0x46, 0x93, 0x7f, 0xc7, 0xe3, 0xc5, 0xbb, 0xec, 0x8d,
+    0x65, 0x4a, 0x21, 0x71, 0x1e, 0xa3, 0x4d, 0xbf, 0x47, 0xdf, 0x8c, 0x42,
+    0xec, 0x25, 0x97, 0xa1, 0x20, 0x59, 0x6d, 0x0c, 0xd8, 0xe0, 0xad, 0xf0,
+    0x39, 0xb9, 0xd2, 0xca, 0x63, 0xcd, 0x11, 0x35, 0xfd, 0xee, 0xbd, 0x3a,
+    0x89, 0x65, 0xf8, 0x19, 0xf0, 0xe3, 0x59, 0x7f, 0x8b, 0x0c, 0xdd, 0xfe,
+    0x79, 0x65, 0xfd, 0xcc, 0xf7, 0xd8, 0xd5, 0x97, 0xfd, 0xcf, 0x0a, 0x2d,
+    0xa6, 0x6e, 0x76, 0xb2, 0xc6, 0x44, 0x8a, 0x7e, 0x1b, 0x7c, 0xba, 0xdf,
+    0x59, 0x6e, 0x2c, 0xbf, 0x19, 0xfc, 0xf6, 0xd3, 0x4d, 0x17, 0x62, 0x37,
+    0xa3, 0x81, 0xab, 0x2a, 0x53, 0x8d, 0xc8, 0x68, 0xba, 0xd0, 0x90, 0xeb,
+    0x63, 0x64, 0x16, 0x48, 0xa4, 0x25, 0xa4, 0x1a, 0x91, 0xd1, 0xab, 0x46,
+    0xff, 0xe8, 0x5b, 0x39, 0x09, 0x47, 0x7b, 0x7f, 0xf4, 0x1f, 0x99, 0x1b,
+    0xfe, 0x3c, 0x31, 0x65, 0xff, 0x67, 0xb6, 0x86, 0xfb, 0x9e, 0xc5, 0x97,
+    0xf7, 0xb3, 0xa8, 0x49, 0xd6, 0x5f, 0xef, 0x64, 0x1c, 0xb3, 0xb5, 0x95,
+    0x87, 0xc1, 0xf2, 0xeb, 0xff, 0xff, 0x42, 0x63, 0xee, 0x1c, 0x63, 0x76,
+    0xf3, 0x3a, 0x63, 0x8b, 0x51, 0xac, 0xbd, 0xfe, 0x86, 0xb2, 0xff, 0x61,
+    0x9b, 0x7c, 0xd8, 0x75, 0x97, 0xff, 0xd1, 0xe3, 0x17, 0xcb, 0x37, 0xed,
+    0xe1, 0x84, 0xb2, 0xe7, 0x06, 0xd4, 0x53, 0x46, 0x3d, 0xc3, 0x5a, 0xed,
+    0x35, 0x82, 0x8c, 0x6a, 0xff, 0xfe, 0x6f, 0xf3, 0x0d, 0x62, 0x21, 0x38,
+    0x3e, 0xe0, 0x59, 0x7f, 0x7b, 0x0b, 0xb9, 0x35, 0x65, 0xfc, 0xe5, 0xf1,
+    0x6a, 0x35, 0x94, 0xca, 0xcf, 0x00, 0x8c, 0x50, 0x9e, 0xfc, 0x6f, 0x3b,
+    0xca, 0x8c, 0x59, 0x0c, 0xba, 0xee, 0xfe, 0xb2, 0xdb, 0xab, 0x2b, 0x69,
+    0xac, 0x18, 0xc5, 0xec, 0x68, 0x96, 0x5f, 0xf9, 0xb2, 0x2d, 0xbc, 0x9f,
+    0x3e, 0xe2, 0xcb, 0xfc, 0xfd, 0xfb, 0x3e, 0x07, 0x59, 0x76, 0x44, 0xb2,
+    0xb0, 0xf2, 0x98, 0xce, 0xff, 0xd3, 0xed, 0xba, 0xc8, 0xf1, 0xce, 0xb2,
+    0xff, 0xf7, 0x05, 0x85, 0xb4, 0xb3, 0xde, 0x71, 0xac, 0xbf, 0xd9, 0x1e,
+    0xd8, 0xa3, 0x06, 0x96, 0x54, 0x11, 0x07, 0xf4, 0xab, 0xe2, 0x9d, 0x4a,
+    0xcb, 0xff, 0xf8, 0x7b, 0x78, 0xdb, 0x32, 0x40, 0xf6, 0x16, 0x37, 0x96,
+    0x5f, 0xfe, 0x6d, 0x99, 0x20, 0x7b, 0x0b, 0x1b, 0xcb, 0x2f, 0x8b, 0x0f,
+    0xb4, 0x91, 0x4d, 0xc5, 0xdb, 0xfe, 0xef, 0x27, 0xb8, 0x8a, 0x4e, 0xb2,
+    0xfe, 0xef, 0x9e, 0xc7, 0xd2, 0xcb, 0xff, 0xff, 0x31, 0xf4, 0xd9, 0xd9,
+    0x0b, 0xf3, 0xed, 0xbb, 0xdb, 0xf1, 0x4a, 0xca, 0x74, 0x4f, 0x7c, 0xba,
+    0xff, 0xd2, 0x5f, 0x98, 0x31, 0x1b, 0x2b, 0x2a, 0x35, 0x7c, 0xa3, 0x1c,
+    0x36, 0x11, 0xbd, 0x10, 0x77, 0x0c, 0x36, 0x23, 0x8a, 0x18, 0xde, 0x3a,
+    0xfc, 0x36, 0x37, 0x91, 0x5f, 0xff, 0x63, 0xc7, 0xe9, 0x6f, 0xf2, 0x63,
+    0xce, 0x2c, 0xbf, 0xda, 0x8e, 0x5b, 0x58, 0x4b, 0x2f, 0x1b, 0xc8, 0x96,
+    0x56, 0x1e, 0x8f, 0x66, 0x56, 0x3a, 0xcd, 0xa6, 0x8a, 0xfa, 0x26, 0xc8,
+    0xd6, 0x5e, 0x2c, 0x1a, 0xcb, 0xf0, 0x30, 0x5a, 0x8d, 0x65, 0xc1, 0xf1,
+    0x65, 0xe1, 0xfa, 0x56, 0x6d, 0x2e, 0x2b, 0x0f, 0xb8, 0x48, 0x37, 0xdb,
+    0x7c, 0xf1, 0x2c, 0xa9, 0x4c, 0x57, 0x08, 0xfb, 0x23, 0x28, 0x44, 0xf0,
+    0x86, 0xfc, 0x53, 0x86, 0x46, 0xb2, 0xf6, 0xc8, 0xbe, 0xb2, 0xfd, 0xfe,
+    0x13, 0x1a, 0xb2, 0xb6, 0x33, 0xf0, 0x81, 0x41, 0xc8, 0x2f, 0xee, 0xf9,
+    0x98, 0x46, 0xac, 0xbe, 0x38, 0x72, 0x05, 0x97, 0xff, 0xa3, 0x1e, 0x9f,
+    0xa2, 0xcd, 0xfa, 0x6e, 0x2c, 0xa9, 0x46, 0x96, 0x1a, 0x31, 0x70, 0x88,
+    0xee, 0xff, 0x16, 0x5f, 0xdf, 0xf3, 0xc4, 0x19, 0xd6, 0x52, 0xcb, 0x79,
+    0x65, 0x78, 0xbc, 0x70, 0xbb, 0xb3, 0x8b, 0x2e, 0x7d, 0x2c, 0xb0, 0x20,
+    0x6b, 0x34, 0x2d, 0x7c, 0xf0, 0x0c, 0x6b, 0x2d, 0xf9, 0x3c, 0xaf, 0x13,
+    0xd3, 0xa6, 0x10, 0x04, 0xc2, 0x84, 0xad, 0xd2, 0x35, 0x97, 0x71, 0x96,
+    0x5d, 0xd8, 0x16, 0x57, 0x8f, 0x10, 0x2e, 0x2c, 0x21, 0x6b, 0xfb, 0x93,
+    0xd8, 0x35, 0x2b, 0x2e, 0x1b, 0x2c, 0xa9, 0x65, 0x7e, 0xc7, 0x09, 0xfc,
+    0x9c, 0x08, 0xea, 0x14, 0xed, 0x1e, 0xbe, 0xa3, 0x90, 0xf1, 0xd3, 0xc6,
+    0x3e, 0x4f, 0x1c, 0x33, 0xde, 0x5d, 0x7b, 0x7f, 0xb1, 0x65, 0xf3, 0x1e,
+    0x7c, 0xb2, 0xfc, 0xfe, 0xda, 0x39, 0x59, 0x4c, 0x7d, 0x1e, 0x1e, 0xf9,
+    0x0d, 0xfd, 0xf2, 0x98, 0x67, 0xd6, 0x5f, 0x61, 0x3c, 0x16, 0x5f, 0x7f,
+    0x81, 0xf3, 0x69, 0xe6, 0x6c, 0x65, 0x97, 0xfb, 0xed, 0x1e, 0x78, 0x5f,
+    0x59, 0x6c, 0x59, 0x7b, 0x92, 0x6a, 0xca, 0xf1, 0xad, 0xf8, 0x85, 0xa2,
+    0x59, 0x7f, 0x60, 0xb3, 0xdd, 0x46, 0xb2, 0xa4, 0xf0, 0x78, 0x25, 0x7e,
+    0xdb, 0x83, 0xc2, 0x59, 0x5d, 0x9e, 0x49, 0x10, 0xde, 0xf4, 0x8d, 0x65,
+    0x4a, 0x3a, 0x72, 0x15, 0x71, 0x11, 0x5f, 0xff, 0xc2, 0xdb, 0xd7, 0x98,
+    0x65, 0x2f, 0x1f, 0x5e, 0x7d, 0x2c, 0xbf, 0xb3, 0x40, 0x62, 0xfa, 0xcb,
+    0xbb, 0xed, 0x65, 0x8f, 0xb4, 0xf1, 0x4e, 0x59, 0x7e, 0xfb, 0x46, 0x4e,
+    0xb2, 0xff, 0xef, 0xf3, 0x6e, 0xef, 0xf3, 0xdf, 0x63, 0xac, 0xba, 0x39,
+    0x59, 0x50, 0x44, 0x41, 0x13, 0xfd, 0x2a, 0xfe, 0xf3, 0xc0, 0xfa, 0x65,
+    0x97, 0xff, 0x1a, 0x6b, 0xff, 0x9f, 0x29, 0xee, 0x0b, 0x2f, 0xec, 0xc7,
+    0x2f, 0xf1, 0x65, 0xf8, 0xa6, 0x19, 0xf5, 0x94, 0x47, 0xa3, 0xf2, 0xba,
+    0x94, 0x5c, 0xc2, 0x13, 0x17, 0x37, 0x16, 0x58, 0xeb, 0x2f, 0x6b, 0x3b,
+    0x59, 0x7b, 0x1a, 0x35, 0x97, 0xd2, 0x73, 0xb2, 0xcb, 0x64, 0x66, 0xf7,
+    0xe3, 0x94, 0x34, 0x54, 0x78, 0x58, 0x02, 0x24, 0xb5, 0x7d, 0x87, 0x17,
+    0xd6, 0x5f, 0xfa, 0x7a, 0x2c, 0xdf, 0xbb, 0xa7, 0xed, 0x65, 0xfe, 0x6c,
+    0xef, 0x77, 0x4f, 0xda, 0xcb, 0x8b, 0x38, 0x7f, 0x7b, 0xa8, 0x97, 0xd1,
+    0x8b, 0x5d, 0x2c, 0xbf, 0xf6, 0x6e, 0xb6, 0x77, 0xbb, 0xa7, 0xed, 0x65,
+    0xff, 0x1b, 0x25, 0x0c, 0xf3, 0x1d, 0x65, 0xce, 0x6e, 0xd4, 0x68, 0xc6,
+    0x5e, 0x44, 0xbf, 0x45, 0xbf, 0x37, 0x39, 0x27, 0x59, 0x4c, 0xa8, 0x73,
+    0x47, 0x85, 0x1b, 0x76, 0xf4, 0xba, 0x95, 0xfd, 0x5c, 0x7a, 0x35, 0x09,
+    0xa3, 0x4a, 0xd1, 0xa1, 0xe1, 0x48, 0xf0, 0xb2, 0x01, 0x79, 0x43, 0x98,
+    0x52, 0xba, 0xef, 0xc3, 0x62, 0x71, 0xac, 0xbd, 0xc1, 0xf6, 0xb2, 0xf7,
+    0xb6, 0x3d, 0x2c, 0xb8, 0x1d, 0x2c, 0xbf, 0xfd, 0x91, 0x7a, 0x48, 0xd2,
+    0xcf, 0xf8, 0x4b, 0x2b, 0x6a, 0x21, 0x0d, 0x22, 0xf0, 0xc5, 0xf7, 0x42,
+    0x78, 0x2c, 0xad, 0xa8, 0xf8, 0x84, 0x28, 0xbb, 0x33, 0xa6, 0x4d, 0x5b,
+    0x51, 0x8f, 0x5f, 0xda, 0xf6, 0x68, 0x58, 0xb2, 0xff, 0xfe, 0xce, 0xe1,
+    0xcf, 0xfa, 0x4f, 0x2c, 0x3d, 0xb3, 0xb1, 0x2c, 0xbf, 0xfc, 0x51, 0x31,
+    0xf5, 0x9d, 0xc3, 0x82, 0x89, 0x65, 0xff, 0xe2, 0xeb, 0xcf, 0xfd, 0xba,
+    0xcf, 0xbf, 0x6b, 0x2b, 0x13, 0x29, 0x62, 0xd7, 0x62, 0x12, 0x6d, 0xff,
+    0x68, 0xb2, 0x38, 0xc5, 0xa8, 0xd6, 0x5f, 0xb4, 0x44, 0xfe, 0x59, 0x7f,
+    0x16, 0xde, 0xb8, 0x01, 0xac, 0xa9, 0x44, 0x9b, 0x1e, 0x39, 0x35, 0xff,
+    0xfc, 0xdc, 0xf6, 0x6b, 0x53, 0x1e, 0xdc, 0x21, 0xfa, 0x56, 0x5f, 0xf8,
+    0x5c, 0xda, 0x70, 0xfc, 0xfe, 0x95, 0x97, 0xec, 0xf8, 0xb3, 0xb5, 0x97,
+    0x8d, 0xce, 0xd6, 0x5d, 0x31, 0x6d, 0x3c, 0x6f, 0x94, 0x56, 0x26, 0x28,
+    0x4b, 0x82, 0x84, 0x45, 0xff, 0xfc, 0x67, 0xf1, 0x8f, 0xb4, 0xb3, 0xa6,
+    0xd6, 0x9a, 0x35, 0x97, 0xff, 0xff, 0xe1, 0x16, 0xd3, 0x1f, 0xb8, 0x69,
+    0xc1, 0xb7, 0x82, 0x9e, 0xfd, 0x8c, 0x58, 0x6a, 0xcb, 0xff, 0xff, 0xfd,
+    0xd6, 0x74, 0x59, 0xff, 0x0b, 0xcf, 0xdc, 0x39, 0xfd, 0x61, 0x98, 0xc3,
+    0xff, 0x19, 0x65, 0xff, 0xfe, 0xf8, 0xb0, 0xb6, 0xb6, 0x7c, 0xa4, 0x1b,
+    0x71, 0x86, 0xb2, 0xff, 0x8f, 0x87, 0xda, 0x7d, 0xcd, 0xf0, 0x59, 0x7f,
+    0xff, 0xfb, 0x36, 0xe8, 0x3e, 0x4e, 0xde, 0x36, 0x14, 0x5c, 0xfb, 0x64,
+    0x65, 0x2b, 0x2b, 0x49, 0x8e, 0x9d, 0x87, 0xc8, 0x37, 0xff, 0xda, 0xd6,
+    0x7f, 0x9e, 0x6c, 0xdb, 0xe0, 0x4a, 0xca, 0x95, 0x46, 0x0d, 0x1d, 0x70,
+    0x8c, 0x6f, 0xff, 0xe9, 0xf6, 0x0c, 0xd1, 0x4f, 0xb3, 0xf2, 0x77, 0xfa,
+    0xca, 0x95, 0x74, 0xf8, 0xbd, 0xe9, 0x57, 0x22, 0x36, 0xbf, 0xff, 0xfe,
+    0x68, 0xbd, 0x9c, 0xd6, 0x75, 0xb7, 0xcd, 0x85, 0x9b, 0xcb, 0x06, 0x22,
+    0x59, 0x7e, 0xc2, 0xe8, 0x33, 0xac, 0xbf, 0xfb, 0xd9, 0x25, 0x11, 0x67,
+    0xf8, 0xeb, 0x2d, 0x02, 0x47, 0x57, 0xdf, 0xf7, 0x4a, 0x6f, 0xfd, 0xbb,
+    0xf9, 0xe4, 0x50, 0x7d, 0x46, 0xb2, 0xf7, 0xd8, 0xd5, 0x97, 0x61, 0xf6,
+    0x9f, 0x0e, 0xc6, 0x89, 0x7f, 0xf3, 0x46, 0xe7, 0x3b, 0x6d, 0x1b, 0x6f,
+    0x59, 0x43, 0x3f, 0xcd, 0x1a, 0x5e, 0x89, 0xb7, 0x16, 0x5f, 0xff, 0xdf,
+    0x68, 0xf0, 0x7b, 0x4e, 0xf0, 0xd3, 0x46, 0xe7, 0x59, 0x7f, 0xa3, 0x73,
+    0x94, 0xea, 0x25, 0x97, 0xfd, 0xde, 0x1a, 0x03, 0xe6, 0xdd, 0x62, 0x24,
+    0x99, 0x7a, 0xf8, 0x0e, 0xf1, 0x2c, 0xb4, 0xac, 0xbd, 0x85, 0x1e, 0xd3,
+    0x65, 0xd1, 0x15, 0xff, 0xf6, 0x0b, 0x5b, 0x62, 0xf0, 0x8d, 0x6c, 0x23,
+    0x56, 0x5f, 0xc7, 0x10, 0x36, 0x9f, 0x4b, 0x2f, 0xff, 0x9f, 0xf3, 0xa1,
+    0x1d, 0xb9, 0xb7, 0x90, 0xe2, 0xcb, 0xfe, 0xd4, 0x73, 0x1c, 0x62, 0xd4,
+    0x6b, 0x2f, 0xfd, 0xb6, 0x2f, 0x08, 0xd6, 0xc2, 0x35, 0x65, 0xff, 0xfa,
+    0x77, 0x36, 0xf7, 0x09, 0x8f, 0xb8, 0x70, 0x9c, 0xd5, 0x97, 0xf8, 0xb6,
+    0xf0, 0x5b, 0x22, 0xd2, 0xca, 0xc4, 0x6d, 0x79, 0x0c, 0x4b, 0xd7, 0xff,
+    0xfe, 0x9e, 0xf7, 0x7f, 0x25, 0x91, 0xed, 0x8c, 0x5a, 0x87, 0xe6, 0x2e,
+    0x2c, 0xa9, 0x4e, 0xf3, 0x91, 0x8c, 0x08, 0xbe, 0xfc, 0x3c, 0xed, 0xc9,
+    0x65, 0xff, 0xdb, 0x79, 0xe1, 0x6d, 0xff, 0x39, 0x3a, 0x59, 0x7f, 0xff,
+    0x4e, 0x81, 0xb6, 0x77, 0xbf, 0xa7, 0x5a, 0xcf, 0xf1, 0x65, 0x46, 0x8a,
+    0x8f, 0x25, 0x5f, 0xfa, 0x13, 0xf1, 0x75, 0xb7, 0x9f, 0x65, 0x97, 0xff,
+    0xde, 0x98, 0xf6, 0x96, 0x6f, 0x7f, 0x7a, 0x7b, 0x59, 0x7f, 0xff, 0xdd,
+    0xf1, 0xb0, 0xcd, 0xbe, 0xcf, 0xf3, 0x23, 0xdb, 0x8c, 0x35, 0x94, 0x34,
+    0x60, 0x62, 0xa5, 0xff, 0xd9, 0xf6, 0xee, 0x05, 0x3b, 0x77, 0x7a, 0x59,
+    0x7f, 0xfd, 0x3d, 0xc3, 0x9e, 0x6c, 0xff, 0x70, 0x6f, 0x2c, 0xbf, 0xe2,
+    0xcd, 0x67, 0x58, 0xc3, 0x59, 0x7f, 0x47, 0xf8, 0x8a, 0x4e, 0xb2, 0xfc,
+    0xf3, 0x14, 0xc4, 0xb2, 0xfd, 0x83, 0xf0, 0x8c, 0x59, 0x74, 0xc5, 0xb4,
+    0xf4, 0x48, 0xa2, 0xff, 0xfe, 0xc8, 0xf1, 0x86, 0x42, 0xf6, 0xd9, 0x1b,
+    0xc5, 0xc5, 0x97, 0xf6, 0x79, 0xb5, 0xe7, 0x59, 0x7e, 0xf3, 0x6b, 0xce,
+    0xb2, 0xec, 0x33, 0x69, 0xe9, 0xe1, 0x65, 0x4a, 0xe3, 0xbe, 0x43, 0x3f,
+    0xb2, 0x46, 0x8c, 0x0a, 0x22, 0x2d, 0x25, 0x79, 0x45, 0xcd, 0xca, 0x10,
+    0x1c, 0x2f, 0xfc, 0x2c, 0x2f, 0xbf, 0x98, 0x35, 0x95, 0x1b, 0x63, 0x92,
+    0x38, 0x67, 0x1b, 0x1a, 0x0f, 0x52, 0xf6, 0xfb, 0x8c, 0xb9, 0xa3, 0x15,
+    0x88, 0x8b, 0x50, 0xb2, 0x3c, 0x21, 0x7c, 0x6a, 0x05, 0x42, 0x31, 0xe4,
+    0xa0, 0xef, 0xce, 0x56, 0xee, 0xc2, 0xb6, 0xff, 0xf9, 0xb9, 0x83, 0x8f,
+    0x0c, 0xda, 0x45, 0x9d, 0xac, 0xbf, 0xdf, 0x2c, 0xff, 0xb2, 0x35, 0x97,
+    0xf6, 0xef, 0xd8, 0x9c, 0xeb, 0x29, 0x65, 0xfb, 0xfc, 0xc9, 0x8f, 0x69,
+    0xba, 0x39, 0x7d, 0xfe, 0xdb, 0xac, 0xee, 0x0c, 0x75, 0x95, 0xa3, 0xf6,
+    0x31, 0x02, 0xff, 0xcf, 0xaf, 0x67, 0xe4, 0x98, 0x0b, 0x2d, 0xba, 0xb2,
+    0xe9, 0xd2, 0xcb, 0xfc, 0x2f, 0xe6, 0x1c, 0x06, 0x2c, 0xbe, 0x2c, 0x8f,
+    0x6c, 0x47, 0x94, 0x01, 0x6b, 0xe8, 0x7d, 0xa3, 0x59, 0x7f, 0xba, 0x6e,
+    0x60, 0xf6, 0x8d, 0x65, 0xfd, 0xdc, 0x39, 0xb7, 0xec, 0xb2, 0xd9, 0xe3,
+    0xe7, 0x30, 0xda, 0xff, 0xd0, 0x9c, 0x07, 0xb3, 0x0b, 0xa5, 0x97, 0xff,
+    0xbc, 0xc4, 0x3d, 0xa1, 0xf4, 0x59, 0xec, 0x59, 0x7f, 0xcf, 0xfe, 0x45,
+    0x01, 0x17, 0xd6, 0x56, 0x23, 0x0e, 0x23, 0xd0, 0x26, 0x5f, 0xf7, 0x98,
+    0xf3, 0x85, 0xfe, 0x2c, 0xbf, 0xff, 0xc2, 0xfe, 0x85, 0x16, 0xdf, 0xc5,
+    0xe1, 0x03, 0xed, 0x9b, 0xab, 0x2f, 0xa7, 0xa9, 0x3e, 0xd4, 0x68, 0xf4,
+    0x60, 0x46, 0xf5, 0x2b, 0x8d, 0x79, 0x0e, 0x3e, 0x88, 0xd8, 0xf3, 0x4b,
+    0xce, 0x78, 0x50, 0x8a, 0xdd, 0x8e, 0xf2, 0xff, 0xfe, 0xd6, 0x39, 0xf6,
+    0x9a, 0xfd, 0xfb, 0x3d, 0xe9, 0xfa, 0xcb, 0xec, 0xc0, 0x71, 0x65, 0xcc,
+    0x62, 0xcb, 0xda, 0x8a, 0x0b, 0x28, 0x66, 0xd7, 0x05, 0xef, 0xfe, 0x6e,
+    0xe1, 0xcd, 0xa3, 0x6d, 0xf2, 0x35, 0x97, 0xbb, 0x9d, 0xc5, 0x94, 0x69,
+    0xf4, 0xba, 0x4d, 0xf6, 0x79, 0xf7, 0xac, 0xbf, 0xa1, 0x9e, 0xcd, 0xfc,
+    0x59, 0x6c, 0x19, 0xe9, 0x44, 0x47, 0x7f, 0xfd, 0xe1, 0x73, 0x6f, 0x9b,
+    0xfe, 0xcd, 0x4e, 0xf5, 0x97, 0xee, 0x36, 0x76, 0x75, 0x94, 0x33, 0xfc,
+    0xfa, 0xa5, 0xfd, 0x9d, 0x96, 0x60, 0x16, 0x56, 0x1e, 0x71, 0x11, 0x5f,
+    0xc5, 0x3d, 0xfb, 0x23, 0x59, 0x74, 0x9c, 0x6a, 0xa4, 0xf1, 0x58, 0xd8,
+    0x44, 0xe9, 0xd0, 0xa1, 0xe5, 0xf2, 0x0b, 0xff, 0xb5, 0x26, 0x6e, 0x94,
+    0x99, 0xdc, 0x38, 0xb2, 0xd2, 0xb2, 0xf9, 0xb4, 0xfd, 0xac, 0xb7, 0xd8,
+    0xd9, 0x70, 0x42, 0x86, 0x8a, 0x26, 0x7c, 0xbf, 0xe7, 0x2e, 0xbc, 0xc7,
+    0x29, 0x59, 0x7f, 0xf0, 0xc9, 0xe2, 0x8a, 0x7e, 0x0c, 0xe2, 0xcb, 0xff,
+    0xe2, 0x98, 0xfd, 0x2d, 0xfe, 0x31, 0x77, 0x05, 0x97, 0x1c, 0x35, 0x97,
+    0x4c, 0x4b, 0x2a, 0x4d, 0x7b, 0x0c, 0x5f, 0xfc, 0xdb, 0xd8, 0x7b, 0x66,
+    0x21, 0xb9, 0x8b, 0x2f, 0xff, 0xff, 0x13, 0x1b, 0xe7, 0x8b, 0x69, 0x0b,
+    0x77, 0x6e, 0x77, 0x0c, 0x11, 0x03, 0x8b, 0x2f, 0xff, 0x9a, 0x1f, 0xe6,
+    0x6f, 0xd6, 0x03, 0x8f, 0xd2, 0xcb, 0xff, 0x60, 0xf1, 0xcd, 0xda, 0x63,
+    0x98, 0xb2, 0xfd, 0xe6, 0x92, 0x8d, 0x65, 0x1d, 0x33, 0xbf, 0x42, 0x00,
+    0x94, 0xb7, 0xa1, 0x5f, 0xff, 0xc2, 0x1b, 0x90, 0x36, 0xff, 0x3d, 0x3f,
+    0xd6, 0x0d, 0x65, 0xf1, 0xd9, 0x8c, 0x59, 0x52, 0x8c, 0x28, 0x22, 0x3a,
+    0xe5, 0x12, 0xa9, 0x3e, 0x0f, 0xfe, 0x52, 0x35, 0xfe, 0xd4, 0xc7, 0xe6,
+    0xc1, 0xac, 0xbe, 0x98, 0xb8, 0xcb, 0x2a, 0x0b, 0x87, 0x83, 0x22, 0xc3,
+    0x7e, 0x91, 0x5a, 0x58, 0x8e, 0x8e, 0x08, 0xce, 0xff, 0xfe, 0x84, 0xe8,
+    0xd3, 0x93, 0x77, 0x0e, 0x0f, 0x4d, 0x1a, 0xcb, 0xff, 0xfd, 0xc6, 0x10,
+    0xf6, 0x9a, 0x4e, 0x31, 0x67, 0xb6, 0xc5, 0x12, 0xcb, 0x64, 0x48, 0xc6,
+    0xe2, 0xf5, 0xe9, 0x8b, 0x8b, 0x2e, 0x10, 0xd6, 0x5f, 0xdc, 0x22, 0xc0,
+    0x71, 0x65, 0x44, 0x78, 0x7f, 0x17, 0xbf, 0xff, 0xf3, 0x8f, 0x09, 0xff,
+    0xcc, 0xd0, 0x01, 0x39, 0xdf, 0xf8, 0xcb, 0x2c, 0x14, 0x59, 0x52, 0xe9,
+    0x01, 0xf2, 0xb3, 0x1b, 0xea, 0x31, 0x36, 0x9c, 0xbd, 0xd4, 0x20, 0xfd,
+    0x2b, 0xc5, 0xe7, 0x52, 0xca, 0x33, 0x2f, 0x94, 0x89, 0x80, 0xc2, 0x3d,
+    0x96, 0xab, 0xfa, 0x60, 0xc3, 0xc2, 0x59, 0x7d, 0x3c, 0x6d, 0x2c, 0xbe,
+    0x2f, 0xb6, 0xf5, 0x97, 0xd0, 0x13, 0xfd, 0x65, 0xd3, 0xb8, 0xb2, 0xe1,
+    0x6e, 0x2c, 0xbd, 0x25, 0x2b, 0x2b, 0xa3, 0xcd, 0xd0, 0xc9, 0xc6, 0xaa,
+    0x51, 0x85, 0x84, 0x6c, 0xdf, 0x7d, 0xfe, 0x38, 0x16, 0x5f, 0xff, 0x0a,
+    0x3d, 0xb2, 0xde, 0xea, 0x40, 0x77, 0x82, 0xcb, 0xff, 0x36, 0xd6, 0xd0,
+    0xa3, 0x7d, 0x74, 0xb2, 0x8d, 0x44, 0xaf, 0x94, 0xef, 0x9b, 0xcf, 0x1a,
+    0xcb, 0xf4, 0x91, 0xcd, 0x35, 0x65, 0xfe, 0x6e, 0x30, 0x82, 0xe3, 0x95,
+    0x97, 0xa7, 0xf2, 0xb2, 0x86, 0x7f, 0x5f, 0x29, 0xde, 0x6d, 0x7e, 0xf1,
+    0xd8, 0xba, 0x59, 0x7d, 0x9f, 0x6e, 0x2c, 0xac, 0x3c, 0x9e, 0x14, 0x5e,
+    0x84, 0x9d, 0x65, 0xce, 0x1a, 0xca, 0xf1, 0xb3, 0xe0, 0xe5, 0xff, 0xbf,
+    0xe6, 0xcc, 0x19, 0x61, 0x8b, 0x2b, 0x0f, 0x79, 0x88, 0x6f, 0xfd, 0xc9,
+    0x8b, 0x3c, 0xda, 0xf3, 0xac, 0xbf, 0xb5, 0x9e, 0xee, 0x1c, 0x59, 0x76,
+    0x79, 0x65, 0x32, 0x20, 0xf4, 0x7c, 0x72, 0xfb, 0xda, 0x63, 0x56, 0x5f,
+    0xf8, 0xf8, 0xdf, 0x7f, 0xfa, 0x7e, 0xb2, 0xff, 0xf8, 0x58, 0xde, 0xce,
+    0xbc, 0xdb, 0x4c, 0x3f, 0x4b, 0x2f, 0x7f, 0x0c, 0x59, 0x70, 0xa3, 0x23,
+    0xf1, 0xfa, 0xa5, 0xe8, 0xc5, 0xf5, 0x97, 0xde, 0x67, 0x02, 0xca, 0xc3,
+    0x7f, 0xf1, 0xea, 0xc4, 0x46, 0x81, 0xb6, 0xff, 0xf0, 0x8b, 0x6e, 0x6a,
+    0x33, 0xe7, 0x3d, 0x8b, 0x2f, 0x82, 0xe4, 0xff, 0x59, 0x51, 0x9f, 0x88,
+    0x93, 0x2f, 0xfb, 0x69, 0xd8, 0xb3, 0xfe, 0x65, 0x97, 0xe8, 0xdc, 0xbf,
+    0xc5, 0x97, 0xf7, 0x9e, 0x3d, 0xb0, 0xfa, 0xcb, 0xf1, 0x02, 0x5b, 0x7a,
+    0xcb, 0xf4, 0x41, 0xf2, 0x71, 0x65, 0x31, 0xe8, 0xb9, 0x45, 0xf9, 0xf4,
+    0x5d, 0xb2, 0xcb, 0xd1, 0x4f, 0xd6, 0x54, 0xa6, 0xd5, 0x02, 0x3c, 0x39,
+    0x62, 0x8f, 0x42, 0x0b, 0xe4, 0x02, 0x27, 0xbd, 0xe7, 0x25, 0x95, 0x1b,
+    0x22, 0x1e, 0x05, 0x63, 0x87, 0x1e, 0x16, 0x9b, 0x0b, 0x7e, 0x89, 0x1a,
+    0x13, 0x91, 0x3d, 0x1e, 0x16, 0x5e, 0x85, 0x1b, 0x97, 0x80, 0x74, 0xa3,
+    0x3b, 0xfc, 0x7f, 0xa6, 0x33, 0xdc, 0xdd, 0xac, 0xb0, 0x55, 0x65, 0xfd,
+    0xb7, 0x8d, 0xe6, 0x3a, 0xcb, 0xdf, 0x93, 0xac, 0xad, 0x8c, 0xf8, 0x3b,
+    0x15, 0x22, 0xfb, 0xa1, 0x1a, 0xcb, 0xbb, 0x35, 0x65, 0xfc, 0x77, 0x86,
+    0xb0, 0xc5, 0x97, 0x67, 0x63, 0x3c, 0x7c, 0x19, 0xbe, 0x0a, 0xf3, 0xf8,
+    0xb2, 0xff, 0x79, 0x8f, 0xec, 0x03, 0xac, 0xbe, 0xeb, 0x08, 0x0b, 0x2f,
+    0xfd, 0xe9, 0x29, 0xeb, 0x53, 0x84, 0xb2, 0x86, 0x89, 0x07, 0x32, 0xf9,
+    0x15, 0xfd, 0x91, 0xc9, 0xaf, 0xc5, 0x97, 0xf7, 0x98, 0x6d, 0xae, 0x96,
+    0x5f, 0xff, 0x9f, 0xb1, 0xe8, 0x9c, 0xc2, 0xc0, 0x03, 0x00, 0xb2, 0xee,
+    0xf9, 0xb5, 0x1c, 0x03, 0x2f, 0xe8, 0xbb, 0xe5, 0xd7, 0xfb, 0xd2, 0xc4,
+    0xfa, 0x35, 0x65, 0xfd, 0x2c, 0x4f, 0xa3, 0x56, 0x5f, 0x6b, 0x4d, 0xad,
+    0xa7, 0xbd, 0xe3, 0x2b, 0xf8, 0xb2, 0x2d, 0x3e, 0xf5, 0x97, 0xec, 0x8b,
+    0x4f, 0xbd, 0x65, 0x2c, 0xb7, 0x5b, 0x4f, 0x90, 0x8b, 0xf7, 0x95, 0x59,
+    0xc0, 0x8d, 0x82, 0x84, 0xfd, 0xe2, 0xc3, 0xac, 0xb7, 0x6b, 0x2e, 0x78,
+    0x40, 0xd6, 0xf0, 0x6e, 0xff, 0xff, 0xf6, 0xd3, 0xce, 0x7f, 0x6e, 0x41,
+    0xb7, 0x96, 0x73, 0x6c, 0x8d, 0xe2, 0xe2, 0xcb, 0xc6, 0x70, 0x0b, 0x2f,
+    0xec, 0x38, 0xdd, 0xfa, 0x59, 0x71, 0x75, 0xb4, 0xf2, 0xfc, 0x3d, 0x50,
+    0x47, 0xcb, 0xc3, 0x26, 0xba, 0x5d, 0xf5, 0x67, 0x78, 0x8d, 0x34, 0xbe,
+    0x72, 0xd7, 0x8e, 0x58, 0x11, 0xc1, 0x92, 0xc8, 0xa3, 0x25, 0xbd, 0xcf,
+    0xb2, 0xcb, 0xd1, 0x03, 0xb5, 0x97, 0x1b, 0xb7, 0xa3, 0x76, 0x01, 0xcb,
+    0xdc, 0x0b, 0xf1, 0x65, 0x49, 0xe9, 0x76, 0x63, 0x7c, 0x00, 0x0b, 0x71,
+    0x65, 0x80, 0xb2, 0xfd, 0xa8, 0xe7, 0x51, 0xac, 0xbf, 0x31, 0x7c, 0x33,
+    0xac, 0xa9, 0x3d, 0x20, 0x15, 0x5e, 0x87, 0x31, 0x65, 0xf8, 0x2a, 0x53,
+    0x80, 0x59, 0x5a, 0x3c, 0x60, 0x0e, 0x5f, 0xf9, 0xb0, 0xce, 0x0a, 0x22,
+    0x93, 0xac, 0xbc, 0x27, 0xe2, 0xca, 0x82, 0x39, 0x31, 0x9c, 0xe4, 0x41,
+    0x9f, 0xdf, 0xe3, 0x0f, 0x2d, 0xa1, 0x6e, 0x2c, 0xb8, 0x84, 0xb2, 0x96,
+    0x5b, 0x5b, 0x4d, 0x0f, 0x05, 0xaf, 0xdb, 0x7b, 0x80, 0xa3, 0x59, 0x52,
+    0x7a, 0xd0, 0x29, 0xac, 0x46, 0x78, 0xa1, 0x5d, 0x7f, 0xff, 0x36, 0xb6,
+    0xe3, 0x61, 0x1b, 0xe6, 0xc3, 0xe7, 0x4b, 0x2f, 0xfb, 0x3b, 0x87, 0x3b,
+    0x80, 0xb4, 0xb2, 0xff, 0xff, 0xc7, 0xe7, 0x5e, 0x9e, 0xbb, 0x81, 0x08,
+    0x7b, 0x58, 0xd7, 0x20, 0x2c, 0xbf, 0xff, 0xd1, 0xea, 0x4f, 0xc1, 0x4e,
+    0xd9, 0xd4, 0x8f, 0xd2, 0x75, 0x95, 0x88, 0xd5, 0x67, 0x2b, 0xfe, 0x86,
+    0xd9, 0xdb, 0xff, 0x61, 0x2c, 0xac, 0x4f, 0x25, 0x96, 0xf5, 0x18, 0x8b,
+    0x90, 0xdf, 0x81, 0xc6, 0xec, 0xc5, 0x97, 0xee, 0xe4, 0xf1, 0xca, 0xcb,
+    0xee, 0xe0, 0xde, 0x59, 0x76, 0x77, 0xe3, 0xcc, 0xf9, 0x4d, 0xfa, 0x28,
+    0x49, 0x41, 0x65, 0x68, 0xf5, 0x80, 0x5d, 0x7f, 0x76, 0xf0, 0x29, 0x3a,
+    0xcb, 0xff, 0xfe, 0x28, 0xbd, 0x9d, 0xc2, 0x48, 0x7b, 0x4b, 0x37, 0xe9,
+    0xb8, 0xb2, 0xff, 0x8a, 0x2f, 0x96, 0x46, 0xe4, 0xb2, 0x99, 0x14, 0x42,
+    0x6a, 0xbf, 0xff, 0xfd, 0xad, 0x34, 0x7b, 0x7d, 0x9f, 0x29, 0x8b, 0xd9,
+    0x1c, 0xf7, 0xf1, 0x74, 0xb2, 0xff, 0xff, 0xe9, 0x37, 0xd3, 0xb4, 0xb0,
+    0x46, 0xed, 0xee, 0x1c, 0x62, 0x0e, 0x63, 0x59, 0x7e, 0x20, 0x70, 0x84,
+    0xb2, 0xfd, 0x82, 0x9d, 0x46, 0xb2, 0xf3, 0x61, 0x2c, 0xb7, 0x64, 0x78,
+    0x5c, 0x28, 0xac, 0x4c, 0x29, 0x9e, 0x44, 0xd3, 0x7f, 0xfd, 0x9b, 0xa5,
+    0x87, 0x72, 0xff, 0x36, 0xc9, 0x8b, 0x2a, 0x55, 0x7d, 0xe4, 0x33, 0xd8,
+    0x8b, 0xd1, 0xc4, 0x08, 0xbe, 0xff, 0xdf, 0x39, 0xde, 0x2d, 0xa5, 0x86,
+    0x2c, 0xbf, 0xfb, 0x45, 0xde, 0x70, 0x51, 0x14, 0x9d, 0x65, 0xff, 0x31,
+    0xbe, 0x96, 0x8e, 0x4d, 0x59, 0x4c, 0x7f, 0xfc, 0x45, 0xad, 0xa8, 0xe2,
+    0x84, 0x30, 0x6f, 0xfd, 0xcc, 0xee, 0x0d, 0xa2, 0xef, 0x16, 0x5f, 0xe1,
+    0x44, 0x59, 0xe7, 0xfa, 0xca, 0x8c, 0xfc, 0x88, 0xfe, 0xff, 0xe8, 0x08,
+    0x1c, 0x2c, 0xe7, 0x24, 0xc5, 0x97, 0xc6, 0x6d, 0x8d, 0x96, 0x5f, 0xd2,
+    0x60, 0xfc, 0xe7, 0x59, 0x58, 0x7a, 0x9e, 0x26, 0xbf, 0xf6, 0x19, 0xf1,
+    0xb6, 0x77, 0x0e, 0x2c, 0xbf, 0xde, 0x96, 0x27, 0xd1, 0xab, 0x2f, 0xff,
+    0x1f, 0x6e, 0x08, 0x2e, 0xde, 0x63, 0xb8, 0xd6, 0x5b, 0x22, 0x44, 0x08,
+    0x8c, 0xaf, 0xf8, 0xf9, 0xcd, 0xb1, 0x14, 0x9d, 0x65, 0xff, 0xfb, 0x91,
+    0xbe, 0xd1, 0xfa, 0x75, 0xac, 0xdf, 0x3d, 0xac, 0xa1, 0xa7, 0x42, 0xc4,
+    0x3a, 0x86, 0x09, 0xca, 0x7e, 0x77, 0x7f, 0xfe, 0x9c, 0x8f, 0x68, 0xf4,
+    0xd1, 0xfd, 0xb0, 0xa3, 0x59, 0x7f, 0xed, 0x03, 0x6f, 0xc1, 0x9b, 0xb8,
+    0x4b, 0x2f, 0xb7, 0xe0, 0xba, 0x59, 0x7f, 0xff, 0xcf, 0xaf, 0x67, 0xdb,
+    0x0a, 0x3e, 0x4e, 0x10, 0xfd, 0x2b, 0x2d, 0xa5, 0x97, 0xf6, 0x6e, 0xfd,
+    0x8a, 0x35, 0x97, 0x7f, 0x6c, 0x67, 0x82, 0x42, 0x35, 0x29, 0x9e, 0x62,
+    0x1f, 0x64, 0xaf, 0x0a, 0x4b, 0xff, 0xff, 0x77, 0x91, 0x8b, 0x77, 0x6f,
+    0x70, 0xfc, 0x99, 0xb7, 0x34, 0x00, 0x4a, 0xcb, 0xfe, 0xc8, 0xb6, 0x45,
+    0xfc, 0xef, 0xeb, 0x2f, 0x66, 0x86, 0xb2, 0xe9, 0x82, 0xcb, 0xff, 0xee,
+    0x6d, 0xd4, 0xf5, 0x85, 0x14, 0x33, 0xfc, 0x59, 0x58, 0x8c, 0x33, 0x9f,
+    0x00, 0x70, 0x42, 0xd7, 0xff, 0x46, 0xe5, 0x9e, 0xcf, 0xeb, 0x0c, 0x59,
+    0x7f, 0xff, 0xfe, 0xc1, 0x1a, 0x42, 0xfc, 0x59, 0xf6, 0xee, 0x05, 0x25,
+    0x9e, 0x6c, 0xd4, 0x4b, 0x2b, 0x11, 0x8f, 0xda, 0x25, 0xff, 0x61, 0x9e,
+    0x93, 0x73, 0xfc, 0x59, 0x7f, 0xf3, 0x94, 0x67, 0x13, 0x0d, 0x89, 0x96,
+    0x53, 0x1f, 0xe1, 0x87, 0x57, 0xf4, 0x5d, 0xc0, 0x53, 0xf5, 0x97, 0xfc,
+    0x2e, 0xfd, 0x9f, 0xd6, 0x18, 0xb2, 0xff, 0xfe, 0x84, 0xeb, 0xb8, 0x73,
+    0x6f, 0xa5, 0x89, 0xf4, 0x6a, 0xcb, 0xf4, 0x3e, 0x59, 0x05, 0x97, 0xfe,
+    0xec, 0x7e, 0x13, 0xf0, 0xb0, 0x6b, 0x2b, 0x0f, 0x98, 0x44, 0xf7, 0xff,
+    0x46, 0xe5, 0xb7, 0x5a, 0x63, 0x70, 0x96, 0x5f, 0xf3, 0xff, 0xf9, 0x14,
+    0x1b, 0xeb, 0x2f, 0xec, 0x34, 0xd7, 0xff, 0x16, 0x5f, 0x67, 0x9f, 0xeb,
+    0x2e, 0x73, 0xed, 0x3d, 0x02, 0x2f, 0xa9, 0x45, 0xbf, 0xa1, 0x13, 0x70,
+    0x0c, 0x59, 0x7d, 0xb3, 0x9a, 0x95, 0x96, 0xcd, 0x1b, 0xcd, 0xe3, 0x15,
+    0x2a, 0xb6, 0x30, 0xc3, 0xb3, 0xbf, 0x43, 0x11, 0xc8, 0x79, 0x0f, 0xdf,
+    0xb1, 0xdf, 0xfd, 0x9f, 0xe6, 0xdd, 0x63, 0x7a, 0x46, 0xb2, 0xff, 0xbd,
+    0xe9, 0xef, 0x69, 0x87, 0xe9, 0x65, 0xfd, 0x9f, 0xd6, 0xb2, 0x0b, 0x29,
+    0x65, 0xfb, 0x3c, 0x59, 0xd2, 0xca, 0x01, 0xb2, 0x20, 0xba, 0x88, 0xff,
+    0xfe, 0xbf, 0x7b, 0x3b, 0xfa, 0xcb, 0xfd, 0x83, 0x6d, 0xff, 0x6d, 0x2c,
+    0xbb, 0x39, 0xb4, 0xfd, 0x37, 0x08, 0xdc, 0x76, 0x9d, 0x37, 0x02, 0x8c,
+    0xca, 0xff, 0xb0, 0xfe, 0x96, 0xd0, 0xb7, 0x16, 0x5f, 0xdf, 0x68, 0xc9,
+    0xce, 0xb2, 0xa3, 0x6d, 0x3d, 0x87, 0x1f, 0x86, 0x20, 0x9b, 0x0c, 0xce,
+    0xa5, 0x8e, 0xf7, 0x19, 0xb3, 0x42, 0x72, 0x22, 0x2d, 0x4a, 0x3a, 0x3a,
+    0x7f, 0xa3, 0x94, 0x74, 0x10, 0x46, 0x76, 0x51, 0x81, 0xf2, 0x13, 0xff,
+    0x95, 0xf4, 0x26, 0xed, 0xf1, 0xda, 0x86, 0x51, 0xba, 0x77, 0x7f, 0xd2,
+    0x72, 0xc1, 0xe9, 0xa3, 0x59, 0x7f, 0xff, 0x8c, 0xf0, 0xa7, 0xbd, 0xba,
+    0xd4, 0xc6, 0x4e, 0xfa, 0x35, 0x65, 0xfe, 0x2c, 0x16, 0x1b, 0x00, 0x2c,
+    0xa7, 0x44, 0xc9, 0x8c, 0xd5, 0x04, 0x7a, 0x64, 0x34, 0x6f, 0x1b, 0x3a,
+    0x59, 0x7f, 0xfd, 0x3b, 0x7c, 0xfb, 0xf6, 0xe1, 0xcf, 0x3a, 0x35, 0x65,
+    0xf8, 0x07, 0xcc, 0xfa, 0xcb, 0xfe, 0xcd, 0xba, 0xcf, 0x16, 0x44, 0xb2,
+    0xb0, 0xf8, 0x48, 0x9e, 0xff, 0xff, 0x79, 0xc1, 0xcd, 0xa5, 0x9b, 0xcb,
+    0x39, 0x87, 0x9e, 0x96, 0x5f, 0xff, 0xff, 0x68, 0x47, 0x6e, 0x6d, 0x8a,
+    0x02, 0x2f, 0xed, 0xf4, 0xc1, 0x8b, 0x0f, 0x2b, 0x2d, 0xc5, 0x97, 0xef,
+    0xed, 0xeb, 0xe7, 0x59, 0x52, 0x8b, 0xe7, 0x84, 0x08, 0x84, 0x6a, 0x25,
+    0x49, 0x1e, 0x1d, 0x28, 0x5b, 0xf0, 0x83, 0xf1, 0x90, 0xdf, 0xc2, 0x39,
+    0xb2, 0x5d, 0x2c, 0xbf, 0xff, 0xf7, 0x36, 0x96, 0x0e, 0x7f, 0xcd, 0xbf,
+    0xdd, 0x29, 0xe0, 0xa7, 0xb5, 0x94, 0x14, 0x6f, 0x4b, 0x36, 0x19, 0x34,
+    0xc6, 0x8f, 0x95, 0xb0, 0x17, 0x72, 0x95, 0x5e, 0x53, 0x79, 0x2b, 0xfc,
+    0xbe, 0xfd, 0xe0, 0xcb, 0xb0, 0x2c, 0xbf, 0xed, 0xbb, 0xbf, 0xcf, 0x7d,
+    0x8e, 0xb2, 0xff, 0xe8, 0xdf, 0xfa, 0xc8, 0xdc, 0xbf, 0xc5, 0x95, 0x88,
+    0xad, 0xe8, 0xa9, 0x8f, 0xaf, 0xff, 0xe8, 0x7b, 0x1a, 0x1c, 0xc2, 0x17,
+    0xcb, 0x01, 0x2b, 0x2c, 0xcb, 0x2d, 0xac, 0x3e, 0x80, 0x2c, 0x5f, 0xff,
+    0x67, 0xfd, 0x83, 0x17, 0xf9, 0x3c, 0x17, 0x16, 0x5f, 0xd3, 0x85, 0xd0,
+    0x67, 0x59, 0x7f, 0xbe, 0x29, 0xc8, 0xc3, 0x3a, 0xcb, 0xff, 0x7a, 0x48,
+    0x51, 0x67, 0x39, 0x2b, 0x2d, 0xb9, 0xe4, 0x78, 0xfd, 0x40, 0x32, 0xed,
+    0xd3, 0x5a, 0x94, 0xd8, 0x9e, 0x31, 0x8b, 0xf6, 0x17, 0xc0, 0x25, 0x97,
+    0xff, 0xf4, 0xc3, 0x0f, 0x3d, 0x7f, 0x98, 0x09, 0xce, 0xe0, 0xb2, 0xbc,
+    0x88, 0x22, 0x27, 0xbe, 0x8f, 0x1e, 0x25, 0x97, 0xff, 0xfe, 0x6d, 0xe5,
+    0x9c, 0xdb, 0xf6, 0xdb, 0x9f, 0x9e, 0x9b, 0x7c, 0xf9, 0x65, 0xfe, 0x1c,
+    0x83, 0x6e, 0x77, 0xf5, 0x97, 0xff, 0xcf, 0xa7, 0xf7, 0x70, 0xcf, 0xed,
+    0xeb, 0x9b, 0x8b, 0x2f, 0xe6, 0x83, 0xff, 0xcc, 0xb2, 0xff, 0xf9, 0xce,
+    0x3f, 0x4e, 0x8b, 0x07, 0xe7, 0x31, 0x65, 0x0d, 0x30, 0x8e, 0x8d, 0xbe,
+    0xaf, 0xbc, 0xb2, 0xfe, 0x7d, 0xc1, 0x96, 0x79, 0x65, 0xc7, 0xe2, 0xcb,
+    0xcf, 0xc6, 0x59, 0x52, 0x6c, 0x80, 0x2f, 0x7f, 0xc1, 0xc7, 0x84, 0xe7,
+    0x7f, 0x2c, 0xbe, 0x6d, 0x13, 0xac, 0xa8, 0xd5, 0x5c, 0x40, 0x8d, 0xa3,
+    0x7a, 0x89, 0x04, 0x98, 0x7e, 0x41, 0xbc, 0xe6, 0xff, 0x73, 0x92, 0xd1,
+    0xbf, 0xd6, 0x5f, 0xf7, 0x1c, 0xcd, 0xd6, 0xc2, 0x1a, 0xcb, 0xfb, 0x3f,
+    0x8e, 0x51, 0x2c, 0xbe, 0xce, 0x4e, 0x96, 0x58, 0xdf, 0x1e, 0x69, 0x16,
+    0x5a, 0x12, 0x8e, 0x3c, 0x33, 0x14, 0x22, 0x2d, 0x05, 0x97, 0x86, 0x20,
+    0x2c, 0xbf, 0xff, 0xa7, 0x73, 0x6b, 0x61, 0x67, 0x9b, 0x0b, 0xb8, 0x71,
+    0x65, 0xfe, 0xdd, 0x6c, 0xef, 0xcd, 0x8b, 0x2c, 0x5d, 0xa2, 0x48, 0x0b,
+    0xb7, 0xd2, 0x77, 0x1a, 0xca, 0x94, 0xc2, 0x86, 0x23, 0x90, 0xaf, 0x22,
+    0x9b, 0xfa, 0x2f, 0x67, 0xe4, 0x6b, 0x2f, 0x07, 0x24, 0xb2, 0xe9, 0x25,
+    0x97, 0x39, 0x9b, 0x4d, 0x88, 0x63, 0x95, 0x88, 0x8f, 0x25, 0xfb, 0xe9,
+    0x3f, 0x0e, 0xb2, 0xff, 0xd8, 0x6f, 0xb3, 0xfc, 0x29, 0x82, 0xca, 0x63,
+    0xe0, 0x11, 0x15, 0xf4, 0x7f, 0x68, 0xd6, 0x5f, 0xbe, 0xe7, 0x6f, 0xac,
+    0xac, 0x3c, 0xb2, 0x24, 0xbc, 0x36, 0x1a, 0xcb, 0xff, 0xff, 0x0a, 0x75,
+    0xb6, 0x7d, 0x23, 0xdb, 0xf6, 0xcd, 0xde, 0xe0, 0xfd, 0xac, 0xbc, 0x07,
+    0xdc, 0x59, 0x7e, 0xe1, 0x4c, 0x5f, 0x59, 0x43, 0x46, 0xb9, 0x0e, 0x71,
+    0xd3, 0xe3, 0xf7, 0x70, 0x2d, 0xac, 0xb4, 0x16, 0x54, 0xa6, 0xc3, 0x90,
+    0xf7, 0x73, 0xcf, 0x8e, 0xde, 0x2e, 0xa5, 0x65, 0xff, 0xff, 0xf7, 0xb3,
+    0xfc, 0x78, 0xb6, 0x96, 0x77, 0x0c, 0x14, 0x65, 0x83, 0xf3, 0x44, 0xb2,
+    0xe2, 0xfa, 0xcb, 0xff, 0xdc, 0x98, 0x7f, 0x3c, 0x59, 0xff, 0x32, 0xca,
+    0x93, 0xde, 0x61, 0x6b, 0x84, 0x6a, 0xca, 0x64, 0xcc, 0xf4, 0x39, 0xe8,
+    0x6f, 0xfc, 0x82, 0xf1, 0xfc, 0xeb, 0x2f, 0xfc, 0x08, 0xbc, 0xc0, 0x27,
+    0xee, 0x0b, 0x29, 0x65, 0xb1, 0xcf, 0x2f, 0x88, 0x17, 0xbc, 0x6f, 0xd6,
+    0x5f, 0xbf, 0xff, 0xe1, 0x8b, 0x2a, 0x4f, 0x1d, 0x87, 0xaa, 0x51, 0xe8,
+    0x76, 0x70, 0x36, 0xde, 0x3c, 0xf4, 0xb2, 0xed, 0x62, 0xcb, 0xd8, 0xc3,
+    0x59, 0x6e, 0x2c, 0xb8, 0xb3, 0xa3, 0x59, 0xd8, 0xdd, 0xe6, 0xc2, 0x59,
+    0x79, 0xa6, 0x25, 0x97, 0xff, 0x60, 0x36, 0xf9, 0xbf, 0xc2, 0x68, 0x96,
+    0x5f, 0xf8, 0xb3, 0x9b, 0x78, 0x03, 0xe7, 0x16, 0x54, 0x68, 0xe9, 0x39,
+    0x6f, 0x06, 0xbe, 0x39, 0xbd, 0x1a, 0xb6, 0x04, 0xe5, 0x64, 0x77, 0x23,
+    0x2b, 0xbf, 0xf8, 0x81, 0xb3, 0x9e, 0x69, 0x3b, 0x8d, 0x65, 0xfd, 0xac,
+    0x81, 0x49, 0xd6, 0x5f, 0xb2, 0x05, 0x27, 0x59, 0x71, 0x03, 0x69, 0xe9,
+    0x68, 0xb2, 0xff, 0xff, 0xfd, 0x0e, 0x70, 0x53, 0xf6, 0x1e, 0x14, 0x5b,
+    0x4b, 0x35, 0x25, 0xff, 0x66, 0xea, 0xcb, 0xff, 0x4e, 0x37, 0xfd, 0x25,
+    0x3d, 0x2c, 0xbf, 0x8f, 0xdc, 0xfb, 0xd2, 0xb2, 0xf7, 0x70, 0xe4, 0x67,
+    0xd5, 0x87, 0x95, 0x89, 0xaa, 0x76, 0x5f, 0xa8, 0x78, 0x5b, 0x8b, 0x2b,
+    0x15, 0x19, 0x0a, 0x3e, 0xb0, 0xcd, 0xad, 0x1a, 0xcb, 0xf4, 0x73, 0xfc,
+    0x02, 0xcb, 0xf8, 0x6e, 0x50, 0x63, 0xac, 0xbf, 0x6b, 0x3b, 0x87, 0x16,
+    0x5e, 0xeb, 0xd8, 0xb2, 0xa3, 0x3c, 0x6d, 0x14, 0xdf, 0xc0, 0xe6, 0xd0,
+    0x73, 0x4b, 0x2b, 0x0f, 0x51, 0xc8, 0xef, 0xfb, 0xb9, 0xd4, 0x7b, 0x71,
+    0x86, 0xb2, 0xe8, 0x99, 0x65, 0xff, 0xd9, 0xfd, 0xb9, 0x0f, 0x63, 0x43,
+    0x8b, 0x2b, 0x13, 0xb8, 0x61, 0x27, 0x28, 0x28, 0x63, 0x08, 0x83, 0x79,
+    0xe6, 0xc8, 0xbd, 0xf7, 0xb6, 0x0e, 0xb6, 0x56, 0x5f, 0xd9, 0xdc, 0x24,
+    0x12, 0xb2, 0xfc, 0x59, 0xe7, 0xfa, 0xca, 0xec, 0xf4, 0xce, 0x5b, 0x7d,
+    0xac, 0x8a, 0x56, 0x5f, 0x36, 0xfc, 0xd2, 0xca, 0xd8, 0x91, 0xcf, 0x2f,
+    0xec, 0x47, 0xe2, 0x2b, 0xed, 0xbd, 0x46, 0x62, 0xcb, 0xf8, 0xb0, 0x07,
+    0x98, 0x2c, 0xbf, 0x16, 0x7f, 0xcc, 0xb2, 0x86, 0x7a, 0x46, 0x16, 0x5f,
+    0xa3, 0xda, 0x29, 0x89, 0x65, 0xff, 0xff, 0x14, 0x83, 0xb8, 0x70, 0x53,
+    0xf2, 0xc1, 0xb6, 0x6a, 0x25, 0x95, 0x28, 0xb5, 0x72, 0x3f, 0x96, 0x54,
+    0xb6, 0xdc, 0xd1, 0xc7, 0xf2, 0x38, 0x55, 0x64, 0xad, 0xae, 0xe3, 0x51,
+    0x68, 0xd0, 0xe2, 0x86, 0x7e, 0xa1, 0x03, 0xe8, 0xf3, 0x5e, 0x37, 0x30,
+    0x46, 0x6c, 0x51, 0xe2, 0x72, 0x53, 0x67, 0xe3, 0xf0, 0x14, 0x6a, 0x5b,
+    0xd0, 0x03, 0x8c, 0xbe, 0xfd, 0x06, 0xd6, 0x76, 0xb2, 0xf7, 0x3d, 0x8b,
+    0x2f, 0xd9, 0xc8, 0xf0, 0xc5, 0x97, 0xff, 0x78, 0x43, 0xf0, 0xbf, 0xcf,
+    0x0a, 0x25, 0x95, 0xda, 0x2d, 0x62, 0x28, 0xf0, 0xe1, 0x14, 0xde, 0x2f,
+    0xf1, 0x65, 0xff, 0xe6, 0xd3, 0x67, 0x7b, 0x7f, 0x11, 0x49, 0xd6, 0x5f,
+    0xfd, 0x8f, 0xde, 0xd1, 0xcc, 0x7b, 0x4d, 0x35, 0x65, 0x74, 0x89, 0x8e,
+    0xd3, 0x2f, 0xe9, 0x39, 0x64, 0x78, 0xb2, 0xf7, 0xf9, 0xec, 0x3d, 0x1f,
+    0x12, 0xdf, 0xff, 0x8f, 0xdc, 0x39, 0xae, 0xe7, 0xfc, 0x9f, 0x37, 0xd6,
+    0x5f, 0xf6, 0x1a, 0x59, 0xff, 0x31, 0x8b, 0x2f, 0xd8, 0x66, 0x0c, 0xeb,
+    0x2f, 0xff, 0x4f, 0x7e, 0x6c, 0x21, 0xb6, 0xf9, 0x1a, 0xca, 0x94, 0xcd,
+    0x98, 0xcf, 0x4b, 0x1e, 0x39, 0x22, 0x8b, 0xb7, 0x06, 0xb2, 0xff, 0xfa,
+    0x3c, 0xe8, 0x7e, 0x6c, 0x37, 0x69, 0xa2, 0x95, 0x97, 0xf6, 0x6b, 0x59,
+    0xfe, 0x2c, 0xbf, 0x89, 0xcd, 0x3b, 0xc1, 0x65, 0xe8, 0x37, 0xfc, 0x7b,
+    0x5f, 0x2d, 0xbf, 0x61, 0xcb, 0x3b, 0x59, 0x7f, 0x7d, 0xb7, 0xc9, 0x74,
+    0xb2, 0xb8, 0x7a, 0xc1, 0x93, 0xdd, 0xec, 0x59, 0x7e, 0x93, 0xb7, 0xa5,
+    0x65, 0xe2, 0x0f, 0xcb, 0x2f, 0xf6, 0x7f, 0xcd, 0xfc, 0xe9, 0x65, 0xf4,
+    0xe1, 0x74, 0xb2, 0xb6, 0xa3, 0x42, 0x04, 0x7a, 0x16, 0x72, 0x62, 0x1d,
+    0xf9, 0x9d, 0xff, 0xe9, 0x93, 0xed, 0x1f, 0xa7, 0x6f, 0xa7, 0x71, 0x65,
+    0x6c, 0x6a, 0xb2, 0x58, 0x6a, 0x28, 0x57, 0xfa, 0x35, 0x92, 0x57, 0xbf,
+    0xf4, 0x39, 0xf7, 0x8f, 0x74, 0xb3, 0xb5, 0x97, 0xf7, 0xa6, 0x02, 0x70,
+    0xd6, 0x5f, 0x87, 0xec, 0x2f, 0xac, 0xa8, 0x1e, 0xac, 0x45, 0xd5, 0xda,
+    0x2e, 0xca, 0x13, 0x17, 0xfd, 0xa6, 0xc3, 0x3f, 0xf7, 0x25, 0x97, 0x76,
+    0x6a, 0xcb, 0x9b, 0xbd, 0xa7, 0xa2, 0x33, 0x8b, 0xcc, 0x0c, 0x59, 0x7e,
+    0x68, 0x9d, 0xe0, 0xb2, 0xc0, 0x59, 0x6e, 0x40, 0xf4, 0xf0, 0x6f, 0xe4,
+    0xf7, 0xff, 0xb0, 0xcd, 0xdf, 0x67, 0xf0, 0x07, 0x78, 0x96, 0x54, 0xa6,
+    0xfd, 0xa7, 0x97, 0x84, 0x19, 0x1a, 0x5f, 0xf9, 0xf7, 0x96, 0x7f, 0x00,
+    0x43, 0x59, 0x60, 0x2c, 0xa6, 0x3c, 0xf8, 0x8f, 0xaf, 0xfb, 0xd1, 0xb6,
+    0x17, 0x70, 0xe2, 0xcb, 0xfe, 0xef, 0xd9, 0xd1, 0x60, 0xb7, 0x16, 0x5f,
+    0xed, 0xbc, 0xc2, 0x9d, 0x44, 0xb2, 0xff, 0xf6, 0x75, 0xcc, 0xfc, 0x58,
+    0x69, 0x60, 0x16, 0x56, 0x91, 0x00, 0x61, 0xad, 0xa1, 0x29, 0x8d, 0xe1,
+    0xd3, 0x42, 0xf6, 0xff, 0xc5, 0x22, 0xeb, 0xbf, 0xb6, 0x12, 0xcb, 0xf9,
+    0xbb, 0x06, 0x9c, 0x6b, 0x2f, 0x66, 0x80, 0xb2, 0xfd, 0xc6, 0xc2, 0x02,
+    0xcb, 0x63, 0x1e, 0x17, 0x07, 0x2f, 0xcc, 0x00, 0x66, 0x96, 0x50, 0xd1,
+    0xf7, 0xe3, 0xe2, 0x70, 0xe1, 0x35, 0xb6, 0x25, 0x97, 0xe7, 0xc2, 0x63,
+    0x56, 0x5e, 0xfe, 0x79, 0x65, 0x11, 0xe1, 0x6e, 0x93, 0x5c, 0xc7, 0x59,
+    0x7d, 0xb7, 0xb1, 0x12, 0xcb, 0xfd, 0x86, 0x6d, 0x90, 0x48, 0x16, 0x5f,
+    0xff, 0xf4, 0x1f, 0xbd, 0xa4, 0x2d, 0xdd, 0xb9, 0xdc, 0x30, 0x44, 0x0e,
+    0x2c, 0xa8, 0xd1, 0x49, 0xd9, 0xad, 0x1d, 0x30, 0x4d, 0xe2, 0xdb, 0xb0,
+    0xc9, 0xbf, 0xed, 0x8f, 0xff, 0x62, 0xee, 0x1c, 0x59, 0x7d, 0xb9, 0xec,
+    0xdc, 0x59, 0x7b, 0x65, 0x82, 0xeb, 0x2b, 0x6a, 0xa8, 0x1d, 0x8c, 0xf2,
+    0x35, 0x8c, 0x8c, 0xa0, 0xd3, 0xb7, 0x3f, 0xd9, 0x28, 0xbf, 0xff, 0xfe,
+    0xef, 0x82, 0x9e, 0xf6, 0xfb, 0x07, 0xb4, 0xb0, 0x46, 0xed, 0xe0, 0x00,
+    0xdf, 0x59, 0x7f, 0xff, 0xec, 0x19, 0xcf, 0x3f, 0xe6, 0x7f, 0x9a, 0x6c,
+    0xe8, 0xb0, 0x6b, 0x2f, 0xff, 0x7c, 0x53, 0x91, 0xed, 0xe3, 0x13, 0x69,
+    0x65, 0x8c, 0x24, 0x5b, 0x06, 0xd7, 0x52, 0x9b, 0x3e, 0x46, 0x7b, 0x7e,
+    0x92, 0xed, 0xe3, 0x59, 0x7f, 0x44, 0xc3, 0xc3, 0xb2, 0xcb, 0xff, 0xff,
+    0xfe, 0xea, 0x7d, 0x27, 0xfe, 0x73, 0x93, 0xad, 0x49, 0x64, 0x78, 0x2e,
+    0x0a, 0x22, 0x93, 0xac, 0xa9, 0x46, 0x0e, 0x16, 0xde, 0x16, 0x8d, 0x59,
+    0x47, 0x37, 0xfb, 0x24, 0x37, 0xe7, 0x00, 0x6f, 0x1a, 0xcb, 0xff, 0xff,
+    0xa3, 0xdb, 0xf8, 0xdb, 0x35, 0x1e, 0xd8, 0xa0, 0xde, 0xc1, 0xf7, 0x9b,
+    0xab, 0x2b, 0x11, 0x96, 0xc4, 0x82, 0x29, 0xbc, 0xc0, 0x95, 0x97, 0xfb,
+    0x69, 0x66, 0x9a, 0x4e, 0xb2, 0xff, 0xda, 0x7f, 0xeb, 0x1b, 0xd2, 0x35,
+    0x97, 0xf0, 0xcb, 0x3c, 0xff, 0x59, 0x7e, 0xff, 0x70, 0x6d, 0x2c, 0xac,
+    0x3d, 0x5e, 0x16, 0x54, 0x69, 0x80, 0x8c, 0x6f, 0x46, 0x60, 0x84, 0x95,
+    0xed, 0x38, 0x6b, 0x2f, 0xd3, 0xf3, 0xb7, 0xd6, 0x53, 0x9e, 0x20, 0x87,
+    0x6f, 0x8b, 0xbc, 0x3a, 0xca, 0x8c, 0xf0, 0xcc, 0x21, 0xbf, 0xf4, 0x9b,
+    0xba, 0x2c, 0x28, 0x83, 0x3a, 0xcb, 0xfe, 0x33, 0x34, 0x36, 0xcf, 0xf1,
+    0x65, 0xfe, 0x07, 0x33, 0x6f, 0x5f, 0x3a, 0xcb, 0xff, 0xff, 0xfc, 0x69,
+    0x66, 0xd6, 0xc2, 0x7f, 0xfa, 0x62, 0xda, 0x59, 0xe6, 0xff, 0x05, 0xd0,
+    0xa5, 0x65, 0x62, 0x6d, 0x3d, 0x92, 0x32, 0x23, 0x9c, 0x88, 0xde, 0xff,
+    0xf8, 0x41, 0x7d, 0xb3, 0xe6, 0xff, 0x18, 0xbb, 0x82, 0xcb, 0xff, 0xce,
+    0x6e, 0x10, 0xbf, 0xec, 0xde, 0x39, 0x59, 0x7f, 0xf6, 0x7f, 0x1a, 0x3c,
+    0xe9, 0xa2, 0xe2, 0xcb, 0xff, 0x66, 0x03, 0x9b, 0x75, 0xc1, 0xf1, 0x65,
+    0xfe, 0xd6, 0x75, 0xe6, 0xd4, 0x4b, 0x2b, 0x6a, 0x2e, 0xc6, 0x8b, 0x88,
+    0x37, 0xff, 0xde, 0x6d, 0xb9, 0x17, 0x70, 0xe7, 0xfd, 0x9d, 0xac, 0xa2,
+    0x4e, 0x33, 0xf1, 0x83, 0x6f, 0x31, 0xbe, 0xfe, 0x84, 0x75, 0x97, 0xff,
+    0xfb, 0x0e, 0x76, 0xef, 0x69, 0xa6, 0xe1, 0x7c, 0xd1, 0x4e, 0x96, 0x5d,
+    0x9d, 0x32, 0x22, 0x74, 0x47, 0x7f, 0xe1, 0x45, 0xb7, 0xfc, 0x6d, 0xb2,
+    0x35, 0x97, 0xdd, 0x96, 0x6c, 0xac, 0xa9, 0x56, 0x75, 0x91, 0xf1, 0x34,
+    0x30, 0x7c, 0x5c, 0xe8, 0x97, 0xec, 0x3c, 0x09, 0x96, 0x5e, 0x62, 0xfa,
+    0xcb, 0xfa, 0x1c, 0x73, 0x8b, 0x8b, 0x2a, 0x33, 0xc9, 0x71, 0xbb, 0xf6,
+    0x7b, 0xcf, 0x05, 0x97, 0xf7, 0xdb, 0x51, 0xe7, 0x4b, 0x2a, 0x5b, 0x9b,
+    0x78, 0xcf, 0x87, 0x28, 0xef, 0x25, 0x88, 0x9b, 0x2a, 0x53, 0xa8, 0x47,
+    0xf7, 0x19, 0xeb, 0x4b, 0xb5, 0xd4, 0x7b, 0xa7, 0x28, 0xf4, 0x7e, 0x6f,
+    0x19, 0x79, 0x4a, 0x34, 0xe4, 0xb8, 0x3f, 0xa9, 0x89, 0xbf, 0x64, 0x8b,
+    0x74, 0x9e, 0xff, 0x8b, 0x0c, 0xdd, 0xdd, 0xfe, 0x79, 0x65, 0xfe, 0x27,
+    0x37, 0x30, 0x8d, 0x59, 0x77, 0x58, 0xb2, 0xba, 0x44, 0x41, 0xcf, 0xdc,
+    0xca, 0x96, 0x5f, 0xfd, 0xb7, 0x22, 0xee, 0x1c, 0xff, 0xb3, 0xb5, 0x97,
+    0xfc, 0xd9, 0xd9, 0x6d, 0xe6, 0x12, 0xcb, 0xde, 0x6d, 0x2c, 0xaf, 0x1e,
+    0xae, 0xe9, 0xcd, 0xfe, 0x84, 0x8f, 0x68, 0xda, 0x25, 0x97, 0xfd, 0xb7,
+    0xe5, 0x86, 0x63, 0x71, 0x65, 0xff, 0xb0, 0xd9, 0x2e, 0xb6, 0xef, 0xe1,
+    0x8b, 0x2f, 0xff, 0xfd, 0xf7, 0x88, 0xb2, 0x37, 0xda, 0x5d, 0xe1, 0x85,
+    0x82, 0xc3, 0x56, 0x50, 0x51, 0x3f, 0x38, 0xc2, 0xfa, 0x84, 0xff, 0x64,
+    0xb1, 0x1b, 0x78, 0xeb, 0x75, 0x16, 0xf7, 0xa4, 0x0b, 0x2f, 0xf7, 0x98,
+    0x13, 0xf6, 0xde, 0xb2, 0xfe, 0x66, 0x93, 0x26, 0x25, 0x97, 0xdf, 0x72,
+    0x02, 0xcb, 0xff, 0xf3, 0x9a, 0x68, 0x1e, 0x2d, 0xd2, 0x93, 0x3b, 0x87,
+    0x16, 0x58, 0x37, 0x3f, 0xe2, 0x21, 0xbe, 0x7d, 0xc9, 0x02, 0xca, 0xd8,
+    0xd5, 0xef, 0x4c, 0xa2, 0x3c, 0x75, 0xe8, 0x72, 0x23, 0x47, 0x85, 0x59,
+    0x84, 0xf7, 0xb9, 0xf6, 0x59, 0x4b, 0x2f, 0xec, 0x3c, 0xf9, 0xfc, 0xb2,
+    0xda, 0x59, 0x4b, 0x2b, 0x0b, 0xc8, 0x84, 0x6f, 0x4e, 0x69, 0x65, 0x6d,
+    0x37, 0x64, 0x41, 0x7b, 0xcc, 0x6a, 0xca, 0xda, 0x8c, 0x21, 0xc2, 0x0c,
+    0xd2, 0x2b, 0xff, 0xee, 0xe0, 0x53, 0xb4, 0xe5, 0x26, 0xfd, 0xa3, 0x59,
+    0x7b, 0x9a, 0x3a, 0xcb, 0xff, 0xb6, 0xff, 0x58, 0x66, 0x46, 0x58, 0x62,
+    0xca, 0xda, 0x9e, 0xcc, 0x8e, 0x64, 0x33, 0x58, 0xe0, 0x94, 0xfe, 0x3b,
+    0x7e, 0xd6, 0xd2, 0xde, 0x62, 0xcb, 0xff, 0xf1, 0xa0, 0x8b, 0x9b, 0x7e,
+    0x79, 0xf6, 0x17, 0x78, 0xb2, 0xf8, 0xdd, 0x91, 0x7d, 0x65, 0xb8, 0xb2,
+    0xf3, 0x82, 0x56, 0x56, 0x8f, 0x4c, 0xe4, 0xfe, 0x11, 0xbc, 0xf1, 0x4a,
+    0xcb, 0xde, 0xcd, 0x2c, 0xa9, 0x4d, 0x06, 0x05, 0xaf, 0x0a, 0xd3, 0x0b,
+    0xf7, 0x47, 0x2f, 0xe8, 0xe2, 0x86, 0xc7, 0xa8, 0xd6, 0x5f, 0x06, 0x59,
+    0xbd, 0x65, 0xf3, 0x0f, 0x06, 0xb2, 0xbb, 0x3c, 0x53, 0x92, 0x5a, 0x25,
+    0x97, 0x49, 0xd6, 0x5b, 0xeb, 0x2b, 0x46, 0x9d, 0xc5, 0xa8, 0x67, 0xb3,
+    0xe3, 0x9b, 0xe9, 0x1b, 0xc1, 0x65, 0xef, 0xe7, 0x16, 0x5f, 0xfb, 0x1f,
+    0xb0, 0x45, 0x09, 0xd4, 0x6b, 0x2f, 0x6a, 0x62, 0x59, 0x70, 0x8c, 0x59,
+    0x73, 0xf6, 0xb2, 0xb0, 0xd7, 0xf0, 0x62, 0xa3, 0x47, 0x51, 0xa4, 0x3e,
+    0x1c, 0x74, 0x1f, 0xa6, 0x5f, 0x41, 0xcb, 0x65, 0x65, 0xd1, 0x3a, 0xcb,
+    0xa1, 0x1a, 0xcb, 0xdf, 0x98, 0x2c, 0xbf, 0xbc, 0xfd, 0x80, 0x33, 0xac,
+    0xbe, 0xcf, 0xe1, 0xd6, 0x56, 0xd3, 0xed, 0xc1, 0xc7, 0x30, 0xbf, 0xfe,
+    0xc9, 0x20, 0x4b, 0x7f, 0xd8, 0x7c, 0x1a, 0xcb, 0xc1, 0x8a, 0x35, 0x97,
+    0x49, 0xab, 0x2a, 0x34, 0x58, 0xc0, 0xbc, 0xd4, 0xcf, 0x8f, 0xdf, 0xce,
+    0x64, 0xff, 0x23, 0x59, 0x7f, 0x36, 0xbb, 0x81, 0x4a, 0xcb, 0xf4, 0xfe,
+    0x0d, 0xf5, 0x97, 0xf7, 0xa7, 0xb8, 0x67, 0xd6, 0x54, 0x0f, 0x54, 0x64,
+    0xf5, 0xe4, 0x52, 0x7e, 0x10, 0x57, 0xfd, 0x1e, 0xb2, 0x28, 0x31, 0x1a,
+    0xb2, 0xff, 0xa4, 0xbf, 0xa6, 0xdf, 0x83, 0x59, 0x4e, 0x7e, 0x9b, 0x27,
+    0x77, 0x67, 0xd6, 0x5a, 0x25, 0x95, 0xe3, 0x50, 0x42, 0xd4, 0x14, 0x5d,
+    0xd9, 0x97, 0xcc, 0x7c, 0x68, 0xc3, 0x22, 0x4b, 0x39, 0x27, 0x85, 0xde,
+    0x33, 0x62, 0x3f, 0x14, 0x34, 0xb6, 0x61, 0x38, 0x1a, 0x65, 0xfe, 0x33,
+    0x20, 0x42, 0x7e, 0x2c, 0xb7, 0x16, 0x5f, 0xed, 0xe4, 0x2e, 0x6b, 0x9c,
+    0x59, 0x7e, 0xec, 0xc7, 0x20, 0x2c, 0xb8, 0x8d, 0x59, 0x6e, 0x31, 0xe0,
+    0x08, 0xa6, 0xe7, 0xf2, 0xcb, 0xff, 0x1e, 0x4d, 0xff, 0xb3, 0xf2, 0x05,
+    0x97, 0xe7, 0x1c, 0xe1, 0x2c, 0xb1, 0xab, 0x2a, 0x34, 0x46, 0x30, 0xb7,
+    0x8f, 0xc8, 0x96, 0xff, 0xfc, 0x72, 0xce, 0xbb, 0xf9, 0x3f, 0x8f, 0x39,
+    0xf5, 0x97, 0xff, 0xd9, 0x1b, 0x97, 0x5b, 0x79, 0x27, 0x7e, 0xfe, 0xb2,
+    0xa5, 0x15, 0x1a, 0x55, 0xbf, 0xdb, 0x9e, 0xc8, 0xf5, 0xa9, 0x59, 0x4b,
+    0x2f, 0xfe, 0x78, 0x61, 0x0c, 0xa6, 0x03, 0xe2, 0xcb, 0x66, 0x1e, 0x6e,
+    0xf0, 0xbb, 0xfe, 0xdb, 0xc1, 0x4f, 0x62, 0xcf, 0x2c, 0xbb, 0x9b, 0x12,
+    0xcb, 0xff, 0xc5, 0x87, 0x9e, 0xb6, 0x87, 0x1c, 0x6f, 0xda, 0xcb, 0xf8,
+    0x47, 0x3b, 0xc3, 0x6f, 0xcf, 0xb3, 0x74, 0x72, 0xfc, 0x28, 0x07, 0xae,
+    0x2c, 0xb3, 0x41, 0x31, 0xcf, 0x42, 0xa0, 0x92, 0xaf, 0xff, 0xd3, 0xa9,
+    0xeb, 0x0f, 0x3d, 0x41, 0xb8, 0x23, 0xac, 0xa9, 0x5c, 0xcb, 0x8c, 0xcf,
+    0x04, 0x62, 0x76, 0xd4, 0x2c, 0xfd, 0x0e, 0x47, 0x22, 0x28, 0x42, 0x7e,
+    0x34, 0x4d, 0x93, 0xab, 0xfb, 0x59, 0x26, 0xc9, 0x2c, 0xb9, 0xfc, 0xb2,
+    0xe0, 0xa6, 0xc4, 0xb2, 0xf1, 0x39, 0xd6, 0x5f, 0xff, 0xfd, 0x9b, 0xb1,
+    0x4f, 0xb3, 0xe5, 0x31, 0x6d, 0xc2, 0xce, 0xe0, 0xdc, 0x59, 0x7f, 0xff,
+    0x79, 0xe2, 0x38, 0x89, 0xcd, 0xe6, 0x75, 0xe1, 0x6e, 0x2c, 0xba, 0x7e,
+    0x04, 0x6b, 0xf1, 0xda, 0xfb, 0xfc, 0xee, 0x0b, 0x2d, 0x2b, 0x2b, 0x0d,
+    0xa0, 0x09, 0x2e, 0xce, 0x2c, 0xbf, 0xff, 0x77, 0x0e, 0x6d, 0xc1, 0x05,
+    0xdb, 0xce, 0x59, 0xbd, 0x65, 0xff, 0x8f, 0x9d, 0xc3, 0x8f, 0x3d, 0xc1,
+    0x65, 0x74, 0x8b, 0x33, 0x8b, 0x79, 0x76, 0xff, 0xda, 0x8b, 0x93, 0xa7,
+    0x83, 0x79, 0x65, 0xc1, 0xc6, 0xb2, 0x99, 0x11, 0x2e, 0x62, 0x47, 0xf5,
+    0x05, 0x67, 0xf8, 0x59, 0xd8, 0xb3, 0x10, 0x7a, 0x1e, 0x44, 0xc5, 0xf8,
+    0xd7, 0x28, 0x29, 0x19, 0xe4, 0xde, 0xc5, 0x0b, 0xb0, 0xac, 0xa0, 0xbd,
+    0x82, 0x1e, 0x3b, 0x1c, 0xb6, 0xfd, 0x85, 0x0c, 0x70, 0xb1, 0x40, 0x2d,
+    0xc2, 0x3f, 0x61, 0xc2, 0x52, 0x69, 0x80, 0x91, 0xce, 0x5f, 0xc2, 0x70,
+    0x94, 0x74, 0xd5, 0x2c, 0xb4, 0xbc, 0xa6, 0xce, 0x6f, 0x75, 0x58, 0x3a,
+    0x77, 0x4a, 0x50, 0x6a, 0x42, 0x7c, 0x54, 0x91, 0xbd, 0x53, 0xb5, 0x8f,
+    0x48, 0xfc, 0xf5, 0xa6, 0x03, 0x7a, 0x4b, 0x20, 0x27, 0xba, 0xc2, 0xf1,
+    0x8f, 0x95, 0x7a, 0x9d, 0xca, 0xe0, 0xbb, 0xf5, 0xdd, 0x88, 0xa7, 0x6a,
+    0xb7, 0xca, 0x50, 0x32, 0x39, 0xcd, 0x99, 0xe2, 0xb0, 0xe7, 0x63, 0x77,
+    0x65, 0xf1, 0xdf, 0xff, 0xc2, 0xe8, 0x27, 0x7f, 0xd4, 0xe7, 0x7b, 0x18,
+    0xdd, 0xcd, 0x59, 0x41, 0x15, 0xb6, 0xb4, 0xb0, 0x7b, 0xf9, 0xdb, 0xfc,
+    0x62, 0x59, 0x79, 0xb5, 0x8b, 0x2b, 0x70, 0xf1, 0xb8, 0x57, 0x7e, 0xd7,
+    0x4e, 0xfd, 0x2a, 0x29, 0xd5, 0xd9, 0xda, 0xcb, 0xef, 0xe9, 0xbb, 0x59,
+    0x7f, 0xf8, 0x42, 0x26, 0x29, 0xf3, 0x1f, 0x38, 0xb2, 0xed, 0x1d, 0x65,
+    0x82, 0x4a, 0x3c, 0xf0, 0x97, 0xb3, 0x66, 0x17, 0x39, 0x18, 0x11, 0xef,
+    0xff, 0xd0, 0x09, 0x90, 0xf6, 0x34, 0x39, 0x3f, 0x91, 0xac, 0xbd, 0x99,
+    0xc5, 0x97, 0xf3, 0xc7, 0xfe, 0x38, 0x16, 0x5d, 0xa0, 0x9e, 0x3c, 0x9d,
+    0x91, 0xba, 0x94, 0x69, 0x34, 0x27, 0xef, 0xda, 0xe9, 0xdf, 0xa5, 0x45,
+    0x46, 0xbf, 0xf3, 0xc0, 0x26, 0x6b, 0xa7, 0x7e, 0x95, 0x13, 0x42, 0xff,
+    0xf1, 0x64, 0x50, 0x7d, 0x40, 0xb3, 0x7b, 0xac, 0xbd, 0x39, 0xda, 0xcb,
+    0xcf, 0x1c, 0xac, 0xa2, 0x37, 0x02, 0x1c, 0xac, 0x4c, 0x98, 0xe6, 0xdc,
+    0x4e, 0xfc, 0x20, 0xaf, 0xf0, 0x6f, 0xbc, 0x27, 0xda, 0x35, 0x94, 0x10,
+    0xfe, 0xe5, 0x0a, 0xfd, 0x18, 0x71, 0xcc, 0x6b, 0x2f, 0xba, 0x77, 0xe9,
+    0x51, 0x57, 0xab, 0x0f, 0x73, 0x45, 0x97, 0xff, 0xbc, 0xdf, 0xe4, 0xc3,
+    0xd2, 0x63, 0x92, 0xcb, 0xff, 0xbe, 0x0c, 0x1f, 0xb0, 0x63, 0x6e, 0xd6,
+    0x5f, 0x7f, 0x4d, 0xda, 0xcb, 0xf6, 0xf9, 0x2f, 0x09, 0x65, 0xff, 0x9f,
+    0xb8, 0x73, 0x3a, 0x1e, 0x76, 0xb2, 0xb0, 0xfa, 0x9c, 0xa6, 0xfe, 0x61,
+    0x8e, 0x75, 0x2b, 0x2f, 0xdc, 0x27, 0x9e, 0x2c, 0xbf, 0xff, 0xf6, 0x13,
+    0x0c, 0xee, 0xe5, 0xd0, 0xfd, 0x38, 0x36, 0x28, 0xd6, 0x54, 0xa2, 0x3e,
+    0x04, 0xd7, 0xff, 0x3f, 0xa2, 0x7f, 0xff, 0xbe, 0x98, 0x96, 0x5f, 0xff,
+    0x80, 0x42, 0x38, 0x63, 0x1c, 0x80, 0xf3, 0x9f, 0x59, 0x7f, 0x3f, 0xf9,
+    0x9d, 0xfd, 0x65, 0x76, 0x88, 0x42, 0x56, 0xb0, 0x4c, 0x56, 0x4d, 0xd1,
+    0x0f, 0x69, 0x2c, 0x8b, 0xa8, 0x46, 0xf8, 0x83, 0xf0, 0xbb, 0x30, 0x88,
+    0x38, 0x65, 0x5f, 0xb5, 0xd3, 0xbf, 0x4a, 0x8a, 0xd9, 0x7f, 0xd0, 0x09,
+    0x9a, 0xe9, 0xdf, 0xa5, 0x44, 0x82, 0xbe, 0xc3, 0xce, 0xe2, 0xcb, 0x04,
+    0xc4, 0x51, 0xb9, 0xb7, 0x12, 0x6f, 0x8e, 0xc5, 0x2b, 0x2f, 0xda, 0xe9,
+    0xdf, 0xa5, 0x44, 0x86, 0xbf, 0xb4, 0x2d, 0xf2, 0x61, 0xd6, 0x5f, 0xc5,
+    0x9c, 0xfc, 0x25, 0x65, 0xf0, 0x47, 0x80, 0x49, 0x45, 0x9e, 0x10, 0x31,
+    0xb6, 0xf3, 0x1b, 0xfd, 0x9f, 0x61, 0xe1, 0x44, 0xb2, 0xff, 0x39, 0xa1,
+    0x0d, 0x37, 0x37, 0x16, 0x5b, 0x81, 0x0f, 0xb4, 0x8c, 0xaf, 0x3b, 0xf4,
+    0xb8, 0xc0, 0xd5, 0x27, 0xa5, 0xd1, 0x4d, 0xba, 0x59, 0x6d, 0xc5, 0x95,
+    0x86, 0x9b, 0xc2, 0x57, 0x19, 0xf5, 0x97, 0xb8, 0xc6, 0xac, 0xa1, 0x9b,
+    0x5e, 0xc6, 0x2e, 0xd8, 0x23, 0x59, 0x7f, 0xde, 0x9f, 0xf3, 0x62, 0xe6,
+    0xc0, 0x4b, 0x28, 0x28, 0x7c, 0x10, 0x1d, 0xbe, 0xff, 0xf3, 0x75, 0x65,
+    0x89, 0x65, 0x99, 0x65, 0x6c, 0x46, 0x80, 0x2d, 0x08, 0x5f, 0xfe, 0x0b,
+    0x41, 0x6b, 0x62, 0xf4, 0x9c, 0x9f, 0xcd, 0xa5, 0x96, 0xed, 0x65, 0xc5,
+    0x05, 0x97, 0xbf, 0x80, 0x59, 0x73, 0x12, 0xcb, 0xc2, 0xfe, 0x2c, 0xba,
+    0x62, 0x59, 0x7f, 0x1f, 0x3a, 0x27, 0xdc, 0x59, 0x7b, 0x1a, 0x35, 0x96,
+    0x0d, 0x65, 0x61, 0xef, 0x68, 0xc0, 0x43, 0x97, 0xe1, 0xcf, 0xdc, 0x6b,
+    0x2e, 0x6d, 0xeb, 0x2a, 0x4d, 0xff, 0xc9, 0xef, 0x7b, 0x38, 0xb2, 0xce,
+    0xb2, 0x86, 0x6b, 0x3e, 0x39, 0x43, 0x4f, 0x13, 0x04, 0xb7, 0x05, 0xa2,
+    0x1c, 0xd0, 0xaf, 0x87, 0x38, 0xeb, 0xf6, 0xd0, 0xd3, 0x2f, 0xbf, 0xc6,
+    0xde, 0xb2, 0xc4, 0xb2, 0xfc, 0x39, 0x28, 0xf7, 0x16, 0x5f, 0xe9, 0x34,
+    0x30, 0x02, 0x7b, 0x59, 0x52, 0x7c, 0x31, 0x95, 0xdf, 0x9f, 0xcc, 0x7c,
+    0x59, 0x58, 0x8b, 0x92, 0x71, 0xde, 0x45, 0x7f, 0x67, 0x5e, 0x99, 0x89,
+    0x65, 0xb6, 0x56, 0x53, 0x1f, 0x97, 0x8c, 0x04, 0x5d, 0x78, 0x81, 0xc5,
+    0x97, 0xe7, 0x8c, 0x3c, 0x89, 0x65, 0x61, 0xe3, 0x10, 0xe5, 0xee, 0x8b,
+    0x71, 0x65, 0xff, 0x9c, 0xcf, 0x33, 0xc3, 0xed, 0x1a, 0xca, 0x73, 0xdf,
+    0x22, 0x0b, 0xff, 0x03, 0x3b, 0xe0, 0x7a, 0x63, 0xe2, 0xcb, 0x9a, 0x25,
+    0x96, 0xce, 0xcf, 0x5f, 0x48, 0x17, 0xd1, 0xf3, 0xb6, 0x59, 0x7f, 0xfa,
+    0x7b, 0x83, 0x1c, 0xcc, 0x21, 0xfa, 0x56, 0x56, 0x27, 0x19, 0xa7, 0xf2,
+    0x77, 0xe1, 0x40, 0x89, 0x2f, 0xce, 0x30, 0xe4, 0x96, 0x5f, 0xe6, 0x16,
+    0xe7, 0xa7, 0x23, 0x59, 0x7f, 0xed, 0x7c, 0x32, 0x7e, 0xb0, 0xba, 0x59,
+    0x7d, 0x27, 0x6d, 0x95, 0x97, 0x4e, 0xea, 0xcb, 0xff, 0x18, 0xf0, 0xd6,
+    0x37, 0xa4, 0x6b, 0x2f, 0xba, 0x77, 0xe9, 0x51, 0x62, 0x2f, 0xda, 0xd3,
+    0x97, 0xd6, 0x5f, 0xda, 0xf3, 0xf3, 0x03, 0x59, 0x78, 0x7e, 0x12, 0xca,
+    0x63, 0xcb, 0x72, 0xeb, 0xf8, 0xbc, 0xfc, 0x9d, 0xc5, 0x96, 0x31, 0x65,
+    0xdc, 0x65, 0x94, 0xc6, 0xa0, 0x02, 0x57, 0xfe, 0x86, 0x73, 0xfe, 0xc6,
+    0xd4, 0x16, 0x53, 0x1e, 0xf0, 0x88, 0x2f, 0xe9, 0x9e, 0xce, 0xe3, 0x59,
+    0x78, 0x45, 0x05, 0x97, 0xfb, 0xa9, 0xcd, 0x00, 0x1f, 0x59, 0x51, 0xab,
+    0x2d, 0x81, 0x3e, 0x1b, 0x74, 0x81, 0xd9, 0x23, 0x0c, 0xe8, 0xf8, 0xe6,
+    0x1e, 0x72, 0x72, 0x02, 0x85, 0xaf, 0x08, 0x7e, 0x5a, 0x21, 0xcb, 0xed,
+    0x49, 0x1a, 0xb2, 0xf4, 0x27, 0x71, 0x65, 0x61, 0xe0, 0xc4, 0x45, 0x7f,
+    0xfb, 0xff, 0xc8, 0xf9, 0x3a, 0x78, 0x37, 0x96, 0x59, 0x96, 0x59, 0x96,
+    0x5a, 0x06, 0x9a, 0x00, 0x08, 0x5f, 0x83, 0xd9, 0xcd, 0x4a, 0xcb, 0x85,
+    0xa5, 0x97, 0xdf, 0x92, 0x8d, 0x65, 0x44, 0x6e, 0x7e, 0x2f, 0x62, 0x59,
+    0x74, 0x92, 0xcb, 0xfa, 0x78, 0x1c, 0x73, 0x1a, 0xca, 0x23, 0xd5, 0xe0,
+    0x80, 0x62, 0xb7, 0xdb, 0x9e, 0x16, 0xe2, 0xca, 0x94, 0xcc, 0xf1, 0x91,
+    0x9d, 0xc4, 0x5f, 0x7f, 0xc2, 0x8c, 0xb0, 0x7e, 0x11, 0xab, 0x2a, 0x55,
+    0x1d, 0x9a, 0xd5, 0xe8, 0xd6, 0xc8, 0xee, 0xfb, 0xdc, 0x14, 0xac, 0xbf,
+    0xfd, 0x9d, 0xf6, 0x07, 0xff, 0x18, 0xbb, 0x82, 0xcb, 0xff, 0xa7, 0x39,
+    0x84, 0x36, 0x04, 0x92, 0xcb, 0xc5, 0x31, 0xac, 0xa6, 0x45, 0x41, 0x26,
+    0x09, 0x02, 0xe1, 0x69, 0x65, 0xf4, 0xea, 0x4e, 0xb2, 0xa5, 0x33, 0x08,
+    0x43, 0x29, 0xcb, 0xb8, 0x2f, 0x7c, 0x30, 0xf6, 0x28, 0x2c, 0xbf, 0x03,
+    0xaf, 0x30, 0x5d, 0x65, 0xef, 0x60, 0x16, 0x5f, 0xdd, 0xf3, 0xd2, 0xdf,
+    0x59, 0x73, 0xfd, 0x65, 0x31, 0xe2, 0x1c, 0xba, 0xf7, 0xa4, 0x0b, 0x2e,
+    0x16, 0xca, 0xcb, 0xe6, 0x29, 0x8d, 0x65, 0xff, 0xf7, 0xf3, 0xb8, 0x10,
+    0xbe, 0xec, 0x52, 0x35, 0x97, 0xf1, 0xcb, 0x27, 0x72, 0x25, 0x96, 0x02,
+    0xca, 0x93, 0xc1, 0x63, 0x0b, 0xcf, 0x3d, 0xac, 0xad, 0x81, 0x3f, 0x9c,
+    0x29, 0xe8, 0xb7, 0x4c, 0x1e, 0x21, 0x21, 0xce, 0x0d, 0x7c, 0x87, 0x66,
+    0x11, 0xfb, 0xa4, 0x17, 0x9f, 0xfc, 0x59, 0x7f, 0xfd, 0xa8, 0x1c, 0xa7,
+    0x52, 0x3c, 0x8a, 0x7c, 0xb2, 0x98, 0xfa, 0xdc, 0x72, 0xfb, 0x3a, 0x7e,
+    0x2c, 0xbe, 0xde, 0x27, 0xe2, 0xcb, 0x32, 0xcb, 0xfe, 0x9f, 0xf3, 0x9f,
+    0x9e, 0xcc, 0x59, 0x7e, 0x6d, 0x31, 0x81, 0x75, 0x96, 0xed, 0x65, 0x41,
+    0x1d, 0xf8, 0x40, 0xc4, 0x51, 0x12, 0x68, 0x43, 0xc7, 0x61, 0x96, 0x5f,
+    0xf9, 0xbd, 0xdc, 0x33, 0xf9, 0xdf, 0xd6, 0x5f, 0xef, 0x61, 0xf1, 0xf5,
+    0x1a, 0xca, 0x81, 0xf9, 0x8d, 0x02, 0xfd, 0xff, 0xbc, 0x38, 0xb2, 0xf6,
+    0x6a, 0x56, 0x5e, 0x2c, 0x3a, 0xcd, 0x92, 0xee, 0xff, 0xc2, 0xce, 0xc7,
+    0xbf, 0xd8, 0xf1, 0x2c, 0xae, 0xd1, 0x65, 0x12, 0x1e, 0xf2, 0xdb, 0x41,
+    0x65, 0xee, 0xf8, 0xeb, 0x2f, 0xb3, 0x0c, 0xe2, 0xca, 0x93, 0xd0, 0xc1,
+    0x1f, 0x8e, 0xdb, 0x7a, 0xcb, 0x84, 0x4b, 0x2c, 0x17, 0x59, 0x6d, 0xeb,
+    0x2a, 0x53, 0xd6, 0xc8, 0x6a, 0x6a, 0x10, 0x80, 0x2d, 0xe0, 0x9f, 0xc5,
+    0xb7, 0x8a, 0xdf, 0xdd, 0x4f, 0xfd, 0x80, 0x59, 0x7f, 0x07, 0x9a, 0xcc,
+    0x89, 0x65, 0x11, 0xee, 0x70, 0xba, 0xfd, 0xdf, 0x27, 0x5c, 0x59, 0x7f,
+    0xcf, 0xfe, 0x0c, 0x4f, 0xa8, 0x2c, 0xbf, 0xd1, 0xf7, 0x0e, 0x13, 0x44,
+    0xb2, 0xfb, 0xe4, 0x28, 0xd6, 0x54, 0x9e, 0xc9, 0x1b, 0x54, 0xa3, 0xf3,
+    0x08, 0x48, 0xa4, 0x50, 0x92, 0xbf, 0xb5, 0x00, 0x66, 0x44, 0xb2, 0xe1,
+    0x06, 0xb2, 0xf9, 0xe5, 0xb6, 0x56, 0x5f, 0xc3, 0xf3, 0x6f, 0x92, 0x59,
+    0x77, 0x22, 0x59, 0x7b, 0x41, 0xf1, 0x65, 0x62, 0x33, 0x4d, 0x2e, 0xd0,
+    0xc1, 0x11, 0xfc, 0xbb, 0x78, 0xc5, 0xff, 0x70, 0xdd, 0x48, 0xfd, 0x3b,
+    0xd6, 0x5f, 0x40, 0x3f, 0x4a, 0xcb, 0xda, 0x98, 0x2c, 0xa7, 0x37, 0xfb,
+    0xc8, 0xef, 0xc7, 0xc6, 0xd4, 0x4b, 0x2d, 0xb8, 0xb2, 0xa4, 0xde, 0x39,
+    0x45, 0xf0, 0x73, 0xbb, 0xc5, 0x97, 0xfc, 0x4e, 0x7e, 0x61, 0xe7, 0x71,
+    0x65, 0xfa, 0x47, 0x8f, 0xb8, 0xb2, 0x88, 0xf8, 0xf7, 0x9d, 0x5f, 0xf9,
+    0xa3, 0x72, 0xf3, 0xf2, 0x77, 0x16, 0x5e, 0xf4, 0xf9, 0x65, 0x2c, 0xb6,
+    0x0c, 0xd3, 0x9c, 0x72, 0xfb, 0x4c, 0x66, 0xe2, 0xca, 0x64, 0x6b, 0x78,
+    0x8c, 0x99, 0xf8, 0x4d, 0x7f, 0xfb, 0x4c, 0x79, 0xef, 0xd2, 0x32, 0x7d,
+    0xc5, 0x94, 0x34, 0xf9, 0xb9, 0x1a, 0xff, 0xce, 0xef, 0xba, 0xf4, 0xe9,
+    0x65, 0xe6, 0xcd, 0x2c, 0xae, 0xcd, 0xf0, 0x64, 0x77, 0xf8, 0x02, 0x70,
+    0xfd, 0x30, 0x59, 0x52, 0xb8, 0x05, 0x8b, 0x0c, 0xf7, 0xe5, 0xe7, 0x94,
+    0x0a, 0x27, 0x53, 0x08, 0xee, 0x98, 0x2c, 0xbf, 0x75, 0xe9, 0xef, 0x75,
+    0x65, 0x0c, 0xf0, 0xfb, 0x16, 0xb0, 0xd6, 0x5f, 0x89, 0xcf, 0x3e, 0x59,
+    0x58, 0x6d, 0xd8, 0x46, 0xff, 0xf4, 0x9e, 0x60, 0x32, 0x9f, 0x3e, 0x69,
+    0x65, 0xcd, 0xe5, 0x94, 0xb2, 0xa0, 0x7d, 0x1f, 0x47, 0xd9, 0x16, 0xbf,
+    0x14, 0xfa, 0x77, 0x16, 0x5e, 0xfe, 0x01, 0x65, 0xfc, 0x76, 0xe7, 0x18,
+    0x6b, 0x2f, 0x3e, 0x8d, 0x59, 0x42, 0x3c, 0xa3, 0x0b, 0x6f, 0xe2, 0xcd,
+    0xe5, 0x9c, 0x59, 0x73, 0x69, 0x65, 0x74, 0x78, 0x7e, 0x2d, 0xb7, 0x16,
+    0x5f, 0xed, 0xcd, 0xa1, 0xc9, 0x39, 0xab, 0x2f, 0xf4, 0x1f, 0x0b, 0x3f,
+    0xc5, 0x97, 0xec, 0xc2, 0xef, 0xeb, 0x2f, 0xf6, 0x78, 0xb3, 0xfe, 0x65,
+    0x94, 0x33, 0xd8, 0xf9, 0x3d, 0x4a, 0x3d, 0x70, 0x47, 0xb3, 0x90, 0x42,
+    0x26, 0xf8, 0x72, 0xfa, 0x59, 0x7d, 0x27, 0xe7, 0x16, 0x5f, 0xfb, 0x3b,
+    0x87, 0xa7, 0x86, 0xfa, 0x56, 0x54, 0xab, 0xe4, 0x82, 0xd7, 0x70, 0x87,
+    0x63, 0x28, 0x8a, 0x74, 0xcd, 0xe6, 0x62, 0x8c, 0x63, 0x88, 0x3f, 0x21,
+    0xdd, 0x22, 0xbe, 0xfb, 0xbc, 0x6b, 0x2d, 0xb2, 0xb2, 0xe8, 0x71, 0x65,
+    0x9e, 0x06, 0xaf, 0xb1, 0x4b, 0xef, 0xb1, 0x18, 0x92, 0xc2, 0x59, 0x69,
+    0xc3, 0x67, 0xe2, 0x2b, 0xb3, 0x4b, 0x2f, 0xf1, 0x7f, 0x9d, 0xf1, 0xf7,
+    0x16, 0x5f, 0xd8, 0x3d, 0xcc, 0xef, 0x71, 0x65, 0x39, 0xf5, 0x91, 0xbd,
+    0x6e, 0x26, 0xda, 0xe9, 0xa0, 0x5a, 0x22, 0x51, 0x42, 0x06, 0xf0, 0x7e,
+    0x12, 0xcb, 0xff, 0x1c, 0x51, 0x77, 0xc9, 0x89, 0xb7, 0xac, 0xbf, 0xcd,
+    0xcf, 0x39, 0x4c, 0xac, 0xb8, 0x5e, 0x59, 0x7f, 0x8b, 0xaf, 0xfd, 0xe1,
+    0xc5, 0x95, 0xa3, 0xfb, 0x39, 0x80, 0x85, 0xef, 0xff, 0xb3, 0xdd, 0xc3,
+    0x91, 0x41, 0x8b, 0xf2, 0x05, 0x97, 0xf4, 0x9c, 0xa7, 0xb8, 0x2c, 0xa6,
+    0x3f, 0xef, 0x28, 0xde, 0xd6, 0xb1, 0x65, 0xee, 0xe1, 0xc5, 0x97, 0x79,
+    0xb8, 0x6e, 0x8c, 0x1c, 0xbe, 0x8c, 0xef, 0xf5, 0x97, 0xfe, 0x93, 0x3c,
+    0xe3, 0xf4, 0x94, 0x6b, 0x2a, 0x4f, 0x8b, 0x44, 0x77, 0xda, 0xc7, 0xdd,
+    0x59, 0x7a, 0x4c, 0x82, 0xcb, 0xfe, 0xcf, 0xf3, 0x59, 0xc9, 0xed, 0x65,
+    0xec, 0x7e, 0x96, 0x57, 0x47, 0xe4, 0xc3, 0xa4, 0x73, 0x7f, 0xe9, 0x30,
+    0x38, 0xf9, 0x87, 0x9d, 0xc5, 0x95, 0x1a, 0xac, 0x01, 0xc2, 0xb7, 0xa5,
+    0xb8, 0xa1, 0x1f, 0xa2, 0x1f, 0x42, 0x5b, 0xe5, 0xd7, 0x73, 0xb5, 0x97,
+    0x67, 0x16, 0x5d, 0xbb, 0xa5, 0x95, 0x2b, 0x87, 0xf9, 0x2d, 0xfd, 0x9e,
+    0x03, 0x18, 0xdd, 0x16, 0xbf, 0xfb, 0x5d, 0x09, 0xc7, 0x84, 0x3f, 0x32,
+    0xcb, 0xf6, 0x7b, 0xb8, 0x71, 0x65, 0xf8, 0xe1, 0x3a, 0xde, 0x62, 0xca,
+    0x63, 0xd8, 0x0c, 0xa6, 0xe3, 0xca, 0xcb, 0xcd, 0xbf, 0x16, 0x5f, 0xf7,
+    0x44, 0xfc, 0xe0, 0xa7, 0xa5, 0x95, 0x87, 0xdb, 0xf1, 0x61, 0x0e, 0xdc,
+    0x1f, 0x4b, 0x2f, 0xfc, 0xed, 0xf8, 0x61, 0xa5, 0x80, 0x59, 0x7e, 0xee,
+    0x05, 0x83, 0x59, 0x50, 0x3f, 0xef, 0x0c, 0x91, 0xed, 0xef, 0x61, 0x8b,
+    0x2f, 0xe6, 0xe7, 0x9a, 0x59, 0x65, 0xff, 0xf8, 0xb3, 0x3a, 0xf4, 0xee,
+    0x16, 0x7f, 0x18, 0x0b, 0x28, 0xe8, 0x80, 0x72, 0xbb, 0xfd, 0x85, 0xdc,
+    0xf1, 0xf7, 0x16, 0x5f, 0x8a, 0x29, 0xf4, 0xac, 0xa5, 0x97, 0x60, 0xd6,
+    0x5c, 0x07, 0xec, 0xd0, 0xef, 0x0b, 0xbf, 0xbf, 0xcf, 0x13, 0x81, 0x65,
+    0xf7, 0xbb, 0x7d, 0xc5, 0x95, 0x27, 0xa7, 0x85, 0xb7, 0xc0, 0xe4, 0x92,
+    0xcb, 0xfd, 0xaf, 0x3b, 0x71, 0xb7, 0xac, 0xb8, 0xd6, 0x59, 0x52, 0x7d,
+    0x98, 0x42, 0xe6, 0x97, 0xfe, 0xc2, 0x27, 0xfe, 0xd8, 0x49, 0xd6, 0x5b,
+    0xa5, 0x95, 0xe3, 0xd0, 0x11, 0xf5, 0xf9, 0xfe, 0x27, 0x0d, 0x65, 0x4a,
+    0xe8, 0xa8, 0xe1, 0x39, 0x90, 0x8f, 0x68, 0x56, 0x6e, 0x17, 0x1e, 0x13,
+    0xbe, 0x22, 0x73, 0x50, 0x24, 0x14, 0x20, 0xb9, 0x08, 0xcf, 0xbe, 0x08,
+    0x8a, 0xfe, 0x32, 0x75, 0xa7, 0x89, 0x65, 0xff, 0x0e, 0x7a, 0x0c, 0x00,
+    0x9e, 0xd6, 0x5e, 0xe3, 0xf6, 0xb2, 0xff, 0x9f, 0x58, 0x76, 0xd9, 0x93,
+    0xac, 0xae, 0x91, 0x26, 0xc7, 0x82, 0x1d, 0xbe, 0x7e, 0x6e, 0x06, 0xb2,
+    0xfd, 0xd8, 0xc6, 0xdc, 0x59, 0x7b, 0x59, 0xc5, 0x95, 0x27, 0x8b, 0x85,
+    0x37, 0xdf, 0x9e, 0xe0, 0xb2, 0xfe, 0x60, 0x6c, 0x93, 0x01, 0x65, 0xd8,
+    0x05, 0x95, 0x19, 0xf4, 0x68, 0x8c, 0x8b, 0xef, 0xfc, 0xed, 0xfc, 0xd0,
+    0x0e, 0xf0, 0x59, 0x7f, 0x67, 0xfc, 0xe3, 0x65, 0x95, 0xe3, 0xe9, 0xd9,
+    0x3d, 0xbc, 0x46, 0xf9, 0x65, 0xe1, 0xf9, 0x96, 0x53, 0x1e, 0xf3, 0x92,
+    0x88, 0x76, 0xff, 0x44, 0x4e, 0x66, 0x10, 0x16, 0x5e, 0x29, 0x8d, 0x65,
+    0x39, 0xe7, 0x91, 0x9d, 0xef, 0xe0, 0x6b, 0x2a, 0x55, 0xca, 0x64, 0x30,
+    0x8d, 0x30, 0xf3, 0x5b, 0xc2, 0x23, 0x90, 0xf6, 0x13, 0xe6, 0xe9, 0x05,
+    0x84, 0xb2, 0xfb, 0x75, 0xe7, 0x4b, 0x2f, 0xe2, 0x98, 0x4e, 0xf9, 0x59,
+    0x60, 0x2c, 0xbf, 0x1a, 0xe4, 0x28, 0x96, 0x54, 0x9b, 0xa1, 0x08, 0xdf,
+    0x09, 0xb7, 0x4e, 0xb2, 0xfe, 0xdf, 0xa7, 0x96, 0xd9, 0x59, 0x73, 0x46,
+    0xb2, 0xd8, 0xb2, 0xb1, 0x33, 0x9e, 0xc4, 0x58, 0x92, 0x26, 0x7d, 0x10,
+    0x1c, 0x95, 0xcc, 0x48, 0x5e, 0xfd, 0x9e, 0xde, 0xda, 0x59, 0x7f, 0x8a,
+    0x1e, 0x6d, 0xf8, 0x35, 0x96, 0x95, 0x94, 0xe7, 0x88, 0x46, 0x97, 0xb3,
+    0x52, 0xb2, 0xfa, 0x23, 0x24, 0xd5, 0x97, 0xc6, 0x87, 0x17, 0x16, 0x5e,
+    0xfe, 0xec, 0xac, 0xad, 0x1e, 0x29, 0x13, 0x5f, 0x47, 0xfc, 0xe9, 0x65,
+    0xfe, 0x73, 0x43, 0xf7, 0xa6, 0x0b, 0x2a, 0x51, 0xff, 0x83, 0x6c, 0xd4,
+    0xe4, 0x3b, 0x24, 0x97, 0xfe, 0xf6, 0x0c, 0x6d, 0xde, 0x77, 0xf5, 0x97,
+    0xf6, 0xd1, 0x86, 0xfa, 0xd2, 0xca, 0x8c, 0xfc, 0x46, 0x81, 0x7f, 0x87,
+    0x9f, 0xf4, 0x97, 0x4b, 0x2f, 0x4b, 0x6c, 0xac, 0xbe, 0xff, 0x03, 0x3a,
+    0xca, 0x73, 0xc2, 0x10, 0xf5, 0xff, 0xff, 0x02, 0x4b, 0xa7, 0xf1, 0x38,
+    0x35, 0x3d, 0x66, 0xb4, 0xcb, 0x2f, 0xf8, 0x7b, 0x73, 0x93, 0x9a, 0x02,
+    0xcb, 0xde, 0x0f, 0x8b, 0x2b, 0x0f, 0x61, 0xce, 0xaf, 0x73, 0xcc, 0xb2,
+    0xff, 0x30, 0xfe, 0x4f, 0xdf, 0x16, 0x52, 0xcb, 0xfb, 0x8d, 0xde, 0x77,
+    0xf5, 0x95, 0xd9, 0xba, 0xf8, 0x5d, 0xd1, 0xca, 0xca, 0x94, 0x53, 0x3b,
+    0x68, 0x88, 0xaf, 0xb3, 0x8c, 0x05, 0x95, 0x2a, 0xa9, 0xe3, 0x23, 0x1b,
+    0xaf, 0x64, 0x3e, 0x85, 0xe8, 0x08, 0x0a, 0x18, 0x5b, 0x25, 0xd5, 0xb1,
+    0x3b, 0xa1, 0x80, 0xaa, 0xae, 0xc1, 0x08, 0x2d, 0x8c, 0x9b, 0x61, 0x22,
+    0x85, 0xb2, 0xc9, 0x94, 0x3d, 0x1c, 0x20, 0xe1, 0x1a, 0x78, 0xe5, 0x00,
+    0x64, 0xb7, 0x63, 0x63, 0x06, 0xea, 0x52, 0xef, 0x71, 0xba, 0x34, 0xa3,
+    0xa8, 0xa3, 0xf5, 0xd4, 0xaa, 0xd3, 0xc7, 0x8f, 0xe9, 0xd0, 0xe7, 0x9c,
+    0x92, 0x04, 0xa1, 0x40, 0xba, 0x89, 0x4e, 0x2e, 0xf2, 0x75, 0xab, 0xf3,
+    0x8c, 0xa2, 0x8e, 0xf3, 0x7b, 0x81, 0x8d, 0xbb, 0x31, 0x8f, 0x87, 0x2d,
+    0x86, 0xee, 0xa5, 0x65, 0xf3, 0xf5, 0x3a, 0x59, 0x46, 0x1b, 0x9d, 0xd1,
+    0x7b, 0x8c, 0xc5, 0x97, 0xfe, 0x69, 0xff, 0x9c, 0xdc, 0x20, 0x2c, 0xbf,
+    0xfc, 0xfa, 0xda, 0xff, 0xdb, 0xfe, 0xfa, 0x62, 0x59, 0x4c, 0x8a, 0x3f,
+    0x0b, 0xef, 0x3d, 0xbf, 0x72, 0x2c, 0xd3, 0xac, 0xbe, 0x9e, 0x9d, 0xd6,
+    0x5e, 0xd6, 0x41, 0x65, 0xcc, 0x75, 0x94, 0xc7, 0xf6, 0x72, 0x8f, 0x90,
+    0xee, 0x8e, 0x5f, 0xd9, 0xf9, 0x63, 0xf1, 0x65, 0xe9, 0x03, 0x2c, 0xbf,
+    0xa6, 0x19, 0xac, 0xe2, 0xcb, 0xf7, 0xb3, 0xf3, 0xe5, 0x94, 0x33, 0xd3,
+    0x72, 0xcb, 0xff, 0xda, 0xd0, 0xa1, 0xac, 0x9e, 0xe0, 0xc7, 0x59, 0x74,
+    0x4c, 0xb2, 0xb0, 0xf8, 0x9d, 0x2e, 0xf7, 0x03, 0xe2, 0xcb, 0xff, 0xa1,
+    0xf1, 0x46, 0x13, 0xce, 0x76, 0xe2, 0xcb, 0xff, 0x78, 0x5d, 0xf2, 0x4e,
+    0xfd, 0xfd, 0x65, 0xb3, 0xb4, 0x44, 0xfd, 0x22, 0xff, 0xdf, 0x93, 0xf2,
+    0x5a, 0x37, 0xfa, 0xcb, 0xf9, 0xf7, 0x1f, 0x3b, 0xfa, 0xca, 0xec, 0xfb,
+    0xbc, 0x7d, 0x7f, 0x9f, 0x06, 0xdd, 0x93, 0xac, 0xac, 0x3d, 0x41, 0x11,
+    0xdc, 0x33, 0x56, 0x5f, 0x4f, 0xe0, 0xeb, 0x2f, 0xb5, 0xbb, 0x24, 0xb2,
+    0xc4, 0xb2, 0xa4, 0xda, 0x18, 0x49, 0x7b, 0xe5, 0x2b, 0x2e, 0xf0, 0x49,
+    0x5d, 0x4b, 0xc8, 0x64, 0x34, 0x2b, 0x22, 0x3e, 0xd1, 0x61, 0xdb, 0xbd,
+    0x08, 0x37, 0x20, 0x28, 0x53, 0xf2, 0x1d, 0x7f, 0x21, 0xde, 0x30, 0x62,
+    0xa8, 0x64, 0x34, 0x11, 0x91, 0x81, 0x33, 0xfa, 0xf7, 0xf6, 0x6b, 0xa7,
+    0x7e, 0x95, 0x16, 0x6a, 0xf7, 0x58, 0x75, 0x97, 0xe6, 0xd1, 0x99, 0xe5,
+    0x97, 0xde, 0x67, 0x25, 0x95, 0xe3, 0xc8, 0xf9, 0x45, 0xfe, 0x04, 0xf1,
+    0x9f, 0xb3, 0x16, 0x5f, 0x85, 0x17, 0x98, 0x6b, 0x2f, 0xfe, 0xd6, 0x3c,
+    0x5d, 0xff, 0x69, 0x8d, 0x2b, 0x2f, 0xfd, 0x83, 0xcc, 0x34, 0x64, 0xd1,
+    0xac, 0xbc, 0xf9, 0xf5, 0x97, 0xda, 0xf3, 0x84, 0x94, 0xe1, 0x71, 0x95,
+    0x88, 0x8e, 0x69, 0xe2, 0x92, 0x48, 0xe1, 0xf5, 0xfe, 0xff, 0xb1, 0xa3,
+    0x3c, 0xac, 0xbf, 0xbe, 0x53, 0x9e, 0x75, 0x97, 0xfe, 0x9d, 0x03, 0xfc,
+    0xf6, 0x30, 0xd6, 0x5c, 0x14, 0x75, 0x96, 0x8d, 0x65, 0xe8, 0x4f, 0x6b,
+    0x2d, 0x92, 0x6b, 0xe2, 0x12, 0xbe, 0x62, 0x78, 0xd6, 0x56, 0x26, 0x59,
+    0xd9, 0x9f, 0x8a, 0xdc, 0xf8, 0x92, 0x78, 0x4d, 0x6f, 0x2c, 0xbf, 0x7a,
+    0x79, 0xe6, 0x59, 0x7f, 0xe6, 0xfc, 0x9c, 0x9c, 0xdf, 0x32, 0xcb, 0xa7,
+    0xcb, 0x2f, 0xe2, 0xcd, 0xfe, 0x78, 0x2c, 0xb0, 0x48, 0xd1, 0x73, 0x82,
+    0x31, 0x13, 0xf8, 0xf7, 0xe2, 0xd4, 0x11, 0x36, 0x2d, 0xd8, 0xc3, 0xef,
+    0xff, 0x84, 0xf1, 0xeb, 0x0e, 0x13, 0xd3, 0x19, 0x09, 0x65, 0x04, 0x5d,
+    0x4a, 0x68, 0xf0, 0x1e, 0x58, 0x41, 0x17, 0xde, 0x38, 0x7a, 0x59, 0x7f,
+    0x08, 0xd9, 0x30, 0x46, 0xac, 0xa6, 0x3c, 0xf3, 0x07, 0xaf, 0x79, 0x8c,
+    0x59, 0x7d, 0xc2, 0x93, 0x16, 0x5e, 0xeb, 0x3c, 0xb2, 0xee, 0x4a, 0xcb,
+    0xf0, 0xb9, 0xf9, 0xe2, 0xca, 0x81, 0xbe, 0x88, 0x5a, 0xa4, 0xff, 0x59,
+    0x6e, 0xfe, 0x29, 0x3f, 0x1a, 0x35, 0x97, 0x8b, 0x42, 0x59, 0x50, 0x3c,
+    0x96, 0x2d, 0xb8, 0xcd, 0x2c, 0xbf, 0x09, 0x82, 0xc0, 0xae, 0xc4, 0xb2,
+    0xf0, 0xbb, 0xe2, 0xcb, 0xf0, 0x7f, 0x29, 0x02, 0xca, 0xd1, 0xe3, 0x6f,
+    0x1e, 0xbf, 0x46, 0x28, 0x0a, 0x56, 0x54, 0x9e, 0x6b, 0x12, 0x5f, 0x31,
+    0xdb, 0x75, 0x65, 0xc2, 0x0d, 0x65, 0xe2, 0xce, 0x2c, 0xa9, 0x3d, 0x78,
+    0x89, 0x03, 0x18, 0xbe, 0xf3, 0x77, 0xc5, 0x97, 0x4f, 0x6b, 0x2e, 0x6d,
+    0x95, 0x95, 0xb8, 0x7a, 0x71, 0x11, 0x86, 0x2f, 0x71, 0x92, 0xb2, 0xed,
+    0x1a, 0xb2, 0xe3, 0x84, 0x95, 0x74, 0xc3, 0x22, 0xec, 0x75, 0xa1, 0x3f,
+    0x13, 0x4e, 0x88, 0x4e, 0x31, 0xe8, 0x64, 0xbb, 0xb8, 0xa1, 0x06, 0x61,
+    0xa0, 0x62, 0xf7, 0x63, 0x2c, 0xbb, 0x06, 0xb2, 0xc4, 0xb2, 0xfd, 0xae,
+    0x9d, 0xfa, 0x54, 0x50, 0x0b, 0xf9, 0xf4, 0xdf, 0xe6, 0x2c, 0xba, 0x01,
+    0x30, 0xf8, 0xb8, 0x6d, 0x58, 0x8a, 0x17, 0x72, 0xbf, 0xcc, 0x79, 0xdc,
+    0xf6, 0x46, 0xb2, 0xf3, 0xe8, 0xd5, 0x97, 0xff, 0x6c, 0xb9, 0x03, 0x3f,
+    0x24, 0xc0, 0x59, 0x60, 0x90, 0x4e, 0x13, 0x05, 0x4f, 0x0b, 0x7f, 0x10,
+    0x98, 0x6c, 0x18, 0xed, 0xfc, 0x5f, 0xe4, 0x8e, 0x56, 0x5d, 0x03, 0xac,
+    0xbf, 0x9b, 0x91, 0x14, 0x8d, 0x65, 0xed, 0x77, 0x05, 0x94, 0x33, 0xcb,
+    0x72, 0xdb, 0xf4, 0xf7, 0xf7, 0xd2, 0xcb, 0xf4, 0x96, 0x77, 0xf5, 0x97,
+    0xdc, 0x83, 0x01, 0x65, 0x1c, 0xf2, 0x7e, 0x4f, 0x6d, 0xeb, 0x2d, 0xf5,
+    0x95, 0x03, 0x49, 0xd0, 0x9d, 0xfc, 0xde, 0x92, 0x9f, 0xac, 0xbc, 0x37,
+    0x65, 0x95, 0x29, 0xe7, 0x40, 0xb3, 0x18, 0x98, 0x85, 0xdc, 0x49, 0x1b,
+    0x84, 0x42, 0x2b, 0xbd, 0x14, 0xc1, 0x65, 0xda, 0xfa, 0xcb, 0x04, 0xc3,
+    0x69, 0xc1, 0xdb, 0xfe, 0x9f, 0xfb, 0x0f, 0x9a, 0xc5, 0x97, 0xd1, 0x66,
+    0x74, 0xb2, 0xfd, 0xf3, 0x5f, 0x81, 0x34, 0x7b, 0x41, 0x9b, 0xd4, 0x11,
+    0x8a, 0x64, 0x20, 0xa8, 0x22, 0x71, 0xf3, 0x1b, 0x35, 0xdc, 0xfa, 0xcb,
+    0x4a, 0xcb, 0x79, 0x65, 0x1c, 0xd0, 0x88, 0x42, 0xf8, 0x2b, 0xbf, 0xbe,
+    0x2c, 0xbc, 0x3c, 0x3a, 0xcb, 0xff, 0xbe, 0xc2, 0xe0, 0x67, 0xd6, 0x98,
+    0xd5, 0x97, 0xff, 0xed, 0xf3, 0xe6, 0x1f, 0xa6, 0x1c, 0x7f, 0x37, 0x16,
+    0x5f, 0xf4, 0xfa, 0x63, 0xd4, 0xe0, 0xd6, 0x5f, 0xdc, 0x93, 0x94, 0xc4,
+    0xb2, 0xde, 0x59, 0x78, 0x32, 0x89, 0x65, 0xbf, 0x86, 0xbc, 0x02, 0x37,
+    0x64, 0x6b, 0x2b, 0x0d, 0xe9, 0x13, 0x5f, 0x31, 0xe6, 0x25, 0x95, 0x1a,
+    0x79, 0x70, 0x1c, 0x64, 0x7f, 0x2b, 0x00, 0xe0, 0xa1, 0x33, 0xb2, 0x3f,
+    0x7f, 0xf8, 0x5a, 0x86, 0x71, 0x84, 0x17, 0x29, 0x3a, 0xcb, 0x71, 0x65,
+    0xf0, 0xd8, 0x80, 0xb2, 0xb6, 0x9b, 0x27, 0x11, 0xbf, 0xfe, 0xd4, 0x63,
+    0xf3, 0x6b, 0x93, 0xa8, 0x9b, 0xcb, 0x2f, 0xfe, 0xc0, 0x70, 0x9c, 0xdc,
+    0xde, 0xda, 0x59, 0x78, 0x43, 0xc5, 0x97, 0xf6, 0xbe, 0x52, 0x7e, 0x2c,
+    0xbf, 0xff, 0x68, 0x6e, 0x46, 0xfb, 0x37, 0x34, 0xc7, 0x93, 0x56, 0x56,
+    0x22, 0x18, 0x45, 0xb6, 0xd9, 0x59, 0x52, 0x9b, 0x7e, 0x29, 0x32, 0x2f,
+    0xa1, 0x44, 0x02, 0x2b, 0xcf, 0xac, 0x59, 0x7b, 0x92, 0x05, 0x97, 0xd0,
+    0x62, 0xc5, 0x95, 0xf3, 0x78, 0x60, 0xe5, 0xf7, 0x4e, 0xfd, 0x2a, 0x2d,
+    0xf5, 0xed, 0x97, 0xfa, 0xcb, 0xfc, 0xc5, 0x27, 0x03, 0xfd, 0x65, 0xe8,
+    0xb0, 0x0b, 0x2f, 0xc1, 0xc7, 0xe9, 0xd2, 0xca, 0xe9, 0x34, 0x06, 0x57,
+    0xd1, 0x11, 0xcc, 0x3c, 0x3e, 0xe6, 0x3f, 0x1d, 0xbf, 0xe6, 0xf4, 0xf7,
+    0x3b, 0x99, 0xda, 0xcb, 0xfc, 0x1c, 0x6e, 0x3f, 0x4f, 0x16, 0x5f, 0xff,
+    0xf3, 0xc4, 0x36, 0xd7, 0xb0, 0x65, 0x3d, 0x3c, 0x65, 0x27, 0x59, 0x7f,
+    0xda, 0x17, 0x3c, 0xf0, 0x03, 0x2c, 0xb3, 0x01, 0x13, 0xff, 0x66, 0xbe,
+    0xff, 0x1f, 0xeb, 0x2f, 0xfd, 0xac, 0xdc, 0x8b, 0xce, 0x76, 0xe2, 0xcb,
+    0xb2, 0x3c, 0x3e, 0x4d, 0x11, 0x57, 0x49, 0xc6, 0xfa, 0x1a, 0x85, 0x08,
+    0xcb, 0x18, 0xb2, 0xff, 0x9c, 0xba, 0xe4, 0xf9, 0xf7, 0x16, 0x51, 0xa7,
+    0x9b, 0xf1, 0x2b, 0xec, 0x26, 0x89, 0x65, 0xf3, 0x66, 0xb7, 0xac, 0xbe,
+    0xee, 0x11, 0xca, 0xcb, 0xd2, 0x66, 0xca, 0xca, 0xc3, 0xc4, 0xd1, 0x25,
+    0xef, 0x4e, 0x96, 0x5f, 0xbc, 0xda, 0xf3, 0xac, 0xbf, 0xfd, 0xe9, 0x8f,
+    0xf9, 0xe2, 0xcf, 0xf9, 0x96, 0x5e, 0x3e, 0x0d, 0x65, 0x8e, 0xb2, 0xff,
+    0x4c, 0x63, 0xc3, 0x38, 0x12, 0x51, 0x73, 0x83, 0x91, 0x13, 0xba, 0x48,
+    0x63, 0x95, 0x04, 0xd3, 0xfd, 0x0d, 0xab, 0xe1, 0x9f, 0x3b, 0x59, 0x7d,
+    0x0e, 0x07, 0xc5, 0x95, 0x27, 0x8f, 0xf2, 0x3b, 0xec, 0xff, 0x31, 0x65,
+    0xfc, 0xfd, 0x8d, 0x8a, 0x35, 0x97, 0xfb, 0x37, 0x34, 0xc7, 0x93, 0x56,
+    0x54, 0xa2, 0x17, 0x44, 0x3e, 0x2e, 0xbd, 0xcf, 0x0d, 0x65, 0xf8, 0x3f,
+    0x94, 0x81, 0x65, 0x1c, 0xf1, 0x77, 0x8e, 0xdc, 0x52, 0xb2, 0xff, 0xef,
+    0xf1, 0xb9, 0x25, 0x9f, 0xf3, 0x2c, 0xbf, 0xf3, 0xee, 0xe9, 0x8d, 0xcf,
+    0x34, 0x16, 0x5f, 0xf8, 0x02, 0x2e, 0x9c, 0x7e, 0x9e, 0x2c, 0xbf, 0xe0,
+    0x37, 0xc9, 0xff, 0x23, 0x59, 0x78, 0xb3, 0xcb, 0x2b, 0x49, 0x94, 0x9c,
+    0x57, 0xc8, 0x40, 0x41, 0xe1, 0xfe, 0xf3, 0x7b, 0xfe, 0x6e, 0x60, 0xe6,
+    0x26, 0x3a, 0xcb, 0xf0, 0xe7, 0x70, 0x47, 0x59, 0x7e, 0xfb, 0x6a, 0x77,
+    0xac, 0xbf, 0xe7, 0xe4, 0xe1, 0x0f, 0xd2, 0xb2, 0xff, 0x7a, 0x46, 0xdb,
+    0xe4, 0x6b, 0x2f, 0xfb, 0x59, 0xdf, 0x89, 0xf7, 0x23, 0x59, 0x6c, 0x19,
+    0xf8, 0x9c, 0xd2, 0xdc, 0xd2, 0x33, 0x8a, 0x14, 0xf4, 0x49, 0x92, 0x72,
+    0x1e, 0xf5, 0x2a, 0xd5, 0xb2, 0x34, 0xde, 0x96, 0x98, 0xe1, 0xe3, 0x4f,
+    0xbf, 0x07, 0x9e, 0x73, 0xac, 0xb8, 0x46, 0xac, 0xbe, 0x3c, 0x52, 0x1a,
+    0xcb, 0xa7, 0xcb, 0x2f, 0xfd, 0xba, 0xe7, 0x0f, 0x40, 0x3b, 0x71, 0x65,
+    0x74, 0x8b, 0xd3, 0x94, 0x38, 0xc1, 0x12, 0x6e, 0x8b, 0x5e, 0x62, 0xfa,
+    0xcb, 0x85, 0xda, 0xcb, 0xfe, 0x78, 0x7f, 0x98, 0x67, 0x99, 0x65, 0xee,
+    0xdf, 0xcb, 0x29, 0xd1, 0x12, 0x01, 0xb2, 0x18, 0x11, 0xcd, 0xff, 0x6a,
+    0x79, 0x9d, 0xfd, 0xb4, 0xb2, 0xff, 0x78, 0x44, 0x3f, 0x31, 0x8b, 0x2f,
+    0xfe, 0x88, 0x43, 0x72, 0x06, 0xd6, 0x3f, 0xd6, 0x57, 0x8f, 0xef, 0xe6,
+    0x97, 0xb5, 0x3f, 0x59, 0x7f, 0xe9, 0xf8, 0x9e, 0x39, 0xf4, 0x9d, 0x65,
+    0xfd, 0x13, 0x8f, 0xcc, 0x75, 0x97, 0xf7, 0xdb, 0x07, 0x27, 0x59, 0x5d,
+    0xa2, 0x63, 0xe7, 0xc6, 0x17, 0x5f, 0x3c, 0x62, 0x25, 0x97, 0x70, 0x96,
+    0x5f, 0xdd, 0xf2, 0x7a, 0xc3, 0xac, 0xbe, 0x3f, 0x58, 0x4b, 0x2a, 0x55,
+    0x22, 0xe4, 0x2d, 0x34, 0x44, 0xf0, 0xb4, 0x23, 0x2e, 0x11, 0x08, 0x58,
+    0x32, 0xfa, 0x59, 0x7f, 0xff, 0x8a, 0x61, 0x87, 0x9e, 0xbf, 0xcc, 0x04,
+    0xe7, 0x70, 0x59, 0x7e, 0x8a, 0x48, 0xa5, 0x65, 0xff, 0xfc, 0xed, 0xf9,
+    0x83, 0x68, 0x00, 0x9d, 0x9c, 0xd1, 0xab, 0x2e, 0xeb, 0x4b, 0x2f, 0xf8,
+    0x03, 0x29, 0x87, 0xb8, 0x05, 0x96, 0x25, 0x95, 0xa3, 0xc9, 0x73, 0x9a,
+    0x94, 0xdc, 0x06, 0x16, 0xcc, 0x1e, 0x26, 0xfa, 0xe8, 0x98, 0x6f, 0xcf,
+    0x1c, 0xf9, 0xd6, 0x5f, 0xda, 0x78, 0xfe, 0xfe, 0x59, 0x78, 0xa4, 0xd5,
+    0x97, 0xd9, 0xb8, 0xfe, 0x59, 0x73, 0xff, 0xa3, 0xc0, 0xe0, 0xe5, 0x4a,
+    0x27, 0x09, 0xba, 0xff, 0x8b, 0x3f, 0xfc, 0x89, 0xe2, 0x59, 0x7a, 0x21,
+    0x79, 0x65, 0xc3, 0x3a, 0xcb, 0xf6, 0x45, 0x09, 0xed, 0x65, 0x61, 0xef,
+    0x1a, 0x3c, 0x42, 0xf7, 0x49, 0x2c, 0xae, 0x91, 0xf6, 0xc4, 0x3e, 0x84,
+    0xb9, 0x85, 0xd7, 0xbc, 0x63, 0xac, 0xbf, 0xf8, 0x5c, 0xf3, 0xc4, 0x58,
+    0x01, 0x71, 0x65, 0xfb, 0x0b, 0xf3, 0xc5, 0x97, 0x9c, 0x8d, 0x59, 0x68,
+    0x2c, 0xbe, 0xcd, 0xed, 0xa5, 0x97, 0xf0, 0x05, 0xcd, 0xcc, 0xed, 0x65,
+    0x44, 0x7a, 0xa0, 0x23, 0xac, 0x44, 0x4b, 0xb3, 0x5f, 0xf9, 0xfb, 0xef,
+    0x8c, 0x3c, 0x33, 0x8b, 0x2a, 0x55, 0xc8, 0x64, 0x77, 0xcc, 0x87, 0xa1,
+    0xdf, 0x22, 0xb9, 0x31, 0x42, 0x97, 0x84, 0x37, 0xff, 0xcf, 0xde, 0xb3,
+    0x3b, 0x33, 0xc2, 0x9e, 0xf8, 0xb2, 0xfc, 0xf1, 0xf4, 0xe3, 0x59, 0x7f,
+    0xf4, 0xfd, 0x81, 0xc7, 0xec, 0x0d, 0xbd, 0x65, 0xf3, 0xf4, 0xf1, 0xac,
+    0xbb, 0xed, 0xa3, 0xe9, 0xe2, 0x35, 0xf9, 0xc8, 0x7e, 0x95, 0x97, 0xc0,
+    0x62, 0x35, 0x65, 0x39, 0xe4, 0x00, 0x9a, 0x82, 0xad, 0xe0, 0x8e, 0xc0,
+    0x71, 0xb0, 0x88, 0x66, 0x3f, 0x58, 0xdb, 0x20, 0xfe, 0x38, 0xe4, 0x72,
+    0x38, 0xd3, 0x59, 0x3a, 0x8f, 0x27, 0xb8, 0x44, 0x31, 0x1e, 0xe1, 0x0c,
+    0x51, 0xdb, 0x69, 0xc0, 0xf0, 0xa6, 0xf4, 0xbc, 0xa7, 0x8c, 0x48, 0x10,
+    0xd5, 0x29, 0x50, 0x1c, 0x8f, 0xab, 0xf2, 0xf9, 0x84, 0xf3, 0xb2, 0xa6,
+    0x1c, 0x24, 0xb7, 0x5d, 0x6e, 0x98, 0xd6, 0x5c, 0xff, 0x59, 0x79, 0xfb,
+    0x08, 0x33, 0x5a, 0x71, 0x7a, 0x08, 0xa8, 0xb8, 0xa3, 0xf9, 0xbf, 0x86,
+    0x13, 0x9f, 0xe7, 0x6b, 0x2e, 0x7e, 0x96, 0x5f, 0xf7, 0xe2, 0x83, 0xea,
+    0x3f, 0x09, 0x65, 0x74, 0x7a, 0x7d, 0x8b, 0xdf, 0xfc, 0x1f, 0x5b, 0x67,
+    0x5a, 0x62, 0x7e, 0x96, 0x5e, 0x6f, 0x09, 0x65, 0xfe, 0xd9, 0x72, 0x07,
+    0xe6, 0x25, 0x95, 0x88, 0xbe, 0x39, 0x20, 0x5d, 0x20, 0x31, 0xcb, 0x82,
+    0x9b, 0x02, 0xcb, 0xc7, 0x7e, 0xd6, 0x5e, 0x03, 0xf9, 0x65, 0xff, 0x7d,
+    0x8f, 0xcf, 0x61, 0x8e, 0xb2, 0xed, 0xec, 0xb2, 0xfb, 0x5a, 0xc0, 0xd6,
+    0x5f, 0xf4, 0xc0, 0xc7, 0xd6, 0xb0, 0x35, 0x97, 0xb0, 0xc0, 0x9b, 0x12,
+    0x60, 0xf2, 0x41, 0x83, 0xbd, 0x8e, 0x44, 0x72, 0xe3, 0x04, 0x47, 0x6e,
+    0x04, 0x4f, 0x12, 0x38, 0xd2, 0x2f, 0xff, 0xfb, 0xed, 0xfe, 0x79, 0x82,
+    0x7f, 0xcc, 0xe0, 0xc1, 0x6a, 0x35, 0x95, 0x2a, 0xe8, 0xda, 0x58, 0x38,
+    0x8c, 0xef, 0xd1, 0x84, 0x00, 0xbb, 0x59, 0x7f, 0xff, 0x9b, 0xe2, 0x78,
+    0xc2, 0x64, 0x3d, 0x3a, 0xcc, 0x23, 0x56, 0x56, 0x91, 0x1e, 0x17, 0x2d,
+    0xbf, 0xff, 0xfb, 0xa7, 0xd3, 0xfa, 0x19, 0xfc, 0x1f, 0x1c, 0xf9, 0xa8,
+    0xe7, 0xb5, 0x97, 0xf6, 0x0d, 0xcf, 0x84, 0xb2, 0xff, 0xfb, 0x04, 0x17,
+    0xc2, 0x76, 0xf3, 0xff, 0xd2, 0xb2, 0x99, 0x1d, 0xda, 0x73, 0xf1, 0x5d,
+    0xfb, 0x5d, 0x3b, 0xf4, 0xa8, 0xa5, 0x17, 0xff, 0xcf, 0xf2, 0xc8, 0xf5,
+    0x3e, 0x6f, 0x66, 0x96, 0x5f, 0xff, 0x38, 0xf0, 0x7e, 0xc2, 0x01, 0xf3,
+    0x58, 0xb2, 0xee, 0x18, 0xb2, 0xff, 0xde, 0x90, 0x1d, 0xe1, 0xce, 0x18,
+    0xb2, 0xf3, 0xc0, 0x24, 0xa6, 0xb1, 0x85, 0xe0, 0x36, 0x24, 0xee, 0x26,
+    0x86, 0x31, 0x7f, 0xe6, 0xe9, 0xf4, 0xf0, 0x6e, 0x01, 0x65, 0xfb, 0x5d,
+    0x3b, 0xf4, 0xa8, 0x93, 0x97, 0x40, 0x24, 0x9f, 0xa6, 0x1f, 0x51, 0xd3,
+    0x0b, 0x78, 0x6e, 0xdf, 0x7a, 0x62, 0x75, 0x97, 0xdd, 0x10, 0x8d, 0x59,
+    0x76, 0x82, 0x61, 0xe3, 0x39, 0x15, 0x04, 0x44, 0xe3, 0xb7, 0x54, 0xc7,
+    0xc3, 0xc5, 0x1d, 0x69, 0x39, 0x09, 0xf2, 0xd1, 0xe6, 0x81, 0x7f, 0x91,
+    0xb3, 0x1b, 0x19, 0x7f, 0x51, 0xe3, 0xb4, 0xba, 0x5d, 0xc8, 0xcf, 0x22,
+    0x87, 0x4e, 0xa3, 0x16, 0x3d, 0xe1, 0x90, 0x7a, 0x75, 0xe9, 0xe7, 0x10,
+    0x41, 0x29, 0x24, 0xa5, 0xe1, 0xf2, 0xbe, 0x6a, 0xfc, 0xbc, 0xf1, 0x43,
+    0x1b, 0x7c, 0xe0, 0xa5, 0xfb, 0x5d, 0x3b, 0xf4, 0xa8, 0x87, 0xd7, 0xfe,
+    0x78, 0x04, 0xcd, 0x74, 0xef, 0xd2, 0xa2, 0x53, 0x58, 0x26, 0x22, 0x10,
+    0xe6, 0xd7, 0xf8, 0x26, 0x6b, 0xa7, 0x7e, 0x95, 0x11, 0x3a, 0xfc, 0xdf,
+    0xe0, 0x8e, 0xb2, 0xfc, 0x23, 0x93, 0x9a, 0xb2, 0xf7, 0xa6, 0x25, 0x97,
+    0x77, 0x05, 0x95, 0x12, 0x21, 0x74, 0x51, 0xe2, 0x81, 0x0e, 0xdf, 0xe1,
+    0x76, 0x18, 0xc5, 0xfe, 0x2c, 0xbf, 0xfd, 0xb0, 0xcd, 0x33, 0x72, 0x31,
+    0xec, 0x7b, 0x76, 0xfb, 0x65, 0x65, 0xfb, 0x5d, 0x3b, 0xf4, 0xa8, 0x8c,
+    0x57, 0xee, 0x36, 0xf9, 0x3a, 0xcb, 0xdd, 0xc2, 0x35, 0x96, 0xf4, 0x9e,
+    0x46, 0x14, 0xdf, 0xb7, 0xbf, 0x26, 0x0b, 0x2f, 0xe8, 0x48, 0x3c, 0xc6,
+    0x2c, 0xbf, 0xff, 0x84, 0x4e, 0x6e, 0xdf, 0x9b, 0x25, 0x0c, 0xf3, 0x1d,
+    0x65, 0xfa, 0x29, 0xee, 0x0e, 0xb2, 0xfa, 0x4f, 0xd0, 0x16, 0x5f, 0xff,
+    0x42, 0x3d, 0x87, 0x3b, 0x04, 0x7d, 0x6b, 0x6e, 0xdf, 0x6c, 0xac, 0xac,
+    0x45, 0x9f, 0x8a, 0x40, 0x47, 0x7e, 0xd3, 0x74, 0xdb, 0xd6, 0x5f, 0x85,
+    0xf9, 0xee, 0x0b, 0x2f, 0x67, 0x7f, 0x59, 0x7f, 0xb0, 0xbd, 0x9f, 0x91,
+    0xac, 0xbb, 0x3f, 0x27, 0x9c, 0xc3, 0xb7, 0xfe, 0xf9, 0xb2, 0x50, 0xcf,
+    0x31, 0xd6, 0x5f, 0xf1, 0xb2, 0x50, 0xcf, 0x31, 0xd6, 0x5f, 0x08, 0x9c,
+    0xdd, 0xa7, 0xed, 0xf3, 0xeb, 0xf6, 0x80, 0xde, 0x95, 0x94, 0x73, 0xe2,
+    0x11, 0xdd, 0xee, 0xe1, 0xb0, 0x2c, 0xbf, 0xbd, 0xfe, 0x67, 0x70, 0x59,
+    0x4c, 0x7a, 0x42, 0x23, 0xbf, 0x6d, 0x88, 0xa4, 0x6b, 0x2f, 0x07, 0x0d,
+    0xc5, 0x96, 0x09, 0x2b, 0xb3, 0x11, 0x9f, 0x40, 0xdf, 0x19, 0x7a, 0x7e,
+    0x62, 0x68, 0x8a, 0x4e, 0x5d, 0xe8, 0xc4, 0x1c, 0xbc, 0x05, 0x44, 0xef,
+    0xc8, 0xc0, 0xfe, 0xe9, 0xb2, 0x43, 0xba, 0x55, 0x7f, 0xf8, 0x21, 0xde,
+    0x01, 0x33, 0x5d, 0x3b, 0xf4, 0xa8, 0x9e, 0x57, 0xb7, 0xcf, 0x96, 0x5a,
+    0x56, 0x54, 0x9a, 0xed, 0x0f, 0x5f, 0x49, 0x43, 0x8b, 0x2e, 0xce, 0x2c,
+    0xbd, 0xf9, 0x3a, 0xcb, 0xf7, 0x98, 0xb3, 0x7a, 0xca, 0xd2, 0x26, 0xc0,
+    0x40, 0x17, 0x21, 0xf8, 0xb0, 0x63, 0x97, 0xf8, 0x29, 0xe8, 0x81, 0xb1,
+    0x6b, 0x8b, 0x2f, 0xdc, 0x10, 0xf0, 0xeb, 0x2e, 0x80, 0x6b, 0x2f, 0x84,
+    0xfa, 0x82, 0xcb, 0xdf, 0x0e, 0x35, 0x97, 0x8e, 0x2d, 0xc5, 0x97, 0xe7,
+    0x1f, 0xa7, 0x8b, 0x2f, 0xf6, 0x7b, 0xd3, 0xdb, 0xee, 0x2c, 0xb0, 0x40,
+    0xb6, 0x99, 0xec, 0x9f, 0xc0, 0xa0, 0x63, 0x18, 0x44, 0x01, 0xf2, 0x20,
+    0xe1, 0x3d, 0x04, 0x54, 0x12, 0x64, 0x71, 0x95, 0x2c, 0xad, 0xa8, 0xca,
+    0xa1, 0x3c, 0xc1, 0xe8, 0x7a, 0x7e, 0x59, 0x75, 0xfb, 0x5d, 0x3b, 0xf4,
+    0xa8, 0x88, 0x17, 0xfe, 0x78, 0x04, 0xcd, 0x74, 0xef, 0xd2, 0xa2, 0x54,
+    0x5f, 0xda, 0x17, 0xa4, 0xba, 0x59, 0x7f, 0x74, 0xd9, 0xbb, 0xe9, 0x59,
+    0x52, 0x7b, 0xd8, 0x5d, 0x7f, 0x7f, 0x08, 0xa6, 0x35, 0x96, 0x09, 0x89,
+    0x97, 0x1c, 0xd8, 0xa1, 0x59, 0xf2, 0x0b, 0xf6, 0xba, 0x77, 0xe9, 0x51,
+    0x14, 0x2f, 0xda, 0x93, 0xcf, 0x6b, 0x2f, 0x1c, 0x43, 0x59, 0x7f, 0xe6,
+    0xfc, 0x52, 0xd9, 0xbd, 0xb7, 0x16, 0x5b, 0xcc, 0x7b, 0xfb, 0xc7, 0x6f,
+    0x1c, 0x5b, 0x8b, 0x2f, 0xf9, 0xe1, 0x83, 0x27, 0x71, 0xac, 0xbf, 0xf0,
+    0x9f, 0x4f, 0x0f, 0xb7, 0x04, 0xb2, 0xff, 0xa7, 0xb2, 0xcf, 0xf2, 0x4e,
+    0xb2, 0x88, 0xfd, 0x84, 0x7d, 0x7a, 0x41, 0x8b, 0x2c, 0x13, 0x13, 0xee,
+    0x63, 0x67, 0x84, 0x38, 0x0a, 0x48, 0x83, 0x90, 0xac, 0x0c, 0x86, 0xff,
+    0x04, 0xcd, 0x74, 0xef, 0xd2, 0xa2, 0x32, 0x5f, 0xb5, 0xd3, 0xbf, 0x4a,
+    0x89, 0x95, 0x7e, 0x86, 0x7d, 0xfa, 0x59, 0x7e, 0x08, 0x77, 0x80, 0x4c,
+    0x3d, 0xee, 0xcd, 0xae, 0xec, 0x4b, 0x2f, 0xda, 0xe9, 0xdf, 0xa5, 0x45,
+    0x48, 0xb1, 0x2c, 0xba, 0x07, 0x59, 0x7c, 0x7c, 0xcf, 0xac, 0xb0, 0x6b,
+    0x2c, 0x12, 0x08, 0xa8, 0xc1, 0x8d, 0xc3, 0x6d, 0x08, 0x38, 0xb8, 0x88,
+    0x6f, 0xda, 0xe9, 0xdf, 0xa5, 0x45, 0x74, 0xbf, 0xbc, 0xda, 0xd3, 0xc1,
+    0x65, 0x82, 0x61, 0xf1, 0xf0, 0xda, 0xf0, 0x72, 0x75, 0x97, 0xed, 0x74,
+    0xef, 0xd2, 0xa2, 0xc5, 0x58, 0x24, 0x9e, 0x9e, 0x0e, 0xdf, 0xf4, 0xf3,
+    0x92, 0x7f, 0xe7, 0x4b, 0x2f, 0xba, 0x77, 0xe9, 0x51, 0x3d, 0x2f, 0xc7,
+    0x78, 0x04, 0xce, 0x8f, 0xa7, 0x47, 0x37, 0x8c, 0x7e, 0x96, 0x5f, 0xde,
+    0x96, 0xd3, 0x05, 0xd6, 0x5f, 0xcd, 0x1b, 0xcf, 0x7c, 0x59, 0x7e, 0x96,
+    0xd9, 0x6d, 0xd5, 0x97, 0xd3, 0xdb, 0xee, 0xac, 0xb8, 0xc0, 0x98, 0x8c,
+    0xde, 0x87, 0xbc, 0x60, 0xe5, 0xc4, 0x59, 0x7f, 0xfa, 0x48, 0x26, 0x79,
+    0xf6, 0x9e, 0x73, 0xeb, 0x2f, 0xff, 0xff, 0x0f, 0x0c, 0x08, 0x58, 0x69,
+    0xaf, 0xfe, 0x31, 0x45, 0x3d, 0x6b, 0x3b, 0x59, 0x7f, 0xff, 0xfe, 0xfb,
+    0xea, 0x01, 0x33, 0x82, 0x7e, 0xf0, 0xa4, 0xc0, 0xfe, 0xd0, 0xce, 0xfe,
+    0xb2, 0xfd, 0x9f, 0xf3, 0x18, 0xb2, 0xff, 0xdc, 0xc2, 0x73, 0x7c, 0xd2,
+    0x4b, 0x2f, 0xfb, 0x33, 0xcd, 0xd7, 0xb0, 0x21, 0x1f, 0x27, 0xca, 0x2f,
+    0xff, 0xd1, 0x14, 0x9c, 0x26, 0x71, 0x8c, 0x1b, 0xb9, 0xab, 0x2e, 0xe7,
+    0xd6, 0x5d, 0x9c, 0x59, 0x7f, 0xec, 0xd7, 0x72, 0x7f, 0x3e, 0x69, 0x65,
+    0xdc, 0x02, 0xcb, 0xf1, 0x39, 0xca, 0x56, 0x5f, 0xc2, 0xe7, 0x9e, 0x01,
+    0x36, 0x04, 0x53, 0xb8, 0xb9, 0x0b, 0x18, 0x7c, 0x18, 0xbd, 0xe8, 0xe7,
+    0x71, 0x65, 0xda, 0xfa, 0xcb, 0xf6, 0x7f, 0x8c, 0x75, 0x97, 0xff, 0xa7,
+    0xbf, 0xe4, 0x4d, 0xaf, 0xf0, 0x5b, 0x8b, 0x2f, 0x3f, 0x61, 0x25, 0x15,
+    0xae, 0x40, 0x42, 0xff, 0x27, 0xac, 0x54, 0xdd, 0xa8, 0x7f, 0xf2, 0x32,
+    0x1a, 0x82, 0xe5, 0x68, 0xd2, 0xfb, 0x7d, 0x28, 0x75, 0xfe, 0x55, 0xf5,
+    0x04, 0x5e, 0x6b, 0x98, 0xc3, 0x9a, 0x74, 0x12, 0xff, 0xf0, 0xc2, 0x7f,
+    0xe2, 0x8c, 0x38, 0xb8, 0x2e, 0xd6, 0x5e, 0x91, 0x05, 0xd6, 0x5f, 0xb5,
+    0xd7, 0x9b, 0x8b, 0x29, 0x8f, 0x24, 0x44, 0x17, 0x7e, 0x56, 0x56, 0xc4,
+    0x6d, 0xfb, 0x21, 0xbf, 0xe2, 0xcd, 0xe5, 0x9c, 0x01, 0xd6, 0x5f, 0x9b,
+    0xc4, 0xf1, 0x2c, 0xbf, 0x43, 0x07, 0xb7, 0x16, 0x5f, 0x9d, 0xa3, 0xd4,
+    0xac, 0xbf, 0x7c, 0x84, 0xfb, 0x1a, 0xca, 0xd8, 0x91, 0xb8, 0x15, 0x39,
+    0x92, 0x7f, 0x14, 0x86, 0x4f, 0x71, 0xc0, 0xb2, 0xfd, 0x9f, 0x61, 0x71,
+    0x65, 0xdb, 0x10, 0x5b, 0x59, 0x5b, 0x11, 0xf0, 0x05, 0xb1, 0x7d, 0x86,
+    0x4f, 0x7e, 0x0b, 0x5b, 0x17, 0x35, 0xf5, 0x97, 0xf8, 0x32, 0xcd, 0x6a,
+    0x7a, 0x59, 0x5b, 0x11, 0xf4, 0x6c, 0x66, 0x97, 0xda, 0x3f, 0xfb, 0x59,
+    0x7e, 0x0a, 0x05, 0x4f, 0xc3, 0x56, 0x5c, 0xdc, 0x59, 0x63, 0x16, 0x56,
+    0xc4, 0x7b, 0x5d, 0x19, 0x06, 0x2d, 0x7e, 0x0a, 0x05, 0x66, 0x07, 0x59,
+    0x7b, 0xd3, 0xb8, 0xb2, 0xff, 0xdb, 0x0f, 0x60, 0xd8, 0xc2, 0xbb, 0x1e,
+    0xc6, 0x16, 0x6c, 0x7b, 0x12, 0xcb, 0xff, 0x05, 0xad, 0x8c, 0x2c, 0x0b,
+    0x41, 0x68, 0x2a, 0x15, 0x0a, 0x6c, 0x4b, 0x2f, 0xfc, 0x16, 0x6c, 0x30,
+    0xb4, 0x16, 0x05, 0xa0, 0xa8, 0x5b, 0x0b, 0x5b, 0x12, 0xcb, 0xfe, 0xf0,
+    0xe0, 0x12, 0x1c, 0x20, 0x81, 0x54, 0xd3, 0xb6, 0x06, 0xe0, 0xb6, 0xdd,
+    0x5b, 0x12, 0xa1, 0x00, 0xa9, 0x80, 0x5b, 0x8d, 0xb6, 0xfc, 0x15, 0x3b,
+    0xb9, 0x2c, 0xbf, 0xa5, 0xbf, 0xf9, 0x3a, 0xcb, 0x87, 0xb8, 0xb2, 0x82,
+    0x87, 0xe0, 0x16, 0x8a, 0xbb, 0x2c, 0xbd, 0xd6, 0x79, 0x25, 0xdc, 0xd2,
+    0xcb, 0xc7, 0x9e, 0x2c, 0xbf, 0xff, 0xdf, 0x0f, 0x53, 0xe9, 0xce, 0x86,
+    0xc5, 0x19, 0xe6, 0x0b, 0x2e, 0xd4, 0xac, 0xa6, 0x3f, 0x80, 0x31, 0x5f,
+    0xa7, 0x5a, 0x78, 0x2c, 0xbf, 0xf8, 0x85, 0x3b, 0x5d, 0xbf, 0x0c, 0xe2,
+    0xcb, 0xff, 0xbd, 0x3c, 0x70, 0xfd, 0xe6, 0xef, 0x8b, 0x2f, 0xf9, 0xa4,
+    0xb3, 0x7e, 0xa7, 0x8b, 0x2b, 0xa3, 0xfe, 0xf2, 0x35, 0xe8, 0x98, 0xc5,
+    0x97, 0x64, 0x16, 0x58, 0x0c, 0x6d, 0x1c, 0x7a, 0xff, 0xcd, 0xb7, 0xcc,
+    0xf0, 0xfb, 0x46, 0xb2, 0xb0, 0xf9, 0x7c, 0x4b, 0x7e, 0xf8, 0x03, 0x28,
+    0x96, 0x5f, 0xf9, 0xf9, 0xb7, 0x9c, 0xc8, 0x42, 0x56, 0x5b, 0x8b, 0x2f,
+    0xe9, 0xe9, 0xa3, 0x72, 0x59, 0x7f, 0xfe, 0x27, 0x35, 0xb5, 0x30, 0x86,
+    0x70, 0x00, 0x95, 0x97, 0xf9, 0xfe, 0x2c, 0xc2, 0x35, 0x65, 0x0d, 0x34,
+    0xfc, 0x21, 0x34, 0xaa, 0x24, 0x0d, 0x08, 0xf8, 0xb4, 0x0a, 0x97, 0xef,
+    0xc9, 0x4c, 0x4b, 0x2c, 0x17, 0x59, 0x7a, 0x7d, 0x2b, 0x2b, 0x0f, 0x5e,
+    0x22, 0x72, 0x15, 0xbf, 0xf1, 0x60, 0xba, 0x2c, 0x8c, 0x38, 0x2c, 0xbf,
+    0xfc, 0xe7, 0x09, 0x3a, 0xd3, 0x6e, 0xf4, 0x28, 0xd6, 0x5d, 0xa6, 0x24,
+    0x48, 0xee, 0xa0, 0x5f, 0x37, 0x83, 0x3a, 0xcb, 0xff, 0xcc, 0x6e, 0xdc,
+    0x27, 0xef, 0x86, 0x9a, 0xeb, 0x2b, 0xa3, 0xf1, 0x22, 0x3b, 0xff, 0xcf,
+    0xc2, 0xc0, 0x04, 0xf3, 0x74, 0xfa, 0x59, 0x71, 0x18, 0xb2, 0xfd, 0xc2,
+    0x13, 0xc1, 0x65, 0xff, 0xee, 0x31, 0xfb, 0xe3, 0xfc, 0x5d, 0xf2, 0x56,
+    0x5f, 0xdf, 0x8a, 0x0f, 0xa3, 0x56, 0x5d, 0x9d, 0x2c, 0xbc, 0x3c, 0x35,
+    0xcf, 0x1f, 0xe6, 0x17, 0xde, 0x93, 0xf4, 0xb2, 0xa5, 0x32, 0x7c, 0x17,
+    0xec, 0x9d, 0xe1, 0x27, 0xf3, 0x3b, 0x84, 0x05, 0x97, 0xef, 0xf9, 0x84,
+    0x17, 0x59, 0x50, 0x3c, 0x3c, 0x17, 0xbe, 0xcc, 0x23, 0x56, 0x57, 0x0f,
+    0x0b, 0xe4, 0x37, 0x87, 0x9e, 0x59, 0x7a, 0x26, 0x31, 0x65, 0x87, 0x03,
+    0x74, 0xc3, 0x97, 0xff, 0xb3, 0xa1, 0xb1, 0x07, 0x9a, 0xd4, 0xef, 0x59,
+    0x7f, 0xf6, 0xd9, 0x92, 0x93, 0xed, 0xdb, 0xed, 0x95, 0x95, 0x28, 0xbe,
+    0x01, 0x31, 0x26, 0x5f, 0xf0, 0x5e, 0x13, 0x84, 0x39, 0x3a, 0xcb, 0xff,
+    0x7b, 0x22, 0xf3, 0x7a, 0x75, 0x2b, 0x2e, 0x7e, 0xd6, 0x5e, 0x29, 0xdc,
+    0x59, 0x7f, 0x9f, 0x8f, 0xe1, 0x14, 0x6b, 0x28, 0x8f, 0xa3, 0xe2, 0xe2,
+    0x1e, 0xad, 0xac, 0xa9, 0xb8, 0xc5, 0xe1, 0x09, 0x41, 0x90, 0xe1, 0x3f,
+    0x70, 0xc2, 0x69, 0x41, 0x71, 0x42, 0xf7, 0x50, 0xbf, 0x3c, 0x28, 0x7c,
+    0x44, 0x51, 0xb9, 0x72, 0x1a, 0x7f, 0x8c, 0x68, 0x45, 0xc1, 0x9d, 0xee,
+    0xc2, 0x9a, 0xee, 0x09, 0x65, 0xb4, 0xb2, 0xe9, 0xd2, 0xcb, 0xc5, 0x9b,
+    0xab, 0x2e, 0xcf, 0x2c, 0xbf, 0x6b, 0xb8, 0x7e, 0x56, 0x5e, 0xcd, 0xf8,
+    0xb2, 0xb0, 0xf1, 0x88, 0xa6, 0xb6, 0xa3, 0x07, 0xa1, 0x17, 0x16, 0xd9,
+    0x1e, 0x0d, 0x72, 0xfb, 0x0e, 0xdf, 0x59, 0x52, 0x9a, 0x4e, 0xa1, 0xb1,
+    0xf5, 0x0b, 0xdd, 0x0b, 0x4b, 0x2e, 0xd0, 0x16, 0x5c, 0xf8, 0xb2, 0xbb,
+    0x35, 0x9a, 0x17, 0xbc, 0x4f, 0xf5, 0x97, 0x89, 0xb8, 0xb2, 0xc6, 0x05,
+    0x4d, 0xb4, 0x8d, 0xdd, 0x3e, 0x59, 0x7d, 0xad, 0xee, 0x75, 0x97, 0xf7,
+    0x47, 0x29, 0xec, 0x0b, 0x2f, 0x72, 0x12, 0xb2, 0xfd, 0xcc, 0xcc, 0x65,
+    0x95, 0x87, 0x82, 0x01, 0xcb, 0xff, 0xcd, 0xb6, 0x62, 0x6f, 0xea, 0x7a,
+    0x17, 0x4b, 0x2f, 0x01, 0xfb, 0x59, 0x7d, 0x9f, 0x93, 0x16, 0x56, 0x1b,
+    0xf2, 0x1d, 0xbf, 0xfc, 0xdb, 0x7d, 0x91, 0x37, 0x7c, 0xf6, 0x74, 0xb2,
+    0xe2, 0xe2, 0xcb, 0xe2, 0x7f, 0xf1, 0x65, 0x40, 0xdb, 0x9c, 0x5a, 0xf4,
+    0xe6, 0x96, 0x5f, 0xfe, 0xe9, 0xf4, 0xff, 0x6e, 0x49, 0x48, 0x16, 0x5a,
+    0x1e, 0x3e, 0x30, 0xc6, 0xeb, 0xb4, 0x56, 0xea, 0x10, 0x95, 0x2a, 0xf5,
+    0x23, 0x35, 0x1a, 0x56, 0x2c, 0x74, 0x56, 0xc2, 0xd1, 0x12, 0x1d, 0xc0,
+    0x04, 0x3c, 0x84, 0x6f, 0xc7, 0xc5, 0x19, 0x95, 0xf0, 0xce, 0x67, 0x16,
+    0x5f, 0xf0, 0x3a, 0xf3, 0x69, 0xb2, 0x0b, 0x2f, 0x30, 0x67, 0x59, 0x73,
+    0x0d, 0x65, 0x39, 0xb3, 0x0c, 0x76, 0xf7, 0xa4, 0x96, 0x5e, 0xe6, 0xee,
+    0xea, 0xcb, 0xed, 0xb0, 0x01, 0xd6, 0x5e, 0xd6, 0x0d, 0x65, 0xfe, 0x7f,
+    0xcc, 0x5c, 0x63, 0xac, 0xa3, 0x4f, 0x3f, 0xc3, 0x97, 0xfa, 0x60, 0x59,
+    0xdf, 0xf1, 0x65, 0xfb, 0xa6, 0xee, 0x32, 0x59, 0x7f, 0xf3, 0xf5, 0x24,
+    0x38, 0xa1, 0x3a, 0x8d, 0x65, 0x76, 0x7e, 0x1e, 0x2a, 0xb7, 0x16, 0x53,
+    0x1b, 0x4e, 0x11, 0xdf, 0xc5, 0xa7, 0x77, 0xfa, 0xcb, 0xff, 0xef, 0xf0,
+    0x7a, 0xc6, 0x37, 0xc6, 0x39, 0x46, 0xb2, 0xf8, 0x87, 0x86, 0xac, 0xbd,
+    0xe1, 0x1d, 0x65, 0xdb, 0xc6, 0xb2, 0xb6, 0x12, 0xb5, 0x19, 0x24, 0x83,
+    0x60, 0xc8, 0x70, 0x6f, 0xb2, 0x36, 0x74, 0xd1, 0x1f, 0xa1, 0xac, 0xe4,
+    0x1c, 0x2b, 0xfa, 0x90, 0x88, 0x8c, 0x1d, 0xbf, 0x61, 0x14, 0xc6, 0xb2,
+    0xdd, 0xac, 0xd1, 0xa6, 0xbc, 0x22, 0x82, 0xcb, 0xf7, 0x22, 0x92, 0x8d,
+    0x65, 0x61, 0xf3, 0x9a, 0x45, 0xf1, 0xcb, 0xdb, 0x61, 0x1a, 0xcb, 0xf1,
+    0x1a, 0xd9, 0xc5, 0x97, 0xef, 0x37, 0x18, 0x6b, 0x2f, 0x34, 0x9d, 0x65,
+    0xb5, 0x03, 0xc2, 0xf1, 0x3d, 0xf3, 0xfd, 0xfa, 0x59, 0x4c, 0x79, 0x46,
+    0x14, 0x5f, 0x08, 0x2f, 0xc8, 0xd6, 0x5f, 0xf8, 0xc7, 0x06, 0x75, 0xe7,
+    0x07, 0x16, 0x54, 0x9f, 0x46, 0x14, 0x5f, 0xfb, 0x8f, 0xdc, 0x93, 0x8f,
+    0x0d, 0x59, 0x4c, 0x9c, 0xdf, 0xa1, 0x66, 0x50, 0x8a, 0xf9, 0x05, 0xc6,
+    0x0d, 0x65, 0xff, 0xef, 0xfb, 0x0e, 0x07, 0xd6, 0x6f, 0xc1, 0xac, 0xba,
+    0x7c, 0xb2, 0xc3, 0x59, 0x47, 0x34, 0xe4, 0x2d, 0x63, 0x56, 0x5e, 0x20,
+    0x4a, 0xcb, 0x88, 0x7b, 0x4d, 0x6f, 0x04, 0xae, 0xcf, 0xac, 0xbf, 0xb3,
+    0x86, 0x39, 0x46, 0xb2, 0xa5, 0x33, 0x1c, 0x72, 0x74, 0xd0, 0x17, 0x10,
+    0xb5, 0xfe, 0x27, 0x33, 0x6b, 0xf5, 0x8b, 0x2f, 0x85, 0xc7, 0xe9, 0x65,
+    0xff, 0x84, 0x3f, 0x34, 0xef, 0xd0, 0x7c, 0x59, 0x5a, 0x3e, 0x52, 0x23,
+    0xbd, 0xc1, 0xca, 0xcb, 0xfe, 0xe7, 0xf3, 0xa1, 0x01, 0xf1, 0x65, 0x1a,
+    0x7a, 0xae, 0x39, 0x52, 0x89, 0x81, 0x3b, 0x5b, 0x8b, 0x2d, 0x8b, 0x29,
+    0x8d, 0x0e, 0xe8, 0x8d, 0xf7, 0x65, 0x26, 0xac, 0xbf, 0xcc, 0x19, 0xf3,
+    0x08, 0xd5, 0x94, 0x73, 0xf9, 0x72, 0x30, 0x11, 0xdf, 0xf6, 0x13, 0xc3,
+    0x90, 0x32, 0x35, 0x97, 0xd0, 0xe3, 0x12, 0xcb, 0xef, 0x75, 0x3d, 0x2c,
+    0xbf, 0xf7, 0x44, 0xfe, 0x7e, 0xf3, 0xbf, 0xac, 0xa8, 0x22, 0xff, 0xb3,
+    0xa6, 0x21, 0x11, 0x25, 0xff, 0xd3, 0xa1, 0x1c, 0x9c, 0xd1, 0xe8, 0x2e,
+    0xb2, 0xf6, 0x39, 0xd6, 0x51, 0xa7, 0xc9, 0xa4, 0x9a, 0x94, 0x62, 0x3c,
+    0x28, 0x6f, 0x8b, 0xec, 0x75, 0x97, 0xa6, 0x60, 0xb3, 0x0d, 0x0d, 0xfd,
+    0x3c, 0x9f, 0x4f, 0x16, 0x5f, 0xda, 0x84, 0xf4, 0xdd, 0x2c, 0xad, 0x1e,
+    0xdb, 0x96, 0x5d, 0xfc, 0x59, 0x52, 0xc8, 0x62, 0x8c, 0xbf, 0x23, 0xbb,
+    0xed, 0x19, 0xa3, 0x49, 0xd2, 0x3f, 0xa3, 0x32, 0x78, 0x5e, 0x14, 0x76,
+    0x3c, 0x47, 0x14, 0x21, 0x43, 0x21, 0xbf, 0xfc, 0x6b, 0xe7, 0x7f, 0xfc,
+    0xe6, 0xf6, 0xe9, 0x65, 0xff, 0xdd, 0xc3, 0x92, 0x53, 0xd4, 0xb7, 0x96,
+    0x5f, 0xe2, 0xce, 0x7d, 0xdc, 0x96, 0x51, 0xa8, 0xc1, 0x74, 0xdd, 0xe8,
+    0x97, 0xdb, 0xbb, 0xb3, 0xb8, 0xb2, 0xff, 0xfb, 0xec, 0x42, 0x86, 0x70,
+    0x62, 0x7d, 0x41, 0x65, 0xa7, 0x69, 0xfd, 0x06, 0x57, 0x7f, 0xe3, 0xbc,
+    0x33, 0xcd, 0xaf, 0x3a, 0xcb, 0x9b, 0x5a, 0x3e, 0x70, 0x15, 0x5f, 0xff,
+    0xc5, 0x86, 0xe1, 0x6d, 0xe7, 0xfd, 0x87, 0x0e, 0x40, 0xb2, 0xa5, 0x11,
+    0x58, 0x5b, 0x7f, 0x84, 0xfc, 0x68, 0x98, 0xc5, 0x94, 0xc9, 0xf9, 0x7a,
+    0x39, 0xd2, 0x21, 0xbd, 0xe9, 0x25, 0x97, 0x7c, 0xeb, 0x2d, 0xb2, 0xb2,
+    0xbb, 0x35, 0x7e, 0x17, 0xae, 0x8f, 0xa1, 0xd1, 0xaf, 0x87, 0xa6, 0x31,
+    0x65, 0xfd, 0x99, 0x1e, 0x67, 0xd6, 0x5c, 0x6e, 0xf5, 0x97, 0xb0, 0x43,
+    0x59, 0x51, 0xa2, 0x14, 0x64, 0x64, 0x59, 0xc1, 0xab, 0xff, 0xfe, 0x9f,
+    0xfa, 0x79, 0x90, 0xf4, 0x9c, 0x9c, 0xd2, 0xc0, 0x2c, 0xbc, 0xc5, 0xf5,
+    0x97, 0xd3, 0xd6, 0x69, 0x65, 0xf7, 0xa7, 0x7e, 0x2c, 0xbf, 0x9f, 0x7b,
+    0x44, 0xc6, 0x2c, 0xa3, 0xa2, 0x40, 0x86, 0xfe, 0x44, 0x19, 0x1d, 0xfe,
+    0x16, 0xa3, 0x3c, 0xe7, 0xd6, 0x5f, 0xf7, 0x24, 0xe3, 0xf4, 0x97, 0x4b,
+    0x2e, 0x62, 0xc3, 0xed, 0x34, 0xd2, 0xa5, 0x1a, 0xc3, 0x85, 0x55, 0xe8,
+    0x0b, 0x8b, 0x2f, 0xe1, 0xbe, 0x81, 0xb3, 0x8b, 0x2f, 0x78, 0x3d, 0xeb,
+    0x2f, 0xfa, 0x4e, 0x59, 0xd6, 0x98, 0x0b, 0x2c, 0x35, 0x97, 0xb9, 0xcc,
+    0x59, 0x61, 0xc9, 0xad, 0x71, 0x1a, 0x82, 0x2a, 0xb8, 0x40, 0x26, 0x5b,
+    0xfb, 0xce, 0xdd, 0x61, 0x2c, 0xbf, 0xd0, 0xc6, 0xe7, 0x05, 0x2b, 0x2f,
+    0xe1, 0xe1, 0x43, 0xd8, 0xb2, 0xff, 0xff, 0xf6, 0x73, 0xd9, 0xa9, 0x27,
+    0xee, 0x1e, 0x9f, 0xfe, 0x7b, 0xf4, 0x9d, 0x65, 0x4a, 0x35, 0x58, 0xc8,
+    0xe5, 0x97, 0xfe, 0xfc, 0x9f, 0xbe, 0x9b, 0xbc, 0xd2, 0xcb, 0xf7, 0xb3,
+    0x4d, 0xc5, 0x97, 0x89, 0xa1, 0xd9, 0xf4, 0x7d, 0x06, 0xff, 0xb0, 0x12,
+    0x4e, 0x3c, 0x35, 0x65, 0xfd, 0x3f, 0xc6, 0x10, 0x5d, 0x65, 0x39, 0xf3,
+    0x80, 0xde, 0xff, 0xb2, 0x3c, 0x1e, 0x14, 0xee, 0x2c, 0xa9, 0x55, 0x19,
+    0x1c, 0x60, 0x30, 0x84, 0xb0, 0x21, 0x34, 0x44, 0x37, 0xff, 0x8b, 0xfb,
+    0x39, 0x14, 0x1f, 0x51, 0x8e, 0x56, 0x5f, 0xff, 0xc5, 0x09, 0xfb, 0xfb,
+    0x8c, 0xff, 0x00, 0x65, 0x05, 0x97, 0xdf, 0xfe, 0x6e, 0x2c, 0xbf, 0xe9,
+    0xc8, 0x7b, 0x1a, 0x1c, 0x59, 0x5c, 0x3d, 0xcf, 0x92, 0xdf, 0x87, 0x17,
+    0x85, 0xb8, 0xb2, 0xbb, 0x3c, 0xf2, 0x22, 0xac, 0x4d, 0xd5, 0x93, 0x9e,
+    0x30, 0x5b, 0xf6, 0x89, 0xb0, 0xd5, 0x97, 0xe9, 0xf3, 0x77, 0x05, 0x97,
+    0x1e, 0x0b, 0x2f, 0xf9, 0xf3, 0xa1, 0xe6, 0x80, 0xcb, 0x2b, 0x69, 0xfb,
+    0x8c, 0xa3, 0xc2, 0xf7, 0xfb, 0xbe, 0x06, 0x4d, 0x23, 0x59, 0x5a, 0x3e,
+    0x52, 0x31, 0xa9, 0x4c, 0x91, 0xa3, 0x03, 0xbf, 0xd0, 0xe1, 0x48, 0x1c,
+    0xeb, 0x2f, 0xcf, 0xdf, 0xe3, 0x95, 0x95, 0x27, 0xb6, 0x46, 0x57, 0xe3,
+    0x70, 0x5a, 0x8d, 0x65, 0xf4, 0xf4, 0x29, 0x59, 0x5a, 0x3c, 0xc3, 0x0a,
+    0xaf, 0xe6, 0xd4, 0x62, 0x06, 0x2c, 0xbf, 0x7e, 0x70, 0xba, 0x59, 0x7d,
+    0xdf, 0xe4, 0xeb, 0x28, 0xd3, 0xca, 0xec, 0x9e, 0xfe, 0x67, 0x87, 0xda,
+    0x35, 0x97, 0xf7, 0xdb, 0xcc, 0x5f, 0x59, 0x68, 0x78, 0xf6, 0x43, 0x2d,
+    0xbf, 0xf6, 0x6e, 0x0f, 0xd3, 0xe9, 0xff, 0x16, 0x5f, 0xfe, 0x9c, 0xef,
+    0xfe, 0x9f, 0x94, 0x83, 0x8b, 0x2e, 0x90, 0x2c, 0xbb, 0xc7, 0x59, 0x7f,
+    0xff, 0xb4, 0x28, 0x31, 0x60, 0x81, 0xb7, 0x38, 0x42, 0x78, 0xd6, 0x57,
+    0x48, 0x8f, 0xe0, 0xb7, 0xc5, 0xea, 0x55, 0x45, 0xc6, 0x46, 0xcf, 0x0e,
+    0xfa, 0x45, 0x3f, 0x41, 0x14, 0x36, 0x2f, 0xc3, 0x72, 0x11, 0xd6, 0x5f,
+    0xf8, 0x40, 0xce, 0xb3, 0x5a, 0x78, 0x2c, 0xbf, 0xf8, 0x4f, 0x03, 0x8b,
+    0xfe, 0x91, 0x05, 0xd6, 0x5d, 0x27, 0x59, 0x58, 0x8c, 0x5d, 0x13, 0x91,
+    0xff, 0x12, 0x6f, 0xff, 0x86, 0xf1, 0x4f, 0x64, 0xe6, 0xe0, 0xde, 0x0b,
+    0x2f, 0x46, 0xda, 0x59, 0x7f, 0xc6, 0x6b, 0x27, 0xb8, 0x31, 0xd6, 0x5f,
+    0xf7, 0x1b, 0xbf, 0xc5, 0x09, 0xed, 0x65, 0xfb, 0x9f, 0xe6, 0x7d, 0x65,
+    0x4a, 0x27, 0xb8, 0x74, 0x23, 0xcb, 0xf0, 0x5d, 0xa2, 0x63, 0x16, 0x5f,
+    0xc5, 0x31, 0x09, 0xc3, 0x59, 0x42, 0x3d, 0xb0, 0xcb, 0x6e, 0xcf, 0x2c,
+    0xbc, 0x61, 0x86, 0x24, 0xbf, 0xfd, 0xf6, 0xff, 0x3c, 0xdb, 0x21, 0xea,
+    0x60, 0x90, 0x21, 0xa0, 0xa9, 0x54, 0x9c, 0x6a, 0x83, 0x42, 0xed, 0xe1,
+    0x15, 0xf2, 0x31, 0x1b, 0x5d, 0xfe, 0xd6, 0x5f, 0xe6, 0xd4, 0x62, 0x06,
+    0x12, 0xca, 0x39, 0xe5, 0x85, 0xc6, 0x2e, 0x89, 0x96, 0x5f, 0xff, 0xd0,
+    0x92, 0xcf, 0xf9, 0xb3, 0xf2, 0x76, 0xd4, 0x16, 0x56, 0x8f, 0xbf, 0xe2,
+    0xf7, 0xf1, 0xc3, 0x2c, 0xdf, 0x8b, 0x2f, 0xd9, 0xc1, 0x17, 0xd6, 0x53,
+    0x1f, 0xc3, 0x91, 0x11, 0x7d, 0xff, 0xfa, 0x75, 0x1c, 0xf9, 0xdb, 0x5a,
+    0x63, 0x85, 0x36, 0x12, 0xca, 0x83, 0x67, 0x82, 0x38, 0x4e, 0xe4, 0x29,
+    0xcd, 0x3d, 0xea, 0x3c, 0xae, 0xc9, 0xd8, 0x76, 0x28, 0x6d, 0x6a, 0x55,
+    0xe1, 0xe3, 0xd0, 0xf4, 0x6b, 0x00, 0x84, 0x19, 0x4a, 0xf7, 0xe4, 0x65,
+    0xbf, 0x95, 0x12, 0x28, 0x56, 0x6f, 0x8c, 0x37, 0x74, 0xb2, 0xff, 0xbb,
+    0x87, 0x39, 0x83, 0x7f, 0xac, 0xbf, 0xb5, 0xf9, 0x10, 0x5f, 0x8b, 0x2e,
+    0x6d, 0x95, 0x97, 0xec, 0xd7, 0xc5, 0xe5, 0x95, 0xa3, 0xc1, 0x0c, 0x66,
+    0xd8, 0xb2, 0xd8, 0xb3, 0x70, 0xb0, 0xbe, 0xd1, 0x3e, 0xf5, 0x97, 0xb1,
+    0xc9, 0x65, 0x8c, 0x59, 0x76, 0xdc, 0x59, 0x4e, 0x6a, 0xbe, 0x25, 0x52,
+    0x9c, 0x48, 0xce, 0xb1, 0xcc, 0xd3, 0x36, 0x22, 0xd1, 0x19, 0xd1, 0x2f,
+    0xff, 0xe2, 0xcf, 0xfb, 0x21, 0xa9, 0xf3, 0xb7, 0xe7, 0xcb, 0x2f, 0x03,
+    0x98, 0xb2, 0xff, 0x3c, 0x22, 0xf3, 0x77, 0xf5, 0x97, 0xd0, 0x92, 0x82,
+    0xcb, 0x3a, 0xcb, 0xd3, 0xee, 0x2c, 0xae, 0xcd, 0x63, 0x08, 0x5f, 0xfa,
+    0x7a, 0xdb, 0x85, 0x22, 0x0b, 0xf1, 0x65, 0xff, 0xfc, 0xff, 0x6f, 0x39,
+    0xf6, 0xe7, 0x27, 0x35, 0x84, 0xb2, 0xff, 0xdc, 0xc2, 0x1e, 0xdc, 0x1b,
+    0x6f, 0x59, 0x7f, 0xf7, 0x1f, 0xbe, 0x73, 0x08, 0x1b, 0x38, 0xb2, 0xff,
+    0xf3, 0x75, 0xc9, 0xd9, 0xcf, 0xc2, 0x19, 0xc5, 0x94, 0x35, 0x42, 0xb1,
+    0x1a, 0xe9, 0x34, 0xe4, 0x24, 0x89, 0xc5, 0x9f, 0xa0, 0xef, 0x47, 0xbe,
+    0xd7, 0xb0, 0x96, 0x5f, 0xff, 0x8b, 0x1b, 0x8d, 0xa9, 0x17, 0xe2, 0x9c,
+    0x1a, 0xca, 0x64, 0x74, 0xbb, 0xa8, 0x88, 0x6f, 0xc1, 0xc1, 0x81, 0xc5,
+    0x97, 0xb2, 0x65, 0x65, 0xf8, 0x3e, 0x19, 0x9e, 0x59, 0x51, 0x9e, 0x27,
+    0x06, 0xa8, 0x68, 0x90, 0xd3, 0x6d, 0xfc, 0x5b, 0x43, 0xe4, 0xe2, 0xcb,
+    0xed, 0x39, 0xd9, 0x65, 0xf7, 0xe7, 0xb3, 0x16, 0x56, 0x2e, 0x63, 0xf4,
+    0xb1, 0xe9, 0x63, 0x4f, 0x0b, 0xe0, 0x11, 0x88, 0xbc, 0xc2, 0x1b, 0xff,
+    0x0e, 0x64, 0xf9, 0xc1, 0x3f, 0x6b, 0x2f, 0xff, 0x84, 0x1f, 0xca, 0x40,
+    0xff, 0x00, 0x65, 0x05, 0x94, 0xc8, 0x8f, 0xf9, 0xf5, 0xfb, 0xff, 0xc2,
+    0x3a, 0xcb, 0xff, 0xfd, 0x39, 0xcc, 0x2d, 0x4c, 0x18, 0xf9, 0xdc, 0x22,
+    0x12, 0xca, 0x64, 0x43, 0x91, 0x3d, 0xc6, 0x79, 0x65, 0xff, 0xe9, 0x2e,
+    0x83, 0xd3, 0x81, 0xbf, 0xe9, 0x59, 0x7c, 0xf1, 0xb9, 0x2c, 0xbf, 0x7f,
+    0xd8, 0x07, 0x59, 0x5d, 0x9e, 0x41, 0x10, 0xdf, 0xc7, 0xdb, 0xec, 0x03,
+    0xac, 0xbf, 0x8c, 0xe6, 0x61, 0x46, 0xb2, 0xa4, 0xff, 0xf0, 0x89, 0x8b,
+    0xef, 0xed, 0x61, 0x0a, 0x74, 0xb2, 0xfa, 0x79, 0x3b, 0xd6, 0x5f, 0xfd,
+    0x24, 0xff, 0x84, 0x9a, 0xe6, 0x7d, 0x65, 0x6c, 0x68, 0x93, 0xf1, 0x60,
+    0x88, 0xef, 0x6d, 0x7e, 0x96, 0x54, 0xab, 0x06, 0x84, 0x2a, 0x7a, 0x21,
+    0x00, 0xc7, 0x23, 0x11, 0xfc, 0x2f, 0xf7, 0x4d, 0x6f, 0xc1, 0x9c, 0xed,
+    0xb8, 0xb2, 0xfd, 0x85, 0xf6, 0x3a, 0xca, 0x81, 0xe9, 0x1c, 0xb2, 0xfb,
+    0x39, 0x30, 0x59, 0x7d, 0xaf, 0x30, 0x6b, 0x2f, 0xe8, 0x73, 0xed, 0x3d,
+    0xac, 0xbe, 0x38, 0x72, 0x4b, 0x2f, 0x98, 0x78, 0x75, 0x97, 0xce, 0xe4,
+    0x05, 0x96, 0x32, 0x4f, 0x04, 0xd2, 0x1b, 0x84, 0x75, 0x97, 0xf8, 0xc7,
+    0x8b, 0x21, 0x3b, 0x8b, 0x2f, 0xdb, 0xa2, 0x89, 0xa2, 0x59, 0x4c, 0x8a,
+    0x4f, 0x14, 0xf0, 0x5c, 0x46, 0xf7, 0xfc, 0xc7, 0xf7, 0x6f, 0xb9, 0xfe,
+    0x2c, 0xbf, 0xba, 0x7f, 0x7b, 0x06, 0xb2, 0xa4, 0xfa, 0xc4, 0x7b, 0x7d,
+    0x26, 0x39, 0x8b, 0x2f, 0xbf, 0xc1, 0x0d, 0x65, 0xf9, 0xbb, 0x87, 0xfa,
+    0x59, 0x7f, 0xa5, 0xf5, 0xe3, 0x1c, 0x69, 0x2e, 0x30, 0xc4, 0x94, 0x33,
+    0xcc, 0x30, 0xce, 0xe6, 0xdc, 0x48, 0x10, 0xd1, 0xd0, 0x11, 0x89, 0xf8,
+    0x4c, 0xdf, 0xba, 0x6e, 0x79, 0x96, 0x5f, 0xf4, 0x83, 0xd3, 0xc2, 0x78,
+    0x96, 0x57, 0x67, 0xc0, 0x45, 0x17, 0x8f, 0x27, 0x59, 0x7a, 0x02, 0xfa,
+    0xca, 0x93, 0x72, 0x21, 0xca, 0x95, 0xc7, 0x01, 0x91, 0x61, 0x0f, 0x64,
+    0x6c, 0x5d, 0x14, 0x60, 0xe7, 0x85, 0x38, 0x08, 0x48, 0x8f, 0x90, 0xe7,
+    0xfc, 0x22, 0x36, 0x56, 0xef, 0x88, 0x7e, 0x75, 0x97, 0xb1, 0xf7, 0x16,
+    0x5e, 0xd6, 0x0d, 0x65, 0x61, 0xed, 0xe8, 0x87, 0x78, 0xf5, 0xef, 0x4e,
+    0x96, 0x5d, 0xfe, 0x2c, 0xbf, 0x1f, 0x5a, 0x98, 0xd6, 0x5e, 0xc0, 0x14,
+    0x9e, 0x06, 0x0b, 0xdc, 0x67, 0x16, 0x5b, 0x16, 0x5b, 0xbc, 0x35, 0x1f,
+    0x18, 0xbe, 0xee, 0x01, 0x5e, 0xd6, 0x5b, 0xcb, 0x2f, 0xfd, 0xc1, 0x94,
+    0x8f, 0xd3, 0xfe, 0x2c, 0xa9, 0x3c, 0xfe, 0x08, 0xd4, 0xa3, 0x03, 0x09,
+    0xc4, 0xf1, 0x7f, 0xff, 0xd8, 0x66, 0x43, 0xd8, 0xd0, 0xe7, 0x7c, 0x6f,
+    0xb1, 0x46, 0xb2, 0xef, 0x44, 0xb2, 0xff, 0x79, 0x9e, 0x1f, 0x68, 0xd6,
+    0x5f, 0x31, 0x7e, 0x56, 0x5f, 0xf3, 0x69, 0xc1, 0xbb, 0xfc, 0xf2, 0xca,
+    0xf1, 0xed, 0xfc, 0x82, 0xff, 0x98, 0xc2, 0xcf, 0xb0, 0x80, 0xb2, 0xfe,
+    0xfc, 0xb1, 0x07, 0xc5, 0x97, 0xe3, 0xb4, 0x4c, 0x62, 0xca, 0x93, 0xd6,
+    0x62, 0xdb, 0xf3, 0x68, 0x73, 0x1a, 0xcb, 0xfc, 0xfa, 0xff, 0x09, 0x8d,
+    0x59, 0x7f, 0x77, 0xcc, 0xf8, 0x71, 0xac, 0xba, 0x4e, 0xb2, 0xff, 0xff,
+    0xf9, 0xb8, 0x1e, 0xa7, 0xd3, 0x87, 0x62, 0x84, 0xb7, 0x9b, 0xa2, 0x6d,
+    0xeb, 0x2f, 0x8c, 0xfe, 0x78, 0x68, 0x92, 0xe0, 0xb5, 0x4a, 0x3f, 0x9e,
+    0x18, 0x77, 0xe3, 0x73, 0x59, 0xf5, 0x97, 0xff, 0x61, 0xb8, 0x2d, 0x38,
+    0xe7, 0xd2, 0xb2, 0x98, 0xfa, 0xf8, 0x51, 0x7c, 0x18, 0xfd, 0x2b, 0x28,
+    0x2a, 0xbb, 0x5b, 0x2b, 0x90, 0x8c, 0x63, 0x0b, 0xba, 0x67, 0xec, 0x61,
+    0xa1, 0x1d, 0xb8, 0x45, 0xa8, 0x47, 0x78, 0x81, 0xca, 0x0a, 0x33, 0x1e,
+    0x42, 0x44, 0x44, 0x37, 0xa2, 0x7d, 0x2c, 0xbf, 0xef, 0xfb, 0x00, 0x29,
+    0xec, 0x35, 0x97, 0xff, 0xfe, 0x76, 0xfc, 0xf8, 0xb3, 0xfe, 0x60, 0xe1,
+    0x3b, 0xd8, 0x80, 0xb2, 0xfd, 0xd6, 0x1e, 0x78, 0xb2, 0xf0, 0x88, 0x6b,
+    0x2f, 0xff, 0x7b, 0x1a, 0x33, 0xcb, 0xb4, 0x1f, 0x8b, 0x2f, 0xff, 0xcd,
+    0xfe, 0x61, 0xb1, 0x41, 0xbf, 0xc1, 0xe1, 0x2c, 0xbf, 0xfd, 0x9e, 0xc2,
+    0xff, 0x33, 0x79, 0x4f, 0x6b, 0x2a, 0x53, 0xef, 0xec, 0x77, 0xc7, 0x6e,
+    0xd6, 0x02, 0x8f, 0x8e, 0x6f, 0x48, 0x31, 0x5a, 0xe6, 0xed, 0x65, 0xe9,
+    0x2f, 0xac, 0xb9, 0xb4, 0xb2, 0xa3, 0x36, 0x38, 0x37, 0x7f, 0xa0, 0xc7,
+    0xf7, 0x6f, 0xb8, 0xb2, 0xf9, 0xf5, 0x30, 0x59, 0x7d, 0xde, 0x0a, 0x25,
+    0x97, 0xfe, 0x14, 0xe8, 0xd7, 0x0f, 0xed, 0x05, 0x97, 0xfc, 0xfd, 0xed,
+    0xef, 0x98, 0x46, 0xac, 0xa8, 0xd3, 0x1a, 0xec, 0x84, 0xe6, 0xfe, 0x21,
+    0x22, 0x4f, 0xa0, 0x5f, 0x7b, 0x71, 0x8e, 0xb2, 0xf1, 0x48, 0x16, 0x56,
+    0xd3, 0xc0, 0xe1, 0x2d, 0xfd, 0xf7, 0x39, 0xe4, 0xeb, 0x2c, 0x7c, 0x3d,
+    0x1e, 0xc9, 0x2f, 0xf7, 0x7e, 0xc8, 0xbc, 0xda, 0x59, 0x52, 0x7b, 0xb8,
+    0x51, 0x7e, 0x72, 0xce, 0xe5, 0x65, 0xfe, 0xf4, 0x9f, 0xaf, 0x34, 0x4b,
+    0x2d, 0x3b, 0x19, 0xed, 0xf6, 0x4d, 0x7c, 0xfc, 0xed, 0xd6, 0x5f, 0xf4,
+    0x39, 0xe7, 0xea, 0x48, 0x6b, 0x2f, 0x03, 0xfe, 0x59, 0x50, 0x3f, 0x8e,
+    0xc8, 0x80, 0x73, 0x7f, 0xff, 0xed, 0x60, 0xf8, 0xfb, 0x8d, 0xdf, 0x9d,
+    0xa1, 0x23, 0xf0, 0x8d, 0x59, 0x60, 0x2c, 0xa7, 0x45, 0x8f, 0x0c, 0x03,
+    0x70, 0xbf, 0x37, 0x58, 0xe7, 0x59, 0x52, 0xba, 0x8b, 0x07, 0x4c, 0x8d,
+    0x89, 0xa3, 0x47, 0xd3, 0xdb, 0xc6, 0xac, 0x46, 0x17, 0xf1, 0x0f, 0x9c,
+    0x63, 0xac, 0xbf, 0x74, 0xf1, 0xe1, 0x8b, 0x2f, 0xd3, 0xa1, 0xe1, 0x2c,
+    0xac, 0x3f, 0xd2, 0x2d, 0xf9, 0x55, 0xfa, 0x76, 0x5b, 0xc2, 0x59, 0x7e,
+    0x11, 0x16, 0x1a, 0xb2, 0xf6, 0x9b, 0xcb, 0x2b, 0xa3, 0xc3, 0x22, 0x7b,
+    0xed, 0xdf, 0xb1, 0xab, 0x2e, 0x90, 0xd6, 0x57, 0x0d, 0xee, 0xc9, 0x35,
+    0xff, 0xd2, 0x09, 0xf1, 0xc9, 0xcd, 0xf3, 0x2c, 0xb6, 0xc6, 0xb2, 0xfe,
+    0xf4, 0x91, 0x8f, 0xda, 0xcb, 0xff, 0x14, 0x53, 0x85, 0x1e, 0x77, 0xf5,
+    0x94, 0x33, 0xed, 0x72, 0xeb, 0xfe, 0xf4, 0xf5, 0x20, 0x72, 0x02, 0xcb,
+    0xff, 0x85, 0x24, 0xe6, 0xc4, 0x52, 0x0e, 0x2c, 0xb3, 0x0c, 0xff, 0x3e,
+    0x71, 0x7c, 0x63, 0xc9, 0xd6, 0x5f, 0x9f, 0x91, 0xb6, 0x96, 0x5f, 0x69,
+    0x85, 0x1a, 0xe2, 0xf5, 0x5e, 0xe8, 0x51, 0xae, 0x2f, 0x55, 0xff, 0xb1,
+    0xb7, 0xe1, 0x60, 0xde, 0x0b, 0x8b, 0xd5, 0x7e, 0x72, 0xee, 0x01, 0x06,
+    0x8a, 0x6e, 0x18, 0x18, 0x59, 0x73, 0xee, 0xac, 0xa1, 0xa6, 0x6e, 0x78,
+    0x67, 0x12, 0x85, 0xf8, 0xdf, 0xbb, 0x92, 0xcb, 0xc4, 0x28, 0xd6, 0x53,
+    0x9e, 0x27, 0xc9, 0xe9, 0x91, 0x34, 0x4f, 0x35, 0x2b, 0x97, 0x63, 0x2d,
+    0xc6, 0xd6, 0x5f, 0xd1, 0x21, 0xd0, 0xde, 0x10, 0x7c, 0x84, 0xef, 0xc9,
+    0xc5, 0x1f, 0x9d, 0xfe, 0x27, 0x3f, 0xa7, 0x06, 0xb2, 0xed, 0x8b, 0x60,
+    0x59, 0x79, 0xa7, 0x4b, 0x2b, 0x63, 0x37, 0x9e, 0x21, 0xbf, 0xfb, 0x4c,
+    0x79, 0xdc, 0x2c, 0x3f, 0x72, 0xb2, 0xa0, 0x7d, 0x91, 0x13, 0x5e, 0x27,
+    0x1a, 0xcb, 0xdc, 0x8d, 0xd6, 0x53, 0x1b, 0x80, 0xc6, 0xef, 0xf7, 0xdb,
+    0x53, 0xd6, 0x6f, 0x59, 0x71, 0xd9, 0x65, 0xfb, 0xf2, 0x53, 0x12, 0xca,
+    0x93, 0xf2, 0x8c, 0xd5, 0xc5, 0xaf, 0xd8, 0x7d, 0x3f, 0x6b, 0x28, 0x68,
+    0xe9, 0x28, 0x49, 0xf0, 0xba, 0xfd, 0x0c, 0xdf, 0x30, 0x59, 0x7b, 0x35,
+    0x2b, 0x2f, 0x6f, 0xc1, 0xac, 0xae, 0x95, 0x59, 0xf7, 0x0d, 0x96, 0x8d,
+    0x13, 0x46, 0x9e, 0x29, 0x10, 0xdd, 0x8c, 0x59, 0x7f, 0x98, 0xc9, 0x61,
+    0xe1, 0xd6, 0x59, 0xb0, 0xf1, 0x22, 0x12, 0xbc, 0xfa, 0x8d, 0x65, 0x2c,
+    0xb1, 0x74, 0x6a, 0x22, 0x1d, 0xbf, 0xbc, 0xf1, 0x6a, 0x63, 0x59, 0x7f,
+    0x37, 0x7c, 0xf6, 0x74, 0xb2, 0xfb, 0xd8, 0xd1, 0x2c, 0xbf, 0xa7, 0x7e,
+    0x7b, 0xd2, 0xb2, 0xfd, 0x9f, 0xe6, 0x44, 0xb3, 0xc6, 0xba, 0xff, 0xff,
+    0xfb, 0x3b, 0xe3, 0x61, 0x9b, 0x73, 0xb8, 0x71, 0xbf, 0xc6, 0xec, 0x63,
+    0x14, 0x6b, 0x2f, 0xfd, 0x3d, 0x16, 0x45, 0xe1, 0x6a, 0x25, 0x94, 0xc8,
+    0xc5, 0x28, 0x42, 0x5f, 0xff, 0x98, 0x87, 0xb4, 0x3f, 0xb7, 0x1d, 0x88,
+    0x50, 0x59, 0x7c, 0xf1, 0xf9, 0x96, 0x56, 0x2a, 0x71, 0x62, 0x88, 0x8b,
+    0xf4, 0x5e, 0x4a, 0x1f, 0x87, 0xee, 0xf2, 0x6d, 0x95, 0x6b, 0xc2, 0xd4,
+    0x16, 0x5f, 0xf8, 0xee, 0x3d, 0x4f, 0xfd, 0x83, 0x59, 0x7f, 0x3f, 0xc0,
+    0x19, 0x41, 0x65, 0xfa, 0x3e, 0xbd, 0x3a, 0x59, 0x7f, 0x9d, 0xcc, 0x03,
+    0xff, 0x8b, 0x2e, 0x0f, 0x8b, 0x28, 0x67, 0x97, 0xe3, 0x3b, 0xe1, 0x45,
+    0x3d, 0xac, 0xbf, 0xf0, 0xe7, 0xef, 0x0c, 0xde, 0xe3, 0x59, 0x7e, 0x68,
+    0xe3, 0x6d, 0x2c, 0xbf, 0x49, 0x10, 0x8e, 0xb2, 0xd0, 0xf9, 0xe7, 0x86,
+    0x53, 0x5b, 0x53, 0xfb, 0x91, 0xd8, 0xcf, 0xb0, 0xb8, 0xd7, 0x5e, 0x88,
+    0x8e, 0x48, 0xf0, 0x8e, 0xbf, 0x30, 0x43, 0x0c, 0x31, 0x25, 0xff, 0x8d,
+    0x7e, 0xf6, 0xf9, 0xce, 0xdc, 0x59, 0x69, 0x81, 0xf7, 0x9c, 0xb6, 0xec,
+    0xf2, 0xcb, 0xb0, 0x6b, 0x2f, 0xdf, 0x00, 0x65, 0x05, 0x94, 0x69, 0xbf,
+    0x71, 0x6b, 0xf3, 0xeb, 0xa9, 0xfa, 0xcb, 0x9b, 0x4b, 0x2b, 0xc6, 0xf8,
+    0x45, 0x16, 0xe9, 0x65, 0xce, 0x35, 0x97, 0xf6, 0x9f, 0x9e, 0x78, 0x2c,
+    0xb7, 0x6b, 0x2e, 0x63, 0x16, 0x5c, 0x18, 0x16, 0x54, 0x46, 0xbc, 0x02,
+    0xf7, 0xa0, 0xe3, 0x59, 0x71, 0x86, 0x2c, 0xa8, 0x23, 0x6f, 0x05, 0xba,
+    0x2d, 0x64, 0x1e, 0x11, 0x18, 0x39, 0x70, 0x60, 0x48, 0x10, 0xf5, 0xe9,
+    0xd3, 0x6f, 0xfc, 0x68, 0x97, 0xfb, 0x0e, 0xc3, 0x8c, 0x5c, 0x59, 0x7f,
+    0xff, 0x03, 0x67, 0x35, 0x3f, 0x6e, 0x98, 0x71, 0xc9, 0x4a, 0xcb, 0xd9,
+    0xdf, 0xd6, 0x5b, 0x08, 0xfe, 0xb8, 0xbb, 0x5e, 0x46, 0xa7, 0x21, 0x5d,
+    0x7f, 0xcc, 0x3c, 0x3b, 0x44, 0xc6, 0x2c, 0xbf, 0xff, 0xe8, 0x7a, 0x47,
+    0x2d, 0xd8, 0x35, 0x83, 0x9d, 0x37, 0x60, 0x59, 0x7f, 0xff, 0xd3, 0xe7,
+    0x6f, 0xcc, 0x04, 0x3c, 0x0f, 0x35, 0xf1, 0x79, 0x65, 0xff, 0xe7, 0x1e,
+    0x61, 0x1b, 0xce, 0x61, 0x01, 0x65, 0xf7, 0x84, 0xe6, 0xca, 0x69, 0xd8,
+    0x73, 0xa6, 0x73, 0xb3, 0x5e, 0x29, 0xf2, 0xcb, 0xff, 0xfa, 0x0f, 0xce,
+    0x4e, 0x46, 0x28, 0x0f, 0x44, 0xe6, 0x2c, 0xa1, 0xa3, 0x2c, 0xd5, 0x46,
+    0x1b, 0xbf, 0xb4, 0xf0, 0x9d, 0x01, 0x65, 0xff, 0xfe, 0xf3, 0xc3, 0xd2,
+    0xfa, 0xe7, 0x33, 0xcd, 0xc1, 0x46, 0xb2, 0xd9, 0xa4, 0x47, 0x78, 0xb6,
+    0xff, 0xfb, 0x52, 0xf0, 0xd4, 0xf9, 0xdb, 0xac, 0x25, 0x95, 0x29, 0x99,
+    0xc2, 0x17, 0xcc, 0x51, 0x5c, 0x57, 0x51, 0xf9, 0x6e, 0x97, 0xa1, 0xb9,
+    0x05, 0x97, 0xbc, 0xdc, 0x59, 0x52, 0x6f, 0x20, 0x41, 0x7f, 0x3c, 0x79,
+    0x84, 0x6a, 0xcb, 0xf9, 0x8f, 0xd6, 0x17, 0x4b, 0x2f, 0x9e, 0x3e, 0x79,
+    0x65, 0x68, 0xf4, 0x78, 0x5d, 0x5b, 0x59, 0x02, 0x30, 0x55, 0x1a, 0xff,
+    0x71, 0xc8, 0x34, 0xe5, 0x29, 0x34, 0x70, 0x83, 0xef, 0xd6, 0xd8, 0x96,
+    0x5e, 0x77, 0x3a, 0xcb, 0xde, 0x6f, 0xac, 0xb6, 0xf0, 0xa9, 0xe6, 0xf8,
+    0x58, 0x31, 0xbb, 0xfe, 0xcf, 0xfa, 0x75, 0xfc, 0xe9, 0x65, 0xc6, 0xba,
+    0xcb, 0xec, 0x21, 0x44, 0xb2, 0xf9, 0xb7, 0xc8, 0xd6, 0x5f, 0xff, 0xb8,
+    0xff, 0xe1, 0x67, 0x27, 0xb0, 0x7f, 0x38, 0xb2, 0xbb, 0x44, 0xd1, 0xc8,
+    0xbe, 0x47, 0x76, 0xa2, 0x59, 0x76, 0xa5, 0x65, 0x49, 0xae, 0xc1, 0x8a,
+    0x96, 0xc5, 0xd2, 0x10, 0xa9, 0xc9, 0x58, 0x0d, 0x29, 0xdb, 0xd0, 0xe8,
+    0x7a, 0x41, 0xc0, 0x21, 0xa2, 0x47, 0x9f, 0x39, 0x14, 0x2c, 0x76, 0x57,
+    0xef, 0xff, 0xff, 0xff, 0xf6, 0xce, 0x1d, 0xe0, 0xdc, 0x06, 0x03, 0xce,
+    0xd0, 0x91, 0xf8, 0x46, 0xcb, 0x13, 0xfe, 0x60, 0xfb, 0xfc, 0xf0, 0x59,
+    0x7e, 0xf3, 0x6f, 0xc8, 0xd6, 0x53, 0x23, 0x9f, 0x90, 0xbd, 0xbf, 0xef,
+    0x0b, 0xfe, 0xcd, 0x37, 0x16, 0x5e, 0xe3, 0xc4, 0xb2, 0xff, 0xc3, 0x92,
+    0x88, 0x5e, 0x7f, 0x4a, 0xcb, 0xe3, 0xcf, 0x70, 0x59, 0x7f, 0xec, 0xdf,
+    0x23, 0x2c, 0xfe, 0x01, 0x65, 0xd8, 0x4b, 0x2d, 0x9d, 0x9e, 0x9e, 0xf3,
+    0xeb, 0xf7, 0xbf, 0x30, 0x3a, 0xcb, 0x83, 0x02, 0xca, 0x64, 0x70, 0x69,
+    0xdb, 0xc5, 0x40, 0x28, 0xbc, 0xc4, 0x35, 0x97, 0xff, 0x30, 0xdf, 0xed,
+    0xcc, 0x86, 0x79, 0x65, 0xcf, 0xba, 0xb2, 0xf6, 0x77, 0xf5, 0x95, 0xe3,
+    0xf8, 0xfa, 0x16, 0xe8, 0xcd, 0xfd, 0x9a, 0x9f, 0xf3, 0x16, 0x5f, 0xff,
+    0x3f, 0x70, 0x98, 0x60, 0xf9, 0x30, 0x92, 0x59, 0x58, 0x8a, 0xc6, 0x32,
+    0x22, 0xcb, 0xfb, 0x8f, 0xe6, 0x90, 0x2c, 0xbf, 0x17, 0xf9, 0x84, 0xb2,
+    0xff, 0xc1, 0x94, 0x0b, 0x3f, 0xfc, 0x8d, 0x65, 0x31, 0xf2, 0x80, 0x9a,
+    0xfd, 0xa7, 0xdf, 0xba, 0xeb, 0x2a, 0x0b, 0x84, 0x23, 0x27, 0xec, 0xe5,
+    0x87, 0x75, 0x18, 0xf7, 0x8f, 0x0a, 0x33, 0xfe, 0x16, 0xfe, 0x12, 0x3b,
+    0xc8, 0x6f, 0xdb, 0x16, 0xc6, 0x14, 0xd9, 0xfa, 0xcb, 0xfd, 0x1f, 0xcf,
+    0xec, 0x03, 0xac, 0xbe, 0xc2, 0x63, 0x56, 0x54, 0x11, 0x1e, 0x73, 0xad,
+    0xe6, 0x97, 0x75, 0xba, 0xb2, 0xf7, 0x21, 0xe5, 0x94, 0x46, 0xe3, 0xe3,
+    0x77, 0xff, 0xf7, 0x7c, 0x27, 0xe7, 0xb2, 0x19, 0xe6, 0xd7, 0x9d, 0x65,
+    0xf6, 0x77, 0x1e, 0xf5, 0x97, 0xd9, 0xf8, 0x8e, 0xb2, 0xff, 0x70, 0x6e,
+    0x79, 0xff, 0x4b, 0x2f, 0xf0, 0xf0, 0x85, 0x0c, 0xe2, 0xca, 0xec, 0xf9,
+    0x88, 0xd2, 0xfb, 0xbe, 0x08, 0x0b, 0x2e, 0x2e, 0x96, 0x54, 0x9b, 0xb7,
+    0x24, 0xbf, 0xc1, 0xfc, 0xb2, 0x36, 0xd2, 0xcb, 0xf1, 0x74, 0x68, 0xfb,
+    0x59, 0x7c, 0xfb, 0xb8, 0x4b, 0x2f, 0x37, 0x19, 0x65, 0x39, 0xf4, 0xf0,
+    0xaf, 0xe4, 0x77, 0xf6, 0x75, 0x3e, 0x93, 0xac, 0xa9, 0x56, 0x0f, 0x8d,
+    0x4c, 0x41, 0xa5, 0xa3, 0x93, 0x3c, 0x22, 0x40, 0xba, 0x43, 0xe2, 0x84,
+    0xe9, 0x85, 0xd7, 0xfe, 0x90, 0xc0, 0x28, 0x41, 0xfc, 0x25, 0x97, 0xb3,
+    0x0d, 0x59, 0x7d, 0x09, 0x07, 0x16, 0x50, 0xcd, 0xf6, 0x0e, 0x54, 0x68,
+    0x9e, 0xed, 0xfa, 0xfb, 0xe2, 0x72, 0x59, 0x7d, 0xad, 0x4c, 0x16, 0x5f,
+    0xe6, 0x1b, 0x05, 0xe4, 0x99, 0x65, 0x61, 0xeb, 0x78, 0x8a, 0xff, 0xf9,
+    0x8d, 0xc6, 0x3e, 0xa4, 0x41, 0x77, 0xf7, 0x16, 0x5f, 0xe7, 0x86, 0x0f,
+    0x5c, 0xe2, 0xcb, 0xe9, 0xc0, 0xc6, 0xb2, 0xff, 0xfe, 0x81, 0x4e, 0x73,
+    0x0b, 0xfe, 0xc1, 0x8b, 0xfc, 0x59, 0x7e, 0xe7, 0xbd, 0x24, 0xb2, 0xfe,
+    0x6f, 0xbf, 0x8c, 0xdc, 0x59, 0x58, 0x7b, 0x06, 0x93, 0xdf, 0xd3, 0x1e,
+    0xce, 0x6a, 0x56, 0x5f, 0xec, 0x8b, 0xd9, 0xc7, 0x25, 0x97, 0xfe, 0x1e,
+    0x77, 0x0e, 0x7f, 0x8e, 0x05, 0x95, 0xa3, 0xf2, 0x11, 0x95, 0xf7, 0x39,
+    0x86, 0x2c, 0xbf, 0xc6, 0x0f, 0xd9, 0xbf, 0x34, 0xb2, 0xff, 0xe6, 0x3e,
+    0xde, 0xbc, 0xde, 0xe9, 0xb8, 0xb2, 0xff, 0x64, 0x30, 0x41, 0x77, 0x25,
+    0x97, 0xff, 0x4c, 0x3d, 0x3d, 0xfe, 0x7c, 0xfb, 0x8b, 0x2a, 0x51, 0xf5,
+    0xa3, 0x6f, 0x24, 0x11, 0xad, 0xff, 0xfe, 0x62, 0xce, 0xfe, 0x6b, 0xff,
+    0xd3, 0xec, 0xde, 0xf0, 0x59, 0x7b, 0x30, 0x96, 0x54, 0x6b, 0x82, 0x63,
+    0x53, 0xe8, 0xcf, 0xb2, 0x26, 0x85, 0x8c, 0x44, 0x5a, 0x85, 0x17, 0x88,
+    0xbf, 0x18, 0xee, 0xf3, 0xbd, 0xd6, 0x2b, 0xfe, 0x9d, 0x70, 0xb0, 0xf3,
+    0xd2, 0xcb, 0x8a, 0x56, 0x5f, 0xc3, 0xe7, 0xa4, 0xce, 0x2c, 0xbf, 0xe1,
+    0xb6, 0xa7, 0x78, 0x39, 0x05, 0x97, 0x49, 0xd6, 0x54, 0x9e, 0x8f, 0x8e,
+    0xeb, 0xc8, 0xb6, 0x71, 0x5f, 0xc2, 0x02, 0xff, 0xb8, 0xfe, 0x61, 0xf4,
+    0xd1, 0xac, 0xbf, 0xcf, 0x0c, 0x1f, 0x39, 0x2b, 0x2f, 0xef, 0xfa, 0x4f,
+    0x11, 0x2c, 0xa9, 0x44, 0xd6, 0x1d, 0x00, 0xca, 0x82, 0x8b, 0xe9, 0x12,
+    0xef, 0x93, 0x86, 0x8d, 0x0b, 0x37, 0x87, 0x70, 0xa1, 0x9d, 0x71, 0x7d,
+    0x65, 0xe1, 0x6a, 0x35, 0x97, 0xba, 0x14, 0xac, 0xbc, 0x63, 0xf9, 0x65,
+    0x49, 0xf7, 0x40, 0x59, 0x87, 0xb4, 0x3b, 0x7d, 0x82, 0xd4, 0x6b, 0x2f,
+    0xfd, 0xbd, 0xbe, 0x01, 0x17, 0x18, 0x6b, 0x2f, 0xd9, 0xcf, 0x0a, 0x35,
+    0x96, 0xd6, 0xd4, 0x46, 0x61, 0x1f, 0x90, 0x2f, 0xff, 0xf3, 0xc0, 0x38,
+    0x7b, 0x04, 0x17, 0xc2, 0x34, 0x8b, 0x22, 0x59, 0x52, 0x89, 0xc3, 0x9b,
+    0xdf, 0xf6, 0xd1, 0x93, 0x9a, 0x6b, 0x98, 0xb2, 0xfc, 0xda, 0x84, 0x52,
+    0xb2, 0xff, 0xef, 0x61, 0x39, 0xbe, 0x6f, 0xc1, 0x96, 0x57, 0x8f, 0xaf,
+    0x85, 0x15, 0x88, 0xca, 0x68, 0x54, 0x5d, 0xb2, 0xcb, 0x2f, 0xff, 0x85,
+    0xd0, 0x7d, 0x81, 0xf8, 0xfa, 0x6e, 0xc0, 0xb2, 0xfd, 0x3e, 0x2c, 0x35,
+    0x65, 0x31, 0xfd, 0xf9, 0x52, 0xfd, 0x31, 0x79, 0xb4, 0xb2, 0xfe, 0x17,
+    0xf9, 0x20, 0x8d, 0x65, 0xff, 0xec, 0x1c, 0xc2, 0x79, 0xcc, 0x84, 0x25,
+    0x65, 0xf3, 0xea, 0x60, 0xb2, 0xff, 0xfe, 0x62, 0x76, 0x20, 0x6a, 0x7c,
+    0xed, 0xf9, 0xf2, 0xca, 0x1a, 0x3b, 0x8e, 0x5e, 0x49, 0x1f, 0x21, 0xbe,
+    0xff, 0x05, 0x1a, 0xcb, 0xff, 0xfe, 0xef, 0x52, 0x2f, 0x88, 0xfa, 0x77,
+    0x01, 0x66, 0xf6, 0xd2, 0xca, 0x64, 0x46, 0x39, 0x25, 0xff, 0xa0, 0x18,
+    0xde, 0x3c, 0x3b, 0xf1, 0x65, 0xff, 0x42, 0x7d, 0x3f, 0xf3, 0x9d, 0x65,
+    0x49, 0xfc, 0x09, 0x02, 0xff, 0xf1, 0x30, 0x3f, 0xdf, 0x4d, 0xa0, 0xe4,
+    0x6b, 0x2f, 0xfb, 0xc1, 0x8c, 0x5f, 0xe0, 0x25, 0x65, 0x4a, 0x21, 0xdd,
+    0x32, 0x86, 0xad, 0x87, 0xa2, 0x16, 0x8c, 0x58, 0xf0, 0xc8, 0x28, 0x4c,
+    0xfe, 0x15, 0x17, 0xff, 0xc0, 0x3e, 0x1f, 0x09, 0xcf, 0x30, 0x0f, 0x8b,
+    0x2f, 0xe7, 0x03, 0xb0, 0xd9, 0x65, 0xf3, 0x9f, 0x8e, 0xb2, 0xf4, 0x9e,
+    0x56, 0x57, 0x68, 0xb6, 0xd2, 0x7f, 0x0a, 0xf7, 0x90, 0xdf, 0xb4, 0x2e,
+    0xbd, 0x2b, 0x2f, 0xed, 0x45, 0x06, 0xff, 0x16, 0x58, 0xa4, 0xf6, 0x30,
+    0xa6, 0xfb, 0x35, 0x3c, 0x59, 0x7f, 0xa2, 0x78, 0x9f, 0xb8, 0x71, 0x65,
+    0xfc, 0xf1, 0xb4, 0x4c, 0x62, 0xcb, 0xff, 0xfc, 0xe6, 0x7f, 0x3d, 0xb4,
+    0x79, 0x14, 0x1f, 0x51, 0xf8, 0x4b, 0x2a, 0x51, 0xd9, 0x84, 0x2e, 0x6c,
+    0x45, 0xf7, 0xec, 0x28, 0xf0, 0xc5, 0x97, 0xe7, 0x3f, 0x98, 0xc5, 0x95,
+    0x19, 0xe8, 0x0c, 0xa2, 0xff, 0xe9, 0xfe, 0x13, 0x1a, 0x03, 0xcc, 0x16,
+    0x5f, 0xf4, 0xc6, 0x1c, 0x3c, 0x27, 0x8d, 0x65, 0xfe, 0x7f, 0xf3, 0xae,
+    0x9b, 0xb5, 0x97, 0xfc, 0xdd, 0x64, 0x4e, 0x51, 0x85, 0x56, 0x56, 0x26,
+    0x2c, 0xc4, 0x7a, 0x43, 0x73, 0xc2, 0x36, 0xb6, 0xc6, 0xb2, 0xfd, 0x3a,
+    0xd6, 0x79, 0x65, 0xff, 0xd3, 0x85, 0xe9, 0x60, 0x3f, 0xc4, 0xb2, 0xf3,
+    0xc3, 0xeb, 0x2f, 0xff, 0xa4, 0xd3, 0x31, 0xb7, 0x98, 0xe3, 0x9c, 0x3a,
+    0xcb, 0xf8, 0x9c, 0xd9, 0x3c, 0xac, 0xa0, 0xaa, 0x63, 0x10, 0x16, 0xd1,
+    0x39, 0xd0, 0x48, 0x70, 0x4a, 0x57, 0xa3, 0x34, 0xd5, 0x97, 0xb6, 0x1e,
+    0xe0, 0x16, 0x5b, 0x71, 0x65, 0xf4, 0x04, 0x30, 0x9b, 0x01, 0xba, 0x34,
+    0x9a, 0xfe, 0x3b, 0xf7, 0xb1, 0x67, 0x96, 0x5e, 0x31, 0xf8, 0xb2, 0xfe,
+    0x3c, 0xe1, 0x7f, 0x8b, 0x2f, 0xd3, 0x1e, 0x41, 0x96, 0x5e, 0x0c, 0x61,
+    0x31, 0x14, 0x7e, 0x33, 0xe0, 0xef, 0xcb, 0x2a, 0x24, 0xcd, 0x7d, 0x0e,
+    0x4b, 0xef, 0x7b, 0x3b, 0x59, 0x7f, 0x38, 0xe4, 0xa4, 0x0b, 0x2f, 0x9b,
+    0x98, 0x39, 0x3c, 0xed, 0x92, 0x3b, 0xf3, 0xf3, 0xf9, 0xe5, 0x97, 0xbc,
+    0xe3, 0x59, 0x7f, 0xcd, 0x27, 0xdb, 0x83, 0x6d, 0xeb, 0x2b, 0xc7, 0xaf,
+    0xc1, 0xcb, 0xed, 0xbf, 0x63, 0xac, 0xa9, 0x56, 0x0a, 0x38, 0xe3, 0xfa,
+    0x78, 0x63, 0xa7, 0x7e, 0x11, 0x15, 0xff, 0xf9, 0xba, 0x93, 0xf1, 0xf5,
+    0x87, 0x17, 0x4f, 0x05, 0x97, 0xfc, 0xfa, 0x7f, 0xb6, 0x9c, 0x0b, 0x2e,
+    0x6d, 0xeb, 0x2f, 0xf4, 0x93, 0xf8, 0x45, 0x1a, 0xcb, 0xff, 0x31, 0xb2,
+    0x36, 0x27, 0xd1, 0xab, 0x2f, 0xff, 0x67, 0x7f, 0xef, 0xec, 0x66, 0x0d,
+    0xe0, 0xb2, 0xb1, 0x11, 0x40, 0x3e, 0xb7, 0x96, 0x5f, 0xcd, 0xa0, 0x1d,
+    0xb8, 0xb2, 0xa0, 0x9e, 0x0f, 0x4a, 0xdb, 0x86, 0xe7, 0x18, 0x28, 0x5e,
+    0x08, 0x8b, 0x64, 0x46, 0xff, 0xff, 0xf3, 0x77, 0xcc, 0x83, 0x7f, 0xd8,
+    0x40, 0x04, 0xf8, 0xb0, 0x6e, 0x75, 0x97, 0x87, 0x27, 0x59, 0x7f, 0x03,
+    0x22, 0x9e, 0xf8, 0xb2, 0xff, 0xde, 0xc2, 0xeb, 0x6e, 0x0d, 0xb7, 0xac,
+    0xbf, 0xff, 0xc4, 0xe6, 0x7b, 0x0e, 0xe6, 0x7f, 0x98, 0x60, 0xd8, 0xeb,
+    0x2f, 0x7b, 0x22, 0x59, 0x7e, 0x07, 0x70, 0x9d, 0xd5, 0x97, 0xf6, 0x6b,
+    0x22, 0x93, 0x56, 0x56, 0x1e, 0xd7, 0xcb, 0x2f, 0xff, 0xfe, 0xe7, 0xa7,
+    0xd2, 0xdd, 0x83, 0x58, 0x39, 0xff, 0x18, 0xbb, 0x82, 0xca, 0xc4, 0xf7,
+    0x58, 0xbe, 0x24, 0x2f, 0x31, 0x7d, 0xdc, 0xc2, 0x1b, 0xc3, 0x63, 0xac,
+    0xbf, 0xc6, 0x96, 0x47, 0x18, 0x89, 0x65, 0x4a, 0xaa, 0x2c, 0x8f, 0xe5,
+    0x96, 0x04, 0x39, 0x7f, 0x79, 0xe1, 0x3c, 0x82, 0xcb, 0xfe, 0xcf, 0x37,
+    0x7c, 0xf0, 0xb8, 0xb2, 0xec, 0x2e, 0x8f, 0x9c, 0x05, 0xb7, 0xff, 0xf0,
+    0x9f, 0x73, 0x6e, 0xc8, 0xa7, 0x6e, 0x70, 0x84, 0xf1, 0xac, 0xbe, 0xe3,
+    0xb4, 0x6b, 0x2f, 0x72, 0x39, 0x59, 0x51, 0x9b, 0xfc, 0x22, 0xbf, 0xff,
+    0xbf, 0x9b, 0xf6, 0xec, 0x8a, 0x76, 0xe7, 0x08, 0x4f, 0x1a, 0xcb, 0xfe,
+    0x84, 0xff, 0xf2, 0xe7, 0x8d, 0x65, 0x62, 0x27, 0x7b, 0x64, 0xbf, 0xfd,
+    0x9e, 0x77, 0x39, 0x3e, 0x9a, 0x78, 0xb2, 0xd8, 0x73, 0xe9, 0xde, 0x47,
+    0x7e, 0x8f, 0x76, 0x7b, 0xe2, 0xcb, 0xf3, 0x80, 0x78, 0x4b, 0x2b, 0x15,
+    0x23, 0xb4, 0x29, 0x3d, 0x19, 0x3b, 0x94, 0x91, 0x6d, 0xa2, 0x59, 0x7b,
+    0x08, 0xd5, 0x95, 0x26, 0xbb, 0x04, 0xaf, 0xf7, 0x53, 0x0f, 0xf9, 0xc6,
+    0xb2, 0xfc, 0xdb, 0x39, 0xa3, 0x56, 0x5f, 0x6f, 0x2c, 0xe2, 0xcb, 0xf8,
+    0x9c, 0xd2, 0xc0, 0x2c, 0xa6, 0x3c, 0xf3, 0x91, 0xdc, 0xf2, 0xb2, 0xfe,
+    0x9f, 0xf3, 0x6f, 0xe0, 0xb2, 0xe3, 0x60, 0xb2, 0xfd, 0xe6, 0xde, 0xdd,
+    0x2c, 0xbb, 0x3d, 0x03, 0xc2, 0xe8, 0x62, 0xa3, 0x4e, 0x8f, 0x07, 0xce,
+    0x68, 0xef, 0x5c, 0x21, 0xf8, 0xae, 0xcb, 0x95, 0xe3, 0x0c, 0x31, 0x25,
+    0xff, 0xb4, 0x42, 0x70, 0xf2, 0x29, 0x3a, 0xc0, 0x86, 0x82, 0xf4, 0x4c,
+    0x62, 0xcb, 0xde, 0x10, 0x16, 0x5b, 0xcc, 0x6e, 0xe2, 0x1e, 0xb7, 0x4b,
+    0x2a, 0x51, 0x8b, 0x90, 0x8c, 0xd1, 0x3d, 0xfe, 0x91, 0xe4, 0x24, 0xba,
+    0x59, 0x52, 0xde, 0x15, 0x47, 0x1b, 0x14, 0x21, 0xd8, 0x32, 0x6c, 0x97,
+    0xea, 0xd1, 0x91, 0xee, 0x42, 0x62, 0x28, 0xc4, 0x75, 0x1c, 0xf9, 0xe3,
+    0x5f, 0xf4, 0xb6, 0x07, 0x94, 0x3c, 0x07, 0x02, 0x96, 0x2f, 0xc8, 0x54,
+    0xfe, 0x53, 0xa0, 0xa5, 0x12, 0x19, 0x1a, 0x60, 0x66, 0x77, 0xcd, 0xa7,
+    0x02, 0xcb, 0xfc, 0x3f, 0x4c, 0x65, 0x9d, 0xac, 0xbc, 0x3f, 0x4a, 0xca,
+    0x39, 0xf8, 0x80, 0x87, 0x86, 0x97, 0xda, 0xd6, 0x79, 0x65, 0xfd, 0xe6,
+    0xdd, 0xdd, 0x11, 0xab, 0x2a, 0x4f, 0x5f, 0xa2, 0x2b, 0x05, 0xd6, 0x5c,
+    0x5c, 0x59, 0x66, 0x59, 0x7f, 0x6b, 0x9e, 0x92, 0xfa, 0xcb, 0xa4, 0x0b,
+    0x2d, 0xf9, 0x3c, 0x3e, 0x16, 0xdf, 0xfe, 0xd4, 0x61, 0xfd, 0xbc, 0x23,
+    0x9d, 0xe0, 0xb2, 0xc1, 0x75, 0x97, 0xfd, 0xf9, 0xd7, 0x3d, 0x25, 0xf5,
+    0x97, 0x72, 0x56, 0x5e, 0x38, 0xe5, 0x65, 0xfe, 0x2f, 0xbc, 0x5c, 0x9f,
+    0xac, 0xa6, 0x3c, 0xf7, 0x1c, 0xbe, 0x67, 0xce, 0x96, 0x5f, 0xfb, 0x37,
+    0x96, 0x72, 0x22, 0x91, 0xac, 0xbe, 0xe8, 0x73, 0x1a, 0xcb, 0x81, 0x2b,
+    0x2f, 0x71, 0xb4, 0xb2, 0xb0, 0xf5, 0x80, 0x49, 0xf1, 0x6b, 0xfd, 0x0c,
+    0x26, 0x1e, 0x12, 0xcb, 0xb8, 0x12, 0x53, 0xe6, 0xc1, 0x58, 0x8e, 0x3c,
+    0xca, 0x02, 0x02, 0x21, 0xe4, 0x25, 0x7e, 0x5d, 0x4e, 0xaa, 0xdb, 0xf2,
+    0x8c, 0xef, 0xbb, 0x1b, 0xc6, 0xb2, 0xee, 0x4a, 0xcb, 0xc7, 0x1c, 0xac,
+    0xbf, 0xc5, 0xf7, 0x8b, 0x93, 0xf5, 0x94, 0xc7, 0x9e, 0xe3, 0x97, 0xcc,
+    0xf9, 0xd2, 0xcb, 0xff, 0x66, 0xf2, 0xce, 0x44, 0x52, 0x35, 0x97, 0xdd,
+    0x0e, 0x63, 0x59, 0x7f, 0x44, 0x06, 0xdc, 0x78, 0x96, 0x5e, 0x60, 0x71,
+    0x65, 0xc0, 0x95, 0x97, 0xb8, 0xda, 0x59, 0x76, 0x44, 0xb2, 0xb1, 0x17,
+    0x7d, 0x12, 0x78, 0xc8, 0x03, 0x9f, 0x16, 0x0c, 0x72, 0xfe, 0xc2, 0x61,
+    0xe1, 0x2c, 0xbf, 0x61, 0x13, 0xfd, 0x65, 0xfa, 0x3f, 0xe6, 0x1d, 0x65,
+    0x40, 0xfd, 0xfc, 0x54, 0xe4, 0xb7, 0xf1, 0x38, 0xf0, 0xd0, 0x92, 0xbc,
+    0x8f, 0x01, 0x51, 0x8b, 0x62, 0x9f, 0x52, 0xb7, 0x58, 0xae, 0x22, 0x4f,
+    0x32, 0x80, 0x80, 0x88, 0x79, 0x0f, 0xaf, 0xc3, 0x3e, 0xff, 0xed, 0x4f,
+    0x7c, 0x29, 0x3e, 0x77, 0xf5, 0x97, 0xff, 0xe7, 0x1e, 0x61, 0x1a, 0x19,
+    0x49, 0x46, 0xda, 0x59, 0x79, 0xf5, 0x1a, 0xe4, 0x12, 0x5f, 0x43, 0x3b,
+    0x82, 0xe4, 0x12, 0x5e, 0xe3, 0x0d, 0x72, 0x09, 0x2e, 0x30, 0xc5, 0xc8,
+    0x24, 0xae, 0x91, 0x53, 0x11, 0x57, 0xcc, 0x0c, 0x29, 0xb9, 0xfe, 0x99,
+    0x04, 0x80, 0x87, 0x81, 0x7f, 0xff, 0xf0, 0xca, 0x47, 0xe9, 0xff, 0x27,
+    0xf2, 0x39, 0xfe, 0x1c, 0x06, 0x2c, 0xbf, 0xb3, 0xd9, 0x84, 0x6a, 0xcb,
+    0xce, 0x40, 0xda, 0xc9, 0x9a, 0x99, 0xe6, 0x9d, 0x43, 0x6c, 0xe8, 0xa5,
+    0x19, 0xef, 0x0d, 0xfe, 0xe3, 0x7e, 0xf3, 0xc2, 0x60, 0xb2, 0xfb, 0x67,
+    0x1f, 0xcb, 0x2d, 0x9b, 0x88, 0xd6, 0xf4, 0x22, 0xc0, 0x4f, 0x68, 0x2c,
+    0xbf, 0xa0, 0x28, 0xfe, 0xd1, 0xa4, 0xbe, 0xd0, 0x1b, 0xeb, 0x2f, 0x6f,
+    0x9e, 0x2c, 0xbe, 0x71, 0xfb, 0x16, 0x5e, 0x1b, 0x1d, 0x65, 0xff, 0xbd,
+    0x3f, 0x62, 0x93, 0xcf, 0x16, 0x5b, 0x71, 0x65, 0x4a, 0x33, 0x70, 0x88,
+    0xd1, 0xe7, 0x21, 0xe0, 0xe6, 0xe9, 0xe5, 0x44, 0x9a, 0xaf, 0xa1, 0xfb,
+    0x7f, 0xd2, 0x50, 0x29, 0x03, 0x9d, 0x65, 0xfd, 0xd3, 0x73, 0xf9, 0xe5,
+    0x97, 0xe6, 0xfe, 0x84, 0x75, 0x97, 0xd3, 0xe1, 0x69, 0x65, 0xef, 0x3f,
+    0xd6, 0x54, 0x67, 0xcd, 0x11, 0x47, 0x08, 0xae, 0x9f, 0x2c, 0xb4, 0xac,
+    0xf9, 0x6d, 0x7f, 0x9a, 0x02, 0x7e, 0x79, 0x96, 0x5f, 0xd9, 0xbd, 0xcf,
+    0x9e, 0x59, 0x68, 0x24, 0xbc, 0xfa, 0x8d, 0x25, 0x24, 0xa9, 0x37, 0x3d,
+    0x08, 0x9c, 0x76, 0xf4, 0x83, 0xa4, 0x81, 0x0d, 0x75, 0x1d, 0x18, 0x85,
+    0x09, 0x5b, 0xc5, 0x0f, 0x2c, 0xbd, 0xdc, 0x38, 0xb2, 0xa5, 0x35, 0x7c,
+    0x87, 0xb1, 0xc9, 0xdc, 0x72, 0xff, 0x3c, 0x78, 0x51, 0xb6, 0x96, 0x5f,
+    0xb4, 0x03, 0xb7, 0x16, 0x5f, 0xc1, 0x94, 0x39, 0xe1, 0xac, 0xc3, 0x51,
+    0x7f, 0x7f, 0x80, 0x77, 0xd2, 0xcb, 0xe9, 0xe9, 0xb8, 0xb2, 0xf8, 0x4f,
+    0xa8, 0x2c, 0xb1, 0xd6, 0x5a, 0x03, 0x36, 0x71, 0x11, 0x5f, 0xff, 0xff,
+    0xe0, 0x00, 0x5c, 0x7f, 0xfe, 0x19, 0xef, 0x3c, 0x36, 0x73, 0x9c, 0x17,
+    0x3f, 0xcc, 0x31, 0x65, 0x4a, 0x67, 0xd1, 0x96, 0xe2, 0xab, 0x94, 0x5f,
+    0xfd, 0x9d, 0xff, 0x8c, 0x52, 0x07, 0x3a, 0xcb, 0xd0, 0x9e, 0xd6, 0x5d,
+    0x83, 0x59, 0x7d, 0x91, 0x31, 0xd6, 0x54, 0x68, 0x98, 0x89, 0x0f, 0xe3,
+    0xa6, 0x0b, 0x5f, 0xa6, 0x28, 0x48, 0x12, 0x5c, 0x40, 0x59, 0x7b, 0xc2,
+    0xdc, 0x59, 0x7f, 0x7d, 0xb4, 0xd1, 0xca, 0xca, 0xc3, 0xe3, 0xe8, 0x58,
+    0x32, 0x0b, 0xff, 0xf7, 0xb1, 0xa1, 0xcd, 0xbf, 0xf6, 0x0c, 0x5f, 0xe2,
+    0xca, 0xe9, 0x31, 0x3d, 0x42, 0x2f, 0xe6, 0x17, 0xfc, 0x07, 0x2f, 0xc5,
+    0x9a, 0xc5, 0x97, 0xfe, 0xff, 0xb0, 0x62, 0xff, 0x22, 0x95, 0x96, 0x65,
+    0x97, 0xfd, 0x18, 0xa0, 0x3f, 0x09, 0xc9, 0x65, 0xfc, 0xd2, 0x78, 0xf0,
+    0xc5, 0x97, 0xec, 0x8c, 0xf8, 0x75, 0x97, 0xb8, 0xda, 0x59, 0x44, 0x78,
+    0x9f, 0x28, 0xbf, 0x89, 0xc0, 0x01, 0x71, 0x65, 0xe9, 0x38, 0x41, 0xa6,
+    0x15, 0x82, 0x1a, 0x3a, 0xe3, 0x97, 0xc8, 0x6e, 0x63, 0x78, 0x9d, 0x38,
+    0x71, 0xa5, 0x56, 0x2b, 0xa0, 0x68, 0xd4, 0xdc, 0xdc, 0xa3, 0xdf, 0xbf,
+    0xe0, 0x31, 0x7f, 0xbe, 0x3e, 0xe2, 0xcb, 0xf7, 0xb2, 0x3f, 0xf1, 0x65,
+    0x68, 0xf9, 0x7c, 0x79, 0x7d, 0xa9, 0xef, 0x8b, 0x2f, 0x64, 0x62, 0x59,
+    0x58, 0x7c, 0x4e, 0x44, 0x44, 0x77, 0xfd, 0x9f, 0xda, 0x58, 0x00, 0xfb,
+    0x59, 0x52, 0xdb, 0xa5, 0xc2, 0x95, 0xec, 0x33, 0xdc, 0x8d, 0x98, 0xd2,
+    0xae, 0xcd, 0x9a, 0x12, 0x9a, 0x47, 0xf4, 0x6e, 0xce, 0x80, 0x05, 0xb2,
+    0x8d, 0xf3, 0x93, 0x8e, 0x9f, 0x8c, 0x3b, 0x64, 0xb2, 0xff, 0xfd, 0x1e,
+    0xb5, 0x83, 0x73, 0xf9, 0xfe, 0x53, 0x12, 0xcb, 0xff, 0xff, 0xc2, 0xd0,
+    0xa2, 0x27, 0x07, 0x39, 0x86, 0xe0, 0xb4, 0xe3, 0x9f, 0x4a, 0xcb, 0xff,
+    0xec, 0xfc, 0xff, 0x9a, 0x92, 0xff, 0xb2, 0x0b, 0x2f, 0xe6, 0x0e, 0x7b,
+    0x9e, 0xd6, 0x5f, 0xc2, 0x9d, 0x69, 0xa3, 0x59, 0x7f, 0x98, 0x23, 0x7f,
+    0x59, 0x05, 0x97, 0xf7, 0x9b, 0x78, 0x81, 0x05, 0x97, 0xfb, 0x92, 0xda,
+    0xd6, 0x46, 0xb2, 0xfe, 0x84, 0x83, 0xcc, 0x62, 0xcb, 0xee, 0x70, 0x5d,
+    0xac, 0xbf, 0x0f, 0xd2, 0x42, 0x59, 0x52, 0x79, 0x6e, 0x49, 0x7f, 0xd2,
+    0x72, 0xc1, 0xb7, 0xb8, 0xb2, 0xf6, 0x30, 0x16, 0x5f, 0x74, 0x6e, 0x80,
+    0xb2, 0xf3, 0xb9, 0x2c, 0xbf, 0xa1, 0x31, 0x63, 0x01, 0x65, 0x82, 0x0d,
+    0x50, 0xe6, 0x17, 0x1a, 0x69, 0xd9, 0x84, 0x46, 0x67, 0x79, 0xf1, 0x00,
+    0x5c, 0xdc, 0x86, 0xfe, 0x4b, 0xba, 0x35, 0x70, 0x8c, 0x59, 0x7d, 0x3b,
+    0x83, 0x95, 0x97, 0xdb, 0xbe, 0x10, 0x6b, 0x2f, 0xe1, 0x07, 0xc6, 0xc2,
+    0x59, 0x76, 0x44, 0xb2, 0xe0, 0xe2, 0x59, 0x4c, 0x6c, 0x1c, 0x5e, 0xd3,
+    0x11, 0xfe, 0x71, 0x76, 0xf1, 0x86, 0x18, 0x92, 0xd2, 0x90, 0x21, 0xa0,
+    0xba, 0x11, 0xac, 0xa8, 0x1b, 0xa3, 0x91, 0x5e, 0xf4, 0x81, 0x65, 0xfd,
+    0xb1, 0xfa, 0x41, 0x3b, 0x8b, 0x2b, 0xe7, 0xa2, 0x18, 0xe5, 0xde, 0xd2,
+    0xcb, 0xde, 0xd8, 0xcc, 0x59, 0x7d, 0x16, 0x67, 0x4b, 0x2a, 0x57, 0x99,
+    0x23, 0x56, 0x83, 0xc0, 0xd3, 0xb2, 0x52, 0x59, 0xb0, 0xaa, 0xe8, 0x63,
+    0xb2, 0x48, 0xa1, 0x47, 0xa8, 0x41, 0x3b, 0x97, 0xc8, 0xf7, 0x8b, 0x98,
+    0x47, 0x7c, 0x3c, 0xcd, 0x2c, 0xbf, 0xfd, 0xf8, 0xb3, 0x5a, 0x78, 0xb3,
+    0x59, 0xf5, 0x95, 0x87, 0xd8, 0xc4, 0x37, 0xff, 0x8a, 0x1b, 0x60, 0xdf,
+    0x84, 0xea, 0x7a, 0x59, 0x7e, 0x9d, 0x6b, 0x3c, 0xb2, 0xb0, 0xfc, 0xcd,
+    0x4c, 0xbf, 0xa3, 0x8a, 0x1b, 0x1e, 0xa3, 0x59, 0x7f, 0xf8, 0x07, 0x78,
+    0x6d, 0x91, 0xc6, 0x79, 0xd2, 0xcb, 0xe6, 0x92, 0xfa, 0xcb, 0xd1, 0xb9,
+    0x2c, 0xad, 0x22, 0x27, 0xc9, 0xbf, 0x20, 0xbf, 0xf1, 0xa2, 0xe4, 0x1b,
+    0x51, 0x88, 0x0b, 0x2e, 0x2c, 0x59, 0x78, 0x3e, 0xc9, 0x65, 0xf8, 0xb3,
+    0xb0, 0x71, 0x65, 0xdd, 0x98, 0xb2, 0xfb, 0x37, 0x24, 0xeb, 0x2b, 0x0f,
+    0x95, 0xca, 0x38, 0x33, 0x46, 0xa6, 0x0e, 0xc8, 0x47, 0x15, 0xf4, 0x20,
+    0xef, 0x31, 0xe5, 0x65, 0xe6, 0x93, 0xac, 0xb9, 0xc6, 0xb2, 0xb4, 0x6c,
+    0x7e, 0x37, 0x7e, 0x8f, 0xd8, 0x07, 0x59, 0x51, 0x9e, 0x4e, 0x88, 0x6f,
+    0xbc, 0x3c, 0x25, 0x97, 0xff, 0x83, 0xf9, 0x48, 0x1f, 0xe0, 0x0c, 0xa0,
+    0xb2, 0xed, 0xe3, 0x59, 0x52, 0x7c, 0x8e, 0x97, 0x60, 0xb4, 0xb2, 0x82,
+    0x8a, 0xeb, 0xb2, 0x18, 0x0d, 0x19, 0xbe, 0x90, 0xde, 0x12, 0xbc, 0x23,
+    0xfc, 0x21, 0x77, 0x90, 0x5f, 0x06, 0x3f, 0x32, 0xcb, 0xff, 0x3f, 0xf8,
+    0x66, 0x78, 0x0f, 0xf5, 0x97, 0xe0, 0x60, 0xde, 0x0b, 0x2f, 0xb7, 0x89,
+    0xc9, 0x65, 0xf6, 0x8f, 0x3c, 0x59, 0x7f, 0xfd, 0x98, 0x53, 0x0f, 0xf9,
+    0xce, 0x59, 0xbd, 0x65, 0xf6, 0x7e, 0x7a, 0xda, 0x7e, 0x04, 0x45, 0x51,
+    0xa6, 0xac, 0x32, 0x3d, 0x1f, 0x91, 0x39, 0x90, 0x93, 0xbc, 0x18, 0xe2,
+    0x59, 0x7a, 0x0c, 0x4b, 0x2f, 0xfe, 0x63, 0x93, 0x9b, 0xcf, 0x49, 0x7d,
+    0x65, 0xfb, 0x8f, 0xe6, 0xe2, 0xcb, 0x83, 0x82, 0xcb, 0xfd, 0x26, 0x16,
+    0x00, 0x5c, 0x59, 0x46, 0x9e, 0x5e, 0x86, 0x2f, 0xff, 0xff, 0x43, 0x9e,
+    0x76, 0xf8, 0xb4, 0xfc, 0xc2, 0x98, 0x0f, 0x4d, 0xdc, 0x16, 0x5e, 0x0f,
+    0x74, 0xc5, 0x97, 0xff, 0xc0, 0xc1, 0xff, 0x8d, 0xff, 0x66, 0xf1, 0xca,
+    0xcb, 0x9b, 0xb5, 0x95, 0x1a, 0x22, 0xb4, 0x45, 0xf5, 0x1b, 0xf9, 0xdb,
+    0xf1, 0x31, 0x8b, 0x2f, 0xe1, 0xfa, 0x4c, 0x7f, 0xac, 0xbf, 0xf6, 0x11,
+    0xb9, 0xaf, 0xfd, 0xb4, 0xb2, 0xf4, 0x6d, 0xa9, 0x3e, 0xcc, 0x2e, 0xb4,
+    0xf9, 0x19, 0x85, 0x09, 0xab, 0xff, 0x03, 0x34, 0xc0, 0xc0, 0x68, 0xeb,
+    0x2f, 0xff, 0x1b, 0x3c, 0xd4, 0xf8, 0xb3, 0xf2, 0x75, 0x97, 0x08, 0x35,
+    0x97, 0xfc, 0x28, 0x67, 0x03, 0x8c, 0x44, 0xb2, 0xff, 0x16, 0x6f, 0x68,
+    0x98, 0xc5, 0x95, 0xe4, 0x44, 0x10, 0xc7, 0x0e, 0xef, 0xff, 0xe1, 0x3c,
+    0x7d, 0x0a, 0x3f, 0xe7, 0x8b, 0x3f, 0xe6, 0x59, 0x7e, 0x98, 0x88, 0x5c,
+    0x59, 0x58, 0x9c, 0x2b, 0x43, 0x47, 0xc5, 0xff, 0x5d, 0xb9, 0x89, 0x65,
+    0xfc, 0xe4, 0x0c, 0xf9, 0xab, 0x2a, 0x57, 0x74, 0xe3, 0x51, 0x80, 0xf9,
+    0xa3, 0x71, 0x21, 0xe9, 0xcb, 0xc4, 0x6f, 0x18, 0x09, 0x43, 0xf7, 0x85,
+    0x9f, 0x8f, 0x0f, 0x7a, 0x0e, 0xc8, 0xad, 0xf1, 0x7e, 0x76, 0x56, 0x5e,
+    0x92, 0xfa, 0xcb, 0xe9, 0xd3, 0xf9, 0x65, 0x0c, 0xde, 0x6f, 0x1b, 0xbb,
+    0x22, 0x59, 0x7d, 0xe1, 0x1e, 0x56, 0x52, 0xca, 0x59, 0x67, 0x39, 0x6d,
+    0xc0, 0xbb, 0x84, 0x17, 0x59, 0x7d, 0xec, 0x03, 0xac, 0xbe, 0xfb, 0x78,
+    0x4b, 0x2f, 0xec, 0xd7, 0x70, 0xfc, 0xac, 0xba, 0x77, 0x02, 0xd9, 0xe8,
+    0x06, 0x45, 0x41, 0x44, 0xee, 0x99, 0x82, 0x22, 0x37, 0x17, 0x23, 0x81,
+    0x12, 0xef, 0x1b, 0xdd, 0x71, 0xb0, 0x40, 0xa4, 0x35, 0xdd, 0xc2, 0xb1,
+    0x81, 0xec, 0x10, 0xb3, 0xd8, 0xe1, 0x51, 0xb0, 0x8b, 0x02, 0xc7, 0xe0,
+    0xb7, 0x29, 0x1b, 0x61, 0xc2, 0xdc, 0x2d, 0x1d, 0x4d, 0x2a, 0xe2, 0x39,
+    0xe4, 0x38, 0x4e, 0x01, 0x8e, 0x93, 0x73, 0x95, 0xb9, 0xe9, 0xb2, 0xb4,
+    0xfa, 0x9d, 0x2a, 0xee, 0x70, 0x21, 0xa7, 0x4e, 0xf7, 0x23, 0x19, 0x8a,
+    0x77, 0x77, 0x54, 0x81, 0x53, 0xce, 0xd6, 0x7a, 0xb4, 0xc1, 0x79, 0xdc,
+    0xe0, 0x4e, 0x1b, 0x05, 0xe3, 0x31, 0x29, 0xf6, 0xde, 0x57, 0xa1, 0x3f,
+    0xae, 0x48, 0x05, 0x3e, 0xc7, 0xbe, 0x34, 0x93, 0x21, 0x27, 0xb3, 0x2f,
+    0x40, 0x39, 0xfb, 0x4d, 0xd9, 0x50, 0xb7, 0xed, 0x87, 0xf2, 0x70, 0x2c,
+    0xbf, 0xb6, 0x3d, 0x8f, 0xe4, 0xe0, 0x59, 0x7e, 0x8c, 0xf3, 0xd8, 0x40,
+    0xa1, 0xf2, 0x6c, 0x05, 0xb4, 0xea, 0xee, 0xc5, 0x2d, 0xbe, 0xf9, 0x88,
+    0x0c, 0xb2, 0xf3, 0x9f, 0x8b, 0x2a, 0x06, 0xf3, 0x79, 0x05, 0xf8, 0xf8,
+    0xce, 0x05, 0x97, 0xdd, 0x3b, 0xf4, 0xa8, 0xa2, 0x97, 0xff, 0xe7, 0x04,
+    0xf5, 0xe6, 0xe7, 0x9b, 0xfe, 0xc2, 0x59, 0x5a, 0x44, 0x21, 0x18, 0x5f,
+    0x7f, 0x4d, 0xda, 0xcb, 0xff, 0x4f, 0xd8, 0x13, 0x0f, 0xf3, 0x62, 0x59,
+    0x7e, 0xea, 0x4a, 0x40, 0xb2, 0xfb, 0xe6, 0xb7, 0x4b, 0x29, 0xcf, 0x2f,
+    0x84, 0xf7, 0xf6, 0x00, 0x3d, 0x38, 0x16, 0x5e, 0x78, 0x04, 0x94, 0xf3,
+    0x32, 0x15, 0x4c, 0x45, 0xa2, 0x3f, 0x42, 0x3b, 0xe4, 0x37, 0xff, 0x4b,
+    0xe8, 0x84, 0xfd, 0xe7, 0x9d, 0x65, 0xff, 0xf3, 0x44, 0x53, 0xfe, 0x7f,
+    0xbe, 0x98, 0xa3, 0x59, 0x7f, 0xfd, 0x9e, 0xfb, 0x18, 0xd9, 0x06, 0xd3,
+    0x81, 0x65, 0x0d, 0x14, 0x1c, 0x52, 0xb0, 0x4c, 0x56, 0xcc, 0x78, 0xfb,
+    0xfc, 0xe5, 0xc8, 0x71, 0x5f, 0xe0, 0x99, 0xae, 0x9d, 0xfa, 0x54, 0x5d,
+    0x0b, 0xff, 0x82, 0x3c, 0x02, 0x66, 0xba, 0x77, 0xe9, 0x51, 0x25, 0xaf,
+    0xe9, 0x06, 0x1e, 0x7a, 0x59, 0x7e, 0xd7, 0x4e, 0xfd, 0x2a, 0x2f, 0x25,
+    0xcf, 0xbd, 0x65, 0x82, 0x0c, 0xfe, 0xf0, 0xb7, 0x64, 0xda, 0xa6, 0x1d,
+    0xc4, 0x71, 0xca, 0x37, 0x83, 0xa6, 0x42, 0x87, 0xa8, 0x75, 0xc5, 0x0c,
+    0x33, 0xbe, 0x7a, 0x7b, 0xf1, 0xd0, 0x4b, 0x1b, 0x80, 0xbc, 0x97, 0x9b,
+    0xf5, 0x11, 0x21, 0xef, 0x86, 0x8d, 0xff, 0xe0, 0x87, 0x78, 0x04, 0xcd,
+    0x74, 0xef, 0xd2, 0xa2, 0x59, 0x5f, 0x05, 0x0d, 0xd9, 0x0a, 0x2c, 0xb6,
+    0xc6, 0xb2, 0xdb, 0xab, 0x2d, 0xe5, 0x94, 0x14, 0x37, 0x7b, 0x00, 0xb0,
+    0x85, 0x2f, 0xf3, 0x0f, 0xd8, 0xc4, 0x6a, 0xcb, 0xef, 0x3f, 0xc4, 0xb2,
+    0xfb, 0xd3, 0xb8, 0x75, 0x97, 0xfe, 0xcf, 0x34, 0x0b, 0x30, 0x41, 0x75,
+    0x97, 0xfe, 0xc6, 0xde, 0xc4, 0x28, 0x67, 0x16, 0x5f, 0xf4, 0x8f, 0x6c,
+    0xff, 0x58, 0x35, 0x97, 0x85, 0xd3, 0xac, 0xa8, 0x26, 0x9c, 0xc6, 0x5b,
+    0x84, 0x47, 0x25, 0x24, 0x0f, 0x9f, 0x06, 0x75, 0x7f, 0x0f, 0xe2, 0x78,
+    0x71, 0x65, 0xff, 0x03, 0x6b, 0x7f, 0x93, 0xa0, 0x2c, 0xbf, 0x71, 0xcd,
+    0xf3, 0x2c, 0xba, 0x63, 0x59, 0x7f, 0xec, 0x3f, 0x1e, 0x01, 0xf2, 0x71,
+    0x65, 0x6e, 0x1e, 0xaf, 0xc5, 0xef, 0x34, 0x7f, 0x59, 0x52, 0x8f, 0xac,
+    0x3b, 0x67, 0xdf, 0x92, 0xde, 0xf1, 0x8e, 0xb2, 0xfe, 0x3c, 0x91, 0xb9,
+    0x1a, 0xcb, 0x9c, 0xeb, 0x2f, 0xfc, 0xfa, 0x84, 0xff, 0xd2, 0x20, 0xba,
+    0xca, 0xd8, 0x11, 0x47, 0x83, 0xbf, 0x2e, 0x10, 0xb5, 0xf8, 0x5f, 0x6f,
+    0x4a, 0xcb, 0xff, 0x7a, 0x7c, 0xc6, 0xff, 0x8e, 0x05, 0x97, 0xfc, 0xf0,
+    0xe0, 0xbf, 0x3f, 0xe2, 0xcb, 0xf8, 0xbf, 0xa9, 0x7e, 0x96, 0x5c, 0xfc,
+    0x59, 0x7f, 0xfe, 0x77, 0x83, 0xfb, 0x6e, 0x46, 0x2f, 0xb7, 0xa5, 0x65,
+    0x46, 0x7d, 0x91, 0x0b, 0x5c, 0x2d, 0x2c, 0xbf, 0x43, 0x8f, 0xb3, 0x8b,
+    0x2f, 0x3b, 0xf4, 0xa8, 0x8c, 0xd7, 0xfa, 0x7b, 0x84, 0xe8, 0xf0, 0x59,
+    0x7f, 0xff, 0xdc, 0xff, 0xdb, 0xdd, 0xc3, 0x84, 0x2c, 0x34, 0xd6, 0x78,
+    0x2c, 0xb6, 0x01, 0x13, 0xbf, 0x34, 0xbf, 0xff, 0xe8, 0x66, 0xd7, 0xf8,
+    0xa7, 0x68, 0xca, 0x75, 0xa6, 0xc3, 0xac, 0xa9, 0x4e, 0x03, 0xa2, 0xad,
+    0x43, 0x19, 0xca, 0x2f, 0xe6, 0x93, 0xc7, 0x86, 0x2c, 0xb8, 0xa0, 0xb2,
+    0xc7, 0x59, 0x7e, 0x6d, 0x79, 0xc2, 0x68, 0xf5, 0x4e, 0x5c, 0x18, 0xb5,
+    0xbc, 0xb2, 0xe9, 0xd2, 0xcb, 0x37, 0x46, 0x9f, 0x78, 0x8d, 0xf3, 0x69,
+    0xf4, 0xb2, 0xee, 0x6e, 0x2c, 0xb3, 0xc0, 0xdd, 0xfc, 0x86, 0xff, 0xee,
+    0x30, 0xb9, 0x84, 0x28, 0x67, 0x16, 0x5d, 0x3d, 0xac, 0xbc, 0xc5, 0xd2,
+    0xca, 0xe1, 0xb3, 0xf8, 0xbd, 0xff, 0xf0, 0x5d, 0xbf, 0xc6, 0xf9, 0x48,
+    0x9f, 0x46, 0xac, 0xa8, 0xd7, 0x5c, 0xe0, 0x4e, 0x33, 0xfc, 0x39, 0x68,
+    0x4c, 0xc4, 0x49, 0xa8, 0xe5, 0xcf, 0x09, 0x7f, 0x3a, 0x93, 0x27, 0x09,
+    0xbe, 0xec, 0x22, 0x1b, 0xfc, 0xe6, 0x79, 0xa7, 0x52, 0xb2, 0xff, 0xff,
+    0xfc, 0xe3, 0xe7, 0xb0, 0xe4, 0xd1, 0xed, 0x38, 0x89, 0xcd, 0xf1, 0x67,
+    0xf5, 0x8b, 0x2b, 0x48, 0xb6, 0x23, 0x2b, 0xff, 0xfd, 0xe6, 0xff, 0xdb,
+    0x81, 0xc7, 0x31, 0x96, 0x00, 0x5c, 0x59, 0x7e, 0xfb, 0x1e, 0x62, 0x59,
+    0x7f, 0x64, 0xed, 0x9e, 0x1d, 0x65, 0x61, 0xeb, 0x70, 0xa2, 0xff, 0x13,
+    0x99, 0xf2, 0x73, 0x56, 0x54, 0x0f, 0x53, 0xe4, 0x37, 0xda, 0xd3, 0xf1,
+    0x65, 0xfb, 0xd8, 0x4e, 0x75, 0x97, 0xdd, 0xfa, 0x78, 0xb2, 0xf4, 0x4e,
+    0x4b, 0x2f, 0x4f, 0xf8, 0xb2, 0xff, 0xd8, 0x6f, 0x27, 0x08, 0x7e, 0x95,
+    0x95, 0xc3, 0xd9, 0x10, 0xe5, 0x6d, 0x4c, 0x0a, 0x04, 0x58, 0x4d, 0x11,
+    0x1f, 0x1d, 0x6f, 0xdb, 0xa4, 0xe6, 0x0d, 0x65, 0xfe, 0x9d, 0x47, 0xac,
+    0x1e, 0x2c, 0xbf, 0xfb, 0xed, 0xa7, 0x06, 0xde, 0xe1, 0x27, 0x59, 0x7e,
+    0x29, 0x87, 0x1d, 0x65, 0x4a, 0x32, 0xe0, 0x56, 0xc6, 0x7b, 0xd1, 0xef,
+    0xfb, 0xaf, 0x49, 0xf7, 0x71, 0xe2, 0x59, 0x6f, 0x2c, 0xbf, 0xff, 0xfb,
+    0xec, 0x7d, 0x36, 0x76, 0x42, 0xfc, 0xfb, 0x6e, 0xf6, 0xfc, 0x52, 0xb2,
+    0xb1, 0x10, 0xff, 0x11, 0xbf, 0xe9, 0x3f, 0x9f, 0xee, 0x40, 0x59, 0x7e,
+    0x72, 0x0e, 0x40, 0xb2, 0xec, 0x82, 0xca, 0x94, 0xd6, 0xb2, 0x18, 0x8c,
+    0x45, 0xa3, 0x73, 0x93, 0xde, 0xfb, 0x12, 0xcb, 0xf7, 0x1b, 0xfa, 0x65,
+    0x97, 0xf4, 0x39, 0xc7, 0x28, 0x2c, 0xbd, 0x1f, 0x38, 0xb2, 0xfc, 0x5f,
+    0xe0, 0xb4, 0xb2, 0xbb, 0x45, 0xab, 0x0d, 0xb9, 0x39, 0x16, 0x88, 0x7a,
+    0xe7, 0x1a, 0xcb, 0xf4, 0x1c, 0x85, 0xd2, 0xca, 0xe8, 0xdf, 0x76, 0x2d,
+    0x73, 0xf4, 0xb2, 0xe9, 0xdc, 0x59, 0x51, 0x9b, 0x00, 0xb8, 0xbd, 0xff,
+    0xbe, 0xe4, 0x0d, 0xa1, 0xe7, 0x66, 0x2c, 0xbe, 0xff, 0xe4, 0xeb, 0x2f,
+    0xa1, 0xf6, 0x8d, 0x65, 0x62, 0x22, 0x0d, 0x43, 0x72, 0x2b, 0xe7, 0x20,
+    0xf8, 0xb2, 0xf1, 0x67, 0x4b, 0x2f, 0xf9, 0xbe, 0xc7, 0x8b, 0x8c, 0x4b,
+    0x2f, 0xff, 0xed, 0x67, 0xf9, 0xe7, 0x80, 0xa7, 0x3f, 0x3d, 0xc1, 0x65,
+    0x74, 0x89, 0x3d, 0x1c, 0x5f, 0xfa, 0x5b, 0x5f, 0xfe, 0x4e, 0x80, 0xb2,
+    0xdf, 0x93, 0xe1, 0x88, 0x92, 0xfd, 0xd3, 0x68, 0xf0, 0x59, 0x7f, 0x8f,
+    0x9a, 0x01, 0x08, 0x0b, 0x2d, 0x05, 0x95, 0x04, 0xf1, 0xf0, 0x89, 0xa3,
+    0x10, 0xf1, 0x43, 0x94, 0x86, 0x67, 0x7e, 0x04, 0xfe, 0x46, 0xb2, 0xa5,
+    0x5b, 0xd6, 0x29, 0xb4, 0x2b, 0x9e, 0x3f, 0x61, 0x2e, 0x5f, 0xef, 0x93,
+    0xed, 0xeb, 0xac, 0x59, 0x7f, 0xfc, 0x2f, 0xf3, 0xb8, 0x49, 0x03, 0x9b,
+    0x44, 0x4b, 0x2f, 0x4f, 0xe5, 0x65, 0x0c, 0xfb, 0xb7, 0xa9, 0xdf, 0x1c,
+    0x5f, 0x12, 0xcb, 0xde, 0xc2, 0x59, 0x5d, 0xa6, 0x0c, 0xd0, 0xa4, 0xf1,
+    0x20, 0x88, 0xee, 0xf4, 0x4b, 0x2f, 0xb2, 0x2c, 0x89, 0x65, 0xfb, 0x42,
+    0xfe, 0x46, 0xb2, 0xfb, 0x34, 0x39, 0x59, 0x6e, 0x6d, 0x3e, 0xd9, 0x23,
+    0x22, 0x9b, 0x79, 0x65, 0x76, 0x78, 0xce, 0x6b, 0x7d, 0x30, 0xc2, 0x59,
+    0x4c, 0x98, 0x6b, 0xc3, 0x2c, 0x04, 0x57, 0xb3, 0x3a, 0x59, 0x7f, 0xdf,
+    0xe6, 0x68, 0x04, 0x20, 0x2c, 0xbf, 0xfa, 0x7f, 0xcf, 0x4b, 0x7f, 0x93,
+    0x1a, 0xcb, 0xf6, 0x6a, 0x62, 0xe2, 0xca, 0xd1, 0xf6, 0x79, 0x12, 0xfb,
+    0xef, 0xe9, 0x59, 0x7d, 0xff, 0x0b, 0x65, 0x65, 0xfe, 0xc9, 0xd3, 0xc1,
+    0xbc, 0xb2, 0xff, 0x31, 0x9c, 0x9f, 0x3e, 0xe2, 0xca, 0xd1, 0xf3, 0xfc,
+    0xc6, 0xfd, 0xff, 0x77, 0x9b, 0xab, 0x28, 0x69, 0x8f, 0x76, 0x44, 0xc4,
+    0x27, 0x84, 0x6f, 0x88, 0xaf, 0xdc, 0x73, 0x7c, 0xcb, 0x2f, 0xfb, 0x70,
+    0x7e, 0x17, 0x3b, 0x83, 0xac, 0xb9, 0xbd, 0x87, 0xcc, 0x22, 0x8a, 0x95,
+    0x54, 0xb9, 0x1e, 0x1b, 0xc2, 0xda, 0xff, 0x34, 0x26, 0x12, 0x78, 0x2c,
+    0xbc, 0x1e, 0x6c, 0x6b, 0x2f, 0xff, 0x4e, 0xa4, 0x1e, 0x69, 0xd0, 0x0f,
+    0x05, 0x97, 0xff, 0x84, 0x03, 0xb1, 0x60, 0x0b, 0x1e, 0x25, 0x97, 0xf9,
+    0xbc, 0xd2, 0x51, 0x09, 0x65, 0xe9, 0xf0, 0x55, 0x65, 0xfb, 0x30, 0xbb,
+    0xfa, 0xcb, 0xfe, 0x16, 0x9f, 0x9b, 0x7f, 0x19, 0x8b, 0x2c, 0xda, 0x3e,
+    0x5f, 0x93, 0xd4, 0xa3, 0x79, 0x8c, 0x9e, 0x10, 0xb7, 0xfd, 0x07, 0x20,
+    0x6d, 0x33, 0x3c, 0xb2, 0xff, 0x87, 0xac, 0x17, 0xa4, 0xf8, 0xb2, 0xb0,
+    0xfc, 0xc4, 0x77, 0x7f, 0xfd, 0x9b, 0xf3, 0x68, 0x7f, 0x6d, 0x34, 0x6e,
+    0x75, 0x97, 0xff, 0xfd, 0x80, 0xd9, 0xcd, 0xa5, 0x91, 0x87, 0x0d, 0xbc,
+    0xe3, 0x19, 0xc5, 0x95, 0xe4, 0x62, 0x12, 0xa5, 0x4a, 0xb6, 0xfc, 0x32,
+    0x62, 0x2d, 0x24, 0xfa, 0x32, 0x6e, 0x42, 0x97, 0xf0, 0xe5, 0xbf, 0xfe,
+    0x2d, 0x4f, 0x9d, 0xbf, 0x3e, 0x2e, 0xd9, 0x65, 0xff, 0xbd, 0x3a, 0x06,
+    0xb5, 0x27, 0xe2, 0xcb, 0xf3, 0xf0, 0x9a, 0x56, 0x5f, 0xfc, 0xda, 0x1f,
+    0x85, 0xac, 0xeb, 0xd8, 0xb2, 0xfc, 0xda, 0x7d, 0xd6, 0x59, 0x50, 0x3e,
+    0xee, 0x91, 0x6f, 0xe8, 0xde, 0x32, 0x17, 0xd6, 0x5f, 0x7c, 0x4f, 0xf5,
+    0x97, 0x84, 0xff, 0x59, 0x5b, 0x4d, 0xf7, 0xc8, 0xaf, 0x6f, 0xcd, 0x2c,
+    0xa9, 0x3c, 0x1c, 0x23, 0xbf, 0x9c, 0x13, 0xbf, 0x09, 0x65, 0x4a, 0xa3,
+    0xdc, 0x4d, 0x34, 0xff, 0xb8, 0x49, 0xb1, 0x19, 0x42, 0xbb, 0x84, 0x17,
+    0xdc, 0x6f, 0xb2, 0xcb, 0x84, 0x35, 0x95, 0xb1, 0x9b, 0x81, 0x10, 0xdf,
+    0xd1, 0x37, 0xb5, 0x87, 0x59, 0x7c, 0x1f, 0x27, 0x16, 0x5c, 0xc6, 0x2c,
+    0xbb, 0x77, 0x16, 0x53, 0xa2, 0x00, 0x05, 0xdc, 0x22, 0xf8, 0xbd, 0xfd,
+    0xc9, 0xff, 0x3c, 0xcb, 0x2f, 0xc5, 0x87, 0xd6, 0x2c, 0xbe, 0x8e, 0x0e,
+    0x35, 0x97, 0xda, 0xdf, 0x83, 0x59, 0x58, 0x89, 0xa3, 0x96, 0xb9, 0x30,
+    0x88, 0xef, 0xde, 0x9d, 0x1e, 0x0b, 0x2f, 0x0f, 0x3e, 0xb2, 0xff, 0x61,
+    0x6d, 0xf4, 0xe6, 0xe2, 0xcb, 0xff, 0x37, 0xf9, 0x83, 0x88, 0xa4, 0x6b,
+    0x2f, 0x80, 0xdd, 0xc1, 0x65, 0xfe, 0x92, 0xfb, 0x46, 0x52, 0xb2, 0xff,
+    0xf3, 0x69, 0xa3, 0x92, 0xcf, 0x68, 0x5b, 0xd6, 0x54, 0x13, 0x57, 0x19,
+    0x41, 0xc7, 0x3c, 0x6c, 0x03, 0xe2, 0x23, 0xf9, 0x8d, 0xff, 0xe9, 0x2e,
+    0x9f, 0xee, 0x68, 0x71, 0xcc, 0x6b, 0x2f, 0xfc, 0xc3, 0x17, 0xf8, 0xff,
+    0x73, 0x56, 0x5f, 0xd8, 0x67, 0x70, 0xe6, 0xd3, 0x51, 0x18, 0xe9, 0xb7,
+    0xff, 0xf6, 0x16, 0x1b, 0xe7, 0x8b, 0xce, 0x6e, 0x6b, 0x3e, 0xb2, 0xff,
+    0xe0, 0xe7, 0xb0, 0xc8, 0xb1, 0xbb, 0xfa, 0xca, 0x64, 0x75, 0xf9, 0x29,
+    0xd6, 0xe8, 0x28, 0xe9, 0xd0, 0x76, 0x06, 0xa9, 0x8e, 0x16, 0x36, 0x78,
+    0x46, 0x50, 0x38, 0x6e, 0xe4, 0xed, 0xa1, 0xb1, 0xbd, 0x74, 0x45, 0xdc,
+    0x61, 0xad, 0x19, 0x24, 0x51, 0x8c, 0x6a, 0x39, 0x73, 0xc6, 0x05, 0xe9,
+    0xc0, 0x07, 0x8d, 0x64, 0x11, 0xa8, 0x05, 0xcd, 0x0a, 0x56, 0x0f, 0x25,
+    0xd4, 0xfe, 0x55, 0x80, 0xa1, 0x4d, 0xbe, 0x14, 0xdb, 0x30, 0xd6, 0x0e,
+    0x39, 0x2d, 0xd8, 0xf6, 0xef, 0xfb, 0xf2, 0x3d, 0x6a, 0x4f, 0xc5, 0x97,
+    0x1b, 0xd2, 0xcb, 0xf8, 0xf0, 0x99, 0xe3, 0x2c, 0xb9, 0xc0, 0xb2, 0xa4,
+    0xf0, 0x9c, 0xb2, 0xf8, 0x6e, 0xfd, 0xac, 0xbf, 0x9b, 0xb6, 0xea, 0x43,
+    0x59, 0x4e, 0x7a, 0x24, 0x45, 0x79, 0x83, 0x3a, 0xcb, 0xf8, 0xb3, 0xdd,
+    0xbe, 0xe2, 0xcb, 0xdd, 0x3e, 0xf5, 0x97, 0xfc, 0x78, 0xa0, 0xfa, 0x8f,
+    0xc2, 0x59, 0x77, 0xc2, 0x4a, 0x79, 0xa7, 0x39, 0xf2, 0xdb, 0xb8, 0x80,
+    0x83, 0x83, 0xbf, 0x30, 0x0c, 0x7e, 0xff, 0xff, 0xe1, 0x77, 0x00, 0x8e,
+    0x5f, 0xc3, 0xf0, 0x7e, 0x9d, 0x0d, 0xdc, 0xc5, 0x97, 0xff, 0x49, 0x81,
+    0x30, 0xa4, 0xcd, 0x49, 0xd6, 0x50, 0x45, 0xcf, 0xfc, 0x97, 0x8a, 0x4f,
+    0xff, 0x75, 0xbf, 0xfc, 0x10, 0xef, 0x00, 0x99, 0xae, 0x9d, 0xfa, 0x54,
+    0x4d, 0x2b, 0xff, 0xc1, 0x0e, 0xf0, 0x09, 0x9a, 0xe9, 0xdf, 0xa5, 0x44,
+    0xe2, 0xbc, 0x02, 0x95, 0x97, 0xe8, 0x31, 0x01, 0x96, 0x5f, 0xa1, 0x9f,
+    0x84, 0x16, 0x5f, 0xed, 0xf3, 0xed, 0xa5, 0x30, 0x59, 0x7f, 0xe7, 0x80,
+    0x4c, 0xd7, 0x4e, 0xfd, 0x2a, 0x28, 0x15, 0xff, 0xe6, 0x93, 0xb8, 0xf5,
+    0x3f, 0xf6, 0x0d, 0x65, 0xf7, 0x0b, 0xb8, 0x2c, 0xb0, 0x49, 0x4d, 0x63,
+    0x06, 0xfb, 0x26, 0x62, 0x83, 0x9b, 0x79, 0x3b, 0xe9, 0x17, 0x05, 0x36,
+    0x35, 0x97, 0xdd, 0x3b, 0xf4, 0xa8, 0xb8, 0x17, 0xf8, 0x7e, 0x9d, 0x9c,
+    0xd4, 0xac, 0xad, 0x1f, 0x29, 0x18, 0x5d, 0xdf, 0x16, 0x5f, 0x1b, 0xd3,
+    0x8d, 0x65, 0xd2, 0x1a, 0xcb, 0xf8, 0xb3, 0xfd, 0x37, 0x16, 0x5d, 0x2c,
+    0xb2, 0xfb, 0xc2, 0x78, 0x2c, 0xbf, 0xc5, 0x09, 0x61, 0xe1, 0xd6, 0x56,
+    0xc6, 0x9c, 0x76, 0x42, 0x17, 0xb2, 0x16, 0x18, 0xd1, 0x21, 0xc5, 0xfc,
+    0x5b, 0xf1, 0x51, 0x11, 0x5f, 0xa0, 0x10, 0xd0, 0xa9, 0xab, 0x28, 0x22,
+    0x2e, 0x66, 0x11, 0x17, 0xfb, 0x62, 0x0a, 0x05, 0x60, 0x08, 0x32, 0xcb,
+    0xf8, 0xf3, 0xf1, 0x44, 0xeb, 0x2f, 0x77, 0x0e, 0x2c, 0xa5, 0x96, 0x77,
+    0x35, 0x20, 0x1e, 0xbf, 0x45, 0x09, 0x28, 0x2c, 0xa5, 0x95, 0x86, 0xcc,
+    0x8a, 0x2f, 0xe8, 0x61, 0xa5, 0x80, 0x59, 0x78, 0x18, 0x62, 0xcb, 0xe2,
+    0x9c, 0xf2, 0xca, 0x93, 0x7b, 0x18, 0xed, 0xcc, 0x10, 0x2c, 0x4e, 0x6a,
+    0x50, 0x74, 0xae, 0x4b, 0x1f, 0x1f, 0x0d, 0xaa, 0xf7, 0x9b, 0xa5, 0x97,
+    0xfd, 0x9f, 0xef, 0xa6, 0xe7, 0x99, 0x65, 0x6e, 0x1e, 0xb9, 0x0e, 0xdf,
+    0xb5, 0xd3, 0xbf, 0x4a, 0x89, 0x25, 0x74, 0x02, 0x49, 0xed, 0x61, 0x25,
+    0x82, 0x79, 0x34, 0x87, 0x8c, 0x6a, 0xfd, 0x86, 0x00, 0x5c, 0x59, 0x71,
+    0x80, 0x59, 0x7f, 0xee, 0xbd, 0x3a, 0xcf, 0x94, 0x9d, 0x65, 0xfe, 0x7f,
+    0x96, 0x46, 0xe4, 0xb2, 0xfd, 0x31, 0x14, 0x8d, 0x65, 0xc6, 0x98, 0xb2,
+    0xf1, 0x77, 0x2b, 0x2f, 0xe8, 0x3e, 0xa3, 0x1c, 0xac, 0xbf, 0xb0, 0x9f,
+    0xb8, 0x71, 0x65, 0xff, 0xf8, 0x44, 0xe6, 0xfc, 0xd9, 0x28, 0x67, 0x98,
+    0xeb, 0x2f, 0x69, 0xfb, 0x59, 0x79, 0xb5, 0x05, 0x97, 0xff, 0xec, 0xea,
+    0x7d, 0x27, 0xeb, 0xcd, 0xfc, 0xc3, 0xac, 0xbf, 0x1f, 0x58, 0x3f, 0xac,
+    0xbf, 0xd3, 0xd8, 0x7f, 0x29, 0x02, 0xca, 0x93, 0xdc, 0x11, 0x45, 0xfb,
+    0x77, 0xd2, 0x46, 0xac, 0xb0, 0xd6, 0x5f, 0xd1, 0x96, 0x6f, 0x14, 0xac,
+    0xa8, 0xcf, 0x01, 0xc4, 0x6e, 0x70, 0x91, 0xab, 0x54, 0x19, 0x4e, 0x0c,
+    0x1a, 0x7d, 0xd1, 0x8f, 0x64, 0xec, 0x33, 0x10, 0xe6, 0x8b, 0x8e, 0x5a,
+    0xea, 0xa0, 0x1d, 0x21, 0xce, 0x42, 0xc7, 0xe4, 0x3b, 0x2d, 0x75, 0x1b,
+    0xb9, 0x26, 0x85, 0xac, 0x9c, 0xe9, 0x1e, 0x25, 0xc0, 0x47, 0x69, 0xc9,
+    0x56, 0x5f, 0x96, 0x17, 0xbe, 0x5c, 0x2d, 0xfb, 0x5f, 0x21, 0x7d, 0x65,
+    0xff, 0x8d, 0x70, 0x99, 0xae, 0x9d, 0xfa, 0x54, 0x5a, 0x8b, 0xee, 0x4f,
+    0xf8, 0xb2, 0xff, 0xcf, 0x00, 0x99, 0xae, 0x9d, 0xfa, 0x54, 0x4a, 0xab,
+    0x98, 0xc5, 0x94, 0xb2, 0xb1, 0x30, 0x93, 0x4a, 0x3b, 0x4f, 0x39, 0x17,
+    0xd3, 0xb7, 0x45, 0xef, 0xff, 0xff, 0xff, 0xc0, 0xdb, 0xb7, 0xdb, 0x21,
+    0x37, 0x85, 0x82, 0x8e, 0x37, 0xdc, 0xdc, 0xc9, 0x87, 0x82, 0xfd, 0xb4,
+    0xc8, 0x53, 0x61, 0xed, 0xdb, 0xed, 0x95, 0x94, 0x11, 0x33, 0xdd, 0x89,
+    0x72, 0xfe, 0xcd, 0x74, 0xef, 0xd2, 0xa2, 0x29, 0x5f, 0xf9, 0xdc, 0xf9,
+    0xa0, 0x10, 0x80, 0xb2, 0xff, 0xd3, 0xfe, 0x66, 0x80, 0x42, 0x02, 0xcb,
+    0xe6, 0xe4, 0xba, 0xcb, 0xfc, 0x4e, 0x0e, 0x7f, 0x3a, 0x59, 0x7e, 0xc1,
+    0xc7, 0x86, 0x2c, 0xb8, 0xe1, 0x3c, 0x8f, 0x72, 0x3d, 0xe1, 0xf7, 0xc8,
+    0x37, 0x99, 0xd0, 0x44, 0xe2, 0xde, 0x33, 0x2b, 0xf6, 0xba, 0x77, 0xe9,
+    0x51, 0x1a, 0x2f, 0xe2, 0x61, 0xe9, 0xa3, 0x59, 0x60, 0x98, 0x7c, 0x6c,
+    0x6d, 0x78, 0x2d, 0x6c, 0x85, 0x16, 0x5f, 0x6c, 0x5b, 0x08, 0x2d, 0x05,
+    0xa5, 0x97, 0xcd, 0xe6, 0x3a, 0xcb, 0x85, 0xe5, 0x97, 0xcd, 0xa9, 0x89,
+    0x65, 0xff, 0x87, 0x87, 0x6d, 0x67, 0x22, 0x95, 0x97, 0xfb, 0xff, 0x67,
+    0xdf, 0x3f, 0x59, 0x7f, 0xff, 0x85, 0xcf, 0x60, 0xc3, 0x0f, 0x8c, 0x1f,
+    0xdb, 0x91, 0x06, 0xb2, 0xa5, 0x13, 0x6e, 0x69, 0x7f, 0xfa, 0x26, 0x6f,
+    0x45, 0x9f, 0x9f, 0xc8, 0xd6, 0x5e, 0x67, 0x31, 0x25, 0xff, 0x4f, 0xa6,
+    0x3d, 0x4e, 0x0d, 0x65, 0xff, 0xa6, 0x77, 0xc9, 0x4c, 0x53, 0x12, 0xcb,
+    0xf4, 0x5c, 0x7c, 0xfa, 0xcb, 0xfd, 0xad, 0x4f, 0x7c, 0xf0, 0xd6, 0x5b,
+    0xd2, 0x7b, 0xac, 0x51, 0x7f, 0xfd, 0x3e, 0x98, 0xb8, 0x2f, 0x88, 0x51,
+    0x4e, 0xf5, 0x95, 0x2a, 0xb4, 0x18, 0x8b, 0x72, 0x1b, 0x31, 0x10, 0x9d,
+    0x2b, 0xc3, 0x84, 0x71, 0xf8, 0x4e, 0x6f, 0x26, 0xbf, 0x9b, 0x91, 0x66,
+    0xa5, 0x65, 0xf7, 0x4e, 0xfd, 0x2a, 0x29, 0xf5, 0xff, 0xe6, 0xd7, 0x9f,
+    0xfc, 0x7e, 0xdc, 0x80, 0xb2, 0xef, 0xca, 0xca, 0xd2, 0x23, 0xfc, 0x61,
+    0xf4, 0x9b, 0xe3, 0x3a, 0x88, 0x2a, 0xb2, 0xff, 0xfb, 0xcd, 0xfe, 0x66,
+    0xff, 0x36, 0xce, 0x68, 0xd5, 0x97, 0xf9, 0xbe, 0xdf, 0xf0, 0xbe, 0xb2,
+    0xfa, 0x4f, 0xa7, 0x59, 0x7f, 0xa7, 0xfe, 0x78, 0xb6, 0xe2, 0xcb, 0x9b,
+    0xb5, 0x97, 0xff, 0x4c, 0xea, 0x78, 0xda, 0xd3, 0x71, 0x65, 0x44, 0x88,
+    0xed, 0x1a, 0xfc, 0x5e, 0xb4, 0x98, 0x99, 0x19, 0xfe, 0x15, 0xf7, 0xfc,
+    0xf0, 0x61, 0xfa, 0x61, 0xc5, 0x97, 0xe1, 0x7f, 0xf3, 0xbd, 0x65, 0xff,
+    0xd3, 0x14, 0x4c, 0x09, 0x8a, 0x2c, 0x02, 0xcb, 0xde, 0x69, 0xd1, 0xf8,
+    0x91, 0x55, 0xde, 0x12, 0xca, 0xc3, 0xc8, 0x11, 0x8d, 0xfb, 0x3c, 0xc5,
+    0xf5, 0x97, 0xff, 0x1c, 0x85, 0xe6, 0xd6, 0x72, 0x29, 0x59, 0x7f, 0xff,
+    0xfe, 0x9f, 0xb1, 0x3f, 0x39, 0x9f, 0xf3, 0x9f, 0xd8, 0x53, 0x3c, 0x71,
+    0x6f, 0x59, 0x7c, 0xf1, 0x37, 0x96, 0x5f, 0xfe, 0xd6, 0x34, 0x5c, 0x14,
+    0xf6, 0x53, 0xf5, 0x97, 0xed, 0xe2, 0xdc, 0x90, 0x2c, 0xa8, 0x27, 0x06,
+    0xc4, 0xda, 0x44, 0x3c, 0x20, 0x3e, 0x44, 0x24, 0xab, 0xee, 0xfe, 0x2d,
+    0x2c, 0xbf, 0xf7, 0xf4, 0x28, 0xb9, 0xd3, 0xc5, 0xc5, 0x95, 0x87, 0xce,
+    0x22, 0x4b, 0x80, 0x1a, 0xcb, 0xf8, 0xa7, 0xe5, 0x3f, 0x59, 0x50, 0x3c,
+    0x37, 0x18, 0xbd, 0x13, 0x71, 0x65, 0xf3, 0x4e, 0xb1, 0x65, 0xfa, 0x7f,
+    0xde, 0x7e, 0x4d, 0xef, 0x87, 0x6f, 0xfd, 0x10, 0x8a, 0x3e, 0x74, 0xf1,
+    0x71, 0x65, 0x4a, 0x20, 0x30, 0xf6, 0xe7, 0xe2, 0xcb, 0xf0, 0xa2, 0x89,
+    0xcd, 0x59, 0x7f, 0xdf, 0x9e, 0xde, 0x2d, 0x4e, 0xf5, 0x95, 0xb8, 0x7f,
+    0xbc, 0x16, 0xf9, 0x5d, 0x2c, 0xbd, 0xe6, 0xd2, 0xca, 0xd8, 0xcd, 0x38,
+    0x82, 0xed, 0x8b, 0x2c, 0x10, 0x28, 0xcc, 0x73, 0xd8, 0x8a, 0x82, 0xa7,
+    0x5b, 0x01, 0x0c, 0xca, 0xe7, 0x8e, 0x11, 0xb9, 0x0b, 0xc3, 0x4c, 0x3a,
+    0x2a, 0x68, 0xda, 0x0e, 0x6b, 0xe8, 0x78, 0xbc, 0x74, 0x85, 0x0c, 0x3e,
+    0x32, 0x7e, 0x1b, 0xc2, 0x84, 0xf6, 0xca, 0xce, 0xe9, 0x35, 0xff, 0xe0,
+    0x87, 0x78, 0x04, 0xcd, 0x74, 0xef, 0xd2, 0xa2, 0x6a, 0x5f, 0xd9, 0xae,
+    0x9d, 0xfa, 0x54, 0x57, 0x6b, 0xff, 0xd9, 0xba, 0xdf, 0x68, 0x6d, 0x29,
+    0xff, 0x16, 0x5f, 0xfd, 0x27, 0x0f, 0xec, 0x42, 0x86, 0x71, 0x65, 0xe3,
+    0xcf, 0x96, 0x52, 0xcb, 0x8c, 0x09, 0xe4, 0x5c, 0x01, 0x34, 0x48, 0x86,
+    0x0e, 0x50, 0x44, 0xd0, 0x1a, 0x1e, 0x77, 0x01, 0x96, 0x58, 0x6b, 0x2e,
+    0x93, 0xac, 0xaf, 0x1a, 0x7e, 0x08, 0xdb, 0x65, 0x65, 0x89, 0x65, 0x46,
+    0x69, 0x0e, 0x29, 0x74, 0x72, 0xb2, 0xfb, 0xa7, 0x7e, 0x95, 0x15, 0xf2,
+    0xf1, 0x86, 0x18, 0x92, 0xc4, 0x90, 0x21, 0xa0, 0xad, 0x1f, 0x91, 0xd4,
+    0x2f, 0xf7, 0xb0, 0xd7, 0x9e, 0xf7, 0x56, 0x5e, 0x84, 0xf6, 0xb2, 0xfb,
+    0x3f, 0xe6, 0x59, 0x70, 0xb8, 0xb2, 0xec, 0xf2, 0xca, 0x19, 0xad, 0x88,
+    0x5e, 0xe7, 0xde, 0xb2, 0xff, 0x18, 0xff, 0xe4, 0xe4, 0x6b, 0x2f, 0x72,
+    0x40, 0xb2, 0xbc, 0x7a, 0x1f, 0x34, 0xb4, 0xac, 0xbe, 0x27, 0xef, 0x8b,
+    0x2b, 0x0f, 0x53, 0x84, 0x5f, 0x10, 0xbc, 0x66, 0x69, 0x65, 0xbe, 0xb2,
+    0xff, 0x9b, 0x59, 0x1b, 0x43, 0x06, 0xb2, 0xff, 0x68, 0x1f, 0xe3, 0x83,
+    0x16, 0x53, 0x22, 0x67, 0x43, 0xae, 0x22, 0x23, 0x8b, 0xde, 0x20, 0x2c,
+    0xbe, 0xdd, 0xf0, 0x83, 0x59, 0x7a, 0x2c, 0x89, 0x65, 0x99, 0x65, 0x76,
+    0x7a, 0xb1, 0x13, 0x9c, 0x7a, 0xda, 0x59, 0x4b, 0x29, 0x8b, 0xcd, 0x08,
+    0xd2, 0xcb, 0x32, 0xcb, 0x46, 0x69, 0x77, 0xe0, 0xbb, 0x6f, 0x59, 0x5e,
+    0x3f, 0x57, 0x3a, 0x11, 0x45, 0xf6, 0x14, 0xc1, 0x65, 0x82, 0x05, 0x8b,
+    0xaa, 0x52, 0x7b, 0x1a, 0x2c, 0x08, 0xb2, 0x11, 0x3d, 0x11, 0x44, 0x6f,
+    0xa1, 0xd7, 0x4e, 0x01, 0x11, 0x42, 0xf3, 0x90, 0xc7, 0xf9, 0xd8, 0x9c,
+    0x76, 0x61, 0x84, 0x19, 0x75, 0xff, 0xe0, 0x87, 0x78, 0x04, 0xcd, 0x74,
+    0xef, 0xd2, 0xa2, 0x7b, 0x58, 0x2e, 0xb2, 0xff, 0x86, 0xfd, 0x4f, 0x42,
+    0x21, 0xac, 0xbf, 0xfe, 0x68, 0x73, 0x73, 0xc2, 0xeb, 0x23, 0xda, 0x3d,
+    0x2c, 0xbe, 0x9d, 0xd7, 0xed, 0x65, 0xe6, 0x20, 0x2c, 0xa8, 0xd1, 0xa5,
+    0x03, 0xaf, 0x2c, 0x6f, 0x25, 0xbf, 0xf8, 0x5a, 0x8b, 0x4d, 0x1b, 0x9d,
+    0xb8, 0xb2, 0xfc, 0xc3, 0x9d, 0x71, 0x65, 0xfb, 0x5d, 0x3b, 0xf4, 0xa8,
+    0xb8, 0x57, 0xc7, 0x17, 0xf8, 0xb2, 0xff, 0x79, 0xa0, 0x20, 0x4c, 0x4b,
+    0x2f, 0xfc, 0xdb, 0xde, 0x2e, 0x36, 0xa4, 0xeb, 0x2f, 0xe9, 0x6d, 0x69,
+    0x8c, 0x59, 0x7c, 0x3f, 0x64, 0x4b, 0x2c, 0x10, 0x2a, 0xaa, 0xc6, 0x61,
+    0xcf, 0x1a, 0x04, 0x11, 0xb0, 0x9c, 0xd3, 0x66, 0x23, 0x88, 0xd0, 0xe8,
+    0x02, 0x2d, 0xbf, 0xf8, 0x23, 0xc0, 0x26, 0x6b, 0xa7, 0x7e, 0x95, 0x12,
+    0x7a, 0xff, 0xcd, 0x10, 0x49, 0x14, 0xfe, 0x40, 0xb2, 0xff, 0x1a, 0x12,
+    0x2f, 0x49, 0x1a, 0xb2, 0xa5, 0xbc, 0xc3, 0x8e, 0x3b, 0x68, 0x42, 0x38,
+    0xda, 0x64, 0xdf, 0x51, 0xa9, 0xc5, 0x1c, 0xe6, 0xa7, 0x5f, 0x3d, 0x18,
+    0x07, 0x25, 0x86, 0xef, 0x84, 0xf1, 0x8a, 0xc1, 0xa0, 0x5f, 0xe0, 0x99,
+    0xae, 0x9d, 0xfa, 0x54, 0x45, 0x4b, 0xf6, 0xba, 0x77, 0xe9, 0x51, 0x4c,
+    0xaf, 0xe6, 0xf6, 0x3f, 0x60, 0x59, 0x60, 0x98, 0x7c, 0x7b, 0x26, 0xd7,
+    0xff, 0x82, 0x1d, 0xe0, 0x13, 0x35, 0xd3, 0xbf, 0x4a, 0x89, 0x9d, 0x7f,
+    0xf8, 0x21, 0xde, 0x01, 0x33, 0x5d, 0x3b, 0xf4, 0xa8, 0xa3, 0x55, 0x1a,
+    0x71, 0x43, 0x85, 0x31, 0xa5, 0x9f, 0x5c, 0xbf, 0xf3, 0xc0, 0x26, 0x6b,
+    0xa7, 0x7e, 0x95, 0x11, 0xd2, 0xfe, 0x2c, 0xff, 0x24, 0xeb, 0x2f, 0x4f,
+    0xf8, 0xb2, 0xf6, 0xa3, 0x09, 0xc3, 0xc8, 0x0c, 0xb2, 0xff, 0xff, 0x6a,
+    0x01, 0x30, 0x85, 0xf1, 0x1b, 0xfe, 0xfa, 0x6d, 0x71, 0x65, 0x04, 0x4c,
+    0xd6, 0x61, 0x2c, 0xc7, 0x17, 0x0b, 0xcb, 0x2f, 0xdb, 0x18, 0x57, 0x5c,
+    0xe2, 0xcb, 0xee, 0xba, 0x17, 0x4b, 0x2f, 0xb8, 0x23, 0xb2, 0xcb, 0x8c,
+    0xf2, 0xca, 0x63, 0x74, 0x61, 0x15, 0xfb, 0x08, 0x79, 0x1a, 0xcb, 0xfe,
+    0x6d, 0x70, 0xb0, 0x7e, 0x95, 0x97, 0xfa, 0x67, 0xac, 0xd6, 0xb1, 0x65,
+    0x32, 0x24, 0x3c, 0x4e, 0x46, 0xf7, 0xec, 0xd7, 0x42, 0x35, 0x65, 0xff,
+    0x75, 0x27, 0xc6, 0x3c, 0xee, 0x2c, 0xbe, 0x6d, 0x3b, 0x2c, 0xbf, 0xf1,
+    0x61, 0xaf, 0x17, 0x3d, 0x23, 0x59, 0x7a, 0x27, 0xfa, 0xcb, 0xee, 0x9d,
+    0xfa, 0x54, 0x53, 0x4b, 0xc6, 0x3f, 0x96, 0x5f, 0xd3, 0xd6, 0x75, 0xe1,
+    0x2c, 0xb6, 0x76, 0x79, 0x87, 0x1d, 0xbf, 0xfb, 0x98, 0x43, 0x9d, 0xa1,
+    0x66, 0xf0, 0x32, 0xcb, 0xfc, 0xda, 0xc8, 0xa4, 0x41, 0x75, 0x94, 0x35,
+    0x41, 0x18, 0x54, 0x69, 0xdb, 0x10, 0x44, 0x7f, 0xa1, 0xd2, 0x7c, 0xe1,
+    0x46, 0xf4, 0xcb, 0xed, 0x38, 0xd9, 0x65, 0xff, 0xee, 0x9f, 0x5c, 0xf3,
+    0xb7, 0x39, 0x9c, 0x59, 0x7f, 0xff, 0xd8, 0x5f, 0xe3, 0x75, 0x85, 0xce,
+    0xbc, 0xde, 0xe8, 0x38, 0xd6, 0x5f, 0xf7, 0x1f, 0xbc, 0x8a, 0x7d, 0xc5,
+    0x96, 0x6f, 0x23, 0xb8, 0x92, 0xbe, 0xd5, 0x7f, 0xb5, 0x1f, 0x35, 0xa9,
+    0x31, 0x65, 0xfd, 0x91, 0xe7, 0x58, 0x35, 0x95, 0xe4, 0x4c, 0x39, 0xa1,
+    0x1b, 0x5f, 0xfb, 0xcc, 0x51, 0xf0, 0x53, 0xa8, 0x96, 0x5f, 0xff, 0xb2,
+    0x39, 0xe3, 0x6b, 0x36, 0xe3, 0x14, 0x9d, 0x65, 0x41, 0x12, 0x9f, 0x40,
+    0xbd, 0x03, 0xc1, 0x65, 0xf7, 0xf8, 0xe0, 0x59, 0x78, 0x1f, 0x65, 0x97,
+    0xfb, 0x9d, 0x36, 0xb4, 0xd1, 0xac, 0xa9, 0x3f, 0x37, 0x22, 0xe0, 0xe5,
+    0xff, 0xfd, 0x18, 0xb5, 0x17, 0x23, 0x98, 0xb9, 0xec, 0x1b, 0x6f, 0x59,
+    0x7f, 0xff, 0xbc, 0xe6, 0x96, 0x43, 0xd3, 0x0c, 0xf1, 0x63, 0xc6, 0xb2,
+    0xff, 0xb3, 0x4f, 0x2c, 0x52, 0x75, 0x97, 0xff, 0xff, 0xd3, 0xdf, 0x5e,
+    0xcd, 0xbe, 0xce, 0xbc, 0xde, 0xc2, 0x73, 0x73, 0x7c, 0xf6, 0xb2, 0xfd,
+    0x1e, 0xdf, 0x03, 0x7a, 0xca, 0x8d, 0x3a, 0x71, 0xb1, 0x71, 0x7f, 0x79,
+    0xa8, 0x70, 0x83, 0xbf, 0xed, 0xfd, 0x79, 0x81, 0xe6, 0x3a, 0xcb, 0xfb,
+    0x6c, 0x91, 0xbe, 0x65, 0x97, 0xd8, 0x52, 0x62, 0xca, 0x81, 0xe8, 0x44,
+    0x5f, 0x58, 0x98, 0x1b, 0x2a, 0x3c, 0x23, 0x2e, 0xd0, 0x96, 0x5f, 0x67,
+    0x83, 0xd2, 0xca, 0x39, 0xba, 0x21, 0x7b, 0x8f, 0xb2, 0xb2, 0xfe, 0x72,
+    0xeb, 0x6c, 0x7c, 0x59, 0x40, 0x3c, 0xb1, 0x0d, 0x5f, 0xee, 0xba, 0x16,
+    0x81, 0xe1, 0x2c, 0xbf, 0xa4, 0xbf, 0xb3, 0x9f, 0x59, 0x7f, 0xe9, 0xf4,
+    0x9e, 0x4b, 0xfe, 0x65, 0x97, 0xf9, 0xc0, 0xff, 0xfe, 0x79, 0x65, 0x41,
+    0x13, 0xbd, 0x17, 0x98, 0x79, 0x7d, 0xe6, 0xcd, 0x2c, 0xbb, 0xc2, 0x59,
+    0x68, 0x2c, 0xad, 0x81, 0x34, 0xfc, 0x86, 0xa3, 0x19, 0x00, 0x87, 0x78,
+    0xbd, 0xef, 0x18, 0x05, 0x96, 0xfa, 0xca, 0x63, 0x5f, 0xe1, 0xeb, 0x87,
+    0x2b, 0x2f, 0xff, 0xdf, 0xe0, 0x7c, 0xd4, 0x8f, 0x3d, 0xd6, 0x14, 0x6b,
+    0x2a, 0x4f, 0xbb, 0x05, 0xaf, 0xe9, 0x60, 0x3f, 0xc4, 0xb2, 0xff, 0xd8,
+    0x0c, 0xc8, 0xa2, 0x29, 0x1a, 0xcb, 0xff, 0x68, 0x03, 0x29, 0x87, 0xb8,
+    0x05, 0x95, 0x89, 0xab, 0x9e, 0x11, 0xde, 0x20, 0x22, 0xc1, 0x1f, 0x5e,
+    0xfc, 0xc1, 0x65, 0xff, 0x0b, 0xfe, 0xc8, 0xa1, 0x3d, 0xac, 0xbf, 0xfc,
+    0x4f, 0xfc, 0xff, 0x33, 0xd9, 0xb9, 0xf5, 0x95, 0xe4, 0x51, 0x10, 0xe6,
+    0xf3, 0xbb, 0x44, 0xb2, 0xe7, 0xf2, 0xcb, 0xf6, 0x79, 0xc8, 0x6b, 0x2a,
+    0x33, 0xce, 0x80, 0x90, 0x05, 0xae, 0x93, 0x56, 0x5e, 0xde, 0xda, 0x59,
+    0x62, 0x59, 0x58, 0x6b, 0x9c, 0x7a, 0xfb, 0x9b, 0x0f, 0x61, 0xec, 0x35,
+    0x96, 0x78, 0x8f, 0x50, 0x03, 0xf7, 0xf3, 0x49, 0xe3, 0xc3, 0x16, 0x5f,
+    0xff, 0x67, 0xfd, 0x90, 0xd3, 0x97, 0xfc, 0xf0, 0x59, 0x74, 0x81, 0x65,
+    0xfe, 0x7e, 0xe7, 0xa6, 0xe8, 0x26, 0x91, 0x24, 0x45, 0xc1, 0xa7, 0x56,
+    0x2a, 0x5e, 0x67, 0xff, 0x18, 0x14, 0x26, 0x79, 0x0b, 0xab, 0xcf, 0x17,
+    0x16, 0x5f, 0x8b, 0x9e, 0xcd, 0xc5, 0x96, 0xd2, 0xca, 0xc3, 0x76, 0x19,
+    0x55, 0xf8, 0x1e, 0x98, 0x71, 0x65, 0xe2, 0x11, 0xab, 0x2f, 0x18, 0xf1,
+    0xac, 0xbf, 0xe9, 0x03, 0xfc, 0x01, 0x94, 0x16, 0x57, 0x8f, 0x5c, 0x87,
+    0xaa, 0x51, 0x7a, 0x45, 0x1f, 0x74, 0xb0, 0x4d, 0x81, 0xb3, 0x2d, 0x0b,
+    0x62, 0xf2, 0x65, 0x06, 0x01, 0xc2, 0xc7, 0x25, 0x1b, 0x1b, 0x08, 0x1e,
+    0xa3, 0xa7, 0xee, 0x18, 0x4c, 0x47, 0xa8, 0x48, 0x7a, 0x56, 0xbb, 0xb6,
+    0x81, 0xac, 0xa3, 0x71, 0xe4, 0x7b, 0x7f, 0x96, 0x9c, 0x25, 0x3d, 0x95,
+    0x80, 0xe1, 0xbd, 0x74, 0x7b, 0x2b, 0x2f, 0x98, 0x80, 0xcb, 0x2f, 0xba,
+    0x77, 0xe9, 0x51, 0x55, 0x2a, 0x07, 0xa1, 0xa2, 0x0b, 0xf6, 0xba, 0x77,
+    0xe9, 0x51, 0x36, 0xaf, 0xbf, 0xa6, 0xed, 0x65, 0xe7, 0x80, 0x4c, 0x3d,
+    0x96, 0x36, 0xb0, 0x48, 0xd3, 0x19, 0xc6, 0xb3, 0xbd, 0xdf, 0xe0, 0x99,
+    0xae, 0x9d, 0xfa, 0x54, 0x57, 0xeb, 0xf6, 0xba, 0x77, 0xe9, 0x51, 0x63,
+    0x2e, 0xdd, 0x82, 0xcb, 0x04, 0xc3, 0xd0, 0x88, 0xda, 0xfb, 0xaf, 0x49,
+    0xab, 0x2f, 0x4f, 0xf8, 0xb2, 0xb8, 0x78, 0x1f, 0x24, 0xbf, 0xe8, 0xe7,
+    0x8e, 0x0e, 0x30, 0xd6, 0x5f, 0xc2, 0x86, 0x71, 0xfe, 0xb2, 0xff, 0x0b,
+    0x35, 0xd7, 0x9b, 0x8b, 0x2b, 0x48, 0x9a, 0x23, 0x9e, 0x16, 0xdf, 0xed,
+    0x49, 0x9b, 0x21, 0xf9, 0xd6, 0x5f, 0x87, 0xb0, 0x6c, 0x04, 0x6a, 0xcb,
+    0xef, 0xf1, 0xfb, 0x59, 0x41, 0x43, 0xd6, 0x93, 0x3b, 0xfe, 0x21, 0x47,
+    0x14, 0x27, 0x51, 0xac, 0xbb, 0x5f, 0x59, 0x7c, 0xf0, 0xc1, 0xac, 0xbf,
+    0xbf, 0x9a, 0x1e, 0x12, 0xcb, 0x60, 0xcf, 0x37, 0xe4, 0x37, 0x43, 0x16,
+    0x5f, 0xce, 0xff, 0xfe, 0x79, 0x65, 0xff, 0xec, 0x39, 0x39, 0xa5, 0x80,
+    0xda, 0x66, 0xc6, 0xb2, 0x8d, 0x44, 0x9e, 0x85, 0x88, 0xb2, 0xff, 0x19,
+    0x26, 0x39, 0x77, 0xf5, 0x97, 0xed, 0x7f, 0xd9, 0x1a, 0xca, 0x93, 0xde,
+    0xc3, 0x5b, 0xfb, 0xec, 0x7e, 0xe1, 0xc5, 0x96, 0x09, 0x8a, 0xc6, 0x74,
+    0x5e, 0x78, 0x47, 0x78, 0x95, 0xcf, 0x09, 0x93, 0x90, 0xba, 0x0e, 0x11,
+    0xdb, 0xa4, 0x16, 0x60, 0x8b, 0x8d, 0xba, 0x97, 0xab, 0x7e, 0xd7, 0x4e,
+    0xfd, 0x2a, 0x2d, 0x55, 0xfb, 0x5d, 0x3b, 0xf4, 0xa8, 0xa0, 0x97, 0x47,
+    0xe5, 0x97, 0x9e, 0x01, 0x30, 0xf3, 0x80, 0x6d, 0x7e, 0x93, 0x36, 0x73,
+    0x4b, 0x2c, 0x13, 0x11, 0xc6, 0x78, 0x42, 0x06, 0x69, 0x7d, 0xfd, 0x3f,
+    0x96, 0x5f, 0xde, 0x68, 0xe3, 0x17, 0x16, 0x5f, 0x6a, 0x7f, 0xc5, 0x97,
+    0x8b, 0x23, 0x59, 0x6c, 0x19, 0xbe, 0xe8, 0x8a, 0xfe, 0x93, 0xbf, 0x7f,
+    0x82, 0xcb, 0xfd, 0x9e, 0xe6, 0x89, 0xba, 0x59, 0x58, 0x98, 0xc7, 0x44,
+    0x44, 0xdd, 0xc2, 0x7f, 0x97, 0x5f, 0xd9, 0xe0, 0x8f, 0xaf, 0xac, 0xb9,
+    0xcc, 0x08, 0x7f, 0x3f, 0x4a, 0xbf, 0x82, 0xde, 0xc5, 0xfd, 0x9c, 0xf2,
+    0xcb, 0xf8, 0x81, 0x3b, 0x8e, 0x75, 0x97, 0xf8, 0xd8, 0x63, 0x79, 0xe2,
+    0x59, 0x52, 0x7c, 0x6c, 0x5f, 0x7f, 0xfa, 0x29, 0xde, 0xfa, 0xe7, 0x1b,
+    0x58, 0x6a, 0xcb, 0xfc, 0xd1, 0x4e, 0xf7, 0xd7, 0x16, 0x5b, 0x8b, 0x2a,
+    0x4f, 0x18, 0x8d, 0x6f, 0xfe, 0x90, 0x0b, 0xfc, 0x29, 0xdd, 0x98, 0xd6,
+    0x5d, 0xa9, 0x59, 0x50, 0x4c, 0xc1, 0x88, 0x3d, 0x09, 0x3d, 0xe4, 0x1b,
+    0xa8, 0xf7, 0xcd, 0xe7, 0xe2, 0xcb, 0xee, 0x9d, 0xfa, 0x54, 0x5c, 0x4b,
+    0xf8, 0x4f, 0xd8, 0xf3, 0x4b, 0x2b, 0x47, 0xbd, 0xc3, 0x0b, 0xff, 0xf4,
+    0x03, 0xf4, 0x1f, 0xee, 0x01, 0x13, 0xef, 0x1a, 0xcb, 0x83, 0x89, 0x65,
+    0xff, 0x73, 0x18, 0x01, 0xfd, 0xfc, 0xb2, 0xfd, 0xd3, 0x73, 0xcc, 0xb2,
+    0xe6, 0xed, 0x65, 0x76, 0x6f, 0xf4, 0x51, 0x51, 0xa2, 0xcf, 0xc3, 0x3f,
+    0x78, 0xbf, 0xfe, 0x84, 0xfc, 0x1b, 0x73, 0xda, 0xc0, 0x0a, 0x25, 0x96,
+    0x35, 0x65, 0xd1, 0x32, 0xca, 0xc3, 0x52, 0xe2, 0x57, 0xfb, 0x7e, 0x7f,
+    0x9b, 0xe7, 0xcb, 0x2a, 0x07, 0xad, 0xe1, 0xfa, 0xc4, 0x7a, 0x34, 0x34,
+    0xaf, 0xfd, 0xf2, 0x70, 0x73, 0xd2, 0x5f, 0x59, 0x7e, 0xc3, 0xb6, 0xe8,
+    0xd6, 0x5d, 0x27, 0x59, 0x52, 0x7f, 0xbb, 0x87, 0xba, 0x2a, 0xbf, 0x84,
+    0x4e, 0x6c, 0x00, 0xb2, 0xf9, 0xf7, 0x5a, 0x35, 0x97, 0xef, 0x08, 0xdc,
+    0x25, 0x97, 0xa1, 0xf6, 0x59, 0x7e, 0x1e, 0x6e, 0x4f, 0x96, 0x5e, 0xdd,
+    0x6e, 0x96, 0x50, 0xd1, 0x1d, 0x11, 0x46, 0x87, 0x37, 0x4a, 0xaf, 0xf1,
+    0xde, 0x1c, 0x61, 0xe2, 0xcb, 0xc6, 0xcf, 0x16, 0x5f, 0xe8, 0x4c, 0x4f,
+    0xe9, 0xdc, 0x59, 0x7f, 0xe8, 0x85, 0x00, 0xf7, 0xcf, 0x9f, 0x7a, 0xca,
+    0x94, 0x4c, 0x60, 0xeb, 0x9b, 0x5f, 0xc2, 0xdc, 0x7f, 0x8a, 0x56, 0x52,
+    0xca, 0xec, 0xdd, 0xf0, 0xc2, 0xff, 0xb3, 0xdf, 0x29, 0x06, 0xd6, 0x59,
+    0x7e, 0x2f, 0x93, 0x9a, 0xb2, 0x96, 0x56, 0x1b, 0x2d, 0x92, 0x7a, 0x74,
+    0x58, 0x11, 0x17, 0x1a, 0xef, 0xe3, 0xbe, 0xf9, 0xd6, 0xea, 0xcb, 0xff,
+    0x30, 0xf3, 0x79, 0xf2, 0x1d, 0xc1, 0x65, 0xf9, 0xf8, 0xe4, 0x05, 0x97,
+    0xf3, 0x6f, 0x81, 0xe6, 0x25, 0x97, 0xfe, 0x9c, 0x23, 0xcf, 0xb7, 0x5f,
+    0x75, 0x65, 0x40, 0xfc, 0xb4, 0x61, 0x7f, 0xd8, 0x7c, 0xd6, 0x47, 0x86,
+    0x2c, 0xbf, 0xfd, 0xe9, 0xdf, 0xfe, 0x37, 0xfd, 0x9b, 0xbc, 0x59, 0x52,
+    0x9d, 0xae, 0x19, 0x1a, 0x82, 0xd0, 0x98, 0xf1, 0x10, 0x0e, 0x69, 0x65,
+    0xfd, 0x1b, 0xe7, 0xf0, 0xeb, 0x28, 0x28, 0x6e, 0x1c, 0x2e, 0xfe, 0xcd,
+    0x3f, 0xc5, 0x2b, 0x2f, 0xff, 0x9c, 0xa5, 0xb7, 0x78, 0xdc, 0xcf, 0x66,
+    0xca, 0xca, 0x19, 0xff, 0x6f, 0x2c, 0xbf, 0xf9, 0x88, 0x50, 0xce, 0x71,
+    0x87, 0x8b, 0x2a, 0x23, 0xe6, 0xf9, 0x25, 0x82, 0x05, 0x8c, 0xc6, 0xd9,
+    0x8f, 0x3e, 0x0a, 0x98, 0xff, 0xd9, 0x13, 0x46, 0x17, 0x14, 0x64, 0xba,
+    0x85, 0x19, 0xcc, 0x7c, 0x5c, 0xf0, 0xb3, 0x02, 0x09, 0x43, 0x2b, 0x91,
+    0x8c, 0x7e, 0x3e, 0x3d, 0x98, 0x49, 0x87, 0x18, 0x45, 0xfd, 0xb1, 0x6c,
+    0x5a, 0x77, 0x82, 0xcb, 0xfc, 0x14, 0x2d, 0x83, 0xfb, 0x3b, 0x00, 0xd6,
+    0x5f, 0xed, 0x8b, 0x04, 0x1f, 0xa4, 0xd5, 0x97, 0x38, 0x55, 0x65, 0x05,
+    0x4f, 0x50, 0x8e, 0xaf, 0xdb, 0x08, 0x2a, 0x39, 0x1a, 0xcb, 0xf6, 0xc7,
+    0xb0, 0x80, 0x6c, 0xac, 0xbf, 0xf3, 0x77, 0xb0, 0xf9, 0xad, 0xbb, 0x7d,
+    0xb2, 0xb2, 0xfb, 0xd3, 0xfe, 0x96, 0x50, 0x5b, 0x3f, 0x11, 0xa7, 0x5f,
+    0xf4, 0xe9, 0xfe, 0x00, 0xca, 0x0b, 0x2f, 0xfe, 0x34, 0xcd, 0xc8, 0xc7,
+    0xb1, 0xed, 0xdb, 0xed, 0x95, 0x97, 0xd3, 0x9a, 0x82, 0xca, 0xd8, 0x67,
+    0xf4, 0x4b, 0x37, 0xee, 0x71, 0xf7, 0xe2, 0xcb, 0xee, 0x9d, 0xfa, 0x54,
+    0x5d, 0x2b, 0xf1, 0x0b, 0xf3, 0xc5, 0x95, 0xa3, 0xd7, 0xf1, 0x85, 0xf3,
+    0x8a, 0x07, 0x59, 0x7f, 0x0c, 0x38, 0x30, 0x38, 0xb2, 0xbc, 0x7a, 0x2e,
+    0x45, 0x7c, 0x4e, 0x39, 0x59, 0x7f, 0xa7, 0x7b, 0x94, 0xef, 0xe2, 0xca,
+    0x93, 0xd5, 0xf1, 0x05, 0xff, 0xc1, 0x4e, 0x72, 0x28, 0x05, 0xf6, 0xed,
+    0xf6, 0xca, 0xcb, 0xfa, 0x13, 0xdb, 0xf2, 0x0b, 0x2f, 0xf8, 0xa2, 0xd4,
+    0xf7, 0x06, 0x3a, 0xcb, 0xff, 0x6f, 0x92, 0xff, 0x05, 0xfc, 0xd2, 0xcb,
+    0xff, 0xff, 0xcd, 0xb4, 0x2d, 0x85, 0x36, 0x17, 0xa5, 0x86, 0x52, 0x2e,
+    0x8c, 0x71, 0xcf, 0x7c, 0x59, 0x52, 0x98, 0x2e, 0x1d, 0x12, 0x05, 0xf4,
+    0x37, 0x73, 0xeb, 0x2f, 0xb9, 0x3b, 0xbc, 0x59, 0x52, 0x79, 0x5b, 0xa4,
+    0xb7, 0x7f, 0x75, 0x65, 0xf8, 0xd3, 0x43, 0x2e, 0x96, 0x54, 0x9e, 0x33,
+    0x0d, 0x5f, 0x74, 0x76, 0xdc, 0x59, 0x7f, 0x64, 0x1a, 0x61, 0xb8, 0xb2,
+    0xf0, 0xf0, 0x6b, 0x2a, 0x4f, 0xc4, 0x64, 0xd8, 0x5f, 0x7f, 0xff, 0xf7,
+    0xb3, 0x7e, 0xb3, 0x99, 0xae, 0xa7, 0x3e, 0x59, 0xce, 0x60, 0xd6, 0x5f,
+    0xe8, 0xe4, 0xba, 0x18, 0x7c, 0x59, 0x7f, 0xf0, 0x18, 0x83, 0x35, 0xbe,
+    0xe0, 0xe2, 0xcb, 0xfe, 0x6c, 0x2f, 0x67, 0xe4, 0x6b, 0x2f, 0xfc, 0xc5,
+    0xa9, 0xfb, 0x74, 0xc3, 0x59, 0x51, 0xa3, 0xb8, 0x06, 0xdf, 0x45, 0xde,
+    0x6d, 0x7f, 0xb7, 0xcf, 0xf8, 0x2e, 0x82, 0xeb, 0x2a, 0x53, 0xdb, 0xc8,
+    0xd8, 0x1d, 0x02, 0xff, 0xbc, 0xc6, 0x7f, 0xbe, 0x9b, 0xcb, 0x2f, 0xc2,
+    0x04, 0x45, 0xf5, 0x94, 0x33, 0xe5, 0xd1, 0xe5, 0xce, 0x1a, 0xcb, 0xff,
+    0x7f, 0x6f, 0x1c, 0xba, 0xf3, 0x69, 0x65, 0xb9, 0x19, 0xec, 0x60, 0xbd,
+    0xfe, 0x9f, 0xbc, 0x62, 0x68, 0x2c, 0xb8, 0x3f, 0x2c, 0xa2, 0x3c, 0xb0,
+    0xcc, 0xef, 0xff, 0xcf, 0x02, 0x9e, 0x67, 0x7d, 0x13, 0xe7, 0x7d, 0x2c,
+    0xbf, 0xe6, 0xf6, 0x76, 0x08, 0x0f, 0x16, 0x58, 0x20, 0x51, 0x97, 0x29,
+    0xb1, 0x1b, 0xec, 0x10, 0x99, 0x0b, 0x09, 0x76, 0x19, 0x94, 0xc2, 0x96,
+    0x32, 0x88, 0x42, 0xcc, 0x64, 0xf9, 0x08, 0x0e, 0x9c, 0xd9, 0xdb, 0x70,
+    0x86, 0x25, 0x7d, 0x46, 0x66, 0x77, 0x8f, 0x35, 0x3c, 0x24, 0x4a, 0x50,
+    0x47, 0x21, 0x33, 0xf7, 0xa1, 0x39, 0xef, 0x22, 0xd9, 0x56, 0xba, 0x76,
+    0x56, 0x5f, 0xfe, 0x2f, 0xb1, 0xfd, 0x2c, 0x4f, 0xa3, 0x56, 0x5f, 0xcf,
+    0xf9, 0x3c, 0x92, 0xca, 0xc3, 0xf3, 0xd2, 0x45, 0xff, 0x8f, 0xc1, 0x7e,
+    0x0d, 0xbf, 0xcc, 0xb2, 0xfe, 0xcc, 0xe7, 0x5f, 0x95, 0x97, 0xf4, 0x73,
+    0xf7, 0x34, 0x4b, 0x29, 0x65, 0xff, 0xd3, 0xa0, 0x6d, 0xe7, 0xa4, 0xee,
+    0x4b, 0x2f, 0xf4, 0xe8, 0x3f, 0x7b, 0x00, 0xb2, 0xa0, 0x7f, 0x3e, 0x45,
+    0xbf, 0xa0, 0xf0, 0x72, 0xe9, 0x65, 0xc5, 0x2b, 0x2d, 0xc5, 0x95, 0x26,
+    0x9b, 0xe2, 0xb7, 0xff, 0xb3, 0xf2, 0x60, 0x71, 0xf3, 0x0f, 0x3b, 0x8b,
+    0x2c, 0x75, 0x97, 0xf3, 0xc3, 0x4c, 0x63, 0x2c, 0xbe, 0x29, 0x1e, 0x96,
+    0x5f, 0xf9, 0xa0, 0xda, 0xee, 0x4a, 0x78, 0xb2, 0xa3, 0x3d, 0xef, 0x90,
+    0xd8, 0x20, 0x51, 0x51, 0x3e, 0x42, 0x12, 0x22, 0x2f, 0x29, 0x91, 0x07,
+    0xd3, 0xf6, 0x44, 0x43, 0x84, 0x5d, 0x69, 0x57, 0x11, 0xe5, 0x2b, 0x5f,
+    0x61, 0x81, 0x43, 0xac, 0xbf, 0x8a, 0x7b, 0x3b, 0xfd, 0x65, 0xff, 0xe3,
+    0x1c, 0x7e, 0x9e, 0xff, 0x3e, 0x7d, 0xc5, 0x96, 0x6d, 0x1f, 0xdf, 0x8b,
+    0x6f, 0xff, 0xf8, 0x5a, 0x87, 0x3c, 0xed, 0xad, 0x68, 0x5d, 0xb6, 0x9f,
+    0x8b, 0x2f, 0xfe, 0xd7, 0x53, 0x9e, 0x9f, 0x94, 0xfd, 0x65, 0xe1, 0x7b,
+    0x8b, 0x2f, 0xfc, 0xe6, 0xf5, 0xe6, 0x8b, 0x52, 0x62, 0xcb, 0xd3, 0x9d,
+    0xf4, 0x7b, 0xe4, 0x3b, 0x7f, 0xf3, 0x9f, 0x9f, 0x27, 0x07, 0x7f, 0xd8,
+    0x6b, 0x2d, 0xfd, 0x1f, 0xf0, 0x8c, 0xef, 0xfc, 0x4e, 0x67, 0xf3, 0xcf,
+    0x13, 0xac, 0xbf, 0xff, 0x00, 0x13, 0xb7, 0xd3, 0xf1, 0x75, 0xe9, 0x27,
+    0x59, 0x7f, 0xfe, 0x21, 0x3e, 0xe6, 0x43, 0xd8, 0x6e, 0x0e, 0x21, 0x2c,
+    0xac, 0x45, 0x87, 0x95, 0xee, 0xeb, 0x16, 0x5f, 0xd3, 0x06, 0xef, 0xf8,
+    0xb2, 0xff, 0xf9, 0xfb, 0x87, 0x3b, 0xf9, 0x3f, 0xb3, 0xbf, 0xac, 0xa9,
+    0x45, 0xc1, 0xa4, 0x5a, 0x17, 0x72, 0xdb, 0xed, 0x71, 0xb4, 0xb2, 0xff,
+    0x60, 0x82, 0xfd, 0x79, 0xa2, 0x59, 0x7f, 0xff, 0xfd, 0xf9, 0x68, 0x3f,
+    0x39, 0x3c, 0xcf, 0x31, 0x49, 0xf5, 0x21, 0xb9, 0x2c, 0xbf, 0x72, 0x7c,
+    0x1c, 0x4b, 0x29, 0x91, 0x47, 0xf7, 0x9a, 0x94, 0xc8, 0x30, 0x89, 0xe1,
+    0xb9, 0x7a, 0x12, 0x75, 0x96, 0xd8, 0x16, 0x5d, 0xc8, 0x2c, 0xbf, 0xfe,
+    0xc1, 0x8b, 0xfc, 0xeb, 0xcd, 0xc1, 0x3f, 0x6b, 0x2f, 0xff, 0x9e, 0x1c,
+    0x0c, 0x85, 0x1f, 0xf9, 0x84, 0x05, 0x95, 0xe4, 0x51, 0x89, 0x4a, 0x8d,
+    0x46, 0xef, 0xe1, 0x75, 0x7f, 0xb5, 0xa7, 0x84, 0x78, 0x62, 0xca, 0x59,
+    0x74, 0x42, 0x59, 0x58, 0x7b, 0x1e, 0x35, 0x30, 0x2e, 0xff, 0xbc, 0x1f,
+    0xdb, 0x4d, 0x1c, 0xac, 0xbe, 0xd4, 0x99, 0xc5, 0x97, 0xbd, 0x91, 0x2c,
+    0xbf, 0xfe, 0x11, 0x7f, 0x98, 0xc7, 0xc1, 0xcc, 0x27, 0x0f, 0x03, 0xe4,
+    0x75, 0x04, 0xc3, 0x30, 0xbf, 0x8f, 0x57, 0xff, 0x60, 0xe6, 0x13, 0xa9,
+    0x0d, 0xc9, 0x65, 0xff, 0xb7, 0xe4, 0x0e, 0x36, 0xdf, 0x23, 0x59, 0x7f,
+    0xfc, 0xde, 0x11, 0xce, 0xf0, 0xf3, 0x9d, 0xb8, 0xb2, 0x8e, 0x8d, 0x37,
+    0x42, 0xfa, 0x15, 0xce, 0x12, 0x36, 0x45, 0x9e, 0x34, 0x77, 0x19, 0x04,
+    0x45, 0x1a, 0x8e, 0x9b, 0xd1, 0xae, 0x39, 0x99, 0x0e, 0x72, 0x1e, 0x7f,
+    0x8e, 0x34, 0x38, 0xc0, 0xeb, 0xcc, 0x9a, 0x72, 0xa4, 0x6d, 0x5f, 0xe8,
+    0x67, 0xfd, 0x21, 0x92, 0xcb, 0xff, 0x7d, 0xba, 0x61, 0xb9, 0x1b, 0x2b,
+    0x2f, 0x0d, 0x8d, 0x59, 0x7f, 0xd3, 0xdf, 0x9f, 0x9f, 0x93, 0x16, 0x54,
+    0xa2, 0x57, 0x0f, 0xb4, 0x3b, 0x7f, 0x9f, 0xe4, 0x28, 0xfb, 0xdc, 0x59,
+    0x60, 0xaa, 0xcb, 0x85, 0xe5, 0x97, 0xe2, 0xcf, 0x3f, 0xd6, 0x5f, 0xd0,
+    0x7c, 0xdf, 0x23, 0x59, 0x41, 0x53, 0xd4, 0x0b, 0x09, 0xaf, 0xdb, 0x18,
+    0x57, 0x5c, 0xe2, 0xcb, 0xe6, 0x14, 0x25, 0x65, 0xf6, 0x77, 0x27, 0x59,
+    0x7c, 0xc5, 0x20, 0x59, 0x7f, 0xbd, 0x31, 0xea, 0x70, 0x6b, 0x2f, 0xd3,
+    0xbd, 0xf3, 0x4b, 0x2e, 0xc8, 0xd6, 0x5c, 0x39, 0x59, 0x41, 0x9a, 0xdd,
+    0xd1, 0x7a, 0x94, 0x56, 0xf8, 0xcc, 0x4a, 0xb7, 0xe7, 0x8a, 0x0d, 0xf5,
+    0x97, 0xf8, 0x5b, 0xad, 0xbf, 0xf9, 0xe5, 0x97, 0xfe, 0x91, 0xea, 0x60,
+    0xdd, 0xff, 0x16, 0x5f, 0xff, 0x3f, 0xa6, 0x03, 0xf4, 0xf7, 0xf6, 0x3f,
+    0x16, 0x54, 0x15, 0x16, 0x9a, 0x43, 0xd1, 0x17, 0xa1, 0x9a, 0x02, 0xf2,
+    0x28, 0xf9, 0xc6, 0xf3, 0xeb, 0xfe, 0xd7, 0x3c, 0xdd, 0x74, 0x28, 0xd6,
+    0x5f, 0xc6, 0x66, 0xf2, 0x14, 0x16, 0x5f, 0xc2, 0x37, 0x0b, 0x77, 0x16,
+    0x5f, 0xff, 0xef, 0x31, 0xce, 0xc6, 0x73, 0xbe, 0x9b, 0x34, 0x39, 0xed,
+    0x65, 0xff, 0xf4, 0xc3, 0x38, 0xc4, 0x02, 0xcf, 0xfb, 0x16, 0x5d, 0xa8,
+    0x74, 0x8b, 0x02, 0x64, 0xa9, 0x4d, 0xf3, 0x0f, 0x48, 0xc0, 0x50, 0xe0,
+    0xbf, 0xff, 0xe9, 0x1f, 0xb3, 0xbf, 0x93, 0xf8, 0x0f, 0xce, 0x3e, 0xba,
+    0x59, 0x7d, 0x1e, 0xcb, 0x9a, 0xb2, 0xff, 0x66, 0x61, 0xa6, 0xbc, 0x16,
+    0x51, 0xa8, 0xc1, 0xf3, 0x3f, 0xc9, 0xef, 0xb9, 0xd7, 0xe5, 0x65, 0xfe,
+    0x63, 0xb6, 0xb9, 0x09, 0x59, 0x58, 0x7a, 0xbf, 0x23, 0xbf, 0xfc, 0xc6,
+    0x73, 0xaf, 0x37, 0x7f, 0xd6, 0xa5, 0x65, 0xff, 0xb5, 0xf7, 0x87, 0x37,
+    0x8b, 0x4c, 0xb2, 0xff, 0xe7, 0xe1, 0x39, 0xa3, 0xf0, 0x9f, 0x8b, 0x2a,
+    0x51, 0x0a, 0x24, 0x1b, 0xff, 0xfe, 0x73, 0x03, 0xcd, 0x13, 0xf7, 0x0e,
+    0xa7, 0xfc, 0xce, 0xfe, 0xb2, 0xfc, 0x58, 0x09, 0x02, 0xcb, 0xfa, 0x30,
+    0xf3, 0xcf, 0xda, 0xcb, 0xfd, 0x06, 0x28, 0xa0, 0xde, 0x59, 0x69, 0x82,
+    0x22, 0x70, 0x9a, 0x23, 0x0a, 0xc5, 0x47, 0xba, 0x21, 0xf4, 0x34, 0x9c,
+    0x88, 0xa1, 0xe7, 0x7e, 0xde, 0xda, 0xc1, 0xac, 0xbf, 0xfe, 0xe7, 0x9b,
+    0x9f, 0xf6, 0x0d, 0xb9, 0x84, 0xb2, 0xc5, 0x87, 0xee, 0x22, 0x9b, 0xfc,
+    0x4f, 0xa3, 0x7f, 0x9d, 0x2c, 0xb7, 0xa4, 0xf6, 0xb0, 0x9a, 0xfc, 0xfe,
+    0x81, 0x74, 0xb2, 0xff, 0x49, 0xf1, 0x8f, 0x3b, 0x8b, 0x2f, 0xf4, 0x0f,
+    0xc6, 0x2e, 0xe0, 0xb2, 0xba, 0x3e, 0x88, 0x8d, 0x2f, 0xf3, 0x69, 0xc8,
+    0x18, 0x4b, 0x2f, 0xf7, 0xd8, 0xb3, 0xb8, 0x4a, 0xcb, 0xff, 0xb5, 0xa7,
+    0x87, 0x0b, 0x0e, 0x1f, 0x6b, 0x2a, 0x4f, 0xe3, 0x0c, 0xaf, 0xf9, 0xa0,
+    0x59, 0xe2, 0x78, 0x2c, 0xbf, 0xff, 0x43, 0x08, 0x7e, 0x9c, 0x29, 0x01,
+    0xde, 0x0b, 0x28, 0x91, 0x10, 0x19, 0xb5, 0xe7, 0x7e, 0x95, 0x12, 0x62,
+    0xf6, 0xeb, 0x71, 0x65, 0x40, 0xfa, 0xfa, 0x23, 0xdd, 0x29, 0xbf, 0x75,
+    0xb0, 0xf6, 0x30, 0xa0, 0x55, 0x65, 0xff, 0xff, 0xec, 0xea, 0x45, 0xd7,
+    0xa7, 0x5b, 0x70, 0x9b, 0xbe, 0x07, 0x19, 0x60, 0xd6, 0x5f, 0xed, 0xee,
+    0x7c, 0x36, 0x78, 0xb2, 0xf7, 0x70, 0xe6, 0xd4, 0x58, 0xe3, 0xe5, 0xfe,
+    0xce, 0xff, 0xf7, 0x87, 0x16, 0x54, 0xa6, 0xb3, 0x90, 0xee, 0xd1, 0xbd,
+    0xfe, 0x27, 0xff, 0x3a, 0x11, 0x2c, 0xbf, 0xfe, 0x03, 0x00, 0xcc, 0x6d,
+    0xe5, 0x9f, 0xf3, 0x2c, 0xbd, 0x1f, 0xd9, 0x65, 0xff, 0xc4, 0xe6, 0x70,
+    0xc7, 0x1c, 0xf7, 0xc5, 0x96, 0xc5, 0x95, 0xa3, 0xd6, 0xfa, 0x35, 0xfb,
+    0x8e, 0xf0, 0xe2, 0xcb, 0xf9, 0xe1, 0xcc, 0x20, 0x2c, 0xb3, 0xed, 0x47,
+    0x40, 0xdc, 0xfb, 0x22, 0xf9, 0x3d, 0xb5, 0x89, 0xbe, 0xfa, 0x33, 0x8b,
+    0xff, 0xf9, 0xe3, 0x29, 0xef, 0xbe, 0x84, 0xfa, 0x06, 0x77, 0xf5, 0x95,
+    0x8a, 0x8f, 0x9a, 0x3b, 0x02, 0x2f, 0xbf, 0xe7, 0x87, 0x30, 0xa7, 0xbe,
+    0x2c, 0xbe, 0xe4, 0x18, 0x0b, 0x2f, 0xff, 0xbe, 0x6b, 0xf3, 0x5a, 0xc8,
+    0xc0, 0x79, 0x82, 0xca, 0x81, 0xfa, 0x18, 0x45, 0x7f, 0xff, 0xef, 0x64,
+    0x3d, 0x83, 0x29, 0xe8, 0x39, 0x33, 0x39, 0xc7, 0x35, 0x65, 0x4a, 0x24,
+    0x7e, 0x47, 0x7f, 0xe3, 0x30, 0x6f, 0x0f, 0xf1, 0xc0, 0xb2, 0xff, 0xf1,
+    0x49, 0x81, 0xfc, 0xa4, 0x19, 0xdf, 0xd6, 0x5f, 0xec, 0xd7, 0x8a, 0x7b,
+    0x82, 0xcb, 0x9f, 0xbc, 0x3f, 0xe0, 0xd2, 0xe9, 0x91, 0xd6, 0x28, 0x5e,
+    0xdf, 0xfc, 0xdd, 0x99, 0xff, 0x34, 0x96, 0x74, 0xb2, 0xff, 0xc4, 0xe7,
+    0x03, 0x69, 0xbb, 0x02, 0xcb, 0xec, 0x6d, 0x46, 0xb2, 0x86, 0x7c, 0x01,
+    0x73, 0xeb, 0xfe, 0x63, 0x64, 0x71, 0x9e, 0x74, 0xb2, 0xa0, 0xca, 0x3e,
+    0x19, 0x36, 0x42, 0x40, 0xd2, 0x4e, 0xa1, 0x51, 0xa8, 0xc4, 0xcf, 0x1c,
+    0x67, 0xa5, 0x39, 0x00, 0xd4, 0xa3, 0x3d, 0xe4, 0x61, 0xbf, 0x27, 0x14,
+    0x29, 0x77, 0x93, 0x5f, 0xc3, 0x00, 0x57, 0x80, 0xd9, 0x59, 0x7b, 0x77,
+    0x76, 0x56, 0x5f, 0xfd, 0x86, 0x79, 0xff, 0xc9, 0xf0, 0x71, 0x2c, 0xbf,
+    0xfd, 0x9a, 0xf3, 0xb7, 0xc5, 0xa7, 0xdf, 0x8b, 0x28, 0x68, 0x91, 0xf2,
+    0x3d, 0xee, 0x30, 0xd6, 0x5f, 0xc5, 0x3d, 0x9d, 0xfe, 0xb2, 0xff, 0x75,
+    0xf1, 0x7b, 0x52, 0x62, 0xcb, 0xff, 0xb3, 0xbf, 0x60, 0xfd, 0x91, 0x41,
+    0xd6, 0x54, 0x9f, 0xd9, 0xcd, 0xaf, 0xf9, 0xb0, 0xce, 0xbd, 0x2d, 0xb2,
+    0xb2, 0xff, 0xf4, 0x94, 0x30, 0x5a, 0x8c, 0x19, 0x83, 0x59, 0x7f, 0xba,
+    0x6d, 0x72, 0x29, 0x75, 0x97, 0xf9, 0xbe, 0x09, 0xf0, 0x7c, 0x59, 0x7c,
+    0xf0, 0x92, 0x59, 0x7e, 0x17, 0x3c, 0xf0, 0x81, 0xea, 0x78, 0xd2, 0xfe,
+    0x70, 0x61, 0x0e, 0x0b, 0x2f, 0xfe, 0x7e, 0xff, 0xec, 0x61, 0xc9, 0x74,
+    0xb2, 0x8d, 0x4e, 0x03, 0xb4, 0x9d, 0x42, 0x20, 0x8f, 0xf8, 0x59, 0x66,
+    0x1a, 0xb1, 0x58, 0x88, 0xf4, 0x38, 0x78, 0x54, 0x05, 0xc8, 0x7f, 0x1d,
+    0xe5, 0xf8, 0x73, 0xcf, 0xb2, 0xcb, 0xf6, 0x46, 0x76, 0x89, 0x65, 0x4a,
+    0xe4, 0x37, 0xa5, 0xe4, 0x3b, 0x71, 0x13, 0xdf, 0x7d, 0x8e, 0xeb, 0x2f,
+    0x8c, 0xf0, 0xba, 0x59, 0x63, 0x56, 0x5f, 0xde, 0xe4, 0xfe, 0x46, 0xb2,
+    0xa4, 0xf9, 0x30, 0x95, 0x84, 0xab, 0x11, 0x63, 0xf8, 0x42, 0xdf, 0xfe,
+    0x13, 0xf9, 0xc7, 0x03, 0xfa, 0x43, 0x25, 0x97, 0x8a, 0x4e, 0xb2, 0xfc,
+    0xdc, 0xf4, 0xe9, 0x65, 0x44, 0x78, 0x5e, 0x1b, 0xbf, 0xe9, 0xf7, 0xda,
+    0x33, 0xcf, 0x4b, 0x2f, 0xff, 0xcf, 0xd6, 0xa7, 0xc5, 0x9f, 0xc0, 0x86,
+    0x18, 0x62, 0x4a, 0x82, 0x6d, 0x5d, 0x13, 0xbc, 0x23, 0x38, 0x47, 0xf3,
+    0xab, 0xf7, 0x42, 0xe8, 0xa5, 0x65, 0xfb, 0x91, 0x7a, 0x7e, 0xb2, 0xf6,
+    0x9b, 0xb5, 0x95, 0xd1, 0xf7, 0xc4, 0x53, 0xf2, 0x9b, 0xfb, 0x61, 0x85,
+    0xaf, 0xec, 0x2d, 0x8b, 0x71, 0x65, 0xff, 0xdd, 0xc0, 0xa6, 0x1a, 0x9f,
+    0xbf, 0xd6, 0x5f, 0xf0, 0xc3, 0x9e, 0xf6, 0x73, 0x52, 0xb2, 0xe9, 0x82,
+    0xca, 0xc4, 0x4b, 0xba, 0x21, 0x1e, 0xdf, 0x0b, 0x72, 0x60, 0xb2, 0xff,
+    0xcf, 0xf9, 0xd7, 0x3d, 0x25, 0xf5, 0x97, 0xec, 0x83, 0x3e, 0xf5, 0x95,
+    0xe4, 0x45, 0x11, 0x2f, 0x0f, 0x6a, 0x08, 0xe6, 0x14, 0x2d, 0xef, 0x1d,
+    0xfc, 0xb2, 0xff, 0xf1, 0x4c, 0x35, 0xa1, 0x76, 0xda, 0x7e, 0x2c, 0xbf,
+    0xfe, 0xe6, 0x1a, 0x59, 0xfe, 0x64, 0x09, 0xcc, 0x59, 0x66, 0xf2, 0x26,
+    0x7e, 0x95, 0x4c, 0x8d, 0xdd, 0xf0, 0xb5, 0xbf, 0xd2, 0x5f, 0xc2, 0x93,
+    0x56, 0x5e, 0x9f, 0x71, 0x65, 0x6f, 0x3c, 0xdd, 0xd3, 0x1b, 0xfe, 0x93,
+    0xff, 0xd8, 0x52, 0x05, 0x97, 0xe3, 0xcc, 0x37, 0x3a, 0x59, 0x7e, 0x29,
+    0x17, 0xf8, 0xb2, 0x80, 0x7a, 0x7f, 0x2c, 0xbf, 0xee, 0x41, 0xbe, 0x00,
+    0xca, 0x0b, 0x2a, 0x33, 0xdc, 0xec, 0x8a, 0xfe, 0x2c, 0xff, 0x83, 0x31,
+    0x65, 0xfd, 0xfc, 0x8a, 0x0e, 0x4b, 0x2b, 0xb3, 0xdc, 0x39, 0x7d, 0x62,
+    0x28, 0xda, 0x10, 0x15, 0x2a, 0x93, 0x31, 0xd9, 0x89, 0xf5, 0x1c, 0x4d,
+    0xff, 0xff, 0x77, 0xd7, 0x98, 0xe4, 0xd1, 0xcf, 0xf8, 0x1f, 0xfd, 0x83,
+    0x59, 0x7f, 0xc6, 0xed, 0x0f, 0x35, 0xb2, 0xe6, 0xac, 0xb0, 0x5d, 0x65,
+    0x49, 0xeb, 0x3a, 0x0d, 0xff, 0xfc, 0x4e, 0x6f, 0xa5, 0xa0, 0xc5, 0xf8,
+    0x66, 0xb1, 0x65, 0x4a, 0x67, 0x05, 0x0c, 0x01, 0x10, 0x5f, 0xfe, 0x06,
+    0x77, 0xfc, 0x21, 0x7c, 0x13, 0x05, 0x97, 0xff, 0x37, 0x30, 0x7d, 0x4c,
+    0x73, 0x9f, 0x59, 0x7e, 0x17, 0xbf, 0x31, 0x2c, 0xbf, 0xff, 0xbc, 0xfa,
+    0xf3, 0x16, 0x0f, 0x4c, 0x28, 0xc3, 0x3a, 0xcb, 0xff, 0xef, 0xcf, 0x4d,
+    0xf6, 0x3e, 0xde, 0x38, 0xc6, 0xb2, 0xff, 0x79, 0xce, 0x3c, 0xda, 0x75,
+    0x97, 0xfd, 0xad, 0x4e, 0x3e, 0xbb, 0x82, 0xcb, 0x81, 0x2b, 0x28, 0x68,
+    0x84, 0x63, 0x50, 0x1c, 0xdf, 0xfb, 0xcd, 0xbf, 0x37, 0x06, 0x4f, 0xa5,
+    0x97, 0xc2, 0x8f, 0xbd, 0xc5, 0x95, 0xd1, 0xf5, 0x12, 0x15, 0x0d, 0x3e,
+    0xd6, 0x5c, 0xe4, 0x35, 0xbf, 0x09, 0x9b, 0xff, 0xd3, 0x19, 0x66, 0x47,
+    0xf3, 0x64, 0xa0, 0xb2, 0xff, 0xce, 0x51, 0xf9, 0xce, 0xdc, 0x65, 0x95,
+    0x8a, 0xdc, 0xba, 0x4a, 0xf2, 0x23, 0xca, 0x16, 0x24, 0x73, 0x12, 0xaf,
+    0xfe, 0x16, 0xe7, 0xb3, 0x06, 0x59, 0x1c, 0xac, 0xbf, 0xef, 0xb7, 0x18,
+    0x41, 0x71, 0xca, 0xcb, 0xc6, 0x18, 0x62, 0x4b, 0xe8, 0xce, 0xdc, 0x48,
+    0x10, 0xd0, 0x5d, 0x23, 0x59, 0x4e, 0x79, 0x64, 0x6b, 0x7f, 0xcd, 0xc9,
+    0x84, 0x5e, 0x60, 0x2c, 0xbf, 0xd9, 0xde, 0xb3, 0x65, 0x80, 0xb2, 0x86,
+    0x9b, 0xe3, 0x23, 0x6a, 0x14, 0xfe, 0x20, 0x23, 0x9b, 0x83, 0xf2, 0xcb,
+    0xf4, 0xe1, 0x39, 0xd6, 0x5f, 0xf9, 0xe1, 0xe6, 0xec, 0x1a, 0x71, 0xac,
+    0xbd, 0xfd, 0x62, 0xcb, 0x86, 0x62, 0xcb, 0xff, 0xf6, 0x6f, 0x92, 0xf9,
+    0xe7, 0x08, 0x79, 0xdf, 0xd6, 0x5e, 0x72, 0xea, 0x51, 0x13, 0x18, 0xe6,
+    0x86, 0x29, 0x93, 0x46, 0x00, 0xc1, 0x12, 0x8a, 0x19, 0x17, 0xed, 0x47,
+    0x3a, 0x8d, 0x65, 0xf9, 0x8b, 0xe1, 0x9d, 0x65, 0xa1, 0x27, 0xa4, 0x02,
+    0xab, 0xfe, 0xf4, 0x9e, 0x4b, 0xfe, 0x65, 0x97, 0xff, 0x67, 0x39, 0x87,
+    0x1b, 0x6f, 0x91, 0xac, 0xa9, 0x3f, 0xcf, 0x1b, 0xdf, 0xd2, 0x78, 0xbc,
+    0xda, 0x59, 0x7f, 0x67, 0x30, 0xef, 0xda, 0xcb, 0xf7, 0x1b, 0x08, 0x0b,
+    0x2b, 0x47, 0xa7, 0xc2, 0xdb, 0xda, 0xcd, 0xc5, 0x97, 0xff, 0x85, 0xcf,
+    0x36, 0x44, 0xd1, 0xe7, 0x7f, 0x59, 0x7f, 0xc6, 0x07, 0x1f, 0x30, 0xf3,
+    0xb8, 0xb2, 0xff, 0xf0, 0xbb, 0xcd, 0x07, 0xfe, 0x61, 0xad, 0xa5, 0x97,
+    0xff, 0x9b, 0xac, 0x21, 0xe9, 0xfa, 0xce, 0xfe, 0xb2, 0xa5, 0x1a, 0xfe,
+    0x3f, 0xe2, 0x6d, 0xff, 0x98, 0x83, 0xc8, 0xb8, 0xdd, 0x98, 0xb2, 0xf9,
+    0xc1, 0xf0, 0xba, 0xca, 0xe9, 0x54, 0xe4, 0x44, 0x3a, 0x84, 0x09, 0xc8,
+    0x88, 0x7f, 0xf1, 0x91, 0xef, 0x2f, 0x31, 0x06, 0xfd, 0x9d, 0xff, 0xd2,
+    0xb2, 0xfc, 0xdb, 0xff, 0x38, 0xb2, 0xff, 0x02, 0x4b, 0xce, 0xe7, 0x59,
+    0x5e, 0x44, 0x0f, 0x0a, 0x3e, 0x51, 0x52, 0xb8, 0xe5, 0x92, 0xcf, 0xde,
+    0x30, 0x3b, 0xff, 0xf3, 0x73, 0x93, 0xa8, 0x6a, 0x7f, 0xc0, 0xca, 0x0b,
+    0x2f, 0xe0, 0xf3, 0x5b, 0x2e, 0x6a, 0xcb, 0xf6, 0x6b, 0x65, 0xcd, 0x59,
+    0x76, 0x73, 0x69, 0xee, 0x86, 0x65, 0x7f, 0xfa, 0x22, 0x9f, 0xf3, 0xfd,
+    0xf4, 0xc5, 0x1a, 0xcb, 0xff, 0x61, 0x7f, 0x4e, 0xfd, 0xc3, 0x8b, 0x2f,
+    0xf9, 0xcd, 0xdb, 0xe9, 0x04, 0xee, 0x2c, 0xbf, 0xa6, 0x19, 0xbd, 0xb4,
+    0xb2, 0xb1, 0x32, 0x76, 0x30, 0xf2, 0x6b, 0x9f, 0x11, 0xf5, 0xff, 0xff,
+    0x80, 0x19, 0x66, 0xb5, 0x86, 0x66, 0xe6, 0x14, 0x80, 0xef, 0x05, 0x97,
+    0xff, 0xff, 0xfc, 0x59, 0xc0, 0x75, 0x84, 0xdd, 0xf0, 0xb3, 0xfc, 0xc8,
+    0x13, 0x99, 0xdf, 0xc4, 0xfc, 0x59, 0x66, 0x24, 0xc0, 0xb7, 0xb7, 0x5f,
+    0xff, 0xdf, 0xe0, 0x87, 0xe6, 0xc8, 0x9d, 0xb7, 0x1b, 0xb8, 0x2c, 0xbf,
+    0xff, 0x8b, 0x00, 0xe4, 0x0d, 0x6b, 0x0c, 0xc0, 0x3f, 0x6b, 0x28, 0x91,
+    0x73, 0xf5, 0xfb, 0xf3, 0x7e, 0x3c, 0x31, 0x65, 0xff, 0x4f, 0x5e, 0x21,
+    0x7e, 0x78, 0xb2, 0xfd, 0x14, 0x1b, 0x5c, 0x59, 0x7f, 0xd3, 0xd4, 0x9f,
+    0x06, 0xe7, 0x59, 0x5a, 0x3e, 0x1d, 0xd2, 0x9b, 0xf6, 0xe0, 0x65, 0x3d,
+    0x2c, 0xa6, 0x3d, 0x17, 0x25, 0xbf, 0xfa, 0x1c, 0xc9, 0x1b, 0x13, 0xe8,
+    0xd5, 0x97, 0xed, 0x4e, 0x0d, 0x96, 0x5f, 0xde, 0x61, 0x8f, 0x0c, 0x59,
+    0x7e, 0xd6, 0x6f, 0xf6, 0x6d, 0x3d, 0x4e, 0x89, 0xaa, 0x51, 0xb4, 0xf0,
+    0x97, 0xbf, 0xff, 0xfe, 0x07, 0x32, 0x1e, 0x96, 0xd0, 0x01, 0x3a, 0xc1,
+    0x1a, 0x36, 0xd3, 0xf1, 0x65, 0xff, 0xf7, 0xb2, 0x1b, 0x7a, 0xf3, 0x7f,
+    0xbe, 0x9b, 0x4b, 0x2a, 0x51, 0xa5, 0xf7, 0xdb, 0xff, 0xf8, 0x2e, 0xdf,
+    0xf4, 0xeb, 0x4d, 0xdf, 0xb3, 0x0b, 0xa5, 0x95, 0x05, 0xc8, 0xc6, 0x87,
+    0x1e, 0x88, 0x8e, 0x53, 0xe8, 0x75, 0x82, 0x1f, 0x45, 0x0f, 0x81, 0x11,
+    0x5f, 0xfe, 0xfc, 0x9f, 0xa7, 0x1e, 0x18, 0x1e, 0xa0, 0xb2, 0xf8, 0xa3,
+    0xde, 0x35, 0x97, 0xfe, 0x7d, 0x6d, 0x27, 0xfc, 0x1c, 0x6b, 0x2f, 0xff,
+    0xe6, 0x21, 0xeb, 0x3a, 0xf4, 0xfb, 0x35, 0xa9, 0x35, 0x65, 0x41, 0x13,
+    0x5e, 0x3f, 0xbf, 0x9d, 0xff, 0xb2, 0xdd, 0x2c, 0xbf, 0xfc, 0x6e, 0x79,
+    0xff, 0xce, 0xe0, 0x27, 0xfa, 0xcb, 0xff, 0xff, 0xfd, 0xae, 0x72, 0x75,
+    0xd7, 0x5e, 0x68, 0x9d, 0xf5, 0x9d, 0xff, 0xbe, 0x84, 0xe5, 0xdf, 0xd6,
+    0x5f, 0xf1, 0xdc, 0x61, 0xee, 0xc9, 0x41, 0x65, 0xff, 0x74, 0x2d, 0xce,
+    0x31, 0x99, 0xa5, 0x95, 0x27, 0xf5, 0xd1, 0xe5, 0xff, 0xff, 0x7c, 0x5a,
+    0x7e, 0x75, 0xe6, 0x88, 0x9c, 0xcf, 0xe7, 0x8e, 0xb2, 0xff, 0xf7, 0x33,
+    0x5b, 0x7a, 0xf3, 0x6f, 0x62, 0x1a, 0xca, 0x64, 0x5b, 0xf1, 0xa6, 0xb1,
+    0x50, 0x53, 0x46, 0x1e, 0xf0, 0xd9, 0xbf, 0xf3, 0x0c, 0x5f, 0xe4, 0x93,
+    0x62, 0xcb, 0xfe, 0x3c, 0xeb, 0x7e, 0x6a, 0x62, 0x59, 0x7f, 0xfe, 0xd3,
+    0x0a, 0x3f, 0xfa, 0x5b, 0x5a, 0x62, 0x8d, 0x65, 0xff, 0xd3, 0x9a, 0x83,
+    0xff, 0xce, 0x40, 0x59, 0x7f, 0xfe, 0xf0, 0xbb, 0xff, 0x1f, 0xbe, 0xb6,
+    0x73, 0x9c, 0xc5, 0x97, 0xfc, 0xe7, 0x7f, 0xf9, 0xc8, 0x0b, 0x2d, 0x83,
+    0x4c, 0xaf, 0xca, 0xdf, 0x42, 0xde, 0xb9, 0x7f, 0xed, 0x74, 0x79, 0xef,
+    0x99, 0xbf, 0x16, 0x5c, 0xfb, 0x8b, 0x2f, 0x3e, 0x8d, 0x59, 0x7f, 0xff,
+    0x44, 0x52, 0x3c, 0xef, 0xf9, 0x09, 0x28, 0xcf, 0x8b, 0x2e, 0xc3, 0xac,
+    0xbf, 0xf1, 0x60, 0xd9, 0xca, 0x33, 0xe2, 0xcb, 0xc0, 0xd9, 0xc1, 0x9e,
+    0x90, 0x62, 0xd5, 0xa4, 0xc0, 0x7c, 0x3a, 0x50, 0xad, 0xbe, 0xfb, 0xeb,
+    0x8b, 0x2f, 0xdb, 0x76, 0x73, 0x52, 0xb2, 0xa3, 0x3c, 0xe2, 0x22, 0xa9,
+    0x54, 0x03, 0x1a, 0x16, 0x46, 0x34, 0xf0, 0x83, 0xbf, 0xe8, 0x37, 0xf9,
+    0xd4, 0xff, 0x8b, 0x2f, 0xe0, 0x6d, 0xc1, 0xbc, 0x16, 0x54, 0x47, 0xd2,
+    0xe7, 0x56, 0x35, 0x65, 0xff, 0xd9, 0xd7, 0xa7, 0xd9, 0xad, 0x49, 0xab,
+    0x2f, 0xd9, 0xad, 0x49, 0xab, 0x2f, 0x89, 0x81, 0xc9, 0x3f, 0xfd, 0x09,
+    0x79, 0x16, 0xff, 0xbc, 0xe0, 0x3b, 0xc1, 0xf8, 0xb2, 0xff, 0x3c, 0x21,
+    0x30, 0xeb, 0x8b, 0x2b, 0x0f, 0xb0, 0x47, 0x17, 0xff, 0xff, 0x37, 0xfd,
+    0x83, 0x83, 0x7f, 0x0f, 0xc7, 0x86, 0xce, 0x73, 0x98, 0xb2, 0xb1, 0x3e,
+    0x56, 0x85, 0x0f, 0xa1, 0x61, 0xc2, 0x1b, 0xff, 0xcf, 0x1f, 0x9a, 0x4b,
+    0x22, 0x6d, 0x32, 0xca, 0x83, 0x66, 0x60, 0x38, 0xf6, 0xb2, 0x77, 0x57,
+    0xb8, 0x43, 0x32, 0x6c, 0x50, 0xbf, 0xd1, 0x19, 0xcc, 0x3d, 0x29, 0x59,
+    0xce, 0x80, 0x78, 0x51, 0xb3, 0x72, 0x52, 0x37, 0xe5, 0x4b, 0x18, 0x8d,
+    0x7f, 0xde, 0x7e, 0x31, 0x14, 0xf6, 0xb2, 0xff, 0x37, 0xa7, 0xb8, 0x61,
+    0xd6, 0x5f, 0x61, 0x30, 0xf8, 0x7d, 0x5b, 0x26, 0xf7, 0xff, 0x17, 0xf8,
+    0x1f, 0xd8, 0xa7, 0xb8, 0x2c, 0xbf, 0x16, 0x79, 0xfe, 0xb2, 0xff, 0xd0,
+    0x92, 0x8c, 0x3d, 0x10, 0xa0, 0xb2, 0xf7, 0x33, 0x4b, 0x2f, 0xe2, 0x71,
+    0x83, 0xb0, 0x2c, 0xac, 0x47, 0xae, 0xe2, 0x2c, 0x44, 0xde, 0x40, 0xe0,
+    0xe5, 0xff, 0xce, 0x50, 0xd3, 0xf7, 0xe9, 0xce, 0x2c, 0xbf, 0xfb, 0xa6,
+    0xd7, 0xb2, 0x2f, 0x36, 0xa3, 0x59, 0x7f, 0xf8, 0xb0, 0xc7, 0x06, 0xdf,
+    0xfa, 0x5b, 0xa5, 0x97, 0xdf, 0x8f, 0x06, 0xb2, 0xff, 0x98, 0xd0, 0xf4,
+    0x03, 0xb7, 0x16, 0x51, 0xa8, 0xaa, 0x89, 0x33, 0x64, 0x8e, 0xff, 0xe2,
+    0xc0, 0x66, 0xf6, 0x34, 0x0f, 0xf5, 0x97, 0xfe, 0x6e, 0xf8, 0x07, 0x21,
+    0xc4, 0x25, 0x97, 0x8c, 0x30, 0xc5, 0x97, 0xff, 0x14, 0x83, 0x07, 0xcc,
+    0x3c, 0xf4, 0x90, 0x21, 0xa0, 0xa0, 0x22, 0xd7, 0xec, 0x17, 0xfb, 0xcd,
+    0x83, 0x92, 0xfa, 0xca, 0x82, 0x69, 0xc7, 0x87, 0xd6, 0xf2, 0x3b, 0xff,
+    0x38, 0x3a, 0xf3, 0x44, 0x52, 0x05, 0x95, 0x87, 0xee, 0xc7, 0x17, 0xf6,
+    0xb3, 0x77, 0xce, 0x35, 0x97, 0xfe, 0xce, 0xf6, 0x96, 0x6f, 0xd3, 0x71,
+    0x65, 0xfd, 0xd7, 0x9a, 0x4b, 0xa5, 0x95, 0x27, 0xe1, 0x88, 0x57, 0xfb,
+    0x53, 0xf6, 0xe9, 0x86, 0xb2, 0xfd, 0x08, 0xb3, 0x3a, 0x59, 0x7f, 0x85,
+    0x1c, 0xb0, 0xf0, 0xeb, 0x2d, 0xa5, 0x95, 0xb1, 0x22, 0x82, 0x4c, 0xc8,
+    0xa4, 0x33, 0x3b, 0xf1, 0x98, 0x77, 0xed, 0x65, 0xf0, 0x31, 0xf7, 0x16,
+    0x54, 0x9e, 0x6b, 0x14, 0xd4, 0x17, 0xb6, 0x32, 0x32, 0xf3, 0x53, 0x7b,
+    0x43, 0x68, 0x78, 0xfa, 0x3f, 0xa7, 0x20, 0x28, 0x50, 0x72, 0x18, 0x1f,
+    0x84, 0x75, 0xee, 0x6d, 0x35, 0x65, 0xe8, 0xe7, 0xcb, 0x2b, 0x69, 0xbd,
+    0x22, 0x0b, 0xf7, 0xbf, 0xc1, 0x6e, 0x2c, 0xb8, 0xcd, 0x89, 0x65, 0x49,
+    0xe4, 0xf6, 0x59, 0x7f, 0xc4, 0xe6, 0xff, 0x84, 0xc6, 0xac, 0xbf, 0x7f,
+    0xec, 0x7e, 0x2c, 0xb9, 0xd9, 0x65, 0xfb, 0xbf, 0xef, 0xc2, 0x59, 0x7e,
+    0x7f, 0xc1, 0xc6, 0xb2, 0xc6, 0xe1, 0xe8, 0x91, 0x55, 0xd0, 0xf2, 0xca,
+    0xc4, 0xc1, 0x58, 0xe7, 0xc5, 0x0e, 0xcd, 0xf2, 0x7b, 0x32, 0xcb, 0xff,
+    0xfc, 0x64, 0x94, 0x9a, 0x52, 0x68, 0x7b, 0x33, 0xa9, 0xea, 0x56, 0x5f,
+    0xf4, 0xc6, 0xc7, 0xfe, 0x61, 0xd6, 0x5f, 0xff, 0x49, 0xca, 0x7b, 0x00,
+    0xf0, 0xf1, 0xe1, 0x8b, 0x2f, 0xef, 0x4e, 0xde, 0x9a, 0x35, 0x97, 0xfe,
+    0x73, 0xe6, 0x8d, 0x34, 0x45, 0xf5, 0x97, 0xfa, 0x7f, 0xce, 0x31, 0x44,
+    0xb2, 0xbc, 0x7e, 0x64, 0x81, 0x7f, 0xe3, 0x1c, 0xa1, 0xe1, 0x4f, 0x7c,
+    0x59, 0x7f, 0xff, 0x39, 0xf5, 0x9b, 0xe4, 0xbf, 0x9e, 0x6d, 0x79, 0xd6,
+    0x5f, 0xf3, 0xff, 0x9f, 0xfb, 0xc3, 0x8b, 0x2a, 0x24, 0x7a, 0x68, 0x87,
+    0xc8, 0x04, 0xb5, 0x7f, 0xf3, 0xe9, 0xe1, 0x9c, 0x7f, 0xe4, 0x4b, 0x2f,
+    0xfb, 0xfa, 0x9c, 0xef, 0x6b, 0xf1, 0x65, 0xfd, 0xa7, 0xd1, 0x4c, 0x16,
+    0x5f, 0xff, 0xef, 0xfe, 0x60, 0x4f, 0xe9, 0x3f, 0xb0, 0x6f, 0xd9, 0x2c,
+    0xbf, 0xfd, 0xff, 0x66, 0xff, 0x36, 0xde, 0x71, 0x8e, 0xb2, 0xb1, 0x15,
+    0xae, 0xbf, 0x7f, 0xd0, 0x6d, 0x77, 0x25, 0x3c, 0x59, 0x7f, 0xd3, 0x91,
+    0xea, 0x7e, 0xff, 0x59, 0x4c, 0x7e, 0x02, 0x38, 0xad, 0x84, 0xb9, 0xb9,
+    0x22, 0x11, 0xb2, 0xc0, 0xe0, 0x6a, 0x39, 0x1c, 0xc7, 0x47, 0xbd, 0xa1,
+    0xe8, 0xec, 0xa1, 0xb3, 0xf8, 0x48, 0xdf, 0xd0, 0x98, 0xb1, 0x80, 0xb2,
+    0xc1, 0x36, 0x27, 0xd3, 0xff, 0xd8, 0x05, 0x76, 0x36, 0xb0, 0xb6, 0x57,
+    0x32, 0x97, 0xe3, 0x8f, 0xde, 0x11, 0x80, 0x8e, 0x56, 0x1e, 0x52, 0xd8,
+    0x8d, 0x87, 0x9f, 0x53, 0x97, 0x9d, 0xca, 0x5f, 0x68, 0x5f, 0xee, 0x18,
+    0xc5, 0x1e, 0x36, 0xa5, 0xa8, 0x9e, 0x37, 0xaf, 0x4b, 0xa6, 0x78, 0xf6,
+    0xc1, 0x1c, 0xa1, 0x4e, 0x82, 0xf2, 0xb3, 0x6d, 0xfd, 0x21, 0x14, 0x50,
+    0xe9, 0x31, 0xaf, 0x66, 0x32, 0x70, 0xe7, 0x49, 0x37, 0x61, 0x63, 0x7e,
+    0x87, 0x72, 0x43, 0x59, 0x50, 0x54, 0xc2, 0x52, 0x8e, 0x6f, 0xff, 0x6b,
+    0x0c, 0x1f, 0xb2, 0x22, 0xcd, 0x41, 0x65, 0xed, 0x66, 0xe2, 0xcb, 0xff,
+    0x49, 0x81, 0xc7, 0xcc, 0x3c, 0xee, 0x2c, 0xad, 0x22, 0xb8, 0xe9, 0x7f,
+    0x1f, 0xbf, 0xfe, 0x73, 0xce, 0xba, 0xd0, 0x8d, 0xd0, 0x9f, 0x8b, 0x2b,
+    0x11, 0x04, 0x23, 0x0b, 0xfd, 0xae, 0x84, 0xe3, 0x3c, 0xac, 0xbf, 0xfa,
+    0x74, 0x1f, 0xdb, 0xfe, 0xc1, 0xb2, 0xcb, 0xfc, 0x5d, 0x83, 0x38, 0xfb,
+    0x8b, 0x2f, 0xf8, 0xa6, 0x30, 0xfd, 0xe7, 0xdc, 0x59, 0x7d, 0x38, 0x3e,
+    0xd6, 0x56, 0x22, 0x57, 0xc6, 0xdb, 0xcf, 0x6f, 0xe7, 0x7f, 0xec, 0xb7,
+    0x4b, 0x2e, 0xdf, 0xba, 0xb2, 0xff, 0xff, 0x98, 0x98, 0x1c, 0xd6, 0x75,
+    0xe9, 0xf6, 0x6b, 0x52, 0x6a, 0xca, 0x94, 0xfc, 0x23, 0x34, 0xc8, 0x6c,
+    0xe8, 0xc4, 0x06, 0x1f, 0x1c, 0xbc, 0x16, 0x6c, 0x50, 0x59, 0x79, 0xf5,
+    0x1a, 0xcb, 0xfd, 0x9f, 0xe3, 0x75, 0x84, 0xb2, 0xe3, 0x0c, 0x59, 0x7f,
+    0xe1, 0x46, 0xff, 0xff, 0x7d, 0x31, 0x2c, 0xbc, 0xfd, 0x04, 0xe9, 0x15,
+    0x24, 0x3a, 0x61, 0x90, 0x63, 0x37, 0xed, 0x3c, 0x1b, 0xcb, 0x2f, 0xfe,
+    0xd7, 0x3c, 0xc6, 0x79, 0xa3, 0x72, 0x59, 0x52, 0x7d, 0x8e, 0x4f, 0x7f,
+    0xfc, 0x5d, 0x80, 0xe2, 0xef, 0xd9, 0xbf, 0x3f, 0xc5, 0x97, 0xe8, 0xa1,
+    0x3a, 0x8d, 0x65, 0x61, 0xff, 0x69, 0x52, 0xfd, 0x87, 0xf3, 0x8d, 0x65,
+    0x82, 0x6c, 0x4f, 0xd8, 0xdb, 0x30, 0x8c, 0x81, 0x08, 0xd0, 0x72, 0x58,
+    0x79, 0xa5, 0x9d, 0x52, 0x92, 0x62, 0x2f, 0xd4, 0x32, 0x3c, 0x5c, 0xf7,
+    0xad, 0x30, 0x51, 0xad, 0xf2, 0x50, 0x97, 0xd7, 0x37, 0xc3, 0x40, 0xc8,
+    0x5f, 0x87, 0x09, 0xed, 0xd2, 0x1a, 0x84, 0x29, 0xc7, 0xc7, 0x59, 0xb1,
+    0xf7, 0x2a, 0x03, 0x47, 0x27, 0x84, 0x9f, 0xa7, 0x35, 0xc1, 0x18, 0xb9,
+    0x47, 0x9d, 0xca, 0x64, 0xef, 0xe9, 0x98, 0x82, 0xbe, 0xe0, 0x4b, 0x85,
+    0x05, 0x97, 0xec, 0x1f, 0xa4, 0xc5, 0x97, 0xf7, 0x26, 0x28, 0x34, 0x4b,
+    0x2f, 0xfb, 0xf2, 0x4c, 0x0c, 0xef, 0xeb, 0x2f, 0xb6, 0x5c, 0x80, 0xb2,
+    0xe9, 0x8f, 0x0f, 0x70, 0x33, 0x8a, 0x02, 0x3e, 0x08, 0x5f, 0x85, 0x01,
+    0xc2, 0x2e, 0xec, 0xed, 0x65, 0xe3, 0xb0, 0x16, 0x5f, 0x3e, 0xba, 0x09,
+    0x03, 0x67, 0xc1, 0x7b, 0xff, 0xd0, 0x7e, 0x04, 0x29, 0xcf, 0xcf, 0x70,
+    0x59, 0x78, 0xd6, 0xd2, 0xcb, 0xa4, 0x0b, 0x2f, 0xbf, 0xf9, 0x3a, 0xcb,
+    0xcc, 0x30, 0x8c, 0x7a, 0xbe, 0x1d, 0x0c, 0x5a, 0xff, 0xd3, 0x00, 0x81,
+    0xc9, 0x81, 0xc5, 0xc5, 0x96, 0x6e, 0x91, 0x0e, 0x04, 0x2a, 0x08, 0xa8,
+    0x02, 0x37, 0x56, 0x3b, 0xfc, 0x64, 0xf7, 0xfe, 0x7e, 0x82, 0x08, 0x0d,
+    0x0c, 0x82, 0xcb, 0xf6, 0xba, 0x77, 0xe9, 0x51, 0x1a, 0xaf, 0xff, 0xbc,
+    0xc6, 0x39, 0x75, 0xa9, 0x68, 0x3f, 0x16, 0x5f, 0x7f, 0x4d, 0xda, 0xcb,
+    0xf0, 0xbe, 0x28, 0xa5, 0x65, 0xf9, 0x86, 0xf9, 0xf5, 0x97, 0x8d, 0xef,
+    0x8b, 0x2c, 0x12, 0x34, 0xd5, 0xf1, 0x07, 0xa3, 0x66, 0x4f, 0xf1, 0x1b,
+    0x94, 0xfc, 0x9a, 0xff, 0xff, 0x6f, 0x92, 0xf8, 0x47, 0xde, 0xe3, 0xc1,
+    0xb9, 0xdc, 0x6b, 0x2f, 0xda, 0xe9, 0xdf, 0xa5, 0x45, 0x4a, 0xbd, 0x80,
+    0x75, 0x96, 0xe9, 0x51, 0x0d, 0x29, 0x65, 0x39, 0xaa, 0x00, 0xfd, 0x82,
+    0x62, 0x26, 0xfc, 0x6c, 0xe8, 0xb7, 0xdf, 0x7e, 0xc0, 0xb2, 0xff, 0xf6,
+    0x79, 0x83, 0xfb, 0x10, 0xa1, 0x9c, 0x59, 0x7f, 0xb3, 0xc4, 0xff, 0xfc,
+    0xac, 0xbc, 0x4e, 0x11, 0xd1, 0x3b, 0xf2, 0x30, 0xd2, 0x6f, 0x05, 0x36,
+    0x16, 0xc6, 0xb2, 0xfc, 0xe7, 0x8d, 0xf7, 0x16, 0x5f, 0x74, 0xef, 0xd2,
+    0xa2, 0x3e, 0x5c, 0x39, 0x59, 0x5a, 0x3c, 0x63, 0x98, 0x5f, 0xee, 0x37,
+    0x8c, 0x7d, 0x41, 0x65, 0xde, 0x12, 0xcb, 0xfe, 0x18, 0xbf, 0xcc, 0x83,
+    0x79, 0x65, 0x0c, 0xf4, 0x18, 0x5e, 0xee, 0xf8, 0xb2, 0xc6, 0xac, 0xac,
+    0x35, 0x5b, 0x23, 0x17, 0xfd, 0x9b, 0xcb, 0x38, 0x1e, 0x8d, 0x59, 0x7f,
+    0xf0, 0xb4, 0x0e, 0xbc, 0xd1, 0x14, 0x81, 0x65, 0xfe, 0x86, 0x6e, 0x39,
+    0x03, 0x63, 0x59, 0x7b, 0xf3, 0x8b, 0x2f, 0xfe, 0xfc, 0x24, 0xdd, 0xb3,
+    0xfe, 0x48, 0x16, 0x58, 0xb0, 0xf8, 0x9c, 0x6e, 0xe8, 0x04, 0x0a, 0x2a,
+    0xf4, 0x8c, 0xb3, 0x1c, 0x7b, 0x22, 0x78, 0x42, 0x01, 0x2c, 0x88, 0xf8,
+    0x79, 0xf4, 0x60, 0xe1, 0x39, 0x5d, 0x2b, 0xdf, 0x79, 0x66, 0xd7, 0xf0,
+    0x4e, 0x3c, 0xf7, 0x05, 0x97, 0xef, 0xfa, 0x48, 0xd5, 0x97, 0xf6, 0x9c,
+    0x0f, 0x9a, 0x59, 0x78, 0x45, 0x1a, 0xcb, 0xce, 0x51, 0x2c, 0xaf, 0x1b,
+    0x97, 0x1d, 0xbf, 0xb3, 0x5f, 0x29, 0xed, 0x65, 0xfd, 0xe9, 0x6d, 0xf8,
+    0x35, 0x97, 0xfe, 0x78, 0xe7, 0xcd, 0xa6, 0x93, 0xac, 0xbf, 0xd3, 0xac,
+    0x2f, 0xe7, 0x96, 0x5d, 0x81, 0x25, 0x37, 0x61, 0x94, 0x79, 0x94, 0x04,
+    0x1f, 0x2d, 0xd9, 0x2e, 0x0c, 0xf6, 0x8d, 0x54, 0x36, 0x78, 0xe9, 0xa8,
+    0x22, 0xa7, 0x39, 0x94, 0x8f, 0x7f, 0xff, 0x85, 0xa3, 0x5f, 0x98, 0x39,
+    0xef, 0x81, 0xfc, 0xd6, 0x35, 0x65, 0xee, 0x3f, 0x16, 0x5f, 0x66, 0x89,
+    0xd6, 0x54, 0x9b, 0xc6, 0x1c, 0xa8, 0x23, 0x06, 0x28, 0x51, 0x5e, 0x30,
+    0xde, 0x96, 0x5f, 0xbb, 0xee, 0x19, 0xf5, 0x95, 0xc3, 0xca, 0x11, 0x05,
+    0xff, 0xed, 0x86, 0x69, 0x9b, 0x91, 0x8f, 0x63, 0xdb, 0xb7, 0xdb, 0x2b,
+    0x2f, 0xfc, 0x27, 0xd4, 0x0b, 0x39, 0x3a, 0x59, 0x7d, 0xd3, 0xbf, 0x4a,
+    0x8b, 0x1d, 0x7e, 0x9f, 0x13, 0x86, 0xb2, 0xe1, 0x69, 0x65, 0x68, 0xfb,
+    0x8e, 0x60, 0xe4, 0xf7, 0xfb, 0x18, 0xa3, 0xfe, 0x79, 0x65, 0xcf, 0xc5,
+    0x97, 0xf4, 0x61, 0xeb, 0x59, 0xa5, 0x97, 0x8f, 0xc9, 0x59, 0x50, 0x3e,
+    0x27, 0x16, 0x11, 0x85, 0xff, 0x13, 0x9b, 0xe6, 0x92, 0x8d, 0x65, 0xfc,
+    0x5f, 0xd0, 0xa4, 0xeb, 0x2f, 0xff, 0xc4, 0xe6, 0xed, 0xf9, 0xb2, 0x50,
+    0xcf, 0x31, 0xd6, 0x53, 0xa2, 0x10, 0x45, 0xb7, 0xf0, 0x1f, 0xfc, 0x93,
+    0x56, 0x5d, 0xbf, 0x16, 0x5f, 0xe6, 0xfc, 0xe8, 0xdf, 0x32, 0xcb, 0xff,
+    0xe8, 0x47, 0xb0, 0xe7, 0x60, 0x8f, 0xad, 0x6d, 0xdb, 0xed, 0x95, 0x97,
+    0xfd, 0x9b, 0xe6, 0x1d, 0xc3, 0x3e, 0xb2, 0xb1, 0x31, 0xb6, 0x2e, 0x71,
+    0x80, 0x19, 0x93, 0x3d, 0xfb, 0x37, 0x87, 0x17, 0x16, 0x5c, 0xd0, 0x59,
+    0x7f, 0xb0, 0xbd, 0x9f, 0x91, 0xac, 0xbf, 0x66, 0xff, 0x3c, 0x16, 0x5b,
+    0xec, 0x7b, 0x44, 0x63, 0x43, 0x44, 0xb6, 0x38, 0x5f, 0xf4, 0x1b, 0xe1,
+    0xea, 0x7d, 0x2b, 0x2f, 0xff, 0xcd, 0xc0, 0xfb, 0x06, 0x6f, 0x6f, 0xce,
+    0x14, 0x16, 0x5f, 0x9b, 0xff, 0x6f, 0xac, 0xbf, 0xff, 0x08, 0x9c, 0xdf,
+    0x9b, 0x25, 0x0c, 0xf3, 0x1d, 0x65, 0xf6, 0xb5, 0x9b, 0x2b, 0x2f, 0xda,
+    0x03, 0x7a, 0x56, 0x56, 0xd4, 0xd6, 0x20, 0x73, 0x8a, 0xe7, 0x27, 0x75,
+    0x51, 0x12, 0xdf, 0xb3, 0x59, 0x91, 0x2c, 0xb0, 0x49, 0x5f, 0x90, 0x8d,
+    0xce, 0x04, 0x43, 0x65, 0xc8, 0x55, 0x9a, 0x5c, 0xd0, 0x94, 0x88, 0xb8,
+    0xf0, 0xbc, 0xf4, 0x67, 0xae, 0x8e, 0x50, 0xc2, 0xe4, 0x6f, 0x41, 0xac,
+    0x5e, 0xef, 0xf8, 0xb2, 0xf3, 0x6a, 0x25, 0x97, 0xd0, 0xf8, 0x86, 0xb2,
+    0x8d, 0x3c, 0x0e, 0xc7, 0x6f, 0xff, 0xff, 0xde, 0xc7, 0x6e, 0x7b, 0x01,
+    0xb7, 0x98, 0x3c, 0x3b, 0x77, 0x02, 0x93, 0x40, 0xb2, 0xfe, 0x27, 0x33,
+    0xf9, 0xe5, 0x95, 0xb1, 0x22, 0xc6, 0x28, 0x42, 0x5c, 0x73, 0x56, 0x50,
+    0x54, 0xf1, 0xb6, 0x19, 0x75, 0xf8, 0xb3, 0xcf, 0xf5, 0x97, 0x82, 0xd6,
+    0xc4, 0x05, 0x94, 0x15, 0x3c, 0xed, 0x86, 0x4d, 0x7f, 0xed, 0x88, 0x28,
+    0x15, 0x16, 0x68, 0xa4, 0x0b, 0x2f, 0xfc, 0x15, 0xd8, 0x40, 0x04, 0x8f,
+    0xc2, 0xdd, 0x59, 0x7f, 0x67, 0x53, 0xf6, 0xde, 0xb2, 0xff, 0xd8, 0x67,
+    0x31, 0xb9, 0xfc, 0xdc, 0x59, 0x5e, 0x3f, 0x02, 0x2f, 0xbd, 0xe1, 0x0d,
+    0x65, 0xdb, 0x08, 0x28, 0xb2, 0xff, 0x8a, 0x7c, 0xed, 0xc6, 0xde, 0xb2,
+    0xec, 0x38, 0x50, 0xf6, 0x43, 0x21, 0xbf, 0xb2, 0x10, 0xd0, 0x82, 0xab,
+    0x28, 0x67, 0xc8, 0x46, 0x57, 0xfd, 0x31, 0x37, 0xf8, 0xc5, 0x12, 0xcb,
+    0xff, 0xdd, 0x48, 0x3d, 0xb8, 0xc7, 0xff, 0x1f, 0xb5, 0x97, 0x64, 0x6b,
+    0x2e, 0x1c, 0xac, 0xa0, 0xcd, 0x6e, 0xe8, 0xbd, 0x32, 0x28, 0x44, 0xf9,
+    0x7f, 0xef, 0x36, 0xd0, 0xfa, 0x2c, 0xf6, 0x2c, 0xbf, 0x81, 0xc7, 0xff,
+    0xdd, 0x65, 0x1a, 0x7d, 0xce, 0x83, 0x7f, 0xb9, 0x31, 0x1e, 0x7f, 0xc5,
+    0x97, 0x1f, 0xa5, 0x97, 0xfc, 0xe3, 0x6e, 0xe1, 0xf6, 0xd2, 0xcb, 0xff,
+    0x4e, 0x80, 0x59, 0x14, 0x1a, 0x25, 0x94, 0x35, 0x6d, 0x98, 0x42, 0xd0,
+    0xda, 0xd1, 0x0f, 0xa1, 0xb4, 0x50, 0x90, 0xe1, 0x17, 0xcd, 0x37, 0x8c,
+    0x6e, 0x9c, 0xdf, 0xf1, 0x9a, 0xc2, 0x7e, 0xe1, 0xc5, 0x97, 0x11, 0xab,
+    0x2e, 0xc1, 0xac, 0xac, 0x3e, 0x77, 0x3a, 0xde, 0x2f, 0x7e, 0xf3, 0x9e,
+    0x49, 0x65, 0xf7, 0x3c, 0xc6, 0x2c, 0xbf, 0xfa, 0x2d, 0xc6, 0x8f, 0xd9,
+    0x11, 0x61, 0x8b, 0x2f, 0xee, 0x9f, 0x5b, 0x2f, 0xe5, 0x97, 0x7b, 0xcb,
+    0x2f, 0xd2, 0x67, 0xf3, 0xcb, 0x2e, 0x0f, 0x16, 0x5f, 0x0f, 0x3b, 0xfa,
+    0xca, 0x93, 0x74, 0xc2, 0xf5, 0xb5, 0x35, 0xcc, 0x26, 0x34, 0x8d, 0x92,
+    0x82, 0xe6, 0x24, 0x2f, 0xc6, 0x2b, 0xf8, 0xa4, 0x10, 0xea, 0x35, 0x97,
+    0xff, 0x4c, 0xee, 0xfb, 0x1c, 0x79, 0x87, 0x59, 0x77, 0xf9, 0x11, 0xf9,
+    0xf8, 0xbe, 0xdd, 0x2c, 0xbc, 0x00, 0xa7, 0x96, 0x56, 0xc2, 0x36, 0x7c,
+    0x12, 0xbe, 0x17, 0x3d, 0x8b, 0x2b, 0x47, 0x92, 0x44, 0xf7, 0xff, 0xb3,
+    0x77, 0x3a, 0xff, 0x70, 0xc2, 0x03, 0xac, 0xbf, 0xff, 0xf9, 0x8b, 0x7e,
+    0x0c, 0x9d, 0xf7, 0xe6, 0xe7, 0xf7, 0x1b, 0xe5, 0x20, 0x59, 0x79, 0x84,
+    0x05, 0x96, 0xef, 0x71, 0x12, 0x71, 0x3b, 0xde, 0x3b, 0x69, 0x65, 0x61,
+    0xe5, 0x00, 0xba, 0xf6, 0x39, 0x2c, 0xbd, 0xe9, 0x89, 0x65, 0xcd, 0xf6,
+    0x36, 0xee, 0x35, 0x74, 0x06, 0xb2, 0xff, 0xec, 0x33, 0x85, 0x91, 0x40,
+    0x45, 0xf5, 0x97, 0xd0, 0xdc, 0x63, 0xac, 0xbe, 0xe3, 0xbe, 0xe2, 0xcb,
+    0xef, 0x7a, 0x77, 0x16, 0x5f, 0xb3, 0xdb, 0x8c, 0x4e, 0x7d, 0xdf, 0x25,
+    0x0c, 0x92, 0x89, 0x30, 0x0d, 0xf0, 0xb3, 0xbf, 0xff, 0x75, 0x9b, 0xdb,
+    0x5b, 0x2f, 0x1e, 0xce, 0xb3, 0xdc, 0x59, 0x58, 0x88, 0x97, 0x2a, 0xbf,
+    0xfd, 0xe9, 0xef, 0x23, 0x21, 0x0b, 0xf3, 0xe5, 0x97, 0xfc, 0xdd, 0x79,
+    0xbf, 0xc7, 0xed, 0x65, 0xf8, 0xb0, 0x79, 0xee, 0x91, 0x0b, 0xe4, 0xbb,
+    0xfd, 0xd3, 0x19, 0x91, 0x3e, 0xe2, 0xca, 0xd1, 0xfb, 0xf8, 0xfe, 0xff,
+    0xff, 0xc5, 0x87, 0x21, 0x00, 0xdd, 0xc6, 0x21, 0xe4, 0x66, 0x09, 0xe3,
+    0x59, 0x52, 0x89, 0x3c, 0x22, 0xbf, 0xff, 0xd2, 0x67, 0xb3, 0x4e, 0x7c,
+    0xff, 0xb3, 0x0f, 0x9d, 0x2c, 0xbf, 0xfe, 0x8b, 0x37, 0x4b, 0x37, 0x96,
+    0x00, 0xf3, 0x05, 0x95, 0x28, 0xb3, 0xc6, 0x0b, 0xfe, 0x7e, 0xcb, 0x3f,
+    0xcc, 0x31, 0x65, 0x4a, 0xf7, 0xb6, 0x42, 0xaf, 0xa2, 0x16, 0x8c, 0xab,
+    0x71, 0x62, 0x22, 0xad, 0x47, 0x41, 0xe8, 0xec, 0x0a, 0x1a, 0x82, 0x21,
+    0xbf, 0x79, 0xb4, 0x28, 0x2c, 0xbf, 0xe8, 0xdb, 0xd1, 0x3c, 0x1b, 0xcb,
+    0x2f, 0xda, 0x06, 0xc8, 0xbe, 0xb2, 0xff, 0x6f, 0xf3, 0x0f, 0xd9, 0xc5,
+    0x97, 0xff, 0xfc, 0x21, 0x76, 0x59, 0xbf, 0x68, 0xf3, 0xf0, 0xcf, 0x79,
+    0xe0, 0xb2, 0xff, 0x8f, 0xcf, 0x67, 0xca, 0x4e, 0xb2, 0xf1, 0x67, 0x09,
+    0x14, 0x7b, 0x2d, 0x74, 0xe9, 0x86, 0xef, 0x86, 0xc5, 0xff, 0xed, 0x6a,
+    0x63, 0xc3, 0x3b, 0x87, 0xc4, 0x35, 0x97, 0xd9, 0x84, 0x6a, 0xcb, 0xff,
+    0x31, 0xb9, 0x06, 0x7d, 0xfe, 0x65, 0x96, 0x96, 0x45, 0x76, 0x93, 0xbc,
+    0x43, 0x52, 0xa9, 0x15, 0xa3, 0x39, 0xf4, 0x36, 0x2f, 0xf1, 0x7f, 0x63,
+    0x7f, 0x8a, 0x56, 0x5f, 0xd0, 0x2c, 0xef, 0xee, 0xb2, 0xfe, 0x1f, 0xcd,
+    0x62, 0x1a, 0xca, 0x94, 0x49, 0x39, 0xb8, 0x8b, 0x6f, 0x0f, 0x09, 0x65,
+    0xfe, 0x78, 0xff, 0xc7, 0x7d, 0xc5, 0x95, 0x19, 0xe8, 0xef, 0x1b, 0xbf,
+    0xf3, 0x6b, 0xaf, 0x34, 0x4e, 0xf0, 0x59, 0x7f, 0xf7, 0xa4, 0xfd, 0x79,
+    0xbf, 0x98, 0x75, 0x97, 0xda, 0x8e, 0x4d, 0x59, 0x66, 0x59, 0x73, 0x9b,
+    0x86, 0xd3, 0xe4, 0x95, 0x28, 0xa4, 0x27, 0x8b, 0xff, 0xc5, 0x9e, 0x0f,
+    0x9c, 0x11, 0xf8, 0xfd, 0xac, 0xbe, 0x06, 0x33, 0xac, 0xbc, 0x06, 0x0d,
+    0x65, 0xff, 0xff, 0xe9, 0x2f, 0xf1, 0xbc, 0xc7, 0x1c, 0xfb, 0x37, 0xee,
+    0x31, 0x0f, 0x23, 0x59, 0x7d, 0xbb, 0x3e, 0xe2, 0xca, 0xe9, 0x32, 0x87,
+    0x4c, 0x01, 0x07, 0xc7, 0x77, 0x5e, 0xaf, 0xf9, 0xf5, 0x1f, 0x9b, 0x35,
+    0x12, 0xcb, 0xff, 0x9d, 0xc8, 0x1c, 0xcd, 0xc8, 0x9d, 0xd6, 0x5f, 0xff,
+    0xff, 0xec, 0x6f, 0x6e, 0x31, 0x67, 0xff, 0x31, 0x8c, 0xa6, 0x41, 0xf8,
+    0x61, 0x13, 0xc1, 0x65, 0x74, 0x98, 0x5c, 0x47, 0x5f, 0x45, 0xbf, 0x43,
+    0x91, 0xe1, 0x8b, 0x2f, 0x66, 0xa3, 0x59, 0x79, 0xca, 0x25, 0x95, 0xe3,
+    0x72, 0xe3, 0xb7, 0x9d, 0xfa, 0x54, 0x5a, 0x0b, 0xff, 0xfd, 0x83, 0x9e,
+    0x98, 0xa3, 0xe7, 0x5e, 0x61, 0x8f, 0x09, 0x65, 0xf9, 0xf5, 0x1e, 0x18,
+    0xb2, 0xf3, 0x99, 0xbb, 0xb5, 0x11, 0x5d, 0x30, 0xdf, 0xc0, 0x92, 0x9f,
+    0xf1, 0x65, 0xed, 0x4f, 0xd6, 0x5f, 0xd2, 0x2f, 0x93, 0x6f, 0x59, 0x7f,
+    0x7f, 0x98, 0x6b, 0x6a, 0x23, 0xca, 0xd0, 0xe5, 0x4a, 0xa2, 0xd1, 0xb1,
+    0xf4, 0x41, 0xa8, 0x59, 0x80, 0xec, 0x37, 0x6b, 0xfb, 0xfb, 0x70, 0xd6,
+    0xd2, 0xcb, 0xd0, 0x60, 0x2c, 0xbf, 0xee, 0xff, 0x26, 0xee, 0x30, 0x86,
+    0xb2, 0xfe, 0x6f, 0xf9, 0xc8, 0xd5, 0x94, 0xc8, 0xb7, 0x88, 0xc1, 0xc7,
+    0x38, 0x7d, 0x78, 0x42, 0xd2, 0xcb, 0xc5, 0x3a, 0x59, 0x76, 0xa2, 0x88,
+    0xdc, 0x70, 0x76, 0xff, 0xff, 0x71, 0xcb, 0xd3, 0xbf, 0xd9, 0xfc, 0x72,
+    0xeb, 0x06, 0xb2, 0xff, 0xff, 0x34, 0xfd, 0xbd, 0x3c, 0xf6, 0x73, 0x59,
+    0xd6, 0x7d, 0x65, 0xff, 0xd2, 0x0e, 0x16, 0x6e, 0x0e, 0x7f, 0xc5, 0x96,
+    0x72, 0x45, 0x2f, 0x17, 0xed, 0xa9, 0x4c, 0xb3, 0xd1, 0x82, 0xdf, 0xd1,
+    0xed, 0x8a, 0x13, 0x1a, 0xca, 0xc4, 0xef, 0x5a, 0x35, 0xb7, 0x2f, 0xbf,
+    0x0e, 0x62, 0x63, 0xac, 0xbf, 0x8c, 0x2c, 0x8c, 0x38, 0x2c, 0xbf, 0x0f,
+    0x00, 0xf2, 0xb2, 0xff, 0xff, 0xcf, 0xa8, 0x71, 0x87, 0x9a, 0x8d, 0xb9,
+    0xe7, 0x07, 0x30, 0x96, 0x56, 0x22, 0x47, 0x84, 0xd4, 0xc8, 0xe3, 0x14,
+    0x30, 0x6f, 0xd1, 0x9d, 0xdc, 0x96, 0x5f, 0xf3, 0x83, 0x1b, 0x9c, 0x90,
+    0x2c, 0xa9, 0x3d, 0xee, 0x13, 0xdf, 0xf8, 0x7b, 0x39, 0xc1, 0xf9, 0xb5,
+    0x1a, 0xcb, 0xff, 0xec, 0x33, 0xe7, 0x9c, 0xff, 0xb3, 0x0b, 0xa5, 0x95,
+    0x28, 0x92, 0xf2, 0x1d, 0xed, 0x88, 0x2b, 0xb0, 0x2c, 0xbe, 0xc2, 0x83,
+    0x2c, 0xbf, 0xfb, 0x35, 0xa7, 0x80, 0x64, 0xff, 0xe2, 0xca, 0x93, 0xe4,
+    0x81, 0x05, 0x9b, 0x48, 0xb0, 0xfc, 0x23, 0xef, 0xf4, 0x5e, 0x9f, 0xfa,
+    0x62, 0x59, 0x52, 0xd8, 0x77, 0xc6, 0x51, 0x09, 0x4f, 0xe3, 0x86, 0x6e,
+    0x3f, 0x9a, 0x4b, 0xd4, 0x38, 0xda, 0x34, 0x9d, 0xc8, 0xd6, 0x75, 0x29,
+    0x80, 0xf1, 0x8b, 0x7a, 0x51, 0x8b, 0x9a, 0x14, 0x61, 0x7c, 0x84, 0x2f,
+    0xe1, 0x67, 0xbe, 0x1a, 0x41, 0x96, 0xdf, 0xff, 0xfe, 0x6f, 0x08, 0x9d,
+    0xf7, 0xf5, 0xe6, 0xfe, 0x1f, 0x8d, 0x84, 0x07, 0x59, 0x7f, 0xfd, 0xdc,
+    0x0a, 0x5c, 0x6d, 0xd6, 0x79, 0xfe, 0xb2, 0xa0, 0x8c, 0x56, 0x76, 0xb0,
+    0x16, 0x5e, 0x1f, 0xa5, 0x65, 0xf6, 0x77, 0xf7, 0x59, 0x6e, 0x6d, 0x37,
+    0xc4, 0x39, 0x61, 0x68, 0xfd, 0xfe, 0x9f, 0x6c, 0x59, 0x7f, 0xf8, 0x7e,
+    0x99, 0x6f, 0xf1, 0x8b, 0xb8, 0x2c, 0xb0, 0x86, 0x7b, 0x24, 0x21, 0x76,
+    0x1d, 0x65, 0xff, 0xf1, 0xad, 0xac, 0xef, 0xfe, 0x60, 0xe4, 0x72, 0xb2,
+    0xe7, 0x25, 0x97, 0x98, 0xb1, 0x65, 0xff, 0xb9, 0xe9, 0x3f, 0xf8, 0x4f,
+    0xdc, 0x66, 0xbe, 0x02, 0xb7, 0xfe, 0xef, 0x7f, 0xb7, 0x1b, 0xe5, 0x27,
+    0x59, 0x58, 0x98, 0xd7, 0x70, 0x80, 0x75, 0x6b, 0xd3, 0x1b, 0x2c, 0xac,
+    0x55, 0x84, 0x6c, 0x26, 0x5a, 0x10, 0x3a, 0x27, 0x78, 0xcc, 0x08, 0xd6,
+    0xff, 0xff, 0xb5, 0x83, 0x27, 0x7d, 0xfc, 0xcd, 0xcf, 0x96, 0x66, 0xa2,
+    0x59, 0x7e, 0x2f, 0xed, 0x3c, 0x6b, 0x2f, 0x84, 0x77, 0xfa, 0xcb, 0xff,
+    0xf3, 0x46, 0x59, 0xbf, 0xcd, 0xfe, 0xe1, 0x25, 0x12, 0xca, 0x94, 0x52,
+    0x8c, 0xaf, 0xc4, 0x57, 0xff, 0xfe, 0x6d, 0x36, 0x6f, 0xc8, 0xf1, 0xbf,
+    0x27, 0x27, 0x37, 0xcc, 0xb2, 0xff, 0xe8, 0x4b, 0xc3, 0x6b, 0x44, 0xd8,
+    0x4b, 0x2f, 0xfa, 0x22, 0x93, 0xfa, 0x77, 0x9d, 0x65, 0xff, 0xe8, 0x36,
+    0x80, 0xff, 0xc8, 0xa0, 0xdf, 0x59, 0x7e, 0xfb, 0x6c, 0xe4, 0x6b, 0x2f,
+    0x6c, 0x41, 0x4d, 0x89, 0x65, 0xfe, 0xe6, 0x79, 0xb8, 0x28, 0xd6, 0x5f,
+    0x36, 0xce, 0x46, 0xb2, 0xe7, 0xef, 0x6a, 0x2b, 0xf6, 0x19, 0x5f, 0x0a,
+    0xfe, 0x69, 0x73, 0xf6, 0xb2, 0xb1, 0x39, 0xce, 0xce, 0xf9, 0x0f, 0x9f,
+    0xa8, 0xd9, 0x86, 0xaa, 0xf7, 0xa2, 0xfe, 0xda, 0xff, 0x1f, 0x05, 0xff,
+    0x79, 0xbf, 0xc7, 0xec, 0x06, 0x2c, 0xbc, 0x37, 0x8d, 0x65, 0xda, 0x8f,
+    0xa3, 0xd8, 0x0c, 0xee, 0xff, 0xf8, 0x51, 0xe9, 0xbf, 0x18, 0xb5, 0x0e,
+    0x6e, 0x32, 0xca, 0x65, 0xcf, 0x6f, 0x4b, 0xcb, 0x78, 0x52, 0x11, 0x8d,
+    0xfd, 0x9f, 0xc2, 0x78, 0x96, 0x5f, 0xda, 0x6e, 0x8a, 0x7c, 0xb2, 0xff,
+    0x84, 0xff, 0x78, 0x3f, 0x70, 0x59, 0x7e, 0x70, 0xf3, 0xbf, 0xac, 0xbb,
+    0x5c, 0x59, 0x50, 0x46, 0x96, 0x16, 0x74, 0x5b, 0xc3, 0x9d, 0x92, 0x9b,
+    0xfc, 0xc3, 0xc3, 0xed, 0xc1, 0xac, 0xb9, 0xf8, 0xb2, 0xfc, 0xc6, 0x05,
+    0x02, 0xa1, 0x45, 0x97, 0xff, 0xc2, 0xd6, 0xa4, 0xb0, 0xd6, 0xf7, 0xb0,
+    0x35, 0x96, 0x0b, 0xac, 0xad, 0x1f, 0x28, 0x94, 0x2f, 0xa7, 0x53, 0x12,
+    0xcb, 0xc5, 0x27, 0x59, 0x69, 0x59, 0x51, 0x1a, 0xb3, 0x8d, 0xdf, 0xe3,
+    0x88, 0xbf, 0xc1, 0x69, 0x65, 0x41, 0x3a, 0x91, 0x9a, 0x1a, 0x2d, 0xa8,
+    0x4d, 0x1c, 0x88, 0x93, 0x76, 0x48, 0xaf, 0xde, 0x73, 0xc9, 0x2c, 0xb6,
+    0x96, 0x5e, 0xd6, 0x62, 0xca, 0x01, 0xac, 0xdd, 0x11, 0xbf, 0xff, 0xbb,
+    0xe4, 0xc3, 0x59, 0x1c, 0xeb, 0x3e, 0xdd, 0x98, 0xb2, 0xc6, 0xac, 0xa8,
+    0xcf, 0xc0, 0x97, 0xaf, 0xdd, 0xc3, 0x5c, 0xe2, 0xca, 0x93, 0xcc, 0xc2,
+    0x2b, 0xff, 0xb7, 0x44, 0x7f, 0x49, 0xe2, 0xdc, 0x61, 0xac, 0xbf, 0xdd,
+    0xfb, 0x22, 0x89, 0xf8, 0xb2, 0x99, 0x10, 0x4e, 0x99, 0x7f, 0x17, 0x70,
+    0xf8, 0x86, 0xb2, 0xfd, 0xb9, 0x84, 0x76, 0x59, 0x52, 0x7b, 0x0e, 0x5f,
+    0x7c, 0x53, 0x86, 0x2c, 0xbc, 0x58, 0x05, 0x97, 0xff, 0xcd, 0xb7, 0x71,
+    0xa3, 0xdb, 0xec, 0x88, 0xb0, 0xc5, 0x97, 0xd1, 0x66, 0x46, 0xb2, 0xfd,
+    0xc6, 0xf9, 0x4a, 0xcb, 0xb3, 0xdc, 0x3c, 0x9f, 0x91, 0xd8, 0xc0, 0xaa,
+    0x61, 0x5a, 0x21, 0xf0, 0xdf, 0xe1, 0x43, 0x7f, 0x19, 0xf2, 0x93, 0xf1,
+    0x65, 0x39, 0xfe, 0x09, 0x3a, 0xfd, 0x17, 0xb0, 0x0e, 0xb2, 0xa5, 0x5f,
+    0x54, 0x21, 0xc1, 0x90, 0xa2, 0xf3, 0xc9, 0x47, 0x4d, 0xbc, 0x86, 0xff,
+    0xff, 0xbd, 0x9f, 0xfb, 0xc7, 0x9f, 0x3b, 0x08, 0xa2, 0x2c, 0x31, 0x65,
+    0xff, 0x9f, 0x5f, 0xce, 0xc0, 0xef, 0x12, 0xcb, 0xff, 0xfe, 0x27, 0x07,
+    0x3a, 0xf3, 0x16, 0x34, 0x3d, 0x3e, 0x63, 0x56, 0x50, 0xd3, 0x0b, 0x89,
+    0x9f, 0xe7, 0xf7, 0xf7, 0xfd, 0x90, 0x80, 0x16, 0x54, 0x9f, 0x01, 0x19,
+    0x5f, 0xe2, 0x77, 0xdf, 0x0d, 0xe0, 0x59, 0x7f, 0xfd, 0xc9, 0x8b, 0xd3,
+    0xbc, 0xb0, 0x7e, 0x9e, 0x2c, 0xa1, 0xa2, 0x1f, 0xe6, 0xd7, 0xdd, 0x48,
+    0x38, 0xb2, 0xfe, 0xf3, 0x19, 0xb3, 0x20, 0x59, 0x7f, 0xf8, 0xed, 0xdc,
+    0x38, 0x59, 0xd7, 0xc4, 0x4b, 0x2f, 0xf7, 0x33, 0x70, 0x0e, 0xf1, 0x2c,
+    0xbf, 0xfd, 0x9f, 0xe3, 0x66, 0xa4, 0x1c, 0x6d, 0xeb, 0x2b, 0x13, 0x42,
+    0xe8, 0x8e, 0x22, 0x33, 0x98, 0xf9, 0x2f, 0x64, 0xda, 0xff, 0xef, 0xfb,
+    0x37, 0xee, 0x30, 0x87, 0x83, 0x59, 0x7f, 0xcf, 0xf2, 0xc1, 0xfb, 0x3e,
+    0xb2, 0xfe, 0x03, 0x43, 0x8c, 0x35, 0x95, 0x2a, 0xbc, 0xb2, 0x3e, 0x96,
+    0x5c, 0x74, 0x91, 0x1b, 0xdf, 0x8b, 0xa7, 0xe3, 0x2c, 0xbf, 0xff, 0xb4,
+    0x53, 0x3d, 0xed, 0xe7, 0xca, 0x47, 0xe9, 0xfa, 0xcb, 0x9b, 0xcb, 0x2f,
+    0xa0, 0x4e, 0x1a, 0xcb, 0xfc, 0x37, 0x06, 0xb4, 0xe0, 0x59, 0x7d, 0xae,
+    0xb7, 0x0c, 0x59, 0x7c, 0x68, 0x55, 0xcc, 0x59, 0x58, 0x7a, 0x0e, 0x51,
+    0x4c, 0x8a, 0x32, 0x84, 0x1d, 0x4a, 0x70, 0x98, 0x4f, 0xb8, 0xb8, 0xe2,
+    0xc2, 0x86, 0x2d, 0xff, 0xda, 0x2c, 0xdf, 0xac, 0x6f, 0x48, 0xd6, 0x5e,
+    0x7d, 0xc6, 0x59, 0x7f, 0xe0, 0xfe, 0x6b, 0x1b, 0x38, 0x52, 0xb2, 0xdd,
+    0xac, 0xbf, 0xfc, 0xce, 0xf1, 0x7f, 0xd9, 0x0f, 0x36, 0xf5, 0x97, 0xff,
+    0xd9, 0xfe, 0x61, 0x99, 0xe6, 0xd0, 0xa4, 0x0b, 0x2a, 0x51, 0x59, 0xb8,
+    0x24, 0x49, 0x77, 0xe0, 0xfe, 0x52, 0x05, 0x95, 0x29, 0xd3, 0x76, 0x89,
+    0xa1, 0xe3, 0xc3, 0xaf, 0x79, 0x8d, 0xfa, 0x7f, 0x9e, 0x95, 0x97, 0xf9,
+    0xf4, 0x01, 0x74, 0x76, 0x59, 0x7f, 0xe1, 0x14, 0x5e, 0xc2, 0xc6, 0x1a,
+    0xcb, 0xd1, 0xc5, 0x8b, 0x2f, 0xff, 0xb7, 0xe7, 0x5a, 0x77, 0xee, 0x1c,
+    0xdc, 0x62, 0x59, 0x52, 0x7e, 0x6e, 0x3d, 0x7f, 0xf6, 0xe3, 0x67, 0xa7,
+    0x7f, 0x3d, 0x3d, 0xac, 0xa9, 0x4d, 0x35, 0x8d, 0x3d, 0x0b, 0x0e, 0x10,
+    0x5f, 0x4f, 0xf0, 0xeb, 0x2f, 0xfd, 0xcf, 0x61, 0x9e, 0x63, 0x0b, 0x16,
+    0x50, 0x0f, 0x83, 0x79, 0x0d, 0xfb, 0xb8, 0x14, 0x9d, 0x65, 0xff, 0xff,
+    0xfe, 0x3e, 0xe3, 0x78, 0x18, 0xe5, 0xd6, 0x77, 0x0e, 0x37, 0xf8, 0xdd,
+    0xc0, 0xa7, 0xd2, 0xb2, 0xfe, 0xcf, 0x36, 0x6a, 0x25, 0x97, 0xfe, 0xce,
+    0xe1, 0xc6, 0xfb, 0x96, 0x2c, 0xbf, 0xd8, 0x7f, 0x64, 0x4f, 0x12, 0xcb,
+    0xf3, 0x47, 0xe9, 0x9d, 0xa7, 0xe3, 0xf3, 0xda, 0xda, 0x8d, 0xec, 0x84,
+    0xf5, 0xff, 0xef, 0x4f, 0x79, 0xa9, 0xfb, 0x74, 0xc3, 0x59, 0x78, 0x5a,
+    0x89, 0x65, 0xf6, 0x45, 0x9f, 0x19, 0xf4, 0x71, 0x2a, 0xcc, 0x34, 0x65,
+    0x7a, 0x12, 0x35, 0x2a, 0xa3, 0xb0, 0xa3, 0xd2, 0x8e, 0x6f, 0xff, 0xfc,
+    0xc5, 0x9f, 0x93, 0x98, 0x27, 0x8f, 0x6e, 0x79, 0xb5, 0xe7, 0x59, 0x7e,
+    0x34, 0xd7, 0xff, 0x16, 0x5f, 0xff, 0x64, 0x6e, 0x36, 0x17, 0x5a, 0x63,
+    0x22, 0x65, 0x95, 0x28, 0xe9, 0xc6, 0xdd, 0x15, 0x5c, 0xfb, 0xab, 0x2f,
+    0x79, 0x8c, 0x59, 0x7e, 0xee, 0x1c, 0x2c, 0x39, 0xb6, 0xf8, 0xcd, 0xff,
+    0x77, 0x0e, 0x45, 0xa7, 0xff, 0x16, 0x5f, 0xff, 0xff, 0xbd, 0x3a, 0xe6,
+    0x31, 0x1b, 0xb7, 0xcd, 0xb7, 0x8c, 0x2e, 0xce, 0xee, 0x43, 0x59, 0x7f,
+    0xff, 0xff, 0xff, 0xfb, 0x5a, 0xc6, 0x28, 0xf6, 0xf9, 0xb6, 0xf5, 0xe6,
+    0xf3, 0x99, 0xb4, 0x13, 0x16, 0xdf, 0x66, 0x6d, 0x2c, 0x1f, 0x9f, 0x6e,
+    0x61, 0x9f, 0x59, 0x74, 0x5b, 0x46, 0x9b, 0x36, 0x42, 0x1a, 0xb1, 0x3d,
+    0x97, 0x8e, 0x8a, 0xfc, 0x53, 0xd4, 0x0e, 0xb2, 0xff, 0xf6, 0x6e, 0x78,
+    0x51, 0x7b, 0x22, 0x84, 0xf6, 0xb2, 0xff, 0xee, 0x64, 0x5e, 0x9d, 0xf9,
+    0xef, 0x4a, 0xca, 0x1a, 0x2f, 0xb4, 0x51, 0xf5, 0x0b, 0xfc, 0xe0, 0xe1,
+    0xdf, 0xbf, 0xac, 0xa5, 0x97, 0xfd, 0xc2, 0x10, 0xbf, 0x09, 0x35, 0x65,
+    0x76, 0x78, 0xbf, 0x0b, 0xac, 0x46, 0x63, 0x98, 0x09, 0xe6, 0xff, 0xd9,
+    0x1e, 0xa6, 0x7e, 0xde, 0x95, 0x97, 0xfe, 0x68, 0xb8, 0x4e, 0xe3, 0xf3,
+    0x2c, 0xbf, 0x8b, 0x39, 0xe9, 0x1a, 0xca, 0x93, 0xe9, 0xc3, 0xda, 0x24,
+    0x63, 0x72, 0x14, 0xd7, 0xff, 0xa0, 0xc6, 0xb7, 0xcb, 0x21, 0xae, 0x71,
+    0x65, 0xff, 0xd8, 0x71, 0x41, 0xc7, 0xb7, 0xe7, 0x02, 0xcb, 0xfa, 0x62,
+    0xcd, 0xed, 0xa5, 0x97, 0xff, 0xa1, 0xe7, 0x87, 0x44, 0xfb, 0xbb, 0xbb,
+    0xac, 0xb2, 0xa5, 0x10, 0x58, 0x5f, 0x7c, 0xda, 0xc2, 0x59, 0x52, 0x9a,
+    0xa7, 0x92, 0x8a, 0x19, 0x3c, 0x21, 0xbf, 0x76, 0x3f, 0x31, 0x8b, 0x2f,
+    0xfe, 0x10, 0xf0, 0x85, 0x06, 0x1e, 0x01, 0x65, 0x49, 0xf6, 0xb1, 0x55,
+    0xff, 0xc2, 0x73, 0xfc, 0xb2, 0x32, 0xce, 0xd6, 0x5f, 0xf6, 0x75, 0x3e,
+    0x69, 0x21, 0xac, 0xbf, 0xfb, 0xd8, 0x60, 0xb1, 0xbd, 0xc9, 0x8d, 0x65,
+    0xcc, 0x28, 0xcf, 0xf3, 0xb3, 0x7a, 0x8d, 0x9c, 0x7e, 0x38, 0xdc, 0xf2,
+    0x14, 0x3d, 0x4a, 0xb2, 0xd4, 0x64, 0x0e, 0xc8, 0x09, 0x42, 0xe5, 0x1d,
+    0x97, 0x21, 0xe9, 0xf8, 0xde, 0xf7, 0xc2, 0xb8, 0xc2, 0x0d, 0xd8, 0x60,
+    0x5f, 0x45, 0x06, 0x89, 0x65, 0xc5, 0x1a, 0xcb, 0xe0, 0x69, 0xf6, 0x56,
+    0x56, 0xd3, 0xe0, 0xd8, 0x09, 0x3b, 0x17, 0xbf, 0xf3, 0x19, 0xb8, 0xd1,
+    0xf2, 0x66, 0x25, 0x96, 0xdd, 0x59, 0x77, 0xb7, 0x56, 0x5f, 0xfe, 0xcd,
+    0xfe, 0x78, 0x01, 0xfb, 0x03, 0x76, 0xb2, 0xdf, 0x93, 0xe7, 0xf0, 0xd5,
+    0xff, 0xf6, 0xa3, 0x9d, 0xce, 0x16, 0x7f, 0xed, 0xae, 0x96, 0x5f, 0xd9,
+    0x1f, 0x0b, 0x37, 0xac, 0xa8, 0x26, 0x4a, 0xcf, 0x6e, 0x4f, 0xf5, 0x4b,
+    0xbc, 0x1a, 0xcb, 0x1a, 0xb2, 0xa5, 0xb1, 0xeb, 0xca, 0x74, 0x8b, 0x46,
+    0xab, 0xb8, 0x6e, 0xf1, 0xb4, 0x70, 0xf0, 0x31, 0x8b, 0xff, 0xf4, 0x33,
+    0x8e, 0x40, 0xf6, 0x4f, 0xf9, 0x20, 0x59, 0x7c, 0xe7, 0x78, 0x2c, 0xbf,
+    0xfb, 0xcd, 0xb7, 0x0b, 0x1b, 0x4f, 0xbd, 0x65, 0xff, 0xcc, 0x4e, 0x32,
+    0xc1, 0xfa, 0x78, 0xb2, 0xf0, 0x73, 0xa5, 0x97, 0xfd, 0x19, 0xe7, 0x5f,
+    0x29, 0x8d, 0x65, 0xf7, 0x5d, 0x9b, 0xd2, 0xcb, 0xc1, 0xc8, 0x16, 0x53,
+    0x1e, 0x20, 0x09, 0xef, 0xb7, 0xc9, 0x74, 0xb2, 0xff, 0xfe, 0x92, 0xc0,
+    0x73, 0x07, 0xe9, 0x8c, 0xe2, 0x21, 0xac, 0xa6, 0x3f, 0xef, 0x12, 0x5f,
+    0x9b, 0xff, 0x98, 0x2c, 0xba, 0x7b, 0x59, 0x50, 0x55, 0x26, 0x35, 0x33,
+    0x48, 0x7a, 0x45, 0xd2, 0x0b, 0x8e, 0x93, 0xf7, 0xe1, 0x3f, 0xbc, 0x87,
+    0x64, 0x9e, 0xfe, 0x2f, 0xcf, 0x3e, 0xcb, 0x2f, 0xff, 0xe9, 0x8b, 0x07,
+    0xe9, 0xdf, 0xec, 0xf9, 0x4c, 0x9d, 0x65, 0xff, 0x0c, 0xa6, 0x18, 0x79,
+    0xe9, 0x65, 0xfd, 0xd8, 0xc7, 0x8f, 0x1a, 0xcb, 0xff, 0xda, 0x7e, 0xb3,
+    0x7b, 0x6b, 0x65, 0xe3, 0xd9, 0x59, 0x7f, 0xfe, 0xf3, 0x6f, 0x2c, 0x33,
+    0x1b, 0xed, 0xa7, 0x02, 0xcb, 0xc5, 0x23, 0x59, 0x7d, 0x0c, 0xf6, 0x2c,
+    0xbd, 0x18, 0x89, 0x65, 0xdd, 0xf3, 0x6a, 0x6d, 0x12, 0x70, 0x32, 0xfe,
+    0x94, 0xe2, 0x55, 0x71, 0xb0, 0xc8, 0x6f, 0xef, 0x34, 0x4e, 0xf1, 0xac,
+    0xbd, 0x38, 0x05, 0x96, 0x9e, 0x8f, 0x26, 0x22, 0xea, 0x95, 0x5a, 0xc7,
+    0x2c, 0x78, 0xf0, 0xc1, 0x0b, 0xeb, 0xe6, 0x8c, 0xf2, 0xb2, 0xfe, 0x9d,
+    0x47, 0x3a, 0x8d, 0x65, 0xff, 0xe2, 0x73, 0x3d, 0x30, 0x62, 0xc3, 0xca,
+    0xcb, 0xff, 0xb3, 0xbf, 0xce, 0x6b, 0x53, 0x3b, 0xab, 0x2c, 0x64, 0x48,
+    0x8d, 0x24, 0x7b, 0xfe, 0x68, 0xf0, 0xc9, 0xf0, 0x89, 0x65, 0x41, 0x31,
+    0xfc, 0x85, 0xe7, 0x8a, 0xaf, 0xfb, 0x7b, 0x90, 0x3d, 0x80, 0x75, 0x97,
+    0xe6, 0x37, 0xed, 0x1a, 0xcb, 0xff, 0xd9, 0x80, 0x3c, 0xc5, 0xc1, 0xf9,
+    0xe3, 0x59, 0x4c, 0x8a, 0xdf, 0x1c, 0x91, 0x4d, 0xff, 0xe9, 0xf4, 0x9e,
+    0x22, 0xc3, 0x3f, 0x9e, 0x59, 0x7c, 0xfe, 0x62, 0x59, 0x7d, 0x80, 0x92,
+    0x59, 0x62, 0x8c, 0xf0, 0x3c, 0x41, 0x4b, 0x2f, 0xd0, 0xd4, 0xe0, 0xd6,
+    0x5c, 0xc2, 0xec, 0xd9, 0x10, 0x5d, 0xff, 0xfe, 0xc8, 0x75, 0xe6, 0xf4,
+    0xe6, 0xa1, 0xf2, 0x93, 0xf1, 0x65, 0xff, 0xb4, 0xf1, 0x8a, 0x70, 0x85,
+    0x1a, 0xca, 0xf2, 0x27, 0xf8, 0xc1, 0x7f, 0xf4, 0xf0, 0xb0, 0xd6, 0xf7,
+    0xb3, 0x71, 0x65, 0xff, 0x0b, 0xfb, 0x9c, 0xc6, 0x21, 0xac, 0xbe, 0x14,
+    0xf6, 0x35, 0x97, 0xfb, 0x0f, 0x91, 0x41, 0xb1, 0x65, 0x0d, 0x56, 0xb7,
+    0x45, 0xcf, 0x08, 0xae, 0x2d, 0x7e, 0x19, 0x62, 0x23, 0xde, 0x8c, 0x61,
+    0xd8, 0x64, 0x77, 0x0c, 0xeb, 0x2f, 0xb7, 0x67, 0x51, 0xac, 0xbc, 0x2f,
+    0xf1, 0x65, 0xed, 0xd6, 0x31, 0x65, 0x4a, 0xe6, 0x06, 0x4b, 0xb8, 0x8a,
+    0x11, 0xce, 0x2e, 0x22, 0x6d, 0xd1, 0xdb, 0x05, 0x56, 0x5f, 0x63, 0x78,
+    0x4b, 0x2f, 0xd2, 0x59, 0xbd, 0xd6, 0x5b, 0xa8, 0x8f, 0x23, 0x44, 0x35,
+    0x1a, 0x21, 0xf4, 0xbb, 0x7f, 0xfe, 0x6f, 0xf1, 0xba, 0x7d, 0x75, 0xe6,
+    0xde, 0xe7, 0x59, 0x7f, 0xff, 0xce, 0x6f, 0x06, 0xd9, 0xdf, 0x4c, 0x4f,
+    0xd9, 0xe6, 0x78, 0xb2, 0xff, 0xf1, 0xe7, 0xaf, 0xf3, 0x01, 0x39, 0xdc,
+    0x16, 0x5f, 0x1a, 0xdd, 0x32, 0xcb, 0xa6, 0x18, 0x7d, 0xdf, 0x4b, 0xaf,
+    0x26, 0x02, 0x50, 0xd5, 0xbc, 0x3c, 0x82, 0xcb, 0xdb, 0x8c, 0x62, 0xcb,
+    0xc6, 0xb7, 0x4b, 0x2f, 0xcd, 0xbc, 0xb3, 0x9b, 0x4f, 0x6b, 0xc3, 0x9f,
+    0x20, 0xbf, 0xed, 0xf8, 0x38, 0xb3, 0x08, 0xd5, 0x97, 0xff, 0xa1, 0x3c,
+    0xf4, 0x97, 0xfd, 0xb8, 0xc7, 0x59, 0x44, 0x88, 0x7f, 0x9d, 0xdf, 0xfa,
+    0x4f, 0xc6, 0xd4, 0xfd, 0xb7, 0xac, 0xbf, 0x6e, 0x37, 0x9e, 0x25, 0x96,
+    0xfc, 0x9f, 0x57, 0x8f, 0xef, 0xe9, 0xe8, 0x9f, 0xbf, 0xac, 0xbf, 0xdc,
+    0xd4, 0xc6, 0xfa, 0xe9, 0x65, 0xf4, 0x7b, 0x32, 0x75, 0x94, 0xc7, 0xb6,
+    0x19, 0xad, 0x41, 0x51, 0x9b, 0x43, 0x57, 0x72, 0x11, 0x87, 0x27, 0xfc,
+    0x22, 0x6f, 0xd3, 0xf8, 0xf0, 0xc5, 0x97, 0xfe, 0xef, 0xa2, 0x78, 0xde,
+    0x0d, 0xe5, 0x95, 0xa3, 0xe9, 0x11, 0x4d, 0xe6, 0x07, 0x16, 0x5f, 0x64,
+    0x7b, 0xfe, 0xb2, 0xb0, 0xf0, 0x44, 0x39, 0x7f, 0xf7, 0x1f, 0xbf, 0xff,
+    0x3a, 0x18, 0xa3, 0x59, 0x6c, 0xe8, 0xfa, 0x7e, 0x43, 0x7e, 0x1f, 0x42,
+    0xcd, 0xc5, 0x97, 0xfe, 0x29, 0xef, 0xd2, 0xc4, 0xe3, 0x59, 0x51, 0x1f,
+    0x41, 0xcb, 0x2f, 0xb9, 0x84, 0x6a, 0xcb, 0xe9, 0xc8, 0x3a, 0xca, 0xec,
+    0xf0, 0xbc, 0x45, 0x7f, 0xff, 0xdc, 0xf6, 0x7f, 0x67, 0x09, 0xa7, 0xb2,
+    0xcd, 0xf3, 0x86, 0x2c, 0xbe, 0x06, 0xc0, 0x15, 0xd8, 0x96, 0x53, 0x22,
+    0x6b, 0x4d, 0x35, 0x29, 0xa2, 0x0d, 0x95, 0xe1, 0x7b, 0x7f, 0x87, 0xbe,
+    0x4b, 0xf8, 0x05, 0x97, 0xe9, 0xff, 0xa7, 0xeb, 0x2e, 0x20, 0x2c, 0xa8,
+    0xcf, 0xc7, 0x46, 0x8e, 0x4f, 0x7f, 0xff, 0xf8, 0x5a, 0xf6, 0x45, 0x13,
+    0xea, 0x2f, 0xf8, 0x40, 0xe6, 0x36, 0xf1, 0xca, 0xcb, 0xfe, 0x6f, 0x73,
+    0x4c, 0x52, 0x75, 0x97, 0xf4, 0xf3, 0x71, 0xbb, 0xfa, 0xcb, 0xfa, 0x79,
+    0x11, 0x64, 0x4b, 0x29, 0x93, 0x13, 0xdc, 0x7d, 0xd1, 0xbf, 0x8c, 0x6f,
+    0xdf, 0xf3, 0x91, 0xab, 0x2f, 0xf6, 0xe9, 0x08, 0x5d, 0x31, 0xab, 0x2d,
+    0xf5, 0x94, 0xb2, 0xf9, 0x8c, 0x3b, 0xf6, 0x5e, 0x7c, 0x46, 0xff, 0x0a,
+    0x31, 0xfb, 0x0a, 0x56, 0x54, 0xa2, 0xff, 0xa5, 0x42, 0x38, 0xbf, 0xfe,
+    0x93, 0xee, 0x34, 0xc9, 0x6b, 0x18, 0xf8, 0xb2, 0xff, 0xec, 0x1f, 0xa4,
+    0xce, 0xe1, 0xf1, 0x0d, 0x65, 0xff, 0xc0, 0xf3, 0x0b, 0xfc, 0xf0, 0xb3,
+    0xeb, 0x2e, 0xce, 0x2c, 0xb9, 0xfe, 0xb2, 0xd0, 0xd1, 0xac, 0xf0, 0xb5,
+    0xb8, 0xe8, 0x98, 0x13, 0x8d, 0xb0, 0x6a, 0xaa, 0xf1, 0x03, 0xa8, 0x73,
+    0xc4, 0x5e, 0x49, 0xdf, 0x86, 0xfd, 0xff, 0xec, 0xd6, 0xc7, 0xcf, 0x93,
+    0x77, 0xcd, 0xbf, 0x59, 0x7f, 0xfb, 0x24, 0xb3, 0xa2, 0xcf, 0x89, 0xcc,
+    0x59, 0x7f, 0xf1, 0x7b, 0x27, 0xb7, 0x6e, 0x06, 0x6a, 0xcb, 0xff, 0xf4,
+    0x1b, 0xfb, 0x47, 0xe9, 0xd1, 0x66, 0xf7, 0xfa, 0xca, 0x94, 0x4e, 0xc4,
+    0x8b, 0x7f, 0xd8, 0x0d, 0x9c, 0x71, 0xe7, 0x16, 0x5f, 0xfc, 0xdf, 0xf6,
+    0x34, 0x39, 0x9d, 0xfd, 0x65, 0x0d, 0x38, 0x6c, 0x87, 0x29, 0x11, 0xf0,
+    0xea, 0xfe, 0x29, 0x87, 0xb8, 0x05, 0x97, 0xfc, 0x02, 0xcf, 0xf1, 0xdc,
+    0x96, 0x5f, 0xfc, 0x2c, 0x8b, 0x1b, 0xa2, 0xcf, 0x62, 0xcb, 0x00, 0x68,
+    0xa6, 0xe8, 0xb4, 0x8d, 0xaf, 0x1d, 0xfb, 0x59, 0x7f, 0xff, 0x41, 0x87,
+    0x9e, 0xc8, 0xe6, 0x0d, 0xce, 0x66, 0xe2, 0xca, 0xd2, 0x2c, 0x00, 0x6d,
+    0xf1, 0xdb, 0x84, 0x6a, 0xcb, 0xfd, 0x9e, 0x1f, 0xa4, 0xa3, 0x59, 0x61,
+    0xf8, 0xf2, 0xcc, 0x18, 0xbe, 0xf6, 0x0d, 0x96, 0x54, 0x9e, 0x57, 0x0a,
+    0x6a, 0x5b, 0x0e, 0x78, 0x12, 0x0e, 0x35, 0x9c, 0x95, 0x6a, 0xd0, 0xc6,
+    0xd4, 0x33, 0x3d, 0x1e, 0xa3, 0xc2, 0x94, 0xa5, 0xf6, 0xf1, 0xa3, 0xf1,
+    0xec, 0x0a, 0x39, 0x70, 0xe1, 0x8b, 0x7f, 0xb0, 0x71, 0xe8, 0x52, 0x05,
+    0x97, 0xff, 0xc0, 0x7f, 0x60, 0x00, 0xfa, 0xcd, 0xfe, 0xc5, 0x97, 0xff,
+    0xef, 0xf0, 0x84, 0x2e, 0xe1, 0xc1, 0xfb, 0x1b, 0xeb, 0x2b, 0x48, 0xdb,
+    0x39, 0xa1, 0x28, 0x5f, 0xd0, 0xd6, 0xa4, 0xfc, 0x59, 0x52, 0x7b, 0xbd,
+    0x97, 0xdf, 0xfe, 0x26, 0x18, 0xe7, 0xfc, 0x1f, 0xa4, 0x96, 0x58, 0xeb,
+    0x2f, 0xc0, 0x62, 0x87, 0x16, 0x57, 0x66, 0xe3, 0xe2, 0x35, 0x88, 0xa2,
+    0x68, 0x40, 0x5f, 0xde, 0x89, 0xbc, 0xc7, 0x59, 0x70, 0x38, 0xb2, 0xfb,
+    0xa2, 0x17, 0x16, 0x5f, 0xf0, 0xf0, 0xe5, 0x9f, 0xf3, 0x2c, 0xbf, 0x0b,
+    0x40, 0x0a, 0x6c, 0x25, 0x95, 0x88, 0x8d, 0x62, 0x3e, 0x1b, 0xd6, 0x26,
+    0x00, 0xc5, 0xde, 0x85, 0x25, 0xf7, 0x0a, 0x63, 0x59, 0x7f, 0xdf, 0x16,
+    0xdc, 0xce, 0xb2, 0x56, 0x56, 0x8f, 0x70, 0x88, 0xaf, 0xff, 0xdb, 0xa5,
+    0x9b, 0xdf, 0x8d, 0x85, 0xed, 0xc6, 0x3a, 0xcb, 0x43, 0x0f, 0xed, 0x88,
+    0x6f, 0x4e, 0x12, 0xcb, 0xa4, 0x96, 0x56, 0x8d, 0x79, 0xc6, 0xaf, 0x8d,
+    0xd4, 0x9d, 0x65, 0xe8, 0xf0, 0xc5, 0x97, 0x64, 0x6b, 0x2b, 0x69, 0xfc,
+    0xc9, 0x09, 0x84, 0x7b, 0x23, 0xd7, 0xff, 0xff, 0xe9, 0x28, 0xff, 0xcc,
+    0x33, 0xd3, 0xbf, 0xe5, 0x3d, 0xfb, 0x1c, 0x79, 0x87, 0x59, 0x7f, 0x98,
+    0xbf, 0x0c, 0xd6, 0x2c, 0xbf, 0xc3, 0x78, 0x7f, 0x8e, 0x05, 0x97, 0x9a,
+    0x4e, 0xb2, 0xe9, 0xeb, 0x0f, 0x3b, 0x46, 0x75, 0x1a, 0x66, 0x10, 0x84,
+    0x21, 0x3f, 0xdf, 0xfe, 0x38, 0x1f, 0x59, 0xbf, 0x18, 0x7e, 0x65, 0x97,
+    0xfe, 0x70, 0x6a, 0x4b, 0xfe, 0xc8, 0x2c, 0xbf, 0xfc, 0x0c, 0x62, 0xfe,
+    0x1d, 0xfe, 0x07, 0x59, 0x52, 0x98, 0x26, 0x1b, 0x32, 0x50, 0x8f, 0x6f,
+    0x67, 0x9d, 0x65, 0xff, 0xb8, 0x3f, 0x4c, 0x50, 0x6d, 0x41, 0x65, 0xe1,
+    0x08, 0x96, 0x5f, 0x9b, 0xde, 0xc1, 0xac, 0xa5, 0x83, 0x3c, 0x3e, 0x0e,
+    0x57, 0x68, 0xac, 0x8a, 0x10, 0x74, 0x34, 0x78, 0xbc, 0x31, 0xef, 0xfd,
+    0x90, 0xf3, 0xc3, 0x6f, 0xe0, 0xcb, 0x2f, 0xc5, 0x80, 0x17, 0x16, 0x5f,
+    0xe9, 0xff, 0xb1, 0x89, 0xd6, 0x54, 0x67, 0xaf, 0xa2, 0x7b, 0xfc, 0x0d,
+    0x9c, 0x71, 0xe7, 0x16, 0x5e, 0xdc, 0x63, 0xac, 0xbf, 0xfe, 0x70, 0x72,
+    0x41, 0xfc, 0x61, 0xe1, 0x44, 0xb3, 0xc5, 0xfd, 0x4a, 0x35, 0x30, 0x8d,
+    0xd5, 0x2f, 0xf4, 0x3f, 0xec, 0xd4, 0xfd, 0x65, 0xfc, 0x66, 0x75, 0xd6,
+    0x18, 0xb2, 0xee, 0xb7, 0xac, 0xb0, 0x16, 0x5f, 0xfe, 0x87, 0x33, 0x53,
+    0xc2, 0xc0, 0x0b, 0x8b, 0x2b, 0x0f, 0x69, 0xc4, 0x6a, 0x51, 0x29, 0xe7,
+    0x4a, 0xc4, 0x73, 0xfe, 0x18, 0xb7, 0xff, 0xb3, 0x74, 0x07, 0x98, 0xbe,
+    0xc2, 0xd7, 0x16, 0x5f, 0xe3, 0xe6, 0x17, 0xf6, 0x71, 0x65, 0xff, 0xdc,
+    0xfc, 0xce, 0x81, 0x11, 0x61, 0x8b, 0x2f, 0x80, 0x07, 0x1a, 0xcb, 0xb3,
+    0xb5, 0x96, 0xf6, 0x1b, 0x96, 0x22, 0xae, 0xd1, 0xae, 0xe6, 0x80, 0x7e,
+    0xbc, 0x6c, 0x04, 0xb2, 0xfd, 0xe9, 0xd4, 0x67, 0x59, 0x7f, 0x84, 0xe5,
+    0xec, 0x78, 0x96, 0x5b, 0xb8, 0x8f, 0x6c, 0xc2, 0x9a, 0x64, 0x52, 0x3b,
+    0xcd, 0x4a, 0xb5, 0xbc, 0x8c, 0x69, 0x89, 0xde, 0x32, 0x52, 0x86, 0xa5,
+    0xff, 0x3e, 0xee, 0xb0, 0x89, 0xe2, 0x59, 0x52, 0xcd, 0x10, 0x84, 0x31,
+    0x32, 0x32, 0x6e, 0xe3, 0x0b, 0x68, 0x67, 0x7a, 0x53, 0xab, 0xc6, 0x58,
+    0x02, 0x72, 0x8d, 0xaf, 0x92, 0xe2, 0x04, 0xb1, 0x70, 0x89, 0x65, 0xf7,
+    0x7c, 0x9e, 0xd6, 0x50, 0x5c, 0xdd, 0x10, 0xb5, 0xfa, 0x26, 0x8f, 0x3b,
+    0x59, 0x7b, 0x42, 0x82, 0xca, 0xec, 0xf1, 0xfe, 0x55, 0x7f, 0x6d, 0xf9,
+    0x49, 0xf8, 0xb2, 0x98, 0xf4, 0x9c, 0x8e, 0xff, 0xcf, 0xad, 0x60, 0x78,
+    0x37, 0x82, 0xcb, 0xc5, 0x80, 0x59, 0x69, 0x59, 0x40, 0x35, 0x7f, 0x1b,
+    0xb9, 0xfe, 0xb2, 0xb4, 0x6d, 0xfc, 0x43, 0x7c, 0x79, 0xd7, 0x16, 0x5f,
+    0xe9, 0x39, 0x60, 0x05, 0xc5, 0x97, 0xfd, 0xac, 0xf6, 0x47, 0xb5, 0xb8,
+    0xb2, 0xb1, 0x16, 0x0c, 0x42, 0x44, 0x42, 0x32, 0xbf, 0xd0, 0x6e, 0x72,
+    0x75, 0x05, 0x97, 0xce, 0x79, 0x65, 0x97, 0xbe, 0xc6, 0x2c, 0xa1, 0x9f,
+    0x84, 0x46, 0x66, 0x10, 0x5f, 0xcc, 0x42, 0x86, 0x71, 0x65, 0xff, 0xfa,
+    0x0d, 0xfe, 0x75, 0xe6, 0xff, 0x70, 0x6f, 0xf1, 0x65, 0xff, 0x48, 0x0e,
+    0xf0, 0xd6, 0x46, 0xb2, 0xf4, 0x79, 0xba, 0xb2, 0xfe, 0x9c, 0xff, 0x1f,
+    0xb5, 0x97, 0xfd, 0xf9, 0xec, 0x0f, 0xef, 0x32, 0xcb, 0xe6, 0xd9, 0xc8,
+    0xd6, 0x56, 0x1e, 0xf7, 0xce, 0x6c, 0x75, 0x97, 0xf3, 0x10, 0xa1, 0x9c,
+    0xda, 0x6c, 0xb7, 0x90, 0xd4, 0xaa, 0x11, 0x34, 0xc6, 0x22, 0xcf, 0x2c,
+    0x11, 0xcf, 0x08, 0x3f, 0x0b, 0xdb, 0xef, 0x0b, 0x3e, 0xb2, 0xff, 0xc2,
+    0xee, 0x1c, 0xf6, 0x46, 0x22, 0x59, 0x7f, 0xb6, 0xeb, 0x71, 0x81, 0x83,
+    0x59, 0x7e, 0x27, 0xfb, 0x9d, 0x65, 0x32, 0x30, 0x74, 0x44, 0x74, 0x10,
+    0xce, 0x2c, 0x10, 0x29, 0x08, 0x40, 0x9d, 0x89, 0x77, 0x60, 0x8c, 0x6f,
+    0x63, 0x7a, 0x0b, 0x0b, 0x02, 0xd2, 0x5c, 0xce, 0x14, 0xc7, 0x18, 0x2c,
+    0x23, 0x8b, 0x1c, 0xfe, 0x96, 0x56, 0x33, 0x46, 0xce, 0x64, 0xf5, 0x3a,
+    0xb9, 0xdc, 0x63, 0x6d, 0x1f, 0xb6, 0xe3, 0x6c, 0x53, 0x87, 0x9a, 0x9c,
+    0xc5, 0x3c, 0x7a, 0x5e, 0xac, 0xf8, 0x5e, 0x58, 0x88, 0x25, 0xb6, 0x85,
+    0xd2, 0x0a, 0x78, 0x07, 0x95, 0x8e, 0xaf, 0xe9, 0xe6, 0xa2, 0x8c, 0x0b,
+    0x7c, 0x2f, 0x4c, 0x20, 0xd9, 0x8d, 0x40, 0x39, 0x57, 0x7b, 0xb1, 0x96,
+    0x5f, 0xda, 0x08, 0x3d, 0xed, 0x2b, 0x2f, 0xed, 0xd6, 0x19, 0x4c, 0x4b,
+    0x2f, 0x4b, 0x92, 0xcb, 0xec, 0xf3, 0xfd, 0x65, 0x82, 0xb8, 0x7d, 0x7e,
+    0x30, 0x21, 0xab, 0xf8, 0x2c, 0xd8, 0x1f, 0xf9, 0xba, 0xb2, 0xff, 0xe9,
+    0x39, 0x4e, 0xd8, 0xa1, 0x3a, 0x8d, 0x65, 0xff, 0xe9, 0xd0, 0xa2, 0x89,
+    0xbc, 0xc7, 0x71, 0xac, 0xbf, 0xb0, 0xfb, 0x62, 0x28, 0x96, 0x5f, 0x9f,
+    0xfc, 0x9d, 0xc5, 0x94, 0x33, 0xdb, 0x23, 0x1b, 0xfb, 0xc1, 0xee, 0xc9,
+    0x01, 0x65, 0xff, 0xff, 0x8b, 0xfc, 0x96, 0x86, 0x6e, 0x97, 0xe7, 0xd2,
+    0x68, 0xa7, 0x75, 0x65, 0xed, 0xd1, 0xca, 0xca, 0x74, 0x47, 0x89, 0xc2,
+    0xfc, 0x2f, 0xc5, 0x26, 0xac, 0xbf, 0xe9, 0x8f, 0x91, 0x31, 0xde, 0x25,
+    0x94, 0x35, 0x4a, 0xbd, 0x23, 0xb4, 0x29, 0xa2, 0x21, 0xf4, 0x30, 0x08,
+    0x8b, 0x74, 0xaa, 0xff, 0xff, 0xec, 0xdd, 0x27, 0xeb, 0x74, 0x27, 0x18,
+    0xc2, 0xce, 0x6d, 0x7f, 0x8a, 0x56, 0x5c, 0x06, 0x59, 0x5a, 0x44, 0x8f,
+    0x1e, 0xef, 0xee, 0x9f, 0x51, 0xe1, 0x8b, 0x2b, 0x0f, 0x4d, 0x88, 0xef,
+    0xff, 0xde, 0xc2, 0xc3, 0x7c, 0xf0, 0xf1, 0x8e, 0x19, 0xd6, 0x5b, 0xb5,
+    0x97, 0xfd, 0x2d, 0xcc, 0x6f, 0x4f, 0xd6, 0x54, 0x0f, 0x23, 0xc2, 0x57,
+    0xdd, 0x3b, 0xf4, 0xa8, 0xb5, 0x97, 0xff, 0x36, 0xbc, 0xfc, 0x7f, 0x93,
+    0x81, 0x65, 0xf3, 0x6b, 0x70, 0x6b, 0x2a, 0x09, 0xac, 0x34, 0x27, 0xf4,
+    0x45, 0xe3, 0x0d, 0xe8, 0x57, 0xec, 0x83, 0x78, 0x4b, 0x2f, 0xfa, 0x02,
+    0x6f, 0x46, 0xe4, 0x35, 0x97, 0xfe, 0x27, 0xd4, 0xc5, 0xb7, 0x34, 0xcb,
+    0x2f, 0xff, 0xdc, 0x29, 0x8b, 0x4c, 0x09, 0x6d, 0xd1, 0xe7, 0x16, 0x5f,
+    0xcc, 0x77, 0x8b, 0x3c, 0xb2, 0x99, 0x18, 0x71, 0x1f, 0x9d, 0x5e, 0xfc,
+    0x0c, 0xdd, 0x2f, 0xac, 0xbf, 0xc2, 0x2c, 0xdd, 0x63, 0x19, 0x65, 0xf7,
+    0x1c, 0xba, 0x59, 0x5e, 0x3d, 0x7d, 0xd3, 0x5b, 0xa7, 0xeb, 0x2a, 0x51,
+    0x79, 0x90, 0x81, 0x88, 0x96, 0xf6, 0xa4, 0xeb, 0x2f, 0xef, 0x67, 0x26,
+    0x3d, 0xd5, 0x97, 0xff, 0x87, 0x27, 0x29, 0xdb, 0x14, 0x27, 0x51, 0xac,
+    0xb8, 0x03, 0x59, 0x7e, 0xd7, 0x4e, 0xfd, 0x2a, 0x28, 0x35, 0xf6, 0x75,
+    0x9d, 0xac, 0xba, 0x01, 0x25, 0x17, 0xa3, 0x4d, 0xc1, 0x7f, 0x1b, 0x56,
+    0x26, 0x6e, 0xf0, 0xee, 0xbf, 0xef, 0x6e, 0xb8, 0x02, 0x4f, 0x0c, 0x59,
+    0x7a, 0x29, 0xfa, 0xca, 0x93, 0xdc, 0xc3, 0xfb, 0x74, 0xb2, 0xfe, 0xf6,
+    0x7f, 0xce, 0x75, 0x97, 0xfb, 0x6f, 0xe4, 0xed, 0xa8, 0x96, 0x56, 0x1f,
+    0x18, 0x0b, 0x6f, 0xec, 0x2e, 0x9c, 0x80, 0xb2, 0xb6, 0xa3, 0x08, 0x9d,
+    0x78, 0x43, 0x7f, 0xa1, 0x3a, 0x8e, 0x75, 0x1a, 0xcb, 0xfd, 0xdc, 0x27,
+    0x3f, 0xb7, 0x16, 0x5e, 0xea, 0x7a, 0x59, 0x52, 0x88, 0x8c, 0x35, 0x73,
+    0x5b, 0xf1, 0xf3, 0x74, 0x80, 0xb2, 0xf6, 0x1d, 0x96, 0x5f, 0x69, 0x8d,
+    0x3a, 0xcb, 0xdf, 0xcf, 0x2c, 0xbf, 0xd2, 0x5f, 0x9d, 0x31, 0xd6, 0x5d,
+    0xf6, 0x59, 0x7f, 0xfd, 0x80, 0x7d, 0x66, 0xfc, 0x1e, 0x1e, 0x7a, 0x59,
+    0x52, 0x98, 0xd8, 0xca, 0xb0, 0x6c, 0xd2, 0x3f, 0x0e, 0x39, 0x89, 0x0b,
+    0x5c, 0x78, 0x96, 0x5f, 0x00, 0x45, 0x12, 0xcb, 0x9b, 0xa5, 0x95, 0x26,
+    0xeb, 0x64, 0x8e, 0xde, 0xda, 0x7e, 0xa1, 0x14, 0xaf, 0xed, 0x73, 0x35,
+    0x3c, 0x59, 0x7d, 0xc3, 0xc8, 0x16, 0x53, 0x1e, 0x7b, 0x96, 0xdf, 0xa2,
+    0x03, 0x94, 0x4b, 0x2e, 0x26, 0x59, 0x52, 0x6f, 0xba, 0x29, 0xbe, 0x70,
+    0x66, 0x96, 0x5f, 0x48, 0x41, 0x8d, 0x65, 0xfe, 0xc1, 0x75, 0xe9, 0xd6,
+    0x2c, 0xbf, 0xed, 0x49, 0x85, 0x83, 0x6d, 0x2c, 0xbf, 0xfe, 0xcf, 0x79,
+    0xdb, 0xf2, 0x59, 0xec, 0xe9, 0x65, 0x62, 0x7e, 0xe6, 0xbd, 0xb2, 0xf7,
+    0x88, 0x48, 0x87, 0x84, 0x82, 0x33, 0xd9, 0x38, 0xbf, 0xff, 0x60, 0x42,
+    0xc6, 0x29, 0x89, 0xc8, 0x4d, 0x1a, 0xcb, 0xf9, 0xbe, 0x28, 0x9b, 0xeb,
+    0x28, 0x68, 0x82, 0x89, 0x52, 0xff, 0xe7, 0xdd, 0xe6, 0x6e, 0x93, 0xff,
+    0x37, 0x56, 0x5f, 0xe7, 0x8d, 0xf3, 0xf8, 0x75, 0x97, 0xff, 0xff, 0x68,
+    0x0e, 0x39, 0xd6, 0xef, 0x33, 0x74, 0x81, 0x31, 0x07, 0xba, 0x23, 0xac,
+    0xbf, 0xff, 0x9f, 0xf8, 0x7c, 0x68, 0xa1, 0xec, 0x18, 0xbf, 0xc5, 0x97,
+    0xff, 0xdc, 0x68, 0xdf, 0x8e, 0x4f, 0xff, 0x4c, 0x4b, 0x2f, 0xfc, 0xe4,
+    0x0c, 0xfc, 0x93, 0x01, 0x65, 0x4a, 0x6c, 0x43, 0x7d, 0xfa, 0xde, 0xca,
+    0x7d, 0xff, 0xff, 0x41, 0x8c, 0x7f, 0x48, 0xfa, 0x78, 0xfe, 0x59, 0x1e,
+    0xa5, 0x65, 0x82, 0x6c, 0x6d, 0x9a, 0x86, 0xc2, 0x37, 0x99, 0x51, 0xf0,
+    0x8d, 0x5f, 0x23, 0x78, 0x35, 0x47, 0xb2, 0x76, 0x87, 0xe4, 0x50, 0xec,
+    0xd1, 0xa1, 0xe3, 0x53, 0xf4, 0x20, 0xde, 0x1c, 0x45, 0x0b, 0x9e, 0x46,
+    0x91, 0xf9, 0x59, 0xc2, 0x87, 0xa9, 0x84, 0x9b, 0x29, 0x61, 0xc7, 0x29,
+    0xba, 0x81, 0x7f, 0x8d, 0x08, 0xfe, 0xf6, 0x46, 0xb2, 0xff, 0xf0, 0x43,
+    0xbc, 0x02, 0x66, 0xba, 0x77, 0xe9, 0x51, 0x45, 0xaf, 0xf0, 0x4c, 0xd7,
+    0x4e, 0xfd, 0x2a, 0x2e, 0xa5, 0x4c, 0x2c, 0x1e, 0x61, 0x1c, 0xf6, 0x36,
+    0x75, 0x0f, 0xf6, 0x9f, 0x25, 0x3d, 0x21, 0xfb, 0xd8, 0x84, 0xf2, 0x79,
+    0x52, 0xe0, 0xac, 0xfb, 0x0a, 0x38, 0x2e, 0x1b, 0xfd, 0x72, 0xfd, 0xae,
+    0x9d, 0xfa, 0x54, 0x44, 0x2b, 0x46, 0xb2, 0xf7, 0x98, 0x96, 0x5d, 0x83,
+    0x59, 0x6e, 0x96, 0x57, 0x47, 0x87, 0xe1, 0xb2, 0x16, 0xbe, 0xcd, 0xed,
+    0xa5, 0x97, 0xcd, 0xac, 0xed, 0x65, 0x62, 0x3f, 0xcd, 0x36, 0xed, 0x57,
+    0x70, 0xbf, 0x64, 0x8e, 0xff, 0xe8, 0xf0, 0xc0, 0x9c, 0x18, 0x9f, 0x50,
+    0x59, 0x7c, 0x52, 0x0e, 0x2c, 0xbf, 0xb4, 0x2f, 0x6f, 0xc1, 0xac, 0xbd,
+    0x98, 0x35, 0x97, 0x7c, 0x24, 0x47, 0xd9, 0xa2, 0x12, 0x30, 0xa0, 0x89,
+    0xa1, 0xc1, 0x47, 0x21, 0x6b, 0x7f, 0xf0, 0x40, 0xbc, 0x97, 0xc3, 0x39,
+    0x64, 0x6b, 0x2d, 0xb2, 0xb2, 0xfa, 0x7d, 0x27, 0x59, 0x7d, 0xd3, 0xbf,
+    0x4a, 0x88, 0xd9, 0x5d, 0x1e, 0x8e, 0x88, 0x6c, 0x10, 0x68, 0x88, 0xc6,
+    0x5b, 0xfc, 0x13, 0x35, 0xd3, 0xbf, 0x4a, 0x8a, 0x6d, 0x73, 0xc1, 0x65,
+    0xf7, 0x4e, 0xfd, 0x2a, 0x2a, 0x05, 0x0c, 0xf1, 0xb4, 0x2d, 0x7b, 0x3b,
+    0x31, 0x65, 0x82, 0x61, 0xe0, 0x78, 0x8a, 0xff, 0x04, 0xcd, 0x74, 0xef,
+    0xd2, 0xa2, 0xa6, 0x5c, 0x06, 0x59, 0x7e, 0x17, 0x6e, 0x2d, 0x2c, 0xbc,
+    0x26, 0xd2, 0xcb, 0xee, 0x9d, 0xfa, 0x54, 0x56, 0x0b, 0xef, 0xcf, 0x70,
+    0x59, 0x5a, 0x3d, 0x33, 0x98, 0x5f, 0x98, 0xc1, 0x8b, 0x4b, 0x2d, 0x1a,
+    0xcb, 0x83, 0x82, 0xcb, 0xce, 0x5d, 0x2c, 0xa9, 0x3c, 0x60, 0x09, 0x7c,
+    0x62, 0xee, 0x12, 0xcb, 0x86, 0x6a, 0xcb, 0xd2, 0x06, 0x59, 0x71, 0xf8,
+    0xb2, 0xfc, 0xf0, 0xfb, 0x46, 0xb2, 0xfd, 0xce, 0x16, 0x01, 0x65, 0x31,
+    0xe7, 0xb9, 0x45, 0xcd, 0xb2, 0xb2, 0xda, 0x59, 0x79, 0xb6, 0x5e, 0x4d,
+    0x50, 0x86, 0x6f, 0xf0, 0x4c, 0xd7, 0x4e, 0xfd, 0x2a, 0x23, 0xf5, 0xc2,
+    0xe2, 0xcb, 0xc5, 0x23, 0x59, 0x52, 0x8a, 0x88, 0x19, 0x8d, 0x0d, 0x85,
+    0xef, 0xb3, 0x0a, 0x0b, 0x2d, 0x2b, 0x2d, 0x1a, 0xcb, 0xf3, 0x73, 0xe2,
+    0x75, 0x95, 0x26, 0xe4, 0x62, 0x55, 0x03, 0xe9, 0xc4, 0x9b, 0xd1, 0x0b,
+    0x4b, 0x2e, 0x19, 0x2c, 0xa9, 0x36, 0x9e, 0x1e, 0xbf, 0xbb, 0x83, 0xc1,
+    0x89, 0x65, 0xe9, 0x28, 0x96, 0x5f, 0x45, 0x09, 0xed, 0x65, 0xf4, 0xf1,
+    0xa2, 0x59, 0x58, 0x88, 0xf3, 0x4b, 0x58, 0x73, 0x44, 0x97, 0x8d, 0x7f,
+    0xac, 0xb9, 0xfe, 0xb2, 0xe3, 0xee, 0xac, 0xbb, 0xff, 0x59, 0x60, 0x81,
+    0x62, 0xeb, 0xb4, 0x8b, 0x0c, 0xa7, 0x1b, 0xfa, 0x22, 0xed, 0xbd, 0x8b,
+    0xb7, 0x05, 0xb4, 0x30, 0x71, 0xbf, 0x33, 0x3c, 0x3c, 0x80, 0x76, 0x50,
+    0x89, 0xe2, 0xaf, 0xe1, 0x5e, 0x23, 0xcd, 0x91, 0xd0, 0xc5, 0xb7, 0x46,
+    0xaf, 0xff, 0x04, 0x3b, 0xc0, 0x26, 0x6b, 0xa7, 0x7e, 0x95, 0x13, 0x7a,
+    0xff, 0xe3, 0xbc, 0x02, 0x66, 0xba, 0x77, 0xe9, 0x51, 0x3f, 0x2f, 0x6c,
+    0x41, 0x4d, 0x89, 0x65, 0xff, 0xff, 0x78, 0x5f, 0x27, 0x37, 0xbf, 0xea,
+    0x73, 0xb7, 0x6e, 0xdd, 0x65, 0xb6, 0x2d, 0x89, 0x12, 0x78, 0x57, 0x7f,
+    0x39, 0xe4, 0xf2, 0x1a, 0xcb, 0xff, 0x05, 0x02, 0xaf, 0x0f, 0x36, 0xfc,
+    0x8d, 0x65, 0xcf, 0x05, 0x97, 0x31, 0xd6, 0x50, 0x51, 0x1a, 0x9b, 0x11,
+    0x90, 0x54, 0xb7, 0x61, 0x24, 0xe8, 0x5a, 0xff, 0xdb, 0x14, 0x8f, 0x37,
+    0x90, 0x83, 0x95, 0x97, 0xdb, 0x14, 0x7c, 0x02, 0xcb, 0xf3, 0xc7, 0xf1,
+    0x1a, 0xb2, 0xfd, 0xd6, 0x8a, 0x60, 0xb2, 0x82, 0xd1, 0xfd, 0xe8, 0xa5,
+    0xca, 0xae, 0x0c, 0xeb, 0x2f, 0xec, 0x35, 0xbe, 0x52, 0xb2, 0xba, 0x3c,
+    0x4d, 0x91, 0x8b, 0xa0, 0x75, 0x97, 0xf7, 0x1c, 0xfa, 0x9e, 0x2c, 0xbf,
+    0xed, 0xed, 0xd6, 0xc5, 0x91, 0x4f, 0xd6, 0x5f, 0xb5, 0x3e, 0x14, 0xac,
+    0xbf, 0x7b, 0x3f, 0x23, 0x59, 0x41, 0x45, 0x46, 0x3b, 0x14, 0x30, 0x02,
+    0xaf, 0x1b, 0x0c, 0x98, 0x2d, 0x0b, 0xe1, 0x6b, 0x20, 0xb9, 0x3d, 0xfb,
+    0x62, 0x9f, 0xc8, 0xd6, 0x5e, 0xe6, 0x12, 0xcb, 0xfb, 0x63, 0xd8, 0x0f,
+    0x39, 0xf5, 0x97, 0xf8, 0x2d, 0x6c, 0x4d, 0xb3, 0xe6, 0x0b, 0xac, 0xb8,
+    0xba, 0x59, 0x7d, 0xc8, 0x8f, 0xc5, 0x97, 0xe2, 0xff, 0x98, 0xeb, 0x2f,
+    0xa2, 0x13, 0x86, 0xb2, 0xa4, 0xf2, 0xdc, 0x9e, 0xf1, 0xe7, 0x8b, 0x2e,
+    0xeb, 0xa5, 0x97, 0xfb, 0xaf, 0x37, 0xf3, 0x0e, 0xb2, 0xed, 0xfd, 0x2e,
+    0x30, 0x25, 0x05, 0x13, 0xf8, 0xd8, 0xcb, 0x36, 0x18, 0xd8, 0x5a, 0x37,
+    0x94, 0x56, 0x17, 0x89, 0xbf, 0x44, 0x00, 0x1c, 0xe0, 0xcf, 0xcc, 0xef,
+    0xc1, 0x40, 0xae, 0xce, 0x76, 0xb2, 0xfe, 0xd8, 0x9e, 0x3f, 0x36, 0xe2,
+    0xcb, 0xfe, 0xdb, 0xff, 0x61, 0xf3, 0x58, 0xb2, 0xfe, 0x0b, 0x61, 0x40,
+    0xa0, 0x57, 0x92, 0xb2, 0xfd, 0xb0, 0x1a, 0x6e, 0x6e, 0x2c, 0xbf, 0xbe,
+    0xc4, 0x66, 0x12, 0xcb, 0xb8, 0x25, 0x97, 0x80, 0x1f, 0xd6, 0x61, 0x6f,
+    0x76, 0xfe, 0x97, 0x18, 0x0a, 0xde, 0x59, 0x70, 0x00, 0xb2, 0xb6, 0x24,
+    0xf5, 0x02, 0xa6, 0x9b, 0x19, 0xb6, 0xc2, 0x3a, 0x0b, 0x48, 0x18, 0x64,
+    0xe8, 0x7f, 0x2c, 0x11, 0x38, 0x62, 0x37, 0xb6, 0x33, 0x9d, 0x65, 0xe7,
+    0x1b, 0x2c, 0xbf, 0xf8, 0x9f, 0xfc, 0x29, 0xd6, 0x9c, 0x6b, 0x2a, 0x07,
+    0xbb, 0x83, 0x77, 0xf7, 0x9b, 0xe5, 0x31, 0x2c, 0xb9, 0xf1, 0x65, 0x74,
+    0x78, 0x5a, 0x2d, 0xbe, 0x71, 0xe1, 0xd6, 0x5e, 0xea, 0x49, 0x65, 0xff,
+    0xb7, 0xcf, 0x9a, 0x62, 0x8a, 0x7a, 0x59, 0x41, 0x44, 0xe1, 0x02, 0xaf,
+    0xfb, 0x03, 0x18, 0x58, 0x47, 0x84, 0x2c, 0x39, 0x7d, 0xb1, 0xc6, 0x7e,
+    0x2c, 0xbf, 0xb2, 0x29, 0x26, 0xed, 0x65, 0xfc, 0x4c, 0x6f, 0x9e, 0x0b,
+    0x2f, 0xff, 0x9f, 0xf2, 0x5d, 0x31, 0xc6, 0x27, 0xd4, 0x16, 0x51, 0xcf,
+    0xf0, 0x8b, 0x6f, 0xc6, 0x7f, 0xf2, 0x75, 0x95, 0xb0, 0x1e, 0x54, 0x64,
+    0x37, 0xfc, 0xfe, 0x6d, 0xe1, 0x0c, 0x30, 0xc4, 0x97, 0xfb, 0xcf, 0xff,
+    0xbb, 0x98, 0xb2, 0xe9, 0x1a, 0xcb, 0xf6, 0x74, 0xfc, 0x65, 0x95, 0xb1,
+    0xa7, 0xe9, 0xb0, 0x8a, 0x42, 0xc8, 0x79, 0x85, 0xb2, 0x80, 0xb4, 0x81,
+    0xd9, 0x9f, 0x85, 0xaf, 0xff, 0xf7, 0x9b, 0x93, 0x0c, 0xf3, 0x6b, 0xcf,
+    0x82, 0xcf, 0x2c, 0xbf, 0xfe, 0xd4, 0xb7, 0xfd, 0x83, 0x6e, 0x61, 0x01,
+    0x65, 0x82, 0xae, 0x8a, 0xbe, 0x2f, 0x5d, 0xc9, 0x59, 0x41, 0x43, 0xc2,
+    0x81, 0x65, 0xfd, 0xb9, 0x3a, 0x77, 0x82, 0xcb, 0xf7, 0x99, 0xc0, 0x16,
+    0x96, 0x5e, 0x9e, 0xe0, 0xb2, 0xb6, 0x24, 0x4f, 0xec, 0x32, 0x6f, 0x97,
+    0xee, 0x96, 0xdf, 0xfb, 0x60, 0xd8, 0xa2, 0x29, 0x1e, 0x77, 0xf5, 0x97,
+    0xd8, 0x37, 0x82, 0xcb, 0xfd, 0x81, 0x9f, 0x0b, 0x37, 0x16, 0x5e, 0xd0,
+    0xb7, 0x56, 0x56, 0xc0, 0x8c, 0x00, 0xb1, 0x28, 0x2d, 0x90, 0x88, 0xd6,
+    0xff, 0xfd, 0xb1, 0x13, 0xfe, 0x70, 0xa0, 0x79, 0xc2, 0x1a, 0xcb, 0xe2,
+    0xc6, 0x02, 0xcb, 0xed, 0x84, 0x03, 0x65, 0x65, 0xf9, 0xb4, 0x00, 0x4a,
+    0xcb, 0x9a, 0x35, 0x94, 0x14, 0x46, 0xe8, 0x55, 0x5b, 0x63, 0x20, 0x81,
+    0x4f, 0xc9, 0xef, 0x3e, 0x79, 0x65, 0xff, 0x3f, 0xfb, 0x87, 0xf3, 0x46,
+    0xac, 0xbf, 0xf3, 0x77, 0xc2, 0xc1, 0xce, 0x69, 0x65, 0xcc, 0x05, 0x95,
+    0xb1, 0x22, 0xa4, 0x2d, 0x0d, 0x80, 0xec, 0x8f, 0x6f, 0x6c, 0x01, 0x7d,
+    0x89, 0x65, 0xff, 0xe0, 0xa4, 0x41, 0x5d, 0x84, 0x40, 0x0b, 0x5b, 0x76,
+    0xfb, 0x65, 0x65, 0x05, 0x88, 0x93, 0x01, 0x5d, 0xff, 0xa6, 0x66, 0x66,
+    0x67, 0xbe, 0x2c, 0xbd, 0x14, 0xfd, 0x65, 0xd3, 0x32, 0x7b, 0x11, 0x1d,
+    0xdf, 0xfe, 0xf4, 0xc5, 0xdf, 0x33, 0xbd, 0xc9, 0x92, 0x59, 0x79, 0xbb,
+    0xc5, 0x97, 0xed, 0x34, 0x6e, 0x74, 0x97, 0x18, 0x62, 0x4a, 0xc3, 0xc1,
+    0x30, 0xa2, 0xc2, 0x48, 0x10, 0xd1, 0x5e, 0xf6, 0x74, 0xb2, 0xa5, 0x33,
+    0x9f, 0x16, 0x01, 0x3b, 0x8f, 0xe1, 0x91, 0xdf, 0x85, 0xb3, 0x22, 0xed,
+    0x65, 0xc2, 0x82, 0xcb, 0xff, 0x4f, 0xb0, 0x18, 0x3f, 0x3c, 0x16, 0x5f,
+    0x39, 0x4e, 0xea, 0xcb, 0xfa, 0x12, 0x79, 0xd6, 0x96, 0x56, 0x23, 0x43,
+    0x70, 0xb3, 0x42, 0xee, 0x7a, 0x22, 0x3b, 0xff, 0xfb, 0xec, 0x7c, 0x2f,
+    0xf2, 0x4d, 0xe0, 0x87, 0xe6, 0x59, 0x7f, 0x43, 0x6f, 0x18, 0x5a, 0x59,
+    0x7f, 0xd3, 0xc7, 0xd3, 0x7f, 0x98, 0xb2, 0xbb, 0x3e, 0x70, 0x18, 0x5f,
+    0xfe, 0x76, 0x2c, 0x06, 0xd9, 0xd4, 0x73, 0xf5, 0x97, 0xfe, 0xdd, 0x6d,
+    0xcf, 0x45, 0x3b, 0x8e, 0x75, 0x97, 0xfe, 0xc3, 0xcf, 0x39, 0x90, 0xd9,
+    0xc5, 0x94, 0x34, 0x69, 0x79, 0x28, 0x92, 0x2f, 0xc7, 0x73, 0xe0, 0xd6,
+    0x5f, 0xf7, 0xfa, 0xf3, 0x11, 0x4f, 0x6b, 0x2a, 0x4f, 0x81, 0xc9, 0xef,
+    0xfd, 0x31, 0xcf, 0x1b, 0x67, 0x35, 0x2b, 0x2b, 0x6a, 0xaa, 0x6c, 0x86,
+    0x13, 0x43, 0xd7, 0xd0, 0x8f, 0x22, 0x0b, 0xfe, 0x29, 0xdb, 0x14, 0x27,
+    0x51, 0xac, 0xbf, 0xd8, 0x36, 0xdf, 0xc0, 0x74, 0xb2, 0xff, 0xff, 0xd9,
+    0xbd, 0xbf, 0x0c, 0x07, 0x0b, 0x01, 0xa9, 0x8d, 0xf5, 0xd2, 0xcb, 0xa6,
+    0x0e, 0x8a, 0x4e, 0x1b, 0x5e, 0xc8, 0xe5, 0x65, 0xff, 0xf6, 0x03, 0x3f,
+    0xc6, 0xde, 0x59, 0xff, 0x32, 0xcb, 0xbf, 0xcc, 0x3e, 0xb2, 0x1c, 0xbf,
+    0xff, 0x98, 0xed, 0xa1, 0xc8, 0xf1, 0xa0, 0xfc, 0xc1, 0x2c, 0xa3, 0xa7,
+    0xf9, 0xe8, 0x70, 0x14, 0x26, 0x3e, 0x59, 0x7d, 0xc1, 0xfc, 0x4b, 0x2f,
+    0xff, 0xfe, 0xdf, 0x3a, 0xc1, 0x93, 0xe8, 0xd7, 0xf8, 0xbe, 0xdf, 0xe7,
+    0x99, 0x65, 0xfe, 0xd0, 0x88, 0x5f, 0x17, 0xd6, 0x5e, 0xf4, 0x92, 0xca,
+    0x63, 0xcf, 0xf9, 0xa5, 0xf6, 0x83, 0xff, 0x16, 0x54, 0x9e, 0x2e, 0x10,
+    0xdf, 0xe9, 0x88, 0xa4, 0xe2, 0x8d, 0x65, 0xf9, 0xf8, 0xc7, 0x12, 0xca,
+    0x39, 0xed, 0xf8, 0xd2, 0xe3, 0x4c, 0x59, 0x7f, 0xfe, 0x84, 0x91, 0x4c,
+    0x66, 0x3c, 0x7e, 0x69, 0x25, 0x95, 0x2a, 0x9e, 0xfa, 0x47, 0x62, 0x3f,
+    0x46, 0x0e, 0xef, 0x7f, 0x22, 0x10, 0xcd, 0xf3, 0x46, 0xe7, 0x59, 0x78,
+    0x9a, 0x56, 0x5f, 0xb3, 0x9e, 0x9e, 0x2c, 0xbf, 0x48, 0x67, 0xf3, 0x2c,
+    0xa1, 0xa2, 0x2f, 0x44, 0x47, 0x1a, 0x22, 0x7b, 0xff, 0x7a, 0x7b, 0x86,
+    0x1d, 0xa7, 0x71, 0x65, 0xf6, 0xf8, 0x1e, 0x56, 0x5f, 0x9e, 0x39, 0x7e,
+    0x96, 0x5f, 0x4f, 0x24, 0xeb, 0x2f, 0xf4, 0xc6, 0x42, 0xce, 0xfe, 0xb2,
+    0xc1, 0xed, 0x3d, 0x5f, 0x10, 0xd4, 0xa6, 0x1b, 0x88, 0x3e, 0x24, 0x77,
+    0xdb, 0xfa, 0x1c, 0xfe, 0x11, 0xab, 0x2f, 0xb8, 0xf0, 0xdc, 0x59, 0x7f,
+    0xe8, 0x72, 0x61, 0x20, 0xe6, 0x6f, 0x59, 0x7a, 0x46, 0xcb, 0x2f, 0xf6,
+    0x83, 0xff, 0x23, 0xc3, 0x16, 0x5f, 0xfd, 0x3d, 0x66, 0xb3, 0xcd, 0xaf,
+    0x3a, 0xcb, 0xff, 0xcd, 0xcc, 0x1e, 0xa4, 0x5f, 0x26, 0xde, 0xb2, 0xe7,
+    0x31, 0x65, 0x74, 0x7c, 0x26, 0x25, 0x5f, 0xfd, 0x3a, 0x87, 0x5e, 0x68,
+    0x89, 0xcc, 0x59, 0x7f, 0xf6, 0x9e, 0x31, 0xfa, 0x79, 0xf1, 0x79, 0x65,
+    0x71, 0x11, 0x9f, 0x46, 0xbd, 0xf6, 0x89, 0x65, 0x8f, 0x04, 0xf9, 0xb0,
+    0x6f, 0x46, 0xfe, 0x85, 0x27, 0x21, 0x61, 0xf2, 0x3b, 0xe9, 0x3c, 0xf9,
+    0x65, 0xfa, 0x4c, 0x1e, 0x1d, 0x65, 0x9a, 0x07, 0x92, 0x19, 0x0d, 0x4a,
+    0xaf, 0xec, 0x94, 0x4d, 0xe8, 0x58, 0x5f, 0xce, 0x07, 0xe9, 0xf4, 0xb2,
+    0xfe, 0x93, 0x83, 0x33, 0x71, 0x65, 0xff, 0xf0, 0x88, 0xa4, 0xd3, 0xfa,
+    0x7b, 0xfc, 0xf9, 0x65, 0xff, 0xfc, 0x5f, 0xe0, 0xa7, 0xd2, 0x72, 0xc0,
+    0x1e, 0x60, 0xb2, 0xf0, 0xdf, 0xcb, 0x2f, 0xfa, 0x7d, 0x3d, 0xc2, 0x13,
+    0x1a, 0xcb, 0xee, 0xbc, 0xda, 0x59, 0x7f, 0x6e, 0x16, 0x47, 0x86, 0x2c,
+    0xa9, 0x4c, 0x0f, 0x16, 0x74, 0x38, 0xe7, 0x42, 0x23, 0xbf, 0xfd, 0xe6,
+    0x38, 0xe7, 0x6e, 0xc8, 0xbc, 0xda, 0x59, 0x7f, 0x7e, 0x7c, 0x53, 0x05,
+    0x95, 0xb4, 0xfe, 0xd9, 0x3e, 0x96, 0x5f, 0xc4, 0xe6, 0xb6, 0xa6, 0x06,
+    0xbb, 0xc4, 0x77, 0xcf, 0xfd, 0x4a, 0xcb, 0xf4, 0xeb, 0x4f, 0x12, 0xcb,
+    0x9b, 0xb5, 0x97, 0xf8, 0x02, 0xc0, 0x1d, 0xe0, 0xb2, 0xec, 0x95, 0x95,
+    0x03, 0xdf, 0xec, 0x5c, 0xe6, 0x75, 0x1a, 0x2d, 0xde, 0x10, 0xf7, 0xff,
+    0xfb, 0xcd, 0xdc, 0x94, 0xf0, 0x7e, 0x9e, 0x31, 0x77, 0x05, 0x97, 0xff,
+    0xfd, 0xe7, 0x1f, 0x98, 0x9f, 0xf3, 0x13, 0x1a, 0xc5, 0x9b, 0xd6, 0x5f,
+    0xf3, 0x7f, 0x35, 0xa1, 0x47, 0xbd, 0x65, 0xff, 0x73, 0x3e, 0x3c, 0xc0,
+    0x71, 0x65, 0x78, 0xfd, 0x3e, 0x79, 0x7f, 0xcd, 0xfc, 0xd6, 0x85, 0x1e,
+    0xf5, 0x97, 0x08, 0xb6, 0x9e, 0xf7, 0x88, 0xaa, 0x53, 0xc7, 0xc6, 0x0e,
+    0x46, 0x71, 0x50, 0x64, 0x9e, 0x8e, 0x59, 0x1e, 0x1e, 0x1a, 0x5b, 0xd1,
+    0x7e, 0xa3, 0x53, 0xf4, 0x3c, 0x40, 0x84, 0x50, 0xd8, 0xe4, 0x7d, 0xf7,
+    0xc7, 0x61, 0xca, 0xcb, 0xf9, 0xbd, 0xad, 0x34, 0x6b, 0x2a, 0x4f, 0x3f,
+    0xc4, 0x37, 0x19, 0xf5, 0x97, 0xff, 0x33, 0x7a, 0x2c, 0xfc, 0xfe, 0x46,
+    0xb2, 0xf8, 0x33, 0x43, 0x35, 0x65, 0xa5, 0x65, 0xff, 0xf4, 0xf7, 0x07,
+    0x20, 0x6d, 0x03, 0x69, 0x8d, 0x59, 0x52, 0x8e, 0x48, 0x86, 0x0c, 0x43,
+    0xd9, 0x27, 0xdd, 0x10, 0xbf, 0xd3, 0xdc, 0x5e, 0x92, 0x35, 0x65, 0xc5,
+    0x12, 0xcb, 0xdc, 0xf3, 0x2c, 0xa3, 0x9b, 0x3f, 0x8b, 0xdf, 0x46, 0x76,
+    0x82, 0xcb, 0xe9, 0x00, 0x67, 0x59, 0x7c, 0x42, 0x78, 0x2c, 0xae, 0x8f,
+    0x13, 0x84, 0x77, 0xf4, 0x9c, 0x20, 0x01, 0x2b, 0x2f, 0x05, 0xe7, 0xeb,
+    0x2f, 0xe3, 0xce, 0x17, 0xf8, 0xb2, 0xbc, 0x7f, 0x62, 0x2f, 0xdd, 0x20,
+    0xa9, 0x4c, 0xdf, 0x19, 0xda, 0x13, 0xd7, 0xe6, 0xf7, 0xf3, 0xa5, 0x97,
+    0xb0, 0x80, 0xb2, 0xa2, 0x3c, 0x3d, 0xd2, 0x8a, 0x95, 0x4b, 0x98, 0xd1,
+    0xa8, 0xd6, 0x1d, 0xda, 0xff, 0x0c, 0x39, 0xdc, 0xf0, 0xb8, 0xb2, 0xfd,
+    0xba, 0xc7, 0xcf, 0xac, 0xbf, 0x7f, 0x3e, 0x52, 0xb2, 0xbb, 0x44, 0x41,
+    0xce, 0x08, 0xaa, 0xf0, 0x9f, 0x8b, 0x2e, 0x93, 0x16, 0x56, 0x8d, 0x9f,
+    0x07, 0x2e, 0x7f, 0x2c, 0xba, 0x29, 0x59, 0x74, 0xfd, 0x65, 0x49, 0xad,
+    0x34, 0x5e, 0xf8, 0x78, 0x50, 0x59, 0x7e, 0xc6, 0x87, 0xa5, 0x65, 0xd1,
+    0x7d, 0x8f, 0x1f, 0xc4, 0x37, 0xff, 0xe1, 0xfa, 0x74, 0xc0, 0x90, 0xe6,
+    0x22, 0x93, 0xac, 0xbf, 0xc6, 0xc9, 0x7f, 0x8f, 0xe5, 0x95, 0x28, 0xb6,
+    0x62, 0xe7, 0x55, 0xbf, 0x16, 0x39, 0x46, 0xb2, 0xa5, 0x51, 0xc6, 0x31,
+    0xb1, 0x0b, 0xa1, 0x94, 0x63, 0xdc, 0x2d, 0xbc, 0xf9, 0xa5, 0x97, 0xfd,
+    0x9c, 0x91, 0xf2, 0x58, 0x6b, 0x2f, 0xe9, 0x8f, 0x53, 0x83, 0x59, 0x7f,
+    0xec, 0x3f, 0x3d, 0x3d, 0xfe, 0x7c, 0xb2, 0xfe, 0xf4, 0xff, 0xf2, 0x75,
+    0x97, 0xff, 0xf6, 0xb0, 0x7c, 0x21, 0x64, 0x04, 0xe3, 0xe6, 0x69, 0x65,
+    0x0d, 0x10, 0xec, 0x5b, 0x5a, 0x4d, 0x9c, 0xe3, 0x7e, 0x37, 0xf9, 0x68,
+    0x70, 0xc6, 0xbe, 0x29, 0x3f, 0x16, 0x5e, 0x3b, 0xf6, 0xb3, 0xe6, 0x86,
+    0xef, 0xf4, 0xb2, 0xf9, 0xb4, 0x0e, 0x2c, 0xac, 0x3e, 0x7d, 0x16, 0xfc,
+    0x62, 0xfe, 0x29, 0xda, 0x00, 0x4a, 0xcb, 0xe7, 0x04, 0xc1, 0x65, 0xfd,
+    0x0f, 0x03, 0x78, 0x57, 0x62, 0x59, 0x7f, 0x39, 0x4f, 0xbd, 0x2b, 0x2f,
+    0xf4, 0xe9, 0xe6, 0x13, 0x05, 0x97, 0x08, 0x96, 0x5d, 0x9d, 0x2c, 0xba,
+    0x61, 0xe3, 0x5b, 0xf1, 0x6a, 0xed, 0x1d, 0xf1, 0x1d, 0x68, 0xac, 0x97,
+    0xaf, 0xff, 0x8b, 0x37, 0xf4, 0xfa, 0x8d, 0xfe, 0xfd, 0x81, 0x65, 0xfe,
+    0xc1, 0xb7, 0x0c, 0x7d, 0x2c, 0xa9, 0x56, 0x12, 0x38, 0x6c, 0xe1, 0x77,
+    0x45, 0xcd, 0x18, 0x83, 0x9f, 0x7d, 0x4e, 0xff, 0x13, 0xc7, 0xdc, 0x27,
+    0x75, 0x65, 0xf8, 0x13, 0x9d, 0xc1, 0x65, 0xfe, 0xe7, 0x9c, 0x3f, 0x4c,
+    0x16, 0x54, 0x68, 0x93, 0xe8, 0xdf, 0xb2, 0x8b, 0xb2, 0x25, 0x97, 0xfe,
+    0x21, 0x60, 0xc9, 0xe1, 0x84, 0xb2, 0xff, 0xcf, 0xdf, 0xa5, 0x80, 0xff,
+    0x12, 0xcb, 0xff, 0xfd, 0x2d, 0x07, 0xe7, 0x27, 0x0a, 0x61, 0x87, 0x7e,
+    0xd6, 0x5b, 0x0e, 0x89, 0xbf, 0x9f, 0x56, 0x26, 0x2a, 0xe2, 0xfc, 0x86,
+    0xb5, 0xfb, 0x23, 0xce, 0xe0, 0xb2, 0xff, 0xfb, 0xd2, 0x76, 0xd3, 0x6e,
+    0xc8, 0x71, 0xe1, 0x8b, 0x2f, 0xd3, 0x03, 0xb7, 0xd6, 0x5f, 0xfb, 0x07,
+    0x21, 0x9c, 0xa7, 0xb8, 0x2c, 0xbf, 0xb0, 0x5d, 0x07, 0x9d, 0xac, 0xa1,
+    0xa6, 0x27, 0x11, 0x49, 0xd5, 0x38, 0x4f, 0xbc, 0xfe, 0xff, 0xcd, 0xa9,
+    0xe0, 0x64, 0x53, 0xa5, 0x97, 0xfa, 0x62, 0x17, 0x65, 0x31, 0x2c, 0xbf,
+    0xe9, 0x81, 0x3f, 0xe0, 0xdb, 0xd6, 0x5e, 0x0e, 0x40, 0xb2, 0x8e, 0x88,
+    0xbf, 0x1a, 0xf0, 0xe6, 0xdb, 0x8b, 0x2f, 0xfb, 0x22, 0x29, 0x8f, 0x93,
+    0xd2, 0xcb, 0xa1, 0x8b, 0x2b, 0xc7, 0xa1, 0xf3, 0xab, 0xb9, 0x8b, 0x2f,
+    0xd3, 0x13, 0x4f, 0x16, 0x5f, 0xfd, 0xc9, 0xd7, 0x5f, 0x2c, 0x8d, 0xc9,
+    0x65, 0xff, 0xbf, 0xec, 0xde, 0xe4, 0x3c, 0x02, 0xcb, 0x79, 0x65, 0x4a,
+    0xa9, 0xd8, 0xd3, 0xb2, 0x19, 0x0c, 0x60, 0xec, 0x80, 0x22, 0x21, 0x6f,
+    0x93, 0x89, 0x10, 0xc3, 0xfb, 0xbe, 0x75, 0x97, 0xf3, 0xe6, 0x80, 0x09,
+    0x59, 0x7e, 0xcf, 0x33, 0xc1, 0x65, 0xf7, 0x3b, 0x2d, 0x2c, 0xbf, 0xda,
+    0xcf, 0x31, 0x49, 0xd6, 0x5f, 0xff, 0x63, 0x16, 0x45, 0x31, 0xbc, 0x67,
+    0x68, 0xd6, 0x54, 0xa2, 0x07, 0x86, 0x35, 0x29, 0x97, 0xb8, 0xbf, 0x0b,
+    0x3e, 0x4c, 0x28, 0x52, 0x5f, 0xf7, 0xdf, 0x99, 0xef, 0x31, 0xd6, 0x5d,
+    0xee, 0x2c, 0xbf, 0xec, 0xe6, 0x30, 0xdd, 0xa3, 0x59, 0x7f, 0xe2, 0x70,
+    0x61, 0x7f, 0x8f, 0x05, 0x95, 0x28, 0xc2, 0x34, 0xe3, 0x42, 0xff, 0x37,
+    0xbf, 0x14, 0xc7, 0x31, 0xac, 0xa1, 0x9f, 0x2c, 0x47, 0xb7, 0xf0, 0xe5,
+    0xf4, 0x01, 0x2c, 0xbb, 0x3c, 0xb2, 0xa3, 0x3c, 0x3d, 0xe5, 0xb7, 0xf6,
+    0x0c, 0x0c, 0x5f, 0x59, 0x7f, 0xfd, 0x8c, 0x76, 0x03, 0xfc, 0xb2, 0x3d,
+    0x4a, 0xcb, 0xde, 0xfb, 0x2c, 0xbf, 0xb7, 0x33, 0x79, 0x64, 0x16, 0x5c,
+    0xd1, 0x2c, 0xa6, 0x3c, 0x8f, 0x98, 0xde, 0xf7, 0xa5, 0x65, 0xfc, 0x6b,
+    0xc3, 0x8c, 0x35, 0x95, 0x87, 0x94, 0xc3, 0x95, 0x29, 0xf9, 0xe3, 0x36,
+    0x89, 0x7c, 0x58, 0xe9, 0xbc, 0x64, 0xfb, 0x5d, 0xc2, 0x82, 0xcb, 0xfb,
+    0xcd, 0xad, 0x67, 0xd6, 0x5f, 0xf1, 0x36, 0xf9, 0x22, 0xcf, 0xac, 0xa8,
+    0xcf, 0xef, 0xa1, 0x7f, 0x96, 0xdf, 0x39, 0xe7, 0x71, 0x65, 0xe1, 0xcc,
+    0x16, 0x5c, 0xdc, 0xf1, 0xe0, 0x08, 0x92, 0xff, 0xf4, 0x50, 0x6d, 0xf3,
+    0xac, 0x68, 0x0b, 0x4b, 0x2b, 0x47, 0xf2, 0xe5, 0xb7, 0x3c, 0x16, 0x5f,
+    0x8b, 0xfb, 0x32, 0x75, 0x94, 0xe7, 0x80, 0x21, 0x6b, 0xed, 0xc6, 0x33,
+    0xa5, 0x96, 0x82, 0xcb, 0xff, 0x4f, 0x84, 0xe1, 0xe6, 0xf7, 0xd2, 0xca,
+    0x63, 0xd1, 0xe0, 0x8d, 0x4a, 0x26, 0x7e, 0xf1, 0x7c, 0x64, 0x94, 0xac,
+    0xbf, 0xc7, 0xe3, 0x6c, 0xe6, 0xa5, 0x65, 0x49, 0xeb, 0x61, 0x0d, 0x6c,
+    0x27, 0x63, 0x81, 0x31, 0xdc, 0xc7, 0x18, 0xdc, 0x25, 0x78, 0x8e, 0x73,
+    0x47, 0x21, 0xeb, 0xd4, 0x69, 0x3d, 0x9d, 0xb5, 0x25, 0xaf, 0x72, 0x1f,
+    0x71, 0x46, 0x0b, 0xa9, 0x55, 0xa7, 0x96, 0x05, 0xe9, 0xcc, 0xa7, 0x8c,
+    0x04, 0x11, 0xa4, 0x14, 0xbe, 0x4e, 0x47, 0x7d, 0xf9, 0x6d, 0x02, 0x86,
+    0xee, 0xf8, 0x75, 0x6c, 0xb0, 0x87, 0x0b, 0xad, 0xd7, 0x8b, 0x32, 0xcb,
+    0xb6, 0x81, 0x65, 0x6d, 0x35, 0x3c, 0x10, 0xb8, 0xdf, 0xac, 0xbf, 0xff,
+    0xe0, 0xb3, 0x63, 0x9c, 0x0b, 0x7a, 0xd8, 0xf6, 0x1e, 0xfd, 0xc0, 0xb4,
+    0x2d, 0xbb, 0x7d, 0xb2, 0xb2, 0xfe, 0x07, 0x22, 0x29, 0x1a, 0xcb, 0xfe,
+    0xdf, 0x83, 0xef, 0xe5, 0x80, 0x59, 0x68, 0x49, 0xf4, 0xb1, 0x75, 0xe8,
+    0x83, 0x3a, 0xcb, 0xfe, 0xcf, 0xf3, 0x3f, 0xec, 0x02, 0xcb, 0xfd, 0xb6,
+    0x76, 0x9d, 0x8b, 0xeb, 0x2f, 0xf3, 0x1a, 0xe5, 0xfc, 0x25, 0x97, 0xf9,
+    0xcd, 0x6e, 0x71, 0xd9, 0x65, 0x62, 0x62, 0xce, 0x4c, 0x43, 0xfc, 0x38,
+    0xf9, 0xb6, 0xf3, 0x1b, 0x9c, 0x96, 0x56, 0x8f, 0xb0, 0xea, 0xf7, 0xd3,
+    0xfc, 0x3a, 0xcb, 0xf7, 0xe4, 0x98, 0x0b, 0x2e, 0xef, 0xb5, 0x97, 0x6d,
+    0xe2, 0xcb, 0xf6, 0x85, 0xbc, 0x06, 0x2c, 0xb8, 0xb8, 0xb2, 0xfe, 0xc3,
+    0x1c, 0x07, 0xc5, 0x97, 0xf1, 0x67, 0xc4, 0xe6, 0x2c, 0xad, 0xa9, 0x8a,
+    0xe1, 0x0f, 0x64, 0xc7, 0x19, 0xf0, 0xc8, 0x0b, 0x08, 0x5b, 0x79, 0x6d,
+    0xfb, 0xfc, 0x6e, 0xcc, 0x59, 0x7f, 0xe9, 0x3b, 0x77, 0xc1, 0x44, 0x23,
+    0x56, 0x5f, 0x8b, 0xfe, 0xc8, 0x2c, 0xbb, 0x98, 0xb2, 0x98, 0xde, 0xb9,
+    0x3d, 0xfe, 0x29, 0x33, 0x67, 0x35, 0x2b, 0x2f, 0xfc, 0x26, 0xf7, 0xb3,
+    0x5a, 0x63, 0xac, 0xbc, 0x39, 0xdd, 0x59, 0x7d, 0xe6, 0x7d, 0xc5, 0x94,
+    0x47, 0x87, 0xf1, 0xfa, 0xda, 0x9b, 0xac, 0x1f, 0xc6, 0x3e, 0x73, 0x57,
+    0x84, 0x0d, 0x69, 0x3f, 0x03, 0x23, 0x9f, 0xbe, 0x8e, 0x7f, 0xc5, 0x97,
+    0xa4, 0x1c, 0x59, 0x5a, 0x37, 0xe4, 0x47, 0x7c, 0xfa, 0x78, 0x2c, 0xac,
+    0x3c, 0x12, 0x20, 0xbf, 0x67, 0xf9, 0x20, 0x59, 0x5a, 0x3c, 0x7f, 0x10,
+    0x5e, 0x30, 0xc3, 0x16, 0x5f, 0x46, 0x4d, 0x29, 0x02, 0x1a, 0x0b, 0xfb,
+    0xd3, 0xe2, 0xc3, 0x56, 0x5e, 0x11, 0x7d, 0x65, 0xfc, 0xe5, 0x01, 0xcc,
+    0x6b, 0x2b, 0x0f, 0x27, 0xc3, 0x94, 0x34, 0x4b, 0xee, 0x3b, 0x5f, 0xff,
+    0x8c, 0x83, 0x7e, 0x12, 0x40, 0x72, 0x6e, 0xe0, 0xb2, 0xf9, 0xff, 0x23,
+    0x59, 0x7b, 0x0b, 0xa5, 0x97, 0x77, 0x05, 0x97, 0xf8, 0xd9, 0xff, 0x3c,
+    0xe2, 0x59, 0x71, 0xe5, 0x65, 0xf9, 0xa3, 0xce, 0xfe, 0xb2, 0xff, 0x3f,
+    0x8b, 0x37, 0xbf, 0x4b, 0x2c, 0x05, 0x96, 0xe9, 0x65, 0xf8, 0x3d, 0x60,
+    0x86, 0xb2, 0xb0, 0xf3, 0x18, 0x47, 0x82, 0x55, 0x29, 0x9c, 0x1a, 0x30,
+    0xc6, 0x87, 0x16, 0x22, 0x9f, 0xc2, 0x02, 0xff, 0xa1, 0xdf, 0x1b, 0x5d,
+    0x7b, 0x16, 0x5f, 0x8d, 0x7e, 0x6f, 0x82, 0xca, 0xed, 0x18, 0x3a, 0x5b,
+    0xf9, 0xdd, 0xf9, 0xca, 0x0c, 0x75, 0x97, 0xb0, 0x5b, 0x2b, 0x2b, 0x6b,
+    0x2d, 0xf4, 0x2a, 0x47, 0xb0, 0xc6, 0x26, 0x54, 0x08, 0xe3, 0x37, 0xc9,
+    0x4c, 0xad, 0x0f, 0x2f, 0x21, 0x3c, 0x32, 0x80, 0x4c, 0x4a, 0xbc, 0x21,
+    0x14, 0xa1, 0x5d, 0xe6, 0x3b, 0x24, 0xd7, 0xb6, 0x2d, 0x84, 0x14, 0x59,
+    0x7f, 0xde, 0x78, 0x8a, 0x73, 0x50, 0x59, 0x7f, 0xe7, 0x20, 0xe2, 0xe3,
+    0x17, 0x70, 0x59, 0x7f, 0xe3, 0x33, 0x84, 0xd3, 0xac, 0x8d, 0x65, 0x6e,
+    0x22, 0xd8, 0x47, 0x1b, 0xd0, 0x2f, 0x85, 0x1c, 0xc4, 0xb2, 0xff, 0xff,
+    0xff, 0xb6, 0xfb, 0x3b, 0x87, 0x8f, 0xb7, 0xaf, 0x0b, 0xff, 0xc2, 0xf6,
+    0x7e, 0x47, 0xb7, 0x6f, 0xb6, 0x56, 0x54, 0xa3, 0x1f, 0x70, 0x92, 0xfc,
+    0x53, 0xa7, 0xe2, 0xcb, 0xfe, 0x1e, 0x08, 0x2e, 0xde, 0x73, 0xac, 0xbf,
+    0x49, 0xcb, 0x22, 0x59, 0x86, 0xf2, 0xfd, 0xcc, 0xf3, 0x79, 0x65, 0xed,
+    0x4e, 0xf5, 0x97, 0xb7, 0xe0, 0xd6, 0x5f, 0xde, 0x69, 0x21, 0x4a, 0xcb,
+    0xfd, 0x3b, 0x86, 0xe7, 0x1f, 0x71, 0x65, 0x1a, 0x7c, 0x9e, 0x2b, 0xbf,
+    0x60, 0xc3, 0x07, 0x16, 0x5f, 0x71, 0xca, 0x0b, 0x2f, 0xff, 0xff, 0xfb,
+    0x42, 0xd6, 0x75, 0x9a, 0xd3, 0xc3, 0x3f, 0x3f, 0xe7, 0x04, 0xe7, 0x0f,
+    0xcf, 0xe9, 0x59, 0x5b, 0x53, 0xa2, 0xf0, 0xf3, 0xc2, 0x08, 0x88, 0xf8,
+    0x53, 0xba, 0x43, 0x7d, 0xbd, 0xfc, 0xcb, 0x2f, 0xf6, 0x71, 0xdf, 0xb8,
+    0x32, 0xcb, 0xd2, 0x1f, 0x96, 0x54, 0x9f, 0x94, 0x64, 0x7e, 0x32, 0xbf,
+    0x3c, 0x5c, 0x9e, 0xd6, 0x56, 0xd5, 0x71, 0x63, 0x62, 0x01, 0xb7, 0x23,
+    0xc9, 0xfc, 0x34, 0xb7, 0x97, 0xdf, 0xd3, 0x0f, 0x4e, 0xf6, 0x59, 0x7e,
+    0xc3, 0xc6, 0xfb, 0x8b, 0x2f, 0x78, 0x3e, 0x2c, 0xbf, 0xcd, 0x09, 0x07,
+    0xa1, 0x2b, 0x2f, 0x84, 0x52, 0x75, 0x97, 0x9d, 0xce, 0xb2, 0x8e, 0x6f,
+    0x3c, 0x43, 0x61, 0xac, 0xb9, 0xf8, 0xb2, 0xda, 0x39, 0xa7, 0x10, 0x8d,
+    0x49, 0xf7, 0xba, 0x45, 0xd0, 0xfa, 0xcb, 0xe8, 0xa7, 0xee, 0xb2, 0xf8,
+    0x40, 0xc2, 0xe8, 0xdc, 0x88, 0x5e, 0xd0, 0x59, 0x51, 0x9e, 0x4f, 0x8e,
+    0x2f, 0xfe, 0x9f, 0x06, 0x3f, 0xb6, 0x45, 0x27, 0x59, 0x7f, 0xf7, 0x44,
+    0xff, 0x9c, 0x31, 0xc9, 0xd6, 0x5e, 0x92, 0x35, 0x65, 0xff, 0xbe, 0xc6,
+    0x75, 0xe6, 0xde, 0xc3, 0x59, 0x7f, 0xb5, 0x0f, 0x66, 0xf9, 0x3a, 0xca,
+    0x59, 0x77, 0x31, 0x65, 0x85, 0x03, 0x42, 0x17, 0x0b, 0xa9, 0x4c, 0x87,
+    0xa4, 0x2e, 0xc7, 0x19, 0x09, 0xd5, 0xaf, 0xcf, 0x0e, 0x36, 0xf5, 0x97,
+    0xd9, 0xa9, 0x1a, 0xcb, 0xe8, 0xbd, 0x91, 0x2c, 0xbd, 0x9a, 0xcd, 0xa7,
+    0x8a, 0xe4, 0x37, 0x8e, 0x2d, 0xeb, 0x2f, 0xec, 0x87, 0x70, 0xcf, 0xac,
+    0xb7, 0xe0, 0x88, 0x0c, 0x33, 0xf0, 0xfd, 0xcd, 0xd2, 0xcb, 0xf1, 0xf6,
+    0x3d, 0xdd, 0xc1, 0xac, 0xa0, 0x1e, 0x58, 0x85, 0xef, 0x7c, 0x47, 0x59,
+    0x7d, 0xdc, 0x3c, 0xcb, 0x2a, 0x4f, 0x01, 0xc7, 0x6f, 0xef, 0xce, 0xf6,
+    0x20, 0x2c, 0xa5, 0x44, 0x1c, 0xbf, 0x9e, 0x30, 0x39, 0x0d, 0x15, 0x83,
+    0x56, 0xe6, 0x22, 0x07, 0xa2, 0xed, 0x91, 0x8a, 0x3a, 0x36, 0xbf, 0x0a,
+    0x1b, 0xfe, 0x6c, 0xff, 0x35, 0x83, 0xc5, 0x97, 0xf7, 0x9c, 0xe5, 0x3d,
+    0xac, 0xbe, 0x3f, 0x1e, 0x1e, 0x3e, 0x40, 0xcd, 0xef, 0xe0, 0x78, 0xb3,
+    0xfc, 0x59, 0x7f, 0x16, 0x6f, 0x2c, 0xe2, 0xcb, 0x4e, 0x8f, 0x6b, 0xe5,
+    0xb5, 0x29, 0xa3, 0xe4, 0x23, 0x39, 0x09, 0x4b, 0x71, 0x65, 0xfb, 0xd3,
+    0xb8, 0x28, 0x2c, 0xa9, 0x37, 0x8e, 0x23, 0x7c, 0xff, 0xc3, 0x16, 0x54,
+    0x19, 0x0e, 0x03, 0x2e, 0xc2, 0xb3, 0x47, 0xba, 0x86, 0xee, 0xa1, 0x44,
+    0x72, 0x3f, 0x46, 0xcc, 0x04, 0xa2, 0x87, 0x77, 0x21, 0x01, 0xf9, 0x50,
+    0x7b, 0xdd, 0x76, 0x47, 0xef, 0xe8, 0x16, 0x77, 0xfc, 0x59, 0x7a, 0x1f,
+    0x8d, 0x65, 0xff, 0xe2, 0xcf, 0x63, 0xf5, 0xe9, 0x21, 0x0d, 0x65, 0xff,
+    0xe0, 0x4f, 0x79, 0x18, 0xdd, 0xfa, 0x71, 0xac, 0xb0, 0x7d, 0x22, 0x4c,
+    0x09, 0x15, 0x29, 0x84, 0x8c, 0xb7, 0x50, 0xb1, 0xbf, 0x8b, 0xf0, 0xcd,
+    0x62, 0xcb, 0xf3, 0xbc, 0x78, 0x4b, 0x2e, 0xd9, 0x75, 0x94, 0xe7, 0xd7,
+    0xf2, 0xc0, 0xc9, 0xaf, 0xf6, 0xa3, 0xe3, 0xf5, 0xac, 0x59, 0x7f, 0xbd,
+    0x3e, 0x63, 0x70, 0xc5, 0x97, 0xf6, 0x74, 0xfe, 0x9f, 0x2c, 0xa8, 0x1f,
+    0x0f, 0x8d, 0x2f, 0xfe, 0x76, 0xfc, 0x97, 0x59, 0xff, 0x32, 0xcb, 0xf8,
+    0x98, 0x1c, 0xf3, 0x2c, 0xbb, 0x43, 0x59, 0x71, 0x86, 0x2c, 0xa8, 0x1b,
+    0x03, 0x05, 0xef, 0x4b, 0x6f, 0x48, 0x10, 0xd1, 0x5f, 0xf3, 0x13, 0x03,
+    0x99, 0xe7, 0x59, 0x7f, 0x16, 0x19, 0x84, 0x35, 0x95, 0x89, 0xb9, 0xf8,
+    0x89, 0xd0, 0xb8, 0xfd, 0xf2, 0xf0, 0xcd, 0xaf, 0xe9, 0x2f, 0xfb, 0x20,
+    0xb2, 0xe0, 0x71, 0x65, 0xfc, 0xde, 0x63, 0x4d, 0x95, 0x96, 0x0c, 0x67,
+    0x8b, 0xf1, 0x7a, 0xd2, 0x26, 0xb8, 0xe3, 0x7c, 0x42, 0x70, 0xd6, 0x54,
+    0xab, 0x3f, 0x69, 0x41, 0x21, 0xc3, 0xc7, 0x74, 0x8e, 0xee, 0x7d, 0x65,
+    0xe6, 0x27, 0x59, 0x68, 0xd6, 0x5b, 0x20, 0x6b, 0x08, 0x6a, 0xff, 0xa4,
+    0xfb, 0x73, 0x51, 0xb4, 0x6b, 0x2b, 0xa4, 0x52, 0x6e, 0x21, 0x91, 0x2d,
+    0xef, 0x4c, 0xac, 0xbf, 0x8f, 0x83, 0x92, 0xe9, 0x65, 0x1c, 0xf2, 0x03,
+    0x1b, 0xbc, 0x61, 0x86, 0x24, 0xa4, 0x81, 0x0d, 0x05, 0xf3, 0x18, 0xd1,
+    0x24, 0xae, 0x8f, 0x01, 0x87, 0x6f, 0xb5, 0x3b, 0xf1, 0x65, 0xe8, 0xb3,
+    0xcb, 0x2b, 0x0f, 0x01, 0xc8, 0xef, 0xb3, 0xe2, 0x75, 0x97, 0x60, 0x5d,
+    0x65, 0x6c, 0x0d, 0xb8, 0x94, 0xc3, 0x8a, 0x38, 0x7e, 0x64, 0xbb, 0x06,
+    0xa4, 0x6c, 0x6a, 0x3f, 0x23, 0xc2, 0x83, 0xd2, 0xdb, 0x9e, 0x1e, 0x20,
+    0x7b, 0x28, 0x41, 0xf1, 0x8b, 0xe4, 0x06, 0x10, 0xdf, 0x89, 0xe1, 0x83,
+    0x59, 0x7a, 0x02, 0xc5, 0x97, 0xec, 0xef, 0x93, 0x05, 0x95, 0xa3, 0xc4,
+    0x30, 0x72, 0xff, 0xbd, 0xd3, 0x48, 0x0f, 0x30, 0x59, 0x7f, 0x16, 0x00,
+    0x18, 0x05, 0x97, 0xf6, 0x6a, 0x4a, 0x78, 0xb2, 0xff, 0xff, 0x73, 0x37,
+    0x94, 0xf7, 0x87, 0x7e, 0x66, 0x9f, 0xb3, 0x16, 0x56, 0x22, 0x3b, 0xe5,
+    0x77, 0xef, 0x87, 0xe7, 0x02, 0xca, 0x8c, 0xf2, 0xfb, 0x22, 0xae, 0xd3,
+    0x29, 0x28, 0xc1, 0x6f, 0x13, 0x71, 0x65, 0xe7, 0xce, 0x96, 0x5e, 0x6c,
+    0x8d, 0x65, 0xff, 0xde, 0x31, 0xc7, 0xb4, 0x30, 0x01, 0xb7, 0x56, 0x5f,
+    0xf4, 0x72, 0xfd, 0x03, 0x59, 0xda, 0xca, 0xd2, 0x21, 0xc9, 0x32, 0xf8,
+    0x6e, 0x40, 0x59, 0x7f, 0xce, 0x76, 0xf7, 0x7c, 0x91, 0xac, 0xbf, 0xfa,
+    0x48, 0x05, 0x3d, 0xc5, 0x24, 0x05, 0x95, 0xb5, 0x59, 0x2e, 0x46, 0xc4,
+    0xc5, 0x5a, 0x1b, 0xf0, 0xe3, 0xc2, 0x8c, 0x04, 0x44, 0x43, 0xc3, 0x9b,
+    0xf6, 0xd3, 0xce, 0x7d, 0x65, 0xe0, 0x40, 0x96, 0x54, 0x67, 0x8b, 0x02,
+    0x9b, 0xf4, 0x5b, 0x20, 0xd9, 0xc5, 0x97, 0xbe, 0xfe, 0x59, 0x7e, 0xf9,
+    0x49, 0xf8, 0xb2, 0xa4, 0xf0, 0xfb, 0x1c, 0xbf, 0xf3, 0xeb, 0x9e, 0x6e,
+    0x85, 0xa0, 0x2c, 0xbf, 0xec, 0x8c, 0xf9, 0xdf, 0xe4, 0xeb, 0x2a, 0x4f,
+    0xe8, 0x68, 0x17, 0xed, 0x66, 0xf7, 0xf2, 0xcb, 0x32, 0xcb, 0xfe, 0x73,
+    0x7a, 0xf3, 0x0d, 0xe0, 0xb2, 0xfa, 0x38, 0xdf, 0xb5, 0x96, 0xe3, 0x1f,
+    0x79, 0x08, 0x06, 0x75, 0x7f, 0xff, 0xbd, 0x25, 0x22, 0xeb, 0xef, 0xec,
+    0x3b, 0x7c, 0x02, 0x59, 0x46, 0xa6, 0x58, 0x08, 0x4c, 0x7c, 0xd2, 0xff,
+    0xf1, 0xad, 0xf2, 0xc8, 0x6d, 0xe8, 0xe0, 0x95, 0x97, 0xd9, 0xaf, 0x32,
+    0xcb, 0xff, 0xcf, 0x02, 0xcd, 0xef, 0x14, 0xe7, 0xf8, 0xb2, 0xa4, 0xfa,
+    0xdc, 0x86, 0xdb, 0x2b, 0x2f, 0x86, 0xec, 0x35, 0x95, 0xb0, 0x1b, 0x5c,
+    0x14, 0xbd, 0xbf, 0x09, 0x65, 0xde, 0x65, 0x97, 0xbe, 0x01, 0x2c, 0xbf,
+    0xe6, 0x32, 0x2d, 0xb3, 0xad, 0x62, 0xca, 0x94, 0x46, 0x1a, 0x3a, 0xc2,
+    0xd1, 0x0e, 0xdf, 0xec, 0x8c, 0x3f, 0x7b, 0x37, 0x16, 0x5f, 0xfc, 0x0f,
+    0x66, 0x46, 0xd9, 0xbe, 0x7b, 0x59, 0x52, 0x7f, 0xc6, 0x1c, 0x5f, 0xfd,
+    0x27, 0xd6, 0xa6, 0x3f, 0xbb, 0x9a, 0xb2, 0xe9, 0x31, 0x65, 0x00, 0xf7,
+    0x09, 0x16, 0xff, 0xf8, 0x41, 0x7e, 0x73, 0xaf, 0x37, 0x7f, 0xd6, 0xa5,
+    0x65, 0xff, 0x67, 0x31, 0xa3, 0x3b, 0xee, 0xac, 0xbb, 0xd8, 0xb2, 0xa0,
+    0x7a, 0x3c, 0x3b, 0xa9, 0x46, 0x50, 0xa1, 0x51, 0x78, 0xf3, 0xd2, 0xcb,
+    0xfe, 0x78, 0x70, 0x0f, 0xbf, 0x06, 0xb2, 0xec, 0xf6, 0x1e, 0xbf, 0x87,
+    0x6f, 0xff, 0xcd, 0xaf, 0x0b, 0xce, 0xdf, 0x98, 0x08, 0x78, 0xb2, 0xfd,
+    0xa6, 0x8d, 0xce, 0xb2, 0xe3, 0x0c, 0x59, 0x58, 0x78, 0x26, 0x14, 0x58,
+    0x49, 0x02, 0x1a, 0x2a, 0x3a, 0x36, 0xbd, 0x0b, 0x7b, 0xff, 0xdb, 0xfc,
+    0xd8, 0x5d, 0x79, 0x8f, 0x3d, 0x2c, 0xbf, 0x9c, 0x1d, 0xc3, 0x3e, 0xb2,
+    0xb0, 0xfe, 0x99, 0x32, 0xf4, 0x03, 0x3a, 0xcb, 0xe7, 0xec, 0x63, 0x59,
+    0x7a, 0x41, 0xc5, 0x95, 0x05, 0x44, 0xad, 0x18, 0x37, 0xa1, 0x44, 0xe4,
+    0x1c, 0x1e, 0x11, 0x1d, 0xec, 0x3e, 0xe2, 0xcb, 0xff, 0x3e, 0xfc, 0x0c,
+    0xa7, 0xcd, 0x1a, 0xcb, 0xfd, 0x9c, 0x2c, 0xff, 0x99, 0x65, 0x0d, 0x12,
+    0x1a, 0x1f, 0x24, 0x0b, 0xf9, 0xbc, 0xe4, 0xc7, 0x59, 0x43, 0x64, 0xaa,
+    0xe4, 0x69, 0xac, 0x6f, 0x14, 0x2e, 0x34, 0xaa, 0x78, 0x58, 0xfa, 0x17,
+    0x60, 0x7e, 0x28, 0x75, 0xfe, 0x55, 0x1e, 0xf8, 0x79, 0x6e, 0x97, 0xd2,
+    0xcb, 0xfa, 0x78, 0xdf, 0x29, 0x59, 0x52, 0x6d, 0xbc, 0x17, 0x7d, 0x9e,
+    0x63, 0x16, 0x5f, 0x40, 0x18, 0x05, 0x97, 0xcf, 0x81, 0xe2, 0xcb, 0xfb,
+    0xf9, 0x11, 0x49, 0xd7, 0x10, 0x12, 0xf8, 0x87, 0xe9, 0x54, 0x40, 0x40,
+    0x86, 0xea, 0xe2, 0x95, 0x95, 0x1a, 0x3d, 0x3b, 0x22, 0xf1, 0x13, 0xad,
+    0xee, 0xa0, 0x5f, 0xe3, 0x33, 0x6f, 0x0a, 0x74, 0xb2, 0xff, 0xdd, 0xc0,
+    0x9a, 0x3f, 0xbc, 0x38, 0xb2, 0xff, 0xb8, 0x3c, 0x29, 0x21, 0x4a, 0xcb,
+    0x31, 0xa7, 0xed, 0xda, 0x05, 0xff, 0xfd, 0xe9, 0xf7, 0x4d, 0xcc, 0x19,
+    0x64, 0x51, 0x4c, 0x6b, 0x2f, 0xc7, 0x06, 0xb3, 0xb5, 0x94, 0x34, 0x43,
+    0x62, 0xed, 0xfb, 0x4c, 0x20, 0xbc, 0xac, 0xbf, 0xda, 0xce, 0xf8, 0x07,
+    0xfa, 0xcb, 0xfc, 0xc5, 0xf9, 0x07, 0xf8, 0xb2, 0xe9, 0xed, 0x65, 0xa2,
+    0x81, 0xe4, 0x98, 0x65, 0x52, 0x8d, 0x23, 0x4a, 0xf8, 0xfb, 0x61, 0x46,
+    0x99, 0x27, 0x50, 0xf4, 0xbf, 0x4c, 0x1f, 0xb3, 0x16, 0x5f, 0xf6, 0xdd,
+    0x6b, 0x3d, 0xdc, 0x38, 0xb2, 0xff, 0xff, 0x67, 0x04, 0xfd, 0xe6, 0x11,
+    0xbc, 0xe6, 0x17, 0xf8, 0xb2, 0xff, 0xa0, 0xc5, 0xff, 0x64, 0x36, 0x56,
+    0x57, 0x48, 0xd8, 0xec, 0xf4, 0xec, 0x17, 0x1b, 0xbd, 0x65, 0xff, 0x7f,
+    0x53, 0x9d, 0xec, 0x20, 0xb3, 0x60, 0x59, 0x7f, 0xdf, 0x14, 0xe4, 0x7b,
+    0x08, 0x2c, 0xd8, 0x16, 0x5c, 0xe6, 0x0d, 0x15, 0xdd, 0x8d, 0x06, 0x95,
+    0x52, 0xb9, 0x9d, 0x90, 0xab, 0x68, 0xf4, 0xf4, 0x62, 0xf1, 0x80, 0x94,
+    0x38, 0x2f, 0xbf, 0xc1, 0x41, 0x65, 0xff, 0xa7, 0xb0, 0x63, 0x3e, 0xf9,
+    0xd2, 0xcb, 0xf0, 0xb6, 0x73, 0x40, 0x59, 0x7e, 0xd0, 0x0e, 0xf0, 0x59,
+    0x4e, 0x8b, 0x52, 0x23, 0xe1, 0xf8, 0x65, 0x76, 0x8d, 0x65, 0xfb, 0x6e,
+    0x44, 0xc7, 0x59, 0x7f, 0x01, 0xe1, 0x1b, 0xc6, 0xb2, 0xff, 0xbb, 0xfe,
+    0x41, 0x88, 0x0c, 0xb2, 0xfe, 0x14, 0x6c, 0x42, 0x3a, 0xca, 0x93, 0xe6,
+    0x23, 0x8b, 0xff, 0xc2, 0x9d, 0xbb, 0xbf, 0x6e, 0x7b, 0xb7, 0x31, 0x65,
+    0x46, 0x99, 0x86, 0x15, 0x34, 0x25, 0x78, 0x41, 0x7f, 0xec, 0x1f, 0x9c,
+    0x24, 0xfa, 0x7b, 0x59, 0x7f, 0xde, 0x7e, 0x31, 0x14, 0xf6, 0xb2, 0x96,
+    0x05, 0x53, 0xfb, 0xd4, 0x68, 0x47, 0x42, 0xe2, 0x05, 0xff, 0x11, 0xba,
+    0x26, 0xe8, 0x44, 0xb2, 0xfd, 0xf9, 0xc2, 0x95, 0x94, 0xc7, 0xbc, 0x47,
+    0x37, 0x83, 0x2f, 0xac, 0xbc, 0xc7, 0x75, 0x97, 0xfc, 0x3c, 0x63, 0x58,
+    0x6e, 0x75, 0x95, 0x19, 0xf8, 0x1a, 0x3a, 0x71, 0xbb, 0xff, 0x4b, 0x72,
+    0x7f, 0xc9, 0xf4, 0xac, 0xbf, 0xec, 0x8c, 0xa4, 0xdc, 0xef, 0xeb, 0x28,
+    0xd3, 0xf6, 0x0c, 0xf2, 0xfd, 0xd6, 0x37, 0x0e, 0xb2, 0xff, 0xee, 0x49,
+    0x7c, 0x38, 0xbc, 0xdf, 0xe2, 0xcb, 0xec, 0xd4, 0xef, 0x59, 0x5d, 0x9f,
+    0x4f, 0xd1, 0xaf, 0xe8, 0x4c, 0x73, 0xc1, 0x2c, 0xbf, 0xff, 0x1e, 0x61,
+    0x9d, 0x0d, 0x8b, 0x35, 0xd4, 0xe2, 0xcb, 0x75, 0x12, 0x20, 0x80, 0x5d,
+    0x5d, 0xa3, 0x40, 0xa1, 0x4b, 0x47, 0x4e, 0x25, 0xe3, 0x61, 0xa9, 0x57,
+    0x75, 0x90, 0xad, 0x68, 0x48, 0x3c, 0x29, 0xc5, 0x1d, 0x6d, 0xed, 0xd9,
+    0xed, 0x65, 0xfe, 0x2c, 0x07, 0x03, 0x7f, 0xac, 0xbb, 0x0e, 0xb2, 0xfb,
+    0x51, 0xcc, 0x16, 0x54, 0x9b, 0x9c, 0x16, 0xb9, 0xb1, 0x65, 0xfd, 0x9a,
+    0xd3, 0x45, 0xc5, 0x95, 0x03, 0xc3, 0xf8, 0xad, 0xe3, 0xc7, 0x2b, 0x2f,
+    0xf6, 0x14, 0xf7, 0xc7, 0xe9, 0x65, 0x1a, 0x7e, 0x5d, 0x11, 0x18, 0x3b,
+    0x7d, 0x9c, 0x87, 0x4b, 0x2f, 0x00, 0xff, 0x59, 0x50, 0x4f, 0x49, 0x88,
+    0x0e, 0xd8, 0xf0, 0xd4, 0x01, 0x91, 0x11, 0xdf, 0xfb, 0x0f, 0x3d, 0x37,
+    0xf4, 0x23, 0xac, 0xbf, 0x79, 0xe3, 0x1e, 0xf5, 0x97, 0xfe, 0xd3, 0x47,
+    0xa9, 0x68, 0x3f, 0x16, 0x5f, 0xf9, 0xf3, 0x08, 0xd0, 0xfe, 0x21, 0xac,
+    0xbd, 0x13, 0x8d, 0x65, 0xa3, 0xd2, 0x26, 0xbc, 0x7c, 0x23, 0xfb, 0xcd,
+    0xdf, 0x16, 0x5f, 0xfd, 0xc9, 0x8f, 0x35, 0x11, 0x48, 0x38, 0xb2, 0xff,
+    0x37, 0xb3, 0x5a, 0xce, 0xd6, 0x5f, 0xa2, 0x29, 0xd4, 0x16, 0x5a, 0x60,
+    0x7b, 0x78, 0x67, 0x7f, 0xfe, 0x63, 0x30, 0x85, 0xd3, 0x1b, 0xcf, 0x49,
+    0x7d, 0x65, 0x41, 0x53, 0xa7, 0x47, 0xef, 0x0c, 0x50, 0x1b, 0xfc, 0x74,
+    0xc8, 0x50, 0x6e, 0x93, 0x5f, 0x69, 0xe1, 0x12, 0xcb, 0xff, 0x77, 0xfc,
+    0x29, 0x06, 0x10, 0x16, 0x5f, 0x72, 0x41, 0xb1, 0x2c, 0xac, 0x3e, 0x4e,
+    0x1e, 0xd1, 0xa8, 0xa8, 0x32, 0x10, 0xf7, 0xde, 0xc0, 0x3a, 0xca, 0x94,
+    0xd9, 0xde, 0x31, 0xce, 0x15, 0x5f, 0xb8, 0xc5, 0xf6, 0x59, 0x7e, 0xfb,
+    0x74, 0xf0, 0x59, 0x6d, 0x44, 0x79, 0xce, 0x4d, 0x7f, 0xe8, 0x31, 0xcc,
+    0xc2, 0x1f, 0xa5, 0x65, 0xff, 0xc5, 0x3f, 0xcc, 0xd6, 0xb2, 0x7a, 0x59,
+    0x7f, 0x8d, 0xcd, 0x00, 0xed, 0xc5, 0x95, 0xda, 0x2d, 0x3c, 0x7c, 0x48,
+    0x57, 0xfb, 0xcd, 0xd8, 0x34, 0xe3, 0x59, 0x68, 0x96, 0x5f, 0x76, 0x0d,
+    0x4a, 0x4b, 0x8c, 0x31, 0x25, 0x49, 0xbc, 0x30, 0x8e, 0xcc, 0x90, 0x21,
+    0xa1, 0xaf, 0x22, 0x44, 0x9b, 0xef, 0xff, 0xf9, 0xb7, 0x24, 0x7b, 0x5e,
+    0x7b, 0xeb, 0xd3, 0xdf, 0x1e, 0x77, 0x56, 0x5f, 0xff, 0xec, 0xdd, 0x98,
+    0x98, 0xf3, 0x16, 0xd2, 0xee, 0x1e, 0x10, 0x16, 0x5c, 0x41, 0x25, 0x1a,
+    0xf8, 0xdf, 0x7d, 0xd1, 0x3c, 0x16, 0x5c, 0xdd, 0x2c, 0xb6, 0xea, 0xcb,
+    0xe7, 0xda, 0x19, 0xd6, 0x56, 0xf3, 0x72, 0x60, 0xa5, 0xfc, 0x36, 0xdf,
+    0xec, 0xdd, 0x59, 0x68, 0x96, 0x56, 0x1e, 0x23, 0x19, 0x52, 0xcb, 0xb5,
+    0x0d, 0xaa, 0xbc, 0x61, 0x0c, 0x5e, 0xe1, 0xf2, 0xc5, 0xda, 0x22, 0xf2,
+    0x83, 0xb4, 0x00, 0x82, 0xa5, 0x5d, 0x5b, 0xcb, 0x21, 0xbe, 0xff, 0xdc,
+    0xeb, 0x2f, 0xc5, 0x0e, 0x85, 0x1a, 0xcb, 0xd3, 0xa8, 0x96, 0x53, 0x9e,
+    0x38, 0x8a, 0xaf, 0xe0, 0xce, 0x4f, 0xfe, 0x2c, 0xad, 0xae, 0xa6, 0x7f,
+    0x60, 0x6a, 0x99, 0x69, 0x11, 0xc3, 0x3a, 0x04, 0x63, 0x72, 0xca, 0x4f,
+    0x8f, 0x71, 0x84, 0x34, 0x62, 0x9a, 0x9d, 0x1c, 0x3c, 0x64, 0x1e, 0x9d,
+    0xf1, 0x79, 0x45, 0xe5, 0x38, 0x6b, 0xf8, 0x41, 0x8a, 0x72, 0x1f, 0x79,
+    0x51, 0x8d, 0x21, 0x90, 0xde, 0xfb, 0x18, 0xb2, 0xc6, 0xac, 0xbf, 0xa3,
+    0xd9, 0x17, 0x9b, 0x4b, 0x2f, 0xf1, 0x43, 0x83, 0xf3, 0x18, 0xb2, 0xf4,
+    0x6e, 0x75, 0x97, 0x76, 0x4b, 0x2f, 0xdd, 0xc3, 0xc1, 0xf1, 0x65, 0x9f,
+    0x0f, 0x08, 0x85, 0xee, 0x61, 0xac, 0xb4, 0x4b, 0x2e, 0x3c, 0xac, 0xbd,
+    0xf6, 0x31, 0x71, 0x84, 0x2e, 0x70, 0xd5, 0x10, 0x3b, 0xb3, 0x55, 0x5b,
+    0x51, 0x0e, 0xc2, 0x42, 0x40, 0xa8, 0x23, 0xcf, 0xc4, 0xbf, 0x84, 0xed,
+    0x6d, 0x4f, 0xfe, 0x44, 0x98, 0xc9, 0xcd, 0x05, 0x1a, 0x95, 0xe9, 0x8e,
+    0x56, 0x5f, 0xfd, 0x30, 0xcf, 0x3f, 0x60, 0xce, 0xfe, 0xb2, 0xe0, 0x61,
+    0x1f, 0x0f, 0x07, 0x2f, 0xfd, 0xcd, 0x91, 0x79, 0xb5, 0x9d, 0xfd, 0x65,
+    0xda, 0x0b, 0xac, 0xad, 0x22, 0x28, 0x05, 0x84, 0x87, 0x7f, 0x61, 0x03,
+    0x30, 0x6b, 0x2e, 0x73, 0x16, 0x5f, 0xce, 0xdd, 0xf1, 0x9d, 0x65, 0xff,
+    0xef, 0x94, 0xe6, 0xf6, 0xfc, 0xe1, 0x41, 0x65, 0x1a, 0x7e, 0x8c, 0x59,
+    0x7f, 0xff, 0xe8, 0x75, 0xe6, 0xd4, 0x67, 0x9e, 0xbd, 0x2c, 0x39, 0xf4,
+    0xc1, 0x65, 0xef, 0x49, 0xab, 0x2b, 0xb4, 0x45, 0xef, 0x6e, 0xbf, 0x81,
+    0xad, 0x37, 0x60, 0x59, 0x7f, 0xf4, 0x24, 0x81, 0x9a, 0x01, 0xdb, 0x8b,
+    0x2f, 0xf6, 0x75, 0x31, 0x94, 0xf4, 0xb2, 0xfd, 0xd1, 0x4f, 0x70, 0x59,
+    0x60, 0x2c, 0xb6, 0xe6, 0xd3, 0xee, 0xc3, 0x46, 0x29, 0xbf, 0x67, 0xf8,
+    0xfd, 0xac, 0xbf, 0xfd, 0xcc, 0xf3, 0x70, 0x51, 0xed, 0x8a, 0x49, 0x65,
+    0xd2, 0x25, 0x97, 0xe1, 0x10, 0x03, 0x82, 0xcb, 0xfd, 0xe9, 0x01, 0xde,
+    0x1b, 0x70, 0xdf, 0xf0, 0x5a, 0x86, 0x8f, 0xee, 0x14, 0x07, 0x08, 0xcb,
+    0xfd, 0x20, 0x8a, 0x0c, 0x20, 0xba, 0xcb, 0xc5, 0x9c, 0xda, 0x7d, 0xc1,
+    0x9b, 0x50, 0xd7, 0x05, 0xcd, 0x84, 0x5b, 0xc2, 0xb4, 0x89, 0xbe, 0x5e,
+    0x28, 0x58, 0xef, 0x8e, 0x92, 0xff, 0xed, 0x37, 0x61, 0xff, 0x1a, 0x0f,
+    0xc5, 0x97, 0xfc, 0x28, 0xe7, 0x6c, 0xfe, 0x46, 0xb2, 0xb4, 0x88, 0x0f,
+    0x22, 0xdf, 0x6e, 0xee, 0xce, 0xe2, 0xcb, 0xff, 0xf4, 0xff, 0xd8, 0x3f,
+    0xe7, 0x8b, 0x3f, 0xe6, 0x59, 0x69, 0xda, 0x7f, 0xda, 0x2b, 0xbe, 0x78,
+    0x00, 0xeb, 0x2f, 0xff, 0xe9, 0x0f, 0x4c, 0x79, 0x37, 0x9e, 0x6f, 0x94,
+    0x9d, 0x65, 0x1c, 0xff, 0x40, 0x45, 0x6d, 0x69, 0x19, 0x00, 0x85, 0x35,
+    0xe7, 0xd4, 0x6b, 0x2e, 0x30, 0xc5, 0x97, 0xfb, 0x4d, 0x9b, 0xc3, 0x80,
+    0x4e, 0x8d, 0xb1, 0x83, 0xb7, 0xc4, 0xfd, 0x81, 0x65, 0xff, 0x98, 0xdd,
+    0xbc, 0x10, 0x0f, 0x30, 0x59, 0x7f, 0xb9, 0x9f, 0x73, 0xe1, 0x2c, 0xa1,
+    0xaa, 0xb2, 0x68, 0xda, 0x74, 0xc8, 0x75, 0x0f, 0x11, 0x7d, 0x0a, 0xff,
+    0xdc, 0xc2, 0xcf, 0x67, 0x58, 0x4b, 0x2f, 0xff, 0x37, 0x30, 0xb6, 0x87,
+    0xa8, 0xb3, 0x0c, 0x59, 0x7d, 0xa6, 0x93, 0xac, 0xbf, 0xdc, 0xff, 0xb0,
+    0xf9, 0x05, 0x97, 0xff, 0x85, 0x23, 0xcf, 0x80, 0x32, 0x87, 0xb1, 0x65,
+    0xd3, 0xc5, 0x95, 0x04, 0x49, 0x8c, 0xcc, 0x09, 0x57, 0xc6, 0x38, 0x67,
+    0x59, 0x79, 0xfb, 0x95, 0x97, 0xec, 0x37, 0xcf, 0x0f, 0x1e, 0x00, 0x64,
+    0x95, 0x04, 0xfb, 0x46, 0x78, 0x6a, 0x6b, 0x42, 0xd0, 0x9c, 0x2a, 0x55,
+    0x4d, 0x64, 0xa4, 0xbb, 0xfd, 0xbc, 0xcc, 0x21, 0xfa, 0x56, 0x5f, 0xcc,
+    0x3d, 0x61, 0xf1, 0x65, 0xff, 0x7f, 0x81, 0xea, 0x7f, 0x30, 0x59, 0x7d,
+    0xd3, 0xbf, 0x4a, 0x88, 0x61, 0x7f, 0x9a, 0x75, 0x01, 0x4e, 0x2c, 0xad,
+    0xa8, 0x9b, 0xd1, 0xd1, 0x18, 0x5f, 0x1c, 0xef, 0x0d, 0xa8, 0xf8, 0xc8,
+    0x63, 0xdf, 0xff, 0xed, 0xec, 0x3d, 0xd9, 0xcd, 0x47, 0x23, 0x27, 0x34,
+    0xd9, 0x59, 0x7f, 0xff, 0xc5, 0x9d, 0x7a, 0x7b, 0x86, 0xce, 0x7b, 0xa6,
+    0xc2, 0x73, 0x56, 0x5d, 0xd0, 0x16, 0x5c, 0xfc, 0xc4, 0x41, 0x1d, 0xaa,
+    0xb1, 0x35, 0x57, 0x40, 0x14, 0x3a, 0x2e, 0x8c, 0x4b, 0x2f, 0xf7, 0x3e,
+    0xfd, 0xec, 0xb1, 0xab, 0x2f, 0xd9, 0x14, 0x90, 0xd6, 0x54, 0x9e, 0xfe,
+    0x8e, 0x2a, 0x59, 0xc6, 0x50, 0x2f, 0x69, 0xc4, 0x2f, 0x4f, 0x24, 0xb9,
+    0x51, 0x4a, 0x82, 0xf9, 0xa0, 0x9d, 0xef, 0xc5, 0x20, 0xec, 0x0b, 0x2f,
+    0xd9, 0x09, 0xd0, 0x16, 0x5d, 0x21, 0xac, 0xbf, 0x3c, 0x65, 0x30, 0x49,
+    0x51, 0x1b, 0xef, 0x0b, 0xdf, 0xe7, 0x6f, 0xce, 0xa4, 0x0b, 0x2f, 0xfd,
+    0xf2, 0x90, 0x0c, 0x9b, 0xbf, 0xac, 0xb7, 0xfc, 0x7d, 0xe1, 0x98, 0xdf,
+    0xbc, 0xe4, 0x1c, 0x6b, 0x2a, 0x09, 0xb8, 0x1a, 0x50, 0x76, 0x52, 0x84,
+    0x89, 0x85, 0x37, 0xfe, 0x6e, 0xa7, 0x8f, 0xad, 0x31, 0x8b, 0x2f, 0xfa,
+    0x38, 0x1e, 0x7c, 0xec, 0x6a, 0xcb, 0xff, 0x7d, 0x8a, 0x3c, 0xef, 0xfe,
+    0x75, 0x97, 0xff, 0x36, 0x8d, 0xeb, 0xcd, 0xe2, 0x14, 0x6b, 0x2b, 0x11,
+    0x0c, 0x03, 0xfb, 0xff, 0xba, 0xd6, 0xb3, 0x9c, 0xe3, 0x94, 0x16, 0x5f,
+    0xff, 0xc3, 0xd1, 0x39, 0x9b, 0x5b, 0x52, 0x59, 0xec, 0xe9, 0x65, 0x12,
+    0x70, 0x7c, 0x86, 0x00, 0x88, 0x8c, 0x45, 0xbe, 0x16, 0x71, 0x96, 0x5d,
+    0xc1, 0x2c, 0xbf, 0xa1, 0xe7, 0x72, 0x95, 0x96, 0x9e, 0x8f, 0x0b, 0xb1,
+    0x7b, 0xff, 0xb3, 0xf3, 0xe6, 0xc3, 0x4d, 0x98, 0x2c, 0xbf, 0x6b, 0xa7,
+    0x7e, 0x95, 0x10, 0x52, 0xf7, 0xa4, 0xeb, 0x2f, 0xfd, 0x31, 0xbf, 0xf5,
+    0x90, 0xd9, 0xc5, 0x97, 0xa3, 0x6d, 0x2c, 0xa1, 0xa3, 0xd3, 0x11, 0x18,
+    0xd8, 0x87, 0x38, 0x83, 0x7e, 0xf4, 0x9c, 0x5d, 0xac, 0xbd, 0xc9, 0xed,
+    0x65, 0xf7, 0xf9, 0x20, 0x49, 0x79, 0xf5, 0x1a, 0x4b, 0xe1, 0x13, 0x9a,
+    0x92, 0xff, 0x34, 0x79, 0xfe, 0x48, 0x12, 0x52, 0x4b, 0xfb, 0x3a, 0x9f,
+    0x49, 0xd2, 0x5c, 0x61, 0x89, 0x2f, 0xe2, 0x92, 0x8d, 0xb4, 0x92, 0xb1,
+    0x31, 0x1e, 0x88, 0x8e, 0x3b, 0xe2, 0x20, 0x19, 0x90, 0x59, 0x85, 0xa1,
+    0x8c, 0xdb, 0x49, 0x02, 0x1f, 0x9d, 0x2c, 0xae, 0xd3, 0xd0, 0x68, 0xe8,
+    0x43, 0x24, 0xa8, 0x2a, 0x78, 0x89, 0x1f, 0xd1, 0xfc, 0xdf, 0xff, 0x19,
+    0xc2, 0xce, 0xfe, 0xe5, 0x1e, 0x77, 0xf5, 0x97, 0xf6, 0xfd, 0xaf, 0x08,
+    0x62, 0xca, 0x94, 0x41, 0xe2, 0x95, 0xff, 0xf8, 0xb3, 0xe2, 0x01, 0xde,
+    0x01, 0x9f, 0x65, 0x8d, 0x59, 0x73, 0xe9, 0x65, 0xfa, 0x3c, 0x1c, 0x9d,
+    0x65, 0xf9, 0xbd, 0xd4, 0x9c, 0xc3, 0x7c, 0x18, 0xb5, 0x0d, 0x1b, 0x1f,
+    0x84, 0xc5, 0x4b, 0x20, 0xaf, 0x14, 0x5a, 0x3c, 0x2d, 0x21, 0xf9, 0x8d,
+    0xe5, 0xca, 0x94, 0x2f, 0x05, 0x0f, 0x9b, 0xff, 0xf9, 0xe1, 0xf2, 0x9c,
+    0xef, 0x3a, 0x9f, 0xf9, 0xb7, 0xac, 0xb9, 0xc6, 0xb2, 0x8d, 0x3f, 0x23,
+    0xae, 0x5f, 0xff, 0xf1, 0x67, 0xff, 0x3d, 0xc3, 0x6f, 0xa4, 0xe2, 0xef,
+    0x9e, 0x95, 0x97, 0xf7, 0x98, 0xd3, 0x66, 0x35, 0x97, 0xf6, 0x17, 0x18,
+    0xb1, 0x65, 0xfc, 0x7c, 0x1f, 0xb2, 0x35, 0x97, 0xff, 0x89, 0xcd, 0xe0,
+    0x3f, 0xfe, 0xff, 0x9d, 0x2c, 0xbf, 0x7f, 0x6f, 0xf5, 0x2b, 0x2a, 0x51,
+    0x4a, 0x69, 0x77, 0x69, 0xb7, 0xbc, 0x23, 0xac, 0xa3, 0x53, 0xda, 0xdc,
+    0x23, 0xd3, 0x57, 0x8c, 0x0a, 0x19, 0xfb, 0xa6, 0x37, 0xf1, 0x67, 0x35,
+    0x3c, 0x59, 0x78, 0x50, 0xc5, 0x94, 0xe7, 0x90, 0x02, 0xcb, 0xf6, 0x13,
+    0xff, 0x8b, 0x2f, 0xbd, 0x25, 0x05, 0x97, 0xec, 0xf1, 0x3c, 0x4b, 0x28,
+    0x67, 0xdd, 0x84, 0xc4, 0x43, 0x50, 0x45, 0xe7, 0x21, 0x1f, 0x7c, 0xf1,
+    0x67, 0x96, 0x5f, 0x0f, 0xd3, 0x12, 0xcb, 0xf9, 0xa7, 0x59, 0xdf, 0xd6,
+    0x5f, 0xf4, 0xb1, 0x3f, 0xe2, 0x63, 0x16, 0x5f, 0xfb, 0x30, 0xce, 0x77,
+    0x25, 0x3c, 0x59, 0x6d, 0x6d, 0x47, 0x44, 0x91, 0x1c, 0x8f, 0x85, 0xbf,
+    0x38, 0xa9, 0x4d, 0x85, 0xa3, 0x10, 0xbf, 0x8e, 0xe3, 0xf4, 0x92, 0xcb,
+    0xda, 0xcf, 0x2c, 0xbe, 0xf8, 0xbf, 0xc5, 0x97, 0xdd, 0xc3, 0x3e, 0xb2,
+    0xb0, 0xf1, 0xb4, 0x47, 0x7f, 0x99, 0xff, 0x9d, 0x48, 0x16, 0x5f, 0xff,
+    0x3b, 0x03, 0x98, 0x6b, 0x9f, 0x53, 0x84, 0xb2, 0xf7, 0x41, 0x81, 0x65,
+    0xff, 0xfd, 0xfe, 0x7b, 0x37, 0x5c, 0x8d, 0x1e, 0x36, 0xb5, 0x2b, 0x2a,
+    0x4f, 0xf1, 0xc7, 0xef, 0xbd, 0x3d, 0xf1, 0x65, 0xf3, 0x67, 0x7f, 0x59,
+    0x58, 0x78, 0xbf, 0x23, 0xbf, 0xff, 0xef, 0x36, 0xb0, 0x6e, 0x7c, 0x2f,
+    0x94, 0x99, 0x9f, 0xe2, 0xcb, 0x4a, 0xcb, 0xe9, 0xde, 0x39, 0xe8, 0xfd,
+    0x00, 0xc9, 0x7f, 0xe7, 0x87, 0x9f, 0xfc, 0xc2, 0x82, 0xca, 0xf1, 0xfc,
+    0x7c, 0xee, 0xa0, 0xac, 0xfb, 0xb2, 0xcd, 0x31, 0x1c, 0x87, 0xc6, 0x45,
+    0x0c, 0x9e, 0x32, 0xfe, 0x30, 0xdb, 0xff, 0xd9, 0xa0, 0x7f, 0x59, 0x1f,
+    0xe7, 0x38, 0xb2, 0xff, 0xfa, 0x40, 0x1e, 0x7b, 0xed, 0xd9, 0x99, 0xdf,
+    0xd6, 0x5e, 0xeb, 0x0e, 0xb2, 0xff, 0xfe, 0xce, 0xa4, 0x5d, 0x7a, 0x75,
+    0xe7, 0x1f, 0x9f, 0x4b, 0x2f, 0xe1, 0xbf, 0xf8, 0x28, 0x2c, 0xba, 0x1b,
+    0x32, 0x8a, 0x7c, 0x1d, 0x0d, 0x72, 0xfe, 0x7d, 0x4f, 0xdb, 0x7a, 0xca,
+    0xec, 0xfb, 0x08, 0xfa, 0xff, 0xff, 0xda, 0xd4, 0xf7, 0x0e, 0xf8, 0xda,
+    0xeb, 0xd8, 0x1e, 0x9a, 0x46, 0xb2, 0xfc, 0x46, 0x87, 0x9d, 0xac, 0xbf,
+    0xe7, 0xd6, 0x77, 0x09, 0x04, 0xac, 0xa9, 0x47, 0xa6, 0x11, 0x33, 0x80,
+    0x8a, 0xaf, 0xfb, 0xb8, 0x7f, 0x39, 0xfc, 0xdc, 0x59, 0x7f, 0xfe, 0xe8,
+    0xd7, 0xe6, 0x6a, 0x0d, 0xe7, 0x2e, 0xe0, 0xb2, 0xff, 0xdd, 0x4f, 0xf9,
+    0x9f, 0x6e, 0xcc, 0x59, 0x58, 0x89, 0x83, 0x55, 0xea, 0x51, 0xf0, 0xf0,
+    0xd5, 0xa9, 0x5c, 0x7a, 0x1b, 0xf3, 0x25, 0x7a, 0x52, 0xd1, 0x46, 0x65,
+    0x7e, 0xe1, 0x0b, 0x7c, 0x16, 0x5f, 0xb0, 0xbd, 0x84, 0xb2, 0xf4, 0x61,
+    0xf4, 0xb2, 0xf8, 0x9a, 0x2d, 0xc5, 0x95, 0x28, 0x94, 0xf1, 0x53, 0x92,
+    0xf0, 0x82, 0xe7, 0x02, 0xca, 0x81, 0xe8, 0xfc, 0xee, 0xff, 0xff, 0xe1,
+    0x7f, 0x9c, 0xfb, 0x64, 0x47, 0x9e, 0x44, 0x58, 0x73, 0x45, 0x2b, 0x2f,
+    0xfa, 0x19, 0xf3, 0xce, 0x10, 0xd6, 0x5f, 0xff, 0x9d, 0xe0, 0xfe, 0xdb,
+    0x91, 0x8b, 0xe2, 0x70, 0xd5, 0x17, 0xda, 0xf6, 0xf1, 0x7d, 0x65, 0xd2,
+    0x35, 0x95, 0x26, 0xd4, 0x03, 0xf7, 0xf3, 0xf5, 0x25, 0x20, 0x59, 0x7f,
+    0xd3, 0x23, 0x6e, 0x98, 0xa3, 0x59, 0x7f, 0xee, 0x31, 0x77, 0x0d, 0x0a,
+    0x78, 0xb2, 0xfd, 0x9a, 0xc1, 0xca, 0xca, 0x1a, 0xa2, 0xee, 0xdd, 0x22,
+    0x37, 0xd4, 0x26, 0xbc, 0x40, 0x45, 0x9f, 0x38, 0xde, 0x7f, 0x7e, 0xf6,
+    0x45, 0x3b, 0x8b, 0x2f, 0xc3, 0xd6, 0xb0, 0xc5, 0x95, 0x19, 0xea, 0x11,
+    0x5d, 0xfc, 0xc5, 0x9f, 0x98, 0x96, 0x5f, 0xef, 0x48, 0xbb, 0x83, 0x6c,
+    0xac, 0xbf, 0xfa, 0x1c, 0x93, 0xe7, 0x44, 0xf9, 0xd2, 0xcb, 0xe9, 0x23,
+    0x46, 0xb2, 0xff, 0xf9, 0xca, 0x32, 0xce, 0xf8, 0xf9, 0xfc, 0x3a, 0xcb,
+    0xce, 0x09, 0x59, 0x7f, 0xf8, 0x6c, 0x7e, 0xe1, 0xc2, 0xcd, 0x07, 0xf5,
+    0x95, 0x29, 0xd0, 0x40, 0x8b, 0xa2, 0xce, 0xcd, 0xfc, 0x88, 0xe4, 0x5c,
+    0x4e, 0xf8, 0xdd, 0xd0, 0xe2, 0xcb, 0xf4, 0x1b, 0xa7, 0xd2, 0xcb, 0xff,
+    0xce, 0x59, 0xf9, 0x6d, 0x31, 0xa6, 0xca, 0xca, 0xe1, 0xf8, 0x06, 0x51,
+    0x6e, 0x96, 0x5f, 0xff, 0xe0, 0x36, 0x8d, 0xf4, 0x9e, 0x28, 0x31, 0x7a,
+    0x75, 0x2b, 0x2d, 0xfc, 0x3f, 0x3e, 0x09, 0x5e, 0x6d, 0x62, 0xcb, 0xc5,
+    0x90, 0x59, 0x5d, 0x1b, 0x6f, 0x8d, 0xde, 0x29, 0x3a, 0xca, 0x94, 0x4d,
+    0x32, 0xef, 0x08, 0xaf, 0xf9, 0xa1, 0xff, 0x66, 0x9b, 0x8b, 0x2f, 0xff,
+    0xd0, 0xc2, 0x1f, 0xa7, 0x0a, 0x40, 0x77, 0x82, 0xca, 0x24, 0x45, 0x06,
+    0x71, 0x7f, 0xb3, 0xdd, 0xc3, 0xf2, 0x75, 0x97, 0xe8, 0x16, 0x64, 0x6b,
+    0x2e, 0xd4, 0x6b, 0x2f, 0xfa, 0x20, 0xaf, 0xd8, 0x63, 0xc2, 0x59, 0x52,
+    0x7f, 0x98, 0x4e, 0xc3, 0x17, 0xf9, 0xc7, 0x20, 0x93, 0x38, 0xb2, 0xb1,
+    0x30, 0xff, 0x42, 0xc1, 0xcb, 0x2f, 0xed, 0x90, 0xb7, 0xb7, 0x6f, 0xb6,
+    0x57, 0x10, 0x0a, 0xff, 0x7c, 0x01, 0x94, 0x3d, 0x8b, 0x88, 0x05, 0x79,
+    0xf5, 0x05, 0xc4, 0x02, 0xac, 0x3e, 0xa1, 0x20, 0xdc, 0xf0, 0x5c, 0x40,
+    0x2b, 0xe7, 0x2e, 0xe0, 0xb8, 0x80, 0x57, 0xf9, 0xba, 0xf6, 0x00, 0x12,
+    0xb8, 0x80, 0x57, 0x98, 0x86, 0xb8, 0x80, 0x54, 0x34, 0x5d, 0x1c, 0x8f,
+    0xc5, 0xfb, 0xd0, 0x2c, 0x6a, 0xe2, 0x01, 0x5e, 0xd4, 0xfd, 0x71, 0x00,
+    0xa9, 0x71, 0x00, 0xaf, 0x6c, 0xb0, 0x17, 0x10, 0x0a, 0xe9, 0x3a, 0xe2,
+    0x01, 0x50, 0xcf, 0x9f, 0x06, 0x18, 0xb2, 0xf9, 0x8e, 0x39, 0x5c, 0x40,
+    0x2b, 0xdf, 0x7e, 0x97, 0x10, 0x0a, 0xff, 0xc4, 0xf0, 0x09, 0xe6, 0xe9,
+    0xf4, 0xb8, 0x80, 0x57, 0xff, 0x3f, 0xc5, 0x1b, 0x17, 0xfc, 0xf0, 0x5c,
+    0x40, 0x2b, 0x9c, 0x6b, 0x88, 0x05, 0x7f, 0x89, 0xcc, 0xe7, 0x24, 0x0b,
+    0x88, 0x05, 0x7e, 0x63, 0x5c, 0x80, 0xb8, 0x80, 0x57, 0x37, 0x17, 0x10,
+    0x0a, 0xb4, 0x7a, 0xff, 0x34, 0xbf, 0xfd, 0xe6, 0xff, 0xf3, 0x9b, 0x74,
+    0xd2, 0x75, 0xc4, 0x02, 0xbf, 0x7c, 0xa7, 0xb8, 0x2a, 0x20, 0x15, 0xc0,
+    0x95, 0xc4, 0x02, 0x08, 0x6d, 0x69, 0x71, 0x00, 0xaf, 0xa4, 0xee, 0x35,
+    0xc4, 0x02, 0xa1, 0x9e, 0x33, 0x0c, 0x5f, 0x09, 0xcb, 0xa5, 0xc4, 0x02,
+    0xbd, 0x3a, 0xe9, 0x71, 0x00, 0xaf, 0xfd, 0x9d, 0xf0, 0x73, 0x84, 0x0e,
+    0x2e, 0x20, 0x15, 0xf8, 0x4f, 0x08, 0x4a, 0xe2, 0x01, 0x5f, 0x9f, 0xaf,
+    0x4f, 0x6b, 0x88, 0x05, 0x58, 0x8b, 0x5f, 0x25, 0x88, 0xd2, 0xed, 0x01,
+    0x71, 0x00, 0xaa, 0x0a, 0xd9, 0x86, 0x47, 0x90, 0x97, 0xe8, 0x89, 0xa1,
+    0x1b, 0xe7, 0xb0, 0x10, 0xf0, 0xbf, 0xf0, 0xdf, 0x11, 0x7d, 0xfb, 0x3f,
+    0xc7, 0xed, 0x71, 0x00, 0xaf, 0xf0, 0xe7, 0xa8, 0xb5, 0x3f, 0x5c, 0x40,
+    0x21, 0x9b, 0x5b, 0xda, 0x93, 0x17, 0x10, 0x0a, 0xba, 0x3f, 0xcd, 0x29,
+    0x5f, 0xe1, 0x3c, 0x21, 0x21, 0x9d, 0x71, 0x00, 0xaf, 0x98, 0xa1, 0xc5,
+    0xc4, 0x02, 0xbf, 0x9e, 0x28, 0x67, 0x70, 0x5c, 0x40, 0x2a, 0xc4, 0x67,
+    0x78, 0x8c, 0x08, 0x22, 0x2e, 0xbf, 0xef, 0x4f, 0x02, 0x70, 0x5a, 0x02,
+    0xe2, 0x01, 0x59, 0x97, 0x10, 0x0a, 0xe7, 0x8c, 0x67, 0xcd, 0xe4, 0x9b,
+    0xb4, 0x05, 0xc4, 0x02, 0xbf, 0x3f, 0xf8, 0xdd, 0xae, 0x20, 0x15, 0xfc,
+    0xc4, 0x28, 0x67, 0x17, 0x10, 0x0a, 0xa5, 0x12, 0x44, 0x49, 0xf3, 0x5a,
+    0x96, 0x55, 0x90, 0xe1, 0x6d, 0x90, 0xdb, 0x63, 0xf8, 0x87, 0xf5, 0x09,
+    0x0f, 0x16, 0xb9, 0x70, 0x0a, 0x89, 0x37, 0x92, 0xed, 0xff, 0x28, 0x6b,
+    0x66, 0x14, 0x41, 0xc3, 0x02, 0xf7, 0xd8, 0xc5, 0xc6, 0x12, 0xbc, 0xef,
+    0xd2, 0xa2, 0x01, 0x04, 0x4c, 0x53, 0xb8, 0x75, 0x5e, 0x93, 0x38, 0xb2,
+    0xdf, 0x59, 0x78, 0xb3, 0xae, 0x8d, 0x73, 0x0e, 0xdc, 0x33, 0xac, 0xbf,
+    0xfe, 0x20, 0x7f, 0xd9, 0xd4, 0x9f, 0x91, 0xc2, 0x35, 0x97, 0xf8, 0x5f,
+    0xce, 0x7f, 0x3a, 0x59, 0x5b, 0x09, 0x13, 0xce, 0x2e, 0x05, 0x3b, 0xfb,
+    0xe5, 0x80, 0xd9, 0xc5, 0x94, 0x34, 0xcd, 0x0d, 0x86, 0x81, 0xcd, 0x6f,
+    0xf4, 0x1b, 0xe6, 0x9b, 0x9b, 0x8b, 0x2f, 0xa7, 0xf2, 0x35, 0x96, 0x8d,
+    0x65, 0x40, 0xd9, 0xef, 0x21, 0xbf, 0xa3, 0x9d, 0x79, 0xf7, 0x16, 0x5f,
+    0xf7, 0x0a, 0x4f, 0xce, 0xa7, 0x8b, 0x2d, 0xc5, 0x97, 0xc5, 0x23, 0xf2,
+    0xca, 0xc3, 0xeb, 0xf1, 0xce, 0xf1, 0x1a, 0x94, 0x77, 0xe1, 0x1b, 0x42,
+    0x72, 0xff, 0xc5, 0x9d, 0x79, 0x80, 0x01, 0x44, 0xb2, 0xff, 0x87, 0x86,
+    0x96, 0x7e, 0x4c, 0x59, 0x7f, 0x66, 0xb2, 0x10, 0x95, 0x95, 0x04, 0x52,
+    0x81, 0x00, 0x8e, 0x6f, 0x0d, 0xfc, 0xb2, 0xfd, 0x91, 0x72, 0x63, 0x59,
+    0x6f, 0xe1, 0xe2, 0xfc, 0x72, 0xe0, 0x4a, 0x4b, 0x1a, 0x92, 0xf7, 0xa6,
+    0x35, 0x97, 0x18, 0x62, 0x4a, 0x63, 0xde, 0xdc, 0x16, 0x88, 0x48, 0xc1,
+    0xdb, 0x71, 0x20, 0x43, 0xc0, 0xac, 0x47, 0x4b, 0x43, 0x16, 0xff, 0xec,
+    0x04, 0x1b, 0xf2, 0x79, 0x21, 0xac, 0xa3, 0x9f, 0x43, 0x93, 0x5f, 0xd8,
+    0x3f, 0x49, 0x0d, 0x65, 0xfd, 0xfe, 0x61, 0x9e, 0x65, 0x96, 0xfa, 0xca,
+    0xf9, 0xbf, 0x11, 0x75, 0xfa, 0x63, 0xe1, 0xe0, 0xb2, 0x98, 0xf2, 0xbe,
+    0x43, 0x7f, 0xfe, 0xee, 0x1c, 0x2e, 0xe4, 0xde, 0x4f, 0x70, 0x63, 0xac,
+    0xbf, 0xfd, 0xfe, 0x61, 0xad, 0xa0, 0xc0, 0x09, 0xed, 0x65, 0x6c, 0x6d,
+    0xb8, 0xc4, 0xc2, 0x1e, 0x38, 0xcc, 0x21, 0x0b, 0x81, 0xc6, 0x65, 0xd5,
+    0x2f, 0xe9, 0xa3, 0xb3, 0x88, 0xdf, 0x51, 0xad, 0x3c, 0x35, 0xc1, 0x1e,
+    0x29, 0x10, 0xfe, 0x16, 0xa2, 0x21, 0x0d, 0x66, 0xff, 0xb2, 0x0c, 0x37,
+    0xeb, 0x90, 0x59, 0x7f, 0x98, 0xba, 0x6d, 0x30, 0x16, 0x5e, 0xcc, 0x02,
+    0xca, 0x39, 0xe6, 0x91, 0x95, 0x74, 0x8a, 0x7f, 0x42, 0x1a, 0xfe, 0xf8,
+    0xfc, 0x27, 0x25, 0x97, 0xba, 0xf1, 0x2c, 0xbf, 0xfb, 0xfb, 0x39, 0x14,
+    0x1f, 0x51, 0x8e, 0x56, 0x57, 0x68, 0x93, 0x39, 0x69, 0x0e, 0xdf, 0xff,
+    0x00, 0xef, 0x0d, 0xa4, 0xd3, 0xb5, 0x8f, 0x8b, 0x2f, 0xff, 0x79, 0xb7,
+    0xb7, 0x5a, 0x98, 0xdf, 0x5d, 0x2c, 0xbf, 0xa7, 0xb9, 0x27, 0xfa, 0xcb,
+    0x88, 0x0b, 0x2e, 0x9e, 0x2c, 0xa6, 0x35, 0x9b, 0xc5, 0xab, 0xc7, 0xf5,
+    0xbd, 0x62, 0xba, 0x47, 0x60, 0x70, 0xc8, 0xa2, 0x4d, 0x9f, 0xf1, 0x9e,
+    0xdf, 0xec, 0xef, 0xff, 0x78, 0x71, 0x65, 0xfe, 0x0e, 0x4c, 0xd4, 0xe1,
+    0x2c, 0xbd, 0x00, 0xbc, 0x16, 0x5d, 0xdc, 0x17, 0x18, 0x02, 0xff, 0xf6,
+    0x19, 0x3f, 0xc8, 0xa0, 0xdf, 0xe3, 0xac, 0xbe, 0x8b, 0x53, 0xf5, 0x95,
+    0x04, 0x73, 0x76, 0x66, 0x44, 0x3c, 0x25, 0xfa, 0x55, 0xff, 0xfa, 0x73,
+    0xdc, 0x27, 0xf8, 0xbe, 0x3f, 0x31, 0xab, 0x2f, 0xf9, 0xbb, 0xe7, 0xca,
+    0x4f, 0xc5, 0x97, 0xff, 0xff, 0xff, 0xf0, 0xb7, 0x09, 0xf3, 0xce, 0x19,
+    0x66, 0xfc, 0x27, 0x36, 0x28, 0x0b, 0x9c, 0x31, 0xc7, 0xe6, 0x33, 0x98,
+    0xe3, 0x59, 0x46, 0xa3, 0xd7, 0x87, 0x35, 0x2b, 0xa9, 0xd9, 0x0b, 0xc6,
+    0x8e, 0x5f, 0x45, 0x2f, 0x18, 0xd1, 0x25, 0x7e, 0x34, 0xab, 0xff, 0xf1,
+    0x10, 0xbb, 0xce, 0xfe, 0x3d, 0x3f, 0x79, 0x1a, 0xcb, 0xf6, 0x7f, 0x53,
+    0xc5, 0x94, 0xc7, 0xfe, 0x4b, 0x17, 0x81, 0x30, 0x59, 0x68, 0xd6, 0x52,
+    0xcb, 0xd1, 0x42, 0x74, 0x5e, 0x80, 0x4a, 0xfa, 0x4d, 0x93, 0xac, 0xa8,
+    0x22, 0xb7, 0xb2, 0x0d, 0x1c, 0x9c, 0xca, 0xff, 0xd0, 0xe6, 0xd2, 0xc3,
+    0xce, 0x8d, 0x59, 0x7f, 0xff, 0xa4, 0xe1, 0xe7, 0x9c, 0xf8, 0x76, 0xfe,
+    0x1a, 0xda, 0x59, 0x7f, 0xfd, 0x9a, 0x88, 0xa4, 0x1c, 0xeb, 0xcd, 0xa8,
+    0xd6, 0x54, 0x11, 0x65, 0xc6, 0x0b, 0xf6, 0xdd, 0xb9, 0xe7, 0x59, 0x7f,
+    0xde, 0x76, 0xfc, 0x3c, 0x23, 0x56, 0x5e, 0x7f, 0x71, 0x65, 0x70, 0xf5,
+    0x8c, 0x3a, 0xbf, 0xa1, 0x3a, 0x00, 0x67, 0x59, 0x7d, 0x17, 0x9a, 0x25,
+    0x97, 0xfe, 0x34, 0xd6, 0x2e, 0xb6, 0xc7, 0xe3, 0x56, 0x56, 0x1f, 0x53,
+    0x12, 0x5f, 0xfd, 0xbc, 0xb3, 0x9f, 0xc2, 0x86, 0x71, 0x65, 0xf1, 0xe4,
+    0x5f, 0x59, 0x58, 0x7c, 0xce, 0x89, 0x7e, 0x21, 0x7c, 0x46, 0xac, 0xbe,
+    0xff, 0xdf, 0x4b, 0x2f, 0xd9, 0x17, 0xa6, 0x35, 0x95, 0x87, 0xe8, 0xe5,
+    0x24, 0x45, 0x7f, 0xe2, 0x7f, 0xf1, 0xbb, 0x29, 0x31, 0x65, 0xef, 0xb9,
+    0x2c, 0xb3, 0xed, 0x54, 0xb7, 0x84, 0x7e, 0x84, 0xc9, 0x42, 0x1b, 0x90,
+    0x94, 0x0c, 0xb3, 0x74, 0xfa, 0xb6, 0xab, 0x5a, 0xf4, 0xad, 0xcb, 0xfe,
+    0x9d, 0xc1, 0xfa, 0x63, 0x72, 0x59, 0x7f, 0xfd, 0x27, 0x0c, 0xbf, 0xe1,
+    0x3c, 0x3c, 0x2e, 0x2c, 0xbf, 0xdd, 0x16, 0x6f, 0xf3, 0xc1, 0x65, 0xe3,
+    0x81, 0x96, 0x5f, 0x4f, 0x52, 0x7c, 0x3d, 0x16, 0x35, 0xae, 0xd7, 0x2f,
+    0xf5, 0x2d, 0xf7, 0xc5, 0xc4, 0x77, 0xbb, 0x0a, 0x2b, 0xf8, 0x33, 0x34,
+    0xd9, 0xe4, 0x97, 0xf9, 0xff, 0x30, 0x10, 0xf1, 0x65, 0xf7, 0xa7, 0x23,
+    0x59, 0x44, 0x7a, 0x9c, 0x32, 0xbe, 0xe3, 0x48, 0x16, 0x5f, 0x45, 0x98,
+    0x62, 0xcb, 0xe8, 0x36, 0xb8, 0xb2, 0xff, 0xe0, 0xcf, 0x9f, 0x9d, 0xed,
+    0xf8, 0x4a, 0xcb, 0xe6, 0xfc, 0xe9, 0x65, 0xff, 0x36, 0x77, 0xf8, 0xa0,
+    0xfa, 0x59, 0x60, 0x32, 0x28, 0x7c, 0x8c, 0x44, 0x37, 0x80, 0xd8, 0xb2,
+    0xfa, 0x2f, 0x3c, 0x4b, 0x2f, 0xba, 0x7d, 0x46, 0xb2, 0xf4, 0x4f, 0xf5,
+    0x97, 0xec, 0x8a, 0x13, 0xda, 0xcb, 0x9a, 0x25, 0x97, 0x9a, 0x49, 0x65,
+    0xfb, 0x34, 0x3f, 0x62, 0xca, 0x19, 0xe0, 0xf0, 0x6a, 0xbc, 0x7f, 0x5c,
+    0x58, 0xbc, 0xe4, 0x05, 0x97, 0x8a, 0x60, 0x92, 0xff, 0xc4, 0x06, 0xdd,
+    0xdd, 0x14, 0x27, 0x71, 0x65, 0x8e, 0xb2, 0xb6, 0xa2, 0x3b, 0x06, 0xdc,
+    0x6c, 0x34, 0x7a, 0xda, 0xad, 0xb6, 0x48, 0x46, 0x43, 0x84, 0x7d, 0xc3,
+    0x0d, 0x8d, 0x34, 0x37, 0xe2, 0x47, 0x24, 0x21, 0xdf, 0xc2, 0x8f, 0x76,
+    0x16, 0x15, 0x2c, 0xaf, 0x3c, 0x3e, 0x69, 0xdb, 0x2f, 0x2e, 0x3c, 0xbf,
+    0x0b, 0xf7, 0x35, 0xa9, 0xfa, 0xcb, 0xfd, 0x9e, 0x7c, 0x00, 0x7f, 0x59,
+    0x7b, 0xed, 0x1a, 0xca, 0xec, 0xfe, 0x37, 0x0a, 0x0e, 0x67, 0x7e, 0xe1,
+    0xba, 0x7e, 0x96, 0x5d, 0xc8, 0x2c, 0xa8, 0x1e, 0x0e, 0xf2, 0xab, 0xc5,
+    0xfe, 0x2c, 0xbf, 0xfb, 0x3f, 0xb1, 0x05, 0x36, 0x26, 0xef, 0x82, 0xe2,
+    0xcb, 0xfd, 0xd7, 0x98, 0x72, 0x5f, 0x59, 0x73, 0x41, 0x65, 0x76, 0x79,
+    0x24, 0x67, 0x71, 0x01, 0x65, 0xfb, 0x5e, 0x77, 0x3a, 0xcb, 0xe1, 0x10,
+    0xba, 0x59, 0x4e, 0x79, 0x5c, 0x27, 0xbf, 0xbf, 0x14, 0x33, 0xb8, 0x2c,
+    0xa9, 0x4e, 0xc1, 0x89, 0x0e, 0x38, 0xf0, 0x9d, 0xf9, 0x10, 0x98, 0x03,
+    0x21, 0xbf, 0xe0, 0xf3, 0x05, 0xec, 0xdf, 0x2b, 0x2f, 0xfc, 0x64, 0xeb,
+    0x98, 0x63, 0xe8, 0xd5, 0x97, 0x74, 0xeb, 0x2f, 0x67, 0x04, 0xb2, 0xff,
+    0xfd, 0xec, 0xe8, 0x84, 0x32, 0x90, 0xf4, 0xd2, 0x4b, 0x2b, 0x13, 0x02,
+    0xf1, 0xd3, 0xa0, 0x90, 0xbf, 0xc7, 0x2f, 0xf1, 0x99, 0xdf, 0xff, 0x27,
+    0x59, 0x7e, 0x2c, 0x00, 0xb8, 0xb2, 0xff, 0xba, 0x6c, 0x2c, 0xde, 0xfc,
+    0x59, 0x51, 0x9f, 0x07, 0x89, 0xe9, 0xd1, 0x71, 0xc8, 0x4a, 0xdf, 0x0c,
+    0x78, 0x75, 0x97, 0x02, 0x52, 0x5c, 0x61, 0x89, 0x29, 0x8d, 0x79, 0x82,
+    0xd7, 0xe1, 0x89, 0xf5, 0x04, 0x81, 0x0d, 0x0d, 0x62, 0x2b, 0x0d, 0x72,
+    0xbf, 0xfd, 0xfe, 0xfa, 0x6f, 0x6c, 0xcf, 0xfc, 0x1f, 0x16, 0x58, 0x2c,
+    0x59, 0x7f, 0xa6, 0x0d, 0xf8, 0x4f, 0xd6, 0x5c, 0x17, 0xe2, 0xc0, 0xb4,
+    0x79, 0x1a, 0x16, 0xbf, 0xef, 0x3f, 0xf9, 0xd1, 0x64, 0x6b, 0x2f, 0x1c,
+    0x46, 0xac, 0xbd, 0xb0, 0xb6, 0x3d, 0x8d, 0x65, 0xdd, 0x32, 0xcb, 0xff,
+    0x4e, 0xe0, 0xb5, 0x9a, 0xd4, 0xf6, 0xb2, 0xf8, 0x9b, 0xb8, 0x2c, 0xbf,
+    0xe6, 0xef, 0xd8, 0x3d, 0x3f, 0x4b, 0x2a, 0x4f, 0x73, 0x44, 0x57, 0xd9,
+    0xbf, 0x09, 0x65, 0xfe, 0xe6, 0x37, 0xcd, 0x6f, 0x2c, 0xbf, 0xef, 0x4e,
+    0xa7, 0xa6, 0x2e, 0x96, 0x5e, 0x35, 0xf9, 0xb0, 0x93, 0x91, 0xe8, 0xb7,
+    0xb1, 0x7d, 0x42, 0x7b, 0xc4, 0x3f, 0x22, 0xdd, 0x33, 0xac, 0x54, 0xe0,
+    0xc7, 0x5f, 0x8e, 0xbe, 0xa0, 0xba, 0xe9, 0xdc, 0x60, 0x1a, 0x86, 0x99,
+    0xc8, 0xc5, 0x09, 0x93, 0x25, 0x57, 0xdf, 0xbc, 0xdc, 0x14, 0x6b, 0x2f,
+    0xe3, 0x0d, 0x7f, 0x94, 0xac, 0xbc, 0x71, 0x69, 0x65, 0xee, 0x9b, 0x8b,
+    0x2f, 0x84, 0x7c, 0x1a, 0xca, 0xed, 0x11, 0x4c, 0x5d, 0xe1, 0xdd, 0xd1,
+    0xdb, 0xff, 0xfb, 0x50, 0x14, 0xe7, 0xba, 0x6e, 0x60, 0xe3, 0xc3, 0x16,
+    0x5f, 0xf6, 0x6e, 0xb9, 0x1b, 0x9d, 0xfd, 0x65, 0xfb, 0x43, 0xf3, 0x44,
+    0xb2, 0xbc, 0x7c, 0xa1, 0x9e, 0x5f, 0xde, 0x61, 0xf8, 0x46, 0xac, 0xbf,
+    0x14, 0xc4, 0xdd, 0xac, 0xb6, 0x74, 0x7a, 0xec, 0x5f, 0x7b, 0xf9, 0xd2,
+    0xca, 0x39, 0xe2, 0x70, 0x9e, 0xf4, 0x0e, 0x05, 0x97, 0xef, 0x96, 0x6a,
+    0x56, 0x54, 0xa7, 0xca, 0x6c, 0x30, 0x81, 0x0b, 0xef, 0x91, 0x18, 0x3b,
+    0x78, 0x98, 0xd5, 0x97, 0xfe, 0x0f, 0x93, 0x9c, 0xd6, 0x9b, 0xeb, 0x2b,
+    0x0f, 0x6f, 0x83, 0x97, 0xfc, 0x6b, 0xed, 0x93, 0x93, 0x1a, 0xb2, 0xff,
+    0xcf, 0xc3, 0xcb, 0x6b, 0x4c, 0x62, 0xcb, 0xf4, 0x78, 0x39, 0x3a, 0xcb,
+    0x70, 0xd4, 0x50, 0xf8, 0xec, 0x33, 0xeb, 0xff, 0xff, 0xbd, 0x3c, 0xc0,
+    0x4f, 0xf9, 0xac, 0x8e, 0x75, 0xcf, 0x74, 0xdc, 0x59, 0x7d, 0xad, 0x38,
+    0xd6, 0x5e, 0x83, 0xe9, 0x65, 0x0d, 0x16, 0x38, 0xe6, 0xe4, 0x57, 0xf1,
+    0xf5, 0xa6, 0xec, 0x0b, 0x2f, 0xbe, 0xfe, 0x89, 0x65, 0xfc, 0x53, 0xd7,
+    0x9b, 0x75, 0x65, 0xe3, 0x67, 0x8b, 0x2f, 0xfb, 0x3f, 0xf6, 0x37, 0xf9,
+    0xd2, 0xcb, 0xfa, 0x7b, 0xe6, 0x77, 0xf5, 0x97, 0x6a, 0x56, 0x50, 0xcf,
+    0x17, 0xe5, 0xf7, 0xe1, 0x10, 0xf6, 0x0d, 0x81, 0x65, 0xff, 0xf7, 0xf5,
+    0x39, 0xde, 0xc9, 0x1c, 0x5f, 0x03, 0xac, 0xbf, 0xdf, 0x6e, 0x98, 0x73,
+    0xf5, 0x97, 0xee, 0x4f, 0x58, 0x75, 0x95, 0x27, 0xb7, 0xc3, 0x3b, 0xe6,
+    0xee, 0x18, 0xb2, 0xdc, 0xda, 0xa8, 0xd2, 0x48, 0xe0, 0x60, 0x31, 0xdc,
+    0x7f, 0xe8, 0x8b, 0xb3, 0x2d, 0x42, 0xb8, 0x04, 0x35, 0x05, 0xcc, 0x9e,
+    0xe1, 0x84, 0x78, 0x74, 0xb9, 0x77, 0xe5, 0x31, 0xdf, 0x3f, 0x78, 0x35,
+    0x97, 0xfd, 0xf6, 0x8e, 0x7b, 0x06, 0xa5, 0x65, 0xde, 0x8d, 0x65, 0xee,
+    0x7f, 0x16, 0x5d, 0x9c, 0xda, 0x7d, 0xdd, 0x1d, 0x06, 0x31, 0x7e, 0x70,
+    0x6c, 0xb1, 0xd6, 0x5f, 0xdd, 0x37, 0x05, 0x06, 0x59, 0x78, 0x85, 0xc5,
+    0x95, 0xe3, 0xca, 0xde, 0x5d, 0x7f, 0xf6, 0x7d, 0xbb, 0x81, 0x4e, 0xc6,
+    0x16, 0x6c, 0xac, 0xbf, 0xe7, 0x6f, 0xb1, 0x7c, 0x5e, 0x59, 0x7b, 0xcd,
+    0xbd, 0x65, 0xc2, 0x87, 0x8f, 0x54, 0x33, 0x7b, 0xff, 0x9c, 0x7e, 0x6d,
+    0x66, 0xf9, 0x28, 0x96, 0x5f, 0xfd, 0xc1, 0x68, 0xb0, 0x7e, 0x93, 0x25,
+    0x65, 0xa7, 0x6a, 0x22, 0x7e, 0x8b, 0x70, 0xfa, 0x59, 0x76, 0x6f, 0x19,
+    0xe1, 0x00, 0xaa, 0xff, 0x1b, 0xfe, 0xfa, 0x6d, 0x71, 0x65, 0xfb, 0x3e,
+    0x07, 0xfa, 0xca, 0x95, 0x4a, 0x30, 0x24, 0xd4, 0x29, 0xbd, 0x0f, 0xa1,
+    0x17, 0xec, 0x9b, 0xdf, 0xff, 0xa7, 0xcf, 0x85, 0x3a, 0x34, 0x62, 0x7d,
+    0x41, 0x65, 0x41, 0x5d, 0xe7, 0x0f, 0xbf, 0x2b, 0x17, 0x75, 0x96, 0xa5,
+    0x9b, 0x70, 0x37, 0x3c, 0x85, 0x9b, 0x4a, 0x25, 0x79, 0xd7, 0xa0, 0x2f,
+    0x0a, 0x71, 0x32, 0xff, 0xfd, 0xf9, 0x18, 0x1f, 0xb0, 0x37, 0x61, 0xe9,
+    0xfb, 0x59, 0x73, 0xc1, 0x65, 0xda, 0xc5, 0x94, 0xc6, 0xb1, 0xc5, 0xad,
+    0xb2, 0xb2, 0xa5, 0x17, 0x1e, 0x84, 0x2e, 0xc8, 0xfd, 0xfe, 0xc2, 0x86,
+    0x70, 0x33, 0xac, 0xbf, 0x1f, 0x80, 0x77, 0x59, 0x5f, 0x3d, 0xa0, 0xcc,
+    0xef, 0xf6, 0x16, 0xdf, 0x67, 0x66, 0x2c, 0xbf, 0xa7, 0xcd, 0xbf, 0x22,
+    0x59, 0x5a, 0x3e, 0x50, 0x1b, 0x5f, 0xa2, 0x77, 0x28, 0xd6, 0x5f, 0xc2,
+    0x06, 0xde, 0x8e, 0x05, 0x96, 0x86, 0x1e, 0xd1, 0x14, 0x54, 0x69, 0xdd,
+    0xc2, 0x12, 0x39, 0x08, 0x8e, 0xdf, 0x2f, 0xfb, 0x3b, 0x87, 0xb7, 0x77,
+    0x67, 0x71, 0x65, 0xff, 0xbd, 0xc6, 0x83, 0x7e, 0x7f, 0xc5, 0x97, 0xff,
+    0x80, 0x42, 0xe7, 0xf9, 0x3a, 0xce, 0xfe, 0xb2, 0x9d, 0x11, 0x24, 0x7d,
+    0x7f, 0xf3, 0x6b, 0x6b, 0xcc, 0x24, 0x85, 0x05, 0x97, 0xd3, 0xac, 0xde,
+    0xb2, 0xfd, 0xe6, 0xd9, 0x78, 0xd6, 0x54, 0x11, 0x25, 0xc4, 0x4f, 0x91,
+    0xdf, 0xe0, 0x73, 0x0b, 0x38, 0x25, 0x95, 0x87, 0xc4, 0xe6, 0x16, 0x82,
+    0xcb, 0xfd, 0x39, 0xdf, 0xf3, 0x52, 0xb2, 0xb4, 0x78, 0x64, 0x23, 0x7f,
+    0xe9, 0xf0, 0x7c, 0x2c, 0xff, 0xb1, 0x65, 0xff, 0xde, 0x17, 0x39, 0x3a,
+    0xeb, 0x03, 0xc5, 0x97, 0xb0, 0x0e, 0xb2, 0xdb, 0xd8, 0xf8, 0x7c, 0x8d,
+    0x7a, 0x41, 0x8b, 0x2f, 0xfe, 0x81, 0xae, 0x1f, 0xdb, 0x52, 0x20, 0xba,
+    0xca, 0xf1, 0xf2, 0xb8, 0xdd, 0x62, 0x2b, 0xc5, 0x08, 0xeb, 0xff, 0xfd,
+    0xff, 0xb1, 0x1b, 0xb7, 0xe6, 0x8b, 0x5c, 0xe3, 0x67, 0x6b, 0x2f, 0xf7,
+    0x62, 0x8e, 0x4a, 0x7b, 0x59, 0x58, 0x89, 0xb7, 0x66, 0xa9, 0x5c, 0xdf,
+    0xc4, 0x96, 0x86, 0x67, 0xa3, 0x15, 0x76, 0x30, 0x10, 0x94, 0x69, 0xc2,
+    0x86, 0x15, 0xff, 0xf8, 0xd6, 0xf9, 0x64, 0x3b, 0xf9, 0x34, 0x7c, 0x12,
+    0xcb, 0xed, 0xe3, 0x1c, 0xac, 0xbf, 0xfb, 0x35, 0xb7, 0x3c, 0xe6, 0x90,
+    0xb8, 0xb2, 0x99, 0x18, 0x2e, 0xae, 0x22, 0x4b, 0xff, 0x1a, 0xfd, 0x79,
+    0xa2, 0xce, 0xfe, 0xb2, 0xfc, 0xf0, 0x2c, 0x02, 0xcb, 0xff, 0xfb, 0x50,
+    0xda, 0x3f, 0x4e, 0xd2, 0xce, 0xff, 0x38, 0x62, 0xcb, 0xb9, 0xc5, 0x97,
+    0xe9, 0xcf, 0xf1, 0xd6, 0x5f, 0x9d, 0xb8, 0x23, 0x56, 0x5e, 0x30, 0xc3,
+    0x16, 0x5c, 0x07, 0x48, 0x10, 0xd0, 0x5f, 0xed, 0x4e, 0xfc, 0xc3, 0x8d,
+    0x65, 0x32, 0x68, 0x3a, 0x60, 0x38, 0xbf, 0x89, 0xb8, 0x90, 0x22, 0x8b,
+    0xe8, 0x31, 0x1a, 0xb2, 0xff, 0x13, 0x9b, 0x11, 0x34, 0x4b, 0x2d, 0x91,
+    0x1e, 0xb7, 0x08, 0xaf, 0xe0, 0x4c, 0x3c, 0x1f, 0x16, 0x5f, 0xf3, 0x00,
+    0x3c, 0xde, 0x42, 0xe2, 0xcb, 0xf7, 0x04, 0x0c, 0x25, 0x97, 0xf3, 0x10,
+    0x3a, 0xe9, 0x96, 0x5e, 0x70, 0x62, 0x4a, 0x82, 0xb8, 0x6e, 0xcb, 0xb4,
+    0x84, 0x78, 0xd9, 0xfd, 0x0a, 0xd0, 0x14, 0x11, 0x7f, 0xce, 0xf7, 0x93,
+    0xec, 0x97, 0x5f, 0x48, 0xd8, 0x6b, 0x2f, 0xee, 0x79, 0xba, 0x7d, 0x2c,
+    0xbf, 0x0f, 0x4c, 0x28, 0xd6, 0x5f, 0xb3, 0xfc, 0x7e, 0xd6, 0x5f, 0xe3,
+    0x30, 0xb3, 0x7b, 0x69, 0x65, 0xfc, 0x59, 0xd8, 0x03, 0x82, 0xcb, 0xec,
+    0x3b, 0x7d, 0x65, 0xff, 0xd9, 0xe0, 0xcf, 0x9d, 0x4f, 0xa4, 0xeb, 0x2d,
+    0xc2, 0x3e, 0x6f, 0x90, 0xdb, 0x8b, 0x2b, 0x13, 0x80, 0x88, 0xbb, 0x45,
+    0x24, 0x51, 0xf3, 0x41, 0x42, 0x54, 0xc2, 0x7b, 0xf6, 0x67, 0xfd, 0x8b,
+    0x2e, 0x73, 0xac, 0xbf, 0xff, 0xb0, 0x8a, 0x61, 0xa9, 0xe1, 0x66, 0xf6,
+    0xf0, 0x96, 0x5f, 0xf0, 0xb9, 0xf9, 0x88, 0x5d, 0xf1, 0x65, 0xf3, 0x6b,
+    0x52, 0xb2, 0xff, 0x66, 0xfc, 0x08, 0x61, 0x86, 0x24, 0xbc, 0x66, 0x79,
+    0x65, 0xfa, 0x29, 0xcf, 0x71, 0x65, 0x6d, 0x46, 0xe7, 0x8f, 0x08, 0x87,
+    0xe7, 0x41, 0x8e, 0xdf, 0xe0, 0xbc, 0x8b, 0xaf, 0x36, 0x96, 0x5e, 0x3b,
+    0xfd, 0x65, 0xfc, 0x53, 0x10, 0x9c, 0x35, 0x95, 0x12, 0xa1, 0x93, 0x8b,
+    0x7a, 0x33, 0x51, 0x26, 0x6f, 0x38, 0x0c, 0x72, 0xff, 0xfb, 0x06, 0xec,
+    0x4f, 0xf6, 0x28, 0x73, 0x16, 0x5f, 0xde, 0x7d, 0x36, 0x69, 0x65, 0x49,
+    0xfb, 0xba, 0x5d, 0x2c, 0xbe, 0xef, 0xa6, 0xd2, 0xcb, 0x00, 0x28, 0x6b,
+    0xfe, 0x17, 0x7f, 0xb7, 0xf9, 0xb2, 0x0f, 0xbd, 0x65, 0xfb, 0x7b, 0x9d,
+    0x8e, 0xb2, 0xa5, 0x11, 0x58, 0x56, 0x46, 0xd7, 0xec, 0x8a, 0x13, 0x05,
+    0x97, 0xd2, 0x1b, 0x01, 0x65, 0xc2, 0xf2, 0xcb, 0xfe, 0x3b, 0xc3, 0x21,
+    0x20, 0xe2, 0xcb, 0xff, 0xe6, 0xff, 0x3c, 0xc3, 0x3f, 0xca, 0x73, 0xb5,
+    0x95, 0x1a, 0x30, 0x22, 0x22, 0x00, 0xbf, 0xce, 0x2f, 0xe8, 0xc7, 0x38,
+    0x43, 0x59, 0x52, 0xc8, 0x1b, 0x84, 0x27, 0x5a, 0x3a, 0x1f, 0x35, 0x3c,
+    0xa3, 0xf2, 0x86, 0xd7, 0x21, 0xb3, 0xf2, 0xd1, 0x43, 0xa0, 0x33, 0xfb,
+    0xce, 0x06, 0x59, 0x7f, 0xec, 0xdf, 0x33, 0xe9, 0x8e, 0x7b, 0x59, 0x7f,
+    0xc3, 0x21, 0x73, 0x23, 0xc8, 0xd6, 0x5e, 0x9d, 0x12, 0xcb, 0xfd, 0x83,
+    0x27, 0xe3, 0x0d, 0x65, 0xbc, 0xb2, 0xf0, 0x9e, 0x32, 0x3c, 0x2e, 0x18,
+    0xd6, 0x91, 0x21, 0xf5, 0xdb, 0xe3, 0xf3, 0x0e, 0xb2, 0x98, 0xf1, 0x5c,
+    0x8e, 0xfe, 0x9d, 0x7f, 0xf9, 0xb8, 0xb2, 0xe9, 0xde, 0xb2, 0x8e, 0x9e,
+    0x97, 0x86, 0xdd, 0x00, 0x2f, 0x18, 0x79, 0x10, 0x6e, 0x98, 0x5f, 0xc1,
+    0x8c, 0xa7, 0x23, 0x59, 0x7f, 0xb8, 0x58, 0x07, 0x20, 0x2c, 0xb1, 0x2c,
+    0xbe, 0x98, 0xe6, 0x0b, 0x28, 0x68, 0x91, 0xec, 0xb9, 0xcc, 0x48, 0x42,
+    0xfe, 0xf3, 0x7c, 0xa4, 0xeb, 0x2f, 0xff, 0xe8, 0x14, 0xb6, 0xb0, 0x7a,
+    0x9f, 0xb7, 0x4c, 0x35, 0x97, 0xff, 0xb0, 0x6e, 0x7c, 0xee, 0x18, 0x0c,
+    0x1a, 0xcb, 0xbc, 0xeb, 0x2e, 0x8b, 0x8b, 0x2f, 0xd9, 0xbd, 0x88, 0x78,
+    0x6b, 0x83, 0x16, 0xbf, 0xb6, 0xff, 0x39, 0xc9, 0x59, 0x7d, 0x9d, 0xfe,
+    0x56, 0x5f, 0xfc, 0xfa, 0xc3, 0x5b, 0x59, 0xbd, 0xf4, 0xb2, 0xbc, 0x7c,
+    0xfb, 0xc8, 0xaf, 0xfc, 0x59, 0xad, 0x31, 0xf3, 0xbf, 0xac, 0xbf, 0x6e,
+    0xbc, 0x61, 0xc1, 0x65, 0x6d, 0x4f, 0x68, 0x23, 0xbc, 0x9f, 0x64, 0x25,
+    0xb8, 0x48, 0x23, 0xeb, 0xbc, 0xeb, 0x2f, 0xfd, 0xe6, 0x70, 0x61, 0x4f,
+    0x7c, 0x59, 0x61, 0xe1, 0xe9, 0xfc, 0x5a, 0xff, 0x8a, 0x1e, 0xc2, 0x29,
+    0x31, 0x65, 0xff, 0xe7, 0x8e, 0x75, 0xa7, 0x86, 0xd0, 0x0f, 0x16, 0x56,
+    0x22, 0x0c, 0x8d, 0xef, 0x6e, 0x1f, 0x16, 0x5f, 0xf4, 0x1a, 0x2e, 0xe1,
+    0xe1, 0x01, 0x65, 0xf8, 0xb3, 0xfe, 0x69, 0x3d, 0xb8, 0x87, 0xef, 0xfb,
+    0x5a, 0x78, 0x6d, 0xdf, 0x3b, 0x8b, 0x2a, 0x4f, 0xf7, 0x0f, 0x6a, 0x53,
+    0x19, 0x84, 0x3e, 0x6b, 0xb5, 0xcd, 0x0d, 0x4a, 0x33, 0x28, 0x59, 0x7e,
+    0x3c, 0x3b, 0xf6, 0x13, 0xff, 0x8b, 0x2f, 0xee, 0x7b, 0x09, 0xb8, 0xb2,
+    0xfe, 0xe8, 0xc7, 0x22, 0x95, 0x95, 0x03, 0xff, 0xd1, 0x31, 0x16, 0x5c,
+    0x17, 0xc5, 0x97, 0xd1, 0x79, 0xb4, 0xb2, 0xf9, 0xc6, 0x19, 0xd6, 0x5d,
+    0x9c, 0xda, 0x7c, 0x01, 0x51, 0xa8, 0x11, 0xd4, 0xaf, 0x6b, 0xe1, 0xe3,
+    0x4e, 0x7e, 0x3c, 0x34, 0x4a, 0x11, 0xd7, 0xff, 0xc2, 0xd6, 0x0f, 0xd2,
+    0xdf, 0xe3, 0x14, 0x16, 0x5f, 0xf6, 0x0f, 0x0a, 0x48, 0x52, 0xb2, 0xc6,
+    0x2c, 0xbf, 0xfc, 0x0c, 0xef, 0xf3, 0xdc, 0x3e, 0x09, 0x82, 0xcb, 0xfd,
+    0xf2, 0x6e, 0xf8, 0x19, 0xd6, 0x51, 0x22, 0x07, 0x89, 0x97, 0xe7, 0x7e,
+    0xe1, 0xc5, 0x95, 0x28, 0xdd, 0x68, 0x49, 0xe8, 0x8a, 0xa6, 0x12, 0x58,
+    0xb1, 0xca, 0x1c, 0x85, 0x3d, 0xb4, 0x74, 0xa2, 0x3c, 0x95, 0xa6, 0x6c,
+    0xac, 0x8e, 0xa7, 0xf8, 0x3b, 0x8c, 0xf1, 0xa5, 0x28, 0x45, 0x29, 0xbf,
+    0x55, 0xbc, 0x51, 0xe7, 0xc1, 0xbd, 0x4c, 0x98, 0x78, 0x68, 0x82, 0x51,
+    0x21, 0x56, 0x92, 0xdc, 0x9f, 0xd2, 0xfd, 0x33, 0x9c, 0x52, 0x9f, 0xf7,
+    0xcf, 0xe5, 0xec, 0xad, 0x06, 0x9d, 0xbb, 0x18, 0x95, 0xfe, 0xd1, 0x4f,
+    0xe1, 0x9e, 0x59, 0x7b, 0x92, 0x05, 0x95, 0x87, 0x9d, 0xf3, 0x2b, 0xff,
+    0x7b, 0x07, 0xec, 0x72, 0xcd, 0xc5, 0x97, 0xf4, 0x0b, 0x3a, 0x6f, 0xac,
+    0xbf, 0xf8, 0xba, 0x35, 0xf9, 0x90, 0x92, 0xe9, 0x65, 0xf6, 0x0d, 0xe0,
+    0xb2, 0xe6, 0x8d, 0x65, 0x00, 0xdc, 0x7c, 0x86, 0xb1, 0x30, 0xae, 0xcf,
+    0xd8, 0xb4, 0x9f, 0x6f, 0xfb, 0xfc, 0xf3, 0x49, 0xdc, 0x6b, 0x2f, 0x87,
+    0xa7, 0x82, 0xcb, 0xc1, 0xc8, 0x16, 0x5f, 0x78, 0x53, 0xc5, 0x97, 0x9d,
+    0xc0, 0xb2, 0xf7, 0xa7, 0x92, 0x6f, 0x74, 0x45, 0x7f, 0xef, 0x31, 0x4f,
+    0x7c, 0x63, 0xca, 0xcb, 0xdc, 0x9d, 0x2c, 0xbb, 0xfc, 0x1a, 0x22, 0xba,
+    0x31, 0xec, 0xf6, 0xa5, 0x37, 0xc3, 0x4e, 0x1c, 0x88, 0x50, 0xe4, 0xbd,
+    0x0f, 0x9d, 0x65, 0xfc, 0x59, 0x08, 0x3f, 0x16, 0x5f, 0xd2, 0x1f, 0x07,
+    0xd9, 0xd6, 0x57, 0x47, 0xb8, 0x45, 0x97, 0xf3, 0x99, 0x80, 0x0f, 0xeb,
+    0x2e, 0x1b, 0x2c, 0xbe, 0xef, 0x93, 0xda, 0xcb, 0x9e, 0x1b, 0x4d, 0xd3,
+    0x0b, 0x5e, 0x37, 0xcc, 0xb2, 0xff, 0xe8, 0xb5, 0x3b, 0xfd, 0x2d, 0xa6,
+    0x89, 0x65, 0xa3, 0x59, 0x50, 0x3f, 0x6e, 0xc7, 0x5d, 0x1e, 0xff, 0xff,
+    0x49, 0x9e, 0x7f, 0xf3, 0x34, 0x53, 0xdc, 0x33, 0xbf, 0xac, 0xbe, 0xcf,
+    0xf1, 0xd6, 0x58, 0x7a, 0x44, 0x1f, 0x98, 0xaf, 0xf7, 0x0b, 0x0e, 0xef,
+    0x1a, 0xca, 0x73, 0xdb, 0x11, 0x4d, 0xfd, 0xcc, 0x1b, 0x72, 0x35, 0x97,
+    0xa1, 0x20, 0x59, 0x7e, 0x0e, 0x28, 0x4e, 0xe2, 0x4a, 0x95, 0xe7, 0x1c,
+    0x8c, 0xac, 0xd8, 0xee, 0x3a, 0x42, 0x67, 0x9d, 0x11, 0x79, 0xa5, 0xe1,
+    0x46, 0x51, 0x86, 0xf0, 0x87, 0xe5, 0xc1, 0x8e, 0x5f, 0xc3, 0xd3, 0xf4,
+    0xfd, 0x2c, 0xbf, 0xff, 0xe0, 0xb7, 0x1c, 0xec, 0x07, 0x90, 0xb7, 0xb1,
+    0x85, 0xaf, 0xc6, 0x0d, 0xbb, 0x7d, 0xb2, 0xb2, 0xdd, 0x2c, 0xbf, 0xf1,
+    0x09, 0xc3, 0xce, 0x34, 0x92, 0xcb, 0xf4, 0x39, 0xfd, 0xe0, 0x59, 0x46,
+    0x9f, 0x3f, 0x67, 0x97, 0xb6, 0x58, 0x6b, 0x2b, 0x47, 0x86, 0x72, 0x4b,
+    0xfb, 0x69, 0x66, 0xf7, 0xd2, 0xcb, 0xd2, 0xfa, 0x59, 0x71, 0x74, 0xb2,
+    0xfc, 0x1f, 0xfe, 0x2f, 0x2c, 0xa6, 0x3c, 0x1d, 0xe2, 0xf7, 0xf1, 0xff,
+    0xe9, 0xdf, 0x2b, 0x2f, 0xfd, 0xb9, 0xb7, 0xaf, 0x36, 0x9a, 0x4e, 0xb2,
+    0xf1, 0x74, 0x05, 0x95, 0x19, 0xf0, 0xe2, 0x25, 0xfe, 0xfc, 0x27, 0xfe,
+    0x78, 0x2c, 0xbf, 0xf7, 0xc4, 0x7f, 0x4b, 0x13, 0x8d, 0x65, 0xf4, 0x20,
+    0xff, 0x59, 0x51, 0xa2, 0x4b, 0xb3, 0x37, 0x3d, 0xbe, 0x37, 0x4e, 0x62,
+    0xcb, 0xba, 0xde, 0xb2, 0xc1, 0xaa, 0x20, 0x55, 0xbe, 0xaa, 0x05, 0x15,
+    0xa3, 0xd7, 0xf8, 0xd1, 0x83, 0xf5, 0x88, 0xab, 0x67, 0xbb, 0xfb, 0xa6,
+    0x8f, 0xee, 0x35, 0x97, 0xf3, 0x05, 0xfa, 0xf4, 0x98, 0xb2, 0xff, 0x79,
+    0x83, 0x08, 0x00, 0x4a, 0x4a, 0xd1, 0xf4, 0xec, 0x99, 0xdf, 0xb0, 0xee,
+    0xf1, 0xac, 0xbf, 0x4f, 0x5e, 0x9d, 0x2c, 0xbd, 0xe1, 0x1a, 0xb2, 0xf6,
+    0xe8, 0x5f, 0x8b, 0x2b, 0xc7, 0x84, 0x43, 0xd5, 0x1a, 0x6d, 0xed, 0x09,
+    0x82, 0x25, 0xf9, 0x38, 0x6d, 0x57, 0xf1, 0xfd, 0x22, 0xed, 0x96, 0x5f,
+    0xf1, 0x00, 0x7e, 0x70, 0xf2, 0x35, 0x97, 0xec, 0x10, 0x5f, 0x38, 0xb2,
+    0x98, 0xf9, 0x7c, 0x75, 0x7f, 0xf8, 0x8d, 0x77, 0x20, 0x10, 0x9f, 0xbd,
+    0x89, 0x65, 0xfa, 0x40, 0xe4, 0x05, 0x97, 0xe1, 0x77, 0xf6, 0x31, 0x65,
+    0xbf, 0x03, 0xd0, 0xe1, 0x35, 0x62, 0x31, 0x8a, 0x13, 0xd7, 0xff, 0xec,
+    0x32, 0x4e, 0x27, 0x1f, 0xfb, 0xe9, 0x88, 0xc5, 0x97, 0xfe, 0xef, 0xfd,
+    0x79, 0x87, 0xec, 0x8d, 0x65, 0xfc, 0xdd, 0xf3, 0xcc, 0x62, 0xcb, 0x05,
+    0xd6, 0x50, 0x0f, 0x10, 0x8b, 0xeb, 0x11, 0x4f, 0xa8, 0x43, 0x5f, 0xcf,
+    0xcc, 0xc2, 0x35, 0x65, 0x61, 0xe9, 0x88, 0x9e, 0xf3, 0xb9, 0x8b, 0x2a,
+    0x53, 0xb5, 0x19, 0x37, 0xa3, 0x52, 0x22, 0x1b, 0xfd, 0xfe, 0x6d, 0xc3,
+    0xb0, 0xd6, 0x5f, 0xf3, 0xea, 0x22, 0x90, 0x70, 0x4b, 0x2a, 0x4f, 0xb8,
+    0x66, 0xb7, 0xef, 0xe0, 0x8b, 0xeb, 0x2f, 0xd0, 0xe0, 0x73, 0xb8, 0xb2,
+    0xd3, 0x87, 0xa6, 0xe4, 0xf7, 0xfe, 0xda, 0x4e, 0x6e, 0xde, 0x00, 0x12,
+    0xb2, 0xff, 0xf4, 0x62, 0x07, 0x20, 0xdc, 0xe4, 0xea, 0x0b, 0x2c, 0xc6,
+    0xa2, 0x3f, 0x48, 0x77, 0xf9, 0xfd, 0xdf, 0x24, 0xbe, 0xb2, 0xa0, 0x98,
+    0x87, 0x21, 0x69, 0xf2, 0x9b, 0xff, 0xfc, 0x3f, 0x4f, 0x5e, 0x68, 0x9d,
+    0xe0, 0x6b, 0x86, 0xfb, 0x8b, 0x2f, 0xff, 0xfd, 0xe7, 0x6e, 0x34, 0x30,
+    0x7f, 0xf4, 0xb6, 0xb4, 0xc5, 0x1a, 0xcb, 0xe2, 0xcd, 0xf8, 0xb2, 0xa3,
+    0x47, 0x91, 0xd9, 0x8c, 0x6a, 0xbf, 0xde, 0x68, 0xa1, 0x25, 0x05, 0x97,
+    0xff, 0xf4, 0xff, 0x81, 0x97, 0xfc, 0x27, 0x87, 0xf9, 0x86, 0x2c, 0xbf,
+    0xf4, 0xc7, 0x9f, 0x86, 0x13, 0x0d, 0x65, 0xff, 0xfc, 0xf1, 0xe9, 0xdf,
+    0xb8, 0x73, 0xfd, 0xf4, 0xda, 0x35, 0x65, 0xff, 0x9c, 0xcf, 0xe7, 0xbe,
+    0xd3, 0xb8, 0xb2, 0xff, 0xd2, 0x67, 0x02, 0xaf, 0xd6, 0x77, 0xf5, 0x95,
+    0x29, 0xf2, 0xf4, 0x65, 0xa3, 0x3f, 0x2e, 0xb9, 0xe9, 0x30, 0x7d, 0x06,
+    0xfa, 0x1e, 0xc8, 0xd6, 0x5f, 0xf3, 0x16, 0x1f, 0x67, 0x1b, 0xb5, 0x97,
+    0xff, 0xf9, 0xce, 0x59, 0xdc, 0xeb, 0x4d, 0xbf, 0x59, 0xf7, 0xed, 0x65,
+    0x0d, 0x13, 0x9c, 0x3a, 0xbf, 0xff, 0x87, 0x0e, 0x6b, 0x3e, 0xfd, 0xc4,
+    0xe1, 0xcf, 0xf8, 0xb2, 0xff, 0xfe, 0xcf, 0xbf, 0x7e, 0xf3, 0x4f, 0xfd,
+    0x9b, 0xe7, 0x4b, 0x2f, 0xff, 0xf4, 0xbc, 0xb1, 0x3f, 0xe0, 0xdb, 0xf5,
+    0x9f, 0x7e, 0xd6, 0x54, 0xa6, 0x79, 0x02, 0x3d, 0x2f, 0x6c, 0xae, 0x5e,
+    0x77, 0xdd, 0x59, 0x74, 0x9f, 0x69, 0xef, 0x1d, 0x02, 0xf9, 0xa3, 0xea,
+    0x0b, 0x2f, 0x16, 0x6e, 0xac, 0xbf, 0xe9, 0xec, 0xef, 0xfc, 0xef, 0xeb,
+    0x2e, 0x78, 0xd6, 0x57, 0x6a, 0xc6, 0xda, 0x52, 0xce, 0x8b, 0xdc, 0x90,
+    0x87, 0x8c, 0x3a, 0xbd, 0xe7, 0xe2, 0xcb, 0x76, 0xb2, 0xa4, 0xd7, 0x0c,
+    0x72, 0xff, 0x1d, 0xf8, 0x53, 0x86, 0xac, 0xb0, 0x96, 0x5f, 0xf0, 0x85,
+    0xe6, 0xff, 0x9e, 0x0b, 0x2f, 0x43, 0x3e, 0xb2, 0xf9, 0xfd, 0x9a, 0x59,
+    0x5e, 0x37, 0xbb, 0xc7, 0x2f, 0xc2, 0xf6, 0xa4, 0xc5, 0x97, 0x6c, 0xba,
+    0xcb, 0xa7, 0xad, 0xa9, 0x9f, 0x61, 0x01, 0xa6, 0x47, 0x11, 0x77, 0x6f,
+    0x91, 0x86, 0x53, 0x78, 0x82, 0xfc, 0x59, 0x7d, 0x0f, 0x36, 0xf5, 0x97,
+    0xa4, 0xbf, 0xb4, 0xf1, 0x18, 0x82, 0xed, 0x3a, 0xcb, 0xff, 0xb7, 0xb7,
+    0x39, 0x85, 0xd3, 0x90, 0x16, 0x5f, 0xef, 0x30, 0xc7, 0x86, 0x44, 0xb2,
+    0xf3, 0x77, 0xc5, 0x97, 0xec, 0xdf, 0x90, 0x0b, 0xac, 0xa3, 0x4f, 0x2b,
+    0xc3, 0xb6, 0x06, 0x23, 0x9f, 0xa4, 0x5f, 0xbf, 0xdf, 0x07, 0xe7, 0xfa,
+    0xcb, 0x4e, 0x8f, 0x64, 0xe6, 0xd4, 0xc9, 0xd8, 0x68, 0xcf, 0xd1, 0xab,
+    0x5f, 0xf9, 0xfb, 0xe6, 0x7d, 0x8e, 0xf0, 0x59, 0x6f, 0xac, 0xa0, 0x1e,
+    0x78, 0x67, 0xd7, 0xff, 0xc4, 0xf9, 0xe6, 0xd7, 0x9c, 0x5e, 0xc3, 0xac,
+    0xbf, 0xf7, 0x9b, 0xaf, 0x67, 0xf0, 0xd8, 0x2c, 0xa1, 0xa2, 0x37, 0x13,
+    0x6f, 0xff, 0xfc, 0xfa, 0x34, 0x7e, 0x9e, 0x7b, 0x3b, 0x87, 0xda, 0x29,
+    0xe0, 0x96, 0x56, 0x22, 0x45, 0xc8, 0xaf, 0x8b, 0x6f, 0x51, 0x2c, 0xbf,
+    0xfa, 0x7a, 0xcd, 0x67, 0x9b, 0x5e, 0x75, 0x97, 0xff, 0x84, 0xe1, 0x96,
+    0x67, 0x9b, 0xaf, 0x62, 0xcb, 0xe8, 0x8a, 0x4f, 0xa4, 0x46, 0x12, 0x1d,
+    0xff, 0xf3, 0xe8, 0x1b, 0x39, 0xa9, 0x83, 0x77, 0xfc, 0x59, 0x7f, 0xd8,
+    0x5f, 0xf3, 0xc2, 0x63, 0x59, 0x7f, 0xfd, 0x06, 0xf8, 0x7a, 0x9f, 0x4f,
+    0xf8, 0xfd, 0xac, 0xbf, 0x0b, 0x9e, 0x78, 0x62, 0x22, 0x78, 0x71, 0x7f,
+    0xf9, 0xc1, 0x85, 0x30, 0x9d, 0xb2, 0x73, 0xac, 0xbf, 0xfd, 0xbf, 0xcc,
+    0x3c, 0x63, 0x58, 0xb3, 0x7a, 0xcb, 0xf4, 0xe1, 0x7f, 0x65, 0x65, 0xfc,
+    0xdd, 0x83, 0x4e, 0x35, 0x97, 0xff, 0xb7, 0x96, 0x73, 0x6e, 0x10, 0xa1,
+    0x9c, 0x59, 0x4b, 0x2b, 0x0f, 0x5c, 0xe9, 0x94, 0x74, 0x67, 0xf8, 0xa4,
+    0xa1, 0x0b, 0x7e, 0xf4, 0xeb, 0x8c, 0xb2, 0xed, 0x6e, 0x2c, 0xbd, 0x01,
+    0x0d, 0x65, 0xbb, 0xda, 0x89, 0x21, 0x9a, 0x44, 0x4e, 0xe3, 0x55, 0x89,
+    0xf9, 0xbc, 0x75, 0xb7, 0xf9, 0xc8, 0x37, 0x86, 0x0d, 0x65, 0x4a, 0xe4,
+    0xde, 0x42, 0xc9, 0x8e, 0x75, 0x0d, 0xb2, 0x3f, 0xe4, 0xa3, 0xc1, 0x14,
+    0x5f, 0xcd, 0xad, 0x8f, 0x9f, 0x65, 0x97, 0xe2, 0x9f, 0x60, 0xd6, 0x5f,
+    0xfd, 0xc9, 0x06, 0x79, 0xb4, 0xe6, 0x7d, 0x65, 0xec, 0x28, 0xc6, 0x7d,
+    0x5c, 0x26, 0xbf, 0x87, 0x84, 0x6e, 0xa5, 0x65, 0xdb, 0x3d, 0xac, 0xbf,
+    0xf3, 0x69, 0xa3, 0x6e, 0xbd, 0x3f, 0x59, 0x50, 0x6d, 0xf6, 0x47, 0x2a,
+    0x73, 0xa8, 0x58, 0x77, 0x1c, 0x24, 0x52, 0xc3, 0x75, 0x2d, 0xf8, 0xf1,
+    0xe5, 0xfa, 0x53, 0x38, 0x21, 0x0a, 0x51, 0xa0, 0xfe, 0x72, 0xf3, 0x7b,
+    0xa1, 0x90, 0x9c, 0xd9, 0x33, 0x0c, 0xb7, 0x74, 0x6e, 0xf9, 0xe3, 0x11,
+    0x8b, 0x2e, 0x0b, 0xee, 0xac, 0xbc, 0xc7, 0xc5, 0x97, 0x49, 0xab, 0x2a,
+    0x07, 0xe9, 0xd9, 0x26, 0x87, 0x8c, 0x1b, 0xb7, 0x4b, 0x2f, 0xff, 0xec,
+    0x1f, 0xa4, 0xc2, 0xc6, 0x8f, 0x64, 0x5e, 0x6d, 0x2c, 0xad, 0xc3, 0xf0,
+    0x21, 0x2a, 0x96, 0xec, 0xc7, 0x14, 0x1a, 0xb8, 0x6c, 0x78, 0xe8, 0xc5,
+    0x0a, 0xeb, 0xe9, 0xe9, 0xba, 0x59, 0x7b, 0x4c, 0x62, 0xcb, 0xfd, 0xa1,
+    0x46, 0xd0, 0x38, 0xd6, 0x5f, 0xee, 0x66, 0x86, 0x4f, 0x05, 0x94, 0x34,
+    0x42, 0x68, 0x77, 0x86, 0xb7, 0xf7, 0xe6, 0x1b, 0x31, 0x92, 0xcb, 0xfc,
+    0xfb, 0x4b, 0x00, 0x2e, 0x2c, 0xbd, 0xec, 0x02, 0xcb, 0x4a, 0xcb, 0xff,
+    0xe8, 0x9d, 0xe1, 0xc9, 0x38, 0xfd, 0x25, 0xd2, 0xca, 0x93, 0xe0, 0x61,
+    0x0b, 0xfe, 0x17, 0x59, 0xa8, 0xe3, 0x14, 0x6b, 0x2f, 0xfb, 0x22, 0x84,
+    0xf7, 0x9d, 0xfd, 0x65, 0x6d, 0x4d, 0x26, 0x4d, 0x31, 0xf0, 0xe4, 0x04,
+    0x7d, 0x7a, 0x36, 0xed, 0x65, 0xde, 0x1a, 0xca, 0x94, 0xfe, 0x63, 0x8d,
+    0xe9, 0x92, 0xb8, 0x3d, 0x50, 0x56, 0x26, 0x38, 0x53, 0xea, 0x51, 0x4d,
+    0xf0, 0xfc, 0x28, 0xd6, 0x5f, 0xcf, 0x0c, 0x8c, 0x44, 0xb2, 0xec, 0x1a,
+    0xca, 0x19, 0xe1, 0xf4, 0x5b, 0x7f, 0xed, 0x66, 0xe4, 0x5e, 0x73, 0xb7,
+    0x16, 0x5f, 0xdf, 0x63, 0x0e, 0xdf, 0x59, 0x7f, 0xce, 0x5a, 0xc6, 0xf4,
+    0x8d, 0x65, 0xb3, 0xe7, 0xc9, 0xba, 0x5d, 0x68, 0xe5, 0x35, 0xac, 0x67,
+    0xd1, 0x1f, 0xa1, 0x4d, 0x66, 0x59, 0x70, 0x5f, 0x16, 0x56, 0x1f, 0x96,
+    0x92, 0x1c, 0x42, 0xff, 0xdb, 0xdb, 0xf0, 0x9d, 0xbf, 0x91, 0x2c, 0xb4,
+    0x4b, 0x2f, 0x6f, 0xc1, 0xac, 0xbf, 0x6c, 0x8b, 0xd9, 0xd2, 0xcb, 0x8f,
+    0xc5, 0x95, 0x88, 0xb5, 0x89, 0x08, 0xe2, 0x5f, 0x1e, 0x11, 0x65, 0xfd,
+    0x3f, 0x60, 0x4c, 0x16, 0x5d, 0x07, 0x59, 0x5a, 0x3c, 0x27, 0x2c, 0xbf,
+    0xbb, 0x8d, 0xe1, 0x3b, 0x8b, 0x2e, 0x28, 0x2c, 0xa9, 0x3c, 0x88, 0xcc,
+    0xae, 0x32, 0x56, 0x56, 0xd7, 0x51, 0x71, 0xb1, 0x17, 0x85, 0x61, 0x1d,
+    0x30, 0xbc, 0x8c, 0x8a, 0x06, 0x18, 0xb8, 0x69, 0x1f, 0x50, 0x90, 0x68,
+    0x5a, 0x1e, 0x1b, 0x9e, 0xaf, 0x30, 0x5e, 0x5b, 0x99, 0x4a, 0x0a, 0xe4,
+    0x38, 0xbf, 0x08, 0xc1, 0x34, 0xec, 0x91, 0x5f, 0xf8, 0x2a, 0x1c, 0x9f,
+    0xaf, 0x3f, 0x60, 0x59, 0x7f, 0xa1, 0x16, 0x13, 0xfb, 0x16, 0x5f, 0x77,
+    0x09, 0x3a, 0xcb, 0xfe, 0x92, 0x8f, 0x98, 0x79, 0xdc, 0x59, 0x7f, 0xfd,
+    0x1f, 0xf3, 0x9e, 0x17, 0x26, 0x31, 0x14, 0xac, 0xba, 0x7c, 0xb2, 0xfe,
+    0x78, 0x87, 0x25, 0x1a, 0xca, 0x8d, 0x1e, 0x63, 0x23, 0xc3, 0xb2, 0x51,
+    0xde, 0x2d, 0x7f, 0x3f, 0xc0, 0x19, 0x44, 0xb2, 0xff, 0x79, 0xff, 0xc3,
+    0x33, 0xcb, 0x2f, 0xa6, 0x26, 0xf2, 0xcb, 0xfb, 0xe5, 0x91, 0xb6, 0x96,
+    0x5f, 0xb3, 0xee, 0x40, 0x59, 0x52, 0x7a, 0x62, 0x2d, 0xbd, 0xbb, 0x27,
+    0x59, 0x58, 0x8e, 0x97, 0x34, 0xe3, 0xae, 0xe9, 0x0d, 0xf8, 0x87, 0xe9,
+    0x82, 0xcb, 0xc5, 0x3d, 0x2c, 0xbe, 0x98, 0x67, 0x16, 0x5f, 0xf3, 0x98,
+    0x19, 0x16, 0x77, 0x05, 0x95, 0x87, 0xef, 0xe1, 0xc7, 0x21, 0xbe, 0xdd,
+    0x92, 0xe9, 0x65, 0xfd, 0xec, 0x35, 0xe6, 0x35, 0x97, 0xd3, 0x16, 0xa5,
+    0x65, 0xa5, 0x65, 0xb1, 0x65, 0x68, 0xd0, 0x1c, 0x42, 0x8e, 0x7c, 0x7e,
+    0x42, 0xbe, 0x91, 0x05, 0xd9, 0x65, 0xf7, 0x0a, 0x4c, 0x59, 0x7e, 0x1f,
+    0xb0, 0xa0, 0xb2, 0xb0, 0xf2, 0x5c, 0x8a, 0xf4, 0x18, 0x0b, 0x2f, 0xff,
+    0xec, 0xff, 0x03, 0xe7, 0xfc, 0xe4, 0x6e, 0x6f, 0x93, 0x16, 0x5f, 0x73,
+    0xed, 0x12, 0xca, 0x3a, 0x20, 0x9d, 0x7e, 0xff, 0x36, 0xa6, 0x37, 0xd7,
+    0x4b, 0x2e, 0xea, 0x25, 0x95, 0xb5, 0x5b, 0xe4, 0x9f, 0x0e, 0x13, 0xd8,
+    0x5b, 0xd1, 0x2b, 0x42, 0x47, 0x44, 0x5e, 0x6e, 0x72, 0x0e, 0x42, 0x7b,
+    0xe4, 0x5b, 0x26, 0x94, 0x75, 0xd4, 0xcf, 0xce, 0x4a, 0x5f, 0xfe, 0xd7,
+    0x45, 0x9b, 0xcb, 0x27, 0x53, 0xc5, 0x97, 0xfe, 0x3b, 0x67, 0x78, 0xc3,
+    0x9d, 0xd5, 0x97, 0xf9, 0xe2, 0xf6, 0x1f, 0x38, 0xb2, 0xb1, 0x17, 0xba,
+    0x4a, 0xde, 0x81, 0x7b, 0x66, 0x7e, 0xb2, 0xfa, 0x77, 0xb6, 0xf5, 0x97,
+    0x61, 0xd6, 0x58, 0xdd, 0xa6, 0xed, 0x89, 0x6a, 0x34, 0x41, 0x92, 0xd5,
+    0xf8, 0xdf, 0xe6, 0x1d, 0x65, 0xff, 0xa1, 0x06, 0xea, 0x4f, 0x17, 0x25,
+    0x65, 0xff, 0xe8, 0xc3, 0xf3, 0x49, 0x46, 0x03, 0xcc, 0x16, 0x56, 0x23,
+    0x5d, 0x88, 0xdc, 0xa0, 0x48, 0x17, 0xff, 0x16, 0x1a, 0x6b, 0xff, 0x8c,
+    0x51, 0x2c, 0xbd, 0x90, 0x65, 0x95, 0x11, 0xf0, 0x69, 0x16, 0xf6, 0x46,
+    0x4b, 0x2f, 0x60, 0xbb, 0x59, 0x5e, 0x37, 0x24, 0x39, 0x7e, 0xc1, 0xb6,
+    0xb8, 0xb2, 0x96, 0x5f, 0x41, 0x81, 0xc5, 0x95, 0xc3, 0x5a, 0x18, 0x5d,
+    0xe1, 0x3e, 0x96, 0x5f, 0x75, 0x39, 0x1a, 0xca, 0x63, 0x7f, 0xa1, 0xcb,
+    0xdf, 0xff, 0x6b, 0x2f, 0xfe, 0xef, 0xa6, 0xf6, 0xdd, 0xdc, 0xf3, 0x1d,
+    0x65, 0x00, 0xfa, 0x7e, 0x3d, 0x70, 0xb4, 0xb2, 0xfa, 0x7a, 0xd9, 0xc5,
+    0x95, 0x88, 0xe7, 0xe4, 0x22, 0x76, 0x48, 0x83, 0x17, 0xa8, 0xd3, 0xe1,
+    0x3a, 0xa1, 0x91, 0xa4, 0x5f, 0x07, 0xec, 0xe9, 0x65, 0xfb, 0x9f, 0x77,
+    0x25, 0x95, 0xd9, 0xe5, 0x18, 0x49, 0x52, 0x8a, 0x76, 0x84, 0x1d, 0x4b,
+    0x2f, 0x47, 0x27, 0x65, 0xda, 0x1d, 0x7e, 0x8e, 0x2d, 0xe1, 0x35, 0xc5,
+    0xcf, 0xca, 0xa8, 0xbf, 0xf1, 0x30, 0x7d, 0xe6, 0xfe, 0xe4, 0x35, 0x96,
+    0x82, 0xcb, 0xff, 0xcd, 0x9a, 0x1c, 0x99, 0x9e, 0x9e, 0xf8, 0xb2, 0xfe,
+    0xfc, 0xe8, 0xb2, 0x35, 0x97, 0xc1, 0xce, 0x80, 0xb2, 0xff, 0xd3, 0xdf,
+    0xbd, 0x31, 0xc8, 0x8e, 0xb2, 0xff, 0xed, 0x69, 0xc1, 0x9e, 0x6d, 0x79,
+    0xd6, 0x5a, 0x0b, 0x2b, 0x87, 0xa8, 0x1a, 0x1d, 0xd9, 0xc5, 0x96, 0xd2,
+    0xca, 0xf1, 0xa7, 0x71, 0x6b, 0xff, 0xf1, 0xb9, 0xf6, 0xe7, 0x85, 0x9f,
+    0x03, 0x8e, 0x56, 0x5f, 0xdf, 0x68, 0xcf, 0x3d, 0x2c, 0xa1, 0xa2, 0x93,
+    0x44, 0x1e, 0x55, 0xbe, 0x83, 0x6a, 0x0b, 0x2f, 0xe0, 0x45, 0x06, 0xd4,
+    0x16, 0x44, 0x68, 0xaf, 0xf7, 0xb3, 0xd9, 0xd3, 0xf4, 0xb2, 0xe6, 0x8d,
+    0x65, 0x74, 0x79, 0x7f, 0x34, 0xae, 0xd1, 0x5d, 0xa8, 0x45, 0xdf, 0xee,
+    0xa2, 0x63, 0x89, 0xf8, 0xb2, 0xfb, 0x05, 0xa8, 0xd6, 0x5d, 0x3b, 0x8b,
+    0x2b, 0xb3, 0xf1, 0x39, 0xaf, 0x88, 0xef, 0xb5, 0x22, 0xdc, 0x59, 0x7a,
+    0x46, 0x35, 0x97, 0x66, 0xea, 0xcb, 0xe0, 0x06, 0x50, 0x59, 0x67, 0x23,
+    0x79, 0xf1, 0x9b, 0xf7, 0x39, 0x84, 0x05, 0x94, 0x03, 0xcc, 0x22, 0x5a,
+    0x95, 0x56, 0x8d, 0x18, 0x03, 0xc2, 0x6b, 0x86, 0x1f, 0x25, 0x14, 0x29,
+    0x2d, 0x12, 0xcb, 0xfe, 0x13, 0x87, 0x14, 0x33, 0xb8, 0x2c, 0xae, 0xcf,
+    0x38, 0x84, 0xaf, 0x89, 0xfb, 0xe2, 0xcb, 0xef, 0x80, 0xf8, 0xb2, 0xbe,
+    0x78, 0x81, 0x91, 0x51, 0xd1, 0x12, 0x06, 0x6b, 0xa7, 0x8b, 0x2f, 0xa7,
+    0xd2, 0x35, 0x95, 0xd1, 0xb7, 0x88, 0x5a, 0xff, 0xfe, 0xf6, 0x17, 0xf9,
+    0xb4, 0x38, 0x7b, 0x08, 0x85, 0x05, 0x97, 0xfc, 0x68, 0xfd, 0x3a, 0x29,
+    0x82, 0xcb, 0xf7, 0x98, 0x9e, 0x35, 0x97, 0xfd, 0x07, 0xd7, 0xca, 0x4f,
+    0xc5, 0x97, 0xfa, 0x47, 0x3a, 0x14, 0x81, 0x65, 0xf6, 0xf9, 0xcd, 0x2c,
+    0xbb, 0x3b, 0x59, 0x58, 0x6e, 0x88, 0x8e, 0xdc, 0xe9, 0x1d, 0x51, 0x13,
+    0x9c, 0xe0, 0x9b, 0x2a, 0x53, 0x67, 0x3c, 0x64, 0x77, 0xff, 0xd3, 0x9d,
+    0xff, 0xd8, 0xd0, 0x63, 0x4d, 0xc5, 0x97, 0xe2, 0x9d, 0xd2, 0x95, 0x97,
+    0xff, 0x9d, 0xf5, 0x1f, 0x9f, 0xfe, 0x6d, 0x41, 0x65, 0xfb, 0x43, 0xf3,
+    0x44, 0xb2, 0xfe, 0xc6, 0x22, 0x91, 0xac, 0xb9, 0xcc, 0x1a, 0x27, 0x71,
+    0x2b, 0xc5, 0x37, 0xfc, 0xe5, 0x9f, 0xfb, 0x19, 0xf5, 0x97, 0xff, 0xff,
+    0x45, 0x06, 0x2f, 0xc8, 0x37, 0x7e, 0xc6, 0xeb, 0x27, 0xb8, 0x31, 0xd6,
+    0x54, 0xa2, 0xb8, 0x8e, 0x2a, 0x57, 0x22, 0x71, 0x6b, 0xa2, 0x36, 0x8f,
+    0x13, 0x45, 0x2e, 0xa0, 0x50, 0xc5, 0x14, 0x3a, 0x6b, 0x63, 0x6e, 0x4a,
+    0x65, 0x1a, 0x14, 0xcf, 0x6c, 0x84, 0x19, 0xa8, 0x7d, 0x08, 0xb2, 0x54,
+    0x45, 0xbe, 0x23, 0x04, 0x25, 0x39, 0x2e, 0x8b, 0xf3, 0xb8, 0xd7, 0xed,
+    0x85, 0xdc, 0x33, 0xeb, 0x2f, 0xcc, 0x18, 0x9f, 0x8b, 0x2f, 0xfe, 0xff,
+    0x70, 0xcf, 0xb6, 0xf9, 0x2e, 0x96, 0x5f, 0xd2, 0x2e, 0xdb, 0xbd, 0xd5,
+    0x97, 0xec, 0x33, 0x3b, 0xfa, 0xca, 0xda, 0x7b, 0x6c, 0x65, 0x7f, 0xbb,
+    0x86, 0x0f, 0xd9, 0x1a, 0xca, 0x1a, 0x64, 0x5d, 0x94, 0x6a, 0x14, 0x44,
+    0x47, 0x78, 0x29, 0xb1, 0xf6, 0xb2, 0xf7, 0x83, 0xe2, 0xcb, 0xf4, 0xeb,
+    0xb8, 0x71, 0x65, 0xff, 0xff, 0x6a, 0x27, 0xf3, 0x72, 0x62, 0x6f, 0xff,
+    0x3c, 0x06, 0xde, 0xb2, 0xb6, 0x34, 0x6b, 0xc9, 0x3c, 0x63, 0xc2, 0x29,
+    0xbf, 0xf8, 0x5a, 0xc8, 0xe7, 0x93, 0x09, 0xd2, 0xcb, 0xda, 0xce, 0x2c,
+    0xbf, 0x31, 0x6f, 0xc8, 0x2c, 0xbd, 0x8d, 0x1a, 0xca, 0x34, 0xf8, 0x0e,
+    0x39, 0xe2, 0x8b, 0xfa, 0x63, 0xcf, 0xe1, 0xd6, 0x5f, 0x83, 0xdb, 0xee,
+    0x62, 0xcb, 0xff, 0x10, 0xba, 0xf6, 0x1e, 0x27, 0xe9, 0x65, 0xc2, 0xd2,
+    0xca, 0xc3, 0xd8, 0xd9, 0x41, 0xa8, 0x27, 0x50, 0xd0, 0xa4, 0xd1, 0x80,
+    0x0b, 0x79, 0x08, 0x3b, 0xe3, 0xb4, 0x8d, 0x65, 0xfe, 0x23, 0x7d, 0x27,
+    0x39, 0x2c, 0xbf, 0xb7, 0x1a, 0x77, 0x45, 0xf5, 0x97, 0xe9, 0x8b, 0x33,
+    0xa5, 0x97, 0x8b, 0x37, 0x56, 0x54, 0xa3, 0x37, 0x08, 0x58, 0xcf, 0xc6,
+    0x62, 0x28, 0xbc, 0x77, 0xfa, 0xcb, 0xe3, 0xbc, 0xf6, 0xb2, 0x88, 0xdf,
+    0x18, 0x39, 0x7f, 0xbf, 0xc6, 0xdf, 0xa6, 0xe2, 0xcb, 0xfe, 0x32, 0x0d,
+    0xa0, 0xca, 0x12, 0xb2, 0xe6, 0x82, 0xca, 0xc4, 0x42, 0xb1, 0xa9, 0x1d,
+    0x5e, 0x36, 0x7a, 0x59, 0x7f, 0xd9, 0x13, 0x44, 0x2d, 0xd1, 0x71, 0x65,
+    0x9d, 0x65, 0x78, 0xf3, 0xbe, 0x7d, 0x79, 0xb4, 0x6a, 0xcb, 0xef, 0xb4,
+    0xf6, 0xb2, 0xa5, 0x19, 0xac, 0xd8, 0x44, 0x5c, 0x1d, 0xbf, 0xe9, 0x8a,
+    0x7f, 0xec, 0xd7, 0x4b, 0x2f, 0x7a, 0x62, 0x59, 0x69, 0xec, 0xf5, 0xf7,
+    0x4e, 0xaa, 0x08, 0xbc, 0xe4, 0x24, 0x6f, 0x13, 0x32, 0xcb, 0x9e, 0x35,
+    0x97, 0xf3, 0x9f, 0x37, 0xbe, 0x96, 0x54, 0x67, 0x8a, 0x71, 0x7b, 0xff,
+    0x44, 0xde, 0x9e, 0xe1, 0x31, 0x4a, 0xca, 0x63, 0xe3, 0x11, 0x1d, 0xe9,
+    0xf9, 0xd6, 0x5d, 0xc3, 0xac, 0xa3, 0x9b, 0x3d, 0xd1, 0xcb, 0xfe, 0xe0,
+    0xa3, 0x98, 0xb6, 0x83, 0xeb, 0x2f, 0xc3, 0x72, 0x9f, 0x2c, 0xbf, 0xa1,
+    0x3d, 0xff, 0x3c, 0xb2, 0xff, 0xf7, 0xf8, 0xc0, 0x98, 0x73, 0x33, 0xbf,
+    0xac, 0xa8, 0x8f, 0xe3, 0x85, 0xd5, 0xda, 0x3f, 0xfc, 0x7c, 0x64, 0x27,
+    0xaf, 0xf6, 0x75, 0x85, 0x38, 0x62, 0xcb, 0xfc, 0x79, 0x88, 0xf2, 0x39,
+    0x59, 0x7e, 0x8b, 0x1b, 0x74, 0x6b, 0x2d, 0xe6, 0x3d, 0xe7, 0x33, 0xa9,
+    0x54, 0x20, 0xd1, 0x91, 0xf8, 0xdf, 0x90, 0x90, 0xbf, 0x67, 0x70, 0xf3,
+    0x2c, 0xbe, 0xdd, 0x21, 0x46, 0xb2, 0xb6, 0x9e, 0x71, 0xca, 0x2f, 0xe6,
+    0xf3, 0x44, 0xd1, 0xac, 0xb4, 0xac, 0xae, 0x1b, 0xef, 0x97, 0x5f, 0xbe,
+    0xc5, 0x09, 0x59, 0x7f, 0x77, 0x0c, 0x16, 0xa3, 0x59, 0x7f, 0xfb, 0x5a,
+    0x92, 0xc3, 0x5b, 0xde, 0xc0, 0xd6, 0x56, 0x22, 0x81, 0x89, 0x84, 0x61,
+    0x52, 0x9a, 0x8e, 0x31, 0x6a, 0x18, 0x37, 0xf3, 0x1a, 0xdf, 0x7f, 0x2c,
+    0xbd, 0xd7, 0xa5, 0x65, 0xda, 0x95, 0x95, 0x03, 0xe0, 0xec, 0xb6, 0x21,
+    0xdb, 0xf4, 0xb7, 0xf6, 0x20, 0xb4, 0xb2, 0xfc, 0xec, 0x39, 0x25, 0x97,
+    0x48, 0x96, 0x54, 0xa2, 0x7b, 0xc6, 0x24, 0x65, 0xc2, 0x5b, 0xb7, 0x65,
+    0x65, 0xc5, 0xd2, 0xca, 0x93, 0x60, 0xc3, 0x37, 0xf8, 0x4c, 0x59, 0xce,
+    0x62, 0xca, 0x8c, 0xf4, 0x0e, 0x3f, 0x76, 0x74, 0xb2, 0xfb, 0xc0, 0x7f,
+    0xac, 0xb7, 0x96, 0x53, 0x9b, 0x31, 0x11, 0x5f, 0xe2, 0xcf, 0xcc, 0x05,
+    0xa5, 0x94, 0x74, 0x4e, 0x6f, 0x4a, 0xdd, 0x20, 0xbf, 0x01, 0xce, 0xfd,
+    0xac, 0xbf, 0xf1, 0xdb, 0x9e, 0x96, 0xd0, 0xb7, 0x16, 0x57, 0x67, 0xd2,
+    0xc5, 0x15, 0x29, 0xbf, 0xb4, 0x2f, 0xde, 0x13, 0xd7, 0xf1, 0x71, 0xb7,
+    0xc8, 0xd6, 0x5f, 0xf0, 0x18, 0xbf, 0x3c, 0x17, 0x96, 0x5f, 0xa4, 0x3e,
+    0x4f, 0x16, 0x5f, 0xed, 0x46, 0xdd, 0x36, 0xb1, 0x65, 0xe2, 0x63, 0x56,
+    0x5f, 0x9f, 0x5a, 0x98, 0xd6, 0x5f, 0xdf, 0x6d, 0x37, 0xc4, 0xb2, 0xb6,
+    0xa6, 0x0b, 0x19, 0xc6, 0x14, 0x1c, 0xd3, 0xe3, 0x81, 0x94, 0x5e, 0xe3,
+    0x81, 0x65, 0x49, 0xfb, 0xfd, 0x6e, 0xfc, 0x1f, 0xb3, 0xbe, 0x2c, 0xb9,
+    0xf7, 0x16, 0x50, 0x8f, 0x0c, 0x32, 0xab, 0xff, 0xff, 0xe9, 0xf9, 0x3f,
+    0x4d, 0xc8, 0x9b, 0x5d, 0x4f, 0x3f, 0x3d, 0xc8, 0x79, 0xc5, 0x97, 0xfb,
+    0x99, 0xa9, 0xdf, 0x3b, 0x8b, 0x2b, 0x48, 0xb6, 0xfb, 0xfd, 0xfe, 0xf6,
+    0x77, 0x3a, 0x63, 0xac, 0xbf, 0xe9, 0xeb, 0x59, 0xcc, 0x61, 0xac, 0xbf,
+    0xfc, 0xda, 0xc8, 0x9b, 0x5b, 0xac, 0x1e, 0x41, 0x65, 0x69, 0x10, 0xbc,
+    0x38, 0xbd, 0x27, 0x95, 0x95, 0xa3, 0x7d, 0xf2, 0x3b, 0xfc, 0x72, 0x73,
+    0x5b, 0xc2, 0x59, 0x7d, 0xe6, 0x70, 0x2c, 0xb4, 0xed, 0x3d, 0x4f, 0x99,
+    0xdf, 0xff, 0xff, 0xf7, 0x33, 0xfe, 0x73, 0xf3, 0x5a, 0x6e, 0xfe, 0xee,
+    0x6e, 0x64, 0x42, 0xfc, 0x99, 0xdc, 0xac, 0xbf, 0x0a, 0x2c, 0xd9, 0xc5,
+    0x97, 0x79, 0xd6, 0x57, 0x11, 0xb1, 0xf8, 0x4b, 0xef, 0x2b, 0xbf, 0xee,
+    0xf8, 0x4c, 0x7f, 0xe6, 0xe2, 0xcb, 0xb3, 0x4b, 0x2a, 0x4f, 0x4b, 0xc7,
+    0x97, 0xf7, 0xc9, 0xc1, 0x84, 0xb2, 0xe9, 0x35, 0x65, 0xf3, 0x83, 0x09,
+    0x65, 0x44, 0x6d, 0xc8, 0x5e, 0xb6, 0xa2, 0x0f, 0xec, 0x55, 0x2a, 0xf8,
+    0x46, 0x47, 0x90, 0xf6, 0xe9, 0xd5, 0xe3, 0x01, 0xfc, 0x22, 0x45, 0x0a,
+    0x4b, 0xfd, 0x07, 0xed, 0xb7, 0x58, 0x6b, 0x2f, 0xfd, 0xf6, 0xe1, 0x3f,
+    0xe2, 0x71, 0xac, 0xbe, 0x03, 0xf7, 0xc5, 0x97, 0x18, 0x62, 0xca, 0xe1,
+    0xbc, 0x30, 0x8e, 0xfb, 0xcf, 0x9e, 0x48, 0x10, 0xd1, 0x5f, 0xff, 0x83,
+    0x63, 0x8b, 0x92, 0x1b, 0x1e, 0x62, 0x93, 0x16, 0x5c, 0xd1, 0xac, 0xa9,
+    0x4d, 0xd3, 0x0d, 0x9a, 0x13, 0x8e, 0x67, 0xbd, 0x62, 0xfb, 0xa9, 0x17,
+    0x6b, 0x2f, 0xc1, 0xe1, 0xdb, 0x4b, 0x2f, 0xcd, 0xaf, 0xe7, 0x4b, 0x2f,
+    0xdd, 0x37, 0x3c, 0xcb, 0x2f, 0xee, 0xda, 0x33, 0xb7, 0x16, 0x5c, 0x77,
+    0x59, 0x7f, 0xbf, 0x25, 0xd6, 0xc0, 0x03, 0xac, 0xa9, 0x3f, 0xef, 0x17,
+    0x88, 0x5a, 0xe6, 0xed, 0x65, 0xef, 0x48, 0x16, 0x5e, 0xdd, 0xdd, 0x95,
+    0x97, 0xfc, 0x3f, 0x36, 0x9b, 0xb8, 0xa5, 0x65, 0x39, 0xee, 0x08, 0x8a,
+    0xe0, 0xa6, 0xf5, 0x95, 0x2a, 0x85, 0x70, 0x90, 0xd2, 0x8e, 0xca, 0x1a,
+    0x14, 0xda, 0x2e, 0x71, 0x72, 0x78, 0xf9, 0x0d, 0xef, 0x6d, 0xdc, 0x59,
+    0x78, 0xba, 0x65, 0x97, 0xef, 0x49, 0x64, 0x6b, 0x2a, 0x4f, 0x95, 0x88,
+    0x9c, 0x72, 0xfc, 0xd1, 0xb8, 0x89, 0x65, 0xfb, 0x42, 0x8c, 0x51, 0xac,
+    0xbf, 0xa7, 0xe2, 0x38, 0xbe, 0xb2, 0xff, 0x49, 0x79, 0xc0, 0x28, 0x96,
+    0x54, 0xa2, 0x33, 0xc5, 0x7b, 0xa5, 0xd5, 0xb0, 0x9b, 0xe4, 0x09, 0x8d,
+    0x46, 0x38, 0xc6, 0xa1, 0x1f, 0x50, 0xe3, 0x21, 0xc8, 0x42, 0x9b, 0x0a,
+    0x6e, 0xe3, 0xb6, 0x62, 0x8d, 0xc8, 0x61, 0x45, 0x29, 0x93, 0x51, 0xf3,
+    0x9e, 0x33, 0x2f, 0x4a, 0x3a, 0x73, 0x80, 0x47, 0x54, 0x17, 0x64, 0x29,
+    0xcb, 0xae, 0x47, 0xdb, 0xf9, 0x4c, 0x7b, 0xe1, 0xce, 0x19, 0x66, 0xec,
+    0x2c, 0xef, 0xb5, 0x9f, 0xc5, 0x97, 0xfb, 0xaf, 0x37, 0xf8, 0xfd, 0xac,
+    0xbd, 0x9a, 0xde, 0xb2, 0xf6, 0x83, 0x89, 0x65, 0xc7, 0xf2, 0xca, 0x63,
+    0x6d, 0xc1, 0xfb, 0xff, 0x10, 0x0e, 0xf0, 0x29, 0xff, 0x16, 0x5d, 0x98,
+    0xb2, 0xfb, 0xaf, 0x30, 0x6b, 0x2b, 0x13, 0x40, 0x34, 0x85, 0x8d, 0x7c,
+    0xa8, 0xe4, 0x01, 0x73, 0xd0, 0xc5, 0x6f, 0xd1, 0x4c, 0x5e, 0x95, 0x97,
+    0xff, 0x8b, 0xfc, 0x0f, 0xec, 0x42, 0x86, 0x71, 0x65, 0xc1, 0xca, 0xcb,
+    0xfb, 0xd9, 0x13, 0x94, 0x6b, 0x2f, 0x18, 0x61, 0x89, 0x2f, 0xa1, 0xfc,
+    0xe9, 0x20, 0x43, 0x41, 0x7e, 0xc1, 0xb0, 0x38, 0xbb, 0xbf, 0x95, 0xb5,
+    0x16, 0xfa, 0x4e, 0x23, 0x5b, 0xb9, 0x05, 0x97, 0xb8, 0xe0, 0x59, 0x52,
+    0x6c, 0xfb, 0x17, 0xb6, 0xf5, 0x96, 0xd9, 0x59, 0x6c, 0xe8, 0xd3, 0x9c,
+    0x4e, 0xa5, 0x50, 0xa6, 0x14, 0xe9, 0x29, 0xe1, 0x9c, 0x06, 0x42, 0x48,
+    0xbe, 0x38, 0xf0, 0x96, 0x5d, 0xfe, 0x2c, 0xbf, 0xfc, 0x3c, 0xc3, 0x76,
+    0xe7, 0xdb, 0x9e, 0x65, 0x97, 0xfb, 0xfe, 0x9f, 0xf3, 0xcc, 0xb2, 0xe8,
+    0x46, 0xb2, 0xe7, 0x82, 0xcb, 0xf6, 0xdc, 0x89, 0xa3, 0x59, 0x5b, 0x51,
+    0x19, 0x03, 0x33, 0x8c, 0x70, 0x5a, 0xdc, 0x59, 0x7e, 0x87, 0xa4, 0xa3,
+    0x49, 0x74, 0xc1, 0x65, 0xbf, 0xd9, 0xbe, 0xf1, 0x45, 0xff, 0xb3, 0xb8,
+    0x36, 0x11, 0x60, 0xd6, 0x5f, 0x1c, 0x5d, 0xfd, 0x65, 0xf6, 0x7a, 0x77,
+    0xac, 0xa8, 0xcf, 0x1f, 0x84, 0x95, 0x2a, 0x92, 0xa3, 0x17, 0xee, 0x1a,
+    0xfa, 0x3f, 0x24, 0xfe, 0x14, 0x7e, 0x10, 0x77, 0xfb, 0xaf, 0x30, 0xe5,
+    0xf4, 0xb2, 0xf3, 0x71, 0x96, 0x59, 0x96, 0x5f, 0x38, 0x6e, 0x35, 0x97,
+    0xa7, 0x46, 0xac, 0xb4, 0x3c, 0x7d, 0x4e, 0x36, 0x21, 0x03, 0x08, 0xaf,
+    0xff, 0xf0, 0xfd, 0x9f, 0xfb, 0x97, 0x5c, 0x9d, 0x3c, 0x4d, 0xe5, 0x94,
+    0x34, 0xd0, 0x3b, 0x84, 0xeb, 0x21, 0x5f, 0x8d, 0x0e, 0x74, 0x05, 0x97,
+    0xfc, 0x52, 0x67, 0x18, 0xbb, 0x82, 0xcb, 0xff, 0xff, 0x70, 0x0d, 0xa1,
+    0xe1, 0x79, 0xba, 0xf3, 0x7c, 0xd9, 0x28, 0x2c, 0xba, 0x7a, 0x59, 0x5a,
+    0x47, 0x31, 0x15, 0x7c, 0xe7, 0x7b, 0x65, 0xff, 0xe6, 0xf3, 0xc5, 0x83,
+    0xf3, 0x6f, 0xc8, 0x96, 0x5e, 0x0e, 0x77, 0x16, 0x5d, 0xe6, 0x59, 0x60,
+    0x2c, 0xa3, 0x4d, 0x39, 0x0b, 0x54, 0x67, 0xd0, 0xc8, 0xf7, 0xfd, 0xff,
+    0x34, 0x82, 0x3e, 0x1a, 0xb2, 0xfc, 0x52, 0x66, 0x12, 0xcb, 0xfe, 0xf7,
+    0x72, 0x6c, 0x50, 0x9d, 0xc5, 0x96, 0xe0, 0xcf, 0x97, 0x09, 0xab, 0x48,
+    0xe9, 0x22, 0x2f, 0xc2, 0x82, 0x96, 0x5f, 0xa1, 0xa6, 0x93, 0xac, 0xbc,
+    0x1f, 0x66, 0x2c, 0xa8, 0xcf, 0x4b, 0xb0, 0xbe, 0x13, 0xd4, 0xae, 0xaf,
+    0x64, 0x76, 0x0d, 0x18, 0xe7, 0x8f, 0x9e, 0x39, 0xd1, 0x42, 0x1a, 0xf3,
+    0x02, 0x56, 0x5f, 0x43, 0x3e, 0xcb, 0x2b, 0x69, 0xbc, 0xec, 0x6e, 0xff,
+    0x43, 0xd3, 0xdf, 0xe7, 0xcb, 0x2f, 0xff, 0x43, 0xe2, 0xf6, 0xa4, 0xc8,
+    0x30, 0x31, 0x65, 0xce, 0x75, 0x95, 0xd2, 0x2e, 0x7b, 0x24, 0x23, 0x4d,
+    0xe9, 0x77, 0xff, 0xef, 0xbe, 0xb1, 0x81, 0xcc, 0xf3, 0x6b, 0xce, 0xb2,
+    0xff, 0xbc, 0xda, 0x88, 0xa6, 0x7b, 0x59, 0x7a, 0x48, 0x6b, 0x2f, 0xdd,
+    0xf2, 0x2c, 0xfa, 0xca, 0xc4, 0xc4, 0x7b, 0x40, 0x65, 0x3f, 0x1c, 0x90,
+    0xdd, 0xfc, 0xdf, 0x27, 0x07, 0x16, 0x5f, 0xa4, 0xff, 0xcf, 0x2c, 0xbe,
+    0x0e, 0x4a, 0x25, 0x97, 0xdc, 0x69, 0xe9, 0x65, 0xff, 0xd1, 0x66, 0xb1,
+    0xcf, 0x3e, 0x61, 0xac, 0xac, 0x3e, 0x5f, 0x91, 0x5f, 0xc2, 0x3e, 0x7b,
+    0xb7, 0x59, 0x46, 0xa6, 0x55, 0xd1, 0x67, 0x89, 0xca, 0x11, 0x1c, 0x21,
+    0xbf, 0xfc, 0xc3, 0x27, 0xec, 0xb3, 0xf8, 0xc0, 0x59, 0x7d, 0x1c, 0x6f,
+    0xb8, 0xb2, 0xfb, 0xa1, 0x8a, 0x35, 0x97, 0xa1, 0xc1, 0x2c, 0xb9, 0xe0,
+    0xb2, 0xfd, 0xf6, 0xf4, 0x09, 0x65, 0x1c, 0xde, 0x90, 0xb5, 0xff, 0xff,
+    0xfb, 0xd3, 0x91, 0xc1, 0xbf, 0xc9, 0xd6, 0x04, 0x60, 0x4c, 0xef, 0x99,
+    0x2e, 0x96, 0x5b, 0xf8, 0x99, 0x1f, 0x89, 0x5d, 0x6b, 0x84, 0x17, 0x8c,
+    0x30, 0xc5, 0x97, 0xff, 0xc7, 0xce, 0xfe, 0x59, 0x19, 0xf0, 0xf8, 0x49,
+    0x02, 0x1a, 0x0a, 0x94, 0x61, 0xb3, 0x15, 0xf4, 0x79, 0xe7, 0x59, 0x7f,
+    0xb4, 0x4e, 0x66, 0x79, 0xd6, 0x5f, 0x3e, 0xbd, 0x8b, 0x2f, 0xf8, 0x9e,
+    0x3e, 0x67, 0x9f, 0x71, 0x65, 0xf7, 0xe7, 0xfc, 0xc3, 0xdc, 0x72, 0x1b,
+    0xf7, 0x9f, 0x59, 0xa5, 0x97, 0xfe, 0x9f, 0xb0, 0x26, 0x19, 0xdf, 0xd6,
+    0x5f, 0xfd, 0x19, 0x0a, 0x31, 0x73, 0xfc, 0xc3, 0x16, 0x5f, 0xbb, 0xe9,
+    0x8a, 0x35, 0x97, 0xfb, 0xd3, 0x08, 0xa0, 0xe4, 0xb2, 0xbe, 0x7b, 0xa1,
+    0x95, 0x54, 0xa3, 0x21, 0xe1, 0x4b, 0x70, 0x9d, 0x65, 0x0d, 0x51, 0x76,
+    0x42, 0x3b, 0xa3, 0x7d, 0x13, 0xfa, 0x30, 0x62, 0x26, 0xbf, 0xe0, 0x16,
+    0x74, 0xd9, 0xfe, 0x2c, 0xbd, 0xf9, 0x1a, 0xcb, 0xe8, 0x7c, 0x43, 0x59,
+    0x7e, 0x96, 0x83, 0xf1, 0x65, 0x49, 0xf2, 0xf6, 0x39, 0xa2, 0x3b, 0xfb,
+    0x3f, 0xe1, 0x4f, 0x6b, 0x2f, 0xbe, 0xda, 0xc5, 0x97, 0xdd, 0xf1, 0x8d,
+    0x19, 0xe7, 0xe1, 0x75, 0x46, 0x9d, 0xc6, 0x98, 0xca, 0x13, 0xbf, 0x7e,
+    0xbf, 0xb8, 0x59, 0xbf, 0xcc, 0xb2, 0xf7, 0x59, 0xc5, 0x95, 0x87, 0x96,
+    0x22, 0xeb, 0xff, 0x1e, 0x7b, 0x2c, 0x07, 0x27, 0x71, 0x65, 0x68, 0xf8,
+    0x8e, 0x43, 0x7f, 0x86, 0x59, 0xbd, 0xb4, 0xeb, 0x2b, 0x63, 0x5d, 0x4d,
+    0x99, 0xc0, 0x86, 0x87, 0x80, 0x88, 0xaf, 0xd1, 0xee, 0x36, 0x76, 0xb2,
+    0xfc, 0xdc, 0x98, 0xce, 0xbb, 0x3f, 0x57, 0xe9, 0x7d, 0x00, 0x4b, 0xb3,
+    0xf5, 0x73, 0xc1, 0x76, 0x7e, 0xaf, 0x85, 0x0c, 0xe2, 0xec, 0xfd, 0x50,
+    0xcf, 0x48, 0x88, 0xef, 0xd3, 0x9c, 0xc2, 0x5d, 0x9f, 0xaa, 0x5d, 0x9f,
+    0xab, 0x9f, 0xeb, 0xb3, 0xf4, 0x72, 0xe2, 0xd0, 0x23, 0xfc, 0x12, 0x55,
+    0xf6, 0x6c, 0xb0, 0x17, 0x67, 0xea, 0x97, 0x67, 0xea, 0xe0, 0x4a, 0xec,
+    0xfd, 0x5f, 0xf6, 0x01, 0xf5, 0x9b, 0xf0, 0x6b, 0xb3, 0xf5, 0x7f, 0x67,
+    0x9b, 0x82, 0x8d, 0x76, 0x7e, 0xa8, 0x08, 0xa4, 0x22, 0x3e, 0x23, 0x5f,
+    0x6a, 0x39, 0xfa, 0xec, 0xfd, 0x52, 0xec, 0xfd, 0x61, 0xb0, 0xb8, 0xc3,
+    0x17, 0x67, 0xea, 0xa0, 0xac, 0x60, 0x66, 0xb9, 0x08, 0x6e, 0xe1, 0x3b,
+    0xa2, 0x73, 0x98, 0xf2, 0x17, 0x9f, 0x5f, 0x30, 0x9e, 0xe9, 0x35, 0x36,
+    0x7e, 0x81, 0x11, 0x21, 0x7f, 0xd1, 0xce, 0xfc, 0x6d, 0x64, 0x6b, 0x2f,
+    0xfe, 0x7f, 0x75, 0xe6, 0x27, 0xd3, 0xc1, 0x65, 0x41, 0x16, 0xfa, 0x39,
+    0xf9, 0xdd, 0xfd, 0x38, 0x1c, 0xc2, 0x0b, 0x2f, 0xf7, 0x32, 0x10, 0x9f,
+    0xf6, 0xb2, 0xff, 0xa7, 0x40, 0xfb, 0x39, 0xb0, 0x59, 0x58, 0x8c, 0xa2,
+    0x30, 0xe1, 0x68, 0x66, 0x97, 0xfe, 0xce, 0x87, 0x9a, 0x31, 0xfd, 0x12,
+    0xcb, 0xa4, 0x35, 0x94, 0xb2, 0xff, 0xc5, 0x91, 0x4c, 0x60, 0x7e, 0xf8,
+    0xb2, 0xa4, 0xf2, 0xf8, 0x17, 0x74, 0x23, 0x49, 0x7d, 0x13, 0xbe, 0x96,
+    0x54, 0x69, 0x9d, 0x76, 0x79, 0xa4, 0x1f, 0x31, 0x11, 0x0e, 0xe8, 0xc5,
+    0xf1, 0x4c, 0x5c, 0x59, 0x73, 0x46, 0xb2, 0xfe, 0x9f, 0x13, 0xb6, 0x96,
+    0x56, 0x97, 0xd3, 0xde, 0x7a, 0x3c, 0x97, 0x3e, 0x45, 0xbc, 0x5e, 0xf8,
+    0xfb, 0x0a, 0x11, 0x2c, 0xbb, 0x64, 0xd5, 0x97, 0xf7, 0x0a, 0x7c, 0x2d,
+    0x2c, 0xbf, 0xb8, 0x59, 0xfc, 0x02, 0xca, 0xec, 0xf6, 0x4e, 0x5b, 0x7f,
+    0xd1, 0x16, 0x6f, 0xf7, 0x6f, 0xb8, 0xb2, 0xfe, 0xfe, 0x7a, 0x74, 0x05,
+    0x97, 0xda, 0x6c, 0xde, 0xb2, 0xfd, 0x9c, 0xce, 0xfe, 0xb2, 0xf8, 0xf2,
+    0x46, 0xed, 0x3c, 0xb7, 0x23, 0xbf, 0xed, 0x31, 0xf8, 0x1c, 0xe4, 0x4b,
+    0x2f, 0xfb, 0xa9, 0x00, 0xc4, 0xfa, 0x82, 0xcb, 0xff, 0x3b, 0xc7, 0x87,
+    0x72, 0xee, 0x0b, 0x2f, 0x39, 0xbc, 0xc3, 0xf8, 0x88, 0xea, 0xff, 0x7f,
+    0xd8, 0x70, 0xe4, 0x0b, 0x2f, 0xdb, 0x11, 0xba, 0x7e, 0x96, 0x5f, 0x72,
+    0x73, 0xeb, 0x2d, 0xed, 0xa8, 0x84, 0xd8, 0x66, 0x98, 0x5f, 0x7f, 0xfa,
+    0x79, 0x87, 0x9e, 0x9f, 0x06, 0xdb, 0xd6, 0x56, 0x22, 0x1c, 0x8f, 0x6c,
+    0x66, 0xd5, 0x58, 0x98, 0xf1, 0xa3, 0xa2, 0x85, 0x97, 0xe3, 0x3f, 0xad,
+    0xaa, 0xfe, 0x25, 0xd3, 0x08, 0xde, 0x58, 0x1d, 0xf3, 0x1a, 0xc6, 0x2c,
+    0xbe, 0xff, 0xb2, 0x35, 0x94, 0x73, 0xc6, 0x22, 0x3b, 0x86, 0x62, 0xcb,
+    0xfc, 0x30, 0xf7, 0xbb, 0x97, 0x4b, 0x2a, 0x4f, 0xbf, 0x08, 0x58, 0x62,
+    0xf1, 0xc1, 0xa5, 0x97, 0x7c, 0x96, 0x5f, 0x9f, 0xfb, 0x39, 0xc5, 0x97,
+    0x88, 0x1d, 0x2c, 0xa1, 0x9e, 0xef, 0x85, 0xb8, 0x55, 0x7f, 0xfb, 0xbf,
+    0xf9, 0x83, 0x1e, 0x61, 0x71, 0x96, 0x5f, 0xff, 0xa1, 0xa9, 0xde, 0xf1,
+    0x48, 0xfd, 0x27, 0x78, 0x96, 0x5f, 0xed, 0xd7, 0xe3, 0x72, 0x2c, 0x59,
+    0x7f, 0xfa, 0x74, 0x0c, 0xde, 0xdf, 0x9c, 0x28, 0x2c, 0xad, 0xa9, 0xe5,
+    0x04, 0x7a, 0xc2, 0xfe, 0xd2, 0xb4, 0xb0, 0x19, 0xb5, 0xbe, 0xb2, 0xfd,
+    0x9c, 0xe1, 0xfb, 0x59, 0x74, 0xf7, 0xb4, 0xdd, 0x48, 0x8d, 0xe6, 0x28,
+    0x2c, 0xa9, 0x74, 0x80, 0x51, 0xad, 0x42, 0x7f, 0x27, 0x25, 0x39, 0xb4,
+    0x6e, 0x7b, 0x8a, 0x31, 0x23, 0xea, 0x50, 0x6f, 0xa7, 0x5b, 0x9e, 0x7e,
+    0x7c, 0x0a, 0xa5, 0x38, 0x45, 0xc8, 0x7d, 0x0a, 0x3f, 0x63, 0x21, 0x2f,
+    0xba, 0x5d, 0x7e, 0xf1, 0xe7, 0x60, 0xc5, 0x97, 0xfb, 0xa9, 0xff, 0xa7,
+    0x7e, 0x2c, 0xba, 0x3c, 0x59, 0x6e, 0xb0, 0xf3, 0x00, 0x6b, 0x4b, 0x2c,
+    0xfa, 0x36, 0x67, 0x28, 0xbf, 0xb0, 0xf1, 0x3b, 0xc1, 0x65, 0xff, 0xfc,
+    0xfe, 0x98, 0x04, 0xc0, 0x4c, 0x38, 0x3f, 0x4e, 0x96, 0x59, 0x86, 0x88,
+    0x9f, 0x16, 0xdf, 0xf8, 0xd9, 0xec, 0xa7, 0xde, 0x17, 0x4b, 0x2f, 0xfe,
+    0xd4, 0xe1, 0x64, 0x1b, 0xd9, 0xbd, 0x65, 0xf6, 0x69, 0x8d, 0x59, 0x7e,
+    0xf3, 0x72, 0x60, 0xb2, 0xff, 0xf3, 0x9b, 0xcc, 0xdf, 0x3d, 0xff, 0x82,
+    0x3a, 0xca, 0x73, 0xf5, 0x22, 0x7a, 0x1a, 0x3e, 0x8e, 0x86, 0x50, 0x97,
+    0xbf, 0xff, 0x4f, 0x98, 0xdc, 0x35, 0xb4, 0x1e, 0x9a, 0x46, 0xb2, 0xff,
+    0xd8, 0x77, 0x86, 0xc8, 0x86, 0xde, 0x59, 0x5e, 0x44, 0xb9, 0x2b, 0x5f,
+    0xbf, 0xf7, 0x87, 0x16, 0x5f, 0xe2, 0x9f, 0xf7, 0x13, 0x9d, 0x65, 0xfb,
+    0xe2, 0xfe, 0x0d, 0x65, 0xb1, 0x65, 0x39, 0xb8, 0xde, 0x51, 0x7f, 0x9b,
+    0x98, 0x51, 0x99, 0x12, 0xcb, 0xfd, 0xcc, 0xdb, 0xdc, 0x33, 0xeb, 0x2e,
+    0xf6, 0x0c, 0xfa, 0xf8, 0x6b, 0x50, 0x4d, 0xc0, 0x64, 0x47, 0x28, 0x26,
+    0xcf, 0xc2, 0x36, 0xfd, 0xa0, 0x3e, 0x01, 0x65, 0xfd, 0x9b, 0xad, 0xf6,
+    0x82, 0xcb, 0xef, 0x4c, 0x7c, 0xc3, 0xd6, 0xf1, 0x3d, 0xfc, 0x4e, 0x6f,
+    0x9e, 0x0b, 0x2f, 0xff, 0x77, 0xfe, 0xbc, 0xc5, 0x9f, 0xe4, 0x9d, 0x65,
+    0xf4, 0xf4, 0xd0, 0x59, 0x7c, 0x72, 0xcf, 0xe1, 0xf6, 0x92, 0x5d, 0xff,
+    0xfd, 0xf9, 0xf1, 0x67, 0xfc, 0xdb, 0x4f, 0x9f, 0x7f, 0xac, 0xa5, 0x94,
+    0xc7, 0xcd, 0xa5, 0xba, 0x64, 0x5e, 0xbc, 0x27, 0x2f, 0xdd, 0x61, 0xe7,
+    0x8b, 0x2f, 0x18, 0x61, 0x89, 0x2f, 0x07, 0x20, 0x48, 0x10, 0xd0, 0x5f,
+    0xf3, 0xc0, 0x3d, 0x66, 0xf7, 0xd2, 0xcb, 0x69, 0x65, 0xfe, 0x29, 0x81,
+    0xba, 0xce, 0x2c, 0xbf, 0xf1, 0x16, 0x47, 0x14, 0x27, 0x51, 0xac, 0xbd,
+    0xec, 0x84, 0xa2, 0x13, 0x04, 0x43, 0x33, 0xa2, 0x47, 0xff, 0xe1, 0x7f,
+    0x7f, 0x8a, 0x0c, 0x7c, 0xef, 0xeb, 0x2f, 0xbb, 0xe9, 0x89, 0x65, 0x39,
+    0xeb, 0x7c, 0xce, 0x96, 0x5c, 0x09, 0x81, 0xac, 0x0b, 0x90, 0xdf, 0xb6,
+    0xcf, 0x59, 0xa5, 0x97, 0xff, 0xfc, 0xdf, 0xf3, 0xc0, 0x26, 0x79, 0xfb,
+    0x07, 0xca, 0x4f, 0xc5, 0x97, 0xfe, 0xdb, 0x24, 0x23, 0xc9, 0x93, 0xc5,
+    0x96, 0xc1, 0xa3, 0x4b, 0xc5, 0x44, 0xd1, 0x7f, 0xdf, 0x72, 0xce, 0x6a,
+    0x78, 0xb2, 0xfa, 0x12, 0x0e, 0xd6, 0x5e, 0x38, 0xc6, 0xb2, 0xff, 0xff,
+    0x3b, 0x7e, 0x60, 0xda, 0x8c, 0x40, 0xd9, 0xd9, 0xc1, 0xb2, 0xcb, 0xff,
+    0xfe, 0x7d, 0xed, 0xbc, 0x85, 0xc0, 0xca, 0x47, 0xe7, 0x86, 0x71, 0x65,
+    0xfc, 0x09, 0x2c, 0xef, 0xeb, 0x2e, 0x70, 0x6d, 0x4c, 0xf3, 0x08, 0xfc,
+    0x3a, 0x4c, 0xc1, 0xb4, 0xdf, 0xfe, 0x0c, 0xa2, 0x35, 0xc7, 0xec, 0xeb,
+    0x34, 0xb2, 0x99, 0x5a, 0x6f, 0xa3, 0x02, 0x73, 0x42, 0x8d, 0xcf, 0x8a,
+    0xf7, 0xbf, 0x06, 0x59, 0x7b, 0x7c, 0xe9, 0x65, 0xe1, 0x67, 0x96, 0x54,
+    0x6c, 0xcb, 0xf8, 0x42, 0xbc, 0x65, 0x19, 0x19, 0xdb, 0x4a, 0x3b, 0x8a,
+    0x14, 0xa7, 0x39, 0xf4, 0x6a, 0xee, 0x4c, 0x04, 0x82, 0x8c, 0xbb, 0xf2,
+    0xfd, 0x84, 0xab, 0xbc, 0x70, 0xc1, 0xeb, 0x9a, 0x35, 0x97, 0xf8, 0xba,
+    0x1b, 0x6f, 0x91, 0xac, 0xa1, 0x9e, 0x60, 0x85, 0xef, 0xf7, 0x18, 0xef,
+    0xa7, 0xe2, 0xcb, 0xff, 0xcd, 0xaf, 0x4b, 0x7f, 0x8c, 0x5d, 0xc1, 0x65,
+    0xff, 0x98, 0xcd, 0x61, 0xce, 0xe5, 0xf5, 0x95, 0x88, 0x87, 0x24, 0x9b,
+    0xfb, 0x3a, 0xfe, 0xce, 0x79, 0x65, 0x2c, 0xaf, 0x1b, 0xc0, 0x18, 0xdf,
+    0xfd, 0x17, 0xa6, 0x30, 0xff, 0xe1, 0x3c, 0x16, 0x5f, 0x8d, 0x14, 0x1c,
+    0x6b, 0x2f, 0xf4, 0xee, 0x6d, 0xf3, 0xe6, 0x96, 0x5e, 0xcd, 0x4a, 0xcb,
+    0xef, 0x7b, 0x3b, 0x59, 0x76, 0x1f, 0x64, 0xdf, 0x06, 0x37, 0x58, 0x8a,
+    0x52, 0x75, 0xb6, 0xe2, 0xcb, 0x44, 0xb2, 0xc7, 0x59, 0x4c, 0x68, 0xdc,
+    0x4a, 0x8d, 0x3d, 0x63, 0x9b, 0xdf, 0xb0, 0x1c, 0x98, 0x2c, 0xbf, 0x31,
+    0xc6, 0x3c, 0x59, 0x60, 0x11, 0xe7, 0x6c, 0x93, 0xdf, 0xf7, 0xfd, 0x9c,
+    0xdb, 0xf6, 0x8d, 0x65, 0xfd, 0x91, 0x66, 0x86, 0xcb, 0x2a, 0x51, 0x26,
+    0xc5, 0x44, 0x79, 0x7f, 0xc4, 0xc2, 0x0b, 0xf3, 0x66, 0x7e, 0xb2, 0xff,
+    0xa7, 0x0c, 0xee, 0x1f, 0x93, 0x16, 0x5f, 0xe0, 0x69, 0xb3, 0xc2, 0xe2,
+    0xcb, 0xd9, 0xd9, 0xd6, 0x5f, 0xd8, 0x0d, 0xdf, 0xb1, 0xd6, 0x54, 0xa2,
+    0x00, 0x8c, 0xfe, 0x3b, 0x7f, 0xf3, 0xff, 0x42, 0x37, 0x3e, 0xc0, 0xe2,
+    0xcb, 0xcf, 0xa0, 0x2c, 0xa9, 0x5d, 0x7e, 0x8e, 0x17, 0x30, 0x5d, 0x19,
+    0x0b, 0x24, 0x45, 0x0c, 0xe3, 0xbb, 0xfa, 0x30, 0x42, 0x2d, 0xe1, 0xff,
+    0xe1, 0x76, 0x61, 0x76, 0xca, 0x2d, 0xf7, 0xb3, 0xb8, 0x2c, 0xbe, 0xcf,
+    0x87, 0x1a, 0xcb, 0xf1, 0x4b, 0x77, 0x05, 0x97, 0x8c, 0x30, 0xc4, 0xc4,
+    0x20, 0x5f, 0x74, 0xef, 0xd2, 0x62, 0x10, 0x02, 0x1a, 0xeb, 0xe7, 0xd6,
+    0x18, 0xb2, 0xb4, 0x7c, 0xbb, 0xd0, 0xef, 0x18, 0x61, 0x89, 0x88, 0x3c,
+    0xa4, 0xc4, 0x1e, 0x04, 0x35, 0xd7, 0xf7, 0xdc, 0xe7, 0x93, 0xac, 0xbf,
+    0x3f, 0xdc, 0x80, 0xb2, 0xfe, 0xcf, 0xf8, 0x4f, 0x05, 0x97, 0x8c, 0x30,
+    0xc5, 0x97, 0xb9, 0x26, 0xa4, 0x08, 0x68, 0x2a, 0x55, 0x03, 0x64, 0x2e,
+    0xba, 0x52, 0xec, 0xaf, 0xc5, 0xa4, 0x4d, 0xf4, 0xda, 0xdc, 0x55, 0x28,
+    0x79, 0x45, 0x57, 0xfb, 0xd3, 0xbe, 0x4a, 0x7e, 0xb2, 0xff, 0xf7, 0x3c,
+    0xf0, 0xcf, 0x31, 0xf9, 0x3b, 0x8b, 0x2f, 0x19, 0x24, 0xb2, 0xff, 0xff,
+    0xe9, 0x28, 0xf9, 0xe7, 0x39, 0xde, 0x01, 0x96, 0xfc, 0x1e, 0x77, 0xf5,
+    0x97, 0xff, 0x7a, 0x60, 0xdf, 0xcf, 0x75, 0x27, 0x59, 0x52, 0x9c, 0x1c,
+    0x0b, 0xf0, 0xcd, 0xd3, 0x38, 0x39, 0xbd, 0xd6, 0xff, 0xde, 0x68, 0x89,
+    0xcc, 0xfe, 0x79, 0x65, 0xd3, 0xc5, 0x95, 0xd1, 0xea, 0xfc, 0xfe, 0xff,
+    0xde, 0x61, 0xc9, 0x7f, 0x3b, 0xfa, 0xcb, 0xfc, 0x52, 0x7e, 0x70, 0x44,
+    0xb2, 0xba, 0x3f, 0x0e, 0x1f, 0x5f, 0xfd, 0xe6, 0xd7, 0x9f, 0x38, 0xcf,
+    0x1a, 0xcb, 0xff, 0x4f, 0xf3, 0x59, 0xcc, 0xef, 0xeb, 0x2b, 0x11, 0x02,
+    0x48, 0x77, 0xfe, 0x8c, 0xf8, 0x7c, 0x2f, 0xe7, 0x4b, 0x2f, 0xa7, 0xf2,
+    0x75, 0x97, 0xfb, 0x09, 0x8d, 0xdb, 0xd7, 0x96, 0x56, 0xc6, 0x9f, 0x77,
+    0x70, 0x93, 0x3c, 0x29, 0x08, 0x87, 0xe7, 0xe6, 0x10, 0xdf, 0xf7, 0xa4,
+    0xba, 0xef, 0x8f, 0xb8, 0xb2, 0xf6, 0xec, 0xc6, 0xb2, 0xf8, 0x85, 0x19,
+    0x2c, 0xbc, 0xdd, 0xc1, 0x65, 0x40, 0xdf, 0x80, 0x8a, 0xfe, 0x1f, 0x30,
+    0xf3, 0xb8, 0xb2, 0xfb, 0x06, 0xf0, 0x59, 0x78, 0x4e, 0x1a, 0xcb, 0xa3,
+    0xed, 0x65, 0x0c, 0xdb, 0x00, 0x76, 0xb6, 0x9f, 0xc3, 0xab, 0xd4, 0x13,
+    0x88, 0x19, 0xef, 0x6b, 0xee, 0x42, 0x64, 0x2a, 0x2f, 0xf7, 0x3d, 0x9c,
+    0xfe, 0x74, 0xb2, 0xfc, 0x5f, 0xf6, 0x41, 0x65, 0xe6, 0x93, 0x56, 0x53,
+    0x1f, 0xbb, 0x9a, 0x11, 0x3d, 0xff, 0x61, 0x4f, 0xbd, 0x26, 0x32, 0xcb,
+    0xee, 0xbc, 0xc6, 0x2c, 0xbb, 0x77, 0x4b, 0x2f, 0x07, 0x20, 0x59, 0x7f,
+    0xff, 0xff, 0xdb, 0x4b, 0x0d, 0x6f, 0x7b, 0x37, 0x36, 0xcf, 0x4e, 0x1e,
+    0xdc, 0x28, 0xdb, 0x4c, 0x20, 0xbe, 0x2c, 0xa8, 0xd3, 0x5f, 0x34, 0xb3,
+    0xb3, 0x78, 0x89, 0x0e, 0x34, 0x60, 0xed, 0xfb, 0xa9, 0xf4, 0x9d, 0x25,
+    0xf8, 0x9c, 0x8b, 0x12, 0x5d, 0x9d, 0x24, 0xb8, 0xc3, 0x12, 0x56, 0x1f,
+    0xe7, 0x0a, 0x3e, 0x48, 0x60, 0xbd, 0xfe, 0x20, 0xe4, 0x1e, 0xcd, 0xd4,
+    0x81, 0x0d, 0xe5, 0xff, 0xe8, 0xc7, 0xa7, 0xe8, 0xb3, 0x7e, 0x9b, 0x8b,
+    0x2a, 0x57, 0x70, 0x72, 0x3f, 0x06, 0x94, 0x4e, 0xf1, 0x8a, 0x89, 0x22,
+    0xff, 0xef, 0x48, 0x3f, 0xec, 0x87, 0x9b, 0x7a, 0xcb, 0xff, 0xa4, 0x1c,
+    0xcc, 0x1b, 0x93, 0x9a, 0xb2, 0xff, 0xbf, 0xc7, 0xed, 0xa7, 0xbf, 0xac,
+    0xbf, 0xe2, 0x07, 0x9f, 0xff, 0x60, 0x2c, 0xbf, 0xff, 0x79, 0xb7, 0xb1,
+    0x0f, 0x93, 0xa6, 0xce, 0xf8, 0xb2, 0xff, 0x66, 0xf9, 0x2f, 0xc0, 0x2e,
+    0xb2, 0xff, 0x74, 0xdc, 0xc1, 0xc0, 0x2e, 0xb2, 0xff, 0x66, 0x14, 0xc2,
+    0x01, 0x75, 0x97, 0xf1, 0x4e, 0x69, 0xc0, 0xb2, 0xff, 0xd3, 0xaf, 0x4b,
+    0x7a, 0x49, 0x96, 0x5d, 0x0e, 0x62, 0x73, 0x3d, 0x1c, 0x69, 0x5b, 0xc7,
+    0x04, 0x71, 0xf3, 0x53, 0x0a, 0xef, 0xe2, 0xc3, 0xb7, 0x70, 0x59, 0x7f,
+    0xf9, 0xdb, 0xf2, 0x5d, 0x31, 0xf8, 0x3e, 0xd6, 0x54, 0x9f, 0xbf, 0x8b,
+    0x6f, 0xf7, 0xa7, 0x21, 0x38, 0x05, 0x97, 0xff, 0x8b, 0x3b, 0x03, 0xf1,
+    0xf4, 0xdd, 0x81, 0x65, 0x0c, 0xfe, 0xf8, 0x63, 0x50, 0x56, 0xf3, 0xdc,
+    0x7a, 0x7f, 0x87, 0x41, 0x90, 0x9c, 0xbe, 0x9e, 0xb0, 0xeb, 0x2f, 0x8e,
+    0x22, 0x82, 0xcb, 0xa4, 0xeb, 0x2f, 0x79, 0xe1, 0x19, 0xb8, 0x22, 0x2a,
+    0x1a, 0x23, 0x3e, 0xb5, 0x7d, 0xfe, 0x0b, 0x8b, 0x2a, 0x0b, 0xa4, 0x9e,
+    0x46, 0x79, 0x77, 0x65, 0x0d, 0xde, 0x11, 0xde, 0xde, 0x19, 0xd6, 0x5f,
+    0x7a, 0x3c, 0x31, 0x65, 0xf0, 0xc4, 0x50, 0x59, 0x6e, 0x39, 0xe3, 0x06,
+    0x49, 0x7e, 0xe8, 0x78, 0xe0, 0x59, 0x60, 0xb4, 0xb2, 0xff, 0xd9, 0xcf,
+    0xc3, 0x0d, 0x2c, 0x02, 0xcb, 0xc3, 0xc2, 0x59, 0x41, 0x53, 0xf0, 0x71,
+    0x7d, 0xd3, 0xea, 0x64, 0x66, 0x8a, 0x13, 0x17, 0xcd, 0xe3, 0xba, 0xcb,
+    0xff, 0x18, 0x3d, 0x4f, 0x9c, 0x70, 0x3a, 0xcb, 0xff, 0xf7, 0xf9, 0xde,
+    0xd1, 0xe0, 0xe5, 0xf5, 0x84, 0x05, 0x97, 0xff, 0xfe, 0xdb, 0xf8, 0x60,
+    0x36, 0x73, 0x68, 0xf0, 0x72, 0xfa, 0xc2, 0x02, 0x10, 0xbf, 0xfb, 0x3f,
+    0xb7, 0xaf, 0x37, 0xbc, 0xc0, 0x54, 0x21, 0x6a, 0x82, 0x32, 0x78, 0xeb,
+    0x7a, 0x63, 0x09, 0xc4, 0xd0, 0xff, 0x19, 0x05, 0xf6, 0x74, 0xfd, 0x2c,
+    0xbf, 0x1f, 0x86, 0x3f, 0x6b, 0x28, 0x68, 0x8b, 0xf9, 0xf0, 0x64, 0x75,
+    0x2a, 0x98, 0x3b, 0x21, 0xe4, 0xa0, 0xeb, 0xfb, 0x22, 0x83, 0x6b, 0x8b,
+    0x2f, 0xd1, 0xcf, 0xda, 0x25, 0x97, 0xc1, 0xf2, 0x71, 0x65, 0x74, 0x79,
+    0x7d, 0x94, 0xdf, 0x73, 0x6e, 0xb1, 0x65, 0xf7, 0xba, 0x6e, 0x2c, 0xa9,
+    0x3e, 0xb7, 0x24, 0xf9, 0x25, 0xff, 0xff, 0x06, 0x3f, 0x4c, 0x3f, 0x98,
+    0x67, 0x0b, 0x3f, 0xf6, 0x8d, 0x65, 0xcf, 0xda, 0xcb, 0x62, 0xcb, 0x3c,
+    0x68, 0x8f, 0x76, 0x8d, 0xe2, 0xf7, 0x98, 0xb1, 0x65, 0xfb, 0x5a, 0x70,
+    0x4a, 0xca, 0x81, 0xe0, 0xb8, 0xd5, 0x05, 0x5d, 0x6e, 0xf4, 0xd3, 0x5a,
+    0x87, 0x1a, 0x3e, 0x4e, 0xd0, 0x75, 0x0c, 0xd6, 0x9c, 0x3a, 0xd5, 0x21,
+    0x6d, 0xe7, 0x60, 0x00, 0xae, 0x17, 0x66, 0x28, 0x7a, 0xf2, 0x54, 0x3f,
+    0xce, 0x45, 0x0e, 0x43, 0x21, 0x78, 0x1b, 0xc5, 0xc1, 0x4d, 0x81, 0x65,
+    0xf6, 0x03, 0x52, 0xb2, 0xf1, 0x86, 0x18, 0x92, 0xf3, 0x90, 0xd2, 0x04,
+    0x34, 0x17, 0xd9, 0xac, 0xfa, 0xca, 0xf2, 0x23, 0xc0, 0x83, 0xc2, 0xdb,
+    0xef, 0x33, 0xc1, 0x65, 0xfe, 0x2c, 0xf7, 0xca, 0x40, 0xb2, 0xff, 0xfe,
+    0x68, 0xb9, 0xc1, 0x3e, 0x85, 0x1c, 0x9a, 0x19, 0x7d, 0x65, 0xff, 0xc4,
+    0x59, 0x1c, 0xf7, 0x08, 0x49, 0xd6, 0x57, 0x91, 0x46, 0x1a, 0xfd, 0xe2,
+    0x98, 0x2c, 0xbe, 0xd6, 0x98, 0xeb, 0x2d, 0xc1, 0x9b, 0xd6, 0x1b, 0xa8,
+    0x22, 0x1f, 0xec, 0x37, 0x8f, 0x18, 0xd6, 0x54, 0x69, 0xce, 0x14, 0x6b,
+    0x7f, 0x23, 0xbf, 0x6b, 0x3a, 0x9f, 0x2c, 0xbd, 0xb4, 0xdd, 0x95, 0x97,
+    0xbe, 0xe3, 0x59, 0x5a, 0x37, 0xfc, 0x23, 0xbf, 0xba, 0xf4, 0x96, 0x44,
+    0xb2, 0xf4, 0x1b, 0x75, 0x65, 0x49, 0xe6, 0xc4, 0x5d, 0x7f, 0x8d, 0xef,
+    0xfa, 0x9c, 0xed, 0x65, 0xf0, 0x1b, 0x46, 0xa4, 0xbe, 0xd6, 0x9a, 0x35,
+    0x96, 0xea, 0x4f, 0x19, 0xc8, 0xef, 0xe0, 0xf3, 0x59, 0x91, 0x2c, 0xbf,
+    0x3f, 0xb6, 0x8e, 0x56, 0x54, 0x17, 0x05, 0x46, 0x61, 0x91, 0xde, 0x9a,
+    0x6e, 0xcc, 0xfa, 0x6e, 0x72, 0x22, 0x7c, 0xe1, 0x3f, 0xcb, 0xaf, 0xcf,
+    0xad, 0x67, 0x6b, 0x2f, 0xff, 0x7f, 0xcc, 0xe0, 0xcd, 0x0e, 0x4a, 0x0b,
+    0x2f, 0xff, 0x77, 0xb7, 0xb0, 0x49, 0x74, 0xf1, 0x93, 0xac, 0xa9, 0x45,
+    0xf6, 0x14, 0x12, 0x45, 0xfa, 0x78, 0x19, 0x41, 0x65, 0xee, 0x9a, 0x0b,
+    0x2f, 0xf4, 0xfd, 0xf5, 0xac, 0xed, 0x65, 0x6d, 0x3d, 0x0f, 0x0e, 0xdf,
+    0xfb, 0xac, 0xd6, 0x37, 0x3d, 0x3b, 0xd6, 0x5f, 0xf9, 0xfb, 0x71, 0xbf,
+    0x7a, 0x63, 0x56, 0x5f, 0xa7, 0x76, 0x3c, 0x31, 0x65, 0xff, 0xff, 0xce,
+    0xdf, 0x6f, 0x74, 0xdb, 0x60, 0xde, 0x72, 0xfc, 0x33, 0x58, 0xb2, 0xec,
+    0xf2, 0xcb, 0xb3, 0x75, 0x65, 0x44, 0x6b, 0xfc, 0x2d, 0x5e, 0x46, 0x13,
+    0xc2, 0x82, 0xfc, 0xc0, 0x72, 0x02, 0xcb, 0xfd, 0x3d, 0xf2, 0x7f, 0x23,
+    0x59, 0x40, 0x3d, 0x92, 0x26, 0xbf, 0xfe, 0xf6, 0x36, 0xa1, 0xe6, 0x17,
+    0x5e, 0xc0, 0x2c, 0xbd, 0xc0, 0xf9, 0xb5, 0x1e, 0x39, 0x08, 0x0f, 0x90,
+    0xd0, 0xd5, 0x66, 0x76, 0x48, 0x74, 0x0f, 0x20, 0x7e, 0x3d, 0xfb, 0xb9,
+    0x05, 0x97, 0xf4, 0x1b, 0xec, 0x50, 0x59, 0x7f, 0x71, 0x9a, 0x36, 0xf2,
+    0xcb, 0x6a, 0x4f, 0x66, 0x05, 0x97, 0xff, 0xff, 0xfd, 0x3c, 0x9f, 0xc7,
+    0x86, 0x6b, 0x3c, 0xe1, 0xf3, 0x0d, 0x72, 0x04, 0x94, 0xc5, 0xe9, 0x59,
+    0x7c, 0x27, 0xc8, 0xd6, 0x5e, 0x3e, 0x46, 0xb2, 0xf4, 0x1b, 0x79, 0x1b,
+    0xf0, 0xc8, 0xaf, 0xdc, 0xf3, 0xf5, 0x2b, 0x2f, 0xcf, 0x19, 0x8f, 0x05,
+    0x95, 0x29, 0xbf, 0x91, 0x3f, 0xe1, 0xa6, 0x61, 0xa0, 0x65, 0x17, 0xfd,
+    0xcf, 0x4b, 0xeb, 0x59, 0xda, 0xcb, 0xff, 0xff, 0x1b, 0xdc, 0x3f, 0x85,
+    0xfe, 0x6d, 0xe7, 0x33, 0x58, 0x4f, 0x05, 0x95, 0x88, 0xa8, 0x63, 0x9b,
+    0xe0, 0x7f, 0x23, 0x59, 0x63, 0xac, 0xa9, 0x36, 0x87, 0x23, 0xbf, 0xff,
+    0xc0, 0x13, 0x97, 0x46, 0x4e, 0x8b, 0x3b, 0x87, 0xe7, 0xb5, 0x97, 0xff,
+    0x04, 0x19, 0x48, 0xba, 0xc3, 0x5b, 0x4b, 0x2f, 0x69, 0xf8, 0xb2, 0xec,
+    0x31, 0x65, 0x49, 0xfd, 0x0d, 0x1f, 0x83, 0x97, 0xd2, 0xfa, 0xe2, 0xcb,
+    0xdf, 0xf4, 0xac, 0xac, 0x3e, 0xbf, 0x17, 0x39, 0x0d, 0xfb, 0xd2, 0x4f,
+    0xe5, 0x97, 0xf4, 0x7e, 0x7f, 0xea, 0x56, 0x5f, 0x67, 0xe7, 0xcb, 0x2f,
+    0x43, 0x38, 0xb2, 0xf4, 0xf7, 0xc5, 0x97, 0xf8, 0x7e, 0x98, 0x9d, 0xfb,
+    0x59, 0x79, 0xbf, 0xc5, 0x97, 0xdc, 0x11, 0x41, 0x65, 0xf8, 0x9f, 0xf0,
+    0x95, 0x95, 0xd1, 0xf2, 0x76, 0x39, 0xc2, 0x2b, 0xde, 0x06, 0xf5, 0x95,
+    0x1a, 0x64, 0x23, 0x1c, 0xd0, 0xe9, 0x42, 0x63, 0x74, 0xc6, 0xe6, 0x8d,
+    0x65, 0xee, 0xdf, 0x71, 0x65, 0x68, 0xdb, 0xf8, 0x5e, 0xf6, 0xcb, 0x1a,
+    0xb2, 0xfe, 0xfc, 0xef, 0x27, 0xed, 0x65, 0x49, 0xe7, 0xf6, 0x41, 0x50,
+    0x55, 0xbe, 0x32, 0xdd, 0x13, 0x78, 0xb9, 0xe3, 0x42, 0x28, 0x45, 0x7d,
+    0xc2, 0xfc, 0x22, 0x1b, 0xc6, 0xb2, 0xff, 0xfb, 0xcc, 0xe0, 0xc2, 0x9e,
+    0xf9, 0x9d, 0xfd, 0x65, 0x8d, 0x39, 0xfb, 0xfc, 0xa2, 0xff, 0xec, 0xd0,
+    0x0e, 0xdc, 0x0f, 0x93, 0x8b, 0x2f, 0x4f, 0x7b, 0x8b, 0x2f, 0xb8, 0x4c,
+    0x6a, 0xca, 0xd1, 0xe1, 0x7c, 0x82, 0xfb, 0x06, 0xf0, 0x59, 0x43, 0x3c,
+    0x33, 0x48, 0xaf, 0xfe, 0x34, 0xc9, 0xd7, 0xa5, 0x9f, 0xfc, 0x59, 0x7c,
+    0x72, 0x98, 0x96, 0x5f, 0xff, 0x79, 0xa0, 0xda, 0x70, 0x7c, 0xa4, 0xfc,
+    0x59, 0x7d, 0xf9, 0xd0, 0x24, 0xfc, 0x3a, 0x22, 0xbb, 0x73, 0x8b, 0x2f,
+    0xfb, 0x9d, 0x79, 0xc6, 0x14, 0x0a, 0xec, 0x6b, 0x28, 0xd4, 0x4d, 0xb9,
+    0xcf, 0xc6, 0xaa, 0x55, 0x4a, 0xc0, 0xa7, 0x21, 0x92, 0xc4, 0x6f, 0x1a,
+    0x85, 0xed, 0x88, 0x80, 0xb2, 0xf1, 0xc5, 0xc5, 0x97, 0xcc, 0x7c, 0x25,
+    0x96, 0x97, 0x37, 0xbf, 0x1d, 0xbf, 0x48, 0x64, 0xf0, 0x59, 0x7f, 0xfb,
+    0x4e, 0x5f, 0xc0, 0x6c, 0xc8, 0xc7, 0x2b, 0x2f, 0xfe, 0x29, 0x00, 0xc5,
+    0x31, 0xcf, 0x70, 0x59, 0x7f, 0x43, 0x53, 0x07, 0xd2, 0xcb, 0xf7, 0xf8,
+    0x15, 0x37, 0xeb, 0x2c, 0x75, 0x95, 0x26, 0xff, 0x0b, 0xaf, 0x7e, 0x4c,
+    0x59, 0x7b, 0xc1, 0xe9, 0x65, 0x40, 0xdd, 0xfc, 0x76, 0xf7, 0xf0, 0x6b,
+    0x2f, 0xf8, 0x5a, 0x35, 0xdb, 0x8d, 0xbd, 0x65, 0xfb, 0x40, 0x3b, 0x71,
+    0x65, 0xc0, 0xdb, 0xb2, 0x7c, 0x61, 0x9d, 0xdb, 0x3b, 0x45, 0x99, 0x3f,
+    0xdf, 0x3f, 0x45, 0x8b, 0x2f, 0xe6, 0xf3, 0x67, 0x7f, 0x59, 0x43, 0x4e,
+    0x93, 0xb5, 0xa3, 0xc3, 0x50, 0x8a, 0x3e, 0x43, 0x4b, 0x2f, 0x81, 0xfc,
+    0x02, 0xcb, 0xee, 0x71, 0xb7, 0xac, 0xbf, 0xff, 0x61, 0x1a, 0xfc, 0xf3,
+    0xb0, 0x0f, 0x3d, 0xc1, 0x65, 0x49, 0xfc, 0xf4, 0x49, 0x7f, 0xef, 0x37,
+    0x7c, 0xc2, 0x37, 0x09, 0x65, 0xff, 0xfc, 0xd1, 0x73, 0x82, 0x7d, 0x0a,
+    0x39, 0x34, 0x32, 0xfa, 0xcb, 0x73, 0xa4, 0x4e, 0xf8, 0xfa, 0xf8, 0xe4,
+    0x52, 0xb2, 0xff, 0x98, 0x7e, 0x98, 0x67, 0x7f, 0x59, 0x7f, 0xdd, 0x4e,
+    0xf9, 0xe3, 0x03, 0xb5, 0x96, 0x36, 0x51, 0x2a, 0x32, 0x0c, 0x39, 0xac,
+    0x47, 0xa3, 0xc2, 0xfe, 0xfd, 0xf7, 0xf8, 0xa5, 0x65, 0xfd, 0xe9, 0x10,
+    0x5f, 0x68, 0xd6, 0x5f, 0xff, 0xde, 0x6f, 0xf9, 0xe0, 0x18, 0xde, 0x31,
+    0xf9, 0x8e, 0xb2, 0xff, 0xcd, 0xf8, 0x60, 0x38, 0x58, 0x05, 0x94, 0x35,
+    0xe8, 0xbc, 0x27, 0x35, 0x2f, 0xb4, 0x56, 0x94, 0x21, 0x12, 0x86, 0x82,
+    0xfd, 0x09, 0xb2, 0x8e, 0xcf, 0x84, 0xdf, 0x27, 0x11, 0xa6, 0xf5, 0xdb,
+    0xdb, 0x3d, 0xca, 0xcb, 0xfd, 0xe2, 0x9e, 0xda, 0x7c, 0xb2, 0xfe, 0x7f,
+    0x80, 0x32, 0x82, 0xca, 0xe8, 0xf8, 0x3c, 0x65, 0x41, 0x46, 0xf6, 0x8a,
+    0x67, 0x31, 0x21, 0x1a, 0x78, 0xcb, 0x72, 0x5a, 0x21, 0xaa, 0x6d, 0x1f,
+    0x7e, 0xa1, 0xf0, 0x75, 0x5f, 0x10, 0x3c, 0xe1, 0x39, 0x4b, 0x7b, 0xe2,
+    0x9f, 0xd7, 0x85, 0x3d, 0x61, 0xb3, 0x0c, 0x90, 0xe1, 0x01, 0x7f, 0xe7,
+    0x61, 0x8b, 0xfc, 0x8f, 0x0c, 0x59, 0x76, 0xc4, 0x4b, 0x2f, 0xdc, 0xc3,
+    0x67, 0x8b, 0x2f, 0xdb, 0x38, 0x4e, 0x6a, 0xcb, 0xf7, 0x67, 0x72, 0x02,
+    0xcb, 0xcf, 0xed, 0x2c, 0xad, 0xa7, 0xdd, 0x25, 0x5a, 0x28, 0xbf, 0xb7,
+    0x38, 0xc5, 0xdc, 0x16, 0x5f, 0xbc, 0xfc, 0x6d, 0x2c, 0xbf, 0xf3, 0xeb,
+    0x65, 0xbd, 0x8f, 0xd8, 0x16, 0x5f, 0xc0, 0x0c, 0xbd, 0x9d, 0xac, 0xbf,
+    0xff, 0x37, 0xe4, 0xf9, 0xdf, 0xe4, 0xe1, 0xe9, 0xc0, 0xb2, 0xf9, 0x89,
+    0xc6, 0xb2, 0xff, 0xfe, 0xff, 0x30, 0x41, 0x7c, 0x33, 0x1b, 0x7e, 0x42,
+    0x49, 0x65, 0xff, 0x72, 0x75, 0xf9, 0x08, 0x36, 0x59, 0x50, 0x4c, 0x3c,
+    0x6a, 0xc4, 0x41, 0xc5, 0xfb, 0xff, 0xfb, 0x3d, 0xb7, 0x0e, 0xde, 0x9d,
+    0xbc, 0xe6, 0x10, 0x16, 0x5f, 0xfc, 0xda, 0x98, 0x7a, 0x62, 0x21, 0x1a,
+    0xb2, 0xbc, 0x8a, 0x2e, 0x2e, 0xdf, 0xfa, 0x39, 0x88, 0xa7, 0x99, 0x30,
+    0x59, 0x77, 0x5b, 0x2b, 0x2f, 0xe3, 0x7f, 0x3e, 0x9e, 0x2c, 0xbf, 0xee,
+    0x16, 0x7f, 0x93, 0xa8, 0xd6, 0x5f, 0xe1, 0xee, 0xf2, 0x62, 0x16, 0x96,
+    0x5f, 0x9b, 0xbe, 0x3f, 0x6b, 0x2f, 0xff, 0xd9, 0xfe, 0x49, 0xfb, 0xe3,
+    0x0f, 0xd8, 0xc6, 0xac, 0xaf, 0x1f, 0xf9, 0x14, 0xdf, 0xec, 0x1e, 0x6a,
+    0x13, 0xa5, 0x97, 0xbc, 0xdf, 0x59, 0x52, 0x9f, 0x34, 0x0f, 0x98, 0x6e,
+    0x22, 0xe7, 0x39, 0x04, 0x2d, 0xf8, 0x42, 0x19, 0x95, 0xf9, 0xfd, 0x9d,
+    0xfd, 0x65, 0xff, 0x9f, 0xfc, 0x9c, 0x21, 0xfa, 0x56, 0x5f, 0x75, 0xe9,
+    0x12, 0xca, 0xf1, 0xef, 0xfc, 0xf2, 0xff, 0xce, 0x51, 0x99, 0x84, 0x3f,
+    0x4a, 0xcb, 0x9a, 0x35, 0x95, 0x87, 0xaa, 0x47, 0xd7, 0xf8, 0x5d, 0xc3,
+    0x81, 0xce, 0xe2, 0xcb, 0xdd, 0x4e, 0xe2, 0xcb, 0xfd, 0x17, 0x9f, 0x5a,
+    0x61, 0xac, 0xac, 0x3d, 0x47, 0x20, 0xbf, 0xcf, 0xd8, 0x7a, 0x63, 0xe2,
+    0xcb, 0xf9, 0xca, 0x33, 0xbf, 0xd6, 0x51, 0x1f, 0x0f, 0x0d, 0x2f, 0x9b,
+    0xce, 0x75, 0x97, 0xfc, 0x45, 0x91, 0xff, 0xf2, 0x75, 0x95, 0x05, 0x54,
+    0xd9, 0x08, 0x78, 0x9d, 0xf4, 0x40, 0x50, 0x8d, 0xe4, 0x20, 0x7e, 0x42,
+    0x19, 0x0d, 0xee, 0x31, 0x8b, 0x2f, 0xf1, 0xae, 0x1c, 0x80, 0x33, 0xac,
+    0xb6, 0xb0, 0xf4, 0xcd, 0x1d, 0xbe, 0x3c, 0xeb, 0x8b, 0x2f, 0xff, 0x48,
+    0xfc, 0x23, 0x43, 0x91, 0xf8, 0x5c, 0x59, 0x6d, 0xc1, 0x9f, 0x78, 0x64,
+    0x57, 0x64, 0x6b, 0x2a, 0x4f, 0x0f, 0x0b, 0x2f, 0xe9, 0xdd, 0xeb, 0xd3,
+    0x1a, 0xcb, 0xdf, 0x7e, 0x2c, 0xbf, 0xe1, 0x40, 0x1e, 0x96, 0x28, 0xd6,
+    0x51, 0xa8, 0x87, 0x63, 0x22, 0x1c, 0xb8, 0x2c, 0x75, 0x97, 0xff, 0xff,
+    0x17, 0x58, 0x52, 0x67, 0xcd, 0x7e, 0x0e, 0x5f, 0x5e, 0x31, 0xc6, 0xb2,
+    0xe7, 0xed, 0x65, 0xbf, 0x28, 0x8a, 0xe3, 0x9d, 0xf6, 0x1e, 0x77, 0x16,
+    0x5f, 0xff, 0x9c, 0x62, 0x34, 0x41, 0x89, 0xc3, 0x8b, 0x68, 0x3e, 0xb2,
+    0xa5, 0x34, 0xe6, 0x85, 0x2f, 0x0a, 0x04, 0x49, 0x7f, 0x07, 0x22, 0xe8,
+    0x47, 0x59, 0x73, 0x12, 0xcb, 0xe8, 0x49, 0x74, 0xb2, 0x86, 0x6d, 0xf0,
+    0x56, 0xd1, 0x2c, 0xbe, 0x0a, 0xbc, 0xf6, 0xb2, 0xd2, 0x46, 0xe3, 0xe2,
+    0x55, 0xb4, 0xff, 0x59, 0x62, 0xfa, 0x41, 0x84, 0xb2, 0xa0, 0xcd, 0xdc,
+    0x1c, 0x25, 0xb0, 0xc0, 0xd3, 0x1e, 0x89, 0xfb, 0x41, 0x68, 0xcf, 0xa2,
+    0x86, 0xfe, 0xa5, 0x04, 0x9e, 0x58, 0xe3, 0xc3, 0x54, 0x10, 0xda, 0x28,
+    0x53, 0xf2, 0x37, 0xd1, 0x20, 0x99, 0x0e, 0x4d, 0x92, 0x3b, 0xe3, 0xec,
+    0x30, 0xb3, 0x60, 0x59, 0x77, 0xf8, 0xb2, 0x98, 0xf2, 0xa2, 0x33, 0xbe,
+    0x0e, 0x4c, 0xe2, 0xcb, 0x81, 0xf5, 0x97, 0x03, 0xcb, 0x2f, 0xb5, 0xac,
+    0xe2, 0xcb, 0xb2, 0x25, 0x96, 0x86, 0xd4, 0x45, 0xc6, 0x48, 0x71, 0x77,
+    0x17, 0x0c, 0x8a, 0xfb, 0xee, 0x58, 0xb2, 0xfb, 0x76, 0x4a, 0x0b, 0x29,
+    0x8f, 0x10, 0x32, 0x0b, 0xe2, 0x7f, 0xf1, 0x65, 0xed, 0x3e, 0xf5, 0x97,
+    0xfd, 0x9b, 0xae, 0xc3, 0x17, 0xf8, 0xb2, 0xfd, 0xa1, 0xe6, 0x12, 0xcb,
+    0xe3, 0x74, 0xe6, 0x2c, 0xbf, 0xf3, 0x67, 0xa7, 0x7f, 0x3d, 0x3d, 0xac,
+    0xac, 0x3e, 0x4d, 0xc2, 0x4b, 0xfb, 0xbd, 0x0b, 0xbf, 0xc1, 0x65, 0xff,
+    0x3f, 0x66, 0x61, 0x0f, 0xd2, 0xb2, 0xe9, 0x8d, 0x65, 0x62, 0x75, 0x31,
+    0x10, 0xe8, 0x79, 0xce, 0xf9, 0x08, 0xa1, 0x12, 0x18, 0x62, 0x19, 0xcd,
+    0xf8, 0xcf, 0xff, 0x23, 0x59, 0x7f, 0x3c, 0x83, 0x3b, 0x82, 0xca, 0x59,
+    0x7f, 0x8b, 0x59, 0xcc, 0x6f, 0x2c, 0xa0, 0xa9, 0xbc, 0xc0, 0xbb, 0xff,
+    0xe8, 0x7c, 0xb1, 0xfe, 0x59, 0xff, 0xe1, 0x8b, 0x2f, 0xed, 0x37, 0xfd,
+    0x90, 0x59, 0x7b, 0xd3, 0xbd, 0x65, 0x68, 0xf2, 0xfe, 0x5b, 0x73, 0xee,
+    0xac, 0xbf, 0xdf, 0xcd, 0x47, 0x3f, 0xe2, 0xca, 0x81, 0xe6, 0xb8, 0xcd,
+    0xff, 0xf6, 0x0d, 0xbf, 0x87, 0xf4, 0xcf, 0x47, 0x75, 0x97, 0x66, 0xf5,
+    0x97, 0xfd, 0xd7, 0xb0, 0x67, 0x6d, 0x62, 0xcb, 0xfa, 0x79, 0xe9, 0x23,
+    0x56, 0x54, 0xa3, 0x32, 0x34, 0xec, 0x18, 0xd1, 0xcd, 0xed, 0x9c, 0x35,
+    0x65, 0xfd, 0x33, 0xaf, 0x4e, 0xf5, 0x97, 0xf4, 0x41, 0xe4, 0x43, 0x82,
+    0xcb, 0xe6, 0x28, 0xb7, 0x16, 0x5f, 0x14, 0xf7, 0x05, 0x94, 0xe7, 0xf0,
+    0x03, 0x1f, 0x92, 0xdf, 0xa7, 0xfc, 0xcf, 0xac, 0xbf, 0xa7, 0x7e, 0x7b,
+    0xd2, 0xb2, 0xfb, 0xfc, 0xc8, 0x96, 0x78, 0xd7, 0x5f, 0xde, 0x1b, 0x6f,
+    0x91, 0xac, 0xa1, 0xa2, 0xdf, 0x15, 0x5c, 0xce, 0xfb, 0x4c, 0xf1, 0xac,
+    0xbc, 0xd8, 0x05, 0x95, 0x86, 0xf7, 0x84, 0x57, 0xf9, 0x85, 0xaf, 0x66,
+    0xfe, 0x2c, 0xbf, 0xff, 0xd9, 0xf6, 0xee, 0x05, 0x3b, 0x7e, 0xd9, 0xba,
+    0x3f, 0x62, 0xcb, 0xec, 0xfb, 0x71, 0x65, 0xfd, 0xb1, 0x44, 0x5b, 0x04,
+    0x62, 0x59, 0x5b, 0x88, 0xf4, 0x88, 0xd7, 0x8c, 0x9f, 0x21, 0xbf, 0xf0,
+    0x9c, 0xfc, 0x62, 0x7d, 0x1a, 0xb2, 0xf9, 0xfe, 0xe4, 0xb2, 0xa0, 0xc8,
+    0xf4, 0x1c, 0x79, 0x78, 0xf0, 0x69, 0x57, 0x4d, 0x3d, 0x92, 0x34, 0x26,
+    0x62, 0x6f, 0xd4, 0x3b, 0x4e, 0x79, 0xe2, 0x00, 0x42, 0x98, 0xa1, 0xcb,
+    0xc6, 0xbf, 0xc6, 0x28, 0x62, 0x0e, 0xe9, 0xf5, 0xf7, 0xfe, 0xd0, 0x59,
+    0x7f, 0x61, 0x85, 0xbf, 0x50, 0x59, 0x7f, 0xfe, 0xfb, 0x72, 0x3c, 0x33,
+    0x8d, 0x19, 0x3f, 0x7f, 0x59, 0x7f, 0xd0, 0xcf, 0xe0, 0xd8, 0x80, 0xb2,
+    0xfa, 0x19, 0x3d, 0xac, 0xbf, 0x4e, 0xb0, 0x99, 0x65, 0xe3, 0x33, 0xcb,
+    0x2f, 0xec, 0xd6, 0x84, 0x6e, 0x96, 0x5f, 0xc5, 0x03, 0x1f, 0xdc, 0x59,
+    0x7e, 0x37, 0xce, 0x4c, 0xb2, 0xdc, 0xc3, 0xd5, 0x62, 0xeb, 0x8d, 0x82,
+    0xcb, 0xed, 0x07, 0x26, 0x2c, 0xbe, 0x19, 0x39, 0xab, 0x2f, 0xfe, 0x68,
+    0x3e, 0xb3, 0x7f, 0x7d, 0x37, 0x6b, 0x2a, 0x51, 0x1d, 0x19, 0x27, 0xc8,
+    0xae, 0xc1, 0xca, 0xac, 0x58, 0xc8, 0xb0, 0xc3, 0xb5, 0x88, 0x8d, 0xfc,
+    0x44, 0xe4, 0xa4, 0x3b, 0xf8, 0x42, 0x6c, 0x93, 0x07, 0x0a, 0x6b, 0xec,
+    0x1f, 0x0c, 0x59, 0x66, 0xe2, 0x35, 0x77, 0x61, 0x65, 0x7f, 0x80, 0x2e,
+    0x31, 0x77, 0x05, 0x97, 0xf0, 0x1b, 0x4d, 0xd8, 0x16, 0x59, 0xf7, 0x0f,
+    0x8a, 0x23, 0x4b, 0x01, 0x65, 0xfe, 0x1e, 0x13, 0x19, 0xe1, 0x2c, 0xbf,
+    0xfe, 0xf3, 0x4f, 0xd8, 0x13, 0x00, 0x86, 0x18, 0x62, 0x4b, 0xff, 0x9a,
+    0x7e, 0x09, 0x80, 0x43, 0x0c, 0x31, 0x25, 0x62, 0x27, 0x7c, 0xa9, 0x51,
+    0xa3, 0xcb, 0xf0, 0xd0, 0xbf, 0xde, 0x13, 0x9c, 0x6e, 0x75, 0x94, 0x47,
+    0xb9, 0xf2, 0x9b, 0xd9, 0x86, 0xa4, 0xb0, 0x16, 0x5f, 0x37, 0xa4, 0xeb,
+    0x2e, 0xe6, 0x49, 0xb2, 0x34, 0x46, 0x86, 0x7f, 0x5f, 0x4e, 0xbc, 0x07,
+    0xfa, 0xcb, 0xef, 0xf0, 0x5b, 0x8b, 0x2f, 0xa7, 0x4d, 0xbd, 0x65, 0x39,
+    0xf2, 0x88, 0x70, 0x32, 0x6b, 0xfe, 0xd3, 0xf5, 0xb7, 0xd2, 0x19, 0x2c,
+    0xbc, 0x29, 0xd2, 0xcb, 0xbf, 0xc1, 0x9e, 0xc4, 0x47, 0x97, 0xc6, 0x88,
+    0x1c, 0x59, 0x71, 0x09, 0x51, 0x0c, 0xaf, 0xe9, 0x3c, 0xf3, 0x58, 0xb2,
+    0xa0, 0x79, 0xf1, 0x11, 0xde, 0xf4, 0xc6, 0xb2, 0xfd, 0xf9, 0x81, 0xa7,
+    0x59, 0x7f, 0x84, 0x5d, 0x7a, 0x7b, 0xdd, 0x59, 0x78, 0xc3, 0x0c, 0x49,
+    0x7b, 0x0b, 0xa4, 0x81, 0x0d, 0x05, 0xff, 0xb2, 0x3c, 0x1b, 0xc0, 0xa6,
+    0x35, 0x95, 0x28, 0xed, 0x62, 0x90, 0x2c, 0x11, 0x75, 0xff, 0xec, 0xd7,
+    0xff, 0x9c, 0x29, 0xcd, 0x41, 0x65, 0xf9, 0xbd, 0xec, 0xfa, 0xcb, 0x4e,
+    0xd3, 0xef, 0xe2, 0x45, 0xf7, 0x9c, 0x8d, 0x59, 0x43, 0x3c, 0xbf, 0x94,
+    0xdf, 0xdd, 0xc3, 0x84, 0xfd, 0x2c, 0xbe, 0x7d, 0xcf, 0xf1, 0x65, 0xe2,
+    0x0b, 0x7b, 0x1a, 0xca, 0xc3, 0xfb, 0xec, 0xbd, 0xc9, 0x6e, 0x0b, 0x61,
+    0x6d, 0x65, 0xfa, 0x1d, 0x67, 0x7f, 0x59, 0x7e, 0xcf, 0xfc, 0x51, 0xac,
+    0xbf, 0xf3, 0x47, 0xe6, 0x78, 0x7d, 0xa3, 0x59, 0x68, 0x05, 0xb4, 0x5a,
+    0xc0, 0x8c, 0x8a, 0xbe, 0x53, 0x7e, 0xe6, 0x0d, 0xfc, 0xb2, 0xf8, 0x7e,
+    0xce, 0x96, 0x5e, 0x7d, 0xc9, 0x59, 0x7e, 0xc1, 0xf9, 0xf7, 0x16, 0x5f,
+    0x8b, 0x07, 0x27, 0x59, 0x5b, 0x03, 0x21, 0x2e, 0x63, 0x5f, 0x8e, 0x13,
+    0x63, 0x84, 0x3e, 0x42, 0x1c, 0xd2, 0xfe, 0xdc, 0xe2, 0x23, 0xd4, 0x61,
+    0x47, 0x87, 0xa7, 0xa1, 0x3a, 0xf0, 0xe3, 0x02, 0x41, 0x13, 0x88, 0x8f,
+    0x78, 0xf1, 0x85, 0x57, 0xf1, 0xf1, 0xb5, 0x14, 0x16, 0x5f, 0xff, 0x1a,
+    0x1b, 0x97, 0x9e, 0x1c, 0xc3, 0xce, 0xe2, 0xca, 0x94, 0x40, 0xb1, 0x75,
+    0xf4, 0xfc, 0x41, 0xac, 0xbd, 0xf6, 0x95, 0x97, 0xe6, 0x98, 0xdc, 0xeb,
+    0x2e, 0xc2, 0x59, 0x4c, 0x7a, 0xe4, 0x36, 0x22, 0x7b, 0xf1, 0x4f, 0x73,
+    0xc5, 0x97, 0xfe, 0xc6, 0x27, 0xff, 0x0c, 0x92, 0x59, 0x7b, 0xcf, 0xa9,
+    0x3e, 0x3e, 0x13, 0xdf, 0x36, 0xa7, 0xeb, 0x2f, 0xff, 0xc5, 0x3a, 0xd3,
+    0x4c, 0x78, 0x01, 0x39, 0x74, 0xb2, 0xfb, 0x99, 0x30, 0x59, 0x43, 0x44,
+    0xb7, 0x44, 0x24, 0xa9, 0x7b, 0xd9, 0xda, 0xcb, 0xf0, 0xf4, 0xd2, 0x75,
+    0x96, 0x98, 0x1e, 0x21, 0x0e, 0xdf, 0x41, 0xa7, 0xa5, 0x97, 0x76, 0x05,
+    0x97, 0xf1, 0xe7, 0x80, 0x6e, 0x96, 0x5e, 0xe4, 0x9a, 0x03, 0xc6, 0xe0,
+    0xc5, 0xfc, 0x59, 0xba, 0xd3, 0x12, 0xcb, 0xfb, 0x34, 0x00, 0x31, 0x2c,
+    0xa7, 0x3d, 0xb1, 0x17, 0xdf, 0xc5, 0xf6, 0x8c, 0xa5, 0x65, 0xb8, 0xb2,
+    0xed, 0x82, 0x35, 0x95, 0x27, 0xb5, 0x02, 0xc7, 0x11, 0xbf, 0xcc, 0x3d,
+    0x60, 0xdc, 0xeb, 0x2f, 0xa2, 0xe4, 0xf1, 0x65, 0xb0, 0xe7, 0xaa, 0x03,
+    0x2b, 0xec, 0x38, 0x63, 0x59, 0x7e, 0x36, 0x29, 0x2f, 0xac, 0xaf, 0x1f,
+    0x99, 0x13, 0x88, 0x8e, 0xff, 0xff, 0xb7, 0xc8, 0xd8, 0x9f, 0x46, 0x93,
+    0xb1, 0x60, 0x05, 0xc5, 0x97, 0xfe, 0xf0, 0x7c, 0xcd, 0x74, 0xef, 0xd2,
+    0xa2, 0x0c, 0x5f, 0xfd, 0x1c, 0x9b, 0x9a, 0xff, 0xe7, 0x38, 0xb2, 0x86,
+    0x89, 0x32, 0x4e, 0xa9, 0x4c, 0x69, 0xa1, 0xf1, 0x7f, 0xef, 0x09, 0xcd,
+    0xcf, 0xff, 0x3c, 0xb2, 0xff, 0x6f, 0x92, 0xc0, 0xf0, 0xeb, 0x2f, 0xf7,
+    0xa4, 0xbe, 0x07, 0xfa, 0xcb, 0xff, 0xd0, 0xd4, 0xc3, 0xaf, 0x37, 0x89,
+    0xce, 0xb2, 0xb8, 0x7f, 0x82, 0x32, 0xbf, 0xff, 0x8f, 0x25, 0xd3, 0x90,
+    0x30, 0x7c, 0x21, 0x3c, 0x16, 0x5f, 0xf7, 0x4c, 0x73, 0xb6, 0xde, 0x09,
+    0x65, 0xfe, 0x7e, 0xf8, 0x1e, 0xbc, 0xeb, 0x2f, 0xfe, 0xc3, 0x1c, 0x1b,
+    0x5c, 0x38, 0x9f, 0xeb, 0x2d, 0xc0, 0x1f, 0xe9, 0x1a, 0xdf, 0xcf, 0xec,
+    0x23, 0xe2, 0xcb, 0xe1, 0x7b, 0x3a, 0x59, 0x50, 0x55, 0x7e, 0x32, 0x76,
+    0x3f, 0xd4, 0x2c, 0x0e, 0x44, 0x4b, 0x3f, 0x85, 0xce, 0xf2, 0x7d, 0x92,
+    0xbb, 0xff, 0xbf, 0xc8, 0xe4, 0x32, 0x9f, 0x34, 0x6b, 0x2f, 0xf7, 0x27,
+    0x50, 0xe9, 0xa3, 0x59, 0x7d, 0xe6, 0x70, 0x2c, 0xa2, 0x44, 0xe7, 0x11,
+    0xbe, 0x6b, 0x73, 0x7d, 0x65, 0xff, 0xe1, 0xfb, 0x3a, 0xcd, 0x73, 0xbf,
+    0x86, 0x75, 0x97, 0xda, 0xd3, 0xc2, 0x4f, 0x93, 0x82, 0xd7, 0xf0, 0x8d,
+    0x2c, 0x8c, 0x4b, 0x2a, 0x51, 0xf5, 0x90, 0x93, 0xf1, 0xc5, 0xff, 0xf8,
+    0xbe, 0x2f, 0x07, 0xf6, 0x27, 0xef, 0xe2, 0x95, 0x97, 0xbc, 0x2d, 0xc5,
+    0x97, 0xfe, 0x62, 0xff, 0x18, 0x60, 0xec, 0x0b, 0x2f, 0xff, 0xdc, 0xf3,
+    0x66, 0xfc, 0xe3, 0xc1, 0x8a, 0x77, 0xac, 0xbf, 0xec, 0x2e, 0xbc, 0xc0,
+    0x0f, 0xeb, 0x2c, 0xfc, 0x44, 0x86, 0xf5, 0x6a, 0x8d, 0x1f, 0x3a, 0x86,
+    0x7d, 0x4a, 0xbe, 0xe8, 0x4a, 0x23, 0x63, 0x30, 0xba, 0xb0, 0xa3, 0x19,
+    0xbd, 0x84, 0x6a, 0xcb, 0xfc, 0xe3, 0xf6, 0x67, 0x7f, 0x59, 0x58, 0x79,
+    0xe6, 0x8e, 0x57, 0x6c, 0xac, 0x0f, 0x42, 0x3c, 0x9e, 0xf9, 0x0f, 0x5f,
+    0xcf, 0xfa, 0xee, 0xc2, 0xaa, 0xfd, 0x25, 0x08, 0x1d, 0x65, 0xe2, 0x93,
+    0x16, 0x5f, 0x37, 0x4c, 0x35, 0x95, 0x03, 0xe5, 0xc2, 0x7f, 0x8e, 0x5f,
+    0xfe, 0xef, 0xf2, 0xc5, 0xfd, 0x4f, 0xdf, 0xeb, 0x2f, 0xa7, 0xed, 0x12,
+    0xcb, 0xf8, 0x4e, 0x18, 0x9c, 0x35, 0x95, 0x11, 0xe8, 0xe8, 0x8a, 0xf3,
+    0xe4, 0x16, 0x5d, 0xbf, 0x16, 0x56, 0x1e, 0xb3, 0x11, 0xb8, 0xdd, 0xff,
+    0xcf, 0x0d, 0xb9, 0xfc, 0xf4, 0xe8, 0x0b, 0x2e, 0x00, 0x16, 0x5f, 0xf7,
+    0x5e, 0x6d, 0x13, 0x7f, 0x8b, 0x2a, 0x08, 0x95, 0x3a, 0x28, 0x05, 0xef,
+    0xff, 0x61, 0x84, 0x27, 0xe3, 0x66, 0xf7, 0xd2, 0xcb, 0xf9, 0xbd, 0xec,
+    0x03, 0xac, 0xbc, 0xfe, 0xe2, 0xca, 0x94, 0x49, 0x01, 0x28, 0x45, 0x97,
+    0xfb, 0x8d, 0x85, 0x9d, 0x98, 0xb2, 0xff, 0xff, 0x67, 0xfe, 0xfa, 0x29,
+    0xee, 0x01, 0xe8, 0x07, 0x6e, 0x2c, 0xad, 0xc4, 0x4a, 0x9c, 0xce, 0xfc,
+    0x2e, 0xfa, 0xc3, 0xac, 0xbf, 0xcc, 0x66, 0x10, 0xfd, 0x2b, 0x2f, 0x9f,
+    0xb2, 0x1a, 0xca, 0x39, 0xea, 0x00, 0xca, 0xff, 0xf4, 0xff, 0x82, 0xeb,
+    0x6f, 0x9c, 0xa6, 0x56, 0x5d, 0xe1, 0x2c, 0xbf, 0xff, 0x41, 0x88, 0x7e,
+    0xce, 0xc3, 0x72, 0xf9, 0x0d, 0x65, 0xff, 0xfc, 0xc6, 0x79, 0xfa, 0x92,
+    0x1e, 0x77, 0xff, 0x38, 0xd6, 0x5f, 0xf4, 0x7f, 0x86, 0x6e, 0x39, 0x01,
+    0x65, 0xff, 0x3e, 0xe7, 0x83, 0xd4, 0x27, 0x71, 0x65, 0xf4, 0x5e, 0x7f,
+    0xac, 0xac, 0x44, 0xff, 0x67, 0x8c, 0x81, 0x7f, 0xb0, 0x7e, 0xce, 0xf3,
+    0x8b, 0x2f, 0x31, 0x9b, 0x8b, 0x2f, 0xf6, 0x6f, 0xe7, 0xff, 0x27, 0x59,
+    0x5a, 0x3d, 0x5f, 0x10, 0x54, 0xab, 0x51, 0x19, 0x36, 0x3f, 0x1a, 0x44,
+    0xc9, 0x71, 0x0b, 0xe9, 0x57, 0xd0, 0xfb, 0x22, 0xfe, 0x42, 0x22, 0xff,
+    0xd0, 0x62, 0x80, 0x7e, 0xf4, 0x8d, 0x65, 0xc6, 0x32, 0xcb, 0xd8, 0x5d,
+    0x2c, 0xba, 0x4e, 0xb2, 0xc7, 0xe8, 0xd9, 0x6c, 0x8e, 0x54, 0x9f, 0xa3,
+    0x24, 0xdf, 0xf6, 0x0c, 0xd7, 0x8b, 0xd3, 0x1a, 0xcb, 0xf0, 0xbf, 0x1f,
+    0x0d, 0x59, 0x7f, 0xf3, 0xc7, 0xc7, 0x1c, 0xc7, 0x30, 0x95, 0x97, 0xf6,
+    0x73, 0x67, 0x35, 0x2b, 0x2b, 0xb4, 0xeb, 0x35, 0x0b, 0x3f, 0x10, 0x11,
+    0xdf, 0x0a, 0xf6, 0x51, 0x2f, 0x9a, 0x4a, 0x25, 0x95, 0x1b, 0x6f, 0xcd,
+    0x07, 0xa1, 0xc2, 0x43, 0x21, 0x91, 0xd3, 0xa7, 0x64, 0xcd, 0x4b, 0x28,
+    0x8a, 0x1b, 0x5a, 0x2e, 0x3c, 0x3c, 0x1e, 0x18, 0x20, 0x86, 0x17, 0x27,
+    0x05, 0x7f, 0x29, 0x04, 0xc6, 0x0b, 0xfd, 0xce, 0x61, 0x03, 0x67, 0x16,
+    0x5f, 0x13, 0x6e, 0xca, 0xcb, 0x81, 0x2b, 0x2f, 0x16, 0x71, 0x65, 0x11,
+    0xb1, 0x0c, 0x5a, 0xd1, 0x2c, 0xbf, 0xb9, 0x84, 0x0d, 0x9c, 0x59, 0x5b,
+    0x51, 0xd7, 0x86, 0xae, 0xa8, 0x02, 0x1e, 0x09, 0x5f, 0x7d, 0xdc, 0x96,
+    0x56, 0xf3, 0xea, 0x31, 0x2a, 0xff, 0x01, 0xc1, 0x3b, 0x93, 0x05, 0x97,
+    0xff, 0x41, 0xb3, 0xcf, 0xef, 0x4f, 0x7c, 0x59, 0x7f, 0xbd, 0x83, 0x29,
+    0xc2, 0x59, 0x50, 0x45, 0x4f, 0x66, 0xa0, 0x44, 0xbc, 0x3c, 0x25, 0x97,
+    0xe1, 0x1e, 0x73, 0xeb, 0x2f, 0xb0, 0x12, 0x05, 0x94, 0x03, 0xc8, 0x22,
+    0x7a, 0x8d, 0x10, 0x9f, 0x63, 0xa7, 0x46, 0xc8, 0xa1, 0x6b, 0x71, 0x1a,
+    0xb2, 0xff, 0xf1, 0x47, 0xb6, 0x26, 0x2c, 0x1e, 0x11, 0xab, 0x2f, 0xf8,
+    0x42, 0x0c, 0x9b, 0x68, 0x3e, 0xb2, 0xff, 0xd9, 0xbe, 0x7b, 0xd9, 0x9d,
+    0x61, 0x2c, 0xbf, 0x9b, 0xbd, 0xdf, 0x4f, 0xd6, 0x5f, 0x85, 0xc6, 0x6e,
+    0xd6, 0x5f, 0x8b, 0x3f, 0xe6, 0x59, 0x78, 0x3c, 0x95, 0x97, 0x08, 0xd5,
+    0x97, 0xe9, 0x22, 0x11, 0xd6, 0x57, 0x8d, 0xf0, 0x63, 0x17, 0xbf, 0x21,
+    0xac, 0xbf, 0xd8, 0x3d, 0x3f, 0x5f, 0x02, 0xcb, 0xf6, 0x10, 0xfd, 0x2b,
+    0x2b, 0x0f, 0xdf, 0xc3, 0xa6, 0x1a, 0x5e, 0x86, 0x71, 0x65, 0xfd, 0xd7,
+    0xa7, 0xe2, 0x0d, 0x65, 0x4a, 0xab, 0x78, 0xd3, 0x0d, 0x3c, 0xdc, 0x42,
+    0x88, 0xc7, 0x45, 0x0e, 0x4c, 0x4b, 0x5c, 0x84, 0xcf, 0xcb, 0xc3, 0x1c,
+    0xbe, 0x1e, 0x9e, 0x0b, 0x2f, 0xff, 0xf6, 0x13, 0xff, 0x99, 0xa0, 0x02,
+    0x73, 0xbf, 0xf1, 0x96, 0x5d, 0x09, 0x59, 0x6d, 0x95, 0x95, 0xb4, 0xd5,
+    0x60, 0xb5, 0x0d, 0x15, 0x7f, 0x84, 0x4d, 0x4a, 0x3d, 0x5e, 0x19, 0xb7,
+    0xa7, 0x51, 0x2c, 0xbc, 0x39, 0x25, 0x95, 0xb5, 0xf2, 0x89, 0x02, 0x88,
+    0x13, 0x4d, 0xf7, 0x8e, 0x37, 0x01, 0xc2, 0xb7, 0x29, 0x31, 0x7d, 0x4e,
+    0x54, 0xf7, 0x09, 0x26, 0xa4, 0x3b, 0x7a, 0x39, 0xd7, 0xae, 0x01, 0xc1,
+    0x29, 0x78, 0xa3, 0xa7, 0xf9, 0x38, 0xa5, 0x67, 0x19, 0x1c, 0xc6, 0xc9,
+    0x30, 0x63, 0xb7, 0xbb, 0x8f, 0x7a, 0xcb, 0xfd, 0xd7, 0x9c, 0xa4, 0x5d,
+    0xac, 0xbf, 0x75, 0xe9, 0xef, 0x75, 0x65, 0xc2, 0x0b, 0xac, 0xbf, 0x79,
+    0xf4, 0x76, 0x59, 0x78, 0x39, 0xdc, 0x59, 0x7f, 0x07, 0xd7, 0xa7, 0xbd,
+    0xd5, 0x95, 0xb5, 0x18, 0x70, 0x2d, 0xe8, 0x6f, 0x84, 0xe2, 0x20, 0xbc,
+    0xc5, 0x8b, 0x2f, 0xef, 0x30, 0x5f, 0xd3, 0x1a, 0xcb, 0x0e, 0x07, 0x99,
+    0xd0, 0xd5, 0xc0, 0x31, 0x65, 0xfd, 0xe9, 0x6d, 0xc3, 0xb2, 0xca, 0xda,
+    0x78, 0xfd, 0x0c, 0x50, 0xd5, 0x12, 0xf7, 0x0f, 0x76, 0x84, 0xcf, 0xdc,
+    0x2f, 0xec, 0x33, 0x30, 0x8d, 0x59, 0x73, 0x46, 0xb2, 0xe9, 0x0d, 0x65,
+    0xe7, 0xce, 0x2c, 0xbf, 0x3c, 0x6c, 0x28, 0x2c, 0xbc, 0x00, 0x4a, 0xca,
+    0x81, 0xfb, 0x1c, 0x5f, 0xc3, 0x64, 0x51, 0x7b, 0x08, 0xd5, 0x94, 0xc9,
+    0x88, 0x9c, 0xb5, 0xe1, 0x1b, 0xba, 0x77, 0x7f, 0xee, 0x6a, 0x7e, 0x4e,
+    0x73, 0xb2, 0xcb, 0xff, 0xd3, 0xce, 0x49, 0xf3, 0xed, 0xcf, 0x3a, 0xcb,
+    0xcc, 0x5f, 0x59, 0x5d, 0x1f, 0x1f, 0x92, 0x2f, 0xfd, 0xe6, 0xf4, 0xe6,
+    0xa1, 0xa8, 0x2c, 0xbf, 0xf8, 0xf3, 0xfe, 0x3e, 0x68, 0x07, 0xc5, 0x97,
+    0xf1, 0x4c, 0x0f, 0x2c, 0xb2, 0x80, 0x7d, 0xc4, 0x87, 0x7e, 0xf4, 0xc7,
+    0x3e, 0x59, 0x7e, 0xd3, 0x9e, 0x7a, 0x59, 0x7e, 0xcd, 0xe5, 0x9c, 0x59,
+    0x7f, 0xbe, 0xdb, 0xdb, 0xf0, 0x94, 0x96, 0x3a, 0xcb, 0xfb, 0x08, 0xdd,
+    0x48, 0x46, 0x3c, 0x50, 0xcd, 0x2e, 0xc3, 0x56, 0x56, 0xd5, 0x55, 0x59,
+    0x0a, 0x0e, 0x88, 0xda, 0x15, 0x91, 0x10, 0xb9, 0x41, 0x14, 0x71, 0xb7,
+    0x65, 0x1a, 0xff, 0xf3, 0xef, 0x9c, 0x1b, 0xc3, 0x3c, 0xc6, 0x2c, 0xbc,
+    0x2e, 0xe0, 0xb2, 0xf6, 0x9f, 0x7a, 0xcb, 0xf0, 0xf5, 0xac, 0xe2, 0xca,
+    0x81, 0xe3, 0x38, 0xf5, 0x41, 0x19, 0xfa, 0x4a, 0x26, 0x4b, 0xfc, 0x50,
+    0x2c, 0x3c, 0xf4, 0xb2, 0xf4, 0x4f, 0xf5, 0x97, 0x8a, 0x4e, 0xb2, 0xa4,
+    0xdc, 0x44, 0x3b, 0x7e, 0x6f, 0x14, 0xc1, 0x65, 0xf6, 0x9d, 0xa3, 0x59,
+    0x77, 0x19, 0x65, 0x31, 0xb8, 0x72, 0x2b, 0x62, 0xcb, 0xd9, 0x86, 0xac,
+    0xb1, 0xc6, 0x6b, 0x37, 0x44, 0x2f, 0xfd, 0xc0, 0xf5, 0xf8, 0x31, 0x7f,
+    0x8b, 0x2a, 0x53, 0xcd, 0xc2, 0xf6, 0x6a, 0xd1, 0x0f, 0x97, 0x9d, 0x2c,
+    0x45, 0x57, 0xfc, 0xdb, 0xf3, 0x5d, 0x3b, 0xf4, 0xa8, 0xc3, 0x57, 0xb6,
+    0x45, 0xf5, 0x97, 0x36, 0xf5, 0x97, 0xfe, 0xeb, 0xd2, 0x4f, 0xfe, 0x64,
+    0x6b, 0x2f, 0xb4, 0xd1, 0x71, 0x65, 0xed, 0x38, 0x6b, 0x2b, 0x0f, 0xff,
+    0x47, 0xee, 0x47, 0x76, 0x1a, 0xb2, 0xff, 0xe9, 0x3b, 0x0f, 0x08, 0xdf,
+    0x49, 0xd6, 0x57, 0x8f, 0x6b, 0xe2, 0xf7, 0xd8, 0x79, 0x0d, 0x65, 0x0d,
+    0x3c, 0xae, 0x92, 0x0e, 0x41, 0xc8, 0x4b, 0xfe, 0x10, 0xfb, 0xc8, 0xae,
+    0x0f, 0xcb, 0x2f, 0xc4, 0xe6, 0x06, 0x75, 0x97, 0xcf, 0xdf, 0xf1, 0x65,
+    0x9a, 0x23, 0xcb, 0xe1, 0x4d, 0x1a, 0x88, 0xbf, 0x31, 0xdf, 0xff, 0x37,
+    0xfd, 0x3c, 0x9f, 0x4b, 0x47, 0x26, 0xac, 0xbf, 0xde, 0x98, 0xa0, 0xda,
+    0x82, 0xcb, 0xf1, 0x44, 0x52, 0x75, 0x97, 0xfb, 0xec, 0x64, 0x44, 0xe6,
+    0x2c, 0xbb, 0xcc, 0xb2, 0xff, 0xa5, 0xe1, 0xe9, 0x8d, 0xe3, 0x59, 0x7f,
+    0xd9, 0xbe, 0x47, 0xec, 0x6f, 0xac, 0xbd, 0xc7, 0x02, 0xca, 0x23, 0xd5,
+    0xf9, 0xcd, 0x6e, 0x23, 0x14, 0xe2, 0xdf, 0x84, 0x75, 0xfc, 0x20, 0xc0,
+    0x09, 0xed, 0x65, 0xf1, 0xff, 0x9d, 0x2c, 0xbd, 0xa7, 0x82, 0xcb, 0xe8,
+    0xe7, 0xb9, 0x59, 0x52, 0x7c, 0x58, 0x46, 0xc3, 0x97, 0x19, 0xf5, 0x97,
+    0xd0, 0x01, 0x62, 0xcb, 0xff, 0xc0, 0x27, 0x3e, 0xb2, 0x7b, 0x83, 0x1d,
+    0x65, 0x49, 0xf5, 0x08, 0x86, 0xe6, 0x8d, 0x65, 0x4a, 0xb5, 0x41, 0xa7,
+    0xe1, 0xa7, 0x64, 0xed, 0x0f, 0xa8, 0x8e, 0x3d, 0x09, 0x27, 0x2c, 0x28,
+    0x41, 0x7c, 0x86, 0xff, 0xff, 0xfe, 0x6f, 0xfb, 0x0f, 0xe2, 0xcd, 0xef,
+    0xd7, 0x98, 0x3f, 0xb1, 0x75, 0x9f, 0xf3, 0x2c, 0xbe, 0xfe, 0xa7, 0x7a,
+    0xca, 0x1a, 0x2b, 0x9e, 0x11, 0x57, 0xd3, 0xd8, 0xb7, 0x16, 0x5f, 0xff,
+    0xba, 0x17, 0x8d, 0x62, 0x9f, 0x49, 0x92, 0x58, 0xb2, 0xa2, 0x3f, 0xb2,
+    0x26, 0xbe, 0x61, 0xee, 0xb2, 0xca, 0x94, 0x74, 0x3c, 0x28, 0x8c, 0x22,
+    0xbf, 0xef, 0x4c, 0x18, 0xb0, 0xf2, 0xb2, 0xf9, 0xc7, 0x08, 0xd6, 0x5f,
+    0xf6, 0x7f, 0xd8, 0x72, 0x7f, 0xac, 0xbf, 0xb7, 0xb6, 0xbb, 0x9d, 0xc5,
+    0x94, 0x33, 0xea, 0xc3, 0x7a, 0xf2, 0x2b, 0x8a, 0x11, 0xb7, 0x10, 0x16,
+    0x5f, 0x8f, 0x3d, 0x46, 0x35, 0x97, 0xd0, 0x93, 0xba, 0xcb, 0xf6, 0x80,
+    0x76, 0xe2, 0xcb, 0xbf, 0xc0, 0xaa, 0x22, 0x70, 0x59, 0xca, 0x83, 0x21,
+    0xa9, 0x47, 0xe0, 0xa1, 0x61, 0x6e, 0x2c, 0xbf, 0xa6, 0x3c, 0x26, 0x35,
+    0x65, 0x68, 0xdf, 0x70, 0x46, 0xff, 0xc4, 0xfe, 0x90, 0x04, 0xd7, 0x38,
+    0x92, 0xf7, 0xb0, 0x6b, 0x2a, 0x4f, 0x71, 0x90, 0x2f, 0xa7, 0xf0, 0x75,
+    0x97, 0xff, 0xe7, 0xfc, 0xe6, 0xa7, 0x6b, 0x96, 0x1c, 0x5e, 0x59, 0x7d,
+    0xc1, 0x17, 0xd6, 0x5f, 0x83, 0x28, 0x7b, 0x16, 0x53, 0x1e, 0x50, 0x08,
+    0xae, 0x8e, 0x35, 0x96, 0x02, 0xcb, 0x4a, 0xcb, 0x60, 0xcd, 0x0f, 0x42,
+    0x35, 0x1a, 0xe1, 0x18, 0xe3, 0xe0, 0xc6, 0x53, 0xbe, 0xf8, 0x80, 0x88,
+    0x7f, 0x09, 0xe1, 0x10, 0xef, 0x3a, 0xbc, 0x79, 0xe9, 0x65, 0xf9, 0xe2,
+    0x6c, 0xe2, 0xcb, 0xee, 0x4e, 0xa0, 0xb2, 0xc3, 0xda, 0x79, 0x3c, 0x27,
+    0xa9, 0x44, 0x83, 0xb3, 0x5e, 0x7f, 0x4a, 0xcb, 0xfc, 0x3f, 0x4f, 0xff,
+    0x27, 0x59, 0x5e, 0x3c, 0xe2, 0x1b, 0xb8, 0x51, 0xac, 0xbe, 0x90, 0xf7,
+    0x46, 0xb2, 0xfb, 0x8d, 0xf9, 0x59, 0x77, 0x70, 0x8c, 0xf1, 0xfb, 0x26,
+    0xbc, 0xdd, 0xf1, 0x65, 0x61, 0xe7, 0x31, 0x8d, 0x62, 0x3b, 0x98, 0x87,
+    0xd0, 0xad, 0xbb, 0x3a, 0x59, 0x6e, 0x2c, 0xf9, 0x6f, 0x7e, 0x1c, 0x9d,
+    0xc6, 0xb2, 0xb0, 0xf1, 0xd8, 0x82, 0xf7, 0xf3, 0xcb, 0x2f, 0xa3, 0xfb,
+    0x1a, 0xb2, 0xb4, 0x7c, 0x02, 0x20, 0x0c, 0x72, 0xff, 0xf6, 0xd7, 0x6c,
+    0xe4, 0xc7, 0x84, 0xc6, 0xac, 0xbb, 0x7c, 0xac, 0xa1, 0x9f, 0x11, 0xd2,
+    0xaf, 0xf6, 0x8f, 0x3d, 0xfd, 0xfa, 0x59, 0x7f, 0xff, 0x16, 0x7f, 0xd9,
+    0x0c, 0xea, 0x7a, 0xf9, 0x39, 0xd6, 0x56, 0x22, 0xc5, 0x88, 0xb8, 0x6b,
+    0x7f, 0xcd, 0x06, 0xe7, 0x70, 0x62, 0x59, 0x7f, 0x80, 0xd0, 0xd6, 0x98,
+    0xc5, 0x95, 0xa3, 0xec, 0x23, 0x8b, 0xe6, 0x3c, 0xc4, 0xb2, 0xff, 0xee,
+    0x37, 0x65, 0x91, 0x6a, 0x7f, 0xc5, 0x97, 0xd9, 0x18, 0xa0, 0xb2, 0xf9,
+    0xb5, 0x31, 0xac, 0xa6, 0x46, 0x6c, 0x44, 0x20, 0x22, 0x31, 0x14, 0x32,
+    0x3b, 0xff, 0x4c, 0x26, 0x2e, 0x7b, 0x37, 0xf1, 0x65, 0xf4, 0xec, 0x3d,
+    0x87, 0xb0, 0xd6, 0x57, 0x0f, 0xd7, 0x75, 0x06, 0xf9, 0xf4, 0xfd, 0xac,
+    0xbf, 0x81, 0x1b, 0xc2, 0x77, 0x16, 0x5f, 0xb6, 0xcc, 0x52, 0x62, 0xcb,
+    0xc3, 0x1c, 0xac, 0xb9, 0x89, 0x65, 0x1a, 0x8a, 0xfe, 0xc8, 0x8e, 0x62,
+    0x22, 0xb0, 0xc7, 0x2a, 0x53, 0xe2, 0x68, 0x60, 0xbc, 0x35, 0x2e, 0x98,
+    0xd6, 0x5f, 0x6a, 0x70, 0xeb, 0x2e, 0xc3, 0x16, 0x52, 0x71, 0x0c, 0x2f,
+    0xee, 0x07, 0x3a, 0x93, 0xa7, 0x10, 0xc2, 0x93, 0x88, 0x61, 0x49, 0xc4,
+    0x30, 0xa4, 0xe2, 0x18, 0x52, 0x71, 0x0c, 0x2a, 0x08, 0xb9, 0x61, 0x90,
+    0x1e, 0x08, 0x67, 0x64, 0x67, 0x74, 0x66, 0xef, 0x62, 0x71, 0x0c, 0x2f,
+    0xe7, 0x7f, 0xc5, 0x27, 0x4e, 0x21, 0x86, 0xd3, 0x49, 0x60, 0xba, 0x71,
+    0x0c, 0x29, 0x38, 0x86, 0x14, 0x9c, 0x43, 0x0a, 0x81, 0xb2, 0x61, 0x9a,
     0x4e, 0x21, 0x85, 0x27, 0x10, 0xc2, 0x93, 0x88, 0x61, 0x49, 0xc4, 0x30,
-    0xa9, 0x1f, 0x27, 0x43, 0x2c, 0x33, 0xbc, 0x66, 0x93, 0x88, 0x61, 0x49,
-    0xc4, 0x30, 0xa4, 0xe2, 0x18, 0x52, 0x71, 0x0c, 0x2a, 0x47, 0xc8, 0x31,
-    0x9f, 0x8c, 0x90, 0xcd, 0xbe, 0x9c, 0x43, 0x0a, 0x4e, 0x21, 0x85, 0x27,
-    0x10, 0xc2, 0xd2, 0x4e, 0x21, 0x85, 0x27, 0x10, 0xc3, 0xa2, 0xfe, 0x93,
-    0x88, 0x61, 0x49, 0xc4, 0x30, 0xa4, 0xe2, 0x18, 0x52, 0x71, 0x0c, 0x2b,
-    0x64, 0x6f, 0x48, 0x64, 0xd3, 0x8e, 0xca, 0x66, 0x19, 0x00, 0xcf, 0x86,
-    0x6d, 0x89, 0xc4, 0x30, 0xa4, 0xe2, 0x18, 0x52, 0x71, 0x0c, 0x2d, 0x24,
-    0xe2, 0x18, 0x52, 0x71, 0x0c, 0x3a, 0x2f, 0xe9, 0x38, 0x86, 0x14, 0x9c,
-    0x43, 0x0a, 0x84, 0x56, 0x48, 0x65, 0x8e, 0x34, 0x52, 0x71, 0x9a, 0x4e,
-    0x21, 0x85, 0x27, 0x10, 0xc2, 0x93, 0x88, 0x61, 0x49, 0xc4, 0x30, 0xa4,
-    0xe2, 0x18, 0x54, 0x1f, 0xef, 0x43, 0x3a, 0x19, 0x38, 0xc9, 0x0c, 0xd2,
-    0x71, 0x0c, 0x29, 0x38, 0x86, 0x14, 0x9c, 0x43, 0x0a, 0xd1, 0xe5, 0xf0,
-    0x67, 0xc3, 0x34, 0x9c, 0x43, 0x0a, 0x4e, 0x21, 0x85, 0x27, 0x10, 0xc2,
-    0x8e, 0x79, 0x64, 0x33, 0xe1, 0x9b, 0x1d, 0x38, 0x86, 0x14, 0x9c, 0x43,
-    0x0a, 0x4e, 0x21, 0x85, 0x00, 0xd9, 0x04, 0x66, 0x93, 0x88, 0x61, 0x49,
-    0xc4, 0x30, 0xa4, 0xe2, 0x18, 0x52, 0x71, 0x0c, 0x2a, 0x0f, 0x92, 0x61,
-    0x9f, 0x8c, 0x84, 0x66, 0xa1, 0x98, 0x1f, 0xb4, 0x20, 0x24, 0x9a, 0x35,
-    0x5c, 0x85, 0xb7, 0x70, 0x8b, 0xea, 0x10, 0xad, 0x0a, 0x3d, 0xc3, 0xe9,
-    0xa1, 0x09, 0xa8, 0x6b, 0x1d, 0x2b, 0xf0, 0x84, 0x78, 0x51, 0x00, 0xec,
-    0xa1, 0xfb, 0xc6, 0x8f, 0x43, 0x28, 0x30, 0xc5, 0xdf, 0x09, 0x33, 0x1e,
-    0xa7, 0xcb, 0x84, 0x51, 0xdd, 0x84, 0x2d, 0xfa, 0x45, 0x19, 0xc4, 0xe2,
-    0x18, 0x0b, 0x4e, 0x5e, 0xf3, 0x41, 0xd3, 0x88, 0x61, 0x7c, 0xdd, 0xbe,
-    0x97, 0x88, 0x62, 0xf3, 0x0f, 0x17, 0x88, 0x62, 0xc2, 0xfa, 0x46, 0x4e,
-    0x92, 0x7e, 0x53, 0xe2, 0xfb, 0x46, 0xf6, 0x7c, 0x28, 0x94, 0xf3, 0xfb,
-    0xcc, 0x5b, 0x2c, 0xbf, 0x98, 0xc1, 0xea, 0x36, 0x59, 0x52, 0x3c, 0xbf,
-    0x8e, 0x5d, 0xbe, 0x16, 0x5c, 0xfd, 0x2c, 0xbe, 0x93, 0x7c, 0x2b, 0x2f,
-    0xa2, 0x7e, 0x3c, 0xb2, 0xf3, 0x6f, 0x15, 0xac, 0xb9, 0xb7, 0x56, 0x57,
-    0x6d, 0x87, 0xdf, 0x54, 0xfa, 0x69, 0xa1, 0x06, 0x72, 0x2f, 0x8c, 0x38,
-    0xb9, 0x11, 0x78, 0x93, 0x74, 0x8a, 0xf7, 0xc7, 0x25, 0x97, 0xa6, 0x71,
-    0x16, 0x50, 0xcd, 0xde, 0x0e, 0xdf, 0x98, 0x82, 0xfe, 0x59, 0x7f, 0xff,
-    0xec, 0xc2, 0x0f, 0x9b, 0xe4, 0x13, 0x4b, 0x3a, 0xf4, 0x66, 0x96, 0x56,
-    0x22, 0xc3, 0x84, 0x13, 0xe4, 0xd7, 0xbe, 0x1e, 0xd6, 0x5f, 0x7f, 0x37,
-    0xe2, 0xca, 0xf9, 0xe0, 0xf8, 0x7a, 0xf0, 0x03, 0xc5, 0x97, 0xf9, 0xc8,
-    0x49, 0xa4, 0xc4, 0xb2, 0xe0, 0x42, 0xcb, 0xfb, 0x4e, 0x42, 0x40, 0x16,
-    0x5c, 0xfa, 0x59, 0x66, 0x59, 0xd9, 0x6d, 0x6e, 0xd6, 0x58, 0xeb, 0x2c,
-    0x2d, 0x91, 0x39, 0xa1, 0x6f, 0xa1, 0xb9, 0x00, 0x82, 0x57, 0xf7, 0x52,
-    0xfc, 0x16, 0xcb, 0x28, 0xe9, 0xa7, 0xcf, 0xc3, 0x3f, 0x75, 0x46, 0xff,
-    0xff, 0xd9, 0x2f, 0xc7, 0xd8, 0xd7, 0x62, 0x8f, 0xbb, 0x49, 0x86, 0xb2,
-    0xe9, 0x62, 0xcb, 0xf8, 0x83, 0xef, 0xe6, 0xf5, 0x97, 0xb4, 0xdb, 0x2c,
-    0xbf, 0xd0, 0x7c, 0x9a, 0x0b, 0x65, 0x94, 0xb2, 0xe1, 0xef, 0x59, 0x58,
-    0x8a, 0x3d, 0x17, 0xfc, 0x74, 0x06, 0x64, 0x17, 0x7e, 0xc3, 0xfe, 0x00,
-    0xb2, 0xff, 0xe9, 0xcf, 0xd8, 0xff, 0x00, 0xc2, 0x02, 0xcb, 0x81, 0x0b,
-    0x2b, 0x0f, 0x70, 0x08, 0xd5, 0x0a, 0xf5, 0xe4, 0x45, 0x91, 0xb6, 0x31,
-    0xe4, 0xcd, 0x00, 0x85, 0xcf, 0x92, 0x03, 0x08, 0x3b, 0xe8, 0x97, 0x21,
-    0x65, 0xff, 0xc4, 0x51, 0xb1, 0x63, 0x6f, 0x89, 0xf5, 0x97, 0xa3, 0xae,
-    0x2c, 0xa3, 0xa2, 0x11, 0xc8, 0x78, 0x8d, 0x79, 0xf5, 0x0b, 0x2f, 0xcd,
-    0x3e, 0xe4, 0x05, 0x97, 0xe6, 0xeb, 0x8f, 0xd2, 0xca, 0x91, 0xf6, 0x9c,
-    0x6f, 0x85, 0x37, 0xdb, 0xcf, 0x0c, 0xb2, 0xfd, 0x33, 0x1d, 0xe6, 0x59,
-    0x7f, 0xc2, 0x38, 0xf9, 0x87, 0x8d, 0xc5, 0x97, 0xb3, 0xa3, 0x16, 0x56,
-    0x8f, 0x68, 0x8f, 0x2f, 0xf6, 0x61, 0x48, 0x42, 0x1a, 0xcb, 0x03, 0x0f,
-    0x4e, 0x62, 0x1b, 0xff, 0xcd, 0xb8, 0x13, 0x5b, 0xae, 0x64, 0xd1, 0xe5,
-    0x96, 0xdc, 0x59, 0x5d, 0x22, 0x2c, 0xe5, 0x0e, 0x9f, 0x70, 0x61, 0x65,
-    0xec, 0xd4, 0x96, 0x50, 0xcd, 0x96, 0xf1, 0x6b, 0xc3, 0x72, 0x59, 0x4c,
-    0x6f, 0x9c, 0x8e, 0xfb, 0xb7, 0x23, 0x56, 0x5f, 0xff, 0xfb, 0x5e, 0xc2,
-    0x8e, 0xca, 0x0f, 0xce, 0x64, 0xbe, 0xc4, 0x05, 0x95, 0x08, 0x8d, 0x72,
-    0x3b, 0xff, 0x9f, 0x5a, 0x70, 0x40, 0xb3, 0x0c, 0x31, 0x65, 0xe9, 0x30,
-    0x16, 0x5f, 0xf8, 0xdc, 0xeb, 0xcd, 0xed, 0x04, 0xeb, 0x2a, 0x72, 0x29,
-    0x9d, 0x27, 0xc3, 0x97, 0x44, 0x96, 0x54, 0x1e, 0x38, 0x0c, 0x6a, 0x17,
-    0x0b, 0xb0, 0xbd, 0x88, 0xde, 0x36, 0x1e, 0x42, 0x83, 0xd0, 0xac, 0x0c,
-    0x61, 0xd7, 0xce, 0x3c, 0xf2, 0xcb, 0xff, 0x8b, 0x1b, 0xf1, 0xd0, 0x33,
-    0xdc, 0x59, 0x7f, 0xf0, 0x44, 0x9a, 0x74, 0x08, 0xfd, 0xc7, 0xd6, 0x5c,
-    0x46, 0xac, 0xbf, 0xf8, 0x0f, 0x2e, 0x64, 0xbf, 0x04, 0x6a, 0xcb, 0xf8,
-    0xfc, 0xc3, 0xc6, 0xe2, 0xca, 0x83, 0xf4, 0x64, 0x4b, 0xfc, 0xc6, 0xf1,
-    0x8b, 0xa9, 0x2c, 0xb4, 0x68, 0xf5, 0x3e, 0x41, 0x4c, 0x98, 0x36, 0xec,
-    0x37, 0xe8, 0x52, 0xee, 0xb1, 0xa2, 0x52, 0x36, 0xd1, 0xad, 0x4a, 0x57,
-    0x70, 0xe5, 0x94, 0xe4, 0x7f, 0x66, 0xc3, 0x9b, 0xb9, 0x54, 0x1d, 0x46,
-    0xf2, 0xd2, 0xe6, 0xb7, 0x23, 0x0b, 0x9a, 0x32, 0x6d, 0x43, 0xc8, 0xf1,
-    0xa1, 0xfe, 0x57, 0xb3, 0xd6, 0x25, 0xc0, 0x8e, 0x00, 0xa7, 0x12, 0xb9,
-    0x18, 0x2f, 0xa7, 0x32, 0xb7, 0xbc, 0xcf, 0x90, 0x88, 0x87, 0xbb, 0x1a,
-    0x85, 0xe0, 0x6d, 0x8b, 0x2f, 0x1f, 0x9d, 0xac, 0xbc, 0x5d, 0xc2, 0xcb,
-    0xec, 0xf3, 0xf4, 0xb2, 0xa7, 0x1e, 0xe3, 0x0f, 0x68, 0x72, 0xff, 0xb8,
-    0x6b, 0x94, 0x66, 0xd0, 0xb2, 0xfa, 0x59, 0xa8, 0x59, 0x7f, 0x18, 0xfa,
-    0xd3, 0xf4, 0xb2, 0xff, 0xfd, 0xcd, 0x69, 0xa6, 0xe6, 0xa3, 0xcd, 0xdb,
-    0x0d, 0x65, 0x1d, 0x30, 0xf7, 0x30, 0x01, 0xc1, 0x10, 0x98, 0x5f, 0x7b,
-    0xd1, 0xc5, 0x96, 0x25, 0x97, 0xe1, 0xe6, 0x03, 0x8b, 0x2c, 0x09, 0xf3,
-    0x6e, 0x20, 0x85, 0x1c, 0xff, 0x89, 0x4e, 0xf6, 0xcc, 0x35, 0x96, 0x0a,
-    0xcb, 0x01, 0x8d, 0x71, 0x0e, 0xd8, 0x52, 0xb2, 0xfb, 0x4c, 0x46, 0xac,
-    0xbf, 0x07, 0xbf, 0xb6, 0x96, 0x5d, 0x86, 0xac, 0xb7, 0xa0, 0xf0, 0x38,
-    0x53, 0x7f, 0x67, 0x7f, 0x8e, 0xa4, 0xb2, 0xfe, 0x3f, 0x18, 0xdf, 0x18,
-    0xb2, 0xfd, 0x1d, 0x7e, 0x24, 0xb2, 0x85, 0x09, 0x92, 0xe8, 0x54, 0x98,
-    0xbc, 0x4e, 0x21, 0x7e, 0xe9, 0x85, 0xfb, 0x3d, 0xec, 0xd9, 0x65, 0xff,
-    0x47, 0x39, 0x9e, 0xe6, 0x6c, 0xb2, 0xdd, 0x11, 0xf0, 0x88, 0x51, 0x7f,
-    0x47, 0x52, 0xcd, 0xd9, 0x2c, 0xac, 0x3d, 0xa3, 0x94, 0xdd, 0xd7, 0x96,
-    0x5f, 0xb0, 0xb6, 0x6d, 0x2c, 0xbf, 0x79, 0xc8, 0x38, 0xb2, 0xff, 0x73,
-    0x0e, 0xde, 0xfb, 0xac, 0xac, 0x44, 0xbe, 0x86, 0x08, 0x9f, 0xc4, 0xd7,
-    0xf4, 0x07, 0xdf, 0x70, 0x2c, 0xbd, 0xf8, 0x1a, 0xca, 0xd1, 0xe4, 0xf0,
-    0xb6, 0xfa, 0x5a, 0x20, 0xac, 0xa9, 0x1e, 0x27, 0x44, 0x55, 0x08, 0xeb,
-    0x78, 0x64, 0x5e, 0x9c, 0x76, 0x59, 0x7f, 0x64, 0xda, 0x8f, 0x71, 0x65,
-    0xc4, 0x75, 0x95, 0x23, 0xe2, 0x21, 0xee, 0x17, 0x5e, 0xdd, 0xd4, 0x2c,
-    0xbf, 0xf1, 0x43, 0xed, 0xcc, 0xdf, 0x06, 0x2c, 0xbf, 0xef, 0xb6, 0xbe,
-    0xe2, 0x93, 0x0c, 0x59, 0x7f, 0xde, 0xd4, 0x67, 0x42, 0xa8, 0x50, 0x29,
-    0x59, 0x7f, 0xf8, 0x9c, 0xce, 0x16, 0x75, 0x2f, 0x07, 0x65, 0x97, 0xfb,
-    0x4d, 0x31, 0x66, 0xf7, 0x59, 0x7f, 0xb0, 0xa5, 0x9c, 0x7f, 0xac, 0xbf,
-    0xfd, 0xa3, 0x4c, 0x7d, 0x8b, 0x37, 0xe9, 0xb8, 0xb2, 0xdc, 0x9c, 0xa8,
-    0x4e, 0x0b, 0x86, 0x3f, 0x88, 0x1d, 0x1f, 0xcc, 0x91, 0xa4, 0xcf, 0x1a,
-    0x08, 0x63, 0x7f, 0xb4, 0x58, 0x3f, 0xe1, 0x2c, 0xbe, 0x72, 0x0e, 0x2c,
-    0xbf, 0x0f, 0x9c, 0x83, 0xac, 0xae, 0x93, 0x02, 0x78, 0x44, 0x80, 0xc4,
-    0x88, 0x2f, 0xf8, 0xa1, 0xf6, 0xfc, 0x68, 0x0b, 0x2f, 0xf3, 0x68, 0xbd,
-    0xec, 0xd9, 0x65, 0xf7, 0xb6, 0xc3, 0x16, 0x5c, 0xfb, 0xd6, 0x5f, 0xd2,
-    0x26, 0x97, 0xf1, 0x65, 0xfb, 0x66, 0xd4, 0x49, 0x65, 0x1a, 0x8c, 0x3e,
-    0x8c, 0xe6, 0x24, 0xd0, 0xc1, 0x16, 0x5e, 0xf3, 0x1a, 0xb2, 0xfc, 0x1f,
-    0x4f, 0xe7, 0x96, 0x5e, 0x1b, 0x1a, 0xb2, 0xa0, 0xf2, 0x30, 0xae, 0xfe,
-    0x7f, 0x89, 0xa7, 0x02, 0xcb, 0xda, 0x00, 0x8b, 0x2f, 0xfe, 0x6f, 0x47,
-    0xb9, 0xf7, 0x6f, 0x85, 0x65, 0x41, 0xf0, 0xb8, 0xf5, 0xf1, 0x10, 0x64,
-    0xb2, 0xf7, 0x18, 0xc5, 0x97, 0xf8, 0x83, 0xcc, 0x3c, 0x76, 0xb2, 0xff,
-    0xdf, 0x8d, 0x00, 0xb0, 0xc7, 0x02, 0xcb, 0xd9, 0x93, 0x2c, 0xa3, 0x51,
-    0x1b, 0xf3, 0x30, 0x1f, 0x5f, 0x78, 0x11, 0x25, 0x95, 0x87, 0xa6, 0x13,
-    0x1b, 0xd1, 0xd1, 0x8b, 0x2f, 0xda, 0x09, 0xdc, 0x96, 0x57, 0x8f, 0x14,
-    0x23, 0xd7, 0xc7, 0x8c, 0xd9, 0x65, 0xfb, 0x37, 0x94, 0x74, 0xb2, 0x98,
-    0xf2, 0xf8, 0x45, 0x7d, 0x05, 0xee, 0xd6, 0x5f, 0xb4, 0x6e, 0xcf, 0xb8,
-    0xb2, 0x86, 0xb9, 0xb9, 0x90, 0xfb, 0x64, 0xcd, 0x32, 0x9c, 0x83, 0xf0,
-    0x8f, 0x72, 0x00, 0x10, 0x94, 0x3f, 0x78, 0xcd, 0xe6, 0xd9, 0xf2, 0x11,
-    0x08, 0xaf, 0xd3, 0xff, 0xc0, 0x3a, 0xcb, 0xfc, 0x01, 0x30, 0x87, 0xf8,
-    0x59, 0x50, 0x99, 0x09, 0xe1, 0x88, 0xe5, 0x57, 0xf7, 0x30, 0xed, 0xf8,
-    0x59, 0x7b, 0xa9, 0x71, 0x65, 0x74, 0x79, 0x5a, 0x2c, 0xbd, 0xc0, 0x18,
-    0xb2, 0xfb, 0xae, 0x47, 0x4b, 0x2f, 0xd2, 0xf7, 0x20, 0xd5, 0x97, 0xff,
-    0x46, 0xa2, 0x62, 0x73, 0x3d, 0x9f, 0x59, 0x4e, 0x7d, 0xa4, 0x53, 0x69,
-    0x32, 0x2c, 0x4f, 0x09, 0x1a, 0x84, 0xc7, 0xf0, 0x8d, 0xe1, 0x9f, 0x7f,
-    0xc6, 0x16, 0x6b, 0x9f, 0xce, 0xd6, 0x5f, 0xfc, 0x59, 0xcc, 0x1c, 0xd2,
-    0x8d, 0x6c, 0xb2, 0x98, 0xff, 0xfc, 0x75, 0x7f, 0x1b, 0xe2, 0x83, 0xf1,
-    0x65, 0xf6, 0x0d, 0x89, 0x65, 0xf0, 0x5f, 0x52, 0x59, 0x7d, 0x01, 0x15,
-    0xf1, 0x25, 0xfa, 0x42, 0xcc, 0x30, 0xc5, 0x94, 0x47, 0xa8, 0x12, 0x6b,
-    0xf4, 0xfb, 0xed, 0xf6, 0x59, 0x7f, 0xfd, 0xf6, 0x34, 0xd8, 0xf7, 0x20,
-    0x8b, 0x3c, 0xb2, 0xf8, 0xb0, 0xf0, 0xb2, 0xff, 0x47, 0x9c, 0x0f, 0x9a,
-    0x59, 0x76, 0x79, 0x65, 0xff, 0xfd, 0xe2, 0xc0, 0x39, 0x03, 0xc4, 0xe0,
-    0x33, 0x3e, 0xb2, 0xe2, 0xee, 0x72, 0x67, 0x5d, 0x95, 0xb2, 0x79, 0xc8,
-    0x3e, 0x62, 0x20, 0xb5, 0xef, 0x1f, 0xcb, 0x2f, 0xc1, 0x62, 0x6e, 0x2c,
-    0xa7, 0x3c, 0x3e, 0x0e, 0xdf, 0xb9, 0xa8, 0x7e, 0xd6, 0x5f, 0xa0, 0xbb,
-    0x8d, 0xeb, 0x2b, 0x0f, 0x47, 0xe5, 0x15, 0x39, 0x59, 0x70, 0xc8, 0x31,
-    0xd9, 0xe3, 0x5b, 0x04, 0x2a, 0xbc, 0xe5, 0x7f, 0x80, 0x59, 0xbf, 0x4d,
-    0xc5, 0x97, 0xf8, 0x42, 0x27, 0x31, 0xfe, 0xb2, 0x85, 0x2d, 0xb8, 0xcc,
-    0x47, 0x11, 0x90, 0xc8, 0xe9, 0x3d, 0xa3, 0x4a, 0xd4, 0x63, 0x47, 0x8e,
-    0x8d, 0xe5, 0xce, 0x82, 0x78, 0xfc, 0xa3, 0x9d, 0xe4, 0x2c, 0xbc, 0x42,
-    0x19, 0x6b, 0x9b, 0xd9, 0x0c, 0x34, 0xbe, 0x00, 0x90, 0x05, 0x97, 0xa7,
-    0xb1, 0x50, 0x52, 0xb2, 0xf4, 0x89, 0xd6, 0x5f, 0xef, 0x41, 0xfa, 0x96,
-    0x79, 0x65, 0xff, 0xdb, 0x3e, 0xe7, 0x7f, 0x6e, 0xe3, 0xdc, 0x59, 0x53,
-    0xda, 0x31, 0x20, 0xaf, 0x06, 0xf8, 0x69, 0x50, 0x99, 0x3f, 0x50, 0xe7,
-    0xbf, 0x6e, 0xc4, 0xb5, 0x0b, 0x2f, 0x7d, 0x8e, 0xb2, 0xe7, 0x02, 0xca,
-    0x73, 0x65, 0xe1, 0xcb, 0xf6, 0xb6, 0x8d, 0x6c, 0xb2, 0xfe, 0xcf, 0x70,
-    0x25, 0xe5, 0x97, 0xe6, 0x2f, 0x08, 0x75, 0x97, 0x9f, 0x5c, 0x59, 0x50,
-    0x89, 0xbc, 0x2a, 0x01, 0x6f, 0x8a, 0x2f, 0xfd, 0x05, 0xef, 0x85, 0xe5,
-    0x28, 0x59, 0x7b, 0x41, 0xdc, 0x59, 0x73, 0x4c, 0xb2, 0x98, 0xdb, 0x91,
-    0x05, 0xb6, 0x59, 0x7e, 0xd4, 0x7d, 0x8d, 0x59, 0x7f, 0xd2, 0x13, 0xcc,
-    0x51, 0xd4, 0x96, 0x56, 0xc8, 0x93, 0x34, 0x7f, 0xb1, 0x2d, 0x14, 0x5f,
-    0x82, 0x0c, 0x2e, 0xd6, 0x5e, 0xd4, 0x4c, 0xb2, 0xf1, 0x3c, 0xcb, 0x2f,
-    0xdc, 0x31, 0xfa, 0xe2, 0xca, 0x63, 0xc6, 0x71, 0xcb, 0xff, 0x14, 0x1b,
-    0xf7, 0xf0, 0x98, 0x05, 0x97, 0xb9, 0xac, 0x59, 0x78, 0xb2, 0x4b, 0x2f,
-    0xda, 0x01, 0x04, 0x0b, 0x2a, 0x0f, 0x0f, 0x06, 0xe9, 0x8f, 0xff, 0x8b,
-    0xf6, 0xdc, 0x59, 0x7f, 0x60, 0x91, 0x33, 0x71, 0x65, 0x11, 0xe1, 0x78,
-    0x52, 0xa1, 0x72, 0x1b, 0x65, 0xc9, 0x42, 0xec, 0x67, 0x79, 0x18, 0x3e,
-    0x90, 0x0e, 0x51, 0xf6, 0x32, 0x20, 0xf4, 0x2f, 0xb7, 0xb1, 0xdf, 0xf4,
-    0x37, 0xe0, 0xfb, 0x61, 0x8b, 0x2f, 0xfd, 0xc8, 0x61, 0x94, 0x49, 0x80,
-    0xb2, 0xfd, 0xf6, 0xd9, 0xc9, 0x65, 0xc3, 0x65, 0x97, 0xe0, 0x9a, 0xe4,
-    0x05, 0x97, 0x7d, 0x96, 0x54, 0x1f, 0xde, 0x13, 0xfc, 0x5b, 0x74, 0xa2,
-    0xff, 0xb6, 0x2c, 0x97, 0xf0, 0x1c, 0x59, 0x7f, 0x1b, 0xc6, 0x2e, 0xa4,
-    0xb2, 0xff, 0xa0, 0xbb, 0x9c, 0x32, 0x73, 0x16, 0x5f, 0xfb, 0x0b, 0xa9,
-    0x73, 0x41, 0x80, 0x2c, 0xbd, 0xcc, 0x35, 0x65, 0xce, 0x75, 0x95, 0xe3,
-    0x67, 0xbc, 0x76, 0xff, 0xde, 0x0f, 0xa6, 0x0e, 0xc7, 0x6f, 0x2c, 0xac,
-    0x3e, 0x56, 0x23, 0xbe, 0xec, 0xe0, 0x85, 0x97, 0xf4, 0xb3, 0x9c, 0x61,
-    0xac, 0xb4, 0xa7, 0x1e, 0x87, 0x88, 0xea, 0x13, 0xdb, 0xd8, 0xbd, 0x8e,
-    0xcf, 0x0d, 0x71, 0x1c, 0x2f, 0xfd, 0xaf, 0x98, 0xe3, 0xdf, 0xec, 0xed,
-    0x65, 0xf6, 0x1e, 0x3b, 0x59, 0x7b, 0xf9, 0xba, 0xb2, 0xff, 0x7d, 0xb4,
-    0x59, 0xee, 0x2c, 0xbe, 0x93, 0xfb, 0x8b, 0x2d, 0xe9, 0xc7, 0xe7, 0xd8,
-    0xfc, 0xc6, 0x54, 0xe9, 0x88, 0x81, 0x0c, 0xa1, 0x2b, 0x78, 0x71, 0xbd,
-    0x65, 0xfb, 0x0d, 0xc2, 0x92, 0xcb, 0xa2, 0x65, 0x97, 0xff, 0x14, 0x18,
-    0x32, 0x8e, 0xa4, 0xc4, 0xb2, 0xb4, 0x7b, 0x44, 0x2f, 0x7e, 0x3e, 0x7d,
-    0xf7, 0x56, 0x56, 0x1e, 0x5b, 0x10, 0xdf, 0xba, 0xed, 0xbd, 0xc5, 0x97,
-    0xfe, 0x9a, 0x51, 0xad, 0xa7, 0x19, 0x9f, 0x59, 0x7f, 0xbe, 0xdf, 0x28,
-    0xcd, 0x2c, 0xbf, 0x46, 0xfd, 0x09, 0xc5, 0x95, 0x39, 0x14, 0x1d, 0xa2,
-    0x7c, 0xc6, 0xa1, 0x1f, 0xaf, 0x0c, 0xaa, 0x85, 0x4c, 0x23, 0x34, 0xd0,
-    0xf7, 0xe1, 0x98, 0x51, 0x8e, 0xdf, 0xef, 0xe7, 0xb0, 0x3a, 0xd9, 0x65,
-    0xf1, 0x05, 0xfc, 0xb2, 0xfb, 0xae, 0xdb, 0xa5, 0x94, 0x73, 0xfa, 0x01,
-    0xa7, 0x08, 0x6f, 0xf1, 0x44, 0xa6, 0xfc, 0x6c, 0xb2, 0xee, 0xd9, 0x65,
-    0xff, 0x31, 0x4d, 0x1d, 0xeb, 0x3a, 0x59, 0x4e, 0x7a, 0x3c, 0x17, 0xa1,
-    0xa2, 0x9b, 0xd0, 0x85, 0xbf, 0x0c, 0xd3, 0x43, 0xd2, 0xcb, 0x1a, 0xe7,
-    0xa8, 0x12, 0x8b, 0xfe, 0x8f, 0x66, 0xbb, 0x77, 0xed, 0x51, 0x7c, 0x2f,
-    0xe7, 0x61, 0xc7, 0xb8, 0xb2, 0xff, 0xff, 0x79, 0xb3, 0xa1, 0xfc, 0x3c,
-    0xce, 0xe7, 0x7d, 0xb0, 0xeb, 0x2f, 0xd9, 0xa8, 0xea, 0x4b, 0x2e, 0x83,
-    0xf6, 0x8f, 0xef, 0xa3, 0x70, 0xb3, 0xcc, 0x97, 0xfc, 0xe6, 0xf1, 0xb8,
-    0xdd, 0x79, 0x65, 0x7d, 0x10, 0x64, 0x93, 0x7f, 0xfe, 0x2e, 0xe7, 0x7e,
-    0x1b, 0x4c, 0x76, 0x9f, 0x83, 0xac, 0xbc, 0xfa, 0xd9, 0x51, 0x7f, 0xaf,
-    0xfe, 0xc2, 0x01, 0x99, 0xd7, 0xbd, 0x07, 0x59, 0x7f, 0xe2, 0xf6, 0xb2,
-    0x3a, 0x93, 0x1d, 0x65, 0xec, 0xdb, 0x75, 0x65, 0x42, 0x69, 0x18, 0x45,
-    0xda, 0xcf, 0xca, 0x9d, 0x14, 0x8f, 0xaf, 0x79, 0x8c, 0x59, 0x7f, 0x3e,
-    0xc2, 0x0d, 0xf7, 0x16, 0x57, 0x8f, 0x3c, 0x23, 0xb7, 0xfb, 0x5a, 0xc9,
-    0x8f, 0x1c, 0x59, 0x7f, 0xcf, 0xee, 0x31, 0x75, 0x23, 0xac, 0xbf, 0xe6,
-    0xd6, 0xc1, 0x00, 0x23, 0xcb, 0x2f, 0xfa, 0x33, 0x53, 0xa4, 0xdd, 0x49,
-    0x65, 0x49, 0x30, 0x4c, 0x22, 0x01, 0xa7, 0x0e, 0x7c, 0x75, 0x7f, 0xff,
-    0xbe, 0xfc, 0x68, 0xe4, 0xef, 0x7f, 0x0f, 0x9d, 0xbe, 0x96, 0x5d, 0x1b,
-    0xab, 0x2f, 0xb9, 0xc7, 0x3a, 0xca, 0xfa, 0x27, 0x40, 0xc5, 0xe1, 0x9b,
-    0xfd, 0xd7, 0x84, 0xff, 0xf3, 0x71, 0x65, 0xfb, 0x1b, 0x68, 0x35, 0x65,
-    0x61, 0xf0, 0xfc, 0xe6, 0xfc, 0x0e, 0x4f, 0xc7, 0x96, 0x5f, 0x66, 0x84,
-    0x99, 0x65, 0x6c, 0x7e, 0x18, 0x43, 0xa2, 0xbb, 0xed, 0x86, 0xd3, 0x2c,
-    0xbe, 0xea, 0x5e, 0x75, 0x97, 0xff, 0xbb, 0xfb, 0x16, 0x6f, 0x79, 0x71,
-    0x86, 0xb2, 0xff, 0x48, 0xb0, 0xe7, 0x79, 0x2c, 0xbe, 0x6e, 0xd8, 0x6b,
-    0x2e, 0xd4, 0x31, 0xea, 0x78, 0xca, 0x86, 0x8c, 0xbd, 0x42, 0x7e, 0xfe,
-    0xe7, 0x8a, 0x33, 0xa5, 0x95, 0x09, 0xb3, 0xe1, 0x23, 0xc3, 0xb8, 0x25,
-    0x17, 0xff, 0xb3, 0x9f, 0x76, 0xf4, 0x1c, 0x9c, 0xd5, 0x97, 0xe0, 0x73,
-    0xd9, 0xf5, 0x97, 0xc3, 0xfc, 0x74, 0xb2, 0xfb, 0x3f, 0x2c, 0x59, 0x63,
-    0x18, 0xf1, 0x3c, 0x47, 0x6c, 0x59, 0x50, 0x8a, 0x47, 0x6c, 0xf1, 0x45,
-    0x42, 0xaf, 0x09, 0x47, 0x2d, 0x88, 0x05, 0x0e, 0xcb, 0xff, 0x00, 0xed,
-    0x9d, 0x78, 0x70, 0x35, 0x97, 0xf4, 0xe1, 0xe6, 0x03, 0x8b, 0x2f, 0xff,
-    0xde, 0xcd, 0x6c, 0xdc, 0x6d, 0xff, 0x6c, 0xeb, 0xcb, 0x28, 0xe8, 0x87,
-    0x22, 0xfb, 0xfc, 0x5e, 0xe0, 0x47, 0xf6, 0x59, 0x50, 0x7a, 0xb8, 0x45,
-    0x73, 0xf4, 0xb2, 0xfa, 0x71, 0x85, 0xe5, 0x97, 0x73, 0x0e, 0x6f, 0x08,
-    0x5e, 0xf1, 0xf5, 0xb2, 0xca, 0xc3, 0xc9, 0x62, 0xbb, 0xff, 0x7a, 0x39,
-    0xc8, 0x6d, 0x9f, 0xcb, 0x2f, 0xf9, 0xb0, 0x86, 0x6b, 0x66, 0x96, 0x54,
-    0x2a, 0x55, 0x68, 0xc6, 0xf5, 0x0a, 0x5f, 0x10, 0x6e, 0x9f, 0x5f, 0xf7,
-    0x33, 0x6e, 0x31, 0x3e, 0xcb, 0x2f, 0xfd, 0x9d, 0x49, 0x88, 0xf0, 0x38,
-    0x59, 0x76, 0x74, 0xb2, 0xb1, 0x11, 0xac, 0x73, 0xe3, 0xdb, 0xf9, 0xf5,
-    0xd4, 0xb3, 0xcb, 0x2f, 0xfd, 0xee, 0x36, 0xbc, 0x41, 0x79, 0x2c, 0xbf,
-    0xff, 0x37, 0x30, 0x7f, 0xcf, 0x36, 0x73, 0x6c, 0x31, 0x65, 0xff, 0xf1,
-    0x7b, 0xbf, 0xb1, 0x9c, 0x2c, 0x00, 0x78, 0xb2, 0xfd, 0x8d, 0x3e, 0xc3,
-    0x59, 0x7f, 0xf4, 0x4f, 0xe0, 0x4b, 0x33, 0x7c, 0x74, 0xb2, 0xa1, 0x18,
-    0x23, 0x51, 0x39, 0x4d, 0xff, 0xa3, 0x35, 0x9a, 0x01, 0xdb, 0x8b, 0x2f,
-    0xbd, 0xc0, 0x76, 0xb2, 0xf3, 0xf5, 0xba, 0xb2, 0xfe, 0x7f, 0x72, 0x33,
-    0x65, 0x95, 0x0a, 0x97, 0xf0, 0xbb, 0xb3, 0xe6, 0x8c, 0x58, 0x8b, 0xc2,
-    0x7b, 0xbc, 0x90, 0xc2, 0x0b, 0xf0, 0x1f, 0xa9, 0x62, 0xcb, 0xfb, 0xae,
-    0x31, 0x75, 0x25, 0x97, 0xf1, 0x7b, 0x26, 0x8d, 0xc5, 0x95, 0x07, 0xbf,
-    0x85, 0xf7, 0xff, 0x60, 0x06, 0xef, 0xdf, 0xcf, 0x03, 0x59, 0x50, 0x8e,
-    0xb3, 0xc2, 0x1c, 0x04, 0x17, 0xfc, 0x18, 0x3f, 0x30, 0xf1, 0xb8, 0xb2,
-    0xff, 0xda, 0xdb, 0x07, 0x9f, 0xfe, 0x6e, 0x2c, 0xb1, 0xab, 0x2f, 0xf7,
-    0xb8, 0x26, 0xf8, 0xce, 0x96, 0x54, 0x1e, 0x49, 0x09, 0x5f, 0xfb, 0x5c,
-    0x38, 0x99, 0xa6, 0x89, 0x96, 0x56, 0x1f, 0x00, 0x48, 0x2f, 0xce, 0x5b,
-    0x70, 0x6b, 0x2b, 0x13, 0x34, 0xe4, 0x3a, 0xcc, 0x21, 0xbe, 0xf7, 0xf0,
-    0x96, 0x5f, 0xdc, 0x79, 0x14, 0x1d, 0x65, 0xe2, 0x8d, 0xc5, 0x97, 0xff,
-    0xd2, 0x8d, 0x6d, 0xe6, 0x37, 0x9c, 0x72, 0x92, 0xcb, 0xfb, 0x6e, 0x61,
-    0xe3, 0x71, 0x65, 0x4c, 0x88, 0x21, 0x14, 0x6b, 0x13, 0x12, 0xd1, 0x0f,
-    0x0b, 0x0c, 0x85, 0x05, 0xe6, 0xfb, 0x2c, 0xbf, 0x7c, 0x7e, 0xcd, 0xeb,
-    0x2e, 0x1c, 0x96, 0x5f, 0xec, 0x18, 0x7d, 0xc9, 0x0a, 0xd6, 0x5d, 0x92,
-    0x59, 0x5f, 0x3c, 0xe2, 0x38, 0xb4, 0xa1, 0x16, 0x1a, 0x2a, 0xf3, 0x2d,
-    0xf1, 0xfc, 0xdb, 0x2c, 0xac, 0x3d, 0x86, 0x35, 0xbf, 0xfb, 0x7f, 0x8d,
-    0x82, 0x96, 0x7d, 0x8e, 0xb2, 0xed, 0xbc, 0xb2, 0xff, 0x6f, 0xfb, 0xca,
-    0x30, 0x96, 0x54, 0x1e, 0x5e, 0x0c, 0x5f, 0x49, 0xf5, 0x25, 0x97, 0xff,
-    0xa3, 0x4f, 0xe0, 0xf9, 0xbd, 0xcf, 0xb2, 0xcb, 0x4a, 0x63, 0xeb, 0xf9,
-    0x15, 0xfd, 0x86, 0x09, 0xf7, 0xf2, 0xcb, 0xfa, 0x47, 0xf1, 0x06, 0x65,
-    0x97, 0xff, 0xc2, 0x4a, 0x37, 0xb1, 0x03, 0x4d, 0x07, 0xc4, 0x95, 0xa3,
-    0xff, 0xf1, 0x7d, 0xf7, 0xc4, 0xeb, 0xcb, 0x2f, 0xd8, 0x7c, 0x6d, 0xeb,
-    0x2f, 0x6d, 0x36, 0xe2, 0xcb, 0x18, 0xb2, 0xa1, 0x37, 0xad, 0x8a, 0x72,
-    0x15, 0xdd, 0x91, 0x31, 0x28, 0x4a, 0x27, 0xc8, 0xae, 0xf6, 0x2c, 0xbf,
-    0x69, 0xb6, 0x73, 0xaa, 0x61, 0x35, 0xf7, 0x83, 0x0e, 0xa9, 0x84, 0xd7,
-    0x02, 0x15, 0x40, 0x9a, 0xff, 0x13, 0x9b, 0xe8, 0xd0, 0x15, 0x40, 0x9a,
-    0xff, 0x73, 0x3e, 0xdc, 0x0e, 0xca, 0x98, 0x4d, 0x76, 0x0d, 0x53, 0x09,
-    0xae, 0x30, 0xc5, 0xcc, 0x26, 0xac, 0x4d, 0x43, 0xa3, 0x56, 0x2e, 0x39,
-    0x1f, 0x10, 0x37, 0xa0, 0x98, 0x47, 0x6f, 0x26, 0x61, 0x30, 0x59, 0xf3,
-    0xd7, 0x49, 0xff, 0x99, 0x1e, 0x6d, 0xf6, 0x0c, 0x24, 0xb2, 0x98, 0xf3,
-    0x5c, 0xb2, 0xff, 0xfc, 0x03, 0xbc, 0xb9, 0xf8, 0xdf, 0x82, 0x0d, 0xe4,
-    0xb2, 0xa1, 0x7d, 0x31, 0x90, 0xff, 0x19, 0x1b, 0x90, 0x14, 0x24, 0x79,
-    0x28, 0x17, 0xd2, 0xae, 0x02, 0x41, 0x7f, 0xfd, 0x86, 0x7d, 0xdb, 0xd1,
-    0xe0, 0x83, 0x09, 0x65, 0xff, 0xa4, 0x4e, 0x6c, 0xd2, 0x6d, 0x49, 0x65,
-    0xff, 0x39, 0xa5, 0x93, 0x4a, 0x3a, 0x59, 0x5a, 0x3f, 0xa2, 0x40, 0xbf,
-    0xff, 0x88, 0x78, 0x50, 0x67, 0x8d, 0x7e, 0x66, 0x11, 0xab, 0x2f, 0x9f,
-    0x7e, 0x18, 0xb2, 0xd3, 0xd2, 0xcb, 0xff, 0xe7, 0x97, 0xe2, 0x1b, 0xdc,
-    0x62, 0xea, 0x4b, 0x2a, 0x47, 0xc9, 0xf1, 0x6b, 0xd3, 0x47, 0x16, 0x5e,
-    0x20, 0x1d, 0x65, 0xff, 0x40, 0x7c, 0x4d, 0xbc, 0x43, 0xac, 0xbf, 0xec,
-    0xf3, 0x67, 0x36, 0xc3, 0x16, 0x5d, 0x07, 0x59, 0x76, 0x72, 0x11, 0x87,
-    0x83, 0xba, 0x1c, 0xf9, 0xdc, 0xf9, 0xcd, 0xff, 0xe7, 0x97, 0xe3, 0x78,
-    0x87, 0x77, 0xd7, 0x6b, 0x2a, 0x15, 0xa9, 0xe4, 0x32, 0x18, 0x87, 0x4b,
-    0x4f, 0x08, 0x82, 0x87, 0x28, 0x55, 0xaf, 0xf3, 0x6f, 0x9d, 0xf7, 0xe6,
-    0xe2, 0xcb, 0xfb, 0xc1, 0x7e, 0x73, 0xcb, 0x2f, 0xdc, 0x8c, 0x04, 0x2c,
-    0xbe, 0x07, 0xcb, 0x3a, 0x3d, 0x4f, 0x17, 0x5f, 0xf7, 0xe0, 0x43, 0xe6,
-    0xf6, 0xed, 0x65, 0x62, 0x60, 0x6f, 0x08, 0xee, 0x1c, 0xde, 0x6d, 0x1a,
-    0xb2, 0xed, 0x01, 0x65, 0x61, 0xb4, 0x61, 0xdb, 0xb6, 0xd2, 0xcb, 0x81,
-    0x32, 0xcb, 0xff, 0x8f, 0x34, 0x9c, 0xb6, 0x1c, 0x16, 0xcb, 0x2a, 0x0f,
-    0xd8, 0x63, 0x18, 0x31, 0x7b, 0x39, 0x25, 0x97, 0xcd, 0xf7, 0x3a, 0xcb,
-    0xed, 0x47, 0x36, 0x59, 0x5a, 0x3e, 0x0f, 0x0e, 0x08, 0x43, 0x50, 0xea,
-    0x7c, 0x76, 0x94, 0x28, 0x39, 0x78, 0x59, 0x0c, 0xf3, 0x63, 0x29, 0xee,
-    0x57, 0x8f, 0x51, 0xd4, 0x34, 0x39, 0xe6, 0x97, 0xe3, 0xa9, 0x53, 0x87,
-    0x87, 0x2f, 0xe5, 0x46, 0x82, 0x36, 0x42, 0x34, 0xe4, 0x6d, 0xfe, 0xa4,
-    0x4a, 0x6f, 0x97, 0xb8, 0x64, 0x6e, 0x73, 0xed, 0x02, 0x42, 0x57, 0x76,
-    0x11, 0xb7, 0xdb, 0x1f, 0xdc, 0x59, 0x76, 0x12, 0xcb, 0xbd, 0xc5, 0x95,
-    0x06, 0xb0, 0x85, 0x6f, 0xfe, 0xcf, 0xe7, 0xba, 0xed, 0xb5, 0xfc, 0x59,
-    0x76, 0x71, 0x65, 0x48, 0xfe, 0x86, 0x3e, 0x04, 0x5b, 0xfa, 0x53, 0x4a,
-    0x0b, 0xcb, 0x2f, 0xec, 0x91, 0x05, 0xf8, 0xb2, 0xfb, 0xae, 0x34, 0x2c,
-    0xbf, 0xd8, 0x5b, 0xbe, 0x62, 0x35, 0x65, 0x74, 0x8b, 0x1d, 0x17, 0x7c,
-    0xb0, 0x04, 0x57, 0xd9, 0xa6, 0x35, 0x65, 0xe3, 0x36, 0x3a, 0xcb, 0xff,
-    0xed, 0xfa, 0xcd, 0xa7, 0x06, 0x33, 0xd1, 0xd4, 0x96, 0x5f, 0xf7, 0xe0,
-    0xe4, 0xf2, 0xcf, 0xac, 0xa8, 0x4c, 0x2c, 0x67, 0xd8, 0x44, 0xe3, 0xfc,
-    0x55, 0xbf, 0xbf, 0x02, 0x17, 0x40, 0x59, 0x76, 0x6e, 0xac, 0xb8, 0x4e,
-    0x2c, 0xbf, 0x78, 0xcc, 0x2d, 0x96, 0x5a, 0x3e, 0x78, 0x24, 0x31, 0x53,
-    0xc2, 0x20, 0x24, 0xb5, 0x7b, 0x30, 0xc5, 0x97, 0x31, 0xab, 0x2b, 0x63,
-    0x66, 0xc3, 0x97, 0xef, 0x64, 0xcc, 0x75, 0x97, 0xe8, 0xe8, 0x00, 0x85,
-    0x95, 0x07, 0xa0, 0x45, 0x17, 0xe8, 0xdf, 0x05, 0xe5, 0x97, 0xe6, 0xdf,
-    0xe6, 0xd9, 0x65, 0xfb, 0xdf, 0x8d, 0x49, 0x65, 0xff, 0xb0, 0xf0, 0x50,
-    0x03, 0xbc, 0x96, 0x5f, 0xf8, 0xe4, 0xc6, 0xc7, 0xb8, 0xda, 0x59, 0x7d,
-    0x2f, 0x67, 0x6b, 0x2b, 0x0f, 0x85, 0xcf, 0xae, 0x28, 0x59, 0x7f, 0xdf,
-    0x79, 0x44, 0xc5, 0x07, 0x59, 0x7f, 0x0d, 0xfd, 0xf6, 0x31, 0x65, 0xf8,
-    0xb0, 0x4c, 0x99, 0x65, 0xff, 0xfb, 0x3b, 0x04, 0x1f, 0x3c, 0xdc, 0xcc,
-    0x23, 0x56, 0x5f, 0xc7, 0x68, 0x3b, 0x92, 0xca, 0xf9, 0xff, 0x81, 0x52,
-    0xff, 0xe6, 0x38, 0xc2, 0xfa, 0x96, 0x75, 0xe5, 0x96, 0x2c, 0x3e, 0x7e,
-    0xc8, 0xaf, 0xfc, 0xe4, 0x0e, 0xbd, 0xa8, 0xc3, 0x16, 0x5f, 0xfb, 0x9f,
-    0x69, 0xdd, 0x4a, 0x33, 0x65, 0x97, 0xfb, 0x07, 0xad, 0x34, 0xdc, 0x59,
-    0x74, 0xed, 0xd5, 0x96, 0xcd, 0xc4, 0x68, 0x80, 0xff, 0xc8, 0x5b, 0xcd,
-    0x2f, 0x60, 0xe7, 0xd6, 0x5f, 0xf7, 0xdc, 0xff, 0x68, 0xea, 0x4b, 0x2f,
-    0xf6, 0x1c, 0x6c, 0x00, 0xc9, 0x65, 0xf7, 0xdd, 0xce, 0xb2, 0xf9, 0xff,
-    0xf6, 0x59, 0x44, 0x78, 0x5b, 0xc8, 0x6f, 0xc5, 0x29, 0xf7, 0xd9, 0x65,
-    0x41, 0xe7, 0x08, 0x47, 0x50, 0xa9, 0xf2, 0x50, 0xf8, 0x35, 0x1d, 0x87,
-    0xfe, 0x72, 0x08, 0x61, 0xdf, 0xff, 0xe6, 0xde, 0x41, 0xe4, 0xe1, 0x0a,
-    0x07, 0xf7, 0x96, 0x71, 0x65, 0xc6, 0xb2, 0xca, 0xd9, 0x78, 0xe4, 0x64,
-    0x1d, 0x94, 0x74, 0x55, 0xb8, 0x51, 0xa8, 0x4e, 0x9c, 0x83, 0xe2, 0xae,
-    0x70, 0x45, 0xde, 0x97, 0x15, 0xbd, 0x8a, 0x7d, 0x92, 0xff, 0x7f, 0xa9,
-    0x73, 0xf9, 0xb2, 0xcb, 0xfe, 0x7f, 0xcc, 0xc5, 0xfc, 0xe9, 0x65, 0x41,
-    0xf7, 0xe1, 0xb5, 0xe0, 0xf5, 0xb2, 0xcb, 0xf4, 0xd2, 0x8f, 0x71, 0x65,
-    0xdc, 0x02, 0xca, 0xf9, 0xef, 0x80, 0x7e, 0x7c, 0xa6, 0xff, 0xff, 0xfb,
-    0xf8, 0x40, 0xc2, 0xf7, 0xf3, 0xf1, 0x93, 0x36, 0xa6, 0xfb, 0x75, 0xe5,
-    0x97, 0xf6, 0x9b, 0xbf, 0xe4, 0xcb, 0x2f, 0xff, 0x8b, 0x26, 0x70, 0x67,
-    0xa3, 0x7b, 0x10, 0x16, 0x51, 0xcf, 0xfb, 0xc5, 0xf5, 0x89, 0x8e, 0xbc,
-    0x3e, 0xef, 0x8a, 0x30, 0xc5, 0x97, 0xd1, 0xd7, 0x1d, 0x65, 0x43, 0xbb,
-    0x87, 0xda, 0x15, 0x72, 0x39, 0x1c, 0x2d, 0xf2, 0xd5, 0x17, 0x77, 0x1c,
-    0xe7, 0x50, 0xca, 0x68, 0xfa, 0xf7, 0x12, 0x26, 0x85, 0x7e, 0x96, 0xde,
-    0x7a, 0xa8, 0xa3, 0x39, 0xf3, 0xf8, 0x63, 0x4f, 0xde, 0x4e, 0x21, 0x0d,
-    0xee, 0x73, 0x8b, 0x2f, 0xff, 0x98, 0xb0, 0xf0, 0x21, 0x06, 0x45, 0x87,
-    0x59, 0x7e, 0x20, 0xcb, 0x38, 0xb2, 0xff, 0xb0, 0x7f, 0x8f, 0x7e, 0x38,
-    0xb2, 0xe1, 0xb6, 0x1e, 0xf9, 0x13, 0xdf, 0xfe, 0x68, 0xf7, 0xc2, 0xe7,
-    0x9a, 0x51, 0xb2, 0xcb, 0xf8, 0xb3, 0x5a, 0xce, 0x96, 0x57, 0xcf, 0xe3,
-    0x89, 0x77, 0xfd, 0xad, 0x47, 0x7f, 0xe9, 0xf7, 0x16, 0x5e, 0x28, 0xe2,
-    0xcb, 0xec, 0x2c, 0x3a, 0xca, 0x59, 0x50, 0x78, 0xd2, 0x1b, 0x09, 0x05,
-    0xfd, 0xd8, 0x5c, 0x67, 0x85, 0x97, 0xfd, 0xf6, 0x97, 0xde, 0x4c, 0x75,
-    0x97, 0xc5, 0x02, 0xaa, 0x79, 0x2c, 0xbf, 0xf7, 0x18, 0xba, 0x97, 0x9b,
-    0x8c, 0xb2, 0xb1, 0x14, 0x6e, 0x71, 0xe2, 0xdb, 0xe6, 0x26, 0x99, 0x65,
-    0xfb, 0xdf, 0x80, 0x8a, 0xd6, 0x5d, 0xf7, 0x59, 0x4e, 0x78, 0x5e, 0x2c,
-    0xbf, 0xf3, 0x1f, 0x07, 0xf6, 0xe1, 0x62, 0xcb, 0xe3, 0xc0, 0xe1, 0x65,
-    0x11, 0xee, 0xf0, 0xf2, 0xa4, 0xb8, 0x49, 0x90, 0xac, 0xee, 0x14, 0x6c,
-    0x45, 0x34, 0x21, 0x34, 0x5c, 0x78, 0x68, 0xfc, 0xb8, 0x98, 0xfc, 0xfd,
-    0x7d, 0xfc, 0x03, 0xac, 0xbe, 0x28, 0xd4, 0x96, 0x5f, 0xf7, 0xe2, 0x4c,
-    0x44, 0x1e, 0x96, 0x5f, 0xf4, 0x49, 0xbd, 0x28, 0x20, 0x2c, 0xbf, 0xe8,
-    0xcf, 0x08, 0x00, 0x47, 0x4b, 0x2f, 0x61, 0x1a, 0xb2, 0xda, 0x84, 0x73,
-    0x61, 0x0e, 0x8e, 0x0e, 0x6e, 0x2b, 0x3a, 0xb1, 0x2c, 0xbf, 0xe8, 0xdc,
-    0x27, 0xf4, 0x9b, 0x7a, 0xcb, 0xdf, 0x81, 0xac, 0xbf, 0x8a, 0x3b, 0xd4,
-    0x49, 0x65, 0xff, 0xe7, 0x6f, 0x48, 0x25, 0xee, 0x7d, 0xe4, 0xb0, 0x43,
-    0x5b, 0x74, 0x7d, 0x65, 0x32, 0x2e, 0x7e, 0x93, 0xbd, 0x6a, 0xff, 0xdc,
-    0x13, 0xcc, 0x41, 0x96, 0x71, 0x65, 0xc3, 0xe2, 0xca, 0x92, 0x6f, 0x9b,
-    0x90, 0xf5, 0xf9, 0x89, 0x1f, 0xdf, 0xff, 0xd9, 0xd6, 0x71, 0xcb, 0xed,
-    0x1e, 0xf8, 0x5c, 0xeb, 0x2a, 0x72, 0xb8, 0x38, 0x8c, 0x1d, 0x94, 0x9e,
-    0x38, 0xc2, 0x45, 0xbc, 0x76, 0xc5, 0x97, 0xb8, 0xfd, 0xac, 0xb6, 0x2c,
-    0xbf, 0x04, 0xed, 0xf8, 0x59, 0x7e, 0xcd, 0x77, 0x18, 0xb2, 0xb6, 0x3d,
-    0xe2, 0x10, 0x10, 0x9e, 0xff, 0xb0, 0xf9, 0xa6, 0xd9, 0xce, 0xb2, 0xff,
-    0xa0, 0xbb, 0x9c, 0xda, 0xce, 0xd6, 0x5f, 0xfe, 0x9d, 0xef, 0xe1, 0xf3,
-    0xb8, 0xfc, 0x1d, 0x65, 0xe7, 0x3f, 0x16, 0x56, 0x1f, 0x43, 0xa6, 0x50,
-    0x11, 0x87, 0xe8, 0x51, 0xdd, 0x9b, 0x2c, 0xbf, 0xfa, 0x3e, 0x20, 0xf5,
-    0xac, 0xf7, 0xd9, 0x65, 0xff, 0x14, 0x75, 0x3e, 0x6f, 0xb3, 0xeb, 0x2e,
-    0xf4, 0xfa, 0xcb, 0x39, 0xcf, 0x5c, 0x8f, 0x6f, 0x4f, 0xb0, 0x16, 0x5f,
-    0xff, 0x17, 0x9d, 0xfe, 0x51, 0xee, 0x19, 0x9f, 0x59, 0x4c, 0x7d, 0xae,
-    0x3f, 0x7f, 0xec, 0x3e, 0x6e, 0xe6, 0x04, 0x57, 0xc5, 0x97, 0xf0, 0x83,
-    0x7d, 0x61, 0xd6, 0x5f, 0x6f, 0x82, 0x92, 0xcb, 0x6a, 0x71, 0xe8, 0xe1,
-    0x75, 0x79, 0x17, 0xc2, 0x42, 0x56, 0xff, 0xe3, 0xf1, 0xe5, 0xa8, 0xe4,
-    0x16, 0xcb, 0x2f, 0xfa, 0x3d, 0xfc, 0x3e, 0x6b, 0x16, 0x5f, 0xbd, 0xf6,
-    0x8e, 0x2c, 0xbd, 0xb3, 0x96, 0x8f, 0x7b, 0x86, 0xf7, 0xff, 0xf3, 0x7a,
-    0x3d, 0xc2, 0xcf, 0xb4, 0x7b, 0xef, 0x25, 0x97, 0xfd, 0x00, 0xe0, 0xc2,
-    0xfa, 0x92, 0xcb, 0xda, 0xe7, 0x17, 0x10, 0x1a, 0xfb, 0xb7, 0x7e, 0xd5,
-    0x10, 0x18, 0x59, 0xaa, 0xb6, 0x49, 0x14, 0xba, 0x63, 0xbf, 0xe3, 0xbf,
-    0x4f, 0x2e, 0x34, 0x96, 0x5f, 0xf4, 0x7f, 0xb6, 0xe3, 0xb6, 0xcb, 0x2d,
-    0x13, 0x91, 0x35, 0x85, 0x1a, 0x39, 0xbc, 0x77, 0x92, 0xca, 0xf9, 0xe9,
-    0x00, 0xda, 0xe2, 0xc5, 0x97, 0x38, 0x16, 0x54, 0x1e, 0x69, 0x11, 0x78,
-    0x56, 0xdd, 0xac, 0xad, 0x1b, 0xf2, 0x2d, 0xac, 0x56, 0xd4, 0xf0, 0xa2,
-    0xe1, 0x98, 0x92, 0x9d, 0x68, 0x6b, 0xe4, 0x9d, 0x43, 0xef, 0x45, 0x07,
-    0x17, 0xfc, 0x27, 0x01, 0x09, 0x32, 0x86, 0xf7, 0xa5, 0xc9, 0xdf, 0x0f,
-    0xf1, 0x3e, 0xb2, 0xff, 0xf1, 0xdf, 0xdc, 0x0c, 0xbe, 0xec, 0x4e, 0xb2,
-    0xff, 0xfe, 0x61, 0x96, 0x72, 0x35, 0x3b, 0x9f, 0x71, 0xc0, 0xd6, 0x5e,
-    0xdf, 0x1f, 0x59, 0x50, 0xc9, 0x5f, 0x90, 0xde, 0x3d, 0xb4, 0xfa, 0xa3,
-    0xc2, 0x3c, 0x04, 0xbc, 0x48, 0x11, 0x6e, 0xfc, 0xde, 0x79, 0xfc, 0x59,
-    0x7e, 0xcd, 0x48, 0x49, 0x2c, 0xbf, 0xdb, 0x72, 0x0e, 0xfd, 0x79, 0x65,
-    0x6c, 0x7b, 0xc4, 0x53, 0x73, 0xf4, 0xb2, 0xfe, 0x6d, 0xee, 0xe5, 0xda,
-    0xcb, 0xdf, 0x7d, 0xc5, 0x97, 0xd0, 0x09, 0xfc, 0x59, 0x7c, 0x73, 0xbf,
-    0x96, 0x54, 0x93, 0x53, 0xc8, 0x43, 0x9c, 0x8b, 0xe2, 0xe0, 0x2e, 0xf0,
-    0xf8, 0x84, 0x97, 0xf6, 0x6e, 0xbb, 0xff, 0x8b, 0x2f, 0xfe, 0xce, 0x79,
-    0xfa, 0x13, 0x76, 0x0a, 0x4b, 0x2d, 0x8b, 0x2f, 0xfe, 0xc2, 0x79, 0x7d,
-    0xce, 0x77, 0x92, 0xcb, 0x4d, 0x3c, 0x1e, 0x90, 0xa0, 0x42, 0xff, 0xff,
-    0x30, 0x76, 0x99, 0xdf, 0x6f, 0x64, 0xc5, 0x07, 0xfb, 0xac, 0xbf, 0xb6,
-    0x1b, 0x6a, 0x37, 0xac, 0xbf, 0xff, 0x72, 0x76, 0x0e, 0x77, 0x33, 0x40,
-    0x3e, 0x4f, 0xe2, 0xca, 0x24, 0x46, 0x78, 0xc2, 0xff, 0x11, 0xaf, 0xdf,
-    0xdb, 0x65, 0x97, 0xbc, 0x00, 0xac, 0xa6, 0x3d, 0x22, 0x35, 0xbf, 0x1e,
-    0x7b, 0x9e, 0xe7, 0xb9, 0xe9, 0x65, 0xff, 0xfd, 0x2c, 0xe3, 0x6b, 0x4c,
-    0x71, 0x3d, 0xfc, 0x33, 0xcb, 0x2a, 0x13, 0x2e, 0xc7, 0x46, 0x20, 0x73,
-    0xdb, 0xff, 0xef, 0xbb, 0x7a, 0x1a, 0x58, 0x40, 0x04, 0x2c, 0xbc, 0xff,
-    0x85, 0x97, 0x60, 0x16, 0x5b, 0x6f, 0x9b, 0x13, 0x06, 0xef, 0xfb, 0xf1,
-    0xcf, 0x73, 0x02, 0x2b, 0x59, 0x7f, 0xe8, 0x6f, 0xff, 0x3d, 0xfc, 0x92,
-    0xcb, 0xfd, 0x85, 0x2c, 0xe0, 0x87, 0x59, 0x76, 0x10, 0xd1, 0x5b, 0xa3,
-    0xdf, 0x1e, 0xd4, 0xc9, 0xc6, 0xbb, 0xe9, 0x90, 0xd6, 0xbf, 0xfd, 0x2c,
-    0xea, 0x42, 0x40, 0x05, 0x98, 0x61, 0x89, 0x2f, 0xc7, 0x33, 0x1b, 0x7a,
-    0xcb, 0xb0, 0xa6, 0x3f, 0xc1, 0x14, 0xaf, 0xff, 0xb9, 0xcf, 0x87, 0xb8,
-    0x93, 0x68, 0x18, 0x4b, 0x2a, 0x47, 0xfc, 0x61, 0x75, 0x42, 0x6a, 0x8f,
-    0x19, 0x8d, 0xff, 0xf6, 0xa4, 0x3f, 0xc7, 0x0b, 0x0c, 0x7d, 0x1a, 0xb2,
-    0xf0, 0x03, 0xc5, 0x97, 0xec, 0xc2, 0x89, 0x2c, 0xb7, 0x20, 0xf0, 0x88,
-    0x76, 0x9d, 0x17, 0x3e, 0x84, 0x9d, 0x42, 0xfd, 0x20, 0xda, 0xb0, 0xbd,
-    0xa1, 0x35, 0xa3, 0x2f, 0xca, 0x1c, 0x29, 0x63, 0x61, 0x87, 0x0d, 0xff,
-    0x31, 0x4b, 0x82, 0xaa, 0x7a, 0x9e, 0xe7, 0xa5, 0x97, 0x84, 0xd1, 0xab,
-    0x2f, 0xa6, 0xe6, 0x4c, 0xb2, 0xfc, 0x08, 0xf6, 0x6e, 0x2c, 0xbf, 0xe1,
-    0xcf, 0xb1, 0xa6, 0xc1, 0x79, 0x65, 0xfd, 0xcd, 0x69, 0xa6, 0xe2, 0xcb,
-    0xfd, 0x19, 0xae, 0xdd, 0xfb, 0x54, 0x41, 0x2b, 0xfe, 0x8f, 0x66, 0xbb,
-    0x77, 0xed, 0x51, 0x7c, 0xaf, 0xce, 0x3f, 0xc1, 0xab, 0x2f, 0xff, 0xfb,
-    0x1b, 0x58, 0x3f, 0xc7, 0x52, 0xd4, 0x7b, 0x82, 0x14, 0x96, 0x5f, 0xf8,
-    0xb3, 0xde, 0x6e, 0x7b, 0x00, 0xb2, 0xec, 0xe0, 0xa5, 0x38, 0x11, 0x97,
-    0xf6, 0x80, 0x74, 0x62, 0x28, 0xe3, 0x3d, 0x62, 0xa2, 0x52, 0x8e, 0xfa,
-    0x89, 0x53, 0xc6, 0xf9, 0x49, 0xf7, 0xff, 0x47, 0xd8, 0xdc, 0xd6, 0xc7,
-    0x0f, 0x4b, 0x2f, 0xf8, 0x7a, 0xc3, 0xe4, 0x9c, 0x6b, 0x2f, 0xff, 0xc1,
-    0x7e, 0x61, 0x77, 0xf6, 0x1f, 0xf3, 0xad, 0xd5, 0x95, 0x0a, 0xf0, 0x30,
-    0x7d, 0xa5, 0x4e, 0x7c, 0xb5, 0xd1, 0xc8, 0xe2, 0xfd, 0x1a, 0xc1, 0xc2,
-    0xcb, 0xf4, 0xb0, 0x02, 0x79, 0x65, 0xfd, 0xf9, 0xff, 0xb7, 0x7f, 0x59,
-    0x4c, 0x88, 0x17, 0x26, 0x09, 0x4d, 0xf8, 0x11, 0x2e, 0x62, 0xcb, 0xff,
-    0xee, 0xff, 0x1a, 0xce, 0x10, 0x5e, 0x46, 0xba, 0xcb, 0xff, 0xf3, 0xef,
-    0x9d, 0xcf, 0xbb, 0x7a, 0x3d, 0xfc, 0xf2, 0xca, 0x0a, 0x2a, 0x04, 0x50,
-    0xbf, 0xf3, 0xed, 0xf8, 0xdb, 0x3d, 0xcc, 0x59, 0x50, 0x7c, 0x64, 0x49,
-    0x7f, 0xde, 0x83, 0xff, 0x37, 0xe7, 0x16, 0x5f, 0xf4, 0x1f, 0x90, 0xdb,
-    0x3f, 0x96, 0x54, 0x8f, 0xcb, 0xc7, 0x57, 0xfe, 0xd9, 0xfa, 0x9f, 0xcf,
-    0x13, 0xef, 0x59, 0x7f, 0xfd, 0x9e, 0x82, 0xf7, 0x33, 0x0d, 0x35, 0xe4,
-    0xb2, 0xfe, 0x37, 0x3d, 0xec, 0x1a, 0xcb, 0xff, 0x60, 0xe2, 0x51, 0xfc,
-    0x03, 0xac, 0xbf, 0x9e, 0x41, 0x93, 0x8d, 0x65, 0xff, 0xff, 0x7c, 0x2f,
-    0xb6, 0xa3, 0xee, 0xdc, 0xe6, 0x1a, 0xe4, 0x05, 0x97, 0xe6, 0xdb, 0x9c,
-    0x75, 0x94, 0x34, 0x47, 0x7d, 0x9a, 0xff, 0xfb, 0xdc, 0xe4, 0x61, 0x0f,
-    0xf1, 0xf8, 0xe2, 0xcb, 0xc6, 0x18, 0x62, 0x4b, 0xf7, 0xf3, 0xb7, 0xd2,
-    0x41, 0x66, 0x82, 0xff, 0xff, 0x4d, 0xa8, 0xdf, 0x38, 0xd7, 0x9c, 0x24,
-    0xdc, 0x9d, 0x9d, 0x79, 0x65, 0x42, 0x67, 0x4e, 0x47, 0xe6, 0xe1, 0x0e,
-    0xaf, 0xfb, 0xec, 0x67, 0xa6, 0xd4, 0x79, 0x65, 0xff, 0x9b, 0xc1, 0xcf,
-    0x39, 0xf0, 0x96, 0x54, 0x8f, 0xdf, 0x47, 0x77, 0xfd, 0x00, 0xf6, 0x14,
-    0xb3, 0x8b, 0x2f, 0xfb, 0x00, 0xe4, 0x09, 0x1b, 0x25, 0x94, 0xc8, 0x92,
-    0xf9, 0x11, 0x1b, 0xd6, 0xcb, 0x8c, 0xdd, 0xa2, 0x69, 0x3c, 0xe5, 0xc0,
-    0x3c, 0x28, 0xfd, 0x7d, 0x1a, 0x35, 0xcf, 0xe5, 0x97, 0xb9, 0x9b, 0x2c,
-    0xb8, 0xb6, 0x01, 0xb3, 0xf0, 0xb5, 0x2c, 0xa8, 0x37, 0x07, 0x2d, 0xa5,
-    0x94, 0xb2, 0xdc, 0x30, 0xb6, 0xdd, 0x0b, 0xbf, 0x3b, 0x6c, 0x4e, 0xb2,
-    0xff, 0xf9, 0xbb, 0x61, 0xf2, 0x3e, 0xe4, 0x1c, 0xfa, 0xca, 0x92, 0x27,
-    0xb8, 0x55, 0xe2, 0x6b, 0xff, 0x1e, 0x3a, 0xe1, 0x66, 0xc2, 0x49, 0x65,
-    0xff, 0xfe, 0x6f, 0xb9, 0x75, 0x21, 0x25, 0x05, 0x27, 0x3e, 0x0d, 0x65,
-    0xff, 0xec, 0xcf, 0x8f, 0xf1, 0xcc, 0xfb, 0x01, 0x65, 0xfa, 0x69, 0x46,
-    0xb8, 0xb2, 0xff, 0x61, 0x06, 0x5c, 0xd9, 0xd6, 0x58, 0xd9, 0xc7, 0xb8,
-    0x32, 0x9b, 0xff, 0x37, 0xb6, 0x0f, 0x27, 0x6b, 0x50, 0xb2, 0xa1, 0x3e,
-    0x2d, 0x8c, 0x24, 0x82, 0x36, 0x06, 0x85, 0x27, 0x8a, 0xef, 0xa7, 0x37,
-    0xc2, 0xb2, 0xfd, 0x92, 0xfc, 0x69, 0x65, 0xf1, 0xb3, 0xbe, 0xcb, 0x2b,
-    0xb3, 0xf0, 0xdc, 0x24, 0xd1, 0x3d, 0xf9, 0xbe, 0x6c, 0x74, 0xb2, 0xfd,
-    0x83, 0x28, 0xe9, 0x65, 0xbd, 0x07, 0xa0, 0x45, 0x37, 0xff, 0xff, 0xee,
-    0xbc, 0x50, 0x7e, 0x0f, 0xf1, 0xcc, 0x93, 0x1a, 0x6b, 0xf8, 0xa0, 0xfc,
-    0x59, 0x7f, 0x81, 0x26, 0xf7, 0x04, 0x3a, 0xcb, 0xff, 0x71, 0xe5, 0xcc,
-    0xee, 0x0e, 0xcb, 0x2b, 0x47, 0xe7, 0xe3, 0x5b, 0xfe, 0xef, 0xec, 0x00,
-    0x46, 0xa4, 0xb2, 0xfb, 0x5b, 0x36, 0xcb, 0x2e, 0xe8, 0xa7, 0x1e, 0xf6,
-    0x1d, 0x54, 0x2a, 0x4f, 0x68, 0x41, 0xb9, 0x30, 0x61, 0xee, 0x24, 0x20,
-    0x2f, 0xfb, 0xa8, 0x63, 0xe1, 0x66, 0xe2, 0xcb, 0xde, 0x7e, 0xd6, 0x5f,
-    0xfe, 0x97, 0x30, 0x79, 0xf6, 0x7f, 0x7e, 0x16, 0x56, 0xc8, 0x9f, 0xec,
-    0xeb, 0xa1, 0xdb, 0xf6, 0xdf, 0x80, 0xe2, 0xcb, 0xff, 0xe9, 0x41, 0xf5,
-    0x0d, 0x27, 0xe3, 0x90, 0x16, 0x5f, 0xcd, 0xcc, 0x18, 0x98, 0xb2, 0xfd,
-    0xba, 0xc5, 0x9b, 0xd6, 0x5f, 0xd8, 0x36, 0x0f, 0x7f, 0xec, 0xf6, 0x1c,
-    0xb6, 0xfe, 0xe4, 0x98, 0xef, 0x25, 0x95, 0x09, 0x9f, 0xf4, 0x51, 0xa8,
-    0x52, 0x81, 0x16, 0xff, 0x70, 0xb3, 0x7f, 0xde, 0x4b, 0x2f, 0x72, 0x5b,
-    0xd6, 0x53, 0x1e, 0x9e, 0xe1, 0xa5, 0xff, 0xe8, 0xd8, 0x4f, 0xc7, 0x5e,
-    0xcd, 0x88, 0x6b, 0x2b, 0x15, 0x3c, 0xb4, 0x6e, 0x4f, 0x09, 0x62, 0x24,
-    0xbf, 0xc0, 0x3b, 0x80, 0xee, 0x05, 0x97, 0xff, 0x3c, 0xb0, 0x64, 0xcf,
-    0xf8, 0x3a, 0xcb, 0x9f, 0xeb, 0x2b, 0xe7, 0xaf, 0xe4, 0x1b, 0x8c, 0xed,
-    0x65, 0xff, 0x0d, 0xc4, 0xd1, 0x34, 0x1a, 0xb2, 0xfa, 0x30, 0xbc, 0x29,
-    0x3d, 0x21, 0x8c, 0xdf, 0xef, 0xe6, 0xf9, 0xdc, 0x97, 0x6b, 0x2b, 0x87,
-    0xe9, 0xe3, 0xba, 0xf2, 0x61, 0x41, 0x87, 0x45, 0xff, 0xe2, 0xcf, 0x34,
-    0x9c, 0xb3, 0xdf, 0x65, 0x97, 0xf1, 0x3f, 0x52, 0x6c, 0x59, 0x7f, 0x88,
-    0x05, 0x9e, 0xfe, 0x4e, 0x3f, 0x2f, 0xa3, 0x5f, 0xc5, 0x38, 0x4d, 0x7d,
-    0xd6, 0x5f, 0xf8, 0x2f, 0x29, 0xd0, 0xc3, 0xc3, 0xac, 0xa6, 0x45, 0xcb,
-    0xa5, 0x11, 0x85, 0xff, 0xb4, 0xc0, 0xdb, 0xf1, 0xc0, 0xf1, 0x65, 0xfb,
-    0x34, 0xfd, 0x18, 0xb2, 0xd2, 0x59, 0x7f, 0xfe, 0x30, 0xb0, 0x7a, 0x60,
-    0xec, 0x3f, 0xc1, 0x6c, 0xb2, 0xdb, 0x41, 0xf4, 0x60, 0x8d, 0x6c, 0x8b,
-    0x8e, 0x42, 0x46, 0xff, 0x4c, 0x4e, 0x67, 0xb3, 0xeb, 0x2f, 0x7f, 0x3b,
-    0x59, 0x78, 0xc3, 0x0c, 0x49, 0x7f, 0x02, 0x0b, 0x3a, 0xf2, 0x41, 0x66,
-    0x82, 0xa7, 0x22, 0xc2, 0x7c, 0xd0, 0x43, 0xdb, 0xff, 0xf8, 0x57, 0x3b,
-    0xbf, 0xb0, 0xc7, 0x86, 0x4e, 0xf7, 0x33, 0x65, 0x95, 0xf4, 0x4e, 0x84,
-    0xda, 0xa1, 0x54, 0x8b, 0x43, 0xe1, 0xe3, 0x76, 0xbf, 0xec, 0xdf, 0x8c,
-    0x37, 0x73, 0x56, 0x5f, 0xff, 0x9b, 0xdf, 0x8e, 0x63, 0x7b, 0x8c, 0x5d,
-    0x49, 0x65, 0x7d, 0x11, 0xa2, 0xb3, 0x9b, 0xf4, 0x7f, 0x91, 0xa5, 0x97,
-    0xfc, 0x24, 0x73, 0x0c, 0x10, 0xbc, 0xb2, 0xb6, 0x6f, 0x30, 0x65, 0x38,
-    0x1c, 0x38, 0x6e, 0x61, 0x77, 0x71, 0x99, 0x75, 0x09, 0x26, 0x9c, 0x88,
-    0x9a, 0x1b, 0xfa, 0x95, 0x6c, 0x79, 0x63, 0x7f, 0x96, 0xe2, 0xe8, 0xc5,
-    0x1c, 0xa7, 0x23, 0x54, 0xf4, 0xab, 0xe0, 0xc3, 0x1f, 0x79, 0x38, 0x84,
-    0xf7, 0xfc, 0xc5, 0xb3, 0x97, 0xb0, 0xeb, 0x2e, 0x80, 0x2c, 0xac, 0x3c,
-    0xdf, 0x1b, 0xdf, 0xfc, 0x68, 0x9e, 0x6e, 0x16, 0x6f, 0x61, 0xac, 0xbf,
-    0x8b, 0x07, 0xf7, 0x31, 0x65, 0x68, 0xfd, 0x0e, 0x8f, 0x7f, 0xff, 0xe2,
-    0xc6, 0x04, 0xef, 0xbf, 0xbc, 0x1d, 0xa7, 0x09, 0xad, 0x66, 0xcb, 0x2f,
-    0x13, 0x9d, 0x65, 0xff, 0xb8, 0xda, 0x7f, 0xb7, 0x22, 0x4b, 0x2f, 0xe1,
-    0xff, 0x3d, 0x3f, 0x8b, 0x2c, 0xd2, 0x47, 0xdf, 0xdc, 0xfc, 0x36, 0x61,
-    0xed, 0x42, 0x6c, 0x1f, 0x8c, 0x76, 0xff, 0x11, 0xbc, 0x6d, 0x3c, 0x96,
-    0x5f, 0x13, 0xf5, 0xe5, 0x97, 0xb0, 0x80, 0xb2, 0xfe, 0xee, 0x3a, 0x28,
-    0x31, 0x65, 0xfe, 0x90, 0xfe, 0x13, 0x8f, 0x16, 0x5e, 0x12, 0x7f, 0x16,
-    0x56, 0x1e, 0xa0, 0x0d, 0x2f, 0xb3, 0xd3, 0x49, 0x65, 0xff, 0xdb, 0xa5,
-    0x1b, 0xbc, 0x72, 0x10, 0x1c, 0x59, 0x5f, 0x3e, 0xd7, 0x23, 0xbf, 0xf6,
-    0x7a, 0x35, 0xcf, 0xc1, 0x79, 0x71, 0x04, 0x2f, 0xec, 0xd7, 0x6e, 0xfd,
-    0xaa, 0x20, 0x80, 0xb3, 0xca, 0xbd, 0x03, 0x65, 0x95, 0x07, 0xd3, 0xc4,
-    0xeb, 0xff, 0x11, 0x61, 0xaf, 0x87, 0x72, 0x59, 0x76, 0xf1, 0xac, 0xbd,
-    0xbe, 0x0e, 0xb2, 0xfb, 0xae, 0x66, 0x96, 0x5f, 0xb6, 0xcd, 0x44, 0x96,
-    0x5f, 0x6b, 0x4c, 0x62, 0xca, 0x39, 0xe5, 0xfc, 0xa2, 0xa1, 0x12, 0x0e,
-    0xdd, 0x7f, 0x6e, 0x0c, 0xc7, 0x29, 0x2c, 0xa8, 0x4d, 0x53, 0x63, 0xbc,
-    0x19, 0x28, 0x57, 0x04, 0x86, 0xff, 0xff, 0xf4, 0x17, 0x7c, 0x82, 0xf7,
-    0x30, 0x27, 0x13, 0x8f, 0xa8, 0xef, 0x09, 0x65, 0xff, 0xe9, 0xa4, 0xc5,
-    0xe8, 0x04, 0xc4, 0xd3, 0x2c, 0xb8, 0xa6, 0x59, 0x68, 0x19, 0xf1, 0x62,
-    0x5d, 0x42, 0xe8, 0xbe, 0xc6, 0x66, 0x91, 0x76, 0x37, 0xa8, 0x41, 0xfe,
-    0x11, 0xc0, 0x86, 0xa1, 0x46, 0xeb, 0xe4, 0xed, 0xf0, 0xd9, 0xb4, 0x96,
-    0x5e, 0x8d, 0x01, 0x65, 0xbe, 0x33, 0x5a, 0xc2, 0x37, 0xf7, 0xdb, 0x45,
-    0x9b, 0x2c, 0xbb, 0x9f, 0x59, 0x5a, 0x3c, 0x40, 0x16, 0xdf, 0xb5, 0x1d,
-    0xe1, 0x2c, 0xac, 0x3c, 0x97, 0x22, 0xbf, 0xbf, 0x9e, 0xf3, 0x1d, 0x65,
-    0xff, 0xdc, 0x19, 0x36, 0xc2, 0x68, 0xa3, 0x16, 0x5f, 0xde, 0x13, 0x3e,
-    0xfd, 0x2c, 0xae, 0x91, 0x41, 0xf2, 0xd2, 0x44, 0xbf, 0xe2, 0xdb, 0x34,
-    0x02, 0x08, 0x16, 0x5f, 0xd9, 0xd7, 0xb5, 0xa8, 0x59, 0x7f, 0xf7, 0x09,
-    0xfc, 0xe7, 0x12, 0x36, 0xc5, 0x94, 0x33, 0xf2, 0xe1, 0x75, 0x42, 0x3f,
-    0x58, 0xc0, 0x30, 0xab, 0xbf, 0xe7, 0x6f, 0x39, 0xdc, 0x80, 0xb2, 0xf6,
-    0xff, 0xe2, 0xcb, 0x77, 0xf3, 0xd4, 0x10, 0xda, 0xf8, 0x3e, 0x82, 0x59,
-    0x58, 0x79, 0x7c, 0x2a, 0xbf, 0x6f, 0x1f, 0xe3, 0x8b, 0x2c, 0x75, 0x97,
-    0xfa, 0x3c, 0x3f, 0x85, 0xf8, 0xb0, 0x42, 0xc6, 0xff, 0xb6, 0x79, 0x41,
-    0x7a, 0x7f, 0x16, 0x5f, 0xfd, 0x9d, 0xfe, 0x3f, 0x9a, 0xd4, 0x1a, 0xb2,
-    0xe0, 0x42, 0xcb, 0x88, 0x7a, 0x3d, 0xb0, 0x22, 0xdf, 0x14, 0x74, 0x05,
-    0x95, 0x08, 0xe5, 0x68, 0x4b, 0x08, 0x5b, 0x74, 0x1a, 0xb2, 0xff, 0x66,
-    0x98, 0x07, 0x79, 0x2c, 0xb9, 0x89, 0x65, 0xff, 0x41, 0x1a, 0x36, 0x90,
-    0x74, 0xb2, 0xc6, 0x2c, 0xa1, 0x9f, 0x01, 0xc5, 0x44, 0x39, 0xbc, 0x41,
-    0xd9, 0x65, 0xed, 0x8a, 0x16, 0x5f, 0xbe, 0xf2, 0xc2, 0x59, 0x7f, 0x37,
-    0x8b, 0x3e, 0xcb, 0x2e, 0x69, 0x96, 0x5f, 0x6e, 0xc6, 0x8d, 0x59, 0x6f,
-    0xce, 0x44, 0x74, 0x13, 0x39, 0x5e, 0xe8, 0xbd, 0xff, 0x47, 0x3e, 0xda,
-    0xd3, 0xc9, 0x65, 0x61, 0xff, 0x12, 0x35, 0xce, 0x64, 0xe5, 0x47, 0xc3,
-    0x17, 0xc8, 0x49, 0x7c, 0xc1, 0xc7, 0x7d, 0x19, 0x45, 0xfd, 0x1b, 0x7b,
-    0x99, 0xe5, 0x95, 0x0b, 0xe4, 0x72, 0x8e, 0xf7, 0x21, 0xa4, 0xc4, 0x3a,
-    0x3b, 0xfc, 0x65, 0x05, 0x29, 0xc8, 0xc7, 0x0b, 0xfb, 0x8c, 0x31, 0xe1,
-    0x2c, 0xbf, 0xff, 0xfb, 0x3d, 0x07, 0x1e, 0x7a, 0x30, 0xa4, 0x59, 0xd4,
-    0xa3, 0x3c, 0xb2, 0xff, 0xfd, 0xfc, 0xe7, 0x33, 0x03, 0xad, 0xb0, 0x25,
-    0xe5, 0x94, 0x48, 0xc3, 0xf3, 0x75, 0xff, 0x7e, 0x35, 0xe2, 0x8c, 0xe9,
-    0x65, 0xff, 0xff, 0x36, 0xd1, 0x2e, 0x6b, 0x4d, 0xd4, 0xd2, 0x7d, 0x1f,
-    0x3a, 0x59, 0x7f, 0xa1, 0xf6, 0x7d, 0x38, 0x8b, 0x2f, 0x7f, 0x08, 0x68,
-    0xd5, 0xf9, 0xc7, 0x9a, 0xab, 0x15, 0x13, 0x34, 0x3b, 0xfd, 0x0f, 0x7b,
-    0xf4, 0x6a, 0x6e, 0x6c, 0xb2, 0xff, 0xbf, 0x19, 0xa9, 0x70, 0x27, 0x59,
-    0x5b, 0x1f, 0x1f, 0x65, 0x57, 0x37, 0x16, 0x5f, 0xf6, 0x6c, 0xfe, 0x00,
-    0x85, 0x25, 0x97, 0xa2, 0x46, 0xac, 0xbf, 0x67, 0x36, 0xc3, 0x16, 0x5c,
-    0xdd, 0xac, 0xb7, 0xa7, 0x1e, 0xec, 0x87, 0x67, 0xca, 0x6f, 0xfd, 0xef,
-    0xbc, 0x98, 0x7f, 0x89, 0x2c, 0xa7, 0x3f, 0x82, 0x3a, 0xbf, 0x84, 0x3f,
-    0x0c, 0x7e, 0x96, 0x54, 0x2a, 0x37, 0xc8, 0x4e, 0x9a, 0x49, 0xa1, 0x67,
-    0x8c, 0x3f, 0xc4, 0x17, 0xfc, 0x27, 0x9b, 0xf8, 0x59, 0xc5, 0x97, 0xa5,
-    0x2c, 0x59, 0x74, 0x08, 0xb2, 0xba, 0x36, 0x6e, 0x39, 0x7f, 0xa2, 0x42,
-    0x70, 0x02, 0x76, 0xb2, 0x98, 0xf6, 0x3c, 0x43, 0x76, 0x14, 0x91, 0xc8,
-    0x38, 0x61, 0xde, 0xd6, 0x7d, 0x65, 0xee, 0x31, 0xd6, 0x56, 0x8d, 0xc7,
-    0x87, 0x2e, 0xce, 0x96, 0x5c, 0xdb, 0x2c, 0xa8, 0x3c, 0xf1, 0x08, 0x77,
-    0x45, 0xef, 0xf7, 0x0b, 0x0e, 0x76, 0xf2, 0xcb, 0xff, 0xbe, 0xd0, 0x53,
-    0x9c, 0xa4, 0xc7, 0x59, 0x7c, 0xd3, 0x31, 0x8b, 0x2f, 0xfc, 0xfd, 0x09,
-    0xe6, 0xd4, 0x04, 0x56, 0xb2, 0xe1, 0x36, 0x59, 0x47, 0x3d, 0xdf, 0x22,
-    0x5f, 0x9f, 0x85, 0x13, 0x2c, 0xbb, 0x7e, 0x96, 0x5f, 0xff, 0x83, 0xb1,
-    0x46, 0x7c, 0x5c, 0x7b, 0x3e, 0x1d, 0x2c, 0xbd, 0xc1, 0x39, 0x39, 0x37,
-    0xc1, 0xa1, 0xe4, 0x20, 0x0d, 0x22, 0x22, 0x71, 0x06, 0x6b, 0xb5, 0x44,
-    0x1e, 0x8e, 0xba, 0xe2, 0x31, 0x65, 0xfb, 0x87, 0xcf, 0x71, 0x65, 0xfc,
-    0x0d, 0x47, 0x78, 0x4b, 0x2f, 0xfc, 0x6e, 0x79, 0xbf, 0x9e, 0x8d, 0x2c,
-    0xa8, 0x3e, 0xb6, 0x2d, 0xbf, 0x3c, 0x89, 0xa1, 0x65, 0xf9, 0xcb, 0xd8,
-    0x4b, 0x2f, 0xec, 0x3e, 0x61, 0x1a, 0xb2, 0xff, 0x3f, 0xb9, 0x9b, 0xfe,
-    0xcb, 0x2c, 0x68, 0xcf, 0x80, 0x8b, 0x2a, 0x11, 0x5a, 0xf0, 0x85, 0xbf,
-    0xe2, 0x73, 0x26, 0x93, 0xea, 0x4b, 0x2f, 0xe6, 0xd6, 0x6f, 0x8d, 0xc5,
-    0x95, 0x31, 0xf5, 0xfc, 0xea, 0xfe, 0x6d, 0x6a, 0x30, 0x96, 0x5f, 0xf4,
-    0x4b, 0x99, 0xd9, 0x46, 0x96, 0x51, 0xa7, 0xc7, 0xa2, 0xbb, 0x32, 0xcb,
-    0xfb, 0x8d, 0xae, 0xff, 0x8b, 0x2f, 0x13, 0x9b, 0x87, 0xc3, 0xd9, 0x1f,
-    0x42, 0x15, 0x0b, 0xd1, 0x92, 0x85, 0xce, 0x4a, 0x52, 0xec, 0xb1, 0x85,
-    0xf5, 0x09, 0x33, 0x90, 0x14, 0x34, 0xb9, 0x09, 0x10, 0xc3, 0x9e, 0xff,
-    0xfb, 0x6c, 0xd6, 0xcd, 0xe9, 0x66, 0xb4, 0xf2, 0x59, 0x7b, 0xb6, 0x1a,
-    0xcb, 0xff, 0xb5, 0x87, 0x7e, 0xb7, 0x63, 0xb3, 0x9d, 0x65, 0xff, 0xfe,
-    0xe3, 0x73, 0x91, 0xce, 0xc9, 0xf6, 0x82, 0x89, 0xb8, 0xb2, 0xb1, 0x31,
-    0x8e, 0x94, 0x5c, 0x77, 0xc9, 0x37, 0xef, 0xb4, 0xfb, 0x1a, 0xb2, 0xfb,
-    0x00, 0xdb, 0xd6, 0x5f, 0x00, 0x01, 0x02, 0xca, 0xec, 0xfc, 0x48, 0xac,
-    0x42, 0x3b, 0xe0, 0xeb, 0xcc, 0xb2, 0xfc, 0x52, 0xe6, 0xc0, 0x59, 0x7f,
-    0xff, 0x4b, 0xcd, 0x37, 0x7f, 0x6e, 0xbc, 0x21, 0x66, 0xfc, 0x59, 0x7f,
-    0xf0, 0x23, 0x87, 0x86, 0xd6, 0x98, 0xc5, 0x97, 0x9d, 0xe4, 0xb2, 0xff,
-    0x37, 0x9a, 0x59, 0xd7, 0x96, 0x50, 0xd3, 0x3d, 0xc2, 0x2e, 0x8a, 0x59,
-    0x80, 0x08, 0x9b, 0xa3, 0x77, 0xe3, 0xb7, 0xbd, 0x0b, 0x2f, 0x36, 0x18,
-    0xb2, 0xf9, 0xb9, 0x83, 0x63, 0xc3, 0x22, 0x7b, 0xf8, 0xb9, 0x87, 0x8d,
-    0xc5, 0x97, 0xff, 0x67, 0x52, 0xcf, 0xb6, 0x89, 0xa1, 0x65, 0xff, 0x44,
-    0x73, 0x8d, 0xac, 0x3a, 0xca, 0x91, 0xfc, 0x8d, 0x0a, 0xfb, 0x73, 0xf9,
-    0xb2, 0xcb, 0xfd, 0x03, 0xcf, 0x37, 0xc2, 0xb2, 0xa0, 0xf6, 0x06, 0x4d,
-    0x7f, 0xe9, 0x79, 0xb6, 0xd4, 0x49, 0xf4, 0xb2, 0xf8, 0xd6, 0xeb, 0x8b,
-    0x2a, 0x13, 0xa6, 0x9a, 0x15, 0x07, 0x7a, 0x72, 0x1f, 0x1f, 0xdf, 0xfb,
-    0xc2, 0x02, 0x04, 0x80, 0x40, 0x16, 0x5f, 0xf3, 0x6b, 0x60, 0x82, 0x74,
-    0x6e, 0x2c, 0xbf, 0xfe, 0x26, 0x34, 0xd8, 0x13, 0xcd, 0xf6, 0x2f, 0x2c,
-    0xa9, 0x22, 0x3c, 0xe7, 0xf7, 0xff, 0xe0, 0x73, 0xed, 0x87, 0x7e, 0xb9,
-    0xef, 0x87, 0xa5, 0x97, 0xf3, 0xf1, 0x8a, 0x38, 0xb2, 0xef, 0xba, 0xcb,
-    0xe1, 0xb9, 0x03, 0xe7, 0x82, 0x2b, 0x2b, 0xac, 0x46, 0xa8, 0x61, 0x33,
-    0x7f, 0xff, 0xe3, 0xb9, 0x02, 0x4d, 0xc0, 0x9f, 0xed, 0x1e, 0xf8, 0x5c,
-    0xeb, 0x2f, 0xb9, 0x2d, 0xb1, 0x65, 0xff, 0xd8, 0x66, 0xa1, 0x8b, 0x00,
-    0x76, 0x59, 0x71, 0x42, 0xcb, 0xff, 0xc1, 0xf4, 0x98, 0x1f, 0x76, 0xf3,
-    0x9d, 0x65, 0x7c, 0xf7, 0x88, 0x56, 0xe9, 0xdb, 0x8b, 0x2f, 0xff, 0xce,
-    0xde, 0x61, 0xe0, 0xf3, 0xcc, 0x76, 0xd2, 0xcb, 0xe9, 0x72, 0x0e, 0xb2,
-    0xff, 0xf4, 0x76, 0x3c, 0x13, 0xcd, 0xa8, 0x08, 0xad, 0x65, 0xe0, 0xe0,
-    0xd6, 0x5e, 0xd3, 0xf2, 0x72, 0x7b, 0xfb, 0x11, 0xe4, 0x28, 0x34, 0x43,
-    0xf1, 0xc7, 0x52, 0x22, 0x29, 0xf4, 0xfb, 0x7a, 0x15, 0xfa, 0x4a, 0x1f,
-    0x0e, 0x4e, 0x19, 0x49, 0x57, 0xfe, 0x8e, 0x77, 0xf6, 0x1c, 0x66, 0x96,
-    0x57, 0x4b, 0xaa, 0x0d, 0x39, 0x87, 0xa4, 0xfb, 0xa5, 0x0b, 0x2f, 0xfd,
-    0xf8, 0xfe, 0x74, 0x0c, 0xf7, 0x16, 0x5e, 0x99, 0x8e, 0xb2, 0xdb, 0x0c,
-    0xf7, 0x30, 0xfe, 0x9d, 0x13, 0x41, 0x72, 0xbf, 0xff, 0xfd, 0xdc, 0xe9,
-    0xbf, 0x1a, 0xda, 0x77, 0x00, 0xe4, 0x09, 0xd9, 0xdc, 0x7b, 0x8b, 0x2a,
-    0x19, 0x75, 0x83, 0x85, 0x76, 0x46, 0xdb, 0xdc, 0x27, 0x5a, 0x3d, 0xc7,
-    0x9d, 0x9f, 0x28, 0x6a, 0x84, 0x8a, 0xf6, 0xb5, 0x0b, 0x2f, 0xfb, 0x66,
-    0xdb, 0x98, 0x77, 0xfa, 0xcb, 0xfe, 0x94, 0x0d, 0x87, 0x8f, 0xf5, 0x96,
-    0x6d, 0x1f, 0x8f, 0x8e, 0xaf, 0xed, 0x46, 0xcc, 0x5e, 0x59, 0x70, 0x87,
-    0x59, 0x74, 0xf7, 0x3d, 0x2c, 0xa1, 0x9b, 0x9e, 0x0c, 0x5e, 0x9e, 0x42,
-    0xaa, 0x7a, 0x59, 0x7e, 0x28, 0x1e, 0x4c, 0xb2, 0xfb, 0x81, 0xd1, 0xab,
-    0x2f, 0xd1, 0xff, 0x44, 0x96, 0x5f, 0x0c, 0x3e, 0xe4, 0xf6, 0x8a, 0x08,
-    0x2e, 0xe8, 0x9c, 0x04, 0x97, 0xbe, 0x26, 0x96, 0x5f, 0xe8, 0x27, 0xf8,
-    0x4b, 0x65, 0x97, 0xff, 0xef, 0xb6, 0xbe, 0xf0, 0x46, 0xbc, 0xce, 0xfb,
-    0x2c, 0xbe, 0xc6, 0x07, 0x16, 0x5f, 0x37, 0x22, 0x58, 0x7e, 0xda, 0x55,
-    0xbd, 0xb0, 0xe1, 0x65, 0xed, 0x3f, 0x6b, 0x2f, 0x1e, 0x3e, 0xb2, 0xf4,
-    0x48, 0x52, 0xb2, 0xc0, 0x19, 0xec, 0xe0, 0xe9, 0x0e, 0x5f, 0xf4, 0x72,
-    0x3d, 0xcc, 0x29, 0x2c, 0xbf, 0xff, 0xfd, 0x9b, 0x72, 0x0d, 0x7e, 0x7a,
-    0x58, 0x69, 0xb9, 0xd7, 0xb5, 0x19, 0xd2, 0xcb, 0xda, 0x29, 0x2c, 0xbf,
-    0xe2, 0x07, 0x98, 0x78, 0x52, 0x59, 0x68, 0x9c, 0x7a, 0x6e, 0x39, 0x5f,
-    0x4c, 0xbb, 0x86, 0xe1, 0x86, 0x7d, 0xe1, 0x5f, 0xf1, 0x65, 0x0a, 0x17,
-    0x57, 0xe5, 0x08, 0xd1, 0x93, 0xe3, 0x33, 0x43, 0x06, 0x65, 0xa3, 0x8f,
-    0x7e, 0x15, 0x0e, 0x6e, 0x4e, 0xde, 0x8d, 0x84, 0x26, 0xd7, 0x09, 0xc5,
-    0x97, 0xfe, 0xf7, 0x32, 0x67, 0x07, 0x33, 0x65, 0x95, 0xa3, 0xd8, 0x21,
-    0x8b, 0xf6, 0x19, 0xe1, 0x0e, 0xb2, 0xff, 0xff, 0xb8, 0x24, 0x00, 0x7f,
-    0x8d, 0x61, 0x33, 0xcb, 0x99, 0xe5, 0x97, 0x73, 0x65, 0x97, 0xf1, 0x41,
-    0x9a, 0x83, 0xac, 0xa1, 0x9e, 0x2e, 0x0c, 0x56, 0x91, 0x97, 0xe8, 0x55,
-    0x5f, 0xee, 0x07, 0x40, 0xcf, 0xba, 0xcb, 0xee, 0x1d, 0xd9, 0x65, 0x48,
-    0xf5, 0x3c, 0x67, 0x7f, 0xfa, 0x53, 0xb5, 0x1c, 0x68, 0x20, 0x02, 0x16,
-    0x54, 0x1f, 0x63, 0x91, 0x5f, 0x39, 0xf0, 0x6b, 0x2f, 0xec, 0x1b, 0x93,
-    0xef, 0x59, 0x5e, 0x3c, 0xed, 0xe4, 0x37, 0xfd, 0xf8, 0xeb, 0xd1, 0xf7,
-    0xdc, 0x59, 0x4b, 0x2d, 0xbd, 0x65, 0x4e, 0x3d, 0xa9, 0xe4, 0x79, 0x3e,
-    0x17, 0x6e, 0x96, 0x5d, 0x86, 0x2c, 0xbb, 0xde, 0x63, 0x53, 0xe1, 0x2a,
-    0x84, 0x47, 0xb3, 0x1d, 0xff, 0x9c, 0xbb, 0xcd, 0x76, 0xef, 0xda, 0xa2,
-    0x11, 0x5b, 0x65, 0x97, 0xc6, 0xb9, 0x01, 0x65, 0xe7, 0x6d, 0xd5, 0x95,
-    0x23, 0xd2, 0x61, 0x2f, 0x91, 0x54, 0x2e, 0x33, 0x61, 0x0b, 0x43, 0xd4,
-    0xf0, 0xe8, 0x76, 0xe0, 0x46, 0x1a, 0x12, 0x1d, 0xf0, 0x9e, 0xbd, 0xc0,
-    0x3a, 0xcb, 0xfb, 0xfd, 0xb7, 0x30, 0x6b, 0x2b, 0x63, 0xca, 0xec, 0x72,
-    0xff, 0xb4, 0xe3, 0xc6, 0xde, 0xe7, 0x59, 0x7f, 0xff, 0xfe, 0x63, 0xe7,
-    0x30, 0x83, 0xef, 0xe6, 0xf1, 0xc7, 0xda, 0x3d, 0xf0, 0xb9, 0xd6, 0x5f,
-    0xdc, 0x7e, 0xfe, 0xdb, 0x2c, 0xac, 0x4c, 0x3b, 0x44, 0x9f, 0x39, 0xf4,
-    0x20, 0xaf, 0xcd, 0xa9, 0x4f, 0xf9, 0x65, 0xff, 0xcf, 0xcd, 0xa3, 0xf9,
-    0xd8, 0x93, 0xee, 0xb2, 0x8e, 0x7e, 0x84, 0x57, 0x7f, 0xff, 0xfb, 0xf8,
-    0x1d, 0x1b, 0xf6, 0xea, 0x3c, 0x1f, 0x96, 0x75, 0xe0, 0xbf, 0x16, 0x5f,
-    0xfd, 0x9d, 0x09, 0xe6, 0x20, 0xcb, 0x38, 0xb2, 0xff, 0xff, 0xff, 0xff,
-    0xff, 0xfd, 0x85, 0xb1, 0x38, 0xe0, 0xb6, 0x8d, 0x0f, 0x0b, 0x3d, 0xc6,
-    0xef, 0x08, 0x4d, 0xb3, 0x51, 0xc2, 0x73, 0x79, 0x8c, 0x00, 0x04, 0x04,
-    0xe3, 0x82, 0xda, 0x34, 0xb2, 0xfc, 0xfb, 0xb9, 0xd7, 0x96, 0x5f, 0xd2,
-    0x2c, 0xc0, 0x8a, 0xd6, 0x5f, 0xe7, 0xf4, 0xb3, 0x59, 0xc5, 0x95, 0x09,
-    0xed, 0x62, 0x2f, 0xe3, 0x08, 0x72, 0xb2, 0x30, 0xbf, 0x77, 0xe3, 0x5b,
-    0xb5, 0x97, 0xff, 0xbf, 0x05, 0xe9, 0xdf, 0x71, 0xfd, 0xf4, 0xb2, 0x9c,
-    0xfd, 0xb8, 0x57, 0x7f, 0xe7, 0x2c, 0x6d, 0x14, 0x75, 0x25, 0x97, 0xff,
-    0xfd, 0xe0, 0xed, 0x9f, 0x6f, 0x7f, 0x0f, 0x9a, 0x96, 0x75, 0xe5, 0x97,
-    0xf7, 0xdb, 0xff, 0x83, 0xac, 0xbf, 0x48, 0xa3, 0x38, 0xb2, 0xf3, 0x96,
-    0xdd, 0x9e, 0x9f, 0x45, 0xb5, 0x24, 0x78, 0x7a, 0x17, 0x77, 0xff, 0xe8,
-    0x04, 0xd2, 0x8d, 0x89, 0xcd, 0xe1, 0x44, 0x96, 0x5f, 0xf8, 0x4c, 0xfb,
-    0x9c, 0x59, 0x86, 0x18, 0xb2, 0xff, 0xfd, 0x9d, 0xfe, 0x08, 0x64, 0xdb,
-    0x61, 0x31, 0xab, 0x2b, 0x64, 0x4c, 0xc9, 0x16, 0xff, 0xed, 0x80, 0xdd,
-    0x73, 0xbc, 0x62, 0xed, 0x65, 0x39, 0xf5, 0x91, 0x25, 0x49, 0x37, 0xa7,
-    0x8d, 0x6a, 0xff, 0xfe, 0x98, 0xa0, 0x1c, 0xef, 0xed, 0xa9, 0x8a, 0x01,
-    0xc5, 0x97, 0xff, 0xf7, 0xb9, 0x06, 0xc9, 0xbe, 0xe5, 0xe9, 0x66, 0xb1,
-    0x65, 0xff, 0x9b, 0x98, 0x39, 0xce, 0x09, 0xfc, 0x59, 0x70, 0x77, 0xac,
-    0xbf, 0xd0, 0x7e, 0xbd, 0x19, 0xd2, 0xcb, 0xff, 0x7d, 0xb7, 0xfd, 0xe5,
-    0xa8, 0x35, 0x65, 0x62, 0x65, 0x5d, 0xad, 0x69, 0x0b, 0xe3, 0x3e, 0x34,
-    0xbf, 0xff, 0x6b, 0xaf, 0x31, 0x9c, 0xfb, 0x74, 0x0d, 0x38, 0xd6, 0x5f,
-    0xbc, 0xc1, 0x23, 0x56, 0x54, 0x22, 0x04, 0x2b, 0x37, 0xf6, 0x19, 0x84,
-    0x10, 0x2c, 0xbf, 0x4b, 0x3d, 0x00, 0x59, 0x74, 0x1f, 0x63, 0xd4, 0xe8,
-    0xb6, 0xff, 0xe6, 0xe1, 0x47, 0xb9, 0x9b, 0xd8, 0xd5, 0x97, 0xff, 0xff,
-    0x00, 0xef, 0x2f, 0xbb, 0x79, 0x87, 0x83, 0xcf, 0x31, 0xdb, 0x4b, 0x2b,
-    0x88, 0xe3, 0xf1, 0x78, 0x51, 0x6f, 0xfd, 0xf7, 0xdd, 0xef, 0xec, 0x78,
-    0xed, 0x65, 0xe2, 0x83, 0x16, 0x5e, 0x2c, 0xe6, 0x1e, 0xf9, 0xd0, 0xef,
-    0xdb, 0x1e, 0x07, 0x0b, 0x2b, 0x66, 0x57, 0x24, 0x88, 0x47, 0x29, 0x50,
-    0xd8, 0x61, 0xf6, 0x43, 0xd4, 0x65, 0x93, 0x47, 0x45, 0xa2, 0x9f, 0xc7,
-    0x0f, 0xc8, 0x66, 0x7a, 0x35, 0x9d, 0xf0, 0x8f, 0x10, 0xc6, 0xff, 0xd0,
-    0x69, 0xb0, 0x59, 0xef, 0xb2, 0xcb, 0xfd, 0x1c, 0xe4, 0x6d, 0x86, 0x2c,
-    0xbf, 0xfe, 0x1f, 0x82, 0xfd, 0x78, 0x18, 0x39, 0xdf, 0x65, 0x97, 0xff,
-    0xdb, 0xdf, 0xff, 0x61, 0xe7, 0xb8, 0x12, 0xf2, 0xcb, 0xef, 0x10, 0x7c,
-    0xb2, 0xe0, 0x92, 0xcb, 0xd8, 0x7c, 0xd1, 0xb8, 0xf9, 0x15, 0x42, 0x2e,
-    0xbf, 0x08, 0x9a, 0x1a, 0x6d, 0x0e, 0x69, 0xe8, 0xc3, 0x6f, 0xb3, 0x46,
-    0xb2, 0xca, 0x86, 0x74, 0x26, 0x52, 0xe6, 0x9a, 0x1d, 0x8f, 0x1d, 0x30,
-    0x4d, 0xaf, 0x18, 0x61, 0x89, 0x2f, 0xfb, 0x00, 0xfa, 0xcd, 0xf8, 0x34,
-    0x82, 0xcd, 0x05, 0xc6, 0x18, 0x92, 0xf1, 0x86, 0x18, 0x92, 0xfe, 0x7d,
-    0x87, 0xf8, 0xe2, 0x41, 0x66, 0x82, 0x89, 0x18, 0x86, 0x25, 0xcf, 0x9c,
-    0xdf, 0xbb, 0x61, 0x88, 0x74, 0x82, 0xcd, 0x9d, 0xe3, 0x0c, 0x31, 0x25,
-    0xee, 0x46, 0x92, 0x0b, 0x34, 0x17, 0xce, 0x5d, 0x79, 0x65, 0x80, 0xc8,
-    0xac, 0xf2, 0xe1, 0x85, 0xd7, 0x4f, 0xcf, 0x4b, 0x2f, 0xf9, 0x8b, 0xb2,
-    0xc3, 0x1c, 0x0b, 0x2f, 0xc5, 0x12, 0x7e, 0xd6, 0x5e, 0xc9, 0x99, 0x65,
-    0x0c, 0xf0, 0xc4, 0x27, 0xbf, 0x70, 0x3b, 0x4f, 0x92, 0xcb, 0xf0, 0xdb,
-    0x7c, 0x0d, 0x65, 0xf6, 0x16, 0x6e, 0x2c, 0xad, 0x1e, 0x61, 0xca, 0x69,
-    0x91, 0x34, 0x23, 0xc5, 0xff, 0xdf, 0x79, 0x13, 0x9b, 0x31, 0x34, 0xcb,
-    0x2f, 0xe1, 0x56, 0x58, 0x63, 0x81, 0x65, 0xff, 0x6d, 0x1d, 0x71, 0x8b,
-    0x00, 0xb2, 0xf9, 0xe4, 0xc0, 0x59, 0x5a, 0x3d, 0xaf, 0x9c, 0xdf, 0xb3,
-    0x63, 0xe1, 0xd6, 0x5f, 0xd1, 0xb0, 0xff, 0x1c, 0x59, 0x7f, 0xa3, 0x3b,
-    0xcd, 0xec, 0x35, 0x96, 0xce, 0xcf, 0x88, 0x8b, 0xa8, 0x55, 0xa6, 0xc1,
-    0x90, 0x8d, 0x22, 0x29, 0xf8, 0x45, 0x5f, 0xdf, 0xcd, 0xf9, 0xee, 0x2c,
-    0xae, 0xd5, 0x11, 0x82, 0x3a, 0x5f, 0x27, 0xd4, 0x95, 0xeb, 0x0c, 0x7f,
-    0x4f, 0x7f, 0x85, 0xe9, 0x4a, 0x46, 0xbf, 0xde, 0x96, 0x7f, 0xef, 0x25,
-    0x97, 0xcc, 0xe4, 0x35, 0x97, 0x04, 0x0b, 0x28, 0x66, 0xdc, 0x04, 0x17,
-    0xe8, 0xc9, 0x9b, 0x4b, 0x2b, 0x63, 0xc8, 0x22, 0x1b, 0xb6, 0xf2, 0xca,
-    0x85, 0xd4, 0xfc, 0x9c, 0x0c, 0x35, 0x5d, 0xe1, 0x64, 0x44, 0x57, 0xd3,
-    0xff, 0xce, 0xd6, 0x5f, 0x01, 0x8b, 0xcb, 0x2b, 0x63, 0xc7, 0xe1, 0x35,
-    0xc2, 0xaa, 0x7a, 0x59, 0x7b, 0x91, 0xe5, 0x97, 0x00, 0xc5, 0x97, 0xee,
-    0x04, 0x84, 0x3a, 0xcb, 0x72, 0x63, 0xdd, 0x71, 0xcf, 0x0c, 0x56, 0x23,
-    0x5f, 0xa2, 0x3f, 0x3f, 0xdf, 0xbb, 0x8f, 0xc1, 0xd6, 0x5c, 0xfe, 0x59,
-    0x7d, 0xb8, 0xe4, 0x0c, 0x37, 0xc4, 0x51, 0x7f, 0xb0, 0xd3, 0x5e, 0x52,
-    0x1a, 0xcb, 0xf9, 0xdc, 0x7e, 0x0b, 0xac, 0xbe, 0x1b, 0x90, 0x30, 0xf8,
-    0x48, 0xd6, 0xb1, 0x19, 0xe1, 0x84, 0xcd, 0xff, 0xc0, 0xf7, 0xe2, 0x52,
-    0x6e, 0x60, 0xd6, 0x5f, 0xfb, 0xd9, 0xa8, 0xdf, 0xe2, 0x70, 0x2c, 0xba,
-    0x69, 0x42, 0x20, 0xd9, 0x12, 0xff, 0xa0, 0xa4, 0x43, 0xfc, 0x6c, 0xb2,
-    0xfe, 0x1e, 0x6a, 0x7c, 0xe3, 0x59, 0x7b, 0xed, 0x32, 0x4a, 0xd1, 0xe7,
-    0x70, 0xc6, 0xff, 0x9f, 0xaf, 0x64, 0xc1, 0xd1, 0xab, 0x2d, 0xdb, 0x1e,
-    0xf0, 0x48, 0xaf, 0xf1, 0x67, 0x52, 0xe3, 0x1a, 0xb2, 0xf6, 0x83, 0xb2,
-    0xcb, 0xcf, 0xa3, 0x56, 0x56, 0x8d, 0xdb, 0x8f, 0x58, 0xd5, 0x97, 0xff,
-    0x67, 0x7f, 0x8f, 0xe6, 0xb5, 0x06, 0xac, 0xbc, 0xc0, 0xe4, 0x1e, 0xbe,
-    0x84, 0xaa, 0x72, 0x63, 0x1b, 0x37, 0x93, 0xbd, 0xff, 0x66, 0x76, 0x08,
-    0xce, 0xa4, 0xb2, 0xff, 0xc1, 0xe6, 0x14, 0x7c, 0x62, 0x1d, 0x65, 0xff,
-    0xde, 0xd0, 0x79, 0xf7, 0x90, 0x18, 0x6b, 0x2f, 0xa1, 0xcf, 0xbd, 0x25,
-    0xed, 0x60, 0xa1, 0x65, 0xff, 0xdf, 0x67, 0x00, 0x20, 0x11, 0xfe, 0x2c,
-    0xbf, 0xbf, 0x87, 0x3b, 0xc9, 0x65, 0xe3, 0x0c, 0x31, 0x25, 0xfe, 0x2f,
-    0x7d, 0xa0, 0xb6, 0x48, 0x2c, 0xd0, 0x5f, 0x46, 0x9f, 0xeb, 0x2f, 0x40,
-    0x32, 0x48, 0xb2, 0xc4, 0xdf, 0x22, 0x56, 0x26, 0xa9, 0xe2, 0x01, 0x21,
-    0xeb, 0x7f, 0x64, 0xef, 0x38, 0x38, 0xb2, 0xbb, 0x4f, 0x70, 0xf1, 0xbb,
-    0xef, 0x36, 0xbf, 0xe7, 0x01, 0x64, 0xd2, 0x8e, 0x96, 0x54, 0x2a, 0x94,
-    0xc9, 0x44, 0x2c, 0x75, 0x7f, 0xce, 0x45, 0x9a, 0xd3, 0x4c, 0xb2, 0xfe,
-    0x21, 0x34, 0x41, 0x92, 0xca, 0xd8, 0xf9, 0x5c, 0xde, 0xff, 0xfe, 0x97,
-    0xde, 0x5d, 0xfd, 0xbd, 0x2c, 0xff, 0xde, 0x4b, 0x2f, 0xd0, 0x08, 0xff,
-    0x16, 0x56, 0x22, 0x0c, 0x0b, 0x97, 0xff, 0x08, 0x50, 0xc3, 0xfe, 0x4b,
-    0xec, 0xb2, 0xff, 0xc2, 0x46, 0x81, 0xef, 0xb8, 0xd9, 0x65, 0xff, 0xf3,
-    0xf8, 0x30, 0xd1, 0xd7, 0x7f, 0xce, 0xb8, 0xb2, 0xfd, 0xad, 0x37, 0xb8,
-    0xb2, 0xa7, 0x23, 0xec, 0x68, 0x60, 0x3f, 0x11, 0x46, 0xff, 0xf8, 0x13,
-    0xf9, 0x1c, 0xfc, 0x75, 0xe3, 0x43, 0xa5, 0x97, 0xff, 0x4d, 0x20, 0x97,
-    0xa5, 0x9a, 0xce, 0x2c, 0xbf, 0xff, 0x17, 0x7f, 0x69, 0xa5, 0x05, 0xed,
-    0x6a, 0x24, 0xb3, 0x87, 0x8b, 0x7f, 0xff, 0x37, 0x34, 0xcf, 0xa8, 0x6f,
-    0x7f, 0x39, 0xcc, 0x59, 0x7f, 0xb2, 0x24, 0xde, 0x28, 0x59, 0x60, 0x62,
-    0x3b, 0xce, 0xcf, 0x3e, 0xb1, 0x50, 0xa8, 0x07, 0x10, 0x1e, 0x38, 0x9b,
-    0xff, 0xf9, 0xc0, 0x58, 0x72, 0x7f, 0x70, 0x4d, 0x34, 0x0d, 0x65, 0xd2,
-    0xe2, 0xcb, 0xa2, 0x43, 0x3f, 0x06, 0x59, 0xa8, 0x66, 0x53, 0xca, 0x33,
-    0xdc, 0x85, 0x51, 0xa5, 0xdd, 0x43, 0x91, 0xa3, 0x40, 0x98, 0xcf, 0x47,
-    0x3f, 0x95, 0xa6, 0xf0, 0x9b, 0x04, 0x29, 0x4a, 0x58, 0xf7, 0x21, 0x4b,
-    0x7f, 0xff, 0x79, 0x8f, 0x85, 0xee, 0x41, 0xbc, 0x08, 0xfe, 0xcb, 0x2f,
-    0xc0, 0xc6, 0xf9, 0xab, 0x2f, 0xff, 0xb3, 0xb8, 0x27, 0xf7, 0x06, 0x17,
-    0xd4, 0x96, 0x57, 0x47, 0xee, 0x72, 0x8b, 0xee, 0x7f, 0x38, 0xb2, 0xf9,
-    0xbd, 0x1e, 0x59, 0x4c, 0x78, 0x7a, 0x22, 0xbf, 0xa0, 0xbb, 0x9e, 0xc5,
-    0x49, 0xe1, 0x65, 0xf7, 0x5e, 0x6d, 0x96, 0x5f, 0xa0, 0xfa, 0x8d, 0xeb,
-    0x2f, 0xff, 0x79, 0x8c, 0xe1, 0x47, 0xb9, 0xad, 0x42, 0xcb, 0xd2, 0x82,
-    0x59, 0x78, 0x70, 0x6a, 0xcb, 0xff, 0xa3, 0xbf, 0x14, 0x19, 0x9e, 0xe7,
-    0x16, 0x5f, 0xf9, 0xff, 0xa8, 0xf3, 0x76, 0xc3, 0x59, 0x7f, 0xde, 0xfe,
-    0x36, 0xa4, 0x21, 0xd6, 0x5d, 0x80, 0x59, 0x5f, 0x44, 0x77, 0x0f, 0xbc,
-    0x75, 0x4c, 0x99, 0x06, 0x87, 0x41, 0x0d, 0x3b, 0xff, 0xff, 0x89, 0xcf,
-    0x1a, 0xec, 0x7f, 0x8e, 0x05, 0xda, 0x5c, 0xfb, 0xc9, 0x65, 0xe0, 0xfb,
-    0x8b, 0x2f, 0xc6, 0x3f, 0xe0, 0xeb, 0x2f, 0x77, 0x1c, 0x59, 0x7f, 0xf0,
-    0x92, 0xcf, 0xbf, 0xdb, 0x5a, 0x85, 0x95, 0x08, 0x89, 0xc2, 0x80, 0x0e,
-    0xdf, 0x49, 0xc8, 0x0b, 0x2f, 0xff, 0x37, 0x83, 0xa7, 0xe4, 0x9b, 0x91,
-    0xb2, 0xcb, 0x7f, 0x0f, 0xad, 0xc8, 0x6f, 0x73, 0x7e, 0x2c, 0xba, 0x34,
-    0xb2, 0xbc, 0x6d, 0x27, 0xc7, 0xaf, 0xec, 0xdb, 0x9b, 0x8d, 0xda, 0xca,
-    0x83, 0xd6, 0x22, 0x4b, 0xf0, 0x74, 0x6f, 0xd9, 0x65, 0x4e, 0x5e, 0x46,
-    0x88, 0x69, 0x6c, 0xcc, 0x32, 0x1c, 0x3d, 0xec, 0x93, 0xa2, 0x96, 0x4a,
-    0xd4, 0x67, 0x6e, 0x6a, 0x07, 0x12, 0x85, 0x37, 0x21, 0x33, 0xe8, 0x58,
-    0x4f, 0x90, 0x58, 0xc5, 0x97, 0xfc, 0x41, 0x73, 0x40, 0x78, 0x92, 0xca,
-    0xd1, 0xe5, 0x80, 0x4a, 0xff, 0x13, 0x99, 0x84, 0xe6, 0xac, 0xbf, 0xfb,
-    0x3d, 0xc1, 0x38, 0x72, 0x8d, 0x42, 0xcb, 0xdb, 0xf0, 0x86, 0x7e, 0xc7,
-    0x32, 0xbf, 0xf7, 0x71, 0xef, 0xb6, 0xfc, 0xeb, 0xcb, 0x2f, 0xfd, 0x1a,
-    0x27, 0xda, 0x35, 0x12, 0x59, 0x58, 0x7f, 0xe6, 0x21, 0x53, 0x23, 0x57,
-    0xf0, 0xb3, 0xbf, 0xff, 0xdf, 0x63, 0x33, 0x75, 0x8e, 0xfe, 0xe0, 0x65,
-    0x9d, 0x79, 0x65, 0xff, 0xda, 0x60, 0x09, 0xf8, 0x3b, 0xbf, 0x96, 0x5f,
-    0xff, 0xdb, 0x0f, 0xf1, 0xcc, 0xeb, 0x91, 0xaf, 0x73, 0x36, 0x59, 0x43,
-    0x4c, 0x1f, 0x4c, 0xa4, 0x89, 0x74, 0x32, 0xca, 0x85, 0x5c, 0x19, 0x1b,
-    0x6b, 0xc6, 0x5c, 0x03, 0x0b, 0xfe, 0x9b, 0xbf, 0xb1, 0xe3, 0x46, 0xac,
-    0xbf, 0xcd, 0xa9, 0xb3, 0xd1, 0x32, 0xcb, 0xfa, 0x3f, 0x1e, 0x8f, 0xac,
-    0xbe, 0xdd, 0x62, 0xed, 0x65, 0x61, 0xe8, 0xee, 0x96, 0x5f, 0xb6, 0x9c,
-    0x18, 0x99, 0x65, 0xa4, 0xb2, 0xfd, 0x2f, 0x36, 0xbb, 0x59, 0x78, 0x42,
-    0x99, 0x65, 0x48, 0xf6, 0x3a, 0x11, 0x01, 0x4d, 0x62, 0x73, 0x3d, 0x9e,
-    0x6a, 0x10, 0xae, 0x49, 0xc8, 0x42, 0x54, 0xf1, 0x0a, 0x35, 0x48, 0x9c,
-    0x41, 0xda, 0x70, 0x92, 0x54, 0x9b, 0x51, 0xd2, 0x5d, 0xb2, 0xbd, 0x49,
-    0x36, 0x39, 0xae, 0xe3, 0xf5, 0x69, 0xd4, 0x0d, 0xc8, 0x6c, 0x4d, 0x3f,
-    0xad, 0xa9, 0xce, 0x63, 0xcf, 0xe9, 0x7e, 0x9a, 0xde, 0xf3, 0xbe, 0x60,
-    0x9d, 0x7c, 0x2a, 0xc1, 0x8f, 0x93, 0xee, 0x1e, 0xa7, 0x0e, 0x06, 0x7c,
-    0xb4, 0xc9, 0xc1, 0x71, 0x23, 0xe1, 0xba, 0x0e, 0xb2, 0xf7, 0xf3, 0x8b,
-    0x2f, 0xbc, 0x01, 0x3b, 0x59, 0x7f, 0x98, 0xdf, 0x75, 0xdb, 0x7d, 0x65,
-    0x74, 0x7b, 0x64, 0x4b, 0x43, 0x44, 0xce, 0x3b, 0xde, 0xdd, 0x6d, 0xeb,
-    0x2e, 0x6f, 0xac, 0xbe, 0xcc, 0x2f, 0x2c, 0xba, 0x09, 0x65, 0x7c, 0xf2,
-    0xf8, 0x2d, 0xbc, 0x82, 0xff, 0xfb, 0x08, 0x5f, 0x8d, 0x6e, 0xb9, 0xfc,
-    0x03, 0xac, 0xbf, 0xfe, 0x1c, 0x3e, 0xbe, 0x63, 0x8e, 0x7d, 0xf6, 0x9f,
-    0x59, 0x52, 0x46, 0xd0, 0xcc, 0x7c, 0xa5, 0x79, 0xdc, 0xc5, 0x97, 0xee,
-    0xf3, 0xdf, 0x65, 0x96, 0x71, 0x9e, 0x21, 0x0e, 0x5f, 0x77, 0xf6, 0x15,
-    0xac, 0xbf, 0x4e, 0xea, 0x59, 0xe5, 0x97, 0x9b, 0x50, 0xb2, 0xfd, 0x21,
-    0x39, 0x18, 0xb2, 0xee, 0x7f, 0x0f, 0x0d, 0xc6, 0xef, 0xc6, 0x7b, 0x8e,
-    0x75, 0x97, 0xff, 0xfd, 0x9f, 0x71, 0x39, 0x86, 0xb9, 0x02, 0x0a, 0x26,
-    0xfc, 0x2c, 0xb4, 0x2c, 0xbf, 0xff, 0x46, 0xbf, 0x07, 0xdd, 0x0c, 0x14,
-    0x4d, 0xf8, 0x59, 0x7e, 0x6d, 0x4d, 0x1f, 0xd2, 0x33, 0x00, 0xca, 0x42,
-    0x15, 0x25, 0xc0, 0x4c, 0x22, 0xea, 0x34, 0x63, 0xba, 0x00, 0x98, 0x89,
-    0xfc, 0xdc, 0x12, 0xc1, 0x21, 0xeb, 0x7e, 0x9b, 0xf1, 0xb6, 0x2c, 0xb7,
-    0xd6, 0x54, 0x8d, 0xd0, 0xca, 0x6d, 0x3c, 0x96, 0x5f, 0xfb, 0xdf, 0x79,
-    0x7a, 0x62, 0x83, 0xac, 0xbc, 0xc3, 0xc5, 0x97, 0xfe, 0x72, 0x04, 0xe1,
-    0x85, 0xf5, 0x25, 0x97, 0xcc, 0x5b, 0x42, 0xcb, 0xb3, 0x8b, 0x2e, 0xd4,
-    0x2c, 0xaf, 0x9a, 0xcf, 0x0b, 0x5f, 0xf1, 0x41, 0xd8, 0xb0, 0xf0, 0xb2,
-    0xff, 0xda, 0xd3, 0x4d, 0xcc, 0x35, 0xb4, 0xb2, 0xf7, 0xda, 0x4b, 0x2e,
-    0x68, 0x59, 0x73, 0x0f, 0x11, 0x8f, 0x31, 0x0f, 0x0d, 0x7c, 0x80, 0x60,
-    0xe5, 0x6e, 0x27, 0x55, 0xa4, 0x02, 0x8c, 0x52, 0xfe, 0x18, 0xe2, 0x6f,
-    0x62, 0xcb, 0xff, 0x8b, 0xdc, 0xfb, 0xca, 0x76, 0x75, 0xe5, 0x94, 0x2a,
-    0x2a, 0xc9, 0x81, 0x79, 0x1f, 0xe4, 0x78, 0xac, 0x72, 0x12, 0xeb, 0xfe,
-    0x7d, 0xc9, 0xb9, 0x1f, 0x7d, 0xc5, 0x97, 0xfc, 0x24, 0x4c, 0x24, 0x69,
-    0xe6, 0x59, 0x7e, 0xe6, 0x67, 0xb1, 0x65, 0xe8, 0x2d, 0x96, 0x5f, 0x37,
-    0xd8, 0xeb, 0x29, 0x8d, 0xec, 0xc3, 0x97, 0xfe, 0xf7, 0x05, 0x22, 0x41,
-    0x9f, 0x09, 0x2c, 0xae, 0x91, 0x93, 0xf6, 0x32, 0x21, 0xbd, 0xcf, 0x32,
-    0xcb, 0xa6, 0x0a, 0xcb, 0xa3, 0xb8, 0x36, 0x84, 0x39, 0x7f, 0xd1, 0xef,
-    0xb8, 0x1f, 0xae, 0x2c, 0xa1, 0x9f, 0x21, 0x15, 0xdf, 0xfd, 0x9b, 0x3c,
-    0xd3, 0xbf, 0x1c, 0xe3, 0xac, 0xbf, 0xf8, 0x2e, 0xd2, 0x82, 0xef, 0x3a,
-    0xf2, 0xcb, 0xe2, 0x0b, 0xf7, 0x39, 0x11, 0x7c, 0x47, 0xb8, 0xec, 0xb2,
-    0xff, 0x81, 0x3b, 0xed, 0xd8, 0x74, 0x05, 0x97, 0xf7, 0xbe, 0xd3, 0x8b,
-    0xa5, 0x97, 0xb7, 0x63, 0x71, 0x65, 0x69, 0x11, 0xe4, 0x7b, 0xba, 0x61,
-    0x76, 0xf8, 0x59, 0x7a, 0x60, 0xe9, 0x65, 0xec, 0x6f, 0x2c, 0xbf, 0xe6,
-    0xd6, 0x74, 0x2c, 0xc3, 0x0c, 0x59, 0x5f, 0x3d, 0xa7, 0x1b, 0xa1, 0x4a,
-    0x71, 0x11, 0x0a, 0x56, 0x32, 0x71, 0x8e, 0x3c, 0x5f, 0xff, 0x14, 0x4a,
-    0x70, 0x9e, 0x62, 0x0c, 0xb3, 0x8b, 0x2f, 0xff, 0xdf, 0x0f, 0x0f, 0x1d,
-    0x77, 0xf6, 0x39, 0x36, 0xcb, 0x2f, 0xff, 0xfc, 0xfb, 0x85, 0x8c, 0x45,
-    0x80, 0xcf, 0x41, 0xdb, 0xdf, 0x65, 0x94, 0x35, 0xda, 0x0c, 0x8c, 0x17,
-    0xb8, 0x64, 0x1e, 0x15, 0x9f, 0x8f, 0x10, 0x0a, 0x3c, 0x51, 0x0a, 0xc5,
-    0xdc, 0x0a, 0xcb, 0xfb, 0xec, 0x7e, 0xd8, 0x6b, 0x2f, 0x01, 0xce, 0xb2,
-    0xec, 0x02, 0xca, 0x83, 0x65, 0x83, 0x97, 0x9f, 0x0e, 0xb2, 0xb6, 0x45,
-    0x8e, 0x0b, 0x93, 0x06, 0xe8, 0xfd, 0xff, 0xce, 0x27, 0xe2, 0x5c, 0xd6,
-    0xb3, 0xa5, 0x96, 0x29, 0x22, 0x17, 0xe7, 0xf7, 0xd1, 0xf0, 0xe9, 0x65,
-    0xfd, 0xc2, 0xc1, 0x93, 0xac, 0xa2, 0x3c, 0xd3, 0x08, 0xae, 0xed, 0x96,
-    0x5f, 0x8a, 0x36, 0x8e, 0x96, 0x5f, 0xcf, 0xa3, 0x87, 0x40, 0x59, 0x76,
-    0x80, 0xb2, 0xa4, 0x78, 0xac, 0x5d, 0x6e, 0x76, 0x8a, 0x56, 0x17, 0x76,
-    0xda, 0x84, 0xdc, 0x59, 0xd5, 0xe1, 0x8f, 0x7d, 0xc2, 0x8d, 0x96, 0x5f,
-    0xf6, 0xcf, 0xf7, 0x19, 0x3f, 0x6b, 0x2b, 0x47, 0xb6, 0x44, 0x57, 0xff,
-    0xc6, 0x67, 0x7c, 0xcf, 0x4d, 0x86, 0x96, 0x01, 0x65, 0x61, 0xf9, 0xb1,
-    0x0d, 0xff, 0x11, 0xbf, 0x76, 0xf3, 0x9d, 0x65, 0xff, 0x61, 0x99, 0xae,
-    0xdd, 0xfb, 0x54, 0x61, 0xcb, 0xff, 0x83, 0xc1, 0xfd, 0xcf, 0xd4, 0x98,
-    0x96, 0x5f, 0xbd, 0xf7, 0x20, 0x2c, 0xad, 0x91, 0x67, 0xf4, 0x77, 0x45,
-    0xbf, 0xf3, 0xfb, 0x26, 0x78, 0x28, 0x99, 0x65, 0xff, 0xbe, 0xd8, 0x26,
-    0x4c, 0x64, 0x74, 0xb2, 0xcd, 0x89, 0xcc, 0xea, 0x1d, 0x7f, 0x30, 0xe1,
-    0xed, 0xdd, 0xf6, 0xa8, 0xc1, 0x15, 0x25, 0x44, 0xdd, 0xc7, 0x72, 0x04,
-    0x7b, 0xf8, 0xa3, 0xdc, 0x6d, 0xeb, 0x2f, 0xf4, 0xf5, 0xc1, 0x96, 0x7c,
-    0x52, 0xb2, 0xec, 0x25, 0x94, 0xb2, 0xff, 0xe8, 0x2e, 0xf3, 0xdf, 0x6d,
-    0x03, 0xb5, 0x94, 0x47, 0xa1, 0xe0, 0xbb, 0xe6, 0xe7, 0xd9, 0x65, 0xec,
-    0xeb, 0xcb, 0x28, 0x66, 0xf8, 0xe4, 0x37, 0xf3, 0x16, 0x7b, 0xec, 0xb2,
-    0xd1, 0x87, 0x99, 0xc2, 0x1a, 0x1a, 0x66, 0xd8, 0xca, 0x18, 0x55, 0xdf,
-    0xfe, 0xfb, 0x4d, 0xf6, 0xeb, 0xc5, 0x9b, 0xdd, 0x65, 0xe1, 0xbc, 0xcb,
-    0x2f, 0xf9, 0xb7, 0xff, 0x35, 0xa6, 0xde, 0xb2, 0xa0, 0xf6, 0x7e, 0x3b,
-    0x74, 0x01, 0x65, 0xff, 0x72, 0x0d, 0xe0, 0x47, 0xf6, 0x59, 0x76, 0x14,
-    0xc7, 0xa1, 0xe1, 0x6b, 0xf8, 0xfc, 0xe3, 0x96, 0xcb, 0x2e, 0x39, 0xd6,
-    0x54, 0x1e, 0x2b, 0x97, 0x5f, 0x9b, 0xee, 0xdb, 0x2c, 0xba, 0x37, 0x16,
-    0x5c, 0x0e, 0x48, 0xf0, 0x18, 0x9e, 0xfb, 0x98, 0x5e, 0x59, 0x7b, 0x76,
-    0x34, 0xb2, 0x98, 0xfb, 0x5c, 0xb4, 0x24, 0x37, 0xbe, 0xfe, 0x59, 0x7b,
-    0xcf, 0xb8, 0xb2, 0xff, 0x7b, 0xec, 0x2c, 0x0e, 0xcb, 0x2f, 0xf1, 0xbf,
-    0x89, 0x05, 0xf4, 0xb2, 0xc4, 0xb2, 0x98, 0xf1, 0x02, 0x69, 0x70, 0x98,
-    0xb2, 0xa1, 0x75, 0x0b, 0x62, 0xe1, 0xc6, 0xe5, 0xd9, 0xac, 0xd0, 0xa5,
-    0x3b, 0x8f, 0xdc, 0x8a, 0x19, 0xbc, 0x2d, 0xf0, 0xe0, 0x47, 0xe7, 0xde,
-    0x04, 0x21, 0xbd, 0x36, 0x6e, 0x2c, 0xbf, 0x1a, 0x06, 0x9b, 0x8b, 0x2f,
-    0xbe, 0xcf, 0x25, 0x97, 0x86, 0xf2, 0x59, 0x50, 0x6f, 0x70, 0x86, 0xff,
-    0x7d, 0xe6, 0x9d, 0xdc, 0x0d, 0x65, 0x83, 0x08, 0xbd, 0x03, 0x3f, 0x07,
-    0xef, 0xef, 0xc4, 0xbe, 0x11, 0xac, 0xbf, 0xfd, 0x38, 0x9f, 0xd1, 0xa0,
-    0xcb, 0x51, 0x25, 0x97, 0xe8, 0xf7, 0xe2, 0x65, 0x97, 0x7b, 0x8b, 0x2f,
-    0xce, 0x69, 0x91, 0xa5, 0x95, 0x24, 0x70, 0xb1, 0x77, 0xd2, 0xdc, 0xa0,
-    0x85, 0xef, 0xf3, 0x17, 0xa5, 0x9a, 0xc5, 0x97, 0xff, 0x37, 0x65, 0x87,
-    0x89, 0x87, 0x1b, 0x2c, 0xbf, 0xfa, 0x45, 0x87, 0x72, 0xcf, 0xb9, 0xd6,
-    0x5f, 0xec, 0xf4, 0x6f, 0x62, 0x02, 0xcb, 0xff, 0xe0, 0x1d, 0xe5, 0x2c,
-    0x00, 0x9e, 0xdb, 0x81, 0x59, 0x5d, 0xa2, 0x1b, 0x46, 0x77, 0xfe, 0x13,
-    0xa9, 0xd1, 0x3a, 0x62, 0x83, 0xac, 0xbf, 0xda, 0x86, 0x19, 0x3c, 0x96,
-    0x5f, 0xfb, 0x4c, 0x5d, 0x96, 0x6d, 0x86, 0x2c, 0xbf, 0xec, 0xdf, 0x19,
-    0xd7, 0x5e, 0x15, 0x4b, 0x2f, 0xd1, 0xee, 0x61, 0x4e, 0x45, 0x96, 0x8c,
-    0x7e, 0x7f, 0x43, 0x4d, 0x10, 0x30, 0xf7, 0xbf, 0x77, 0xfe, 0x9f, 0x71,
-    0x65, 0xfe, 0xe4, 0x48, 0xd3, 0x73, 0x71, 0x65, 0xff, 0x86, 0x41, 0xf7,
-    0x20, 0xa3, 0x8b, 0x2a, 0x0f, 0xd5, 0x8e, 0x2c, 0x2b, 0x59, 0x52, 0x57,
-    0x4b, 0xd9, 0x8f, 0x48, 0xad, 0x0c, 0x72, 0x8d, 0xa0, 0x25, 0x3b, 0xe1,
-    0x44, 0x61, 0x05, 0xef, 0xb1, 0xab, 0x2f, 0xff, 0x34, 0x78, 0xb3, 0xdf,
-    0xc6, 0x96, 0xf5, 0x97, 0xfd, 0xd7, 0x00, 0xe4, 0x39, 0x82, 0xb2, 0xff,
-    0xb5, 0x9b, 0xf0, 0x7a, 0x23, 0x16, 0x53, 0x1f, 0xb3, 0x9d, 0xdf, 0xff,
-    0x82, 0x52, 0xc2, 0xf3, 0x4f, 0xe7, 0x89, 0xe4, 0xb2, 0xff, 0x40, 0x23,
-    0xf9, 0xd4, 0x96, 0x53, 0x22, 0x20, 0x95, 0x6b, 0xe9, 0xc4, 0x02, 0x17,
-    0xfe, 0x85, 0x45, 0xf4, 0xcf, 0x33, 0xac, 0xbe, 0x7f, 0x06, 0x4b, 0x2e,
-    0x8e, 0x2c, 0xa9, 0xc7, 0xb6, 0x44, 0x7e, 0x22, 0xbf, 0xef, 0xb9, 0x64,
-    0xd2, 0x8e, 0x96, 0x5f, 0xfd, 0xf6, 0xd6, 0x70, 0xb3, 0x7f, 0xd9, 0x65,
-    0xf8, 0xb3, 0x81, 0x9d, 0x87, 0xfb, 0x31, 0xcd, 0xfb, 0x5d, 0xbb, 0xf6,
-    0xa8, 0x81, 0x97, 0xf3, 0xec, 0x07, 0x21, 0xa2, 0xb0, 0x7a, 0xf6, 0x70,
-    0x38, 0x7e, 0x33, 0xe6, 0xd7, 0xbe, 0xf2, 0x9c, 0x8e, 0x62, 0x85, 0x8d,
-    0xff, 0x7d, 0xb0, 0xb3, 0xb1, 0xe2, 0xca, 0xed, 0x70, 0xfc, 0xf1, 0xd2,
-    0x94, 0x25, 0xbd, 0x1c, 0x9e, 0xf3, 0xab, 0xde, 0x0c, 0x2c, 0xbf, 0xfd,
-    0xf6, 0xf6, 0x61, 0xf9, 0x18, 0x36, 0x59, 0x77, 0x38, 0xb2, 0xf8, 0x7f,
-    0x73, 0xac, 0xbf, 0xec, 0xd8, 0x49, 0x34, 0x75, 0xe5, 0x96, 0x07, 0x68,
-    0xbb, 0xd2, 0x3b, 0x8b, 0x91, 0x15, 0xfe, 0x07, 0x9b, 0x63, 0xc7, 0x6b,
-    0x2b, 0xa4, 0xd3, 0x9e, 0x1a, 0xe4, 0x85, 0x7e, 0x1c, 0xf0, 0xe3, 0x9e,
-    0x16, 0x5f, 0xdd, 0xf5, 0xfe, 0x9f, 0x71, 0x65, 0xf9, 0xf5, 0xec, 0xed,
-    0x65, 0xf0, 0xda, 0x36, 0x59, 0x68, 0xd1, 0xe5, 0x04, 0xa2, 0xff, 0xe6,
-    0x1c, 0xec, 0xce, 0x80, 0xe5, 0xe5, 0x96, 0x94, 0x8f, 0xb3, 0x84, 0xf5,
-    0x09, 0x89, 0x3c, 0x3a, 0xaa, 0x19, 0x02, 0x79, 0x39, 0x8a, 0xd1, 0xd7,
-    0x39, 0xa8, 0x63, 0x44, 0xb9, 0xa4, 0xb2, 0xfe, 0xeb, 0xc3, 0xcc, 0x35,
-    0x65, 0xfd, 0xf6, 0xf7, 0x33, 0xcb, 0x2f, 0xb2, 0x66, 0x3a, 0xca, 0x1a,
-    0x25, 0x30, 0x5b, 0xb2, 0xf1, 0x0b, 0x6d, 0x0b, 0x2f, 0xa0, 0x98, 0x0b,
-    0x2d, 0x9f, 0x36, 0x1e, 0x10, 0xbf, 0xda, 0x27, 0x30, 0x4e, 0x8c, 0x59,
-    0x70, 0x37, 0xac, 0xbf, 0x7b, 0xe1, 0xd8, 0x2b, 0x28, 0x67, 0xf5, 0xf3,
-    0x70, 0x8c, 0xdf, 0xfe, 0x60, 0x77, 0xf6, 0xf9, 0x46, 0x6b, 0x16, 0x5f,
-    0xe1, 0xf5, 0x2c, 0xc2, 0xd9, 0x65, 0xff, 0xa5, 0x1b, 0x99, 0xaf, 0x72,
-    0x24, 0xb2, 0xff, 0xba, 0x1c, 0x71, 0x87, 0xf8, 0x59, 0x7f, 0x9b, 0xdc,
-    0x7e, 0x80, 0x62, 0xcb, 0xb5, 0xb2, 0xa3, 0x05, 0x57, 0xcf, 0x69, 0xcd,
-    0x6f, 0xfc, 0xfa, 0xc2, 0x07, 0x3d, 0xce, 0x96, 0x5f, 0xff, 0xff, 0xd9,
-    0xef, 0xb9, 0x1b, 0x3b, 0x9a, 0x77, 0xf6, 0xfc, 0x1c, 0xec, 0x3b, 0x97,
-    0x52, 0x5c, 0x41, 0x6b, 0xff, 0x3b, 0x9b, 0xdb, 0x8e, 0x71, 0xa6, 0x2e,
-    0x20, 0xb5, 0xff, 0xdf, 0x6f, 0xb4, 0x17, 0xa7, 0x1a, 0x62, 0xe2, 0x0b,
-    0x5f, 0xe8, 0x62, 0xf4, 0xe3, 0x4c, 0x5c, 0x41, 0x6b, 0xf8, 0xf8, 0x39,
-    0xc6, 0x98, 0xb8, 0x82, 0xd7, 0xff, 0xfc, 0xe4, 0x4c, 0x79, 0xdc, 0xef,
-    0xed, 0xa6, 0x37, 0x6c, 0x31, 0x71, 0x05, 0xae, 0xea, 0x70, 0xd3, 0x9e,
-    0xed, 0x47, 0x4a, 0x8e, 0x86, 0x47, 0xf5, 0x0a, 0xb4, 0x7e, 0x7e, 0x52,
-    0x8e, 0x6f, 0xf3, 0x41, 0xbc, 0xf7, 0x3a, 0x59, 0x7c, 0xfa, 0x03, 0xac,
-    0xbf, 0xfb, 0xed, 0xf6, 0x82, 0xf4, 0xe3, 0x4c, 0x5c, 0x41, 0x6b, 0xfe,
-    0x9b, 0x9d, 0xb6, 0xd3, 0x8d, 0x31, 0x71, 0x05, 0xaf, 0xde, 0xe4, 0x1e,
-    0x77, 0x68, 0xa2, 0x11, 0x52, 0xff, 0xf4, 0xee, 0xfe, 0xdd, 0xc7, 0xb9,
-    0x38, 0xd3, 0x17, 0x10, 0x5a, 0xff, 0xff, 0xe2, 0x26, 0x3c, 0xe0, 0xe4,
-    0xee, 0x77, 0xf6, 0xd3, 0x1b, 0xb6, 0x18, 0xb8, 0x82, 0xd5, 0x89, 0x94,
-    0xf4, 0x88, 0xec, 0x17, 0xfd, 0xf6, 0xd3, 0x1b, 0xb6, 0x18, 0xb8, 0x82,
-    0xd7, 0xff, 0xce, 0xfd, 0x4b, 0x9f, 0x61, 0x8e, 0x35, 0x09, 0x2f, 0xfd,
-    0x92, 0x90, 0x79, 0xa2, 0xda, 0x7d, 0x71, 0x05, 0xab, 0xb4, 0x73, 0xe9,
-    0x23, 0x89, 0xf7, 0xfe, 0xed, 0xb5, 0xe7, 0x07, 0x27, 0x18, 0xb8, 0x82,
-    0xd7, 0xf7, 0xdb, 0xff, 0x60, 0x2a, 0x00, 0xb5, 0xfb, 0x01, 0x38, 0xd3,
-    0x17, 0x10, 0x5a, 0xec, 0xf7, 0x67, 0xe7, 0xf3, 0xaa, 0xe9, 0x1e, 0x3c,
-    0x86, 0x1d, 0xfc, 0x7c, 0x1c, 0xe3, 0x4c, 0x5c, 0x41, 0x6b, 0xff, 0x77,
-    0xf6, 0xd3, 0x1b, 0xb6, 0x18, 0xb8, 0x82, 0xd7, 0x64, 0xe7, 0x44, 0x77,
-    0x0f, 0xef, 0xf0, 0x58, 0xee, 0x5d, 0x49, 0x71, 0x05, 0xaf, 0xfd, 0x8d,
-    0xbf, 0x0b, 0x06, 0xf2, 0x5c, 0x41, 0x63, 0x9e, 0x05, 0x0d, 0x78, 0x4b,
-    0x46, 0xe0, 0x35, 0x28, 0xfb, 0x39, 0x18, 0xbf, 0xa3, 0x22, 0x0c, 0x2d,
-    0xcc, 0x6f, 0xb8, 0x10, 0xa8, 0x82, 0xc2, 0xd1, 0x17, 0x73, 0xf6, 0xb2,
-    0x86, 0xca, 0x70, 0xee, 0x12, 0x60, 0xa4, 0xc7, 0xf8, 0xde, 0xb1, 0x96,
-    0x6b, 0x31, 0xa7, 0x29, 0x56, 0x37, 0x4b, 0x75, 0x65, 0xe8, 0x96, 0xea,
-    0xca, 0x83, 0x72, 0x43, 0x55, 0xb3, 0x35, 0x3c, 0x6d, 0xdd, 0x42, 0x83,
-    0x45, 0xe0, 0xa5, 0xbe, 0x93, 0xb5, 0xff, 0xa4, 0x59, 0xef, 0xb6, 0x75,
-    0xe5, 0x97, 0xf1, 0x4b, 0x9e, 0xfc, 0x2c, 0xac, 0x3e, 0xb6, 0x3e, 0xbf,
-    0xd1, 0xf6, 0x33, 0xa9, 0x71, 0x65, 0xfa, 0x3d, 0xcf, 0xb2, 0xcb, 0xff,
-    0x6b, 0x0d, 0xfe, 0x1c, 0x3a, 0xd9, 0x65, 0xff, 0x74, 0x58, 0xc7, 0xc2,
-    0x02, 0xcb, 0xff, 0xff, 0xf3, 0xcc, 0x4e, 0x66, 0x6f, 0x6e, 0x7f, 0x01,
-    0x3f, 0x9e, 0xe3, 0x9f, 0x3a, 0xf2, 0xcb, 0xf4, 0xbd, 0xcc, 0x25, 0x97,
-    0xff, 0x9f, 0xb8, 0x21, 0x96, 0x6f, 0xd3, 0x71, 0x65, 0xff, 0xb9, 0x34,
-    0x82, 0x39, 0xa4, 0x11, 0xac, 0xad, 0x95, 0x08, 0x48, 0xd4, 0x64, 0xf8,
-    0x82, 0x69, 0xbf, 0x50, 0x88, 0xf9, 0x3f, 0x92, 0xaf, 0xfb, 0x3c, 0x66,
-    0x10, 0xff, 0x0b, 0x2f, 0xfe, 0x8e, 0xa4, 0x21, 0xf9, 0xe8, 0xe8, 0xc5,
-    0x97, 0xe9, 0x6e, 0xee, 0x87, 0x65, 0x96, 0xfb, 0x1f, 0xcb, 0xa4, 0xdf,
-    0x78, 0xa0, 0xeb, 0x2f, 0xda, 0x8e, 0xa5, 0xc5, 0x95, 0xb2, 0x64, 0x32,
-    0x85, 0x8b, 0x13, 0x68, 0x86, 0xff, 0xa0, 0xdf, 0xe1, 0x16, 0x74, 0xb2,
-    0xf1, 0xdf, 0xcb, 0x2e, 0x7e, 0x2c, 0xbd, 0x26, 0xf2, 0xcb, 0xff, 0xde,
-    0x62, 0x0c, 0xb3, 0x80, 0xf7, 0xba, 0x59, 0x62, 0x98, 0xf9, 0xc4, 0x1c,
-    0xbf, 0xee, 0x3f, 0x53, 0xe1, 0xfb, 0x69, 0x65, 0xfd, 0x9a, 0x01, 0xdb,
-    0x8b, 0x2e, 0x0f, 0x3c, 0x7d, 0x53, 0xe7, 0xb7, 0xb3, 0x46, 0xac, 0xbf,
-    0xfb, 0x7e, 0xf8, 0xe3, 0xff, 0xa9, 0x67, 0x96, 0x56, 0x26, 0x54, 0x08,
-    0x49, 0xcf, 0x98, 0x88, 0x3b, 0x7f, 0x06, 0x68, 0x2e, 0x32, 0xcb, 0xfc,
-    0x42, 0x66, 0x8a, 0x0e, 0xb2, 0xfe, 0x0f, 0x8a, 0x3d, 0xc5, 0x95, 0x87,
-    0xbe, 0x03, 0x2a, 0x92, 0xab, 0x63, 0x47, 0x01, 0x1d, 0x39, 0x23, 0x72,
-    0x11, 0x95, 0x0b, 0xa4, 0x79, 0x1c, 0xdf, 0x48, 0x6f, 0x2b, 0xba, 0xf1,
-    0xdb, 0x8b, 0x2f, 0xd2, 0x8d, 0xef, 0xf5, 0x95, 0xb1, 0xe2, 0xb8, 0xe5,
-    0xff, 0xd9, 0xd7, 0xb8, 0xc5, 0x00, 0x73, 0xac, 0xbe, 0xdd, 0xcc, 0xd9,
-    0x65, 0xff, 0xfb, 0x3d, 0xf6, 0x9c, 0x6b, 0xce, 0x2c, 0x31, 0xc0, 0xb2,
-    0xf8, 0xe3, 0xc3, 0xac, 0xbf, 0xfd, 0xf1, 0x89, 0xe6, 0xf9, 0x67, 0xa0,
-    0x0b, 0x2f, 0xfb, 0x7b, 0x10, 0xc3, 0xfc, 0x3a, 0xcb, 0xf9, 0xfe, 0xdc,
-    0x89, 0x2c, 0xa9, 0xc8, 0xd2, 0x82, 0x2c, 0x4a, 0xe1, 0xd5, 0xff, 0x85,
-    0x78, 0x45, 0x82, 0x41, 0x01, 0x65, 0xfe, 0xcf, 0xb7, 0x18, 0x32, 0x59,
-    0x5b, 0x2a, 0x42, 0xfa, 0x19, 0x12, 0xfa, 0x32, 0xb0, 0x9e, 0xee, 0xa0,
-    0x5f, 0x75, 0xc8, 0xe9, 0x65, 0xff, 0xa5, 0x9d, 0x4b, 0x51, 0xe7, 0xf2,
-    0xcb, 0xc7, 0x89, 0x2c, 0xbf, 0x60, 0xfe, 0x13, 0x16, 0x54, 0xe4, 0x54,
-    0x4c, 0x48, 0xe7, 0xe4, 0x39, 0x7f, 0xdd, 0xfd, 0x87, 0xf8, 0xf7, 0x16,
-    0x5e, 0x1b, 0xf9, 0x65, 0xff, 0xfb, 0xde, 0xc9, 0xa5, 0x9b, 0x4e, 0xea,
-    0x0a, 0x38, 0xb2, 0xff, 0xf7, 0xb2, 0x69, 0x66, 0xdd, 0x41, 0x47, 0x16,
-    0x5e, 0x28, 0xea, 0x72, 0x29, 0x3c, 0xb3, 0x7f, 0xee, 0x41, 0x44, 0xbd,
-    0xfc, 0x25, 0x95, 0xa4, 0xea, 0x8e, 0x7c, 0xe7, 0x40, 0x86, 0x07, 0x0d,
-    0xaf, 0x34, 0xfe, 0x2c, 0xbc, 0xdd, 0x79, 0x65, 0xef, 0xec, 0xcb, 0x2e,
-    0xc3, 0x38, 0x6e, 0x82, 0x3b, 0x7f, 0xed, 0x13, 0x98, 0xfa, 0xd6, 0x74,
-    0xb2, 0xf1, 0x31, 0xab, 0x2f, 0xee, 0x30, 0xf0, 0xce, 0x2c, 0xbf, 0x9f,
-    0x4e, 0x36, 0xc5, 0x97, 0x68, 0x0b, 0x2e, 0xc3, 0x16, 0x53, 0x9a, 0xef,
-    0x0b, 0xd4, 0x27, 0x0f, 0xb2, 0xc0, 0xcb, 0x70, 0xff, 0xa1, 0xcf, 0x97,
-    0x79, 0x66, 0xf1, 0xdd, 0x96, 0x57, 0x48, 0x80, 0x03, 0x2d, 0xf1, 0x99,
-    0xf7, 0x59, 0x7c, 0x6e, 0x98, 0xc5, 0x97, 0xed, 0x9f, 0xf1, 0xb8, 0xb2,
-    0xff, 0x8d, 0xc2, 0x89, 0x7b, 0x3b, 0x59, 0x7e, 0xdb, 0xd3, 0xf9, 0xe5,
-    0x95, 0x3d, 0x22, 0xd3, 0x09, 0x18, 0xac, 0x27, 0x37, 0xf1, 0xbf, 0x8e,
-    0xbd, 0x8b, 0x2f, 0xf1, 0x60, 0xff, 0x06, 0x12, 0xca, 0x83, 0xe1, 0xd1,
-    0x7d, 0xff, 0xfe, 0xd4, 0x7e, 0x35, 0xa8, 0xdb, 0xce, 0xe6, 0xe7, 0x5e,
-    0x59, 0x50, 0xc9, 0x8c, 0xc9, 0x4c, 0x8d, 0x2a, 0xd1, 0xe5, 0x2b, 0x00,
-    0x90, 0xa1, 0xac, 0x18, 0x50, 0x88, 0x43, 0x7c, 0x53, 0x73, 0x16, 0x5f,
-    0xa5, 0x9b, 0x7a, 0x16, 0x5f, 0xff, 0xd1, 0xe1, 0x36, 0x1e, 0x7a, 0x37,
-    0xb7, 0x81, 0x12, 0x59, 0x7f, 0xe8, 0xd8, 0xff, 0x6d, 0x69, 0xe4, 0xb2,
-    0xb6, 0x44, 0xe9, 0x2f, 0x52, 0xca, 0x64, 0xc5, 0x66, 0x22, 0x28, 0x62,
-    0xcf, 0x91, 0xdf, 0xed, 0xb6, 0x82, 0xeb, 0x3c, 0xb2, 0xfc, 0x3c, 0xc2,
-    0xed, 0x65, 0xfb, 0xaf, 0x13, 0xfd, 0x65, 0xd1, 0x32, 0xca, 0xd8, 0xf9,
-    0xa4, 0x4e, 0x02, 0x8a, 0xc4, 0xc4, 0x19, 0x14, 0x30, 0x9b, 0xbf, 0xfb,
-    0x44, 0x1e, 0xbc, 0x59, 0xb3, 0x92, 0xcb, 0xff, 0xf8, 0x7f, 0x0e, 0xcd,
-    0x9a, 0xd6, 0x47, 0x52, 0x63, 0xac, 0xbf, 0xcf, 0x31, 0x07, 0xc5, 0x0b,
-    0x2f, 0xe1, 0x89, 0xef, 0x31, 0x8b, 0x2e, 0x29, 0x96, 0x53, 0x9e, 0x38,
-    0x4c, 0x2e, 0xf9, 0xab, 0x2f, 0xfb, 0xf1, 0xd1, 0x60, 0xde, 0x4b, 0x2f,
-    0x3e, 0xb6, 0x59, 0x70, 0x21, 0x65, 0xf3, 0x41, 0xf1, 0x65, 0x2c, 0xbf,
-    0x9c, 0xdf, 0x46, 0x80, 0xb2, 0x86, 0x6e, 0x48, 0x2e, 0xff, 0xff, 0x43,
-    0x0c, 0xa0, 0x3d, 0xfb, 0x3b, 0x1c, 0x76, 0x21, 0xd6, 0x5c, 0x08, 0x59,
-    0x74, 0x1a, 0xb2, 0xff, 0xb3, 0xdc, 0x83, 0x89, 0x93, 0x2c, 0xbf, 0xdc,
-    0xcf, 0xb7, 0x03, 0xb2, 0xcb, 0x8c, 0x31, 0x25, 0xff, 0x16, 0x6f, 0x79,
-    0x71, 0x86, 0xb2, 0xbb, 0x4f, 0xf1, 0x87, 0x74, 0x2c, 0x75, 0x9f, 0x90,
-    0x01, 0x8c, 0x56, 0x2c, 0x42, 0xfc, 0x3a, 0x30, 0xd0, 0x41, 0x9b, 0xc6,
-    0x18, 0x62, 0x4b, 0x1d, 0x20, 0xb3, 0x41, 0x79, 0xdf, 0x49, 0x05, 0xa3,
-    0x84, 0x48, 0x5f, 0x50, 0xd5, 0xb7, 0xf6, 0x31, 0x34, 0xb1, 0x5a, 0xd9,
-    0x73, 0x93, 0xb4, 0x4e, 0x97, 0x3e, 0xf2, 0xf2, 0xe4, 0x2f, 0xef, 0x46,
-    0x7f, 0x36, 0x59, 0x76, 0x1d, 0x65, 0x74, 0x78, 0x7c, 0x2d, 0xbf, 0xfb,
-    0x3f, 0xf7, 0x6f, 0x46, 0x14, 0xcb, 0x28, 0x52, 0xfa, 0x50, 0x51, 0x39,
-    0x67, 0xb4, 0x31, 0xa5, 0x2b, 0xa8, 0x6c, 0x39, 0x3b, 0xbe, 0x6c, 0xb3,
-    0x1e, 0xa5, 0x93, 0xb4, 0xeb, 0xdc, 0xd0, 0xca, 0xd4, 0x37, 0x4f, 0x18,
-    0xb7, 0xe9, 0x7f, 0xef, 0x4e, 0x41, 0x04, 0x35, 0x4a, 0x7d, 0x4f, 0x94,
-    0xa1, 0xcf, 0x4a, 0xb5, 0x0c, 0xe8, 0xc6, 0xf8, 0x4c, 0xcf, 0x91, 0xdc,
-    0x27, 0x96, 0x5f, 0xd8, 0x00, 0x36, 0xa4, 0xb2, 0xf7, 0xc2, 0x6a, 0xcb,
-    0xbb, 0xc5, 0x94, 0x33, 0xe2, 0x62, 0xd7, 0x1e, 0xbf, 0xf4, 0x1e, 0x7d,
-    0xf6, 0xc1, 0xb1, 0x8b, 0x2e, 0xc3, 0x16, 0x5d, 0x1e, 0x59, 0x5b, 0x1a,
-    0xde, 0xc5, 0xec, 0x75, 0x95, 0x24, 0x51, 0xe3, 0x7f, 0x88, 0xef, 0xf4,
-    0x98, 0xb0, 0xe1, 0xfa, 0xcb, 0xf7, 0xdd, 0x89, 0xd6, 0x5f, 0xfb, 0x3d,
-    0xcf, 0xb1, 0xdf, 0x34, 0xb2, 0xec, 0x1a, 0xca, 0x84, 0x55, 0x1a, 0x64,
-    0x44, 0xbb, 0xcf, 0x6f, 0xd9, 0x3b, 0x01, 0xe5, 0x97, 0xd3, 0xbd, 0x1b,
-    0xd6, 0x5f, 0xb3, 0xb8, 0x3b, 0x2c, 0xbe, 0xc3, 0xe7, 0x96, 0x5f, 0xdf,
-    0x81, 0x1a, 0x36, 0x59, 0x7f, 0xcd, 0xbf, 0x59, 0x36, 0x75, 0xe5, 0x95,
-    0xd9, 0xf5, 0x7c, 0xba, 0xe7, 0x35, 0x65, 0x68, 0xdd, 0x78, 0x8e, 0xf9,
-    0xce, 0xf3, 0x2c, 0xbf, 0xfd, 0x33, 0x4d, 0x39, 0xba, 0xe3, 0x88, 0xc7,
-    0x59, 0x7e, 0x68, 0x32, 0x26, 0x59, 0x7f, 0xa7, 0x7d, 0xc0, 0x06, 0xfa,
-    0xcb, 0xe7, 0xf7, 0x5c, 0x59, 0x50, 0x8c, 0xf6, 0x4f, 0x72, 0x82, 0x35,
-    0xbf, 0xff, 0xf3, 0xcc, 0x19, 0x07, 0xb9, 0xdf, 0x6f, 0x7a, 0x3a, 0x8d,
-    0xa3, 0x8b, 0x2f, 0xc4, 0xfb, 0x9b, 0x4c, 0xb2, 0xfa, 0x6e, 0x47, 0x96,
-    0x57, 0x68, 0xc1, 0x99, 0xc8, 0x25, 0x96, 0x31, 0x65, 0xff, 0xfe, 0x27,
-    0x7d, 0xf1, 0x2f, 0xc6, 0xb6, 0x8f, 0x71, 0xe4, 0xb2, 0xfe, 0x8e, 0xfd,
-    0xc7, 0xe9, 0x65, 0xf7, 0xf1, 0xf6, 0x59, 0x7d, 0x87, 0x7e, 0x96, 0x56,
-    0xe2, 0x35, 0x09, 0x87, 0x85, 0xe2, 0x11, 0x5e, 0x6e, 0xa6, 0x59, 0x7c,
-    0x11, 0x59, 0xd9, 0x65, 0xfb, 0x33, 0x60, 0xf1, 0x65, 0xf6, 0x89, 0x80,
-    0xb2, 0xf9, 0xbb, 0x7d, 0x2c, 0xba, 0x00, 0xb2, 0xf8, 0x3b, 0x04, 0x5f,
-    0xcd, 0xc0, 0x84, 0x54, 0xc8, 0x96, 0xfa, 0xcd, 0x80, 0xb2, 0xec, 0xed,
-    0x65, 0xfb, 0x35, 0xa6, 0xd2, 0xca, 0xdc, 0x3c, 0xff, 0x88, 0x80, 0x5e,
-    0xfa, 0x3a, 0xce, 0xd6, 0x5f, 0x84, 0x68, 0xe3, 0xac, 0xa7, 0x3c, 0xa0,
-    0x91, 0xdf, 0xf7, 0xdf, 0x9f, 0x6d, 0x9c, 0x96, 0x5f, 0x3e, 0xc2, 0x49,
-    0x65, 0x0a, 0x59, 0x2d, 0x82, 0x87, 0xa8, 0x86, 0x84, 0xa1, 0xb2, 0x33,
-    0xec, 0x29, 0x34, 0x9b, 0xa2, 0x76, 0x86, 0x2e, 0xe1, 0x0c, 0xd0, 0xf1,
-    0xd4, 0x3e, 0xbe, 0x64, 0xf0, 0xe6, 0x02, 0x00, 0xac, 0x7b, 0x84, 0xde,
-    0x85, 0xf0, 0x5c, 0x4c, 0x7c, 0x10, 0x87, 0x74, 0xe2, 0xff, 0x61, 0x30,
-    0x39, 0xf6, 0x59, 0x6d, 0xc5, 0x97, 0xc3, 0x3b, 0xc9, 0x65, 0x31, 0xb6,
-    0x08, 0xa5, 0x4e, 0x44, 0x39, 0x33, 0xde, 0x6d, 0x82, 0xb2, 0xe7, 0x85,
-    0x97, 0xe8, 0x03, 0x75, 0x8b, 0x2e, 0x38, 0x56, 0x5f, 0x9f, 0xdf, 0x09,
-    0x2c, 0xb8, 0xfb, 0xd6, 0x5f, 0xf0, 0x5d, 0x89, 0xfc, 0xff, 0x59, 0x53,
-    0x91, 0x93, 0x02, 0xac, 0x4f, 0xf1, 0x72, 0x27, 0xe0, 0xcd, 0xff, 0xd1,
-    0xc6, 0x04, 0x69, 0xbf, 0x03, 0x59, 0x79, 0xc2, 0x2b, 0x59, 0x7f, 0xec,
-    0xec, 0xb3, 0x93, 0xf9, 0xa8, 0x59, 0x43, 0x47, 0xc1, 0x2b, 0x79, 0x08,
-    0x42, 0x0b, 0xff, 0xd2, 0x28, 0x9c, 0x72, 0x83, 0x7c, 0xdb, 0x2c, 0xbe,
-    0xc0, 0xeb, 0x65, 0x97, 0xe7, 0x3e, 0x7c, 0xeb, 0x2b, 0xa4, 0x4b, 0x69,
-    0x33, 0xc4, 0x76, 0x31, 0x65, 0xef, 0x6a, 0x16, 0x5e, 0xe3, 0xf9, 0x65,
-    0xf6, 0x6c, 0x24, 0x96, 0x5e, 0x10, 0x80, 0xb2, 0xba, 0x3d, 0xd2, 0x1c,
-    0xf1, 0x25, 0xfd, 0xed, 0xf8, 0x58, 0x35, 0x95, 0x31, 0xee, 0xf0, 0xbe,
-    0xfd, 0xcc, 0x93, 0x69, 0x65, 0xfa, 0x69, 0x3f, 0x5c, 0x59, 0x58, 0x7a,
-    0x3c, 0x27, 0xbc, 0x1d, 0xcd, 0xd5, 0x96, 0xde, 0xb2, 0xff, 0xb5, 0xf7,
-    0x11, 0xfe, 0xc0, 0x59, 0x50, 0x79, 0x8c, 0x27, 0x7f, 0x31, 0x6d, 0xf0,
-    0xf1, 0x65, 0x7c, 0xf3, 0xbc, 0x41, 0x76, 0xe6, 0xea, 0xcb, 0xdc, 0x96,
-    0xcb, 0x2b, 0x64, 0xc6, 0xb2, 0x17, 0xa1, 0x22, 0x10, 0x76, 0xa1, 0x77,
-    0x86, 0x44, 0x99, 0x1e, 0xf3, 0x43, 0x4e, 0x63, 0x13, 0x89, 0x3c, 0x35,
-    0x89, 0xd3, 0xd1, 0x9d, 0xde, 0x79, 0xc2, 0x2c, 0xbd, 0x33, 0x7d, 0x65,
-    0xfd, 0x1a, 0x79, 0x9b, 0xeb, 0x2f, 0xdc, 0x1c, 0x16, 0xce, 0x79, 0x5c,
-    0x1d, 0xbf, 0xfd, 0xef, 0x41, 0x41, 0xa6, 0xc4, 0xb7, 0x0e, 0xb2, 0xfe,
-    0xcd, 0xa3, 0xff, 0x85, 0x97, 0xec, 0x9b, 0xf8, 0x4b, 0x2f, 0xd8, 0x21,
-    0x04, 0x0b, 0x2f, 0xc0, 0x77, 0x91, 0xd6, 0x54, 0x1e, 0x7e, 0x14, 0x53,
-    0x26, 0x23, 0xa4, 0xef, 0x96, 0x93, 0xb5, 0xe3, 0xc1, 0xd6, 0x57, 0x49,
-    0xd3, 0xea, 0x34, 0xf3, 0x9e, 0x5f, 0x1f, 0x5a, 0x85, 0x97, 0xf3, 0x6b,
-    0x82, 0x40, 0x16, 0x5f, 0xfd, 0x9e, 0xfb, 0x7b, 0xf8, 0x50, 0x05, 0x96,
-    0xde, 0x03, 0xf0, 0x22, 0xeb, 0xff, 0xd2, 0x9d, 0x83, 0x6e, 0x75, 0xe0,
-    0xbf, 0x16, 0x5f, 0xf7, 0x33, 0xd0, 0x76, 0xd4, 0x96, 0x53, 0x22, 0xb8,
-    0x8a, 0x7c, 0x9b, 0x7e, 0xf8, 0x4a, 0x37, 0xac, 0xbf, 0x89, 0xfd, 0x28,
-    0x35, 0x65, 0x41, 0xeb, 0x08, 0x53, 0x71, 0xf8, 0xb2, 0xfb, 0x69, 0xdb,
-    0xbd, 0xac, 0xbf, 0xbe, 0xc6, 0x67, 0x5e, 0x59, 0x7f, 0xfb, 0x91, 0xae,
-    0xfd, 0xc6, 0xf7, 0xf0, 0x6b, 0x2f, 0xb3, 0x3a, 0x92, 0xcb, 0xdc, 0x69,
-    0x96, 0x51, 0x1b, 0xfe, 0x11, 0x5f, 0x9b, 0x7e, 0xb0, 0xeb, 0x28, 0xd3,
-    0xc9, 0xf9, 0x05, 0xb8, 0xb2, 0xfe, 0x77, 0xd1, 0x99, 0xf5, 0x97, 0xf9,
-    0xa3, 0xd9, 0xbd, 0xc6, 0xb2, 0xff, 0x7e, 0x34, 0xdd, 0xb6, 0xf5, 0x95,
-    0x32, 0x25, 0x74, 0x5b, 0xe3, 0x3b, 0xff, 0x6c, 0x51, 0xd3, 0x0c, 0xa3,
-    0x65, 0x97, 0xf8, 0x1c, 0xf1, 0x41, 0xf8, 0xb2, 0xff, 0x1e, 0x3e, 0xfc,
-    0x8d, 0xc5, 0x95, 0x07, 0xd0, 0xe6, 0x74, 0xe8, 0xc7, 0x28, 0x53, 0xd0,
-    0xd5, 0x74, 0xf6, 0x5f, 0xa8, 0x69, 0x9c, 0x8f, 0xf0, 0xa6, 0x28, 0x7c,
-    0x5f, 0x1a, 0x60, 0xce, 0xb2, 0xfd, 0x3b, 0xf1, 0xa9, 0x2c, 0xa9, 0xcc,
-    0x80, 0xf8, 0x94, 0x21, 0xb1, 0xc6, 0x46, 0x81, 0xdc, 0x21, 0x26, 0x22,
-    0x38, 0xbb, 0xcb, 0x13, 0xf3, 0x41, 0x84, 0xb7, 0x8f, 0xc8, 0x59, 0x7f,
-    0x6d, 0x34, 0x85, 0x1a, 0xd9, 0x65, 0xf1, 0xf1, 0xfe, 0xb2, 0xdb, 0x2c,
-    0xbf, 0x7b, 0xec, 0x7d, 0x2c, 0xa9, 0x1b, 0xad, 0x09, 0x5e, 0xf8, 0xd9,
-    0x65, 0xfb, 0xf8, 0xd2, 0xe2, 0xcb, 0xff, 0xef, 0xc0, 0x82, 0xfc, 0x4e,
-    0x0e, 0x72, 0x00, 0x92, 0xfd, 0x9e, 0x70, 0x8a, 0xd6, 0x5b, 0x71, 0x65,
-    0xfb, 0x5d, 0xbb, 0xf6, 0xb8, 0x81, 0x17, 0xb9, 0x1d, 0x2c, 0xbe, 0x6e,
-    0x6a, 0x4b, 0x2c, 0x08, 0x44, 0x4e, 0x0a, 0x74, 0x6c, 0x71, 0xdb, 0xe2,
-    0xc3, 0x37, 0x56, 0x5c, 0xdb, 0x2c, 0xa6, 0x37, 0x9e, 0x25, 0xbc, 0x12,
-    0xed, 0x65, 0xf6, 0xc4, 0xe7, 0x59, 0x73, 0x92, 0xca, 0x83, 0x6f, 0xb1,
-    0x15, 0x49, 0x52, 0x00, 0xc9, 0xfa, 0x52, 0xd4, 0x2d, 0x0e, 0xfd, 0xf2,
-    0x0f, 0x2a, 0x5f, 0xcf, 0xac, 0xdf, 0x83, 0x59, 0x7e, 0xed, 0xcd, 0xfb,
-    0x2c, 0xa0, 0x1e, 0xb9, 0x17, 0x5f, 0x68, 0x6c, 0x75, 0x97, 0x86, 0xf2,
-    0x59, 0x69, 0x2c, 0xa8, 0x35, 0xbb, 0xa3, 0x97, 0xde, 0xd9, 0xc9, 0x65,
-    0xe3, 0xc7, 0x6b, 0x2e, 0x73, 0x56, 0x56, 0x1b, 0x42, 0x1d, 0xb4, 0x96,
-    0x5f, 0xd9, 0xb0, 0x7d, 0xbf, 0xcb, 0x2a, 0x0f, 0x08, 0xd1, 0x1b, 0xfe,
-    0x79, 0x6a, 0x36, 0x7d, 0x76, 0xb2, 0xcc, 0xb2, 0xff, 0xfc, 0xfd, 0x03,
-    0xbf, 0xb4, 0xc4, 0xe6, 0x7b, 0x3e, 0xb2, 0xf1, 0xad, 0xe5, 0x97, 0xb8,
-    0xfe, 0x59, 0x50, 0x8a, 0x1c, 0x10, 0x35, 0x63, 0xa1, 0xdb, 0xa7, 0x7d,
-    0x65, 0xfb, 0xcc, 0x30, 0xc2, 0xcb, 0xe7, 0x96, 0x0d, 0x65, 0x1c, 0xf2,
-    0x08, 0x9e, 0xf1, 0xfd, 0xda, 0xcb, 0x7a, 0x0d, 0xfe, 0x10, 0xdf, 0xd0,
-    0x7c, 0x36, 0x38, 0xb2, 0xb6, 0x56, 0x0d, 0x84, 0x7d, 0xab, 0x69, 0x84,
-    0xe4, 0x5f, 0x86, 0xd8, 0x0f, 0x4a, 0x14, 0x1e, 0x25, 0xbc, 0xc7, 0x85,
-    0x97, 0x41, 0xd6, 0x5e, 0xcd, 0x62, 0xca, 0xec, 0xd8, 0x9c, 0x5a, 0xff,
-    0x81, 0xfc, 0xea, 0x5e, 0x69, 0x96, 0x56, 0x1e, 0xe8, 0x48, 0xae, 0xcd,
-    0x96, 0x58, 0x2b, 0x28, 0x66, 0xa3, 0x42, 0xf7, 0xfa, 0x30, 0xbd, 0xc9,
-    0xfd, 0xeb, 0x2f, 0xe8, 0xdc, 0xfb, 0x3c, 0x96, 0x5e, 0x8e, 0x4e, 0x39,
-    0xf3, 0x11, 0xbd, 0xfc, 0xe6, 0x73, 0x90, 0x05, 0x95, 0xf3, 0xe2, 0x23,
-    0x4b, 0xd0, 0xfa, 0x59, 0x7f, 0xef, 0xb9, 0x7b, 0x84, 0x17, 0x11, 0x65,
-    0xff, 0x6b, 0x4d, 0xd4, 0xbc, 0xfd, 0x2c, 0xbd, 0x3e, 0xe6, 0xac, 0xbf,
-    0xe8, 0x3c, 0xb3, 0x6c, 0x08, 0xad, 0x65, 0xff, 0x40, 0x1a, 0x5f, 0x62,
-    0x02, 0xcb, 0x6c, 0xb2, 0xe7, 0xf6, 0x8f, 0x24, 0x56, 0x6f, 0x58, 0x8d,
-    0x76, 0x20, 0x78, 0x43, 0x5e, 0x32, 0x04, 0x59, 0x7f, 0xf3, 0xf0, 0x4f,
-    0x31, 0x06, 0x59, 0xc5, 0x97, 0x10, 0xd7, 0x57, 0xd2, 0xa0, 0xf9, 0xdd,
-    0x12, 0xe0, 0x3a, 0xcb, 0xe9, 0x06, 0x0d, 0x59, 0x60, 0x2c, 0xac, 0x36,
-    0x8e, 0x47, 0x50, 0xae, 0xd4, 0x70, 0xe9, 0x34, 0x87, 0xb1, 0xb6, 0x3e,
-    0xd4, 0x62, 0x5f, 0x32, 0x04, 0x21, 0x48, 0x83, 0xc9, 0x57, 0xf8, 0x7f,
-    0x73, 0x89, 0x04, 0xb2, 0xfe, 0xfe, 0x4b, 0xed, 0xbd, 0x65, 0x6e, 0x1f,
-    0x17, 0x8c, 0xec, 0x4b, 0x2f, 0x68, 0x3b, 0x2c, 0xa9, 0x1a, 0xe3, 0x88,
-    0x5f, 0xff, 0x13, 0x1a, 0x2f, 0x9e, 0xf8, 0x5e, 0x52, 0x85, 0x95, 0x07,
-    0xe7, 0x84, 0x37, 0xef, 0xe7, 0xb9, 0x0b, 0x2f, 0xc5, 0xe0, 0xe7, 0xd6,
-    0x58, 0x2b, 0x29, 0x65, 0x4e, 0x2f, 0x02, 0x23, 0x50, 0x7c, 0xbb, 0x21,
-    0xdd, 0xba, 0xcb, 0x2e, 0xdf, 0x0b, 0x2c, 0x15, 0x97, 0x66, 0x96, 0x5b,
-    0x80, 0x34, 0xfe, 0x11, 0xad, 0x95, 0x88, 0xca, 0x1f, 0xc6, 0xc3, 0x1b,
-    0xb2, 0x0d, 0x42, 0x31, 0xc8, 0xb8, 0x33, 0xe3, 0xfb, 0xc3, 0x79, 0x2c,
-    0xb9, 0xb4, 0xb2, 0xb0, 0xd9, 0x7c, 0x72, 0xfc, 0xe4, 0x4c, 0x75, 0x97,
-    0xb3, 0x78, 0x8b, 0x2e, 0x6f, 0xac, 0xbc, 0x37, 0x92, 0xcb, 0xe7, 0x3e,
-    0x1d, 0x65, 0xf3, 0x1e, 0x37, 0x16, 0x5c, 0xda, 0x9c, 0x78, 0xb8, 0x43,
-    0x43, 0x45, 0x2e, 0x0b, 0x7d, 0x86, 0xfc, 0xc7, 0x72, 0xc5, 0x97, 0x9a,
-    0x24, 0xb2, 0xa7, 0x36, 0x3a, 0x73, 0xd8, 0xe4, 0x1b, 0x49, 0x6c, 0x64,
-    0x39, 0x29, 0x70, 0xd8, 0x61, 0xf6, 0x42, 0xd2, 0xd5, 0x75, 0x08, 0xaf,
-    0xc2, 0xa5, 0xe7, 0xc3, 0xc1, 0x0b, 0x62, 0x20, 0xe1, 0x28, 0x61, 0x89,
-    0x3e, 0x5f, 0xba, 0x4b, 0x7f, 0xf7, 0xa1, 0xbe, 0xfa, 0x83, 0x72, 0x65,
-    0x97, 0xe1, 0xc7, 0xe0, 0x45, 0x94, 0xe7, 0xd8, 0x14, 0x4b, 0xfe, 0x7e,
-    0x16, 0x6f, 0x6f, 0x85, 0x65, 0xfd, 0x9f, 0xce, 0xc3, 0x8b, 0x2f, 0xf8,
-    0xb3, 0xd1, 0xbd, 0x88, 0x0b, 0x2f, 0xf7, 0xa3, 0x7b, 0x7a, 0x50, 0xb2,
-    0xff, 0xfe, 0xc1, 0x23, 0x40, 0x6f, 0x68, 0x27, 0xe7, 0xb3, 0x4b, 0x2b,
-    0x11, 0x20, 0x46, 0x97, 0xe1, 0xb9, 0x66, 0xe2, 0xca, 0xc4, 0xc4, 0x81,
-    0x0c, 0x8e, 0x10, 0xdd, 0xa3, 0xac, 0xbe, 0x6f, 0x44, 0x96, 0x5f, 0xe0,
-    0xbb, 0x4a, 0x0b, 0xb5, 0x95, 0x87, 0xd5, 0xf1, 0x7e, 0x10, 0xde, 0xfe,
-    0x01, 0x65, 0xff, 0x9b, 0x5f, 0x7e, 0x1b, 0xaf, 0x76, 0xb2, 0xfc, 0xde,
-    0x8f, 0x71, 0x25, 0xf7, 0x71, 0xee, 0x24, 0xb8, 0xc3, 0x12, 0x54, 0x8f,
-    0x8f, 0x09, 0xcc, 0x23, 0xa4, 0x82, 0xcd, 0x7d, 0x49, 0x30, 0xcf, 0x8e,
-    0x19, 0x0d, 0x3b, 0xce, 0x40, 0x59, 0x79, 0xfe, 0xeb, 0x2f, 0xc6, 0x78,
-    0x48, 0x02, 0xca, 0xc4, 0x4b, 0x9a, 0x6f, 0xf1, 0xb7, 0x1b, 0xbc, 0x4e,
-    0x62, 0xcb, 0xf7, 0xda, 0x34, 0x05, 0x95, 0x31, 0xe1, 0xf8, 0x72, 0xf4,
-    0xdf, 0x65, 0x97, 0xfd, 0x85, 0xef, 0xb4, 0x16, 0xcb, 0x2f, 0xff, 0xf7,
-    0xf0, 0xe2, 0x40, 0x35, 0x1c, 0x2c, 0xde, 0xdf, 0x0a, 0xcb, 0xde, 0x8e,
-    0xf1, 0x13, 0x3e, 0x37, 0xbf, 0xfc, 0x63, 0xf3, 0xcd, 0xf6, 0xc3, 0x5b,
-    0x4b, 0x29, 0x65, 0x62, 0x22, 0x7e, 0x69, 0xc4, 0xaa, 0x1a, 0xf0, 0xcf,
-    0x64, 0x33, 0x1c, 0xea, 0x33, 0xf3, 0xc2, 0x7c, 0x11, 0xe8, 0x93, 0xff,
-    0x08, 0xcc, 0x8c, 0xfe, 0xff, 0x04, 0xbd, 0x36, 0xe1, 0x01, 0x65, 0xfc,
-    0x51, 0x2d, 0x6a, 0x16, 0x5e, 0x8d, 0x01, 0x65, 0xf1, 0x47, 0x40, 0xc3,
-    0xc8, 0xf9, 0x65, 0xff, 0xbd, 0xcc, 0xef, 0xee, 0x5e, 0xe2, 0xcb, 0xcc,
-    0x40, 0x59, 0x38, 0xdf, 0xd1, 0xd1, 0x49, 0xbd, 0xde, 0xee, 0x79, 0x65,
-    0xff, 0x8e, 0xd8, 0x7f, 0x70, 0x25, 0xe5, 0x97, 0xff, 0xf6, 0x83, 0xcf,
-    0xbc, 0xbb, 0xfb, 0x75, 0x28, 0x79, 0x2c, 0xb4, 0x1a, 0x89, 0xbf, 0x1f,
-    0x54, 0x26, 0x01, 0x84, 0xbf, 0x85, 0x95, 0xb6, 0x59, 0x7f, 0x72, 0x0c,
-    0xf6, 0x76, 0xb2, 0xff, 0xb3, 0x7b, 0xe9, 0xe4, 0xf2, 0x59, 0x74, 0x0f,
-    0xb3, 0xfa, 0xe8, 0x4b, 0x85, 0xf7, 0xf4, 0x7e, 0x3f, 0x1b, 0x2c, 0xbd,
-    0xe8, 0x1a, 0xcb, 0xff, 0x33, 0xf5, 0x2f, 0x70, 0x98, 0xd5, 0x97, 0xf6,
-    0x4f, 0x87, 0xed, 0xa5, 0x95, 0x23, 0xef, 0x10, 0xfe, 0xa1, 0x15, 0xd9,
-    0x08, 0xba, 0xd9, 0x30, 0x19, 0x43, 0x6e, 0xdc, 0x59, 0x4b, 0x29, 0xcb,
-    0xc3, 0x04, 0x6a, 0x0f, 0x99, 0xd1, 0xaf, 0xfb, 0x58, 0x77, 0x2f, 0x72,
-    0x16, 0x50, 0xd3, 0xfa, 0xfc, 0x74, 0x6e, 0x41, 0x7e, 0x97, 0xc3, 0x1a,
-    0x59, 0x7f, 0xa3, 0x7b, 0x6f, 0x20, 0xf1, 0x65, 0xfc, 0xdc, 0x7e, 0xa5,
-    0x8b, 0x2e, 0x73, 0xe8, 0xf8, 0xe7, 0xcd, 0xaf, 0xf3, 0x47, 0x8a, 0x0f,
-    0xc5, 0x95, 0xd2, 0x3b, 0x3f, 0x08, 0xb2, 0x30, 0xbf, 0x60, 0x4f, 0x1c,
-    0x59, 0x4b, 0x2e, 0xc9, 0xb4, 0x6c, 0xb8, 0x4f, 0x7f, 0xcc, 0x11, 0x5f,
-    0xe0, 0x42, 0xd9, 0x65, 0xff, 0x46, 0xd1, 0xd7, 0x8b, 0x36, 0x59, 0x7b,
-    0x75, 0x8c, 0x59, 0x58, 0x8c, 0x5e, 0xcb, 0x58, 0xfb, 0x74, 0xea, 0xff,
-    0xe1, 0x38, 0xdc, 0x99, 0x87, 0x84, 0x05, 0x97, 0xa4, 0x4e, 0xb2, 0xf9,
-    0xfd, 0x9b, 0x2c, 0xba, 0x3a, 0x59, 0x71, 0x42, 0xcb, 0x1e, 0x0f, 0xa7,
-    0xe3, 0x64, 0x45, 0xe1, 0x7b, 0xfb, 0x26, 0xfc, 0x08, 0x4b, 0x2f, 0xff,
-    0x9f, 0x70, 0x42, 0x8f, 0xbb, 0x7a, 0x3d, 0xc5, 0x95, 0x07, 0xfe, 0x12,
-    0xea, 0x1a, 0x71, 0xcf, 0x0a, 0xe2, 0x85, 0xfd, 0xf7, 0x6d, 0xac, 0x59,
-    0x7f, 0xf1, 0x66, 0xe6, 0xc1, 0xd4, 0xb3, 0xaf, 0x2c, 0xbf, 0xb4, 0xdc,
-    0xcc, 0xd2, 0xca, 0x99, 0x5e, 0x4e, 0xa3, 0x2c, 0xfc, 0x79, 0xa4, 0x73,
-    0xc2, 0x2d, 0xe9, 0x37, 0xbf, 0x9b, 0x2c, 0xb4, 0xfa, 0xca, 0xc3, 0x62,
-    0xe3, 0xb7, 0xa4, 0xfa, 0x59, 0x7f, 0x00, 0xef, 0x2c, 0x1a, 0xcb, 0x05,
-    0x65, 0xe6, 0x79, 0x2c, 0xbe, 0xfc, 0x17, 0x96, 0x54, 0xe3, 0x79, 0xc1,
-    0xbb, 0x67, 0x0f, 0xc3, 0x7a, 0x6d, 0xf6, 0x7b, 0x06, 0x92, 0xff, 0x9c,
-    0x8d, 0xc2, 0x7f, 0x71, 0x65, 0xf3, 0x9a, 0x03, 0x16, 0x54, 0x8f, 0xf3,
-    0xe4, 0x24, 0x6f, 0x7d, 0x04, 0x50, 0xb2, 0xa6, 0x4e, 0xaf, 0x43, 0x85,
-    0x09, 0xdf, 0x42, 0x94, 0x42, 0xeb, 0xf9, 0xcc, 0x7f, 0x39, 0xab, 0x2f,
-    0x70, 0xfa, 0x59, 0x73, 0x76, 0xb2, 0x80, 0x6d, 0x38, 0x3b, 0x46, 0xaa,
-    0xa3, 0x68, 0xf2, 0xb4, 0xad, 0xe6, 0x2b, 0xff, 0xfb, 0xa9, 0x67, 0x85,
-    0x22, 0x8c, 0x18, 0x7c, 0xde, 0x8d, 0x2c, 0xbf, 0xbc, 0xda, 0x80, 0x8a,
-    0xd6, 0x5d, 0xa7, 0xfa, 0x25, 0x44, 0x64, 0xbd, 0xfc, 0xd9, 0x65, 0xe9,
-    0x4a, 0x16, 0x5e, 0xcf, 0xe4, 0xe3, 0x72, 0x11, 0xda, 0x74, 0x4d, 0x93,
-    0x45, 0xff, 0xde, 0x6d, 0xbd, 0xc0, 0xee, 0x79, 0xfe, 0xb2, 0xff, 0xf8,
-    0xb3, 0xcd, 0x85, 0xfc, 0xf7, 0xdb, 0xb5, 0x97, 0xfd, 0xe6, 0x3f, 0x3f,
-    0x02, 0x12, 0xcb, 0xfc, 0x4d, 0xce, 0x47, 0xe1, 0x65, 0xff, 0x41, 0x76,
-    0xfe, 0x7e, 0x81, 0x39, 0x16, 0xfd, 0x26, 0xb1, 0xcd, 0xff, 0x46, 0x75,
-    0x9b, 0x18, 0xfd, 0x2c, 0xbf, 0xe7, 0x33, 0x58, 0xdf, 0x81, 0xac, 0xad,
-    0x1f, 0x99, 0x1d, 0xd4, 0x93, 0xf4, 0x04, 0x60, 0x1e, 0x86, 0x9d, 0xfc,
-    0x11, 0x5b, 0x6b, 0x58, 0xb2, 0xff, 0xfd, 0x9d, 0x4b, 0xcd, 0xb6, 0x6b,
-    0xde, 0x6d, 0x42, 0xcb, 0xfd, 0xfc, 0x35, 0xe1, 0xa7, 0xd6, 0x5f, 0xec,
-    0xe6, 0x6e, 0x7e, 0x06, 0xb2, 0xe8, 0xd9, 0x65, 0xef, 0xc4, 0xcb, 0x2f,
-    0xf4, 0x31, 0x66, 0xc2, 0x49, 0x65, 0xba, 0x19, 0xf3, 0xe0, 0xbf, 0xc7,
-    0x6f, 0xcf, 0x31, 0x34, 0xcb, 0x2b, 0xb4, 0xcb, 0xbe, 0x6a, 0x18, 0x4e,
-    0x6f, 0x35, 0xac, 0x4f, 0x2b, 0x91, 0xc2, 0x5f, 0x78, 0xdc, 0xfa, 0xcb,
-    0xb5, 0x25, 0x97, 0xfe, 0x2c, 0xf7, 0x83, 0xb7, 0xb3, 0xb5, 0x97, 0xe1,
-    0x85, 0xf5, 0x25, 0x97, 0xf3, 0xf5, 0xcc, 0xeb, 0xcb, 0x2e, 0xc3, 0x16,
-    0x50, 0x0f, 0x18, 0x8b, 0xef, 0x8f, 0xc1, 0x0e, 0xb2, 0xa0, 0xf1, 0x70,
-    0x86, 0xdc, 0x59, 0x63, 0x16, 0x5c, 0xc0, 0x59, 0x7c, 0x63, 0x94, 0x96,
-    0x5c, 0x36, 0x59, 0x77, 0xd9, 0x65, 0xf4, 0xb9, 0xfc, 0x59, 0x7c, 0xc1,
-    0x15, 0xe2, 0xcb, 0x72, 0x72, 0x2a, 0xc6, 0x2d, 0xd9, 0x14, 0xc2, 0xce,
-    0x2c, 0x02, 0x2a, 0x64, 0xc7, 0x43, 0x0b, 0xda, 0x74, 0xd5, 0x81, 0x19,
-    0x75, 0xc0, 0x85, 0x97, 0x02, 0x16, 0x5f, 0x83, 0x2c, 0x21, 0x6c, 0x6b,
-    0x00, 0x2d, 0x7f, 0xff, 0xdf, 0xc0, 0xe8, 0xde, 0xa5, 0xfc, 0x23, 0x7e,
-    0x51, 0x9a, 0x59, 0x50, 0xae, 0x78, 0x64, 0x66, 0x8b, 0xb2, 0x06, 0xa1,
-    0x66, 0x08, 0xdd, 0x89, 0x57, 0xc7, 0xd7, 0xf6, 0x84, 0xf7, 0x24, 0x2b,
-    0x59, 0x7f, 0x83, 0x93, 0x41, 0xe4, 0x2b, 0x59, 0x7e, 0xc1, 0xc4, 0xa3,
-    0x0f, 0xb0, 0x06, 0x97, 0xff, 0x89, 0xfa, 0xe1, 0xa6, 0xbc, 0xee, 0xce,
-    0x05, 0x97, 0xd1, 0xa8, 0xfa, 0xca, 0xc3, 0xf1, 0x75, 0x0b, 0xfe, 0xc6,
-    0xeb, 0xda, 0x8c, 0xe9, 0x65, 0xff, 0xe2, 0x6e, 0xb9, 0x31, 0x66, 0xd9,
-    0xd7, 0x96, 0x5f, 0xfb, 0xf8, 0x71, 0x20, 0x19, 0xd7, 0x96, 0x56, 0x22,
-    0x33, 0xc9, 0x97, 0xfb, 0xae, 0xdb, 0x42, 0x40, 0xd6, 0x5f, 0x00, 0xef,
-    0x29, 0xc9, 0x9e, 0x91, 0x07, 0x21, 0x8b, 0xe2, 0x2b, 0x83, 0xe5, 0x97,
-    0x4f, 0xc2, 0xcb, 0xf8, 0x07, 0x13, 0x82, 0x6c, 0xb2, 0xfe, 0xe3, 0x11,
-    0x47, 0x4b, 0x2e, 0xce, 0x96, 0x57, 0x47, 0xeb, 0xe3, 0x29, 0xf2, 0xcb,
-    0xff, 0xc2, 0x41, 0x91, 0x34, 0x9c, 0xb3, 0xaf, 0x2c, 0xbe, 0x06, 0x9b,
-    0x4b, 0x2a, 0x13, 0xa1, 0x92, 0xde, 0x0b, 0xbc, 0x23, 0xb8, 0x66, 0x62,
-    0x65, 0xfc, 0x59, 0xd0, 0x1a, 0x4b, 0x2f, 0xee, 0x72, 0x25, 0x1a, 0x59,
-    0x7f, 0xda, 0x83, 0xb4, 0xd0, 0xfb, 0x8b, 0x2b, 0x0f, 0xa3, 0xb2, 0xdb,
-    0xc1, 0xeb, 0xcb, 0x2c, 0xeb, 0x2e, 0x9b, 0x8b, 0x2b, 0x64, 0x7e, 0x94,
-    0x25, 0x78, 0x45, 0xe1, 0xe1, 0x04, 0x2e, 0xc3, 0x16, 0x5f, 0xf0, 0x4b,
-    0xbf, 0xe6, 0xdc, 0x65, 0x97, 0xfd, 0x1d, 0x60, 0x23, 0x7e, 0x6c, 0xb2,
-    0xfe, 0x2c, 0xf7, 0x1c, 0x0b, 0x2b, 0x48, 0xb8, 0x38, 0xb8, 0x0e, 0xb8,
-    0x77, 0x7f, 0x8b, 0x66, 0xd7, 0x5f, 0xd9, 0x65, 0xfe, 0xdb, 0x9a, 0xce,
-    0xe3, 0x65, 0x97, 0xd1, 0xd7, 0xb7, 0x16, 0x54, 0x1e, 0xe4, 0x8d, 0xaf,
-    0xff, 0x79, 0xf4, 0xe3, 0x82, 0x7d, 0x3c, 0x96, 0x5f, 0xf0, 0xaf, 0x51,
-    0xe6, 0xed, 0x86, 0xb2, 0xff, 0x61, 0x6d, 0x83, 0x7f, 0xac, 0xa9, 0x91,
-    0xaf, 0xe2, 0x10, 0xa3, 0x98, 0x7b, 0x7f, 0x61, 0xf0, 0x6c, 0x62, 0xcb,
-    0x8f, 0x0b, 0x2f, 0xfd, 0x28, 0x37, 0xaf, 0x6a, 0x30, 0xc5, 0x94, 0x74,
-    0x42, 0x39, 0x6f, 0x85, 0xae, 0xf7, 0x16, 0x5f, 0xf3, 0xca, 0x70, 0xdb,
-    0x7c, 0x0d, 0x65, 0xfb, 0x26, 0xfb, 0x79, 0x65, 0xff, 0xf8, 0x9c, 0xd9,
-    0xa3, 0x3d, 0x07, 0x8f, 0xc0, 0x16, 0x5f, 0xff, 0xbc, 0x51, 0xba, 0xda,
-    0xce, 0xa5, 0xec, 0x2e, 0xd6, 0x5f, 0xff, 0xc3, 0xfb, 0x0a, 0x04, 0xf3,
-    0x70, 0xb3, 0x7b, 0x7c, 0x2b, 0x2b, 0x13, 0x0d, 0x65, 0x40, 0xac, 0x51,
-    0x26, 0xc9, 0xc8, 0xcd, 0x6f, 0xb3, 0x3f, 0xc5, 0x95, 0x0b, 0x8b, 0x99,
-    0x1b, 0x4b, 0xc3, 0x0c, 0x56, 0x5e, 0x42, 0xfe, 0x8e, 0x83, 0x74, 0xa6,
-    0xf1, 0x86, 0x18, 0x92, 0xfd, 0x86, 0x90, 0x78, 0x90, 0x59, 0xa0, 0xbc,
-    0x77, 0xf2, 0xcb, 0xe1, 0x66, 0x18, 0x62, 0xcb, 0xb0, 0x0b, 0x2b, 0x0d,
-    0xf7, 0x8a, 0x2f, 0x40, 0x38, 0xb2, 0xa1, 0x1a, 0x07, 0x3a, 0xf2, 0xd0,
-    0x84, 0x17, 0xff, 0xcd, 0x27, 0xe1, 0xce, 0xf2, 0x73, 0x7e, 0xcb, 0x2f,
-    0xe8, 0x3b, 0xf8, 0x30, 0xb2, 0xf9, 0xb4, 0x0e, 0x2c, 0xbf, 0xf0, 0x45,
-    0x79, 0x3e, 0x58, 0x63, 0x81, 0x65, 0xff, 0xa0, 0x11, 0x28, 0xd6, 0xb0,
-    0xc5, 0x97, 0xff, 0xd1, 0xc1, 0xfd, 0x8c, 0xf9, 0xc3, 0xe0, 0xc2, 0xca,
-    0xd9, 0x11, 0xfd, 0x9f, 0x54, 0x23, 0xe5, 0xa1, 0xa9, 0x7f, 0xdc, 0xd4,
-    0x07, 0xc4, 0xdb, 0xd6, 0x5f, 0xf8, 0xb3, 0x9d, 0xfd, 0xbb, 0x82, 0x59,
-    0x7f, 0xff, 0x8d, 0x31, 0xf4, 0x68, 0xbe, 0x64, 0x88, 0x2f, 0xcc, 0x25,
-    0x97, 0xff, 0xbd, 0xf6, 0x70, 0x61, 0x7b, 0xf9, 0x25, 0x97, 0xff, 0x7d,
-    0xb5, 0xf7, 0xd6, 0x76, 0xfe, 0x59, 0x7c, 0x73, 0xbc, 0xa7, 0x22, 0x33,
-    0x12, 0x2a, 0x13, 0xa3, 0xc3, 0xa6, 0x3e, 0x0c, 0x3c, 0x2f, 0xed, 0x07,
-    0xbf, 0xb7, 0x16, 0x5f, 0x18, 0xe5, 0x25, 0x97, 0xfd, 0xe8, 0xe8, 0x0f,
-    0xff, 0xb2, 0xcb, 0x7d, 0x65, 0x61, 0xe5, 0x76, 0x73, 0x7b, 0x4f, 0xda,
-    0xcb, 0xfb, 0x66, 0xef, 0xf1, 0xe5, 0x97, 0xd1, 0xb1, 0x05, 0x65, 0x68,
-    0xf4, 0x7e, 0x5f, 0x7d, 0xc6, 0x3c, 0x2c, 0xbf, 0xf4, 0x61, 0x6d, 0x84,
-    0xfd, 0x71, 0x65, 0xf8, 0xb3, 0xd1, 0xa5, 0x97, 0x8c, 0x30, 0xc4, 0x97,
-    0xe7, 0x37, 0xed, 0xe4, 0x82, 0xcd, 0x05, 0x42, 0x20, 0x19, 0x1a, 0xf8,
-    0xfc, 0x8f, 0x2c, 0xbd, 0xbe, 0x0e, 0xb2, 0xf7, 0x98, 0xc5, 0x97, 0xb8,
-    0xfa, 0x59, 0x5d, 0x1b, 0x9f, 0x0e, 0xdd, 0x03, 0x59, 0x7f, 0xb5, 0xa8,
-    0xd8, 0x78, 0x4b, 0x2b, 0xe7, 0x92, 0xe2, 0xd5, 0x09, 0x82, 0xe1, 0x13,
-    0x2b, 0xbb, 0x5d, 0xf0, 0x33, 0x26, 0x59, 0x7d, 0xcc, 0x2f, 0x2c, 0xac,
-    0x3c, 0x37, 0x22, 0xb7, 0x27, 0x2b, 0x53, 0x19, 0x16, 0x37, 0x74, 0x45,
-    0x31, 0x0e, 0xa1, 0x7b, 0xf8, 0xc9, 0x89, 0xf6, 0xf4, 0xfe, 0x74, 0xb2,
-    0xd2, 0x1a, 0xe3, 0x2e, 0x4b, 0xbf, 0x68, 0x43, 0x50, 0xa1, 0x73, 0x5c,
-    0x33, 0x92, 0x97, 0xf4, 0x1e, 0x3f, 0x00, 0x59, 0x7a, 0x36, 0x0a, 0xcb,
-    0x0a, 0xf0, 0xf2, 0x7e, 0x59, 0x7f, 0xf3, 0x7a, 0x35, 0x85, 0xe7, 0x72,
-    0x59, 0x52, 0x64, 0x86, 0xcc, 0x59, 0xa8, 0xc6, 0xff, 0x1e, 0x49, 0x4e,
-    0x8b, 0x85, 0xef, 0x79, 0x5d, 0xff, 0xd1, 0x85, 0x83, 0x79, 0x14, 0x6c,
-    0xb2, 0xfb, 0xbd, 0x44, 0x96, 0x5d, 0xbe, 0x16, 0x5f, 0xf9, 0xb5, 0xdf,
-    0xdb, 0xbf, 0xb1, 0x2c, 0xbf, 0xff, 0xfc, 0xe4, 0x0f, 0x7f, 0x0f, 0xee,
-    0x66, 0xff, 0xb7, 0x7f, 0x61, 0x03, 0xb2, 0xca, 0xd9, 0x17, 0x60, 0x3f,
-    0xa8, 0x47, 0xbe, 0x43, 0x4e, 0xff, 0xb3, 0x72, 0x0f, 0xd4, 0xb3, 0xcb,
-    0x2b, 0x19, 0x72, 0xed, 0x49, 0x5c, 0xd3, 0xf3, 0xa0, 0x94, 0x63, 0x5c,
-    0x26, 0xbf, 0xbb, 0x96, 0x73, 0xcc, 0xb2, 0xf1, 0x46, 0xf5, 0x97, 0xff,
-    0x6a, 0x3b, 0xf9, 0x3f, 0x8a, 0x0c, 0x59, 0x70, 0xad, 0x96, 0x52, 0xcb,
-    0x7d, 0x65, 0x48, 0xbc, 0x60, 0xba, 0xd8, 0xf5, 0x74, 0x6d, 0x50, 0x8b,
-    0xc7, 0x84, 0xcd, 0xe9, 0x9f, 0x65, 0x97, 0xb8, 0x1d, 0xc5, 0x95, 0x86,
-    0xfb, 0xc3, 0xd7, 0xfa, 0x0a, 0x44, 0xd1, 0xd2, 0xca, 0x87, 0x63, 0xc1,
-    0xb4, 0x26, 0xa5, 0x28, 0x8c, 0x72, 0xaa, 0x32, 0x73, 0xac, 0xd9, 0x67,
-    0x7d, 0xc6, 0xeb, 0xd4, 0xa1, 0x56, 0x3c, 0x9a, 0x3f, 0xbd, 0x4b, 0xc7,
-    0x3c, 0x3a, 0x3f, 0x2e, 0x2d, 0xe3, 0x58, 0x04, 0x61, 0x05, 0x39, 0x33,
-    0xc8, 0xda, 0xfd, 0x4b, 0xd4, 0x0b, 0x36, 0xf2, 0xe9, 0xf8, 0x6c, 0x88,
-    0xc9, 0xba, 0x41, 0x7e, 0x69, 0xa4, 0xc4, 0xb2, 0xe9, 0xe9, 0x96, 0x5f,
-    0xf4, 0xde, 0xdd, 0xe4, 0x4c, 0x1d, 0x2c, 0xbf, 0xc3, 0x82, 0x3c, 0x0e,
-    0x16, 0x54, 0x1f, 0x83, 0x9f, 0xdf, 0xf7, 0xe3, 0x6d, 0x44, 0x9f, 0x4b,
-    0x2f, 0xff, 0x7e, 0x3e, 0x58, 0x68, 0xf0, 0xa3, 0x71, 0x65, 0xf8, 0x8d,
-    0x12, 0x00, 0xb2, 0xff, 0xc4, 0xfd, 0x7b, 0xf1, 0xde, 0x4c, 0xb2, 0xfc,
-    0xc3, 0xfb, 0x1a, 0xb2, 0xf0, 0x8e, 0x4b, 0x28, 0x68, 0xf8, 0xc4, 0xb2,
-    0x29, 0xf2, 0x06, 0xe9, 0x45, 0xfa, 0x09, 0x8f, 0x8b, 0x2f, 0x8c, 0xf6,
-    0x6e, 0x2c, 0xad, 0x8f, 0x2f, 0xa2, 0x5b, 0xff, 0xf1, 0x39, 0x9a, 0x68,
-    0xf8, 0x9e, 0x6f, 0xc6, 0xf5, 0x97, 0xfe, 0x6f, 0xc0, 0xfe, 0x18, 0xeb,
-    0x8b, 0x2f, 0x11, 0x62, 0xca, 0xc3, 0xd9, 0x73, 0xfb, 0xc3, 0x34, 0x0b,
-    0x2f, 0xc7, 0xd6, 0x9f, 0xcb, 0x2f, 0x4e, 0xdd, 0xed, 0x65, 0xd9, 0xe5,
-    0x95, 0xb1, 0xb9, 0xf9, 0x1d, 0xff, 0x8e, 0x38, 0x2c, 0xde, 0x59, 0xc5,
-    0x97, 0xbe, 0x47, 0x59, 0x53, 0x91, 0xf7, 0x03, 0xd8, 0xc2, 0xc4, 0x4e,
-    0x7d, 0x7f, 0xf4, 0xcf, 0xdf, 0xe2, 0x5e, 0x2c, 0x3a, 0xcb, 0xfb, 0x58,
-    0x44, 0xfb, 0x2c, 0xbf, 0xf0, 0x90, 0x7c, 0xd1, 0xdc, 0x8d, 0x59, 0x5d,
-    0xa2, 0xc1, 0x91, 0x7c, 0x59, 0x7f, 0xe3, 0x3a, 0x97, 0x27, 0x67, 0xf0,
-    0x96, 0x5f, 0xfa, 0x68, 0xeb, 0x9a, 0x6d, 0xf8, 0x35, 0x95, 0x08, 0x84,
-    0xc4, 0x2b, 0xff, 0xc7, 0xea, 0x5c, 0x9d, 0x84, 0x58, 0xc0, 0x59, 0x7f,
-    0x3e, 0x83, 0x1d, 0x49, 0x65, 0x31, 0xfc, 0xba, 0x5d, 0xff, 0xd0, 0x33,
-    0xe7, 0x71, 0xcf, 0xe1, 0xd6, 0x5f, 0x9f, 0x06, 0xdb, 0xd6, 0x56, 0x8f,
-    0xb0, 0xe8, 0x97, 0x9b, 0xe1, 0x59, 0x7d, 0xe6, 0xf8, 0x56, 0x5f, 0xd9,
-    0xae, 0xa5, 0xe8, 0x59, 0x6d, 0xc1, 0x54, 0x7a, 0x02, 0x11, 0x5f, 0x8c,
-    0xce, 0xe0, 0x0b, 0x2f, 0xbb, 0xfe, 0x69, 0x65, 0x41, 0xff, 0x31, 0x96,
-    0xe9, 0x4d, 0x4e, 0x64, 0x4b, 0x4f, 0x64, 0xf2, 0x84, 0x58, 0xc8, 0x32,
-    0x33, 0x16, 0x84, 0xb4, 0xc4, 0x9a, 0x85, 0x87, 0xe3, 0x1b, 0x78, 0x7c,
-    0x14, 0x2d, 0x3d, 0x09, 0xa0, 0xc2, 0x33, 0x79, 0x16, 0xec, 0x3a, 0xac,
-    0x2e, 0x7b, 0x9c, 0x16, 0x39, 0x9e, 0xa5, 0x27, 0x0a, 0x65, 0x3c, 0xcf,
-    0x12, 0x90, 0x45, 0x11, 0xce, 0xcf, 0x29, 0x49, 0x42, 0xa4, 0xa1, 0x31,
-    0x55, 0x18, 0x5c, 0xf3, 0x8c, 0xa8, 0x55, 0xc3, 0x0e, 0x2d, 0x71, 0x6e,
-    0xd4, 0xb2, 0x19, 0x56, 0xc4, 0xe3, 0xb4, 0x92, 0x39, 0x88, 0x3a, 0xf3,
-    0x67, 0xfb, 0xfb, 0xb4, 0x5a, 0x7d, 0x57, 0x06, 0x4d, 0x5d, 0x96, 0x6e,
-    0x4a, 0xda, 0x9a, 0xd1, 0xcf, 0x6a, 0xd5, 0x27, 0x9e, 0xb9, 0x56, 0xfd,
-    0xe1, 0x82, 0x3d, 0xbc, 0x19, 0x05, 0x71, 0xe8, 0x2b, 0x94, 0x72, 0x57,
-    0x80, 0x6d, 0xcc, 0x52, 0x42, 0x7a, 0xf5, 0x18, 0x43, 0x4b, 0x13, 0xdf,
-    0x3f, 0x92, 0x65, 0x22, 0x8a, 0x7e, 0xb2, 0x7e, 0x12, 0xdc, 0xcb, 0x6e,
-    0xd2, 0x92, 0x68, 0x5c, 0xe0, 0xdb, 0x74, 0xb7, 0x05, 0xfd, 0xaf, 0x1f,
-    0x3c, 0xb2, 0xff, 0x39, 0xe3, 0xcd, 0xc6, 0x59, 0x7e, 0xcd, 0x09, 0xee,
-    0x2c, 0xbb, 0xf0, 0xb2, 0xc2, 0xc0, 0x88, 0xc2, 0x1c, 0xe1, 0x88, 0x85,
-    0x37, 0xdd, 0x94, 0x62, 0xcb, 0xf6, 0xbb, 0x77, 0xed, 0x51, 0x71, 0xac,
-    0x2e, 0x0f, 0x5f, 0x08, 0x6f, 0xf0, 0xbc, 0xd7, 0x6e, 0xfd, 0xaa, 0x2e,
-    0xb5, 0xff, 0xc2, 0xde, 0x42, 0xf3, 0x5d, 0xbb, 0xf6, 0xa8, 0x94, 0x55,
-    0x13, 0x84, 0xd8, 0x5b, 0x14, 0xca, 0x1a, 0x63, 0x2a, 0x36, 0x19, 0x3d,
-    0x94, 0xb4, 0xec, 0x86, 0xe4, 0x64, 0xef, 0xb8, 0x37, 0x94, 0x08, 0x66,
-    0x72, 0x13, 0x9e, 0x28, 0xdd, 0x43, 0xbf, 0xfc, 0x2c, 0xef, 0x21, 0x79,
-    0xae, 0xdd, 0xfb, 0x54, 0x4b, 0x4b, 0xfe, 0x15, 0x7f, 0x6d, 0xc7, 0x8e,
-    0xb7, 0x56, 0x5f, 0xff, 0x19, 0xdc, 0xf4, 0x29, 0x00, 0xaf, 0x53, 0xc4,
-    0xe9, 0xdf, 0x9f, 0x59, 0x7f, 0xff, 0xed, 0xdf, 0x0a, 0x06, 0x71, 0x41,
-    0x30, 0xaa, 0xf0, 0xaf, 0x53, 0xc4, 0xe9, 0xdf, 0x9f, 0x59, 0x5f, 0x47,
-    0xf1, 0x8d, 0xd7, 0xe1, 0x5c, 0x85, 0x02, 0x6c, 0xb2, 0xf6, 0xe1, 0xd9,
-    0x65, 0xff, 0x61, 0x0f, 0xf1, 0xa7, 0x25, 0x95, 0x07, 0xab, 0x83, 0xf7,
-    0x9d, 0xfb, 0x54, 0x46, 0xeb, 0xf7, 0x53, 0x14, 0x0d, 0x65, 0x76, 0x7a,
-    0x4e, 0x53, 0x7e, 0x1f, 0xe3, 0x34, 0xb2, 0xb4, 0x79, 0x24, 0x45, 0x7f,
-    0xb4, 0xc2, 0xbe, 0xff, 0x06, 0x2c, 0xbc, 0x19, 0xf3, 0x16, 0x5f, 0x68,
-    0x30, 0x05, 0x94, 0xc7, 0xf9, 0x31, 0xc8, 0x84, 0x37, 0xff, 0xff, 0xdb,
-    0xcb, 0x39, 0xc1, 0xc6, 0x6b, 0xb7, 0x7e, 0xc5, 0xc9, 0xbd, 0x1e, 0xe2,
-    0xa3, 0x0f, 0x5b, 0xf0, 0x8b, 0xe6, 0x30, 0xbf, 0xb8, 0x2c, 0xce, 0x6e,
-    0x08, 0xb2, 0xfe, 0xdc, 0x6d, 0xbe, 0xd3, 0xeb, 0x2f, 0xdb, 0xa2, 0xf4,
-    0x2b, 0x31, 0x65, 0xf0, 0xcb, 0x00, 0xb2, 0xfa, 0x0c, 0x38, 0xd6, 0x5f,
-    0x77, 0xf8, 0x31, 0x65, 0xef, 0xc1, 0xab, 0x2b, 0x11, 0x0b, 0xa2, 0x11,
-    0x59, 0x18, 0x84, 0x97, 0xfe, 0x79, 0x0b, 0xcd, 0x76, 0xef, 0xda, 0xa2,
-    0x5f, 0x5b, 0x16, 0x5e, 0xfb, 0xf9, 0x65, 0xbd, 0xc3, 0x58, 0x20, 0x85,
-    0xfc, 0x4d, 0x06, 0x07, 0x71, 0x65, 0xfc, 0x23, 0x75, 0xbb, 0xa3, 0x16,
-    0x54, 0x22, 0x33, 0x0a, 0x18, 0xc2, 0xfe, 0x86, 0xdc, 0xce, 0xa4, 0xb2,
-    0xfd, 0xa3, 0x7e, 0x1e, 0x2c, 0xaf, 0x9e, 0xd0, 0x86, 0x17, 0xa3, 0x50,
-    0xb2, 0xb0, 0xdf, 0x31, 0x1d, 0xcf, 0xf5, 0x97, 0xc0, 0x1f, 0x21, 0x65,
-    0xf3, 0xeb, 0x6d, 0x96, 0x5b, 0x08, 0xf1, 0xb7, 0x91, 0x54, 0x91, 0x09,
-    0xc5, 0xcb, 0xc0, 0x83, 0x16, 0x5f, 0xec, 0x6d, 0x4b, 0xec, 0x62, 0xca,
-    0xdc, 0x3d, 0x0f, 0x8e, 0xdf, 0xb7, 0x5f, 0x61, 0x24, 0xb2, 0xf8, 0x3f,
-    0x6d, 0x2c, 0xbe, 0xe7, 0xe3, 0xeb, 0x2f, 0xf4, 0x6d, 0x05, 0xb6, 0x6e,
-    0xac, 0xbb, 0x9a, 0x59, 0x50, 0x7d, 0xfb, 0x11, 0x4c, 0x6d, 0x61, 0x62,
-    0xa9, 0x93, 0x07, 0x11, 0xa1, 0xec, 0x48, 0x38, 0x44, 0x64, 0x2e, 0xfb,
-    0x8d, 0x6f, 0xa2, 0x76, 0x36, 0xdc, 0x34, 0xd4, 0x2e, 0x0e, 0x83, 0xf8,
-    0xc1, 0x8a, 0x18, 0xbc, 0x85, 0x1f, 0x9c, 0xc2, 0x4b, 0x3e, 0x5a, 0x24,
-    0x24, 0x6f, 0xff, 0xc5, 0x1d, 0x8b, 0xf7, 0x5d, 0xb7, 0x0b, 0x37, 0xba,
-    0xcb, 0xff, 0xa5, 0xe6, 0x98, 0x58, 0xdb, 0x7c, 0x0d, 0x65, 0xf8, 0xc1,
-    0x6c, 0x6e, 0xcb, 0x28, 0x68, 0xd0, 0xe9, 0x69, 0x92, 0x6f, 0xda, 0xed,
-    0xdf, 0xb5, 0x45, 0x56, 0xbf, 0x67, 0x3f, 0x1d, 0x2c, 0xb0, 0xbc, 0x3d,
-    0xef, 0x9b, 0x5f, 0x07, 0x74, 0x70, 0xb2, 0xd3, 0xda, 0xca, 0xf9, 0xbb,
-    0x9f, 0x25, 0xb9, 0xb7, 0x56, 0x5d, 0x9a, 0x59, 0x7b, 0x3a, 0xf2, 0xcb,
-    0xe6, 0x3b, 0xef, 0x59, 0x46, 0x9f, 0x7b, 0x8c, 0x80, 0x5b, 0xc3, 0xb7,
-    0x8b, 0x74, 0xc5, 0x97, 0xf7, 0xe3, 0x78, 0x47, 0x8b, 0x2f, 0xe7, 0xfc,
-    0xc5, 0x03, 0x59, 0x7f, 0xfd, 0xe0, 0x1c, 0x23, 0xcc, 0xf0, 0x0e, 0x1e,
-    0x96, 0x5f, 0xfd, 0xef, 0xc7, 0x09, 0xc2, 0x2b, 0x6d, 0x2c, 0xbd, 0x12,
-    0xc5, 0x97, 0xf3, 0x07, 0xb2, 0x89, 0x96, 0x54, 0x93, 0x3e, 0x19, 0x7e,
-    0x16, 0xf4, 0xa5, 0x32, 0x3f, 0xc6, 0xef, 0xf8, 0xdc, 0x2c, 0xeb, 0xce,
-    0x75, 0x96, 0xdd, 0x59, 0x63, 0x16, 0x57, 0x46, 0x9b, 0xc2, 0x97, 0xb7,
-    0x63, 0xcb, 0x2f, 0xe8, 0x38, 0x90, 0x5d, 0xac, 0xba, 0x34, 0xb2, 0xb4,
-    0x78, 0x9c, 0x2e, 0xb9, 0xfa, 0x59, 0x78, 0x48, 0x02, 0xca, 0xe8, 0xda,
-    0x78, 0x5e, 0xfa, 0x62, 0x0f, 0x6b, 0x2f, 0xec, 0x3c, 0xce, 0xfb, 0x2c,
-    0xbf, 0x71, 0xbe, 0xc6, 0xac, 0xb9, 0xfa, 0x59, 0x44, 0x6f, 0xfc, 0x51,
-    0x7f, 0xfd, 0x2f, 0xbc, 0x8d, 0x7e, 0x60, 0x79, 0xc6, 0x59, 0x4b, 0x2b,
-    0x0f, 0x6f, 0x75, 0x42, 0xa1, 0x33, 0x06, 0x24, 0x76, 0xd2, 0x7b, 0xb8,
-    0x6c, 0xb2, 0xff, 0x8a, 0x25, 0xe6, 0x38, 0xe1, 0x65, 0xfb, 0x5d, 0xbb,
-    0xf6, 0xa8, 0x90, 0x17, 0xda, 0xc2, 0xf2, 0xcb, 0xe1, 0xcf, 0x62, 0xa4,
-    0xf0, 0xb2, 0x86, 0x8c, 0x0c, 0x37, 0xd1, 0xb7, 0x08, 0x6a, 0x72, 0x62,
-    0x42, 0xe1, 0xad, 0x7e, 0xe3, 0x93, 0xf4, 0xb2, 0xff, 0xbc, 0xdc, 0x60,
-    0x8a, 0xc7, 0x0b, 0x2e, 0xc2, 0x59, 0x70, 0x61, 0x65, 0x49, 0x17, 0x7d,
-    0x16, 0xb1, 0x3e, 0xe1, 0xe6, 0x85, 0x6f, 0xe8, 0xd6, 0xd1, 0xad, 0x96,
-    0x5f, 0x31, 0xe3, 0x8b, 0x2a, 0x47, 0xa0, 0x69, 0x7d, 0xfe, 0xd6, 0xc7,
-    0x82, 0x97, 0x16, 0x54, 0x1e, 0xbe, 0x11, 0xdf, 0xff, 0x1d, 0x88, 0x02,
-    0x79, 0x88, 0x32, 0xce, 0x2c, 0xbf, 0xf9, 0xa0, 0xee, 0x31, 0x37, 0x60,
-    0xa4, 0xb2, 0xff, 0xff, 0x9b, 0xc5, 0x9b, 0xcb, 0x39, 0xb6, 0x19, 0x3e,
-    0x1f, 0xb6, 0x96, 0x56, 0x26, 0x01, 0xf4, 0xf0, 0x23, 0x5f, 0x80, 0xe0,
-    0x23, 0xac, 0xbd, 0xb3, 0x8d, 0x65, 0x41, 0xe2, 0x61, 0x3d, 0xfc, 0x20,
-    0xa3, 0x4d, 0x07, 0x59, 0x77, 0x24, 0xb2, 0x9c, 0xf2, 0x78, 0x65, 0x7f,
-    0xff, 0x47, 0x7e, 0x6d, 0x6b, 0x01, 0xcf, 0x3f, 0xdc, 0x6b, 0x2e, 0x14,
-    0xfd, 0x65, 0xff, 0xd3, 0x7d, 0xcf, 0xef, 0xc7, 0x82, 0x75, 0x97, 0xff,
-    0x60, 0xe2, 0x51, 0x83, 0x82, 0xf2, 0xca, 0xc4, 0x43, 0x9d, 0x1a, 0xf6,
-    0xec, 0x79, 0x65, 0x43, 0x2d, 0xa7, 0x68, 0x49, 0x8c, 0xf3, 0x23, 0x5e,
-    0x35, 0x67, 0xa5, 0xfd, 0xc2, 0x29, 0x98, 0xce, 0xad, 0xf8, 0xd4, 0x9e,
-    0x50, 0x39, 0x43, 0xd3, 0x91, 0x90, 0x79, 0xd0, 0x2d, 0x3b, 0xc8, 0x67,
-    0xd6, 0xc4, 0x85, 0x16, 0xe9, 0x15, 0xff, 0xa5, 0x18, 0x0f, 0xe6, 0x17,
-    0x6b, 0x2f, 0xd0, 0x45, 0x9e, 0x59, 0x7d, 0xad, 0x37, 0x6b, 0x2f, 0x8b,
-    0x36, 0x17, 0x88, 0x85, 0x9f, 0x3d, 0x10, 0x96, 0xfe, 0x17, 0xc3, 0x65,
-    0xfc, 0x59, 0x7f, 0x85, 0xfd, 0xcf, 0x90, 0x35, 0x94, 0x2d, 0x53, 0x76,
-    0xa3, 0xbd, 0x31, 0x32, 0x7c, 0xc6, 0xff, 0x0b, 0xcd, 0x76, 0xef, 0xda,
-    0xa2, 0xc8, 0x5f, 0xff, 0xef, 0xbe, 0x85, 0xfd, 0xfc, 0x41, 0xdb, 0x98,
-    0x78, 0xdc, 0x59, 0x7f, 0x36, 0xf1, 0x7c, 0x8e, 0x96, 0x5f, 0xff, 0xe0,
-    0x8f, 0x05, 0x89, 0x9f, 0x20, 0xbe, 0xe6, 0x1b, 0x1c, 0x59, 0x7f, 0xfe,
-    0xed, 0xb9, 0x83, 0xc2, 0x83, 0x3c, 0x6b, 0xf1, 0x65, 0xff, 0x7d, 0x9c,
-    0x18, 0x1d, 0x6c, 0xb2, 0xfd, 0xf0, 0xb9, 0xa2, 0xfe, 0x88, 0xff, 0x2b,
-    0x5a, 0x24, 0x99, 0xc0, 0xe1, 0xeb, 0x5c, 0x4e, 0x63, 0xd1, 0xb5, 0x50,
-    0xd5, 0x14, 0x34, 0x7f, 0xd7, 0xf8, 0x5e, 0x6b, 0xb7, 0x7e, 0xd5, 0x16,
-    0xba, 0xfd, 0x37, 0x87, 0x04, 0xb2, 0xff, 0x16, 0x6d, 0xad, 0x31, 0x8b,
-    0x2f, 0xbe, 0xd1, 0x32, 0xcb, 0xf6, 0x09, 0x1b, 0x0b, 0xc3, 0xfe, 0xec,
-    0xa3, 0x74, 0xd2, 0xff, 0x0b, 0xcd, 0x76, 0xef, 0xda, 0xa2, 0xe4, 0x5f,
-    0xb5, 0xdb, 0xbf, 0x6a, 0x8b, 0xb1, 0x7f, 0xe7, 0x90, 0xbc, 0xd7, 0x6e,
-    0xfd, 0xaa, 0x28, 0xe5, 0x85, 0xe2, 0x21, 0x0e, 0x6d, 0x7c, 0x51, 0x23,
-    0xac, 0xbf, 0x49, 0x88, 0x0c, 0xb2, 0xff, 0xc2, 0x81, 0x49, 0xe3, 0x52,
-    0xc6, 0xde, 0xb2, 0xd2, 0x59, 0x7e, 0xd7, 0x6e, 0xfd, 0xaa, 0x29, 0x55,
-    0xff, 0x77, 0xf6, 0x9b, 0xf1, 0xb6, 0x2c, 0xbf, 0xfd, 0xf8, 0xda, 0x3e,
-    0xdb, 0xdc, 0x7f, 0x65, 0x82, 0xcd, 0xdd, 0xd2, 0x17, 0x88, 0xce, 0x99,
-    0xc6, 0xba, 0x4c, 0x41, 0xe1, 0xbf, 0x7f, 0xe7, 0x6f, 0x48, 0x23, 0x72,
-    0x02, 0xcb, 0xbe, 0x15, 0x96, 0x16, 0x35, 0x43, 0x98, 0x43, 0xd1, 0x31,
-    0xe3, 0x58, 0xf9, 0x4f, 0x0f, 0x6f, 0xff, 0xfe, 0x7f, 0x60, 0x22, 0x42,
-    0xc4, 0x3e, 0x0e, 0x25, 0x03, 0x77, 0x35, 0x65, 0x6c, 0xe8, 0xa3, 0x65,
-    0x49, 0xdf, 0xc9, 0x41, 0x7d, 0x42, 0x39, 0xa9, 0xc7, 0x67, 0x4b, 0x79,
-    0x4d, 0x60, 0x2a, 0x28, 0x60, 0xf1, 0x4b, 0xd0, 0xc7, 0xdf, 0x29, 0x18,
-    0xc6, 0x7b, 0xfe, 0x90, 0xbc, 0xd7, 0x6e, 0xfd, 0xaa, 0x23, 0x85, 0xff,
-    0x30, 0xbc, 0xd7, 0x6e, 0xfd, 0xaa, 0x2b, 0x55, 0x85, 0xba, 0x24, 0x7c,
-    0x93, 0x7f, 0xf8, 0x59, 0xde, 0x42, 0xf3, 0x5d, 0xbb, 0xf6, 0xa8, 0x96,
-    0xd6, 0xed, 0x65, 0xe0, 0xe8, 0x0b, 0x2e, 0xce, 0x96, 0x5f, 0x8e, 0x78,
-    0x6e, 0x2c, 0xbf, 0xa3, 0x40, 0x7e, 0xb8, 0xb2, 0xc3, 0xc3, 0xd5, 0xf9,
-    0x3d, 0xfb, 0xd1, 0xf1, 0x38, 0xb2, 0xf6, 0xf0, 0xc9, 0x65, 0x0a, 0x53,
-    0x0a, 0xec, 0x4b, 0xa1, 0xd6, 0x6c, 0x22, 0x7d, 0xe5, 0x37, 0x0e, 0x4b,
-    0x2f, 0xff, 0xb0, 0xcc, 0xdb, 0xde, 0xc3, 0x1f, 0xce, 0x6a, 0xca, 0xf9,
-    0xf4, 0x90, 0xbd, 0xf9, 0xb7, 0x47, 0x1d, 0x2c, 0xbf, 0xec, 0xe8, 0xb0,
-    0x00, 0x79, 0x2c, 0xb8, 0xfd, 0xac, 0xbf, 0x9b, 0xae, 0x0f, 0x09, 0x65,
-    0xfd, 0xd6, 0x4a, 0x34, 0x05, 0x95, 0x87, 0xb6, 0xe5, 0xb7, 0xff, 0xd0,
-    0x5b, 0x70, 0x2e, 0xd2, 0xe7, 0xde, 0x4b, 0x2a, 0x13, 0x1a, 0x91, 0xc6,
-    0x9c, 0xfe, 0x41, 0x79, 0xfe, 0x22, 0xcb, 0xe2, 0x8e, 0xa4, 0xb2, 0xff,
-    0xcc, 0x5e, 0xe0, 0xc2, 0xfa, 0x92, 0xcb, 0xfb, 0x68, 0xed, 0xf4, 0x05,
-    0x97, 0xfe, 0xd7, 0xdf, 0x08, 0x32, 0xce, 0x2c, 0xbf, 0xfe, 0xe8, 0x03,
-    0xfb, 0xcb, 0x38, 0x41, 0x71, 0x16, 0x53, 0x22, 0x39, 0xcf, 0x6f, 0x81,
-    0x9a, 0x99, 0x65, 0xf9, 0xbf, 0x02, 0x4c, 0xb2, 0xf7, 0xa0, 0xeb, 0x28,
-    0x69, 0xe1, 0xf6, 0x3b, 0x31, 0x16, 0x8f, 0xbf, 0x0b, 0xd0, 0x10, 0xf8,
-    0x8f, 0x74, 0xa6, 0xff, 0xe3, 0x60, 0xbd, 0x9a, 0x6d, 0x9c, 0xeb, 0x2f,
-    0x9e, 0x46, 0xb2, 0xcb, 0x1a, 0xb3, 0xe6, 0x8a, 0xfe, 0x6d, 0x13, 0x7b,
-    0x8b, 0x2f, 0xda, 0x72, 0xc8, 0x59, 0x4a, 0x88, 0x6c, 0xc7, 0xe7, 0xf2,
-    0x27, 0x2c, 0xba, 0x09, 0x65, 0xec, 0x61, 0xac, 0xbc, 0x3c, 0x3a, 0xcb,
-    0x98, 0x86, 0x6d, 0xd8, 0x6e, 0xa0, 0xfd, 0xa4, 0x99, 0x7d, 0xc0, 0xc1,
-    0xd6, 0x5f, 0xbe, 0xda, 0x81, 0xac, 0xbf, 0xf3, 0xec, 0x21, 0x67, 0x08,
-    0x3f, 0x59, 0x5d, 0x9f, 0x33, 0x93, 0xdf, 0x64, 0xd2, 0xc5, 0x97, 0x3c,
-    0x96, 0x5f, 0xf4, 0x85, 0xe6, 0xbb, 0x77, 0xed, 0x51, 0x30, 0x2a, 0x0f,
-    0x7d, 0xc5, 0xaf, 0xc1, 0x7f, 0x37, 0x96, 0x5f, 0xed, 0x9f, 0xc0, 0x10,
-    0xa4, 0xb2, 0xd0, 0xb2, 0xed, 0x99, 0x65, 0x61, 0xa7, 0x21, 0x0b, 0xb9,
-    0x0b, 0x2a, 0x11, 0x70, 0xc4, 0xee, 0xb8, 0x11, 0xfb, 0xc6, 0x30, 0x16,
-    0x5d, 0x3f, 0x8b, 0x2f, 0xb8, 0xe4, 0x05, 0x97, 0x8a, 0x36, 0x59, 0x53,
-    0x1f, 0x9f, 0xc7, 0x40, 0x32, 0x2b, 0x21, 0xbf, 0xc1, 0xeb, 0x4d, 0x07,
-    0xc5, 0x97, 0xef, 0xb4, 0x16, 0xcb, 0x2f, 0xfa, 0x36, 0xf1, 0x40, 0x7d,
-    0xc5, 0x95, 0xf4, 0x49, 0xf0, 0xce, 0x7c, 0x9e, 0xf8, 0xb3, 0x90, 0xb2,
-    0xbc, 0x7a, 0x7b, 0xcc, 0xef, 0x49, 0x80, 0xb2, 0xfc, 0x45, 0x9e, 0x65,
-    0x97, 0xdd, 0x76, 0xc6, 0xac, 0xbf, 0x39, 0xb9, 0xf7, 0x59, 0x58, 0x8b,
-    0x19, 0x89, 0x1c, 0x73, 0xc4, 0xa1, 0x25, 0xbf, 0xfd, 0x2f, 0xe1, 0x18,
-    0x26, 0xbe, 0xd0, 0x75, 0x97, 0xf3, 0x7b, 0x0f, 0x1f, 0x59, 0x7f, 0xcc,
-    0x0d, 0xbf, 0x1c, 0x0f, 0x16, 0x5f, 0xe9, 0x3f, 0xb8, 0xc5, 0x0b, 0x2d,
-    0x1a, 0x3e, 0xb2, 0x3a, 0xae, 0x93, 0x08, 0xd2, 0x5f, 0xa1, 0x2f, 0x7f,
-    0xf8, 0x9c, 0xcc, 0xef, 0xf1, 0xd4, 0xa7, 0xf1, 0x65, 0xfc, 0xd3, 0x73,
-    0xcd, 0xb2, 0xcb, 0xff, 0x61, 0xf3, 0x59, 0xd4, 0xb3, 0xcb, 0x2f, 0xe6,
-    0xfb, 0x1f, 0x0d, 0x59, 0x5f, 0x3e, 0xbe, 0x1f, 0x5f, 0xf3, 0xff, 0x50,
-    0xd2, 0x7e, 0x2c, 0xbf, 0xfc, 0xfb, 0x7d, 0xa0, 0xb2, 0x66, 0xd3, 0x2c,
-    0xac, 0x4f, 0x02, 0x63, 0x7f, 0xa7, 0x7a, 0x13, 0x41, 0x22, 0x30, 0xde,
-    0xc4, 0xb2, 0xd3, 0xeb, 0x2f, 0xbb, 0x6c, 0x1a, 0xca, 0x59, 0x6e, 0xd6,
-    0x61, 0x2e, 0xe0, 0x81, 0x25, 0xd2, 0x1a, 0xca, 0x9e, 0xd1, 0x3d, 0xb0,
-    0x87, 0x42, 0x8c, 0x5b, 0xa1, 0xf3, 0x8b, 0xdf, 0x8d, 0x89, 0x60, 0xd6,
-    0x5f, 0x67, 0xbf, 0x8b, 0x2e, 0x73, 0x56, 0x5d, 0x83, 0x23, 0x71, 0x3e,
-    0x43, 0x70, 0xa3, 0xb5, 0xc6, 0x14, 0xbb, 0xc0, 0x59, 0x76, 0xec, 0x96,
-    0x5f, 0x1b, 0x9d, 0x79, 0x65, 0x6c, 0x7a, 0xba, 0x17, 0x71, 0xab, 0xf0,
-    0x93, 0xee, 0x40, 0x59, 0x7f, 0x67, 0xdc, 0x42, 0xf2, 0xca, 0xd8, 0xf6,
-    0x06, 0x57, 0x79, 0xdf, 0xb5, 0x97, 0xf6, 0x7b, 0xd1, 0xae, 0x2c, 0xbf,
-    0x9c, 0x81, 0xb0, 0x3c, 0xb2, 0xa1, 0x13, 0x5b, 0x11, 0x90, 0xe4, 0xf9,
-    0x6d, 0x85, 0xc3, 0x63, 0x71, 0xb4, 0x31, 0xe4, 0x42, 0x38, 0xd1, 0x72,
-    0x50, 0x01, 0xaf, 0x9d, 0xc3, 0x67, 0xa8, 0x5b, 0xb1, 0x0c, 0xd0, 0x88,
-    0xd1, 0x11, 0xe1, 0x03, 0xf8, 0x6c, 0x3c, 0x2b, 0x4a, 0x3d, 0x8e, 0x4b,
-    0x11, 0xf4, 0x3f, 0x02, 0xbb, 0xbd, 0x80, 0xc2, 0xe9, 0xf7, 0xe1, 0x23,
-    0x21, 0xbc, 0x70, 0xe9, 0x25, 0xff, 0x9e, 0x42, 0xf3, 0x5d, 0xbb, 0xf6,
-    0xa8, 0x98, 0xd7, 0x46, 0xea, 0xcb, 0xb5, 0x8b, 0x2d, 0x1a, 0x35, 0xff,
-    0x19, 0xbf, 0x09, 0xe9, 0x41, 0xab, 0x2c, 0x2d, 0x91, 0xd4, 0x71, 0xdf,
-    0xbe, 0xf0, 0x9a, 0xff, 0x86, 0xdb, 0xc5, 0xf4, 0x01, 0x24, 0xb2, 0xf1,
-    0x86, 0x18, 0xb2, 0xfe, 0x14, 0xcf, 0x62, 0xa4, 0xa5, 0xf5, 0x97, 0xa7,
-    0x94, 0x86, 0xb2, 0xa7, 0xb3, 0xe0, 0x9e, 0x67, 0xb7, 0xf6, 0xb4, 0x12,
-    0xcf, 0xac, 0xbe, 0x82, 0x6f, 0xac, 0xbe, 0x8d, 0xa3, 0x4b, 0x2f, 0xf7,
-    0x20, 0x0f, 0xe7, 0x35, 0x65, 0xef, 0x44, 0xcb, 0x2f, 0xa2, 0x66, 0x3a,
-    0xcb, 0xff, 0xcc, 0x45, 0x81, 0xec, 0xb3, 0x61, 0x24, 0xb2, 0xb0, 0xfb,
-    0x34, 0x45, 0x7d, 0xc8, 0xd4, 0x2c, 0xbe, 0xd8, 0x23, 0xdc, 0x59, 0x7f,
-    0xdb, 0xac, 0x09, 0xd9, 0x34, 0x1d, 0x65, 0x0d, 0x3a, 0x56, 0x20, 0xdc,
-    0x22, 0x98, 0xcf, 0x50, 0x89, 0xf1, 0x08, 0x84, 0x3b, 0xa4, 0xf6, 0x92,
-    0xcb, 0xf1, 0xe3, 0x3d, 0xc5, 0x97, 0xee, 0x31, 0x75, 0x25, 0x97, 0x64,
-    0xcb, 0x2c, 0x64, 0xe3, 0x7f, 0x85, 0x15, 0x3c, 0x22, 0x80, 0x62, 0x38,
-    0xcd, 0x7f, 0xbf, 0x1a, 0xd8, 0x40, 0x81, 0x65, 0xf0, 0x76, 0x72, 0x59,
-    0x7f, 0xff, 0xe6, 0x0f, 0x7a, 0xcd, 0xf0, 0x5e, 0xd0, 0x76, 0xfc, 0x7b,
-    0x8c, 0xb2, 0xe7, 0xe2, 0xcb, 0xe9, 0xde, 0xcf, 0xac, 0xaf, 0x9b, 0xae,
-    0x0b, 0x5f, 0xff, 0xcd, 0xd7, 0xb9, 0xb6, 0xb3, 0x93, 0xb3, 0xbf, 0x87,
-    0x71, 0x65, 0x42, 0x21, 0x74, 0x43, 0x7a, 0x0b, 0x65, 0x97, 0xff, 0xff,
-    0xd2, 0xe7, 0xf0, 0x26, 0x73, 0xf9, 0xde, 0x72, 0x76, 0x75, 0x2e, 0x31,
-    0x32, 0xcb, 0xce, 0xfd, 0xaa, 0x2b, 0x15, 0xf3, 0x89, 0x06, 0xac, 0xae,
-    0xcf, 0x33, 0x45, 0x37, 0xef, 0xb1, 0xe3, 0x4b, 0x2f, 0xff, 0x05, 0xf6,
-    0xd6, 0x1f, 0xf1, 0xb1, 0x05, 0x65, 0x31, 0xf9, 0x11, 0x3d, 0xfe, 0x0c,
-    0xb3, 0x80, 0xe8, 0x0b, 0x2f, 0xfd, 0x3f, 0x9e, 0x2c, 0x0c, 0x17, 0x96,
-    0x5f, 0xe2, 0xce, 0x03, 0x30, 0x6b, 0x28, 0x6a, 0xe4, 0xcd, 0x8c, 0xbb,
-    0xb2, 0x2e, 0x87, 0x35, 0x0c, 0xdf, 0xc2, 0x54, 0x88, 0x3c, 0x6b, 0xbc,
-    0xfe, 0xff, 0xc1, 0xf7, 0x0b, 0x37, 0x96, 0x71, 0x65, 0xf7, 0x8b, 0x37,
-    0x56, 0x5e, 0x60, 0x8d, 0x65, 0x1a, 0x7f, 0xec, 0x7f, 0xb8, 0x49, 0x7f,
-    0xf1, 0x78, 0xd0, 0xc1, 0x67, 0x71, 0xa5, 0x97, 0xf4, 0x30, 0xad, 0xc3,
-    0xda, 0xcb, 0xfd, 0xad, 0xbd, 0xc7, 0xeb, 0xb5, 0x95, 0x08, 0xac, 0xfa,
-    0x23, 0x98, 0xdf, 0xec, 0xf6, 0x14, 0x19, 0x3e, 0xb2, 0xff, 0x46, 0xa4,
-    0xd3, 0x31, 0x8b, 0x2f, 0xfe, 0x63, 0xf2, 0x77, 0xdb, 0xc5, 0x07, 0x59,
-    0x52, 0x45, 0x77, 0x0d, 0x7c, 0x69, 0x7c, 0xfe, 0x7e, 0xd6, 0x5f, 0xf4,
-    0x6f, 0x7d, 0x77, 0xf7, 0xdd, 0x59, 0x7f, 0x9a, 0x3b, 0x2c, 0x6d, 0x96,
-    0x51, 0xd1, 0x25, 0xf2, 0x2d, 0xd3, 0xeb, 0xfd, 0x05, 0xef, 0xe0, 0x1d,
-    0x65, 0xf4, 0x1d, 0xfc, 0xb2, 0xa4, 0x7a, 0x5c, 0x31, 0xbf, 0x6e, 0xfb,
-    0x3a, 0x99, 0x65, 0xf7, 0x26, 0x63, 0x56, 0x5e, 0x3c, 0x69, 0x65, 0xff,
-    0xff, 0xfe, 0x7f, 0x7b, 0x3f, 0xc7, 0x93, 0x17, 0xa5, 0x9a, 0xce, 0x67,
-    0xdf, 0x62, 0x89, 0x2c, 0xbd, 0xe8, 0x99, 0x65, 0x42, 0x62, 0xb8, 0x5a,
-    0x02, 0x4e, 0x0e, 0x09, 0x08, 0xbb, 0xf8, 0x33, 0xfd, 0xfd, 0x85, 0x6b,
-    0x2f, 0xba, 0x94, 0x7d, 0x65, 0xfe, 0xe0, 0xff, 0x9d, 0x87, 0x71, 0x65,
-    0xb3, 0x87, 0xb6, 0x12, 0x3b, 0xa3, 0x7a, 0xca, 0xf9, 0xbf, 0x22, 0x7b,
-    0xfb, 0xec, 0x32, 0xc0, 0xac, 0xbf, 0xd3, 0x3e, 0x34, 0x84, 0x3a, 0xca,
-    0x1a, 0x20, 0x3b, 0x20, 0x62, 0xcb, 0xfd, 0xd4, 0xa6, 0x93, 0xeb, 0x65,
-    0x97, 0xd2, 0xf3, 0x6c, 0xb2, 0xa0, 0xf6, 0x9c, 0xde, 0xff, 0xff, 0x41,
-    0xcd, 0x35, 0xfa, 0xfc, 0x37, 0xb8, 0xc5, 0xd4, 0x96, 0x5f, 0xff, 0x9b,
-    0xd1, 0xdb, 0x79, 0x8f, 0x3b, 0x8e, 0x31, 0xac, 0xa8, 0x55, 0x69, 0x91,
-    0xa8, 0x34, 0x22, 0xbe, 0x40, 0xec, 0x77, 0x4b, 0xcb, 0x2f, 0xe8, 0x01,
-    0xe3, 0x84, 0xb2, 0xfe, 0xcd, 0xb0, 0xb2, 0x4b, 0x2a, 0x0f, 0xbd, 0x85,
-    0xf4, 0x59, 0x7f, 0xf7, 0x3f, 0x9b, 0xad, 0xe6, 0x97, 0x02, 0xb2, 0xfe,
-    0x3f, 0x82, 0xfb, 0x42, 0xcb, 0x37, 0x47, 0xea, 0x22, 0x3d, 0xe0, 0xf5,
-    0x8b, 0x2f, 0xf6, 0x98, 0x3b, 0x03, 0x92, 0x59, 0x79, 0xa3, 0x65, 0x97,
-    0xff, 0x0e, 0x39, 0x0d, 0xd7, 0xbd, 0x07, 0x59, 0x7f, 0x41, 0x93, 0x14,
-    0x0d, 0x65, 0x6c, 0x8e, 0x01, 0x8e, 0xcc, 0x6b, 0xa1, 0xcf, 0x22, 0x5f,
-    0xbb, 0xfc, 0x11, 0xab, 0x2b, 0x0f, 0xd5, 0xd3, 0x2f, 0x8e, 0xfd, 0x79,
-    0x65, 0xff, 0xdb, 0x47, 0xa7, 0x09, 0xd8, 0x9b, 0xa2, 0x71, 0x65, 0xff,
-    0xcf, 0xb9, 0x84, 0xe3, 0x7c, 0xeb, 0xcb, 0x2f, 0xfb, 0x51, 0xc7, 0xd1,
-    0x44, 0x96, 0x56, 0x91, 0x99, 0xf5, 0x0d, 0xe8, 0xb7, 0xa4, 0xfb, 0x2c,
-    0xbd, 0x3b, 0x63, 0xac, 0xbf, 0xe7, 0xea, 0x4d, 0xff, 0xbe, 0xe2, 0xcb,
-    0xf8, 0xa3, 0x62, 0x8d, 0x96, 0x5b, 0xcb, 0x2f, 0xfc, 0x6f, 0x39, 0x9f,
-    0x6e, 0x07, 0x65, 0x94, 0x33, 0xd2, 0x08, 0x8d, 0x0a, 0x15, 0x1d, 0xe4,
-    0x3b, 0xfa, 0x32, 0x61, 0xdd, 0x10, 0x39, 0xe1, 0x3f, 0xdf, 0x44, 0xd1,
-    0xb2, 0xcb, 0xff, 0x13, 0x8f, 0xf1, 0xbf, 0xee, 0x4b, 0x2f, 0xff, 0x4b,
-    0x0b, 0xc1, 0xfb, 0x6e, 0xee, 0xc6, 0xe2, 0xcb, 0xff, 0xff, 0xd8, 0x7c,
-    0xd0, 0x00, 0x1e, 0x7d, 0xbd, 0x2c, 0xfb, 0x81, 0x87, 0x0b, 0x2e, 0x8d,
-    0xc5, 0x97, 0xff, 0xfe, 0x0e, 0xd9, 0xdc, 0xe2, 0x0e, 0xec, 0xec, 0xea,
-    0x58, 0x12, 0x07, 0x16, 0x5f, 0xfe, 0xdb, 0x3a, 0xf7, 0x18, 0xa0, 0x0e,
-    0x75, 0x97, 0xfb, 0xa2, 0xc1, 0xfd, 0xcc, 0x59, 0x58, 0x7f, 0xce, 0x95,
-    0x5b, 0x2a, 0x56, 0x19, 0x1f, 0x47, 0xdf, 0x52, 0x77, 0x62, 0x19, 0xe4,
-    0x3d, 0x2f, 0xbd, 0x28, 0x65, 0x97, 0xfd, 0x83, 0xdb, 0x0c, 0xcf, 0xba,
-    0xcb, 0xfb, 0x69, 0xa4, 0x28, 0xd6, 0xcb, 0x2f, 0x88, 0xb3, 0xcb, 0x2f,
-    0xcd, 0xb9, 0xad, 0x32, 0xca, 0x9e, 0xd1, 0x01, 0x06, 0xdf, 0x20, 0xbf,
-    0xb6, 0x12, 0x7d, 0xc8, 0x0b, 0x2f, 0xb7, 0x23, 0x84, 0xb2, 0xff, 0xdf,
-    0x73, 0xfb, 0xf1, 0xe0, 0x9d, 0x65, 0x61, 0xf1, 0xcc, 0x49, 0x7f, 0xf6,
-    0x61, 0xa7, 0x86, 0xd6, 0x98, 0xc5, 0x97, 0x9d, 0xf4, 0xb2, 0xff, 0x9a,
-    0x4d, 0xf0, 0x9c, 0xec, 0xb2, 0xec, 0xf2, 0xca, 0x84, 0xd9, 0x32, 0x12,
-    0xba, 0x22, 0xfa, 0x27, 0x86, 0xe7, 0xce, 0x2e, 0x7d, 0xd5, 0x97, 0xff,
-    0xa3, 0x70, 0xf0, 0x32, 0xcf, 0x79, 0xc9, 0x65, 0x11, 0xf1, 0xee, 0x8c,
-    0xde, 0xfb, 0x0b, 0x9e, 0x1b, 0xbc, 0xb9, 0xe5, 0x08, 0x01, 0x54, 0x5b,
-    0x11, 0xe9, 0x6d, 0x18, 0xf4, 0x8d, 0x06, 0x6d, 0x92, 0xed, 0x4d, 0x8c,
-    0x4f, 0xb8, 0x6f, 0x75, 0x0d, 0xc6, 0x86, 0x14, 0xd0, 0x85, 0xd4, 0x66,
-    0xff, 0x96, 0x06, 0xf0, 0xc2, 0x04, 0x28, 0x8a, 0x37, 0xee, 0x4a, 0x5b,
-    0xf4, 0xac, 0x20, 0xb5, 0xef, 0x21, 0x9f, 0x85, 0xc8, 0x91, 0xcc, 0x6e,
-    0xc3, 0x06, 0xf0, 0xab, 0x9f, 0x9e, 0xd6, 0x5f, 0x7a, 0x7f, 0x3e, 0xb2,
-    0xc4, 0xb2, 0x85, 0x26, 0xd6, 0x44, 0xb7, 0x0a, 0x05, 0x45, 0x97, 0xa7,
-    0xb9, 0xe5, 0x3e, 0xb2, 0xf7, 0xa3, 0xeb, 0x2f, 0xa0, 0x78, 0x75, 0x96,
-    0xd4, 0x1b, 0xdd, 0x0e, 0x5b, 0x71, 0x65, 0xcd, 0xba, 0xb2, 0xfb, 0x6d,
-    0x46, 0xcb, 0x2e, 0x10, 0x0b, 0x2e, 0xcf, 0xac, 0xbd, 0xfc, 0x99, 0x65,
-    0xef, 0xb1, 0xd6, 0x5a, 0x65, 0x95, 0xb1, 0xf0, 0x8c, 0x59, 0xc7, 0x42,
-    0x39, 0x7e, 0x72, 0xd8, 0x3c, 0x59, 0x7e, 0xc1, 0xe9, 0xfb, 0x59, 0x7c,
-    0xfb, 0x46, 0x96, 0x5d, 0x03, 0xf9, 0xe5, 0x11, 0x45, 0x86, 0xb2, 0x99,
-    0x3d, 0xb9, 0x89, 0x8e, 0x28, 0xe3, 0x20, 0x24, 0x27, 0x9e, 0x1e, 0x79,
-    0xca, 0x7c, 0xb2, 0xdf, 0x59, 0x7b, 0x82, 0x71, 0x65, 0xf7, 0x5b, 0x41,
-    0xab, 0x2b, 0x63, 0xd4, 0x18, 0x88, 0x47, 0xaf, 0xdd, 0x4b, 0xcf, 0xd2,
-    0xcb, 0x42, 0xca, 0x73, 0x75, 0xe2, 0xab, 0xfd, 0xd6, 0xa1, 0xa4, 0xfc,
-    0x59, 0x7d, 0x85, 0x12, 0x59, 0x58, 0x7a, 0x67, 0x33, 0xb4, 0xfa, 0xcb,
-    0xf7, 0x33, 0xcd, 0xa5, 0x97, 0xb3, 0xaf, 0x2c, 0xb6, 0x00, 0xf1, 0x38,
-    0x4f, 0x73, 0x8d, 0x65, 0xef, 0x67, 0x16, 0x5c, 0x50, 0xb2, 0xa4, 0x78,
-    0xe1, 0x16, 0xde, 0x39, 0x7f, 0xcc, 0x1d, 0xa3, 0xa0, 0x6a, 0x16, 0x5e,
-    0x94, 0x74, 0xb2, 0xdb, 0x8b, 0x2a, 0x63, 0x62, 0x43, 0xb7, 0xb4, 0xe4,
-    0xb2, 0xd3, 0xeb, 0x2f, 0xe2, 0xcd, 0xfa, 0x6e, 0x2c, 0xad, 0x8f, 0x08,
-    0xc1, 0x4b, 0x74, 0xb2, 0xa1, 0x12, 0x6c, 0xba, 0x12, 0x4b, 0xf6, 0x6a,
-    0x50, 0x75, 0x97, 0xdf, 0x7c, 0xd2, 0xcb, 0xf6, 0xd8, 0x4c, 0x6a, 0xca,
-    0x83, 0xc9, 0x62, 0x1b, 0xfc, 0xfa, 0x90, 0x1b, 0xae, 0x2c, 0xbe, 0xe7,
-    0x20, 0x0b, 0x2a, 0x15, 0xa5, 0x8c, 0x87, 0x16, 0x19, 0xbb, 0x46, 0x27,
-    0x6b, 0xfc, 0x2d, 0x1c, 0xb8, 0x9c, 0x02, 0x40, 0x61, 0xa5, 0xff, 0xb0,
-    0xb0, 0xd2, 0xcf, 0x7d, 0x96, 0x5f, 0xce, 0x6e, 0x0d, 0xe4, 0xb2, 0xbe,
-    0x7d, 0x24, 0x79, 0x7f, 0x31, 0x16, 0x6f, 0x75, 0x97, 0xa4, 0x27, 0x96,
-    0x5e, 0xd6, 0x9d, 0x65, 0xf4, 0x80, 0x19, 0x2c, 0xbe, 0xd0, 0x90, 0x05,
-    0x97, 0xa3, 0xf0, 0xb2, 0xa0, 0xf8, 0x58, 0x8f, 0xe4, 0x77, 0xf9, 0xb6,
-    0x73, 0x80, 0x10, 0xb2, 0xe6, 0x1a, 0xcb, 0x9f, 0xa5, 0x97, 0xf7, 0xf2,
-    0x62, 0x81, 0xac, 0xbf, 0xe9, 0x41, 0xf9, 0x9a, 0x8e, 0x2c, 0xae, 0xcf,
-    0x97, 0xa2, 0xdb, 0xf1, 0xb3, 0x13, 0x98, 0xb2, 0x86, 0x8c, 0xa6, 0x7c,
-    0x72, 0x4b, 0xde, 0x60, 0x2c, 0xbe, 0x04, 0x17, 0x6b, 0x2c, 0x2b, 0x59,
-    0x46, 0x9e, 0x9f, 0x43, 0x81, 0x22, 0xbe, 0x97, 0xb0, 0x45, 0x97, 0xbb,
-    0x80, 0x2c, 0xbd, 0xa8, 0x3a, 0xca, 0x64, 0x46, 0xb9, 0x88, 0x48, 0xcc,
-    0x1d, 0xbf, 0x67, 0x5e, 0x73, 0xac, 0xbb, 0x26, 0x59, 0x6d, 0x88, 0xdf,
-    0x88, 0x51, 0x7a, 0x35, 0xb2, 0xca, 0x83, 0xc5, 0x62, 0x8a, 0x59, 0x7b,
-    0xb8, 0x02, 0xcb, 0x14, 0x8d, 0x46, 0x05, 0xdf, 0xdf, 0x63, 0xe7, 0xdd,
-    0x65, 0x41, 0xe8, 0x84, 0x96, 0xfb, 0xc4, 0xdb, 0xab, 0x2e, 0x0f, 0x16,
-    0x5f, 0x83, 0x2e, 0x7c, 0x6b, 0x2a, 0x0f, 0x00, 0x85, 0xef, 0xd9, 0x34,
-    0x9f, 0x8b, 0x2a, 0x4b, 0xab, 0x83, 0x21, 0xe8, 0xb1, 0x87, 0xa6, 0x7d,
-    0xd1, 0x69, 0xcc, 0xff, 0x0e, 0x02, 0x8c, 0x3b, 0x90, 0xc0, 0xf4, 0x26,
-    0x42, 0x43, 0xbd, 0x90, 0x42, 0x0b, 0xf9, 0xe5, 0xbb, 0xba, 0x1d, 0x96,
-    0x58, 0x96, 0x5d, 0x2d, 0xc5, 0x95, 0xf3, 0xdf, 0xe1, 0xaf, 0x84, 0x2f,
-    0xf7, 0xb8, 0xfd, 0x79, 0xb6, 0x59, 0x4b, 0x29, 0x8f, 0x02, 0x7c, 0xd6,
-    0xfe, 0xcd, 0x87, 0xf6, 0xd2, 0xca, 0xf9, 0xe9, 0x11, 0x25, 0xff, 0xa3,
-    0x39, 0x3a, 0x18, 0x62, 0x49, 0x65, 0xfc, 0xc6, 0x73, 0x6c, 0x31, 0x65,
-    0x11, 0xf8, 0x79, 0x02, 0xe2, 0x85, 0x97, 0x80, 0x08, 0x59, 0x76, 0x76,
-    0xb2, 0xe8, 0x1f, 0x0d, 0x9f, 0x87, 0x2f, 0x41, 0x76, 0xb2, 0xff, 0xfe,
-    0x73, 0x06, 0xef, 0xad, 0xbe, 0xfe, 0xfb, 0x6a, 0x4b, 0x2f, 0xdd, 0xf7,
-    0xf8, 0xd2, 0xca, 0xfa, 0x28, 0x88, 0x70, 0x2b, 0x95, 0x24, 0xd9, 0xbb,
-    0x21, 0xe2, 0x47, 0xa1, 0x9d, 0x7c, 0xe4, 0xf3, 0x2c, 0xbf, 0x66, 0x84,
-    0xf7, 0x16, 0x5f, 0x9b, 0xc5, 0x92, 0x59, 0x7d, 0x06, 0x44, 0xcb, 0x2f,
-    0xfd, 0xcd, 0xef, 0xf8, 0x37, 0x3d, 0xc5, 0x97, 0x08, 0x75, 0x97, 0xe2,
-    0xcd, 0x07, 0x16, 0x5e, 0x7e, 0x89, 0x65, 0xfd, 0xe2, 0x70, 0x61, 0x2c,
-    0xbf, 0x13, 0x83, 0x09, 0x65, 0x4e, 0x3d, 0x0f, 0x15, 0xd0, 0xd1, 0x20,
-    0x16, 0xca, 0xd9, 0x3c, 0x59, 0x10, 0x9a, 0x52, 0xc4, 0xd3, 0x11, 0xfd,
-    0x04, 0x03, 0x05, 0x0b, 0x6b, 0xee, 0x61, 0x76, 0xb2, 0xfe, 0x82, 0xf7,
-    0x61, 0xd9, 0x65, 0xb8, 0xb2, 0xff, 0x41, 0x83, 0x0b, 0xea, 0x4b, 0x2f,
-    0x72, 0x24, 0xb2, 0xfd, 0xfc, 0xd3, 0x71, 0x65, 0xcd, 0xae, 0x8f, 0x0f,
-    0xc3, 0x96, 0xde, 0xb2, 0xa1, 0x31, 0xa9, 0x11, 0x4c, 0x5f, 0xa1, 0x1f,
-    0xbb, 0xee, 0x97, 0x5f, 0xfe, 0x2f, 0x7f, 0x25, 0xe8, 0xc2, 0xeb, 0xcb,
-    0x2f, 0x13, 0x1a, 0xb2, 0xfb, 0x06, 0xdb, 0xd6, 0x5d, 0x07, 0xc3, 0x7e,
-    0xe3, 0x97, 0xe9, 0x79, 0x8f, 0xe5, 0x97, 0xf3, 0xf5, 0xf8, 0x10, 0x96,
-    0x5b, 0x3a, 0x3d, 0x63, 0x0a, 0x2f, 0x09, 0xd1, 0x2c, 0xbf, 0x9e, 0x4e,
-    0x59, 0xba, 0xb2, 0xe6, 0x1a, 0xcb, 0xee, 0x7d, 0xe4, 0xb2, 0xde, 0x59,
-    0x50, 0x9e, 0x33, 0x42, 0x23, 0x50, 0x80, 0xf9, 0x4b, 0x8f, 0x00, 0xb8,
-    0x22, 0xc2, 0x11, 0x5e, 0xc2, 0x99, 0x65, 0xba, 0x59, 0x70, 0x21, 0x25,
-    0xc6, 0x18, 0x92, 0x98, 0xd7, 0x98, 0x2d, 0x7e, 0x2c, 0xf7, 0xd9, 0x20,
-    0xb3, 0x43, 0x7c, 0x69, 0x67, 0x16, 0x54, 0x8f, 0x68, 0x67, 0x17, 0x76,
-    0x05, 0x97, 0xf9, 0xcd, 0x82, 0x2c, 0xf2, 0xcb, 0xcc, 0x07, 0x59, 0x50,
-    0x9a, 0xf0, 0xc7, 0x1e, 0x17, 0x80, 0x22, 0x21, 0x80, 0x98, 0xde, 0xfc,
-    0x18, 0xb2, 0xf3, 0xf5, 0xc5, 0x96, 0xe2, 0xcb, 0xe1, 0x3e, 0xfe, 0x59,
-    0x5b, 0x1f, 0x70, 0xc7, 0x7a, 0x1d, 0xf0, 0x8d, 0xe8, 0x29, 0x96, 0x5c,
-    0x50, 0xb2, 0x96, 0x52, 0xca, 0x98, 0xb6, 0x38, 0x5d, 0xdf, 0x99, 0x65,
-    0xcc, 0x05, 0x95, 0x06, 0xb8, 0x03, 0x15, 0x32, 0x2d, 0xb4, 0x38, 0xe5,
-    0x60, 0x4f, 0xbf, 0xf8, 0xd6, 0x2e, 0xf9, 0x07, 0x7e, 0xbc, 0xb2, 0xf0,
-    0x33, 0x75, 0x65, 0xff, 0xf1, 0x60, 0x30, 0xe1, 0x8d, 0x69, 0x83, 0xda,
-    0xcb, 0xe2, 0x83, 0xcc, 0xb2, 0x8d, 0x46, 0xb6, 0x91, 0x88, 0x7f, 0xc9,
-    0xf7, 0xc7, 0xe0, 0x4e, 0xb2, 0xc6, 0xac, 0xb4, 0xfa, 0xcb, 0xb4, 0x6a,
-    0xca, 0x83, 0xe1, 0x62, 0x30, 0x89, 0x08, 0x29, 0x7f, 0xfd, 0xfc, 0x97,
-    0x23, 0xd2, 0xcd, 0xc7, 0x20, 0x2c, 0xbf, 0xe6, 0xf7, 0xf3, 0xaf, 0x06,
-    0x16, 0x5f, 0x09, 0x1a, 0x02, 0xca, 0x91, 0xee, 0x7c, 0xe6, 0xec, 0xe2,
-    0xcb, 0xff, 0xd9, 0x29, 0xfc, 0x35, 0xf3, 0xd1, 0xee, 0x2c, 0xa8, 0x44,
-    0x24, 0x88, 0x80, 0x2d, 0x5c, 0x4d, 0x83, 0xd1, 0x98, 0xdd, 0x1c, 0x59,
-    0x60, 0x2c, 0xbe, 0x83, 0xc1, 0xd6, 0x5f, 0x98, 0xc3, 0xbf, 0x96, 0x53,
-    0x1e, 0x4e, 0x88, 0x6d, 0x8b, 0x29, 0x91, 0x97, 0xa2, 0xa7, 0x16, 0xe2,
-    0xd4, 0xf9, 0x0d, 0x8d, 0x59, 0x50, 0xba, 0xd1, 0x90, 0xf4, 0x68, 0xc4,
-    0xff, 0x09, 0xe7, 0x94, 0xcd, 0xba, 0x97, 0x7d, 0x06, 0x06, 0x65, 0x97,
-    0xb9, 0x13, 0x2c, 0xbf, 0xb0, 0x79, 0xbd, 0xb4, 0xb2, 0x96, 0x5b, 0x4b,
-    0x2c, 0x75, 0x95, 0xe3, 0x5a, 0x10, 0xbd, 0xe2, 0x37, 0xc3, 0x77, 0xe9,
-    0x65, 0xf8, 0x0d, 0xa6, 0x35, 0x65, 0xce, 0x6a, 0xcb, 0xb3, 0xa5, 0x95,
-    0xda, 0x68, 0x93, 0x12, 0x1c, 0x77, 0xeb, 0x6e, 0x60, 0x02, 0x22, 0x28,
-    0x9f, 0x17, 0xbb, 0x3e, 0xb2, 0xfe, 0x2f, 0x61, 0x31, 0x8b, 0x2f, 0xef,
-    0x73, 0x0e, 0xde, 0x59, 0x6d, 0x2c, 0xa8, 0x37, 0xd8, 0x5b, 0x4b, 0x29,
-    0x65, 0xa1, 0x65, 0x0a, 0xcd, 0x31, 0x05, 0xf8, 0x2e, 0xf6, 0x6f, 0x75,
-    0x97, 0xdf, 0xfe, 0x01, 0x65, 0xa3, 0xe6, 0xfc, 0x41, 0xda, 0x84, 0xd7,
-    0x18, 0x58, 0xed, 0x4e, 0x8a, 0x07, 0x0b, 0xfb, 0xd9, 0xd4, 0xa2, 0x4b,
-    0x2f, 0xde, 0xcf, 0xb9, 0xab, 0x2b, 0xa3, 0xd6, 0x62, 0xeb, 0xf7, 0x40,
-    0x9e, 0x83, 0xc5, 0x97, 0xbe, 0xe7, 0x59, 0x7f, 0x3f, 0x80, 0x21, 0x49,
-    0x65, 0x0c, 0xf2, 0xb7, 0x07, 0x2f, 0xef, 0x0d, 0x81, 0x04, 0xb2, 0xf6,
-    0xdf, 0x65, 0x97, 0x7c, 0x3d, 0x1e, 0x4b, 0x96, 0x5e, 0x30, 0xc3, 0x12,
-    0x5f, 0xe8, 0xd8, 0x4c, 0xfb, 0xf4, 0x90, 0x59, 0xa0, 0xbf, 0xcc, 0x37,
-    0x2e, 0xa5, 0xc5, 0x94, 0x33, 0xfa, 0xfa, 0x3d, 0xd9, 0xb2, 0xcb, 0xf1,
-    0xc4, 0x8d, 0x01, 0x65, 0x2c, 0xa5, 0x96, 0x83, 0x96, 0xc0, 0x0b, 0xa8,
-    0x3e, 0x49, 0x1f, 0xdf, 0xfb, 0x91, 0x2f, 0xe6, 0x14, 0xb8, 0xb2, 0x86,
-    0x9e, 0x1f, 0x70, 0xc8, 0x62, 0x29, 0x9e, 0xfc, 0x43, 0x7a, 0x0e, 0xcb,
-    0x2f, 0x4b, 0x3b, 0x59, 0x7d, 0x03, 0x63, 0xac, 0xa9, 0xe1, 0x5a, 0xa4,
-    0x3c, 0xe4, 0xa3, 0x1e, 0xd4, 0x7a, 0x1b, 0x61, 0xdb, 0xda, 0xdd, 0x1a,
-    0xcb, 0x7d, 0x65, 0x31, 0xb1, 0xdd, 0x20, 0xbf, 0x7e, 0x3a, 0x7d, 0xc5,
-    0x97, 0xff, 0xd1, 0xee, 0x0f, 0x3c, 0xdf, 0x0e, 0x75, 0xe5, 0x95, 0xf3,
-    0xfb, 0xf1, 0x5d, 0xe2, 0xcf, 0xac, 0xb6, 0x96, 0x5f, 0xec, 0xce, 0xc4,
-    0xdf, 0xfc, 0x59, 0x7f, 0xd0, 0x5e, 0x2c, 0xf4, 0x18, 0xb2, 0xfe, 0x33,
-    0x8c, 0x5d, 0x49, 0x65, 0xf6, 0xde, 0xcf, 0xac, 0xac, 0x3d, 0x20, 0x97,
-    0xd2, 0xca, 0x64, 0x5a, 0xea, 0x11, 0x2e, 0x43, 0x7d, 0xcf, 0x3b, 0x2c,
-    0xbf, 0xb2, 0x60, 0x1f, 0x26, 0x59, 0x7d, 0xee, 0x40, 0x16, 0x5d, 0xa0,
-    0xac, 0xac, 0x37, 0x3e, 0x22, 0xb7, 0x16, 0x51, 0x1b, 0x10, 0x90, 0x5f,
-    0xe7, 0xdf, 0x83, 0xdb, 0x0c, 0x59, 0x7f, 0xfa, 0x33, 0xa1, 0x3c, 0xc4,
-    0x19, 0x67, 0x16, 0x5e, 0x8c, 0xd9, 0x65, 0xb0, 0x67, 0xcd, 0xbd, 0x2a,
-    0xfb, 0x3e, 0x26, 0x96, 0x5c, 0x70, 0x2c, 0xb9, 0xc9, 0x65, 0x7c, 0xd6,
-    0x38, 0xbd, 0xcc, 0x6a, 0xcb, 0xe6, 0xf0, 0x1d, 0x65, 0xfa, 0x3a, 0x96,
-    0x1d, 0x65, 0x48, 0xf8, 0x0e, 0x2f, 0xf2, 0x1b, 0xee, 0x41, 0x1a, 0xb2,
-    0xb6, 0x5c, 0xc9, 0xc8, 0x4f, 0x31, 0x16, 0xe0, 0xdc, 0xc2, 0x3a, 0x87,
-    0x59, 0xcc, 0xfe, 0x42, 0xf0, 0x99, 0x01, 0x01, 0x42, 0x73, 0x85, 0x3e,
-    0x4f, 0x0c, 0x20, 0x04, 0x2f, 0xbb, 0x46, 0xac, 0xbe, 0x83, 0xbf, 0xd6,
-    0x5e, 0xf7, 0x9d, 0x65, 0xf6, 0x83, 0x1b, 0xd6, 0x5f, 0xb3, 0x71, 0xc8,
-    0x03, 0x3e, 0x17, 0x21, 0xf0, 0xe5, 0xf7, 0xfc, 0xdb, 0x2c, 0xbf, 0xdd,
-    0xb7, 0x0b, 0x37, 0xba, 0xcb, 0xe8, 0xd9, 0xe4, 0xb2, 0xe0, 0x1d, 0x65,
-    0xee, 0x7d, 0x96, 0x56, 0x8d, 0x9f, 0x85, 0xef, 0xe2, 0x7f, 0x6d, 0x86,
-    0x2c, 0xa5, 0x94, 0x46, 0xe7, 0xc5, 0xd5, 0x07, 0xf5, 0x8b, 0x57, 0xdb,
-    0x16, 0x74, 0xb2, 0xfe, 0x07, 0x30, 0x6f, 0x25, 0x95, 0x87, 0xa0, 0xe4,
-    0x77, 0xde, 0x62, 0xe2, 0xcb, 0xe9, 0xd9, 0xd7, 0x96, 0x5f, 0xdc, 0x8e,
-    0xa5, 0x9e, 0x59, 0x5d, 0x9e, 0x9f, 0x09, 0x6f, 0xb3, 0xcd, 0xc5, 0x94,
-    0xb2, 0xba, 0x35, 0x8e, 0x43, 0x58, 0x8e, 0x46, 0x74, 0x74, 0xfa, 0x85,
-    0x71, 0x92, 0x79, 0xc4, 0xce, 0x88, 0xf4, 0x69, 0xf8, 0x67, 0x93, 0x87,
-    0x23, 0x04, 0xbc, 0x20, 0x44, 0x59, 0x78, 0x9b, 0x71, 0x65, 0xfd, 0xf8,
-    0xf7, 0x3e, 0xcb, 0x2e, 0x73, 0x56, 0x58, 0x7e, 0x3c, 0x49, 0xf2, 0xdb,
-    0xdd, 0x70, 0x6b, 0x2a, 0x11, 0x57, 0x8c, 0x4c, 0x57, 0x69, 0xf5, 0x97,
-    0x40, 0xd6, 0x50, 0xa4, 0xd5, 0x7c, 0x52, 0xdc, 0x59, 0x63, 0xac, 0xb6,
-    0x96, 0x53, 0x9a, 0x20, 0x88, 0xd6, 0x8f, 0x4f, 0xe6, 0x77, 0xf6, 0xc3,
-    0xd3, 0x07, 0x65, 0x96, 0x02, 0xca, 0x58, 0xc7, 0xc6, 0xe4, 0x53, 0xe6,
-    0x17, 0xfa, 0x0a, 0x4e, 0x7c, 0x1a, 0xcb, 0xef, 0x1c, 0xfa, 0x59, 0x7f,
-    0xf0, 0x20, 0xbb, 0x7f, 0x00, 0x42, 0x92, 0xcb, 0xd2, 0x6f, 0xac, 0xbe,
-    0xf1, 0x64, 0x96, 0x5f, 0x04, 0x57, 0xc7, 0x59, 0x7e, 0xd8, 0x6e, 0xe6,
-    0x2c, 0xac, 0x3c, 0xf0, 0x93, 0x5f, 0xfd, 0xcf, 0xe0, 0xcb, 0x37, 0x96,
-    0x71, 0x65, 0xe7, 0x9b, 0x8b, 0x29, 0x8f, 0x87, 0xc8, 0x95, 0x24, 0xf2,
-    0x0d, 0x31, 0xe8, 0x8e, 0x64, 0x5d, 0x0e, 0x13, 0x87, 0xa1, 0x05, 0x70,
-    0x9d, 0xac, 0xa9, 0xed, 0xdb, 0x31, 0x0a, 0x18, 0x05, 0x42, 0x51, 0x56,
-    0x41, 0x12, 0x90, 0xf6, 0x86, 0xa4, 0x9a, 0x87, 0x2e, 0xfb, 0x27, 0x98,
-    0x0d, 0x8c, 0xe7, 0xb8, 0x60, 0xf5, 0x1f, 0xbb, 0x4a, 0x09, 0x9a, 0x39,
-    0x2d, 0x4a, 0x21, 0x3c, 0x7b, 0x1f, 0x9e, 0x30, 0x78, 0xed, 0x01, 0x1e,
-    0x88, 0xae, 0x13, 0xc5, 0x2d, 0xdb, 0x93, 0xab, 0xde, 0x9c, 0x76, 0x0b,
-    0xe6, 0xf8, 0x65, 0x18, 0xaf, 0x3f, 0x0d, 0xb1, 0x23, 0xff, 0xdd, 0x6c,
-    0xbf, 0xe1, 0x7e, 0x6c, 0xdd, 0xe0, 0x61, 0x65, 0xe0, 0x09, 0x25, 0x97,
-    0xff, 0xdc, 0x6f, 0xbb, 0x7b, 0x34, 0x03, 0xbc, 0x96, 0x58, 0x5f, 0x47,
-    0xd9, 0xe1, 0xeb, 0xfd, 0xc1, 0x71, 0xbe, 0x03, 0xda, 0xcb, 0x06, 0x0f,
-    0x8f, 0xc5, 0x74, 0x2d, 0x5b, 0x1e, 0xd2, 0x8c, 0x07, 0x18, 0x65, 0xfb,
-    0x5d, 0xbb, 0xf6, 0xa8, 0xad, 0xd7, 0xfe, 0x79, 0x0b, 0xcd, 0x76, 0xef,
-    0xda, 0xa2, 0x70, 0x58, 0x5e, 0x22, 0x10, 0xe6, 0xd7, 0x0a, 0x06, 0xb2,
-    0xdf, 0x59, 0x6e, 0x2c, 0xa0, 0x9a, 0x29, 0xf1, 0x1b, 0xf6, 0x19, 0xc6,
-    0x31, 0x65, 0xe9, 0x73, 0x8b, 0x2f, 0xbb, 0x77, 0xed, 0x51, 0x68, 0xaf,
-    0xff, 0x60, 0xfe, 0xe6, 0xcd, 0x33, 0x70, 0x27, 0x59, 0x7f, 0xa3, 0x6f,
-    0xe6, 0x83, 0xda, 0xca, 0xd2, 0x2c, 0xbe, 0x61, 0xc4, 0xdb, 0xcc, 0x5d,
-    0xac, 0xbc, 0xe4, 0x05, 0x95, 0x86, 0xdf, 0xb1, 0xcb, 0xe0, 0x41, 0x76,
-    0xb2, 0xf6, 0xf8, 0x99, 0x65, 0xfe, 0xcd, 0xce, 0x6b, 0x4f, 0xe5, 0x97,
-    0xf4, 0x6c, 0xff, 0x73, 0xac, 0xa6, 0x44, 0x14, 0xc3, 0xff, 0x36, 0xbf,
-    0xa3, 0xd8, 0x5d, 0xe2, 0xcb, 0x71, 0x65, 0x31, 0xbd, 0xf9, 0x65, 0xfd,
-    0x0e, 0x41, 0x1e, 0x2c, 0xbf, 0x68, 0x61, 0xf7, 0x16, 0x5f, 0xf4, 0x6d,
-    0xfc, 0xe7, 0xf3, 0x71, 0x65, 0xfb, 0xbc, 0x62, 0xed, 0x65, 0xfe, 0xce,
-    0xca, 0x01, 0xc8, 0x59, 0x74, 0x77, 0x38, 0xf6, 0xb8, 0x51, 0x7f, 0xdb,
-    0xf9, 0x9f, 0xc2, 0x10, 0x6b, 0x2a, 0x0f, 0xaf, 0x0c, 0x2b, 0xe9, 0x90,
-    0x94, 0x60, 0x37, 0xfb, 0x34, 0x0c, 0x98, 0x4e, 0x2c, 0xb1, 0xab, 0x2f,
-    0xfb, 0x23, 0x6c, 0x9b, 0x4d, 0xc5, 0x94, 0xc7, 0x97, 0x30, 0x95, 0xff,
-    0xfb, 0x68, 0xf4, 0x0f, 0x51, 0xf7, 0xe1, 0x60, 0x16, 0x5f, 0xfa, 0x3a,
-    0x7d, 0xcf, 0x93, 0xee, 0x6c, 0xb2, 0xff, 0xd1, 0xa0, 0x63, 0x66, 0xbc,
-    0x15, 0x95, 0x08, 0xd6, 0xfa, 0xa7, 0x11, 0x68, 0x69, 0xe8, 0x31, 0x4c,
-    0xd0, 0x80, 0xe4, 0x3e, 0x2f, 0xe8, 0xde, 0x4f, 0xee, 0x2c, 0xbf, 0xfe,
-    0xf4, 0x0f, 0xe1, 0x73, 0x7b, 0xc6, 0x2e, 0xd6, 0x5f, 0xfb, 0x9f, 0xc0,
-    0x4d, 0xc2, 0x7f, 0xac, 0xbe, 0x3b, 0x14, 0x96, 0x53, 0x22, 0xc7, 0x71,
-    0x47, 0x87, 0xf5, 0x0b, 0x8e, 0x79, 0x2c, 0x6b, 0xe9, 0x0f, 0x0d, 0xfb,
-    0xa3, 0xeb, 0x2e, 0xe1, 0xd6, 0x54, 0xc6, 0xb7, 0xe2, 0xd4, 0xb2, 0xf6,
-    0xa0, 0xd5, 0x97, 0xe6, 0xf1, 0x41, 0xd6, 0x54, 0xf6, 0x79, 0xd3, 0x05,
-    0xfc, 0x76, 0xff, 0x41, 0xf5, 0xa6, 0x07, 0x16, 0x5e, 0xef, 0x0c, 0x59,
-    0x6c, 0x98, 0xf4, 0x7e, 0x67, 0x7f, 0xfc, 0xde, 0xe3, 0x76, 0xfa, 0xef,
-    0x18, 0xbb, 0x59, 0x63, 0x16, 0x5f, 0xed, 0x47, 0xba, 0x96, 0x79, 0x65,
-    0xff, 0xfd, 0x93, 0x39, 0x6c, 0x06, 0xeb, 0x9d, 0xe3, 0x17, 0x6b, 0x2e,
-    0xc1, 0xac, 0xbd, 0xb3, 0x9d, 0x65, 0xe8, 0x06, 0xa0, 0xd9, 0xb0, 0xb5,
-    0xff, 0xdd, 0x73, 0xc5, 0x9b, 0xfd, 0xe6, 0x1a, 0xca, 0x92, 0x73, 0xac,
-    0xa1, 0x30, 0x91, 0x1a, 0x72, 0x12, 0x01, 0x30, 0xb9, 0xa4, 0xb2, 0xfe,
-    0xcd, 0xfe, 0x0c, 0x76, 0xb2, 0xff, 0x7f, 0xe1, 0x34, 0xf1, 0xc5, 0x97,
-    0xe9, 0xd2, 0xf8, 0x9c, 0x59, 0x71, 0xa3, 0x59, 0x7f, 0xfd, 0xc2, 0xcd,
-    0xef, 0xe2, 0xce, 0x7d, 0xe6, 0x59, 0x58, 0x7d, 0x0c, 0x31, 0x7e, 0x8f,
-    0x70, 0x4f, 0xac, 0xa8, 0x4d, 0x60, 0x62, 0xd8, 0x60, 0xc6, 0xb3, 0x42,
-    0x50, 0x88, 0x2f, 0x89, 0xba, 0x92, 0xcb, 0xc0, 0x7f, 0xac, 0xbf, 0xdb,
-    0x63, 0x0d, 0xdc, 0xd5, 0x95, 0x87, 0x9e, 0xe3, 0x97, 0xf6, 0xa0, 0x70,
-    0x53, 0x2c, 0xb7, 0x16, 0x56, 0xc6, 0xfb, 0xe5, 0xb6, 0x16, 0x29, 0x66,
-    0xf0, 0x4f, 0x07, 0xbb, 0x12, 0x0c, 0xa7, 0x21, 0x9f, 0xdb, 0x3f, 0x44,
-    0x33, 0x42, 0x93, 0x4d, 0xa7, 0x20, 0xfc, 0xe4, 0xf3, 0xbb, 0x01, 0xc0,
-    0xa1, 0x0d, 0xc8, 0xf1, 0x7d, 0x1d, 0xa0, 0x56, 0xa7, 0xdc, 0x44, 0x5e,
-    0xbd, 0xc3, 0xf1, 0x65, 0xfe, 0x14, 0xc3, 0x7a, 0x59, 0xc5, 0x97, 0xff,
-    0xcd, 0xe6, 0xd3, 0x82, 0x3e, 0xdd, 0xc0, 0x16, 0x5d, 0x29, 0x2c, 0xbf,
-    0xfb, 0x0a, 0x30, 0xd8, 0x97, 0xb3, 0x65, 0x97, 0xfe, 0x7f, 0xce, 0x8c,
-    0xf7, 0xd8, 0xeb, 0x2f, 0xff, 0xf3, 0x7a, 0x3e, 0x59, 0xed, 0x47, 0xcb,
-    0x37, 0x87, 0xb5, 0x97, 0xff, 0xd1, 0x9e, 0xfb, 0xcb, 0x41, 0x1c, 0x14,
-    0x2c, 0xa9, 0x27, 0x2b, 0xb8, 0x9d, 0xf1, 0x70, 0xa1, 0xef, 0x3f, 0xdd,
-    0x61, 0xbf, 0xfc, 0xdf, 0x76, 0xdb, 0xcc, 0x4c, 0x0e, 0x2c, 0xbf, 0xe2,
-    0x89, 0x67, 0x31, 0xa1, 0x65, 0xb6, 0x59, 0x50, 0x78, 0xe4, 0x6b, 0x7f,
-    0xff, 0xd0, 0x03, 0xbc, 0xa7, 0x7b, 0xf8, 0x7c, 0xee, 0x3f, 0x07, 0x59,
-    0x7f, 0xfc, 0xc5, 0xe0, 0xfd, 0xb9, 0x3e, 0xfe, 0xc1, 0xac, 0xaf, 0xa2,
-    0xe7, 0xcd, 0x17, 0xf3, 0x6d, 0x39, 0xc8, 0x0b, 0x2f, 0xff, 0xfb, 0xee,
-    0xdc, 0xc3, 0x5c, 0x81, 0x3b, 0x37, 0x20, 0x9c, 0xd5, 0x97, 0x9d, 0xfb,
-    0x54, 0x5b, 0x4a, 0x84, 0x49, 0x76, 0xd3, 0x7f, 0xff, 0x43, 0xfa, 0x3f,
-    0x1c, 0x66, 0x93, 0x6b, 0x06, 0xb2, 0xfe, 0xfc, 0x1e, 0x18, 0x6b, 0x29,
-    0x93, 0x8a, 0x98, 0x8f, 0x50, 0xc1, 0xe1, 0x1f, 0x95, 0xef, 0xe7, 0x90,
-    0xfe, 0xc7, 0x59, 0x7f, 0xb2, 0x62, 0x83, 0xce, 0xed, 0x65, 0xdf, 0x61,
-    0x9f, 0x1f, 0x8b, 0x6f, 0xff, 0x7f, 0x24, 0xe5, 0xe7, 0x93, 0x1b, 0x0b,
-    0x2f, 0xfb, 0x33, 0xb9, 0xf0, 0xfd, 0xb4, 0xb2, 0xff, 0xef, 0xe6, 0xdc,
-    0x6d, 0x46, 0xeb, 0x92, 0xcb, 0xb1, 0x96, 0x57, 0x67, 0xb7, 0xbd, 0x1a,
-    0xfe, 0x81, 0x47, 0x36, 0xc3, 0x16, 0x54, 0x1e, 0xc6, 0x89, 0x6d, 0x3d,
-    0x2c, 0xbf, 0xfb, 0x3d, 0x07, 0x27, 0x34, 0xb0, 0x0b, 0x2c, 0x05, 0x95,
-    0x31, 0xf4, 0x90, 0xb7, 0x90, 0xaf, 0xfc, 0xc4, 0x38, 0x83, 0xee, 0xbc,
-    0x96, 0x5f, 0xf4, 0x03, 0xf1, 0xb1, 0x67, 0x16, 0x54, 0x1f, 0xb8, 0x4f,
-    0xef, 0xff, 0x36, 0xa3, 0x3e, 0x16, 0xe7, 0xf0, 0x0b, 0x2f, 0xff, 0x86,
-    0x1f, 0x70, 0x79, 0x2f, 0xc6, 0xf1, 0xc2, 0xcb, 0x83, 0x8b, 0x28, 0x68,
-    0xb0, 0x64, 0x82, 0x52, 0xbf, 0xe8, 0x94, 0x6b, 0x68, 0xd6, 0xcb, 0x2f,
-    0xff, 0x44, 0xbf, 0x04, 0x69, 0x66, 0xc2, 0x49, 0x65, 0xff, 0xfe, 0x86,
-    0x27, 0xf0, 0x7d, 0x83, 0x83, 0x8f, 0xf1, 0xd2, 0xcb, 0xfc, 0xc7, 0x1c,
-    0x70, 0x4e, 0x2c, 0xbd, 0xec, 0xed, 0x65, 0xff, 0xf1, 0x36, 0xf6, 0xf7,
-    0xe3, 0xdc, 0x8d, 0xf0, 0xb2, 0x99, 0x34, 0xcd, 0x25, 0xfd, 0x7f, 0xc6,
-    0x81, 0x1d, 0xbf, 0xc3, 0xc2, 0x93, 0x7c, 0x2b, 0x2c, 0x35, 0x97, 0xf0,
-    0x7b, 0xfc, 0x6b, 0x16, 0x5e, 0xeb, 0x9f, 0x59, 0x58, 0x79, 0x8e, 0x5d,
-    0x4c, 0x8a, 0xf7, 0x32, 0xe2, 0xed, 0xff, 0xde, 0x76, 0xc8, 0xd3, 0xc9,
-    0xbe, 0xb2, 0xfc, 0xe3, 0xc2, 0x02, 0xca, 0x91, 0xf3, 0xb2, 0x0d, 0xff,
-    0x46, 0xa7, 0x72, 0x3e, 0xec, 0xb2, 0xff, 0x7d, 0x9e, 0x5e, 0x6d, 0x96,
-    0x5f, 0x46, 0x13, 0x2c, 0xbe, 0xf4, 0x60, 0xd6, 0x50, 0xcf, 0x03, 0xa1,
-    0xfb, 0xde, 0xcd, 0x96, 0x54, 0xf4, 0xcd, 0xa1, 0x14, 0x8e, 0xc4, 0x79,
-    0x72, 0x60, 0x1c, 0x23, 0xf2, 0x53, 0x1f, 0x70, 0xb3, 0x62, 0xd9, 0x92,
-    0x35, 0x0e, 0xf3, 0xc2, 0x2b, 0xf0, 0xa6, 0x78, 0x68, 0x91, 0x77, 0x23,
-    0x86, 0xf4, 0x3e, 0x43, 0x09, 0x53, 0x08, 0x67, 0xce, 0x44, 0x73, 0xdd,
-    0x23, 0xbd, 0x98, 0x6a, 0xcb, 0xfa, 0x25, 0xc7, 0xce, 0xd6, 0x5d, 0x02,
-    0xf4, 0x79, 0x3f, 0x1c, 0xbf, 0xe8, 0xd3, 0xf8, 0x02, 0x14, 0x96, 0x5f,
-    0xff, 0xda, 0x8f, 0x37, 0x6c, 0x38, 0x6d, 0x34, 0x9b, 0x8b, 0x2f, 0xe3,
-    0x5f, 0x43, 0x09, 0x2c, 0xbf, 0xde, 0x6e, 0xd8, 0x7d, 0x12, 0xcb, 0xfa,
-    0x0f, 0x81, 0xc3, 0xac, 0xa8, 0x3e, 0x06, 0x34, 0xbf, 0xff, 0xff, 0xf0,
-    0xca, 0x3b, 0xeb, 0xb6, 0xe8, 0xee, 0x46, 0xe1, 0x3f, 0x46, 0x77, 0xf6,
-    0x98, 0x98, 0xfc, 0x59, 0x7f, 0xe6, 0xf4, 0x79, 0xb7, 0xc1, 0x76, 0xb2,
-    0xee, 0xa4, 0xb2, 0xb1, 0x1e, 0xcf, 0x09, 0xf0, 0x9f, 0xdf, 0xc5, 0x3e,
-    0xda, 0xc3, 0x56, 0x5d, 0xef, 0xac, 0xbf, 0xec, 0xf7, 0x04, 0xe7, 0xb3,
-    0xeb, 0x2b, 0x63, 0xd1, 0x38, 0xbd, 0xf9, 0xb6, 0x3c, 0x76, 0xb2, 0xfc,
-    0xfd, 0x48, 0x4e, 0x2c, 0xbf, 0xf3, 0x4d, 0xcd, 0xee, 0x5b, 0x04, 0x6b,
-    0x2c, 0x2f, 0x65, 0x74, 0x58, 0x72, 0x6a, 0xce, 0xa1, 0x1d, 0xf8, 0xc5,
-    0x88, 0xcf, 0x90, 0x81, 0xf1, 0x1e, 0xf2, 0x91, 0x0a, 0xa8, 0x5a, 0xf1,
-    0x4e, 0x47, 0x60, 0x09, 0x7a, 0x37, 0x1f, 0xeb, 0x2f, 0xda, 0xed, 0xdf,
-    0xb5, 0x45, 0xca, 0xbf, 0x9c, 0x7f, 0x82, 0xd9, 0x65, 0xc6, 0xfd, 0x65,
-    0x85, 0x8d, 0x12, 0x58, 0x2f, 0xf3, 0x67, 0x2d, 0xb9, 0x8d, 0x59, 0x7e,
-    0xd7, 0x6e, 0xfd, 0xaa, 0x2e, 0xd5, 0xed, 0xb0, 0xc5, 0x97, 0x81, 0xbd,
-    0xd6, 0x5f, 0xf3, 0x4a, 0x4c, 0x40, 0x89, 0x2c, 0xb8, 0xf3, 0xeb, 0x2f,
-    0x9b, 0x4e, 0x05, 0x97, 0x9f, 0x68, 0x59, 0x61, 0x63, 0x4c, 0x5f, 0x05,
-    0xce, 0x6d, 0xf1, 0xe7, 0x1e, 0x23, 0x7e, 0x0d, 0x04, 0x86, 0xa2, 0x12,
-    0x86, 0x3b, 0x15, 0x4a, 0xb3, 0x1e, 0x1c, 0xa6, 0xdc, 0x44, 0x36, 0xbc,
-    0x0b, 0x6b, 0x77, 0x65, 0xb9, 0x0c, 0x6f, 0xd3, 0x82, 0x8a, 0xb5, 0x07,
-    0xe4, 0x34, 0xfd, 0x1a, 0xd5, 0xfe, 0x17, 0x9a, 0xed, 0xdf, 0xb5, 0x45,
-    0x4e, 0xbf, 0xda, 0xf3, 0x7b, 0x60, 0xf1, 0x65, 0xdc, 0xe2, 0xcb, 0x88,
-    0x5e, 0x1e, 0x66, 0x8d, 0x6f, 0xfe, 0x6d, 0xf1, 0xf6, 0x89, 0xa6, 0x8e,
-    0xd6, 0x5d, 0xb6, 0x2c, 0xbe, 0xe1, 0x7f, 0xcb, 0x2f, 0xf7, 0xe3, 0x90,
-    0x70, 0xcc, 0xb2, 0xf8, 0x32, 0x8d, 0x96, 0x5f, 0xf7, 0x52, 0xe4, 0xec,
-    0xde, 0xfa, 0x59, 0x52, 0x45, 0xb8, 0xc8, 0xb4, 0x69, 0xf2, 0x3b, 0xf8,
-    0x3d, 0x1d, 0xdc, 0x96, 0x5b, 0xcb, 0x2f, 0xba, 0xe4, 0x0d, 0x65, 0x82,
-    0xb2, 0xf4, 0x3e, 0xd3, 0x8d, 0xa0, 0x08, 0xe9, 0x8f, 0xe4, 0x91, 0x6f,
-    0xbb, 0x77, 0xed, 0x51, 0x5c, 0xae, 0x3c, 0x2c, 0xbf, 0x6b, 0xb7, 0x7e,
-    0xd5, 0x16, 0x72, 0xc2, 0xe0, 0xf3, 0x30, 0x5a, 0xe7, 0x92, 0xcb, 0xfa,
-    0x5e, 0xeb, 0xb6, 0xe2, 0xca, 0x73, 0xc6, 0x08, 0xb5, 0xfc, 0xdc, 0xc2,
-    0x73, 0x16, 0x5e, 0x0c, 0xa1, 0x65, 0x69, 0x35, 0x3f, 0xbe, 0x13, 0x77,
-    0x88, 0x77, 0x96, 0x5f, 0xfe, 0xf4, 0x72, 0x70, 0x79, 0xe8, 0x9a, 0x66,
-    0x59, 0x7f, 0xfe, 0x7f, 0xe1, 0xe0, 0xf3, 0xb3, 0x0d, 0x35, 0xe4, 0xb2,
-    0xfe, 0x63, 0xec, 0x1d, 0x49, 0x65, 0xf8, 0xf9, 0x33, 0x81, 0x65, 0xf6,
-    0xdf, 0x7f, 0x2c, 0xa7, 0x3c, 0xb0, 0x94, 0x5f, 0x1e, 0x78, 0x14, 0xf9,
-    0x65, 0xfa, 0x26, 0x9a, 0x3b, 0x59, 0x74, 0x7e, 0x71, 0xeb, 0x31, 0x65,
-    0x62, 0x78, 0x93, 0x27, 0x7d, 0x5c, 0x9e, 0xb7, 0xbb, 0xdf, 0xf1, 0x41,
-    0xf8, 0x19, 0x39, 0xab, 0x2f, 0xda, 0xcf, 0x31, 0xd6, 0x5c, 0x7d, 0xeb,
-    0x2f, 0x14, 0x0d, 0x65, 0x61, 0xb4, 0x71, 0x9b, 0xbf, 0x8b, 0x2f, 0xd9,
-    0x34, 0xc1, 0xd9, 0x65, 0x8d, 0xc3, 0xc1, 0xf8, 0xb5, 0xfa, 0x68, 0x3c,
-    0x08, 0xb2, 0xff, 0xff, 0xb4, 0xdc, 0x06, 0x4e, 0x6d, 0xf1, 0xf6, 0x89,
-    0xa6, 0x8e, 0xd6, 0x5d, 0x23, 0xac, 0xa8, 0x46, 0x9e, 0x14, 0x39, 0x49,
-    0x35, 0xdf, 0x8f, 0x07, 0xc2, 0x59, 0x7f, 0x84, 0x69, 0xa3, 0x8c, 0x75,
-    0x97, 0xff, 0xbe, 0xd3, 0xbe, 0xed, 0xe8, 0xc1, 0xb2, 0xcb, 0xff, 0x36,
-    0xa7, 0x41, 0xdb, 0x71, 0xe6, 0x59, 0x7d, 0xdb, 0xbf, 0x6a, 0x89, 0x09,
-    0x46, 0x9f, 0x9e, 0x90, 0xef, 0xfb, 0x3d, 0xc0, 0xca, 0x36, 0x85, 0x97,
-    0xff, 0xe6, 0xd7, 0x7f, 0xc9, 0xda, 0xd6, 0x19, 0x3f, 0x07, 0x59, 0x52,
-    0x44, 0xaf, 0x0e, 0x6f, 0xbd, 0xa6, 0xe9, 0x65, 0xfc, 0xef, 0xd4, 0xb8,
-    0xcb, 0x2f, 0xf0, 0x23, 0x72, 0x3d, 0x03, 0x59, 0x7f, 0xc7, 0xc7, 0xd6,
-    0xd3, 0xba, 0x3a, 0xca, 0x83, 0xf2, 0xc3, 0x5b, 0xfd, 0xd7, 0x3c, 0x50,
-    0x7e, 0x2c, 0xbf, 0xfc, 0xe5, 0xdc, 0xe1, 0x93, 0xcb, 0xef, 0x25, 0x94,
-    0xc7, 0xfe, 0x13, 0x4b, 0xfb, 0x09, 0x81, 0xc8, 0x59, 0x61, 0x70, 0xad,
-    0xe2, 0x46, 0x99, 0x0b, 0xce, 0xa1, 0x70, 0xc4, 0x7a, 0x23, 0xfc, 0x27,
-    0xc1, 0x09, 0xfe, 0x10, 0xdc, 0xdf, 0x59, 0x7f, 0xe7, 0x12, 0x62, 0x6f,
-    0x14, 0x01, 0x65, 0x6c, 0xb9, 0x19, 0x29, 0x73, 0xdd, 0x42, 0x6b, 0xc2,
-    0xd7, 0xfe, 0x63, 0xe7, 0x27, 0x75, 0x2c, 0xf2, 0xcb, 0xee, 0x0c, 0x70,
-    0xb2, 0xbe, 0x7c, 0x7e, 0x41, 0xbe, 0x97, 0xc4, 0xe2, 0xcb, 0x85, 0x49,
-    0xe1, 0x65, 0xff, 0xfb, 0xed, 0x37, 0xdb, 0xaf, 0x7f, 0xb6, 0xe6, 0x0d,
-    0x65, 0xf4, 0x30, 0x78, 0xb2, 0xc2, 0xe7, 0x92, 0x26, 0xbb, 0x21, 0xfa,
-    0xc5, 0x42, 0x63, 0xf8, 0x44, 0xf0, 0xbe, 0xbe, 0x9e, 0x3f, 0x07, 0x59,
-    0x7e, 0xe7, 0x33, 0x5b, 0x2c, 0xbd, 0xc8, 0x35, 0x65, 0x7c, 0xf1, 0xb8,
-    0x53, 0x74, 0x18, 0xb2, 0xff, 0x81, 0x83, 0x27, 0x04, 0x6f, 0x59, 0x58,
-    0x7e, 0x4c, 0x44, 0xe2, 0xf7, 0x8f, 0xbe, 0x4b, 0x2f, 0xd1, 0xa9, 0xc0,
-    0xf2, 0xcb, 0x08, 0xb2, 0xff, 0xe8, 0x01, 0xde, 0x5c, 0xf6, 0x61, 0xd6,
-    0x50, 0xcf, 0x57, 0xe2, 0x57, 0xa6, 0x3c, 0xcb, 0x2c, 0x2c, 0x50, 0xd8,
-    0x20, 0x0a, 0xa4, 0x78, 0x86, 0x76, 0xc7, 0xa3, 0x85, 0x36, 0x46, 0xe6,
-    0xd2, 0x84, 0x26, 0x4c, 0xd1, 0xc9, 0xd6, 0xff, 0x19, 0x9b, 0xce, 0x62,
-    0x94, 0x7a, 0x1c, 0x33, 0xf4, 0x37, 0xc2, 0x58, 0x60, 0xf8, 0x8f, 0xfb,
-    0xa4, 0x57, 0xf8, 0x2f, 0xa9, 0x7c, 0xc7, 0x59, 0x7f, 0xff, 0xff, 0x47,
-    0x89, 0xc0, 0x4f, 0xbd, 0xb7, 0x90, 0x78, 0x21, 0x40, 0xfe, 0xf2, 0xce,
-    0x2c, 0xbf, 0xf0, 0x85, 0x03, 0xfb, 0xcb, 0x38, 0xb2, 0xff, 0x8a, 0x07,
-    0xf7, 0x96, 0x71, 0x65, 0xfe, 0x7d, 0xed, 0xbc, 0x83, 0xc9, 0xc7, 0xea,
-    0x21, 0xf5, 0xec, 0xe8, 0x58, 0xd3, 0x82, 0xd1, 0xa1, 0x43, 0xfa, 0xff,
-    0xe1, 0x7f, 0x7e, 0x16, 0x7b, 0xd0, 0x05, 0x97, 0xff, 0x85, 0x9d, 0xe4,
-    0x2f, 0x35, 0xdb, 0xbf, 0x6a, 0x89, 0xf1, 0x7f, 0xfa, 0x42, 0xf3, 0x7b,
-    0x1b, 0xce, 0x41, 0xc2, 0xb2, 0xff, 0xb0, 0xcc, 0xde, 0xde, 0x94, 0x2c,
-    0xbe, 0x0e, 0xa3, 0x8b, 0x2f, 0xb7, 0x67, 0xc5, 0x06, 0x2c, 0xbf, 0x1a,
-    0xfe, 0xc3, 0x16, 0x5f, 0xe8, 0xd8, 0x49, 0xf7, 0x20, 0x2c, 0xb0, 0xbd,
-    0x91, 0xd4, 0x33, 0xa2, 0x22, 0x09, 0x70, 0x85, 0x34, 0xe9, 0xc6, 0x7a,
-    0x33, 0x9a, 0xed, 0xb6, 0x67, 0x68, 0x47, 0xee, 0x56, 0x0d, 0xda, 0x95,
-    0x96, 0x74, 0x9f, 0xa2, 0xbc, 0x7d, 0x17, 0xf8, 0x9f, 0xdc, 0x2e, 0x79,
-    0x65, 0xff, 0xfc, 0x12, 0x73, 0x67, 0x78, 0xd8, 0x29, 0x67, 0xd8, 0xeb,
-    0x2e, 0x6e, 0x96, 0x5f, 0xff, 0x4b, 0x69, 0xe7, 0x13, 0xc6, 0xdd, 0xea,
-    0x74, 0xef, 0xcf, 0xac, 0xa9, 0x1f, 0xf0, 0x05, 0xef, 0xff, 0x16, 0xdf,
-    0x86, 0xf7, 0x18, 0xba, 0x92, 0xcb, 0xff, 0xb3, 0xcd, 0x85, 0xfc, 0xf4,
-    0x0d, 0x65, 0xff, 0xbc, 0x6c, 0x14, 0xb3, 0xec, 0x75, 0x97, 0xfc, 0x6c,
-    0x14, 0xb3, 0xec, 0x75, 0x97, 0xc1, 0x27, 0x36, 0x71, 0xfb, 0x78, 0xfa,
-    0xfd, 0xa0, 0x37, 0xe1, 0x65, 0x1c, 0xf8, 0x82, 0x77, 0x7e, 0xcd, 0x66,
-    0x4c, 0xb2, 0xc2, 0xf1, 0x56, 0xd9, 0xcc, 0xbf, 0x0d, 0xb7, 0x22, 0x24,
-    0xae, 0x46, 0x32, 0x21, 0x15, 0xfb, 0x5d, 0xbb, 0xf6, 0xa8, 0xac, 0x97,
-    0xfe, 0x79, 0x0b, 0xcd, 0x76, 0xef, 0xda, 0xa2, 0x6e, 0x58, 0x5e, 0x22,
-    0x10, 0xe6, 0xd5, 0xda, 0x64, 0xad, 0x0f, 0xbb, 0xee, 0xdd, 0xfb, 0x54,
-    0x4a, 0xcb, 0xff, 0xed, 0x6c, 0x51, 0xa7, 0x19, 0x3e, 0xa3, 0x7a, 0xca,
-    0xd2, 0x20, 0x02, 0x61, 0x7f, 0xce, 0xd2, 0x62, 0x0c, 0x1d, 0x65, 0xf4,
-    0x0d, 0xfe, 0xb2, 0xf6, 0x9b, 0xa5, 0x94, 0xb2, 0xff, 0x34, 0x98, 0x83,
-    0x07, 0x59, 0x7e, 0x27, 0x6e, 0xbb, 0x39, 0xbc, 0x70, 0xba, 0x24, 0x5b,
-    0xf8, 0x87, 0x75, 0x66, 0xff, 0x43, 0x14, 0x4a, 0x37, 0x56, 0x5f, 0x04,
-    0x78, 0x6a, 0xcb, 0xe3, 0xbc, 0x85, 0xe2, 0x73, 0x1d, 0x91, 0xb4, 0x3b,
-    0x78, 0x65, 0x3e, 0x67, 0x7e, 0x16, 0xf3, 0x73, 0x16, 0x5f, 0x85, 0xe4,
-    0xa0, 0x0b, 0x28, 0x5a, 0x2f, 0xb6, 0x6b, 0x91, 0x55, 0xff, 0xbd, 0x82,
-    0xf3, 0x4d, 0xb3, 0x9d, 0x65, 0xfc, 0x29, 0x73, 0xea, 0x38, 0xb2, 0xff,
-    0xf4, 0xf5, 0x3d, 0x8a, 0x79, 0x8f, 0x26, 0xcd, 0x62, 0xcb, 0xff, 0x37,
-    0x02, 0x72, 0x6d, 0xe1, 0x75, 0x97, 0xff, 0xdf, 0x89, 0x30, 0x35, 0x9f,
-    0x72, 0x79, 0x2c, 0xbf, 0xa0, 0x9f, 0xb7, 0xdc, 0x59, 0x7c, 0x1d, 0xd1,
-    0xc2, 0xcb, 0xfe, 0x8e, 0xe3, 0x4d, 0xe8, 0xed, 0x65, 0x49, 0x31, 0x9e,
-    0x8f, 0xce, 0x9b, 0xf2, 0xff, 0x12, 0xdb, 0x4b, 0x2f, 0xfc, 0x0f, 0x67,
-    0xe0, 0xbd, 0x3f, 0x8b, 0x28, 0x67, 0xa2, 0x11, 0x1b, 0xee, 0xdd, 0xfb,
-    0x54, 0x4b, 0x8b, 0xff, 0xef, 0xe0, 0xe3, 0xf1, 0x22, 0x8d, 0x38, 0xd6,
-    0x56, 0x8f, 0xf7, 0x86, 0x17, 0xe9, 0x67, 0xb7, 0x76, 0x59, 0x7d, 0xed,
-    0x37, 0x4b, 0x2f, 0xf3, 0xcb, 0xc5, 0x07, 0xe2, 0xcb, 0xff, 0x9b, 0x81,
-    0x37, 0x98, 0x76, 0xfc, 0x2c, 0xa6, 0x3f, 0x67, 0x32, 0xbf, 0x4a, 0x7d,
-    0xbe, 0xeb, 0x2e, 0x9f, 0x85, 0x97, 0xff, 0x14, 0x9c, 0x6f, 0x12, 0x82,
-    0x75, 0x95, 0x07, 0xb3, 0x83, 0x37, 0xe2, 0x8e, 0xdf, 0x4b, 0x2f, 0xff,
-    0xec, 0x0f, 0x7f, 0x82, 0x89, 0x38, 0xe3, 0xad, 0x32, 0xcb, 0xff, 0x71,
-    0x88, 0x3e, 0x9f, 0x6d, 0xe7, 0x59, 0x7f, 0xff, 0xfc, 0x59, 0xee, 0x60,
-    0xdc, 0x70, 0x4f, 0xd7, 0xf3, 0x91, 0xce, 0x3f, 0xd6, 0x5e, 0x62, 0x85,
-    0x95, 0x24, 0xfe, 0xc7, 0x08, 0x36, 0x20, 0xdc, 0x27, 0x3a, 0xd1, 0x21,
-    0xef, 0x7a, 0xbf, 0xd9, 0xef, 0xb6, 0x9f, 0x8b, 0x2f, 0xff, 0xbc, 0xc5,
-    0x12, 0xc1, 0xe4, 0xb0, 0x80, 0xb2, 0xfc, 0xc0, 0x03, 0x74, 0xb2, 0xff,
-    0xa3, 0xee, 0xd2, 0x63, 0x61, 0x65, 0xff, 0xc4, 0x19, 0x7d, 0xe5, 0x9d,
-    0x4a, 0x16, 0x5f, 0xfc, 0x19, 0x13, 0x4a, 0x3c, 0x41, 0x92, 0xcb, 0xf4,
-    0x70, 0x07, 0xf2, 0xca, 0x63, 0xeb, 0xfa, 0x1d, 0x0d, 0x30, 0x7e, 0x1b,
-    0xfa, 0x15, 0xf6, 0xed, 0x65, 0x42, 0x78, 0x78, 0x98, 0xf1, 0x97, 0x80,
-    0xda, 0xfe, 0x97, 0xf0, 0xb3, 0xb5, 0x97, 0xa5, 0xff, 0x2c, 0xa6, 0x3c,
-    0xaf, 0x96, 0xdf, 0x75, 0xf8, 0xed, 0x65, 0xbf, 0x07, 0x8a, 0xe4, 0x37,
-    0xff, 0x13, 0x03, 0x9a, 0x86, 0x93, 0xf1, 0x65, 0xfc, 0xfd, 0x01, 0xdf,
-    0x4b, 0x2b, 0x11, 0x2a, 0xc4, 0xdc, 0x42, 0xbf, 0xb4, 0xc7, 0x27, 0x92,
-    0xcb, 0xff, 0x75, 0x2c, 0xf6, 0x6b, 0xb8, 0xc5, 0x97, 0x9e, 0x42, 0xe7,
-    0x86, 0x51, 0xf0, 0xa8, 0x63, 0x11, 0xb7, 0xca, 0x13, 0xb9, 0x09, 0xfe,
-    0x88, 0x98, 0xb3, 0xf0, 0x99, 0x79, 0x43, 0x64, 0xdb, 0xc8, 0xfd, 0x7d,
-    0x1b, 0x28, 0x4b, 0xb7, 0x4b, 0x2f, 0xfc, 0x13, 0x8b, 0xe4, 0x17, 0xb3,
-    0x4b, 0x2f, 0xff, 0xd9, 0xf1, 0x7c, 0x8f, 0x46, 0xf8, 0x2e, 0xdf, 0x8b,
-    0x2f, 0xf8, 0x78, 0x2e, 0x34, 0xdf, 0x0a, 0xcb, 0xff, 0x87, 0x02, 0xf7,
-    0x73, 0xa9, 0x7e, 0x38, 0xb2, 0xc2, 0xd9, 0x99, 0x42, 0x7a, 0x53, 0xf7,
-    0x23, 0x07, 0xf2, 0x00, 0x56, 0x37, 0x9d, 0x5f, 0xfc, 0x2d, 0xe4, 0x2f,
-    0x35, 0xdb, 0xbf, 0x6a, 0x88, 0xed, 0x7f, 0xfc, 0x18, 0xea, 0x4c, 0x73,
-    0x30, 0x87, 0xf8, 0x59, 0x7f, 0xff, 0xf1, 0xe3, 0xbe, 0xfe, 0xd3, 0x7d,
-    0x88, 0x6f, 0xa8, 0x34, 0xd0, 0xec, 0xb2, 0xe0, 0x88, 0xb2, 0xf8, 0x9d,
-    0xfa, 0x59, 0x7d, 0xd7, 0x98, 0xc5, 0x95, 0x07, 0x8a, 0x72, 0x1b, 0xb6,
-    0x16, 0x34, 0xd1, 0x71, 0x40, 0xee, 0xe2, 0x2e, 0xdf, 0xff, 0xe7, 0x00,
-    0xb1, 0x23, 0x6c, 0xf4, 0x13, 0x03, 0x3a, 0xf2, 0xcb, 0xf7, 0x1b, 0x7f,
-    0xf7, 0xac, 0xb8, 0xb8, 0xb2, 0xfb, 0xf9, 0x21, 0x70, 0x78, 0x4e, 0x59,
-    0x58, 0x99, 0x5c, 0xc9, 0xbe, 0x85, 0x2d, 0xe1, 0x4c, 0xe1, 0xac, 0xbf,
-    0xe1, 0x4c, 0xfe, 0x1a, 0xde, 0x28, 0x59, 0x7f, 0x0a, 0x0a, 0x3b, 0xc2,
-    0x59, 0x70, 0x7e, 0xb2, 0xfe, 0x14, 0x96, 0x7d, 0xfc, 0xb2, 0xc6, 0x2c,
-    0xbe, 0xc3, 0xea, 0x16, 0x5f, 0xb0, 0x98, 0x02, 0x2c, 0xa2, 0x3c, 0x8e,
-    0x10, 0xde, 0xcd, 0x42, 0xcb, 0xe0, 0xee, 0x8e, 0x16, 0x5f, 0xff, 0xa4,
-    0xc3, 0xfb, 0x6f, 0x9d, 0x83, 0xd3, 0x07, 0xb5, 0x97, 0xd1, 0xa8, 0xd2,
-    0xca, 0x14, 0x26, 0x6c, 0xcb, 0x5a, 0x21, 0xf8, 0xdf, 0x89, 0x44, 0x5a,
-    0xbd, 0x34, 0x6c, 0xb2, 0xfa, 0x0b, 0xdc, 0x59, 0x76, 0x19, 0x06, 0xff,
-    0x83, 0xd7, 0xfe, 0xe7, 0xb3, 0xf0, 0x5e, 0xfb, 0x2c, 0xbf, 0xe8, 0xcf,
-    0x33, 0xed, 0x1a, 0x59, 0x70, 0x87, 0x59, 0x58, 0x88, 0xc0, 0x1e, 0xf8,
-    0xde, 0xe9, 0xeb, 0x8b, 0x2f, 0xe0, 0x16, 0x75, 0xec, 0x59, 0x76, 0xdb,
-    0x8b, 0x2f, 0xfe, 0xdf, 0x03, 0xf6, 0x43, 0x7a, 0x26, 0x59, 0x7c, 0x6f,
-    0xf0, 0x0b, 0x2f, 0xe7, 0x33, 0x3d, 0x1d, 0xac, 0xa7, 0x3d, 0x12, 0x23,
-    0xbf, 0x88, 0x0f, 0xa7, 0x11, 0x65, 0xff, 0xf4, 0x7a, 0x3d, 0x3b, 0xdf,
-    0xc2, 0x7d, 0x1a, 0xb2, 0xa7, 0x84, 0xe6, 0x20, 0x73, 0x62, 0xd6, 0x1b,
-    0xd4, 0x25, 0x9c, 0x80, 0x8b, 0x6f, 0xff, 0xbf, 0x38, 0xb1, 0xb4, 0xdb,
-    0x39, 0xce, 0xcb, 0x2f, 0xff, 0xfe, 0xfb, 0x8c, 0x9e, 0x77, 0x3f, 0x1c,
-    0x9c, 0x17, 0x9d, 0x2c, 0xdf, 0x0b, 0x2f, 0x8d, 0x2c, 0x92, 0xca, 0xfa,
-    0x26, 0x89, 0xe2, 0xff, 0xf1, 0x61, 0xbf, 0x79, 0x7c, 0xc7, 0x10, 0xeb,
-    0x2a, 0x0f, 0xbb, 0x08, 0xa9, 0x93, 0x78, 0xfc, 0x6b, 0x17, 0xed, 0x6a,
-    0x37, 0xf1, 0x65, 0xff, 0x9b, 0x53, 0xb8, 0x58, 0x78, 0xed, 0x65, 0xfe,
-    0x0f, 0x99, 0xf7, 0xbc, 0x96, 0x5f, 0xcf, 0xbc, 0x78, 0x46, 0xac, 0xb4,
-    0x11, 0xf1, 0x88, 0x69, 0x7f, 0xff, 0xf0, 0x20, 0xbb, 0x7f, 0x3f, 0x40,
-    0x9d, 0x84, 0xd0, 0x1f, 0xfe, 0x16, 0x5f, 0xf8, 0x83, 0x29, 0xd8, 0xc5,
-    0x07, 0x59, 0x7f, 0x72, 0x4d, 0xdb, 0xe9, 0x65, 0xe7, 0x7e, 0xd5, 0x15,
-    0x0a, 0xff, 0xf3, 0x6f, 0xc6, 0x2c, 0xd4, 0x77, 0x1a, 0x59, 0x63, 0xac,
-    0xbd, 0x81, 0xf1, 0x1e, 0xd0, 0x52, 0x6a, 0x11, 0xc7, 0xd9, 0x76, 0xa1,
-    0x07, 0x7f, 0x44, 0xd2, 0x0f, 0x52, 0x59, 0x7f, 0xc0, 0xe4, 0xee, 0x01,
-    0xf2, 0x65, 0x97, 0xf6, 0xeb, 0x90, 0xc4, 0xe9, 0x65, 0x31, 0xf7, 0x39,
-    0xe5, 0xfc, 0x1e, 0xd8, 0xd7, 0xed, 0x65, 0xf6, 0xbb, 0x08, 0x16, 0x5f,
-    0xd8, 0x4f, 0xad, 0x32, 0xcb, 0x63, 0x1e, 0x7f, 0xc9, 0x2a, 0x4b, 0x89,
-    0x18, 0x52, 0x69, 0x57, 0x70, 0xa3, 0xe8, 0x9d, 0x9c, 0xb5, 0x19, 0x09,
-    0xcd, 0x7f, 0x09, 0xe2, 0x20, 0xe3, 0xfd, 0xed, 0xc7, 0x85, 0x96, 0xc5,
-    0x97, 0xff, 0xcc, 0x78, 0xee, 0x77, 0x7f, 0x6d, 0xd8, 0x3c, 0x2c, 0xbf,
-    0xf8, 0x2f, 0xb7, 0x31, 0xbb, 0xef, 0x37, 0xac, 0xa9, 0x22, 0xb7, 0xe2,
-    0x04, 0xab, 0x7f, 0xd2, 0xf3, 0x69, 0xfb, 0x62, 0x59, 0x78, 0x1c, 0xc5,
-    0x97, 0xfb, 0x81, 0x99, 0xc6, 0xf3, 0x2c, 0xbf, 0xff, 0xb8, 0x63, 0xee,
-    0xf1, 0xb5, 0x37, 0x20, 0xef, 0xd7, 0x96, 0x5f, 0xd1, 0xdb, 0x14, 0x49,
-    0x65, 0xff, 0x4e, 0x86, 0x2c, 0x3e, 0xa1, 0x65, 0xed, 0x37, 0x4b, 0x2a,
-    0x49, 0x99, 0xf4, 0x39, 0x31, 0xa9, 0xd8, 0x78, 0x59, 0xe3, 0x8b, 0xf1,
-    0x6c, 0x08, 0x11, 0x65, 0xfd, 0x2d, 0xc8, 0xf4, 0x12, 0xcb, 0x46, 0x1e,
-    0xc6, 0xe9, 0x4d, 0xfa, 0x45, 0x07, 0x35, 0x65, 0xff, 0xc7, 0xcd, 0x16,
-    0x36, 0xf6, 0xd3, 0xac, 0xae, 0x8f, 0xad, 0xca, 0x2f, 0xff, 0xcd, 0xa9,
-    0xd9, 0xe0, 0xc6, 0x6d, 0xfc, 0x69, 0x2c, 0xbf, 0xf1, 0x64, 0xde, 0xfe,
-    0x69, 0xb8, 0xb2, 0xff, 0xc7, 0x9c, 0x77, 0xf4, 0xef, 0xfb, 0x4b, 0x2f,
-    0xf4, 0x1f, 0x1b, 0x41, 0xdc, 0x59, 0x4e, 0x7f, 0x21, 0x44, 0xaf, 0xa3,
-    0x60, 0xa1, 0x6f, 0x7e, 0xe8, 0x98, 0xec, 0xb2, 0xf6, 0xd8, 0x62, 0xcb,
-    0xd9, 0xaf, 0xac, 0xb4, 0x0a, 0x0d, 0xd7, 0x63, 0xd7, 0xd3, 0xe1, 0xdd,
-    0x85, 0x95, 0x0a, 0x8a, 0xc6, 0x45, 0x91, 0x97, 0x31, 0x3e, 0x98, 0x42,
-    0x57, 0x7f, 0x79, 0xff, 0x38, 0x70, 0xb2, 0xff, 0xbd, 0xc1, 0x38, 0xfd,
-    0x4b, 0x16, 0x5f, 0xe7, 0x94, 0xee, 0x04, 0x0e, 0xb2, 0xfa, 0x3f, 0x1b,
-    0x2c, 0xb3, 0x0c, 0xf5, 0xfe, 0x6b, 0x50, 0x8e, 0x8c, 0x2f, 0x0c, 0x24,
-    0xaf, 0xdc, 0x6f, 0xe0, 0xd6, 0x5f, 0xa5, 0x1e, 0xcd, 0x96, 0x56, 0xe1,
-    0xe7, 0xe8, 0x9e, 0xf7, 0x5e, 0xc5, 0x97, 0xf7, 0x18, 0xbb, 0xfc, 0x2c,
-    0xac, 0x3e, 0xfd, 0x12, 0xf8, 0x76, 0xf9, 0xa7, 0xdb, 0xeb, 0x2f, 0xfd,
-    0x9e, 0xe6, 0xb2, 0x6f, 0xb1, 0xab, 0x2f, 0xff, 0xe6, 0xe0, 0x32, 0x45,
-    0x00, 0x7f, 0xf5, 0x2c, 0xf2, 0xcb, 0xff, 0xbb, 0x6d, 0x69, 0xe4, 0xfd,
-    0x87, 0xa5, 0x97, 0xfd, 0x86, 0xe1, 0xda, 0x7e, 0x0e, 0xb2, 0xb4, 0x8d,
-    0xcf, 0xad, 0x12, 0x3d, 0xff, 0x4e, 0x72, 0xcd, 0xd9, 0xdf, 0x0a, 0xcb,
-    0xf1, 0x8d, 0xac, 0x35, 0x65, 0x42, 0xa0, 0x5c, 0x2e, 0x62, 0x47, 0x8c,
-    0x70, 0x25, 0xe2, 0x1f, 0xdf, 0xf7, 0x9b, 0x8c, 0x11, 0x58, 0xe1, 0x65,
-    0xd1, 0xd2, 0xcb, 0xfa, 0x3d, 0x84, 0xfb, 0x8b, 0x2f, 0xc0, 0x14, 0x6d,
-    0x86, 0x2c, 0xa6, 0x45, 0x7e, 0x8f, 0x00, 0x2e, 0x45, 0xd7, 0x0a, 0x05,
-    0x2b, 0x2f, 0xfc, 0xe5, 0xdf, 0xb3, 0xfe, 0xf0, 0x56, 0x53, 0x1e, 0xf0,
-    0x47, 0xef, 0xe8, 0xd6, 0xd1, 0xad, 0x96, 0x5f, 0x07, 0x68, 0x92, 0xca,
-    0x91, 0xe9, 0x70, 0xbe, 0xff, 0xdc, 0xc2, 0xf7, 0x32, 0x4d, 0xf5, 0x97,
-    0xf7, 0x33, 0x79, 0x47, 0x4b, 0x2e, 0x0f, 0xd6, 0x57, 0x11, 0x07, 0xe3,
-    0xd9, 0xf2, 0xfb, 0xff, 0xe8, 0x06, 0x14, 0xe7, 0xf4, 0xef, 0xe0, 0x1d,
-    0x65, 0xc5, 0xb2, 0xca, 0x84, 0xd0, 0x32, 0x14, 0xac, 0x66, 0x4a, 0x37,
-    0xf8, 0x78, 0x79, 0xdc, 0x7f, 0xac, 0xbc, 0x18, 0xe2, 0xca, 0x63, 0xd1,
-    0xf9, 0xad, 0xdc, 0x92, 0xcb, 0xff, 0xdf, 0x83, 0x93, 0x9a, 0x58, 0x0e,
-    0x80, 0xb2, 0xfe, 0xde, 0xe7, 0xf9, 0x8e, 0xb2, 0xff, 0xff, 0x34, 0x79,
-    0xfe, 0x2f, 0x9f, 0xc2, 0xf4, 0xe0, 0x4b, 0x8b, 0x2f, 0xf9, 0x89, 0xb3,
-    0xb8, 0xf7, 0x16, 0x54, 0x93, 0x15, 0x64, 0xa2, 0x30, 0xf3, 0x25, 0xee,
-    0x07, 0x4b, 0x2f, 0x37, 0xd9, 0x65, 0xfd, 0xa7, 0x20, 0x02, 0x16, 0x54,
-    0x27, 0xdb, 0xb1, 0x0e, 0x46, 0x58, 0xc7, 0x8e, 0x3a, 0x20, 0xdd, 0xfe,
-    0x2c, 0xf7, 0x00, 0xdd, 0x2c, 0xbf, 0x16, 0x0c, 0x9d, 0x65, 0x48, 0xf6,
-    0x30, 0xce, 0xec, 0xde, 0xb2, 0xfd, 0x07, 0x7e, 0xbc, 0xb2, 0xec, 0xd9,
-    0x65, 0xff, 0xc3, 0xe6, 0x68, 0xb0, 0x1c, 0xcd, 0x2c, 0xaf, 0xa2, 0x6b,
-    0x83, 0x1e, 0x28, 0x08, 0xbd, 0xfb, 0x3b, 0x0b, 0xec, 0xb2, 0xbe, 0x7c,
-    0xc4, 0x7b, 0x7f, 0xfd, 0xa2, 0x0f, 0x45, 0x8d, 0xae, 0xff, 0x1c, 0x59,
-    0x7f, 0xff, 0x76, 0xff, 0xc9, 0x46, 0xa0, 0x1a, 0x81, 0x1c, 0x96, 0x54,
-    0x22, 0xab, 0x14, 0x2f, 0xb6, 0x72, 0xde, 0xb2, 0xfe, 0x06, 0x17, 0xc2,
-    0x4b, 0x2b, 0x0f, 0x41, 0xc9, 0x2f, 0xff, 0xff, 0xe9, 0x4e, 0xf7, 0xda,
-    0x39, 0x3b, 0x03, 0xdc, 0x6f, 0x9d, 0x9a, 0xd6, 0x6f, 0x0b, 0xfd, 0x65,
-    0xf7, 0xa7, 0x81, 0x4c, 0xf4, 0xb2, 0xa1, 0x18, 0x99, 0x09, 0x3b, 0xef,
-    0x93, 0xee, 0xac, 0xbe, 0x3b, 0x6e, 0xc2, 0xca, 0x85, 0x75, 0xf9, 0x19,
-    0x0f, 0xe1, 0x96, 0x4e, 0x3c, 0x87, 0x27, 0x89, 0x82, 0x49, 0x7f, 0x9f,
-    0xae, 0x31, 0xe3, 0xb5, 0x97, 0xb3, 0x38, 0xb2, 0xe8, 0xd2, 0xcb, 0x6c,
-    0x33, 0x62, 0xe3, 0x77, 0x84, 0x9f, 0x75, 0x97, 0xff, 0xe6, 0xdb, 0xee,
-    0xde, 0x8f, 0xb7, 0xb9, 0x83, 0x59, 0x7f, 0xd3, 0xb3, 0xec, 0xfe, 0xfc,
-    0x2c, 0xad, 0xc4, 0x46, 0x92, 0xa5, 0x7d, 0x1a, 0x4f, 0x0a, 0xda, 0x74,
-    0xc8, 0x03, 0x0f, 0x9b, 0xff, 0x6f, 0x79, 0x61, 0x0c, 0xa2, 0x4b, 0x2e,
-    0xda, 0x16, 0x56, 0x1e, 0xa8, 0x4f, 0xaf, 0xb3, 0xe7, 0x85, 0x94, 0x47,
-    0x85, 0xc2, 0x1b, 0xcc, 0x64, 0xcb, 0x2f, 0xf9, 0xfe, 0xdc, 0xe0, 0x5c,
-    0x0b, 0x28, 0x67, 0xac, 0xe3, 0xd6, 0x17, 0x3d, 0xba, 0x39, 0x69, 0xe8,
-    0x8c, 0x52, 0x7f, 0x3c, 0x18, 0x0a, 0x05, 0xe2, 0x36, 0x6d, 0xa1, 0x37,
-    0x28, 0x5c, 0x0e, 0x3c, 0x7c, 0x9e, 0x2c, 0x36, 0x15, 0x7d, 0xc3, 0x2f,
-    0xa2, 0xf6, 0x8d, 0xae, 0x68, 0x59, 0x6a, 0x55, 0xf9, 0xe3, 0x44, 0xfc,
-    0xaf, 0x67, 0x8c, 0x2c, 0x10, 0x99, 0x28, 0xec, 0xf9, 0x29, 0xf7, 0xd3,
-    0x8c, 0x61, 0x73, 0x9f, 0x8e, 0x14, 0x48, 0x5f, 0xee, 0xbb, 0xde, 0x26,
-    0x31, 0x65, 0xf7, 0x6e, 0xfd, 0xaa, 0x2a, 0x85, 0xfe, 0xd4, 0x6f, 0xea,
-    0x59, 0xe5, 0x95, 0xa3, 0xe6, 0x09, 0x85, 0xfe, 0x36, 0x3d, 0xcd, 0xf8,
-    0x35, 0x97, 0xfe, 0x79, 0x0b, 0xcd, 0x76, 0xef, 0xda, 0xa2, 0x6b, 0x5f,
-    0xf7, 0xe0, 0xfc, 0xe3, 0x97, 0x6b, 0x2f, 0xa3, 0x51, 0xe5, 0x97, 0x3f,
-    0x96, 0x50, 0xcd, 0xb9, 0xc8, 0x6f, 0xf9, 0xfa, 0xe1, 0x34, 0x08, 0x75,
-    0x97, 0xf8, 0x9f, 0xdc, 0x9b, 0xec, 0xb2, 0xc2, 0xe4, 0xa8, 0x97, 0x21,
-    0x04, 0x69, 0x11, 0xcd, 0xbe, 0x9c, 0xee, 0x00, 0x21, 0x10, 0xe6, 0xff,
-    0xfb, 0x71, 0x87, 0x87, 0x9d, 0xec, 0xdc, 0x6d, 0xfc, 0x59, 0x7e, 0xd7,
-    0x6e, 0xfd, 0xaa, 0x2a, 0xc5, 0xed, 0x41, 0xd6, 0x5f, 0xf4, 0x4a, 0x35,
-    0xb4, 0x6b, 0x65, 0x97, 0xff, 0x41, 0x0e, 0x37, 0xcc, 0xdb, 0xc8, 0x0b,
-    0x2c, 0x2e, 0x13, 0x2c, 0xc5, 0x9d, 0x1b, 0x10, 0xe7, 0x8e, 0xaf, 0x8b,
-    0x02, 0x2b, 0x59, 0x7f, 0x75, 0xe8, 0xfb, 0xee, 0x2c, 0xbf, 0x3f, 0xf3,
-    0x58, 0xb2, 0xa0, 0xf5, 0xdc, 0xc6, 0xfe, 0xd0, 0x66, 0xe4, 0x79, 0x65,
-    0x42, 0x32, 0xfe, 0xf8, 0x12, 0x0b, 0xff, 0x81, 0x84, 0x2e, 0x40, 0xe6,
-    0xce, 0x4b, 0x28, 0x59, 0xfa, 0xc1, 0x7d, 0xfc, 0x36, 0x0f, 0xb3, 0x8b,
-    0x2f, 0xe6, 0x3b, 0x7b, 0xf0, 0xb2, 0xfa, 0x26, 0x8e, 0x96, 0x57, 0xcf,
-    0x3f, 0x85, 0x97, 0xed, 0x76, 0xef, 0xda, 0xa2, 0x44, 0x5f, 0x7b, 0x4d,
-    0xd2, 0xcb, 0xff, 0x66, 0xeb, 0x6d, 0xd6, 0x6b, 0x4e, 0xb2, 0xe9, 0x0b,
-    0xc4, 0x4d, 0xb1, 0xb6, 0xf2, 0x3b, 0xfb, 0x68, 0xd7, 0xdd, 0x96, 0x58,
-    0x5c, 0xf6, 0x9d, 0x26, 0x3e, 0x3c, 0x2f, 0x78, 0x7d, 0x7e, 0xd7, 0x6e,
-    0xfd, 0xaa, 0x2d, 0x25, 0xff, 0x9e, 0x42, 0xf3, 0x5d, 0xbb, 0xf6, 0xa8,
-    0x9f, 0x56, 0x17, 0x88, 0x84, 0x39, 0xb5, 0xff, 0xe1, 0x67, 0x79, 0x0b,
-    0xcd, 0x76, 0xef, 0xda, 0xa2, 0x84, 0x5f, 0xfd, 0x86, 0x0b, 0xf1, 0xaf,
-    0xc6, 0xf4, 0x2c, 0xbf, 0x78, 0x3d, 0xbf, 0x16, 0x5d, 0x1a, 0x59, 0x7f,
-    0xf4, 0x1c, 0x3a, 0xed, 0xd8, 0x71, 0x32, 0xcb, 0x36, 0xc7, 0xb7, 0x30,
-    0xb5, 0x1d, 0x15, 0xbf, 0x84, 0x25, 0xfb, 0x5d, 0xbb, 0xf6, 0xa8, 0xa3,
-    0xd7, 0x0f, 0x16, 0x5f, 0x36, 0x03, 0x8b, 0x2e, 0x7e, 0xd6, 0x5b, 0x06,
-    0x6e, 0x37, 0x48, 0x6f, 0xfa, 0x25, 0x1a, 0xda, 0x35, 0xb2, 0xcb, 0xff,
-    0xff, 0xfc, 0x23, 0x6a, 0x68, 0xfe, 0xb3, 0xee, 0x27, 0x30, 0xd7, 0x20,
-    0x41, 0x44, 0xdf, 0x85, 0x97, 0xe7, 0xe3, 0x7a, 0x16, 0x5f, 0xf4, 0x4d,
-    0x05, 0x13, 0x7e, 0x16, 0x54, 0x23, 0xb4, 0xd8, 0x47, 0x91, 0x35, 0xf1,
-    0xf6, 0xc3, 0x16, 0x5f, 0xff, 0x87, 0xf8, 0x10, 0x5f, 0x89, 0xc1, 0xce,
-    0x40, 0x12, 0x54, 0x1f, 0xe6, 0x12, 0x5e, 0x79, 0x0b, 0x85, 0x59, 0x98,
-    0x51, 0x31, 0xb6, 0x93, 0x88, 0xa7, 0xd1, 0x93, 0xcf, 0xc2, 0xc2, 0xff,
-    0xec, 0xf8, 0xbf, 0x1a, 0xfc, 0x6f, 0x42, 0xcb, 0x0b, 0xd9, 0x72, 0x2c,
-    0xf2, 0xf0, 0x3d, 0x08, 0x5a, 0x87, 0xc3, 0x32, 0xda, 0x99, 0xa9, 0x27,
-    0x3c, 0x95, 0x8c, 0x6d, 0xa3, 0xcc, 0xee, 0x70, 0xaf, 0xa8, 0xeb, 0x1a,
-    0x39, 0x09, 0xa3, 0xc7, 0xfc, 0x34, 0x80, 0x55, 0xe9, 0xce, 0x7b, 0xff,
-    0xe3, 0x3b, 0x9e, 0x85, 0x20, 0x15, 0xea, 0x78, 0x9d, 0x3b, 0xf3, 0xeb,
-    0x2f, 0xff, 0xfd, 0xbb, 0xe1, 0x40, 0xce, 0x28, 0x26, 0x15, 0x5e, 0x15,
-    0xea, 0x78, 0x9d, 0x3b, 0xf3, 0xeb, 0x2b, 0xe8, 0xfe, 0x31, 0xba, 0xff,
-    0xef, 0xc3, 0x69, 0x85, 0x7d, 0xfe, 0x0c, 0x59, 0x7f, 0xee, 0x0a, 0xd8,
-    0xd9, 0xd3, 0xbf, 0x3e, 0x2e, 0x0f, 0xb7, 0xb2, 0x4b, 0xff, 0xff, 0xfd,
-    0xba, 0x2b, 0x63, 0x67, 0x4e, 0xfc, 0xf8, 0xb8, 0xf9, 0x9d, 0xcf, 0x42,
-    0x90, 0x0a, 0xf5, 0x3c, 0x4e, 0x9d, 0xf9, 0xf5, 0x97, 0xed, 0x76, 0xef,
-    0xda, 0xa2, 0x22, 0x5f, 0xee, 0x06, 0x26, 0xf3, 0x6f, 0x59, 0x61, 0x78,
-    0x7d, 0x93, 0x1b, 0x5f, 0xd9, 0xae, 0xdd, 0xfb, 0x54, 0x45, 0x6b, 0xfe,
-    0xdc, 0x17, 0x9a, 0xed, 0xdf, 0xb5, 0x45, 0x70, 0xa1, 0x68, 0x87, 0x73,
-    0xbb, 0xef, 0xbe, 0x99, 0x65, 0xfb, 0xc0, 0x10, 0xa4, 0xb2, 0xfc, 0x08,
-    0x2e, 0xc5, 0xc1, 0xe5, 0x39, 0x0d, 0xd3, 0x6e, 0x2c, 0xbf, 0x89, 0xbb,
-    0xf4, 0x49, 0x65, 0x85, 0xec, 0x79, 0x1a, 0x1b, 0xb3, 0x74, 0x8b, 0x20,
-    0x42, 0x1e, 0xff, 0x0a, 0x67, 0xa2, 0x8e, 0xdf, 0xa5, 0x97, 0xd9, 0xf7,
-    0xf2, 0xcb, 0xfd, 0x8d, 0xa0, 0x00, 0x3c, 0x59, 0x61, 0x49, 0x1e, 0xa7,
-    0x08, 0x6f, 0xff, 0xff, 0xf4, 0xf5, 0x3d, 0x8a, 0x63, 0x9f, 0xc3, 0x70,
-    0x65, 0x9b, 0x34, 0xb9, 0x03, 0x8f, 0x93, 0xee, 0x2c, 0xbf, 0xb5, 0x1e,
-    0x72, 0xc5, 0x97, 0xff, 0xee, 0x37, 0xdd, 0xa4, 0xc5, 0xe0, 0xff, 0x58,
-    0xb2, 0x98, 0xff, 0xbc, 0x57, 0x7f, 0x40, 0x39, 0xe2, 0x85, 0x97, 0xf9,
-    0xdc, 0xd3, 0x1f, 0x5c, 0x59, 0x7f, 0xfe, 0xfe, 0x16, 0x1b, 0xf7, 0x97,
-    0xcc, 0x71, 0x0e, 0xb2, 0xfb, 0xb7, 0x7e, 0xd5, 0x14, 0xf2, 0xff, 0xfc,
-    0xda, 0xfb, 0xc6, 0xf2, 0xce, 0x61, 0x31, 0xd6, 0x5f, 0xf8, 0xa3, 0x7b,
-    0x7a, 0x51, 0x84, 0xb2, 0xa4, 0x98, 0xbe, 0x95, 0xfe, 0x61, 0xe5, 0x3b,
-    0xfc, 0x30, 0x4e, 0x8d, 0xc8, 0x92, 0xcb, 0xfc, 0x76, 0x18, 0x5f, 0x52,
-    0x59, 0x71, 0xd9, 0x65, 0x41, 0xe4, 0xf6, 0x67, 0x7f, 0xff, 0x47, 0xb8,
-    0x13, 0xf6, 0xc0, 0x8c, 0xfb, 0x07, 0xb5, 0x97, 0x37, 0x16, 0x5f, 0xd0,
-    0x7e, 0x43, 0x6c, 0xb2, 0xa4, 0x89, 0xfc, 0x5c, 0xf0, 0xb5, 0xff, 0xfc,
-    0xfa, 0x7f, 0xf5, 0x2c, 0xf6, 0x10, 0x7c, 0x13, 0x56, 0x5f, 0x4a, 0x33,
-    0x65, 0x97, 0xff, 0xed, 0x07, 0x5a, 0x82, 0xc3, 0x5b, 0xff, 0xc1, 0x16,
-    0x58, 0x6b, 0x2f, 0x69, 0xba, 0x59, 0x5d, 0xa6, 0x05, 0xd2, 0xe6, 0x88,
-    0x8e, 0xad, 0xe1, 0x1b, 0xcc, 0x5e, 0x59, 0x7f, 0xf3, 0xc8, 0x5b, 0x8f,
-    0x25, 0xf8, 0xed, 0x65, 0xfc, 0x31, 0x08, 0x4e, 0xb8, 0xb2, 0xff, 0xb4,
-    0xfb, 0x0c, 0x2f, 0xa9, 0x2c, 0xa8, 0x3e, 0xb6, 0x31, 0xbf, 0xec, 0x20,
-    0x41, 0xdb, 0x52, 0x59, 0x7f, 0x9b, 0x8c, 0x11, 0x58, 0xe1, 0x65, 0x48,
-    0xfb, 0x7c, 0x6f, 0x7f, 0xfc, 0x7c, 0x6f, 0x07, 0xd1, 0x26, 0x1e, 0x0d,
-    0x65, 0x31, 0xf8, 0x00, 0x8a, 0xfd, 0xad, 0xa3, 0x5b, 0x2c, 0xbf, 0x31,
-    0x78, 0x43, 0xac, 0xa8, 0x3d, 0x20, 0x15, 0x5f, 0xed, 0x44, 0x7b, 0x8d,
-    0xbd, 0x65, 0xfd, 0x1b, 0x38, 0xdf, 0xcb, 0x2a, 0x48, 0x82, 0x39, 0x0e,
-    0xe9, 0xa5, 0xf4, 0xe2, 0x79, 0x2c, 0xbf, 0x3e, 0x7d, 0x8e, 0xb2, 0xb8,
-    0x79, 0x3b, 0xc8, 0xea, 0x11, 0x41, 0x8f, 0x97, 0xf3, 0x79, 0xcd, 0xfb,
-    0x2c, 0xbf, 0xed, 0xee, 0x79, 0xc3, 0xfb, 0x1d, 0x65, 0xff, 0x14, 0x1e,
-    0x24, 0x58, 0x75, 0x97, 0xff, 0x8f, 0x1a, 0xda, 0x3a, 0xc0, 0x8a, 0xf0,
-    0x6b, 0x2f, 0xbd, 0x28, 0x35, 0x65, 0x49, 0x31, 0x2c, 0x2d, 0x63, 0xd7,
-    0x36, 0x11, 0x3e, 0xfd, 0xde, 0x31, 0x4c, 0xb2, 0xff, 0x17, 0x79, 0xbf,
-    0x3d, 0xc5, 0x97, 0xe1, 0x86, 0x35, 0xb2, 0xcb, 0x9c, 0xd5, 0x95, 0x07,
-    0xeb, 0x86, 0xba, 0x29, 0xbf, 0x3e, 0xd1, 0xa0, 0xac, 0xa9, 0xe1, 0x98,
-    0x74, 0x28, 0x84, 0x88, 0xa8, 0x57, 0x11, 0x8e, 0x48, 0x84, 0x65, 0x99,
-    0x1a, 0x59, 0xa7, 0xdd, 0xc2, 0x07, 0xa8, 0x60, 0xb4, 0x66, 0x33, 0x26,
-    0x9c, 0x6f, 0xf0, 0xb1, 0x78, 0x7e, 0x94, 0x72, 0xbc, 0x8c, 0xcf, 0xc9,
-    0x3b, 0xe1, 0x3b, 0x3e, 0x5b, 0x7f, 0xf9, 0xe4, 0x2c, 0x64, 0xe6, 0x73,
-    0x90, 0x05, 0x97, 0xff, 0x80, 0x00, 0xf0, 0x58, 0x84, 0xe7, 0x28, 0x59,
-    0x7f, 0xf1, 0x60, 0x1c, 0x80, 0x2c, 0xec, 0x75, 0x95, 0xa4, 0x48, 0x79,
-    0x32, 0xfc, 0xff, 0xfb, 0x4c, 0xb2, 0xff, 0xec, 0xe3, 0x10, 0x0b, 0x3d,
-    0xfc, 0x59, 0x7f, 0xe6, 0x20, 0x16, 0x7b, 0xf8, 0x2f, 0xe7, 0xd2, 0x21,
-    0x45, 0x0b, 0x56, 0x3a, 0x38, 0xd7, 0xda, 0x1b, 0x9c, 0x84, 0x65, 0xb1,
-    0x65, 0xf8, 0xa0, 0x22, 0xbe, 0x2c, 0xbf, 0x8d, 0xd3, 0x8d, 0xc9, 0x65,
-    0x0c, 0xfa, 0x30, 0x41, 0xca, 0xef, 0xfe, 0x61, 0xe9, 0xfa, 0x17, 0xad,
-    0x46, 0xcb, 0x28, 0x59, 0xfa, 0xfc, 0xb6, 0xd0, 0xb2, 0xfe, 0xe4, 0x76,
-    0x50, 0x35, 0x94, 0x33, 0x7a, 0xc2, 0x17, 0xff, 0xd1, 0xac, 0x93, 0x3f,
-    0xb0, 0x6c, 0x1e, 0xd2, 0x5c, 0x1e, 0x96, 0x57, 0xcf, 0x98, 0x93, 0xad,
-    0xda, 0xcb, 0xf4, 0x48, 0x01, 0x92, 0xcb, 0xee, 0xdd, 0xfb, 0x54, 0x56,
-    0x6b, 0xa0, 0xc5, 0x95, 0x88, 0x81, 0x98, 0x4b, 0x45, 0x1b, 0xcc, 0x2f,
-    0xbc, 0xc7, 0xe2, 0xcb, 0x69, 0x65, 0x8d, 0x59, 0x4c, 0x68, 0xf8, 0x23,
-    0x7b, 0x81, 0xed, 0x65, 0x1a, 0x6f, 0xb8, 0x41, 0x61, 0x16, 0x5e, 0xd4,
-    0x6f, 0x59, 0x50, 0x6c, 0x38, 0x25, 0x7f, 0x6f, 0x22, 0x8d, 0xc9, 0x96,
-    0x5f, 0x8f, 0x05, 0x2e, 0x2c, 0xba, 0x26, 0x59, 0x50, 0x7e, 0x1b, 0x19,
-    0x68, 0x9e, 0xfb, 0xdc, 0x13, 0x8b, 0x2f, 0xb9, 0xc8, 0x31, 0x65, 0x9d,
-    0x65, 0x61, 0xeb, 0xb1, 0x27, 0x08, 0xee, 0xd9, 0x96, 0x5f, 0xee, 0x4c,
-    0xc5, 0xfc, 0xe9, 0x65, 0x41, 0xe5, 0xe0, 0xbd, 0xcf, 0xe5, 0x97, 0xc0,
-    0x10, 0xa4, 0xb2, 0x86, 0x6e, 0x7c, 0x2d, 0x7f, 0xfd, 0x07, 0xf6, 0x61,
-    0x7b, 0x9f, 0xc0, 0x3a, 0xcb, 0xfc, 0x78, 0xeb, 0x9a, 0x8d, 0xeb, 0x2e,
-    0x7e, 0x2c, 0xa8, 0x3c, 0xc0, 0x9b, 0x5f, 0xe9, 0x30, 0x77, 0x27, 0x80,
-    0x1d, 0x65, 0xf8, 0xa3, 0xed, 0x8b, 0x2b, 0x0f, 0x85, 0xcf, 0x2c, 0xcb,
-    0x2f, 0xd8, 0x44, 0xfe, 0x59, 0xc2, 0xc2, 0xf0, 0x64, 0x35, 0x95, 0xf3,
-    0xd1, 0x23, 0x4b, 0xf1, 0x7b, 0xf1, 0xbd, 0x65, 0xe7, 0x73, 0xac, 0xbf,
-    0x64, 0xdb, 0x04, 0x0b, 0x2f, 0xef, 0x46, 0x81, 0x13, 0x2c, 0xb0, 0xb8,
-    0x5e, 0x9d, 0x1c, 0x21, 0xb2, 0x14, 0x5d, 0x1f, 0xb4, 0x20, 0xe6, 0x52,
-    0xd4, 0x24, 0x0f, 0x08, 0x6f, 0xbc, 0x3a, 0xc8, 0x08, 0x4a, 0x13, 0x3c,
-    0x84, 0x17, 0xa1, 0x02, 0x12, 0x1d, 0xe5, 0x22, 0x0d, 0xee, 0x95, 0x5f,
-    0xd2, 0xc3, 0x89, 0x1b, 0x8b, 0x2f, 0xf7, 0x9f, 0x5b, 0x43, 0x0d, 0x65,
-    0xfd, 0xee, 0x0d, 0xa0, 0x96, 0x53, 0x1e, 0xfb, 0x99, 0xdf, 0xd0, 0x7d,
-    0x83, 0xa9, 0x2c, 0xbe, 0xd6, 0x19, 0xe5, 0x95, 0xf3, 0xf2, 0xf1, 0x06,
-    0xf2, 0xfb, 0xfd, 0xb7, 0xf3, 0xbf, 0xc6, 0x96, 0x5f, 0xf4, 0x14, 0xb8,
-    0x77, 0x23, 0x56, 0x54, 0x1f, 0x6f, 0x8d, 0x6e, 0x81, 0xac, 0xbf, 0xe0,
-    0x9f, 0x3b, 0xd7, 0x4e, 0x62, 0xca, 0x91, 0xf9, 0xf0, 0x87, 0xc2, 0xd7,
-    0xfb, 0x50, 0x6e, 0x13, 0x1a, 0xb2, 0xff, 0xfd, 0x83, 0xfc, 0x72, 0x76,
-    0x36, 0x98, 0xf0, 0x6a, 0xcb, 0xff, 0xd0, 0x60, 0x87, 0x2c, 0xeb, 0xd1,
-    0x86, 0x2c, 0xbf, 0x79, 0x8b, 0x0e, 0xb2, 0xf3, 0x90, 0xb1, 0xab, 0x3d,
-    0xc8, 0xc0, 0xba, 0x8c, 0x47, 0x45, 0xe4, 0x66, 0x22, 0xb6, 0xea, 0x65,
-    0xff, 0x39, 0x82, 0xc7, 0x07, 0xea, 0x16, 0x54, 0x91, 0x86, 0x50, 0x87,
-    0xbf, 0xf3, 0xc8, 0x5e, 0x6b, 0xb7, 0x7e, 0xd5, 0x12, 0x2a, 0xff, 0xfd,
-    0xef, 0xe1, 0x0b, 0xf3, 0xbf, 0x5c, 0x34, 0xd7, 0x59, 0x7f, 0xe7, 0xf0,
-    0xb8, 0x6d, 0x37, 0x82, 0xb2, 0x85, 0xa3, 0x9a, 0x13, 0x9d, 0x66, 0xff,
-    0xb5, 0xa6, 0x33, 0x26, 0x63, 0xac, 0xbe, 0xee, 0x3f, 0x0b, 0x29, 0x8f,
-    0x70, 0x8e, 0xaf, 0xda, 0xed, 0xdf, 0xb5, 0x45, 0x92, 0xa8, 0x3d, 0x6c,
-    0x20, 0xbe, 0x62, 0x97, 0x16, 0x5f, 0xa3, 0x9e, 0x6d, 0x96, 0x56, 0xc7,
-    0x92, 0x69, 0x0d, 0xfe, 0x0e, 0xdf, 0x8f, 0x71, 0x96, 0x5f, 0xc1, 0x1b,
-    0x69, 0xf8, 0xb2, 0xe6, 0xf2, 0xcb, 0xf7, 0xb8, 0x27, 0x05, 0xe2, 0x26,
-    0xf4, 0x49, 0xc3, 0x4f, 0x16, 0xd0, 0xb4, 0xd8, 0x72, 0x30, 0x4b, 0xff,
-    0xe8, 0x3b, 0x8c, 0x5f, 0xa3, 0xa9, 0x6d, 0x86, 0x2c, 0xbe, 0xc3, 0x39,
-    0xf5, 0x97, 0xd0, 0x76, 0x31, 0x65, 0xfc, 0xc7, 0x8f, 0x88, 0x35, 0x95,
-    0x31, 0xe8, 0x6e, 0x91, 0x5f, 0xdf, 0x6d, 0x44, 0xb8, 0xb2, 0xfe, 0x3f,
-    0x9b, 0xee, 0x75, 0x97, 0xff, 0x9b, 0xdf, 0xcf, 0x61, 0x47, 0xa0, 0x6b,
-    0x2a, 0x0f, 0xd1, 0xcb, 0x6f, 0xf3, 0x78, 0x3a, 0x7e, 0x0b, 0xd9, 0x35,
-    0xac, 0x73, 0xec, 0x9b, 0xf0, 0xa1, 0xa6, 0x54, 0x38, 0xf1, 0xd7, 0x5f,
-    0xff, 0xef, 0x3f, 0x40, 0x16, 0x32, 0x8e, 0xa5, 0xe6, 0x20, 0x71, 0x65,
-    0xfd, 0x9a, 0xed, 0xdf, 0xb5, 0x45, 0xb0, 0xbf, 0xff, 0x7e, 0x71, 0x66,
-    0xbd, 0xcf, 0xcd, 0x3a, 0x77, 0xe7, 0xd6, 0x5f, 0xbe, 0xfa, 0x63, 0xac,
-    0xa1, 0x4a, 0x22, 0x3b, 0x61, 0xbf, 0x66, 0xfd, 0x3f, 0x16, 0x5e, 0xd0,
-    0x7e, 0xb2, 0xef, 0x0b, 0x83, 0xee, 0x19, 0x46, 0x8a, 0x68, 0x5a, 0x6d,
-    0xad, 0x19, 0x8d, 0xec, 0xe6, 0x2c, 0xbe, 0xed, 0xdf, 0xb5, 0x45, 0xb6,
-    0xb9, 0xf4, 0xb2, 0xd2, 0x59, 0x6e, 0x6c, 0x69, 0xc2, 0x2d, 0x5a, 0x3f,
-    0xff, 0x2b, 0xdf, 0xbf, 0xe6, 0x00, 0x56, 0x5f, 0xfe, 0x8d, 0xbc, 0xc3,
-    0xc2, 0x93, 0x7c, 0x2b, 0x29, 0x8f, 0xc7, 0xe5, 0x17, 0xfd, 0x12, 0x8d,
-    0x6d, 0x1a, 0xd9, 0x65, 0xf4, 0x4d, 0xc6, 0x59, 0x52, 0x4e, 0xab, 0x21,
-    0x35, 0x34, 0x24, 0xc8, 0x87, 0x74, 0xea, 0xff, 0xc3, 0xd3, 0x07, 0x61,
-    0x7c, 0xd7, 0x96, 0x50, 0xb4, 0x4d, 0x62, 0xbd, 0xef, 0xe6, 0xcb, 0x2f,
-    0xe7, 0x1e, 0x61, 0x1a, 0xb2, 0xfb, 0x08, 0x02, 0xe6, 0x3c, 0x93, 0x8e,
-    0xdc, 0x28, 0x25, 0x97, 0x85, 0x1f, 0x1a, 0xcb, 0xdb, 0x7d, 0x96, 0x5f,
-    0xf8, 0x50, 0x28, 0x9e, 0x5e, 0xfe, 0x14, 0x01, 0x65, 0xe1, 0x50, 0x55,
-    0x8a, 0x8b, 0x2f, 0xde, 0x8f, 0xbc, 0xcb, 0x2f, 0xc5, 0x21, 0x84, 0xeb,
-    0x2f, 0xe3, 0x04, 0x9f, 0x72, 0x02, 0xca, 0x83, 0xda, 0xc2, 0x8b, 0xf9,
-    0x84, 0x9b, 0x81, 0xe9, 0x65, 0xf8, 0x7d, 0xfc, 0x3a, 0x59, 0x5f, 0x3d,
-    0xb7, 0x31, 0xbf, 0xec, 0xd6, 0xa2, 0x4f, 0xd1, 0x8b, 0x2f, 0xbb, 0x77,
-    0xed, 0x51, 0x78, 0x2f, 0xde, 0xeb, 0xb6, 0xd2, 0xcb, 0xff, 0x30, 0x39,
-    0x3b, 0x80, 0x7c, 0x99, 0x65, 0xff, 0x9f, 0xd1, 0xbf, 0x5a, 0xce, 0xb8,
-    0xb2, 0xff, 0xe7, 0xd0, 0x9e, 0x6f, 0x96, 0x7b, 0x16, 0x56, 0x93, 0x1f,
-    0x39, 0x87, 0xca, 0x89, 0x07, 0x7a, 0x0d, 0xf7, 0x85, 0x56, 0x4c, 0xb2,
-    0xe8, 0x85, 0x95, 0xa3, 0x7d, 0xe2, 0x9b, 0xfa, 0x36, 0x28, 0x61, 0xac,
-    0xb9, 0xf8, 0xb2, 0xf4, 0xfe, 0x7d, 0x65, 0x00, 0xda, 0xf8, 0x5a, 0xfc,
-    0x78, 0x29, 0x3a, 0xcb, 0xfa, 0x0b, 0xdb, 0xdf, 0xb5, 0x97, 0xf4, 0xa3,
-    0x7c, 0x6b, 0xa5, 0x97, 0xff, 0xf3, 0xed, 0x34, 0xa3, 0x5b, 0x7a, 0x59,
-    0xb8, 0xe4, 0x05, 0x95, 0x24, 0x5f, 0xe1, 0x7b, 0x98, 0x5f, 0x7c, 0xb2,
-    0x65, 0x97, 0xf7, 0x9f, 0xf3, 0x87, 0x0b, 0x2f, 0xf9, 0xfd, 0xc8, 0x61,
-    0xe1, 0xd6, 0x54, 0x1f, 0x31, 0x17, 0xdf, 0xa4, 0xcd, 0xf7, 0x59, 0x7c,
-    0x58, 0xc6, 0xac, 0xbf, 0xe3, 0xf5, 0x2f, 0x61, 0x7b, 0x8b, 0x2b, 0xa4,
-    0x40, 0x9c, 0x98, 0x42, 0x1b, 0xb0, 0xd5, 0x97, 0xe7, 0x97, 0x9b, 0x65,
-    0x97, 0xff, 0x9b, 0xd0, 0x5d, 0xb1, 0xce, 0xdc, 0x0a, 0xca, 0x84, 0x5d,
-    0x61, 0x93, 0x0b, 0xb9, 0x45, 0xd8, 0x75, 0x97, 0xe6, 0xf8, 0xdb, 0x8b,
-    0x2c, 0xdb, 0x1b, 0xd9, 0x0b, 0x5f, 0xb0, 0x81, 0xbb, 0x0b, 0x2e, 0x7e,
-    0x2c, 0xbc, 0x17, 0xe2, 0xca, 0xf1, 0xb2, 0x10, 0x5a, 0xfd, 0x36, 0x9b,
-    0x63, 0xac, 0xa8, 0x3c, 0xcc, 0x22, 0xba, 0x61, 0xac, 0xbf, 0xff, 0xfe,
-    0x20, 0xbf, 0x30, 0xb9, 0xcc, 0xfb, 0x70, 0x3b, 0x73, 0xf9, 0xd7, 0xa1,
-    0x65, 0xf9, 0xb4, 0xfd, 0x18, 0xb2, 0xff, 0xd1, 0xdc, 0xec, 0x20, 0xcb,
-    0x38, 0xb2, 0xa4, 0x8e, 0x69, 0x9f, 0x4e, 0x53, 0x7f, 0xbe, 0xc6, 0x1b,
-    0xa7, 0x31, 0x65, 0xfb, 0x7c, 0x0c, 0xfc, 0x59, 0x7f, 0x67, 0x03, 0xe8,
-    0x25, 0x97, 0xff, 0xfe, 0x76, 0xf3, 0x9d, 0xc8, 0x1d, 0xfd, 0xb5, 0x21,
-    0x25, 0x84, 0xb2, 0xfe, 0xc1, 0xfe, 0x39, 0xb8, 0xb2, 0xfe, 0x8e, 0xba,
-    0x93, 0xf4, 0xb2, 0x86, 0xaa, 0x1b, 0x21, 0xfd, 0xd9, 0x8b, 0x1b, 0x4c,
-    0x55, 0xf2, 0xc2, 0x6b, 0x09, 0x85, 0xfe, 0x72, 0x07, 0xa7, 0xf3, 0xeb,
-    0x2f, 0xfb, 0xef, 0x23, 0xb4, 0x6a, 0x4b, 0x2d, 0x9b, 0x87, 0xdb, 0xf3,
-    0x5b, 0x8f, 0xc5, 0x97, 0xd0, 0x52, 0xdc, 0x59, 0x7f, 0xf0, 0x1c, 0x80,
-    0x59, 0xbf, 0xf8, 0x35, 0x97, 0xff, 0x38, 0x30, 0x79, 0xf6, 0xd7, 0xdd,
-    0x65, 0x74, 0x88, 0x6e, 0x22, 0x5f, 0xfc, 0xce, 0x0f, 0x37, 0x3f, 0x05,
-    0xe5, 0x97, 0xd9, 0xe3, 0x3b, 0x59, 0x74, 0x01, 0x65, 0x49, 0x38, 0xbc,
-    0x2a, 0x34, 0x5d, 0xa1, 0x55, 0xf2, 0x4e, 0x21, 0x78, 0x92, 0xff, 0x3f,
-    0xdc, 0x43, 0xe7, 0x16, 0x5b, 0xb5, 0x97, 0x77, 0x25, 0x95, 0xd9, 0xaa,
-    0xf0, 0x95, 0x4f, 0x6c, 0xea, 0xc1, 0x48, 0xd0, 0xa0, 0x84, 0x54, 0x1d,
-    0x15, 0x69, 0x90, 0x5b, 0xb4, 0x20, 0xa4, 0xf6, 0x32, 0x1c, 0x8d, 0x64,
-    0xd8, 0x45, 0x76, 0x43, 0xd3, 0x0b, 0x10, 0xcd, 0x0e, 0x5d, 0x17, 0x1e,
-    0x11, 0x1f, 0x8d, 0x6d, 0xdd, 0x80, 0x4e, 0x50, 0xa7, 0xe4, 0xaa, 0x6f,
-    0x4a, 0x6f, 0xde, 0xd3, 0x3e, 0xbb, 0x7b, 0xd0, 0x35, 0x97, 0xc0, 0x7d,
-    0x71, 0x65, 0xdd, 0x0b, 0x83, 0x7d, 0x83, 0x97, 0xf8, 0x02, 0xe6, 0x94,
-    0x17, 0x96, 0x50, 0xb5, 0x48, 0x91, 0x1f, 0x06, 0x8b, 0xaf, 0x88, 0x62,
-    0x74, 0xb2, 0xec, 0xe9, 0x65, 0xf3, 0xf0, 0x3b, 0x2c, 0xa6, 0x37, 0x5a,
-    0x17, 0xbf, 0x6b, 0xb7, 0x7e, 0xd5, 0x17, 0xa2, 0xfd, 0x9e, 0x28, 0xd9,
-    0x65, 0xff, 0x9d, 0xbc, 0x1d, 0x3e, 0xfc, 0x1a, 0xcb, 0xc3, 0x0f, 0x16,
-    0x5f, 0xa0, 0xef, 0xf8, 0x59, 0x78, 0xed, 0xe5, 0x97, 0xfc, 0xfe, 0x94,
-    0x1b, 0xe6, 0xd9, 0x65, 0x68, 0xff, 0x0e, 0x4c, 0x43, 0x97, 0xec, 0x3f,
-    0xdc, 0x6b, 0x2a, 0x15, 0x04, 0x0d, 0x7b, 0x08, 0x34, 0x6d, 0xf2, 0x77,
-    0x3f, 0x12, 0x13, 0x3b, 0xa5, 0xd7, 0xff, 0x60, 0xff, 0x87, 0x3b, 0xcb,
-    0x09, 0x65, 0xe0, 0xc0, 0x16, 0x5f, 0x6f, 0xc2, 0x16, 0x33, 0xde, 0xd2,
-    0x15, 0xfe, 0x17, 0xec, 0x9a, 0x4e, 0x35, 0x94, 0xc7, 0xe5, 0xf3, 0xca,
-    0x16, 0x9b, 0x56, 0x46, 0x93, 0x53, 0xcd, 0xdf, 0xd4, 0x0a, 0xb6, 0x58,
-    0x8c, 0xaf, 0x68, 0x58, 0xca, 0x32, 0x0c, 0xa7, 0xc2, 0xf7, 0x19, 0x6b,
-    0x4f, 0x7f, 0x4d, 0x3a, 0x53, 0xa8, 0xc3, 0x4f, 0x29, 0x0f, 0xf2, 0x91,
-    0xdc, 0xa4, 0x11, 0xe8, 0x94, 0xa6, 0xfe, 0x36, 0x86, 0xb1, 0x2b, 0x32,
-    0x5d, 0x5d, 0xe2, 0xf7, 0x16, 0x5c, 0x73, 0xac, 0xb7, 0xd6, 0x54, 0xf4,
-    0x6a, 0x02, 0x2f, 0x7f, 0xf0, 0x62, 0x62, 0xcd, 0xee, 0x73, 0xb2, 0xcb,
-    0xec, 0xfb, 0xf9, 0x65, 0xfe, 0xc6, 0xd0, 0x00, 0x1e, 0x2c, 0xb0, 0xa4,
-    0xd4, 0x4c, 0x92, 0x2f, 0x08, 0x6f, 0xff, 0x7b, 0x81, 0x8e, 0x67, 0x98,
-    0xef, 0x25, 0x97, 0xa3, 0xad, 0x96, 0x51, 0x1f, 0x3f, 0x92, 0x6f, 0x9a,
-    0x7e, 0x0e, 0xb2, 0xff, 0xbd, 0xcc, 0xea, 0x5f, 0x09, 0xab, 0x2f, 0x72,
-    0x26, 0x59, 0x4c, 0x89, 0xe3, 0x90, 0x91, 0x27, 0x0f, 0x2f, 0x13, 0xfd,
-    0x65, 0xed, 0xf1, 0x25, 0x97, 0xbf, 0x9c, 0x59, 0x7f, 0xc4, 0xc6, 0xfb,
-    0xae, 0xdb, 0xeb, 0x2f, 0x72, 0x36, 0x59, 0x50, 0x89, 0x21, 0x8f, 0x60,
-    0xe7, 0x47, 0x77, 0xfb, 0xdf, 0x67, 0x00, 0x21, 0x65, 0xfd, 0x9d, 0x75,
-    0x20, 0xec, 0xb2, 0xfe, 0x7d, 0x48, 0x82, 0xeb, 0x2e, 0x63, 0xac, 0xac,
-    0x45, 0x2e, 0x8c, 0x82, 0x63, 0xba, 0x59, 0x7c, 0x70, 0x90, 0xd6, 0x5e,
-    0xde, 0xfd, 0x2c, 0xbc, 0x6c, 0x18, 0xb2, 0xf3, 0xbf, 0x6a, 0x88, 0x8d,
-    0x7c, 0x6f, 0x6f, 0xa5, 0x94, 0x69, 0xf5, 0xf6, 0x3c, 0xc5, 0x37, 0xe1,
-    0x47, 0xb8, 0xe0, 0x59, 0x7e, 0x67, 0x3e, 0x69, 0x65, 0xff, 0x05, 0xfa,
-    0x2c, 0xd8, 0x49, 0x2c, 0xbd, 0xd8, 0x87, 0x59, 0x7f, 0xff, 0xd1, 0x37,
-    0xa3, 0x9a, 0x8f, 0x37, 0x6c, 0x39, 0xc6, 0x93, 0xac, 0xa8, 0x44, 0x41,
-    0x0f, 0xdf, 0xfc, 0xdc, 0xfe, 0x1a, 0x6b, 0xce, 0x1f, 0x4b, 0x2b, 0x65,
-    0x4b, 0x6c, 0x45, 0xa8, 0x45, 0x1c, 0xc3, 0xe5, 0x9c, 0x26, 0xf4, 0x30,
-    0xf7, 0x90, 0xdf, 0xcf, 0xd7, 0xf1, 0x8c, 0x59, 0x74, 0xbe, 0xb2, 0xc3,
-    0xd1, 0xe2, 0xb9, 0x75, 0xff, 0xdc, 0xe6, 0x1c, 0xb3, 0x7c, 0xe8, 0x9e,
-    0x96, 0x5b, 0xec, 0x7e, 0x61, 0x27, 0xbf, 0xdb, 0x6b, 0x3d, 0xe6, 0xf2,
-    0xca, 0x59, 0x7f, 0xf7, 0xf3, 0xc5, 0x13, 0x4e, 0x34, 0x9d, 0x65, 0xc1,
-    0x89, 0x8f, 0x47, 0xc1, 0x75, 0x08, 0xb3, 0xe4, 0x21, 0x6f, 0x14, 0x74,
-    0xb2, 0xa4, 0x78, 0x63, 0x27, 0xb9, 0xfe, 0xb2, 0xff, 0x6b, 0x39, 0x8e,
-    0x5b, 0x2c, 0xbd, 0xa6, 0xe9, 0x65, 0x0c, 0xf9, 0x70, 0x5b, 0xc6, 0x57,
-    0xf8, 0x23, 0x13, 0xff, 0x79, 0x2c, 0xb8, 0x67, 0x59, 0x7e, 0x7d, 0x84,
-    0x61, 0xac, 0xbf, 0xfb, 0x0c, 0x0c, 0x6d, 0xe1, 0xc7, 0xb8, 0xb2, 0xa4,
-    0x8b, 0xbc, 0x35, 0x71, 0x72, 0x29, 0xbf, 0xfd, 0x26, 0x34, 0xd7, 0xe4,
-    0x36, 0xcf, 0xe5, 0x97, 0xff, 0xf3, 0xb7, 0xa3, 0xe5, 0x9e, 0xfb, 0x7f,
-    0x18, 0xc5, 0x94, 0xc8, 0xa3, 0xfa, 0x5d, 0xff, 0xff, 0xef, 0x79, 0x8f,
-    0xa6, 0xce, 0x88, 0x3e, 0x8f, 0xce, 0xde, 0xde, 0x9a, 0x16, 0x5f, 0xec,
-    0x62, 0x6d, 0x6b, 0x16, 0x5f, 0xf6, 0x39, 0x03, 0x41, 0x80, 0x2c, 0xa8,
-    0x4c, 0x17, 0x08, 0xba, 0x7c, 0xd1, 0x85, 0xff, 0xf8, 0xfb, 0x8c, 0xef,
-    0x37, 0xbf, 0x92, 0xfb, 0x6f, 0x59, 0x7f, 0x75, 0x2d, 0x06, 0x00, 0xb2,
-    0xfd, 0xe8, 0xd4, 0x01, 0x65, 0xc2, 0x1d, 0x65, 0xfb, 0x35, 0x28, 0x3a,
-    0xca, 0xd8, 0xdf, 0x9c, 0x62, 0xa1, 0x31, 0x1c, 0x5a, 0x62, 0xf7, 0x66,
-    0xbb, 0x63, 0xa4, 0xb8, 0xc3, 0x12, 0x5f, 0xf8, 0x5f, 0x7f, 0x69, 0xbf,
-    0x1b, 0x0b, 0x01, 0xb1, 0x30, 0x62, 0xff, 0x70, 0xb3, 0xd3, 0xf9, 0xe5,
-    0x97, 0xdb, 0xe3, 0xd0, 0xb2, 0xf6, 0xf7, 0xd2, 0xcb, 0xec, 0xf9, 0x62,
-    0xca, 0xc3, 0x7d, 0xc1, 0xea, 0x92, 0x62, 0x78, 0xba, 0xc6, 0xbe, 0x61,
-    0xb6, 0xea, 0xcb, 0xf3, 0x9f, 0x3a, 0xf2, 0xcb, 0xdc, 0x7d, 0xc5, 0x97,
-    0xf9, 0xcb, 0xb9, 0xc6, 0x7b, 0x8b, 0x2b, 0x64, 0x49, 0x60, 0xa3, 0x14,
-    0x04, 0x7e, 0xf6, 0xd1, 0xb8, 0xb2, 0xff, 0xfb, 0xec, 0x6f, 0x1b, 0x08,
-    0x03, 0xd3, 0xf6, 0xb2, 0xff, 0x80, 0xd3, 0x71, 0xbe, 0xc7, 0x59, 0x7f,
-    0xa3, 0xf9, 0x34, 0x9f, 0x65, 0x97, 0xff, 0x16, 0x75, 0x2e, 0x0d, 0xb7,
-    0xc0, 0xd6, 0x56, 0xc9, 0x91, 0x8c, 0x80, 0x0a, 0x01, 0x39, 0xdd, 0x34,
-    0xbf, 0x37, 0xa3, 0xdc, 0x59, 0x7f, 0x9f, 0xae, 0x39, 0x07, 0x16, 0x5f,
-    0x36, 0x9c, 0x0b, 0x2a, 0x47, 0xf4, 0x02, 0x7e, 0x19, 0x5f, 0xe0, 0x46,
-    0xf7, 0xff, 0xd9, 0x65, 0x0b, 0x3e, 0x3f, 0x17, 0xdf, 0xf7, 0x03, 0xad,
-    0x34, 0x36, 0x96, 0x56, 0x27, 0x10, 0xf1, 0x96, 0x78, 0x92, 0xdb, 0x8b,
-    0x2f, 0x8b, 0xa9, 0xa1, 0x65, 0xff, 0x46, 0x75, 0x0f, 0x27, 0x92, 0xcb,
-    0xfb, 0x01, 0x38, 0xb0, 0x0b, 0x2e, 0x3f, 0x6b, 0x28, 0x67, 0x8c, 0xe5,
-    0xd7, 0xfe, 0xc3, 0x27, 0x38, 0xda, 0x66, 0x85, 0x97, 0xe8, 0x2f, 0x40,
-    0x16, 0x5e, 0xf0, 0x1d, 0x65, 0x68, 0xf0, 0x8e, 0x4d, 0x7c, 0x58, 0xfb,
-    0x8b, 0x2f, 0xd0, 0x60, 0x9f, 0x85, 0x95, 0x3d, 0xa7, 0x8b, 0x02, 0x83,
-    0x23, 0xc7, 0xdd, 0x10, 0xbc, 0x20, 0xb8, 0x44, 0x21, 0x1d, 0xf8, 0xb3,
-    0xef, 0xe5, 0x97, 0xa7, 0x73, 0xb5, 0x95, 0xb8, 0x78, 0xdf, 0x26, 0xbf,
-    0xcc, 0xe0, 0xd6, 0x83, 0xf5, 0x97, 0xf4, 0x1b, 0x84, 0xc6, 0xac, 0xbf,
-    0xb3, 0xdb, 0xbe, 0xcf, 0xac, 0xac, 0x45, 0xaf, 0xc9, 0x48, 0xcf, 0x85,
-    0xb7, 0xf6, 0xd3, 0x47, 0x03, 0xd2, 0xcb, 0xfc, 0x21, 0x39, 0xba, 0xd4,
-    0x2c, 0xa8, 0x3e, 0x57, 0x31, 0xbf, 0xff, 0xbb, 0x17, 0xa7, 0x26, 0xf0,
-    0xbd, 0x47, 0x89, 0xc0, 0xb2, 0xe9, 0xe2, 0x4b, 0x2f, 0x3e, 0x12, 0xcb,
-    0xff, 0xbc, 0x50, 0x07, 0xf0, 0x04, 0x29, 0x2c, 0xbf, 0x0d, 0xa6, 0x68,
-    0x59, 0x7e, 0xcf, 0x4f, 0xe7, 0x96, 0x5f, 0x7d, 0xb5, 0x39, 0xcf, 0x44,
-    0x89, 0xea, 0x7b, 0x6e, 0x17, 0x67, 0x84, 0x41, 0x44, 0x2f, 0xe2, 0x33,
-    0xfd, 0x8e, 0xe5, 0x0a, 0xd1, 0xc3, 0x87, 0x25, 0x4d, 0x77, 0x19, 0xbf,
-    0x51, 0x8e, 0xb4, 0x21, 0xe6, 0x87, 0x4e, 0xa3, 0xe2, 0xfc, 0x69, 0xcf,
-    0x1b, 0xf0, 0x21, 0x9c, 0x52, 0xb9, 0xf9, 0x1f, 0xd7, 0xa3, 0x75, 0x0c,
-    0x28, 0x37, 0x90, 0x18, 0xbd, 0x3e, 0x38, 0x20, 0xd6, 0xec, 0x25, 0x6f,
-    0x09, 0xff, 0xac, 0xbb, 0x77, 0xeb, 0x2f, 0xda, 0xed, 0xdf, 0xb5, 0x44,
-    0x5c, 0xbd, 0xa0, 0xfd, 0x65, 0xfb, 0xc0, 0x10, 0xa4, 0x92, 0xfd, 0xcf,
-    0x7e, 0x00, 0xb2, 0xfc, 0xfb, 0x46, 0x82, 0xb2, 0xc2, 0xe1, 0x30, 0x4d,
-    0x87, 0xb0, 0x6b, 0x46, 0xce, 0x3a, 0x12, 0x99, 0xf2, 0x8b, 0xf1, 0x06,
-    0x59, 0xc5, 0x97, 0x88, 0x86, 0xb2, 0xe9, 0x0b, 0xc3, 0xc2, 0x22, 0x7a,
-    0x16, 0xae, 0xca, 0x52, 0xb5, 0x3a, 0x85, 0x85, 0xff, 0xc7, 0x79, 0x0b,
-    0xcd, 0x76, 0xef, 0xda, 0xa2, 0x66, 0x5f, 0xfc, 0x31, 0x64, 0x17, 0x10,
-    0x7f, 0x63, 0x56, 0x5e, 0xfb, 0x71, 0x65, 0xf0, 0xa7, 0x91, 0xe5, 0x97,
-    0xf4, 0x70, 0xa3, 0xdc, 0x59, 0x53, 0xc8, 0xf4, 0x8e, 0x4d, 0x53, 0xc2,
-    0x25, 0xa7, 0x9b, 0x75, 0xff, 0xd3, 0xcc, 0xd8, 0xcd, 0x4e, 0xc0, 0xeb,
-    0x65, 0x97, 0xd8, 0x1d, 0x6c, 0xb2, 0xe9, 0xf9, 0xed, 0x65, 0xc6, 0x79,
-    0x65, 0x0a, 0x0f, 0x6a, 0x79, 0x11, 0x8c, 0x7e, 0xfe, 0x15, 0x53, 0xdc,
-    0xf6, 0x29, 0xe4, 0x2c, 0xb4, 0xcb, 0x2e, 0x8e, 0x2c, 0xa9, 0xe4, 0x7d,
-    0x5b, 0x21, 0x74, 0x25, 0x7f, 0xf7, 0xa5, 0x9f, 0xfb, 0xc9, 0x98, 0x96,
-    0x5d, 0x3f, 0x3d, 0xac, 0xbf, 0xf7, 0xdb, 0xdc, 0x7e, 0xb6, 0xc3, 0x16,
-    0x5f, 0xfb, 0x7c, 0x7d, 0xa2, 0x69, 0xa3, 0xb5, 0x94, 0x29, 0x47, 0x20,
-    0xa1, 0x0b, 0xb1, 0xf6, 0x41, 0xb9, 0x8e, 0xb2, 0xfd, 0xe2, 0x6e, 0xbc,
-    0xb2, 0xbb, 0x37, 0xc2, 0x0b, 0x5f, 0xf4, 0xf6, 0x03, 0x89, 0xa6, 0xda,
-    0x16, 0x5f, 0x0a, 0x3c, 0xe4, 0xb2, 0xfa, 0x7a, 0x15, 0x7c, 0x85, 0x96,
-    0x0a, 0xca, 0x15, 0x46, 0xf9, 0x8b, 0x6e, 0x9f, 0x9e, 0xd6, 0x5f, 0xff,
-    0xff, 0xc2, 0xbe, 0xa0, 0x54, 0x9e, 0x43, 0xef, 0x7e, 0xa5, 0x36, 0xf0,
-    0x8a, 0xa9, 0xe6, 0x2b, 0x15, 0x62, 0xaa, 0x74, 0xef, 0xcf, 0xac, 0xbf,
-    0xf1, 0x46, 0xda, 0x7f, 0xc1, 0xd9, 0x65, 0xf6, 0x02, 0x00, 0xb2, 0xfe,
-    0xe6, 0xa3, 0x3d, 0xc5, 0x96, 0x0a, 0xca, 0x83, 0x7d, 0x85, 0xb7, 0xf9,
-    0xc6, 0xe7, 0xd4, 0x71, 0x65, 0xff, 0xb7, 0x85, 0xfb, 0x1b, 0x6f, 0x81,
-    0xac, 0xbf, 0xa0, 0xef, 0x28, 0xf2, 0xcb, 0xff, 0xa0, 0xef, 0xec, 0xe8,
-    0x07, 0x13, 0xeb, 0x2f, 0xff, 0x77, 0xa0, 0xed, 0xd7, 0x1b, 0x5d, 0xff,
-    0x16, 0x5f, 0x36, 0xf7, 0x02, 0xca, 0x83, 0xf2, 0xf2, 0x7d, 0x0d, 0x37,
-    0xac, 0x32, 0x35, 0x0f, 0xe5, 0x85, 0x0b, 0x8b, 0xe6, 0xd8, 0x24, 0xb2,
-    0xfd, 0x9b, 0x60, 0x26, 0x59, 0x53, 0x8f, 0x2f, 0xc4, 0x57, 0xe6, 0xdd,
-    0x35, 0xbb, 0x59, 0x7f, 0xc1, 0x97, 0x1c, 0xee, 0x40, 0x59, 0x5a, 0x3e,
-    0x47, 0x2c, 0xbf, 0xa3, 0x93, 0x99, 0xe6, 0x59, 0x7f, 0xa7, 0x61, 0x3e,
-    0x81, 0x3e, 0xb2, 0xe2, 0x92, 0xcb, 0xda, 0x83, 0x56, 0x5f, 0xff, 0x3f,
-    0xf3, 0xa0, 0x7c, 0xc7, 0xfc, 0xdf, 0x0a, 0xca, 0x64, 0x43, 0x4c, 0x2c,
-    0x71, 0xdb, 0xfc, 0x3d, 0x38, 0x1f, 0x34, 0xb2, 0xfe, 0xce, 0x40, 0x85,
-    0x0b, 0x28, 0x69, 0xa5, 0xe4, 0x2f, 0x58, 0xc3, 0xe6, 0x56, 0xc5, 0x97,
-    0x39, 0xd6, 0x57, 0x0d, 0x36, 0xe8, 0x85, 0xdb, 0xbe, 0x59, 0x61, 0x5a,
-    0xcb, 0x02, 0x0d, 0x78, 0x46, 0xaf, 0x1d, 0xfc, 0xb2, 0xc2, 0xb5, 0x95,
-    0x86, 0xc4, 0x87, 0x2f, 0xd3, 0xe3, 0x27, 0x31, 0x65, 0x41, 0xe5, 0x78,
-    0x7e, 0xff, 0xfe, 0xec, 0xa0, 0xf3, 0xa3, 0x5a, 0x6d, 0xfa, 0x77, 0x02,
-    0xcb, 0xf4, 0x9f, 0xce, 0x6a, 0xca, 0x84, 0x43, 0x62, 0xf5, 0xf1, 0x60,
-    0x21, 0x65, 0x11, 0xe0, 0xef, 0x21, 0xbe, 0xc1, 0xe0, 0xd6, 0x5f, 0xcc,
-    0x63, 0x73, 0x3b, 0x59, 0x4c, 0x7e, 0x5a, 0x23, 0xe1, 0x0d, 0xf3, 0x7a,
-    0x24, 0xb2, 0xf1, 0xe2, 0x4b, 0x2f, 0x71, 0xe6, 0x59, 0x50, 0x6e, 0x7c,
-    0x39, 0x7f, 0x0b, 0x98, 0x53, 0xf7, 0x25, 0x95, 0x3d, 0xb2, 0x5a, 0x67,
-    0x90, 0xfe, 0xd0, 0xc7, 0x19, 0xef, 0x6b, 0xed, 0x1c, 0xcc, 0xd0, 0x9a,
-    0xd4, 0x22, 0x0e, 0x43, 0xf8, 0xde, 0x9d, 0x9c, 0x0a, 0x65, 0x0a, 0x1f,
-    0x46, 0xb5, 0xbc, 0xb8, 0x45, 0xad, 0xd2, 0x0b, 0xfb, 0x5a, 0x79, 0x08,
-    0x75, 0x97, 0x9c, 0xbb, 0x59, 0x7b, 0xc5, 0x0b, 0x2f, 0x88, 0xb3, 0xcb,
-    0x28, 0x52, 0x6e, 0xe0, 0x6e, 0xb8, 0x7f, 0x66, 0x2b, 0xdf, 0x3f, 0xda,
-    0x65, 0x97, 0xc5, 0x34, 0x0d, 0x65, 0xdd, 0x79, 0x65, 0xf7, 0xe6, 0x81,
-    0xac, 0xbf, 0x81, 0xa8, 0x11, 0xc9, 0x65, 0x42, 0x6f, 0x39, 0x0a, 0xae,
-    0xc8, 0xd8, 0x8a, 0x62, 0x27, 0x18, 0x09, 0x1d, 0xef, 0xc7, 0x4b, 0x2f,
-    0xd0, 0x72, 0xc9, 0x96, 0x5f, 0xcd, 0x84, 0x3f, 0xc2, 0xcb, 0x1d, 0x65,
-    0x8e, 0xb2, 0xe8, 0x25, 0x95, 0xb1, 0xa6, 0x30, 0x46, 0x86, 0x8a, 0xce,
-    0xc9, 0xf7, 0x0a, 0xf8, 0x6f, 0x4b, 0x2e, 0x8e, 0x2c, 0xbf, 0xb5, 0x04,
-    0x1c, 0xfa, 0xcb, 0xed, 0x46, 0x12, 0xcb, 0xe7, 0xf4, 0x80, 0xb2, 0xff,
-    0x04, 0xe5, 0x93, 0x36, 0xcb, 0x2c, 0x15, 0x97, 0xf9, 0xbb, 0x7c, 0xd6,
-    0x79, 0x65, 0x00, 0xf0, 0xf8, 0x23, 0x7f, 0x9f, 0x4d, 0x1b, 0x8c, 0x75,
-    0x94, 0x6a, 0x6a, 0x3d, 0x8b, 0x1c, 0xb3, 0xe4, 0x1c, 0x22, 0xf3, 0xbe,
-    0xf2, 0x2b, 0xfe, 0xd4, 0x64, 0xa3, 0xf0, 0x05, 0x97, 0xff, 0xa7, 0x7d,
-    0xdb, 0xc0, 0x09, 0x13, 0xc9, 0x65, 0xff, 0x08, 0x7c, 0xe3, 0xbf, 0x52,
-    0x59, 0x74, 0xf6, 0x29, 0x59, 0x7f, 0xdf, 0x86, 0x1b, 0x73, 0x67, 0x59,
-    0x42, 0xa1, 0xec, 0x31, 0x05, 0x49, 0x70, 0x23, 0x21, 0x93, 0xda, 0x0b,
-    0x46, 0xb9, 0xa6, 0x93, 0x9b, 0x81, 0x28, 0xa1, 0x25, 0x7f, 0xff, 0xff,
-    0xff, 0xf8, 0x54, 0x14, 0xe0, 0xa8, 0x28, 0x9e, 0x53, 0xcb, 0xb1, 0x5c,
-    0x0a, 0xb1, 0x46, 0xb6, 0xdd, 0xc0, 0x8c, 0x55, 0x44, 0xff, 0x42, 0x7c,
-    0x51, 0x10, 0x28, 0xdc, 0x9e, 0x7e, 0x9d, 0x3b, 0xf3, 0xeb, 0x2f, 0xff,
-    0xc0, 0xea, 0x5f, 0x0c, 0x68, 0x5f, 0xdb, 0xb7, 0xd2, 0xcb, 0xe0, 0xca,
-    0x77, 0x16, 0x5f, 0xfb, 0xf8, 0x58, 0x6e, 0x16, 0x0d, 0x65, 0xff, 0xdd,
-    0x19, 0x1e, 0x1b, 0x6e, 0x72, 0x0e, 0xb2, 0xfb, 0x99, 0xd7, 0x96, 0x5f,
-    0x64, 0xd0, 0x62, 0xcb, 0xf0, 0xff, 0x05, 0xb2, 0xcb, 0xe6, 0x2f, 0x71,
-    0x65, 0xff, 0xff, 0x1d, 0xb5, 0xf0, 0xf2, 0x51, 0xbf, 0x50, 0x5e, 0xfe,
-    0x49, 0x65, 0x49, 0x11, 0x2c, 0x43, 0x7f, 0xe6, 0xf3, 0x76, 0xc3, 0xf6,
-    0x76, 0xb2, 0xb6, 0x54, 0x05, 0x22, 0x5c, 0x3c, 0xd2, 0x4f, 0xc8, 0xc8,
-    0x8f, 0xd0, 0xb1, 0xdd, 0x22, 0xbc, 0x36, 0xde, 0xb2, 0xff, 0x76, 0x59,
-    0xff, 0xe0, 0x16, 0x5f, 0x39, 0x8f, 0xb8, 0xb2, 0x9c, 0xf6, 0x08, 0xce,
-    0xfc, 0x1e, 0xfe, 0xc6, 0x2c, 0xbe, 0xf4, 0xfe, 0x7d, 0x65, 0xff, 0xfe,
-    0x72, 0xec, 0xb0, 0x7f, 0x0c, 0xef, 0xc4, 0xb5, 0x1b, 0x2c, 0xac, 0x44,
-    0x40, 0x49, 0x6f, 0xe1, 0x0a, 0x3f, 0x12, 0x59, 0x7f, 0xff, 0x1a, 0x58,
-    0x00, 0xf2, 0x74, 0x9b, 0xf1, 0xd9, 0x3a, 0xca, 0x3a, 0x22, 0x9c, 0xb6,
-    0xff, 0x9b, 0xb9, 0xa5, 0xf8, 0x23, 0x56, 0x5e, 0x83, 0xf9, 0x65, 0x11,
-    0xeb, 0x98, 0x77, 0x7f, 0xb0, 0xc8, 0xf1, 0x3f, 0x16, 0x5e, 0x6f, 0xb2,
-    0xca, 0x83, 0xef, 0x62, 0x2f, 0x19, 0x5d, 0x04, 0xb2, 0xfb, 0x3b, 0x1e,
-    0x2c, 0xbe, 0x21, 0x89, 0xd2, 0xcb, 0x83, 0xe5, 0x97, 0x9f, 0x52, 0x9c,
-    0x7b, 0xae, 0x45, 0x3e, 0x49, 0x42, 0x85, 0xfc, 0x08, 0x8c, 0xaf, 0x25,
-    0x2e, 0x33, 0xd6, 0x9d, 0x8e, 0x41, 0xf8, 0x59, 0x3c, 0x2b, 0x0a, 0x1d,
-    0x1e, 0x2d, 0x0b, 0x95, 0xfe, 0x35, 0xf7, 0xf7, 0x9d, 0x79, 0x65, 0xdb,
-    0xf7, 0x16, 0x51, 0xa7, 0xa8, 0xe7, 0x17, 0xff, 0xed, 0x69, 0xb3, 0x79,
-    0x07, 0x93, 0xb8, 0x17, 0xe2, 0xca, 0x59, 0x7f, 0xfd, 0xc6, 0x9f, 0xce,
-    0xfe, 0xc4, 0x41, 0xd6, 0xcb, 0x2b, 0x47, 0xbd, 0xe0, 0xbb, 0xfb, 0xd8,
-    0x7e, 0xb0, 0xeb, 0x2a, 0x13, 0x07, 0xc8, 0x5b, 0xb1, 0x15, 0xfe, 0x39,
-    0xde, 0x5c, 0x69, 0x2c, 0xbf, 0xc6, 0xce, 0x8e, 0x81, 0xa8, 0x59, 0x58,
-    0x7d, 0x4e, 0x67, 0x4c, 0x9f, 0x37, 0xe3, 0x29, 0x28, 0x4e, 0xdf, 0xfe,
-    0xdf, 0x83, 0xfc, 0x6f, 0x3c, 0x13, 0x88, 0xb2, 0xd3, 0x2c, 0xac, 0x3d,
-    0xf0, 0xa6, 0xdf, 0xf4, 0xbb, 0xfb, 0x19, 0x04, 0x35, 0x97, 0xf0, 0xde,
-    0x5c, 0x69, 0x2c, 0xad, 0x22, 0x21, 0xc8, 0x42, 0x75, 0x7c, 0x12, 0xf7,
-    0x16, 0x5f, 0xdc, 0x0b, 0x13, 0x71, 0x65, 0xe8, 0xd4, 0x2c, 0xa9, 0xc7,
-    0x8f, 0xf2, 0xca, 0xed, 0x11, 0xba, 0x69, 0xbd, 0x29, 0xf3, 0x16, 0x5c,
-    0x06, 0x59, 0x7e, 0x3c, 0xbe, 0x27, 0x16, 0x5b, 0x53, 0x8f, 0x00, 0x41,
-    0x6b, 0xf3, 0x98, 0x58, 0x35, 0x95, 0x08, 0xb3, 0x66, 0x1d, 0x15, 0xdf,
-    0xf8, 0xa3, 0xb3, 0x5f, 0x34, 0xc0, 0x59, 0x7f, 0x73, 0x1b, 0x5a, 0x75,
-    0x97, 0xee, 0x4e, 0x03, 0xf9, 0x65, 0x6c, 0x89, 0x40, 0x1f, 0x78, 0xb2,
-    0xe8, 0xd2, 0xcb, 0xff, 0xb6, 0xce, 0x33, 0xfc, 0x59, 0x86, 0x18, 0x92,
-    0xcc, 0x03, 0xe0, 0x21, 0x6b, 0xfe, 0x0b, 0xea, 0x7c, 0x3f, 0x6d, 0x2c,
-    0xa8, 0x47, 0x98, 0xe1, 0x23, 0xf2, 0x6b, 0xfb, 0xac, 0xf8, 0x7a, 0x02,
-    0xcb, 0x7d, 0x65, 0xfc, 0x7e, 0x7e, 0x0b, 0xcb, 0x2f, 0x6d, 0xf0, 0xac,
-    0xbf, 0xf7, 0xdf, 0x9f, 0xcd, 0xf9, 0xee, 0x2c, 0xa8, 0x3d, 0xe7, 0x1e,
-    0xa6, 0x45, 0x5f, 0xe1, 0x17, 0x7e, 0x60, 0xf6, 0xdb, 0x2c, 0xac, 0x4c,
-    0xf3, 0xb3, 0x0f, 0x42, 0xf2, 0x7c, 0x9e, 0xff, 0x8b, 0x20, 0xd7, 0xf3,
-    0x9a, 0xb2, 0xfe, 0x90, 0x9e, 0xe4, 0x79, 0x65, 0xfe, 0x3e, 0x76, 0x4f,
-    0x9d, 0xac, 0xb8, 0x33, 0x2c, 0xba, 0x5c, 0x83, 0xcb, 0x01, 0x9d, 0xf1,
-    0xf8, 0x27, 0x16, 0x5e, 0xec, 0x3d, 0xac, 0xa8, 0x47, 0x57, 0x4f, 0x4c,
-    0x5a, 0x12, 0x4b, 0xfe, 0xf7, 0xa0, 0xf9, 0x84, 0x6a, 0xcb, 0xff, 0xef,
-    0x7f, 0x37, 0x7d, 0x9f, 0x2c, 0xf7, 0xd9, 0x65, 0x74, 0x88, 0x92, 0x38,
-    0xbf, 0x89, 0xfd, 0x28, 0x35, 0x65, 0xfe, 0xc0, 0x0c, 0x2f, 0xa9, 0x2c,
-    0xa8, 0x3e, 0x0d, 0x8b, 0x6f, 0xe7, 0x71, 0xef, 0xc1, 0xac, 0xbc, 0xef,
-    0xda, 0xa2, 0xcf, 0x5f, 0xe8, 0x23, 0x74, 0x18, 0x25, 0x97, 0xf0, 0x1c,
-    0xa4, 0xc7, 0x59, 0x50, 0x9a, 0xd6, 0xd0, 0x83, 0x19, 0x17, 0x65, 0xcc,
-    0x52, 0x03, 0x2b, 0xfd, 0xff, 0x71, 0xfa, 0x10, 0xeb, 0x2f, 0xf4, 0x49,
-    0xbd, 0x1e, 0xe2, 0xcb, 0xe0, 0x09, 0xf8, 0x59, 0x78, 0x63, 0x75, 0x95,
-    0xf3, 0xf1, 0x23, 0x2f, 0x11, 0xdf, 0xd2, 0x13, 0x3e, 0xfd, 0x2c, 0xa8,
-    0x4c, 0x11, 0xa1, 0x4e, 0xe5, 0xd7, 0xfc, 0x6b, 0x96, 0x6f, 0x2c, 0xe2,
+    0xa4, 0xe2, 0x18, 0x52, 0x71, 0x0c, 0x2a, 0x34, 0x4b, 0x0c, 0x65, 0x86,
+    0x40, 0x33, 0xc1, 0x9d, 0xe3, 0x34, 0x9c, 0x43, 0x0a, 0x4e, 0x21, 0x85,
+    0x40, 0xd9, 0x70, 0x66, 0x93, 0x88, 0x61, 0x49, 0xc4, 0x30, 0xa4, 0xe2,
+    0x18, 0x52, 0x71, 0x0c, 0x2a, 0x07, 0xc8, 0x01, 0x9f, 0x8c, 0xee, 0x8c,
+    0xd2, 0x71, 0x0c, 0x29, 0x38, 0x86, 0x14, 0x9c, 0x43, 0x0a, 0x4e, 0x21,
+    0x85, 0x46, 0x7c, 0x86, 0x8c, 0xe8, 0x67, 0xc3, 0x36, 0x35, 0x38, 0x86,
+    0x14, 0x9c, 0x43, 0x0a, 0x4e, 0x21, 0x85, 0x27, 0x10, 0xc2, 0x93, 0x88,
+    0x61, 0x43, 0x3e, 0x4e, 0xc6, 0x40, 0x32, 0x21, 0x9a, 0x4e, 0x21, 0x85,
+    0x27, 0x10, 0xc2, 0x93, 0x88, 0x61, 0x7e, 0xf4, 0x83, 0x98, 0x9c, 0x43,
+    0x0a, 0x4e, 0x21, 0x85, 0x41, 0x13, 0x3d, 0x0c, 0xf8, 0x65, 0xc6, 0x40,
+    0x6b, 0x6e, 0x93, 0x88, 0x61, 0x49, 0xc4, 0x30, 0xa4, 0xe2, 0x18, 0x52,
+    0x71, 0x0c, 0x29, 0x38, 0x86, 0x15, 0x03, 0xe4, 0xec, 0x65, 0x86, 0x77,
+    0x8c, 0xd2, 0x71, 0x0c, 0x29, 0x38, 0x86, 0x14, 0x9c, 0x43, 0x0a, 0x4e,
+    0x21, 0x85, 0x40, 0xf9, 0x06, 0x33, 0xe1, 0x92, 0x19, 0xb7, 0x93, 0x88,
+    0x61, 0x49, 0xc4, 0x30, 0xa4, 0xe2, 0x18, 0x5a, 0x09, 0xc4, 0x30, 0xa4,
+    0xe2, 0x18, 0x76, 0x5f, 0xd2, 0x71, 0x0c, 0x29, 0x38, 0x86, 0x14, 0x9c,
+    0x43, 0x0a, 0x4e, 0x21, 0x85, 0x46, 0x8d, 0xe8, 0x0c, 0x9a, 0x71, 0xd1,
+    0x4c, 0x43, 0x20, 0x19, 0xf8, 0xcd, 0xb1, 0x38, 0x86, 0x14, 0x9c, 0x43,
+    0x0a, 0x4e, 0x21, 0x85, 0xa0, 0x9c, 0x43, 0x0a, 0x4e, 0x21, 0x87, 0x65,
+    0xfd, 0x27, 0x10, 0xc2, 0x93, 0x88, 0x61, 0x52, 0x8a, 0xc8, 0x0c, 0xb1,
+    0xc6, 0x8a, 0x4e, 0x33, 0x49, 0xc4, 0x30, 0xa4, 0xe2, 0x18, 0x52, 0x71,
+    0x0c, 0x29, 0x38, 0x86, 0x14, 0x9c, 0x43, 0x0a, 0x93, 0xfd, 0xec, 0x67,
+    0x43, 0x27, 0x19, 0x21, 0x9a, 0x4e, 0x21, 0x85, 0x27, 0x10, 0xc2, 0x93,
+    0x88, 0x61, 0x5a, 0x3c, 0xbe, 0x0c, 0xfc, 0x66, 0x93, 0x88, 0x61, 0x49,
+    0xc4, 0x30, 0xa4, 0xe2, 0x18, 0x51, 0xcf, 0x2c, 0x86, 0x7e, 0x33, 0x63,
+    0xa7, 0x10, 0xc2, 0x93, 0x88, 0x61, 0x49, 0xc4, 0x30, 0xa0, 0x1b, 0x21,
+    0x0c, 0xd2, 0x71, 0x0c, 0x29, 0x38, 0x86, 0x14, 0x9c, 0x43, 0x0a, 0x4e,
+    0x21, 0x85, 0x49, 0xf2, 0x44, 0x33, 0xe1, 0x91, 0x0c, 0xd4, 0xb3, 0x03,
+    0xe3, 0x84, 0x04, 0x13, 0x46, 0xab, 0x90, 0xb6, 0xea, 0x11, 0x7d, 0xc2,
+    0x15, 0xa1, 0x47, 0xb8, 0x7d, 0x14, 0x21, 0x35, 0x0d, 0x63, 0xa5, 0x7a,
+    0x10, 0x8f, 0x0a, 0x20, 0x1d, 0x94, 0x3f, 0x78, 0xd1, 0xf8, 0x65, 0x0a,
+    0x18, 0xbb, 0xe1, 0x26, 0x63, 0xd6, 0xc9, 0x70, 0x6a, 0x3b, 0xb0, 0x85,
+    0xbf, 0x40, 0xa7, 0x38, 0x9c, 0x43, 0x00, 0x89, 0xcb, 0xde, 0x69, 0x3a,
+    0x71, 0x0c, 0x2f, 0x9b, 0xa7, 0xd2, 0xf1, 0x0c, 0x5e, 0x61, 0xe2, 0xf1,
+    0x0c, 0x58, 0x27, 0x68, 0xc9, 0xd2, 0x4f, 0x8a, 0x7e, 0x5f, 0x5b, 0xd9,
+    0xf0, 0xa1, 0xd3, 0xcf, 0xef, 0x07, 0x26, 0x2c, 0xa9, 0x3d, 0x17, 0x33,
+    0xbc, 0xc5, 0x1a, 0xcb, 0xf9, 0x8c, 0x1e, 0xa6, 0x35, 0x95, 0x03, 0xcb,
+    0xf0, 0xe5, 0xdb, 0xe5, 0x65, 0xcf, 0xda, 0xcb, 0xe8, 0x37, 0x84, 0xb2,
+    0xfa, 0x76, 0x67, 0xeb, 0x2f, 0x36, 0xf0, 0xba, 0xcb, 0x9b, 0x75, 0x65,
+    0x0d, 0xb1, 0x4b, 0xe8, 0x5f, 0xba, 0x7f, 0xbc, 0x4d, 0x67, 0x22, 0xf0,
+    0xc3, 0x8b, 0x91, 0x17, 0xc9, 0x37, 0x48, 0xaf, 0x78, 0x70, 0x59, 0x7a,
+    0x27, 0x0d, 0x65, 0x0c, 0xdd, 0xe0, 0xed, 0xf9, 0x88, 0x4f, 0xf5, 0x97,
+    0xff, 0xfe, 0xcc, 0x21, 0x7d, 0xbc, 0x42, 0x34, 0xb3, 0xbf, 0xce, 0x69,
+    0x65, 0x62, 0x2c, 0x38, 0x41, 0xb2, 0x4d, 0x7b, 0xc2, 0xe9, 0x65, 0xf7,
+    0xb3, 0x7e, 0x2c, 0xaf, 0x1e, 0x0f, 0xc7, 0xaf, 0x00, 0x5c, 0x59, 0x7f,
+    0x9c, 0x83, 0x8a, 0x0c, 0x4b, 0x2e, 0x04, 0xac, 0xbf, 0xb4, 0xe4, 0x1c,
+    0x81, 0x65, 0xcf, 0xa5, 0x96, 0x65, 0x9d, 0x16, 0xd6, 0xe9, 0x65, 0x8e,
+    0xb2, 0xc1, 0x19, 0x13, 0x9a, 0x16, 0xf2, 0x1b, 0x90, 0x06, 0x25, 0x7f,
+    0x77, 0x0f, 0x49, 0x46, 0xb2, 0x8e, 0x9a, 0x7e, 0xcc, 0x33, 0xf7, 0x54,
+    0x6f, 0xff, 0xfd, 0x90, 0xf4, 0xf9, 0x8d, 0x76, 0x29, 0xf3, 0xb4, 0x18,
+    0x6b, 0x2e, 0x86, 0x2c, 0xbf, 0x88, 0x5f, 0xf6, 0x6f, 0x59, 0x7b, 0x4d,
+    0x1a, 0xcb, 0xfd, 0x27, 0xc8, 0xa4, 0xa3, 0x59, 0x4b, 0x2e, 0x1e, 0xf5,
+    0x95, 0x88, 0xa3, 0xd1, 0x7f, 0x87, 0x40, 0x66, 0x41, 0x77, 0xc7, 0xf4,
+    0x81, 0x65, 0xfe, 0x9e, 0x83, 0x00, 0x27, 0xb5, 0x95, 0x87, 0xb1, 0xc2,
+    0x2b, 0xff, 0xb6, 0xbf, 0x43, 0xf4, 0x83, 0x08, 0x0b, 0x2f, 0xfd, 0x9c,
+    0xc1, 0x05, 0xdc, 0xdf, 0x62, 0xcb, 0x81, 0x2b, 0x2b, 0x11, 0x3d, 0xd2,
+    0x30, 0x10, 0xaa, 0x57, 0x1e, 0xa0, 0x45, 0x91, 0xb6, 0x31, 0xe4, 0x4d,
+    0x00, 0x85, 0xcf, 0xe1, 0x40, 0x28, 0x5f, 0xdf, 0x4c, 0x39, 0x2b, 0x2f,
+    0xfe, 0x22, 0x98, 0xcb, 0x1b, 0x7c, 0xec, 0xac, 0xbd, 0x3d, 0xf1, 0x65,
+    0x1d, 0x10, 0x8e, 0x43, 0xc4, 0x6b, 0xcf, 0xa9, 0x59, 0x7e, 0x6d, 0x97,
+    0x20, 0x2c, 0xbf, 0x37, 0x7c, 0x7e, 0xd6, 0x54, 0x0f, 0xb4, 0xe3, 0x7c,
+    0x29, 0xbe, 0xde, 0x79, 0x65, 0x97, 0xe8, 0x98, 0xef, 0x12, 0xcb, 0xfe,
+    0x0d, 0xc7, 0xcc, 0x3c, 0xee, 0x2c, 0xbd, 0x9d, 0x98, 0xb2, 0xb4, 0x7b,
+    0x44, 0x79, 0x7f, 0xb3, 0x0a, 0x01, 0x90, 0xd6, 0x58, 0x18, 0x7a, 0x71,
+    0x10, 0xdf, 0xfe, 0x6d, 0xc1, 0x1a, 0xdd, 0xf3, 0x22, 0x9f, 0xac, 0xb6,
+    0xe2, 0xca, 0xed, 0x11, 0x67, 0x28, 0x74, 0xfb, 0xd3, 0xe7, 0x59, 0x70,
+    0xa5, 0x65, 0xec, 0xd4, 0x16, 0x50, 0xcd, 0x96, 0xf1, 0x6b, 0xc3, 0x72,
+    0x59, 0x4c, 0x6f, 0x9c, 0x8e, 0xfb, 0xa7, 0x23, 0x56, 0x5f, 0xff, 0xfb,
+    0x5f, 0xc2, 0x9e, 0x8a, 0x4f, 0xce, 0x64, 0x3c, 0xc4, 0x05, 0x95, 0x28,
+    0x8d, 0x72, 0x3b, 0xff, 0x9f, 0x5a, 0x70, 0x48, 0x43, 0x0c, 0x31, 0x65,
+    0xe8, 0x30, 0x16, 0x5f, 0xf8, 0xdc, 0xef, 0xed, 0xfd, 0x08, 0xeb, 0x2b,
+    0x6a, 0x29, 0x9d, 0x27, 0xe3, 0x97, 0x4c, 0x16, 0x54, 0x9e, 0x38, 0x0c,
+    0x6a, 0x57, 0x12, 0x70, 0xbd, 0x88, 0xde, 0x36, 0x12, 0x30, 0xe4, 0x22,
+    0xff, 0x0a, 0xc1, 0x46, 0x1d, 0x7f, 0x74, 0xe2, 0xe8, 0xec, 0xb2, 0xf9,
+    0xc7, 0x9f, 0x59, 0x7f, 0xf1, 0x63, 0x7a, 0x7b, 0x06, 0x7f, 0x8b, 0x2f,
+    0xfe, 0x10, 0x71, 0x6d, 0x90, 0xdf, 0xa9, 0xf2, 0xcb, 0x88, 0xd5, 0x97,
+    0xff, 0x01, 0xe1, 0xcc, 0x87, 0xa4, 0x8d, 0x59, 0x7f, 0x1f, 0x98, 0x79,
+    0xdc, 0x59, 0x52, 0x7e, 0x8c, 0x89, 0x7f, 0x98, 0xde, 0x31, 0x77, 0x05,
+    0x96, 0x9d, 0x1e, 0xa7, 0x88, 0x29, 0x93, 0x06, 0xdd, 0x86, 0xfd, 0x05,
+    0x5d, 0xfa, 0x14, 0xca, 0x46, 0x8e, 0x35, 0xa8, 0x4a, 0xee, 0x1c, 0xb2,
+    0x9c, 0x94, 0x56, 0x6c, 0x3c, 0x3a, 0x96, 0xf1, 0xdc, 0xa2, 0xf6, 0x9c,
+    0x57, 0xdc, 0x8c, 0x76, 0x28, 0xd7, 0x75, 0x0f, 0x13, 0xc6, 0x87, 0xe9,
+    0x69, 0x2f, 0x58, 0xc1, 0x82, 0x38, 0x82, 0x9c, 0xed, 0xe4, 0x61, 0x7f,
+    0x9c, 0xe5, 0x14, 0x21, 0x77, 0x97, 0xec, 0x90, 0x86, 0x87, 0xbb, 0x1a,
+    0x85, 0xff, 0x73, 0xfe, 0x13, 0xc2, 0x12, 0xb2, 0xf0, 0x23, 0xc5, 0x97,
+    0x8f, 0xce, 0x96, 0x5e, 0x2e, 0xa5, 0x65, 0xf6, 0x7d, 0xfb, 0x59, 0x5b,
+    0x4f, 0x71, 0x87, 0xb4, 0x39, 0x7f, 0xf7, 0x33, 0xa1, 0xe6, 0x8c, 0x7f,
+    0x44, 0xb2, 0xff, 0xb8, 0x6b, 0x94, 0xe4, 0x72, 0xb2, 0xfa, 0x19, 0xa9,
+    0x59, 0x7f, 0x18, 0xfa, 0xd3, 0xf6, 0xb2, 0xff, 0xfd, 0xcd, 0x69, 0xa2,
+    0xe6, 0xa7, 0xed, 0xd3, 0x0d, 0x65, 0x1d, 0x35, 0x6f, 0x18, 0x3a, 0x38,
+    0x0e, 0x08, 0x84, 0xc2, 0xfb, 0xdf, 0x9e, 0x2c, 0xbe, 0xc3, 0xcf, 0x96,
+    0x58, 0x96, 0x5f, 0x87, 0x98, 0x0e, 0x2c, 0xad, 0x93, 0x6e, 0x18, 0x85,
+    0x74, 0x7f, 0xa0, 0x58, 0xa3, 0xa2, 0xf0, 0xa1, 0x33, 0x7a, 0x36, 0x1a,
+    0xcb, 0x09, 0x65, 0x80, 0xc6, 0xb8, 0x87, 0x6c, 0x15, 0x59, 0x7d, 0xa6,
+    0x23, 0x56, 0x5f, 0x85, 0xd7, 0x9b, 0x4b, 0x2e, 0xc3, 0x56, 0x5b, 0xf2,
+    0x78, 0x1c, 0x29, 0xbf, 0xb3, 0xaf, 0x4f, 0x70, 0x59, 0x7f, 0x1f, 0x8c,
+    0x6f, 0xcc, 0x59, 0x7d, 0xdf, 0xa6, 0x0b, 0x2e, 0x2e, 0x96, 0x54, 0x9b,
+    0xa7, 0x23, 0xad, 0x8d, 0x35, 0x6d, 0x0a, 0x93, 0x17, 0xc9, 0xc3, 0x2f,
+    0xdd, 0x6a, 0xbf, 0x67, 0xff, 0x91, 0xac, 0xbf, 0xe9, 0xe7, 0x33, 0xfc,
+    0xc8, 0xd6, 0x5b, 0xb2, 0x3e, 0x10, 0xca, 0x2f, 0xe9, 0xee, 0x19, 0xbb,
+    0x05, 0x95, 0x87, 0xb4, 0x72, 0x9b, 0xbb, 0xfa, 0xcb, 0xf6, 0x14, 0x6d,
+    0xa5, 0x97, 0xef, 0xb9, 0x0b, 0x16, 0x5f, 0xee, 0x61, 0xdb, 0xfe, 0x75,
+    0x95, 0x88, 0x97, 0xd0, 0xc1, 0x13, 0xfc, 0x9a, 0xfe, 0x91, 0x7f, 0xce,
+    0x05, 0x97, 0xbd, 0x23, 0x59, 0x5a, 0x3c, 0x9e, 0x16, 0xdf, 0x43, 0x44,
+    0x25, 0x95, 0x03, 0xc4, 0xec, 0x8a, 0xa5, 0x1d, 0x6f, 0x0c, 0x8b, 0xdb,
+    0x4e, 0xcb, 0x2f, 0xec, 0x8b, 0x53, 0xfe, 0x2c, 0xbf, 0x79, 0x8a, 0x4e,
+    0xb2, 0xc7, 0x59, 0x58, 0x6d, 0xc8, 0x9a, 0xa0, 0x8a, 0x22, 0x1e, 0xe3,
+    0x2d, 0xed, 0xdd, 0x4a, 0xcb, 0xff, 0x14, 0xbc, 0x7c, 0xcd, 0xf2, 0x62,
+    0xcb, 0xfe, 0xf3, 0x6b, 0xce, 0x15, 0x30, 0xc5, 0x97, 0xfd, 0xfd, 0x4e,
+    0x76, 0x16, 0xf6, 0x30, 0xaa, 0xcb, 0xff, 0xc4, 0xe6, 0x70, 0xb3, 0xb8,
+    0x7c, 0x51, 0xac, 0xbf, 0x9a, 0x22, 0xcd, 0xee, 0xb2, 0xee, 0x32, 0xca,
+    0xd1, 0xe2, 0x70, 0xba, 0xfb, 0xa7, 0xe9, 0xd6, 0x5f, 0xec, 0x28, 0x67,
+    0x1f, 0xcb, 0x2f, 0xff, 0x68, 0xd3, 0x1e, 0x32, 0xcd, 0xfa, 0x6e, 0x2c,
+    0xb7, 0x36, 0xaa, 0x6a, 0x92, 0xf1, 0x8f, 0xe2, 0x07, 0x67, 0xf1, 0x24,
+    0xea, 0x12, 0x0e, 0x45, 0xf2, 0x30, 0xcc, 0x6f, 0xf6, 0x8b, 0x07, 0xec,
+    0x25, 0x97, 0xce, 0x42, 0xc5, 0x97, 0xe1, 0xf3, 0x92, 0x75, 0x95, 0xda,
+    0x62, 0x6f, 0x09, 0xa0, 0x18, 0x91, 0x05, 0xff, 0x14, 0xbc, 0x7e, 0x9d,
+    0x01, 0x65, 0xfe, 0x6d, 0x17, 0xff, 0x91, 0xac, 0xbe, 0xfc, 0x78, 0x62,
+    0xcb, 0x9f, 0x7a, 0xcb, 0xfa, 0x04, 0xd0, 0xf6, 0x2c, 0xbf, 0x46, 0xda,
+    0x98, 0x2c, 0xa3, 0x51, 0x87, 0xd9, 0x9c, 0x44, 0x9a, 0x18, 0x22, 0xcb,
+    0xdf, 0x63, 0x56, 0x5f, 0x85, 0xfd, 0x9c, 0xfa, 0xcb, 0xc3, 0x63, 0x56,
+    0x54, 0x9e, 0x46, 0x15, 0xdf, 0xcf, 0xe0, 0xf4, 0xe0, 0x59, 0x7b, 0x40,
+    0x0d, 0x65, 0xff, 0xcd, 0xf9, 0xff, 0x3c, 0xed, 0xe1, 0x2c, 0xa9, 0x3e,
+    0x17, 0x1e, 0xbe, 0x22, 0x14, 0x16, 0x5e, 0xe3, 0x18, 0xb2, 0xff, 0x10,
+    0xb9, 0x87, 0x9e, 0x96, 0x5f, 0xfb, 0xd3, 0xa0, 0x16, 0x18, 0xe0, 0x59,
+    0x7b, 0x32, 0x25, 0x94, 0x6a, 0x23, 0x7c, 0x66, 0x03, 0xeb, 0xef, 0x82,
+    0x60, 0xb2, 0xb0, 0xf4, 0xc4, 0x63, 0x7f, 0xef, 0x0b, 0xe1, 0xff, 0xf8,
+    0x40, 0x59, 0x7a, 0x7b, 0x31, 0x65, 0xfb, 0x42, 0x3b, 0x92, 0xca, 0xc4,
+    0x42, 0xfd, 0x00, 0x43, 0xd7, 0xc7, 0x9c, 0x8d, 0x65, 0xfb, 0x37, 0x94,
+    0xf6, 0xb2, 0x98, 0xf2, 0xf8, 0x45, 0x7d, 0x25, 0xfe, 0x96, 0x5f, 0xb4,
+    0x6c, 0x6f, 0xb8, 0xb2, 0x86, 0xba, 0x53, 0x90, 0xfb, 0x64, 0xcd, 0x32,
+    0x9c, 0x83, 0xd0, 0x8f, 0x72, 0x00, 0x10, 0x94, 0x3f, 0x79, 0x0a, 0x6f,
+    0xbd, 0x6c, 0x90, 0x86, 0x45, 0x7e, 0xd9, 0xf6, 0x01, 0xd6, 0x5f, 0xe0,
+    0x07, 0x84, 0x3f, 0x4a, 0xca, 0x94, 0xc9, 0x8f, 0x0c, 0x97, 0x2a, 0xbf,
+    0xb9, 0x87, 0x6f, 0x4a, 0xcb, 0xdd, 0xc3, 0x8b, 0x2b, 0xb3, 0xca, 0xd1,
+    0x65, 0xee, 0x00, 0xc5, 0x97, 0xdd, 0xf2, 0x7b, 0x59, 0x7e, 0x87, 0xf9,
+    0x26, 0xac, 0xbf, 0xfa, 0x75, 0x31, 0x13, 0x99, 0xfc, 0xf2, 0xca, 0x73,
+    0xed, 0x22, 0x9b, 0x41, 0x91, 0x62, 0x78, 0x48, 0xd4, 0xa6, 0x3f, 0x84,
+    0x6f, 0x0c, 0xfb, 0xfe, 0x30, 0xb3, 0x5c, 0xf6, 0x74, 0xb2, 0xff, 0xe2,
+    0xce, 0x60, 0xe2, 0x84, 0xea, 0x35, 0x94, 0xc7, 0xff, 0xf3, 0xab, 0xf8,
+    0xdf, 0x94, 0x9f, 0x8b, 0x2f, 0xb0, 0x6c, 0x4b, 0x2f, 0xe2, 0xcf, 0x93,
+    0x81, 0x65, 0xf0, 0x9f, 0x50, 0x59, 0x7d, 0x22, 0x0b, 0xf1, 0x25, 0xfa,
+    0x01, 0x0c, 0x30, 0xc5, 0x94, 0x47, 0xa8, 0x22, 0x6b, 0xf9, 0xdb, 0x9e,
+    0xcf, 0xac, 0xbf, 0x6c, 0xbc, 0x7e, 0x65, 0x97, 0xff, 0xde, 0x63, 0x4d,
+    0x9f, 0xf2, 0x48, 0xb3, 0xeb, 0x2f, 0x8b, 0x0f, 0x2b, 0x2f, 0xf4, 0xfd,
+    0xc0, 0xf9, 0xa5, 0x96, 0xfa, 0xcb, 0xff, 0x37, 0x1b, 0x7e, 0xa4, 0x37,
+    0x25, 0x95, 0x87, 0xa0, 0xe2, 0x37, 0xfb, 0xce, 0x7f, 0xf2, 0x71, 0x65,
+    0xff, 0xfd, 0xf2, 0xc0, 0x39, 0x03, 0xe4, 0xe0, 0x33, 0x3c, 0xb2, 0xe2,
+    0xeb, 0x6a, 0x78, 0xdd, 0x15, 0xb2, 0x79, 0xc8, 0x3d, 0x08, 0x1f, 0x90,
+    0x06, 0x65, 0x7b, 0xe7, 0xfa, 0xcb, 0xf0, 0x98, 0x9b, 0x8b, 0x29, 0xcf,
+    0x0f, 0x83, 0xb7, 0xee, 0x6a, 0x5f, 0xa5, 0x97, 0xe9, 0x2e, 0xa7, 0x7a,
+    0xca, 0xc3, 0xd1, 0xf1, 0x45, 0x6d, 0x5c, 0x23, 0x81, 0x00, 0xca, 0xf1,
+    0xdb, 0xc4, 0x2f, 0x1f, 0x90, 0x21, 0x79, 0xf7, 0x2b, 0xfc, 0x02, 0xcd,
+    0xfa, 0x6e, 0x2c, 0xbf, 0xc1, 0x91, 0x39, 0x8f, 0xe5, 0x95, 0xb5, 0xba,
+    0x26, 0x0a, 0x9c, 0xcc, 0x79, 0xf9, 0x18, 0x9f, 0x6a, 0xad, 0x1b, 0xde,
+    0xa3, 0x1b, 0x3c, 0x74, 0x6f, 0x38, 0x8a, 0x09, 0xe9, 0x12, 0x8e, 0x77,
+    0x90, 0xb2, 0xf9, 0x08, 0xa7, 0x14, 0x77, 0xbf, 0x98, 0x69, 0x7c, 0x00,
+    0xe4, 0x0b, 0x2f, 0x05, 0x02, 0xc0, 0xaa, 0xcb, 0xd0, 0x27, 0x59, 0x7f,
+    0xbf, 0x27, 0xee, 0x19, 0xf5, 0x97, 0xbc, 0xc0, 0x59, 0x7f, 0xf4, 0x6f,
+    0xb9, 0xd7, 0x9b, 0xa9, 0xff, 0x16, 0x50, 0x51, 0x1b, 0xf2, 0x55, 0x83,
+    0x71, 0x1a, 0x70, 0x72, 0xa5, 0x34, 0xfe, 0xe3, 0x02, 0xbf, 0x6e, 0xcc,
+    0x35, 0x2b, 0x2f, 0x79, 0x8e, 0xb2, 0xe7, 0x02, 0xca, 0x73, 0x65, 0xf1,
+    0xcb, 0xf6, 0xa3, 0x9d, 0x46, 0xb2, 0xfe, 0xcf, 0xf0, 0x45, 0xf5, 0x97,
+    0xe6, 0x2f, 0x86, 0x75, 0x97, 0x9f, 0x5c, 0x59, 0x52, 0x89, 0xbc, 0x2a,
+    0x01, 0x6f, 0xca, 0x2f, 0xfd, 0x25, 0xff, 0x09, 0xe1, 0x09, 0x59, 0x7b,
+    0x42, 0xdc, 0x59, 0x73, 0x44, 0xb2, 0x98, 0xdb, 0x91, 0x05, 0xa3, 0x59,
+    0x7c, 0x76, 0xfe, 0xc0, 0xb2, 0xfa, 0x7c, 0xc6, 0xac, 0xac, 0x3c, 0x9d,
+    0x13, 0xdf, 0xf4, 0x03, 0xfb, 0x14, 0xf7, 0x05, 0x95, 0x1a, 0x35, 0x4d,
+    0x1f, 0xe9, 0x6f, 0x44, 0x37, 0xed, 0x3b, 0x10, 0x16, 0x5c, 0x5d, 0x2c,
+    0xb4, 0x4b, 0x2e, 0x10, 0x30, 0xd4, 0xb8, 0xbd, 0xed, 0x4c, 0x4b, 0x2f,
+    0x13, 0xc4, 0xb2, 0xfd, 0xc3, 0x1f, 0xbe, 0x2c, 0xa6, 0x3c, 0x67, 0x1c,
+    0xbf, 0xf1, 0x49, 0xbe, 0x7f, 0x87, 0x80, 0x59, 0x7f, 0xdc, 0x9f, 0x13,
+    0x1e, 0x78, 0xb2, 0xf7, 0x35, 0x8b, 0x2f, 0x16, 0x41, 0x65, 0xfb, 0x40,
+    0x21, 0x01, 0x65, 0x49, 0xe1, 0xe0, 0xdd, 0x31, 0xff, 0xf1, 0x7e, 0xdb,
+    0x8b, 0x2f, 0xec, 0x0e, 0x62, 0x6e, 0x2c, 0xa2, 0x3c, 0x2f, 0x8a, 0x54,
+    0xae, 0xa8, 0xc6, 0xb9, 0x08, 0x5d, 0x8c, 0xef, 0x23, 0x49, 0x89, 0x03,
+    0x49, 0xe7, 0x2b, 0xf3, 0x19, 0x10, 0x70, 0xff, 0xf0, 0xb6, 0xde, 0xc7,
+    0x7f, 0xd2, 0xde, 0x93, 0xc7, 0x86, 0x2c, 0xbf, 0xf7, 0x25, 0x86, 0x53,
+    0x06, 0x02, 0xcb, 0xf7, 0x9a, 0x37, 0x25, 0x97, 0x0d, 0x96, 0x5e, 0xf3,
+    0x44, 0xb2, 0xfc, 0x23, 0x5c, 0x80, 0xb2, 0xef, 0x32, 0xca, 0x94, 0x4c,
+    0x61, 0x3c, 0x42, 0xde, 0x1d, 0xdd, 0x28, 0xbf, 0xe8, 0xcb, 0x21, 0xec,
+    0x07, 0x16, 0x5f, 0xc6, 0xf1, 0x8b, 0xb8, 0x2c, 0xbf, 0xe9, 0x2e, 0xb6,
+    0x8c, 0x9c, 0xc5, 0x97, 0xfe, 0xc2, 0xee, 0x1c, 0xd0, 0xa4, 0x0b, 0x2f,
+    0x73, 0x0d, 0x59, 0x73, 0x9d, 0x65, 0x7c, 0xd9, 0xef, 0x1d, 0xbf, 0xf7,
+    0xc5, 0xf8, 0x85, 0x19, 0xdb, 0xeb, 0x2b, 0x0f, 0x95, 0x88, 0xef, 0xba,
+    0x38, 0x25, 0x65, 0xfd, 0x0c, 0xe7, 0x18, 0x6b, 0x2d, 0x0d, 0xa7, 0xa1,
+    0xf2, 0x3a, 0x94, 0xf6, 0xe3, 0x2f, 0x63, 0xb3, 0xc3, 0x5c, 0x37, 0x0b,
+    0xff, 0x6b, 0xc6, 0x38, 0xf7, 0xff, 0x3a, 0x59, 0x7d, 0x87, 0x9e, 0x96,
+    0x5e, 0xf6, 0x6e, 0xac, 0xbf, 0xde, 0x6d, 0x16, 0x7f, 0x8b, 0x2f, 0xa0,
+    0xff, 0xe2, 0xcb, 0x7f, 0x69, 0xf9, 0xf4, 0x3f, 0x11, 0x95, 0x3a, 0x62,
+    0x20, 0x43, 0x28, 0x4a, 0xde, 0x1c, 0xef, 0x59, 0x7e, 0xc3, 0x70, 0xa0,
+    0xb2, 0xfb, 0x5f, 0xc8, 0xd6, 0x5f, 0xff, 0x8d, 0x7d, 0xb8, 0x76, 0xfe,
+    0xdf, 0xf0, 0x98, 0xd5, 0x97, 0x4c, 0x4b, 0x2f, 0xfe, 0x29, 0x30, 0x65,
+    0x3d, 0xc1, 0x89, 0x65, 0x1a, 0x8b, 0x4d, 0x2d, 0x10, 0xbd, 0xf8, 0xf9,
+    0xe7, 0xdd, 0x59, 0x52, 0x99, 0x8e, 0x43, 0x5d, 0x8c, 0x2f, 0xdd, 0xf4,
+    0xdf, 0xe2, 0xcb, 0xff, 0x45, 0x09, 0xd4, 0x7b, 0x4c, 0xcf, 0x2c, 0xbf,
+    0xde, 0x6f, 0x14, 0xe6, 0x96, 0x5f, 0xa7, 0x7e, 0x83, 0xe2, 0xca, 0xda,
+    0x8a, 0x0e, 0x91, 0x3c, 0x63, 0x52, 0x8f, 0xd7, 0x86, 0x55, 0x4a, 0xb0,
+    0x01, 0x9a, 0x68, 0x7b, 0xd1, 0xac, 0x14, 0x66, 0x17, 0xfb, 0xd9, 0xfc,
+    0x16, 0xa3, 0x59, 0x7f, 0xff, 0x9b, 0xaf, 0x66, 0xdf, 0x4e, 0xde, 0x30,
+    0x49, 0xe9, 0xc3, 0x59, 0x7c, 0x42, 0x7f, 0xac, 0xbe, 0xef, 0xa6, 0xed,
+    0x65, 0x1d, 0x1c, 0x5e, 0x34, 0x03, 0x47, 0x08, 0x6f, 0xf1, 0x4c, 0x22,
+    0xf4, 0xc6, 0xb2, 0xee, 0x99, 0x65, 0xff, 0x31, 0x45, 0x3d, 0x6b, 0x3b,
+    0x59, 0x4e, 0x7a, 0x3c, 0x17, 0xa1, 0xa2, 0x9b, 0xf0, 0x85, 0xbf, 0x0c,
+    0xd3, 0x45, 0xda, 0xcb, 0x1a, 0xe7, 0xa8, 0x22, 0x8b, 0xfe, 0x9f, 0xe6,
+    0xba, 0x77, 0xe9, 0x51, 0x7c, 0x2f, 0xe7, 0x61, 0xcf, 0xf8, 0xb2, 0xff,
+    0xff, 0x7d, 0xb3, 0xb1, 0xf8, 0x5c, 0xce, 0xb6, 0xf9, 0xb0, 0xeb, 0x2f,
+    0xb5, 0x3d, 0xc1, 0x65, 0xff, 0xd8, 0x71, 0x41, 0xc7, 0x9d, 0x4f, 0x16,
+    0x56, 0x1f, 0x3f, 0x88, 0xee, 0x93, 0xf4, 0x9a, 0xf7, 0x91, 0xb8, 0x59,
+    0xf8, 0x65, 0xdf, 0xf3, 0x9b, 0xc6, 0xe3, 0x77, 0xf5, 0x95, 0xe4, 0x44,
+    0x92, 0x7d, 0xff, 0xf8, 0xba, 0xdb, 0xe9, 0x6d, 0x31, 0xdb, 0x66, 0x4e,
+    0xb2, 0xf3, 0xea, 0x35, 0x45, 0xfe, 0xbf, 0xfb, 0x08, 0x06, 0x67, 0x7f,
+    0xfc, 0x9d, 0x65, 0xff, 0x8b, 0xfa, 0xc9, 0xee, 0x0c, 0x75, 0x97, 0xb2,
+    0x3d, 0xd5, 0x95, 0x29, 0xa4, 0x61, 0x17, 0x4b, 0x3e, 0x2a, 0x74, 0x52,
+    0x3e, 0xbd, 0xf6, 0x31, 0x65, 0xfc, 0xf1, 0x86, 0x37, 0xdc, 0x59, 0x5f,
+    0x3c, 0xf1, 0x0e, 0xdf, 0xed, 0x6b, 0x22, 0x3c, 0xf1, 0x65, 0xff, 0x3f,
+    0xf8, 0xc5, 0xdc, 0x0e, 0xb2, 0xff, 0x9b, 0x51, 0x88, 0x00, 0x9f, 0xac,
+    0xbf, 0xe9, 0xcd, 0x6d, 0x83, 0x77, 0x05, 0x95, 0x04, 0xc1, 0x30, 0x88,
+    0x06, 0x9c, 0x39, 0xf9, 0xd5, 0xff, 0xfe, 0xf3, 0xf1, 0xa7, 0x9b, 0x7f,
+    0xec, 0x3e, 0x74, 0xfa, 0x59, 0x74, 0xee, 0xac, 0xbe, 0xe7, 0x1c, 0xeb,
+    0x2b, 0xc8, 0x9d, 0x03, 0x17, 0xc6, 0x6f, 0x8e, 0x53, 0x12, 0xcb, 0xfd,
+    0xdf, 0xc3, 0xf7, 0xb3, 0x71, 0x65, 0xfb, 0x1a, 0x39, 0x35, 0x65, 0x4a,
+    0x20, 0xf0, 0x8b, 0xc7, 0x37, 0xe0, 0x73, 0x66, 0x7e, 0xb2, 0xfb, 0x34,
+    0x1c, 0x4b, 0x2a, 0x33, 0xfd, 0xc2, 0xed, 0x15, 0xdf, 0x46, 0x36, 0x89,
+    0x65, 0xf7, 0x70, 0xfb, 0xac, 0xbf, 0xfd, 0xd7, 0x98, 0xb3, 0x7b, 0xc3,
+    0x8c, 0x35, 0x97, 0xfa, 0x05, 0x87, 0x3b, 0xc1, 0x65, 0xf3, 0x74, 0xc3,
+    0x59, 0x76, 0xa5, 0x8f, 0x53, 0xe6, 0x54, 0x34, 0x65, 0xea, 0x13, 0xf7,
+    0xf7, 0x3e, 0x53, 0x9d, 0xac, 0xa9, 0x4d, 0x9f, 0x09, 0x1e, 0x1d, 0xc2,
+    0x28, 0xbf, 0xfd, 0x9c, 0xf3, 0xb7, 0xe4, 0xe4, 0xe6, 0xac, 0xbc, 0xe5,
+    0xd2, 0xcb, 0xf0, 0x39, 0xfc, 0xf2, 0xcb, 0xe1, 0xfa, 0x7b, 0x59, 0x7d,
+    0x9e, 0x86, 0x2c, 0xb1, 0x8c, 0x78, 0x9f, 0x23, 0xb6, 0x2c, 0xa9, 0x45,
+    0x23, 0xb6, 0x7c, 0xa2, 0xfa, 0x43, 0x8b, 0x8b, 0x2a, 0x55, 0x98, 0x42,
+    0x39, 0x6c, 0x40, 0x89, 0x20, 0xa1, 0x81, 0xc2, 0xeb, 0xff, 0x00, 0xed,
+    0x9d, 0xfc, 0x72, 0x35, 0x97, 0xf6, 0xd1, 0xe6, 0x03, 0x8b, 0x2f, 0xff,
+    0xdf, 0xcd, 0x46, 0xdc, 0x6d, 0xfe, 0x6c, 0xef, 0xeb, 0x28, 0xe8, 0x87,
+    0x22, 0xfb, 0xfc, 0x5f, 0xe0, 0x87, 0xe6, 0x59, 0x52, 0x7a, 0xb8, 0x45,
+    0x73, 0xf6, 0xb2, 0xfb, 0x69, 0x85, 0xf5, 0x97, 0x73, 0x0e, 0x6f, 0x08,
+    0x5e, 0xf1, 0xf5, 0x1a, 0xca, 0xc3, 0xc9, 0x62, 0xbb, 0xfe, 0x9e, 0x72,
+    0x5a, 0x37, 0xfa, 0xcb, 0xf3, 0x9e, 0x47, 0x2b, 0x2b, 0xe7, 0xbc, 0x23,
+    0x8b, 0xfe, 0x6c, 0x21, 0x9a, 0xd9, 0xa5, 0x95, 0x2a, 0xa5, 0xda, 0x31,
+    0xbd, 0x42, 0x97, 0xef, 0xdb, 0xa4, 0x57, 0xfd, 0xcc, 0x8f, 0x8c, 0x4f,
+    0x1a, 0xcb, 0xff, 0x67, 0x70, 0x62, 0x3c, 0x8e, 0x56, 0x5d, 0x9d, 0xac,
+    0xac, 0x44, 0x6b, 0x1c, 0xfc, 0xf6, 0xfe, 0x7d, 0x77, 0x0c, 0xfa, 0xcb,
+    0xfc, 0xf8, 0x1e, 0x67, 0x7f, 0x59, 0x7f, 0xdc, 0x6d, 0x7c, 0x84, 0xf0,
+    0x59, 0x40, 0x3e, 0xbf, 0x99, 0xdf, 0xff, 0x9b, 0x98, 0x3f, 0x67, 0xdb,
+    0x39, 0x1e, 0x18, 0xb2, 0xff, 0xf8, 0xbf, 0xd7, 0x98, 0xce, 0x16, 0x00,
+    0x5c, 0x59, 0x7e, 0xc6, 0xd9, 0x61, 0xac, 0xbf, 0xfa, 0x76, 0x70, 0x45,
+    0x99, 0xbe, 0x7b, 0x59, 0x52, 0x8c, 0x11, 0xa8, 0x9c, 0xa6, 0xff, 0xd3,
+    0x9a, 0xcd, 0x00, 0xed, 0xc5, 0x97, 0xdf, 0xe0, 0x3a, 0x59, 0x79, 0xfb,
+    0xdd, 0x59, 0x7f, 0x3f, 0xf9, 0x39, 0x1a, 0xca, 0x95, 0x55, 0xd9, 0x09,
+    0x9e, 0x88, 0x9a, 0x31, 0x62, 0x2f, 0x11, 0xee, 0xf2, 0x43, 0x08, 0x2f,
+    0xc0, 0x7e, 0xe1, 0x8b, 0x2f, 0xee, 0xf8, 0xc5, 0xdc, 0x16, 0x5f, 0xc5,
+    0xfc, 0x8a, 0x77, 0x16, 0x54, 0x9e, 0xfe, 0x17, 0xdf, 0xfd, 0x80, 0x1b,
+    0xbf, 0x5e, 0x3c, 0x8d, 0x65, 0x4a, 0x3a, 0xcf, 0x08, 0x70, 0x10, 0x5f,
+    0xf0, 0xa4, 0xfc, 0xc3, 0xce, 0xe2, 0xcb, 0xff, 0x6a, 0x3c, 0x1e, 0x7b,
+    0xd9, 0xb8, 0xb2, 0xc6, 0xac, 0xbf, 0xdf, 0xe0, 0x7b, 0xe7, 0x3b, 0x59,
+    0x52, 0x79, 0x24, 0x25, 0x7f, 0xed, 0x70, 0xe1, 0xe6, 0x9a, 0x62, 0x59,
+    0x58, 0x7c, 0x02, 0x20, 0xbf, 0x39, 0x47, 0xc1, 0xac, 0xac, 0x4c, 0xd3,
+    0x90, 0xeb, 0x30, 0x86, 0xfb, 0xfe, 0xc2, 0x59, 0x7f, 0x8b, 0x3f, 0xfc,
+    0xd4, 0x4b, 0x2f, 0xee, 0x3c, 0x0a, 0x4e, 0xb2, 0xf1, 0x4e, 0xe2, 0xcb,
+    0xff, 0xe8, 0x4e, 0xa3, 0xfb, 0x1b, 0xce, 0x39, 0x41, 0x65, 0xfd, 0x1f,
+    0x30, 0xf3, 0xb8, 0xb2, 0xa2, 0x44, 0x10, 0x6a, 0x35, 0x89, 0xa2, 0xc4,
+    0x43, 0xa3, 0x3e, 0x16, 0x19, 0x0a, 0x0b, 0xf8, 0x9f, 0xb8, 0x67, 0xd6,
+    0x5d, 0xe6, 0x59, 0x51, 0x9e, 0x1b, 0x16, 0xdf, 0xbc, 0x3f, 0xe6, 0xf5,
+    0x97, 0x0e, 0x0b, 0x2f, 0xf6, 0x0c, 0x5f, 0xe4, 0x02, 0xeb, 0x2e, 0xc8,
+    0x2c, 0xaf, 0x1e, 0x71, 0x1c, 0x5a, 0x12, 0x8b, 0x0d, 0x15, 0x7d, 0x96,
+    0xf8, 0xff, 0x68, 0xd6, 0x56, 0x1e, 0xc3, 0x1a, 0xdf, 0xfd, 0xbf, 0xe6,
+    0xc9, 0x43, 0x3c, 0xc7, 0x59, 0x74, 0x7f, 0x59, 0x7f, 0xb7, 0xf9, 0xe1,
+    0x38, 0x4b, 0x2a, 0x4f, 0x2f, 0x06, 0x2f, 0xa0, 0xfa, 0x82, 0xcb, 0xff,
+    0xd3, 0xa7, 0xf8, 0xbe, 0xdf, 0xe7, 0x99, 0x65, 0xa1, 0x11, 0xf5, 0xf8,
+    0x8a, 0x96, 0x5f, 0x07, 0xe7, 0xfa, 0xcb, 0x67, 0x0d, 0x71, 0x81, 0x77,
+    0xf4, 0x0f, 0xf2, 0x14, 0x4b, 0x2f, 0xff, 0x83, 0x84, 0xef, 0x62, 0x06,
+    0x9a, 0x4f, 0x89, 0x2b, 0x47, 0xff, 0xf2, 0xfb, 0xef, 0x07, 0xdf, 0xd6,
+    0x5f, 0xb0, 0xf8, 0xdb, 0xd6, 0x5e, 0x8e, 0x2d, 0xc5, 0x96, 0x31, 0x65,
+    0x4a, 0x74, 0x11, 0xab, 0xe4, 0x29, 0xba, 0x22, 0x62, 0x51, 0x14, 0x6c,
+    0x91, 0x5f, 0xa3, 0x39, 0x39, 0xab, 0x2e, 0xfe, 0x2c, 0xbf, 0xc0, 0xe6,
+    0x14, 0xf7, 0xc5, 0x97, 0xed, 0x34, 0x6e, 0x75, 0x4c, 0x26, 0xbe, 0xf8,
+    0xa5, 0xd5, 0x30, 0x9a, 0xe0, 0x4a, 0xa8, 0x13, 0x5f, 0xe2, 0x73, 0x7f,
+    0x3a, 0x02, 0xa8, 0x13, 0x5f, 0xee, 0x67, 0x9b, 0x82, 0x8d, 0x53, 0x09,
+    0xae, 0xc1, 0xaa, 0x61, 0x35, 0xc6, 0x18, 0xb9, 0x84, 0xd5, 0x89, 0xa8,
+    0x76, 0x6a, 0xc5, 0xc7, 0x23, 0xe2, 0x06, 0xf4, 0x13, 0x08, 0xed, 0xf4,
+    0xcc, 0x26, 0x04, 0x3e, 0x7a, 0xed, 0x51, 0x96, 0x85, 0x8c, 0x8f, 0xaa,
+    0xfb, 0x06, 0x22, 0x59, 0x58, 0xaa, 0xd9, 0xa5, 0x2d, 0xb9, 0xd5, 0xff,
+    0xf8, 0x07, 0x78, 0x73, 0xd3, 0xbf, 0x03, 0x1b, 0xc1, 0x65, 0x4b, 0x21,
+    0x29, 0xa1, 0x29, 0xe8, 0xca, 0x9c, 0x80, 0xa1, 0x23, 0xc9, 0x45, 0x7f,
+    0x96, 0x44, 0x23, 0x6b, 0xff, 0xec, 0x33, 0xce, 0xdf, 0x9f, 0x88, 0x18,
+    0x4b, 0x2f, 0xfd, 0x02, 0x73, 0x62, 0x83, 0x6a, 0x0b, 0x2f, 0xf9, 0xcd,
+    0x2c, 0x8a, 0x13, 0xda, 0xca, 0xd1, 0xfd, 0x12, 0x05, 0xff, 0xfc, 0x43,
+    0xc2, 0x93, 0x3e, 0x6b, 0xf3, 0x30, 0x8d, 0x59, 0x7c, 0xfb, 0xf0, 0xc5,
+    0x96, 0xd8, 0x96, 0x5f, 0xff, 0x3c, 0x3d, 0x32, 0xdf, 0xe3, 0x17, 0x70,
+    0x59, 0x50, 0x3e, 0x4f, 0x0b, 0x5e, 0x8a, 0x78, 0xb2, 0xf1, 0x00, 0xeb,
+    0x2f, 0xfa, 0x45, 0xf2, 0x6d, 0xe1, 0x9d, 0x65, 0xff, 0x67, 0xdb, 0x39,
+    0x1e, 0x18, 0xb2, 0xe9, 0x3a, 0xcb, 0xb3, 0x92, 0x8c, 0x3c, 0x1d, 0xd0,
+    0xe7, 0x8e, 0xf6, 0x4e, 0x6f, 0xff, 0x3c, 0x3d, 0x3b, 0xc3, 0x3b, 0xbe,
+    0xba, 0x59, 0x52, 0xad, 0x4f, 0x21, 0x90, 0xc4, 0x3a, 0x5a, 0x78, 0x44,
+    0x14, 0x39, 0x44, 0xad, 0x7f, 0x9b, 0x7e, 0xdf, 0x3f, 0x37, 0x16, 0x5f,
+    0xdf, 0x13, 0xf3, 0x9f, 0x59, 0x7e, 0xe4, 0xe0, 0x25, 0x65, 0xf0, 0x3c,
+    0x59, 0xd9, 0xea, 0x7c, 0xba, 0xff, 0xbd, 0x21, 0x9f, 0x37, 0xb7, 0x4b,
+    0x2b, 0x13, 0x03, 0x78, 0x47, 0x70, 0xe6, 0xf3, 0x68, 0xd5, 0x97, 0x68,
+    0x0b, 0x2b, 0x0d, 0xa3, 0x0e, 0xdd, 0x1e, 0x96, 0x5c, 0x08, 0x96, 0x5f,
+    0xfc, 0x78, 0xa0, 0xe5, 0x18, 0xe4, 0xa3, 0x59, 0x52, 0x7e, 0xc3, 0x18,
+    0xc1, 0x8b, 0xd9, 0xc8, 0x2c, 0xbe, 0x6f, 0x39, 0xd6, 0x5f, 0x6a, 0x79,
+    0x1a, 0xca, 0xd1, 0xf0, 0x7c, 0x70, 0x32, 0x1a, 0x97, 0x5b, 0x89, 0x1c,
+    0xa1, 0x41, 0xce, 0x30, 0xe4, 0x67, 0x06, 0xc6, 0x6f, 0xd4, 0xb5, 0x7e,
+    0xe3, 0xa8, 0x68, 0x73, 0xc5, 0x38, 0xc1, 0xa9, 0x5f, 0x27, 0x87, 0x2f,
+    0xa5, 0x6e, 0x02, 0x36, 0x92, 0x34, 0xe4, 0x6d, 0xff, 0xa4, 0xe2, 0xef,
+    0x97, 0xc4, 0x64, 0x6e, 0x7b, 0x2d, 0x01, 0xc2, 0x57, 0x76, 0x11, 0xb7,
+    0xd1, 0x9f, 0xfc, 0x59, 0x76, 0x12, 0xcb, 0xbf, 0xc5, 0x95, 0x26, 0xb0,
+    0x85, 0x6f, 0xfe, 0xcf, 0x67, 0xfb, 0xe9, 0xb5, 0xec, 0x59, 0x76, 0x71,
+    0x65, 0xff, 0xb9, 0x9a, 0xf9, 0x39, 0xa6, 0xe2, 0xca, 0x82, 0x2e, 0x46,
+    0x3e, 0x04, 0x5e, 0x0b, 0x5f, 0xf8, 0xb0, 0x0f, 0xac, 0xdf, 0x83, 0x59,
+    0x7f, 0x42, 0x28, 0x49, 0x7d, 0x65, 0xfd, 0x90, 0x21, 0x3f, 0x16, 0x5f,
+    0x77, 0xc6, 0x95, 0x97, 0xfb, 0x0b, 0x77, 0xec, 0x46, 0xac, 0xa3, 0x51,
+    0xdf, 0xd9, 0xf6, 0x8b, 0xbc, 0x58, 0x02, 0x2b, 0xec, 0xd3, 0x1a, 0xb2,
+    0xf1, 0x91, 0x9d, 0x65, 0xff, 0xf6, 0xfd, 0x64, 0x7b, 0x45, 0x39, 0xf9,
+    0xee, 0x0b, 0x2f, 0xfb, 0xd2, 0x72, 0x78, 0x67, 0x96, 0x54, 0xa6, 0x32,
+    0x34, 0xcc, 0x22, 0x71, 0xfe, 0x2a, 0xdf, 0xa4, 0x32, 0xec, 0x0b, 0x2f,
+    0xf7, 0xa4, 0xd0, 0xfc, 0xff, 0x59, 0x5e, 0x3d, 0xef, 0x94, 0xdd, 0x9b,
+    0xab, 0x2e, 0x0f, 0x8b, 0x2f, 0xdf, 0x33, 0x0a, 0x35, 0x96, 0x9f, 0x1e,
+    0x09, 0x0c, 0x56, 0xc0, 0x88, 0x08, 0x2d, 0x5e, 0xcc, 0x31, 0x65, 0xcc,
+    0x6a, 0xca, 0x8c, 0xd9, 0xb0, 0xe5, 0xfb, 0xf9, 0x13, 0x1d, 0x65, 0xfa,
+    0x7b, 0x00, 0x25, 0x65, 0x49, 0xe8, 0x11, 0x45, 0xf6, 0xf9, 0x2f, 0xac,
+    0xbf, 0x7a, 0x5b, 0x92, 0xb2, 0xa4, 0xf2, 0x5c, 0x8e, 0xfc, 0xdb, 0xfe,
+    0xd1, 0xac, 0xbf, 0x7f, 0xd3, 0xa8, 0x2c, 0xbf, 0xf6, 0x1e, 0x4a, 0x40,
+    0x77, 0x82, 0xcb, 0xff, 0x1c, 0x98, 0xd9, 0xff, 0x1b, 0x4b, 0x2f, 0xa1,
+    0xfc, 0xe9, 0x65, 0x61, 0xf0, 0xb9, 0xf5, 0xc5, 0x2b, 0x2f, 0xfb, 0xcf,
+    0x09, 0x88, 0xa4, 0xeb, 0x2f, 0xe1, 0xbf, 0xfc, 0xc6, 0x2c, 0xbf, 0x16,
+    0x07, 0x91, 0x2c, 0xbf, 0xff, 0x67, 0x40, 0x93, 0xe7, 0xdb, 0x99, 0x84,
+    0x6a, 0xcb, 0xf8, 0xed, 0x27, 0x72, 0x59, 0x5e, 0x3f, 0xf0, 0x2a, 0x5f,
+    0xfc, 0xc7, 0x18, 0x9f, 0x50, 0xce, 0xfe, 0xb2, 0xc5, 0x87, 0xcf, 0xd1,
+    0x15, 0xff, 0x9c, 0x81, 0xdf, 0xf5, 0x38, 0x62, 0xcb, 0xff, 0x73, 0xcd,
+    0xb7, 0xb8, 0x4e, 0x46, 0xb2, 0xff, 0x60, 0xf5, 0xa6, 0x8b, 0x8b, 0x2e,
+    0xdb, 0xba, 0xb2, 0xd9, 0xb8, 0x8d, 0x10, 0x1f, 0xfd, 0x0b, 0x79, 0xa5,
+    0xec, 0x1e, 0xca, 0xcb, 0xfe, 0xf3, 0x9f, 0xcd, 0x3d, 0xc1, 0x65, 0xfe,
+    0xc3, 0x8d, 0x80, 0x28, 0x2c, 0xbe, 0xf3, 0xb9, 0xd6, 0x5f, 0x3f, 0xbc,
+    0xcb, 0x28, 0x8f, 0x0b, 0x79, 0x0d, 0xf8, 0xa1, 0xb2, 0xf1, 0xac, 0xa9,
+    0x3c, 0xe0, 0xc8, 0xea, 0x55, 0x3e, 0x42, 0x1f, 0x06, 0xa3, 0xb0, 0xff,
+    0x8e, 0x41, 0x0c, 0x3b, 0xff, 0xfc, 0xdb, 0xc8, 0x5c, 0xda, 0x19, 0x48,
+    0xfc, 0xf0, 0xce, 0x2c, 0xb8, 0xd6, 0x59, 0x51, 0xaf, 0x3d, 0x0d, 0xa7,
+    0xa2, 0x0e, 0xca, 0xb7, 0x0a, 0x35, 0x09, 0xd3, 0x90, 0x78, 0x55, 0xce,
+    0x08, 0xbb, 0xf2, 0xe2, 0xb7, 0xb1, 0x6c, 0xb2, 0x5f, 0xef, 0x77, 0x0e,
+    0x7b, 0x23, 0x59, 0x7f, 0xcf, 0xe8, 0x98, 0xbd, 0x9d, 0xac, 0xa9, 0x3e,
+    0xfc, 0x36, 0xbb, 0xb8, 0xd6, 0x58, 0x0b, 0x28, 0x46, 0xa8, 0xc1, 0x9b,
+    0xf4, 0x50, 0x9f, 0xf1, 0x65, 0xdc, 0x02, 0xca, 0xf1, 0xf1, 0x00, 0x8b,
+    0x64, 0xa6, 0xff, 0xff, 0xfb, 0xd8, 0x40, 0xc2, 0xff, 0xb3, 0xd3, 0x91,
+    0x36, 0xa2, 0xf3, 0x77, 0xf5, 0x97, 0xf6, 0x9b, 0xaf, 0x64, 0x4b, 0x2f,
+    0xff, 0x8b, 0x22, 0x70, 0x67, 0xe7, 0x7b, 0x10, 0x16, 0x51, 0xcf, 0xfb,
+    0xe5, 0xf7, 0xe7, 0x2f, 0xb7, 0x96, 0x56, 0x26, 0x86, 0xf0, 0xfb, 0x01,
+    0x15, 0xe9, 0xc3, 0x16, 0x5f, 0xe6, 0xe1, 0x4f, 0xe6, 0x0b, 0x28, 0x8f,
+    0x37, 0x83, 0x97, 0xd3, 0xdf, 0x1d, 0x65, 0x4b, 0xe0, 0xbe, 0x47, 0x0c,
+    0x68, 0x1c, 0x8e, 0x1a, 0x99, 0x6b, 0x84, 0x3a, 0x8e, 0x7f, 0xb8, 0xc2,
+    0x5a, 0x52, 0x2e, 0xe4, 0x29, 0xa2, 0x85, 0x16, 0x96, 0xde, 0x7b, 0xac,
+    0xa3, 0x39, 0xfc, 0x2b, 0x05, 0x1b, 0xae, 0xf8, 0x40, 0x86, 0x43, 0x7b,
+    0x9c, 0xe2, 0xcb, 0xff, 0xe6, 0x2c, 0x3c, 0x86, 0x42, 0x81, 0x61, 0xd6,
+    0x5f, 0x88, 0x50, 0xce, 0x2c, 0xbf, 0xec, 0x1f, 0xa7, 0xfe, 0x9e, 0x2c,
+    0xb8, 0x6d, 0x87, 0xbe, 0x44, 0xf7, 0xff, 0x9a, 0x7f, 0xe1, 0x39, 0xe2,
+    0x84, 0xc6, 0xb2, 0xfe, 0x2c, 0xd6, 0xb3, 0xb5, 0x95, 0xe3, 0xf8, 0xe2,
+    0x5d, 0xff, 0x9f, 0xe4, 0xfc, 0xf3, 0x83, 0x8b, 0x2f, 0xf6, 0xa7, 0xaf,
+    0x76, 0xfb, 0x8b, 0x2a, 0x33, 0xf5, 0xd1, 0xed, 0xe2, 0x9e, 0x2c, 0xbe,
+    0xc2, 0xc3, 0xac, 0xbf, 0xf0, 0xa6, 0x2e, 0x49, 0x1e, 0x78, 0xb2, 0x96,
+    0x54, 0xa2, 0x12, 0x03, 0x7c, 0x20, 0x11, 0xf5, 0xf8, 0x4e, 0x33, 0xca,
+    0xcb, 0xff, 0xe6, 0x29, 0x8d, 0xc7, 0xe9, 0xf1, 0x61, 0xab, 0x2b, 0xa3,
+    0xf5, 0xd1, 0x3d, 0xff, 0x79, 0xa1, 0xe7, 0x83, 0x1d, 0x65, 0xf1, 0x48,
+    0x5b, 0xd8, 0x4b, 0x2f, 0xfd, 0xc6, 0x2e, 0xe1, 0xf6, 0xe3, 0x2c, 0xac,
+    0x45, 0x1b, 0x9c, 0x7c, 0xb6, 0xf9, 0x89, 0xa2, 0x59, 0x7e, 0xff, 0xa4,
+    0x41, 0x75, 0x97, 0x79, 0xd6, 0x53, 0x9e, 0x17, 0xcb, 0x2f, 0xfc, 0xc7,
+    0xc1, 0xf9, 0xb8, 0x58, 0xb2, 0xf8, 0xf2, 0x39, 0x59, 0x44, 0x7b, 0xbc,
+    0x3c, 0xa8, 0x2e, 0x9a, 0x64, 0x2b, 0x3a, 0x85, 0x1b, 0x42, 0x5e, 0x28,
+    0x53, 0xea, 0x16, 0x27, 0x86, 0x37, 0x8b, 0x89, 0x8f, 0xef, 0xd7, 0xde,
+    0xc0, 0x3a, 0xcb, 0xb6, 0x19, 0xd6, 0x5f, 0x14, 0xea, 0x0b, 0x2f, 0xfb,
+    0xd3, 0x06, 0x22, 0x17, 0x6b, 0x2f, 0xfa, 0x60, 0xdf, 0x84, 0x90, 0x16,
+    0x5f, 0xf4, 0xe7, 0xc3, 0x00, 0x27, 0xb5, 0x97, 0xb0, 0x8d, 0x59, 0x6d,
+    0x05, 0x53, 0x03, 0x91, 0xdc, 0x21, 0xd1, 0xc1, 0xcd, 0xc2, 0xe7, 0x56,
+    0x25, 0x97, 0xfd, 0x3b, 0x84, 0xff, 0x83, 0x6f, 0x59, 0x7b, 0xd2, 0x35,
+    0x97, 0xf1, 0x4f, 0x5a, 0x98, 0x2c, 0xbf, 0xfc, 0xed, 0xf8, 0x08, 0xbf,
+    0xcf, 0x3c, 0x16, 0x06, 0x6b, 0x6f, 0xc3, 0x61, 0x68, 0xd5, 0x97, 0x4f,
+    0x96, 0x53, 0x23, 0x8b, 0xc9, 0x2e, 0xb5, 0xbc, 0xa6, 0xff, 0xdc, 0x0f,
+    0xec, 0x42, 0x86, 0x71, 0x65, 0xc3, 0xe2, 0xca, 0x82, 0x76, 0x3b, 0x91,
+    0x8f, 0x78, 0xf4, 0x8f, 0xef, 0xff, 0xec, 0xef, 0x38, 0xe5, 0xe6, 0x9f,
+    0xf8, 0x4e, 0x75, 0x95, 0xb5, 0x5f, 0x44, 0xc6, 0x48, 0xcc, 0x8f, 0x1e,
+    0x09, 0x23, 0x5e, 0x3b, 0x62, 0xcb, 0xdc, 0x7e, 0x96, 0x5b, 0x16, 0x5f,
+    0x84, 0x76, 0xf4, 0xac, 0xbf, 0x66, 0xba, 0x9c, 0x59, 0x51, 0x9e, 0xf1,
+    0x08, 0x06, 0x4f, 0x7f, 0xd8, 0x7c, 0xd3, 0x46, 0xe7, 0x59, 0x7f, 0xd2,
+    0x5d, 0x6d, 0x6d, 0x67, 0x4b, 0x2f, 0xff, 0x6d, 0xff, 0xb0, 0xf9, 0xd4,
+    0xfa, 0x4e, 0xb2, 0xf3, 0x9f, 0x8b, 0x2b, 0x0f, 0xa1, 0xd3, 0x28, 0x08,
+    0xc3, 0xfc, 0x28, 0xee, 0xc8, 0xd6, 0x5f, 0xb5, 0x9f, 0xf3, 0x2c, 0xbf,
+    0xe8, 0x66, 0xb5, 0x9f, 0xf3, 0x2c, 0xbe, 0x9f, 0x06, 0x3d, 0x1e, 0xff,
+    0xc9, 0xef, 0xf8, 0xa7, 0xbd, 0x93, 0x7f, 0x9e, 0x59, 0x77, 0xf6, 0x56,
+    0x59, 0xce, 0x7a, 0xe4, 0x7b, 0x7b, 0x65, 0x80, 0xb2, 0xff, 0xf8, 0xbe,
+    0xef, 0xe2, 0x9f, 0xf0, 0xcc, 0xf2, 0xcb, 0x9f, 0x71, 0x65, 0x32, 0x21,
+    0x9c, 0x7f, 0xe9, 0xd7, 0xfe, 0xc3, 0xe6, 0xee, 0x60, 0x82, 0xfc, 0x59,
+    0x7f, 0x06, 0x37, 0xd6, 0x1d, 0x65, 0xf6, 0xf9, 0x28, 0x2c, 0xb6, 0xb6,
+    0x9e, 0x8e, 0x17, 0x57, 0xd1, 0x7c, 0x1c, 0x25, 0x6f, 0xfe, 0x3f, 0x1e,
+    0x1a, 0x9e, 0x49, 0x46, 0xb2, 0xff, 0xa7, 0xfe, 0xc3, 0xe6, 0xb1, 0x65,
+    0xfb, 0xfe, 0x69, 0xe2, 0xcb, 0x9c, 0xb4, 0x7b, 0xdc, 0x37, 0xbf, 0xfe,
+    0xc1, 0xfa, 0x79, 0x06, 0xe7, 0x27, 0x50, 0x59, 0x51, 0x9f, 0xde, 0xc9,
+    0x65, 0xff, 0xfc, 0xdf, 0x9f, 0xf0, 0xb3, 0xcd, 0x3f, 0xf3, 0xc1, 0x65,
+    0xff, 0x48, 0x38, 0x31, 0x3e, 0xa0, 0xb2, 0xf6, 0xb9, 0xc5, 0xc4, 0x06,
+    0xbe, 0xe9, 0xdf, 0xa5, 0x44, 0x06, 0x08, 0x6a, 0xad, 0x90, 0x45, 0x2e,
+    0x98, 0xef, 0xf8, 0xef, 0xdb, 0xc3, 0x8d, 0x05, 0x97, 0xfd, 0x3e, 0xe9,
+    0xb8, 0xed, 0x1a, 0xcb, 0x4e, 0xd4, 0x4d, 0x61, 0x46, 0x8e, 0x6f, 0x1d,
+    0xe0, 0xb2, 0xbc, 0x7a, 0x40, 0x36, 0xb8, 0xb1, 0x65, 0xce, 0x05, 0x95,
+    0x27, 0x9a, 0x44, 0x5f, 0x15, 0xb7, 0x4b, 0x2b, 0x46, 0xfc, 0x8b, 0x6b,
+    0x15, 0xec, 0x3c, 0x63, 0xbc, 0x26, 0x0e, 0x53, 0xad, 0x0d, 0x90, 0x1d,
+    0xdc, 0x3e, 0xf4, 0x50, 0x77, 0x6f, 0x42, 0x44, 0x10, 0xac, 0x28, 0x76,
+    0x7e, 0x70, 0x06, 0xf8, 0x7e, 0x9d, 0x95, 0x97, 0xff, 0x8e, 0xff, 0xe0,
+    0xa1, 0xe7, 0x62, 0x75, 0x97, 0xff, 0xf3, 0x0c, 0xb3, 0x93, 0xad, 0xbc,
+    0xf3, 0x8e, 0x46, 0xb2, 0xf6, 0xf9, 0xf2, 0xca, 0x96, 0x52, 0x5c, 0x06,
+    0xf1, 0xed, 0xa9, 0x07, 0xcf, 0x09, 0x10, 0x12, 0xf1, 0x20, 0x35, 0xbb,
+    0xf3, 0x7d, 0xf6, 0x71, 0x65, 0xfb, 0x35, 0x00, 0xe0, 0xb2, 0xff, 0x47,
+    0xc9, 0x3b, 0xf7, 0xf5, 0x95, 0x19, 0xef, 0x11, 0x4d, 0xcf, 0xda, 0xcb,
+    0xf9, 0xb7, 0xbb, 0x97, 0x4b, 0x2f, 0x79, 0xf7, 0x16, 0x5f, 0x48, 0x36,
+    0x71, 0x65, 0xf1, 0xce, 0xff, 0x59, 0x50, 0x4d, 0x4f, 0x21, 0x0e, 0x72,
+    0x2f, 0x0b, 0x80, 0xbb, 0xe3, 0xe1, 0x92, 0x5f, 0xd9, 0xba, 0xef, 0xee,
+    0x2c, 0xbf, 0xfb, 0x39, 0xf7, 0xec, 0x3d, 0xd9, 0x28, 0x2c, 0xb6, 0x2c,
+    0xbf, 0xfb, 0x09, 0xe1, 0xe7, 0x39, 0xde, 0x0b, 0x2d, 0x16, 0xc0, 0x7a,
+    0x5b, 0x18, 0x85, 0xff, 0xfe, 0x61, 0x47, 0x13, 0xbc, 0x7f, 0xc8, 0x8a,
+    0x4f, 0xe7, 0x59, 0x7f, 0x46, 0x36, 0xd4, 0xef, 0x59, 0x7f, 0xfe, 0xe6,
+    0xdc, 0x1e, 0xde, 0x66, 0x80, 0x7c, 0xd9, 0xc5, 0x94, 0x48, 0x8c, 0xf9,
+    0x85, 0xfe, 0x23, 0x5f, 0xaf, 0x34, 0x6b, 0x2f, 0x7c, 0x02, 0x59, 0x4c,
+    0x7a, 0x44, 0x6b, 0x7e, 0x38, 0x50, 0x28, 0x14, 0xd8, 0x96, 0x5f, 0xff,
+    0xd0, 0xce, 0x36, 0xb4, 0xc7, 0x0f, 0xfe, 0xc3, 0x3e, 0xb2, 0xa5, 0x32,
+    0xbc, 0x74, 0x62, 0x07, 0x3a, 0xbd, 0xc7, 0x65, 0x97, 0xf1, 0x9e, 0x91,
+    0xb4, 0xac, 0xa3, 0x9e, 0x43, 0x8d, 0xdf, 0xff, 0x79, 0xdb, 0xf2, 0xd0,
+    0xc2, 0x00, 0x25, 0x65, 0xe7, 0xf4, 0xac, 0xbb, 0x00, 0xb2, 0xd1, 0xf8,
+    0xd8, 0x98, 0x37, 0x7e, 0x0e, 0x75, 0x84, 0xb2, 0xff, 0xbd, 0x3c, 0xff,
+    0x30, 0x41, 0x75, 0x97, 0xfe, 0x96, 0xf7, 0xb3, 0xfe, 0xc8, 0x2c, 0xbf,
+    0xd8, 0x50, 0xce, 0x06, 0x75, 0x96, 0x21, 0xa2, 0xb7, 0x47, 0xbf, 0x3d,
+    0xa9, 0x4c, 0x27, 0x21, 0xa9, 0x7f, 0xfb, 0x3c, 0xdb, 0xe7, 0x35, 0x18,
+    0x9c, 0x6b, 0x2a, 0x25, 0x44, 0x2e, 0xfa, 0x64, 0x66, 0x41, 0x93, 0xdf,
+    0xfe, 0x86, 0x77, 0x00, 0xe4, 0x01, 0x0c, 0x30, 0xc4, 0x97, 0xe3, 0x99,
+    0x8d, 0xbd, 0x65, 0xd8, 0x51, 0x1f, 0xe0, 0x6a, 0x57, 0xff, 0xdc, 0xe7,
+    0x85, 0xd4, 0xc1, 0xb4, 0x0c, 0x25, 0x95, 0x03, 0xfe, 0x30, 0xba, 0xa5,
+    0x36, 0x47, 0x8d, 0x06, 0xff, 0xfb, 0x50, 0x1f, 0xa7, 0x85, 0x86, 0x3e,
+    0x8d, 0x59, 0x78, 0x02, 0xe2, 0xcb, 0xf6, 0x61, 0x4c, 0x16, 0x5b, 0x92,
+    0x78, 0x44, 0x3b, 0x4e, 0x8b, 0x9f, 0xc2, 0x4e, 0xa5, 0x91, 0x5e, 0x36,
+    0xac, 0x2f, 0x68, 0x4d, 0x68, 0xcf, 0xd2, 0x86, 0x5e, 0x10, 0x45, 0x2e,
+    0x98, 0x50, 0xe1, 0xbf, 0xe6, 0x28, 0x70, 0x2d, 0xec, 0x41, 0x4d, 0x89,
+    0x65, 0xe0, 0xf4, 0x6a, 0xcb, 0xe8, 0xb9, 0x91, 0x2c, 0xbf, 0x02, 0x7f,
+    0x9b, 0x8b, 0x2f, 0xf8, 0x7b, 0x2c, 0x69, 0xb2, 0x5f, 0x59, 0x7f, 0x73,
+    0x5a, 0x68, 0xb8, 0xb2, 0xfe, 0xcd, 0x74, 0xef, 0xd2, 0xa2, 0x09, 0x5f,
+    0xfa, 0x60, 0x59, 0xef, 0x94, 0x81, 0x65, 0x49, 0xfb, 0x91, 0xdd, 0xff,
+    0x4f, 0xf3, 0x5d, 0x3b, 0xf4, 0xa8, 0xbe, 0x57, 0xe7, 0x1f, 0xa4, 0xd5,
+    0x97, 0xff, 0xfd, 0x8d, 0xac, 0x1f, 0xa7, 0xb8, 0x6a, 0x7f, 0xc0, 0xca,
+    0x0b, 0x2f, 0xfc, 0x59, 0xff, 0xb7, 0x3f, 0x80, 0x59, 0x76, 0x70, 0x2a,
+    0x9e, 0xc0, 0xe1, 0x4d, 0xd1, 0x01, 0xd1, 0x88, 0xa3, 0x8c, 0xf5, 0x8a,
+    0xa0, 0x4a, 0x50, 0xad, 0x12, 0xad, 0x5d, 0xf2, 0xaa, 0xef, 0xfe, 0x9f,
+    0x31, 0xb9, 0xa8, 0xce, 0x2e, 0xd6, 0x5f, 0xf0, 0xf5, 0x87, 0xc8, 0x38,
+    0xd6, 0x5f, 0xff, 0x84, 0xfc, 0xc2, 0xeb, 0xcc, 0x3f, 0x67, 0x7b, 0xab,
+    0x2a, 0x57, 0x07, 0x70, 0x7d, 0xa5, 0x7c, 0xf8, 0xb5, 0xd1, 0xc8, 0xe2,
+    0xfd, 0x3a, 0xc1, 0xca, 0xcb, 0xf4, 0x30, 0x01, 0xfd, 0x65, 0xfd, 0xed,
+    0x9f, 0x37, 0x5e, 0x59, 0x4c, 0x88, 0x17, 0x26, 0x11, 0x4d, 0xf8, 0x13,
+    0x0e, 0x62, 0xcb, 0xff, 0xee, 0xbd, 0x3a, 0xce, 0x10, 0x9e, 0x06, 0xba,
+    0xcb, 0xff, 0xf3, 0xef, 0xdb, 0xcf, 0x3b, 0x7e, 0x7f, 0xec, 0xfa, 0xca,
+    0x12, 0x2a, 0x03, 0x50, 0xbf, 0xf3, 0xc7, 0xe9, 0x8f, 0x3f, 0xcc, 0x59,
+    0x52, 0x7c, 0x64, 0x49, 0x7f, 0xdf, 0x93, 0xfb, 0x37, 0xe7, 0x16, 0x5f,
+    0xf4, 0x9f, 0x92, 0xd1, 0xbf, 0xd6, 0x54, 0x0f, 0xcb, 0xe7, 0x57, 0xfe,
+    0x8d, 0xfb, 0xd9, 0xcf, 0x93, 0xef, 0x59, 0x7f, 0xfd, 0x9f, 0x92, 0xff,
+    0x33, 0x0d, 0x35, 0xe0, 0xb2, 0xfe, 0x37, 0x3f, 0xfc, 0x1a, 0xcb, 0xff,
+    0x60, 0xe6, 0x13, 0xec, 0x03, 0xac, 0xbf, 0x9e, 0x02, 0x83, 0x8d, 0x65,
+    0xff, 0xff, 0x78, 0x4f, 0x1e, 0xa7, 0xce, 0xdc, 0xe6, 0x1a, 0xe4, 0x05,
+    0x97, 0xe6, 0x8f, 0x9c, 0x75, 0x94, 0x34, 0x47, 0x79, 0x9a, 0xff, 0xfb,
+    0xfc, 0xe4, 0xe1, 0x0f, 0xd3, 0xe9, 0xe2, 0xcb, 0xc6, 0x18, 0x62, 0x4b,
+    0xf7, 0xb3, 0xa7, 0xd2, 0x40, 0x86, 0x82, 0xff, 0xff, 0x45, 0xa9, 0xdf,
+    0xb4, 0xd7, 0xda, 0x1c, 0x5c, 0xdb, 0x9d, 0xfd, 0x65, 0x4a, 0x67, 0x4e,
+    0x47, 0xf6, 0xe0, 0xce, 0xaf, 0xfb, 0xcc, 0x67, 0xe2, 0xd4, 0xfd, 0x65,
+    0xff, 0x9b, 0xe2, 0xcf, 0xb9, 0xf0, 0x96, 0x54, 0x0f, 0xdf, 0x47, 0x77,
+    0xfd, 0x20, 0xfe, 0x14, 0x33, 0x8b, 0x2f, 0xfb, 0x00, 0xe4, 0x08, 0x1b,
+    0x05, 0x94, 0xc8, 0x92, 0xf1, 0x11, 0x1b, 0xd4, 0x6b, 0x8c, 0xdd, 0x22,
+    0x69, 0x3c, 0xe5, 0xc0, 0x3c, 0x28, 0xfd, 0x7f, 0x1a, 0x35, 0xcf, 0xf5,
+    0x97, 0xb9, 0x91, 0xac, 0xb8, 0xa3, 0x01, 0xb3, 0xf8, 0xb5, 0x2c, 0xa9,
+    0x37, 0x07, 0x2d, 0xa5, 0x94, 0xb2, 0xdc, 0x30, 0xb6, 0xdd, 0x0b, 0xb3,
+    0xac, 0xb4, 0xac, 0xbc, 0xed, 0x19, 0x1a, 0x01, 0x08, 0x5f, 0xff, 0x37,
+    0x4c, 0x3e, 0x4f, 0x9c, 0x85, 0x9e, 0x59, 0x50, 0x46, 0x4f, 0x12, 0xbe,
+    0x63, 0x7f, 0xe3, 0xcf, 0x7c, 0x2c, 0x8c, 0x38, 0x2c, 0xbf, 0xff, 0xbc,
+    0xe5, 0xdc, 0x03, 0x84, 0x94, 0x1c, 0xf8, 0x35, 0x97, 0xfe, 0x81, 0x98,
+    0xdb, 0xf2, 0x12, 0x4b, 0x29, 0x91, 0x34, 0x1a, 0xdd, 0xff, 0xec, 0xcf,
+    0x0f, 0xd3, 0xcc, 0xf3, 0x01, 0x65, 0xfa, 0x28, 0x4e, 0xb8, 0xb2, 0xff,
+    0x61, 0x0a, 0x1c, 0x8d, 0xd6, 0x58, 0xdd, 0xa7, 0xb8, 0x32, 0x9b, 0xff,
+    0x37, 0xe3, 0x17, 0x36, 0xeb, 0x52, 0xb2, 0xa5, 0x51, 0xfc, 0x66, 0x10,
+    0x86, 0xd8, 0xc8, 0xda, 0x14, 0x9f, 0x2b, 0xbe, 0xda, 0xde, 0x12, 0xcb,
+    0xf6, 0x43, 0xd3, 0xa5, 0x97, 0xc6, 0xed, 0xf3, 0x2c, 0xae, 0x8f, 0xc3,
+    0x70, 0x93, 0x44, 0xf7, 0xfd, 0xdf, 0xfb, 0x81, 0x0b, 0xb8, 0x2c, 0xbf,
+    0x37, 0x8d, 0x9e, 0xd6, 0x5f, 0xb0, 0x65, 0x3d, 0xac, 0xb7, 0xe4, 0xf4,
+    0x08, 0xa6, 0xff, 0xff, 0xfd, 0xdf, 0xca, 0x4f, 0xc1, 0xfa, 0x79, 0x90,
+    0x63, 0x4d, 0x7f, 0x94, 0x9f, 0x8b, 0x2f, 0xf0, 0x20, 0xdf, 0xe0, 0x67,
+    0x59, 0x7f, 0xee, 0x3c, 0x39, 0x9d, 0x49, 0xd9, 0x65, 0x68, 0xfc, 0xfe,
+    0x6b, 0x7f, 0xdd, 0x79, 0x80, 0x09, 0xd4, 0x16, 0x5f, 0x6a, 0x36, 0x8d,
+    0x65, 0xdd, 0x96, 0xd3, 0xde, 0xc3, 0xaa, 0x95, 0x51, 0x98, 0x66, 0xd0,
+    0x8d, 0x72, 0x61, 0x43, 0xdc, 0x38, 0x40, 0x5f, 0xf7, 0x72, 0xc7, 0xc2,
+    0xcd, 0xc5, 0x97, 0xbe, 0xfd, 0x2c, 0xbf, 0xfd, 0x0e, 0x60, 0xf3, 0xcc,
+    0xff, 0xf4, 0xac, 0xa8, 0xd1, 0x3f, 0xd1, 0xd7, 0x63, 0xb7, 0xe8, 0xfd,
+    0x22, 0xc5, 0x97, 0xff, 0xd0, 0x93, 0xea, 0x5a, 0x0f, 0xc7, 0x20, 0x2c,
+    0xbf, 0x9b, 0x98, 0x30, 0xf1, 0x65, 0xfb, 0x75, 0x8b, 0x37, 0xac, 0xbf,
+    0xb0, 0x6c, 0x2e, 0xbd, 0xd1, 0xec, 0x39, 0x6d, 0xfd, 0xc8, 0x31, 0xde,
+    0x0b, 0x2a, 0x53, 0x3f, 0xec, 0xa3, 0x50, 0xa5, 0x02, 0x2d, 0xfe, 0xe1,
+    0x66, 0xff, 0x3c, 0x16, 0x5e, 0xe4, 0x37, 0xac, 0xa6, 0x3d, 0x3d, 0xc3,
+    0x4b, 0xff, 0xd3, 0x18, 0x7e, 0x9e, 0xff, 0x91, 0x90, 0xd6, 0x56, 0x2a,
+    0x79, 0x68, 0xdc, 0x9e, 0x12, 0xc4, 0x49, 0x7f, 0x80, 0x77, 0x01, 0xdc,
+    0x0b, 0x2f, 0xfe, 0x78, 0x60, 0xc9, 0x9f, 0xd2, 0x75, 0x97, 0x3f, 0x96,
+    0x57, 0x8f, 0x5f, 0xe8, 0x37, 0x19, 0xd2, 0xcb, 0xfe, 0x1b, 0x87, 0xa2,
+    0x69, 0x35, 0x65, 0xf4, 0xe1, 0x7c, 0x2a, 0x7a, 0x43, 0x19, 0xbf, 0xde,
+    0xcd, 0xfb, 0x79, 0x0e, 0x96, 0x57, 0x0f, 0xd3, 0xe7, 0x75, 0xf4, 0xc2,
+    0x85, 0x0e, 0x8b, 0xff, 0xc5, 0x9f, 0x68, 0x39, 0x67, 0xfc, 0xcb, 0x2f,
+    0xe2, 0x7e, 0xe0, 0xd8, 0xb2, 0xff, 0x10, 0x0b, 0x3f, 0xec, 0xda, 0x7e,
+    0x5e, 0x46, 0xbf, 0x8b, 0x68, 0x7a, 0xf3, 0xac, 0xbf, 0xf0, 0x9e, 0x1b,
+    0x65, 0x87, 0x87, 0x59, 0x4c, 0x8b, 0x97, 0x4a, 0x23, 0x0b, 0xff, 0x69,
+    0x81, 0x1f, 0xa7, 0x82, 0xe2, 0xcb, 0xf6, 0x69, 0xfb, 0x31, 0x65, 0xa0,
+    0xb2, 0xff, 0xfc, 0x61, 0x60, 0xf4, 0xc2, 0x8c, 0x7e, 0x92, 0x8d, 0x65,
+    0xa3, 0x93, 0xe8, 0xc1, 0x1a, 0x8d, 0x17, 0x1c, 0x84, 0x8d, 0xfe, 0x88,
+    0x9c, 0xcf, 0xe7, 0x96, 0x5e, 0xf6, 0x74, 0xb2, 0xf1, 0x86, 0x18, 0x92,
+    0xfe, 0x04, 0x96, 0x77, 0xf4, 0x81, 0x0d, 0x05, 0x6d, 0x45, 0x86, 0xc9,
+    0xa0, 0x67, 0xb7, 0xff, 0xf0, 0x5f, 0x6f, 0x5e, 0x61, 0x8f, 0x0c, 0xdb,
+    0xfe, 0x64, 0x6b, 0x2b, 0xc8, 0x9d, 0x11, 0xb5, 0x4a, 0xa9, 0x16, 0x87,
+    0xc3, 0xc6, 0xed, 0x7f, 0xfe, 0x7d, 0x4b, 0x0e, 0x49, 0xc1, 0xc9, 0x61,
+    0xac, 0xbf, 0xec, 0xdf, 0x8c, 0x37, 0x73, 0x56, 0x5f, 0xff, 0x9b, 0xfe,
+    0x9e, 0x63, 0x7f, 0x8c, 0x5d, 0xc1, 0x65, 0x74, 0x8d, 0xef, 0x28, 0x85,
+    0xce, 0x6f, 0xbd, 0xc9, 0xd2, 0xcb, 0xff, 0x77, 0x02, 0x9d, 0xbb, 0x2f,
+    0x1f, 0x16, 0x5f, 0xfb, 0x3d, 0xd3, 0x48, 0x0f, 0x30, 0x59, 0x52, 0x8a,
+    0x56, 0x22, 0xd2, 0x2d, 0xff, 0x07, 0x3c, 0xc3, 0x03, 0x2f, 0xac, 0xa8,
+    0xdb, 0xf0, 0x08, 0x4e, 0x35, 0x0e, 0x1b, 0xb8, 0x5d, 0xd4, 0x66, 0x5d,
+    0xc2, 0x49, 0xa7, 0x22, 0x22, 0x86, 0xfe, 0xa5, 0x9f, 0x1e, 0x5a, 0xf7,
+    0xa5, 0xbe, 0xba, 0x31, 0x47, 0x29, 0xc8, 0xd5, 0x3f, 0x2a, 0xf8, 0x51,
+    0x8c, 0x6f, 0x86, 0xd0, 0x65, 0xd7, 0xfc, 0xc5, 0x1b, 0x97, 0xf0, 0xeb,
+    0x2e, 0x90, 0x2c, 0xac, 0x3c, 0xdf, 0x9b, 0xdf, 0xfc, 0x68, 0x7f, 0x6e,
+    0x16, 0x6f, 0x61, 0xac, 0xbf, 0x8b, 0x07, 0xe7, 0x31, 0x65, 0x68, 0xfd,
+    0x0e, 0x8f, 0x7f, 0xff, 0xe2, 0xc6, 0x06, 0xdf, 0x3f, 0xfe, 0x28, 0xf6,
+    0x87, 0xad, 0x64, 0x6b, 0x2f, 0x98, 0x81, 0xc5, 0x97, 0x89, 0xce, 0xb2,
+    0xff, 0xdc, 0x6d, 0x3f, 0x9b, 0x93, 0x05, 0x97, 0xf0, 0xfd, 0x9f, 0xd9,
+    0xc5, 0x96, 0x68, 0x26, 0x39, 0xd3, 0x9f, 0x88, 0x7e, 0x36, 0x61, 0xed,
+    0xff, 0xfc, 0x43, 0xf3, 0xb7, 0xc0, 0xc5, 0x0e, 0x61, 0x01, 0x65, 0x4a,
+    0x7d, 0x1e, 0x8c, 0xf8, 0x4a, 0x57, 0xf8, 0x8d, 0xe3, 0x69, 0xe0, 0xb2,
+    0xf8, 0x9f, 0xbf, 0xac, 0xbd, 0x84, 0x05, 0x97, 0xf7, 0x53, 0xd9, 0x49,
+    0x8b, 0x2f, 0xf4, 0x07, 0xe1, 0x1c, 0x78, 0xb2, 0xf0, 0x7b, 0x38, 0xb2,
+    0xb0, 0xf5, 0x00, 0x69, 0x7d, 0x9f, 0x8a, 0x0b, 0x2f, 0xfe, 0xdd, 0x29,
+    0xdd, 0xe3, 0x90, 0x60, 0xe2, 0xcb, 0x4a, 0xca, 0xf1, 0xfe, 0xb9, 0x1f,
+    0xd2, 0xaf, 0xfd, 0x9f, 0x9d, 0x73, 0xd2, 0x5f, 0x5c, 0x41, 0x0b, 0xfb,
+    0x35, 0xd3, 0xbf, 0x4a, 0x88, 0x20, 0x10, 0xf2, 0xaf, 0x48, 0xd9, 0x65,
+    0x49, 0xf4, 0xf1, 0x3a, 0xff, 0xc4, 0x58, 0x6b, 0xe1, 0xdc, 0x96, 0x5d,
+    0xbc, 0x6b, 0x2f, 0x6f, 0x93, 0xac, 0xbe, 0xef, 0x99, 0xa5, 0x97, 0xe8,
+    0xf3, 0x53, 0x05, 0x97, 0xda, 0xd3, 0x18, 0xb2, 0x8e, 0x79, 0x7e, 0x28,
+    0xa9, 0x44, 0x83, 0xb7, 0x5f, 0xdb, 0x83, 0x31, 0xca, 0x0b, 0x2a, 0x53,
+    0x54, 0x8c, 0xef, 0x06, 0x4a, 0x15, 0xc2, 0x21, 0xbf, 0xff, 0xfd, 0x25,
+    0xd7, 0x24, 0xbf, 0xcc, 0x11, 0xc3, 0xe3, 0xea, 0x7a, 0xc2, 0x59, 0x7f,
+    0xfa, 0x28, 0x31, 0x7e, 0x41, 0x11, 0x34, 0x4b, 0x2e, 0x28, 0x96, 0x5a,
+    0x46, 0x7c, 0x58, 0x97, 0x52, 0xba, 0x69, 0x19, 0x99, 0xa4, 0x5d, 0x0d,
+    0xea, 0x10, 0x7e, 0x84, 0xf0, 0x21, 0xc2, 0x51, 0xba, 0xfd, 0x3b, 0x7c,
+    0x36, 0x6d, 0x05, 0x97, 0xa7, 0x40, 0x59, 0x6f, 0x0c, 0xd6, 0xb0, 0x8d,
+    0xfd, 0xe6, 0xd1, 0x64, 0x6b, 0x2e, 0xe7, 0x96, 0x56, 0x8f, 0x10, 0x05,
+    0xb7, 0xed, 0x4f, 0x58, 0x4b, 0x2b, 0x0f, 0x25, 0xc8, 0xaf, 0xef, 0x67,
+    0xfe, 0xc7, 0x59, 0x7f, 0xf7, 0x06, 0x4d, 0x18, 0x7a, 0x29, 0xc5, 0x97,
+    0xf7, 0xc3, 0xcf, 0x3f, 0x6b, 0x2f, 0x70, 0x0e, 0xb2, 0xbb, 0x45, 0xe7,
+    0x8b, 0x49, 0x13, 0xe5, 0xf7, 0xfc, 0x51, 0xe6, 0x80, 0x42, 0x02, 0xcb,
+    0xfb, 0x3b, 0xfe, 0xb5, 0x2b, 0x2f, 0xfe, 0xe1, 0x3f, 0xdc, 0xe1, 0xcc,
+    0x78, 0xb2, 0x86, 0x7e, 0x5c, 0x2e, 0xa9, 0x4c, 0x29, 0x8f, 0x45, 0x0a,
+    0xbb, 0xfe, 0x76, 0xfb, 0x9d, 0xc8, 0x0b, 0x2f, 0x6f, 0xf6, 0x2c, 0xb7,
+    0x5e, 0x3d, 0x40, 0xcd, 0xaf, 0x85, 0xf9, 0x25, 0x95, 0x87, 0x97, 0xc2,
+    0xab, 0xf6, 0xf1, 0xfa, 0x78, 0xb2, 0xc7, 0x59, 0x7f, 0xa7, 0xe3, 0xf0,
+    0x9f, 0x8b, 0x03, 0x2c, 0x6f, 0xfa, 0x37, 0x84, 0x97, 0xf6, 0x71, 0x65,
+    0xff, 0xd9, 0xd7, 0xa7, 0xd9, 0xad, 0x49, 0xab, 0x2e, 0x04, 0xac, 0xb8,
+    0x87, 0xa3, 0xdb, 0x02, 0x2d, 0xf1, 0x4f, 0x60, 0x59, 0x52, 0x8e, 0x56,
+    0x84, 0xb0, 0x65, 0xb7, 0x49, 0xab, 0x2f, 0xf6, 0x69, 0x80, 0x77, 0x82,
+    0xcb, 0x98, 0x96, 0x5f, 0xf4, 0x91, 0xa3, 0x68, 0x0b, 0x4b, 0x2c, 0x62,
+    0xca, 0x19, 0xf0, 0x1c, 0x54, 0x33, 0x9b, 0xc4, 0x28, 0xd6, 0x5e, 0x8c,
+    0xa5, 0x65, 0xfb, 0xcf, 0x0c, 0x25, 0x97, 0xf3, 0x7c, 0xb3, 0xcc, 0xb2,
+    0xe6, 0x89, 0x65, 0xf6, 0xec, 0xe8, 0xd5, 0x96, 0xf6, 0xd4, 0x47, 0x49,
+    0x33, 0x95, 0xee, 0x8b, 0xdf, 0xf4, 0xf3, 0xcd, 0xad, 0x3c, 0x16, 0x56,
+    0x1f, 0xf1, 0x23, 0x5c, 0xe6, 0x6d, 0x54, 0x7c, 0x31, 0x7c, 0x84, 0x97,
+    0x8c, 0x1c, 0x77, 0xf1, 0x94, 0x5f, 0xd3, 0x1f, 0xf9, 0x9f, 0x59, 0x52,
+    0xbe, 0x9b, 0x08, 0xf9, 0xb2, 0x1a, 0x6c, 0x43, 0xa3, 0xbf, 0x46, 0x50,
+    0x52, 0x9c, 0x8c, 0x70, 0xbf, 0xb8, 0xc3, 0x1e, 0x12, 0xcb, 0xff, 0xff,
+    0xb3, 0xf2, 0x71, 0xe7, 0xe7, 0x0a, 0x05, 0x9d, 0xc2, 0x73, 0xeb, 0x2f,
+    0xff, 0xde, 0xce, 0x73, 0x30, 0x5a, 0x8f, 0x04, 0x5f, 0x59, 0x44, 0x8c,
+    0x3f, 0xb7, 0x5f, 0xf7, 0xa7, 0x5f, 0x29, 0xce, 0xd6, 0x5f, 0xff, 0xf3,
+    0x47, 0x30, 0xe6, 0xb4, 0xdd, 0xc5, 0x07, 0xd1, 0xf3, 0xb5, 0x97, 0xfa,
+    0x5e, 0x37, 0xd3, 0x86, 0xb2, 0xf7, 0xb0, 0x86, 0x8d, 0x5f, 0x1c, 0x7d,
+    0xaa, 0xb1, 0x51, 0x33, 0x43, 0xbf, 0xf0, 0xf7, 0xbf, 0x4e, 0xa2, 0xe4,
+    0x6b, 0x2f, 0xfb, 0xd3, 0x9a, 0x87, 0x04, 0x75, 0x95, 0x19, 0xf1, 0xf4,
+    0x55, 0x73, 0x71, 0x65, 0xff, 0x64, 0x6f, 0xf0, 0x06, 0x50, 0x59, 0x7a,
+    0x60, 0x6a, 0xcb, 0xf6, 0x72, 0x3c, 0x31, 0x65, 0xcd, 0xd2, 0xcb, 0x7f,
+    0x69, 0xee, 0xc0, 0x77, 0x64, 0xa6, 0xff, 0xdf, 0xf3, 0xc1, 0x87, 0xe9,
+    0x82, 0xca, 0x73, 0xf8, 0x23, 0xab, 0xf8, 0x33, 0xf0, 0xc7, 0xed, 0x65,
+    0x4a, 0xa3, 0x7c, 0x84, 0xe9, 0xa4, 0x9a, 0x16, 0x78, 0xc3, 0xfe, 0x41,
+    0x7e, 0xf6, 0x03, 0x52, 0xb2, 0xff, 0xf7, 0x9b, 0xa9, 0x6f, 0xfa, 0x4c,
+    0xcf, 0x2c, 0xbf, 0xdf, 0x6f, 0x61, 0x67, 0x16, 0x57, 0x47, 0xf6, 0x1a,
+    0x55, 0xe8, 0x43, 0x16, 0x5d, 0x21, 0xac, 0xae, 0xcd, 0x9b, 0x8e, 0x5f,
+    0xe9, 0x80, 0x7c, 0x00, 0x7d, 0x2c, 0xa6, 0x3d, 0x8f, 0x90, 0xd8, 0xa0,
+    0x8d, 0x01, 0xc2, 0xbe, 0xa0, 0x9c, 0xfe, 0x46, 0xe5, 0x7b, 0x59, 0xe5,
+    0x97, 0xb8, 0xc7, 0x59, 0x5a, 0x37, 0x1f, 0x1c, 0xbf, 0xbc, 0xff, 0xf3,
+    0x9d, 0x65, 0xd9, 0xda, 0xcb, 0x9a, 0x35, 0x95, 0x27, 0xf8, 0xc4, 0x21,
+    0x96, 0xee, 0x8b, 0xdf, 0xee, 0x16, 0x1c, 0xed, 0xf5, 0x97, 0xff, 0x79,
+    0xa4, 0xb6, 0xb9, 0x41, 0x8e, 0xb2, 0xf9, 0xa2, 0x63, 0x16, 0x5f, 0xf9,
+    0xfb, 0x0f, 0xed, 0xa9, 0x10, 0x5d, 0x65, 0xc1, 0xc6, 0xb2, 0x8e, 0x7b,
+    0xbf, 0x44, 0xbf, 0x3f, 0x0a, 0x62, 0x59, 0x7e, 0xf0, 0x8a, 0x63, 0x59,
+    0x76, 0xfd, 0x2c, 0xbf, 0xff, 0x0a, 0x32, 0x9c, 0xf0, 0x49, 0xfe, 0x78,
+    0x5a, 0x59, 0x7b, 0x81, 0xf3, 0x6a, 0x74, 0x83, 0x43, 0xc8, 0x40, 0x1a,
+    0x44, 0xc4, 0xe4, 0x50, 0x18, 0xcd, 0x74, 0xa9, 0x53, 0xf1, 0xeb, 0x5c,
+    0x46, 0x2c, 0xbf, 0x70, 0xf9, 0xfe, 0x2c, 0xbf, 0x81, 0xa9, 0xeb, 0x09,
+    0x65, 0xff, 0x8d, 0xcf, 0xb7, 0xb3, 0xf3, 0xa5, 0x95, 0x27, 0xd6, 0xc5,
+    0xb7, 0xe7, 0x81, 0x34, 0xac, 0xbf, 0x39, 0x7f, 0x09, 0x65, 0xfd, 0x87,
+    0xcc, 0x23, 0x56, 0x52, 0xcb, 0xfb, 0xfc, 0xcd, 0xfe, 0x65, 0x94, 0x69,
+    0xba, 0x70, 0xbb, 0x1a, 0x34, 0x43, 0x93, 0x35, 0x4a, 0x35, 0x5e, 0x15,
+    0x97, 0xfc, 0x4e, 0x64, 0x50, 0x7d, 0x41, 0x65, 0xfc, 0xda, 0xcd, 0xf3,
+    0xb8, 0xb2, 0xa2, 0x3e, 0xbf, 0x1d, 0x5f, 0xcd, 0xad, 0x4e, 0x12, 0xcb,
+    0xfe, 0x98, 0x73, 0x3a, 0x29, 0xd2, 0xca, 0x34, 0xf8, 0xf4, 0x57, 0x66,
+    0x59, 0x7f, 0x71, 0xb5, 0xd7, 0xb1, 0x65, 0xe2, 0x73, 0x70, 0xf8, 0x7a,
+    0x23, 0xec, 0x42, 0xa5, 0x7c, 0x62, 0x10, 0xdd, 0xc9, 0x52, 0x5d, 0x16,
+    0x30, 0xbe, 0xa1, 0x26, 0x72, 0x02, 0x87, 0xd7, 0x21, 0x22, 0x28, 0x73,
+    0xdf, 0xff, 0x47, 0x9a, 0x8d, 0xbf, 0x0c, 0xd6, 0x9e, 0x0b, 0x2f, 0xff,
+    0x37, 0xa7, 0xd9, 0xdf, 0x1b, 0xd2, 0x35, 0x97, 0xba, 0x61, 0xac, 0xbf,
+    0xfb, 0x58, 0x77, 0xef, 0x76, 0x7a, 0x39, 0xd6, 0x5f, 0xff, 0xee, 0x37,
+    0x39, 0x3c, 0xe8, 0x9e, 0x39, 0x29, 0x8b, 0x8b, 0x2b, 0x13, 0x61, 0xe9,
+    0x47, 0xb4, 0x97, 0x1d, 0xfa, 0x4d, 0xfb, 0xcd, 0xb2, 0xc6, 0xac, 0xbe,
+    0xc0, 0x36, 0xf5, 0x97, 0xc0, 0x00, 0x80, 0xb2, 0xba, 0x3f, 0x12, 0x2b,
+    0x0c, 0x8e, 0xf8, 0x5a, 0xfb, 0x2c, 0xbf, 0x14, 0x39, 0x18, 0x16, 0x5f,
+    0xff, 0xd0, 0xfb, 0x45, 0xd7, 0x9b, 0xbf, 0x86, 0x59, 0xbf, 0x16, 0x5f,
+    0xfc, 0x09, 0xe1, 0xe5, 0xb5, 0xa6, 0x31, 0x65, 0xe7, 0x78, 0x2c, 0xbf,
+    0xcd, 0xf6, 0x86, 0x77, 0xf5, 0x94, 0x34, 0xcf, 0x70, 0x8b, 0xb2, 0x96,
+    0x60, 0x02, 0x26, 0xe8, 0xdd, 0xf8, 0xed, 0xff, 0xca, 0xcb, 0xcd, 0x86,
+    0x2c, 0xbe, 0x6e, 0x60, 0xd8, 0xf0, 0xc8, 0x9e, 0xfe, 0x2e, 0x61, 0xe7,
+    0x71, 0x65, 0xff, 0xa6, 0x00, 0x3c, 0x99, 0xc8, 0x46, 0xb2, 0xff, 0xec,
+    0xee, 0x19, 0xe6, 0xd1, 0x34, 0xac, 0xbf, 0xe9, 0x9e, 0x71, 0xb5, 0x87,
+    0x59, 0x50, 0x3f, 0x91, 0xa1, 0x5f, 0x6e, 0x7b, 0x23, 0x59, 0x7f, 0xa4,
+    0x79, 0xf6, 0xf0, 0x96, 0x54, 0x9e, 0xc0, 0xc9, 0xaf, 0xfd, 0x0f, 0xb4,
+    0x7a, 0x98, 0x3e, 0x96, 0x5f, 0x1a, 0xdd, 0xf1, 0x65, 0x4a, 0x7c, 0xf1,
+    0x97, 0xc5, 0x0b, 0xa3, 0xbd, 0x39, 0x0f, 0xcf, 0xef, 0xfd, 0xf0, 0xc1,
+    0x21, 0xc8, 0x24, 0x0b, 0x2f, 0xf9, 0xb5, 0x18, 0x81, 0xb6, 0x77, 0x16,
+    0x5f, 0xff, 0x13, 0x1a, 0x6c, 0x87, 0xf6, 0xf3, 0x17, 0xd6, 0x54, 0x11,
+    0x1e, 0x73, 0xfb, 0xff, 0xf0, 0x39, 0xe6, 0xc3, 0xbf, 0x7c, 0xff, 0x85,
+    0xda, 0xcb, 0xf9, 0xf8, 0xc5, 0x3c, 0x59, 0x77, 0x9d, 0x65, 0xf0, 0xdc,
+    0x81, 0xe3, 0xc1, 0x0b, 0x95, 0xd6, 0x23, 0x54, 0x50, 0x99, 0xbf, 0xff,
+    0xf1, 0xdc, 0x81, 0x06, 0xe0, 0x8f, 0xe6, 0x9f, 0xf8, 0x4e, 0x75, 0x97,
+    0xdc, 0x84, 0x78, 0xb2, 0xff, 0xec, 0x33, 0x52, 0xc5, 0x80, 0x3b, 0x2c,
+    0xb8, 0xa5, 0x65, 0xff, 0xe1, 0x7e, 0x0c, 0x0f, 0x3b, 0x7d, 0xce, 0xb2,
+    0xbc, 0x7b, 0xc4, 0x2b, 0x76, 0xdd, 0xc5, 0x97, 0xff, 0xe7, 0x6f, 0xb0,
+    0xf0, 0x79, 0xf6, 0x3b, 0x69, 0x65, 0xf4, 0x39, 0x27, 0x59, 0x7f, 0xfa,
+    0x7a, 0x1e, 0x07, 0xf6, 0xd4, 0x88, 0x2e, 0xb2, 0xf0, 0xb0, 0x6b, 0x2f,
+    0x69, 0xf9, 0xb5, 0x3d, 0xf8, 0xc8, 0xf2, 0x14, 0x1a, 0x21, 0xf0, 0xe3,
+    0xa9, 0x11, 0x16, 0xca, 0x7d, 0xbf, 0x2a, 0xfd, 0x21, 0x0f, 0x87, 0x27,
+    0x14, 0xa4, 0xab, 0xff, 0x4f, 0x3a, 0xf3, 0x0e, 0x73, 0x4b, 0x2b, 0xb5,
+    0xd5, 0x06, 0x9c, 0xc3, 0xd2, 0x7d, 0xd0, 0x95, 0x97, 0xfe, 0xf4, 0xfb,
+    0x3b, 0x06, 0x7f, 0x8b, 0x2f, 0x44, 0xc7, 0x59, 0x68, 0xc6, 0x7b, 0x98,
+    0x7f, 0x4e, 0x89, 0xa1, 0x39, 0x5f, 0xff, 0xfe, 0xeb, 0x6c, 0x5e, 0x9d,
+    0x47, 0xb7, 0x80, 0x72, 0x06, 0xdc, 0xea, 0x7f, 0xc5, 0x95, 0x2c, 0xc0,
+    0x91, 0xc2, 0xf3, 0x23, 0x6d, 0xea, 0x13, 0xad, 0x28, 0x75, 0xe7, 0x6b,
+    0x4a, 0x1a, 0xa2, 0x22, 0xbd, 0xad, 0x4a, 0xcb, 0xfe, 0x8d, 0xa3, 0xe6,
+    0x1d, 0xfc, 0xb2, 0xff, 0xa1, 0x23, 0x61, 0xe3, 0xf9, 0x65, 0x9b, 0x47,
+    0xe3, 0xf3, 0xab, 0xfb, 0x53, 0x1b, 0x17, 0xd6, 0x5c, 0x19, 0xd6, 0x5e,
+    0x03, 0xf1, 0x65, 0xc1, 0x4d, 0x89, 0x65, 0x0c, 0xf5, 0x3b, 0x18, 0xe0,
+    0xe5, 0xed, 0x84, 0x16, 0xf6, 0x25, 0x97, 0xe2, 0x91, 0xe4, 0x4b, 0x2f,
+    0xe8, 0x30, 0x1f, 0xe2, 0x59, 0x7d, 0xc1, 0x68, 0xd5, 0x97, 0xe9, 0xf7,
+    0xe6, 0x0b, 0x2f, 0x86, 0x2f, 0xf0, 0x28, 0x8c, 0xd9, 0x2e, 0xc2, 0x7e,
+    0xcb, 0x40, 0x49, 0x7b, 0xc1, 0xe9, 0x65, 0xfe, 0x92, 0x7f, 0x08, 0xa3,
+    0x59, 0x7f, 0xfe, 0xf3, 0x6b, 0xcf, 0x24, 0x6b, 0xc4, 0xef, 0x1a, 0xcb,
+    0xec, 0x60, 0x71, 0x65, 0xf3, 0x72, 0x61, 0x87, 0xed, 0xa5, 0x5b, 0xd1,
+    0x8e, 0x56, 0x5f, 0xb6, 0xf7, 0xc9, 0x82, 0xcb, 0xda, 0x7e, 0x96, 0x5e,
+    0x3c, 0xf9, 0x65, 0xe9, 0x80, 0x55, 0x65, 0x80, 0x33, 0xd9, 0xc1, 0xd2,
+    0x1c, 0xbf, 0xe9, 0xe4, 0xff, 0x98, 0x50, 0x59, 0x7f, 0xff, 0xfb, 0x23,
+    0xe4, 0x9a, 0xfc, 0xfc, 0x30, 0xd3, 0x73, 0xbf, 0xea, 0x73, 0xb5, 0x97,
+    0xb4, 0x50, 0x59, 0x7f, 0xc4, 0x0f, 0xb0, 0xf0, 0xa0, 0xb2, 0xd3, 0xb4,
+    0xf4, 0xdc, 0x72, 0xbc, 0x99, 0x77, 0x0d, 0xc5, 0x0c, 0xfb, 0xc1, 0x7f,
+    0x62, 0xca, 0xd8, 0xd7, 0x7b, 0x21, 0x08, 0xd1, 0x93, 0xe4, 0x20, 0x5a,
+    0x1f, 0xb1, 0x32, 0x9c, 0x7b, 0xd0, 0xa8, 0x73, 0x70, 0x0e, 0x94, 0x21,
+    0x3f, 0x1b, 0x08, 0x8d, 0xae, 0x0f, 0x8b, 0x2f, 0xfd, 0xfe, 0x64, 0x4e,
+    0x0e, 0x64, 0x6b, 0x2b, 0x47, 0xb0, 0x43, 0x17, 0xec, 0x33, 0xe1, 0x9d,
+    0x65, 0xfb, 0x6f, 0x70, 0xcf, 0xac, 0xbf, 0xff, 0xc1, 0xc8, 0x07, 0xe9,
+    0xd6, 0x13, 0x3c, 0x39, 0x9f, 0x59, 0x50, 0x44, 0x57, 0x0a, 0xee, 0xe4,
+    0x6b, 0x2f, 0xe2, 0x93, 0x35, 0x27, 0x59, 0x43, 0x3c, 0x5c, 0x18, 0xad,
+    0x22, 0x27, 0xed, 0x17, 0xfb, 0x82, 0xd0, 0x33, 0xce, 0xb2, 0xfb, 0x87,
+    0x76, 0x59, 0x50, 0x3d, 0x4f, 0x99, 0xdf, 0xfe, 0x86, 0xdd, 0x4f, 0x1a,
+    0x48, 0x00, 0x95, 0x95, 0x27, 0xd8, 0xe4, 0x57, 0xe1, 0xe7, 0x04, 0x6a,
+    0xcb, 0xe7, 0x3e, 0x0d, 0x65, 0xfd, 0x83, 0x72, 0x7d, 0xeb, 0x28, 0x8f,
+    0xdf, 0xe5, 0x3b, 0xc8, 0x6f, 0xfb, 0xd3, 0xdf, 0xe7, 0xcf, 0xb8, 0xb2,
+    0x96, 0x5c, 0x1c, 0x4b, 0x2d, 0xbd, 0x65, 0x6d, 0x3f, 0x3d, 0x84, 0x79,
+    0xa0, 0xbd, 0x91, 0x9b, 0x76, 0xb2, 0xec, 0x31, 0x65, 0xdf, 0xfb, 0x1a,
+    0x9f, 0x89, 0x54, 0xa2, 0x71, 0x9c, 0x2f, 0xfc, 0xe5, 0xd6, 0x6b, 0xa7,
+    0x7e, 0x95, 0x10, 0x8a, 0xd1, 0xac, 0xbe, 0x35, 0xc8, 0x0b, 0x2f, 0x3b,
+    0x6e, 0xac, 0xa8, 0x1e, 0x93, 0x09, 0x78, 0x8a, 0xa5, 0x74, 0x13, 0x08,
+    0x5a, 0x33, 0xd3, 0xc3, 0x8d, 0xe1, 0x2e, 0x08, 0xcf, 0xc4, 0x43, 0xbe,
+    0x13, 0xd7, 0xb8, 0x07, 0x59, 0x7f, 0x7b, 0xa6, 0xe6, 0x0d, 0x65, 0x46,
+    0x79, 0x5d, 0x0e, 0x5f, 0xf6, 0x9c, 0x78, 0xdb, 0xdc, 0xeb, 0x2f, 0xff,
+    0xff, 0xcc, 0x7c, 0xe6, 0x10, 0xbf, 0xec, 0xde, 0x39, 0xf3, 0x4f, 0xfc,
+    0x27, 0x3a, 0xcb, 0xfb, 0x8f, 0xd7, 0x9a, 0x35, 0x95, 0x89, 0x87, 0x68,
+    0x93, 0xc7, 0x3f, 0x84, 0x15, 0xf9, 0xb5, 0x0d, 0x9f, 0xac, 0xbf, 0xf9,
+    0xf9, 0x1c, 0xfb, 0x3a, 0x0f, 0x65, 0xd6, 0x51, 0xcf, 0xd0, 0x8a, 0xef,
+    0xff, 0xff, 0x7b, 0x05, 0xa3, 0x7c, 0xdd, 0xcf, 0xc5, 0xe2, 0xce, 0xfe,
+    0x27, 0xe2, 0xcb, 0xff, 0xb3, 0xb0, 0xfe, 0xc4, 0x28, 0x67, 0x16, 0x5f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xb0, 0xa3, 0x27, 0x1c, 0x94, 0x73, 0xa1,
+    0xe1, 0x67, 0xf8, 0xdd, 0x61, 0x07, 0x1e, 0x6a, 0x78, 0x4e, 0x6f, 0x31,
+    0x80, 0x01, 0x00, 0x9c, 0x72, 0x51, 0xce, 0x96, 0x5f, 0x9f, 0x77, 0x3b,
+    0xfa, 0xcb, 0xfa, 0x05, 0x98, 0x20, 0xba, 0xcb, 0xfc, 0xff, 0x86, 0x6b,
+    0x38, 0xb2, 0xa5, 0x3d, 0xac, 0x45, 0xf4, 0x61, 0x0e, 0x56, 0x46, 0x17,
+    0xfe, 0x6e, 0xbd, 0x9b, 0x21, 0xea, 0x60, 0xb2, 0xff, 0xfd, 0x30, 0xfe,
+    0x6f, 0xff, 0xdd, 0x88, 0xa4, 0xeb, 0x2b, 0xc8, 0x97, 0x24, 0x3b, 0xf7,
+    0x5f, 0x35, 0xba, 0x59, 0x7f, 0xfb, 0xd2, 0x5f, 0xdb, 0xe7, 0x1f, 0x9f,
+    0x4b, 0x29, 0xcf, 0xdb, 0x85, 0x77, 0xfd, 0x9c, 0xf6, 0x39, 0x66, 0xe2,
+    0xcb, 0xfe, 0x2c, 0x6d, 0x14, 0xf7, 0x05, 0x95, 0x87, 0xe0, 0xe7, 0x37,
+    0xff, 0xfd, 0xf1, 0x47, 0x9e, 0x6f, 0xfb, 0x0f, 0x9a, 0x86, 0x77, 0xf5,
+    0x97, 0xf7, 0x9b, 0xde, 0x93, 0xac, 0xbf, 0x40, 0xa7, 0x38, 0xb2, 0xf3,
+    0x94, 0x7d, 0x1e, 0x9f, 0x65, 0xb5, 0x04, 0x78, 0x7e, 0x17, 0x77, 0xff,
+    0xe9, 0x04, 0x50, 0x98, 0xc9, 0xcd, 0xe1, 0x4c, 0x16, 0x5f, 0xf8, 0x3c,
+    0xf3, 0x9c, 0x21, 0x86, 0x18, 0xb2, 0xff, 0xfd, 0x9d, 0x7a, 0x48, 0x64,
+    0xd1, 0xe1, 0x31, 0xab, 0x2a, 0x34, 0x4c, 0xc1, 0x16, 0xff, 0xe8, 0xc0,
+    0xdd, 0xf3, 0xac, 0x62, 0xe9, 0x65, 0x39, 0xf5, 0x91, 0x25, 0x41, 0x37,
+    0xa7, 0x8d, 0x6a, 0xff, 0xfe, 0x88, 0xa4, 0x1c, 0xeb, 0xcd, 0xa8, 0x8a,
+    0x41, 0xc5, 0x97, 0xff, 0xf7, 0xf9, 0x26, 0xc1, 0xbc, 0xe5, 0xf8, 0x66,
+    0xb1, 0x65, 0xff, 0x9b, 0x98, 0x3d, 0xae, 0x0d, 0x9c, 0x59, 0x70, 0xb7,
+    0xac, 0xbf, 0xd2, 0x7e, 0xff, 0x39, 0xda, 0xcb, 0xfe, 0x6d, 0xfe, 0x78,
+    0x6a, 0x4d, 0x59, 0x7f, 0xf4, 0x83, 0x3f, 0x3d, 0x14, 0xff, 0x8b, 0x2b,
+    0xc7, 0xfc, 0x47, 0x75, 0x89, 0xc4, 0x74, 0xb5, 0xa4, 0x2f, 0x0c, 0xfe,
+    0x16, 0x57, 0xff, 0xed, 0x77, 0xf6, 0x33, 0x9e, 0x6e, 0xc1, 0xa7, 0x1a,
+    0xcb, 0xf7, 0xd8, 0x44, 0x6a, 0xca, 0x94, 0x40, 0x89, 0x66, 0xfe, 0xc3,
+    0x30, 0x84, 0x05, 0x97, 0xe8, 0x67, 0xe4, 0x0b, 0x2e, 0x93, 0xc6, 0x7a,
+    0x9d, 0x96, 0xdf, 0xfc, 0xdc, 0x29, 0xff, 0x33, 0x7b, 0x1a, 0xb2, 0xff,
+    0xff, 0xe0, 0x1d, 0xe1, 0xe7, 0x6f, 0xb0, 0xf0, 0x79, 0xf6, 0x3b, 0x69,
+    0x65, 0x71, 0x1c, 0x7f, 0x2f, 0x12, 0x2d, 0xff, 0xbc, 0xfb, 0xbd, 0x79,
+    0x8f, 0x3d, 0x2c, 0xb7, 0x4b, 0x2f, 0x14, 0x98, 0xb2, 0xf1, 0x67, 0x30,
+    0xfc, 0x7a, 0x43, 0x38, 0x95, 0xfa, 0x33, 0xc8, 0xe5, 0x65, 0x46, 0xcc,
+    0x74, 0x81, 0x08, 0xe5, 0x2a, 0x64, 0x39, 0x0d, 0x84, 0xc7, 0x50, 0x91,
+    0xee, 0x31, 0x08, 0xa3, 0xa2, 0xd1, 0x4f, 0xa3, 0xe5, 0xe4, 0x34, 0x7f,
+    0x1a, 0xce, 0xf8, 0x50, 0x86, 0x7f, 0x7f, 0xe9, 0x34, 0xd9, 0x2c, 0xff,
+    0x99, 0x65, 0xff, 0xf4, 0x73, 0xad, 0xa3, 0xc2, 0x8f, 0x04, 0x5f, 0x59,
+    0x7e, 0xe4, 0xc7, 0x86, 0x2c, 0xb4, 0x91, 0xfd, 0xf1, 0x4a, 0xff, 0xf8,
+    0x7f, 0x13, 0xf7, 0xf0, 0x60, 0xf6, 0xf9, 0x96, 0x5f, 0xff, 0x36, 0xf1,
+    0xc9, 0x4f, 0xf9, 0x82, 0x2f, 0xac, 0xbf, 0xfe, 0xde, 0xfe, 0xf3, 0x0f,
+    0x3f, 0xc1, 0x17, 0xd6, 0x5f, 0x7c, 0x85, 0xf5, 0x97, 0x08, 0x96, 0x5e,
+    0xc3, 0xe6, 0x8d, 0xc7, 0x88, 0xaa, 0x51, 0x75, 0xe8, 0x44, 0xd0, 0xd3,
+    0xa9, 0x72, 0x6e, 0x29, 0xfe, 0x30, 0x9b, 0xec, 0xd1, 0xac, 0xb2, 0xa5,
+    0xb0, 0xf3, 0xca, 0x69, 0x53, 0x46, 0x04, 0xf2, 0x98, 0x84, 0x87, 0x78,
+    0xc3, 0x0c, 0x49, 0x7f, 0xd8, 0x07, 0xd6, 0x6f, 0xc1, 0xa4, 0x08, 0x68,
+    0x2e, 0x30, 0xc4, 0x97, 0x8c, 0x30, 0xc4, 0x97, 0xf3, 0xc6, 0x3f, 0x4f,
+    0x12, 0x04, 0x34, 0x14, 0x48, 0xc4, 0x31, 0x2f, 0x64, 0xe6, 0xfd, 0xd3,
+    0x0c, 0x33, 0xa4, 0x08, 0x6c, 0xef, 0x18, 0x61, 0x89, 0x2f, 0x72, 0x74,
+    0x90, 0x21, 0xa0, 0xbe, 0x72, 0xef, 0xeb, 0x2c, 0x06, 0x45, 0x67, 0xd7,
+    0x0c, 0x2e, 0xbb, 0x67, 0x62, 0x59, 0x7f, 0xcc, 0x5d, 0x16, 0x18, 0xe0,
+    0x59, 0x7f, 0x09, 0xe3, 0x21, 0xf6, 0xb2, 0xfa, 0x60, 0xfd, 0x2c, 0xaf,
+    0x1e, 0x89, 0x17, 0xde, 0xc8, 0x99, 0x65, 0x0c, 0xde, 0x86, 0x43, 0x7e,
+    0xe0, 0xa3, 0xd9, 0x25, 0x97, 0xe1, 0xb6, 0xf9, 0x1a, 0xcb, 0xec, 0x2c,
+    0xdc, 0x59, 0x5a, 0x3c, 0xc3, 0x94, 0xd3, 0x22, 0x68, 0x37, 0x8b, 0xff,
+    0xbc, 0xf0, 0x27, 0x36, 0x22, 0x68, 0x96, 0x5f, 0xc1, 0x68, 0xb0, 0xc7,
+    0x02, 0xcb, 0xc6, 0x18, 0x62, 0x4b, 0xc4, 0xe6, 0x24, 0x08, 0x68, 0x2f,
+    0x87, 0x84, 0x35, 0x97, 0xfd, 0x1c, 0xf7, 0xc6, 0x2c, 0x02, 0xcb, 0xe7,
+    0x83, 0x01, 0x65, 0x74, 0x7f, 0x7a, 0x21, 0xf1, 0xcd, 0xfb, 0x23, 0x3e,
+    0x1d, 0x65, 0xfd, 0x31, 0x8f, 0xd3, 0xc5, 0x97, 0xfa, 0x73, 0xac, 0xde,
+    0xc3, 0x59, 0x6c, 0xe8, 0xf8, 0x88, 0xba, 0x82, 0xd2, 0x7b, 0xa3, 0x53,
+    0xc8, 0x54, 0x91, 0x86, 0xcc, 0x22, 0xaf, 0xef, 0x66, 0xfc, 0xff, 0x16,
+    0x57, 0x4a, 0xab, 0x41, 0x28, 0x8b, 0xeb, 0x95, 0x05, 0xca, 0xb1, 0x8f,
+    0xea, 0x18, 0xde, 0x85, 0xe1, 0x4a, 0xd0, 0xbf, 0xdf, 0x86, 0x7b, 0xcf,
+    0x05, 0x97, 0xcc, 0xe4, 0x35, 0x97, 0x08, 0x0b, 0x28, 0x66, 0xdc, 0x04,
+    0x17, 0xe9, 0xc8, 0x9b, 0x4b, 0x2a, 0x33, 0xc8, 0x22, 0x1b, 0xa3, 0xfa,
+    0xca, 0x95, 0xe2, 0xac, 0x9c, 0xe1, 0x35, 0x75, 0xe1, 0x64, 0x44, 0x57,
+    0xdb, 0x3e, 0xce, 0x96, 0x5f, 0x01, 0x8b, 0xeb, 0x2a, 0x33, 0xc7, 0xe1,
+    0x35, 0xc1, 0x6f, 0x62, 0x59, 0x7b, 0x93, 0xf5, 0x97, 0x00, 0xc5, 0x97,
+    0xee, 0x08, 0x83, 0x3a, 0xcb, 0x72, 0x23, 0xdd, 0x71, 0xcf, 0x8c, 0x56,
+    0x23, 0x5f, 0xb2, 0x3f, 0xbf, 0xdf, 0xba, 0x9f, 0x49, 0xd6, 0x5c, 0xff,
+    0x59, 0x7d, 0xb8, 0xe4, 0x0c, 0x37, 0xc4, 0x51, 0x7f, 0xb0, 0xd3, 0x5e,
+    0x10, 0x1a, 0xcb, 0xf9, 0xdc, 0x7f, 0x13, 0xac, 0xbe, 0x1b, 0x90, 0x30,
+    0xf8, 0x48, 0xd6, 0xb1, 0x19, 0xe2, 0x84, 0xcd, 0xff, 0x0c, 0xed, 0xae,
+    0x39, 0x01, 0x65, 0xff, 0xc0, 0xff, 0xa6, 0x10, 0x6e, 0x60, 0xd6, 0x5f,
+    0xfb, 0xf9, 0xa9, 0xdf, 0xf2, 0x70, 0x2c, 0xb4, 0x25, 0x10, 0x6c, 0x89,
+    0x4c, 0x8e, 0x28, 0xa1, 0x77, 0x7f, 0xd2, 0x50, 0x21, 0xfa, 0x63, 0x59,
+    0x7f, 0x0f, 0x35, 0xb2, 0x71, 0xac, 0xbd, 0xe6, 0x89, 0x25, 0x68, 0xf3,
+    0xb8, 0x63, 0x7f, 0xcf, 0xdf, 0xf2, 0x21, 0x68, 0xd5, 0x96, 0xe9, 0x8f,
+    0x78, 0x44, 0x57, 0xf8, 0xb3, 0xb8, 0x71, 0x8d, 0x59, 0x7b, 0x42, 0x8d,
+    0x65, 0xe7, 0xd1, 0xab, 0x2b, 0x46, 0xed, 0xc7, 0xac, 0x6a, 0xcb, 0xff,
+    0xb3, 0xaf, 0x4f, 0xb3, 0x5a, 0x93, 0x56, 0x5e, 0x60, 0x72, 0x4f, 0x5f,
+    0x42, 0x55, 0xb5, 0x31, 0x88, 0xdb, 0xc9, 0xde, 0xff, 0xb3, 0x3a, 0x04,
+    0xe7, 0x70, 0x59, 0x7f, 0xe1, 0x73, 0x0a, 0x7c, 0x30, 0xce, 0xb2, 0xff,
+    0xef, 0xe8, 0x5c, 0xf3, 0xc0, 0x0c, 0x35, 0x97, 0xd2, 0xe7, 0xde, 0x92,
+    0xf6, 0xb3, 0x63, 0x59, 0x7f, 0xf7, 0x99, 0xc0, 0x09, 0x04, 0xfb, 0x8b,
+    0x2f, 0xef, 0x61, 0xce, 0xf0, 0x59, 0x78, 0xc3, 0x0c, 0x49, 0x7f, 0x8b,
+    0xfe, 0x69, 0x28, 0xd2, 0x04, 0x34, 0x17, 0xd3, 0xa7, 0xf2, 0xcb, 0xd2,
+    0x0c, 0x82, 0x2c, 0xb1, 0x37, 0xe8, 0x95, 0x89, 0xaa, 0xfc, 0x84, 0x38,
+    0x7a, 0xdf, 0xd9, 0xb7, 0xee, 0x0e, 0x2c, 0xae, 0x93, 0xdd, 0x3c, 0x6f,
+    0x1b, 0xcd, 0xaf, 0xf9, 0xc0, 0x59, 0x14, 0x27, 0xb5, 0x95, 0x2a, 0xa5,
+    0x72, 0x51, 0x13, 0x1d, 0x5f, 0xf3, 0x91, 0x66, 0xb4, 0xd1, 0x2c, 0xbf,
+    0x88, 0x3d, 0x10, 0xa0, 0xb2, 0xa3, 0x3e, 0x57, 0x37, 0xbf, 0xff, 0xa1,
+    0xe7, 0x87, 0x5e, 0x6f, 0xc3, 0x3d, 0xe7, 0x82, 0xcb, 0xf4, 0x82, 0x7d,
+    0xc5, 0x95, 0x88, 0x83, 0x02, 0xe5, 0xff, 0xc1, 0x94, 0xb0, 0xfd, 0x90,
+    0xf3, 0x2c, 0xbf, 0xf0, 0x73, 0xa0, 0x7f, 0xce, 0x36, 0x59, 0x7f, 0xfc,
+    0xff, 0x14, 0xb4, 0xf7, 0xd7, 0xb3, 0xbe, 0x2c, 0xbf, 0x6b, 0x4d, 0xfe,
+    0x2c, 0xad, 0xa8, 0xfb, 0x1a, 0x18, 0x0f, 0xc3, 0x51, 0xbf, 0xfe, 0x06,
+    0xce, 0x4f, 0x3d, 0x3d, 0xfc, 0xd1, 0x69, 0x65, 0xff, 0xd1, 0x40, 0x45,
+    0xf8, 0x66, 0xb3, 0x8b, 0x2f, 0xff, 0xc5, 0xd7, 0x9a, 0x28, 0x49, 0x7f,
+    0x5a, 0x98, 0x2c, 0xe1, 0xe2, 0xdf, 0xff, 0xcd, 0xcd, 0x33, 0xea, 0x5b,
+    0xfe, 0xce, 0x73, 0x16, 0x5f, 0xec, 0x98, 0x37, 0xca, 0x56, 0x58, 0x18,
+    0x8e, 0xf3, 0xb3, 0xec, 0xac, 0x5f, 0xcf, 0x07, 0x83, 0x79, 0x65, 0x4a,
+    0xa2, 0xdc, 0x40, 0x78, 0xe2, 0x44, 0x71, 0x7f, 0xff, 0x38, 0x0b, 0x0e,
+    0x4f, 0xfe, 0x07, 0xa6, 0x91, 0xac, 0xba, 0x1c, 0x59, 0x74, 0xc0, 0x67,
+    0xe0, 0xcb, 0x35, 0x2c, 0xd3, 0xa8, 0x46, 0x7b, 0x91, 0x84, 0x9a, 0x51,
+    0xdc, 0x39, 0x1a, 0x34, 0x08, 0x8c, 0xf4, 0x73, 0xe9, 0x5a, 0x8f, 0x09,
+    0xb0, 0x42, 0x94, 0xa5, 0xa5, 0x72, 0x16, 0x57, 0xff, 0xf7, 0xd8, 0xf8,
+    0x5f, 0xe4, 0x9b, 0xc1, 0x0f, 0xcc, 0xb2, 0xfc, 0xff, 0x33, 0x3c, 0xb2,
+    0xf0, 0xfd, 0x8b, 0x2f, 0xb1, 0xbc, 0x6a, 0xca, 0xf1, 0xf3, 0x39, 0x40,
+    0x07, 0x2f, 0xff, 0xb3, 0xa9, 0x27, 0xff, 0x06, 0x27, 0xd4, 0x16, 0x57,
+    0x67, 0xfa, 0x72, 0xeb, 0xee, 0x7b, 0x38, 0xb2, 0xf9, 0xbf, 0x3f, 0x59,
+    0x4c, 0x78, 0x7a, 0x22, 0xbe, 0x60, 0x60, 0xd6, 0x5f, 0xd2, 0x5d, 0x05,
+    0x02, 0xcd, 0x81, 0x65, 0xa5, 0x65, 0xef, 0xb4, 0x6b, 0x2a, 0x33, 0x5b,
+    0xd8, 0x85, 0xfa, 0x4f, 0xa9, 0xde, 0xb2, 0xff, 0xf7, 0xd8, 0xce, 0x14,
+    0xff, 0x9a, 0xd4, 0xac, 0xba, 0x49, 0x65, 0xf6, 0x10, 0x7f, 0x59, 0x50,
+    0x36, 0xfa, 0x15, 0xbc, 0x39, 0x35, 0x65, 0xff, 0xd3, 0xd7, 0xca, 0x4c,
+    0xcf, 0xf3, 0x8b, 0x2f, 0xe2, 0x98, 0x7b, 0x80, 0x59, 0x7f, 0xe7, 0xf6,
+    0xa7, 0xed, 0xd3, 0x0d, 0x65, 0xff, 0x7f, 0xd8, 0xda, 0x80, 0x67, 0x59,
+    0x76, 0x01, 0x65, 0x0d, 0x17, 0x7e, 0x2d, 0xe1, 0xf7, 0xce, 0xa9, 0x93,
+    0x5a, 0xd0, 0xe8, 0x23, 0x00, 0xbe, 0x9f, 0xb7, 0xd6, 0x5f, 0xff, 0xf9,
+    0xcf, 0x3a, 0xe8, 0x7e, 0x9e, 0x09, 0xda, 0x1c, 0xf3, 0xc1, 0x65, 0x79,
+    0x11, 0xa4, 0x43, 0x78, 0x5f, 0xe2, 0xcb, 0xf1, 0x8f, 0xe9, 0x3a, 0xcb,
+    0xdd, 0x4f, 0x16, 0x5f, 0xfc, 0x1c, 0x33, 0xcf, 0xe6, 0xd6, 0xa5, 0x65,
+    0x4a, 0x22, 0x70, 0xa0, 0x03, 0xb7, 0xd0, 0x72, 0x02, 0xcb, 0xff, 0xcd,
+    0xf1, 0x69, 0xf9, 0x06, 0xe4, 0xc6, 0xb2, 0xde, 0xc3, 0xeb, 0x72, 0x1b,
+    0xdc, 0xdf, 0x8b, 0x2e, 0x9d, 0x2c, 0xaf, 0x9b, 0x4d, 0x91, 0xeb, 0xfb,
+    0x7c, 0x97, 0x5b, 0x38, 0xb2, 0xfe, 0xc8, 0xf9, 0xb8, 0xdd, 0x2c, 0xa9,
+    0x44, 0x43, 0x12, 0x11, 0x95, 0xf8, 0x5a, 0x37, 0xcc, 0xb2, 0xb6, 0xaf,
+    0xf9, 0xcc, 0x67, 0xd1, 0xb3, 0x40, 0x84, 0x64, 0x38, 0xd3, 0xd1, 0x1f,
+    0x65, 0x2d, 0x08, 0x1d, 0x46, 0xf6, 0xf0, 0xc3, 0x01, 0x11, 0x42, 0x9b,
+    0x90, 0x99, 0xfc, 0x38, 0xb6, 0x4b, 0x6c, 0x62, 0xcb, 0xfe, 0x21, 0x39,
+    0xa0, 0x3c, 0xc1, 0x65, 0x68, 0xf2, 0xc0, 0x25, 0x70, 0x80, 0xb2, 0xff,
+    0x13, 0x99, 0x84, 0xe6, 0xac, 0xbf, 0xfb, 0x3f, 0xc0, 0xf8, 0x72, 0x9d,
+    0x4a, 0xcb, 0xdb, 0xf0, 0xa3, 0x44, 0x68, 0xc5, 0xce, 0x65, 0x7f, 0xee,
+    0xa7, 0xfe, 0x6d, 0xf9, 0xdf, 0xd6, 0x5f, 0xfa, 0x74, 0x4f, 0x1c, 0xea,
+    0x60, 0xb2, 0xb0, 0xff, 0xcc, 0x42, 0xa6, 0x47, 0x27, 0xa1, 0x85, 0x7f,
+    0xff, 0xbc, 0xc6, 0x66, 0xeb, 0x1d, 0xff, 0xc1, 0x43, 0x3b, 0xfa, 0xcb,
+    0xff, 0xb4, 0xc0, 0x0f, 0xd2, 0x77, 0x7f, 0xac, 0xbf, 0xff, 0xa3, 0x1f,
+    0xa7, 0x99, 0xdf, 0x27, 0x5f, 0xe6, 0x46, 0xb2, 0x86, 0x98, 0x3e, 0x99,
+    0x49, 0x12, 0xe9, 0x65, 0x95, 0x2a, 0xc1, 0xb2, 0x39, 0x37, 0x8c, 0xb8,
+    0x06, 0x17, 0xfd, 0x17, 0x5e, 0x63, 0xce, 0x8d, 0x59, 0x7f, 0x9b, 0x51,
+    0x67, 0xe6, 0x25, 0x97, 0xf4, 0xfa, 0x7f, 0x3e, 0x59, 0x7d, 0xba, 0xc5,
+    0xd2, 0xca, 0xc3, 0xd1, 0xdd, 0x2c, 0xbf, 0x47, 0xb4, 0x53, 0x12, 0xcb,
+    0x41, 0x65, 0xfa, 0x1f, 0x6d, 0x74, 0xb2, 0xf0, 0x65, 0x12, 0xca, 0x81,
+    0xec, 0x76, 0x22, 0x02, 0x9a, 0xc4, 0xe6, 0x7a, 0x3c, 0xd4, 0x21, 0x5c,
+    0x93, 0x90, 0x84, 0xad, 0x82, 0x16, 0x60, 0x33, 0x3a, 0xa3, 0x1c, 0xe4,
+    0x9c, 0x29, 0x54, 0x23, 0xa5, 0x41, 0x65, 0x7f, 0x34, 0x6c, 0x74, 0x1d,
+    0x4a, 0x7d, 0x69, 0xd6, 0xad, 0xc8, 0x6c, 0x45, 0x48, 0x00, 0xd4, 0xe7,
+    0x31, 0xe9, 0x23, 0x3e, 0xa7, 0x0a, 0xbc, 0xf4, 0x08, 0x27, 0x8c, 0x8a,
+    0xb2, 0xd8, 0xe5, 0x21, 0x3b, 0xf4, 0xea, 0xf1, 0x52, 0x36, 0xcc, 0x9c,
+    0x55, 0x0e, 0x3e, 0x1b, 0xa4, 0xeb, 0x2f, 0x7b, 0x38, 0xb2, 0xfb, 0xe0,
+    0x0f, 0xa5, 0x97, 0xf9, 0x8d, 0xff, 0x7d, 0x37, 0x96, 0x57, 0x67, 0xb6,
+    0x44, 0xb4, 0x34, 0x4c, 0xe3, 0xbd, 0xed, 0xd6, 0xde, 0xb2, 0xe6, 0xf2,
+    0xcb, 0xec, 0xc2, 0xfa, 0xcb, 0xa4, 0x96, 0x57, 0x8f, 0x2f, 0x82, 0xdb,
+    0xc8, 0x2f, 0xff, 0xb0, 0x82, 0x7c, 0xd6, 0xef, 0x9e, 0xc0, 0x3a, 0xcb,
+    0xff, 0xe1, 0xcb, 0xeb, 0xc6, 0x38, 0xf6, 0x5e, 0x3d, 0x95, 0x95, 0x04,
+    0x6d, 0x0c, 0xc7, 0xea, 0x57, 0x9d, 0xcc, 0x59, 0x7e, 0xeb, 0x3f, 0xe6,
+    0x59, 0x67, 0x19, 0xe2, 0x10, 0xe5, 0xef, 0x30, 0x5d, 0x65, 0xfc, 0xf0,
+    0xc1, 0xbf, 0x96, 0x57, 0x47, 0x98, 0x72, 0x0b, 0xf6, 0xde, 0xe1, 0x9f,
+    0x59, 0x79, 0xb5, 0x2b, 0x2f, 0xd0, 0x0f, 0x93, 0x8b, 0x2e, 0xe7, 0xb0,
+    0xf0, 0xdc, 0x6e, 0xfc, 0x67, 0xf8, 0xe7, 0x59, 0x7f, 0xff, 0xd9, 0xe7,
+    0x0f, 0x98, 0x6b, 0x90, 0x24, 0xa6, 0x2f, 0x4a, 0xcb, 0x4a, 0xcb, 0xff,
+    0xf4, 0xeb, 0xd2, 0x7d, 0xd1, 0x49, 0x4c, 0x5e, 0x95, 0x97, 0xe6, 0xd4,
+    0x53, 0xed, 0x23, 0x30, 0x0c, 0xa4, 0x21, 0x50, 0x5c, 0x4c, 0xc2, 0x2e,
+    0xe3, 0x46, 0x3b, 0xa0, 0x1c, 0x88, 0x8f, 0xed, 0xc2, 0x2c, 0x0e, 0x1e,
+    0xb7, 0xe8, 0xbd, 0x31, 0xe2, 0xcb, 0x79, 0x65, 0x40, 0xdd, 0x0c, 0xa6,
+    0xdb, 0x09, 0x65, 0xfd, 0xff, 0x3c, 0x3f, 0x1a, 0xcb, 0xfe, 0xf3, 0xc3,
+    0xf1, 0x14, 0x9d, 0x65, 0x11, 0xf4, 0x7c, 0xbe, 0xf3, 0x0f, 0x16, 0x5f,
+    0xc6, 0xe0, 0x88, 0x5d, 0x2c, 0xbf, 0x0c, 0x4f, 0xa8, 0x2c, 0xba, 0x37,
+    0x59, 0x79, 0xc8, 0x1b, 0x4d, 0xff, 0x0a, 0x2f, 0x14, 0x72, 0xb2, 0xec,
+    0x25, 0x94, 0xc6, 0xc7, 0x78, 0xe5, 0xfd, 0xc2, 0xc8, 0xc3, 0x82, 0xcb,
+    0xb3, 0x8b, 0x2e, 0xd4, 0xac, 0xaf, 0x1a, 0xcf, 0x8b, 0x5f, 0xf1, 0x49,
+    0xd8, 0xb0, 0xf2, 0xb2, 0xff, 0xda, 0xd3, 0x45, 0xcc, 0x35, 0xb4, 0xb2,
+    0xf7, 0x9a, 0x0b, 0x2e, 0x69, 0x59, 0x7f, 0xcd, 0x1e, 0x79, 0xb5, 0xe7,
+    0x59, 0x73, 0x0f, 0x11, 0xff, 0x11, 0x0f, 0x0d, 0x7e, 0x80, 0x60, 0xe6,
+    0xe8, 0xad, 0x1a, 0xaa, 0xd3, 0x71, 0xbb, 0x4c, 0x80, 0x22, 0x28, 0xd6,
+    0xaf, 0xe1, 0x8e, 0x62, 0xfe, 0x2c, 0xbf, 0xf8, 0xbf, 0xcf, 0x3c, 0x36,
+    0xe7, 0x7f, 0x59, 0x41, 0x62, 0xe1, 0xcc, 0xbf, 0xc0, 0x87, 0x25, 0x67,
+    0xb2, 0xa8, 0x8b, 0xaf, 0xf9, 0xf7, 0x22, 0xe4, 0xf9, 0xf7, 0x16, 0x5f,
+    0xf0, 0x73, 0x10, 0x73, 0xa7, 0x89, 0x65, 0xfb, 0x99, 0x9f, 0xc5, 0x97,
+    0xa4, 0xa3, 0x59, 0x7c, 0xde, 0x63, 0xac, 0xa6, 0x37, 0xb1, 0x0e, 0x5f,
+    0xfb, 0xfc, 0x0a, 0x87, 0x26, 0x78, 0x44, 0xb2, 0xbb, 0x46, 0x4f, 0x98,
+    0xc8, 0x86, 0xf7, 0x3e, 0xcb, 0x2e, 0x88, 0x4b, 0x2e, 0x9e, 0xa4, 0xda,
+    0x10, 0xe5, 0xff, 0x4f, 0xfc, 0xe0, 0x7e, 0xf8, 0xb2, 0x86, 0x7c, 0x84,
+    0x57, 0x7f, 0xfc, 0x3e, 0x09, 0xf4, 0x28, 0xe4, 0xd0, 0xcb, 0xeb, 0x2f,
+    0xff, 0xdf, 0x13, 0x8d, 0xa4, 0xe5, 0x91, 0xc6, 0x22, 0x59, 0x7f, 0xf6,
+    0x46, 0xf1, 0x6d, 0xf4, 0xf3, 0x8e, 0xb2, 0xff, 0xe1, 0x3b, 0x42, 0x4b,
+    0xac, 0xef, 0xeb, 0x2f, 0x88, 0x4f, 0xd6, 0xd4, 0x45, 0xf1, 0x1e, 0xe3,
+    0xb2, 0xcb, 0xfe, 0x06, 0xdf, 0x37, 0x42, 0xd0, 0x16, 0x5f, 0xdf, 0xf3,
+    0x6d, 0x2e, 0xd6, 0x5e, 0xdd, 0x9d, 0xc5, 0x95, 0xa4, 0x47, 0x91, 0xee,
+    0xe9, 0x85, 0xf6, 0x0e, 0x4d, 0x59, 0x76, 0xf9, 0x59, 0x7a, 0x21, 0x69,
+    0x65, 0xfd, 0x9f, 0x97, 0xd1, 0xab, 0x2f, 0x63, 0x7d, 0x65, 0xff, 0x36,
+    0xb3, 0xb0, 0x86, 0x18, 0x62, 0xca, 0xf1, 0xed, 0x38, 0xdd, 0x05, 0x53,
+    0xd7, 0x98, 0x52, 0x8c, 0xc9, 0x88, 0x9c, 0x60, 0x87, 0xb9, 0x08, 0x7b,
+    0xff, 0xe2, 0x98, 0x6d, 0x0f, 0xec, 0x42, 0x86, 0x71, 0x65, 0xff, 0xfb,
+    0xc2, 0xe1, 0xe7, 0xbe, 0xbc, 0xc7, 0x26, 0x8d, 0x65, 0xff, 0xff, 0x9f,
+    0x70, 0xb1, 0x88, 0xb0, 0x19, 0xf9, 0x3b, 0x7f, 0xcc, 0xb2, 0x86, 0xbd,
+    0x6b, 0x91, 0x82, 0xf5, 0x0c, 0x86, 0x21, 0xd2, 0x99, 0xe1, 0xc1, 0xe9,
+    0x42, 0x60, 0x6f, 0xe2, 0x88, 0x96, 0x2e, 0xe0, 0x96, 0x5f, 0xef, 0xfd,
+    0xb5, 0x9d, 0xfd, 0x65, 0xf9, 0x8f, 0xd3, 0x0d, 0x65, 0x68, 0xf7, 0x3c,
+    0x69, 0x78, 0x0e, 0x75, 0x97, 0x60, 0x16, 0x54, 0x9b, 0x2c, 0x1c, 0xbc,
+    0xf8, 0x75, 0x95, 0x1a, 0x60, 0x38, 0xe6, 0x4a, 0x9b, 0xa3, 0xf7, 0xff,
+    0x38, 0x7e, 0x98, 0x73, 0x5a, 0xce, 0xd6, 0x58, 0xa0, 0x88, 0x6f, 0x20,
+    0x5f, 0x4f, 0x85, 0xa5, 0x97, 0xf7, 0x0b, 0x06, 0x4e, 0xb2, 0x88, 0xf3,
+    0x4c, 0x22, 0xbb, 0xa6, 0x59, 0x7e, 0x29, 0x8e, 0x7b, 0x59, 0x7f, 0x3e,
+    0x8e, 0x2d, 0x01, 0x65, 0xda, 0x02, 0xca, 0x81, 0xe2, 0xb1, 0x75, 0xb9,
+    0xd2, 0x29, 0x58, 0x5d, 0xdb, 0x6a, 0x53, 0x71, 0x67, 0x57, 0x86, 0x3d,
+    0xf7, 0x0a, 0x63, 0x59, 0x7f, 0xd1, 0xbf, 0x9c, 0x64, 0xfd, 0x2c, 0xad,
+    0x1e, 0xd9, 0x11, 0x5f, 0xff, 0x19, 0x9d, 0x73, 0x3f, 0x16, 0x1a, 0x58,
+    0x05, 0x95, 0x87, 0xe6, 0xc4, 0x37, 0xfc, 0x46, 0xf9, 0xdb, 0xee, 0x75,
+    0x97, 0xfd, 0x86, 0x66, 0xba, 0x77, 0xe9, 0x51, 0x87, 0x2f, 0xfe, 0x17,
+    0x07, 0xe7, 0x3f, 0x70, 0x62, 0x59, 0x7e, 0xff, 0x9c, 0x80, 0xb2, 0xa3,
+    0x45, 0x9f, 0x91, 0xdd, 0x16, 0xff, 0xcf, 0xfc, 0x89, 0xe4, 0xa6, 0x25,
+    0x97, 0xfe, 0xf3, 0x60, 0x79, 0x11, 0x93, 0xda, 0xcb, 0x36, 0x27, 0x33,
+    0xa8, 0x75, 0xf8, 0xc3, 0x87, 0xb7, 0x75, 0xd2, 0xa3, 0x04, 0x54, 0x15,
+    0x13, 0x75, 0x1d, 0xc8, 0x11, 0xef, 0xe2, 0x9f, 0xf1, 0xb7, 0xac, 0xbf,
+    0xdb, 0x17, 0x06, 0x59, 0xe0, 0xaa, 0xcb, 0xb0, 0x96, 0x52, 0xcb, 0xff,
+    0xa4, 0xba, 0xcf, 0xf9, 0xb4, 0x0e, 0x96, 0x51, 0x1e, 0x87, 0xc2, 0xef,
+    0x9b, 0x9e, 0x65, 0x97, 0xb3, 0xbf, 0xac, 0xa1, 0x9b, 0xe3, 0x90, 0xdf,
+    0xcc, 0x59, 0xff, 0x32, 0xcb, 0x4e, 0x1e, 0x67, 0x08, 0x68, 0x69, 0x9b,
+    0x63, 0x28, 0xa1, 0x57, 0x7f, 0xfb, 0xcd, 0x17, 0x9b, 0xbf, 0x96, 0x6f,
+    0x75, 0x97, 0x86, 0xf1, 0x2c, 0xbf, 0xe6, 0xdf, 0xec, 0xd6, 0x9b, 0x7a,
+    0xcb, 0xb9, 0x05, 0x95, 0x27, 0xe1, 0xe1, 0xdf, 0x9e, 0x5d, 0x20, 0x59,
+    0x7f, 0xdc, 0x93, 0x78, 0x21, 0xf9, 0x96, 0x5d, 0x85, 0x11, 0xe8, 0x7c,
+    0x5a, 0xfe, 0x3f, 0x38, 0xe5, 0x1a, 0xcb, 0x8e, 0x75, 0x95, 0x27, 0x8a,
+    0xe5, 0xd7, 0xfb, 0xf8, 0xc5, 0xfe, 0x62, 0xcb, 0xf3, 0x79, 0xda, 0x35,
+    0x97, 0x4e, 0xe2, 0xcb, 0x81, 0xc8, 0x1e, 0x03, 0x13, 0xdf, 0x73, 0x0b,
+    0xeb, 0x2f, 0x6e, 0xce, 0x96, 0x53, 0x1f, 0x6b, 0x96, 0x88, 0x86, 0xf7,
+    0x9f, 0xeb, 0x2f, 0x7d, 0xf7, 0x16, 0x5f, 0xef, 0xf9, 0x82, 0x01, 0xd9,
+    0x65, 0xfe, 0x37, 0xd3, 0x01, 0x3e, 0x96, 0x58, 0x96, 0x53, 0x1e, 0x20,
+    0x8d, 0x2e, 0x0f, 0x16, 0x54, 0xae, 0xcb, 0xc6, 0x5c, 0x38, 0xdc, 0xba,
+    0x35, 0x8a, 0x17, 0x87, 0x7e, 0xf3, 0x93, 0x90, 0x14, 0x37, 0xb8, 0x5b,
+    0xf1, 0xc1, 0x0f, 0xec, 0xbc, 0x06, 0x43, 0x7a, 0x2c, 0xdc, 0x59, 0x7e,
+    0x34, 0x0d, 0x17, 0x16, 0x5f, 0x79, 0x9e, 0x0b, 0x2f, 0x0d, 0xe0, 0xb2,
+    0xa4, 0xde, 0xe1, 0x0d, 0xfe, 0xf3, 0xc5, 0xb7, 0xa9, 0x1a, 0xcb, 0x0a,
+    0x51, 0x7a, 0x06, 0x7e, 0x0f, 0xdf, 0xde, 0x98, 0x78, 0x43, 0x59, 0x78,
+    0x01, 0xf6, 0xb2, 0xf7, 0xca, 0x0b, 0x2c, 0x7c, 0x37, 0x7b, 0xc7, 0xef,
+    0xff, 0x6d, 0x27, 0xfc, 0xe8, 0x50, 0xd4, 0xc1, 0x65, 0xfa, 0x7f, 0xe9,
+    0x89, 0x65, 0xdf, 0xe2, 0xcb, 0xf3, 0x9a, 0x64, 0xe9, 0x65, 0x41, 0x34,
+    0x4e, 0x9a, 0x58, 0xa3, 0xc9, 0x6e, 0x50, 0x42, 0xf7, 0xf9, 0x8b, 0xf0,
+    0xcd, 0x62, 0xcb, 0xff, 0x9b, 0xa2, 0xc3, 0xcc, 0x43, 0x98, 0xd6, 0x5f,
+    0xfd, 0x02, 0xc3, 0xb9, 0x67, 0x9c, 0xeb, 0x2f, 0xf6, 0x7e, 0x77, 0xb1,
+    0x01, 0x65, 0xff, 0xf0, 0x0e, 0xf0, 0x86, 0x00, 0x3f, 0xc7, 0xc1, 0x2c,
+    0xae, 0x91, 0x0d, 0xa3, 0x3b, 0xff, 0x07, 0xde, 0xd9, 0xdb, 0x11, 0x49,
+    0xd6, 0x5f, 0xed, 0x4b, 0x0c, 0x9e, 0x0b, 0x2f, 0xfd, 0xa6, 0x2e, 0x8b,
+    0x23, 0xc3, 0x16, 0x5f, 0xf6, 0x6f, 0x9c, 0xef, 0xbf, 0x85, 0xb5, 0x97,
+    0xe9, 0xff, 0x30, 0xb6, 0xa2, 0xcb, 0x46, 0x3e, 0x3f, 0xa1, 0xa6, 0x88,
+    0x28, 0x7b, 0xdf, 0xba, 0xf7, 0x6f, 0xb8, 0xb2, 0xff, 0x72, 0x60, 0x69,
+    0xb9, 0xb8, 0xb2, 0xff, 0xc3, 0x21, 0x7f, 0x92, 0x53, 0xc5, 0x95, 0x27,
+    0xea, 0xc7, 0x16, 0x0b, 0xac, 0xa8, 0x2b, 0xa5, 0xe8, 0xc7, 0xb4, 0x56,
+    0x86, 0x39, 0x46, 0xd0, 0x22, 0x9d, 0xf0, 0xa2, 0x30, 0x82, 0xfe, 0x78,
+    0x7a, 0x75, 0x1a, 0xcb, 0xde, 0x63, 0x56, 0x5f, 0xa2, 0xc2, 0xc1, 0xac,
+    0xbf, 0xfc, 0xd3, 0xf2, 0xcf, 0xfb, 0x1a, 0x1b, 0xd6, 0x5f, 0xf7, 0x7c,
+    0x03, 0x90, 0xe2, 0x12, 0xcb, 0x88, 0xc5, 0x97, 0xff, 0x64, 0x61, 0xc0,
+    0x79, 0xf6, 0xf0, 0x96, 0x5f, 0xb5, 0x9b, 0xf0, 0x7a, 0x3d, 0xd2, 0x17,
+    0xa6, 0x46, 0xbb, 0xc2, 0x62, 0xff, 0xfc, 0x22, 0x86, 0x17, 0xdb, 0x67,
+    0x3e, 0x4f, 0x05, 0x97, 0xfa, 0x41, 0x3e, 0xce, 0xe0, 0xb2, 0x99, 0x11,
+    0x04, 0xab, 0x5e, 0x4f, 0xbc, 0x11, 0x90, 0x7e, 0x15, 0xd7, 0xd1, 0x3c,
+    0x4e, 0xb2, 0xf4, 0x78, 0x62, 0xcb, 0x41, 0x65, 0xcf, 0xfd, 0xa6, 0xbc,
+    0x43, 0xd7, 0x4f, 0x16, 0x56, 0xd4, 0x4b, 0x12, 0x97, 0xcb, 0xaf, 0xfb,
+    0xce, 0x59, 0x14, 0x27, 0xb5, 0x97, 0xff, 0x79, 0xb5, 0x9c, 0x2c, 0xdf,
+    0xe6, 0x59, 0x7e, 0x2c, 0xe0, 0xb6, 0xe1, 0xfe, 0xc4, 0x73, 0x7e, 0xd7,
+    0x4e, 0xfd, 0x2a, 0x20, 0x65, 0xfc, 0xf1, 0x81, 0xc8, 0x68, 0xac, 0x1e,
+    0xbd, 0x9c, 0x16, 0x1f, 0x8e, 0xc9, 0xb5, 0xef, 0x3c, 0x36, 0xa3, 0x98,
+    0xa1, 0x63, 0x7f, 0xde, 0x6c, 0x2c, 0xe8, 0x78, 0xb2, 0x86, 0xba, 0x71,
+    0xd1, 0x74, 0x43, 0xa7, 0x94, 0x2c, 0x50, 0xd2, 0xfc, 0x72, 0x9b, 0xce,
+    0xaf, 0x7c, 0x52, 0xb2, 0xff, 0xf7, 0x9b, 0xf9, 0x87, 0xe4, 0xe0, 0xd9,
+    0x65, 0xdc, 0xe2, 0xcb, 0xe1, 0xf9, 0xce, 0xb2, 0xff, 0xb2, 0x30, 0xe0,
+    0xd3, 0xdf, 0xd6, 0x58, 0x1d, 0x22, 0xef, 0x48, 0xee, 0x2e, 0x44, 0x57,
+    0xf8, 0x1f, 0x68, 0xcf, 0x3d, 0x2c, 0xae, 0xd3, 0x4e, 0x78, 0x6b, 0x92,
+    0x15, 0xf8, 0x7b, 0x03, 0x8f, 0x60, 0x59, 0x7f, 0x75, 0xdf, 0xbb, 0x7d,
+    0xc5, 0x97, 0xe7, 0xd7, 0xf3, 0xa5, 0x97, 0xc3, 0x69, 0x8d, 0x65, 0xa7,
+    0x47, 0x94, 0x22, 0x8b, 0xff, 0x98, 0x7b, 0x73, 0x3b, 0x03, 0x97, 0xd6,
+    0x5a, 0x10, 0x3e, 0xce, 0x13, 0xd4, 0xa6, 0x24, 0xf0, 0xea, 0xa9, 0x64,
+    0x94, 0x64, 0xed, 0xf3, 0x47, 0x94, 0xe6, 0xa2, 0x8d, 0x12, 0xe6, 0x82,
+    0xcb, 0xfb, 0xbf, 0x8f, 0x30, 0xd5, 0x97, 0xf7, 0x9b, 0xfc, 0xcf, 0xac,
+    0xbe, 0xc8, 0x98, 0xeb, 0x28, 0x68, 0x94, 0xc1, 0x6e, 0x8b, 0xc3, 0x2d,
+    0xb4, 0xac, 0xbe, 0x92, 0x60, 0x2c, 0xb6, 0x78, 0xd8, 0x7c, 0x42, 0xff,
+    0x68, 0x9c, 0xc0, 0xfb, 0x31, 0x65, 0xc0, 0xde, 0xb2, 0xfd, 0xff, 0x0a,
+    0x31, 0x2c, 0xa1, 0x9f, 0xd7, 0x8d, 0xc4, 0x33, 0x7f, 0xf9, 0x81, 0xd7,
+    0x9b, 0xc5, 0x39, 0xac, 0x59, 0x7f, 0x87, 0xdc, 0x33, 0x0a, 0x35, 0x97,
+    0xfe, 0x84, 0xee, 0x66, 0xbf, 0xc9, 0x82, 0xcb, 0xfe, 0xec, 0x73, 0xc6,
+    0x1f, 0xa5, 0x65, 0xfe, 0x6f, 0xf1, 0xfb, 0x01, 0x8b, 0x2e, 0xd4, 0x6a,
+    0x8c, 0x15, 0x5e, 0x3d, 0xa7, 0x35, 0xbf, 0xf3, 0xeb, 0x08, 0x1c, 0xff,
+    0x3b, 0x59, 0x7f, 0xff, 0xff, 0x67, 0xfc, 0xe4, 0x6e, 0xde, 0x69, 0xdf,
+    0xfb, 0xf0, 0x7b, 0x70, 0xee, 0x5d, 0xc1, 0x71, 0x05, 0xaf, 0xfc, 0xee,
+    0x6f, 0x4e, 0x3d, 0xa6, 0x98, 0xb8, 0x82, 0xd7, 0xff, 0x79, 0xbc, 0xd2,
+    0x5f, 0xda, 0x69, 0x8b, 0x88, 0x2d, 0x7f, 0xa5, 0x8b, 0xfb, 0x4d, 0x31,
+    0x71, 0x05, 0xaf, 0xe3, 0xe0, 0xf6, 0x9a, 0x62, 0xe2, 0x0b, 0x5f, 0xff,
+    0xf3, 0x91, 0x31, 0xf6, 0xf3, 0xaf, 0x36, 0x98, 0xd8, 0xf0, 0xc5, 0xc4,
+    0x16, 0xbb, 0xbd, 0xa3, 0x4e, 0x7b, 0xa5, 0x1d, 0x2a, 0x3a, 0x19, 0x1f,
+    0xd4, 0xaa, 0xd1, 0xf1, 0xf9, 0x4a, 0x39, 0xbf, 0xcd, 0x26, 0xf3, 0xfc,
+    0xed, 0x65, 0xf3, 0xe8, 0x0e, 0xb2, 0xff, 0xef, 0x37, 0x9a, 0x4b, 0xfb,
+    0x4d, 0x31, 0x71, 0x05, 0xaf, 0xfa, 0x2e, 0x74, 0xd1, 0xed, 0x34, 0xc5,
+    0xc4, 0x16, 0xbf, 0x7f, 0x92, 0x7d, 0xbd, 0x22, 0x88, 0x35, 0x4b, 0xff,
+    0xdb, 0x7a, 0xf3, 0x75, 0x3f, 0xe6, 0xd3, 0x4c, 0x5c, 0x41, 0x6b, 0xff,
+    0xff, 0x88, 0x98, 0xfb, 0x45, 0x9b, 0x79, 0xd7, 0x9b, 0x4c, 0x6c, 0x78,
+    0x62, 0xe2, 0x0b, 0x56, 0x26, 0x53, 0xda, 0x23, 0xb0, 0x5f, 0xf7, 0x9b,
+    0x4c, 0x6c, 0x78, 0x62, 0xe2, 0x0b, 0x5f, 0xff, 0x3b, 0xf7, 0x0e, 0x79,
+    0x86, 0x39, 0xd4, 0xa4, 0xbf, 0xf6, 0x42, 0x02, 0xe6, 0x8a, 0x3d, 0x95,
+    0xc4, 0x16, 0xae, 0x91, 0xcf, 0xa4, 0x8e, 0x27, 0xdf, 0xfb, 0xa6, 0xd7,
+    0xdc, 0x1c, 0xda, 0x62, 0xe2, 0x0b, 0x5f, 0xde, 0x6f, 0x79, 0x80, 0xa8,
+    0x02, 0xd7, 0xec, 0x06, 0xd3, 0x4c, 0x5c, 0x41, 0x6b, 0xb3, 0xfd, 0x1f,
+    0x9f, 0x8e, 0xab, 0xb4, 0x78, 0xf2, 0x18, 0x77, 0xf1, 0xf0, 0x7b, 0x4d,
+    0x31, 0x71, 0x05, 0xaf, 0xfd, 0xd7, 0x9b, 0x4c, 0x6c, 0x78, 0x62, 0xe2,
+    0x0b, 0x5d, 0x9b, 0x5d, 0x11, 0xdc, 0x3f, 0xbf, 0xc2, 0x63, 0xb9, 0x77,
+    0x05, 0xc4, 0x16, 0xbf, 0xf6, 0x36, 0xfc, 0x2c, 0x1b, 0xc1, 0x71, 0x05,
+    0x8e, 0x78, 0x14, 0x35, 0xe1, 0x2d, 0x1b, 0x80, 0xd4, 0xa3, 0xec, 0xe4,
+    0x62, 0xff, 0x8c, 0x88, 0x50, 0xb7, 0x31, 0xbe, 0xe0, 0x4a, 0xa2, 0x0b,
+    0x04, 0x44, 0x5d, 0xcf, 0xd2, 0xca, 0x1b, 0x29, 0xc3, 0xa8, 0x49, 0x82,
+    0x93, 0x1f, 0xf3, 0x7a, 0xc6, 0x59, 0xac, 0x46, 0x9c, 0xa5, 0x58, 0xdd,
+    0x0d, 0xd5, 0x97, 0xa6, 0x1b, 0xab, 0x2a, 0x4d, 0xc9, 0x0d, 0x54, 0x6c,
+    0xd4, 0xf1, 0xb7, 0x77, 0x0a, 0x0d, 0x17, 0x82, 0x96, 0xfa, 0x4e, 0xd7,
+    0xfe, 0x81, 0x67, 0xfc, 0xd9, 0xdf, 0xd6, 0x5f, 0xc5, 0x0e, 0x7f, 0xd2,
+    0xb2, 0xff, 0xff, 0xd9, 0xff, 0x3c, 0x07, 0x9a, 0x6c, 0xde, 0x1e, 0xbc,
+    0xdd, 0xfd, 0x65, 0xcc, 0x6a, 0xca, 0xc4, 0x78, 0xb1, 0xf1, 0xcb, 0x7c,
+    0xdf, 0x7f, 0xa7, 0xcc, 0x67, 0x70, 0xe2, 0xcb, 0xf4, 0xff, 0x9e, 0x65,
+    0x97, 0xfe, 0xd6, 0x1b, 0xec, 0x38, 0xb5, 0x1a, 0xcb, 0xfe, 0xec, 0xb1,
+    0x8f, 0x84, 0x05, 0x97, 0xff, 0xff, 0xe7, 0x88, 0x9c, 0xcc, 0xde, 0xdc,
+    0xf6, 0x03, 0x67, 0x3f, 0xc7, 0x3e, 0x77, 0xf5, 0x97, 0xe8, 0x7f, 0x98,
+    0x4b, 0x2f, 0xff, 0x3f, 0x52, 0x43, 0x2c, 0xdf, 0xa6, 0xe2, 0xcb, 0xff,
+    0x72, 0x28, 0x08, 0x71, 0x40, 0x43, 0x59, 0x51, 0xaa, 0x10, 0x81, 0xa8,
+    0xc9, 0xf1, 0x04, 0xd3, 0x7e, 0xe1, 0x11, 0xe2, 0x7f, 0xa5, 0x5f, 0xf6,
+    0x7c, 0xcc, 0x21, 0xfa, 0x56, 0x5f, 0xfd, 0x3d, 0xc0, 0x33, 0xf3, 0xf3,
+    0xd9, 0x8b, 0x2f, 0xd0, 0xdd, 0xdd, 0x14, 0x6b, 0x2d, 0xe6, 0x3f, 0x97,
+    0x49, 0xbe, 0xf9, 0x49, 0xd6, 0x5f, 0xb5, 0x3d, 0xc3, 0x8b, 0x2a, 0x34,
+    0xc8, 0x61, 0x0b, 0x16, 0x26, 0xd1, 0x0d, 0xff, 0x49, 0xbe, 0xc2, 0x2c,
+    0xed, 0x65, 0xe3, 0xbf, 0xd6, 0x5c, 0xfc, 0x59, 0x77, 0x3a, 0x59, 0x7a,
+    0x0d, 0xf5, 0x97, 0xff, 0xbe, 0xc4, 0x28, 0x67, 0x01, 0xff, 0xf6, 0xb2,
+    0xc5, 0x11, 0xf3, 0x86, 0x39, 0x7f, 0xdc, 0x7e, 0xf6, 0x45, 0xe6, 0xd2,
+    0xcb, 0xfb, 0x34, 0x03, 0xb7, 0x16, 0x5c, 0x2e, 0x7c, 0xfa, 0xb6, 0x4f,
+    0x6f, 0x4b, 0x1d, 0x65, 0x8d, 0x59, 0x6c, 0xe8, 0xd6, 0xe8, 0x6e, 0xff,
+    0xed, 0xfb, 0xe7, 0x8f, 0xee, 0xe1, 0x9f, 0x59, 0x58, 0x9b, 0x08, 0x21,
+    0x27, 0xb2, 0xbc, 0x19, 0x3d, 0xfc, 0x28, 0xa4, 0xb8, 0xcb, 0x2f, 0xf1,
+    0x07, 0x9a, 0x29, 0x3a, 0xcb, 0xf8, 0x5f, 0x29, 0xff, 0x16, 0x56, 0x1e,
+    0xf8, 0x0c, 0xaa, 0x0a, 0xc1, 0x4d, 0x1c, 0xf0, 0xb0, 0x23, 0xe0, 0x24,
+    0x6e, 0x42, 0x32, 0xa5, 0x75, 0xff, 0x23, 0x9b, 0xed, 0x0d, 0xe5, 0x9e,
+    0xde, 0x3b, 0x71, 0x65, 0xff, 0xb9, 0x9e, 0x68, 0x30, 0xf0, 0xeb, 0x2f,
+    0xd0, 0x9d, 0xef, 0xe5, 0x95, 0x1a, 0x20, 0x8d, 0x1c, 0x73, 0xdb, 0xff,
+    0xb3, 0xbf, 0xf1, 0x8a, 0x40, 0xe7, 0x59, 0x7d, 0xbb, 0x99, 0x1a, 0xcb,
+    0xff, 0xf6, 0x7f, 0xcd, 0xb4, 0xd7, 0xda, 0x58, 0x63, 0x81, 0x65, 0xf1,
+    0xc7, 0x87, 0x59, 0x4b, 0x2f, 0xf3, 0x78, 0xb3, 0xf2, 0x05, 0x97, 0xbc,
+    0x30, 0xce, 0x6f, 0x3e, 0x17, 0x7f, 0xdb, 0xd8, 0x86, 0x2f, 0x61, 0xd6,
+    0x5f, 0xcf, 0xe6, 0xe4, 0xc1, 0x65, 0x6d, 0x47, 0xc4, 0xaf, 0x61, 0xa7,
+    0x0e, 0xaf, 0xfc, 0x17, 0xc2, 0x2c, 0x0e, 0x48, 0x0b, 0x2f, 0xc7, 0x3b,
+    0x3c, 0x16, 0x5f, 0xec, 0xf3, 0x71, 0x85, 0x05, 0x95, 0x1a, 0xa8, 0xff,
+    0x21, 0x91, 0x2f, 0xe3, 0x51, 0x11, 0xee, 0xf4, 0x0d, 0xd2, 0x7b, 0xee,
+    0xf9, 0x3d, 0xac, 0xbf, 0xf4, 0x33, 0xb8, 0x6a, 0x7e, 0xff, 0x59, 0x78,
+    0xf3, 0x05, 0x97, 0xec, 0x1f, 0x84, 0x62, 0xca, 0xda, 0x8a, 0x88, 0x89,
+    0x1c, 0xfc, 0x87, 0x2f, 0xfb, 0xaf, 0x30, 0xfd, 0x3f, 0xe2, 0xcb, 0xc3,
+    0x7f, 0xac, 0xbf, 0xff, 0x7f, 0xf9, 0x14, 0x32, 0x3d, 0xbd, 0xc9, 0x4f,
+    0x16, 0x5f, 0xfe, 0xfe, 0x45, 0x0c, 0x8f, 0xb9, 0x29, 0xe2, 0xcb, 0xc5,
+    0x3d, 0xed, 0x45, 0x27, 0xd6, 0x6f, 0xfd, 0xc9, 0x29, 0x87, 0xfd, 0x84,
+    0xb2, 0xb4, 0x9d, 0x51, 0xcf, 0x9c, 0xe8, 0x10, 0xc0, 0xe1, 0xb5, 0xe6,
+    0xd9, 0xc5, 0x97, 0x9b, 0xbf, 0xac, 0xbd, 0xe8, 0xd9, 0x65, 0xd8, 0x67,
+    0x0d, 0xd0, 0x87, 0x6f, 0xfd, 0xa2, 0x73, 0x1f, 0x5a, 0xce, 0xd6, 0x5f,
+    0xe6, 0xd1, 0xe7, 0x08, 0x6b, 0x2e, 0x63, 0x56, 0x57, 0x8f, 0x20, 0x8c,
+    0x6f, 0xee, 0x30, 0xf0, 0xce, 0x2c, 0xbf, 0x9f, 0x4e, 0x36, 0xc5, 0x97,
+    0x68, 0x0b, 0x2e, 0xc3, 0x16, 0x53, 0x9a, 0xef, 0x8b, 0xd4, 0xa7, 0xa9,
+    0x1a, 0xc0, 0xcb, 0x72, 0x10, 0xfd, 0x90, 0xf8, 0xbb, 0xeb, 0x37, 0xe7,
+    0x2f, 0xf2, 0x56, 0x5c, 0xec, 0xb2, 0xb4, 0x6e, 0xce, 0x4d, 0x5d, 0xa3,
+    0x18, 0x10, 0xa5, 0xbe, 0x33, 0x3c, 0xeb, 0x2f, 0x8d, 0xd3, 0x18, 0xb2,
+    0xfd, 0x1b, 0xfa, 0x77, 0x16, 0x5f, 0xf1, 0xb8, 0x53, 0x0f, 0xe7, 0x4b,
+    0x2f, 0xd1, 0xff, 0x67, 0x3e, 0xb2, 0xb6, 0x24, 0x5a, 0x61, 0x23, 0x15,
+    0x88, 0xe6, 0xfe, 0x37, 0xd3, 0xdf, 0xf1, 0x65, 0xfe, 0x2c, 0x1f, 0xa4,
+    0xc2, 0x59, 0x52, 0x7c, 0x3a, 0x2f, 0xbf, 0xff, 0xda, 0x9f, 0x4e, 0xb5,
+    0x31, 0xfd, 0xdc, 0xdc, 0xef, 0xeb, 0x2a, 0x59, 0x51, 0xf9, 0x2b, 0x01,
+    0xa5, 0x61, 0xbc, 0xae, 0x90, 0x14, 0x94, 0x35, 0x85, 0x0a, 0x10, 0xc8,
+    0x6f, 0x8a, 0x2e, 0x62, 0xcb, 0xf4, 0x32, 0x3f, 0xca, 0xcb, 0xff, 0xfa,
+    0x7e, 0x1c, 0x63, 0xcf, 0xce, 0xf6, 0xf8, 0x26, 0x0b, 0x2f, 0xfd, 0x31,
+    0x9f, 0xcd, 0xad, 0x3c, 0x16, 0x54, 0x68, 0x9d, 0x25, 0xea, 0x59, 0x4c,
+    0x98, 0xac, 0x44, 0x45, 0x0c, 0x5d, 0x92, 0x3b, 0xfd, 0x1c, 0x72, 0x5d,
+    0xe7, 0xd6, 0x5f, 0x87, 0x98, 0x5d, 0x2c, 0xbf, 0x77, 0xf2, 0x7f, 0x2c,
+    0xba, 0x62, 0x59, 0x51, 0x9f, 0x34, 0x09, 0xc0, 0x51, 0x58, 0x98, 0x83,
+    0x22, 0x8a, 0x13, 0x77, 0xff, 0x68, 0x85, 0xdf, 0xcb, 0x23, 0x72, 0x59,
+    0x7f, 0xff, 0x0f, 0xc2, 0x8d, 0xb3, 0x5a, 0xc9, 0xee, 0x0c, 0x75, 0x97,
+    0xf9, 0xe2, 0x21, 0x7c, 0xa5, 0x65, 0xfc, 0x30, 0xff, 0xf6, 0x31, 0x65,
+    0xc5, 0x12, 0xca, 0x73, 0xc7, 0x11, 0x85, 0xde, 0x35, 0x65, 0xff, 0x7a,
+    0x7b, 0x2c, 0x1b, 0xc1, 0x65, 0xe7, 0xd4, 0x6b, 0x2e, 0x04, 0xac, 0xbe,
+    0x69, 0x3e, 0x2c, 0xa5, 0x97, 0xf3, 0x9b, 0xf9, 0xd0, 0x16, 0x50, 0xcd,
+    0xc9, 0x05, 0xdf, 0xff, 0xe9, 0x61, 0x94, 0x8b, 0xaf, 0xe7, 0x43, 0x9e,
+    0x83, 0x3a, 0xcb, 0x81, 0x2b, 0x2e, 0x93, 0x56, 0x5f, 0xf6, 0x7f, 0x92,
+    0x70, 0xf2, 0x25, 0x97, 0xfb, 0x99, 0xe6, 0xe0, 0xa3, 0x59, 0x71, 0x86,
+    0x24, 0xbf, 0xe2, 0xcd, 0xef, 0x0e, 0x30, 0xd6, 0x57, 0x49, 0xfe, 0x30,
+    0xee, 0x85, 0x8e, 0xb3, 0xe2, 0x00, 0x31, 0x85, 0xc5, 0x88, 0x5f, 0x87,
+    0x46, 0x1a, 0x06, 0x33, 0x78, 0xc3, 0x0c, 0x49, 0x63, 0xa4, 0x08, 0x68,
+    0x2f, 0x3b, 0xe9, 0x20, 0x44, 0x70, 0x87, 0x0b, 0xeb, 0xff, 0xfc, 0x07,
+    0xf3, 0xb7, 0x85, 0xe9, 0xe9, 0xbb, 0x83, 0x1d, 0x65, 0x0d, 0x5e, 0x87,
+    0x43, 0x11, 0x4b, 0x15, 0xfa, 0x15, 0x46, 0xba, 0xa5, 0xd2, 0x27, 0x6b,
+    0x9e, 0x79, 0x79, 0x7e, 0x37, 0xff, 0xe8, 0x4e, 0x80, 0x3d, 0x63, 0x1b,
+    0xcf, 0x49, 0xd6, 0x5f, 0xdf, 0x9c, 0xf6, 0x46, 0xb2, 0xec, 0x3a, 0xca,
+    0xc4, 0x4c, 0xf6, 0xad, 0xc2, 0xdb, 0xff, 0xb3, 0xde, 0x76, 0xfc, 0xe1,
+    0x44, 0xb2, 0x82, 0xaf, 0xb5, 0x65, 0x33, 0x9f, 0x71, 0xc3, 0x1a, 0x13,
+    0x8b, 0x43, 0x63, 0xc9, 0xef, 0x43, 0x65, 0xce, 0x77, 0x2c, 0x9d, 0xa7,
+    0x74, 0x22, 0x86, 0xb6, 0xa1, 0xba, 0x78, 0xde, 0x7d, 0x4d, 0x23, 0x7a,
+    0x72, 0x08, 0x23, 0x5b, 0x29, 0xfc, 0xae, 0x52, 0xd7, 0x3f, 0x2a, 0xd4,
+    0x53, 0xb0, 0xdb, 0xe1, 0xdf, 0xb2, 0x61, 0x70, 0x7f, 0x59, 0x7f, 0x60,
+    0x00, 0xda, 0x82, 0xcb, 0xde, 0x11, 0xab, 0x2e, 0xeb, 0x16, 0x5f, 0xb2,
+    0x29, 0xef, 0x8b, 0x28, 0x68, 0x8b, 0x62, 0xd7, 0x1e, 0xe0, 0xbd, 0xff,
+    0xa4, 0xfb, 0x2f, 0x1e, 0x0d, 0x8c, 0x59, 0x76, 0x18, 0xb2, 0xe9, 0xfa,
+    0xcb, 0xff, 0xe6, 0x29, 0x06, 0x08, 0x2e, 0xde, 0x6d, 0x41, 0x65, 0x46,
+    0x7f, 0xdd, 0x0b, 0xf0, 0x5a, 0xf9, 0xfc, 0xe0, 0x59, 0x63, 0xac, 0xa8,
+    0x26, 0x47, 0x90, 0xc0, 0xd1, 0x8f, 0xc8, 0x6f, 0xf4, 0x18, 0xb0, 0xe2,
+    0xf2, 0xcb, 0xf7, 0x9d, 0x89, 0xd6, 0x5f, 0xfb, 0x3f, 0xcf, 0x31, 0xdf,
+    0x34, 0xb2, 0xec, 0x1a, 0xca, 0x94, 0x55, 0x1a, 0x64, 0x44, 0xbb, 0xcf,
+    0x6f, 0xd9, 0xb7, 0x01, 0xf5, 0x97, 0xdb, 0x7f, 0x3b, 0xd6, 0x5f, 0x0c,
+    0xa4, 0x35, 0x97, 0xdd, 0x49, 0xd9, 0x65, 0x6d, 0x3c, 0x4c, 0x22, 0xbc,
+    0x7c, 0xfa, 0xcb, 0xf6, 0x18, 0xd2, 0x35, 0x95, 0x87, 0x86, 0xc3, 0x97,
+    0xf7, 0xa4, 0x36, 0x98, 0xd6, 0x5f, 0xf3, 0x6f, 0xd6, 0x45, 0x9d, 0xfd,
+    0x65, 0x74, 0x7d, 0x5e, 0x2e, 0xb9, 0xcd, 0x59, 0x5a, 0x37, 0x5f, 0x23,
+    0xbe, 0x73, 0xbc, 0x4b, 0x2f, 0xff, 0x44, 0xd1, 0x6d, 0x6e, 0xf8, 0xe1,
+    0xb1, 0xd6, 0x5f, 0x9a, 0x4c, 0x98, 0x96, 0x5f, 0xed, 0xbe, 0x70, 0x01,
+    0xbc, 0xb2, 0xf9, 0xff, 0xdf, 0x16, 0x54, 0xa3, 0x3d, 0x93, 0xdc, 0xa0,
+    0x8d, 0x6f, 0xff, 0xfc, 0xf1, 0x0a, 0x02, 0xeb, 0x6f, 0x9b, 0xff, 0x9e,
+    0xe6, 0x39, 0xe2, 0xcb, 0xf1, 0x3e, 0xe4, 0x71, 0x2c, 0xbe, 0x8b, 0x93,
+    0xf5, 0x95, 0xd2, 0x30, 0x62, 0x72, 0x11, 0x65, 0xff, 0xc4, 0xff, 0x6d,
+    0x7a, 0x4f, 0xc7, 0x59, 0x4b, 0x28, 0x47, 0x9a, 0x62, 0x15, 0xff, 0xd0,
+    0xf4, 0xea, 0x39, 0xff, 0x1e, 0x0b, 0x2f, 0x89, 0xdf, 0x7a, 0xc9, 0x3c,
+    0x5b, 0xfa, 0x7a, 0xff, 0x1f, 0xb5, 0x97, 0xde, 0xc7, 0x8d, 0x65, 0xf6,
+    0x1d, 0xfb, 0x59, 0x5b, 0x88, 0xa5, 0x23, 0x2e, 0x17, 0x86, 0x45, 0x79,
+    0xbb, 0x89, 0x65, 0xf0, 0x82, 0xe7, 0x65, 0x97, 0xec, 0xc8, 0xc5, 0xc5,
+    0x97, 0xda, 0x26, 0x02, 0xcb, 0xe6, 0xe9, 0xf4, 0xb2, 0xe9, 0x02, 0xcb,
+    0xe1, 0x46, 0x20, 0x9e, 0x37, 0x01, 0x91, 0x53, 0x22, 0x5b, 0xcb, 0x36,
+    0x02, 0xcb, 0xb3, 0xa5, 0x97, 0xec, 0xd6, 0x9b, 0x4b, 0x2b, 0x70, 0xf3,
+    0xfc, 0x22, 0x01, 0x7b, 0xe9, 0xef, 0x3a, 0x59, 0x7e, 0x0d, 0xa7, 0x8e,
+    0xb2, 0x9c, 0xf2, 0x84, 0x47, 0x7f, 0xde, 0x7e, 0x79, 0xa3, 0x72, 0x59,
+    0x7c, 0xf1, 0x87, 0x05, 0x94, 0x15, 0x65, 0x96, 0x6c, 0x70, 0xa3, 0x98,
+    0xd7, 0xa1, 0x0e, 0xc1, 0x9f, 0x61, 0x49, 0xad, 0x5d, 0xb3, 0x34, 0x31,
+    0x37, 0x08, 0x62, 0x87, 0x8e, 0xa1, 0xf5, 0xe7, 0xf7, 0x8c, 0x34, 0x08,
+    0x01, 0x71, 0xee, 0x13, 0x7e, 0x17, 0xc2, 0x71, 0x31, 0xf0, 0x32, 0x1d,
+    0xd3, 0x8b, 0xfd, 0x84, 0xc0, 0xe7, 0x99, 0x65, 0xb7, 0x16, 0x5f, 0x0c,
+    0xef, 0x05, 0x94, 0xc6, 0xd8, 0x42, 0x95, 0xb5, 0x10, 0xe4, 0xcf, 0x79,
+    0xa3, 0x12, 0xcb, 0x9e, 0x56, 0x5f, 0xa4, 0x0d, 0xde, 0x2c, 0xb8, 0xe2,
+    0x59, 0x7e, 0x7f, 0xf8, 0x44, 0xb2, 0xe3, 0xef, 0x59, 0x7f, 0xc2, 0x76,
+    0x27, 0xfb, 0xf9, 0x65, 0x6d, 0x46, 0x4c, 0x8a, 0xb1, 0x3f, 0x85, 0xc8,
+    0x9f, 0x83, 0x37, 0xff, 0x4f, 0x18, 0x13, 0xa6, 0xf4, 0x8d, 0x65, 0xe7,
+    0x10, 0x5d, 0x65, 0xff, 0xb3, 0xa2, 0xce, 0x6c, 0xe6, 0xa5, 0x65, 0x0d,
+    0x1f, 0x04, 0xad, 0xf4, 0x20, 0xc8, 0x2f, 0xff, 0x40, 0xa7, 0x69, 0xca,
+    0x4d, 0xfb, 0x46, 0xb2, 0xfb, 0x05, 0xa8, 0xd6, 0x5f, 0x9c, 0xf9, 0xe3,
+    0xac, 0xae, 0xd1, 0x2d, 0xa4, 0xcf, 0x91, 0xd8, 0xc5, 0x97, 0xbf, 0xa9,
+    0x59, 0x7b, 0x8f, 0xf5, 0x97, 0xd9, 0x18, 0x70, 0x59, 0x78, 0x32, 0x02,
+    0xca, 0xec, 0xf7, 0x48, 0x73, 0xe4, 0x97, 0xf7, 0xf7, 0xe1, 0x60, 0xd6,
+    0x54, 0x47, 0xbb, 0xc2, 0xfb, 0xf7, 0x32, 0x0d, 0xa5, 0x97, 0xe8, 0xa0,
+    0xfd, 0xf1, 0x65, 0x61, 0xe8, 0xf0, 0x9e, 0xf0, 0xb7, 0x37, 0x56, 0x5b,
+    0x7a, 0xcb, 0xfe, 0xd7, 0x9c, 0x37, 0xf3, 0x01, 0x65, 0x49, 0xe6, 0x30,
+    0x9d, 0xfc, 0xc5, 0x1f, 0x85, 0xc5, 0x95, 0xe3, 0xce, 0xf9, 0x05, 0xdb,
+    0x9b, 0xab, 0x2f, 0x72, 0x11, 0xac, 0xa8, 0xd3, 0x1a, 0xc8, 0x5e, 0x88,
+    0x88, 0x31, 0xda, 0x95, 0xde, 0x18, 0x12, 0x64, 0x7b, 0xcd, 0x0d, 0x38,
+    0x8c, 0x4e, 0x24, 0xf0, 0xd6, 0x27, 0x4f, 0xc6, 0x77, 0x7a, 0x5b, 0x4b,
+    0x2e, 0xda, 0x1a, 0xca, 0x39, 0xb5, 0x71, 0xbb, 0x9b, 0x7a, 0xcb, 0xd1,
+    0x37, 0x96, 0x5f, 0xd3, 0xa7, 0x89, 0xbc, 0xb2, 0xfd, 0xc1, 0xc9, 0x46,
+    0xe7, 0x95, 0xc1, 0xdb, 0xff, 0xdf, 0xfc, 0x94, 0x9a, 0x6c, 0xc3, 0x70,
+    0xeb, 0x2f, 0xec, 0x8e, 0x7d, 0xe9, 0x59, 0x7e, 0xc8, 0xbd, 0x84, 0xb2,
+    0xfd, 0x81, 0x90, 0x80, 0xb2, 0xfc, 0x07, 0x78, 0x1d, 0x65, 0x49, 0xe7,
+    0xe1, 0x45, 0xf3, 0x19, 0x9a, 0x59, 0x4c, 0x99, 0x9e, 0x93, 0xbc, 0x5a,
+    0x4e, 0xdc, 0x20, 0xbc, 0x79, 0x3a, 0xca, 0xc5, 0x47, 0x1d, 0xb1, 0x6a,
+    0x37, 0x13, 0xa4, 0xdf, 0x1f, 0x5a, 0x95, 0x97, 0xff, 0xdf, 0xfc, 0x9f,
+    0x3d, 0xe9, 0x62, 0x93, 0xac, 0xbf, 0x73, 0x8e, 0x50, 0x59, 0x7f, 0x36,
+    0xb8, 0x1c, 0x81, 0x65, 0xff, 0xd9, 0xff, 0x37, 0xfd, 0x85, 0x20, 0x59,
+    0x6d, 0xfb, 0x51, 0x2e, 0x02, 0x72, 0x2e, 0xbf, 0xfd, 0x0d, 0xb8, 0x36,
+    0xe7, 0x7f, 0x13, 0xf1, 0x65, 0xff, 0x73, 0x3f, 0x27, 0x6d, 0x41, 0x65,
+    0x76, 0x9d, 0x13, 0x43, 0x90, 0x8e, 0x7e, 0x9b, 0x7e, 0xf0, 0x8a, 0x77,
+    0xac, 0xbf, 0x89, 0xff, 0x09, 0x35, 0x65, 0x49, 0xeb, 0x06, 0x53, 0x7e,
+    0xd8, 0xe4, 0xd9, 0x31, 0x65, 0xc7, 0xe2, 0xcb, 0xe8, 0xf6, 0xee, 0xf4,
+    0xb2, 0xfe, 0xf3, 0x19, 0x9d, 0xfd, 0x65, 0xff, 0xee, 0x4e, 0xba, 0xff,
+    0x1b, 0xfe, 0xc1, 0xac, 0xbe, 0xcc, 0xee, 0x0b, 0x2f, 0x71, 0xa2, 0x59,
+    0x44, 0x6f, 0xf8, 0x45, 0x7e, 0x6d, 0xfa, 0xc3, 0xac, 0xa3, 0x4f, 0x27,
+    0xc4, 0x16, 0xe2, 0xcb, 0xf9, 0xdf, 0x46, 0x67, 0x96, 0x5f, 0xe6, 0x9f,
+    0xe6, 0xf7, 0x1a, 0xcb, 0xfd, 0xe9, 0xd3, 0x74, 0xdb, 0xd6, 0x54, 0x48,
+    0x95, 0xd1, 0x6f, 0xcc, 0xef, 0xfd, 0x19, 0x4f, 0x6c, 0x32, 0x98, 0xd6,
+    0x5f, 0xe0, 0x73, 0xe5, 0x27, 0xe2, 0xcb, 0xfc, 0x79, 0xf3, 0xf2, 0x77,
+    0x16, 0x54, 0x9f, 0x43, 0x99, 0xd3, 0xa3, 0x1c, 0xa1, 0x4f, 0x43, 0x55,
+    0xd3, 0xd1, 0x7e, 0xa1, 0xa6, 0x72, 0x3f, 0x42, 0x98, 0xa1, 0xf1, 0x7c,
+    0x69, 0x83, 0x3a, 0xcb, 0xf6, 0xdf, 0x4e, 0xa0, 0xb2, 0xb6, 0xb2, 0x4a,
+    0xa6, 0x52, 0xc4, 0x68, 0xb9, 0x1e, 0x27, 0x50, 0x98, 0xec, 0x8a, 0x22,
+    0xe3, 0x8b, 0xbc, 0xb1, 0x3f, 0xb4, 0x18, 0x4b, 0x78, 0xfc, 0x95, 0x97,
+    0xf4, 0x71, 0x43, 0x63, 0xd4, 0x6b, 0x2f, 0x8f, 0x8f, 0xe5, 0x96, 0x8d,
+    0x65, 0xfb, 0xfe, 0x63, 0xe9, 0x65, 0x40, 0xdd, 0x68, 0x4a, 0xf7, 0x86,
+    0xcb, 0x2f, 0xde, 0xc6, 0x87, 0x16, 0x5f, 0xff, 0x7a, 0x43, 0x09, 0xf2,
+    0x70, 0x73, 0x92, 0x04, 0x97, 0xec, 0xfb, 0x88, 0x2e, 0xb2, 0xdb, 0x8b,
+    0x2f, 0xda, 0xe9, 0xdf, 0xa5, 0xc4, 0x08, 0xbd, 0xc9, 0xed, 0x65, 0xf3,
+    0x73, 0x50, 0x59, 0x60, 0x4a, 0x22, 0x70, 0x53, 0xb3, 0x63, 0x8e, 0xdf,
+    0x16, 0x19, 0xba, 0xb2, 0xe6, 0x8d, 0x65, 0x31, 0xbc, 0xf9, 0x2d, 0xe1,
+    0x17, 0x4b, 0x2f, 0xff, 0xb3, 0xcd, 0xaf, 0x3f, 0x1b, 0xf2, 0x5d, 0x2c,
+    0xbe, 0x8c, 0x9c, 0xeb, 0x2e, 0x72, 0x59, 0x52, 0x6d, 0xe3, 0x22, 0xa8,
+    0x2a, 0x8e, 0x19, 0x3f, 0x6a, 0x5a, 0x85, 0xa1, 0xdf, 0xbc, 0x41, 0xc1,
+    0xdf, 0xc2, 0x16, 0xfe, 0x7d, 0x66, 0xfc, 0x1a, 0xcb, 0xf7, 0x4e, 0x6f,
+    0x99, 0x65, 0x00, 0xf5, 0xc8, 0xba, 0xfb, 0x43, 0x63, 0xac, 0xbc, 0x37,
+    0x82, 0xcb, 0x41, 0x65, 0x49, 0xad, 0xdd, 0x1c, 0xbe, 0xfc, 0x6e, 0x4b,
+    0x2f, 0x1e, 0x7a, 0x59, 0x73, 0x9a, 0xb2, 0xb0, 0xda, 0x10, 0xed, 0xa0,
+    0xb2, 0xfe, 0xc8, 0xc5, 0xfd, 0xff, 0x59, 0x52, 0x78, 0x46, 0x88, 0xdf,
+    0xf3, 0xc3, 0x53, 0x1b, 0xeb, 0xa5, 0x96, 0x65, 0x97, 0xff, 0xe7, 0xec,
+    0x1d, 0x79, 0xa2, 0x27, 0x33, 0xf9, 0xe5, 0x97, 0x8d, 0x6f, 0xac, 0xbd,
+    0xc7, 0xfa, 0xca, 0x94, 0x50, 0xe0, 0x81, 0xab, 0x1d, 0x8e, 0xdd, 0xb7,
+    0xcb, 0x2f, 0xdf, 0x61, 0x8a, 0x56, 0x5f, 0x3c, 0x30, 0x6b, 0x28, 0xe7,
+    0x90, 0x44, 0xf7, 0x8f, 0xfe, 0x96, 0x5b, 0xf2, 0x6f, 0xf0, 0x86, 0xfe,
+    0xfe, 0x45, 0x07, 0x02, 0xcb, 0xfa, 0x4f, 0x86, 0xcf, 0x16, 0x54, 0x6a,
+    0xcd, 0x30, 0x8f, 0xa5, 0x6d, 0x30, 0x9c, 0x8b, 0xd0, 0xdb, 0x01, 0xe9,
+    0x42, 0x83, 0x84, 0xbf, 0x2e, 0xbc, 0xc7, 0x95, 0x97, 0xfe, 0x1c, 0x36,
+    0xe4, 0xf5, 0xd6, 0x12, 0xcb, 0xa4, 0xeb, 0x2f, 0x66, 0xb1, 0x65, 0x74,
+    0x6c, 0x4e, 0x2d, 0x7f, 0xc0, 0xf6, 0x77, 0x0f, 0xb4, 0x4b, 0x2b, 0x0f,
+    0x74, 0x44, 0x57, 0x64, 0x6b, 0x2c, 0x25, 0x94, 0x33, 0x51, 0xa1, 0x7b,
+    0xfd, 0x38, 0x5f, 0xe6, 0xce, 0xf5, 0x97, 0xf4, 0xee, 0x79, 0x9e, 0x0b,
+    0x2f, 0x4f, 0x36, 0x9c, 0xf9, 0x88, 0xde, 0xfe, 0x73, 0x39, 0xc9, 0x02,
+    0xca, 0xf1, 0xf1, 0x11, 0xa5, 0xe9, 0x7d, 0x2c, 0xbf, 0xf7, 0x9c, 0xbf,
+    0xc2, 0x13, 0x86, 0xb2, 0xff, 0xb5, 0xa6, 0xee, 0x1f, 0x7e, 0xd6, 0x5e,
+    0xd9, 0x73, 0x56, 0x5f, 0xf4, 0x9e, 0x19, 0x1e, 0x08, 0x2e, 0xb2, 0xff,
+    0xa4, 0x0d, 0x0f, 0x31, 0x01, 0x65, 0xa3, 0x59, 0x73, 0xff, 0x47, 0x92,
+    0x17, 0x37, 0xac, 0x46, 0xbb, 0x10, 0x3c, 0x21, 0xaf, 0x19, 0x21, 0xac,
+    0xbf, 0xf9, 0xf8, 0x1f, 0xd8, 0x85, 0x0c, 0xe2, 0xcb, 0x88, 0x6b, 0xab,
+    0xe9, 0x52, 0x7c, 0xee, 0x89, 0x70, 0x1d, 0x65, 0xf4, 0x05, 0x26, 0xac,
+    0xb0, 0x16, 0x56, 0x1b, 0x47, 0x23, 0xa9, 0x57, 0x6a, 0x38, 0x74, 0x9a,
+    0x43, 0xd0, 0xdb, 0x1f, 0x6a, 0x31, 0x2f, 0x19, 0x02, 0x10, 0xa4, 0x41,
+    0xf4, 0xab, 0xfc, 0x3f, 0x39, 0xc3, 0x92, 0x59, 0x7f, 0x7b, 0x21, 0xe6,
+    0xde, 0xb2, 0xb7, 0x0f, 0x8b, 0xe6, 0x76, 0x25, 0x97, 0xb4, 0x28, 0xd6,
+    0x54, 0x0d, 0x71, 0xc4, 0x2f, 0xff, 0x89, 0x8d, 0x09, 0xcf, 0xf8, 0x4f,
+    0x08, 0x4a, 0xca, 0x93, 0xf3, 0xc2, 0x1b, 0xf7, 0xb3, 0xfc, 0x95, 0x96,
+    0xde, 0xb2, 0xfc, 0x5f, 0x16, 0x79, 0x65, 0x84, 0xb2, 0x96, 0x56, 0xd2,
+    0xf0, 0x42, 0x35, 0x27, 0xcb, 0x1a, 0x1d, 0xdb, 0xac, 0xb2, 0xed, 0xf2,
+    0xb2, 0xc2, 0x59, 0x76, 0x69, 0x65, 0xb8, 0x03, 0x4f, 0xf1, 0x1a, 0x8d,
+    0x59, 0x24, 0x21, 0xfc, 0x6c, 0x31, 0xba, 0x20, 0x88, 0x9f, 0x4f, 0x0e,
+    0x45, 0xc1, 0x9f, 0x9f, 0xde, 0x1b, 0xc1, 0x65, 0xcd, 0xa5, 0x95, 0x86,
+    0xcb, 0xc3, 0x97, 0xfd, 0xbc, 0xb3, 0x86, 0xeb, 0x38, 0xb2, 0xf8, 0x89,
+    0x8e, 0xb2, 0xb0, 0xf6, 0xdc, 0xee, 0xf6, 0x6f, 0x0d, 0x65, 0xcd, 0xe5,
+    0x97, 0x3c, 0x16, 0x5f, 0xf8, 0x4e, 0x79, 0xd7, 0x18, 0xa2, 0x59, 0x43,
+    0x3d, 0x42, 0x16, 0xbe, 0x73, 0xe1, 0xd6, 0x5f, 0x31, 0xe7, 0x71, 0x65,
+    0xcd, 0xad, 0xa7, 0x8b, 0x84, 0x34, 0x34, 0x7f, 0x63, 0x57, 0x99, 0xaf,
+    0xef, 0xe7, 0x3c, 0x2e, 0x2c, 0xbf, 0x31, 0xdc, 0xb1, 0x65, 0xe0, 0x3f,
+    0xd6, 0x5e, 0x69, 0x82, 0xca, 0xda, 0xd9, 0xe2, 0x85, 0x07, 0x24, 0xde,
+    0x0b, 0x63, 0x21, 0xc9, 0x55, 0x46, 0xc3, 0x57, 0xa2, 0x16, 0x97, 0x07,
+    0xa8, 0x4b, 0x9c, 0x6f, 0xd0, 0xcf, 0x79, 0xf2, 0x20, 0x42, 0xfc, 0x9e,
+    0xf8, 0x40, 0x28, 0xc7, 0x4c, 0x2f, 0xd9, 0x2e, 0x0c, 0x97, 0x74, 0x72,
+    0xff, 0xef, 0xcb, 0x79, 0xf5, 0x26, 0xe4, 0x4b, 0x2f, 0xc3, 0x9f, 0x48,
+    0x6b, 0x29, 0xcf, 0xb0, 0x48, 0x97, 0xfc, 0xfc, 0x2c, 0xde, 0xde, 0x12,
+    0xcb, 0xfb, 0x3d, 0x9d, 0x0b, 0x16, 0x5f, 0xf1, 0x67, 0xe7, 0x7b, 0x10,
+    0x16, 0x5f, 0xef, 0xce, 0xf6, 0xfc, 0x25, 0x65, 0xff, 0xfd, 0x81, 0xce,
+    0x80, 0xdf, 0xd0, 0x8f, 0xcf, 0xe6, 0x96, 0x56, 0x22, 0x40, 0x8d, 0x2f,
+    0xc3, 0x72, 0xcd, 0xc5, 0x95, 0x89, 0x89, 0x02, 0x19, 0x1c, 0x21, 0xa5,
+    0x97, 0xe6, 0xff, 0x05, 0xb8, 0xb2, 0xda, 0x39, 0xb6, 0xf0, 0x5d, 0xf3,
+    0x7e, 0x60, 0xb2, 0xff, 0x09, 0xda, 0x12, 0x5d, 0x2c, 0xac, 0x3f, 0xaf,
+    0x13, 0xf0, 0x86, 0xf7, 0xb0, 0x0b, 0x2f, 0xfc, 0xda, 0xf3, 0xf0, 0xdd,
+    0x7f, 0xa5, 0x97, 0xe6, 0xfc, 0xff, 0x89, 0x2f, 0xba, 0x9f, 0xf1, 0x25,
+    0xc6, 0x18, 0x92, 0xa0, 0x7c, 0x78, 0x4e, 0x61, 0x1d, 0x24, 0x08, 0x6b,
+    0xea, 0x09, 0x86, 0x78, 0x70, 0xc8, 0x69, 0xde, 0x72, 0x02, 0xcb, 0xcf,
+    0xe7, 0x59, 0x7e, 0x33, 0xe1, 0xc8, 0x16, 0x5f, 0xb3, 0x9f, 0xcd, 0xc5,
+    0x95, 0x88, 0xc1, 0x34, 0xdf, 0xc3, 0x6e, 0x37, 0xf2, 0xab, 0xc4, 0xe6,
+    0x2c, 0xbf, 0x79, 0xa7, 0x40, 0x59, 0x51, 0x1e, 0x1f, 0xc7, 0x2e, 0xf3,
+    0x2c, 0xbd, 0x9c, 0xe2, 0xca, 0x88, 0xd9, 0x10, 0xb5, 0xff, 0x61, 0x7f,
+    0xcd, 0x25, 0x1a, 0xcb, 0xff, 0xfd, 0xec, 0x38, 0x72, 0x0d, 0x4f, 0x0b,
+    0x37, 0xb7, 0x84, 0xb2, 0xf7, 0xe7, 0xac, 0x44, 0xcf, 0xcd, 0xef, 0xff,
+    0x18, 0xfc, 0xfb, 0x79, 0xb0, 0xd6, 0xd2, 0xca, 0x59, 0x58, 0x88, 0x9f,
+    0x1a, 0x71, 0x2a, 0x86, 0xbd, 0x99, 0xd1, 0x0c, 0x47, 0x3a, 0x8c, 0xfc,
+    0xf0, 0xe5, 0x04, 0x7f, 0x65, 0x08, 0xce, 0x2a, 0x99, 0x1a, 0x1d, 0xfc,
+    0xd9, 0x19, 0xdb, 0xeb, 0x2f, 0xe2, 0xfc, 0x5b, 0x84, 0x05, 0x95, 0xa3,
+    0xde, 0x11, 0x6d, 0xfc, 0x53, 0x0d, 0x6a, 0x56, 0x5e, 0x9d, 0x01, 0x65,
+    0xf1, 0x4f, 0x60, 0xc3, 0xc8, 0xf1, 0x65, 0xff, 0xbf, 0xcc, 0xeb, 0xce,
+    0x5f, 0xe2, 0xcb, 0xcc, 0x40, 0x59, 0xb4, 0xdf, 0xd1, 0xd1, 0x49, 0xbd,
+    0xde, 0xee, 0x7d, 0x65, 0xff, 0x8e, 0xd8, 0x7f, 0xf0, 0x45, 0xf5, 0x97,
+    0xff, 0xf6, 0x85, 0xcf, 0x3c, 0x3a, 0xf3, 0x77, 0x09, 0x78, 0x2c, 0xa3,
+    0x51, 0x37, 0xf3, 0xeb, 0xff, 0xf1, 0x39, 0xff, 0xe7, 0x3e, 0x42, 0x41,
+    0xcc, 0x59, 0x52, 0x7e, 0xf8, 0x49, 0x52, 0x9b, 0x76, 0x12, 0xfa, 0x32,
+    0x9b, 0x46, 0xb2, 0xfe, 0xe4, 0x99, 0xfc, 0xe9, 0x65, 0xff, 0x66, 0xf7,
+    0xd3, 0xc1, 0xe0, 0xb2, 0xe9, 0x1f, 0x47, 0xf5, 0xd8, 0x97, 0x0b, 0xef,
+    0xe9, 0xf4, 0xfa, 0x63, 0x59, 0x7b, 0xf2, 0x35, 0x97, 0xfe, 0x67, 0xee,
+    0x1f, 0xe1, 0x31, 0xab, 0x2f, 0xec, 0xd9, 0x17, 0x9b, 0x4b, 0x2a, 0x07,
+    0xde, 0x19, 0xfd, 0x4a, 0x2b, 0xb2, 0x11, 0x75, 0x1a, 0x60, 0x30, 0x86,
+    0xdd, 0xb8, 0xb2, 0x96, 0x53, 0x97, 0x86, 0x08, 0xd4, 0x9f, 0x33, 0xa3,
+    0x5f, 0xec, 0x3b, 0x97, 0xf9, 0x2b, 0x2e, 0x03, 0x2c, 0xad, 0x1e, 0x39,
+    0x18, 0xd0, 0xd5, 0x15, 0xfa, 0x3a, 0x37, 0x67, 0xbf, 0x43, 0xc2, 0x9d,
+    0x2c, 0xbf, 0xd3, 0xbd, 0xb7, 0x90, 0xb8, 0xb2, 0xfe, 0x6e, 0x3f, 0x70,
+    0xc5, 0x97, 0x39, 0xf4, 0x7c, 0x7b, 0x26, 0xd7, 0x9b, 0x46, 0xac, 0xbf,
+    0xcd, 0x3f, 0x29, 0x3f, 0x16, 0x57, 0x69, 0x84, 0xfa, 0x11, 0x60, 0x30,
+    0x21, 0xdb, 0xf6, 0x08, 0xf3, 0xc5, 0x94, 0xb2, 0xec, 0x8b, 0x46, 0xcb,
+    0x84, 0xf7, 0xfc, 0xc2, 0x0b, 0xfa, 0x43, 0x28, 0xd6, 0x5f, 0xf4, 0xc7,
+    0x3d, 0xfc, 0xb2, 0x35, 0x97, 0xb7, 0x58, 0xc5, 0x95, 0x88, 0xc5, 0xe8,
+    0xb5, 0x8f, 0xb7, 0x4e, 0xaf, 0xfe, 0x0f, 0x8d, 0xc8, 0x98, 0x78, 0x40,
+    0x59, 0x7a, 0x04, 0xeb, 0x2f, 0x9f, 0xf9, 0x1a, 0xcb, 0xa7, 0xb5, 0x97,
+    0x14, 0xac, 0xb1, 0xe4, 0xfa, 0x7c, 0x36, 0x44, 0x5f, 0x17, 0xbf, 0xb2,
+    0x2f, 0x48, 0x64, 0xb2, 0xff, 0xf9, 0xf7, 0x03, 0x29, 0xf3, 0xb7, 0xe7,
+    0xfc, 0x59, 0x52, 0x7f, 0xe2, 0x2e, 0xa1, 0xa7, 0x1c, 0xf0, 0xae, 0x28,
+    0x5f, 0xdf, 0x74, 0xda, 0xc5, 0x97, 0xff, 0x16, 0x6e, 0x46, 0x2d, 0x43,
+    0x3b, 0xfa, 0xcb, 0xfb, 0x4d, 0xcc, 0xcd, 0x2c, 0xa8, 0x95, 0xeb, 0xea,
+    0x33, 0xaf, 0x47, 0x9a, 0x47, 0x3c, 0x22, 0xde, 0x93, 0x71, 0x46, 0xb2,
+    0xf7, 0xb2, 0x35, 0x96, 0xd9, 0x59, 0x58, 0x6c, 0x5c, 0x76, 0xf4, 0x1f,
+    0x4b, 0x2f, 0xe0, 0x1d, 0xe1, 0x83, 0x59, 0x78, 0x5e, 0xc5, 0x96, 0x12,
+    0xcb, 0xcc, 0xf0, 0x59, 0x7d, 0xe9, 0x2f, 0xac, 0xad, 0xa6, 0xf3, 0x83,
+    0x76, 0xce, 0x1f, 0x86, 0xf4, 0xdb, 0xec, 0xfe, 0x0d, 0x25, 0xff, 0x39,
+    0x1b, 0x84, 0xff, 0xe2, 0xcb, 0xe7, 0x34, 0x06, 0x2c, 0xa8, 0x1f, 0xe7,
+    0x88, 0x48, 0xde, 0xfa, 0x48, 0xa5, 0x65, 0x44, 0x9e, 0x3e, 0x87, 0x0e,
+    0x5a, 0x50, 0x8c, 0xfc, 0x29, 0x43, 0x2e, 0xbf, 0x9c, 0xc7, 0xfb, 0x9a,
+    0xb2, 0xf7, 0x0f, 0xa5, 0x97, 0x37, 0x4b, 0x28, 0x06, 0xd3, 0x83, 0xb5,
+    0x8a, 0xc5, 0x0d, 0x48, 0x68, 0xf9, 0xb4, 0xc7, 0xf6, 0x2b, 0xff, 0x6c,
+    0x78, 0x31, 0x7d, 0xbf, 0x3a, 0x59, 0x7e, 0x35, 0xb5, 0xb7, 0x16, 0x5f,
+    0x77, 0x0c, 0xf8, 0x54, 0xfb, 0x71, 0x0e, 0xfe, 0xfb, 0x6a, 0x44, 0x17,
+    0x59, 0x76, 0x9f, 0xc7, 0xdc, 0x19, 0xed, 0xef, 0x64, 0x6b, 0x2f, 0x42,
+    0x12, 0xb2, 0xf6, 0x7b, 0x36, 0x9b, 0x91, 0x0e, 0xd3, 0xa2, 0x68, 0x99,
+    0xef, 0xfe, 0xfb, 0x47, 0xfe, 0x0b, 0x73, 0xef, 0xe5, 0x97, 0xff, 0xc5,
+    0x9f, 0x6c, 0x2f, 0x67, 0xfc, 0xdd, 0x2c, 0xbf, 0xef, 0xb1, 0xf9, 0xe9,
+    0x0c, 0x96, 0x5e, 0x2c, 0xfa, 0xcb, 0xf9, 0xb9, 0xc9, 0xf4, 0xac, 0xa6,
+    0x3c, 0x72, 0x1b, 0xbf, 0xe9, 0x2e, 0x9f, 0xef, 0xd8, 0x36, 0xa3, 0xb7,
+    0xb4, 0xd6, 0x84, 0x05, 0xff, 0x4e, 0x77, 0x91, 0x98, 0xfd, 0xac, 0xbf,
+    0xe7, 0x33, 0x58, 0xde, 0x91, 0xac, 0xad, 0x1f, 0x99, 0x1d, 0xd4, 0x15,
+    0x17, 0x82, 0x33, 0x6f, 0xc3, 0x62, 0xfe, 0x10, 0x5d, 0xb5, 0xac, 0x59,
+    0x7f, 0xfe, 0xce, 0xe1, 0xf6, 0x8f, 0x35, 0xff, 0xb6, 0xa5, 0x65, 0xfe,
+    0xf6, 0x1a, 0xf2, 0xdb, 0x2b, 0x2f, 0xf6, 0x73, 0x37, 0x3d, 0x23, 0x59,
+    0x74, 0xc6, 0xb2, 0xf7, 0xa6, 0x25, 0x97, 0xfa, 0x58, 0xb2, 0x30, 0xe0,
+    0xb2, 0xdd, 0x8c, 0xf9, 0xf0, 0x5f, 0xc3, 0xb7, 0xe7, 0x88, 0x9a, 0x25,
+    0x95, 0xd2, 0x65, 0xde, 0x35, 0x14, 0x27, 0x37, 0x9a, 0xd6, 0x27, 0x95,
+    0xc8, 0xe1, 0x2f, 0xbe, 0x6e, 0x79, 0x65, 0xe2, 0x69, 0x59, 0x76, 0xa0,
+    0xb2, 0xff, 0xc5, 0x9f, 0xf8, 0xa3, 0xfe, 0x74, 0xb2, 0xfc, 0x31, 0x3e,
+    0xa0, 0xb2, 0xfe, 0x7e, 0xf9, 0x9d, 0xfd, 0x65, 0xd8, 0x62, 0xca, 0x01,
+    0xe3, 0x11, 0x7d, 0xf1, 0xf8, 0x19, 0xd6, 0x54, 0x9e, 0x2e, 0x10, 0xdb,
+    0x8b, 0x2c, 0x62, 0xcb, 0x98, 0x0b, 0x2f, 0x8c, 0x72, 0x82, 0xcb, 0x86,
+    0xcb, 0x2e, 0xf3, 0x2c, 0xbe, 0x87, 0x3d, 0x8b, 0x2f, 0x98, 0x41, 0x7c,
+    0x59, 0x6e, 0x6d, 0x45, 0x58, 0xc5, 0xba, 0x22, 0x88, 0x59, 0xc5, 0x80,
+    0x45, 0x4c, 0x98, 0xe8, 0xa1, 0x7b, 0x4e, 0x9a, 0xb0, 0x23, 0x2e, 0xb8,
+    0x12, 0xb2, 0xe0, 0x4a, 0xcb, 0xf0, 0xa1, 0x84, 0x11, 0x8d, 0x60, 0x05,
+    0xaf, 0xff, 0xfb, 0xd8, 0x2d, 0x1b, 0xdc, 0x3d, 0x84, 0x6f, 0x8a, 0x73,
+    0x4b, 0x2a, 0x55, 0xdc, 0x46, 0x46, 0x31, 0xa3, 0x45, 0xd9, 0x03, 0x50,
+    0xb3, 0x04, 0x6e, 0xc4, 0xab, 0xf3, 0xeb, 0xfb, 0x41, 0xff, 0x90, 0x0b,
+    0xac, 0xbf, 0xc2, 0xc8, 0xa4, 0xf0, 0x0b, 0xac, 0xbf, 0x60, 0xe6, 0x13,
+    0x87, 0xd8, 0x03, 0x4b, 0xff, 0xc4, 0xfd, 0xf0, 0xd3, 0x5f, 0x6f, 0x47,
+    0x02, 0xcb, 0xe9, 0xd4, 0xf9, 0x65, 0xd0, 0xed, 0x65, 0x62, 0x22, 0x5d,
+    0x43, 0x84, 0x37, 0xfe, 0xfc, 0x8f, 0xa6, 0x8f, 0x3b, 0xfa, 0xcb, 0xfe,
+    0xc6, 0xef, 0xfa, 0x9c, 0xed, 0x65, 0xff, 0xe2, 0x6e, 0xf9, 0x11, 0x64,
+    0x79, 0xdf, 0xd6, 0x5f, 0xfb, 0xd8, 0x70, 0xe4, 0x19, 0xdf, 0xd6, 0x56,
+    0x22, 0x33, 0xe9, 0x97, 0xfb, 0xbe, 0x9b, 0x41, 0xc8, 0xd6, 0x5f, 0x00,
+    0xef, 0x0d, 0xa9, 0xc6, 0x49, 0x71, 0x20, 0xf2, 0x18, 0xbf, 0x22, 0xb8,
+    0x5f, 0x59, 0x76, 0xcc, 0xac, 0xbf, 0x80, 0x70, 0xf8, 0x1c, 0x6b, 0x2f,
+    0xee, 0x31, 0x14, 0xf6, 0xb2, 0xec, 0xed, 0x65, 0x76, 0x7e, 0xbf, 0x32,
+    0xd9, 0x2c, 0xbf, 0xfc, 0x1c, 0x99, 0x31, 0x41, 0xcb, 0x3b, 0xfa, 0xcb,
+    0xda, 0x6d, 0x2c, 0xbf, 0xff, 0xf6, 0x7e, 0x5a, 0x0f, 0xce, 0x4e, 0xa6,
+    0x0d, 0xd1, 0x0b, 0x8b, 0x28, 0x08, 0x86, 0xe0, 0xe5, 0x4a, 0xa3, 0x48,
+    0x33, 0xe0, 0xbb, 0xc2, 0x3b, 0x86, 0x66, 0x43, 0x4a, 0xfe, 0x2c, 0xec,
+    0x0d, 0x05, 0x97, 0xf7, 0x39, 0x30, 0x9d, 0x2c, 0xbf, 0xed, 0x49, 0xda,
+    0x29, 0x7d, 0xc5, 0x95, 0x87, 0xd1, 0xd1, 0x6d, 0xe1, 0x77, 0xf5, 0x96,
+    0x75, 0x97, 0x45, 0xc5, 0x95, 0x1a, 0x3f, 0x4a, 0x12, 0xbc, 0x22, 0xf8,
+    0xf0, 0x62, 0x17, 0xff, 0xff, 0xe2, 0xce, 0xfe, 0x3c, 0xfc, 0x97, 0x59,
+    0xff, 0x37, 0x7f, 0x90, 0x19, 0x9e, 0x59, 0x76, 0x18, 0xb2, 0xff, 0x84,
+    0x5d, 0x7b, 0x23, 0xe3, 0x2c, 0xbf, 0xe9, 0xef, 0x01, 0x3b, 0xf2, 0x35,
+    0x97, 0xf1, 0x67, 0xf8, 0xe0, 0x59, 0x52, 0x99, 0xe6, 0xa1, 0x08, 0x71,
+    0x70, 0x1d, 0x70, 0xee, 0xff, 0xff, 0x9d, 0xbf, 0x06, 0x1e, 0x43, 0xd2,
+    0xda, 0x01, 0xde, 0x0b, 0x2f, 0xe8, 0xdb, 0x5d, 0xfa, 0x35, 0x95, 0xe4,
+    0x4a, 0x93, 0x25, 0xfd, 0xcd, 0x67, 0x53, 0x1a, 0xcb, 0xff, 0xdf, 0x68,
+    0xe3, 0x92, 0xcf, 0xb7, 0x66, 0x2c, 0xa8, 0xcf, 0xee, 0x05, 0xf7, 0xd3,
+    0xdf, 0xf7, 0x16, 0x54, 0x9e, 0x4c, 0x08, 0xef, 0xff, 0x7d, 0xf4, 0xe3,
+    0x92, 0x7d, 0x3c, 0x16, 0x5f, 0xf0, 0x5f, 0x53, 0xf6, 0xe9, 0x86, 0xb2,
+    0xff, 0x61, 0x47, 0x83, 0x7f, 0x2c, 0xa8, 0x91, 0xaf, 0xf2, 0x11, 0x23,
+    0x98, 0x7b, 0x70, 0x31, 0x65, 0xfd, 0x87, 0xc1, 0xb1, 0x8b, 0x2e, 0x3c,
+    0xac, 0xbf, 0xe9, 0x37, 0xbf, 0xea, 0x70, 0xc5, 0x97, 0xf6, 0xb4, 0xe5,
+    0x0e, 0x2c, 0xa8, 0x1f, 0x47, 0x0e, 0xe8, 0xe8, 0xcd, 0x72, 0xdf, 0xbf,
+    0x5d, 0xfe, 0x2c, 0xbf, 0xe7, 0x86, 0xd1, 0xb6, 0xf9, 0x1a, 0xcb, 0xf6,
+    0x45, 0xe6, 0xfa, 0xcb, 0xff, 0xf1, 0x39, 0xb1, 0x4e, 0x7e, 0x4f, 0x3e,
+    0x90, 0x2c, 0xbf, 0xff, 0x7c, 0xa7, 0x75, 0xb5, 0x9d, 0xc3, 0xf8, 0x5d,
+    0x2c, 0xbf, 0xff, 0x87, 0xe6, 0xd8, 0xc3, 0xfb, 0x70, 0xb3, 0x7b, 0x78,
+    0x4b, 0x2b, 0x13, 0x0e, 0x65, 0x41, 0x2c, 0x51, 0x26, 0xcb, 0xc8, 0xcd,
+    0xaf, 0xb3, 0x3d, 0xc5, 0x95, 0x2b, 0xa2, 0x19, 0x1d, 0xef, 0x67, 0xef,
+    0x0e, 0x30, 0xb9, 0x79, 0x0b, 0xfe, 0x3a, 0x1d, 0xd2, 0x9b, 0xc6, 0x18,
+    0x62, 0x4b, 0xf6, 0x1a, 0x42, 0xe2, 0x40, 0x86, 0x82, 0xf1, 0xdf, 0xeb,
+    0x2f, 0x82, 0x18, 0x61, 0x8b, 0x2e, 0xc0, 0x2c, 0xac, 0x37, 0xdf, 0x28,
+    0xbd, 0x20, 0xe2, 0xca, 0x94, 0x68, 0x1c, 0xeb, 0xeb, 0x41, 0x90, 0x5f,
+    0xff, 0x34, 0x1f, 0x87, 0x3b, 0xc1, 0xcd, 0xf3, 0x2c, 0xbf, 0x1d, 0xfe,
+    0x29, 0x59, 0x7f, 0xfb, 0x37, 0xb7, 0x85, 0xe6, 0xe1, 0x61, 0xd6, 0x54,
+    0x9f, 0x89, 0x13, 0xdf, 0x36, 0x81, 0xc5, 0x97, 0xfe, 0x10, 0x5f, 0x36,
+    0x4b, 0x0c, 0x70, 0x2c, 0xbf, 0xf4, 0x82, 0x61, 0x3a, 0xd6, 0x18, 0xb2,
+    0xff, 0xfa, 0x78, 0x3f, 0x31, 0x9e, 0x38, 0xbe, 0x29, 0x59, 0x7f, 0x8b,
+    0x0d, 0xda, 0xdb, 0xd9, 0x65, 0x46, 0x8c, 0x5e, 0x8f, 0xbe, 0xa3, 0x52,
+    0x99, 0xe3, 0x46, 0x15, 0x7f, 0xff, 0x7f, 0x8c, 0x5d, 0xc3, 0xd2, 0xc3,
+    0x9f, 0x4c, 0x16, 0x5f, 0xed, 0x48, 0xbe, 0x4d, 0xbd, 0x65, 0x32, 0x23,
+    0xb8, 0xb5, 0x7f, 0xe2, 0xce, 0x75, 0xe6, 0xea, 0x49, 0x65, 0xff, 0xfe,
+    0x34, 0xc7, 0xd1, 0xa1, 0x39, 0x90, 0x21, 0x3f, 0x30, 0x96, 0x5f, 0xfe,
+    0xff, 0x99, 0xc1, 0x85, 0xff, 0x64, 0x16, 0x5f, 0xfd, 0xe6, 0xd7, 0x9f,
+    0x59, 0xd3, 0xfd, 0x65, 0xff, 0xef, 0x37, 0x26, 0x10, 0x61, 0x93, 0xf9,
+    0x65, 0xf1, 0xce, 0xf0, 0xda, 0x8d, 0x4c, 0x48, 0x74, 0x4a, 0x94, 0xf7,
+    0xf0, 0x89, 0x8f, 0x85, 0x19, 0xc5, 0xfd, 0xa1, 0x75, 0xe6, 0xe2, 0xcb,
+    0xe3, 0x1c, 0xa0, 0xb2, 0xff, 0xbf, 0x3d, 0x81, 0xfd, 0xe6, 0x59, 0x6f,
+    0x2c, 0xac, 0x3c, 0xae, 0x8e, 0x6f, 0x69, 0xfa, 0x59, 0x7f, 0x46, 0xdd,
+    0x7a, 0x7e, 0xb2, 0xfa, 0x63, 0x21, 0x2c, 0xad, 0x1e, 0x8f, 0x8b, 0xef,
+    0xb8, 0xc7, 0x95, 0x97, 0xfe, 0x9c, 0x28, 0xf0, 0x9f, 0xbe, 0x2c, 0xbf,
+    0x16, 0x7e, 0x74, 0xb2, 0xf1, 0x86, 0x18, 0x92, 0xfc, 0xe6, 0xf9, 0xbe,
+    0x90, 0x21, 0xa0, 0xa9, 0x44, 0x03, 0x23, 0x5f, 0x1f, 0x93, 0xf5, 0x97,
+    0xb7, 0xc9, 0xd6, 0x5e, 0xfb, 0x18, 0xb2, 0xf7, 0x1f, 0x4b, 0x2b, 0xb3,
+    0x73, 0xf1, 0xdb, 0xa4, 0x6b, 0x2f, 0xf6, 0xb5, 0x31, 0x8f, 0x09, 0x65,
+    0x78, 0xf2, 0x5c, 0x5a, 0xa5, 0x30, 0x5c, 0x22, 0x65, 0x77, 0x6b, 0xbe,
+    0x06, 0x64, 0x4b, 0x2f, 0xb9, 0x85, 0xf5, 0x95, 0x87, 0x86, 0xe4, 0x57,
+    0xe0, 0xf8, 0xde, 0x12, 0xcb, 0xbc, 0x6a, 0xcb, 0x73, 0x6a, 0xb9, 0x41,
+    0x91, 0x63, 0x77, 0x64, 0x51, 0x10, 0xea, 0x17, 0xbe, 0x8c, 0x98, 0x9f,
+    0x78, 0x41, 0xbc, 0xa6, 0xf6, 0xce, 0x76, 0xb2, 0xd0, 0x1a, 0xe6, 0x16,
+    0x4e, 0x00, 0x34, 0x28, 0xab, 0x63, 0x5d, 0x35, 0x14, 0xe7, 0x8d, 0xfd,
+    0x27, 0x9f, 0x48, 0x16, 0x5e, 0x98, 0xc4, 0xb2, 0xc1, 0x7c, 0x3c, 0x9f,
+    0x16, 0x5f, 0xfc, 0xdf, 0x9d, 0x61, 0x7d, 0xdc, 0x96, 0x54, 0x19, 0x4e,
+    0x11, 0x10, 0x6a, 0x35, 0xef, 0x4a, 0x95, 0x29, 0xd7, 0x61, 0x3e, 0x6f,
+    0x2b, 0xbf, 0xfa, 0x70, 0xb0, 0x6f, 0x02, 0x98, 0xd6, 0x5f, 0x75, 0xa9,
+    0x82, 0xcb, 0xb7, 0xca, 0xcb, 0xff, 0x36, 0xba, 0xf3, 0x75, 0xe6, 0x25,
+    0x97, 0xff, 0xff, 0x9c, 0x81, 0xff, 0x61, 0xff, 0xcc, 0xdf, 0xe6, 0xeb,
+    0xcc, 0x18, 0xa3, 0x59, 0x51, 0xa2, 0xec, 0x07, 0xf5, 0x28, 0xf7, 0xc8,
+    0x69, 0xdf, 0xf6, 0x6e, 0x49, 0xfb, 0x86, 0x7d, 0x65, 0x63, 0x35, 0xb1,
+    0xa9, 0x66, 0x1a, 0x7f, 0x74, 0x12, 0x8c, 0x6b, 0x84, 0xd7, 0xf7, 0x50,
+    0xce, 0x7d, 0x96, 0x5e, 0x29, 0xde, 0xb2, 0xff, 0xed, 0x4f, 0x5e, 0x27,
+    0xf9, 0x49, 0x8b, 0x2e, 0x0b, 0xb2, 0xca, 0x59, 0x6f, 0x2c, 0xa8, 0x17,
+    0x8c, 0x17, 0x51, 0x9e, 0xae, 0x8d, 0xaa, 0x51, 0x78, 0xf0, 0x99, 0xbd,
+    0x13, 0xc6, 0xb2, 0xf7, 0x05, 0xb8, 0xb2, 0xb0, 0xdf, 0x7c, 0x7a, 0xf8,
+    0x51, 0x8a, 0x35, 0x97, 0xe8, 0x13, 0x4f, 0x6b, 0x2d, 0x3a, 0x3c, 0xc2,
+    0x25, 0xa9, 0x77, 0x1e, 0x51, 0xc3, 0xf6, 0x12, 0x9f, 0x07, 0x2b, 0x6b,
+    0x27, 0x45, 0xcd, 0x96, 0xf7, 0xd4, 0x78, 0xdd, 0xca, 0x50, 0x63, 0xd8,
+    0xa3, 0xfb, 0xd4, 0xbe, 0x13, 0xc3, 0xdb, 0xd3, 0x90, 0xaf, 0x1a, 0xf0,
+    0x23, 0x8c, 0x29, 0xdf, 0x4e, 0x46, 0xf3, 0xfa, 0x6d, 0x48, 0x99, 0xb7,
+    0x97, 0x6c, 0xc3, 0x64, 0x36, 0x4d, 0xd6, 0xcb, 0xf3, 0x45, 0x06, 0x25,
+    0x97, 0x6c, 0x4c, 0xb2, 0xfb, 0xad, 0x37, 0x4b, 0x2f, 0xfa, 0x2f, 0xee,
+    0xf2, 0x62, 0x16, 0x96, 0x5f, 0xe1, 0xc9, 0x1e, 0x47, 0x2b, 0x2a, 0x4f,
+    0xc1, 0xcf, 0xef, 0xfb, 0xd3, 0x1e, 0xa6, 0x0f, 0xa5, 0x97, 0xff, 0xbd,
+    0x3e, 0x2c, 0x34, 0x78, 0x53, 0xb8, 0xb2, 0xfc, 0x46, 0x87, 0x20, 0x59,
+    0x7f, 0xc0, 0xd4, 0x8b, 0xe4, 0xdb, 0xd6, 0x5f, 0xf3, 0xf7, 0xff, 0x4f,
+    0x59, 0x12, 0xca, 0xc3, 0xf5, 0x23, 0xab, 0xf3, 0x0f, 0xcc, 0x6a, 0xcb,
+    0xc1, 0xb9, 0x2c, 0xa1, 0xa6, 0x9b, 0x89, 0x65, 0x09, 0xef, 0x90, 0x6e,
+    0x94, 0x5f, 0xa4, 0x98, 0xf8, 0xb2, 0xf8, 0xcf, 0xe6, 0xe2, 0xca, 0x8c,
+    0xf2, 0xfb, 0x25, 0xbf, 0xff, 0x13, 0x99, 0xa6, 0x9f, 0x07, 0xf6, 0xf4,
+    0xef, 0x59, 0x7f, 0xe6, 0xf4, 0x8f, 0xc2, 0x9e, 0xf8, 0xb2, 0xf1, 0x16,
+    0x2c, 0xac, 0x3d, 0x97, 0x3f, 0xbc, 0x33, 0x40, 0xb2, 0xfc, 0x7d, 0x69,
+    0xfe, 0xb2, 0xf6, 0xdd, 0xde, 0x96, 0x5d, 0x9f, 0x59, 0x51, 0x9b, 0x9f,
+    0x11, 0xdf, 0xf8, 0xe3, 0x92, 0xcd, 0xe5, 0x9c, 0x59, 0x7b, 0xc4, 0x75,
+    0x95, 0xb5, 0x1f, 0x72, 0x3d, 0x8c, 0x2c, 0x44, 0xe7, 0xd7, 0xff, 0x44,
+    0xfd, 0x7a, 0x61, 0xf2, 0xc3, 0xac, 0xbf, 0xb5, 0x84, 0x4f, 0x1a, 0xcb,
+    0xff, 0x07, 0x27, 0xcd, 0x1d, 0xc8, 0xd5, 0x95, 0xd2, 0x2c, 0x19, 0x17,
+    0xe5, 0x97, 0xfe, 0x33, 0xb8, 0x73, 0x6e, 0x7b, 0x09, 0x65, 0xff, 0x4f,
+    0x7c, 0xd3, 0x6f, 0xc1, 0xac, 0xbf, 0xfe, 0x2c, 0xe7, 0xcd, 0x92, 0x86,
+    0x79, 0x8e, 0xb2, 0xa2, 0x44, 0x4e, 0xf3, 0xba, 0x94, 0x78, 0xe4, 0x32,
+    0xef, 0xec, 0x8c, 0xd3, 0x44, 0x4b, 0x2f, 0xff, 0x1f, 0xb8, 0x73, 0x6e,
+    0x11, 0x63, 0x01, 0x65, 0xfc, 0xfa, 0x14, 0xf7, 0x05, 0x95, 0x28, 0xa9,
+    0x63, 0x07, 0x4b, 0xbf, 0xfa, 0x46, 0x7c, 0xea, 0x79, 0xec, 0x3a, 0xcb,
+    0xf3, 0xe0, 0xdb, 0x7a, 0xca, 0xd1, 0xf6, 0x1d, 0x12, 0xf3, 0x78, 0x4b,
+    0x2f, 0xbe, 0xde, 0x12, 0xcb, 0xfb, 0x35, 0xdc, 0x3f, 0x2b, 0x2d, 0xb8,
+    0x16, 0xcf, 0x40, 0x32, 0x2b, 0xf1, 0x99, 0xd4, 0x81, 0x65, 0xf7, 0x5e,
+    0xcd, 0x2c, 0xa9, 0x3f, 0xe6, 0x32, 0xdd, 0x29, 0xad, 0xac, 0x9c, 0x40,
+    0xa1, 0x3c, 0x8d, 0xc2, 0x12, 0x83, 0x20, 0xc8, 0xe1, 0x9a, 0x13, 0x91,
+    0x12, 0x6a, 0x16, 0x1e, 0x8c, 0x6d, 0xe1, 0xf0, 0x51, 0x90, 0xfe, 0x19,
+    0xe2, 0x84, 0xce, 0xf2, 0x2d, 0xd8, 0x75, 0x58, 0x20, 0x52, 0x72, 0x3a,
+    0x83, 0x62, 0x95, 0x1c, 0x15, 0x95, 0x0d, 0xb0, 0x4a, 0x81, 0xd8, 0xe5,
+    0x14, 0xec, 0x29, 0x4b, 0x81, 0x64, 0xa1, 0x30, 0xb7, 0x18, 0x5e, 0xc3,
+    0x8c, 0xa8, 0x2d, 0x46, 0x01, 0x36, 0xca, 0x6a, 0x3a, 0x6b, 0xec, 0x2b,
+    0x81, 0x31, 0xda, 0xa9, 0xbc, 0xc4, 0xa1, 0x31, 0xb4, 0x89, 0xee, 0xad,
+    0x4b, 0xaf, 0x75, 0xd3, 0x4b, 0x57, 0xe2, 0x3b, 0x92, 0xbd, 0xe2, 0xb4,
+    0xcf, 0xda, 0xb5, 0xe0, 0xa7, 0xaf, 0xb4, 0xbd, 0x79, 0x6a, 0x8f, 0x78,
+    0x14, 0x40, 0xaf, 0x05, 0x82, 0xf2, 0x9c, 0xca, 0xf1, 0xbd, 0xf9, 0x8b,
+    0x44, 0x3f, 0xde, 0xe4, 0xb0, 0xa9, 0x9a, 0xbb, 0xe7, 0xf4, 0x4c, 0xa4,
+    0xf9, 0x6c, 0xd6, 0x8f, 0xc1, 0xde, 0x0c, 0x26, 0xed, 0x2d, 0xe2, 0x82,
+    0x4e, 0x49, 0xec, 0x43, 0x72, 0x41, 0x6e, 0xf1, 0xf3, 0xeb, 0x2f, 0xf3,
+    0x9e, 0x7e, 0xdc, 0x65, 0x97, 0xec, 0xd0, 0x7f, 0xe2, 0xcb, 0xbd, 0x2b,
+    0x2c, 0x10, 0x08, 0x8c, 0x21, 0xce, 0x18, 0x86, 0x53, 0x7d, 0xd1, 0x4e,
+    0x2c, 0xbf, 0x6b, 0xa7, 0x7e, 0x95, 0x17, 0x1a, 0xc1, 0x24, 0xf5, 0xf0,
+    0x86, 0xff, 0x04, 0xcd, 0x74, 0xef, 0xd2, 0xa2, 0xeb, 0x5f, 0xfc, 0x11,
+    0xe0, 0x13, 0x35, 0xd3, 0xbf, 0x4a, 0x89, 0x45, 0x53, 0x39, 0x3e, 0xdf,
+    0x19, 0xbc, 0x21, 0xa6, 0x32, 0xa3, 0x61, 0x93, 0xd1, 0x4b, 0x4e, 0xdc,
+    0xee, 0x46, 0x66, 0xfb, 0x92, 0x86, 0x80, 0x86, 0x67, 0x21, 0x39, 0xf2,
+    0x8d, 0xd4, 0x3b, 0xff, 0xc1, 0x0e, 0xf0, 0x09, 0x9a, 0xe9, 0xdf, 0xa5,
+    0x44, 0xb4, 0xbf, 0xf0, 0x54, 0x2b, 0xad, 0x3c, 0xc3, 0xfb, 0xab, 0x2f,
+    0xf8, 0x2d, 0x79, 0xb7, 0x1e, 0x7b, 0xdd, 0x59, 0x7f, 0xfc, 0x67, 0x5b,
+    0x10, 0x54, 0x01, 0x7d, 0x6c, 0x1b, 0x76, 0xfb, 0x65, 0x65, 0xff, 0xff,
+    0xb7, 0x7f, 0xb1, 0x8c, 0xfb, 0x19, 0x30, 0x5b, 0xf8, 0x5f, 0x5b, 0x06,
+    0xdd, 0xbe, 0xd9, 0x59, 0x5e, 0x4c, 0x00, 0xc6, 0xeb, 0xf0, 0x5e, 0x1b,
+    0x18, 0x71, 0xac, 0xbd, 0xb8, 0x76, 0x59, 0x7f, 0xd8, 0x43, 0xf4, 0xe9,
+    0xc9, 0x65, 0x49, 0xea, 0xe0, 0xfd, 0xe7, 0x7e, 0x95, 0x11, 0xba, 0xfd,
+    0xdc, 0x45, 0x23, 0x59, 0x5d, 0x1e, 0x93, 0x94, 0xdf, 0x87, 0xe9, 0xcd,
+    0x2c, 0xad, 0x1e, 0x49, 0x11, 0x5f, 0xed, 0x30, 0x5f, 0xaf, 0x49, 0x8b,
+    0x2f, 0x0b, 0x64, 0xc5, 0x97, 0xda, 0x14, 0x81, 0x65, 0x31, 0xfe, 0x44,
+    0x72, 0x19, 0x0d, 0xff, 0xff, 0xf6, 0xf2, 0xce, 0x70, 0x73, 0x9a, 0xe9,
+    0xdf, 0xa0, 0x90, 0x6f, 0xcf, 0xf8, 0xa8, 0xc3, 0xd6, 0xf4, 0xa2, 0xf9,
+    0x8c, 0x2f, 0xee, 0x04, 0x33, 0x9b, 0x81, 0xac, 0xbf, 0x34, 0x7e, 0x6d,
+    0x95, 0x97, 0xec, 0xe3, 0xea, 0x0b, 0x2b, 0x70, 0xf4, 0xb4, 0x57, 0x7e,
+    0xdd, 0x09, 0xa0, 0xb9, 0x8b, 0x2f, 0x86, 0x58, 0x05, 0x97, 0xd2, 0x61,
+    0xc6, 0xb2, 0xfb, 0xaf, 0x49, 0x8b, 0x2f, 0x7a, 0x4d, 0x59, 0x58, 0x88,
+    0x5d, 0x10, 0x85, 0xc8, 0xc3, 0x24, 0xbf, 0xf3, 0xc0, 0x26, 0x6b, 0xa7,
+    0x7e, 0x95, 0x12, 0xfa, 0xd8, 0xb2, 0xf7, 0x9f, 0xeb, 0x2d, 0xfe, 0x1a,
+    0xc0, 0xc4, 0x2f, 0xe2, 0x69, 0x30, 0x5b, 0x8b, 0x2f, 0xe0, 0xdb, 0xbd,
+    0xdd, 0x18, 0xb2, 0xa5, 0x11, 0x98, 0x50, 0xc6, 0x17, 0xf4, 0xb6, 0xe6,
+    0x77, 0x05, 0x97, 0xed, 0x1b, 0xe1, 0x71, 0x65, 0x78, 0xf6, 0x83, 0x30,
+    0xbd, 0x3a, 0x95, 0x95, 0x86, 0xf9, 0x88, 0xee, 0x7f, 0x2c, 0xbe, 0x00,
+    0xf9, 0x2b, 0x2f, 0x9f, 0x51, 0xc6, 0xb2, 0xd8, 0x47, 0x8d, 0xbc, 0x8a,
+    0xa0, 0x88, 0x4e, 0x2e, 0x5e, 0x04, 0x98, 0xb2, 0xff, 0x63, 0x6a, 0x1e,
+    0x63, 0x16, 0x56, 0xe1, 0xe8, 0x78, 0x76, 0xe6, 0x0d, 0x65, 0xe8, 0xc3,
+    0x82, 0xcb, 0x6e, 0xc4, 0x6d, 0x9c, 0x5e, 0xf8, 0x5e, 0x6d, 0x2c, 0xbe,
+    0xe7, 0xa7, 0xcb, 0x2f, 0xf4, 0xc7, 0x25, 0x1e, 0x6e, 0xac, 0xbb, 0x9a,
+    0x59, 0x52, 0x7d, 0xf1, 0x91, 0x44, 0x6d, 0x60, 0x81, 0x56, 0x52, 0x38,
+    0x5b, 0x4a, 0x98, 0xd1, 0x63, 0x25, 0x1c, 0x22, 0x72, 0x17, 0x7d, 0x46,
+    0xb7, 0xd9, 0x3b, 0x42, 0x23, 0x70, 0x97, 0x50, 0xb8, 0x3a, 0x0f, 0xa3,
+    0x06, 0x28, 0x62, 0xf2, 0x14, 0x7f, 0x73, 0x12, 0xde, 0xc9, 0x50, 0x70,
+    0x91, 0xbf, 0xff, 0x14, 0xf4, 0x13, 0xfd, 0xf4, 0xdc, 0x2c, 0xde, 0xeb,
+    0x2f, 0xfe, 0x87, 0xda, 0x20, 0x83, 0x6d, 0xf2, 0x35, 0x97, 0xe3, 0x02,
+    0x31, 0xb1, 0xac, 0xa1, 0xa3, 0x43, 0xb5, 0xa6, 0x49, 0xbf, 0x6b, 0xa7,
+    0x7e, 0x95, 0x15, 0x5a, 0xfd, 0x9c, 0xf4, 0xf6, 0xb2, 0xc1, 0x30, 0xf7,
+    0xbc, 0x6d, 0x7e, 0x0a, 0x8f, 0x4f, 0xd2, 0xcb, 0xe1, 0x6e, 0x8e, 0x56,
+    0x58, 0x28, 0xb2, 0xbc, 0x6e, 0xb6, 0x49, 0x6e, 0x6d, 0xd5, 0x97, 0x66,
+    0x96, 0x5e, 0xce, 0xfe, 0xb2, 0xf9, 0x8e, 0xfb, 0xd6, 0x51, 0xa7, 0xde,
+    0xe3, 0x20, 0x16, 0xf8, 0xed, 0xe2, 0xdd, 0x31, 0x65, 0xfd, 0xe9, 0xde,
+    0x21, 0xe2, 0xcb, 0xf9, 0xfd, 0x11, 0x48, 0xd6, 0x5f, 0xff, 0x7c, 0x07,
+    0x10, 0xf3, 0x3e, 0x03, 0x8b, 0xb5, 0x97, 0xff, 0x7f, 0xd3, 0xc2, 0x71,
+    0x05, 0xdb, 0x4b, 0x2f, 0x4c, 0x31, 0x65, 0xfc, 0xc2, 0xe8, 0xa6, 0x25,
+    0x97, 0xb8, 0x1b, 0xac, 0xa8, 0x26, 0xb6, 0x32, 0xfc, 0x2d, 0xed, 0x4a,
+    0x24, 0x7f, 0x0d, 0xfc, 0xba, 0xff, 0x8d, 0xc2, 0xce, 0xfe, 0xe7, 0x59,
+    0x6d, 0xd5, 0x96, 0x31, 0x65, 0x76, 0x69, 0xbe, 0x29, 0x7b, 0x76, 0x7e,
+    0xb2, 0xfe, 0x93, 0x87, 0x25, 0xd2, 0xcb, 0xa7, 0x4b, 0x2b, 0x47, 0x89,
+    0xc2, 0xeb, 0xf6, 0x1c, 0xed, 0x12, 0xcb, 0x9f, 0xb5, 0x97, 0x83, 0x90,
+    0x2c, 0xae, 0xcd, 0xa7, 0xc5, 0xef, 0xa2, 0x21, 0x74, 0xb2, 0xfe, 0xc3,
+    0xc4, 0xef, 0x1a, 0xcb, 0xf7, 0x1b, 0xcc, 0x6a, 0xcb, 0x9f, 0xb5, 0x94,
+    0x46, 0xff, 0xe5, 0x17, 0xff, 0xd0, 0xf3, 0xc0, 0xd7, 0xe6, 0x0b, 0x9c,
+    0x65, 0x94, 0xb2, 0xb0, 0xf6, 0xf7, 0x54, 0x2a, 0x53, 0x30, 0x62, 0x47,
+    0x6d, 0x27, 0xbb, 0x86, 0xcb, 0x2f, 0xf8, 0xa6, 0x1f, 0x63, 0x8e, 0x56,
+    0x5f, 0xb5, 0xd3, 0xbf, 0x4a, 0x89, 0x01, 0x7d, 0xac, 0x2f, 0xac, 0xbe,
+    0x18, 0x50, 0x2c, 0xd8, 0x16, 0x5f, 0xff, 0xbd, 0x87, 0xfb, 0x08, 0xa1,
+    0x84, 0xd1, 0xf1, 0x65, 0x0d, 0x31, 0x3c, 0x37, 0xd1, 0xb7, 0x08, 0x7e,
+    0x63, 0x5b, 0x53, 0x73, 0x09, 0x19, 0x4d, 0xfb, 0x8e, 0x4f, 0xda, 0xcb,
+    0xfe, 0xfb, 0x71, 0x84, 0x17, 0x1c, 0xac, 0xbb, 0x09, 0x65, 0xc2, 0x95,
+    0x95, 0x04, 0x5e, 0x76, 0x5c, 0xc4, 0xfb, 0x87, 0x9a, 0x15, 0xbf, 0xa7,
+    0x51, 0xce, 0xa3, 0x59, 0x7c, 0xc7, 0x9e, 0x2c, 0xa8, 0x1e, 0x81, 0xa5,
+    0xf7, 0xfb, 0x51, 0x9e, 0x4a, 0x1c, 0x59, 0x52, 0x7a, 0xf8, 0x47, 0x7f,
+    0xfc, 0x76, 0x20, 0x07, 0xf6, 0x21, 0x43, 0x38, 0xb2, 0xff, 0xe6, 0x93,
+    0xb8, 0xc3, 0xdd, 0x92, 0x82, 0xcb, 0xff, 0xfe, 0x6f, 0x96, 0x6f, 0x2c,
+    0xe4, 0x78, 0x66, 0xc8, 0xbc, 0xda, 0x59, 0x58, 0x98, 0x07, 0x93, 0xc0,
+    0x8d, 0x7e, 0x03, 0x80, 0x8e, 0xb2, 0xf4, 0x6e, 0x35, 0x97, 0xf3, 0x6f,
+    0x6f, 0xc5, 0x2b, 0x2a, 0x4f, 0xcf, 0x09, 0xf8, 0x3b, 0x7f, 0x07, 0xb1,
+    0xe9, 0xa4, 0xeb, 0x2e, 0xe4, 0x16, 0x53, 0x9e, 0x57, 0x0c, 0xef, 0xff,
+    0xe9, 0xeb, 0xed, 0xad, 0x60, 0x39, 0xf7, 0xf3, 0x8d, 0x65, 0xc1, 0x5f,
+    0x2c, 0xbf, 0xfa, 0x2f, 0x39, 0xff, 0xe9, 0xf8, 0x8e, 0xb2, 0xff, 0xec,
+    0x1c, 0xc2, 0x70, 0x72, 0x5f, 0x59, 0x58, 0x88, 0x73, 0xa3, 0x5e, 0xdd,
+    0x9f, 0xac, 0xad, 0x8d, 0x99, 0x83, 0x2c, 0xf1, 0xc2, 0x4c, 0x67, 0x99,
+    0x1b, 0xd9, 0xac, 0xdd, 0xaf, 0xee, 0x11, 0x44, 0xc7, 0xa2, 0x23, 0xae,
+    0x7a, 0x35, 0x27, 0x94, 0xd2, 0x50, 0xf4, 0xe4, 0x64, 0x1f, 0x85, 0x18,
+    0x9d, 0xf7, 0x90, 0xec, 0xad, 0x87, 0x0a, 0x2d, 0xd2, 0x2b, 0xff, 0x42,
+    0x70, 0x1e, 0xcc, 0x2e, 0x96, 0x5f, 0xa4, 0x8b, 0x3e, 0xb2, 0xfb, 0x5a,
+    0x6e, 0x96, 0x5f, 0x16, 0x46, 0x13, 0x11, 0x0b, 0xb2, 0x7a, 0x19, 0x2d,
+    0xff, 0x64, 0x50, 0x7d, 0x47, 0xe1, 0x2c, 0xbe, 0x36, 0x1e, 0xc5, 0x97,
+    0xd0, 0x14, 0x86, 0xb2, 0xc1, 0x06, 0x88, 0x1e, 0x1d, 0x86, 0x47, 0x7f,
+    0x82, 0x79, 0xcf, 0x92, 0x35, 0x94, 0x11, 0x58, 0xde, 0xa3, 0xe1, 0x32,
+    0x19, 0xbb, 0x27, 0x37, 0xf8, 0x26, 0x6b, 0xa7, 0x7e, 0x95, 0x16, 0x42,
+    0xff, 0xff, 0x79, 0xf4, 0x13, 0xcf, 0xf2, 0x14, 0x7c, 0xc3, 0xce, 0xe2,
+    0xcb, 0xf9, 0xb7, 0x84, 0xe4, 0xf6, 0xb2, 0xff, 0xff, 0x08, 0x78, 0x10,
+    0x3c, 0xf1, 0x09, 0xf7, 0x30, 0xd9, 0xe2, 0xcb, 0xff, 0xf7, 0x4d, 0xcc,
+    0x1e, 0x14, 0x99, 0xf3, 0x5f, 0x8b, 0x2f, 0xfb, 0xcc, 0xe0, 0xc1, 0x6a,
+    0x35, 0x97, 0xef, 0x09, 0xcd, 0x09, 0xe4, 0x47, 0xfd, 0x5a, 0xd3, 0x04,
+    0xce, 0x07, 0x0f, 0x5a, 0xe2, 0x73, 0x1f, 0x8d, 0xaa, 0x86, 0xa8, 0xa1,
+    0xa3, 0xfe, 0xbf, 0xc1, 0x33, 0x5d, 0x3b, 0xf4, 0xa8, 0xb5, 0xd7, 0xe8,
+    0xbe, 0x39, 0x25, 0x97, 0xf8, 0xb2, 0x3d, 0x69, 0x8c, 0x59, 0x7d, 0xe6,
+    0x98, 0x96, 0x5f, 0xb0, 0x39, 0x8c, 0x26, 0x1f, 0xf7, 0x45, 0x1b, 0xa6,
+    0x97, 0xf8, 0x26, 0x6b, 0xa7, 0x7e, 0x95, 0x17, 0x22, 0xfd, 0xae, 0x9d,
+    0xfa, 0x54, 0x5d, 0x8b, 0xff, 0x3c, 0x02, 0x66, 0xba, 0x77, 0xe9, 0x51,
+    0x47, 0x2c, 0x13, 0x11, 0x08, 0x73, 0x6b, 0xe2, 0x98, 0x1d, 0x65, 0xfa,
+    0x0c, 0x40, 0x65, 0x97, 0xfe, 0xd8, 0xc2, 0xa7, 0x9d, 0x43, 0x1b, 0x7a,
+    0xcb, 0x41, 0x65, 0xfb, 0x5d, 0x3b, 0xf4, 0xa8, 0xa5, 0x57, 0xfd, 0xd7,
+    0x9a, 0x2f, 0x4c, 0x78, 0xb2, 0xff, 0xf7, 0xa6, 0x39, 0xf3, 0x6f, 0x71,
+    0xf9, 0x96, 0x04, 0x37, 0x77, 0x40, 0x26, 0x23, 0x3a, 0x27, 0x1a, 0xed,
+    0x31, 0x07, 0x86, 0xfd, 0xff, 0x9d, 0xbf, 0x01, 0x0d, 0xc8, 0x0b, 0x2e,
+    0xf0, 0x96, 0x58, 0x20, 0xd5, 0x0e, 0xe1, 0x0f, 0x64, 0xc7, 0x8d, 0x67,
+    0xc5, 0x3c, 0x3d, 0xbf, 0xff, 0xf9, 0xff, 0x80, 0x98, 0x04, 0x0c, 0xf8,
+    0x39, 0x84, 0x8d, 0xdc, 0xd5, 0x95, 0x1b, 0xa5, 0x37, 0x85, 0x2a, 0x8f,
+    0x25, 0x10, 0xf7, 0x08, 0xe6, 0xac, 0x01, 0x4e, 0xa0, 0xf2, 0x9a, 0xc0,
+    0x54, 0x50, 0xc1, 0xe2, 0x97, 0xe1, 0x8f, 0xbe, 0x52, 0x39, 0x8c, 0xf7,
+    0xfd, 0x00, 0x99, 0xae, 0x9d, 0xfa, 0x54, 0x47, 0x0b, 0xfe, 0x60, 0x99,
+    0xae, 0x9d, 0xfa, 0x54, 0x56, 0xab, 0x04, 0x74, 0x48, 0xfd, 0x26, 0xff,
+    0xf0, 0x43, 0xbc, 0x02, 0x66, 0xba, 0x77, 0xe9, 0x51, 0x2d, 0xad, 0xd2,
+    0xcb, 0xc2, 0xd0, 0x16, 0x5d, 0x9d, 0xac, 0xbf, 0x1c, 0xf2, 0xdc, 0x59,
+    0x7f, 0x4e, 0x80, 0xfd, 0xf1, 0x65, 0x87, 0x87, 0xab, 0xe2, 0x7b, 0xf7,
+    0xe7, 0xc1, 0xf1, 0x65, 0xed, 0xe2, 0x82, 0xca, 0x0a, 0xa6, 0x15, 0xd0,
+    0x97, 0x63, 0xac, 0xd8, 0x44, 0xfb, 0xca, 0x6e, 0x1c, 0x16, 0x5f, 0xff,
+    0x61, 0x99, 0x1f, 0xff, 0x86, 0x3f, 0xdc, 0xd5, 0x95, 0xe3, 0xe9, 0x21,
+    0x7b, 0xf3, 0x6e, 0x8e, 0x7b, 0x59, 0x7f, 0xd9, 0xd9, 0x60, 0x00, 0xf0,
+    0x59, 0x71, 0xfa, 0x59, 0x7f, 0x37, 0x7c, 0x1e, 0x12, 0xcb, 0xfb, 0xbc,
+    0x84, 0xe8, 0x0b, 0x2b, 0x0f, 0x6d, 0xcb, 0x6f, 0xff, 0xa4, 0xa3, 0xe0,
+    0x9d, 0xa1, 0xcf, 0x3c, 0x16, 0x54, 0xa6, 0x35, 0x03, 0x8d, 0x39, 0xf8,
+    0x82, 0xf3, 0xf8, 0x35, 0x97, 0xc5, 0x3d, 0xc1, 0x65, 0xff, 0x98, 0xbf,
+    0xc1, 0x89, 0xf5, 0x05, 0x97, 0xdd, 0x3e, 0x80, 0xb2, 0xfd, 0x27, 0xce,
+    0xfe, 0xb2, 0xd1, 0xc9, 0xe5, 0x91, 0x1d, 0xff, 0xb5, 0xe7, 0xc2, 0x14,
+    0x33, 0x8b, 0x2f, 0xff, 0xbb, 0x00, 0xfc, 0xf0, 0xce, 0x10, 0x9c, 0x35,
+    0x94, 0xc8, 0x8e, 0x73, 0xdb, 0xe0, 0x66, 0xa2, 0x59, 0x7e, 0x6f, 0x48,
+    0x71, 0x2c, 0xbd, 0xf9, 0x3a, 0xca, 0x1a, 0xa0, 0x6e, 0x87, 0x62, 0x22,
+    0xd4, 0x22, 0x7d, 0x0b, 0x50, 0x10, 0xfc, 0x8f, 0x74, 0xa6, 0xff, 0xe3,
+    0x64, 0xbf, 0x9a, 0x68, 0xdc, 0xeb, 0x2f, 0x9e, 0x06, 0xb2, 0xca, 0x59,
+    0xe3, 0x45, 0x7f, 0xb6, 0xce, 0x79, 0x85, 0xd2, 0xca, 0x34, 0xf4, 0x00,
+    0x37, 0x7f, 0x36, 0x89, 0xbf, 0xc5, 0x97, 0xed, 0x39, 0x64, 0xac, 0xa5,
+    0x44, 0x36, 0x63, 0xf4, 0xf1, 0x1b, 0x96, 0x5d, 0x24, 0xb2, 0xf6, 0x30,
+    0xd6, 0x5e, 0x1e, 0x1d, 0x65, 0xcc, 0x43, 0x36, 0xec, 0x37, 0x7f, 0xe2,
+    0x9c, 0xeb, 0xcd, 0xbd, 0xf4, 0xb2, 0xa5, 0x16, 0xb0, 0x4c, 0xf9, 0x55,
+    0xe1, 0x49, 0xd6, 0x5f, 0xd0, 0x29, 0xff, 0xa5, 0x65, 0x70, 0xf2, 0x3e,
+    0x39, 0x7e, 0xf3, 0x6a, 0x46, 0xb2, 0xff, 0x0b, 0x72, 0x2f, 0x08, 0xbe,
+    0xb2, 0xff, 0xcf, 0x18, 0x65, 0x9c, 0x21, 0x79, 0x65, 0x74, 0x89, 0xef,
+    0x13, 0xb9, 0xc5, 0xff, 0x34, 0x1f, 0x87, 0x9c, 0xfa, 0xcb, 0xd1, 0x43,
+    0x16, 0x5f, 0xe9, 0x8e, 0x0d, 0xd4, 0x9d, 0x65, 0x4a, 0x22, 0x30, 0xdf,
+    0x43, 0xb7, 0x3c, 0x16, 0x5f, 0xf4, 0x02, 0x66, 0xba, 0x77, 0xe9, 0x51,
+    0x30, 0x2a, 0x4f, 0x7d, 0xc5, 0xaf, 0xc2, 0x7f, 0xb7, 0xd6, 0x5c, 0x17,
+    0x65, 0x97, 0xfa, 0x37, 0xf8, 0x03, 0x28, 0x2c, 0xb4, 0xac, 0xba, 0x36,
+    0x59, 0x58, 0x69, 0xc8, 0x42, 0xee, 0x4a, 0xca, 0x94, 0x69, 0x40, 0x9d,
+    0x86, 0x9d, 0x70, 0x43, 0xf7, 0x8c, 0x60, 0x2c, 0xbb, 0x67, 0x16, 0x5f,
+    0x71, 0xc8, 0x0b, 0x2f, 0x14, 0xc6, 0xb2, 0xa2, 0x3f, 0x3f, 0x0e, 0x80,
+    0x64, 0x2e, 0x43, 0x7f, 0x9f, 0xbd, 0x48, 0x6e, 0x4b, 0x2f, 0xf0, 0xbb,
+    0xd3, 0x49, 0xf1, 0x65, 0xfb, 0xcd, 0x25, 0x1a, 0xcb, 0xfe, 0x98, 0xfe,
+    0x52, 0x2f, 0xf1, 0x65, 0x79, 0x12, 0x7c, 0x33, 0xd9, 0x27, 0xbe, 0x2c,
+    0xe4, 0xac, 0xaf, 0x9e, 0x9e, 0xf3, 0x3b, 0xd0, 0x60, 0x2c, 0xbf, 0x11,
+    0x67, 0xd9, 0x65, 0xf7, 0x7d, 0x31, 0xab, 0x2f, 0xce, 0x6e, 0x79, 0xd6,
+    0x56, 0x22, 0xc6, 0x22, 0x47, 0x1c, 0xf9, 0x28, 0x89, 0x6f, 0xff, 0x43,
+    0xd8, 0x46, 0x07, 0xaf, 0x34, 0x9d, 0x65, 0xfc, 0xdf, 0xc3, 0xcf, 0x96,
+    0x5f, 0xf3, 0x02, 0x3f, 0x4f, 0x05, 0xc5, 0x97, 0xfa, 0x0f, 0xfe, 0x31,
+    0x4a, 0xcb, 0x4e, 0x8f, 0xac, 0x8e, 0xab, 0xb4, 0xc2, 0x34, 0x97, 0xf8,
+    0x4b, 0xdf, 0xfe, 0x27, 0x33, 0x3a, 0xf4, 0xf7, 0x0d, 0x9c, 0x59, 0x76,
+    0xe3, 0xac, 0xbf, 0x9a, 0x2e, 0x7d, 0xa3, 0x59, 0x7f, 0xec, 0x3e, 0x6b,
+    0x3b, 0x86, 0x7d, 0x65, 0xfc, 0xde, 0x63, 0xe1, 0xab, 0x2b, 0xc7, 0xd7,
+    0xc3, 0xeb, 0xfe, 0x7f, 0x6a, 0x5a, 0x0f, 0xc5, 0x97, 0xff, 0x9e, 0x3f,
+    0x34, 0x96, 0x44, 0xda, 0x65, 0x95, 0x89, 0xec, 0xc4, 0x6f, 0xa4, 0xef,
+    0x0c, 0xfe, 0x13, 0x42, 0x22, 0x30, 0xde, 0xc4, 0xb2, 0xdb, 0x2b, 0x2f,
+    0xba, 0x6c, 0x1a, 0xca, 0x59, 0x6e, 0x96, 0x61, 0x2e, 0xe1, 0x01, 0x25,
+    0xd0, 0x1a, 0xca, 0x0a, 0x22, 0x7a, 0x31, 0x0e, 0xc5, 0x18, 0xb7, 0x43,
+    0xe7, 0x17, 0xbf, 0x1b, 0x30, 0xc1, 0xac, 0xbe, 0xcf, 0xfb, 0x16, 0x5c,
+    0xe6, 0xac, 0xbb, 0x06, 0x46, 0xe3, 0x64, 0x86, 0xed, 0x8f, 0xa5, 0xc6,
+    0x14, 0xbb, 0xe0, 0x59, 0x7c, 0x3f, 0x64, 0x6b, 0x2e, 0xdd, 0x82, 0xcb,
+    0xf3, 0xe7, 0xf0, 0xeb, 0x2f, 0x67, 0x7f, 0x59, 0x51, 0x9e, 0x19, 0xa4,
+    0xd5, 0x1a, 0x2e, 0xd8, 0x5f, 0x44, 0x6e, 0xbb, 0x7e, 0x0f, 0x65, 0xc8,
+    0x0b, 0x2f, 0xec, 0xf3, 0x86, 0x5f, 0x59, 0x51, 0x9e, 0xc0, 0xca, 0xef,
+    0x3b, 0xf4, 0xb2, 0xff, 0x45, 0x9a, 0x68, 0xdc, 0xeb, 0x2f, 0xec, 0xff,
+    0xe7, 0x5c, 0x59, 0x7f, 0x39, 0x02, 0x30, 0x7d, 0x65, 0xf8, 0x3f, 0xf2,
+    0x7e, 0xb2, 0xa5, 0x1e, 0xf1, 0x91, 0xe0, 0xe1, 0x1a, 0x6c, 0x96, 0x86,
+    0x5d, 0x60, 0x92, 0xda, 0x95, 0xc7, 0x0c, 0x78, 0x10, 0x8e, 0x34, 0x5c,
+    0x94, 0x86, 0x6c, 0x20, 0xba, 0x8c, 0xab, 0xb8, 0x7b, 0x33, 0xbc, 0x50,
+    0xc0, 0xd4, 0x2e, 0x0f, 0x08, 0xdf, 0x43, 0xc9, 0xe1, 0x74, 0x04, 0x12,
+    0x8f, 0x2b, 0x92, 0xca, 0xbf, 0x18, 0x48, 0x97, 0x37, 0xb0, 0x18, 0x5d,
+    0xb3, 0x0e, 0x50, 0xe3, 0x8b, 0xbc, 0x71, 0x69, 0x25, 0xff, 0x9e, 0x01,
+    0x33, 0x5d, 0x3b, 0xf4, 0xa8, 0x98, 0xd7, 0x4e, 0xea, 0xcb, 0xb5, 0x8b,
+    0x2d, 0x3a, 0x35, 0xfe, 0x19, 0xbf, 0xd8, 0x6f, 0x3d, 0x25, 0xf5, 0x97,
+    0xdf, 0x84, 0x9a, 0xb2, 0x88, 0xf5, 0x83, 0x33, 0xb0, 0x46, 0x4c, 0xe0,
+    0xe3, 0xbe, 0x7d, 0xe3, 0xe5, 0xff, 0x0d, 0xb7, 0x84, 0xec, 0x01, 0xc1,
+    0x65, 0xe3, 0x0c, 0x31, 0x65, 0xfc, 0x15, 0x0a, 0x05, 0x90, 0x87, 0x96,
+    0x5e, 0xd8, 0x50, 0x1a, 0xca, 0x0a, 0x1e, 0xfe, 0xc3, 0x3c, 0xbf, 0xb5,
+    0xa1, 0x16, 0x79, 0x65, 0xf4, 0x93, 0x79, 0x65, 0xf4, 0xc7, 0x3a, 0x59,
+    0x7f, 0xb9, 0x20, 0x7f, 0xb9, 0xab, 0x2f, 0x7e, 0x62, 0x59, 0x7d, 0x31,
+    0x31, 0xd6, 0x5f, 0xfe, 0x62, 0x2c, 0x17, 0x45, 0x91, 0x87, 0x05, 0x95,
+    0x87, 0xd9, 0xa2, 0x2b, 0xee, 0x4e, 0xa5, 0x65, 0xf4, 0x62, 0x1e, 0xe2,
+    0xcb, 0xfe, 0xdd, 0x60, 0x6d, 0xc8, 0xa4, 0xeb, 0x28, 0x69, 0xd2, 0xb1,
+    0x06, 0xe1, 0x14, 0x46, 0x7a, 0x84, 0x4f, 0xc8, 0x43, 0x21, 0xdd, 0x27,
+    0xb4, 0x16, 0x5f, 0x8f, 0x39, 0xfe, 0x2c, 0xbf, 0x71, 0x8b, 0xb8, 0x2c,
+    0xbb, 0x22, 0x59, 0x63, 0x36, 0x9b, 0xfc, 0x28, 0xad, 0x81, 0x14, 0x03,
+    0x11, 0xc6, 0x6b, 0xfd, 0xe9, 0xd4, 0x61, 0x88, 0x0b, 0x2f, 0x6f, 0x3f,
+    0x16, 0x5e, 0x8d, 0xc9, 0x65, 0x1a, 0x6e, 0xc4, 0x3f, 0x7f, 0xff, 0xe6,
+    0x17, 0x5a, 0xcd, 0xf2, 0x5f, 0xd0, 0xa3, 0xf4, 0xff, 0x8c, 0xb2, 0xe7,
+    0xe2, 0xcb, 0xed, 0xbf, 0xcf, 0x2c, 0xaf, 0x1b, 0xae, 0x0b, 0x5f, 0xff,
+    0xcd, 0xdf, 0xf9, 0x1e, 0xb3, 0x9b, 0x73, 0xaf, 0x0b, 0x71, 0x65, 0x4a,
+    0x21, 0x74, 0x43, 0x7a, 0x4a, 0x35, 0x97, 0xff, 0xff, 0xd0, 0xe7, 0xb0,
+    0x46, 0x73, 0xd9, 0xd6, 0x73, 0x6e, 0x77, 0x0e, 0x31, 0x32, 0xcb, 0xce,
+    0xfd, 0x2a, 0x2b, 0x15, 0xf3, 0x87, 0x26, 0xac, 0xae, 0x8f, 0x33, 0x45,
+    0x37, 0xef, 0x31, 0xe7, 0x4b, 0x2f, 0xff, 0x09, 0xe3, 0xd6, 0x1f, 0xd3,
+    0x19, 0x09, 0x65, 0x31, 0xf9, 0x11, 0x3d, 0xfe, 0x14, 0x33, 0x80, 0xec,
+    0x0b, 0x2f, 0xfd, 0xb3, 0x9f, 0x2c, 0x14, 0x97, 0xd6, 0x5f, 0xe2, 0xce,
+    0x03, 0x30, 0x6b, 0x28, 0x6a, 0xe4, 0xcd, 0x8c, 0xbb, 0xa2, 0x2e, 0xc7,
+    0x35, 0x0c, 0xdf, 0x42, 0x54, 0x88, 0x3e, 0x6b, 0xbc, 0xfe, 0xff, 0xc2,
+    0xff, 0x0b, 0x37, 0x96, 0x71, 0x65, 0xf7, 0xcb, 0x37, 0x56, 0x5e, 0x61,
+    0x0d, 0x65, 0x1a, 0x7f, 0xec, 0x7f, 0xb8, 0x49, 0x7f, 0xf1, 0x7c, 0xd1,
+    0x49, 0x67, 0x53, 0xa5, 0x97, 0xe6, 0x0b, 0xb8, 0xba, 0x59, 0x7b, 0x23,
+    0x0b, 0xac, 0xa9, 0x3c, 0xd6, 0x2c, 0xbf, 0xda, 0x8f, 0xfc, 0x7e, 0xfa,
+    0x59, 0x52, 0x8e, 0x8f, 0x42, 0x45, 0xc8, 0x2f, 0xf6, 0x7f, 0x0a, 0x4c,
+    0xd9, 0x59, 0x7f, 0xe2, 0x73, 0x98, 0xe3, 0x9e, 0xf8, 0xb2, 0xff, 0x4e,
+    0xa0, 0xd1, 0x31, 0x8b, 0x2f, 0xfe, 0x63, 0xf3, 0x6f, 0x9b, 0xe5, 0x27,
+    0x59, 0x50, 0x47, 0x68, 0x0d, 0x78, 0x7f, 0xf3, 0x4b, 0xe7, 0xfb, 0xf4,
+    0xb2, 0xff, 0xa7, 0x7b, 0xeb, 0xaf, 0x3e, 0xea, 0xcb, 0x4a, 0xcb, 0xe7,
+    0x3e, 0x12, 0xca, 0x93, 0x61, 0xe1, 0x0b, 0xfc, 0xd3, 0xd1, 0x63, 0x46,
+    0xb2, 0x8e, 0x8e, 0x2f, 0x11, 0x7d, 0xbb, 0x74, 0x82, 0xff, 0x49, 0x7f,
+    0xd8, 0x07, 0x59, 0x7d, 0x27, 0x7f, 0xac, 0xa8, 0x1e, 0x97, 0x0c, 0x6f,
+    0xdb, 0xbf, 0xce, 0xe2, 0x59, 0x7d, 0xc8, 0x98, 0xd5, 0x97, 0xec, 0x1f,
+    0x3d, 0x2b, 0x2f, 0x1e, 0x74, 0xb2, 0xff, 0xff, 0xff, 0x3f, 0xff, 0x9e,
+    0xe3, 0xc1, 0x8b, 0xf0, 0xcd, 0x67, 0x33, 0xcf, 0x19, 0x4c, 0x16, 0x5e,
+    0xfc, 0xc4, 0xb2, 0xa5, 0x33, 0xcc, 0x2d, 0xd1, 0x20, 0x09, 0xf8, 0x38,
+    0x1c, 0x22, 0xef, 0xfd, 0x17, 0x7f, 0x61, 0xe1, 0x61, 0xd6, 0x5f, 0xc2,
+    0xd9, 0xeb, 0xcc, 0x17, 0x59, 0x7d, 0xdc, 0x27, 0xcb, 0x2f, 0xf7, 0x07,
+    0xec, 0xe8, 0x5b, 0x8b, 0x2d, 0x9c, 0x3d, 0xb1, 0x11, 0xdd, 0x3b, 0xd6,
+    0x57, 0x8d, 0xf9, 0x13, 0xdf, 0xde, 0x61, 0x96, 0x09, 0x65, 0xfe, 0x89,
+    0xf1, 0xa0, 0x19, 0xd6, 0x50, 0xd1, 0x01, 0xd1, 0x03, 0x16, 0x5f, 0xee,
+    0xe1, 0x14, 0x1f, 0x51, 0xac, 0xbe, 0x87, 0xda, 0x35, 0x95, 0x27, 0xb4,
+    0xe6, 0xf7, 0xff, 0xfa, 0x4e, 0x69, 0xaf, 0xdf, 0xa5, 0xbf, 0xc6, 0x2e,
+    0xe0, 0xb2, 0xff, 0xfc, 0xdf, 0x9e, 0x9b, 0xec, 0x7d, 0xbc, 0x71, 0x8d,
+    0x65, 0x4a, 0xab, 0x4c, 0x8d, 0x41, 0xa1, 0x15, 0xe2, 0x07, 0x63, 0xba,
+    0x1f, 0x59, 0x7f, 0x48, 0x0f, 0x3c, 0x25, 0x97, 0xf6, 0x47, 0x85, 0x90,
+    0x59, 0x52, 0x7d, 0xec, 0x2f, 0xa2, 0xcb, 0xff, 0xb9, 0xec, 0xdd, 0x6f,
+    0xb4, 0x38, 0x25, 0x97, 0xf1, 0xfe, 0x27, 0x8e, 0x56, 0x59, 0xbb, 0x3f,
+    0x50, 0xd1, 0xef, 0x0b, 0xbc, 0x59, 0x7f, 0xb4, 0xc2, 0x8c, 0x1c, 0x82,
+    0xcb, 0xf8, 0xe2, 0xee, 0x1c, 0xdc, 0x59, 0x7d, 0x3e, 0x7d, 0xc5, 0x96,
+    0x84, 0x9e, 0xb9, 0x19, 0xde, 0x69, 0x8d, 0x65, 0xff, 0xc3, 0x9e, 0x4b,
+    0x77, 0xff, 0xc9, 0xd6, 0x5f, 0xd2, 0x64, 0x45, 0x23, 0x59, 0x7f, 0xf1,
+    0x67, 0x18, 0x1b, 0x66, 0x39, 0xe2, 0xca, 0x8d, 0x3a, 0x21, 0x8e, 0xf7,
+    0x08, 0xc8, 0x89, 0xb4, 0x39, 0xf4, 0x4d, 0xe5, 0xd7, 0xee, 0xbd, 0x24,
+    0x6a, 0xca, 0xc4, 0x4c, 0x3b, 0x7d, 0xf1, 0xdf, 0xbf, 0xac, 0xbf, 0xfa,
+    0x39, 0xfe, 0xd0, 0xfa, 0x0f, 0x74, 0x3e, 0x2c, 0xbf, 0xf9, 0xf7, 0x30,
+    0x9c, 0x6f, 0x9d, 0xfd, 0x65, 0xff, 0x6a, 0x78, 0xfa, 0x29, 0x82, 0xca,
+    0xd2, 0x33, 0x3c, 0xa1, 0xbd, 0x16, 0xf4, 0x1e, 0x35, 0x97, 0xb6, 0xc6,
+    0x75, 0x97, 0xfc, 0xfd, 0xc1, 0xbd, 0xe7, 0xdc, 0x59, 0x7f, 0x14, 0xc6,
+    0x53, 0x1a, 0xcb, 0x7d, 0x65, 0xfe, 0x78, 0xcb, 0x3f, 0x80, 0x59, 0x7f,
+    0xe3, 0x79, 0xcc, 0xf3, 0x70, 0x51, 0xac, 0xa1, 0xa2, 0x13, 0x04, 0x44,
+    0x65, 0x5b, 0x1a, 0xa7, 0xac, 0x87, 0x7f, 0x66, 0x4c, 0x3b, 0xa2, 0x07,
+    0x3c, 0x28, 0x58, 0xdf, 0x4c, 0x53, 0x1a, 0xcb, 0xff, 0x13, 0x8f, 0xd3,
+    0xbf, 0xce, 0x4b, 0x2f, 0xff, 0x43, 0x0b, 0xe2, 0xf3, 0x6e, 0xee, 0xce,
+    0xe2, 0xcb, 0xff, 0xff, 0xd8, 0x7c, 0xd0, 0x00, 0x2e, 0x79, 0xbf, 0x0c,
+    0xf3, 0x81, 0x87, 0x2b, 0x2e, 0x9d, 0xc5, 0x97, 0xff, 0xfb, 0x3a, 0xda,
+    0x42, 0xdd, 0xdb, 0x9d, 0xc3, 0x04, 0x40, 0xe2, 0xcb, 0xa1, 0xc5, 0x96,
+    0x14, 0x68, 0x80, 0x76, 0x9b, 0xff, 0xd1, 0xe7, 0x7f, 0xe3, 0x14, 0x81,
+    0xce, 0xb2, 0xff, 0x76, 0x58, 0x3f, 0x39, 0x8b, 0x2b, 0x0f, 0xf9, 0xd2,
+    0xaa, 0x35, 0x51, 0x23, 0x23, 0xec, 0xfb, 0xca, 0x4e, 0xec, 0x50, 0x99,
+    0xe4, 0x29, 0xef, 0xbf, 0x09, 0x65, 0x97, 0xf8, 0x71, 0xe1, 0x99, 0xe7,
+    0x59, 0x7f, 0xbc, 0x59, 0xdc, 0x37, 0x22, 0x59, 0x58, 0x7d, 0x8e, 0x69,
+    0x7f, 0x47, 0x14, 0x36, 0x3d, 0x46, 0xb2, 0xf8, 0x8b, 0x3e, 0xb2, 0xfc,
+    0xdb, 0x9a, 0xd3, 0x2c, 0xa0, 0xa2, 0x20, 0x64, 0xdf, 0xc4, 0x17, 0xf4,
+    0x61, 0xec, 0xb9, 0x01, 0x65, 0xf6, 0xe4, 0xf0, 0x96, 0x5f, 0xfb, 0xce,
+    0x7f, 0xfa, 0x7e, 0x23, 0xac, 0xac, 0x3e, 0x38, 0x89, 0x2f, 0xfe, 0xcc,
+    0x34, 0xf2, 0xda, 0xd3, 0x18, 0xb2, 0xf3, 0xbe, 0x96, 0x5f, 0xf7, 0xfc,
+    0x27, 0x80, 0x54, 0x0c, 0xb2, 0xff, 0x9a, 0x0d, 0xe1, 0x1c, 0xec, 0xb2,
+    0xec, 0xfa, 0xca, 0x94, 0xe8, 0x72, 0x12, 0xba, 0x22, 0xf2, 0x21, 0x0d,
+    0xfc, 0xf7, 0x64, 0xe2, 0xe7, 0xdd, 0x59, 0x7b, 0xd8, 0x75, 0x97, 0xff,
+    0xa7, 0x70, 0xf2, 0x32, 0xcf, 0xfd, 0xc9, 0x65, 0x11, 0xff, 0xfc, 0x67,
+    0x74, 0x72, 0xf7, 0x98, 0x26, 0xc0, 0xdf, 0xc4, 0xec, 0x27, 0xf0, 0xb6,
+    0x59, 0x31, 0xe9, 0x47, 0x18, 0xf4, 0x0d, 0x06, 0xe3, 0x92, 0xed, 0x4d,
+    0x8c, 0x4f, 0xa8, 0xc6, 0xbb, 0x8c, 0x81, 0xa3, 0x1f, 0x8a, 0x12, 0x5a,
+    0x8d, 0x78, 0xeb, 0x9e, 0x95, 0xe6, 0xf0, 0xc2, 0x04, 0x28, 0x8a, 0x53,
+    0x1f, 0x25, 0x4d, 0xfe, 0x57, 0xd8, 0x9c, 0x37, 0xc2, 0x37, 0x66, 0x14,
+    0x21, 0xc7, 0xa9, 0xbb, 0x0e, 0x9b, 0xc1, 0x6b, 0x64, 0x28, 0xb2, 0xfb,
+    0xfb, 0x39, 0xe5, 0x96, 0x25, 0x94, 0x15, 0x36, 0xb0, 0x25, 0xbb, 0x63,
+    0x0b, 0x16, 0x5e, 0x0a, 0x6c, 0x2d, 0x95, 0x97, 0xbf, 0x3e, 0x59, 0x7d,
+    0x23, 0xc3, 0xac, 0xb6, 0xa4, 0xde, 0xe8, 0x72, 0xdb, 0x8b, 0x2e, 0x6d,
+    0xd5, 0x97, 0xd1, 0xea, 0x63, 0x59, 0x70, 0x60, 0x59, 0x76, 0x79, 0x65,
+    0xef, 0x64, 0x4b, 0x2f, 0x79, 0x8e, 0xb2, 0xd1, 0x2c, 0xa8, 0xcf, 0x84,
+    0x62, 0xce, 0x3a, 0x21, 0xcb, 0xf3, 0x94, 0x62, 0xe2, 0xcb, 0xf6, 0x0f,
+    0x4f, 0xd2, 0xcb, 0xe7, 0x8e, 0x74, 0xb2, 0xf6, 0x9e, 0x35, 0x97, 0x48,
+    0xfc, 0x7c, 0xe4, 0x51, 0xf2, 0x2b, 0x0d, 0x65, 0x32, 0xa0, 0x58, 0x89,
+    0x8e, 0x28, 0xe3, 0x20, 0x24, 0x27, 0x9e, 0x1e, 0x7e, 0x11, 0xfb, 0x27,
+    0x37, 0xb5, 0xc1, 0x2c, 0xb7, 0x96, 0x5e, 0xe0, 0x7c, 0x59, 0x71, 0x44,
+    0xb2, 0xe9, 0x35, 0x65, 0xed, 0x4c, 0x16, 0x5b, 0xb8, 0xcd, 0x9e, 0x85,
+    0xea, 0x51, 0x7f, 0x18, 0xe8, 0xc4, 0x70, 0x78, 0x49, 0x57, 0xee, 0xe1,
+    0xf7, 0xed, 0x65, 0xa5, 0x65, 0x39, 0xba, 0xf9, 0x55, 0xfe, 0xef, 0x52,
+    0xd0, 0x7e, 0x2c, 0xbe, 0xc2, 0x98, 0x2c, 0xac, 0x3d, 0x33, 0x99, 0xdb,
+    0x65, 0x65, 0xfb, 0x99, 0xf6, 0xd2, 0xcb, 0xd9, 0xdf, 0xd6, 0x5b, 0x00,
+    0x78, 0x9c, 0x27, 0xb9, 0xc6, 0xb2, 0xf7, 0xf3, 0x8b, 0x2e, 0x29, 0x59,
+    0x50, 0x3c, 0x71, 0x0b, 0x6f, 0x1c, 0xbf, 0xe6, 0x14, 0x73, 0xd8, 0x35,
+    0x2b, 0x2f, 0x42, 0x7b, 0x59, 0x6d, 0xc5, 0x95, 0x11, 0xb1, 0x21, 0xdb,
+    0xda, 0x72, 0x59, 0x6d, 0x95, 0x97, 0xf1, 0x66, 0xfd, 0x37, 0x16, 0x54,
+    0x67, 0x84, 0x60, 0xa5, 0xbb, 0x59, 0x52, 0x89, 0x36, 0x5d, 0x11, 0x25,
+    0xfb, 0x35, 0x09, 0x3a, 0xcb, 0xef, 0x3e, 0x69, 0x65, 0xfa, 0x3c, 0x26,
+    0x35, 0x65, 0x49, 0xe4, 0xb1, 0x0d, 0xfd, 0xa8, 0x01, 0xbb, 0xe2, 0xcb,
+    0xfd, 0xc0, 0xca, 0x7c, 0xd1, 0xac, 0xa7, 0x3e, 0x3f, 0x97, 0xdf, 0x73,
+    0x92, 0x05, 0x95, 0x2a, 0xe6, 0xc6, 0x43, 0x8b, 0x0c, 0xdd, 0xa3, 0x13,
+    0xb5, 0xfa, 0x16, 0x8e, 0x5c, 0x4e, 0x02, 0x84, 0x19, 0x84, 0x37, 0xfe,
+    0xc2, 0xc3, 0x4b, 0x3f, 0xe6, 0x59, 0x7f, 0x39, 0xb8, 0x37, 0x82, 0xca,
+    0xf1, 0xf4, 0x91, 0xe5, 0xfc, 0xc4, 0x59, 0xbd, 0xd6, 0x5c, 0x1f, 0xd6,
+    0x5f, 0xde, 0x6c, 0x89, 0xc0, 0xb2, 0xa0, 0x78, 0xbf, 0x18, 0xbd, 0xad,
+    0x3a, 0xcb, 0xe8, 0x00, 0x50, 0x59, 0x7d, 0xa0, 0xe4, 0x0b, 0x2f, 0x4f,
+    0xa5, 0x65, 0x49, 0xf0, 0xb1, 0x1f, 0x88, 0xef, 0xe8, 0xdc, 0xe0, 0x04,
+    0xac, 0xbe, 0x84, 0x94, 0x16, 0x53, 0x1e, 0x7c, 0x45, 0xd7, 0x30, 0xd6,
+    0x5c, 0xfd, 0xac, 0xbf, 0xbd, 0x91, 0x14, 0x8d, 0x65, 0xff, 0x42, 0x4f,
+    0xcc, 0xd4, 0xf1, 0x65, 0x74, 0x7c, 0xbd, 0x96, 0xdf, 0x44, 0x4e, 0x62,
+    0xcb, 0xfe, 0x92, 0xcd, 0xf8, 0x4e, 0x6a, 0xca, 0x34, 0xf6, 0xf4, 0x47,
+    0x43, 0x4c, 0x79, 0x9f, 0x1d, 0xfe, 0xf7, 0xd8, 0x0b, 0x2f, 0x81, 0x25,
+    0xd2, 0xcb, 0x05, 0xd6, 0x51, 0xa7, 0xa7, 0xd8, 0xe0, 0x88, 0xaf, 0xa1,
+    0xfc, 0x0d, 0x65, 0xfb, 0xed, 0xe7, 0x3a, 0xcb, 0xa4, 0x0b, 0x2a, 0x4d,
+    0xef, 0x44, 0xf7, 0xb5, 0x27, 0x59, 0x4c, 0x8c, 0xe7, 0x31, 0x13, 0x01,
+    0x84, 0x37, 0xec, 0xef, 0xee, 0x75, 0x97, 0x64, 0x4b, 0x2d, 0x19, 0x1b,
+    0xf0, 0xca, 0x2f, 0x4e, 0xa3, 0x59, 0x52, 0x78, 0xac, 0x51, 0x4b, 0x2f,
+    0x75, 0x20, 0x59, 0x62, 0x81, 0xa8, 0xc0, 0xbb, 0xfb, 0xcc, 0x7c, 0xf3,
+    0xac, 0xa9, 0x3d, 0x11, 0x12, 0xdf, 0x7c, 0x9b, 0x75, 0x65, 0xc2, 0xe2,
+    0xcb, 0xf0, 0xa1, 0xcf, 0x0d, 0x65, 0x49, 0xe0, 0x10, 0xbd, 0xfb, 0x22,
+    0x83, 0xf1, 0x65, 0x41, 0x79, 0xe4, 0x64, 0x3d, 0xb8, 0xb1, 0x14, 0x4f,
+    0xba, 0x7c, 0x39, 0x17, 0xa3, 0x34, 0x28, 0xd4, 0x39, 0x0c, 0x0f, 0xc2,
+    0x64, 0x44, 0x3b, 0xd9, 0x03, 0x20, 0xbf, 0x9e, 0x1b, 0xbb, 0xa2, 0x8d,
+    0x65, 0xfd, 0xc0, 0xe4, 0x7b, 0x08, 0x2a, 0xb2, 0xc4, 0xb2, 0xe8, 0x6e,
+    0x2c, 0xaf, 0x22, 0x61, 0xcd, 0x78, 0x73, 0xf1, 0x0b, 0xbf, 0xc5, 0x97,
+    0xb4, 0x1c, 0x4b, 0x2f, 0xee, 0x3f, 0x7f, 0x68, 0xd6, 0x56, 0x8f, 0x3b,
+    0xe3, 0xf4, 0xb2, 0x98, 0xd6, 0xec, 0x91, 0x5f, 0xd9, 0x18, 0xfc, 0xda,
+    0x59, 0x4c, 0x8e, 0x3f, 0x42, 0x48, 0x88, 0xef, 0xfd, 0x39, 0xcd, 0xb2,
+    0xc3, 0x0e, 0x0b, 0x2f, 0xe6, 0x33, 0x91, 0xe1, 0x8b, 0x28, 0x8f, 0xc3,
+    0xe8, 0x17, 0x14, 0xac, 0xbc, 0x00, 0x4a, 0xcb, 0xb3, 0xa5, 0x97, 0x48,
+    0xf8, 0x6c, 0xfe, 0x39, 0x7a, 0x4b, 0xa5, 0x97, 0xff, 0xf3, 0x98, 0x37,
+    0x7d, 0x47, 0xe7, 0xff, 0x9b, 0x50, 0x59, 0x7e, 0xeb, 0xaf, 0x4e, 0x96,
+    0x57, 0x91, 0x44, 0x43, 0x82, 0x5c, 0xa8, 0x26, 0xcd, 0xd1, 0x0f, 0x12,
+    0x3f, 0x0c, 0xeb, 0xe7, 0x27, 0x89, 0x65, 0xfb, 0x34, 0x1f, 0xf8, 0xb2,
+    0xfc, 0xdf, 0x2c, 0x82, 0xcb, 0xe9, 0x32, 0x62, 0x59, 0x7f, 0xee, 0x6f,
+    0x7f, 0x49, 0xb9, 0xfe, 0x2c, 0xb8, 0x33, 0xac, 0xbe, 0xcd, 0x0b, 0x16,
+    0x58, 0x0b, 0x28, 0x8d, 0x90, 0x64, 0x37, 0xd1, 0xc7, 0x3b, 0x8b, 0x2f,
+    0x3f, 0x64, 0xb2, 0xfe, 0xf9, 0x38, 0x30, 0x96, 0x5f, 0x89, 0xc1, 0x84,
+    0xb2, 0xb6, 0x9e, 0x87, 0xca, 0xea, 0x51, 0x6e, 0x32, 0x71, 0x36, 0x54,
+    0x6a, 0x89, 0x60, 0x42, 0x69, 0x4b, 0x13, 0x44, 0x47, 0xe4, 0x10, 0x25,
+    0x14, 0x36, 0x2f, 0xb9, 0x85, 0xd2, 0xcb, 0xfa, 0x4b, 0xfd, 0x0a, 0x35,
+    0x96, 0xe2, 0xcb, 0xfd, 0x26, 0x0c, 0x4f, 0xa8, 0x2c, 0xbd, 0xc9, 0x82,
+    0xcb, 0xf7, 0xb3, 0x4d, 0xc5, 0x97, 0x36, 0xbb, 0x3c, 0x3f, 0x8e, 0x5b,
+    0x7a, 0xca, 0x94, 0xc6, 0xa0, 0x45, 0x11, 0x7e, 0x84, 0x7c, 0xef, 0xba,
+    0x5d, 0x70, 0xe5, 0x65, 0xff, 0xbd, 0x90, 0xfc, 0xe1, 0x77, 0xf5, 0x95,
+    0x87, 0xa9, 0xf1, 0x6b, 0x06, 0xb2, 0x88, 0xd9, 0xee, 0x90, 0xde, 0x26,
+    0x35, 0x65, 0xf6, 0x0d, 0xb7, 0xac, 0xba, 0x4f, 0x86, 0xfd, 0xc7, 0x2f,
+    0xd0, 0xfb, 0x1f, 0xeb, 0x2f, 0xe7, 0xef, 0xd2, 0x19, 0x2c, 0xb6, 0x76,
+    0x7a, 0xc6, 0x14, 0x5e, 0x0f, 0xb2, 0x59, 0x7f, 0x3c, 0x1c, 0xb3, 0x75,
+    0x65, 0xcc, 0x35, 0x97, 0xdc, 0xf3, 0xc1, 0x65, 0xbe, 0xb2, 0xa5, 0x3a,
+    0x06, 0x62, 0xd4, 0x20, 0x3c, 0x52, 0xe3, 0xc0, 0x2e, 0x10, 0xb0, 0x64,
+    0x57, 0xb0, 0xa2, 0x59, 0x6e, 0xd6, 0x5c, 0x09, 0x49, 0x71, 0x86, 0x24,
+    0xa6, 0x35, 0xe6, 0x0b, 0x5f, 0x8b, 0x3f, 0xe6, 0x48, 0x10, 0xd0, 0xdf,
+    0x1a, 0x59, 0xc5, 0x95, 0x03, 0xda, 0x19, 0xc5, 0xdd, 0x01, 0x65, 0xfe,
+    0x73, 0x64, 0x8b, 0x3e, 0xb2, 0xe0, 0x3a, 0xcb, 0xe6, 0xd3, 0x7d, 0x65,
+    0x31, 0xb7, 0x88, 0x5a, 0xa5, 0x39, 0xb1, 0x8e, 0x3c, 0x2f, 0x00, 0x44,
+    0x43, 0x02, 0x68, 0xbd, 0xe9, 0x31, 0x65, 0xe7, 0xef, 0x8b, 0x2d, 0xc5,
+    0x97, 0xc1, 0xf9, 0xfe, 0xb2, 0xa3, 0x3e, 0xe1, 0x8e, 0xf6, 0x3b, 0xf1,
+    0x1b, 0xd2, 0x51, 0x2c, 0xb8, 0xa5, 0x65, 0x2c, 0xa5, 0x95, 0x11, 0x6c,
+    0x70, 0xbb, 0xbd, 0x12, 0xcb, 0x98, 0x0b, 0x2a, 0x4d, 0x70, 0x06, 0x2a,
+    0x24, 0x5b, 0x68, 0x71, 0xca, 0xc0, 0x9f, 0x7f, 0xf1, 0xac, 0x5d, 0x72,
+    0x4e, 0xfd, 0xfd, 0x65, 0xe0, 0x66, 0xea, 0xcb, 0xff, 0xe2, 0xc0, 0x61,
+    0xc5, 0x3a, 0xd3, 0x0b, 0xa5, 0x97, 0xc5, 0x27, 0x89, 0x65, 0x1a, 0x8d,
+    0x6d, 0x23, 0x10, 0xff, 0xd3, 0xef, 0x8f, 0xc1, 0x1d, 0x65, 0x8d, 0x59,
+    0x6d, 0x95, 0x97, 0x68, 0xd5, 0x95, 0x27, 0xc2, 0xc4, 0x62, 0x12, 0x0c,
+    0x52, 0xff, 0xfb, 0xd9, 0x0e, 0x4f, 0xe1, 0x9b, 0x8e, 0x40, 0x59, 0x7f,
+    0xcd, 0xff, 0x67, 0x7f, 0x14, 0xac, 0xbe, 0x0e, 0x74, 0x05, 0x95, 0x03,
+    0xdc, 0xf1, 0xcd, 0xd9, 0xc5, 0x97, 0xff, 0xb2, 0x1b, 0x38, 0x6b, 0xe7,
+    0xe7, 0xfc, 0x59, 0x52, 0x88, 0x48, 0x11, 0x00, 0x5a, 0xb8, 0x9b, 0x07,
+    0xe3, 0x31, 0xba, 0x78, 0xb2, 0xc0, 0x59, 0x7d, 0x27, 0x93, 0xac, 0xbf,
+    0x31, 0x87, 0x7f, 0xac, 0xa6, 0x3c, 0x9d, 0x10, 0xdf, 0x75, 0xe9, 0xe2,
+    0xcb, 0x62, 0xca, 0x64, 0x77, 0x68, 0xa9, 0xc5, 0xb8, 0xb4, 0x61, 0x0e,
+    0xc9, 0x1d, 0xff, 0x0f, 0x06, 0x12, 0x2e, 0x84, 0x4b, 0x2c, 0x6a, 0xca,
+    0x95, 0xdd, 0x6c, 0x87, 0xa3, 0x46, 0x27, 0xe8, 0x4f, 0x3c, 0xa8, 0x90,
+    0xd6, 0x77, 0x4f, 0x6f, 0xa4, 0xc1, 0x44, 0xb2, 0xf7, 0x26, 0x25, 0x97,
+    0xf6, 0x0f, 0x37, 0xb6, 0x96, 0x5f, 0x45, 0x13, 0x79, 0x65, 0x2c, 0xb6,
+    0x96, 0x58, 0xeb, 0x2b, 0x87, 0xa3, 0xf2, 0x41, 0x05, 0xef, 0x11, 0xbe,
+    0x1b, 0xbf, 0x6b, 0x2f, 0xc0, 0x6d, 0x31, 0xab, 0x2e, 0x73, 0x56, 0x5d,
+    0x9d, 0xac, 0xae, 0x93, 0x76, 0x88, 0x90, 0xe3, 0xbe, 0x7f, 0x73, 0xe0,
+    0x11, 0x11, 0x46, 0xc8, 0xbd, 0xd9, 0xe5, 0x97, 0xf1, 0x7f, 0x09, 0x8c,
+    0x59, 0x7f, 0x7f, 0x98, 0x76, 0xfa, 0xcb, 0x69, 0x65, 0x49, 0xbe, 0xc2,
+    0xda, 0x59, 0x4b, 0x2d, 0x2b, 0x28, 0x2e, 0x69, 0x88, 0x2f, 0xe1, 0x77,
+    0xb3, 0x7b, 0xac, 0xbe, 0xf7, 0xb0, 0x0b, 0x2d, 0x3e, 0x37, 0xe1, 0x8e,
+    0xd4, 0xa6, 0xb8, 0xc2, 0xc7, 0x6a, 0x74, 0x50, 0x38, 0x5f, 0xdf, 0xce,
+    0xe1, 0x30, 0x59, 0x7e, 0xfe, 0x79, 0xcd, 0x59, 0x5d, 0x9e, 0xb3, 0x17,
+    0x5f, 0xbb, 0x06, 0xc4, 0x2e, 0x2c, 0xbd, 0xe7, 0x3a, 0xcb, 0xf9, 0xfe,
+    0x00, 0xca, 0x0b, 0x2f, 0xdc, 0xcd, 0x31, 0xab, 0x28, 0x67, 0xe5, 0xb8,
+    0x39, 0xf2, 0xeb, 0xfb, 0xe3, 0x60, 0x49, 0x2c, 0xbd, 0x1f, 0x99, 0x65,
+    0xde, 0x17, 0x67, 0x92, 0xe5, 0x96, 0xf2, 0xcb, 0xc6, 0x18, 0x62, 0x4b,
+    0xfd, 0x31, 0x87, 0x9e, 0x7e, 0xd2, 0x04, 0x34, 0x17, 0xf9, 0x86, 0xe5,
+    0xdc, 0x38, 0xb2, 0x86, 0x7f, 0x5e, 0x47, 0xbb, 0x23, 0x59, 0x7e, 0x38,
+    0x73, 0xa0, 0x2c, 0xa5, 0x94, 0xb2, 0xd2, 0x72, 0xd8, 0x01, 0x75, 0x27,
+    0xc9, 0x03, 0xfb, 0xff, 0x72, 0x61, 0xec, 0xc2, 0x87, 0x16, 0x5f, 0xcf,
+    0xfd, 0x6b, 0x23, 0x59, 0x43, 0x54, 0x05, 0x85, 0xdd, 0x42, 0xad, 0x88,
+    0xa2, 0x7b, 0xf9, 0x09, 0x87, 0xb7, 0xa4, 0xec, 0xb2, 0xf4, 0x33, 0xa5,
+    0x97, 0xd2, 0x36, 0x3a, 0xcb, 0xb8, 0xeb, 0x2b, 0x60, 0x57, 0xf3, 0x30,
+    0xa1, 0xc9, 0x4f, 0xbd, 0x36, 0x76, 0x36, 0xc3, 0xbf, 0x21, 0xbf, 0xed,
+    0x07, 0x09, 0xde, 0xc4, 0x05, 0x97, 0xb5, 0xba, 0x35, 0x96, 0xf2, 0xca,
+    0x93, 0xec, 0x63, 0xbd, 0xd2, 0x0b, 0xf7, 0xa7, 0xb7, 0xdc, 0x59, 0x7f,
+    0xfd, 0x3f, 0xe0, 0xf3, 0xed, 0xe1, 0x67, 0x7f, 0x59, 0x5e, 0x3f, 0xbf,
+    0x95, 0xde, 0x2c, 0xf2, 0xcb, 0x69, 0x65, 0xfe, 0xcc, 0xe8, 0x3d, 0xfe,
+    0xc5, 0x97, 0xfd, 0x25, 0xf2, 0xcf, 0xc9, 0x8b, 0x2f, 0xe3, 0x38, 0xc5,
+    0xdc, 0x16, 0x5f, 0x47, 0xfc, 0xf2, 0xca, 0xc3, 0xd2, 0x11, 0x7d, 0x2c,
+    0xa6, 0x45, 0xae, 0xa1, 0x12, 0xe4, 0x37, 0xdc, 0xfb, 0xb2, 0xcb, 0xf4,
+    0x40, 0x3e, 0x44, 0xb2, 0xf7, 0xfd, 0x2b, 0x2b, 0x0f, 0x19, 0xca, 0xaf,
+    0xbf, 0xc9, 0x02, 0xcb, 0xb4, 0x25, 0x95, 0x86, 0xe7, 0xe4, 0x56, 0xe2,
+    0xca, 0x23, 0x62, 0x22, 0x0b, 0xfc, 0xfb, 0xf0, 0x71, 0xe1, 0x8b, 0x2f,
+    0xff, 0x4e, 0x76, 0x1f, 0xd8, 0x85, 0x0c, 0xe2, 0xcb, 0xd3, 0x91, 0xac,
+    0xb6, 0x0c, 0xf9, 0xb7, 0xa5, 0x5f, 0x67, 0x83, 0xd2, 0xcb, 0x8e, 0x05,
+    0x97, 0x39, 0x2c, 0xaf, 0x1a, 0xc7, 0x17, 0xb9, 0x8d, 0x59, 0x7c, 0xdf,
+    0x03, 0xac, 0xbf, 0x4f, 0x70, 0xc3, 0xac, 0xa8, 0x1f, 0x01, 0xc5, 0xfc,
+    0x43, 0x7d, 0xc9, 0x23, 0x56, 0x54, 0x6b, 0xa1, 0xb9, 0x0a, 0xb6, 0x22,
+    0xdc, 0x1b, 0x88, 0x47, 0x50, 0xeb, 0x39, 0x9f, 0x99, 0xde, 0x11, 0x40,
+    0x20, 0x28, 0x4e, 0x70, 0xa7, 0xe9, 0xe2, 0x84, 0x00, 0x65, 0xf7, 0x68,
+    0xd5, 0x97, 0xd2, 0x77, 0xf2, 0xcb, 0xdf, 0xfb, 0xac, 0xbe, 0xd0, 0xa7,
+    0x7a, 0xcb, 0xce, 0x40, 0x19, 0xf0, 0xb9, 0x0f, 0xc7, 0x2f, 0xee, 0x16,
+    0x46, 0x1c, 0x16, 0x5b, 0x37, 0x0f, 0xb4, 0x07, 0xd7, 0x48, 0x16, 0x5e,
+    0xfb, 0x46, 0xb2, 0xa2, 0x36, 0x7e, 0x16, 0xbf, 0xdd, 0x37, 0x0b, 0x37,
+    0xba, 0xcb, 0xe9, 0x8d, 0xe0, 0xb2, 0xe0, 0x1d, 0x65, 0xee, 0x79, 0x96,
+    0x56, 0x8d, 0x9f, 0xc5, 0xef, 0xe2, 0x7f, 0xc7, 0x86, 0x2c, 0xa5, 0x94,
+    0x46, 0xe7, 0xe5, 0xd5, 0x27, 0xf5, 0x8b, 0x57, 0xd1, 0x96, 0x76, 0xb2,
+    0xfe, 0x07, 0x30, 0x6f, 0x05, 0x95, 0x87, 0xa0, 0xe4, 0x77, 0xdf, 0x62,
+    0xe2, 0xcb, 0xed, 0xb9, 0xdf, 0xd6, 0x5f, 0xdc, 0x9e, 0xe1, 0x9f, 0x59,
+    0x5d, 0x1e, 0x9f, 0x09, 0x6f, 0xb3, 0xed, 0xc5, 0x94, 0xb2, 0xbb, 0x35,
+    0x8e, 0x43, 0x58, 0x8e, 0x46, 0x74, 0x74, 0xfa, 0x95, 0xc0, 0x98, 0x43,
+    0x9b, 0x17, 0x7b, 0x22, 0xd1, 0xa7, 0xa1, 0x9e, 0x4e, 0x1c, 0x8c, 0x12,
+    0xf0, 0x62, 0x0d, 0x65, 0xe2, 0x6d, 0xc5, 0x97, 0xf7, 0xa7, 0xfc, 0xf3,
+    0x2c, 0xb9, 0xcd, 0x59, 0x61, 0xfc, 0xf1, 0x36, 0x4b, 0x6f, 0x77, 0xc1,
+    0xac, 0xa9, 0x45, 0x5e, 0x31, 0x31, 0x5d, 0xb6, 0x56, 0x5d, 0x23, 0x59,
+    0x41, 0x53, 0x55, 0xe1, 0x4b, 0x71, 0x65, 0x8e, 0xb2, 0xda, 0x59, 0x4e,
+    0x68, 0x84, 0x23, 0x5a, 0x3d, 0x3f, 0x19, 0xdf, 0xd1, 0x8f, 0x4c, 0x28,
+    0xd6, 0x58, 0x0b, 0x29, 0x63, 0x1f, 0x1b, 0x91, 0x6c, 0x98, 0x5f, 0xe9,
+    0x28, 0x39, 0xf0, 0x6b, 0x2f, 0xbe, 0x73, 0xe9, 0x65, 0xff, 0xc0, 0x92,
+    0xe9, 0xfe, 0x00, 0xca, 0x0b, 0x2f, 0x41, 0xbc, 0xb2, 0xfb, 0xe5, 0x90,
+    0x59, 0x7c, 0x20, 0xbf, 0x1d, 0x65, 0xfa, 0x31, 0xbb, 0x98, 0xb2, 0xb0,
+    0xf3, 0xc4, 0x4d, 0x7f, 0xf7, 0x3d, 0x83, 0x2c, 0xde, 0x59, 0xc5, 0x97,
+    0xd3, 0x08, 0x1d, 0x65, 0xe7, 0x8b, 0x8b, 0x29, 0x91, 0x06, 0x48, 0x9f,
+    0x22, 0xa8, 0x27, 0xee, 0x69, 0x8f, 0x64, 0x71, 0x22, 0xe8, 0x70, 0x9c,
+    0x3f, 0x0a, 0x4b, 0x83, 0xe9, 0x65, 0x05, 0x1d, 0xe6, 0x0e, 0xc6, 0xbe,
+    0x16, 0x12, 0x85, 0xa2, 0x19, 0x94, 0xd9, 0x1c, 0x68, 0xb0, 0x84, 0x18,
+    0xe7, 0x03, 0xb2, 0x7e, 0x08, 0xd8, 0xdc, 0xfa, 0x8c, 0x7f, 0xb9, 0x41,
+    0x2d, 0x29, 0xa6, 0x28, 0xe4, 0xf5, 0x2a, 0x08, 0xf2, 0x84, 0x3d, 0x3d,
+    0x3c, 0xf1, 0xfa, 0x02, 0x3d, 0x10, 0xbc, 0x27, 0x8a, 0x70, 0x6f, 0x93,
+    0xbd, 0xff, 0x9c, 0xf3, 0x14, 0x20, 0xb7, 0xc3, 0x28, 0xc5, 0x7d, 0x98,
+    0x6d, 0x87, 0x28, 0xbb, 0x75, 0xb2, 0xff, 0x82, 0x7d, 0xb3, 0x77, 0x82,
+    0x95, 0x97, 0x80, 0x1c, 0x16, 0x5f, 0xff, 0x71, 0xbc, 0xed, 0xfc, 0xd0,
+    0x0e, 0xf0, 0x59, 0x60, 0x9d, 0x9f, 0x67, 0xc7, 0xaf, 0xf7, 0x02, 0x4e,
+    0xf9, 0x17, 0x4b, 0x2c, 0x29, 0x3e, 0x3f, 0x95, 0xd0, 0x45, 0x6e, 0x91,
+    0xca, 0x41, 0x1c, 0x61, 0x97, 0xed, 0x74, 0xef, 0xd2, 0xa2, 0xb7, 0x5f,
+    0xf9, 0xe0, 0x13, 0x35, 0xd3, 0xbf, 0x4a, 0x89, 0xc1, 0x60, 0x98, 0x88,
+    0x43, 0x9b, 0x5d, 0xb1, 0x8d, 0x65, 0xbc, 0xb2, 0xdc, 0x59, 0x42, 0x34,
+    0x5b, 0x22, 0x37, 0xec, 0x33, 0x8c, 0x62, 0xcb, 0xd0, 0xe7, 0x16, 0x5f,
+    0x74, 0xef, 0xd2, 0xa2, 0xd1, 0x5f, 0xfe, 0xc1, 0xf9, 0xcd, 0x8a, 0x26,
+    0xe0, 0x8e, 0xb2, 0xff, 0x4c, 0x7e, 0xcd, 0x0b, 0xa5, 0x97, 0xf3, 0xf7,
+    0x3f, 0x91, 0xac, 0xad, 0x23, 0x7f, 0xc6, 0x1c, 0x4d, 0xde, 0x6b, 0x79,
+    0x8b, 0xa5, 0x97, 0x9c, 0x80, 0xb2, 0xb0, 0xdb, 0xf4, 0x39, 0x7c, 0x09,
+    0x2e, 0x96, 0x5e, 0xdf, 0x31, 0x2c, 0xbf, 0xd9, 0xb9, 0xcd, 0x69, 0xfe,
+    0xb2, 0xfe, 0x98, 0xdf, 0xce, 0x75, 0x94, 0xc8, 0x82, 0x88, 0x7f, 0xc6,
+    0xd7, 0xf4, 0xff, 0x0b, 0xac, 0x59, 0x6e, 0x2c, 0xa6, 0x37, 0xbe, 0x2c,
+    0xbf, 0xa5, 0xc8, 0x43, 0xc5, 0x97, 0x85, 0xfe, 0x2c, 0xbf, 0x0f, 0xce,
+    0x5f, 0x59, 0x7d, 0x16, 0x1a, 0x35, 0x96, 0xd0, 0xcf, 0xa3, 0x07, 0x7e,
+    0x4f, 0x7f, 0xd3, 0x1f, 0xb3, 0x9e, 0xcd, 0xc5, 0x97, 0xee, 0xb1, 0x8b,
+    0xa5, 0x97, 0xfb, 0x3a, 0x29, 0x07, 0x25, 0x65, 0xd3, 0xd6, 0xd3, 0xda,
+    0xe1, 0x45, 0xff, 0x6f, 0xe6, 0x7b, 0x08, 0x31, 0xac, 0xa9, 0x3e, 0xbc,
+    0x30, 0xaf, 0x26, 0x42, 0x51, 0x80, 0xdf, 0xec, 0xd0, 0x32, 0x20, 0xf8,
+    0xb2, 0xc6, 0xac, 0xbf, 0xec, 0x98, 0xf2, 0x2d, 0x37, 0x16, 0x53, 0x1e,
+    0x5c, 0x42, 0x57, 0xff, 0xe8, 0xe7, 0xf2, 0x3d, 0x4f, 0x9f, 0x85, 0x80,
+    0x59, 0x7f, 0xe9, 0xed, 0xf7, 0x3c, 0x4f, 0xb9, 0x1a, 0xcb, 0xff, 0x4e,
+    0x81, 0x8d, 0x9a, 0xf8, 0x96, 0x54, 0xa3, 0x5b, 0xca, 0x9c, 0x45, 0xa1,
+    0xa7, 0xa0, 0xc5, 0x31, 0x42, 0x03, 0x90, 0xf8, 0xbf, 0xa7, 0x79, 0x3f,
+    0xf8, 0xb2, 0xff, 0xfb, 0xf2, 0x3f, 0x09, 0xcd, 0xeb, 0x18, 0xba, 0x59,
+    0x7f, 0xee, 0x7b, 0x01, 0x17, 0x09, 0xfc, 0xb2, 0xf8, 0xec, 0x50, 0x59,
+    0x4c, 0x8b, 0x1d, 0xc5, 0x1e, 0x1f, 0xd4, 0xae, 0x3f, 0x64, 0xb2, 0x5f,
+    0x24, 0x3c, 0x37, 0xed, 0xbd, 0x65, 0xd3, 0xe5, 0x97, 0x70, 0xeb, 0x29,
+    0x8f, 0x02, 0x21, 0x3f, 0x0b, 0x52, 0xcb, 0x1a, 0xb2, 0xf6, 0xa4, 0xd5,
+    0x97, 0xe6, 0xf9, 0x49, 0xd6, 0x50, 0x50, 0xf8, 0x24, 0x2e, 0x21, 0x2f,
+    0x0e, 0xdf, 0xe9, 0x3e, 0xb4, 0xc0, 0xe2, 0xcb, 0xdd, 0x61, 0x8b, 0x2d,
+    0x91, 0x1e, 0x8f, 0x8c, 0xef, 0xff, 0x9b, 0xfc, 0x6e, 0x9f, 0x5d, 0x63,
+    0x17, 0x4b, 0x2c, 0x62, 0xcb, 0xfd, 0xa9, 0xff, 0x70, 0xcf, 0xac, 0xbf,
+    0xff, 0xb2, 0x27, 0x28, 0xc0, 0xdd, 0xf3, 0xac, 0x62, 0xe9, 0x65, 0xd8,
+    0x35, 0x97, 0xa3, 0x73, 0xac, 0xb8, 0x1a, 0x93, 0x66, 0xc2, 0xd7, 0xed,
+    0x1e, 0x73, 0x8b, 0x2a, 0x4f, 0x4b, 0x0a, 0xef, 0xfe, 0xef, 0x9f, 0x2c,
+    0xdf, 0xff, 0xb0, 0xd6, 0x54, 0x13, 0xdf, 0x65, 0x08, 0x84, 0x88, 0xd3,
+    0x90, 0xe2, 0x11, 0x05, 0xcd, 0x05, 0x97, 0xf6, 0x6f, 0xf8, 0xa7, 0xa5,
+    0x97, 0xfb, 0xde, 0x11, 0xa7, 0x9e, 0x2c, 0xbf, 0x6d, 0x87, 0x83, 0xe2,
+    0xcb, 0x8d, 0x1a, 0xcb, 0xff, 0xee, 0x16, 0x6f, 0x7f, 0x96, 0x73, 0xcf,
+    0x12, 0xca, 0xc3, 0xe8, 0x61, 0x8b, 0xbc, 0x75, 0x97, 0xe9, 0xff, 0x03,
+    0xf2, 0xca, 0x94, 0xdb, 0xc6, 0x2d, 0x86, 0x0c, 0x6b, 0x14, 0x25, 0x0e,
+    0x40, 0x42, 0xf7, 0xc4, 0xdd, 0xc1, 0x65, 0xe0, 0x3f, 0x96, 0x5f, 0xe8,
+    0xf1, 0x86, 0xee, 0x6a, 0xca, 0xc3, 0xcf, 0x71, 0xcb, 0xfb, 0x52, 0x39,
+    0x28, 0x96, 0x5b, 0x8b, 0x2a, 0x33, 0x7d, 0xe2, 0xdb, 0x04, 0x0a, 0xb3,
+    0xcc, 0xf6, 0x03, 0xe8, 0xc9, 0x06, 0x53, 0x90, 0xfc, 0xe9, 0xdb, 0xb2,
+    0x18, 0xa1, 0x49, 0xa6, 0xd3, 0x90, 0x7a, 0x74, 0x45, 0xe1, 0x12, 0x08,
+    0x47, 0x94, 0x24, 0x79, 0x28, 0x1f, 0xf1, 0xe5, 0x89, 0x9f, 0x65, 0xc4,
+    0x35, 0xeb, 0xdc, 0x3f, 0x16, 0x5f, 0xe0, 0xac, 0xb7, 0xe1, 0x9c, 0x59,
+    0x7f, 0xfc, 0xdf, 0x6d, 0x38, 0x27, 0xcd, 0xd4, 0x81, 0x65, 0xd0, 0x82,
+    0xcb, 0xff, 0xb0, 0xa7, 0x0d, 0x98, 0x7f, 0x23, 0x59, 0x7f, 0xe7, 0xf6,
+    0xd9, 0xcf, 0xf9, 0x8e, 0xb2, 0xff, 0xff, 0x37, 0xe7, 0xc5, 0x9f, 0xd4,
+    0xf8, 0xb3, 0x78, 0xba, 0x59, 0x7f, 0xfd, 0x39, 0xff, 0x3c, 0x34, 0x21,
+    0xc9, 0x4a, 0xca, 0x82, 0x72, 0xbb, 0x89, 0xde, 0x17, 0x12, 0x1e, 0xf3,
+    0xfd, 0xd6, 0x1b, 0xff, 0xcd, 0xe7, 0x68, 0xfe, 0xc4, 0xc0, 0xe2, 0xcb,
+    0xfe, 0x29, 0x86, 0x73, 0x1a, 0x56, 0x5a, 0x35, 0x95, 0x27, 0x8e, 0x46,
+    0xb7, 0xff, 0xfd, 0x20, 0x3b, 0xc3, 0x6f, 0xfd, 0x87, 0xce, 0xa7, 0xd2,
+    0x75, 0x97, 0xff, 0xcc, 0x5f, 0x17, 0x9b, 0x9b, 0x2f, 0xfc, 0x1a, 0xca,
+    0xf2, 0x2e, 0x7e, 0xd1, 0x7f, 0x34, 0x7b, 0x5c, 0x80, 0xb2, 0xff, 0xff,
+    0xbc, 0xed, 0xcc, 0x35, 0xc8, 0x1b, 0x73, 0x72, 0x49, 0xcd, 0x59, 0x79,
+    0xdf, 0xa5, 0x45, 0xb4, 0xa9, 0x44, 0x97, 0x4d, 0x37, 0xfc, 0x4c, 0x6e,
+    0xb2, 0x39, 0xfa, 0xcb, 0xff, 0xfa, 0x5f, 0xf3, 0xe9, 0xe3, 0x34, 0x1b,
+    0x58, 0x35, 0x97, 0xf7, 0xa4, 0xf2, 0xc3, 0x59, 0x4c, 0x9e, 0x1c, 0x44,
+    0x7a, 0x86, 0x09, 0xc8, 0xf8, 0x73, 0xf5, 0x7b, 0xf9, 0xe0, 0x3f, 0x31,
+    0xd6, 0x5f, 0xec, 0x88, 0xa4, 0xfb, 0x7a, 0x59, 0x77, 0x98, 0x67, 0xc7,
+    0xf2, 0xdb, 0xff, 0xde, 0xc8, 0x39, 0x7d, 0xe0, 0xc6, 0xca, 0xcb, 0xfe,
+    0xcc, 0xeb, 0x64, 0x5e, 0x6d, 0x2c, 0xbf, 0xfb, 0xd9, 0x1f, 0x1b, 0x53,
+    0xba, 0xe4, 0xb2, 0xec, 0x65, 0x95, 0xd1, 0xed, 0xef, 0x46, 0xbd, 0xf0,
+    0x32, 0xcb, 0xfa, 0x76, 0x3e, 0x47, 0x86, 0x2c, 0xa9, 0x3f, 0x5c, 0x25,
+    0xd0, 0xe5, 0xb6, 0x25, 0x97, 0xf1, 0xad, 0xf2, 0x7e, 0xd6, 0x5f, 0xfb,
+    0xf2, 0x72, 0x73, 0x4b, 0x00, 0xb2, 0xa4, 0xfa, 0xf0, 0xba, 0xc0, 0x59,
+    0x51, 0x22, 0xc8, 0xa1, 0x03, 0xf2, 0x0b, 0xff, 0x31, 0x0e, 0x64, 0xfb,
+    0xaf, 0x05, 0x97, 0xfd, 0x20, 0xf4, 0xc6, 0x59, 0xc5, 0x95, 0x27, 0xee,
+    0x23, 0xfb, 0xff, 0xcd, 0xa9, 0xcf, 0x09, 0xb9, 0xec, 0x02, 0xcb, 0xff,
+    0xe1, 0x8b, 0xfc, 0x1e, 0x43, 0xd3, 0xbc, 0x72, 0xb2, 0xe1, 0x62, 0xca,
+    0x1a, 0x2c, 0x19, 0x20, 0x94, 0xad, 0xb1, 0x2c, 0xbf, 0xe9, 0x84, 0xea,
+    0x39, 0xd4, 0x6b, 0x2f, 0xff, 0x4c, 0x3d, 0x24, 0x69, 0x64, 0x61, 0xc1,
+    0x65, 0xff, 0xfe, 0x96, 0x27, 0xf8, 0xbf, 0x83, 0x93, 0x8f, 0xd3, 0xda,
+    0xcb, 0xfc, 0xc7, 0x1c, 0xf0, 0x3e, 0x2c, 0xbd, 0xfc, 0xe9, 0x65, 0xff,
+    0xf1, 0x36, 0xf6, 0xff, 0xa7, 0xfc, 0x9d, 0xf2, 0xb2, 0x99, 0x34, 0xcd,
+    0x25, 0xf9, 0x7f, 0xe6, 0x82, 0x1d, 0xbf, 0xc3, 0xc2, 0x83, 0x78, 0x4b,
+    0x2c, 0x35, 0x97, 0xf0, 0xba, 0xf4, 0xeb, 0x16, 0x5e, 0xef, 0x9e, 0x59,
+    0x58, 0x79, 0x8e, 0x5d, 0x4c, 0x8a, 0xf7, 0x32, 0xe2, 0xed, 0xff, 0xdf,
+    0x76, 0xc9, 0xd3, 0xc1, 0xbc, 0xb2, 0xfc, 0xe3, 0xc2, 0x02, 0xca, 0x81,
+    0xf3, 0xb2, 0x0d, 0xff, 0x4e, 0xb6, 0xf2, 0x7c, 0xec, 0xb2, 0xfe, 0x67,
+    0x87, 0xda, 0x35, 0x97, 0xd1, 0xcf, 0x99, 0x65, 0x78, 0xf3, 0xdc, 0xb6,
+    0xfa, 0x70, 0x99, 0x65, 0xf7, 0xe7, 0x06, 0xb2, 0x86, 0x78, 0x1d, 0x8f,
+    0xde, 0xfe, 0x46, 0xb2, 0xb6, 0x26, 0x75, 0x90, 0x54, 0x76, 0x63, 0xcb,
+    0x83, 0x00, 0xe1, 0x1f, 0x92, 0xa7, 0x3a, 0x86, 0x03, 0x16, 0xc4, 0x91,
+    0xa8, 0xc3, 0x0f, 0x0d, 0xff, 0x42, 0xb1, 0xe1, 0xa2, 0x02, 0xe2, 0x16,
+    0xe4, 0x70, 0xdf, 0x87, 0xc8, 0xa1, 0x2a, 0x61, 0x0e, 0xcc, 0x22, 0x03,
+    0x61, 0xdd, 0x23, 0xbd, 0x98, 0x6a, 0xcb, 0xfa, 0x61, 0xc7, 0xce, 0x96,
+    0x5d, 0x21, 0x34, 0x79, 0x3e, 0x1c, 0xbf, 0xe9, 0xd3, 0xfc, 0x01, 0x94,
+    0x16, 0x5f, 0xc2, 0x72, 0x2c, 0x02, 0xcb, 0xff, 0xfb, 0x53, 0xf6, 0xe9,
+    0x87, 0x2d, 0xa6, 0x83, 0x71, 0x65, 0xfc, 0x6b, 0xe8, 0x62, 0x25, 0x97,
+    0xe6, 0x3b, 0xfe, 0x56, 0x5f, 0xef, 0xb7, 0x4c, 0x3e, 0xc9, 0x65, 0xfd,
+    0x27, 0xc1, 0x61, 0xd6, 0x54, 0x9f, 0x03, 0x1a, 0x5f, 0xff, 0xff, 0xf8,
+    0x65, 0x3d, 0x77, 0xd3, 0x76, 0x77, 0x23, 0x70, 0x9f, 0xb3, 0x3a, 0xf3,
+    0x44, 0x4c, 0x7e, 0x2c, 0xbe, 0xf8, 0x79, 0xba, 0xb2, 0xff, 0xcd, 0xf9,
+    0xfb, 0x6f, 0x92, 0xe9, 0x65, 0xdd, 0xc1, 0x65, 0x62, 0x63, 0x8d, 0x09,
+    0xf7, 0x26, 0x11, 0xfd, 0xf6, 0xbb, 0x14, 0x6b, 0x2f, 0xdb, 0x2d, 0xac,
+    0x35, 0x65, 0x61, 0xe8, 0x11, 0x2d, 0xdf, 0xf2, 0xcb, 0xfe, 0xcf, 0xf0,
+    0x3e, 0x7f, 0x3c, 0xb2, 0xa3, 0x3d, 0x13, 0x8b, 0xde, 0x3c, 0xf4, 0xb2,
+    0xf8, 0xa4, 0xfc, 0x59, 0x66, 0x8c, 0xdf, 0x7c, 0x76, 0xfc, 0xfd, 0xc0,
+    0x3e, 0x2c, 0xbf, 0xf3, 0x45, 0xcd, 0xee, 0x51, 0x88, 0x6b, 0x2c, 0x12,
+    0x35, 0xca, 0x21, 0x9c, 0xe1, 0x59, 0xab, 0x31, 0x17, 0x6a, 0x10, 0xde,
+    0x8c, 0xf0, 0xa1, 0x21, 0xc7, 0x1f, 0xb0, 0xef, 0x27, 0x0c, 0xaa, 0x82,
+    0x2f, 0xac, 0x64, 0x78, 0x60, 0x9c, 0xd1, 0xb8, 0xfe, 0x59, 0x7e, 0xd7,
+    0x4e, 0xfd, 0x2a, 0x2e, 0x55, 0xfc, 0xe3, 0xf4, 0x94, 0x6b, 0x2e, 0x37,
+    0xcb, 0x2f, 0x4b, 0x9d, 0x65, 0x82, 0x0d, 0x15, 0xb8, 0x2f, 0xe3, 0x67,
+    0x2d, 0x21, 0x8b, 0x98, 0xd5, 0x97, 0xed, 0x74, 0xef, 0xd2, 0xa2, 0xed,
+    0x5e, 0x8f, 0x0c, 0x59, 0x78, 0x1b, 0xdd, 0x65, 0xff, 0x34, 0x20, 0xc4,
+    0x09, 0x82, 0xcb, 0x8f, 0xb2, 0xb2, 0xff, 0xbf, 0x24, 0xc0, 0xd9, 0x78,
+    0xd6, 0x5e, 0xd3, 0x81, 0x65, 0x61, 0xeb, 0xb1, 0xdd, 0xe7, 0x8e, 0x56,
+    0x58, 0x20, 0xd3, 0x6d, 0xc1, 0x73, 0x9b, 0x78, 0x79, 0xc7, 0x88, 0xdf,
+    0x8e, 0x22, 0x20, 0xa9, 0x85, 0x33, 0x64, 0x65, 0x50, 0xad, 0xa4, 0x47,
+    0x2b, 0x67, 0x11, 0x4d, 0xaf, 0xf2, 0x5a, 0xf0, 0x8c, 0xf7, 0x21, 0x8d,
+    0xea, 0x7a, 0xe9, 0x56, 0xea, 0x5c, 0x87, 0x7f, 0xe3, 0xbc, 0xbf, 0xc1,
+    0x33, 0x5d, 0x3b, 0xf4, 0xa8, 0xa9, 0xd7, 0xfb, 0x5f, 0x6f, 0xc6, 0x2e,
+    0x2c, 0xbb, 0x9c, 0x59, 0x71, 0x04, 0xc3, 0xcc, 0xd1, 0xad, 0xff, 0xcd,
+    0xbe, 0x7c, 0xd3, 0x14, 0x53, 0xd2, 0xcb, 0xa3, 0xc5, 0x97, 0xdc, 0x2f,
+    0x7d, 0x65, 0xfe, 0xf4, 0xf2, 0x4e, 0x28, 0x96, 0x5f, 0x0a, 0x13, 0x1a,
+    0xcb, 0xfe, 0xee, 0x1c, 0xdb, 0x9b, 0xdf, 0x4b, 0x2a, 0x08, 0xb7, 0x19,
+    0x16, 0x8d, 0x3c, 0x47, 0x7f, 0x0b, 0xb3, 0xbb, 0x92, 0xcb, 0x7d, 0x65,
+    0xf7, 0x7c, 0x91, 0xac, 0xb0, 0x96, 0x5e, 0x97, 0x8f, 0x69, 0xb4, 0x01,
+    0x1d, 0x31, 0xfc, 0x92, 0x2d, 0xf7, 0x4e, 0xfd, 0x2a, 0x2b, 0x95, 0xc7,
+    0x95, 0x97, 0xed, 0x74, 0xef, 0xd2, 0xa2, 0xce, 0x58, 0x24, 0x9e, 0x66,
+    0x0b, 0x5c, 0xf0, 0x59, 0x7f, 0x43, 0xfd, 0xf4, 0xdc, 0x59, 0x4e, 0x78,
+    0xc2, 0x16, 0xbf, 0x9b, 0x98, 0x4e, 0x62, 0xcb, 0xc2, 0x84, 0xac, 0xad,
+    0x26, 0xa7, 0xe7, 0xc2, 0x6e, 0xf9, 0x0e, 0xf2, 0xcb, 0xff, 0xd0, 0xf0,
+    0xb5, 0x83, 0x9d, 0xdf, 0x37, 0x4b, 0x2f, 0xff, 0x7e, 0x79, 0xb4, 0x5c,
+    0xfc, 0xc5, 0x13, 0x2c, 0xbf, 0xff, 0x3f, 0xb0, 0xf2, 0x7d, 0xb9, 0x86,
+    0x9a, 0xf0, 0x59, 0x7f, 0x31, 0xe3, 0x16, 0xa0, 0xb2, 0xfc, 0x7c, 0x89,
+    0xc0, 0xb2, 0xfa, 0x3f, 0x3f, 0xd6, 0x53, 0x9e, 0x58, 0x8a, 0x2f, 0x8f,
+    0xb0, 0x05, 0x7e, 0xb2, 0xfd, 0x31, 0x45, 0x3d, 0x2c, 0xba, 0x7d, 0xb4,
+    0xf5, 0x98, 0xb2, 0xb1, 0x3c, 0x48, 0x93, 0xbc, 0xae, 0x4f, 0x5b, 0xdd,
+    0xef, 0xf8, 0xa4, 0xfc, 0x14, 0x1c, 0xd5, 0x97, 0xed, 0x67, 0xd8, 0xeb,
+    0x2e, 0x3e, 0xf5, 0x97, 0x8a, 0x46, 0xb2, 0xb0, 0xda, 0x38, 0xcd, 0xde,
+    0xc5, 0x97, 0xec, 0x8a, 0x21, 0x46, 0xb2, 0xc6, 0xe1, 0xe0, 0xf8, 0x5a,
+    0xfd, 0x14, 0x9e, 0x43, 0x59, 0x7f, 0xff, 0xda, 0x6e, 0x03, 0x36, 0xb6,
+    0xf9, 0xf3, 0x4c, 0x51, 0x4f, 0x4b, 0x2e, 0x81, 0xd6, 0x54, 0xa3, 0x4f,
+    0x0a, 0x1c, 0xa4, 0x9a, 0xef, 0xc7, 0x93, 0xe1, 0x2c, 0xbf, 0xc1, 0xb4,
+    0x53, 0xc6, 0x3a, 0xcb, 0xff, 0xde, 0x6d, 0xbe, 0x76, 0xfc, 0xe0, 0xd9,
+    0x65, 0xff, 0x9b, 0x5b, 0x64, 0xed, 0xb8, 0xf1, 0x2c, 0xbe, 0xe9, 0xdf,
+    0xa5, 0x44, 0x84, 0xbf, 0xd3, 0x0d, 0x60, 0xdc, 0xeb, 0x28, 0xd4, 0x52,
+    0xe9, 0x0f, 0x86, 0x17, 0xfd, 0x9f, 0xe0, 0xa1, 0x31, 0xca, 0xcb, 0xff,
+    0xf3, 0x6b, 0xaf, 0x66, 0xdd, 0x6b, 0x0c, 0xd9, 0x93, 0xac, 0xa8, 0x22,
+    0x57, 0x87, 0x37, 0xdf, 0xd3, 0x76, 0xb2, 0xfe, 0x77, 0xee, 0x1c, 0x65,
+    0x97, 0xf8, 0x13, 0xb9, 0x3f, 0x91, 0xac, 0xbf, 0xe3, 0xe3, 0xea, 0x3d,
+    0xbd, 0x9d, 0x65, 0x49, 0xf9, 0x61, 0xad, 0xfe, 0xef, 0x9f, 0x29, 0x3f,
+    0x16, 0x5f, 0xfe, 0x72, 0xeb, 0x68, 0xc9, 0xe1, 0xe7, 0x82, 0xca, 0x63,
+    0xff, 0x11, 0xa5, 0xfd, 0x84, 0xc0, 0xe4, 0xac, 0xb0, 0x49, 0x57, 0x71,
+    0x03, 0x4c, 0x87, 0x77, 0x70, 0xc6, 0x62, 0x3d, 0x11, 0xfa, 0x13, 0xe0,
+    0x84, 0xff, 0x08, 0x6e, 0x6f, 0x2c, 0xbf, 0xf3, 0x87, 0x11, 0x37, 0xca,
+    0x40, 0xb2, 0xa3, 0x5c, 0xcc, 0x84, 0xbd, 0xee, 0xe1, 0x35, 0xf1, 0x6b,
+    0xff, 0x31, 0xf3, 0x9b, 0x7b, 0x86, 0x7d, 0x65, 0xf7, 0x06, 0x39, 0x59,
+    0x5e, 0x3e, 0x3f, 0xa0, 0xdf, 0x43, 0xc1, 0xf1, 0x65, 0xc1, 0x66, 0xc0,
+    0xb2, 0xff, 0xfd, 0xe6, 0x8b, 0xcd, 0xdf, 0xfd, 0xd3, 0x73, 0x06, 0xb2,
+    0xfa, 0x58, 0x5c, 0x59, 0x60, 0x9b, 0x09, 0x13, 0x5d, 0x10, 0xf9, 0x62,
+    0xa5, 0x31, 0xfc, 0x22, 0x78, 0x5f, 0x5f, 0x6c, 0x1e, 0x93, 0xac, 0xbf,
+    0x73, 0x99, 0xa8, 0xd6, 0x5e, 0xe4, 0x9a, 0xb2, 0xbc, 0x78, 0xdc, 0x29,
+    0xba, 0x4c, 0x59, 0x7f, 0xc0, 0xc1, 0x93, 0x82, 0x77, 0xac, 0xbf, 0xec,
+    0x8f, 0x8d, 0x87, 0x9e, 0x96, 0x56, 0x22, 0xad, 0x88, 0x9c, 0x5f, 0x87,
+    0x37, 0x8f, 0xbe, 0x0b, 0x2f, 0xd3, 0xad, 0xa0, 0xfa, 0xcb, 0x06, 0xb2,
+    0xff, 0xe9, 0x01, 0xde, 0x1c, 0xfe, 0x61, 0xd6, 0x50, 0xcf, 0x57, 0xc2,
+    0x57, 0xa2, 0x3c, 0x4b, 0x2c, 0x13, 0x63, 0x6c, 0x45, 0x42, 0xda, 0x3c,
+    0xc3, 0x3a, 0x33, 0xd1, 0xc2, 0x9b, 0x23, 0x73, 0xed, 0x31, 0xa5, 0x09,
+    0x44, 0x99, 0xa3, 0x93, 0xad, 0xfa, 0x33, 0x37, 0x9d, 0x05, 0x28, 0xf4,
+    0x38, 0x67, 0xf8, 0xc6, 0x04, 0x74, 0x60, 0xf8, 0x6f, 0xfb, 0xa4, 0x57,
+    0xf8, 0x4f, 0xa8, 0x78, 0xc7, 0x59, 0x7f, 0xff, 0xff, 0x4f, 0xc9, 0xc0,
+    0x4f, 0xbd, 0xb7, 0x90, 0xb8, 0x19, 0x48, 0xfc, 0xf0, 0xce, 0x2c, 0xbf,
+    0xf0, 0x65, 0x23, 0xf3, 0xc3, 0x38, 0xb2, 0xff, 0x8a, 0x47, 0xe7, 0x86,
+    0x71, 0x65, 0xfe, 0x7d, 0xed, 0xbc, 0x85, 0xcd, 0xa7, 0xea, 0x19, 0xf5,
+    0xec, 0xec, 0x20, 0xd3, 0x82, 0xd1, 0xa1, 0x43, 0xfa, 0xff, 0xe0, 0x9e,
+    0x7e, 0x16, 0x7f, 0xf2, 0x05, 0x97, 0xff, 0x82, 0x1d, 0xe0, 0x13, 0x35,
+    0xd3, 0xbf, 0x4a, 0x89, 0xf1, 0x7f, 0xfa, 0x01, 0x33, 0x7b, 0x1b, 0xce,
+    0x49, 0xc4, 0xb2, 0xff, 0xb0, 0xcc, 0xde, 0xdf, 0x84, 0xac, 0xbe, 0x16,
+    0xa7, 0x8b, 0x2f, 0xfd, 0xdf, 0xe2, 0x83, 0xea, 0x3f, 0x09, 0x65, 0xed,
+    0xe3, 0x95, 0x97, 0xb6, 0x76, 0x33, 0x16, 0x56, 0x1e, 0x26, 0xe8, 0xf5,
+    0xf8, 0xd7, 0xfe, 0x18, 0xb2, 0xff, 0x4c, 0x61, 0xec, 0xb9, 0x01, 0x65,
+    0x82, 0x46, 0x9b, 0x38, 0xce, 0xb0, 0x88, 0xa1, 0x0e, 0x22, 0x40, 0xca,
+    0x69, 0xd5, 0x0d, 0xfe, 0x3b, 0x6a, 0xe9, 0xb7, 0xdc, 0x68, 0x47, 0xee,
+    0x56, 0x28, 0x7a, 0x95, 0xb6, 0x74, 0x9f, 0x22, 0xbc, 0xa7, 0x7b, 0xfc,
+    0x4f, 0xfe, 0x17, 0x3e, 0xb2, 0xff, 0xfe, 0x11, 0x39, 0xbb, 0x7e, 0x6c,
+    0x94, 0x33, 0xcc, 0x75, 0x97, 0x37, 0x6b, 0x2f, 0xff, 0xa1, 0x1e, 0xc3,
+    0x9d, 0x82, 0x3e, 0xb5, 0xb7, 0x6f, 0xb6, 0x56, 0x54, 0x0f, 0xf8, 0x02,
+    0xf7, 0x07, 0xc5, 0x97, 0xff, 0x47, 0xe9, 0x6f, 0xf1, 0x8b, 0xb8, 0x2c,
+    0xaf, 0x1e, 0xe9, 0x0c, 0x5f, 0xfd, 0x9f, 0x6c, 0x2f, 0x67, 0xe4, 0x6b,
+    0x2f, 0xfd, 0xf3, 0x64, 0xa1, 0x9e, 0x63, 0xac, 0xbf, 0xe3, 0x64, 0xa1,
+    0x9e, 0x63, 0xac, 0xbe, 0x11, 0x39, 0xbb, 0x4f, 0xdb, 0xe7, 0xd7, 0xed,
+    0x01, 0xbd, 0x2b, 0x28, 0xe7, 0xc4, 0x23, 0xbb, 0xf6, 0x6b, 0x32, 0x25,
+    0x96, 0x09, 0x8a, 0xc3, 0xce, 0x65, 0xe8, 0x6d, 0xbb, 0xf9, 0x10, 0xf2,
+    0x31, 0x90, 0xc8, 0xaf, 0xda, 0xe9, 0xdf, 0xa5, 0x45, 0x64, 0xbf, 0xf3,
+    0xc0, 0x26, 0x6b, 0xa7, 0x7e, 0x95, 0x13, 0x72, 0xc1, 0x31, 0x10, 0x87,
+    0x36, 0xae, 0x93, 0x25, 0x68, 0x7d, 0xdf, 0xf1, 0x38, 0x4e, 0x48, 0x26,
+    0x56, 0x5f, 0xff, 0x41, 0xbc, 0xe5, 0xf8, 0x66, 0xb3, 0x62, 0x0a, 0x2c,
+    0xbe, 0xe9, 0xdf, 0xa5, 0x44, 0xac, 0xbf, 0xfe, 0xd4, 0x65, 0x3a, 0x71,
+    0x93, 0xea, 0x77, 0xac, 0xad, 0x22, 0x00, 0x46, 0x17, 0xfc, 0xed, 0x06,
+    0x21, 0x49, 0xd6, 0x5f, 0x48, 0xdf, 0xcb, 0x2f, 0x69, 0xbb, 0x59, 0x4b,
+    0x2f, 0xf3, 0x41, 0x88, 0x52, 0x75, 0x97, 0xe2, 0x76, 0xef, 0xa3, 0x9b,
+    0xc7, 0x0b, 0xa2, 0x45, 0xbf, 0xc8, 0x77, 0x56, 0x6f, 0xe6, 0x29, 0x84,
+    0xee, 0xac, 0xbc, 0xd3, 0xf5, 0x95, 0x27, 0x93, 0xa2, 0xeb, 0xe1, 0x0f,
+    0x0d, 0x59, 0x79, 0xe0, 0x12, 0x55, 0x53, 0x64, 0x35, 0xfa, 0x23, 0x68,
+    0x76, 0xf1, 0xef, 0x64, 0x86, 0xba, 0x56, 0xaa, 0x79, 0x5b, 0xd7, 0xe0,
+    0x8f, 0x17, 0x31, 0x65, 0xf8, 0x26, 0x42, 0x40, 0xb2, 0x82, 0x22, 0x02,
+    0x32, 0xd8, 0x15, 0x5f, 0xfb, 0xf8, 0x13, 0x34, 0xd1, 0xb9, 0xd6, 0x5f,
+    0xc1, 0x57, 0x3e, 0xa7, 0x8b, 0x2f, 0xff, 0x6c, 0x41, 0x40, 0xaf, 0x31,
+    0xe0, 0xd9, 0xac, 0x59, 0x7f, 0xe6, 0xe0, 0x8e, 0x4d, 0xbc, 0x4e, 0xb2,
+    0xff, 0xfb, 0xd3, 0x06, 0x06, 0xb3, 0xce, 0x4f, 0x05, 0x97, 0xf4, 0x93,
+    0xf4, 0xfb, 0x8b, 0x2f, 0x85, 0xba, 0x39, 0x59, 0x7f, 0xd3, 0xd4, 0xe9,
+    0xbf, 0x3d, 0x2c, 0xa8, 0x26, 0x33, 0xd9, 0xf9, 0xd3, 0x7c, 0x5f, 0xf2,
+    0x5b, 0x69, 0x65, 0xff, 0x81, 0xfc, 0xf4, 0x97, 0xf6, 0x71, 0x65, 0x0c,
+    0xf4, 0x44, 0x23, 0x7d, 0xd3, 0xbf, 0x4a, 0x89, 0x71, 0x7f, 0xfd, 0xec,
+    0x1c, 0xfa, 0x60, 0x53, 0xa7, 0x1a, 0xca, 0xd1, 0xfe, 0xf0, 0xc2, 0xf1,
+    0x39, 0xd6, 0x5a, 0x35, 0x97, 0xa1, 0x9f, 0x73, 0x5b, 0xba, 0x37, 0x7d,
+    0xfd, 0x37, 0x6b, 0x2f, 0x1b, 0x06, 0x59, 0x7f, 0x9e, 0x1f, 0x29, 0x3f,
+    0x16, 0x5f, 0xfc, 0xdc, 0x11, 0xbc, 0xc3, 0xb7, 0xa5, 0x65, 0x31, 0xfb,
+    0x39, 0x95, 0xfa, 0x1b, 0x2d, 0xe7, 0x59, 0x76, 0xcc, 0xac, 0xbf, 0xf8,
+    0xa0, 0xe3, 0x79, 0x84, 0x93, 0xac, 0xa9, 0x3d, 0x9c, 0x19, 0xbf, 0x14,
+    0xf4, 0xfa, 0x59, 0x7f, 0xff, 0x60, 0xba, 0xf4, 0x94, 0xc1, 0xc7, 0x3d,
+    0xe9, 0x96, 0x5f, 0xfb, 0x8c, 0x42, 0xfe, 0xcb, 0x6f, 0x3a, 0xcb, 0xff,
+    0xff, 0xe2, 0xcf, 0xf3, 0x06, 0xe3, 0x92, 0x7e, 0xfd, 0x9c, 0x9e, 0x71,
+    0xfc, 0xb2, 0xf3, 0x14, 0xac, 0xa8, 0x27, 0xf6, 0x38, 0x41, 0xb1, 0x06,
+    0xe1, 0x39, 0xd6, 0x89, 0x0f, 0x7b, 0xd5, 0xfe, 0xcf, 0xf9, 0xb4, 0xfc,
+    0x59, 0x7f, 0xfd, 0xf6, 0x29, 0x86, 0x0f, 0x21, 0x84, 0x05, 0x97, 0xe6,
+    0x00, 0x1b, 0xb5, 0x97, 0xfd, 0x3e, 0x76, 0x83, 0x1b, 0x2b, 0x2f, 0xfe,
+    0x21, 0x43, 0xcf, 0x0c, 0xee, 0x12, 0xb2, 0xff, 0xe1, 0x40, 0x9a, 0x13,
+    0xf2, 0x14, 0x16, 0x5f, 0xa7, 0x80, 0x3f, 0xd6, 0x53, 0x1f, 0x5f, 0x90,
+    0xe8, 0x69, 0x83, 0xf0, 0xdf, 0xf0, 0xaf, 0xb7, 0x4b, 0x2a, 0x53, 0xc3,
+    0xc4, 0xc7, 0x8c, 0xbc, 0x06, 0xd7, 0xf4, 0x3d, 0x85, 0x9d, 0x2c, 0xbd,
+    0x0f, 0x7d, 0x65, 0x31, 0xe5, 0x78, 0xb6, 0xfb, 0xbf, 0x4f, 0x4b, 0x2d,
+    0xe9, 0x3c, 0x57, 0x21, 0xbf, 0xf8, 0x98, 0x1c, 0xd4, 0xb4, 0x1f, 0x8b,
+    0x2f, 0xe7, 0xec, 0x0e, 0xfa, 0x59, 0x58, 0x89, 0x56, 0x26, 0xe2, 0x15,
+    0xfd, 0xa6, 0x39, 0x3c, 0x16, 0x5f, 0xfb, 0xb8, 0x67, 0xf3, 0x5d, 0x4e,
+    0x2c, 0xbc, 0xf0, 0x09, 0xb0, 0x32, 0xa3, 0xc2, 0xc3, 0x19, 0x8d, 0xba,
+    0x10, 0x9d, 0xc8, 0x4f, 0xf6, 0x9e, 0xc6, 0x9a, 0x23, 0xf4, 0x24, 0xde,
+    0x50, 0xd9, 0x36, 0xf2, 0x3f, 0x5f, 0xc6, 0xca, 0x22, 0xed, 0xd2, 0xcb,
+    0xff, 0x08, 0xe1, 0x39, 0x25, 0xfc, 0xd2, 0xcb, 0xff, 0xf6, 0x78, 0x27,
+    0x27, 0xf3, 0xbe, 0x4b, 0xa7, 0xe2, 0xcb, 0xfe, 0x1e, 0x04, 0x9d, 0x37,
+    0x84, 0xb2, 0xff, 0xe1, 0xc8, 0x4d, 0xdc, 0xee, 0x1e, 0x9e, 0x2c, 0xb0,
+    0x46, 0x66, 0x7f, 0x9e, 0x95, 0x9f, 0xc8, 0xc5, 0x3e, 0x80, 0x25, 0x8d,
+    0xe7, 0x57, 0xff, 0x04, 0x78, 0x04, 0xcd, 0x74, 0xef, 0xd2, 0xa2, 0x3b,
+    0x5f, 0xff, 0x0a, 0x7b, 0x83, 0x1c, 0xcc, 0x21, 0xfa, 0x56, 0x5f, 0xff,
+    0xfc, 0x79, 0xeb, 0xaf, 0x34, 0x5e, 0x62, 0x1b, 0xea, 0x4d, 0x34, 0x51,
+    0xac, 0xb8, 0x41, 0xac, 0xbe, 0x27, 0x7e, 0xd6, 0x5f, 0x77, 0xf6, 0x31,
+    0x65, 0x49, 0xe2, 0x9c, 0x86, 0xe8, 0xc2, 0x0d, 0x34, 0x5c, 0x50, 0x3b,
+    0xb8, 0x6b, 0xb7, 0xff, 0xf9, 0xc0, 0x10, 0x39, 0x8f, 0x3f, 0x24, 0xc0,
+    0xce, 0xfe, 0xb2, 0xfd, 0xc6, 0xdf, 0xed, 0xeb, 0x2e, 0x2e, 0x2c, 0xbe,
+    0xf6, 0x40, 0x24, 0x9e, 0x13, 0x96, 0x56, 0x26, 0x57, 0x12, 0x6f, 0xe1,
+    0x4b, 0x78, 0x2b, 0xb4, 0x6b, 0x2f, 0xf8, 0x2b, 0xb3, 0x86, 0xb7, 0xca,
+    0x56, 0x5f, 0xdb, 0x19, 0x4f, 0x58, 0x4b, 0x2e, 0x17, 0x96, 0x5f, 0xc1,
+    0x52, 0xcf, 0x3f, 0xd6, 0x58, 0xc5, 0x97, 0xd8, 0x7d, 0x4a, 0xcb, 0xf6,
+    0x13, 0x00, 0x35, 0x94, 0x47, 0x91, 0xc2, 0x1b, 0xd9, 0xa9, 0x59, 0x7f,
+    0xbd, 0x31, 0xea, 0x70, 0x6b, 0x2f, 0x6e, 0x8e, 0x56, 0x54, 0x9e, 0x90,
+    0x8c, 0xef, 0xff, 0xd0, 0x61, 0xf9, 0xb7, 0xed, 0xc1, 0xe9, 0x85, 0xd2,
+    0xcb, 0xe9, 0xd4, 0xe9, 0x65, 0x6c, 0x69, 0xc2, 0x32, 0xd6, 0x88, 0x7c,
+    0xdb, 0xf2, 0x10, 0xd6, 0xaf, 0x45, 0x31, 0xac, 0xbe, 0x92, 0xff, 0x16,
+    0x5d, 0x86, 0x49, 0xbf, 0xe0, 0xf5, 0xff, 0xb9, 0xfc, 0xf4, 0x97, 0xfc,
+    0xcb, 0x2f, 0xfa, 0x73, 0xec, 0xf1, 0xce, 0x96, 0x5c, 0x19, 0xd6, 0x56,
+    0x22, 0x30, 0x07, 0xbf, 0x37, 0xbb, 0x62, 0xe2, 0xcb, 0xf8, 0x05, 0x9d,
+    0xff, 0x16, 0x5d, 0x1e, 0xe2, 0xcb, 0xff, 0xb7, 0xc8, 0xff, 0x92, 0xdf,
+    0x98, 0x96, 0x5f, 0x1b, 0xec, 0x02, 0xcb, 0xf9, 0xcc, 0xcf, 0xcf, 0x4b,
+    0x29, 0xcf, 0x44, 0x88, 0xef, 0xff, 0xfe, 0x73, 0x67, 0x40, 0x14, 0xe6,
+    0x7b, 0xa6, 0x92, 0x9c, 0xf0, 0x96, 0x5f, 0xc4, 0x07, 0xd3, 0x86, 0xb2,
+    0xff, 0xfa, 0x7f, 0x3f, 0xdb, 0xff, 0x61, 0x3e, 0x8d, 0x59, 0x5b, 0x02,
+    0xa0, 0x79, 0x1c, 0x8c, 0xb5, 0x86, 0xf5, 0x09, 0x6f, 0x10, 0x3b, 0x79,
+    0x16, 0xdf, 0xff, 0x7b, 0x69, 0x63, 0x69, 0xa3, 0x73, 0x9d, 0x96, 0x5f,
+    0xff, 0xfd, 0xe7, 0x19, 0x3e, 0xde, 0x7a, 0x79, 0xb4, 0x4f, 0xb6, 0x19,
+    0xbe, 0x56, 0x5f, 0xd8, 0xc6, 0xeb, 0x38, 0xb2, 0xec, 0x82, 0xcb, 0x1b,
+    0xb4, 0xf0, 0xc8, 0xb6, 0xbc, 0x8e, 0x52, 0x85, 0xdd, 0xff, 0xe2, 0xc3,
+    0x7c, 0xf0, 0xf1, 0x8e, 0x19, 0xd6, 0x54, 0x9f, 0x9e, 0x13, 0xd3, 0x27,
+    0x91, 0xe8, 0xea, 0x2f, 0xda, 0xd4, 0xef, 0xe2, 0xcb, 0xff, 0x36, 0xb6,
+    0xf0, 0xb0, 0xf3, 0xd2, 0xcb, 0xfc, 0x2f, 0xb3, 0xef, 0x78, 0x2c, 0xbf,
+    0xc5, 0x20, 0xdb, 0xe7, 0x3a, 0xcb, 0xf9, 0xf7, 0x8f, 0x08, 0xd5, 0x96,
+    0x92, 0x44, 0xbf, 0xcd, 0x03, 0x34, 0xbf, 0xff, 0xf8, 0x12, 0x5d, 0x3f,
+    0xdf, 0xb0, 0x6d, 0xc2, 0x69, 0x17, 0xbd, 0x2b, 0x2f, 0xfc, 0x42, 0x86,
+    0xdc, 0x62, 0x93, 0xac, 0xbf, 0xb9, 0x06, 0xe9, 0xf4, 0xb2, 0xf3, 0xbf,
+    0x4a, 0x8a, 0x85, 0x7f, 0xf9, 0xb7, 0xe3, 0x16, 0x6a, 0x7a, 0x9d, 0x2c,
+    0xb1, 0xd6, 0x5e, 0xc1, 0x7c, 0x8f, 0x68, 0x49, 0x37, 0xf9, 0xc1, 0x31,
+    0x78, 0x40, 0x59, 0x52, 0x98, 0xbf, 0x45, 0xda, 0x84, 0x18, 0x8c, 0xaf,
+    0xe9, 0x8a, 0x02, 0xee, 0x0b, 0x2f, 0xf8, 0x1c, 0xdb, 0xc0, 0x3e, 0x44,
+    0xb2, 0xfe, 0xdd, 0x72, 0x18, 0x7d, 0xac, 0xa6, 0x3e, 0xe7, 0x3c, 0xbf,
+    0x85, 0xd3, 0x1a, 0xfd, 0x2c, 0xbe, 0xd7, 0x42, 0x02, 0xcb, 0xfb, 0x09,
+    0xf5, 0xa6, 0x59, 0x4c, 0x79, 0xfe, 0x24, 0xbf, 0x49, 0x09, 0xe3, 0x59,
+    0x58, 0x79, 0x1c, 0x21, 0xbf, 0x4c, 0x65, 0x31, 0xac, 0xbf, 0x67, 0x4e,
+    0x46, 0xac, 0xa8, 0x2e, 0xaf, 0xe1, 0x49, 0xa5, 0x5d, 0x43, 0x5f, 0xb3,
+    0x56, 0x72, 0xd4, 0x6a, 0xa7, 0x43, 0xf4, 0x27, 0x88, 0x83, 0x90, 0xc7,
+    0xf9, 0x08, 0x65, 0x17, 0xb7, 0x1e, 0x56, 0x5b, 0x16, 0x5f, 0xff, 0x31,
+    0xe7, 0xad, 0xbd, 0x79, 0xb7, 0x64, 0xf2, 0xb2, 0xff, 0xe1, 0x3c, 0x7c,
+    0xc6, 0xeb, 0xac, 0xde, 0xb2, 0xa0, 0x8a, 0xdf, 0x08, 0x12, 0xad, 0xfe,
+    0xfb, 0x69, 0xfa, 0x62, 0x59, 0x7f, 0xff, 0xa7, 0x46, 0xed, 0xe1, 0x0b,
+    0x3f, 0x30, 0x61, 0xf9, 0x96, 0x54, 0x11, 0x29, 0xc3, 0x2b, 0xc0, 0xe6,
+    0x2c, 0xbf, 0xdc, 0x14, 0x4e, 0x37, 0x89, 0x65, 0xff, 0xfd, 0xc3, 0x1f,
+    0x77, 0x8d, 0xa8, 0xb9, 0x27, 0x7e, 0xfe, 0xb2, 0xfe, 0x9e, 0x98, 0xa6,
+    0x0b, 0x2f, 0xfb, 0x6c, 0xb1, 0x61, 0xf5, 0x2b, 0x2f, 0x69, 0xbb, 0x59,
+    0x50, 0x4c, 0xcf, 0xb1, 0xc8, 0x8d, 0x4e, 0xc3, 0xc2, 0xcf, 0x9c, 0x5f,
+    0x8a, 0x30, 0x48, 0x6b, 0x2f, 0xe8, 0x6e, 0x4f, 0xe4, 0x96, 0x56, 0x1e,
+    0xc6, 0xe9, 0x4d, 0xfd, 0x3b, 0x87, 0x96, 0xd2, 0xca, 0x93, 0xd3, 0x81,
+    0x25, 0xfa, 0x05, 0x27, 0x35, 0x65, 0xff, 0xc7, 0xcd, 0x16, 0x36, 0xf6,
+    0xd3, 0xac, 0xbf, 0x9b, 0xa6, 0x1f, 0x47, 0x59, 0x5d, 0xa2, 0x69, 0xca,
+    0x3e, 0x87, 0x7f, 0xfe, 0x6d, 0x6d, 0xcf, 0x8a, 0x72, 0x3f, 0x63, 0x41,
+    0x65, 0xff, 0x8b, 0x22, 0xff, 0xb3, 0x4d, 0xc5, 0x97, 0xfe, 0x3e, 0xd3,
+    0xbf, 0xf6, 0xfb, 0xfa, 0x59, 0x7f, 0xa4, 0xf8, 0xda, 0x16, 0xe2, 0xca,
+    0x73, 0xf9, 0x12, 0x25, 0x79, 0x1b, 0x05, 0x0b, 0x7b, 0xf7, 0x64, 0xc7,
+    0x65, 0x97, 0xa3, 0xc3, 0x16, 0x5e, 0xcd, 0x79, 0x65, 0xa7, 0x63, 0x37,
+    0x5d, 0x0f, 0x5f, 0x6c, 0x8b, 0x76, 0x56, 0x54, 0xaa, 0x3a, 0x19, 0x86,
+    0x46, 0x5c, 0xc4, 0xfa, 0x61, 0x11, 0x65, 0xfd, 0xf7, 0xf6, 0xd1, 0xca,
+    0xcb, 0xfe, 0xff, 0x03, 0xe3, 0xf7, 0x0c, 0x59, 0x7f, 0x9e, 0x1b, 0x78,
+    0x20, 0x3a, 0xcb, 0xe9, 0xf4, 0xc6, 0xb2, 0xcc, 0x33, 0xd7, 0xf1, 0xad,
+    0x4a, 0x3a, 0x30, 0xbc, 0x50, 0x92, 0xbf, 0x71, 0xbd, 0x83, 0x59, 0x7e,
+    0x84, 0xff, 0x23, 0x59, 0x5b, 0x87, 0x9f, 0xa2, 0x7b, 0xd3, 0xc8, 0xd6,
+    0x5e, 0xef, 0xf8, 0xb2, 0xfe, 0xe3, 0x17, 0x5e, 0x95, 0x95, 0x88, 0x8c,
+    0xe8, 0x97, 0x43, 0xbf, 0x1d, 0xbe, 0x6d, 0x96, 0xf2, 0xcb, 0xff, 0x67,
+    0xf9, 0xac, 0x8b, 0xcc, 0x6a, 0xcb, 0xff, 0xfd, 0xc6, 0x10, 0x5f, 0xcd,
+    0xb7, 0x3b, 0xff, 0x83, 0xe4, 0x72, 0xb2, 0xff, 0xfd, 0x9d, 0x6d, 0xf6,
+    0x6d, 0xe7, 0xcb, 0x01, 0xb3, 0x8b, 0x2d, 0xf6, 0x46, 0x37, 0x1a, 0xaf,
+    0xff, 0xe6, 0xe0, 0x32, 0x05, 0x20, 0x7f, 0x77, 0x0c, 0xfa, 0xcb, 0xff,
+    0xba, 0x6d, 0x69, 0xe0, 0xfd, 0x0b, 0xb5, 0x97, 0xfd, 0x86, 0xe1, 0xdb,
+    0x66, 0x4e, 0xb2, 0x99, 0x30, 0x4d, 0x14, 0x79, 0x68, 0x91, 0xef, 0xfb,
+    0x6b, 0x96, 0x6e, 0xed, 0xf0, 0x96, 0x5f, 0x8c, 0x6d, 0x61, 0xab, 0x2a,
+    0x55, 0x87, 0xe1, 0xeb, 0x12, 0x3c, 0xa0, 0xa1, 0x1e, 0x06, 0x7f, 0x7f,
+    0xdf, 0x6e, 0x30, 0x82, 0xe3, 0x95, 0x97, 0x4f, 0x6b, 0x2f, 0xe9, 0xfe,
+    0x13, 0xee, 0x2c, 0xbf, 0x03, 0x63, 0x8f, 0x0c, 0x59, 0x4c, 0x8b, 0x0d,
+    0x1e, 0x00, 0x5c, 0x8b, 0xae, 0xd8, 0xc2, 0xab, 0x2f, 0xfc, 0xe5, 0xd7,
+    0xf3, 0xdf, 0xf8, 0x96, 0x53, 0x1e, 0xf8, 0x88, 0x2f, 0xe9, 0xd4, 0x73,
+    0xa8, 0xd6, 0x5f, 0x0a, 0x39, 0x82, 0xca, 0x81, 0xe9, 0x70, 0xbe, 0xff,
+    0x1b, 0xb7, 0x4d, 0xdf, 0xf1, 0x65, 0xff, 0xf7, 0xa4, 0x7b, 0x7d, 0x9b,
+    0x73, 0x4f, 0x0c, 0x59, 0x7f, 0xee, 0x61, 0x7f, 0x99, 0x06, 0xf2, 0xcb,
+    0xfb, 0x99, 0xbc, 0xa7, 0xb5, 0x97, 0x0b, 0xcb, 0x2a, 0x53, 0x0c, 0xe8,
+    0xdf, 0x8a, 0x5f, 0x3d, 0xd9, 0x2f, 0xbf, 0xfe, 0x90, 0x61, 0x6d, 0x7f,
+    0xed, 0xf6, 0x01, 0xd6, 0x5c, 0x51, 0xac, 0xa9, 0x4f, 0x93, 0x23, 0x2e,
+    0x64, 0xe2, 0x51, 0xbf, 0xc3, 0xc3, 0xed, 0xe3, 0xf9, 0x65, 0xe1, 0x4f,
+    0x16, 0x53, 0x1e, 0x8f, 0x8d, 0x6e, 0xe4, 0x16, 0x5f, 0xfe, 0xf4, 0x9c,
+    0x9c, 0xd2, 0xc0, 0x76, 0x05, 0x97, 0xf6, 0xf7, 0x3f, 0x8c, 0x75, 0x97,
+    0xff, 0xf9, 0xa7, 0xef, 0xe0, 0x9c, 0xf6, 0x17, 0xf6, 0x82, 0x1c, 0x59,
+    0x7f, 0xcc, 0x4d, 0x9d, 0x4f, 0xf8, 0xb2, 0xa0, 0x98, 0xab, 0x25, 0x11,
+    0x87, 0xd9, 0x2f, 0x70, 0x5a, 0x59, 0x7f, 0x84, 0xfc, 0xcf, 0x31, 0xd6,
+    0x5e, 0x6f, 0x32, 0xcb, 0xfb, 0x4e, 0x40, 0x04, 0xac, 0xa9, 0x54, 0x3f,
+    0x19, 0x0e, 0x46, 0x58, 0xc7, 0x9a, 0x1d, 0x73, 0x20, 0xc6, 0xef, 0xf1,
+    0x67, 0xf8, 0x06, 0xed, 0x65, 0xf8, 0xb0, 0x64, 0xeb, 0x2a, 0x07, 0xb1,
+    0x86, 0x77, 0xc2, 0x9e, 0x12, 0xcb, 0xb3, 0x7a, 0xcb, 0xf4, 0x9d, 0xfb,
+    0xfa, 0xcb, 0xb2, 0x35, 0x97, 0xff, 0x0f, 0x99, 0xa2, 0xc0, 0x73, 0x34,
+    0xb2, 0xbc, 0x89, 0xae, 0x0c, 0x7c, 0xa0, 0x42, 0xf7, 0xec, 0xe8, 0x4f,
+    0x1a, 0xca, 0xe9, 0x32, 0x1f, 0x42, 0xec, 0x8f, 0x6f, 0xff, 0xb4, 0x42,
+    0xec, 0xb1, 0xb5, 0xd7, 0xa7, 0x8b, 0x2f, 0xff, 0xee, 0x9f, 0xd9, 0x09,
+    0xd4, 0x83, 0x52, 0x1b, 0x92, 0xcb, 0xf0, 0x33, 0xcc, 0x35, 0x95, 0x28,
+    0xd1, 0xc5, 0x07, 0x5a, 0xbe, 0x8d, 0xcb, 0x7a, 0xcb, 0xf8, 0x18, 0x5e,
+    0x11, 0x2c, 0xac, 0x3d, 0x07, 0x24, 0xbf, 0xff, 0xff, 0xa1, 0xb7, 0xfe,
+    0x69, 0xe6, 0xdc, 0x17, 0x53, 0xbf, 0x6e, 0x6b, 0x59, 0xbc, 0x4f, 0xe5,
+    0x97, 0xdf, 0xd8, 0x02, 0xbb, 0x12, 0xca, 0x94, 0x62, 0x64, 0x24, 0xef,
+    0xbc, 0x4f, 0xba, 0xb2, 0xf8, 0xed, 0xbb, 0x2b, 0x2a, 0x57, 0x06, 0x32,
+    0x34, 0x2f, 0x46, 0x0e, 0x4f, 0xbc, 0x87, 0x27, 0xc9, 0x84, 0x49, 0x7f,
+    0x9f, 0xbe, 0x31, 0xe7, 0xa5, 0x97, 0xd8, 0x33, 0xf1, 0x65, 0xec, 0xce,
+    0x2c, 0xb6, 0x96, 0x5e, 0xfe, 0x1d, 0x65, 0x49, 0xad, 0xc1, 0x1b, 0x46,
+    0x33, 0xe7, 0x74, 0x8b, 0xc1, 0xec, 0xba, 0xcb, 0xff, 0xf3, 0x47, 0xe7,
+    0x6f, 0xcf, 0x9b, 0xfc, 0xc1, 0xac, 0xbf, 0xed, 0xb9, 0xe6, 0x7f, 0xfa,
+    0x56, 0x56, 0xe2, 0x23, 0x49, 0x52, 0xbc, 0x8d, 0x27, 0x85, 0x6d, 0x3a,
+    0x64, 0x22, 0x87, 0xd5, 0xff, 0xb7, 0xbc, 0x30, 0x86, 0x53, 0x05, 0x97,
+    0x47, 0x2b, 0x2b, 0x0f, 0x54, 0x47, 0xd7, 0xd9, 0xe3, 0xca, 0xca, 0x23,
+    0xc2, 0xe1, 0x0d, 0xe6, 0x32, 0x25, 0x97, 0xfc, 0xfe, 0x6e, 0x70, 0x4e,
+    0x05, 0x94, 0x33, 0xd6, 0x71, 0xeb, 0x04, 0x0a, 0x3a, 0x9c, 0x5d, 0x88,
+    0x8c, 0x2a, 0x7f, 0xb0, 0x18, 0xec, 0x62, 0xf3, 0x1d, 0xa4, 0x70, 0x9c,
+    0x84, 0x2e, 0x07, 0x28, 0xdb, 0x27, 0xe8, 0x4d, 0x86, 0x5f, 0x50, 0xcb,
+    0xee, 0x18, 0x6d, 0x1a, 0xb4, 0x51, 0x82, 0xea, 0x57, 0xa9, 0xe3, 0x44,
+    0xf4, 0xe0, 0xeb, 0xc6, 0x1a, 0x08, 0x4d, 0x14, 0xa5, 0x7e, 0x4a, 0xb0,
+    0xfc, 0xe6, 0xd0, 0x9d, 0x77, 0x9a, 0x6c, 0xc7, 0x54, 0x1c, 0x2f, 0xf7,
+    0x5d, 0xef, 0x13, 0x18, 0xb2, 0xfb, 0xa7, 0x7e, 0x95, 0x15, 0x42, 0xff,
+    0x6a, 0x77, 0xf7, 0x0c, 0xfa, 0xca, 0xd1, 0xf3, 0x08, 0xc2, 0xff, 0x1b,
+    0x3f, 0xe6, 0xfc, 0x1a, 0xcb, 0xfe, 0xcf, 0xbf, 0x7b, 0x63, 0xc3, 0x16,
+    0x5f, 0xf9, 0xe0, 0x13, 0x35, 0xd3, 0xbf, 0x4a, 0x89, 0xad, 0x7f, 0xde,
+    0x93, 0xf3, 0x8e, 0x5d, 0x2c, 0xbe, 0x9d, 0x4f, 0xd6, 0x5c, 0xff, 0x59,
+    0x43, 0x36, 0xe7, 0x21, 0xbf, 0xe7, 0xef, 0x84, 0xd2, 0x19, 0xd6, 0x5f,
+    0xe2, 0x7f, 0xf2, 0x2f, 0x32, 0xcb, 0x04, 0x82, 0xa6, 0x2c, 0x84, 0x11,
+    0xa4, 0x5a, 0x36, 0x39, 0xef, 0x93, 0x9d, 0xc0, 0x04, 0x21, 0x9c, 0xdf,
+    0xff, 0x6e, 0x30, 0xf0, 0xfb, 0x7f, 0x9b, 0x8d, 0xbf, 0x8b, 0x2f, 0xda,
+    0xe9, 0xdf, 0xa5, 0x45, 0x58, 0xbd, 0xa9, 0x3a, 0xcb, 0xfe, 0x98, 0x4e,
+    0xa3, 0x9d, 0x46, 0xb2, 0xff, 0xe9, 0x21, 0xce, 0xf8, 0x9b, 0x79, 0x01,
+    0x65, 0x82, 0x4a, 0x65, 0x98, 0xb3, 0xa3, 0x62, 0x1c, 0xf9, 0xd5, 0xf1,
+    0x60, 0x82, 0xeb, 0x2f, 0xee, 0xff, 0x3e, 0x7d, 0xc5, 0x97, 0xe7, 0xf6,
+    0x6b, 0x16, 0x54, 0x9e, 0xbb, 0x98, 0xdf, 0xda, 0x14, 0x5c, 0x9f, 0xac,
+    0xa9, 0x46, 0x5f, 0x9f, 0x04, 0x41, 0x7f, 0xf0, 0x30, 0x82, 0x40, 0x1c,
+    0x8d, 0xc9, 0x65, 0x04, 0x3f, 0x59, 0x2f, 0xbf, 0x86, 0xc2, 0xfe, 0x71,
+    0x65, 0xfc, 0xc7, 0x6f, 0xfa, 0x56, 0x5f, 0x4c, 0x53, 0xda, 0xca, 0xf1,
+    0xe7, 0xf0, 0xb2, 0xfd, 0xae, 0x9d, 0xfa, 0x54, 0x48, 0x8b, 0xef, 0xe9,
+    0xbb, 0x59, 0x7f, 0xec, 0xdd, 0x68, 0xfb, 0xcd, 0x69, 0xd6, 0x5f, 0xcc,
+    0x78, 0xc5, 0xa8, 0x2c, 0xba, 0x01, 0x31, 0x19, 0x4c, 0x6d, 0xbc, 0x8f,
+    0x65, 0x0a, 0xfe, 0x8e, 0x75, 0xe7, 0x65, 0x96, 0x08, 0x14, 0x4f, 0x8f,
+    0x1f, 0x1e, 0x1d, 0x9c, 0x4e, 0xbf, 0x6b, 0xa7, 0x7e, 0x95, 0x16, 0x92,
+    0xff, 0xcf, 0x00, 0x99, 0xae, 0x9d, 0xfa, 0x54, 0x4f, 0xab, 0x04, 0xc4,
+    0x42, 0x1c, 0xda, 0xff, 0xcf, 0x00, 0x99, 0xae, 0x9d, 0xfa, 0x54, 0x50,
+    0x8b, 0xf1, 0x3f, 0x33, 0xeb, 0x2c, 0x10, 0xe7, 0xe8, 0xe9, 0xd7, 0xff,
+    0x61, 0x81, 0x3e, 0x6b, 0xf1, 0xbf, 0x2b, 0x2f, 0xdf, 0x17, 0x4f, 0xc5,
+    0x97, 0x4e, 0x96, 0x5f, 0xfd, 0x27, 0x16, 0xba, 0x76, 0x1c, 0xc4, 0xb2,
+    0xcd, 0x19, 0xed, 0xc4, 0x2d, 0x47, 0x45, 0x6f, 0xa1, 0x09, 0x7e, 0xd7,
+    0x4e, 0xfd, 0x2a, 0x28, 0xf5, 0xb1, 0x65, 0xfc, 0x2f, 0x9d, 0x8c, 0xe2,
+    0xca, 0x19, 0xbf, 0x21, 0x0b, 0xe6, 0xc0, 0x71, 0x65, 0xcf, 0xd2, 0xcb,
+    0x60, 0xcd, 0xc6, 0xe9, 0x0d, 0xfa, 0x79, 0x11, 0x4a, 0xcb, 0xfe, 0x98,
+    0x4e, 0xa3, 0x9d, 0x46, 0xb2, 0xff, 0xff, 0xff, 0x06, 0xda, 0x8a, 0x7d,
+    0xac, 0xf3, 0x87, 0xcc, 0x35, 0xc8, 0x12, 0x53, 0x17, 0xa5, 0x65, 0xf9,
+    0xf8, 0xdf, 0x95, 0x97, 0xfd, 0x31, 0x49, 0x4c, 0x5e, 0x95, 0x95, 0x28,
+    0xed, 0x36, 0x11, 0xe4, 0x4d, 0x7c, 0x78, 0xf0, 0xc5, 0x97, 0xff, 0xe1,
+    0xfa, 0x43, 0x09, 0xf2, 0x70, 0x73, 0x92, 0x04, 0x95, 0x27, 0xf9, 0x84,
+    0x97, 0x9e, 0x01, 0x25, 0x59, 0xe6, 0x14, 0x44, 0xeb, 0xa5, 0x8f, 0x14,
+    0x91, 0x3f, 0xe3, 0x27, 0xd9, 0x85, 0x85, 0xff, 0xd9, 0xe0, 0x9f, 0x35,
+    0xf8, 0xdf, 0x95, 0x96, 0x09, 0x1a, 0xe8, 0x41, 0xe7, 0x0c, 0x3f, 0x09,
+    0x2a, 0x97, 0xcb, 0x1e, 0x8e, 0x9a, 0x65, 0x07, 0x3c, 0x95, 0x8c, 0x6d,
+    0xa9, 0xfb, 0xea, 0x72, 0x03, 0xb8, 0xee, 0x5a, 0x39, 0x08, 0xa5, 0x03,
+    0x7a, 0x1a, 0x20, 0x84, 0xf7, 0xe7, 0x4c, 0x6f, 0xff, 0x8c, 0xeb, 0x62,
+    0x0a, 0x80, 0x2f, 0xad, 0x83, 0x6e, 0xdf, 0x6c, 0xac, 0xbf, 0xff, 0xf6,
+    0xef, 0xf6, 0x31, 0x9f, 0x63, 0x26, 0x0b, 0x7f, 0x0b, 0xeb, 0x60, 0xdb,
+    0xb7, 0xdb, 0x2b, 0x2b, 0xc9, 0x80, 0x18, 0xdd, 0x7f, 0xf7, 0xa5, 0xb4,
+    0xc1, 0x7e, 0xbd, 0x26, 0x2c, 0xbf, 0xf7, 0x02, 0xec, 0x6e, 0xdd, 0xbe,
+    0xd9, 0x09, 0x27, 0xdd, 0xd1, 0x2d, 0xff, 0xff, 0xfe, 0xdd, 0x0b, 0xb1,
+    0xbb, 0x76, 0xfb, 0x64, 0x24, 0xf8, 0xce, 0xb6, 0x20, 0xa8, 0x02, 0xfa,
+    0xd8, 0x36, 0xed, 0xf6, 0xca, 0xcb, 0xf6, 0xba, 0x77, 0xe9, 0x51, 0x11,
+    0x2f, 0xf7, 0x05, 0x31, 0x7d, 0xb7, 0xac, 0xb0, 0x4c, 0x3e, 0xc8, 0x8d,
+    0xaf, 0xec, 0xd7, 0x4e, 0xfd, 0x2a, 0x22, 0xb5, 0xfb, 0x5d, 0x3b, 0xf4,
+    0xa8, 0xae, 0x17, 0x4f, 0x96, 0x5d, 0xb8, 0x13, 0x0f, 0x33, 0x79, 0xb5,
+    0x04, 0x45, 0xdb, 0xc2, 0x1e, 0xfb, 0xcf, 0xa6, 0x59, 0x7e, 0xf8, 0x03,
+    0x28, 0x2c, 0xbf, 0x02, 0x4b, 0xa0, 0x92, 0x79, 0x4e, 0x43, 0x74, 0x5b,
+    0x8b, 0x2f, 0xe2, 0x6e, 0xbf, 0x30, 0x59, 0x60, 0x91, 0x9e, 0x46, 0x86,
+    0xec, 0xdd, 0xa2, 0xc8, 0x10, 0x87, 0xbf, 0xc1, 0x5d, 0x88, 0xa7, 0xa7,
+    0xed, 0x65, 0xf6, 0x79, 0xfe, 0xb2, 0xff, 0x63, 0x68, 0x00, 0x17, 0x16,
+    0x58, 0x2a, 0x47, 0xa9, 0xc2, 0x1b, 0xff, 0xff, 0xfd, 0xb1, 0x05, 0x02,
+    0xb3, 0xcf, 0x61, 0xb8, 0x32, 0xc8, 0xda, 0x1c, 0x91, 0xcf, 0x89, 0xf7,
+    0x16, 0x5f, 0xda, 0x9f, 0xb9, 0x62, 0xcb, 0xff, 0xf7, 0x1b, 0xce, 0xd0,
+    0x62, 0xf8, 0xbd, 0xac, 0x59, 0x4c, 0x7f, 0xdf, 0x2b, 0xbf, 0xa4, 0x1c,
+    0xf9, 0x4a, 0xcb, 0xfc, 0xee, 0x69, 0x8f, 0xae, 0x2c, 0xbf, 0xff, 0x7b,
+    0x0b, 0x0d, 0xf3, 0xc3, 0xc6, 0x38, 0x67, 0x59, 0x7d, 0xd3, 0xbf, 0x4a,
+    0x8a, 0x79, 0x7f, 0xfe, 0x6d, 0x79, 0xe7, 0x79, 0x67, 0x30, 0x98, 0xeb,
+    0x2f, 0xfc, 0x53, 0xbd, 0xbf, 0x09, 0xc2, 0x59, 0x50, 0x4c, 0x5f, 0x4a,
+    0xfe, 0x30, 0xfa, 0x9d, 0xfe, 0x18, 0x36, 0xce, 0xe4, 0xc1, 0x65, 0xfe,
+    0x3b, 0x0c, 0x4f, 0xa8, 0x2c, 0xb8, 0xec, 0xb2, 0xa4, 0xf2, 0x7a, 0x33,
+    0xbf, 0xff, 0xa7, 0xfc, 0x11, 0xfa, 0x60, 0x4e, 0x79, 0x85, 0xd2, 0xcb,
+    0x9b, 0x8b, 0x2f, 0xe9, 0x3f, 0x25, 0xa3, 0x59, 0x50, 0x44, 0xfe, 0x2e,
+    0x7c, 0x5a, 0xff, 0xfe, 0x7d, 0x3f, 0xbb, 0x86, 0x7f, 0x08, 0x5f, 0x11,
+    0xab, 0x2f, 0xa1, 0x39, 0x1a, 0xcb, 0xff, 0xf6, 0x85, 0xad, 0x49, 0x61,
+    0xad, 0xef, 0x60, 0x6b, 0x2c, 0x35, 0x97, 0xb4, 0xdd, 0xac, 0xb3, 0x2c,
+    0xae, 0x93, 0x12, 0xed, 0x73, 0x44, 0x47, 0x56, 0xf8, 0x8e, 0xf1, 0xdb,
+    0xcc, 0x5f, 0x59, 0x7f, 0xf3, 0xc0, 0x23, 0x8f, 0x21, 0xe9, 0xe9, 0x65,
+    0xfc, 0x30, 0xc8, 0x3e, 0xf8, 0xb2, 0xff, 0xb4, 0xf1, 0x8c, 0x4f, 0xa8,
+    0x2c, 0xa9, 0x3e, 0xb6, 0x31, 0xbf, 0xec, 0x20, 0x49, 0xdb, 0x50, 0x59,
+    0x7f, 0x9b, 0x8c, 0x20, 0xb8, 0xe5, 0x65, 0x40, 0xfb, 0x7e, 0x6f, 0x7f,
+    0xfc, 0x7c, 0x6f, 0x8b, 0xf3, 0x06, 0x1e, 0x0d, 0x65, 0x31, 0xf8, 0x00,
+    0x8a, 0xfd, 0xa8, 0xe7, 0x51, 0xac, 0xbf, 0x31, 0x7c, 0x33, 0xac, 0xa9,
+    0x3d, 0x20, 0x15, 0x5f, 0xed, 0x4c, 0xff, 0x8d, 0xbd, 0x65, 0xfd, 0x31,
+    0xb8, 0xdf, 0xeb, 0x2a, 0x08, 0x82, 0x39, 0x0e, 0xe9, 0xa5, 0xf6, 0xd2,
+    0x78, 0x2c, 0xbf, 0x3e, 0x79, 0x8e, 0xb2, 0xb8, 0x79, 0x3b, 0xc8, 0xea,
+    0x51, 0x41, 0x8f, 0x97, 0xf3, 0x7d, 0xcd, 0xf3, 0x2c, 0xbf, 0xed, 0xee,
+    0x7d, 0xa3, 0xf3, 0x1d, 0x65, 0xff, 0x14, 0x9e, 0x60, 0x58, 0x75, 0x97,
+    0xff, 0x8f, 0x3a, 0x8e, 0x7b, 0xc1, 0x05, 0xf0, 0x6b, 0x2f, 0xbf, 0x09,
+    0x35, 0x65, 0x41, 0x31, 0x2c, 0x2d, 0x63, 0xd7, 0x36, 0x0d, 0x3e, 0xfd,
+    0xd6, 0x31, 0x44, 0xb2, 0xff, 0x17, 0x59, 0xbf, 0x3f, 0xc5, 0x97, 0xe1,
+    0x8a, 0x75, 0x1a, 0xcb, 0x9c, 0xd5, 0x95, 0x27, 0xeb, 0x86, 0xba, 0x29,
+    0xbb, 0x42, 0x59, 0x7d, 0x9f, 0xc3, 0xac, 0xb9, 0xe3, 0x93, 0x70, 0xe2,
+    0xf5, 0xb0, 0x33, 0x24, 0xf6, 0x38, 0x48, 0x85, 0x85, 0x73, 0x18, 0xdc,
+    0x08, 0x46, 0x59, 0x91, 0xa5, 0x9a, 0x7d, 0xd4, 0x20, 0x7b, 0x86, 0x0b,
+    0x46, 0x83, 0x12, 0xe1, 0xc6, 0xfd, 0x0b, 0x17, 0x87, 0xe9, 0x47, 0x2b,
+    0xc8, 0xcc, 0xfe, 0x93, 0xbe, 0x13, 0xbb, 0x2c, 0xb7, 0xf6, 0x7f, 0x98,
+    0xfb, 0x8b, 0x2f, 0xe7, 0x33, 0x9c, 0x90, 0x2c, 0xbe, 0x78, 0x04, 0x1c,
+    0x9e, 0xe9, 0x17, 0xdf, 0xfe, 0x00, 0x05, 0xc0, 0x81, 0x93, 0x9c, 0xa5,
+    0x65, 0xff, 0xc5, 0x80, 0x72, 0x00, 0x43, 0xb1, 0xd6, 0x56, 0x91, 0x21,
+    0xf4, 0xcb, 0xf3, 0xfb, 0xcd, 0x12, 0xcb, 0xff, 0xb3, 0x8c, 0x40, 0x2c,
+    0xff, 0xb1, 0x65, 0xff, 0x98, 0x80, 0x59, 0xff, 0x60, 0x4f, 0x1f, 0x48,
+    0x65, 0x14, 0x11, 0x5b, 0x40, 0xe3, 0xbd, 0x68, 0x64, 0xf2, 0x11, 0x96,
+    0xc5, 0x97, 0xe2, 0x91, 0x05, 0xf8, 0xb2, 0xff, 0xf9, 0xc6, 0x6b, 0xff,
+    0x3c, 0x59, 0xff, 0x32, 0xcb, 0xf8, 0xdd, 0x38, 0xdc, 0x96, 0x50, 0xd1,
+    0x6d, 0x82, 0x1e, 0x2b, 0x74, 0xeb, 0xff, 0x98, 0x7a, 0x7e, 0xc2, 0x6b,
+    0x53, 0x1a, 0xca, 0x08, 0x88, 0x3f, 0x1d, 0xda, 0x56, 0x5f, 0xdc, 0x9e,
+    0x8a, 0x46, 0xb2, 0x86, 0x6f, 0x58, 0x42, 0xff, 0xfa, 0x75, 0x90, 0x67,
+    0xfe, 0x0d, 0x85, 0xd2, 0x4b, 0x85, 0xda, 0xca, 0xf1, 0xf3, 0x12, 0x75,
+    0xe6, 0x07, 0x16, 0x5b, 0xa5, 0x97, 0xe9, 0x80, 0x05, 0x05, 0x97, 0xdd,
+    0x3b, 0xf4, 0xa8, 0xac, 0xd7, 0x49, 0x8b, 0x2a, 0x34, 0x4e, 0xe0, 0xe4,
+    0x42, 0x5a, 0x28, 0xde, 0x61, 0x7d, 0xf6, 0x3f, 0x16, 0x5b, 0x4b, 0x2c,
+    0x6a, 0xca, 0x63, 0x47, 0xc1, 0x1b, 0xdc, 0x17, 0x4b, 0x28, 0xd3, 0x7d,
+    0xc2, 0x0b, 0x06, 0xb2, 0xf6, 0xa7, 0x7a, 0xca, 0x93, 0x61, 0xc1, 0x2b,
+    0xfb, 0x79, 0x14, 0xee, 0x44, 0xb2, 0xfc, 0x79, 0x28, 0x71, 0x65, 0xd3,
+    0x12, 0xca, 0x93, 0xf0, 0x8c, 0xcb, 0x44, 0xf7, 0xdf, 0xe0, 0x7c, 0x59,
+    0x7d, 0xce, 0x49, 0x8b, 0x2c, 0xeb, 0x2b, 0x0f, 0x5d, 0x89, 0x38, 0x47,
+    0x74, 0x6c, 0xb2, 0xff, 0x72, 0x26, 0x2f, 0x67, 0x6b, 0x2a, 0x4f, 0x2f,
+    0x05, 0xee, 0x7f, 0xac, 0xbe, 0x00, 0x65, 0x05, 0x94, 0x33, 0x73, 0xf1,
+    0x6b, 0xff, 0xe9, 0x3f, 0xf3, 0x0b, 0xfc, 0xf6, 0x01, 0xd6, 0x5f, 0xe3,
+    0xcf, 0x7c, 0xd4, 0xef, 0x59, 0x73, 0xf1, 0x65, 0x49, 0xe6, 0x08, 0xda,
+    0xff, 0x41, 0x85, 0xb9, 0xb0, 0x00, 0xeb, 0x2f, 0xc5, 0x3e, 0x6c, 0x59,
+    0x74, 0xc1, 0x65, 0x61, 0xfb, 0xb9, 0xe0, 0x09, 0x6c, 0xcb, 0x2f, 0xd8,
+    0x44, 0xff, 0x59, 0xc2, 0xc2, 0xf0, 0xa0, 0x35, 0x95, 0xe3, 0xd1, 0x23,
+    0x4b, 0xf1, 0x7f, 0xd3, 0xbd, 0x65, 0xe7, 0x73, 0xac, 0xbf, 0x64, 0x51,
+    0x88, 0x0b, 0x2f, 0xef, 0xce, 0x81, 0x31, 0x2c, 0xb0, 0x49, 0x5e, 0xea,
+    0x1c, 0x21, 0xb2, 0x17, 0xdd, 0xa6, 0xb4, 0x20, 0xe2, 0x52, 0xd4, 0x24,
+    0x0f, 0x08, 0x6f, 0x3c, 0x3a, 0xc8, 0x08, 0x4a, 0x13, 0x3c, 0x84, 0xc7,
+    0xe1, 0x1c, 0x22, 0x1d, 0xe5, 0x21, 0x8d, 0xee, 0x95, 0x5f, 0xd0, 0xc3,
+    0x87, 0x3b, 0x8b, 0x2f, 0xf7, 0xdf, 0x51, 0xcb, 0x0d, 0x65, 0xfd, 0xfe,
+    0x0d, 0xa4, 0x96, 0x53, 0x1e, 0xfb, 0x99, 0xdf, 0xd2, 0x78, 0xc5, 0xa8,
+    0x2c, 0xbe, 0xd6, 0x19, 0xf5, 0x95, 0xe3, 0xf2, 0xf9, 0x06, 0xf2, 0xfb,
+    0xfd, 0x1f, 0xb3, 0xaf, 0x4e, 0x96, 0x5f, 0xf4, 0x94, 0x38, 0x77, 0x23,
+    0x56, 0x54, 0x9f, 0x6f, 0xcd, 0x6e, 0x91, 0xac, 0xbf, 0xe1, 0x1f, 0x3a,
+    0xd7, 0x6e, 0x62, 0xca, 0x81, 0xf9, 0xf0, 0x87, 0xe2, 0xd7, 0xfb, 0x52,
+    0x6e, 0x13, 0x1a, 0xb2, 0xff, 0xf9, 0xde, 0x3f, 0x34, 0x94, 0x1b, 0xcf,
+    0xc5, 0x97, 0xff, 0xc3, 0xf4, 0xf3, 0x6e, 0x36, 0x98, 0xf2, 0x6a, 0xcb,
+    0x4a, 0xca, 0xc3, 0xe1, 0xe2, 0x8d, 0xe2, 0x7f, 0xac, 0xbf, 0xfd, 0x26,
+    0x06, 0x72, 0xce, 0xff, 0x38, 0x62, 0xcb, 0xf7, 0xd8, 0xb0, 0xeb, 0x2f,
+    0x39, 0x04, 0x1a, 0xbd, 0x1c, 0x8c, 0x0b, 0xb8, 0xc4, 0x74, 0x5e, 0x73,
+    0x32, 0x85, 0x76, 0xf2, 0x10, 0xc6, 0xf7, 0x53, 0x2f, 0xf9, 0xcc, 0x08,
+    0x39, 0x3f, 0x72, 0xb2, 0xa0, 0x8e, 0x42, 0x85, 0x45, 0xff, 0x9e, 0x01,
+    0x33, 0x5d, 0x3b, 0xf4, 0xa8, 0x91, 0x57, 0xff, 0xef, 0xfb, 0x08, 0x27,
+    0xdd, 0xfb, 0xe1, 0xa6, 0xba, 0xcb, 0xff, 0x3f, 0xc2, 0x4b, 0x69, 0xbe,
+    0x25, 0x94, 0x11, 0x1c, 0xd2, 0x9c, 0xeb, 0x37, 0xfd, 0xad, 0x31, 0x99,
+    0x13, 0x1d, 0x65, 0xf7, 0x53, 0xe9, 0x59, 0x4c, 0x7b, 0x84, 0x75, 0x7e,
+    0xd7, 0x4e, 0xfd, 0x2a, 0x2c, 0x95, 0x49, 0xeb, 0x61, 0x05, 0xf3, 0x14,
+    0x38, 0xb2, 0xfd, 0x3c, 0xfb, 0x46, 0xb2, 0xa3, 0x3c, 0x93, 0x48, 0x6f,
+    0xf0, 0xa3, 0xf4, 0xff, 0x8c, 0xb2, 0xfe, 0x10, 0xdb, 0x4f, 0xc5, 0x97,
+    0x37, 0xd6, 0x5f, 0xbf, 0xc0, 0xf8, 0x13, 0x11, 0x37, 0xa2, 0x4e, 0x1a,
+    0x7c, 0xb6, 0x82, 0x26, 0xc3, 0x91, 0x82, 0x5f, 0xff, 0x49, 0xdc, 0x61,
+    0x3f, 0x3d, 0xc2, 0x3c, 0x31, 0x65, 0xf6, 0x19, 0xcf, 0x2c, 0xbe, 0x93,
+    0xb1, 0x8b, 0x2f, 0xe6, 0x3c, 0xf8, 0x31, 0xac, 0xa8, 0x8f, 0x43, 0x74,
+    0x8a, 0xfe, 0xf3, 0x6a, 0x61, 0xc5, 0x97, 0xcd, 0x22, 0x0b, 0xac, 0xbf,
+    0x8f, 0xf6, 0xf3, 0x9d, 0x65, 0xff, 0xe6, 0xff, 0xb3, 0xf8, 0x53, 0xf9,
+    0x1a, 0xca, 0x93, 0xf4, 0x72, 0xdb, 0xe6, 0xd8, 0xdf, 0xa5, 0x97, 0xf9,
+    0xbe, 0x2d, 0x3f, 0x02, 0x46, 0x9d, 0x36, 0x39, 0xf4, 0x4d, 0xa2, 0xdf,
+    0x42, 0x67, 0xe4, 0x14, 0xca, 0xa0, 0x9e, 0x3f, 0xab, 0xff, 0xfd, 0xf7,
+    0xec, 0x01, 0x06, 0x53, 0xdc, 0x3e, 0xc4, 0x0e, 0x2c, 0xbf, 0xb3, 0x5d,
+    0x3b, 0xf4, 0xa8, 0xb6, 0x17, 0xff, 0xef, 0x6d, 0x2c, 0xd7, 0xf9, 0xe8,
+    0xb6, 0xed, 0xf6, 0xca, 0xcb, 0xf7, 0x9f, 0x4c, 0x75, 0x94, 0x15, 0x44,
+    0x47, 0x4c, 0x37, 0xec, 0xdf, 0xa7, 0xe2, 0xcb, 0xff, 0x6a, 0x39, 0xfb,
+    0x34, 0x39, 0x2b, 0x2f, 0x68, 0x5e, 0x59, 0x77, 0xc2, 0x4a, 0x2b, 0x06,
+    0x51, 0x85, 0x3a, 0x3e, 0xa0, 0x89, 0xdc, 0x34, 0x6d, 0xf7, 0xb3, 0x98,
+    0xb2, 0xfb, 0xa7, 0x7e, 0x95, 0x16, 0xda, 0xe7, 0xd2, 0xcb, 0x41, 0x65,
+    0xb9, 0x19, 0xa7, 0x10, 0xb5, 0x68, 0xff, 0xfe, 0xaf, 0x7e, 0xf7, 0xd8,
+    0x02, 0x59, 0x7f, 0xfa, 0x63, 0xfb, 0x0f, 0x0a, 0x0d, 0xe1, 0x2c, 0xa6,
+    0x3f, 0x1f, 0x14, 0x5f, 0x9e, 0x22, 0x93, 0xac, 0xbf, 0xe9, 0x84, 0xea,
+    0x39, 0xd4, 0x6b, 0x2f, 0xa6, 0x2e, 0x32, 0xca, 0x82, 0x7a, 0x39, 0x09,
+    0xa8, 0xa1, 0x26, 0x72, 0x12, 0x27, 0xdd, 0x3a, 0xbf, 0xf0, 0xf4, 0xc2,
+    0x8c, 0x27, 0x35, 0xf5, 0x94, 0x11, 0x14, 0xf8, 0xc9, 0x7b, 0xd9, 0x1a,
+    0xcb, 0xf9, 0xc7, 0x98, 0x46, 0xac, 0xbf, 0xbc, 0xda, 0xd3, 0xc1, 0x65,
+    0xf6, 0x10, 0x02, 0x44, 0x7e, 0xc7, 0x1d, 0xe1, 0x65, 0xdb, 0x19, 0x2c,
+    0xbd, 0xb1, 0xf8, 0x6b, 0x2f, 0x47, 0xe6, 0x59, 0x7f, 0xed, 0x8f, 0x63,
+    0xd8, 0x5f, 0xf6, 0x14, 0x81, 0x65, 0xe0, 0xb0, 0x2d, 0x05, 0x8b, 0x2f,
+    0xdf, 0x9f, 0x3c, 0x4b, 0x2f, 0xc5, 0x01, 0x88, 0xeb, 0x2f, 0xe3, 0x03,
+    0xd9, 0x72, 0x02, 0xca, 0x93, 0xda, 0xc2, 0x8b, 0xf9, 0x83, 0x8b, 0x82,
+    0xed, 0x65, 0xf7, 0x5e, 0x16, 0x96, 0x5b, 0x63, 0x59, 0x43, 0x37, 0x5a,
+    0x24, 0xaf, 0x22, 0x31, 0xda, 0xef, 0xfb, 0x35, 0xa9, 0x83, 0xf6, 0x62,
+    0xcb, 0xee, 0x9d, 0xfa, 0x54, 0x5e, 0x0b, 0xf7, 0xfb, 0xe9, 0xb4, 0xb2,
+    0xff, 0x81, 0xcd, 0xbc, 0x03, 0xe4, 0x4b, 0x2f, 0xf6, 0xb5, 0x9f, 0xe4,
+    0x9d, 0x65, 0x31, 0xf7, 0xb9, 0xe5, 0xff, 0x9f, 0xf3, 0xbf, 0x5a, 0xce,
+    0xf8, 0xb2, 0xfd, 0xac, 0xde, 0xfa, 0x59, 0x7f, 0xed, 0x07, 0xf6, 0xf1,
+    0x67, 0xf1, 0x65, 0x31, 0xf3, 0xb9, 0x4d, 0x69, 0x3b, 0x13, 0x98, 0x7a,
+    0x13, 0x24, 0x41, 0xbe, 0x15, 0x17, 0xdf, 0x0b, 0x79, 0x12, 0xcb, 0xa6,
+    0x56, 0x56, 0x8d, 0xf7, 0xca, 0x6f, 0xe9, 0x8c, 0xa5, 0x86, 0xb2, 0xe7,
+    0xe2, 0xcb, 0xdb, 0x39, 0xe5, 0x94, 0x03, 0x6b, 0xf1, 0x6b, 0xf1, 0xe4,
+    0xa0, 0xeb, 0x2f, 0xe9, 0x2f, 0xef, 0x7e, 0x96, 0x5f, 0xd0, 0x9d, 0xf3,
+    0xae, 0xd6, 0x5f, 0xff, 0xcf, 0x1c, 0x50, 0x9d, 0x47, 0xf8, 0x66, 0xe3,
+    0x90, 0x16, 0x54, 0x11, 0x7f, 0x85, 0xee, 0x61, 0x7d, 0xe2, 0xc8, 0x96,
+    0x5f, 0xdf, 0x7f, 0x6d, 0x1c, 0xac, 0xbf, 0xe7, 0xff, 0x25, 0x87, 0x87,
+    0x59, 0x52, 0x7c, 0xc4, 0x5f, 0x7e, 0x83, 0x37, 0x9d, 0x65, 0xf1, 0x63,
+    0x1a, 0xb2, 0xff, 0x8f, 0xdc, 0x3f, 0x85, 0xfe, 0x2c, 0xae, 0xd1, 0x02,
+    0x72, 0x60, 0xc8, 0x6e, 0xc3, 0x56, 0x5f, 0x9e, 0x1f, 0x68, 0xd6, 0x5f,
+    0xfd, 0xf9, 0x2e, 0x98, 0xe7, 0x6e, 0x09, 0x65, 0xff, 0xc1, 0xce, 0xa1,
+    0xb7, 0x98, 0x79, 0xc5, 0x94, 0xc8, 0x8a, 0xfa, 0x25, 0x4a, 0x63, 0xb8,
+    0x64, 0xc2, 0xef, 0x0b, 0x2b, 0xb0, 0xeb, 0x2f, 0xcd, 0xe1, 0xb7, 0x16,
+    0x59, 0xa3, 0x37, 0xb0, 0x16, 0xbf, 0x61, 0x03, 0x76, 0x56, 0x5c, 0xfc,
+    0x59, 0x78, 0x4f, 0xc5, 0x95, 0xf3, 0x64, 0x18, 0xb5, 0xfa, 0x2d, 0x34,
+    0x67, 0x59, 0x52, 0x79, 0x98, 0x45, 0x74, 0x43, 0x59, 0x7f, 0xff, 0xfc,
+    0x42, 0x7e, 0x61, 0x73, 0x99, 0xe6, 0xe0, 0xa3, 0xe7, 0xb3, 0xbf, 0xca,
+    0xcb, 0xf3, 0x69, 0xfb, 0x31, 0x65, 0xff, 0xa7, 0xad, 0xb8, 0x42, 0x86,
+    0x71, 0x65, 0x41, 0x1c, 0xd1, 0x3e, 0x9c, 0xa6, 0xff, 0x79, 0x8c, 0x37,
+    0x4e, 0x62, 0xcb, 0xf6, 0xf9, 0x19, 0xf8, 0xb2, 0xfe, 0xce, 0x0b, 0xf2,
+    0x4b, 0x2f, 0xff, 0xfc, 0xed, 0xf7, 0x3b, 0x90, 0x3a, 0xf3, 0x6a, 0x01,
+    0xc3, 0x09, 0x65, 0xfd, 0x83, 0xf4, 0xf3, 0x71, 0x65, 0xfd, 0x3d, 0xf7,
+    0x07, 0xed, 0x65, 0x0d, 0x54, 0x36, 0x43, 0xfb, 0xa3, 0x16, 0x36, 0x88,
+    0xab, 0xc5, 0x84, 0xd6, 0x23, 0x0b, 0xf8, 0xb3, 0xe0, 0xce, 0xd6, 0x5f,
+    0xe7, 0x20, 0x7f, 0x67, 0x3c, 0xb2, 0xff, 0xbc, 0xf0, 0x3b, 0x4e, 0xa0,
+    0xb2, 0xb7, 0x0f, 0xb7, 0xc6, 0xb5, 0x28, 0xbf, 0xc8, 0x4d, 0x5c, 0x7e,
+    0x2c, 0xbe, 0x92, 0x86, 0xe2, 0xcb, 0xff, 0x80, 0xe4, 0x02, 0xcd, 0xfe,
+    0xc1, 0xac, 0xbf, 0xf9, 0xc1, 0x83, 0xcf, 0x36, 0xbc, 0xeb, 0x2b, 0xb4,
+    0x43, 0x71, 0x12, 0xff, 0xe6, 0x70, 0x7d, 0xb9, 0xe9, 0x2f, 0xac, 0xbe,
+    0xcf, 0x99, 0xd2, 0xcb, 0xa4, 0x0b, 0x2a, 0x09, 0xc3, 0xe1, 0x31, 0xa2,
+    0xed, 0x0a, 0xaf, 0x12, 0x71, 0x0b, 0xe4, 0x97, 0xf9, 0xfc, 0xe1, 0x9f,
+    0x38, 0xb2, 0xdd, 0x2c, 0xbb, 0xa8, 0x2c, 0xae, 0x8d, 0x57, 0xc4, 0xa8,
+    0x28, 0xd8, 0x1a, 0x85, 0x46, 0xf6, 0x32, 0x20, 0xb0, 0x74, 0x2d, 0x27,
+    0x49, 0x6c, 0x70, 0x82, 0x84, 0x2b, 0x06, 0x45, 0x91, 0xf5, 0x9b, 0x09,
+    0x4e, 0x88, 0x7b, 0x61, 0x62, 0x18, 0xa1, 0xcb, 0xa2, 0xe3, 0xc2, 0x23,
+    0xd1, 0xdf, 0x3b, 0xe0, 0x09, 0xca, 0x14, 0xfc, 0x95, 0x4d, 0xf9, 0x57,
+    0xbb, 0xda, 0x76, 0x57, 0x6f, 0x7e, 0x46, 0xb2, 0xf8, 0x0f, 0xae, 0x2c,
+    0xbb, 0xb0, 0x92, 0x6f, 0xb0, 0x72, 0xff, 0x00, 0x24, 0x50, 0x92, 0xfa,
+    0xca, 0x08, 0xa9, 0x2a, 0x63, 0xe6, 0xd1, 0x75, 0x89, 0x65, 0xbb, 0x59,
+    0x71, 0x0f, 0x0d, 0x10, 0x62, 0x17, 0x67, 0x6b, 0x2f, 0xc6, 0x16, 0x46,
+    0x25, 0x97, 0xb8, 0x28, 0xd6, 0x54, 0x9e, 0x3b, 0x94, 0xd3, 0x1f, 0xf6,
+    0x97, 0xaf, 0xda, 0xe9, 0xdf, 0xa5, 0x45, 0xe8, 0xbf, 0x67, 0xca, 0x63,
+    0x59, 0x7f, 0xe7, 0x6f, 0x8b, 0x4f, 0xbf, 0x06, 0xb2, 0xf0, 0xc5, 0xc5,
+    0x97, 0xe9, 0x3b, 0xfa, 0x56, 0x5e, 0x3b, 0x7d, 0x65, 0xff, 0x3f, 0xe1,
+    0x26, 0xfd, 0xa3, 0x59, 0x5a, 0x3f, 0xc3, 0x93, 0x10, 0xe5, 0xfb, 0x0f,
+    0xe7, 0x1a, 0xca, 0x95, 0x4a, 0xa3, 0x85, 0x56, 0x10, 0xe8, 0xdb, 0xc4,
+    0xee, 0x7e, 0x1c, 0x26, 0x77, 0x4b, 0xaf, 0xfe, 0xc1, 0xfb, 0x0e, 0x77,
+    0x86, 0x12, 0xcb, 0xc2, 0x90, 0x2c, 0xbe, 0xdf, 0x84, 0x10, 0x67, 0xbd,
+    0xa4, 0x2b, 0xfc, 0x13, 0xf9, 0x14, 0x1c, 0x6b, 0x29, 0x8f, 0xcb, 0xc7,
+    0x94, 0x11, 0x36, 0xfc, 0x8d, 0x3a, 0xb6, 0x1b, 0xe2, 0x83, 0x05, 0xa6,
+    0x59, 0x8c, 0xae, 0x38, 0x72, 0xc2, 0x32, 0x5c, 0xac, 0x0a, 0x7a, 0x8e,
+    0x25, 0xa7, 0xd3, 0x22, 0x9d, 0xde, 0xd4, 0x61, 0xa7, 0x94, 0x87, 0xe9,
+    0x55, 0xae, 0x52, 0x09, 0x43, 0x85, 0x2a, 0x8f, 0x90, 0x9a, 0x15, 0x65,
+    0x8e, 0x64, 0xe0, 0xfd, 0xe2, 0xff, 0x16, 0x5c, 0x73, 0xac, 0xb7, 0x96,
+    0x56, 0xc4, 0x6a, 0x04, 0x2f, 0x7f, 0xf0, 0xa6, 0x22, 0xcd, 0xee, 0x73,
+    0xb2, 0xcb, 0xec, 0xf3, 0xfd, 0x65, 0xfe, 0xc6, 0xd0, 0x00, 0x2e, 0x2c,
+    0xb0, 0x54, 0xd4, 0x4c, 0x92, 0x2f, 0x08, 0x6f, 0x36, 0x71, 0x65, 0xff,
+    0xef, 0xf0, 0x53, 0xcc, 0xfb, 0x1d, 0xe0, 0xb2, 0xf4, 0xf7, 0x1a, 0xca,
+    0x23, 0xe7, 0xfa, 0x4d, 0xf3, 0x6c, 0xc9, 0xd6, 0x5f, 0xf4, 0xfa, 0x63,
+    0xd4, 0xe0, 0xd6, 0x5f, 0xf7, 0xf9, 0x9d, 0xc3, 0xc2, 0x35, 0x65, 0xee,
+    0x4c, 0x4b, 0x28, 0x69, 0xac, 0x34, 0x20, 0x8e, 0x43, 0xe2, 0x42, 0x38,
+    0xe1, 0xe5, 0xe2, 0x7f, 0x2c, 0xbd, 0xbe, 0x60, 0xb2, 0xf7, 0xb3, 0x8b,
+    0x2f, 0xf8, 0x98, 0xdf, 0xf7, 0xd3, 0x79, 0x65, 0xee, 0x4c, 0x6b, 0x2a,
+    0x51, 0x24, 0x31, 0xec, 0x1c, 0xec, 0xee, 0xff, 0x7f, 0xcc, 0xe0, 0x04,
+    0xac, 0xbf, 0xb3, 0xbe, 0xe0, 0x28, 0xd6, 0x5f, 0xcf, 0xa8, 0x10, 0x9d,
+    0x65, 0xcc, 0x75, 0x95, 0x88, 0xa5, 0xd1, 0x90, 0x8c, 0x77, 0x4b, 0x2f,
+    0x8e, 0x22, 0x1a, 0xcb, 0xdb, 0xdf, 0xb5, 0x97, 0x8d, 0x93, 0x16, 0x5e,
+    0x77, 0xe9, 0x51, 0x11, 0xaf, 0x8d, 0xe9, 0xf4, 0xb2, 0x8d, 0x3e, 0xbe,
+    0x87, 0x98, 0xa6, 0xfd, 0xb1, 0xff, 0x8e, 0x05, 0x97, 0xe6, 0x73, 0xe6,
+    0x96, 0x5f, 0xf0, 0x9f, 0xb2, 0xc8, 0xc3, 0x82, 0xcb, 0xdd, 0x06, 0x75,
+    0x97, 0xff, 0xfd, 0x31, 0x7e, 0x79, 0xa9, 0xfb, 0x74, 0xc3, 0xda, 0x69,
+    0x3a, 0xca, 0x94, 0x44, 0x10, 0xfd, 0xff, 0xcd, 0xcf, 0x61, 0xa6, 0xbe,
+    0xd1, 0xf6, 0xb2, 0xa3, 0x54, 0xb8, 0xc4, 0x5a, 0x84, 0x51, 0xcc, 0x3c,
+    0x5b, 0xc2, 0x6f, 0xc3, 0x0f, 0x79, 0x0d, 0xfc, 0xfd, 0xfb, 0x18, 0xc5,
+    0x97, 0x43, 0xcb, 0x2c, 0x3d, 0x1e, 0x2b, 0x97, 0x5f, 0xfd, 0xce, 0x61,
+    0xcb, 0x37, 0xed, 0x9d, 0x89, 0x65, 0x31, 0xf9, 0x88, 0x9e, 0xff, 0x64,
+    0x7e, 0x2c, 0x10, 0xd6, 0x57, 0x8f, 0x50, 0x88, 0x6f, 0xf4, 0x7a, 0xcf,
+    0xfd, 0xbe, 0xb2, 0x96, 0x5f, 0xfd, 0xec, 0xf9, 0x4c, 0x5b, 0x4d, 0x27,
+    0x59, 0x70, 0xa6, 0x23, 0xd1, 0xf8, 0x5d, 0x4a, 0x2c, 0xf9, 0x08, 0x5b,
+    0xc5, 0x3d, 0xac, 0xa8, 0x1e, 0x18, 0xc9, 0xee, 0x7f, 0x2c, 0xbf, 0xda,
+    0xce, 0x63, 0x94, 0x6b, 0x2f, 0x1c, 0x5d, 0xac, 0xbd, 0xa6, 0xed, 0x65,
+    0x0d, 0x10, 0x78, 0x2c, 0x03, 0x2f, 0x8f, 0x5f, 0xe1, 0x0c, 0x3f, 0x79,
+    0xe0, 0xb2, 0xe1, 0x9d, 0x65, 0xf9, 0xe3, 0x0d, 0x86, 0xb2, 0xff, 0xec,
+    0x30, 0x53, 0x1f, 0xc7, 0x3f, 0xe2, 0xca, 0x82, 0x2e, 0xf0, 0xd5, 0xc5,
+    0xc8, 0xa6, 0xff, 0xf4, 0x18, 0xd3, 0x5f, 0x92, 0xd1, 0xbf, 0xd6, 0x5f,
+    0xff, 0xce, 0xdf, 0x9f, 0x16, 0x7f, 0xcd, 0xec, 0x63, 0x16, 0x53, 0x22,
+    0x8f, 0xc9, 0x77, 0xff, 0xff, 0xbf, 0xf6, 0x3e, 0x9b, 0x3b, 0x21, 0x7e,
+    0x7d, 0xb7, 0x7b, 0x7e, 0x29, 0x59, 0x7f, 0xb1, 0x89, 0xb5, 0xac, 0x59,
+    0x7f, 0xd8, 0xe4, 0x0d, 0x0a, 0x40, 0xb2, 0xa5, 0x30, 0x5c, 0x22, 0xed,
+    0xf3, 0x46, 0x17, 0xff, 0xe3, 0xee, 0x33, 0xbc, 0x5f, 0xf6, 0x43, 0xcd,
+    0xbd, 0x65, 0xfd, 0xdc, 0x34, 0x29, 0x02, 0xcb, 0xf7, 0xe7, 0x52, 0x05,
+    0x97, 0xe9, 0x3e, 0x9e, 0x25, 0x97, 0x06, 0x75, 0x97, 0xec, 0xd4, 0x24,
+    0xeb, 0x2a, 0x33, 0x7e, 0x71, 0x8a, 0x94, 0xce, 0x71, 0x69, 0x8b, 0xfc,
+    0x4e, 0xec, 0xf7, 0x46, 0x74, 0x97, 0x18, 0x62, 0x4b, 0xfd, 0xe6, 0x8b,
+    0xd3, 0x18, 0x40, 0x1b, 0x13, 0x06, 0x2f, 0xb0, 0x7e, 0xc5, 0x96, 0x09,
+    0xd1, 0xf7, 0x92, 0x75, 0xfe, 0xe1, 0x67, 0xf6, 0x73, 0xeb, 0x2f, 0xb7,
+    0xcf, 0xe5, 0x65, 0xed, 0xef, 0xa5, 0x97, 0xd9, 0xe2, 0xc5, 0x95, 0x86,
+    0xfb, 0x83, 0xd5, 0x04, 0x70, 0x61, 0x53, 0x1a, 0xfd, 0x86, 0xdb, 0xab,
+    0x2f, 0xce, 0x7c, 0xef, 0xeb, 0x2f, 0x71, 0xf7, 0x16, 0x5f, 0xe7, 0x2e,
+    0xb6, 0x99, 0xfe, 0x2c, 0xa8, 0xd1, 0x25, 0x82, 0x8c, 0x50, 0x21, 0xfb,
+    0xd1, 0xce, 0xe2, 0xcb, 0xff, 0xef, 0x31, 0xbc, 0x6c, 0x20, 0x0f, 0x4f,
+    0xd2, 0xcb, 0xff, 0xec, 0x60, 0x73, 0x6e, 0x1c, 0x3f, 0x3f, 0xa5, 0x65,
+    0xff, 0x01, 0xa2, 0xe3, 0x79, 0x8e, 0xb2, 0xff, 0x4f, 0xb2, 0x28, 0x3c,
+    0x6b, 0x2f, 0xfe, 0x2c, 0xee, 0x1c, 0x1b, 0x6f, 0x91, 0xac, 0xa8, 0xd3,
+    0x74, 0x19, 0x06, 0x94, 0x00, 0xa2, 0x23, 0x9d, 0xd3, 0x4b, 0xf3, 0x7e,
+    0x7f, 0xc5, 0x97, 0xf9, 0xfb, 0xe3, 0x90, 0xb1, 0x65, 0xf3, 0x69, 0xc0,
+    0xb2, 0xa0, 0x7f, 0x40, 0x27, 0xe1, 0x95, 0xfe, 0x04, 0xef, 0x7f, 0x79,
+    0x96, 0x50, 0x43, 0xe3, 0xf9, 0x7d, 0xff, 0x70, 0x5a, 0xd3, 0x4b, 0x69,
+    0x65, 0x62, 0x72, 0xaf, 0x19, 0xcf, 0xc9, 0x2d, 0xb8, 0xb2, 0xf8, 0xbb,
+    0x8a, 0x56, 0x5f, 0xf4, 0xe7, 0x72, 0xf0, 0x78, 0x2c, 0xbf, 0xb0, 0x1b,
+    0x4b, 0x00, 0xb2, 0xe3, 0xf4, 0xb2, 0x86, 0x78, 0xce, 0x5d, 0x7f, 0xec,
+    0x33, 0x6b, 0x8d, 0xa2, 0x69, 0x59, 0x7e, 0x92, 0xfc, 0x81, 0x65, 0xef,
+    0x81, 0xd6, 0x56, 0x8f, 0x08, 0xe4, 0xd7, 0xc5, 0x8f, 0xb8, 0xb2, 0xfd,
+    0x26, 0x07, 0xe9, 0x59, 0x41, 0x44, 0xf1, 0x64, 0x50, 0x64, 0x78, 0xfb,
+    0xa2, 0x17, 0x84, 0x17, 0x08, 0x83, 0x23, 0xbf, 0x16, 0x79, 0xfe, 0xb2,
+    0xf6, 0xde, 0x74, 0xb2, 0xb7, 0x0f, 0x1b, 0xc4, 0xd7, 0xf9, 0x9c, 0x1a,
+    0xd0, 0xbc, 0xb2, 0xfe, 0x93, 0x70, 0x98, 0xd5, 0x97, 0xf6, 0x7f, 0x77,
+    0xf9, 0xe5, 0x95, 0x88, 0xb5, 0xf1, 0x29, 0x19, 0xf0, 0xb6, 0xfe, 0x8e,
+    0x29, 0xe0, 0xbb, 0x59, 0x7f, 0x83, 0x27, 0x37, 0x5a, 0x95, 0x95, 0x27,
+    0xca, 0xe6, 0x37, 0xff, 0xf7, 0x41, 0x34, 0xe4, 0xdf, 0x09, 0xa9, 0xf9,
+    0x38, 0x16, 0x5d, 0xb0, 0x41, 0x65, 0xe7, 0xc2, 0x59, 0x7f, 0xf7, 0xca,
+    0x40, 0xff, 0x00, 0x65, 0x05, 0x97, 0xe1, 0xb4, 0x4d, 0x2b, 0x2f, 0xd9,
+    0xfd, 0x9c, 0xfa, 0xcb, 0xef, 0x36, 0xb6, 0xb9, 0xe8, 0x91, 0x3d, 0x05,
+    0x1b, 0xa1, 0x8d, 0x81, 0x13, 0x63, 0x85, 0xfc, 0xc7, 0x25, 0x1a, 0xdc,
+    0x21, 0x5a, 0x38, 0x70, 0xe4, 0xa9, 0xbe, 0xa3, 0x8b, 0xee, 0x31, 0x76,
+    0x85, 0x2c, 0x50, 0xf7, 0xd4, 0x7c, 0x5e, 0x8d, 0xd9, 0xe3, 0xc7, 0x04,
+    0x33, 0x4a, 0x5a, 0x2f, 0x23, 0xfa, 0xfc, 0x6e, 0x82, 0x85, 0x06, 0xf2,
+    0x03, 0x17, 0xb6, 0x47, 0x03, 0x1a, 0xdd, 0x84, 0xad, 0xe0, 0xfd, 0xe5,
+    0x97, 0x6e, 0xf9, 0x65, 0xfb, 0x5d, 0x3b, 0xf4, 0xa8, 0x8b, 0x97, 0xb4,
+    0x2f, 0x2c, 0xbf, 0x7c, 0x01, 0x94, 0x12, 0x5f, 0xb9, 0xff, 0x48, 0x16,
+    0x5f, 0x9e, 0x39, 0xd0, 0x96, 0x58, 0x24, 0xa6, 0x09, 0x18, 0xf6, 0x0d,
+    0x68, 0xd9, 0xc7, 0x44, 0x53, 0xb2, 0x51, 0x7e, 0x21, 0x43, 0x38, 0xb2,
+    0xf6, 0xcb, 0x01, 0x65, 0xe2, 0x21, 0xac, 0xba, 0x01, 0x30, 0xf8, 0x58,
+    0x9c, 0x87, 0xe8, 0x22, 0xbd, 0xd8, 0x4a, 0xd4, 0xee, 0x19, 0xf7, 0xff,
+    0x1d, 0xe0, 0x13, 0x35, 0xd3, 0xbf, 0x4a, 0x89, 0x99, 0x7f, 0xf0, 0xc2,
+    0x10, 0x9c, 0x31, 0xf9, 0x8d, 0x59, 0x7f, 0xfb, 0x62, 0x03, 0xff, 0xfe,
+    0xc2, 0x27, 0xfa, 0xcb, 0xde, 0x6e, 0x2c, 0xbe, 0x0a, 0xf2, 0x7e, 0xb2,
+    0xfe, 0x9e, 0x14, 0xff, 0x8b, 0x2b, 0x61, 0x1e, 0x91, 0xc9, 0xa8, 0x28,
+    0x8e, 0x3d, 0x81, 0x37, 0x61, 0xb7, 0x5f, 0xbf, 0xa1, 0x4e, 0xf5, 0x97,
+    0xfe, 0x36, 0x73, 0x5b, 0x70, 0x5a, 0x8d, 0x65, 0x05, 0x4f, 0xb3, 0x61,
+    0x95, 0x5f, 0x60, 0xb5, 0x1a, 0xcb, 0xb6, 0x42, 0x8b, 0x2e, 0x33, 0xeb,
+    0x2b, 0x63, 0x3d, 0x9d, 0x84, 0x46, 0x31, 0xeb, 0xf8, 0x2d, 0x85, 0x02,
+    0x81, 0x5e, 0x4a, 0xcb, 0x44, 0xb2, 0xe9, 0xe2, 0xcb, 0xb6, 0x38, 0x2c,
+    0xad, 0x84, 0x88, 0x48, 0xd0, 0x3b, 0x12, 0x88, 0x5a, 0xff, 0x3f, 0x7c,
+    0x72, 0x16, 0x2c, 0xbf, 0xf4, 0x33, 0xde, 0x78, 0x33, 0x12, 0xca, 0x01,
+    0xf7, 0x7c, 0xca, 0xed, 0x90, 0xa2, 0xcb, 0xf7, 0x18, 0x9e, 0x35, 0x97,
+    0xfe, 0xf3, 0x7f, 0x8f, 0xdc, 0x78, 0x62, 0xcb, 0xff, 0x6f, 0x9f, 0x34,
+    0xc5, 0x14, 0xf4, 0xb2, 0x82, 0xa8, 0xea, 0xd8, 0xc8, 0x82, 0xc1, 0xee,
+    0x89, 0xd9, 0x06, 0xe6, 0x3a, 0xcb, 0xf7, 0xc9, 0xbb, 0xfa, 0xca, 0xe8,
+    0xdf, 0x06, 0x2d, 0x7f, 0xc1, 0x40, 0x1c, 0x3d, 0x34, 0x72, 0xb2, 0xf0,
+    0x53, 0xd1, 0x2c, 0xbd, 0xf7, 0x25, 0x94, 0x14, 0x37, 0xbb, 0x19, 0x15,
+    0xf6, 0xc4, 0x16, 0xb9, 0x2b, 0x2c, 0x25, 0x94, 0x16, 0xcd, 0xf3, 0x16,
+    0xdd, 0xb2, 0x14, 0x59, 0x7f, 0xff, 0xff, 0x05, 0xfb, 0x90, 0xb3, 0x61,
+    0x0f, 0xad, 0xfa, 0x84, 0x5b, 0xc4, 0x16, 0xf6, 0x18, 0x5c, 0x2d, 0x05,
+    0xbd, 0xbb, 0x7d, 0xb2, 0xb2, 0xff, 0xc5, 0x31, 0xe9, 0xfd, 0x27, 0x65,
+    0x97, 0xd8, 0x09, 0x02, 0xcb, 0xfc, 0x4f, 0x16, 0x6f, 0x9e, 0x2c, 0xbf,
+    0xb9, 0xa9, 0xcf, 0xf1, 0x65, 0x84, 0xb2, 0xa4, 0xdf, 0x61, 0x6d, 0xff,
+    0x72, 0x43, 0xf3, 0x42, 0x4e, 0xb2, 0xff, 0x38, 0xdc, 0xfa, 0x9e, 0x2c,
+    0xbf, 0xf6, 0xf1, 0x3f, 0x43, 0x6d, 0xf2, 0x35, 0x97, 0xf4, 0x9d, 0xe1,
+    0x3f, 0x59, 0x7f, 0xf4, 0x9d, 0xff, 0x9d, 0x80, 0xe1, 0xf9, 0x65, 0xff,
+    0xee, 0xb4, 0x28, 0xfb, 0xe3, 0x6b, 0xaf, 0x62, 0xcb, 0xe6, 0xde, 0xe0,
+    0x59, 0x52, 0x7e, 0x5f, 0x4f, 0xa1, 0xa6, 0xf5, 0x86, 0x46, 0xa1, 0xf8,
+    0xb0, 0xa1, 0x71, 0x7c, 0xd1, 0x88, 0x96, 0x5f, 0xb2, 0x3c, 0x04, 0x4b,
+    0x2b, 0x69, 0xe5, 0xfc, 0x8a, 0xfc, 0xdb, 0xa6, 0xb7, 0x4b, 0x2f, 0xf8,
+    0x50, 0xe3, 0x9d, 0xc8, 0x0b, 0x2b, 0x47, 0xc8, 0xe5, 0x97, 0xf4, 0xf3,
+    0x6b, 0x3c, 0x4b, 0x2f, 0xf6, 0xdc, 0x27, 0xd0, 0x36, 0x56, 0x5c, 0x50,
+    0x59, 0x7b, 0x52, 0x6a, 0xcb, 0xff, 0xe7, 0xf6, 0x76, 0x0f, 0x18, 0xfe,
+    0x8b, 0xc2, 0x59, 0x4c, 0x88, 0x68, 0x85, 0x8e, 0x3b, 0x7f, 0x87, 0xa7,
+    0x03, 0xe6, 0x96, 0x5f, 0xd9, 0xc9, 0x0c, 0xa5, 0x65, 0x0d, 0x34, 0xbc,
+    0x85, 0xeb, 0x18, 0x78, 0xca, 0xd8, 0xb2, 0xe7, 0x3a, 0xca, 0xe1, 0xa6,
+    0xdd, 0x10, 0xbb, 0x77, 0xeb, 0x2c, 0x17, 0x59, 0x60, 0x49, 0xaf, 0x10,
+    0xd5, 0xe3, 0xbf, 0xd6, 0x58, 0x2e, 0xb2, 0xb0, 0xd8, 0x90, 0xe5, 0xfb,
+    0x64, 0x64, 0xe6, 0x2c, 0xa9, 0x3c, 0xaf, 0x8f, 0xdf, 0xff, 0xdd, 0x14,
+    0x9f, 0x6c, 0xeb, 0x4d, 0xbf, 0x4e, 0xe0, 0x59, 0x7e, 0x83, 0xfd, 0xcd,
+    0x59, 0x52, 0x88, 0x6c, 0x5e, 0xbe, 0x2c, 0x04, 0xac, 0xa2, 0x3c, 0x1d,
+    0xe4, 0x37, 0x87, 0x83, 0x59, 0x4b, 0x2f, 0xb3, 0xf8, 0x05, 0x96, 0x34,
+    0x06, 0xb0, 0x82, 0xeb, 0x0f, 0xbd, 0xd2, 0x2f, 0xe6, 0x31, 0xb9, 0x9d,
+    0x2c, 0xa6, 0x47, 0x06, 0xa1, 0x25, 0xc2, 0x0b, 0xe6, 0xfc, 0xc1, 0x65,
+    0xe3, 0xcc, 0x16, 0x5f, 0x36, 0xf9, 0xd2, 0xcb, 0xdc, 0x78, 0x96, 0x54,
+    0x9e, 0xe7, 0x87, 0x3e, 0x47, 0x7f, 0x04, 0x88, 0x2b, 0xe7, 0x25, 0x94,
+    0x14, 0x65, 0x3d, 0x6c, 0x21, 0xe8, 0xe1, 0x8e, 0x33, 0xdc, 0x21, 0xe9,
+    0xcb, 0xb1, 0xf6, 0x8e, 0xce, 0x28, 0x4d, 0x6a, 0x11, 0x07, 0x21, 0xf4,
+    0x6f, 0x4e, 0xce, 0x05, 0x32, 0x85, 0x0f, 0xe3, 0xc8, 0xde, 0x68, 0x1b,
+    0xee, 0xe9, 0x75, 0xf3, 0xc0, 0x33, 0xac, 0xbd, 0xd1, 0x01, 0x65, 0xb5,
+    0xa3, 0xc0, 0xe1, 0x1d, 0xe7, 0x2e, 0x96, 0x5e, 0xf9, 0x4a, 0xcb, 0xe2,
+    0x2c, 0xfa, 0xca, 0x0a, 0x9b, 0xb9, 0x1b, 0xae, 0x1f, 0xd9, 0x8a, 0xf7,
+    0xcf, 0xe6, 0x89, 0x65, 0xf1, 0x45, 0x23, 0x59, 0x77, 0x7f, 0x59, 0x7d,
+    0xe8, 0xa4, 0x6b, 0x2f, 0x6a, 0x31, 0xac, 0xbf, 0x6a, 0x43, 0x72, 0x59,
+    0x43, 0x3c, 0x50, 0x0f, 0x54, 0xa7, 0x59, 0x90, 0xa3, 0xe8, 0x8d, 0x88,
+    0xa2, 0x22, 0x71, 0x81, 0x34, 0x5e, 0xf4, 0xf6, 0xb2, 0xfd, 0x27, 0x2c,
+    0x89, 0x65, 0xfc, 0xd8, 0x43, 0xf4, 0xac, 0xb1, 0xd6, 0x58, 0xeb, 0x2e,
+    0x92, 0x59, 0x51, 0x9a, 0x63, 0x04, 0x68, 0x68, 0xac, 0xe8, 0x9f, 0x70,
+    0xaf, 0x86, 0xf4, 0xb2, 0xe9, 0xe2, 0xcb, 0xfb, 0x52, 0x42, 0xcf, 0x2c,
+    0xbf, 0xe7, 0xef, 0x1b, 0xae, 0x9c, 0x6b, 0x2f, 0xb5, 0x38, 0x4b, 0x2f,
+    0x9f, 0xf0, 0x02, 0xcb, 0xfc, 0x23, 0x96, 0x44, 0xd1, 0xac, 0xb0, 0x96,
+    0x5f, 0xe6, 0xe9, 0xf3, 0x59, 0xf5, 0x94, 0x03, 0xc3, 0xe0, 0x8d, 0xfe,
+    0x7d, 0x34, 0xee, 0x31, 0xd6, 0x5e, 0x10, 0x50, 0x96, 0x51, 0xa9, 0xd5,
+    0xf4, 0x2d, 0xa2, 0xc3, 0x9d, 0x78, 0x83, 0x84, 0x5f, 0x77, 0xde, 0x45,
+    0xba, 0x69, 0x7f, 0xda, 0x9c, 0x84, 0xfa, 0x40, 0xb2, 0xff, 0xf6, 0xdf,
+    0x3b, 0x7c, 0x02, 0x22, 0x78, 0x2c, 0xbf, 0xe0, 0xcf, 0x9c, 0x77, 0xee,
+    0x0b, 0x2e, 0x0a, 0x05, 0x56, 0x5f, 0xf7, 0xa5, 0x86, 0xdc, 0x8d, 0xd6,
+    0x50, 0x58, 0x7a, 0xec, 0x3f, 0x50, 0x5c, 0x7e, 0xc8, 0x64, 0xf4, 0x82,
+    0xd1, 0xdb, 0x6a, 0x10, 0xc7, 0x37, 0x02, 0x51, 0x42, 0x46, 0xff, 0xff,
+    0xff, 0xff, 0xf0, 0x58, 0x15, 0xc0, 0xb3, 0x63, 0xd8, 0x5b, 0x0b, 0xa0,
+    0xbc, 0x85, 0xad, 0x8f, 0x51, 0xee, 0xe0, 0x86, 0x16, 0xe7, 0x67, 0xb0,
+    0xfd, 0xb1, 0xcc, 0xec, 0x7b, 0x9b, 0x0f, 0xfb, 0x76, 0xfb, 0x65, 0x65,
+    0xff, 0xf8, 0x1d, 0xc3, 0xc2, 0x9d, 0x04, 0xf3, 0x74, 0xfa, 0x59, 0x6e,
+    0x2c, 0xbc, 0x2d, 0x01, 0x65, 0xc2, 0x86, 0xd3, 0x5d, 0xd0, 0x8d, 0xff,
+    0xbd, 0x85, 0x86, 0xe1, 0x60, 0xd6, 0x5f, 0xfd, 0xd9, 0x93, 0xf1, 0xb6,
+    0xe7, 0x24, 0xeb, 0x2f, 0xb9, 0x9d, 0xfd, 0x65, 0xf6, 0x45, 0x26, 0x2c,
+    0xbf, 0x0f, 0xd2, 0x51, 0xac, 0xbe, 0x62, 0xff, 0x16, 0x5f, 0xff, 0xf1,
+    0xdb, 0x5e, 0x17, 0x21, 0x3b, 0xf5, 0x25, 0xff, 0x64, 0x16, 0x54, 0x11,
+    0x12, 0xc4, 0x37, 0xfe, 0x6f, 0xb7, 0x4c, 0x3f, 0xe7, 0x4b, 0x2a, 0x35,
+    0x41, 0xb0, 0x30, 0xc3, 0xcd, 0x24, 0xf8, 0x8c, 0x88, 0xff, 0x0b, 0x1d,
+    0xd2, 0x2b, 0x8e, 0x35, 0x97, 0x86, 0xdb, 0xd6, 0x5e, 0x91, 0xca, 0xcb,
+    0xf6, 0x7b, 0xd8, 0x05, 0x96, 0xe8, 0xe7, 0x84, 0x43, 0x77, 0xce, 0x63,
+    0xee, 0x2c, 0xa7, 0x3c, 0xd2, 0x28, 0xbf, 0x0b, 0xaf, 0x31, 0x8b, 0x2f,
+    0xbf, 0xb3, 0x9e, 0x59, 0x7f, 0xff, 0x9c, 0xba, 0x2c, 0x1f, 0x85, 0xb7,
+    0xd3, 0x0d, 0x4c, 0x6b, 0x2b, 0x11, 0x10, 0x22, 0x5b, 0xa7, 0xcb, 0x2f,
+    0xe0, 0xca, 0x7d, 0x30, 0x59, 0x7f, 0xff, 0x1a, 0x58, 0x01, 0x73, 0x6c,
+    0x1b, 0xd3, 0xd1, 0x3a, 0xca, 0x35, 0x14, 0x07, 0x16, 0x72, 0xdb, 0xfe,
+    0x6e, 0xa2, 0x87, 0xa4, 0x8d, 0x59, 0x7a, 0x4f, 0xf5, 0x94, 0x47, 0xae,
+    0x61, 0xdd, 0xfe, 0xc3, 0x27, 0xe4, 0xfc, 0x59, 0x79, 0xbc, 0xcb, 0x2a,
+    0x4f, 0xbd, 0x88, 0xbe, 0x65, 0x74, 0x92, 0xcb, 0xec, 0xe8, 0x78, 0xb2,
+    0xf8, 0x86, 0x1f, 0x6b, 0x2e, 0x17, 0xd6, 0x5e, 0x7d, 0x43, 0x69, 0xee,
+    0xb9, 0x16, 0xc9, 0x25, 0x6c, 0x6c, 0x86, 0xf9, 0x8c, 0xbf, 0x25, 0x4a,
+    0x9a, 0xf4, 0xc2, 0xfa, 0x85, 0x69, 0xc8, 0x3d, 0x0b, 0x27, 0x86, 0x11,
+    0x43, 0xdb, 0xe5, 0xa2, 0x72, 0xbf, 0xc6, 0xbe, 0xfe, 0xb3, 0xbf, 0xac,
+    0xbb, 0x7e, 0xe2, 0xca, 0x34, 0xf5, 0x1c, 0xe2, 0xff, 0xfd, 0xad, 0x36,
+    0x6f, 0x21, 0x73, 0x6f, 0x04, 0xfc, 0x59, 0x4b, 0x2f, 0xff, 0xb8, 0xdb,
+    0x39, 0xd7, 0x98, 0x88, 0x5a, 0x8d, 0x65, 0x68, 0xf7, 0xbe, 0x17, 0x7f,
+    0x7f, 0x0f, 0xde, 0x1d, 0x65, 0x4a, 0x60, 0xf9, 0x0b, 0x76, 0x22, 0xbf,
+    0xc7, 0x3b, 0xc3, 0x8d, 0x05, 0x97, 0xf8, 0xdd, 0xb3, 0xd8, 0x35, 0x2b,
+    0x2b, 0x0f, 0xa9, 0xcc, 0xe9, 0x93, 0xe6, 0xf4, 0x65, 0x25, 0x09, 0xdb,
+    0xff, 0xdb, 0xf0, 0x7e, 0x9d, 0xe7, 0x92, 0x70, 0xd6, 0x5a, 0x25, 0x95,
+    0x87, 0xbe, 0x24, 0xdb, 0xfe, 0x87, 0x5e, 0x63, 0x24, 0x86, 0xb2, 0xfe,
+    0x1b, 0xc3, 0x8d, 0x05, 0x95, 0xa4, 0x44, 0x39, 0x08, 0x8e, 0xaf, 0x84,
+    0x5f, 0xe2, 0xcb, 0xfb, 0x82, 0x62, 0x6e, 0x2c, 0xbd, 0x3a, 0x95, 0x95,
+    0xb4, 0xf1, 0xfc, 0x59, 0x5d, 0x22, 0x37, 0x4d, 0x37, 0xa1, 0xb2, 0x62,
+    0xcb, 0x80, 0xcb, 0x2f, 0xc7, 0x87, 0x83, 0xe2, 0xcb, 0x6b, 0x69, 0xe0,
+    0x06, 0x2d, 0x7e, 0x73, 0x0b, 0x06, 0xb2, 0xa5, 0x16, 0x6c, 0xc3, 0xa2,
+    0xbb, 0xff, 0x14, 0xf4, 0x6b, 0xe6, 0x98, 0x0b, 0x2f, 0xee, 0x63, 0x6b,
+    0x4e, 0xb2, 0xfd, 0xcd, 0xa0, 0x7f, 0xac, 0xa8, 0xd1, 0x28, 0x03, 0xef,
+    0x96, 0x5d, 0x3a, 0x59, 0x7f, 0xf4, 0x79, 0xc6, 0x7f, 0x04, 0x30, 0xc3,
+    0x12, 0x59, 0x80, 0x7c, 0x04, 0x2d, 0x7f, 0xc2, 0x7d, 0x6c, 0x8b, 0xcd,
+    0xa5, 0x95, 0x28, 0xf3, 0x1c, 0x24, 0x7c, 0x4d, 0x7f, 0x77, 0x9e, 0x17,
+    0x60, 0x59, 0x6f, 0x2c, 0xbf, 0x8f, 0xcf, 0x49, 0x7d, 0x65, 0xe8, 0xfc,
+    0x25, 0x97, 0xfe, 0xf3, 0xf3, 0xd9, 0xbf, 0x3f, 0xc5, 0x95, 0x27, 0xbc,
+    0xe3, 0xd4, 0xc8, 0xab, 0xf4, 0x22, 0xef, 0xcc, 0x2e, 0x9a, 0x35, 0x95,
+    0x89, 0x9e, 0x74, 0x61, 0xf8, 0x5e, 0x6c, 0x93, 0xdf, 0xf1, 0x64, 0x9a,
+    0xff, 0x73, 0x56, 0x5f, 0xd0, 0x0f, 0xfc, 0x9f, 0xac, 0xbf, 0xc7, 0xce,
+    0x89, 0xf3, 0xa5, 0x97, 0x0a, 0x25, 0x97, 0x43, 0x92, 0x79, 0x60, 0x33,
+    0xbe, 0x3f, 0x03, 0xe2, 0xcb, 0xdd, 0x0b, 0xa5, 0x95, 0x28, 0xea, 0xed,
+    0xe9, 0x8b, 0x44, 0x49, 0x7f, 0xdf, 0xfc, 0x9f, 0x30, 0x8d, 0x59, 0x7f,
+    0xfd, 0xff, 0x66, 0xef, 0xf3, 0xc5, 0x9f, 0xf3, 0x2c, 0xae, 0xd1, 0x12,
+    0x47, 0x17, 0xf1, 0x3f, 0xe1, 0x26, 0xac, 0xbf, 0xd8, 0x01, 0x89, 0xf5,
+    0x05, 0x95, 0x27, 0xc1, 0x19, 0x6d, 0xfc, 0xee, 0x3d, 0xf8, 0x35, 0x97,
+    0x9d, 0xfa, 0x54, 0x59, 0xeb, 0xfd, 0x24, 0x6e, 0x85, 0x24, 0xb2, 0xfe,
+    0x03, 0x94, 0x18, 0xeb, 0x2a, 0x53, 0x5a, 0x8e, 0x10, 0x63, 0x22, 0xe8,
+    0xb9, 0x8a, 0x40, 0x65, 0x7f, 0xbd, 0xfe, 0x3f, 0x61, 0x9d, 0x65, 0xfe,
+    0x98, 0x37, 0xe7, 0xfc, 0x59, 0x7f, 0xb8, 0x23, 0xb7, 0xc0, 0xeb, 0x2f,
+    0x07, 0xe9, 0x59, 0x50, 0x3d, 0x00, 0x19, 0xde, 0x18, 0xdd, 0x65, 0x79,
+    0x18, 0x05, 0x08, 0x2f, 0x91, 0x5f, 0xd0, 0x0f, 0x3c, 0xfd, 0xac, 0xa9,
+    0x4d, 0x65, 0xa1, 0xec, 0xe6, 0x97, 0xfc, 0x6b, 0x96, 0x6f, 0x2c, 0xe2,
     0xcb, 0xfb, 0x79, 0x67, 0x30, 0x96, 0x5b, 0x71, 0x65, 0x61, 0xe0, 0xf0,
-    0xb6, 0xf3, 0x4a, 0x16, 0x59, 0xe7, 0x1b, 0xce, 0x10, 0xdb, 0x46, 0xa3,
-    0x7b, 0xf0, 0xb6, 0xbf, 0xcc, 0x3c, 0x39, 0x99, 0xf5, 0x96, 0xd9, 0x65,
-    0xff, 0xff, 0x67, 0xb9, 0x9d, 0xb9, 0x02, 0x76, 0xa0, 0x83, 0xe8, 0xfa,
-    0xcb, 0xf7, 0x06, 0xd0, 0x4b, 0x2a, 0x11, 0xa4, 0x73, 0x32, 0x12, 0xf3,
-    0x3d, 0xff, 0xdc, 0xf3, 0x4c, 0x63, 0x8e, 0x3a, 0xe2, 0xca, 0x64, 0xe0,
-    0xde, 0x30, 0x10, 0x9d, 0xdc, 0x00, 0x2c, 0xbc, 0x61, 0x86, 0x24, 0xbf,
-    0xe9, 0x70, 0xb3, 0xb1, 0xe6, 0x92, 0x0b, 0x34, 0x16, 0x92, 0xca, 0x64,
-    0x49, 0xb9, 0xbf, 0x92, 0xef, 0xfa, 0x43, 0xfc, 0x14, 0x61, 0x8b, 0x2f,
-    0xdb, 0xa1, 0x3e, 0x0d, 0x65, 0xff, 0xf6, 0xf2, 0x0c, 0xb3, 0x7b, 0x7a,
-    0x3b, 0xcf, 0xac, 0xbf, 0x66, 0xf9, 0xd2, 0x3a, 0xcb, 0x7a, 0x0f, 0xff,
-    0xea, 0x75, 0x09, 0x84, 0xe1, 0xc0, 0x61, 0x55, 0x7f, 0xee, 0xa4, 0x41,
-    0x04, 0xee, 0xce, 0x05, 0x97, 0x41, 0xab, 0x2f, 0xf8, 0x70, 0x50, 0x09,
-    0x7d, 0x96, 0x5f, 0x1b, 0xe6, 0xd9, 0x65, 0x42, 0x2d, 0xb6, 0x44, 0x61,
-    0x70, 0x9b, 0xdf, 0xef, 0xb0, 0xc9, 0xde, 0x65, 0x97, 0xf8, 0x7f, 0x0b,
-    0x82, 0x7f, 0x16, 0x5f, 0x38, 0x23, 0x4b, 0x2a, 0x11, 0x12, 0xc6, 0x5c,
-    0x36, 0xbe, 0x8f, 0x66, 0xcb, 0x2f, 0xf4, 0x4e, 0xf6, 0x73, 0x90, 0xb2,
-    0xfe, 0x18, 0x83, 0x0f, 0xb8, 0xb2, 0x8d, 0x44, 0x36, 0x88, 0x88, 0xd2,
-    0xfe, 0xce, 0x4b, 0xe2, 0x71, 0x65, 0x31, 0xef, 0x91, 0x85, 0xe8, 0x23,
-    0x56, 0x54, 0x9b, 0x25, 0x21, 0xc6, 0x43, 0x90, 0xbc, 0x36, 0x1a, 0xfd,
-    0xc7, 0x6b, 0xd4, 0x6e, 0x0c, 0x8d, 0x34, 0x64, 0x5a, 0x94, 0x3e, 0x78,
-    0xd8, 0x7f, 0x2a, 0x50, 0x10, 0xc8, 0x28, 0xcd, 0xf9, 0x0e, 0xaf, 0x43,
-    0x17, 0x7c, 0x62, 0x62, 0x10, 0x5f, 0xf6, 0x68, 0xb3, 0x7b, 0xea, 0x4b,
-    0x2e, 0x07, 0x16, 0x5f, 0x8b, 0xd8, 0x03, 0xac, 0xbe, 0xd3, 0x47, 0x96,
-    0x5f, 0xdc, 0x2c, 0x9a, 0x0e, 0xb2, 0x80, 0x79, 0xde, 0x21, 0xa7, 0x44,
-    0xb8, 0x5d, 0x6e, 0x8f, 0x2c, 0xbe, 0x03, 0x99, 0xe5, 0x97, 0xf9, 0xcc,
-    0xfb, 0x46, 0xa1, 0x65, 0xfc, 0x13, 0xf0, 0x3a, 0xd9, 0x65, 0xf9, 0xb7,
-    0xc1, 0x79, 0x65, 0x42, 0x79, 0x83, 0x39, 0x36, 0x15, 0xdd, 0x11, 0x30,
-    0xb6, 0x88, 0xc8, 0xcb, 0x86, 0x17, 0xfe, 0xd3, 0x72, 0x42, 0x7e, 0x0a,
-    0x16, 0x5f, 0x69, 0xa0, 0xeb, 0x2f, 0xff, 0xde, 0x34, 0x31, 0x83, 0xfe,
-    0x73, 0xa9, 0x47, 0xd6, 0x56, 0x91, 0x6c, 0x73, 0xe2, 0x21, 0xbe, 0x00,
-    0x75, 0xb2, 0xcb, 0xd3, 0x07, 0x4b, 0x2e, 0x79, 0x2c, 0xbf, 0x8f, 0x85,
-    0xe9, 0xfc, 0x59, 0x7f, 0xff, 0xb3, 0xc1, 0x01, 0xde, 0x4e, 0x38, 0x27,
-    0xd3, 0xc9, 0x65, 0xfc, 0x4e, 0x67, 0xb3, 0xf8, 0x88, 0xd2, 0x2f, 0xbf,
-    0xd9, 0xff, 0x87, 0xce, 0x4b, 0x2e, 0x61, 0xac, 0xbf, 0xbf, 0xdb, 0xe9,
-    0xe4, 0xb2, 0xdd, 0xc8, 0xf1, 0x30, 0x5a, 0xf3, 0x4d, 0xc5, 0x95, 0x07,
-    0x8a, 0x72, 0x8b, 0xff, 0xbc, 0xdf, 0x73, 0xcf, 0x87, 0xed, 0xa5, 0x97,
-    0xf3, 0xf8, 0xf1, 0x9e, 0x59, 0x4e, 0x7e, 0x61, 0x47, 0xbd, 0xf8, 0xe2,
-    0xca, 0x1a, 0xa7, 0x29, 0xa1, 0x47, 0xa4, 0x33, 0xc2, 0xec, 0xa1, 0x29,
-    0xe2, 0x1b, 0xef, 0xf4, 0xfb, 0x8b, 0x2f, 0xdf, 0x73, 0xb7, 0x16, 0x50,
-    0xcf, 0x37, 0xb2, 0x6a, 0xc5, 0x6d, 0x0d, 0x2a, 0x41, 0xe1, 0x6b, 0x7e,
-    0x6f, 0xb9, 0xd9, 0x65, 0xe7, 0x20, 0x2c, 0xa9, 0xc7, 0x83, 0xd9, 0x35,
-    0xed, 0xf8, 0x35, 0x96, 0xd6, 0xc7, 0x87, 0x31, 0x2d, 0xcf, 0xf5, 0x97,
-    0xd3, 0x49, 0xc9, 0x65, 0x68, 0xdc, 0x70, 0x5a, 0xff, 0x6e, 0xeb, 0x37,
-    0x48, 0x26, 0x2c, 0xad, 0x8f, 0x6c, 0xc2, 0x1b, 0xdb, 0xac, 0x35, 0x95,
-    0x87, 0x86, 0xe4, 0x95, 0x0b, 0xb3, 0x4c, 0x5f, 0xf9, 0x71, 0x8f, 0x0b,
-    0xf2, 0x8c, 0x02, 0xfe, 0x3f, 0x73, 0xb0, 0xfc, 0x59, 0x7f, 0xff, 0xfc,
-    0x0e, 0x66, 0x11, 0xa2, 0x68, 0xa3, 0x3e, 0x2f, 0x85, 0x9b, 0x1f, 0x0e,
-    0xb2, 0xed, 0x62, 0xcb, 0xb8, 0xcb, 0x2b, 0x63, 0x59, 0xa1, 0x6b, 0x84,
-    0x92, 0xcb, 0xe6, 0xde, 0xdb, 0xd6, 0x5f, 0x41, 0x08, 0x75, 0x95, 0x88,
-    0x81, 0x39, 0x13, 0x8c, 0x08, 0x4b, 0x58, 0x9b, 0x47, 0xa3, 0x2c, 0xb8,
-    0x1c, 0x59, 0x7d, 0x38, 0xa3, 0xb5, 0x97, 0xcf, 0xf8, 0x11, 0x65, 0x61,
-    0xee, 0xfc, 0x5f, 0x79, 0x25, 0xf4, 0x19, 0x83, 0x59, 0x7f, 0xfc, 0x1e,
-    0xa5, 0xc1, 0xfe, 0x34, 0x37, 0x73, 0x16, 0x5d, 0x3d, 0x8a, 0x8b, 0x2b,
-    0x13, 0x4b, 0x68, 0x43, 0x68, 0xc0, 0x88, 0x84, 0x52, 0xbb, 0x3c, 0xb2,
-    0xe3, 0xb2, 0xca, 0x19, 0xac, 0x21, 0x6b, 0xe3, 0x23, 0xae, 0x2c, 0xbd,
-    0xe1, 0x31, 0x65, 0xd1, 0xb2, 0xca, 0x73, 0x69, 0xc1, 0xdb, 0xc3, 0x89,
-    0x2c, 0xbf, 0x4d, 0x28, 0xeb, 0xcb, 0x2f, 0xee, 0xfe, 0xdb, 0xdf, 0x4b,
-    0x2d, 0x1b, 0x1e, 0xd6, 0x15, 0x5d, 0x9f, 0x59, 0x4e, 0x8b, 0x32, 0x76,
-    0x9f, 0x27, 0xbb, 0x06, 0xb2, 0xef, 0x0a, 0xd6, 0x56, 0xcb, 0xa1, 0x72,
-    0x95, 0xc9, 0x8f, 0x5f, 0x20, 0xe2, 0xc7, 0xa1, 0xa7, 0xbc, 0xc6, 0x7c,
-    0x5a, 0xfd, 0xa0, 0x1d, 0xb8, 0xb2, 0xe8, 0xde, 0xb2, 0xb0, 0xf0, 0x37,
-    0x94, 0x5e, 0xf8, 0x4c, 0x59, 0x7b, 0xef, 0xb2, 0xcb, 0xf7, 0x3c, 0xd1,
-    0xd2, 0xcb, 0x83, 0xda, 0xca, 0x91, 0xe0, 0x00, 0xa2, 0xf7, 0xb0, 0x45,
-    0x97, 0xf1, 0xc3, 0xcf, 0x67, 0x96, 0x5f, 0xe3, 0x1f, 0xbc, 0x2c, 0x1a,
-    0xcb, 0xf3, 0xff, 0xa9, 0x71, 0x65, 0x42, 0x22, 0xb8, 0x5c, 0x13, 0x3b,
-    0xf6, 0x70, 0x11, 0x32, 0xcb, 0xfa, 0x3a, 0xe4, 0xed, 0x42, 0xcb, 0xd2,
-    0x8e, 0x2c, 0xb0, 0x56, 0x54, 0x8d, 0x68, 0x07, 0x2f, 0x0c, 0x3d, 0xac,
-    0xbe, 0x19, 0x44, 0x96, 0x54, 0x1f, 0x03, 0x10, 0xb8, 0xf5, 0xec, 0x61,
-    0xac, 0xbf, 0xfc, 0x24, 0xee, 0xbc, 0x51, 0x93, 0xb3, 0xaf, 0x2c, 0xbf,
-    0xe8, 0xfb, 0x44, 0xd3, 0x47, 0x6b, 0x2a, 0x15, 0xa6, 0x0c, 0x8c, 0xd1,
-    0xee, 0x97, 0x58, 0x8a, 0x68, 0x53, 0xe8, 0xbc, 0xe5, 0x1f, 0x85, 0xef,
-    0x8b, 0x02, 0x37, 0xbd, 0x42, 0xff, 0x34, 0xce, 0x4d, 0xd7, 0x16, 0x5d,
-    0x9d, 0xac, 0xbf, 0xc5, 0xee, 0x14, 0x7b, 0x8b, 0x2f, 0xf7, 0xcb, 0x18,
-    0x10, 0x05, 0x97, 0xe6, 0xdf, 0x85, 0xc5, 0x97, 0xff, 0xf4, 0x7c, 0x3d,
-    0x47, 0xbb, 0xfc, 0x68, 0x38, 0x19, 0x96, 0x56, 0x23, 0xa5, 0x8c, 0xb4,
-    0x63, 0xf2, 0x8b, 0xf7, 0xb3, 0xe1, 0xdc, 0x59, 0x7f, 0xed, 0xbe, 0xc7,
-    0x8d, 0xcf, 0xe6, 0xcb, 0x2b, 0xa3, 0xee, 0xd1, 0x5d, 0xfd, 0xac, 0xff,
-    0xc3, 0xe5, 0x97, 0xef, 0x94, 0x66, 0x94, 0x5f, 0xd9, 0xad, 0x82, 0xe3,
-    0x54, 0x41, 0xa1, 0x66, 0x9a, 0xda, 0xd9, 0x14, 0x32, 0x54, 0xbe, 0x2f,
-    0xe7, 0x4b, 0x2a, 0x13, 0x10, 0x68, 0x62, 0x39, 0x55, 0xf9, 0xfb, 0x63,
-    0xc2, 0xcb, 0xfa, 0x5f, 0x27, 0xeb, 0xcb, 0x2b, 0xb3, 0xd5, 0x22, 0x7b,
-    0xe1, 0x09, 0xf6, 0x59, 0x7e, 0xe3, 0x69, 0x80, 0xb2, 0xb0, 0xfb, 0x38,
-    0x45, 0xba, 0x47, 0x7e, 0x8f, 0x4e, 0x39, 0x8b, 0x2f, 0xfd, 0xb7, 0xbf,
-    0x1f, 0xcd, 0xef, 0x25, 0x97, 0x8f, 0x1d, 0xac, 0xbe, 0x20, 0x07, 0x8b,
-    0x2b, 0x0d, 0xfe, 0x87, 0x6a, 0x11, 0x40, 0xd0, 0x80, 0xbf, 0x3e, 0xc4,
-    0xe6, 0xac, 0xbf, 0xe1, 0xf3, 0x99, 0xa1, 0xff, 0x16, 0x5f, 0xf7, 0x1c,
-    0xa2, 0x66, 0x1e, 0xcb, 0x2f, 0xf4, 0x98, 0xf1, 0xf1, 0x06, 0xb2, 0xff,
-    0xf4, 0x61, 0x75, 0xec, 0xd3, 0x6c, 0xe7, 0x59, 0x76, 0x7e, 0x72, 0x2d,
-    0xb8, 0x73, 0xe3, 0x4b, 0xb3, 0x8b, 0x2c, 0x67, 0x8f, 0x4e, 0x7c, 0xf6,
-    0xa1, 0x36, 0xe7, 0x8d, 0x0a, 0xff, 0xb2, 0x5f, 0xc2, 0x7d, 0x1a, 0xb2,
-    0xe3, 0x98, 0xb2, 0x85, 0x9e, 0x84, 0x8e, 0x2f, 0xd0, 0x7f, 0x67, 0xd6,
-    0x54, 0xe5, 0xf5, 0xb9, 0xe0, 0xce, 0x23, 0x00, 0x94, 0x77, 0x39, 0x0f,
-    0x4d, 0x18, 0xfe, 0x19, 0x6e, 0x4c, 0x51, 0xcb, 0x05, 0xe3, 0x74, 0x92,
-    0xe1, 0xc2, 0xcb, 0xb2, 0x4b, 0x2f, 0xff, 0xcd, 0xdb, 0x0f, 0xd2, 0x09,
-    0x7b, 0x9f, 0x79, 0x2c, 0xbf, 0xfe, 0xfc, 0x1e, 0x77, 0xe1, 0xf4, 0x32,
-    0x89, 0x2c, 0xa7, 0x46, 0x97, 0x05, 0xbc, 0x2c, 0x15, 0x6b, 0xb0, 0x45,
-    0x97, 0xf9, 0xfc, 0xf8, 0x36, 0xde, 0xb2, 0xf8, 0x1f, 0x81, 0xac, 0xbf,
-    0xbe, 0xc6, 0x14, 0x0d, 0x65, 0xff, 0x40, 0x0f, 0x18, 0x5e, 0xe2, 0xcb,
-    0xfe, 0xe6, 0x19, 0xf7, 0x3b, 0x71, 0x65, 0xfb, 0x35, 0xb0, 0x78, 0xb2,
-    0xbb, 0x4c, 0x6d, 0x8c, 0xe6, 0x22, 0xf9, 0x6f, 0x0d, 0xf7, 0x9c, 0xdf,
-    0x9b, 0xa9, 0x31, 0x2c, 0xbc, 0xdf, 0xc5, 0x97, 0xf7, 0x9c, 0xe7, 0x83,
-    0xac, 0xac, 0x3e, 0xfe, 0xc9, 0xfa, 0x1b, 0xa5, 0x94, 0x73, 0x76, 0x61,
-    0x85, 0xff, 0x07, 0x69, 0xd9, 0xef, 0xc7, 0x96, 0x5c, 0xd3, 0x2c, 0xa8,
-    0x3f, 0x5e, 0xc8, 0xb7, 0x4f, 0x2f, 0xfe, 0x20, 0x9a, 0x70, 0xfb, 0xf0,
-    0x11, 0x5a, 0xcb, 0xe3, 0xc6, 0x8d, 0x59, 0x7d, 0x80, 0x03, 0xac, 0xbc,
-    0x27, 0xdd, 0x65, 0x61, 0xf0, 0x91, 0x1c, 0xf9, 0x0d, 0x6c, 0x8d, 0xb3,
-    0x21, 0x57, 0x7c, 0x24, 0x17, 0x6b, 0x2f, 0x73, 0xf0, 0xb2, 0xa4, 0x6f,
-    0xc6, 0x47, 0x7e, 0x2d, 0x18, 0xfb, 0x2c, 0xa8, 0x45, 0x9e, 0x34, 0xb9,
-    0x0d, 0xf8, 0xb3, 0xdf, 0x65, 0x97, 0xdd, 0xfe, 0x0c, 0x59, 0x7e, 0xcf,
-    0x71, 0x8e, 0xb2, 0xe0, 0x92, 0xcb, 0xc5, 0x9b, 0x2c, 0xa8, 0x5d, 0x78,
-    0x91, 0xe6, 0x46, 0x64, 0xd1, 0xbd, 0x6a, 0x3c, 0x0f, 0x96, 0x8a, 0xc9,
-    0x88, 0x93, 0x84, 0xe2, 0x0b, 0x5f, 0xf4, 0x1e, 0x3c, 0xc5, 0x92, 0x59,
-    0x69, 0x2c, 0xbe, 0xe0, 0x60, 0x0b, 0x2e, 0x0e, 0xea, 0xca, 0xd2, 0x20,
-    0xfe, 0x6c, 0x01, 0x12, 0x22, 0xbb, 0x09, 0x65, 0xfb, 0x82, 0x73, 0xe1,
-    0x59, 0x5f, 0x37, 0xfe, 0x15, 0xbf, 0xfd, 0xa6, 0x83, 0xe4, 0xec, 0xfb,
-    0x61, 0xd6, 0x5f, 0x37, 0x21, 0xd6, 0x54, 0xe3, 0xe9, 0xe2, 0x4d, 0xfe,
-    0xc2, 0xce, 0xbd, 0x23, 0xac, 0xbb, 0xd0, 0xb2, 0xa0, 0xf2, 0x5c, 0xce,
-    0xff, 0x9e, 0x43, 0x60, 0x8a, 0xdb, 0x4b, 0x2f, 0xd8, 0x45, 0x03, 0x59,
-    0x7d, 0xf7, 0xfc, 0x2c, 0xbf, 0xa3, 0x63, 0xbc, 0xd0, 0xb2, 0xda, 0x59,
-    0x52, 0x3e, 0x09, 0x88, 0x42, 0x5d, 0x7f, 0xfc, 0xe6, 0xfa, 0x34, 0x0d,
-    0x47, 0x89, 0xc0, 0xb2, 0xff, 0x47, 0x63, 0xf8, 0x5f, 0x8b, 0x2e, 0x73,
-    0x56, 0x5f, 0xdb, 0x16, 0x7b, 0x50, 0xb2, 0xfb, 0xb1, 0x3d, 0xc5, 0x97,
-    0xf1, 0x60, 0x30, 0xa4, 0xb2, 0xff, 0xf8, 0xd9, 0xc2, 0x13, 0xfb, 0x8d,
-    0xd7, 0xd8, 0xc5, 0x95, 0x88, 0x80, 0x72, 0xbb, 0xda, 0x83, 0x56, 0x54,
-    0x26, 0x20, 0xc5, 0xa5, 0x0a, 0x5e, 0x10, 0xd4, 0x2e, 0x36, 0xe3, 0xdb,
-    0x42, 0x2b, 0x4d, 0xa7, 0x20, 0xf9, 0xe3, 0xc2, 0x14, 0x8c, 0x38, 0x9f,
-    0xe3, 0x40, 0xc6, 0x4f, 0x77, 0x37, 0xac, 0xb9, 0xbc, 0xb2, 0xf9, 0x89,
-    0xc6, 0xb2, 0xe1, 0x3c, 0xb2, 0xff, 0xc7, 0xcf, 0x70, 0x4e, 0x3c, 0xb1,
-    0x65, 0xfb, 0x91, 0xaf, 0x42, 0xc1, 0x66, 0xfe, 0x86, 0x8b, 0x0d, 0x10,
-    0x71, 0x5e, 0xe6, 0x15, 0xac, 0xbe, 0x33, 0x24, 0xcb, 0x2f, 0x63, 0x1a,
-    0xb2, 0xfa, 0x67, 0x7d, 0x2c, 0xa7, 0x3e, 0x02, 0x22, 0x10, 0x72, 0xf6,
-    0x36, 0xf5, 0x97, 0xa4, 0x21, 0xd6, 0x57, 0xcd, 0xdb, 0x8e, 0xdf, 0xdc,
-    0x6d, 0x60, 0x74, 0xb2, 0xff, 0xfe, 0x9a, 0x73, 0x76, 0x1d, 0x70, 0x33,
-    0x8e, 0xde, 0xfb, 0x2c, 0xba, 0x0d, 0x59, 0x50, 0x7f, 0x2c, 0xc5, 0x58,
-    0xab, 0x60, 0xd1, 0x96, 0x86, 0x34, 0xc6, 0x07, 0x7a, 0xfb, 0x4f, 0x88,
-    0x37, 0x61, 0x4d, 0x71, 0xc5, 0x2a, 0x8b, 0xf1, 0x7e, 0xdb, 0xa9, 0x40,
-    0xd6, 0x5f, 0xb0, 0x9b, 0xa9, 0x2c, 0xbd, 0xac, 0xc5, 0x95, 0x3d, 0x9f,
-    0x63, 0x15, 0x70, 0x9e, 0xf1, 0x40, 0x16, 0x5e, 0x6c, 0xfa, 0xcb, 0x8b,
-    0xb8, 0x36, 0xda, 0x1b, 0xbf, 0xfa, 0x5e, 0x0c, 0xa4, 0x7f, 0x7a, 0x0e,
-    0xb2, 0xff, 0x7b, 0x91, 0xb6, 0x70, 0x6b, 0x2e, 0xfe, 0x2c, 0xbf, 0xfe,
-    0xfc, 0x0f, 0x3b, 0x9d, 0x85, 0x83, 0xfc, 0x2c, 0xbf, 0xed, 0x47, 0xdb,
-    0x7e, 0xa2, 0x4b, 0x2f, 0xff, 0xf0, 0x23, 0xa9, 0x70, 0x79, 0x85, 0x9d,
-    0xfd, 0x83, 0xe5, 0x97, 0xff, 0x36, 0x16, 0x67, 0x27, 0x4b, 0x87, 0x59,
-    0x7f, 0xe7, 0x8e, 0xa5, 0x3b, 0x9d, 0x0e, 0x16, 0x5f, 0xcf, 0xb1, 0x66,
-    0xc1, 0x59, 0x43, 0x55, 0x89, 0x8d, 0x3d, 0x16, 0x32, 0x36, 0xe1, 0xa4,
-    0xc2, 0xda, 0x50, 0x01, 0xd7, 0x18, 0x7c, 0x89, 0x3e, 0x85, 0x78, 0xd8,
-    0xd2, 0xcb, 0xe3, 0xb8, 0xc2, 0xb2, 0xff, 0x09, 0x1f, 0x6e, 0x40, 0x8b,
-    0x2f, 0x80, 0x4f, 0x25, 0x97, 0xf7, 0xd8, 0xee, 0xfb, 0xab, 0x2f, 0x07,
-    0xae, 0x2c, 0xbc, 0x59, 0xba, 0xb2, 0xf1, 0xf3, 0x7a, 0xca, 0x9c, 0x7b,
-    0x58, 0x3c, 0xe3, 0xd7, 0xb4, 0xdb, 0x2c, 0xbf, 0x87, 0x00, 0xd6, 0x74,
-    0xb2, 0xd3, 0xeb, 0x28, 0x5a, 0x75, 0x70, 0x3a, 0x32, 0x23, 0x4d, 0x3b,
-    0x21, 0x9a, 0x11, 0x3a, 0x2f, 0x38, 0xe8, 0xac, 0xba, 0xff, 0x98, 0xd8,
-    0xd1, 0x63, 0x1a, 0xb2, 0xee, 0xf6, 0x59, 0x7e, 0xc6, 0xd4, 0xd2, 0x59,
-    0x7c, 0x4f, 0xee, 0x2c, 0xb4, 0x1c, 0xf2, 0x77, 0x94, 0x5c, 0xd3, 0x2c,
-    0xbf, 0xf6, 0x6d, 0x3b, 0xf1, 0x33, 0x75, 0x25, 0x97, 0xf4, 0x1a, 0x32,
-    0x8e, 0x96, 0x54, 0x1f, 0x8e, 0x90, 0xef, 0x8a, 0x34, 0x6a, 0xcb, 0xe8,
-    0x2c, 0x35, 0x65, 0xee, 0x41, 0xab, 0x2f, 0xf3, 0xe7, 0x5e, 0xf3, 0xfd,
-    0x65, 0xff, 0xc1, 0x1e, 0x6a, 0x24, 0xc3, 0x82, 0x59, 0x7f, 0xc4, 0xfb,
-    0x46, 0xb4, 0xf2, 0x59, 0x52, 0x3f, 0xaf, 0xa1, 0x5f, 0xf8, 0xf9, 0xce,
-    0x61, 0x02, 0x7f, 0x16, 0x5f, 0xff, 0x69, 0xf8, 0x59, 0xb0, 0x92, 0x0c,
-    0x31, 0x2c, 0xa8, 0x45, 0x8b, 0x91, 0x05, 0x02, 0xba, 0x4e, 0xa7, 0xe3,
-    0xbe, 0x8d, 0x7a, 0xff, 0xff, 0x37, 0x01, 0x93, 0x9b, 0x7c, 0x7d, 0xa2,
-    0x69, 0xa3, 0xb5, 0x97, 0xbc, 0xdb, 0x2c, 0xbf, 0x01, 0xfa, 0x89, 0x96,
-    0x5e, 0x28, 0xed, 0x65, 0xff, 0x9a, 0x6f, 0xc6, 0xba, 0x94, 0x69, 0x65,
-    0xff, 0xef, 0x7e, 0x37, 0xf0, 0x9f, 0xd3, 0x36, 0xf5, 0x97, 0xfe, 0x63,
-    0xe6, 0xb2, 0x26, 0x63, 0xac, 0xac, 0x44, 0x5e, 0x93, 0xa8, 0x68, 0xed,
-    0xe4, 0x32, 0xef, 0xb3, 0xd0, 0x35, 0x97, 0xff, 0x98, 0x9f, 0xae, 0x73,
-    0x34, 0x3f, 0xe2, 0xca, 0x9c, 0xba, 0x27, 0x28, 0x44, 0x61, 0x0f, 0x64,
-    0x4d, 0x1e, 0x56, 0x8e, 0x0e, 0xca, 0xe3, 0xa4, 0x53, 0xc8, 0xc2, 0x4c,
-    0x28, 0xdd, 0x21, 0xb4, 0x2c, 0xa5, 0x97, 0xb3, 0x00, 0xb2, 0xf7, 0xdb,
-    0xcb, 0x2d, 0xbf, 0x0f, 0x49, 0x84, 0x08, 0x2c, 0x41, 0xbb, 0xf6, 0xb6,
-    0x0b, 0x8d, 0x65, 0xa7, 0xd6, 0x56, 0x1b, 0xd1, 0x0a, 0x6f, 0x46, 0xef,
-    0x16, 0x51, 0xa7, 0x81, 0xd9, 0x0d, 0xfb, 0x5a, 0xcd, 0xc9, 0x96, 0x5c,
-    0x67, 0x16, 0x54, 0x33, 0xae, 0x87, 0x08, 0x0c, 0x96, 0xb0, 0xd2, 0x92,
-    0xf7, 0x21, 0x18, 0x73, 0x8f, 0xb1, 0x3c, 0xe9, 0xe0, 0x23, 0x0e, 0x0c,
-    0x2f, 0xf7, 0x92, 0x08, 0x59, 0x78, 0xee, 0x22, 0xcb, 0xfc, 0x52, 0x2c,
-    0x3c, 0x76, 0xb2, 0xec, 0x9f, 0x59, 0x58, 0x79, 0x7f, 0x32, 0xbf, 0x7d,
-    0xb7, 0xe0, 0xd6, 0x5e, 0x9d, 0xe6, 0x59, 0x7f, 0xe1, 0xc1, 0x61, 0x06,
-    0x59, 0xc5, 0x97, 0x4e, 0xe9, 0x65, 0xf9, 0xce, 0xdb, 0xb8, 0xb2, 0xfe,
-    0xcf, 0xbf, 0x9e, 0x65, 0x97, 0x47, 0x4b, 0x2b, 0xa3, 0xc4, 0xf1, 0x6d,
-    0x62, 0x24, 0x1d, 0xb6, 0xff, 0xb0, 0x25, 0x9e, 0x27, 0x3a, 0xcb, 0x4c,
-    0xb2, 0xf7, 0xf0, 0x0b, 0x29, 0x8d, 0x77, 0x84, 0xaf, 0xf7, 0x22, 0x51,
-    0xb4, 0x6c, 0xb2, 0xec, 0x35, 0x65, 0xff, 0xec, 0x37, 0xed, 0xcf, 0xe6,
-    0xf8, 0xce, 0x96, 0x54, 0x22, 0xdd, 0x88, 0x3e, 0x68, 0x42, 0xf7, 0x6b,
-    0x16, 0x5f, 0x47, 0xa3, 0xb5, 0x97, 0x4f, 0x7b, 0xab, 0x28, 0x07, 0x82,
-    0x44, 0x57, 0xcd, 0xa8, 0x92, 0xcb, 0xed, 0x8f, 0x1c, 0x59, 0x5b, 0x1e,
-    0x26, 0x10, 0xdf, 0xfa, 0x3c, 0xe1, 0xf3, 0xf5, 0x9e, 0x59, 0x7f, 0xda,
-    0x9d, 0x03, 0xfe, 0x77, 0x0b, 0x2f, 0xfe, 0x8c, 0x1b, 0x70, 0xb3, 0x7b,
-    0x12, 0xca, 0xfa, 0x2e, 0xdc, 0xf8, 0x27, 0x77, 0xee, 0xde, 0x1a, 0x7d,
-    0x65, 0xe2, 0xce, 0x2c, 0xbf, 0xff, 0xf4, 0x7d, 0x8e, 0x2e, 0x69, 0x3e,
-    0x84, 0xfb, 0x75, 0xce, 0xdb, 0x65, 0x95, 0xb2, 0xed, 0x60, 0xda, 0x0d,
-    0x21, 0xec, 0xa5, 0x87, 0xb7, 0x0f, 0x26, 0x85, 0x56, 0x88, 0x7f, 0x18,
-    0xd8, 0x0e, 0x89, 0x5f, 0x8c, 0xbe, 0x86, 0xe8, 0x4b, 0xc4, 0x2a, 0xdd,
-    0x1b, 0xbd, 0xae, 0x05, 0x65, 0xb8, 0xb2, 0xff, 0x76, 0x07, 0x03, 0x17,
-    0x6b, 0x2b, 0xe7, 0x8a, 0x42, 0x35, 0x88, 0x83, 0x66, 0x2b, 0xfd, 0xb0,
-    0xf3, 0xdc, 0x7e, 0x96, 0x5f, 0x4e, 0x79, 0x4f, 0x4b, 0x2f, 0xcf, 0x2e,
-    0x0c, 0xeb, 0x2f, 0xfe, 0xcd, 0xf8, 0x3c, 0x20, 0xcb, 0x38, 0xb2, 0xfd,
-    0xa8, 0xf8, 0x83, 0x59, 0x5a, 0x3e, 0xd7, 0x44, 0xb0, 0x16, 0x5d, 0xb4,
-    0x2c, 0xb4, 0x6c, 0x6a, 0x18, 0x46, 0xf8, 0xc7, 0xce, 0x2c, 0xbf, 0x87,
-    0x00, 0x2c, 0xe9, 0x65, 0xff, 0x48, 0xef, 0x2f, 0x72, 0x0d, 0x59, 0x50,
-    0x88, 0x9c, 0x22, 0x72, 0xdb, 0xdc, 0x62, 0x59, 0x60, 0x2c, 0xbe, 0xee,
-    0x77, 0x3a, 0x59, 0x5a, 0x37, 0x04, 0x23, 0x7f, 0x84, 0x94, 0x6f, 0x62,
-    0x02, 0xcb, 0xe7, 0xdd, 0xc2, 0x59, 0x58, 0x8c, 0xb7, 0x53, 0x22, 0x0e,
-    0x1a, 0xd6, 0x2b, 0x3e, 0xec, 0x87, 0x70, 0xd4, 0xe5, 0x2f, 0x09, 0x50,
-    0x24, 0x94, 0x2b, 0xc3, 0x0f, 0x8b, 0xee, 0x6c, 0x1e, 0x2c, 0xbb, 0x69,
-    0x2c, 0xbc, 0xdf, 0x65, 0x95, 0x87, 0xaf, 0xd1, 0x27, 0x86, 0x2f, 0xfe,
-    0xdb, 0xbf, 0xb0, 0x9a, 0x37, 0x3a, 0xf2, 0xcb, 0xec, 0xea, 0x50, 0xb2,
-    0xf0, 0x5f, 0x8b, 0x2b, 0x11, 0x11, 0xf4, 0xa1, 0x08, 0xaf, 0x79, 0xb6,
-    0x59, 0x7f, 0xcc, 0x6c, 0x0e, 0x37, 0xe7, 0xd6, 0x5f, 0xa0, 0x80, 0x7f,
-    0x2c, 0xbf, 0xcc, 0x67, 0x52, 0xe6, 0x76, 0xb2, 0xfe, 0x90, 0x80, 0x04,
-    0x74, 0xb2, 0x99, 0x11, 0xbf, 0x27, 0x73, 0x6b, 0xf8, 0x3c, 0x89, 0x83,
-    0xa5, 0x97, 0x83, 0x9d, 0x2c, 0xaf, 0x9e, 0x67, 0x8b, 0xef, 0xef, 0x64,
-    0x7b, 0x0e, 0xb2, 0xfe, 0xc3, 0xeb, 0x50, 0x35, 0x97, 0xee, 0xb9, 0xe6,
-    0xd9, 0x65, 0xfc, 0x12, 0xdb, 0x8d, 0xd2, 0xcb, 0xff, 0xa3, 0x63, 0x1f,
-    0xae, 0x60, 0xdb, 0x8b, 0x2a, 0x11, 0x3f, 0x22, 0xa2, 0x2f, 0xbf, 0x61,
-    0xbe, 0x6d, 0x96, 0x5e, 0x06, 0x74, 0xb2, 0xba, 0x3c, 0x60, 0x14, 0xdf,
-    0xe0, 0xc6, 0xc5, 0x8d, 0xb2, 0xcb, 0xff, 0xf4, 0x68, 0x19, 0xc2, 0x0b,
-    0xcb, 0xe1, 0x7d, 0x96, 0x5f, 0xbd, 0x8e, 0x5d, 0xac, 0xaf, 0x9f, 0xe6,
-    0xea, 0xad, 0xee, 0xa0, 0xeb, 0x2f, 0xff, 0x0f, 0xf1, 0xd4, 0x8b, 0x0f,
-    0x9d, 0x79, 0x65, 0xf8, 0xf9, 0xfc, 0x25, 0x94, 0xc7, 0xe2, 0xe9, 0x77,
-    0xfc, 0x17, 0x90, 0xf3, 0x01, 0xc5, 0x97, 0xff, 0x66, 0xff, 0xbc, 0xa7,
-    0x7b, 0xee, 0x6a, 0xcb, 0xf1, 0xf3, 0x4e, 0x4b, 0x2f, 0xfd, 0xd4, 0xbf,
-    0x07, 0x7e, 0xa5, 0x8b, 0x2f, 0xe6, 0xeb, 0xa9, 0x67, 0x96, 0x54, 0x22,
-    0x57, 0x09, 0x80, 0x81, 0x5f, 0x4d, 0x10, 0x8e, 0x39, 0x0d, 0xeb, 0xf7,
-    0x5c, 0x3b, 0x6e, 0x2c, 0xbf, 0xfb, 0xee, 0xde, 0x00, 0x48, 0x9e, 0x4b,
-    0x2f, 0xa0, 0x82, 0x2b, 0x59, 0x76, 0x72, 0x71, 0xf3, 0xfd, 0x0a, 0xa1,
-    0x18, 0x45, 0x09, 0x3b, 0xf9, 0xf6, 0x03, 0x90, 0xd6, 0x56, 0xcb, 0xe0,
-    0x43, 0x86, 0x3f, 0x6f, 0x5d, 0x11, 0x31, 0x64, 0xd0, 0xcc, 0xd3, 0xa1,
-    0xc8, 0xff, 0x0a, 0xf2, 0x25, 0xe4, 0x23, 0xbd, 0x1b, 0x26, 0xf8, 0x7b,
-    0xcf, 0x93, 0x5f, 0x81, 0x93, 0x31, 0xd6, 0x5f, 0xf7, 0xff, 0x8d, 0xd4,
-    0xb3, 0x4b, 0x2a, 0x0f, 0x85, 0xca, 0x2f, 0xf7, 0x83, 0xb4, 0x7a, 0x06,
-    0xb2, 0xf7, 0xb0, 0x96, 0x5e, 0xfb, 0xee, 0x2c, 0xbf, 0x06, 0x58, 0x0e,
-    0x2c, 0xbf, 0xc2, 0x47, 0x73, 0xf9, 0xa8, 0x59, 0x7f, 0xc3, 0xc0, 0xeb,
-    0x6e, 0xdb, 0x65, 0x97, 0xff, 0xb7, 0xe1, 0x0c, 0x9c, 0xce, 0x72, 0x00,
-    0xb2, 0xff, 0xff, 0xe3, 0xb7, 0x27, 0x4d, 0x20, 0x97, 0xa7, 0x7e, 0x24,
-    0xc5, 0x87, 0x85, 0x95, 0x88, 0xc0, 0x0a, 0x5d, 0xf3, 0x6a, 0x0e, 0xb2,
-    0xb4, 0x78, 0x7f, 0x22, 0xbf, 0xfe, 0xef, 0xe1, 0x2c, 0xea, 0x4d, 0xc2,
-    0xcd, 0xeb, 0x2f, 0xdf, 0x8f, 0xb1, 0xab, 0x2e, 0x79, 0xb8, 0x7f, 0x5b,
-    0xaa, 0x55, 0x08, 0xcd, 0xfc, 0x27, 0x2f, 0xff, 0xf3, 0x6f, 0x20, 0xf2,
-    0x70, 0x85, 0x03, 0xfb, 0xcb, 0x38, 0xb2, 0xa4, 0xac, 0xc0, 0xd1, 0xbd,
-    0x0f, 0xfc, 0xa1, 0xcd, 0xfd, 0x28, 0x33, 0x79, 0x3d, 0x43, 0x32, 0x2f,
-    0x63, 0x0c, 0x9f, 0x1f, 0x68, 0xd2, 0x74, 0x40, 0xf2, 0xd9, 0x2e, 0x98,
-    0x2b, 0x2c, 0x75, 0x95, 0xd1, 0xa9, 0x15, 0x8c, 0x5f, 0xef, 0x00, 0x25,
-    0xc6, 0x1a, 0xcb, 0xf4, 0x81, 0x98, 0x35, 0x96, 0xde, 0xc7, 0xb4, 0xe6,
-    0x77, 0xef, 0xb6, 0x80, 0x15, 0x96, 0xd6, 0x1e, 0x84, 0xc5, 0x17, 0xf1,
-    0x9c, 0x78, 0xea, 0x4b, 0x2a, 0x0f, 0x5f, 0x0a, 0x2f, 0xfb, 0x3a, 0x7f,
-    0x47, 0x9c, 0x0b, 0x2f, 0xff, 0x4c, 0x51, 0xee, 0x7b, 0xae, 0xd8, 0xb6,
-    0x59, 0x7e, 0x63, 0x89, 0x37, 0x16, 0x5f, 0xc5, 0x9e, 0x0c, 0x12, 0xcb,
-    0xf7, 0x52, 0x28, 0x1a, 0xca, 0x39, 0xe9, 0xb9, 0x5d, 0xfd, 0x26, 0x23,
-    0xbf, 0x96, 0x5f, 0xf0, 0xf2, 0x77, 0x18, 0xba, 0x92, 0xcb, 0x47, 0x47,
-    0xce, 0x61, 0x65, 0x42, 0x76, 0x6c, 0x71, 0xf4, 0xd7, 0x7d, 0x28, 0x44,
-    0x5f, 0x9e, 0x59, 0xb4, 0x2c, 0xbf, 0xfa, 0x39, 0xcc, 0x3f, 0x8a, 0x0f,
-    0xc5, 0x97, 0xfd, 0x1a, 0x37, 0xe5, 0x19, 0xa5, 0x97, 0xf1, 0xb3, 0xb0,
-    0xf1, 0xda, 0xcb, 0xff, 0xa3, 0xa9, 0x78, 0x31, 0xb3, 0x75, 0xe5, 0x97,
-    0xf9, 0xbe, 0xfd, 0xc1, 0x0d, 0x65, 0x32, 0x2a, 0x88, 0xc7, 0x88, 0xf7,
-    0xf4, 0x76, 0x03, 0x84, 0x0b, 0x2f, 0xb7, 0xb1, 0x0d, 0x65, 0xff, 0x8a,
-    0x07, 0xf8, 0x39, 0x67, 0x6b, 0x2f, 0x31, 0x79, 0x65, 0x61, 0xfd, 0xcc,
-    0x47, 0xf3, 0xdb, 0xfc, 0x3e, 0x37, 0xff, 0x83, 0x59, 0x7f, 0xf3, 0x47,
-    0x09, 0xe5, 0x3b, 0x99, 0xa5, 0x97, 0xf8, 0x65, 0x92, 0xfc, 0x0d, 0x65,
-    0xe2, 0x7d, 0x2c, 0xbe, 0x77, 0x7d, 0xd5, 0x97, 0xff, 0xf6, 0x0e, 0x73,
-    0x02, 0x27, 0x7b, 0xf9, 0xef, 0xbc, 0x96, 0x5f, 0xfd, 0xcd, 0xb0, 0xcc,
-    0x20, 0xee, 0xc0, 0xbc, 0x44, 0xe1, 0xc6, 0xf7, 0x91, 0xd4, 0x26, 0x7c,
-    0xd0, 0xce, 0xbf, 0xdd, 0x4b, 0x93, 0x4a, 0x36, 0x59, 0x43, 0x5c, 0x66,
-    0xec, 0x9e, 0x64, 0x3d, 0x43, 0x88, 0xe5, 0xdf, 0x85, 0x53, 0x97, 0x91,
-    0x9f, 0xa3, 0x82, 0x09, 0x3d, 0xff, 0xfd, 0xec, 0xeb, 0xda, 0xd4, 0x78,
-    0x02, 0x14, 0xbf, 0x8b, 0x2e, 0x6d, 0xeb, 0x2f, 0xa0, 0xa5, 0xc5, 0x96,
-    0x6e, 0x91, 0x2d, 0x32, 0xe8, 0x06, 0x2f, 0xf6, 0xb6, 0x28, 0xed, 0xa4,
-    0xb2, 0xbe, 0x7d, 0x6e, 0x6f, 0x7e, 0xfc, 0x6f, 0x1c, 0x2c, 0xbc, 0x37,
-    0x25, 0x96, 0xde, 0xb2, 0xfd, 0xd7, 0x8a, 0x3e, 0xb2, 0xda, 0x83, 0x76,
-    0xe2, 0x77, 0xdd, 0x4d, 0x1a, 0x59, 0x6d, 0x2c, 0xac, 0x36, 0xa1, 0x24,
-    0xa9, 0x23, 0xe4, 0x65, 0x3a, 0x56, 0xe2, 0xd5, 0xf3, 0x6f, 0xc1, 0xac,
-    0xbe, 0x2f, 0x61, 0x2c, 0xb8, 0xbd, 0xa3, 0xc3, 0x72, 0x3b, 0xfe, 0xea,
-    0x5c, 0x0f, 0xa3, 0xdc, 0x59, 0x7e, 0xd4, 0x9f, 0xa3, 0x16, 0x5f, 0xee,
-    0x18, 0xe3, 0x8e, 0xb8, 0xb2, 0xa1, 0x18, 0xd8, 0x58, 0xc7, 0x6e, 0x55,
-    0x7e, 0xe0, 0x7d, 0x04, 0xb2, 0xff, 0x07, 0xa9, 0x7b, 0x81, 0xdc, 0x59,
-    0x7b, 0x91, 0xd2, 0xcb, 0xd1, 0xfe, 0x2c, 0xb9, 0xcc, 0xe8, 0xdc, 0x80,
-    0x76, 0xa4, 0x98, 0x06, 0x1c, 0xfc, 0x9c, 0x9c, 0xaf, 0xf6, 0x75, 0x3b,
-    0x3e, 0xdf, 0x59, 0x77, 0xc6, 0xb2, 0xe6, 0xed, 0x65, 0xcf, 0xe1, 0x9a,
-    0xe9, 0xf1, 0x7a, 0xd2, 0x24, 0x9d, 0x8e, 0xd0, 0xb2, 0xfe, 0xd4, 0x34,
-    0x9f, 0x8b, 0x28, 0x66, 0xf3, 0xa1, 0x0b, 0xfe, 0xf7, 0x03, 0x21, 0x06,
-    0xde, 0x59, 0x50, 0x7b, 0xae, 0x45, 0x7e, 0xfc, 0x64, 0x9d, 0x65, 0xec,
-    0x6e, 0x2c, 0xbf, 0x7b, 0xd8, 0x1d, 0x96, 0x5f, 0xff, 0x6c, 0xff, 0xc1,
-    0xce, 0xc2, 0x2c, 0x60, 0x2c, 0xad, 0x91, 0x27, 0xd8, 0xde, 0x8a, 0x6f,
-    0xfb, 0xfd, 0xb3, 0xce, 0xe3, 0xfd, 0x65, 0x0d, 0x32, 0x6c, 0x85, 0xcb,
-    0x99, 0x5f, 0x14, 0x49, 0x96, 0x5e, 0x72, 0x99, 0x65, 0xee, 0xa4, 0xcb,
-    0x2c, 0xe7, 0x37, 0x24, 0x39, 0x78, 0x30, 0x4b, 0x2f, 0xff, 0xf3, 0x7a,
-    0x09, 0xe5, 0x83, 0xe3, 0xe9, 0xbe, 0xdb, 0xd6, 0x5f, 0x41, 0x4b, 0x8b,
-    0x2b, 0x49, 0x8c, 0xfd, 0x64, 0x89, 0x77, 0x8d, 0x88, 0xbf, 0x7f, 0xfe,
-    0xe1, 0x4e, 0xfb, 0xb7, 0x80, 0x12, 0x27, 0x92, 0xcb, 0xff, 0xff, 0xa3,
-    0x59, 0x34, 0x1f, 0x3b, 0x61, 0xfe, 0x3d, 0xc3, 0x75, 0x9b, 0xab, 0x2f,
-    0xf7, 0xd8, 0xd9, 0xf0, 0xe8, 0xd5, 0x97, 0xfc, 0x78, 0x2e, 0xdc, 0x80,
-    0x29, 0x59, 0x7f, 0x98, 0xfa, 0xc9, 0xf6, 0x02, 0xcb, 0xfe, 0x80, 0x6b,
-    0x50, 0x60, 0xfa, 0x59, 0x7f, 0x8c, 0x3f, 0xe1, 0x8b, 0x65, 0x97, 0xff,
-    0x9e, 0x4d, 0xac, 0xea, 0x69, 0x46, 0xb6, 0x59, 0x50, 0x88, 0x00, 0x1a,
-    0x5f, 0xff, 0x16, 0x73, 0x0f, 0x1d, 0xe7, 0x9b, 0x58, 0xb2, 0xbb, 0x4f,
-    0x50, 0xe7, 0x3f, 0x3c, 0x01, 0xaf, 0xa1, 0x77, 0xbc, 0x8a, 0xff, 0xd3,
-    0x73, 0xc1, 0xeb, 0x06, 0xe4, 0xb2, 0xe0, 0xf4, 0xb2, 0xfe, 0x83, 0xc6,
-    0x75, 0xe5, 0x96, 0xc3, 0x9e, 0x2f, 0x86, 0x2a, 0x15, 0xab, 0x64, 0xa4,
-    0xa7, 0x60, 0x0c, 0x21, 0x6f, 0xed, 0xb3, 0x4d, 0xdc, 0x2c, 0xbe, 0x21,
-    0xc1, 0xd6, 0x5f, 0xff, 0x04, 0xbd, 0xcf, 0xb4, 0xc5, 0x07, 0x79, 0x2c,
-    0xbf, 0xb5, 0x0d, 0x27, 0xe2, 0xcb, 0x82, 0xeb, 0x2d, 0x93, 0x8f, 0x08,
-    0x8b, 0x28, 0xe8, 0xb9, 0xdf, 0x09, 0x1b, 0xf9, 0xc1, 0x83, 0x79, 0x2c,
-    0xa8, 0x4c, 0xc3, 0x21, 0xb4, 0xc5, 0x57, 0xc0, 0xe4, 0xf3, 0x14, 0xac,
-    0xbf, 0x47, 0x6f, 0xad, 0x96, 0x53, 0x27, 0xcf, 0xf8, 0xd7, 0x9c, 0xcc,
-    0x8b, 0x6f, 0xdf, 0x03, 0x68, 0xd5, 0x97, 0xbb, 0x12, 0x4b, 0x2f, 0xa3,
-    0x42, 0xbe, 0x2c, 0xaf, 0x9e, 0x28, 0x07, 0xef, 0xf0, 0xff, 0x80, 0x0f,
-    0xb8, 0xb2, 0xff, 0xff, 0xfe, 0xcd, 0xcc, 0x1f, 0x20, 0x71, 0xef, 0xe0,
-    0x7b, 0xfc, 0x73, 0xf9, 0xc7, 0x83, 0xac, 0xbf, 0x7f, 0x25, 0x27, 0x59,
-    0x7f, 0xfd, 0x9f, 0xef, 0xed, 0x31, 0x39, 0x9e, 0xcf, 0xac, 0xac, 0x4f,
-    0x19, 0x9b, 0x9c, 0x8b, 0x86, 0x9e, 0x84, 0x54, 0xf9, 0x3d, 0xee, 0x08,
-    0x05, 0x97, 0xa0, 0x8d, 0x59, 0x50, 0x6e, 0xb8, 0x3d, 0x50, 0xdc, 0xd6,
-    0x6d, 0x19, 0x38, 0xe3, 0xd3, 0xc9, 0xcb, 0x2e, 0xe3, 0x9f, 0x68, 0xc6,
-    0xa6, 0x94, 0x8d, 0xa8, 0x67, 0x1e, 0x17, 0x7f, 0x8d, 0x19, 0xe3, 0x4d,
-    0x02, 0x69, 0x4b, 0xab, 0xf4, 0xa2, 0xf0, 0xca, 0x07, 0x12, 0x12, 0xf7,
-    0xff, 0x61, 0x03, 0x33, 0x5c, 0xf4, 0x62, 0xcb, 0xfe, 0xeb, 0xd9, 0xa6,
-    0xd9, 0xce, 0xb2, 0xf6, 0x6f, 0xc5, 0x96, 0xc0, 0x22, 0x60, 0x90, 0x78,
-    0x75, 0x78, 0x57, 0x26, 0x59, 0x7d, 0x04, 0xf2, 0x59, 0x7e, 0xcd, 0xc7,
-    0x20, 0x4e, 0x3c, 0x0d, 0x10, 0x5e, 0x3b, 0xcc, 0xb2, 0xfe, 0x63, 0xc7,
-    0xc4, 0x1a, 0xcb, 0xfe, 0x13, 0xcc, 0x41, 0x96, 0x71, 0x65, 0x48, 0xf9,
-    0xd8, 0xba, 0xfd, 0xf6, 0x8d, 0x71, 0x65, 0x76, 0x8c, 0xcf, 0xc2, 0x13,
-    0x79, 0x0d, 0xff, 0xfa, 0x5c, 0x2c, 0xf7, 0x1b, 0x0f, 0xed, 0x61, 0x8b,
-    0x2f, 0xfd, 0xf6, 0x38, 0xf2, 0x68, 0xcd, 0x2c, 0xbd, 0x28, 0xe9, 0x65,
-    0xf8, 0x24, 0x18, 0xe9, 0x65, 0xe3, 0xe7, 0x96, 0x5f, 0x40, 0x1c, 0xeb,
-    0x2d, 0x2c, 0x46, 0x04, 0xc7, 0xc7, 0x1d, 0x01, 0x41, 0x0e, 0x57, 0x49,
-    0xb2, 0x14, 0x62, 0xb7, 0xdc, 0x6f, 0x42, 0xca, 0x83, 0xcb, 0x72, 0xab,
-    0xf1, 0x60, 0x03, 0xc5, 0x97, 0xfa, 0x71, 0x3e, 0xc5, 0x1d, 0x2c, 0xbf,
-    0xf7, 0xdb, 0xdf, 0xc6, 0xf4, 0x01, 0x65, 0xdd, 0xb6, 0x22, 0x67, 0x44,
-    0xfc, 0x35, 0xbd, 0xdf, 0x3c, 0xb2, 0xfe, 0x7f, 0x00, 0x42, 0x92, 0xca,
-    0xd8, 0xf3, 0x3e, 0x3d, 0x7f, 0x83, 0x1b, 0xf3, 0xcd, 0xa5, 0x97, 0xdd,
-    0xfd, 0xa6, 0x59, 0x7f, 0xff, 0xda, 0x00, 0x03, 0xcf, 0xb7, 0xa5, 0x9f,
-    0x70, 0x30, 0xe1, 0x65, 0xff, 0x3e, 0xb3, 0x7e, 0x6f, 0x81, 0xac, 0xac,
-    0x45, 0x08, 0x19, 0xaf, 0xff, 0xb0, 0xd3, 0x58, 0x7f, 0x69, 0xbe, 0xdd,
-    0x79, 0x65, 0x1c, 0xfd, 0x48, 0x8a, 0xa1, 0x35, 0xbc, 0x8c, 0xea, 0xe0,
-    0xe9, 0x65, 0xee, 0xdf, 0x4b, 0x2f, 0xfd, 0xb6, 0x11, 0xf3, 0xdc, 0x13,
-    0x8b, 0x2f, 0xdc, 0xee, 0x34, 0x6a, 0xcb, 0xf9, 0x81, 0xd4, 0xb3, 0xcb,
-    0x2b, 0x64, 0x66, 0x7c, 0x5d, 0xc7, 0x40, 0x81, 0xbc, 0xaa, 0xfa, 0x5e,
-    0xc0, 0x2c, 0xbd, 0xc6, 0x99, 0x65, 0x74, 0x6f, 0xf8, 0x45, 0x7d, 0xef,
-    0x87, 0xb5, 0x97, 0xec, 0x61, 0xfd, 0x96, 0x56, 0xc7, 0x95, 0x22, 0x4b,
-    0xcf, 0xa3, 0x56, 0x5f, 0xfc, 0xf2, 0x9d, 0xc2, 0xcf, 0x73, 0x37, 0x16,
-    0x54, 0x23, 0xd3, 0x1b, 0x1c, 0x8c, 0x23, 0xb7, 0xfe, 0xeb, 0xdc, 0x62,
-    0x80, 0x39, 0xd6, 0x52, 0xca, 0xc3, 0xc9, 0xde, 0x7d, 0x7a, 0x47, 0xfa,
-    0xca, 0xd8, 0xf0, 0x3c, 0x47, 0x7f, 0xff, 0xe9, 0xfc, 0xf7, 0xdc, 0x62,
-    0xcb, 0x37, 0x96, 0x73, 0x8d, 0xd7, 0x96, 0x5b, 0xa5, 0x97, 0xd8, 0x78,
-    0xdc, 0x59, 0x6e, 0x85, 0x66, 0xdb, 0x82, 0x57, 0x8d, 0x63, 0x16, 0x5f,
-    0x8c, 0x6c, 0x23, 0x56, 0x53, 0x1e, 0x30, 0x47, 0xaf, 0xf0, 0xc4, 0xc9,
-    0xbe, 0xe7, 0x59, 0x58, 0x9c, 0x9b, 0x11, 0xbc, 0x2a, 0x09, 0xc8, 0x24,
-    0x37, 0xdf, 0x7d, 0xde, 0x2c, 0xbf, 0xf6, 0x75, 0xe3, 0x30, 0x87, 0xf8,
-    0x59, 0x67, 0xec, 0xf9, 0x34, 0x4b, 0x6c, 0x59, 0x7d, 0xad, 0x9b, 0x65,
-    0x97, 0xbe, 0xda, 0x59, 0x67, 0x63, 0xc0, 0x98, 0x92, 0xa7, 0x1f, 0xbf,
-    0xd4, 0x2f, 0xb8, 0x50, 0x75, 0x97, 0xfd, 0xb4, 0x73, 0x1b, 0x7b, 0x9d,
-    0x65, 0xed, 0xf8, 0x4b, 0x2a, 0x11, 0x39, 0xd1, 0x23, 0x90, 0xf8, 0xea,
-    0xf7, 0xe4, 0x75, 0x97, 0x7d, 0x96, 0x56, 0x1b, 0x3f, 0x0e, 0xd4, 0x33,
-    0x67, 0xa4, 0xe9, 0x91, 0x87, 0x1b, 0x1f, 0x3f, 0x50, 0xb9, 0x68, 0x43,
-    0xe8, 0x8f, 0xf1, 0xc7, 0xbc, 0x3d, 0x0a, 0x37, 0xfe, 0x4a, 0x56, 0xf4,
-    0x2c, 0x03, 0x19, 0xdc, 0xfb, 0x7d, 0xfe, 0x89, 0x9b, 0xae, 0x04, 0xeb,
-    0x2e, 0x63, 0x16, 0x5b, 0xb5, 0x95, 0x86, 0xa4, 0xe2, 0xf7, 0x9f, 0xa9,
-    0x2c, 0xad, 0x91, 0x36, 0x35, 0xef, 0x10, 0x5f, 0xde, 0x62, 0x60, 0x71,
-    0x65, 0xf0, 0xcb, 0x3e, 0xb2, 0xc3, 0x9c, 0x79, 0xa2, 0x16, 0x5f, 0xb3,
-    0x81, 0xd6, 0xcb, 0x2f, 0xff, 0xff, 0xfb, 0xa0, 0x6b, 0xbe, 0x6e, 0x6f,
-    0x69, 0xe0, 0xd1, 0x27, 0xae, 0x4a, 0x79, 0x68, 0x54, 0x9c, 0x0d, 0xc9,
-    0xd3, 0xbf, 0x3e, 0xb2, 0xb1, 0x31, 0x82, 0x2b, 0x10, 0xa6, 0xf1, 0xdf,
-    0xcb, 0x2e, 0x97, 0x96, 0x5f, 0xdd, 0x8d, 0xb7, 0xc0, 0xd6, 0x5b, 0xeb,
-    0x2c, 0x05, 0x97, 0x72, 0x4b, 0x2a, 0x11, 0x38, 0x31, 0xc7, 0x17, 0x01,
-    0x87, 0x04, 0x42, 0x23, 0x7f, 0x6d, 0x34, 0x85, 0x1a, 0xd9, 0x65, 0xd2,
-    0x02, 0xcb, 0xcf, 0x9a, 0x59, 0x78, 0xb3, 0xcb, 0x2f, 0x7f, 0x0e, 0xb2,
-    0xba, 0x3e, 0x9f, 0x8b, 0x90, 0xdf, 0x86, 0xee, 0xf1, 0x2c, 0xbd, 0x1d,
-    0x71, 0x65, 0xf3, 0x14, 0xb1, 0x65, 0xed, 0x9c, 0x96, 0x50, 0xcf, 0x64,
-    0xe3, 0xbe, 0x20, 0xbb, 0x5f, 0x59, 0x7d, 0x03, 0x79, 0x2c, 0xbf, 0x67,
-    0xbe, 0xde, 0x59, 0x7e, 0x7e, 0xb3, 0xaf, 0x2c, 0xaf, 0x9e, 0x87, 0x89,
-    0xef, 0x3e, 0xa4, 0xb2, 0xf7, 0xf0, 0xeb, 0x2a, 0x46, 0xe3, 0xc3, 0x97,
-    0xfc, 0x6c, 0xd9, 0x9d, 0xfa, 0x0d, 0x59, 0x78, 0x25, 0xb2, 0xca, 0x9c,
-    0x9a, 0xe6, 0xc2, 0xe6, 0xb8, 0xf4, 0xb5, 0xa2, 0x1f, 0x9e, 0x5f, 0x1e,
-    0x7f, 0x70, 0x6b, 0x2d, 0xb2, 0xcb, 0x69, 0x65, 0x6c, 0x68, 0xd8, 0x4a,
-    0xfb, 0x67, 0x7f, 0xac, 0xbf, 0x07, 0x67, 0x7f, 0xac, 0xbf, 0x60, 0xc0,
-    0xfe, 0x59, 0x53, 0x8f, 0xc7, 0xe4, 0x5b, 0xca, 0x2f, 0xc2, 0x48, 0x31,
-    0xc5, 0x95, 0xb1, 0xee, 0x1a, 0x67, 0x77, 0x5e, 0x59, 0x7f, 0xff, 0x36,
-    0xb0, 0xef, 0xd0, 0xb1, 0x85, 0xf5, 0x27, 0x02, 0xcb, 0xf4, 0xdf, 0x6e,
-    0xbc, 0xb2, 0xbe, 0x88, 0x7f, 0x2e, 0xdf, 0xb0, 0x87, 0xf8, 0x59, 0x53,
-    0xda, 0xeb, 0xc4, 0x42, 0x7e, 0x47, 0x98, 0xde, 0xd1, 0xc5, 0x9d, 0x77,
-    0xe9, 0x8f, 0x0e, 0xe2, 0x24, 0x0c, 0x27, 0xcc, 0x23, 0xbf, 0xec, 0x18,
-    0xdb, 0xac, 0xeb, 0xcb, 0x2f, 0xbb, 0x28, 0x92, 0xca, 0xf9, 0xee, 0x39,
-    0xd5, 0xfe, 0x8c, 0xf4, 0x7d, 0xc6, 0xb2, 0xff, 0xb3, 0xd1, 0xd8, 0x90,
-    0x0c, 0x59, 0x7a, 0x3a, 0x92, 0xca, 0xd9, 0x15, 0x03, 0x21, 0x30, 0xc7,
-    0x74, 0xe6, 0xfb, 0x30, 0xbc, 0xb2, 0xff, 0xf6, 0xf6, 0x20, 0x7d, 0x9e,
-    0x5e, 0x6d, 0x96, 0x5f, 0x05, 0xf5, 0x25, 0x95, 0x07, 0xda, 0x34, 0xbb,
-    0xff, 0x87, 0x03, 0xd4, 0x79, 0xbb, 0x61, 0xac, 0xbe, 0x0b, 0xea, 0x4b,
-    0x2f, 0x46, 0xec, 0x96, 0x50, 0xcf, 0x06, 0x62, 0x2b, 0xfb, 0xdd, 0x8c,
-    0x67, 0xd2, 0xcb, 0xf7, 0x98, 0xa0, 0x0b, 0x2f, 0xfa, 0x6e, 0x6f, 0x72,
-    0xd8, 0x23, 0x59, 0x7f, 0x39, 0x80, 0x01, 0xe7, 0xd6, 0x5f, 0x67, 0xb0,
-    0xeb, 0x2e, 0x23, 0x56, 0x53, 0x9b, 0x80, 0x90, 0xd4, 0x91, 0x15, 0xc6,
-    0xab, 0xf4, 0x88, 0x2f, 0xc5, 0x97, 0xfe, 0x82, 0x0f, 0xa4, 0x12, 0xf7,
-    0x16, 0x56, 0x1f, 0x2e, 0x89, 0xef, 0xfc, 0x51, 0xe9, 0x66, 0xe3, 0x90,
-    0x16, 0x5e, 0x03, 0x01, 0x65, 0xf6, 0xd3, 0x7d, 0x96, 0x5b, 0xf8, 0x78,
-    0x01, 0x1c, 0xb9, 0xce, 0xb2, 0xff, 0xb7, 0x3e, 0xd3, 0x8d, 0xd6, 0x71,
-    0x65, 0x76, 0x7a, 0xa1, 0x16, 0xbf, 0xf1, 0x39, 0xbf, 0x79, 0x71, 0x86,
-    0xb2, 0xfd, 0xf6, 0x27, 0xd9, 0x65, 0xbb, 0x59, 0x7c, 0x19, 0x67, 0x3b,
-    0x37, 0x24, 0x4f, 0x47, 0x45, 0x79, 0x3b, 0xde, 0x2c, 0xf2, 0xcb, 0x84,
-    0x3a, 0xca, 0x63, 0xd5, 0x22, 0x2f, 0x0d, 0xdd, 0xd0, 0xd6, 0x5d, 0xbd,
-    0xd6, 0x5f, 0xe8, 0xd4, 0x77, 0x9b, 0xf1, 0x65, 0x42, 0xf0, 0x8e, 0xc8,
-    0x52, 0x84, 0x68, 0xc8, 0x72, 0x10, 0xa6, 0x91, 0xf4, 0x60, 0xc4, 0xd3,
-    0x43, 0x1f, 0x50, 0x88, 0x39, 0x0f, 0xdf, 0xc9, 0xf3, 0xd1, 0x93, 0x84,
-    0xb7, 0x78, 0xc4, 0xf8, 0xc5, 0xfa, 0x68, 0xf1, 0x6f, 0x59, 0x7d, 0x36,
-    0x30, 0x16, 0x54, 0xe3, 0xcc, 0x82, 0xab, 0xff, 0xa3, 0x7e, 0xa3, 0x58,
-    0xdf, 0x81, 0xac, 0xba, 0x31, 0x65, 0x11, 0xec, 0xf1, 0x12, 0xe7, 0x3a,
-    0xcb, 0xa6, 0x9f, 0x59, 0x44, 0x6c, 0x77, 0x8b, 0x5f, 0xff, 0x98, 0xfd,
-    0x4b, 0x93, 0xbf, 0x9e, 0xe1, 0x3f, 0x96, 0x5c, 0x1f, 0x2c, 0xa9, 0x26,
-    0xbf, 0x8f, 0x8c, 0xa5, 0xe2, 0x29, 0xf5, 0x8b, 0x0b, 0x9e, 0xe1, 0x87,
-    0x5b, 0x3d, 0x17, 0x0a, 0x61, 0x51, 0x3c, 0x42, 0x8c, 0x51, 0x18, 0xdc,
-    0xf2, 0x84, 0x18, 0xa8, 0x46, 0x2a, 0x90, 0x27, 0x9b, 0x1c, 0x52, 0x63,
-    0xf6, 0x95, 0x35, 0x29, 0xc7, 0x01, 0xd2, 0x10, 0xb2, 0xb5, 0x42, 0x36,
-    0x58, 0x67, 0x73, 0xd8, 0xdd, 0x4e, 0xb3, 0x34, 0xe0, 0x8c, 0xd4, 0x80,
-    0xfd, 0x4f, 0x83, 0x9e, 0x76, 0x47, 0xf5, 0x91, 0xc3, 0xcf, 0x41, 0x02,
-    0x72, 0xd8, 0x57, 0x0d, 0xa2, 0xa6, 0xa1, 0x72, 0xba, 0x42, 0xf5, 0x3d,
-    0xa8, 0x31, 0xcb, 0xef, 0x8e, 0x58, 0xc8, 0x66, 0x4f, 0xce, 0xe6, 0x89,
-    0x3f, 0x8d, 0xbb, 0x2a, 0xce, 0x85, 0xc3, 0x1f, 0x25, 0x95, 0x3f, 0x8c,
-    0x48, 0xbb, 0xff, 0xc2, 0xce, 0xf2, 0x17, 0x9a, 0xed, 0xdf, 0xb5, 0x44,
-    0xd8, 0xbf, 0x6b, 0xb7, 0x7e, 0xd5, 0x15, 0x6a, 0xe0, 0x6f, 0x59, 0x77,
-    0x27, 0xd6, 0x58, 0x5e, 0x1f, 0x4f, 0xcd, 0xb8, 0x33, 0x76, 0xfd, 0x2c,
-    0xb9, 0xe1, 0x65, 0xfe, 0x94, 0x83, 0xe2, 0x89, 0x2c, 0xbe, 0xcf, 0xbf,
-    0x96, 0x58, 0x53, 0x87, 0xa8, 0x46, 0x77, 0xff, 0xfe, 0x94, 0x6f, 0x86,
-    0xd7, 0x6c, 0x77, 0x93, 0x16, 0x0f, 0x0d, 0x59, 0x7f, 0x79, 0xa7, 0x73,
-    0x19, 0x65, 0xff, 0xa5, 0x92, 0xc7, 0x91, 0x41, 0xd6, 0x5b, 0x50, 0x7d,
-    0x4c, 0x5d, 0x7f, 0xb5, 0x9d, 0xc0, 0x04, 0x3a, 0xcb, 0xfd, 0xc7, 0xf0,
-    0xbe, 0x14, 0x2c, 0xbf, 0xa3, 0x6d, 0x46, 0x0d, 0x65, 0x48, 0xf8, 0x7e,
-    0x69, 0x7f, 0xfe, 0x8d, 0xa3, 0x50, 0x78, 0x8f, 0x7d, 0x80, 0x75, 0x95,
-    0x07, 0xed, 0xf2, 0x2b, 0xd0, 0x39, 0x96, 0x54, 0x95, 0x23, 0x34, 0x35,
-    0xb4, 0x4d, 0xf8, 0xc3, 0x3c, 0x43, 0x7d, 0xa3, 0xfc, 0x6b, 0x2f, 0xfe,
-    0xd4, 0x8b, 0x3d, 0xc8, 0x3f, 0xbb, 0x59, 0x50, 0x7d, 0x01, 0x23, 0xbc,
-    0x3c, 0x25, 0x97, 0xfe, 0x76, 0xdd, 0x8f, 0xf8, 0xb2, 0x4b, 0x2f, 0xd2,
-    0x6e, 0xdf, 0x4b, 0x2b, 0xe7, 0xcf, 0xc3, 0xfb, 0xce, 0xfd, 0xaa, 0x2b,
-    0x45, 0xf8, 0xde, 0xb8, 0x1e, 0x96, 0x54, 0x1f, 0xbf, 0x64, 0x4c, 0x53,
-    0x7f, 0x05, 0x8d, 0xd4, 0x0d, 0x65, 0xfe, 0x8d, 0x00, 0x4e, 0x46, 0x2c,
-    0xbf, 0xfc, 0xde, 0x94, 0x77, 0xf6, 0xf7, 0x1f, 0xa5, 0x95, 0xa4, 0x6d,
-    0x1c, 0xbb, 0xe5, 0xdb, 0xcc, 0xef, 0xe0, 0x4e, 0xcd, 0x31, 0xab, 0x2f,
-    0xfb, 0x06, 0xdc, 0x98, 0xa0, 0x6b, 0x28, 0x67, 0xd0, 0xe6, 0x17, 0xfd,
-    0x1d, 0xe1, 0xf0, 0xbd, 0x3e, 0xb2, 0xff, 0x7e, 0x34, 0x0f, 0x66, 0xcb,
-    0x2f, 0xf1, 0x64, 0xa7, 0x37, 0xe4, 0xb2, 0xef, 0xb1, 0xd1, 0x47, 0xf3,
-    0xbf, 0x1a, 0x5f, 0xfc, 0xf2, 0x9d, 0xa8, 0xf3, 0x76, 0xc3, 0x59, 0x69,
-    0x2c, 0xb4, 0xa0, 0xf5, 0xfa, 0x46, 0xbc, 0x1e, 0x79, 0x65, 0xff, 0xfa,
-    0x4e, 0x4d, 0xe8, 0xff, 0x78, 0x32, 0x8e, 0x2c, 0xbf, 0xff, 0x36, 0xec,
-    0x10, 0x64, 0xdc, 0xe4, 0x4e, 0x3f, 0x6b, 0x29, 0x91, 0x5a, 0xea, 0x77,
-    0x37, 0x4b, 0x2f, 0xff, 0xbb, 0x8d, 0x60, 0x1c, 0xef, 0x28, 0x6e, 0xd6,
-    0x5f, 0xff, 0x4b, 0x98, 0x50, 0x77, 0xcf, 0x7a, 0x0e, 0xb2, 0xa1, 0x13,
-    0x8e, 0x9f, 0x5a, 0x46, 0xa7, 0xa1, 0x67, 0x47, 0x4f, 0x9f, 0xf0, 0xca,
-    0xf4, 0x3d, 0x6f, 0xff, 0xfe, 0xde, 0xde, 0xe6, 0x1b, 0xdf, 0xdb, 0xd9,
-    0x31, 0x41, 0xf6, 0xc3, 0x16, 0x5f, 0xff, 0x79, 0xf3, 0x83, 0xc9, 0x7e,
-    0x37, 0x8e, 0x16, 0x5f, 0xff, 0xff, 0xcd, 0xe1, 0xe0, 0x79, 0x3b, 0xf9,
-    0xdf, 0xc3, 0xb3, 0x61, 0x75, 0x2e, 0x70, 0x30, 0xb2, 0x9d, 0x1b, 0xa4,
-    0xa1, 0x50, 0x9b, 0xab, 0xc6, 0xa9, 0x7f, 0x79, 0xff, 0x38, 0x70, 0xb2,
-    0xf4, 0x83, 0x32, 0xca, 0x83, 0xcd, 0x72, 0xfb, 0xe9, 0x79, 0xb6, 0x59,
-    0x7e, 0xe7, 0x1c, 0xb6, 0x59, 0x7e, 0x13, 0xc5, 0x00, 0x59, 0x6f, 0xac,
-    0xae, 0x91, 0x08, 0x72, 0x3d, 0xe5, 0x02, 0x14, 0x5f, 0xff, 0x01, 0xf3,
-    0xee, 0xdb, 0xb0, 0x72, 0x73, 0x56, 0x5f, 0xf9, 0xb9, 0x83, 0xeb, 0x91,
-    0xae, 0x2c, 0xbf, 0xcf, 0x2f, 0x36, 0xdf, 0x65, 0x95, 0x09, 0x81, 0xe2,
-    0x0f, 0x6a, 0x0c, 0x7f, 0x7e, 0xcf, 0xb6, 0x1d, 0x65, 0xf9, 0x80, 0x76,
-    0xd2, 0xcb, 0xff, 0x0d, 0xb7, 0xb0, 0xf0, 0xcc, 0xfa, 0xcb, 0xff, 0xfe,
-    0x7f, 0x41, 0x3e, 0xd1, 0xa8, 0x69, 0x41, 0xca, 0x0d, 0x59, 0x7f, 0x9b,
-    0x8c, 0x11, 0x58, 0xe1, 0x65, 0x12, 0x26, 0x7c, 0xc7, 0x7f, 0x7e, 0x3b,
-    0x27, 0x3a, 0xcb, 0xff, 0x3b, 0x77, 0xf7, 0x0e, 0xda, 0x65, 0x94, 0xc7,
-    0xd8, 0x45, 0xb7, 0xbb, 0x0c, 0x2c, 0xbf, 0xdb, 0x46, 0x10, 0xff, 0x0b,
-    0x2d, 0x8c, 0x79, 0xee, 0x3b, 0x5b, 0x2a, 0x48, 0x19, 0x36, 0x13, 0xb4,
-    0x36, 0x7f, 0x08, 0xe2, 0x6f, 0xbf, 0xfc, 0xfd, 0x73, 0xf1, 0xcc, 0xf1,
-    0x39, 0xab, 0x2f, 0xf4, 0xa3, 0x5b, 0x46, 0xb6, 0x59, 0x7d, 0x2d, 0x61,
-    0xd6, 0x5e, 0xcd, 0x01, 0x65, 0xfa, 0x6c, 0x19, 0xf7, 0x16, 0x5f, 0xc5,
-    0x06, 0x75, 0x2e, 0x2c, 0xae, 0x91, 0x32, 0xc4, 0x53, 0x0e, 0x6e, 0x96,
-    0x5e, 0x34, 0x3d, 0xac, 0xa8, 0x4c, 0xbb, 0x21, 0x9c, 0x6a, 0x0d, 0xff,
-    0xff, 0xf9, 0xbb, 0xcf, 0x41, 0x7b, 0x93, 0xa1, 0x87, 0x87, 0x9d, 0xa8,
-    0x69, 0x3f, 0x16, 0x5f, 0xfe, 0x76, 0xf0, 0x74, 0xfc, 0x13, 0x0b, 0xb5,
-    0x97, 0xff, 0xda, 0x07, 0x01, 0xf7, 0x93, 0x78, 0xa0, 0x0b, 0x2b, 0x13,
-    0x1d, 0xfc, 0x21, 0x02, 0x95, 0x7f, 0x67, 0x9c, 0x80, 0x15, 0x97, 0xf7,
-    0xe7, 0x36, 0xce, 0x4b, 0x2f, 0xe3, 0xf0, 0x64, 0xe6, 0x2c, 0xbf, 0x03,
-    0x93, 0xce, 0x79, 0xcf, 0x35, 0x95, 0x07, 0xd2, 0xe5, 0xd7, 0xee, 0xd8,
-    0x78, 0x4b, 0x2f, 0xb4, 0xd0, 0x75, 0x97, 0x38, 0xd6, 0x57, 0x46, 0xdc,
-    0x04, 0x35, 0x88, 0x80, 0x75, 0xea, 0x92, 0x70, 0xb8, 0x58, 0x50, 0x98,
-    0xe4, 0x28, 0x2f, 0xfb, 0x53, 0x16, 0x0f, 0xf1, 0xbd, 0x65, 0xff, 0x87,
-    0xf0, 0xb9, 0xb8, 0x37, 0x92, 0xca, 0xc3, 0xfa, 0x23, 0xba, 0x9e, 0xdb,
-    0x5c, 0x51, 0x48, 0xc8, 0xa1, 0xa6, 0x25, 0x38, 0x6d, 0x0b, 0xe1, 0x90,
-    0xe4, 0x7a, 0x66, 0xc2, 0x9f, 0xb8, 0x62, 0x75, 0x09, 0x26, 0x94, 0x1f,
-    0xa8, 0xec, 0x0e, 0xeb, 0xf8, 0xe9, 0xde, 0x54, 0x20, 0x18, 0x4a, 0x37,
-    0x8e, 0x46, 0xa5, 0xe8, 0xee, 0x84, 0x86, 0x05, 0xf0, 0xb3, 0x89, 0xb8,
-    0xb2, 0x85, 0xa7, 0x34, 0x6c, 0x6e, 0x37, 0xe3, 0x23, 0xb6, 0xed, 0x65,
-    0xff, 0xfb, 0xf8, 0x58, 0x6f, 0xde, 0x5f, 0x31, 0xc4, 0x3a, 0xcb, 0xee,
-    0xdd, 0xfb, 0x54, 0x58, 0x0a, 0x92, 0x21, 0xf4, 0xaf, 0x7f, 0x8e, 0xdc,
-    0x0c, 0x6a, 0x65, 0x97, 0xdd, 0x89, 0xf9, 0x96, 0x54, 0x1e, 0xd3, 0x9a,
-    0x5e, 0x00, 0x80, 0x59, 0x7e, 0x1e, 0x60, 0x38, 0xb2, 0xa1, 0x39, 0x3c,
-    0x85, 0x8f, 0x1f, 0x7c, 0x40, 0x20, 0xf5, 0xfe, 0x1c, 0x0b, 0xeb, 0xc1,
-    0x85, 0x94, 0x2d, 0x10, 0xa1, 0x4f, 0xbf, 0x6b, 0xb7, 0x7e, 0xd5, 0x13,
-    0xaa, 0xff, 0xff, 0x7e, 0x36, 0x1e, 0x1c, 0x5f, 0x39, 0x9f, 0x6e, 0x07,
-    0x65, 0x97, 0xe1, 0x67, 0x79, 0x0b, 0xc4, 0x4d, 0xcc, 0x6d, 0x7f, 0xff,
-    0x10, 0x63, 0xdc, 0xc2, 0x16, 0x00, 0x47, 0xdf, 0x65, 0x97, 0xf1, 0x0b,
-    0x99, 0xe6, 0x75, 0x95, 0x08, 0x8c, 0xc5, 0xcb, 0xc6, 0xc1, 0xd6, 0x5e,
-    0xda, 0x3b, 0x59, 0x7f, 0xdf, 0x0f, 0x43, 0x6d, 0xf0, 0x35, 0x96, 0xcd,
-    0x8f, 0x6b, 0xc3, 0xd7, 0xcf, 0xd8, 0x87, 0x59, 0x7a, 0x5c, 0x16, 0x6a,
-    0x30, 0xc9, 0xdf, 0x79, 0x45, 0xfb, 0x5d, 0xbb, 0xf6, 0xa8, 0xb6, 0x57,
-    0xff, 0x7d, 0xbd, 0xf0, 0xf5, 0x87, 0x7e, 0x96, 0x5f, 0x7b, 0x4d, 0xd2,
-    0xcb, 0xfb, 0xcf, 0xf9, 0xc3, 0x85, 0x97, 0xff, 0xf4, 0x85, 0xf2, 0x1b,
-    0x06, 0xd9, 0xcc, 0xf1, 0x42, 0xca, 0x84, 0x44, 0x39, 0x7d, 0xfa, 0x50,
-    0xdb, 0xe1, 0x65, 0xfb, 0x08, 0x07, 0xc5, 0x97, 0xfd, 0x1c, 0x17, 0xf6,
-    0xed, 0xf4, 0xb2, 0xff, 0x9b, 0x08, 0xd8, 0xde, 0xff, 0x59, 0x50, 0x8c,
-    0x2e, 0xca, 0x00, 0x4d, 0x3e, 0x77, 0x7f, 0xd1, 0x28, 0xd6, 0xd1, 0xad,
-    0x96, 0x5f, 0x87, 0xf6, 0x30, 0x50, 0xb2, 0xc2, 0xf1, 0x55, 0x8f, 0x66,
-    0xcc, 0x8c, 0x78, 0x55, 0xbc, 0x38, 0xc9, 0x03, 0x87, 0x57, 0xfe, 0x21,
-    0x67, 0x0b, 0x78, 0x9f, 0x75, 0x65, 0xf9, 0xf9, 0xf7, 0x92, 0xcb, 0xfc,
-    0x1f, 0x03, 0x41, 0x97, 0x16, 0x56, 0x8f, 0x70, 0x89, 0xef, 0xe7, 0xd4,
-    0xfb, 0x91, 0xab, 0x2f, 0x07, 0x82, 0xf0, 0xf4, 0x48, 0x86, 0xe7, 0x06,
-    0x26, 0x46, 0x08, 0x77, 0xdd, 0xd7, 0x6b, 0x2f, 0xbb, 0x77, 0xed, 0x51,
-    0x73, 0x2c, 0x75, 0x95, 0xa3, 0xc1, 0x30, 0xc2, 0xfe, 0x2c, 0xe8, 0x0d,
-    0x25, 0x96, 0x15, 0xac, 0xad, 0x1e, 0x16, 0xf2, 0xdb, 0xce, 0x7e, 0x2c,
-    0xba, 0x63, 0xac, 0xa5, 0x95, 0x09, 0x91, 0x62, 0xd3, 0x32, 0xb9, 0x21,
-    0x83, 0x93, 0xe3, 0x17, 0xf6, 0xc2, 0xe7, 0xa9, 0xee, 0x7b, 0x9e, 0x96,
-    0x5f, 0xdd, 0x0b, 0xf7, 0x1f, 0x4b, 0x28, 0x5a, 0x33, 0xf1, 0x61, 0xd1,
-    0xaf, 0xda, 0xed, 0xdf, 0xb5, 0x45, 0xde, 0xbf, 0xd2, 0x17, 0xcd, 0x69,
-    0x8c, 0x59, 0x61, 0x78, 0x7d, 0xae, 0x6d, 0x7f, 0xc5, 0x0f, 0xb7, 0x5c,
-    0x81, 0xac, 0xb8, 0x60, 0x59, 0x74, 0x6e, 0xac, 0xbc, 0x59, 0xb2, 0xcb,
-    0x0b, 0x1a, 0x21, 0x4d, 0x39, 0x00, 0xb9, 0x0c, 0xd4, 0x43, 0xb6, 0x97,
-    0x31, 0x90, 0x15, 0xda, 0x37, 0x50, 0xc5, 0x6a, 0xde, 0x57, 0x52, 0x91,
-    0x4f, 0x0c, 0x0f, 0xc3, 0x41, 0xe1, 0xc8, 0x09, 0x5e, 0xe5, 0x1c, 0xc7,
-    0x25, 0x12, 0x7a, 0x13, 0xa2, 0x42, 0xb6, 0xff, 0xc6, 0x39, 0x6d, 0xc6,
-    0x2e, 0xa4, 0xb2, 0xff, 0xec, 0xdb, 0x0c, 0xfe, 0x73, 0x18, 0x96, 0x5f,
-    0xf9, 0x88, 0xb0, 0xde, 0xc2, 0xe3, 0x59, 0x7e, 0xcf, 0x8d, 0xc9, 0x65,
-    0xcc, 0x2f, 0xe8, 0xe7, 0x24, 0x0e, 0x21, 0x88, 0x7d, 0x7e, 0xe7, 0x0e,
-    0xf2, 0x59, 0x7f, 0xfe, 0xfc, 0x16, 0xdc, 0x0b, 0xb4, 0xb9, 0xf7, 0x92,
-    0xcb, 0xff, 0xf7, 0xe0, 0xb6, 0xe0, 0x5d, 0xa5, 0xcf, 0xbc, 0x96, 0x5f,
-    0xff, 0xff, 0xcd, 0x05, 0xe2, 0x73, 0x73, 0xc1, 0xf3, 0x7b, 0x9f, 0x6d,
-    0x46, 0xcf, 0xae, 0xd6, 0x5d, 0xf6, 0x1a, 0x37, 0x7e, 0xab, 0x77, 0x21,
-    0x65, 0xff, 0xdd, 0x76, 0x17, 0xeb, 0xd9, 0x84, 0x6a, 0xcb, 0xc4, 0xe2,
-    0xe1, 0x3e, 0x51, 0x94, 0x77, 0x19, 0x97, 0x0b, 0xbc, 0x2d, 0x7f, 0x4f,
-    0x73, 0xc4, 0x75, 0xad, 0x96, 0x5e, 0x38, 0x77, 0x16, 0x5e, 0x0b, 0x9d,
-    0x65, 0xf0, 0x77, 0x47, 0x0b, 0x2f, 0xd9, 0xbb, 0xe8, 0x35, 0x65, 0xb7,
-    0x56, 0x56, 0xc6, 0xff, 0x0a, 0xef, 0xb8, 0xdd, 0xe9, 0x65, 0x6c, 0x8e,
-    0x4d, 0x10, 0x7c, 0x70, 0x99, 0x0c, 0x21, 0xbf, 0xf7, 0x1c, 0xdf, 0xb4,
-    0x10, 0x61, 0x65, 0xff, 0xbe, 0xfe, 0x7f, 0xf5, 0x2c, 0xf2, 0xca, 0xc3,
-    0xfc, 0x63, 0xdb, 0x9c, 0x0b, 0x2f, 0xff, 0xff, 0x13, 0x98, 0x59, 0xef,
-    0x66, 0xd0, 0x4e, 0x6f, 0x0f, 0x18, 0x43, 0x59, 0x7b, 0x04, 0xe2, 0xca,
-    0xc4, 0x54, 0x68, 0x5b, 0x75, 0xd6, 0xf3, 0x4d, 0xc5, 0x97, 0xf1, 0x40,
-    0x0e, 0xf2, 0x59, 0x7f, 0x14, 0x00, 0xef, 0x25, 0x97, 0xfa, 0x7b, 0x9e,
-    0x0b, 0x07, 0xf0, 0xac, 0xbf, 0x66, 0xf8, 0x2f, 0x61, 0xf4, 0xf0, 0xb2,
-    0xfc, 0x41, 0xe7, 0xda, 0x72, 0x3c, 0x30, 0x77, 0x50, 0x95, 0xbf, 0x0d,
-    0xb7, 0xeb, 0x16, 0x5b, 0xf0, 0x7f, 0x78, 0xa5, 0x7f, 0x9e, 0x5a, 0xc9,
-    0xf6, 0x02, 0xcb, 0xfd, 0x05, 0x1d, 0xf0, 0x07, 0x59, 0x7d, 0x13, 0x7d,
-    0x96, 0x5e, 0x77, 0xed, 0x51, 0x2b, 0xaf, 0xf1, 0xae, 0x40, 0xf6, 0x7d,
-    0x65, 0x6c, 0x7f, 0xdd, 0x91, 0x31, 0x4d, 0xef, 0xe7, 0x6b, 0x2f, 0xb0,
-    0x01, 0xe2, 0xcb, 0x9f, 0xac, 0x37, 0xe4, 0x3b, 0x7e, 0x73, 0x5f, 0xd2,
-    0x59, 0x7f, 0xfd, 0xc6, 0x7e, 0xbe, 0xed, 0xe0, 0xe9, 0xf8, 0xb2, 0xdd,
-    0x11, 0xfb, 0xf8, 0xa2, 0xff, 0xef, 0xe4, 0xbb, 0xfb, 0x0e, 0x0b, 0xcb,
-    0x29, 0x8f, 0xb3, 0xc5, 0x15, 0x25, 0x55, 0x43, 0x26, 0xec, 0xd7, 0x50,
-    0xb1, 0x3b, 0x79, 0x46, 0x1d, 0x7f, 0xee, 0xdb, 0x59, 0xf6, 0xd7, 0xdd,
-    0x65, 0xff, 0xc1, 0xe7, 0xde, 0x5e, 0x67, 0x20, 0x2c, 0xbd, 0xf6, 0xf7,
-    0x48, 0x81, 0xd1, 0xf5, 0xfd, 0xa7, 0x93, 0xf5, 0x25, 0x97, 0xe2, 0x73,
-    0x04, 0x3a, 0xca, 0x83, 0xd7, 0xf1, 0x75, 0xfa, 0x18, 0x0c, 0x75, 0x97,
-    0xb4, 0xdd, 0x2c, 0xa9, 0x1e, 0x1f, 0x89, 0xaf, 0xd1, 0xb7, 0xb3, 0xeb,
-    0x2f, 0xe8, 0x38, 0xf4, 0xfd, 0xac, 0xaf, 0x9e, 0xb1, 0x14, 0x5f, 0xfe,
-    0x2f, 0x7f, 0x25, 0xd7, 0xb5, 0x18, 0x62, 0xcb, 0xff, 0xff, 0xce, 0x42,
-    0x40, 0x32, 0x5f, 0x8d, 0xe3, 0x81, 0x78, 0x41, 0x96, 0x71, 0x65, 0x42,
-    0x31, 0x34, 0x97, 0x74, 0xb6, 0x59, 0x7d, 0xdb, 0xcb, 0x16, 0x5f, 0xff,
-    0xff, 0xff, 0x86, 0xe7, 0x3b, 0xca, 0x50, 0x24, 0x0d, 0xb4, 0xfd, 0x0f,
-    0xf1, 0xae, 0x33, 0xb9, 0x47, 0x7f, 0x89, 0x96, 0x5f, 0xc5, 0xe0, 0xfc,
-    0x53, 0x0b, 0x2e, 0x6f, 0x42, 0x38, 0x5a, 0x16, 0x15, 0x89, 0x9a, 0x3c,
-    0x60, 0x77, 0xf1, 0x03, 0x5a, 0x6d, 0x96, 0x5f, 0xec, 0xd7, 0x1f, 0xb0,
-    0xf4, 0xb2, 0xff, 0xfe, 0xeb, 0x99, 0xaf, 0x79, 0xf6, 0x10, 0xe3, 0xfb,
-    0x1a, 0xb2, 0xb1, 0x12, 0xae, 0x6b, 0x7f, 0xba, 0xc6, 0xe7, 0x03, 0x0b,
-    0x2c, 0x15, 0x97, 0xde, 0x6c, 0xd2, 0xca, 0x59, 0x7d, 0xe8, 0xf7, 0x16,
-    0x5c, 0xf2, 0x9e, 0x8d, 0x6e, 0x05, 0xd6, 0xc8, 0x8f, 0xf8, 0x8e, 0xf4,
-    0xeb, 0xfe, 0xc6, 0xde, 0x51, 0x9a, 0x92, 0xcb, 0xff, 0xf7, 0xa5, 0x9b,
-    0x8e, 0x40, 0xeb, 0xda, 0x8c, 0x31, 0x61, 0x86, 0xe2, 0xfd, 0xd7, 0xbf,
-    0x00, 0x59, 0x58, 0x8f, 0xe7, 0x6b, 0x0b, 0x55, 0xff, 0xfe, 0xc1, 0xb7,
-    0x7f, 0x61, 0x8f, 0x0c, 0x12, 0x6f, 0x84, 0xd5, 0x97, 0xff, 0xa6, 0x28,
-    0xf7, 0x3d, 0xd7, 0x6c, 0x5b, 0x2c, 0xbf, 0xe7, 0x30, 0x7f, 0x8d, 0xb0,
-    0xc5, 0x94, 0xc8, 0x88, 0x24, 0xdb, 0xff, 0xe6, 0x06, 0x1d, 0xbd, 0xc8,
-    0x3b, 0xf5, 0xe5, 0x97, 0xff, 0xf6, 0xfc, 0x1e, 0xa0, 0x3c, 0x6d, 0xee,
-    0xc3, 0x0c, 0x2c, 0xac, 0x45, 0x63, 0x27, 0xdf, 0xff, 0xee, 0xdf, 0x4f,
-    0xfe, 0xa5, 0x9e, 0xcf, 0x40, 0x45, 0x78, 0xb2, 0xff, 0xe7, 0xea, 0x4d,
-    0xef, 0xc6, 0xbd, 0x0b, 0x2f, 0xfa, 0x0f, 0xec, 0x9a, 0x4d, 0xe5, 0x95,
-    0x24, 0xc0, 0xd8, 0x84, 0xec, 0xbe, 0x44, 0xbf, 0xff, 0xdf, 0x61, 0x8f,
-    0x0c, 0xeb, 0xc1, 0x7e, 0x7c, 0xc7, 0x1a, 0xcb, 0xe0, 0xbe, 0xa4, 0xb2,
-    0xfe, 0x28, 0xd8, 0x0f, 0xe5, 0x97, 0xf9, 0xc6, 0x26, 0xec, 0x14, 0x96,
-    0x5a, 0x3b, 0x3e, 0x33, 0x96, 0xdf, 0xff, 0x1d, 0xc8, 0x1f, 0x31, 0xcb,
-    0x6e, 0xdb, 0x65, 0x97, 0xff, 0xf6, 0x9f, 0x98, 0x51, 0x80, 0xe6, 0x4d,
-    0x1d, 0x71, 0x65, 0xcd, 0xe7, 0x45, 0x60, 0x54, 0xa8, 0x69, 0xc3, 0x34,
-    0x21, 0x5e, 0x1a, 0x97, 0xfc, 0x10, 0x1d, 0xe5, 0xcd, 0x0d, 0x65, 0xff,
-    0xfe, 0xc6, 0x2f, 0x61, 0x4e, 0x27, 0x1c, 0x16, 0xd1, 0xa5, 0x95, 0xe4,
-    0x4c, 0x6f, 0x3a, 0xb6, 0x96, 0x5f, 0xff, 0xba, 0xf1, 0x47, 0xdf, 0x99,
-    0xd9, 0x3e, 0x76, 0xb2, 0xb1, 0x11, 0x7d, 0x92, 0x84, 0x46, 0xff, 0xff,
-    0xf7, 0xf0, 0xe0, 0x7d, 0x66, 0xfc, 0x1e, 0x70, 0x2f, 0xd7, 0xcc, 0x7f,
-    0x2c, 0xbf, 0xd1, 0xf6, 0xf7, 0x1f, 0xa5, 0x97, 0xfe, 0xce, 0xbd, 0xe8,
-    0x3f, 0xf3, 0x65, 0x97, 0xfd, 0x37, 0x7f, 0x63, 0xc6, 0x8d, 0x59, 0x7f,
-    0x81, 0x9a, 0xcc, 0xf7, 0x16, 0x56, 0x1f, 0x77, 0x47, 0x95, 0x0b, 0xfd,
-    0xc3, 0x87, 0x76, 0x47, 0xa1, 0xd9, 0xef, 0xe3, 0xea, 0x28, 0xd7, 0x3c,
-    0x60, 0x17, 0xa3, 0x0c, 0xc4, 0x85, 0x75, 0xec, 0x03, 0xac, 0xbd, 0xac,
-    0xe9, 0x65, 0xef, 0xbc, 0xbe, 0x6e, 0x00, 0x37, 0x7f, 0xfe, 0x61, 0xfd,
-    0xdb, 0xd0, 0x5d, 0xb1, 0xce, 0xcb, 0x2d, 0x9f, 0x44, 0x29, 0x19, 0x5f,
-    0xf6, 0x75, 0xc1, 0xc3, 0x96, 0xcb, 0x2f, 0xf3, 0xf2, 0x0b, 0xdf, 0x65,
-    0x97, 0xe3, 0xcd, 0xc6, 0x25, 0x97, 0xff, 0x76, 0xda, 0xfe, 0x4d, 0xf6,
-    0xd6, 0xcb, 0x2f, 0xfe, 0x70, 0x61, 0x75, 0xed, 0x46, 0x18, 0xb2, 0xff,
-    0x9e, 0x5c, 0xfc, 0x68, 0x41, 0xac, 0xa9, 0x26, 0xfd, 0x84, 0xe6, 0x9c,
-    0xf6, 0x63, 0xd1, 0x41, 0x23, 0xf9, 0x12, 0xfc, 0x09, 0x98, 0x22, 0xb5,
-    0x97, 0xff, 0xfb, 0xf9, 0xd9, 0x61, 0xf0, 0xb3, 0xc1, 0x01, 0xde, 0x4b,
-    0x2f, 0xef, 0xb9, 0xca, 0x3a, 0x59, 0x7f, 0xe2, 0xcf, 0xe4, 0xd2, 0x6d,
-    0x49, 0x65, 0xff, 0xff, 0xf0, 0x20, 0xbb, 0x7f, 0x3f, 0x40, 0xcd, 0xed,
-    0xe9, 0x7d, 0xbd, 0xc6, 0x1a, 0xcb, 0xff, 0x36, 0xf6, 0xf4, 0xd2, 0x82,
-    0xf2, 0xca, 0x84, 0xed, 0xa4, 0x5b, 0x8b, 0xfd, 0x96, 0xf4, 0x7d, 0xe7,
-    0xfb, 0xff, 0xcf, 0x92, 0xfe, 0x31, 0x60, 0x27, 0xf1, 0x65, 0xe7, 0x90,
-    0xb9, 0xe1, 0xbc, 0x1e, 0x88, 0xc7, 0xa5, 0x0c, 0x71, 0xc3, 0x23, 0x27,
-    0x11, 0xfb, 0x87, 0x2f, 0x50, 0x8c, 0x66, 0x49, 0x9e, 0x35, 0x0e, 0x53,
-    0x91, 0x7e, 0x34, 0xc7, 0x28, 0x04, 0x30, 0xc5, 0x64, 0x25, 0x1e, 0x07,
-    0x29, 0x03, 0x9e, 0x95, 0xca, 0x24, 0xa1, 0xcd, 0xd5, 0x8b, 0x85, 0x78,
-    0xb2, 0xfd, 0xe8, 0x08, 0xaf, 0x16, 0x5f, 0xf4, 0xb3, 0xdf, 0x68, 0xd0,
-    0x16, 0x5f, 0xb3, 0xb7, 0x96, 0x2c, 0xbf, 0xd8, 0x36, 0x2f, 0x67, 0xd6,
-    0x5f, 0xff, 0xc3, 0xfc, 0x16, 0xdc, 0x0b, 0xb4, 0xb9, 0xf7, 0x92, 0xcb,
-    0xd9, 0xf1, 0x73, 0xcd, 0x33, 0x0c, 0x1a, 0xe8, 0xaf, 0xe7, 0x04, 0x4f,
-    0xc3, 0x1b, 0xcd, 0x0e, 0xb2, 0xf7, 0xa0, 0x69, 0x2f, 0xff, 0x7d, 0xdb,
-    0xd1, 0x26, 0xd6, 0xc1, 0x02, 0x4b, 0xda, 0x15, 0x8b, 0x83, 0xe6, 0xe0,
-    0xe5, 0xe7, 0xec, 0x5c, 0x91, 0x72, 0x38, 0x40, 0x58, 0x58, 0xdd, 0x16,
-    0x27, 0x72, 0x8b, 0xcf, 0x5e, 0x40, 0xfa, 0x55, 0x7e, 0xf8, 0xca, 0x6f,
-    0xff, 0x0b, 0x3b, 0xc8, 0x5e, 0x6b, 0xb7, 0x7e, 0xd5, 0x13, 0x0a, 0xfa,
-    0x18, 0x4f, 0xac, 0xbf, 0xdf, 0x82, 0x73, 0xc6, 0xea, 0xcb, 0xcc, 0x27,
-    0xd6, 0x5f, 0xff, 0xd9, 0xbd, 0xc7, 0xf8, 0x17, 0xef, 0xe0, 0xc3, 0xee,
-    0x2c, 0xbf, 0xfd, 0xa7, 0x00, 0xb3, 0x7d, 0x23, 0x23, 0x92, 0x59, 0x76,
-    0x0b, 0x1a, 0x64, 0x2e, 0x44, 0x03, 0x42, 0x1d, 0x11, 0x7e, 0xe9, 0xe8,
-    0x54, 0x59, 0x6d, 0xeb, 0x28, 0x52, 0x6d, 0x0e, 0x43, 0x7e, 0x6f, 0xff,
-    0x36, 0x59, 0x78, 0x51, 0xf1, 0xac, 0xbf, 0xf8, 0x53, 0x9d, 0x48, 0x2f,
-    0xe2, 0x89, 0x2c, 0xbe, 0x9e, 0x59, 0x23, 0xac, 0xbf, 0x4f, 0x13, 0xc4,
-    0xf5, 0x3f, 0x3d, 0xac, 0xbb, 0xd3, 0xcd, 0x65, 0xdd, 0x6e, 0x2c, 0xbf,
-    0x7d, 0x8f, 0x1d, 0xac, 0xbb, 0x0f, 0x38, 0xf0, 0xfb, 0x1b, 0xbf, 0xa0,
-    0xf8, 0x08, 0xde, 0xb2, 0x86, 0x7b, 0xdf, 0x30, 0xbf, 0xda, 0xce, 0xe0,
-    0x02, 0x1d, 0x65, 0xfb, 0xcf, 0xb3, 0xf1, 0x65, 0xf4, 0x1d, 0xb4, 0xb2,
-    0xd1, 0x31, 0xe4, 0xe8, 0xa2, 0xfa, 0x09, 0xa6, 0x59, 0x7f, 0xfe, 0xcd,
-    0xa7, 0x66, 0x17, 0xbe, 0xed, 0xc6, 0xde, 0xb2, 0xfd, 0xf8, 0x1b, 0x1a,
-    0xb2, 0x99, 0x36, 0x8d, 0x11, 0x1d, 0xf8, 0x8a, 0x3c, 0x43, 0xba, 0xaf,
-    0x7d, 0xf1, 0x38, 0x4b, 0x2e, 0x9e, 0xfc, 0xb2, 0xfa, 0x66, 0x32, 0x65,
-    0x97, 0xfa, 0x0e, 0xdf, 0x8c, 0x25, 0x97, 0x3f, 0x16, 0x51, 0xcf, 0xaf,
-    0xc4, 0xbb, 0xcc, 0x2f, 0xef, 0x46, 0xf2, 0x7e, 0x96, 0x5f, 0x8b, 0xb6,
-    0x2c, 0x59, 0x7f, 0xee, 0x0f, 0x44, 0xe6, 0x67, 0x5e, 0x59, 0x7f, 0x8c,
-    0x2c, 0xeb, 0xd9, 0xf5, 0x95, 0x87, 0xe8, 0xc8, 0x17, 0xfa, 0x1f, 0x6f,
-    0x1a, 0xfa, 0x59, 0x7e, 0x7d, 0x49, 0xce, 0xb2, 0x86, 0x9f, 0xe6, 0x42,
-    0x1f, 0xa3, 0x16, 0x2f, 0xfc, 0x26, 0x88, 0x80, 0x26, 0x96, 0x3a, 0xcb,
-    0xfd, 0xef, 0xbb, 0x71, 0xb7, 0xac, 0xb4, 0xf6, 0xb2, 0x88, 0xf2, 0xa7,
-    0xcd, 0x2f, 0xf7, 0x23, 0x08, 0x7f, 0x85, 0x97, 0xf4, 0x61, 0x0f, 0xf0,
-    0xb2, 0xf0, 0x75, 0x34, 0xe3, 0xdc, 0xe1, 0x8d, 0xfe, 0x32, 0x76, 0x0f,
-    0xf1, 0xbd, 0x65, 0xff, 0x83, 0x86, 0xe7, 0x83, 0x1d, 0x0d, 0x65, 0x41,
-    0xfc, 0x31, 0xc5, 0xfe, 0x20, 0xfb, 0x3c, 0x26, 0xcb, 0x2b, 0x47, 0xab,
-    0xe2, 0x0b, 0xff, 0xf3, 0x6b, 0xef, 0x38, 0x79, 0x2f, 0xc6, 0xf1, 0xc2,
-    0xcb, 0xfe, 0x30, 0x4f, 0xc7, 0x7f, 0x69, 0x96, 0x5f, 0x04, 0xf8, 0x35,
-    0x95, 0xd1, 0xef, 0xee, 0x9e, 0xdf, 0xff, 0xf7, 0xf2, 0x59, 0x2f, 0xe1,
-    0x61, 0xbf, 0x79, 0x64, 0x8e, 0xb2, 0xb1, 0x11, 0x7e, 0x26, 0xbf, 0x6a,
-    0x25, 0xcc, 0x59, 0x7c, 0xde, 0xcd, 0xeb, 0x2f, 0xf6, 0x19, 0xe2, 0x70,
-    0x71, 0x65, 0x41, 0xfe, 0xfc, 0x9f, 0xc4, 0x75, 0x25, 0xc1, 0x0c, 0x5b,
-    0xee, 0x10, 0x1a, 0x8c, 0x13, 0xe4, 0x45, 0x1a, 0x17, 0xa1, 0x3f, 0x7f,
-    0xfd, 0x05, 0xed, 0x43, 0x48, 0xb0, 0xef, 0x25, 0x97, 0xff, 0xa3, 0xbe,
-    0x07, 0xcd, 0xf6, 0x37, 0xec, 0xb2, 0xfe, 0x3c, 0x61, 0x7a, 0x7d, 0x65,
-    0xf6, 0x9b, 0xa9, 0x2c, 0xb7, 0x16, 0x5f, 0xa3, 0x0b, 0xd3, 0xeb, 0x2f,
-    0x71, 0xfa, 0x9c, 0x88, 0xc6, 0x2f, 0x98, 0x8c, 0xe2, 0x34, 0x34, 0xdd,
-    0x0e, 0x99, 0xe8, 0x6b, 0xdf, 0xf6, 0xe6, 0x0f, 0xf1, 0xb8, 0x50, 0xb2,
-    0x98, 0xfc, 0xdc, 0xda, 0xff, 0xb5, 0xb7, 0x7f, 0x6f, 0x87, 0xcb, 0x2b,
-    0xe7, 0xb8, 0xe4, 0x17, 0xf9, 0x8d, 0xd6, 0x6d, 0x1b, 0x2c, 0xbf, 0x41,
-    0xf7, 0x82, 0x4b, 0x2b, 0x87, 0xbf, 0xe3, 0x5b, 0xbc, 0xcb, 0x2e, 0x0e,
-    0x2c, 0xbb, 0x5c, 0x59, 0x52, 0x3e, 0x53, 0x48, 0x80, 0x2d, 0x3e, 0x2d,
-    0x7f, 0xfe, 0x90, 0x75, 0x1d, 0x99, 0x8d, 0xfe, 0xdb, 0x6d, 0xd5, 0x97,
-    0xb5, 0x1e, 0x59, 0x7e, 0xed, 0xb9, 0xf6, 0x59, 0x7f, 0x63, 0x17, 0x83,
-    0xf5, 0x95, 0xd1, 0xea, 0x7c, 0xa2, 0xfd, 0xd9, 0x37, 0x52, 0x59, 0x53,
-    0x26, 0x31, 0xc5, 0xcf, 0x38, 0x04, 0x8e, 0xf1, 0xe7, 0x62, 0xcb, 0xfb,
-    0x58, 0xdf, 0x81, 0xac, 0xbd, 0xa0, 0xf1, 0x65, 0xff, 0xf7, 0xe0, 0xb3,
-    0xdf, 0xcf, 0x7e, 0x02, 0x2b, 0x59, 0x7f, 0x36, 0xa7, 0x39, 0x01, 0x65,
-    0xef, 0xe7, 0x4b, 0x2f, 0xff, 0xf1, 0x9b, 0xbe, 0xcf, 0xce, 0x2c, 0xd9,
-    0xb0, 0xba, 0x97, 0x16, 0x5f, 0x8c, 0xf6, 0x7f, 0xb5, 0x95, 0x88, 0x91,
-    0x76, 0x7a, 0x84, 0xed, 0x86, 0x3d, 0x85, 0x8c, 0x3b, 0xf5, 0x27, 0x2e,
-    0x28, 0x57, 0x5f, 0xfe, 0xf1, 0x38, 0x3f, 0x8c, 0x30, 0xfb, 0x8b, 0x2f,
-    0xb7, 0xe0, 0xe1, 0x65, 0xf4, 0xb2, 0x3a, 0x59, 0x7f, 0xd1, 0xb0, 0x92,
-    0xf8, 0x5f, 0x65, 0x95, 0x08, 0xca, 0xc4, 0x99, 0x88, 0xf4, 0x45, 0x7f,
-    0xee, 0xa5, 0x3b, 0xef, 0xdc, 0x10, 0xd6, 0x5f, 0xc4, 0xc0, 0x3c, 0x6f,
-    0x59, 0x7b, 0x40, 0x3a, 0xca, 0x63, 0xcb, 0x09, 0x75, 0xfc, 0xc4, 0xfd,
-    0x96, 0x2c, 0xac, 0x46, 0xcf, 0x21, 0x1a, 0x12, 0x1b, 0xe2, 0xc6, 0x35,
-    0x65, 0xf3, 0x47, 0x5c, 0x59, 0x7e, 0x13, 0xc5, 0x00, 0x59, 0x47, 0x3e,
-    0xbf, 0x10, 0xef, 0x22, 0xbe, 0xf7, 0xb0, 0xc5, 0x97, 0xff, 0xa3, 0xc0,
-    0x89, 0x67, 0x5e, 0xd8, 0x26, 0x2c, 0xbf, 0x41, 0xf4, 0xf3, 0x2c, 0xbf,
-    0xfe, 0x6f, 0x4b, 0x35, 0x9c, 0x86, 0x1e, 0x1d, 0x65, 0xee, 0x38, 0x16,
-    0x54, 0x26, 0x65, 0x86, 0x2c, 0x47, 0xf4, 0xd7, 0x28, 0xf2, 0x6d, 0x2c,
-    0xbe, 0x83, 0xb4, 0x96, 0x5d, 0xf8, 0x91, 0xac, 0xd0, 0x5d, 0xe8, 0x23,
-    0x56, 0x5c, 0xf2, 0x59, 0x7e, 0x8e, 0xc9, 0xce, 0xb2, 0xff, 0xd1, 0x29,
-    0xd9, 0xf6, 0xd7, 0xdd, 0x65, 0x9b, 0xe7, 0xcd, 0xc2, 0x7a, 0x1a, 0x3a,
-    0xfa, 0x2c, 0xdc, 0x1c, 0xfb, 0xe5, 0xfa, 0x6e, 0x0c, 0x3b, 0x2c, 0xbf,
-    0xff, 0xfd, 0x1f, 0xfb, 0xf2, 0x77, 0xdd, 0xb9, 0xfc, 0x04, 0xed, 0x67,
-    0x9f, 0xa5, 0x97, 0xfe, 0xeb, 0x9d, 0xfd, 0x86, 0xda, 0xed, 0x65, 0xfc,
-    0xe0, 0xd6, 0x9b, 0x4b, 0x2f, 0x7a, 0x76, 0x2c, 0xa8, 0x4c, 0xcf, 0x45,
-    0x6e, 0xf6, 0x04, 0x21, 0x0b, 0x6f, 0x63, 0x01, 0x65, 0xf7, 0xc3, 0xd7,
-    0x96, 0x5f, 0xfd, 0xfc, 0x8d, 0x16, 0x1c, 0xe1, 0x99, 0x65, 0xfd, 0xe1,
-    0x00, 0x08, 0xe9, 0x65, 0xff, 0x37, 0x9b, 0x0e, 0x59, 0xb2, 0xca, 0x63,
-    0xe7, 0xf9, 0x85, 0xfd, 0xc6, 0x34, 0xef, 0xe5, 0x97, 0xfe, 0xdf, 0x06,
-    0xc9, 0x8a, 0x35, 0x0b, 0x2f, 0xff, 0xfd, 0xac, 0xdf, 0x05, 0xe9, 0xc2,
-    0x14, 0x7d, 0xdb, 0xd1, 0xee, 0x2c, 0xbb, 0xb1, 0x42, 0xcb, 0xe2, 0x7f,
-    0x9a, 0xb2, 0xf6, 0xc1, 0x92, 0xcb, 0xc5, 0x9c, 0x9c, 0x7b, 0x83, 0x1c,
-    0xc2, 0x2b, 0xe7, 0x04, 0x86, 0xb2, 0xff, 0x41, 0xfb, 0x27, 0xce, 0xd6,
-    0x50, 0xd5, 0x4c, 0x77, 0x0a, 0xbe, 0x88, 0x58, 0xbb, 0x47, 0xfb, 0xe1,
-    0x94, 0x62, 0x00, 0x84, 0x57, 0xd3, 0xb7, 0xee, 0xec, 0xb2, 0x86, 0xad,
-    0xa7, 0x25, 0x5e, 0x1b, 0x08, 0x2b, 0x6e, 0x2c, 0xb6, 0xe2, 0xcb, 0xd8,
-    0x3f, 0x2c, 0xb1, 0xd8, 0xd8, 0x68, 0x52, 0xef, 0x62, 0xcb, 0xff, 0x36,
-    0xfc, 0x1f, 0xf3, 0xbc, 0x25, 0x97, 0xfa, 0x0a, 0x00, 0xef, 0xba, 0xb2,
-    0xf6, 0x9e, 0x4b, 0x2f, 0xf0, 0xff, 0x9d, 0xfe, 0x34, 0xb2, 0x86, 0x88,
-    0x3d, 0x19, 0x90, 0xe5, 0xfb, 0x99, 0xed, 0x42, 0xcb, 0xff, 0xc2, 0xb2,
-    0x83, 0xbb, 0x7d, 0xfd, 0xf8, 0x59, 0x50, 0x9b, 0xcc, 0x85, 0x9a, 0x18,
-    0x5c, 0x2f, 0x09, 0x3d, 0xcf, 0xda, 0xcb, 0xf9, 0xa6, 0x7e, 0xf9, 0x25,
-    0x97, 0xff, 0xfc, 0x31, 0xe4, 0xfc, 0x6b, 0x08, 0x7f, 0x81, 0x00, 0x08,
-    0xe9, 0x65, 0x76, 0x8b, 0x0f, 0x8b, 0xb9, 0x7d, 0xff, 0xed, 0x43, 0x16,
-    0x7b, 0x91, 0xf7, 0x3a, 0xcb, 0xff, 0xfd, 0xf6, 0x21, 0xeb, 0x3b, 0xfc,
-    0x7f, 0x35, 0xa8, 0x35, 0x65, 0xf8, 0x3b, 0xad, 0x87, 0x59, 0x7e, 0xf3,
-    0x9d, 0xbc, 0xb2, 0x8d, 0x3d, 0x12, 0x2a, 0xbf, 0x7e, 0x32, 0x4e, 0xb2,
-    0xff, 0xcd, 0xe0, 0xe9, 0xf9, 0x38, 0xfe, 0x59, 0x50, 0x88, 0x91, 0x91,
-    0x39, 0x35, 0xfe, 0x6c, 0x39, 0x66, 0xce, 0xb2, 0xff, 0x71, 0xb7, 0x8e,
-    0x01, 0xb2, 0xca, 0xc3, 0xe7, 0x73, 0x1b, 0xef, 0x70, 0x01, 0x59, 0x79,
-    0x8f, 0xe5, 0x97, 0x88, 0x4f, 0x2c, 0xbf, 0x04, 0x6e, 0x40, 0x9c, 0x6e,
-    0x5c, 0x72, 0xa1, 0x13, 0x52, 0x5c, 0xbf, 0xbe, 0xde, 0x28, 0x3a, 0xcb,
-    0xe8, 0xde, 0x50, 0xb2, 0xf3, 0xcb, 0x16, 0x54, 0xc7, 0xd2, 0x72, 0xc2,
-    0x22, 0xa9, 0xed, 0x7a, 0x72, 0x11, 0x32, 0x39, 0xfe, 0xe1, 0xfc, 0xc6,
-    0x13, 0x23, 0xfe, 0x33, 0xb2, 0x84, 0xaf, 0xa1, 0x74, 0x18, 0x45, 0xdf,
-    0xff, 0x39, 0xc7, 0xf8, 0xfc, 0x1c, 0x3d, 0x4b, 0x8b, 0x2f, 0xff, 0x67,
-    0xbe, 0xd9, 0xd7, 0xb3, 0x7c, 0x71, 0x65, 0xbf, 0xf4, 0x4e, 0x12, 0x8d,
-    0xf3, 0xf3, 0xdb, 0x2c, 0xbf, 0x33, 0x82, 0x77, 0x96, 0x5f, 0xfc, 0xe5,
-    0xf8, 0x61, 0xb7, 0x32, 0x4b, 0x2f, 0x40, 0x04, 0x59, 0x7f, 0x66, 0xff,
-    0xb0, 0x26, 0x59, 0x58, 0x98, 0x11, 0xa5, 0x1f, 0x23, 0x72, 0x92, 0x41,
-    0xe0, 0xed, 0xc5, 0x0b, 0x2f, 0xbf, 0x1c, 0x85, 0x97, 0x84, 0x1e, 0x2c,
-    0xbc, 0x2b, 0xe0, 0xa1, 0x65, 0x6c, 0x7f, 0x03, 0x15, 0x72, 0x1e, 0x0e,
-    0xde, 0xe3, 0x71, 0x65, 0xf4, 0xe3, 0xce, 0xed, 0x65, 0xfd, 0xb4, 0xd2,
-    0x14, 0x6b, 0x65, 0x97, 0xb3, 0xb1, 0xac, 0xbe, 0xf6, 0x10, 0x16, 0x5f,
-    0xce, 0x64, 0x7b, 0x36, 0x59, 0x7f, 0x66, 0xb5, 0x10, 0x35, 0x95, 0x3d,
-    0xa3, 0x3b, 0x0d, 0x98, 0x74, 0x88, 0x67, 0xcb, 0xaf, 0xfe, 0xdb, 0xf8,
-    0x31, 0xb7, 0x59, 0xd7, 0x96, 0x5f, 0x6c, 0x20, 0x76, 0x59, 0x7d, 0x34,
-    0xa3, 0x65, 0x95, 0x07, 0x95, 0x84, 0xd7, 0xf3, 0x78, 0x02, 0x14, 0x96,
-    0x5f, 0x19, 0x37, 0x21, 0x65, 0xf3, 0x41, 0xf1, 0x65, 0xfa, 0x0d, 0xcf,
-    0x71, 0x65, 0xff, 0xfd, 0x84, 0xc3, 0xe6, 0x73, 0x99, 0xf6, 0xe0, 0x76,
-    0x59, 0x7f, 0x0f, 0x4f, 0xef, 0x85, 0x65, 0xcf, 0xe9, 0x22, 0x23, 0x8b,
-    0x57, 0xf3, 0x7c, 0x27, 0x3b, 0x2c, 0xbf, 0xf8, 0x32, 0xce, 0x4e, 0xf3,
-    0x4f, 0xe6, 0xcb, 0x2c, 0xd2, 0x3f, 0x72, 0x2d, 0xa8, 0x55, 0x3d, 0xb4,
-    0x24, 0x4d, 0x20, 0xe8, 0xbb, 0x44, 0x9f, 0x20, 0x28, 0x58, 0x7a, 0x14,
-    0xb6, 0x17, 0x3d, 0xba, 0xaa, 0x19, 0xe8, 0x94, 0x52, 0x50, 0x28, 0x21,
-    0x9e, 0x49, 0x02, 0xa8, 0xa2, 0x79, 0xa0, 0x44, 0xa2, 0x69, 0x2c, 0x8e,
-    0x50, 0xfe, 0x4e, 0x3e, 0xf7, 0x2a, 0xff, 0xa8, 0x72, 0xb4, 0x6b, 0x13,
-    0x47, 0xeb, 0xa8, 0xcb, 0xcf, 0x18, 0xaf, 0xe3, 0xd1, 0x78, 0xda, 0xc1,
-    0x1b, 0xa0, 0xad, 0x28, 0xa5, 0xc2, 0x72, 0x7b, 0x6b, 0xd2, 0x93, 0xc3,
-    0x0c, 0xed, 0xe7, 0x86, 0x0e, 0x4f, 0xc3, 0xd8, 0x49, 0x5d, 0xb7, 0xff,
-    0xc2, 0x99, 0xec, 0x52, 0xc2, 0x7f, 0x3a, 0x96, 0x6e, 0xf1, 0x65, 0xfe,
-    0x99, 0xbd, 0x9a, 0xf4, 0x2c, 0xbf, 0x61, 0x99, 0xf7, 0x59, 0x7f, 0xfd,
-    0xa6, 0xea, 0x5c, 0x6f, 0x7e, 0x35, 0xe8, 0x59, 0x7f, 0xa3, 0x4f, 0x33,
-    0xf2, 0x4b, 0x2f, 0x3b, 0xf6, 0xa8, 0xab, 0x97, 0xf3, 0x89, 0xff, 0xb9,
-    0xd6, 0x57, 0x67, 0xaf, 0xf2, 0x9b, 0xf9, 0xb5, 0xf7, 0x10, 0xeb, 0x2f,
-    0x9b, 0xd2, 0x85, 0x94, 0x34, 0x7e, 0x6a, 0x11, 0x5f, 0x23, 0xde, 0x5d,
-    0x7c, 0x5b, 0xbc, 0x75, 0x97, 0xc5, 0x93, 0x42, 0xcb, 0x6e, 0x2c, 0xbf,
-    0xfd, 0x1b, 0x79, 0x87, 0x85, 0x26, 0xf8, 0x56, 0x56, 0x1f, 0xf1, 0xc8,
-    0x7e, 0x29, 0x74, 0x1d, 0x65, 0xdc, 0x1a, 0xca, 0xd1, 0xad, 0x71, 0x6b,
-    0xfd, 0x1a, 0xf4, 0x14, 0x01, 0x65, 0xfe, 0x17, 0x9a, 0xed, 0xdf, 0xb5,
-    0x44, 0x78, 0xbf, 0x7d, 0xb5, 0xf7, 0x59, 0x78, 0xbc, 0xeb, 0x2e, 0xc1,
-    0xe1, 0xe1, 0x70, 0x9e, 0xa4, 0x8b, 0x13, 0xc2, 0x16, 0xff, 0x4a, 0x35,
-    0xb4, 0x6b, 0x65, 0x97, 0xff, 0xf1, 0x66, 0xef, 0x27, 0x70, 0x1b, 0xe7,
-    0x3f, 0x25, 0xa7, 0x59, 0x7f, 0x3f, 0xe0, 0xa0, 0x0b, 0x2b, 0x7a, 0x23,
-    0xe7, 0xd9, 0x2f, 0xfe, 0xda, 0x35, 0xde, 0x73, 0x98, 0x3c, 0x59, 0x50,
-    0x99, 0x8e, 0x43, 0x11, 0xca, 0x2f, 0xfb, 0xcc, 0x11, 0x5e, 0x4b, 0x69,
-    0x96, 0x5f, 0xff, 0xf6, 0x8b, 0x36, 0x9c, 0x59, 0xbc, 0xb3, 0x77, 0x93,
-    0xb8, 0x0d, 0xeb, 0x2f, 0xfb, 0x3d, 0xc1, 0x39, 0x3b, 0xb9, 0x2c, 0xbf,
-    0x8b, 0x3d, 0xcc, 0x31, 0x65, 0x42, 0x63, 0x78, 0x7e, 0x77, 0x17, 0x3e,
-    0xbf, 0xdd, 0xb7, 0x3e, 0xde, 0x65, 0x97, 0xec, 0xd9, 0xcb, 0xa5, 0x95,
-    0xd1, 0xed, 0x91, 0x9d, 0xfb, 0xde, 0xc2, 0x02, 0xcb, 0xfd, 0xba, 0xe3,
-    0x8c, 0x1b, 0x2c, 0xb0, 0xb9, 0xed, 0x90, 0x0b, 0x0c, 0x5b, 0x19, 0x8c,
-    0x9f, 0x23, 0x4c, 0x64, 0x49, 0xa1, 0x45, 0xa5, 0xbf, 0x90, 0x3c, 0x38,
-    0x8a, 0x35, 0x9e, 0x46, 0x9d, 0xe8, 0x4b, 0x08, 0x45, 0xba, 0x4f, 0x7b,
-    0xee, 0x75, 0x97, 0xed, 0x76, 0xef, 0xda, 0xa2, 0xc1, 0x5e, 0x36, 0x36,
-    0x59, 0x7f, 0x36, 0x8b, 0x37, 0xe2, 0xcb, 0xff, 0xf0, 0x5f, 0x63, 0xe4,
-    0xf8, 0x75, 0x9a, 0x90, 0x92, 0x59, 0x5f, 0x44, 0x41, 0x16, 0xdf, 0x7b,
-    0x4d, 0xd2, 0xcb, 0xf6, 0x16, 0x7b, 0x8b, 0x2f, 0xd9, 0xc0, 0xbf, 0x4b,
-    0x2f, 0xf6, 0x9c, 0xe2, 0x69, 0xfa, 0x59, 0x61, 0x70, 0x9e, 0x06, 0x0e,
-    0x1a, 0x6d, 0xdc, 0x29, 0x98, 0x89, 0xc8, 0xc8, 0x98, 0x42, 0x8b, 0xfc,
-    0x2f, 0x35, 0xdb, 0xbf, 0x6a, 0x8b, 0x29, 0x7f, 0xec, 0xf4, 0xb0, 0x13,
-    0xf9, 0xf0, 0xac, 0xbf, 0xfd, 0x8e, 0x3f, 0xe6, 0xb5, 0x1b, 0xcd, 0x85,
-    0x97, 0xdd, 0xbb, 0xf6, 0xa8, 0xb4, 0xd5, 0xb8, 0x7f, 0x7a, 0x4b, 0xbf,
-    0x16, 0x6c, 0xc6, 0x2c, 0xbf, 0xc3, 0xfb, 0xcd, 0xf6, 0x3a, 0xca, 0x58,
-    0xe6, 0xd2, 0xff, 0x41, 0xf0, 0x65, 0x1d, 0x2c, 0xbf, 0x0d, 0x81, 0x04,
-    0xb2, 0xfc, 0x1c, 0xd3, 0xf1, 0x65, 0x85, 0x8d, 0x3d, 0x6c, 0x85, 0xe7,
-    0x64, 0xa7, 0x5c, 0xf8, 0xd3, 0x99, 0x70, 0x9a, 0xfd, 0x3d, 0x4f, 0x62,
-    0xa0, 0xa8, 0x2a, 0x2c, 0xbe, 0x15, 0x27, 0xb9, 0xee, 0x78, 0x59, 0x53,
-    0xd1, 0xfc, 0xcf, 0x24, 0x2b, 0xfe, 0x14, 0x7d, 0x8c, 0x1b, 0xbf, 0x6b,
-    0x2f, 0xd3, 0xc8, 0x53, 0xcc, 0x85, 0x97, 0xfc, 0x2a, 0x4e, 0x99, 0xbe,
-    0x41, 0xf2, 0xcb, 0xfc, 0x21, 0xf3, 0xdc, 0x6e, 0x2c, 0xb3, 0x2c, 0xa1,
-    0x41, 0xe2, 0x4f, 0x9a, 0x5f, 0xc2, 0x96, 0xee, 0x3a, 0xe2, 0xcb, 0xfd,
-    0x1b, 0x69, 0xc7, 0xb3, 0xac, 0xbf, 0xff, 0x7d, 0xcb, 0xd2, 0xcd, 0x64,
-    0x11, 0x67, 0x96, 0x54, 0x91, 0x0a, 0xc6, 0x97, 0xff, 0xcf, 0xb3, 0xef,
-    0xe4, 0xe7, 0xdf, 0xdf, 0xdb, 0x4b, 0x2f, 0xdb, 0xdc, 0x78, 0x75, 0x97,
-    0xce, 0x09, 0xfc, 0x59, 0x7f, 0xdc, 0x8f, 0xc0, 0xfe, 0xe6, 0xac, 0xa9,
-    0xc7, 0xbb, 0xe2, 0x4b, 0xb3, 0x7a, 0xcb, 0x72, 0x0d, 0xe1, 0x12, 0x5f,
-    0xbd, 0x05, 0x13, 0x2c, 0xbd, 0x1d, 0x71, 0x65, 0x61, 0xe2, 0x1c, 0x9e,
-    0xfe, 0x3b, 0x6e, 0xc1, 0x32, 0xcb, 0xdb, 0xa3, 0x85, 0x94, 0xc7, 0x9a,
-    0x12, 0xeb, 0xf4, 0x17, 0x7f, 0x85, 0x97, 0xff, 0x67, 0xbe, 0xc7, 0xcf,
-    0x70, 0x4e, 0x2c, 0xbf, 0xf6, 0x38, 0x22, 0x5a, 0x8c, 0x25, 0x95, 0xda,
-    0x20, 0x19, 0x16, 0xf9, 0xb7, 0xff, 0x7a, 0xcb, 0xee, 0x41, 0x4c, 0xb2,
-    0xfa, 0x37, 0x66, 0xc5, 0x94, 0xe7, 0x8e, 0x44, 0x57, 0xfb, 0x75, 0x81,
-    0x39, 0xfe, 0x15, 0x95, 0x25, 0x78, 0x43, 0x22, 0xc5, 0x76, 0x86, 0x14,
-    0xcd, 0x3f, 0x6e, 0x01, 0x09, 0x42, 0x9f, 0x84, 0x7e, 0x6d, 0xdd, 0x20,
-    0xbf, 0xc7, 0x10, 0xe0, 0x3b, 0x01, 0x65, 0xfa, 0x76, 0xb4, 0x1f, 0xac,
-    0xbf, 0x31, 0xb0, 0x5d, 0xac, 0xae, 0x1e, 0x9f, 0x8a, 0xea, 0x11, 0x55,
-    0x90, 0x88, 0xbc, 0xd9, 0xb2, 0xcb, 0xff, 0xdd, 0xfd, 0xbe, 0xda, 0x89,
-    0x8c, 0xcf, 0xac, 0xaf, 0x9f, 0x41, 0x0e, 0x5e, 0x01, 0x62, 0xcb, 0x8b,
-    0x16, 0x54, 0xe3, 0x60, 0x01, 0xbb, 0xff, 0x71, 0xa7, 0x7d, 0xf5, 0x1b,
-    0xe1, 0x65, 0xff, 0x1d, 0xe5, 0x3e, 0x1f, 0xb6, 0x96, 0x56, 0xc8, 0xa0,
-    0xd1, 0x19, 0xd0, 0x6f, 0xcf, 0xcf, 0x40, 0xd6, 0x54, 0x1e, 0xc0, 0x4c,
-    0x6f, 0xf3, 0xea, 0x4f, 0xe7, 0xed, 0x65, 0xff, 0xec, 0xc2, 0xc0, 0x16,
-    0x7b, 0xf9, 0x25, 0x95, 0x09, 0xf1, 0xfe, 0x34, 0x90, 0x90, 0xee, 0x99,
-    0xdf, 0xfc, 0x72, 0x73, 0x4b, 0x01, 0xb6, 0x18, 0xb2, 0xff, 0xf1, 0x61,
-    0xbf, 0x79, 0x7c, 0xc7, 0x10, 0xeb, 0x2d, 0xf8, 0x44, 0x8e, 0x22, 0xdf,
-    0xa2, 0x5c, 0x3c, 0x96, 0x5f, 0x40, 0x91, 0xf5, 0x97, 0x36, 0xcb, 0x2f,
-    0x3b, 0xf6, 0xa8, 0xb7, 0x17, 0xef, 0x73, 0x8d, 0x32, 0xca, 0xd8, 0xfa,
-    0x7b, 0x17, 0x10, 0xa6, 0xff, 0xcd, 0xaf, 0xbe, 0x6b, 0x66, 0xd9, 0x65,
-    0xf4, 0xd0, 0x3c, 0x59, 0x7f, 0x00, 0xf9, 0xc0, 0x92, 0xcb, 0xfd, 0xee,
-    0x46, 0xb5, 0x86, 0x2c, 0xa6, 0x3e, 0x17, 0x2d, 0xbf, 0xf6, 0x6b, 0x0a,
-    0x77, 0xf3, 0xa3, 0x16, 0x5f, 0x88, 0x0f, 0xd7, 0x16, 0x54, 0x1f, 0x4b,
-    0xa0, 0xd4, 0x95, 0x3b, 0x9a, 0x4f, 0xd1, 0x46, 0xa1, 0x17, 0xf3, 0x27,
-    0x3f, 0x28, 0x41, 0xf2, 0x11, 0x37, 0xfe, 0x71, 0x93, 0xef, 0xfc, 0x4d,
-    0xc5, 0x97, 0xdb, 0xe3, 0xb2, 0x59, 0x7f, 0x10, 0x26, 0x28, 0x3a, 0xca,
-    0x35, 0x12, 0x27, 0x40, 0x72, 0x4b, 0xc7, 0x26, 0x59, 0x62, 0x59, 0x6e,
-    0xd6, 0x5f, 0xf7, 0xc2, 0xfc, 0xcc, 0x23, 0x56, 0x5f, 0xff, 0xa3, 0xb9,
-    0xd9, 0xf6, 0xd4, 0x7f, 0x08, 0x70, 0xb2, 0xfd, 0xc7, 0xe9, 0xc6, 0xb2,
-    0xcc, 0x34, 0x5a, 0x9c, 0xe3, 0xca, 0xb7, 0xf9, 0xc5, 0x96, 0x6d, 0x06,
-    0xac, 0xa8, 0x4d, 0x73, 0x06, 0xd8, 0x43, 0xf0, 0xc7, 0x23, 0x5b, 0xfe,
-    0x87, 0x2f, 0xe6, 0x17, 0x6b, 0x2f, 0xf7, 0xbc, 0xdb, 0x1e, 0x09, 0x65,
-    0xff, 0x04, 0xb6, 0x27, 0xd3, 0xc9, 0x65, 0x49, 0x14, 0x38, 0x6d, 0xc3,
-    0x3b, 0xfc, 0x41, 0x3c, 0x73, 0xcc, 0xb2, 0xfd, 0x1a, 0xd6, 0x6e, 0xac,
-    0xbd, 0xa6, 0xe9, 0x65, 0x41, 0xfc, 0x91, 0x97, 0x8a, 0xaf, 0xf0, 0x46,
-    0x59, 0xbd, 0xe4, 0xb2, 0xff, 0xfd, 0xf9, 0xa7, 0x1c, 0x3e, 0x6d, 0xb3,
-    0xc6, 0xe7, 0xd6, 0x5f, 0xc5, 0x13, 0x4d, 0x80, 0x59, 0x7f, 0xfa, 0x36,
-    0xf3, 0x0f, 0x0a, 0x4d, 0xf0, 0xac, 0xbf, 0xe9, 0x36, 0xfc, 0xfb, 0x96,
-    0xcb, 0x2f, 0x46, 0x69, 0x65, 0xfe, 0xfc, 0x49, 0xa7, 0xf0, 0xeb, 0x28,
-    0x67, 0xa1, 0xc1, 0xbb, 0xf4, 0xee, 0xb8, 0xc6, 0xac, 0xad, 0x8f, 0x3b,
-    0xa2, 0x2a, 0xe9, 0x1f, 0x8f, 0x0d, 0x8b, 0xff, 0x67, 0xdb, 0x43, 0xfc,
-    0x17, 0x6b, 0x2f, 0xfc, 0x59, 0xee, 0x44, 0xef, 0x67, 0x6b, 0x2f, 0xa7,
-    0x7b, 0x00, 0xb2, 0xa4, 0x8a, 0x26, 0x3e, 0xfa, 0x05, 0xfe, 0xea, 0x50,
-    0x5e, 0xc0, 0x2c, 0xbe, 0xe0, 0x1b, 0xcb, 0x2a, 0x4a, 0xd4, 0x3b, 0x34,
-    0x65, 0xbf, 0x97, 0x3c, 0x68, 0xbc, 0x86, 0x50, 0x4b, 0xc4, 0x33, 0xbf,
-    0x3e, 0xbd, 0x9f, 0x59, 0x7f, 0xe6, 0x04, 0x48, 0x7f, 0x82, 0xed, 0x65,
-    0x48, 0xf9, 0x7c, 0x4f, 0x7f, 0x7a, 0x59, 0xac, 0xe2, 0xca, 0x59, 0x78,
-    0x2f, 0xe5, 0x97, 0x06, 0x16, 0x54, 0x8d, 0x97, 0x87, 0x29, 0x65, 0xf7,
-    0x5d, 0xb6, 0x96, 0x5c, 0x71, 0x78, 0x88, 0xde, 0x8f, 0x4e, 0x43, 0xe0,
-    0xbb, 0xec, 0x19, 0x0d, 0x65, 0x41, 0xf6, 0x6f, 0x4b, 0xbf, 0xe2, 0xf7,
-    0xde, 0x41, 0x71, 0x16, 0x54, 0x27, 0x49, 0x84, 0x4d, 0x19, 0x33, 0x91,
-    0xdf, 0x7a, 0x70, 0xa8, 0x4b, 0x2f, 0x3b, 0x6c, 0xb2, 0xb0, 0xf1, 0x4d,
-    0x29, 0xb3, 0x2c, 0xb4, 0xfa, 0xcb, 0x10, 0x0d, 0x27, 0x84, 0x2f, 0x4e,
-    0x9e, 0x27, 0x85, 0x97, 0xfd, 0x21, 0x79, 0xae, 0xdd, 0xfb, 0x54, 0x50,
-    0xeb, 0xf4, 0xa7, 0x6f, 0x3c, 0x2c, 0xa8, 0x4c, 0x29, 0x91, 0xa6, 0x26,
-    0x72, 0x92, 0x49, 0xbd, 0xa3, 0x7b, 0x59, 0x7d, 0x1d, 0xe1, 0xd6, 0x54,
-    0x8f, 0x04, 0x03, 0xf7, 0xd1, 0xb8, 0x18, 0x59, 0x7a, 0x6c, 0x1a, 0xcb,
-    0xd3, 0x47, 0x96, 0x54, 0x1b, 0xa0, 0x8e, 0xd6, 0x91, 0x40, 0x02, 0x2e,
-    0x2f, 0x5c, 0x11, 0x16, 0x5f, 0xb8, 0xff, 0xce, 0xd6, 0x57, 0x47, 0x81,
-    0xc1, 0x8b, 0xc3, 0x83, 0xac, 0xbf, 0xec, 0x81, 0xfe, 0x37, 0x62, 0x65,
-    0x97, 0xf8, 0x0d, 0xff, 0xe0, 0x1d, 0x65, 0x1c, 0xfb, 0x40, 0x77, 0x7f,
-    0xec, 0xf7, 0x3f, 0x9a, 0xd6, 0x18, 0xb2, 0xff, 0xc5, 0xba, 0xe4, 0xe7,
-    0x1e, 0x0d, 0x65, 0x42, 0x77, 0x98, 0xe0, 0xc4, 0x6f, 0x08, 0x91, 0x08,
-    0xb7, 0x4f, 0xef, 0xfc, 0xe3, 0x81, 0xfd, 0x89, 0x8e, 0xb2, 0xff, 0xdb,
-    0xdf, 0x5c, 0x7f, 0xf2, 0x36, 0x59, 0x7f, 0xb8, 0x1e, 0xf3, 0xc5, 0x0b,
-    0x28, 0xe8, 0xb0, 0xf9, 0xe7, 0x90, 0x6f, 0x7b, 0x3b, 0x59, 0x76, 0x76,
-    0xb2, 0xd9, 0x38, 0xda, 0x78, 0x76, 0xff, 0xbe, 0xfa, 0xeb, 0xd0, 0xdb,
-    0x2c, 0xbf, 0xc5, 0xdc, 0xe9, 0xbb, 0xfc, 0xcb, 0x2a, 0x47, 0xe8, 0xe7,
-    0x54, 0x48, 0xbd, 0x0c, 0x27, 0x2f, 0xf4, 0xa3, 0x5b, 0x46, 0xb6, 0x59,
-    0x7d, 0x0f, 0xa0, 0x2c, 0xbf, 0xdd, 0xb7, 0x30, 0x6f, 0xda, 0xca, 0x19,
-    0xea, 0xfc, 0x86, 0xfc, 0xfc, 0xdf, 0x9c, 0x59, 0x7e, 0x7f, 0x4e, 0x88,
-    0x59, 0x50, 0x8f, 0xdc, 0x84, 0x50, 0x08, 0x82, 0x53, 0x7e, 0x9d, 0xfc,
-    0x03, 0xac, 0xbf, 0xda, 0x8f, 0xb8, 0xe4, 0x75, 0x97, 0xfc, 0x76, 0xf4,
-    0xfe, 0x13, 0x9a, 0xb2, 0xfe, 0x93, 0xeb, 0x3a, 0xf2, 0xcb, 0xf8, 0x6e,
-    0x7f, 0xb1, 0x8b, 0x2a, 0x0f, 0x73, 0x0b, 0xaf, 0xfb, 0x3d, 0xc1, 0x39,
-    0xa7, 0xe2, 0xcb, 0xc3, 0xdb, 0x65, 0x97, 0xe6, 0xf7, 0x1d, 0x96, 0x5f,
-    0xf6, 0x81, 0xa7, 0x2f, 0x60, 0x16, 0x56, 0xc9, 0xe5, 0x0c, 0xa7, 0x0c,
-    0xf5, 0x09, 0x73, 0x90, 0x39, 0xd0, 0x07, 0xc2, 0x4d, 0x78, 0x4d, 0x49,
-    0x65, 0xfc, 0x27, 0x83, 0x19, 0xb2, 0xcb, 0xf8, 0x1f, 0x76, 0xf8, 0x56,
-    0x54, 0x8f, 0xea, 0x61, 0xed, 0x17, 0xdf, 0xfd, 0xd9, 0x47, 0x8b, 0x37,
-    0xe6, 0xa4, 0xb2, 0xfc, 0xfc, 0xe6, 0xdc, 0x59, 0x7b, 0x87, 0x75, 0x97,
-    0xf8, 0x8d, 0x13, 0xff, 0x0f, 0x16, 0x54, 0xc7, 0xa4, 0x11, 0xcb, 0xff,
-    0x83, 0xcf, 0xbc, 0xa0, 0x87, 0x9f, 0x59, 0x7f, 0xc2, 0x40, 0x26, 0x94,
-    0x6b, 0x65, 0x97, 0xf1, 0x3f, 0x84, 0x8e, 0xd6, 0x51, 0xcf, 0xa8, 0x8f,
-    0x2f, 0x88, 0x1b, 0x01, 0x65, 0xff, 0xfe, 0x9b, 0x8c, 0x39, 0xd3, 0x31,
-    0x6f, 0x79, 0x9f, 0xc1, 0x85, 0x95, 0x88, 0xaa, 0x62, 0x17, 0x23, 0xbf,
-    0xe3, 0xf2, 0x76, 0x0e, 0x0b, 0xcb, 0x2f, 0xf7, 0x27, 0x7a, 0x70, 0xf0,
-    0x96, 0x58, 0x0b, 0x2b, 0xa3, 0xc8, 0xd1, 0xbd, 0x42, 0x29, 0x5a, 0x10,
-    0x57, 0xf0, 0x7b, 0xfc, 0x6b, 0x16, 0x5f, 0x75, 0xcf, 0x32, 0xca, 0xc3,
-    0xd1, 0x72, 0xea, 0x85, 0x7a, 0x78, 0x60, 0x6a, 0x2b, 0x3d, 0xe8, 0x8f,
-    0xf1, 0xab, 0x94, 0x34, 0xb8, 0xef, 0x7e, 0x70, 0x9b, 0x02, 0x2c, 0xbf,
-    0x0a, 0x33, 0x51, 0xc5, 0x95, 0x31, 0xea, 0x11, 0x4d, 0xfd, 0x9e, 0x61,
-    0xe1, 0xd6, 0x5f, 0x14, 0x98, 0xeb, 0x2d, 0x3a, 0x63, 0xcd, 0x72, 0xcb,
-    0xf9, 0x8b, 0x7b, 0xcc, 0x2a, 0x96, 0x5f, 0xd1, 0x37, 0x52, 0xcd, 0xeb,
-    0x2a, 0x63, 0xe6, 0xe1, 0xad, 0x0d, 0x16, 0x6f, 0x09, 0x0b, 0xff, 0xf0,
-    0xff, 0x02, 0x0b, 0xf1, 0x38, 0x39, 0xc8, 0x02, 0x4b, 0x87, 0x8b, 0x2f,
-    0xdb, 0x46, 0xcf, 0xc5, 0x95, 0x88, 0x97, 0x65, 0x87, 0x16, 0xbf, 0xb7,
-    0x5c, 0x07, 0x8e, 0x2c, 0xba, 0x00, 0xb2, 0xc1, 0x58, 0x21, 0x6d, 0x5f,
-    0x3e, 0x70, 0x23, 0x5f, 0xfb, 0x9b, 0xde, 0x6d, 0x9c, 0x9e, 0x65, 0x97,
-    0xfe, 0x8d, 0xd9, 0x9f, 0x7b, 0xfb, 0x7c, 0x2c, 0xbf, 0xf6, 0x0e, 0x25,
-    0x1a, 0x3f, 0xba, 0x59, 0x7f, 0x38, 0x26, 0x28, 0x1a, 0xcb, 0xfe, 0x2c,
-    0xd8, 0x7f, 0xc2, 0xf2, 0xcb, 0xde, 0x6e, 0x2c, 0xa8, 0x4d, 0xa6, 0x62,
-    0x2d, 0x21, 0x1d, 0x17, 0xe7, 0xe4, 0x5b, 0xc3, 0x8a, 0x9e, 0x9d, 0x55,
-    0x6c, 0xf0, 0x5a, 0x2a, 0x1f, 0x0a, 0xa3, 0x19, 0xe7, 0x08, 0x51, 0x56,
-    0x53, 0x13, 0x8f, 0x52, 0x8d, 0x3c, 0x72, 0x9c, 0x72, 0x5a, 0x71, 0xb1,
-    0x89, 0xf7, 0x1c, 0x67, 0x50, 0xed, 0x68, 0x54, 0x4d, 0x2d, 0xf7, 0x52,
-    0xa1, 0xcf, 0x1c, 0x7f, 0xe5, 0x72, 0xbc, 0x61, 0xa0, 0x8c, 0x84, 0xa3,
-    0x24, 0xe4, 0xa0, 0xaf, 0x4e, 0x61, 0x86, 0x19, 0xfb, 0xe3, 0x22, 0x9f,
-    0x85, 0xf0, 0x91, 0xfe, 0xdf, 0xfd, 0xac, 0xeb, 0xbf, 0xb7, 0xb8, 0xfd,
-    0x2c, 0xbe, 0x00, 0x85, 0x25, 0x97, 0x76, 0x2c, 0x07, 0xd5, 0xe4, 0x7a,
-    0x16, 0xaa, 0xe0, 0x32, 0xa1, 0xef, 0xa3, 0x52, 0x3a, 0xcb, 0xee, 0xb8,
-    0xfb, 0x8b, 0x2f, 0xd8, 0x30, 0xfb, 0x8b, 0x2f, 0xf3, 0xfd, 0xc4, 0x3e,
-    0x71, 0x65, 0xe7, 0xd1, 0xab, 0x2c, 0x2f, 0x64, 0x60, 0x31, 0x11, 0x13,
-    0x6f, 0x28, 0x30, 0xce, 0xff, 0x0b, 0xcd, 0x76, 0xef, 0xda, 0xa2, 0xf3,
-    0x54, 0x3f, 0x64, 0x04, 0x9e, 0x47, 0x1b, 0xee, 0x5a, 0xb2, 0xce, 0xa9,
-    0x46, 0xba, 0x95, 0x7e, 0x77, 0xdf, 0xca, 0x19, 0x2b, 0x5c, 0x9f, 0xc8,
-    0x77, 0x6f, 0x54, 0xbf, 0xc2, 0xf3, 0x5d, 0xbb, 0xf6, 0xa8, 0xa5, 0x97,
-    0x4f, 0x73, 0xcd, 0x65, 0xde, 0xd9, 0x65, 0xf9, 0x85, 0xf3, 0x19, 0x65,
-    0xff, 0xfb, 0xf8, 0x58, 0x6f, 0xde, 0x5f, 0x31, 0xc4, 0x3a, 0xcb, 0xee,
-    0xdd, 0xfb, 0x54, 0x58, 0x4a, 0x92, 0x21, 0xf4, 0xaf, 0x70, 0xf1, 0x65,
-    0xcd, 0xd2, 0xcb, 0x7a, 0x0d, 0x6e, 0x85, 0xaf, 0xff, 0xb0, 0x87, 0x1f,
-    0x8e, 0xbd, 0x84, 0xe7, 0x59, 0x78, 0x83, 0xda, 0xca, 0x83, 0xea, 0x74,
-    0xdb, 0x71, 0x65, 0xfc, 0x1d, 0x36, 0xce, 0x75, 0x96, 0x17, 0x3c, 0xd5,
-    0x14, 0x41, 0x10, 0xc6, 0x32, 0x15, 0xec, 0xa0, 0x78, 0x48, 0x70, 0x82,
-    0x7c, 0x46, 0xff, 0x0b, 0xcd, 0x76, 0xef, 0xda, 0xa2, 0xcb, 0x5a, 0x4b,
-    0x2e, 0xd1, 0xab, 0x2f, 0x85, 0x9b, 0x3c, 0xe7, 0xa5, 0x94, 0x92, 0xf0,
-    0xb1, 0x0e, 0xb2, 0xbb, 0x3d, 0xce, 0x18, 0x84, 0x2e, 0x8d, 0x45, 0xa9,
-    0x08, 0xf1, 0xd2, 0xe8, 0xfa, 0xcb, 0x01, 0x65, 0xc6, 0xec, 0xb2, 0xda,
-    0x91, 0xaa, 0xc1, 0x1a, 0xec, 0xf9, 0x9d, 0x02, 0xc0, 0x59, 0x63, 0x56,
-    0x53, 0x1a, 0x3f, 0x08, 0xdf, 0xff, 0x86, 0xde, 0xfe, 0x0d, 0xb0, 0x6f,
-    0xb3, 0x92, 0xcb, 0xfe, 0x7e, 0x8b, 0x3a, 0xf4, 0x1a, 0xb2, 0xff, 0x6d,
-    0xd7, 0x20, 0x7e, 0x65, 0x97, 0xe8, 0xcd, 0xf1, 0xc5, 0x96, 0x87, 0x3d,
-    0xd3, 0x0d, 0x6a, 0x13, 0x11, 0x75, 0x32, 0x84, 0xbd, 0xf3, 0xca, 0x43,
-    0x59, 0x7f, 0xf6, 0xbe, 0xe3, 0x28, 0x0f, 0x7f, 0x75, 0x97, 0xed, 0x47,
-    0x9f, 0xeb, 0x29, 0x8f, 0xad, 0xd1, 0x2f, 0x18, 0x61, 0x89, 0x2f, 0xfa,
-    0x25, 0xd7, 0xb5, 0x19, 0xd2, 0x41, 0x66, 0x82, 0xff, 0x82, 0xfd, 0x67,
-    0x9b, 0xa3, 0x16, 0x5d, 0x1c, 0x59, 0x43, 0x4d, 0xab, 0xf0, 0x8d, 0x24,
-    0x0e, 0x26, 0x6f, 0x3b, 0xba, 0x79, 0xcf, 0x4b, 0x2f, 0xe6, 0x7e, 0x03,
-    0x81, 0x59, 0x7f, 0xf3, 0x49, 0xf8, 0xe4, 0x1e, 0xf3, 0x89, 0x2f, 0xff,
-    0xef, 0xb7, 0xbf, 0x9c, 0x2c, 0x38, 0x79, 0xf7, 0x92, 0xcb, 0xfd, 0x12,
-    0xf3, 0xfd, 0xc6, 0xb2, 0xf9, 0xfc, 0x6f, 0x16, 0x54, 0x23, 0xcb, 0x10,
-    0xf4, 0xb4, 0xe6, 0x57, 0xcd, 0xdb, 0xe9, 0x65, 0xa4, 0xb2, 0xd2, 0x59,
-    0x69, 0x2c, 0xbc, 0x61, 0x86, 0x2c, 0xb7, 0x69, 0x05, 0x9a, 0x0a, 0x83,
-    0xf7, 0x34, 0x45, 0x84, 0x40, 0x63, 0x4b, 0x2f, 0xc1, 0xe7, 0xde, 0x4b,
-    0x30, 0x97, 0x7f, 0xfd, 0xc6, 0xef, 0x0b, 0x50, 0x58, 0x3c, 0x35, 0x65,
-    0x1d, 0x10, 0x7e, 0x35, 0xb7, 0x4b, 0x2c, 0x6a, 0xcb, 0x05, 0x65, 0x11,
-    0xa3, 0xe0, 0x95, 0x61, 0xfc, 0x70, 0x8f, 0xc6, 0xb7, 0x70, 0xd5, 0x96,
-    0xc5, 0x97, 0x04, 0x10, 0x6a, 0x06, 0x31, 0x73, 0x42, 0xcb, 0xf8, 0xa0,
-    0xe5, 0x18, 0xb2, 0xff, 0xe8, 0x7d, 0x7b, 0xf8, 0x30, 0xfb, 0x8b, 0x2e,
-    0x94, 0x2c, 0xbd, 0xc1, 0x9a, 0xb2, 0xb6, 0x47, 0x18, 0xcb, 0x26, 0x15,
-    0xf9, 0x50, 0x51, 0x04, 0x16, 0xbf, 0xfd, 0x9d, 0x78, 0x4f, 0x37, 0xbf,
-    0x83, 0x65, 0x97, 0xff, 0xff, 0xa3, 0xdc, 0x6e, 0x72, 0x3d, 0xf6, 0x8d,
-    0x00, 0xef, 0x29, 0x78, 0xd5, 0x94, 0x6a, 0x30, 0xfe, 0x97, 0x73, 0x74,
-    0xb2, 0xf0, 0x25, 0xf5, 0x97, 0x41, 0xd6, 0x5f, 0xff, 0xa0, 0x83, 0x29,
-    0x47, 0xbf, 0x87, 0x12, 0x00, 0xb2, 0xff, 0xe6, 0xda, 0x3e, 0xd1, 0xee,
-    0x07, 0x8b, 0x2f, 0xfe, 0x0c, 0xb3, 0x9a, 0x86, 0x93, 0xf1, 0x25, 0x9b,
-    0x48, 0x87, 0x24, 0x4a, 0x92, 0x60, 0x7e, 0x86, 0xe5, 0xdd, 0x8b, 0x86,
-    0x59, 0xfe, 0xd0, 0x96, 0x92, 0x28, 0xe3, 0x31, 0xc8, 0xe7, 0x4d, 0x51,
-    0xec, 0x8b, 0x51, 0x8f, 0xfc, 0xe9, 0xe1, 0x32, 0x51, 0xa0, 0xf2, 0x33,
-    0x9f, 0x46, 0x3b, 0xbc, 0x90, 0xc1, 0x79, 0xf1, 0xd1, 0x23, 0x19, 0xbf,
-    0xfc, 0x2c, 0xef, 0x21, 0x79, 0xae, 0xdd, 0xfb, 0x54, 0x51, 0x8b, 0xe6,
-    0xf3, 0xcf, 0xac, 0xbf, 0x9f, 0x40, 0x3c, 0x01, 0x65, 0xf4, 0x6a, 0x00,
-    0xb2, 0xfe, 0x81, 0xc1, 0xe0, 0x45, 0x95, 0x32, 0x27, 0xfe, 0x49, 0xbc,
-    0xb4, 0x42, 0x1b, 0xf8, 0x9f, 0xdf, 0x69, 0x96, 0x5f, 0x66, 0x13, 0x2c,
-    0xbf, 0x7e, 0x36, 0xc1, 0xac, 0xbf, 0x13, 0x82, 0x04, 0x59, 0x7f, 0xb3,
-    0xdc, 0x13, 0x68, 0xd9, 0x65, 0xff, 0xb0, 0x19, 0x93, 0x18, 0xfd, 0x71,
-    0x65, 0xff, 0x9b, 0xa9, 0x70, 0xb3, 0xdf, 0x0a, 0xcb, 0xfe, 0x6d, 0x7f,
-    0x30, 0xa5, 0xc5, 0x95, 0x23, 0xf6, 0xec, 0xfe, 0xf9, 0xf7, 0xe1, 0x2c,
-    0xbf, 0xff, 0xec, 0x3f, 0xda, 0x3c, 0x59, 0xef, 0xe1, 0x61, 0x8e, 0x05,
-    0x95, 0xd2, 0x2a, 0x34, 0x47, 0xf2, 0x2b, 0xb7, 0x37, 0x56, 0x5f, 0xf9,
-    0xe5, 0xdf, 0xd8, 0xf1, 0xa3, 0x56, 0x5f, 0xfd, 0x3e, 0xe4, 0x0c, 0xf4,
-    0x13, 0x01, 0x65, 0x85, 0xc2, 0xb4, 0x2c, 0x41, 0x34, 0xb6, 0x61, 0xff,
-    0x94, 0x00, 0x9c, 0x8d, 0xbd, 0x1a, 0xf0, 0x4c, 0x4c, 0x1d, 0x11, 0x02,
-    0xa4, 0xda, 0xa3, 0x6a, 0x53, 0x59, 0xe1, 0x16, 0xf4, 0xc3, 0x7e, 0x46,
-    0x67, 0xe9, 0xc3, 0xdb, 0xff, 0x85, 0xbc, 0x85, 0xe6, 0xbb, 0x77, 0xed,
-    0x51, 0x1c, 0xaf, 0xff, 0x0b, 0x3b, 0xc8, 0x5e, 0x6b, 0xb7, 0x7e, 0xd5,
-    0x13, 0x92, 0xff, 0x0b, 0xcd, 0x76, 0xef, 0xda, 0xa2, 0xcc, 0x5d, 0xe0,
-    0x2c, 0xbf, 0x67, 0xcb, 0x34, 0xb2, 0xf6, 0xd1, 0xa5, 0x97, 0xe9, 0x71,
-    0xce, 0x2f, 0xe7, 0xb4, 0x42, 0xfc, 0x26, 0xbe, 0x15, 0x73, 0xd4, 0xf4,
-    0x2a, 0xd6, 0x5f, 0xe1, 0xe1, 0xe3, 0xa8, 0x3a, 0xca, 0x9e, 0x8f, 0xb0,
-    0x55, 0x9c, 0xdb, 0x7a, 0xcb, 0xfd, 0xa8, 0xf7, 0xdf, 0xa9, 0x2c, 0xbf,
-    0xff, 0xfe, 0x89, 0xbf, 0x1e, 0x81, 0x1b, 0x53, 0x47, 0xf3, 0x7e, 0x7f,
-    0x07, 0xbf, 0x16, 0x50, 0x11, 0x6a, 0x46, 0x97, 0xfd, 0x9c, 0x7f, 0x00,
-    0x42, 0x92, 0xcb, 0x01, 0x65, 0xfd, 0xcd, 0x6b, 0x3a, 0xe2, 0xca, 0x9e,
-    0x8f, 0x03, 0x04, 0x6f, 0x6b, 0x0e, 0xb2, 0xf9, 0x8b, 0x38, 0xb2, 0xd9,
-    0xe3, 0x79, 0xba, 0x39, 0x7f, 0xff, 0xef, 0xc1, 0x07, 0x9c, 0x81, 0x3c,
-    0xc4, 0x19, 0x67, 0x3c, 0xcb, 0x2f, 0xc5, 0x9b, 0xf0, 0x96, 0x5f, 0x7b,
-    0xcd, 0xa5, 0x97, 0x70, 0x0b, 0x2a, 0x48, 0xcb, 0x66, 0xbd, 0x13, 0xf8,
-    0x8a, 0xde, 0x59, 0x6d, 0xd5, 0x95, 0x3e, 0x69, 0x44, 0x11, 0xbc, 0xe5,
-    0xda, 0xcb, 0xdc, 0x8e, 0x2c, 0xba, 0x7f, 0x8b, 0x2f, 0xce, 0x66, 0xd8,
-    0x62, 0xca, 0xd8, 0xf1, 0x08, 0x6a, 0xe1, 0x47, 0xd6, 0x59, 0x96, 0x5f,
-    0xe8, 0xe4, 0x7b, 0x6c, 0x31, 0x65, 0x98, 0xe7, 0x88, 0x42, 0x17, 0x77,
-    0x25, 0x97, 0xef, 0x70, 0xa2, 0x4b, 0x2f, 0x8c, 0xf4, 0x1a, 0xb2, 0xa0,
-    0xf8, 0xf0, 0x61, 0x89, 0xef, 0xfc, 0x43, 0xfc, 0x73, 0x99, 0xa8, 0x59,
-    0x70, 0x1d, 0x65, 0xe8, 0xc2, 0x59, 0x7d, 0xd7, 0xb2, 0x16, 0x50, 0xcd,
-    0xe6, 0x0d, 0x58, 0x45, 0x97, 0xff, 0xbb, 0x8e, 0x73, 0x0f, 0xd7, 0x82,
-    0x5e, 0x59, 0x53, 0x8f, 0x7b, 0x04, 0xaf, 0xe7, 0x2f, 0x4f, 0xb9, 0xab,
-    0x2f, 0xdd, 0xfd, 0xd8, 0x56, 0xb2, 0xfc, 0x1e, 0x47, 0x21, 0x65, 0x68,
-    0xf4, 0xdc, 0xb2, 0xfe, 0x20, 0x7f, 0x00, 0xeb, 0x2f, 0x8a, 0x37, 0x85,
-    0x65, 0x31, 0xe7, 0xb9, 0x65, 0xdd, 0x1d, 0x65, 0x2c, 0xbf, 0xe2, 0x06,
-    0x7a, 0x09, 0x80, 0xb2, 0xd3, 0xf8, 0x78, 0x2e, 0x17, 0x78, 0x83, 0x32,
-    0xcb, 0x0b, 0x9e, 0x99, 0x00, 0x02, 0x92, 0xd8, 0x86, 0x46, 0xc4, 0x52,
-    0x79, 0x1b, 0x16, 0x43, 0xd0, 0xd6, 0x1e, 0xc9, 0x7a, 0x1c, 0x99, 0x83,
-    0x44, 0x47, 0x5f, 0xfc, 0x22, 0x5c, 0xb0, 0x56, 0x7a, 0x4a, 0x5c, 0x7e,
-    0xf1, 0x18, 0x61, 0x07, 0xbd, 0xc2, 0x7c, 0x80, 0x45, 0x9d, 0xd2, 0x9b,
-    0xf6, 0xbb, 0x77, 0xed, 0x51, 0x6e, 0xad, 0xc5, 0x95, 0x87, 0x8e, 0x03,
-    0x6b, 0xf0, 0xb1, 0xfe, 0x34, 0xb2, 0x85, 0x9e, 0x5f, 0xc8, 0x6f, 0xcc,
-    0x0e, 0x66, 0xea, 0xcb, 0xf8, 0x9c, 0x5e, 0xb6, 0xfa, 0xcb, 0xcd, 0xd0,
-    0x16, 0x5f, 0xba, 0x97, 0xd8, 0x0b, 0x2f, 0xfe, 0xd3, 0xf6, 0x00, 0xf3,
-    0xd1, 0xd1, 0x8b, 0x2e, 0x23, 0x56, 0x59, 0xd6, 0x5f, 0x76, 0xef, 0xda,
-    0xa2, 0x90, 0x56, 0x1e, 0xbc, 0xc2, 0xfa, 0x10, 0xbf, 0xd2, 0xf3, 0x19,
-    0xc0, 0x32, 0xcb, 0xff, 0x67, 0xdb, 0x7f, 0xf3, 0x0b, 0xb5, 0x97, 0xf6,
-    0x7f, 0x3e, 0xc6, 0xac, 0xbf, 0x7a, 0x37, 0xb6, 0xf5, 0x97, 0x9e, 0x42,
-    0xe1, 0x3c, 0x21, 0x94, 0xe4, 0x27, 0xfa, 0x2f, 0xe1, 0xa7, 0x8f, 0xf7,
-    0x96, 0xdf, 0x67, 0x3e, 0x15, 0x97, 0xf4, 0x17, 0x38, 0xc7, 0x59, 0x58,
-    0x79, 0xcc, 0x45, 0x7f, 0x98, 0x61, 0xf7, 0x0e, 0x4b, 0x2f, 0x8c, 0x3c,
-    0x71, 0x65, 0xe7, 0x29, 0x2c, 0xb0, 0xb8, 0x57, 0x2d, 0xd9, 0x56, 0x8c,
-    0x0f, 0x1e, 0xff, 0xe1, 0x98, 0xe4, 0x01, 0x33, 0x30, 0x8e, 0xff, 0xe1,
-    0x6f, 0x21, 0x79, 0xae, 0xdd, 0xfb, 0x54, 0x4a, 0x4a, 0xd9, 0xb0, 0xa8,
-    0x99, 0x58, 0xeb, 0x8f, 0x09, 0xd0, 0x52, 0x2e, 0x4a, 0x50, 0x57, 0xa5,
-    0xdd, 0x6e, 0xc2, 0x1a, 0xf0, 0xb7, 0xed, 0x65, 0xfc, 0xc5, 0x9f, 0xce,
-    0xd6, 0x5f, 0xcc, 0x5e, 0xc6, 0x1a, 0xcb, 0xa5, 0xe5, 0x97, 0x8a, 0x0c,
-    0x59, 0x74, 0x0b, 0xd1, 0xb3, 0x21, 0x7a, 0x92, 0x22, 0xfc, 0xbd, 0x7b,
-    0x81, 0x3a, 0xcb, 0x4f, 0x6b, 0x2c, 0x2e, 0x49, 0x86, 0xf5, 0x0b, 0x76,
-    0x23, 0x9f, 0x1d, 0xbc, 0x4f, 0x25, 0x97, 0xe1, 0x40, 0xa7, 0x5c, 0xe2,
-    0xcb, 0xff, 0xcd, 0xd0, 0x35, 0x83, 0x8d, 0x37, 0x40, 0x59, 0x7e, 0xd7,
-    0x6e, 0xfd, 0xaa, 0x27, 0x65, 0xfd, 0xb3, 0xeb, 0xbd, 0x62, 0xcb, 0xdf,
-    0x73, 0x16, 0x5f, 0xf1, 0x3c, 0x82, 0x03, 0xbc, 0x96, 0x5b, 0x06, 0x7a,
-    0xbf, 0x1d, 0xbc, 0xf2, 0x16, 0x2a, 0x93, 0x5d, 0x83, 0x1c, 0x4b, 0x73,
-    0x62, 0x84, 0x25, 0xdb, 0x6e, 0x2c, 0xbf, 0xff, 0x30, 0xc2, 0x78, 0xdd,
-    0x71, 0x94, 0x16, 0x76, 0xb2, 0xff, 0x4a, 0x35, 0xb4, 0x6b, 0x65, 0x97,
-    0xfe, 0xf9, 0x3c, 0x82, 0x03, 0xbc, 0x96, 0x54, 0x1f, 0x9e, 0x1a, 0xdf,
-    0xff, 0xb3, 0xa9, 0x7e, 0x38, 0xfa, 0x8d, 0xdf, 0xbf, 0x6b, 0x2c, 0x2f,
-    0x15, 0x9d, 0x1e, 0x37, 0x8f, 0xb2, 0xb8, 0xd9, 0x43, 0x27, 0x74, 0x82,
-    0xf9, 0xb5, 0x1b, 0xd6, 0x5d, 0x9f, 0x59, 0x7f, 0xf4, 0xfb, 0x90, 0x33,
-    0xd0, 0x4c, 0x05, 0x96, 0x17, 0xc3, 0xfd, 0x9f, 0x23, 0x10, 0x5a, 0xff,
-    0xe7, 0x3f, 0xf3, 0xb7, 0xfc, 0x09, 0x25, 0x97, 0xef, 0x6b, 0x20, 0xc5,
-    0x97, 0x98, 0x6e, 0xb2, 0xff, 0xe2, 0xcf, 0xbe, 0xd9, 0xc2, 0x7e, 0x96,
-    0x5d, 0x3e, 0x2c, 0x68, 0xcb, 0x64, 0x5f, 0x94, 0x70, 0x6e, 0xa1, 0x7b,
-    0xc2, 0x51, 0x96, 0x1e, 0x5c, 0x47, 0x21, 0xd3, 0x3f, 0x18, 0x35, 0xff,
-    0xb9, 0x05, 0xd0, 0x39, 0xc8, 0x02, 0xcb, 0xff, 0xff, 0xfe, 0xfb, 0x79,
-    0xdf, 0xae, 0x73, 0x90, 0x78, 0xfe, 0x66, 0xd8, 0x59, 0xd7, 0xb9, 0x1d,
-    0x2c, 0xbf, 0xd1, 0x26, 0xf3, 0x14, 0x96, 0x5f, 0xff, 0xfb, 0xb0, 0xed,
-    0x9b, 0xe3, 0xac, 0x1b, 0xc8, 0x43, 0xf3, 0x1c, 0x6b, 0x2f, 0x86, 0xfe,
-    0x17, 0x89, 0xba, 0xf6, 0x7f, 0xa8, 0x4a, 0x70, 0xc6, 0xff, 0xe9, 0xba,
-    0xe3, 0x1e, 0x70, 0x9a, 0xcd, 0x96, 0x5f, 0x76, 0xef, 0xda, 0xa2, 0x2c,
-    0x5f, 0xcd, 0xa7, 0x2e, 0xe1, 0x65, 0x68, 0xf7, 0x3e, 0x61, 0x7d, 0x9e,
-    0x03, 0x2c, 0xbf, 0xf3, 0xc8, 0x5e, 0x6b, 0xb7, 0x7e, 0xd5, 0x12, 0xea,
-    0xff, 0x38, 0xe0, 0xbf, 0x1c, 0x59, 0x7d, 0xa6, 0x0e, 0xcb, 0x2f, 0xff,
-    0xec, 0x1f, 0xe0, 0x41, 0x7e, 0x27, 0x07, 0x39, 0x00, 0x49, 0x61, 0x70,
-    0x9f, 0x4e, 0x42, 0x9f, 0x44, 0x47, 0x21, 0xfa, 0x77, 0x8c, 0x67, 0xc8,
-    0xef, 0xfe, 0x3b, 0xc8, 0x5e, 0x6b, 0xb7, 0x7e, 0xd5, 0x13, 0x12, 0xfe,
-    0xfc, 0x17, 0x53, 0x3a, 0xcb, 0xfc, 0xed, 0x3e, 0xc0, 0xc1, 0xac, 0xbe,
-    0xce, 0xe0, 0x5c, 0x1f, 0x17, 0xcb, 0xa8, 0x5a, 0x3c, 0x3f, 0x0b, 0x6b,
-    0xfd, 0xf7, 0x38, 0xb7, 0x08, 0xd6, 0x5f, 0xb5, 0xdb, 0xbf, 0x6a, 0x8a,
-    0xa5, 0x6c, 0x59, 0x58, 0x78, 0xc6, 0x9b, 0x5f, 0xf6, 0xb4, 0xc4, 0x58,
-    0x1e, 0xd6, 0x5f, 0xf8, 0x2f, 0xa9, 0x16, 0x18, 0xe0, 0x59, 0x7f, 0xf3,
-    0xf3, 0x4c, 0x67, 0xbe, 0xda, 0x92, 0xcb, 0xfe, 0xd3, 0xff, 0xa9, 0x67,
-    0x85, 0xc2, 0x2e, 0xc6, 0x71, 0xf3, 0xea, 0x16, 0x99, 0xeb, 0xc3, 0x76,
-    0xff, 0xc2, 0xff, 0x07, 0xc1, 0xc1, 0x79, 0x65, 0xef, 0x36, 0xcb, 0x2f,
-    0xfc, 0xf2, 0x17, 0x9a, 0xed, 0xdf, 0xb5, 0x44, 0xe8, 0xbe, 0x0f, 0x18,
-    0x0b, 0x2f, 0x37, 0x46, 0x2c, 0xa0, 0x1e, 0x07, 0x08, 0xa8, 0xd4, 0x66,
-    0x9c, 0x74, 0x10, 0x8e, 0xbe, 0x72, 0xf7, 0x16, 0x5f, 0x6c, 0x51, 0xb2,
-    0xcb, 0xe3, 0xc1, 0xa2, 0xce, 0x78, 0x81, 0x21, 0xbf, 0xf0, 0x03, 0xc1,
-    0x63, 0x31, 0xca, 0x4b, 0x28, 0x5a, 0x3e, 0x19, 0xe8, 0x07, 0x97, 0xf9,
-    0x9f, 0x51, 0x27, 0xde, 0xb2, 0xf9, 0x88, 0x0c, 0xb2, 0xfd, 0x34, 0x4d,
-    0x1c, 0x59, 0x7f, 0x19, 0x8d, 0xbf, 0x09, 0x65, 0x31, 0xeb, 0xf0, 0xa6,
-    0xf3, 0x7e, 0x16, 0x0b, 0x34, 0x37, 0xff, 0x07, 0x9e, 0x8e, 0x85, 0x86,
-    0x66, 0x3a, 0xca, 0x92, 0x61, 0xc7, 0x84, 0xc7, 0xcb, 0x6f, 0xda, 0xed,
-    0xdf, 0xb5, 0x44, 0xee, 0xbf, 0xff, 0xa0, 0xe1, 0xd4, 0xd0, 0x79, 0xc7,
-    0xcf, 0x71, 0xb8, 0xb2, 0xf3, 0xc8, 0x5e, 0x22, 0x53, 0xc6, 0xd7, 0xef,
-    0x05, 0xce, 0xc9, 0x2f, 0xfc, 0x51, 0xec, 0xe6, 0x67, 0x52, 0x59, 0x43,
-    0x55, 0x49, 0x91, 0xa0, 0x9e, 0x19, 0x4e, 0x6b, 0xe2, 0x7b, 0xfe, 0x1c,
-    0x4a, 0x05, 0x99, 0xc0, 0x2c, 0xbf, 0x70, 0xa0, 0x1c, 0x59, 0x78, 0xb0,
-    0x6b, 0x2e, 0x81, 0x70, 0x78, 0x40, 0x27, 0xa1, 0x69, 0x80, 0xe2, 0xa9,
-    0x3f, 0x5f, 0xb8, 0x2f, 0xbf, 0x42, 0xcb, 0xff, 0xc2, 0xce, 0xf2, 0x17,
-    0x9a, 0xed, 0xdf, 0xb5, 0x45, 0x0a, 0xbf, 0xfe, 0x7f, 0x4b, 0x09, 0x86,
-    0x2f, 0x9b, 0x46, 0x96, 0x5f, 0x13, 0xeb, 0x7a, 0xcb, 0xc7, 0x73, 0x16,
-    0x58, 0x5c, 0x1e, 0x06, 0xc4, 0x77, 0x6c, 0xcb, 0x2f, 0xff, 0x7c, 0x3e,
-    0x82, 0xcd, 0x8d, 0x0c, 0x4c, 0xb2, 0xfe, 0x09, 0xce, 0xf2, 0x17, 0x07,
-    0xc7, 0xd8, 0xbd, 0xff, 0xff, 0x8b, 0x37, 0xb7, 0xc2, 0x2f, 0xbf, 0xb7,
-    0xca, 0x33, 0x58, 0x75, 0x95, 0x24, 0xd0, 0xbf, 0x08, 0xde, 0x23, 0xdf,
-    0x83, 0xd7, 0x9b, 0xb5, 0x97, 0xec, 0x06, 0x39, 0x2c, 0xbe, 0xe3, 0x19,
-    0xe5, 0x97, 0xa0, 0x02, 0xf6, 0x3f, 0x22, 0x2a, 0xf1, 0x2d, 0x32, 0x3a,
-    0x8a, 0x15, 0x17, 0xfc, 0x77, 0xe6, 0x19, 0x04, 0x35, 0x97, 0xfe, 0x79,
-    0x0b, 0xcd, 0x76, 0xef, 0xda, 0xa2, 0x92, 0x5f, 0xec, 0xf9, 0x60, 0xfe,
-    0x15, 0x97, 0xa0, 0x86, 0xb2, 0xc2, 0xf1, 0x1a, 0x67, 0x38, 0xf2, 0x71,
-    0x86, 0x57, 0xff, 0xfd, 0x84, 0x1e, 0x46, 0x17, 0x89, 0xcd, 0xc9, 0xa0,
-    0x86, 0xb2, 0xe3, 0x92, 0xcb, 0xff, 0xa6, 0xfb, 0x9f, 0xdf, 0x8f, 0x04,
-    0xeb, 0x2f, 0xb0, 0xa3, 0x65, 0x95, 0x87, 0xcf, 0xa4, 0x6b, 0xd9, 0xc1,
-    0x64, 0x98, 0x0f, 0x18, 0xc4, 0x7d, 0xa8, 0x6c, 0x61, 0xb6, 0x94, 0x8b,
-    0x28, 0xd8, 0xf0, 0xab, 0xb8, 0xee, 0x26, 0x2a, 0xd4, 0xa0, 0x43, 0xcb,
-    0xd6, 0x73, 0x10, 0x15, 0x92, 0xe7, 0xa5, 0x5e, 0x86, 0x1f, 0x33, 0xf1,
-    0xa3, 0x5f, 0x76, 0xef, 0xda, 0xa2, 0x24, 0x5f, 0xff, 0x9b, 0x5f, 0x79,
-    0xd3, 0x7e, 0x36, 0x15, 0xea, 0x27, 0xd6, 0x56, 0x91, 0x21, 0xf3, 0x0b,
-    0xff, 0xfd, 0xf8, 0xd8, 0x57, 0xa8, 0x9f, 0x17, 0xa6, 0x83, 0xed, 0x86,
-    0x2c, 0xb0, 0xbc, 0x44, 0x7c, 0xc4, 0x77, 0xb4, 0xfa, 0x59, 0x7f, 0xe7,
-    0x90, 0xbc, 0xd7, 0x6e, 0xfd, 0xaa, 0x25, 0xe5, 0xf3, 0xf9, 0xf6, 0x59,
-    0x61, 0x6c, 0x88, 0xc3, 0x8e, 0x4f, 0xa7, 0x5f, 0xfd, 0x1b, 0xde, 0x66,
-    0xd7, 0x52, 0x89, 0x96, 0x5e, 0x9e, 0x8e, 0x05, 0x97, 0x4c, 0x4b, 0x2f,
-    0xfc, 0x2a, 0x3b, 0x0c, 0x30, 0x51, 0x25, 0x97, 0xfd, 0x3a, 0x3c, 0xda,
-    0x8d, 0xf3, 0x2c, 0xbf, 0xfd, 0xf8, 0xe0, 0x83, 0x8d, 0x4d, 0x84, 0x05,
-    0x97, 0xda, 0x0f, 0xb8, 0xb2, 0xfe, 0x1b, 0x1a, 0xe4, 0x05, 0x97, 0xe8,
-    0x20, 0x0c, 0xeb, 0x2f, 0xda, 0x01, 0xdb, 0x8b, 0x2f, 0x41, 0x74, 0xb2,
-    0xfd, 0xe1, 0x0e, 0x50, 0xb2, 0xcd, 0xf3, 0xc4, 0x21, 0xcb, 0xff, 0xdf,
-    0xdf, 0x04, 0x0d, 0xcc, 0x1e, 0x6b, 0xa5, 0x97, 0xf9, 0xb4, 0xe3, 0x62,
-    0x35, 0x65, 0xd1, 0xe5, 0x97, 0xfc, 0xfb, 0x6a, 0x3a, 0x93, 0x1d, 0x65,
-    0xff, 0xe0, 0x8d, 0xb4, 0x24, 0xdb, 0xa1, 0x72, 0x99, 0x65, 0x49, 0x34,
-    0x76, 0x26, 0xfa, 0x78, 0x0c, 0x88, 0x5b, 0x87, 0x57, 0xf0, 0x3f, 0x1a,
-    0x63, 0xac, 0xbf, 0xf4, 0xdc, 0x8d, 0xef, 0xf8, 0xea, 0x65, 0x95, 0x07,
-    0xe0, 0xe5, 0xb7, 0xb7, 0x44, 0x3a, 0xcb, 0xbe, 0x05, 0x94, 0xc6, 0xe1,
-    0xc8, 0x6f, 0xd9, 0xb6, 0x70, 0xeb, 0x2f, 0xda, 0x8f, 0x36, 0xf5, 0x97,
-    0xed, 0x9f, 0x8e, 0x05, 0x94, 0xc7, 0xa2, 0xe5, 0x37, 0xff, 0x4d, 0x38,
-    0x42, 0x8d, 0xef, 0xbe, 0x26, 0x59, 0x4b, 0x2f, 0xbd, 0x9a, 0x99, 0x65,
-    0xef, 0x3e, 0xf5, 0x96, 0x96, 0x1e, 0x0b, 0x91, 0xdf, 0x9f, 0x91, 0xbf,
-    0x16, 0x54, 0xc7, 0x9d, 0xbc, 0x9a, 0xa1, 0x30, 0xbc, 0x4c, 0x78, 0x4d,
-    0x5d, 0xa8, 0x59, 0x53, 0xd2, 0xee, 0xe4, 0x8f, 0x46, 0x97, 0x84, 0x7d,
-    0x16, 0xb1, 0x3c, 0xd1, 0xd9, 0xea, 0x18, 0xdf, 0x58, 0x21, 0xff, 0x3c,
-    0xef, 0x8c, 0xaf, 0x74, 0xce, 0xec, 0x25, 0x97, 0xf4, 0xee, 0x7f, 0x1b,
-    0xcb, 0x28, 0x67, 0x88, 0xc2, 0xb6, 0xe9, 0x65, 0xff, 0x01, 0xfd, 0xb0,
-    0x66, 0x8d, 0xc5, 0x94, 0x33, 0xd0, 0x61, 0x2b, 0xf8, 0x83, 0xe9, 0xa0,
-    0xd5, 0x97, 0x85, 0x6d, 0xa5, 0x94, 0xe7, 0x9e, 0x12, 0xfb, 0xff, 0xb1,
-    0xba, 0xe7, 0xa3, 0x63, 0xbc, 0x96, 0x53, 0x1f, 0x36, 0x88, 0x6f, 0xf0,
-    0x7d, 0xf2, 0x8c, 0xd2, 0xcb, 0xf1, 0x66, 0xc2, 0x6f, 0x59, 0x7d, 0x9b,
-    0x09, 0xbd, 0x65, 0xf8, 0x71, 0xd0, 0xde, 0x71, 0xe8, 0x91, 0x5d, 0xff,
-    0xf3, 0x6a, 0x77, 0xe1, 0xbd, 0xc0, 0xf6, 0x18, 0x59, 0x7c, 0xdb, 0x03,
-    0x71, 0x65, 0xba, 0x59, 0x79, 0xdf, 0xb5, 0x45, 0x2e, 0xa5, 0x95, 0x87,
-    0x8d, 0xd8, 0x94, 0xc5, 0x37, 0xc5, 0xe8, 0xd2, 0xcb, 0xfe, 0xcd, 0x6e,
-    0x60, 0xf3, 0x5d, 0x2c, 0xa6, 0x3d, 0xdd, 0xe4, 0x37, 0xfe, 0x89, 0x7d,
-    0xdb, 0xae, 0x41, 0xab, 0x2b, 0x65, 0x4e, 0x12, 0x84, 0x19, 0xa8, 0x13,
-    0x29, 0x69, 0xb3, 0xf0, 0x8d, 0x22, 0x3b, 0xff, 0xe7, 0xd6, 0xd3, 0xb7,
-    0x87, 0xf0, 0xc7, 0x81, 0xac, 0xbd, 0x1a, 0xf2, 0xcb, 0xf8, 0x7d, 0x46,
-    0x9b, 0xa5, 0x97, 0xde, 0xdb, 0x0c, 0x59, 0x52, 0x3e, 0xf6, 0x1c, 0x22,
-    0xfb, 0xf3, 0x1b, 0xac, 0xe2, 0xcb, 0xff, 0x41, 0x47, 0xe7, 0x04, 0x83,
-    0xda, 0xcb, 0xc1, 0x7e, 0x2c, 0xbe, 0x98, 0x2f, 0x32, 0xcb, 0xf4, 0x01,
-    0xfa, 0xe2, 0xcb, 0xc4, 0xc0, 0x59, 0x7b, 0x3d, 0xc5, 0x95, 0x06, 0xdf,
-    0x83, 0x75, 0x24, 0xc9, 0xc6, 0x51, 0x32, 0x07, 0xc7, 0x00, 0x49, 0xe5,
-    0xfb, 0xf6, 0xe3, 0x90, 0xf7, 0x56, 0x52, 0xcb, 0xf7, 0x3d, 0xa8, 0xe2,
-    0xcb, 0x47, 0x46, 0xcf, 0xc1, 0x77, 0xfc, 0x0e, 0x6a, 0x3a, 0x93, 0x1d,
-    0x65, 0xef, 0x3e, 0xf5, 0x97, 0xed, 0x83, 0x34, 0x6e, 0x2c, 0xbe, 0x0c,
-    0xd1, 0xb8, 0xb2, 0xe7, 0xda, 0x71, 0xe9, 0xec, 0x5b, 0x50, 0x8d, 0xc7,
-    0x3a, 0x0b, 0x8d, 0xff, 0x43, 0x03, 0x90, 0x77, 0xf2, 0xcb, 0xfe, 0x6e,
-    0x4c, 0xc5, 0xe8, 0x02, 0xcb, 0xff, 0x8b, 0xdb, 0xe3, 0x5c, 0x72, 0x8d,
-    0xc5, 0x97, 0xf3, 0xb6, 0xd3, 0x8f, 0x8b, 0x2a, 0x49, 0x89, 0xe8, 0xb8,
-    0xe6, 0xfc, 0x38, 0xf2, 0x3d, 0xfe, 0x8d, 0xce, 0x41, 0xdf, 0xcb, 0x2e,
-    0x72, 0x59, 0x7f, 0xd0, 0x09, 0xdf, 0x83, 0xb9, 0x2c, 0xae, 0x8f, 0x3b,
-    0x78, 0xad, 0xff, 0xf6, 0x0c, 0x49, 0xb9, 0xef, 0xe0, 0xc3, 0xee, 0x2c,
-    0xa9, 0x23, 0xef, 0x50, 0x83, 0xf9, 0x2d, 0xfd, 0x06, 0x37, 0xc3, 0xb8,
-    0xb2, 0xfe, 0xea, 0x5c, 0x72, 0xe9, 0x65, 0x42, 0xe2, 0x8c, 0x98, 0x32,
-    0x50, 0xb3, 0x46, 0x8d, 0xa3, 0x51, 0x0c, 0x6f, 0xfc, 0x53, 0x4e, 0xd4,
-    0x75, 0x26, 0x3a, 0xcb, 0xff, 0xdb, 0xe0, 0xbd, 0xef, 0xe0, 0xc3, 0xee,
-    0x2c, 0xba, 0x0e, 0xb2, 0xa1, 0x14, 0x98, 0x85, 0xa4, 0xcb, 0xf1, 0x4d,
-    0xe6, 0x35, 0x65, 0xf9, 0x86, 0x12, 0xc5, 0x97, 0xff, 0x7b, 0xf9, 0x29,
-    0xd0, 0x3f, 0xbf, 0x4b, 0x2a, 0x63, 0xed, 0x22, 0x6a, 0x84, 0x5c, 0x06,
-    0x12, 0xd7, 0xfd, 0x2c, 0xd4, 0xd8, 0x50, 0x75, 0x97, 0xe0, 0x47, 0x78,
-    0x75, 0x97, 0xfb, 0x36, 0xe4, 0x4c, 0x1d, 0x2c, 0xbf, 0x1f, 0x1d, 0xb6,
-    0x59, 0x4c, 0x8b, 0xcd, 0x1c, 0x11, 0x47, 0x0d, 0x6e, 0x96, 0x2c, 0xbf,
-    0x70, 0xdd, 0x39, 0x8b, 0x2f, 0x14, 0x1d, 0x65, 0x0c, 0xf1, 0x74, 0x55,
-    0x7d, 0xd6, 0xe6, 0x49, 0x65, 0xfe, 0x7d, 0x4d, 0x9e, 0xdd, 0xde, 0xb2,
-    0xf4, 0x03, 0x8b, 0x2a, 0x13, 0x33, 0x19, 0xde, 0x2d, 0xb9, 0x10, 0x49,
-    0x8c, 0x39, 0xbe, 0x7f, 0xbe, 0xcb, 0x2f, 0xdf, 0x09, 0xb8, 0x4b, 0x2f,
-    0x18, 0xf2, 0x59, 0x7f, 0x8c, 0x27, 0xf4, 0x9c, 0x6b, 0x2f, 0xde, 0x13,
-    0x68, 0xfa, 0xcb, 0xfe, 0x8f, 0xf1, 0xfd, 0x1a, 0xdd, 0x59, 0x7f, 0xe3,
-    0xb8, 0xc4, 0x9a, 0x50, 0x5d, 0x2c, 0xa1, 0x9f, 0xe3, 0x1d, 0xdf, 0xc1,
-    0xfc, 0x6b, 0x00, 0xb2, 0xfb, 0x40, 0x13, 0x7a, 0xcb, 0xcc, 0x67, 0x96,
-    0x54, 0x8f, 0xc3, 0xe5, 0xbc, 0x26, 0xad, 0x95, 0x00, 0x0c, 0x8b, 0x0a,
-    0x3a, 0x1d, 0x98, 0xcf, 0xf0, 0xa6, 0xf4, 0x24, 0x6f, 0xf1, 0x7b, 0x38,
-    0xcf, 0xf5, 0x97, 0xdc, 0x97, 0x1d, 0x65, 0xff, 0x01, 0xbf, 0x9a, 0x79,
-    0xb8, 0xb2, 0xff, 0xfa, 0x45, 0x1b, 0x09, 0x37, 0x3f, 0x9b, 0xba, 0x02,
-    0xcb, 0xd2, 0x1e, 0xf5, 0x95, 0x07, 0xea, 0xea, 0xd7, 0xf4, 0xe3, 0xe7,
-    0x9f, 0xcb, 0x2f, 0xef, 0xb0, 0xdb, 0x5d, 0xac, 0xb7, 0x6b, 0x2d, 0xcc,
-    0x3e, 0xfe, 0xcb, 0xdc, 0xba, 0xf7, 0x53, 0x71, 0x65, 0x74, 0x7a, 0x6e,
-    0x69, 0x7a, 0x18, 0x6b, 0x2f, 0xf4, 0xdf, 0x6f, 0x14, 0x1d, 0x65, 0x42,
-    0xa5, 0x31, 0x98, 0xf4, 0x44, 0x78, 0x57, 0x3c, 0x38, 0xb8, 0x44, 0x11,
-    0xbb, 0xfd, 0x86, 0x49, 0xb8, 0x13, 0xac, 0xbb, 0x7f, 0x16, 0x5f, 0xc1,
-    0xe4, 0x4c, 0x1d, 0x2c, 0xbf, 0x66, 0xd9, 0xfe, 0x2c, 0xa8, 0x3f, 0x0f,
-    0x8c, 0x91, 0x7d, 0xf1, 0xc3, 0x36, 0x96, 0x5e, 0xcd, 0x71, 0x65, 0x76,
-    0x7d, 0xa7, 0x2d, 0xde, 0x49, 0x7f, 0xc0, 0x80, 0x09, 0xbe, 0x0b, 0x75,
-    0x65, 0xff, 0xfb, 0x68, 0xf4, 0x7d, 0xbd, 0x26, 0xd7, 0x7f, 0x85, 0x95,
-    0x09, 0xeb, 0xe4, 0x62, 0x2c, 0x64, 0xe7, 0xd7, 0xff, 0xfd, 0xae, 0xbb,
-    0x6e, 0xa7, 0x1a, 0xf3, 0xb9, 0xf7, 0xee, 0x08, 0x6b, 0x2f, 0xf9, 0xf8,
-    0x27, 0xba, 0xed, 0x8e, 0xb2, 0xdf, 0x84, 0x55, 0x85, 0xbe, 0xf9, 0x8d,
-    0x9f, 0xc5, 0x97, 0xf0, 0x9e, 0x8d, 0x8b, 0xa5, 0x97, 0xff, 0xdd, 0xfd,
-    0xe6, 0x12, 0x69, 0x31, 0x61, 0xe1, 0x65, 0xe2, 0x63, 0xac, 0xad, 0x23,
-    0x08, 0x04, 0xa4, 0x61, 0xe5, 0x2b, 0xff, 0xbd, 0xc1, 0x39, 0x84, 0x1f,
-    0x47, 0xd6, 0x5f, 0xd0, 0xe5, 0xec, 0x25, 0x95, 0x87, 0xde, 0x48, 0xb7,
-    0xfa, 0x3a, 0xe6, 0xe4, 0x68, 0xd5, 0x97, 0xfb, 0xef, 0x33, 0x6a, 0x36,
-    0x59, 0x7e, 0xdd, 0x3c, 0x67, 0x96, 0x5f, 0xfc, 0x27, 0xa5, 0x03, 0x72,
-    0xcf, 0x01, 0x65, 0x61, 0xf7, 0x68, 0xaa, 0xec, 0x3a, 0xca, 0x1a, 0xac,
-    0x6c, 0x87, 0x51, 0xe1, 0x57, 0xf2, 0x07, 0x38, 0x0c, 0x28, 0xb7, 0x90,
-    0xdf, 0xb7, 0x58, 0xf1, 0xc5, 0x97, 0xe7, 0xdf, 0x9a, 0xe2, 0xcb, 0xf6,
-    0xc2, 0x6f, 0x79, 0x2c, 0xa1, 0x9f, 0xf9, 0xca, 0x88, 0xa6, 0xc6, 0x2c,
-    0xbf, 0x7d, 0xc9, 0x8e, 0xb2, 0xf8, 0xd9, 0xb9, 0x0b, 0x2f, 0xfa, 0x3d,
-    0xf7, 0x99, 0xe6, 0xc5, 0x97, 0xf0, 0x3a, 0x06, 0x6b, 0x16, 0x5f, 0xdd,
-    0xc3, 0x79, 0xa4, 0xb2, 0xf4, 0x67, 0x96, 0x5f, 0xb3, 0x5a, 0x0e, 0xcb,
-    0x2e, 0x70, 0x1c, 0xf1, 0x3c, 0x37, 0x50, 0x8c, 0xcc, 0x2e, 0x67, 0x1b,
-    0xe1, 0xfd, 0xfa, 0x59, 0x7f, 0x03, 0x91, 0xf8, 0xe2, 0xca, 0x83, 0xd0,
-    0x72, 0x3b, 0xef, 0x73, 0x36, 0x59, 0x7f, 0xff, 0xbe, 0xdb, 0xdc, 0x0d,
-    0x28, 0xde, 0xe7, 0x8f, 0xee, 0xba, 0xca, 0xe9, 0x11, 0x1f, 0x23, 0xbb,
-    0x36, 0x59, 0x4e, 0x6e, 0xc8, 0x92, 0xa1, 0x58, 0x70, 0xcb, 0xb0, 0x49,
-    0x89, 0xa6, 0x24, 0xfc, 0x60, 0xa4, 0xfb, 0xc8, 0x71, 0xdf, 0xff, 0xef,
-    0xf6, 0xdc, 0xc1, 0xf7, 0xf6, 0xf6, 0x4c, 0x50, 0x75, 0x97, 0x03, 0xb5,
-    0x96, 0xe2, 0xcb, 0x98, 0xde, 0x1a, 0x90, 0x8c, 0x5e, 0x03, 0xf6, 0xb2,
-    0xf8, 0xc9, 0xb9, 0x0b, 0x2f, 0x9f, 0x68, 0xf2, 0xcb, 0xf3, 0x93, 0x6e,
-    0x6f, 0x59, 0x6e, 0x11, 0xe6, 0xef, 0x22, 0xbf, 0x6c, 0xfc, 0xc9, 0x2c,
-    0xbf, 0xfe, 0x1e, 0x6f, 0x7d, 0x4c, 0x24, 0x9f, 0xce, 0x75, 0x97, 0x66,
-    0xe2, 0xca, 0x84, 0x4a, 0x31, 0x46, 0x94, 0xef, 0xe7, 0xe8, 0x07, 0x6e,
-    0x2c, 0xb1, 0xab, 0x2f, 0xda, 0xcd, 0xe3, 0x85, 0x95, 0x09, 0xf1, 0x74,
-    0x3b, 0x33, 0x8e, 0xa1, 0x7b, 0xf2, 0xe0, 0x17, 0x78, 0x4a, 0xfe, 0x63,
-    0x1e, 0x68, 0x3a, 0xcb, 0xdb, 0xb1, 0xc5, 0x95, 0xe3, 0xcd, 0x09, 0x75,
-    0x85, 0x8a, 0x5d, 0x4e, 0x24, 0xf0, 0x90, 0x2a, 0x11, 0x0a, 0xb1, 0x78,
-    0x9e, 0x1d, 0xda, 0x31, 0x39, 0x38, 0x8e, 0x1a, 0xd9, 0x2a, 0x47, 0xb7,
-    0x2e, 0xa1, 0x86, 0xd1, 0xaa, 0x4d, 0x39, 0x55, 0xa8, 0xc2, 0x4f, 0x0e,
-    0x6f, 0xca, 0x16, 0x79, 0x4a, 0xc0, 0x95, 0x8a, 0x52, 0x91, 0xb9, 0x2e,
-    0xc7, 0xd3, 0x80, 0x41, 0x7b, 0x9f, 0x84, 0x58, 0x92, 0x83, 0xf7, 0x61,
-    0x71, 0x7e, 0xd7, 0x6e, 0xfd, 0xaa, 0x29, 0xc5, 0xfd, 0xf6, 0x39, 0x39,
-    0xab, 0x2c, 0x2f, 0x0f, 0x8d, 0x8d, 0xaf, 0xe8, 0x3e, 0x6e, 0xc7, 0x96,
-    0x5f, 0x7e, 0x08, 0xd5, 0x97, 0xd1, 0xdc, 0x7d, 0x65, 0x1c, 0xfc, 0xfc,
-    0x5e, 0x21, 0x15, 0xf6, 0x70, 0x49, 0x2c, 0xbf, 0xed, 0x3f, 0x3f, 0x98,
-    0x5d, 0xac, 0xbf, 0x83, 0xcc, 0xf0, 0x9b, 0x2c, 0xa6, 0x3e, 0x8f, 0x9c,
-    0x5f, 0x8f, 0xad, 0x67, 0x16, 0x5f, 0xff, 0xbe, 0x1f, 0x6a, 0x3d, 0xcc,
-    0xef, 0x91, 0xae, 0xd6, 0x5f, 0x07, 0x75, 0xe6, 0x59, 0x7f, 0x98, 0xdc,
-    0x94, 0x03, 0x8b, 0x2a, 0x47, 0xb3, 0xc2, 0x6b, 0xc3, 0x83, 0xac, 0xbf,
-    0xd1, 0xe6, 0xed, 0x87, 0x0b, 0x2d, 0xa5, 0x97, 0xff, 0xd3, 0x13, 0x73,
-    0xd0, 0x23, 0x6a, 0x68, 0xfa, 0xca, 0x91, 0xf1, 0x60, 0x8d, 0x0d, 0x1a,
-    0x3a, 0x1c, 0xf4, 0x25, 0x2f, 0x67, 0x19, 0x65, 0xfe, 0x8f, 0x43, 0x10,
-    0x9c, 0x59, 0x58, 0x79, 0xba, 0x1b, 0xbf, 0xff, 0x67, 0xb8, 0x27, 0x3c,
-    0xd0, 0x5e, 0x27, 0x02, 0xcb, 0xfb, 0xa9, 0x41, 0xc3, 0x32, 0xcb, 0xf8,
-    0xe3, 0x8e, 0x04, 0x96, 0x5e, 0x94, 0x1d, 0x65, 0xdf, 0x65, 0x95, 0xd1,
-    0xb2, 0xf0, 0xe5, 0x42, 0x2c, 0x58, 0xc1, 0xd7, 0xef, 0xb9, 0x3b, 0x82,
-    0x2c, 0xbf, 0xfb, 0x37, 0xe0, 0xf5, 0x0d, 0x27, 0xe2, 0xcb, 0x3f, 0x47,
-    0xd5, 0xa2, 0x6b, 0xd2, 0x83, 0x16, 0x5f, 0xe6, 0xc3, 0x9a, 0x6b, 0xf4,
-    0xb2, 0xde, 0xe8, 0xf4, 0xb8, 0x3b, 0x7f, 0x38, 0x99, 0xbe, 0x38, 0xb2,
-    0xb0, 0xf6, 0x02, 0x53, 0x7f, 0xf7, 0xd8, 0x4f, 0x31, 0x06, 0x59, 0xc5,
-    0x97, 0xfe, 0x6e, 0xb8, 0x58, 0x3f, 0xb9, 0x8b, 0x2f, 0xff, 0xb3, 0x6c,
-    0xeb, 0xdc, 0x62, 0x80, 0x39, 0xd6, 0x56, 0x23, 0x48, 0xd4, 0x4e, 0x1f,
-    0xdf, 0xfb, 0x3f, 0x1a, 0xc1, 0x66, 0x18, 0x62, 0x4b, 0x98, 0xc5, 0x97,
-    0x6c, 0x2e, 0x17, 0xcd, 0xa4, 0x60, 0x38, 0x45, 0xe1, 0x0f, 0x65, 0x1d,
-    0x42, 0xc5, 0xa1, 0xe7, 0x34, 0x20, 0x8e, 0x43, 0xf8, 0xc1, 0x41, 0x09,
-    0x72, 0x86, 0x97, 0xa1, 0xe7, 0x3e, 0x61, 0xba, 0x87, 0x7e, 0xd7, 0x6e,
-    0xfd, 0xaa, 0x2b, 0xc5, 0xf7, 0xb4, 0xdd, 0x2c, 0xbf, 0xff, 0xb0, 0x7f,
-    0x81, 0x05, 0xf8, 0x9c, 0x1c, 0xe4, 0x01, 0x25, 0x85, 0xe2, 0x2d, 0x98,
-    0xda, 0x7c, 0x8e, 0xff, 0xe1, 0x6f, 0x21, 0x79, 0xae, 0xdd, 0xfb, 0x54,
-    0x48, 0xeb, 0xb0, 0xeb, 0x2e, 0xf6, 0x2c, 0xae, 0xcd, 0x67, 0x42, 0xd7,
-    0xff, 0x8d, 0x6d, 0x66, 0xa5, 0x1f, 0xfb, 0x01, 0x65, 0xdf, 0x1a, 0xcb,
-    0xff, 0xf7, 0xa0, 0x70, 0x11, 0x5e, 0xa3, 0xcc, 0x08, 0x92, 0xcb, 0xc4,
-    0xe2, 0xe4, 0x7d, 0xfb, 0xc5, 0xef, 0x30, 0x21, 0x65, 0xee, 0xf0, 0xe9,
-    0x05, 0x97, 0x77, 0xd8, 0xfd, 0x01, 0x65, 0xff, 0xfb, 0xf0, 0x41, 0xe7,
-    0xdb, 0x59, 0xbe, 0x0b, 0xcb, 0x2f, 0xfe, 0x6d, 0x66, 0xa5, 0x1f, 0xfb,
-    0x01, 0x65, 0xf7, 0x6e, 0xfd, 0xaa, 0x24, 0x85, 0xfc, 0xfa, 0xcd, 0xff,
-    0xc5, 0x95, 0xb2, 0x63, 0x12, 0x22, 0x35, 0x57, 0x48, 0x60, 0x30, 0xbe,
-    0x9b, 0xd9, 0xda, 0xcb, 0xf4, 0x30, 0x18, 0xeb, 0x2a, 0x0f, 0x2a, 0x44,
-    0x97, 0xfa, 0x0b, 0xc5, 0x07, 0xe2, 0xcb, 0xff, 0xf3, 0x69, 0xb7, 0x60,
-    0xb6, 0x8f, 0x37, 0xdf, 0x65, 0x97, 0xe7, 0x97, 0x9b, 0x65, 0x95, 0x07,
-    0xfe, 0xca, 0xf7, 0xff, 0x9f, 0xd3, 0x73, 0x06, 0x30, 0xbe, 0xa4, 0xb2,
-    0xff, 0xf9, 0xfa, 0xe6, 0x7d, 0xcb, 0x36, 0x38, 0x7e, 0xb2, 0xff, 0xef,
-    0xb7, 0x5e, 0xce, 0xbd, 0xad, 0x42, 0xcb, 0xff, 0x9a, 0x0e, 0xe3, 0x13,
-    0x76, 0x0a, 0x4b, 0x2b, 0x11, 0xb9, 0xda, 0x87, 0xd1, 0xaf, 0xfe, 0xc0,
-    0x4f, 0xe6, 0xa3, 0x67, 0xd7, 0x6b, 0x2f, 0xce, 0x0f, 0x60, 0x16, 0x51,
-    0x1f, 0x7f, 0x12, 0x2f, 0xf6, 0x7d, 0xce, 0x51, 0xd2, 0xcb, 0xa4, 0x2e,
-    0x17, 0x39, 0xf2, 0x34, 0x66, 0x84, 0xbc, 0xc4, 0x3f, 0x85, 0x80, 0x08,
-    0x39, 0x19, 0x3f, 0xa1, 0x3e, 0x21, 0x0d, 0xf8, 0x3d, 0x76, 0xdc, 0x59,
-    0x7e, 0xcf, 0x8b, 0xc3, 0xac, 0xbe, 0x34, 0x82, 0x75, 0x96, 0x17, 0x0b,
-    0xe6, 0x78, 0x47, 0xdc, 0x2e, 0x5e, 0x74, 0xe0, 0x10, 0xa9, 0xf1, 0x50,
-    0x85, 0x37, 0xff, 0x0b, 0x79, 0x0b, 0xcd, 0x76, 0xef, 0xda, 0xa2, 0x4a,
-    0x5f, 0xb5, 0xdb, 0xbf, 0x6a, 0x8b, 0xc5, 0x7f, 0xd2, 0x17, 0x9a, 0xed,
-    0xdf, 0xb5, 0x44, 0x9a, 0xb0, 0xbc, 0x3f, 0xf7, 0x36, 0xbe, 0xef, 0xec,
-    0x4b, 0x2e, 0x18, 0xa1, 0x65, 0xff, 0x0a, 0x67, 0x89, 0xe3, 0xf8, 0x7c,
-    0xe2, 0xcb, 0xfa, 0x7a, 0x14, 0x03, 0xde, 0xe9, 0x65, 0xfb, 0x9c, 0xc2,
-    0xc5, 0x97, 0xfd, 0xae, 0xe3, 0x6c, 0xc2, 0xf2, 0xcb, 0xf8, 0x84, 0x9b,
-    0x51, 0xbd, 0x65, 0xfd, 0x1c, 0x63, 0xc4, 0xcb, 0x2f, 0x9d, 0xba, 0xe2,
-    0xcb, 0x7d, 0x65, 0x62, 0x3c, 0x18, 0x9b, 0x70, 0xe4, 0xe6, 0x3f, 0x2d,
-    0x30, 0x8a, 0xff, 0x30, 0x30, 0xa3, 0xae, 0x2c, 0xbd, 0xbe, 0x24, 0xb2,
-    0xfd, 0x1e, 0xe6, 0x79, 0x65, 0xe7, 0x21, 0xe1, 0xe2, 0xfc, 0x7a, 0xff,
-    0x31, 0xbd, 0x73, 0x08, 0xd5, 0x97, 0xfc, 0xfa, 0x97, 0x30, 0x3a, 0xd9,
-    0x65, 0x32, 0x28, 0x3e, 0x62, 0x13, 0x5b, 0xfe, 0xc0, 0x0f, 0xf0, 0x50,
-    0x62, 0xcb, 0xe0, 0x73, 0x09, 0x65, 0x41, 0xec, 0xb1, 0xc5, 0xff, 0x83,
-    0xdf, 0x38, 0xfa, 0xf4, 0x1a, 0xb2, 0xfd, 0xff, 0x73, 0x3c, 0xb2, 0x98,
-    0xfa, 0x5d, 0x06, 0xff, 0xfd, 0xf7, 0x60, 0x73, 0x0d, 0x73, 0xea, 0x30,
-    0x96, 0x5c, 0xc3, 0x59, 0x50, 0x7d, 0x3f, 0x53, 0xbe, 0x90, 0x63, 0xa5,
-    0x97, 0xfd, 0xb3, 0x73, 0x8e, 0x0f, 0x85, 0x65, 0xfc, 0xda, 0x19, 0x47,
-    0x4b, 0x2f, 0xfb, 0x0d, 0x35, 0xe5, 0x9d, 0x79, 0x65, 0xed, 0xa3, 0x65,
-    0x97, 0x82, 0xfd, 0x61, 0xec, 0x88, 0x77, 0x7f, 0x7f, 0x33, 0xdf, 0xc5,
-    0x97, 0xfd, 0x12, 0xe6, 0xb4, 0xe5, 0xe5, 0x95, 0x25, 0x55, 0xc3, 0x84,
-    0x4f, 0x70, 0x89, 0x98, 0x87, 0x44, 0x7f, 0x3a, 0xe4, 0x21, 0xbc, 0x69,
-    0xbc, 0xb2, 0xfe, 0x6c, 0x28, 0xeb, 0x8b, 0x2f, 0xec, 0xf7, 0xa0, 0xb6,
-    0x59, 0x7e, 0xc1, 0xcf, 0x22, 0xdc, 0x59, 0x7f, 0x39, 0x02, 0x79, 0x16,
-    0xe2, 0xcb, 0x9c, 0x7b, 0xcf, 0x96, 0x7c, 0xc2, 0x8e, 0x8f, 0x0f, 0x96,
-    0x06, 0x12, 0x57, 0x9c, 0xbb, 0x59, 0x7b, 0xf0, 0x22, 0xca, 0xf1, 0xb9,
-    0x30, 0x72, 0xff, 0xdf, 0x79, 0x37, 0xde, 0x4d, 0xf5, 0x97, 0xf1, 0x38,
-    0x09, 0xce, 0xb2, 0xfc, 0x3f, 0xee, 0x31, 0x2c, 0xbf, 0xc5, 0x87, 0x9f,
-    0xcd, 0x42, 0xca, 0x83, 0xde, 0x98, 0xaa, 0xf4, 0x7b, 0x8b, 0x2f, 0xfa,
-    0x0f, 0xfc, 0x18, 0xdb, 0xa5, 0x95, 0x87, 0xef, 0xd1, 0x13, 0x0e, 0x5f,
-    0x6e, 0xb4, 0x1a, 0xb2, 0xf4, 0xba, 0x35, 0x65, 0xfc, 0x7f, 0x7c, 0x3e,
-    0xe2, 0xcb, 0xc1, 0x1f, 0x4b, 0x2f, 0xfe, 0x70, 0x77, 0xf6, 0xd1, 0x37,
-    0xb8, 0xb2, 0xff, 0x6f, 0xc9, 0x7e, 0x08, 0xd5, 0x97, 0x16, 0xcb, 0x2a,
-    0x13, 0x21, 0x19, 0x2e, 0x0f, 0xb1, 0x7b, 0x8f, 0x01, 0x10, 0x43, 0x5b,
-    0x79, 0x65, 0xff, 0x46, 0x80, 0xfe, 0x9f, 0xcf, 0x2c, 0xbb, 0x58, 0xb2,
-    0xfb, 0xa6, 0xea, 0x4b, 0x2e, 0x13, 0x65, 0x94, 0xc6, 0xf4, 0x04, 0x95,
-    0xa4, 0x5f, 0xfc, 0x44, 0x07, 0x64, 0xa7, 0x76, 0x1d, 0x65, 0xed, 0x6f,
-    0xfa, 0xcb, 0xf6, 0x69, 0xe0, 0x6b, 0x2a, 0x0f, 0x6d, 0xc5, 0x88, 0x7e,
-    0xf0, 0xf0, 0x96, 0x5f, 0xfb, 0x41, 0x3f, 0xda, 0x0e, 0xe4, 0xb2, 0xff,
-    0xb9, 0x07, 0x2c, 0x94, 0x12, 0xcb, 0xfc, 0xc5, 0x3b, 0x0e, 0xde, 0x59,
-    0x5a, 0x45, 0x37, 0x8f, 0x77, 0x9b, 0x5c, 0x52, 0x59, 0x70, 0xa0, 0xc5,
-    0x94, 0x13, 0x65, 0x3e, 0x2d, 0x50, 0x9a, 0x4e, 0x43, 0x07, 0x75, 0x92,
-    0xff, 0xee, 0xc2, 0xe3, 0xdf, 0x83, 0x9e, 0x45, 0xb8, 0xb2, 0xf9, 0xbf,
-    0x1b, 0xd6, 0x56, 0x8f, 0xcf, 0xca, 0x17, 0xfa, 0x35, 0x1d, 0x03, 0x50,
-    0xb2, 0xf3, 0x6e, 0xec, 0xb2, 0xdb, 0x2c, 0xa8, 0x36, 0x44, 0x41, 0x7b,
-    0xe1, 0xdc, 0x59, 0x7f, 0x14, 0x7b, 0xef, 0x25, 0x95, 0x07, 0x99, 0x31,
-    0x05, 0xef, 0x46, 0x96, 0x54, 0x26, 0x61, 0xb1, 0x14, 0xcc, 0xae, 0xd6,
-    0x12, 0x2b, 0x9f, 0xb5, 0x97, 0xff, 0xff, 0xb0, 0x89, 0xe5, 0xf6, 0x9c,
-    0x26, 0xb5, 0x12, 0x6f, 0x36, 0x9c, 0x0b, 0x2f, 0xc3, 0x0e, 0xc2, 0x1d,
-    0x65, 0xfe, 0x2c, 0xf7, 0xdb, 0xa9, 0x2c, 0xae, 0xcf, 0x7b, 0xe5, 0x77,
-    0xf7, 0x5c, 0xc3, 0xbf, 0x16, 0x5f, 0x0f, 0x3f, 0x0b, 0x2d, 0xa5, 0x97,
-    0xed, 0xb5, 0x1d, 0x69, 0x65, 0x6c, 0x6e, 0xf0, 0x46, 0xff, 0x04, 0x79,
-    0x28, 0x07, 0x16, 0x54, 0x27, 0xdb, 0x21, 0x7c, 0x86, 0xab, 0x11, 0xb9,
-    0x71, 0x2e, 0x70, 0x86, 0xff, 0xf6, 0x7f, 0xbf, 0xb7, 0x5e, 0xc3, 0xbf,
-    0x16, 0x5f, 0x6c, 0x70, 0xee, 0x2c, 0xbf, 0x78, 0xf3, 0x10, 0xd6, 0x53,
-    0x9e, 0x81, 0x13, 0xdf, 0xa6, 0xe7, 0x18, 0xeb, 0x2f, 0x70, 0x3d, 0x2c,
-    0xbf, 0xfe, 0xd8, 0xc7, 0x97, 0x39, 0x9a, 0x32, 0x34, 0x6a, 0xcb, 0x12,
-    0xcb, 0xf9, 0xfd, 0xcd, 0xb0, 0xc5, 0x97, 0xff, 0xf3, 0x71, 0xe5, 0xc6,
-    0xdf, 0xc0, 0xbb, 0x49, 0xb7, 0xac, 0xb8, 0x41, 0x16, 0x56, 0x26, 0xa1,
-    0x31, 0x4b, 0x8f, 0x01, 0x50, 0x84, 0x3c, 0x5e, 0x22, 0xed, 0xfb, 0x34,
-    0x00, 0x42, 0xcb, 0xa7, 0xc5, 0xcf, 0x6d, 0xa9, 0x60, 0xa4, 0x8a, 0x79,
-    0x0d, 0xcf, 0x34, 0x78, 0x8c, 0xa6, 0x4b, 0x23, 0x8c, 0x5f, 0x25, 0x9b,
-    0x77, 0x1c, 0x1f, 0x4d, 0xcc, 0x45, 0x31, 0xee, 0xa3, 0x00, 0xfc, 0x69,
-    0xef, 0x19, 0x08, 0x21, 0x2e, 0x51, 0xba, 0xf2, 0x3d, 0xaf, 0x4a, 0x38,
-    0x31, 0x96, 0x7e, 0x13, 0x62, 0x46, 0xe1, 0xba, 0xc9, 0x7f, 0x83, 0xb0,
-    0xbd, 0xdd, 0xd6, 0x35, 0x65, 0x43, 0xeb, 0x8e, 0xed, 0x0b, 0x79, 0x5a,
-    0x9f, 0xe1, 0xca, 0x4d, 0x69, 0xfd, 0x19, 0xa3, 0xc2, 0x39, 0xcf, 0xe7,
-    0xed, 0x7d, 0x08, 0x00, 0xc3, 0x54, 0x4a, 0xd5, 0x53, 0x76, 0x3b, 0x3a,
-    0x8a, 0x60, 0x09, 0xfe, 0xd3, 0xac, 0xd2, 0xa6, 0xeb, 0x8e, 0x98, 0x21,
-    0x99, 0xd8, 0x96, 0x9b, 0x4c, 0x7b, 0xef, 0x1b, 0x7c, 0x7d, 0x5b, 0x57,
-    0x46, 0xae, 0xe1, 0xb7, 0x25, 0x3a, 0xcd, 0x89, 0x49, 0xcd, 0x62, 0x82,
-    0xe4, 0xfb, 0x85, 0x34, 0x5f, 0xb4, 0x70, 0x4f, 0x89, 0x5b, 0x10, 0x56,
-    0xeb, 0xc2, 0xb9, 0xc8, 0x72, 0xbc, 0x63, 0x1e, 0x5e, 0x10, 0x1f, 0xb3,
-    0x0b, 0x1a, 0x0e, 0x24, 0x50, 0x37, 0xd6, 0xc3, 0xa6, 0x56, 0x24, 0xd3,
-    0xf3, 0xf1, 0x42, 0x56, 0x6c, 0x5b, 0xb7, 0xb2, 0x6b, 0x40,
+    0xb6, 0xf3, 0x42, 0x56, 0x59, 0xf6, 0x9b, 0xce, 0x10, 0xdb, 0x46, 0xa3,
+    0x7b, 0xd0, 0xb6, 0xbf, 0xcc, 0x3c, 0x39, 0x99, 0xe5, 0x96, 0x8d, 0x65,
+    0xff, 0xff, 0x67, 0xf9, 0x9d, 0x39, 0x03, 0x6e, 0xa4, 0x85, 0xf9, 0xf2,
+    0xcb, 0xf7, 0x06, 0xd2, 0x4b, 0x2a, 0x51, 0xa4, 0x73, 0x32, 0x12, 0xfb,
+    0x3d, 0xff, 0xdc, 0xfb, 0x44, 0x63, 0x8e, 0x7b, 0xe2, 0xca, 0x64, 0xe0,
+    0xde, 0x30, 0x11, 0x1d, 0xdf, 0xe8, 0x72, 0x61, 0xc6, 0x25, 0x97, 0x00,
+    0x0b, 0x2f, 0x18, 0x61, 0x89, 0x2f, 0xfa, 0x1c, 0x2c, 0xe8, 0x79, 0xa4,
+    0x81, 0x0d, 0x05, 0xa0, 0xb2, 0xa5, 0x18, 0xac, 0x64, 0xe6, 0xff, 0x4b,
+    0xbf, 0xe8, 0x0f, 0xd2, 0x53, 0x86, 0x2c, 0xbf, 0x6e, 0x88, 0xf8, 0x35,
+    0x97, 0xff, 0xdb, 0xc8, 0x50, 0xcd, 0xed, 0xf9, 0xeb, 0x3c, 0xb2, 0xfd,
+    0x9b, 0xf6, 0xc0, 0xeb, 0x2d, 0xf9, 0x3f, 0xff, 0x29, 0xd4, 0xa6, 0x13,
+    0x87, 0x02, 0x85, 0x55, 0xff, 0xbb, 0x81, 0x08, 0x1b, 0x7a, 0x38, 0x16,
+    0x5d, 0x26, 0xac, 0xbf, 0xe1, 0xc9, 0x48, 0x21, 0xe6, 0x59, 0x7b, 0xed,
+    0x1a, 0xcb, 0xff, 0xdd, 0xe4, 0x08, 0x4f, 0xcf, 0x60, 0x1d, 0x65, 0x1a,
+    0x7c, 0xce, 0x3b, 0x52, 0x98, 0xd4, 0x68, 0x8c, 0x2e, 0x28, 0x4e, 0xdf,
+    0xef, 0x30, 0xc9, 0xde, 0x25, 0x97, 0xf8, 0x7e, 0x13, 0x83, 0x67, 0x16,
+    0x5f, 0x38, 0x27, 0x4b, 0x2a, 0x51, 0x12, 0xc6, 0x5c, 0x36, 0xbe, 0x9f,
+    0xe4, 0x6b, 0x2f, 0xa0, 0x00, 0x4a, 0xcb, 0xfd, 0x3b, 0x7f, 0x9c, 0xe4,
+    0xac, 0xbf, 0x86, 0x18, 0xc5, 0xfe, 0x2c, 0xbf, 0xa7, 0x0a, 0x0d, 0xb2,
+    0xb2, 0x8d, 0x46, 0xb7, 0x64, 0x5a, 0x22, 0x23, 0x4f, 0x98, 0x5f, 0xd9,
+    0xc8, 0x78, 0x3e, 0x2c, 0xa6, 0x3f, 0xa2, 0x4b, 0xbd, 0x24, 0x6a, 0xca,
+    0x83, 0x67, 0x74, 0x38, 0xc8, 0x72, 0x17, 0x86, 0xc3, 0x5f, 0xa8, 0xed,
+    0x7b, 0x8d, 0xc1, 0x91, 0xa2, 0x8c, 0x8b, 0x52, 0x87, 0xcf, 0x1d, 0xb7,
+    0xa5, 0x4a, 0x02, 0x1f, 0x45, 0x1a, 0x1f, 0x23, 0x4e, 0xfc, 0x32, 0xf7,
+    0xc6, 0xfc, 0x19, 0x05, 0xff, 0x66, 0x8b, 0x37, 0xbe, 0xa0, 0xb2, 0xe0,
+    0x71, 0x65, 0xf8, 0xbf, 0x80, 0x3a, 0xcb, 0xed, 0x34, 0xfd, 0x65, 0xfd,
+    0xc2, 0xc8, 0xa4, 0xeb, 0x28, 0x07, 0x9d, 0xf2, 0x1a, 0x74, 0x4b, 0x89,
+    0xd6, 0xe9, 0xfa, 0xcb, 0xe0, 0x39, 0x9f, 0x59, 0x7f, 0x9c, 0xcf, 0x34,
+    0xea, 0x56, 0x5f, 0xc2, 0x3f, 0x05, 0xa8, 0xd6, 0x5f, 0x9b, 0x7c, 0x97,
+    0xd6, 0x54, 0xa7, 0x98, 0x33, 0x93, 0x61, 0x5d, 0xd9, 0x13, 0x0b, 0x68,
+    0x8c, 0x8c, 0xb8, 0x61, 0x7f, 0xed, 0x37, 0x20, 0x1f, 0xa4, 0xa5, 0x65,
+    0xe6, 0x93, 0xac, 0xb9, 0xbc, 0xb2, 0xb4, 0x6c, 0x76, 0x46, 0xef, 0xff,
+    0xdf, 0x34, 0x53, 0x83, 0xf6, 0x73, 0xb8, 0x4f, 0x96, 0x56, 0x91, 0xd4,
+    0x76, 0xf2, 0x24, 0xbe, 0x00, 0xb5, 0x1a, 0xcb, 0xd1, 0x0b, 0x4b, 0x2e,
+    0x78, 0x2c, 0xbf, 0xb9, 0x3d, 0xec, 0x21, 0x9d, 0x65, 0xfc, 0x7c, 0x2f,
+    0xec, 0xe2, 0xcb, 0xff, 0xfd, 0x9f, 0x10, 0x0e, 0xf0, 0x71, 0xc9, 0x3e,
+    0x9e, 0x0b, 0x2f, 0xe2, 0x73, 0x3f, 0x9e, 0xc4, 0x46, 0x91, 0x7d, 0xfe,
+    0xcf, 0x78, 0x5f, 0x72, 0x59, 0x73, 0x0d, 0x65, 0xfd, 0xee, 0x9f, 0x4f,
+    0x05, 0x96, 0xea, 0x07, 0x89, 0x82, 0xd7, 0x9a, 0x2e, 0x2c, 0xa9, 0x3c,
+    0x53, 0x94, 0x5f, 0xfd, 0xf6, 0xf3, 0x9f, 0x64, 0x5e, 0x6d, 0x2c, 0xbf,
+    0x9f, 0xe7, 0x9c, 0xfa, 0xca, 0x73, 0xf3, 0x12, 0x3d, 0xb8, 0xb2, 0xfe,
+    0x90, 0x37, 0x98, 0xeb, 0x2a, 0x4d, 0xeb, 0x08, 0xde, 0x2c, 0xe9, 0x65,
+    0x78, 0xdd, 0xf0, 0x7e, 0x86, 0xac, 0x93, 0xb1, 0x68, 0xa1, 0x85, 0xa4,
+    0x33, 0xc2, 0xec, 0xa1, 0x29, 0xf8, 0x4c, 0xdf, 0x7b, 0xb7, 0xdc, 0x59,
+    0x7e, 0xf3, 0x9d, 0xb8, 0xb2, 0x86, 0x79, 0xbd, 0x13, 0x56, 0x2e, 0x16,
+    0xb4, 0xb4, 0x27, 0x86, 0x45, 0xf9, 0xbc, 0xe7, 0x65, 0x97, 0x80, 0x1f,
+    0xd6, 0x5e, 0x72, 0x02, 0xca, 0xda, 0x7b, 0xf8, 0x4d, 0xd0, 0xf5, 0xed,
+    0xf8, 0x35, 0x96, 0xd4, 0x67, 0x9f, 0x11, 0x8d, 0xcf, 0xe5, 0x97, 0xd1,
+    0x41, 0xc9, 0x65, 0x68, 0xdc, 0x70, 0x5a, 0xff, 0x6e, 0xeb, 0x37, 0x48,
+    0x46, 0x2c, 0xa8, 0xcf, 0x6c, 0xc2, 0x1b, 0xdb, 0xac, 0x35, 0x95, 0x87,
+    0x86, 0xe4, 0x95, 0x2b, 0xd1, 0x4c, 0x5f, 0xe9, 0xc5, 0x17, 0x87, 0x51,
+    0x46, 0x01, 0x7f, 0x1f, 0xad, 0xb8, 0x7e, 0x2c, 0xbf, 0xff, 0xfe, 0x07,
+    0x33, 0x08, 0xd0, 0xf4, 0x53, 0x9e, 0x09, 0xc2, 0xc8, 0xcf, 0x87, 0x59,
+    0x76, 0xb1, 0x65, 0xdc, 0x65, 0x95, 0x19, 0xac, 0xd0, 0xb5, 0xc1, 0xc1,
+    0x65, 0xf3, 0x6f, 0x6d, 0xeb, 0x2f, 0xa4, 0x83, 0x3a, 0xca, 0xc4, 0x40,
+    0x9c, 0x89, 0xc6, 0x03, 0x25, 0xac, 0x4d, 0xa3, 0xf1, 0x96, 0x5c, 0x0e,
+    0x2c, 0xbe, 0xda, 0x53, 0xd2, 0xcb, 0xe7, 0xf4, 0x86, 0xb2, 0xb0, 0xf7,
+    0x7c, 0x2f, 0xbc, 0x92, 0xfa, 0x4c, 0xc1, 0xac, 0xbf, 0xfe, 0x17, 0x70,
+    0xe0, 0xfd, 0x3a, 0x1b, 0xb9, 0x8b, 0x2e, 0x0a, 0x05, 0x8b, 0x2b, 0x13,
+    0x4a, 0x68, 0x43, 0x68, 0xc0, 0x88, 0x83, 0x52, 0xbb, 0x3e, 0xb2, 0xe3,
+    0xb2, 0xca, 0x19, 0xac, 0x21, 0x6b, 0xe3, 0x27, 0xbe, 0x2c, 0xbd, 0xf0,
+    0xf1, 0x65, 0xd3, 0x1a, 0xca, 0x73, 0x69, 0xc1, 0xdb, 0xc3, 0x98, 0x2c,
+    0xbf, 0x45, 0x09, 0xef, 0xeb, 0x2f, 0xee, 0xbc, 0xdb, 0xdf, 0x4b, 0x2d,
+    0x31, 0x9e, 0xd6, 0x15, 0x5d, 0x9e, 0x59, 0x4e, 0x8b, 0x32, 0x76, 0xd9,
+    0x27, 0xbb, 0x06, 0xb2, 0xef, 0x85, 0xd6, 0x54, 0x6b, 0xa1, 0x50, 0x95,
+    0xc7, 0x8f, 0x5e, 0x20, 0xe2, 0xc7, 0xe1, 0xa7, 0xbc, 0xc7, 0x64, 0x5a,
+    0xdb, 0x0d, 0x65, 0xfb, 0x40, 0x3b, 0x71, 0x65, 0xd3, 0xbd, 0x65, 0x61,
+    0xe0, 0x6f, 0x28, 0xbd, 0xe1, 0x18, 0xb2, 0xf7, 0x9e, 0x35, 0x97, 0xee,
+    0x7d, 0xa7, 0xb5, 0x97, 0x0b, 0xa5, 0x97, 0xfd, 0x31, 0x9d, 0xc0, 0x06,
+    0xf2, 0xca, 0x81, 0xfc, 0x80, 0xa3, 0x83, 0x17, 0xbf, 0x81, 0xac, 0xbf,
+    0x8e, 0x2e, 0x7f, 0x3e, 0xb2, 0xff, 0x18, 0xfd, 0x61, 0x60, 0xd6, 0x5f,
+    0x9f, 0xdd, 0xc3, 0x8b, 0x2a, 0x51, 0x15, 0xc2, 0xe1, 0x19, 0xdf, 0xb3,
+    0x80, 0x98, 0x96, 0x5f, 0xbb, 0xe6, 0xdd, 0x4a, 0xcb, 0xfb, 0xac, 0x38,
+    0xb9, 0xf5, 0x95, 0x27, 0xb4, 0x22, 0xbb, 0xd0, 0x9e, 0x2c, 0xb0, 0x96,
+    0x54, 0x0d, 0x68, 0x07, 0x2f, 0x0c, 0x5d, 0x2c, 0xbe, 0x19, 0x4c, 0x16,
+    0x54, 0x9f, 0x03, 0x10, 0xb8, 0xf5, 0xec, 0x61, 0xac, 0xbf, 0xfc, 0x1e,
+    0xde, 0xfe, 0x53, 0x9b, 0x73, 0xbf, 0xac, 0xbf, 0xe9, 0xf3, 0x4c, 0x51,
+    0x4f, 0x4b, 0x2b, 0x60, 0x5c, 0x34, 0x95, 0x71, 0x91, 0x9a, 0x3d, 0xdc,
+    0x25, 0x98, 0xbe, 0x28, 0x53, 0xe8, 0xbc, 0xf0, 0x82, 0xf4, 0x2b, 0xbe,
+    0x58, 0x21, 0xbd, 0xea, 0x17, 0xf9, 0xa2, 0x72, 0x6e, 0xf8, 0xb2, 0xec,
+    0xe9, 0x65, 0xfe, 0x2f, 0xf0, 0xa7, 0xfc, 0x59, 0x7f, 0xbc, 0x58, 0xc0,
+    0x90, 0x2c, 0xbf, 0x36, 0xfc, 0x2e, 0x2c, 0xbf, 0xff, 0xa7, 0xc2, 0xee,
+    0x7f, 0xd7, 0xa7, 0x42, 0xc1, 0x44, 0xb2, 0xb1, 0x1d, 0x2c, 0x65, 0xa3,
+    0x1f, 0x14, 0x5f, 0xbf, 0x9e, 0x16, 0xe2, 0xcb, 0xff, 0x47, 0xe6, 0x3c,
+    0xee, 0x7b, 0x23, 0x59, 0x5d, 0x9f, 0x76, 0x8a, 0xef, 0xed, 0x67, 0xbc,
+    0x2f, 0xac, 0xbf, 0x78, 0xa7, 0x34, 0xa2, 0xfe, 0xcd, 0x46, 0x27, 0x1a,
+    0xa2, 0x0d, 0x04, 0x34, 0xd5, 0x1a, 0x28, 0x60, 0xa9, 0x7f, 0xdf, 0xe3,
+    0xe8, 0x7a, 0x78, 0x2c, 0xad, 0x1e, 0xef, 0x09, 0x2f, 0x8b, 0xd9, 0xda,
+    0xca, 0x94, 0xd9, 0x5a, 0x32, 0x17, 0x22, 0xbf, 0x3f, 0x4c, 0x79, 0x59,
+    0x7f, 0x43, 0xc4, 0xfd, 0xfd, 0x65, 0x74, 0x7a, 0xa4, 0x4f, 0x7c, 0x19,
+    0x3c, 0x6b, 0x2f, 0xdc, 0x6d, 0x30, 0x16, 0x56, 0x1f, 0x67, 0x08, 0xb7,
+    0x48, 0xef, 0xd3, 0xfd, 0xa7, 0x31, 0x65, 0xff, 0xa3, 0xff, 0xa7, 0xd9,
+    0xbd, 0xe0, 0xb2, 0xf1, 0xe7, 0xa5, 0x97, 0xc4, 0x01, 0x71, 0x65, 0x61,
+    0xbf, 0xd0, 0xed, 0x4a, 0x28, 0x1a, 0x10, 0x17, 0xe7, 0x8c, 0x9c, 0xd5,
+    0x97, 0xfc, 0x3e, 0x73, 0x34, 0x3f, 0x62, 0xcb, 0xde, 0x9d, 0x2c, 0xbf,
+    0xee, 0x39, 0x4c, 0x4c, 0x38, 0xd6, 0x5f, 0xe8, 0x31, 0xe7, 0xc1, 0x8d,
+    0x65, 0xff, 0xe9, 0xc2, 0xef, 0xf9, 0xa6, 0x8d, 0xce, 0xb2, 0xec, 0xf6,
+    0xd4, 0x5b, 0x70, 0xe7, 0xe6, 0x97, 0x67, 0x16, 0x57, 0xcf, 0x4f, 0x64,
+    0xf6, 0xa0, 0x9a, 0x51, 0x91, 0x92, 0xd4, 0xa7, 0x5c, 0xf1, 0xc1, 0xdf,
+    0xf6, 0x43, 0xd8, 0x4f, 0xa3, 0x56, 0x5c, 0x73, 0x16, 0x50, 0x43, 0xd0,
+    0x81, 0xc5, 0xfa, 0x4f, 0xfc, 0xf2, 0xca, 0xda, 0xbf, 0xe3, 0xb0, 0x19,
+    0xcc, 0x60, 0x10, 0x94, 0x1d, 0x90, 0xf5, 0xd1, 0x8f, 0xa1, 0x96, 0xe4,
+    0xc5, 0x1e, 0xb0, 0x9e, 0x37, 0x49, 0x2f, 0xf7, 0x7a, 0xc6, 0xf4, 0x8d,
+    0x65, 0xc3, 0x95, 0x97, 0x64, 0x16, 0x5f, 0xff, 0x9b, 0xa6, 0x1f, 0xe0,
+    0x22, 0xff, 0x3c, 0xf0, 0x59, 0x7f, 0xfd, 0xe9, 0x3e, 0xdf, 0x4b, 0xe8,
+    0x65, 0x30, 0x59, 0x58, 0x98, 0x2b, 0x99, 0xf0, 0x5b, 0xe2, 0xc2, 0x56,
+    0xbb, 0x03, 0x59, 0x7f, 0x9f, 0xef, 0x83, 0x6d, 0xeb, 0x2f, 0x81, 0xe9,
+    0x1a, 0xcb, 0xfb, 0xcc, 0x61, 0x48, 0xd6, 0x5f, 0xf4, 0x80, 0xf3, 0x85,
+    0xfe, 0x2c, 0xbf, 0xee, 0x61, 0x9e, 0x73, 0xb7, 0x16, 0x5f, 0xb3, 0x51,
+    0x8b, 0x8b, 0x2b, 0xa4, 0xc6, 0xd8, 0xce, 0x22, 0x2f, 0x16, 0xf0, 0xdf,
+    0x79, 0xcd, 0xf9, 0xbb, 0x83, 0x12, 0xcb, 0xcd, 0xec, 0x59, 0x7f, 0x7d,
+    0xce, 0x79, 0x3a, 0xca, 0xc3, 0xef, 0xe8, 0x9f, 0xb1, 0xba, 0x59, 0x47,
+    0x37, 0x66, 0x18, 0x5f, 0xf0, 0xa3, 0xdb, 0x9f, 0xf4, 0xfd, 0x65, 0xfb,
+    0x82, 0x06, 0x79, 0x65, 0xcd, 0x12, 0xca, 0x94, 0x4e, 0xf4, 0x45, 0xf3,
+    0xcd, 0xd2, 0x8b, 0xff, 0x88, 0x46, 0x9c, 0x5f, 0xf4, 0x88, 0x2e, 0xb2,
+    0xf8, 0xf3, 0xa3, 0x56, 0x5f, 0x60, 0x00, 0xeb, 0x2f, 0x07, 0xe7, 0x59,
+    0x58, 0x7c, 0x24, 0x47, 0xb2, 0x43, 0x51, 0xa3, 0x6c, 0xc8, 0x55, 0xdf,
+    0x07, 0x25, 0xd2, 0xcb, 0xdc, 0xf4, 0xac, 0xa8, 0x1b, 0xf1, 0x91, 0xdf,
+    0x8b, 0x46, 0x3c, 0x6b, 0x2a, 0x51, 0x67, 0x8d, 0x2e, 0x43, 0x7e, 0x2c,
+    0xff, 0x99, 0x65, 0xf7, 0x5e, 0x93, 0x16, 0x5f, 0xb3, 0xfc, 0x63, 0xac,
+    0xb8, 0x44, 0xb2, 0xf1, 0x64, 0x6b, 0x2a, 0x57, 0x6e, 0xe0, 0x93, 0x91,
+    0x99, 0x34, 0x74, 0x5a, 0x8f, 0x3b, 0xc5, 0xa1, 0x72, 0x62, 0x24, 0xe1,
+    0x38, 0x62, 0xd7, 0xfd, 0x27, 0x9f, 0xb1, 0x64, 0x16, 0x5a, 0x0b, 0x2f,
+    0xb8, 0x29, 0x02, 0xcb, 0x85, 0xba, 0xb2, 0xb4, 0x88, 0x3f, 0x1b, 0x00,
+    0x44, 0x88, 0xae, 0xc2, 0x59, 0x7e, 0xe0, 0x7c, 0xf0, 0x96, 0x57, 0x8d,
+    0xff, 0xc5, 0x6f, 0xff, 0x69, 0xa4, 0xf9, 0xb7, 0x3c, 0xd8, 0x75, 0x97,
+    0xcd, 0xc9, 0x75, 0x95, 0xb4, 0xfa, 0x78, 0x93, 0x7f, 0xb0, 0xb3, 0xbf,
+    0xc0, 0xeb, 0x2e, 0xfc, 0xac, 0xa9, 0x3c, 0x97, 0x33, 0xbf, 0xe7, 0x80,
+    0xd8, 0x41, 0x76, 0xd2, 0xcb, 0xf6, 0x11, 0x48, 0xd6, 0x5f, 0x79, 0xfd,
+    0x2b, 0x2f, 0xe9, 0x8c, 0xef, 0x14, 0xac, 0xb6, 0x96, 0x54, 0x0f, 0x82,
+    0x22, 0x11, 0x17, 0x5f, 0xff, 0x39, 0xbf, 0x9d, 0x03, 0x53, 0xf2, 0x70,
+    0x2c, 0xbf, 0xd3, 0xd0, 0xfc, 0x27, 0xe2, 0xcb, 0x9c, 0xd5, 0x97, 0xf4,
+    0x65, 0x9f, 0xd4, 0xac, 0xbe, 0xe8, 0x3f, 0xf1, 0x65, 0xfc, 0x58, 0x0c,
+    0x28, 0x2c, 0xbf, 0xfe, 0x37, 0x68, 0x64, 0xff, 0xe3, 0x77, 0xe6, 0x31,
+    0x65, 0x62, 0x20, 0x1c, 0xae, 0xf6, 0xa4, 0xd5, 0x95, 0x29, 0x88, 0x31,
+    0x69, 0x42, 0x97, 0x84, 0x35, 0x2b, 0x8d, 0xb8, 0xf6, 0xd0, 0x8a, 0xd3,
+    0x69, 0xc8, 0x3c, 0x78, 0xf0, 0x85, 0x23, 0x0e, 0x27, 0xfc, 0xd0, 0x51,
+    0x93, 0xdd, 0xcd, 0xeb, 0x2e, 0x6f, 0xac, 0xbe, 0x62, 0x71, 0xac, 0xb8,
+    0x3f, 0xac, 0xbf, 0xf1, 0xf3, 0xfc, 0x0f, 0x8f, 0x0c, 0x59, 0x7e, 0xe4,
+    0xeb, 0xf2, 0xb0, 0x21, 0xbf, 0xa1, 0xa2, 0xc3, 0x44, 0x1c, 0x57, 0xb9,
+    0x82, 0xeb, 0x2e, 0x80, 0x6b, 0x2f, 0x8c, 0xc8, 0x32, 0xcb, 0xd8, 0xc6,
+    0xac, 0xbe, 0x89, 0xdf, 0x4b, 0x29, 0xcf, 0x80, 0x88, 0x83, 0x1c, 0xbd,
+    0x8d, 0xbd, 0x65, 0xe8, 0x06, 0x75, 0x95, 0xe3, 0x76, 0xe3, 0xb7, 0xf7,
+    0x1b, 0x58, 0x2d, 0x2c, 0xbf, 0xff, 0xa2, 0xda, 0xdd, 0x0b, 0x5c, 0x16,
+    0xd3, 0xb7, 0xfc, 0xcb, 0x2e, 0x93, 0x56, 0x54, 0x9f, 0xcb, 0x31, 0x56,
+    0x2a, 0xf0, 0x34, 0x65, 0xa1, 0x8d, 0x11, 0x86, 0x86, 0x8e, 0xf1, 0xe6,
+    0x9f, 0x90, 0x6e, 0xc2, 0x9a, 0xe3, 0x85, 0x55, 0x17, 0xe2, 0xfd, 0x1f,
+    0x70, 0x91, 0xac, 0xbf, 0x61, 0x37, 0x70, 0x59, 0x7b, 0x59, 0x8b, 0x28,
+    0x28, 0x7d, 0x8c, 0x55, 0xc2, 0x7b, 0xc5, 0x20, 0x59, 0x79, 0xb3, 0xcb,
+    0x2e, 0x2e, 0xa4, 0xdb, 0x68, 0x6e, 0xff, 0xe8, 0x7c, 0x50, 0x81, 0xff,
+    0xf9, 0x3a, 0xcb, 0xfd, 0xfe, 0x4c, 0x79, 0xc1, 0xac, 0xbb, 0xd8, 0xb2,
+    0xff, 0xfb, 0xd2, 0x3c, 0xeb, 0x6e, 0x16, 0x0f, 0xd2, 0xb2, 0xff, 0xb5,
+    0x3e, 0x6d, 0xfa, 0x98, 0x2c, 0xbf, 0xff, 0xc0, 0x9e, 0xe1, 0xc1, 0xe6,
+    0x16, 0x75, 0xe6, 0x17, 0xd6, 0x5f, 0xfc, 0xd8, 0x59, 0x9c, 0xdb, 0x0e,
+    0x1d, 0x65, 0xff, 0x9e, 0x7b, 0x86, 0xde, 0x76, 0x39, 0x59, 0x7f, 0x3c,
+    0x65, 0x91, 0x89, 0x65, 0x0d, 0x56, 0x1e, 0x34, 0x76, 0x58, 0xc8, 0xdb,
+    0x86, 0x91, 0x0b, 0x69, 0x40, 0x07, 0x5c, 0x61, 0xfa, 0x26, 0xca, 0x15,
+    0xff, 0x37, 0x30, 0x7b, 0x78, 0x52, 0xb2, 0xf1, 0xb3, 0xa5, 0x97, 0xc7,
+    0x71, 0x89, 0x65, 0xfe, 0x0e, 0x7c, 0xdc, 0x90, 0xd6, 0x5f, 0x00, 0x9e,
+    0x0b, 0x2f, 0xef, 0x31, 0xdd, 0xf7, 0x56, 0x5f, 0xa0, 0x42, 0x73, 0x56,
+    0x5e, 0x17, 0x7c, 0x59, 0x78, 0xb3, 0x75, 0x65, 0xe3, 0xe6, 0xf5, 0x95,
+    0xb4, 0xf6, 0xb0, 0x79, 0xc7, 0xaf, 0x69, 0xa3, 0x59, 0x63, 0xac, 0xbd,
+    0xac, 0xed, 0x65, 0xc3, 0x98, 0x1a, 0xe0, 0x08, 0xdb, 0x65, 0x65, 0x04,
+    0x4f, 0xfe, 0x47, 0x46, 0x44, 0x69, 0xa7, 0x44, 0x3d, 0x97, 0xc5, 0x08,
+    0x2d, 0x17, 0x9d, 0x2c, 0x2e, 0x59, 0x7f, 0xcc, 0x6c, 0xe8, 0xb1, 0x8d,
+    0x59, 0x77, 0x51, 0xac, 0xbf, 0x63, 0x6a, 0x28, 0x2c, 0xbe, 0x27, 0xff,
+    0x16, 0x5a, 0x4e, 0x79, 0x3b, 0xca, 0x2e, 0x68, 0x96, 0x5f, 0xfb, 0x23,
+    0xdb, 0xe9, 0x89, 0xbb, 0x82, 0xcb, 0xfa, 0x4d, 0x19, 0x4f, 0x6b, 0x2a,
+    0x4f, 0xc7, 0x48, 0x77, 0xc5, 0x3a, 0x35, 0x65, 0xf4, 0x96, 0x1a, 0xb2,
+    0xf7, 0x24, 0xd5, 0x97, 0xf9, 0xf3, 0xbf, 0xfd, 0xfc, 0xb2, 0xff, 0xe1,
+    0x0f, 0x35, 0x30, 0x61, 0xc9, 0x2c, 0xbf, 0xe2, 0x78, 0xe7, 0x5a, 0x78,
+    0x2c, 0xa8, 0x1f, 0xd7, 0x90, 0xaf, 0xfc, 0x7c, 0xe7, 0x30, 0x81, 0xb3,
+    0x8b, 0x2f, 0xff, 0xb4, 0xfc, 0x2c, 0x8c, 0x38, 0x0a, 0x58, 0x96, 0x54,
+    0xa2, 0xc5, 0xc8, 0x84, 0x81, 0x5d, 0xa7, 0x53, 0xe1, 0xdf, 0xc6, 0xbd,
+    0x7f, 0xff, 0x9b, 0x80, 0xcd, 0xad, 0xbe, 0x7c, 0xd3, 0x14, 0x53, 0xd2,
+    0xcb, 0xdf, 0x68, 0xd6, 0x5f, 0x80, 0xfd, 0xcc, 0x4b, 0x2f, 0x14, 0xf4,
+    0xb2, 0xfc, 0xf0, 0x9d, 0xc3, 0xac, 0xbf, 0xf3, 0x45, 0xe9, 0xd7, 0x70,
+    0x9d, 0x2c, 0xbf, 0xfd, 0xff, 0x4e, 0xfe, 0x13, 0xfe, 0x26, 0xde, 0xb2,
+    0xff, 0xcc, 0x7c, 0xd6, 0x4c, 0x4c, 0x75, 0x95, 0x88, 0x8b, 0xd2, 0x75,
+    0x46, 0x98, 0xb8, 0xca, 0xb9, 0x0c, 0xbb, 0xec, 0xfc, 0x8d, 0x65, 0xff,
+    0xe6, 0x27, 0xef, 0x9c, 0xcd, 0x0f, 0xd8, 0xb2, 0xb6, 0xae, 0xa6, 0x42,
+    0x11, 0x18, 0x43, 0xd1, 0x13, 0x47, 0x95, 0xa3, 0x83, 0xb2, 0xb8, 0xe9,
+    0x14, 0xf2, 0x33, 0x33, 0x0d, 0xf7, 0x48, 0x6d, 0x2b, 0x29, 0x65, 0xec,
+    0xc0, 0x2c, 0xbd, 0xe6, 0xfa, 0xcb, 0x6f, 0xc3, 0xd2, 0x61, 0x02, 0x0b,
+    0x0c, 0x6e, 0xfd, 0xa8, 0xc4, 0xe3, 0x59, 0x6d, 0x95, 0x95, 0x86, 0xf4,
+    0x32, 0x9b, 0xd3, 0xbb, 0xc5, 0x94, 0x69, 0xe0, 0x74, 0x43, 0x7e, 0xd6,
+    0xb3, 0x72, 0x25, 0x97, 0x19, 0xc5, 0x95, 0x2c, 0xf9, 0xa1, 0xc2, 0x37,
+    0x25, 0xab, 0xf5, 0x0a, 0x06, 0x94, 0x71, 0xb9, 0x09, 0xa3, 0x9c, 0x79,
+    0x89, 0xe7, 0x5d, 0x41, 0x18, 0x70, 0xa1, 0x7f, 0xbc, 0x90, 0x32, 0xcb,
+    0xfd, 0xbb, 0xce, 0x49, 0xe7, 0xeb, 0x2e, 0x70, 0xd6, 0x54, 0x9e, 0x69,
+    0xcd, 0xaf, 0xf1, 0x40, 0xb0, 0xf3, 0xd2, 0xcb, 0xb3, 0x65, 0x65, 0x61,
+    0xe5, 0xf8, 0xca, 0xfd, 0xe6, 0xdf, 0x83, 0x59, 0x7b, 0x6f, 0xd9, 0x65,
+    0xff, 0x87, 0x25, 0x84, 0x28, 0x67, 0x16, 0x5d, 0xb7, 0xb5, 0x97, 0xe7,
+    0x3b, 0x6e, 0xe2, 0xcb, 0xfb, 0x3c, 0xff, 0x78, 0x96, 0x5d, 0x3d, 0xac,
+    0xae, 0xcf, 0x13, 0xe5, 0xb5, 0x88, 0x90, 0x76, 0xdb, 0xfe, 0xc1, 0x16,
+    0x7c, 0x9c, 0xeb, 0x2d, 0x12, 0xcb, 0xde, 0xc0, 0x2c, 0xa6, 0x35, 0xdf,
+    0x12, 0xbf, 0xdc, 0x98, 0x4c, 0x73, 0x1a, 0xcb, 0xb0, 0xd5, 0x97, 0xff,
+    0xb0, 0xdf, 0x37, 0x3d, 0x9b, 0xe7, 0x3b, 0x59, 0x52, 0x8b, 0x76, 0x20,
+    0xf1, 0xa1, 0x0b, 0xda, 0x56, 0x5f, 0x38, 0x72, 0x62, 0xca, 0x93, 0x67,
+    0xd8, 0x85, 0xda, 0xc5, 0x97, 0xd3, 0xf9, 0xe9, 0x65, 0xc1, 0x4d, 0xd5,
+    0x94, 0x03, 0xc0, 0x22, 0x2b, 0xe6, 0xd4, 0xc1, 0x65, 0xf4, 0x67, 0x9e,
+    0x2c, 0xa8, 0xcf, 0x13, 0x08, 0x6f, 0xfd, 0x3f, 0x71, 0x7d, 0xfb, 0xcf,
+    0xac, 0xbf, 0xed, 0x6d, 0x91, 0xfb, 0x3a, 0x95, 0x97, 0xff, 0x4e, 0x0d,
+    0xb8, 0x59, 0xbd, 0x89, 0x65, 0x79, 0x17, 0x6e, 0x7c, 0x23, 0xbb, 0xf7,
+    0x4f, 0x2d, 0xb2, 0xb2, 0xf1, 0x67, 0x16, 0x5f, 0xff, 0xfa, 0x7c, 0xc7,
+    0x09, 0x14, 0x1f, 0x41, 0xf9, 0xbb, 0xe7, 0x4d, 0x1a, 0xca, 0x8d, 0x78,
+    0x0c, 0x6d, 0x86, 0x90, 0xf4, 0x52, 0xc3, 0xdb, 0x87, 0x91, 0x42, 0xab,
+    0x44, 0x3e, 0x8c, 0x6d, 0xdb, 0x40, 0x42, 0x4a, 0xdc, 0x65, 0xfc, 0x37,
+    0x44, 0x5e, 0x19, 0x56, 0xe8, 0xdd, 0xed, 0x70, 0x4b, 0x2d, 0xc5, 0x97,
+    0xfb, 0xa0, 0x38, 0x18, 0xba, 0x59, 0x5e, 0x3c, 0x52, 0x11, 0xac, 0x44,
+    0x1b, 0x31, 0x5f, 0xe8, 0xc7, 0x9f, 0xe3, 0xf6, 0xb2, 0x96, 0x5d, 0x0d,
+    0x89, 0x65, 0xb6, 0xb1, 0xa7, 0x70, 0xbb, 0xec, 0x16, 0xa3, 0x59, 0x7d,
+    0x0e, 0x0c, 0xeb, 0x29, 0x8f, 0x19, 0xc8, 0xef, 0xfe, 0xcd, 0xf8, 0x3c,
+    0x21, 0x43, 0x38, 0xb2, 0xfd, 0xa9, 0xf0, 0x63, 0x59, 0x5a, 0x3e, 0xd7,
+    0x44, 0xb0, 0x16, 0x5d, 0x1c, 0xac, 0xb4, 0xc6, 0x6a, 0x18, 0x46, 0xf8,
+    0xc7, 0xce, 0x2c, 0xbf, 0x87, 0x20, 0x2c, 0xed, 0x65, 0xff, 0x40, 0xef,
+    0x0f, 0xf2, 0x4d, 0x59, 0x52, 0x88, 0x9c, 0x22, 0x72, 0xdb, 0xe9, 0x92,
+    0xe9, 0x65, 0xee, 0x31, 0x2c, 0xb0, 0x16, 0x5f, 0x75, 0xb7, 0x9d, 0xac,
+    0xad, 0x1b, 0x82, 0x11, 0xbf, 0xc1, 0xc2, 0x77, 0xb1, 0x01, 0x65, 0xf3,
+    0xee, 0xe1, 0x2c, 0xac, 0x46, 0x5b, 0xa9, 0x91, 0x07, 0x0d, 0x6b, 0x15,
+    0xe1, 0x74, 0x43, 0xb8, 0xb8, 0x76, 0xd7, 0x84, 0x68, 0x12, 0x4a, 0x15,
+    0xfc, 0x2d, 0x14, 0x3b, 0x2f, 0xb9, 0x18, 0xb8, 0xb2, 0xe8, 0xe0, 0xb2,
+    0xf3, 0x79, 0x96, 0x56, 0x1e, 0xbf, 0x64, 0x9f, 0x18, 0xbf, 0xfa, 0x3e,
+    0xbc, 0xc1, 0xe8, 0xdc, 0xef, 0xeb, 0x2f, 0xb3, 0xb8, 0x4a, 0xcb, 0xc2,
+    0x7e, 0x2c, 0xac, 0x44, 0x47, 0x92, 0x83, 0x22, 0xbd, 0xf6, 0x8d, 0x65,
+    0xff, 0x31, 0xb2, 0x39, 0xdf, 0x9e, 0x59, 0x7e, 0x92, 0x01, 0xfe, 0xb2,
+    0xff, 0x31, 0x9d, 0xc3, 0x99, 0xd2, 0xcb, 0xfa, 0x01, 0x80, 0x13, 0xda,
+    0xca, 0x64, 0x46, 0xf8, 0x9d, 0xcd, 0xaf, 0xe1, 0x72, 0x62, 0x16, 0x96,
+    0x5e, 0x16, 0x76, 0xb2, 0xbc, 0x79, 0x9f, 0x2f, 0xbf, 0xbf, 0x93, 0xfc,
+    0x3a, 0xcb, 0xfb, 0x0f, 0xad, 0x48, 0xd6, 0x5f, 0xbb, 0xe7, 0xda, 0x35,
+    0x97, 0xf0, 0x8a, 0x3e, 0x37, 0x6b, 0x2f, 0xfe, 0x98, 0xcc, 0x7e, 0xf9,
+    0x83, 0x6e, 0x2c, 0xa9, 0x44, 0xfc, 0x0a, 0x88, 0xbe, 0xfd, 0x86, 0xfd,
+    0xa3, 0x59, 0x78, 0x19, 0xda, 0xca, 0xec, 0xf1, 0x80, 0x53, 0x7f, 0x85,
+    0x31, 0x96, 0x34, 0x6b, 0x2f, 0xff, 0xd3, 0xa0, 0x67, 0x08, 0x4f, 0x0f,
+    0x09, 0xe3, 0x59, 0x7e, 0xfe, 0x39, 0x74, 0xb2, 0xbc, 0x7f, 0x9b, 0xaa,
+    0xb7, 0xbb, 0x93, 0xac, 0xbf, 0xfc, 0x3f, 0x4f, 0x70, 0x2c, 0x3e, 0x77,
+    0xf5, 0x97, 0xe3, 0xe7, 0xb0, 0x96, 0x53, 0x1f, 0x8b, 0xa5, 0xdf, 0xf0,
+    0x9e, 0x03, 0xcc, 0x07, 0x16, 0x5f, 0xfd, 0x9b, 0xfc, 0xf0, 0xdb, 0xff,
+    0x39, 0xab, 0x2f, 0xc7, 0xcd, 0x39, 0x2c, 0xbf, 0xf7, 0x70, 0xf4, 0x9d,
+    0xfb, 0x86, 0x2c, 0xbf, 0x9b, 0xbe, 0xe1, 0x9f, 0x59, 0x52, 0x89, 0x5c,
+    0x26, 0x02, 0x05, 0x79, 0x34, 0x42, 0x38, 0xe4, 0x37, 0xaf, 0xdd, 0xf0,
+    0xed, 0xb8, 0xb2, 0xff, 0xef, 0x3b, 0x7c, 0x02, 0x22, 0x78, 0x2c, 0xbe,
+    0x92, 0x10, 0x5d, 0x65, 0xd9, 0xcd, 0xa7, 0xcf, 0xe4, 0x2a, 0x94, 0x61,
+    0x14, 0x24, 0xef, 0xe7, 0x8c, 0x0e, 0x43, 0x59, 0x51, 0xaf, 0x81, 0x0e,
+    0x18, 0xfd, 0x3d, 0x76, 0x44, 0xc5, 0x91, 0x43, 0x33, 0x4e, 0x87, 0x23,
+    0xf4, 0x2b, 0xc8, 0x97, 0x90, 0x8e, 0xfc, 0x6c, 0x9b, 0xe1, 0xef, 0xb2,
+    0x4d, 0x7d, 0x16, 0x67, 0x4b, 0x2f, 0xb2, 0x26, 0x3a, 0xca, 0xd1, 0xe2,
+    0x80, 0x8e, 0xff, 0xbd, 0xec, 0x6e, 0xe1, 0x9a, 0x59, 0x52, 0x7b, 0x6e,
+    0x45, 0x7f, 0xbe, 0x28, 0xe7, 0xf2, 0x35, 0x97, 0xbf, 0x84, 0xb2, 0xf7,
+    0x9f, 0x71, 0x65, 0xf8, 0x50, 0xc0, 0x71, 0x65, 0xfe, 0x0e, 0x7a, 0xd9,
+    0xcd, 0x4a, 0xcb, 0xfe, 0x1e, 0x0b, 0x51, 0xf4, 0xd1, 0xac, 0xbc, 0x5b,
+    0x07, 0xd6, 0x5f, 0xfe, 0xdf, 0x84, 0x32, 0x73, 0x39, 0xc9, 0x02, 0xcb,
+    0xff, 0xff, 0x8e, 0xdc, 0xdb, 0x14, 0x04, 0x5f, 0xdb, 0xe9, 0x83, 0x16,
+    0x1e, 0x56, 0x56, 0x23, 0x00, 0x49, 0x77, 0xcd, 0xa9, 0x3a, 0xca, 0xd1,
+    0xe1, 0xf8, 0x8a, 0xf1, 0x61, 0x8b, 0x2f, 0xff, 0xba, 0xf0, 0x8b, 0x3b,
+    0x83, 0x70, 0xb3, 0x7a, 0xcb, 0xf7, 0xa7, 0xcc, 0x6a, 0xcb, 0x9e, 0x2e,
+    0x1f, 0xd6, 0xea, 0x95, 0x4a, 0x3a, 0x62, 0x22, 0xf4, 0x25, 0xaf, 0xff,
+    0xf3, 0x6f, 0x21, 0x73, 0x68, 0x65, 0x23, 0xf3, 0xc3, 0x38, 0xb2, 0xa0,
+    0xad, 0xec, 0xd1, 0xbd, 0x0f, 0xf8, 0xa1, 0xcd, 0xc8, 0xf3, 0xf2, 0x83,
+    0x77, 0x9a, 0xdf, 0xb3, 0x45, 0x20, 0x59, 0x52, 0xcd, 0x47, 0x8c, 0xc3,
+    0x27, 0xc7, 0xda, 0x38, 0x8d, 0x10, 0x3c, 0xba, 0xf1, 0x3d, 0xdf, 0x7b,
+    0xcc, 0x6a, 0xcb, 0xa2, 0x12, 0xcb, 0x1d, 0x65, 0x61, 0xe6, 0x76, 0x46,
+    0x17, 0x18, 0xbf, 0xdf, 0x00, 0x8b, 0x8c, 0x35, 0x97, 0xe8, 0x03, 0x30,
+    0x6b, 0x2d, 0xbd, 0x8f, 0x69, 0xcc, 0xef, 0xde, 0x6d, 0x00, 0x4b, 0x2d,
+    0xac, 0x3d, 0x08, 0x8a, 0x2f, 0xe3, 0x38, 0xf3, 0xdc, 0x16, 0x54, 0x9e,
+    0xbe, 0x14, 0x5f, 0xf6, 0x76, 0xff, 0x9f, 0xb8, 0x16, 0x5f, 0xfe, 0x88,
+    0xa7, 0xfc, 0xff, 0x7d, 0x31, 0x46, 0xb2, 0xfc, 0xc7, 0x0e, 0x2e, 0x2c,
+    0xbf, 0x8b, 0x3e, 0x29, 0x25, 0x97, 0xee, 0xe0, 0x52, 0x35, 0x94, 0x73,
+    0xd3, 0x72, 0xbb, 0xfa, 0x0c, 0x47, 0x7f, 0xac, 0xbf, 0xe1, 0xe6, 0xde,
+    0x31, 0x77, 0x05, 0x96, 0x9e, 0xcf, 0x9c, 0xc2, 0xca, 0x94, 0xec, 0xd8,
+    0xe3, 0xc9, 0xae, 0xfa, 0x50, 0x88, 0xbd, 0x91, 0xca, 0xcb, 0xdf, 0xcf,
+    0x2c, 0xb3, 0xc0, 0xdc, 0x78, 0x72, 0xff, 0xe9, 0xe7, 0x30, 0xff, 0x29,
+    0x3f, 0x16, 0x5f, 0xf4, 0xe8, 0xdf, 0x14, 0xe6, 0x96, 0x5f, 0xc6, 0xed,
+    0xc3, 0xcf, 0x4b, 0x2f, 0xfe, 0x9e, 0xe1, 0xf1, 0x4c, 0x6d, 0xdf, 0xd6,
+    0x5f, 0xe6, 0xf3, 0xf5, 0x24, 0x35, 0x94, 0xc8, 0xaa, 0x23, 0x1e, 0x23,
+    0xdf, 0xd3, 0xd0, 0x0e, 0x20, 0x2c, 0xbe, 0xde, 0xc4, 0x35, 0x97, 0xfe,
+    0x29, 0x1f, 0xa4, 0xe5, 0x9d, 0x2c, 0xbc, 0xc5, 0xf5, 0x95, 0x87, 0xf7,
+    0x11, 0x1f, 0x8f, 0x6f, 0xf0, 0xf8, 0xde, 0xf6, 0x0d, 0x65, 0xff, 0xcd,
+    0x3c, 0x27, 0x86, 0xde, 0x66, 0x96, 0x5f, 0xe1, 0x96, 0x43, 0xd2, 0x35,
+    0x97, 0x89, 0xf4, 0xb2, 0xf9, 0xdd, 0xf7, 0x56, 0x5f, 0xff, 0xff, 0xef,
+    0x63, 0x6a, 0x1b, 0x4b, 0x22, 0x84, 0x97, 0xf6, 0x83, 0x9b, 0x78, 0x77,
+    0x81, 0xbf, 0x59, 0x7f, 0xff, 0x60, 0xf6, 0xb0, 0x27, 0x6f, 0xfd, 0x9f,
+    0xf3, 0xc1, 0x65, 0xff, 0xdc, 0x8f, 0x0c, 0xc2, 0x16, 0xec, 0x84, 0xc4,
+    0xcc, 0x8e, 0x37, 0xf2, 0x3d, 0xf0, 0x96, 0xa9, 0x4f, 0x9d, 0xa3, 0x64,
+    0xbf, 0xdd, 0xc3, 0x91, 0x42, 0x63, 0x59, 0x43, 0x5d, 0x0f, 0xe8, 0x9a,
+    0x24, 0x3d, 0x43, 0x88, 0xe5, 0xde, 0x85, 0x53, 0x97, 0x91, 0x9f, 0xe5,
+    0x15, 0x88, 0xa2, 0xff, 0xfe, 0xfe, 0x77, 0xfd, 0x6a, 0x7e, 0x00, 0xca,
+    0x1e, 0xc5, 0x97, 0x36, 0xf5, 0x97, 0xd2, 0x50, 0xe2, 0xcb, 0x37, 0x68,
+    0x96, 0x89, 0x74, 0x03, 0x17, 0xfb, 0x51, 0x94, 0xf4, 0xd0, 0x59, 0x5e,
+    0x3e, 0xb7, 0x37, 0xbf, 0x7a, 0x77, 0x8e, 0x56, 0x5e, 0x1b, 0x92, 0xcb,
+    0x6f, 0x59, 0x7e, 0xef, 0xe5, 0x3e, 0x59, 0x6d, 0x49, 0xbb, 0x71, 0x3b,
+    0xee, 0xe2, 0x9d, 0x2c, 0xb6, 0x96, 0x56, 0x1b, 0x51, 0x12, 0x54, 0x11,
+    0xf2, 0x32, 0x9d, 0x2b, 0x71, 0x6a, 0xf9, 0xb7, 0xe0, 0xd6, 0x5f, 0x17,
+    0xf0, 0x96, 0x5c, 0x5f, 0xd1, 0xe1, 0xb9, 0x1d, 0xff, 0x77, 0x0e, 0x0b,
+    0xf3, 0xfe, 0x2c, 0xbf, 0x6a, 0x0f, 0xd9, 0x8b, 0x2f, 0xf7, 0x0c, 0x71,
+    0xcf, 0x7c, 0x59, 0x52, 0x8c, 0x6c, 0x2c, 0x63, 0xb7, 0x2a, 0xbf, 0x70,
+    0x5f, 0x92, 0x59, 0x7f, 0x85, 0xdc, 0x3f, 0xc1, 0x6e, 0x2c, 0xbd, 0xc9,
+    0xed, 0x65, 0xe9, 0xf7, 0x16, 0x5c, 0xe6, 0x76, 0x6e, 0x40, 0x3b, 0x50,
+    0x4c, 0x03, 0x0e, 0x7c, 0x4e, 0x4e, 0x57, 0xfb, 0x3b, 0xdb, 0x9e, 0x6f,
+    0x2c, 0xbb, 0xc3, 0x59, 0x73, 0x74, 0xb2, 0xe7, 0xf8, 0xcd, 0x76, 0xc8,
+    0xbd, 0x69, 0x12, 0x4e, 0xc7, 0x69, 0x59, 0x7f, 0x6a, 0x5a, 0x0f, 0xc5,
+    0x94, 0x33, 0x79, 0xd8, 0x85, 0xff, 0x7f, 0x82, 0x80, 0x63, 0x6f, 0xac,
+    0xa9, 0x3d, 0xd7, 0x22, 0xbf, 0x7a, 0x72, 0x0e, 0xb2, 0xf6, 0x37, 0x16,
+    0x5f, 0xbf, 0xfc, 0x14, 0x6b, 0x2f, 0xff, 0xa3, 0x7f, 0x60, 0xf6, 0xe1,
+    0x16, 0x30, 0x16, 0x54, 0x68, 0x93, 0xe8, 0x6f, 0x45, 0x37, 0xfe, 0xf8,
+    0xb4, 0xfc, 0xdb, 0xf8, 0xcc, 0x59, 0x7f, 0xba, 0x67, 0xdb, 0xc7, 0xf2,
+    0xca, 0x63, 0xf9, 0xf2, 0x25, 0x0d, 0x38, 0x5c, 0x85, 0xcb, 0xc2, 0xae,
+    0xf8, 0xa6, 0x0c, 0xb2, 0xf3, 0x94, 0x4b, 0x2f, 0x77, 0x06, 0x59, 0x67,
+    0x39, 0xb9, 0x21, 0xcb, 0xc2, 0x92, 0x59, 0x7f, 0xff, 0x9b, 0xf2, 0x4f,
+    0x0c, 0x1f, 0x1f, 0x4d, 0xe6, 0xde, 0xb2, 0xfa, 0x4a, 0x1c, 0x59, 0x5a,
+    0x4c, 0x67, 0xcb, 0x24, 0x4b, 0xbc, 0x6c, 0x35, 0xfb, 0xff, 0xf7, 0x0b,
+    0x6f, 0x9d, 0xbe, 0x01, 0x11, 0x3c, 0x16, 0x5f, 0xff, 0xfd, 0x3a, 0xc8,
+    0xa4, 0xf9, 0xd3, 0x0f, 0xd3, 0xfe, 0x1b, 0xac, 0xdd, 0x59, 0x7f, 0x31,
+    0xbb, 0x22, 0xd1, 0xab, 0x2f, 0xf1, 0x48, 0xbb, 0xe3, 0xee, 0x2c, 0xaf,
+    0x1f, 0x4b, 0x99, 0xdf, 0xf1, 0xe4, 0xba, 0x72, 0x00, 0x55, 0x65, 0xc5,
+    0xd2, 0xcb, 0xf6, 0xb3, 0x65, 0x80, 0xb2, 0xcd, 0x87, 0x82, 0x71, 0x7b,
+    0xfe, 0x90, 0x6b, 0x52, 0x60, 0xfb, 0x59, 0x7f, 0x8c, 0x3f, 0xa5, 0x8a,
+    0x35, 0x97, 0xff, 0x9e, 0x0d, 0xac, 0xee, 0x28, 0x4e, 0xa3, 0x59, 0x52,
+    0x88, 0x00, 0x1a, 0x5f, 0xff, 0x16, 0x73, 0x0f, 0x3d, 0x67, 0xdb, 0x58,
+    0xb2, 0xba, 0x4f, 0xb8, 0xe4, 0x3e, 0x7d, 0x01, 0x37, 0xe1, 0x77, 0xbc,
+    0x8a, 0xff, 0xb9, 0xf1, 0x77, 0x83, 0x72, 0x59, 0x7f, 0xff, 0xf4, 0x27,
+    0x68, 0xf0, 0x9f, 0x9e, 0x70, 0x73, 0x6e, 0x7e, 0x7f, 0xc5, 0x95, 0x12,
+    0x2b, 0x7e, 0x73, 0x70, 0xbb, 0x59, 0x7f, 0x49, 0xe7, 0x3b, 0xfa, 0xcb,
+    0x61, 0xcf, 0x17, 0xe3, 0x15, 0x2b, 0x8d, 0x59, 0x2b, 0x35, 0xe3, 0x0d,
+    0x13, 0x4d, 0xf7, 0xf9, 0xb5, 0x96, 0x5f, 0xd1, 0xe6, 0x9b, 0xa9, 0x59,
+    0x7c, 0x43, 0x93, 0xac, 0xbf, 0xfe, 0x11, 0x7f, 0x9e, 0x68, 0x8a, 0x4e,
+    0xf0, 0x59, 0x7f, 0x6a, 0x5a, 0x0f, 0xc5, 0x97, 0x09, 0xd6, 0x5b, 0x36,
+    0x9e, 0x11, 0x16, 0x51, 0xd1, 0x73, 0xbe, 0x12, 0x37, 0xf3, 0x83, 0x06,
+    0xf0, 0x59, 0x52, 0x99, 0x86, 0x43, 0x69, 0x8a, 0xaf, 0x81, 0xcd, 0x86,
+    0x15, 0x59, 0x7e, 0x9e, 0x9f, 0x51, 0xac, 0xa9, 0x54, 0x16, 0xc4, 0x9e,
+    0x8d, 0x79, 0xcc, 0xc8, 0xb6, 0xfd, 0xe0, 0x36, 0x8d, 0x59, 0x7b, 0xa0,
+    0xe0, 0xb2, 0xfa, 0x74, 0x17, 0xe2, 0xca, 0xf1, 0xe2, 0x80, 0x7e, 0xff,
+    0x0f, 0xd8, 0x01, 0x7f, 0x8b, 0x2f, 0xff, 0xff, 0xec, 0xdc, 0xc1, 0xf2,
+    0x47, 0x3f, 0xf6, 0x0b, 0xaf, 0x4f, 0x3d, 0x9c, 0x79, 0x3a, 0xcb, 0xf7,
+    0xb2, 0x10, 0x75, 0x97, 0xff, 0xd9, 0xee, 0xbc, 0xd1, 0x13, 0x99, 0xfc,
+    0xf2, 0xca, 0xc4, 0xf1, 0x99, 0xb9, 0xc8, 0xb8, 0x69, 0xf8, 0x45, 0x6c,
+    0x93, 0xdf, 0x7b, 0x93, 0xd2, 0xcb, 0xef, 0xb6, 0x44, 0xb2, 0xc6, 0xac,
+    0xac, 0x3d, 0x7e, 0xc8, 0xd8, 0x8a, 0xf7, 0x03, 0x02, 0xcb, 0xd2, 0x46,
+    0xac, 0xa9, 0x37, 0x5c, 0x1e, 0xa9, 0x6f, 0x32, 0xe3, 0x8c, 0xd0, 0x71,
+    0xe9, 0xe4, 0xec, 0x9f, 0x51, 0xd0, 0x34, 0x63, 0x51, 0x4a, 0x46, 0xd4,
+    0x33, 0x8f, 0x0b, 0xbf, 0x47, 0x4a, 0xf1, 0xa9, 0x01, 0x34, 0xa7, 0x2f,
+    0xff, 0x29, 0x54, 0x52, 0x85, 0x0c, 0x85, 0xa0, 0x6d, 0x17, 0xff, 0x7f,
+    0x9e, 0xc8, 0x88, 0x5d, 0xc3, 0x8b, 0x2f, 0xfe, 0xc2, 0x06, 0x66, 0xb9,
+    0xf9, 0xc5, 0x97, 0xfd, 0xdf, 0xf3, 0x4d, 0x1b, 0x9d, 0x65, 0xec, 0xdf,
+    0x8b, 0x28, 0x08, 0x98, 0x24, 0x1e, 0x1d, 0x54, 0xa6, 0x1d, 0x90, 0xdf,
+    0xbc, 0x17, 0x83, 0x2c, 0xbe, 0x92, 0x78, 0x2c, 0xbf, 0x66, 0xe3, 0x90,
+    0x36, 0x9e, 0x06, 0x88, 0x2f, 0x1d, 0xe2, 0x59, 0x7f, 0x31, 0xe7, 0xc1,
+    0x8d, 0x65, 0xff, 0x07, 0xf6, 0x21, 0x43, 0x38, 0xb2, 0xa0, 0x7c, 0xec,
+    0x5d, 0x7e, 0xf3, 0x4e, 0xb8, 0xb2, 0xba, 0x46, 0x67, 0xa1, 0x09, 0xbc,
+    0x86, 0xff, 0xfd, 0x0e, 0x16, 0x7f, 0x8d, 0x87, 0xfe, 0xb0, 0xc5, 0x97,
+    0xfe, 0xf3, 0x1c, 0x79, 0x14, 0xe6, 0x96, 0x5e, 0x84, 0xf6, 0xb2, 0xfc,
+    0x22, 0x14, 0xf6, 0xb2, 0xf1, 0xf3, 0xeb, 0x2f, 0xa4, 0x0e, 0x75, 0x96,
+    0x86, 0x23, 0x02, 0x23, 0xe3, 0x8e, 0x80, 0xa0, 0x87, 0x2b, 0xb4, 0xd9,
+    0x0a, 0x31, 0x5b, 0xee, 0x37, 0xe5, 0x65, 0x49, 0xe5, 0xb9, 0x55, 0xf8,
+    0xb0, 0x02, 0xe2, 0xcb, 0xfd, 0xb4, 0x9e, 0x32, 0x9e, 0xd6, 0x5f, 0xfb,
+    0xcd, 0xff, 0x63, 0x7e, 0x40, 0xb2, 0xee, 0x9b, 0x11, 0x33, 0xa2, 0x7e,
+    0x1a, 0xde, 0xeb, 0x9f, 0x59, 0x7f, 0x3f, 0xc0, 0x19, 0x41, 0x65, 0x46,
+    0x79, 0x9e, 0x1e, 0xbf, 0xc2, 0x9d, 0xf9, 0xf6, 0xd2, 0xcb, 0xee, 0xbc,
+    0xd1, 0x2c, 0xbf, 0xff, 0xed, 0x00, 0x02, 0xe7, 0x9b, 0xf0, 0xcf, 0x38,
+    0x18, 0x72, 0xb2, 0xff, 0x9f, 0x59, 0xbf, 0x37, 0xc8, 0xd6, 0x56, 0x22,
+    0x84, 0x0c, 0xd7, 0xff, 0xd8, 0x69, 0xac, 0x3f, 0x34, 0x5e, 0x6e, 0xfe,
+    0xb2, 0x8e, 0x7e, 0xa4, 0x45, 0x52, 0x9a, 0xde, 0x46, 0x75, 0x70, 0xb4,
+    0xb2, 0xf7, 0x4f, 0xa5, 0x97, 0xfe, 0x8f, 0x08, 0xf9, 0xfe, 0x07, 0xc5,
+    0x97, 0xee, 0x75, 0x3a, 0x35, 0x65, 0xfc, 0xc0, 0xee, 0x19, 0xf5, 0x95,
+    0x1a, 0x33, 0x3c, 0x2e, 0xe3, 0xa0, 0x40, 0xde, 0x55, 0x7d, 0x0f, 0xe0,
+    0x16, 0x5e, 0xe3, 0x44, 0xb2, 0xbb, 0x37, 0xfc, 0x22, 0xbe, 0xff, 0x85,
+    0xd2, 0xcb, 0xf6, 0x30, 0xfc, 0xcb, 0x2a, 0x33, 0xca, 0x81, 0x25, 0xe7,
+    0xd1, 0xab, 0x2f, 0xfe, 0x78, 0x6d, 0xe1, 0x67, 0xf9, 0x9b, 0x8b, 0x2a,
+    0x51, 0xe9, 0x8d, 0x8e, 0x46, 0x21, 0xdb, 0xff, 0x77, 0xfe, 0x31, 0x48,
+    0x1c, 0xeb, 0x29, 0x65, 0x61, 0xe4, 0xef, 0x3e, 0xbd, 0x03, 0xf9, 0x65,
+    0x46, 0x78, 0x1f, 0x23, 0xbf, 0xff, 0xf6, 0xce, 0x7f, 0xce, 0x30, 0x85,
+    0x9b, 0xcb, 0x39, 0xc6, 0xef, 0xeb, 0x2d, 0xda, 0xcb, 0xec, 0x3c, 0xee,
+    0x2c, 0xb7, 0x61, 0x73, 0x6d, 0xc1, 0x2b, 0xc6, 0xb1, 0x8b, 0x2f, 0xc6,
+    0x36, 0x11, 0xab, 0x29, 0x8f, 0x18, 0x43, 0xd7, 0xf8, 0x61, 0xe4, 0x5e,
+    0x73, 0xac, 0xac, 0x4e, 0x4d, 0x88, 0xde, 0x15, 0x04, 0xe4, 0x22, 0x1b,
+    0xef, 0x3e, 0xef, 0x16, 0x5f, 0xfb, 0x3b, 0xf9, 0x98, 0x43, 0xf4, 0xac,
+    0xb3, 0xf4, 0x7c, 0x9a, 0x25, 0xb6, 0x2c, 0xbe, 0xd4, 0x6d, 0x1a, 0xcb,
+    0xde, 0x6d, 0x2c, 0xb3, 0xb1, 0xe0, 0x44, 0x49, 0x5b, 0x4f, 0xdf, 0xca,
+    0x17, 0xdc, 0x29, 0x3a, 0xcb, 0xfe, 0x8e, 0x79, 0x8d, 0xbd, 0xce, 0xb2,
+    0xf6, 0xfc, 0x25, 0x95, 0x28, 0x9c, 0xec, 0x91, 0xc8, 0x7e, 0x75, 0x7b,
+    0xd0, 0x3a, 0xcb, 0xbc, 0xcb, 0x2b, 0x0d, 0x9f, 0xc7, 0x6a, 0x59, 0xb2,
+    0x30, 0x67, 0xc8, 0xc3, 0x8d, 0x8f, 0x9f, 0xb8, 0x5c, 0xb4, 0x21, 0xf4,
+    0x47, 0xe8, 0xe3, 0xde, 0x1e, 0x85, 0x1b, 0xff, 0x25, 0x2b, 0x7e, 0x16,
+    0x02, 0x8c, 0xef, 0x65, 0xbe, 0xfb, 0x3d, 0x9d, 0x2c, 0xbe, 0xef, 0x82,
+    0x3a, 0xcb, 0x80, 0xcb, 0x2e, 0x98, 0x98, 0xdd, 0x39, 0x25, 0xcc, 0x62,
+    0xcb, 0x74, 0xb2, 0xb0, 0xd4, 0x9c, 0x5e, 0xfc, 0x69, 0xad, 0xa8, 0x2c,
+    0xbc, 0xfd, 0xc1, 0x65, 0x4a, 0x62, 0xf1, 0xae, 0x0d, 0x53, 0x44, 0x1f,
+    0x2a, 0xbf, 0xbe, 0xc4, 0xc0, 0xe2, 0xcb, 0xe1, 0x96, 0x79, 0x65, 0x87,
+    0xb4, 0xf3, 0x43, 0x2c, 0xbf, 0x67, 0x05, 0xa8, 0xd6, 0x5f, 0xff, 0xff,
+    0xf7, 0x60, 0xd7, 0x5c, 0xdc, 0xde, 0xdb, 0x01, 0xa1, 0xec, 0x5c, 0x86,
+    0xc2, 0xd0, 0x59, 0xb4, 0x1b, 0x9b, 0x76, 0xfb, 0x65, 0x65, 0x62, 0x63,
+    0x04, 0x56, 0x19, 0x4d, 0xe3, 0xbf, 0xd6, 0x5d, 0x0f, 0xac, 0xbf, 0xba,
+    0x1b, 0x6f, 0x91, 0xac, 0xb7, 0x96, 0x58, 0x0b, 0x2e, 0xe4, 0x16, 0x54,
+    0xa2, 0x70, 0x63, 0x8e, 0x2e, 0x03, 0x0e, 0x08, 0x88, 0x46, 0xfe, 0x8e,
+    0x28, 0x6c, 0x7a, 0x8d, 0x65, 0xd0, 0x02, 0xcb, 0xcf, 0x9a, 0x59, 0x78,
+    0xb3, 0xeb, 0x2f, 0x7b, 0x0e, 0xb2, 0xbb, 0x3e, 0x9f, 0x0b, 0x90, 0xdf,
+    0xc6, 0xee, 0xf9, 0x2c, 0xbd, 0x3d, 0xf1, 0x65, 0xf3, 0x14, 0x31, 0x65,
+    0xe8, 0xdc, 0x96, 0x50, 0xcf, 0x64, 0xe3, 0xbf, 0x20, 0xbb, 0x5e, 0x59,
+    0x7d, 0x23, 0x78, 0x2c, 0xbf, 0x67, 0xfc, 0xdf, 0x59, 0x7e, 0x7e, 0xf3,
+    0xbf, 0xac, 0xaf, 0x1e, 0x87, 0xc9, 0xef, 0x3e, 0xa0, 0xb2, 0xf7, 0xb0,
+    0xeb, 0x2a, 0x06, 0xe3, 0xe3, 0x97, 0xfc, 0x6c, 0x59, 0x9d, 0x7e, 0x4d,
+    0x59, 0x78, 0x45, 0x1a, 0xcb, 0xc1, 0xf9, 0xd6, 0x56, 0xd4, 0xde, 0x63,
+    0x17, 0x35, 0xc7, 0xb5, 0xad, 0x10, 0xf8, 0xf3, 0x83, 0xb7, 0xc7, 0xd9,
+    0xdc, 0x1a, 0xcb, 0x46, 0xb2, 0xda, 0x59, 0x51, 0x9a, 0x36, 0x12, 0xbe,
+    0x8d, 0xdf, 0xcb, 0x2f, 0xc2, 0x8d, 0xdf, 0xcb, 0x2f, 0xd8, 0x30, 0x3f,
+    0xd6, 0x56, 0xd3, 0xf1, 0xf1, 0x16, 0xf2, 0x8b, 0xf0, 0x70, 0x14, 0xf1,
+    0x65, 0x46, 0x7b, 0x86, 0x99, 0xdb, 0xeb, 0x2f, 0xe3, 0x30, 0xa7, 0xbe,
+    0x2c, 0xae, 0xcd, 0xfb, 0x88, 0xdf, 0xff, 0xcd, 0xac, 0x3b, 0xf6, 0x10,
+    0x62, 0x7d, 0x41, 0xc0, 0xb2, 0xfd, 0x17, 0x9b, 0xbf, 0xac, 0xaf, 0x22,
+    0x1f, 0xeb, 0xb7, 0xec, 0x21, 0xfa, 0x56, 0x50, 0x51, 0x77, 0xae, 0x61,
+    0x41, 0x03, 0xcc, 0x6f, 0x68, 0xea, 0x0e, 0xd5, 0xe4, 0xc7, 0x87, 0x71,
+    0x31, 0x8a, 0x15, 0x06, 0x11, 0xdf, 0xf6, 0x0c, 0x6d, 0xde, 0x77, 0xf5,
+    0x97, 0xdd, 0x14, 0xc1, 0x65, 0x78, 0xf7, 0x1c, 0xea, 0xff, 0x4e, 0x7e,
+    0x7c, 0xe3, 0x59, 0x7f, 0xd9, 0xf9, 0xe8, 0x39, 0x06, 0x2c, 0xbd, 0x3d,
+    0xc1, 0x65, 0x46, 0x8a, 0x81, 0x90, 0x98, 0x63, 0xba, 0x73, 0x7d, 0x98,
+    0x5f, 0x59, 0x7f, 0xfb, 0x7b, 0x10, 0x3c, 0xcf, 0x0f, 0xb4, 0x6b, 0x2f,
+    0x84, 0xfa, 0x82, 0xca, 0x93, 0xed, 0x1a, 0x5d, 0xff, 0xa4, 0x7a, 0x9f,
+    0xb7, 0x4c, 0x35, 0x97, 0xdf, 0xe3, 0xf4, 0xb2, 0x86, 0x7c, 0x22, 0x3e,
+    0xbe, 0x13, 0xea, 0x0b, 0x2f, 0x4e, 0xec, 0x16, 0x50, 0xcf, 0x06, 0x22,
+    0x2b, 0xfb, 0xfd, 0x0c, 0x67, 0xd2, 0xcb, 0xf7, 0xd8, 0xa4, 0x0b, 0x2f,
+    0xfa, 0x2e, 0x6f, 0x72, 0x8c, 0x43, 0x59, 0x7f, 0x39, 0x80, 0x01, 0xf6,
+    0x56, 0x5f, 0x67, 0xf0, 0xeb, 0x2e, 0x23, 0x56, 0x53, 0x9b, 0x81, 0x10,
+    0xd4, 0x11, 0x15, 0xc6, 0xab, 0xf4, 0x08, 0x4f, 0xc5, 0x97, 0xfe, 0x92,
+    0x17, 0xe0, 0x22, 0xff, 0x16, 0x56, 0x1f, 0x2e, 0x89, 0xef, 0xff, 0xc3,
+    0x98, 0x4e, 0x43, 0xd2, 0x32, 0x9f, 0xf1, 0x65, 0xff, 0x4f, 0xe1, 0x9b,
+    0x8e, 0x40, 0x59, 0x58, 0x88, 0xd2, 0x53, 0xbc, 0x06, 0x02, 0xcb, 0xe8,
+    0xe2, 0xf3, 0x2c, 0xb7, 0xb0, 0xf0, 0x04, 0x39, 0x73, 0x9d, 0x65, 0xff,
+    0x6e, 0x79, 0xb6, 0x9b, 0xac, 0xe2, 0xca, 0xe8, 0xf5, 0x44, 0x2d, 0x7f,
+    0xe2, 0x73, 0x7c, 0xf0, 0xe3, 0x0d, 0x65, 0xfb, 0xcc, 0x4f, 0x1a, 0xcb,
+    0x74, 0xb2, 0xf8, 0x50, 0xce, 0x74, 0x6e, 0x48, 0x9e, 0x8e, 0x8a, 0xf2,
+    0x77, 0xbf, 0xff, 0xa3, 0x6d, 0x13, 0x9b, 0xcf, 0x4b, 0xf7, 0x23, 0x65,
+    0x97, 0x67, 0xd6, 0x56, 0x1f, 0x89, 0x2d, 0xdc, 0x19, 0xd6, 0x53, 0x23,
+    0x2c, 0xa1, 0x27, 0xf2, 0x0b, 0xbb, 0x1a, 0xcb, 0xb7, 0xba, 0xcb, 0xfd,
+    0x3a, 0x9e, 0xb3, 0x7e, 0x2c, 0xbd, 0x3b, 0xb2, 0xb2, 0xa5, 0x7d, 0x66,
+    0x34, 0x28, 0x42, 0x34, 0x70, 0x82, 0xc6, 0x33, 0x48, 0xfb, 0x30, 0x62,
+    0x68, 0xa1, 0x8f, 0xa8, 0x44, 0x1e, 0x15, 0xde, 0x61, 0x27, 0xcf, 0xc7,
+    0x3a, 0x23, 0x3d, 0xe3, 0x1b, 0x23, 0x1b, 0xa6, 0x97, 0xe8, 0xa7, 0xe5,
+    0xbd, 0x65, 0xf4, 0x58, 0xc0, 0x59, 0x5b, 0x4f, 0x32, 0x4a, 0xaf, 0xfe,
+    0x9d, 0xfa, 0x9d, 0x63, 0x7a, 0x46, 0xb2, 0xe9, 0xc5, 0x94, 0x47, 0xb3,
+    0xc4, 0x4b, 0x9c, 0xeb, 0x2e, 0x8b, 0x65, 0x65, 0x11, 0xb1, 0xde, 0x2d,
+    0x7f, 0xfe, 0x63, 0xf7, 0x0e, 0x6d, 0xf6, 0x7f, 0x84, 0xff, 0x59, 0x70,
+    0xbe, 0xb2, 0xfc, 0x22, 0xfe, 0x01, 0x65, 0x41, 0x38, 0x6c, 0x7c, 0x65,
+    0x2f, 0x91, 0x6c, 0xac, 0x6e, 0x8b, 0xd8, 0x20, 0x52, 0x1a, 0xb3, 0xfb,
+    0x14, 0x2a, 0xc2, 0xb0, 0x85, 0xd8, 0x21, 0x7d, 0xb1, 0xc7, 0x3d, 0xb0,
+    0xa1, 0x2c, 0x16, 0x11, 0x85, 0xb7, 0xcd, 0x86, 0xd1, 0x34, 0xaa, 0x08,
+    0xe5, 0x93, 0x42, 0x73, 0x98, 0x74, 0x8f, 0x6c, 0xad, 0xaf, 0xcd, 0x96,
+    0x1b, 0xd4, 0xff, 0x57, 0x73, 0xac, 0xcd, 0x39, 0x73, 0x15, 0x23, 0x0b,
+    0x53, 0xef, 0xc7, 0x9d, 0x91, 0xf5, 0x66, 0x60, 0xf3, 0xe7, 0x20, 0x9d,
+    0x46, 0x0b, 0xc3, 0x9c, 0xa9, 0xbf, 0xdc, 0xaf, 0x64, 0x7f, 0x4f, 0xe2,
+    0x14, 0xa1, 0x3d, 0xf1, 0xd8, 0x19, 0x0c, 0xcd, 0x99, 0xe4, 0x00, 0xe9,
+    0x21, 0xbb, 0xb2, 0xbb, 0xef, 0xc1, 0x1b, 0x4f, 0xa5, 0x94, 0x12, 0x1b,
+    0x47, 0x0c, 0xa9, 0xec, 0x6b, 0x65, 0x02, 0x57, 0x8d, 0xff, 0xe0, 0x87,
+    0x78, 0x04, 0xcd, 0x74, 0xef, 0xd2, 0xa2, 0x6c, 0x5f, 0xb5, 0xd3, 0xbf,
+    0x4a, 0x8a, 0xb5, 0x70, 0x37, 0xac, 0xbb, 0x9b, 0x2b, 0x2c, 0x13, 0x0f,
+    0xa7, 0xc6, 0xdc, 0x19, 0xbb, 0x7e, 0x96, 0x5c, 0xf2, 0xb2, 0xff, 0x42,
+    0x02, 0xf9, 0x4c, 0x16, 0x5f, 0x67, 0x9f, 0xeb, 0x2c, 0x15, 0xc3, 0xd4,
+    0x23, 0x3b, 0xff, 0xff, 0x42, 0x77, 0xcb, 0x6b, 0xa6, 0x3b, 0xc1, 0x8b,
+    0x07, 0x86, 0xac, 0xbf, 0xbe, 0xdb, 0x79, 0x8c, 0xb2, 0xff, 0xd0, 0xc8,
+    0x63, 0xc0, 0xa4, 0xeb, 0x2d, 0xa9, 0x3e, 0xa6, 0x2e, 0xbf, 0xda, 0xce,
+    0xa4, 0x01, 0x9d, 0x65, 0xfe, 0xe3, 0xfc, 0x27, 0x0a, 0x56, 0x5f, 0xd3,
+    0x1e, 0xa7, 0x06, 0xb2, 0xa0, 0x7c, 0x3e, 0x34, 0xbf, 0xff, 0x4c, 0x73,
+    0xa9, 0x3c, 0xcf, 0xfc, 0xc0, 0x3a, 0xca, 0x93, 0xf6, 0xf1, 0x15, 0xe9,
+    0x1c, 0x4b, 0x2a, 0x0a, 0x91, 0x9a, 0x1a, 0xda, 0x26, 0xf4, 0x61, 0x9f,
+    0x21, 0xbe, 0xd1, 0xfc, 0x35, 0x97, 0xff, 0x6a, 0x05, 0x9f, 0xe4, 0x9f,
+    0xfd, 0x2c, 0xa9, 0x3e, 0x81, 0x11, 0xdd, 0x84, 0xb2, 0xff, 0xb6, 0x58,
+    0xdd, 0x91, 0x79, 0xb4, 0xb2, 0x86, 0x7a, 0xb8, 0x2b, 0x7f, 0xe7, 0x6d,
+    0xd9, 0xf7, 0xcb, 0x20, 0xb2, 0xfd, 0x06, 0xe9, 0xf4, 0xb2, 0xbc, 0x7c,
+    0xfc, 0x3f, 0xbc, 0xef, 0xd2, 0xa2, 0xb4, 0x5f, 0x8d, 0xef, 0x82, 0xed,
+    0x65, 0x49, 0xfb, 0xf4, 0x44, 0xc5, 0x37, 0xf0, 0x98, 0xdd, 0x48, 0xd6,
+    0x5f, 0xe9, 0xd0, 0x03, 0xe4, 0xe2, 0xcb, 0xff, 0xcd, 0xf8, 0x4f, 0x5e,
+    0x6f, 0xf1, 0xfb, 0x59, 0x5a, 0x46, 0xd1, 0xcb, 0xbc, 0x5d, 0xbc, 0xce,
+    0xfe, 0x06, 0xdc, 0xd3, 0x1a, 0xb2, 0xff, 0xb0, 0x6d, 0xc8, 0x8a, 0x46,
+    0xb2, 0x86, 0x7d, 0x0e, 0x61, 0x7f, 0xd3, 0xd6, 0x1f, 0x0b, 0xfb, 0x2b,
+    0x2f, 0xf7, 0xa7, 0x40, 0xfe, 0x46, 0xb2, 0xff, 0x16, 0x43, 0x6b, 0x7a,
+    0x0b, 0x2e, 0xf3, 0x1d, 0x14, 0x7e, 0x3b, 0xf9, 0xa5, 0xff, 0xcf, 0x0d,
+    0xba, 0x9f, 0xb7, 0x4c, 0x35, 0x96, 0x82, 0xcb, 0x42, 0x4f, 0x5f, 0xb4,
+    0x6b, 0xc2, 0xe7, 0xd6, 0x5f, 0xff, 0xa0, 0xe4, 0xdf, 0x9f, 0x75, 0x83,
+    0x29, 0xe2, 0xcb, 0xff, 0xf3, 0x6e, 0xc9, 0x0a, 0x0d, 0xce, 0x4e, 0xd3,
+    0xf4, 0xb2, 0x99, 0x15, 0xae, 0xa7, 0x73, 0x76, 0xb2, 0xff, 0xfb, 0xa9,
+    0xd6, 0x01, 0xce, 0xf0, 0x96, 0xe9, 0x65, 0xff, 0xf4, 0x39, 0x85, 0x27,
+    0x7c, 0xff, 0xe4, 0xeb, 0x2a, 0x51, 0x38, 0xe9, 0xf5, 0xa4, 0x6a, 0x7e,
+    0x16, 0x74, 0x74, 0xf9, 0xfd, 0x0c, 0xaf, 0xc3, 0xd6, 0xff, 0xff, 0xed,
+    0xed, 0xfe, 0x61, 0xbd, 0x79, 0xbf, 0x91, 0x14, 0x9e, 0x3c, 0x31, 0x65,
+    0xff, 0xf7, 0xdf, 0x38, 0x3c, 0x87, 0xa7, 0x78, 0xe5, 0x65, 0xff, 0xff,
+    0xfc, 0xdf, 0x1e, 0x0b, 0x9b, 0x7d, 0x9d, 0x78, 0x51, 0xb6, 0x17, 0x70,
+    0xe7, 0x05, 0x2b, 0x29, 0xd1, 0xba, 0x4a, 0x15, 0x29, 0xba, 0xbc, 0x6a,
+    0x97, 0xf7, 0xdf, 0xdb, 0x47, 0x2b, 0x2f, 0x40, 0x51, 0x2c, 0xa9, 0x3c,
+    0xd7, 0x2f, 0xbe, 0x87, 0xda, 0x35, 0x97, 0xee, 0x71, 0xca, 0x35, 0x97,
+    0xe0, 0xfe, 0x52, 0x05, 0x96, 0xf2, 0xca, 0xed, 0x10, 0x87, 0x23, 0xde,
+    0x50, 0x19, 0x45, 0xff, 0xf0, 0x1f, 0x3c, 0xed, 0xbb, 0x27, 0x27, 0x35,
+    0x65, 0xff, 0x9b, 0x98, 0x3e, 0xf9, 0x3a, 0xe2, 0xcb, 0xfc, 0xf0, 0xfb,
+    0x47, 0xe6, 0x59, 0x52, 0x98, 0x1e, 0x20, 0xf4, 0xa0, 0xc7, 0xf7, 0xec,
+    0xf3, 0x61, 0xd6, 0x5f, 0x98, 0x07, 0x6d, 0x2c, 0xbf, 0xf0, 0xdb, 0x7b,
+    0x0f, 0x0c, 0xcf, 0x2c, 0xbf, 0xff, 0xe7, 0xfc, 0x93, 0xc7, 0x3a, 0x96,
+    0x84, 0x9c, 0xa4, 0xd5, 0x97, 0xf9, 0xb8, 0xc2, 0x0b, 0x8e, 0x56, 0x51,
+    0x22, 0x67, 0xec, 0x77, 0xf7, 0xa7, 0xa2, 0x73, 0xac, 0xbf, 0xf3, 0xb7,
+    0x5e, 0x71, 0x47, 0xa6, 0x59, 0x4c, 0x7d, 0x84, 0x5b, 0x7b, 0xa1, 0x4a,
+    0xcb, 0xfd, 0x1c, 0xe1, 0x0f, 0xd2, 0xb2, 0xd8, 0xc7, 0x9e, 0xe3, 0xb5,
+    0x1a, 0xa4, 0x81, 0x93, 0x61, 0x3b, 0x43, 0x67, 0xd0, 0x8e, 0x26, 0xfb,
+    0xff, 0xcf, 0xdf, 0x3d, 0x3c, 0xcf, 0x93, 0x9a, 0xb2, 0xff, 0x42, 0x75,
+    0x1c, 0xea, 0x35, 0x97, 0xd0, 0xd6, 0x1d, 0x65, 0xec, 0xd0, 0x16, 0x5f,
+    0xa2, 0xc1, 0x9f, 0x71, 0x65, 0xfc, 0x52, 0x67, 0x70, 0xe2, 0xca, 0xed,
+    0x13, 0x2c, 0x45, 0x10, 0xe6, 0xe9, 0x65, 0xe3, 0x45, 0xd2, 0xca, 0x94,
+    0xcb, 0xb2, 0x19, 0xc6, 0xa0, 0xdf, 0xff, 0xff, 0x9b, 0xac, 0xfc, 0x97,
+    0xf9, 0xb6, 0x58, 0x78, 0x7d, 0xba, 0x96, 0x83, 0xf1, 0x65, 0xff, 0xe7,
+    0x6f, 0x8b, 0x4f, 0xc0, 0xf0, 0xba, 0x59, 0x7f, 0xfd, 0xa0, 0x70, 0x1e,
+    0x78, 0x37, 0xca, 0x40, 0xb2, 0xb1, 0x31, 0xdf, 0x42, 0x10, 0x49, 0x57,
+    0xf6, 0x7d, 0xc8, 0x02, 0x59, 0x7f, 0x7b, 0x6b, 0x46, 0xe4, 0xb2, 0xfe,
+    0x3f, 0x06, 0x4e, 0x62, 0xcb, 0xf0, 0x39, 0xb0, 0xf6, 0x1e, 0xc3, 0x59,
+    0x52, 0x7d, 0x2e, 0x5d, 0x7e, 0xe9, 0x87, 0x84, 0xb2, 0xfb, 0x4d, 0x27,
+    0x59, 0x73, 0x8d, 0x65, 0x76, 0x6d, 0xc0, 0x43, 0x58, 0x88, 0x07, 0x5e,
+    0xbf, 0xcf, 0xf6, 0xfb, 0x03, 0x8b, 0x2a, 0x09, 0xdb, 0xe1, 0x61, 0x42,
+    0x63, 0x90, 0xa0, 0x11, 0x0d, 0xfd, 0x3a, 0xff, 0x32, 0x0b, 0x2f, 0xfb,
+    0x51, 0x16, 0x0f, 0xd3, 0xbd, 0x65, 0xff, 0x68, 0x18, 0x37, 0xf8, 0xa5,
+    0x65, 0xff, 0x87, 0xe1, 0x39, 0xb8, 0x37, 0x82, 0xca, 0xc4, 0x59, 0x39,
+    0xd9, 0x1c, 0x50, 0x51, 0xb6, 0xd1, 0x0a, 0x8c, 0xec, 0x6d, 0x33, 0x29,
+    0xc2, 0x38, 0x5f, 0x0d, 0xdb, 0x23, 0xd9, 0x36, 0x14, 0xfd, 0x43, 0x13,
+    0xb8, 0x49, 0x34, 0xa0, 0xfd, 0x47, 0x60, 0x77, 0x5f, 0x47, 0x4e, 0xf2,
+    0xa1, 0x00, 0xc2, 0x51, 0xbc, 0x72, 0x35, 0x2f, 0xc7, 0xd9, 0xbd, 0x4c,
+    0x38, 0x6f, 0xdf, 0x04, 0x38, 0x7b, 0x8b, 0x28, 0x22, 0x75, 0x26, 0xc7,
+    0x01, 0x7e, 0x32, 0x7a, 0x6e, 0x96, 0x5f, 0xff, 0xbd, 0x85, 0x86, 0xf9,
+    0xe1, 0xe3, 0x1c, 0x33, 0xac, 0xbe, 0xe9, 0xdf, 0xa5, 0x45, 0x80, 0xa8,
+    0x22, 0x1f, 0x4a, 0xf7, 0xf8, 0xed, 0xc1, 0x4e, 0xa2, 0x59, 0x7e, 0x8b,
+    0x9a, 0x9d, 0xeb, 0x2f, 0xba, 0x0f, 0xd1, 0x2c, 0xa9, 0x44, 0x2b, 0x1a,
+    0x39, 0x5d, 0xe0, 0x06, 0x05, 0x97, 0xe1, 0xe6, 0x03, 0x8b, 0x2a, 0x53,
+    0xcb, 0xc8, 0x58, 0xf2, 0x15, 0x1f, 0x2d, 0x0c, 0x7a, 0xff, 0x0e, 0x42,
+    0x77, 0xf1, 0x4a, 0xca, 0x08, 0x88, 0xa1, 0x2a, 0x5f, 0xb5, 0xd3, 0xbf,
+    0x4a, 0x89, 0xd5, 0x7f, 0xff, 0xbd, 0x31, 0x8f, 0x0e, 0x13, 0x9c, 0xcf,
+    0x37, 0x05, 0x1a, 0xcb, 0xf0, 0x43, 0xbc, 0x02, 0x62, 0x26, 0xe2, 0x36,
+    0xbf, 0xff, 0x88, 0x53, 0xfe, 0x61, 0x04, 0x00, 0x27, 0xcf, 0x1a, 0xcb,
+    0xcf, 0x13, 0xac, 0xba, 0x78, 0xb2, 0xe2, 0x09, 0x11, 0xb2, 0xf8, 0xe5,
+    0x4a, 0x2f, 0x72, 0x11, 0xd7, 0x8d, 0x93, 0xac, 0xbd, 0x1c, 0xf4, 0xb2,
+    0xff, 0xbc, 0x2e, 0xc6, 0xdb, 0xe4, 0x6b, 0x2d, 0x91, 0x9e, 0xd7, 0xc7,
+    0xaf, 0x9f, 0xa0, 0xce, 0xb2, 0xf4, 0x38, 0x10, 0xd4, 0x61, 0x93, 0xbe,
+    0xf2, 0x8b, 0xf6, 0xba, 0x77, 0xe9, 0x51, 0x6c, 0xaf, 0xfe, 0xf3, 0x7f,
+    0xc2, 0xef, 0x0e, 0xfd, 0xac, 0xbe, 0xfe, 0x9b, 0xb5, 0x97, 0xf7, 0xdf,
+    0xdb, 0x47, 0x2b, 0x2f, 0xff, 0xe8, 0x04, 0xe4, 0xb6, 0x0d, 0xb3, 0x99,
+    0xf2, 0x95, 0x95, 0x28, 0x88, 0x72, 0xfb, 0xf4, 0x25, 0xb7, 0xca, 0xcb,
+    0xf6, 0x10, 0x0f, 0x8b, 0x2f, 0xfa, 0x78, 0x13, 0xcd, 0xd3, 0xe9, 0x65,
+    0xff, 0x36, 0x11, 0xb3, 0xbd, 0xfc, 0xb2, 0xa5, 0x18, 0x5d, 0x14, 0x00,
+    0x9b, 0x64, 0xee, 0xff, 0xa6, 0x13, 0xa8, 0xe7, 0x51, 0xac, 0xbe, 0xf3,
+    0x19, 0xb1, 0xac, 0xbf, 0xff, 0xdd, 0xf9, 0xb8, 0xff, 0x93, 0x9b, 0x3c,
+    0x6d, 0x99, 0xfa, 0xca, 0x1a, 0x23, 0x1c, 0xa2, 0xff, 0x7e, 0x0f, 0x0f,
+    0x4c, 0x6b, 0x2c, 0x13, 0x15, 0xb3, 0x74, 0x6c, 0xc8, 0xc7, 0x85, 0x5b,
+    0xc3, 0x8c, 0x90, 0x39, 0x0c, 0x6f, 0x91, 0x5f, 0xf8, 0x82, 0x1c, 0x4d,
+    0xf2, 0x7d, 0xd5, 0x97, 0xe7, 0xe7, 0x9e, 0x0b, 0x2f, 0xf0, 0xbe, 0x0d,
+    0x0a, 0x1c, 0x59, 0x5a, 0x3d, 0xc2, 0x27, 0xbf, 0x9f, 0x5b, 0x2e, 0x46,
+    0xac, 0xbc, 0x2e, 0x04, 0xc3, 0xd1, 0x22, 0x1b, 0x9c, 0x18, 0x99, 0x18,
+    0x21, 0xdf, 0x77, 0x7d, 0x2c, 0xbe, 0xe9, 0xdf, 0xa5, 0x45, 0xcc, 0xb1,
+    0xd6, 0x56, 0x8f, 0x04, 0xc3, 0x0b, 0xf8, 0xb3, 0xb0, 0x34, 0x16, 0x58,
+    0x2e, 0xb2, 0xb4, 0x78, 0x5b, 0xcb, 0x6f, 0x39, 0xf8, 0xb2, 0xe8, 0x8e,
+    0xb2, 0xc4, 0xb2, 0x96, 0x61, 0x61, 0x52, 0x9a, 0x06, 0x2d, 0x33, 0x2b,
+    0x92, 0x18, 0x39, 0xb2, 0x51, 0x7f, 0x46, 0x13, 0x62, 0x0a, 0x05, 0x36,
+    0x25, 0x97, 0xf7, 0x61, 0x3f, 0xc7, 0xd2, 0xca, 0x08, 0x8c, 0xdc, 0x58,
+    0x74, 0x4b, 0xf6, 0xba, 0x77, 0xe9, 0x51, 0x77, 0xaf, 0xf4, 0x02, 0x73,
+    0x5a, 0x63, 0x16, 0x58, 0x26, 0x1f, 0x6b, 0x9b, 0x5f, 0xf1, 0x4b, 0xc7,
+    0xdf, 0x24, 0x6b, 0x2e, 0x18, 0x16, 0x5d, 0x3b, 0xab, 0x2f, 0x16, 0x46,
+    0xb2, 0xc1, 0x06, 0x88, 0x53, 0x4e, 0x40, 0x2e, 0x43, 0x35, 0x31, 0x81,
+    0x4c, 0xe6, 0x36, 0x9e, 0x7a, 0x5a, 0xee, 0x18, 0xad, 0x5c, 0x58, 0x6a,
+    0x54, 0x11, 0xe1, 0x81, 0xe8, 0xc0, 0x5e, 0x1d, 0x20, 0x97, 0x58, 0x51,
+    0xd5, 0x72, 0x52, 0x07, 0xe1, 0x3a, 0x1c, 0x2b, 0x6f, 0xfc, 0x63, 0x94,
+    0x7c, 0x62, 0xee, 0x0b, 0x2f, 0xfe, 0xc8, 0xf0, 0xcf, 0x67, 0x31, 0x89,
+    0x65, 0xff, 0x98, 0x8b, 0x0d, 0xe8, 0x4e, 0x35, 0x97, 0xec, 0xf0, 0xdc,
+    0x96, 0x5c, 0xc1, 0x3c, 0x8e, 0x72, 0x40, 0xe2, 0x18, 0x67, 0xd7, 0xee,
+    0x70, 0xef, 0x05, 0x97, 0xff, 0xef, 0x49, 0x47, 0xc1, 0x3b, 0x43, 0x9e,
+    0x78, 0x2c, 0xbf, 0xff, 0x7a, 0x4a, 0x3e, 0x09, 0xda, 0x1c, 0xf3, 0xc1,
+    0x65, 0xff, 0xff, 0xfc, 0xd2, 0x5f, 0x27, 0x37, 0x3e, 0x2f, 0xb7, 0xf9,
+    0xe6, 0xd4, 0xc6, 0xfa, 0xe9, 0x65, 0xde, 0x61, 0xa3, 0x77, 0xca, 0xb7,
+    0x72, 0x56, 0x5f, 0xfd, 0xdf, 0x42, 0x7e, 0xff, 0x98, 0x46, 0xac, 0xbc,
+    0x4e, 0x12, 0x53, 0xe5, 0x19, 0x47, 0x51, 0x99, 0x70, 0xbb, 0xe2, 0xd7,
+    0xf0, 0x53, 0x60, 0x9e, 0xf5, 0x1a, 0xcb, 0xc7, 0x16, 0xe2, 0xcb, 0xc2,
+    0x73, 0xac, 0xbe, 0x16, 0xe8, 0xe5, 0x65, 0xfb, 0x37, 0x7f, 0x26, 0xac,
+    0xb6, 0xea, 0xca, 0x8c, 0xdf, 0xe1, 0x5d, 0xf7, 0x1b, 0xad, 0x2c, 0xa8,
+    0xd1, 0xc9, 0xa2, 0x0f, 0x0e, 0x13, 0x21, 0x84, 0x37, 0xfe, 0xe3, 0x9b,
+    0xe6, 0x92, 0x14, 0xac, 0xbf, 0xf7, 0x9f, 0xef, 0xee, 0xe1, 0x9f, 0x59,
+    0x58, 0x7f, 0x8c, 0x7b, 0x73, 0x81, 0x65, 0xff, 0xff, 0xe2, 0x73, 0x0b,
+    0x3f, 0xfc, 0x8e, 0x49, 0xcd, 0xe1, 0xe7, 0x08, 0x6b, 0x2f, 0x60, 0x7c,
+    0x59, 0x58, 0x8a, 0x8d, 0x0b, 0x6e, 0xba, 0xde, 0x68, 0xb8, 0xb2, 0xfe,
+    0x29, 0x01, 0xde, 0x0b, 0x2f, 0xe2, 0x90, 0x1d, 0xe0, 0xb2, 0xff, 0x05,
+    0x36, 0x02, 0xc1, 0xf8, 0x4b, 0x2f, 0xd9, 0xbe, 0x4b, 0xf8, 0x7d, 0x1c,
+    0x2c, 0xbf, 0x10, 0xb9, 0xe6, 0xda, 0x8e, 0xfc, 0x1d, 0xd4, 0x25, 0x2f,
+    0xc3, 0x6d, 0xfa, 0xc5, 0x96, 0xf4, 0x9f, 0xde, 0x29, 0x5f, 0xe7, 0x86,
+    0xb3, 0x65, 0x80, 0xb2, 0xff, 0x49, 0x4f, 0x5c, 0x01, 0xd6, 0x5f, 0x4c,
+    0x5e, 0x65, 0x97, 0x9d, 0xfa, 0x54, 0x4a, 0xeb, 0xfc, 0x6b, 0x90, 0x3f,
+    0x9e, 0x59, 0x51, 0x9f, 0xf7, 0x44, 0x4c, 0x53, 0x7b, 0xd9, 0xd2, 0xcb,
+    0xec, 0x00, 0xb8, 0xb2, 0xe7, 0xef, 0x0d, 0xf9, 0x0e, 0xdf, 0x9c, 0xd7,
+    0xfc, 0x16, 0x5f, 0xff, 0x71, 0x9f, 0xbf, 0x3b, 0x7c, 0x5a, 0x7e, 0x2c,
+    0xb7, 0x64, 0x7e, 0xff, 0x28, 0xbf, 0xfb, 0xd9, 0x0e, 0xbc, 0xc3, 0x92,
+    0xfa, 0xca, 0x63, 0xec, 0xf9, 0x45, 0x41, 0x55, 0x50, 0xc9, 0xba, 0x35,
+    0xd4, 0x2c, 0x4e, 0xde, 0x51, 0x87, 0x5f, 0xfb, 0xa6, 0xd6, 0x79, 0xb5,
+    0xe7, 0x59, 0x7f, 0xf0, 0xb9, 0xe7, 0x87, 0xd9, 0xc8, 0x0b, 0x2f, 0x79,
+    0xbf, 0xda, 0x20, 0x74, 0x7d, 0x7f, 0x69, 0xe0, 0xfd, 0xc1, 0x65, 0xf8,
+    0x9c, 0xc0, 0xce, 0xb2, 0xa4, 0xf5, 0xfe, 0x5d, 0x7e, 0x96, 0x03, 0x1d,
+    0x65, 0xed, 0x37, 0x6b, 0x2a, 0x07, 0x87, 0xf2, 0x6b, 0xf4, 0xc7, 0xfc,
+    0xf2, 0xcb, 0xfa, 0x4e, 0x3d, 0x3f, 0x4b, 0x2b, 0xc7, 0xac, 0x45, 0x17,
+    0xff, 0x8b, 0xfe, 0xc8, 0x77, 0xfd, 0x4e, 0x18, 0xb2, 0xff, 0xff, 0xf3,
+    0x90, 0x72, 0x0c, 0x87, 0xa7, 0x78, 0xe4, 0x26, 0x10, 0xa1, 0x9c, 0x59,
+    0x52, 0x8c, 0x4d, 0x25, 0xdd, 0x08, 0xd6, 0x5f, 0x74, 0xf0, 0xc5, 0x97,
+    0xff, 0xff, 0xff, 0xe1, 0xb9, 0xce, 0xf0, 0x84, 0x87, 0x23, 0x6d, 0x3f,
+    0x63, 0xf4, 0xeb, 0x8c, 0xee, 0x53, 0xd7, 0xa6, 0x25, 0x97, 0xf1, 0x7c,
+    0x5e, 0x0a, 0xca, 0xcb, 0x9b, 0xf2, 0x8e, 0x16, 0x85, 0x85, 0x62, 0x66,
+    0x8f, 0x18, 0x1d, 0xfc, 0x40, 0xd6, 0x9a, 0x35, 0x97, 0xfb, 0x35, 0xc7,
+    0xe8, 0x5d, 0xac, 0xbf, 0xff, 0xbb, 0xe6, 0x6b, 0xff, 0x78, 0xc3, 0x38,
+    0xfc, 0xc6, 0xac, 0xac, 0x44, 0xab, 0x9a, 0xdf, 0xee, 0xf1, 0xb9, 0xc1,
+    0x4a, 0xcb, 0x09, 0x65, 0xf7, 0xdb, 0x34, 0xb2, 0x96, 0x5f, 0x7e, 0x7f,
+    0xc5, 0x97, 0x3c, 0x36, 0x23, 0x5b, 0x81, 0x75, 0x1a, 0x23, 0xfc, 0x23,
+    0xbd, 0x3a, 0xff, 0xb1, 0xb7, 0x94, 0xe6, 0xa0, 0xb2, 0xff, 0xfd, 0xf8,
+    0x66, 0xe3, 0x90, 0x3b, 0xfe, 0xa7, 0x0c, 0x58, 0x61, 0xb8, 0xbf, 0x77,
+    0xff, 0x48, 0x16, 0x56, 0x23, 0xf9, 0xda, 0xc4, 0xd5, 0x7f, 0xff, 0xb0,
+    0x6d, 0xd7, 0x98, 0x63, 0xc3, 0x03, 0x8b, 0xc2, 0x35, 0x65, 0xff, 0xe8,
+    0x8a, 0x7f, 0xcf, 0xf7, 0xd3, 0x14, 0x6b, 0x2f, 0xf9, 0xcc, 0x1f, 0xa6,
+    0x3c, 0x31, 0x65, 0x32, 0x22, 0x09, 0x36, 0xff, 0xf9, 0x81, 0x87, 0x6f,
+    0xf2, 0x4e, 0xfd, 0xfd, 0x65, 0xff, 0xfd, 0xbf, 0x07, 0xa9, 0x17, 0x1b,
+    0x7b, 0xb0, 0xc5, 0x2b, 0x2b, 0x11, 0x58, 0xc9, 0xf7, 0xff, 0xfb, 0xa7,
+    0xd3, 0xfb, 0xb8, 0x67, 0xf3, 0xf2, 0x20, 0xbe, 0x2c, 0xbf, 0xf9, 0xfb,
+    0x83, 0x7f, 0xd3, 0xaf, 0xca, 0xcb, 0xfe, 0x93, 0xff, 0x22, 0x83, 0x7d,
+    0x65, 0x41, 0x30, 0x36, 0x21, 0x3b, 0x2f, 0xd1, 0x2f, 0xff, 0xf7, 0x98,
+    0x63, 0xc3, 0x3b, 0xf8, 0x9f, 0x9e, 0x31, 0xc6, 0xb2, 0xf8, 0x4f, 0xa8,
+    0x2c, 0xbf, 0x8a, 0x63, 0x03, 0xfd, 0x65, 0xfe, 0x71, 0x87, 0xbb, 0x25,
+    0x05, 0x96, 0x9e, 0x8f, 0x8c, 0xe5, 0xb7, 0xff, 0xc7, 0x72, 0x07, 0x8c,
+    0x72, 0x8f, 0xa6, 0x8d, 0x65, 0xff, 0xfd, 0xa7, 0xe6, 0x14, 0xe0, 0x39,
+    0x91, 0x4f, 0x7c, 0x59, 0x73, 0x7d, 0xd1, 0x58, 0x25, 0x2a, 0x1a, 0x70,
+    0xcd, 0x08, 0x57, 0x86, 0xa5, 0xff, 0x08, 0x07, 0x78, 0x73, 0x43, 0x59,
+    0x7f, 0xff, 0xb1, 0x8b, 0xf8, 0x5b, 0x49, 0xc7, 0x25, 0x1c, 0xe9, 0x65,
+    0x7d, 0x13, 0x1b, 0xce, 0xad, 0xa5, 0x97, 0xff, 0xee, 0xfe, 0x53, 0xe7,
+    0xe6, 0x74, 0x4f, 0x9d, 0x2c, 0xac, 0x44, 0x5f, 0x44, 0xa2, 0x11, 0xbf,
+    0xff, 0xfd, 0xec, 0x38, 0x1f, 0x59, 0xbf, 0x07, 0x9c, 0x13, 0xf7, 0xe3,
+    0x1f, 0xeb, 0x2f, 0xf4, 0xf9, 0xbf, 0xc7, 0xed, 0x65, 0xff, 0xb3, 0xbf,
+    0xfe, 0x4f, 0xec, 0x8d, 0x65, 0xff, 0x45, 0xd7, 0x98, 0xf3, 0xa3, 0x56,
+    0x5f, 0xe0, 0x66, 0xb3, 0x3f, 0xc5, 0x95, 0x87, 0xdd, 0xd9, 0xe5, 0x4a,
+    0xff, 0x70, 0xe1, 0xdd, 0x91, 0xe8, 0x74, 0x7b, 0xe8, 0xfa, 0x8a, 0x35,
+    0xcf, 0x98, 0x09, 0xe8, 0xc3, 0x30, 0xe1, 0x5d, 0x7b, 0x00, 0xeb, 0x2f,
+    0x6b, 0x3b, 0x59, 0x7b, 0xcf, 0x0f, 0x1b, 0x80, 0x0d, 0xdf, 0xfc, 0xed,
+    0xf9, 0x2e, 0x98, 0xe7, 0x65, 0x97, 0xde, 0x92, 0xfa, 0xcb, 0x98, 0x7e,
+    0x3e, 0x3e, 0x21, 0x5b, 0x3c, 0x8c, 0x22, 0x84, 0xad, 0xff, 0x67, 0x7c,
+    0x1c, 0xb9, 0x46, 0xb2, 0xff, 0x3f, 0x24, 0xbf, 0xe6, 0x59, 0x7e, 0x3c,
+    0x5c, 0x62, 0x59, 0x7f, 0xf7, 0x4d, 0xaf, 0x64, 0x5e, 0x6d, 0x46, 0xb2,
+    0xff, 0xe7, 0x06, 0x17, 0x7f, 0xd4, 0xe1, 0x8b, 0x2f, 0xf9, 0xe1, 0xcf,
+    0x4e, 0x83, 0x1a, 0xca, 0x82, 0x70, 0x78, 0x58, 0x69, 0xcf, 0x46, 0x3d,
+    0x94, 0x12, 0x3f, 0xd1, 0x2f, 0xc0, 0x89, 0x84, 0x17, 0x59, 0x7f, 0xff,
+    0xbd, 0x9d, 0x16, 0x1f, 0x0b, 0x3e, 0x20, 0x1d, 0xe0, 0xb2, 0xfe, 0xf3,
+    0x9c, 0xa7, 0xb5, 0x97, 0xfe, 0x2c, 0xf6, 0x45, 0x06, 0xd4, 0x16, 0x5f,
+    0xff, 0xff, 0x02, 0x4b, 0xa7, 0xfb, 0xf6, 0x0c, 0xde, 0xdf, 0x87, 0x9b,
+    0xfc, 0x61, 0xac, 0xbf, 0xf3, 0x6f, 0x6f, 0xc5, 0x09, 0x2f, 0xac, 0xa9,
+    0x4e, 0xda, 0x05, 0xb8, 0xbf, 0xd1, 0x6f, 0x67, 0xdf, 0x7f, 0xbf, 0xfc,
+    0xf9, 0x0f, 0x63, 0x16, 0x03, 0x67, 0x16, 0x5e, 0x78, 0x04, 0xd8, 0x1b,
+    0xc5, 0xe9, 0x8c, 0x76, 0x10, 0xc7, 0x1c, 0x32, 0x32, 0x71, 0x1b, 0xa8,
+    0x72, 0xf7, 0x08, 0xc6, 0x64, 0x89, 0xe3, 0x50, 0xe5, 0x39, 0x17, 0xa3,
+    0x4c, 0x72, 0x80, 0x43, 0x0c, 0x2e, 0x42, 0x51, 0xe0, 0x72, 0x90, 0x39,
+    0xf9, 0x64, 0xe1, 0xca, 0x1c, 0xdd, 0x58, 0xb8, 0x2f, 0x8b, 0x2f, 0xdf,
+    0x91, 0x05, 0xf1, 0x65, 0xff, 0x43, 0x3f, 0xe6, 0x9d, 0x01, 0x65, 0xfb,
+    0x3a, 0x78, 0x62, 0xcb, 0xfd, 0x83, 0x62, 0xfe, 0x79, 0x65, 0xff, 0xfc,
+    0x3f, 0x49, 0x47, 0xc1, 0x3b, 0x43, 0x9e, 0x78, 0x2c, 0xbd, 0x9e, 0x09,
+    0xb0, 0xd3, 0x30, 0xc1, 0xae, 0xca, 0xfc, 0x70, 0x44, 0xfc, 0x31, 0xbf,
+    0xff, 0xfe, 0x1e, 0x04, 0xe4, 0x1b, 0xd3, 0xdc, 0x30, 0xf9, 0xbd, 0xbe,
+    0x09, 0x1c, 0xac, 0xbc, 0xd2, 0xeb, 0x2f, 0x7e, 0x46, 0x92, 0xff, 0xf7,
+    0x9d, 0xbf, 0x30, 0x6d, 0x46, 0x20, 0x24, 0xbd, 0xa0, 0xb8, 0x49, 0x3e,
+    0x6e, 0x0e, 0x5e, 0x7e, 0x82, 0x41, 0x17, 0x23, 0x84, 0x05, 0x82, 0x0d,
+    0xd1, 0xc2, 0x75, 0x28, 0xbc, 0xf5, 0xe6, 0x0f, 0xe5, 0x57, 0x89, 0xc3,
+    0x7c, 0x67, 0x37, 0xff, 0x82, 0x1d, 0xe0, 0x13, 0x35, 0xd3, 0xbf, 0x4a,
+    0x89, 0x85, 0x7d, 0x2c, 0x1f, 0x96, 0x5f, 0xef, 0x49, 0x39, 0xe7, 0x75,
+    0x65, 0xe6, 0x0f, 0xcb, 0x2f, 0xff, 0xec, 0xde, 0xe3, 0xf4, 0x84, 0xff,
+    0xb0, 0x62, 0xff, 0x16, 0x5f, 0xfe, 0xd3, 0x80, 0x21, 0xbf, 0x81, 0x93,
+    0xc8, 0x2c, 0xbb, 0x02, 0x0d, 0x32, 0x17, 0x22, 0x01, 0xa1, 0x0e, 0x86,
+    0xbf, 0x76, 0xc4, 0x16, 0x2c, 0xb6, 0xf5, 0x94, 0x15, 0x36, 0x87, 0x21,
+    0xbf, 0x37, 0xbd, 0x91, 0xac, 0xbd, 0xb1, 0xf8, 0x6b, 0x2f, 0xfe, 0x0a,
+    0xe7, 0x70, 0x13, 0xfc, 0xa6, 0x0b, 0x2f, 0xb6, 0x16, 0x40, 0xeb, 0x2f,
+    0xdb, 0x06, 0xc1, 0xb1, 0x6c, 0x85, 0x16, 0x5d, 0xfd, 0x86, 0xb2, 0xee,
+    0xf7, 0x16, 0x5f, 0xbc, 0xc7, 0x9e, 0x96, 0x5d, 0x87, 0xda, 0x78, 0x7d,
+    0x0d, 0xdf, 0xd2, 0x7c, 0x04, 0xef, 0x59, 0x7f, 0xfb, 0xfc, 0x14, 0xed,
+    0xeb, 0xcd, 0xb2, 0xf1, 0xac, 0xa1, 0xa2, 0xbf, 0xc6, 0x04, 0x5d, 0x7f,
+    0xb5, 0x9d, 0x48, 0x03, 0x3a, 0xcb, 0xf7, 0xde, 0x37, 0xe2, 0xcb, 0xe9,
+    0x3b, 0x69, 0x65, 0xa6, 0x23, 0xc9, 0xd1, 0x45, 0xf0, 0x83, 0xc8, 0xd6,
+    0x5f, 0x49, 0x34, 0x4b, 0x2f, 0xff, 0xd9, 0x1e, 0xdc, 0xc2, 0xff, 0x9d,
+    0xb8, 0xdb, 0xd6, 0x5f, 0xbd, 0x23, 0x63, 0x56, 0x53, 0x27, 0x33, 0xa2,
+    0xf3, 0xbf, 0x78, 0xa0, 0x89, 0x3e, 0x43, 0xba, 0xaf, 0x7f, 0xd8, 0x67,
+    0x9b, 0xfc, 0x7d, 0x2c, 0xbe, 0xf0, 0x7c, 0x25, 0x97, 0x05, 0x3e, 0xb2,
+    0xfa, 0x26, 0x32, 0x25, 0x97, 0xfa, 0x4e, 0xde, 0x9c, 0x25, 0x97, 0x3f,
+    0x16, 0x51, 0xcf, 0xaf, 0xe4, 0xbb, 0xcc, 0x2f, 0xef, 0xce, 0xf2, 0x7e,
+    0xd6, 0x5f, 0x8b, 0xa6, 0x2c, 0x59, 0x7f, 0xee, 0x0f, 0x44, 0xe6, 0x67,
+    0x7f, 0x59, 0x7f, 0x8c, 0x2c, 0xef, 0xf9, 0xe5, 0x95, 0x87, 0xe8, 0xc8,
+    0x17, 0xfa, 0x5e, 0x3f, 0x9a, 0xfa, 0x59, 0x7e, 0x7d, 0x41, 0xce, 0xb2,
+    0x86, 0x9f, 0xde, 0x42, 0x1b, 0xb3, 0x16, 0x2f, 0xf4, 0x26, 0x88, 0x80,
+    0x46, 0x96, 0x3a, 0xcb, 0xfd, 0xff, 0x3b, 0x71, 0xb7, 0xac, 0xb0, 0x51,
+    0x65, 0x11, 0xe4, 0xec, 0x9a, 0x5f, 0xee, 0x4e, 0x10, 0xfd, 0x2b, 0x2f,
+    0xe9, 0xc2, 0x1f, 0xa5, 0x65, 0xe1, 0x6a, 0x2d, 0xa7, 0xb9, 0xc3, 0x1b,
+    0xee, 0x8a, 0x7c, 0xb2, 0xff, 0x19, 0xb7, 0x07, 0xe9, 0xde, 0xb2, 0xff,
+    0xc2, 0xc3, 0x73, 0xe2, 0x9e, 0xc6, 0xb2, 0xa4, 0xfe, 0x18, 0xe2, 0xff,
+    0x10, 0xbf, 0x9f, 0x0e, 0x35, 0x95, 0x88, 0xef, 0xd4, 0x26, 0xbe, 0x41,
+    0x76, 0x18, 0xb2, 0xff, 0x87, 0x90, 0xf4, 0xef, 0x1c, 0xac, 0xbb, 0x7c,
+    0x6b, 0x2f, 0x9b, 0x5e, 0x7d, 0xa7, 0xa8, 0xc7, 0x57, 0xfc, 0x60, 0x7e,
+    0x9e, 0xbc, 0xd1, 0x2c, 0xbe, 0x11, 0xf0, 0x6b, 0x2b, 0xb3, 0xdf, 0xdd,
+    0x3d, 0xbf, 0xff, 0xef, 0x64, 0x32, 0x1e, 0xc2, 0xc3, 0x7c, 0xf0, 0xc8,
+    0x1d, 0x65, 0x62, 0x22, 0xfe, 0x4d, 0x7e, 0xd4, 0xc3, 0x98, 0xb2, 0xf9,
+    0xbf, 0x9b, 0xd6, 0x5f, 0xec, 0x33, 0xe4, 0xe0, 0xe2, 0xca, 0x93, 0xfd,
+    0xf1, 0x3f, 0xc8, 0xef, 0xff, 0xfb, 0xa7, 0xd4, 0xfe, 0x61, 0xb4, 0x3f,
+    0x96, 0x01, 0xc8, 0x0b, 0x2f, 0x79, 0xe0, 0xb2, 0xa0, 0xba, 0x27, 0x8b,
+    0x5d, 0x42, 0x03, 0x51, 0x93, 0x1c, 0xd3, 0xcd, 0x65, 0x19, 0x1f, 0xe1,
+    0x3e, 0x22, 0xed, 0xed, 0x17, 0xfe, 0xe7, 0xa4, 0xff, 0xe1, 0x3f, 0x6b,
+    0x2f, 0x88, 0x5a, 0x95, 0x96, 0x7e, 0xcf, 0x81, 0xcf, 0xef, 0xff, 0xa4,
+    0xbf, 0xa9, 0x68, 0x16, 0x1d, 0xe0, 0xb2, 0xfc, 0x73, 0xe0, 0xa2, 0x59,
+    0x7f, 0xfa, 0x7a, 0xe0, 0xbe, 0xde, 0x63, 0x7c, 0xcb, 0x2f, 0xe3, 0xce,
+    0x17, 0xf6, 0x56, 0x5f, 0x69, 0xbb, 0x82, 0xcb, 0x71, 0x65, 0xfa, 0x70,
+    0xbf, 0xb2, 0xb2, 0xf7, 0x1f, 0xbd, 0xa8, 0x8c, 0x62, 0xf8, 0x88, 0xce,
+    0x23, 0x43, 0x4e, 0x77, 0x49, 0x87, 0x29, 0xfc, 0x35, 0xef, 0xfb, 0x73,
+    0x07, 0xe9, 0xdc, 0x29, 0x59, 0x4c, 0x88, 0x07, 0x43, 0xbf, 0xed, 0x47,
+    0xd7, 0x9b, 0xc2, 0xfa, 0xca, 0xf1, 0xee, 0xb9, 0x0d, 0xfe, 0x63, 0x75,
+    0x91, 0xcc, 0x6b, 0x2f, 0xd2, 0x7d, 0xe0, 0x82, 0xca, 0xe1, 0xef, 0xfc,
+    0xd6, 0xef, 0xb2, 0xcb, 0x85, 0x8b, 0x2e, 0xd7, 0x16, 0x54, 0x0f, 0x94,
+    0xd2, 0x20, 0x0b, 0x6c, 0x8b, 0x5f, 0xff, 0xa0, 0x2d, 0x4f, 0x46, 0x63,
+    0x7b, 0xa6, 0x8f, 0x75, 0x65, 0xed, 0x4f, 0xd6, 0x5f, 0xba, 0x6e, 0x79,
+    0x96, 0x5f, 0xd8, 0xc5, 0xf1, 0x79, 0x65, 0x76, 0x7a, 0x9e, 0x28, 0xbf,
+    0x74, 0x4d, 0xdc, 0x16, 0x54, 0x49, 0x8c, 0x71, 0x73, 0xee, 0x02, 0x23,
+    0xbc, 0x7d, 0xb8, 0xb2, 0xfe, 0xd6, 0x37, 0xa4, 0x6b, 0x2f, 0x68, 0x5c,
+    0x59, 0x7f, 0xfd, 0xe9, 0x2c, 0xff, 0xb3, 0xfe, 0x91, 0x05, 0xd6, 0x5f,
+    0xcd, 0xad, 0xae, 0x40, 0x59, 0x7b, 0xd9, 0xda, 0xcb, 0xff, 0xfc, 0x66,
+    0xef, 0xf3, 0xdb, 0x4b, 0x23, 0x6c, 0x2e, 0xe1, 0xc5, 0x97, 0xe3, 0x3f,
+    0x9e, 0xe9, 0x65, 0x62, 0x24, 0x5d, 0x9e, 0xa5, 0x3b, 0x61, 0x8f, 0x61,
+    0x63, 0x0e, 0xf9, 0x49, 0xcb, 0x8a, 0x15, 0xd7, 0xff, 0xbe, 0x4e, 0x0f,
+    0x63, 0x0c, 0x5f, 0xe2, 0xcb, 0xed, 0xf8, 0x39, 0x59, 0x7e, 0x21, 0x0f,
+    0xd2, 0xb2, 0xfa, 0x19, 0x3d, 0xac, 0xbf, 0xe9, 0x8c, 0x38, 0x78, 0x4f,
+    0x1a, 0xcb, 0xd3, 0xdc, 0x16, 0x54, 0xa6, 0x1d, 0x89, 0x2c, 0x47, 0x11,
+    0x3e, 0x88, 0x88, 0xf2, 0xff, 0xdd, 0xc3, 0x6f, 0x9f, 0xa9, 0x21, 0xac,
+    0xbf, 0x89, 0x80, 0x79, 0xde, 0xb2, 0xf6, 0x80, 0x75, 0x94, 0xc7, 0x96,
+    0x22, 0xeb, 0xf9, 0x89, 0xfa, 0x2c, 0x59, 0x58, 0x8d, 0x9e, 0x42, 0x34,
+    0x44, 0x37, 0xc5, 0x8c, 0x6a, 0xcb, 0xe6, 0x9e, 0xf8, 0xb2, 0xfc, 0x1f,
+    0xca, 0x40, 0xb2, 0x8e, 0x7d, 0x7f, 0x21, 0xde, 0x45, 0x7d, 0xff, 0xe1,
+    0x8b, 0x2f, 0xff, 0x4f, 0xc1, 0x30, 0xce, 0xff, 0x18, 0x8c, 0x59, 0x7e,
+    0x93, 0xe9, 0xe2, 0x59, 0x7f, 0xfb, 0xf0, 0xcd, 0x67, 0x25, 0x87, 0x87,
+    0x59, 0x7f, 0x9b, 0xcc, 0x27, 0x6f, 0x2c, 0xa6, 0x3f, 0x9f, 0x24, 0x5e,
+    0xe3, 0x81, 0x65, 0x4a, 0x6f, 0xf8, 0x62, 0xc4, 0x7e, 0x4d, 0x78, 0x50,
+    0xfc, 0x86, 0x96, 0x5f, 0x49, 0xda, 0x0b, 0x2e, 0xf4, 0xc0, 0xd6, 0x68,
+    0x2e, 0xf4, 0x91, 0xab, 0x2e, 0x78, 0x2c, 0xbf, 0x4f, 0x44, 0xe7, 0x59,
+    0x7f, 0xe9, 0x86, 0xdc, 0xf3, 0x6b, 0xce, 0xb2, 0xcd, 0xe3, 0xe6, 0xe1,
+    0x3d, 0xef, 0x4f, 0x96, 0x50, 0xd3, 0x07, 0xec, 0xb3, 0x70, 0x73, 0xcf,
+    0x9f, 0x27, 0xb8, 0x51, 0xac, 0xbe, 0xcd, 0x4f, 0x4b, 0x2e, 0x8b, 0x83,
+    0x37, 0x5e, 0x18, 0xbf, 0xff, 0xfd, 0x3e, 0xf3, 0xf3, 0x6f, 0x9d, 0xb9,
+    0xec, 0x06, 0xdd, 0x67, 0xdf, 0xb5, 0x97, 0xfe, 0xef, 0x9d, 0x79, 0x86,
+    0xda, 0xe9, 0x65, 0xfc, 0xe0, 0xd6, 0x9b, 0x4b, 0x2f, 0x7f, 0x6e, 0x2c,
+    0xa9, 0x4c, 0xdb, 0x45, 0xce, 0xf6, 0x04, 0x20, 0xcb, 0x6f, 0x63, 0x01,
+    0x65, 0xf7, 0x85, 0xdf, 0xd6, 0x5f, 0xfd, 0xec, 0x9d, 0x16, 0x1c, 0xe2,
+    0x89, 0x65, 0xfd, 0xf0, 0xc0, 0x09, 0xed, 0x65, 0xff, 0x37, 0xdb, 0x0e,
+    0x59, 0x1a, 0xca, 0x63, 0xe7, 0xf1, 0x85, 0xfd, 0xc6, 0x34, 0xef, 0xf5,
+    0x97, 0xfe, 0xdf, 0x26, 0xc1, 0x8a, 0x75, 0x2b, 0x2f, 0xff, 0xfd, 0xac,
+    0xdf, 0x25, 0xfd, 0xa1, 0x94, 0xf9, 0xdb, 0xf3, 0xfe, 0x2c, 0xbb, 0xad,
+    0x8d, 0x65, 0xf1, 0x3f, 0x8d, 0x59, 0x7a, 0x31, 0x41, 0x65, 0xe2, 0xce,
+    0x6d, 0x3d, 0xd1, 0x8e, 0xe1, 0x15, 0xf3, 0x82, 0x03, 0x59, 0x7f, 0xa4,
+    0xfd, 0x13, 0xe7, 0x4b, 0x28, 0x6a, 0xa6, 0x7a, 0x85, 0x5f, 0x64, 0x2c,
+    0x5d, 0xa3, 0xfd, 0xf0, 0xcb, 0x31, 0x00, 0x32, 0x2b, 0xed, 0xbb, 0xf7,
+    0x63, 0x59, 0x43, 0x56, 0xd5, 0x92, 0xaf, 0x4d, 0x84, 0x15, 0xb7, 0x16,
+    0x5b, 0x71, 0x65, 0xec, 0x1f, 0xd6, 0x58, 0xec, 0x6c, 0x34, 0x29, 0x77,
+    0xf1, 0x65, 0xff, 0x9b, 0x7e, 0x0f, 0xd9, 0xd6, 0x12, 0xcb, 0xfd, 0x25,
+    0x20, 0x77, 0xdd, 0x59, 0x7b, 0x4f, 0x05, 0x97, 0xf8, 0x7e, 0xce, 0xbd,
+    0x3a, 0x59, 0x43, 0x44, 0x1e, 0x8c, 0xc8, 0x72, 0xfd, 0xcc, 0xfe, 0xa5,
+    0x65, 0xff, 0xe0, 0xb9, 0x49, 0xdd, 0xbc, 0xff, 0xf4, 0xac, 0xa9, 0x4d,
+    0xe6, 0x02, 0xcd, 0x0c, 0x2e, 0x17, 0x88, 0x9e, 0xe7, 0xe9, 0x65, 0xfc,
+    0xd1, 0x3f, 0x5c, 0x82, 0xcb, 0xff, 0xfe, 0x18, 0xf3, 0x66, 0x75, 0x84,
+    0x3f, 0x48, 0x60, 0x04, 0xf6, 0xb2, 0xba, 0x45, 0x87, 0x85, 0xdc, 0xbe,
+    0xff, 0xf6, 0xa5, 0x8b, 0x3f, 0xc9, 0xf3, 0x9d, 0x65, 0xff, 0xfe, 0xf3,
+    0x10, 0xf5, 0x9d, 0x7a, 0x7d, 0x9a, 0xd4, 0x9a, 0xb2, 0xfc, 0x2d, 0xd6,
+    0xc3, 0xac, 0xbf, 0x67, 0xff, 0x31, 0x2c, 0xbf, 0x7d, 0xce, 0xdf, 0x59,
+    0x46, 0x9f, 0xce, 0x8a, 0x88, 0xa2, 0xfd, 0xe9, 0xc8, 0x3a, 0xcb, 0xff,
+    0x37, 0xc5, 0xa7, 0xe6, 0xd3, 0xfd, 0x65, 0x4a, 0x25, 0x86, 0x5e, 0xe4,
+    0xd7, 0xf9, 0xb0, 0xe5, 0x91, 0xba, 0xcb, 0xfd, 0xc6, 0xde, 0x39, 0x04,
+    0x6b, 0x2b, 0x0f, 0x9d, 0xcc, 0x6f, 0xbf, 0xc0, 0x09, 0x65, 0xe6, 0x3f,
+    0xd6, 0x5e, 0x20, 0xfe, 0xb2, 0xfc, 0x21, 0xb9, 0x03, 0x69, 0xb9, 0x71,
+    0xca, 0x94, 0x4d, 0x41, 0x72, 0xfe, 0xf3, 0x7c, 0xa4, 0xeb, 0x2f, 0xa7,
+    0x79, 0x4a, 0xcb, 0xcf, 0x0c, 0x59, 0x51, 0x1f, 0x49, 0xcb, 0x08, 0x8a,
+    0x82, 0x8b, 0xda, 0x32, 0x89, 0x91, 0xcf, 0xf5, 0x0f, 0xe6, 0x30, 0x89,
+    0x1f, 0xd1, 0xb8, 0x14, 0x25, 0x7f, 0x0b, 0xa1, 0x42, 0x2e, 0xff, 0x6a,
+    0x78, 0x68, 0x1e, 0x25, 0x97, 0xff, 0xce, 0x71, 0xfa, 0x7d, 0x27, 0x17,
+    0x70, 0xe2, 0xcb, 0xff, 0xd9, 0xff, 0x36, 0x77, 0xfc, 0xdf, 0x3c, 0x59,
+    0x6f, 0x79, 0x13, 0x84, 0xa3, 0x7c, 0xfc, 0xfc, 0x6b, 0x2f, 0xcc, 0xe0,
+    0xdb, 0xf5, 0x97, 0xff, 0x39, 0x7a, 0x58, 0x6d, 0xcc, 0x82, 0xcb, 0xd2,
+    0x00, 0xd6, 0x5f, 0xd9, 0xbf, 0xcc, 0x08, 0x96, 0x54, 0xa7, 0xa7, 0x90,
+    0xd1, 0x34, 0xa3, 0xc4, 0x6e, 0x52, 0x48, 0x3c, 0x1d, 0xb8, 0xa5, 0x65,
+    0xf7, 0xa7, 0x92, 0xb2, 0xf0, 0x63, 0xc5, 0x97, 0x82, 0xfc, 0xd8, 0xd6,
+    0x54, 0x67, 0xf2, 0x31, 0x57, 0x21, 0xe0, 0xed, 0xee, 0x37, 0x16, 0x5f,
+    0x6d, 0x3e, 0xde, 0x96, 0x5f, 0xd1, 0xc5, 0x0d, 0x8f, 0x51, 0xac, 0xbd,
+    0x9d, 0x0d, 0x65, 0xf7, 0xf0, 0x80, 0xb2, 0xfe, 0x73, 0x27, 0xf9, 0x1a,
+    0xcb, 0xfb, 0x35, 0xa9, 0x91, 0xac, 0xa0, 0xa2, 0x33, 0xf0, 0xdd, 0x87,
+    0x48, 0x87, 0x64, 0xba, 0xff, 0xe8, 0xfd, 0x83, 0x1b, 0x77, 0x9d, 0xfd,
+    0x65, 0xf4, 0x61, 0x8a, 0x35, 0x97, 0xd1, 0x42, 0x63, 0x59, 0x52, 0x79,
+    0x58, 0x4d, 0x7f, 0x8a, 0x32, 0xc1, 0x4f, 0x16, 0x5f, 0xcd, 0xf0, 0x06,
+    0x50, 0x59, 0x7c, 0x64, 0x5c, 0x95, 0x97, 0xcd, 0x27, 0xc5, 0x97, 0xe9,
+    0x37, 0x3f, 0xc5, 0x97, 0xff, 0xf6, 0x13, 0x0f, 0x99, 0xce, 0x67, 0x9b,
+    0x82, 0x8d, 0x65, 0xfc, 0x3d, 0x3f, 0xfc, 0x25, 0x97, 0x3f, 0xe0, 0x88,
+    0x8e, 0x2d, 0x5f, 0xcd, 0xe1, 0x1c, 0xec, 0xb2, 0xff, 0xe1, 0x43, 0x39,
+    0xb7, 0xed, 0xb3, 0x91, 0xac, 0xa8, 0x1f, 0xb9, 0x16, 0xdf, 0x64, 0x30,
+    0x96, 0x53, 0x1e, 0x08, 0x08, 0x6a, 0x55, 0x86, 0x47, 0x09, 0x1c, 0x20,
+    0x34, 0xcb, 0xb2, 0xed, 0x12, 0x78, 0x80, 0xa1, 0x61, 0xf8, 0x73, 0x58,
+    0x20, 0x51, 0xd7, 0xaf, 0x6c, 0x44, 0xa1, 0x52, 0x8d, 0x8c, 0x8b, 0x61,
+    0x24, 0x05, 0xb2, 0x8d, 0x86, 0x7f, 0x32, 0xaa, 0x23, 0x66, 0x81, 0xc8,
+    0xe5, 0x0f, 0x64, 0xec, 0x01, 0xb1, 0x82, 0xf5, 0x2a, 0x87, 0xb8, 0x72,
+    0xb4, 0x6b, 0x11, 0x47, 0xeb, 0xa8, 0xdc, 0xcf, 0x19, 0x77, 0xa5, 0x0f,
+    0x3c, 0x71, 0x80, 0x8e, 0xfc, 0x2e, 0x94, 0x52, 0xe1, 0x79, 0x3e, 0x1f,
+    0xf9, 0x50, 0x62, 0x87, 0x06, 0xf3, 0xc3, 0x07, 0x36, 0x61, 0xee, 0x1c,
+    0xb5, 0xab, 0xff, 0xe0, 0xa8, 0x50, 0x2a, 0xc1, 0xfb, 0x3b, 0x86, 0x6e,
+    0xf1, 0x65, 0xfe, 0x89, 0xbf, 0x9a, 0xfc, 0xac, 0xbf, 0x61, 0x99, 0xe7,
+    0x59, 0x7f, 0xfd, 0xa6, 0xee, 0x1c, 0x6f, 0xfa, 0x75, 0xf9, 0x59, 0x7f,
+    0xa7, 0x4f, 0x13, 0xf2, 0x0b, 0x2f, 0x3b, 0xf4, 0xa8, 0xab, 0x97, 0xf3,
+    0x87, 0xef, 0x39, 0xd6, 0x57, 0x47, 0xaf, 0xe2, 0x9b, 0xf9, 0xb5, 0xe7,
+    0x0c, 0xeb, 0x2f, 0x9b, 0xf0, 0x95, 0x94, 0x34, 0x7e, 0x6a, 0x11, 0x5e,
+    0x23, 0xde, 0x5d, 0x7c, 0x5b, 0xbc, 0x75, 0x97, 0xc5, 0x91, 0x4a, 0xcb,
+    0x6e, 0x2c, 0xbf, 0xfd, 0x31, 0xfd, 0x87, 0x85, 0x06, 0xf0, 0x96, 0x56,
+    0x1f, 0xf1, 0xc8, 0x7c, 0x29, 0x74, 0x9d, 0x65, 0xdc, 0x1a, 0xca, 0xd1,
+    0xad, 0x71, 0x6b, 0xfd, 0x3a, 0xfc, 0x94, 0x81, 0x65, 0xfe, 0x09, 0x9a,
+    0xe9, 0xdf, 0xa5, 0x44, 0x78, 0xbf, 0x79, 0xb5, 0xe7, 0x59, 0x78, 0xbe,
+    0xeb, 0x2e, 0xc1, 0xe1, 0xe1, 0x70, 0x9e, 0xa0, 0x8b, 0x13, 0xc2, 0x16,
+    0xff, 0x42, 0x75, 0x1c, 0xea, 0x35, 0x97, 0xff, 0xf1, 0x66, 0xef, 0x36,
+    0xf0, 0x1b, 0xf6, 0xbf, 0x21, 0xa7, 0x59, 0x7f, 0x3f, 0xa4, 0xa4, 0x0b,
+    0x2b, 0x7a, 0x23, 0xf6, 0x59, 0x2f, 0xfe, 0x8e, 0x75, 0xd6, 0x73, 0x98,
+    0x3c, 0x59, 0x52, 0x99, 0x8e, 0x43, 0x11, 0xca, 0x2f, 0xd2, 0x3e, 0x6e,
+    0xc4, 0xb2, 0xff, 0x30, 0x82, 0xf9, 0x08, 0xe2, 0x59, 0x51, 0x9f, 0x2f,
+    0xcb, 0x2f, 0xff, 0xfb, 0x45, 0x91, 0xed, 0x2c, 0xde, 0x59, 0xbb, 0xcd,
+    0xbc, 0x06, 0xf5, 0x97, 0xfd, 0x9f, 0xe0, 0x7c, 0xdb, 0xd4, 0x16, 0x5f,
+    0xc5, 0x9f, 0xe6, 0x18, 0xb2, 0xa5, 0x1f, 0xf8, 0x46, 0x77, 0x17, 0x3e,
+    0xbf, 0xdd, 0x37, 0x3c, 0xdf, 0x65, 0x97, 0xec, 0x8d, 0xcb, 0xb5, 0x95,
+    0xd9, 0xed, 0x91, 0x9d, 0xfe, 0x1b, 0xf0, 0x13, 0xd9, 0x2c, 0xbe, 0xfe,
+    0x10, 0x16, 0x57, 0x67, 0xa9, 0xf3, 0x3b, 0xfd, 0xba, 0xe3, 0x9c, 0x1b,
+    0x2c, 0xb0, 0x40, 0xa3, 0x22, 0x72, 0x58, 0x63, 0x33, 0x19, 0x3e, 0x46,
+    0x98, 0xc8, 0x91, 0x42, 0x8b, 0x4b, 0x7e, 0x20, 0x78, 0x71, 0x14, 0x6b,
+    0x3c, 0x8e, 0x5f, 0xf0, 0x95, 0x0d, 0xdb, 0x74, 0x8e, 0xf7, 0x9c, 0xeb,
+    0x2f, 0xba, 0x77, 0xe9, 0x51, 0x60, 0xac, 0x35, 0x95, 0xa3, 0xc1, 0xf1,
+    0x85, 0xe3, 0x66, 0x35, 0x97, 0xf3, 0x68, 0xb3, 0x7e, 0x2c, 0xbf, 0xff,
+    0x09, 0xe3, 0x3e, 0x6c, 0x8b, 0x59, 0xa8, 0x07, 0x05, 0x95, 0xe4, 0x44,
+    0x11, 0x6d, 0xf7, 0xf4, 0xdd, 0xac, 0xb8, 0xdf, 0xac, 0xbf, 0x61, 0x67,
+    0xf8, 0xb2, 0xfd, 0x9c, 0x13, 0xf6, 0xb2, 0xfe, 0x73, 0x87, 0xa7, 0xed,
+    0x65, 0xff, 0xff, 0xf9, 0xa1, 0xd1, 0x09, 0xe3, 0x3e, 0x6c, 0x8b, 0x51,
+    0x42, 0x7b, 0xcd, 0x40, 0x38, 0x2c, 0xad, 0x22, 0xeb, 0xe5, 0xf6, 0x09,
+    0x2a, 0xab, 0x71, 0x74, 0xd2, 0x2e, 0xa1, 0x4c, 0xc4, 0x5a, 0x23, 0x71,
+    0x82, 0x26, 0x0e, 0x1c, 0x57, 0xf8, 0x26, 0x6b, 0xa7, 0x7e, 0x95, 0x16,
+    0x52, 0xff, 0xd9, 0xf8, 0x60, 0x36, 0x73, 0xc2, 0x59, 0x78, 0xd7, 0x25,
+    0x97, 0xff, 0xb1, 0xc7, 0xec, 0xd6, 0xa7, 0x79, 0xb2, 0xb2, 0xfb, 0xa7,
+    0x7e, 0x95, 0x16, 0x9a, 0x8d, 0x44, 0xbe, 0xe0, 0xe6, 0x92, 0xef, 0x48,
+    0xbb, 0x59, 0x7d, 0x91, 0xb1, 0x8b, 0x2b, 0xc7, 0x80, 0x43, 0xb7, 0xf8,
+    0x7e, 0x78, 0xbc, 0xc7, 0x59, 0x4b, 0x1c, 0xda, 0x5f, 0xe9, 0x3e, 0x0c,
+    0xa7, 0xb5, 0x97, 0xe1, 0xb0, 0x24, 0x96, 0x5f, 0x9f, 0x93, 0x9c, 0x59,
+    0x7d, 0x9a, 0x7e, 0x2c, 0xaf, 0x1e, 0x38, 0x89, 0xac, 0x10, 0x6a, 0x9f,
+    0x32, 0x1b, 0x1d, 0x3a, 0x1d, 0x57, 0xc3, 0x4e, 0x65, 0xc6, 0xdb, 0xf6,
+    0xc4, 0x14, 0x0b, 0x02, 0xc0, 0xb1, 0x65, 0xf0, 0x58, 0x14, 0x0a, 0x6c,
+    0x0b, 0x2b, 0x62, 0x3f, 0x6d, 0x84, 0x83, 0x7f, 0xdb, 0x1f, 0x98, 0xc1,
+    0xbb, 0xf4, 0xb2, 0xfc, 0x15, 0x1e, 0x9f, 0xa5, 0x97, 0xf4, 0x9f, 0x3c,
+    0xd0, 0x59, 0x7e, 0xd8, 0x41, 0x5e, 0x64, 0xac, 0xbf, 0xdb, 0x62, 0x6f,
+    0x10, 0xbe, 0xb2, 0xfe, 0x0b, 0x6f, 0xe6, 0xdd, 0x95, 0x94, 0x16, 0x1f,
+    0x58, 0x5b, 0x36, 0xbf, 0xc1, 0x9f, 0x3f, 0xc6, 0xe2, 0xcb, 0x32, 0xca,
+    0xd8, 0xcf, 0x13, 0x64, 0xd2, 0xfe, 0x0a, 0xb7, 0x53, 0xdf, 0x16, 0x5f,
+    0xe9, 0x8f, 0x4e, 0x38, 0xdd, 0x65, 0xff, 0xfb, 0xce, 0x5f, 0x86, 0x6b,
+    0x24, 0x8b, 0x3e, 0xb2, 0xa0, 0x88, 0x56, 0x34, 0xbf, 0xfe, 0x78, 0xdf,
+    0x7f, 0x36, 0xbe, 0xfe, 0xbc, 0xda, 0x59, 0x7e, 0xde, 0xe3, 0xc3, 0xac,
+    0xbe, 0x70, 0x6c, 0xe2, 0xcb, 0xfe, 0xe4, 0xfa, 0x47, 0xe7, 0x35, 0x65,
+    0x6d, 0x3d, 0xdf, 0x92, 0x5d, 0x9b, 0xd6, 0x5b, 0x92, 0x6f, 0x08, 0x92,
+    0xfd, 0xf9, 0x29, 0x89, 0x65, 0xe9, 0xef, 0x8b, 0x2b, 0x0f, 0x10, 0xe4,
+    0xf7, 0xf1, 0xdb, 0x76, 0x49, 0x96, 0x5e, 0xdd, 0x1c, 0xac, 0xa6, 0x3c,
+    0xd1, 0x17, 0x5f, 0xa4, 0xba, 0xf4, 0xac, 0xbf, 0xfb, 0x3f, 0xe6, 0x3e,
+    0x7f, 0x81, 0xf1, 0x65, 0xff, 0xb1, 0xc1, 0x30, 0xd4, 0xe1, 0x2c, 0xae,
+    0x91, 0x00, 0xc8, 0xb7, 0xcd, 0xbf, 0xdb, 0xd6, 0x5f, 0x72, 0x4a, 0x25,
+    0x97, 0xd3, 0xbb, 0x16, 0x2c, 0xa7, 0x3c, 0x72, 0x22, 0xbf, 0xfc, 0xf1,
+    0x07, 0x31, 0xed, 0x9f, 0x66, 0xb1, 0x65, 0xfe, 0xdd, 0x60, 0x6d, 0x7f,
+    0x09, 0x65, 0x41, 0x70, 0x3c, 0x64, 0x58, 0xae, 0xd0, 0xc2, 0x89, 0xa7,
+    0xcd, 0xc0, 0x21, 0x28, 0x53, 0xf0, 0x8f, 0xed, 0xbb, 0xc8, 0x37, 0x53,
+    0x6e, 0xee, 0x25, 0x97, 0xfc, 0x58, 0x32, 0x9e, 0xa7, 0x4b, 0x28, 0xe7,
+    0xa0, 0xe3, 0x37, 0xf8, 0xe1, 0x9c, 0x07, 0x60, 0x2c, 0xbf, 0x6d, 0xd6,
+    0x85, 0xe5, 0x97, 0xe6, 0x36, 0x4b, 0xa5, 0x95, 0xc3, 0xd3, 0xf9, 0x5d,
+    0x4a, 0x2a, 0xb2, 0x11, 0x17, 0x9b, 0x23, 0x59, 0x7f, 0xfb, 0xaf, 0x37,
+    0x9b, 0x53, 0x11, 0x99, 0xe5, 0x95, 0xe3, 0xe8, 0x21, 0xcb, 0xc0, 0x2c,
+    0x59, 0x71, 0x62, 0xca, 0xda, 0x6c, 0x00, 0x37, 0x78, 0xf3, 0xa5, 0x97,
+    0xfc, 0xdb, 0x7c, 0xfa, 0x9d, 0xf2, 0xb2, 0xa4, 0xf5, 0xf8, 0x39, 0x7f,
+    0xc7, 0x78, 0x6c, 0x8b, 0xcd, 0xa5, 0x95, 0x1a, 0x35, 0xf4, 0xf4, 0x72,
+    0x1b, 0xf3, 0xf3, 0xf2, 0x35, 0x95, 0x27, 0xb0, 0x23, 0x1b, 0xfc, 0xfa,
+    0x83, 0xfd, 0xfa, 0x59, 0x7f, 0xfb, 0x30, 0xb0, 0x05, 0x9f, 0xf6, 0x41,
+    0x65, 0x4a, 0xa1, 0xaf, 0x47, 0x00, 0x22, 0x1d, 0xd3, 0x3b, 0xff, 0x8e,
+    0x4e, 0x69, 0x60, 0x23, 0xc3, 0x16, 0x5f, 0xfe, 0x2c, 0x37, 0xcf, 0x0f,
+    0x18, 0xe1, 0x9d, 0x65, 0xbd, 0x28, 0x91, 0xc4, 0x5b, 0xfa, 0x4b, 0xe3,
+    0x29, 0x59, 0x7e, 0x98, 0x70, 0xf0, 0x59, 0x7d, 0x21, 0xcf, 0x96, 0x5c,
+    0xd1, 0xac, 0xbc, 0xef, 0xd2, 0xa2, 0xdc, 0x5f, 0xbf, 0xce, 0x34, 0x4b,
+    0x2a, 0x33, 0xe9, 0xe8, 0x5c, 0x32, 0x9b, 0xff, 0x36, 0xbc, 0xf9, 0xa8,
+    0xda, 0x35, 0x97, 0xd1, 0x48, 0xf1, 0x65, 0xfc, 0x03, 0xe7, 0x04, 0x4b,
+    0x2f, 0xf7, 0xf9, 0x3a, 0xd6, 0x18, 0xb2, 0x98, 0xf8, 0x5c, 0xb6, 0xff,
+    0xd9, 0xac, 0x2d, 0xbe, 0xce, 0xcc, 0x59, 0x7e, 0x20, 0x3f, 0x7c, 0x59,
+    0x52, 0x7d, 0x2e, 0x83, 0x50, 0x55, 0x44, 0x32, 0x73, 0x4a, 0xfb, 0x28,
+    0xd4, 0x22, 0xfc, 0x64, 0xe7, 0xe5, 0x08, 0x3e, 0x42, 0x26, 0xff, 0xce,
+    0x32, 0x7d, 0xfe, 0x98, 0xb8, 0xb2, 0x96, 0x5e, 0x9e, 0x89, 0x65, 0x7c,
+    0xd3, 0xef, 0x0b, 0xbf, 0x88, 0x11, 0x14, 0x9d, 0x65, 0x1a, 0x8b, 0x73,
+    0xb3, 0xb9, 0x1d, 0xe3, 0x93, 0x2c, 0xb1, 0x2c, 0xb7, 0x4b, 0x2f, 0xfb,
+    0xc2, 0x7e, 0x66, 0x11, 0xab, 0x2f, 0xff, 0xd3, 0xd6, 0xdc, 0xf3, 0x6a,
+    0x7d, 0x84, 0x39, 0x59, 0x7e, 0xe3, 0xf6, 0xe3, 0x59, 0x66, 0x1a, 0x2d,
+    0x4e, 0x71, 0xf5, 0x5b, 0xfc, 0xe1, 0x0b, 0x23, 0x93, 0x56, 0x54, 0xa6,
+    0xb9, 0x83, 0x6c, 0x21, 0xe8, 0x63, 0x91, 0xad, 0xff, 0x4b, 0x97, 0xb3,
+    0x0b, 0xa5, 0x97, 0xfb, 0xff, 0x68, 0xcf, 0x24, 0xb2, 0xff, 0x84, 0x51,
+    0x93, 0xe9, 0xe0, 0xb2, 0xa0, 0x8a, 0x1c, 0x36, 0xe1, 0x9d, 0xfe, 0x21,
+    0x1e, 0x79, 0xf6, 0x59, 0x7f, 0x98, 0xa4, 0xf3, 0xdf, 0x16, 0x5f, 0xa7,
+    0x5a, 0xcd, 0xd5, 0x97, 0xb4, 0xdd, 0xac, 0xa9, 0x45, 0x5c, 0x46, 0x44,
+    0x65, 0xf2, 0xab, 0xfc, 0x21, 0x96, 0x6f, 0x78, 0x2c, 0xbf, 0xff, 0x7a,
+    0x2d, 0xa7, 0x17, 0xda, 0x3c, 0xf9, 0xb9, 0xe5, 0x97, 0xf1, 0x4c, 0x51,
+    0x60, 0x16, 0x5f, 0xfe, 0x98, 0xfe, 0xc3, 0xc2, 0x83, 0x78, 0x4b, 0x2f,
+    0xfa, 0x0d, 0xbf, 0x3c, 0xe5, 0x1a, 0xcb, 0xd3, 0x9a, 0x59, 0x7f, 0xbd,
+    0x30, 0x6d, 0x9c, 0x3a, 0xca, 0x19, 0xe8, 0x70, 0x6e, 0xfd, 0xb7, 0xbe,
+    0x31, 0xab, 0x2a, 0x33, 0xce, 0xec, 0x8a, 0xbb, 0x47, 0xe3, 0xc3, 0x62,
+    0xff, 0xd9, 0xe6, 0xd0, 0xfd, 0x25, 0xd2, 0xcb, 0xff, 0x16, 0x7f, 0x93,
+    0xb7, 0xf9, 0xd2, 0xcb, 0xed, 0xbf, 0xc0, 0x2c, 0xa8, 0x22, 0x89, 0x8f,
+    0xbc, 0x81, 0x7f, 0xbb, 0x84, 0x97, 0xf0, 0x0b, 0x2f, 0xb8, 0x06, 0xfa,
+    0xca, 0x82, 0xb5, 0x0e, 0x8d, 0x19, 0x6f, 0xc5, 0xcf, 0x1a, 0x2f, 0x21,
+    0x94, 0x22, 0xf0, 0xcc, 0xef, 0xcf, 0xaf, 0xe7, 0x96, 0x5f, 0xf9, 0x81,
+    0x30, 0x1f, 0xa4, 0xba, 0x59, 0x50, 0x3e, 0x5f, 0x93, 0xdf, 0xdf, 0x86,
+    0x6b, 0x38, 0xb2, 0x96, 0x5e, 0x13, 0xfd, 0x65, 0xc2, 0x95, 0x95, 0x03,
+    0x65, 0xf1, 0xca, 0x59, 0x7d, 0xdf, 0x4d, 0xa5, 0x97, 0x1c, 0x26, 0x22,
+    0x37, 0xb3, 0xd3, 0x90, 0xfc, 0x2e, 0xfb, 0x06, 0x43, 0x59, 0x52, 0x7d,
+    0x9b, 0xd2, 0xef, 0xf8, 0xbf, 0xe7, 0x80, 0x9c, 0x35, 0x95, 0x29, 0xd2,
+    0x61, 0x13, 0x46, 0x4c, 0xe4, 0x77, 0xdf, 0xda, 0x16, 0x12, 0xcb, 0xce,
+    0xd1, 0xac, 0xac, 0x3c, 0x53, 0x4a, 0x6c, 0xcb, 0x2d, 0xb2, 0xb2, 0xc4,
+    0x03, 0x49, 0xf1, 0x0b, 0xdb, 0x76, 0x0d, 0x81, 0x65, 0xff, 0x40, 0x26,
+    0x6b, 0xa7, 0x7e, 0x95, 0x14, 0x3a, 0xfd, 0x0d, 0xbb, 0xcf, 0x2b, 0x2a,
+    0x53, 0x0a, 0x64, 0x68, 0x89, 0x9c, 0xa4, 0x92, 0x6f, 0x68, 0xde, 0x96,
+    0x5d, 0x87, 0x59, 0x7b, 0xf9, 0xba, 0xb2, 0xd3, 0xd1, 0xb5, 0xf8, 0xb5,
+    0x40, 0xfe, 0xc0, 0xa9, 0x7d, 0x3b, 0x82, 0x95, 0x97, 0xa2, 0xc1, 0xac,
+    0xbd, 0x14, 0xfd, 0x65, 0x49, 0xba, 0x10, 0xed, 0x69, 0x14, 0x00, 0x22,
+    0xe2, 0xf5, 0xc2, 0x0d, 0x65, 0xfb, 0x8f, 0xec, 0xe9, 0x65, 0x76, 0x78,
+    0x1c, 0x18, 0xbc, 0x39, 0x3a, 0xcb, 0xfe, 0xc9, 0x1f, 0xa7, 0x76, 0x62,
+    0x59, 0x7f, 0x80, 0xde, 0xf6, 0x01, 0xd6, 0x51, 0xcf, 0xb4, 0x07, 0x77,
+    0xfe, 0xcf, 0xf3, 0xd9, 0xad, 0x61, 0x8b, 0x2f, 0xfc, 0x5b, 0xae, 0x4e,
+    0x71, 0xe0, 0xd6, 0x54, 0xa7, 0x79, 0x8e, 0x0c, 0x46, 0xf0, 0x89, 0x0c,
+    0x8b, 0x74, 0xfe, 0xff, 0xce, 0x39, 0x1f, 0x98, 0x98, 0xeb, 0x2f, 0xfd,
+    0xbd, 0xf5, 0xc7, 0xf7, 0x26, 0x35, 0x97, 0xfb, 0x82, 0xeb, 0x3e, 0x52,
+    0xb2, 0x8e, 0x8b, 0x0f, 0x1e, 0x7d, 0x06, 0xff, 0xdd, 0xf3, 0x6e, 0xfc,
+    0x91, 0x8a, 0x35, 0x97, 0xbf, 0x9d, 0x2c, 0xbb, 0x3a, 0x59, 0x6c, 0xda,
+    0x6d, 0x3e, 0x3b, 0x7f, 0xde, 0x7d, 0x77, 0xf9, 0x68, 0xd6, 0x5f, 0xe2,
+    0xeb, 0x6c, 0x5d, 0x7a, 0x25, 0x95, 0x03, 0xf4, 0x73, 0xaa, 0x74, 0xcd,
+    0x89, 0xe4, 0x50, 0x9c, 0xbf, 0xd0, 0x9d, 0x47, 0x3a, 0x8d, 0x65, 0xf4,
+    0xbe, 0x80, 0xb2, 0xfc, 0xde, 0x21, 0x7d, 0x65, 0xfe, 0xe9, 0xb9, 0x83,
+    0x7e, 0x96, 0x5f, 0xde, 0xc2, 0x6f, 0x09, 0x65, 0x0d, 0x15, 0x11, 0x10,
+    0xf8, 0x9f, 0xe6, 0x97, 0xe8, 0xe7, 0xcf, 0xf5, 0x97, 0xe7, 0xe6, 0xfc,
+    0xe2, 0xcb, 0xf3, 0xff, 0x6c, 0xca, 0xca, 0x94, 0xe5, 0x32, 0x1b, 0xae,
+    0x7c, 0x02, 0x81, 0x14, 0xdf, 0xb6, 0xfb, 0x00, 0xeb, 0x2f, 0xf6, 0xa7,
+    0xce, 0x38, 0x1d, 0x65, 0xff, 0x1d, 0xbf, 0xb3, 0x84, 0xe6, 0xac, 0xbf,
+    0xa0, 0xfa, 0xce, 0xfe, 0xb2, 0xfe, 0x1b, 0x9f, 0xcc, 0x62, 0xca, 0x93,
+    0xdc, 0xc2, 0xeb, 0xfe, 0xcf, 0xf0, 0x3e, 0x69, 0xf8, 0xb2, 0xe8, 0xe3,
+    0x59, 0x7d, 0xb4, 0xdc, 0x1a, 0xca, 0x19, 0xbe, 0x00, 0xcd, 0xf9, 0xbf,
+    0xc7, 0x65, 0x97, 0xff, 0xec, 0xf3, 0x70, 0x51, 0xf5, 0xe6, 0xff, 0xf2,
+    0x35, 0x97, 0xfd, 0xa0, 0x69, 0xcb, 0xf8, 0x05, 0x95, 0x1a, 0xa6, 0x21,
+    0x94, 0xe1, 0x9e, 0xa1, 0x2e, 0x72, 0x07, 0x78, 0x01, 0x0f, 0x09, 0x84,
+    0xb1, 0x78, 0x3d, 0x41, 0x65, 0xfc, 0x1f, 0xc5, 0x39, 0x1a, 0xcb, 0xf8,
+    0x1e, 0x76, 0xf0, 0x96, 0x54, 0x0f, 0xea, 0x21, 0xed, 0x17, 0xdf, 0xfd,
+    0xd1, 0x4f, 0xcb, 0x37, 0xe6, 0xa0, 0xb2, 0xfc, 0xfc, 0xe4, 0x7c, 0x59,
+    0x7f, 0x39, 0x00, 0x30, 0x71, 0x65, 0xee, 0x1d, 0xd6, 0x5f, 0xe2, 0x34,
+    0x3f, 0x78, 0x5c, 0x59, 0x46, 0xa2, 0x02, 0x22, 0xe1, 0x0e, 0x5f, 0xfc,
+    0x2e, 0x79, 0xe1, 0x24, 0x3c, 0xf2, 0xcb, 0xfe, 0x0e, 0x41, 0x14, 0x27,
+    0x51, 0xac, 0xbf, 0x89, 0xfe, 0x1c, 0xf4, 0xb2, 0x8e, 0x7d, 0x44, 0x79,
+    0x7c, 0x40, 0x8c, 0x0b, 0x2f, 0xff, 0xf4, 0x5c, 0x61, 0xed, 0x89, 0x8b,
+    0x7b, 0xc4, 0xff, 0x14, 0xac, 0xac, 0x45, 0x53, 0x10, 0xb9, 0x1d, 0xff,
+    0x1f, 0x9b, 0x70, 0x72, 0x5f, 0x59, 0x7e, 0x86, 0xde, 0x73, 0x16, 0x5f,
+    0xee, 0x6d, 0xfe, 0xd1, 0xe1, 0x2c, 0xb0, 0x16, 0x57, 0x67, 0x91, 0xa3,
+    0x7a, 0x94, 0x67, 0xe1, 0xd3, 0x39, 0x5f, 0xc2, 0xeb, 0xd3, 0xac, 0x59,
+    0x7d, 0xdf, 0x3e, 0xcb, 0x2b, 0x0f, 0x45, 0xcb, 0xaa, 0x57, 0x10, 0x70,
+    0xc0, 0xd4, 0x56, 0x85, 0x4e, 0x8c, 0xbd, 0x1a, 0xb9, 0x43, 0xf3, 0x8f,
+    0xd7, 0xe7, 0x11, 0xb2, 0x1a, 0xcb, 0xf6, 0xc7, 0x9a, 0x9e, 0x2c, 0xa8,
+    0x8f, 0x54, 0x8a, 0x6f, 0xec, 0xfb, 0x0f, 0x0e, 0xb2, 0xf8, 0xa0, 0xc7,
+    0x59, 0x6d, 0xb1, 0x1e, 0x6b, 0x96, 0x5f, 0xcc, 0x5b, 0xde, 0x20, 0xb6,
+    0xb2, 0xfe, 0x98, 0xbb, 0x86, 0x6f, 0x59, 0x51, 0x1f, 0x37, 0x0d, 0x68,
+    0x68, 0xb3, 0x78, 0x48, 0x5f, 0xff, 0x87, 0xe9, 0x0c, 0x27, 0xc9, 0xc1,
+    0xce, 0x48, 0x12, 0x5c, 0x3c, 0x59, 0x7e, 0x8e, 0x63, 0x7e, 0x2c, 0xac,
+    0x44, 0xbb, 0x2c, 0x38, 0xb5, 0xfd, 0xba, 0xe0, 0x3c, 0xf1, 0x65, 0xd2,
+    0x05, 0x96, 0x12, 0xc0, 0xcb, 0x6a, 0xf1, 0xf3, 0x81, 0x1a, 0xff, 0xdc,
+    0xde, 0xf1, 0x46, 0xe4, 0xf1, 0x2c, 0xbf, 0xf4, 0xee, 0xc4, 0xfb, 0xdf,
+    0xfb, 0xe5, 0x65, 0xff, 0xb0, 0x73, 0x09, 0xd1, 0xff, 0xda, 0xcb, 0xf9,
+    0xc1, 0x11, 0x48, 0xd6, 0x5f, 0xf1, 0x64, 0x63, 0xf6, 0x17, 0xd6, 0x5e,
+    0xfb, 0x71, 0x65, 0x4a, 0x6d, 0x31, 0x11, 0x69, 0x08, 0xe8, 0xbe, 0x3f,
+    0x22, 0xde, 0x1c, 0x56, 0xc4, 0xeb, 0xd3, 0xf6, 0x02, 0xdd, 0x8c, 0xff,
+    0x61, 0x16, 0x85, 0x85, 0x81, 0x6e, 0x13, 0x9b, 0x0d, 0xc4, 0x2d, 0x15,
+    0x4c, 0xe6, 0x3c, 0x71, 0x82, 0xc2, 0x19, 0x63, 0x95, 0x51, 0x92, 0xde,
+    0x8d, 0x8d, 0x1b, 0xa8, 0xe3, 0x3b, 0x87, 0x6b, 0x43, 0x6a, 0x29, 0x71,
+    0x9a, 0x95, 0x0e, 0x78, 0xe3, 0xfd, 0x2c, 0x7d, 0xe3, 0x0d, 0x04, 0x6c,
+    0xc5, 0x1e, 0x47, 0x25, 0x57, 0xfe, 0x74, 0xfc, 0x50, 0xd6, 0xdf, 0x19,
+    0x16, 0xcc, 0x2f, 0x83, 0x8f, 0xf6, 0xfe, 0xff, 0x7c, 0x62, 0x1a, 0xcb,
+    0xff, 0xb5, 0x9d, 0xf5, 0xe6, 0xff, 0x1f, 0xb5, 0x97, 0xe9, 0xe6, 0x84,
+    0x05, 0x97, 0xff, 0xf1, 0xf3, 0xfc, 0x0f, 0x85, 0x9f, 0x10, 0x0e, 0xf0,
+    0x59, 0x7c, 0x00, 0xca, 0x0b, 0x2e, 0xe8, 0x23, 0x26, 0x38, 0x02, 0xe2,
+    0x47, 0xe1, 0x47, 0xd7, 0x28, 0x22, 0xbc, 0x91, 0x4b, 0x71, 0xbe, 0x9d,
+    0x40, 0xeb, 0x2f, 0xfa, 0x27, 0x92, 0x98, 0x85, 0x2b, 0x2f, 0xb6, 0x73,
+    0x52, 0xb2, 0xf7, 0x1f, 0x71, 0x65, 0x61, 0xe1, 0xf6, 0x49, 0x7e, 0xc1,
+    0x8b, 0xfc, 0x59, 0x7f, 0x9f, 0xce, 0x19, 0xf3, 0x8b, 0x2f, 0x3e, 0x8d,
+    0x59, 0x60, 0x91, 0xa6, 0x6f, 0x84, 0x4c, 0xf6, 0x44, 0x5b, 0xca, 0x0c,
+    0x33, 0xbf, 0xc1, 0x33, 0x5d, 0x3b, 0xf4, 0xa8, 0xbc, 0xd5, 0x2f, 0xf3,
+    0xbd, 0x08, 0x43, 0x0e, 0x37, 0xdc, 0xb5, 0xfd, 0x3d, 0xd2, 0xbb, 0xf5,
+    0x2e, 0xac, 0xf0, 0x90, 0xf4, 0xab, 0xf2, 0xb6, 0x80, 0x1c, 0x8d, 0x97,
+    0x7b, 0x0d, 0xfe, 0x09, 0x9a, 0xe9, 0xdf, 0xa5, 0x45, 0x2c, 0xb8, 0x29,
+    0xb0, 0xd6, 0x5d, 0xf8, 0xd6, 0x5f, 0x98, 0x27, 0x31, 0x96, 0x5f, 0xff,
+    0xbd, 0x85, 0x86, 0xf9, 0xe1, 0xe3, 0x1c, 0x33, 0xac, 0xbe, 0xe9, 0xdf,
+    0xa5, 0x45, 0x84, 0xa8, 0x22, 0x1f, 0x4a, 0xf7, 0x0f, 0x16, 0x5c, 0xdd,
+    0xac, 0xb7, 0xe4, 0xd6, 0xe8, 0x5a, 0xff, 0xfb, 0x08, 0x73, 0xe9, 0xef,
+    0xf8, 0x4e, 0x75, 0x97, 0x88, 0x5d, 0x2c, 0xa9, 0x3e, 0xa7, 0x4d, 0xbf,
+    0xff, 0xbf, 0x8d, 0xae, 0x7c, 0x98, 0x1c, 0x9f, 0xf1, 0x96, 0x52, 0xca,
+    0x93, 0xe4, 0xe2, 0xcd, 0xfc, 0x2d, 0x34, 0x6e, 0x75, 0x96, 0x09, 0xb0,
+    0xd5, 0x4d, 0xc9, 0x08, 0xc6, 0x32, 0x15, 0xec, 0xa0, 0x78, 0x48, 0x72,
+    0x10, 0x9b, 0x24, 0x37, 0xf8, 0x26, 0x6b, 0xa7, 0x7e, 0x95, 0x16, 0x5a,
+    0xd0, 0x59, 0x76, 0x8d, 0x59, 0x7c, 0x10, 0xdd, 0x87, 0xb1, 0x2c, 0xa4,
+    0x97, 0x82, 0x06, 0x75, 0x95, 0xd1, 0xee, 0x70, 0xc4, 0x41, 0x74, 0x6a,
+    0x2d, 0x48, 0x47, 0x8e, 0x97, 0x4f, 0x96, 0x58, 0x0b, 0x2e, 0x36, 0x35,
+    0x96, 0xd4, 0x0d, 0x56, 0x08, 0xd7, 0x47, 0xcc, 0xe8, 0x14, 0xb2, 0xf4,
+    0x0a, 0x56, 0x50, 0x0d, 0x37, 0xc2, 0xee, 0x87, 0x96, 0x58, 0xd5, 0x94,
+    0xc7, 0x94, 0x02, 0x1f, 0x8b, 0xdf, 0xff, 0x86, 0xdf, 0xf6, 0x0d, 0xb0,
+    0x6f, 0x1b, 0x92, 0xcb, 0xfe, 0x7e, 0xcb, 0x3b, 0xfc, 0x9a, 0xb2, 0xff,
+    0x47, 0xdf, 0x24, 0x7f, 0x65, 0x97, 0xe9, 0xcd, 0xf3, 0xc5, 0x96, 0x97,
+    0x3d, 0xd3, 0x0d, 0x6a, 0x53, 0x11, 0x75, 0x32, 0x84, 0xbd, 0xf3, 0xc2,
+    0x03, 0x59, 0x7f, 0xf6, 0xbc, 0xe3, 0x29, 0x17, 0x5e, 0x75, 0x97, 0xed,
+    0x4f, 0xdf, 0xcb, 0x29, 0x8f, 0xad, 0xd1, 0x2f, 0x18, 0x61, 0x89, 0x2f,
+    0xfa, 0x61, 0xdf, 0xf5, 0x39, 0xda, 0x40, 0x86, 0x82, 0xff, 0x84, 0xfd,
+    0xe7, 0xdb, 0xb3, 0x16, 0x5d, 0x3c, 0x59, 0x43, 0x4d, 0xab, 0xd0, 0x8d,
+    0x24, 0x0e, 0x26, 0x6f, 0x3b, 0xbb, 0x61, 0xec, 0x4b, 0x2f, 0xe6, 0x7e,
+    0x03, 0x82, 0x59, 0x7f, 0xf3, 0x41, 0xf8, 0xe4, 0x2e, 0xb3, 0x89, 0x2f,
+    0xff, 0xef, 0x37, 0xfd, 0x9c, 0x2c, 0x38, 0xb9, 0xe7, 0x82, 0xcb, 0xfd,
+    0x30, 0xfb, 0xf9, 0xc6, 0xb2, 0xf9, 0xfe, 0x6f, 0x16, 0x54, 0xa3, 0xcb,
+    0x10, 0xf4, 0xb4, 0xe6, 0x57, 0xcd, 0xd3, 0xe9, 0x65, 0xa0, 0xb2, 0xd0,
+    0x59, 0x68, 0x2c, 0xbc, 0x61, 0x86, 0x2c, 0xb7, 0x49, 0x02, 0x1a, 0x0a,
+    0x93, 0xf7, 0x34, 0x45, 0x84, 0x40, 0x63, 0x4b, 0x2f, 0xc2, 0xe7, 0x9e,
+    0x0b, 0x30, 0x97, 0x7f, 0xfd, 0xc6, 0xeb, 0x0b, 0x52, 0x58, 0x3c, 0x35,
+    0x65, 0x1d, 0x10, 0x7f, 0x35, 0xb7, 0x6b, 0x2c, 0x6a, 0xcb, 0x09, 0x65,
+    0x11, 0xa3, 0xe0, 0x95, 0x61, 0xfc, 0x70, 0x8f, 0xe6, 0xb7, 0x70, 0xd5,
+    0x96, 0xc5, 0x97, 0x08, 0x12, 0x6a, 0x06, 0x31, 0x73, 0x4a, 0xcb, 0xf8,
+    0xa4, 0xe5, 0x38, 0xb2, 0xff, 0xe9, 0x7d, 0x7f, 0xd8, 0x31, 0x7f, 0x8b,
+    0x2e, 0x84, 0xac, 0xbd, 0xc1, 0x9a, 0xb2, 0xa3, 0x47, 0x18, 0xcb, 0x22,
+    0x15, 0xf1, 0x50, 0x91, 0x03, 0x16, 0xbf, 0xfd, 0x9d, 0xfc, 0x3f, 0xb7,
+    0xfd, 0x83, 0x65, 0x97, 0xff, 0xff, 0xa7, 0xfc, 0x6e, 0x72, 0x7f, 0xe6,
+    0x9d, 0x00, 0xef, 0x08, 0x7c, 0xd5, 0x94, 0x6a, 0x30, 0xfc, 0x97, 0x73,
+    0x76, 0xb2, 0xf0, 0x21, 0xe5, 0x97, 0x49, 0xd6, 0x5f, 0xff, 0xa4, 0x85,
+    0x08, 0x4f, 0xfd, 0x87, 0x0e, 0x40, 0xb2, 0xff, 0xe6, 0x8e, 0x7c, 0xd3,
+    0xfe, 0x0b, 0x8b, 0x2f, 0xfe, 0x14, 0x33, 0x9a, 0x96, 0x83, 0xf1, 0x25,
+    0x9b, 0x48, 0x87, 0x24, 0x4a, 0x82, 0x60, 0x7f, 0x86, 0xe5, 0xdd, 0x04,
+    0x96, 0x5c, 0xd4, 0x70, 0x96, 0x84, 0x24, 0x87, 0x19, 0xfe, 0x47, 0x3a,
+    0x6a, 0x8f, 0x44, 0x5a, 0x8c, 0x7f, 0xc7, 0x4f, 0x09, 0x92, 0x8d, 0x07,
+    0x91, 0x9c, 0xfe, 0x31, 0xdd, 0xe4, 0x86, 0x0b, 0xec, 0x8e, 0x87, 0x18,
+    0xcd, 0xff, 0xe0, 0x87, 0x78, 0x04, 0xcd, 0x74, 0xef, 0xd2, 0xa2, 0x8c,
+    0x5f, 0x37, 0xdf, 0x65, 0x65, 0xfc, 0xfa, 0x01, 0xe4, 0x0b, 0x2f, 0xa7,
+    0x52, 0x05, 0x97, 0xf4, 0x8e, 0x4f, 0x21, 0xac, 0xa8, 0x91, 0x3f, 0xe2,
+    0x4d, 0xe5, 0xa1, 0x90, 0xdf, 0xc4, 0xff, 0xf3, 0x44, 0xb2, 0xfb, 0x30,
+    0x99, 0x65, 0xfb, 0xd3, 0x1e, 0x0d, 0x65, 0xff, 0xf6, 0x98, 0xdc, 0xf8,
+    0xbc, 0xc7, 0xcf, 0x3a, 0xcb, 0xf1, 0x38, 0x24, 0x35, 0x97, 0xfb, 0x3f,
+    0xc0, 0xe3, 0x98, 0xd6, 0x5f, 0xfb, 0x01, 0x99, 0x11, 0x8f, 0xdf, 0x16,
+    0x5f, 0xf9, 0xbb, 0x87, 0x0b, 0x3f, 0xe1, 0x2c, 0xbf, 0xe6, 0xd7, 0xb3,
+    0x0a, 0x1c, 0x59, 0x50, 0x3f, 0x6e, 0x8f, 0xef, 0x9f, 0x7e, 0x12, 0xcb,
+    0xff, 0xfe, 0xc3, 0xf9, 0xa7, 0xe5, 0x9f, 0xf6, 0x16, 0x18, 0xe0, 0x59,
+    0x5d, 0xa2, 0xa3, 0x44, 0x7e, 0x22, 0xbb, 0x73, 0x75, 0x65, 0xff, 0x9e,
+    0x1d, 0x79, 0x8f, 0x3a, 0x35, 0x65, 0xfd, 0x18, 0x7b, 0x2e, 0x40, 0x59,
+    0x7f, 0xe7, 0x20, 0x67, 0xe4, 0x98, 0x0b, 0x2a, 0x4f, 0xb7, 0x64, 0xca,
+    0xc1, 0x25, 0x5e, 0xf6, 0x20, 0x9a, 0x5b, 0x10, 0xf9, 0xca, 0x3c, 0x9e,
+    0x02, 0x72, 0x36, 0xfc, 0x6b, 0xc2, 0x31, 0x30, 0x74, 0x38, 0x56, 0xd4,
+    0x1b, 0x6c, 0xcd, 0x4a, 0xde, 0x3c, 0x24, 0x1e, 0x99, 0x25, 0xc8, 0xce,
+    0x3f, 0x39, 0xb3, 0x7f, 0xf0, 0x47, 0x80, 0x4c, 0xd7, 0x4e, 0xfd, 0x2a,
+    0x23, 0x95, 0xff, 0xe0, 0x87, 0x78, 0x04, 0xcd, 0x74, 0xef, 0xd2, 0xa2,
+    0x72, 0x5f, 0xe0, 0x99, 0xae, 0x9d, 0xfa, 0x54, 0x59, 0x8b, 0xbe, 0x05,
+    0x97, 0xec, 0xf1, 0x66, 0x96, 0x5e, 0x8e, 0x74, 0xb2, 0xfd, 0x0e, 0x39,
+    0xc2, 0x78, 0xf6, 0x88, 0x5f, 0x84, 0xd7, 0xc1, 0x6b, 0x62, 0xd8, 0x82,
+    0xd2, 0xcb, 0xfc, 0x3c, 0x3c, 0xf7, 0x27, 0x59, 0x5b, 0x11, 0xf6, 0x05,
+    0xa3, 0x9b, 0x6f, 0x59, 0x7f, 0xb5, 0x3f, 0xf3, 0xf7, 0x05, 0x97, 0xff,
+    0xff, 0xd3, 0x17, 0xa7, 0xf2, 0x1b, 0x6a, 0x29, 0xf6, 0x6f, 0xcf, 0x60,
+    0xf7, 0xe2, 0xca, 0x02, 0x2d, 0x48, 0xd2, 0xff, 0xb3, 0x8f, 0xf0, 0x06,
+    0x50, 0x59, 0x60, 0x2c, 0xbf, 0xb9, 0xad, 0x67, 0x7c, 0x59, 0x5b, 0x11,
+    0xe0, 0x60, 0x8d, 0xed, 0x61, 0xd6, 0x5f, 0x31, 0x67, 0x16, 0x5b, 0x3e,
+    0x6f, 0x37, 0x47, 0x2f, 0xff, 0xfd, 0xe9, 0x21, 0x73, 0x92, 0x1f, 0xd8,
+    0x85, 0x0c, 0xe7, 0xd9, 0x65, 0xd1, 0xe2, 0xcb, 0xf1, 0x66, 0xfc, 0x25,
+    0x97, 0xdf, 0xfb, 0x69, 0x65, 0xdc, 0x02, 0xca, 0x82, 0x38, 0x8d, 0x6b,
+    0x61, 0x7d, 0x13, 0xfc, 0x8a, 0xdf, 0x59, 0x6d, 0xd5, 0x95, 0xb2, 0x69,
+    0x43, 0x11, 0xbc, 0xe5, 0xd2, 0xcb, 0xdc, 0x9e, 0x2c, 0xbb, 0x67, 0x8b,
+    0x2f, 0xce, 0x64, 0x78, 0x62, 0xca, 0x8c, 0xf1, 0x08, 0x6a, 0xed, 0x8f,
+    0xcb, 0x2c, 0xcb, 0x2f, 0xf4, 0xf2, 0x7f, 0x1e, 0x18, 0xb2, 0xcc, 0x73,
+    0xc4, 0x21, 0x0b, 0xba, 0x82, 0xcb, 0xf7, 0xf8, 0x53, 0x05, 0x97, 0xc6,
+    0x7e, 0x4d, 0x59, 0x52, 0x7c, 0x78, 0x30, 0xc4, 0xf7, 0xd8, 0x37, 0x82,
+    0xcb, 0xf0, 0x33, 0x81, 0xf9, 0x65, 0xdf, 0x8d, 0x65, 0xdb, 0xe5, 0x65,
+    0xff, 0x0f, 0xd3, 0xce, 0x66, 0xa5, 0x65, 0xdb, 0xe5, 0x65, 0xdb, 0xe5,
+    0x65, 0x41, 0x1c, 0x5d, 0x90, 0xb1, 0x49, 0xc6, 0x08, 0x63, 0x87, 0x1b,
+    0x23, 0x17, 0x01, 0xd6, 0x5d, 0x84, 0xb2, 0xe0, 0x09, 0x65, 0x49, 0xac,
+    0xd0, 0xad, 0xf3, 0xc3, 0xd8, 0xb2, 0xf7, 0xf2, 0x56, 0x50, 0xcd, 0xe7,
+    0x64, 0x34, 0x33, 0xfe, 0xc5, 0xcb, 0x06, 0xb2, 0xff, 0xf7, 0x53, 0xce,
+    0x61, 0xfb, 0xf8, 0x8b, 0xeb, 0x2f, 0x7f, 0x0e, 0xb2, 0xff, 0x48, 0x30,
+    0xa7, 0xbe, 0x2c, 0xad, 0xa8, 0xac, 0xc1, 0x26, 0x4c, 0xe0, 0xe5, 0xfc,
+    0xe5, 0xfd, 0x97, 0x35, 0x65, 0xfb, 0xaf, 0x3b, 0x05, 0xd6, 0x5f, 0x85,
+    0xc9, 0xe4, 0xac, 0xad, 0x1e, 0x9b, 0x96, 0x5f, 0xc4, 0x0f, 0x60, 0x1d,
+    0x65, 0xf1, 0x4e, 0xf1, 0x2c, 0xa6, 0x3c, 0xf7, 0x2c, 0xbb, 0xb3, 0xac,
+    0xbf, 0x87, 0xb4, 0x28, 0x59, 0xba, 0xb2, 0x96, 0x5f, 0xf1, 0x03, 0x3f,
+    0x24, 0xc0, 0x59, 0x58, 0x78, 0x2e, 0x17, 0x52, 0x89, 0x7d, 0x97, 0x7b,
+    0xc4, 0x28, 0x96, 0x58, 0x26, 0xc4, 0xca, 0x5a, 0x0a, 0x96, 0xcc, 0x32,
+    0x23, 0x22, 0x83, 0xc8, 0xd8, 0xb2, 0x30, 0xb3, 0x5b, 0xfa, 0x25, 0xec,
+    0x72, 0x26, 0x0d, 0x11, 0x1d, 0x83, 0xd0, 0x89, 0x78, 0xc3, 0x82, 0xec,
+    0xc5, 0x0c, 0x0e, 0x43, 0x37, 0xe7, 0xa2, 0x84, 0x1e, 0xf7, 0x0d, 0x92,
+    0x00, 0xe1, 0x5f, 0xba, 0x4b, 0x7e, 0xd7, 0x4e, 0xfd, 0x2a, 0x2d, 0xd5,
+    0xb8, 0xb2, 0xb0, 0xf1, 0xc0, 0x6d, 0x7b, 0xd3, 0xa5, 0x97, 0xfe, 0x10,
+    0xc9, 0xcd, 0xc1, 0xbc, 0x16, 0x58, 0x20, 0xcf, 0x6b, 0x83, 0x94, 0x11,
+    0x14, 0xbe, 0x7b, 0xbf, 0x30, 0x39, 0x9b, 0xab, 0x2f, 0xe2, 0x70, 0x9a,
+    0x8f, 0xcb, 0x2f, 0x37, 0x60, 0x59, 0x7e, 0xee, 0x1e, 0x60, 0x2c, 0xbf,
+    0xfb, 0x4f, 0xd0, 0x05, 0xcf, 0xcf, 0x66, 0x2c, 0xb8, 0x8d, 0x59, 0x67,
+    0x59, 0x7d, 0xd3, 0xbf, 0x4a, 0x8a, 0x41, 0x58, 0x7a, 0xf1, 0x0b, 0xe8,
+    0x42, 0xff, 0x43, 0xec, 0x67, 0x00, 0xcb, 0x2f, 0x66, 0x74, 0xb2, 0xff,
+    0xd9, 0xe6, 0xdf, 0xec, 0xc2, 0xe9, 0x65, 0xfd, 0x9e, 0xcf, 0x31, 0xab,
+    0x2f, 0xdf, 0x9d, 0xed, 0xbd, 0x65, 0xe7, 0x80, 0x49, 0x4f, 0x78, 0x65,
+    0x39, 0x09, 0xfe, 0xcb, 0xe2, 0x34, 0xe0, 0xe7, 0xcf, 0xf7, 0x96, 0xdf,
+    0x67, 0x3c, 0x25, 0x97, 0xf4, 0x97, 0x38, 0xc7, 0x59, 0x58, 0x79, 0xcc,
+    0x45, 0x7f, 0x98, 0x62, 0xff, 0x0e, 0x4b, 0x2f, 0x8c, 0x3c, 0xf1, 0x65,
+    0xe7, 0x28, 0x2c, 0xb0, 0x49, 0x57, 0x81, 0xd1, 0x56, 0x8c, 0x0f, 0x1f,
+    0xdf, 0xa1, 0xb4, 0xe4, 0x02, 0x33, 0x30, 0x8e, 0xff, 0xe0, 0x8f, 0x00,
+    0x99, 0xae, 0x9d, 0xfa, 0x54, 0x4a, 0x4a, 0x8d, 0xb3, 0x9d, 0x89, 0x58,
+    0xeb, 0x8f, 0x09, 0xd0, 0x52, 0xc4, 0xca, 0x53, 0xd7, 0xe5, 0xf2, 0xee,
+    0xc2, 0x1a, 0xf0, 0x47, 0xe9, 0x65, 0xfc, 0xc5, 0x9e, 0xce, 0x96, 0x5f,
+    0xcc, 0x5f, 0xc6, 0x1a, 0xcb, 0xa1, 0xf5, 0x97, 0x8a, 0x4c, 0x59, 0x74,
+    0x84, 0xd1, 0xb3, 0x21, 0x7a, 0x82, 0x22, 0xfe, 0xbd, 0x7b, 0x82, 0x3a,
+    0xcb, 0xb8, 0xeb, 0x2c, 0x14, 0x59, 0x60, 0x90, 0x4c, 0x8b, 0xb8, 0x5b,
+    0xb1, 0x18, 0x07, 0x76, 0x45, 0xaf, 0x13, 0xc1, 0x65, 0xfb, 0x63, 0x0a,
+    0xeb, 0x9c, 0x59, 0x7f, 0xf9, 0xbb, 0x06, 0xb0, 0x73, 0xa6, 0xec, 0x0b,
+    0x2f, 0xda, 0xe9, 0xdf, 0xa5, 0x44, 0xec, 0xbf, 0x3e, 0xba, 0xd6, 0x2c,
+    0xbf, 0xcd, 0xce, 0x37, 0xa7, 0x8b, 0x2a, 0x33, 0xda, 0x39, 0x45, 0xef,
+    0x39, 0x8b, 0x2f, 0xf8, 0x9e, 0x02, 0x01, 0xde, 0x0b, 0x2d, 0x83, 0x3d,
+    0x5f, 0x0e, 0xdf, 0xf1, 0xad, 0xfe, 0x37, 0x4f, 0xa5, 0x97, 0x9e, 0x01,
+    0x02, 0xda, 0x7c, 0xd2, 0x65, 0x89, 0x6f, 0x09, 0x02, 0x78, 0x0c, 0x9e,
+    0xdb, 0x8b, 0x2f, 0xff, 0xec, 0x22, 0x7f, 0xfb, 0x38, 0xf9, 0xa0, 0x1f,
+    0x16, 0x54, 0x67, 0xd6, 0xe2, 0x97, 0xff, 0xe6, 0x18, 0x8f, 0x3b, 0xae,
+    0x32, 0x92, 0xce, 0x96, 0x5f, 0xe8, 0x4e, 0xa3, 0x9d, 0x46, 0xb2, 0xff,
+    0xde, 0x27, 0x80, 0x80, 0x77, 0x82, 0xca, 0x93, 0xf3, 0xc3, 0x5b, 0x8c,
+    0x65, 0x97, 0xf9, 0xe3, 0x7c, 0xfe, 0x1d, 0x65, 0xff, 0xfb, 0x3b, 0x87,
+    0xa7, 0x8f, 0xa9, 0xdd, 0xf3, 0xf4, 0xb2, 0xc1, 0x31, 0x72, 0x30, 0xf2,
+    0x80, 0x7d, 0x0d, 0xe7, 0x22, 0x28, 0x64, 0x98, 0x41, 0xb2, 0x2f, 0xba,
+    0x65, 0x7d, 0x23, 0x92, 0x59, 0x7c, 0xda, 0x9d, 0xeb, 0x2e, 0xcf, 0x2c,
+    0xbf, 0xfb, 0x65, 0xc8, 0x19, 0xf9, 0x26, 0x02, 0xcb, 0x04, 0x24, 0x4e,
+    0xf0, 0x83, 0x64, 0x8c, 0x31, 0x6b, 0xff, 0x9c, 0xfe, 0xce, 0x9f, 0xd2,
+    0x1c, 0x16, 0x5f, 0xbf, 0xac, 0x93, 0x16, 0x5e, 0x61, 0xba, 0xcb, 0xff,
+    0x8b, 0x3c, 0xf1, 0xe7, 0x09, 0xfb, 0x59, 0x76, 0xc8, 0x41, 0xa3, 0x2d,
+    0x91, 0x7c, 0x51, 0xc1, 0xba, 0x96, 0x45, 0xb4, 0x23, 0x41, 0x3c, 0xe7,
+    0x3f, 0x23, 0x2e, 0xd9, 0x8c, 0x4e, 0xff, 0xed, 0x3f, 0x61, 0x07, 0x91,
+    0x3b, 0xc6, 0xb2, 0xff, 0xa4, 0xbb, 0x07, 0x39, 0x20, 0x59, 0x7d, 0xac,
+    0x33, 0xeb, 0x2b, 0x87, 0xb9, 0xbc, 0xe6, 0xff, 0x6b, 0x38, 0x42, 0x70,
+    0xd6, 0x5f, 0xff, 0xff, 0xf7, 0x9b, 0xee, 0xfd, 0xf3, 0x9c, 0x93, 0xcf,
+    0xb3, 0x23, 0xc2, 0xce, 0xff, 0xc9, 0xed, 0x65, 0xfe, 0x98, 0x37, 0xd8,
+    0xa0, 0xb2, 0xff, 0xff, 0xdd, 0x0a, 0x3c, 0xdf, 0x3d, 0xe0, 0xde, 0x01,
+    0x9f, 0x98, 0xe3, 0x59, 0x77, 0xc2, 0x62, 0x71, 0xa6, 0x92, 0x74, 0x67,
+    0xa8, 0x4a, 0x70, 0xc6, 0xc3, 0x65, 0x52, 0x0f, 0x28, 0xc6, 0xff, 0xe8,
+    0xbb, 0xe3, 0x1f, 0x68, 0x7a, 0xc8, 0xd6, 0x5f, 0x74, 0xef, 0xd2, 0xa2,
+    0x2c, 0x5f, 0xcd, 0xa7, 0x2e, 0xa5, 0x65, 0xf3, 0x11, 0x4a, 0xca, 0xd1,
+    0xfd, 0xf8, 0xc3, 0x79, 0x65, 0xf6, 0x7c, 0x0c, 0xb2, 0xff, 0xcf, 0x00,
+    0x99, 0xae, 0x9d, 0xfa, 0x54, 0x4b, 0xab, 0xfc, 0xe3, 0x92, 0xf4, 0xf1,
+    0x65, 0xf6, 0x98, 0x51, 0xac, 0xbf, 0xff, 0xb0, 0x7e, 0x90, 0xc2, 0x7c,
+    0x9c, 0x1c, 0xe4, 0x81, 0x25, 0x82, 0x4a, 0xa1, 0x7c, 0x86, 0x36, 0x8c,
+    0x4e, 0x43, 0xe4, 0xef, 0x98, 0xec, 0x91, 0xdf, 0xfc, 0x77, 0x80, 0x4c,
+    0xd7, 0x4e, 0xfd, 0x2a, 0x26, 0x25, 0xfd, 0xe9, 0x2e, 0xe2, 0x75, 0x97,
+    0xfc, 0xee, 0x59, 0xf6, 0xec, 0xc5, 0x97, 0xf9, 0xdb, 0x65, 0x81, 0x83,
+    0x59, 0x7d, 0x9d, 0x48, 0x49, 0x44, 0xd1, 0xcb, 0xbc, 0x71, 0x41, 0x13,
+    0x36, 0xf4, 0x3b, 0xaf, 0xf7, 0x9c, 0xe1, 0x1c, 0x43, 0x59, 0x7e, 0xd7,
+    0x4e, 0xfd, 0x2a, 0x2a, 0x95, 0xb1, 0x65, 0x61, 0xe3, 0x1a, 0x6d, 0x7f,
+    0xda, 0xd3, 0x11, 0x60, 0xba, 0x59, 0x7f, 0xe1, 0x3e, 0xa0, 0x58, 0x63,
+    0x81, 0x65, 0xff, 0xcf, 0xcd, 0x31, 0x9f, 0xf3, 0x6a, 0x0b, 0x2f, 0xfb,
+    0x4f, 0xee, 0xe1, 0x9f, 0x09, 0x28, 0xbb, 0x19, 0xc7, 0x8f, 0xa8, 0x22,
+    0x67, 0xaf, 0x0d, 0xdb, 0xff, 0x04, 0xf4, 0x9f, 0x07, 0x25, 0xf5, 0x97,
+    0xbe, 0xd1, 0xac, 0xbf, 0xf3, 0xc0, 0x26, 0x6b, 0xa7, 0x7e, 0x95, 0x13,
+    0xa2, 0xf8, 0x5c, 0x60, 0x2c, 0xbc, 0xdd, 0x98, 0xb2, 0x80, 0x78, 0x1c,
+    0x22, 0xa3, 0x51, 0x9a, 0x71, 0xd0, 0x42, 0x3a, 0xf9, 0xb3, 0x5b, 0xd6,
+    0x5f, 0x39, 0x7f, 0x8b, 0x2f, 0xa3, 0x29, 0x8d, 0x65, 0xf1, 0xe4, 0xd0,
+    0x9b, 0x87, 0xce, 0x72, 0x31, 0x10, 0xdf, 0xf8, 0x02, 0xe0, 0x41, 0x98,
+    0xe5, 0x05, 0x94, 0x11, 0x32, 0xb6, 0x84, 0xe8, 0x13, 0x2f, 0xf3, 0x3e,
+    0xa6, 0x0f, 0xbd, 0x65, 0xf3, 0x10, 0x19, 0x65, 0xfa, 0x29, 0x8a, 0x78,
+    0xb2, 0xfe, 0x33, 0x1b, 0x7e, 0x12, 0xca, 0x63, 0xd7, 0xe1, 0x4d, 0xe6,
+    0xf4, 0xac, 0x08, 0x68, 0x6f, 0xfe, 0x17, 0x3f, 0x3d, 0x84, 0x14, 0x4c,
+    0x75, 0x95, 0x04, 0xc3, 0x8f, 0x09, 0x8f, 0x16, 0xdf, 0xb5, 0xd3, 0xbf,
+    0x4a, 0x89, 0xdd, 0x7f, 0xff, 0x49, 0xc5, 0xa8, 0xa4, 0xfb, 0x4f, 0x9f,
+    0xe3, 0x71, 0x65, 0xe7, 0x80, 0x4c, 0x44, 0xa7, 0xcd, 0xaf, 0xdf, 0x13,
+    0x9d, 0x92, 0x5f, 0xf8, 0xa7, 0xf9, 0xcc, 0xce, 0xe0, 0xb2, 0xff, 0xfc,
+    0x5a, 0xc3, 0x33, 0x72, 0x7d, 0x2c, 0x43, 0x95, 0x94, 0x35, 0x5f, 0x39,
+    0x1a, 0x09, 0xe1, 0x94, 0xe6, 0xbf, 0x27, 0x0c, 0xf6, 0xff, 0x87, 0x30,
+    0x90, 0x86, 0x70, 0x0b, 0x2f, 0xdc, 0x29, 0x07, 0x16, 0x5e, 0x2c, 0x1a,
+    0xcb, 0xa4, 0x24, 0x9e, 0x10, 0x09, 0xe8, 0x22, 0x61, 0xf8, 0xc6, 0x4f,
+    0xd7, 0xfd, 0xfe, 0x31, 0xdb, 0xe0, 0x75, 0x97, 0x7e, 0x56, 0x5d, 0xc0,
+    0x92, 0x79, 0xdd, 0x1c, 0x5f, 0xfe, 0x08, 0x77, 0x80, 0x4c, 0xd7, 0x4e,
+    0xfd, 0x2a, 0x28, 0x55, 0xd3, 0xa5, 0x97, 0xe0, 0x4c, 0x78, 0x62, 0xcb,
+    0xff, 0x3f, 0xe1, 0x84, 0xc3, 0x09, 0xc8, 0xcd, 0xf8, 0x05, 0xaf, 0x89,
+    0xf5, 0xbd, 0x65, 0xe3, 0xb9, 0x8b, 0x2c, 0x12, 0x4f, 0x02, 0x32, 0x3b,
+    0xa3, 0x65, 0x97, 0xff, 0xbc, 0x2f, 0xc9, 0x64, 0x66, 0x8a, 0x62, 0x59,
+    0x7f, 0x08, 0xe7, 0x78, 0x04, 0x93, 0xe3, 0xe8, 0x5e, 0xff, 0xff, 0xc5,
+    0x9b, 0xdb, 0xc2, 0x09, 0xd7, 0x9b, 0xc5, 0x39, 0xac, 0x3a, 0xca, 0x82,
+    0x68, 0x5e, 0x84, 0x6f, 0x11, 0xef, 0xc2, 0xef, 0xed, 0xd2, 0xcb, 0xf6,
+    0x03, 0x1c, 0x96, 0x5f, 0x71, 0x8c, 0xfa, 0xcb, 0xfe, 0x3c, 0x50, 0x7d,
+    0x47, 0xe1, 0x2c, 0xbd, 0x20, 0x09, 0x1a, 0x2b, 0x88, 0xab, 0xe4, 0xa1,
+    0x91, 0xd3, 0x26, 0x6a, 0x50, 0xe4, 0xbf, 0xff, 0x0b, 0xa0, 0x8f, 0xff,
+    0x61, 0xe7, 0x45, 0x20, 0x59, 0x7f, 0xc7, 0x7e, 0x61, 0x92, 0x43, 0x59,
+    0x7f, 0xe7, 0x80, 0x4c, 0xd7, 0x4e, 0xfd, 0x2a, 0x29, 0x25, 0xfe, 0xcf,
+    0x16, 0x0f, 0xc2, 0x59, 0x7a, 0x48, 0x6b, 0x2c, 0x12, 0x34, 0xca, 0xb1,
+    0x5c, 0xe7, 0x1f, 0x4e, 0x30, 0xca, 0xff, 0xff, 0xb0, 0x85, 0xc9, 0xc2,
+    0xf9, 0x39, 0xb9, 0x14, 0x90, 0xd6, 0x5c, 0x72, 0x59, 0x7f, 0xf4, 0x5e,
+    0x73, 0xff, 0xd3, 0xf1, 0x1d, 0x65, 0xf6, 0x14, 0xc6, 0xb2, 0xb0, 0xf9,
+    0xf4, 0x8d, 0x7b, 0x38, 0x10, 0x93, 0x01, 0xe3, 0x18, 0x6f, 0xb5, 0x2d,
+    0x9d, 0xac, 0x72, 0x91, 0xe1, 0x1d, 0x56, 0x15, 0xf5, 0x1d, 0xc4, 0x45,
+    0x5a, 0x94, 0x6e, 0x79, 0xc3, 0xf7, 0x7f, 0x01, 0x81, 0x42, 0x6f, 0xf2,
+    0xc3, 0x45, 0x1a, 0x8e, 0xcc, 0x6a, 0xb7, 0x05, 0x02, 0xda, 0xcb, 0xee,
+    0x9d, 0xfa, 0x54, 0x44, 0x8b, 0xff, 0xf3, 0x6b, 0xcf, 0xb6, 0x2f, 0x4c,
+    0x61, 0x7d, 0x4e, 0xca, 0xca, 0xd2, 0x24, 0x3c, 0x61, 0x7f, 0xff, 0xbd,
+    0x31, 0x85, 0xf5, 0x3b, 0x21, 0x34, 0xd2, 0x78, 0xf0, 0xc5, 0x97, 0xe6,
+    0xff, 0xb0, 0xeb, 0x2c, 0x10, 0x28, 0x9b, 0x3e, 0x42, 0xc6, 0x22, 0x30,
+    0xbb, 0x65, 0xed, 0x3e, 0x96, 0x5f, 0xf9, 0xe0, 0x13, 0x35, 0xd3, 0xbf,
+    0x4a, 0x89, 0x79, 0x7c, 0xff, 0x78, 0xd6, 0x58, 0x23, 0x22, 0x30, 0xe3,
+    0x9b, 0x29, 0xd7, 0xff, 0x4e, 0xf7, 0x89, 0xb5, 0xdc, 0x26, 0x25, 0x97,
+    0xb6, 0x23, 0x81, 0x65, 0xd1, 0x12, 0xcb, 0xff, 0x05, 0x8e, 0xc3, 0x14,
+    0x94, 0xc1, 0x65, 0xff, 0x6d, 0x9f, 0xb6, 0xa7, 0x7c, 0x4b, 0x2f, 0xff,
+    0x7a, 0x78, 0x18, 0xe7, 0x51, 0x61, 0x01, 0x65, 0xf6, 0x85, 0xfe, 0x2c,
+    0xbf, 0x86, 0xc6, 0xb9, 0x01, 0x65, 0xfa, 0x48, 0x03, 0x3a, 0xcb, 0xf6,
+    0x80, 0x76, 0xe2, 0xcb, 0xd2, 0x5d, 0xac, 0xbf, 0x7c, 0x33, 0x94, 0xac,
+    0xb3, 0x78, 0xf1, 0x08, 0x72, 0xff, 0xf7, 0xb7, 0xc9, 0x03, 0x73, 0x07,
+    0x9a, 0xed, 0x65, 0xfe, 0x6d, 0x38, 0xd8, 0x8d, 0x59, 0x74, 0xfd, 0x65,
+    0xff, 0x3c, 0x7a, 0x9e, 0xe0, 0xc7, 0x59, 0x7f, 0xf8, 0x43, 0x6d, 0x07,
+    0x16, 0xe8, 0x9c, 0xa2, 0x59, 0x50, 0x4d, 0x1d, 0x89, 0xbc, 0x9e, 0x03,
+    0x22, 0x16, 0xe1, 0xd5, 0xfc, 0x0f, 0x4e, 0x98, 0xeb, 0x2f, 0xfd, 0x17,
+    0x27, 0x7b, 0xfa, 0x7b, 0x89, 0x65, 0x49, 0xf8, 0x39, 0x6d, 0xed, 0xd0,
+    0xce, 0xb2, 0xef, 0x01, 0x65, 0x31, 0xb8, 0x72, 0x1b, 0xf6, 0x47, 0x9c,
+    0x3a, 0xcb, 0xf6, 0xa7, 0xed, 0xbd, 0x65, 0xfa, 0x37, 0xe3, 0x81, 0x65,
+    0x31, 0xe8, 0xb9, 0x4d, 0xff, 0xd1, 0x6d, 0x0c, 0xa7, 0x7b, 0xef, 0x98,
+    0x96, 0x52, 0xcb, 0xef, 0xe6, 0xa2, 0x59, 0x7b, 0xef, 0xbd, 0x65, 0xa1,
+    0x87, 0x82, 0xe4, 0x77, 0xe7, 0xe4, 0xef, 0xc5, 0x95, 0x11, 0xe7, 0x6f,
+    0x26, 0xa9, 0x4c, 0x2f, 0x13, 0x1e, 0x13, 0x57, 0x6a, 0x56, 0x56, 0xc4,
+    0xbb, 0xb9, 0x03, 0xd1, 0xa5, 0xe1, 0x1f, 0x65, 0xac, 0x4f, 0x14, 0x76,
+    0x7a, 0x86, 0x37, 0x96, 0x08, 0x7f, 0xef, 0x3b, 0xe3, 0x2b, 0xdd, 0x33,
+    0xbb, 0x09, 0x65, 0xfd, 0xb7, 0x9e, 0xc6, 0xfa, 0xca, 0x19, 0xe2, 0x30,
+    0xad, 0xbb, 0x59, 0x7f, 0xc0, 0x7f, 0xc6, 0x28, 0xa7, 0x71, 0x65, 0x0c,
+    0xf4, 0x18, 0x4a, 0xfe, 0x21, 0x7e, 0x29, 0x35, 0x65, 0xe0, 0xbb, 0x69,
+    0x65, 0x39, 0xe7, 0x88, 0xbe, 0xff, 0xec, 0x6e, 0xf9, 0xf9, 0x8c, 0xef,
+    0x05, 0x94, 0xc7, 0xcd, 0xa2, 0x1b, 0xfc, 0x2f, 0xf8, 0xa7, 0x34, 0xb2,
+    0xfc, 0x59, 0x18, 0x7b, 0xd6, 0x5f, 0x64, 0x61, 0xef, 0x59, 0x7e, 0x1c,
+    0xf6, 0x37, 0xda, 0x7a, 0x24, 0x57, 0x7f, 0xfc, 0xda, 0xdb, 0xe9, 0x6f,
+    0xf0, 0x5d, 0x0a, 0x56, 0x5f, 0x34, 0x60, 0xdc, 0x59, 0x6e, 0xd6, 0x5e,
+    0x77, 0xe9, 0x51, 0x4b, 0xa9, 0x65, 0x61, 0xe3, 0x74, 0x25, 0x11, 0x4d,
+    0xf1, 0x7e, 0x74, 0xb2, 0xff, 0xb3, 0x5b, 0x98, 0x3c, 0xd7, 0x6b, 0x29,
+    0x8f, 0x77, 0x79, 0x0d, 0xff, 0xa6, 0x1e, 0x76, 0xef, 0x92, 0x6a, 0xca,
+    0x8d, 0x53, 0x84, 0x21, 0x06, 0x6a, 0x04, 0x4a, 0x5a, 0x6c, 0xf4, 0x23,
+    0x48, 0x8e, 0xff, 0x9b, 0xfc, 0x7e, 0xf5, 0xce, 0x2c, 0xbf, 0xfd, 0xa8,
+    0xf6, 0xef, 0x17, 0xa5, 0x8f, 0x23, 0x59, 0x5e, 0x44, 0x4b, 0x9d, 0x5e,
+    0x9d, 0x7d, 0x65, 0xfc, 0x3e, 0xe7, 0x4d, 0xda, 0xcb, 0xef, 0xc7, 0x86,
+    0x2c, 0xa8, 0x1f, 0x7b, 0x0e, 0x11, 0x7d, 0xf9, 0x8d, 0xd6, 0x71, 0x65,
+    0xff, 0xa4, 0xa7, 0xdb, 0x44, 0x42, 0xe9, 0x65, 0xe1, 0x3f, 0x16, 0x5e,
+    0x39, 0x44, 0xb2, 0xf0, 0x9e, 0x25, 0x95, 0x86, 0xea, 0x21, 0xdb, 0xf4,
+    0x81, 0xfb, 0xe2, 0xcb, 0xc4, 0xc0, 0x59, 0x7b, 0x3f, 0xc5, 0x95, 0x26,
+    0xdf, 0x83, 0x77, 0xff, 0xe7, 0xff, 0xa4, 0x8d, 0xdb, 0x31, 0xfe, 0x77,
+    0xf1, 0x65, 0x41, 0x3b, 0x81, 0x94, 0x44, 0x81, 0xe5, 0x60, 0x10, 0xfd,
+    0x7f, 0x79, 0x05, 0xf3, 0x90, 0xf7, 0x56, 0x5f, 0xe2, 0xc8, 0x6d, 0xf4,
+    0xee, 0x2c, 0xad, 0xc3, 0xdb, 0x39, 0x25, 0x2c, 0xbf, 0x73, 0xfa, 0x9e,
+    0x2c, 0xb4, 0xf6, 0x6c, 0xfe, 0x17, 0x7f, 0xc0, 0xe6, 0xa7, 0xb8, 0x31,
+    0xd6, 0x5e, 0xfb, 0xef, 0x59, 0x7e, 0x8c, 0x51, 0x4e, 0xe2, 0xcb, 0xe1,
+    0x45, 0x3b, 0x8b, 0x2e, 0x78, 0xf6, 0x9e, 0x9c, 0x65, 0xb5, 0x28, 0xdc,
+    0x73, 0xa1, 0x38, 0xdf, 0xf4, 0xb0, 0x39, 0x27, 0x7f, 0xac, 0xbf, 0xe6,
+    0xe4, 0x4c, 0x5f, 0x90, 0x2c, 0xbf, 0xf8, 0xbf, 0xbe, 0x75, 0xc7, 0x29,
+    0xdc, 0x59, 0x7f, 0x3b, 0x47, 0xb4, 0xf8, 0xb2, 0xa0, 0x98, 0x9e, 0x8b,
+    0x8e, 0x6f, 0xc3, 0x8f, 0xa3, 0xdf, 0xe9, 0xdc, 0xe4, 0x9d, 0xfe, 0xb2,
+    0xe7, 0x25, 0x97, 0xfd, 0x20, 0xdb, 0xe9, 0x3b, 0x92, 0xca, 0xec, 0xf3,
+    0xb7, 0x8a, 0xdf, 0xff, 0x60, 0xc3, 0x8b, 0x9f, 0xf6, 0x0c, 0x5f, 0xe2,
+    0xca, 0x82, 0x3e, 0xf5, 0x08, 0x3f, 0x12, 0xdf, 0xd2, 0x63, 0x78, 0x5b,
+    0x8b, 0x2f, 0xee, 0xe1, 0xc7, 0x2e, 0xd6, 0x54, 0xae, 0x24, 0xc1, 0x63,
+    0x25, 0x0b, 0x34, 0x68, 0xda, 0x35, 0x0c, 0xc6, 0xff, 0xc5, 0x16, 0xdd,
+    0x4f, 0x70, 0x63, 0xac, 0xbf, 0xfd, 0xbe, 0x4b, 0xff, 0xf6, 0x0c, 0x5f,
+    0xe2, 0xcb, 0xff, 0xff, 0x7f, 0x67, 0x3e, 0x1e, 0xf7, 0xf8, 0x71, 0xb7,
+    0x8b, 0x06, 0xe7, 0x59, 0x74, 0x9d, 0x65, 0x4a, 0x62, 0xf8, 0x84, 0xc9,
+    0x9a, 0x73, 0xbf, 0x14, 0x5f, 0x63, 0x56, 0x5f, 0x98, 0x62, 0x2c, 0x59,
+    0x7f, 0xf7, 0xfd, 0x90, 0xdb, 0x23, 0xf3, 0xf6, 0xb2, 0xa2, 0x3e, 0xd2,
+    0x26, 0xa9, 0x45, 0xc0, 0xa1, 0x2d, 0x7f, 0xd0, 0xcd, 0x45, 0x85, 0x27,
+    0x59, 0x7e, 0x04, 0xf5, 0x87, 0x59, 0x7f, 0xb2, 0x3e, 0x4c, 0x42, 0xd2,
+    0xcb, 0xf1, 0xf1, 0xda, 0x35, 0x94, 0xc8, 0xbc, 0xd1, 0xc1, 0x14, 0x70,
+    0xd6, 0xe8, 0x62, 0xcb, 0xf7, 0x0d, 0xd3, 0x98, 0xb2, 0xf1, 0x49, 0xd6,
+    0x50, 0xcf, 0x17, 0x45, 0x57, 0xdd, 0xee, 0x64, 0x16, 0x5f, 0xe7, 0xd4,
+    0x59, 0xfd, 0xdd, 0xeb, 0x2e, 0x07, 0x16, 0x5e, 0x1f, 0x19, 0x65, 0x49,
+    0xb3, 0x71, 0x7a, 0x94, 0xda, 0x46, 0x77, 0x8b, 0x6e, 0x44, 0x22, 0x63,
+    0x1b, 0x2f, 0x9f, 0xcf, 0x1a, 0xcb, 0xf7, 0x84, 0x6e, 0x12, 0xcb, 0xc6,
+    0x3c, 0x16, 0x5f, 0xe3, 0x09, 0xff, 0x07, 0x1a, 0xcb, 0xf7, 0xc3, 0x8e,
+    0x7c, 0xb2, 0xfd, 0x9f, 0xfb, 0x1a, 0xb2, 0xff, 0xa7, 0xdc, 0x7f, 0xce,
+    0xb7, 0x56, 0x5f, 0xf8, 0xee, 0x30, 0xe2, 0x84, 0x97, 0x6b, 0x28, 0x67,
+    0xf8, 0xc7, 0x77, 0xf0, 0xbd, 0x3a, 0xc0, 0x2c, 0xbe, 0xd0, 0x03, 0xde,
+    0xb2, 0xf3, 0x19, 0xf5, 0x95, 0x03, 0xf0, 0xf1, 0x6f, 0x09, 0xaa, 0x35,
+    0x45, 0x03, 0x22, 0xc2, 0x8e, 0xc7, 0x62, 0x33, 0xd1, 0x57, 0xa1, 0x49,
+    0xf8, 0x48, 0xdf, 0xe2, 0xfe, 0x71, 0x9f, 0xcb, 0x2f, 0xb9, 0x0e, 0x3a,
+    0xcb, 0xfe, 0x03, 0x7b, 0x34, 0xf1, 0x71, 0x65, 0xff, 0xf4, 0x0a, 0x63,
+    0x0e, 0x2e, 0x7b, 0x37, 0x74, 0x05, 0x97, 0xa0, 0x3d, 0xeb, 0x2a, 0x4f,
+    0xd5, 0xd5, 0xaf, 0xed, 0xa7, 0xcf, 0xbf, 0xd6, 0x5f, 0xde, 0x61, 0xb6,
+    0xba, 0x59, 0x4b, 0x2f, 0x9c, 0xbb, 0x82, 0xca, 0xe8, 0xd6, 0xf8, 0x2e,
+    0xdc, 0xc4, 0x56, 0x74, 0x5e, 0xeb, 0x77, 0xbb, 0x8b, 0x8b, 0x2b, 0xb3,
+    0xd4, 0x73, 0x5b, 0xd2, 0xc3, 0x59, 0x7f, 0xa2, 0xf3, 0x7c, 0xa4, 0xeb,
+    0x2e, 0x7d, 0xeb, 0x2a, 0x55, 0x54, 0x8c, 0xc7, 0xb2, 0x23, 0xc2, 0xb9,
+    0xe3, 0x20, 0xe1, 0x10, 0x86, 0xf7, 0x4c, 0xef, 0xf6, 0x19, 0x06, 0xe0,
+    0x8e, 0xb2, 0xed, 0xfc, 0x59, 0x7f, 0x0b, 0x93, 0x10, 0xb4, 0xb2, 0xfd,
+    0x91, 0xe7, 0xb8, 0xb2, 0xa4, 0xfc, 0x3c, 0x32, 0x45, 0xf7, 0xc7, 0x14,
+    0x5a, 0x59, 0x76, 0xb8, 0xb2, 0xff, 0xd9, 0xcd, 0xbe, 0x96, 0x21, 0x46,
+    0xb2, 0xb0, 0xf5, 0xc8, 0x5e, 0xba, 0x46, 0x41, 0xcb, 0x77, 0xbd, 0xdf,
+    0xf0, 0x24, 0x01, 0xef, 0x92, 0xdd, 0x59, 0x7f, 0xfe, 0x8e, 0x7f, 0x3e,
+    0x6f, 0xc1, 0xb5, 0xd7, 0xa5, 0x65, 0x4a, 0xa3, 0x3c, 0x8d, 0xb1, 0x8c,
+    0xdc, 0xfa, 0xff, 0xff, 0xb5, 0xdf, 0x4d, 0xde, 0xd3, 0x5f, 0x6f, 0x3c,
+    0xfd, 0x49, 0x0d, 0x65, 0xff, 0x3f, 0x03, 0xff, 0x7d, 0x31, 0xd6, 0x5b,
+    0xd2, 0x8a, 0xb1, 0x37, 0xdf, 0x31, 0xbb, 0x38, 0xb2, 0xfe, 0x0f, 0xf3,
+    0x19, 0x76, 0xb2, 0xff, 0xfb, 0xaf, 0x3c, 0x41, 0xc5, 0x06, 0x2c, 0x3c,
+    0xac, 0xbc, 0x4c, 0x75, 0x95, 0xa4, 0x61, 0x00, 0x94, 0x8c, 0x3e, 0xa5,
+    0x7f, 0xf7, 0xf8, 0x1f, 0x30, 0x85, 0xf9, 0xf2, 0xcb, 0xfa, 0x5c, 0xbf,
+    0x84, 0xb2, 0xb0, 0xfb, 0xc9, 0x16, 0xfe, 0xdb, 0xf9, 0x8e, 0x62, 0x59,
+    0x7e, 0xe6, 0xe4, 0xe8, 0xd5, 0x96, 0x93, 0x4f, 0x77, 0xb3, 0x1b, 0xfd,
+    0xe7, 0x89, 0xb5, 0x31, 0xac, 0xbf, 0x6e, 0x9e, 0x73, 0xeb, 0x2f, 0xfe,
+    0x0f, 0xf0, 0x91, 0xb9, 0x67, 0xc0, 0xb2, 0xb0, 0xfb, 0xb4, 0x55, 0x76,
+    0x1d, 0x65, 0x0d, 0x58, 0xa6, 0x43, 0xa8, 0xf0, 0xab, 0xf3, 0xeb, 0x94,
+    0x8a, 0x14, 0x5b, 0xc8, 0x6f, 0xdb, 0xac, 0x79, 0xe2, 0xcb, 0xf3, 0xef,
+    0xcd, 0x71, 0x65, 0xfa, 0x30, 0xf7, 0xbc, 0x16, 0x50, 0xcf, 0xfc, 0xe5,
+    0x44, 0x53, 0x63, 0x16, 0x5e, 0x26, 0x3a, 0xcb, 0x46, 0xb2, 0xde, 0x73,
+    0x5a, 0x18, 0xdd, 0xe8, 0xb9, 0x2b, 0x2f, 0xb4, 0x0d, 0x9c, 0x59, 0x46,
+    0x9e, 0x13, 0x8e, 0xdf, 0xf4, 0xff, 0xcf, 0x13, 0xc5, 0x8b, 0x2f, 0xe0,
+    0x76, 0x0c, 0xd6, 0x2c, 0xbf, 0xba, 0x96, 0xfb, 0x41, 0x65, 0xe9, 0xcf,
+    0xac, 0xbf, 0x66, 0xb4, 0x28, 0xd6, 0x5c, 0xe0, 0x39, 0xe2, 0x7c, 0x6e,
+    0xa5, 0x19, 0x98, 0x5c, 0xce, 0x37, 0xc3, 0xf3, 0xf6, 0xb2, 0xfe, 0x07,
+    0x27, 0xd3, 0xc5, 0x95, 0x27, 0xa0, 0xe4, 0x77, 0xdf, 0xe6, 0x46, 0xb2,
+    0xff, 0xff, 0x79, 0xb7, 0xb8, 0x1a, 0x13, 0xbd, 0xcf, 0x3e, 0xdd, 0x75,
+    0x95, 0xda, 0x22, 0x3c, 0x47, 0x76, 0x46, 0xb2, 0x9c, 0xdd, 0x91, 0x25,
+    0x4a, 0xb7, 0xc1, 0x97, 0x61, 0xfb, 0x34, 0xc4, 0x45, 0xe8, 0xc1, 0x49,
+    0xf7, 0x90, 0xe3, 0xbf, 0xff, 0xde, 0xe9, 0xb9, 0x83, 0xeb, 0xcd, 0xfc,
+    0x88, 0xa4, 0xeb, 0x2e, 0x07, 0x4b, 0x2d, 0xc5, 0x96, 0x37, 0x86, 0xa4,
+    0x43, 0x17, 0xf4, 0x6f, 0x9f, 0xc3, 0xac, 0xa6, 0x3d, 0x57, 0x28, 0xbc,
+    0x07, 0xe9, 0x65, 0xf1, 0x91, 0x72, 0x56, 0x5f, 0xfe, 0xd0, 0x1c, 0x7b,
+    0x73, 0xd2, 0x51, 0xee, 0xac, 0xbe, 0x78, 0xe7, 0xeb, 0x2f, 0xce, 0x4d,
+    0xb9, 0xbd, 0x65, 0x11, 0xe6, 0xef, 0x22, 0xaf, 0x22, 0xff, 0x90, 0x9c,
+    0xbf, 0x46, 0xfc, 0xc8, 0x2c, 0xbf, 0xfe, 0x1e, 0x6f, 0x7d, 0x44, 0x1c,
+    0x1f, 0xee, 0x75, 0x97, 0x66, 0xe2, 0xca, 0x94, 0x4a, 0x31, 0x46, 0x94,
+    0xef, 0xe7, 0xec, 0x07, 0x6e, 0x2c, 0xb1, 0xab, 0x2f, 0xda, 0xcd, 0xe3,
+    0x95, 0x95, 0x2a, 0x94, 0xfb, 0x1d, 0x8a, 0x1c, 0x7a, 0x85, 0xe7, 0x8b,
+    0x80, 0x5d, 0xf1, 0x2b, 0xf9, 0x8c, 0x78, 0xa4, 0xeb, 0x2f, 0x6e, 0xcf,
+    0x16, 0x57, 0xcf, 0x34, 0x45, 0xd6, 0x08, 0x15, 0x75, 0xc7, 0x1b, 0x02,
+    0x40, 0x58, 0x44, 0x16, 0x85, 0xe6, 0x78, 0x76, 0x38, 0xc4, 0xe0, 0xe2,
+    0x38, 0x6b, 0x64, 0xa9, 0x1e, 0xa1, 0xf7, 0xdc, 0x24, 0x5a, 0x3e, 0x58,
+    0xa7, 0x43, 0x35, 0x1b, 0xe1, 0xe1, 0xe7, 0xe9, 0x49, 0x8f, 0x29, 0xf8,
+    0x12, 0xca, 0x0a, 0x55, 0x9f, 0x27, 0x00, 0x3f, 0x38, 0xe0, 0x27, 0xbd,
+    0x98, 0x70, 0x07, 0x29, 0xcf, 0x76, 0x17, 0xd7, 0xed, 0x74, 0xef, 0xd2,
+    0xa2, 0x9c, 0x5f, 0xde, 0x63, 0x93, 0x9a, 0xb2, 0xc1, 0x30, 0xf8, 0xd8,
+    0xda, 0xfe, 0x93, 0xe6, 0xec, 0xfd, 0x65, 0xf7, 0xa4, 0x8d, 0x59, 0x7d,
+    0x3d, 0x4f, 0x96, 0x51, 0xcf, 0xcf, 0xe5, 0xe1, 0x91, 0x5f, 0x67, 0x03,
+    0x82, 0xcb, 0xfe, 0xd3, 0xf3, 0xd9, 0x85, 0xd2, 0xcb, 0xf8, 0x5c, 0xcf,
+    0x87, 0x1a, 0xca, 0x63, 0xe8, 0xf1, 0xc5, 0xf8, 0xfa, 0xd6, 0x71, 0x65,
+    0xff, 0xfb, 0xc2, 0xfe, 0xa7, 0xfc, 0xce, 0xb9, 0x3a, 0xe9, 0x65, 0xf0,
+    0xb7, 0x5e, 0x25, 0x97, 0xf9, 0x8d, 0xc8, 0x48, 0x38, 0xb2, 0xa0, 0x7b,
+    0x3c, 0x26, 0xbc, 0x39, 0x3a, 0xcb, 0xfd, 0x3f, 0x6e, 0x98, 0x72, 0xb2,
+    0xda, 0x59, 0x7f, 0xfd, 0x11, 0x37, 0x3f, 0x21, 0xb6, 0xa2, 0x9f, 0x2c,
+    0xa8, 0x1f, 0x16, 0x08, 0xd0, 0xd1, 0xa3, 0xa1, 0xcf, 0xc2, 0x52, 0xf6,
+    0x71, 0x96, 0x5f, 0xe9, 0xfc, 0xb1, 0x07, 0xc5, 0x95, 0x87, 0x9b, 0xa1,
+    0xbb, 0xff, 0xf6, 0x7f, 0x81, 0xf3, 0xed, 0x25, 0xf2, 0x70, 0x2c, 0xbf,
+    0xbb, 0x84, 0x9c, 0x51, 0x2c, 0xbf, 0x8e, 0x39, 0xe0, 0x89, 0x65, 0xe8,
+    0x49, 0xd6, 0x5d, 0xe6, 0x59, 0x5d, 0x9b, 0x2f, 0x8e, 0x54, 0xa2, 0xc5,
+    0x8c, 0x1d, 0x7e, 0xfb, 0x9b, 0x78, 0x1a, 0xcb, 0xff, 0xb3, 0x7e, 0x0f,
+    0x52, 0xd0, 0x7e, 0x2c, 0xb3, 0xf6, 0x7d, 0x5a, 0x26, 0xbd, 0x09, 0x31,
+    0x65, 0xfe, 0x6c, 0x39, 0xa6, 0xbf, 0x6b, 0x2d, 0xfe, 0xcf, 0x4b, 0x83,
+    0xb7, 0xf3, 0x87, 0x9b, 0xe7, 0x8b, 0x2b, 0x0f, 0x60, 0x45, 0x37, 0xff,
+    0x79, 0x83, 0xfb, 0x10, 0xa1, 0x9c, 0x59, 0x7f, 0xdd, 0xf0, 0xb0, 0x7e,
+    0x73, 0x16, 0x5f, 0x71, 0xbf, 0x2b, 0x29, 0x8f, 0x6d, 0xce, 0xaf, 0xff,
+    0xb2, 0x3c, 0xef, 0xfc, 0x62, 0x90, 0x39, 0xd6, 0x56, 0x26, 0x1c, 0x6c,
+    0x27, 0xf8, 0x41, 0x7f, 0xec, 0xf4, 0xeb, 0x02, 0x18, 0x61, 0x89, 0x2e,
+    0x63, 0x16, 0x5d, 0x18, 0x49, 0x5f, 0x78, 0x81, 0x80, 0xe1, 0x17, 0x84,
+    0x3d, 0x14, 0x77, 0x0b, 0x16, 0x87, 0x9c, 0x50, 0x82, 0x39, 0x0f, 0xa3,
+    0x05, 0x04, 0x25, 0xca, 0x1a, 0x5f, 0x8c, 0xbf, 0x64, 0xdb, 0x75, 0x0e,
+    0xfd, 0xae, 0x9d, 0xfa, 0x54, 0x57, 0x8b, 0xef, 0xe9, 0xbb, 0x59, 0x7f,
+    0xff, 0x60, 0xfd, 0x21, 0x84, 0xf9, 0x38, 0x39, 0xc9, 0x02, 0x4b, 0x04,
+    0xc4, 0x5b, 0x31, 0xb6, 0xc9, 0x1d, 0xff, 0xc1, 0x1e, 0x01, 0x33, 0x5d,
+    0x3b, 0xf4, 0xa8, 0x91, 0xd7, 0x61, 0xd6, 0x5d, 0xfc, 0x59, 0x5d, 0x1a,
+    0xce, 0xc5, 0xaf, 0xff, 0x1a, 0xda, 0xcd, 0x42, 0x7d, 0xe6, 0x02, 0xcb,
+    0xbc, 0x35, 0x97, 0xff, 0xef, 0xc8, 0xe4, 0x41, 0x7d, 0x4f, 0xd8, 0x13,
+    0x05, 0x97, 0x89, 0xc2, 0x40, 0xfb, 0xf7, 0x8b, 0xdf, 0xfb, 0xa1, 0x3f,
+    0xb0, 0x6e, 0xfd, 0x2c, 0xbf, 0xfc, 0x63, 0x44, 0x10, 0xb3, 0x59, 0x9d,
+    0x98, 0xb2, 0xf3, 0x02, 0x56, 0x5e, 0xeb, 0x0e, 0x90, 0x21, 0x77, 0x7d,
+    0x8f, 0xd8, 0x16, 0x5f, 0xff, 0xbd, 0x24, 0x2e, 0x79, 0xb5, 0x9b, 0xe4,
+    0xbe, 0xb2, 0xff, 0xe6, 0xd6, 0x6a, 0x13, 0xef, 0x30, 0x16, 0x5f, 0x74,
+    0xef, 0xd2, 0xa2, 0x48, 0x5f, 0xcf, 0xac, 0xdf, 0xec, 0x59, 0x51, 0xa6,
+    0x31, 0x02, 0x23, 0x55, 0x74, 0x86, 0x03, 0x0b, 0xe8, 0xbf, 0x9d, 0x2c,
+    0xbf, 0x4b, 0x01, 0x8e, 0xb2, 0xa4, 0xf2, 0xa0, 0x49, 0x7f, 0xa4, 0xbe,
+    0x52, 0x7e, 0x2c, 0xbf, 0xff, 0x36, 0x9b, 0x76, 0x4a, 0x39, 0xfb, 0x79,
+    0xe3, 0x59, 0x7e, 0x78, 0x7d, 0xa3, 0x59, 0x52, 0x7f, 0xec, 0xaf, 0x7f,
+    0xf9, 0xff, 0x17, 0x30, 0x63, 0x13, 0xea, 0x0b, 0x2f, 0xff, 0x9f, 0xbe,
+    0x67, 0x9c, 0xb2, 0x33, 0x8b, 0xcb, 0x2f, 0xfe, 0xf3, 0x77, 0xfc, 0xef,
+    0xfa, 0xd4, 0xac, 0xbf, 0xf9, 0xa4, 0xee, 0x30, 0xf7, 0x64, 0xa0, 0xb2,
+    0xb1, 0x1b, 0x9d, 0x28, 0x79, 0x1a, 0xff, 0xec, 0x06, 0xce, 0x6a, 0x63,
+    0x7d, 0x74, 0xb2, 0xfc, 0xe0, 0xfe, 0x01, 0x65, 0x11, 0xf7, 0xf1, 0x22,
+    0xff, 0x67, 0x9c, 0xe5, 0x3d, 0xac, 0xba, 0x01, 0x25, 0x73, 0x9f, 0x23,
+    0x46, 0x68, 0x4b, 0xc4, 0x43, 0xe8, 0x58, 0x00, 0x83, 0x91, 0x93, 0xfe,
+    0x13, 0xe1, 0x90, 0xdf, 0x85, 0xdf, 0x4d, 0xc5, 0x97, 0xec, 0xf0, 0x4c,
+    0x3a, 0xcb, 0xe3, 0x48, 0x47, 0x59, 0x60, 0x92, 0xbf, 0x81, 0x84, 0x7d,
+    0x42, 0xe7, 0xb3, 0x66, 0x3f, 0x79, 0xd5, 0x00, 0x42, 0xa7, 0xe5, 0x41,
+    0x94, 0xdf, 0xfc, 0x11, 0xe0, 0x13, 0x35, 0xd3, 0xbf, 0x4a, 0x89, 0x29,
+    0x7e, 0xd7, 0x4e, 0xfd, 0x2a, 0x2f, 0x15, 0xff, 0x40, 0x26, 0x6b, 0xa7,
+    0x7e, 0x95, 0x12, 0x6a, 0xc1, 0x30, 0xff, 0xdc, 0xda, 0xfb, 0xaf, 0x31,
+    0x2c, 0xb8, 0x7b, 0x1a, 0xcb, 0xfe, 0x0a, 0xec, 0x1b, 0x07, 0xb0, 0xf9,
+    0xc5, 0x97, 0xf6, 0xc5, 0xb1, 0x83, 0xff, 0xed, 0x65, 0xfb, 0x9c, 0xc2,
+    0xc5, 0x97, 0xfd, 0xae, 0xa6, 0x3c, 0xc2, 0xfa, 0xcb, 0xf8, 0x83, 0x8b,
+    0x53, 0xbd, 0x65, 0xfd, 0x3c, 0x63, 0xcc, 0x4b, 0x2f, 0x9d, 0xbb, 0xe2,
+    0xcb, 0x79, 0x65, 0x62, 0x3c, 0x18, 0x9b, 0x70, 0xe4, 0xe6, 0x3e, 0x2d,
+    0x30, 0x8a, 0xf8, 0x7e, 0x98, 0xd6, 0x5f, 0xe6, 0x06, 0x14, 0xf7, 0xc5,
+    0x97, 0xb7, 0xcc, 0x16, 0x5f, 0xa7, 0xfc, 0xcf, 0xac, 0xbc, 0xe4, 0x3c,
+    0x3c, 0x5f, 0x0f, 0x5f, 0xe6, 0x37, 0xbe, 0x61, 0x1a, 0xb2, 0xff, 0x9f,
+    0x50, 0xe6, 0x0b, 0x51, 0xac, 0xa6, 0x45, 0x07, 0x8c, 0x44, 0x6b, 0x7e,
+    0xc1, 0x74, 0xe4, 0xb2, 0xf4, 0xcf, 0xd6, 0x5f, 0xf6, 0x00, 0x7e, 0x92,
+    0x93, 0x16, 0x5f, 0x03, 0x98, 0x4b, 0x2a, 0x4f, 0x65, 0x8e, 0x2f, 0xfc,
+    0x2e, 0xb9, 0xc7, 0xd7, 0xe4, 0xd5, 0x97, 0xef, 0x7f, 0x99, 0xf5, 0x94,
+    0xc7, 0xd2, 0xe8, 0x37, 0xff, 0xef, 0x3b, 0x03, 0x98, 0x6b, 0x9f, 0x53,
+    0x84, 0xb2, 0xfe, 0xcf, 0x9b, 0x25, 0x05, 0x97, 0x30, 0xd6, 0x54, 0xa2,
+    0x58, 0x6a, 0x7e, 0x2d, 0xbf, 0xdc, 0x06, 0x64, 0x41, 0x9d, 0x65, 0xe1,
+    0x4f, 0x6b, 0x2a, 0x4f, 0x4a, 0x06, 0xb7, 0xfd, 0x1b, 0x73, 0x8e, 0x0f,
+    0x09, 0x65, 0xf0, 0xca, 0x7b, 0x59, 0x6d, 0x2c, 0xb3, 0x68, 0xd9, 0x88,
+    0x8a, 0xff, 0xb0, 0xd3, 0x5e, 0x19, 0xdf, 0xd6, 0x5e, 0x8e, 0x63, 0x59,
+    0x78, 0x4f, 0xde, 0x1e, 0xc8, 0x67, 0x77, 0xfc, 0x58, 0x37, 0x3e, 0x77,
+    0xf5, 0x97, 0xec, 0xcf, 0xfb, 0x16, 0x54, 0x9e, 0xf7, 0x8e, 0x2f, 0xfa,
+    0x61, 0xcd, 0x69, 0xcb, 0xeb, 0x2b, 0x6a, 0xe2, 0x9c, 0x64, 0xf0, 0x74,
+    0x1c, 0x22, 0x7a, 0x85, 0xb4, 0x50, 0x81, 0xd1, 0x0f, 0x9b, 0x78, 0xff,
+    0xf8, 0x49, 0x6f, 0x21, 0xbf, 0x9b, 0x0a, 0x7b, 0xe2, 0xcb, 0xfb, 0x3f,
+    0xf9, 0x28, 0xd6, 0x5f, 0xb0, 0x7b, 0x08, 0xb7, 0x16, 0x5f, 0xce, 0x40,
+    0xd8, 0x45, 0xb8, 0xb2, 0xe7, 0x1e, 0xf3, 0xe5, 0xd9, 0x30, 0xa3, 0xa3,
+    0xc3, 0xc5, 0x82, 0x84, 0x95, 0xe7, 0x2e, 0x96, 0x5e, 0xf4, 0x86, 0xb2,
+    0xbe, 0x6e, 0x4c, 0x1c, 0xbb, 0x3e, 0xb2, 0xff, 0x41, 0xbc, 0xf0, 0x6f,
+    0x2c, 0xb7, 0xbc, 0x79, 0x0e, 0x2d, 0x7f, 0xf8, 0x5a, 0x81, 0x4c, 0x27,
+    0xfe, 0xc2, 0x59, 0x7f, 0x13, 0x80, 0x9c, 0xeb, 0x2f, 0xc3, 0xf6, 0xe3,
+    0x12, 0xcb, 0xfc, 0x58, 0x7d, 0x9c, 0xd4, 0xac, 0xa9, 0x3d, 0xe8, 0x8a,
+    0xaf, 0x4f, 0xf8, 0xb2, 0xff, 0xa4, 0xfe, 0xc1, 0x8d, 0xbb, 0x59, 0x7b,
+    0xbf, 0xca, 0xca, 0xc4, 0x4a, 0x76, 0x44, 0xc3, 0x82, 0x39, 0xbe, 0xdd,
+    0x69, 0x35, 0x65, 0xe8, 0x76, 0x6a, 0xcb, 0x0d, 0x65, 0xfb, 0xfe, 0x17,
+    0xf8, 0xb2, 0x86, 0x6e, 0x8e, 0x23, 0x7e, 0x1c, 0xf0, 0x3e, 0x2c, 0xb8,
+    0x7d, 0xac, 0xa3, 0x9e, 0x08, 0x8a, 0x6f, 0xfe, 0x70, 0x75, 0xe6, 0xd1,
+    0x37, 0xf8, 0xb2, 0xff, 0x6f, 0xc8, 0x7a, 0x48, 0xd5, 0x97, 0x14, 0x6b,
+    0x2a, 0x53, 0x92, 0x19, 0x2e, 0x2c, 0xb3, 0x13, 0x91, 0x01, 0x10, 0x33,
+    0x5b, 0x7d, 0x65, 0xff, 0x4e, 0x80, 0xff, 0xd9, 0xcf, 0xac, 0xbb, 0x58,
+    0xb2, 0xfb, 0xb6, 0xee, 0x0b, 0x2e, 0x0e, 0x35, 0x94, 0xc6, 0xf4, 0x04,
+    0x95, 0xa4, 0x5f, 0xf8, 0x44, 0x07, 0x64, 0xa7, 0x76, 0x1d, 0x65, 0xed,
+    0x6f, 0xf2, 0xcb, 0xf6, 0x69, 0xe4, 0x6b, 0x2a, 0x4f, 0x6d, 0xc5, 0x88,
+    0x7e, 0xf0, 0xf0, 0x96, 0x5f, 0xfb, 0x42, 0x3f, 0x9a, 0x4e, 0xe4, 0xb2,
+    0xff, 0xb9, 0x27, 0x2c, 0x84, 0x92, 0xcb, 0xfc, 0xc5, 0xb7, 0x0e, 0xdf,
+    0x59, 0x5a, 0x45, 0x37, 0xcf, 0x77, 0x9b, 0x5c, 0x50, 0x59, 0x76, 0xc6,
+    0x62, 0xca, 0x11, 0xb3, 0xd9, 0x16, 0xa9, 0x4d, 0x2b, 0x21, 0x83, 0xba,
+    0xcb, 0x7f, 0xf7, 0x42, 0x71, 0xef, 0xc1, 0xec, 0x22, 0xdc, 0x59, 0x7c,
+    0xde, 0x9d, 0xeb, 0x2b, 0x47, 0xe7, 0xf5, 0x0b, 0xfd, 0x3a, 0x9e, 0xc1,
+    0xa9, 0x59, 0x7f, 0xed, 0x6b, 0x3d, 0x84, 0x52, 0x35, 0x97, 0x9b, 0x76,
+    0x35, 0x96, 0x8d, 0x65, 0x49, 0xb2, 0x22, 0x0b, 0xde, 0x16, 0xe2, 0xcb,
+    0xf8, 0xa7, 0xfe, 0x78, 0x2c, 0xa9, 0x3c, 0xc8, 0x88, 0x2f, 0x7e, 0x74,
+    0xb2, 0xa5, 0x36, 0xc8, 0xc8, 0x98, 0xce, 0x26, 0xe7, 0x6b, 0x11, 0x15,
+    0xcf, 0xd2, 0xcb, 0xff, 0xff, 0xd8, 0x44, 0xf0, 0xf3, 0x6d, 0x0f, 0x5a,
+    0x98, 0x37, 0xdb, 0x4e, 0x05, 0x97, 0xe1, 0x8a, 0x30, 0xce, 0xb2, 0xff,
+    0x16, 0x7f, 0xcd, 0xdc, 0x16, 0x57, 0x47, 0xbd, 0xe2, 0xbb, 0xfb, 0xbe,
+    0x61, 0xdf, 0x8b, 0x2f, 0x87, 0x9e, 0x95, 0x96, 0xd2, 0xcb, 0xf4, 0x7a,
+    0x9e, 0xf4, 0xb2, 0xa3, 0x37, 0x78, 0x23, 0x7f, 0x84, 0x3c, 0x84, 0x83,
+    0x8b, 0x2a, 0x53, 0xed, 0x80, 0xbe, 0x43, 0x55, 0x88, 0xdc, 0xb8, 0x97,
+    0x38, 0x43, 0x7f, 0xfb, 0x3d, 0xd7, 0x9b, 0xbf, 0xe1, 0xdf, 0x8b, 0x2f,
+    0xa3, 0x38, 0xb7, 0x16, 0x5f, 0xbe, 0x78, 0x88, 0x6b, 0x2f, 0xbc, 0x1e,
+    0xcb, 0xac, 0xa7, 0x3f, 0x62, 0x27, 0x11, 0x4d, 0xfa, 0x2e, 0x71, 0x8e,
+    0xb2, 0xf7, 0x05, 0xda, 0xcb, 0xfd, 0x14, 0x1f, 0x51, 0xf8, 0x4b, 0x2f,
+    0xff, 0xa3, 0x31, 0xe1, 0xce, 0x66, 0x8c, 0x9d, 0x1a, 0xb2, 0xc4, 0xb2,
+    0xfe, 0x7f, 0xf2, 0x3c, 0x31, 0x65, 0xff, 0xfc, 0xdc, 0x78, 0x71, 0xb7,
+    0xf0, 0x4e, 0xd0, 0x6d, 0xeb, 0x2e, 0x0c, 0x35, 0x95, 0x89, 0xc3, 0x44,
+    0x52, 0x71, 0xe7, 0x36, 0x02, 0xa1, 0x08, 0x7c, 0xbc, 0x35, 0xdb, 0xf6,
+    0x68, 0x00, 0x95, 0x97, 0x6c, 0x84, 0x0a, 0x37, 0x12, 0xa1, 0x52, 0x2d,
+    0x84, 0x39, 0xb0, 0xd1, 0xe6, 0x32, 0xa8, 0xd6, 0x60, 0x46, 0x38, 0xc5,
+    0xf2, 0x72, 0x0b, 0xa8, 0xe9, 0xbb, 0x6e, 0x66, 0xad, 0xc2, 0x78, 0x92,
+    0x35, 0x18, 0xef, 0xa3, 0xce, 0x78, 0xc8, 0x41, 0x09, 0x72, 0x8d, 0xdb,
+    0x92, 0x85, 0xbf, 0x29, 0x10, 0xc6, 0x5d, 0x98, 0x60, 0x87, 0x1d, 0x9e,
+    0xeb, 0x8d, 0xfe, 0x14, 0x61, 0x37, 0x77, 0x58, 0xd5, 0x95, 0x2f, 0xc0,
+    0x63, 0x1c, 0x37, 0xe1, 0x6b, 0x9c, 0x87, 0x29, 0x4d, 0xa9, 0x02, 0x71,
+    0x47, 0x86, 0x73, 0x9f, 0x52, 0x10, 0xbf, 0x09, 0xa1, 0x43, 0x54, 0x3a,
+    0xe2, 0xf7, 0x76, 0x3d, 0x2a, 0x9a, 0x6a, 0xa5, 0x2c, 0x73, 0xc5, 0x70,
+    0xa7, 0xfe, 0x0e, 0x9f, 0x33, 0x99, 0xf1, 0xb9, 0x1b, 0x4d, 0x0a, 0xeb,
+    0x1d, 0xf6, 0x7d, 0xdb, 0xa2, 0x56, 0xaf, 0xea, 0xf7, 0x25, 0x3a, 0xc5,
+    0x8a, 0x89, 0x9d, 0x62, 0xd1, 0x64, 0xfb, 0x94, 0x53, 0x5e, 0xb4, 0xc5,
+    0x8f, 0x8a, 0x7e, 0xd0, 0x57, 0x1a, 0x81, 0x79, 0xcb, 0xc2, 0xbc, 0xf1,
+    0xce, 0x5e, 0x3b, 0x57, 0xf3, 0x21, 0xfd, 0x16, 0x27, 0xd8, 0x37, 0xd6,
+    0xf5, 0xc6, 0x56, 0x83, 0x7b, 0x34, 0x95, 0x00, 0xeb, 0x6a, 0xfd, 0xdb,
+    0xe2, 0x98, 0xa0,
 };
 
-static const unsigned kPreloadedHSTSBits = 801866;
+static const unsigned kPreloadedHSTSBits = 890515;
 
-static const unsigned kHSTSRootPosition = 801215;
+static const unsigned kHSTSRootPosition = 889863;
 
 #endif  // NET_HTTP_TRANSPORT_SECURITY_STATE_STATIC_H_
diff --git a/chromium/net/http/transport_security_state_static.json b/chromium/net/http/transport_security_state_static.json
index 6a7a47fc304..6e213907a4b 100644
--- a/chromium/net/http/transport_security_state_static.json
+++ b/chromium/net/http/transport_security_state_static.json
@@ -11560,6 +11560,1268 @@
     { "name": "zuram.net", "include_subdomains": true, "mode": "force-https" },
     { "name": "zvncloud.com", "include_subdomains": true, "mode": "force-https" },
     { "name": "zyf.pw", "include_subdomains": true, "mode": "force-https" },
+    { "name": "4x.fi", "include_subdomains": true, "mode": "force-https" },
+    { "name": "4loc.us", "include_subdomains": true, "mode": "force-https" },
+    { "name": "01electronica.com.ar", "include_subdomains": true, "mode": "force-https" },
+    { "name": "25daysof.io", "include_subdomains": true, "mode": "force-https" },
+    { "name": "10hz.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "9vx.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "2bas.nl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "aaoo.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "0xn.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "1p.ro", "include_subdomains": true, "mode": "force-https" },
+    { "name": "2ulcceria.nl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "700.az", "include_subdomains": true, "mode": "force-https" },
+    { "name": "888azino.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "aapas.org.ar", "include_subdomains": true, "mode": "force-https" },
+    { "name": "abtom.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "activatemyiphone.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "actorsroom.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "83i.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "aati.info", "include_subdomains": true, "mode": "force-https" },
+    { "name": "accounts-p.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "accessacademies.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "adamgold.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "absynthe-inquisition.fr", "include_subdomains": true, "mode": "force-https" },
+    { "name": "about.ge", "include_subdomains": true, "mode": "force-https" },
+    { "name": "aderal.io", "include_subdomains": true, "mode": "force-https" },
+    { "name": "acsemb.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "abseits.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "abeus.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "adamoutler.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "acslimited.co.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ahero4all.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "aidanwoods.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "3timegear.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "aegee-utrecht.nl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "airbly.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "adver.top", "include_subdomains": true, "mode": "force-https" },
+    { "name": "alexei.su", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ahri.ovh", "include_subdomains": true, "mode": "force-https" },
+    { "name": "adrianajewelry.my", "include_subdomains": true, "mode": "force-https" },
+    { "name": "adec-emsa.ae", "include_subdomains": true, "mode": "force-https" },
+    { "name": "aiw-thkoeln.online", "include_subdomains": true, "mode": "force-https" },
+    { "name": "albertbogdanowicz.pl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "aleksib.fi", "include_subdomains": true, "mode": "force-https" },
+    { "name": "affilie.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "aktivist.in", "include_subdomains": true, "mode": "force-https" },
+    { "name": "adaptivemechanics.edu.au", "include_subdomains": true, "mode": "force-https" },
+    { "name": "amerimex.cc", "include_subdomains": true, "mode": "force-https" },
+    { "name": "alpencam.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "aluroof.eu", "include_subdomains": true, "mode": "force-https" },
+    { "name": "affordableazdivorce.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "alpencams.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "amihub.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "anarka.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "antons.io", "include_subdomains": true, "mode": "force-https" },
+    { "name": "appchive.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "anoneko.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "andre-ballensiefen.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "anonyme-spieler.at", "include_subdomains": true, "mode": "force-https" },
+    { "name": "arctic.gov", "include_subdomains": true, "mode": "force-https" },
+    { "name": "anonymousstatecollegelulzsec.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ansdell.info", "include_subdomains": true, "mode": "force-https" },
+    { "name": "arawaza.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "anduril.eu", "include_subdomains": true, "mode": "force-https" },
+    { "name": "anduril.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "antarcti.co", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ardtrade.ru", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ashutoshmishra.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ars-design.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "arrive.by", "include_subdomains": true, "mode": "force-https" },
+    { "name": "asciitable.tips", "include_subdomains": true, "mode": "force-https" },
+    { "name": "athul.xyz", "include_subdomains": true, "mode": "force-https" },
+    { "name": "arksan.com.tr", "include_subdomains": true, "mode": "force-https" },
+    { "name": "astrolpost.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "atrinik.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "asr.li", "include_subdomains": true, "mode": "force-https" },
+    { "name": "atisoft.biz", "include_subdomains": true, "mode": "force-https" },
+    { "name": "asr.rocks", "include_subdomains": true, "mode": "force-https" },
+    { "name": "aubiosales.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "asianodor.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "augaware.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "atomik.pro", "include_subdomains": true, "mode": "force-https" },
+    { "name": "arzid.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "avso.pw", "include_subdomains": true, "mode": "force-https" },
+    { "name": "avmo.pw", "include_subdomains": true, "mode": "force-https" },
+    { "name": "avxo.pw", "include_subdomains": true, "mode": "force-https" },
+    { "name": "aufmerksamkeitsstudie.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "b64.club", "include_subdomains": true, "mode": "force-https" },
+    { "name": "autodeploy.it", "include_subdomains": true, "mode": "force-https" },
+    { "name": "aukaraoke.su", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ava-creative.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "autojuhos.sk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "atnis.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "aww.moe", "include_subdomains": true, "mode": "force-https" },
+    { "name": "badbee.cc", "include_subdomains": true, "mode": "force-https" },
+    { "name": "bacontreeconsulting.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "azino777.ru", "include_subdomains": true, "mode": "force-https" },
+    { "name": "badoo.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "azazy.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ballmerpeak.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "bandb.xyz", "include_subdomains": true, "mode": "force-https" },
+    { "name": "bangzafran.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "barrett.ag", "include_subdomains": true, "mode": "force-https" },
+    { "name": "baffinlee.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "bcswampcabins.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "bancoctt.pt", "include_subdomains": true, "mode": "force-https" },
+    { "name": "bcchack.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "barbate.fr", "include_subdomains": true, "mode": "force-https" },
+    { "name": "belltower.io", "include_subdomains": true, "mode": "force-https" },
+    { "name": "barunisystems.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "beourvictim.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "bestbeards.ca", "include_subdomains": true, "mode": "force-https" },
+    { "name": "behoerden-online-dienste.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "berlatih.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "bendix.co", "include_subdomains": true, "mode": "force-https" },
+    { "name": "berger.work", "include_subdomains": true, "mode": "force-https" },
+    { "name": "berlin-kohlefrei.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "betlander.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "berrymark.be", "include_subdomains": true, "mode": "force-https" },
+    { "name": "bight.ca", "include_subdomains": true, "mode": "force-https" },
+    { "name": "binarystud.io", "include_subdomains": true, "mode": "force-https" },
+    { "name": "beyuna.co.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "biosbits.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "beyuna.eu", "include_subdomains": true, "mode": "force-https" },
+    { "name": "beyuna.nl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "bitex.la", "include_subdomains": true, "mode": "force-https" },
+    { "name": "bitcoincore.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "bettingbusiness.ru", "include_subdomains": true, "mode": "force-https" },
+    { "name": "bioshome.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "blueimp.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "blingsparkleshine.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "biurokarier.edu.pl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "blackly.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "blancodent.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "baskettemple.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "boltdata.io", "include_subdomains": true, "mode": "force-https" },
+    { "name": "boof.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "blauerhunger.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "blieque.co.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "bobcopeland.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "bobancoamigo.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "brandonwalker.me", "include_subdomains": true, "mode": "force-https" },
+    { "name": "booked.holiday", "include_subdomains": true, "mode": "force-https" },
+    { "name": "bourse-aux-vetements.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "bourasse.fr", "include_subdomains": true, "mode": "force-https" },
+    { "name": "bodrumfarm.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "boris64.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "boxing-austria.eu", "include_subdomains": true, "mode": "force-https" },
+    { "name": "btio.pw", "include_subdomains": true, "mode": "force-https" },
+    { "name": "btcontract.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "brilliantbuilders.co.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "brigidaarie.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "bubulazy.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "bubulazi.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "brefy.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "boxpirates.to", "include_subdomains": true, "mode": "force-https" },
+    { "name": "businessloanconnection.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "budaev-shop.ru", "include_subdomains": true, "mode": "force-https" },
+    { "name": "buhler.pro", "include_subdomains": true, "mode": "force-https" },
+    { "name": "buch-cuber.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "callhub.io", "include_subdomains": true, "mode": "force-https" },
+    { "name": "callear.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "caasd.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "bsagan.fr", "include_subdomains": true, "mode": "force-https" },
+    { "name": "caconnect.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "brookechase.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "burian-server.cz", "include_subdomains": true, "mode": "force-https" },
+    { "name": "campfiretails.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "c4k3.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "campaignelves.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "cadusilva.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "bynet.cz", "include_subdomains": true, "mode": "force-https" },
+    { "name": "calyxengineers.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "bvionline.eu", "include_subdomains": true, "mode": "force-https" },
+    { "name": "bunaken.asia", "include_subdomains": true, "mode": "force-https" },
+    { "name": "canadianchristianity.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "cablemod.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "buildsaver.co.za", "include_subdomains": true, "mode": "force-https" },
+    { "name": "cashew3d.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "caps.is", "include_subdomains": true, "mode": "force-https" },
+    { "name": "casovi.cf", "include_subdomains": true, "mode": "force-https" },
+    { "name": "catarsisvr.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "cdkeykopen.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ceyizlikelisleri.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "cash-pos.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "capecycles.co.za", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ceml.ch", "include_subdomains": true, "mode": "force-https" },
+    { "name": "cfxdesign.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ceoimon.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ch-sc.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "cantrack.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "charitystreet.co.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "charl.eu", "include_subdomains": true, "mode": "force-https" },
+    { "name": "chiropracticwpb.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "churchthemes.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "cheapestgamecards.se", "include_subdomains": true, "mode": "force-https" },
+    { "name": "cheapestgamecards.nl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "chengl.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "cjcaron.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "chloeallison.co.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "cheapgoa.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "cestlav.it", "include_subdomains": true, "mode": "force-https" },
+    { "name": "christina-quast.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "classicsandexotics.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "clifflu.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "chsterz.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "cinema5.ru", "include_subdomains": true, "mode": "force-https" },
+    { "name": "chronoshop.cz", "include_subdomains": true, "mode": "force-https" },
+    { "name": "cliniquepariseau.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "codeco.pw", "include_subdomains": true, "mode": "force-https" },
+    { "name": "cheapestgamecards.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "closeli.cn", "include_subdomains": true, "mode": "force-https" },
+    { "name": "clubmix.co.kr", "include_subdomains": true, "mode": "force-https" },
+    { "name": "cmlignon.ch", "include_subdomains": true, "mode": "force-https" },
+    { "name": "codeforhakodate.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "clicks.co.za", "include_subdomains": true, "mode": "force-https" },
+    { "name": "cogitoltd.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "codefordus.nrw", "include_subdomains": true, "mode": "force-https" },
+    { "name": "collins.press", "include_subdomains": true, "mode": "force-https" },
+    { "name": "clouds.webcam", "include_subdomains": true, "mode": "force-https" },
+    { "name": "colengo.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "clip.ovh", "include_subdomains": true, "mode": "force-https" },
+    { "name": "code-well.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "coldlostsick.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "coimmvest.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "clickandshoot.nl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "chateauconstellation.ch", "include_subdomains": true, "mode": "force-https" },
+    { "name": "compliancedictionary.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "compagnia-buffo.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "convergemagazine.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "creativeartifice.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "cookiesoft.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "computersystems.guru", "include_subdomains": true, "mode": "force-https" },
+    { "name": "comotalk.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "conve.eu", "include_subdomains": true, "mode": "force-https" },
+    { "name": "crea.me", "include_subdomains": true, "mode": "force-https" },
+    { "name": "crumbcontrol.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "crtvmgmt.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "corgicloud.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "crackpfer.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "crackle.io", "include_subdomains": true, "mode": "force-https" },
+    { "name": "cristiandeluxe.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "currency-strength.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "cyberspect.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "cyberspect.io", "include_subdomains": true, "mode": "force-https" },
+    { "name": "cross-view.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "cuonic.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "cup.al", "include_subdomains": true, "mode": "force-https" },
+    { "name": "danielheal.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "creativephysics.ml", "include_subdomains": true, "mode": "force-https" },
+    { "name": "cstkit.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "dad256.tk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "cujba.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "craftedge.xyz", "include_subdomains": true, "mode": "force-https" },
+    { "name": "crosssellguide.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "danielrozenberg.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "dailylifefinancial.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "danishenanigans.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "cyclehackluxembourgcity.lu", "include_subdomains": true, "mode": "force-https" },
+    { "name": "darrienworth.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "darrenellis.xyz", "include_subdomains": true, "mode": "force-https" },
+    { "name": "collins.kg", "include_subdomains": true, "mode": "force-https" },
+    { "name": "d-quantum.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "da-ist-kunst.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "davimun.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "daiweihu.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "dbldub.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ddmeportal.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "denardbrewing.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "dden.xyz", "include_subdomains": true, "mode": "force-https" },
+    { "name": "datahove.no", "include_subdomains": true, "mode": "force-https" },
+    { "name": "dealbanana.co.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "dealbanana.fr", "include_subdomains": true, "mode": "force-https" },
+    { "name": "dealbanana.be", "include_subdomains": true, "mode": "force-https" },
+    { "name": "dealbanana.at", "include_subdomains": true, "mode": "force-https" },
+    { "name": "dehopre.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "derekkent.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "dealbanana.fi", "include_subdomains": true, "mode": "force-https" },
+    { "name": "dealbanana.se", "include_subdomains": true, "mode": "force-https" },
+    { "name": "desserteagleselvenar.tk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "dethemium.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "def-pos.ru", "include_subdomains": true, "mode": "force-https" },
+    { "name": "depicus.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "dealbanana.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "deviant.email", "include_subdomains": true, "mode": "force-https" },
+    { "name": "diasporadialogues.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "digitaldeliarchive.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "depijl-mz.nl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "developerfair.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "dieselgalleri.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "dgt-portal.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "dmcibulldog.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "dinepont.fr", "include_subdomains": true, "mode": "force-https" },
+    { "name": "dollemore.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "doggieholic.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "dmz.ninja", "include_subdomains": true, "mode": "force-https" },
+    { "name": "dmfd.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "dfektlan.no", "include_subdomains": true, "mode": "force-https" },
+    { "name": "dne.lu", "include_subdomains": true, "mode": "force-https" },
+    { "name": "drishti.guru", "include_subdomains": true, "mode": "force-https" },
+    { "name": "drew.red", "include_subdomains": true, "mode": "force-https" },
+    { "name": "dollarstore24.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "docbox.ch", "include_subdomains": true, "mode": "force-https" },
+    { "name": "dominique-mueller.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "dossplumbing.co.za", "include_subdomains": true, "mode": "force-https" },
+    { "name": "doubleavineyards.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "duelysthub.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "dreamlinehost.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "doppenpost.nl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "droomhuis-in-friesland-kopen.nl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "dredgepress.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "duernberg.at", "include_subdomains": true, "mode": "force-https" },
+    { "name": "dustri.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "e-tmf.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "e-lifetechnology.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "eames-clayton.us", "include_subdomains": true, "mode": "force-https" },
+    { "name": "dvotx.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "eastmontgroup.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "dprd-wonogirikab.go.id", "include_subdomains": true, "mode": "force-https" },
+    { "name": "echipstore.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "effortlesshr.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "dwhd.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ebfe.pw", "include_subdomains": true, "mode": "force-https" },
+    { "name": "easypv.ch", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ecole-en-danger.fr", "include_subdomains": true, "mode": "force-https" },
+    { "name": "eipione.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "egg-ortho.ch", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ehrenamt-skpfcw.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "edvmesstec.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "eintageinzug.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "elaintehtaat.fi", "include_subdomains": true, "mode": "force-https" },
+    { "name": "elemprendedor.com.ve", "include_subdomains": true, "mode": "force-https" },
+    { "name": "eit-web.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "elonbase.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "emi-air-comprime.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "endlessdiy.ca", "include_subdomains": true, "mode": "force-https" },
+    { "name": "elena-baykova.ru", "include_subdomains": true, "mode": "force-https" },
+    { "name": "eltagroup.co.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "encoder.pw", "include_subdomains": true, "mode": "force-https" },
+    { "name": "embroideryexpress.co.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ender.co.at", "include_subdomains": true, "mode": "force-https" },
+    { "name": "engineeryourmarketing.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "encryptedaudience.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "enumify.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "enfoqueseguro.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ensemble-rubato.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "empleosentorreon.mx", "include_subdomains": true, "mode": "force-https" },
+    { "name": "enterprisecarclub.co.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "energy-infra.nl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ephry.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "endohaus.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "eq-serve.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "espacemontmorency.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "erichorstmanshof.nl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "estrietoit.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "exgaywatch.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "fadednet.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "exgravitus.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ethil-faer.fr", "include_subdomains": true, "mode": "force-https" },
+    { "name": "euroshop24.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "estilosapeca.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "evolutionlending.co.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "f-s-u.co.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "faretravel.co.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "fachschaft-informatik.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "exploit.cz", "include_subdomains": true, "mode": "force-https" },
+    { "name": "fernandob.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "fernandobarillas.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "experts-en-gestion.fr", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ess-cert.ru", "include_subdomains": true, "mode": "force-https" },
+    { "name": "familjenm.se", "include_subdomains": true, "mode": "force-https" },
+    { "name": "fap.no", "include_subdomains": true, "mode": "force-https" },
+    { "name": "filestar.io", "include_subdomains": true, "mode": "force-https" },
+    { "name": "fiendishmasterplan.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "first-time-offender.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "fidel.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "finneas.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "flyserver.co.il", "include_subdomains": true, "mode": "force-https" },
+    { "name": "floaternet.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "finpt.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "firstforex.co.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "flightschoolbooking.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "fittelo.cz", "include_subdomains": true, "mode": "force-https" },
+    { "name": "formbetter.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "fiws.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "fnvsecurity.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "fluidojobs.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "flipkey.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "flow.pe", "include_subdomains": true, "mode": "force-https" },
+    { "name": "foreveralone.io", "include_subdomains": true, "mode": "force-https" },
+    { "name": "fourchin.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "flexapplications.se", "include_subdomains": true, "mode": "force-https" },
+    { "name": "forschbach-janssen.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "frickenate.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "fumiware.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "freebus.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "freemyipod.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "freemanning.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "fusionmate.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "frforms.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "futuresonline.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "frogeye.fr", "include_subdomains": true, "mode": "force-https" },
+    { "name": "frtn.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "fuwafuwa.moe", "include_subdomains": true, "mode": "force-https" },
+    { "name": "gamecard-shop.nl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "fusedrops.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "geek.com.tw", "include_subdomains": true, "mode": "force-https" },
+    { "name": "gemini.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "gaelleetarnaud.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "galenskap.eu", "include_subdomains": true, "mode": "force-https" },
+    { "name": "geeklair.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "gamerslair.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "gamepad.vg", "include_subdomains": true, "mode": "force-https" },
+    { "name": "gersting.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "gameisbest.jp", "include_subdomains": true, "mode": "force-https" },
+    { "name": "geneau.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "gameparade.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "gdpventure.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "getflorence.co.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "gilgaz.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "gasnews.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "giant-powerfit.co.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ginzadelunch.jp", "include_subdomains": true, "mode": "force-https" },
+    { "name": "girlsnet.work", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ggservers.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "gianttree.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "goodenough.nz", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ginja.co.th", "include_subdomains": true, "mode": "force-https" },
+    { "name": "go4it.solutions", "include_subdomains": true, "mode": "force-https" },
+    { "name": "gostudy.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "gold24.ru", "include_subdomains": true, "mode": "force-https" },
+    { "name": "gratisonlinesex.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "grassenberg.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "graasp.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "groupebaillargeon.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "grokker.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "gtchipsi.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "greiners.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "grieg.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "gryffin.tk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "gycis.me", "include_subdomains": true, "mode": "force-https" },
+    { "name": "greenhillantiques.co.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "gurueffect.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "gsnort.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "h404bi.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "gryffin.ga", "include_subdomains": true, "mode": "force-https" },
+    { "name": "guinea-pig.co", "include_subdomains": true, "mode": "force-https" },
+    { "name": "grozip.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "hallelujahsoftware.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "haeckdesign.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "hakugin.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "happygastro.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "gold24.in", "include_subdomains": true, "mode": "force-https" },
+    { "name": "hdrboundless.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "hausarzt-stader-str.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "hatcherlawgroupnm.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "hepteract.us", "include_subdomains": true, "mode": "force-https" },
+    { "name": "hartlep.email", "include_subdomains": true, "mode": "force-https" },
+    { "name": "hcs-company.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "heritagedentistry.ca", "include_subdomains": true, "mode": "force-https" },
+    { "name": "hdsmigrationtool.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "hiexmerida-mailing.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "hlfh.space", "include_subdomains": true, "mode": "force-https" },
+    { "name": "helpgoabroad.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "holo.ovh", "include_subdomains": true, "mode": "force-https" },
+    { "name": "heissluft-fritteuse.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "holyhiphopdatabase.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "horvathtom.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "homophoni.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "hooowl.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "holzheizer-forum.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "holzheizerforum.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "holzvergaser-forum.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "hotel-tongruben.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "hotelvictoriaoax-mailing.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "hostisan.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "hotelvillahermosa-mailing.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "horstmanshof.eu", "include_subdomains": true, "mode": "force-https" },
+    { "name": "hypemgmt.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "hwag-pb.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "htmue.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "huang.nu", "include_subdomains": true, "mode": "force-https" },
+    { "name": "huagati.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "icfl.com.br", "include_subdomains": true, "mode": "force-https" },
+    { "name": "housemaadiah.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "idahoansforliberty.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "i-jp.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "humpi.at", "include_subdomains": true, "mode": "force-https" },
+    { "name": "i-stats.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "idontexist.me", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ichoosebtec.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "illegalpornography.me", "include_subdomains": true, "mode": "force-https" },
+    { "name": "hussam.eu.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "imguploaden.nl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "iltisim.ch", "include_subdomains": true, "mode": "force-https" },
+    { "name": "indicateurs-flash.fr", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ikocik.sk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "integrityingovernmentidaho.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "intellectdynamics.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "inabox.ro", "include_subdomains": true, "mode": "force-https" },
+    { "name": "inovatec.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "hortifarm.ro", "include_subdomains": true, "mode": "force-https" },
+    { "name": "internetpro.me", "include_subdomains": true, "mode": "force-https" },
+    { "name": "internetofdon.gs", "include_subdomains": true, "mode": "force-https" },
+    { "name": "infmed.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "interim-cto.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ipokabu.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "intervisteperstrada.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ip2country.info", "include_subdomains": true, "mode": "force-https" },
+    { "name": "internetdentalalliance.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "iqcn.co", "include_subdomains": true, "mode": "force-https" },
+    { "name": "iosmods.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "irelandesign.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "iprody.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "isdown.cz", "include_subdomains": true, "mode": "force-https" },
+    { "name": "iptel.ro", "include_subdomains": true, "mode": "force-https" },
+    { "name": "iww.mx", "include_subdomains": true, "mode": "force-https" },
+    { "name": "isslshop.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "istaspirtslietas.lv", "include_subdomains": true, "mode": "force-https" },
+    { "name": "jaimechanaga.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ixds.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "itis4u.ch", "include_subdomains": true, "mode": "force-https" },
+    { "name": "jabbari.io", "include_subdomains": true, "mode": "force-https" },
+    { "name": "j15t98j.co.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ja-dyck.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "jeepmafia.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "jan-and-maaret.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ivi-fertility.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "jasmineconseil.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "jannyrijneveld.nl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "imguoguo.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ivi.es", "include_subdomains": true, "mode": "force-https" },
+    { "name": "jan-cermak.cz", "include_subdomains": true, "mode": "force-https" },
+    { "name": "jimgao.tk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "jeroenseegers.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "itcko.sk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "joedavison.me", "include_subdomains": true, "mode": "force-https" },
+    { "name": "jonesborostatebank.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "joshuarogers.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "jetsetpay.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "joestead.codes", "include_subdomains": true, "mode": "force-https" },
+    { "name": "jointoweb.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "joshtriplett.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "justinlemay.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "jonarcher.info", "include_subdomains": true, "mode": "force-https" },
+    { "name": "junglist.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "juch.cc", "include_subdomains": true, "mode": "force-https" },
+    { "name": "jasonroe.me", "include_subdomains": true, "mode": "force-https" },
+    { "name": "jotpics.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "jiveiaktivno.bg", "include_subdomains": true, "mode": "force-https" },
+    { "name": "jutella.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "jschumacher.info", "include_subdomains": true, "mode": "force-https" },
+    { "name": "kandalife.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "kaliaa.fi", "include_subdomains": true, "mode": "force-https" },
+    { "name": "kabat-fans.cz", "include_subdomains": true, "mode": "force-https" },
+    { "name": "kajak.land", "include_subdomains": true, "mode": "force-https" },
+    { "name": "karmabaker.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "karatorian.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "kc5mpk.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "keithws.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "kabus.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "karhukamera.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "kattelans.eu", "include_subdomains": true, "mode": "force-https" },
+    { "name": "keifel.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "kendu.si", "include_subdomains": true, "mode": "force-https" },
+    { "name": "kimmel.in", "include_subdomains": true, "mode": "force-https" },
+    { "name": "kaniklani.co.za", "include_subdomains": true, "mode": "force-https" },
+    { "name": "kinkdr.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "kingqueen.org.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "kindlyfire.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "kn007.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "kirsch-gestaltung.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "kevindekoninck.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "kinkenonline.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "knowledgesnap.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "klares-licht.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "khmb.ru", "include_subdomains": true, "mode": "force-https" },
+    { "name": "kjchernov.info", "include_subdomains": true, "mode": "force-https" },
+    { "name": "kletterkater.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "klangnok.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "koebbes.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "koniecfica.sk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "korsanparti.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "kontorhaus-schlachte.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "kopular.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "kolmann.at", "include_subdomains": true, "mode": "force-https" },
+    { "name": "kopfsalat.eu", "include_subdomains": true, "mode": "force-https" },
+    { "name": "korrelzout.nl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "kreb.io", "include_subdomains": true, "mode": "force-https" },
+    { "name": "krislamoureux.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "krk-media.pl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "kroon.email", "include_subdomains": true, "mode": "force-https" },
+    { "name": "kryptomech.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "krmeni.cz", "include_subdomains": true, "mode": "force-https" },
+    { "name": "kuemmling.eu", "include_subdomains": true, "mode": "force-https" },
+    { "name": "kwbresidential.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "kylling.io", "include_subdomains": true, "mode": "force-https" },
+    { "name": "kwok.cc", "include_subdomains": true, "mode": "force-https" },
+    { "name": "kylapps.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "kuschelmikroben.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "kzsdabas.hu", "include_subdomains": true, "mode": "force-https" },
+    { "name": "l4n-clan.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "lak-berlin.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "lacasabelucci.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "lagarderob.ru", "include_subdomains": true, "mode": "force-https" },
+    { "name": "lamaland.ru", "include_subdomains": true, "mode": "force-https" },
+    { "name": "lancork.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "laozhu.me", "include_subdomains": true, "mode": "force-https" },
+    { "name": "lars-ewald.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "lavoiepharmd.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "laventainnhotel-mailing.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "lavinya.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "leadership9.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "kravelindo-adventure.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "lausitzer-widerstand.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "le-h.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "leaversmith.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "lewislaw.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "liam-w.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "leardev.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "liamjack.fr", "include_subdomains": true, "mode": "force-https" },
+    { "name": "littlefreelibrary.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "life-time.nl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "linuxfixed.it", "include_subdomains": true, "mode": "force-https" },
+    { "name": "liornavok.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "lisaco.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "lnoldan.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "logistify.com.mx", "include_subdomains": true, "mode": "force-https" },
+    { "name": "lister-kirchweg.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "livecards.co.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "livekort.dk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "loli.pet", "include_subdomains": true, "mode": "force-https" },
+    { "name": "luine.xyz", "include_subdomains": true, "mode": "force-https" },
+    { "name": "lisonfan.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "livekaarten.be", "include_subdomains": true, "mode": "force-https" },
+    { "name": "loveisourweapon.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "lostinweb.eu", "include_subdomains": true, "mode": "force-https" },
+    { "name": "livekort.se", "include_subdomains": true, "mode": "force-https" },
+    { "name": "lone-gunman.be", "include_subdomains": true, "mode": "force-https" },
+    { "name": "lovelive.us", "include_subdomains": true, "mode": "force-https" },
+    { "name": "luxsci.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "macinyasha.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "lovingearth.co", "include_subdomains": true, "mode": "force-https" },
+    { "name": "m82labs.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "luoe.ml", "include_subdomains": true, "mode": "force-https" },
+    { "name": "loveyounastya.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "magicball.co", "include_subdomains": true, "mode": "force-https" },
+    { "name": "lzkill.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "lwl-foej-bewerbung.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "luohua.im", "include_subdomains": true, "mode": "force-https" },
+    { "name": "luoh.cc", "include_subdomains": true, "mode": "force-https" },
+    { "name": "mailing-jbgg.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "luoh.me", "include_subdomains": true, "mode": "force-https" },
+    { "name": "lukaszdolan.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "mansfieldplacevt.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "manifestbin.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "markom.rs", "include_subdomains": true, "mode": "force-https" },
+    { "name": "mariannematthew.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "marriottvetcareers.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "martinsfamilyappliance.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "mastellone.us", "include_subdomains": true, "mode": "force-https" },
+    { "name": "maxmilton.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "markoh.co.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "lsp-sports.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "masteringtheterminal.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "marines-shop.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "mccarty.io", "include_subdomains": true, "mode": "force-https" },
+    { "name": "maximdeboiserie.be", "include_subdomains": true, "mode": "force-https" },
+    { "name": "mcuong.tk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "mcadmin.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "matthiassteen.be", "include_subdomains": true, "mode": "force-https" },
+    { "name": "mccrackon.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "md5hashing.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "maya.mg", "include_subdomains": true, "mode": "force-https" },
+    { "name": "meredithkm.info", "include_subdomains": true, "mode": "force-https" },
+    { "name": "megadrol.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "mechanixdirect.co.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "meetmibaby.co.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "mentz.info", "include_subdomains": true, "mode": "force-https" },
+    { "name": "meedoenhartvanwestbrabant.nl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "meteosherbrooke.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "mersinunivercity.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "mentiq.az", "include_subdomains": true, "mode": "force-https" },
+    { "name": "mega.online", "include_subdomains": true, "mode": "force-https" },
+    { "name": "mcdonalds.be", "include_subdomains": true, "mode": "force-https" },
+    { "name": "medicinesfast.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "michaelwaite.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "miagexport.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "metis.pw", "include_subdomains": true, "mode": "force-https" },
+    { "name": "meteobox.cz", "include_subdomains": true, "mode": "force-https" },
+    { "name": "mgdigital.fr", "include_subdomains": true, "mode": "force-https" },
+    { "name": "meteobox.co", "include_subdomains": true, "mode": "force-https" },
+    { "name": "michiganunionoptout.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "meteobox.fr", "include_subdomains": true, "mode": "force-https" },
+    { "name": "meteobox.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "michaelmorpurgo.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "meteobox.es", "include_subdomains": true, "mode": "force-https" },
+    { "name": "meteobox.mx", "include_subdomains": true, "mode": "force-https" },
+    { "name": "michaelrigart.be", "include_subdomains": true, "mode": "force-https" },
+    { "name": "meteobox.pl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "meteobox.sk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "michael-rigart.be", "include_subdomains": true, "mode": "force-https" },
+    { "name": "mjacobson.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "minesouls.fr", "include_subdomains": true, "mode": "force-https" },
+    { "name": "mitrecaasd.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "mitremai.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "minipainting.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "mini2.fi", "include_subdomains": true, "mode": "force-https" },
+    { "name": "minecraftserverz.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "mm404.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "moar.so", "include_subdomains": true, "mode": "force-https" },
+    { "name": "mit-uns.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "mlsrv.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "mindcraft.ga", "include_subdomains": true, "mode": "force-https" },
+    { "name": "mobaircon.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "modelcase.co.jp", "include_subdomains": true, "mode": "force-https" },
+    { "name": "mobilekey.co", "include_subdomains": true, "mode": "force-https" },
+    { "name": "mnmt.no", "include_subdomains": true, "mode": "force-https" },
+    { "name": "montonicms.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "modernapprenticeships.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "mottvd.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "modernibytovytextil.cz", "include_subdomains": true, "mode": "force-https" },
+    { "name": "maliskovik.si", "include_subdomains": true, "mode": "force-https" },
+    { "name": "mor.cloud", "include_subdomains": true, "mode": "force-https" },
+    { "name": "mon-partage.fr", "include_subdomains": true, "mode": "force-https" },
+    { "name": "moon.lc", "include_subdomains": true, "mode": "force-https" },
+    { "name": "minis-hip.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "moonraptor.co.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "moritz-baestlein.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "morotech.com.br", "include_subdomains": true, "mode": "force-https" },
+    { "name": "monitaure.io", "include_subdomains": true, "mode": "force-https" },
+    { "name": "muriburiland.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "mszaki.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "mykeepsake.xyz", "include_subdomains": true, "mode": "force-https" },
+    { "name": "nafod.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "mypayoffloan.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "mydnatest.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "namegrep.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "namu.wiki", "include_subdomains": true, "mode": "force-https" },
+    { "name": "mybuilderinlondon.co.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "narada.com.ua", "include_subdomains": true, "mode": "force-https" },
+    { "name": "nanto.eu", "include_subdomains": true, "mode": "force-https" },
+    { "name": "nav.jobs", "include_subdomains": true, "mode": "force-https" },
+    { "name": "nargele.eu", "include_subdomains": true, "mode": "force-https" },
+    { "name": "myphonebox.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "neer.io", "include_subdomains": true, "mode": "force-https" },
+    { "name": "nelhage.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "natenom.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ncpc.gov", "include_subdomains": true, "mode": "force-https" },
+    { "name": "netnodes.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "nepustil.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "nerdtime.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "netsoins.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "netronix.be", "include_subdomains": true, "mode": "force-https" },
+    { "name": "newantiagingcreams.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "networx-online.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "neuhaus-city.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "new-process.ch", "include_subdomains": true, "mode": "force-https" },
+    { "name": "newpathintegratedtherapy.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "netsigna.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "nfrost.me", "include_subdomains": true, "mode": "force-https" },
+    { "name": "netzzwerg4u.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "newtonhaus.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "nicocourts.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "nikksno.io", "include_subdomains": true, "mode": "force-https" },
+    { "name": "niagaraschoice.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "nitropur.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "nicolasklotz.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "nicolasbettag.me", "include_subdomains": true, "mode": "force-https" },
+    { "name": "nibiisclaim.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "nicestudio.co.il", "include_subdomains": true, "mode": "force-https" },
+    { "name": "nixmag.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "nodecompat.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "niouininon.eu", "include_subdomains": true, "mode": "force-https" },
+    { "name": "nippombashi.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "nowlas.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "novawave.ca", "include_subdomains": true, "mode": "force-https" },
+    { "name": "nordiccasinocommunity.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "norrliden.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "niggemeier.cc", "include_subdomains": true, "mode": "force-https" },
+    { "name": "notbolaget.se", "include_subdomains": true, "mode": "force-https" },
+    { "name": "nordseeblicke.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "nysepho.pw", "include_subdomains": true, "mode": "force-https" },
+    { "name": "nube.ninja", "include_subdomains": true, "mode": "force-https" },
+    { "name": "obsproject.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "nukute.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "numero-aleatorio.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ockendenhemming.co.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "oh14.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ojls.co", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ons.ca", "include_subdomains": true, "mode": "force-https" },
+    { "name": "onlinebizdirect.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "onearth.one", "include_subdomains": true, "mode": "force-https" },
+    { "name": "onarto.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "newline.online", "include_subdomains": true, "mode": "force-https" },
+    { "name": "openbsd.id", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ogogoshop.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "oneminutefilm.tv", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ogocare.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "optimista.soy", "include_subdomains": true, "mode": "force-https" },
+    { "name": "oogami.name", "include_subdomains": true, "mode": "force-https" },
+    { "name": "onysix.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "open.gl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "osp.cx", "include_subdomains": true, "mode": "force-https" },
+    { "name": "opstacks.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "osmanlitorunu.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "orleika.ml", "include_subdomains": true, "mode": "force-https" },
+    { "name": "oleksii.name", "include_subdomains": true, "mode": "force-https" },
+    { "name": "opreismetingvoorunicef.nl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "openmind-shop.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ostr.io", "include_subdomains": true, "mode": "force-https" },
+    { "name": "optimuscrime.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "otichi.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "pansu.space", "include_subdomains": true, "mode": "force-https" },
+    { "name": "paket.io", "include_subdomains": true, "mode": "force-https" },
+    { "name": "overalglas.nl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "opensourcehouse.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "oxynux.xyz", "include_subdomains": true, "mode": "force-https" },
+    { "name": "partnercardservices.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "parleur.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "papa-webzeit.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "pastenib.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "penguinclientsystem.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "percolate.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "pdevio.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "oyste.in", "include_subdomains": true, "mode": "force-https" },
+    { "name": "petruzz.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "peterboers.info", "include_subdomains": true, "mode": "force-https" },
+    { "name": "phantasie.cc", "include_subdomains": true, "mode": "force-https" },
+    { "name": "perroud.pro", "include_subdomains": true, "mode": "force-https" },
+    { "name": "perthdevicelab.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "pgpmail.cc", "include_subdomains": true, "mode": "force-https" },
+    { "name": "peterfolta.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "pfolta.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "performancesantafe.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "pirateproxy.pe", "include_subdomains": true, "mode": "force-https" },
+    { "name": "parlamento.gub.uy", "include_subdomains": true, "mode": "force-https" },
+    { "name": "pims.global", "include_subdomains": true, "mode": "force-https" },
+    { "name": "pluginsloaded.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "pinkhq.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "plugcubed.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "pokeinthe.io", "include_subdomains": true, "mode": "force-https" },
+    { "name": "pixi.chat", "include_subdomains": true, "mode": "force-https" },
+    { "name": "pocketsix.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "playflick.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "poris.web.id", "include_subdomains": true, "mode": "force-https" },
+    { "name": "portercup.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ponolau.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "pornstars.me", "include_subdomains": true, "mode": "force-https" },
+    { "name": "pointagri.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "privacylabs.io", "include_subdomains": true, "mode": "force-https" },
+    { "name": "postcodegarant.nl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "placollection.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "port443.hamburg", "include_subdomains": true, "mode": "force-https" },
+    { "name": "potpourrifestival.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "prgslab.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "prettytunesapp.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "prescriptiondrugs.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "proxybay.tv", "include_subdomains": true, "mode": "force-https" },
+    { "name": "proslimdiets.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "priolkar.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "property-catalogue.eu", "include_subdomains": true, "mode": "force-https" },
+    { "name": "pypi.io", "include_subdomains": true, "mode": "force-https" },
+    { "name": "prontocleaners.co.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "proteus-tech.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "proust.media", "include_subdomains": true, "mode": "force-https" },
+    { "name": "prontomovers.co.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "prestburyscouts.org.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "propershave.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "pubreviews.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "punchkickinteractive.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "qbeing.info", "include_subdomains": true, "mode": "force-https" },
+    { "name": "propactrading.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "pulsar.guru", "include_subdomains": true, "mode": "force-https" },
+    { "name": "psncardplus.se", "include_subdomains": true, "mode": "force-https" },
+    { "name": "punkapoule.fr", "include_subdomains": true, "mode": "force-https" },
+    { "name": "psncardplus.be", "include_subdomains": true, "mode": "force-https" },
+    { "name": "psncardplus.dk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "psncardplus.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "quail.solutions", "include_subdomains": true, "mode": "force-https" },
+    { "name": "radar.sx", "include_subdomains": true, "mode": "force-https" },
+    { "name": "r0uzic.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "qkka.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "psncardplus.nl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "quakelive.dk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "qldformulaford.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "pwntr.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "rak-business-service.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "raceviewequestrian.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "rbxcatalog.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "raceviewcycles.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ramonj.nl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ray-home.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "raymd.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "rebootmc.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "reggae-cdmx.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ram-it.nl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "refreshingserum.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ray-works.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "rayworks.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "redstickfestival.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "recepty.eu", "include_subdomains": true, "mode": "force-https" },
+    { "name": "refill-roboter.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "redra.ws", "include_subdomains": true, "mode": "force-https" },
+    { "name": "redshiftcybersecurity.co.za", "include_subdomains": true, "mode": "force-https" },
+    { "name": "relayawards.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "rem.pe", "include_subdomains": true, "mode": "force-https" },
+    { "name": "remitatm.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "res-rheingau.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "regionalcoalition.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "rentacarcluj.xyz", "include_subdomains": true, "mode": "force-https" },
+    { "name": "rex.st", "include_subdomains": true, "mode": "force-https" },
+    { "name": "revapost.ch", "include_subdomains": true, "mode": "force-https" },
+    { "name": "rex.tc", "include_subdomains": true, "mode": "force-https" },
+    { "name": "revlect.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "rezept-planer.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "remonti.info", "include_subdomains": true, "mode": "force-https" },
+    { "name": "recordeuropa.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "riscascape.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "rithm.ch", "include_subdomains": true, "mode": "force-https" },
+    { "name": "rhapsodhy.hu", "include_subdomains": true, "mode": "force-https" },
+    { "name": "rochman.id", "include_subdomains": true, "mode": "force-https" },
+    { "name": "rigartmichael.be", "include_subdomains": true, "mode": "force-https" },
+    { "name": "rigart-michael.be", "include_subdomains": true, "mode": "force-https" },
+    { "name": "rointe.online", "include_subdomains": true, "mode": "force-https" },
+    { "name": "rotozen.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "royalhop.co", "include_subdomains": true, "mode": "force-https" },
+    { "name": "rokort.dk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "rogue-e.xyz", "include_subdomains": true, "mode": "force-https" },
+    { "name": "righttobuy.gov.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "rsauget.fr", "include_subdomains": true, "mode": "force-https" },
+    { "name": "robhorstmanshof.nl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "royalvisiongroup.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ruffbeatz.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ruhrmobil-e.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "rubbermaidoutlet.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "runawebinar.nl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "rr105.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "samraskauskas.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "s-mdb.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "saraleebread.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "sagsmarseille.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "sagedocumentmanager.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "sanissimo.com.mx", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ruh-veit.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "saleslift.pl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "saba-piserver.info", "include_subdomains": true, "mode": "force-https" },
+    { "name": "samirnassar.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "sangwon.io", "include_subdomains": true, "mode": "force-https" },
+    { "name": "saml-gateway.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "sandobygg.se", "include_subdomains": true, "mode": "force-https" },
+    { "name": "sandogruppen.se", "include_subdomains": true, "mode": "force-https" },
+    { "name": "saro.me", "include_subdomains": true, "mode": "force-https" },
+    { "name": "sbirecruitment.co.in", "include_subdomains": true, "mode": "force-https" },
+    { "name": "sansemea.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "samsen.club", "include_subdomains": true, "mode": "force-https" },
+    { "name": "savekorea.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "sat.rent", "include_subdomains": true, "mode": "force-https" },
+    { "name": "sasyabapi.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "scottgruber.me", "include_subdomains": true, "mode": "force-https" },
+    { "name": "sbox-archives.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "sby.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "sauerbrey.eu", "include_subdomains": true, "mode": "force-https" },
+    { "name": "scottdial.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "scheidtweiler.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "scrollstory.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "schnellno.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "schurkenstaat.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "saruwebshop.co.za", "include_subdomains": true, "mode": "force-https" },
+    { "name": "school.in.th", "include_subdomains": true, "mode": "force-https" },
+    { "name": "roffe.nu", "include_subdomains": true, "mode": "force-https" },
+    { "name": "science-texts.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "scourt.info", "include_subdomains": true, "mode": "force-https" },
+    { "name": "sectio-aurea.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "sebster.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "seasons.nu", "include_subdomains": true, "mode": "force-https" },
+    { "name": "seamless.no", "include_subdomains": true, "mode": "force-https" },
+    { "name": "segulink.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "sendash.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "sedziapilkarski.pl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "selfie-france.fr", "include_subdomains": true, "mode": "force-https" },
+    { "name": "seida.at", "include_subdomains": true, "mode": "force-https" },
+    { "name": "semps-2fa.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "semps-threema.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "sharepass.pw", "include_subdomains": true, "mode": "force-https" },
+    { "name": "shakes4u.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "selfserverx.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "sharvey.ca", "include_subdomains": true, "mode": "force-https" },
+    { "name": "securitymap.wiki", "include_subdomains": true, "mode": "force-https" },
+    { "name": "shadowmorph.info", "include_subdomains": true, "mode": "force-https" },
+    { "name": "shaobin.wang", "include_subdomains": true, "mode": "force-https" },
+    { "name": "shalott.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "shadowguardian507-irl.tk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "satriyowibowo.my.id", "include_subdomains": true, "mode": "force-https" },
+    { "name": "shareworx.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "sharesplitter.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "simpan.id", "include_subdomains": true, "mode": "force-https" },
+    { "name": "skyflix.me", "include_subdomains": true, "mode": "force-https" },
+    { "name": "security-taskforce.be", "include_subdomains": true, "mode": "force-https" },
+    { "name": "sillisalaatti.fi", "include_subdomains": true, "mode": "force-https" },
+    { "name": "skyasker.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "skillseo.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "shamariki.ru", "include_subdomains": true, "mode": "force-https" },
+    { "name": "sl1pkn07.wtf", "include_subdomains": true, "mode": "force-https" },
+    { "name": "snelxboxlivegold.nl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "smvfd.info", "include_subdomains": true, "mode": "force-https" },
+    { "name": "snoupon.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "skyveo.ml", "include_subdomains": true, "mode": "force-https" },
+    { "name": "smallchat.nl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "smatch.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "smdev.fr", "include_subdomains": true, "mode": "force-https" },
+    { "name": "snod.land", "include_subdomains": true, "mode": "force-https" },
+    { "name": "smartit.pro", "include_subdomains": true, "mode": "force-https" },
+    { "name": "solomisael.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "snazzie.nl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "sopheos.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "sourcebox.be", "include_subdomains": true, "mode": "force-https" },
+    { "name": "sparkforautism.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "sonicrainboom.rocks", "include_subdomains": true, "mode": "force-https" },
+    { "name": "slicklines.co.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "sprigings.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "spititout.it", "include_subdomains": true, "mode": "force-https" },
+    { "name": "spibe.is", "include_subdomains": true, "mode": "force-https" },
+    { "name": "sponsortobias.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "spyprofit.ru", "include_subdomains": true, "mode": "force-https" },
+    { "name": "sqshq.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "stamkassa.nl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "sslsurvey.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "sprutech.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ssmato.me", "include_subdomains": true, "mode": "force-https" },
+    { "name": "spotifyripper.tk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "stat.ink", "include_subdomains": true, "mode": "force-https" },
+    { "name": "state-sponsored-actors.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "stargatepartners.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "stayokhotelscdc-mailing.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ssersay.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "stevenhumphrey.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "stig.io", "include_subdomains": true, "mode": "force-https" },
+    { "name": "stillblackhat.id", "include_subdomains": true, "mode": "force-https" },
+    { "name": "stpatricksguild.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "stardanceacademy.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "sotiran.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "strbt.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "sunsetwx.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "stutelage.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "sushi101tempe.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "surgicalassociateswny.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "sslhosting.cz", "include_subdomains": true, "mode": "force-https" },
+    { "name": "stigroom.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "studiozelden.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "svatba-frantovi.cz", "include_subdomains": true, "mode": "force-https" },
+    { "name": "sumoatm.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "tails.com.ar", "include_subdomains": true, "mode": "force-https" },
+    { "name": "tabelfirme.ro", "include_subdomains": true, "mode": "force-https" },
+    { "name": "sv-turm-hohenlimburg.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "taravancil.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "swimturk.com.tr", "include_subdomains": true, "mode": "force-https" },
+    { "name": "tangibilizing.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "synabi.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "sysadmin.xyz", "include_subdomains": true, "mode": "force-https" },
+    { "name": "tastyyy.co", "include_subdomains": true, "mode": "force-https" },
+    { "name": "taabe.xyz", "include_subdomains": true, "mode": "force-https" },
+    { "name": "t3rror.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "take1give1.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "szentistvanpt.sk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "talklifestyle.nl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "teasenetwork.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "takk.pl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "sy-anduril.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "tantotiempo.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "syno.gq", "include_subdomains": true, "mode": "force-https" },
+    { "name": "syrocon.ch", "include_subdomains": true, "mode": "force-https" },
+    { "name": "tamasszabo.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "taxisafmatosinhos.pt", "include_subdomains": true, "mode": "force-https" },
+    { "name": "tech55i.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "techorbiter.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "teabagdesign.co.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "teamsocial.co", "include_subdomains": true, "mode": "force-https" },
+    { "name": "tesoro.pr", "include_subdomains": true, "mode": "force-https" },
+    { "name": "teriiphotography.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "team-bbd.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "tbitc.ch", "include_subdomains": true, "mode": "force-https" },
+    { "name": "teknologi.or.id", "include_subdomains": true, "mode": "force-https" },
+    { "name": "testadren.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "tensionup.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "tf2stadium.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "tenni.xyz", "include_subdomains": true, "mode": "force-https" },
+    { "name": "thebigdatacompany.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "thecapitalbank.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "telefisk.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "thecharlestonwaldorf.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "tfl.lu", "include_subdomains": true, "mode": "force-https" },
+    { "name": "thelaimlife.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "thelinuxspace.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "th-bl.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "themarble.co", "include_subdomains": true, "mode": "force-https" },
+    { "name": "thewhitehat.club", "include_subdomains": true, "mode": "force-https" },
+    { "name": "theeyeopener.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "thekingofhate.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "thewhitneypaige.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "thinlyveiledcontempt.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "themoderate.xyz", "include_subdomains": true, "mode": "force-https" },
+    { "name": "timcamara.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "theramo.re", "include_subdomains": true, "mode": "force-https" },
+    { "name": "tfcoms-sp-tracker-client.azurewebsites.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "tech-clips.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "thephonecaseplace.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "tilikum.io", "include_subdomains": true, "mode": "force-https" },
+    { "name": "thisisacompletetest.ga", "include_subdomains": true, "mode": "force-https" },
+    { "name": "tillseasyscore.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "timvivian.ca", "include_subdomains": true, "mode": "force-https" },
+    { "name": "titanous.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "topyx.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "timbeilby.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "thelittlecraft.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "tombaker.me", "include_subdomains": true, "mode": "force-https" },
+    { "name": "timersuite.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "tonyfantjr.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "throughthelookingglasslens.co.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "toverland-tickets.nl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "tmf.ru", "include_subdomains": true, "mode": "force-https" },
+    { "name": "tiacollection.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "topfivepercent.co.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "transfers.do", "include_subdomains": true, "mode": "force-https" },
+    { "name": "torv.rocks", "include_subdomains": true, "mode": "force-https" },
+    { "name": "tonabor.ru", "include_subdomains": true, "mode": "force-https" },
+    { "name": "transfigurewizard.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "trusitio.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "trunkjunk.co", "include_subdomains": true, "mode": "force-https" },
+    { "name": "truestaradvisors.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "torrenttop100.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "transdirect.com.au", "include_subdomains": true, "mode": "force-https" },
+    { "name": "tryfabulousdiet.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "tryfabulousskincream.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "tryfabulousskinserum.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "trommelwirbel.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "tsumegumi.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "tranos.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "trkpuls.tk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "touchstonefms.co.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "trondelan.no", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ueu.me", "include_subdomains": true, "mode": "force-https" },
+    { "name": "twelve.today", "include_subdomains": true, "mode": "force-https" },
+    { "name": "tuxflow.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "tumelum.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "tyrelius.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "unblocked.win", "include_subdomains": true, "mode": "force-https" },
+    { "name": "unblockmy.party", "include_subdomains": true, "mode": "force-https" },
+    { "name": "unblockmy.tech", "include_subdomains": true, "mode": "force-https" },
+    { "name": "twee-onder-een-kap-woning-in-brielle-kopen.nl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "typo3.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ubtce.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "unblockmy.xyz", "include_subdomains": true, "mode": "force-https" },
+    { "name": "unblockthe.top", "include_subdomains": true, "mode": "force-https" },
+    { "name": "unblockthe.site", "include_subdomains": true, "mode": "force-https" },
+    { "name": "tvbeugels.nl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "uberwald.ws", "include_subdomains": true, "mode": "force-https" },
+    { "name": "typeblog.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "uesociedadlimitada.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "unitedcyberdevelopment.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "truebred-labradors.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "unearaigneeauplafond.fr", "include_subdomains": true, "mode": "force-https" },
+    { "name": "unisyssecurity.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "uniq.site", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ungegamere.dk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "utopiagalaxy.space", "include_subdomains": true, "mode": "force-https" },
+    { "name": "usabackground.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "uslab.io", "include_subdomains": true, "mode": "force-https" },
+    { "name": "utopianrealms.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "upldr.pw", "include_subdomains": true, "mode": "force-https" },
+    { "name": "usetypo3.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "turniker.ru", "include_subdomains": true, "mode": "force-https" },
+    { "name": "vault21.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "unplugg3r.dk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "utopicestudios.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "upr.com.ua", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ubicloud.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "unirenter.ru", "include_subdomains": true, "mode": "force-https" },
+    { "name": "varicoseveinssolution.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "valitron.se", "include_subdomains": true, "mode": "force-https" },
+    { "name": "valskis.lt", "include_subdomains": true, "mode": "force-https" },
+    { "name": "vilaydin.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "vgerak.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "verifiedinvesting.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "vieaw.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "vide-dressing.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "vereinscheck.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "vgropp.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "veronique-schmitz.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "vio.no", "include_subdomains": true, "mode": "force-https" },
+    { "name": "viphospitality.se", "include_subdomains": true, "mode": "force-https" },
+    { "name": "vnd.cloud", "include_subdomains": true, "mode": "force-https" },
+    { "name": "tokyo-powerstation.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "volkden.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "vitalismaatjes.nl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "virtualperez.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "vleij.family", "include_subdomains": true, "mode": "force-https" },
+    { "name": "visionarymedia.nl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "vispaleistexel.nl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "volker-gropp.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "wearegenki.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "wafa4hw.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "vkox.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "voorjou.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "virtuallifestyle.nl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "wayohoo.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "virginiacrimeanalysisnetwork.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "watchweasel.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "warekon.dk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "wbt-solutions.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "wayohoo.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "vozp.cz", "include_subdomains": true, "mode": "force-https" },
+    { "name": "wbt-solutions.ch", "include_subdomains": true, "mode": "force-https" },
+    { "name": "wefinanceinc.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "web-torrent.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "webapps.directory", "include_subdomains": true, "mode": "force-https" },
+    { "name": "weaverhairextensions.nl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "web-hotel.gr", "include_subdomains": true, "mode": "force-https" },
+    { "name": "webdev.mobi", "include_subdomains": true, "mode": "force-https" },
+    { "name": "webmedpharmacy.co.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "weme.eu", "include_subdomains": true, "mode": "force-https" },
+    { "name": "werktor.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "wheeler.kiwi.nz", "include_subdomains": true, "mode": "force-https" },
+    { "name": "whiterabbitcakery.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "whistleb.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "widemann.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "whiteroom.agency", "include_subdomains": true, "mode": "force-https" },
+    { "name": "windhaven.nl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "wsdezign.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "xicreative.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "wodice.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "wirkstoffreich.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "wy6.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "wynterhill.co.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "xboxlivegoldshop.nl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "xfive.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "xn--9pr52k0p5a.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "yclan.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "wsv-grafenau.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "yalook.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "yaucy.win", "include_subdomains": true, "mode": "force-https" },
+    { "name": "yard-fu.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "xn--80aaihqncaejjobbu6v.xn--p1ai", "include_subdomains": true, "mode": "force-https" },
+    { "name": "zachpeters.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "zaoshanghao-dajia.rhcloud.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "yourself.today", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ynsn.nl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "yoga.is-an-engineer.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "zeytin.pro", "include_subdomains": true, "mode": "force-https" },
+    { "name": "yutangyun.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "yikzu.cn", "include_subdomains": true, "mode": "force-https" },
+    { "name": "yzal.io", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ypcs.fi", "include_subdomains": true, "mode": "force-https" },
+    { "name": "zoommailing.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "zer0-day.pw", "include_subdomains": true, "mode": "force-https" },
+    { "name": "zombiesecured.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "zeroling.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "zbrane-doplnky.cz", "include_subdomains": true, "mode": "force-https" },
+    { "name": "zerolab.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "zettaplan.ru", "include_subdomains": true, "mode": "force-https" },
+    { "name": "zicklam.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ztcaoll222.cn", "include_subdomains": true, "mode": "force-https" },
+    { "name": "zundapp529.nl", "include_subdomains": true, "mode": "force-https" },
     // END OF BULK ADDITIONS
 
     // Manual additions in Chrome 51 or later that do not belong in a
@@ -11573,6 +12835,9 @@
     { "name": "spins.fedoraproject.org", "include_subdomains": true, "mode": "force-https" },
     { "name": "src.fedoraproject.org", "include_subdomains": true, "mode": "force-https" },
     { "name": "torrent.fedoraproject.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "wordpress.com", "include_subdomains": false, "mode": "force-https" },
+    { "name": "www.wordpress.com", "include_subdomains": false, "mode": "force-https" },
+    { "name": "rugk.dedyn.io", "include_subdomains": true, "mode": "force-https" },
     { "name": "login.gov", "include_subdomains": true, "mode": "force-https" },
     // END OF MANUAL ADDITIONS
 
diff --git a/chromium/net/http/transport_security_state_unittest.cc b/chromium/net/http/transport_security_state_unittest.cc
index 20726e41c07..9c2db43241d 100644
--- a/chromium/net/http/transport_security_state_unittest.cc
+++ b/chromium/net/http/transport_security_state_unittest.cc
@@ -16,6 +16,7 @@
 #include "base/strings/string_piece.h"
 #include "base/test/histogram_tester.h"
 #include "base/values.h"
+#include "crypto/openssl_util.h"
 #include "crypto/sha2.h"
 #include "net/base/host_port_pair.h"
 #include "net/base/net_errors.h"
@@ -34,12 +35,6 @@
 #include "net/test/cert_test_util.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
-#if defined(USE_OPENSSL)
-#include "crypto/openssl_util.h"
-#else
-#include "crypto/nss_util.h"
-#endif
-
 namespace net {
 
 namespace {
@@ -183,7 +178,7 @@ void CheckHPKPReport(
     const scoped_refptr<X509Certificate>& served_certificate_chain,
     const scoped_refptr<X509Certificate>& validated_certificate_chain,
     const HashValueVector& known_pins) {
-  scoped_ptr<base::Value> value(base::JSONReader::Read(report));
+  std::unique_ptr<base::Value> value(base::JSONReader::Read(report));
   ASSERT_TRUE(value);
   ASSERT_TRUE(value->IsType(base::Value::TYPE_DICTIONARY));
 
@@ -236,11 +231,7 @@ void CheckHPKPReport(
 class TransportSecurityStateTest : public testing::Test {
  public:
   void SetUp() override {
-#if defined(USE_OPENSSL)
     crypto::EnsureOpenSSLInit();
-#else
-    crypto::EnsureNSSInit();
-#endif
   }
 
   static void DisableStaticPins(TransportSecurityState* state) {
@@ -646,21 +637,21 @@ TEST_F(TransportSecurityStateTest, NewPinsOverride) {
 
   ASSERT_TRUE(state.GetDynamicPKPState("foo.example.com", &pkp_state));
   ASSERT_EQ(1u, pkp_state.spki_hashes.size());
-  EXPECT_TRUE(pkp_state.spki_hashes[0].Equals(hash1));
+  EXPECT_EQ(pkp_state.spki_hashes[0], hash1);
 
   state.AddHPKP("foo.example.com", expiry, false, HashValueVector(1, hash2),
                 report_uri);
 
   ASSERT_TRUE(state.GetDynamicPKPState("foo.example.com", &pkp_state));
   ASSERT_EQ(1u, pkp_state.spki_hashes.size());
-  EXPECT_TRUE(pkp_state.spki_hashes[0].Equals(hash2));
+  EXPECT_EQ(pkp_state.spki_hashes[0], hash2);
 
   state.AddHPKP("foo.example.com", expiry, false, HashValueVector(1, hash3),
                 report_uri);
 
   ASSERT_TRUE(state.GetDynamicPKPState("foo.example.com", &pkp_state));
   ASSERT_EQ(1u, pkp_state.spki_hashes.size());
-  EXPECT_TRUE(pkp_state.spki_hashes[0].Equals(hash3));
+  EXPECT_EQ(pkp_state.spki_hashes[0], hash3);
 }
 
 TEST_F(TransportSecurityStateTest, DeleteAllDynamicDataSince) {
diff --git a/chromium/net/http/url_security_manager.cc b/chromium/net/http/url_security_manager.cc
index 8565fac5b59..0d992919cac 100644
--- a/chromium/net/http/url_security_manager.cc
+++ b/chromium/net/http/url_security_manager.cc
@@ -28,12 +28,12 @@ bool URLSecurityManagerWhitelist::CanDelegate(const GURL& auth_origin) const {
 }
 
 void URLSecurityManagerWhitelist::SetDefaultWhitelist(
-    scoped_ptr<HttpAuthFilter> whitelist_default) {
+    std::unique_ptr<HttpAuthFilter> whitelist_default) {
   whitelist_default_ = std::move(whitelist_default);
 }
 
 void URLSecurityManagerWhitelist::SetDelegateWhitelist(
-    scoped_ptr<HttpAuthFilter> whitelist_delegate) {
+    std::unique_ptr<HttpAuthFilter> whitelist_delegate) {
   whitelist_delegate_ = std::move(whitelist_delegate);
 }
 
diff --git a/chromium/net/http/url_security_manager.h b/chromium/net/http/url_security_manager.h
index 694e606751d..218cccbfee8 100644
--- a/chromium/net/http/url_security_manager.h
+++ b/chromium/net/http/url_security_manager.h
@@ -5,8 +5,9 @@
 #ifndef NET_HTTP_URL_SECURITY_MANAGER_H_
 #define NET_HTTP_URL_SECURITY_MANAGER_H_
 
+#include <memory>
+
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 
 class GURL;
@@ -51,9 +52,9 @@ class NET_EXPORT_PRIVATE URLSecurityManager {
   virtual bool CanDelegate(const GURL& auth_origin) const = 0;
 
   virtual void SetDefaultWhitelist(
-      scoped_ptr<HttpAuthFilter> whitelist_default) = 0;
+      std::unique_ptr<HttpAuthFilter> whitelist_default) = 0;
   virtual void SetDelegateWhitelist(
-      scoped_ptr<HttpAuthFilter> whitelist_delegate) = 0;
+      std::unique_ptr<HttpAuthFilter> whitelist_delegate) = 0;
 
  private:
   DISALLOW_COPY_AND_ASSIGN(URLSecurityManager);
@@ -68,16 +69,16 @@ class URLSecurityManagerWhitelist : public URLSecurityManager {
   bool CanUseDefaultCredentials(const GURL& auth_origin) const override;
   bool CanDelegate(const GURL& auth_origin) const override;
   void SetDefaultWhitelist(
-      scoped_ptr<HttpAuthFilter> whitelist_default) override;
+      std::unique_ptr<HttpAuthFilter> whitelist_default) override;
   void SetDelegateWhitelist(
-      scoped_ptr<HttpAuthFilter> whitelist_delegate) override;
+      std::unique_ptr<HttpAuthFilter> whitelist_delegate) override;
 
  protected:
   bool HasDefaultWhitelist() const;
 
  private:
-  scoped_ptr<const HttpAuthFilter> whitelist_default_;
-  scoped_ptr<const HttpAuthFilter> whitelist_delegate_;
+  std::unique_ptr<const HttpAuthFilter> whitelist_default_;
+  std::unique_ptr<const HttpAuthFilter> whitelist_delegate_;
 
   DISALLOW_COPY_AND_ASSIGN(URLSecurityManagerWhitelist);
 };
diff --git a/chromium/net/http/url_security_manager_unittest.cc b/chromium/net/http/url_security_manager_unittest.cc
index 7120f54b146..ac0b87c156c 100644
--- a/chromium/net/http/url_security_manager_unittest.cc
+++ b/chromium/net/http/url_security_manager_unittest.cc
@@ -45,11 +45,11 @@ const TestData kTestDataList[] = {
 }  // namespace
 
 TEST(URLSecurityManager, UseDefaultCredentials) {
-  scoped_ptr<HttpAuthFilter> auth_filter(
+  std::unique_ptr<HttpAuthFilter> auth_filter(
       new HttpAuthFilterWhitelist(kTestAuthWhitelist));
   ASSERT_TRUE(auth_filter);
   // The URL security manager takes ownership of |auth_filter|.
-  scoped_ptr<URLSecurityManager> url_security_manager(
+  std::unique_ptr<URLSecurityManager> url_security_manager(
       URLSecurityManager::Create());
   url_security_manager->SetDefaultWhitelist(std::move(auth_filter));
   ASSERT_TRUE(url_security_manager.get());
@@ -65,11 +65,11 @@ TEST(URLSecurityManager, UseDefaultCredentials) {
 }
 
 TEST(URLSecurityManager, CanDelegate) {
-  scoped_ptr<HttpAuthFilter> auth_filter(
+  std::unique_ptr<HttpAuthFilter> auth_filter(
       new HttpAuthFilterWhitelist(kTestAuthWhitelist));
   ASSERT_TRUE(auth_filter);
   // The URL security manager takes ownership of |auth_filter|.
-  scoped_ptr<URLSecurityManager> url_security_manager(
+  std::unique_ptr<URLSecurityManager> url_security_manager(
       URLSecurityManager::Create());
   url_security_manager->SetDelegateWhitelist(std::move(auth_filter));
   ASSERT_TRUE(url_security_manager.get());
@@ -84,7 +84,7 @@ TEST(URLSecurityManager, CanDelegate) {
 
 TEST(URLSecurityManager, CanDelegate_NoWhitelist) {
   // Nothing can delegate in this case.
-  scoped_ptr<URLSecurityManager> url_security_manager(
+  std::unique_ptr<URLSecurityManager> url_security_manager(
       URLSecurityManager::Create());
   ASSERT_TRUE(url_security_manager.get());
 
diff --git a/chromium/net/log/net_log.cc b/chromium/net/log/net_log.cc
index a3fde008141..008b675d307 100644
--- a/chromium/net/log/net_log.cc
+++ b/chromium/net/log/net_log.cc
@@ -23,68 +23,74 @@ namespace {
 // the number of bytes transferred. If the capture mode allows logging byte
 // contents and |byte_count| > 0, then will include the actual bytes. The
 // bytes are hex-encoded, since base::StringValue only supports UTF-8.
-scoped_ptr<base::Value> BytesTransferredCallback(
+std::unique_ptr<base::Value> BytesTransferredCallback(
     int byte_count,
     const char* bytes,
     NetLogCaptureMode capture_mode) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetInteger("byte_count", byte_count);
   if (capture_mode.include_socket_bytes() && byte_count > 0)
     dict->SetString("hex_encoded_bytes", base::HexEncode(bytes, byte_count));
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> SourceEventParametersCallback(
+std::unique_ptr<base::Value> SourceEventParametersCallback(
     const NetLog::Source source,
     NetLogCaptureMode /* capture_mode */) {
   if (!source.IsValid())
-    return scoped_ptr<base::Value>();
-  scoped_ptr<base::DictionaryValue> event_params(new base::DictionaryValue());
+    return std::unique_ptr<base::Value>();
+  std::unique_ptr<base::DictionaryValue> event_params(
+      new base::DictionaryValue());
   source.AddToEventParameters(event_params.get());
   return std::move(event_params);
 }
 
-scoped_ptr<base::Value> NetLogBoolCallback(
+std::unique_ptr<base::Value> NetLogBoolCallback(
     const char* name,
     bool value,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> event_params(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> event_params(
+      new base::DictionaryValue());
   event_params->SetBoolean(name, value);
   return std::move(event_params);
 }
 
-scoped_ptr<base::Value> NetLogIntCallback(
+std::unique_ptr<base::Value> NetLogIntCallback(
     const char* name,
     int value,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> event_params(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> event_params(
+      new base::DictionaryValue());
   event_params->SetInteger(name, value);
   return std::move(event_params);
 }
 
-scoped_ptr<base::Value> NetLogInt64Callback(
+std::unique_ptr<base::Value> NetLogInt64Callback(
     const char* name,
     int64_t value,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> event_params(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> event_params(
+      new base::DictionaryValue());
   event_params->SetString(name, base::Int64ToString(value));
   return std::move(event_params);
 }
 
-scoped_ptr<base::Value> NetLogStringCallback(
+std::unique_ptr<base::Value> NetLogStringCallback(
     const char* name,
     const std::string* value,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> event_params(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> event_params(
+      new base::DictionaryValue());
   event_params->SetString(name, *value);
   return std::move(event_params);
 }
 
-scoped_ptr<base::Value> NetLogString16Callback(
+std::unique_ptr<base::Value> NetLogString16Callback(
     const char* name,
     const base::string16* value,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> event_params(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> event_params(
+      new base::DictionaryValue());
   event_params->SetString(name, *value);
   return std::move(event_params);
 }
@@ -105,7 +111,7 @@ bool NetLog::Source::IsValid() const {
 
 void NetLog::Source::AddToEventParameters(
     base::DictionaryValue* event_params) const {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetInteger("type", static_cast<int>(type));
   dict->SetInteger("id", static_cast<int>(id));
   event_params->Set("source_dependency", std::move(dict));
@@ -137,12 +143,14 @@ bool NetLog::Source::FromEventParameters(base::Value* event_params,
 }
 
 base::Value* NetLog::Entry::ToValue() const {
-  scoped_ptr<base::DictionaryValue> entry_dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> entry_dict(
+      new base::DictionaryValue());
 
   entry_dict->SetString("time", TickCountToString(data_->time));
 
   // Set the entry source.
-  scoped_ptr<base::DictionaryValue> source_dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> source_dict(
+      new base::DictionaryValue());
   source_dict->SetInteger("id", data_->source.id);
   source_dict->SetInteger("type", static_cast<int>(data_->source.type));
   entry_dict->Set("source", std::move(source_dict));
@@ -153,7 +161,7 @@ base::Value* NetLog::Entry::ToValue() const {
 
   // Set the event-specific parameters.
   if (data_->parameters_callback) {
-    scoped_ptr<base::Value> value(
+    std::unique_ptr<base::Value> value(
         data_->parameters_callback->Run(capture_mode_));
     if (value)
       entry_dict->Set("params", std::move(value));
@@ -162,7 +170,7 @@ base::Value* NetLog::Entry::ToValue() const {
   return entry_dict.release();
 }
 
-scoped_ptr<base::Value> NetLog::Entry::ParametersToValue() const {
+std::unique_ptr<base::Value> NetLog::Entry::ParametersToValue() const {
   if (data_->parameters_callback)
     return data_->parameters_callback->Run(capture_mode_);
   return nullptr;
@@ -298,7 +306,7 @@ const char* NetLog::EventTypeToString(EventType event) {
 
 // static
 base::Value* NetLog::GetEventTypesAsValue() {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   for (int i = 0; i < EVENT_COUNT; ++i) {
     dict->SetInteger(EventTypeToString(static_cast<EventType>(i)), i);
   }
@@ -321,7 +329,7 @@ const char* NetLog::SourceTypeToString(SourceType source) {
 
 // static
 base::Value* NetLog::GetSourceTypesAsValue() {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   for (int i = 0; i < SOURCE_COUNT; ++i) {
     dict->SetInteger(SourceTypeToString(static_cast<SourceType>(i)), i);
   }
diff --git a/chromium/net/log/net_log.h b/chromium/net/log/net_log.h
index 01b49b2a4ae..53de234e75a 100644
--- a/chromium/net/log/net_log.h
+++ b/chromium/net/log/net_log.h
@@ -7,19 +7,18 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 
-#include "build/build_config.h"
-
 #include "base/atomicops.h"
 #include "base/callback_forward.h"
 #include "base/compiler_specific.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/observer_list.h"
 #include "base/strings/string16.h"
 #include "base/synchronization/lock.h"
 #include "base/time/time.h"
+#include "build/build_config.h"
 #include "net/base/net_export.h"
 #include "net/log/net_log_capture_mode.h"
 
@@ -74,7 +73,7 @@ class NET_EXPORT NetLog {
   // associated with an event.  If called, it will be called synchronously,
   // so it need not have owning references.  May be called more than once, or
   // not at all.  May return NULL.
-  typedef base::Callback<scoped_ptr<base::Value>(NetLogCaptureMode)>
+  typedef base::Callback<std::unique_ptr<base::Value>(NetLogCaptureMode)>
       ParametersCallback;
 
   // Identifies the entity that generated this log. The |id| field should
@@ -139,7 +138,7 @@ class NET_EXPORT NetLog {
 
     // Returns the parameters as a Value.  Returns NULL if there are no
     // parameters.  Caller takes ownership of returned Value.
-    scoped_ptr<base::Value> ParametersToValue() const;
+    std::unique_ptr<base::Value> ParametersToValue() const;
 
    private:
     const EntryData* const data_;
diff --git a/chromium/net/log/net_log_event_type_list.h b/chromium/net/log/net_log_event_type_list.h
index bafcda7c837..6ff6461ffef 100644
--- a/chromium/net/log/net_log_event_type_list.h
+++ b/chromium/net/log/net_log_event_type_list.h
@@ -453,6 +453,14 @@ EVENT_TYPE(SOCKS_UNEXPECTED_AUTH)
 EVENT_TYPE(SOCKS_UNKNOWN_ADDRESS_TYPE)
 
 // The start/end of an SSL "connect" (aka client handshake).
+// The following parameters are attached to the END event:
+//
+//  {
+//    "version": <String name of the TLS version negotiated>,
+//    "cipher_suite": <Integer code for the cipher suite>,
+//    "is_resumed": <Whether we resumed a session>,
+//    "next_proto": <The next protocol negotiated via ALPN>,
+//  }
 EVENT_TYPE(SSL_CONNECT)
 
 // The start/end of an SSL server handshake (aka "accept").
@@ -1159,6 +1167,53 @@ EVENT_TYPE(HTTP_TRANSACTION_GET_TOKEN_BINDING_KEY)
 EVENT_TYPE(HTTP_TRANSACTION_RESTART_AFTER_ERROR)
 
 // ------------------------------------------------------------------------
+// BidirectionalStream
+// ------------------------------------------------------------------------
+
+// Marks the creation/destruction of a net::BidirectionalStream.
+// The following parameters are attached:
+//   {
+//      "url": <The URL being used>,
+//      "method": <The HTTP method being used>,
+//      "headers": <The list of header:value pairs>,
+//   }
+EVENT_TYPE(BIDIRECTIONAL_STREAM_ALIVE)
+
+// The specified number of bytes were sent on the stream.  Depending on the
+// source of the event, may be logged either once the data is sent, or when it
+// is queued to be sent.
+// The following parameters are attached:
+//   {
+//     "byte_count": <Number of bytes that were just sent>,
+//     "hex_encoded_bytes": <The exact bytes sent, as a hexadecimal string.
+//                           Only present when byte logging is enabled>,
+//   }
+EVENT_TYPE(BIDIRECTIONAL_STREAM_BYTES_SENT)
+
+// The specified number of bytes were received on the stream.
+// The following parameters are attached:
+//   {
+//     "byte_count": <Number of bytes that were just received>,
+//     "hex_encoded_bytes": <The exact bytes received, as a hexadecimal string.
+//                           Only present when byte logging is enabled>,
+//   }
+EVENT_TYPE(BIDIRECTIONAL_STREAM_BYTES_RECEIVED)
+
+// This event is sent for receiving headers on the stream.
+// The following parameters are attached:
+//   {
+//     "headers": <The list of header:value pairs>,
+//   }
+EVENT_TYPE(BIDIRECTIONAL_STREAM_RECV_HEADERS)
+
+// This event is sent for receiving trailers on the stream.
+// The following parameters are attached:
+//   {
+//     "headers": <The list of header:value pairs>,
+//   }
+EVENT_TYPE(BIDIRECTIONAL_STREAM_RECV_TRAILERS)
+
+// ------------------------------------------------------------------------
 // SpdySession
 // ------------------------------------------------------------------------
 
diff --git a/chromium/net/log/net_log_unittest.cc b/chromium/net/log/net_log_unittest.cc
index 1a16facf22f..95de6d0ba74 100644
--- a/chromium/net/log/net_log_unittest.cc
+++ b/chromium/net/log/net_log_unittest.cc
@@ -8,6 +8,7 @@
 
 #include "base/bind.h"
 #include "base/macros.h"
+#include "base/memory/ptr_util.h"
 #include "base/synchronization/waitable_event.h"
 #include "base/threading/simple_thread.h"
 #include "base/values.h"
@@ -38,13 +39,15 @@ int CaptureModeToInt(NetLogCaptureMode capture_mode) {
   return -1;
 }
 
-scoped_ptr<base::Value> CaptureModeToValue(NetLogCaptureMode capture_mode) {
-  return make_scoped_ptr(
+std::unique_ptr<base::Value> CaptureModeToValue(
+    NetLogCaptureMode capture_mode) {
+  return base::WrapUnique(
       new base::FundamentalValue(CaptureModeToInt(capture_mode)));
 }
 
-scoped_ptr<base::Value> NetCaptureModeCallback(NetLogCaptureMode capture_mode) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+std::unique_ptr<base::Value> NetCaptureModeCallback(
+    NetLogCaptureMode capture_mode) {
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->Set("capture_mode", CaptureModeToValue(capture_mode));
   return std::move(dict);
 }
@@ -130,8 +133,8 @@ class LoggingObserver : public NetLog::ThreadSafeObserver {
   }
 
   void OnAddEntry(const NetLog::Entry& entry) override {
-    scoped_ptr<base::DictionaryValue> dict =
-        base::DictionaryValue::From(make_scoped_ptr(entry.ToValue()));
+    std::unique_ptr<base::DictionaryValue> dict =
+        base::DictionaryValue::From(base::WrapUnique(entry.ToValue()));
     ASSERT_TRUE(dict);
     values_.push_back(std::move(dict));
   }
@@ -142,7 +145,7 @@ class LoggingObserver : public NetLog::ThreadSafeObserver {
   }
 
  private:
-  std::vector<scoped_ptr<base::DictionaryValue>> values_;
+  std::vector<std::unique_ptr<base::DictionaryValue>> values_;
 };
 
 void AddEvent(NetLog* net_log) {
diff --git a/chromium/net/log/net_log_util.cc b/chromium/net/log/net_log_util.cc
index a0884207408..15933e49180 100644
--- a/chromium/net/log/net_log_util.cc
+++ b/chromium/net/log/net_log_util.cc
@@ -129,15 +129,17 @@ bool RequestCreatedBefore(const URLRequest* request1,
 
 // Returns a Value representing the state of a pre-existing URLRequest when
 // net-internals was opened.
-scoped_ptr<base::Value> GetRequestStateAsValue(const net::URLRequest* request,
-                                               NetLogCaptureMode capture_mode) {
+std::unique_ptr<base::Value> GetRequestStateAsValue(
+    const net::URLRequest* request,
+    NetLogCaptureMode capture_mode) {
   return request->GetStateAsValue();
 }
 
 }  // namespace
 
-scoped_ptr<base::DictionaryValue> GetNetConstants() {
-  scoped_ptr<base::DictionaryValue> constants_dict(new base::DictionaryValue());
+std::unique_ptr<base::DictionaryValue> GetNetConstants() {
+  std::unique_ptr<base::DictionaryValue> constants_dict(
+      new base::DictionaryValue());
 
   // Version of the file format.
   constants_dict->SetInteger("logFormatVersion", kLogFormatVersion);
@@ -149,7 +151,7 @@ scoped_ptr<base::DictionaryValue> GetNetConstants() {
   // Add a dictionary with information about the relationship between CertStatus
   // flags and their symbolic names.
   {
-    scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+    std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
 
     for (size_t i = 0; i < arraysize(kCertStatusFlags); i++)
       dict->SetInteger(kCertStatusFlags[i].name, kCertStatusFlags[i].constant);
@@ -160,7 +162,7 @@ scoped_ptr<base::DictionaryValue> GetNetConstants() {
   // Add a dictionary with information about the relationship between load flag
   // enums and their symbolic names.
   {
-    scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+    std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
 
     for (size_t i = 0; i < arraysize(kLoadFlags); i++)
       dict->SetInteger(kLoadFlags[i].name, kLoadFlags[i].constant);
@@ -171,7 +173,7 @@ scoped_ptr<base::DictionaryValue> GetNetConstants() {
   // Add a dictionary with information about the relationship between load state
   // enums and their symbolic names.
   {
-    scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+    std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
 
     for (size_t i = 0; i < arraysize(kLoadStateTable); i++)
       dict->SetInteger(kLoadStateTable[i].name, kLoadStateTable[i].constant);
@@ -180,7 +182,7 @@ scoped_ptr<base::DictionaryValue> GetNetConstants() {
   }
 
   {
-    scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+    std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
 #define NET_INFO_SOURCE(label, string, value) \
   dict->SetInteger(string, NET_INFO_##label);
 #include "net/base/net_info_source_list.h"
@@ -191,7 +193,7 @@ scoped_ptr<base::DictionaryValue> GetNetConstants() {
   // Add information on the relationship between net error codes and their
   // symbolic names.
   {
-    scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+    std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
 
     for (size_t i = 0; i < arraysize(kNetErrors); i++)
       dict->SetInteger(ErrorToShortString(kNetErrors[i]), kNetErrors[i]);
@@ -202,7 +204,7 @@ scoped_ptr<base::DictionaryValue> GetNetConstants() {
   // Add information on the relationship between QUIC error codes and their
   // symbolic names.
   {
-    scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+    std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
 
     for (QuicErrorCode error = QUIC_NO_ERROR; error < QUIC_LAST_ERROR;
          error = static_cast<QuicErrorCode>(error + 1)) {
@@ -216,7 +218,7 @@ scoped_ptr<base::DictionaryValue> GetNetConstants() {
   // Add information on the relationship between QUIC RST_STREAM error codes
   // and their symbolic names.
   {
-    scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+    std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
 
     for (QuicRstStreamErrorCode error = QUIC_STREAM_NO_ERROR;
          error < QUIC_STREAM_LAST_ERROR;
@@ -231,7 +233,7 @@ scoped_ptr<base::DictionaryValue> GetNetConstants() {
   // Add information on the relationship between SDCH problem codes and their
   // symbolic names.
   {
-    scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+    std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
 
     for (size_t i = 0; i < arraysize(kSdchProblems); i++)
       dict->SetInteger(kSdchProblems[i].name, kSdchProblems[i].constant);
@@ -242,7 +244,7 @@ scoped_ptr<base::DictionaryValue> GetNetConstants() {
   // Information about the relationship between event phase enums and their
   // symbolic names.
   {
-    scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+    std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
 
     dict->SetInteger("PHASE_BEGIN", NetLog::PHASE_BEGIN);
     dict->SetInteger("PHASE_END", NetLog::PHASE_END);
@@ -263,7 +265,7 @@ scoped_ptr<base::DictionaryValue> GetNetConstants() {
   // Information about the relationship between address family enums and
   // their symbolic names.
   {
-    scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+    std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
 
     dict->SetInteger("ADDRESS_FAMILY_UNSPECIFIED", ADDRESS_FAMILY_UNSPECIFIED);
     dict->SetInteger("ADDRESS_FAMILY_IPV4", ADDRESS_FAMILY_IPV4);
@@ -315,20 +317,21 @@ scoped_ptr<base::DictionaryValue> GetNetConstants() {
   return constants_dict;
 }
 
-NET_EXPORT scoped_ptr<base::DictionaryValue> GetNetInfo(
+NET_EXPORT std::unique_ptr<base::DictionaryValue> GetNetInfo(
     URLRequestContext* context,
     int info_sources) {
   // May only be called on the context's thread.
   DCHECK(context->CalledOnValidThread());
 
-  scoped_ptr<base::DictionaryValue> net_info_dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> net_info_dict(
+      new base::DictionaryValue());
 
   // TODO(mmenke):  The code for most of these sources should probably be moved
   // into the sources themselves.
   if (info_sources & NET_INFO_PROXY_SETTINGS) {
     ProxyService* proxy_service = context->proxy_service();
 
-    scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+    std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
     if (proxy_service->fetched_config().is_valid())
       dict->Set("original", proxy_service->fetched_config().ToValue());
     if (proxy_service->config().is_valid())
@@ -349,7 +352,7 @@ NET_EXPORT scoped_ptr<base::DictionaryValue> GetNetInfo(
       const std::string& proxy_uri = it->first;
       const ProxyRetryInfo& retry_info = it->second;
 
-      scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+      std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
       dict->SetString("proxy_uri", proxy_uri);
       dict->SetString("bad_until",
                       NetLog::TickCountToString(retry_info.bad_until));
@@ -365,8 +368,9 @@ NET_EXPORT scoped_ptr<base::DictionaryValue> GetNetInfo(
     DCHECK(host_resolver);
     HostCache* cache = host_resolver->GetHostCache();
     if (cache) {
-      scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
-      scoped_ptr<base::Value> dns_config = host_resolver->GetDnsConfigAsValue();
+      std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+      std::unique_ptr<base::Value> dns_config =
+          host_resolver->GetDnsConfigAsValue();
       if (dns_config)
         dict->Set("dns_config", std::move(dns_config));
 
@@ -377,10 +381,9 @@ NET_EXPORT scoped_ptr<base::DictionaryValue> GetNetInfo(
 
       base::ListValue* entry_list = new base::ListValue();
 
-      HostCache::EntryMap::Iterator it(cache->entries());
-      for (; it.HasNext(); it.Advance()) {
-        const HostCache::Key& key = it.key();
-        const HostCache::Entry& entry = it.value();
+      for (const auto& pair : cache->entries()) {
+        const HostCache::Key& key = pair.first;
+        const HostCache::Entry& entry = pair.second;
 
         base::DictionaryValue* entry_dict = new base::DictionaryValue();
 
@@ -388,16 +391,16 @@ NET_EXPORT scoped_ptr<base::DictionaryValue> GetNetInfo(
         entry_dict->SetInteger("address_family",
                                static_cast<int>(key.address_family));
         entry_dict->SetString("expiration",
-                              NetLog::TickCountToString(it.expiration()));
+                              NetLog::TickCountToString(entry.expires()));
 
-        if (entry.error != OK) {
-          entry_dict->SetInteger("error", entry.error);
+        if (entry.error() != OK) {
+          entry_dict->SetInteger("error", entry.error());
         } else {
+          const AddressList& addresses = entry.addresses();
           // Append all of the resolved addresses.
           base::ListValue* address_list = new base::ListValue();
-          for (size_t i = 0; i < entry.addrlist.size(); ++i) {
-            address_list->AppendString(entry.addrlist[i].ToStringWithoutPort());
-          }
+          for (size_t i = 0; i < addresses.size(); ++i)
+            address_list->AppendString(addresses[i].ToStringWithoutPort());
           entry_dict->Set("addresses", address_list);
         }
 
@@ -499,7 +502,7 @@ NET_EXPORT scoped_ptr<base::DictionaryValue> GetNetInfo(
   }
 
   if (info_sources & NET_INFO_SDCH) {
-    scoped_ptr<base::Value> info_dict;
+    std::unique_ptr<base::Value> info_dict;
     SdchManager* sdch_manager = context->sdch_manager();
     if (sdch_manager) {
       info_dict = sdch_manager->SdchInfoToValue();
diff --git a/chromium/net/log/net_log_util.h b/chromium/net/log/net_log_util.h
index ae08f441fed..e6a65e44469 100644
--- a/chromium/net/log/net_log_util.h
+++ b/chromium/net/log/net_log_util.h
@@ -5,9 +5,9 @@
 #ifndef NET_LOG_NET_LOG_UTIL_H_
 #define NET_LOG_NET_LOG_UTIL_H_
 
+#include <memory>
 #include <set>
 
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 #include "net/log/net_log.h"
 
@@ -32,7 +32,7 @@ enum NetInfoSource {
 // Utility methods for creating NetLog dumps.
 
 // Create a dictionary containing a legend for net/ constants.
-NET_EXPORT scoped_ptr<base::DictionaryValue> GetNetConstants();
+NET_EXPORT std::unique_ptr<base::DictionaryValue> GetNetConstants();
 
 // Retrieves a dictionary containing information about the current state of
 // |context|.  |info_sources| is a set of NetInfoSources OR'd together,
@@ -40,7 +40,7 @@ NET_EXPORT scoped_ptr<base::DictionaryValue> GetNetConstants();
 // one top-level entry to the returned dictionary.
 //
 // May only be called on |context|'s thread.
-NET_EXPORT scoped_ptr<base::DictionaryValue> GetNetInfo(
+NET_EXPORT std::unique_ptr<base::DictionaryValue> GetNetInfo(
     URLRequestContext* context,
     int info_sources);
 
diff --git a/chromium/net/log/net_log_util_unittest.cc b/chromium/net/log/net_log_util_unittest.cc
index c4c04697ae9..f21be4d8fe1 100644
--- a/chromium/net/log/net_log_util_unittest.cc
+++ b/chromium/net/log/net_log_util_unittest.cc
@@ -4,11 +4,12 @@
 
 #include "net/log/net_log_util.h"
 
+#include <memory>
 #include <set>
 #include <vector>
 
 #include "base/files/file_path.h"
-#include "base/memory/scoped_ptr.h"
+#include "base/memory/ptr_util.h"
 #include "base/values.h"
 #include "net/base/net_errors.h"
 #include "net/base/test_completion_callback.h"
@@ -25,7 +26,7 @@ namespace {
 
 // Make sure GetNetConstants doesn't crash.
 TEST(NetLogUtil, GetNetConstants) {
-  scoped_ptr<base::Value> constants(GetNetConstants());
+  std::unique_ptr<base::Value> constants(GetNetConstants());
 }
 
 // Make sure GetNetInfo doesn't crash when called on contexts with and without
@@ -36,7 +37,7 @@ TEST(NetLogUtil, GetNetInfo) {
 
   // Get NetInfo when there's no cache backend (It's only created on first use).
   EXPECT_FALSE(http_cache->GetCurrentBackend());
-  scoped_ptr<base::DictionaryValue> net_info_without_cache(
+  std::unique_ptr<base::DictionaryValue> net_info_without_cache(
       GetNetInfo(&context, NET_INFO_ALL_SOURCES));
   EXPECT_FALSE(http_cache->GetCurrentBackend());
   EXPECT_GT(net_info_without_cache->size(), 0u);
@@ -46,7 +47,7 @@ TEST(NetLogUtil, GetNetInfo) {
   EXPECT_EQ(OK, context.http_transaction_factory()->GetCache()->GetBackend(
                     &backend, TestCompletionCallback().callback()));
   EXPECT_TRUE(http_cache->GetCurrentBackend());
-  scoped_ptr<base::DictionaryValue> net_info_with_cache(
+  std::unique_ptr<base::DictionaryValue> net_info_with_cache(
       GetNetInfo(&context, NET_INFO_ALL_SOURCES));
   EXPECT_GT(net_info_with_cache->size(), 0u);
 
@@ -64,7 +65,7 @@ TEST(NetLogUtil, CreateNetLogEntriesForActiveObjectsOneContext) {
   context.Init();
   TestDelegate delegate;
   for (size_t num_requests = 0; num_requests < 5; ++num_requests) {
-    std::vector<scoped_ptr<URLRequest>> requests;
+    std::vector<std::unique_ptr<URLRequest>> requests;
     for (size_t i = 0; i < num_requests; ++i) {
       requests.push_back(context.CreateRequest(GURL("about:life"),
                                                DEFAULT_PRIORITY, &delegate));
@@ -89,11 +90,11 @@ TEST(NetLogUtil, CreateNetLogEntriesForActiveObjectsMultipleContexts) {
   TestDelegate delegate;
   for (size_t num_requests = 0; num_requests < 5; ++num_requests) {
     NetLog net_log;
-    std::vector<scoped_ptr<TestURLRequestContext>> contexts;
-    std::vector<scoped_ptr<URLRequest>> requests;
+    std::vector<std::unique_ptr<TestURLRequestContext>> contexts;
+    std::vector<std::unique_ptr<URLRequest>> requests;
     std::set<URLRequestContext*> context_set;
     for (size_t i = 0; i < num_requests; ++i) {
-      contexts.push_back(make_scoped_ptr(new TestURLRequestContext(true)));
+      contexts.push_back(base::WrapUnique(new TestURLRequestContext(true)));
       contexts[i]->set_net_log(&net_log);
       contexts[i]->Init();
       context_set.insert(contexts[i].get());
diff --git a/chromium/net/log/test_net_log.cc b/chromium/net/log/test_net_log.cc
index c8d04cb71f1..3287cf0a9d4 100644
--- a/chromium/net/log/test_net_log.cc
+++ b/chromium/net/log/test_net_log.cc
@@ -50,7 +50,7 @@ class TestNetLog::Observer : public NetLog::ThreadSafeObserver {
   void OnAddEntry(const NetLog::Entry& entry) override {
     // Using Dictionaries instead of Values makes checking values a little
     // simpler.
-    scoped_ptr<base::DictionaryValue> param_dict =
+    std::unique_ptr<base::DictionaryValue> param_dict =
         base::DictionaryValue::From(entry.ParametersToValue());
 
     // Only need to acquire the lock when accessing class variables.
diff --git a/chromium/net/log/test_net_log.h b/chromium/net/log/test_net_log.h
index 3605a9c89e7..6190ab873c5 100644
--- a/chromium/net/log/test_net_log.h
+++ b/chromium/net/log/test_net_log.h
@@ -43,7 +43,7 @@ class TestNetLog : public NetLog {
   // The underlying observer class that does all the work.
   class Observer;
 
-  scoped_ptr<Observer> observer_;
+  std::unique_ptr<Observer> observer_;
 
   DISALLOW_COPY_AND_ASSIGN(TestNetLog);
 };
diff --git a/chromium/net/log/test_net_log_entry.cc b/chromium/net/log/test_net_log_entry.cc
index e9fd982217e..be226718272 100644
--- a/chromium/net/log/test_net_log_entry.cc
+++ b/chromium/net/log/test_net_log_entry.cc
@@ -16,7 +16,7 @@ TestNetLogEntry::TestNetLogEntry(NetLog::EventType type,
                                  const base::TimeTicks& time,
                                  NetLog::Source source,
                                  NetLog::EventPhase phase,
-                                 scoped_ptr<base::DictionaryValue> params)
+                                 std::unique_ptr<base::DictionaryValue> params)
     : type(type),
       time(time),
       source(source),
diff --git a/chromium/net/log/test_net_log_entry.h b/chromium/net/log/test_net_log_entry.h
index a13297a752c..0508ede818c 100644
--- a/chromium/net/log/test_net_log_entry.h
+++ b/chromium/net/log/test_net_log_entry.h
@@ -5,10 +5,10 @@
 #ifndef NET_LOG_TEST_NET_LOG_ENTRY_H_
 #define NET_LOG_TEST_NET_LOG_ENTRY_H_
 
+#include <memory>
 #include <string>
 #include <vector>
 
-#include "base/memory/scoped_ptr.h"
 #include "base/time/time.h"
 #include "net/log/net_log.h"
 
@@ -31,7 +31,7 @@ struct TestNetLogEntry {
                   const base::TimeTicks& time,
                   NetLog::Source source,
                   NetLog::EventPhase phase,
-                  scoped_ptr<base::DictionaryValue> params);
+                  std::unique_ptr<base::DictionaryValue> params);
   // Copy constructor needed to store in a std::vector because of the
   // scoped_ptr.
   TestNetLogEntry(const TestNetLogEntry& entry);
@@ -62,7 +62,7 @@ struct TestNetLogEntry {
   base::TimeTicks time;
   NetLog::Source source;
   NetLog::EventPhase phase;
-  scoped_ptr<base::DictionaryValue> params;
+  std::unique_ptr<base::DictionaryValue> params;
 };
 
 }  // namespace net
diff --git a/chromium/net/log/trace_net_log_observer.cc b/chromium/net/log/trace_net_log_observer.cc
index 6fe44a8ea2e..81d8d8aa027 100644
--- a/chromium/net/log/trace_net_log_observer.cc
+++ b/chromium/net/log/trace_net_log_observer.cc
@@ -5,12 +5,13 @@
 #include "net/log/trace_net_log_observer.h"
 
 #include <stdio.h>
+
+#include <memory>
 #include <string>
 #include <utility>
 
 #include "base/json/json_writer.h"
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/trace_event/trace_event.h"
 #include "base/values.h"
 #include "net/log/net_log.h"
@@ -24,7 +25,7 @@ const char kNetLogTracingCategory[] = "netlog";
 
 class TracedValue : public base::trace_event::ConvertableToTraceFormat {
  public:
-  explicit TracedValue(scoped_ptr<base::Value> value)
+  explicit TracedValue(std::unique_ptr<base::Value> value)
       : value_(std::move(value)) {}
 
  private:
@@ -41,7 +42,7 @@ class TracedValue : public base::trace_event::ConvertableToTraceFormat {
   }
 
  private:
-  scoped_ptr<base::Value> value_;
+  std::unique_ptr<base::Value> value_;
 };
 
 }  // namespace
@@ -55,14 +56,14 @@ TraceNetLogObserver::~TraceNetLogObserver() {
 }
 
 void TraceNetLogObserver::OnAddEntry(const NetLog::Entry& entry) {
-  scoped_ptr<base::Value> params(entry.ParametersToValue());
+  std::unique_ptr<base::Value> params(entry.ParametersToValue());
   switch (entry.phase()) {
     case NetLog::PHASE_BEGIN:
       TRACE_EVENT_NESTABLE_ASYNC_BEGIN2(
           kNetLogTracingCategory, NetLog::EventTypeToString(entry.type()),
           entry.source().id, "source_type",
           NetLog::SourceTypeToString(entry.source().type), "params",
-          scoped_ptr<base::trace_event::ConvertableToTraceFormat>(
+          std::unique_ptr<base::trace_event::ConvertableToTraceFormat>(
               new TracedValue(std::move(params))));
       break;
     case NetLog::PHASE_END:
@@ -70,7 +71,7 @@ void TraceNetLogObserver::OnAddEntry(const NetLog::Entry& entry) {
           kNetLogTracingCategory, NetLog::EventTypeToString(entry.type()),
           entry.source().id, "source_type",
           NetLog::SourceTypeToString(entry.source().type), "params",
-          scoped_ptr<base::trace_event::ConvertableToTraceFormat>(
+          std::unique_ptr<base::trace_event::ConvertableToTraceFormat>(
               new TracedValue(std::move(params))));
       break;
     case NetLog::PHASE_NONE:
@@ -78,7 +79,7 @@ void TraceNetLogObserver::OnAddEntry(const NetLog::Entry& entry) {
           kNetLogTracingCategory, NetLog::EventTypeToString(entry.type()),
           entry.source().id, "source_type",
           NetLog::SourceTypeToString(entry.source().type), "params",
-          scoped_ptr<base::trace_event::ConvertableToTraceFormat>(
+          std::unique_ptr<base::trace_event::ConvertableToTraceFormat>(
               new TracedValue(std::move(params))));
       break;
   }
diff --git a/chromium/net/log/trace_net_log_observer_unittest.cc b/chromium/net/log/trace_net_log_observer_unittest.cc
index a56ab4c17b4..5c63f41f769 100644
--- a/chromium/net/log/trace_net_log_observer_unittest.cc
+++ b/chromium/net/log/trace_net_log_observer_unittest.cc
@@ -4,6 +4,7 @@
 
 #include "net/log/trace_net_log_observer.h"
 
+#include <memory>
 #include <string>
 #include <vector>
 
@@ -11,7 +12,6 @@
 #include "base/logging.h"
 #include "base/memory/ref_counted.h"
 #include "base/memory/ref_counted_memory.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/run_loop.h"
 #include "base/strings/stringprintf.h"
 #include "base/trace_event/trace_buffer.h"
@@ -75,7 +75,7 @@ class TraceNetLogObserverTest : public testing::Test {
     trace_buffer_.AddFragment(events_str->data());
     trace_buffer_.Finish();
 
-    scoped_ptr<base::Value> trace_value;
+    std::unique_ptr<base::Value> trace_value;
     trace_value = base::JSONReader::Read(
         json_output_.json_output,
         base::JSON_PARSE_RFC | base::JSON_DETACHABLE_CHILDREN);
@@ -109,9 +109,10 @@ class TraceNetLogObserverTest : public testing::Test {
     trace_net_log_observer_.reset(trace_net_log_observer);
   }
 
-  static scoped_ptr<base::ListValue> FilterNetLogTraceEvents(
+  static std::unique_ptr<base::ListValue> FilterNetLogTraceEvents(
       const base::ListValue& trace_events) {
-    scoped_ptr<base::ListValue> filtered_trace_events(new base::ListValue());
+    std::unique_ptr<base::ListValue> filtered_trace_events(
+        new base::ListValue());
     for (size_t i = 0; i < trace_events.GetSize(); i++) {
       const base::DictionaryValue* dict = NULL;
       if (!trace_events.GetDictionary(i, &dict)) {
@@ -140,11 +141,11 @@ class TraceNetLogObserverTest : public testing::Test {
   }
 
  private:
-  scoped_ptr<base::ListValue> trace_events_;
+  std::unique_ptr<base::ListValue> trace_events_;
   base::trace_event::TraceResultBuffer trace_buffer_;
   base::trace_event::TraceResultBuffer::SimpleOutput json_output_;
   TestNetLog net_log_;
-  scoped_ptr<TraceNetLogObserver> trace_net_log_observer_;
+  std::unique_ptr<TraceNetLogObserver> trace_net_log_observer_;
 };
 
 TEST_F(TraceNetLogObserverTest, TracingNotEnabled) {
diff --git a/chromium/net/log/write_to_file_net_log_observer.cc b/chromium/net/log/write_to_file_net_log_observer.cc
index 3bc78141b38..f724da49efa 100644
--- a/chromium/net/log/write_to_file_net_log_observer.cc
+++ b/chromium/net/log/write_to_file_net_log_observer.cc
@@ -5,12 +5,13 @@
 #include "net/log/write_to_file_net_log_observer.h"
 
 #include <stdio.h>
+
+#include <memory>
 #include <set>
 #include <utility>
 
 #include "base/json/json_writer.h"
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/values.h"
 #include "net/log/net_log_util.h"
 #include "net/url_request/url_request_context.h"
@@ -90,7 +91,7 @@ void WriteToFileNetLogObserver::OnAddEntry(const NetLog::Entry& entry) {
   // Add a comma and newline for every event but the first.  Newlines are needed
   // so can load partial log files by just ignoring the last line.  For this to
   // work, lines cannot be pretty printed.
-  scoped_ptr<base::Value> value(entry.ToValue());
+  std::unique_ptr<base::Value> value(entry.ToValue());
   std::string json;
   base::JSONWriter::Write(*value, &json);
   fprintf(file_.get(), "%s%s", (added_events_ ? ",\n" : ""), json.c_str());
diff --git a/chromium/net/log/write_to_file_net_log_observer_unittest.cc b/chromium/net/log/write_to_file_net_log_observer_unittest.cc
index ddc8aa978db..c1ab52f36f3 100644
--- a/chromium/net/log/write_to_file_net_log_observer_unittest.cc
+++ b/chromium/net/log/write_to_file_net_log_observer_unittest.cc
@@ -4,6 +4,7 @@
 
 #include "net/log/write_to_file_net_log_observer.h"
 
+#include <memory>
 #include <utility>
 
 #include "base/files/file_path.h"
@@ -11,7 +12,6 @@
 #include "base/files/scoped_file.h"
 #include "base/files/scoped_temp_dir.h"
 #include "base/json/json_reader.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/values.h"
 #include "net/log/net_log.h"
 #include "net/log/net_log_util.h"
@@ -41,7 +41,8 @@ TEST_F(WriteToFileNetLogObserverTest, GeneratesValidJSONForNoEvents) {
   // Create and destroy a logger.
   base::ScopedFILE file(base::OpenFile(log_path_, "w"));
   ASSERT_TRUE(file);
-  scoped_ptr<WriteToFileNetLogObserver> logger(new WriteToFileNetLogObserver());
+  std::unique_ptr<WriteToFileNetLogObserver> logger(
+      new WriteToFileNetLogObserver());
   logger->StartObserving(&net_log_, std::move(file), nullptr, nullptr);
   logger->StopObserving(nullptr);
   logger.reset();
@@ -50,7 +51,7 @@ TEST_F(WriteToFileNetLogObserverTest, GeneratesValidJSONForNoEvents) {
   ASSERT_TRUE(base::ReadFileToString(log_path_, &input));
 
   base::JSONReader reader;
-  scoped_ptr<base::Value> root(reader.ReadToValue(input));
+  std::unique_ptr<base::Value> root(reader.ReadToValue(input));
   ASSERT_TRUE(root) << reader.GetErrorMessage();
 
   base::DictionaryValue* dict;
@@ -83,7 +84,8 @@ TEST_F(WriteToFileNetLogObserverTest, CaptureMode) {
 TEST_F(WriteToFileNetLogObserverTest, GeneratesValidJSONWithOneEvent) {
   base::ScopedFILE file(base::OpenFile(log_path_, "w"));
   ASSERT_TRUE(file);
-  scoped_ptr<WriteToFileNetLogObserver> logger(new WriteToFileNetLogObserver());
+  std::unique_ptr<WriteToFileNetLogObserver> logger(
+      new WriteToFileNetLogObserver());
   logger->StartObserving(&net_log_, std::move(file), nullptr, nullptr);
 
   const int kDummyId = 1;
@@ -100,7 +102,7 @@ TEST_F(WriteToFileNetLogObserverTest, GeneratesValidJSONWithOneEvent) {
   ASSERT_TRUE(base::ReadFileToString(log_path_, &input));
 
   base::JSONReader reader;
-  scoped_ptr<base::Value> root(reader.ReadToValue(input));
+  std::unique_ptr<base::Value> root(reader.ReadToValue(input));
   ASSERT_TRUE(root) << reader.GetErrorMessage();
 
   base::DictionaryValue* dict;
@@ -113,7 +115,8 @@ TEST_F(WriteToFileNetLogObserverTest, GeneratesValidJSONWithOneEvent) {
 TEST_F(WriteToFileNetLogObserverTest, GeneratesValidJSONWithMultipleEvents) {
   base::ScopedFILE file(base::OpenFile(log_path_, "w"));
   ASSERT_TRUE(file);
-  scoped_ptr<WriteToFileNetLogObserver> logger(new WriteToFileNetLogObserver());
+  std::unique_ptr<WriteToFileNetLogObserver> logger(
+      new WriteToFileNetLogObserver());
   logger->StartObserving(&net_log_, std::move(file), nullptr, nullptr);
 
   const int kDummyId = 1;
@@ -133,7 +136,7 @@ TEST_F(WriteToFileNetLogObserverTest, GeneratesValidJSONWithMultipleEvents) {
   ASSERT_TRUE(base::ReadFileToString(log_path_, &input));
 
   base::JSONReader reader;
-  scoped_ptr<base::Value> root(reader.ReadToValue(input));
+  std::unique_ptr<base::Value> root(reader.ReadToValue(input));
   ASSERT_TRUE(root) << reader.GetErrorMessage();
 
   base::DictionaryValue* dict;
@@ -145,10 +148,12 @@ TEST_F(WriteToFileNetLogObserverTest, GeneratesValidJSONWithMultipleEvents) {
 
 TEST_F(WriteToFileNetLogObserverTest, CustomConstants) {
   const char kConstantString[] = "awesome constant";
-  scoped_ptr<base::Value> constants(new base::StringValue(kConstantString));
+  std::unique_ptr<base::Value> constants(
+      new base::StringValue(kConstantString));
   base::ScopedFILE file(base::OpenFile(log_path_, "w"));
   ASSERT_TRUE(file);
-  scoped_ptr<WriteToFileNetLogObserver> logger(new WriteToFileNetLogObserver());
+  std::unique_ptr<WriteToFileNetLogObserver> logger(
+      new WriteToFileNetLogObserver());
   logger->StartObserving(&net_log_, std::move(file), constants.get(), nullptr);
   logger->StopObserving(nullptr);
   logger.reset();
@@ -157,7 +162,7 @@ TEST_F(WriteToFileNetLogObserverTest, CustomConstants) {
   ASSERT_TRUE(base::ReadFileToString(log_path_, &input));
 
   base::JSONReader reader;
-  scoped_ptr<base::Value> root(reader.ReadToValue(input));
+  std::unique_ptr<base::Value> root(reader.ReadToValue(input));
   ASSERT_TRUE(root) << reader.GetErrorMessage();
 
   base::DictionaryValue* dict;
@@ -176,7 +181,8 @@ TEST_F(WriteToFileNetLogObserverTest, GeneratesValidJSONWithContext) {
   // Create and destroy a logger.
   base::ScopedFILE file(base::OpenFile(log_path_, "w"));
   ASSERT_TRUE(file);
-  scoped_ptr<WriteToFileNetLogObserver> logger(new WriteToFileNetLogObserver());
+  std::unique_ptr<WriteToFileNetLogObserver> logger(
+      new WriteToFileNetLogObserver());
   logger->StartObserving(&net_log_, std::move(file), nullptr, &context);
   logger->StopObserving(&context);
   logger.reset();
@@ -185,7 +191,7 @@ TEST_F(WriteToFileNetLogObserverTest, GeneratesValidJSONWithContext) {
   ASSERT_TRUE(base::ReadFileToString(log_path_, &input));
 
   base::JSONReader reader;
-  scoped_ptr<base::Value> root(reader.ReadToValue(input));
+  std::unique_ptr<base::Value> root(reader.ReadToValue(input));
   ASSERT_TRUE(root) << reader.GetErrorMessage();
 
   base::DictionaryValue* dict;
@@ -208,14 +214,15 @@ TEST_F(WriteToFileNetLogObserverTest,
   TestDelegate delegate;
 
   // URL doesn't matter.  Requests can't fail synchronously.
-  scoped_ptr<URLRequest> request(
+  std::unique_ptr<URLRequest> request(
       context.CreateRequest(GURL("blah:blah"), IDLE, &delegate));
   request->Start();
 
   // Create and destroy a logger.
   base::ScopedFILE file(base::OpenFile(log_path_, "w"));
   ASSERT_TRUE(file);
-  scoped_ptr<WriteToFileNetLogObserver> logger(new WriteToFileNetLogObserver());
+  std::unique_ptr<WriteToFileNetLogObserver> logger(
+      new WriteToFileNetLogObserver());
   logger->StartObserving(&net_log_, std::move(file), nullptr, &context);
   logger->StopObserving(&context);
   logger.reset();
@@ -224,7 +231,7 @@ TEST_F(WriteToFileNetLogObserverTest,
   ASSERT_TRUE(base::ReadFileToString(log_path_, &input));
 
   base::JSONReader reader;
-  scoped_ptr<base::Value> root(reader.ReadToValue(input));
+  std::unique_ptr<base::Value> root(reader.ReadToValue(input));
   ASSERT_TRUE(root) << reader.GetErrorMessage();
 
   base::DictionaryValue* dict;
diff --git a/chromium/net/net.gyp b/chromium/net/net.gyp
index 8c51208c157..ea9f48873ef 100644
--- a/chromium/net/net.gyp
+++ b/chromium/net/net.gyp
@@ -106,20 +106,57 @@
       # GN version: //net
       'target_name': 'net',
       'dependencies': [
-        '../base/base.gyp:base_i18n',
-        '../third_party/brotli/brotli.gyp:brotli',
-        '../third_party/icu/icu.gyp:icui18n',
-        '../third_party/icu/icu.gyp:icuuc',
-        '../third_party/protobuf/protobuf.gyp:protobuf_lite',
         '../url/url.gyp:url_lib',
-        'net_quic_proto',
-      ],
-      'sources': [
-        'base/filename_util_icu.cc',
-        'base/net_string_util_icu.cc',
-        'filter/brotli_filter.cc',
       ],
       'includes': [ 'net_common.gypi' ],
+
+      'conditions': [
+        # ICU Alternatives
+        ['use_platform_icu_alternatives == 1', {
+          'conditions': [
+            ['OS == "android"', {
+              'sources': [
+                'base/net_string_util_icu_alternatives_android.cc',
+                'base/net_string_util_icu_alternatives_android.h',
+              ],
+            }],
+            ['OS == "ios"', {
+              'sources': [
+                'base/net_string_util_icu_alternatives_ios.mm',
+              ],
+            }],
+          ],
+        },
+        # 'use_platform_icu_alternatives != 1'
+        {
+          'sources': [
+            'base/filename_util_icu.cc',
+            'base/net_string_util_icu.cc',
+          ],
+          'dependencies': [
+            '../base/base.gyp:base_i18n',
+            '../third_party/icu/icu.gyp:icui18n',
+            '../third_party/icu/icu.gyp:icuuc',
+            '../third_party/protobuf/protobuf.gyp:protobuf_lite',
+            'net_quic_proto',
+          ],
+        }],
+        # Brotli support.
+        ['disable_brotli_filter == 1', {
+          'sources': [
+            'filter/brotli_filter_disabled.cc',
+          ],
+        },
+        # 'disable_brotli_filter != 1'
+        {
+          'sources': [
+            'filter/brotli_filter.cc',
+          ],
+          'dependencies': [
+            '../third_party/brotli/brotli.gyp:brotli',
+          ],
+        }],
+      ],
     },
     {
       # GN version: //net:net_unittests
@@ -133,7 +170,9 @@
         '../crypto/crypto.gyp:crypto_test_support',
         '../testing/gmock.gyp:gmock',
         '../testing/gtest.gyp:gtest',
+        '../third_party/boringssl/boringssl.gyp:boringssl',
         '../third_party/zlib/zlib.gyp:zlib',
+        '../url/url.gyp:url_url_features',
         '../url/url.gyp:url_lib',
         'balsa',
         'net',
@@ -169,10 +208,6 @@
           ],
         }],
         [ 'OS == "android"', {
-          'sources!': [
-            # See bug http://crbug.com/344533.
-            'disk_cache/blockfile/index_table_v3_unittest.cc',
-          ],
           'dependencies': [
             'net_javatests',
           ],
@@ -185,17 +220,11 @@
             'ssl/client_cert_store_nss_unittest.cc',
           ],
         }],
-        [ 'use_openssl == 1', {
-          # Avoid compiling/linking with the system library.
-          'dependencies': [
-            '../third_party/boringssl/boringssl.gyp:boringssl',
-          ],
-        }],
-        [ 'use_nss_verifier == 1', {
+        [ 'use_nss_certs == 1', {
           'conditions': [
             [ 'desktop_linux == 1 or chromeos == 1', {
               'dependencies': [
-                '../build/linux/system.gyp:ssl',
+                '../build/linux/system.gyp:nss',
               ],
             }, {  # desktop_linux == 0 and chromeos == 0
               'dependencies': [
@@ -220,18 +249,18 @@
             'http/mock_gssapi_library_posix.h',
           ],
         }],
-       [ 'use_kerberos==0', {
+        [ 'use_kerberos==0', {
           'sources!': [
             'http/http_auth_handler_negotiate_unittest.cc',
           ],
         }],
-        [ 'use_nss_verifier == 0', {
+        [ 'use_nss_certs == 0', {
           # Only include this test when using NSS for cert verification.
           'sources!': [
             'cert_net/nss_ocsp_unittest.cc',
           ],
         }],
-        [ 'use_nss_verifier == 0 and OS == "ios"', {
+        [ 'OS == "ios"', {
           # Only include these files on iOS when using NSS for cert 
           # verification.
           'sources!': [
@@ -239,24 +268,6 @@
            'cert/x509_util_ios.h',
           ],
         }],
-        [ 'use_nss_verifier == 1 and OS == "ios"', {
-          'sources!': [
-            'cert/cert_verify_proc_ios.cc',
-            'cert/cert_verify_proc_ios.h',
-            'cert/x509_certificate_openssl_ios.cc',
-          ],
-        }],
-        [ 'use_openssl==1', {
-            'sources!': [
-              'quic/test_tools/crypto_test_utils_nss.cc',
-            ],
-          }, {  # else !use_openssl: remove the unneeded files and pull in NSS.
-            'sources!': [
-              'quic/test_tools/crypto_test_utils_openssl.cc',
-              'ssl/ssl_client_session_cache_openssl_unittest.cc',
-            ],
-          },
-        ],
         [ 'use_openssl_certs == 0', {
             'sources!': [
               'ssl/openssl_client_key_store_unittest.cc',
@@ -360,16 +371,8 @@
                 'action_name': 'copy_test_data',
                 'variables': {
                   'test_data_files': [
-                    'data/certificate_policies_unittest/',
-                    'data/name_constraints_unittest/',
-                    'data/parse_certificate_unittest/',
-                    'data/parse_ocsp_unittest/',
-                    'data/ssl/certificates/',
-                    'data/test.html',
-                    'data/url_request_unittest/',
-                    'data/verify_certificate_chain_unittest/',
-                    'data/verify_name_match_unittest/names/',
-                    'data/verify_signed_data_unittest/',
+                    '<@(net_test_support_data_sources)',
+                    '<@(net_unittests_data_sources)',
                   ],
                   'test_data_prefix': 'net',
                 },
@@ -402,9 +405,6 @@
               # OS is not "linux" or "freebsd" or "openbsd".
               'socket/unix_domain_client_socket_posix_unittest.cc',
               'socket/unix_domain_server_socket_posix_unittest.cc',
-
-              # See bug http://crbug.com/344533.
-              'disk_cache/blockfile/index_table_v3_unittest.cc',
             ],
         }],
         ['OS == "android"', {
@@ -419,6 +419,39 @@
             '../gin/gin.gyp:gin',
           ]
         }],
+        # Unit tests that are not supported by the current ICU alternatives on Android.
+        ['OS == "android" and use_platform_icu_alternatives == 1', {
+          'sources!': [
+            'base/filename_util_unittest.cc',
+            'url_request/url_request_job_unittest.cc',
+          ],
+        }],
+        # Unit tests that are not supported by the current ICU alternatives on iOS.
+        ['OS == "ios" and use_platform_icu_alternatives == 1', {
+          'sources!': [
+            'base/filename_util_unittest.cc',
+            'base/url_util_unittest.cc',
+            'cert/x509_certificate_unittest.cc',
+            'socket/ssl_client_socket_pool_unittest.cc',
+            'http/http_auth_handler_basic_unittest.cc',
+            'http/http_auth_handler_digest_unittest.cc',
+            'http/http_auth_handler_factory_unittest.cc',
+            'http/http_auth_unittest.cc',
+            'http/http_content_disposition_unittest.cc',
+            'http/http_network_transaction_unittest.cc',
+            'http/http_proxy_client_socket_pool_unittest.cc',
+            'spdy/spdy_network_transaction_unittest.cc',
+            'spdy/spdy_proxy_client_socket_unittest.cc',
+            'url_request/url_request_job_unittest.cc',
+            'url_request/url_request_unittest.cc',
+          ],
+        }],
+        # Exclude brotli test if the support for brotli is disabled.
+        ['disable_brotli_filter == 1', {
+          'sources!': [
+            'filter/brotli_filter_unittest.cc',
+          ],
+        }],
       ],
       'target_conditions': [
         # These source files are excluded by default platform rules, but they
@@ -453,7 +486,7 @@
       'sources': [
         'base/mime_sniffer_perftest.cc',
         'cookies/cookie_monster_perftest.cc',
-        'disk_cache/blockfile/disk_cache_perftest.cc',
+        'disk_cache/disk_cache_perftest.cc',
         'extras/sqlite/sqlite_persistent_cookie_store_perftest.cc',
         'proxy/proxy_resolver_perftest.cc',
         'udp/udp_socket_perftest.cc',
@@ -578,10 +611,13 @@
         'test/embedded_test_server/request_handler_util.cc',
         'test/embedded_test_server/request_handler_util.h',
         'test/event_waiter.h',
+        'test/gtest_util.h',
         'test/net_test_suite.cc',
         'test/net_test_suite.h',
         'test/python_utils.cc',
         'test/python_utils.h',
+        'test/scoped_disable_exit_on_dfatal.cc',
+        'test/scoped_disable_exit_on_dfatal.h',
         'test/spawned_test_server/base_test_server.cc',
         'test/spawned_test_server/base_test_server.h',
         'test/spawned_test_server/local_test_server.cc',
@@ -594,6 +630,8 @@
         'test/url_request/ssl_certificate_error_job.h',
         'test/url_request/url_request_failed_job.cc',
         'test/url_request/url_request_failed_job.h',
+        'test/url_request/url_request_hanging_read_job.cc',
+        'test/url_request/url_request_hanging_read_job.h',
         'test/url_request/url_request_mock_data_job.cc',
         'test/url_request/url_request_mock_data_job.h',
         'test/url_request/url_request_slow_download_job.cc',
@@ -619,11 +657,11 @@
             'test/spawned_test_server/spawned_test_server.h',
           ],
         }],
-        ['use_nss_verifier == 1', {
+        ['use_nss_certs == 1', {
           'conditions': [
             [ 'desktop_linux == 1 or chromeos == 1', {
               'dependencies': [
-                '../build/linux/system.gyp:ssl',
+                '../build/linux/system.gyp:nss',
               ],
             }, {  # desktop_linux == 0 and chromeos == 0
               'dependencies': [
@@ -783,6 +821,8 @@
         'net_quic_proto',
       ],
       'sources': [
+        'tools/quic/chlo_extractor.cc',
+	'tools/quic/chlo_extractor.h',
         'tools/quic/quic_client_base.cc',
         'tools/quic/quic_client_base.h',
         'tools/quic/quic_client_session.cc',
@@ -842,7 +882,7 @@
             '../base/base.gyp:base',
             '../gin/gin.gyp:gin',
             '../url/url.gyp:url_lib',
-            '../v8/tools/gyp/v8.gyp:v8',
+            '../v8/src/v8.gyp:v8',
             'net'
           ],
           'defines': [
@@ -1105,6 +1145,30 @@
           ],
         },
         {
+          'target_name': 'quic_packet_printer',
+          'type': 'executable',
+          'dependencies': [
+            '../base/base.gyp:base',
+            'net',
+            'net_quic_proto',
+            'simple_quic_tools',
+          ],
+          'sources': [
+            'tools/quic/quic_packet_printer_bin.cc',
+          ],
+        },
+	{
+          'target_name': 'crypto_message_printer',
+          'type': 'executable',
+          'dependencies': [
+            '../base/base.gyp:base',
+            'net',
+          ],
+          'sources': [
+            'tools/quic/crypto_message_printer_bin.cc',
+          ],
+        },
+        {
           'target_name': 'quic_server',
           'type': 'executable',
           'dependencies': [
@@ -1261,6 +1325,8 @@
             'tools/quic/quic_client.h',
             'tools/quic/quic_default_packet_writer.cc',
             'tools/quic/quic_default_packet_writer.h',
+            'tools/quic/quic_epoll_alarm_factory.cc',
+            'tools/quic/quic_epoll_alarm_factory.h',
             'tools/quic/quic_epoll_clock.cc',
             'tools/quic/quic_epoll_clock.h',
             'tools/quic/quic_epoll_connection_helper.cc',
@@ -1306,29 +1372,6 @@
     }],
     ['OS=="android"', {
       'targets': [
-        { # The same target as 'net', but with smaller binary size due to
-          # exclusion of ICU, FTP, FILE and WebSockets support.
-          'target_name': 'net_small',
-          'variables': {
-            'disable_ftp_support': 1,
-            'disable_file_support': 1,
-            'enable_websockets': 0,
-          },
-          'dependencies': [
-            '../url/url.gyp:url_lib_use_icu_alternatives_on_android',
-          ],
-          'defines': [
-            'USE_ICU_ALTERNATIVES_ON_ANDROID=1',
-            'DISABLE_FILE_SUPPORT=1',
-            'DISABLE_FTP_SUPPORT=1',
-          ],
-          'sources': [
-            'filter/brotli_filter_disabled.cc',
-            'base/net_string_util_icu_alternatives_android.cc',
-            'base/net_string_util_icu_alternatives_android.h',
-          ],
-          'includes': [ 'net_common.gypi' ],
-        },
         {
           'target_name': 'net_jni_headers',
           'type': 'none',
@@ -1559,7 +1602,7 @@
           'conditions': [
             ['v8_use_external_startup_data==1', {
               'dependencies': [
-                '../v8/tools/gyp/v8.gyp:v8_external_snapshot',
+                '../v8/src/v8.gyp:v8_external_snapshot',
               ],
               'variables': {
                 'dest_path': '<(asset_location)',
@@ -1581,6 +1624,7 @@
             'isolate_file': 'net_unittests.isolate',
             'android_manifest_path': 'android/unittest_support/AndroidManifest.xml',
             'resource_dir': 'android/unittest_support/res',
+            'shard_timeout': 300,
             'conditions': [
               ['v8_use_external_startup_data==1', {
                 'asset_location': '<(PRODUCT_DIR)/net_unittests_apk/assets',
@@ -1657,7 +1701,7 @@
         },
       ],
     }],
-    ['OS == "linux"', {
+    ['OS == "linux" or OS == "mac"', {
       'targets': [
         {
           'target_name': 'cachetool',
diff --git a/chromium/net/net.gypi b/chromium/net/net.gypi
index 9e7161fc50f..00d864725bb 100644
--- a/chromium/net/net.gypi
+++ b/chromium/net/net.gypi
@@ -30,8 +30,6 @@
       'base/io_buffer.h',
       'base/ip_address.cc',
       'base/ip_address.h',
-      'base/ip_address_number.cc',
-      'base/ip_address_number.h',
       'base/ip_endpoint.cc',
       'base/ip_endpoint.h',
       'base/load_timing_info.cc',
@@ -62,8 +60,6 @@
       'base/registry_controlled_domains/registry_controlled_domain.h',
       'base/sockaddr_storage.cc',
       'base/sockaddr_storage.h',
-      'base/socket_performance_watcher.h',
-      'base/socket_performance_watcher_factory.h',
       'base/sys_addrinfo.h',
       'base/url_util.cc',
       'base/url_util.h',
@@ -85,7 +81,7 @@
       'cert/crl_set.h',
       'cert/ct_known_logs.cc',
       'cert/ct_known_logs.h',
-      'cert/ct_known_logs_static.h',
+      'cert/ct_known_logs_static-inc.h',
       'cert/ct_policy_enforcer.cc',
       'cert/ct_policy_enforcer.h',
       'cert/ct_policy_status.h',
@@ -102,8 +98,8 @@
       'cert/internal/parse_certificate.h',
       'cert/internal/parse_name.cc',
       'cert/internal/parse_name.h',
-      'cert/internal/parse_ocsp.h',
       'cert/internal/parse_ocsp.cc',
+      'cert/internal/parse_ocsp.h',
       'cert/internal/signature_algorithm.cc',
       'cert/internal/signature_algorithm.h',
       'cert/internal/signature_policy.cc',
@@ -181,10 +177,12 @@
       'socket/next_proto.cc',
       'socket/next_proto.h',
       'socket/socket.h',
+      'socket/socket_performance_watcher.h',
+      'socket/socket_performance_watcher_factory.h',
       'socket/ssl_client_socket.cc',
       'socket/ssl_client_socket.h',
-      'socket/ssl_client_socket_openssl.cc',
-      'socket/ssl_client_socket_openssl.h',
+      'socket/ssl_client_socket_impl.cc',
+      'socket/ssl_client_socket_impl.h',
       'socket/ssl_socket.h',
       'ssl/channel_id_service.cc',
       'ssl/channel_id_service.h',
@@ -207,8 +205,8 @@
       'ssl/ssl_client_auth_cache.cc',
       'ssl/ssl_client_auth_cache.h',
       'ssl/ssl_client_cert_type.h',
-      'ssl/ssl_client_session_cache_openssl.cc',
-      'ssl/ssl_client_session_cache_openssl.h',
+      'ssl/ssl_client_session_cache.cc',
+      'ssl/ssl_client_session_cache.h',
       'ssl/ssl_config.cc',
       'ssl/ssl_config.h',
       'ssl/ssl_config_service.cc',
@@ -219,202 +217,8 @@
       'ssl/ssl_private_key.h',
       'ssl/ssl_server_config.cc',
       'ssl/ssl_server_config.h',
+      'ssl/token_binding.cc',
       'ssl/token_binding.h',
-      'ssl/token_binding_openssl.cc',
-
-      # Most files in net/quic are in net_nacl_common_sources, except for the
-      # files that have dependency on SPDY (net/spdy) or NSS.
-      'quic/congestion_control/cubic.cc',
-      'quic/congestion_control/cubic.h',
-      'quic/congestion_control/cubic_bytes.cc',
-      'quic/congestion_control/cubic_bytes.h',
-      'quic/congestion_control/general_loss_algorithm.cc',
-      'quic/congestion_control/general_loss_algorithm.h',
-      'quic/congestion_control/hybrid_slow_start.cc',
-      'quic/congestion_control/hybrid_slow_start.h',
-      'quic/congestion_control/loss_detection_interface.cc',
-      'quic/congestion_control/loss_detection_interface.h',
-      'quic/congestion_control/pacing_sender.cc',
-      'quic/congestion_control/pacing_sender.h',
-      'quic/congestion_control/prr_sender.cc',
-      'quic/congestion_control/prr_sender.h',
-      'quic/congestion_control/rtt_stats.cc',
-      'quic/congestion_control/rtt_stats.h',
-      'quic/congestion_control/send_algorithm_interface.cc',
-      'quic/congestion_control/send_algorithm_interface.h',
-      'quic/congestion_control/tcp_cubic_sender_base.cc',
-      'quic/congestion_control/tcp_cubic_sender_base.h',
-      'quic/congestion_control/tcp_cubic_sender_bytes.cc',
-      'quic/congestion_control/tcp_cubic_sender_base.h',
-      'quic/congestion_control/tcp_cubic_sender_packets.cc',
-      'quic/congestion_control/tcp_cubic_sender_packets.h',
-      'quic/crypto/aead_base_decrypter.h',
-      'quic/crypto/aead_base_decrypter_openssl.cc',
-      'quic/crypto/aead_base_encrypter.h',
-      'quic/crypto/aead_base_encrypter_openssl.cc',
-      'quic/crypto/aes_128_gcm_12_decrypter.h',
-      'quic/crypto/aes_128_gcm_12_decrypter_openssl.cc',
-      'quic/crypto/aes_128_gcm_12_encrypter.h',
-      'quic/crypto/aes_128_gcm_12_encrypter_openssl.cc',
-      'quic/crypto/chacha20_poly1305_rfc7539_decrypter.h',
-      'quic/crypto/chacha20_poly1305_rfc7539_decrypter_openssl.cc',
-      'quic/crypto/chacha20_poly1305_rfc7539_encrypter.h',
-      'quic/crypto/chacha20_poly1305_rfc7539_encrypter_openssl.cc',
-      'quic/crypto/channel_id.cc',
-      'quic/crypto/channel_id.h',
-      'quic/crypto/channel_id_chromium.cc',
-      'quic/crypto/channel_id_chromium.h',
-      'quic/crypto/channel_id_openssl.cc',
-      'quic/crypto/common_cert_set.cc',
-      'quic/crypto/common_cert_set.h',
-      'quic/crypto/crypto_framer.cc',
-      'quic/crypto/crypto_framer.h',
-      'quic/crypto/crypto_handshake.cc',
-      'quic/crypto/crypto_handshake.h',
-      'quic/crypto/crypto_handshake_message.cc',
-      'quic/crypto/crypto_handshake_message.h',
-      'quic/crypto/crypto_protocol.h',
-      'quic/crypto/crypto_secret_boxer.cc',
-      'quic/crypto/crypto_secret_boxer.h',
-      'quic/crypto/crypto_server_config_protobuf.cc',
-      'quic/crypto/crypto_server_config_protobuf.h',
-      'quic/crypto/crypto_utils.cc',
-      'quic/crypto/crypto_utils.h',
-      'quic/crypto/curve25519_key_exchange.cc',
-      'quic/crypto/curve25519_key_exchange.h',
-      'quic/crypto/ephemeral_key_source.h',
-      'quic/crypto/key_exchange.h',
-      'quic/crypto/local_strike_register_client.cc',
-      'quic/crypto/local_strike_register_client.h',
-      'quic/crypto/null_decrypter.cc',
-      'quic/crypto/null_decrypter.h',
-      'quic/crypto/null_encrypter.cc',
-      'quic/crypto/null_encrypter.h',
-      'quic/crypto/p256_key_exchange.h',
-      'quic/crypto/p256_key_exchange_openssl.cc',
-      'quic/crypto/proof_source.cc',
-      'quic/crypto/proof_source.h',
-      'quic/crypto/proof_verifier.h',
-      'quic/crypto/proof_verifier_chromium.cc',
-      'quic/crypto/proof_verifier_chromium.h',
-      'quic/crypto/properties_based_quic_server_info.cc',
-      'quic/crypto/properties_based_quic_server_info.h',
-      'quic/crypto/quic_decrypter.cc',
-      'quic/crypto/quic_decrypter.h',
-      'quic/crypto/quic_encrypter.cc',
-      'quic/crypto/quic_encrypter.h',
-      'quic/crypto/quic_random.cc',
-      'quic/crypto/quic_random.h',
-      'quic/crypto/quic_server_info.cc',
-      'quic/crypto/quic_server_info.h',
-      'quic/crypto/scoped_evp_aead_ctx.cc',
-      'quic/crypto/scoped_evp_aead_ctx.h',
-      'quic/crypto/strike_register.cc',
-      'quic/crypto/strike_register.h',
-      'quic/crypto/strike_register_client.h',
-      'quic/interval.h',
-      'quic/interval_set.h',
-      'quic/iovector.cc',
-      'quic/iovector.h',
-      'quic/p2p/quic_p2p_crypto_config.cc',
-      'quic/p2p/quic_p2p_crypto_config.h',
-      'quic/p2p/quic_p2p_crypto_stream.cc',
-      'quic/p2p/quic_p2p_crypto_stream.h',
-      'quic/p2p/quic_p2p_session.cc',
-      'quic/p2p/quic_p2p_session.h',
-      'quic/p2p/quic_p2p_stream.cc',
-      'quic/p2p/quic_p2p_stream.h',
-      'quic/port_suggester.cc',
-      'quic/port_suggester.h',
-      'quic/quic_address_mismatch.cc',
-      'quic/quic_address_mismatch.h',
-      'quic/quic_alarm.cc',
-      'quic/quic_alarm.h',
-      'quic/quic_arena_scoped_ptr.h',
-      'quic/quic_bandwidth.cc',
-      'quic/quic_bandwidth.h',
-      'quic/quic_bug_tracker.h',
-      'quic/quic_blocked_writer_interface.h',
-      'quic/quic_clock.cc',
-      'quic/quic_clock.h',
-      'quic/quic_config.cc',
-      'quic/quic_config.h',
-      'quic/quic_connection.cc',
-      'quic/quic_connection.h',
-      'quic/quic_connection_logger.cc',
-      'quic/quic_connection_logger.h',
-      'quic/quic_connection_stats.cc',
-      'quic/quic_connection_stats.h',
-      'quic/quic_crypto_stream.cc',
-      'quic/quic_crypto_stream.h',
-      'quic/quic_chromium_connection_helper.cc',
-      'quic/quic_chromium_connection_helper.h',
-      'quic/quic_chromium_packet_reader.cc',
-      'quic/quic_chromium_packet_reader.h',
-      'quic/quic_chromium_packet_writer.cc',
-      'quic/quic_chromium_packet_writer.h',
-      'quic/quic_data_reader.cc',
-      'quic/quic_data_reader.h',
-      'quic/quic_data_writer.cc',
-      'quic/quic_data_writer.h',
-      'quic/quic_fec_group.cc',
-      'quic/quic_fec_group.h',
-      'quic/quic_fec_group_interface.cc',
-      'quic/quic_fec_group_interface.h',
-      'quic/quic_flags.cc',
-      'quic/quic_flags.h',
-      'quic/quic_flow_controller.cc',
-      'quic/quic_flow_controller.h',
-      'quic/quic_frame_list.cc',
-      'quic/quic_frame_list.h',
-      'quic/quic_framer.cc',
-      'quic/quic_framer.h',
-      'quic/quic_multipath_received_packet_manager.cc',
-      'quic/quic_multipath_received_packet_manager.h',
-      'quic/quic_multipath_transmissions_map.cc',
-      'quic/quic_multipath_transmissions_map.h',
-      'quic/quic_one_block_arena.h',
-      'quic/quic_packet_creator.cc',
-      'quic/quic_packet_creator.h',
-      'quic/quic_packet_generator.cc',
-      'quic/quic_packet_generator.h',
-      'quic/quic_packet_writer.h',
-      'quic/quic_protocol.cc',
-      'quic/quic_protocol.h',
-      'quic/quic_received_packet_manager.cc',
-      'quic/quic_received_packet_manager.h',
-      'quic/quic_sent_entropy_manager.cc',
-      'quic/quic_sent_entropy_manager.h',
-      'quic/quic_sent_packet_manager.cc',
-      'quic/quic_sent_packet_manager.h',
-      'quic/quic_server_id.cc',
-      'quic/quic_server_id.h',
-      'quic/quic_session.cc',
-      'quic/quic_session.h',
-      'quic/quic_simple_buffer_allocator.cc',
-      'quic/quic_simple_buffer_allocator.h',
-      'quic/quic_socket_address_coder.cc',
-      'quic/quic_socket_address_coder.h',
-      'quic/quic_stream_sequencer.cc',
-      'quic/quic_stream_sequencer.h',
-      'quic/quic_stream_sequencer_buffer.cc',
-      'quic/quic_stream_sequencer_buffer.h',
-      'quic/quic_stream_sequencer_buffer_interface.h',
-      'quic/quic_sustained_bandwidth_recorder.cc',
-      'quic/quic_sustained_bandwidth_recorder.h',
-      'quic/quic_time.cc',
-      'quic/quic_time.h',
-      'quic/quic_types.cc',
-      'quic/quic_types.h',
-      'quic/quic_unacked_packet_map.cc',
-      'quic/quic_unacked_packet_map.h',
-      'quic/quic_utils.cc',
-      'quic/quic_utils.h',
-      'quic/quic_utils_chromium.h',
-      'quic/quic_write_blocked_list.cc',
-      'quic/quic_write_blocked_list.h',
-      'quic/reliable_quic_stream.cc',
-      'quic/reliable_quic_stream.h',
     ],
     'net_non_nacl_sources': [
       'android/cert_verify_result_android.cc',
@@ -457,7 +261,6 @@
       'base/elements_upload_data_stream.cc',
       'base/elements_upload_data_stream.h',
       'base/expiring_cache.h',
-      'base/external_estimate_provider.h',
       'base/file_stream.cc',
       'base/file_stream.h',
       'base/file_stream_context.cc',
@@ -489,6 +292,8 @@
       'base/load_flags_list.h',
       'base/load_states.h',
       'base/load_states_list.h',
+      'base/logging_network_change_observer.cc',
+      'base/logging_network_change_observer.h',
       'base/mime_extension_chromeos.cc',
       'base/mime_extension_chromeos.h',
       'base/mime_sniffer.cc',
@@ -517,10 +322,6 @@
       'base/network_interfaces_linux.cc',
       'base/network_interfaces_mac.cc',
       'base/network_interfaces_win.cc',
-      'base/network_quality_estimator.cc',
-      'base/network_quality_estimator.h',
-      'base/nss_memio.c',
-      'base/nss_memio.h',
       'base/platform_mime_util.h',
       'base/platform_mime_util_linux.cc',
       'base/platform_mime_util_mac.mm',
@@ -588,24 +389,22 @@
       'cert/ct_log_response_parser.h',
       'cert/ct_log_verifier.cc',
       'cert/ct_log_verifier.h',
-      'cert/ct_log_verifier_nss.cc',
-      'cert/ct_log_verifier_openssl.cc',
       'cert/ct_log_verifier_util.cc',
       'cert/ct_log_verifier_util.h',
+      'cert/ct_objects_extractor.cc',
       'cert/ct_objects_extractor.h',
-      'cert/ct_objects_extractor_nss.cc',
-      'cert/ct_objects_extractor_openssl.cc',
       'cert/ct_serialization.cc',
       'cert/ct_serialization.h',
       'cert/ct_signed_certificate_timestamp_log_param.cc',
       'cert/ct_signed_certificate_timestamp_log_param.h',
       'cert/ev_root_ca_metadata.cc',
       'cert/ev_root_ca_metadata.h',
+      'cert/jwk_serializer.cc',
       'cert/jwk_serializer.h',
-      'cert/jwk_serializer_nss.cc',
-      'cert/jwk_serializer_openssl.cc',
       'cert/merkle_consistency_proof.cc',
       'cert/merkle_consistency_proof.h',
+      'cert/merkle_tree_leaf.cc',
+      'cert/merkle_tree_leaf.h',
       'cert/multi_log_ct_verifier.cc',
       'cert/multi_log_ct_verifier.h',
       'cert/multi_threaded_cert_verifier.cc',
@@ -616,7 +415,6 @@
       'cert/nss_cert_database_chromeos.h',
       'cert/nss_profile_filter_chromeos.cc',
       'cert/nss_profile_filter_chromeos.h',
-      'cert/scoped_nss_types.h',
       'cert/sct_status_flags.h',
       'cert/test_root_certs.cc',
       'cert/test_root_certs.h',
@@ -630,17 +428,13 @@
       'cert/x509_certificate_ios.cc',
       'cert/x509_certificate_mac.cc',
       'cert/x509_certificate_nss.cc',
-      'cert/x509_certificate_openssl_ios.cc',
       'cert/x509_certificate_win.cc',
       'cert/x509_util_android.cc',
       'cert/x509_util_android.h',
-      'cert/x509_util_ios.cc',
-      'cert/x509_util_ios.h',
       'cert/x509_util_mac.cc',
       'cert/x509_util_mac.h',
-      'cert/x509_util_nss.cc',
       'cert/x509_util_nss.h',
-      'cert/x509_util_nss_certs.cc',
+      'cert/x509_util_nss.cc',
       'cert_net/cert_net_fetcher_impl.cc',
       'cert_net/cert_net_fetcher_impl.h',
       'cookies/canonical_cookie.cc',
@@ -661,29 +455,18 @@
       'disk_cache/blockfile/addr.h',
       'disk_cache/blockfile/backend_impl.cc',
       'disk_cache/blockfile/backend_impl.h',
-      'disk_cache/blockfile/backend_impl_v3.cc',
-      'disk_cache/blockfile/backend_impl_v3.h',
-      'disk_cache/blockfile/backend_worker_v3.cc',
-      'disk_cache/blockfile/backend_worker_v3.h',
       'disk_cache/blockfile/bitmap.cc',
       'disk_cache/blockfile/bitmap.h',
-      'disk_cache/blockfile/block_bitmaps_v3.cc',
-      'disk_cache/blockfile/block_bitmaps_v3.h',
       'disk_cache/blockfile/block_files.cc',
       'disk_cache/blockfile/block_files.h',
       'disk_cache/blockfile/disk_format.cc',
       'disk_cache/blockfile/disk_format.h',
       'disk_cache/blockfile/disk_format_base.h',
-      'disk_cache/blockfile/disk_format_v3.h',
       'disk_cache/blockfile/entry_impl.cc',
       'disk_cache/blockfile/entry_impl.h',
-      'disk_cache/blockfile/entry_impl_v3.cc',
-      'disk_cache/blockfile/entry_impl_v3.h',
       'disk_cache/blockfile/errors.h',
       'disk_cache/blockfile/eviction.cc',
       'disk_cache/blockfile/eviction.h',
-      'disk_cache/blockfile/eviction_v3.cc',
-      'disk_cache/blockfile/eviction_v3.h',
       'disk_cache/blockfile/experiments.h',
       'disk_cache/blockfile/file.cc',
       'disk_cache/blockfile/file.h',
@@ -694,13 +477,10 @@
       'disk_cache/blockfile/file_posix.cc',
       'disk_cache/blockfile/file_win.cc',
       'disk_cache/blockfile/histogram_macros.h',
-      'disk_cache/blockfile/histogram_macros_v3.h',
       'disk_cache/blockfile/in_flight_backend_io.cc',
       'disk_cache/blockfile/in_flight_backend_io.h',
       'disk_cache/blockfile/in_flight_io.cc',
       'disk_cache/blockfile/in_flight_io.h',
-      'disk_cache/blockfile/index_table_v3.cc',
-      'disk_cache/blockfile/index_table_v3.h',
       'disk_cache/blockfile/mapped_file.cc',
       'disk_cache/blockfile/mapped_file.h',
       'disk_cache/blockfile/mapped_file_avoid_mmap_posix.cc',
@@ -940,6 +720,17 @@
       'http/url_security_manager.h',
       'http/url_security_manager_posix.cc',
       'http/url_security_manager_win.cc',
+      'nqe/cached_network_quality.cc',
+      'nqe/cached_network_quality.h',
+      'nqe/external_estimate_provider.h',
+      'nqe/network_quality.cc',
+      'nqe/network_quality.h',
+      'nqe/network_quality_estimator.cc',
+      'nqe/network_quality_estimator.h',
+      'nqe/network_quality_observation.h',
+      'nqe/network_quality_observation_source.h',
+      'nqe/observation_buffer.h',
+      'nqe/weighted_observation.h',
       'proxy/dhcp_proxy_script_adapter_fetcher_win.cc',
       'proxy/dhcp_proxy_script_adapter_fetcher_win.h',
       'proxy/dhcp_proxy_script_fetcher.cc',
@@ -1003,55 +794,239 @@
       'proxy/proxy_service.h',
       'quic/bidirectional_stream_quic_impl.cc',
       'quic/bidirectional_stream_quic_impl.h',
-      'quic/crypto/aead_base_decrypter_nss.cc',
-      'quic/crypto/aead_base_encrypter_nss.cc',
-      'quic/crypto/aes_128_gcm_12_decrypter_nss.cc',
-      'quic/crypto/aes_128_gcm_12_encrypter_nss.cc',
+      'quic/congestion_control/cubic.cc',
+      'quic/congestion_control/cubic.h',
+      'quic/congestion_control/cubic_bytes.cc',
+      'quic/congestion_control/cubic_bytes.h',
+      'quic/congestion_control/general_loss_algorithm.cc',
+      'quic/congestion_control/general_loss_algorithm.h',
+      'quic/congestion_control/hybrid_slow_start.cc',
+      'quic/congestion_control/hybrid_slow_start.h',
+      'quic/congestion_control/loss_detection_interface.h',
+      'quic/congestion_control/pacing_sender.cc',
+      'quic/congestion_control/pacing_sender.h',
+      'quic/congestion_control/prr_sender.cc',
+      'quic/congestion_control/prr_sender.h',
+      'quic/congestion_control/rtt_stats.cc',
+      'quic/congestion_control/rtt_stats.h',
+      'quic/congestion_control/send_algorithm_interface.cc',
+      'quic/congestion_control/send_algorithm_interface.h',
+      'quic/congestion_control/tcp_cubic_sender_base.cc',
+      'quic/congestion_control/tcp_cubic_sender_base.h',
+      'quic/congestion_control/tcp_cubic_sender_base.h',
+      'quic/congestion_control/tcp_cubic_sender_bytes.cc',
+      'quic/congestion_control/tcp_cubic_sender_packets.cc',
+      'quic/congestion_control/tcp_cubic_sender_packets.h',
+      'quic/crypto/aead_base_decrypter.cc',
+      'quic/crypto/aead_base_decrypter.h',
+      'quic/crypto/aead_base_encrypter.cc',
+      'quic/crypto/aead_base_encrypter.h',
+      'quic/crypto/aes_128_gcm_12_decrypter.cc',
+      'quic/crypto/aes_128_gcm_12_decrypter.h',
+      'quic/crypto/aes_128_gcm_12_encrypter.cc',
+      'quic/crypto/aes_128_gcm_12_encrypter.h',
       'quic/crypto/cert_compressor.cc',
       'quic/crypto/cert_compressor.h',
-      'quic/crypto/chacha20_poly1305_rfc7539_decrypter_nss.cc',
-      'quic/crypto/chacha20_poly1305_rfc7539_encrypter_nss.cc',
-      'quic/crypto/channel_id_nss.cc',
-      'quic/crypto/p256_key_exchange_nss.cc',
+      'quic/crypto/chacha20_poly1305_decrypter.cc',
+      'quic/crypto/chacha20_poly1305_decrypter.h',
+      'quic/crypto/chacha20_poly1305_encrypter.cc',
+      'quic/crypto/chacha20_poly1305_encrypter.h',
+      'quic/crypto/channel_id.cc',
+      'quic/crypto/channel_id.h',
+      'quic/crypto/channel_id_chromium.cc',
+      'quic/crypto/channel_id_chromium.h',
+      'quic/crypto/common_cert_set.cc',
+      'quic/crypto/common_cert_set.h',
+      'quic/crypto/crypto_framer.cc',
+      'quic/crypto/crypto_framer.h',
+      'quic/crypto/crypto_handshake.cc',
+      'quic/crypto/crypto_handshake.h',
+      'quic/crypto/crypto_handshake_message.cc',
+      'quic/crypto/crypto_handshake_message.h',
+      'quic/crypto/crypto_protocol.h',
+      'quic/crypto/crypto_secret_boxer.cc',
+      'quic/crypto/crypto_secret_boxer.h',
+      'quic/crypto/crypto_server_config_protobuf.cc',
+      'quic/crypto/crypto_server_config_protobuf.h',
+      'quic/crypto/crypto_utils.cc',
+      'quic/crypto/crypto_utils.h',
+      'quic/crypto/curve25519_key_exchange.cc',
+      'quic/crypto/curve25519_key_exchange.h',
+      'quic/crypto/ephemeral_key_source.h',
+      'quic/crypto/key_exchange.h',
+      'quic/crypto/local_strike_register_client.cc',
+      'quic/crypto/local_strike_register_client.h',
+      'quic/crypto/null_decrypter.cc',
+      'quic/crypto/null_decrypter.h',
+      'quic/crypto/null_encrypter.cc',
+      'quic/crypto/null_encrypter.h',
+      'quic/crypto/p256_key_exchange.cc',
+      'quic/crypto/p256_key_exchange.h',
+      'quic/crypto/proof_source.cc',
+      'quic/crypto/proof_source.h',
+      'quic/crypto/proof_source_chromium.cc',
       'quic/crypto/proof_source_chromium.h',
-      'quic/crypto/proof_source_chromium_nss.cc',
-      'quic/crypto/proof_source_chromium_openssl.cc',
+      'quic/crypto/proof_verifier.h',
+      'quic/crypto/proof_verifier_chromium.cc',
+      'quic/crypto/proof_verifier_chromium.h',
+      'quic/crypto/properties_based_quic_server_info.cc',
+      'quic/crypto/properties_based_quic_server_info.h',
       'quic/crypto/quic_compressed_certs_cache.cc',
       'quic/crypto/quic_compressed_certs_cache.h',
       'quic/crypto/quic_crypto_client_config.cc',
       'quic/crypto/quic_crypto_client_config.h',
       'quic/crypto/quic_crypto_server_config.cc',
       'quic/crypto/quic_crypto_server_config.h',
+      'quic/crypto/quic_decrypter.cc',
+      'quic/crypto/quic_decrypter.h',
+      'quic/crypto/quic_encrypter.cc',
+      'quic/crypto/quic_encrypter.h',
+      'quic/crypto/quic_random.cc',
+      'quic/crypto/quic_random.h',
+      'quic/crypto/quic_server_info.cc',
+      'quic/crypto/quic_server_info.h',
+      'quic/crypto/scoped_evp_aead_ctx.cc',
+      'quic/crypto/scoped_evp_aead_ctx.h',
+      'quic/crypto/strike_register.cc',
+      'quic/crypto/strike_register.h',
+      'quic/crypto/strike_register_client.h',
+      'quic/interval.h',
+      'quic/interval_set.h',
+      'quic/iovector.cc',
+      'quic/iovector.h',
       'quic/network_connection.cc',
       'quic/network_connection.h',
+      'quic/p2p/quic_p2p_crypto_config.cc',
+      'quic/p2p/quic_p2p_crypto_config.h',
+      'quic/p2p/quic_p2p_crypto_stream.cc',
+      'quic/p2p/quic_p2p_crypto_stream.h',
+      'quic/p2p/quic_p2p_session.cc',
+      'quic/p2p/quic_p2p_session.h',
+      'quic/p2p/quic_p2p_stream.cc',
+      'quic/p2p/quic_p2p_stream.h',
+      'quic/port_suggester.cc',
+      'quic/port_suggester.h',
+      'quic/quic_address_mismatch.cc',
+      'quic/quic_address_mismatch.h',
+      'quic/quic_alarm.cc',
+      'quic/quic_alarm.h',
+      'quic/quic_arena_scoped_ptr.h',
+      'quic/quic_bandwidth.cc',
+      'quic/quic_bandwidth.h',
+      'quic/quic_blocked_writer_interface.h',
+      'quic/quic_bug_tracker.h',
+      'quic/quic_chromium_alarm_factory.cc',
+      'quic/quic_chromium_alarm_factory.h',
       'quic/quic_chromium_client_session.cc',
       'quic/quic_chromium_client_session.h',
       'quic/quic_chromium_client_stream.cc',
       'quic/quic_chromium_client_stream.h',
-      'quic/quic_client_session_base.cc',
-      'quic/quic_client_session_base.h',
+      'quic/quic_chromium_connection_helper.cc',
+      'quic/quic_chromium_connection_helper.h',
+      'quic/quic_chromium_packet_reader.cc',
+      'quic/quic_chromium_packet_reader.h',
+      'quic/quic_chromium_packet_writer.cc',
+      'quic/quic_chromium_packet_writer.h',
       'quic/quic_client_promised_info.cc',
       'quic/quic_client_promised_info.h',
       'quic/quic_client_push_promise_index.cc',
       'quic/quic_client_push_promise_index.h',
+      'quic/quic_client_session_base.cc',
+      'quic/quic_client_session_base.h',
+      'quic/quic_clock.cc',
+      'quic/quic_clock.h',
+      'quic/quic_config.cc',
+      'quic/quic_config.h',
+      'quic/quic_connection.cc',
+      'quic/quic_connection.h',
+      'quic/quic_connection_logger.cc',
+      'quic/quic_connection_logger.h',
+      'quic/quic_connection_stats.cc',
+      'quic/quic_connection_stats.h',
       'quic/quic_crypto_client_stream.cc',
       'quic/quic_crypto_client_stream.h',
       'quic/quic_crypto_client_stream_factory.cc',
       'quic/quic_crypto_client_stream_factory.h',
       'quic/quic_crypto_server_stream.cc',
       'quic/quic_crypto_server_stream.h',
+      'quic/quic_crypto_stream.cc',
+      'quic/quic_crypto_stream.h',
+      'quic/quic_data_reader.cc',
+      'quic/quic_data_reader.h',
+      'quic/quic_data_writer.cc',
+      'quic/quic_data_writer.h',
+      'quic/quic_fec_group.cc',
+      'quic/quic_fec_group.h',
+      'quic/quic_fec_group_interface.cc',
+      'quic/quic_fec_group_interface.h',
+      'quic/quic_flags.cc',
+      'quic/quic_flags.h',
+      'quic/quic_flow_controller.cc',
+      'quic/quic_flow_controller.h',
+      'quic/quic_frame_list.cc',
+      'quic/quic_frame_list.h',
+      'quic/quic_framer.cc',
+      'quic/quic_framer.h',
+      'quic/quic_header_list.cc',
+      'quic/quic_header_list.h',
       'quic/quic_headers_stream.cc',
       'quic/quic_headers_stream.h',
       'quic/quic_http_stream.cc',
       'quic/quic_http_stream.h',
       'quic/quic_http_utils.cc',
       'quic/quic_http_utils.h',
+      'quic/quic_multipath_received_packet_manager.cc',
+      'quic/quic_multipath_received_packet_manager.h',
+      'quic/quic_multipath_transmissions_map.cc',
+      'quic/quic_multipath_transmissions_map.h',
+      'quic/quic_one_block_arena.h',
+      'quic/quic_packet_creator.cc',
+      'quic/quic_packet_creator.h',
+      'quic/quic_packet_generator.cc',
+      'quic/quic_packet_generator.h',
+      'quic/quic_packet_writer.h',
+      'quic/quic_protocol.cc',
+      'quic/quic_protocol.h',
+      'quic/quic_received_packet_manager.cc',
+      'quic/quic_received_packet_manager.h',
+      'quic/quic_sent_entropy_manager.cc',
+      'quic/quic_sent_entropy_manager.h',
+      'quic/quic_sent_packet_manager.cc',
+      'quic/quic_sent_packet_manager.h',
+      'quic/quic_server_id.cc',
+      'quic/quic_server_id.h',
+      'quic/quic_session.cc',
+      'quic/quic_session.h',
+      'quic/quic_simple_buffer_allocator.cc',
+      'quic/quic_simple_buffer_allocator.h',
+      'quic/quic_socket_address_coder.cc',
+      'quic/quic_socket_address_coder.h',
       'quic/quic_spdy_session.cc',
       'quic/quic_spdy_session.h',
       'quic/quic_spdy_stream.cc',
       'quic/quic_spdy_stream.h',
       'quic/quic_stream_factory.cc',
       'quic/quic_stream_factory.h',
+      'quic/quic_stream_sequencer.cc',
+      'quic/quic_stream_sequencer.h',
+      'quic/quic_stream_sequencer_buffer.cc',
+      'quic/quic_stream_sequencer_buffer.h',
+      'quic/quic_stream_sequencer_buffer_interface.h',
+      'quic/quic_sustained_bandwidth_recorder.cc',
+      'quic/quic_sustained_bandwidth_recorder.h',
+      'quic/quic_time.cc',
+      'quic/quic_time.h',
+      'quic/quic_types.cc',
+      'quic/quic_types.h',
+      'quic/quic_unacked_packet_map.cc',
+      'quic/quic_unacked_packet_map.h',
+      'quic/quic_utils.cc',
+      'quic/quic_utils.h',
+      'quic/quic_utils_chromium.h',
+      'quic/quic_write_blocked_list.cc',
+      'quic/quic_write_blocked_list.h',
+      'quic/reliable_quic_stream.cc',
+      'quic/reliable_quic_stream.h',
       'quic/spdy_utils.cc',
       'quic/spdy_utils.h',
       'sdch/sdch_owner.cc',
@@ -1066,8 +1041,6 @@
       'socket/client_socket_pool_manager.h',
       'socket/client_socket_pool_manager_impl.cc',
       'socket/client_socket_pool_manager_impl.h',
-      'socket/nss_ssl_util.cc',
-      'socket/nss_ssl_util.h',
       'socket/server_socket.cc',
       'socket/server_socket.h',
       'socket/socket_descriptor.cc',
@@ -1082,15 +1055,11 @@
       'socket/socks_client_socket.h',
       'socket/socks_client_socket_pool.cc',
       'socket/socks_client_socket_pool.h',
-      'socket/ssl_client_socket_nss.cc',
-      'socket/ssl_client_socket_nss.h',
       'socket/ssl_client_socket_pool.cc',
       'socket/ssl_client_socket_pool.h',
       'socket/ssl_server_socket.h',
-      'socket/ssl_server_socket_nss.cc',
-      'socket/ssl_server_socket_nss.h',
-      'socket/ssl_server_socket_openssl.cc',
-      'socket/ssl_server_socket_openssl.h',
+      'socket/ssl_server_socket_impl.cc',
+      'socket/ssl_server_socket_impl.h',
       'socket/stream_socket.cc',
       'socket/stream_socket.h',
       'socket/tcp_client_socket.cc',
@@ -1152,6 +1121,7 @@
       'spdy/spdy_buffer.h',
       'spdy/spdy_buffer_producer.cc',
       'spdy/spdy_buffer_producer.h',
+      'spdy/spdy_bug_tracker.h',
       'spdy/spdy_frame_builder.cc',
       'spdy/spdy_frame_builder.h',
       'spdy/spdy_frame_reader.cc',
@@ -1188,6 +1158,8 @@
       'spdy/spdy_write_queue.cc',
       'spdy/spdy_write_queue.h',
       'spdy/write_blocked_list.h',
+      'spdy/write_scheduler.h',
+      'spdy/write_scheduler.cc',
       'ssl/client_cert_store.h',
       'ssl/client_cert_store_mac.cc',
       'ssl/client_cert_store_mac.h',
@@ -1210,7 +1182,6 @@
       'ssl/test_ssl_private_key.h',
       'ssl/threaded_ssl_private_key.cc',
       'ssl/threaded_ssl_private_key.h',
-      'ssl/token_binding_nss.cc',
       'third_party/mozilla_security_manager/nsKeygenHandler.cpp',
       'third_party/mozilla_security_manager/nsKeygenHandler.h',
       'third_party/mozilla_security_manager/nsNSSCertificateDB.cpp',
@@ -1353,7 +1324,6 @@
       'base/host_mapping_rules_unittest.cc',
       'base/host_port_pair_unittest.cc',
       'base/int128_unittest.cc',
-      'base/ip_address_number_unittest.cc',
       'base/ip_address_unittest.cc',
       'base/ip_endpoint_unittest.cc',
       'base/ip_pattern_unittest.cc',
@@ -1366,7 +1336,6 @@
       'base/network_change_notifier_unittest.cc',
       'base/network_change_notifier_win_unittest.cc',
       'base/network_interfaces_unittest.cc',
-      'base/network_quality_estimator_unittest.cc',
       'base/parse_number_unittest.cc',
       'base/port_util_unittest.cc',
       'base/prioritized_dispatcher_unittest.cc',
@@ -1382,6 +1351,7 @@
       'base/upload_bytes_element_reader_unittest.cc',
       'base/upload_file_element_reader_unittest.cc',
       'base/url_util_unittest.cc',
+      'cert/ct_known_logs_unittest.cc',
       'cert/ct_policy_enforcer_unittest.cc',
       'cert/cert_verify_proc_unittest.cc',
       'cert/cert_verify_proc_whitelist_unittest.cc',
@@ -1406,6 +1376,7 @@
       'cert/internal/verify_name_match_unittest.cc',
       'cert/internal/verify_signed_data_unittest.cc',
       'cert/jwk_serializer_unittest.cc',
+      'cert/merkle_tree_leaf_unittest.cc',
       'cert/multi_log_ct_verifier_unittest.cc',
       'cert/multi_threaded_cert_verifier_unittest.cc',
       'cert/nss_cert_database_chromeos_unittest.cc',
@@ -1413,6 +1384,7 @@
       'cert/nss_profile_filter_chromeos_unittest.cc',
       'cert/pem_tokenizer_unittest.cc',
       'cert/signed_certificate_timestamp_unittest.cc',
+      'cert/sth_distributor_unittest.cc',
       'cert/test_root_certs_unittest.cc',
       'cert/x509_cert_types_unittest.cc',
       'cert/x509_certificate_unittest.cc',
@@ -1431,9 +1403,7 @@
       'disk_cache/backend_unittest.cc',
       'disk_cache/blockfile/addr_unittest.cc',
       'disk_cache/blockfile/bitmap_unittest.cc',
-      'disk_cache/blockfile/block_bitmaps_v3_unittest.cc',
       'disk_cache/blockfile/block_files_unittest.cc',
-      'disk_cache/blockfile/index_table_v3_unittest.cc',
       'disk_cache/blockfile/mapped_file_unittest.cc',
       'disk_cache/blockfile/stats_unittest.cc',
       'disk_cache/blockfile/storage_block_unittest.cc',
@@ -1543,6 +1513,8 @@
       'log/net_log_util_unittest.cc',
       'log/trace_net_log_observer_unittest.cc',
       'log/write_to_file_net_log_observer_unittest.cc',
+      'nqe/network_quality_estimator_unittest.cc',
+      'nqe/network_quality_observation_unittest.cc',
       'proxy/dhcp_proxy_script_adapter_fetcher_win_unittest.cc',
       'proxy/dhcp_proxy_script_fetcher_factory_unittest.cc',
       'proxy/dhcp_proxy_script_fetcher_win_unittest.cc',
@@ -1582,8 +1554,8 @@
       'quic/crypto/aes_128_gcm_12_decrypter_test.cc',
       'quic/crypto/aes_128_gcm_12_encrypter_test.cc',
       'quic/crypto/cert_compressor_test.cc',
-      'quic/crypto/chacha20_poly1305_rfc7539_decrypter_test.cc',
-      'quic/crypto/chacha20_poly1305_rfc7539_encrypter_test.cc',
+      'quic/crypto/chacha20_poly1305_decrypter_test.cc',
+      'quic/crypto/chacha20_poly1305_encrypter_test.cc',
       'quic/crypto/channel_id_test.cc',
       'quic/crypto/common_cert_set_test.cc',
       'quic/crypto/crypto_framer_test.cc',
@@ -1614,6 +1586,7 @@
       'quic/quic_alarm_test.cc',
       'quic/quic_arena_scoped_ptr_test.cc',
       'quic/quic_bandwidth_test.cc',
+      'quic/quic_chromium_alarm_factory_test.cc',
       'quic/quic_chromium_client_session_test.cc',
       'quic/quic_chromium_client_stream_test.cc',
       'quic/quic_chromium_connection_helper_test.cc',
@@ -1629,6 +1602,7 @@
       'quic/quic_fec_group_test.cc',
       'quic/quic_flow_controller_test.cc',
       'quic/quic_framer_test.cc',
+      'quic/quic_header_list_test.cc',
       'quic/quic_headers_stream_test.cc',
       'quic/quic_http_stream_test.cc',
       'quic/quic_http_utils_test.cc',
@@ -1661,8 +1635,6 @@
       'quic/test_tools/crypto_test_utils.cc',
       'quic/test_tools/crypto_test_utils.h',
       'quic/test_tools/crypto_test_utils_chromium.cc',
-      'quic/test_tools/crypto_test_utils_nss.cc',
-      'quic/test_tools/crypto_test_utils_openssl.cc',
       'quic/test_tools/delayed_verify_strike_register_client.cc',
       'quic/test_tools/delayed_verify_strike_register_client.h',
       'quic/test_tools/mock_clock.cc',
@@ -1685,6 +1657,8 @@
       'quic/test_tools/quic_config_peer.h',
       'quic/test_tools/quic_connection_peer.cc',
       'quic/test_tools/quic_connection_peer.h',
+      'quic/test_tools/quic_crypto_server_config_peer.cc',
+      'quic/test_tools/quic_crypto_server_config_peer.h',
       'quic/test_tools/quic_flow_controller_peer.cc',
       'quic/test_tools/quic_flow_controller_peer.h',
       'quic/test_tools/quic_framer_peer.cc',
@@ -1743,6 +1717,7 @@
       'socket/unix_domain_server_socket_posix_unittest.cc',
       'socket/websocket_endpoint_lock_manager_unittest.cc',
       'socket/websocket_transport_client_socket_pool_unittest.cc',
+      'spdy/bidirectional_stream_spdy_impl_unittest.cc',
       'spdy/buffered_spdy_framer_unittest.cc',
       'spdy/fuzzing/hpack_fuzz_util_test.cc',
       'spdy/hpack/hpack_decoder_test.cc',
@@ -1788,6 +1763,7 @@
       'spdy/spdy_test_utils.h',
       'spdy/spdy_write_queue_unittest.cc',
       'spdy/write_blocked_list_test.cc',
+      'spdy/write_scheduler_test.cc',
       'ssl/channel_id_service_unittest.cc',
       'ssl/client_cert_store_mac_unittest.cc',
       'ssl/client_cert_store_nss_unittest.cc',
@@ -1797,18 +1773,15 @@
       'ssl/openssl_client_key_store_unittest.cc',
       'ssl/ssl_cipher_suite_names_unittest.cc',
       'ssl/ssl_client_auth_cache_unittest.cc',
-      'ssl/ssl_client_session_cache_openssl_unittest.cc',
+      'ssl/ssl_client_session_cache_unittest.cc',
       'ssl/ssl_config_service_unittest.cc',
       'ssl/ssl_config_unittest.cc',
       'ssl/ssl_connection_status_flags_unittest.cc',
       'test/embedded_test_server/embedded_test_server_unittest.cc',
       'test/embedded_test_server/http_request_unittest.cc',
       'test/embedded_test_server/http_response_unittest.cc',
-      'test/gtest_util.h',
       'test/python_utils_unittest.cc',
       'test/run_all_unittests.cc',
-      'test/scoped_disable_exit_on_dfatal.cc',
-      'test/scoped_disable_exit_on_dfatal.h',
       'third_party/nist-pkits/pkits_testcases-inl.h',
       'tools/balsa/balsa_frame_test.cc',
       'tools/balsa/balsa_headers_test.cc',
@@ -1841,16 +1814,19 @@
     ],
     'net_linux_test_sources': [
       'quic/quic_end_to_end_unittest.cc',
+      'tools/quic/chlo_extractor_test.cc',
       'tools/quic/end_to_end_test.cc',
       'tools/quic/quic_client_session_test.cc',
       'tools/quic/quic_client_test.cc',
       'tools/quic/quic_dispatcher_test.cc',
+      'tools/quic/quic_epoll_alarm_factory_test.cc',
       'tools/quic/quic_epoll_clock_test.cc',
       'tools/quic/quic_epoll_connection_helper_test.cc',
       'tools/quic/quic_in_memory_cache_test.cc',
       'tools/quic/quic_server_session_base_test.cc',
       'tools/quic/quic_server_test.cc',
       'tools/quic/quic_simple_server_session_test.cc',
+      'tools/quic/quic_simple_server_stream_test.cc',
       'tools/quic/quic_simple_server_test.cc',
       'tools/quic/quic_spdy_client_stream_test.cc',
       'tools/quic/quic_time_wait_list_manager_test.cc',
@@ -2004,5 +1980,1125 @@
       "websockets/websocket_stream.cc",
       "websockets/websocket_stream.h",
     ],
+    # List of test data files for //net:test_support. Can be regenerated by
+    # running net/data/update_net_gypi.py.
+    'net_test_support_data_sources': [
+      'data/ssl/certificates/1024-rsa-ee-by-1024-rsa-intermediate.pem',
+      'data/ssl/certificates/1024-rsa-ee-by-2048-rsa-intermediate.pem',
+      'data/ssl/certificates/1024-rsa-ee-by-768-rsa-intermediate.pem',
+      'data/ssl/certificates/1024-rsa-ee-by-prime256v1-ecdsa-intermediate.pem',
+      'data/ssl/certificates/1024-rsa-intermediate.pem',
+      'data/ssl/certificates/10_year_validity.pem',
+      'data/ssl/certificates/11_year_validity.pem',
+      'data/ssl/certificates/2029_globalsign_com_cert.pem',
+      'data/ssl/certificates/2048-rsa-ee-by-1024-rsa-intermediate.pem',
+      'data/ssl/certificates/2048-rsa-ee-by-2048-rsa-intermediate.pem',
+      'data/ssl/certificates/2048-rsa-ee-by-768-rsa-intermediate.pem',
+      'data/ssl/certificates/2048-rsa-ee-by-prime256v1-ecdsa-intermediate.pem',
+      'data/ssl/certificates/2048-rsa-intermediate.pem',
+      'data/ssl/certificates/2048-rsa-root.pem',
+      'data/ssl/certificates/39_months_after_2015_04.pem',
+      'data/ssl/certificates/40_months_after_2015_04.pem',
+      'data/ssl/certificates/60_months_after_2012_07.pem',
+      'data/ssl/certificates/61_months_after_2012_07.pem',
+      'data/ssl/certificates/768-rsa-ee-by-1024-rsa-intermediate.pem',
+      'data/ssl/certificates/768-rsa-ee-by-2048-rsa-intermediate.pem',
+      'data/ssl/certificates/768-rsa-ee-by-768-rsa-intermediate.pem',
+      'data/ssl/certificates/768-rsa-ee-by-prime256v1-ecdsa-intermediate.pem',
+      'data/ssl/certificates/768-rsa-intermediate.pem',
+      'data/ssl/certificates/aia-cert.pem',
+      'data/ssl/certificates/aia-intermediate.der',
+      'data/ssl/certificates/aia-root.pem',
+      'data/ssl/certificates/android-test-key-dsa-public.pem',
+      'data/ssl/certificates/android-test-key-dsa.pem',
+      'data/ssl/certificates/android-test-key-ecdsa-public.pem',
+      'data/ssl/certificates/android-test-key-ecdsa.pem',
+      'data/ssl/certificates/android-test-key-rsa.pem',
+      'data/ssl/certificates/bad_validity.pem',
+      'data/ssl/certificates/client-nokey.p12',
+      'data/ssl/certificates/client.p12',
+      'data/ssl/certificates/client_1.key',
+      'data/ssl/certificates/client_1.pem',
+      'data/ssl/certificates/client_1.pk8',
+      'data/ssl/certificates/client_1_ca.pem',
+      'data/ssl/certificates/client_2.key',
+      'data/ssl/certificates/client_2.pem',
+      'data/ssl/certificates/client_2.pk8',
+      'data/ssl/certificates/client_2_ca.pem',
+      'data/ssl/certificates/client_3.key',
+      'data/ssl/certificates/client_3.pem',
+      'data/ssl/certificates/client_3.pk8',
+      'data/ssl/certificates/client_3_ca.pem',
+      'data/ssl/certificates/comodo.chain.pem',
+      'data/ssl/certificates/crit-codeSigning-chain.pem',
+      'data/ssl/certificates/crlset_by_intermediate_serial.raw',
+      'data/ssl/certificates/crlset_by_leaf_spki.raw',
+      'data/ssl/certificates/crlset_by_root_serial.raw',
+      'data/ssl/certificates/cross-signed-leaf.pem',
+      'data/ssl/certificates/cross-signed-root-md5.pem',
+      'data/ssl/certificates/cross-signed-root-sha256.pem',
+      'data/ssl/certificates/ct-test-embedded-cert.pem',
+      'data/ssl/certificates/ct-test-embedded-with-intermediate-chain.pem',
+      'data/ssl/certificates/ct-test-embedded-with-intermediate-preca-chain.pem',
+      'data/ssl/certificates/ct-test-embedded-with-preca-chain.pem',
+      'data/ssl/certificates/diginotar_cyber_ca.pem',
+      'data/ssl/certificates/diginotar_pkioverheid.pem',
+      'data/ssl/certificates/diginotar_pkioverheid_g2.pem',
+      'data/ssl/certificates/diginotar_public_ca_2025.pem',
+      'data/ssl/certificates/diginotar_root_ca.pem',
+      'data/ssl/certificates/diginotar_services_1024_ca.pem',
+      'data/ssl/certificates/dod_ca_13_cert.der',
+      'data/ssl/certificates/dod_ca_17_cert.der',
+      'data/ssl/certificates/dod_root_ca_2_cert.der',
+      'data/ssl/certificates/duplicate_cn_1.p12',
+      'data/ssl/certificates/duplicate_cn_1.pem',
+      'data/ssl/certificates/duplicate_cn_2.p12',
+      'data/ssl/certificates/duplicate_cn_2.pem',
+      'data/ssl/certificates/eku-test-root.pem',
+      'data/ssl/certificates/empty_subject_cert.der',
+      'data/ssl/certificates/expired_cert.pem',
+      'data/ssl/certificates/explicit-policy-chain.pem',
+      'data/ssl/certificates/foaf.me.chromium-test-cert.der',
+      'data/ssl/certificates/google.binary.p7b',
+      'data/ssl/certificates/google.chain.pem',
+      'data/ssl/certificates/google.pem_cert.p7b',
+      'data/ssl/certificates/google.pem_pkcs7.p7b',
+      'data/ssl/certificates/google.single.der',
+      'data/ssl/certificates/google.single.pem',
+      'data/ssl/certificates/google_diginotar.pem',
+      'data/ssl/certificates/googlenew.chain.pem',
+      'data/ssl/certificates/invalid_key_usage_cert.der',
+      'data/ssl/certificates/large_key.pem',
+      'data/ssl/certificates/localhost_cert.pem',
+      'data/ssl/certificates/mit.davidben.der',
+      'data/ssl/certificates/multi-root-A-by-B.pem',
+      'data/ssl/certificates/multi-root-B-by-C.pem',
+      'data/ssl/certificates/multi-root-B-by-F.pem',
+      'data/ssl/certificates/multi-root-C-by-D.pem',
+      'data/ssl/certificates/multi-root-C-by-E.pem',
+      'data/ssl/certificates/multi-root-D-by-D.pem',
+      'data/ssl/certificates/multi-root-E-by-E.pem',
+      'data/ssl/certificates/multi-root-F-by-E.pem',
+      'data/ssl/certificates/multi-root-chain1.pem',
+      'data/ssl/certificates/multi-root-chain2.pem',
+      'data/ssl/certificates/multi-root-crlset-C.raw',
+      'data/ssl/certificates/multi-root-crlset-CD-and-FE.raw',
+      'data/ssl/certificates/multi-root-crlset-D-and-E.raw',
+      'data/ssl/certificates/multi-root-crlset-E.raw',
+      'data/ssl/certificates/multi-root-crlset-unrelated.raw',
+      'data/ssl/certificates/multivalue_rdn.pem',
+      'data/ssl/certificates/name_constraint_bad.pem',
+      'data/ssl/certificates/name_constraint_good.pem',
+      'data/ssl/certificates/ndn.ca.crt',
+      'data/ssl/certificates/nist.der',
+      'data/ssl/certificates/no_subject_common_name_cert.pem',
+      'data/ssl/certificates/non-crit-codeSigning-chain.pem',
+      'data/ssl/certificates/ocsp-test-root.pem',
+      'data/ssl/certificates/ok_cert.pem',
+      'data/ssl/certificates/pre_br_validity_bad_121.pem',
+      'data/ssl/certificates/pre_br_validity_bad_2020.pem',
+      'data/ssl/certificates/pre_br_validity_ok.pem',
+      'data/ssl/certificates/prime256v1-ecdsa-ee-by-1024-rsa-intermediate.pem',
+      'data/ssl/certificates/prime256v1-ecdsa-ee-by-2048-rsa-intermediate.pem',
+      'data/ssl/certificates/prime256v1-ecdsa-ee-by-768-rsa-intermediate.pem',
+      'data/ssl/certificates/prime256v1-ecdsa-ee-by-prime256v1-ecdsa-intermediate.pem',
+      'data/ssl/certificates/prime256v1-ecdsa-intermediate.pem',
+      'data/ssl/certificates/punycodetest.pem',
+      'data/ssl/certificates/quic_chain.crt',
+      'data/ssl/certificates/quic_intermediate.crt',
+      'data/ssl/certificates/quic_intermediate.key',
+      'data/ssl/certificates/quic_root.crt',
+      'data/ssl/certificates/quic_root.key',
+      'data/ssl/certificates/quic_test.example.com.crt',
+      'data/ssl/certificates/quic_test.example.com.key',
+      'data/ssl/certificates/quic_test.example.com.key.pkcs8',
+      'data/ssl/certificates/quic_test.example.com.key.sct',
+      'data/ssl/certificates/quic_test_ecc.example.com.crt',
+      'data/ssl/certificates/quic_test_ecc.example.com.key',
+      'data/ssl/certificates/redundant-server-chain.pem',
+      'data/ssl/certificates/redundant-validated-chain-root.pem',
+      'data/ssl/certificates/redundant-validated-chain.pem',
+      'data/ssl/certificates/reject_intranet_hosts.pem',
+      'data/ssl/certificates/root_ca_cert.pem',
+      'data/ssl/certificates/salesforce_com_test.pem',
+      'data/ssl/certificates/sha1_2016.pem',
+      'data/ssl/certificates/sha1_dec_2015.pem',
+      'data/ssl/certificates/sha1_jan_2016.pem',
+      'data/ssl/certificates/spdy_pooling.pem',
+      'data/ssl/certificates/start_after_expiry.pem',
+      'data/ssl/certificates/subjectAltName_sanity_check.pem',
+      'data/ssl/certificates/test_mail_google_com.pem',
+      'data/ssl/certificates/thawte.single.pem',
+      'data/ssl/certificates/twitter-chain.pem',
+      'data/ssl/certificates/unescaped.pem',
+      'data/ssl/certificates/unittest.key.bin',
+      'data/ssl/certificates/unittest.originbound.der',
+      'data/ssl/certificates/unittest.originbound.key.der',
+      'data/ssl/certificates/unittest.selfsigned.der',
+      'data/ssl/certificates/verisign_intermediate_ca_2011.pem',
+      'data/ssl/certificates/verisign_intermediate_ca_2016.pem',
+      'data/ssl/certificates/weak_digest_md2_ee.pem',
+      'data/ssl/certificates/weak_digest_md2_intermediate.pem',
+      'data/ssl/certificates/weak_digest_md2_root.pem',
+      'data/ssl/certificates/weak_digest_md4_ee.pem',
+      'data/ssl/certificates/weak_digest_md4_intermediate.pem',
+      'data/ssl/certificates/weak_digest_md4_root.pem',
+      'data/ssl/certificates/weak_digest_md5_ee.pem',
+      'data/ssl/certificates/weak_digest_md5_intermediate.pem',
+      'data/ssl/certificates/weak_digest_md5_root.pem',
+      'data/ssl/certificates/weak_digest_sha1_ee.pem',
+      'data/ssl/certificates/weak_digest_sha1_intermediate.pem',
+      'data/ssl/certificates/weak_digest_sha1_root.pem',
+      'data/ssl/certificates/websocket_cacert.pem',
+      'data/ssl/certificates/websocket_client_cert.p12',
+      'data/ssl/certificates/wildcard.pem',
+      'data/ssl/certificates/www_us_army_mil_cert.der',
+      'data/ssl/certificates/x509_verify_results.chain.pem',
+    ],
+    # List of test data files for //net:net_unittests. Can be regenerated by
+    # running net/data/update_net_gypi.py.
+    'net_unittests_data_sources': [
+      'data/certificate_policies_unittest/anypolicy.pem',
+      'data/certificate_policies_unittest/anypolicy_with_qualifier.pem',
+      'data/certificate_policies_unittest/invalid-anypolicy_with_custom_qualifier.pem',
+      'data/certificate_policies_unittest/invalid-empty.pem',
+      'data/certificate_policies_unittest/invalid-policy_1_2_3_dupe.pem',
+      'data/certificate_policies_unittest/invalid-policy_1_2_3_policyinformation_unconsumed_data.pem',
+      'data/certificate_policies_unittest/invalid-policy_1_2_3_policyqualifierinfo_unconsumed_data.pem',
+      'data/certificate_policies_unittest/invalid-policy_1_2_3_with_empty_qualifiers_sequence.pem',
+      'data/certificate_policies_unittest/invalid-policy_identifier_not_oid.pem',
+      'data/certificate_policies_unittest/policy_1_2_3.pem',
+      'data/certificate_policies_unittest/policy_1_2_3_and_1_2_4.pem',
+      'data/certificate_policies_unittest/policy_1_2_3_and_1_2_4_with_qualifiers.pem',
+      'data/certificate_policies_unittest/policy_1_2_3_with_custom_qualifier.pem',
+      'data/certificate_policies_unittest/policy_1_2_3_with_qualifier.pem',
+      'data/name_constraints_unittest/directoryname-excludeall.pem',
+      'data/name_constraints_unittest/directoryname-excluded.pem',
+      'data/name_constraints_unittest/directoryname.pem',
+      'data/name_constraints_unittest/directoryname_and_dnsname.pem',
+      'data/name_constraints_unittest/directoryname_and_dnsname_and_ipaddress.pem',
+      'data/name_constraints_unittest/dnsname-exclude_dot.pem',
+      'data/name_constraints_unittest/dnsname-excludeall.pem',
+      'data/name_constraints_unittest/dnsname-excluded.pem',
+      'data/name_constraints_unittest/dnsname-permitted_with_leading_dot.pem',
+      'data/name_constraints_unittest/dnsname-with_max.pem',
+      'data/name_constraints_unittest/dnsname-with_min_0.pem',
+      'data/name_constraints_unittest/dnsname-with_min_0_and_max.pem',
+      'data/name_constraints_unittest/dnsname-with_min_1.pem',
+      'data/name_constraints_unittest/dnsname-with_min_1_and_max.pem',
+      'data/name_constraints_unittest/dnsname.pem',
+      'data/name_constraints_unittest/dnsname2.pem',
+      'data/name_constraints_unittest/edipartyname-excluded.pem',
+      'data/name_constraints_unittest/edipartyname-permitted.pem',
+      'data/name_constraints_unittest/invalid-empty_excluded_subtree.pem',
+      'data/name_constraints_unittest/invalid-empty_permitted_subtree.pem',
+      'data/name_constraints_unittest/invalid-no_subtrees.pem',
+      'data/name_constraints_unittest/ipaddress-excludeall.pem',
+      'data/name_constraints_unittest/ipaddress-excluded.pem',
+      'data/name_constraints_unittest/ipaddress-invalid_addr.pem',
+      'data/name_constraints_unittest/ipaddress-invalid_mask_not_contiguous_1.pem',
+      'data/name_constraints_unittest/ipaddress-invalid_mask_not_contiguous_2.pem',
+      'data/name_constraints_unittest/ipaddress-invalid_mask_not_contiguous_3.pem',
+      'data/name_constraints_unittest/ipaddress-invalid_mask_not_contiguous_4.pem',
+      'data/name_constraints_unittest/ipaddress-permit_all.pem',
+      'data/name_constraints_unittest/ipaddress-permit_prefix1.pem',
+      'data/name_constraints_unittest/ipaddress-permit_prefix31.pem',
+      'data/name_constraints_unittest/ipaddress-permit_singlehost.pem',
+      'data/name_constraints_unittest/ipaddress.pem',
+      'data/name_constraints_unittest/name-ca.pem',
+      'data/name_constraints_unittest/name-de.pem',
+      'data/name_constraints_unittest/name-empty.pem',
+      'data/name_constraints_unittest/name-jp-tokyo.pem',
+      'data/name_constraints_unittest/name-jp.pem',
+      'data/name_constraints_unittest/name-us-arizona-1.1.1.1.pem',
+      'data/name_constraints_unittest/name-us-arizona-192.168.1.1.pem',
+      'data/name_constraints_unittest/name-us-arizona-email.pem',
+      'data/name_constraints_unittest/name-us-arizona-foo.com.pem',
+      'data/name_constraints_unittest/name-us-arizona-ipv6.pem',
+      'data/name_constraints_unittest/name-us-arizona-permitted.example.com.pem',
+      'data/name_constraints_unittest/name-us-arizona.pem',
+      'data/name_constraints_unittest/name-us-california-192.168.1.1.pem',
+      'data/name_constraints_unittest/name-us-california-mountain_view.pem',
+      'data/name_constraints_unittest/name-us-california-permitted.example.com.pem',
+      'data/name_constraints_unittest/name-us-california.pem',
+      'data/name_constraints_unittest/name-us.pem',
+      'data/name_constraints_unittest/othername-excluded.pem',
+      'data/name_constraints_unittest/othername-permitted.pem',
+      'data/name_constraints_unittest/registeredid-excluded.pem',
+      'data/name_constraints_unittest/registeredid-permitted.pem',
+      'data/name_constraints_unittest/rfc822name-excluded.pem',
+      'data/name_constraints_unittest/rfc822name-permitted.pem',
+      'data/name_constraints_unittest/san-edipartyname.pem',
+      'data/name_constraints_unittest/san-excluded-directoryname.pem',
+      'data/name_constraints_unittest/san-excluded-dnsname.pem',
+      'data/name_constraints_unittest/san-excluded-ipaddress.pem',
+      'data/name_constraints_unittest/san-invalid-empty.pem',
+      'data/name_constraints_unittest/san-invalid-ipaddress.pem',
+      'data/name_constraints_unittest/san-othername.pem',
+      'data/name_constraints_unittest/san-permitted.pem',
+      'data/name_constraints_unittest/san-registeredid.pem',
+      'data/name_constraints_unittest/san-rfc822name.pem',
+      'data/name_constraints_unittest/san-uri.pem',
+      'data/name_constraints_unittest/san-x400address.pem',
+      'data/name_constraints_unittest/uri-excluded.pem',
+      'data/name_constraints_unittest/uri-permitted.pem',
+      'data/name_constraints_unittest/x400address-excluded.pem',
+      'data/name_constraints_unittest/x400address-permitted.pem',
+      'data/parse_certificate_unittest/basic_constraints_ca_false.pem',
+      'data/parse_certificate_unittest/basic_constraints_ca_no_path.pem',
+      'data/parse_certificate_unittest/basic_constraints_ca_path_9.pem',
+      'data/parse_certificate_unittest/basic_constraints_negative_path.pem',
+      'data/parse_certificate_unittest/basic_constraints_not_ca.pem',
+      'data/parse_certificate_unittest/basic_constraints_path_too_large.pem',
+      'data/parse_certificate_unittest/basic_constraints_pathlen_255.pem',
+      'data/parse_certificate_unittest/basic_constraints_pathlen_256.pem',
+      'data/parse_certificate_unittest/basic_constraints_pathlen_not_ca.pem',
+      'data/parse_certificate_unittest/basic_constraints_unconsumed_data.pem',
+      'data/parse_certificate_unittest/cert_algorithm_not_sequence.pem',
+      'data/parse_certificate_unittest/cert_data_after_signature.pem',
+      'data/parse_certificate_unittest/cert_empty_sequence.pem',
+      'data/parse_certificate_unittest/cert_missing_signature.pem',
+      'data/parse_certificate_unittest/cert_not_sequence.pem',
+      'data/parse_certificate_unittest/cert_signature_not_bit_string.pem',
+      'data/parse_certificate_unittest/cert_skeleton.pem',
+      'data/parse_certificate_unittest/cert_version3.pem',
+      'data/parse_certificate_unittest/extension_critical.pem',
+      'data/parse_certificate_unittest/extension_critical_0.pem',
+      'data/parse_certificate_unittest/extension_critical_3.pem',
+      'data/parse_certificate_unittest/extension_not_critical.pem',
+      'data/parse_certificate_unittest/extensions_basic_constraints.pem',
+      'data/parse_certificate_unittest/extensions_data_after_sequence.pem',
+      'data/parse_certificate_unittest/extensions_duplicate_key_usage.pem',
+      'data/parse_certificate_unittest/extensions_empty_sequence.pem',
+      'data/parse_certificate_unittest/extensions_extended_key_usage.pem',
+      'data/parse_certificate_unittest/extensions_key_usage.pem',
+      'data/parse_certificate_unittest/extensions_not_sequence.pem',
+      'data/parse_certificate_unittest/extensions_policies.pem',
+      'data/parse_certificate_unittest/extensions_real.pem',
+      'data/parse_certificate_unittest/extensions_subject_alt_name.pem',
+      'data/parse_certificate_unittest/extensions_unknown_critical.pem',
+      'data/parse_certificate_unittest/extensions_unknown_non_critical.pem',
+      'data/parse_certificate_unittest/tbs_explicit_v1.pem',
+      'data/parse_certificate_unittest/tbs_negative_serial_number.pem',
+      'data/parse_certificate_unittest/tbs_serial_number_21_octets_leading_0.pem',
+      'data/parse_certificate_unittest/tbs_serial_number_26_octets.pem',
+      'data/parse_certificate_unittest/tbs_v1.pem',
+      'data/parse_certificate_unittest/tbs_v1_extensions.pem',
+      'data/parse_certificate_unittest/tbs_v2_extensions.pem',
+      'data/parse_certificate_unittest/tbs_v2_issuer_and_subject_unique_id.pem',
+      'data/parse_certificate_unittest/tbs_v2_issuer_unique_id.pem',
+      'data/parse_certificate_unittest/tbs_v2_no_optionals.pem',
+      'data/parse_certificate_unittest/tbs_v3_all_optionals.pem',
+      'data/parse_certificate_unittest/tbs_v3_data_after_extensions.pem',
+      'data/parse_certificate_unittest/tbs_v3_extensions.pem',
+      'data/parse_certificate_unittest/tbs_v3_extensions_not_sequence.pem',
+      'data/parse_certificate_unittest/tbs_v3_no_optionals.pem',
+      'data/parse_certificate_unittest/tbs_v3_real.pem',
+      'data/parse_certificate_unittest/tbs_v4.pem',
+      'data/parse_certificate_unittest/tbs_validity_both_generalized_time.pem',
+      'data/parse_certificate_unittest/tbs_validity_both_utc_time.pem',
+      'data/parse_certificate_unittest/tbs_validity_generalized_time_and_utc_time.pem',
+      'data/parse_certificate_unittest/tbs_validity_relaxed.pem',
+      'data/parse_certificate_unittest/tbs_validity_utc_time_and_generalized_time.pem',
+      'data/parse_ocsp_unittest/bad_ocsp_type.pem',
+      'data/parse_ocsp_unittest/bad_signature.pem',
+      'data/parse_ocsp_unittest/bad_status.pem',
+      'data/parse_ocsp_unittest/good_response.pem',
+      'data/parse_ocsp_unittest/good_response_next_update.pem',
+      'data/parse_ocsp_unittest/has_extension.pem',
+      'data/parse_ocsp_unittest/has_single_extension.pem',
+      'data/parse_ocsp_unittest/has_version.pem',
+      'data/parse_ocsp_unittest/malformed_status.pem',
+      'data/parse_ocsp_unittest/missing_response.pem',
+      'data/parse_ocsp_unittest/multiple_response.pem',
+      'data/parse_ocsp_unittest/no_response.pem',
+      'data/parse_ocsp_unittest/ocsp_extra_certs.pem',
+      'data/parse_ocsp_unittest/ocsp_sign_bad_indirect.pem',
+      'data/parse_ocsp_unittest/ocsp_sign_direct.pem',
+      'data/parse_ocsp_unittest/ocsp_sign_indirect.pem',
+      'data/parse_ocsp_unittest/ocsp_sign_indirect_missing.pem',
+      'data/parse_ocsp_unittest/other_response.pem',
+      'data/parse_ocsp_unittest/responder_id.pem',
+      'data/parse_ocsp_unittest/responder_name.pem',
+      'data/parse_ocsp_unittest/revoke_response.pem',
+      'data/parse_ocsp_unittest/revoke_response_reason.pem',
+      'data/parse_ocsp_unittest/unknown_response.pem',
+      'data/test.html',
+      'data/url_request_unittest/308-without-location-header',
+      'data/url_request_unittest/308-without-location-header.mock-http-headers',
+      'data/url_request_unittest/BullRunSpeech.txt',
+      'data/url_request_unittest/content-type-normalization.html',
+      'data/url_request_unittest/content-type-normalization.html.mock-http-headers',
+      'data/url_request_unittest/expect-ct-header.html',
+      'data/url_request_unittest/expect-ct-header.html.mock-http-headers',
+      'data/url_request_unittest/filedir-sentinel',
+      'data/url_request_unittest/hpkp-headers-report-only.html',
+      'data/url_request_unittest/hpkp-headers-report-only.html.mock-http-headers',
+      'data/url_request_unittest/hpkp-headers.html',
+      'data/url_request_unittest/hpkp-headers.html.mock-http-headers',
+      'data/url_request_unittest/hsts-and-hpkp-headers.html',
+      'data/url_request_unittest/hsts-and-hpkp-headers.html.mock-http-headers',
+      'data/url_request_unittest/hsts-and-hpkp-headers2.html',
+      'data/url_request_unittest/hsts-and-hpkp-headers2.html.mock-http-headers',
+      'data/url_request_unittest/hsts-headers.html',
+      'data/url_request_unittest/hsts-headers.html.mock-http-headers',
+      'data/url_request_unittest/hsts-multiple-headers.html',
+      'data/url_request_unittest/hsts-multiple-headers.html.mock-http-headers',
+      'data/url_request_unittest/redirect-test.html',
+      'data/url_request_unittest/redirect-test.html.mock-http-headers',
+      'data/url_request_unittest/redirect-to-data.html',
+      'data/url_request_unittest/redirect-to-data.html.mock-http-headers',
+      'data/url_request_unittest/redirect-to-echoall',
+      'data/url_request_unittest/redirect-to-echoall.mock-http-headers',
+      'data/url_request_unittest/redirect-to-file.html',
+      'data/url_request_unittest/redirect-to-file.html.mock-http-headers',
+      'data/url_request_unittest/redirect-to-invalid-url.html',
+      'data/url_request_unittest/redirect-to-invalid-url.html.mock-http-headers',
+      'data/url_request_unittest/redirect301-to-echo',
+      'data/url_request_unittest/redirect301-to-echo.mock-http-headers',
+      'data/url_request_unittest/redirect301-to-https',
+      'data/url_request_unittest/redirect301-to-https.mock-http-headers',
+      'data/url_request_unittest/redirect302-to-echo',
+      'data/url_request_unittest/redirect302-to-echo-cacheable',
+      'data/url_request_unittest/redirect302-to-echo-cacheable.mock-http-headers',
+      'data/url_request_unittest/redirect302-to-echo.mock-http-headers',
+      'data/url_request_unittest/redirect302-to-https',
+      'data/url_request_unittest/redirect302-to-https.mock-http-headers',
+      'data/url_request_unittest/redirect303-to-echo',
+      'data/url_request_unittest/redirect303-to-echo.mock-http-headers',
+      'data/url_request_unittest/redirect303-to-https',
+      'data/url_request_unittest/redirect303-to-https.mock-http-headers',
+      'data/url_request_unittest/redirect307-to-echo',
+      'data/url_request_unittest/redirect307-to-echo.mock-http-headers',
+      'data/url_request_unittest/redirect307-to-https',
+      'data/url_request_unittest/redirect307-to-https.mock-http-headers',
+      'data/url_request_unittest/redirect308-to-echo',
+      'data/url_request_unittest/redirect308-to-echo.mock-http-headers',
+      'data/url_request_unittest/redirect308-to-https',
+      'data/url_request_unittest/redirect308-to-https.mock-http-headers',
+      'data/url_request_unittest/simple.html',
+      'data/url_request_unittest/simple.html.mock-http-headers',
+      'data/url_request_unittest/two-content-lengths.html',
+      'data/url_request_unittest/two-content-lengths.html.mock-http-headers',
+      'data/url_request_unittest/with-headers.html',
+      'data/url_request_unittest/with-headers.html.mock-http-headers',
+      'data/verify_certificate_chain_unittest/basic-constraints-pathlen-0-self-issued.pem',
+      'data/verify_certificate_chain_unittest/expired-intermediary.pem',
+      'data/verify_certificate_chain_unittest/expired-root.pem',
+      'data/verify_certificate_chain_unittest/expired-target-notBefore.pem',
+      'data/verify_certificate_chain_unittest/expired-target.pem',
+      'data/verify_certificate_chain_unittest/intermediary-basic-constraints-ca-false.pem',
+      'data/verify_certificate_chain_unittest/intermediary-basic-constraints-not-critical.pem',
+      'data/verify_certificate_chain_unittest/intermediary-lacks-basic-constraints.pem',
+      'data/verify_certificate_chain_unittest/intermediary-lacks-signing-key-usage.pem',
+      'data/verify_certificate_chain_unittest/intermediary-signed-with-md5.pem',
+      'data/verify_certificate_chain_unittest/intermediary-unknown-critical-extension.pem',
+      'data/verify_certificate_chain_unittest/intermediary-unknown-non-critical-extension.pem',
+      'data/verify_certificate_chain_unittest/issuer-and-subject-not-byte-for-byte-equal-anchor.pem',
+      'data/verify_certificate_chain_unittest/issuer-and-subject-not-byte-for-byte-equal.pem',
+      'data/verify_certificate_chain_unittest/non-self-signed-root.pem',
+      'data/verify_certificate_chain_unittest/target-and-intermediary.pem',
+      'data/verify_certificate_chain_unittest/target-has-keycertsign-but-not-ca.pem',
+      'data/verify_certificate_chain_unittest/target-has-pathlen-but-not-ca.pem',
+      'data/verify_certificate_chain_unittest/target-not-end-entity.pem',
+      'data/verify_certificate_chain_unittest/target-signed-by-512bit-rsa.pem',
+      'data/verify_certificate_chain_unittest/target-signed-using-ecdsa.pem',
+      'data/verify_certificate_chain_unittest/target-signed-with-md5.pem',
+      'data/verify_certificate_chain_unittest/target-unknown-critical-extension.pem',
+      'data/verify_certificate_chain_unittest/target-wrong-signature.pem',
+      'data/verify_certificate_chain_unittest/unknown-root.pem',
+      'data/verify_certificate_chain_unittest/violates-basic-constraints-pathlen-0.pem',
+      'data/verify_certificate_chain_unittest/violates-pathlen-1-root.pem',
+      'data/verify_name_match_unittest/names/ascii-BMPSTRING-case_swap-dupe_attr.pem',
+      'data/verify_name_match_unittest/names/ascii-BMPSTRING-case_swap-extra_attr.pem',
+      'data/verify_name_match_unittest/names/ascii-BMPSTRING-case_swap-extra_rdn.pem',
+      'data/verify_name_match_unittest/names/ascii-BMPSTRING-case_swap.pem',
+      'data/verify_name_match_unittest/names/ascii-BMPSTRING-extra_whitespace-dupe_attr.pem',
+      'data/verify_name_match_unittest/names/ascii-BMPSTRING-extra_whitespace-extra_attr.pem',
+      'data/verify_name_match_unittest/names/ascii-BMPSTRING-extra_whitespace-extra_rdn.pem',
+      'data/verify_name_match_unittest/names/ascii-BMPSTRING-extra_whitespace.pem',
+      'data/verify_name_match_unittest/names/ascii-BMPSTRING-unmangled-dupe_attr.pem',
+      'data/verify_name_match_unittest/names/ascii-BMPSTRING-unmangled-extra_attr.pem',
+      'data/verify_name_match_unittest/names/ascii-BMPSTRING-unmangled-extra_rdn.pem',
+      'data/verify_name_match_unittest/names/ascii-BMPSTRING-unmangled.pem',
+      'data/verify_name_match_unittest/names/ascii-PRINTABLESTRING-case_swap-dupe_attr.pem',
+      'data/verify_name_match_unittest/names/ascii-PRINTABLESTRING-case_swap-extra_attr.pem',
+      'data/verify_name_match_unittest/names/ascii-PRINTABLESTRING-case_swap-extra_rdn.pem',
+      'data/verify_name_match_unittest/names/ascii-PRINTABLESTRING-case_swap.pem',
+      'data/verify_name_match_unittest/names/ascii-PRINTABLESTRING-extra_whitespace-dupe_attr.pem',
+      'data/verify_name_match_unittest/names/ascii-PRINTABLESTRING-extra_whitespace-extra_attr.pem',
+      'data/verify_name_match_unittest/names/ascii-PRINTABLESTRING-extra_whitespace-extra_rdn.pem',
+      'data/verify_name_match_unittest/names/ascii-PRINTABLESTRING-extra_whitespace.pem',
+      'data/verify_name_match_unittest/names/ascii-PRINTABLESTRING-rdn_sorting_1.pem',
+      'data/verify_name_match_unittest/names/ascii-PRINTABLESTRING-rdn_sorting_2.pem',
+      'data/verify_name_match_unittest/names/ascii-PRINTABLESTRING-unmangled-dupe_attr.pem',
+      'data/verify_name_match_unittest/names/ascii-PRINTABLESTRING-unmangled-extra_attr.pem',
+      'data/verify_name_match_unittest/names/ascii-PRINTABLESTRING-unmangled-extra_rdn.pem',
+      'data/verify_name_match_unittest/names/ascii-PRINTABLESTRING-unmangled.pem',
+      'data/verify_name_match_unittest/names/ascii-T61STRING-case_swap-dupe_attr.pem',
+      'data/verify_name_match_unittest/names/ascii-T61STRING-case_swap-extra_attr.pem',
+      'data/verify_name_match_unittest/names/ascii-T61STRING-case_swap-extra_rdn.pem',
+      'data/verify_name_match_unittest/names/ascii-T61STRING-case_swap.pem',
+      'data/verify_name_match_unittest/names/ascii-T61STRING-extra_whitespace-dupe_attr.pem',
+      'data/verify_name_match_unittest/names/ascii-T61STRING-extra_whitespace-extra_attr.pem',
+      'data/verify_name_match_unittest/names/ascii-T61STRING-extra_whitespace-extra_rdn.pem',
+      'data/verify_name_match_unittest/names/ascii-T61STRING-extra_whitespace.pem',
+      'data/verify_name_match_unittest/names/ascii-T61STRING-unmangled-dupe_attr.pem',
+      'data/verify_name_match_unittest/names/ascii-T61STRING-unmangled-extra_attr.pem',
+      'data/verify_name_match_unittest/names/ascii-T61STRING-unmangled-extra_rdn.pem',
+      'data/verify_name_match_unittest/names/ascii-T61STRING-unmangled.pem',
+      'data/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-case_swap-dupe_attr.pem',
+      'data/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-case_swap-extra_attr.pem',
+      'data/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-case_swap-extra_rdn.pem',
+      'data/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-case_swap.pem',
+      'data/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-extra_whitespace-dupe_attr.pem',
+      'data/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-extra_whitespace-extra_attr.pem',
+      'data/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-extra_whitespace-extra_rdn.pem',
+      'data/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-extra_whitespace.pem',
+      'data/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-unmangled-dupe_attr.pem',
+      'data/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-unmangled-extra_attr.pem',
+      'data/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-unmangled-extra_rdn.pem',
+      'data/verify_name_match_unittest/names/ascii-UNIVERSALSTRING-unmangled.pem',
+      'data/verify_name_match_unittest/names/ascii-UTF8-case_swap-dupe_attr.pem',
+      'data/verify_name_match_unittest/names/ascii-UTF8-case_swap-extra_attr.pem',
+      'data/verify_name_match_unittest/names/ascii-UTF8-case_swap-extra_rdn.pem',
+      'data/verify_name_match_unittest/names/ascii-UTF8-case_swap.pem',
+      'data/verify_name_match_unittest/names/ascii-UTF8-extra_whitespace-dupe_attr.pem',
+      'data/verify_name_match_unittest/names/ascii-UTF8-extra_whitespace-extra_attr.pem',
+      'data/verify_name_match_unittest/names/ascii-UTF8-extra_whitespace-extra_rdn.pem',
+      'data/verify_name_match_unittest/names/ascii-UTF8-extra_whitespace.pem',
+      'data/verify_name_match_unittest/names/ascii-UTF8-unmangled-dupe_attr.pem',
+      'data/verify_name_match_unittest/names/ascii-UTF8-unmangled-extra_attr.pem',
+      'data/verify_name_match_unittest/names/ascii-UTF8-unmangled-extra_rdn.pem',
+      'data/verify_name_match_unittest/names/ascii-UTF8-unmangled.pem',
+      'data/verify_name_match_unittest/names/ascii-mixed-rdn_dupetype_sorting_1.pem',
+      'data/verify_name_match_unittest/names/ascii-mixed-rdn_dupetype_sorting_2.pem',
+      'data/verify_name_match_unittest/names/invalid-AttributeTypeAndValue-badAttributeType.pem',
+      'data/verify_name_match_unittest/names/invalid-AttributeTypeAndValue-empty.pem',
+      'data/verify_name_match_unittest/names/invalid-AttributeTypeAndValue-extradata.pem',
+      'data/verify_name_match_unittest/names/invalid-AttributeTypeAndValue-onlyOneElement.pem',
+      'data/verify_name_match_unittest/names/invalid-AttributeTypeAndValue-setNotSequence.pem',
+      'data/verify_name_match_unittest/names/invalid-Name-setInsteadOfSequence.pem',
+      'data/verify_name_match_unittest/names/invalid-RDN-empty.pem',
+      'data/verify_name_match_unittest/names/invalid-RDN-sequenceInsteadOfSet.pem',
+      'data/verify_name_match_unittest/names/unicode-mixed-normalized.pem',
+      'data/verify_name_match_unittest/names/unicode-mixed-unnormalized.pem',
+      'data/verify_name_match_unittest/names/unicode_bmp-BMPSTRING-unmangled.pem',
+      'data/verify_name_match_unittest/names/unicode_bmp-UNIVERSALSTRING-unmangled.pem',
+      'data/verify_name_match_unittest/names/unicode_bmp-UTF8-unmangled.pem',
+      'data/verify_name_match_unittest/names/unicode_supplementary-UNIVERSALSTRING-unmangled.pem',
+      'data/verify_name_match_unittest/names/unicode_supplementary-UTF8-unmangled.pem',
+      'data/verify_name_match_unittest/names/valid-Name-empty.pem',
+      'data/verify_name_match_unittest/names/valid-minimal.pem',
+      'data/verify_signed_data_unittest/ecdsa-prime256v1-sha512-spki-params-null.pem',
+      'data/verify_signed_data_unittest/ecdsa-prime256v1-sha512-unused-bits-signature.pem',
+      'data/verify_signed_data_unittest/ecdsa-prime256v1-sha512-using-ecdh-key.pem',
+      'data/verify_signed_data_unittest/ecdsa-prime256v1-sha512-using-ecmqv-key.pem',
+      'data/verify_signed_data_unittest/ecdsa-prime256v1-sha512-using-rsa-algorithm.pem',
+      'data/verify_signed_data_unittest/ecdsa-prime256v1-sha512-wrong-signature-format.pem',
+      'data/verify_signed_data_unittest/ecdsa-prime256v1-sha512.pem',
+      'data/verify_signed_data_unittest/ecdsa-secp384r1-sha256-corrupted-data.pem',
+      'data/verify_signed_data_unittest/ecdsa-secp384r1-sha256.pem',
+      'data/verify_signed_data_unittest/ecdsa-using-rsa-key.pem',
+      'data/verify_signed_data_unittest/rsa-pkcs1-sha1-bad-key-der-length.pem',
+      'data/verify_signed_data_unittest/rsa-pkcs1-sha1-bad-key-der-null.pem',
+      'data/verify_signed_data_unittest/rsa-pkcs1-sha1-key-params-absent.pem',
+      'data/verify_signed_data_unittest/rsa-pkcs1-sha1-using-pss-key-no-params.pem',
+      'data/verify_signed_data_unittest/rsa-pkcs1-sha1-wrong-algorithm.pem',
+      'data/verify_signed_data_unittest/rsa-pkcs1-sha1.pem',
+      'data/verify_signed_data_unittest/rsa-pkcs1-sha256-key-encoded-ber.pem',
+      'data/verify_signed_data_unittest/rsa-pkcs1-sha256-spki-non-null-params.pem',
+      'data/verify_signed_data_unittest/rsa-pkcs1-sha256-using-ecdsa-algorithm.pem',
+      'data/verify_signed_data_unittest/rsa-pkcs1-sha256-using-id-ea-rsa.pem',
+      'data/verify_signed_data_unittest/rsa-pkcs1-sha256.pem',
+      'data/verify_signed_data_unittest/rsa-pss-sha1-salt20-using-pss-key-no-params.pem',
+      'data/verify_signed_data_unittest/rsa-pss-sha1-salt20-using-pss-key-with-null-params.pem',
+      'data/verify_signed_data_unittest/rsa-pss-sha1-salt20.pem',
+      'data/verify_signed_data_unittest/rsa-pss-sha1-wrong-salt.pem',
+      'data/verify_signed_data_unittest/rsa-pss-sha256-mgf1-sha512-salt33.pem',
+      'data/verify_signed_data_unittest/rsa-pss-sha256-salt10-using-pss-key-with-params.pem',
+      'data/verify_signed_data_unittest/rsa-pss-sha256-salt10-using-pss-key-with-wrong-params.pem',
+      'data/verify_signed_data_unittest/rsa-pss-sha256-salt10.pem',
+      'data/verify_signed_data_unittest/rsa-using-ec-key.pem',
+      'data/verify_signed_data_unittest/rsa2048-pkcs1-sha512.pem',
+      'third_party/nist-pkits/certs/AllCertificatesNoPoliciesTest2EE.crt',
+      'third_party/nist-pkits/certs/AllCertificatesSamePoliciesTest10EE.crt',
+      'third_party/nist-pkits/certs/AllCertificatesSamePoliciesTest13EE.crt',
+      'third_party/nist-pkits/certs/AllCertificatesanyPolicyTest11EE.crt',
+      'third_party/nist-pkits/certs/AnyPolicyTest14EE.crt',
+      'third_party/nist-pkits/certs/BadCRLIssuerNameCACert.crt',
+      'third_party/nist-pkits/certs/BadCRLSignatureCACert.crt',
+      'third_party/nist-pkits/certs/BadSignedCACert.crt',
+      'third_party/nist-pkits/certs/BadnotAfterDateCACert.crt',
+      'third_party/nist-pkits/certs/BadnotBeforeDateCACert.crt',
+      'third_party/nist-pkits/certs/BasicSelfIssuedCRLSigningKeyCACert.crt',
+      'third_party/nist-pkits/certs/BasicSelfIssuedCRLSigningKeyCRLCert.crt',
+      'third_party/nist-pkits/certs/BasicSelfIssuedNewKeyCACert.crt',
+      'third_party/nist-pkits/certs/BasicSelfIssuedNewKeyOldWithNewCACert.crt',
+      'third_party/nist-pkits/certs/BasicSelfIssuedOldKeyCACert.crt',
+      'third_party/nist-pkits/certs/BasicSelfIssuedOldKeyNewWithOldCACert.crt',
+      'third_party/nist-pkits/certs/CPSPointerQualifierTest20EE.crt',
+      'third_party/nist-pkits/certs/DSACACert.crt',
+      'third_party/nist-pkits/certs/DSAParametersInheritedCACert.crt',
+      'third_party/nist-pkits/certs/DifferentPoliciesTest12EE.crt',
+      'third_party/nist-pkits/certs/DifferentPoliciesTest3EE.crt',
+      'third_party/nist-pkits/certs/DifferentPoliciesTest4EE.crt',
+      'third_party/nist-pkits/certs/DifferentPoliciesTest5EE.crt',
+      'third_party/nist-pkits/certs/DifferentPoliciesTest7EE.crt',
+      'third_party/nist-pkits/certs/DifferentPoliciesTest8EE.crt',
+      'third_party/nist-pkits/certs/DifferentPoliciesTest9EE.crt',
+      'third_party/nist-pkits/certs/GeneralizedTimeCRLnextUpdateCACert.crt',
+      'third_party/nist-pkits/certs/GoodCACert.crt',
+      'third_party/nist-pkits/certs/GoodsubCACert.crt',
+      'third_party/nist-pkits/certs/GoodsubCAPanyPolicyMapping1to2CACert.crt',
+      'third_party/nist-pkits/certs/InvalidBadCRLIssuerNameTest5EE.crt',
+      'third_party/nist-pkits/certs/InvalidBadCRLSignatureTest4EE.crt',
+      'third_party/nist-pkits/certs/InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt',
+      'third_party/nist-pkits/certs/InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt',
+      'third_party/nist-pkits/certs/InvalidBasicSelfIssuedNewWithOldTest5EE.crt',
+      'third_party/nist-pkits/certs/InvalidBasicSelfIssuedOldWithNewTest2EE.crt',
+      'third_party/nist-pkits/certs/InvalidCASignatureTest2EE.crt',
+      'third_party/nist-pkits/certs/InvalidCAnotAfterDateTest5EE.crt',
+      'third_party/nist-pkits/certs/InvalidCAnotBeforeDateTest1EE.crt',
+      'third_party/nist-pkits/certs/InvalidDNSnameConstraintsTest31EE.crt',
+      'third_party/nist-pkits/certs/InvalidDNSnameConstraintsTest33EE.crt',
+      'third_party/nist-pkits/certs/InvalidDNSnameConstraintsTest38EE.crt',
+      'third_party/nist-pkits/certs/InvalidDNandRFC822nameConstraintsTest28EE.crt',
+      'third_party/nist-pkits/certs/InvalidDNandRFC822nameConstraintsTest29EE.crt',
+      'third_party/nist-pkits/certs/InvalidDNnameConstraintsTest10EE.crt',
+      'third_party/nist-pkits/certs/InvalidDNnameConstraintsTest12EE.crt',
+      'third_party/nist-pkits/certs/InvalidDNnameConstraintsTest13EE.crt',
+      'third_party/nist-pkits/certs/InvalidDNnameConstraintsTest15EE.crt',
+      'third_party/nist-pkits/certs/InvalidDNnameConstraintsTest16EE.crt',
+      'third_party/nist-pkits/certs/InvalidDNnameConstraintsTest17EE.crt',
+      'third_party/nist-pkits/certs/InvalidDNnameConstraintsTest20EE.crt',
+      'third_party/nist-pkits/certs/InvalidDNnameConstraintsTest2EE.crt',
+      'third_party/nist-pkits/certs/InvalidDNnameConstraintsTest3EE.crt',
+      'third_party/nist-pkits/certs/InvalidDNnameConstraintsTest7EE.crt',
+      'third_party/nist-pkits/certs/InvalidDNnameConstraintsTest8EE.crt',
+      'third_party/nist-pkits/certs/InvalidDNnameConstraintsTest9EE.crt',
+      'third_party/nist-pkits/certs/InvalidDSASignatureTest6EE.crt',
+      'third_party/nist-pkits/certs/InvalidEESignatureTest3EE.crt',
+      'third_party/nist-pkits/certs/InvalidEEnotAfterDateTest6EE.crt',
+      'third_party/nist-pkits/certs/InvalidEEnotBeforeDateTest2EE.crt',
+      'third_party/nist-pkits/certs/InvalidIDPwithindirectCRLTest23EE.crt',
+      'third_party/nist-pkits/certs/InvalidIDPwithindirectCRLTest26EE.crt',
+      'third_party/nist-pkits/certs/InvalidLongSerialNumberTest18EE.crt',
+      'third_party/nist-pkits/certs/InvalidMappingFromanyPolicyTest7EE.crt',
+      'third_party/nist-pkits/certs/InvalidMappingToanyPolicyTest8EE.crt',
+      'third_party/nist-pkits/certs/InvalidMissingCRLTest1EE.crt',
+      'third_party/nist-pkits/certs/InvalidMissingbasicConstraintsTest1EE.crt',
+      'third_party/nist-pkits/certs/InvalidNameChainingOrderTest2EE.crt',
+      'third_party/nist-pkits/certs/InvalidNameChainingTest1EE.crt',
+      'third_party/nist-pkits/certs/InvalidNegativeSerialNumberTest15EE.crt',
+      'third_party/nist-pkits/certs/InvalidOldCRLnextUpdateTest11EE.crt',
+      'third_party/nist-pkits/certs/InvalidPolicyMappingTest10EE.crt',
+      'third_party/nist-pkits/certs/InvalidPolicyMappingTest2EE.crt',
+      'third_party/nist-pkits/certs/InvalidPolicyMappingTest4EE.crt',
+      'third_party/nist-pkits/certs/InvalidRFC822nameConstraintsTest22EE.crt',
+      'third_party/nist-pkits/certs/InvalidRFC822nameConstraintsTest24EE.crt',
+      'third_party/nist-pkits/certs/InvalidRFC822nameConstraintsTest26EE.crt',
+      'third_party/nist-pkits/certs/InvalidRevokedCATest2EE.crt',
+      'third_party/nist-pkits/certs/InvalidRevokedEETest3EE.crt',
+      'third_party/nist-pkits/certs/InvalidSelfIssuedinhibitAnyPolicyTest10EE.crt',
+      'third_party/nist-pkits/certs/InvalidSelfIssuedinhibitAnyPolicyTest8EE.crt',
+      'third_party/nist-pkits/certs/InvalidSelfIssuedinhibitPolicyMappingTest10EE.crt',
+      'third_party/nist-pkits/certs/InvalidSelfIssuedinhibitPolicyMappingTest11EE.crt',
+      'third_party/nist-pkits/certs/InvalidSelfIssuedinhibitPolicyMappingTest8EE.crt',
+      'third_party/nist-pkits/certs/InvalidSelfIssuedinhibitPolicyMappingTest9EE.crt',
+      'third_party/nist-pkits/certs/InvalidSelfIssuedpathLenConstraintTest16EE.crt',
+      'third_party/nist-pkits/certs/InvalidSelfIssuedrequireExplicitPolicyTest7EE.crt',
+      'third_party/nist-pkits/certs/InvalidSelfIssuedrequireExplicitPolicyTest8EE.crt',
+      'third_party/nist-pkits/certs/InvalidSeparateCertificateandCRLKeysTest20EE.crt',
+      'third_party/nist-pkits/certs/InvalidSeparateCertificateandCRLKeysTest21EE.crt',
+      'third_party/nist-pkits/certs/InvalidURInameConstraintsTest35EE.crt',
+      'third_party/nist-pkits/certs/InvalidURInameConstraintsTest37EE.crt',
+      'third_party/nist-pkits/certs/InvalidUnknownCRLEntryExtensionTest8EE.crt',
+      'third_party/nist-pkits/certs/InvalidUnknownCRLExtensionTest10EE.crt',
+      'third_party/nist-pkits/certs/InvalidUnknownCRLExtensionTest9EE.crt',
+      'third_party/nist-pkits/certs/InvalidUnknownCriticalCertificateExtensionTest2EE.crt',
+      'third_party/nist-pkits/certs/InvalidWrongCRLTest6EE.crt',
+      'third_party/nist-pkits/certs/InvalidcAFalseTest2EE.crt',
+      'third_party/nist-pkits/certs/InvalidcAFalseTest3EE.crt',
+      'third_party/nist-pkits/certs/InvalidcRLIssuerTest27EE.crt',
+      'third_party/nist-pkits/certs/InvalidcRLIssuerTest31EE.crt',
+      'third_party/nist-pkits/certs/InvalidcRLIssuerTest32EE.crt',
+      'third_party/nist-pkits/certs/InvalidcRLIssuerTest34EE.crt',
+      'third_party/nist-pkits/certs/InvalidcRLIssuerTest35EE.crt',
+      'third_party/nist-pkits/certs/InvaliddeltaCRLIndicatorNoBaseTest1EE.crt',
+      'third_party/nist-pkits/certs/InvaliddeltaCRLTest10EE.crt',
+      'third_party/nist-pkits/certs/InvaliddeltaCRLTest3EE.crt',
+      'third_party/nist-pkits/certs/InvaliddeltaCRLTest4EE.crt',
+      'third_party/nist-pkits/certs/InvaliddeltaCRLTest6EE.crt',
+      'third_party/nist-pkits/certs/InvaliddeltaCRLTest9EE.crt',
+      'third_party/nist-pkits/certs/InvaliddistributionPointTest2EE.crt',
+      'third_party/nist-pkits/certs/InvaliddistributionPointTest3EE.crt',
+      'third_party/nist-pkits/certs/InvaliddistributionPointTest6EE.crt',
+      'third_party/nist-pkits/certs/InvaliddistributionPointTest8EE.crt',
+      'third_party/nist-pkits/certs/InvaliddistributionPointTest9EE.crt',
+      'third_party/nist-pkits/certs/InvalidinhibitAnyPolicyTest1EE.crt',
+      'third_party/nist-pkits/certs/InvalidinhibitAnyPolicyTest4EE.crt',
+      'third_party/nist-pkits/certs/InvalidinhibitAnyPolicyTest5EE.crt',
+      'third_party/nist-pkits/certs/InvalidinhibitAnyPolicyTest6EE.crt',
+      'third_party/nist-pkits/certs/InvalidinhibitPolicyMappingTest1EE.crt',
+      'third_party/nist-pkits/certs/InvalidinhibitPolicyMappingTest3EE.crt',
+      'third_party/nist-pkits/certs/InvalidinhibitPolicyMappingTest5EE.crt',
+      'third_party/nist-pkits/certs/InvalidinhibitPolicyMappingTest6EE.crt',
+      'third_party/nist-pkits/certs/InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt',
+      'third_party/nist-pkits/certs/InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt',
+      'third_party/nist-pkits/certs/InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt',
+      'third_party/nist-pkits/certs/InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt',
+      'third_party/nist-pkits/certs/InvalidonlyContainsAttributeCertsTest14EE.crt',
+      'third_party/nist-pkits/certs/InvalidonlyContainsCACertsTest12EE.crt',
+      'third_party/nist-pkits/certs/InvalidonlyContainsUserCertsTest11EE.crt',
+      'third_party/nist-pkits/certs/InvalidonlySomeReasonsTest15EE.crt',
+      'third_party/nist-pkits/certs/InvalidonlySomeReasonsTest16EE.crt',
+      'third_party/nist-pkits/certs/InvalidonlySomeReasonsTest17EE.crt',
+      'third_party/nist-pkits/certs/InvalidonlySomeReasonsTest20EE.crt',
+      'third_party/nist-pkits/certs/InvalidonlySomeReasonsTest21EE.crt',
+      'third_party/nist-pkits/certs/InvalidpathLenConstraintTest10EE.crt',
+      'third_party/nist-pkits/certs/InvalidpathLenConstraintTest11EE.crt',
+      'third_party/nist-pkits/certs/InvalidpathLenConstraintTest12EE.crt',
+      'third_party/nist-pkits/certs/InvalidpathLenConstraintTest5EE.crt',
+      'third_party/nist-pkits/certs/InvalidpathLenConstraintTest6EE.crt',
+      'third_party/nist-pkits/certs/InvalidpathLenConstraintTest9EE.crt',
+      'third_party/nist-pkits/certs/Invalidpre2000CRLnextUpdateTest12EE.crt',
+      'third_party/nist-pkits/certs/Invalidpre2000UTCEEnotAfterDateTest7EE.crt',
+      'third_party/nist-pkits/certs/InvalidrequireExplicitPolicyTest3EE.crt',
+      'third_party/nist-pkits/certs/InvalidrequireExplicitPolicyTest5EE.crt',
+      'third_party/nist-pkits/certs/LongSerialNumberCACert.crt',
+      'third_party/nist-pkits/certs/Mapping1to2CACert.crt',
+      'third_party/nist-pkits/certs/MappingFromanyPolicyCACert.crt',
+      'third_party/nist-pkits/certs/MappingToanyPolicyCACert.crt',
+      'third_party/nist-pkits/certs/MissingbasicConstraintsCACert.crt',
+      'third_party/nist-pkits/certs/NameOrderingCACert.crt',
+      'third_party/nist-pkits/certs/NegativeSerialNumberCACert.crt',
+      'third_party/nist-pkits/certs/NoCRLCACert.crt',
+      'third_party/nist-pkits/certs/NoPoliciesCACert.crt',
+      'third_party/nist-pkits/certs/NoissuingDistributionPointCACert.crt',
+      'third_party/nist-pkits/certs/OldCRLnextUpdateCACert.crt',
+      'third_party/nist-pkits/certs/OverlappingPoliciesTest6EE.crt',
+      'third_party/nist-pkits/certs/P12Mapping1to3CACert.crt',
+      'third_party/nist-pkits/certs/P12Mapping1to3subCACert.crt',
+      'third_party/nist-pkits/certs/P12Mapping1to3subsubCACert.crt',
+      'third_party/nist-pkits/certs/P1Mapping1to234CACert.crt',
+      'third_party/nist-pkits/certs/P1Mapping1to234subCACert.crt',
+      'third_party/nist-pkits/certs/P1anyPolicyMapping1to2CACert.crt',
+      'third_party/nist-pkits/certs/PanyPolicyMapping1to2CACert.crt',
+      'third_party/nist-pkits/certs/PoliciesP1234CACert.crt',
+      'third_party/nist-pkits/certs/PoliciesP1234subCAP123Cert.crt',
+      'third_party/nist-pkits/certs/PoliciesP1234subsubCAP123P12Cert.crt',
+      'third_party/nist-pkits/certs/PoliciesP123CACert.crt',
+      'third_party/nist-pkits/certs/PoliciesP123subCAP12Cert.crt',
+      'third_party/nist-pkits/certs/PoliciesP123subsubCAP12P1Cert.crt',
+      'third_party/nist-pkits/certs/PoliciesP123subsubCAP12P2Cert.crt',
+      'third_party/nist-pkits/certs/PoliciesP123subsubsubCAP12P2P1Cert.crt',
+      'third_party/nist-pkits/certs/PoliciesP12CACert.crt',
+      'third_party/nist-pkits/certs/PoliciesP12subCAP1Cert.crt',
+      'third_party/nist-pkits/certs/PoliciesP12subsubCAP1P2Cert.crt',
+      'third_party/nist-pkits/certs/PoliciesP2subCA2Cert.crt',
+      'third_party/nist-pkits/certs/PoliciesP2subCACert.crt',
+      'third_party/nist-pkits/certs/PoliciesP3CACert.crt',
+      'third_party/nist-pkits/certs/RFC3280MandatoryAttributeTypesCACert.crt',
+      'third_party/nist-pkits/certs/RFC3280OptionalAttributeTypesCACert.crt',
+      'third_party/nist-pkits/certs/RevokedsubCACert.crt',
+      'third_party/nist-pkits/certs/RolloverfromPrintableStringtoUTF8StringCACert.crt',
+      'third_party/nist-pkits/certs/SeparateCertificateandCRLKeysCA2CRLSigningCert.crt',
+      'third_party/nist-pkits/certs/SeparateCertificateandCRLKeysCA2CertificateSigningCACert.crt',
+      'third_party/nist-pkits/certs/SeparateCertificateandCRLKeysCRLSigningCert.crt',
+      'third_party/nist-pkits/certs/SeparateCertificateandCRLKeysCertificateSigningCACert.crt',
+      'third_party/nist-pkits/certs/TrustAnchorRootCertificate.crt',
+      'third_party/nist-pkits/certs/TwoCRLsCACert.crt',
+      'third_party/nist-pkits/certs/UIDCACert.crt',
+      'third_party/nist-pkits/certs/UTF8StringCaseInsensitiveMatchCACert.crt',
+      'third_party/nist-pkits/certs/UTF8StringEncodedNamesCACert.crt',
+      'third_party/nist-pkits/certs/UnknownCRLEntryExtensionCACert.crt',
+      'third_party/nist-pkits/certs/UnknownCRLExtensionCACert.crt',
+      'third_party/nist-pkits/certs/UserNoticeQualifierTest15EE.crt',
+      'third_party/nist-pkits/certs/UserNoticeQualifierTest16EE.crt',
+      'third_party/nist-pkits/certs/UserNoticeQualifierTest17EE.crt',
+      'third_party/nist-pkits/certs/UserNoticeQualifierTest18EE.crt',
+      'third_party/nist-pkits/certs/UserNoticeQualifierTest19EE.crt',
+      'third_party/nist-pkits/certs/ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt',
+      'third_party/nist-pkits/certs/ValidBasicSelfIssuedNewWithOldTest3EE.crt',
+      'third_party/nist-pkits/certs/ValidBasicSelfIssuedNewWithOldTest4EE.crt',
+      'third_party/nist-pkits/certs/ValidBasicSelfIssuedOldWithNewTest1EE.crt',
+      'third_party/nist-pkits/certs/ValidCertificatePathTest1EE.crt',
+      'third_party/nist-pkits/certs/ValidDNSnameConstraintsTest30EE.crt',
+      'third_party/nist-pkits/certs/ValidDNSnameConstraintsTest32EE.crt',
+      'third_party/nist-pkits/certs/ValidDNandRFC822nameConstraintsTest27EE.crt',
+      'third_party/nist-pkits/certs/ValidDNnameConstraintsTest11EE.crt',
+      'third_party/nist-pkits/certs/ValidDNnameConstraintsTest14EE.crt',
+      'third_party/nist-pkits/certs/ValidDNnameConstraintsTest18EE.crt',
+      'third_party/nist-pkits/certs/ValidDNnameConstraintsTest19EE.crt',
+      'third_party/nist-pkits/certs/ValidDNnameConstraintsTest1EE.crt',
+      'third_party/nist-pkits/certs/ValidDNnameConstraintsTest4EE.crt',
+      'third_party/nist-pkits/certs/ValidDNnameConstraintsTest5EE.crt',
+      'third_party/nist-pkits/certs/ValidDNnameConstraintsTest6EE.crt',
+      'third_party/nist-pkits/certs/ValidDSAParameterInheritanceTest5EE.crt',
+      'third_party/nist-pkits/certs/ValidDSASignaturesTest4EE.crt',
+      'third_party/nist-pkits/certs/ValidGeneralizedTimeCRLnextUpdateTest13EE.crt',
+      'third_party/nist-pkits/certs/ValidGeneralizedTimenotAfterDateTest8EE.crt',
+      'third_party/nist-pkits/certs/ValidGeneralizedTimenotBeforeDateTest4EE.crt',
+      'third_party/nist-pkits/certs/ValidIDPwithindirectCRLTest22EE.crt',
+      'third_party/nist-pkits/certs/ValidIDPwithindirectCRLTest24EE.crt',
+      'third_party/nist-pkits/certs/ValidIDPwithindirectCRLTest25EE.crt',
+      'third_party/nist-pkits/certs/ValidLongSerialNumberTest16EE.crt',
+      'third_party/nist-pkits/certs/ValidLongSerialNumberTest17EE.crt',
+      'third_party/nist-pkits/certs/ValidNameChainingCapitalizationTest5EE.crt',
+      'third_party/nist-pkits/certs/ValidNameChainingWhitespaceTest3EE.crt',
+      'third_party/nist-pkits/certs/ValidNameChainingWhitespaceTest4EE.crt',
+      'third_party/nist-pkits/certs/ValidNameUIDsTest6EE.crt',
+      'third_party/nist-pkits/certs/ValidNegativeSerialNumberTest14EE.crt',
+      'third_party/nist-pkits/certs/ValidNoissuingDistributionPointTest10EE.crt',
+      'third_party/nist-pkits/certs/ValidPolicyMappingTest11EE.crt',
+      'third_party/nist-pkits/certs/ValidPolicyMappingTest12EE.crt',
+      'third_party/nist-pkits/certs/ValidPolicyMappingTest13EE.crt',
+      'third_party/nist-pkits/certs/ValidPolicyMappingTest14EE.crt',
+      'third_party/nist-pkits/certs/ValidPolicyMappingTest1EE.crt',
+      'third_party/nist-pkits/certs/ValidPolicyMappingTest3EE.crt',
+      'third_party/nist-pkits/certs/ValidPolicyMappingTest5EE.crt',
+      'third_party/nist-pkits/certs/ValidPolicyMappingTest6EE.crt',
+      'third_party/nist-pkits/certs/ValidPolicyMappingTest9EE.crt',
+      'third_party/nist-pkits/certs/ValidRFC3280MandatoryAttributeTypesTest7EE.crt',
+      'third_party/nist-pkits/certs/ValidRFC3280OptionalAttributeTypesTest8EE.crt',
+      'third_party/nist-pkits/certs/ValidRFC822nameConstraintsTest21EE.crt',
+      'third_party/nist-pkits/certs/ValidRFC822nameConstraintsTest23EE.crt',
+      'third_party/nist-pkits/certs/ValidRFC822nameConstraintsTest25EE.crt',
+      'third_party/nist-pkits/certs/ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt',
+      'third_party/nist-pkits/certs/ValidSelfIssuedinhibitAnyPolicyTest7EE.crt',
+      'third_party/nist-pkits/certs/ValidSelfIssuedinhibitAnyPolicyTest9EE.crt',
+      'third_party/nist-pkits/certs/ValidSelfIssuedinhibitPolicyMappingTest7EE.crt',
+      'third_party/nist-pkits/certs/ValidSelfIssuedpathLenConstraintTest15EE.crt',
+      'third_party/nist-pkits/certs/ValidSelfIssuedpathLenConstraintTest17EE.crt',
+      'third_party/nist-pkits/certs/ValidSelfIssuedrequireExplicitPolicyTest6EE.crt',
+      'third_party/nist-pkits/certs/ValidSeparateCertificateandCRLKeysTest19EE.crt',
+      'third_party/nist-pkits/certs/ValidTwoCRLsTest7EE.crt',
+      'third_party/nist-pkits/certs/ValidURInameConstraintsTest34EE.crt',
+      'third_party/nist-pkits/certs/ValidURInameConstraintsTest36EE.crt',
+      'third_party/nist-pkits/certs/ValidUTF8StringCaseInsensitiveMatchTest11EE.crt',
+      'third_party/nist-pkits/certs/ValidUTF8StringEncodedNamesTest9EE.crt',
+      'third_party/nist-pkits/certs/ValidUnknownNotCriticalCertificateExtensionTest1EE.crt',
+      'third_party/nist-pkits/certs/ValidbasicConstraintsNotCriticalTest4EE.crt',
+      'third_party/nist-pkits/certs/ValidcRLIssuerTest28EE.crt',
+      'third_party/nist-pkits/certs/ValidcRLIssuerTest29EE.crt',
+      'third_party/nist-pkits/certs/ValidcRLIssuerTest30EE.crt',
+      'third_party/nist-pkits/certs/ValidcRLIssuerTest33EE.crt',
+      'third_party/nist-pkits/certs/ValiddeltaCRLTest2EE.crt',
+      'third_party/nist-pkits/certs/ValiddeltaCRLTest5EE.crt',
+      'third_party/nist-pkits/certs/ValiddeltaCRLTest7EE.crt',
+      'third_party/nist-pkits/certs/ValiddeltaCRLTest8EE.crt',
+      'third_party/nist-pkits/certs/ValiddistributionPointTest1EE.crt',
+      'third_party/nist-pkits/certs/ValiddistributionPointTest4EE.crt',
+      'third_party/nist-pkits/certs/ValiddistributionPointTest5EE.crt',
+      'third_party/nist-pkits/certs/ValiddistributionPointTest7EE.crt',
+      'third_party/nist-pkits/certs/ValidinhibitAnyPolicyTest2EE.crt',
+      'third_party/nist-pkits/certs/ValidinhibitPolicyMappingTest2EE.crt',
+      'third_party/nist-pkits/certs/ValidinhibitPolicyMappingTest4EE.crt',
+      'third_party/nist-pkits/certs/ValidkeyUsageNotCriticalTest3EE.crt',
+      'third_party/nist-pkits/certs/ValidonlyContainsCACertsTest13EE.crt',
+      'third_party/nist-pkits/certs/ValidonlySomeReasonsTest18EE.crt',
+      'third_party/nist-pkits/certs/ValidonlySomeReasonsTest19EE.crt',
+      'third_party/nist-pkits/certs/ValidpathLenConstraintTest13EE.crt',
+      'third_party/nist-pkits/certs/ValidpathLenConstraintTest14EE.crt',
+      'third_party/nist-pkits/certs/ValidpathLenConstraintTest7EE.crt',
+      'third_party/nist-pkits/certs/ValidpathLenConstraintTest8EE.crt',
+      'third_party/nist-pkits/certs/Validpre2000UTCnotBeforeDateTest3EE.crt',
+      'third_party/nist-pkits/certs/ValidrequireExplicitPolicyTest1EE.crt',
+      'third_party/nist-pkits/certs/ValidrequireExplicitPolicyTest2EE.crt',
+      'third_party/nist-pkits/certs/ValidrequireExplicitPolicyTest4EE.crt',
+      'third_party/nist-pkits/certs/WrongCRLCACert.crt',
+      'third_party/nist-pkits/certs/anyPolicyCACert.crt',
+      'third_party/nist-pkits/certs/basicConstraintsCriticalcAFalseCACert.crt',
+      'third_party/nist-pkits/certs/basicConstraintsNotCriticalCACert.crt',
+      'third_party/nist-pkits/certs/basicConstraintsNotCriticalcAFalseCACert.crt',
+      'third_party/nist-pkits/certs/deltaCRLCA1Cert.crt',
+      'third_party/nist-pkits/certs/deltaCRLCA2Cert.crt',
+      'third_party/nist-pkits/certs/deltaCRLCA3Cert.crt',
+      'third_party/nist-pkits/certs/deltaCRLIndicatorNoBaseCACert.crt',
+      'third_party/nist-pkits/certs/distributionPoint1CACert.crt',
+      'third_party/nist-pkits/certs/distributionPoint2CACert.crt',
+      'third_party/nist-pkits/certs/indirectCRLCA1Cert.crt',
+      'third_party/nist-pkits/certs/indirectCRLCA2Cert.crt',
+      'third_party/nist-pkits/certs/indirectCRLCA3Cert.crt',
+      'third_party/nist-pkits/certs/indirectCRLCA3cRLIssuerCert.crt',
+      'third_party/nist-pkits/certs/indirectCRLCA4Cert.crt',
+      'third_party/nist-pkits/certs/indirectCRLCA4cRLIssuerCert.crt',
+      'third_party/nist-pkits/certs/indirectCRLCA5Cert.crt',
+      'third_party/nist-pkits/certs/indirectCRLCA6Cert.crt',
+      'third_party/nist-pkits/certs/inhibitAnyPolicy0CACert.crt',
+      'third_party/nist-pkits/certs/inhibitAnyPolicy1CACert.crt',
+      'third_party/nist-pkits/certs/inhibitAnyPolicy1SelfIssuedCACert.crt',
+      'third_party/nist-pkits/certs/inhibitAnyPolicy1SelfIssuedsubCA2Cert.crt',
+      'third_party/nist-pkits/certs/inhibitAnyPolicy1subCA1Cert.crt',
+      'third_party/nist-pkits/certs/inhibitAnyPolicy1subCA2Cert.crt',
+      'third_party/nist-pkits/certs/inhibitAnyPolicy1subCAIAP5Cert.crt',
+      'third_party/nist-pkits/certs/inhibitAnyPolicy1subsubCA2Cert.crt',
+      'third_party/nist-pkits/certs/inhibitAnyPolicy5CACert.crt',
+      'third_party/nist-pkits/certs/inhibitAnyPolicy5subCACert.crt',
+      'third_party/nist-pkits/certs/inhibitAnyPolicy5subsubCACert.crt',
+      'third_party/nist-pkits/certs/inhibitAnyPolicyTest3EE.crt',
+      'third_party/nist-pkits/certs/inhibitPolicyMapping0CACert.crt',
+      'third_party/nist-pkits/certs/inhibitPolicyMapping0subCACert.crt',
+      'third_party/nist-pkits/certs/inhibitPolicyMapping1P12CACert.crt',
+      'third_party/nist-pkits/certs/inhibitPolicyMapping1P12subCACert.crt',
+      'third_party/nist-pkits/certs/inhibitPolicyMapping1P12subCAIPM5Cert.crt',
+      'third_party/nist-pkits/certs/inhibitPolicyMapping1P12subsubCACert.crt',
+      'third_party/nist-pkits/certs/inhibitPolicyMapping1P12subsubCAIPM5Cert.crt',
+      'third_party/nist-pkits/certs/inhibitPolicyMapping1P1CACert.crt',
+      'third_party/nist-pkits/certs/inhibitPolicyMapping1P1SelfIssuedCACert.crt',
+      'third_party/nist-pkits/certs/inhibitPolicyMapping1P1SelfIssuedsubCACert.crt',
+      'third_party/nist-pkits/certs/inhibitPolicyMapping1P1subCACert.crt',
+      'third_party/nist-pkits/certs/inhibitPolicyMapping1P1subsubCACert.crt',
+      'third_party/nist-pkits/certs/inhibitPolicyMapping5CACert.crt',
+      'third_party/nist-pkits/certs/inhibitPolicyMapping5subCACert.crt',
+      'third_party/nist-pkits/certs/inhibitPolicyMapping5subsubCACert.crt',
+      'third_party/nist-pkits/certs/inhibitPolicyMapping5subsubsubCACert.crt',
+      'third_party/nist-pkits/certs/keyUsageCriticalcRLSignFalseCACert.crt',
+      'third_party/nist-pkits/certs/keyUsageCriticalkeyCertSignFalseCACert.crt',
+      'third_party/nist-pkits/certs/keyUsageNotCriticalCACert.crt',
+      'third_party/nist-pkits/certs/keyUsageNotCriticalcRLSignFalseCACert.crt',
+      'third_party/nist-pkits/certs/keyUsageNotCriticalkeyCertSignFalseCACert.crt',
+      'third_party/nist-pkits/certs/nameConstraintsDN1CACert.crt',
+      'third_party/nist-pkits/certs/nameConstraintsDN1SelfIssuedCACert.crt',
+      'third_party/nist-pkits/certs/nameConstraintsDN1subCA1Cert.crt',
+      'third_party/nist-pkits/certs/nameConstraintsDN1subCA2Cert.crt',
+      'third_party/nist-pkits/certs/nameConstraintsDN1subCA3Cert.crt',
+      'third_party/nist-pkits/certs/nameConstraintsDN2CACert.crt',
+      'third_party/nist-pkits/certs/nameConstraintsDN3CACert.crt',
+      'third_party/nist-pkits/certs/nameConstraintsDN3subCA1Cert.crt',
+      'third_party/nist-pkits/certs/nameConstraintsDN3subCA2Cert.crt',
+      'third_party/nist-pkits/certs/nameConstraintsDN4CACert.crt',
+      'third_party/nist-pkits/certs/nameConstraintsDN5CACert.crt',
+      'third_party/nist-pkits/certs/nameConstraintsDNS1CACert.crt',
+      'third_party/nist-pkits/certs/nameConstraintsDNS2CACert.crt',
+      'third_party/nist-pkits/certs/nameConstraintsRFC822CA1Cert.crt',
+      'third_party/nist-pkits/certs/nameConstraintsRFC822CA2Cert.crt',
+      'third_party/nist-pkits/certs/nameConstraintsRFC822CA3Cert.crt',
+      'third_party/nist-pkits/certs/nameConstraintsURI1CACert.crt',
+      'third_party/nist-pkits/certs/nameConstraintsURI2CACert.crt',
+      'third_party/nist-pkits/certs/onlyContainsAttributeCertsCACert.crt',
+      'third_party/nist-pkits/certs/onlyContainsCACertsCACert.crt',
+      'third_party/nist-pkits/certs/onlyContainsUserCertsCACert.crt',
+      'third_party/nist-pkits/certs/onlySomeReasonsCA1Cert.crt',
+      'third_party/nist-pkits/certs/onlySomeReasonsCA2Cert.crt',
+      'third_party/nist-pkits/certs/onlySomeReasonsCA3Cert.crt',
+      'third_party/nist-pkits/certs/onlySomeReasonsCA4Cert.crt',
+      'third_party/nist-pkits/certs/pathLenConstraint0CACert.crt',
+      'third_party/nist-pkits/certs/pathLenConstraint0SelfIssuedCACert.crt',
+      'third_party/nist-pkits/certs/pathLenConstraint0subCA2Cert.crt',
+      'third_party/nist-pkits/certs/pathLenConstraint0subCACert.crt',
+      'third_party/nist-pkits/certs/pathLenConstraint1CACert.crt',
+      'third_party/nist-pkits/certs/pathLenConstraint1SelfIssuedCACert.crt',
+      'third_party/nist-pkits/certs/pathLenConstraint1SelfIssuedsubCACert.crt',
+      'third_party/nist-pkits/certs/pathLenConstraint1subCACert.crt',
+      'third_party/nist-pkits/certs/pathLenConstraint6CACert.crt',
+      'third_party/nist-pkits/certs/pathLenConstraint6subCA0Cert.crt',
+      'third_party/nist-pkits/certs/pathLenConstraint6subCA1Cert.crt',
+      'third_party/nist-pkits/certs/pathLenConstraint6subCA4Cert.crt',
+      'third_party/nist-pkits/certs/pathLenConstraint6subsubCA00Cert.crt',
+      'third_party/nist-pkits/certs/pathLenConstraint6subsubCA11Cert.crt',
+      'third_party/nist-pkits/certs/pathLenConstraint6subsubCA41Cert.crt',
+      'third_party/nist-pkits/certs/pathLenConstraint6subsubsubCA11XCert.crt',
+      'third_party/nist-pkits/certs/pathLenConstraint6subsubsubCA41XCert.crt',
+      'third_party/nist-pkits/certs/pre2000CRLnextUpdateCACert.crt',
+      'third_party/nist-pkits/certs/requireExplicitPolicy0CACert.crt',
+      'third_party/nist-pkits/certs/requireExplicitPolicy0subCACert.crt',
+      'third_party/nist-pkits/certs/requireExplicitPolicy0subsubCACert.crt',
+      'third_party/nist-pkits/certs/requireExplicitPolicy0subsubsubCACert.crt',
+      'third_party/nist-pkits/certs/requireExplicitPolicy10CACert.crt',
+      'third_party/nist-pkits/certs/requireExplicitPolicy10subCACert.crt',
+      'third_party/nist-pkits/certs/requireExplicitPolicy10subsubCACert.crt',
+      'third_party/nist-pkits/certs/requireExplicitPolicy10subsubsubCACert.crt',
+      'third_party/nist-pkits/certs/requireExplicitPolicy2CACert.crt',
+      'third_party/nist-pkits/certs/requireExplicitPolicy2SelfIssuedCACert.crt',
+      'third_party/nist-pkits/certs/requireExplicitPolicy2SelfIssuedsubCACert.crt',
+      'third_party/nist-pkits/certs/requireExplicitPolicy2subCACert.crt',
+      'third_party/nist-pkits/certs/requireExplicitPolicy4CACert.crt',
+      'third_party/nist-pkits/certs/requireExplicitPolicy4subCACert.crt',
+      'third_party/nist-pkits/certs/requireExplicitPolicy4subsubCACert.crt',
+      'third_party/nist-pkits/certs/requireExplicitPolicy4subsubsubCACert.crt',
+      'third_party/nist-pkits/certs/requireExplicitPolicy5CACert.crt',
+      'third_party/nist-pkits/certs/requireExplicitPolicy5subCACert.crt',
+      'third_party/nist-pkits/certs/requireExplicitPolicy5subsubCACert.crt',
+      'third_party/nist-pkits/certs/requireExplicitPolicy5subsubsubCACert.crt',
+      'third_party/nist-pkits/certs/requireExplicitPolicy7CACert.crt',
+      'third_party/nist-pkits/certs/requireExplicitPolicy7subCARE2Cert.crt',
+      'third_party/nist-pkits/certs/requireExplicitPolicy7subsubCARE2RE4Cert.crt',
+      'third_party/nist-pkits/certs/requireExplicitPolicy7subsubsubCARE2RE4Cert.crt',
+      'third_party/nist-pkits/crls/BadCRLIssuerNameCACRL.crl',
+      'third_party/nist-pkits/crls/BadCRLSignatureCACRL.crl',
+      'third_party/nist-pkits/crls/BadSignedCACRL.crl',
+      'third_party/nist-pkits/crls/BadnotAfterDateCACRL.crl',
+      'third_party/nist-pkits/crls/BadnotBeforeDateCACRL.crl',
+      'third_party/nist-pkits/crls/BasicSelfIssuedCRLSigningKeyCACRL.crl',
+      'third_party/nist-pkits/crls/BasicSelfIssuedCRLSigningKeyCRLCertCRL.crl',
+      'third_party/nist-pkits/crls/BasicSelfIssuedNewKeyCACRL.crl',
+      'third_party/nist-pkits/crls/BasicSelfIssuedOldKeyCACRL.crl',
+      'third_party/nist-pkits/crls/BasicSelfIssuedOldKeySelfIssuedCertCRL.crl',
+      'third_party/nist-pkits/crls/DSACACRL.crl',
+      'third_party/nist-pkits/crls/DSAParametersInheritedCACRL.crl',
+      'third_party/nist-pkits/crls/GeneralizedTimeCRLnextUpdateCACRL.crl',
+      'third_party/nist-pkits/crls/GoodCACRL.crl',
+      'third_party/nist-pkits/crls/GoodsubCACRL.crl',
+      'third_party/nist-pkits/crls/GoodsubCAPanyPolicyMapping1to2CACRL.crl',
+      'third_party/nist-pkits/crls/LongSerialNumberCACRL.crl',
+      'third_party/nist-pkits/crls/Mapping1to2CACRL.crl',
+      'third_party/nist-pkits/crls/MappingFromanyPolicyCACRL.crl',
+      'third_party/nist-pkits/crls/MappingToanyPolicyCACRL.crl',
+      'third_party/nist-pkits/crls/MissingbasicConstraintsCACRL.crl',
+      'third_party/nist-pkits/crls/NameOrderCACRL.crl',
+      'third_party/nist-pkits/crls/NegativeSerialNumberCACRL.crl',
+      'third_party/nist-pkits/crls/NoPoliciesCACRL.crl',
+      'third_party/nist-pkits/crls/NoissuingDistributionPointCACRL.crl',
+      'third_party/nist-pkits/crls/OldCRLnextUpdateCACRL.crl',
+      'third_party/nist-pkits/crls/P12Mapping1to3CACRL.crl',
+      'third_party/nist-pkits/crls/P12Mapping1to3subCACRL.crl',
+      'third_party/nist-pkits/crls/P12Mapping1to3subsubCACRL.crl',
+      'third_party/nist-pkits/crls/P1Mapping1to234CACRL.crl',
+      'third_party/nist-pkits/crls/P1Mapping1to234subCACRL.crl',
+      'third_party/nist-pkits/crls/P1anyPolicyMapping1to2CACRL.crl',
+      'third_party/nist-pkits/crls/PanyPolicyMapping1to2CACRL.crl',
+      'third_party/nist-pkits/crls/PoliciesP1234CACRL.crl',
+      'third_party/nist-pkits/crls/PoliciesP1234subCAP123CRL.crl',
+      'third_party/nist-pkits/crls/PoliciesP1234subsubCAP123P12CRL.crl',
+      'third_party/nist-pkits/crls/PoliciesP123CACRL.crl',
+      'third_party/nist-pkits/crls/PoliciesP123subCAP12CRL.crl',
+      'third_party/nist-pkits/crls/PoliciesP123subsubCAP12P1CRL.crl',
+      'third_party/nist-pkits/crls/PoliciesP123subsubCAP2P2CRL.crl',
+      'third_party/nist-pkits/crls/PoliciesP123subsubsubCAP12P2P1CRL.crl',
+      'third_party/nist-pkits/crls/PoliciesP12CACRL.crl',
+      'third_party/nist-pkits/crls/PoliciesP12subCAP1CRL.crl',
+      'third_party/nist-pkits/crls/PoliciesP12subsubCAP1P2CRL.crl',
+      'third_party/nist-pkits/crls/PoliciesP2subCA2CRL.crl',
+      'third_party/nist-pkits/crls/PoliciesP2subCACRL.crl',
+      'third_party/nist-pkits/crls/PoliciesP3CACRL.crl',
+      'third_party/nist-pkits/crls/RFC3280MandatoryAttributeTypesCACRL.crl',
+      'third_party/nist-pkits/crls/RFC3280OptionalAttributeTypesCACRL.crl',
+      'third_party/nist-pkits/crls/RevokedsubCACRL.crl',
+      'third_party/nist-pkits/crls/RolloverfromPrintableStringtoUTF8StringCACRL.crl',
+      'third_party/nist-pkits/crls/SeparateCertificateandCRLKeysCA2CRL.crl',
+      'third_party/nist-pkits/crls/SeparateCertificateandCRLKeysCRL.crl',
+      'third_party/nist-pkits/crls/TrustAnchorRootCRL.crl',
+      'third_party/nist-pkits/crls/TwoCRLsCABadCRL.crl',
+      'third_party/nist-pkits/crls/TwoCRLsCAGoodCRL.crl',
+      'third_party/nist-pkits/crls/UIDCACRL.crl',
+      'third_party/nist-pkits/crls/UTF8StringCaseInsensitiveMatchCACRL.crl',
+      'third_party/nist-pkits/crls/UTF8StringEncodedNamesCACRL.crl',
+      'third_party/nist-pkits/crls/UnknownCRLEntryExtensionCACRL.crl',
+      'third_party/nist-pkits/crls/UnknownCRLExtensionCACRL.crl',
+      'third_party/nist-pkits/crls/WrongCRLCACRL.crl',
+      'third_party/nist-pkits/crls/anyPolicyCACRL.crl',
+      'third_party/nist-pkits/crls/basicConstraintsCriticalcAFalseCACRL.crl',
+      'third_party/nist-pkits/crls/basicConstraintsNotCriticalCACRL.crl',
+      'third_party/nist-pkits/crls/basicConstraintsNotCriticalcAFalseCACRL.crl',
+      'third_party/nist-pkits/crls/deltaCRLCA1CRL.crl',
+      'third_party/nist-pkits/crls/deltaCRLCA1deltaCRL.crl',
+      'third_party/nist-pkits/crls/deltaCRLCA2CRL.crl',
+      'third_party/nist-pkits/crls/deltaCRLCA2deltaCRL.crl',
+      'third_party/nist-pkits/crls/deltaCRLCA3CRL.crl',
+      'third_party/nist-pkits/crls/deltaCRLCA3deltaCRL.crl',
+      'third_party/nist-pkits/crls/deltaCRLIndicatorNoBaseCACRL.crl',
+      'third_party/nist-pkits/crls/distributionPoint1CACRL.crl',
+      'third_party/nist-pkits/crls/distributionPoint2CACRL.crl',
+      'third_party/nist-pkits/crls/indirectCRLCA1CRL.crl',
+      'third_party/nist-pkits/crls/indirectCRLCA3CRL.crl',
+      'third_party/nist-pkits/crls/indirectCRLCA3cRLIssuerCRL.crl',
+      'third_party/nist-pkits/crls/indirectCRLCA4cRLIssuerCRL.crl',
+      'third_party/nist-pkits/crls/indirectCRLCA5CRL.crl',
+      'third_party/nist-pkits/crls/inhibitAnyPolicy0CACRL.crl',
+      'third_party/nist-pkits/crls/inhibitAnyPolicy1CACRL.crl',
+      'third_party/nist-pkits/crls/inhibitAnyPolicy1subCA1CRL.crl',
+      'third_party/nist-pkits/crls/inhibitAnyPolicy1subCA2CRL.crl',
+      'third_party/nist-pkits/crls/inhibitAnyPolicy1subCAIAP5CRL.crl',
+      'third_party/nist-pkits/crls/inhibitAnyPolicy1subsubCA2CRL.crl',
+      'third_party/nist-pkits/crls/inhibitAnyPolicy5CACRL.crl',
+      'third_party/nist-pkits/crls/inhibitAnyPolicy5subCACRL.crl',
+      'third_party/nist-pkits/crls/inhibitAnyPolicy5subsubCACRL.crl',
+      'third_party/nist-pkits/crls/inhibitPolicyMapping0CACRL.crl',
+      'third_party/nist-pkits/crls/inhibitPolicyMapping0subCACRL.crl',
+      'third_party/nist-pkits/crls/inhibitPolicyMapping1P12CACRL.crl',
+      'third_party/nist-pkits/crls/inhibitPolicyMapping1P12subCACRL.crl',
+      'third_party/nist-pkits/crls/inhibitPolicyMapping1P12subCAIPM5CRL.crl',
+      'third_party/nist-pkits/crls/inhibitPolicyMapping1P12subsubCACRL.crl',
+      'third_party/nist-pkits/crls/inhibitPolicyMapping1P12subsubCAIPM5CRL.crl',
+      'third_party/nist-pkits/crls/inhibitPolicyMapping1P1CACRL.crl',
+      'third_party/nist-pkits/crls/inhibitPolicyMapping1P1subCACRL.crl',
+      'third_party/nist-pkits/crls/inhibitPolicyMapping1P1subsubCACRL.crl',
+      'third_party/nist-pkits/crls/inhibitPolicyMapping5CACRL.crl',
+      'third_party/nist-pkits/crls/inhibitPolicyMapping5subCACRL.crl',
+      'third_party/nist-pkits/crls/inhibitPolicyMapping5subsubCACRL.crl',
+      'third_party/nist-pkits/crls/inhibitPolicyMapping5subsubsubCACRL.crl',
+      'third_party/nist-pkits/crls/keyUsageCriticalcRLSignFalseCACRL.crl',
+      'third_party/nist-pkits/crls/keyUsageCriticalkeyCertSignFalseCACRL.crl',
+      'third_party/nist-pkits/crls/keyUsageNotCriticalCACRL.crl',
+      'third_party/nist-pkits/crls/keyUsageNotCriticalcRLSignFalseCACRL.crl',
+      'third_party/nist-pkits/crls/keyUsageNotCriticalkeyCertSignFalseCACRL.crl',
+      'third_party/nist-pkits/crls/nameConstraintsDN1CACRL.crl',
+      'third_party/nist-pkits/crls/nameConstraintsDN1subCA1CRL.crl',
+      'third_party/nist-pkits/crls/nameConstraintsDN1subCA2CRL.crl',
+      'third_party/nist-pkits/crls/nameConstraintsDN1subCA3CRL.crl',
+      'third_party/nist-pkits/crls/nameConstraintsDN2CACRL.crl',
+      'third_party/nist-pkits/crls/nameConstraintsDN3CACRL.crl',
+      'third_party/nist-pkits/crls/nameConstraintsDN3subCA1CRL.crl',
+      'third_party/nist-pkits/crls/nameConstraintsDN3subCA2CRL.crl',
+      'third_party/nist-pkits/crls/nameConstraintsDN4CACRL.crl',
+      'third_party/nist-pkits/crls/nameConstraintsDN5CACRL.crl',
+      'third_party/nist-pkits/crls/nameConstraintsDNS1CACRL.crl',
+      'third_party/nist-pkits/crls/nameConstraintsDNS2CACRL.crl',
+      'third_party/nist-pkits/crls/nameConstraintsRFC822CA1CRL.crl',
+      'third_party/nist-pkits/crls/nameConstraintsRFC822CA2CRL.crl',
+      'third_party/nist-pkits/crls/nameConstraintsRFC822CA3CRL.crl',
+      'third_party/nist-pkits/crls/nameConstraintsURI1CACRL.crl',
+      'third_party/nist-pkits/crls/nameConstraintsURI2CACRL.crl',
+      'third_party/nist-pkits/crls/onlyContainsAttributeCertsCACRL.crl',
+      'third_party/nist-pkits/crls/onlyContainsCACertsCACRL.crl',
+      'third_party/nist-pkits/crls/onlyContainsUserCertsCACRL.crl',
+      'third_party/nist-pkits/crls/onlySomeReasonsCA1compromiseCRL.crl',
+      'third_party/nist-pkits/crls/onlySomeReasonsCA1otherreasonsCRL.crl',
+      'third_party/nist-pkits/crls/onlySomeReasonsCA2CRL1.crl',
+      'third_party/nist-pkits/crls/onlySomeReasonsCA2CRL2.crl',
+      'third_party/nist-pkits/crls/onlySomeReasonsCA3compromiseCRL.crl',
+      'third_party/nist-pkits/crls/onlySomeReasonsCA3otherreasonsCRL.crl',
+      'third_party/nist-pkits/crls/onlySomeReasonsCA4compromiseCRL.crl',
+      'third_party/nist-pkits/crls/onlySomeReasonsCA4otherreasonsCRL.crl',
+      'third_party/nist-pkits/crls/pathLenConstraint0CACRL.crl',
+      'third_party/nist-pkits/crls/pathLenConstraint0subCA2CRL.crl',
+      'third_party/nist-pkits/crls/pathLenConstraint0subCACRL.crl',
+      'third_party/nist-pkits/crls/pathLenConstraint1CACRL.crl',
+      'third_party/nist-pkits/crls/pathLenConstraint1subCACRL.crl',
+      'third_party/nist-pkits/crls/pathLenConstraint6CACRL.crl',
+      'third_party/nist-pkits/crls/pathLenConstraint6subCA0CRL.crl',
+      'third_party/nist-pkits/crls/pathLenConstraint6subCA1CRL.crl',
+      'third_party/nist-pkits/crls/pathLenConstraint6subCA4CRL.crl',
+      'third_party/nist-pkits/crls/pathLenConstraint6subsubCA00CRL.crl',
+      'third_party/nist-pkits/crls/pathLenConstraint6subsubCA11CRL.crl',
+      'third_party/nist-pkits/crls/pathLenConstraint6subsubCA41CRL.crl',
+      'third_party/nist-pkits/crls/pathLenConstraint6subsubsubCA11XCRL.crl',
+      'third_party/nist-pkits/crls/pathLenConstraint6subsubsubCA41XCRL.crl',
+      'third_party/nist-pkits/crls/pre2000CRLnextUpdateCACRL.crl',
+      'third_party/nist-pkits/crls/requireExplicitPolicy0CACRL.crl',
+      'third_party/nist-pkits/crls/requireExplicitPolicy0subCACRL.crl',
+      'third_party/nist-pkits/crls/requireExplicitPolicy0subsubCACRL.crl',
+      'third_party/nist-pkits/crls/requireExplicitPolicy0subsubsubCACRL.crl',
+      'third_party/nist-pkits/crls/requireExplicitPolicy10CACRL.crl',
+      'third_party/nist-pkits/crls/requireExplicitPolicy10subCACRL.crl',
+      'third_party/nist-pkits/crls/requireExplicitPolicy10subsubCACRL.crl',
+      'third_party/nist-pkits/crls/requireExplicitPolicy10subsubsubCACRL.crl',
+      'third_party/nist-pkits/crls/requireExplicitPolicy2CACRL.crl',
+      'third_party/nist-pkits/crls/requireExplicitPolicy2subCACRL.crl',
+      'third_party/nist-pkits/crls/requireExplicitPolicy4CACRL.crl',
+      'third_party/nist-pkits/crls/requireExplicitPolicy4subCACRL.crl',
+      'third_party/nist-pkits/crls/requireExplicitPolicy4subsubCACRL.crl',
+      'third_party/nist-pkits/crls/requireExplicitPolicy4subsubsubCACRL.crl',
+      'third_party/nist-pkits/crls/requireExplicitPolicy5CACRL.crl',
+      'third_party/nist-pkits/crls/requireExplicitPolicy5subCACRL.crl',
+      'third_party/nist-pkits/crls/requireExplicitPolicy5subsubCACRL.crl',
+      'third_party/nist-pkits/crls/requireExplicitPolicy5subsubsubCACRL.crl',
+      'third_party/nist-pkits/crls/requireExplicitPolicy7CACRL.crl',
+      'third_party/nist-pkits/crls/requireExplicitPolicy7subCARE2CRL.crl',
+      'third_party/nist-pkits/crls/requireExplicitPolicy7subsubCARE2RE4CRL.crl',
+      'third_party/nist-pkits/crls/requireExplicitPolicy7subsubsubCARE2RE4CRL.crl',
+    ],
   }
 }
diff --git a/chromium/net/net_common.gypi b/chromium/net/net_common.gypi
index f5e56c4f4c9..fc5649f348c 100644
--- a/chromium/net/net_common.gypi
+++ b/chromium/net/net_common.gypi
@@ -3,7 +3,7 @@
 # found in the LICENSE file.
 
 {
-  # This target is included in both 'net' and 'net_small'.
+  # This target is included by 'net' target.
   'type': '<(component)',
   'variables': { 'enable_wexit_time_destructors': 1, },
   'dependencies': [
@@ -11,8 +11,10 @@
     '../base/third_party/dynamic_annotations/dynamic_annotations.gyp:dynamic_annotations',
     '../crypto/crypto.gyp:crypto',
     '../sdch/sdch.gyp:sdch',
+    '../third_party/boringssl/boringssl.gyp:boringssl',
     '../third_party/protobuf/protobuf.gyp:protobuf_lite',
     '../third_party/zlib/zlib.gyp:zlib',
+    '../url/url.gyp:url_url_features',
     'net_derived_sources',
     'net_quic_proto',
     'net_resources',
@@ -105,110 +107,24 @@
         'dns/dns_client.cc',
       ],
     }],
-    ['use_openssl==1', {
-        'sources!': [
-          'base/nss_memio.c',
-          'base/nss_memio.h',
-          'cert/ct_log_verifier_nss.cc',
-          'cert/ct_objects_extractor_nss.cc',
-          'cert/jwk_serializer_nss.cc',
-          'cert/scoped_nss_types.h',
-          'cert/x509_certificate_ios.cc',
-          'cert/x509_util_nss.cc',
-          'quic/crypto/aead_base_decrypter_nss.cc',
-          'quic/crypto/aead_base_encrypter_nss.cc',
-          'quic/crypto/aes_128_gcm_12_decrypter_nss.cc',
-          'quic/crypto/aes_128_gcm_12_encrypter_nss.cc',
-          'quic/crypto/chacha20_poly1305_rfc7539_decrypter_nss.cc',
-          'quic/crypto/chacha20_poly1305_rfc7539_encrypter_nss.cc',
-          'quic/crypto/channel_id_nss.cc',
-          'quic/crypto/p256_key_exchange_nss.cc',
-          'quic/crypto/proof_source_chromium_nss.cc',
-          'socket/nss_ssl_util.cc',
-          'socket/nss_ssl_util.h',
-          'socket/ssl_client_socket_nss.cc',
-          'socket/ssl_client_socket_nss.h',
-          'socket/ssl_server_socket_nss.cc',
-          'socket/ssl_server_socket_nss.h',
-          'ssl/token_binding_nss.cc',
-        ],
+    [ 'use_nss_certs == 1', {
         'dependencies': [
-          '../third_party/boringssl/boringssl.gyp:boringssl',
-        ],
-        'conditions': [
-          ['chromecast==1 and use_nss_certs==1', {
-            'sources': [
-              'ssl/ssl_platform_key_chromecast.cc',
-            ],
-            'sources!': [
-              'ssl/ssl_platform_key_nss.cc',
-            ],
-          }],
-        ],
-      },
-      {  # else !use_openssl: remove the unneeded files and depend on NSS.
-        'sources!': [
-          'cert/ct_log_verifier_openssl.cc',
-          'cert/ct_objects_extractor_openssl.cc',
-          'cert/jwk_serializer_openssl.cc',
-          'cert/x509_util_openssl.cc',
-          'cert/x509_util_openssl.h',
-          'quic/crypto/aead_base_decrypter_openssl.cc',
-          'quic/crypto/aead_base_encrypter_openssl.cc',
-          'quic/crypto/aes_128_gcm_12_decrypter_openssl.cc',
-          'quic/crypto/aes_128_gcm_12_encrypter_openssl.cc',
-          'quic/crypto/chacha20_poly1305_rfc7539_decrypter_openssl.cc',
-          'quic/crypto/chacha20_poly1305_rfc7539_encrypter_openssl.cc',
-          'quic/crypto/channel_id_openssl.cc',
-          'quic/crypto/p256_key_exchange_openssl.cc',
-          'quic/crypto/proof_source_chromium_openssl.cc',
-          'quic/crypto/scoped_evp_aead_ctx.cc',
-          'quic/crypto/scoped_evp_aead_ctx.h',
-          'socket/ssl_client_socket_openssl.cc',
-          'socket/ssl_client_socket_openssl.h',
-          'socket/ssl_server_socket_openssl.cc',
-          'socket/ssl_server_socket_openssl.h',
-          'ssl/client_key_store.cc',
-          'ssl/client_key_store.h',
-          'ssl/openssl_ssl_util.cc',
-          'ssl/openssl_ssl_util.h',
-          'ssl/ssl_client_session_cache_openssl.cc',
-          'ssl/ssl_client_session_cache_openssl.h',
-          'ssl/ssl_key_logger.cc',
-          'ssl/ssl_key_logger.h',
-          'ssl/ssl_platform_key.h',
-          'ssl/ssl_platform_key_nss.cc',
-          'ssl/ssl_platform_key_task_runner.cc',
-          'ssl/ssl_platform_key_task_runner.h',
-          'ssl/test_ssl_private_key.cc',
-          'ssl/test_ssl_private_key.h',
-          'ssl/threaded_ssl_private_key.cc',
-          'ssl/threaded_ssl_private_key.h',
-          'ssl/token_binding_openssl.cc',
-        ],
-      },
-    ],
-    [ 'use_nss_verifier == 1', {
-        'conditions': [
-          # Pull in the bundled or system NSS as appropriate.
-          [ 'desktop_linux == 1 or chromeos == 1', {
-            'dependencies': [
-              '../build/linux/system.gyp:ssl',
-            ],
-          }, {
-            'dependencies': [
-              '../third_party/nss/nss.gyp:nspr',
-              '../third_party/nss/nss.gyp:nss',
-              'third_party/nss/ssl.gyp:libssl',
-            ],
-          }]
+          '../build/linux/system.gyp:nss',
         ],
       }, {
         'sources!': [
           'cert/x509_util_nss.h',
-        ],
-      },
+        ]
+      }
     ],
+    ['chromecast==1 and use_nss_certs==1', {
+      'sources': [
+        'ssl/ssl_platform_key_chromecast.cc',
+      ],
+      'sources!': [
+        'ssl/ssl_platform_key_nss.cc',
+      ],
+    }],
     [ 'use_openssl_certs == 0', {
         'sources!': [
           'base/crypto_module_openssl.cc',
@@ -259,13 +175,19 @@
           'base/crypto_module_nss.cc',
           'base/keygen_handler_nss.cc',
           'cert/cert_database_nss.cc',
+          'cert/cert_verify_proc_nss.cc',
+          'cert/cert_verify_proc_nss.h',
           'cert/nss_cert_database.cc',
           'cert/nss_cert_database.h',
           'cert/nss_cert_database_chromeos.cc',
           'cert/nss_cert_database_chromeos.h',
           'cert/nss_profile_filter_chromeos.cc',
           'cert/nss_profile_filter_chromeos.h',
+          'cert/test_root_certs_nss.cc',
           'cert/x509_certificate_nss.cc',
+          'cert/x509_util_nss.cc',
+          'cert_net/nss_ocsp.cc',
+          'cert_net/nss_ocsp.h',
           'ssl/client_cert_store_nss.cc',
           'ssl/client_cert_store_nss.h',
           'ssl/client_key_store.cc',
@@ -280,38 +202,14 @@
         ],
       },
     ],
-    [ 'use_nss_verifier != 1', {
-        'sources!': [
-          'cert/cert_verify_proc_nss.cc',
-          'cert/cert_verify_proc_nss.h',
-          'cert/test_root_certs_nss.cc',
-          'cert/x509_util_nss_certs.cc',
-          'cert_net/nss_ocsp.cc',
-          'cert_net/nss_ocsp.h',
-        ],
-      },
-    ],
     # client_cert_store_nss.c requires NSS_CmpCertChainWCANames from NSS's
     # libssl, but our bundled copy is not built in OpenSSL ports. Pull that
     # file in directly.
-    [ 'use_nss_certs == 1 and use_openssl == 1', {
+    [ 'use_nss_certs == 1', {
         'sources': [
           'third_party/nss/ssl/cmpcert.c',
         ],
     }],
-    [ 'OS == "ios" and use_nss_verifier == 0', {
-        'sources!': [
-          'cert/x509_util_ios.cc',
-          'cert/x509_util_ios.h',
-        ],
-    }],
-    [ 'OS == "ios" and use_nss_verifier == 1', {
-        'sources!': [
-          'cert/cert_verify_proc_ios.cc',
-          'cert/cert_verify_proc_ios.h',
-          'cert/x509_certificate_openssl_ios.cc',
-        ],
-    }],
     [ 'enable_websockets == 1', {
         'sources': ['<@(net_websockets_sources)']
     }],
@@ -457,7 +355,7 @@
         ['include', '^proxy/proxy_server_mac\\.cc$'],
       ],
     }],
-    ['OS == "ios" and <(use_nss_verifier) == 0', {
+    ['OS == "ios"', {
       'sources/': [
         ['include', '^cert/test_root_certs_mac\\.cc$'],
       ],
diff --git a/chromium/net/nqe/OWNERS b/chromium/net/nqe/OWNERS
new file mode 100644
index 00000000000..d0e5b09fa15
--- /dev/null
+++ b/chromium/net/nqe/OWNERS
@@ -0,0 +1 @@
+bengr@chromium.org
+\ No newline at end of file
diff --git a/chromium/net/nqe/cached_network_quality.cc b/chromium/net/nqe/cached_network_quality.cc
new file mode 100644
index 00000000000..5902f75a08d
--- /dev/null
+++ b/chromium/net/nqe/cached_network_quality.cc
@@ -0,0 +1,33 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/nqe/cached_network_quality.h"
+
+namespace net {
+
+namespace nqe {
+
+namespace internal {
+
+CachedNetworkQuality::CachedNetworkQuality(
+    const NetworkQuality& network_quality)
+    : last_update_time_(base::TimeTicks::Now()),
+      network_quality_(network_quality) {}
+
+CachedNetworkQuality::CachedNetworkQuality(const CachedNetworkQuality& other)
+    : last_update_time_(other.last_update_time_),
+      network_quality_(other.network_quality_) {}
+
+CachedNetworkQuality::~CachedNetworkQuality() {}
+
+bool CachedNetworkQuality::OlderThan(
+    const CachedNetworkQuality& cached_network_quality) const {
+  return last_update_time_ < cached_network_quality.last_update_time_;
+}
+
+}  // namespace internal
+
+}  // namespace nqe
+
+}  // namespace net
+\ No newline at end of file
diff --git a/chromium/net/nqe/cached_network_quality.h b/chromium/net/nqe/cached_network_quality.h
new file mode 100644
index 00000000000..cc0af2f1b8d
--- /dev/null
+++ b/chromium/net/nqe/cached_network_quality.h
@@ -0,0 +1,49 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_NQE_CACHED_NETWORK_QUALITY_H_
+#define NET_NQE_CACHED_NETWORK_QUALITY_H_
+
+#include "base/macros.h"
+#include "base/time/time.h"
+#include "net/base/net_export.h"
+#include "net/nqe/network_quality.h"
+
+namespace net {
+
+namespace nqe {
+
+namespace internal {
+
+// CachedNetworkQuality stores the quality of a previously seen network.
+class NET_EXPORT_PRIVATE CachedNetworkQuality {
+ public:
+  explicit CachedNetworkQuality(const NetworkQuality& network_quality);
+  CachedNetworkQuality(const CachedNetworkQuality& other);
+  ~CachedNetworkQuality();
+
+  // Returns the network quality associated with this cached entry.
+  const NetworkQuality& network_quality() const { return network_quality_; }
+
+  // Returns true if this cache entry was updated before
+  // |cached_network_quality|.
+  bool OlderThan(const CachedNetworkQuality& cached_network_quality) const;
+
+  // Time when this cache entry was last updated.
+  const base::TimeTicks last_update_time_;
+
+  // Quality of this cached network.
+  const NetworkQuality network_quality_;
+
+ private:
+  DISALLOW_ASSIGN(CachedNetworkQuality);
+};
+
+}  // namespace internal
+
+}  // namespace nqe
+
+}  // namespace net
+
+#endif  // NET_NQE_CACHED_NETWORK_QUALITY_H_
+\ No newline at end of file
diff --git a/chromium/net/base/external_estimate_provider.h b/chromium/net/nqe/external_estimate_provider.h
index c4480cf1413..7fd58f5f9dd 100644
--- a/chromium/net/base/external_estimate_provider.h
+++ b/chromium/net/nqe/external_estimate_provider.h
@@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#ifndef NET_BASE_EXTERNAL_ESTIMATE_PROVIDER_H_
-#define NET_BASE_EXTERNAL_ESTIMATE_PROVIDER_H_
+#ifndef NET_NQE_EXTERNAL_ESTIMATE_PROVIDER_H_
+#define NET_NQE_EXTERNAL_ESTIMATE_PROVIDER_H_
 
 #include <stdint.h>
 
@@ -69,4 +69,4 @@ class NET_EXPORT ExternalEstimateProvider {
 
 }  // namespace net
 
-#endif  // NET_BASE_EXTERNAL_ESTIMATE_PROVIDER_H_
+#endif  // NET_NQE_EXTERNAL_ESTIMATE_PROVIDER_H_
diff --git a/chromium/net/nqe/network_quality.cc b/chromium/net/nqe/network_quality.cc
new file mode 100644
index 00000000000..cf9a334ce05
--- /dev/null
+++ b/chromium/net/nqe/network_quality.cc
@@ -0,0 +1,42 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/nqe/network_quality.h"
+
+namespace net {
+
+namespace nqe {
+
+namespace internal {
+
+base::TimeDelta InvalidRTT() {
+  return base::TimeDelta::Max();
+}
+
+NetworkQuality::NetworkQuality()
+    : NetworkQuality(InvalidRTT(), kInvalidThroughput) {}
+
+NetworkQuality::NetworkQuality(const base::TimeDelta& rtt,
+                               int32_t downstream_throughput_kbps)
+    : rtt_(rtt), downstream_throughput_kbps_(downstream_throughput_kbps) {
+  DCHECK_GE(rtt_, base::TimeDelta());
+  DCHECK_GE(downstream_throughput_kbps_, 0);
+}
+
+NetworkQuality::NetworkQuality(const NetworkQuality& other)
+    : NetworkQuality(other.rtt_, other.downstream_throughput_kbps_) {}
+
+NetworkQuality::~NetworkQuality() {}
+
+NetworkQuality& NetworkQuality::operator=(const NetworkQuality& other) {
+  rtt_ = other.rtt_;
+  downstream_throughput_kbps_ = other.downstream_throughput_kbps_;
+  return *this;
+}
+
+}  // namespace internal
+
+}  // namespace nqe
+
+}  // namespace net
+\ No newline at end of file
diff --git a/chromium/net/nqe/network_quality.h b/chromium/net/nqe/network_quality.h
new file mode 100644
index 00000000000..1679beccea0
--- /dev/null
+++ b/chromium/net/nqe/network_quality.h
@@ -0,0 +1,67 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_NQE_NETWORK_QUALITY_H_
+#define NET_NQE_NETWORK_QUALITY_H_
+
+#include <stdint.h>
+
+#include "base/gtest_prod_util.h"
+#include "base/macros.h"
+#include "base/time/time.h"
+#include "net/base/net_export.h"
+
+namespace net {
+
+namespace nqe {
+
+namespace internal {
+
+// Returns the RTT value to be used when the valid RTT is unavailable. Readers
+// should discard RTT if it is set to the value returned by |InvalidRTT()|.
+NET_EXPORT_PRIVATE base::TimeDelta InvalidRTT();
+
+// Throughput is set to |kInvalidThroughput| if a valid value is
+// unavailable. Readers should discard throughput value if it is set to
+// |kInvalidThroughput|.
+const int32_t kInvalidThroughput = 0;
+
+// NetworkQuality is used to cache the quality of a network connection.
+class NET_EXPORT_PRIVATE NetworkQuality {
+ public:
+  NetworkQuality();
+  // |rtt| is the estimate of the round trip time.
+  // |downstream_throughput_kbps| is the estimate of the downstream
+  // throughput in kilobits per second.
+  NetworkQuality(const base::TimeDelta& rtt,
+                 int32_t downstream_throughput_kbps);
+  NetworkQuality(const NetworkQuality& other);
+  ~NetworkQuality();
+
+  NetworkQuality& operator=(const NetworkQuality& other);
+
+  // Returns the estimate of the round trip time at the HTTP layer.
+  const base::TimeDelta& rtt() const { return rtt_; }
+
+  // Returns the estimate of the downstream throughput in Kbps (Kilobits per
+  // second).
+  int32_t downstream_throughput_kbps() const {
+    return downstream_throughput_kbps_;
+  }
+
+ private:
+  // Estimated round trip time at the HTTP layer.
+  base::TimeDelta rtt_;
+
+  // Estimated downstream throughput in kilobits per second.
+  int32_t downstream_throughput_kbps_;
+};
+
+}  // namespace internal
+
+}  // namespace nqe
+
+}  // namespace net
+
+#endif  // NET_NQE_NETWORK_QUALITY_H_
+\ No newline at end of file
diff --git a/chromium/net/base/network_quality_estimator.cc b/chromium/net/nqe/network_quality_estimator.cc
index 9a6d8d60f06..7866ce63f83 100644
--- a/chromium/net/base/network_quality_estimator.cc
+++ b/chromium/net/nqe/network_quality_estimator.cc
@@ -2,9 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "net/base/network_quality_estimator.h"
+#include "net/nqe/network_quality_estimator.h"
 
-#include <float.h>
 #include <algorithm>
 #include <cmath>
 #include <limits>
@@ -15,14 +14,14 @@
 #include "base/metrics/histogram.h"
 #include "base/metrics/histogram_base.h"
 #include "base/strings/string_number_conversions.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/trace_event/trace_event.h"
 #include "build/build_config.h"
 #include "net/base/load_flags.h"
 #include "net/base/load_timing_info.h"
 #include "net/base/network_interfaces.h"
-#include "net/base/socket_performance_watcher.h"
 #include "net/base/url_util.h"
+#include "net/socket/socket_performance_watcher.h"
 #include "net/url_request/url_request.h"
 #include "url/gurl.h"
 
@@ -82,6 +81,18 @@ const char kDefaultRTTMsecObservationSuffix[] = ".DefaultMedianRTTMsec";
 // parameter for Wi-Fi would be "WiFi.DefaultMedianKbps".
 const char kDefaultKbpsObservationSuffix[] = ".DefaultMedianKbps";
 
+// Suffix of the name of the variation parameter that contains the threshold
+// RTTs (in milliseconds) for different effective connection types. Complete
+// name of the variation parameter would be
+// |EffectiveConnectionType|.|kThresholdURLRTTMsecSuffix|.
+const char kThresholdURLRTTMsecSuffix[] = ".ThresholdMedianURLRTTMsec";
+
+// Suffix of the name of the variation parameter that contains the threshold
+// downlink throughput (in kbps) for different effective connection types.
+// Complete name of the variation parameter would be
+// |EffectiveConnectionType|.|kThresholdKbpsSuffix|.
+const char kThresholdKbpsSuffix[] = ".ThresholdMedianKbps";
+
 // Computes and returns the weight multiplier per second.
 // |variation_params| is the map containing all field trial parameters
 // related to NetworkQualityEstimator field trial.
@@ -116,6 +127,27 @@ base::HistogramBase* GetHistogram(
       max_limit, kBucketCount, base::HistogramBase::kUmaTargetedHistogramFlag);
 }
 
+bool GetValueForVariationParam(
+    const std::map<std::string, std::string>& variation_params,
+    const std::string& parameter_name,
+    int32_t* variations_value) {
+  auto it = variation_params.find(parameter_name);
+  return it != variation_params.end() &&
+         base::StringToInt(it->second, variations_value);
+}
+
+net::NetworkQualityObservationSource ProtocolSourceToObservationSource(
+    net::SocketPerformanceWatcherFactory::Protocol protocol) {
+  switch (protocol) {
+    case net::SocketPerformanceWatcherFactory::PROTOCOL_TCP:
+      return net::NETWORK_QUALITY_OBSERVATION_SOURCE_TCP;
+    case net::SocketPerformanceWatcherFactory::PROTOCOL_QUIC:
+      return net::NETWORK_QUALITY_OBSERVATION_SOURCE_QUIC;
+  }
+  NOTREACHED();
+  return net::NETWORK_QUALITY_OBSERVATION_SOURCE_TCP;
+}
+
 }  // namespace
 
 namespace net {
@@ -181,9 +213,9 @@ class NetworkQualityEstimator::SocketWatcherFactory
   ~SocketWatcherFactory() override {}
 
   // SocketPerformanceWatcherFactory implementation:
-  scoped_ptr<SocketPerformanceWatcher> CreateSocketPerformanceWatcher(
+  std::unique_ptr<SocketPerformanceWatcher> CreateSocketPerformanceWatcher(
       const Protocol protocol) override {
-    return scoped_ptr<SocketPerformanceWatcher>(
+    return std::unique_ptr<SocketPerformanceWatcher>(
         new SocketWatcher(protocol, task_runner_, network_quality_estimator_));
   }
 
@@ -195,10 +227,8 @@ class NetworkQualityEstimator::SocketWatcherFactory
   DISALLOW_COPY_AND_ASSIGN(SocketWatcherFactory);
 };
 
-const int32_t NetworkQualityEstimator::kInvalidThroughput = 0;
-
 NetworkQualityEstimator::NetworkQualityEstimator(
-    scoped_ptr<ExternalEstimateProvider> external_estimates_provider,
+    std::unique_ptr<ExternalEstimateProvider> external_estimates_provider,
     const std::map<std::string, std::string>& variation_params)
     : NetworkQualityEstimator(std::move(external_estimates_provider),
                               variation_params,
@@ -206,19 +236,20 @@ NetworkQualityEstimator::NetworkQualityEstimator(
                               false) {}
 
 NetworkQualityEstimator::NetworkQualityEstimator(
-    scoped_ptr<ExternalEstimateProvider> external_estimates_provider,
+    std::unique_ptr<ExternalEstimateProvider> external_estimates_provider,
     const std::map<std::string, std::string>& variation_params,
     bool allow_local_host_requests_for_tests,
     bool allow_smaller_responses_for_tests)
     : allow_localhost_requests_(allow_local_host_requests_for_tests),
       allow_small_responses_(allow_smaller_responses_for_tests),
+      weight_multiplier_per_second_(
+          GetWeightMultiplierPerSecond(variation_params)),
       last_connection_change_(base::TimeTicks::Now()),
       current_network_id_(
           NetworkID(NetworkChangeNotifier::ConnectionType::CONNECTION_UNKNOWN,
                     std::string())),
-      downstream_throughput_kbps_observations_(
-          GetWeightMultiplierPerSecond(variation_params)),
-      rtt_observations_(GetWeightMultiplierPerSecond(variation_params)),
+      downstream_throughput_kbps_observations_(weight_multiplier_per_second_),
+      rtt_observations_(weight_multiplier_per_second_),
       external_estimate_provider_(std::move(external_estimates_provider)),
       weak_ptr_factory_(this) {
   static_assert(kMinRequestDurationMicroseconds > 0,
@@ -233,6 +264,7 @@ NetworkQualityEstimator::NetworkQualityEstimator(
                 "Size of the network quality cache must <= 10");
 
   ObtainOperatingParams(variation_params);
+  ObtainEffectiveConnectionTypeModelParams(variation_params);
   NetworkChangeNotifier::AddConnectionTypeObserver(this);
   if (external_estimate_provider_) {
     RecordExternalEstimateProviderMetrics(
@@ -250,11 +282,6 @@ NetworkQualityEstimator::NetworkQualityEstimator(
       base::ThreadTaskRunnerHandle::Get(), weak_ptr_factory_.GetWeakPtr()));
 }
 
-// static
-const base::TimeDelta NetworkQualityEstimator::InvalidRTT() {
-  return base::TimeDelta::Max();
-}
-
 void NetworkQualityEstimator::ObtainOperatingParams(
     const std::map<std::string, std::string>& variation_params) {
   DCHECK(thread_checker_.CalledOnValidThread());
@@ -262,8 +289,8 @@ void NetworkQualityEstimator::ObtainOperatingParams(
   for (size_t i = 0; i <= NetworkChangeNotifier::CONNECTION_LAST; ++i) {
     NetworkChangeNotifier::ConnectionType type =
         static_cast<NetworkChangeNotifier::ConnectionType>(i);
-    DCHECK_EQ(InvalidRTT(), default_observations_[i].rtt());
-    DCHECK_EQ(kInvalidThroughput,
+    DCHECK_EQ(nqe::internal::InvalidRTT(), default_observations_[i].rtt());
+    DCHECK_EQ(nqe::internal::kInvalidThroughput,
               default_observations_[i].downstream_throughput_kbps());
     int32_t variations_value = kMinimumRTTVariationParameterMsec - 1;
     // Name of the parameter that holds the RTT value for this connection type.
@@ -274,9 +301,9 @@ void NetworkQualityEstimator::ObtainOperatingParams(
     if (it != variation_params.end() &&
         base::StringToInt(it->second, &variations_value) &&
         variations_value >= kMinimumRTTVariationParameterMsec) {
-      default_observations_[i] =
-          NetworkQuality(base::TimeDelta::FromMilliseconds(variations_value),
-                         default_observations_[i].downstream_throughput_kbps());
+      default_observations_[i] = nqe::internal::NetworkQuality(
+          base::TimeDelta::FromMilliseconds(variations_value),
+          default_observations_[i].downstream_throughput_kbps());
     }
 
     variations_value = kMinimumThroughputVariationParameterKbps - 1;
@@ -289,27 +316,83 @@ void NetworkQualityEstimator::ObtainOperatingParams(
     if (it != variation_params.end() &&
         base::StringToInt(it->second, &variations_value) &&
         variations_value >= kMinimumThroughputVariationParameterKbps) {
-      default_observations_[i] =
-          NetworkQuality(default_observations_[i].rtt(), variations_value);
+      default_observations_[i] = nqe::internal::NetworkQuality(
+          default_observations_[i].rtt(), variations_value);
+    }
+  }
+}
+
+void NetworkQualityEstimator::ObtainEffectiveConnectionTypeModelParams(
+    const std::map<std::string, std::string>& variation_params) {
+  DCHECK(thread_checker_.CalledOnValidThread());
+
+  for (size_t i = 0; i < EFFECTIVE_CONNECTION_TYPE_LAST; ++i) {
+    EffectiveConnectionType effective_connection_type =
+        static_cast<EffectiveConnectionType>(i);
+    DCHECK_EQ(nqe::internal::InvalidRTT(), connection_thresholds_[i].rtt());
+    DCHECK_EQ(nqe::internal::kInvalidThroughput,
+              connection_thresholds_[i].downstream_throughput_kbps());
+    if (effective_connection_type == EFFECTIVE_CONNECTION_TYPE_UNKNOWN)
+      continue;
+
+    std::string connection_type_name = std::string(
+        GetNameForEffectiveConnectionType(effective_connection_type));
+
+    int32_t variations_value = kMinimumRTTVariationParameterMsec - 1;
+    if (GetValueForVariationParam(
+            variation_params, connection_type_name + kThresholdURLRTTMsecSuffix,
+            &variations_value) &&
+        variations_value >= kMinimumRTTVariationParameterMsec) {
+      base::TimeDelta rtt(base::TimeDelta::FromMilliseconds(variations_value));
+      connection_thresholds_[i] = nqe::internal::NetworkQuality(
+          rtt, connection_thresholds_[i].downstream_throughput_kbps());
+
+      // Verify that the RTT values are in decreasing order as the network
+      // quality improves.
+      DCHECK(i == 0 ||
+             connection_thresholds_[i - 1].rtt() ==
+                 nqe::internal::InvalidRTT() ||
+             rtt <= connection_thresholds_[i - 1].rtt());
+    }
+
+    variations_value = kMinimumThroughputVariationParameterKbps - 1;
+    if (GetValueForVariationParam(variation_params,
+                                  connection_type_name + kThresholdKbpsSuffix,
+                                  &variations_value) &&
+        variations_value >= kMinimumThroughputVariationParameterKbps) {
+      int32_t throughput_kbps = variations_value;
+      connection_thresholds_[i] = nqe::internal::NetworkQuality(
+          connection_thresholds_[i].rtt(), throughput_kbps);
+
+      // Verify that the throughput values are in increasing order as the
+      // network quality improves.
+      DCHECK(i == 0 ||
+             connection_thresholds_[i - 1].downstream_throughput_kbps() ==
+                 kMinimumThroughputVariationParameterKbps ||
+             throughput_kbps >=
+                 connection_thresholds_[i - 1].downstream_throughput_kbps());
     }
   }
 }
 
 void NetworkQualityEstimator::AddDefaultEstimates() {
   DCHECK(thread_checker_.CalledOnValidThread());
-  if (default_observations_[current_network_id_.type].rtt() != InvalidRTT()) {
+  if (default_observations_[current_network_id_.type].rtt() !=
+      nqe::internal::InvalidRTT()) {
     RttObservation rtt_observation(
         default_observations_[current_network_id_.type].rtt(),
-        base::TimeTicks::Now(), DEFAULT_FROM_PLATFORM);
+        base::TimeTicks::Now(),
+        NETWORK_QUALITY_OBSERVATION_SOURCE_DEFAULT_FROM_PLATFORM);
     rtt_observations_.AddObservation(rtt_observation);
     NotifyObserversOfRTT(rtt_observation);
   }
   if (default_observations_[current_network_id_.type]
-          .downstream_throughput_kbps() != kInvalidThroughput) {
+          .downstream_throughput_kbps() != nqe::internal::kInvalidThroughput) {
     ThroughputObservation throughput_observation(
         default_observations_[current_network_id_.type]
             .downstream_throughput_kbps(),
-        base::TimeTicks::Now(), DEFAULT_FROM_PLATFORM);
+        base::TimeTicks::Now(),
+        NETWORK_QUALITY_OBSERVATION_SOURCE_DEFAULT_FROM_PLATFORM);
     downstream_throughput_kbps_observations_.AddObservation(
         throughput_observation);
     NotifyObserversOfThroughput(throughput_observation);
@@ -331,9 +414,16 @@ void NetworkQualityEstimator::NotifyHeadersReceived(const URLRequest& request) {
 
   // Update |estimated_median_network_quality_| if this is a main frame request.
   if (request.load_flags() & LOAD_MAIN_FRAME) {
-    estimated_median_network_quality_ = NetworkQuality(
-        GetURLRequestRTTEstimateInternal(base::TimeTicks(), 50),
-        GetDownlinkThroughputKbpsEstimateInternal(base::TimeTicks(), 50));
+    base::TimeDelta rtt;
+    if (!GetURLRequestRTTEstimate(&rtt))
+      rtt = nqe::internal::InvalidRTT();
+
+    int32_t downstream_throughput_kbps;
+    if (!GetDownlinkThroughputKbpsEstimate(&downstream_throughput_kbps))
+      downstream_throughput_kbps = nqe::internal::kInvalidThroughput;
+
+    estimated_median_network_quality_ =
+        nqe::internal::NetworkQuality(rtt, downstream_throughput_kbps);
   }
 
   base::TimeTicks now = base::TimeTicks::Now();
@@ -355,22 +445,24 @@ void NetworkQualityEstimator::NotifyHeadersReceived(const URLRequest& request) {
 
   // Duration between when the resource was requested and when response
   // headers were received.
-    base::TimeDelta observed_rtt = headers_received_time - request_start_time;
-    DCHECK_GE(observed_rtt, base::TimeDelta());
-    if (observed_rtt < peak_network_quality_.rtt()) {
-      peak_network_quality_ = NetworkQuality(
-          observed_rtt, peak_network_quality_.downstream_throughput_kbps());
-    }
+  base::TimeDelta observed_rtt = headers_received_time - request_start_time;
+  DCHECK_GE(observed_rtt, base::TimeDelta());
+  if (observed_rtt < peak_network_quality_.rtt()) {
+    peak_network_quality_ = nqe::internal::NetworkQuality(
+        observed_rtt, peak_network_quality_.downstream_throughput_kbps());
+  }
 
-    RttObservation rtt_observation(observed_rtt, now, URL_REQUEST);
-    rtt_observations_.AddObservation(rtt_observation);
-    NotifyObserversOfRTT(rtt_observation);
+  RttObservation rtt_observation(
+      observed_rtt, now, NETWORK_QUALITY_OBSERVATION_SOURCE_URL_REQUEST);
+  rtt_observations_.AddObservation(rtt_observation);
+  NotifyObserversOfRTT(rtt_observation);
 
-    // Compare the RTT observation with the estimated value and record it.
-    if (estimated_median_network_quality_.rtt() != InvalidRTT()) {
-      RecordRTTUMA(estimated_median_network_quality_.rtt().InMilliseconds(),
-                   observed_rtt.InMilliseconds());
-    }
+  // Compare the RTT observation with the estimated value and record it.
+  if (estimated_median_network_quality_.rtt() != nqe::internal::InvalidRTT()) {
+    RecordURLRequestRTTUMA(
+        estimated_median_network_quality_.rtt().InMilliseconds(),
+        observed_rtt.InMilliseconds());
+  }
 }
 
 void NetworkQualityEstimator::NotifyRequestCompleted(
@@ -430,11 +522,12 @@ void NetworkQualityEstimator::NotifyRequestCompleted(
   DCHECK_GT(downstream_kbps_as_integer, 0.0);
   if (downstream_kbps_as_integer >
       peak_network_quality_.downstream_throughput_kbps())
-    peak_network_quality_ =
-        NetworkQuality(peak_network_quality_.rtt(), downstream_kbps_as_integer);
+    peak_network_quality_ = nqe::internal::NetworkQuality(
+        peak_network_quality_.rtt(), downstream_kbps_as_integer);
 
-  ThroughputObservation throughput_observation(downstream_kbps_as_integer, now,
-                                               URL_REQUEST);
+  ThroughputObservation throughput_observation(
+      downstream_kbps_as_integer, now,
+      NETWORK_QUALITY_OBSERVATION_SOURCE_URL_REQUEST);
   downstream_throughput_kbps_observations_.AddObservation(
       throughput_observation);
   NotifyObserversOfThroughput(throughput_observation);
@@ -469,8 +562,9 @@ NetworkQualityEstimator::GetSocketPerformanceWatcherFactory() {
   return watcher_factory_.get();
 }
 
-void NetworkQualityEstimator::RecordRTTUMA(int32_t estimated_value_msec,
-                                           int32_t actual_value_msec) const {
+void NetworkQualityEstimator::RecordURLRequestRTTUMA(
+    int32_t estimated_value_msec,
+    int32_t actual_value_msec) const {
   DCHECK(thread_checker_.CalledOnValidThread());
 
   // Record the difference between the actual and the estimated value.
@@ -525,105 +619,61 @@ void NetworkQualityEstimator::RecordExternalEstimateProviderMetrics(
 void NetworkQualityEstimator::OnConnectionTypeChanged(
     NetworkChangeNotifier::ConnectionType type) {
   DCHECK(thread_checker_.CalledOnValidThread());
-  if (peak_network_quality_.rtt() != InvalidRTT()) {
-    switch (current_network_id_.type) {
-      case NetworkChangeNotifier::CONNECTION_UNKNOWN:
-        UMA_HISTOGRAM_TIMES("NQE.FastestRTT.Unknown",
-                            peak_network_quality_.rtt());
-        break;
-      case NetworkChangeNotifier::CONNECTION_ETHERNET:
-        UMA_HISTOGRAM_TIMES("NQE.FastestRTT.Ethernet",
-                            peak_network_quality_.rtt());
-        break;
-      case NetworkChangeNotifier::CONNECTION_WIFI:
-        UMA_HISTOGRAM_TIMES("NQE.FastestRTT.Wifi", peak_network_quality_.rtt());
-        break;
-      case NetworkChangeNotifier::CONNECTION_2G:
-        UMA_HISTOGRAM_TIMES("NQE.FastestRTT.2G", peak_network_quality_.rtt());
-        break;
-      case NetworkChangeNotifier::CONNECTION_3G:
-        UMA_HISTOGRAM_TIMES("NQE.FastestRTT.3G", peak_network_quality_.rtt());
-        break;
-      case NetworkChangeNotifier::CONNECTION_4G:
-        UMA_HISTOGRAM_TIMES("NQE.FastestRTT.4G", peak_network_quality_.rtt());
-        break;
-      case NetworkChangeNotifier::CONNECTION_NONE:
-        UMA_HISTOGRAM_TIMES("NQE.FastestRTT.None", peak_network_quality_.rtt());
-        break;
-      case NetworkChangeNotifier::CONNECTION_BLUETOOTH:
-        UMA_HISTOGRAM_TIMES("NQE.FastestRTT.Bluetooth",
-                            peak_network_quality_.rtt());
-        break;
-      default:
-        NOTREACHED() << "Unexpected connection type = "
-                     << current_network_id_.type;
-        break;
-    }
+
+  RecordMetricsOnConnectionTypeChanged();
+
+  // Write the estimates of the previous network to the cache.
+  CacheNetworkQualityEstimate();
+
+  // Clear the local state.
+  last_connection_change_ = base::TimeTicks::Now();
+  peak_network_quality_ = nqe::internal::NetworkQuality();
+  downstream_throughput_kbps_observations_.Clear();
+  rtt_observations_.Clear();
+  current_network_id_ = GetCurrentNetworkID();
+
+  QueryExternalEstimateProvider();
+
+  // Read any cached estimates for the new network. If cached estimates are
+  // unavailable, add the default estimates.
+  if (!ReadCachedNetworkQualityEstimate())
+    AddDefaultEstimates();
+  estimated_median_network_quality_ = nqe::internal::NetworkQuality();
+}
+
+void NetworkQualityEstimator::RecordMetricsOnConnectionTypeChanged() {
+  DCHECK(thread_checker_.CalledOnValidThread());
+  if (peak_network_quality_.rtt() != nqe::internal::InvalidRTT()) {
+    base::HistogramBase* rtt_histogram =
+        GetHistogram("FastestRTT.", current_network_id_.type, 10 * 1000);
+    rtt_histogram->Add(peak_network_quality_.rtt().InMilliseconds());
   }
 
   if (peak_network_quality_.downstream_throughput_kbps() !=
-      kInvalidThroughput) {
-    switch (current_network_id_.type) {
-      case NetworkChangeNotifier::CONNECTION_UNKNOWN:
-        UMA_HISTOGRAM_COUNTS(
-            "NQE.PeakKbps.Unknown",
-            peak_network_quality_.downstream_throughput_kbps());
-        break;
-      case NetworkChangeNotifier::CONNECTION_ETHERNET:
-        UMA_HISTOGRAM_COUNTS(
-            "NQE.PeakKbps.Ethernet",
-            peak_network_quality_.downstream_throughput_kbps());
-        break;
-      case NetworkChangeNotifier::CONNECTION_WIFI:
-        UMA_HISTOGRAM_COUNTS(
-            "NQE.PeakKbps.Wifi",
-            peak_network_quality_.downstream_throughput_kbps());
-        break;
-      case NetworkChangeNotifier::CONNECTION_2G:
-        UMA_HISTOGRAM_COUNTS(
-            "NQE.PeakKbps.2G",
-            peak_network_quality_.downstream_throughput_kbps());
-        break;
-      case NetworkChangeNotifier::CONNECTION_3G:
-        UMA_HISTOGRAM_COUNTS(
-            "NQE.PeakKbps.3G",
-            peak_network_quality_.downstream_throughput_kbps());
-        break;
-      case NetworkChangeNotifier::CONNECTION_4G:
-        UMA_HISTOGRAM_COUNTS(
-            "NQE.PeakKbps.4G",
-            peak_network_quality_.downstream_throughput_kbps());
-        break;
-      case NetworkChangeNotifier::CONNECTION_NONE:
-        UMA_HISTOGRAM_COUNTS(
-            "NQE.PeakKbps.None",
-            peak_network_quality_.downstream_throughput_kbps());
-        break;
-      case NetworkChangeNotifier::CONNECTION_BLUETOOTH:
-        UMA_HISTOGRAM_COUNTS(
-            "NQE.PeakKbps.Bluetooth",
-            peak_network_quality_.downstream_throughput_kbps());
-        break;
-      default:
-        NOTREACHED() << "Unexpected connection type = "
-                     << current_network_id_.type;
-        break;
-    }
+      nqe::internal::kInvalidThroughput) {
+    base::HistogramBase* downstream_throughput_histogram =
+        GetHistogram("PeakKbps.", current_network_id_.type, 1000 * 1000);
+    downstream_throughput_histogram->Add(
+        peak_network_quality_.downstream_throughput_kbps());
   }
 
-  base::TimeDelta rtt = GetURLRequestRTTEstimateInternal(base::TimeTicks(), 50);
-  if (rtt != InvalidRTT()) {
+  base::TimeDelta rtt;
+  if (GetURLRequestRTTEstimate(&rtt)) {
     // Add the 50th percentile value.
     base::HistogramBase* rtt_percentile =
-        GetHistogram("RTT.Percentile50.", current_network_id_.type,
-                     10 * 1000);  // 10 seconds
+        GetHistogram("RTT.Percentile50.", current_network_id_.type, 10 * 1000);
     rtt_percentile->Add(rtt.InMilliseconds());
 
     // Add the remaining percentile values.
     static const int kPercentiles[] = {0, 10, 90, 100};
+    std::vector<NetworkQualityObservationSource> disallowed_observation_sources;
+    disallowed_observation_sources.push_back(
+        NETWORK_QUALITY_OBSERVATION_SOURCE_TCP);
+    disallowed_observation_sources.push_back(
+        NETWORK_QUALITY_OBSERVATION_SOURCE_QUIC);
     for (size_t i = 0; i < arraysize(kPercentiles); ++i) {
-      rtt =
-          GetURLRequestRTTEstimateInternal(base::TimeTicks(), kPercentiles[i]);
+      rtt = GetRTTEstimateInternal(disallowed_observation_sources,
+                                   base::TimeTicks(), kPercentiles[i]);
 
       rtt_percentile = GetHistogram(
           "RTT.Percentile" + base::IntToString(kPercentiles[i]) + ".",
@@ -632,200 +682,193 @@ void NetworkQualityEstimator::OnConnectionTypeChanged(
     }
   }
 
-  // Write the estimates of the previous network to the cache.
-  CacheNetworkQualityEstimate();
+  if (GetTransportRTTEstimate(&rtt)) {
+    // Add the 50th percentile value.
+    base::HistogramBase* transport_rtt_percentile = GetHistogram(
+        "TransportRTT.Percentile50.", current_network_id_.type, 10 * 1000);
+    transport_rtt_percentile->Add(rtt.InMilliseconds());
 
-  // Clear the local state.
-  last_connection_change_ = base::TimeTicks::Now();
-  peak_network_quality_ = NetworkQuality();
-  downstream_throughput_kbps_observations_.Clear();
-  rtt_observations_.Clear();
-  current_network_id_ = GetCurrentNetworkID();
+    // Add the remaining percentile values.
+    static const int kPercentiles[] = {0, 10, 90, 100};
+    std::vector<NetworkQualityObservationSource> disallowed_observation_sources;
+    disallowed_observation_sources.push_back(
+        NETWORK_QUALITY_OBSERVATION_SOURCE_URL_REQUEST);
+    // Disallow external estimate provider since it provides RTT at HTTP layer.
+    disallowed_observation_sources.push_back(
+        NETWORK_QUALITY_OBSERVATION_SOURCE_EXTERNAL_ESTIMATE);
+    disallowed_observation_sources.push_back(
+        NETWORK_QUALITY_OBSERVATION_SOURCE_CACHED_ESTIMATE);
+    disallowed_observation_sources.push_back(
+        NETWORK_QUALITY_OBSERVATION_SOURCE_DEFAULT_FROM_PLATFORM);
+    for (size_t i = 0; i < arraysize(kPercentiles); ++i) {
+      rtt = GetRTTEstimateInternal(disallowed_observation_sources,
+                                   base::TimeTicks(), kPercentiles[i]);
 
-  QueryExternalEstimateProvider();
+      transport_rtt_percentile = GetHistogram(
+          "TransportRTT.Percentile" + base::IntToString(kPercentiles[i]) + ".",
+          current_network_id_.type, 10 * 1000);  // 10 seconds
+      transport_rtt_percentile->Add(rtt.InMilliseconds());
+    }
+  }
+}
 
-  // Read any cached estimates for the new network. If cached estimates are
-  // unavailable, add the default estimates.
-  if (!ReadCachedNetworkQualityEstimate())
-    AddDefaultEstimates();
-  estimated_median_network_quality_ = NetworkQuality();
+NetworkQualityEstimator::EffectiveConnectionType
+NetworkQualityEstimator::GetEffectiveConnectionType() const {
+  DCHECK(thread_checker_.CalledOnValidThread());
+
+  base::TimeDelta url_request_rtt = nqe::internal::InvalidRTT();
+  if (!GetURLRequestRTTEstimate(&url_request_rtt))
+    url_request_rtt = nqe::internal::InvalidRTT();
+
+  int32_t kbps = nqe::internal::kInvalidThroughput;
+  if (!GetDownlinkThroughputKbpsEstimate(&kbps))
+    kbps = nqe::internal::kInvalidThroughput;
+
+  if (url_request_rtt == nqe::internal::InvalidRTT() &&
+      kbps == nqe::internal::kInvalidThroughput) {
+    // Quality of the current network is unknown.
+    return EFFECTIVE_CONNECTION_TYPE_UNKNOWN;
+  }
+
+  // Search from the slowest connection type to the fastest to find the
+  // EffectiveConnectionType that best matches the current connection's
+  // performance. The match is done by comparing RTT and throughput.
+  for (size_t i = 0; i < EFFECTIVE_CONNECTION_TYPE_LAST; ++i) {
+    EffectiveConnectionType type = static_cast<EffectiveConnectionType>(i);
+    if (i == EFFECTIVE_CONNECTION_TYPE_UNKNOWN)
+      continue;
+    bool estimated_rtt_is_higher_than_threshold =
+        url_request_rtt != nqe::internal::InvalidRTT() &&
+        connection_thresholds_[i].rtt() != nqe::internal::InvalidRTT() &&
+        url_request_rtt >= connection_thresholds_[i].rtt();
+    bool estimated_throughput_is_lower_than_threshold =
+        kbps != nqe::internal::kInvalidThroughput &&
+        connection_thresholds_[i].downstream_throughput_kbps() !=
+            nqe::internal::kInvalidThroughput &&
+        kbps <= connection_thresholds_[i].downstream_throughput_kbps();
+    // Return |type| as the effective connection type if the current network's
+    // RTT is worse than the threshold RTT for |type|, or if the current
+    // network's throughput is lower than the threshold throughput for |type|.
+    if (estimated_rtt_is_higher_than_threshold ||
+        estimated_throughput_is_lower_than_threshold) {
+      return type;
+    }
+  }
+  // Return the fastest connection type.
+  return static_cast<EffectiveConnectionType>(EFFECTIVE_CONNECTION_TYPE_LAST -
+                                              1);
 }
 
 bool NetworkQualityEstimator::GetURLRequestRTTEstimate(
     base::TimeDelta* rtt) const {
   DCHECK(thread_checker_.CalledOnValidThread());
-  DCHECK(rtt);
-  if (rtt_observations_.Size() == 0) {
-    *rtt = InvalidRTT();
-    return false;
-  }
-  *rtt = GetURLRequestRTTEstimateInternal(base::TimeTicks(), 50);
-  return (*rtt != InvalidRTT());
+  std::vector<NetworkQualityObservationSource> disallowed_observation_sources;
+  disallowed_observation_sources.push_back(
+      NETWORK_QUALITY_OBSERVATION_SOURCE_TCP);
+  disallowed_observation_sources.push_back(
+      NETWORK_QUALITY_OBSERVATION_SOURCE_QUIC);
+  *rtt = GetRTTEstimateInternal(disallowed_observation_sources,
+                                base::TimeTicks(), 50);
+  return (*rtt != nqe::internal::InvalidRTT());
+}
+
+bool NetworkQualityEstimator::GetTransportRTTEstimate(
+    base::TimeDelta* rtt) const {
+  DCHECK(thread_checker_.CalledOnValidThread());
+  std::vector<NetworkQualityObservationSource> disallowed_observation_sources;
+  disallowed_observation_sources.push_back(
+      NETWORK_QUALITY_OBSERVATION_SOURCE_URL_REQUEST);
+  // Disallow external estimate provider since it provides RTT at HTTP layer.
+  disallowed_observation_sources.push_back(
+      NETWORK_QUALITY_OBSERVATION_SOURCE_EXTERNAL_ESTIMATE);
+  disallowed_observation_sources.push_back(
+      NETWORK_QUALITY_OBSERVATION_SOURCE_CACHED_ESTIMATE);
+  disallowed_observation_sources.push_back(
+      NETWORK_QUALITY_OBSERVATION_SOURCE_DEFAULT_FROM_PLATFORM);
+
+  *rtt = GetRTTEstimateInternal(disallowed_observation_sources,
+                                base::TimeTicks(), 50);
+  return (*rtt != nqe::internal::InvalidRTT());
 }
 
 bool NetworkQualityEstimator::GetDownlinkThroughputKbpsEstimate(
     int32_t* kbps) const {
   DCHECK(thread_checker_.CalledOnValidThread());
-  DCHECK(kbps);
-  if (downstream_throughput_kbps_observations_.Size() == 0) {
-    *kbps = kInvalidThroughput;
-    return false;
-  }
   *kbps = GetDownlinkThroughputKbpsEstimateInternal(base::TimeTicks(), 50);
-  return (*kbps != kInvalidThroughput);
+  return (*kbps != nqe::internal::kInvalidThroughput);
 }
 
 bool NetworkQualityEstimator::GetRecentURLRequestRTTMedian(
-    const base::TimeTicks& begin_timestamp,
+    const base::TimeTicks& start_time,
     base::TimeDelta* rtt) const {
   DCHECK(thread_checker_.CalledOnValidThread());
-  DCHECK(rtt);
-  *rtt = GetURLRequestRTTEstimateInternal(begin_timestamp, 50);
-  return (*rtt != InvalidRTT());
+  std::vector<NetworkQualityObservationSource> disallowed_observation_sources;
+  disallowed_observation_sources.push_back(
+      NETWORK_QUALITY_OBSERVATION_SOURCE_TCP);
+  disallowed_observation_sources.push_back(
+      NETWORK_QUALITY_OBSERVATION_SOURCE_QUIC);
+  *rtt = GetRTTEstimateInternal(disallowed_observation_sources, start_time, 50);
+  return (*rtt != nqe::internal::InvalidRTT());
 }
 
-bool NetworkQualityEstimator::GetRecentMedianDownlinkThroughputKbps(
-    const base::TimeTicks& begin_timestamp,
-    int32_t* kbps) const {
+bool NetworkQualityEstimator::GetRecentTransportRTTMedian(
+    const base::TimeTicks& start_time,
+    base::TimeDelta* rtt) const {
   DCHECK(thread_checker_.CalledOnValidThread());
-  DCHECK(kbps);
-  *kbps = GetDownlinkThroughputKbpsEstimateInternal(begin_timestamp, 50);
-  return (*kbps != kInvalidThroughput);
+  std::vector<NetworkQualityObservationSource> disallowed_observation_sources;
+  disallowed_observation_sources.push_back(
+      NETWORK_QUALITY_OBSERVATION_SOURCE_URL_REQUEST);
+  // Disallow external estimate provider since it provides RTT at HTTP layer.
+  disallowed_observation_sources.push_back(
+      NETWORK_QUALITY_OBSERVATION_SOURCE_EXTERNAL_ESTIMATE);
+  disallowed_observation_sources.push_back(
+      NETWORK_QUALITY_OBSERVATION_SOURCE_CACHED_ESTIMATE);
+  disallowed_observation_sources.push_back(
+      NETWORK_QUALITY_OBSERVATION_SOURCE_DEFAULT_FROM_PLATFORM);
+
+  *rtt = GetRTTEstimateInternal(disallowed_observation_sources, start_time, 50);
+  return (*rtt != nqe::internal::InvalidRTT());
 }
 
-template <typename ValueType>
-NetworkQualityEstimator::ObservationBuffer<ValueType>::ObservationBuffer(
-    double weight_multiplier_per_second)
-    : weight_multiplier_per_second_(weight_multiplier_per_second) {
-  static_assert(kMaximumObservationsBufferSize > 0U,
-                "Minimum size of observation buffer must be > 0");
-  DCHECK_GE(weight_multiplier_per_second_, 0.0);
-  DCHECK_LE(weight_multiplier_per_second_, 1.0);
+bool NetworkQualityEstimator::GetRecentMedianDownlinkThroughputKbps(
+    const base::TimeTicks& start_time,
+    int32_t* kbps) const {
+  DCHECK(thread_checker_.CalledOnValidThread());
+  *kbps = GetDownlinkThroughputKbpsEstimateInternal(start_time, 50);
+  return (*kbps != nqe::internal::kInvalidThroughput);
 }
 
-template <typename ValueType>
-NetworkQualityEstimator::ObservationBuffer<ValueType>::~ObservationBuffer() {}
-
-base::TimeDelta NetworkQualityEstimator::GetURLRequestRTTEstimateInternal(
-    const base::TimeTicks& begin_timestamp,
+base::TimeDelta NetworkQualityEstimator::GetRTTEstimateInternal(
+    const std::vector<NetworkQualityObservationSource>&
+        disallowed_observation_sources,
+    const base::TimeTicks& start_time,
     int percentile) const {
   DCHECK(thread_checker_.CalledOnValidThread());
-  DCHECK_GE(percentile, 0);
-  DCHECK_LE(percentile, 100);
-  if (rtt_observations_.Size() == 0)
-    return InvalidRTT();
 
   // RTT observations are sorted by duration from shortest to longest, thus
   // a higher percentile RTT will have a longer RTT than a lower percentile.
-  base::TimeDelta rtt = InvalidRTT();
-  std::vector<ObservationSource> disallowed_observation_sources;
-  disallowed_observation_sources.push_back(TCP);
-  disallowed_observation_sources.push_back(QUIC);
-  rtt_observations_.GetPercentile(begin_timestamp, &rtt, percentile,
-                                  disallowed_observation_sources);
+  base::TimeDelta rtt = nqe::internal::InvalidRTT();
+  if (!rtt_observations_.GetPercentile(start_time, &rtt, percentile,
+                                       disallowed_observation_sources)) {
+    return nqe::internal::InvalidRTT();
+  }
   return rtt;
 }
 
 int32_t NetworkQualityEstimator::GetDownlinkThroughputKbpsEstimateInternal(
-    const base::TimeTicks& begin_timestamp,
+    const base::TimeTicks& start_time,
     int percentile) const {
   DCHECK(thread_checker_.CalledOnValidThread());
-  DCHECK_GE(percentile, 0);
-  DCHECK_LE(percentile, 100);
-  if (downstream_throughput_kbps_observations_.Size() == 0)
-    return kInvalidThroughput;
 
   // Throughput observations are sorted by kbps from slowest to fastest,
   // thus a higher percentile throughput will be faster than a lower one.
-  int32_t kbps = kInvalidThroughput;
-  downstream_throughput_kbps_observations_.GetPercentile(
-      begin_timestamp, &kbps, 100 - percentile,
-      std::vector<ObservationSource>());
-  return kbps;
-}
-
-template <typename ValueType>
-void NetworkQualityEstimator::ObservationBuffer<ValueType>::
-    ComputeWeightedObservations(
-        const base::TimeTicks& begin_timestamp,
-        std::vector<WeightedObservation<ValueType>>& weighted_observations,
-        double* total_weight,
-        const std::vector<ObservationSource>& disallowed_observation_sources)
-        const {
-  weighted_observations.clear();
-  double total_weight_observations = 0.0;
-  base::TimeTicks now = base::TimeTicks::Now();
-
-  for (const auto& observation : observations_) {
-    if (observation.timestamp < begin_timestamp)
-      continue;
-    bool disallowed = false;
-    for (const auto& disallowed_source : disallowed_observation_sources) {
-      if (disallowed_source == observation.source)
-        disallowed = true;
-    }
-    if (disallowed)
-      continue;
-    base::TimeDelta time_since_sample_taken = now - observation.timestamp;
-    double weight =
-        pow(weight_multiplier_per_second_, time_since_sample_taken.InSeconds());
-    weight = std::max(DBL_MIN, std::min(1.0, weight));
-
-    weighted_observations.push_back(
-        WeightedObservation<ValueType>(observation.value, weight));
-    total_weight_observations += weight;
-  }
-
-  // Sort the samples by value in ascending order.
-  std::sort(weighted_observations.begin(), weighted_observations.end());
-  *total_weight = total_weight_observations;
-}
-
-template <typename ValueType>
-bool NetworkQualityEstimator::ObservationBuffer<ValueType>::GetPercentile(
-    const base::TimeTicks& begin_timestamp,
-    ValueType* result,
-    int percentile,
-    const std::vector<ObservationSource>& disallowed_observation_sources)
-    const {
-  DCHECK(result);
-  // Stores WeightedObservation in increasing order of value.
-  std::vector<WeightedObservation<ValueType>> weighted_observations;
-
-  // Total weight of all observations in |weighted_observations|.
-  double total_weight = 0.0;
-
-  ComputeWeightedObservations(begin_timestamp, weighted_observations,
-                              &total_weight, disallowed_observation_sources);
-  if (weighted_observations.empty())
-    return false;
-
-  DCHECK(!weighted_observations.empty());
-  DCHECK_GT(total_weight, 0.0);
-
-  // weighted_observations may have a smaller size than observations_ since the
-  // former contains only the observations later than begin_timestamp.
-  DCHECK_GE(observations_.size(), weighted_observations.size());
-
-  double desired_weight = percentile / 100.0 * total_weight;
-
-  double cumulative_weight_seen_so_far = 0.0;
-  for (const auto& weighted_observation : weighted_observations) {
-    cumulative_weight_seen_so_far += weighted_observation.weight;
-
-    if (cumulative_weight_seen_so_far >= desired_weight) {
-      *result = weighted_observation.value;
-      return true;
-    }
+  int32_t kbps = nqe::internal::kInvalidThroughput;
+  if (!downstream_throughput_kbps_observations_.GetPercentile(
+          start_time, &kbps, 100 - percentile,
+          std::vector<NetworkQualityObservationSource>())) {
+    return nqe::internal::kInvalidThroughput;
   }
-
-  // Computation may reach here due to floating point errors. This may happen
-  // if |percentile| was 100 (or close to 100), and |desired_weight| was
-  // slightly larger than |total_weight| (due to floating point errors).
-  // In this case, we return the highest |value| among all observations.
-  // This is same as value of the last observation in the sorted vector.
-  *result = weighted_observations.at(weighted_observations.size() - 1).value;
-  return true;
+  return kbps;
 }
 
 NetworkQualityEstimator::NetworkID
@@ -888,20 +931,22 @@ bool NetworkQualityEstimator::ReadCachedNetworkQualityEstimate() {
   if (it == cached_network_qualities_.end())
     return false;
 
-  NetworkQuality network_quality(it->second.network_quality());
+  nqe::internal::NetworkQuality network_quality(it->second.network_quality());
 
-  DCHECK_NE(InvalidRTT(), network_quality.rtt());
-  DCHECK_NE(kInvalidThroughput, network_quality.downstream_throughput_kbps());
+  DCHECK_NE(nqe::internal::InvalidRTT(), network_quality.rtt());
+  DCHECK_NE(nqe::internal::kInvalidThroughput,
+            network_quality.downstream_throughput_kbps());
 
   ThroughputObservation througphput_observation(
       network_quality.downstream_throughput_kbps(), base::TimeTicks::Now(),
-      CACHED_ESTIMATE);
+      NETWORK_QUALITY_OBSERVATION_SOURCE_CACHED_ESTIMATE);
   downstream_throughput_kbps_observations_.AddObservation(
       througphput_observation);
   NotifyObserversOfThroughput(througphput_observation);
 
-  RttObservation rtt_observation(network_quality.rtt(), base::TimeTicks::Now(),
-                                 CACHED_ESTIMATE);
+  RttObservation rtt_observation(
+      network_quality.rtt(), base::TimeTicks::Now(),
+      NETWORK_QUALITY_OBSERVATION_SOURCE_CACHED_ESTIMATE);
   rtt_observations_.AddObservation(rtt_observation);
   NotifyObserversOfRTT(rtt_observation);
 
@@ -917,6 +962,30 @@ void NetworkQualityEstimator::OnUpdatedEstimateAvailable() {
   QueryExternalEstimateProvider();
 }
 
+const char* NetworkQualityEstimator::GetNameForEffectiveConnectionType(
+    EffectiveConnectionType type) const {
+  switch (type) {
+    case EFFECTIVE_CONNECTION_TYPE_UNKNOWN:
+      return "Unknown";
+    case EFFECTIVE_CONNECTION_TYPE_OFFLINE:
+      return "Offline";
+    case EFFECTIVE_CONNECTION_TYPE_SLOW_2G:
+      return "Slow2G";
+    case EFFECTIVE_CONNECTION_TYPE_2G:
+      return "2G";
+    case EFFECTIVE_CONNECTION_TYPE_3G:
+      return "3G";
+    case EFFECTIVE_CONNECTION_TYPE_4G:
+      return "4G";
+    case EFFECTIVE_CONNECTION_TYPE_BROADBAND:
+      return "Broadband";
+    default:
+      NOTREACHED();
+      break;
+  }
+  return "";
+}
+
 void NetworkQualityEstimator::QueryExternalEstimateProvider() {
   DCHECK(thread_checker_.CalledOnValidThread());
 
@@ -945,16 +1014,25 @@ void NetworkQualityEstimator::QueryExternalEstimateProvider() {
       EXTERNAL_ESTIMATE_PROVIDER_STATUS_QUERY_SUCCESSFUL);
   base::TimeDelta rtt;
   if (external_estimate_provider_->GetRTT(&rtt)) {
+    RecordExternalEstimateProviderMetrics(
+        EXTERNAL_ESTIMATE_PROVIDER_STATUS_RTT_AVAILABLE);
+    UMA_HISTOGRAM_TIMES("NQE.ExternalEstimateProvider.RTT", rtt);
     rtt_observations_.AddObservation(
-        RttObservation(rtt, base::TimeTicks::Now(), EXTERNAL_ESTIMATE));
+        RttObservation(rtt, base::TimeTicks::Now(),
+                       NETWORK_QUALITY_OBSERVATION_SOURCE_EXTERNAL_ESTIMATE));
   }
 
   int32_t downstream_throughput_kbps;
   if (external_estimate_provider_->GetDownstreamThroughputKbps(
           &downstream_throughput_kbps)) {
+    RecordExternalEstimateProviderMetrics(
+        EXTERNAL_ESTIMATE_PROVIDER_STATUS_DOWNLINK_BANDWIDTH_AVAILABLE);
+    UMA_HISTOGRAM_COUNTS("NQE.ExternalEstimateProvider.DownlinkBandwidth",
+                         downstream_throughput_kbps);
     downstream_throughput_kbps_observations_.AddObservation(
-        ThroughputObservation(downstream_throughput_kbps,
-                              base::TimeTicks::Now(), EXTERNAL_ESTIMATE));
+        ThroughputObservation(
+            downstream_throughput_kbps, base::TimeTicks::Now(),
+            NETWORK_QUALITY_OBSERVATION_SOURCE_EXTERNAL_ESTIMATE));
   }
 }
 
@@ -967,14 +1045,17 @@ void NetworkQualityEstimator::CacheNetworkQualityEstimate() {
   if (current_network_id_.id.empty())
     return;
 
-  NetworkQuality network_quality = NetworkQuality(
-      GetURLRequestRTTEstimateInternal(base::TimeTicks(), 50),
-      GetDownlinkThroughputKbpsEstimateInternal(base::TimeTicks(), 50));
-  if (network_quality.rtt() == InvalidRTT() ||
-      network_quality.downstream_throughput_kbps() == kInvalidThroughput) {
+  base::TimeDelta rtt = nqe::internal::InvalidRTT();
+  int32_t downlink_throughput_kbps = nqe::internal::kInvalidThroughput;
+
+  if (!GetURLRequestRTTEstimate(&rtt) ||
+      !GetDownlinkThroughputKbpsEstimate(&downlink_throughput_kbps)) {
     return;
   }
 
+  nqe::internal::NetworkQuality network_quality =
+      nqe::internal::NetworkQuality(rtt, downlink_throughput_kbps);
+
   if (cached_network_qualities_.size() == kMaximumNetworkQualityCacheSize) {
     // Remove the oldest entry.
     CachedNetworkQualities::iterator oldest_entry_iterator =
@@ -991,8 +1072,9 @@ void NetworkQualityEstimator::CacheNetworkQualityEstimate() {
   DCHECK_LT(cached_network_qualities_.size(),
             static_cast<size_t>(kMaximumNetworkQualityCacheSize));
 
-  cached_network_qualities_.insert(std::make_pair(
-      current_network_id_, CachedNetworkQuality(network_quality)));
+  cached_network_qualities_.insert(
+      std::make_pair(current_network_id_,
+                     nqe::internal::CachedNetworkQuality(network_quality)));
   DCHECK_LE(cached_network_qualities_.size(),
             static_cast<size_t>(kMaximumNetworkQualityCacheSize));
 }
@@ -1002,16 +1084,10 @@ void NetworkQualityEstimator::OnUpdatedRTTAvailable(
     const base::TimeDelta& rtt) {
   DCHECK(thread_checker_.CalledOnValidThread());
 
-  switch (protocol) {
-    case SocketPerformanceWatcherFactory::PROTOCOL_TCP:
-      NotifyObserversOfRTT(RttObservation(rtt, base::TimeTicks::Now(), TCP));
-      return;
-    case SocketPerformanceWatcherFactory::PROTOCOL_QUIC:
-      NotifyObserversOfRTT(RttObservation(rtt, base::TimeTicks::Now(), QUIC));
-      return;
-    default:
-      NOTREACHED();
-  }
+  RttObservation observation(rtt, base::TimeTicks::Now(),
+                             ProtocolSourceToObservationSource(protocol));
+  NotifyObserversOfRTT(observation);
+  rtt_observations_.AddObservation(observation);
 }
 
 void NetworkQualityEstimator::NotifyObserversOfRTT(
@@ -1030,50 +1106,4 @@ void NetworkQualityEstimator::NotifyObserversOfThroughput(
                               observation.source));
 }
 
-NetworkQualityEstimator::CachedNetworkQuality::CachedNetworkQuality(
-    const NetworkQuality& network_quality)
-    : last_update_time_(base::TimeTicks::Now()),
-      network_quality_(network_quality) {
-}
-
-NetworkQualityEstimator::CachedNetworkQuality::CachedNetworkQuality(
-    const CachedNetworkQuality& other)
-    : last_update_time_(other.last_update_time_),
-      network_quality_(other.network_quality_) {
-}
-
-NetworkQualityEstimator::CachedNetworkQuality::~CachedNetworkQuality() {
-}
-
-bool NetworkQualityEstimator::CachedNetworkQuality::OlderThan(
-    const CachedNetworkQuality& cached_network_quality) const {
-  return last_update_time_ < cached_network_quality.last_update_time_;
-}
-
-NetworkQualityEstimator::NetworkQuality::NetworkQuality()
-    : NetworkQuality(NetworkQualityEstimator::InvalidRTT(),
-                     NetworkQualityEstimator::kInvalidThroughput) {}
-
-NetworkQualityEstimator::NetworkQuality::NetworkQuality(
-    const base::TimeDelta& rtt,
-    int32_t downstream_throughput_kbps)
-    : rtt_(rtt), downstream_throughput_kbps_(downstream_throughput_kbps) {
-  DCHECK_GE(rtt_, base::TimeDelta());
-  DCHECK_GE(downstream_throughput_kbps_, 0);
-}
-
-NetworkQualityEstimator::NetworkQuality::NetworkQuality(
-    const NetworkQuality& other)
-    : NetworkQuality(other.rtt_, other.downstream_throughput_kbps_) {}
-
-NetworkQualityEstimator::NetworkQuality::~NetworkQuality() {}
-
-NetworkQualityEstimator::NetworkQuality&
-    NetworkQualityEstimator::NetworkQuality::
-    operator=(const NetworkQuality& other) {
-  rtt_ = other.rtt_;
-  downstream_throughput_kbps_ = other.downstream_throughput_kbps_;
-  return *this;
-}
-
 }  // namespace net
diff --git a/chromium/net/base/network_quality_estimator.h b/chromium/net/nqe/network_quality_estimator.h
index 5ff9bd73540..8dd16ad18b9 100644
--- a/chromium/net/base/network_quality_estimator.h
+++ b/chromium/net/nqe/network_quality_estimator.h
@@ -2,29 +2,34 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#ifndef NET_BASE_NETWORK_QUALITY_ESTIMATOR_H_
-#define NET_BASE_NETWORK_QUALITY_ESTIMATOR_H_
+#ifndef NET_NQE_NETWORK_QUALITY_ESTIMATOR_H_
+#define NET_NQE_NETWORK_QUALITY_ESTIMATOR_H_
 
 #include <stddef.h>
 #include <stdint.h>
 
-#include <deque>
 #include <map>
+#include <memory>
 #include <string>
 #include <tuple>
 
+#include "base/compiler_specific.h"
 #include "base/gtest_prod_util.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "base/observer_list.h"
 #include "base/threading/thread_checker.h"
 #include "base/time/time.h"
-#include "net/base/external_estimate_provider.h"
 #include "net/base/net_export.h"
 #include "net/base/network_change_notifier.h"
-#include "net/base/socket_performance_watcher_factory.h"
+#include "net/nqe/cached_network_quality.h"
+#include "net/nqe/external_estimate_provider.h"
+#include "net/nqe/network_quality.h"
+#include "net/nqe/network_quality_observation.h"
+#include "net/nqe/network_quality_observation_source.h"
+#include "net/nqe/observation_buffer.h"
+#include "net/socket/socket_performance_watcher_factory.h"
 
 namespace base {
 class SingleThreadTaskRunner;
@@ -46,27 +51,24 @@ class NET_EXPORT_PRIVATE NetworkQualityEstimator
     : public NetworkChangeNotifier::ConnectionTypeObserver,
       public ExternalEstimateProvider::UpdatedEstimateDelegate {
  public:
-  // On Android, a Java counterpart will be generated for this enum.
-  // GENERATED_JAVA_ENUM_PACKAGE: org.chromium.net
-  // GENERATED_JAVA_CLASS_NAME_OVERRIDE: NetworkQualityObservationSource
-  // GENERATED_JAVA_PREFIX_TO_STRIP:
-  enum ObservationSource {
-    // The observation was taken at the request layer, e.g., a round trip time
-    // is recorded as the time between the request being sent and the first byte
-    // being received.
-    URL_REQUEST,
-    // The observation is taken from TCP statistics maintained by the kernel.
-    TCP,
-    // The observation is taken at the QUIC layer.
-    QUIC,
-    // The observation is a previously cached estimate of the metric.
-    CACHED_ESTIMATE,
-    // The observation is derived from network connection information provided
-    // by the platform. For example, typical RTT and throughput values are used
-    // for a given type of network connection.
-    DEFAULT_FROM_PLATFORM,
-    // The observation came from a Chromium-external source.
-    EXTERNAL_ESTIMATE
+  // EffectiveConnectionType is the connection type whose typical performance is
+  // most similar to the measured performance of the network in use. In many
+  // cases, the "effective" connection type and the actual type of connection in
+  // use are the same, but often a network connection performs significantly
+  // different, usually worse, from its expected capabilities.
+  // EffectiveConnectionType of a network is independent of if the current
+  // connection is metered or not. For example, an unmetered slow connection may
+  // have EFFECTIVE_CONNECTION_TYPE_SLOW_2G as its effective connection type.
+  enum EffectiveConnectionType {
+    // The connection types should be in increasing order of quality.
+    EFFECTIVE_CONNECTION_TYPE_UNKNOWN = 0,
+    EFFECTIVE_CONNECTION_TYPE_OFFLINE,
+    EFFECTIVE_CONNECTION_TYPE_SLOW_2G,
+    EFFECTIVE_CONNECTION_TYPE_2G,
+    EFFECTIVE_CONNECTION_TYPE_3G,
+    EFFECTIVE_CONNECTION_TYPE_4G,
+    EFFECTIVE_CONNECTION_TYPE_BROADBAND,
+    EFFECTIVE_CONNECTION_TYPE_LAST,
   };
 
   // Observes measurements of round trip time.
@@ -77,7 +79,7 @@ class NET_EXPORT_PRIVATE NetworkQualityEstimator
     // taken and the source of the observation are provided.
     virtual void OnRTTObservation(int32_t rtt_ms,
                                   const base::TimeTicks& timestamp,
-                                  ObservationSource source) = 0;
+                                  NetworkQualityObservationSource source) = 0;
 
    protected:
     RTTObserver() {}
@@ -92,9 +94,10 @@ class NET_EXPORT_PRIVATE NetworkQualityEstimator
    public:
     // Will be called when a new throughput observation is available.
     // Throughput is specified in kilobits per second.
-    virtual void OnThroughputObservation(int32_t throughput_kbps,
-                                         const base::TimeTicks& timestamp,
-                                         ObservationSource source) = 0;
+    virtual void OnThroughputObservation(
+        int32_t throughput_kbps,
+        const base::TimeTicks& timestamp,
+        NetworkQualityObservationSource source) = 0;
 
    protected:
     ThroughputObserver() {}
@@ -109,7 +112,7 @@ class NET_EXPORT_PRIVATE NetworkQualityEstimator
   // related to NetworkQualityEstimator field trial.
   // |external_estimates_provider| may be NULL.
   NetworkQualityEstimator(
-      scoped_ptr<ExternalEstimateProvider> external_estimates_provider,
+      std::unique_ptr<ExternalEstimateProvider> external_estimates_provider,
       const std::map<std::string, std::string>& variation_params);
 
   // Construct a NetworkQualityEstimator instance allowing for test
@@ -126,19 +129,28 @@ class NET_EXPORT_PRIVATE NetworkQualityEstimator
   // |kMinRequestDurationMicroseconds| to be used for network quality
   // estimation.
   NetworkQualityEstimator(
-      scoped_ptr<ExternalEstimateProvider> external_estimates_provider,
+      std::unique_ptr<ExternalEstimateProvider> external_estimates_provider,
       const std::map<std::string, std::string>& variation_params,
       bool allow_local_host_requests_for_tests,
       bool allow_smaller_responses_for_tests);
 
   ~NetworkQualityEstimator() override;
 
-  // Returns true if RTT is available and sets |rtt| to estimated RTT at the
-  // HTTP layer. Virtualized for testing. |rtt| should not be null. The RTT at
-  // the HTTP layer measures the time from when the request was sent (this
+  // Returns the effective type of the current connection. Virtualized for
+  // testing.
+  virtual EffectiveConnectionType GetEffectiveConnectionType() const;
+
+  // Returns true if the RTT is available and sets |rtt| to the RTT estimated at
+  // the HTTP layer. Virtualized for testing. |rtt| should not be null. The RTT
+  // at the HTTP layer measures the time from when the request was sent (this
   // happens after the connection is established) to the time when the response
   // headers were received.
-  virtual bool GetURLRequestRTTEstimate(base::TimeDelta* rtt) const;
+  virtual bool GetURLRequestRTTEstimate(base::TimeDelta* rtt) const
+      WARN_UNUSED_RESULT;
+
+  // Returns true if the RTT is available and sets |rtt| to the RTT estimated at
+  // the transport layer. |rtt| should not be null.
+  bool GetTransportRTTEstimate(base::TimeDelta* rtt) const WARN_UNUSED_RESULT;
 
   // Returns true if downlink throughput is available and sets |kbps| to
   // estimated downlink throughput (in kilobits per second).
@@ -154,22 +166,29 @@ class NET_EXPORT_PRIVATE NetworkQualityEstimator
   void NotifyRequestCompleted(const URLRequest& request);
 
   // Returns true if median RTT at the HTTP layer is available and sets |rtt|
-  // to the median of RTT observations since |begin_timestamp|.
+  // to the median of RTT observations since |start_time|.
   // Virtualized for testing. |rtt| should not be null. The RTT at the HTTP
   // layer measures the time from when the request was sent (this happens after
   // the connection is established) to the time when the response headers were
   // received.
-  virtual bool GetRecentURLRequestRTTMedian(
-      const base::TimeTicks& begin_timestamp,
-      base::TimeDelta* rtt) const;
+  virtual bool GetRecentURLRequestRTTMedian(const base::TimeTicks& start_time,
+                                            base::TimeDelta* rtt) const
+      WARN_UNUSED_RESULT;
+
+  // Returns true if the median RTT at the transport layer is available and sets
+  // |rtt| to the median of transport layer RTT observations since
+  // |start_time|. |rtt| should not be null.
+  bool GetRecentTransportRTTMedian(const base::TimeTicks& start_time,
+                                   base::TimeDelta* rtt) const
+      WARN_UNUSED_RESULT;
 
   // Returns true if median downstream throughput is available and sets |kbps|
   // to the median of downstream throughput (in kilobits per second)
-  // observations since |begin_timestamp|. Virtualized for testing. |kbps|
+  // observations since |start_time|. Virtualized for testing. |kbps|
   // should not be null.
   virtual bool GetRecentMedianDownlinkThroughputKbps(
-      const base::TimeTicks& begin_timestamp,
-      int32_t* kbps) const;
+      const base::TimeTicks& start_time,
+      int32_t* kbps) const WARN_UNUSED_RESULT;
 
   // Adds |rtt_observer| to the list of round trip time observers. Must be
   // called on the IO thread.
@@ -237,234 +256,40 @@ class NET_EXPORT_PRIVATE NetworkQualityEstimator
   // ExternalEstimateProvider::UpdatedEstimateObserver implementation.
   void OnUpdatedEstimateAvailable() override;
 
+  // Return a string equivalent to |type|.
+  const char* GetNameForEffectiveConnectionType(
+      EffectiveConnectionType type) const;
+
  private:
   FRIEND_TEST_ALL_PREFIXES(NetworkQualityEstimatorTest, StoreObservations);
-  FRIEND_TEST_ALL_PREFIXES(NetworkQualityEstimatorTest, TestKbpsRTTUpdates);
   FRIEND_TEST_ALL_PREFIXES(NetworkQualityEstimatorTest, TestAddObservation);
   FRIEND_TEST_ALL_PREFIXES(NetworkQualityEstimatorTest, ObtainOperatingParams);
   FRIEND_TEST_ALL_PREFIXES(NetworkQualityEstimatorTest, HalfLifeParam);
-  FRIEND_TEST_ALL_PREFIXES(URLRequestTestHTTP, NetworkQualityEstimator);
-  FRIEND_TEST_ALL_PREFIXES(NetworkQualityEstimatorTest,
-                           PercentileSameTimestamps);
-  FRIEND_TEST_ALL_PREFIXES(NetworkQualityEstimatorTest,
-                           PercentileDifferentTimestamps);
   FRIEND_TEST_ALL_PREFIXES(NetworkQualityEstimatorTest, ComputedPercentiles);
   FRIEND_TEST_ALL_PREFIXES(NetworkQualityEstimatorTest, TestCaching);
   FRIEND_TEST_ALL_PREFIXES(NetworkQualityEstimatorTest,
                            TestLRUCacheMaximumSize);
   FRIEND_TEST_ALL_PREFIXES(NetworkQualityEstimatorTest, TestGetMedianRTTSince);
   FRIEND_TEST_ALL_PREFIXES(NetworkQualityEstimatorTest,
-                           TestExternalEstimateProvider);
-  FRIEND_TEST_ALL_PREFIXES(NetworkQualityEstimatorTest,
                            TestExternalEstimateProviderMergeEstimates);
 
   class SocketWatcher;
   class SocketWatcherFactory;
 
-  // NetworkQuality is used to cache the quality of a network connection.
-  class NET_EXPORT_PRIVATE NetworkQuality {
-   public:
-    NetworkQuality();
-    // |rtt| is the estimate of the round trip time.
-    // |downstream_throughput_kbps| is the estimate of the downstream
-    // throughput in kilobits per second.
-    NetworkQuality(const base::TimeDelta& rtt,
-                   int32_t downstream_throughput_kbps);
-    NetworkQuality(const NetworkQuality& other);
-    ~NetworkQuality();
-
-    NetworkQuality& operator=(const NetworkQuality& other);
-
-    // Returns the estimate of the round trip time.
-    const base::TimeDelta& rtt() const { return rtt_; }
-
-    // Returns the estimate of the downstream throughput in Kbps (Kilobits per
-    // second).
-    int32_t downstream_throughput_kbps() const {
-      return downstream_throughput_kbps_;
-    }
-
-   private:
-    // Estimated round trip time.
-    base::TimeDelta rtt_;
-
-    // Estimated downstream throughput in kilobits per second.
-    int32_t downstream_throughput_kbps_;
-  };
-
-  // CachedNetworkQuality stores the quality of a previously seen network.
-  class NET_EXPORT_PRIVATE CachedNetworkQuality {
-   public:
-    explicit CachedNetworkQuality(const NetworkQuality& network_quality);
-    CachedNetworkQuality(const CachedNetworkQuality& other);
-    ~CachedNetworkQuality();
-
-    // Returns the network quality associated with this cached entry.
-    const NetworkQuality& network_quality() const { return network_quality_; }
-
-    // Returns true if this cache entry was updated before
-    // |cached_network_quality|.
-    bool OlderThan(const CachedNetworkQuality& cached_network_quality) const;
-
-    // Time when this cache entry was last updated.
-    const base::TimeTicks last_update_time_;
-
-    // Quality of this cached network.
-    const NetworkQuality network_quality_;
-
-   private:
-    DISALLOW_ASSIGN(CachedNetworkQuality);
-  };
-
-  // Records observations of network quality metrics (such as round trip time
-  // or throughput), along with the time the observation was made. Observations
-  // can be made at several places in the network stack, thus the observation
-  // source is provided as well. ValueType must be numerical so that statistics
-  // such as median, average can be computed.
-  template <typename ValueType>
-  struct NET_EXPORT_PRIVATE Observation {
-    Observation(const ValueType& value,
-                base::TimeTicks timestamp,
-                ObservationSource source)
-        : value(value), timestamp(timestamp), source(source) {
-      DCHECK(!timestamp.is_null());
-    }
-    ~Observation() {}
-
-    // Value of the observation.
-    const ValueType value;
-
-    // Time when the observation was taken.
-    const base::TimeTicks timestamp;
-
-    // The source of the observation.
-    const ObservationSource source;
-  };
-
-  // Holds an observation and its weight.
-  template <typename ValueType>
-  struct NET_EXPORT_PRIVATE WeightedObservation {
-    WeightedObservation(ValueType value, double weight)
-        : value(value), weight(weight) {}
-    WeightedObservation(const WeightedObservation& other)
-        : WeightedObservation(other.value, other.weight) {}
-
-    WeightedObservation& operator=(const WeightedObservation& other) {
-      value = other.value;
-      weight = other.weight;
-      return *this;
-    }
-
-    // Required for sorting the samples in the ascending order of values.
-    bool operator<(const WeightedObservation& other) const {
-      return (value < other.value);
-    }
-
-    // Value of the sample.
-    ValueType value;
-
-    // Weight of the sample. This is computed based on how much time has passed
-    // since the sample was taken.
-    double weight;
-  };
-
-  // Stores observations sorted by time.
-  template <typename ValueType>
-  class NET_EXPORT_PRIVATE ObservationBuffer {
-   public:
-    explicit ObservationBuffer(double weight_multiplier_per_second);
-    ~ObservationBuffer();
-
-    // Adds |observation| to the buffer. The oldest observation in the buffer
-    // will be evicted to make room if the buffer is already full.
-    void AddObservation(const Observation<ValueType>& observation) {
-      DCHECK_LE(observations_.size(),
-                static_cast<size_t>(kMaximumObservationsBufferSize));
-      // Evict the oldest element if the buffer is already full.
-      if (observations_.size() == kMaximumObservationsBufferSize)
-        observations_.pop_front();
-
-      observations_.push_back(observation);
-      DCHECK_LE(observations_.size(),
-                static_cast<size_t>(kMaximumObservationsBufferSize));
-    }
-
-    // Returns the number of observations in this buffer.
-    size_t Size() const { return observations_.size(); }
-
-    // Clears the observations stored in this buffer.
-    void Clear() { observations_.clear(); }
-
-    // Returns true iff the |percentile| value of the observations in this
-    // buffer is available. Sets |result| to the computed |percentile|
-    // value among all observations since |begin_timestamp|. If the value is
-    // unavailable, false is returned and |result| is not modified. Percentile
-    // value is unavailable if all the values in observation buffer are older
-    // than |begin_timestamp|. |result| must not be null.
-    // |disallowed_observation_sources| is the list of observation sources that
-    // should be excluded when computing the percentile.
-    bool GetPercentile(const base::TimeTicks& begin_timestamp,
-                       ValueType* result,
-                       int percentile,
-                       const std::vector<ObservationSource>&
-                           disallowed_observation_sources) const;
-
-   private:
-    FRIEND_TEST_ALL_PREFIXES(NetworkQualityEstimatorTest, StoreObservations);
-    FRIEND_TEST_ALL_PREFIXES(NetworkQualityEstimatorTest,
-                             ObtainOperatingParams);
-    FRIEND_TEST_ALL_PREFIXES(NetworkQualityEstimatorTest, HalfLifeParam);
-
-    // Computes the weighted observations and stores them in
-    // |weighted_observations| sorted by ascending |WeightedObservation.value|.
-    // Only the observations with timestamp later than |begin_timestamp| are
-    // considered. Also, sets |total_weight| to the total weight of all
-    // observations. Should be called only when there is at least one
-    // observation in the buffer. |disallowed_observation_sources| is the list
-    // of observation sources that should be excluded when computing the
-    // weighted observations.
-    void ComputeWeightedObservations(
-        const base::TimeTicks& begin_timestamp,
-        std::vector<WeightedObservation<ValueType>>& weighted_observations,
-        double* total_weight,
-        const std::vector<ObservationSource>& disallowed_observation_sources)
-        const;
-
-    // Holds observations sorted by time, with the oldest observation at the
-    // front of the queue.
-    std::deque<Observation<ValueType>> observations_;
-
-    // The factor by which the weight of an observation reduces every second.
-    // For example, if an observation is 6 seconds old, its weight would be:
-    //     weight_multiplier_per_second_ ^ 6
-    // Calculated from |kHalfLifeSeconds| by solving the following equation:
-    //     weight_multiplier_per_second_ ^ kHalfLifeSeconds = 0.5
-    const double weight_multiplier_per_second_;
-
-    DISALLOW_COPY_AND_ASSIGN(ObservationBuffer);
-  };
-
   // Value of round trip time observations is in base::TimeDelta.
-  typedef net::NetworkQualityEstimator::Observation<base::TimeDelta>
-      RttObservation;
-  typedef net::NetworkQualityEstimator::ObservationBuffer<base::TimeDelta>
+  typedef nqe::internal::Observation<base::TimeDelta> RttObservation;
+  typedef nqe::internal::ObservationBuffer<base::TimeDelta>
       RttObservationBuffer;
 
   // Value of throughput observations is in kilobits per second.
-  typedef net::NetworkQualityEstimator::Observation<int32_t>
-      ThroughputObservation;
-  typedef net::NetworkQualityEstimator::ObservationBuffer<int32_t>
-      ThroughputObservationBuffer;
+  typedef nqe::internal::Observation<int32_t> ThroughputObservation;
+  typedef nqe::internal::ObservationBuffer<int32_t> ThroughputObservationBuffer;
 
   // This does not use a unordered_map or hash_map for code simplicity (key just
   // implements operator<, rather than hash and equality) and because the map is
   // tiny.
-  typedef std::map<NetworkID, CachedNetworkQuality> CachedNetworkQualities;
-
-  // Throughput is set to |kInvalidThroughput| if a valid value is
-  // unavailable. Readers should discard throughput value if it is set to
-  // |kInvalidThroughput|.
-  static const int32_t kInvalidThroughput;
+  typedef std::map<NetworkID, nqe::internal::CachedNetworkQuality>
+      CachedNetworkQualities;
 
   // Tiny transfer sizes may give inaccurate throughput results.
   // Minimum size of the transfer over which the throughput is computed.
@@ -487,9 +312,6 @@ class NET_EXPORT_PRIVATE NetworkQualityEstimator
   // Larger size may affect performance.
   static const size_t kMaximumNetworkQualityCacheSize = 10;
 
-  // Maximum number of observations that can be held in the ObservationBuffer.
-  static const size_t kMaximumObservationsBufferSize = 300;
-
   // Time duration (in milliseconds) after which the estimate provided by
   // external estimate provider is considered stale.
   static const int kExternalEstimateProviderFreshnessDurationMsec =
@@ -499,6 +321,9 @@ class NET_EXPORT_PRIVATE NetworkQualityEstimator
   // should discard RTT if it is set to the value returned by |InvalidRTT()|.
   static const base::TimeDelta InvalidRTT();
 
+  // Records UMA when there is a change in connection type.
+  void RecordMetricsOnConnectionTypeChanged();
+
   // Notifies |this| of a new transport layer RTT.
   void OnUpdatedRTTAvailable(SocketPerformanceWatcherFactory::Protocol protocol,
                              const base::TimeDelta& rtt);
@@ -511,22 +336,33 @@ class NET_EXPORT_PRIVATE NetworkQualityEstimator
   void ObtainOperatingParams(
       const std::map<std::string, std::string>& variation_params);
 
+  // Obtains the model parameters for different effective connection types from
+  // the field trial parameters. For each effective connection type, a model
+  // (currently composed of a RTT threshold and a downlink throughput threshold)
+  // is provided by the field trial.
+  void ObtainEffectiveConnectionTypeModelParams(
+      const std::map<std::string, std::string>& variation_params);
+
   // Adds the default median RTT and downstream throughput estimate for the
   // current connection type to the observation buffer.
   void AddDefaultEstimates();
 
   // Returns an estimate of network quality at the specified |percentile|.
-  // Only the observations later than |begin_timestamp| are taken into account.
+  // |disallowed_observation_sources| is the list of observation sources that
+  // should be excluded when computing the percentile.
+  // Only the observations later than |start_time| are taken into account.
   // |percentile| must be between 0 and 100 (both inclusive) with higher
   // percentiles indicating less performant networks. For example, if
   // |percentile| is 90, then the network is expected to be faster than the
   // returned estimate with 0.9 probability. Similarly, network is expected to
   // be slower than the returned estimate with 0.1 probability.
-  base::TimeDelta GetURLRequestRTTEstimateInternal(
-      const base::TimeTicks& begin_timestamp,
+  base::TimeDelta GetRTTEstimateInternal(
+      const std::vector<NetworkQualityObservationSource>&
+          disallowed_observation_sources,
+      const base::TimeTicks& start_time,
       int percentile) const;
   int32_t GetDownlinkThroughputKbpsEstimateInternal(
-      const base::TimeTicks& begin_timestamp,
+      const base::TimeTicks& start_time,
       int percentile) const;
 
   // Returns the current network ID checking by calling the platform APIs.
@@ -540,9 +376,9 @@ class NET_EXPORT_PRIVATE NetworkQualityEstimator
 
   void NotifyObserversOfThroughput(const ThroughputObservation& observation);
 
-  // Records the UMA related to RTT.
-  void RecordRTTUMA(int32_t estimated_value_msec,
-                    int32_t actual_value_msec) const;
+  // Records the UMA related to the RTT at the URLRequest layer.
+  void RecordURLRequestRTTUMA(int32_t estimated_value_msec,
+                              int32_t actual_value_msec) const;
 
   // Returns true only if |request| can be used for network quality estimation.
   // Only the requests that go over network are considered to provide useful
@@ -558,6 +394,8 @@ class NET_EXPORT_PRIVATE NetworkQualityEstimator
     EXTERNAL_ESTIMATE_PROVIDER_STATUS_QUERIED,
     EXTERNAL_ESTIMATE_PROVIDER_STATUS_QUERY_SUCCESSFUL,
     EXTERNAL_ESTIMATE_PROVIDER_STATUS_CALLBACK,
+    EXTERNAL_ESTIMATE_PROVIDER_STATUS_RTT_AVAILABLE,
+    EXTERNAL_ESTIMATE_PROVIDER_STATUS_DOWNLINK_BANDWIDTH_AVAILABLE,
     EXTERNAL_ESTIMATE_PROVIDER_STATUS_BOUNDARY
   };
 
@@ -574,6 +412,9 @@ class NET_EXPORT_PRIVATE NetworkQualityEstimator
   // network quality. Set to true only for tests.
   const bool allow_small_responses_;
 
+  // The factor by which the weight of an observation reduces every second.
+  const double weight_multiplier_per_second_;
+
   // Time when last connection change was observed.
   base::TimeTicks last_connection_change_;
 
@@ -586,7 +427,7 @@ class NET_EXPORT_PRIVATE NetworkQualityEstimator
   // The accuracy is decreased by ignoring these factors:
   // 1) Multiple URLRequests can occur concurrently.
   // 2) Includes server processing time.
-  NetworkQuality peak_network_quality_;
+  nqe::internal::NetworkQuality peak_network_quality_;
 
   // Cache that stores quality of previously seen networks.
   CachedNetworkQualities cached_network_qualities_;
@@ -601,21 +442,28 @@ class NET_EXPORT_PRIVATE NetworkQualityEstimator
   // Default network quality observations obtained from the network quality
   // estimator field trial parameters. The observations are indexed by
   // ConnectionType.
-  NetworkQuality
+  nqe::internal::NetworkQuality
       default_observations_[NetworkChangeNotifier::CONNECTION_LAST + 1];
 
+  // Thresholds for different effective connection types obtained from field
+  // trial variation params. These thresholds encode how different connection
+  // types behave in general. In future, complex encodings (e.g., curve
+  // fitting) may be used.
+  nqe::internal::NetworkQuality
+      connection_thresholds_[EFFECTIVE_CONNECTION_TYPE_LAST];
+
   // Estimated network quality. Updated on mainframe requests.
-  NetworkQuality estimated_median_network_quality_;
+  nqe::internal::NetworkQuality estimated_median_network_quality_;
 
   // ExternalEstimateProvider that provides network quality using operating
   // system APIs. May be NULL.
-  const scoped_ptr<ExternalEstimateProvider> external_estimate_provider_;
+  const std::unique_ptr<ExternalEstimateProvider> external_estimate_provider_;
 
   // Observer lists for round trip times and throughput measurements.
   base::ObserverList<RTTObserver> rtt_observer_list_;
   base::ObserverList<ThroughputObserver> throughput_observer_list_;
 
-  scoped_ptr<SocketPerformanceWatcherFactory> watcher_factory_;
+  std::unique_ptr<SocketPerformanceWatcherFactory> watcher_factory_;
 
   base::ThreadChecker thread_checker_;
 
@@ -626,4 +474,4 @@ class NET_EXPORT_PRIVATE NetworkQualityEstimator
 
 }  // namespace net
 
-#endif  // NET_BASE_NETWORK_QUALITY_ESTIMATOR_H_
+#endif  // NET_NQE_NETWORK_QUALITY_ESTIMATOR_H_
diff --git a/chromium/net/base/network_quality_estimator_unittest.cc b/chromium/net/nqe/network_quality_estimator_unittest.cc
index 13d35b1b1a0..59854616777 100644
--- a/chromium/net/base/network_quality_estimator_unittest.cc
+++ b/chromium/net/nqe/network_quality_estimator_unittest.cc
@@ -2,12 +2,14 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "net/base/network_quality_estimator.h"
+#include "net/nqe/network_quality_estimator.h"
 
+#include <stddef.h>
 #include <stdint.h>
 
 #include <limits>
 #include <map>
+#include <memory>
 #include <string>
 #include <utility>
 #include <vector>
@@ -15,19 +17,21 @@
 #include "base/files/file_path.h"
 #include "base/logging.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/metrics/histogram_samples.h"
 #include "base/run_loop.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/test/histogram_tester.h"
 #include "base/time/time.h"
 #include "build/build_config.h"
-#include "net/base/external_estimate_provider.h"
 #include "net/base/load_flags.h"
 #include "net/base/network_change_notifier.h"
-#include "net/base/socket_performance_watcher.h"
-#include "net/base/socket_performance_watcher_factory.h"
 #include "net/http/http_status_code.h"
+#include "net/nqe/external_estimate_provider.h"
+#include "net/nqe/network_quality_observation.h"
+#include "net/nqe/network_quality_observation_source.h"
+#include "net/nqe/observation_buffer.h"
+#include "net/socket/socket_performance_watcher.h"
+#include "net/socket/socket_performance_watcher_factory.h"
 #include "net/test/embedded_test_server/embedded_test_server.h"
 #include "net/test/embedded_test_server/http_request.h"
 #include "net/test/embedded_test_server/http_response.h"
@@ -36,18 +40,22 @@
 #include "testing/gtest/include/gtest/gtest.h"
 #include "url/gurl.h"
 
+namespace net {
+
 namespace {
 
 // Helps in setting the current network type and id.
-class TestNetworkQualityEstimator : public net::NetworkQualityEstimator {
+class TestNetworkQualityEstimator : public NetworkQualityEstimator {
  public:
   TestNetworkQualityEstimator(
       const std::map<std::string, std::string>& variation_params,
-      scoped_ptr<net::ExternalEstimateProvider> external_estimate_provider)
+      std::unique_ptr<ExternalEstimateProvider> external_estimate_provider)
       : NetworkQualityEstimator(std::move(external_estimate_provider),
                                 variation_params,
                                 true,
-                                true) {
+                                true),
+        url_rtt_set_(false),
+        downlink_throughput_kbps_set_(false) {
     // Set up embedded test server.
     embedded_test_server_.ServeFilesFromDirectory(
         base::FilePath(FILE_PATH_LITERAL("net/data/url_request_unittest")));
@@ -60,13 +68,13 @@ class TestNetworkQualityEstimator : public net::NetworkQualityEstimator {
       const std::map<std::string, std::string>& variation_params)
       : TestNetworkQualityEstimator(
             variation_params,
-            scoped_ptr<net::ExternalEstimateProvider>()) {}
+            std::unique_ptr<ExternalEstimateProvider>()) {}
 
   ~TestNetworkQualityEstimator() override {}
 
   // Overrides the current network type and id.
   // Notifies network quality estimator of change in connection.
-  void SimulateNetworkChangeTo(net::NetworkChangeNotifier::ConnectionType type,
+  void SimulateNetworkChangeTo(NetworkChangeNotifier::ConnectionType type,
                                std::string network_id) {
     current_network_type_ = type;
     current_network_id_ = network_id;
@@ -74,11 +82,11 @@ class TestNetworkQualityEstimator : public net::NetworkQualityEstimator {
   }
 
   // Called by embedded server when a HTTP request is received.
-  scoped_ptr<net::test_server::HttpResponse> HandleRequest(
-      const net::test_server::HttpRequest& request) {
-    scoped_ptr<net::test_server::BasicHttpResponse> http_response(
-        new net::test_server::BasicHttpResponse());
-    http_response->set_code(net::HTTP_OK);
+  std::unique_ptr<test_server::HttpResponse> HandleRequest(
+      const test_server::HttpRequest& request) {
+    std::unique_ptr<test_server::BasicHttpResponse> http_response(
+        new test_server::BasicHttpResponse());
+    http_response->set_code(HTTP_OK);
     http_response->set_content("hello");
     http_response->set_content_type("text/plain");
     return std::move(http_response);
@@ -89,6 +97,32 @@ class TestNetworkQualityEstimator : public net::NetworkQualityEstimator {
     return embedded_test_server_.GetURL("/echo.html");
   }
 
+  void set_url_rtt(const base::TimeDelta& url_rtt) {
+    url_rtt_set_ = true;
+    url_rtt_ = url_rtt;
+  }
+
+  bool GetURLRequestRTTEstimate(base::TimeDelta* rtt) const override {
+    if (url_rtt_set_) {
+      *rtt = url_rtt_;
+      return true;
+    }
+    return NetworkQualityEstimator::GetURLRequestRTTEstimate(rtt);
+  }
+
+  void set_downlink_throughput_kbps(int32_t downlink_throughput_kbps) {
+    downlink_throughput_kbps_set_ = true;
+    downlink_throughput_kbps_ = downlink_throughput_kbps;
+  }
+
+  bool GetDownlinkThroughputKbpsEstimate(int32_t* kbps) const override {
+    if (downlink_throughput_kbps_set_) {
+      *kbps = downlink_throughput_kbps_;
+      return true;
+    }
+    return NetworkQualityEstimator::GetDownlinkThroughputKbpsEstimate(kbps);
+  }
+
   using NetworkQualityEstimator::ReadCachedNetworkQualityEstimate;
   using NetworkQualityEstimator::OnConnectionTypeChanged;
 
@@ -100,34 +134,39 @@ class TestNetworkQualityEstimator : public net::NetworkQualityEstimator {
                                               current_network_id_);
   }
 
-  net::NetworkChangeNotifier::ConnectionType current_network_type_;
+  NetworkChangeNotifier::ConnectionType current_network_type_;
   std::string current_network_id_;
 
+  bool url_rtt_set_;
+  base::TimeDelta url_rtt_;
+
+  bool downlink_throughput_kbps_set_;
+  int32_t downlink_throughput_kbps_;
+
   // Embedded server used for testing.
-  net::EmbeddedTestServer embedded_test_server_;
+  EmbeddedTestServer embedded_test_server_;
 
   DISALLOW_COPY_AND_ASSIGN(TestNetworkQualityEstimator);
 };
 
-class TestRTTObserver : public net::NetworkQualityEstimator::RTTObserver {
+class TestRTTObserver : public NetworkQualityEstimator::RTTObserver {
  public:
   struct Observation {
     Observation(int32_t ms,
                 const base::TimeTicks& ts,
-                net::NetworkQualityEstimator::ObservationSource src)
+                NetworkQualityObservationSource src)
         : rtt_ms(ms), timestamp(ts), source(src) {}
     int32_t rtt_ms;
     base::TimeTicks timestamp;
-    net::NetworkQualityEstimator::ObservationSource source;
+    NetworkQualityObservationSource source;
   };
 
   std::vector<Observation>& observations() { return observations_; }
 
   // RttObserver implementation:
-  void OnRTTObservation(
-      int32_t rtt_ms,
-      const base::TimeTicks& timestamp,
-      net::NetworkQualityEstimator::ObservationSource source) override {
+  void OnRTTObservation(int32_t rtt_ms,
+                        const base::TimeTicks& timestamp,
+                        NetworkQualityObservationSource source) override {
     observations_.push_back(Observation(rtt_ms, timestamp, source));
   }
 
@@ -136,16 +175,16 @@ class TestRTTObserver : public net::NetworkQualityEstimator::RTTObserver {
 };
 
 class TestThroughputObserver
-    : public net::NetworkQualityEstimator::ThroughputObserver {
+    : public NetworkQualityEstimator::ThroughputObserver {
  public:
   struct Observation {
     Observation(int32_t kbps,
                 const base::TimeTicks& ts,
-                net::NetworkQualityEstimator::ObservationSource src)
+                NetworkQualityObservationSource src)
         : throughput_kbps(kbps), timestamp(ts), source(src) {}
     int32_t throughput_kbps;
     base::TimeTicks timestamp;
-    net::NetworkQualityEstimator::ObservationSource source;
+    NetworkQualityObservationSource source;
   };
 
   std::vector<Observation>& observations() { return observations_; }
@@ -154,7 +193,7 @@ class TestThroughputObserver
   void OnThroughputObservation(
       int32_t throughput_kbps,
       const base::TimeTicks& timestamp,
-      net::NetworkQualityEstimator::ObservationSource source) override {
+      NetworkQualityObservationSource source) override {
     observations_.push_back(Observation(throughput_kbps, timestamp, source));
   }
 
@@ -164,49 +203,32 @@ class TestThroughputObserver
 
 }  // namespace
 
-namespace net {
-
 TEST(NetworkQualityEstimatorTest, TestKbpsRTTUpdates) {
   base::HistogramTester histogram_tester;
   // Enable requests to local host to be used for network quality estimation.
   std::map<std::string, std::string> variation_params;
   TestNetworkQualityEstimator estimator(variation_params);
 
-  EXPECT_EQ(NetworkQualityEstimator::InvalidRTT(),
-            estimator.GetURLRequestRTTEstimateInternal(base::TimeTicks(), 100));
-  EXPECT_EQ(NetworkQualityEstimator::kInvalidThroughput,
-            estimator.GetDownlinkThroughputKbpsEstimateInternal(
-                base::TimeTicks(), 100));
+  base::TimeDelta rtt;
+  int32_t kbps;
+  EXPECT_FALSE(estimator.GetURLRequestRTTEstimate(&rtt));
+  EXPECT_FALSE(estimator.GetDownlinkThroughputKbpsEstimate(&kbps));
 
   TestDelegate test_delegate;
   TestURLRequestContext context(true);
   context.set_network_quality_estimator(&estimator);
   context.Init();
 
-  scoped_ptr<URLRequest> request(context.CreateRequest(
+  std::unique_ptr<URLRequest> request(context.CreateRequest(
       estimator.GetEchoURL(), DEFAULT_PRIORITY, &test_delegate));
   request->SetLoadFlags(request->load_flags() | LOAD_MAIN_FRAME);
   request->Start();
   base::RunLoop().Run();
 
   // Both RTT and downstream throughput should be updated.
-  EXPECT_NE(NetworkQualityEstimator::InvalidRTT(),
-            estimator.GetURLRequestRTTEstimateInternal(base::TimeTicks(), 100));
-  EXPECT_NE(NetworkQualityEstimator::kInvalidThroughput,
-            estimator.GetDownlinkThroughputKbpsEstimateInternal(
-                base::TimeTicks(), 100));
-
-  base::TimeDelta rtt = NetworkQualityEstimator::InvalidRTT();
-  int32_t kbps = NetworkQualityEstimator::kInvalidThroughput;
   EXPECT_TRUE(estimator.GetURLRequestRTTEstimate(&rtt));
   EXPECT_TRUE(estimator.GetDownlinkThroughputKbpsEstimate(&kbps));
-  EXPECT_NE(NetworkQualityEstimator::InvalidRTT(), rtt);
-  EXPECT_NE(NetworkQualityEstimator::kInvalidThroughput, kbps);
-
-  EXPECT_NEAR(rtt.InMilliseconds(),
-              estimator.GetURLRequestRTTEstimateInternal(base::TimeTicks(), 100)
-                  .InMilliseconds(),
-              1);
+  EXPECT_FALSE(estimator.GetTransportRTTEstimate(&rtt));
 
   // Check UMA histograms.
   histogram_tester.ExpectTotalCount("NQE.PeakKbps.Unknown", 0);
@@ -214,7 +236,7 @@ TEST(NetworkQualityEstimatorTest, TestKbpsRTTUpdates) {
 
   histogram_tester.ExpectTotalCount("NQE.RatioEstimatedToActualRTT.Unknown", 0);
 
-  scoped_ptr<URLRequest> request2(context.CreateRequest(
+  std::unique_ptr<URLRequest> request2(context.CreateRequest(
       estimator.GetEchoURL(), DEFAULT_PRIORITY, &test_delegate));
   request2->SetLoadFlags(request2->load_flags() | LOAD_MAIN_FRAME);
   request2->Start();
@@ -234,28 +256,16 @@ TEST(NetworkQualityEstimatorTest, TestKbpsRTTUpdates) {
   histogram_tester.ExpectTotalCount("NQE.RTT.Percentile90.Unknown", 1);
   histogram_tester.ExpectTotalCount("NQE.RTT.Percentile100.Unknown", 1);
 
-  EXPECT_EQ(NetworkQualityEstimator::InvalidRTT(),
-            estimator.GetURLRequestRTTEstimateInternal(base::TimeTicks(), 100));
-  EXPECT_EQ(NetworkQualityEstimator::kInvalidThroughput,
-            estimator.GetDownlinkThroughputKbpsEstimateInternal(
-                base::TimeTicks(), 100));
+  histogram_tester.ExpectTotalCount("NQE.TransportRTT.Percentile50.Unknown", 0);
 
   EXPECT_FALSE(estimator.GetURLRequestRTTEstimate(&rtt));
   EXPECT_FALSE(estimator.GetDownlinkThroughputKbpsEstimate(&kbps));
-  EXPECT_EQ(NetworkQualityEstimator::InvalidRTT(), rtt);
-  EXPECT_EQ(NetworkQualityEstimator::kInvalidThroughput, kbps);
 
   estimator.SimulateNetworkChangeTo(
       NetworkChangeNotifier::ConnectionType::CONNECTION_WIFI, std::string());
   histogram_tester.ExpectTotalCount("NQE.PeakKbps.Unknown", 1);
   histogram_tester.ExpectTotalCount("NQE.FastestRTT.Unknown", 1);
 
-  EXPECT_EQ(NetworkQualityEstimator::InvalidRTT(),
-            estimator.GetURLRequestRTTEstimateInternal(base::TimeTicks(), 100));
-  EXPECT_EQ(NetworkQualityEstimator::kInvalidThroughput,
-            estimator.GetDownlinkThroughputKbpsEstimateInternal(
-                base::TimeTicks(), 100));
-
   EXPECT_FALSE(estimator.GetURLRequestRTTEstimate(&rtt));
   EXPECT_FALSE(estimator.GetDownlinkThroughputKbpsEstimate(&kbps));
 }
@@ -264,166 +274,32 @@ TEST(NetworkQualityEstimatorTest, StoreObservations) {
   std::map<std::string, std::string> variation_params;
   TestNetworkQualityEstimator estimator(variation_params);
 
+  base::TimeDelta rtt;
+  int32_t kbps;
+  EXPECT_FALSE(estimator.GetURLRequestRTTEstimate(&rtt));
+  EXPECT_FALSE(estimator.GetDownlinkThroughputKbpsEstimate(&kbps));
+
   TestDelegate test_delegate;
   TestURLRequestContext context(true);
   context.set_network_quality_estimator(&estimator);
   context.Init();
 
-  // Push 10 more observations than the maximum buffer size.
-  for (size_t i = 0; i < estimator.kMaximumObservationsBufferSize + 10U; ++i) {
-    scoped_ptr<URLRequest> request(context.CreateRequest(
+  // Push more observations than the maximum buffer size.
+  const size_t kMaxObservations = 1000;
+  for (size_t i = 0; i < kMaxObservations; ++i) {
+    std::unique_ptr<URLRequest> request(context.CreateRequest(
         estimator.GetEchoURL(), DEFAULT_PRIORITY, &test_delegate));
     request->Start();
     base::RunLoop().Run();
+    EXPECT_TRUE(estimator.GetURLRequestRTTEstimate(&rtt));
+    EXPECT_TRUE(estimator.GetDownlinkThroughputKbpsEstimate(&kbps));
   }
 
-  EXPECT_EQ(static_cast<size_t>(
-                NetworkQualityEstimator::kMaximumObservationsBufferSize),
-            estimator.downstream_throughput_kbps_observations_.Size());
-  EXPECT_EQ(static_cast<size_t>(
-                NetworkQualityEstimator::kMaximumObservationsBufferSize),
-            estimator.rtt_observations_.Size());
-
   // Verify that the stored observations are cleared on network change.
   estimator.SimulateNetworkChangeTo(
       NetworkChangeNotifier::ConnectionType::CONNECTION_WIFI, "test-2");
-  EXPECT_EQ(0U, estimator.downstream_throughput_kbps_observations_.Size());
-  EXPECT_EQ(0U, estimator.rtt_observations_.Size());
-}
-
-// Verifies that the percentiles are correctly computed. All observations have
-// the same timestamp. Kbps percentiles must be in decreasing order. RTT
-// percentiles must be in increasing order.
-TEST(NetworkQualityEstimatorTest, PercentileSameTimestamps) {
-  std::map<std::string, std::string> variation_params;
-  TestNetworkQualityEstimator estimator(variation_params);
-  base::TimeTicks now = base::TimeTicks::Now();
-
-  // Network quality should be unavailable when no observations are available.
-  base::TimeDelta rtt;
   EXPECT_FALSE(estimator.GetURLRequestRTTEstimate(&rtt));
-  int32_t kbps;
   EXPECT_FALSE(estimator.GetDownlinkThroughputKbpsEstimate(&kbps));
-
-  // Insert samples from {1,2,3,..., 100}. First insert odd samples, then even
-  // samples. This helps in verifying that the order of samples does not matter.
-  for (int i = 1; i <= 99; i += 2) {
-    estimator.downstream_throughput_kbps_observations_.AddObservation(
-        NetworkQualityEstimator::ThroughputObservation(
-            i, now, NetworkQualityEstimator::URL_REQUEST));
-    estimator.rtt_observations_.AddObservation(
-        NetworkQualityEstimator::RttObservation(
-            base::TimeDelta::FromMilliseconds(i), now,
-            NetworkQualityEstimator::URL_REQUEST));
-    EXPECT_TRUE(estimator.GetURLRequestRTTEstimate(&rtt));
-    EXPECT_TRUE(estimator.GetDownlinkThroughputKbpsEstimate(&kbps));
-  }
-
-  for (int i = 1; i <= 99; i += 2) {
-    // Insert TCP observation which should not be taken into account when
-    // computing median RTT at HTTP layer.
-    estimator.rtt_observations_.AddObservation(
-        NetworkQualityEstimator::RttObservation(
-            base::TimeDelta::FromMilliseconds(10000), now,
-            NetworkQualityEstimator::TCP));
-
-    // Insert QUIC observation which should not be taken into account when
-    // computing median RTT at HTTP layer.
-    estimator.rtt_observations_.AddObservation(
-        NetworkQualityEstimator::RttObservation(
-            base::TimeDelta::FromMilliseconds(10000), now,
-            NetworkQualityEstimator::QUIC));
-  }
-
-  for (int i = 2; i <= 100; i += 2) {
-    estimator.downstream_throughput_kbps_observations_.AddObservation(
-        NetworkQualityEstimator::ThroughputObservation(
-            i, now, NetworkQualityEstimator::URL_REQUEST));
-    estimator.rtt_observations_.AddObservation(
-        NetworkQualityEstimator::RttObservation(
-            base::TimeDelta::FromMilliseconds(i), now,
-            NetworkQualityEstimator::URL_REQUEST));
-    EXPECT_TRUE(estimator.GetURLRequestRTTEstimate(&rtt));
-    EXPECT_TRUE(estimator.GetDownlinkThroughputKbpsEstimate(&kbps));
-  }
-
-  for (int i = 0; i <= 100; ++i) {
-    // Checks if the difference between the two integers is less than 1. This is
-    // required because computed percentiles may be slightly different from
-    // what is expected due to floating point computation errors and integer
-    // rounding off errors.
-    EXPECT_NEAR(estimator.GetDownlinkThroughputKbpsEstimateInternal(
-                    base::TimeTicks(), i),
-                100 - i, 1);
-    EXPECT_NEAR(estimator.GetURLRequestRTTEstimateInternal(base::TimeTicks(), i)
-                    .InMilliseconds(),
-                i, 1);
-  }
-
-  EXPECT_TRUE(estimator.GetURLRequestRTTEstimate(&rtt));
-  EXPECT_TRUE(estimator.GetDownlinkThroughputKbpsEstimate(&kbps));
-  // |network_quality| should be equal to the 50 percentile value.
-  EXPECT_TRUE(estimator.GetDownlinkThroughputKbpsEstimateInternal(
-                  base::TimeTicks(), 50) > 0);
-  EXPECT_TRUE(
-      estimator.GetURLRequestRTTEstimateInternal(base::TimeTicks(), 50) !=
-      NetworkQualityEstimator::InvalidRTT());
-}
-
-// Verifies that the percentiles are correctly computed. Observations have
-// different timestamps with half the observations being very old and the rest
-// of them being very recent. Percentiles should factor in recent observations
-// much more heavily than older samples. Kbps percentiles must be in decreasing
-// order. RTT percentiles must be in increasing order.
-TEST(NetworkQualityEstimatorTest, PercentileDifferentTimestamps) {
-  std::map<std::string, std::string> variation_params;
-  TestNetworkQualityEstimator estimator(variation_params);
-  base::TimeTicks now = base::TimeTicks::Now();
-  base::TimeTicks very_old = now - base::TimeDelta::FromDays(365);
-
-  // First 50 samples have very old timestamp.
-  for (int i = 1; i <= 50; ++i) {
-    estimator.downstream_throughput_kbps_observations_.AddObservation(
-        NetworkQualityEstimator::ThroughputObservation(
-            i, very_old, NetworkQualityEstimator::URL_REQUEST));
-    estimator.rtt_observations_.AddObservation(
-        NetworkQualityEstimator::RttObservation(
-            base::TimeDelta::FromMilliseconds(i), very_old,
-            NetworkQualityEstimator::URL_REQUEST));
-  }
-
-  // Next 50 (i.e., from 51 to 100) have recent timestamp.
-  for (int i = 51; i <= 100; ++i) {
-    estimator.downstream_throughput_kbps_observations_.AddObservation(
-        NetworkQualityEstimator::ThroughputObservation(
-            i, now, NetworkQualityEstimator::URL_REQUEST));
-    estimator.rtt_observations_.AddObservation(
-        NetworkQualityEstimator::RttObservation(
-            base::TimeDelta::FromMilliseconds(i), now,
-            NetworkQualityEstimator::URL_REQUEST));
-  }
-
-  // Older samples have very little weight. So, all percentiles are >= 51
-  // (lowest value among recent observations).
-  for (int i = 1; i < 100; ++i) {
-    // Checks if the difference between the two integers is less than 1. This is
-    // required because computed percentiles may be slightly different from
-    // what is expected due to floating point computation errors and integer
-    // rounding off errors.
-    EXPECT_NEAR(estimator.GetDownlinkThroughputKbpsEstimateInternal(
-                    base::TimeTicks(), i),
-                51 + 0.49 * (100 - i), 1);
-    EXPECT_NEAR(estimator.GetURLRequestRTTEstimateInternal(base::TimeTicks(), i)
-                    .InMilliseconds(),
-                51 + 0.49 * i, 1);
-  }
-
-  EXPECT_EQ(NetworkQualityEstimator::InvalidRTT(),
-            estimator.GetURLRequestRTTEstimateInternal(
-                base::TimeTicks::Now() + base::TimeDelta::FromMinutes(10), 50));
-  EXPECT_EQ(NetworkQualityEstimator::kInvalidThroughput,
-            estimator.GetDownlinkThroughputKbpsEstimateInternal(
-                base::TimeTicks::Now() + base::TimeDelta::FromMinutes(10), 50));
 }
 
 // This test notifies NetworkQualityEstimator of received data. Next,
@@ -433,9 +309,16 @@ TEST(NetworkQualityEstimatorTest, ComputedPercentiles) {
   std::map<std::string, std::string> variation_params;
   TestNetworkQualityEstimator estimator(variation_params);
 
-  EXPECT_EQ(NetworkQualityEstimator::InvalidRTT(),
-            estimator.GetURLRequestRTTEstimateInternal(base::TimeTicks(), 100));
-  EXPECT_EQ(NetworkQualityEstimator::kInvalidThroughput,
+  std::vector<NetworkQualityObservationSource> disallowed_observation_sources;
+  disallowed_observation_sources.push_back(
+      NETWORK_QUALITY_OBSERVATION_SOURCE_TCP);
+  disallowed_observation_sources.push_back(
+      NETWORK_QUALITY_OBSERVATION_SOURCE_QUIC);
+
+  EXPECT_EQ(nqe::internal::InvalidRTT(),
+            estimator.GetRTTEstimateInternal(disallowed_observation_sources,
+                                             base::TimeTicks(), 100));
+  EXPECT_EQ(nqe::internal::kInvalidThroughput,
             estimator.GetDownlinkThroughputKbpsEstimateInternal(
                 base::TimeTicks(), 100));
 
@@ -445,8 +328,8 @@ TEST(NetworkQualityEstimatorTest, ComputedPercentiles) {
   context.Init();
 
   // Number of observations are more than the maximum buffer size.
-  for (size_t i = 0; i < estimator.kMaximumObservationsBufferSize + 100U; ++i) {
-    scoped_ptr<URLRequest> request(context.CreateRequest(
+  for (size_t i = 0; i < 1000U; ++i) {
+    std::unique_ptr<URLRequest> request(context.CreateRequest(
         estimator.GetEchoURL(), DEFAULT_PRIORITY, &test_delegate));
     request->Start();
     base::RunLoop().Run();
@@ -457,7 +340,8 @@ TEST(NetworkQualityEstimatorTest, ComputedPercentiles) {
     EXPECT_GT(estimator.GetDownlinkThroughputKbpsEstimateInternal(
                   base::TimeTicks(), i),
               0);
-    EXPECT_LT(estimator.GetURLRequestRTTEstimateInternal(base::TimeTicks(), i),
+    EXPECT_LT(estimator.GetRTTEstimateInternal(disallowed_observation_sources,
+                                               base::TimeTicks(), i),
               base::TimeDelta::Max());
 
     if (i != 0) {
@@ -468,9 +352,10 @@ TEST(NetworkQualityEstimatorTest, ComputedPercentiles) {
                     base::TimeTicks(), i - 1));
 
       // RTT percentiles are in increasing order.
-      EXPECT_GE(
-          estimator.GetURLRequestRTTEstimateInternal(base::TimeTicks(), i),
-          estimator.GetURLRequestRTTEstimateInternal(base::TimeTicks(), i - 1));
+      EXPECT_GE(estimator.GetRTTEstimateInternal(disallowed_observation_sources,
+                                                 base::TimeTicks(), i),
+                estimator.GetRTTEstimateInternal(disallowed_observation_sources,
+                                                 base::TimeTicks(), i - 1));
     }
   }
 }
@@ -487,8 +372,6 @@ TEST(NetworkQualityEstimatorTest, ObtainOperatingParams) {
   variation_params["2G.DefaultMedianRTTMsec"] = "-5";
 
   TestNetworkQualityEstimator estimator(variation_params);
-  EXPECT_EQ(1U, estimator.downstream_throughput_kbps_observations_.Size());
-  EXPECT_EQ(1U, estimator.rtt_observations_.Size());
 
   base::TimeDelta rtt;
   EXPECT_TRUE(estimator.GetURLRequestRTTEstimate(&rtt));
@@ -497,49 +380,33 @@ TEST(NetworkQualityEstimatorTest, ObtainOperatingParams) {
 
   EXPECT_EQ(100, kbps);
   EXPECT_EQ(base::TimeDelta::FromMilliseconds(1000), rtt);
-  auto throughput_iterator =
-      estimator.downstream_throughput_kbps_observations_.observations_.begin();
-  EXPECT_EQ(100, (*throughput_iterator).value);
-  auto rtt_iterator = estimator.rtt_observations_.observations_.begin();
-  EXPECT_EQ(base::TimeDelta::FromMilliseconds(1000), (*rtt_iterator).value);
+
+  EXPECT_FALSE(estimator.GetTransportRTTEstimate(&rtt));
 
   // Simulate network change to Wi-Fi.
   estimator.SimulateNetworkChangeTo(
       NetworkChangeNotifier::ConnectionType::CONNECTION_WIFI, "test-1");
-  EXPECT_EQ(1U, estimator.downstream_throughput_kbps_observations_.Size());
-  EXPECT_EQ(1U, estimator.rtt_observations_.Size());
 
   EXPECT_TRUE(estimator.GetURLRequestRTTEstimate(&rtt));
   EXPECT_TRUE(estimator.GetDownlinkThroughputKbpsEstimate(&kbps));
   EXPECT_EQ(200, kbps);
   EXPECT_EQ(base::TimeDelta::FromMilliseconds(2000), rtt);
-
-  throughput_iterator =
-      estimator.downstream_throughput_kbps_observations_.observations_.begin();
-  EXPECT_EQ(200, (*throughput_iterator).value);
-  rtt_iterator = estimator.rtt_observations_.observations_.begin();
-  EXPECT_EQ(base::TimeDelta::FromMilliseconds(2000), (*rtt_iterator).value);
+  EXPECT_FALSE(estimator.GetTransportRTTEstimate(&rtt));
 
   // Peak network quality should not be affected by the network quality
   // estimator field trial.
-  EXPECT_EQ(NetworkQualityEstimator::InvalidRTT(),
-            estimator.peak_network_quality_.rtt());
-  EXPECT_EQ(NetworkQualityEstimator::kInvalidThroughput,
+  EXPECT_EQ(nqe::internal::InvalidRTT(), estimator.peak_network_quality_.rtt());
+  EXPECT_EQ(nqe::internal::kInvalidThroughput,
             estimator.peak_network_quality_.downstream_throughput_kbps());
 
   // Simulate network change to 2G. Only the Kbps default estimate should be
   // available.
   estimator.SimulateNetworkChangeTo(
       NetworkChangeNotifier::ConnectionType::CONNECTION_2G, "test-2");
-  EXPECT_EQ(1U, estimator.downstream_throughput_kbps_observations_.Size());
-  EXPECT_EQ(0U, estimator.rtt_observations_.Size());
 
   EXPECT_FALSE(estimator.GetURLRequestRTTEstimate(&rtt));
   EXPECT_TRUE(estimator.GetDownlinkThroughputKbpsEstimate(&kbps));
-
-  throughput_iterator =
-      estimator.downstream_throughput_kbps_observations_.observations_.begin();
-  EXPECT_EQ(300, (*throughput_iterator).value);
+  EXPECT_EQ(300, kbps);
 
   // Simulate network change to 3G. Default estimates should be unavailable.
   estimator.SimulateNetworkChangeTo(
@@ -547,50 +414,148 @@ TEST(NetworkQualityEstimatorTest, ObtainOperatingParams) {
 
   EXPECT_FALSE(estimator.GetURLRequestRTTEstimate(&rtt));
   EXPECT_FALSE(estimator.GetDownlinkThroughputKbpsEstimate(&kbps));
-  EXPECT_EQ(0U, estimator.downstream_throughput_kbps_observations_.Size());
-  EXPECT_EQ(0U, estimator.rtt_observations_.Size());
 }
 
-TEST(NetworkQualityEstimatorTest, HalfLifeParam) {
-  // Verifies if |weight_multiplier_per_second_| is set to correct value for
-  // various values of half life parameter.
+// Tests that |GetEffectiveConnectionType| returns correct connection type when
+// no variation params are specified.
+TEST(NetworkQualityEstimatorTest, ObtainThresholdsNone) {
   std::map<std::string, std::string> variation_params;
-  {
-    // Half life parameter is not set. Default value of
-    // |weight_multiplier_per_second_| should be used.
-    TestNetworkQualityEstimator estimator(variation_params);
-    EXPECT_NEAR(0.988, estimator.downstream_throughput_kbps_observations_
-                           .weight_multiplier_per_second_,
-                0.001);
+
+  TestNetworkQualityEstimator estimator(variation_params);
+
+  const struct {
+    int32_t rtt_msec;
+    NetworkQualityEstimator::EffectiveConnectionType expected_conn_type;
+  } tests[] = {
+      {5000, NetworkQualityEstimator::EFFECTIVE_CONNECTION_TYPE_BROADBAND},
+      {20, NetworkQualityEstimator::EFFECTIVE_CONNECTION_TYPE_BROADBAND},
+  };
+
+  for (const auto& test : tests) {
+    estimator.set_url_rtt(base::TimeDelta::FromMilliseconds(test.rtt_msec));
+    EXPECT_EQ(test.expected_conn_type, estimator.GetEffectiveConnectionType());
   }
+}
 
-  variation_params["HalfLifeSeconds"] = "-100";
-  {
-    // Half life parameter is set to a negative value.  Default value of
-    // |weight_multiplier_per_second_| should be used.
-    TestNetworkQualityEstimator estimator(variation_params);
-    EXPECT_NEAR(0.988, estimator.downstream_throughput_kbps_observations_
-                           .weight_multiplier_per_second_,
-                0.001);
+// Tests that |GetEffectiveConnectionType| returns correct connection type when
+// only RTT thresholds are specified in the variation params.
+TEST(NetworkQualityEstimatorTest, ObtainThresholdsOnlyRTT) {
+  std::map<std::string, std::string> variation_params;
+
+  variation_params["Offline.ThresholdMedianURLRTTMsec"] = "4000";
+  variation_params["Slow2G.ThresholdMedianURLRTTMsec"] = "2000";
+  variation_params["2G.ThresholdMedianURLRTTMsec"] = "1000";
+  variation_params["3G.ThresholdMedianURLRTTMsec"] = "500";
+  variation_params["4G.ThresholdMedianURLRTTMsec"] = "300";
+  variation_params["Broadband.ThresholdMedianURLRTTMsec"] = "100";
+
+  TestNetworkQualityEstimator estimator(variation_params);
+
+  const struct {
+    int32_t rtt_msec;
+    NetworkQualityEstimator::EffectiveConnectionType expected_conn_type;
+  } tests[] = {
+      {5000, NetworkQualityEstimator::EFFECTIVE_CONNECTION_TYPE_OFFLINE},
+      {4000, NetworkQualityEstimator::EFFECTIVE_CONNECTION_TYPE_OFFLINE},
+      {3000, NetworkQualityEstimator::EFFECTIVE_CONNECTION_TYPE_SLOW_2G},
+      {2000, NetworkQualityEstimator::EFFECTIVE_CONNECTION_TYPE_SLOW_2G},
+      {1500, NetworkQualityEstimator::EFFECTIVE_CONNECTION_TYPE_2G},
+      {1000, NetworkQualityEstimator::EFFECTIVE_CONNECTION_TYPE_2G},
+      {700, NetworkQualityEstimator::EFFECTIVE_CONNECTION_TYPE_3G},
+      {500, NetworkQualityEstimator::EFFECTIVE_CONNECTION_TYPE_3G},
+      {400, NetworkQualityEstimator::EFFECTIVE_CONNECTION_TYPE_4G},
+      {300, NetworkQualityEstimator::EFFECTIVE_CONNECTION_TYPE_4G},
+      {200, NetworkQualityEstimator::EFFECTIVE_CONNECTION_TYPE_BROADBAND},
+      {100, NetworkQualityEstimator::EFFECTIVE_CONNECTION_TYPE_BROADBAND},
+      {20, NetworkQualityEstimator::EFFECTIVE_CONNECTION_TYPE_BROADBAND},
+  };
+
+  for (const auto& test : tests) {
+    estimator.set_url_rtt(base::TimeDelta::FromMilliseconds(test.rtt_msec));
+    EXPECT_EQ(test.expected_conn_type, estimator.GetEffectiveConnectionType());
   }
+}
 
-  variation_params["HalfLifeSeconds"] = "0";
-  {
-    // Half life parameter is set to zero.  Default value of
-    // |weight_multiplier_per_second_| should be used.
-    TestNetworkQualityEstimator estimator(variation_params);
-    EXPECT_NEAR(0.988, estimator.downstream_throughput_kbps_observations_
-                           .weight_multiplier_per_second_,
-                0.001);
+// Tests that |GetEffectiveConnectionType| returns correct connection type when
+// both RTT and throughput thresholds are specified in the variation params.
+TEST(NetworkQualityEstimatorTest, ObtainThresholdsRTTandThroughput) {
+  std::map<std::string, std::string> variation_params;
+
+  variation_params["Offline.ThresholdMedianURLRTTMsec"] = "4000";
+  variation_params["Slow2G.ThresholdMedianURLRTTMsec"] = "2000";
+  variation_params["2G.ThresholdMedianURLRTTMsec"] = "1000";
+  variation_params["3G.ThresholdMedianURLRTTMsec"] = "500";
+  variation_params["4G.ThresholdMedianURLRTTMsec"] = "300";
+  variation_params["Broadband.ThresholdMedianURLRTTMsec"] = "100";
+
+  variation_params["Offline.ThresholdMedianKbps"] = "10";
+  variation_params["Slow2G.ThresholdMedianKbps"] = "100";
+  variation_params["2G.ThresholdMedianKbps"] = "300";
+  variation_params["3G.ThresholdMedianKbps"] = "500";
+  variation_params["4G.ThresholdMedianKbps"] = "1000";
+  variation_params["Broadband.ThresholdMedianKbps"] = "2000";
+
+  TestNetworkQualityEstimator estimator(variation_params);
+
+  const struct {
+    int32_t rtt_msec;
+    int32_t downlink_throughput_kbps;
+    NetworkQualityEstimator::EffectiveConnectionType expected_conn_type;
+  } tests[] = {
+      // Set RTT to a very low value to observe the effect of throughput.
+      // Throughout is the bottleneck.
+      {1, 5, NetworkQualityEstimator::EFFECTIVE_CONNECTION_TYPE_OFFLINE},
+      {1, 10, NetworkQualityEstimator::EFFECTIVE_CONNECTION_TYPE_OFFLINE},
+      {1, 50, NetworkQualityEstimator::EFFECTIVE_CONNECTION_TYPE_SLOW_2G},
+      {1, 100, NetworkQualityEstimator::EFFECTIVE_CONNECTION_TYPE_SLOW_2G},
+      {1, 150, NetworkQualityEstimator::EFFECTIVE_CONNECTION_TYPE_2G},
+      {1, 300, NetworkQualityEstimator::EFFECTIVE_CONNECTION_TYPE_2G},
+      {1, 400, NetworkQualityEstimator::EFFECTIVE_CONNECTION_TYPE_3G},
+      {1, 500, NetworkQualityEstimator::EFFECTIVE_CONNECTION_TYPE_3G},
+      {1, 700, NetworkQualityEstimator::EFFECTIVE_CONNECTION_TYPE_4G},
+      {1, 1000, NetworkQualityEstimator::EFFECTIVE_CONNECTION_TYPE_4G},
+      {1, 1500, NetworkQualityEstimator::EFFECTIVE_CONNECTION_TYPE_BROADBAND},
+      {1, 2500, NetworkQualityEstimator::EFFECTIVE_CONNECTION_TYPE_BROADBAND},
+      // Set both RTT and throughput. RTT is the bottleneck.
+      {3000, 25000, NetworkQualityEstimator::EFFECTIVE_CONNECTION_TYPE_SLOW_2G},
+      {700, 25000, NetworkQualityEstimator::EFFECTIVE_CONNECTION_TYPE_3G},
+      // Set throughput to an invalid value.
+      {3000, 0, NetworkQualityEstimator::EFFECTIVE_CONNECTION_TYPE_SLOW_2G},
+      {700, 0, NetworkQualityEstimator::EFFECTIVE_CONNECTION_TYPE_3G},
+  };
+
+  for (const auto& test : tests) {
+    estimator.set_url_rtt(base::TimeDelta::FromMilliseconds(test.rtt_msec));
+    estimator.set_downlink_throughput_kbps(test.downlink_throughput_kbps);
+    EXPECT_EQ(test.expected_conn_type, estimator.GetEffectiveConnectionType());
   }
+}
+
+// Tests if |weight_multiplier_per_second_| is set to correct value for various
+// values of half life parameter.
+TEST(NetworkQualityEstimatorTest, HalfLifeParam) {
+  std::map<std::string, std::string> variation_params;
 
-  variation_params["HalfLifeSeconds"] = "10";
-  {
-    // Half life parameter is set to a valid value.
+  const struct {
+    std::string description;
+    std::string variation_params_value;
+    double expected_weight_multiplier;
+  } tests[] = {
+      {"Half life parameter is not set, default value should be used",
+       std::string(), 0.988},
+      {"Half life parameter is set to negative, default value should be used",
+       "-100", 0.988},
+      {"Half life parameter is set to zero, default value should be used", "0",
+       0.988},
+      {"Half life parameter is set correctly", "10", 0.933},
+  };
+
+  for (const auto& test : tests) {
+    variation_params["HalfLifeSeconds"] = test.variation_params_value;
     TestNetworkQualityEstimator estimator(variation_params);
-    EXPECT_NEAR(0.933, estimator.downstream_throughput_kbps_observations_
-                           .weight_multiplier_per_second_,
-                0.001);
+    EXPECT_NEAR(test.expected_weight_multiplier,
+                estimator.weight_multiplier_per_second_, 0.001)
+        << test.description;
   }
 }
 
@@ -605,11 +570,12 @@ TEST(NetworkQualityEstimatorTest, TestCaching) {
   // Cache entry will not be added for (NONE, "").
   estimator.downstream_throughput_kbps_observations_.AddObservation(
       NetworkQualityEstimator::ThroughputObservation(
-          1, base::TimeTicks::Now(), NetworkQualityEstimator::URL_REQUEST));
+          1, base::TimeTicks::Now(),
+          NETWORK_QUALITY_OBSERVATION_SOURCE_URL_REQUEST));
   estimator.rtt_observations_.AddObservation(
       NetworkQualityEstimator::RttObservation(
           base::TimeDelta::FromMilliseconds(1000), base::TimeTicks::Now(),
-          NetworkQualityEstimator::URL_REQUEST));
+          NETWORK_QUALITY_OBSERVATION_SOURCE_URL_REQUEST));
   estimator.SimulateNetworkChangeTo(
       NetworkChangeNotifier::ConnectionType::CONNECTION_2G, "test-1");
   EXPECT_EQ(expected_cache_size, estimator.cached_network_qualities_.size());
@@ -619,11 +585,12 @@ TEST(NetworkQualityEstimatorTest, TestCaching) {
   // the cache.
   estimator.downstream_throughput_kbps_observations_.AddObservation(
       NetworkQualityEstimator::ThroughputObservation(
-          1, base::TimeTicks::Now(), NetworkQualityEstimator::URL_REQUEST));
+          1, base::TimeTicks::Now(),
+          NETWORK_QUALITY_OBSERVATION_SOURCE_URL_REQUEST));
   estimator.rtt_observations_.AddObservation(
       NetworkQualityEstimator::RttObservation(
           base::TimeDelta::FromMilliseconds(1000), base::TimeTicks::Now(),
-          NetworkQualityEstimator::URL_REQUEST));
+          NETWORK_QUALITY_OBSERVATION_SOURCE_URL_REQUEST));
 
   estimator.SimulateNetworkChangeTo(
       NetworkChangeNotifier::ConnectionType::CONNECTION_3G, "test-1");
@@ -635,11 +602,12 @@ TEST(NetworkQualityEstimatorTest, TestCaching) {
   // the cache.
   estimator.downstream_throughput_kbps_observations_.AddObservation(
       NetworkQualityEstimator::ThroughputObservation(
-          2, base::TimeTicks::Now(), NetworkQualityEstimator::URL_REQUEST));
+          2, base::TimeTicks::Now(),
+          NETWORK_QUALITY_OBSERVATION_SOURCE_URL_REQUEST));
   estimator.rtt_observations_.AddObservation(
       NetworkQualityEstimator::RttObservation(
           base::TimeDelta::FromMilliseconds(500), base::TimeTicks::Now(),
-          NetworkQualityEstimator::URL_REQUEST));
+          NETWORK_QUALITY_OBSERVATION_SOURCE_URL_REQUEST));
   estimator.SimulateNetworkChangeTo(
       NetworkChangeNotifier::ConnectionType::CONNECTION_3G, "test-2");
   ++expected_cache_size;
@@ -659,6 +627,8 @@ TEST(NetworkQualityEstimatorTest, TestCaching) {
   EXPECT_TRUE(estimator.GetDownlinkThroughputKbpsEstimate(&kbps));
   EXPECT_EQ(1, kbps);
   EXPECT_EQ(base::TimeDelta::FromMilliseconds(1000), rtt);
+  EXPECT_FALSE(estimator.GetTransportRTTEstimate(&rtt));
+
   // No new entry should be added for (2G, "test-1") since it already exists
   // in the cache.
   estimator.SimulateNetworkChangeTo(
@@ -692,8 +662,7 @@ TEST(NetworkQualityEstimatorTest, TestLRUCacheMaximumSize) {
   std::map<std::string, std::string> variation_params;
   TestNetworkQualityEstimator estimator(variation_params);
   estimator.SimulateNetworkChangeTo(
-      net::NetworkChangeNotifier::ConnectionType::CONNECTION_WIFI,
-      std::string());
+      NetworkChangeNotifier::ConnectionType::CONNECTION_WIFI, std::string());
   EXPECT_EQ(0U, estimator.cached_network_qualities_.size());
 
   // Add 100 more networks than the maximum size of the cache.
@@ -704,17 +673,18 @@ TEST(NetworkQualityEstimatorTest, TestLRUCacheMaximumSize) {
   for (size_t i = 0; i < network_count; ++i) {
     estimator.downstream_throughput_kbps_observations_.AddObservation(
         NetworkQualityEstimator::ThroughputObservation(
-            2, base::TimeTicks::Now(), NetworkQualityEstimator::URL_REQUEST));
+            2, base::TimeTicks::Now(),
+            NETWORK_QUALITY_OBSERVATION_SOURCE_URL_REQUEST));
     estimator.rtt_observations_.AddObservation(
         NetworkQualityEstimator::RttObservation(
             base::TimeDelta::FromMilliseconds(500), base::TimeTicks::Now(),
-            NetworkQualityEstimator::URL_REQUEST));
+            NETWORK_QUALITY_OBSERVATION_SOURCE_URL_REQUEST));
 
     if (i == 100)
       update_time_of_network_100 = base::TimeTicks::Now();
 
     estimator.SimulateNetworkChangeTo(
-        net::NetworkChangeNotifier::ConnectionType::CONNECTION_WIFI,
+        NetworkChangeNotifier::ConnectionType::CONNECTION_WIFI,
         base::SizeTToString(i));
     if (i < NetworkQualityEstimator::kMaximumNetworkQualityCacheSize)
       EXPECT_EQ(i, estimator.cached_network_qualities_.size());
@@ -725,13 +695,14 @@ TEST(NetworkQualityEstimatorTest, TestLRUCacheMaximumSize) {
   // One more call so that the last network is also written to cache.
   estimator.downstream_throughput_kbps_observations_.AddObservation(
       NetworkQualityEstimator::ThroughputObservation(
-          2, base::TimeTicks::Now(), NetworkQualityEstimator::URL_REQUEST));
+          2, base::TimeTicks::Now(),
+          NETWORK_QUALITY_OBSERVATION_SOURCE_URL_REQUEST));
   estimator.rtt_observations_.AddObservation(
       NetworkQualityEstimator::RttObservation(
           base::TimeDelta::FromMilliseconds(500), base::TimeTicks::Now(),
-          NetworkQualityEstimator::URL_REQUEST));
+          NETWORK_QUALITY_OBSERVATION_SOURCE_URL_REQUEST));
   estimator.SimulateNetworkChangeTo(
-      net::NetworkChangeNotifier::ConnectionType::CONNECTION_WIFI,
+      NetworkChangeNotifier::ConnectionType::CONNECTION_WIFI,
       base::SizeTToString(network_count - 1));
   EXPECT_EQ(static_cast<size_t>(
                 NetworkQualityEstimator::kMaximumNetworkQualityCacheSize),
@@ -756,32 +727,67 @@ TEST(NetworkQualityEstimatorTest, TestGetMedianRTTSince) {
   // First sample has very old timestamp.
   estimator.downstream_throughput_kbps_observations_.AddObservation(
       NetworkQualityEstimator::ThroughputObservation(
-          1, old, NetworkQualityEstimator::URL_REQUEST));
+          1, old, NETWORK_QUALITY_OBSERVATION_SOURCE_URL_REQUEST));
   estimator.rtt_observations_.AddObservation(
       NetworkQualityEstimator::RttObservation(
           base::TimeDelta::FromMilliseconds(1), old,
-          NetworkQualityEstimator::URL_REQUEST));
+          NETWORK_QUALITY_OBSERVATION_SOURCE_URL_REQUEST));
+  estimator.rtt_observations_.AddObservation(
+      NetworkQualityEstimator::RttObservation(
+          base::TimeDelta::FromMilliseconds(10), old,
+          NETWORK_QUALITY_OBSERVATION_SOURCE_TCP));
 
   estimator.downstream_throughput_kbps_observations_.AddObservation(
       NetworkQualityEstimator::ThroughputObservation(
-          100, now, NetworkQualityEstimator::URL_REQUEST));
+          100, now, NETWORK_QUALITY_OBSERVATION_SOURCE_URL_REQUEST));
   estimator.rtt_observations_.AddObservation(
       NetworkQualityEstimator::RttObservation(
           base::TimeDelta::FromMilliseconds(100), now,
-          NetworkQualityEstimator::URL_REQUEST));
+          NETWORK_QUALITY_OBSERVATION_SOURCE_URL_REQUEST));
+  estimator.rtt_observations_.AddObservation(
+      NetworkQualityEstimator::RttObservation(
+          base::TimeDelta::FromMilliseconds(1000), now,
+          NETWORK_QUALITY_OBSERVATION_SOURCE_TCP));
+
+  const struct {
+    base::TimeTicks start_timestamp;
+    bool expect_network_quality_available;
+    base::TimeDelta expected_url_request_rtt;
+    base::TimeDelta expected_transport_rtt;
+    int32_t expected_downstream_throughput;
+  } tests[] = {
+      {now + base::TimeDelta::FromSeconds(10), false,
+       base::TimeDelta::FromMilliseconds(0),
+       base::TimeDelta::FromMilliseconds(0), 0},
+      {now, true, base::TimeDelta::FromMilliseconds(100),
+       base::TimeDelta::FromMilliseconds(1000), 100},
+      {now - base::TimeDelta::FromMicroseconds(500), true,
+       base::TimeDelta::FromMilliseconds(100),
+       base::TimeDelta::FromMilliseconds(1000), 100},
 
-  base::TimeDelta rtt;
-  EXPECT_FALSE(estimator.GetRecentURLRequestRTTMedian(
-      now + base::TimeDelta::FromSeconds(10), &rtt));
-  EXPECT_TRUE(estimator.GetRecentURLRequestRTTMedian(now, &rtt));
-  EXPECT_EQ(100, rtt.InMilliseconds());
-
-  int32_t downstream_throughput_kbps;
-  EXPECT_FALSE(estimator.GetRecentMedianDownlinkThroughputKbps(
-      now + base::TimeDelta::FromSeconds(10), &downstream_throughput_kbps));
-  EXPECT_TRUE(estimator.GetRecentMedianDownlinkThroughputKbps(
-      now, &downstream_throughput_kbps));
-  EXPECT_EQ(100, downstream_throughput_kbps);
+  };
+
+  for (const auto& test : tests) {
+    base::TimeDelta url_request_rtt;
+    base::TimeDelta transport_rtt;
+    int32_t downstream_throughput_kbps;
+    EXPECT_EQ(test.expect_network_quality_available,
+              estimator.GetRecentURLRequestRTTMedian(test.start_timestamp,
+                                                     &url_request_rtt));
+    EXPECT_EQ(test.expect_network_quality_available,
+              estimator.GetRecentTransportRTTMedian(test.start_timestamp,
+                                                    &transport_rtt));
+    EXPECT_EQ(test.expect_network_quality_available,
+              estimator.GetRecentMedianDownlinkThroughputKbps(
+                  test.start_timestamp, &downstream_throughput_kbps));
+
+    if (test.expect_network_quality_available) {
+      EXPECT_EQ(test.expected_url_request_rtt, url_request_rtt);
+      EXPECT_EQ(test.expected_transport_rtt, transport_rtt);
+      EXPECT_EQ(test.expected_downstream_throughput,
+                downstream_throughput_kbps);
+    }
+  }
 }
 
 // An external estimate provider that does not have a valid RTT or throughput
@@ -838,9 +844,10 @@ class InvalidExternalEstimateProvider : public ExternalEstimateProvider {
 // Tests if the RTT value from external estimate provider is discarded if the
 // external estimate provider is invalid.
 TEST(NetworkQualityEstimatorTest, InvalidExternalEstimateProvider) {
+  base::HistogramTester histogram_tester;
   InvalidExternalEstimateProvider* invalid_external_estimate_provider =
       new InvalidExternalEstimateProvider();
-  scoped_ptr<ExternalEstimateProvider> external_estimate_provider(
+  std::unique_ptr<ExternalEstimateProvider> external_estimate_provider(
       invalid_external_estimate_provider);
 
   TestNetworkQualityEstimator estimator(std::map<std::string, std::string>(),
@@ -851,6 +858,20 @@ TEST(NetworkQualityEstimatorTest, InvalidExternalEstimateProvider) {
   EXPECT_EQ(1U, invalid_external_estimate_provider->get_rtt_count());
   EXPECT_FALSE(estimator.GetURLRequestRTTEstimate(&rtt));
   EXPECT_FALSE(estimator.GetDownlinkThroughputKbpsEstimate(&kbps));
+  histogram_tester.ExpectTotalCount("NQE.ExternalEstimateProviderStatus", 3);
+
+  histogram_tester.ExpectBucketCount(
+      "NQE.ExternalEstimateProviderStatus",
+      1 /* EXTERNAL_ESTIMATE_PROVIDER_STATUS_AVAILABLE */, 1);
+  histogram_tester.ExpectBucketCount(
+      "NQE.ExternalEstimateProviderStatus",
+      2 /* EXTERNAL_ESTIMATE_PROVIDER_STATUS_QUERIED */, 1);
+  histogram_tester.ExpectBucketCount(
+      "NQE.ExternalEstimateProviderStatus",
+      3 /* EXTERNAL_ESTIMATE_PROVIDER_STATUS_QUERY_SUCCESSFUL */, 1);
+  histogram_tester.ExpectTotalCount("NQE.ExternalEstimateProvider.RTT", 0);
+  histogram_tester.ExpectTotalCount(
+      "NQE.ExternalEstimateProvider.DownlinkBandwidth", 0);
 }
 
 class TestExternalEstimateProvider : public ExternalEstimateProvider {
@@ -935,10 +956,11 @@ class TestExternalEstimateProvider : public ExternalEstimateProvider {
 // Tests if the external estimate provider is called in the constructor and
 // on network change notification.
 TEST(NetworkQualityEstimatorTest, TestExternalEstimateProvider) {
+  base::HistogramTester histogram_tester;
   TestExternalEstimateProvider* test_external_estimate_provider =
       new TestExternalEstimateProvider(base::TimeDelta::FromMilliseconds(1),
                                        100);
-  scoped_ptr<ExternalEstimateProvider> external_estimate_provider(
+  std::unique_ptr<ExternalEstimateProvider> external_estimate_provider(
       test_external_estimate_provider);
   std::map<std::string, std::string> variation_params;
   TestNetworkQualityEstimator estimator(variation_params,
@@ -947,8 +969,35 @@ TEST(NetworkQualityEstimatorTest, TestExternalEstimateProvider) {
   base::TimeDelta rtt;
   int32_t kbps;
   EXPECT_TRUE(estimator.GetURLRequestRTTEstimate(&rtt));
+  EXPECT_FALSE(estimator.GetTransportRTTEstimate(&rtt));
   EXPECT_TRUE(estimator.GetDownlinkThroughputKbpsEstimate(&kbps));
 
+  histogram_tester.ExpectTotalCount("NQE.ExternalEstimateProviderStatus", 5);
+
+  histogram_tester.ExpectBucketCount(
+      "NQE.ExternalEstimateProviderStatus",
+      1 /* EXTERNAL_ESTIMATE_PROVIDER_STATUS_AVAILABLE */, 1);
+  histogram_tester.ExpectBucketCount(
+      "NQE.ExternalEstimateProviderStatus",
+      2 /* EXTERNAL_ESTIMATE_PROVIDER_STATUS_QUERIED */, 1);
+  histogram_tester.ExpectBucketCount(
+      "NQE.ExternalEstimateProviderStatus",
+      3 /* EXTERNAL_ESTIMATE_PROVIDER_STATUS_QUERY_SUCCESSFUL */, 1);
+  histogram_tester.ExpectBucketCount(
+      "NQE.ExternalEstimateProviderStatus",
+      5 /* EXTERNAL_ESTIMATE_PROVIDER_STATUS_RTT_AVAILABLE */, 1);
+  histogram_tester.ExpectBucketCount(
+      "NQE.ExternalEstimateProviderStatus",
+      6 /* EXTERNAL_ESTIMATE_PROVIDER_STATUS_DOWNLINK_BANDWIDTH_AVAILABLE */,
+      1);
+  histogram_tester.ExpectTotalCount("NQE.ExternalEstimateProvider.RTT", 1);
+  histogram_tester.ExpectBucketCount("NQE.ExternalEstimateProvider.RTT", 1, 1);
+
+  histogram_tester.ExpectTotalCount(
+      "NQE.ExternalEstimateProvider.DownlinkBandwidth", 1);
+  histogram_tester.ExpectBucketCount(
+      "NQE.ExternalEstimateProvider.DownlinkBandwidth", 100, 1);
+
   EXPECT_EQ(
       1U, test_external_estimate_provider->get_time_since_last_update_count());
   EXPECT_EQ(1U, test_external_estimate_provider->get_rtt_count());
@@ -1006,13 +1055,13 @@ TEST(NetworkQualityEstimatorTest, TestExternalEstimateProvider) {
 // observations collected from the HTTP requests.
 TEST(NetworkQualityEstimatorTest, TestExternalEstimateProviderMergeEstimates) {
   const base::TimeDelta external_estimate_provider_rtt =
-      base::TimeDelta::FromMilliseconds(1);
-  const int32_t external_estimate_provider_downstream_throughput = 100;
+      base::TimeDelta::FromMilliseconds(10 * 1000);
+  const int32_t external_estimate_provider_downstream_throughput = 100 * 1000;
   TestExternalEstimateProvider* test_external_estimate_provider =
       new TestExternalEstimateProvider(
           external_estimate_provider_rtt,
           external_estimate_provider_downstream_throughput);
-  scoped_ptr<ExternalEstimateProvider> external_estimate_provider(
+  std::unique_ptr<ExternalEstimateProvider> external_estimate_provider(
       test_external_estimate_provider);
 
   std::map<std::string, std::string> variation_params;
@@ -1029,21 +1078,21 @@ TEST(NetworkQualityEstimatorTest, TestExternalEstimateProviderMergeEstimates) {
   EXPECT_TRUE(estimator.GetDownlinkThroughputKbpsEstimate(&kbps));
   EXPECT_EQ(external_estimate_provider_downstream_throughput, kbps);
 
-  EXPECT_EQ(1U, estimator.rtt_observations_.Size());
-  EXPECT_EQ(1U, estimator.downstream_throughput_kbps_observations_.Size());
-
   TestDelegate test_delegate;
   TestURLRequestContext context(true);
   context.set_network_quality_estimator(&estimator);
   context.Init();
 
-  scoped_ptr<URLRequest> request(context.CreateRequest(
+  std::unique_ptr<URLRequest> request(context.CreateRequest(
       estimator.GetEchoURL(), DEFAULT_PRIORITY, &test_delegate));
   request->Start();
   base::RunLoop().Run();
 
-  EXPECT_EQ(2U, estimator.rtt_observations_.Size());
-  EXPECT_EQ(2U, estimator.downstream_throughput_kbps_observations_.Size());
+  EXPECT_TRUE(estimator.GetURLRequestRTTEstimate(&rtt));
+  EXPECT_NE(external_estimate_provider_rtt, rtt);
+
+  EXPECT_TRUE(estimator.GetDownlinkThroughputKbpsEstimate(&kbps));
+  EXPECT_NE(external_estimate_provider_downstream_throughput, kbps);
 }
 
 TEST(NetworkQualityEstimatorTest, TestObservers) {
@@ -1063,13 +1112,13 @@ TEST(NetworkQualityEstimatorTest, TestObservers) {
   EXPECT_EQ(0U, throughput_observer.observations().size());
   base::TimeTicks then = base::TimeTicks::Now();
 
-  scoped_ptr<URLRequest> request(context.CreateRequest(
+  std::unique_ptr<URLRequest> request(context.CreateRequest(
       estimator.GetEchoURL(), DEFAULT_PRIORITY, &test_delegate));
   request->SetLoadFlags(request->load_flags() | LOAD_MAIN_FRAME);
   request->Start();
   base::RunLoop().Run();
 
-  scoped_ptr<URLRequest> request2(context.CreateRequest(
+  std::unique_ptr<URLRequest> request2(context.CreateRequest(
       estimator.GetEchoURL(), DEFAULT_PRIORITY, &test_delegate));
   request2->SetLoadFlags(request->load_flags() | LOAD_MAIN_FRAME);
   request2->Start();
@@ -1084,27 +1133,31 @@ TEST(NetworkQualityEstimatorTest, TestObservers) {
 
   EXPECT_EQ(2U, rtt_observer.observations().size());
   EXPECT_EQ(2U, throughput_observer.observations().size());
-  for (auto observation : rtt_observer.observations()) {
+  for (const auto& observation : rtt_observer.observations()) {
     EXPECT_LE(0, observation.rtt_ms);
     EXPECT_LE(0, (observation.timestamp - then).InMilliseconds());
-    EXPECT_EQ(NetworkQualityEstimator::URL_REQUEST, observation.source);
+    EXPECT_EQ(NETWORK_QUALITY_OBSERVATION_SOURCE_URL_REQUEST,
+              observation.source);
   }
-  for (auto observation : throughput_observer.observations()) {
+  for (const auto& observation : throughput_observer.observations()) {
     EXPECT_LE(0, observation.throughput_kbps);
     EXPECT_LE(0, (observation.timestamp - then).InMilliseconds());
-    EXPECT_EQ(NetworkQualityEstimator::URL_REQUEST, observation.source);
+    EXPECT_EQ(NETWORK_QUALITY_OBSERVATION_SOURCE_URL_REQUEST,
+              observation.source);
   }
 
+  EXPECT_FALSE(estimator.GetTransportRTTEstimate(&rtt));
+
   // Verify that observations from TCP and QUIC are passed on to the observers.
   base::TimeDelta tcp_rtt(base::TimeDelta::FromMilliseconds(1));
   base::TimeDelta quic_rtt(base::TimeDelta::FromMilliseconds(2));
 
-  scoped_ptr<SocketPerformanceWatcher> tcp_watcher =
+  std::unique_ptr<SocketPerformanceWatcher> tcp_watcher =
       estimator.GetSocketPerformanceWatcherFactory()
           ->CreateSocketPerformanceWatcher(
               SocketPerformanceWatcherFactory::PROTOCOL_TCP);
 
-  scoped_ptr<SocketPerformanceWatcher> quic_watcher =
+  std::unique_ptr<SocketPerformanceWatcher> quic_watcher =
       estimator.GetSocketPerformanceWatcherFactory()
           ->CreateSocketPerformanceWatcher(
               SocketPerformanceWatcherFactory::PROTOCOL_QUIC);
@@ -1120,6 +1173,81 @@ TEST(NetworkQualityEstimatorTest, TestObservers) {
   EXPECT_EQ(tcp_rtt.InMilliseconds(), rtt_observer.observations().at(2).rtt_ms);
   EXPECT_EQ(quic_rtt.InMilliseconds(),
             rtt_observer.observations().at(3).rtt_ms);
+
+  EXPECT_TRUE(estimator.GetTransportRTTEstimate(&rtt));
+}
+
+// TestTCPSocketRTT requires kernel support for tcp_info struct, and so it is
+// enabled only on certain platforms.
+#if defined(TCP_INFO) || defined(OS_LINUX)
+#define MAYBE_TestTCPSocketRTT TestTCPSocketRTT
+#else
+#define MAYBE_TestTCPSocketRTT DISABLED_TestTCPSocketRTT
+#endif
+// Tests that the TCP socket notifies the Network Quality Estimator of TCP RTTs,
+// which in turn notifies registered RTT observers.
+TEST(NetworkQualityEstimatorTest, MAYBE_TestTCPSocketRTT) {
+  base::HistogramTester histogram_tester;
+  TestRTTObserver rtt_observer;
+  std::map<std::string, std::string> variation_params;
+  TestNetworkQualityEstimator estimator(variation_params);
+  estimator.AddRTTObserver(&rtt_observer);
+
+  TestDelegate test_delegate;
+  TestURLRequestContext context(true);
+  context.set_network_quality_estimator(&estimator);
+
+  std::unique_ptr<HttpNetworkSession::Params> params(
+      new HttpNetworkSession::Params);
+  // |estimator| should be notified of TCP RTT observations.
+  params->socket_performance_watcher_factory =
+      estimator.GetSocketPerformanceWatcherFactory();
+  context.set_http_network_session_params(std::move(params));
+  context.Init();
+
+  EXPECT_EQ(0U, rtt_observer.observations().size());
+  base::TimeDelta rtt;
+  EXPECT_FALSE(estimator.GetURLRequestRTTEstimate(&rtt));
+  EXPECT_FALSE(estimator.GetTransportRTTEstimate(&rtt));
+
+  // Send two requests. Verify that the completion of each request generates at
+  // least one TCP RTT observation.
+  for (size_t i = 0; i < 2; ++i) {
+    size_t before_count_tcp_rtt_observations = 0;
+    for (const auto& observation : rtt_observer.observations()) {
+      if (observation.source == NETWORK_QUALITY_OBSERVATION_SOURCE_TCP)
+        ++before_count_tcp_rtt_observations;
+    }
+
+    std::unique_ptr<URLRequest> request(context.CreateRequest(
+        estimator.GetEchoURL(), DEFAULT_PRIORITY, &test_delegate));
+    request->Start();
+    base::RunLoop().Run();
+
+    size_t after_count_tcp_rtt_observations = 0;
+    for (const auto& observation : rtt_observer.observations()) {
+      if (observation.source == NETWORK_QUALITY_OBSERVATION_SOURCE_TCP)
+        ++after_count_tcp_rtt_observations;
+    }
+    // At least one notification should be received per socket performance
+    // watcher.
+    EXPECT_LE(1U, after_count_tcp_rtt_observations -
+                      before_count_tcp_rtt_observations)
+        << i;
+  }
+  EXPECT_TRUE(estimator.GetURLRequestRTTEstimate(&rtt));
+  EXPECT_TRUE(estimator.GetTransportRTTEstimate(&rtt));
+
+  estimator.SimulateNetworkChangeTo(
+      NetworkChangeNotifier::ConnectionType::CONNECTION_WIFI, "test-1");
+  histogram_tester.ExpectTotalCount("NQE.TransportRTT.Percentile50.Unknown", 1);
+  histogram_tester.ExpectBucketCount("NQE.TransportRTT.Percentile50.Unknown",
+                                     rtt.InMilliseconds(), 1);
+  histogram_tester.ExpectTotalCount("NQE.TransportRTT.Percentile10.Unknown", 1);
+  histogram_tester.ExpectTotalCount("NQE.TransportRTT.Percentile50.Unknown", 1);
+  histogram_tester.ExpectTotalCount("NQE.TransportRTT.Percentile90.Unknown", 1);
+  histogram_tester.ExpectTotalCount("NQE.TransportRTT.Percentile100.Unknown",
+                                    1);
 }
 
 }  // namespace net
diff --git a/chromium/net/nqe/network_quality_observation.h b/chromium/net/nqe/network_quality_observation.h
new file mode 100644
index 00000000000..5349338de39
--- /dev/null
+++ b/chromium/net/nqe/network_quality_observation.h
@@ -0,0 +1,53 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_NQE_NETWORK_QUALITY_OBSERVATION_H_
+#define NET_NQE_NETWORK_QUALITY_OBSERVATION_H_
+
+#include <vector>
+
+#include "base/gtest_prod_util.h"
+#include "base/macros.h"
+#include "base/time/time.h"
+#include "net/base/net_export.h"
+#include "net/nqe/network_quality_observation_source.h"
+
+namespace net {
+
+namespace nqe {
+
+namespace internal {
+
+// Records observations of network quality metrics (such as round trip time
+// or throughput), along with the time the observation was made. Observations
+// can be made at several places in the network stack, thus the observation
+// source is provided as well. ValueType must be numerical so that statistics
+// such as median, average can be computed.
+template <typename ValueType>
+struct NET_EXPORT_PRIVATE Observation {
+  Observation(const ValueType& value,
+              base::TimeTicks timestamp,
+              NetworkQualityObservationSource source)
+      : value(value), timestamp(timestamp), source(source) {
+    DCHECK(!timestamp.is_null());
+  }
+  ~Observation() {}
+
+  // Value of the observation.
+  const ValueType value;
+
+  // Time when the observation was taken.
+  const base::TimeTicks timestamp;
+
+  // The source of the observation.
+  const NetworkQualityObservationSource source;
+};
+
+}  // namespace internal
+
+}  // namespace nqe
+
+}  // namespace net
+
+#endif  // NET_NQE_NETWORK_QUALITY_OBSERVATION_H_
+\ No newline at end of file
diff --git a/chromium/net/nqe/network_quality_observation_source.h b/chromium/net/nqe/network_quality_observation_source.h
new file mode 100644
index 00000000000..da64c6766d1
--- /dev/null
+++ b/chromium/net/nqe/network_quality_observation_source.h
@@ -0,0 +1,40 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_NQE_NETWORK_QUALITY_OBSERVATION_SOURCE_H_
+#define NET_NQE_NETWORK_QUALITY_OBSERVATION_SOURCE_H_
+
+namespace net {
+
+// On Android, a Java counterpart will be generated for this enum.
+// GENERATED_JAVA_ENUM_PACKAGE: org.chromium.net
+// GENERATED_JAVA_CLASS_NAME_OVERRIDE: NetworkQualityObservationSource
+// GENERATED_JAVA_PREFIX_TO_STRIP: NETWORK_QUALITY_OBSERVATION_SOURCE_
+enum NetworkQualityObservationSource {
+  // The observation was taken at the request layer, e.g., a round trip time
+  // is recorded as the time between the request being sent and the first byte
+  // being received.
+  NETWORK_QUALITY_OBSERVATION_SOURCE_URL_REQUEST = 0,
+
+  // The observation is taken from TCP statistics maintained by the kernel.
+  NETWORK_QUALITY_OBSERVATION_SOURCE_TCP,
+
+  // The observation is taken at the QUIC layer.
+  NETWORK_QUALITY_OBSERVATION_SOURCE_QUIC,
+
+  // The observation is a previously cached estimate of the metric.
+  NETWORK_QUALITY_OBSERVATION_SOURCE_CACHED_ESTIMATE,
+
+  // The observation is derived from network connection information provided
+  // by the platform. For example, typical RTT and throughput values are used
+  // for a given type of network connection.
+  NETWORK_QUALITY_OBSERVATION_SOURCE_DEFAULT_FROM_PLATFORM,
+
+  // The observation came from a Chromium-external source.
+  NETWORK_QUALITY_OBSERVATION_SOURCE_EXTERNAL_ESTIMATE
+};
+
+}  // namespace net
+
+#endif  // NET_NQE_NETWORK_QUALITY_OBSERVATION_SOURCE_H_
+\ No newline at end of file
diff --git a/chromium/net/nqe/network_quality_observation_unittest.cc b/chromium/net/nqe/network_quality_observation_unittest.cc
new file mode 100644
index 00000000000..f8215a23f4e
--- /dev/null
+++ b/chromium/net/nqe/network_quality_observation_unittest.cc
@@ -0,0 +1,332 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/nqe/network_quality_observation.h"
+
+#include <stddef.h>
+
+#include <vector>
+
+#include "base/logging.h"
+#include "base/macros.h"
+#include "base/time/time.h"
+#include "net/nqe/network_quality_observation_source.h"
+#include "net/nqe/observation_buffer.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace net {
+
+namespace nqe {
+
+namespace {
+
+// Verifies that the percentiles are correctly computed. All observations have
+// the same timestamp.
+TEST(NetworkQualityObservationTest, PercentileSameTimestamps) {
+  internal::ObservationBuffer<int32_t> int_buffer(0.5);
+  internal::ObservationBuffer<base::TimeDelta> time_delta_buffer(0.5);
+  ASSERT_EQ(0u, int_buffer.Size());
+  ASSERT_LT(0u, int_buffer.Capacity());
+  ASSERT_EQ(0u, time_delta_buffer.Size());
+  ASSERT_LT(0u, time_delta_buffer.Capacity());
+
+  const base::TimeTicks now = base::TimeTicks::Now();
+
+  int32_t result;
+  base::TimeDelta time_delta_result;
+
+  // Percentiles should be unavailable when no observations are available.
+  EXPECT_FALSE(
+      int_buffer.GetPercentile(base::TimeTicks(), &result, 50,
+                               std::vector<NetworkQualityObservationSource>()));
+  EXPECT_FALSE(time_delta_buffer.GetPercentile(
+      base::TimeTicks(), &time_delta_result, 50,
+      std::vector<NetworkQualityObservationSource>()));
+
+  // Insert samples from {1,2,3,..., 100}. First insert odd samples, then even
+  // samples. This helps in verifying that the order of samples does not matter.
+  for (int i = 1; i <= 99; i += 2) {
+    int_buffer.AddObservation(internal::Observation<int32_t>(
+        i, now, NETWORK_QUALITY_OBSERVATION_SOURCE_URL_REQUEST));
+    time_delta_buffer.AddObservation(internal::Observation<base::TimeDelta>(
+        base::TimeDelta::FromMilliseconds(i), now,
+        NETWORK_QUALITY_OBSERVATION_SOURCE_URL_REQUEST));
+    EXPECT_TRUE(int_buffer.GetPercentile(
+        base::TimeTicks(), &result, 50,
+        std::vector<NetworkQualityObservationSource>()));
+    ASSERT_EQ(static_cast<size_t>(i / 2 + 1), int_buffer.Size());
+    EXPECT_TRUE(time_delta_buffer.GetPercentile(
+        base::TimeTicks(), &time_delta_result, 50,
+        std::vector<NetworkQualityObservationSource>()));
+    ASSERT_EQ(static_cast<size_t>(i / 2 + 1), time_delta_buffer.Size());
+  }
+
+  for (int i = 2; i <= 100; i += 2) {
+    int_buffer.AddObservation(internal::Observation<int32_t>(
+        i, now, NETWORK_QUALITY_OBSERVATION_SOURCE_URL_REQUEST));
+    time_delta_buffer.AddObservation(internal::Observation<base::TimeDelta>(
+        base::TimeDelta::FromMilliseconds(i), now,
+        NETWORK_QUALITY_OBSERVATION_SOURCE_URL_REQUEST));
+    EXPECT_TRUE(int_buffer.GetPercentile(
+        base::TimeTicks(), &result, 50,
+        std::vector<NetworkQualityObservationSource>()));
+    ASSERT_EQ(static_cast<size_t>(i / 2 + 50), int_buffer.Size());
+    EXPECT_TRUE(time_delta_buffer.GetPercentile(
+        base::TimeTicks(), &time_delta_result, 50,
+        std::vector<NetworkQualityObservationSource>()));
+    ASSERT_EQ(static_cast<size_t>(i / 2 + 50), time_delta_buffer.Size());
+  }
+
+  ASSERT_EQ(100u, int_buffer.Size());
+  ASSERT_EQ(100u, time_delta_buffer.Size());
+
+  for (int i = 0; i <= 100; ++i) {
+    // Checks if the difference between the two integers is less than 1. This is
+    // required because computed percentiles may be slightly different from
+    // what is expected due to floating point computation errors and integer
+    // rounding off errors.
+    EXPECT_TRUE(int_buffer.GetPercentile(
+        base::TimeTicks(), &result, i,
+        std::vector<NetworkQualityObservationSource>()));
+    EXPECT_TRUE(time_delta_buffer.GetPercentile(
+        base::TimeTicks(), &time_delta_result, i,
+        std::vector<NetworkQualityObservationSource>()));
+    EXPECT_NEAR(result, i, 1);
+    EXPECT_NEAR(time_delta_result.InMilliseconds(), i, 1);
+  }
+
+  EXPECT_FALSE(int_buffer.GetPercentile(
+      now + base::TimeDelta::FromSeconds(1), &result, 50,
+      std::vector<NetworkQualityObservationSource>()));
+  EXPECT_FALSE(time_delta_buffer.GetPercentile(
+      now + base::TimeDelta::FromSeconds(1), &time_delta_result, 50,
+      std::vector<NetworkQualityObservationSource>()));
+
+  // Percentiles should be unavailable when no observations are available.
+  int_buffer.Clear();
+  time_delta_buffer.Clear();
+  EXPECT_FALSE(
+      int_buffer.GetPercentile(base::TimeTicks(), &result, 50,
+                               std::vector<NetworkQualityObservationSource>()));
+  EXPECT_FALSE(time_delta_buffer.GetPercentile(
+      base::TimeTicks(), &time_delta_result, 50,
+      std::vector<NetworkQualityObservationSource>()));
+}
+
+// Verifies that the percentiles are correctly computed. Observations have
+// different timestamps with half the observations being very old and the rest
+// of them being very recent. Percentiles should factor in recent observations
+// much more heavily than older samples.
+TEST(NetworkQualityObservationTest, PercentileDifferentTimestamps) {
+  internal::ObservationBuffer<int32_t> int_buffer(0.5);
+  internal::ObservationBuffer<base::TimeDelta> time_delta_buffer(0.5);
+  const base::TimeTicks now = base::TimeTicks::Now();
+  const base::TimeTicks very_old = now - base::TimeDelta::FromDays(365);
+
+  int32_t result;
+  base::TimeDelta time_delta_result;
+
+  // Network quality should be unavailable when no observations are available.
+  EXPECT_FALSE(
+      int_buffer.GetPercentile(base::TimeTicks(), &result, 50,
+                               std::vector<NetworkQualityObservationSource>()));
+  EXPECT_FALSE(time_delta_buffer.GetPercentile(
+      base::TimeTicks(), &time_delta_result, 50,
+      std::vector<NetworkQualityObservationSource>()));
+
+  // First 50 samples have very old timestamp.
+  for (int i = 1; i <= 50; ++i) {
+    int_buffer.AddObservation(internal::Observation<int32_t>(
+        i, very_old, NETWORK_QUALITY_OBSERVATION_SOURCE_URL_REQUEST));
+    time_delta_buffer.AddObservation(internal::Observation<base::TimeDelta>(
+        base::TimeDelta::FromMilliseconds(i), very_old,
+        NETWORK_QUALITY_OBSERVATION_SOURCE_URL_REQUEST));
+  }
+
+  // Next 50 (i.e., from 51 to 100) have recent timestamp.
+  for (int i = 51; i <= 100; ++i) {
+    int_buffer.AddObservation(internal::Observation<int32_t>(
+        i, now, NETWORK_QUALITY_OBSERVATION_SOURCE_URL_REQUEST));
+    time_delta_buffer.AddObservation(internal::Observation<base::TimeDelta>(
+        base::TimeDelta::FromMilliseconds(i), now,
+        NETWORK_QUALITY_OBSERVATION_SOURCE_URL_REQUEST));
+  }
+
+  // Older samples have very little weight. So, all percentiles are >= 51
+  // (lowest value among recent observations).
+  for (int i = 1; i < 100; ++i) {
+    // Checks if the difference between the two integers is less than 1. This is
+    // required because computed percentiles may be slightly different from
+    // what is expected due to floating point computation errors and integer
+    // rounding off errors.
+    EXPECT_TRUE(int_buffer.GetPercentile(
+        base::TimeTicks(), &result, i,
+        std::vector<NetworkQualityObservationSource>()));
+    EXPECT_NEAR(result, 51 + 0.49 * i, 1);
+
+    EXPECT_TRUE(time_delta_buffer.GetPercentile(
+        base::TimeTicks(), &time_delta_result, i,
+        std::vector<NetworkQualityObservationSource>()));
+    EXPECT_NEAR(time_delta_result.InMilliseconds(), 51 + 0.49 * i, 1);
+  }
+
+  EXPECT_FALSE(int_buffer.GetPercentile(
+      now + base::TimeDelta::FromSeconds(1), &result, 50,
+      std::vector<NetworkQualityObservationSource>()));
+  EXPECT_FALSE(time_delta_buffer.GetPercentile(
+      now + base::TimeDelta::FromSeconds(1), &time_delta_result, 50,
+      std::vector<NetworkQualityObservationSource>()));
+}
+
+// Verifies that the percentiles are correctly computed when some of the
+// observation sources are disallowed. All observations have the same timestamp.
+TEST(NetworkQualityObservationTest, DisallowedObservationSources) {
+  internal::ObservationBuffer<int32_t> int_buffer(0.5);
+  internal::ObservationBuffer<base::TimeDelta> time_delta_buffer(0.5);
+  const base::TimeTicks now = base::TimeTicks::Now();
+
+  int32_t result;
+  base::TimeDelta time_delta_result;
+
+  // Network quality should be unavailable when no observations are available.
+  EXPECT_FALSE(
+      int_buffer.GetPercentile(base::TimeTicks(), &result, 50,
+                               std::vector<NetworkQualityObservationSource>()));
+  EXPECT_FALSE(time_delta_buffer.GetPercentile(
+      base::TimeTicks(), &time_delta_result, 50,
+      std::vector<NetworkQualityObservationSource>()));
+
+  // Insert samples from {1,2,3,..., 100}. First insert odd samples, then even
+  // samples. This helps in verifying that the order of samples does not matter.
+  for (int i = 1; i <= 99; i += 2) {
+    int_buffer.AddObservation(internal::Observation<int32_t>(
+        i, now, NETWORK_QUALITY_OBSERVATION_SOURCE_URL_REQUEST));
+    time_delta_buffer.AddObservation(internal::Observation<base::TimeDelta>(
+        base::TimeDelta::FromMilliseconds(i), now,
+        NETWORK_QUALITY_OBSERVATION_SOURCE_URL_REQUEST));
+  }
+
+  // Add samples for TCP and QUIC observations which should not be taken into
+  // account when computing the percentile.
+  for (int i = 1; i <= 99; i += 2) {
+    int_buffer.AddObservation(internal::Observation<int32_t>(
+        10000, now, NETWORK_QUALITY_OBSERVATION_SOURCE_TCP));
+    int_buffer.AddObservation(internal::Observation<int32_t>(
+        10000, now, NETWORK_QUALITY_OBSERVATION_SOURCE_QUIC));
+    time_delta_buffer.AddObservation(internal::Observation<base::TimeDelta>(
+        base::TimeDelta::FromMilliseconds(10000), now,
+        NETWORK_QUALITY_OBSERVATION_SOURCE_TCP));
+    time_delta_buffer.AddObservation(internal::Observation<base::TimeDelta>(
+        base::TimeDelta::FromMilliseconds(10000), now,
+        NETWORK_QUALITY_OBSERVATION_SOURCE_QUIC));
+  }
+
+  for (int i = 2; i <= 100; i += 2) {
+    int_buffer.AddObservation(internal::Observation<int32_t>(
+        i, now, NETWORK_QUALITY_OBSERVATION_SOURCE_URL_REQUEST));
+    time_delta_buffer.AddObservation(internal::Observation<base::TimeDelta>(
+        base::TimeDelta::FromMilliseconds(i), now,
+        NETWORK_QUALITY_OBSERVATION_SOURCE_URL_REQUEST));
+  }
+
+  std::vector<NetworkQualityObservationSource> disallowed_observation_sources;
+  disallowed_observation_sources.push_back(
+      NETWORK_QUALITY_OBSERVATION_SOURCE_TCP);
+  disallowed_observation_sources.push_back(
+      NETWORK_QUALITY_OBSERVATION_SOURCE_QUIC);
+
+  for (int i = 0; i <= 100; ++i) {
+    // Checks if the difference between the two integers is less than 1. This is
+    // required because computed percentiles may be slightly different from
+    // what is expected due to floating point computation errors and integer
+    // rounding off errors.
+    EXPECT_TRUE(int_buffer.GetPercentile(base::TimeTicks(), &result, i,
+                                         disallowed_observation_sources));
+    EXPECT_NEAR(result, i, 1);
+    EXPECT_TRUE(
+        time_delta_buffer.GetPercentile(base::TimeTicks(), &time_delta_result,
+                                        i, disallowed_observation_sources));
+    EXPECT_NEAR(time_delta_result.InMilliseconds(), i, 1);
+  }
+
+  // Now check the percentile value for TCP and QUIC observations.
+  disallowed_observation_sources.clear();
+  disallowed_observation_sources.push_back(
+      NETWORK_QUALITY_OBSERVATION_SOURCE_URL_REQUEST);
+  for (int i = 0; i <= 100; ++i) {
+    // Checks if the difference between the two integers is less than 1. This is
+    // required because computed percentiles may be slightly different from
+    // what is expected due to floating point computation errors and integer
+    // rounding off errors.
+    EXPECT_TRUE(int_buffer.GetPercentile(base::TimeTicks(), &result, i,
+                                         disallowed_observation_sources));
+    EXPECT_NEAR(result, 10000, 1);
+    EXPECT_TRUE(
+        time_delta_buffer.GetPercentile(base::TimeTicks(), &time_delta_result,
+                                        i, disallowed_observation_sources));
+    EXPECT_NEAR(time_delta_result.InMilliseconds(), 10000, 1);
+  }
+}
+
+TEST(NetworkQualityObservationTest, TestGetMedianRTTSince) {
+  internal::ObservationBuffer<int32_t> int_buffer(0.5);
+  internal::ObservationBuffer<base::TimeDelta> time_delta_buffer(0.5);
+  base::TimeTicks now = base::TimeTicks::Now();
+  base::TimeTicks old = now - base::TimeDelta::FromMilliseconds(1);
+  ASSERT_NE(old, now);
+
+  // First sample has very old timestamp.
+  int_buffer.AddObservation(internal::Observation<int32_t>(
+      1, old, NETWORK_QUALITY_OBSERVATION_SOURCE_URL_REQUEST));
+  time_delta_buffer.AddObservation(internal::Observation<base::TimeDelta>(
+      base::TimeDelta::FromMilliseconds(1), old,
+      NETWORK_QUALITY_OBSERVATION_SOURCE_URL_REQUEST));
+
+  int_buffer.AddObservation(internal::Observation<int32_t>(
+      100, now, NETWORK_QUALITY_OBSERVATION_SOURCE_URL_REQUEST));
+  time_delta_buffer.AddObservation(internal::Observation<base::TimeDelta>(
+      base::TimeDelta::FromMilliseconds(100), now,
+      NETWORK_QUALITY_OBSERVATION_SOURCE_URL_REQUEST));
+
+  const struct {
+    base::TimeTicks start_timestamp;
+    bool expect_network_quality_available;
+    base::TimeDelta expected_url_request_rtt;
+    int32_t expected_downstream_throughput;
+  } tests[] = {
+      {now + base::TimeDelta::FromSeconds(10), false,
+       base::TimeDelta::FromMilliseconds(0), 0},
+      {now, true, base::TimeDelta::FromMilliseconds(100), 100},
+      {now - base::TimeDelta::FromMicroseconds(500), true,
+       base::TimeDelta::FromMilliseconds(100), 100},
+
+  };
+
+  for (const auto& test : tests) {
+    base::TimeDelta url_request_rtt;
+    int32_t downstream_throughput_kbps;
+    std::vector<NetworkQualityObservationSource> disallowed_observation_sources;
+
+    EXPECT_EQ(
+        test.expect_network_quality_available,
+        time_delta_buffer.GetPercentile(test.start_timestamp, &url_request_rtt,
+                                        50, disallowed_observation_sources));
+    EXPECT_EQ(test.expect_network_quality_available,
+              int_buffer.GetPercentile(test.start_timestamp,
+                                       &downstream_throughput_kbps, 50,
+                                       disallowed_observation_sources));
+
+    if (test.expect_network_quality_available) {
+      EXPECT_EQ(test.expected_url_request_rtt, url_request_rtt);
+      EXPECT_EQ(test.expected_downstream_throughput,
+                downstream_throughput_kbps);
+    }
+  }
+}
+
+}  // namespace
+
+}  // namespace nqe
+
+}  // namespace net
+\ No newline at end of file
diff --git a/chromium/net/nqe/observation_buffer.h b/chromium/net/nqe/observation_buffer.h
new file mode 100644
index 00000000000..cc3f1d86dba
--- /dev/null
+++ b/chromium/net/nqe/observation_buffer.h
@@ -0,0 +1,186 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_NQE_OBSERVATION_BUFFER_H_
+#define NET_NQE_OBSERVATION_BUFFER_H_
+
+#include <float.h>
+
+#include <algorithm>
+#include <deque>
+#include <vector>
+
+#include "base/gtest_prod_util.h"
+#include "base/macros.h"
+#include "base/time/time.h"
+#include "net/base/net_export.h"
+#include "net/nqe/network_quality_observation_source.h"
+#include "net/nqe/weighted_observation.h"
+
+namespace net {
+
+namespace nqe {
+
+namespace internal {
+
+// Stores observations sorted by time.
+template <typename ValueType>
+class NET_EXPORT_PRIVATE ObservationBuffer {
+ public:
+  explicit ObservationBuffer(double weight_multiplier_per_second)
+      : weight_multiplier_per_second_(weight_multiplier_per_second) {
+    static_assert(kMaximumObservationsBufferSize > 0U,
+                  "Minimum size of observation buffer must be > 0");
+    DCHECK_GE(weight_multiplier_per_second_, 0.0);
+    DCHECK_LE(weight_multiplier_per_second_, 1.0);
+  }
+
+  ~ObservationBuffer() {}
+
+  // Adds |observation| to the buffer. The oldest observation in the buffer
+  // will be evicted to make room if the buffer is already full.
+  void AddObservation(const Observation<ValueType>& observation) {
+    DCHECK_LE(observations_.size(),
+              static_cast<size_t>(kMaximumObservationsBufferSize));
+    // Evict the oldest element if the buffer is already full.
+    if (observations_.size() == kMaximumObservationsBufferSize)
+      observations_.pop_front();
+
+    observations_.push_back(observation);
+    DCHECK_LE(observations_.size(),
+              static_cast<size_t>(kMaximumObservationsBufferSize));
+  }
+
+  // Returns the number of observations in this buffer.
+  size_t Size() const { return static_cast<size_t>(observations_.size()); }
+
+  // Returns the capacity of this buffer.
+  size_t Capacity() const {
+    return static_cast<size_t>(kMaximumObservationsBufferSize);
+  }
+
+  // Clears the observations stored in this buffer.
+  void Clear() { observations_.clear(); }
+
+  // Returns true iff the |percentile| value of the observations in this
+  // buffer is available. Sets |result| to the computed |percentile|
+  // value among all observations since |begin_timestamp|. If the value is
+  // unavailable, false is returned and |result| is not modified. Percentile
+  // value is unavailable if all the values in observation buffer are older
+  // than |begin_timestamp|.
+  // |result| must not be null.
+  bool GetPercentile(const base::TimeTicks& begin_timestamp,
+                     ValueType* result,
+                     int percentile,
+                     const std::vector<NetworkQualityObservationSource>&
+                         disallowed_observation_sources) const {
+    DCHECK(result);
+    DCHECK_GE(Capacity(), Size());
+    // Stores WeightedObservation in increasing order of value.
+    std::vector<WeightedObservation<ValueType>> weighted_observations;
+
+    // Total weight of all observations in |weighted_observations|.
+    double total_weight = 0.0;
+
+    ComputeWeightedObservations(begin_timestamp, weighted_observations,
+                                &total_weight, disallowed_observation_sources);
+    if (weighted_observations.empty())
+      return false;
+
+    DCHECK(!weighted_observations.empty());
+    DCHECK_GT(total_weight, 0.0);
+
+    // |weighted_observations| may have a smaller size than observations_ since
+    // the former contains only the observations later than begin_timestamp.
+    DCHECK_GE(observations_.size(), weighted_observations.size());
+
+    double desired_weight = percentile / 100.0 * total_weight;
+
+    double cumulative_weight_seen_so_far = 0.0;
+    for (const auto& weighted_observation : weighted_observations) {
+      cumulative_weight_seen_so_far += weighted_observation.weight;
+
+      if (cumulative_weight_seen_so_far >= desired_weight) {
+        *result = weighted_observation.value;
+        return true;
+      }
+    }
+
+    // Computation may reach here due to floating point errors. This may happen
+    // if |percentile| was 100 (or close to 100), and |desired_weight| was
+    // slightly larger than |total_weight| (due to floating point errors).
+    // In this case, we return the highest |value| among all observations.
+    // This is same as value of the last observation in the sorted vector.
+    *result = weighted_observations.at(weighted_observations.size() - 1).value;
+    return true;
+  }
+
+ private:
+  // Maximum number of observations that can be held in the ObservationBuffer.
+  static const size_t kMaximumObservationsBufferSize = 300;
+
+  // Computes the weighted observations and stores them in
+  // |weighted_observations| sorted by ascending |WeightedObservation.value|.
+  // Only the observations with timestamp later than |begin_timestamp| are
+  // considered. Also, sets |total_weight| to the total weight of all
+  // observations. Should be called only when there is at least one
+  // observation in the buffer.
+  void ComputeWeightedObservations(
+      const base::TimeTicks& begin_timestamp,
+      std::vector<WeightedObservation<ValueType>>& weighted_observations,
+      double* total_weight,
+      const std::vector<NetworkQualityObservationSource>&
+          disallowed_observation_sources) const {
+    DCHECK_GE(Capacity(), Size());
+
+    weighted_observations.clear();
+    double total_weight_observations = 0.0;
+    base::TimeTicks now = base::TimeTicks::Now();
+
+    for (const auto& observation : observations_) {
+      if (observation.timestamp < begin_timestamp)
+        continue;
+      bool disallowed = false;
+      for (const auto& disallowed_source : disallowed_observation_sources) {
+        if (disallowed_source == observation.source)
+          disallowed = true;
+      }
+      if (disallowed)
+        continue;
+      base::TimeDelta time_since_sample_taken = now - observation.timestamp;
+      double weight = pow(weight_multiplier_per_second_,
+                          time_since_sample_taken.InSeconds());
+      weight = std::max(DBL_MIN, std::min(1.0, weight));
+
+      weighted_observations.push_back(
+          WeightedObservation<ValueType>(observation.value, weight));
+      total_weight_observations += weight;
+    }
+
+    // Sort the samples by value in ascending order.
+    std::sort(weighted_observations.begin(), weighted_observations.end());
+    *total_weight = total_weight_observations;
+  }
+
+  // Holds observations sorted by time, with the oldest observation at the
+  // front of the queue.
+  std::deque<Observation<ValueType>> observations_;
+
+  // The factor by which the weight of an observation reduces every second.
+  // For example, if an observation is 6 seconds old, its weight would be:
+  //     weight_multiplier_per_second_ ^ 6
+  // Calculated from |kHalfLifeSeconds| by solving the following equation:
+  //     weight_multiplier_per_second_ ^ kHalfLifeSeconds = 0.5
+  const double weight_multiplier_per_second_;
+
+  DISALLOW_COPY_AND_ASSIGN(ObservationBuffer);
+};
+
+}  // namespace internal
+
+}  // namespace nqe
+
+}  // namespace net
+
+#endif  // NET_NQE_OBSERVATION_BUFFER_H_
+\ No newline at end of file
diff --git a/chromium/net/nqe/weighted_observation.h b/chromium/net/nqe/weighted_observation.h
new file mode 100644
index 00000000000..287442a0229
--- /dev/null
+++ b/chromium/net/nqe/weighted_observation.h
@@ -0,0 +1,55 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_NQE_WEIGHTED_OBSERVATION_H_
+#define NET_NQE_WEIGHTED_OBSERVATION_H_
+
+#include <vector>
+
+#include "base/gtest_prod_util.h"
+#include "base/macros.h"
+#include "base/time/time.h"
+#include "net/base/net_export.h"
+#include "net/nqe/network_quality_observation_source.h"
+
+namespace net {
+
+namespace nqe {
+
+namespace internal {
+
+// Holds an observation and its weight.
+template <typename ValueType>
+struct NET_EXPORT_PRIVATE WeightedObservation {
+  WeightedObservation(ValueType value, double weight)
+      : value(value), weight(weight) {}
+  WeightedObservation(const WeightedObservation& other)
+      : WeightedObservation(other.value, other.weight) {}
+
+  WeightedObservation& operator=(const WeightedObservation& other) {
+    value = other.value;
+    weight = other.weight;
+    return *this;
+  }
+
+  // Required for sorting the samples in the ascending order of values.
+  bool operator<(const WeightedObservation& other) const {
+    return (value < other.value);
+  }
+
+  // Value of the sample.
+  ValueType value;
+
+  // Weight of the sample. This is computed based on how much time has passed
+  // since the sample was taken.
+  double weight;
+};
+
+}  // namespace internal
+
+}  // namespace nqe
+
+}  // namespace net
+
+#endif  // NET_NQE_WEIGHTED_OBSERVATION_H_
+\ No newline at end of file
diff --git a/chromium/net/proxy/dhcp_proxy_script_adapter_fetcher_win.cc b/chromium/net/proxy/dhcp_proxy_script_adapter_fetcher_win.cc
index f4ff1e3b79f..275d7515d78 100644
--- a/chromium/net/proxy/dhcp_proxy_script_adapter_fetcher_win.cc
+++ b/chromium/net/proxy/dhcp_proxy_script_adapter_fetcher_win.cc
@@ -231,7 +231,7 @@ std::string DhcpProxyScriptAdapterFetcher::GetPacURLFromDhcp(
   // The maximum message size is typically 4096 bytes on Windows per
   // http://support.microsoft.com/kb/321592
   DWORD result_buffer_size = 4096;
-  scoped_ptr<BYTE, base::FreeDeleter> result_buffer;
+  std::unique_ptr<BYTE, base::FreeDeleter> result_buffer;
   int retry_count = 0;
   DWORD res = NO_ERROR;
   do {
diff --git a/chromium/net/proxy/dhcp_proxy_script_adapter_fetcher_win.h b/chromium/net/proxy/dhcp_proxy_script_adapter_fetcher_win.h
index e3699aa9c10..7d72537a77e 100644
--- a/chromium/net/proxy/dhcp_proxy_script_adapter_fetcher_win.h
+++ b/chromium/net/proxy/dhcp_proxy_script_adapter_fetcher_win.h
@@ -7,11 +7,11 @@
 
 #include <stddef.h>
 
+#include <memory>
 #include <string>
 
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "base/strings/string16.h"
 #include "base/threading/non_thread_safe.h"
@@ -178,7 +178,7 @@ class NET_EXPORT_PRIVATE DhcpProxyScriptAdapterFetcher
   CompletionCallback callback_;
 
   // Fetcher to retrieve PAC files once URL is known.
-  scoped_ptr<ProxyScriptFetcher> script_fetcher_;
+  std::unique_ptr<ProxyScriptFetcher> script_fetcher_;
 
   // Implements a timeout on the call to the Win32 DHCP API.
   base::OneShotTimer wait_timer_;
diff --git a/chromium/net/proxy/dhcp_proxy_script_adapter_fetcher_win_unittest.cc b/chromium/net/proxy/dhcp_proxy_script_adapter_fetcher_win_unittest.cc
index 5fae7a41fce..9cec7febbec 100644
--- a/chromium/net/proxy/dhcp_proxy_script_adapter_fetcher_win_unittest.cc
+++ b/chromium/net/proxy/dhcp_proxy_script_adapter_fetcher_win_unittest.cc
@@ -162,9 +162,9 @@ class FetcherClient {
   }
 
   TestCompletionCallback callback_;
-  scoped_ptr<URLRequestContext> url_request_context_;
+  std::unique_ptr<URLRequestContext> url_request_context_;
   scoped_refptr<base::SequencedWorkerPool> worker_pool_;
-  scoped_ptr<MockDhcpProxyScriptAdapterFetcher> fetcher_;
+  std::unique_ptr<MockDhcpProxyScriptAdapterFetcher> fetcher_;
   base::string16 pac_text_;
 };
 
diff --git a/chromium/net/proxy/dhcp_proxy_script_fetcher_factory.cc b/chromium/net/proxy/dhcp_proxy_script_fetcher_factory.cc
index 75c0913cba1..f663d79d3ea 100644
--- a/chromium/net/proxy/dhcp_proxy_script_fetcher_factory.cc
+++ b/chromium/net/proxy/dhcp_proxy_script_fetcher_factory.cc
@@ -4,6 +4,7 @@
 
 #include "net/proxy/dhcp_proxy_script_fetcher_factory.h"
 
+#include "base/memory/ptr_util.h"
 #include "net/base/net_errors.h"
 #include "net/proxy/dhcp_proxy_script_fetcher.h"
 
@@ -18,13 +19,13 @@ DhcpProxyScriptFetcherFactory::DhcpProxyScriptFetcherFactory()
   set_enabled(true);
 }
 
-scoped_ptr<DhcpProxyScriptFetcher> DhcpProxyScriptFetcherFactory::Create(
+std::unique_ptr<DhcpProxyScriptFetcher> DhcpProxyScriptFetcherFactory::Create(
     URLRequestContext* context) {
   if (!feature_enabled_) {
-    return make_scoped_ptr(new DoNothingDhcpProxyScriptFetcher());
+    return base::WrapUnique(new DoNothingDhcpProxyScriptFetcher());
   } else {
     DCHECK(IsSupported());
-    scoped_ptr<DhcpProxyScriptFetcher> ret;
+    std::unique_ptr<DhcpProxyScriptFetcher> ret;
 #if defined(OS_WIN)
     ret.reset(new DhcpProxyScriptFetcherWin(context));
 #endif
diff --git a/chromium/net/proxy/dhcp_proxy_script_fetcher_factory.h b/chromium/net/proxy/dhcp_proxy_script_fetcher_factory.h
index 45734e37352..46d3845c133 100644
--- a/chromium/net/proxy/dhcp_proxy_script_fetcher_factory.h
+++ b/chromium/net/proxy/dhcp_proxy_script_fetcher_factory.h
@@ -5,8 +5,9 @@
 #ifndef NET_PROXY_DHCP_SCRIPT_FETCHER_FACTORY_H_
 #define NET_PROXY_DHCP_SCRIPT_FETCHER_FACTORY_H_
 
+#include <memory>
+
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/singleton.h"
 #include "net/base/completion_callback.h"
 #include "net/base/net_export.h"
@@ -42,7 +43,7 @@ class NET_EXPORT DhcpProxyScriptFetcherFactory {
   // reference to |url_request_context|. Be careful not to create cycles
   // between the fetcher and the context; you can break such cycles by calling
   // Cancel().
-  scoped_ptr<DhcpProxyScriptFetcher> Create(
+  std::unique_ptr<DhcpProxyScriptFetcher> Create(
       URLRequestContext* url_request_context);
 
   // Attempts to enable/disable the DHCP WPAD feature.  Does nothing
diff --git a/chromium/net/proxy/dhcp_proxy_script_fetcher_factory_unittest.cc b/chromium/net/proxy/dhcp_proxy_script_fetcher_factory_unittest.cc
index 9eb7c67f1f1..71d67e79be2 100644
--- a/chromium/net/proxy/dhcp_proxy_script_fetcher_factory_unittest.cc
+++ b/chromium/net/proxy/dhcp_proxy_script_fetcher_factory_unittest.cc
@@ -13,7 +13,7 @@ namespace {
 TEST(DhcpProxyScriptFetcherFactoryTest, DoNothingWhenDisabled) {
   DhcpProxyScriptFetcherFactory factory;
   factory.set_enabled(false);
-  scoped_ptr<DhcpProxyScriptFetcher> fetcher(factory.Create(NULL));
+  std::unique_ptr<DhcpProxyScriptFetcher> fetcher(factory.Create(NULL));
   EXPECT_EQ("", fetcher->GetFetcherName());
 }
 
@@ -22,8 +22,9 @@ TEST(DhcpProxyScriptFetcherFactoryTest, WindowsFetcherOnWindows) {
   DhcpProxyScriptFetcherFactory factory;
   factory.set_enabled(true);
 
-  scoped_ptr<TestURLRequestContext> context(new TestURLRequestContext());
-  scoped_ptr<DhcpProxyScriptFetcher> fetcher(factory.Create(context.get()));
+  std::unique_ptr<TestURLRequestContext> context(new TestURLRequestContext());
+  std::unique_ptr<DhcpProxyScriptFetcher> fetcher(
+      factory.Create(context.get()));
   EXPECT_EQ("win", fetcher->GetFetcherName());
 }
 #endif  // defined(OS_WIN)
diff --git a/chromium/net/proxy/dhcp_proxy_script_fetcher_win.cc b/chromium/net/proxy/dhcp_proxy_script_fetcher_win.cc
index f9463dde1c8..87006114929 100644
--- a/chromium/net/proxy/dhcp_proxy_script_fetcher_win.cc
+++ b/chromium/net/proxy/dhcp_proxy_script_fetcher_win.cc
@@ -4,12 +4,12 @@
 
 #include "net/proxy/dhcp_proxy_script_fetcher_win.h"
 
+#include <memory>
 #include <vector>
 
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/memory/free_deleter.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/profiler/scoped_tracker.h"
 #include "base/threading/sequenced_worker_pool.h"
 #include "net/base/net_errors.h"
@@ -176,7 +176,7 @@ void DhcpProxyScriptFetcherWin::OnGetCandidateAdapterNamesDone(
   for (std::set<std::string>::const_iterator it = adapter_names.begin();
        it != adapter_names.end();
        ++it) {
-    scoped_ptr<DhcpProxyScriptAdapterFetcher> fetcher(
+    std::unique_ptr<DhcpProxyScriptAdapterFetcher> fetcher(
         ImplCreateAdapterFetcher());
     fetcher->Fetch(
         *it, base::Bind(&DhcpProxyScriptFetcherWin::OnFetcherDone,
@@ -318,7 +318,7 @@ bool DhcpProxyScriptFetcherWin::GetCandidateAdapterNames(
   // The GetAdaptersAddresses MSDN page recommends using a size of 15000 to
   // avoid reallocation.
   ULONG adapters_size = 15000;
-  scoped_ptr<IP_ADAPTER_ADDRESSES, base::FreeDeleter> adapters;
+  std::unique_ptr<IP_ADAPTER_ADDRESSES, base::FreeDeleter> adapters;
   ULONG error = ERROR_SUCCESS;
   int num_tries = 0;
 
diff --git a/chromium/net/proxy/dhcp_proxy_script_fetcher_win.h b/chromium/net/proxy/dhcp_proxy_script_fetcher_win.h
index 2620fc5f64d..1bca0635036 100644
--- a/chromium/net/proxy/dhcp_proxy_script_fetcher_win.h
+++ b/chromium/net/proxy/dhcp_proxy_script_fetcher_win.h
@@ -5,13 +5,13 @@
 #ifndef NET_PROXY_DHCP_PROXY_SCRIPT_FETCHER_WIN_H_
 #define NET_PROXY_DHCP_PROXY_SCRIPT_FETCHER_WIN_H_
 
+#include <memory>
 #include <set>
 #include <string>
 #include <vector>
 
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/threading/non_thread_safe.h"
 #include "base/time/time.h"
 #include "base/timer/timer.h"
@@ -144,7 +144,8 @@ class NET_EXPORT_PRIVATE DhcpProxyScriptFetcherWin
   // Vector, in Windows' network adapter preference order, of
   // DhcpProxyScriptAdapterFetcher objects that are or were attempting
   // to fetch a PAC file based on DHCP configuration.
-  using FetcherVector = std::vector<scoped_ptr<DhcpProxyScriptAdapterFetcher>>;
+  using FetcherVector =
+      std::vector<std::unique_ptr<DhcpProxyScriptAdapterFetcher>>;
   FetcherVector fetchers_;
 
   // Number of fetchers we are waiting for.
diff --git a/chromium/net/proxy/dhcp_proxy_script_fetcher_win_unittest.cc b/chromium/net/proxy/dhcp_proxy_script_fetcher_win_unittest.cc
index a1a23821a6b..0f1f252f5ac 100644
--- a/chromium/net/proxy/dhcp_proxy_script_fetcher_win_unittest.cc
+++ b/chromium/net/proxy/dhcp_proxy_script_fetcher_win_unittest.cc
@@ -108,8 +108,8 @@ class RealFetchTester {
     base::PlatformThread::Sleep(base::TimeDelta::FromMilliseconds(30));
   }
 
-  scoped_ptr<URLRequestContext> context_;
-  scoped_ptr<DhcpProxyScriptFetcherWin> fetcher_;
+  std::unique_ptr<URLRequestContext> context_;
+  std::unique_ptr<DhcpProxyScriptFetcherWin> fetcher_;
   bool finished_;
   base::string16 pac_text_;
   base::OneShotTimer timeout_;
@@ -308,7 +308,7 @@ class MockDhcpProxyScriptFetcherWin : public DhcpProxyScriptFetcherWin {
                                    int result,
                                    base::string16 pac_script,
                                    base::TimeDelta fetch_delay) {
-    scoped_ptr<DummyDhcpProxyScriptAdapterFetcher> adapter_fetcher(
+    std::unique_ptr<DummyDhcpProxyScriptAdapterFetcher> adapter_fetcher(
         new DummyDhcpProxyScriptAdapterFetcher(url_request_context(),
                                                GetTaskRunner()));
     adapter_fetcher->Configure(
@@ -416,7 +416,7 @@ class FetcherClient {
     return fetcher_.GetTaskRunner();
   }
 
-  scoped_ptr<URLRequestContext> context_;
+  std::unique_ptr<URLRequestContext> context_;
   MockDhcpProxyScriptFetcherWin fetcher_;
   bool finished_;
   int result_;
@@ -427,7 +427,7 @@ class FetcherClient {
 // the ReuseFetcher test at the bottom.
 void TestNormalCaseURLConfiguredOneAdapter(FetcherClient* client) {
   TestURLRequestContext context;
-  scoped_ptr<DummyDhcpProxyScriptAdapterFetcher> adapter_fetcher(
+  std::unique_ptr<DummyDhcpProxyScriptAdapterFetcher> adapter_fetcher(
       new DummyDhcpProxyScriptAdapterFetcher(&context,
                                              client->GetTaskRunner()));
   adapter_fetcher->Configure(true, OK, L"bingo", 1);
@@ -588,7 +588,7 @@ TEST(DhcpProxyScriptFetcherWin, ShortCircuitLessPreferredAdapters) {
 
 void TestImmediateCancel(FetcherClient* client) {
   TestURLRequestContext context;
-  scoped_ptr<DummyDhcpProxyScriptAdapterFetcher> adapter_fetcher(
+  std::unique_ptr<DummyDhcpProxyScriptAdapterFetcher> adapter_fetcher(
       new DummyDhcpProxyScriptAdapterFetcher(&context,
                                              client->GetTaskRunner()));
   adapter_fetcher->Configure(true, OK, L"bingo", 1);
diff --git a/chromium/net/proxy/in_process_mojo_proxy_resolver_factory.cc b/chromium/net/proxy/in_process_mojo_proxy_resolver_factory.cc
index 5e1574b92dd..ff9dd852247 100644
--- a/chromium/net/proxy/in_process_mojo_proxy_resolver_factory.cc
+++ b/chromium/net/proxy/in_process_mojo_proxy_resolver_factory.cc
@@ -27,7 +27,7 @@ InProcessMojoProxyResolverFactory::InProcessMojoProxyResolverFactory() {
 InProcessMojoProxyResolverFactory::~InProcessMojoProxyResolverFactory() =
     default;
 
-scoped_ptr<base::ScopedClosureRunner>
+std::unique_ptr<base::ScopedClosureRunner>
 InProcessMojoProxyResolverFactory::CreateResolver(
     const mojo::String& pac_script,
     mojo::InterfaceRequest<interfaces::ProxyResolver> req,
diff --git a/chromium/net/proxy/in_process_mojo_proxy_resolver_factory.h b/chromium/net/proxy/in_process_mojo_proxy_resolver_factory.h
index c6ee223ca65..b5ccb101439 100644
--- a/chromium/net/proxy/in_process_mojo_proxy_resolver_factory.h
+++ b/chromium/net/proxy/in_process_mojo_proxy_resolver_factory.h
@@ -23,7 +23,7 @@ class InProcessMojoProxyResolverFactory : public MojoProxyResolverFactory {
   static InProcessMojoProxyResolverFactory* GetInstance();
 
   // Overridden from MojoProxyResolverFactory:
-  scoped_ptr<base::ScopedClosureRunner> CreateResolver(
+  std::unique_ptr<base::ScopedClosureRunner> CreateResolver(
       const mojo::String& pac_script,
       mojo::InterfaceRequest<interfaces::ProxyResolver> req,
       interfaces::ProxyResolverFactoryRequestClientPtr client) override;
diff --git a/chromium/net/proxy/mock_proxy_resolver.cc b/chromium/net/proxy/mock_proxy_resolver.cc
index 21cac0026cb..2a772452dd3 100644
--- a/chromium/net/proxy/mock_proxy_resolver.cc
+++ b/chromium/net/proxy/mock_proxy_resolver.cc
@@ -7,6 +7,7 @@
 #include <utility>
 
 #include "base/logging.h"
+#include "base/memory/ptr_util.h"
 #include "base/message_loop/message_loop.h"
 
 namespace net {
@@ -74,20 +75,19 @@ MockAsyncProxyResolver::MockAsyncProxyResolver() {
 MockAsyncProxyResolverFactory::Request::Request(
     MockAsyncProxyResolverFactory* factory,
     const scoped_refptr<ProxyResolverScriptData>& script_data,
-    scoped_ptr<ProxyResolver>* resolver,
+    std::unique_ptr<ProxyResolver>* resolver,
     const CompletionCallback& callback)
     : factory_(factory),
       script_data_(script_data),
       resolver_(resolver),
-      callback_(callback) {
-}
+      callback_(callback) {}
 
 MockAsyncProxyResolverFactory::Request::~Request() {
 }
 
 void MockAsyncProxyResolverFactory::Request::CompleteNow(
     int rv,
-    scoped_ptr<ProxyResolver> resolver) {
+    std::unique_ptr<ProxyResolver> resolver) {
   *resolver_ = std::move(resolver);
 
   // RemovePendingRequest may remove the last external reference to |this|.
@@ -101,7 +101,7 @@ void MockAsyncProxyResolverFactory::Request::CompleteNowWithForwarder(
     int rv,
     ProxyResolver* resolver) {
   DCHECK(resolver);
-  CompleteNow(rv, make_scoped_ptr(new ForwardingProxyResolver(resolver)));
+  CompleteNow(rv, base::WrapUnique(new ForwardingProxyResolver(resolver)));
 }
 
 void MockAsyncProxyResolverFactory::Request::FactoryDestroyed() {
@@ -132,9 +132,9 @@ MockAsyncProxyResolverFactory::MockAsyncProxyResolverFactory(
 
 int MockAsyncProxyResolverFactory::CreateProxyResolver(
     const scoped_refptr<ProxyResolverScriptData>& pac_script,
-    scoped_ptr<ProxyResolver>* resolver,
+    std::unique_ptr<ProxyResolver>* resolver,
     const net::CompletionCallback& callback,
-    scoped_ptr<ProxyResolverFactory::Request>* request_handle) {
+    std::unique_ptr<ProxyResolverFactory::Request>* request_handle) {
   scoped_refptr<Request> request =
       new Request(this, pac_script, resolver, callback);
   pending_requests_.push_back(request);
diff --git a/chromium/net/proxy/mock_proxy_resolver.h b/chromium/net/proxy/mock_proxy_resolver.h
index 9ed3348b3fa..a50607bfe40 100644
--- a/chromium/net/proxy/mock_proxy_resolver.h
+++ b/chromium/net/proxy/mock_proxy_resolver.h
@@ -5,10 +5,10 @@
 #ifndef NET_PROXY_MOCK_PROXY_RESOLVER_H_
 #define NET_PROXY_MOCK_PROXY_RESOLVER_H_
 
+#include <memory>
 #include <vector>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_errors.h"
 #include "net/proxy/proxy_resolver.h"
 #include "net/proxy/proxy_resolver_factory.h"
@@ -90,9 +90,9 @@ class MockAsyncProxyResolverFactory : public ProxyResolverFactory {
 
   int CreateProxyResolver(
       const scoped_refptr<ProxyResolverScriptData>& pac_script,
-      scoped_ptr<ProxyResolver>* resolver,
+      std::unique_ptr<ProxyResolver>* resolver,
       const CompletionCallback& callback,
-      scoped_ptr<ProxyResolverFactory::Request>* request) override;
+      std::unique_ptr<ProxyResolverFactory::Request>* request) override;
 
   const RequestsList& pending_requests() const { return pending_requests_; }
 
@@ -111,7 +111,7 @@ class MockAsyncProxyResolverFactory::Request
  public:
   Request(MockAsyncProxyResolverFactory* factory,
           const scoped_refptr<ProxyResolverScriptData>& script_data,
-          scoped_ptr<ProxyResolver>* resolver,
+          std::unique_ptr<ProxyResolver>* resolver,
           const CompletionCallback& callback);
 
   const scoped_refptr<ProxyResolverScriptData>& script_data() const {
@@ -124,7 +124,7 @@ class MockAsyncProxyResolverFactory::Request
   // remains in use.
   void CompleteNowWithForwarder(int rv, ProxyResolver* resolver);
 
-  void CompleteNow(int rv, scoped_ptr<ProxyResolver> resolver);
+  void CompleteNow(int rv, std::unique_ptr<ProxyResolver> resolver);
 
  private:
   friend class base::RefCounted<Request>;
@@ -137,7 +137,7 @@ class MockAsyncProxyResolverFactory::Request
 
   MockAsyncProxyResolverFactory* factory_;
   const scoped_refptr<ProxyResolverScriptData> script_data_;
-  scoped_ptr<ProxyResolver>* resolver_;
+  std::unique_ptr<ProxyResolver>* resolver_;
   CompletionCallback callback_;
 };
 
diff --git a/chromium/net/proxy/mojo_proxy_resolver_factory.h b/chromium/net/proxy/mojo_proxy_resolver_factory.h
index 98cb3475f8f..255ba093c85 100644
--- a/chromium/net/proxy/mojo_proxy_resolver_factory.h
+++ b/chromium/net/proxy/mojo_proxy_resolver_factory.h
@@ -5,8 +5,9 @@
 #ifndef NET_PROXY_MOJO_PROXY_RESOLVER_FACTORY_H_
 #define NET_PROXY_MOJO_PROXY_RESOLVER_FACTORY_H_
 
+#include <memory>
+
 #include "base/callback_helpers.h"
-#include "base/memory/scoped_ptr.h"
 #include "mojo/public/cpp/bindings/interface_request.h"
 #include "net/interfaces/host_resolver_service.mojom.h"
 #include "net/interfaces/proxy_resolver_service.mojom.h"
@@ -20,7 +21,7 @@ class MojoProxyResolverFactory {
   // |host_resolver| as the DNS resolver. The return value should be released
   // when the connection to |req| is no longer needed.
   // Note: The connection request |req| may be resolved asynchronously.
-  virtual scoped_ptr<base::ScopedClosureRunner> CreateResolver(
+  virtual std::unique_ptr<base::ScopedClosureRunner> CreateResolver(
       const mojo::String& pac_script,
       mojo::InterfaceRequest<interfaces::ProxyResolver> req,
       interfaces::ProxyResolverFactoryRequestClientPtr client) = 0;
diff --git a/chromium/net/proxy/mojo_proxy_resolver_factory_impl.cc b/chromium/net/proxy/mojo_proxy_resolver_factory_impl.cc
index 49b23ea25fb..65b6a482531 100644
--- a/chromium/net/proxy/mojo_proxy_resolver_factory_impl.cc
+++ b/chromium/net/proxy/mojo_proxy_resolver_factory_impl.cc
@@ -8,6 +8,7 @@
 #include <utility>
 
 #include "base/macros.h"
+#include "base/memory/ptr_util.h"
 #include "base/stl_util.h"
 #include "net/base/net_errors.h"
 #include "net/proxy/mojo_proxy_resolver_impl.h"
@@ -23,7 +24,7 @@ namespace {
 class MojoProxyResolverHolder {
  public:
   MojoProxyResolverHolder(
-      scoped_ptr<ProxyResolverV8Tracing> proxy_resolver_impl,
+      std::unique_ptr<ProxyResolverV8Tracing> proxy_resolver_impl,
       mojo::InterfaceRequest<interfaces::ProxyResolver> request);
 
  private:
@@ -37,7 +38,7 @@ class MojoProxyResolverHolder {
 };
 
 MojoProxyResolverHolder::MojoProxyResolverHolder(
-    scoped_ptr<ProxyResolverV8Tracing> proxy_resolver_impl,
+    std::unique_ptr<ProxyResolverV8Tracing> proxy_resolver_impl,
     mojo::InterfaceRequest<interfaces::ProxyResolver> request)
     : mojo_proxy_resolver_(std::move(proxy_resolver_impl)),
       binding_(&mojo_proxy_resolver_, std::move(request)) {
@@ -67,10 +68,10 @@ class MojoProxyResolverFactoryImpl::Job {
   void OnProxyResolverCreated(int error);
 
   MojoProxyResolverFactoryImpl* const parent_;
-  scoped_ptr<ProxyResolverV8Tracing> proxy_resolver_impl_;
+  std::unique_ptr<ProxyResolverV8Tracing> proxy_resolver_impl_;
   mojo::InterfaceRequest<interfaces::ProxyResolver> proxy_request_;
   ProxyResolverV8TracingFactory* factory_;
-  scoped_ptr<net::ProxyResolverFactory::Request> request_;
+  std::unique_ptr<net::ProxyResolverFactory::Request> request_;
   interfaces::ProxyResolverFactoryRequestClientPtr client_ptr_;
 
   DISALLOW_COPY_AND_ASSIGN(Job);
@@ -91,8 +92,8 @@ MojoProxyResolverFactoryImpl::Job::Job(
                  base::Unretained(this)));
   factory_->CreateProxyResolverV8Tracing(
       pac_script,
-      make_scoped_ptr(new MojoProxyResolverV8TracingBindings<
-                      interfaces::ProxyResolverFactoryRequestClient>(
+      base::WrapUnique(new MojoProxyResolverV8TracingBindings<
+                       interfaces::ProxyResolverFactoryRequestClient>(
           client_ptr_.get())),
       &proxy_resolver_impl_,
       base::Bind(&MojoProxyResolverFactoryImpl::Job::OnProxyResolverCreated,
@@ -119,7 +120,7 @@ void MojoProxyResolverFactoryImpl::Job::OnProxyResolverCreated(int error) {
 }
 
 MojoProxyResolverFactoryImpl::MojoProxyResolverFactoryImpl(
-    scoped_ptr<ProxyResolverV8TracingFactory> proxy_resolver_factory,
+    std::unique_ptr<ProxyResolverV8TracingFactory> proxy_resolver_factory,
     mojo::InterfaceRequest<interfaces::ProxyResolverFactory> request)
     : proxy_resolver_impl_factory_(std::move(proxy_resolver_factory)),
       binding_(this, std::move(request)) {}
diff --git a/chromium/net/proxy/mojo_proxy_resolver_factory_impl.h b/chromium/net/proxy/mojo_proxy_resolver_factory_impl.h
index 44646e70148..e305e47fd4a 100644
--- a/chromium/net/proxy/mojo_proxy_resolver_factory_impl.h
+++ b/chromium/net/proxy/mojo_proxy_resolver_factory_impl.h
@@ -22,7 +22,7 @@ class MojoProxyResolverFactoryImpl : public interfaces::ProxyResolverFactory {
   explicit MojoProxyResolverFactoryImpl(
       mojo::InterfaceRequest<interfaces::ProxyResolverFactory> request);
   MojoProxyResolverFactoryImpl(
-      scoped_ptr<ProxyResolverV8TracingFactory> proxy_resolver_factory,
+      std::unique_ptr<ProxyResolverV8TracingFactory> proxy_resolver_factory,
       mojo::InterfaceRequest<interfaces::ProxyResolverFactory> request);
 
   ~MojoProxyResolverFactoryImpl() override;
@@ -38,7 +38,8 @@ class MojoProxyResolverFactoryImpl : public interfaces::ProxyResolverFactory {
 
   void RemoveJob(Job* job);
 
-  const scoped_ptr<ProxyResolverV8TracingFactory> proxy_resolver_impl_factory_;
+  const std::unique_ptr<ProxyResolverV8TracingFactory>
+      proxy_resolver_impl_factory_;
   mojo::StrongBinding<interfaces::ProxyResolverFactory> binding_;
 
   std::set<Job*> jobs_;
diff --git a/chromium/net/proxy/mojo_proxy_resolver_factory_impl_unittest.cc b/chromium/net/proxy/mojo_proxy_resolver_factory_impl_unittest.cc
index c7fb51bcb8b..a3c6216d907 100644
--- a/chromium/net/proxy/mojo_proxy_resolver_factory_impl_unittest.cc
+++ b/chromium/net/proxy/mojo_proxy_resolver_factory_impl_unittest.cc
@@ -6,6 +6,7 @@
 
 #include <utility>
 
+#include "base/memory/ptr_util.h"
 #include "base/strings/utf_string_conversions.h"
 #include "mojo/public/cpp/bindings/binding.h"
 #include "net/base/test_completion_callback.h"
@@ -32,7 +33,7 @@ class FakeProxyResolver : public ProxyResolverV8Tracing {
                       ProxyInfo* results,
                       const CompletionCallback& callback,
                       ProxyResolver::RequestHandle* request,
-                      scoped_ptr<Bindings> bindings) override {}
+                      std::unique_ptr<Bindings> bindings) override {}
 
   void CancelRequest(ProxyResolver::RequestHandle request) override {}
 
@@ -53,7 +54,7 @@ enum Event {
 class TestProxyResolverFactory : public ProxyResolverV8TracingFactory {
  public:
   struct PendingRequest {
-    scoped_ptr<ProxyResolverV8Tracing>* resolver;
+    std::unique_ptr<ProxyResolverV8Tracing>* resolver;
     CompletionCallback callback;
   };
 
@@ -62,10 +63,10 @@ class TestProxyResolverFactory : public ProxyResolverV8TracingFactory {
 
   void CreateProxyResolverV8Tracing(
       const scoped_refptr<ProxyResolverScriptData>& pac_script,
-      scoped_ptr<ProxyResolverV8Tracing::Bindings> bindings,
-      scoped_ptr<ProxyResolverV8Tracing>* resolver,
+      std::unique_ptr<ProxyResolverV8Tracing::Bindings> bindings,
+      std::unique_ptr<ProxyResolverV8Tracing>* resolver,
       const CompletionCallback& callback,
-      scoped_ptr<ProxyResolverFactory::Request>* request) override {
+      std::unique_ptr<ProxyResolverFactory::Request>* request) override {
     requests_handled_++;
     waiter_->NotifyEvent(RESOLVER_CREATED);
     EXPECT_EQ(base::ASCIIToUTF16(kScriptData), pac_script->utf16());
@@ -87,7 +88,7 @@ class TestProxyResolverFactory : public ProxyResolverV8TracingFactory {
  private:
   EventWaiter<Event>* waiter_;
   size_t requests_handled_ = 0;
-  scoped_ptr<PendingRequest> pending_request_;
+  std::unique_ptr<PendingRequest> pending_request_;
 };
 
 }  // namespace
@@ -98,7 +99,7 @@ class MojoProxyResolverFactoryImplTest
  public:
   void SetUp() override {
     mock_factory_ = new TestProxyResolverFactory(&waiter_);
-    new MojoProxyResolverFactoryImpl(make_scoped_ptr(mock_factory_),
+    new MojoProxyResolverFactoryImpl(base::WrapUnique(mock_factory_),
                                      mojo::GetProxy(&factory_));
   }
 
@@ -119,7 +120,7 @@ class MojoProxyResolverFactoryImplTest
                   interfaces::HostResolverRequestClientPtr client) override {}
 
  protected:
-  scoped_ptr<TestProxyResolverFactory> mock_factory_owner_;
+  std::unique_ptr<TestProxyResolverFactory> mock_factory_owner_;
   TestProxyResolverFactory* mock_factory_;
   interfaces::ProxyResolverFactoryPtr factory_;
 
diff --git a/chromium/net/proxy/mojo_proxy_resolver_impl.cc b/chromium/net/proxy/mojo_proxy_resolver_impl.cc
index bbac2e72cca..06afee44b3a 100644
--- a/chromium/net/proxy/mojo_proxy_resolver_impl.cc
+++ b/chromium/net/proxy/mojo_proxy_resolver_impl.cc
@@ -7,6 +7,7 @@
 #include <utility>
 
 #include "base/macros.h"
+#include "base/memory/ptr_util.h"
 #include "base/stl_util.h"
 #include "mojo/common/url_type_converters.h"
 #include "net/base/net_errors.h"
@@ -47,7 +48,7 @@ class MojoProxyResolverImpl::Job {
 };
 
 MojoProxyResolverImpl::MojoProxyResolverImpl(
-    scoped_ptr<ProxyResolverV8Tracing> resolver)
+    std::unique_ptr<ProxyResolverV8Tracing> resolver)
     : resolver_(std::move(resolver)) {}
 
 MojoProxyResolverImpl::~MojoProxyResolverImpl() {
@@ -89,8 +90,8 @@ void MojoProxyResolverImpl::Job::Start() {
   resolver_->resolver_->GetProxyForURL(
       url_, &result_, base::Bind(&Job::GetProxyDone, base::Unretained(this)),
       &request_handle_,
-      make_scoped_ptr(new MojoProxyResolverV8TracingBindings<
-                      interfaces::ProxyResolverRequestClient>(client_.get())));
+      base::WrapUnique(new MojoProxyResolverV8TracingBindings<
+                       interfaces::ProxyResolverRequestClient>(client_.get())));
   client_.set_connection_error_handler(base::Bind(
       &MojoProxyResolverImpl::Job::OnConnectionError, base::Unretained(this)));
 }
diff --git a/chromium/net/proxy/mojo_proxy_resolver_impl.h b/chromium/net/proxy/mojo_proxy_resolver_impl.h
index 75280042f5e..3b46651520e 100644
--- a/chromium/net/proxy/mojo_proxy_resolver_impl.h
+++ b/chromium/net/proxy/mojo_proxy_resolver_impl.h
@@ -6,12 +6,12 @@
 #define NET_PROXY_MOJO_PROXY_RESOLVER_IMPL_H_
 
 #include <map>
+#include <memory>
 #include <queue>
 #include <set>
 
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/interfaces/proxy_resolver_service.mojom.h"
 #include "net/proxy/proxy_resolver.h"
 
@@ -20,7 +20,8 @@ class ProxyResolverV8Tracing;
 
 class MojoProxyResolverImpl : public interfaces::ProxyResolver {
  public:
-  explicit MojoProxyResolverImpl(scoped_ptr<ProxyResolverV8Tracing> resolver);
+  explicit MojoProxyResolverImpl(
+      std::unique_ptr<ProxyResolverV8Tracing> resolver);
 
   ~MojoProxyResolverImpl() override;
 
@@ -34,7 +35,7 @@ class MojoProxyResolverImpl : public interfaces::ProxyResolver {
 
   void DeleteJob(Job* job);
 
-  scoped_ptr<ProxyResolverV8Tracing> resolver_;
+  std::unique_ptr<ProxyResolverV8Tracing> resolver_;
   std::set<Job*> resolve_jobs_;
 
   DISALLOW_COPY_AND_ASSIGN(MojoProxyResolverImpl);
diff --git a/chromium/net/proxy/mojo_proxy_resolver_impl_unittest.cc b/chromium/net/proxy/mojo_proxy_resolver_impl_unittest.cc
index b045b27b300..04c4416264d 100644
--- a/chromium/net/proxy/mojo_proxy_resolver_impl_unittest.cc
+++ b/chromium/net/proxy/mojo_proxy_resolver_impl_unittest.cc
@@ -115,7 +115,7 @@ class MockProxyResolverV8Tracing : public ProxyResolverV8Tracing {
                       ProxyInfo* results,
                       const CompletionCallback& callback,
                       ProxyResolver::RequestHandle* request,
-                      scoped_ptr<Bindings> bindings) override;
+                      std::unique_ptr<Bindings> bindings) override;
   void CancelRequest(ProxyResolver::RequestHandle request_handle) override;
   LoadState GetLoadState(ProxyResolver::RequestHandle request) const override;
 
@@ -134,7 +134,7 @@ void MockProxyResolverV8Tracing::GetProxyForURL(
     ProxyInfo* results,
     const CompletionCallback& callback,
     ProxyResolver::RequestHandle* request,
-    scoped_ptr<Bindings> bindings) {
+    std::unique_ptr<Bindings> bindings) {
   pending_requests_.push_back(Request());
   auto& pending_request = pending_requests_.back();
   pending_request.url = url;
@@ -175,7 +175,7 @@ void MockProxyResolverV8Tracing::WaitForCancel() {
 class MojoProxyResolverImplTest : public testing::Test {
  protected:
   void SetUp() override {
-    scoped_ptr<MockProxyResolverV8Tracing> mock_resolver(
+    std::unique_ptr<MockProxyResolverV8Tracing> mock_resolver(
         new MockProxyResolverV8Tracing);
     mock_proxy_resolver_ = mock_resolver.get();
     resolver_impl_.reset(new MojoProxyResolverImpl(std::move(mock_resolver)));
@@ -184,7 +184,7 @@ class MojoProxyResolverImplTest : public testing::Test {
 
   MockProxyResolverV8Tracing* mock_proxy_resolver_;
 
-  scoped_ptr<MojoProxyResolverImpl> resolver_impl_;
+  std::unique_ptr<MojoProxyResolverImpl> resolver_impl_;
   interfaces::ProxyResolver* resolver_;
 };
 
@@ -296,7 +296,7 @@ TEST_F(MojoProxyResolverImplTest, GetProxyForUrlMultiple) {
 
 TEST_F(MojoProxyResolverImplTest, DestroyClient) {
   interfaces::ProxyResolverRequestClientPtr client_ptr;
-  scoped_ptr<TestRequestClient> client(
+  std::unique_ptr<TestRequestClient> client(
       new TestRequestClient(mojo::GetProxy(&client_ptr)));
 
   resolver_->GetProxyForUrl("http://example.com", std::move(client_ptr));
diff --git a/chromium/net/proxy/mojo_proxy_resolver_v8_tracing_bindings_unittest.cc b/chromium/net/proxy/mojo_proxy_resolver_v8_tracing_bindings_unittest.cc
index 60058a7be12..47d12486475 100644
--- a/chromium/net/proxy/mojo_proxy_resolver_v8_tracing_bindings_unittest.cc
+++ b/chromium/net/proxy/mojo_proxy_resolver_v8_tracing_bindings_unittest.cc
@@ -35,8 +35,9 @@ class MojoProxyResolverV8TracingBindingsTest : public testing::Test {
                   interfaces::HostResolverRequestClientPtr client) {}
 
  protected:
-  scoped_ptr<MojoProxyResolverV8TracingBindings<
-      MojoProxyResolverV8TracingBindingsTest>> bindings_;
+  std::unique_ptr<MojoProxyResolverV8TracingBindings<
+      MojoProxyResolverV8TracingBindingsTest>>
+      bindings_;
 
   std::vector<std::string> alerts_;
   std::vector<std::pair<int, std::string>> errors_;
diff --git a/chromium/net/proxy/multi_threaded_proxy_resolver.cc b/chromium/net/proxy/multi_threaded_proxy_resolver.cc
index 5eae4f744e8..0c1612b5942 100644
--- a/chromium/net/proxy/multi_threaded_proxy_resolver.cc
+++ b/chromium/net/proxy/multi_threaded_proxy_resolver.cc
@@ -15,10 +15,10 @@
 #include "base/stl_util.h"
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
-#include "base/thread_task_runner_handle.h"
 #include "base/threading/non_thread_safe.h"
 #include "base/threading/thread.h"
 #include "base/threading/thread_restrictions.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/net_errors.h"
 #include "net/log/net_log.h"
 #include "net/proxy/proxy_info.h"
@@ -64,7 +64,7 @@ class Executor : public base::RefCountedThreadSafe<Executor> {
 
   int thread_number() const { return thread_number_; }
 
-  void set_resolver(scoped_ptr<ProxyResolver> resolver) {
+  void set_resolver(std::unique_ptr<ProxyResolver> resolver) {
     resolver_ = std::move(resolver);
   }
 
@@ -86,13 +86,13 @@ class Executor : public base::RefCountedThreadSafe<Executor> {
   scoped_refptr<Job> outstanding_job_;
 
   // The synchronous resolver implementation.
-  scoped_ptr<ProxyResolver> resolver_;
+  std::unique_ptr<ProxyResolver> resolver_;
 
   // The thread where |resolver_| is run on.
   // Note that declaration ordering is important here. |thread_| needs to be
   // destroyed *before* |resolver_|, in case |resolver_| is currently
   // executing on |thread_|.
-  scoped_ptr<base::Thread> thread_;
+  std::unique_ptr<base::Thread> thread_;
 };
 
 class MultiThreadedProxyResolver : public ProxyResolver,
@@ -106,7 +106,7 @@ class MultiThreadedProxyResolver : public ProxyResolver,
   // will be provisioned using |resolver_factory|. All methods on these
   // ProxyResolvers will be called on the one thread.
   MultiThreadedProxyResolver(
-      scoped_ptr<ProxyResolverFactory> resolver_factory,
+      std::unique_ptr<ProxyResolverFactory> resolver_factory,
       size_t max_num_threads,
       const scoped_refptr<ProxyResolverScriptData>& script_data,
       scoped_refptr<Executor> executor);
@@ -139,7 +139,7 @@ class MultiThreadedProxyResolver : public ProxyResolver,
   // Starts the next job from |pending_jobs_| if possible.
   void OnExecutorReady(Executor* executor) override;
 
-  const scoped_ptr<ProxyResolverFactory> resolver_factory_;
+  const std::unique_ptr<ProxyResolverFactory> resolver_factory_;
   const size_t max_num_threads_;
   PendingJobsQueue pending_jobs_;
   ExecutorList executors_;
@@ -244,7 +244,7 @@ class CreateResolverJob : public Job {
 
   // Runs on the worker thread.
   void Run(scoped_refptr<base::SingleThreadTaskRunner> origin_runner) override {
-    scoped_ptr<ProxyResolverFactory::Request> request;
+    std::unique_ptr<ProxyResolverFactory::Request> request;
     int rv = factory_->CreateProxyResolver(script_data_, &resolver_,
                                            CompletionCallback(), &request);
 
@@ -269,7 +269,7 @@ class CreateResolverJob : public Job {
 
   const scoped_refptr<ProxyResolverScriptData> script_data_;
   ProxyResolverFactory* factory_;
-  scoped_ptr<ProxyResolver> resolver_;
+  std::unique_ptr<ProxyResolver> resolver_;
 };
 
 // MultiThreadedProxyResolver::GetProxyForURLJob ------------------------------
@@ -419,7 +419,7 @@ Executor::~Executor() {
 // MultiThreadedProxyResolver --------------------------------------------------
 
 MultiThreadedProxyResolver::MultiThreadedProxyResolver(
-    scoped_ptr<ProxyResolverFactory> resolver_factory,
+    std::unique_ptr<ProxyResolverFactory> resolver_factory,
     size_t max_num_threads,
     const scoped_refptr<ProxyResolverScriptData>& script_data,
     scoped_refptr<Executor> executor)
@@ -544,8 +544,8 @@ class MultiThreadedProxyResolverFactory::Job
  public:
   Job(MultiThreadedProxyResolverFactory* factory,
       const scoped_refptr<ProxyResolverScriptData>& script_data,
-      scoped_ptr<ProxyResolver>* resolver,
-      scoped_ptr<ProxyResolverFactory> resolver_factory,
+      std::unique_ptr<ProxyResolver>* resolver,
+      std::unique_ptr<ProxyResolverFactory> resolver_factory,
       size_t max_num_threads,
       const CompletionCallback& callback)
       : factory_(factory),
@@ -589,8 +589,8 @@ class MultiThreadedProxyResolverFactory::Job
   }
 
   MultiThreadedProxyResolverFactory* factory_;
-  scoped_ptr<ProxyResolver>* const resolver_out_;
-  scoped_ptr<ProxyResolverFactory> resolver_factory_;
+  std::unique_ptr<ProxyResolver>* const resolver_out_;
+  std::unique_ptr<ProxyResolverFactory> resolver_factory_;
   const size_t max_num_threads_;
   scoped_refptr<ProxyResolverScriptData> script_data_;
   scoped_refptr<Executor> executor_;
@@ -613,12 +613,12 @@ MultiThreadedProxyResolverFactory::~MultiThreadedProxyResolverFactory() {
 
 int MultiThreadedProxyResolverFactory::CreateProxyResolver(
     const scoped_refptr<ProxyResolverScriptData>& pac_script,
-    scoped_ptr<ProxyResolver>* resolver,
+    std::unique_ptr<ProxyResolver>* resolver,
     const CompletionCallback& callback,
-    scoped_ptr<Request>* request) {
-  scoped_ptr<Job> job(new Job(this, pac_script, resolver,
-                              CreateProxyResolverFactory(), max_num_threads_,
-                              callback));
+    std::unique_ptr<Request>* request) {
+  std::unique_ptr<Job> job(new Job(this, pac_script, resolver,
+                                   CreateProxyResolverFactory(),
+                                   max_num_threads_, callback));
   jobs_.insert(job.get());
   *request = std::move(job);
   return ERR_IO_PENDING;
diff --git a/chromium/net/proxy/multi_threaded_proxy_resolver.h b/chromium/net/proxy/multi_threaded_proxy_resolver.h
index f00249f4fb2..9ac59dcc4ff 100644
--- a/chromium/net/proxy/multi_threaded_proxy_resolver.h
+++ b/chromium/net/proxy/multi_threaded_proxy_resolver.h
@@ -7,10 +7,10 @@
 
 #include <stddef.h>
 
+#include <memory>
 #include <set>
 
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 #include "net/proxy/proxy_resolver_factory.h"
 
@@ -57,16 +57,17 @@ class NET_EXPORT_PRIVATE MultiThreadedProxyResolverFactory
 
   int CreateProxyResolver(
       const scoped_refptr<ProxyResolverScriptData>& pac_script,
-      scoped_ptr<ProxyResolver>* resolver,
+      std::unique_ptr<ProxyResolver>* resolver,
       const CompletionCallback& callback,
-      scoped_ptr<Request>* request) override;
+      std::unique_ptr<Request>* request) override;
 
  private:
   class Job;
 
   // Invoked to create a ProxyResolverFactory instance to pass to a
   // MultiThreadedProxyResolver instance.
-  virtual scoped_ptr<ProxyResolverFactory> CreateProxyResolverFactory() = 0;
+  virtual std::unique_ptr<ProxyResolverFactory>
+  CreateProxyResolverFactory() = 0;
 
   void RemoveJob(Job* job);
 
diff --git a/chromium/net/proxy/multi_threaded_proxy_resolver_unittest.cc b/chromium/net/proxy/multi_threaded_proxy_resolver_unittest.cc
index 5c29864acad..96dae158bd6 100644
--- a/chromium/net/proxy/multi_threaded_proxy_resolver_unittest.cc
+++ b/chromium/net/proxy/multi_threaded_proxy_resolver_unittest.cc
@@ -7,6 +7,7 @@
 #include <utility>
 #include <vector>
 
+#include "base/memory/ptr_util.h"
 #include "base/message_loop/message_loop.h"
 #include "base/run_loop.h"
 #include "base/stl_util.h"
@@ -48,7 +49,7 @@ class MockProxyResolver : public ProxyResolver {
                      const CompletionCallback& callback,
                      RequestHandle* request,
                      const BoundNetLog& net_log) override {
-    if (resolve_latency_ != base::TimeDelta())
+    if (!resolve_latency_.is_zero())
       base::PlatformThread::Sleep(resolve_latency_);
 
     CheckIsOnWorkerThread();
@@ -146,9 +147,9 @@ class BlockableProxyResolverFactory : public ProxyResolverFactory {
 
   int CreateProxyResolver(
       const scoped_refptr<ProxyResolverScriptData>& script_data,
-      scoped_ptr<ProxyResolver>* result,
+      std::unique_ptr<ProxyResolver>* result,
       const CompletionCallback& callback,
-      scoped_ptr<Request>* request) override {
+      std::unique_ptr<Request>* request) override {
     BlockableProxyResolver* resolver = new BlockableProxyResolver;
     result->reset(resolver);
     base::AutoLock l(lock_);
@@ -178,29 +179,29 @@ class SingleShotMultiThreadedProxyResolverFactory
  public:
   SingleShotMultiThreadedProxyResolverFactory(
       size_t max_num_threads,
-      scoped_ptr<ProxyResolverFactory> factory)
+      std::unique_ptr<ProxyResolverFactory> factory)
       : MultiThreadedProxyResolverFactory(max_num_threads, false),
         factory_(std::move(factory)) {}
 
-  scoped_ptr<ProxyResolverFactory> CreateProxyResolverFactory() override {
+  std::unique_ptr<ProxyResolverFactory> CreateProxyResolverFactory() override {
     DCHECK(factory_);
     return std::move(factory_);
   }
 
  private:
-  scoped_ptr<ProxyResolverFactory> factory_;
+  std::unique_ptr<ProxyResolverFactory> factory_;
 };
 
 class MultiThreadedProxyResolverTest : public testing::Test {
  public:
   void Init(size_t num_threads) {
-    scoped_ptr<BlockableProxyResolverFactory> factory_owner(
+    std::unique_ptr<BlockableProxyResolverFactory> factory_owner(
         new BlockableProxyResolverFactory);
     factory_ = factory_owner.get();
     resolver_factory_.reset(new SingleShotMultiThreadedProxyResolverFactory(
         num_threads, std::move(factory_owner)));
     TestCompletionCallback ready_callback;
-    scoped_ptr<ProxyResolverFactory::Request> request;
+    std::unique_ptr<ProxyResolverFactory::Request> request;
     resolver_factory_->CreateProxyResolver(
         ProxyResolverScriptData::FromUTF8("pac script bytes"), &resolver_,
         ready_callback.callback(), &request);
@@ -226,9 +227,9 @@ class MultiThreadedProxyResolverTest : public testing::Test {
 
  private:
   BlockableProxyResolverFactory* factory_ = nullptr;
-  scoped_ptr<ProxyResolverFactory> factory_owner_;
-  scoped_ptr<MultiThreadedProxyResolverFactory> resolver_factory_;
-  scoped_ptr<ProxyResolver> resolver_;
+  std::unique_ptr<ProxyResolverFactory> factory_owner_;
+  std::unique_ptr<MultiThreadedProxyResolverFactory> resolver_factory_;
+  std::unique_ptr<ProxyResolver> resolver_;
 };
 
 TEST_F(MultiThreadedProxyResolverTest, SingleThread_Basic) {
@@ -681,9 +682,9 @@ class FailingProxyResolverFactory : public ProxyResolverFactory {
   // ProxyResolverFactory override.
   int CreateProxyResolver(
       const scoped_refptr<ProxyResolverScriptData>& script_data,
-      scoped_ptr<ProxyResolver>* result,
+      std::unique_ptr<ProxyResolver>* result,
       const CompletionCallback& callback,
-      scoped_ptr<Request>* request) override {
+      std::unique_ptr<Request>* request) override {
     return ERR_PAC_SCRIPT_FAILED;
   }
 };
@@ -693,10 +694,10 @@ class FailingProxyResolverFactory : public ProxyResolverFactory {
 TEST_F(MultiThreadedProxyResolverTest, ProxyResolverFactoryError) {
   const size_t kNumThreads = 1u;
   SingleShotMultiThreadedProxyResolverFactory resolver_factory(
-      kNumThreads, make_scoped_ptr(new FailingProxyResolverFactory));
+      kNumThreads, base::WrapUnique(new FailingProxyResolverFactory));
   TestCompletionCallback ready_callback;
-  scoped_ptr<ProxyResolverFactory::Request> request;
-  scoped_ptr<ProxyResolver> resolver;
+  std::unique_ptr<ProxyResolverFactory::Request> request;
+  std::unique_ptr<ProxyResolver> resolver;
   EXPECT_EQ(ERR_IO_PENDING,
             resolver_factory.CreateProxyResolver(
                 ProxyResolverScriptData::FromUTF8("pac script bytes"),
@@ -715,9 +716,9 @@ TEST_F(MultiThreadedProxyResolverTest, CancelCreate) {
   const size_t kNumThreads = 1u;
   {
     SingleShotMultiThreadedProxyResolverFactory resolver_factory(
-        kNumThreads, make_scoped_ptr(new BlockableProxyResolverFactory));
-    scoped_ptr<ProxyResolverFactory::Request> request;
-    scoped_ptr<ProxyResolver> resolver;
+        kNumThreads, base::WrapUnique(new BlockableProxyResolverFactory));
+    std::unique_ptr<ProxyResolverFactory::Request> request;
+    std::unique_ptr<ProxyResolver> resolver;
     EXPECT_EQ(ERR_IO_PENDING,
               resolver_factory.CreateProxyResolver(
                   ProxyResolverScriptData::FromUTF8("pac script bytes"),
@@ -732,7 +733,7 @@ TEST_F(MultiThreadedProxyResolverTest, CancelCreate) {
 }
 
 void DeleteRequest(const CompletionCallback& callback,
-                   scoped_ptr<ProxyResolverFactory::Request>* request,
+                   std::unique_ptr<ProxyResolverFactory::Request>* request,
                    int result) {
   callback.Run(result);
   request->reset();
@@ -742,9 +743,9 @@ void DeleteRequest(const CompletionCallback& callback,
 TEST_F(MultiThreadedProxyResolverTest, DeleteRequestInFactoryCallback) {
   const size_t kNumThreads = 1u;
   SingleShotMultiThreadedProxyResolverFactory resolver_factory(
-      kNumThreads, make_scoped_ptr(new BlockableProxyResolverFactory));
-  scoped_ptr<ProxyResolverFactory::Request> request;
-  scoped_ptr<ProxyResolver> resolver;
+      kNumThreads, base::WrapUnique(new BlockableProxyResolverFactory));
+  std::unique_ptr<ProxyResolverFactory::Request> request;
+  std::unique_ptr<ProxyResolver> resolver;
   TestCompletionCallback callback;
   EXPECT_EQ(ERR_IO_PENDING,
             resolver_factory.CreateProxyResolver(
@@ -759,11 +760,11 @@ TEST_F(MultiThreadedProxyResolverTest, DeleteRequestInFactoryCallback) {
 // Test that deleting the factory with a request in-progress works correctly.
 TEST_F(MultiThreadedProxyResolverTest, DestroyFactoryWithRequestsInProgress) {
   const size_t kNumThreads = 1u;
-  scoped_ptr<ProxyResolverFactory::Request> request;
-  scoped_ptr<ProxyResolver> resolver;
+  std::unique_ptr<ProxyResolverFactory::Request> request;
+  std::unique_ptr<ProxyResolver> resolver;
   {
     SingleShotMultiThreadedProxyResolverFactory resolver_factory(
-        kNumThreads, make_scoped_ptr(new BlockableProxyResolverFactory));
+        kNumThreads, base::WrapUnique(new BlockableProxyResolverFactory));
     EXPECT_EQ(ERR_IO_PENDING,
               resolver_factory.CreateProxyResolver(
                   ProxyResolverScriptData::FromUTF8("pac script bytes"),
diff --git a/chromium/net/proxy/network_delegate_error_observer.cc b/chromium/net/proxy/network_delegate_error_observer.cc
index b5d85c479ea..befa9521def 100644
--- a/chromium/net/proxy/network_delegate_error_observer.cc
+++ b/chromium/net/proxy/network_delegate_error_observer.cc
@@ -7,6 +7,7 @@
 #include "base/bind.h"
 #include "base/location.h"
 #include "base/macros.h"
+#include "base/memory/ptr_util.h"
 #include "base/single_thread_task_runner.h"
 #include "net/base/net_errors.h"
 #include "net/base/network_delegate.h"
@@ -76,10 +77,11 @@ NetworkDelegateErrorObserver::~NetworkDelegateErrorObserver() {
 }
 
 // static
-scoped_ptr<ProxyResolverErrorObserver> NetworkDelegateErrorObserver::Create(
+std::unique_ptr<ProxyResolverErrorObserver>
+NetworkDelegateErrorObserver::Create(
     NetworkDelegate* network_delegate,
     const scoped_refptr<base::SingleThreadTaskRunner>& origin_runner) {
-  return make_scoped_ptr(
+  return base::WrapUnique(
       new NetworkDelegateErrorObserver(network_delegate, origin_runner.get()));
 }
 
diff --git a/chromium/net/proxy/network_delegate_error_observer.h b/chromium/net/proxy/network_delegate_error_observer.h
index 50a3f647e4c..1b68ceabdb2 100644
--- a/chromium/net/proxy/network_delegate_error_observer.h
+++ b/chromium/net/proxy/network_delegate_error_observer.h
@@ -5,10 +5,11 @@
 #ifndef NET_PROXY_NETWORK_DELEGATE_ERROR_OBSERVER_H_
 #define NET_PROXY_NETWORK_DELEGATE_ERROR_OBSERVER_H_
 
+#include <memory>
+
 #include "base/compiler_specific.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/proxy/proxy_resolver_error_observer.h"
 
 namespace base {
@@ -28,7 +29,7 @@ class NET_EXPORT_PRIVATE NetworkDelegateErrorObserver
                                base::SingleThreadTaskRunner* origin_runner);
   ~NetworkDelegateErrorObserver() override;
 
-  static scoped_ptr<ProxyResolverErrorObserver> Create(
+  static std::unique_ptr<ProxyResolverErrorObserver> Create(
       NetworkDelegate* network_delegate,
       const scoped_refptr<base::SingleThreadTaskRunner>& origin_runner);
 
diff --git a/chromium/net/proxy/network_delegate_error_observer_unittest.cc b/chromium/net/proxy/network_delegate_error_observer_unittest.cc
index 3d8db2376d1..23037e9fad1 100644
--- a/chromium/net/proxy/network_delegate_error_observer_unittest.cc
+++ b/chromium/net/proxy/network_delegate_error_observer_unittest.cc
@@ -8,8 +8,8 @@
 #include "base/bind_helpers.h"
 #include "base/location.h"
 #include "base/single_thread_task_runner.h"
-#include "base/thread_task_runner_handle.h"
 #include "base/threading/thread.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/net_errors.h"
 #include "net/base/network_delegate_impl.h"
 #include "testing/gtest/include/gtest/gtest.h"
diff --git a/chromium/net/proxy/polling_proxy_config_service.cc b/chromium/net/proxy/polling_proxy_config_service.cc
index 4044e1b5904..ecec5cf18d5 100644
--- a/chromium/net/proxy/polling_proxy_config_service.cc
+++ b/chromium/net/proxy/polling_proxy_config_service.cc
@@ -4,13 +4,14 @@
 
 #include "net/proxy/polling_proxy_config_service.h"
 
+#include <memory>
+
 #include "base/bind.h"
 #include "base/location.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/observer_list.h"
 #include "base/single_thread_task_runner.h"
 #include "base/synchronization/lock.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/threading/worker_pool.h"
 #include "net/proxy/proxy_config.h"
 
diff --git a/chromium/net/proxy/proxy_bypass_rules.cc b/chromium/net/proxy/proxy_bypass_rules.cc
index eafaa98cc05..963f6b0ec60 100644
--- a/chromium/net/proxy/proxy_bypass_rules.cc
+++ b/chromium/net/proxy/proxy_bypass_rules.cc
@@ -319,8 +319,8 @@ bool ProxyBypassRules::AddRuleFromStringInternal(
   std::string::size_type pos_colon = raw.rfind(':');
   port = -1;
   if (pos_colon != std::string::npos) {
-    if (!ParseNonNegativeDecimalInt(
-            base::StringPiece(raw.begin() + pos_colon + 1, raw.end()), &port) ||
+    if (!ParseInt32(base::StringPiece(raw.begin() + pos_colon + 1, raw.end()),
+                    ParseIntFormat::NON_NEGATIVE, &port) ||
         port > 0xFFFF) {
       return false;  // Port was invalid.
     }
diff --git a/chromium/net/proxy/proxy_config.cc b/chromium/net/proxy/proxy_config.cc
index ff05b63277d..1ca9ee42925 100644
--- a/chromium/net/proxy/proxy_config.cc
+++ b/chromium/net/proxy/proxy_config.cc
@@ -235,8 +235,8 @@ void ProxyConfig::ClearAutomaticSettings() {
   pac_url_ = GURL();
 }
 
-scoped_ptr<base::DictionaryValue> ProxyConfig::ToValue() const {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+std::unique_ptr<base::DictionaryValue> ProxyConfig::ToValue() const {
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
 
   // Output the automatic settings.
   if (auto_detect_)
@@ -255,7 +255,8 @@ scoped_ptr<base::DictionaryValue> ProxyConfig::ToValue() const {
                             dict.get());
         break;
       case ProxyRules::TYPE_PROXY_PER_SCHEME: {
-        scoped_ptr<base::DictionaryValue> dict2(new base::DictionaryValue());
+        std::unique_ptr<base::DictionaryValue> dict2(
+            new base::DictionaryValue());
         AddProxyListToValue("http", proxy_rules_.proxies_for_http, dict2.get());
         AddProxyListToValue("https", proxy_rules_.proxies_for_https,
                             dict2.get());
diff --git a/chromium/net/proxy/proxy_config.h b/chromium/net/proxy/proxy_config.h
index 68deafdffdb..4ebd60aca79 100644
--- a/chromium/net/proxy/proxy_config.h
+++ b/chromium/net/proxy/proxy_config.h
@@ -176,7 +176,7 @@ class NET_EXPORT ProxyConfig {
   void ClearAutomaticSettings();
 
   // Creates a Value dump of this configuration.
-  scoped_ptr<base::DictionaryValue> ToValue() const;
+  std::unique_ptr<base::DictionaryValue> ToValue() const;
 
   ProxyRules& proxy_rules() {
     return proxy_rules_;
diff --git a/chromium/net/proxy/proxy_config_service_android_unittest.cc b/chromium/net/proxy/proxy_config_service_android_unittest.cc
index 92574863fd7..ecc3185b851 100644
--- a/chromium/net/proxy/proxy_config_service_android_unittest.cc
+++ b/chromium/net/proxy/proxy_config_service_android_unittest.cc
@@ -2,15 +2,16 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "net/proxy/proxy_config_service_android.h"
+
 #include <map>
+#include <memory>
 #include <string>
 
 #include "base/bind.h"
 #include "base/compiler_specific.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/message_loop/message_loop.h"
 #include "net/proxy/proxy_config.h"
-#include "net/proxy/proxy_config_service_android.h"
 #include "net/proxy/proxy_info.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
diff --git a/chromium/net/proxy/proxy_config_service_linux.cc b/chromium/net/proxy/proxy_config_service_linux.cc
index 17747d96152..ac2c42d36be 100644
--- a/chromium/net/proxy/proxy_config_service_linux.cc
+++ b/chromium/net/proxy/proxy_config_service_linux.cc
@@ -504,7 +504,7 @@ class SettingGetterImplGConf : public ProxyConfigServiceLinux::SettingGetter {
   guint system_http_proxy_id_;
 
   ProxyConfigServiceLinux::Delegate* notify_delegate_;
-  scoped_ptr<base::OneShotTimer> debounce_timer_;
+  std::unique_ptr<base::OneShotTimer> debounce_timer_;
 
   // Task runner for the thread that we make gconf calls on. It should
   // be the UI thread and all our methods should be called on this
@@ -774,7 +774,7 @@ class SettingGetterImplGSettings
   GSettings* ftp_client_;
   GSettings* socks_client_;
   ProxyConfigServiceLinux::Delegate* notify_delegate_;
-  scoped_ptr<base::OneShotTimer> debounce_timer_;
+  std::unique_ptr<base::OneShotTimer> debounce_timer_;
 
   // Task runner for the thread that we make gsettings calls on. It should
   // be the UI thread and all our methods should be called on this
@@ -1334,7 +1334,7 @@ class SettingGetterImplKDE : public ProxyConfigServiceLinux::SettingGetter,
   int inotify_fd_;
   base::MessagePumpLibevent::FileDescriptorWatcher inotify_watcher_;
   ProxyConfigServiceLinux::Delegate* notify_delegate_;
-  scoped_ptr<base::OneShotTimer> debounce_timer_;
+  std::unique_ptr<base::OneShotTimer> debounce_timer_;
   base::FilePath kde_config_dir_;
   bool indirect_manual_;
   bool auto_no_pac_;
@@ -1538,12 +1538,12 @@ ProxyConfigServiceLinux::Delegate::Delegate(base::Environment* env_var_getter)
     case base::nix::DESKTOP_ENVIRONMENT_UNITY:
 #if defined(USE_GIO)
       {
-        scoped_ptr<SettingGetterImplGSettings> gs_getter(
-            new SettingGetterImplGSettings());
-        // We have to load symbols and check the GNOME version in use to decide
-        // if we should use the gsettings getter. See LoadAndCheckVersion().
-        if (gs_getter->LoadAndCheckVersion(env_var_getter))
-          setting_getter_.reset(gs_getter.release());
+      std::unique_ptr<SettingGetterImplGSettings> gs_getter(
+          new SettingGetterImplGSettings());
+      // We have to load symbols and check the GNOME version in use to decide
+      // if we should use the gsettings getter. See LoadAndCheckVersion().
+      if (gs_getter->LoadAndCheckVersion(env_var_getter))
+        setting_getter_.reset(gs_getter.release());
       }
 #endif
 #if defined(USE_GCONF)
diff --git a/chromium/net/proxy/proxy_config_service_linux.h b/chromium/net/proxy/proxy_config_service_linux.h
index d6faab01cd9..1425372c0d3 100644
--- a/chromium/net/proxy/proxy_config_service_linux.h
+++ b/chromium/net/proxy/proxy_config_service_linux.h
@@ -7,6 +7,7 @@
 
 #include <stddef.h>
 
+#include <memory>
 #include <string>
 #include <vector>
 
@@ -14,7 +15,6 @@
 #include "base/environment.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/observer_list.h"
 #include "net/base/net_export.h"
 #include "net/proxy/proxy_config.h"
@@ -241,8 +241,8 @@ class NET_EXPORT_PRIVATE ProxyConfigServiceLinux : public ProxyConfigService {
     // This method is run on the getter's notification thread.
     void SetUpNotifications();
 
-    scoped_ptr<base::Environment> env_var_getter_;
-    scoped_ptr<SettingGetter> setting_getter_;
+    std::unique_ptr<base::Environment> env_var_getter_;
+    std::unique_ptr<SettingGetter> setting_getter_;
 
     // Cached proxy configuration, to be returned by
     // GetLatestProxyConfig. Initially populated from the UI thread, but
diff --git a/chromium/net/proxy/proxy_config_service_linux_unittest.cc b/chromium/net/proxy/proxy_config_service_linux_unittest.cc
index 9a70d14637e..786615985f6 100644
--- a/chromium/net/proxy/proxy_config_service_linux_unittest.cc
+++ b/chromium/net/proxy/proxy_config_service_linux_unittest.cc
@@ -19,8 +19,8 @@
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
 #include "base/synchronization/waitable_event.h"
-#include "base/thread_task_runner_handle.h"
 #include "base/threading/thread.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/proxy/proxy_config.h"
 #include "net/proxy/proxy_config_service_common_unittest.h"
 #include "testing/gtest/include/gtest/gtest.h"
diff --git a/chromium/net/proxy/proxy_config_service_mac.h b/chromium/net/proxy/proxy_config_service_mac.h
index b81ffa05731..1ee40d903f1 100644
--- a/chromium/net/proxy/proxy_config_service_mac.h
+++ b/chromium/net/proxy/proxy_config_service_mac.h
@@ -5,10 +5,11 @@
 #ifndef NET_PROXY_PROXY_CONFIG_SERVICE_MAC_H_
 #define NET_PROXY_PROXY_CONFIG_SERVICE_MAC_H_
 
+#include <memory>
+
 #include "base/compiler_specific.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/observer_list.h"
 #include "net/base/network_config_watcher_mac.h"
 #include "net/proxy/proxy_config.h"
@@ -63,7 +64,7 @@ class ProxyConfigServiceMac : public ProxyConfigService {
   void OnProxyConfigChanged(const ProxyConfig& new_config);
 
   Forwarder forwarder_;
-  scoped_ptr<const NetworkConfigWatcherMac> config_watcher_;
+  std::unique_ptr<const NetworkConfigWatcherMac> config_watcher_;
 
   base::ObserverList<Observer> observers_;
 
diff --git a/chromium/net/proxy/proxy_config_service_win.cc b/chromium/net/proxy/proxy_config_service_win.cc
index ef23711ad6f..e819bf48000 100644
--- a/chromium/net/proxy/proxy_config_service_win.cc
+++ b/chromium/net/proxy/proxy_config_service_win.cc
@@ -7,10 +7,11 @@
 #include <windows.h>
 #include <winhttp.h>
 
+#include <memory>
+
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/stl_util.h"
 #include "base/strings/string_tokenizer.h"
 #include "base/strings/string_util.h"
@@ -95,7 +96,7 @@ void ProxyConfigServiceWin::StartWatchingRegistryForChanges() {
 
 bool ProxyConfigServiceWin::AddKeyToWatchList(HKEY rootkey,
                                               const wchar_t* subkey) {
-  scoped_ptr<base::win::RegKey> key(new base::win::RegKey);
+  std::unique_ptr<base::win::RegKey> key(new base::win::RegKey);
   if (key->Create(rootkey, subkey, KEY_NOTIFY) != ERROR_SUCCESS)
     return false;
 
diff --git a/chromium/net/proxy/proxy_list.cc b/chromium/net/proxy/proxy_list.cc
index 5f627e0cb1e..6d26abf4ddf 100644
--- a/chromium/net/proxy/proxy_list.cc
+++ b/chromium/net/proxy/proxy_list.cc
@@ -144,8 +144,8 @@ std::string ProxyList::ToPacString() const {
   return proxy_list.empty() ? std::string() : proxy_list;
 }
 
-scoped_ptr<base::ListValue> ProxyList::ToValue() const {
-  scoped_ptr<base::ListValue> list(new base::ListValue());
+std::unique_ptr<base::ListValue> ProxyList::ToValue() const {
+  std::unique_ptr<base::ListValue> list(new base::ListValue());
   for (size_t i = 0; i < proxies_.size(); ++i)
     list->AppendString(proxies_[i].ToURI());
   return list;
@@ -210,7 +210,7 @@ void ProxyList::UpdateRetryInfoOnFallback(
     const std::vector<ProxyServer>& additional_proxies_to_bypass,
     int net_error,
     const BoundNetLog& net_log) const {
-  DCHECK(retry_delay != base::TimeDelta());
+  DCHECK(!retry_delay.is_zero());
 
   if (proxies_.empty()) {
     NOTREACHED();
diff --git a/chromium/net/proxy/proxy_list.h b/chromium/net/proxy/proxy_list.h
index d128e18dd73..36cf9383482 100644
--- a/chromium/net/proxy/proxy_list.h
+++ b/chromium/net/proxy/proxy_list.h
@@ -82,7 +82,7 @@ class NET_EXPORT_PRIVATE ProxyList {
   std::string ToPacString() const;
 
   // Returns a serialized value for the list.
-  scoped_ptr<base::ListValue> ToValue() const;
+  std::unique_ptr<base::ListValue> ToValue() const;
 
   // Marks the current proxy server as bad and deletes it from the list. The
   // list of known bad proxies is given by |proxy_retry_info|. |net_error|
diff --git a/chromium/net/proxy/proxy_resolver_factory.h b/chromium/net/proxy/proxy_resolver_factory.h
index 0cc98df91a7..94ca29a617f 100644
--- a/chromium/net/proxy/proxy_resolver_factory.h
+++ b/chromium/net/proxy/proxy_resolver_factory.h
@@ -5,11 +5,11 @@
 #ifndef NET_PROXY_PROXY_RESOLVER_FACTORY_H_
 #define NET_PROXY_PROXY_RESOLVER_FACTORY_H_
 
+#include <memory>
 #include <set>
 
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/completion_callback.h"
 #include "net/base/net_export.h"
 #include "net/proxy/proxy_resolver_script_data.h"
@@ -40,9 +40,9 @@ class NET_EXPORT ProxyResolverFactory {
   // the ProxyResolverFactory is deleted.
   virtual int CreateProxyResolver(
       const scoped_refptr<ProxyResolverScriptData>& pac_script,
-      scoped_ptr<ProxyResolver>* resolver,
+      std::unique_ptr<ProxyResolver>* resolver,
       const net::CompletionCallback& callback,
-      scoped_ptr<Request>* request) = 0;
+      std::unique_ptr<Request>* request) = 0;
 
   // The PAC script backend can be specified to the ProxyResolverFactory either
   // via URL, or via the javascript text itself. If |expects_pac_bytes| is true,
diff --git a/chromium/net/proxy/proxy_resolver_factory_mojo.cc b/chromium/net/proxy/proxy_resolver_factory_mojo.cc
index 2070cf9bef2..e79db623447 100644
--- a/chromium/net/proxy/proxy_resolver_factory_mojo.cc
+++ b/chromium/net/proxy/proxy_resolver_factory_mojo.cc
@@ -31,11 +31,11 @@
 namespace net {
 namespace {
 
-scoped_ptr<base::Value> NetLogErrorCallback(
+std::unique_ptr<base::Value> NetLogErrorCallback(
     int line_number,
     const base::string16* message,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetInteger("line_number", line_number);
   dict->SetString("message", *message);
   return std::move(dict);
@@ -109,8 +109,8 @@ class ProxyResolverMojo : public ProxyResolver {
   ProxyResolverMojo(
       interfaces::ProxyResolverPtr resolver_ptr,
       HostResolver* host_resolver,
-      scoped_ptr<base::ScopedClosureRunner> on_delete_callback_runner,
-      scoped_ptr<ProxyResolverErrorObserver> error_observer,
+      std::unique_ptr<base::ScopedClosureRunner> on_delete_callback_runner,
+      std::unique_ptr<ProxyResolverErrorObserver> error_observer,
       NetLog* net_log);
   ~ProxyResolverMojo() override;
 
@@ -136,7 +136,7 @@ class ProxyResolverMojo : public ProxyResolver {
 
   HostResolver* host_resolver_;
 
-  scoped_ptr<ProxyResolverErrorObserver> error_observer_;
+  std::unique_ptr<ProxyResolverErrorObserver> error_observer_;
 
   NetLog* net_log_;
 
@@ -144,7 +144,7 @@ class ProxyResolverMojo : public ProxyResolver {
 
   base::ThreadChecker thread_checker_;
 
-  scoped_ptr<base::ScopedClosureRunner> on_delete_callback_runner_;
+  std::unique_ptr<base::ScopedClosureRunner> on_delete_callback_runner_;
 
   DISALLOW_COPY_AND_ASSIGN(ProxyResolverMojo);
 };
@@ -247,8 +247,8 @@ void ProxyResolverMojo::Job::ReportResult(
 ProxyResolverMojo::ProxyResolverMojo(
     interfaces::ProxyResolverPtr resolver_ptr,
     HostResolver* host_resolver,
-    scoped_ptr<base::ScopedClosureRunner> on_delete_callback_runner,
-    scoped_ptr<ProxyResolverErrorObserver> error_observer,
+    std::unique_ptr<base::ScopedClosureRunner> on_delete_callback_runner,
+    std::unique_ptr<ProxyResolverErrorObserver> error_observer,
     NetLog* net_log)
     : mojo_proxy_resolver_ptr_(std::move(resolver_ptr)),
       host_resolver_(host_resolver),
@@ -325,9 +325,9 @@ class ProxyResolverFactoryMojo::Job
  public:
   Job(ProxyResolverFactoryMojo* factory,
       const scoped_refptr<ProxyResolverScriptData>& pac_script,
-      scoped_ptr<ProxyResolver>* resolver,
+      std::unique_ptr<ProxyResolver>* resolver,
       const CompletionCallback& callback,
-      scoped_ptr<ProxyResolverErrorObserver> error_observer)
+      std::unique_ptr<ProxyResolverErrorObserver> error_observer)
       : ClientMixin<interfaces::ProxyResolverFactoryRequestClient>(
             factory->host_resolver_,
             error_observer.get(),
@@ -366,34 +366,33 @@ class ProxyResolverFactoryMojo::Job
   }
 
   ProxyResolverFactoryMojo* const factory_;
-  scoped_ptr<ProxyResolver>* resolver_;
+  std::unique_ptr<ProxyResolver>* resolver_;
   const CompletionCallback callback_;
   interfaces::ProxyResolverPtr resolver_ptr_;
   mojo::Binding<interfaces::ProxyResolverFactoryRequestClient> binding_;
-  scoped_ptr<base::ScopedClosureRunner> on_delete_callback_runner_;
-  scoped_ptr<ProxyResolverErrorObserver> error_observer_;
+  std::unique_ptr<base::ScopedClosureRunner> on_delete_callback_runner_;
+  std::unique_ptr<ProxyResolverErrorObserver> error_observer_;
 };
 
 ProxyResolverFactoryMojo::ProxyResolverFactoryMojo(
     MojoProxyResolverFactory* mojo_proxy_factory,
     HostResolver* host_resolver,
-    const base::Callback<scoped_ptr<ProxyResolverErrorObserver>()>&
+    const base::Callback<std::unique_ptr<ProxyResolverErrorObserver>()>&
         error_observer_factory,
     NetLog* net_log)
     : ProxyResolverFactory(true),
       mojo_proxy_factory_(mojo_proxy_factory),
       host_resolver_(host_resolver),
       error_observer_factory_(error_observer_factory),
-      net_log_(net_log) {
-}
+      net_log_(net_log) {}
 
 ProxyResolverFactoryMojo::~ProxyResolverFactoryMojo() = default;
 
 int ProxyResolverFactoryMojo::CreateProxyResolver(
     const scoped_refptr<ProxyResolverScriptData>& pac_script,
-    scoped_ptr<ProxyResolver>* resolver,
+    std::unique_ptr<ProxyResolver>* resolver,
     const CompletionCallback& callback,
-    scoped_ptr<ProxyResolverFactory::Request>* request) {
+    std::unique_ptr<ProxyResolverFactory::Request>* request) {
   DCHECK(resolver);
   DCHECK(request);
   if (pac_script->type() != ProxyResolverScriptData::TYPE_SCRIPT_CONTENTS ||
diff --git a/chromium/net/proxy/proxy_resolver_factory_mojo.h b/chromium/net/proxy/proxy_resolver_factory_mojo.h
index f3e8483c793..f50d0e6dae7 100644
--- a/chromium/net/proxy/proxy_resolver_factory_mojo.h
+++ b/chromium/net/proxy/proxy_resolver_factory_mojo.h
@@ -5,9 +5,10 @@
 #ifndef NET_PROXY_PROXY_RESOLVER_FACTORY_MOJO_H_
 #define NET_PROXY_PROXY_RESOLVER_FACTORY_MOJO_H_
 
+#include <memory>
+
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "mojo/public/cpp/bindings/binding.h"
 #include "net/base/completion_callback.h"
 #include "net/proxy/proxy_resolver_factory.h"
@@ -26,7 +27,7 @@ class ProxyResolverFactoryMojo : public ProxyResolverFactory {
   ProxyResolverFactoryMojo(
       MojoProxyResolverFactory* mojo_proxy_factory,
       HostResolver* host_resolver,
-      const base::Callback<scoped_ptr<ProxyResolverErrorObserver>()>&
+      const base::Callback<std::unique_ptr<ProxyResolverErrorObserver>()>&
           error_observer_factory,
       NetLog* net_log);
   ~ProxyResolverFactoryMojo() override;
@@ -34,16 +35,16 @@ class ProxyResolverFactoryMojo : public ProxyResolverFactory {
   // ProxyResolverFactory override.
   int CreateProxyResolver(
       const scoped_refptr<ProxyResolverScriptData>& pac_script,
-      scoped_ptr<ProxyResolver>* resolver,
+      std::unique_ptr<ProxyResolver>* resolver,
       const CompletionCallback& callback,
-      scoped_ptr<Request>* request) override;
+      std::unique_ptr<Request>* request) override;
 
  private:
   class Job;
 
   MojoProxyResolverFactory* const mojo_proxy_factory_;
   HostResolver* const host_resolver_;
-  const base::Callback<scoped_ptr<ProxyResolverErrorObserver>()>
+  const base::Callback<std::unique_ptr<ProxyResolverErrorObserver>()>
       error_observer_factory_;
   NetLog* const net_log_;
 
diff --git a/chromium/net/proxy/proxy_resolver_factory_mojo_unittest.cc b/chromium/net/proxy/proxy_resolver_factory_mojo_unittest.cc
index 9fa4ef587ec..a3d610be2d7 100644
--- a/chromium/net/proxy/proxy_resolver_factory_mojo_unittest.cc
+++ b/chromium/net/proxy/proxy_resolver_factory_mojo_unittest.cc
@@ -6,13 +6,14 @@
 
 #include <list>
 #include <map>
+#include <memory>
 #include <queue>
 #include <string>
 #include <utility>
 #include <vector>
 
 #include "base/bind.h"
-#include "base/memory/scoped_ptr.h"
+#include "base/memory/ptr_util.h"
 #include "base/run_loop.h"
 #include "base/stl_util.h"
 #include "base/values.h"
@@ -202,7 +203,7 @@ class MockMojoProxyResolver : public interfaces::ProxyResolver {
 
   base::Closure quit_closure_;
 
-  std::vector<scoped_ptr<interfaces::ProxyResolverRequestClientPtr>>
+  std::vector<std::unique_ptr<interfaces::ProxyResolverRequestClientPtr>>
       blocked_clients_;
   mojo::Binding<interfaces::ProxyResolver> binding_;
 };
@@ -277,7 +278,7 @@ void MockMojoProxyResolver::GetProxyForUrl(
       interfaces::HostResolverRequestClientPtr dns_client;
       mojo::GetProxy(&dns_client);
       client->ResolveDns(std::move(request), std::move(dns_client));
-      blocked_clients_.push_back(make_scoped_ptr(
+      blocked_clients_.push_back(base::WrapUnique(
           new interfaces::ProxyResolverRequestClientPtr(std::move(client))));
       break;
     }
@@ -353,9 +354,10 @@ class MockMojoProxyResolverFactory : public interfaces::ProxyResolverFactory {
 
   base::Closure quit_closure_;
 
-  std::vector<scoped_ptr<interfaces::ProxyResolverFactoryRequestClientPtr>>
+  std::vector<std::unique_ptr<interfaces::ProxyResolverFactoryRequestClientPtr>>
       blocked_clients_;
-  std::vector<scoped_ptr<mojo::InterfaceRequest<interfaces::ProxyResolver>>>
+  std::vector<
+      std::unique_ptr<mojo::InterfaceRequest<interfaces::ProxyResolver>>>
       blocked_resolver_requests_;
   mojo::Binding<interfaces::ProxyResolverFactory> binding_;
 };
@@ -411,15 +413,15 @@ void MockMojoProxyResolverFactory::CreateResolver(
     }
     case CreateProxyResolverAction::DROP_CLIENT: {
       // Save |request| so its pipe isn't closed.
-      blocked_resolver_requests_.push_back(
-          make_scoped_ptr(new mojo::InterfaceRequest<interfaces::ProxyResolver>(
+      blocked_resolver_requests_.push_back(base::WrapUnique(
+          new mojo::InterfaceRequest<interfaces::ProxyResolver>(
               std::move(request))));
       break;
     }
     case CreateProxyResolverAction::DROP_RESOLVER: {
       // Save |client| so its pipe isn't closed.
       blocked_clients_.push_back(
-          make_scoped_ptr(new interfaces::ProxyResolverFactoryRequestClientPtr(
+          base::WrapUnique(new interfaces::ProxyResolverFactoryRequestClientPtr(
               std::move(client))));
       break;
     }
@@ -440,7 +442,7 @@ void MockMojoProxyResolverFactory::CreateResolver(
       mojo::GetProxy(&dns_client);
       client->ResolveDns(std::move(request), std::move(dns_client));
       blocked_clients_.push_back(
-          make_scoped_ptr(new interfaces::ProxyResolverFactoryRequestClientPtr(
+          base::WrapUnique(new interfaces::ProxyResolverFactoryRequestClientPtr(
               std::move(client))));
       break;
     }
@@ -449,7 +451,7 @@ void MockMojoProxyResolverFactory::CreateResolver(
 }
 
 void DeleteResolverFactoryRequestCallback(
-    scoped_ptr<ProxyResolverFactory::Request>* request,
+    std::unique_ptr<ProxyResolverFactory::Request>* request,
     const CompletionCallback& callback,
     int result) {
   ASSERT_TRUE(request);
@@ -515,19 +517,20 @@ class ProxyResolverFactoryMojoTest : public testing::Test,
         &mock_proxy_resolver_, mojo::GetProxy(&factory_ptr_)));
     proxy_resolver_factory_mojo_.reset(new ProxyResolverFactoryMojo(
         this, &host_resolver_,
-        base::Callback<scoped_ptr<ProxyResolverErrorObserver>()>(), &net_log_));
+        base::Callback<std::unique_ptr<ProxyResolverErrorObserver>()>(),
+        &net_log_));
   }
 
-  scoped_ptr<Request> MakeRequest(const GURL& url) {
-    return make_scoped_ptr(new Request(proxy_resolver_mojo_.get(), url));
+  std::unique_ptr<Request> MakeRequest(const GURL& url) {
+    return base::WrapUnique(new Request(proxy_resolver_mojo_.get(), url));
   }
 
-  scoped_ptr<base::ScopedClosureRunner> CreateResolver(
+  std::unique_ptr<base::ScopedClosureRunner> CreateResolver(
       const mojo::String& pac_script,
       mojo::InterfaceRequest<interfaces::ProxyResolver> req,
       interfaces::ProxyResolverFactoryRequestClientPtr client) override {
     factory_ptr_->CreateResolver(pac_script, std::move(req), std::move(client));
-    return make_scoped_ptr(
+    return base::WrapUnique(
         new base::ScopedClosureRunner(on_delete_callback_.closure()));
   }
 
@@ -546,7 +549,7 @@ class ProxyResolverFactoryMojoTest : public testing::Test,
     TestCompletionCallback callback;
     scoped_refptr<ProxyResolverScriptData> pac_script(
         ProxyResolverScriptData::FromUTF8(kScriptData));
-    scoped_ptr<ProxyResolverFactory::Request> request;
+    std::unique_ptr<ProxyResolverFactory::Request> request;
     ASSERT_EQ(
         OK,
         callback.GetResult(proxy_resolver_factory_mojo_->CreateProxyResolver(
@@ -563,13 +566,13 @@ class ProxyResolverFactoryMojoTest : public testing::Test,
 
   MockHostResolver host_resolver_;
   TestNetLog net_log_;
-  scoped_ptr<MockMojoProxyResolverFactory> mock_proxy_resolver_factory_;
+  std::unique_ptr<MockMojoProxyResolverFactory> mock_proxy_resolver_factory_;
   interfaces::ProxyResolverFactoryPtr factory_ptr_;
-  scoped_ptr<ProxyResolverFactory> proxy_resolver_factory_mojo_;
+  std::unique_ptr<ProxyResolverFactory> proxy_resolver_factory_mojo_;
 
   MockMojoProxyResolver mock_proxy_resolver_;
   TestClosure on_delete_callback_;
-  scoped_ptr<ProxyResolver> proxy_resolver_mojo_;
+  std::unique_ptr<ProxyResolver> proxy_resolver_mojo_;
 };
 
 TEST_F(ProxyResolverFactoryMojoTest, CreateProxyResolver) {
@@ -583,7 +586,7 @@ TEST_F(ProxyResolverFactoryMojoTest, CreateProxyResolver_Empty) {
   TestCompletionCallback callback;
   scoped_refptr<ProxyResolverScriptData> pac_script(
       ProxyResolverScriptData::FromUTF8(""));
-  scoped_ptr<ProxyResolverFactory::Request> request;
+  std::unique_ptr<ProxyResolverFactory::Request> request;
   EXPECT_EQ(
       ERR_PAC_SCRIPT_FAILED,
       callback.GetResult(proxy_resolver_factory_mojo_->CreateProxyResolver(
@@ -595,7 +598,7 @@ TEST_F(ProxyResolverFactoryMojoTest, CreateProxyResolver_Url) {
   TestCompletionCallback callback;
   scoped_refptr<ProxyResolverScriptData> pac_script(
       ProxyResolverScriptData::FromURL(GURL(kExampleUrl)));
-  scoped_ptr<ProxyResolverFactory::Request> request;
+  std::unique_ptr<ProxyResolverFactory::Request> request;
   EXPECT_EQ(
       ERR_PAC_SCRIPT_FAILED,
       callback.GetResult(proxy_resolver_factory_mojo_->CreateProxyResolver(
@@ -611,7 +614,7 @@ TEST_F(ProxyResolverFactoryMojoTest, CreateProxyResolver_Failed) {
   TestCompletionCallback callback;
   scoped_refptr<ProxyResolverScriptData> pac_script(
       ProxyResolverScriptData::FromUTF8(kScriptData));
-  scoped_ptr<ProxyResolverFactory::Request> request;
+  std::unique_ptr<ProxyResolverFactory::Request> request;
   EXPECT_EQ(
       ERR_PAC_STATUS_NOT_OK,
       callback.GetResult(proxy_resolver_factory_mojo_->CreateProxyResolver(
@@ -629,7 +632,7 @@ TEST_F(ProxyResolverFactoryMojoTest, CreateProxyResolver_BothDisconnected) {
 
   scoped_refptr<ProxyResolverScriptData> pac_script(
       ProxyResolverScriptData::FromUTF8(kScriptData));
-  scoped_ptr<ProxyResolverFactory::Request> request;
+  std::unique_ptr<ProxyResolverFactory::Request> request;
   TestCompletionCallback callback;
   EXPECT_EQ(
       ERR_PAC_SCRIPT_TERMINATED,
@@ -644,7 +647,7 @@ TEST_F(ProxyResolverFactoryMojoTest, CreateProxyResolver_ClientDisconnected) {
 
   scoped_refptr<ProxyResolverScriptData> pac_script(
       ProxyResolverScriptData::FromUTF8(kScriptData));
-  scoped_ptr<ProxyResolverFactory::Request> request;
+  std::unique_ptr<ProxyResolverFactory::Request> request;
   TestCompletionCallback callback;
   EXPECT_EQ(
       ERR_PAC_SCRIPT_TERMINATED,
@@ -659,7 +662,7 @@ TEST_F(ProxyResolverFactoryMojoTest, CreateProxyResolver_ResolverDisconnected) {
 
   scoped_refptr<ProxyResolverScriptData> pac_script(
       ProxyResolverScriptData::FromUTF8(kScriptData));
-  scoped_ptr<ProxyResolverFactory::Request> request;
+  std::unique_ptr<ProxyResolverFactory::Request> request;
   TestCompletionCallback callback;
   EXPECT_EQ(
       ERR_PAC_SCRIPT_TERMINATED,
@@ -676,7 +679,7 @@ TEST_F(ProxyResolverFactoryMojoTest,
 
   scoped_refptr<ProxyResolverScriptData> pac_script(
       ProxyResolverScriptData::FromUTF8(kScriptData));
-  scoped_ptr<ProxyResolverFactory::Request> request;
+  std::unique_ptr<ProxyResolverFactory::Request> request;
   TestCompletionCallback callback;
   EXPECT_EQ(
       ERR_PAC_SCRIPT_TERMINATED,
@@ -694,7 +697,7 @@ TEST_F(ProxyResolverFactoryMojoTest, CreateProxyResolver_Cancel) {
 
   scoped_refptr<ProxyResolverScriptData> pac_script(
       ProxyResolverScriptData::FromUTF8(kScriptData));
-  scoped_ptr<ProxyResolverFactory::Request> request;
+  std::unique_ptr<ProxyResolverFactory::Request> request;
   TestCompletionCallback callback;
   EXPECT_EQ(ERR_IO_PENDING, proxy_resolver_factory_mojo_->CreateProxyResolver(
                                 pac_script, &proxy_resolver_mojo_,
@@ -713,7 +716,7 @@ TEST_F(ProxyResolverFactoryMojoTest, CreateProxyResolver_DnsRequest) {
 
   scoped_refptr<ProxyResolverScriptData> pac_script(
       ProxyResolverScriptData::FromUTF8(kScriptData));
-  scoped_ptr<ProxyResolverFactory::Request> request;
+  std::unique_ptr<ProxyResolverFactory::Request> request;
   TestCompletionCallback callback;
   EXPECT_EQ(ERR_IO_PENDING, proxy_resolver_factory_mojo_->CreateProxyResolver(
                                 pac_script, &proxy_resolver_mojo_,
@@ -731,7 +734,7 @@ TEST_F(ProxyResolverFactoryMojoTest, GetProxyForURL) {
   CreateProxyResolver();
   net_log_.Clear();
 
-  scoped_ptr<Request> request(MakeRequest(GURL(kExampleUrl)));
+  std::unique_ptr<Request> request(MakeRequest(GURL(kExampleUrl)));
   EXPECT_EQ(ERR_IO_PENDING, request->Resolve());
   EXPECT_EQ(OK, request->WaitForResult());
 
@@ -753,7 +756,7 @@ TEST_F(ProxyResolverFactoryMojoTest, GetProxyForURL_MultipleResults) {
       GURL(kExampleUrl), ProxyServersFromPacString(kPacString)));
   CreateProxyResolver();
 
-  scoped_ptr<Request> request(MakeRequest(GURL(kExampleUrl)));
+  std::unique_ptr<Request> request(MakeRequest(GURL(kExampleUrl)));
   EXPECT_EQ(ERR_IO_PENDING, request->Resolve());
   EXPECT_EQ(OK, request->WaitForResult());
 
@@ -765,7 +768,7 @@ TEST_F(ProxyResolverFactoryMojoTest, GetProxyForURL_Error) {
       GetProxyForUrlAction::ReturnError(GURL(kExampleUrl), ERR_UNEXPECTED));
   CreateProxyResolver();
 
-  scoped_ptr<Request> request(MakeRequest(GURL(kExampleUrl)));
+  std::unique_ptr<Request> request(MakeRequest(GURL(kExampleUrl)));
   EXPECT_EQ(ERR_IO_PENDING, request->Resolve());
   EXPECT_EQ(ERR_UNEXPECTED, request->WaitForResult());
 
@@ -777,7 +780,7 @@ TEST_F(ProxyResolverFactoryMojoTest, GetProxyForURL_Cancel) {
       GetProxyForUrlAction::WaitForClientDisconnect(GURL(kExampleUrl)));
   CreateProxyResolver();
 
-  scoped_ptr<Request> request(MakeRequest(GURL(kExampleUrl)));
+  std::unique_ptr<Request> request(MakeRequest(GURL(kExampleUrl)));
   EXPECT_EQ(ERR_IO_PENDING, request->Resolve());
   request->Cancel();
 
@@ -793,9 +796,10 @@ TEST_F(ProxyResolverFactoryMojoTest, GetProxyForURL_MultipleRequests) {
       ProxyServersFromPacString("HTTPS foo:443")));
   CreateProxyResolver();
 
-  scoped_ptr<Request> request1(MakeRequest(GURL(kExampleUrl)));
+  std::unique_ptr<Request> request1(MakeRequest(GURL(kExampleUrl)));
   EXPECT_EQ(ERR_IO_PENDING, request1->Resolve());
-  scoped_ptr<Request> request2(MakeRequest(GURL("https://www.chromium.org")));
+  std::unique_ptr<Request> request2(
+      MakeRequest(GURL("https://www.chromium.org")));
   EXPECT_EQ(ERR_IO_PENDING, request2->Resolve());
 
   EXPECT_EQ(OK, request1->WaitForResult());
@@ -810,7 +814,7 @@ TEST_F(ProxyResolverFactoryMojoTest, GetProxyForURL_Disconnect) {
       GetProxyForUrlAction::Disconnect(GURL(kExampleUrl)));
   CreateProxyResolver();
   {
-    scoped_ptr<Request> request(MakeRequest(GURL(kExampleUrl)));
+    std::unique_ptr<Request> request(MakeRequest(GURL(kExampleUrl)));
     EXPECT_EQ(ERR_IO_PENDING, request->Resolve());
     EXPECT_EQ(ERR_PAC_SCRIPT_TERMINATED, request->WaitForResult());
     EXPECT_TRUE(request->results().is_empty());
@@ -818,7 +822,7 @@ TEST_F(ProxyResolverFactoryMojoTest, GetProxyForURL_Disconnect) {
 
   {
     // Calling GetProxyForURL after a disconnect should fail.
-    scoped_ptr<Request> request(MakeRequest(GURL(kExampleUrl)));
+    std::unique_ptr<Request> request(MakeRequest(GURL(kExampleUrl)));
     EXPECT_EQ(ERR_PAC_SCRIPT_TERMINATED, request->Resolve());
   }
 }
@@ -828,7 +832,7 @@ TEST_F(ProxyResolverFactoryMojoTest, GetProxyForURL_ClientClosed) {
       GetProxyForUrlAction::DropRequest(GURL(kExampleUrl)));
   CreateProxyResolver();
 
-  scoped_ptr<Request> request1(MakeRequest(GURL(kExampleUrl)));
+  std::unique_ptr<Request> request1(MakeRequest(GURL(kExampleUrl)));
   EXPECT_EQ(ERR_IO_PENDING, request1->Resolve());
 
   EXPECT_EQ(ERR_PAC_SCRIPT_TERMINATED, request1->WaitForResult());
@@ -878,7 +882,7 @@ TEST_F(ProxyResolverFactoryMojoTest, GetProxyForURL_DnsRequest) {
       GetProxyForUrlAction::MakeDnsRequest(GURL(kExampleUrl)));
   CreateProxyResolver();
 
-  scoped_ptr<Request> request(MakeRequest(GURL(kExampleUrl)));
+  std::unique_ptr<Request> request(MakeRequest(GURL(kExampleUrl)));
   EXPECT_EQ(ERR_IO_PENDING, request->Resolve());
   EXPECT_EQ(LOAD_STATE_RESOLVING_PROXY_FOR_URL, request->load_state());
 
diff --git a/chromium/net/proxy/proxy_resolver_mac.cc b/chromium/net/proxy/proxy_resolver_mac.cc
index d4f41191d0a..cd4873c3f1e 100644
--- a/chromium/net/proxy/proxy_resolver_mac.cc
+++ b/chromium/net/proxy/proxy_resolver_mac.cc
@@ -220,9 +220,9 @@ ProxyResolverFactoryMac::ProxyResolverFactoryMac()
 
 int ProxyResolverFactoryMac::CreateProxyResolver(
     const scoped_refptr<ProxyResolverScriptData>& pac_script,
-    scoped_ptr<ProxyResolver>* resolver,
+    std::unique_ptr<ProxyResolver>* resolver,
     const CompletionCallback& callback,
-    scoped_ptr<Request>* request) {
+    std::unique_ptr<Request>* request) {
   resolver->reset(new ProxyResolverMac(pac_script));
   return OK;
 }
diff --git a/chromium/net/proxy/proxy_resolver_mac.h b/chromium/net/proxy/proxy_resolver_mac.h
index f8650212209..9cea9b4c20d 100644
--- a/chromium/net/proxy/proxy_resolver_mac.h
+++ b/chromium/net/proxy/proxy_resolver_mac.h
@@ -21,9 +21,9 @@ class NET_EXPORT ProxyResolverFactoryMac : public ProxyResolverFactory {
 
   int CreateProxyResolver(
       const scoped_refptr<ProxyResolverScriptData>& pac_script,
-      scoped_ptr<ProxyResolver>* resolver,
+      std::unique_ptr<ProxyResolver>* resolver,
       const CompletionCallback& callback,
-      scoped_ptr<Request>* request) override;
+      std::unique_ptr<Request>* request) override;
 
  private:
   DISALLOW_COPY_AND_ASSIGN(ProxyResolverFactoryMac);
diff --git a/chromium/net/proxy/proxy_resolver_perftest.cc b/chromium/net/proxy/proxy_resolver_perftest.cc
index 7aae5b21b38..2f352369f47 100644
--- a/chromium/net/proxy/proxy_resolver_perftest.cc
+++ b/chromium/net/proxy/proxy_resolver_perftest.cc
@@ -112,7 +112,7 @@ class PacPerfSuiteRunner {
   void RunTest(const std::string& script_name,
                const PacQuery* queries,
                int queries_len) {
-    scoped_ptr<ProxyResolver> resolver;
+    std::unique_ptr<ProxyResolver> resolver;
     if (!factory_->expects_pac_bytes()) {
       GURL pac_url = test_server_.GetURL(std::string("/") + script_name);
       int rv = factory_->CreateProxyResolver(
@@ -160,7 +160,7 @@ class PacPerfSuiteRunner {
   }
 
   // Read the PAC script from disk and initialize the proxy resolver with it.
-  scoped_ptr<ProxyResolver> LoadPacScriptAndCreateResolver(
+  std::unique_ptr<ProxyResolver> LoadPacScriptAndCreateResolver(
       const std::string& script_name) {
     base::FilePath path;
     PathService::Get(base::DIR_SOURCE_ROOT, &path);
@@ -179,7 +179,7 @@ class PacPerfSuiteRunner {
       return nullptr;
 
     // Load the PAC script into the ProxyResolver.
-    scoped_ptr<ProxyResolver> resolver;
+    std::unique_ptr<ProxyResolver> resolver;
     int rv = factory_->CreateProxyResolver(
         ProxyResolverScriptData::FromUTF8(file_contents), &resolver,
         CompletionCallback(), nullptr);
@@ -227,8 +227,8 @@ class MockJSBindings : public ProxyResolverV8::JSBindings {
 
 class ProxyResolverV8Wrapper : public ProxyResolver {
  public:
-  ProxyResolverV8Wrapper(scoped_ptr<ProxyResolverV8> resolver,
-                         scoped_ptr<MockJSBindings> bindings)
+  ProxyResolverV8Wrapper(std::unique_ptr<ProxyResolverV8> resolver,
+                         std::unique_ptr<MockJSBindings> bindings)
       : resolver_(std::move(resolver)), bindings_(std::move(bindings)) {}
 
   int GetProxyForURL(const GURL& url,
@@ -247,8 +247,8 @@ class ProxyResolverV8Wrapper : public ProxyResolver {
   }
 
  private:
-  scoped_ptr<ProxyResolverV8> resolver_;
-  scoped_ptr<MockJSBindings> bindings_;
+  std::unique_ptr<ProxyResolverV8> resolver_;
+  std::unique_ptr<MockJSBindings> bindings_;
 
   DISALLOW_COPY_AND_ASSIGN(ProxyResolverV8Wrapper);
 };
@@ -258,11 +258,11 @@ class ProxyResolverV8Factory : public ProxyResolverFactory {
   ProxyResolverV8Factory() : ProxyResolverFactory(true) {}
   int CreateProxyResolver(
       const scoped_refptr<ProxyResolverScriptData>& pac_script,
-      scoped_ptr<ProxyResolver>* resolver,
+      std::unique_ptr<ProxyResolver>* resolver,
       const net::CompletionCallback& callback,
-      scoped_ptr<Request>* request) override {
-    scoped_ptr<ProxyResolverV8> v8_resolver;
-    scoped_ptr<MockJSBindings> js_bindings_(new MockJSBindings);
+      std::unique_ptr<Request>* request) override {
+    std::unique_ptr<ProxyResolverV8> v8_resolver;
+    std::unique_ptr<MockJSBindings> js_bindings_(new MockJSBindings);
     int result =
         ProxyResolverV8::Create(pac_script, js_bindings_.get(), &v8_resolver);
     if (result == OK) {
diff --git a/chromium/net/proxy/proxy_resolver_v8.cc b/chromium/net/proxy/proxy_resolver_v8.cc
index a0c9717baca..3c9233d21e0 100644
--- a/chromium/net/proxy/proxy_resolver_v8.cc
+++ b/chromium/net/proxy/proxy_resolver_v8.cc
@@ -404,7 +404,7 @@ class SharedIsolateFactory {
 
  private:
   base::Lock lock_;
-  scoped_ptr<gin::IsolateHolder> holder_;
+  std::unique_ptr<gin::IsolateHolder> holder_;
   bool has_initialized_v8_;
 
   DISALLOW_COPY_AND_ASSIGN(SharedIsolateFactory);
@@ -836,7 +836,7 @@ class ProxyResolverV8::Context {
 
 // ProxyResolverV8 ------------------------------------------------------------
 
-ProxyResolverV8::ProxyResolverV8(scoped_ptr<Context> context)
+ProxyResolverV8::ProxyResolverV8(std::unique_ptr<Context> context)
     : context_(std::move(context)) {
   DCHECK(context_);
 }
@@ -853,7 +853,7 @@ int ProxyResolverV8::GetProxyForURL(const GURL& query_url,
 int ProxyResolverV8::Create(
     const scoped_refptr<ProxyResolverScriptData>& script_data,
     ProxyResolverV8::JSBindings* js_bindings,
-    scoped_ptr<ProxyResolverV8>* resolver) {
+    std::unique_ptr<ProxyResolverV8>* resolver) {
   DCHECK(script_data.get());
   DCHECK(js_bindings);
 
@@ -861,7 +861,7 @@ int ProxyResolverV8::Create(
     return ERR_PAC_SCRIPT_FAILED;
 
   // Try parsing the PAC script.
-  scoped_ptr<Context> context(
+  std::unique_ptr<Context> context(
       new Context(g_isolate_factory.Get().GetSharedIsolate()));
   int rv = context->InitV8(script_data, js_bindings);
   if (rv == OK)
diff --git a/chromium/net/proxy/proxy_resolver_v8.h b/chromium/net/proxy/proxy_resolver_v8.h
index abd2e94a413..ce224072e18 100644
--- a/chromium/net/proxy/proxy_resolver_v8.h
+++ b/chromium/net/proxy/proxy_resolver_v8.h
@@ -7,10 +7,11 @@
 
 #include <stddef.h>
 
+#include <memory>
+
 #include "base/compiler_specific.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string16.h"
 #include "net/base/net_export.h"
 
@@ -58,7 +59,7 @@ class NET_EXPORT_PRIVATE ProxyResolverV8 {
   // Constructs a ProxyResolverV8.
   static int Create(const scoped_refptr<ProxyResolverScriptData>& script_data,
                     JSBindings* bindings,
-                    scoped_ptr<ProxyResolverV8>* resolver);
+                    std::unique_ptr<ProxyResolverV8>* resolver);
 
   ~ProxyResolverV8();
 
@@ -73,9 +74,9 @@ class NET_EXPORT_PRIVATE ProxyResolverV8 {
   // Context holds the Javascript state for the PAC script.
   class Context;
 
-  explicit ProxyResolverV8(scoped_ptr<Context> context);
+  explicit ProxyResolverV8(std::unique_ptr<Context> context);
 
-  scoped_ptr<Context> context_;
+  std::unique_ptr<Context> context_;
 
   DISALLOW_COPY_AND_ASSIGN(ProxyResolverV8);
 };
diff --git a/chromium/net/proxy/proxy_resolver_v8_tracing.cc b/chromium/net/proxy/proxy_resolver_v8_tracing.cc
index c21ebd77f8c..0a1dccb9ea0 100644
--- a/chromium/net/proxy/proxy_resolver_v8_tracing.cc
+++ b/chromium/net/proxy/proxy_resolver_v8_tracing.cc
@@ -11,13 +11,14 @@
 
 #include "base/bind.h"
 #include "base/macros.h"
+#include "base/memory/ptr_util.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/stringprintf.h"
 #include "base/synchronization/cancellation_flag.h"
 #include "base/synchronization/waitable_event.h"
-#include "base/thread_task_runner_handle.h"
 #include "base/threading/thread.h"
 #include "base/threading/thread_restrictions.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/trace_event/trace_event.h"
 #include "net/base/address_list.h"
 #include "net/base/net_errors.h"
@@ -93,12 +94,12 @@ class Job : public base::RefCountedThreadSafe<Job>,
   // |params| is non-owned. It contains the parameters for this Job, and must
   // outlive it.
   Job(const Params* params,
-      scoped_ptr<ProxyResolverV8Tracing::Bindings> bindings);
+      std::unique_ptr<ProxyResolverV8Tracing::Bindings> bindings);
 
   // Called from origin thread.
   void StartCreateV8Resolver(
       const scoped_refptr<ProxyResolverScriptData>& script_data,
-      scoped_ptr<ProxyResolverV8>* resolver,
+      std::unique_ptr<ProxyResolverV8>* resolver,
       const CompletionCallback& callback);
 
   // Called from origin thread.
@@ -209,7 +210,7 @@ class Job : public base::RefCountedThreadSafe<Job>,
   // Initialized on origin thread and then accessed from both threads.
   const Params* const params_;
 
-  scoped_ptr<ProxyResolverV8Tracing::Bindings> bindings_;
+  std::unique_ptr<ProxyResolverV8Tracing::Bindings> bindings_;
 
   // The callback to run (on the origin thread) when the Job finishes.
   // Should only be accessed from origin thread.
@@ -244,7 +245,7 @@ class Job : public base::RefCountedThreadSafe<Job>,
   // -------------------------------------------------------
 
   scoped_refptr<ProxyResolverScriptData> script_data_;
-  scoped_ptr<ProxyResolverV8>* resolver_out_;
+  std::unique_ptr<ProxyResolverV8>* resolver_out_;
 
   // -------------------------------------------------------
   // State specific to GET_PROXY_FOR_URL.
@@ -302,9 +303,9 @@ class Job : public base::RefCountedThreadSafe<Job>,
 class ProxyResolverV8TracingImpl : public ProxyResolverV8Tracing,
                                    public base::NonThreadSafe {
  public:
-  ProxyResolverV8TracingImpl(scoped_ptr<base::Thread> thread,
-                             scoped_ptr<ProxyResolverV8> resolver,
-                             scoped_ptr<Job::Params> job_params);
+  ProxyResolverV8TracingImpl(std::unique_ptr<base::Thread> thread,
+                             std::unique_ptr<ProxyResolverV8> resolver,
+                             std::unique_ptr<Job::Params> job_params);
 
   ~ProxyResolverV8TracingImpl() override;
 
@@ -313,16 +314,16 @@ class ProxyResolverV8TracingImpl : public ProxyResolverV8Tracing,
                       ProxyInfo* results,
                       const CompletionCallback& callback,
                       ProxyResolver::RequestHandle* request,
-                      scoped_ptr<Bindings> bindings) override;
+                      std::unique_ptr<Bindings> bindings) override;
   void CancelRequest(ProxyResolver::RequestHandle request) override;
   LoadState GetLoadState(ProxyResolver::RequestHandle request) const override;
 
  private:
   // The worker thread on which the ProxyResolverV8 will be run.
-  scoped_ptr<base::Thread> thread_;
-  scoped_ptr<ProxyResolverV8> v8_resolver_;
+  std::unique_ptr<base::Thread> thread_;
+  std::unique_ptr<ProxyResolverV8> v8_resolver_;
 
-  scoped_ptr<Job::Params> job_params_;
+  std::unique_ptr<Job::Params> job_params_;
 
   // The number of outstanding (non-cancelled) jobs.
   int num_outstanding_callbacks_;
@@ -331,7 +332,7 @@ class ProxyResolverV8TracingImpl : public ProxyResolverV8Tracing,
 };
 
 Job::Job(const Job::Params* params,
-         scoped_ptr<ProxyResolverV8Tracing::Bindings> bindings)
+         std::unique_ptr<ProxyResolverV8Tracing::Bindings> bindings)
     : origin_runner_(base::ThreadTaskRunnerHandle::Get()),
       params_(params),
       bindings_(std::move(bindings)),
@@ -343,7 +344,7 @@ Job::Job(const Job::Params* params,
 
 void Job::StartCreateV8Resolver(
     const scoped_refptr<ProxyResolverScriptData>& script_data,
-    scoped_ptr<ProxyResolverV8>* resolver,
+    std::unique_ptr<ProxyResolverV8>* resolver,
     const CompletionCallback& callback) {
   CheckIsOnOriginThread();
 
@@ -554,7 +555,7 @@ int Job::ExecuteProxyResolver() {
 
   switch (operation_) {
     case CREATE_V8_RESOLVER: {
-      scoped_ptr<ProxyResolverV8> resolver;
+      std::unique_ptr<ProxyResolverV8> resolver;
       result = ProxyResolverV8::Create(script_data_, this, &resolver);
       if (result == OK)
         *resolver_out_ = std::move(resolver);
@@ -917,9 +918,9 @@ void Job::DispatchAlertOrErrorOnOriginThread(bool is_alert,
 }
 
 ProxyResolverV8TracingImpl::ProxyResolverV8TracingImpl(
-    scoped_ptr<base::Thread> thread,
-    scoped_ptr<ProxyResolverV8> resolver,
-    scoped_ptr<Job::Params> job_params)
+    std::unique_ptr<base::Thread> thread,
+    std::unique_ptr<ProxyResolverV8> resolver,
+    std::unique_ptr<Job::Params> job_params)
     : thread_(std::move(thread)),
       v8_resolver_(std::move(resolver)),
       job_params_(std::move(job_params)),
@@ -941,7 +942,7 @@ void ProxyResolverV8TracingImpl::GetProxyForURL(
     ProxyInfo* results,
     const CompletionCallback& callback,
     ProxyResolver::RequestHandle* request,
-    scoped_ptr<Bindings> bindings) {
+    std::unique_ptr<Bindings> bindings) {
   DCHECK(CalledOnValidThread());
   DCHECK(!callback.is_null());
 
@@ -972,10 +973,10 @@ class ProxyResolverV8TracingFactoryImpl : public ProxyResolverV8TracingFactory {
 
   void CreateProxyResolverV8Tracing(
       const scoped_refptr<ProxyResolverScriptData>& pac_script,
-      scoped_ptr<ProxyResolverV8Tracing::Bindings> bindings,
-      scoped_ptr<ProxyResolverV8Tracing>* resolver,
+      std::unique_ptr<ProxyResolverV8Tracing::Bindings> bindings,
+      std::unique_ptr<ProxyResolverV8Tracing>* resolver,
       const CompletionCallback& callback,
-      scoped_ptr<ProxyResolverFactory::Request>* request) override;
+      std::unique_ptr<ProxyResolverFactory::Request>* request) override;
 
  private:
   class CreateJob;
@@ -991,9 +992,9 @@ class ProxyResolverV8TracingFactoryImpl::CreateJob
     : public ProxyResolverFactory::Request {
  public:
   CreateJob(ProxyResolverV8TracingFactoryImpl* factory,
-            scoped_ptr<ProxyResolverV8Tracing::Bindings> bindings,
+            std::unique_ptr<ProxyResolverV8Tracing::Bindings> bindings,
             const scoped_refptr<ProxyResolverScriptData>& pac_script,
-            scoped_ptr<ProxyResolverV8Tracing>* resolver_out,
+            std::unique_ptr<ProxyResolverV8Tracing>* resolver_out,
             const CompletionCallback& callback)
       : factory_(factory),
         thread_(new base::Thread("Proxy Resolver")),
@@ -1055,11 +1056,11 @@ class ProxyResolverV8TracingFactoryImpl::CreateJob
   }
 
   ProxyResolverV8TracingFactoryImpl* factory_;
-  scoped_ptr<base::Thread> thread_;
-  scoped_ptr<Job::Params> job_params_;
+  std::unique_ptr<base::Thread> thread_;
+  std::unique_ptr<Job::Params> job_params_;
   scoped_refptr<Job> create_resolver_job_;
-  scoped_ptr<ProxyResolverV8> v8_resolver_;
-  scoped_ptr<ProxyResolverV8Tracing>* resolver_out_;
+  std::unique_ptr<ProxyResolverV8> v8_resolver_;
+  std::unique_ptr<ProxyResolverV8Tracing>* resolver_out_;
   const CompletionCallback callback_;
   int num_outstanding_callbacks_;
 
@@ -1077,11 +1078,11 @@ ProxyResolverV8TracingFactoryImpl::~ProxyResolverV8TracingFactoryImpl() {
 
 void ProxyResolverV8TracingFactoryImpl::CreateProxyResolverV8Tracing(
     const scoped_refptr<ProxyResolverScriptData>& pac_script,
-    scoped_ptr<ProxyResolverV8Tracing::Bindings> bindings,
-    scoped_ptr<ProxyResolverV8Tracing>* resolver,
+    std::unique_ptr<ProxyResolverV8Tracing::Bindings> bindings,
+    std::unique_ptr<ProxyResolverV8Tracing>* resolver,
     const CompletionCallback& callback,
-    scoped_ptr<ProxyResolverFactory::Request>* request) {
-  scoped_ptr<CreateJob> job(
+    std::unique_ptr<ProxyResolverFactory::Request>* request) {
+  std::unique_ptr<CreateJob> job(
       new CreateJob(this, std::move(bindings), pac_script, resolver, callback));
   jobs_.insert(job.get());
   *request = std::move(job);
@@ -1096,9 +1097,9 @@ void ProxyResolverV8TracingFactoryImpl::RemoveJob(
 }  // namespace
 
 // static
-scoped_ptr<ProxyResolverV8TracingFactory>
+std::unique_ptr<ProxyResolverV8TracingFactory>
 ProxyResolverV8TracingFactory::Create() {
-  return make_scoped_ptr(new ProxyResolverV8TracingFactoryImpl());
+  return base::WrapUnique(new ProxyResolverV8TracingFactoryImpl());
 }
 
 }  // namespace net
diff --git a/chromium/net/proxy/proxy_resolver_v8_tracing.h b/chromium/net/proxy/proxy_resolver_v8_tracing.h
index f5f66cf7486..6bca78bb64c 100644
--- a/chromium/net/proxy/proxy_resolver_v8_tracing.h
+++ b/chromium/net/proxy/proxy_resolver_v8_tracing.h
@@ -5,9 +5,10 @@
 #ifndef NET_PROXY_PROXY_RESOLVER_V8_TRACING_H_
 #define NET_PROXY_PROXY_RESOLVER_V8_TRACING_H_
 
+#include <memory>
+
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 #include "net/proxy/proxy_resolver.h"
 #include "net/proxy/proxy_resolver_factory.h"
@@ -56,7 +57,7 @@ class NET_EXPORT ProxyResolverV8Tracing {
                               ProxyInfo* results,
                               const CompletionCallback& callback,
                               ProxyResolver::RequestHandle* request,
-                              scoped_ptr<Bindings> bindings) = 0;
+                              std::unique_ptr<Bindings> bindings) = 0;
 
   // Cancels |request|.
   virtual void CancelRequest(ProxyResolver::RequestHandle request) = 0;
@@ -78,12 +79,12 @@ class NET_EXPORT ProxyResolverV8TracingFactory {
 
   virtual void CreateProxyResolverV8Tracing(
       const scoped_refptr<ProxyResolverScriptData>& pac_script,
-      scoped_ptr<ProxyResolverV8Tracing::Bindings> bindings,
-      scoped_ptr<ProxyResolverV8Tracing>* resolver,
+      std::unique_ptr<ProxyResolverV8Tracing::Bindings> bindings,
+      std::unique_ptr<ProxyResolverV8Tracing>* resolver,
       const CompletionCallback& callback,
-      scoped_ptr<ProxyResolverFactory::Request>* request) = 0;
+      std::unique_ptr<ProxyResolverFactory::Request>* request) = 0;
 
-  static scoped_ptr<ProxyResolverV8TracingFactory> Create();
+  static std::unique_ptr<ProxyResolverV8TracingFactory> Create();
 
  private:
   DISALLOW_COPY_AND_ASSIGN(ProxyResolverV8TracingFactory);
diff --git a/chromium/net/proxy/proxy_resolver_v8_tracing_unittest.cc b/chromium/net/proxy/proxy_resolver_v8_tracing_unittest.cc
index 888dd18af57..e28edd1d5bf 100644
--- a/chromium/net/proxy/proxy_resolver_v8_tracing_unittest.cc
+++ b/chromium/net/proxy/proxy_resolver_v8_tracing_unittest.cc
@@ -8,6 +8,7 @@
 #include <utility>
 
 #include "base/files/file_util.h"
+#include "base/memory/ptr_util.h"
 #include "base/path_service.h"
 #include "base/run_loop.h"
 #include "base/strings/utf_string_conversions.h"
@@ -88,8 +89,8 @@ class MockBindings {
     waiter_.WaitForEvent(EVENT_ERROR);
   }
 
-  scoped_ptr<ProxyResolverV8Tracing::Bindings> CreateBindings() {
-    return make_scoped_ptr(new ForwardingBindings(this));
+  std::unique_ptr<ProxyResolverV8Tracing::Bindings> CreateBindings() {
+    return base::WrapUnique(new ForwardingBindings(this));
   }
 
  private:
@@ -134,14 +135,14 @@ class MockBindings {
   EventWaiter<Event> waiter_;
 };
 
-scoped_ptr<ProxyResolverV8Tracing> CreateResolver(
-    scoped_ptr<ProxyResolverV8Tracing::Bindings> bindings,
+std::unique_ptr<ProxyResolverV8Tracing> CreateResolver(
+    std::unique_ptr<ProxyResolverV8Tracing::Bindings> bindings,
     const char* filename) {
-  scoped_ptr<ProxyResolverV8Tracing> resolver;
-  scoped_ptr<ProxyResolverV8TracingFactory> factory(
+  std::unique_ptr<ProxyResolverV8Tracing> resolver;
+  std::unique_ptr<ProxyResolverV8TracingFactory> factory(
       ProxyResolverV8TracingFactory::Create());
   TestCompletionCallback callback;
-  scoped_ptr<ProxyResolverFactory::Request> request;
+  std::unique_ptr<ProxyResolverFactory::Request> request;
   factory->CreateProxyResolverV8Tracing(LoadScriptData(filename),
                                         std::move(bindings), &resolver,
                                         callback.callback(), &request);
@@ -154,7 +155,7 @@ TEST_F(ProxyResolverV8TracingTest, Simple) {
   MockCachingHostResolver host_resolver;
   MockBindings mock_bindings(&host_resolver);
 
-  scoped_ptr<ProxyResolverV8Tracing> resolver =
+  std::unique_ptr<ProxyResolverV8Tracing> resolver =
       CreateResolver(mock_bindings.CreateBindings(), "simple.js");
 
   TestCompletionCallback callback;
@@ -179,7 +180,7 @@ TEST_F(ProxyResolverV8TracingTest, JavascriptError) {
   MockCachingHostResolver host_resolver;
   MockBindings mock_bindings(&host_resolver);
 
-  scoped_ptr<ProxyResolverV8Tracing> resolver =
+  std::unique_ptr<ProxyResolverV8Tracing> resolver =
       CreateResolver(mock_bindings.CreateBindings(), "error.js");
 
   TestCompletionCallback callback;
@@ -206,7 +207,7 @@ TEST_F(ProxyResolverV8TracingTest, TooManyAlerts) {
   MockCachingHostResolver host_resolver;
   MockBindings mock_bindings(&host_resolver);
 
-  scoped_ptr<ProxyResolverV8Tracing> resolver =
+  std::unique_ptr<ProxyResolverV8Tracing> resolver =
       CreateResolver(mock_bindings.CreateBindings(), "too_many_alerts.js");
 
   TestCompletionCallback callback;
@@ -242,7 +243,7 @@ TEST_F(ProxyResolverV8TracingTest, TooManyEmptyAlerts) {
   MockCachingHostResolver host_resolver;
   MockBindings mock_bindings(&host_resolver);
 
-  scoped_ptr<ProxyResolverV8Tracing> resolver = CreateResolver(
+  std::unique_ptr<ProxyResolverV8Tracing> resolver = CreateResolver(
       mock_bindings.CreateBindings(), "too_many_empty_alerts.js");
 
   TestCompletionCallback callback;
@@ -288,7 +289,7 @@ TEST_F(ProxyResolverV8TracingTest, Dns) {
       "*", ADDRESS_FAMILY_IPV4, "122.133.144.155");
   host_resolver.rules()->AddRule("*", "133.122.100.200");
 
-  scoped_ptr<ProxyResolverV8Tracing> resolver =
+  std::unique_ptr<ProxyResolverV8Tracing> resolver =
       CreateResolver(mock_bindings.CreateBindings(), "dns.js");
 
   TestCompletionCallback callback;
@@ -339,7 +340,7 @@ TEST_F(ProxyResolverV8TracingTest, DnsChecksCache) {
   host_resolver.rules()->AddRule("foopy", "166.155.144.11");
   host_resolver.rules()->AddRule("*", "122.133.144.155");
 
-  scoped_ptr<ProxyResolverV8Tracing> resolver =
+  std::unique_ptr<ProxyResolverV8Tracing> resolver =
       CreateResolver(mock_bindings.CreateBindings(), "simple_dns.js");
 
   TestCompletionCallback callback1;
@@ -385,7 +386,7 @@ TEST_F(ProxyResolverV8TracingTest, FallBackToSynchronous1) {
   host_resolver.rules()->AddRule("crazy4", "133.199.111.4");
   host_resolver.rules()->AddRule("*", "122.133.144.155");
 
-  scoped_ptr<ProxyResolverV8Tracing> resolver =
+  std::unique_ptr<ProxyResolverV8Tracing> resolver =
       CreateResolver(mock_bindings.CreateBindings(), "global_sideffects1.js");
 
   TestCompletionCallback callback;
@@ -424,7 +425,7 @@ TEST_F(ProxyResolverV8TracingTest, FallBackToSynchronous2) {
   host_resolver.rules()->AddRule("host4", "166.155.144.44");
   host_resolver.rules()->AddRule("*", "122.133.144.155");
 
-  scoped_ptr<ProxyResolverV8Tracing> resolver =
+  std::unique_ptr<ProxyResolverV8Tracing> resolver =
       CreateResolver(mock_bindings.CreateBindings(), "global_sideffects2.js");
 
   TestCompletionCallback callback;
@@ -455,7 +456,7 @@ TEST_F(ProxyResolverV8TracingTest, InfiniteDNSSequence) {
   host_resolver.rules()->AddRule("host*", "166.155.144.11");
   host_resolver.rules()->AddRule("*", "122.133.144.155");
 
-  scoped_ptr<ProxyResolverV8Tracing> resolver =
+  std::unique_ptr<ProxyResolverV8Tracing> resolver =
       CreateResolver(mock_bindings.CreateBindings(), "global_sideffects3.js");
 
   TestCompletionCallback callback;
@@ -495,7 +496,7 @@ TEST_F(ProxyResolverV8TracingTest, InfiniteDNSSequence2) {
   host_resolver.rules()->AddRule("host*", "166.155.144.11");
   host_resolver.rules()->AddRule("*", "122.133.144.155");
 
-  scoped_ptr<ProxyResolverV8Tracing> resolver =
+  std::unique_ptr<ProxyResolverV8Tracing> resolver =
       CreateResolver(mock_bindings.CreateBindings(), "global_sideffects4.js");
 
   TestCompletionCallback callback;
@@ -526,7 +527,7 @@ void DnsDuringInitHelper(bool synchronous_host_resolver) {
   host_resolver.rules()->AddRule("host1", "91.13.12.1");
   host_resolver.rules()->AddRule("host2", "91.13.12.2");
 
-  scoped_ptr<ProxyResolverV8Tracing> resolver =
+  std::unique_ptr<ProxyResolverV8Tracing> resolver =
       CreateResolver(mock_bindings.CreateBindings(), "dns_during_init.js");
 
   // Initialization did 2 dnsResolves.
@@ -582,7 +583,7 @@ TEST_F(ProxyResolverV8TracingTest, CancelAll) {
 
   host_resolver.rules()->AddSimulatedFailure("*");
 
-  scoped_ptr<ProxyResolverV8Tracing> resolver =
+  std::unique_ptr<ProxyResolverV8Tracing> resolver =
       CreateResolver(mock_bindings.CreateBindings(), "dns.js");
 
   const size_t kNumRequests = 5;
@@ -609,7 +610,7 @@ TEST_F(ProxyResolverV8TracingTest, CancelSome) {
 
   host_resolver.rules()->AddSimulatedFailure("*");
 
-  scoped_ptr<ProxyResolverV8Tracing> resolver =
+  std::unique_ptr<ProxyResolverV8Tracing> resolver =
       CreateResolver(mock_bindings.CreateBindings(), "dns.js");
 
   ProxyInfo proxy_info1;
@@ -638,7 +639,7 @@ TEST_F(ProxyResolverV8TracingTest, CancelWhilePendingCompletionTask) {
 
   host_resolver.rules()->AddSimulatedFailure("*");
 
-  scoped_ptr<ProxyResolverV8Tracing> resolver =
+  std::unique_ptr<ProxyResolverV8Tracing> resolver =
       CreateResolver(mock_bindings.CreateBindings(), "error.js");
 
   ProxyInfo proxy_info1;
@@ -741,7 +742,7 @@ TEST_F(ProxyResolverV8TracingTest, CancelWhileOutstandingNonBlockingDns) {
   BlockableHostResolver host_resolver;
   MockBindings mock_bindings(&host_resolver);
 
-  scoped_ptr<ProxyResolverV8Tracing> resolver =
+  std::unique_ptr<ProxyResolverV8Tracing> resolver =
       CreateResolver(mock_bindings.CreateBindings(), "dns.js");
 
   ProxyInfo proxy_info1;
@@ -788,7 +789,7 @@ TEST_F(ProxyResolverV8TracingTest, CancelWhileBlockedInNonBlockingDns) {
   BlockableHostResolver host_resolver;
   MockBindings mock_bindings(&host_resolver);
 
-  scoped_ptr<ProxyResolverV8Tracing> resolver =
+  std::unique_ptr<ProxyResolverV8Tracing> resolver =
       CreateResolver(mock_bindings.CreateBindings(), "dns.js");
 
   ProxyInfo proxy_info;
@@ -810,7 +811,7 @@ TEST_F(ProxyResolverV8TracingTest, CancelWhileBlockedInNonBlockingDns2) {
   MockCachingHostResolver host_resolver;
   MockBindings mock_bindings(&host_resolver);
 
-  scoped_ptr<ProxyResolverV8Tracing> resolver =
+  std::unique_ptr<ProxyResolverV8Tracing> resolver =
       CreateResolver(mock_bindings.CreateBindings(), "dns.js");
 
   ProxyInfo proxy_info;
@@ -834,10 +835,10 @@ TEST_F(ProxyResolverV8TracingTest,
   BlockableHostResolver host_resolver;
   MockBindings mock_bindings(&host_resolver);
 
-  scoped_ptr<ProxyResolverV8TracingFactory> factory(
+  std::unique_ptr<ProxyResolverV8TracingFactory> factory(
       ProxyResolverV8TracingFactory::Create());
-  scoped_ptr<ProxyResolverV8Tracing> resolver;
-  scoped_ptr<ProxyResolverFactory::Request> request;
+  std::unique_ptr<ProxyResolverV8Tracing> resolver;
+  std::unique_ptr<ProxyResolverFactory::Request> request;
   factory->CreateProxyResolverV8Tracing(
       LoadScriptData("dns_during_init.js"), mock_bindings.CreateBindings(),
       &resolver, base::Bind(&CrashCallback), &request);
@@ -852,10 +853,10 @@ TEST_F(ProxyResolverV8TracingTest, DeleteFactoryWhileOutstandingBlockingDns) {
   BlockableHostResolver host_resolver;
   MockBindings mock_bindings(&host_resolver);
 
-  scoped_ptr<ProxyResolverV8Tracing> resolver;
-  scoped_ptr<ProxyResolverFactory::Request> request;
+  std::unique_ptr<ProxyResolverV8Tracing> resolver;
+  std::unique_ptr<ProxyResolverFactory::Request> request;
   {
-    scoped_ptr<ProxyResolverV8TracingFactory> factory(
+    std::unique_ptr<ProxyResolverV8TracingFactory> factory(
         ProxyResolverV8TracingFactory::Create());
 
     factory->CreateProxyResolverV8Tracing(
@@ -870,10 +871,10 @@ TEST_F(ProxyResolverV8TracingTest, ErrorLoadingScript) {
   BlockableHostResolver host_resolver;
   MockBindings mock_bindings(&host_resolver);
 
-  scoped_ptr<ProxyResolverV8TracingFactory> factory(
+  std::unique_ptr<ProxyResolverV8TracingFactory> factory(
       ProxyResolverV8TracingFactory::Create());
-  scoped_ptr<ProxyResolverV8Tracing> resolver;
-  scoped_ptr<ProxyResolverFactory::Request> request;
+  std::unique_ptr<ProxyResolverV8Tracing> resolver;
+  std::unique_ptr<ProxyResolverFactory::Request> request;
   TestCompletionCallback callback;
   factory->CreateProxyResolverV8Tracing(
       LoadScriptData("error_on_load.js"), mock_bindings.CreateBindings(),
@@ -892,7 +893,7 @@ TEST_F(ProxyResolverV8TracingTest, Terminate) {
   host_resolver.rules()->AddRule("host1", "182.111.0.222");
   host_resolver.rules()->AddRule("host2", "111.33.44.55");
 
-  scoped_ptr<ProxyResolverV8Tracing> resolver =
+  std::unique_ptr<ProxyResolverV8Tracing> resolver =
       CreateResolver(mock_bindings.CreateBindings(), "terminate.js");
 
   TestCompletionCallback callback;
@@ -934,19 +935,19 @@ TEST_F(ProxyResolverV8TracingTest, MultipleResolvers) {
   host_resolver0.rules()->AddRuleForAddressFamily(
       "*", ADDRESS_FAMILY_IPV4, "122.133.144.155");
   host_resolver0.rules()->AddRule("*", "133.122.100.200");
-  scoped_ptr<ProxyResolverV8Tracing> resolver0 =
+  std::unique_ptr<ProxyResolverV8Tracing> resolver0 =
       CreateResolver(mock_bindings0.CreateBindings(), "dns.js");
 
   // ------------------------
   // Setup resolver1
   // ------------------------
-  scoped_ptr<ProxyResolverV8Tracing> resolver1 =
+  std::unique_ptr<ProxyResolverV8Tracing> resolver1 =
       CreateResolver(mock_bindings0.CreateBindings(), "dns.js");
 
   // ------------------------
   // Setup resolver2
   // ------------------------
-  scoped_ptr<ProxyResolverV8Tracing> resolver2 =
+  std::unique_ptr<ProxyResolverV8Tracing> resolver2 =
       CreateResolver(mock_bindings0.CreateBindings(), "simple.js");
 
   // ------------------------
@@ -955,7 +956,7 @@ TEST_F(ProxyResolverV8TracingTest, MultipleResolvers) {
   MockHostResolver host_resolver3;
   MockBindings mock_bindings3(&host_resolver3);
   host_resolver3.rules()->AddRule("foo", "166.155.144.33");
-  scoped_ptr<ProxyResolverV8Tracing> resolver3 =
+  std::unique_ptr<ProxyResolverV8Tracing> resolver3 =
       CreateResolver(mock_bindings3.CreateBindings(), "simple_dns.js");
 
   // ------------------------
diff --git a/chromium/net/proxy/proxy_resolver_v8_tracing_wrapper.cc b/chromium/net/proxy/proxy_resolver_v8_tracing_wrapper.cc
index 25144b61813..8c23cab5e25 100644
--- a/chromium/net/proxy/proxy_resolver_v8_tracing_wrapper.cc
+++ b/chromium/net/proxy/proxy_resolver_v8_tracing_wrapper.cc
@@ -9,6 +9,7 @@
 
 #include "base/bind.h"
 #include "base/macros.h"
+#include "base/memory/ptr_util.h"
 #include "base/values.h"
 #include "net/base/net_errors.h"
 #include "net/log/net_log.h"
@@ -18,11 +19,11 @@ namespace net {
 namespace {
 
 // Returns event parameters for a PAC error message (line number + message).
-scoped_ptr<base::Value> NetLogErrorCallback(
+std::unique_ptr<base::Value> NetLogErrorCallback(
     int line_number,
     const base::string16* message,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetInteger("line_number", line_number);
   dict->SetString("message", *message);
   return std::move(dict);
@@ -80,10 +81,10 @@ class BindingsImpl : public ProxyResolverV8Tracing::Bindings {
 class ProxyResolverV8TracingWrapper : public ProxyResolver {
  public:
   ProxyResolverV8TracingWrapper(
-      scoped_ptr<ProxyResolverV8Tracing> resolver_impl,
+      std::unique_ptr<ProxyResolverV8Tracing> resolver_impl,
       NetLog* net_log,
       HostResolver* host_resolver,
-      scoped_ptr<ProxyResolverErrorObserver> error_observer);
+      std::unique_ptr<ProxyResolverErrorObserver> error_observer);
 
   int GetProxyForURL(const GURL& url,
                      ProxyInfo* results,
@@ -96,19 +97,19 @@ class ProxyResolverV8TracingWrapper : public ProxyResolver {
   LoadState GetLoadState(RequestHandle request) const override;
 
  private:
-  scoped_ptr<ProxyResolverV8Tracing> resolver_impl_;
+  std::unique_ptr<ProxyResolverV8Tracing> resolver_impl_;
   NetLog* net_log_;
   HostResolver* host_resolver_;
-  scoped_ptr<ProxyResolverErrorObserver> error_observer_;
+  std::unique_ptr<ProxyResolverErrorObserver> error_observer_;
 
   DISALLOW_COPY_AND_ASSIGN(ProxyResolverV8TracingWrapper);
 };
 
 ProxyResolverV8TracingWrapper::ProxyResolverV8TracingWrapper(
-    scoped_ptr<ProxyResolverV8Tracing> resolver_impl,
+    std::unique_ptr<ProxyResolverV8Tracing> resolver_impl,
     NetLog* net_log,
     HostResolver* host_resolver,
-    scoped_ptr<ProxyResolverErrorObserver> error_observer)
+    std::unique_ptr<ProxyResolverErrorObserver> error_observer)
     : resolver_impl_(std::move(resolver_impl)),
       net_log_(net_log),
       host_resolver_(host_resolver),
@@ -122,8 +123,8 @@ int ProxyResolverV8TracingWrapper::GetProxyForURL(
     const BoundNetLog& net_log) {
   resolver_impl_->GetProxyForURL(
       url, results, callback, request,
-      make_scoped_ptr(new BindingsImpl(error_observer_.get(), host_resolver_,
-                                       net_log_, net_log)));
+      base::WrapUnique(new BindingsImpl(error_observer_.get(), host_resolver_,
+                                        net_log_, net_log)));
   return ERR_IO_PENDING;
 }
 
@@ -141,35 +142,35 @@ LoadState ProxyResolverV8TracingWrapper::GetLoadState(
 ProxyResolverFactoryV8TracingWrapper::ProxyResolverFactoryV8TracingWrapper(
     HostResolver* host_resolver,
     NetLog* net_log,
-    const base::Callback<scoped_ptr<ProxyResolverErrorObserver>()>&
+    const base::Callback<std::unique_ptr<ProxyResolverErrorObserver>()>&
         error_observer_factory)
     : ProxyResolverFactory(true),
       factory_impl_(ProxyResolverV8TracingFactory::Create()),
       host_resolver_(host_resolver),
       net_log_(net_log),
-      error_observer_factory_(error_observer_factory) {
-}
+      error_observer_factory_(error_observer_factory) {}
 
 ProxyResolverFactoryV8TracingWrapper::~ProxyResolverFactoryV8TracingWrapper() =
     default;
 
 int ProxyResolverFactoryV8TracingWrapper::CreateProxyResolver(
     const scoped_refptr<ProxyResolverScriptData>& pac_script,
-    scoped_ptr<ProxyResolver>* resolver,
+    std::unique_ptr<ProxyResolver>* resolver,
     const CompletionCallback& callback,
-    scoped_ptr<Request>* request) {
-  scoped_ptr<scoped_ptr<ProxyResolverV8Tracing>> v8_resolver(
-      new scoped_ptr<ProxyResolverV8Tracing>);
-  scoped_ptr<ProxyResolverErrorObserver> error_observer =
+    std::unique_ptr<Request>* request) {
+  std::unique_ptr<std::unique_ptr<ProxyResolverV8Tracing>> v8_resolver(
+      new std::unique_ptr<ProxyResolverV8Tracing>);
+  std::unique_ptr<ProxyResolverErrorObserver> error_observer =
       error_observer_factory_.Run();
   // Note: Argument evaluation order is unspecified, so make copies before
   // passing |v8_resolver| and |error_observer|.
-  scoped_ptr<ProxyResolverV8Tracing>* v8_resolver_local = v8_resolver.get();
+  std::unique_ptr<ProxyResolverV8Tracing>* v8_resolver_local =
+      v8_resolver.get();
   ProxyResolverErrorObserver* error_observer_local = error_observer.get();
   factory_impl_->CreateProxyResolverV8Tracing(
       pac_script,
-      make_scoped_ptr(new BindingsImpl(error_observer_local, host_resolver_,
-                                       net_log_, BoundNetLog())),
+      base::WrapUnique(new BindingsImpl(error_observer_local, host_resolver_,
+                                        net_log_, BoundNetLog())),
       v8_resolver_local,
       base::Bind(&ProxyResolverFactoryV8TracingWrapper::OnProxyResolverCreated,
                  base::Unretained(this), base::Passed(&v8_resolver), resolver,
@@ -179,10 +180,10 @@ int ProxyResolverFactoryV8TracingWrapper::CreateProxyResolver(
 }
 
 void ProxyResolverFactoryV8TracingWrapper::OnProxyResolverCreated(
-    scoped_ptr<scoped_ptr<ProxyResolverV8Tracing>> v8_resolver,
-    scoped_ptr<ProxyResolver>* resolver,
+    std::unique_ptr<std::unique_ptr<ProxyResolverV8Tracing>> v8_resolver,
+    std::unique_ptr<ProxyResolver>* resolver,
     const CompletionCallback& callback,
-    scoped_ptr<ProxyResolverErrorObserver> error_observer,
+    std::unique_ptr<ProxyResolverErrorObserver> error_observer,
     int error) {
   if (error == OK) {
     resolver->reset(new ProxyResolverV8TracingWrapper(
diff --git a/chromium/net/proxy/proxy_resolver_v8_tracing_wrapper.h b/chromium/net/proxy/proxy_resolver_v8_tracing_wrapper.h
index 000f94db1c3..d05f4af6647 100644
--- a/chromium/net/proxy/proxy_resolver_v8_tracing_wrapper.h
+++ b/chromium/net/proxy/proxy_resolver_v8_tracing_wrapper.h
@@ -5,9 +5,10 @@
 #ifndef NET_PROXY_PROXY_RESOLVER_V8_TRACING_WRAPPER_H_
 #define NET_PROXY_PROXY_RESOLVER_V8_TRACING_WRAPPER_H_
 
+#include <memory>
+
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 #include "net/proxy/proxy_resolver.h"
 #include "net/proxy/proxy_resolver_factory.h"
@@ -32,29 +33,29 @@ class NET_EXPORT ProxyResolverFactoryV8TracingWrapper
   ProxyResolverFactoryV8TracingWrapper(
       HostResolver* host_resolver,
       NetLog* net_log,
-      const base::Callback<scoped_ptr<ProxyResolverErrorObserver>()>&
+      const base::Callback<std::unique_ptr<ProxyResolverErrorObserver>()>&
           error_observer_factory);
   ~ProxyResolverFactoryV8TracingWrapper() override;
 
   // ProxyResolverFactory override.
   int CreateProxyResolver(
       const scoped_refptr<ProxyResolverScriptData>& pac_script,
-      scoped_ptr<ProxyResolver>* resolver,
+      std::unique_ptr<ProxyResolver>* resolver,
       const CompletionCallback& callback,
-      scoped_ptr<Request>* request) override;
+      std::unique_ptr<Request>* request) override;
 
  private:
   void OnProxyResolverCreated(
-      scoped_ptr<scoped_ptr<ProxyResolverV8Tracing>> v8_resolver,
-      scoped_ptr<ProxyResolver>* resolver,
+      std::unique_ptr<std::unique_ptr<ProxyResolverV8Tracing>> v8_resolver,
+      std::unique_ptr<ProxyResolver>* resolver,
       const CompletionCallback& callback,
-      scoped_ptr<ProxyResolverErrorObserver> error_observer,
+      std::unique_ptr<ProxyResolverErrorObserver> error_observer,
       int error);
 
-  scoped_ptr<ProxyResolverV8TracingFactory> factory_impl_;
+  std::unique_ptr<ProxyResolverV8TracingFactory> factory_impl_;
   HostResolver* const host_resolver_;
   NetLog* const net_log_;
-  const base::Callback<scoped_ptr<ProxyResolverErrorObserver>()>
+  const base::Callback<std::unique_ptr<ProxyResolverErrorObserver>()>
       error_observer_factory_;
 
   DISALLOW_COPY_AND_ASSIGN(ProxyResolverFactoryV8TracingWrapper);
diff --git a/chromium/net/proxy/proxy_resolver_v8_tracing_wrapper_unittest.cc b/chromium/net/proxy/proxy_resolver_v8_tracing_wrapper_unittest.cc
index 946d4bf47a3..6dcc8283ac3 100644
--- a/chromium/net/proxy/proxy_resolver_v8_tracing_wrapper_unittest.cc
+++ b/chromium/net/proxy/proxy_resolver_v8_tracing_wrapper_unittest.cc
@@ -7,6 +7,7 @@
 #include <string>
 
 #include "base/files/file_util.h"
+#include "base/memory/ptr_util.h"
 #include "base/message_loop/message_loop.h"
 #include "base/path_service.h"
 #include "base/stl_util.h"
@@ -63,22 +64,22 @@ scoped_refptr<ProxyResolverScriptData> LoadScriptData(const char* filename) {
   return ProxyResolverScriptData::FromUTF8(file_contents);
 }
 
-scoped_ptr<ProxyResolverErrorObserver> ReturnErrorObserver(
-    scoped_ptr<ProxyResolverErrorObserver> error_observer) {
+std::unique_ptr<ProxyResolverErrorObserver> ReturnErrorObserver(
+    std::unique_ptr<ProxyResolverErrorObserver> error_observer) {
   return error_observer;
 }
 
-scoped_ptr<ProxyResolver> CreateResolver(
+std::unique_ptr<ProxyResolver> CreateResolver(
     NetLog* net_log,
     HostResolver* host_resolver,
-    scoped_ptr<ProxyResolverErrorObserver> error_observer,
+    std::unique_ptr<ProxyResolverErrorObserver> error_observer,
     const char* filename) {
-  scoped_ptr<ProxyResolver> resolver;
+  std::unique_ptr<ProxyResolver> resolver;
   ProxyResolverFactoryV8TracingWrapper factory(
       host_resolver, net_log,
       base::Bind(&ReturnErrorObserver, base::Passed(&error_observer)));
   TestCompletionCallback callback;
-  scoped_ptr<ProxyResolverFactory::Request> request;
+  std::unique_ptr<ProxyResolverFactory::Request> request;
   int rv = factory.CreateProxyResolver(LoadScriptData(filename), &resolver,
                                        callback.callback(), &request);
   EXPECT_EQ(ERR_IO_PENDING, rv);
@@ -122,8 +123,8 @@ TEST_F(ProxyResolverV8TracingWrapperTest, Simple) {
   MockCachingHostResolver host_resolver;
   MockErrorObserver* error_observer = new MockErrorObserver;
 
-  scoped_ptr<ProxyResolver> resolver = CreateResolver(
-      &log, &host_resolver, make_scoped_ptr(error_observer), "simple.js");
+  std::unique_ptr<ProxyResolver> resolver = CreateResolver(
+      &log, &host_resolver, base::WrapUnique(error_observer), "simple.js");
 
   TestCompletionCallback callback;
   ProxyInfo proxy_info;
@@ -153,8 +154,8 @@ TEST_F(ProxyResolverV8TracingWrapperTest, JavascriptError) {
   MockCachingHostResolver host_resolver;
   MockErrorObserver* error_observer = new MockErrorObserver;
 
-  scoped_ptr<ProxyResolver> resolver = CreateResolver(
-      &log, &host_resolver, make_scoped_ptr(error_observer), "error.js");
+  std::unique_ptr<ProxyResolver> resolver = CreateResolver(
+      &log, &host_resolver, base::WrapUnique(error_observer), "error.js");
 
   TestCompletionCallback callback;
   ProxyInfo proxy_info;
@@ -201,8 +202,8 @@ TEST_F(ProxyResolverV8TracingWrapperTest, TooManyAlerts) {
   MockCachingHostResolver host_resolver;
   MockErrorObserver* error_observer = new MockErrorObserver;
 
-  scoped_ptr<ProxyResolver> resolver =
-      CreateResolver(&log, &host_resolver, make_scoped_ptr(error_observer),
+  std::unique_ptr<ProxyResolver> resolver =
+      CreateResolver(&log, &host_resolver, base::WrapUnique(error_observer),
                      "too_many_alerts.js");
 
   TestCompletionCallback callback;
@@ -249,8 +250,8 @@ TEST_F(ProxyResolverV8TracingWrapperTest, TooManyEmptyAlerts) {
   MockCachingHostResolver host_resolver;
   MockErrorObserver* error_observer = new MockErrorObserver;
 
-  scoped_ptr<ProxyResolver> resolver =
-      CreateResolver(&log, &host_resolver, make_scoped_ptr(error_observer),
+  std::unique_ptr<ProxyResolver> resolver =
+      CreateResolver(&log, &host_resolver, base::WrapUnique(error_observer),
                      "too_many_empty_alerts.js");
 
   TestCompletionCallback callback;
@@ -307,8 +308,8 @@ TEST_F(ProxyResolverV8TracingWrapperTest, Dns) {
                                                  "122.133.144.155");
   host_resolver.rules()->AddRule("*", "133.122.100.200");
 
-  scoped_ptr<ProxyResolver> resolver = CreateResolver(
-      &log, &host_resolver, make_scoped_ptr(error_observer), "dns.js");
+  std::unique_ptr<ProxyResolver> resolver = CreateResolver(
+      &log, &host_resolver, base::WrapUnique(error_observer), "dns.js");
 
   TestCompletionCallback callback;
   ProxyInfo proxy_info;
@@ -371,8 +372,8 @@ TEST_F(ProxyResolverV8TracingWrapperTest, DnsChecksCache) {
   host_resolver.rules()->AddRule("foopy", "166.155.144.11");
   host_resolver.rules()->AddRule("*", "122.133.144.155");
 
-  scoped_ptr<ProxyResolver> resolver = CreateResolver(
-      &log, &host_resolver, make_scoped_ptr(error_observer), "simple_dns.js");
+  std::unique_ptr<ProxyResolver> resolver = CreateResolver(
+      &log, &host_resolver, base::WrapUnique(error_observer), "simple_dns.js");
 
   TestCompletionCallback callback1;
   TestCompletionCallback callback2;
@@ -423,8 +424,8 @@ TEST_F(ProxyResolverV8TracingWrapperTest, FallBackToSynchronous1) {
   host_resolver.rules()->AddRule("crazy4", "133.199.111.4");
   host_resolver.rules()->AddRule("*", "122.133.144.155");
 
-  scoped_ptr<ProxyResolver> resolver =
-      CreateResolver(&log, &host_resolver, make_scoped_ptr(error_observer),
+  std::unique_ptr<ProxyResolver> resolver =
+      CreateResolver(&log, &host_resolver, base::WrapUnique(error_observer),
                      "global_sideffects1.js");
 
   TestCompletionCallback callback;
@@ -477,8 +478,8 @@ TEST_F(ProxyResolverV8TracingWrapperTest, FallBackToSynchronous2) {
   host_resolver.rules()->AddRule("host4", "166.155.144.44");
   host_resolver.rules()->AddRule("*", "122.133.144.155");
 
-  scoped_ptr<ProxyResolver> resolver =
-      CreateResolver(&log, &host_resolver, make_scoped_ptr(error_observer),
+  std::unique_ptr<ProxyResolver> resolver =
+      CreateResolver(&log, &host_resolver, base::WrapUnique(error_observer),
                      "global_sideffects2.js");
 
   TestCompletionCallback callback;
@@ -515,8 +516,8 @@ TEST_F(ProxyResolverV8TracingWrapperTest, InfiniteDNSSequence) {
   host_resolver.rules()->AddRule("host*", "166.155.144.11");
   host_resolver.rules()->AddRule("*", "122.133.144.155");
 
-  scoped_ptr<ProxyResolver> resolver =
-      CreateResolver(&log, &host_resolver, make_scoped_ptr(error_observer),
+  std::unique_ptr<ProxyResolver> resolver =
+      CreateResolver(&log, &host_resolver, base::WrapUnique(error_observer),
                      "global_sideffects3.js");
 
   TestCompletionCallback callback;
@@ -560,8 +561,8 @@ TEST_F(ProxyResolverV8TracingWrapperTest, InfiniteDNSSequence2) {
   host_resolver.rules()->AddRule("host*", "166.155.144.11");
   host_resolver.rules()->AddRule("*", "122.133.144.155");
 
-  scoped_ptr<ProxyResolver> resolver =
-      CreateResolver(&log, &host_resolver, make_scoped_ptr(error_observer),
+  std::unique_ptr<ProxyResolver> resolver =
+      CreateResolver(&log, &host_resolver, base::WrapUnique(error_observer),
                      "global_sideffects4.js");
 
   TestCompletionCallback callback;
@@ -595,8 +596,8 @@ void DnsDuringInitHelper(bool synchronous_host_resolver) {
   host_resolver.rules()->AddRule("host1", "91.13.12.1");
   host_resolver.rules()->AddRule("host2", "91.13.12.2");
 
-  scoped_ptr<ProxyResolver> resolver =
-      CreateResolver(&log, &host_resolver, make_scoped_ptr(error_observer),
+  std::unique_ptr<ProxyResolver> resolver =
+      CreateResolver(&log, &host_resolver, base::WrapUnique(error_observer),
                      "dns_during_init.js");
 
   // Initialization did 2 dnsResolves.
@@ -662,8 +663,8 @@ TEST_F(ProxyResolverV8TracingWrapperTest, CancelAll) {
 
   host_resolver.rules()->AddSimulatedFailure("*");
 
-  scoped_ptr<ProxyResolver> resolver = CreateResolver(
-      nullptr, &host_resolver, make_scoped_ptr(error_observer), "dns.js");
+  std::unique_ptr<ProxyResolver> resolver = CreateResolver(
+      nullptr, &host_resolver, base::WrapUnique(error_observer), "dns.js");
 
   const size_t kNumRequests = 5;
   ProxyInfo proxy_info[kNumRequests];
@@ -690,8 +691,8 @@ TEST_F(ProxyResolverV8TracingWrapperTest, CancelSome) {
 
   host_resolver.rules()->AddSimulatedFailure("*");
 
-  scoped_ptr<ProxyResolver> resolver = CreateResolver(
-      nullptr, &host_resolver, make_scoped_ptr(error_observer), "dns.js");
+  std::unique_ptr<ProxyResolver> resolver = CreateResolver(
+      nullptr, &host_resolver, base::WrapUnique(error_observer), "dns.js");
 
   ProxyInfo proxy_info1;
   ProxyInfo proxy_info2;
@@ -721,8 +722,8 @@ TEST_F(ProxyResolverV8TracingWrapperTest, CancelWhilePendingCompletionTask) {
 
   host_resolver.rules()->AddSimulatedFailure("*");
 
-  scoped_ptr<ProxyResolver> resolver = CreateResolver(
-      nullptr, &host_resolver, make_scoped_ptr(error_observer), "error.js");
+  std::unique_ptr<ProxyResolver> resolver = CreateResolver(
+      nullptr, &host_resolver, base::WrapUnique(error_observer), "error.js");
 
   ProxyInfo proxy_info1;
   ProxyInfo proxy_info2;
@@ -823,8 +824,8 @@ TEST_F(ProxyResolverV8TracingWrapperTest,
   BlockableHostResolver host_resolver;
   MockErrorObserver* error_observer = new MockErrorObserver;
 
-  scoped_ptr<ProxyResolver> resolver = CreateResolver(
-      nullptr, &host_resolver, make_scoped_ptr(error_observer), "dns.js");
+  std::unique_ptr<ProxyResolver> resolver = CreateResolver(
+      nullptr, &host_resolver, base::WrapUnique(error_observer), "dns.js");
 
   ProxyInfo proxy_info1;
   ProxyInfo proxy_info2;
@@ -874,8 +875,8 @@ TEST_F(ProxyResolverV8TracingWrapperTest, CancelWhileBlockedInNonBlockingDns) {
   BlockableHostResolver host_resolver;
   MockErrorObserver* error_observer = new MockErrorObserver;
 
-  scoped_ptr<ProxyResolver> resolver = CreateResolver(
-      nullptr, &host_resolver, make_scoped_ptr(error_observer), "dns.js");
+  std::unique_ptr<ProxyResolver> resolver = CreateResolver(
+      nullptr, &host_resolver, base::WrapUnique(error_observer), "dns.js");
 
   ProxyInfo proxy_info;
   ProxyResolver::RequestHandle request;
@@ -898,8 +899,8 @@ TEST_F(ProxyResolverV8TracingWrapperTest, CancelWhileBlockedInNonBlockingDns2) {
   MockCachingHostResolver host_resolver;
   MockErrorObserver* error_observer = new MockErrorObserver;
 
-  scoped_ptr<ProxyResolver> resolver = CreateResolver(
-      nullptr, &host_resolver, make_scoped_ptr(error_observer), "dns.js");
+  std::unique_ptr<ProxyResolver> resolver = CreateResolver(
+      nullptr, &host_resolver, base::WrapUnique(error_observer), "dns.js");
 
   ProxyInfo proxy_info;
   ProxyResolver::RequestHandle request;
@@ -927,10 +928,10 @@ TEST_F(ProxyResolverV8TracingWrapperTest,
   ProxyResolverFactoryV8TracingWrapper factory(
       &host_resolver, nullptr,
       base::Bind(&ReturnErrorObserver,
-                 base::Passed(make_scoped_ptr(error_observer))));
+                 base::Passed(base::WrapUnique(error_observer))));
 
-  scoped_ptr<ProxyResolver> resolver;
-  scoped_ptr<ProxyResolverFactory::Request> request;
+  std::unique_ptr<ProxyResolver> resolver;
+  std::unique_ptr<ProxyResolverFactory::Request> request;
   int rv = factory.CreateProxyResolver(LoadScriptData("dns_during_init.js"),
                                        &resolver, base::Bind(&CrashCallback),
                                        &request);
@@ -947,13 +948,13 @@ TEST_F(ProxyResolverV8TracingWrapperTest,
   BlockableHostResolver host_resolver;
   MockErrorObserver* error_observer = new MockErrorObserver;
 
-  scoped_ptr<ProxyResolver> resolver;
-  scoped_ptr<ProxyResolverFactory::Request> request;
+  std::unique_ptr<ProxyResolver> resolver;
+  std::unique_ptr<ProxyResolverFactory::Request> request;
   {
     ProxyResolverFactoryV8TracingWrapper factory(
         &host_resolver, nullptr,
         base::Bind(&ReturnErrorObserver,
-                   base::Passed(make_scoped_ptr(error_observer))));
+                   base::Passed(base::WrapUnique(error_observer))));
 
     int rv = factory.CreateProxyResolver(LoadScriptData("dns_during_init.js"),
                                          &resolver, base::Bind(&CrashCallback),
@@ -971,10 +972,10 @@ TEST_F(ProxyResolverV8TracingWrapperTest, ErrorLoadingScript) {
   ProxyResolverFactoryV8TracingWrapper factory(
       &host_resolver, nullptr,
       base::Bind(&ReturnErrorObserver,
-                 base::Passed(make_scoped_ptr(error_observer))));
+                 base::Passed(base::WrapUnique(error_observer))));
 
-  scoped_ptr<ProxyResolver> resolver;
-  scoped_ptr<ProxyResolverFactory::Request> request;
+  std::unique_ptr<ProxyResolver> resolver;
+  std::unique_ptr<ProxyResolverFactory::Request> request;
   TestCompletionCallback callback;
   int rv =
       factory.CreateProxyResolver(LoadScriptData("error_on_load.js"), &resolver,
@@ -995,8 +996,8 @@ TEST_F(ProxyResolverV8TracingWrapperTest, Terminate) {
   host_resolver.rules()->AddRule("host1", "182.111.0.222");
   host_resolver.rules()->AddRule("host2", "111.33.44.55");
 
-  scoped_ptr<ProxyResolver> resolver = CreateResolver(
-      &log, &host_resolver, make_scoped_ptr(error_observer), "terminate.js");
+  std::unique_ptr<ProxyResolver> resolver = CreateResolver(
+      &log, &host_resolver, base::WrapUnique(error_observer), "terminate.js");
 
   TestCompletionCallback callback;
   ProxyInfo proxy_info;
@@ -1041,32 +1042,32 @@ TEST_F(ProxyResolverV8TracingWrapperTest, MultipleResolvers) {
   host_resolver0.rules()->AddRuleForAddressFamily("*", ADDRESS_FAMILY_IPV4,
                                                   "122.133.144.155");
   host_resolver0.rules()->AddRule("*", "133.122.100.200");
-  scoped_ptr<ProxyResolver> resolver0 =
+  std::unique_ptr<ProxyResolver> resolver0 =
       CreateResolver(nullptr, &host_resolver0,
-                     make_scoped_ptr(new MockErrorObserver), "dns.js");
+                     base::WrapUnique(new MockErrorObserver), "dns.js");
 
   // ------------------------
   // Setup resolver1
   // ------------------------
-  scoped_ptr<ProxyResolver> resolver1 =
+  std::unique_ptr<ProxyResolver> resolver1 =
       CreateResolver(nullptr, &host_resolver0,
-                     make_scoped_ptr(new MockErrorObserver), "dns.js");
+                     base::WrapUnique(new MockErrorObserver), "dns.js");
 
   // ------------------------
   // Setup resolver2
   // ------------------------
-  scoped_ptr<ProxyResolver> resolver2 =
+  std::unique_ptr<ProxyResolver> resolver2 =
       CreateResolver(nullptr, &host_resolver0,
-                     make_scoped_ptr(new MockErrorObserver), "simple.js");
+                     base::WrapUnique(new MockErrorObserver), "simple.js");
 
   // ------------------------
   // Setup resolver3
   // ------------------------
   MockHostResolver host_resolver3;
   host_resolver3.rules()->AddRule("foo", "166.155.144.33");
-  scoped_ptr<ProxyResolver> resolver3 =
+  std::unique_ptr<ProxyResolver> resolver3 =
       CreateResolver(nullptr, &host_resolver3,
-                     make_scoped_ptr(new MockErrorObserver), "simple_dns.js");
+                     base::WrapUnique(new MockErrorObserver), "simple_dns.js");
 
   // ------------------------
   // Queue up work for each resolver (which will be running in parallel).
diff --git a/chromium/net/proxy/proxy_resolver_v8_unittest.cc b/chromium/net/proxy/proxy_resolver_v8_unittest.cc
index 983a1b03a86..93243e6794d 100644
--- a/chromium/net/proxy/proxy_resolver_v8_unittest.cc
+++ b/chromium/net/proxy/proxy_resolver_v8_unittest.cc
@@ -132,7 +132,7 @@ class ProxyResolverV8Test : public testing::Test {
 
  private:
   MockJSBindings js_bindings_;
-  scoped_ptr<ProxyResolverV8> resolver_;
+  std::unique_ptr<ProxyResolverV8> resolver_;
 };
 
 // Doesn't really matter what these values are for many of the tests.
diff --git a/chromium/net/proxy/proxy_resolver_winhttp.cc b/chromium/net/proxy/proxy_resolver_winhttp.cc
index ee16ef8c237..b1d3ce356d2 100644
--- a/chromium/net/proxy/proxy_resolver_winhttp.cc
+++ b/chromium/net/proxy/proxy_resolver_winhttp.cc
@@ -218,9 +218,9 @@ ProxyResolverFactoryWinHttp::ProxyResolverFactoryWinHttp()
 
 int ProxyResolverFactoryWinHttp::CreateProxyResolver(
     const scoped_refptr<ProxyResolverScriptData>& pac_script,
-    scoped_ptr<ProxyResolver>* resolver,
+    std::unique_ptr<ProxyResolver>* resolver,
     const CompletionCallback& callback,
-    scoped_ptr<Request>* request) {
+    std::unique_ptr<Request>* request) {
   resolver->reset(new ProxyResolverWinHttp(pac_script));
   return OK;
 }
diff --git a/chromium/net/proxy/proxy_resolver_winhttp.h b/chromium/net/proxy/proxy_resolver_winhttp.h
index c6e8ac5ebdb..89c8b13350c 100644
--- a/chromium/net/proxy/proxy_resolver_winhttp.h
+++ b/chromium/net/proxy/proxy_resolver_winhttp.h
@@ -22,9 +22,9 @@ class NET_EXPORT_PRIVATE ProxyResolverFactoryWinHttp
 
   int CreateProxyResolver(
       const scoped_refptr<ProxyResolverScriptData>& pac_script,
-      scoped_ptr<ProxyResolver>* resolver,
+      std::unique_ptr<ProxyResolver>* resolver,
       const CompletionCallback& callback,
-      scoped_ptr<Request>* request) override;
+      std::unique_ptr<Request>* request) override;
 
  private:
   DISALLOW_COPY_AND_ASSIGN(ProxyResolverFactoryWinHttp);
diff --git a/chromium/net/proxy/proxy_script_decider.cc b/chromium/net/proxy/proxy_script_decider.cc
index d131725cc8f..7695b4cbc36 100644
--- a/chromium/net/proxy/proxy_script_decider.cc
+++ b/chromium/net/proxy/proxy_script_decider.cc
@@ -55,10 +55,10 @@ const char kWpadUrl[] = "http://wpad/wpad.dat";
 const int kQuickCheckDelayMs = 1000;
 };
 
-scoped_ptr<base::Value> ProxyScriptDecider::PacSource::NetLogCallback(
+std::unique_ptr<base::Value> ProxyScriptDecider::PacSource::NetLogCallback(
     const GURL* effective_pac_url,
     NetLogCaptureMode /* capture_mode */) const {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   std::string source;
   switch (type) {
     case PacSource::WPAD_DHCP:
diff --git a/chromium/net/proxy/proxy_script_decider.h b/chromium/net/proxy/proxy_script_decider.h
index 60cb24b0806..e405acf460b 100644
--- a/chromium/net/proxy/proxy_script_decider.h
+++ b/chromium/net/proxy/proxy_script_decider.h
@@ -103,7 +103,7 @@ class NET_EXPORT_PRIVATE ProxyScriptDecider {
     // Returns a Value representing the PacSource.  |effective_pac_url| must
     // be non-NULL and point to the URL derived from information contained in
     // |this|, if Type is not WPAD_DHCP.
-    scoped_ptr<base::Value> NetLogCallback(
+    std::unique_ptr<base::Value> NetLogCallback(
         const GURL* effective_pac_url,
         NetLogCaptureMode capture_mode) const;
 
@@ -199,7 +199,7 @@ class NET_EXPORT_PRIVATE ProxyScriptDecider {
 
   AddressList wpad_addresses_;
   base::OneShotTimer quick_check_timer_;
-  scoped_ptr<SingleRequestHostResolver> host_resolver_;
+  std::unique_ptr<SingleRequestHostResolver> host_resolver_;
   base::Time quick_check_start_time_;
 
   DISALLOW_COPY_AND_ASSIGN(ProxyScriptDecider);
diff --git a/chromium/net/proxy/proxy_script_decider_unittest.cc b/chromium/net/proxy/proxy_script_decider_unittest.cc
index 33e8aa505d7..f4eb33d2344 100644
--- a/chromium/net/proxy/proxy_script_decider_unittest.cc
+++ b/chromium/net/proxy/proxy_script_decider_unittest.cc
@@ -13,7 +13,7 @@
 #include "base/single_thread_task_runner.h"
 #include "base/strings/string_util.h"
 #include "base/strings/utf_string_conversions.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/time/time.h"
 #include "net/base/net_errors.h"
 #include "net/base/test_completion_callback.h"
@@ -235,7 +235,7 @@ TEST(ProxyScriptDeciderTest, CustomPacFails1) {
   EXPECT_EQ(kFailedDownloading,
             decider.Start(config, base::TimeDelta(), true,
                           callback.callback()));
-  EXPECT_EQ(nullptr, decider.script_data());
+  EXPECT_FALSE(decider.script_data());
 
   // Check the NetLog was filled correctly.
   TestNetLogEntry::List entries;
@@ -270,7 +270,7 @@ TEST(ProxyScriptDeciderTest, CustomPacFails2) {
   EXPECT_EQ(kFailedParsing,
             decider.Start(config, base::TimeDelta(), true,
                           callback.callback()));
-  EXPECT_EQ(nullptr, decider.script_data());
+  EXPECT_FALSE(decider.script_data());
 }
 
 // Fail downloading the custom PAC script, because the fetcher was NULL.
@@ -286,7 +286,7 @@ TEST(ProxyScriptDeciderTest, HasNullProxyScriptFetcher) {
   EXPECT_EQ(ERR_UNEXPECTED,
             decider.Start(config, base::TimeDelta(), true,
                           callback.callback()));
-  EXPECT_EQ(nullptr, decider.script_data());
+  EXPECT_FALSE(decider.script_data());
 }
 
 // Succeeds in choosing autodetect (WPAD DNS).
@@ -329,7 +329,7 @@ class ProxyScriptDeciderQuickCheckTest : public ::testing::Test {
   }
 
  protected:
-  scoped_ptr<ProxyScriptDecider> decider_;
+  std::unique_ptr<ProxyScriptDecider> decider_;
   MockHostResolver resolver_;
   Rules rules_;
   Rules::Rule rule_;
@@ -550,7 +550,7 @@ TEST(ProxyScriptDeciderTest, AutodetectFailCustomFails1) {
   EXPECT_EQ(kFailedDownloading,
             decider.Start(config, base::TimeDelta(), true,
                           callback.callback()));
-  EXPECT_EQ(nullptr, decider.script_data());
+  EXPECT_FALSE(decider.script_data());
 }
 
 // Fails at WPAD (downloading), and fails at custom PAC (parsing).
@@ -571,7 +571,7 @@ TEST(ProxyScriptDeciderTest, AutodetectFailCustomFails2) {
   EXPECT_EQ(kFailedParsing,
             decider.Start(config, base::TimeDelta(), true,
                           callback.callback()));
-  EXPECT_EQ(nullptr, decider.script_data());
+  EXPECT_FALSE(decider.script_data());
 }
 
 // This is a copy-paste of CustomPacFails1, with the exception that we give it
@@ -595,7 +595,7 @@ TEST(ProxyScriptDeciderTest, CustomPacFails1_WithPositiveDelay) {
                       true, callback.callback()));
 
   EXPECT_EQ(kFailedDownloading, callback.WaitForResult());
-  EXPECT_EQ(nullptr, decider.script_data());
+  EXPECT_FALSE(decider.script_data());
 
   // Check the NetLog was filled correctly.
   TestNetLogEntry::List entries;
@@ -635,7 +635,7 @@ TEST(ProxyScriptDeciderTest, CustomPacFails1_WithNegativeDelay) {
   EXPECT_EQ(kFailedDownloading,
             decider.Start(config, base::TimeDelta::FromSeconds(-5),
                           true, callback.callback()));
-  EXPECT_EQ(nullptr, decider.script_data());
+  EXPECT_FALSE(decider.script_data());
 
   // Check the NetLog was filled correctly.
   TestNetLogEntry::List entries;
@@ -725,7 +725,7 @@ TEST(ProxyScriptDeciderTest, AutodetectDhcpFailParse) {
   // it failed downloading, not that it failed parsing.
   EXPECT_EQ(kFailedDownloading,
       decider.Start(config, base::TimeDelta(), true, callback.callback()));
-  EXPECT_EQ(nullptr, decider.script_data());
+  EXPECT_FALSE(decider.script_data());
 
   EXPECT_FALSE(decider.effective_config().has_pac_url());
 }
@@ -768,7 +768,8 @@ TEST(ProxyScriptDeciderTest, DhcpCancelledByDestructor) {
   Rules rules;
   RuleBasedProxyScriptFetcher fetcher(&rules);
 
-  scoped_ptr<AsyncFailDhcpFetcher> dhcp_fetcher(new AsyncFailDhcpFetcher());
+  std::unique_ptr<AsyncFailDhcpFetcher> dhcp_fetcher(
+      new AsyncFailDhcpFetcher());
 
   ProxyConfig config;
   config.set_auto_detect(true);
diff --git a/chromium/net/proxy/proxy_script_fetcher_impl.cc b/chromium/net/proxy/proxy_script_fetcher_impl.cc
index 8f728f790f8..150614a55cd 100644
--- a/chromium/net/proxy/proxy_script_fetcher_impl.cc
+++ b/chromium/net/proxy/proxy_script_fetcher_impl.cc
@@ -10,7 +10,7 @@
 #include "base/metrics/histogram.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/string_util.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/data_url.h"
 #include "net/base/io_buffer.h"
 #include "net/base/load_flags.h"
diff --git a/chromium/net/proxy/proxy_script_fetcher_impl.h b/chromium/net/proxy/proxy_script_fetcher_impl.h
index fe0bf33d772..0ece5b8fbae 100644
--- a/chromium/net/proxy/proxy_script_fetcher_impl.h
+++ b/chromium/net/proxy/proxy_script_fetcher_impl.h
@@ -7,12 +7,12 @@
 
 #include <stddef.h>
 
+#include <memory>
 #include <string>
 
 #include "base/compiler_specific.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "base/strings/string16.h"
 #include "base/time/time.h"
@@ -92,7 +92,7 @@ class NET_EXPORT ProxyScriptFetcherImpl : public ProxyScriptFetcher,
   int next_id_;
 
   // The current (in progress) request, or NULL.
-  scoped_ptr<URLRequest> cur_request_;
+  std::unique_ptr<URLRequest> cur_request_;
 
   // State for current request (only valid when |cur_request_| is not NULL):
 
diff --git a/chromium/net/proxy/proxy_script_fetcher_impl_unittest.cc b/chromium/net/proxy/proxy_script_fetcher_impl_unittest.cc
index a230ab34ae8..2789a218f35 100644
--- a/chromium/net/proxy/proxy_script_fetcher_impl_unittest.cc
+++ b/chromium/net/proxy/proxy_script_fetcher_impl_unittest.cc
@@ -10,10 +10,11 @@
 #include "base/compiler_specific.h"
 #include "base/files/file_path.h"
 #include "base/macros.h"
+#include "base/memory/ptr_util.h"
 #include "base/path_service.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/utf_string_conversions.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/filename_util.h"
 #include "net/base/load_flags.h"
 #include "net/base/network_delegate_impl.h"
@@ -62,14 +63,15 @@ class RequestContext : public URLRequestContext {
  public:
   RequestContext() : storage_(this) {
     ProxyConfig no_proxy;
-    storage_.set_host_resolver(scoped_ptr<HostResolver>(new MockHostResolver));
-    storage_.set_cert_verifier(make_scoped_ptr(new MockCertVerifier));
+    storage_.set_host_resolver(
+        std::unique_ptr<HostResolver>(new MockHostResolver));
+    storage_.set_cert_verifier(base::WrapUnique(new MockCertVerifier));
     storage_.set_transport_security_state(
-        make_scoped_ptr(new TransportSecurityState));
+        base::WrapUnique(new TransportSecurityState));
     storage_.set_proxy_service(ProxyService::CreateFixed(no_proxy));
     storage_.set_ssl_config_service(new SSLConfigServiceDefaults);
     storage_.set_http_server_properties(
-        scoped_ptr<HttpServerProperties>(new HttpServerPropertiesImpl()));
+        std::unique_ptr<HttpServerProperties>(new HttpServerPropertiesImpl()));
 
     HttpNetworkSession::Params params;
     params.host_resolver = host_resolver();
@@ -79,15 +81,15 @@ class RequestContext : public URLRequestContext {
     params.ssl_config_service = ssl_config_service();
     params.http_server_properties = http_server_properties();
     storage_.set_http_network_session(
-        make_scoped_ptr(new HttpNetworkSession(params)));
-    storage_.set_http_transaction_factory(make_scoped_ptr(
+        base::WrapUnique(new HttpNetworkSession(params)));
+    storage_.set_http_transaction_factory(base::WrapUnique(
         new HttpCache(storage_.http_network_session(),
                       HttpCache::DefaultBackend::InMemory(0), false)));
-    scoped_ptr<URLRequestJobFactoryImpl> job_factory =
-        make_scoped_ptr(new URLRequestJobFactoryImpl());
+    std::unique_ptr<URLRequestJobFactoryImpl> job_factory =
+        base::WrapUnique(new URLRequestJobFactoryImpl());
 #if !defined(DISABLE_FILE_SUPPORT)
     job_factory->SetProtocolHandler("file",
-                                    make_scoped_ptr(new FileProtocolHandler(
+                                    base::WrapUnique(new FileProtocolHandler(
                                         base::ThreadTaskRunnerHandle::Get())));
 #endif
     storage_.set_job_factory(std::move(job_factory));
diff --git a/chromium/net/proxy/proxy_service.cc b/chromium/net/proxy/proxy_service.cc
index 01bc3bb25db..403b52cc275 100644
--- a/chromium/net/proxy/proxy_service.cc
+++ b/chromium/net/proxy/proxy_service.cc
@@ -14,12 +14,13 @@
 #include "base/location.h"
 #include "base/logging.h"
 #include "base/macros.h"
+#include "base/memory/ptr_util.h"
 #include "base/memory/weak_ptr.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/metrics/sparse_histogram.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/string_util.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/time/time.h"
 #include "base/values.h"
 #include "net/base/completion_callback.h"
@@ -233,11 +234,11 @@ class ProxyResolverFactoryForSystem : public MultiThreadedProxyResolverFactory {
       : MultiThreadedProxyResolverFactory(max_num_threads,
                                           false /*expects_pac_bytes*/) {}
 
-  scoped_ptr<ProxyResolverFactory> CreateProxyResolverFactory() override {
+  std::unique_ptr<ProxyResolverFactory> CreateProxyResolverFactory() override {
 #if defined(OS_WIN)
-    return make_scoped_ptr(new ProxyResolverFactoryWinHttp());
+    return base::WrapUnique(new ProxyResolverFactoryWinHttp());
 #elif defined(OS_MACOSX)
-    return make_scoped_ptr(new ProxyResolverFactoryMac());
+    return base::WrapUnique(new ProxyResolverFactoryMac());
 #else
     NOTREACHED();
     return NULL;
@@ -263,9 +264,9 @@ class ProxyResolverFactoryForNullResolver : public ProxyResolverFactory {
   // ProxyResolverFactory overrides.
   int CreateProxyResolver(
       const scoped_refptr<ProxyResolverScriptData>& pac_script,
-      scoped_ptr<ProxyResolver>* resolver,
+      std::unique_ptr<ProxyResolver>* resolver,
       const net::CompletionCallback& callback,
-      scoped_ptr<Request>* request) override {
+      std::unique_ptr<Request>* request) override {
     resolver->reset(new ProxyResolverNull());
     return OK;
   }
@@ -282,9 +283,9 @@ class ProxyResolverFactoryForPacResult : public ProxyResolverFactory {
   // ProxyResolverFactory override.
   int CreateProxyResolver(
       const scoped_refptr<ProxyResolverScriptData>& pac_script,
-      scoped_ptr<ProxyResolver>* resolver,
+      std::unique_ptr<ProxyResolver>* resolver,
       const net::CompletionCallback& callback,
-      scoped_ptr<Request>* request) override {
+      std::unique_ptr<Request>* request) override {
     resolver->reset(new ProxyResolverFromPacString(pac_string_));
     return OK;
   }
@@ -296,11 +297,11 @@ class ProxyResolverFactoryForPacResult : public ProxyResolverFactory {
 };
 
 // Returns NetLog parameters describing a proxy configuration change.
-scoped_ptr<base::Value> NetLogProxyConfigChangedCallback(
+std::unique_ptr<base::Value> NetLogProxyConfigChangedCallback(
     const ProxyConfig* old_config,
     const ProxyConfig* new_config,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   // The "old_config" is optional -- the first notification will not have
   // any "previous" configuration.
   if (old_config->is_valid())
@@ -309,10 +310,10 @@ scoped_ptr<base::Value> NetLogProxyConfigChangedCallback(
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogBadProxyListCallback(
+std::unique_ptr<base::Value> NetLogBadProxyListCallback(
     const ProxyRetryInfoMap* retry_info,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   base::ListValue* list = new base::ListValue();
 
   for (ProxyRetryInfoMap::const_iterator iter = retry_info->begin();
@@ -324,10 +325,10 @@ scoped_ptr<base::Value> NetLogBadProxyListCallback(
 }
 
 // Returns NetLog parameters on a successfuly proxy resolution.
-scoped_ptr<base::Value> NetLogFinishedResolvingProxyCallback(
+std::unique_ptr<base::Value> NetLogFinishedResolvingProxyCallback(
     const ProxyInfo* result,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetString("pac_string", result->ToPacString());
   return std::move(dict);
 }
@@ -346,6 +347,26 @@ class UnsetProxyConfigService : public ProxyConfigService {
 };
 #endif
 
+// Returns a sanitized copy of |url| which is safe to pass on to a PAC script.
+// The method for sanitizing is determined by |policy|. See the comments for
+// that enum for details.
+GURL SanitizeUrl(const GURL& url, ProxyService::SanitizeUrlPolicy policy) {
+  DCHECK(url.is_valid());
+
+  GURL::Replacements replacements;
+  replacements.ClearUsername();
+  replacements.ClearPassword();
+  replacements.ClearRef();
+
+  if (policy == ProxyService::SanitizeUrlPolicy::SAFE &&
+      url.SchemeIsCryptographic()) {
+    replacements.ClearPath();
+    replacements.ClearQuery();
+  }
+
+  return url.ReplaceComponents(replacements);
+}
+
 }  // namespace
 
 // ProxyService::InitProxyResolver --------------------------------------------
@@ -376,7 +397,7 @@ class ProxyService::InitProxyResolver {
   // Begins initializing the proxy resolver; calls |callback| when done. A
   // ProxyResolver instance will be created using |proxy_resolver_factory| and
   // returned via |proxy_resolver| if the final result is OK.
-  int Start(scoped_ptr<ProxyResolver>* proxy_resolver,
+  int Start(std::unique_ptr<ProxyResolver>* proxy_resolver,
             ProxyResolverFactory* proxy_resolver_factory,
             ProxyScriptFetcher* proxy_script_fetcher,
             DhcpProxyScriptFetcher* dhcp_proxy_script_fetcher,
@@ -404,7 +425,7 @@ class ProxyService::InitProxyResolver {
   // inputs for initializing the ProxyResolver. A ProxyResolver instance will
   // be created using |proxy_resolver_factory| and returned via
   // |proxy_resolver| if the final result is OK.
-  int StartSkipDecider(scoped_ptr<ProxyResolver>* proxy_resolver,
+  int StartSkipDecider(std::unique_ptr<ProxyResolver>* proxy_resolver,
                        ProxyResolverFactory* proxy_resolver_factory,
                        const ProxyConfig& effective_config,
                        int decider_result,
@@ -541,10 +562,10 @@ class ProxyService::InitProxyResolver {
   ProxyConfig effective_config_;
   scoped_refptr<ProxyResolverScriptData> script_data_;
   TimeDelta wait_delay_;
-  scoped_ptr<ProxyScriptDecider> decider_;
+  std::unique_ptr<ProxyScriptDecider> decider_;
   ProxyResolverFactory* proxy_resolver_factory_;
-  scoped_ptr<ProxyResolverFactory::Request> create_resolver_request_;
-  scoped_ptr<ProxyResolver>* proxy_resolver_;
+  std::unique_ptr<ProxyResolverFactory::Request> create_resolver_request_;
+  std::unique_ptr<ProxyResolver>* proxy_resolver_;
   CompletionCallback callback_;
   State next_state_;
   bool quick_check_enabled_;
@@ -737,7 +758,7 @@ class ProxyService::ProxyScriptDeciderPoller {
   int last_error_;
   scoped_refptr<ProxyResolverScriptData> last_script_data_;
 
-  scoped_ptr<ProxyScriptDecider> decider_;
+  std::unique_ptr<ProxyScriptDecider> decider_;
   TimeDelta next_poll_delay_;
   PacPollPolicy::Mode next_poll_mode_;
 
@@ -926,24 +947,26 @@ class ProxyService::PacRequest
 
 // ProxyService ---------------------------------------------------------------
 
-ProxyService::ProxyService(scoped_ptr<ProxyConfigService> config_service,
-                           scoped_ptr<ProxyResolverFactory> resolver_factory,
-                           NetLog* net_log)
+ProxyService::ProxyService(
+    std::unique_ptr<ProxyConfigService> config_service,
+    std::unique_ptr<ProxyResolverFactory> resolver_factory,
+    NetLog* net_log)
     : resolver_factory_(std::move(resolver_factory)),
       next_config_id_(1),
       current_state_(STATE_NONE),
       net_log_(net_log),
       stall_proxy_auto_config_delay_(
           TimeDelta::FromMilliseconds(kDelayAfterNetworkChangesMs)),
-      quick_check_enabled_(true) {
+      quick_check_enabled_(true),
+      sanitize_url_policy_(SanitizeUrlPolicy::SAFE) {
   NetworkChangeNotifier::AddIPAddressObserver(this);
   NetworkChangeNotifier::AddDNSObserver(this);
   ResetConfigService(std::move(config_service));
 }
 
 // static
-scoped_ptr<ProxyService> ProxyService::CreateUsingSystemProxyResolver(
-    scoped_ptr<ProxyConfigService> proxy_config_service,
+std::unique_ptr<ProxyService> ProxyService::CreateUsingSystemProxyResolver(
+    std::unique_ptr<ProxyConfigService> proxy_config_service,
     size_t num_pac_threads,
     NetLog* net_log) {
   DCHECK(proxy_config_service);
@@ -956,59 +979,62 @@ scoped_ptr<ProxyService> ProxyService::CreateUsingSystemProxyResolver(
   if (num_pac_threads == 0)
     num_pac_threads = kDefaultNumPacThreads;
 
-  return make_scoped_ptr(new ProxyService(
+  return base::WrapUnique(new ProxyService(
       std::move(proxy_config_service),
-      make_scoped_ptr(new ProxyResolverFactoryForSystem(num_pac_threads)),
+      base::WrapUnique(new ProxyResolverFactoryForSystem(num_pac_threads)),
       net_log));
 }
 
 // static
-scoped_ptr<ProxyService> ProxyService::CreateWithoutProxyResolver(
-    scoped_ptr<ProxyConfigService> proxy_config_service,
+std::unique_ptr<ProxyService> ProxyService::CreateWithoutProxyResolver(
+    std::unique_ptr<ProxyConfigService> proxy_config_service,
     NetLog* net_log) {
-  return make_scoped_ptr(new ProxyService(
+  return base::WrapUnique(new ProxyService(
       std::move(proxy_config_service),
-      make_scoped_ptr(new ProxyResolverFactoryForNullResolver), net_log));
+      base::WrapUnique(new ProxyResolverFactoryForNullResolver), net_log));
 }
 
 // static
-scoped_ptr<ProxyService> ProxyService::CreateFixed(const ProxyConfig& pc) {
+std::unique_ptr<ProxyService> ProxyService::CreateFixed(const ProxyConfig& pc) {
   // TODO(eroman): This isn't quite right, won't work if |pc| specifies
   //               a PAC script.
   return CreateUsingSystemProxyResolver(
-      make_scoped_ptr(new ProxyConfigServiceFixed(pc)), 0, NULL);
+      base::WrapUnique(new ProxyConfigServiceFixed(pc)), 0, NULL);
 }
 
 // static
-scoped_ptr<ProxyService> ProxyService::CreateFixed(const std::string& proxy) {
+std::unique_ptr<ProxyService> ProxyService::CreateFixed(
+    const std::string& proxy) {
   ProxyConfig proxy_config;
   proxy_config.proxy_rules().ParseFromString(proxy);
   return ProxyService::CreateFixed(proxy_config);
 }
 
 // static
-scoped_ptr<ProxyService> ProxyService::CreateDirect() {
+std::unique_ptr<ProxyService> ProxyService::CreateDirect() {
   return CreateDirectWithNetLog(NULL);
 }
 
-scoped_ptr<ProxyService> ProxyService::CreateDirectWithNetLog(NetLog* net_log) {
+std::unique_ptr<ProxyService> ProxyService::CreateDirectWithNetLog(
+    NetLog* net_log) {
   // Use direct connections.
-  return make_scoped_ptr(new ProxyService(
-      make_scoped_ptr(new ProxyConfigServiceDirect),
-      make_scoped_ptr(new ProxyResolverFactoryForNullResolver), net_log));
+  return base::WrapUnique(new ProxyService(
+      base::WrapUnique(new ProxyConfigServiceDirect),
+      base::WrapUnique(new ProxyResolverFactoryForNullResolver), net_log));
 }
 
 // static
-scoped_ptr<ProxyService> ProxyService::CreateFixedFromPacResult(
+std::unique_ptr<ProxyService> ProxyService::CreateFixedFromPacResult(
     const std::string& pac_string) {
   // We need the settings to contain an "automatic" setting, otherwise the
   // ProxyResolver dependency we give it will never be used.
-  scoped_ptr<ProxyConfigService> proxy_config_service(
+  std::unique_ptr<ProxyConfigService> proxy_config_service(
       new ProxyConfigServiceFixed(ProxyConfig::CreateAutoDetect()));
 
-  return make_scoped_ptr(new ProxyService(
+  return base::WrapUnique(new ProxyService(
       std::move(proxy_config_service),
-      make_scoped_ptr(new ProxyResolverFactoryForPacResult(pac_string)), NULL));
+      base::WrapUnique(new ProxyResolverFactoryForPacResult(pac_string)),
+      NULL));
 }
 
 int ProxyService::ResolveProxy(const GURL& raw_url,
@@ -1045,9 +1071,11 @@ int ProxyService::ResolveProxyHelper(const GURL& raw_url,
   if (current_state_ == STATE_NONE)
     ApplyProxyConfigIfAvailable();
 
-  // Strip away any reference fragments and the username/password, as they
-  // are not relevant to proxy resolution.
-  GURL url = SimplifyUrlForRequest(raw_url);
+  // Sanitize the URL before passing it on to the proxy resolver (i.e. PAC
+  // script). The goal is to remove sensitive data (like embedded user names
+  // and password), and local data (i.e. reference fragment) which does not need
+  // to be disclosed to the resolver.
+  GURL url = SanitizeUrl(raw_url, sanitize_url_policy_);
 
   // Check if the request can be completed right away. (This is the case when
   // using a direct connection for example).
@@ -1443,7 +1471,7 @@ int ProxyService::DidFinishResolvingProxy(const GURL& url,
 
 void ProxyService::SetProxyScriptFetchers(
     ProxyScriptFetcher* proxy_script_fetcher,
-    scoped_ptr<DhcpProxyScriptFetcher> dhcp_proxy_script_fetcher) {
+    std::unique_ptr<DhcpProxyScriptFetcher> dhcp_proxy_script_fetcher) {
   DCHECK(CalledOnValidThread());
   State previous_state = ResetProxyConfig(false);
   proxy_script_fetcher_.reset(proxy_script_fetcher);
@@ -1476,7 +1504,7 @@ ProxyService::State ProxyService::ResetProxyConfig(bool reset_fetched_config) {
 }
 
 void ProxyService::ResetConfigService(
-    scoped_ptr<ProxyConfigService> new_proxy_config_service) {
+    std::unique_ptr<ProxyConfigService> new_proxy_config_service) {
   DCHECK(CalledOnValidThread());
   State previous_state = ResetProxyConfig(true);
 
@@ -1499,22 +1527,23 @@ void ProxyService::ForceReloadProxyConfig() {
 }
 
 // static
-scoped_ptr<ProxyConfigService> ProxyService::CreateSystemProxyConfigService(
+std::unique_ptr<ProxyConfigService>
+ProxyService::CreateSystemProxyConfigService(
     const scoped_refptr<base::SingleThreadTaskRunner>& io_task_runner,
     const scoped_refptr<base::SingleThreadTaskRunner>& file_task_runner) {
 #if defined(OS_WIN)
-  return make_scoped_ptr(new ProxyConfigServiceWin());
+  return base::WrapUnique(new ProxyConfigServiceWin());
 #elif defined(OS_IOS)
-  return make_scoped_ptr(new ProxyConfigServiceIOS());
+  return base::WrapUnique(new ProxyConfigServiceIOS());
 #elif defined(OS_MACOSX)
-  return make_scoped_ptr(new ProxyConfigServiceMac(io_task_runner));
+  return base::WrapUnique(new ProxyConfigServiceMac(io_task_runner));
 #elif defined(OS_CHROMEOS)
   LOG(ERROR) << "ProxyConfigService for ChromeOS should be created in "
              << "profile_io_data.cc::CreateProxyConfigService and this should "
              << "be used only for examples.";
-  return make_scoped_ptr(new UnsetProxyConfigService);
+  return base::WrapUnique(new UnsetProxyConfigService);
 #elif defined(OS_LINUX)
-  scoped_ptr<ProxyConfigServiceLinux> linux_config_service(
+  std::unique_ptr<ProxyConfigServiceLinux> linux_config_service(
       new ProxyConfigServiceLinux());
 
   // Assume we got called on the thread that runs the default glib
@@ -1532,12 +1561,12 @@ scoped_ptr<ProxyConfigService> ProxyService::CreateSystemProxyConfigService(
 
   return std::move(linux_config_service);
 #elif defined(OS_ANDROID)
-  return make_scoped_ptr(new ProxyConfigServiceAndroid(
+  return base::WrapUnique(new ProxyConfigServiceAndroid(
       io_task_runner, base::ThreadTaskRunnerHandle::Get()));
 #else
   LOG(WARNING) << "Failed to choose a system proxy settings fetcher "
                   "for this platform.";
-  return make_scoped_ptr(new ProxyConfigServiceDirect());
+  return base::WrapUnique(new ProxyConfigServiceDirect());
 #endif
 }
 
@@ -1548,9 +1577,9 @@ const ProxyService::PacPollPolicy* ProxyService::set_pac_script_poll_policy(
 }
 
 // static
-scoped_ptr<ProxyService::PacPollPolicy>
-  ProxyService::CreateDefaultPacPollPolicy() {
-  return scoped_ptr<PacPollPolicy>(new DefaultPollPolicy());
+std::unique_ptr<ProxyService::PacPollPolicy>
+ProxyService::CreateDefaultPacPollPolicy() {
+  return std::unique_ptr<PacPollPolicy>(new DefaultPollPolicy());
 }
 
 void ProxyService::OnProxyConfigChanged(
diff --git a/chromium/net/proxy/proxy_service.h b/chromium/net/proxy/proxy_service.h
index 8cd707144dd..c00cada4f7e 100644
--- a/chromium/net/proxy/proxy_service.h
+++ b/chromium/net/proxy/proxy_service.h
@@ -7,6 +7,7 @@
 
 #include <stddef.h>
 
+#include <memory>
 #include <set>
 #include <string>
 #include <vector>
@@ -14,7 +15,6 @@
 #include "base/gtest_prod_util.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/synchronization/waitable_event.h"
 #include "base/threading/non_thread_safe.h"
 #include "net/base/completion_callback.h"
@@ -25,6 +25,7 @@
 #include "net/proxy/proxy_config_service.h"
 #include "net/proxy/proxy_info.h"
 #include "net/proxy/proxy_server.h"
+#include "url/gurl.h"
 
 class GURL;
 
@@ -52,6 +53,25 @@ class NET_EXPORT ProxyService : public NetworkChangeNotifier::IPAddressObserver,
                                 public ProxyConfigService::Observer,
                                 NON_EXPORTED_BASE(public base::NonThreadSafe) {
  public:
+  // Enumerates the policy to use when sanitizing URLs for proxy resolution
+  // (before passing them off to PAC scripts).
+  enum class SanitizeUrlPolicy {
+    // Do a basic level of sanitization for URLs:
+    //   - strip embedded identities (ex: "username:password@")
+    //   - strip the fragment (ex: "#blah")
+    //
+    // This is considered "unsafe" because it does not do any additional
+    // stripping for https:// URLs.
+    UNSAFE,
+
+    // SAFE does the same sanitization as UNSAFE, but additionally strips
+    // everything but the (scheme,host,port) from cryptographic URL schemes
+    // (https:// and wss://).
+    //
+    // In other words, it strips the path and query portion of https:// URLs.
+    SAFE,
+  };
+
   static const size_t kDefaultNumPacThreads = 4;
 
   // This interface defines the set of policies for when to poll the PAC
@@ -97,8 +117,8 @@ class NET_EXPORT ProxyService : public NetworkChangeNotifier::IPAddressObserver,
 
   // |net_log| is a possibly NULL destination to send log events to. It must
   // remain alive for the lifetime of this ProxyService.
-  ProxyService(scoped_ptr<ProxyConfigService> config_service,
-               scoped_ptr<ProxyResolverFactory> resolver_factory,
+  ProxyService(std::unique_ptr<ProxyConfigService> config_service,
+               std::unique_ptr<ProxyResolverFactory> resolver_factory,
                NetLog* net_log);
 
   ~ProxyService() override;
@@ -206,7 +226,7 @@ class NET_EXPORT ProxyService : public NetworkChangeNotifier::IPAddressObserver,
   // ProxyService takes ownership of proxy_script_fetcher.
   void SetProxyScriptFetchers(
       ProxyScriptFetcher* proxy_script_fetcher,
-      scoped_ptr<DhcpProxyScriptFetcher> dhcp_proxy_script_fetcher);
+      std::unique_ptr<DhcpProxyScriptFetcher> dhcp_proxy_script_fetcher);
   ProxyScriptFetcher* GetProxyScriptFetcher() const;
 
   // Tells this ProxyService to start using a new ProxyConfigService to
@@ -214,7 +234,7 @@ class NET_EXPORT ProxyService : public NetworkChangeNotifier::IPAddressObserver,
   // be queried for new config info which will be used for all subsequent
   // ResolveProxy calls.
   void ResetConfigService(
-      scoped_ptr<ProxyConfigService> new_proxy_config_service);
+      std::unique_ptr<ProxyConfigService> new_proxy_config_service);
 
   // Returns the last configuration fetched from ProxyConfigService.
   const ProxyConfig& fetched_config() {
@@ -244,37 +264,37 @@ class NET_EXPORT ProxyService : public NetworkChangeNotifier::IPAddressObserver,
   // Same as CreateProxyServiceUsingV8ProxyResolver, except it uses system
   // libraries for evaluating the PAC script if available, otherwise skips
   // proxy autoconfig.
-  static scoped_ptr<ProxyService> CreateUsingSystemProxyResolver(
-      scoped_ptr<ProxyConfigService> proxy_config_service,
+  static std::unique_ptr<ProxyService> CreateUsingSystemProxyResolver(
+      std::unique_ptr<ProxyConfigService> proxy_config_service,
       size_t num_pac_threads,
       NetLog* net_log);
 
   // Creates a ProxyService without support for proxy autoconfig.
-  static scoped_ptr<ProxyService> CreateWithoutProxyResolver(
-      scoped_ptr<ProxyConfigService> proxy_config_service,
+  static std::unique_ptr<ProxyService> CreateWithoutProxyResolver(
+      std::unique_ptr<ProxyConfigService> proxy_config_service,
       NetLog* net_log);
 
   // Convenience methods that creates a proxy service using the
   // specified fixed settings.
-  static scoped_ptr<ProxyService> CreateFixed(const ProxyConfig& pc);
-  static scoped_ptr<ProxyService> CreateFixed(const std::string& proxy);
+  static std::unique_ptr<ProxyService> CreateFixed(const ProxyConfig& pc);
+  static std::unique_ptr<ProxyService> CreateFixed(const std::string& proxy);
 
   // Creates a proxy service that uses a DIRECT connection for all requests.
-  static scoped_ptr<ProxyService> CreateDirect();
+  static std::unique_ptr<ProxyService> CreateDirect();
   // |net_log|'s lifetime must exceed ProxyService.
-  static scoped_ptr<ProxyService> CreateDirectWithNetLog(NetLog* net_log);
+  static std::unique_ptr<ProxyService> CreateDirectWithNetLog(NetLog* net_log);
 
   // This method is used by tests to create a ProxyService that returns a
   // hardcoded proxy fallback list (|pac_string|) for every URL.
   //
   // |pac_string| is a list of proxy servers, in the format that a PAC script
   // would return it. For example, "PROXY foobar:99; SOCKS fml:2; DIRECT"
-  static scoped_ptr<ProxyService> CreateFixedFromPacResult(
+  static std::unique_ptr<ProxyService> CreateFixedFromPacResult(
       const std::string& pac_string);
 
   // Creates a config service appropriate for this platform that fetches the
   // system proxy settings.
-  static scoped_ptr<ProxyConfigService> CreateSystemProxyConfigService(
+  static std::unique_ptr<ProxyConfigService> CreateSystemProxyConfigService(
       const scoped_refptr<base::SingleThreadTaskRunner>& io_task_runner,
       const scoped_refptr<base::SingleThreadTaskRunner>& file_task_runner);
 
@@ -290,12 +310,16 @@ class NET_EXPORT ProxyService : public NetworkChangeNotifier::IPAddressObserver,
 
   // This method should only be used by unit tests. Creates an instance
   // of the default internal PacPollPolicy used by ProxyService.
-  static scoped_ptr<PacPollPolicy> CreateDefaultPacPollPolicy();
+  static std::unique_ptr<PacPollPolicy> CreateDefaultPacPollPolicy();
 
   void set_quick_check_enabled(bool value) {
     quick_check_enabled_ = value;
   }
 
+  void set_sanitize_url_policy(SanitizeUrlPolicy policy) {
+    sanitize_url_policy_ = policy;
+  }
+
  private:
   FRIEND_TEST_ALL_PREFIXES(ProxyServiceTest, UpdateConfigAfterFailedAutodetect);
   FRIEND_TEST_ALL_PREFIXES(ProxyServiceTest, UpdateConfigFromPACToDirect);
@@ -397,9 +421,9 @@ class NET_EXPORT ProxyService : public NetworkChangeNotifier::IPAddressObserver,
       const ProxyConfig& config,
       ProxyConfigService::ConfigAvailability availability) override;
 
-  scoped_ptr<ProxyConfigService> config_service_;
-  scoped_ptr<ProxyResolverFactory> resolver_factory_;
-  scoped_ptr<ProxyResolver> resolver_;
+  std::unique_ptr<ProxyConfigService> config_service_;
+  std::unique_ptr<ProxyResolverFactory> resolver_factory_;
+  std::unique_ptr<ProxyResolver> resolver_;
 
   // We store the proxy configuration that was last fetched from the
   // ProxyConfigService, as well as the resulting "effective" configuration.
@@ -424,21 +448,21 @@ class NET_EXPORT ProxyService : public NetworkChangeNotifier::IPAddressObserver,
   // The fetcher to use when downloading PAC scripts for the ProxyResolver.
   // This dependency can be NULL if our ProxyResolver has no need for
   // external PAC script fetching.
-  scoped_ptr<ProxyScriptFetcher> proxy_script_fetcher_;
+  std::unique_ptr<ProxyScriptFetcher> proxy_script_fetcher_;
 
   // The fetcher to use when attempting to download the most appropriate PAC
   // script configured in DHCP, if any. Can be NULL if the ProxyResolver has
   // no need for DHCP PAC script fetching.
-  scoped_ptr<DhcpProxyScriptFetcher> dhcp_proxy_script_fetcher_;
+  std::unique_ptr<DhcpProxyScriptFetcher> dhcp_proxy_script_fetcher_;
 
   // Helper to download the PAC script (wpad + custom) and apply fallback rules.
   //
   // Note that the declaration is important here: |proxy_script_fetcher_| and
   // |proxy_resolver_| must outlive |init_proxy_resolver_|.
-  scoped_ptr<InitProxyResolver> init_proxy_resolver_;
+  std::unique_ptr<InitProxyResolver> init_proxy_resolver_;
 
   // Helper to poll the PAC script for changes.
-  scoped_ptr<ProxyScriptDeciderPoller> script_poller_;
+  std::unique_ptr<ProxyScriptDeciderPoller> script_poller_;
 
   State current_state_;
 
@@ -460,6 +484,9 @@ class NET_EXPORT ProxyService : public NetworkChangeNotifier::IPAddressObserver,
   // Whether child ProxyScriptDeciders should use QuickCheck
   bool quick_check_enabled_;
 
+  // The method to use for sanitizing URLs seen by the proxy resolver.
+  SanitizeUrlPolicy sanitize_url_policy_;
+
   DISALLOW_COPY_AND_ASSIGN(ProxyService);
 };
 
diff --git a/chromium/net/proxy/proxy_service_mojo.cc b/chromium/net/proxy/proxy_service_mojo.cc
index 41bbc3c2700..ad56a988d93 100644
--- a/chromium/net/proxy/proxy_service_mojo.cc
+++ b/chromium/net/proxy/proxy_service_mojo.cc
@@ -4,11 +4,12 @@
 
 #include "net/proxy/proxy_service_mojo.h"
 
+#include <memory>
 #include <utility>
 
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/memory/ptr_util.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/dns/mojo_host_resolver_impl.h"
 #include "net/interfaces/proxy_resolver_service.mojom.h"
 #include "net/proxy/in_process_mojo_proxy_resolver_factory.h"
@@ -22,11 +23,11 @@
 
 namespace net {
 
-scoped_ptr<ProxyService> CreateProxyServiceUsingMojoFactory(
+std::unique_ptr<ProxyService> CreateProxyServiceUsingMojoFactory(
     MojoProxyResolverFactory* mojo_proxy_factory,
-    scoped_ptr<ProxyConfigService> proxy_config_service,
+    std::unique_ptr<ProxyConfigService> proxy_config_service,
     ProxyScriptFetcher* proxy_script_fetcher,
-    scoped_ptr<DhcpProxyScriptFetcher> dhcp_proxy_script_fetcher,
+    std::unique_ptr<DhcpProxyScriptFetcher> dhcp_proxy_script_fetcher,
     HostResolver* host_resolver,
     NetLog* net_log,
     NetworkDelegate* network_delegate) {
@@ -35,9 +36,9 @@ scoped_ptr<ProxyService> CreateProxyServiceUsingMojoFactory(
   DCHECK(dhcp_proxy_script_fetcher);
   DCHECK(host_resolver);
 
-  scoped_ptr<ProxyService> proxy_service(new ProxyService(
+  std::unique_ptr<ProxyService> proxy_service(new ProxyService(
       std::move(proxy_config_service),
-      make_scoped_ptr(new ProxyResolverFactoryMojo(
+      base::WrapUnique(new ProxyResolverFactoryMojo(
           mojo_proxy_factory, host_resolver,
           base::Bind(&NetworkDelegateErrorObserver::Create, network_delegate,
                      base::ThreadTaskRunnerHandle::Get()),
@@ -51,10 +52,10 @@ scoped_ptr<ProxyService> CreateProxyServiceUsingMojoFactory(
   return proxy_service;
 }
 
-scoped_ptr<ProxyService> CreateProxyServiceUsingMojoInProcess(
-    scoped_ptr<ProxyConfigService> proxy_config_service,
+std::unique_ptr<ProxyService> CreateProxyServiceUsingMojoInProcess(
+    std::unique_ptr<ProxyConfigService> proxy_config_service,
     ProxyScriptFetcher* proxy_script_fetcher,
-    scoped_ptr<DhcpProxyScriptFetcher> dhcp_proxy_script_fetcher,
+    std::unique_ptr<DhcpProxyScriptFetcher> dhcp_proxy_script_fetcher,
     HostResolver* host_resolver,
     NetLog* net_log,
     NetworkDelegate* network_delegate) {
diff --git a/chromium/net/proxy/proxy_service_mojo.h b/chromium/net/proxy/proxy_service_mojo.h
index a728337b28e..32a08730574 100644
--- a/chromium/net/proxy/proxy_service_mojo.h
+++ b/chromium/net/proxy/proxy_service_mojo.h
@@ -5,7 +5,8 @@
 #ifndef NET_PROXY_PROXY_SERVICE_MOJO_H_
 #define NET_PROXY_PROXY_SERVICE_MOJO_H_
 
-#include "base/memory/scoped_ptr.h"
+#include <memory>
+
 #include "net/proxy/dhcp_proxy_script_fetcher.h"
 
 namespace net {
@@ -34,11 +35,11 @@ class ProxyService;
 // |host_resolver| points to the host resolving dependency the PAC script
 // should use for any DNS queries. It must remain valid throughout the
 // lifetime of the ProxyService.
-scoped_ptr<ProxyService> CreateProxyServiceUsingMojoFactory(
+std::unique_ptr<ProxyService> CreateProxyServiceUsingMojoFactory(
     MojoProxyResolverFactory* mojo_proxy_factory,
-    scoped_ptr<ProxyConfigService> proxy_config_service,
+    std::unique_ptr<ProxyConfigService> proxy_config_service,
     ProxyScriptFetcher* proxy_script_fetcher,
-    scoped_ptr<DhcpProxyScriptFetcher> dhcp_proxy_script_fetcher,
+    std::unique_ptr<DhcpProxyScriptFetcher> dhcp_proxy_script_fetcher,
     HostResolver* host_resolver,
     NetLog* net_log,
     NetworkDelegate* network_delegate);
@@ -51,10 +52,10 @@ scoped_ptr<ProxyService> CreateProxyServiceUsingMojoFactory(
 // # multi-threading model. In order for this to be safe to use, *ALL* the
 // # other V8's running in the process must use v8::Locker.
 // ##########################################################################
-scoped_ptr<ProxyService> CreateProxyServiceUsingMojoInProcess(
-    scoped_ptr<ProxyConfigService> proxy_config_service,
+std::unique_ptr<ProxyService> CreateProxyServiceUsingMojoInProcess(
+    std::unique_ptr<ProxyConfigService> proxy_config_service,
     ProxyScriptFetcher* proxy_script_fetcher,
-    scoped_ptr<DhcpProxyScriptFetcher> dhcp_proxy_script_fetcher,
+    std::unique_ptr<DhcpProxyScriptFetcher> dhcp_proxy_script_fetcher,
     HostResolver* host_resolver,
     NetLog* net_log,
     NetworkDelegate* network_delegate);
diff --git a/chromium/net/proxy/proxy_service_mojo_unittest.cc b/chromium/net/proxy/proxy_service_mojo_unittest.cc
index 6881a196fd8..d49c7d1881c 100644
--- a/chromium/net/proxy/proxy_service_mojo_unittest.cc
+++ b/chromium/net/proxy/proxy_service_mojo_unittest.cc
@@ -5,11 +5,12 @@
 #include "net/proxy/proxy_service_mojo.h"
 
 #include <algorithm>
+#include <memory>
 #include <string>
 #include <utility>
 
 #include "base/callback_helpers.h"
-#include "base/memory/scoped_ptr.h"
+#include "base/memory/ptr_util.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/values.h"
 #include "net/base/load_flags.h"
@@ -128,19 +129,19 @@ class ProxyServiceMojoTest : public testing::Test,
 
     fetcher_ = new MockProxyScriptFetcher;
     proxy_service_ = CreateProxyServiceUsingMojoFactory(
-        this, make_scoped_ptr(new ProxyConfigServiceFixed(
+        this, base::WrapUnique(new ProxyConfigServiceFixed(
                   ProxyConfig::CreateFromCustomPacURL(GURL(kPacUrl)))),
-        fetcher_, make_scoped_ptr(new DoNothingDhcpProxyScriptFetcher()),
+        fetcher_, base::WrapUnique(new DoNothingDhcpProxyScriptFetcher()),
         &mock_host_resolver_, &net_log_, &network_delegate_);
   }
 
-  scoped_ptr<base::ScopedClosureRunner> CreateResolver(
+  std::unique_ptr<base::ScopedClosureRunner> CreateResolver(
       const mojo::String& pac_script,
       mojo::InterfaceRequest<interfaces::ProxyResolver> req,
       interfaces::ProxyResolverFactoryRequestClientPtr client) override {
     InProcessMojoProxyResolverFactory::GetInstance()->CreateResolver(
         pac_script, std::move(req), std::move(client));
-    return make_scoped_ptr(
+    return base::WrapUnique(
         new base::ScopedClosureRunner(on_delete_closure_.closure()));
   }
 
@@ -149,7 +150,7 @@ class ProxyServiceMojoTest : public testing::Test,
   MockProxyScriptFetcher* fetcher_;  // Owned by |proxy_service_|.
   TestNetLog net_log_;
   TestClosure on_delete_closure_;
-  scoped_ptr<ProxyService> proxy_service_;
+  std::unique_ptr<ProxyService> proxy_service_;
 };
 
 TEST_F(ProxyServiceMojoTest, Basic) {
diff --git a/chromium/net/proxy/proxy_service_unittest.cc b/chromium/net/proxy/proxy_service_unittest.cc
index c595f4564c1..34a0c5d5135 100644
--- a/chromium/net/proxy/proxy_service_unittest.cc
+++ b/chromium/net/proxy/proxy_service_unittest.cc
@@ -11,6 +11,7 @@
 #include "base/format_macros.h"
 #include "base/logging.h"
 #include "base/macros.h"
+#include "base/memory/ptr_util.h"
 #include "base/strings/string_util.h"
 #include "base/strings/utf_string_conversions.h"
 #include "net/base/load_flags.h"
@@ -353,8 +354,8 @@ TEST_F(ProxyServiceTest, Direct) {
   MockAsyncProxyResolverFactory* factory =
       new MockAsyncProxyResolverFactory(false);
   ProxyService service(
-      make_scoped_ptr(new MockProxyConfigService(ProxyConfig::CreateDirect())),
-      make_scoped_ptr(factory), nullptr);
+      base::WrapUnique(new MockProxyConfigService(ProxyConfig::CreateDirect())),
+      base::WrapUnique(factory), nullptr);
 
   GURL url("http://www.google.com/");
 
@@ -391,7 +392,7 @@ TEST_F(ProxyServiceTest, OnResolveProxyCallbackAddProxy) {
   config.set_auto_detect(false);
   config.proxy_rules().bypass_rules.ParseFromString("*.org");
 
-  ProxyService service(make_scoped_ptr(new MockProxyConfigService(config)),
+  ProxyService service(base::WrapUnique(new MockProxyConfigService(config)),
                        nullptr, nullptr);
 
   GURL url("http://www.google.com/");
@@ -449,7 +450,7 @@ TEST_F(ProxyServiceTest, OnResolveProxyCallbackRemoveProxy) {
   config.set_auto_detect(false);
   config.proxy_rules().bypass_rules.ParseFromString("*.org");
 
-  ProxyService service(make_scoped_ptr(new MockProxyConfigService(config)),
+  ProxyService service(base::WrapUnique(new MockProxyConfigService(config)),
                        nullptr, nullptr);
 
   GURL url("http://www.google.com/");
@@ -495,8 +496,8 @@ TEST_F(ProxyServiceTest, PAC) {
   MockAsyncProxyResolverFactory* factory =
       new MockAsyncProxyResolverFactory(false);
 
-  ProxyService service(make_scoped_ptr(config_service),
-                       make_scoped_ptr(factory), nullptr);
+  ProxyService service(base::WrapUnique(config_service),
+                       base::WrapUnique(factory), nullptr);
 
   GURL url("http://www.google.com/");
 
@@ -558,8 +559,8 @@ TEST_F(ProxyServiceTest, PAC_NoIdentityOrHash) {
   MockAsyncProxyResolverFactory* factory =
       new MockAsyncProxyResolverFactory(false);
 
-  ProxyService service(make_scoped_ptr(config_service),
-                       make_scoped_ptr(factory), nullptr);
+  ProxyService service(base::WrapUnique(config_service),
+                       base::WrapUnique(factory), nullptr);
 
   GURL url("http://username:password@www.google.com/?ref#hash#hash");
 
@@ -590,8 +591,8 @@ TEST_F(ProxyServiceTest, PAC_FailoverWithoutDirect) {
   MockAsyncProxyResolverFactory* factory =
       new MockAsyncProxyResolverFactory(false);
 
-  ProxyService service(make_scoped_ptr(config_service),
-                       make_scoped_ptr(factory), nullptr);
+  ProxyService service(base::WrapUnique(config_service),
+                       base::WrapUnique(factory), nullptr);
 
   GURL url("http://www.google.com/");
 
@@ -645,8 +646,8 @@ TEST_F(ProxyServiceTest, PAC_RuntimeError) {
   MockAsyncProxyResolverFactory* factory =
       new MockAsyncProxyResolverFactory(false);
 
-  ProxyService service(make_scoped_ptr(config_service),
-                       make_scoped_ptr(factory), nullptr);
+  ProxyService service(base::WrapUnique(config_service),
+                       base::WrapUnique(factory), nullptr);
 
   GURL url("http://this-causes-js-error/");
 
@@ -704,8 +705,8 @@ TEST_F(ProxyServiceTest, PAC_FailoverAfterDirect) {
   MockAsyncProxyResolverFactory* factory =
       new MockAsyncProxyResolverFactory(false);
 
-  ProxyService service(make_scoped_ptr(config_service),
-                       make_scoped_ptr(factory), nullptr);
+  ProxyService service(base::WrapUnique(config_service),
+                       base::WrapUnique(factory), nullptr);
 
   GURL url("http://www.google.com/");
 
@@ -781,8 +782,8 @@ TEST_F(ProxyServiceTest, PAC_ConfigSourcePropagates) {
   MockAsyncProxyResolver resolver;
   MockAsyncProxyResolverFactory* factory =
       new MockAsyncProxyResolverFactory(false);
-  ProxyService service(make_scoped_ptr(config_service),
-                       make_scoped_ptr(factory), nullptr);
+  ProxyService service(base::WrapUnique(config_service),
+                       base::WrapUnique(factory), nullptr);
 
   // Resolve something.
   GURL url("http://www.google.com/");
@@ -820,8 +821,8 @@ TEST_F(ProxyServiceTest, ProxyResolverFails) {
   MockAsyncProxyResolverFactory* factory =
       new MockAsyncProxyResolverFactory(false);
 
-  ProxyService service(make_scoped_ptr(config_service),
-                       make_scoped_ptr(factory), nullptr);
+  ProxyService service(base::WrapUnique(config_service),
+                       base::WrapUnique(factory), nullptr);
 
   // Start first resolve request.
   GURL url("http://www.google.com/");
@@ -884,8 +885,8 @@ TEST_F(ProxyServiceTest, ProxyResolverTerminatedDuringRequest) {
   MockAsyncProxyResolverFactory* factory =
       new MockAsyncProxyResolverFactory(false);
 
-  ProxyService service(make_scoped_ptr(config_service),
-                       make_scoped_ptr(factory), nullptr);
+  ProxyService service(base::WrapUnique(config_service),
+                       base::WrapUnique(factory), nullptr);
 
   // Start first resolve request.
   GURL url("http://www.google.com/");
@@ -956,8 +957,8 @@ TEST_F(ProxyServiceTest,
   MockAsyncProxyResolverFactory* factory =
       new MockAsyncProxyResolverFactory(false);
 
-  ProxyService service(make_scoped_ptr(config_service),
-                       make_scoped_ptr(factory), nullptr);
+  ProxyService service(base::WrapUnique(config_service),
+                       base::WrapUnique(factory), nullptr);
 
   // Start two resolve requests.
   GURL url1("http://www.google.com/");
@@ -1028,8 +1029,8 @@ TEST_F(ProxyServiceTest, ProxyScriptFetcherFailsDownloadingMandatoryPac) {
   MockAsyncProxyResolverFactory* factory =
       new MockAsyncProxyResolverFactory(false);
 
-  ProxyService service(make_scoped_ptr(config_service),
-                       make_scoped_ptr(factory), nullptr);
+  ProxyService service(base::WrapUnique(config_service),
+                       base::WrapUnique(factory), nullptr);
 
   // Start first resolve request.
   GURL url("http://www.google.com/");
@@ -1075,12 +1076,12 @@ TEST_F(ProxyServiceTest, ProxyResolverFailsParsingJavaScriptMandatoryPac) {
   MockAsyncProxyResolverFactory* factory =
       new MockAsyncProxyResolverFactory(true);
 
-  ProxyService service(make_scoped_ptr(config_service),
-                       make_scoped_ptr(factory), nullptr);
+  ProxyService service(base::WrapUnique(config_service),
+                       base::WrapUnique(factory), nullptr);
 
   MockProxyScriptFetcher* fetcher = new MockProxyScriptFetcher;
   service.SetProxyScriptFetchers(
-      fetcher, make_scoped_ptr(new DoNothingDhcpProxyScriptFetcher()));
+      fetcher, base::WrapUnique(new DoNothingDhcpProxyScriptFetcher()));
 
   // Start resolve request.
   GURL url("http://www.google.com/");
@@ -1126,8 +1127,8 @@ TEST_F(ProxyServiceTest, ProxyResolverFailsInJavaScriptMandatoryPac) {
   MockAsyncProxyResolverFactory* factory =
       new MockAsyncProxyResolverFactory(false);
 
-  ProxyService service(make_scoped_ptr(config_service),
-                       make_scoped_ptr(factory), nullptr);
+  ProxyService service(base::WrapUnique(config_service),
+                       base::WrapUnique(factory), nullptr);
 
   // Start first resolve request.
   GURL url("http://www.google.com/");
@@ -1186,8 +1187,8 @@ TEST_F(ProxyServiceTest, ProxyFallback) {
   MockAsyncProxyResolverFactory* factory =
       new MockAsyncProxyResolverFactory(false);
 
-  ProxyService service(make_scoped_ptr(config_service),
-                       make_scoped_ptr(factory), nullptr);
+  ProxyService service(base::WrapUnique(config_service),
+                       base::WrapUnique(factory), nullptr);
 
   GURL url("http://www.google.com/");
 
@@ -1339,8 +1340,8 @@ TEST_F(ProxyServiceTest, ProxyFallbackToDirect) {
   MockAsyncProxyResolverFactory* factory =
       new MockAsyncProxyResolverFactory(false);
 
-  ProxyService service(make_scoped_ptr(config_service),
-                       make_scoped_ptr(factory), nullptr);
+  ProxyService service(base::WrapUnique(config_service),
+                       base::WrapUnique(factory), nullptr);
 
   GURL url("http://www.google.com/");
 
@@ -1413,8 +1414,8 @@ TEST_F(ProxyServiceTest, ProxyFallback_NewSettings) {
   MockAsyncProxyResolverFactory* factory =
       new MockAsyncProxyResolverFactory(false);
 
-  ProxyService service(make_scoped_ptr(config_service),
-                       make_scoped_ptr(factory), nullptr);
+  ProxyService service(base::WrapUnique(config_service),
+                       base::WrapUnique(factory), nullptr);
 
   GURL url("http://www.google.com/");
 
@@ -1517,8 +1518,8 @@ TEST_F(ProxyServiceTest, ProxyFallback_BadConfig) {
   MockAsyncProxyResolverFactory* factory =
       new MockAsyncProxyResolverFactory(false);
 
-  ProxyService service(make_scoped_ptr(config_service),
-                       make_scoped_ptr(factory), nullptr);
+  ProxyService service(base::WrapUnique(config_service),
+                       base::WrapUnique(factory), nullptr);
 
   GURL url("http://www.google.com/");
 
@@ -1617,8 +1618,8 @@ TEST_F(ProxyServiceTest, ProxyFallback_BadConfigMandatory) {
   MockAsyncProxyResolverFactory* factory =
       new MockAsyncProxyResolverFactory(false);
 
-  ProxyService service(make_scoped_ptr(config_service),
-                       make_scoped_ptr(factory), nullptr);
+  ProxyService service(base::WrapUnique(config_service),
+                       base::WrapUnique(factory), nullptr);
 
   GURL url("http://www.google.com/");
 
@@ -1711,7 +1712,7 @@ TEST_F(ProxyServiceTest, ProxyBypassList) {
   config.set_auto_detect(false);
   config.proxy_rules().bypass_rules.ParseFromString("*.org");
 
-  ProxyService service(make_scoped_ptr(new MockProxyConfigService(config)),
+  ProxyService service(base::WrapUnique(new MockProxyConfigService(config)),
                        nullptr, nullptr);
 
   int rv;
@@ -1752,7 +1753,7 @@ TEST_F(ProxyServiceTest, MarkProxiesAsBadTests) {
 
   EXPECT_EQ(3u, additional_bad_proxies.size());
 
-  ProxyService service(make_scoped_ptr(new MockProxyConfigService(config)),
+  ProxyService service(base::WrapUnique(new MockProxyConfigService(config)),
                        nullptr, nullptr);
   ProxyInfo proxy_info;
   proxy_info.UseProxyList(proxy_list);
@@ -1773,7 +1774,7 @@ TEST_F(ProxyServiceTest, PerProtocolProxyTests) {
   config.proxy_rules().ParseFromString("http=foopy1:8080;https=foopy2:8080");
   config.set_auto_detect(false);
   {
-    ProxyService service(make_scoped_ptr(new MockProxyConfigService(config)),
+    ProxyService service(base::WrapUnique(new MockProxyConfigService(config)),
                          nullptr, nullptr);
     GURL test_url("http://www.msn.com");
     ProxyInfo info;
@@ -1786,7 +1787,7 @@ TEST_F(ProxyServiceTest, PerProtocolProxyTests) {
     EXPECT_EQ("foopy1:8080", info.proxy_server().ToURI());
   }
   {
-    ProxyService service(make_scoped_ptr(new MockProxyConfigService(config)),
+    ProxyService service(base::WrapUnique(new MockProxyConfigService(config)),
                          nullptr, nullptr);
     GURL test_url("ftp://ftp.google.com");
     ProxyInfo info;
@@ -1799,7 +1800,7 @@ TEST_F(ProxyServiceTest, PerProtocolProxyTests) {
     EXPECT_EQ("direct://", info.proxy_server().ToURI());
   }
   {
-    ProxyService service(make_scoped_ptr(new MockProxyConfigService(config)),
+    ProxyService service(base::WrapUnique(new MockProxyConfigService(config)),
                          nullptr, nullptr);
     GURL test_url("https://webbranch.techcu.com");
     ProxyInfo info;
@@ -1813,7 +1814,7 @@ TEST_F(ProxyServiceTest, PerProtocolProxyTests) {
   }
   {
     config.proxy_rules().ParseFromString("foopy1:8080");
-    ProxyService service(make_scoped_ptr(new MockProxyConfigService(config)),
+    ProxyService service(base::WrapUnique(new MockProxyConfigService(config)),
                          nullptr, nullptr);
     GURL test_url("http://www.microsoft.com");
     ProxyInfo info;
@@ -1835,7 +1836,7 @@ TEST_F(ProxyServiceTest, ProxyConfigSourcePropagates) {
     ProxyConfig config;
     config.set_source(PROXY_CONFIG_SOURCE_TEST);
     config.proxy_rules().ParseFromString("https=foopy2:8080");
-    ProxyService service(make_scoped_ptr(new MockProxyConfigService(config)),
+    ProxyService service(base::WrapUnique(new MockProxyConfigService(config)),
                          nullptr, nullptr);
     GURL test_url("http://www.google.com");
     ProxyInfo info;
@@ -1851,7 +1852,7 @@ TEST_F(ProxyServiceTest, ProxyConfigSourcePropagates) {
     ProxyConfig config;
     config.set_source(PROXY_CONFIG_SOURCE_TEST);
     config.proxy_rules().ParseFromString("https=foopy2:8080");
-    ProxyService service(make_scoped_ptr(new MockProxyConfigService(config)),
+    ProxyService service(base::WrapUnique(new MockProxyConfigService(config)),
                          nullptr, nullptr);
     GURL test_url("https://www.google.com");
     ProxyInfo info;
@@ -1866,7 +1867,7 @@ TEST_F(ProxyServiceTest, ProxyConfigSourcePropagates) {
   {
     ProxyConfig config;
     config.set_source(PROXY_CONFIG_SOURCE_TEST);
-    ProxyService service(make_scoped_ptr(new MockProxyConfigService(config)),
+    ProxyService service(base::WrapUnique(new MockProxyConfigService(config)),
                          nullptr, nullptr);
     GURL test_url("http://www.google.com");
     ProxyInfo info;
@@ -1890,7 +1891,7 @@ TEST_F(ProxyServiceTest, DefaultProxyFallbackToSOCKS) {
             config.proxy_rules().type);
 
   {
-    ProxyService service(make_scoped_ptr(new MockProxyConfigService(config)),
+    ProxyService service(base::WrapUnique(new MockProxyConfigService(config)),
                          nullptr, nullptr);
     GURL test_url("http://www.msn.com");
     ProxyInfo info;
@@ -1903,7 +1904,7 @@ TEST_F(ProxyServiceTest, DefaultProxyFallbackToSOCKS) {
     EXPECT_EQ("foopy1:8080", info.proxy_server().ToURI());
   }
   {
-    ProxyService service(make_scoped_ptr(new MockProxyConfigService(config)),
+    ProxyService service(base::WrapUnique(new MockProxyConfigService(config)),
                          nullptr, nullptr);
     GURL test_url("ftp://ftp.google.com");
     ProxyInfo info;
@@ -1916,7 +1917,7 @@ TEST_F(ProxyServiceTest, DefaultProxyFallbackToSOCKS) {
     EXPECT_EQ("socks4://foopy2:1080", info.proxy_server().ToURI());
   }
   {
-    ProxyService service(make_scoped_ptr(new MockProxyConfigService(config)),
+    ProxyService service(base::WrapUnique(new MockProxyConfigService(config)),
                          nullptr, nullptr);
     GURL test_url("https://webbranch.techcu.com");
     ProxyInfo info;
@@ -1929,7 +1930,7 @@ TEST_F(ProxyServiceTest, DefaultProxyFallbackToSOCKS) {
     EXPECT_EQ("socks4://foopy2:1080", info.proxy_server().ToURI());
   }
   {
-    ProxyService service(make_scoped_ptr(new MockProxyConfigService(config)),
+    ProxyService service(base::WrapUnique(new MockProxyConfigService(config)),
                          nullptr, nullptr);
     GURL test_url("unknown://www.microsoft.com");
     ProxyInfo info;
@@ -1955,8 +1956,8 @@ TEST_F(ProxyServiceTest, CancelInProgressRequest) {
   MockAsyncProxyResolverFactory* factory =
       new MockAsyncProxyResolverFactory(false);
 
-  ProxyService service(make_scoped_ptr(config_service),
-                       make_scoped_ptr(factory), nullptr);
+  ProxyService service(base::WrapUnique(config_service),
+                       base::WrapUnique(factory), nullptr);
 
   // Start 3 requests.
 
@@ -2028,12 +2029,12 @@ TEST_F(ProxyServiceTest, InitialPACScriptDownload) {
   MockAsyncProxyResolverFactory* factory =
       new MockAsyncProxyResolverFactory(true);
 
-  ProxyService service(make_scoped_ptr(config_service),
-                       make_scoped_ptr(factory), nullptr);
+  ProxyService service(base::WrapUnique(config_service),
+                       base::WrapUnique(factory), nullptr);
 
   MockProxyScriptFetcher* fetcher = new MockProxyScriptFetcher;
   service.SetProxyScriptFetchers(
-      fetcher, make_scoped_ptr(new DoNothingDhcpProxyScriptFetcher()));
+      fetcher, base::WrapUnique(new DoNothingDhcpProxyScriptFetcher()));
 
   // Start 3 requests.
 
@@ -2134,12 +2135,12 @@ TEST_F(ProxyServiceTest, ChangeScriptFetcherWhilePACDownloadInProgress) {
   MockAsyncProxyResolverFactory* factory =
       new MockAsyncProxyResolverFactory(true);
 
-  ProxyService service(make_scoped_ptr(config_service),
-                       make_scoped_ptr(factory), nullptr);
+  ProxyService service(base::WrapUnique(config_service),
+                       base::WrapUnique(factory), nullptr);
 
   MockProxyScriptFetcher* fetcher = new MockProxyScriptFetcher;
   service.SetProxyScriptFetchers(
-      fetcher, make_scoped_ptr(new DoNothingDhcpProxyScriptFetcher()));
+      fetcher, base::WrapUnique(new DoNothingDhcpProxyScriptFetcher()));
 
   // Start 2 requests.
 
@@ -2170,7 +2171,7 @@ TEST_F(ProxyServiceTest, ChangeScriptFetcherWhilePACDownloadInProgress) {
 
   fetcher = new MockProxyScriptFetcher;
   service.SetProxyScriptFetchers(
-      fetcher, make_scoped_ptr(new DoNothingDhcpProxyScriptFetcher()));
+      fetcher, base::WrapUnique(new DoNothingDhcpProxyScriptFetcher()));
 
   // Nothing has been sent to the factory yet.
   EXPECT_TRUE(factory->pending_requests().empty());
@@ -2195,12 +2196,12 @@ TEST_F(ProxyServiceTest, CancelWhilePACFetching) {
   MockAsyncProxyResolverFactory* factory =
       new MockAsyncProxyResolverFactory(true);
 
-  ProxyService service(make_scoped_ptr(config_service),
-                       make_scoped_ptr(factory), nullptr);
+  ProxyService service(base::WrapUnique(config_service),
+                       base::WrapUnique(factory), nullptr);
 
   MockProxyScriptFetcher* fetcher = new MockProxyScriptFetcher;
   service.SetProxyScriptFetchers(
-      fetcher, make_scoped_ptr(new DoNothingDhcpProxyScriptFetcher()));
+      fetcher, base::WrapUnique(new DoNothingDhcpProxyScriptFetcher()));
 
   // Start 3 requests.
   ProxyInfo info1;
@@ -2294,12 +2295,12 @@ TEST_F(ProxyServiceTest, FallbackFromAutodetectToCustomPac) {
   MockAsyncProxyResolver resolver;
   MockAsyncProxyResolverFactory* factory =
       new MockAsyncProxyResolverFactory(true);
-  ProxyService service(make_scoped_ptr(config_service),
-                       make_scoped_ptr(factory), nullptr);
+  ProxyService service(base::WrapUnique(config_service),
+                       base::WrapUnique(factory), nullptr);
 
   MockProxyScriptFetcher* fetcher = new MockProxyScriptFetcher;
   service.SetProxyScriptFetchers(
-      fetcher, make_scoped_ptr(new DoNothingDhcpProxyScriptFetcher()));
+      fetcher, base::WrapUnique(new DoNothingDhcpProxyScriptFetcher()));
 
   // Start 2 requests.
 
@@ -2375,12 +2376,12 @@ TEST_F(ProxyServiceTest, FallbackFromAutodetectToCustomPac2) {
   MockAsyncProxyResolver resolver;
   MockAsyncProxyResolverFactory* factory =
       new MockAsyncProxyResolverFactory(true);
-  ProxyService service(make_scoped_ptr(config_service),
-                       make_scoped_ptr(factory), nullptr);
+  ProxyService service(base::WrapUnique(config_service),
+                       base::WrapUnique(factory), nullptr);
 
   MockProxyScriptFetcher* fetcher = new MockProxyScriptFetcher;
   service.SetProxyScriptFetchers(
-      fetcher, make_scoped_ptr(new DoNothingDhcpProxyScriptFetcher()));
+      fetcher, base::WrapUnique(new DoNothingDhcpProxyScriptFetcher()));
 
   // Start 2 requests.
 
@@ -2449,12 +2450,12 @@ TEST_F(ProxyServiceTest, FallbackFromAutodetectToCustomToManual) {
   MockProxyConfigService* config_service = new MockProxyConfigService(config);
   MockAsyncProxyResolverFactory* factory =
       new MockAsyncProxyResolverFactory(true);
-  ProxyService service(make_scoped_ptr(config_service),
-                       make_scoped_ptr(factory), nullptr);
+  ProxyService service(base::WrapUnique(config_service),
+                       base::WrapUnique(factory), nullptr);
 
   MockProxyScriptFetcher* fetcher = new MockProxyScriptFetcher;
   service.SetProxyScriptFetchers(
-      fetcher, make_scoped_ptr(new DoNothingDhcpProxyScriptFetcher()));
+      fetcher, base::WrapUnique(new DoNothingDhcpProxyScriptFetcher()));
 
   // Start 2 requests.
 
@@ -2511,12 +2512,12 @@ TEST_F(ProxyServiceTest, BypassDoesntApplyToPac) {
   MockAsyncProxyResolver resolver;
   MockAsyncProxyResolverFactory* factory =
       new MockAsyncProxyResolverFactory(true);
-  ProxyService service(make_scoped_ptr(config_service),
-                       make_scoped_ptr(factory), nullptr);
+  ProxyService service(base::WrapUnique(config_service),
+                       base::WrapUnique(factory), nullptr);
 
   MockProxyScriptFetcher* fetcher = new MockProxyScriptFetcher;
   service.SetProxyScriptFetchers(
-      fetcher, make_scoped_ptr(new DoNothingDhcpProxyScriptFetcher()));
+      fetcher, base::WrapUnique(new DoNothingDhcpProxyScriptFetcher()));
 
   // Start 1 requests.
 
@@ -2582,12 +2583,12 @@ TEST_F(ProxyServiceTest, DeleteWhileInitProxyResolverHasOutstandingFetch) {
   MockProxyConfigService* config_service = new MockProxyConfigService(config);
   MockAsyncProxyResolverFactory* factory =
       new MockAsyncProxyResolverFactory(true);
-  ProxyService service(make_scoped_ptr(config_service),
-                       make_scoped_ptr(factory), nullptr);
+  ProxyService service(base::WrapUnique(config_service),
+                       base::WrapUnique(factory), nullptr);
 
   MockProxyScriptFetcher* fetcher = new MockProxyScriptFetcher;
   service.SetProxyScriptFetchers(
-      fetcher, make_scoped_ptr(new DoNothingDhcpProxyScriptFetcher()));
+      fetcher, base::WrapUnique(new DoNothingDhcpProxyScriptFetcher()));
 
   // Start 1 request.
 
@@ -2618,8 +2619,8 @@ TEST_F(ProxyServiceTest, DeleteWhileInitProxyResolverHasOutstandingSet) {
   MockAsyncProxyResolverFactory* factory =
       new MockAsyncProxyResolverFactory(false);
 
-  ProxyService service(make_scoped_ptr(config_service),
-                       make_scoped_ptr(factory), nullptr);
+  ProxyService service(base::WrapUnique(config_service),
+                       base::WrapUnique(factory), nullptr);
 
   GURL url("http://www.google.com/");
 
@@ -2638,7 +2639,7 @@ TEST_F(ProxyServiceTest, ResetProxyConfigService) {
   ProxyConfig config1;
   config1.proxy_rules().ParseFromString("foopy1:8080");
   config1.set_auto_detect(false);
-  ProxyService service(make_scoped_ptr(new MockProxyConfigService(config1)),
+  ProxyService service(base::WrapUnique(new MockProxyConfigService(config1)),
                        nullptr, nullptr);
 
   ProxyInfo info;
@@ -2653,7 +2654,7 @@ TEST_F(ProxyServiceTest, ResetProxyConfigService) {
   config2.proxy_rules().ParseFromString("foopy2:8080");
   config2.set_auto_detect(false);
   service.ResetConfigService(
-      make_scoped_ptr(new MockProxyConfigService(config2)));
+      base::WrapUnique(new MockProxyConfigService(config2)));
   TestCompletionCallback callback2;
   rv = service.ResolveProxy(GURL("http://request2"), std::string(), LOAD_NORMAL,
                             &info, callback2.callback(), nullptr, nullptr,
@@ -2671,8 +2672,8 @@ TEST_F(ProxyServiceTest, UpdateConfigFromPACToDirect) {
   MockAsyncProxyResolver resolver;
   MockAsyncProxyResolverFactory* factory =
       new MockAsyncProxyResolverFactory(false);
-  ProxyService service(make_scoped_ptr(config_service),
-                       make_scoped_ptr(factory), nullptr);
+  ProxyService service(base::WrapUnique(config_service),
+                       base::WrapUnique(factory), nullptr);
 
   // Start 1 request.
 
@@ -2725,12 +2726,12 @@ TEST_F(ProxyServiceTest, NetworkChangeTriggersPacRefetch) {
 
   TestNetLog log;
 
-  ProxyService service(make_scoped_ptr(config_service),
-                       make_scoped_ptr(factory), &log);
+  ProxyService service(base::WrapUnique(config_service),
+                       base::WrapUnique(factory), &log);
 
   MockProxyScriptFetcher* fetcher = new MockProxyScriptFetcher;
   service.SetProxyScriptFetchers(
-      fetcher, make_scoped_ptr(new DoNothingDhcpProxyScriptFetcher()));
+      fetcher, base::WrapUnique(new DoNothingDhcpProxyScriptFetcher()));
 
   // Disable the "wait after IP address changes" hack, so this unit-test can
   // complete quickly.
@@ -2847,12 +2848,12 @@ TEST_F(ProxyServiceTest, PACScriptRefetchAfterFailure) {
   MockAsyncProxyResolverFactory* factory =
       new MockAsyncProxyResolverFactory(true);
 
-  ProxyService service(make_scoped_ptr(config_service),
-                       make_scoped_ptr(factory), nullptr);
+  ProxyService service(base::WrapUnique(config_service),
+                       base::WrapUnique(factory), nullptr);
 
   MockProxyScriptFetcher* fetcher = new MockProxyScriptFetcher;
   service.SetProxyScriptFetchers(
-      fetcher, make_scoped_ptr(new DoNothingDhcpProxyScriptFetcher()));
+      fetcher, base::WrapUnique(new DoNothingDhcpProxyScriptFetcher()));
 
   // Start 1 request.
 
@@ -2954,12 +2955,12 @@ TEST_F(ProxyServiceTest, PACScriptRefetchAfterContentChange) {
   MockAsyncProxyResolverFactory* factory =
       new MockAsyncProxyResolverFactory(true);
 
-  ProxyService service(make_scoped_ptr(config_service),
-                       make_scoped_ptr(factory), nullptr);
+  ProxyService service(base::WrapUnique(config_service),
+                       base::WrapUnique(factory), nullptr);
 
   MockProxyScriptFetcher* fetcher = new MockProxyScriptFetcher;
   service.SetProxyScriptFetchers(
-      fetcher, make_scoped_ptr(new DoNothingDhcpProxyScriptFetcher()));
+      fetcher, base::WrapUnique(new DoNothingDhcpProxyScriptFetcher()));
 
   // Start 1 request.
 
@@ -3067,12 +3068,12 @@ TEST_F(ProxyServiceTest, PACScriptRefetchAfterContentUnchanged) {
   MockAsyncProxyResolverFactory* factory =
       new MockAsyncProxyResolverFactory(true);
 
-  ProxyService service(make_scoped_ptr(config_service),
-                       make_scoped_ptr(factory), nullptr);
+  ProxyService service(base::WrapUnique(config_service),
+                       base::WrapUnique(factory), nullptr);
 
   MockProxyScriptFetcher* fetcher = new MockProxyScriptFetcher;
   service.SetProxyScriptFetchers(
-      fetcher, make_scoped_ptr(new DoNothingDhcpProxyScriptFetcher()));
+      fetcher, base::WrapUnique(new DoNothingDhcpProxyScriptFetcher()));
 
   // Start 1 request.
 
@@ -3177,12 +3178,12 @@ TEST_F(ProxyServiceTest, PACScriptRefetchAfterSuccess) {
   MockAsyncProxyResolverFactory* factory =
       new MockAsyncProxyResolverFactory(true);
 
-  ProxyService service(make_scoped_ptr(config_service),
-                       make_scoped_ptr(factory), nullptr);
+  ProxyService service(base::WrapUnique(config_service),
+                       base::WrapUnique(factory), nullptr);
 
   MockProxyScriptFetcher* fetcher = new MockProxyScriptFetcher;
   service.SetProxyScriptFetchers(
-      fetcher, make_scoped_ptr(new DoNothingDhcpProxyScriptFetcher()));
+      fetcher, base::WrapUnique(new DoNothingDhcpProxyScriptFetcher()));
 
   // Start 1 request.
 
@@ -3260,7 +3261,7 @@ TEST_F(ProxyServiceTest, PACScriptRefetchAfterSuccess) {
 // script follows the expected policy.
 TEST_F(ProxyServiceTest, PACScriptPollingPolicy) {
   // Retrieve the internal polling policy implementation used by ProxyService.
-  scoped_ptr<ProxyService::PacPollPolicy> policy =
+  std::unique_ptr<ProxyService::PacPollPolicy> policy =
       ProxyService::CreateDefaultPacPollPolicy();
 
   int error;
@@ -3332,12 +3333,12 @@ TEST_F(ProxyServiceTest, PACScriptRefetchAfterActivity) {
   MockAsyncProxyResolverFactory* factory =
       new MockAsyncProxyResolverFactory(true);
 
-  ProxyService service(make_scoped_ptr(config_service),
-                       make_scoped_ptr(factory), nullptr);
+  ProxyService service(base::WrapUnique(config_service),
+                       base::WrapUnique(factory), nullptr);
 
   MockProxyScriptFetcher* fetcher = new MockProxyScriptFetcher;
   service.SetProxyScriptFetchers(
-      fetcher, make_scoped_ptr(new DoNothingDhcpProxyScriptFetcher()));
+      fetcher, base::WrapUnique(new DoNothingDhcpProxyScriptFetcher()));
 
   // Start 1 request.
 
@@ -3434,8 +3435,8 @@ TEST_F(ProxyServiceTest, SynchronousWithPAC) {
   MockAsyncProxyResolverFactory* factory =
       new MockAsyncProxyResolverFactory(false);
 
-  ProxyService service(make_scoped_ptr(config_service),
-                       make_scoped_ptr(factory), nullptr);
+  ProxyService service(base::WrapUnique(config_service),
+                       base::WrapUnique(factory), nullptr);
 
   GURL url("http://www.google.com/");
 
@@ -3461,8 +3462,8 @@ TEST_F(ProxyServiceTest, SynchronousWithFixedConfiguration) {
   MockAsyncProxyResolverFactory* factory =
       new MockAsyncProxyResolverFactory(false);
 
-  ProxyService service(make_scoped_ptr(new MockProxyConfigService(config)),
-                       make_scoped_ptr(factory), nullptr);
+  ProxyService service(base::WrapUnique(new MockProxyConfigService(config)),
+                       base::WrapUnique(factory), nullptr);
 
   GURL url("http://www.google.com/");
 
@@ -3479,4 +3480,224 @@ TEST_F(ProxyServiceTest, SynchronousWithFixedConfiguration) {
   EXPECT_EQ(0u, factory->pending_requests().size());
 }
 
+// Helper class to exercise URL sanitization using the different policies. This
+// works by submitted URLs to the ProxyService. In turn the ProxyService
+// sanitizes the URL and then passes it along to the ProxyResolver. This helper
+// returns the URL seen by the ProxyResolver.
+class SanitizeUrlHelper {
+ public:
+  SanitizeUrlHelper() {
+    std::unique_ptr<MockProxyConfigService> config_service(
+        new MockProxyConfigService("http://foopy/proxy.pac"));
+
+    factory = new MockAsyncProxyResolverFactory(false);
+
+    service_.reset(new ProxyService(std::move(config_service),
+                                    base::WrapUnique(factory), nullptr));
+
+    // Do an initial request to initialize the service (configure the PAC
+    // script).
+    GURL url("http://example.com");
+
+    ProxyInfo info;
+    TestCompletionCallback callback;
+    int rv = service_->ResolveProxy(url, std::string(), LOAD_NORMAL, &info,
+                                    callback.callback(), nullptr, nullptr,
+                                    BoundNetLog());
+    EXPECT_EQ(ERR_IO_PENDING, rv);
+
+    // First step is to download the PAC script.
+    EXPECT_EQ(GURL("http://foopy/proxy.pac"),
+              factory->pending_requests()[0]->script_data()->url());
+    factory->pending_requests()[0]->CompleteNowWithForwarder(OK, &resolver);
+
+    EXPECT_EQ(1u, resolver.pending_requests().size());
+    EXPECT_EQ(url, resolver.pending_requests()[0]->url());
+
+    // Complete the request.
+    resolver.pending_requests()[0]->results()->UsePacString("DIRECT");
+    resolver.pending_requests()[0]->CompleteNow(OK);
+    EXPECT_EQ(OK, callback.WaitForResult());
+    EXPECT_TRUE(info.is_direct());
+  }
+
+  // Changes the URL sanitization policy for the underlying ProxyService. This
+  // will affect subsequent calls to SanitizeUrl.
+  void SetSanitizeUrlPolicy(ProxyService::SanitizeUrlPolicy policy) {
+    service_->set_sanitize_url_policy(policy);
+  }
+
+  // Makes a proxy resolution request through the ProxyService, and returns the
+  // URL that was submitted to the Proxy Resolver.
+  GURL SanitizeUrl(const GURL& raw_url) {
+    // Issue a request and see what URL is sent to the proxy resolver.
+    ProxyInfo info;
+    TestCompletionCallback callback;
+    int rv = service_->ResolveProxy(raw_url, std::string(), LOAD_NORMAL, &info,
+                                    callback.callback(), nullptr, nullptr,
+                                    BoundNetLog());
+    EXPECT_EQ(ERR_IO_PENDING, rv);
+
+    EXPECT_EQ(1u, resolver.pending_requests().size());
+
+    GURL sanitized_url = resolver.pending_requests()[0]->url();
+
+    // Complete the request.
+    resolver.pending_requests()[0]->results()->UsePacString("DIRECT");
+    resolver.pending_requests()[0]->CompleteNow(OK);
+    EXPECT_EQ(OK, callback.WaitForResult());
+    EXPECT_TRUE(info.is_direct());
+
+    return sanitized_url;
+  }
+
+  // Changes the ProxyService's URL sanitization policy and then sanitizes
+  // |raw_url|.
+  GURL SanitizeUrl(const GURL& raw_url,
+                   ProxyService::SanitizeUrlPolicy policy) {
+    service_->set_sanitize_url_policy(policy);
+    return SanitizeUrl(raw_url);
+  }
+
+ private:
+  MockAsyncProxyResolver resolver;
+  MockAsyncProxyResolverFactory* factory;
+  std::unique_ptr<ProxyService> service_;
+};
+
+TEST_F(ProxyServiceTest, SanitizeUrlDefaultsToSafe) {
+  SanitizeUrlHelper helper;
+
+  // Without changing the URL sanitization policy, the default should be to
+  // strip https:// URLs.
+  EXPECT_EQ(GURL("https://example.com/"),
+            helper.SanitizeUrl(
+                GURL("https://foo:bar@example.com/foo/bar/baz?hello#sigh")));
+}
+
+// Tests URL sanitization with input URLs that have a // non-cryptographic
+// scheme (i.e. http://). The sanitized result is consistent regardless of the
+// stripping mode selected.
+TEST_F(ProxyServiceTest, SanitizeUrlForPacScriptNonCryptographic) {
+  const struct {
+    const char* raw_url;
+    const char* sanitized_url;
+  } kTests[] = {
+      // Embedded identity is stripped.
+      {
+          "http://foo:bar@example.com/", "http://example.com/",
+      },
+      {
+          "ftp://foo:bar@example.com/", "ftp://example.com/",
+      },
+      {
+          "ftp://example.com/some/path/here",
+          "ftp://example.com/some/path/here",
+      },
+      // Reference fragment is stripped.
+      {
+          "http://example.com/blah#hello", "http://example.com/blah",
+      },
+      // Query parameters are NOT stripped.
+      {
+          "http://example.com/foo/bar/baz?hello",
+          "http://example.com/foo/bar/baz?hello",
+      },
+      // Fragment is stripped, but path and query are left intact.
+      {
+          "http://foo:bar@example.com/foo/bar/baz?hello#sigh",
+          "http://example.com/foo/bar/baz?hello",
+      },
+      // Port numbers are not affected.
+      {
+          "http://example.com:88/hi", "http://example.com:88/hi",
+      },
+  };
+
+  SanitizeUrlHelper helper;
+
+  for (const auto& test : kTests) {
+    // The result of SanitizeUrlForPacScript() is the same regardless of the
+    // second parameter (sanitization mode), since the input URLs do not use a
+    // cryptographic scheme.
+    GURL raw_url(test.raw_url);
+    ASSERT_TRUE(raw_url.is_valid());
+    EXPECT_FALSE(raw_url.SchemeIsCryptographic());
+
+    EXPECT_EQ(
+        GURL(test.sanitized_url),
+        helper.SanitizeUrl(raw_url, ProxyService::SanitizeUrlPolicy::UNSAFE));
+
+    EXPECT_EQ(
+        GURL(test.sanitized_url),
+        helper.SanitizeUrl(raw_url, ProxyService::SanitizeUrlPolicy::SAFE));
+  }
+}
+
+// Tests URL sanitization using input URLs that have a cryptographic schemes
+// (i.e. https://). The sanitized result differs depending on the sanitization
+// mode chosen.
+TEST_F(ProxyServiceTest, SanitizeUrlForPacScriptCryptographic) {
+  const struct {
+    // Input URL.
+    const char* raw_url;
+
+    // Output URL when stripping of cryptographic URLs is disabled.
+    const char* sanitized_url_unstripped;
+
+    // Output URL when stripping of cryptographic URLs is enabled.
+    const char* sanitized_url;
+  } kTests[] = {
+      // Embedded identity is always stripped.
+      {
+          "https://foo:bar@example.com/", "https://example.com/",
+          "https://example.com/",
+      },
+      // Fragments are always stripped, but stripping path is conditional on the
+      // mode.
+      {
+          "https://example.com/blah#hello", "https://example.com/blah",
+          "https://example.com/",
+      },
+      // Stripping the query is conditional on the mode.
+      {
+          "https://example.com/?hello", "https://example.com/?hello",
+          "https://example.com/",
+      },
+      // The embedded identity and fragment is always stripped, however path and
+      // query are conditional on the stripping mode.
+      {
+          "https://foo:bar@example.com/foo/bar/baz?hello#sigh",
+          "https://example.com/foo/bar/baz?hello", "https://example.com/",
+      },
+      // The URL's port should not be stripped.
+      {
+          "https://example.com:88/hi", "https://example.com:88/hi",
+          "https://example.com:88/",
+      },
+      // Try a wss:// URL, to make sure it also strips (is is also a
+      // cryptographic URL).
+      {
+          "wss://example.com:88/hi", "wss://example.com:88/hi",
+          "wss://example.com:88/",
+      },
+  };
+
+  SanitizeUrlHelper helper;
+
+  for (const auto& test : kTests) {
+    GURL raw_url(test.raw_url);
+    ASSERT_TRUE(raw_url.is_valid());
+    EXPECT_TRUE(raw_url.SchemeIsCryptographic());
+
+    EXPECT_EQ(
+        GURL(test.sanitized_url_unstripped),
+        helper.SanitizeUrl(raw_url, ProxyService::SanitizeUrlPolicy::UNSAFE));
+
+    EXPECT_EQ(
+        GURL(test.sanitized_url),
+        helper.SanitizeUrl(raw_url, ProxyService::SanitizeUrlPolicy::SAFE));
+  }
+}
+
 }  // namespace net
diff --git a/chromium/net/proxy/proxy_service_v8.cc b/chromium/net/proxy/proxy_service_v8.cc
index 4c344921fea..8c93b570322 100644
--- a/chromium/net/proxy/proxy_service_v8.cc
+++ b/chromium/net/proxy/proxy_service_v8.cc
@@ -4,12 +4,13 @@
 
 #include "net/proxy/proxy_service_v8.h"
 
+#include <memory>
 #include <utility>
 
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/memory/ptr_util.h"
 #include "base/threading/thread_checker.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/proxy/network_delegate_error_observer.h"
 #include "net/proxy/proxy_resolver.h"
 #include "net/proxy/proxy_resolver_factory.h"
@@ -19,10 +20,10 @@
 namespace net {
 
 // static
-scoped_ptr<ProxyService> CreateProxyServiceUsingV8ProxyResolver(
-    scoped_ptr<ProxyConfigService> proxy_config_service,
+std::unique_ptr<ProxyService> CreateProxyServiceUsingV8ProxyResolver(
+    std::unique_ptr<ProxyConfigService> proxy_config_service,
     ProxyScriptFetcher* proxy_script_fetcher,
-    scoped_ptr<DhcpProxyScriptFetcher> dhcp_proxy_script_fetcher,
+    std::unique_ptr<DhcpProxyScriptFetcher> dhcp_proxy_script_fetcher,
     HostResolver* host_resolver,
     NetLog* net_log,
     NetworkDelegate* network_delegate) {
@@ -31,9 +32,9 @@ scoped_ptr<ProxyService> CreateProxyServiceUsingV8ProxyResolver(
   DCHECK(dhcp_proxy_script_fetcher);
   DCHECK(host_resolver);
 
-  scoped_ptr<ProxyService> proxy_service(new ProxyService(
+  std::unique_ptr<ProxyService> proxy_service(new ProxyService(
       std::move(proxy_config_service),
-      make_scoped_ptr(new ProxyResolverFactoryV8TracingWrapper(
+      base::WrapUnique(new ProxyResolverFactoryV8TracingWrapper(
           host_resolver, net_log,
           base::Bind(&NetworkDelegateErrorObserver::Create, network_delegate,
                      base::ThreadTaskRunnerHandle::Get()))),
diff --git a/chromium/net/proxy/proxy_service_v8.h b/chromium/net/proxy/proxy_service_v8.h
index 29195531b44..fb4d82c69cc 100644
--- a/chromium/net/proxy/proxy_service_v8.h
+++ b/chromium/net/proxy/proxy_service_v8.h
@@ -5,7 +5,8 @@
 #ifndef NET_PROXY_PROXY_SERVICE_V8_H_
 #define NET_PROXY_PROXY_SERVICE_V8_H_
 
-#include "base/memory/scoped_ptr.h"
+#include <memory>
+
 #include "net/base/net_export.h"
 #include "net/proxy/dhcp_proxy_script_fetcher.h"
 
@@ -36,10 +37,10 @@ class ProxyService;
 // # multi-threading model. In order for this to be safe to use, *ALL* the
 // # other V8's running in the process must use v8::Locker.
 // ##########################################################################
-NET_EXPORT scoped_ptr<ProxyService> CreateProxyServiceUsingV8ProxyResolver(
-    scoped_ptr<ProxyConfigService> proxy_config_service,
+NET_EXPORT std::unique_ptr<ProxyService> CreateProxyServiceUsingV8ProxyResolver(
+    std::unique_ptr<ProxyConfigService> proxy_config_service,
     ProxyScriptFetcher* proxy_script_fetcher,
-    scoped_ptr<DhcpProxyScriptFetcher> dhcp_proxy_script_fetcher,
+    std::unique_ptr<DhcpProxyScriptFetcher> dhcp_proxy_script_fetcher,
     HostResolver* host_resolver,
     NetLog* net_log,
     NetworkDelegate* network_delegate);
diff --git a/chromium/net/quic/bidirectional_stream_quic_impl.cc b/chromium/net/quic/bidirectional_stream_quic_impl.cc
index 6e560321a6c..25154b40cf7 100644
--- a/chromium/net/quic/bidirectional_stream_quic_impl.cc
+++ b/chromium/net/quic/bidirectional_stream_quic_impl.cc
@@ -9,6 +9,7 @@
 #include "base/logging.h"
 #include "base/timer/timer.h"
 #include "net/http/bidirectional_stream_request_info.h"
+#include "net/quic/quic_connection.h"
 #include "net/socket/next_proto.h"
 #include "net/spdy/spdy_header_block.h"
 #include "net/spdy/spdy_http_utils.h"
@@ -31,6 +32,7 @@ BidirectionalStreamQuicImpl::BidirectionalStreamQuicImpl(
       closed_stream_sent_bytes_(0),
       has_sent_headers_(false),
       has_received_headers_(false),
+      send_request_headers_automatically_(true),
       weak_factory_(this) {
   DCHECK(session_);
   session_->AddObserver(this);
@@ -45,10 +47,13 @@ BidirectionalStreamQuicImpl::~BidirectionalStreamQuicImpl() {
 void BidirectionalStreamQuicImpl::Start(
     const BidirectionalStreamRequestInfo* request_info,
     const BoundNetLog& net_log,
+    bool send_request_headers_automatically,
     BidirectionalStreamImpl::Delegate* delegate,
-    scoped_ptr<base::Timer> /* timer */) {
+    std::unique_ptr<base::Timer> /* timer */) {
   DCHECK(!stream_);
+  CHECK(delegate);
 
+  send_request_headers_automatically_ = send_request_headers_automatically;
   if (!session_) {
     NotifyError(was_handshake_confirmed_ ? ERR_QUIC_PROTOCOL_ERROR
                                          : ERR_QUIC_HANDSHAKE_FAILED);
@@ -69,6 +74,32 @@ void BidirectionalStreamQuicImpl::Start(
   }
 }
 
+void BidirectionalStreamQuicImpl::SendRequestHeaders() {
+  DCHECK(!has_sent_headers_);
+  if (!stream_) {
+    LOG(ERROR)
+        << "Trying to send request headers after stream has been destroyed.";
+    base::ThreadTaskRunnerHandle::Get()->PostTask(
+        FROM_HERE, base::Bind(&BidirectionalStreamQuicImpl::NotifyError,
+                              weak_factory_.GetWeakPtr(), ERR_UNEXPECTED));
+    return;
+  }
+
+  SpdyHeaderBlock headers;
+  HttpRequestInfo http_request_info;
+  http_request_info.url = request_info_->url;
+  http_request_info.method = request_info_->method;
+  http_request_info.extra_headers = request_info_->extra_headers;
+
+  CreateSpdyHeadersFromHttpRequest(http_request_info,
+                                   http_request_info.extra_headers, HTTP2, true,
+                                   &headers);
+  size_t headers_bytes_sent = stream_->WriteHeaders(
+      headers, request_info_->end_stream_on_headers, nullptr);
+  headers_bytes_sent_ += headers_bytes_sent;
+  has_sent_headers_ = true;
+}
+
 int BidirectionalStreamQuicImpl::ReadData(IOBuffer* buffer, int buffer_len) {
   DCHECK(buffer);
   DCHECK(buffer_len);
@@ -93,11 +124,27 @@ int BidirectionalStreamQuicImpl::ReadData(IOBuffer* buffer, int buffer_len) {
   return ERR_IO_PENDING;
 }
 
-void BidirectionalStreamQuicImpl::SendData(IOBuffer* data,
+void BidirectionalStreamQuicImpl::SendData(const scoped_refptr<IOBuffer>& data,
                                            int length,
                                            bool end_stream) {
-  DCHECK(stream_);
   DCHECK(length > 0 || (length == 0 && end_stream));
+  if (!stream_) {
+    LOG(ERROR) << "Trying to send data after stream has been destroyed.";
+    base::ThreadTaskRunnerHandle::Get()->PostTask(
+        FROM_HERE, base::Bind(&BidirectionalStreamQuicImpl::NotifyError,
+                              weak_factory_.GetWeakPtr(), ERR_UNEXPECTED));
+    return;
+  }
+
+  std::unique_ptr<QuicConnection::ScopedPacketBundler> bundler;
+  if (!has_sent_headers_) {
+    DCHECK(!send_request_headers_automatically_);
+    // Creates a bundler only if there are headers to be sent along with the
+    // single data buffer.
+    bundler.reset(new QuicConnection::ScopedPacketBundler(
+        session_->connection(), QuicConnection::SEND_ACK_IF_PENDING));
+    SendRequestHeaders();
+  }
 
   base::StringPiece string_data(data->data(), length);
   int rv = stream_->WriteStreamData(
@@ -112,9 +159,47 @@ void BidirectionalStreamQuicImpl::SendData(IOBuffer* data,
   }
 }
 
+void BidirectionalStreamQuicImpl::SendvData(
+    const std::vector<scoped_refptr<IOBuffer>>& buffers,
+    const std::vector<int>& lengths,
+    bool end_stream) {
+  DCHECK_EQ(buffers.size(), lengths.size());
+
+  if (!stream_) {
+    LOG(ERROR) << "Trying to send data after stream has been destroyed.";
+    base::ThreadTaskRunnerHandle::Get()->PostTask(
+        FROM_HERE, base::Bind(&BidirectionalStreamQuicImpl::NotifyError,
+                              weak_factory_.GetWeakPtr(), ERR_UNEXPECTED));
+    return;
+  }
+
+  QuicConnection::ScopedPacketBundler bundler(
+      session_->connection(), QuicConnection::SEND_ACK_IF_PENDING);
+  if (!has_sent_headers_) {
+    DCHECK(!send_request_headers_automatically_);
+    SendRequestHeaders();
+  }
+
+  int rv = stream_->WritevStreamData(
+      buffers, lengths, end_stream,
+      base::Bind(&BidirectionalStreamQuicImpl::OnSendDataComplete,
+                 weak_factory_.GetWeakPtr()));
+
+  DCHECK(rv == OK || rv == ERR_IO_PENDING);
+  if (rv == OK) {
+    base::ThreadTaskRunnerHandle::Get()->PostTask(
+        FROM_HERE, base::Bind(&BidirectionalStreamQuicImpl::OnSendDataComplete,
+                              weak_factory_.GetWeakPtr(), OK));
+  }
+}
+
 void BidirectionalStreamQuicImpl::Cancel() {
+  if (delegate_) {
+    delegate_ = nullptr;
+    // Cancel any pending callbacks.
+    weak_factory_.InvalidateWeakPtrs();
+  }
   if (stream_) {
-    stream_->SetDelegate(nullptr);
     stream_->Reset(QUIC_STREAM_CANCELLED);
     ResetStream();
   }
@@ -143,14 +228,16 @@ void BidirectionalStreamQuicImpl::OnHeadersAvailable(
   negotiated_protocol_ = kProtoQUIC1SPDY3;
   if (!has_received_headers_) {
     has_received_headers_ = true;
-    delegate_->OnHeadersReceived(headers);
+    if (delegate_)
+      delegate_->OnHeadersReceived(headers);
   } else {
     if (stream_->IsDoneReading()) {
       // If the write side is closed, OnFinRead() will call
       // BidirectionalStreamQuicImpl::OnClose().
       stream_->OnFinRead();
     }
-    delegate_->OnTrailersReceived(headers);
+    if (delegate_)
+      delegate_->OnTrailersReceived(headers);
   }
 }
 
@@ -168,17 +255,18 @@ void BidirectionalStreamQuicImpl::OnDataAvailable() {
   }
   read_buffer_ = nullptr;
   read_buffer_len_ = 0;
-  delegate_->OnDataRead(rv);
+  if (delegate_)
+    delegate_->OnDataRead(rv);
 }
 
 void BidirectionalStreamQuicImpl::OnClose(QuicErrorCode error) {
   DCHECK(stream_);
+
   if (error == QUIC_NO_ERROR &&
       stream_->stream_error() == QUIC_STREAM_NO_ERROR) {
     ResetStream();
     return;
   }
-  ResetStream();
   NotifyError(was_handshake_confirmed_ ? ERR_QUIC_PROTOCOL_ERROR
                                        : ERR_QUIC_HANDSHAKE_FAILED);
 }
@@ -208,7 +296,11 @@ void BidirectionalStreamQuicImpl::OnStreamReady(int rv) {
   DCHECK(rv == OK || !stream_);
   if (rv == OK) {
     stream_->SetDelegate(this);
-    SendRequestHeaders();
+    if (send_request_headers_automatically_) {
+      SendRequestHeaders();
+    }
+    if (delegate_)
+      delegate_->OnStreamReady(has_sent_headers_);
   } else {
     NotifyError(rv);
   }
@@ -217,39 +309,27 @@ void BidirectionalStreamQuicImpl::OnStreamReady(int rv) {
 void BidirectionalStreamQuicImpl::OnSendDataComplete(int rv) {
   DCHECK(rv == OK || !stream_);
   if (rv == OK) {
-    delegate_->OnDataSent();
+    if (delegate_)
+      delegate_->OnDataSent();
   } else {
     NotifyError(rv);
   }
 }
 
-void BidirectionalStreamQuicImpl::SendRequestHeaders() {
-  DCHECK(!has_sent_headers_);
-  DCHECK(stream_);
-
-  SpdyHeaderBlock headers;
-  HttpRequestInfo http_request_info;
-  http_request_info.url = request_info_->url;
-  http_request_info.method = request_info_->method;
-  http_request_info.extra_headers = request_info_->extra_headers;
-
-  CreateSpdyHeadersFromHttpRequest(http_request_info,
-                                   http_request_info.extra_headers, HTTP2, true,
-                                   &headers);
-  size_t frame_len = stream_->WriteHeaders(
-      headers, request_info_->end_stream_on_headers, nullptr);
-  headers_bytes_sent_ += frame_len;
-  has_sent_headers_ = true;
-  delegate_->OnHeadersSent();
-}
-
 void BidirectionalStreamQuicImpl::NotifyError(int error) {
   DCHECK_NE(OK, error);
   DCHECK_NE(ERR_IO_PENDING, error);
 
-  response_status_ = error;
   ResetStream();
-  delegate_->OnFailed(error);
+  if (delegate_) {
+    response_status_ = error;
+    BidirectionalStreamImpl::Delegate* delegate = delegate_;
+    delegate_ = nullptr;
+    // Cancel any pending callback.
+    weak_factory_.InvalidateWeakPtrs();
+    delegate->OnFailed(error);
+    // |this| might be destroyed at this point.
+  }
 }
 
 void BidirectionalStreamQuicImpl::ResetStream() {
diff --git a/chromium/net/quic/bidirectional_stream_quic_impl.h b/chromium/net/quic/bidirectional_stream_quic_impl.h
index b75c3894c86..71ce8ff3605 100644
--- a/chromium/net/quic/bidirectional_stream_quic_impl.h
+++ b/chromium/net/quic/bidirectional_stream_quic_impl.h
@@ -7,8 +7,9 @@
 
 #include <stdint.h>
 
+#include <memory>
+
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "net/http/bidirectional_stream_impl.h"
 #include "net/quic/quic_chromium_client_session.h"
@@ -38,10 +39,17 @@ class NET_EXPORT_PRIVATE BidirectionalStreamQuicImpl
   // BidirectionalStreamImpl implementation:
   void Start(const BidirectionalStreamRequestInfo* request_info,
              const BoundNetLog& net_log,
+             bool send_request_headers_automatically,
              BidirectionalStreamImpl::Delegate* delegate,
-             scoped_ptr<base::Timer> timer) override;
+             std::unique_ptr<base::Timer> timer) override;
+  void SendRequestHeaders() override;
   int ReadData(IOBuffer* buffer, int buffer_len) override;
-  void SendData(IOBuffer* data, int length, bool end_stream) override;
+  void SendData(const scoped_refptr<IOBuffer>& data,
+                int length,
+                bool end_stream) override;
+  void SendvData(const std::vector<scoped_refptr<IOBuffer>>& buffers,
+                 const std::vector<int>& lengths,
+                 bool end_stream) override;
   void Cancel() override;
   NextProto GetProtocol() const override;
   int64_t GetTotalReceivedBytes() const override;
@@ -64,8 +72,6 @@ class NET_EXPORT_PRIVATE BidirectionalStreamQuicImpl
   void OnSendDataComplete(int rv);
   void OnReadDataComplete(int rv);
 
-  // Helper method to send request headers.
-  void SendRequestHeaders();
   // Notifies the delegate of an error.
   void NotifyError(int error);
   // Resets the stream and ensures that |delegate_| won't be called back.
@@ -104,6 +110,12 @@ class NET_EXPORT_PRIVATE BidirectionalStreamQuicImpl
   // Indicates whether initial headers have been received.
   bool has_received_headers_;
 
+  // Whether to automatically send request headers when stream is negotiated.
+  // If false, headers will not be sent until SendRequestHeaders() is called or
+  // until next SendData/SendvData, during which QUIC will try to combine header
+  // frame with data frame in the same packet if possible.
+  bool send_request_headers_automatically_;
+
   base::WeakPtrFactory<BidirectionalStreamQuicImpl> weak_factory_;
 
   DISALLOW_COPY_AND_ASSIGN(BidirectionalStreamQuicImpl);
diff --git a/chromium/net/quic/bidirectional_stream_quic_impl_unittest.cc b/chromium/net/quic/bidirectional_stream_quic_impl_unittest.cc
index 3afdb479a7c..c27f9362fc8 100644
--- a/chromium/net/quic/bidirectional_stream_quic_impl_unittest.cc
+++ b/chromium/net/quic/bidirectional_stream_quic_impl_unittest.cc
@@ -5,10 +5,12 @@
 #include "net/quic/bidirectional_stream_quic_impl.h"
 
 #include <stdint.h>
+
+#include <memory>
 #include <vector>
 
 #include "base/callback_helpers.h"
-#include "base/memory/scoped_ptr.h"
+#include "base/memory/ptr_util.h"
 #include "base/message_loop/message_loop.h"
 #include "base/run_loop.h"
 #include "base/strings/string_number_conversions.h"
@@ -22,6 +24,7 @@
 #include "net/quic/crypto/quic_decrypter.h"
 #include "net/quic/crypto/quic_encrypter.h"
 #include "net/quic/crypto/quic_server_info.h"
+#include "net/quic/quic_chromium_alarm_factory.h"
 #include "net/quic/quic_chromium_client_session.h"
 #include "net/quic/quic_chromium_client_stream.h"
 #include "net/quic/quic_chromium_connection_helper.h"
@@ -59,11 +62,11 @@ class TestDelegateBase : public BidirectionalStreamImpl::Delegate {
   TestDelegateBase(IOBuffer* read_buf, int read_buf_len)
       : TestDelegateBase(read_buf,
                          read_buf_len,
-                         make_scoped_ptr(new base::Timer(false, false))) {}
+                         base::WrapUnique(new base::Timer(false, false))) {}
 
   TestDelegateBase(IOBuffer* read_buf,
                    int read_buf_len,
-                   scoped_ptr<base::Timer> timer)
+                   std::unique_ptr<base::Timer> timer)
       : read_buf_(read_buf),
         read_buf_len_(read_buf_len),
         timer_(std::move(timer)),
@@ -71,18 +74,23 @@ class TestDelegateBase : public BidirectionalStreamImpl::Delegate {
         error_(OK),
         on_data_read_count_(0),
         on_data_sent_count_(0),
-        not_expect_callback_(false) {
+        not_expect_callback_(false),
+        on_failed_called_(false),
+        send_request_headers_automatically_(true) {
     loop_.reset(new base::RunLoop);
   }
 
   ~TestDelegateBase() override {}
 
-  void OnHeadersSent() override {
+  void OnStreamReady(bool request_headers_sent) override {
+    CHECK(!on_failed_called_);
+    EXPECT_EQ(send_request_headers_automatically_, request_headers_sent);
     CHECK(!not_expect_callback_);
     loop_->Quit();
   }
 
   void OnHeadersReceived(const SpdyHeaderBlock& response_headers) override {
+    CHECK(!on_failed_called_);
     CHECK(!not_expect_callback_);
 
     response_headers_ = response_headers;
@@ -90,6 +98,7 @@ class TestDelegateBase : public BidirectionalStreamImpl::Delegate {
   }
 
   void OnDataRead(int bytes_read) override {
+    CHECK(!on_failed_called_);
     CHECK(!not_expect_callback_);
     CHECK(!callback_.is_null());
 
@@ -100,6 +109,7 @@ class TestDelegateBase : public BidirectionalStreamImpl::Delegate {
   }
 
   void OnDataSent() override {
+    CHECK(!on_failed_called_);
     CHECK(!not_expect_callback_);
 
     ++on_data_sent_count_;
@@ -107,6 +117,7 @@ class TestDelegateBase : public BidirectionalStreamImpl::Delegate {
   }
 
   void OnTrailersReceived(const SpdyHeaderBlock& trailers) override {
+    CHECK(!on_failed_called_);
     CHECK(!not_expect_callback_);
 
     trailers_ = trailers;
@@ -114,10 +125,12 @@ class TestDelegateBase : public BidirectionalStreamImpl::Delegate {
   }
 
   void OnFailed(int error) override {
+    CHECK(!on_failed_called_);
     CHECK(!not_expect_callback_);
     CHECK_EQ(OK, error_);
     CHECK_NE(OK, error);
 
+    on_failed_called_ = true;
     error_ = error;
     loop_->Quit();
   }
@@ -125,13 +138,26 @@ class TestDelegateBase : public BidirectionalStreamImpl::Delegate {
   void Start(const BidirectionalStreamRequestInfo* request_info,
              const BoundNetLog& net_log,
              const base::WeakPtr<QuicChromiumClientSession> session) {
-    stream_job_.reset(new BidirectionalStreamQuicImpl(session));
-    stream_job_->Start(request_info, net_log, this, nullptr);
+    stream_.reset(new BidirectionalStreamQuicImpl(session));
+    stream_->Start(request_info, net_log, send_request_headers_automatically_,
+                   this, nullptr);
   }
 
-  void SendData(IOBuffer* data, int length, bool end_of_stream) {
+  void SendRequestHeaders() { stream_->SendRequestHeaders(); }
+
+  void SendData(const scoped_refptr<IOBuffer>& data,
+                int length,
+                bool end_of_stream) {
     not_expect_callback_ = true;
-    stream_job_->SendData(data, length, end_of_stream);
+    stream_->SendData(data, length, end_of_stream);
+    not_expect_callback_ = false;
+  }
+
+  void SendvData(const std::vector<scoped_refptr<IOBuffer>>& data,
+                 const std::vector<int>& lengths,
+                 bool end_of_stream) {
+    not_expect_callback_ = true;
+    stream_->SendvData(data, lengths, end_of_stream);
     not_expect_callback_ = false;
   }
 
@@ -144,7 +170,7 @@ class TestDelegateBase : public BidirectionalStreamImpl::Delegate {
   // Calls ReadData on the |stream_| and updates |data_received_|.
   int ReadData(const CompletionCallback& callback) {
     not_expect_callback_ = true;
-    int rv = stream_job_->ReadData(read_buf_.get(), read_buf_len_);
+    int rv = stream_->ReadData(read_buf_.get(), read_buf_len_);
     not_expect_callback_ = false;
     if (rv > 0)
       data_received_.append(read_buf_->data(), rv);
@@ -154,15 +180,19 @@ class TestDelegateBase : public BidirectionalStreamImpl::Delegate {
   }
 
   // Cancels |stream_|.
-  void CancelStream() { stream_job_->Cancel(); }
+  void CancelStream() { stream_->Cancel(); }
 
-  NextProto GetProtocol() const { return stream_job_->GetProtocol(); }
+  NextProto GetProtocol() const { return stream_->GetProtocol(); }
 
   int64_t GetTotalReceivedBytes() const {
-    return stream_job_->GetTotalReceivedBytes();
+    return stream_->GetTotalReceivedBytes();
   }
 
-  int64_t GetTotalSentBytes() const { return stream_job_->GetTotalSentBytes(); }
+  int64_t GetTotalSentBytes() const { return stream_->GetTotalSentBytes(); }
+
+  void DoNotSendRequestHeadersAutomatically() {
+    send_request_headers_automatically_ = false;
+  }
 
   // Const getters for internal states.
   const std::string& data_received() const { return data_received_; }
@@ -171,21 +201,22 @@ class TestDelegateBase : public BidirectionalStreamImpl::Delegate {
   const SpdyHeaderBlock& trailers() const { return trailers_; }
   int on_data_read_count() const { return on_data_read_count_; }
   int on_data_sent_count() const { return on_data_sent_count_; }
+  bool on_failed_called() const { return on_failed_called_; }
 
  protected:
   // Quits |loop_|.
   void QuitLoop() { loop_->Quit(); }
 
   // Deletes |stream_|.
-  void DeleteStream() { stream_job_.reset(); }
+  void DeleteStream() { stream_.reset(); }
 
  private:
-  scoped_ptr<BidirectionalStreamQuicImpl> stream_job_;
+  std::unique_ptr<BidirectionalStreamQuicImpl> stream_;
   scoped_refptr<IOBuffer> read_buf_;
   int read_buf_len_;
-  scoped_ptr<base::Timer> timer_;
+  std::unique_ptr<base::Timer> timer_;
   std::string data_received_;
-  scoped_ptr<base::RunLoop> loop_;
+  std::unique_ptr<base::RunLoop> loop_;
   SpdyHeaderBlock response_headers_;
   SpdyHeaderBlock trailers_;
   int error_;
@@ -194,7 +225,9 @@ class TestDelegateBase : public BidirectionalStreamImpl::Delegate {
   // This is to ensure that delegate callback is not invoked synchronously when
   // calling into |stream_|.
   bool not_expect_callback_;
+  bool on_failed_called_;
   CompletionCallback callback_;
+  bool send_request_headers_automatically_;
 
   DISALLOW_COPY_AND_ASSIGN(TestDelegateBase);
 };
@@ -279,7 +312,16 @@ class BidirectionalStreamQuicImplTest
         read_buffer_(new IOBufferWithSize(4096)),
         connection_id_(2),
         stream_id_(kClientDataStreamId1),
-        maker_(GetParam(), connection_id_, &clock_, kDefaultServerHostName),
+        client_maker_(GetParam(),
+                      connection_id_,
+                      &clock_,
+                      kDefaultServerHostName,
+                      Perspective::IS_CLIENT),
+        server_maker_(GetParam(),
+                      connection_id_,
+                      &clock_,
+                      kDefaultServerHostName,
+                      Perspective::IS_SERVER),
         random_generator_(0) {
     IPAddress ip(192, 0, 2, 33);
     peer_addr_ = IPEndPoint(ip, 443);
@@ -300,11 +342,11 @@ class BidirectionalStreamQuicImplTest
   }
 
   // Adds a packet to the list of expected writes.
-  void AddWrite(scoped_ptr<QuicReceivedPacket> packet) {
+  void AddWrite(std::unique_ptr<QuicReceivedPacket> packet) {
     writes_.push_back(PacketToWrite(SYNCHRONOUS, packet.release()));
   }
 
-  void ProcessPacket(scoped_ptr<QuicReceivedPacket> packet) {
+  void ProcessPacket(std::unique_ptr<QuicReceivedPacket> packet) {
     connection_->ProcessUdpPacket(self_addr_, peer_addr_, *packet);
   }
 
@@ -323,21 +365,22 @@ class BidirectionalStreamQuicImplTest
     socket_data_.reset(new StaticSocketDataProvider(
         nullptr, 0, mock_writes_.get(), writes_.size()));
 
-    scoped_ptr<MockUDPClientSocket> socket(new MockUDPClientSocket(
+    std::unique_ptr<MockUDPClientSocket> socket(new MockUDPClientSocket(
         socket_data_.get(), net_log().bound().net_log()));
     socket->Connect(peer_addr_);
     runner_ = new TestTaskRunner(&clock_);
-    helper_.reset(new QuicChromiumConnectionHelper(runner_.get(), &clock_,
-                                                   &random_generator_));
+    helper_.reset(
+        new QuicChromiumConnectionHelper(&clock_, &random_generator_));
+    alarm_factory_.reset(new QuicChromiumAlarmFactory(runner_.get(), &clock_));
     connection_ = new QuicConnection(
-        connection_id_, peer_addr_, helper_.get(),
+        connection_id_, peer_addr_, helper_.get(), alarm_factory_.get(),
         new QuicChromiumPacketWriter(socket.get()), true /* owns_writer */,
         Perspective::IS_CLIENT, SupportedVersions(GetParam()));
 
     session_.reset(new QuicChromiumClientSession(
         connection_, std::move(socket),
         /*stream_factory=*/nullptr, &crypto_client_stream_factory_, &clock_,
-        &transport_security_state_, make_scoped_ptr((QuicServerInfo*)nullptr),
+        &transport_security_state_, base::WrapUnique((QuicServerInfo*)nullptr),
         QuicServerId(kDefaultServerHostName, kDefaultServerPort,
                      PRIVACY_MODE_DISABLED),
         kQuicYieldAfterPacketsRead,
@@ -354,96 +397,148 @@ class BidirectionalStreamQuicImplTest
   void SetRequest(const std::string& method,
                   const std::string& path,
                   RequestPriority priority) {
-    request_headers_ = maker_.GetRequestHeaders(method, "http", path);
+    request_headers_ = client_maker_.GetRequestHeaders(method, "http", path);
   }
 
   SpdyHeaderBlock ConstructResponseHeaders(const std::string& response_code) {
-    return maker_.GetResponseHeaders(response_code);
+    return server_maker_.GetResponseHeaders(response_code);
   }
 
-  scoped_ptr<QuicReceivedPacket> ConstructDataPacket(
+  std::unique_ptr<QuicReceivedPacket> ConstructDataPacket(
       QuicPacketNumber packet_number,
       bool should_include_version,
       bool fin,
       QuicStreamOffset offset,
-      base::StringPiece data) {
-    scoped_ptr<QuicReceivedPacket> packet(maker_.MakeDataPacket(
+      base::StringPiece data,
+      QuicTestPacketMaker* maker) {
+    std::unique_ptr<QuicReceivedPacket> packet(maker->MakeDataPacket(
         packet_number, stream_id_, should_include_version, fin, offset, data));
     DVLOG(2) << "packet(" << packet_number << "): " << std::endl
              << QuicUtils::StringToHexASCIIDump(packet->AsStringPiece());
     return packet;
   }
 
-  scoped_ptr<QuicReceivedPacket> ConstructRequestHeadersPacket(
+  std::unique_ptr<QuicReceivedPacket> ConstructServerDataPacket(
+      QuicPacketNumber packet_number,
+      bool should_include_version,
+      bool fin,
+      QuicStreamOffset offset,
+      base::StringPiece data) {
+    return ConstructDataPacket(packet_number, should_include_version, fin,
+                               offset, data, &server_maker_);
+  }
+
+  // Construct a data packet with multiple data frames
+  std::unique_ptr<QuicReceivedPacket> ConstructClientMultipleDataFramesPacket(
+      QuicPacketNumber packet_number,
+      bool should_include_version,
+      bool fin,
+      QuicStreamOffset offset,
+      const std::vector<std::string>& data_writes) {
+    std::unique_ptr<QuicReceivedPacket> packet(
+        client_maker_.MakeMultipleDataFramesPacket(packet_number, stream_id_,
+                                                   should_include_version, fin,
+                                                   offset, data_writes));
+    DVLOG(2) << "packet(" << packet_number << "): " << std::endl
+             << QuicUtils::StringToHexASCIIDump(packet->AsStringPiece());
+    return packet;
+  }
+
+  std::unique_ptr<QuicReceivedPacket> ConstructRequestHeadersPacket(
       QuicPacketNumber packet_number,
       bool fin,
       RequestPriority request_priority,
       size_t* spdy_headers_frame_length) {
     SpdyPriority priority =
         ConvertRequestPriorityToQuicPriority(request_priority);
-    return maker_.MakeRequestHeadersPacket(
+    return client_maker_.MakeRequestHeadersPacket(
         packet_number, stream_id_, kIncludeVersion, fin, priority,
         request_headers_, spdy_headers_frame_length);
   }
 
-  scoped_ptr<QuicReceivedPacket> ConstructResponseHeadersPacket(
+  std::unique_ptr<QuicReceivedPacket>
+  ConstructRequestHeadersAndMultipleDataFramesPacket(
+      QuicPacketNumber packet_number,
+      bool fin,
+      RequestPriority request_priority,
+      size_t* spdy_headers_frame_length,
+      const std::vector<std::string>& data) {
+    SpdyPriority priority =
+        ConvertRequestPriorityToQuicPriority(request_priority);
+    std::unique_ptr<QuicReceivedPacket> packet(
+        client_maker_.MakeRequestHeadersAndMultipleDataFramesPacket(
+            packet_number, stream_id_, kIncludeVersion, fin, priority,
+            request_headers_, spdy_headers_frame_length, data));
+    DVLOG(2) << "packet(" << packet_number << "): " << std::endl
+             << QuicUtils::StringToHexASCIIDump(packet->AsStringPiece());
+    return packet;
+  }
+
+  std::unique_ptr<QuicReceivedPacket> ConstructResponseHeadersPacket(
       QuicPacketNumber packet_number,
       bool fin,
       const SpdyHeaderBlock& response_headers,
       size_t* spdy_headers_frame_length,
       QuicStreamOffset* offset) {
-    return maker_.MakeResponseHeadersPacket(
+    return server_maker_.MakeResponseHeadersPacket(
         packet_number, stream_id_, !kIncludeVersion, fin, response_headers,
         spdy_headers_frame_length, offset);
   }
 
-  scoped_ptr<QuicReceivedPacket> ConstructResponseTrailersPacket(
+  std::unique_ptr<QuicReceivedPacket> ConstructResponseTrailersPacket(
       QuicPacketNumber packet_number,
       bool fin,
       const SpdyHeaderBlock& trailers,
       size_t* spdy_headers_frame_length,
       QuicStreamOffset* offset) {
-    return maker_.MakeResponseHeadersPacket(packet_number, stream_id_,
-                                            !kIncludeVersion, fin, trailers,
-                                            spdy_headers_frame_length, offset);
+    return server_maker_.MakeResponseHeadersPacket(
+        packet_number, stream_id_, !kIncludeVersion, fin, trailers,
+        spdy_headers_frame_length, offset);
   }
 
-  scoped_ptr<QuicReceivedPacket> ConstructRstStreamPacket(
+  std::unique_ptr<QuicReceivedPacket> ConstructClientRstStreamPacket(
       QuicPacketNumber packet_number) {
-    return ConstructRstStreamCancelledPacket(packet_number, 0);
+    return ConstructRstStreamCancelledPacket(packet_number, 0, &client_maker_);
   }
 
-  scoped_ptr<QuicReceivedPacket> ConstructRstStreamCancelledPacket(
+  std::unique_ptr<QuicReceivedPacket> ConstructServerRstStreamPacket(
+      QuicPacketNumber packet_number) {
+    return ConstructRstStreamCancelledPacket(packet_number, 0, &server_maker_);
+  }
+
+  std::unique_ptr<QuicReceivedPacket> ConstructRstStreamCancelledPacket(
       QuicPacketNumber packet_number,
-      size_t bytes_written) {
-    scoped_ptr<QuicReceivedPacket> packet(
-        maker_.MakeRstPacket(packet_number, !kIncludeVersion, stream_id_,
+      size_t bytes_written,
+      QuicTestPacketMaker* maker) {
+    std::unique_ptr<QuicReceivedPacket> packet(
+        maker->MakeRstPacket(packet_number, !kIncludeVersion, stream_id_,
                              QUIC_STREAM_CANCELLED, bytes_written));
     DVLOG(2) << "packet(" << packet_number << "): " << std::endl
              << QuicUtils::StringToHexASCIIDump(packet->AsStringPiece());
     return packet;
   }
 
-  scoped_ptr<QuicReceivedPacket> ConstructAckAndRstStreamPacket(
+  std::unique_ptr<QuicReceivedPacket> ConstructClientAckAndRstStreamPacket(
       QuicPacketNumber packet_number,
       QuicPacketNumber largest_received,
       QuicPacketNumber ack_least_unacked,
       QuicPacketNumber stop_least_unacked) {
-    return maker_.MakeAckAndRstPacket(
+    return client_maker_.MakeAckAndRstPacket(
         packet_number, !kIncludeVersion, stream_id_, QUIC_STREAM_CANCELLED,
         largest_received, ack_least_unacked, stop_least_unacked,
         !kIncludeCongestionFeedback);
   }
 
-  scoped_ptr<QuicReceivedPacket> ConstructAckAndDataPacket(
+  std::unique_ptr<QuicReceivedPacket> ConstructAckAndDataPacket(
       QuicPacketNumber packet_number,
       bool should_include_version,
       QuicPacketNumber largest_received,
       QuicPacketNumber least_unacked,
       bool fin,
       QuicStreamOffset offset,
-      base::StringPiece data) {
-    scoped_ptr<QuicReceivedPacket> packet(maker_.MakeAckAndDataPacket(
+      base::StringPiece data,
+      QuicTestPacketMaker* maker) {
+    std::unique_ptr<QuicReceivedPacket> packet(maker->MakeAckAndDataPacket(
         packet_number, should_include_version, stream_id_, largest_received,
         least_unacked, fin, offset, data));
     DVLOG(2) << "packet(" << packet_number << "): " << std::endl
@@ -451,27 +546,38 @@ class BidirectionalStreamQuicImplTest
     return packet;
   }
 
-  scoped_ptr<QuicReceivedPacket> ConstructAckPacket(
+  std::unique_ptr<QuicReceivedPacket> ConstructClientAckPacket(
       QuicPacketNumber packet_number,
       QuicPacketNumber largest_received,
       QuicPacketNumber least_unacked) {
-    return maker_.MakeAckPacket(packet_number, largest_received, least_unacked,
-                                !kIncludeCongestionFeedback);
+    return client_maker_.MakeAckPacket(packet_number, largest_received,
+                                       least_unacked,
+                                       !kIncludeCongestionFeedback);
+  }
+
+  std::unique_ptr<QuicReceivedPacket> ConstructServerAckPacket(
+      QuicPacketNumber packet_number,
+      QuicPacketNumber largest_received,
+      QuicPacketNumber least_unacked) {
+    return server_maker_.MakeAckPacket(packet_number, largest_received,
+                                       least_unacked,
+                                       !kIncludeCongestionFeedback);
   }
 
   const BoundTestNetLog& net_log() const { return net_log_; }
 
   QuicChromiumClientSession* session() const { return session_.get(); }
 
- private:
+ protected:
   BoundTestNetLog net_log_;
   scoped_refptr<TestTaskRunner> runner_;
-  scoped_ptr<MockWrite[]> mock_writes_;
+  std::unique_ptr<MockWrite[]> mock_writes_;
   MockClock clock_;
   QuicConnection* connection_;
-  scoped_ptr<QuicChromiumConnectionHelper> helper_;
+  std::unique_ptr<QuicChromiumConnectionHelper> helper_;
+  std::unique_ptr<QuicChromiumAlarmFactory> alarm_factory_;
   TransportSecurityState transport_security_state_;
-  scoped_ptr<QuicChromiumClientSession> session_;
+  std::unique_ptr<QuicChromiumClientSession> session_;
   QuicCryptoClientConfig crypto_config_;
   HttpRequestHeaders headers_;
   HttpResponseInfo response_;
@@ -479,12 +585,13 @@ class BidirectionalStreamQuicImplTest
   SpdyHeaderBlock request_headers_;
   const QuicConnectionId connection_id_;
   const QuicStreamId stream_id_;
-  QuicTestPacketMaker maker_;
+  QuicTestPacketMaker client_maker_;
+  QuicTestPacketMaker server_maker_;
   IPEndPoint self_addr_;
   IPEndPoint peer_addr_;
   MockRandom random_generator_;
   MockCryptoClientStreamFactory crypto_client_stream_factory_;
-  scoped_ptr<StaticSocketDataProvider> socket_data_;
+  std::unique_ptr<StaticSocketDataProvider> socket_data_;
   std::vector<PacketToWrite> writes_;
   QuicClientPushPromiseIndex push_promise_index_;
 };
@@ -499,7 +606,7 @@ TEST_P(BidirectionalStreamQuicImplTest, GetRequest) {
   AddWrite(ConstructRequestHeadersPacket(1, kFin, DEFAULT_PRIORITY,
                                          &spdy_request_headers_frame_length));
 
-  AddWrite(ConstructAckPacket(2, 3, 1));
+  AddWrite(ConstructClientAckPacket(2, 3, 1));
   Initialize();
 
   BidirectionalStreamRequestInfo request;
@@ -509,13 +616,13 @@ TEST_P(BidirectionalStreamQuicImplTest, GetRequest) {
   request.priority = DEFAULT_PRIORITY;
 
   scoped_refptr<IOBuffer> read_buffer(new IOBuffer(kReadBufferSize));
-  scoped_ptr<TestDelegateBase> delegate(
+  std::unique_ptr<TestDelegateBase> delegate(
       new TestDelegateBase(read_buffer.get(), kReadBufferSize));
   delegate->Start(&request, net_log().bound(), session()->GetWeakPtr());
-  delegate->WaitUntilNextCallback();  // OnHeadersSent
+  delegate->WaitUntilNextCallback();  // OnStreamReady
 
   // Server acks the request.
-  ProcessPacket(ConstructAckPacket(1, 0, 0));
+  ProcessPacket(ConstructServerAckPacket(1, 0, 0));
 
   // Server sends the response headers.
   SpdyHeaderBlock response_headers = ConstructResponseHeaders("200");
@@ -534,7 +641,7 @@ TEST_P(BidirectionalStreamQuicImplTest, GetRequest) {
   const char kResponseBody[] = "Hello world!";
   // Server sends data.
   ProcessPacket(
-      ConstructDataPacket(3, !kIncludeVersion, !kFin, 0, kResponseBody));
+      ConstructServerDataPacket(3, !kIncludeVersion, !kFin, 0, kResponseBody));
   EXPECT_EQ(12, cb.WaitForResult());
 
   EXPECT_EQ(std::string(kResponseBody), delegate->data_received());
@@ -583,13 +690,318 @@ TEST_P(BidirectionalStreamQuicImplTest, GetRequest) {
       NetLog::PHASE_NONE);
 }
 
+// Tests that when request headers are not delayed, only data buffers are
+// coalesced.
+TEST_P(BidirectionalStreamQuicImplTest, CoalesceDataBuffersNotHeadersFrame) {
+  SetRequest("POST", "/", DEFAULT_PRIORITY);
+  size_t spdy_request_headers_frame_length;
+
+  const char kBody1[] = "here are some data";
+  const char kBody2[] = "data keep coming";
+  std::vector<std::string> two_writes = {kBody1, kBody2};
+  AddWrite(ConstructRequestHeadersPacket(1, !kFin, DEFAULT_PRIORITY,
+                                         &spdy_request_headers_frame_length));
+  AddWrite(ConstructClientMultipleDataFramesPacket(2, kIncludeVersion, !kFin, 0,
+                                                   {kBody1, kBody2}));
+  // Ack server's data packet.
+  AddWrite(ConstructClientAckPacket(3, 3, 1));
+  const char kBody3[] = "hello there";
+  const char kBody4[] = "another piece of small data";
+  const char kBody5[] = "really small";
+  QuicStreamOffset data_offset = strlen(kBody1) + strlen(kBody2);
+  AddWrite(ConstructClientMultipleDataFramesPacket(
+      4, !kIncludeVersion, kFin, data_offset, {kBody3, kBody4, kBody5}));
+
+  Initialize();
+
+  BidirectionalStreamRequestInfo request;
+  request.method = "POST";
+  request.url = GURL("http://www.google.com/");
+  request.end_stream_on_headers = false;
+  request.priority = DEFAULT_PRIORITY;
+
+  scoped_refptr<IOBuffer> read_buffer(new IOBuffer(kReadBufferSize));
+  std::unique_ptr<TestDelegateBase> delegate(
+      new TestDelegateBase(read_buffer.get(), kReadBufferSize));
+  delegate->DoNotSendRequestHeadersAutomatically();
+  delegate->Start(&request, net_log().bound(), session()->GetWeakPtr());
+  delegate->WaitUntilNextCallback();  // OnStreamReady
+
+  // Sends request headers separately, which causes them to be sent in a
+  // separate packet.
+  delegate->SendRequestHeaders();
+  // Send a Data packet.
+  scoped_refptr<StringIOBuffer> buf1(new StringIOBuffer(kBody1));
+  scoped_refptr<StringIOBuffer> buf2(new StringIOBuffer(kBody2));
+
+  std::vector<int> lengths = {buf1->size(), buf2->size()};
+  delegate->SendvData({buf1, buf2}, lengths, !kFin);
+  delegate->WaitUntilNextCallback();  // OnDataSent
+
+  // Server acks the request.
+  ProcessPacket(ConstructServerAckPacket(1, 0, 0));
+
+  // Server sends the response headers.
+  SpdyHeaderBlock response_headers = ConstructResponseHeaders("200");
+  size_t spdy_response_headers_frame_length;
+  QuicStreamOffset offset = 0;
+  ProcessPacket(ConstructResponseHeadersPacket(
+      2, !kFin, response_headers, &spdy_response_headers_frame_length,
+      &offset));
+
+  delegate->WaitUntilNextCallback();  // OnHeadersReceived
+  TestCompletionCallback cb;
+  int rv = delegate->ReadData(cb.callback());
+  EXPECT_EQ(ERR_IO_PENDING, rv);
+  EXPECT_EQ("200", delegate->response_headers().find(":status")->second);
+  const char kResponseBody[] = "Hello world!";
+  // Server sends data.
+  ProcessPacket(
+      ConstructServerDataPacket(3, !kIncludeVersion, !kFin, 0, kResponseBody));
+
+  EXPECT_EQ(static_cast<int>(strlen(kResponseBody)), cb.WaitForResult());
+
+  // Send a second Data packet.
+  scoped_refptr<StringIOBuffer> buf3(new StringIOBuffer(kBody3));
+  scoped_refptr<StringIOBuffer> buf4(new StringIOBuffer(kBody4));
+  scoped_refptr<StringIOBuffer> buf5(new StringIOBuffer(kBody5));
+
+  delegate->SendvData({buf3, buf4, buf5},
+                      {buf3->size(), buf4->size(), buf5->size()}, kFin);
+  delegate->WaitUntilNextCallback();  // OnDataSent
+
+  size_t spdy_trailers_frame_length;
+  SpdyHeaderBlock trailers;
+  trailers["foo"] = "bar";
+  trailers[kFinalOffsetHeaderKey] = base::IntToString(strlen(kResponseBody));
+  // Server sends trailers.
+  ProcessPacket(ConstructResponseTrailersPacket(
+      4, kFin, trailers, &spdy_trailers_frame_length, &offset));
+
+  delegate->WaitUntilNextCallback();  // OnTrailersReceived
+  trailers.erase(kFinalOffsetHeaderKey);
+  EXPECT_EQ(trailers, delegate->trailers());
+  EXPECT_EQ(OK, delegate->ReadData(cb.callback()));
+
+  EXPECT_EQ(1, delegate->on_data_read_count());
+  EXPECT_EQ(2, delegate->on_data_sent_count());
+  EXPECT_EQ(kProtoQUIC1SPDY3, delegate->GetProtocol());
+  EXPECT_EQ(
+      static_cast<int64_t>(spdy_request_headers_frame_length + strlen(kBody1) +
+                           strlen(kBody2) + strlen(kBody3) + strlen(kBody4) +
+                           strlen(kBody5)),
+      delegate->GetTotalSentBytes());
+  EXPECT_EQ(
+      static_cast<int64_t>(spdy_response_headers_frame_length +
+                           strlen(kResponseBody) + spdy_trailers_frame_length),
+      delegate->GetTotalReceivedBytes());
+}
+
+// Tests that when request headers are delayed, SendData triggers coalescing of
+// request headers with data buffers.
+TEST_P(BidirectionalStreamQuicImplTest,
+       SendDataCoalesceDataBufferAndHeaderFrame) {
+  SetRequest("POST", "/", DEFAULT_PRIORITY);
+  size_t spdy_request_headers_frame_length;
+
+  const char kBody1[] = "here are some data";
+  AddWrite(ConstructRequestHeadersAndMultipleDataFramesPacket(
+      1, !kFin, DEFAULT_PRIORITY, &spdy_request_headers_frame_length,
+      {kBody1}));
+  // Ack server's data packet.
+  AddWrite(ConstructClientAckPacket(2, 3, 1));
+  const char kBody2[] = "really small";
+  QuicStreamOffset data_offset = strlen(kBody1);
+  AddWrite(ConstructClientMultipleDataFramesPacket(3, !kIncludeVersion, kFin,
+                                                   data_offset, {kBody2}));
+
+  Initialize();
+
+  BidirectionalStreamRequestInfo request;
+  request.method = "POST";
+  request.url = GURL("http://www.google.com/");
+  request.end_stream_on_headers = false;
+  request.priority = DEFAULT_PRIORITY;
+
+  scoped_refptr<IOBuffer> read_buffer(new IOBuffer(kReadBufferSize));
+  std::unique_ptr<TestDelegateBase> delegate(
+      new TestDelegateBase(read_buffer.get(), kReadBufferSize));
+  delegate->DoNotSendRequestHeadersAutomatically();
+  delegate->Start(&request, net_log().bound(), session()->GetWeakPtr());
+  delegate->WaitUntilNextCallback();  // OnStreamReady
+
+  // Send a Data packet.
+  scoped_refptr<StringIOBuffer> buf1(new StringIOBuffer(kBody1));
+
+  delegate->SendData(buf1, buf1->size(), false);
+  delegate->WaitUntilNextCallback();  // OnDataSent
+
+  // Server acks the request.
+  ProcessPacket(ConstructServerAckPacket(1, 0, 0));
+
+  // Server sends the response headers.
+  SpdyHeaderBlock response_headers = ConstructResponseHeaders("200");
+  size_t spdy_response_headers_frame_length;
+  QuicStreamOffset offset = 0;
+  ProcessPacket(ConstructResponseHeadersPacket(
+      2, !kFin, response_headers, &spdy_response_headers_frame_length,
+      &offset));
+
+  delegate->WaitUntilNextCallback();  // OnHeadersReceived
+  TestCompletionCallback cb;
+  int rv = delegate->ReadData(cb.callback());
+  EXPECT_EQ(ERR_IO_PENDING, rv);
+  EXPECT_EQ("200", delegate->response_headers().find(":status")->second);
+  const char kResponseBody[] = "Hello world!";
+  // Server sends data.
+  ProcessPacket(
+      ConstructServerDataPacket(3, !kIncludeVersion, !kFin, 0, kResponseBody));
+
+  EXPECT_EQ(static_cast<int>(strlen(kResponseBody)), cb.WaitForResult());
+
+  // Send a second Data packet.
+  scoped_refptr<StringIOBuffer> buf2(new StringIOBuffer(kBody2));
+
+  delegate->SendData(buf2, buf2->size(), true);
+  delegate->WaitUntilNextCallback();  // OnDataSent
+
+  size_t spdy_trailers_frame_length;
+  SpdyHeaderBlock trailers;
+  trailers["foo"] = "bar";
+  trailers[kFinalOffsetHeaderKey] = base::IntToString(strlen(kResponseBody));
+  // Server sends trailers.
+  ProcessPacket(ConstructResponseTrailersPacket(
+      4, kFin, trailers, &spdy_trailers_frame_length, &offset));
+
+  delegate->WaitUntilNextCallback();  // OnTrailersReceived
+  trailers.erase(kFinalOffsetHeaderKey);
+  EXPECT_EQ(trailers, delegate->trailers());
+  EXPECT_EQ(OK, delegate->ReadData(cb.callback()));
+
+  EXPECT_EQ(1, delegate->on_data_read_count());
+  EXPECT_EQ(2, delegate->on_data_sent_count());
+  EXPECT_EQ(kProtoQUIC1SPDY3, delegate->GetProtocol());
+  EXPECT_EQ(static_cast<int64_t>(spdy_request_headers_frame_length +
+                                 strlen(kBody1) + strlen(kBody2)),
+            delegate->GetTotalSentBytes());
+  EXPECT_EQ(
+      static_cast<int64_t>(spdy_response_headers_frame_length +
+                           strlen(kResponseBody) + spdy_trailers_frame_length),
+      delegate->GetTotalReceivedBytes());
+}
+
+// Tests that when request headers are delayed, SendvData triggers coalescing of
+// request headers with data buffers.
+TEST_P(BidirectionalStreamQuicImplTest,
+       SendvDataCoalesceDataBuffersAndHeaderFrame) {
+  SetRequest("POST", "/", DEFAULT_PRIORITY);
+  size_t spdy_request_headers_frame_length;
+
+  const char kBody1[] = "here are some data";
+  const char kBody2[] = "data keep coming";
+  std::vector<std::string> two_writes = {kBody1, kBody2};
+  AddWrite(ConstructRequestHeadersAndMultipleDataFramesPacket(
+      1, !kFin, DEFAULT_PRIORITY, &spdy_request_headers_frame_length,
+      two_writes));
+  // Ack server's data packet.
+  AddWrite(ConstructClientAckPacket(2, 3, 1));
+  const char kBody3[] = "hello there";
+  const char kBody4[] = "another piece of small data";
+  const char kBody5[] = "really small";
+  QuicStreamOffset data_offset = strlen(kBody1) + strlen(kBody2);
+  AddWrite(ConstructClientMultipleDataFramesPacket(
+      3, !kIncludeVersion, kFin, data_offset, {kBody3, kBody4, kBody5}));
+
+  Initialize();
+
+  BidirectionalStreamRequestInfo request;
+  request.method = "POST";
+  request.url = GURL("http://www.google.com/");
+  request.end_stream_on_headers = false;
+  request.priority = DEFAULT_PRIORITY;
+
+  scoped_refptr<IOBuffer> read_buffer(new IOBuffer(kReadBufferSize));
+  std::unique_ptr<TestDelegateBase> delegate(
+      new TestDelegateBase(read_buffer.get(), kReadBufferSize));
+  delegate->DoNotSendRequestHeadersAutomatically();
+  delegate->Start(&request, net_log().bound(), session()->GetWeakPtr());
+  delegate->WaitUntilNextCallback();  // OnStreamReady
+
+  // Send a Data packet.
+  scoped_refptr<StringIOBuffer> buf1(new StringIOBuffer(kBody1));
+  scoped_refptr<StringIOBuffer> buf2(new StringIOBuffer(kBody2));
+
+  std::vector<int> lengths = {buf1->size(), buf2->size()};
+  delegate->SendvData({buf1, buf2}, lengths, !kFin);
+  delegate->WaitUntilNextCallback();  // OnDataSent
+
+  // Server acks the request.
+  ProcessPacket(ConstructServerAckPacket(1, 0, 0));
+
+  // Server sends the response headers.
+  SpdyHeaderBlock response_headers = ConstructResponseHeaders("200");
+  size_t spdy_response_headers_frame_length;
+  QuicStreamOffset offset = 0;
+  ProcessPacket(ConstructResponseHeadersPacket(
+      2, !kFin, response_headers, &spdy_response_headers_frame_length,
+      &offset));
+
+  delegate->WaitUntilNextCallback();  // OnHeadersReceived
+  TestCompletionCallback cb;
+  int rv = delegate->ReadData(cb.callback());
+  EXPECT_EQ(ERR_IO_PENDING, rv);
+  EXPECT_EQ("200", delegate->response_headers().find(":status")->second);
+  const char kResponseBody[] = "Hello world!";
+  // Server sends data.
+  ProcessPacket(
+      ConstructServerDataPacket(3, !kIncludeVersion, !kFin, 0, kResponseBody));
+
+  EXPECT_EQ(static_cast<int>(strlen(kResponseBody)), cb.WaitForResult());
+
+  // Send a second Data packet.
+  scoped_refptr<StringIOBuffer> buf3(new StringIOBuffer(kBody3));
+  scoped_refptr<StringIOBuffer> buf4(new StringIOBuffer(kBody4));
+  scoped_refptr<StringIOBuffer> buf5(new StringIOBuffer(kBody5));
+
+  delegate->SendvData({buf3, buf4, buf5},
+                      {buf3->size(), buf4->size(), buf5->size()}, kFin);
+  delegate->WaitUntilNextCallback();  // OnDataSent
+
+  size_t spdy_trailers_frame_length;
+  SpdyHeaderBlock trailers;
+  trailers["foo"] = "bar";
+  trailers[kFinalOffsetHeaderKey] = base::IntToString(strlen(kResponseBody));
+  // Server sends trailers.
+  ProcessPacket(ConstructResponseTrailersPacket(
+      4, kFin, trailers, &spdy_trailers_frame_length, &offset));
+
+  delegate->WaitUntilNextCallback();  // OnTrailersReceived
+  trailers.erase(kFinalOffsetHeaderKey);
+  EXPECT_EQ(trailers, delegate->trailers());
+  EXPECT_EQ(OK, delegate->ReadData(cb.callback()));
+
+  EXPECT_EQ(1, delegate->on_data_read_count());
+  EXPECT_EQ(2, delegate->on_data_sent_count());
+  EXPECT_EQ(kProtoQUIC1SPDY3, delegate->GetProtocol());
+  EXPECT_EQ(
+      static_cast<int64_t>(spdy_request_headers_frame_length + strlen(kBody1) +
+                           strlen(kBody2) + strlen(kBody3) + strlen(kBody4) +
+                           strlen(kBody5)),
+      delegate->GetTotalSentBytes());
+  EXPECT_EQ(
+      static_cast<int64_t>(spdy_response_headers_frame_length +
+                           strlen(kResponseBody) + spdy_trailers_frame_length),
+      delegate->GetTotalReceivedBytes());
+}
+
 TEST_P(BidirectionalStreamQuicImplTest, PostRequest) {
   SetRequest("POST", "/", DEFAULT_PRIORITY);
   size_t spdy_request_headers_frame_length;
   AddWrite(ConstructRequestHeadersPacket(1, !kFin, DEFAULT_PRIORITY,
                                          &spdy_request_headers_frame_length));
-  AddWrite(ConstructDataPacket(2, kIncludeVersion, kFin, 0, kUploadData));
-  AddWrite(ConstructAckPacket(3, 3, 1));
+  AddWrite(ConstructDataPacket(2, kIncludeVersion, kFin, 0, kUploadData,
+                               &client_maker_));
+  AddWrite(ConstructClientAckPacket(3, 3, 1));
 
   Initialize();
 
@@ -600,19 +1012,19 @@ TEST_P(BidirectionalStreamQuicImplTest, PostRequest) {
   request.priority = DEFAULT_PRIORITY;
 
   scoped_refptr<IOBuffer> read_buffer(new IOBuffer(kReadBufferSize));
-  scoped_ptr<TestDelegateBase> delegate(
+  std::unique_ptr<TestDelegateBase> delegate(
       new TestDelegateBase(read_buffer.get(), kReadBufferSize));
   delegate->Start(&request, net_log().bound(), session()->GetWeakPtr());
-  delegate->WaitUntilNextCallback();  // OnHeadersSent
+  delegate->WaitUntilNextCallback();  // OnStreamReady
 
   // Send a DATA frame.
   scoped_refptr<StringIOBuffer> buf(new StringIOBuffer(kUploadData));
 
-  delegate->SendData(buf.get(), buf->size(), true);
+  delegate->SendData(buf, buf->size(), true);
   delegate->WaitUntilNextCallback();  // OnDataSent
 
   // Server acks the request.
-  ProcessPacket(ConstructAckPacket(1, 0, 0));
+  ProcessPacket(ConstructServerAckPacket(1, 0, 0));
 
   // Server sends the response headers.
   SpdyHeaderBlock response_headers = ConstructResponseHeaders("200");
@@ -630,7 +1042,7 @@ TEST_P(BidirectionalStreamQuicImplTest, PostRequest) {
   const char kResponseBody[] = "Hello world!";
   // Server sends data.
   ProcessPacket(
-      ConstructDataPacket(3, !kIncludeVersion, !kFin, 0, kResponseBody));
+      ConstructServerDataPacket(3, !kIncludeVersion, !kFin, 0, kResponseBody));
 
   EXPECT_EQ(static_cast<int>(strlen(kResponseBody)), cb.WaitForResult());
 
@@ -665,9 +1077,10 @@ TEST_P(BidirectionalStreamQuicImplTest, InterleaveReadDataAndSendData) {
   AddWrite(ConstructRequestHeadersPacket(1, !kFin, DEFAULT_PRIORITY,
                                          &spdy_request_headers_frame_length));
   AddWrite(ConstructAckAndDataPacket(2, !kIncludeVersion, 2, 1, !kFin, 0,
-                                     kUploadData));
+                                     kUploadData, &client_maker_));
   AddWrite(ConstructAckAndDataPacket(3, !kIncludeVersion, 3, 3, kFin,
-                                     strlen(kUploadData), kUploadData));
+                                     strlen(kUploadData), kUploadData,
+                                     &client_maker_));
   Initialize();
 
   BidirectionalStreamRequestInfo request;
@@ -677,13 +1090,13 @@ TEST_P(BidirectionalStreamQuicImplTest, InterleaveReadDataAndSendData) {
   request.priority = DEFAULT_PRIORITY;
 
   scoped_refptr<IOBuffer> read_buffer(new IOBuffer(kReadBufferSize));
-  scoped_ptr<TestDelegateBase> delegate(
+  std::unique_ptr<TestDelegateBase> delegate(
       new TestDelegateBase(read_buffer.get(), kReadBufferSize));
   delegate->Start(&request, net_log().bound(), session()->GetWeakPtr());
-  delegate->WaitUntilNextCallback();  // OnHeadersSent
+  delegate->WaitUntilNextCallback();  // OnStreamReady
 
   // Server acks the request.
-  ProcessPacket(ConstructAckPacket(1, 0, 0));
+  ProcessPacket(ConstructServerAckPacket(1, 0, 0));
 
   // Server sends the response headers.
   SpdyHeaderBlock response_headers = ConstructResponseHeaders("200");
@@ -697,7 +1110,7 @@ TEST_P(BidirectionalStreamQuicImplTest, InterleaveReadDataAndSendData) {
   // Client sends a data packet.
   scoped_refptr<StringIOBuffer> buf(new StringIOBuffer(kUploadData));
 
-  delegate->SendData(buf.get(), buf->size(), false);
+  delegate->SendData(buf, buf->size(), false);
   delegate->WaitUntilNextCallback();  // OnDataSent
 
   TestCompletionCallback cb;
@@ -707,20 +1120,21 @@ TEST_P(BidirectionalStreamQuicImplTest, InterleaveReadDataAndSendData) {
 
   // Server sends a data packet.
   ProcessPacket(ConstructAckAndDataPacket(3, !kIncludeVersion, 2, 1, !kFin, 0,
-                                          kResponseBody));
+                                          kResponseBody, &server_maker_));
 
   EXPECT_EQ(static_cast<int64_t>(strlen(kResponseBody)), cb.WaitForResult());
   EXPECT_EQ(std::string(kResponseBody), delegate->data_received());
 
   // Client sends a data packet.
-  delegate->SendData(buf.get(), buf->size(), true);
+  delegate->SendData(buf, buf->size(), true);
   delegate->WaitUntilNextCallback();  // OnDataSent
 
   TestCompletionCallback cb2;
   rv = delegate->ReadData(cb2.callback());
   EXPECT_EQ(ERR_IO_PENDING, rv);
-  ProcessPacket(ConstructAckAndDataPacket(
-      4, !kIncludeVersion, 3, 1, kFin, strlen(kResponseBody), kResponseBody));
+  ProcessPacket(ConstructAckAndDataPacket(4, !kIncludeVersion, 3, 1, kFin,
+                                          strlen(kResponseBody), kResponseBody,
+                                          &server_maker_));
 
   EXPECT_EQ(static_cast<int64_t>(strlen(kResponseBody)), cb2.WaitForResult());
 
@@ -754,13 +1168,13 @@ TEST_P(BidirectionalStreamQuicImplTest, ServerSendsRstAfterHeaders) {
   request.priority = DEFAULT_PRIORITY;
 
   scoped_refptr<IOBuffer> read_buffer(new IOBuffer(kReadBufferSize));
-  scoped_ptr<TestDelegateBase> delegate(
+  std::unique_ptr<TestDelegateBase> delegate(
       new TestDelegateBase(read_buffer.get(), kReadBufferSize));
   delegate->Start(&request, net_log().bound(), session()->GetWeakPtr());
-  delegate->WaitUntilNextCallback();  // OnHeadersSent
+  delegate->WaitUntilNextCallback();  // OnStreamReady
 
   // Server sends a Rst.
-  ProcessPacket(ConstructRstStreamPacket(1));
+  ProcessPacket(ConstructServerRstStreamPacket(1));
 
   delegate->WaitUntilNextCallback();  // OnFailed
   TestCompletionCallback cb;
@@ -782,7 +1196,7 @@ TEST_P(BidirectionalStreamQuicImplTest, ServerSendsRstAfterReadData) {
   AddWrite(ConstructRequestHeadersPacket(1, kFin, DEFAULT_PRIORITY,
                                          &spdy_request_headers_frame_length));
   // Why does QUIC ack Rst? Is this expected?
-  AddWrite(ConstructAckPacket(2, 3, 1));
+  AddWrite(ConstructClientAckPacket(2, 3, 1));
 
   Initialize();
 
@@ -793,13 +1207,13 @@ TEST_P(BidirectionalStreamQuicImplTest, ServerSendsRstAfterReadData) {
   request.priority = DEFAULT_PRIORITY;
 
   scoped_refptr<IOBuffer> read_buffer(new IOBuffer(kReadBufferSize));
-  scoped_ptr<TestDelegateBase> delegate(
+  std::unique_ptr<TestDelegateBase> delegate(
       new TestDelegateBase(read_buffer.get(), kReadBufferSize));
   delegate->Start(&request, net_log().bound(), session()->GetWeakPtr());
-  delegate->WaitUntilNextCallback();  // OnHeadersSent
+  delegate->WaitUntilNextCallback();  // OnStreamReady
 
   // Server acks the request.
-  ProcessPacket(ConstructAckPacket(1, 0, 0));
+  ProcessPacket(ConstructServerAckPacket(1, 0, 0));
 
   // Server sends the response headers.
   SpdyHeaderBlock response_headers = ConstructResponseHeaders("200");
@@ -818,7 +1232,7 @@ TEST_P(BidirectionalStreamQuicImplTest, ServerSendsRstAfterReadData) {
   EXPECT_EQ(ERR_IO_PENDING, rv);
 
   // Server sends a Rst.
-  ProcessPacket(ConstructRstStreamPacket(3));
+  ProcessPacket(ConstructServerRstStreamPacket(3));
 
   delegate->WaitUntilNextCallback();  // OnFailed
 
@@ -838,8 +1252,9 @@ TEST_P(BidirectionalStreamQuicImplTest, CancelStreamAfterSendData) {
   AddWrite(ConstructRequestHeadersPacket(1, !kFin, DEFAULT_PRIORITY,
                                          &spdy_request_headers_frame_length));
   AddWrite(ConstructAckAndDataPacket(2, !kIncludeVersion, 2, 1, !kFin, 0,
-                                     kUploadData));
-  AddWrite(ConstructRstStreamCancelledPacket(3, strlen(kUploadData)));
+                                     kUploadData, &client_maker_));
+  AddWrite(ConstructRstStreamCancelledPacket(3, strlen(kUploadData),
+                                             &client_maker_));
 
   Initialize();
 
@@ -850,13 +1265,13 @@ TEST_P(BidirectionalStreamQuicImplTest, CancelStreamAfterSendData) {
   request.priority = DEFAULT_PRIORITY;
 
   scoped_refptr<IOBuffer> read_buffer(new IOBuffer(kReadBufferSize));
-  scoped_ptr<TestDelegateBase> delegate(
+  std::unique_ptr<TestDelegateBase> delegate(
       new TestDelegateBase(read_buffer.get(), kReadBufferSize));
   delegate->Start(&request, net_log().bound(), session()->GetWeakPtr());
-  delegate->WaitUntilNextCallback();  // OnHeadersSent
+  delegate->WaitUntilNextCallback();  // OnStreamReady
 
   // Server acks the request.
-  ProcessPacket(ConstructAckPacket(1, 0, 0));
+  ProcessPacket(ConstructServerAckPacket(1, 0, 0));
 
   // Server sends the response headers.
   SpdyHeaderBlock response_headers = ConstructResponseHeaders("200");
@@ -870,12 +1285,17 @@ TEST_P(BidirectionalStreamQuicImplTest, CancelStreamAfterSendData) {
   // Send a DATA frame.
   scoped_refptr<StringIOBuffer> buf(new StringIOBuffer(kUploadData));
 
-  delegate->SendData(buf.get(), buf->size(), false);
+  delegate->SendData(buf, buf->size(), false);
   delegate->WaitUntilNextCallback();  // OnDataSent
 
   delegate->CancelStream();
   base::MessageLoop::current()->RunUntilIdle();
 
+  // Try to send data after Cancel(), should not get called back.
+  delegate->SendData(buf, buf->size(), false);
+  base::MessageLoop::current()->RunUntilIdle();
+  EXPECT_FALSE(delegate->on_failed_called());
+
   EXPECT_EQ(0, delegate->on_data_read_count());
   EXPECT_EQ(1, delegate->on_data_sent_count());
   EXPECT_EQ(kProtoQUIC1SPDY3, delegate->GetProtocol());
@@ -887,26 +1307,26 @@ TEST_P(BidirectionalStreamQuicImplTest, CancelStreamAfterSendData) {
 }
 
 TEST_P(BidirectionalStreamQuicImplTest, SessionClosedBeforeReadData) {
-  SetRequest("GET", "/", DEFAULT_PRIORITY);
+  SetRequest("POST", "/", DEFAULT_PRIORITY);
   size_t spdy_request_headers_frame_length;
-  AddWrite(ConstructRequestHeadersPacket(1, kFin, DEFAULT_PRIORITY,
+  AddWrite(ConstructRequestHeadersPacket(1, !kFin, DEFAULT_PRIORITY,
                                          &spdy_request_headers_frame_length));
   Initialize();
 
   BidirectionalStreamRequestInfo request;
-  request.method = "GET";
+  request.method = "POST";
   request.url = GURL("http://www.google.com/");
-  request.end_stream_on_headers = true;
+  request.end_stream_on_headers = false;
   request.priority = DEFAULT_PRIORITY;
 
   scoped_refptr<IOBuffer> read_buffer(new IOBuffer(kReadBufferSize));
-  scoped_ptr<TestDelegateBase> delegate(
+  std::unique_ptr<TestDelegateBase> delegate(
       new TestDelegateBase(read_buffer.get(), kReadBufferSize));
   delegate->Start(&request, net_log().bound(), session()->GetWeakPtr());
-  delegate->WaitUntilNextCallback();  // OnHeadersSent
+  delegate->WaitUntilNextCallback();  // OnStreamReady
 
   // Server acks the request.
-  ProcessPacket(ConstructAckPacket(1, 0, 0));
+  ProcessPacket(ConstructServerAckPacket(1, 0, 0));
 
   // Server sends the response headers.
   SpdyHeaderBlock response_headers = ConstructResponseHeaders("200");
@@ -924,7 +1344,11 @@ TEST_P(BidirectionalStreamQuicImplTest, SessionClosedBeforeReadData) {
   session()->connection()->CloseConnection(
       QUIC_NO_ERROR, "test", ConnectionCloseBehavior::SILENT_CLOSE);
   delegate->WaitUntilNextCallback();  // OnFailed
+  EXPECT_TRUE(delegate->on_failed_called());
 
+  // Try to send data after OnFailed(), should not get called back.
+  scoped_refptr<StringIOBuffer> buf(new StringIOBuffer(kUploadData));
+  delegate->SendData(buf, buf->size(), false);
   base::MessageLoop::current()->RunUntilIdle();
 
   EXPECT_EQ(ERR_UNEXPECTED, delegate->ReadData(cb.callback()));
@@ -943,7 +1367,7 @@ TEST_P(BidirectionalStreamQuicImplTest, CancelStreamAfterReadData) {
   size_t spdy_request_headers_frame_length;
   AddWrite(ConstructRequestHeadersPacket(1, !kFin, DEFAULT_PRIORITY,
                                          &spdy_request_headers_frame_length));
-  AddWrite(ConstructAckAndRstStreamPacket(2, 2, 1, 1));
+  AddWrite(ConstructClientAckAndRstStreamPacket(2, 2, 1, 1));
 
   Initialize();
 
@@ -954,13 +1378,13 @@ TEST_P(BidirectionalStreamQuicImplTest, CancelStreamAfterReadData) {
   request.priority = DEFAULT_PRIORITY;
 
   scoped_refptr<IOBuffer> read_buffer(new IOBuffer(kReadBufferSize));
-  scoped_ptr<TestDelegateBase> delegate(
+  std::unique_ptr<TestDelegateBase> delegate(
       new TestDelegateBase(read_buffer.get(), kReadBufferSize));
   delegate->Start(&request, net_log().bound(), session()->GetWeakPtr());
-  delegate->WaitUntilNextCallback();  // OnHeadersSent
+  delegate->WaitUntilNextCallback();  // OnStreamReady
 
   // Server acks the request.
-  ProcessPacket(ConstructAckPacket(1, 0, 0));
+  ProcessPacket(ConstructServerAckPacket(1, 0, 0));
 
   // Server sends the response headers.
   SpdyHeaderBlock response_headers = ConstructResponseHeaders("200");
@@ -992,7 +1416,7 @@ TEST_P(BidirectionalStreamQuicImplTest, DeleteStreamDuringOnHeadersReceived) {
   size_t spdy_request_headers_frame_length;
   AddWrite(ConstructRequestHeadersPacket(1, !kFin, DEFAULT_PRIORITY,
                                          &spdy_request_headers_frame_length));
-  AddWrite(ConstructAckAndRstStreamPacket(2, 2, 1, 1));
+  AddWrite(ConstructClientAckAndRstStreamPacket(2, 2, 1, 1));
 
   Initialize();
 
@@ -1003,14 +1427,14 @@ TEST_P(BidirectionalStreamQuicImplTest, DeleteStreamDuringOnHeadersReceived) {
   request.priority = DEFAULT_PRIORITY;
 
   scoped_refptr<IOBuffer> read_buffer(new IOBuffer(kReadBufferSize));
-  scoped_ptr<DeleteStreamDelegate> delegate(new DeleteStreamDelegate(
+  std::unique_ptr<DeleteStreamDelegate> delegate(new DeleteStreamDelegate(
       read_buffer.get(), kReadBufferSize,
       DeleteStreamDelegate::ON_HEADERS_RECEIVED, true));
   delegate->Start(&request, net_log().bound(), session()->GetWeakPtr());
-  delegate->WaitUntilNextCallback();  // OnHeadersSent
+  delegate->WaitUntilNextCallback();  // OnStreamReady
 
   // Server acks the request.
-  ProcessPacket(ConstructAckPacket(1, 0, 0));
+  ProcessPacket(ConstructServerAckPacket(1, 0, 0));
 
   // Server sends the response headers.
   SpdyHeaderBlock response_headers = ConstructResponseHeaders("200");
@@ -1034,8 +1458,8 @@ TEST_P(BidirectionalStreamQuicImplTest, DeleteStreamDuringOnDataRead) {
   size_t spdy_request_headers_frame_length;
   AddWrite(ConstructRequestHeadersPacket(1, !kFin, DEFAULT_PRIORITY,
                                          &spdy_request_headers_frame_length));
-  AddWrite(ConstructAckPacket(2, 3, 1));
-  AddWrite(ConstructRstStreamPacket(3));
+  AddWrite(ConstructClientAckPacket(2, 3, 1));
+  AddWrite(ConstructClientRstStreamPacket(3));
 
   Initialize();
 
@@ -1046,14 +1470,14 @@ TEST_P(BidirectionalStreamQuicImplTest, DeleteStreamDuringOnDataRead) {
   request.priority = DEFAULT_PRIORITY;
 
   scoped_refptr<IOBuffer> read_buffer(new IOBuffer(kReadBufferSize));
-  scoped_ptr<DeleteStreamDelegate> delegate(
+  std::unique_ptr<DeleteStreamDelegate> delegate(
       new DeleteStreamDelegate(read_buffer.get(), kReadBufferSize,
                                DeleteStreamDelegate::ON_DATA_READ, true));
   delegate->Start(&request, net_log().bound(), session()->GetWeakPtr());
-  delegate->WaitUntilNextCallback();  // OnHeadersSent
+  delegate->WaitUntilNextCallback();  // OnStreamReady
 
   // Server acks the request.
-  ProcessPacket(ConstructAckPacket(1, 0, 0));
+  ProcessPacket(ConstructServerAckPacket(1, 0, 0));
 
   // Server sends the response headers.
   SpdyHeaderBlock response_headers = ConstructResponseHeaders("200");
@@ -1073,7 +1497,7 @@ TEST_P(BidirectionalStreamQuicImplTest, DeleteStreamDuringOnDataRead) {
   const char kResponseBody[] = "Hello world!";
   // Server sends data.
   ProcessPacket(
-      ConstructDataPacket(3, !kIncludeVersion, !kFin, 0, kResponseBody));
+      ConstructServerDataPacket(3, !kIncludeVersion, !kFin, 0, kResponseBody));
   EXPECT_EQ(static_cast<int64_t>(strlen(kResponseBody)), cb.WaitForResult());
 
   base::MessageLoop::current()->RunUntilIdle();
@@ -1087,7 +1511,7 @@ TEST_P(BidirectionalStreamQuicImplTest, DeleteStreamDuringOnTrailersReceived) {
   size_t spdy_request_headers_frame_length;
   AddWrite(ConstructRequestHeadersPacket(1, kFin, DEFAULT_PRIORITY,
                                          &spdy_request_headers_frame_length));
-  AddWrite(ConstructAckPacket(2, 3, 1));  // Ack the data packet
+  AddWrite(ConstructClientAckPacket(2, 3, 1));  // Ack the data packet
 
   Initialize();
 
@@ -1098,14 +1522,14 @@ TEST_P(BidirectionalStreamQuicImplTest, DeleteStreamDuringOnTrailersReceived) {
   request.priority = DEFAULT_PRIORITY;
 
   scoped_refptr<IOBuffer> read_buffer(new IOBuffer(kReadBufferSize));
-  scoped_ptr<DeleteStreamDelegate> delegate(new DeleteStreamDelegate(
+  std::unique_ptr<DeleteStreamDelegate> delegate(new DeleteStreamDelegate(
       read_buffer.get(), kReadBufferSize,
       DeleteStreamDelegate::ON_TRAILERS_RECEIVED, true));
   delegate->Start(&request, net_log().bound(), session()->GetWeakPtr());
-  delegate->WaitUntilNextCallback();  // OnHeadersSent
+  delegate->WaitUntilNextCallback();  // OnStreamReady
 
   // Server acks the request.
-  ProcessPacket(ConstructAckPacket(1, 0, 0));
+  ProcessPacket(ConstructServerAckPacket(1, 0, 0));
 
   // Server sends the response headers.
   SpdyHeaderBlock response_headers = ConstructResponseHeaders("200");
@@ -1126,7 +1550,7 @@ TEST_P(BidirectionalStreamQuicImplTest, DeleteStreamDuringOnTrailersReceived) {
   const char kResponseBody[] = "Hello world!";
   // Server sends data.
   ProcessPacket(
-      ConstructDataPacket(3, !kIncludeVersion, !kFin, 0, kResponseBody));
+      ConstructServerDataPacket(3, !kIncludeVersion, !kFin, 0, kResponseBody));
 
   EXPECT_EQ(static_cast<int64_t>(strlen(kResponseBody)), cb.WaitForResult());
   EXPECT_EQ(std::string(kResponseBody), delegate->data_received());
diff --git a/chromium/net/quic/congestion_control/cubic_bytes_test.cc b/chromium/net/quic/congestion_control/cubic_bytes_test.cc
index 1d4b94ec500..02504b3f98e 100644
--- a/chromium/net/quic/congestion_control/cubic_bytes_test.cc
+++ b/chromium/net/quic/congestion_control/cubic_bytes_test.cc
@@ -5,7 +5,6 @@
 #include "net/quic/congestion_control/cubic_bytes.h"
 
 #include "base/logging.h"
-#include "net/quic/quic_connection_stats.h"
 #include "net/quic/test_tools/mock_clock.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
@@ -75,41 +74,6 @@ TEST_F(CubicBytesTest, AboveOrigin) {
   EXPECT_EQ(expected_cwnd, current_cwnd / kDefaultTCPMSS);
 }
 
-TEST_F(CubicBytesTest, CwndIncreaseStatsDuringConvexRegion) {
-  const QuicTime::Delta rtt_min = hundred_ms_;
-  QuicByteCount current_cwnd = 10 * kDefaultTCPMSS;
-  QuicByteCount expected_cwnd = current_cwnd + kDefaultTCPMSS;
-  // Initialize controller state.
-  clock_.AdvanceTime(one_ms_);
-  expected_cwnd =
-      cubic_.CongestionWindowAfterAck(kDefaultTCPMSS, current_cwnd, rtt_min);
-  current_cwnd = expected_cwnd;
-  // Testing Reno mode increase.
-  for (int i = 0; i < 48; ++i) {
-    for (QuicPacketCount n = 1;
-         n < current_cwnd / kDefaultTCPMSS / kNConnectionAlpha; ++n) {
-      // Call once per ACK, causing cwnd growth in Reno mode.
-      cubic_.CongestionWindowAfterAck(kDefaultTCPMSS, current_cwnd, rtt_min);
-    }
-    // Advance current time so that cwnd update is allowed to happen by Cubic.
-    clock_.AdvanceTime(hundred_ms_);
-    current_cwnd =
-        cubic_.CongestionWindowAfterAck(kDefaultTCPMSS, current_cwnd, rtt_min);
-    expected_cwnd += kDefaultTCPMSS;
-  }
-
-  // Testing Cubic mode increase.
-  for (int i = 0; i < 52; ++i) {
-    for (QuicPacketCount n = 1; n < current_cwnd / kDefaultTCPMSS; ++n) {
-      // Call once per ACK.
-      cubic_.CongestionWindowAfterAck(kDefaultTCPMSS, current_cwnd, rtt_min);
-    }
-    clock_.AdvanceTime(hundred_ms_);
-    current_cwnd =
-        cubic_.CongestionWindowAfterAck(kDefaultTCPMSS, current_cwnd, rtt_min);
-  }
-}
-
 TEST_F(CubicBytesTest, LossEvents) {
   const QuicTime::Delta rtt_min = hundred_ms_;
   QuicByteCount current_cwnd = 422 * kDefaultTCPMSS;
diff --git a/chromium/net/quic/congestion_control/cubic_test.cc b/chromium/net/quic/congestion_control/cubic_test.cc
index fb88de60bf2..2e2c231f814 100644
--- a/chromium/net/quic/congestion_control/cubic_test.cc
+++ b/chromium/net/quic/congestion_control/cubic_test.cc
@@ -5,7 +5,6 @@
 #include "net/quic/congestion_control/cubic.h"
 
 #include "base/logging.h"
-#include "net/quic/quic_connection_stats.h"
 #include "net/quic/test_tools/mock_clock.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
@@ -70,37 +69,6 @@ TEST_F(CubicTest, AboveOrigin) {
   EXPECT_EQ(expected_cwnd, current_cwnd);
 }
 
-TEST_F(CubicTest, CwndIncreaseStatsDuringConvexRegion) {
-  const QuicTime::Delta rtt_min = hundred_ms_;
-  QuicPacketCount current_cwnd = 10;
-  QuicPacketCount expected_cwnd = current_cwnd + 1;
-  // Initialize controller state.
-  clock_.AdvanceTime(one_ms_);
-  expected_cwnd = cubic_.CongestionWindowAfterAck(current_cwnd, rtt_min);
-  current_cwnd = expected_cwnd;
-  // Testing Reno mode increase.
-  for (int i = 0; i < 48; ++i) {
-    for (QuicPacketCount n = 1; n < current_cwnd / kNConnectionAlpha; ++n) {
-      // Call once per ACK, causing cwnd growth in Reno mode.
-      cubic_.CongestionWindowAfterAck(current_cwnd, rtt_min);
-    }
-    // Advance current time so that cwnd update is allowed to happen by Cubic.
-    clock_.AdvanceTime(hundred_ms_);
-    current_cwnd = cubic_.CongestionWindowAfterAck(current_cwnd, rtt_min);
-    expected_cwnd++;
-  }
-
-  // Testing Cubic mode increase.
-  for (int i = 0; i < 52; ++i) {
-    for (QuicPacketCount n = 1; n < current_cwnd; ++n) {
-      // Call once per ACK.
-      cubic_.CongestionWindowAfterAck(current_cwnd, rtt_min);
-    }
-    clock_.AdvanceTime(hundred_ms_);
-    current_cwnd = cubic_.CongestionWindowAfterAck(current_cwnd, rtt_min);
-  }
-}
-
 TEST_F(CubicTest, LossEvents) {
   const QuicTime::Delta rtt_min = hundred_ms_;
   QuicPacketCount current_cwnd = 422;
diff --git a/chromium/net/quic/congestion_control/general_loss_algorithm.cc b/chromium/net/quic/congestion_control/general_loss_algorithm.cc
index 69623b0362a..bcd2b49eecb 100644
--- a/chromium/net/quic/congestion_control/general_loss_algorithm.cc
+++ b/chromium/net/quic/congestion_control/general_loss_algorithm.cc
@@ -6,6 +6,7 @@
 
 #include "net/quic/congestion_control/rtt_stats.h"
 #include "net/quic/quic_bug_tracker.h"
+#include "net/quic/quic_flags.h"
 #include "net/quic/quic_protocol.h"
 
 namespace net {
@@ -17,35 +18,58 @@ namespace {
 // triggers when a nack has been receieved for the packet.
 static const size_t kMinLossDelayMs = 5;
 
-// How many RTTs the algorithm waits before determining a packet is lost due
-// to early retransmission or by time based loss detection.
-static const double kLossDelayMultiplier = 1.25;
+// Default fraction of an RTT the algorithm waits before determining a packet is
+// lost due to early retransmission by time based loss detection.
+static const int kDefaultLossDelayFraction = 4;
+// Default fraction of an RTT when doing adaptive loss detection.
+static const int kDefaultAdaptiveLossDelayFraction = 16;
 
 }  // namespace
 
 GeneralLossAlgorithm::GeneralLossAlgorithm()
-    : loss_type_(kNack), loss_detection_timeout_(QuicTime::Zero()) {}
+    : loss_type_(kNack),
+      loss_detection_timeout_(QuicTime::Zero()),
+      largest_sent_on_spurious_retransmit_(0),
+      reordering_fraction_(kDefaultLossDelayFraction) {}
 
 GeneralLossAlgorithm::GeneralLossAlgorithm(LossDetectionType loss_type)
-    : loss_type_(loss_type), loss_detection_timeout_(QuicTime::Zero()) {}
+    : loss_type_(loss_type),
+      loss_detection_timeout_(QuicTime::Zero()),
+      largest_sent_on_spurious_retransmit_(0),
+      reordering_fraction_(loss_type == kAdaptiveTime
+                               ? kDefaultAdaptiveLossDelayFraction
+                               : kDefaultLossDelayFraction) {}
 
 LossDetectionType GeneralLossAlgorithm::GetLossDetectionType() const {
   return loss_type_;
 }
 
+void GeneralLossAlgorithm::SetLossDetectionType(LossDetectionType loss_type) {
+  loss_type_ = loss_type;
+  if (loss_type_ == kAdaptiveTime) {
+    reordering_fraction_ = kDefaultAdaptiveLossDelayFraction;
+  }
+}
+
 // Uses nack counts to decide when packets are lost.
 void GeneralLossAlgorithm::DetectLosses(
     const QuicUnackedPacketMap& unacked_packets,
     QuicTime time,
     const RttStats& rtt_stats,
+    QuicPacketNumber largest_newly_acked,
     SendAlgorithmInterface::CongestionVector* packets_lost) {
-  const QuicPacketNumber largest_observed = unacked_packets.largest_observed();
+  QuicPacketNumber largest_observed = unacked_packets.largest_observed();
+  if (FLAGS_quic_loss_recovery_use_largest_acked) {
+    largest_observed = largest_newly_acked;
+  }
   loss_detection_timeout_ = QuicTime::Zero();
-  QuicTime::Delta loss_delay = QuicTime::Delta::Max(
-      QuicTime::Delta::FromMilliseconds(kMinLossDelayMs),
-      QuicTime::Delta::Max(rtt_stats.smoothed_rtt(), rtt_stats.latest_rtt())
-          .Multiply(kLossDelayMultiplier));
-
+  QuicTime::Delta max_rtt = QuicTime::Delta::Max(
+      FLAGS_quic_adaptive_loss_recovery ? rtt_stats.previous_srtt()
+                                        : rtt_stats.smoothed_rtt(),
+      rtt_stats.latest_rtt());
+  QuicTime::Delta loss_delay =
+      QuicTime::Delta::Max(QuicTime::Delta::FromMilliseconds(kMinLossDelayMs),
+                           max_rtt.Multiply(1 + 1.0f / reordering_fraction_));
   QuicPacketNumber packet_number = unacked_packets.GetLeastUnacked();
   for (QuicUnackedPacketMap::const_iterator it = unacked_packets.begin();
        it != unacked_packets.end() && packet_number <= largest_observed;
@@ -54,8 +78,22 @@ void GeneralLossAlgorithm::DetectLosses(
       continue;
     }
 
-    // TODO(ianswett): Combine this and the time based detection for FACK.
-    if (loss_type_ == kTime) {
+    if (FLAGS_quic_simplify_loss_detection && loss_type_ == kNack) {
+      // FACK based loss detection.
+      if (largest_observed - packet_number >=
+          kNumberOfNacksBeforeRetransmission) {
+        packets_lost->push_back(std::make_pair(packet_number, it->bytes_sent));
+        continue;
+      }
+    }
+
+    // Only early retransmit(RFC5827) when the last packet gets acked and
+    // there are retransmittable packets in flight.
+    // This also implements a timer-protected variant of FACK.
+    if ((FLAGS_quic_simplify_loss_detection &&
+         !it->retransmittable_frames.empty() &&
+         unacked_packets.largest_sent_packet() == largest_observed) ||
+        (loss_type_ == kTime || loss_type_ == kAdaptiveTime)) {
       QuicTime when_lost = it->sent_time.Add(loss_delay);
       if (time < when_lost) {
         loss_detection_timeout_ = when_lost;
@@ -64,15 +102,16 @@ void GeneralLossAlgorithm::DetectLosses(
       packets_lost->push_back(std::make_pair(packet_number, it->bytes_sent));
       continue;
     }
-
-    // FACK based loss detection.
-    QUIC_BUG_IF(it->nack_count == 0 && it->sent_time.IsInitialized())
-        << "All packets less than largest observed should have been nacked."
-        << " packet_number:" << packet_number
-        << " largest_observed:" << largest_observed;
-    if (it->nack_count >= kNumberOfNacksBeforeRetransmission) {
-      packets_lost->push_back(std::make_pair(packet_number, it->bytes_sent));
-      continue;
+    if (!FLAGS_quic_simplify_loss_detection) {
+      // FACK based loss detection.
+      QUIC_BUG_IF(it->nack_count == 0 && it->sent_time.IsInitialized())
+          << "All packets less than largest observed should have been nacked."
+          << " packet_number:" << packet_number
+          << " largest_observed:" << largest_observed;
+      if (it->nack_count >= kNumberOfNacksBeforeRetransmission) {
+        packets_lost->push_back(std::make_pair(packet_number, it->bytes_sent));
+        continue;
+      }
     }
 
     // NACK-based loss detection allows for a max reordering window of 1 RTT.
@@ -82,10 +121,8 @@ void GeneralLossAlgorithm::DetectLosses(
       continue;
     }
 
-    // Only early retransmit(RFC5827) when the last packet gets acked and
-    // there are retransmittable packets in flight.
-    // This also implements a timer-protected variant of FACK.
-    if (!it->retransmittable_frames.empty() &&
+    if (!FLAGS_quic_simplify_loss_detection &&
+        !it->retransmittable_frames.empty() &&
         unacked_packets.largest_sent_packet() == largest_observed) {
       // Early retransmit marks the packet as lost once 1.25RTTs have passed
       // since the packet was sent and otherwise sets an alarm.
@@ -105,4 +142,31 @@ QuicTime GeneralLossAlgorithm::GetLossTimeout() const {
   return loss_detection_timeout_;
 }
 
+void GeneralLossAlgorithm::SpuriousRetransmitDetected(
+    const QuicUnackedPacketMap& unacked_packets,
+    QuicTime time,
+    const RttStats& rtt_stats,
+    QuicPacketNumber spurious_retransmission) {
+  if (loss_type_ != kAdaptiveTime || reordering_fraction_ == 1) {
+    return;
+  }
+  if (spurious_retransmission <= largest_sent_on_spurious_retransmit_) {
+    return;
+  }
+  largest_sent_on_spurious_retransmit_ = unacked_packets.largest_sent_packet();
+  // Calculate the extra time needed so this wouldn't have been declared lost.
+  // Extra time needed is based on how long it's been since the spurious
+  // retransmission was sent, because the SRTT and latest RTT may have changed.
+  QuicTime::Delta extra_time_needed = time.Subtract(
+      unacked_packets.GetTransmissionInfo(spurious_retransmission).sent_time);
+  // Increase the reordering fraction until enough time would be allowed.
+  QuicTime::Delta max_rtt =
+      QuicTime::Delta::Max(rtt_stats.previous_srtt(), rtt_stats.latest_rtt());
+  QuicTime::Delta proposed_extra_time(QuicTime::Delta::Zero());
+  do {
+    proposed_extra_time = max_rtt.Multiply(1.0f / reordering_fraction_);
+    reordering_fraction_ >>= 1;
+  } while (proposed_extra_time < extra_time_needed && reordering_fraction_ > 1);
+}
+
 }  // namespace net
diff --git a/chromium/net/quic/congestion_control/general_loss_algorithm.h b/chromium/net/quic/congestion_control/general_loss_algorithm.h
index f1a2ec4c903..0a4549ff297 100644
--- a/chromium/net/quic/congestion_control/general_loss_algorithm.h
+++ b/chromium/net/quic/congestion_control/general_loss_algorithm.h
@@ -29,23 +29,38 @@ class NET_EXPORT_PRIVATE GeneralLossAlgorithm : public LossDetectionInterface {
   ~GeneralLossAlgorithm() override {}
 
   LossDetectionType GetLossDetectionType() const override;
-  void SetLossDetectionType(LossDetectionType loss_type) {
-    loss_type_ = loss_type;
-  }
+  void SetLossDetectionType(LossDetectionType loss_type);
 
-  // Uses |largest_observed| and time to decide when packets are lost.
+  // Uses |largest_acked| and time to decide when packets are lost.
   void DetectLosses(
       const QuicUnackedPacketMap& unacked_packets,
       QuicTime time,
       const RttStats& rtt_stats,
+      QuicPacketNumber largest_newly_acked,
       SendAlgorithmInterface::CongestionVector* packets_lost) override;
 
   // Returns a non-zero value when the early retransmit timer is active.
   QuicTime GetLossTimeout() const override;
 
+  // Increases the loss detection threshold for time loss detection.
+  void SpuriousRetransmitDetected(
+      const QuicUnackedPacketMap& unacked_packets,
+      QuicTime time,
+      const RttStats& rtt_stats,
+      QuicPacketNumber spurious_retransmission) override;
+
+  int reordering_fraction() const { return reordering_fraction_; }
+
  private:
   LossDetectionType loss_type_;
   QuicTime loss_detection_timeout_;
+  // Largest sent packet when a spurious retransmit is detected.
+  // Prevents increasing the reordering threshold multiple times per epoch.
+  QuicPacketNumber largest_sent_on_spurious_retransmit_;
+  // Fraction of a std::max(SRTT, latest_rtt) to permit reordering before
+  // declaring
+  // loss.
+  int reordering_fraction_;
 
   DISALLOW_COPY_AND_ASSIGN(GeneralLossAlgorithm);
 };
diff --git a/chromium/net/quic/congestion_control/general_loss_algorithm_test.cc b/chromium/net/quic/congestion_control/general_loss_algorithm_test.cc
index 580ce84d12f..5eaf4eb7467 100644
--- a/chromium/net/quic/congestion_control/general_loss_algorithm_test.cc
+++ b/chromium/net/quic/congestion_control/general_loss_algorithm_test.cc
@@ -7,8 +7,8 @@
 #include <algorithm>
 
 #include "base/logging.h"
-#include "base/stl_util.h"
 #include "net/quic/congestion_control/rtt_stats.h"
+#include "net/quic/quic_flags.h"
 #include "net/quic/quic_unacked_packet_map.h"
 #include "net/quic/test_tools/mock_clock.h"
 #include "testing/gtest/include/gtest/gtest.h"
@@ -27,6 +27,7 @@ class GeneralLossAlgorithmTest : public ::testing::Test {
   GeneralLossAlgorithmTest() {
     rtt_stats_.UpdateRtt(QuicTime::Delta::FromMilliseconds(100),
                          QuicTime::Delta::Zero(), clock_.Now());
+    EXPECT_LT(0, rtt_stats_.smoothed_rtt().ToMicroseconds());
   }
 
   ~GeneralLossAlgorithmTest() override {}
@@ -42,13 +43,15 @@ class GeneralLossAlgorithmTest : public ::testing::Test {
                                    true);
   }
 
-  void VerifyLosses(QuicPacketNumber largest_observed,
+  void VerifyLosses(QuicPacketNumber largest_newly_acked,
                     QuicPacketNumber* losses_expected,
                     size_t num_losses) {
-    unacked_packets_.IncreaseLargestObserved(largest_observed);
+    if (largest_newly_acked > unacked_packets_.largest_observed()) {
+      unacked_packets_.IncreaseLargestObserved(largest_newly_acked);
+    }
     SendAlgorithmInterface::CongestionVector lost_packets;
     loss_algorithm_.DetectLosses(unacked_packets_, clock_.Now(), rtt_stats_,
-                                 &lost_packets);
+                                 largest_newly_acked, &lost_packets);
     EXPECT_EQ(num_losses, lost_packets.size());
     for (size_t i = 0; i < num_losses; ++i) {
       EXPECT_EQ(lost_packets[i].first, losses_expected[i]);
@@ -69,15 +72,21 @@ TEST_F(GeneralLossAlgorithmTest, NackRetransmit1Packet) {
   }
   // No loss on one ack.
   unacked_packets_.RemoveFromInFlight(2);
-  unacked_packets_.NackPacket(1, 1);
+  if (!FLAGS_quic_simplify_loss_detection) {
+    unacked_packets_.NackPacket(1, 1);
+  }
   VerifyLosses(2, nullptr, 0);
   // No loss on two acks.
   unacked_packets_.RemoveFromInFlight(3);
-  unacked_packets_.NackPacket(1, 2);
+  if (!FLAGS_quic_simplify_loss_detection) {
+    unacked_packets_.NackPacket(1, 2);
+  }
   VerifyLosses(3, nullptr, 0);
   // Loss on three acks.
   unacked_packets_.RemoveFromInFlight(4);
-  unacked_packets_.NackPacket(1, 3);
+  if (!FLAGS_quic_simplify_loss_detection) {
+    unacked_packets_.NackPacket(1, 3);
+  }
   QuicPacketNumber lost[] = {1};
   VerifyLosses(4, lost, arraysize(lost));
   EXPECT_EQ(QuicTime::Zero(), loss_algorithm_.GetLossTimeout());
@@ -93,7 +102,9 @@ TEST_F(GeneralLossAlgorithmTest, NackRetransmit1PacketWith1StretchAck) {
   }
 
   // Nack the first packet 3 times in a single StretchAck.
-  unacked_packets_.NackPacket(1, 3);
+  if (!FLAGS_quic_simplify_loss_detection) {
+    unacked_packets_.NackPacket(1, 3);
+  }
   unacked_packets_.RemoveFromInFlight(2);
   unacked_packets_.RemoveFromInFlight(3);
   unacked_packets_.RemoveFromInFlight(4);
@@ -111,9 +122,11 @@ TEST_F(GeneralLossAlgorithmTest, NackRetransmit1PacketSingleAck) {
   }
 
   // Nack the first packet 3 times in an AckFrame with three missing packets.
-  unacked_packets_.NackPacket(1, 3);
-  unacked_packets_.NackPacket(2, 2);
-  unacked_packets_.NackPacket(3, 1);
+  if (!FLAGS_quic_simplify_loss_detection) {
+    unacked_packets_.NackPacket(1, 3);
+    unacked_packets_.NackPacket(2, 2);
+    unacked_packets_.NackPacket(3, 1);
+  }
   unacked_packets_.RemoveFromInFlight(4);
   QuicPacketNumber lost[] = {1};
   VerifyLosses(4, lost, arraysize(lost));
@@ -128,7 +141,9 @@ TEST_F(GeneralLossAlgorithmTest, EarlyRetransmit1Packet) {
   }
   // Early retransmit when the final packet gets acked and the first is nacked.
   unacked_packets_.RemoveFromInFlight(2);
-  unacked_packets_.NackPacket(1, 1);
+  if (!FLAGS_quic_simplify_loss_detection) {
+    unacked_packets_.NackPacket(1, 1);
+  }
   VerifyLosses(2, nullptr, 0);
   EXPECT_EQ(clock_.Now().Add(rtt_stats_.smoothed_rtt().Multiply(1.25)),
             loss_algorithm_.GetLossTimeout());
@@ -153,8 +168,10 @@ TEST_F(GeneralLossAlgorithmTest, EarlyRetransmitAllPackets) {
   // elapsed since the packets were sent.
   unacked_packets_.RemoveFromInFlight(kNumSentPackets);
   // This simulates a single ack following multiple missing packets with FACK.
-  for (size_t i = 1; i < kNumSentPackets; ++i) {
-    unacked_packets_.NackPacket(i, kNumSentPackets - i);
+  if (!FLAGS_quic_simplify_loss_detection) {
+    for (size_t i = 1; i < kNumSentPackets; ++i) {
+      unacked_packets_.NackPacket(i, kNumSentPackets - i);
+    }
   }
   QuicPacketNumber lost[] = {1, 2};
   VerifyLosses(kNumSentPackets, lost, arraysize(lost));
@@ -186,7 +203,9 @@ TEST_F(GeneralLossAlgorithmTest, DontEarlyRetransmitNeuteredPacket) {
   // Early retransmit when the final packet gets acked and the first is nacked.
   unacked_packets_.IncreaseLargestObserved(2);
   unacked_packets_.RemoveFromInFlight(2);
-  unacked_packets_.NackPacket(1, 1);
+  if (!FLAGS_quic_simplify_loss_detection) {
+    unacked_packets_.NackPacket(1, 1);
+  }
   VerifyLosses(2, nullptr, 0);
   EXPECT_EQ(QuicTime::Zero(), loss_algorithm_.GetLossTimeout());
 }
@@ -205,7 +224,9 @@ TEST_F(GeneralLossAlgorithmTest, AlwaysLosePacketSent1RTTEarlier) {
   clock_.AdvanceTime(rtt_stats_.smoothed_rtt());
   unacked_packets_.IncreaseLargestObserved(2);
   unacked_packets_.RemoveFromInFlight(2);
-  unacked_packets_.NackPacket(1, 1);
+  if (!FLAGS_quic_simplify_loss_detection) {
+    unacked_packets_.NackPacket(1, 1);
+  }
   QuicPacketNumber lost[] = {1};
   VerifyLosses(2, lost, arraysize(lost));
 }
@@ -220,7 +241,9 @@ TEST_F(GeneralLossAlgorithmTest, NoLossFor500Nacks) {
   }
   unacked_packets_.RemoveFromInFlight(2);
   for (size_t i = 1; i < 500; ++i) {
-    unacked_packets_.NackPacket(1, i);
+    if (!FLAGS_quic_simplify_loss_detection) {
+      unacked_packets_.NackPacket(1, i);
+    }
     VerifyLosses(2, nullptr, 0);
   }
   EXPECT_EQ(rtt_stats_.smoothed_rtt().Multiply(1.25),
@@ -238,13 +261,17 @@ TEST_F(GeneralLossAlgorithmTest, NoLossUntilTimeout) {
   // Expect the timer to not be set.
   EXPECT_EQ(QuicTime::Zero(), loss_algorithm_.GetLossTimeout());
   // The packet should not be lost until 1.25 RTTs pass.
-  unacked_packets_.NackPacket(1, 1);
+  if (!FLAGS_quic_simplify_loss_detection) {
+    unacked_packets_.NackPacket(1, 1);
+  }
   unacked_packets_.RemoveFromInFlight(2);
   VerifyLosses(2, nullptr, 0);
   // Expect the timer to be set to 0.25 RTT's in the future.
   EXPECT_EQ(rtt_stats_.smoothed_rtt().Multiply(0.25),
             loss_algorithm_.GetLossTimeout().Subtract(clock_.Now()));
-  unacked_packets_.NackPacket(1, 5);
+  if (!FLAGS_quic_simplify_loss_detection) {
+    unacked_packets_.NackPacket(1, 5);
+  }
   VerifyLosses(2, nullptr, 0);
   clock_.AdvanceTime(rtt_stats_.smoothed_rtt().Multiply(0.25));
   QuicPacketNumber lost[] = {1};
@@ -286,8 +313,10 @@ TEST_F(GeneralLossAlgorithmTest, MultipleLossesAtOnce) {
   // Expect the timer to not be set.
   EXPECT_EQ(QuicTime::Zero(), loss_algorithm_.GetLossTimeout());
   // The packet should not be lost until 1.25 RTTs pass.
-  for (size_t i = 1; i < kNumSentPackets; ++i) {
-    unacked_packets_.NackPacket(i, 1);
+  if (!FLAGS_quic_simplify_loss_detection) {
+    for (size_t i = 1; i < kNumSentPackets; ++i) {
+      unacked_packets_.NackPacket(i, 1);
+    }
   }
   unacked_packets_.RemoveFromInFlight(10);
   VerifyLosses(10, nullptr, 0);
@@ -300,6 +329,79 @@ TEST_F(GeneralLossAlgorithmTest, MultipleLossesAtOnce) {
   EXPECT_EQ(QuicTime::Zero(), loss_algorithm_.GetLossTimeout());
 }
 
+TEST_F(GeneralLossAlgorithmTest, NoSpuriousLossesFromLargeReordering) {
+  FLAGS_quic_simplify_loss_detection = true;
+  FLAGS_quic_loss_recovery_use_largest_acked = true;
+  loss_algorithm_.SetLossDetectionType(kTime);
+  const size_t kNumSentPackets = 10;
+  // Transmit 10 packets at once and then go forward an RTT.
+  for (size_t i = 1; i <= kNumSentPackets; ++i) {
+    SendDataPacket(i);
+  }
+  clock_.AdvanceTime(rtt_stats_.smoothed_rtt());
+  // Expect the timer to not be set.
+  EXPECT_EQ(QuicTime::Zero(), loss_algorithm_.GetLossTimeout());
+  // The packet should not be lost until 1.25 RTTs pass.
+
+  unacked_packets_.RemoveFromInFlight(10);
+  VerifyLosses(10, nullptr, 0);
+  // Expect the timer to be set to 0.25 RTT's in the future.
+  EXPECT_EQ(rtt_stats_.smoothed_rtt().Multiply(0.25),
+            loss_algorithm_.GetLossTimeout().Subtract(clock_.Now()));
+  clock_.AdvanceTime(rtt_stats_.smoothed_rtt().Multiply(0.25));
+  // Now ack packets 1 to 9 and ensure the timer is no longer set and no packets
+  // are lost.
+  for (QuicPacketNumber i = 1; i <= 9; ++i) {
+    unacked_packets_.RemoveFromInFlight(i);
+    VerifyLosses(i, nullptr, 0);
+    EXPECT_EQ(QuicTime::Zero(), loss_algorithm_.GetLossTimeout());
+  }
+}
+
+TEST_F(GeneralLossAlgorithmTest, IncreaseThresholdUponSpuriousLoss) {
+  FLAGS_quic_simplify_loss_detection = true;
+  FLAGS_quic_adaptive_loss_recovery = true;
+  loss_algorithm_.SetLossDetectionType(kAdaptiveTime);
+  EXPECT_EQ(16, loss_algorithm_.reordering_fraction());
+  const size_t kNumSentPackets = 10;
+  // Transmit 2 packets at 1/10th an RTT interval.
+  for (size_t i = 1; i <= kNumSentPackets; ++i) {
+    SendDataPacket(i);
+    clock_.AdvanceTime(rtt_stats_.smoothed_rtt().Multiply(0.1));
+  }
+  EXPECT_EQ(QuicTime::Zero().Add(rtt_stats_.smoothed_rtt()), clock_.Now());
+
+  // Expect the timer to not be set.
+  EXPECT_EQ(QuicTime::Zero(), loss_algorithm_.GetLossTimeout());
+  // Packet 1 should not be lost until 1/16 RTTs pass.
+  unacked_packets_.RemoveFromInFlight(2);
+  VerifyLosses(2, nullptr, 0);
+  // Expect the timer to be set to 1/16 RTT's in the future.
+  EXPECT_EQ(rtt_stats_.smoothed_rtt().Multiply(1.0f / 16),
+            loss_algorithm_.GetLossTimeout().Subtract(clock_.Now()));
+  VerifyLosses(2, nullptr, 0);
+  clock_.AdvanceTime(rtt_stats_.smoothed_rtt().Multiply(1.0f / 16));
+  QuicPacketNumber lost[] = {1};
+  VerifyLosses(2, lost, arraysize(lost));
+  EXPECT_EQ(QuicTime::Zero(), loss_algorithm_.GetLossTimeout());
+  // Retransmit packet 1 as 11 and 2 as 12.
+  SendDataPacket(11);
+  SendDataPacket(12);
+
+  // Advance the time 1/4 RTT and indicate the loss was spurious.
+  // The new threshold should be 1/2 RTT.
+  clock_.AdvanceTime(rtt_stats_.smoothed_rtt().Multiply(1.0f / 4));
+  loss_algorithm_.SpuriousRetransmitDetected(unacked_packets_, clock_.Now(),
+                                             rtt_stats_, 11);
+  EXPECT_EQ(2, loss_algorithm_.reordering_fraction());
+
+  // Detect another spurious retransmit and ensure the threshold doesn't
+  // increase again.
+  loss_algorithm_.SpuriousRetransmitDetected(unacked_packets_, clock_.Now(),
+                                             rtt_stats_, 12);
+  EXPECT_EQ(2, loss_algorithm_.reordering_fraction());
+}
+
 }  // namespace
 }  // namespace test
 }  // namespace net
diff --git a/chromium/net/quic/congestion_control/hybrid_slow_start_test.cc b/chromium/net/quic/congestion_control/hybrid_slow_start_test.cc
index d3d0fda0978..0e8c934a0a0 100644
--- a/chromium/net/quic/congestion_control/hybrid_slow_start_test.cc
+++ b/chromium/net/quic/congestion_control/hybrid_slow_start_test.cc
@@ -4,8 +4,9 @@
 
 #include "net/quic/congestion_control/hybrid_slow_start.h"
 
+#include <memory>
+
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 namespace net {
@@ -19,7 +20,7 @@ class HybridSlowStartTest : public ::testing::Test {
   void SetUp() override { slow_start_.reset(new HybridSlowStart()); }
   const QuicTime::Delta one_ms_;
   const QuicTime::Delta rtt_;
-  scoped_ptr<HybridSlowStart> slow_start_;
+  std::unique_ptr<HybridSlowStart> slow_start_;
 };
 
 TEST_F(HybridSlowStartTest, Simple) {
diff --git a/chromium/net/quic/congestion_control/loss_detection_interface.cc b/chromium/net/quic/congestion_control/loss_detection_interface.cc
deleted file mode 100644
index bf894286d33..00000000000
--- a/chromium/net/quic/congestion_control/loss_detection_interface.cc
+++ /dev/null
@@ -1,19 +0,0 @@
-// Copyright 2014 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "net/quic/congestion_control/loss_detection_interface.h"
-
-#include "net/quic/congestion_control/general_loss_algorithm.h"
-#include "net/quic/quic_bug_tracker.h"
-#include "net/quic/quic_flags.h"
-
-namespace net {
-
-// Factory for loss detection algorithm.
-LossDetectionInterface* LossDetectionInterface::Create(
-    LossDetectionType loss_type) {
-  return new GeneralLossAlgorithm(loss_type);
-}
-
-}  // namespace net
diff --git a/chromium/net/quic/congestion_control/loss_detection_interface.h b/chromium/net/quic/congestion_control/loss_detection_interface.h
index 323c2fd7275..91f882acee5 100644
--- a/chromium/net/quic/congestion_control/loss_detection_interface.h
+++ b/chromium/net/quic/congestion_control/loss_detection_interface.h
@@ -18,9 +18,6 @@ class RttStats;
 
 class NET_EXPORT_PRIVATE LossDetectionInterface {
  public:
-  // Creates a TCP loss detector.
-  static LossDetectionInterface* Create(LossDetectionType loss_type);
-
   virtual ~LossDetectionInterface() {}
 
   virtual LossDetectionType GetLossDetectionType() const = 0;
@@ -30,11 +27,20 @@ class NET_EXPORT_PRIVATE LossDetectionInterface {
       const QuicUnackedPacketMap& unacked_packets,
       QuicTime time,
       const RttStats& rtt_stats,
+      QuicPacketNumber largest_newly_acked,
       SendAlgorithmInterface::CongestionVector* packets_lost) = 0;
 
   // Get the time the LossDetectionAlgorithm wants to re-evaluate losses.
   // Returns QuicTime::Zero if no alarm needs to be set.
   virtual QuicTime GetLossTimeout() const = 0;
+
+  // Called when a |spurious_retransmission| is detected.  The original
+  // transmission must have been caused by DetectLosses.
+  virtual void SpuriousRetransmitDetected(
+      const QuicUnackedPacketMap& unacked_packets,
+      QuicTime time,
+      const RttStats& rtt_stats,
+      QuicPacketNumber spurious_retransmission) = 0;
 };
 
 }  // namespace net
diff --git a/chromium/net/quic/congestion_control/pacing_sender.cc b/chromium/net/quic/congestion_control/pacing_sender.cc
index 8b1e5354bbd..80ee60f7e27 100644
--- a/chromium/net/quic/congestion_control/pacing_sender.cc
+++ b/chromium/net/quic/congestion_control/pacing_sender.cc
@@ -4,6 +4,8 @@
 
 #include "net/quic/congestion_control/pacing_sender.h"
 
+#include "net/quic/quic_flags.h"
+
 using std::min;
 
 namespace net {
@@ -14,6 +16,7 @@ PacingSender::PacingSender(SendAlgorithmInterface* sender,
     : sender_(sender),
       alarm_granularity_(alarm_granularity),
       initial_packet_burst_(initial_packet_burst),
+      max_pacing_rate_(QuicBandwidth::Zero()),
       burst_tokens_(initial_packet_burst),
       last_delayed_packet_sent_time_(QuicTime::Zero()),
       ideal_next_packet_send_time_(QuicTime::Zero()),
@@ -41,6 +44,10 @@ void PacingSender::SetMaxCongestionWindow(QuicByteCount max_congestion_window) {
   sender_->SetMaxCongestionWindow(max_congestion_window);
 }
 
+void PacingSender::SetMaxPacingRate(QuicBandwidth max_pacing_rate) {
+  max_pacing_rate_ = max_pacing_rate;
+}
+
 void PacingSender::OnCongestionEvent(bool rtt_updated,
                                      QuicByteCount bytes_in_flight,
                                      const CongestionVector& acked_packets,
@@ -79,7 +86,7 @@ bool PacingSender::OnPacketSent(
   }
   // The next packet should be sent as soon as the current packets has been
   // transferred.
-  QuicTime::Delta delay = sender_->PacingRate().TransferTime(bytes);
+  QuicTime::Delta delay = PacingRate().TransferTime(bytes);
   // If the last send was delayed, and the alarm took a long time to get
   // invoked, allow the connection to make up for lost time.
   if (was_last_send_delayed_) {
@@ -144,6 +151,11 @@ QuicTime::Delta PacingSender::TimeUntilSend(
 }
 
 QuicBandwidth PacingSender::PacingRate() const {
+  if (FLAGS_quic_max_pacing_rate && !max_pacing_rate_.IsZero()) {
+    return QuicBandwidth::FromBitsPerSecond(
+        min(max_pacing_rate_.ToBitsPerSecond(),
+            sender_->PacingRate().ToBitsPerSecond()));
+  }
   return sender_->PacingRate();
 }
 
diff --git a/chromium/net/quic/congestion_control/pacing_sender.h b/chromium/net/quic/congestion_control/pacing_sender.h
index 3aeedd29673..f1e2895f500 100644
--- a/chromium/net/quic/congestion_control/pacing_sender.h
+++ b/chromium/net/quic/congestion_control/pacing_sender.h
@@ -14,9 +14,9 @@
 #include <stdint.h>
 
 #include <map>
+#include <memory>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/quic/congestion_control/send_algorithm_interface.h"
 #include "net/quic/quic_bandwidth.h"
 #include "net/quic/quic_config.h"
@@ -36,6 +36,8 @@ class NET_EXPORT_PRIVATE PacingSender : public SendAlgorithmInterface {
                uint32_t initial_packet_burst);
   ~PacingSender() override;
 
+  void SetMaxPacingRate(QuicBandwidth max_pacing_rate);
+
   // SendAlgorithmInterface methods.
   void SetFromConfig(const QuicConfig& config,
                      Perspective perspective) override;
@@ -68,12 +70,15 @@ class NET_EXPORT_PRIVATE PacingSender : public SendAlgorithmInterface {
   // End implementation of SendAlgorithmInterface.
 
  private:
-  scoped_ptr<SendAlgorithmInterface> sender_;  // Underlying sender.
+  std::unique_ptr<SendAlgorithmInterface> sender_;  // Underlying sender.
   // The estimated system alarm granularity.
   const QuicTime::Delta alarm_granularity_;
   // Configured maximum size of the burst coming out of quiescence.  The burst
   // is never larger than the current CWND in packets.
   const uint32_t initial_packet_burst_;
+  // If not QuicBandidth::Zero, the maximum rate the PacingSender will use.
+  QuicBandwidth max_pacing_rate_;
+
   // Number of unpaced packets to be sent before packets are delayed.
   uint32_t burst_tokens_;
   // Send time of the last packet considered delayed.
diff --git a/chromium/net/quic/congestion_control/pacing_sender_test.cc b/chromium/net/quic/congestion_control/pacing_sender_test.cc
index fbbcfecbbc8..e6dfcb6251b 100644
--- a/chromium/net/quic/congestion_control/pacing_sender_test.cc
+++ b/chromium/net/quic/congestion_control/pacing_sender_test.cc
@@ -4,8 +4,9 @@
 
 #include "net/quic/congestion_control/pacing_sender.h"
 
+#include <memory>
+
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/quic/quic_protocol.h"
 #include "net/quic/test_tools/mock_clock.h"
 #include "net/quic/test_tools/quic_test_utils.h"
@@ -100,7 +101,7 @@ class PacingSenderTest : public ::testing::Test {
   MockClock clock_;
   QuicPacketNumber packet_number_;
   StrictMock<MockSendAlgorithm>* mock_sender_;
-  scoped_ptr<PacingSender> pacing_sender_;
+  std::unique_ptr<PacingSender> pacing_sender_;
 };
 
 TEST_F(PacingSenderTest, NoSend) {
diff --git a/chromium/net/quic/congestion_control/rtt_stats.cc b/chromium/net/quic/congestion_control/rtt_stats.cc
index 2e66c8e564c..7f645dd9dee 100644
--- a/chromium/net/quic/congestion_control/rtt_stats.cc
+++ b/chromium/net/quic/congestion_control/rtt_stats.cc
@@ -6,6 +6,8 @@
 
 #include <cstdlib>  // std::abs
 
+#include "net/quic/quic_flags.h"
+
 using std::max;
 
 namespace net {
@@ -27,6 +29,7 @@ RttStats::RttStats()
     : latest_rtt_(QuicTime::Delta::Zero()),
       min_rtt_(QuicTime::Delta::Zero()),
       smoothed_rtt_(QuicTime::Delta::Zero()),
+      previous_srtt_(QuicTime::Delta::Zero()),
       mean_deviation_(QuicTime::Delta::Zero()),
       initial_rtt_us_(kInitialRttMs * kNumMicrosPerMilli),
       num_min_rtt_samples_remaining_(0),
@@ -69,6 +72,9 @@ void RttStats::UpdateRtt(QuicTime::Delta send_delta,
   // positive RTT sample. Otherwise, we use the send_delta as a reasonable
   // measure for smoothed_rtt.
   QuicTime::Delta rtt_sample(send_delta);
+  if (FLAGS_quic_adaptive_loss_recovery) {
+    previous_srtt_ = smoothed_rtt_;
+  }
   if (rtt_sample > ack_delay) {
     rtt_sample = rtt_sample.Subtract(ack_delay);
   }
diff --git a/chromium/net/quic/congestion_control/rtt_stats.h b/chromium/net/quic/congestion_control/rtt_stats.h
index 736178e9ead..85016c815f1 100644
--- a/chromium/net/quic/congestion_control/rtt_stats.h
+++ b/chromium/net/quic/congestion_control/rtt_stats.h
@@ -48,6 +48,9 @@ class NET_EXPORT_PRIVATE RttStats {
   // May return Zero if no valid updates have occurred.
   QuicTime::Delta smoothed_rtt() const { return smoothed_rtt_; }
 
+  // Returns the EWMA smoothed RTT prior to the most recent RTT sample.
+  QuicTime::Delta previous_srtt() const { return previous_srtt_; }
+
   int64_t initial_rtt_us() const { return initial_rtt_us_; }
 
   // Sets an initial RTT to be used for SmoothedRtt before any RTT updates.
@@ -96,6 +99,7 @@ class NET_EXPORT_PRIVATE RttStats {
   QuicTime::Delta latest_rtt_;
   QuicTime::Delta min_rtt_;
   QuicTime::Delta smoothed_rtt_;
+  QuicTime::Delta previous_srtt_;
   // Mean RTT deviation during this session.
   // Approximation of standard deviation, the error is roughly 1.25 times
   // larger than the standard deviation, for a normally distributed signal.
diff --git a/chromium/net/quic/congestion_control/rtt_stats_test.cc b/chromium/net/quic/congestion_control/rtt_stats_test.cc
index 21464905120..a17b904579f 100644
--- a/chromium/net/quic/congestion_control/rtt_stats_test.cc
+++ b/chromium/net/quic/congestion_control/rtt_stats_test.cc
@@ -8,6 +8,7 @@
 
 #include "base/logging.h"
 #include "base/test/mock_log.h"
+#include "net/quic/quic_flags.h"
 #include "net/quic/test_tools/rtt_stats_peer.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
@@ -52,6 +53,24 @@ TEST_F(RttStatsTest, SmoothedRtt) {
   EXPECT_EQ(QuicTime::Delta::FromMilliseconds(200), rtt_stats_.smoothed_rtt());
 }
 
+TEST_F(RttStatsTest, PreviousSmoothedRtt) {
+  FLAGS_quic_adaptive_loss_recovery = true;
+  // Verify that ack_delay is corrected for in Smoothed RTT.
+  rtt_stats_.UpdateRtt(QuicTime::Delta::FromMilliseconds(300),
+                       QuicTime::Delta::FromMilliseconds(100),
+                       QuicTime::Zero());
+  EXPECT_EQ(QuicTime::Delta::FromMilliseconds(200), rtt_stats_.latest_rtt());
+  EXPECT_EQ(QuicTime::Delta::FromMilliseconds(200), rtt_stats_.smoothed_rtt());
+  EXPECT_EQ(QuicTime::Delta::Zero(), rtt_stats_.previous_srtt());
+  // Ensure the previous SRTT is 200ms after a 100ms sample.
+  rtt_stats_.UpdateRtt(QuicTime::Delta::FromMilliseconds(100),
+                       QuicTime::Delta::Zero(), QuicTime::Zero());
+  EXPECT_EQ(QuicTime::Delta::FromMilliseconds(100), rtt_stats_.latest_rtt());
+  EXPECT_EQ(QuicTime::Delta::FromMicroseconds(187500).ToMicroseconds(),
+            rtt_stats_.smoothed_rtt().ToMicroseconds());
+  EXPECT_EQ(QuicTime::Delta::FromMilliseconds(200), rtt_stats_.previous_srtt());
+}
+
 TEST_F(RttStatsTest, MinRtt) {
   rtt_stats_.UpdateRtt(QuicTime::Delta::FromMilliseconds(200),
                        QuicTime::Delta::Zero(), QuicTime::Zero());
diff --git a/chromium/net/quic/congestion_control/tcp_cubic_sender_base.h b/chromium/net/quic/congestion_control/tcp_cubic_sender_base.h
index d3f231bef4b..5149818f9f5 100644
--- a/chromium/net/quic/congestion_control/tcp_cubic_sender_base.h
+++ b/chromium/net/quic/congestion_control/tcp_cubic_sender_base.h
@@ -25,6 +25,9 @@ namespace net {
 
 class RttStats;
 
+// Maximum window to allow when doing bandwidth resumption.
+const QuicPacketCount kMaxResumptionCongestionWindow = 200;
+
 namespace test {
 class TcpCubicSenderBasePeer;
 }  // namespace test
diff --git a/chromium/net/quic/congestion_control/tcp_cubic_sender_bytes.cc b/chromium/net/quic/congestion_control/tcp_cubic_sender_bytes.cc
index 863def3b366..6280bb71938 100644
--- a/chromium/net/quic/congestion_control/tcp_cubic_sender_bytes.cc
+++ b/chromium/net/quic/congestion_control/tcp_cubic_sender_bytes.cc
@@ -42,18 +42,27 @@ TcpCubicSenderBytes::TcpCubicSenderBytes(
       initial_tcp_congestion_window_(initial_tcp_congestion_window *
                                      kDefaultTCPMSS),
       initial_max_tcp_congestion_window_(max_congestion_window *
-                                         kDefaultTCPMSS) {}
+                                         kDefaultTCPMSS),
+      min_slow_start_exit_window_(min_congestion_window_) {}
 
 TcpCubicSenderBytes::~TcpCubicSenderBytes() {}
 
 void TcpCubicSenderBytes::SetCongestionWindowFromBandwidthAndRtt(
     QuicBandwidth bandwidth,
     QuicTime::Delta rtt) {
-  // Make sure CWND is in appropriate range (in case of bad data).
   QuicByteCount new_congestion_window = bandwidth.ToBytesPerPeriod(rtt);
-  congestion_window_ =
-      max(min(new_congestion_window, kMaxCongestionWindow * kDefaultTCPMSS),
-          kMinCongestionWindowForBandwidthResumption * kDefaultTCPMSS);
+  if (FLAGS_quic_no_lower_bw_resumption_limit) {
+    // Limit new CWND if needed.
+    congestion_window_ =
+        max(min_congestion_window_,
+            min(new_congestion_window,
+                kMaxResumptionCongestionWindow * kDefaultTCPMSS));
+  } else {
+    congestion_window_ =
+        max(min(new_congestion_window,
+                kMaxResumptionCongestionWindow * kDefaultTCPMSS),
+            kMinCongestionWindowForBandwidthResumption * kDefaultTCPMSS);
+  }
 }
 
 void TcpCubicSenderBytes::SetCongestionWindowInPackets(
@@ -92,7 +101,7 @@ void TcpCubicSenderBytes::OnPacketLost(QuicPacketNumber packet_number,
       if (slow_start_large_reduction_) {
         // Reduce congestion window by lost_bytes for every loss.
         congestion_window_ =
-            max(congestion_window_ - lost_bytes, min_congestion_window_);
+            max(congestion_window_ - lost_bytes, min_slow_start_exit_window_);
         slowstart_threshold_ = congestion_window_;
       }
     }
@@ -111,6 +120,10 @@ void TcpCubicSenderBytes::OnPacketLost(QuicPacketNumber packet_number,
   // TODO(jri): Separate out all of slow start into a separate class.
   if (slow_start_large_reduction_ && InSlowStart()) {
     DCHECK_LT(kDefaultTCPMSS, congestion_window_);
+    if (FLAGS_quic_sslr_limit_reduction &&
+        congestion_window_ >= 2 * initial_tcp_congestion_window_) {
+      min_slow_start_exit_window_ = congestion_window_ / 2;
+    }
     congestion_window_ = congestion_window_ - kDefaultTCPMSS;
   } else if (reno_) {
     congestion_window_ = congestion_window_ * RenoBeta();
@@ -118,7 +131,6 @@ void TcpCubicSenderBytes::OnPacketLost(QuicPacketNumber packet_number,
     congestion_window_ =
         cubic_.CongestionWindowAfterPacketLoss(congestion_window_);
   }
-  // Enforce TCP's minimum congestion window of 2*MSS.
   if (congestion_window_ < min_congestion_window_) {
     congestion_window_ = min_congestion_window_;
   }
diff --git a/chromium/net/quic/congestion_control/tcp_cubic_sender_bytes.h b/chromium/net/quic/congestion_control/tcp_cubic_sender_bytes.h
index d31cc1df130..e7a0765a0bd 100644
--- a/chromium/net/quic/congestion_control/tcp_cubic_sender_bytes.h
+++ b/chromium/net/quic/congestion_control/tcp_cubic_sender_bytes.h
@@ -47,6 +47,8 @@ class NET_EXPORT_PRIVATE TcpCubicSenderBytes : public TcpCubicSenderBase {
   CongestionControlType GetCongestionControlType() const override;
   // End implementation of SendAlgorithmInterface.
 
+  QuicByteCount min_congestion_window() const { return min_congestion_window_; }
+
  protected:
   // TcpCubicSenderBase methods
   void SetCongestionWindowFromBandwidthAndRtt(QuicBandwidth bandwidth,
@@ -91,6 +93,9 @@ class NET_EXPORT_PRIVATE TcpCubicSenderBytes : public TcpCubicSenderBase {
   // set when this algorithm is created.
   const QuicByteCount initial_max_tcp_congestion_window_;
 
+  // The minimum window when exiting slow start with large reduction.
+  QuicByteCount min_slow_start_exit_window_;
+
   DISALLOW_COPY_AND_ASSIGN(TcpCubicSenderBytes);
 };
 
diff --git a/chromium/net/quic/congestion_control/tcp_cubic_sender_bytes_test.cc b/chromium/net/quic/congestion_control/tcp_cubic_sender_bytes_test.cc
index eaacb5bc0bb..7e2c0ad94ae 100644
--- a/chromium/net/quic/congestion_control/tcp_cubic_sender_bytes_test.cc
+++ b/chromium/net/quic/congestion_control/tcp_cubic_sender_bytes_test.cc
@@ -5,9 +5,10 @@
 #include "net/quic/congestion_control/tcp_cubic_sender_bytes.h"
 
 #include <algorithm>
+#include <cstdint>
+#include <memory>
 
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/quic/congestion_control/rtt_stats.h"
 #include "net/quic/crypto/crypto_protocol.h"
 #include "net/quic/proto/cached_network_parameters.pb.h"
@@ -26,6 +27,7 @@ namespace test {
 // an initial CWND of 10. They have carefully calculated values which should be
 // updated to be based on kInitialCongestionWindow.
 const uint32_t kInitialCongestionWindowPackets = 10;
+const uint32_t kMaxCongestionWindowPackets = 200;
 const uint32_t kDefaultWindowTCP =
     kInitialCongestionWindowPackets * kDefaultTCPMSS;
 const float kRenoBeta = 0.7f;  // Reno backoff factor.
@@ -37,7 +39,7 @@ class TcpCubicSenderBytesPeer : public TcpCubicSenderBytes {
                             &rtt_stats_,
                             reno,
                             kInitialCongestionWindowPackets,
-                            kMaxCongestionWindow,
+                            kMaxCongestionWindowPackets,
                             &stats_) {}
 
   const HybridSlowStart& hybrid_slow_start() const {
@@ -123,7 +125,7 @@ class TcpCubicSenderBytesTest : public ::testing::Test {
 
   const QuicTime::Delta one_ms_;
   MockClock clock_;
-  scoped_ptr<TcpCubicSenderBytesPeer> sender_;
+  std::unique_ptr<TcpCubicSenderBytesPeer> sender_;
   QuicPacketNumber packet_number_;
   QuicPacketNumber acked_packet_number_;
   QuicByteCount bytes_in_flight_;
@@ -230,6 +232,7 @@ TEST_F(TcpCubicSenderBytesTest, SlowStartPacketLoss) {
 }
 
 TEST_F(TcpCubicSenderBytesTest, SlowStartPacketLossWithLargeReduction) {
+  FLAGS_quic_sslr_limit_reduction = true;
   QuicConfig config;
   QuicTagVector options;
   options.push_back(kSSLR);
@@ -237,7 +240,7 @@ TEST_F(TcpCubicSenderBytesTest, SlowStartPacketLossWithLargeReduction) {
   sender_->SetFromConfig(config, Perspective::IS_SERVER);
 
   sender_->SetNumEmulatedConnections(1);
-  const int kNumberOfAcks = 10;
+  const int kNumberOfAcks = (kDefaultWindowTCP / (2 * kDefaultTCPMSS)) - 1;
   for (int i = 0; i < kNumberOfAcks; ++i) {
     // Send our full send window.
     SendAvailableSendWindow();
@@ -259,6 +262,11 @@ TEST_F(TcpCubicSenderBytesTest, SlowStartPacketLossWithLargeReduction) {
   LoseNPackets(5);
   expected_send_window -= 5 * kDefaultTCPMSS;
   EXPECT_EQ(expected_send_window, sender_->GetCongestionWindow());
+  // Lose another 10 packets and ensure it reduces below half the peak CWND,
+  // because we never acked the full IW.
+  LoseNPackets(10);
+  expected_send_window -= 10 * kDefaultTCPMSS;
+  EXPECT_EQ(expected_send_window, sender_->GetCongestionWindow());
 
   size_t packets_in_recovery_window = expected_send_window / kDefaultTCPMSS;
 
@@ -287,7 +295,6 @@ TEST_F(TcpCubicSenderBytesTest, SlowStartPacketLossWithLargeReduction) {
 }
 
 TEST_F(TcpCubicSenderBytesTest, SlowStartHalfPacketLossWithLargeReduction) {
-  FLAGS_quic_sslr_byte_conservation = true;
   QuicConfig config;
   QuicTagVector options;
   options.push_back(kSSLR);
@@ -319,6 +326,41 @@ TEST_F(TcpCubicSenderBytesTest, SlowStartHalfPacketLossWithLargeReduction) {
   EXPECT_EQ(expected_send_window, sender_->GetCongestionWindow());
 }
 
+TEST_F(TcpCubicSenderBytesTest, SlowStartPacketLossWithMaxHalfReduction) {
+  FLAGS_quic_sslr_limit_reduction = true;
+  QuicConfig config;
+  QuicTagVector options;
+  options.push_back(kSSLR);
+  QuicConfigPeer::SetReceivedConnectionOptions(&config, options);
+  sender_->SetFromConfig(config, Perspective::IS_SERVER);
+
+  sender_->SetNumEmulatedConnections(1);
+  const int kNumberOfAcks = kInitialCongestionWindowPackets / 2;
+  for (int i = 0; i < kNumberOfAcks; ++i) {
+    // Send our full send window.
+    SendAvailableSendWindow();
+    AckNPackets(2);
+  }
+  SendAvailableSendWindow();
+  QuicByteCount expected_send_window =
+      kDefaultWindowTCP + (kDefaultTCPMSS * 2 * kNumberOfAcks);
+  EXPECT_EQ(expected_send_window, sender_->GetCongestionWindow());
+
+  // Lose a packet to exit slow start. We should now have fallen out of
+  // slow start with a window reduced by 1.
+  LoseNPackets(1);
+  expected_send_window -= kDefaultTCPMSS;
+  EXPECT_EQ(expected_send_window, sender_->GetCongestionWindow());
+
+  // Lose half the outstanding packets in recovery and verify the congestion
+  // window is only reduced by a max of half.
+  LoseNPackets(kNumberOfAcks * 2);
+  expected_send_window -= (kNumberOfAcks * 2 - 1) * kDefaultTCPMSS;
+  EXPECT_EQ(expected_send_window, sender_->GetCongestionWindow());
+  LoseNPackets(5);
+  EXPECT_EQ(expected_send_window, sender_->GetCongestionWindow());
+}
+
 TEST_F(TcpCubicSenderBytesTest, NoPRRWhenLessThanOnePacketInFlight) {
   SendAvailableSendWindow();
   LoseNPackets(kInitialCongestionWindowPackets - 1);
@@ -691,22 +733,29 @@ TEST_F(TcpCubicSenderBytesTest, BandwidthResumption) {
 
   // Resumed CWND is limited to be in a sensible range.
   cached_network_params.set_bandwidth_estimate_bytes_per_second(
-      (kMaxCongestionWindow + 1) * kDefaultTCPMSS);
+      (kMaxCongestionWindowPackets + 1) * kDefaultTCPMSS);
   sender_->ResumeConnectionState(cached_network_params, false);
-  EXPECT_EQ(kMaxCongestionWindow * kDefaultTCPMSS,
+  EXPECT_EQ(kMaxCongestionWindowPackets * kDefaultTCPMSS,
             sender_->GetCongestionWindow());
 
-  cached_network_params.set_bandwidth_estimate_bytes_per_second(
-      (kMinCongestionWindowForBandwidthResumption - 1) * kDefaultTCPMSS);
-  sender_->ResumeConnectionState(cached_network_params, false);
-  EXPECT_EQ(kMinCongestionWindowForBandwidthResumption * kDefaultTCPMSS,
-            sender_->GetCongestionWindow());
+  if (FLAGS_quic_no_lower_bw_resumption_limit) {
+    // Resume with an illegal value of 0 and verify the server uses 1 instead.
+    cached_network_params.set_bandwidth_estimate_bytes_per_second(0);
+    sender_->ResumeConnectionState(cached_network_params, false);
+    EXPECT_EQ(sender_->min_congestion_window(), sender_->GetCongestionWindow());
+  } else {
+    cached_network_params.set_bandwidth_estimate_bytes_per_second(
+        (kMinCongestionWindowForBandwidthResumption - 1) * kDefaultTCPMSS);
+    sender_->ResumeConnectionState(cached_network_params, false);
+    EXPECT_EQ(kMinCongestionWindowForBandwidthResumption * kDefaultTCPMSS,
+              sender_->GetCongestionWindow());
+  }
 
   // Resume to the max value.
   cached_network_params.set_max_bandwidth_estimate_bytes_per_second(
-      (kMinCongestionWindowForBandwidthResumption + 10) * kDefaultTCPMSS);
+      kMaxCongestionWindowPackets * kDefaultTCPMSS);
   sender_->ResumeConnectionState(cached_network_params, true);
-  EXPECT_EQ((kMinCongestionWindowForBandwidthResumption + 10) * kDefaultTCPMSS,
+  EXPECT_EQ(kMaxCongestionWindowPackets * kDefaultTCPMSS,
             sender_->GetCongestionWindow());
 }
 
@@ -757,7 +806,7 @@ TEST_F(TcpCubicSenderBytesTest, ResetAfterConnectionMigration) {
   // Resets cwnd and slow start threshold on connection migrations.
   sender_->OnConnectionMigration();
   EXPECT_EQ(kDefaultWindowTCP, sender_->GetCongestionWindow());
-  EXPECT_EQ(kMaxCongestionWindow * kDefaultTCPMSS,
+  EXPECT_EQ(kMaxCongestionWindowPackets * kDefaultTCPMSS,
             sender_->GetSlowStartThreshold());
   EXPECT_FALSE(sender_->hybrid_slow_start().started());
 }
diff --git a/chromium/net/quic/congestion_control/tcp_cubic_sender_packets.cc b/chromium/net/quic/congestion_control/tcp_cubic_sender_packets.cc
index e1c225febb4..91918b18333 100644
--- a/chromium/net/quic/congestion_control/tcp_cubic_sender_packets.cc
+++ b/chromium/net/quic/congestion_control/tcp_cubic_sender_packets.cc
@@ -41,18 +41,26 @@ TcpCubicSenderPackets::TcpCubicSenderPackets(
       slowstart_threshold_(max_tcp_congestion_window),
       max_tcp_congestion_window_(max_tcp_congestion_window),
       initial_tcp_congestion_window_(initial_tcp_congestion_window),
-      initial_max_tcp_congestion_window_(max_tcp_congestion_window) {}
+      initial_max_tcp_congestion_window_(max_tcp_congestion_window),
+      min_slow_start_exit_window_(min_congestion_window_) {}
 
 TcpCubicSenderPackets::~TcpCubicSenderPackets() {}
 
 void TcpCubicSenderPackets::SetCongestionWindowFromBandwidthAndRtt(
     QuicBandwidth bandwidth,
     QuicTime::Delta rtt) {
-  // Make sure CWND is in appropriate range (in case of bad data).
   QuicPacketCount new_congestion_window =
       bandwidth.ToBytesPerPeriod(rtt) / kDefaultTCPMSS;
-  congestion_window_ = max(min(new_congestion_window, kMaxCongestionWindow),
-                           kMinCongestionWindowForBandwidthResumption);
+  if (FLAGS_quic_no_lower_bw_resumption_limit) {
+    // Limit new CWND to be in the range [1, kMaxCongestionWindow].
+    congestion_window_ =
+        max(min_congestion_window_,
+            min(new_congestion_window, kMaxResumptionCongestionWindow));
+  } else {
+    congestion_window_ =
+        max(min(new_congestion_window, kMaxResumptionCongestionWindow),
+            kMinCongestionWindowForBandwidthResumption);
+  }
 }
 
 void TcpCubicSenderPackets::SetCongestionWindowInPackets(
@@ -89,19 +97,12 @@ void TcpCubicSenderPackets::OnPacketLost(QuicPacketNumber packet_number,
       ++stats_->slowstart_packets_lost;
       stats_->slowstart_bytes_lost += lost_bytes;
       if (slow_start_large_reduction_) {
-        if (FLAGS_quic_sslr_byte_conservation) {
-          if (stats_->slowstart_packets_lost == 1 ||
-              (stats_->slowstart_bytes_lost / kDefaultTCPMSS) >
-                  (stats_->slowstart_bytes_lost - lost_bytes) /
-                      kDefaultTCPMSS) {
-            // Reduce congestion window by 1 for every mss of bytes lost.
-            congestion_window_ =
-                max(congestion_window_ - 1, min_congestion_window_);
-          }
-        } else {
-          // Reduce congestion window by 1 for every loss.
+        if (stats_->slowstart_packets_lost == 1 ||
+            (stats_->slowstart_bytes_lost / kDefaultTCPMSS) >
+                (stats_->slowstart_bytes_lost - lost_bytes) / kDefaultTCPMSS) {
+          // Reduce congestion window by 1 for every mss of bytes lost.
           congestion_window_ =
-              max(congestion_window_ - 1, min_congestion_window_);
+              max(congestion_window_ - 1, min_slow_start_exit_window_);
         }
         slowstart_threshold_ = congestion_window_;
       }
@@ -121,6 +122,10 @@ void TcpCubicSenderPackets::OnPacketLost(QuicPacketNumber packet_number,
   // TODO(jri): Separate out all of slow start into a separate class.
   if (slow_start_large_reduction_ && InSlowStart()) {
     DCHECK_LT(1u, congestion_window_);
+    if (FLAGS_quic_sslr_limit_reduction &&
+        congestion_window_ >= 2 * initial_tcp_congestion_window_) {
+      min_slow_start_exit_window_ = congestion_window_ / 2;
+    }
     congestion_window_ = congestion_window_ - 1;
   } else if (reno_) {
     congestion_window_ = congestion_window_ * RenoBeta();
diff --git a/chromium/net/quic/congestion_control/tcp_cubic_sender_packets.h b/chromium/net/quic/congestion_control/tcp_cubic_sender_packets.h
index 5a89df83675..610e75e12b2 100644
--- a/chromium/net/quic/congestion_control/tcp_cubic_sender_packets.h
+++ b/chromium/net/quic/congestion_control/tcp_cubic_sender_packets.h
@@ -49,6 +49,8 @@ class NET_EXPORT_PRIVATE TcpCubicSenderPackets : public TcpCubicSenderBase {
   CongestionControlType GetCongestionControlType() const override;
   // End implementation of SendAlgorithmInterface.
 
+  QuicByteCount min_congestion_window() const { return min_congestion_window_; }
+
  protected:
   // TcpCubicSenderBase methods
   void SetCongestionWindowFromBandwidthAndRtt(QuicBandwidth bandwidth,
@@ -93,6 +95,9 @@ class NET_EXPORT_PRIVATE TcpCubicSenderPackets : public TcpCubicSenderBase {
   // this algorithm is created.
   const QuicPacketCount initial_max_tcp_congestion_window_;
 
+  // The minimum window when exiting slow start with large reduction.
+  QuicPacketCount min_slow_start_exit_window_;
+
   DISALLOW_COPY_AND_ASSIGN(TcpCubicSenderPackets);
 };
 
diff --git a/chromium/net/quic/congestion_control/tcp_cubic_sender_packets_test.cc b/chromium/net/quic/congestion_control/tcp_cubic_sender_packets_test.cc
index f4a4227eabe..6f831061d44 100644
--- a/chromium/net/quic/congestion_control/tcp_cubic_sender_packets_test.cc
+++ b/chromium/net/quic/congestion_control/tcp_cubic_sender_packets_test.cc
@@ -5,9 +5,9 @@
 #include "net/quic/congestion_control/tcp_cubic_sender_packets.h"
 
 #include <algorithm>
+#include <memory>
 
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/quic/congestion_control/rtt_stats.h"
 #include "net/quic/crypto/crypto_protocol.h"
 #include "net/quic/proto/cached_network_parameters.pb.h"
@@ -28,6 +28,7 @@ namespace test {
 // an initial CWND of 10. They have carefully calculated values which should be
 // updated to be based on kInitialCongestionWindow.
 const uint32_t kInitialCongestionWindowPackets = 10;
+const uint32_t kMaxCongestionWindowPackets = 200;
 const uint32_t kDefaultWindowTCP =
     kInitialCongestionWindowPackets * kDefaultTCPMSS;
 const float kRenoBeta = 0.7f;  // Reno backoff factor.
@@ -62,8 +63,9 @@ class TcpCubicSenderPacketsTest : public ::testing::Test {
  protected:
   TcpCubicSenderPacketsTest()
       : one_ms_(QuicTime::Delta::FromMilliseconds(1)),
-        sender_(
-            new TcpCubicSenderPacketsPeer(&clock_, true, kMaxCongestionWindow)),
+        sender_(new TcpCubicSenderPacketsPeer(&clock_,
+                                              true,
+                                              kMaxCongestionWindowPackets)),
         packet_number_(1),
         acked_packet_number_(0),
         bytes_in_flight_(0) {}
@@ -132,7 +134,7 @@ class TcpCubicSenderPacketsTest : public ::testing::Test {
 
   const QuicTime::Delta one_ms_;
   MockClock clock_;
-  scoped_ptr<TcpCubicSenderPacketsPeer> sender_;
+  std::unique_ptr<TcpCubicSenderPacketsPeer> sender_;
   QuicPacketNumber packet_number_;
   QuicPacketNumber acked_packet_number_;
   QuicByteCount bytes_in_flight_;
@@ -239,6 +241,7 @@ TEST_F(TcpCubicSenderPacketsTest, SlowStartPacketLoss) {
 }
 
 TEST_F(TcpCubicSenderPacketsTest, SlowStartPacketLossWithLargeReduction) {
+  FLAGS_quic_sslr_limit_reduction = true;
   QuicConfig config;
   QuicTagVector options;
   options.push_back(kSSLR);
@@ -246,7 +249,7 @@ TEST_F(TcpCubicSenderPacketsTest, SlowStartPacketLossWithLargeReduction) {
   sender_->SetFromConfig(config, Perspective::IS_SERVER);
 
   sender_->SetNumEmulatedConnections(1);
-  const int kNumberOfAcks = 10;
+  const int kNumberOfAcks = (kDefaultWindowTCP / (2 * kDefaultTCPMSS)) - 1;
   for (int i = 0; i < kNumberOfAcks; ++i) {
     // Send our full send window.
     SendAvailableSendWindow();
@@ -268,6 +271,11 @@ TEST_F(TcpCubicSenderPacketsTest, SlowStartPacketLossWithLargeReduction) {
   LoseNPackets(5);
   expected_send_window -= 5 * kDefaultTCPMSS;
   EXPECT_EQ(expected_send_window, sender_->GetCongestionWindow());
+  // Lose another 10 packets and ensure it reduces below half the peak CWND,
+  // because we never acked the full IW.
+  LoseNPackets(10);
+  expected_send_window -= 10 * kDefaultTCPMSS;
+  EXPECT_EQ(expected_send_window, sender_->GetCongestionWindow());
 
   size_t packets_in_recovery_window = expected_send_window / kDefaultTCPMSS;
 
@@ -296,7 +304,6 @@ TEST_F(TcpCubicSenderPacketsTest, SlowStartPacketLossWithLargeReduction) {
 }
 
 TEST_F(TcpCubicSenderPacketsTest, SlowStartHalfPacketLossWithLargeReduction) {
-  FLAGS_quic_sslr_byte_conservation = true;
   QuicConfig config;
   QuicTagVector options;
   options.push_back(kSSLR);
@@ -328,6 +335,41 @@ TEST_F(TcpCubicSenderPacketsTest, SlowStartHalfPacketLossWithLargeReduction) {
   EXPECT_EQ(expected_send_window, sender_->GetCongestionWindow());
 }
 
+TEST_F(TcpCubicSenderPacketsTest, SlowStartPacketLossWithMaxHalfReduction) {
+  FLAGS_quic_sslr_limit_reduction = true;
+  QuicConfig config;
+  QuicTagVector options;
+  options.push_back(kSSLR);
+  QuicConfigPeer::SetReceivedConnectionOptions(&config, options);
+  sender_->SetFromConfig(config, Perspective::IS_SERVER);
+
+  sender_->SetNumEmulatedConnections(1);
+  const int kNumberOfAcks = kInitialCongestionWindowPackets / 2;
+  for (int i = 0; i < kNumberOfAcks; ++i) {
+    // Send our full send window.
+    SendAvailableSendWindow();
+    AckNPackets(2);
+  }
+  SendAvailableSendWindow();
+  QuicByteCount expected_send_window =
+      kDefaultWindowTCP + (kDefaultTCPMSS * 2 * kNumberOfAcks);
+  EXPECT_EQ(expected_send_window, sender_->GetCongestionWindow());
+
+  // Lose a packet to exit slow start. We should now have fallen out of
+  // slow start with a window reduced by 1.
+  LoseNPackets(1);
+  expected_send_window -= kDefaultTCPMSS;
+  EXPECT_EQ(expected_send_window, sender_->GetCongestionWindow());
+
+  // Lose half the outstanding packets in recovery and verify the congestion
+  // window is only reduced by a max of half.
+  LoseNPackets(kNumberOfAcks * 2);
+  expected_send_window -= (kNumberOfAcks * 2 - 1) * kDefaultTCPMSS;
+  EXPECT_EQ(expected_send_window, sender_->GetCongestionWindow());
+  LoseNPackets(5);
+  EXPECT_EQ(expected_send_window, sender_->GetCongestionWindow());
+}
+
 TEST_F(TcpCubicSenderPacketsTest, NoPRRWhenLessThanOnePacketInFlight) {
   SendAvailableSendWindow();
   LoseNPackets(kInitialCongestionWindowPackets - 1);
@@ -447,7 +489,7 @@ TEST_F(TcpCubicSenderPacketsTest, SlowStartBurstPacketLossPRR) {
 
 TEST_F(TcpCubicSenderPacketsTest, RTOCongestionWindow) {
   EXPECT_EQ(kDefaultWindowTCP, sender_->GetCongestionWindow());
-  EXPECT_EQ(kMaxCongestionWindow, sender_->slowstart_threshold());
+  EXPECT_EQ(kMaxCongestionWindowPackets, sender_->slowstart_threshold());
 
   // Expect the window to decrease to the minimum once the RTO fires
   // and slow start threshold to be set to 1/2 of the CWND.
@@ -839,21 +881,28 @@ TEST_F(TcpCubicSenderPacketsTest, BandwidthResumption) {
 
   // Resumed CWND is limited to be in a sensible range.
   cached_network_params.set_bandwidth_estimate_bytes_per_second(
-      (kMaxCongestionWindow + 1) * kDefaultTCPMSS);
+      (kMaxCongestionWindowPackets + 1) * kDefaultTCPMSS);
   sender_->ResumeConnectionState(cached_network_params, false);
-  EXPECT_EQ(kMaxCongestionWindow, sender_->congestion_window());
-
-  cached_network_params.set_bandwidth_estimate_bytes_per_second(
-      (kMinCongestionWindowForBandwidthResumption - 1) * kDefaultTCPMSS);
-  sender_->ResumeConnectionState(cached_network_params, false);
-  EXPECT_EQ(kMinCongestionWindowForBandwidthResumption,
-            sender_->congestion_window());
+  EXPECT_EQ(kMaxCongestionWindowPackets, sender_->congestion_window());
+
+  if (FLAGS_quic_no_lower_bw_resumption_limit) {
+    // Resume with an illegal value of 0 and verify the server uses 1 instead.
+    cached_network_params.set_bandwidth_estimate_bytes_per_second(0);
+    sender_->ResumeConnectionState(cached_network_params, false);
+    EXPECT_EQ(sender_->min_congestion_window(), sender_->congestion_window());
+  } else {
+    cached_network_params.set_bandwidth_estimate_bytes_per_second(
+        (kMinCongestionWindowForBandwidthResumption - 1) * kDefaultTCPMSS);
+    sender_->ResumeConnectionState(cached_network_params, false);
+    EXPECT_EQ(kMinCongestionWindowForBandwidthResumption,
+              sender_->congestion_window());
+  }
 
   // Resume to the max value.
   cached_network_params.set_max_bandwidth_estimate_bytes_per_second(
-      (kMinCongestionWindowForBandwidthResumption + 10) * kDefaultTCPMSS);
+      kMaxCongestionWindowPackets * kDefaultTCPMSS);
   sender_->ResumeConnectionState(cached_network_params, true);
-  EXPECT_EQ((kMinCongestionWindowForBandwidthResumption + 10) * kDefaultTCPMSS,
+  EXPECT_EQ(kMaxCongestionWindowPackets * kDefaultTCPMSS,
             sender_->GetCongestionWindow());
 }
 
@@ -880,7 +929,7 @@ TEST_F(TcpCubicSenderPacketsTest, PaceBelowCWND) {
 
 TEST_F(TcpCubicSenderPacketsTest, ResetAfterConnectionMigration) {
   EXPECT_EQ(kDefaultWindowTCP, sender_->GetCongestionWindow());
-  EXPECT_EQ(kMaxCongestionWindow, sender_->slowstart_threshold());
+  EXPECT_EQ(kMaxCongestionWindowPackets, sender_->slowstart_threshold());
 
   // Starts with slow start.
   sender_->SetNumEmulatedConnections(1);
@@ -908,7 +957,7 @@ TEST_F(TcpCubicSenderPacketsTest, ResetAfterConnectionMigration) {
   // Resets cwnd and slow start threshold on connection migrations.
   sender_->OnConnectionMigration();
   EXPECT_EQ(kDefaultWindowTCP, sender_->GetCongestionWindow());
-  EXPECT_EQ(kMaxCongestionWindow, sender_->slowstart_threshold());
+  EXPECT_EQ(kMaxCongestionWindowPackets, sender_->slowstart_threshold());
   EXPECT_FALSE(sender_->hybrid_slow_start().started());
 }
 
diff --git a/chromium/net/quic/crypto/aead_base_decrypter_openssl.cc b/chromium/net/quic/crypto/aead_base_decrypter.cc
index cb91a6906d6..8b6661a9ba9 100644
--- a/chromium/net/quic/crypto/aead_base_decrypter_openssl.cc
+++ b/chromium/net/quic/crypto/aead_base_decrypter.cc
@@ -2,16 +2,18 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "net/quic/crypto/aead_base_decrypter.h"
-
 #include <openssl/err.h>
 #include <openssl/evp.h>
 
-#include "base/memory/scoped_ptr.h"
+#include <memory>
+
+#include "net/quic/crypto/aead_base_decrypter.h"
+#include "net/quic/quic_bug_tracker.h"
 #include "net/quic/quic_flags.h"
 #include "net/quic/quic_utils.h"
 
 using base::StringPiece;
+using std::string;
 
 namespace net {
 
@@ -46,7 +48,11 @@ AeadBaseDecrypter::AeadBaseDecrypter(const EVP_AEAD* aead_alg,
     : aead_alg_(aead_alg),
       key_size_(key_size),
       auth_tag_size_(auth_tag_size),
-      nonce_prefix_size_(nonce_prefix_size) {
+      nonce_prefix_size_(nonce_prefix_size),
+      have_preliminary_key_(false) {
+  DCHECK_GT(256u, key_size);
+  DCHECK_GT(256u, auth_tag_size);
+  DCHECK_GT(256u, nonce_prefix_size);
   DCHECK_LE(key_size_, sizeof(key_));
   DCHECK_LE(nonce_prefix_size_, sizeof(nonce_prefix_));
 }
@@ -79,6 +85,35 @@ bool AeadBaseDecrypter::SetNoncePrefix(StringPiece nonce_prefix) {
   return true;
 }
 
+bool AeadBaseDecrypter::SetPreliminaryKey(StringPiece key) {
+  DCHECK(!have_preliminary_key_);
+  SetKey(key);
+  have_preliminary_key_ = true;
+
+  return true;
+}
+
+bool AeadBaseDecrypter::SetDiversificationNonce(DiversificationNonce nonce) {
+  if (!have_preliminary_key_) {
+    return true;
+  }
+
+  string key, nonce_prefix;
+  DiversifyPreliminaryKey(
+      StringPiece(reinterpret_cast<const char*>(key_), key_size_),
+      StringPiece(reinterpret_cast<const char*>(nonce_prefix_),
+                  nonce_prefix_size_),
+      nonce, key_size_, nonce_prefix_size_, &key, &nonce_prefix);
+
+  if (!SetKey(key) || !SetNoncePrefix(nonce_prefix)) {
+    DCHECK(false);
+    return false;
+  }
+
+  have_preliminary_key_ = false;
+  return true;
+}
+
 bool AeadBaseDecrypter::DecryptPacket(QuicPathId path_id,
                                       QuicPacketNumber packet_number,
                                       StringPiece associated_data,
@@ -90,6 +125,11 @@ bool AeadBaseDecrypter::DecryptPacket(QuicPathId path_id,
     return false;
   }
 
+  if (have_preliminary_key_) {
+    QUIC_BUG << "Unable to decrypt while key diversification is pending";
+    return false;
+  }
+
   uint8_t nonce[sizeof(nonce_prefix_) + sizeof(packet_number)];
   const size_t nonce_size = nonce_prefix_size_ + sizeof(packet_number);
   memcpy(nonce, nonce_prefix_, nonce_prefix_size_);
diff --git a/chromium/net/quic/crypto/aead_base_decrypter.h b/chromium/net/quic/crypto/aead_base_decrypter.h
index c76f11f6c6e..ca5fa9c317a 100644
--- a/chromium/net/quic/crypto/aead_base_decrypter.h
+++ b/chromium/net/quic/crypto/aead_base_decrypter.h
@@ -10,34 +10,24 @@
 #include "base/compiler_specific.h"
 #include "base/macros.h"
 #include "net/quic/crypto/quic_decrypter.h"
-
-#if defined(USE_OPENSSL)
 #include "net/quic/crypto/scoped_evp_aead_ctx.h"
-#else
-#include <pkcs11t.h>
-#endif
 
 namespace net {
 
 // AeadBaseDecrypter is the base class of AEAD QuicDecrypter subclasses.
 class NET_EXPORT_PRIVATE AeadBaseDecrypter : public QuicDecrypter {
  public:
-#if defined(USE_OPENSSL)
   AeadBaseDecrypter(const EVP_AEAD* aead_alg,
                     size_t key_size,
                     size_t auth_tag_size,
                     size_t nonce_prefix_size);
-#else
-  AeadBaseDecrypter(CK_MECHANISM_TYPE aead_mechanism,
-                    size_t key_size,
-                    size_t auth_tag_size,
-                    size_t nonce_prefix_size);
-#endif
   ~AeadBaseDecrypter() override;
 
   // QuicDecrypter implementation
   bool SetKey(base::StringPiece key) override;
   bool SetNoncePrefix(base::StringPiece nonce_prefix) override;
+  bool SetPreliminaryKey(base::StringPiece key) override;
+  bool SetDiversificationNonce(DiversificationNonce nonce) override;
   bool DecryptPacket(QuicPathId path_id,
                      QuicPacketNumber packet_number,
                      base::StringPiece associated_data,
@@ -55,39 +45,19 @@ class NET_EXPORT_PRIVATE AeadBaseDecrypter : public QuicDecrypter {
   static const size_t kMaxKeySize = 32;
   static const size_t kMaxNoncePrefixSize = 4;
 
-#if !defined(USE_OPENSSL)
-  struct AeadParams {
-    unsigned int len;
-    union {
-      CK_GCM_PARAMS gcm_params;
-      CK_NSS_AEAD_PARAMS nss_aead_params;
-    } data;
-  };
-
-  virtual void FillAeadParams(base::StringPiece nonce,
-                              base::StringPiece associated_data,
-                              size_t auth_tag_size,
-                              AeadParams* aead_params) const = 0;
-#endif  // !defined(USE_OPENSSL)
-
  private:
-#if defined(USE_OPENSSL)
   const EVP_AEAD* const aead_alg_;
-#else
-  const CK_MECHANISM_TYPE aead_mechanism_;
-#endif
   const size_t key_size_;
   const size_t auth_tag_size_;
   const size_t nonce_prefix_size_;
+  bool have_preliminary_key_;
 
   // The key.
   unsigned char key_[kMaxKeySize];
   // The nonce prefix.
   unsigned char nonce_prefix_[kMaxNoncePrefixSize];
 
-#if defined(USE_OPENSSL)
   ScopedEVPAEADCtx ctx_;
-#endif
 
   DISALLOW_COPY_AND_ASSIGN(AeadBaseDecrypter);
 };
diff --git a/chromium/net/quic/crypto/aead_base_decrypter_nss.cc b/chromium/net/quic/crypto/aead_base_decrypter_nss.cc
deleted file mode 100644
index 47878609c09..00000000000
--- a/chromium/net/quic/crypto/aead_base_decrypter_nss.cc
+++ /dev/null
@@ -1,135 +0,0 @@
-// Copyright (c) 2013 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "net/quic/crypto/aead_base_decrypter.h"
-
-#include <pk11pub.h>
-
-#include "base/memory/scoped_ptr.h"
-#include "crypto/scoped_nss_types.h"
-#include "net/quic/quic_flags.h"
-#include "net/quic/quic_utils.h"
-
-using base::StringPiece;
-
-namespace net {
-
-AeadBaseDecrypter::AeadBaseDecrypter(CK_MECHANISM_TYPE aead_mechanism,
-                                     size_t key_size,
-                                     size_t auth_tag_size,
-                                     size_t nonce_prefix_size)
-    : aead_mechanism_(aead_mechanism),
-      key_size_(key_size),
-      auth_tag_size_(auth_tag_size),
-      nonce_prefix_size_(nonce_prefix_size) {
-  DCHECK_LE(key_size_, sizeof(key_));
-  DCHECK_LE(nonce_prefix_size_, sizeof(nonce_prefix_));
-}
-
-AeadBaseDecrypter::~AeadBaseDecrypter() {}
-
-bool AeadBaseDecrypter::SetKey(StringPiece key) {
-  DCHECK_EQ(key.size(), key_size_);
-  if (key.size() != key_size_) {
-    return false;
-  }
-  memcpy(key_, key.data(), key.size());
-  return true;
-}
-
-bool AeadBaseDecrypter::SetNoncePrefix(StringPiece nonce_prefix) {
-  DCHECK_EQ(nonce_prefix.size(), nonce_prefix_size_);
-  if (nonce_prefix.size() != nonce_prefix_size_) {
-    return false;
-  }
-  memcpy(nonce_prefix_, nonce_prefix.data(), nonce_prefix.size());
-  return true;
-}
-
-bool AeadBaseDecrypter::DecryptPacket(QuicPathId path_id,
-                                      QuicPacketNumber packet_number,
-                                      StringPiece associated_data,
-                                      StringPiece ciphertext,
-                                      char* output,
-                                      size_t* output_length,
-                                      size_t max_output_length) {
-  if (ciphertext.length() < auth_tag_size_) {
-    return false;
-  }
-
-  uint8_t nonce[sizeof(nonce_prefix_) + sizeof(packet_number)];
-  const size_t nonce_size = nonce_prefix_size_ + sizeof(packet_number);
-  DCHECK_LE(nonce_size, sizeof(nonce));
-  memcpy(nonce, nonce_prefix_, nonce_prefix_size_);
-  uint64_t path_id_packet_number =
-      QuicUtils::PackPathIdAndPacketNumber(path_id, packet_number);
-  memcpy(nonce + nonce_prefix_size_, &path_id_packet_number,
-         sizeof(path_id_packet_number));
-
-  // NSS 3.14.x incorrectly requires an output buffer at least as long as
-  // the ciphertext (NSS bug
-  // https://bugzilla.mozilla.org/show_bug.cgi?id= 853674). Fortunately
-  // QuicDecrypter::Decrypt() specifies that |output| must be as long as
-  // |ciphertext| on entry.
-  size_t plaintext_size = ciphertext.length() - auth_tag_size_;
-
-  // Import key_ into NSS.
-  SECItem key_item;
-  key_item.type = siBuffer;
-  key_item.data = key_;
-  key_item.len = key_size_;
-  PK11SlotInfo* slot = PK11_GetInternalSlot();
-
-  // The exact value of the |origin| argument doesn't matter to NSS as long as
-  // it's not PK11_OriginFortezzaHack, so pass PK11_OriginUnwrap as a
-  // placeholder.
-  crypto::ScopedPK11SymKey aead_key(
-      PK11_ImportSymKey(slot, aead_mechanism_, PK11_OriginUnwrap, CKA_DECRYPT,
-                        &key_item, nullptr));
-  PK11_FreeSlot(slot);
-  slot = nullptr;
-  if (!aead_key) {
-    DVLOG(1) << "PK11_ImportSymKey failed";
-    return false;
-  }
-
-  AeadParams aead_params = {0};
-  FillAeadParams(StringPiece(reinterpret_cast<char*>(nonce), nonce_size),
-                 associated_data, auth_tag_size_, &aead_params);
-
-  SECItem param;
-  param.type = siBuffer;
-  param.data = reinterpret_cast<unsigned char*>(&aead_params.data);
-  param.len = aead_params.len;
-
-  unsigned int output_len;
-  if (PK11_Decrypt(aead_key.get(), aead_mechanism_, &param,
-                   reinterpret_cast<uint8_t*>(output), &output_len,
-                   max_output_length,
-                   reinterpret_cast<const unsigned char*>(ciphertext.data()),
-                   ciphertext.length()) != SECSuccess) {
-    return false;
-  }
-
-  if (output_len != plaintext_size) {
-    DVLOG(1) << "Wrong output length";
-    return false;
-  }
-  *output_length = output_len;
-  return true;
-}
-
-StringPiece AeadBaseDecrypter::GetKey() const {
-  return StringPiece(reinterpret_cast<const char*>(key_), key_size_);
-}
-
-StringPiece AeadBaseDecrypter::GetNoncePrefix() const {
-  if (nonce_prefix_size_ == 0) {
-    return StringPiece();
-  }
-  return StringPiece(reinterpret_cast<const char*>(nonce_prefix_),
-                     nonce_prefix_size_);
-}
-
-}  // namespace net
diff --git a/chromium/net/quic/crypto/aead_base_encrypter_openssl.cc b/chromium/net/quic/crypto/aead_base_encrypter.cc
index 92856a6c070..108df582459 100644
--- a/chromium/net/quic/crypto/aead_base_encrypter_openssl.cc
+++ b/chromium/net/quic/crypto/aead_base_encrypter.cc
@@ -2,13 +2,13 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "net/quic/crypto/aead_base_encrypter.h"
-
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <string.h>
 
-#include "base/memory/scoped_ptr.h"
+#include <memory>
+
+#include "net/quic/crypto/aead_base_encrypter.h"
 #include "net/quic/quic_flags.h"
 #include "net/quic/quic_utils.h"
 
diff --git a/chromium/net/quic/crypto/aead_base_encrypter.h b/chromium/net/quic/crypto/aead_base_encrypter.h
index 333018997bc..05d996f537a 100644
--- a/chromium/net/quic/crypto/aead_base_encrypter.h
+++ b/chromium/net/quic/crypto/aead_base_encrypter.h
@@ -10,29 +10,17 @@
 #include "base/compiler_specific.h"
 #include "base/macros.h"
 #include "net/quic/crypto/quic_encrypter.h"
-
-#if defined(USE_OPENSSL)
 #include "net/quic/crypto/scoped_evp_aead_ctx.h"
-#else
-#include <pkcs11t.h>
-#endif
 
 namespace net {
 
 // AeadBaseEncrypter is the base class of AEAD QuicEncrypter subclasses.
 class NET_EXPORT_PRIVATE AeadBaseEncrypter : public QuicEncrypter {
  public:
-#if defined(USE_OPENSSL)
   AeadBaseEncrypter(const EVP_AEAD* aead_alg,
                     size_t key_size,
                     size_t auth_tag_size,
                     size_t nonce_prefix_size);
-#else
-  AeadBaseEncrypter(CK_MECHANISM_TYPE aead_mechanism,
-                    size_t key_size,
-                    size_t auth_tag_size,
-                    size_t nonce_prefix_size);
-#endif
   ~AeadBaseEncrypter() override;
 
   // QuicEncrypter implementation
@@ -66,27 +54,8 @@ class NET_EXPORT_PRIVATE AeadBaseEncrypter : public QuicEncrypter {
   static const size_t kMaxKeySize = 32;
   static const size_t kMaxNoncePrefixSize = 4;
 
-#if !defined(USE_OPENSSL)
-  struct AeadParams {
-    unsigned int len;
-    union {
-      CK_GCM_PARAMS gcm_params;
-      CK_NSS_AEAD_PARAMS nss_aead_params;
-    } data;
-  };
-
-  virtual void FillAeadParams(base::StringPiece nonce,
-                              base::StringPiece associated_data,
-                              size_t auth_tag_size,
-                              AeadParams* aead_params) const = 0;
-#endif
-
  private:
-#if defined(USE_OPENSSL)
   const EVP_AEAD* const aead_alg_;
-#else
-  const CK_MECHANISM_TYPE aead_mechanism_;
-#endif
   const size_t key_size_;
   const size_t auth_tag_size_;
   const size_t nonce_prefix_size_;
@@ -96,9 +65,7 @@ class NET_EXPORT_PRIVATE AeadBaseEncrypter : public QuicEncrypter {
   // The nonce prefix.
   unsigned char nonce_prefix_[kMaxNoncePrefixSize];
 
-#if defined(USE_OPENSSL)
   ScopedEVPAEADCtx ctx_;
-#endif
 
   DISALLOW_COPY_AND_ASSIGN(AeadBaseEncrypter);
 };
diff --git a/chromium/net/quic/crypto/aead_base_encrypter_nss.cc b/chromium/net/quic/crypto/aead_base_encrypter_nss.cc
deleted file mode 100644
index 4fb1349d548..00000000000
--- a/chromium/net/quic/crypto/aead_base_encrypter_nss.cc
+++ /dev/null
@@ -1,178 +0,0 @@
-// Copyright (c) 2013 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "net/quic/crypto/aead_base_encrypter.h"
-
-#include <pk11pub.h>
-
-#include "base/memory/scoped_ptr.h"
-#include "crypto/scoped_nss_types.h"
-#include "net/quic/quic_flags.h"
-#include "net/quic/quic_utils.h"
-
-using base::StringPiece;
-
-namespace net {
-
-namespace {
-
-// The maximum size in bytes of the nonce, including 8 bytes of sequence number.
-// ChaCha20 uses only the 8 byte sequence number and AES-GCM uses 12 bytes.
-const size_t kMaxNonceSize = 12;
-
-}  // namespace
-
-AeadBaseEncrypter::AeadBaseEncrypter(CK_MECHANISM_TYPE aead_mechanism,
-                                     size_t key_size,
-                                     size_t auth_tag_size,
-                                     size_t nonce_prefix_size)
-    : aead_mechanism_(aead_mechanism),
-      key_size_(key_size),
-      auth_tag_size_(auth_tag_size),
-      nonce_prefix_size_(nonce_prefix_size) {
-  DCHECK_LE(key_size_, sizeof(key_));
-  DCHECK_LE(nonce_prefix_size_, sizeof(nonce_prefix_));
-  DCHECK_GE(kMaxNonceSize, nonce_prefix_size_);
-}
-
-AeadBaseEncrypter::~AeadBaseEncrypter() {}
-
-bool AeadBaseEncrypter::SetKey(StringPiece key) {
-  DCHECK_EQ(key.size(), key_size_);
-  if (key.size() != key_size_) {
-    return false;
-  }
-  memcpy(key_, key.data(), key.size());
-  return true;
-}
-
-bool AeadBaseEncrypter::SetNoncePrefix(StringPiece nonce_prefix) {
-  DCHECK_EQ(nonce_prefix.size(), nonce_prefix_size_);
-  if (nonce_prefix.size() != nonce_prefix_size_) {
-    return false;
-  }
-  memcpy(nonce_prefix_, nonce_prefix.data(), nonce_prefix.size());
-  return true;
-}
-
-bool AeadBaseEncrypter::Encrypt(StringPiece nonce,
-                                StringPiece associated_data,
-                                StringPiece plaintext,
-                                unsigned char* output) {
-  if (nonce.size() != nonce_prefix_size_ + sizeof(QuicPacketNumber)) {
-    return false;
-  }
-
-  size_t ciphertext_size = GetCiphertextSize(plaintext.length());
-
-  // Import key_ into NSS.
-  SECItem key_item;
-  key_item.type = siBuffer;
-  key_item.data = key_;
-  key_item.len = key_size_;
-  PK11SlotInfo* slot = PK11_GetInternalSlot();
-
-  // The exact value of the |origin| argument doesn't matter to NSS as long as
-  // it's not PK11_OriginFortezzaHack, so we pass PK11_OriginUnwrap as a
-  // placeholder.
-  crypto::ScopedPK11SymKey aead_key(
-      PK11_ImportSymKey(slot, aead_mechanism_, PK11_OriginUnwrap, CKA_ENCRYPT,
-                        &key_item, nullptr));
-  PK11_FreeSlot(slot);
-  slot = nullptr;
-  if (!aead_key) {
-    DVLOG(1) << "PK11_ImportSymKey failed";
-    return false;
-  }
-
-  AeadParams aead_params = {0};
-  FillAeadParams(nonce, associated_data, auth_tag_size_, &aead_params);
-
-  SECItem param;
-  param.type = siBuffer;
-  param.data = reinterpret_cast<unsigned char*>(&aead_params.data);
-  param.len = aead_params.len;
-
-  if (plaintext.size() > kMaxPacketSize) {
-    DLOG(FATAL) << "Plaintext too large";
-    return false;
-  }
-  // NSS doesn't support inplace encryption, so copy plaintext to a temporary
-  // buffer.
-  unsigned char temp_plaintext[kMaxPacketSize];
-  memcpy(temp_plaintext, plaintext.data(), plaintext.size());
-
-  unsigned int output_len;
-  if (PK11_Encrypt(aead_key.get(), aead_mechanism_, &param, output, &output_len,
-                   ciphertext_size, temp_plaintext,
-                   plaintext.size()) != SECSuccess) {
-    DVLOG(1) << "PK11_Encrypt failed";
-    return false;
-  }
-
-  if (output_len != ciphertext_size) {
-    DVLOG(1) << "Wrong output length";
-    return false;
-  }
-
-  return true;
-}
-
-bool AeadBaseEncrypter::EncryptPacket(QuicPathId path_id,
-                                      QuicPacketNumber packet_number,
-                                      StringPiece associated_data,
-                                      StringPiece plaintext,
-                                      char* output,
-                                      size_t* output_length,
-                                      size_t max_output_length) {
-  size_t ciphertext_size = GetCiphertextSize(plaintext.length());
-  if (max_output_length < ciphertext_size) {
-    return false;
-  }
-  // TODO(ianswett): Introduce a check to ensure that we don't encrypt with the
-  // same packet number twice.
-  const size_t nonce_size = nonce_prefix_size_ + sizeof(packet_number);
-  ALIGNAS(4) char nonce_buffer[kMaxNonceSize];
-  memcpy(nonce_buffer, nonce_prefix_, nonce_prefix_size_);
-  uint64_t path_id_packet_number =
-      QuicUtils::PackPathIdAndPacketNumber(path_id, packet_number);
-  memcpy(nonce_buffer + nonce_prefix_size_, &path_id_packet_number,
-         sizeof(path_id_packet_number));
-  if (!Encrypt(StringPiece(nonce_buffer, nonce_size), associated_data,
-               plaintext, reinterpret_cast<unsigned char*>(output))) {
-    return false;
-  }
-  *output_length = ciphertext_size;
-  return true;
-}
-
-size_t AeadBaseEncrypter::GetKeySize() const {
-  return key_size_;
-}
-
-size_t AeadBaseEncrypter::GetNoncePrefixSize() const {
-  return nonce_prefix_size_;
-}
-
-size_t AeadBaseEncrypter::GetMaxPlaintextSize(size_t ciphertext_size) const {
-  return ciphertext_size - auth_tag_size_;
-}
-
-size_t AeadBaseEncrypter::GetCiphertextSize(size_t plaintext_size) const {
-  return plaintext_size + auth_tag_size_;
-}
-
-StringPiece AeadBaseEncrypter::GetKey() const {
-  return StringPiece(reinterpret_cast<const char*>(key_), key_size_);
-}
-
-StringPiece AeadBaseEncrypter::GetNoncePrefix() const {
-  if (nonce_prefix_size_ == 0) {
-    return StringPiece();
-  }
-  return StringPiece(reinterpret_cast<const char*>(nonce_prefix_),
-                     nonce_prefix_size_);
-}
-
-}  // namespace net
diff --git a/chromium/net/quic/crypto/aes_128_gcm_12_decrypter_openssl.cc b/chromium/net/quic/crypto/aes_128_gcm_12_decrypter.cc
index e0d500aa86e..e0d500aa86e 100644
--- a/chromium/net/quic/crypto/aes_128_gcm_12_decrypter_openssl.cc
+++ b/chromium/net/quic/crypto/aes_128_gcm_12_decrypter.cc
diff --git a/chromium/net/quic/crypto/aes_128_gcm_12_decrypter.h b/chromium/net/quic/crypto/aes_128_gcm_12_decrypter.h
index f8b1196f465..5883c76f0c1 100644
--- a/chromium/net/quic/crypto/aes_128_gcm_12_decrypter.h
+++ b/chromium/net/quic/crypto/aes_128_gcm_12_decrypter.h
@@ -29,15 +29,6 @@ class NET_EXPORT_PRIVATE Aes128Gcm12Decrypter : public AeadBaseDecrypter {
   Aes128Gcm12Decrypter();
   ~Aes128Gcm12Decrypter() override;
 
-#if !defined(USE_OPENSSL)
- protected:
-  // AeadBaseDecrypter methods:
-  void FillAeadParams(base::StringPiece nonce,
-                      base::StringPiece associated_data,
-                      size_t auth_tag_size,
-                      AeadParams* aead_params) const override;
-#endif
-
   const char* cipher_name() const override;
   uint32_t cipher_id() const override;
 
diff --git a/chromium/net/quic/crypto/aes_128_gcm_12_decrypter_nss.cc b/chromium/net/quic/crypto/aes_128_gcm_12_decrypter_nss.cc
deleted file mode 100644
index d4480f49b2c..00000000000
--- a/chromium/net/quic/crypto/aes_128_gcm_12_decrypter_nss.cc
+++ /dev/null
@@ -1,58 +0,0 @@
-// Copyright (c) 2013 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "net/quic/crypto/aes_128_gcm_12_decrypter.h"
-
-#include <pk11pub.h>
-#include <secerr.h>
-
-using base::StringPiece;
-
-namespace net {
-
-namespace {
-
-const size_t kKeySize = 16;
-const size_t kNoncePrefixSize = 4;
-
-}  // namespace
-
-Aes128Gcm12Decrypter::Aes128Gcm12Decrypter()
-    : AeadBaseDecrypter(CKM_AES_GCM, kKeySize, kAuthTagSize, kNoncePrefixSize) {
-  static_assert(kKeySize <= kMaxKeySize, "key size too big");
-  static_assert(kNoncePrefixSize <= kMaxNoncePrefixSize,
-                "nonce prefix size too big");
-}
-
-Aes128Gcm12Decrypter::~Aes128Gcm12Decrypter() {}
-
-void Aes128Gcm12Decrypter::FillAeadParams(StringPiece nonce,
-                                          StringPiece associated_data,
-                                          size_t auth_tag_size,
-                                          AeadParams* aead_params) const {
-  aead_params->len = sizeof(aead_params->data.gcm_params);
-  CK_GCM_PARAMS* gcm_params = &aead_params->data.gcm_params;
-  gcm_params->pIv = reinterpret_cast<CK_BYTE*>(const_cast<char*>(nonce.data()));
-  gcm_params->ulIvLen = nonce.size();
-  gcm_params->pAAD =
-      reinterpret_cast<CK_BYTE*>(const_cast<char*>(associated_data.data()));
-  gcm_params->ulAADLen = associated_data.size();
-  gcm_params->ulTagBits = auth_tag_size * 8;
-}
-
-const char* Aes128Gcm12Decrypter::cipher_name() const {
-  // TODO(rtenneti): Use TLS1_TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 instead
-  // of hard coded string.
-  // return TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256;
-  return "ECDHE-RSA-AES128-GCM-SHA256";
-}
-
-uint32_t Aes128Gcm12Decrypter::cipher_id() const {
-  // TODO(rtenneti): when Chromium requires NSS 3.15.2 or later, use
-  // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 instead of 0xC02F.
-  // Or'ed with 0x03000000 to match OpenSSL/BoringSSL implementations.
-  return 0x03000000 | 0xC02F;
-}
-
-}  // namespace net
diff --git a/chromium/net/quic/crypto/aes_128_gcm_12_decrypter_test.cc b/chromium/net/quic/crypto/aes_128_gcm_12_decrypter_test.cc
index d0e5304e977..d9eb4cc4b43 100644
--- a/chromium/net/quic/crypto/aes_128_gcm_12_decrypter_test.cc
+++ b/chromium/net/quic/crypto/aes_128_gcm_12_decrypter_test.cc
@@ -4,7 +4,10 @@
 
 #include "net/quic/crypto/aes_128_gcm_12_decrypter.h"
 
+#include <memory>
+
 #include "net/quic/quic_flags.h"
+#include "net/quic/quic_utils.h"
 #include "net/quic/test_tools/quic_test_utils.h"
 
 using base::StringPiece;
@@ -66,7 +69,7 @@ struct TestVector {
 
   // Expected output:
   const char* pt;  // An empty string "" means decryption succeeded and
-                   // the plaintext is zero-length. NULL means decryption
+                   // the plaintext is zero-length. nullptr means decryption
                    // failed.
 };
 
@@ -209,7 +212,7 @@ QuicData* DecryptWithNonce(Aes128Gcm12Decrypter* decrypter,
   path_id = static_cast<QuicPathId>(
       packet_number >> 8 * (sizeof(packet_number) - sizeof(path_id)));
   packet_number &= UINT64_C(0x00FFFFFFFFFFFFFF);
-  scoped_ptr<char[]> output(new char[ciphertext.length()]);
+  std::unique_ptr<char[]> output(new char[ciphertext.length()]);
   size_t output_length = 0;
   const bool success = decrypter->DecryptPacket(
       path_id, packet_number, associated_data, ciphertext, output.get(),
@@ -230,19 +233,14 @@ TEST(Aes128Gcm12DecrypterTest, Decrypt) {
       bool has_pt = test_vectors[j].pt;
 
       // Decode the test vector.
-      string key;
-      string iv;
-      string ct;
-      string aad;
-      string tag;
+      string key = QuicUtils::HexDecode(test_vectors[j].key);
+      string iv = QuicUtils::HexDecode(test_vectors[j].iv);
+      string ct = QuicUtils::HexDecode(test_vectors[j].ct);
+      string aad = QuicUtils::HexDecode(test_vectors[j].aad);
+      string tag = QuicUtils::HexDecode(test_vectors[j].tag);
       string pt;
-      ASSERT_TRUE(DecodeHexString(test_vectors[j].key, &key));
-      ASSERT_TRUE(DecodeHexString(test_vectors[j].iv, &iv));
-      ASSERT_TRUE(DecodeHexString(test_vectors[j].ct, &ct));
-      ASSERT_TRUE(DecodeHexString(test_vectors[j].aad, &aad));
-      ASSERT_TRUE(DecodeHexString(test_vectors[j].tag, &tag));
       if (has_pt) {
-        ASSERT_TRUE(DecodeHexString(test_vectors[j].pt, &pt));
+        pt = QuicUtils::HexDecode(test_vectors[j].pt);
       }
 
       // The test vector's lengths should look sane. Note that the lengths
@@ -266,7 +264,7 @@ TEST(Aes128Gcm12DecrypterTest, Decrypt) {
       Aes128Gcm12Decrypter decrypter;
       ASSERT_TRUE(decrypter.SetKey(key));
 
-      scoped_ptr<QuicData> decrypted(DecryptWithNonce(
+      std::unique_ptr<QuicData> decrypted(DecryptWithNonce(
           &decrypter, iv,
           // This deliberately tests that the decrypter can handle an AAD that
           // is set to nullptr, as opposed to a zero-length, non-nullptr
diff --git a/chromium/net/quic/crypto/aes_128_gcm_12_encrypter_openssl.cc b/chromium/net/quic/crypto/aes_128_gcm_12_encrypter.cc
index 2d7ea8f22a2..2d7ea8f22a2 100644
--- a/chromium/net/quic/crypto/aes_128_gcm_12_encrypter_openssl.cc
+++ b/chromium/net/quic/crypto/aes_128_gcm_12_encrypter.cc
diff --git a/chromium/net/quic/crypto/aes_128_gcm_12_encrypter.h b/chromium/net/quic/crypto/aes_128_gcm_12_encrypter.h
index f2f7b4145f7..3af151e1cb2 100644
--- a/chromium/net/quic/crypto/aes_128_gcm_12_encrypter.h
+++ b/chromium/net/quic/crypto/aes_128_gcm_12_encrypter.h
@@ -28,15 +28,6 @@ class NET_EXPORT_PRIVATE Aes128Gcm12Encrypter : public AeadBaseEncrypter {
   Aes128Gcm12Encrypter();
   ~Aes128Gcm12Encrypter() override;
 
-#if !defined(USE_OPENSSL)
- protected:
-  // AeadBaseEncrypter methods:
-  void FillAeadParams(base::StringPiece nonce,
-                      base::StringPiece associated_data,
-                      size_t auth_tag_size,
-                      AeadParams* aead_params) const override;
-#endif
-
  private:
   DISALLOW_COPY_AND_ASSIGN(Aes128Gcm12Encrypter);
 };
diff --git a/chromium/net/quic/crypto/aes_128_gcm_12_encrypter_nss.cc b/chromium/net/quic/crypto/aes_128_gcm_12_encrypter_nss.cc
deleted file mode 100644
index 78c1d3dc847..00000000000
--- a/chromium/net/quic/crypto/aes_128_gcm_12_encrypter_nss.cc
+++ /dev/null
@@ -1,44 +0,0 @@
-// Copyright (c) 2013 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "net/quic/crypto/aes_128_gcm_12_encrypter.h"
-
-#include <pk11pub.h>
-#include <secerr.h>
-
-using base::StringPiece;
-
-namespace net {
-
-namespace {
-
-const size_t kKeySize = 16;
-const size_t kNoncePrefixSize = 4;
-
-}  // namespace
-
-Aes128Gcm12Encrypter::Aes128Gcm12Encrypter()
-    : AeadBaseEncrypter(CKM_AES_GCM, kKeySize, kAuthTagSize, kNoncePrefixSize) {
-  static_assert(kKeySize <= kMaxKeySize, "key size too big");
-  static_assert(kNoncePrefixSize <= kMaxNoncePrefixSize,
-                "nonce prefix size too big");
-}
-
-Aes128Gcm12Encrypter::~Aes128Gcm12Encrypter() {}
-
-void Aes128Gcm12Encrypter::FillAeadParams(StringPiece nonce,
-                                          StringPiece associated_data,
-                                          size_t auth_tag_size,
-                                          AeadParams* aead_params) const {
-  aead_params->len = sizeof(aead_params->data.gcm_params);
-  CK_GCM_PARAMS* gcm_params = &aead_params->data.gcm_params;
-  gcm_params->pIv = reinterpret_cast<CK_BYTE*>(const_cast<char*>(nonce.data()));
-  gcm_params->ulIvLen = nonce.size();
-  gcm_params->pAAD =
-      reinterpret_cast<CK_BYTE*>(const_cast<char*>(associated_data.data()));
-  gcm_params->ulAADLen = associated_data.size();
-  gcm_params->ulTagBits = auth_tag_size * 8;
-}
-
-}  // namespace net
diff --git a/chromium/net/quic/crypto/aes_128_gcm_12_encrypter_test.cc b/chromium/net/quic/crypto/aes_128_gcm_12_encrypter_test.cc
index 82539a2f84b..93582ebefa4 100644
--- a/chromium/net/quic/crypto/aes_128_gcm_12_encrypter_test.cc
+++ b/chromium/net/quic/crypto/aes_128_gcm_12_encrypter_test.cc
@@ -4,6 +4,9 @@
 
 #include "net/quic/crypto/aes_128_gcm_12_encrypter.h"
 
+#include <memory>
+
+#include "net/quic/quic_utils.h"
 #include "net/quic/test_tools/quic_test_utils.h"
 
 using base::StringPiece;
@@ -158,7 +161,7 @@ QuicData* EncryptWithNonce(Aes128Gcm12Encrypter* encrypter,
                            StringPiece associated_data,
                            StringPiece plaintext) {
   size_t ciphertext_size = encrypter->GetCiphertextSize(plaintext.length());
-  scoped_ptr<char[]> ciphertext(new char[ciphertext_size]);
+  std::unique_ptr<char[]> ciphertext(new char[ciphertext_size]);
 
   if (!encrypter->Encrypt(nonce, associated_data, plaintext,
                           reinterpret_cast<unsigned char*>(ciphertext.get()))) {
@@ -175,18 +178,12 @@ TEST(Aes128Gcm12EncrypterTest, Encrypt) {
     const TestGroupInfo& test_info = test_group_info[i];
     for (size_t j = 0; test_vectors[j].key != nullptr; j++) {
       // Decode the test vector.
-      string key;
-      string iv;
-      string pt;
-      string aad;
-      string ct;
-      string tag;
-      ASSERT_TRUE(DecodeHexString(test_vectors[j].key, &key));
-      ASSERT_TRUE(DecodeHexString(test_vectors[j].iv, &iv));
-      ASSERT_TRUE(DecodeHexString(test_vectors[j].pt, &pt));
-      ASSERT_TRUE(DecodeHexString(test_vectors[j].aad, &aad));
-      ASSERT_TRUE(DecodeHexString(test_vectors[j].ct, &ct));
-      ASSERT_TRUE(DecodeHexString(test_vectors[j].tag, &tag));
+      string key = QuicUtils::HexDecode(test_vectors[j].key);
+      string iv = QuicUtils::HexDecode(test_vectors[j].iv);
+      string pt = QuicUtils::HexDecode(test_vectors[j].pt);
+      string aad = QuicUtils::HexDecode(test_vectors[j].aad);
+      string ct = QuicUtils::HexDecode(test_vectors[j].ct);
+      string tag = QuicUtils::HexDecode(test_vectors[j].tag);
 
       // The test vector's lengths should look sane. Note that the lengths
       // in |test_info| are in bits.
@@ -199,7 +196,7 @@ TEST(Aes128Gcm12EncrypterTest, Encrypt) {
 
       Aes128Gcm12Encrypter encrypter;
       ASSERT_TRUE(encrypter.SetKey(key));
-      scoped_ptr<QuicData> encrypted(EncryptWithNonce(
+      std::unique_ptr<QuicData> encrypted(EncryptWithNonce(
           &encrypter, iv,
           // This deliberately tests that the encrypter can handle an AAD that
           // is set to nullptr, as opposed to a zero-length, non-nullptr
diff --git a/chromium/net/quic/crypto/cert_compressor.cc b/chromium/net/quic/crypto/cert_compressor.cc
index 5851bd95b2a..366252b2451 100644
--- a/chromium/net/quic/crypto/cert_compressor.cc
+++ b/chromium/net/quic/crypto/cert_compressor.cc
@@ -4,8 +4,10 @@
 
 #include "net/quic/crypto/cert_compressor.h"
 
+#include <cstdint>
+#include <memory>
+
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/quic/quic_utils.h"
 #include "third_party/zlib/zlib.h"
 
@@ -564,7 +566,7 @@ bool CertCompressor::DecompressChain(StringPiece in,
   }
   DCHECK_EQ(entries.size(), out_certs->size());
 
-  scoped_ptr<uint8_t[]> uncompressed_data;
+  std::unique_ptr<uint8_t[]> uncompressed_data;
   StringPiece uncompressed;
 
   if (!in.empty()) {
diff --git a/chromium/net/quic/crypto/cert_compressor_test.cc b/chromium/net/quic/crypto/cert_compressor_test.cc
index baefae548f0..0cd8c3eda22 100644
--- a/chromium/net/quic/crypto/cert_compressor_test.cc
+++ b/chromium/net/quic/crypto/cert_compressor_test.cc
@@ -4,7 +4,8 @@
 
 #include "net/quic/crypto/cert_compressor.h"
 
-#include "base/strings/string_number_conversions.h"
+#include <memory>
+
 #include "net/quic/quic_utils.h"
 #include "net/quic/test_tools/crypto_test_utils.h"
 #include "testing/gtest/include/gtest/gtest.h"
@@ -20,7 +21,7 @@ TEST(CertCompressor, EmptyChain) {
   vector<string> chain;
   const string compressed = CertCompressor::CompressChain(
       chain, StringPiece(), StringPiece(), nullptr);
-  EXPECT_EQ("00", base::HexEncode(compressed.data(), compressed.size()));
+  EXPECT_EQ("00", QuicUtils::HexEncode(compressed));
 
   vector<string> chain2, cached_certs;
   ASSERT_TRUE(CertCompressor::DecompressChain(compressed, cached_certs, nullptr,
@@ -34,7 +35,7 @@ TEST(CertCompressor, Compressed) {
   const string compressed = CertCompressor::CompressChain(
       chain, StringPiece(), StringPiece(), nullptr);
   ASSERT_GE(compressed.size(), 2u);
-  EXPECT_EQ("0100", base::HexEncode(compressed.substr(0, 2).data(), 2));
+  EXPECT_EQ("0100", QuicUtils::HexEncode(compressed.substr(0, 2)));
 
   vector<string> chain2, cached_certs;
   ASSERT_TRUE(CertCompressor::DecompressChain(compressed, cached_certs, nullptr,
@@ -47,19 +48,18 @@ TEST(CertCompressor, Common) {
   vector<string> chain;
   chain.push_back("testcert");
   static const uint64_t set_hash = 42;
-  scoped_ptr<CommonCertSets> common_sets(
+  std::unique_ptr<CommonCertSets> common_sets(
       CryptoTestUtils::MockCommonCertSets(chain[0], set_hash, 1));
   const string compressed = CertCompressor::CompressChain(
       chain,
       StringPiece(reinterpret_cast<const char*>(&set_hash), sizeof(set_hash)),
       StringPiece(), common_sets.get());
-  const string common(
+  EXPECT_EQ(
       "03"               /* common */
       "2A00000000000000" /* set hash 42 */
       "01000000"         /* index 1 */
-      "00" /* end of list */);
-  EXPECT_EQ(common.data(),
-            base::HexEncode(compressed.data(), compressed.size()));
+      "00" /* end of list */,
+      QuicUtils::HexEncode(compressed));
 
   vector<string> chain2, cached_certs;
   ASSERT_TRUE(CertCompressor::DecompressChain(compressed, cached_certs,
@@ -76,10 +76,9 @@ TEST(CertCompressor, Cached) {
   const string compressed =
       CertCompressor::CompressChain(chain, StringPiece(), hash_bytes, nullptr);
 
-  EXPECT_EQ("02" /* cached */ +
-                base::HexEncode(hash_bytes.data(), hash_bytes.size()) +
+  EXPECT_EQ("02" /* cached */ + QuicUtils::HexEncode(hash_bytes) +
                 "00" /* end of list */,
-            base::HexEncode(compressed.data(), compressed.size()));
+            QuicUtils::HexEncode(compressed));
 
   vector<string> cached_certs, chain2;
   cached_certs.push_back(chain[0]);
@@ -92,53 +91,38 @@ TEST(CertCompressor, Cached) {
 TEST(CertCompressor, BadInputs) {
   vector<string> cached_certs, chain;
 
-  /* bad entry type */
-  const string bad_entry("04");
   EXPECT_FALSE(CertCompressor::DecompressChain(
-      base::HexEncode(bad_entry.data(), bad_entry.size()), cached_certs,
-      nullptr, &chain));
+      QuicUtils::HexEncode("04") /* bad entry type */, cached_certs, nullptr,
+      &chain));
 
-  /* no terminator */
-  const string no_terminator("01");
   EXPECT_FALSE(CertCompressor::DecompressChain(
-      base::HexEncode(no_terminator.data(), no_terminator.size()), cached_certs,
-      nullptr, &chain));
+      QuicUtils::HexEncode("01") /* no terminator */, cached_certs, nullptr,
+      &chain));
 
-  /* hash truncated */
-  const string hash_truncated("0200");
   EXPECT_FALSE(CertCompressor::DecompressChain(
-      base::HexEncode(hash_truncated.data(), hash_truncated.size()),
-      cached_certs, nullptr, &chain));
+      QuicUtils::HexEncode("0200") /* hash truncated */, cached_certs, nullptr,
+      &chain));
 
-  /* hash and index truncated */
-  const string hash_and_index_truncated("0300");
   EXPECT_FALSE(CertCompressor::DecompressChain(
-      base::HexEncode(hash_and_index_truncated.data(),
-                      hash_and_index_truncated.size()),
-      cached_certs, nullptr, &chain));
+      QuicUtils::HexEncode("0300") /* hash and index truncated */, cached_certs,
+      nullptr, &chain));
 
   /* without a CommonCertSets */
-  const string without_a_common_cert_set(
-      "03"
-      "0000000000000000"
-      "00000000");
-  EXPECT_FALSE(CertCompressor::DecompressChain(
-      base::HexEncode(without_a_common_cert_set.data(),
-                      without_a_common_cert_set.size()),
-      cached_certs, nullptr, &chain));
+  EXPECT_FALSE(
+      CertCompressor::DecompressChain(QuicUtils::HexEncode("03"
+                                                           "0000000000000000"
+                                                           "00000000"),
+                                      cached_certs, nullptr, &chain));
 
-  scoped_ptr<CommonCertSets> common_sets(
+  std::unique_ptr<CommonCertSets> common_sets(
       CryptoTestUtils::MockCommonCertSets("foo", 42, 1));
 
   /* incorrect hash and index */
-  const string incorrect_hash_and_index(
-      "03"
-      "a200000000000000"
-      "00000000");
-  EXPECT_FALSE(CertCompressor::DecompressChain(
-      base::HexEncode(incorrect_hash_and_index.data(),
-                      incorrect_hash_and_index.size()),
-      cached_certs, nullptr, &chain));
+  EXPECT_FALSE(
+      CertCompressor::DecompressChain(QuicUtils::HexEncode("03"
+                                                           "a200000000000000"
+                                                           "00000000"),
+                                      cached_certs, nullptr, &chain));
 }
 
 }  // namespace test
diff --git a/chromium/net/quic/crypto/chacha20_poly1305_rfc7539_decrypter_openssl.cc b/chromium/net/quic/crypto/chacha20_poly1305_decrypter.cc
index 9a1aa4c8249..ccd1c242a33 100644
--- a/chromium/net/quic/crypto/chacha20_poly1305_rfc7539_decrypter_openssl.cc
+++ b/chromium/net/quic/crypto/chacha20_poly1305_decrypter.cc
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "net/quic/crypto/chacha20_poly1305_rfc7539_decrypter.h"
+#include "net/quic/crypto/chacha20_poly1305_decrypter.h"
 
 #include <openssl/evp.h>
 #include <openssl/tls1.h>
@@ -16,7 +16,7 @@ const size_t kNoncePrefixSize = 4;
 
 }  // namespace
 
-ChaCha20Poly1305Rfc7539Decrypter::ChaCha20Poly1305Rfc7539Decrypter()
+ChaCha20Poly1305Decrypter::ChaCha20Poly1305Decrypter()
     : AeadBaseDecrypter(EVP_aead_chacha20_poly1305(),
                         kKeySize,
                         kAuthTagSize,
@@ -26,18 +26,14 @@ ChaCha20Poly1305Rfc7539Decrypter::ChaCha20Poly1305Rfc7539Decrypter()
                 "nonce prefix size too big");
 }
 
-ChaCha20Poly1305Rfc7539Decrypter::~ChaCha20Poly1305Rfc7539Decrypter() {}
+ChaCha20Poly1305Decrypter::~ChaCha20Poly1305Decrypter() {}
 
-bool ChaCha20Poly1305Rfc7539Decrypter::IsSupported() {
-  return true;
+const char* ChaCha20Poly1305Decrypter::cipher_name() const {
+  return TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305;
 }
 
-const char* ChaCha20Poly1305Rfc7539Decrypter::cipher_name() const {
-  return TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_OLD;
-}
-
-uint32_t ChaCha20Poly1305Rfc7539Decrypter::cipher_id() const {
-  return TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD;
+uint32_t ChaCha20Poly1305Decrypter::cipher_id() const {
+  return TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305;
 }
 
 }  // namespace net
diff --git a/chromium/net/quic/crypto/chacha20_poly1305_decrypter.h b/chromium/net/quic/crypto/chacha20_poly1305_decrypter.h
index 1e0fd05f2c5..a75556e1747 100644
--- a/chromium/net/quic/crypto/chacha20_poly1305_decrypter.h
+++ b/chromium/net/quic/crypto/chacha20_poly1305_decrypter.h
@@ -30,15 +30,6 @@ class NET_EXPORT_PRIVATE ChaCha20Poly1305Decrypter : public AeadBaseDecrypter {
   ChaCha20Poly1305Decrypter();
   ~ChaCha20Poly1305Decrypter() override;
 
-#if !defined(USE_OPENSSL)
- protected:
-  // AeadBaseDecrypter methods:
-  void FillAeadParams(base::StringPiece nonce,
-                      base::StringPiece associated_data,
-                      size_t auth_tag_size,
-                      AeadParams* aead_params) const override;
-#endif
-
   const char* cipher_name() const override;
   uint32_t cipher_id() const override;
 
diff --git a/chromium/net/quic/crypto/chacha20_poly1305_rfc7539_decrypter_test.cc b/chromium/net/quic/crypto/chacha20_poly1305_decrypter_test.cc
index 3acc1fcb518..af157655d16 100644
--- a/chromium/net/quic/crypto/chacha20_poly1305_rfc7539_decrypter_test.cc
+++ b/chromium/net/quic/crypto/chacha20_poly1305_decrypter_test.cc
@@ -2,9 +2,12 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "net/quic/crypto/chacha20_poly1305_rfc7539_decrypter.h"
+#include "net/quic/crypto/chacha20_poly1305_decrypter.h"
+
+#include <memory>
 
 #include "net/quic/quic_flags.h"
+#include "net/quic/quic_utils.h"
 #include "net/quic/test_tools/quic_test_utils.h"
 
 using base::StringPiece;
@@ -27,7 +30,7 @@ struct TestVector {
 
   // Expected output:
   const char* pt;  // An empty string "" means decryption succeeded and
-                   // the plaintext is zero-length. NULL means decryption
+                   // the plaintext is zero-length. nullptr means decryption
                    // failed.
 };
 
@@ -110,7 +113,7 @@ namespace test {
 
 // DecryptWithNonce wraps the |Decrypt| method of |decrypter| to allow passing
 // in an nonce and also to allocate the buffer needed for the plaintext.
-QuicData* DecryptWithNonce(ChaCha20Poly1305Rfc7539Decrypter* decrypter,
+QuicData* DecryptWithNonce(ChaCha20Poly1305Decrypter* decrypter,
                            StringPiece nonce,
                            StringPiece associated_data,
                            StringPiece ciphertext) {
@@ -123,7 +126,7 @@ QuicData* DecryptWithNonce(ChaCha20Poly1305Rfc7539Decrypter* decrypter,
   path_id = static_cast<QuicPathId>(
       packet_number >> 8 * (sizeof(packet_number) - sizeof(path_id)));
   packet_number &= UINT64_C(0x00FFFFFFFFFFFFFF);
-  scoped_ptr<char[]> output(new char[ciphertext.length()]);
+  std::unique_ptr<char[]> output(new char[ciphertext.length()]);
   size_t output_length = 0;
   const bool success = decrypter->DecryptPacket(
       path_id, packet_number, associated_data, ciphertext, output.get(),
@@ -134,34 +137,25 @@ QuicData* DecryptWithNonce(ChaCha20Poly1305Rfc7539Decrypter* decrypter,
   return new QuicData(output.release(), output_length, true);
 }
 
-TEST(ChaCha20Poly1305Rfc7539DecrypterTest, Decrypt) {
-  if (!ChaCha20Poly1305Rfc7539Decrypter::IsSupported()) {
-    VLOG(1) << "ChaCha20+Poly1305 not supported. Test skipped.";
-    return;
-  }
+TEST(ChaCha20Poly1305DecrypterTest, Decrypt) {
   for (size_t i = 0; test_vectors[i].key != nullptr; i++) {
     // If not present then decryption is expected to fail.
     bool has_pt = test_vectors[i].pt;
 
     // Decode the test vector.
-    string key;
-    string iv;
-    string fixed;
-    string aad;
-    string ct;
+    string key = QuicUtils::HexDecode(test_vectors[i].key);
+    string iv = QuicUtils::HexDecode(test_vectors[i].iv);
+    string fixed = QuicUtils::HexDecode(test_vectors[i].fixed);
+    string aad = QuicUtils::HexDecode(test_vectors[i].aad);
+    string ct = QuicUtils::HexDecode(test_vectors[i].ct);
     string pt;
-    ASSERT_TRUE(DecodeHexString(test_vectors[i].key, &key));
-    ASSERT_TRUE(DecodeHexString(test_vectors[i].iv, &iv));
-    ASSERT_TRUE(DecodeHexString(test_vectors[i].fixed, &fixed));
-    ASSERT_TRUE(DecodeHexString(test_vectors[i].aad, &aad));
-    ASSERT_TRUE(DecodeHexString(test_vectors[i].ct, &ct));
     if (has_pt) {
-      ASSERT_TRUE(DecodeHexString(test_vectors[i].pt, &pt));
+      pt = QuicUtils::HexDecode(test_vectors[i].pt);
     }
 
-    ChaCha20Poly1305Rfc7539Decrypter decrypter;
+    ChaCha20Poly1305Decrypter decrypter;
     ASSERT_TRUE(decrypter.SetKey(key));
-    scoped_ptr<QuicData> decrypted(DecryptWithNonce(
+    std::unique_ptr<QuicData> decrypted(DecryptWithNonce(
         &decrypter, fixed + iv,
         // This deliberately tests that the decrypter can handle an AAD that
         // is set to nullptr, as opposed to a zero-length, non-nullptr pointer.
diff --git a/chromium/net/quic/crypto/chacha20_poly1305_rfc7539_encrypter_openssl.cc b/chromium/net/quic/crypto/chacha20_poly1305_encrypter.cc
index a2219ae5fa9..b438109724b 100644
--- a/chromium/net/quic/crypto/chacha20_poly1305_rfc7539_encrypter_openssl.cc
+++ b/chromium/net/quic/crypto/chacha20_poly1305_encrypter.cc
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "net/quic/crypto/chacha20_poly1305_rfc7539_encrypter.h"
+#include "net/quic/crypto/chacha20_poly1305_encrypter.h"
 
 #include <openssl/evp.h>
 
@@ -15,7 +15,7 @@ const size_t kNoncePrefixSize = 4;
 
 }  // namespace
 
-ChaCha20Poly1305Rfc7539Encrypter::ChaCha20Poly1305Rfc7539Encrypter()
+ChaCha20Poly1305Encrypter::ChaCha20Poly1305Encrypter()
     : AeadBaseEncrypter(EVP_aead_chacha20_poly1305(),
                         kKeySize,
                         kAuthTagSize,
@@ -25,10 +25,6 @@ ChaCha20Poly1305Rfc7539Encrypter::ChaCha20Poly1305Rfc7539Encrypter()
                 "nonce prefix size too big");
 }
 
-ChaCha20Poly1305Rfc7539Encrypter::~ChaCha20Poly1305Rfc7539Encrypter() {}
-
-bool ChaCha20Poly1305Rfc7539Encrypter::IsSupported() {
-  return true;
-}
+ChaCha20Poly1305Encrypter::~ChaCha20Poly1305Encrypter() {}
 
 }  // namespace net
diff --git a/chromium/net/quic/crypto/chacha20_poly1305_encrypter.h b/chromium/net/quic/crypto/chacha20_poly1305_encrypter.h
index dfdfffe4547..eb4afdde5ca 100644
--- a/chromium/net/quic/crypto/chacha20_poly1305_encrypter.h
+++ b/chromium/net/quic/crypto/chacha20_poly1305_encrypter.h
@@ -29,15 +29,6 @@ class NET_EXPORT_PRIVATE ChaCha20Poly1305Encrypter : public AeadBaseEncrypter {
   ChaCha20Poly1305Encrypter();
   ~ChaCha20Poly1305Encrypter() override;
 
-#if !defined(USE_OPENSSL)
- protected:
-  // AeadBaseEncrypter methods:
-  void FillAeadParams(base::StringPiece nonce,
-                      base::StringPiece associated_data,
-                      size_t auth_tag_size,
-                      AeadParams* aead_params) const override;
-#endif
-
  private:
   DISALLOW_COPY_AND_ASSIGN(ChaCha20Poly1305Encrypter);
 };
diff --git a/chromium/net/quic/crypto/chacha20_poly1305_rfc7539_encrypter_test.cc b/chromium/net/quic/crypto/chacha20_poly1305_encrypter_test.cc
index 9e246f95c1c..c4b13d85131 100644
--- a/chromium/net/quic/crypto/chacha20_poly1305_rfc7539_encrypter_test.cc
+++ b/chromium/net/quic/crypto/chacha20_poly1305_encrypter_test.cc
@@ -2,11 +2,12 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "net/quic/crypto/chacha20_poly1305_rfc7539_encrypter.h"
+#include "net/quic/crypto/chacha20_poly1305_encrypter.h"
 
-#include <stdint.h>
+#include <memory>
 
-#include "net/quic/crypto/chacha20_poly1305_rfc7539_decrypter.h"
+#include "net/quic/crypto/chacha20_poly1305_decrypter.h"
+#include "net/quic/quic_utils.h"
 #include "net/quic/test_tools/quic_test_utils.h"
 
 using base::StringPiece;
@@ -67,12 +68,12 @@ namespace test {
 
 // EncryptWithNonce wraps the |Encrypt| method of |encrypter| to allow passing
 // in an nonce and also to allocate the buffer needed for the ciphertext.
-QuicData* EncryptWithNonce(ChaCha20Poly1305Rfc7539Encrypter* encrypter,
+QuicData* EncryptWithNonce(ChaCha20Poly1305Encrypter* encrypter,
                            StringPiece nonce,
                            StringPiece associated_data,
                            StringPiece plaintext) {
   size_t ciphertext_size = encrypter->GetCiphertextSize(plaintext.length());
-  scoped_ptr<char[]> ciphertext(new char[ciphertext_size]);
+  std::unique_ptr<char[]> ciphertext(new char[ciphertext_size]);
 
   if (!encrypter->Encrypt(nonce, associated_data, plaintext,
                           reinterpret_cast<unsigned char*>(ciphertext.get()))) {
@@ -82,17 +83,11 @@ QuicData* EncryptWithNonce(ChaCha20Poly1305Rfc7539Encrypter* encrypter,
   return new QuicData(ciphertext.release(), ciphertext_size, true);
 }
 
-TEST(ChaCha20Poly1305Rfc7539EncrypterTest, EncryptThenDecrypt) {
-  if (!ChaCha20Poly1305Rfc7539Encrypter::IsSupported()) {
-    VLOG(1) << "ChaCha20+Poly1305 not supported. Test skipped.";
-    return;
-  }
-
-  ChaCha20Poly1305Rfc7539Encrypter encrypter;
-  ChaCha20Poly1305Rfc7539Decrypter decrypter;
+TEST(ChaCha20Poly1305EncrypterTest, EncryptThenDecrypt) {
+  ChaCha20Poly1305Encrypter encrypter;
+  ChaCha20Poly1305Decrypter decrypter;
 
-  string key;
-  DecodeHexString(test_vectors[0].key, &key);
+  string key = QuicUtils::HexDecode(test_vectors[0].key);
   ASSERT_TRUE(encrypter.SetKey(key));
   ASSERT_TRUE(decrypter.SetKey(key));
   ASSERT_TRUE(encrypter.SetNoncePrefix("abcd"));
@@ -114,30 +109,19 @@ TEST(ChaCha20Poly1305Rfc7539EncrypterTest, EncryptThenDecrypt) {
                                       arraysize(decrypted)));
 }
 
-TEST(ChaCha20Poly1305Rfc7539EncrypterTest, Encrypt) {
-  if (!ChaCha20Poly1305Rfc7539Encrypter::IsSupported()) {
-    VLOG(1) << "ChaCha20+Poly1305 not supported. Test skipped.";
-    return;
-  }
-
+TEST(ChaCha20Poly1305EncrypterTest, Encrypt) {
   for (size_t i = 0; test_vectors[i].key != nullptr; i++) {
     // Decode the test vector.
-    string key;
-    string pt;
-    string iv;
-    string fixed;
-    string aad;
-    string ct;
-    ASSERT_TRUE(DecodeHexString(test_vectors[i].key, &key));
-    ASSERT_TRUE(DecodeHexString(test_vectors[i].pt, &pt));
-    ASSERT_TRUE(DecodeHexString(test_vectors[i].iv, &iv));
-    ASSERT_TRUE(DecodeHexString(test_vectors[i].fixed, &fixed));
-    ASSERT_TRUE(DecodeHexString(test_vectors[i].aad, &aad));
-    ASSERT_TRUE(DecodeHexString(test_vectors[i].ct, &ct));
-
-    ChaCha20Poly1305Rfc7539Encrypter encrypter;
+    string key = QuicUtils::HexDecode(test_vectors[i].key);
+    string pt = QuicUtils::HexDecode(test_vectors[i].pt);
+    string iv = QuicUtils::HexDecode(test_vectors[i].iv);
+    string fixed = QuicUtils::HexDecode(test_vectors[i].fixed);
+    string aad = QuicUtils::HexDecode(test_vectors[i].aad);
+    string ct = QuicUtils::HexDecode(test_vectors[i].ct);
+
+    ChaCha20Poly1305Encrypter encrypter;
     ASSERT_TRUE(encrypter.SetKey(key));
-    scoped_ptr<QuicData> encrypted(EncryptWithNonce(
+    std::unique_ptr<QuicData> encrypted(EncryptWithNonce(
         &encrypter, fixed + iv,
         // This deliberately tests that the encrypter can handle an AAD that
         // is set to nullptr, as opposed to a zero-length, non-nullptr pointer.
@@ -152,25 +136,15 @@ TEST(ChaCha20Poly1305Rfc7539EncrypterTest, Encrypt) {
   }
 }
 
-TEST(ChaCha20Poly1305Rfc7539EncrypterTest, GetMaxPlaintextSize) {
-  if (!ChaCha20Poly1305Rfc7539Encrypter::IsSupported()) {
-    VLOG(1) << "ChaCha20+Poly1305 not supported. Test skipped.";
-    return;
-  }
-
-  ChaCha20Poly1305Rfc7539Encrypter encrypter;
+TEST(ChaCha20Poly1305EncrypterTest, GetMaxPlaintextSize) {
+  ChaCha20Poly1305Encrypter encrypter;
   EXPECT_EQ(1000u, encrypter.GetMaxPlaintextSize(1012));
   EXPECT_EQ(100u, encrypter.GetMaxPlaintextSize(112));
   EXPECT_EQ(10u, encrypter.GetMaxPlaintextSize(22));
 }
 
-TEST(ChaCha20Poly1305Rfc7539EncrypterTest, GetCiphertextSize) {
-  if (!ChaCha20Poly1305Rfc7539Encrypter::IsSupported()) {
-    VLOG(1) << "ChaCha20+Poly1305 not supported. Test skipped.";
-    return;
-  }
-
-  ChaCha20Poly1305Rfc7539Encrypter encrypter;
+TEST(ChaCha20Poly1305EncrypterTest, GetCiphertextSize) {
+  ChaCha20Poly1305Encrypter encrypter;
   EXPECT_EQ(1012u, encrypter.GetCiphertextSize(1000));
   EXPECT_EQ(112u, encrypter.GetCiphertextSize(100));
   EXPECT_EQ(22u, encrypter.GetCiphertextSize(10));
diff --git a/chromium/net/quic/crypto/chacha20_poly1305_rfc7539_decrypter.h b/chromium/net/quic/crypto/chacha20_poly1305_rfc7539_decrypter.h
deleted file mode 100644
index 57609d09da1..00000000000
--- a/chromium/net/quic/crypto/chacha20_poly1305_rfc7539_decrypter.h
+++ /dev/null
@@ -1,56 +0,0 @@
-// Copyright 2014 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef NET_QUIC_CRYPTO_CHACHA20_POLY1305_RFC7539_DECRYPTER_H_
-#define NET_QUIC_CRYPTO_CHACHA20_POLY1305_RFC7539_DECRYPTER_H_
-
-#include <stddef.h>
-#include <stdint.h>
-
-#include "base/macros.h"
-#include "net/quic/crypto/aead_base_decrypter.h"
-
-namespace net {
-
-// A ChaCha20Poly1305Rfc7539Decrypter is a QuicDecrypter that implements the
-// AEAD_CHACHA20_POLY1305 algorithm specified in
-// draft-agl-tls-chacha20poly1305-04, except that it truncates the Poly1305
-// authenticator to 12 bytes. Create an instance by calling
-// QuicDecrypter::Create(kCC12).
-//
-// It uses an authentication tag of 16 bytes (128 bits). There is no
-// fixed nonce prefix.
-class NET_EXPORT_PRIVATE ChaCha20Poly1305Rfc7539Decrypter
-    : public AeadBaseDecrypter {
- public:
-  enum {
-    kAuthTagSize = 12,
-  };
-
-  ChaCha20Poly1305Rfc7539Decrypter();
-  ~ChaCha20Poly1305Rfc7539Decrypter() override;
-
-  // Returns true if the underlying crypto library supports the RFC 7539
-  // variant of ChaCha20+Poly1305.
-  static bool IsSupported();
-
-  const char* cipher_name() const override;
-  uint32_t cipher_id() const override;
-
-#if !defined(USE_OPENSSL)
- protected:
-  // AeadBaseDecrypter methods:
-  void FillAeadParams(base::StringPiece nonce,
-                      base::StringPiece associated_data,
-                      size_t auth_tag_size,
-                      AeadParams* aead_params) const override;
-#endif
-
- private:
-  DISALLOW_COPY_AND_ASSIGN(ChaCha20Poly1305Rfc7539Decrypter);
-};
-
-}  // namespace net
-
-#endif  // NET_QUIC_CRYPTO_CHACHA20_POLY1305_RFC7539_DECRYPTER_H_
diff --git a/chromium/net/quic/crypto/chacha20_poly1305_rfc7539_decrypter_nss.cc b/chromium/net/quic/crypto/chacha20_poly1305_rfc7539_decrypter_nss.cc
deleted file mode 100644
index 799a2c5a545..00000000000
--- a/chromium/net/quic/crypto/chacha20_poly1305_rfc7539_decrypter_nss.cc
+++ /dev/null
@@ -1,50 +0,0 @@
-// Copyright 2014 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "net/quic/crypto/chacha20_poly1305_rfc7539_decrypter.h"
-
-#include <pk11pub.h>
-
-using base::StringPiece;
-
-namespace net {
-
-namespace {
-
-const size_t kKeySize = 32;
-const size_t kNoncePrefixSize = 4;
-
-}  // namespace
-
-ChaCha20Poly1305Rfc7539Decrypter::ChaCha20Poly1305Rfc7539Decrypter()
-    : AeadBaseDecrypter(CKM_NSS_CHACHA20_POLY1305,
-                        kKeySize,
-                        kAuthTagSize,
-                        kNoncePrefixSize) {
-  static_assert(kKeySize <= kMaxKeySize, "key size too big");
-  static_assert(kNoncePrefixSize <= kMaxNoncePrefixSize,
-                "nonce prefix size too big");
-}
-
-ChaCha20Poly1305Rfc7539Decrypter::~ChaCha20Poly1305Rfc7539Decrypter() {}
-
-bool ChaCha20Poly1305Rfc7539Decrypter::IsSupported() {
-  return false;
-}
-
-const char* ChaCha20Poly1305Rfc7539Decrypter::cipher_name() const {
-  return "";
-}
-
-uint32_t ChaCha20Poly1305Rfc7539Decrypter::cipher_id() const {
-  return 0;
-}
-
-void ChaCha20Poly1305Rfc7539Decrypter::FillAeadParams(
-    base::StringPiece nonce,
-    base::StringPiece associated_data,
-    size_t auth_tag_size,
-    AeadParams* aead_params) const {}
-
-}  // namespace net
diff --git a/chromium/net/quic/crypto/chacha20_poly1305_rfc7539_encrypter.h b/chromium/net/quic/crypto/chacha20_poly1305_rfc7539_encrypter.h
deleted file mode 100644
index 7b6e0b4e205..00000000000
--- a/chromium/net/quic/crypto/chacha20_poly1305_rfc7539_encrypter.h
+++ /dev/null
@@ -1,51 +0,0 @@
-// Copyright 2014 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef NET_QUIC_CRYPTO_CHACHA20_POLY1305_RFC7539_ENCRYPTER_H_
-#define NET_QUIC_CRYPTO_CHACHA20_POLY1305_RFC7539_ENCRYPTER_H_
-
-#include <stddef.h>
-
-#include "base/macros.h"
-#include "net/quic/crypto/aead_base_encrypter.h"
-
-namespace net {
-
-// A ChaCha20Poly1305Encrypter is a QuicEncrypter that implements the
-// AEAD_CHACHA20_POLY1305 algorithm specified in RFC 7539, except that
-// it truncates the Poly1305 authenticator to 12 bytes. Create an instance
-// by calling QuicEncrypter::Create(kCC12).
-//
-// It uses an authentication tag of 16 bytes (128 bits). There is no
-// fixed nonce prefix.
-class NET_EXPORT_PRIVATE ChaCha20Poly1305Rfc7539Encrypter
-    : public AeadBaseEncrypter {
- public:
-  enum {
-    kAuthTagSize = 12,
-  };
-
-  ChaCha20Poly1305Rfc7539Encrypter();
-  ~ChaCha20Poly1305Rfc7539Encrypter() override;
-
-  // Returns true if the underlying crypto library supports the RFC 7539
-  // variant of ChaCha20+Poly1305.
-  static bool IsSupported();
-
-#if !defined(USE_OPENSSL)
- protected:
-  // AeadBaseEncrypter methods:
-  void FillAeadParams(base::StringPiece nonce,
-                      base::StringPiece associated_data,
-                      size_t auth_tag_size,
-                      AeadParams* aead_params) const override;
-#endif
-
- private:
-  DISALLOW_COPY_AND_ASSIGN(ChaCha20Poly1305Rfc7539Encrypter);
-};
-
-}  // namespace net
-
-#endif  // NET_QUIC_CRYPTO_CHACHA20_POLY1305_RFC7539_ENCRYPTER_H_
diff --git a/chromium/net/quic/crypto/chacha20_poly1305_rfc7539_encrypter_nss.cc b/chromium/net/quic/crypto/chacha20_poly1305_rfc7539_encrypter_nss.cc
deleted file mode 100644
index 34b404ef4e4..00000000000
--- a/chromium/net/quic/crypto/chacha20_poly1305_rfc7539_encrypter_nss.cc
+++ /dev/null
@@ -1,42 +0,0 @@
-// Copyright 2014 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "net/quic/crypto/chacha20_poly1305_rfc7539_encrypter.h"
-
-#include <pk11pub.h>
-
-using base::StringPiece;
-
-namespace net {
-
-namespace {
-
-const size_t kKeySize = 32;
-const size_t kNoncePrefixSize = 4;
-
-}  // namespace
-
-ChaCha20Poly1305Rfc7539Encrypter::ChaCha20Poly1305Rfc7539Encrypter()
-    : AeadBaseEncrypter(CKM_NSS_CHACHA20_POLY1305,
-                        kKeySize,
-                        kAuthTagSize,
-                        kNoncePrefixSize) {
-  static_assert(kKeySize <= kMaxKeySize, "key size too big");
-  static_assert(kNoncePrefixSize <= kMaxNoncePrefixSize,
-                "nonce prefix size too big");
-}
-
-ChaCha20Poly1305Rfc7539Encrypter::~ChaCha20Poly1305Rfc7539Encrypter() {}
-
-bool ChaCha20Poly1305Rfc7539Encrypter::IsSupported() {
-  return false;
-}
-
-void ChaCha20Poly1305Rfc7539Encrypter::FillAeadParams(
-    StringPiece nonce,
-    StringPiece associated_data,
-    size_t auth_tag_size,
-    AeadParams* aead_params) const {}
-
-}  // namespace net
diff --git a/chromium/net/quic/crypto/channel_id.cc b/chromium/net/quic/crypto/channel_id.cc
index e707bf01cb3..3d93be0ab87 100644
--- a/chromium/net/quic/crypto/channel_id.cc
+++ b/chromium/net/quic/crypto/channel_id.cc
@@ -4,6 +4,17 @@
 
 #include "net/quic/crypto/channel_id.h"
 
+#include <openssl/bn.h>
+#include <openssl/ec.h>
+#include <openssl/ecdsa.h>
+#include <openssl/obj_mac.h>
+#include <openssl/sha.h>
+
+#include "crypto/openssl_util.h"
+#include "crypto/scoped_openssl_types.h"
+
+using base::StringPiece;
+
 namespace net {
 
 // static
@@ -11,4 +22,70 @@ const char ChannelIDVerifier::kContextStr[] = "QUIC ChannelID";
 // static
 const char ChannelIDVerifier::kClientToServerStr[] = "client -> server";
 
+// static
+bool ChannelIDVerifier::Verify(StringPiece key,
+                               StringPiece signed_data,
+                               StringPiece signature) {
+  return VerifyRaw(key, signed_data, signature, true);
+}
+
+// static
+bool ChannelIDVerifier::VerifyRaw(StringPiece key,
+                                  StringPiece signed_data,
+                                  StringPiece signature,
+                                  bool is_channel_id_signature) {
+  if (key.size() != 32 * 2 || signature.size() != 32 * 2) {
+    return false;
+  }
+
+  crypto::ScopedEC_GROUP p256(EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
+  if (!p256) {
+    return false;
+  }
+
+  crypto::ScopedBIGNUM x(BN_new()), y(BN_new()), r(BN_new()), s(BN_new());
+
+  ECDSA_SIG sig;
+  sig.r = r.get();
+  sig.s = s.get();
+
+  const uint8_t* key_bytes = reinterpret_cast<const uint8_t*>(key.data());
+  const uint8_t* signature_bytes =
+      reinterpret_cast<const uint8_t*>(signature.data());
+
+  if (BN_bin2bn(key_bytes + 0, 32, x.get()) == nullptr ||
+      BN_bin2bn(key_bytes + 32, 32, y.get()) == nullptr ||
+      BN_bin2bn(signature_bytes + 0, 32, sig.r) == nullptr ||
+      BN_bin2bn(signature_bytes + 32, 32, sig.s) == nullptr) {
+    return false;
+  }
+
+  crypto::ScopedEC_POINT point(EC_POINT_new(p256.get()));
+  if (!point ||
+      !EC_POINT_set_affine_coordinates_GFp(p256.get(), point.get(), x.get(),
+                                           y.get(), nullptr)) {
+    return false;
+  }
+
+  crypto::ScopedEC_KEY ecdsa_key(EC_KEY_new());
+  if (ecdsa_key.get() == nullptr ||
+      !EC_KEY_set_group(ecdsa_key.get(), p256.get()) ||
+      !EC_KEY_set_public_key(ecdsa_key.get(), point.get())) {
+    return false;
+  }
+
+  SHA256_CTX sha256;
+  SHA256_Init(&sha256);
+  if (is_channel_id_signature) {
+    SHA256_Update(&sha256, kContextStr, strlen(kContextStr) + 1);
+    SHA256_Update(&sha256, kClientToServerStr, strlen(kClientToServerStr) + 1);
+  }
+  SHA256_Update(&sha256, signed_data.data(), signed_data.size());
+
+  unsigned char digest[SHA256_DIGEST_LENGTH];
+  SHA256_Final(digest, &sha256);
+
+  return ECDSA_do_verify(digest, sizeof(digest), &sig, ecdsa_key.get()) == 1;
+}
+
 }  // namespace net
diff --git a/chromium/net/quic/crypto/channel_id.h b/chromium/net/quic/crypto/channel_id.h
index 0ec1d4dd817..cb2632fd5d9 100644
--- a/chromium/net/quic/crypto/channel_id.h
+++ b/chromium/net/quic/crypto/channel_id.h
@@ -5,10 +5,10 @@
 #ifndef NET_QUIC_CRYPTO_CHANNEL_ID_H_
 #define NET_QUIC_CRYPTO_CHANNEL_ID_H_
 
+#include <memory>
 #include <string>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_piece.h"
 #include "net/base/net_export.h"
 #include "net/quic/quic_types.h"
@@ -40,7 +40,7 @@ class ChannelIDSourceCallback {
   // asynchonous GetChannelIDKey operation. If |*channel_id_key| is not nullptr
   // then the channel ID lookup is successful. |Run| may take ownership of
   // |*channel_id_key| by calling |release| on it.
-  virtual void Run(scoped_ptr<ChannelIDKey>* channel_id_key) = 0;
+  virtual void Run(std::unique_ptr<ChannelIDKey>* channel_id_key) = 0;
 };
 
 // ChannelIDSource is an abstract interface by which a QUIC client can obtain
@@ -59,7 +59,7 @@ class NET_EXPORT_PRIVATE ChannelIDSource {
   // |callback|.
   virtual QuicAsyncStatus GetChannelIDKey(
       const std::string& hostname,
-      scoped_ptr<ChannelIDKey>* channel_id_key,
+      std::unique_ptr<ChannelIDKey>* channel_id_key,
       ChannelIDSourceCallback* callback) = 0;
 };
 
diff --git a/chromium/net/quic/crypto/channel_id_chromium.cc b/chromium/net/quic/crypto/channel_id_chromium.cc
index 1aec7e7b8a0..ac71fb0231a 100644
--- a/chromium/net/quic/crypto/channel_id_chromium.cc
+++ b/chromium/net/quic/crypto/channel_id_chromium.cc
@@ -19,14 +19,14 @@
 namespace net {
 
 ChannelIDKeyChromium::ChannelIDKeyChromium(
-    scoped_ptr<crypto::ECPrivateKey> ec_private_key)
+    std::unique_ptr<crypto::ECPrivateKey> ec_private_key)
     : ec_private_key_(std::move(ec_private_key)) {}
 
 ChannelIDKeyChromium::~ChannelIDKeyChromium() {}
 
 bool ChannelIDKeyChromium::Sign(base::StringPiece signed_data,
                                 std::string* out_signature) const {
-  scoped_ptr<crypto::ECSignatureCreator> sig_creator(
+  std::unique_ptr<crypto::ECSignatureCreator> sig_creator(
       crypto::ECSignatureCreator::Create(ec_private_key_.get()));
   if (!sig_creator) {
     return false;
@@ -69,7 +69,7 @@ class ChannelIDSourceChromium::Job {
   // Starts the channel ID lookup.  If |QUIC_PENDING| is returned, then
   // |callback| will be invoked asynchronously when the operation completes.
   QuicAsyncStatus GetChannelIDKey(const std::string& hostname,
-                                  scoped_ptr<ChannelIDKey>* channel_id_key,
+                                  std::unique_ptr<ChannelIDKey>* channel_id_key,
                                   ChannelIDSourceCallback* callback);
 
  private:
@@ -89,15 +89,15 @@ class ChannelIDSourceChromium::Job {
 
   ChannelIDService* const channel_id_service_;
 
-  scoped_ptr<crypto::ECPrivateKey> channel_id_crypto_key_;
+  std::unique_ptr<crypto::ECPrivateKey> channel_id_crypto_key_;
   ChannelIDService::Request channel_id_request_;
 
   // |hostname| specifies the hostname for which we need a channel ID.
   std::string hostname_;
 
-  scoped_ptr<ChannelIDSourceCallback> callback_;
+  std::unique_ptr<ChannelIDSourceCallback> callback_;
 
-  scoped_ptr<ChannelIDKey> channel_id_key_;
+  std::unique_ptr<ChannelIDKey> channel_id_key_;
 
   State next_state_;
 
@@ -112,7 +112,7 @@ ChannelIDSourceChromium::Job::Job(ChannelIDSourceChromium* channel_id_source,
 
 QuicAsyncStatus ChannelIDSourceChromium::Job::GetChannelIDKey(
     const std::string& hostname,
-    scoped_ptr<ChannelIDKey>* channel_id_key,
+    std::unique_ptr<ChannelIDKey>* channel_id_key,
     ChannelIDSourceCallback* callback) {
   DCHECK(channel_id_key);
   DCHECK(callback);
@@ -166,7 +166,7 @@ int ChannelIDSourceChromium::Job::DoLoop(int last_result) {
 void ChannelIDSourceChromium::Job::OnIOComplete(int result) {
   int rv = DoLoop(result);
   if (rv != ERR_IO_PENDING) {
-    scoped_ptr<ChannelIDSourceCallback> callback(callback_.release());
+    std::unique_ptr<ChannelIDSourceCallback> callback(callback_.release());
     callback->Run(&channel_id_key_);
     // Will delete |this|.
     channel_id_source_->OnJobComplete(this);
@@ -206,9 +206,9 @@ ChannelIDSourceChromium::~ChannelIDSourceChromium() {
 
 QuicAsyncStatus ChannelIDSourceChromium::GetChannelIDKey(
     const std::string& hostname,
-    scoped_ptr<ChannelIDKey>* channel_id_key,
+    std::unique_ptr<ChannelIDKey>* channel_id_key,
     ChannelIDSourceCallback* callback) {
-  scoped_ptr<Job> job(new Job(this, channel_id_service_));
+  std::unique_ptr<Job> job(new Job(this, channel_id_service_));
   QuicAsyncStatus status =
       job->GetChannelIDKey(hostname, channel_id_key, callback);
   if (status == QUIC_PENDING) {
diff --git a/chromium/net/quic/crypto/channel_id_chromium.h b/chromium/net/quic/crypto/channel_id_chromium.h
index 7dfb9b52d0d..c93000a4179 100644
--- a/chromium/net/quic/crypto/channel_id_chromium.h
+++ b/chromium/net/quic/crypto/channel_id_chromium.h
@@ -21,7 +21,7 @@ class ChannelIDService;
 class NET_EXPORT_PRIVATE ChannelIDKeyChromium : public ChannelIDKey {
  public:
   explicit ChannelIDKeyChromium(
-      scoped_ptr<crypto::ECPrivateKey> ec_private_key);
+      std::unique_ptr<crypto::ECPrivateKey> ec_private_key);
   ~ChannelIDKeyChromium() override;
 
   // ChannelIDKey interface
@@ -30,7 +30,7 @@ class NET_EXPORT_PRIVATE ChannelIDKeyChromium : public ChannelIDKey {
   std::string SerializeKey() const override;
 
  private:
-  scoped_ptr<crypto::ECPrivateKey> ec_private_key_;
+  std::unique_ptr<crypto::ECPrivateKey> ec_private_key_;
 };
 
 // ChannelIDSourceChromium implements the QUIC ChannelIDSource interface.
@@ -41,7 +41,7 @@ class ChannelIDSourceChromium : public ChannelIDSource {
 
   // ChannelIDSource interface
   QuicAsyncStatus GetChannelIDKey(const std::string& hostname,
-                                  scoped_ptr<ChannelIDKey>* channel_id_key,
+                                  std::unique_ptr<ChannelIDKey>* channel_id_key,
                                   ChannelIDSourceCallback* callback) override;
 
  private:
diff --git a/chromium/net/quic/crypto/channel_id_nss.cc b/chromium/net/quic/crypto/channel_id_nss.cc
deleted file mode 100644
index 522b2f61509..00000000000
--- a/chromium/net/quic/crypto/channel_id_nss.cc
+++ /dev/null
@@ -1,79 +0,0 @@
-// Copyright 2013 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "net/quic/crypto/channel_id.h"
-
-#include <keythi.h>
-#include <pk11pub.h>
-#include <sechash.h>
-
-using base::StringPiece;
-
-namespace net {
-
-// static
-bool ChannelIDVerifier::Verify(StringPiece key,
-                               StringPiece signed_data,
-                               StringPiece signature) {
-  return VerifyRaw(key, signed_data, signature, true);
-}
-
-// static
-bool ChannelIDVerifier::VerifyRaw(StringPiece key,
-                                  StringPiece signed_data,
-                                  StringPiece signature,
-                                  bool is_channel_id_signature) {
-  if (key.size() != 32 * 2 || signature.size() != 32 * 2) {
-    return false;
-  }
-
-  SECKEYPublicKey public_key;
-  memset(&public_key, 0, sizeof(public_key));
-
-  // DER encoding of the object identifier (OID) of the named curve P-256
-  // (1.2.840.10045.3.1.7). See RFC 6637 Section 11.
-  static const unsigned char p256_oid[] = {0x06, 0x08, 0x2a, 0x86, 0x48,
-                                           0xce, 0x3d, 0x03, 0x01, 0x07};
-  public_key.keyType = ecKey;
-  public_key.u.ec.DEREncodedParams.type = siBuffer;
-  public_key.u.ec.DEREncodedParams.data = const_cast<unsigned char*>(p256_oid);
-  public_key.u.ec.DEREncodedParams.len = sizeof(p256_oid);
-
-  unsigned char key_buf[65];
-  key_buf[0] = 0x04;
-  memcpy(&key_buf[1], key.data(), key.size());
-  public_key.u.ec.publicValue.type = siBuffer;
-  public_key.u.ec.publicValue.data = key_buf;
-  public_key.u.ec.publicValue.len = sizeof(key_buf);
-
-  SECItem signature_item = {siBuffer, reinterpret_cast<unsigned char*>(
-                                          const_cast<char*>(signature.data())),
-                            static_cast<unsigned int>(signature.size())};
-
-  unsigned char hash_buf[SHA256_LENGTH];
-  SECItem hash_item = {siBuffer, hash_buf, sizeof(hash_buf)};
-
-  HASHContext* sha256 = HASH_Create(HASH_AlgSHA256);
-  if (!sha256) {
-    return false;
-  }
-  HASH_Begin(sha256);
-  if (is_channel_id_signature) {
-    HASH_Update(sha256, reinterpret_cast<const unsigned char*>(kContextStr),
-                strlen(kContextStr) + 1);
-    HASH_Update(sha256,
-                reinterpret_cast<const unsigned char*>(kClientToServerStr),
-                strlen(kClientToServerStr) + 1);
-  }
-  HASH_Update(sha256,
-              reinterpret_cast<const unsigned char*>(signed_data.data()),
-              signed_data.size());
-  HASH_End(sha256, hash_buf, &hash_item.len, sizeof(hash_buf));
-  HASH_Destroy(sha256);
-
-  return PK11_Verify(&public_key, &signature_item, &hash_item, nullptr) ==
-         SECSuccess;
-}
-
-}  // namespace net
diff --git a/chromium/net/quic/crypto/channel_id_openssl.cc b/chromium/net/quic/crypto/channel_id_openssl.cc
deleted file mode 100644
index 4e576ae7906..00000000000
--- a/chromium/net/quic/crypto/channel_id_openssl.cc
+++ /dev/null
@@ -1,86 +0,0 @@
-// Copyright 2013 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "net/quic/crypto/channel_id.h"
-
-#include <openssl/bn.h>
-#include <openssl/ec.h>
-#include <openssl/ecdsa.h>
-#include <openssl/obj_mac.h>
-#include <openssl/sha.h>
-
-#include "crypto/openssl_util.h"
-#include "crypto/scoped_openssl_types.h"
-
-using base::StringPiece;
-
-namespace net {
-
-// static
-bool ChannelIDVerifier::Verify(StringPiece key,
-                               StringPiece signed_data,
-                               StringPiece signature) {
-  return VerifyRaw(key, signed_data, signature, true);
-}
-
-// static
-bool ChannelIDVerifier::VerifyRaw(StringPiece key,
-                                  StringPiece signed_data,
-                                  StringPiece signature,
-                                  bool is_channel_id_signature) {
-  if (key.size() != 32 * 2 || signature.size() != 32 * 2) {
-    return false;
-  }
-
-  crypto::ScopedEC_GROUP p256(EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
-  if (!p256) {
-    return false;
-  }
-
-  crypto::ScopedBIGNUM x(BN_new()), y(BN_new()), r(BN_new()), s(BN_new());
-
-  ECDSA_SIG sig;
-  sig.r = r.get();
-  sig.s = s.get();
-
-  const uint8_t* key_bytes = reinterpret_cast<const uint8_t*>(key.data());
-  const uint8_t* signature_bytes =
-      reinterpret_cast<const uint8_t*>(signature.data());
-
-  if (BN_bin2bn(key_bytes + 0, 32, x.get()) == nullptr ||
-      BN_bin2bn(key_bytes + 32, 32, y.get()) == nullptr ||
-      BN_bin2bn(signature_bytes + 0, 32, sig.r) == nullptr ||
-      BN_bin2bn(signature_bytes + 32, 32, sig.s) == nullptr) {
-    return false;
-  }
-
-  crypto::ScopedEC_POINT point(EC_POINT_new(p256.get()));
-  if (!point ||
-      !EC_POINT_set_affine_coordinates_GFp(p256.get(), point.get(), x.get(),
-                                           y.get(), nullptr)) {
-    return false;
-  }
-
-  crypto::ScopedEC_KEY ecdsa_key(EC_KEY_new());
-  if (ecdsa_key.get() == nullptr ||
-      !EC_KEY_set_group(ecdsa_key.get(), p256.get()) ||
-      !EC_KEY_set_public_key(ecdsa_key.get(), point.get())) {
-    return false;
-  }
-
-  SHA256_CTX sha256;
-  SHA256_Init(&sha256);
-  if (is_channel_id_signature) {
-    SHA256_Update(&sha256, kContextStr, strlen(kContextStr) + 1);
-    SHA256_Update(&sha256, kClientToServerStr, strlen(kClientToServerStr) + 1);
-  }
-  SHA256_Update(&sha256, signed_data.data(), signed_data.size());
-
-  unsigned char digest[SHA256_DIGEST_LENGTH];
-  SHA256_Final(digest, &sha256);
-
-  return ECDSA_do_verify(digest, sizeof(digest), &sig, ecdsa_key.get()) == 1;
-}
-
-}  // namespace net
diff --git a/chromium/net/quic/crypto/channel_id_test.cc b/chromium/net/quic/crypto/channel_id_test.cc
index 8aa2f74fb09..bc1ca44a8a0 100644
--- a/chromium/net/quic/crypto/channel_id_test.cc
+++ b/chromium/net/quic/crypto/channel_id_test.cc
@@ -4,6 +4,8 @@
 
 #include "net/quic/crypto/channel_id.h"
 
+#include <memory>
+
 #include "net/quic/test_tools/crypto_test_utils.h"
 #include "net/quic/test_tools/quic_test_utils.h"
 #include "testing/gtest/include/gtest/gtest.h"
@@ -234,12 +236,12 @@ TEST(ChannelIDTest, VerifyKnownAnswerTest) {
 }
 
 TEST(ChannelIDTest, SignAndVerify) {
-  scoped_ptr<ChannelIDSource> source(
+  std::unique_ptr<ChannelIDSource> source(
       CryptoTestUtils::ChannelIDSourceForTesting());
 
   const string signed_data = "signed data";
   const string hostname = "foo.example.com";
-  scoped_ptr<ChannelIDKey> channel_id_key;
+  std::unique_ptr<ChannelIDKey> channel_id_key;
   QuicAsyncStatus status =
       source->GetChannelIDKey(hostname, &channel_id_key, nullptr);
   ASSERT_EQ(QUIC_SUCCESS, status);
@@ -253,13 +255,13 @@ TEST(ChannelIDTest, SignAndVerify) {
   EXPECT_FALSE(ChannelIDVerifier::Verify("a" + key, signed_data, signature));
   EXPECT_FALSE(ChannelIDVerifier::Verify(key, "a" + signed_data, signature));
 
-  scoped_ptr<char[]> bad_key(new char[key.size()]);
+  std::unique_ptr<char[]> bad_key(new char[key.size()]);
   memcpy(bad_key.get(), key.data(), key.size());
   bad_key[1] ^= 0x80;
   EXPECT_FALSE(ChannelIDVerifier::Verify(string(bad_key.get(), key.size()),
                                          signed_data, signature));
 
-  scoped_ptr<char[]> bad_signature(new char[signature.size()]);
+  std::unique_ptr<char[]> bad_signature(new char[signature.size()]);
   memcpy(bad_signature.get(), signature.data(), signature.size());
   bad_signature[1] ^= 0x80;
   EXPECT_FALSE(ChannelIDVerifier::Verify(
diff --git a/chromium/net/quic/crypto/crypto_framer.cc b/chromium/net/quic/crypto/crypto_framer.cc
index 2d809807c2b..9b2fc2d80af 100644
--- a/chromium/net/quic/crypto/crypto_framer.cc
+++ b/chromium/net/quic/crypto/crypto_framer.cc
@@ -4,6 +4,8 @@
 
 #include "net/quic/crypto/crypto_framer.h"
 
+#include <memory>
+
 #include "base/strings/stringprintf.h"
 #include "net/quic/crypto/crypto_protocol.h"
 #include "net/quic/quic_data_reader.h"
@@ -37,7 +39,7 @@ class OneShotVisitor : public CryptoFramerVisitorInterface {
   CryptoHandshakeMessage* release() { return out_.release(); }
 
  private:
-  scoped_ptr<CryptoHandshakeMessage> out_;
+  std::unique_ptr<CryptoHandshakeMessage> out_;
   bool error_;
 };
 
@@ -105,7 +107,7 @@ QuicData* CryptoFramer::ConstructHandshakeMessage(
     return nullptr;
   }
 
-  scoped_ptr<char[]> buffer(new char[len]);
+  std::unique_ptr<char[]> buffer(new char[len]);
   QuicDataWriter writer(len, buffer.get());
   if (!writer.WriteUInt32(message.tag())) {
     DCHECK(false) << "Failed to write message tag.";
diff --git a/chromium/net/quic/crypto/crypto_framer_test.cc b/chromium/net/quic/crypto/crypto_framer_test.cc
index f60380fd0a5..e39c21f608b 100644
--- a/chromium/net/quic/crypto/crypto_framer_test.cc
+++ b/chromium/net/quic/crypto/crypto_framer_test.cc
@@ -5,10 +5,10 @@
 #include "net/quic/crypto/crypto_framer.h"
 
 #include <map>
+#include <memory>
 #include <vector>
 
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/quic/crypto/crypto_handshake.h"
 #include "net/quic/crypto/crypto_protocol.h"
 #include "net/quic/quic_protocol.h"
@@ -86,7 +86,7 @@ TEST(CryptoFramerTest, ConstructHandshakeMessage) {
   };
 
   CryptoFramer framer;
-  scoped_ptr<QuicData> data(framer.ConstructHandshakeMessage(message));
+  std::unique_ptr<QuicData> data(framer.ConstructHandshakeMessage(message));
   ASSERT_TRUE(data.get() != nullptr);
   test::CompareCharArraysWithHexError("constructed packet", data->data(),
                                       data->length(), AsChars(packet),
@@ -121,7 +121,7 @@ TEST(CryptoFramerTest, ConstructHandshakeMessageWithTwoKeys) {
   };
 
   CryptoFramer framer;
-  scoped_ptr<QuicData> data(framer.ConstructHandshakeMessage(message));
+  std::unique_ptr<QuicData> data(framer.ConstructHandshakeMessage(message));
   ASSERT_TRUE(data.get() != nullptr);
 
   test::CompareCharArraysWithHexError("constructed packet", data->data(),
@@ -148,7 +148,7 @@ TEST(CryptoFramerTest, ConstructHandshakeMessageZeroLength) {
   };
 
   CryptoFramer framer;
-  scoped_ptr<QuicData> data(framer.ConstructHandshakeMessage(message));
+  std::unique_ptr<QuicData> data(framer.ConstructHandshakeMessage(message));
   ASSERT_TRUE(data.get() != nullptr);
 
   test::CompareCharArraysWithHexError("constructed packet", data->data(),
@@ -164,7 +164,7 @@ TEST(CryptoFramerTest, ConstructHandshakeMessageTooManyEntries) {
   }
 
   CryptoFramer framer;
-  scoped_ptr<QuicData> data(framer.ConstructHandshakeMessage(message));
+  std::unique_ptr<QuicData> data(framer.ConstructHandshakeMessage(message));
   EXPECT_TRUE(data.get() == nullptr);
 }
 
@@ -198,7 +198,7 @@ TEST(CryptoFramerTest, ConstructHandshakeMessageMinimumSize) {
   };
 
   CryptoFramer framer;
-  scoped_ptr<QuicData> data(framer.ConstructHandshakeMessage(message));
+  std::unique_ptr<QuicData> data(framer.ConstructHandshakeMessage(message));
   ASSERT_TRUE(data.get() != nullptr);
 
   test::CompareCharArraysWithHexError("constructed packet", data->data(),
@@ -234,7 +234,7 @@ TEST(CryptoFramerTest, ConstructHandshakeMessageMinimumSizePadLast) {
   };
 
   CryptoFramer framer;
-  scoped_ptr<QuicData> data(framer.ConstructHandshakeMessage(message));
+  std::unique_ptr<QuicData> data(framer.ConstructHandshakeMessage(message));
   ASSERT_TRUE(data.get() != nullptr);
 
   test::CompareCharArraysWithHexError("constructed packet", data->data(),
diff --git a/chromium/net/quic/crypto/crypto_handshake.h b/chromium/net/quic/crypto/crypto_handshake.h
index d9d51e315cc..dd958c2e12a 100644
--- a/chromium/net/quic/crypto/crypto_handshake.h
+++ b/chromium/net/quic/crypto/crypto_handshake.h
@@ -7,11 +7,11 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 #include <vector>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 #include "net/quic/quic_protocol.h"
 
@@ -94,8 +94,8 @@ static_assert(MAX_FAILURE_REASON <= 32, "failure reason out of sync");
 struct NET_EXPORT_PRIVATE CrypterPair {
   CrypterPair();
   ~CrypterPair();
-  scoped_ptr<QuicEncrypter> encrypter;
-  scoped_ptr<QuicDecrypter> decrypter;
+  std::unique_ptr<QuicEncrypter> encrypter;
+  std::unique_ptr<QuicDecrypter> decrypter;
 };
 
 // Parameters negotiated by the crypto handshake.
@@ -130,7 +130,7 @@ struct NET_EXPORT_PRIVATE QuicCryptoNegotiatedParameters {
   std::vector<std::string> cached_certs;
   // client_key_exchange is used by clients to store the ephemeral KeyExchange
   // for the connection.
-  scoped_ptr<KeyExchange> client_key_exchange;
+  std::unique_ptr<KeyExchange> client_key_exchange;
   // channel_id is set by servers to a ChannelID key when the client correctly
   // proves possession of the corresponding private key. It consists of 32
   // bytes of x coordinate, followed by 32 bytes of y coordinate. Both values
diff --git a/chromium/net/quic/crypto/crypto_handshake_message.cc b/chromium/net/quic/crypto/crypto_handshake_message.cc
index 5e4e48dd195..b5cc4a908f3 100644
--- a/chromium/net/quic/crypto/crypto_handshake_message.cc
+++ b/chromium/net/quic/crypto/crypto_handshake_message.cc
@@ -4,6 +4,8 @@
 
 #include "net/quic/crypto/crypto_handshake_message.h"
 
+#include <memory>
+
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/stringprintf.h"
 #include "net/quic/crypto/crypto_framer.h"
@@ -304,7 +306,7 @@ string CryptoHandshakeMessage::DebugStringInternal(size_t indent) const {
       case kSCFG:
         // nested messages.
         if (!it->second.empty()) {
-          scoped_ptr<CryptoHandshakeMessage> msg(
+          std::unique_ptr<CryptoHandshakeMessage> msg(
               CryptoFramer::ParseMessage(it->second));
           if (msg.get()) {
             ret += "\n";
@@ -329,7 +331,7 @@ string CryptoHandshakeMessage::DebugStringInternal(size_t indent) const {
     if (!done) {
       // If there's no specific format for this tag, or the value is invalid,
       // then just use hex.
-      ret += "0x" + base::HexEncode(it->second.data(), it->second.size());
+      ret += "0x" + QuicUtils::HexEncode(it->second);
     }
     ret += "\n";
   }
diff --git a/chromium/net/quic/crypto/crypto_handshake_message.h b/chromium/net/quic/crypto/crypto_handshake_message.h
index a3778cb7be2..0f7346f423d 100644
--- a/chromium/net/quic/crypto/crypto_handshake_message.h
+++ b/chromium/net/quic/crypto/crypto_handshake_message.h
@@ -8,10 +8,11 @@
 #include <stddef.h>
 #include <stdint.h>
 
+#include <cstdint>
+#include <memory>
 #include <string>
 #include <vector>
 
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_piece.h"
 #include "net/base/net_export.h"
 #include "net/quic/quic_protocol.h"
@@ -132,7 +133,7 @@ class NET_EXPORT_PRIVATE CryptoHandshakeMessage {
 
   // The serialized form of the handshake message. This member is constructed
   // lasily.
-  mutable scoped_ptr<QuicData> serialized_;
+  mutable std::unique_ptr<QuicData> serialized_;
 };
 
 }  // namespace net
diff --git a/chromium/net/quic/crypto/crypto_protocol.h b/chromium/net/quic/crypto/crypto_protocol.h
index 532f80356ad..5acefc06fd6 100644
--- a/chromium/net/quic/crypto/crypto_protocol.h
+++ b/chromium/net/quic/crypto/crypto_protocol.h
@@ -81,7 +81,10 @@ const QuicTag k1CON = TAG('1', 'C', 'O', 'N');   // Emulate a single connection
 const QuicTag kNTLP = TAG('N', 'T', 'L', 'P');   // No tail loss probe
 const QuicTag kNCON = TAG('N', 'C', 'O', 'N');   // N Connection Congestion Ctrl
 const QuicTag kNRTO = TAG('N', 'R', 'T', 'O');   // CWND reduction on loss
+const QuicTag kUNDO = TAG('U', 'N', 'D', 'O');   // Undo any pending retransmits
+                                                 // if they're likely spurious.
 const QuicTag kTIME = TAG('T', 'I', 'M', 'E');   // Time based loss detection
+const QuicTag kATIM = TAG('A', 'T', 'I', 'M');   // Adaptive time loss detection
 const QuicTag kMIN1 = TAG('M', 'I', 'N', '1');   // Min CWND of 1 packet
 const QuicTag kMIN4 = TAG('M', 'I', 'N', '4');   // Min CWND of 4 packets,
                                                  // with a min rate of 1 BDP.
@@ -90,10 +93,16 @@ const QuicTag kTLPR = TAG('T', 'L', 'P', 'R');   // Tail loss probe delay of
 const QuicTag kACKD = TAG('A', 'C', 'K', 'D');   // Ack decimation style acking.
 const QuicTag kAKD2 = TAG('A', 'K', 'D', '2');   // Ack decimation tolerating
                                                  // out of order packets.
+const QuicTag kAKD3 = TAG('A', 'K', 'D', '3');   // Ack decimation style acking
+                                                 // with 1/8 RTT acks.
+const QuicTag kAKD4 = TAG('A', 'K', 'D', '4');   // Ack decimation with 1/8 RTT
+                                                 // tolerating out of order.
 const QuicTag kSSLR = TAG('S', 'S', 'L', 'R');   // Slow Start Large Reduction.
 const QuicTag k5RTO = TAG('5', 'R', 'T', 'O');   // Close connection on 5 RTOs
 const QuicTag kCTIM = TAG('C', 'T', 'I', 'M');   // Client timestamp in seconds
                                                  // since UNIX epoch.
+const QuicTag kDHDT = TAG('D', 'H', 'D', 'T');   // Disable HPACK dynamic table.
+const QuicTag kIPFS = TAG('I', 'P', 'F', 'S');   // Immediate Forward Secrecy.
 
 // Optional support of truncated Connection IDs.  If sent by a peer, the value
 // is the minimum number of bytes allowed for the connection ID sent to the
@@ -176,6 +185,9 @@ const QuicTag kRSEQ = TAG('R', 'S', 'E', 'Q');   // Rejected packet number
 // Universal tags
 const QuicTag kPAD  = TAG('P', 'A', 'D', '\0');  // Padding
 
+// Server push tags
+const QuicTag kSPSH = TAG('S', 'P', 'S', 'H');  // Support server push.
+
 // Sent by clients with the fix to crbug/566156
 const QuicTag kFIXD = TAG('F', 'I', 'X', 'D');   // Client hello
 // clang-format on
diff --git a/chromium/net/quic/crypto/crypto_secret_boxer.cc b/chromium/net/quic/crypto/crypto_secret_boxer.cc
index 08a431745fd..347333fb0d8 100644
--- a/chromium/net/quic/crypto/crypto_secret_boxer.cc
+++ b/chromium/net/quic/crypto/crypto_secret_boxer.cc
@@ -4,8 +4,9 @@
 
 #include "net/quic/crypto/crypto_secret_boxer.h"
 
+#include <memory>
+
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/quic/crypto/aes_128_gcm_12_decrypter.h"
 #include "net/quic/crypto/aes_128_gcm_12_encrypter.h"
 #include "net/quic/crypto/crypto_protocol.h"
@@ -55,7 +56,7 @@ void CryptoSecretBoxer::SetKeys(const vector<string>& keys) {
 }
 
 string CryptoSecretBoxer::Box(QuicRandom* rand, StringPiece plaintext) const {
-  scoped_ptr<Aes128Gcm12Encrypter> encrypter(new Aes128Gcm12Encrypter());
+  std::unique_ptr<Aes128Gcm12Encrypter> encrypter(new Aes128Gcm12Encrypter());
   {
     base::AutoLock l(lock_);
     DCHECK_EQ(kKeySize, keys_[0].size());
@@ -99,7 +100,7 @@ bool CryptoSecretBoxer::Unbox(StringPiece ciphertext,
   memcpy(&packet_number, nonce.data() + nonce_prefix.size(),
          sizeof(packet_number));
 
-  scoped_ptr<Aes128Gcm12Decrypter> decrypter(new Aes128Gcm12Decrypter());
+  std::unique_ptr<Aes128Gcm12Decrypter> decrypter(new Aes128Gcm12Decrypter());
   char plaintext[kMaxPacketSize];
   size_t plaintext_length = 0;
   bool ok = false;
diff --git a/chromium/net/quic/crypto/crypto_secret_boxer_test.cc b/chromium/net/quic/crypto/crypto_secret_boxer_test.cc
index c73c581c6d4..6d5cad15016 100644
--- a/chromium/net/quic/crypto/crypto_secret_boxer_test.cc
+++ b/chromium/net/quic/crypto/crypto_secret_boxer_test.cc
@@ -4,7 +4,8 @@
 
 #include "net/quic/crypto/crypto_secret_boxer.h"
 
-#include "base/memory/scoped_ptr.h"
+#include <memory>
+
 #include "net/quic/crypto/quic_random.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
diff --git a/chromium/net/quic/crypto/crypto_server_test.cc b/chromium/net/quic/crypto/crypto_server_test.cc
index d2fd4c5cf53..929a6003c3a 100644
--- a/chromium/net/quic/crypto/crypto_server_test.cc
+++ b/chromium/net/quic/crypto/crypto_server_test.cc
@@ -2,6 +2,9 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include <algorithm>
+#include <cstdint>
+#include <memory>
 #include <ostream>
 #include <vector>
 
@@ -22,6 +25,7 @@
 #include "net/quic/test_tools/delayed_verify_strike_register_client.h"
 #include "net/quic/test_tools/mock_clock.h"
 #include "net/quic/test_tools/mock_random.h"
+#include "net/quic/test_tools/quic_crypto_server_config_peer.h"
 #include "net/quic/test_tools/quic_test_utils.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
@@ -43,7 +47,7 @@ class DummyProofVerifierCallback : public ProofVerifierCallback {
 
   void Run(bool ok,
            const std::string& error_details,
-           scoped_ptr<ProofVerifyDetails>* details) override {
+           std::unique_ptr<ProofVerifyDetails>* details) override {
     // Do nothing
   }
 };
@@ -52,19 +56,6 @@ const char kOldConfigId[] = "old-config-id";
 
 }  // namespace
 
-class QuicCryptoServerConfigPeer {
- public:
-  explicit QuicCryptoServerConfigPeer(QuicCryptoServerConfig* server_config)
-      : server_config_(server_config) {}
-
-  base::Lock* GetStrikeRegisterClientLock() {
-    return &server_config_->strike_register_client_lock_;
-  }
-
- private:
-  QuicCryptoServerConfig* server_config_;
-};
-
 // Run tests with both parities of
 // FLAGS_use_early_return_when_verifying_chlo.
 struct TestParams {
@@ -151,10 +142,10 @@ class CryptoServerTest : public ::testing::TestWithParam<TestParams> {
     old_config_options.id = kOldConfigId;
     delete config_.AddDefaultConfig(rand_, &clock_, old_config_options);
     clock_.AdvanceTime(QuicTime::Delta::FromMilliseconds(1000));
-    scoped_ptr<QuicServerConfigProtobuf> primary_config(
+    std::unique_ptr<QuicServerConfigProtobuf> primary_config(
         config_.GenerateConfig(rand_, &clock_, config_options_));
     primary_config->set_primary_time(clock_.WallNow().ToUNIXSeconds());
-    scoped_ptr<CryptoHandshakeMessage> msg(
+    std::unique_ptr<CryptoHandshakeMessage> msg(
         config_.AddConfig(primary_config.get(), clock_.WallNow()));
 
     StringPiece orbit;
@@ -165,9 +156,8 @@ class CryptoServerTest : public ::testing::TestWithParam<TestParams> {
     char public_value[32];
     memset(public_value, 42, sizeof(public_value));
 
-    const string nonce_str = GenerateNonce();
-    nonce_hex_ = "#" + base::HexEncode(nonce_str.data(), nonce_str.size());
-    pub_hex_ = "#" + base::HexEncode(public_value, sizeof(public_value));
+    nonce_hex_ = "#" + QuicUtils::HexEncode(GenerateNonce());
+    pub_hex_ = "#" + QuicUtils::HexEncode(public_value, sizeof(public_value));
 
     // clang-format off
     CryptoHandshakeMessage client_hello = CryptoTestUtils::Message(
@@ -192,7 +182,7 @@ class CryptoServerTest : public ::testing::TestWithParam<TestParams> {
 
     StringPiece srct;
     ASSERT_TRUE(out_.GetStringPiece(kSourceAddressTokenTag, &srct));
-    srct_hex_ = "#" + base::HexEncode(srct.data(), srct.size());
+    srct_hex_ = "#" + QuicUtils::HexEncode(srct);
 
     StringPiece scfg;
     ASSERT_TRUE(out_.GetStringPiece(kSCFG, &scfg));
@@ -200,7 +190,8 @@ class CryptoServerTest : public ::testing::TestWithParam<TestParams> {
 
     StringPiece scid;
     ASSERT_TRUE(server_config_->GetStringPiece(kSCID, &scid));
-    scid_hex_ = "#" + base::HexEncode(scid.data(), scid.size());
+    scid_hex_ = "#" + QuicUtils::HexEncode(scid);
+
     crypto_proof_ = QuicCryptoProof();
     DCHECK(crypto_proof_.chain.get() == nullptr);
   }
@@ -293,6 +284,7 @@ class CryptoServerTest : public ::testing::TestWithParam<TestParams> {
                                bool should_succeed,
                                const char* error_substr) {
     IPAddress server_ip;
+    DiversificationNonce diversification_nonce;
     string error_details;
     QuicConnectionId server_designated_connection_id =
         rand_for_id_generation_.RandUint64();
@@ -301,7 +293,7 @@ class CryptoServerTest : public ::testing::TestWithParam<TestParams> {
         supported_versions_.front(), supported_versions_,
         use_stateless_rejects_, server_designated_connection_id, &clock_, rand_,
         &compressed_certs_cache_, &params_, &crypto_proof_, &out_,
-        &error_details);
+        &diversification_nonce, &error_details);
 
     if (should_succeed) {
       ASSERT_EQ(error, QUIC_NO_ERROR) << "Message failed with error "
@@ -330,7 +322,7 @@ class CryptoServerTest : public ::testing::TestWithParam<TestParams> {
       size_t expected_count) {
     const uint32_t* reject_reasons;
     size_t num_reject_reasons;
-    static_assert(sizeof(QuicTag) == sizeof(uint32_t), "header_out_of_sync");
+    static_assert(sizeof(QuicTag) == sizeof(uint32_t), "header out of sync");
     QuicErrorCode error_code =
         out_.GetTaglist(kRREJ, &reject_reasons, &num_reject_reasons);
     ASSERT_EQ(QUIC_NO_ERROR, error_code);
@@ -380,7 +372,7 @@ class CryptoServerTest : public ::testing::TestWithParam<TestParams> {
     IPAddress server_ip;
     string sig;
     string cert_sct;
-    scoped_ptr<ProofSource> proof_source(
+    std::unique_ptr<ProofSource> proof_source(
         CryptoTestUtils::ProofSourceForTesting());
     if (!proof_source->GetProof(server_ip, "", "", client_version_, "", false,
                                 &chain, &sig, &cert_sct) ||
@@ -391,8 +383,8 @@ class CryptoServerTest : public ::testing::TestWithParam<TestParams> {
     std::ostringstream xlct_stream;
     uint64_t xlct = QuicUtils::FNV1a_64_Hash(chain->certs.at(0).c_str(),
                                              chain->certs.at(0).length());
-
-    return "#" + base::HexEncode(reinterpret_cast<char*>(&xlct), sizeof(xlct));
+    return "#" +
+           QuicUtils::HexEncode(reinterpret_cast<char*>(&xlct), sizeof(xlct));
   }
 
  protected:
@@ -415,7 +407,7 @@ class CryptoServerTest : public ::testing::TestWithParam<TestParams> {
   // These strings contain hex escaped values from the server suitable for using
   // when constructing client hello messages.
   string nonce_hex_, pub_hex_, srct_hex_, scid_hex_;
-  scoped_ptr<CryptoHandshakeMessage> server_config_;
+  std::unique_ptr<CryptoHandshakeMessage> server_config_;
 };
 
 // Run all CryptoServerTest with both values of
@@ -814,10 +806,17 @@ TEST_P(CryptoServerTest, NoServerNonce) {
 
   ShouldSucceed(msg);
 
-  CheckRejectTag();
-  const HandshakeFailureReason kRejectReasons[] = {
-      SERVER_NONCE_REQUIRED_FAILURE};
-  CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons));
+  if (client_version_ <= QUIC_VERSION_32) {
+    CheckRejectTag();
+    const HandshakeFailureReason kRejectReasons[] = {
+        SERVER_NONCE_REQUIRED_FAILURE};
+    CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons));
+  } else {
+    // Even without a server nonce, this ClientHello should be accepted in
+    // version 33.
+    ASSERT_EQ(kSHLO, out_.tag());
+    CheckServerHello(out_);
+  }
 }
 
 TEST_P(CryptoServerTest, ProofForSuppliedServerConfig) {
@@ -849,7 +848,8 @@ TEST_P(CryptoServerTest, ProofForSuppliedServerConfig) {
   EXPECT_TRUE(out_.GetStringPiece(kCertificateTag, &cert));
   EXPECT_TRUE(out_.GetStringPiece(kPROF, &proof));
   EXPECT_TRUE(out_.GetStringPiece(kSCFG, &scfg_str));
-  scoped_ptr<CryptoHandshakeMessage> scfg(CryptoFramer::ParseMessage(scfg_str));
+  std::unique_ptr<CryptoHandshakeMessage> scfg(
+      CryptoFramer::ParseMessage(scfg_str));
   StringPiece scid;
   EXPECT_TRUE(scfg->GetStringPiece(kSCID, &scid));
   EXPECT_NE(scid, kOldConfigId);
@@ -863,11 +863,11 @@ TEST_P(CryptoServerTest, ProofForSuppliedServerConfig) {
                                               common_cert_sets, &certs));
 
   // Check that the proof in the REJ message is valid.
-  scoped_ptr<ProofVerifier> proof_verifier(
+  std::unique_ptr<ProofVerifier> proof_verifier(
       CryptoTestUtils::ProofVerifierForTesting());
-  scoped_ptr<ProofVerifyContext> verify_context(
+  std::unique_ptr<ProofVerifyContext> verify_context(
       CryptoTestUtils::ProofVerifyContextForTesting());
-  scoped_ptr<ProofVerifyDetails> details;
+  std::unique_ptr<ProofVerifyDetails> details;
   string error_details;
   DummyProofVerifierCallback callback;
   string chlo_hash;
@@ -981,9 +981,9 @@ TEST(CryptoServerConfigGenerationTest, Determinism) {
                            CryptoTestUtils::ProofSourceForTesting());
   QuicCryptoServerConfig b(QuicCryptoServerConfig::TESTING, &rand_b,
                            CryptoTestUtils::ProofSourceForTesting());
-  scoped_ptr<CryptoHandshakeMessage> scfg_a(
+  std::unique_ptr<CryptoHandshakeMessage> scfg_a(
       a.AddDefaultConfig(&rand_a, &clock, options));
-  scoped_ptr<CryptoHandshakeMessage> scfg_b(
+  std::unique_ptr<CryptoHandshakeMessage> scfg_b(
       b.AddDefaultConfig(&rand_b, &clock, options));
 
   ASSERT_EQ(scfg_a->DebugString(), scfg_b->DebugString());
@@ -1002,9 +1002,9 @@ TEST(CryptoServerConfigGenerationTest, SCIDVaries) {
   rand_b.ChangeValue();
   QuicCryptoServerConfig b(QuicCryptoServerConfig::TESTING, &rand_b,
                            CryptoTestUtils::ProofSourceForTesting());
-  scoped_ptr<CryptoHandshakeMessage> scfg_a(
+  std::unique_ptr<CryptoHandshakeMessage> scfg_a(
       a.AddDefaultConfig(&rand_a, &clock, options));
-  scoped_ptr<CryptoHandshakeMessage> scfg_b(
+  std::unique_ptr<CryptoHandshakeMessage> scfg_b(
       b.AddDefaultConfig(&rand_b, &clock, options));
 
   StringPiece scid_a, scid_b;
@@ -1021,7 +1021,7 @@ TEST(CryptoServerConfigGenerationTest, SCIDIsHashOfServerConfig) {
 
   QuicCryptoServerConfig a(QuicCryptoServerConfig::TESTING, &rand_a,
                            CryptoTestUtils::ProofSourceForTesting());
-  scoped_ptr<CryptoHandshakeMessage> scfg(
+  std::unique_ptr<CryptoHandshakeMessage> scfg(
       a.AddDefaultConfig(&rand_a, &clock, options));
 
   StringPiece scid;
@@ -1033,7 +1033,7 @@ TEST(CryptoServerConfigGenerationTest, SCIDIsHashOfServerConfig) {
   scfg->MarkDirty();
   const QuicData& serialized(scfg->GetSerialized());
 
-  scoped_ptr<crypto::SecureHash> hash(
+  std::unique_ptr<crypto::SecureHash> hash(
       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   hash->Update(serialized.data(), serialized.length());
   uint8_t digest[16];
diff --git a/chromium/net/quic/crypto/crypto_utils.cc b/chromium/net/quic/crypto/crypto_utils.cc
index 2b22acd9930..6ec4e5e8aae 100644
--- a/chromium/net/quic/crypto/crypto_utils.cc
+++ b/chromium/net/quic/crypto/crypto_utils.cc
@@ -4,6 +4,8 @@
 
 #include "net/quic/crypto/crypto_utils.h"
 
+#include <memory>
+
 #include "crypto/hkdf.h"
 #include "crypto/secure_hash.h"
 #include "net/base/url_util.h"
@@ -12,6 +14,7 @@
 #include "net/quic/crypto/quic_decrypter.h"
 #include "net/quic/crypto/quic_encrypter.h"
 #include "net/quic/crypto/quic_random.h"
+#include "net/quic/quic_bug_tracker.h"
 #include "net/quic/quic_time.h"
 #include "net/quic/quic_utils.h"
 #include "url/url_canon.h"
@@ -88,6 +91,7 @@ bool CryptoUtils::DeriveKeys(StringPiece premaster_secret,
                              StringPiece server_nonce,
                              const string& hkdf_input,
                              Perspective perspective,
+                             Diversification diversification,
                              CrypterPair* crypters,
                              string* subkey_secret) {
   crypters->encrypter.reset(QuicEncrypter::Create(aead));
@@ -106,21 +110,67 @@ bool CryptoUtils::DeriveKeys(StringPiece premaster_secret,
 
   crypto::HKDF hkdf(premaster_secret, nonce, hkdf_input, key_bytes,
                     nonce_prefix_bytes, subkey_secret_bytes);
-  if (perspective == Perspective::IS_SERVER) {
-    if (!crypters->encrypter->SetKey(hkdf.server_write_key()) ||
-        !crypters->encrypter->SetNoncePrefix(hkdf.server_write_iv()) ||
-        !crypters->decrypter->SetKey(hkdf.client_write_key()) ||
-        !crypters->decrypter->SetNoncePrefix(hkdf.client_write_iv())) {
-      return false;
+
+  // Key derivation depends on the key diversification method being employed.
+  // both the client and the server support never doing key diversification.
+  // The server also supports immediate diversification, and the client
+  // supports pending diversification.
+  switch (diversification.mode()) {
+    case Diversification::NEVER: {
+      if (perspective == Perspective::IS_SERVER) {
+        if (!crypters->encrypter->SetKey(hkdf.server_write_key()) ||
+            !crypters->encrypter->SetNoncePrefix(hkdf.server_write_iv()) ||
+            !crypters->decrypter->SetKey(hkdf.client_write_key()) ||
+            !crypters->decrypter->SetNoncePrefix(hkdf.client_write_iv())) {
+          return false;
+        }
+      } else {
+        if (!crypters->encrypter->SetKey(hkdf.client_write_key()) ||
+            !crypters->encrypter->SetNoncePrefix(hkdf.client_write_iv()) ||
+            !crypters->decrypter->SetKey(hkdf.server_write_key()) ||
+            !crypters->decrypter->SetNoncePrefix(hkdf.server_write_iv())) {
+          return false;
+        }
+      }
+      break;
     }
-  } else {
-    if (!crypters->encrypter->SetKey(hkdf.client_write_key()) ||
-        !crypters->encrypter->SetNoncePrefix(hkdf.client_write_iv()) ||
-        !crypters->decrypter->SetKey(hkdf.server_write_key()) ||
-        !crypters->decrypter->SetNoncePrefix(hkdf.server_write_iv())) {
-      return false;
+    case Diversification::PENDING: {
+      if (perspective == Perspective::IS_SERVER) {
+        QUIC_BUG << "Pending diversification is only for clients.";
+        return false;
+      }
+
+      if (!crypters->encrypter->SetKey(hkdf.client_write_key()) ||
+          !crypters->encrypter->SetNoncePrefix(hkdf.client_write_iv()) ||
+          !crypters->decrypter->SetPreliminaryKey(hkdf.server_write_key()) ||
+          !crypters->decrypter->SetNoncePrefix(hkdf.server_write_iv())) {
+        return false;
+      }
+      break;
+    }
+    case Diversification::NOW: {
+      if (perspective == Perspective::IS_CLIENT) {
+        QUIC_BUG << "Immediate diversification is only for servers.";
+        return false;
+      }
+
+      string key, nonce_prefix;
+      QuicDecrypter::DiversifyPreliminaryKey(
+          hkdf.server_write_key(), hkdf.server_write_iv(),
+          *diversification.nonce(), key_bytes, nonce_prefix_bytes, &key,
+          &nonce_prefix);
+      if (!crypters->decrypter->SetKey(hkdf.client_write_key()) ||
+          !crypters->decrypter->SetNoncePrefix(hkdf.client_write_iv()) ||
+          !crypters->encrypter->SetKey(key) ||
+          !crypters->encrypter->SetNoncePrefix(nonce_prefix)) {
+        return false;
+      }
+      break;
     }
+    default:
+      DCHECK(false);
   }
+
   if (subkey_secret != nullptr) {
     hkdf.subkey_secret().CopyToString(subkey_secret);
   }
@@ -279,7 +329,7 @@ const char* CryptoUtils::HandshakeFailureReasonToString(
 void CryptoUtils::HashHandshakeMessage(const CryptoHandshakeMessage& message,
                                        string* output) {
   const QuicData& serialized = message.GetSerialized();
-  scoped_ptr<crypto::SecureHash> hash(
+  std::unique_ptr<crypto::SecureHash> hash(
       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   hash->Update(serialized.data(), serialized.length());
   uint8_t digest[32];
diff --git a/chromium/net/quic/crypto/crypto_utils.h b/chromium/net/quic/crypto/crypto_utils.h
index f51123bb3e7..ddbff57ea57 100644
--- a/chromium/net/quic/crypto/crypto_utils.h
+++ b/chromium/net/quic/crypto/crypto_utils.h
@@ -29,6 +29,48 @@ struct QuicCryptoNegotiatedParameters;
 
 class NET_EXPORT_PRIVATE CryptoUtils {
  public:
+  // Diversification is a utility class that's used to act like a union type.
+  // Values can be created by calling the functions like |NoDiversification|,
+  // below.
+  class Diversification {
+   public:
+    enum Mode {
+      NEVER,  // Key diversification will never be used. Forward secure
+              // crypters will always use this mode.
+
+      PENDING,  // Key diversification will happen when a nonce is later
+                // received. This should only be used by clients initial
+                // decrypters which are waiting on the divesification nonce
+                // from the server.
+
+      NOW,  // Key diversification will happen immediate based on the nonce.
+            // This should only be used by servers initial encrypters.
+    };
+
+    Diversification(const Diversification& diversification) = default;
+
+    static Diversification Never() { return Diversification(NEVER, nullptr); }
+    static Diversification Pending() {
+      return Diversification(PENDING, nullptr);
+    }
+    static Diversification Now(DiversificationNonce* nonce) {
+      return Diversification(NOW, nonce);
+    }
+
+    Mode mode() const { return mode_; }
+    DiversificationNonce* nonce() const {
+      DCHECK_EQ(mode_, NOW);
+      return nonce_;
+    }
+
+   private:
+    Diversification(Mode mode, DiversificationNonce* nonce)
+        : mode_(mode), nonce_(nonce) {}
+
+    Mode mode_;
+    DiversificationNonce* nonce_;
+  };
+
   // Generates the connection nonce. The nonce is formed as:
   //   <4 bytes> current time
   //   <8 bytes> |orbit| (or random if |orbit| is empty)
@@ -56,12 +98,22 @@ class NET_EXPORT_PRIVATE CryptoUtils {
   // server's keys are assigned to |encrypter| or |decrypter|. |server_nonce| is
   // optional and, if non-empty, is mixed into the key derivation.
   // |subkey_secret| will have the same length as |premaster_secret|.
+  //
+  // If the mode of |diversification| is NEVER, the the crypters will be
+  // configured to never perform key diversification. If the mode is
+  // NOW (which is only for servers, then the encrypter will be keyed via a
+  // two-step process that uses the nonce from |diversification|.
+  // If the mode is PENDING (which is only for servres), then the
+  // decrypter will only be keyed to a preliminary state: a call to
+  // |SetDiversificationNonce| with a diversification nonce will be needed to
+  // complete keying.
   static bool DeriveKeys(base::StringPiece premaster_secret,
                          QuicTag aead,
                          base::StringPiece client_nonce,
                          base::StringPiece server_nonce,
                          const std::string& hkdf_input,
                          Perspective perspective,
+                         Diversification diversification,
                          CrypterPair* crypters,
                          std::string* subkey_secret);
 
diff --git a/chromium/net/quic/crypto/crypto_utils_test.cc b/chromium/net/quic/crypto/crypto_utils_test.cc
index c8be70022b3..2fadf83b992 100644
--- a/chromium/net/quic/crypto/crypto_utils_test.cc
+++ b/chromium/net/quic/crypto/crypto_utils_test.cc
@@ -54,8 +54,9 @@ TEST(CryptoUtilsTest, NormalizeHostname) {
   };
 
   for (size_t i = 0; i < arraysize(tests); ++i) {
-    EXPECT_EQ(std::string(tests[i].expected),
-              CryptoUtils::NormalizeHostname(tests[i].input));
+    char buf[256];
+    snprintf(buf, sizeof(buf), "%s", tests[i].input);
+    EXPECT_EQ(string(tests[i].expected), CryptoUtils::NormalizeHostname(buf));
   }
 }
 
@@ -92,17 +93,14 @@ TEST(CryptoUtilsTest, TestExportKeyingMaterial) {
 
   for (size_t i = 0; i < arraysize(test_vector); i++) {
     // Decode the test vector.
-    string subkey_secret;
-    string label;
-    string context;
-    ASSERT_TRUE(DecodeHexString(test_vector[i].subkey_secret, &subkey_secret));
-    ASSERT_TRUE(DecodeHexString(test_vector[i].label, &label));
-    ASSERT_TRUE(DecodeHexString(test_vector[i].context, &context));
+    string subkey_secret = QuicUtils::HexDecode(test_vector[i].subkey_secret);
+    string label = QuicUtils::HexDecode(test_vector[i].label);
+    string context = QuicUtils::HexDecode(test_vector[i].context);
     size_t result_len = test_vector[i].result_len;
     bool expect_ok = test_vector[i].expected != nullptr;
     string expected;
     if (expect_ok) {
-      ASSERT_TRUE(DecodeHexString(test_vector[i].expected, &expected));
+      expected = QuicUtils::HexDecode(test_vector[i].expected);
     }
 
     string result;
diff --git a/chromium/net/quic/crypto/curve25519_key_exchange_test.cc b/chromium/net/quic/crypto/curve25519_key_exchange_test.cc
index 93ef63010bd..6c87d243f74 100644
--- a/chromium/net/quic/crypto/curve25519_key_exchange_test.cc
+++ b/chromium/net/quic/crypto/curve25519_key_exchange_test.cc
@@ -4,7 +4,8 @@
 
 #include "net/quic/crypto/curve25519_key_exchange.h"
 
-#include "base/memory/scoped_ptr.h"
+#include <memory>
+
 #include "base/strings/string_piece.h"
 #include "net/quic/crypto/quic_random.h"
 #include "testing/gtest/include/gtest/gtest.h"
@@ -24,9 +25,10 @@ TEST(Curve25519KeyExchange, SharedKey) {
     const string alice_key(Curve25519KeyExchange::NewPrivateKey(rand));
     const string bob_key(Curve25519KeyExchange::NewPrivateKey(rand));
 
-    scoped_ptr<Curve25519KeyExchange> alice(
+    std::unique_ptr<Curve25519KeyExchange> alice(
         Curve25519KeyExchange::New(alice_key));
-    scoped_ptr<Curve25519KeyExchange> bob(Curve25519KeyExchange::New(bob_key));
+    std::unique_ptr<Curve25519KeyExchange> bob(
+        Curve25519KeyExchange::New(bob_key));
 
     const StringPiece alice_public(alice->public_value());
     const StringPiece bob_public(bob->public_value());
diff --git a/chromium/net/quic/crypto/local_strike_register_client_test.cc b/chromium/net/quic/crypto/local_strike_register_client_test.cc
index 74bf095fb04..d72dcb1d8d3 100644
--- a/chromium/net/quic/crypto/local_strike_register_client_test.cc
+++ b/chromium/net/quic/crypto/local_strike_register_client_test.cc
@@ -7,7 +7,6 @@
 #include <memory>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_piece.h"
 #include "base/sys_byteorder.h"
 #include "net/quic/crypto/crypto_protocol.h"
@@ -66,7 +65,7 @@ class LocalStrikeRegisterClientTest : public ::testing::Test {
         StrikeRegister::NO_STARTUP_PERIOD_NEEDED));
   }
 
-  scoped_ptr<LocalStrikeRegisterClient> strike_register_;
+  std::unique_ptr<LocalStrikeRegisterClient> strike_register_;
 };
 
 TEST_F(LocalStrikeRegisterClientTest, CheckOrbit) {
diff --git a/chromium/net/quic/crypto/null_decrypter.cc b/chromium/net/quic/crypto/null_decrypter.cc
index 43adb67958b..b0bf4d34f9c 100644
--- a/chromium/net/quic/crypto/null_decrypter.cc
+++ b/chromium/net/quic/crypto/null_decrypter.cc
@@ -25,6 +25,16 @@ bool NullDecrypter::SetNoncePrefix(StringPiece nonce_prefix) {
   return nonce_prefix.empty();
 }
 
+bool NullDecrypter::SetPreliminaryKey(StringPiece key) {
+  QUIC_BUG << "Should not be called";
+  return false;
+}
+
+bool NullDecrypter::SetDiversificationNonce(DiversificationNonce nonce) {
+  QUIC_BUG << "Should not be called";
+  return true;
+}
+
 bool NullDecrypter::DecryptPacket(QuicPathId /*path_id*/,
                                   QuicPacketNumber /*packet_number*/,
                                   StringPiece associated_data,
diff --git a/chromium/net/quic/crypto/null_decrypter.h b/chromium/net/quic/crypto/null_decrypter.h
index e5e15b2c913..ecbfd4b14e6 100644
--- a/chromium/net/quic/crypto/null_decrypter.h
+++ b/chromium/net/quic/crypto/null_decrypter.h
@@ -28,6 +28,8 @@ class NET_EXPORT_PRIVATE NullDecrypter : public QuicDecrypter {
   // QuicDecrypter implementation
   bool SetKey(base::StringPiece key) override;
   bool SetNoncePrefix(base::StringPiece nonce_prefix) override;
+  bool SetPreliminaryKey(base::StringPiece key) override;
+  bool SetDiversificationNonce(DiversificationNonce nonce) override;
   bool DecryptPacket(QuicPathId path_id,
                      QuicPacketNumber packet_number,
                      base::StringPiece associated_data,
diff --git a/chromium/net/quic/crypto/p256_key_exchange_openssl.cc b/chromium/net/quic/crypto/p256_key_exchange.cc
index 9703a2e9f64..47e68ba5705 100644
--- a/chromium/net/quic/crypto/p256_key_exchange_openssl.cc
+++ b/chromium/net/quic/crypto/p256_key_exchange.cc
@@ -62,7 +62,7 @@ string P256KeyExchange::NewPrivateKey() {
     DVLOG(1) << "Can't convert private key to string";
     return string();
   }
-  scoped_ptr<uint8_t[]> private_key(new uint8_t[key_len]);
+  std::unique_ptr<uint8_t[]> private_key(new uint8_t[key_len]);
   uint8_t* keyp = private_key.get();
   if (!i2d_ECPrivateKey(key.get(), &keyp)) {
     DVLOG(1) << "Can't convert private key to string.";
diff --git a/chromium/net/quic/crypto/p256_key_exchange.h b/chromium/net/quic/crypto/p256_key_exchange.h
index 197adfe557c..db3e404e683 100644
--- a/chromium/net/quic/crypto/p256_key_exchange.h
+++ b/chromium/net/quic/crypto/p256_key_exchange.h
@@ -7,21 +7,16 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_piece.h"
+#include "crypto/openssl_util.h"
+#include "crypto/scoped_openssl_types.h"
 #include "net/base/net_export.h"
 #include "net/quic/crypto/key_exchange.h"
 
-#if defined(USE_OPENSSL)
-#include "crypto/openssl_util.h"
-#include "crypto/scoped_openssl_types.h"
-#else
-#include "crypto/ec_private_key.h"
-#include "crypto/scoped_nss_types.h"
-#endif
 
 namespace net {
 
@@ -59,19 +54,11 @@ class NET_EXPORT_PRIVATE P256KeyExchange : public KeyExchange {
     kUncompressedECPointForm = 0x04,
   };
 
-#if defined(USE_OPENSSL)
   // P256KeyExchange takes ownership of |private_key|, and expects
   // |public_key| consists of |kUncompressedP256PointBytes| bytes.
   P256KeyExchange(EC_KEY* private_key, const uint8_t* public_key);
 
   crypto::ScopedEC_KEY private_key_;
-#else
-  // P256KeyExchange takes ownership of |key_pair|, and expects
-  // |public_key| consists of |kUncompressedP256PointBytes| bytes.
-  P256KeyExchange(crypto::ECPrivateKey* key_pair, const uint8_t* public_key);
-
-  scoped_ptr<crypto::ECPrivateKey> key_pair_;
-#endif
   // The public key stored as an uncompressed P-256 point.
   uint8_t public_key_[kUncompressedP256PointBytes];
 
diff --git a/chromium/net/quic/crypto/p256_key_exchange_nss.cc b/chromium/net/quic/crypto/p256_key_exchange_nss.cc
deleted file mode 100644
index c5529ab5821..00000000000
--- a/chromium/net/quic/crypto/p256_key_exchange_nss.cc
+++ /dev/null
@@ -1,224 +0,0 @@
-// Copyright (c) 2013 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "net/quic/crypto/p256_key_exchange.h"
-
-#include "base/logging.h"
-#include "base/numerics/safe_conversions.h"
-#include "base/sys_byteorder.h"
-
-using base::StringPiece;
-using std::string;
-using std::vector;
-
-namespace net {
-
-namespace {
-
-// Password used by |NewPrivateKey| to encrypt exported EC private keys.
-// This is not used to provide any security, but to workaround NSS being
-// unwilling to export unencrypted EC keys. Note that SPDY and ChannelID
-// use the same approach.
-const char kExportPassword[] = "";
-
-// Convert StringPiece to vector of uint8_t.
-static vector<uint8_t> StringPieceToVector(StringPiece piece) {
-  return vector<uint8_t>(piece.data(), piece.data() + piece.length());
-}
-
-}  // namespace
-
-P256KeyExchange::P256KeyExchange(crypto::ECPrivateKey* key_pair,
-                                 const uint8_t* public_key)
-    : key_pair_(key_pair) {
-  memcpy(public_key_, public_key, sizeof(public_key_));
-}
-
-P256KeyExchange::~P256KeyExchange() {}
-
-// static
-P256KeyExchange* P256KeyExchange::New(StringPiece key) {
-  if (key.size() < 2) {
-    DVLOG(1) << "Key pair is too small.";
-    return nullptr;
-  }
-
-  const uint8_t* data = reinterpret_cast<const uint8_t*>(key.data());
-  size_t size =
-      static_cast<size_t>(data[0]) | (static_cast<size_t>(data[1]) << 8);
-  key.remove_prefix(2);
-  if (key.size() < size) {
-    DVLOG(1) << "Key pair does not contain key material.";
-    return nullptr;
-  }
-
-  StringPiece private_piece(key.data(), size);
-  key.remove_prefix(size);
-  if (key.empty()) {
-    DVLOG(1) << "Key pair does not contain public key.";
-    return nullptr;
-  }
-
-  StringPiece public_piece(key);
-
-  scoped_ptr<crypto::ECPrivateKey> key_pair(
-      crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo(
-          kExportPassword,
-          // TODO(thaidn): fix this interface to avoid copying secrets.
-          StringPieceToVector(private_piece),
-          StringPieceToVector(public_piece)));
-
-  if (!key_pair.get()) {
-    DVLOG(1) << "Can't decrypt private key.";
-    return nullptr;
-  }
-
-  // Perform some sanity checks on the public key.
-  SECKEYPublicKey* public_key = key_pair->public_key();
-  if (public_key->keyType != ecKey ||
-      public_key->u.ec.publicValue.len != kUncompressedP256PointBytes ||
-      !public_key->u.ec.publicValue.data ||
-      public_key->u.ec.publicValue.data[0] != kUncompressedECPointForm) {
-    DVLOG(1) << "Key is invalid.";
-    return nullptr;
-  }
-
-  // Ensure that the key is using the correct curve, i.e., NIST P-256.
-  const SECOidData* oid_data = SECOID_FindOIDByTag(SEC_OID_SECG_EC_SECP256R1);
-  if (!oid_data) {
-    DVLOG(1) << "Can't get P-256's OID.";
-    return nullptr;
-  }
-
-  if (public_key->u.ec.DEREncodedParams.len != oid_data->oid.len + 2 ||
-      !public_key->u.ec.DEREncodedParams.data ||
-      public_key->u.ec.DEREncodedParams.data[0] != SEC_ASN1_OBJECT_ID ||
-      public_key->u.ec.DEREncodedParams.data[1] != oid_data->oid.len ||
-      memcmp(public_key->u.ec.DEREncodedParams.data + 2, oid_data->oid.data,
-             oid_data->oid.len) != 0) {
-    DVLOG(1) << "Key is invalid.";
-  }
-
-  return new P256KeyExchange(key_pair.release(),
-                             public_key->u.ec.publicValue.data);
-}
-
-// static
-string P256KeyExchange::NewPrivateKey() {
-  scoped_ptr<crypto::ECPrivateKey> key_pair(crypto::ECPrivateKey::Create());
-
-  if (!key_pair.get()) {
-    DVLOG(1) << "Can't generate new key pair.";
-    return string();
-  }
-
-  vector<uint8_t> private_key;
-  if (!key_pair->ExportEncryptedPrivateKey(kExportPassword, 1 /* iteration */,
-                                           &private_key)) {
-    DVLOG(1) << "Can't export private key.";
-    return string();
-  }
-
-  // NSS lacks the ability to import an ECC private key without
-  // also importing the public key, so it is necessary to also
-  // store the public key.
-  vector<uint8_t> public_key;
-  if (!key_pair->ExportPublicKey(&public_key)) {
-    DVLOG(1) << "Can't export public key.";
-    return string();
-  }
-
-  // TODO(thaidn): determine how large encrypted private key can be
-  uint16_t private_key_size = base::checked_cast<uint16_t>(private_key.size());
-  const size_t result_size =
-      sizeof(private_key_size) + private_key_size + public_key.size();
-  vector<char> result(result_size);
-  char* resultp = &result[0];
-  // Export the key string.
-  // The first two bytes are the private key's size in little endian.
-  private_key_size = base::ByteSwapToLE16(private_key_size);
-  memcpy(resultp, &private_key_size, sizeof(private_key_size));
-  resultp += sizeof(private_key_size);
-  memcpy(resultp, &private_key[0], private_key.size());
-  resultp += private_key.size();
-  memcpy(resultp, &public_key[0], public_key.size());
-
-  return string(&result[0], result_size);
-}
-
-KeyExchange* P256KeyExchange::NewKeyPair(QuicRandom* /*rand*/) const {
-  // TODO(agl): avoid the serialisation/deserialisation in this function.
-  const string private_value = NewPrivateKey();
-  return P256KeyExchange::New(private_value);
-}
-
-bool P256KeyExchange::CalculateSharedKey(StringPiece peer_public_value,
-                                         string* out_result) const {
-  if (peer_public_value.size() != kUncompressedP256PointBytes ||
-      peer_public_value[0] != kUncompressedECPointForm) {
-    DVLOG(1) << "Peer public value is invalid.";
-    return false;
-  }
-
-  DCHECK(key_pair_.get());
-  DCHECK(key_pair_->public_key());
-
-  SECKEYPublicKey peer_public_key;
-  memset(&peer_public_key, 0, sizeof(peer_public_key));
-
-  peer_public_key.keyType = ecKey;
-  // Both sides of a ECDH key exchange need to use the same EC params.
-  peer_public_key.u.ec.DEREncodedParams.len =
-      key_pair_->public_key()->u.ec.DEREncodedParams.len;
-  peer_public_key.u.ec.DEREncodedParams.data =
-      key_pair_->public_key()->u.ec.DEREncodedParams.data;
-
-  peer_public_key.u.ec.publicValue.type = siBuffer;
-  peer_public_key.u.ec.publicValue.data =
-      reinterpret_cast<uint8_t*>(const_cast<char*>(peer_public_value.data()));
-  peer_public_key.u.ec.publicValue.len = peer_public_value.size();
-
-  // The NSS function performing ECDH key exchange is PK11_PubDeriveWithKDF.
-  // As this function is used for SSL/TLS's ECDH key exchanges it has many
-  // arguments, most of which are not required in QUIC.
-  // Key derivation function CKD_NULL is used because the return value of
-  // |CalculateSharedKey| is the actual ECDH shared key, not any derived keys
-  // from it.
-  crypto::ScopedPK11SymKey premaster_secret(
-      PK11_PubDeriveWithKDF(key_pair_->key(), &peer_public_key, PR_FALSE,
-                            nullptr, nullptr, CKM_ECDH1_DERIVE, /* mechanism */
-                            CKM_GENERIC_SECRET_KEY_GEN,         /* target */
-                            CKA_DERIVE, 0, CKD_NULL,            /* kdf */
-                            nullptr, nullptr));
-
-  if (!premaster_secret.get()) {
-    DVLOG(1) << "Can't derive ECDH shared key.";
-    return false;
-  }
-
-  if (PK11_ExtractKeyValue(premaster_secret.get()) != SECSuccess) {
-    DVLOG(1) << "Can't extract raw ECDH shared key.";
-    return false;
-  }
-
-  SECItem* key_data = PK11_GetKeyData(premaster_secret.get());
-  if (!key_data || !key_data->data || key_data->len != kP256FieldBytes) {
-    DVLOG(1) << "ECDH shared key is invalid.";
-    return false;
-  }
-
-  out_result->assign(reinterpret_cast<char*>(key_data->data), key_data->len);
-  return true;
-}
-
-StringPiece P256KeyExchange::public_value() const {
-  return StringPiece(reinterpret_cast<const char*>(public_key_),
-                     sizeof(public_key_));
-}
-
-QuicTag P256KeyExchange::tag() const {
-  return kP256;
-}
-
-}  // namespace net
diff --git a/chromium/net/quic/crypto/p256_key_exchange_test.cc b/chromium/net/quic/crypto/p256_key_exchange_test.cc
index 4052c2dae2b..4972480bb5c 100644
--- a/chromium/net/quic/crypto/p256_key_exchange_test.cc
+++ b/chromium/net/quic/crypto/p256_key_exchange_test.cc
@@ -4,6 +4,8 @@
 
 #include "net/quic/crypto/p256_key_exchange.h"
 
+#include <memory>
+
 #include "base/logging.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
@@ -23,8 +25,8 @@ TEST(P256KeyExchange, SharedKey) {
     ASSERT_FALSE(bob_private.empty());
     ASSERT_NE(alice_private, bob_private);
 
-    scoped_ptr<P256KeyExchange> alice(P256KeyExchange::New(alice_private));
-    scoped_ptr<P256KeyExchange> bob(P256KeyExchange::New(bob_private));
+    std::unique_ptr<P256KeyExchange> alice(P256KeyExchange::New(alice_private));
+    std::unique_ptr<P256KeyExchange> bob(P256KeyExchange::New(bob_private));
 
     ASSERT_TRUE(alice.get() != nullptr);
     ASSERT_TRUE(bob.get() != nullptr);
diff --git a/chromium/net/quic/crypto/proof_source_chromium_openssl.cc b/chromium/net/quic/crypto/proof_source_chromium.cc
index b03c05d5c49..b03c05d5c49 100644
--- a/chromium/net/quic/crypto/proof_source_chromium_openssl.cc
+++ b/chromium/net/quic/crypto/proof_source_chromium.cc
diff --git a/chromium/net/quic/crypto/proof_source_chromium.h b/chromium/net/quic/crypto/proof_source_chromium.h
index 70b8ea18ccb..f84746ee0cf 100644
--- a/chromium/net/quic/crypto/proof_source_chromium.h
+++ b/chromium/net/quic/crypto/proof_source_chromium.h
@@ -44,7 +44,7 @@ class NET_EXPORT_PRIVATE ProofSourceChromium : public ProofSource {
                 std::string* out_leaf_cert_sct) override;
 
  private:
-  scoped_ptr<crypto::RSAPrivateKey> private_key_;
+  std::unique_ptr<crypto::RSAPrivateKey> private_key_;
   scoped_refptr<ProofSource::Chain> chain_;
   std::string signed_certificate_timestamp_;
 
diff --git a/chromium/net/quic/crypto/proof_source_chromium_nss.cc b/chromium/net/quic/crypto/proof_source_chromium_nss.cc
deleted file mode 100644
index 8ab7cc363de..00000000000
--- a/chromium/net/quic/crypto/proof_source_chromium_nss.cc
+++ /dev/null
@@ -1,34 +0,0 @@
-// Copyright 2013 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "net/quic/crypto/proof_source_chromium.h"
-
-using std::string;
-using std::vector;
-
-namespace net {
-
-ProofSourceChromium::ProofSourceChromium() {}
-
-ProofSourceChromium::~ProofSourceChromium() {}
-
-bool ProofSourceChromium::Initialize(const base::FilePath& cert_path,
-                                     const base::FilePath& key_path,
-                                     const base::FilePath& sct_path) {
-  return false;
-}
-
-bool ProofSourceChromium::GetProof(const IPAddress& server_ip,
-                                   const string& hostname,
-                                   const string& server_config,
-                                   QuicVersion quic_version,
-                                   base::StringPiece chlo_hash,
-                                   bool ecdsa_ok,
-                                   scoped_refptr<ProofSource::Chain>* out_chain,
-                                   string* out_signature,
-                                   string* out_leaf_cert_sct) {
-  return false;
-}
-
-}  // namespace net
diff --git a/chromium/net/quic/crypto/proof_test.cc b/chromium/net/quic/crypto/proof_test.cc
index cdca324ebb9..33fa4a51b74 100644
--- a/chromium/net/quic/crypto/proof_test.cc
+++ b/chromium/net/quic/crypto/proof_test.cc
@@ -2,6 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include <memory>
+
 #include "base/files/file_path.h"
 #include "net/base/ip_endpoint.h"
 #include "net/base/net_errors.h"
@@ -16,10 +18,6 @@
 #include "net/test/cert_test_util.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
-#if defined(OS_WIN)
-#include "base/win/windows_version.h"
-#endif
-
 using std::string;
 using std::vector;
 
@@ -39,7 +37,7 @@ class TestProofVerifierCallback : public ProofVerifierCallback {
 
   void Run(bool ok,
            const string& error_details,
-           scoped_ptr<ProofVerifyDetails>* details) override {
+           std::unique_ptr<ProofVerifyDetails>* details) override {
     *ok_ = ok;
     *error_details_ = error_details;
 
@@ -63,11 +61,11 @@ void RunVerification(ProofVerifier* verifier,
                      const vector<string>& certs,
                      const string& proof,
                      bool expected_ok) {
-  scoped_ptr<ProofVerifyDetails> details;
+  std::unique_ptr<ProofVerifyDetails> details;
   TestCompletionCallback comp_callback;
   bool ok;
   string error_details;
-  scoped_ptr<ProofVerifyContext> verify_context(
+  std::unique_ptr<ProofVerifyContext> verify_context(
       CryptoTestUtils::ProofVerifyContextForTesting());
   TestProofVerifierCallback* callback =
       new TestProofVerifierCallback(&comp_callback, &ok, &error_details);
@@ -117,8 +115,8 @@ INSTANTIATE_TEST_CASE_P(QuicVersion,
 
 // TODO(rtenneti): Enable testing of ProofVerifier. See http://crbug.com/514468.
 TEST_P(ProofTest, DISABLED_Verify) {
-  scoped_ptr<ProofSource> source(CryptoTestUtils::ProofSourceForTesting());
-  scoped_ptr<ProofVerifier> verifier(
+  std::unique_ptr<ProofSource> source(CryptoTestUtils::ProofSourceForTesting());
+  std::unique_ptr<ProofVerifier> verifier(
       CryptoTestUtils::ProofVerifierForTesting());
 
   const string server_config = "server config bytes";
@@ -279,7 +277,7 @@ TEST_P(ProofTest, VerifyRSAKnownAnswerTest) {
       0xad, 0x42, 0xe5, 0x55,
   };
 
-  scoped_ptr<ProofVerifier> verifier(
+  std::unique_ptr<ProofVerifier> verifier(
       CryptoTestUtils::RealProofVerifierForTesting());
 
   const string server_config = "server config bytes";
@@ -332,15 +330,6 @@ TEST_P(ProofTest, VerifyECDSAKnownAnswerTest) {
   if (GetParam() > QUIC_VERSION_30) {
     return;
   }
-// These sample signatures were generated by running the Proof.Verify test
-// (modified to use ECDSA for signing proofs) and dumping the bytes of the
-// |signature| output of ProofSource::GetProof().
-
-// Disable this test on platforms that do not support ECDSA certificates.
-#if defined(OS_WIN)
-  if (base::win::GetVersion() < base::win::VERSION_VISTA)
-    return;
-#endif
 
   // These sample signatures were generated by running the Proof.Verify test
   // (modified to use ECDSA for signing proofs) and dumping the bytes of the
@@ -370,7 +359,7 @@ TEST_P(ProofTest, VerifyECDSAKnownAnswerTest) {
       0x1f, 0xce, 0x92, 0x05, 0xca, 0x29, 0xfe, 0xd2, 0x8f, 0xd9, 0x31,
   };
 
-  scoped_ptr<ProofVerifier> verifier(
+  std::unique_ptr<ProofVerifier> verifier(
       CryptoTestUtils::RealProofVerifierForTesting());
 
   const string server_config = "server config bytes";
@@ -394,16 +383,12 @@ TEST_P(ProofTest, VerifyECDSAKnownAnswerTest) {
                        sizeof(signature_data_2));
 
   for (size_t i = 0; i < signatures.size(); i++) {
-    LOG(ERROR) << "====================" << i << "======================";
     const string& signature = signatures[i];
 
-    LOG(ERROR) << "=================== expect ok =====================";
     RunVerification(verifier.get(), hostname, port, server_config, quic_version,
                     chlo_hash, certs, signature, true);
-    LOG(ERROR) << "=================== hose_name = foo.com =============";
     RunVerification(verifier.get(), "foo.com", port, server_config,
                     quic_version, chlo_hash, certs, signature, false);
-    LOG(ERROR) << "================== server_config ====================";
     RunVerification(verifier.get(), hostname, port,
                     server_config.substr(1, string::npos), quic_version,
                     chlo_hash, certs, signature, false);
@@ -412,13 +397,11 @@ TEST_P(ProofTest, VerifyECDSAKnownAnswerTest) {
     // signature can still be DER-decoded correctly.
     string corrupt_signature = signature;
     corrupt_signature[corrupt_signature.size() - 1] += 1;
-    LOG(ERROR) << "================= corrupt signature =======================";
     RunVerification(verifier.get(), hostname, port, server_config, quic_version,
                     chlo_hash, certs, corrupt_signature, false);
 
     // Prepending a "1" makes the DER invalid.
     const string bad_der_signature1 = "1" + signature;
-    LOG(ERROR) << "=========================bad der signature ===============";
     RunVerification(verifier.get(), hostname, port, server_config, quic_version,
                     chlo_hash, certs, bad_der_signature1, false);
 
@@ -426,7 +409,6 @@ TEST_P(ProofTest, VerifyECDSAKnownAnswerTest) {
     for (size_t i = 1; i < certs.size(); i++) {
       wrong_certs.push_back(certs[i]);
     }
-    LOG(ERROR) << "==================== wrong certs =========================";
     RunVerification(verifier.get(), hostname, port, server_config, quic_version,
                     chlo_hash, wrong_certs, signature, false);
   }
diff --git a/chromium/net/quic/crypto/proof_verifier.h b/chromium/net/quic/crypto/proof_verifier.h
index be6f9e7c720..fc520aab9b2 100644
--- a/chromium/net/quic/crypto/proof_verifier.h
+++ b/chromium/net/quic/crypto/proof_verifier.h
@@ -5,10 +5,10 @@
 #ifndef NET_QUIC_CRYPTO_PROOF_VERIFIER_H_
 #define NET_QUIC_CRYPTO_PROOF_VERIFIER_H_
 
+#include <memory>
 #include <string>
 #include <vector>
 
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 #include "net/quic/quic_protocol.h"
 #include "net/quic/quic_types.h"
@@ -48,7 +48,7 @@ class NET_EXPORT_PRIVATE ProofVerifierCallback {
   // calling |release| on it.
   virtual void Run(bool ok,
                    const std::string& error_details,
-                   scoped_ptr<ProofVerifyDetails>* details) = 0;
+                   std::unique_ptr<ProofVerifyDetails>* details) = 0;
 };
 
 // A ProofVerifier checks the signature on a server config, and the certificate
@@ -74,18 +74,19 @@ class NET_EXPORT_PRIVATE ProofVerifier {
   //
   // The signature uses SHA-256 as the hash function and PSS padding in the
   // case of RSA.
-  virtual QuicAsyncStatus VerifyProof(const std::string& hostname,
-                                      const uint16_t port,
-                                      const std::string& server_config,
-                                      QuicVersion quic_version,
-                                      base::StringPiece chlo_hash,
-                                      const std::vector<std::string>& certs,
-                                      const std::string& cert_sct,
-                                      const std::string& signature,
-                                      const ProofVerifyContext* context,
-                                      std::string* error_details,
-                                      scoped_ptr<ProofVerifyDetails>* details,
-                                      ProofVerifierCallback* callback) = 0;
+  virtual QuicAsyncStatus VerifyProof(
+      const std::string& hostname,
+      const uint16_t port,
+      const std::string& server_config,
+      QuicVersion quic_version,
+      base::StringPiece chlo_hash,
+      const std::vector<std::string>& certs,
+      const std::string& cert_sct,
+      const std::string& signature,
+      const ProofVerifyContext* context,
+      std::string* error_details,
+      std::unique_ptr<ProofVerifyDetails>* details,
+      ProofVerifierCallback* callback) = 0;
 };
 
 }  // namespace net
diff --git a/chromium/net/quic/crypto/proof_verifier_chromium.cc b/chromium/net/quic/crypto/proof_verifier_chromium.cc
index 044c694b0ab..e6e9516eef0 100644
--- a/chromium/net/quic/crypto/proof_verifier_chromium.cc
+++ b/chromium/net/quic/crypto/proof_verifier_chromium.cc
@@ -62,17 +62,18 @@ class ProofVerifierChromium::Job {
 
   // Starts the proof verification.  If |QUIC_PENDING| is returned, then
   // |callback| will be invoked asynchronously when the verification completes.
-  QuicAsyncStatus VerifyProof(const std::string& hostname,
-                              const uint16_t port,
-                              const std::string& server_config,
-                              QuicVersion quic_version,
-                              base::StringPiece chlo_hash,
-                              const std::vector<std::string>& certs,
-                              const std::string& cert_sct,
-                              const std::string& signature,
-                              std::string* error_details,
-                              scoped_ptr<ProofVerifyDetails>* verify_details,
-                              ProofVerifierCallback* callback);
+  QuicAsyncStatus VerifyProof(
+      const std::string& hostname,
+      const uint16_t port,
+      const std::string& server_config,
+      QuicVersion quic_version,
+      base::StringPiece chlo_hash,
+      const std::vector<std::string>& certs,
+      const std::string& cert_sct,
+      const std::string& signature,
+      std::string* error_details,
+      std::unique_ptr<ProofVerifyDetails>* verify_details,
+      ProofVerifierCallback* callback);
 
  private:
   enum State {
@@ -97,7 +98,7 @@ class ProofVerifierChromium::Job {
 
   // The underlying verifier used for verifying certificates.
   CertVerifier* verifier_;
-  scoped_ptr<CertVerifier::Request> cert_verifier_request_;
+  std::unique_ptr<CertVerifier::Request> cert_verifier_request_;
 
   CTPolicyEnforcer* policy_enforcer_;
 
@@ -110,8 +111,8 @@ class ProofVerifierChromium::Job {
   // |port| specifies the target port for the connection.
   uint16_t port_;
 
-  scoped_ptr<ProofVerifierCallback> callback_;
-  scoped_ptr<ProofVerifyDetailsChromium> verify_details_;
+  std::unique_ptr<ProofVerifierCallback> callback_;
+  std::unique_ptr<ProofVerifyDetailsChromium> verify_details_;
   std::string error_details_;
 
   // X509Certificate from a chain of DER encoded certificates.
@@ -169,7 +170,7 @@ QuicAsyncStatus ProofVerifierChromium::Job::VerifyProof(
     const std::string& cert_sct,
     const string& signature,
     std::string* error_details,
-    scoped_ptr<ProofVerifyDetails>* verify_details,
+    std::unique_ptr<ProofVerifyDetails>* verify_details,
     ProofVerifierCallback* callback) {
   DCHECK(error_details);
   DCHECK(verify_details);
@@ -211,9 +212,22 @@ QuicAsyncStatus ProofVerifierChromium::Job::VerifyProof(
     // Note that this is a completely synchronous operation: The CT Log Verifier
     // gets all the data it needs for SCT verification and does not do any
     // external communication.
-    cert_transparency_verifier_->Verify(cert_.get(), std::string(), cert_sct,
-                                        &verify_details_->ct_verify_result,
-                                        net_log_);
+    int result = cert_transparency_verifier_->Verify(
+        cert_.get(), std::string(), cert_sct,
+        &verify_details_->ct_verify_result, net_log_);
+    // TODO(rtenneti): Delete this debugging code.
+    if (result == OK) {
+      VLOG(1) << "CTVerifier::Verify success";
+    } else {
+      VLOG(1) << "CTVerifier::Verify failed: " << result;
+    }
+  } else {
+    // TODO(rtenneti): Delete this debugging code.
+    if (cert_transparency_verifier_) {
+      VLOG(1) << "cert_sct is empty";
+    } else {
+      VLOG(1) << "cert_transparency_verifier_ is null";
+    }
   }
 
   // We call VerifySignature first to avoid copying of server_config and
@@ -271,9 +285,10 @@ int ProofVerifierChromium::Job::DoLoop(int last_result) {
 void ProofVerifierChromium::Job::OnIOComplete(int result) {
   int rv = DoLoop(result);
   if (rv != ERR_IO_PENDING) {
-    scoped_ptr<ProofVerifierCallback> callback(std::move(callback_));
+    std::unique_ptr<ProofVerifierCallback> callback(std::move(callback_));
     // Callback expects ProofVerifyDetails not ProofVerifyDetailsChromium.
-    scoped_ptr<ProofVerifyDetails> verify_details(std::move(verify_details_));
+    std::unique_ptr<ProofVerifyDetails> verify_details(
+        std::move(verify_details_));
     callback->Run(rv == OK, error_details_, &verify_details);
     // Will delete |this|.
     proof_verifier_->OnJobComplete(this);
@@ -448,7 +463,7 @@ QuicAsyncStatus ProofVerifierChromium::VerifyProof(
     const std::string& signature,
     const ProofVerifyContext* verify_context,
     std::string* error_details,
-    scoped_ptr<ProofVerifyDetails>* verify_details,
+    std::unique_ptr<ProofVerifyDetails>* verify_details,
     ProofVerifierCallback* callback) {
   if (!verify_context) {
     *error_details = "Missing context";
@@ -456,7 +471,7 @@ QuicAsyncStatus ProofVerifierChromium::VerifyProof(
   }
   const ProofVerifyContextChromium* chromium_context =
       reinterpret_cast<const ProofVerifyContextChromium*>(verify_context);
-  scoped_ptr<Job> job(
+  std::unique_ptr<Job> job(
       new Job(this, cert_verifier_, ct_policy_enforcer_,
               transport_security_state_, cert_transparency_verifier_,
               chromium_context->cert_verify_flags, chromium_context->net_log));
diff --git a/chromium/net/quic/crypto/proof_verifier_chromium.h b/chromium/net/quic/crypto/proof_verifier_chromium.h
index eef604d2f2b..be50650532d 100644
--- a/chromium/net/quic/crypto/proof_verifier_chromium.h
+++ b/chromium/net/quic/crypto/proof_verifier_chromium.h
@@ -5,13 +5,13 @@
 #ifndef NET_QUIC_CRYPTO_PROOF_VERIFIER_CHROMIUM_H_
 #define NET_QUIC_CRYPTO_PROOF_VERIFIER_CHROMIUM_H_
 
+#include <memory>
 #include <set>
 #include <string>
 #include <vector>
 
 #include "base/compiler_specific.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 #include "net/cert/cert_verify_result.h"
 #include "net/cert/ct_verify_result.h"
@@ -65,18 +65,19 @@ class NET_EXPORT_PRIVATE ProofVerifierChromium : public ProofVerifier {
   ~ProofVerifierChromium() override;
 
   // ProofVerifier interface
-  QuicAsyncStatus VerifyProof(const std::string& hostname,
-                              const uint16_t port,
-                              const std::string& server_config,
-                              QuicVersion quic_version,
-                              base::StringPiece chlo_hash,
-                              const std::vector<std::string>& certs,
-                              const std::string& cert_sct,
-                              const std::string& signature,
-                              const ProofVerifyContext* verify_context,
-                              std::string* error_details,
-                              scoped_ptr<ProofVerifyDetails>* verify_details,
-                              ProofVerifierCallback* callback) override;
+  QuicAsyncStatus VerifyProof(
+      const std::string& hostname,
+      const uint16_t port,
+      const std::string& server_config,
+      QuicVersion quic_version,
+      base::StringPiece chlo_hash,
+      const std::vector<std::string>& certs,
+      const std::string& cert_sct,
+      const std::string& signature,
+      const ProofVerifyContext* verify_context,
+      std::string* error_details,
+      std::unique_ptr<ProofVerifyDetails>* verify_details,
+      ProofVerifierCallback* callback) override;
 
  private:
   class Job;
diff --git a/chromium/net/quic/crypto/proof_verifier_chromium_test.cc b/chromium/net/quic/crypto/proof_verifier_chromium_test.cc
index bc2d27ff64e..9b90b673f3f 100644
--- a/chromium/net/quic/crypto/proof_verifier_chromium_test.cc
+++ b/chromium/net/quic/crypto/proof_verifier_chromium_test.cc
@@ -4,8 +4,9 @@
 
 #include "net/quic/crypto/proof_verifier_chromium.h"
 
+#include <memory>
+
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_errors.h"
 #include "net/base/test_data_directory.h"
 #include "net/cert/cert_status_flags.h"
@@ -44,7 +45,7 @@ class FailsTestCertVerifier : public CertVerifier {
              CRLSet* crl_set,
              CertVerifyResult* verify_result,
              const CompletionCallback& callback,
-             scoped_ptr<CertVerifier::Request>* out_req,
+             std::unique_ptr<CertVerifier::Request>* out_req,
              const BoundNetLog& net_log) override {
     ADD_FAILURE() << "CertVerifier::Verify() should not be called";
     return ERR_FAILED;
@@ -95,7 +96,7 @@ class DummyProofVerifierCallback : public ProofVerifierCallback {
 
   void Run(bool ok,
            const std::string& error_details,
-           scoped_ptr<ProofVerifyDetails>* details) override {
+           std::unique_ptr<ProofVerifyDetails>* details) override {
     // Do nothing
   }
 };
@@ -205,10 +206,10 @@ class ProofVerifierChromiumTest : public ::testing::Test {
   }
 
  protected:
-  scoped_ptr<MultiLogCTVerifier> ct_verifier_;
+  std::unique_ptr<MultiLogCTVerifier> ct_verifier_;
   std::vector<scoped_refptr<const CTLogVerifier>> log_verifiers_;
-  scoped_ptr<ProofVerifyContext> verify_context_;
-  scoped_ptr<ProofVerifyDetails> details_;
+  std::unique_ptr<ProofVerifyContext> verify_context_;
+  std::unique_ptr<ProofVerifyDetails> details_;
   std::string error_details_;
   std::vector<std::string> certs_;
 };
@@ -220,7 +221,7 @@ TEST_F(ProofVerifierChromiumTest, FailsIfCertFails) {
   ProofVerifierChromium proof_verifier(&dummy_verifier, nullptr, nullptr,
                                        ct_verifier_.get());
 
-  scoped_ptr<DummyProofVerifierCallback> callback(
+  std::unique_ptr<DummyProofVerifierCallback> callback(
       new DummyProofVerifierCallback);
   QuicAsyncStatus status = proof_verifier.VerifyProof(
       kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_25, "", certs_, "",
@@ -238,7 +239,7 @@ TEST_F(ProofVerifierChromiumTest, ValidSCTList) {
   ProofVerifierChromium proof_verifier(&cert_verifier, nullptr, nullptr,
                                        ct_verifier_.get());
 
-  scoped_ptr<DummyProofVerifierCallback> callback(
+  std::unique_ptr<DummyProofVerifierCallback> callback(
       new DummyProofVerifierCallback);
   QuicAsyncStatus status = proof_verifier.VerifyProof(
       kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_25, "", certs_,
@@ -257,7 +258,7 @@ TEST_F(ProofVerifierChromiumTest, InvalidSCTList) {
   ProofVerifierChromium proof_verifier(&cert_verifier, nullptr, nullptr,
                                        ct_verifier_.get());
 
-  scoped_ptr<DummyProofVerifierCallback> callback(
+  std::unique_ptr<DummyProofVerifierCallback> callback(
       new DummyProofVerifierCallback);
   QuicAsyncStatus status = proof_verifier.VerifyProof(
       kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_25, "", certs_,
@@ -274,7 +275,7 @@ TEST_F(ProofVerifierChromiumTest, FailsIfSignatureFails) {
   ProofVerifierChromium proof_verifier(&cert_verifier, nullptr, nullptr,
                                        ct_verifier_.get());
 
-  scoped_ptr<DummyProofVerifierCallback> callback(
+  std::unique_ptr<DummyProofVerifierCallback> callback(
       new DummyProofVerifierCallback);
   QuicAsyncStatus status = proof_verifier.VerifyProof(
       kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_25, "", certs_, "",
@@ -299,7 +300,7 @@ TEST_F(ProofVerifierChromiumTest, PreservesEVIfNoPolicy) {
   ProofVerifierChromium proof_verifier(&dummy_verifier, nullptr, nullptr,
                                        ct_verifier_.get());
 
-  scoped_ptr<DummyProofVerifierCallback> callback(
+  std::unique_ptr<DummyProofVerifierCallback> callback(
       new DummyProofVerifierCallback);
   QuicAsyncStatus status = proof_verifier.VerifyProof(
       kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_25, "", certs_, "",
@@ -332,7 +333,7 @@ TEST_F(ProofVerifierChromiumTest, PreservesEVIfAllowed) {
   ProofVerifierChromium proof_verifier(&dummy_verifier, &policy_enforcer,
                                        nullptr, ct_verifier_.get());
 
-  scoped_ptr<DummyProofVerifierCallback> callback(
+  std::unique_ptr<DummyProofVerifierCallback> callback(
       new DummyProofVerifierCallback);
   QuicAsyncStatus status = proof_verifier.VerifyProof(
       kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_25, "", certs_, "",
@@ -365,7 +366,7 @@ TEST_F(ProofVerifierChromiumTest, StripsEVIfNotAllowed) {
   ProofVerifierChromium proof_verifier(&dummy_verifier, &policy_enforcer,
                                        nullptr, ct_verifier_.get());
 
-  scoped_ptr<DummyProofVerifierCallback> callback(
+  std::unique_ptr<DummyProofVerifierCallback> callback(
       new DummyProofVerifierCallback);
   QuicAsyncStatus status = proof_verifier.VerifyProof(
       kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_25, "", certs_, "",
@@ -399,7 +400,7 @@ TEST_F(ProofVerifierChromiumTest, IgnoresPolicyEnforcerIfNotEV) {
   ProofVerifierChromium proof_verifier(&dummy_verifier, &policy_enforcer,
                                        nullptr, ct_verifier_.get());
 
-  scoped_ptr<DummyProofVerifierCallback> callback(
+  std::unique_ptr<DummyProofVerifierCallback> callback(
       new DummyProofVerifierCallback);
   QuicAsyncStatus status = proof_verifier.VerifyProof(
       kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_25, "", certs_, "",
diff --git a/chromium/net/quic/crypto/quic_crypto_client_config.cc b/chromium/net/quic/crypto/quic_crypto_client_config.cc
index a6906a76672..2a2ea422330 100644
--- a/chromium/net/quic/crypto/quic_crypto_client_config.cc
+++ b/chromium/net/quic/crypto/quic_crypto_client_config.cc
@@ -4,11 +4,13 @@
 
 #include "net/quic/crypto/quic_crypto_client_config.h"
 
+#include <memory>
+
 #include "base/metrics/histogram_macros.h"
 #include "base/stl_util.h"
 #include "base/strings/string_util.h"
 #include "net/quic/crypto/cert_compressor.h"
-#include "net/quic/crypto/chacha20_poly1305_rfc7539_encrypter.h"
+#include "net/quic/crypto/chacha20_poly1305_encrypter.h"
 #include "net/quic/crypto/channel_id.h"
 #include "net/quic/crypto/common_cert_set.h"
 #include "net/quic/crypto/crypto_framer.h"
@@ -147,7 +149,7 @@ QuicCryptoClientConfig::CachedState::SetServerConfig(StringPiece server_config,
 
   // Even if the new server config matches the existing one, we still wish to
   // reject it if it has expired.
-  scoped_ptr<CryptoHandshakeMessage> new_scfg_storage;
+  std::unique_ptr<CryptoHandshakeMessage> new_scfg_storage;
   const CryptoHandshakeMessage* new_scfg;
 
   if (!matches_existing) {
@@ -375,16 +377,10 @@ string QuicCryptoClientConfig::CachedState::GetNextServerNonce() {
 
 void QuicCryptoClientConfig::SetDefaults() {
   // Key exchange methods.
-  kexs.resize(2);
-  kexs[0] = kC255;
-  kexs[1] = kP256;
+  kexs = {kC255, kP256};
 
   // Authenticated encryption algorithms. Prefer RFC 7539 ChaCha20 by default.
-  aead.clear();
-  if (ChaCha20Poly1305Rfc7539Encrypter::IsSupported()) {
-    aead.push_back(kCC20);
-  }
-  aead.push_back(kAESG);
+  aead = {kCC20, kAESG};
 
   disable_ecdsa_ = false;
 }
@@ -485,6 +481,7 @@ void QuicCryptoClientConfig::FillInchoateClientHello(
 QuicErrorCode QuicCryptoClientConfig::FillClientHello(
     const QuicServerId& server_id,
     QuicConnectionId connection_id,
+    const QuicVersion actual_version,
     const QuicVersion preferred_version,
     const CachedState* cached,
     QuicWallTime now,
@@ -651,7 +648,8 @@ QuicErrorCode QuicCryptoClientConfig::FillClientHello(
     if (!CryptoUtils::DeriveKeys(
             out_params->initial_premaster_secret, out_params->aead,
             out_params->client_nonce, out_params->server_nonce, hkdf_input,
-            Perspective::IS_CLIENT, &crypters, nullptr /* subkey secret */)) {
+            Perspective::IS_CLIENT, CryptoUtils::Diversification::Never(),
+            &crypters, nullptr /* subkey secret */)) {
       *error_details = "Symmetric key setup failed";
       return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED;
     }
@@ -659,7 +657,7 @@ QuicErrorCode QuicCryptoClientConfig::FillClientHello(
     const QuicData& cetv_plaintext = cetv.GetSerialized();
     const size_t encrypted_len =
         crypters.encrypter->GetCiphertextSize(cetv_plaintext.length());
-    scoped_ptr<char[]> output(new char[encrypted_len]);
+    std::unique_ptr<char[]> output(new char[encrypted_len]);
     size_t output_size = 0;
     if (!crypters.encrypter->EncryptPacket(
             kDefaultPathId /* path id */, 0 /* packet number */,
@@ -701,10 +699,17 @@ QuicErrorCode QuicCryptoClientConfig::FillClientHello(
   hkdf_input.append(out_params->hkdf_input_suffix);
 
   string* subkey_secret = &out_params->initial_subkey_secret;
+
+  // Only perform key diversification for QUIC versions 33 and later.
+  // TODO(rch): remove the |actual_version| argument to this method when
+  // QUIC_VERSION_32 is removed.
+  CryptoUtils::Diversification diversification =
+      actual_version > QUIC_VERSION_32 ? CryptoUtils::Diversification::Pending()
+                                       : CryptoUtils::Diversification::Never();
   if (!CryptoUtils::DeriveKeys(out_params->initial_premaster_secret,
                                out_params->aead, out_params->client_nonce,
                                out_params->server_nonce, hkdf_input,
-                               Perspective::IS_CLIENT,
+                               Perspective::IS_CLIENT, diversification,
                                &out_params->initial_crypters, subkey_secret)) {
     *error_details = "Symmetric key setup failed";
     return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED;
@@ -877,6 +882,7 @@ QuicErrorCode QuicCryptoClientConfig::ProcessServerHello(
           out_params->client_nonce,
           shlo_nonce.empty() ? out_params->server_nonce : shlo_nonce,
           hkdf_input, Perspective::IS_CLIENT,
+          CryptoUtils::Diversification::Never(),
           &out_params->forward_secure_crypters, &out_params->subkey_secret)) {
     *error_details = "Symmetric key setup failed";
     return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED;
diff --git a/chromium/net/quic/crypto/quic_crypto_client_config.h b/chromium/net/quic/crypto/quic_crypto_client_config.h
index a0c35360da3..b3063922a4a 100644
--- a/chromium/net/quic/crypto/quic_crypto_client_config.h
+++ b/chromium/net/quic/crypto/quic_crypto_client_config.h
@@ -8,12 +8,12 @@
 #include <stdint.h>
 
 #include <map>
+#include <memory>
 #include <queue>
 #include <string>
 #include <vector>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_piece.h"
 #include "net/base/net_export.h"
 #include "net/quic/crypto/crypto_handshake.h"
@@ -180,10 +180,10 @@ class NET_EXPORT_PRIVATE QuicCryptoClientConfig : public QuicCryptoConfig {
     // server_config_valid_ to false.
     uint64_t generation_counter_;
 
-    scoped_ptr<ProofVerifyDetails> proof_verify_details_;
+    std::unique_ptr<ProofVerifyDetails> proof_verify_details_;
 
     // scfg contains the cached, parsed value of |server_config|.
-    mutable scoped_ptr<CryptoHandshakeMessage> scfg_;
+    mutable std::unique_ptr<CryptoHandshakeMessage> scfg_;
 
     // TODO(jokulik): Consider using a hash-set as extra book-keeping to ensure
     // that no connection-id is added twice.  Also, consider keeping the server
@@ -234,6 +234,7 @@ class NET_EXPORT_PRIVATE QuicCryptoClientConfig : public QuicCryptoConfig {
   // signature are placed in the CETV value of the CHLO.
   QuicErrorCode FillClientHello(const QuicServerId& server_id,
                                 QuicConnectionId connection_id,
+                                const QuicVersion actual_version,
                                 const QuicVersion preferred_version,
                                 const CachedState* cached,
                                 QuicWallTime now,
@@ -366,8 +367,8 @@ class NET_EXPORT_PRIVATE QuicCryptoClientConfig : public QuicCryptoConfig {
   // ".googlevideo.com") of canonical hostnames.
   std::vector<std::string> canonical_suffixes_;
 
-  scoped_ptr<ProofVerifier> proof_verifier_;
-  scoped_ptr<ChannelIDSource> channel_id_source_;
+  std::unique_ptr<ProofVerifier> proof_verifier_;
+  std::unique_ptr<ChannelIDSource> channel_id_source_;
 
   // True if ECDSA should be disabled.
   bool disable_ecdsa_;
diff --git a/chromium/net/quic/crypto/quic_crypto_client_config_test.cc b/chromium/net/quic/crypto/quic_crypto_client_config_test.cc
index ec727e4a024..d15f6b0cdb6 100644
--- a/chromium/net/quic/crypto/quic_crypto_client_config_test.cc
+++ b/chromium/net/quic/crypto/quic_crypto_client_config_test.cc
@@ -242,8 +242,8 @@ TEST(QuicCryptoClientConfigTest, FillClientHello) {
   MockRandom rand;
   CryptoHandshakeMessage chlo;
   QuicServerId server_id("www.google.com", 443, PRIVACY_MODE_DISABLED);
-  config.FillClientHello(server_id, kConnectionId, QuicVersionMax(), &state,
-                         QuicWallTime::Zero(), &rand,
+  config.FillClientHello(server_id, kConnectionId, QuicVersionMax(),
+                         QuicVersionMax(), &state, QuicWallTime::Zero(), &rand,
                          nullptr,  // channel_id_key
                          &params, &chlo, &error_details);
 
diff --git a/chromium/net/quic/crypto/quic_crypto_server_config.cc b/chromium/net/quic/crypto/quic_crypto_server_config.cc
index 2d0c664974d..134feaba53c 100644
--- a/chromium/net/quic/crypto/quic_crypto_server_config.cc
+++ b/chromium/net/quic/crypto/quic_crypto_server_config.cc
@@ -7,18 +7,18 @@
 #include <stdlib.h>
 
 #include <algorithm>
+#include <memory>
 
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
 #include "base/stl_util.h"
-#include "base/strings/string_number_conversions.h"
 #include "crypto/hkdf.h"
 #include "crypto/secure_hash.h"
 #include "net/base/ip_address.h"
 #include "net/quic/crypto/aes_128_gcm_12_decrypter.h"
 #include "net/quic/crypto/aes_128_gcm_12_encrypter.h"
 #include "net/quic/crypto/cert_compressor.h"
-#include "net/quic/crypto/chacha20_poly1305_rfc7539_encrypter.h"
+#include "net/quic/crypto/chacha20_poly1305_encrypter.h"
 #include "net/quic/crypto/channel_id.h"
 #include "net/quic/crypto/crypto_framer.h"
 #include "net/quic/crypto/crypto_handshake_message.h"
@@ -235,7 +235,7 @@ QuicCryptoServerConfig::QuicCryptoServerConfig(
   server_nonce_entropy->RandBytes(server_nonce_orbit_,
                                   sizeof(server_nonce_orbit_));
   const size_t key_size = server_nonce_boxer_.GetKeySize();
-  scoped_ptr<uint8_t[]> key_bytes(new uint8_t[key_size]);
+  std::unique_ptr<uint8_t[]> key_bytes(new uint8_t[key_size]);
   server_nonce_entropy->RandBytes(key_bytes.get(), key_size);
 
   server_nonce_boxer_.SetKeys(
@@ -255,7 +255,7 @@ QuicServerConfigProtobuf* QuicCryptoServerConfig::GenerateConfig(
 
   const string curve25519_private_key =
       Curve25519KeyExchange::NewPrivateKey(rand);
-  scoped_ptr<Curve25519KeyExchange> curve25519(
+  std::unique_ptr<Curve25519KeyExchange> curve25519(
       Curve25519KeyExchange::New(curve25519_private_key));
   StringPiece curve25519_public_value = curve25519->public_value();
 
@@ -274,7 +274,8 @@ QuicServerConfigProtobuf* QuicCryptoServerConfig::GenerateConfig(
   string p256_private_key;
   if (options.p256) {
     p256_private_key = P256KeyExchange::NewPrivateKey();
-    scoped_ptr<P256KeyExchange> p256(P256KeyExchange::New(p256_private_key));
+    std::unique_ptr<P256KeyExchange> p256(
+        P256KeyExchange::New(p256_private_key));
     StringPiece p256_public_value = p256->public_value();
 
     DCHECK_LT(p256_public_value.size(), (1U << 24));
@@ -294,8 +295,7 @@ QuicServerConfigProtobuf* QuicCryptoServerConfig::GenerateConfig(
   } else {
     msg.SetTaglist(kKEXS, kC255, 0);
   }
-  if (FLAGS_quic_crypto_server_config_default_has_chacha20 &&
-      ChaCha20Poly1305Rfc7539Encrypter::IsSupported()) {
+  if (FLAGS_quic_crypto_server_config_default_has_chacha20) {
     msg.SetTaglist(kAEAD, kAESG, kCC20, 0);
   } else {
     msg.SetTaglist(kAEAD, kAESG, 0);
@@ -332,9 +332,9 @@ QuicServerConfigProtobuf* QuicCryptoServerConfig::GenerateConfig(
   if (options.id.empty()) {
     // We need to ensure that the SCID changes whenever the server config does
     // thus we make it a hash of the rest of the server config.
-    scoped_ptr<QuicData> serialized(
+    std::unique_ptr<QuicData> serialized(
         CryptoFramer::ConstructHandshakeMessage(msg));
-    scoped_ptr<SecureHash> hash(SecureHash::Create(SecureHash::SHA256));
+    std::unique_ptr<SecureHash> hash(SecureHash::Create(SecureHash::SHA256));
     hash->Update(serialized->data(), serialized->length());
 
     char scid_bytes[16];
@@ -347,9 +347,11 @@ QuicServerConfigProtobuf* QuicCryptoServerConfig::GenerateConfig(
   // everything but itself and so extra tags should be added prior to the
   // preceeding if block.
 
-  scoped_ptr<QuicData> serialized(CryptoFramer::ConstructHandshakeMessage(msg));
+  std::unique_ptr<QuicData> serialized(
+      CryptoFramer::ConstructHandshakeMessage(msg));
 
-  scoped_ptr<QuicServerConfigProtobuf> config(new QuicServerConfigProtobuf);
+  std::unique_ptr<QuicServerConfigProtobuf> config(
+      new QuicServerConfigProtobuf);
   config->set_config(serialized->AsStringPiece());
   QuicServerConfigProtobuf::PrivateKey* curve25519_key = config->add_key();
   curve25519_key->set_tag(kC255);
@@ -367,7 +369,7 @@ QuicServerConfigProtobuf* QuicCryptoServerConfig::GenerateConfig(
 CryptoHandshakeMessage* QuicCryptoServerConfig::AddConfig(
     QuicServerConfigProtobuf* protobuf,
     const QuicWallTime now) {
-  scoped_ptr<CryptoHandshakeMessage> msg(
+  std::unique_ptr<CryptoHandshakeMessage> msg(
       CryptoFramer::ParseMessage(protobuf->config()));
 
   if (!msg.get()) {
@@ -386,7 +388,7 @@ CryptoHandshakeMessage* QuicCryptoServerConfig::AddConfig(
     if (configs_.find(config->id) != configs_.end()) {
       LOG(WARNING) << "Failed to add config because another with the same "
                       "server config id already exists: "
-                   << base::HexEncode(config->id.data(), config->id.size());
+                   << QuicUtils::HexEncode(config->id);
       return nullptr;
     }
 
@@ -403,7 +405,7 @@ CryptoHandshakeMessage* QuicCryptoServerConfig::AddDefaultConfig(
     QuicRandom* rand,
     const QuicClock* clock,
     const ConfigOptions& options) {
-  scoped_ptr<QuicServerConfigProtobuf> config(
+  std::unique_ptr<QuicServerConfigProtobuf> config(
       GenerateConfig(rand, clock, options));
   return AddConfig(config.get(), clock->WallNow());
 }
@@ -445,11 +447,10 @@ bool QuicCryptoServerConfig::SetConfigs(
 
       ConfigMap::iterator it = configs_.find(config->id);
       if (it != configs_.end()) {
-        VLOG(1) << "Keeping scid: "
-                << base::HexEncode(config->id.data(), config->id.size())
+        VLOG(1) << "Keeping scid: " << QuicUtils::HexEncode(config->id)
                 << " orbit: "
-                << base::HexEncode(reinterpret_cast<const char*>(config->orbit),
-                                   kOrbitSize)
+                << QuicUtils::HexEncode(
+                       reinterpret_cast<const char*>(config->orbit), kOrbitSize)
                 << " new primary_time " << config->primary_time.ToUNIXSeconds()
                 << " old primary_time "
                 << it->second->primary_time.ToUNIXSeconds() << " new priority "
@@ -459,11 +460,10 @@ bool QuicCryptoServerConfig::SetConfigs(
         it->second->priority = config->priority;
         new_configs.insert(*it);
       } else {
-        VLOG(1) << "Adding scid: "
-                << base::HexEncode(config->id.data(), config->id.size())
+        VLOG(1) << "Adding scid: " << QuicUtils::HexEncode(config->id)
                 << " orbit: "
-                << base::HexEncode(reinterpret_cast<const char*>(config->orbit),
-                                   kOrbitSize)
+                << QuicUtils::HexEncode(
+                       reinterpret_cast<const char*>(config->orbit), kOrbitSize)
                 << " primary_time " << config->primary_time.ToUNIXSeconds()
                 << " priority " << config->priority;
         new_configs.insert(std::make_pair(config->id, config));
@@ -557,6 +557,7 @@ QuicErrorCode QuicCryptoServerConfig::ProcessClientHello(
     QuicCryptoNegotiatedParameters* params,
     QuicCryptoProof* crypto_proof,
     CryptoHandshakeMessage* out,
+    DiversificationNonce* out_diversification_nonce,
     string* error_details) const {
   DCHECK(error_details);
 
@@ -691,7 +692,7 @@ QuicErrorCode QuicCryptoServerConfig::ProcessClientHello(
   }
 
   if (!info.sni.empty()) {
-    scoped_ptr<char[]> sni_tmp(new char[info.sni.length() + 1]);
+    std::unique_ptr<char[]> sni_tmp(new char[info.sni.length() + 1]);
     memcpy(sni_tmp.get(), info.sni.data(), info.sni.length());
     sni_tmp[info.sni.length()] = 0;
     params->sni = CryptoUtils::NormalizeHostname(sni_tmp.get());
@@ -736,8 +737,9 @@ QuicErrorCode QuicCryptoServerConfig::ProcessClientHello(
     CrypterPair crypters;
     if (!CryptoUtils::DeriveKeys(params->initial_premaster_secret, params->aead,
                                  info.client_nonce, info.server_nonce,
-                                 hkdf_input, Perspective::IS_SERVER, &crypters,
-                                 nullptr /* subkey secret */)) {
+                                 hkdf_input, Perspective::IS_SERVER,
+                                 CryptoUtils::Diversification::Never(),
+                                 &crypters, nullptr /* subkey secret */)) {
       *error_details = "Symmetric key setup failed";
       return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED;
     }
@@ -752,7 +754,7 @@ QuicErrorCode QuicCryptoServerConfig::ProcessClientHello(
       *error_details = "CETV decryption failure";
       return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER;
     }
-    scoped_ptr<CryptoHandshakeMessage> cetv(
+    std::unique_ptr<CryptoHandshakeMessage> cetv(
         CryptoFramer::ParseMessage(StringPiece(plaintext, plaintext_length)));
     if (!cetv.get()) {
       *error_details = "CETV parse error";
@@ -778,9 +780,18 @@ QuicErrorCode QuicCryptoServerConfig::ProcessClientHello(
   hkdf_input.append(hkdf_suffix);
 
   string* subkey_secret = &params->initial_subkey_secret;
+  CryptoUtils::Diversification diversification =
+      CryptoUtils::Diversification::Never();
+  if (version > QUIC_VERSION_32) {
+    rand->RandBytes(reinterpret_cast<char*>(out_diversification_nonce),
+                    sizeof(*out_diversification_nonce));
+    diversification =
+        CryptoUtils::Diversification::Now(out_diversification_nonce);
+  }
+
   if (!CryptoUtils::DeriveKeys(params->initial_premaster_secret, params->aead,
                                info.client_nonce, info.server_nonce, hkdf_input,
-                               Perspective::IS_SERVER,
+                               Perspective::IS_SERVER, diversification,
                                &params->initial_crypters, subkey_secret)) {
     *error_details = "Symmetric key setup failed";
     return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED;
@@ -793,7 +804,7 @@ QuicErrorCode QuicCryptoServerConfig::ProcessClientHello(
             key_exchange, rand, clock->ApproximateNow(), public_value,
             &forward_secure_public_value);
   } else {
-    scoped_ptr<KeyExchange> forward_secure_key_exchange(
+    std::unique_ptr<KeyExchange> forward_secure_key_exchange(
         key_exchange->NewKeyPair(rand));
     forward_secure_public_value =
         forward_secure_key_exchange->public_value().as_string();
@@ -816,11 +827,13 @@ QuicErrorCode QuicCryptoServerConfig::ProcessClientHello(
     shlo_nonce = NewServerNonce(rand, info.now);
     out->SetStringPiece(kServerNonceTag, shlo_nonce);
   }
+
   if (!CryptoUtils::DeriveKeys(
           params->forward_secure_premaster_secret, params->aead,
           info.client_nonce,
           shlo_nonce.empty() ? info.server_nonce : shlo_nonce,
           forward_secure_hkdf_input, Perspective::IS_SERVER,
+          CryptoUtils::Diversification::Never(),
           &params->forward_secure_crypters, &params->subkey_secret)) {
     *error_details = "Symmetric key setup failed";
     return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED;
@@ -935,7 +948,7 @@ void QuicCryptoServerConfig::SelectNewPrimaryConfig(
     primary_config_ = new_primary;
     new_primary->is_primary = true;
     DVLOG(1) << "New primary config.  orbit: "
-             << base::HexEncode(
+             << QuicUtils::HexEncode(
                     reinterpret_cast<const char*>(primary_config_->orbit),
                     kOrbitSize);
     if (primary_config_changed_cb_.get() != nullptr) {
@@ -954,11 +967,10 @@ void QuicCryptoServerConfig::SelectNewPrimaryConfig(
   primary_config_ = new_primary;
   new_primary->is_primary = true;
   DVLOG(1) << "New primary config.  orbit: "
-           << base::HexEncode(
+           << QuicUtils::HexEncode(
                   reinterpret_cast<const char*>(primary_config_->orbit),
                   kOrbitSize)
-           << " scid: " << base::HexEncode(primary_config_->id.data(),
-                                           primary_config_->id.size());
+           << " scid: " << QuicUtils::HexEncode(primary_config_->id);
   next_config_promotion_time_ = QuicWallTime::Zero();
   if (primary_config_changed_cb_.get() != nullptr) {
     primary_config_changed_cb_->Run(primary_config_->id);
@@ -997,8 +1009,7 @@ void QuicCryptoServerConfig::EvaluateClientHello(
   HandshakeFailureReason source_address_token_error = MAX_FAILURE_REASON;
   StringPiece srct;
   if (client_hello.GetStringPiece(kSourceAddressTokenTag, &srct)) {
-    Config& config =
-        requested_config != nullptr ? *requested_config : *primary_config;
+    Config& config = requested_config ? *requested_config : *primary_config;
     source_address_token_error =
         ParseSourceAddressToken(config, srct, &info->source_address_tokens);
 
@@ -1149,6 +1160,7 @@ void QuicCryptoServerConfig::EvaluateClientHello(
 
 bool QuicCryptoServerConfig::BuildServerConfigUpdateMessage(
     QuicVersion version,
+    StringPiece chlo_hash,
     const SourceAddressTokens& previous_source_address_tokens,
     const IPAddress& server_ip,
     const IPAddress& client_ip,
@@ -1170,12 +1182,22 @@ bool QuicCryptoServerConfig::BuildServerConfigUpdateMessage(
   scoped_refptr<ProofSource::Chain> chain;
   string signature;
   string cert_sct;
-  if (!proof_source_->GetProof(server_ip, params.sni,
-                               primary_config_->serialized, version,
-                               params.client_nonce, params.x509_ecdsa_supported,
-                               &chain, &signature, &cert_sct)) {
-    DVLOG(1) << "Server: failed to get proof.";
-    return false;
+  if (FLAGS_quic_use_hash_in_scup) {
+    if (!proof_source_->GetProof(server_ip, params.sni,
+                                 primary_config_->serialized, version,
+                                 chlo_hash, params.x509_ecdsa_supported, &chain,
+                                 &signature, &cert_sct)) {
+      DVLOG(1) << "Server: failed to get proof.";
+      return false;
+    }
+  } else {
+    if (!proof_source_->GetProof(
+            server_ip, params.sni, primary_config_->serialized, version,
+            params.client_nonce, params.x509_ecdsa_supported, &chain,
+            &signature, &cert_sct)) {
+      DVLOG(1) << "Server: failed to get proof.";
+      return false;
+    }
   }
 
   const string compressed = CompressChain(
@@ -1293,13 +1315,11 @@ const string QuicCryptoServerConfig::CompressChain(
     const string& client_cached_cert_hashes,
     const CommonCertSets* common_sets) const {
   // Check whether the compressed certs is available in the cache.
-  if (FLAGS_quic_use_cached_compressed_certs) {
-    DCHECK(compressed_certs_cache);
-    const string* cached_value = compressed_certs_cache->GetCompressedCert(
-        chain, client_common_set_hashes, client_cached_cert_hashes);
-    if (cached_value) {
-      return *cached_value;
-    }
+  DCHECK(compressed_certs_cache);
+  const string* cached_value = compressed_certs_cache->GetCompressedCert(
+      chain, client_common_set_hashes, client_cached_cert_hashes);
+  if (cached_value) {
+    return *cached_value;
   }
 
   const string compressed =
@@ -1307,17 +1327,15 @@ const string QuicCryptoServerConfig::CompressChain(
                                     client_common_set_hashes, common_sets);
 
   // Insert the newly compressed cert to cache.
-  if (FLAGS_quic_use_cached_compressed_certs) {
-    compressed_certs_cache->Insert(chain, client_common_set_hashes,
-                                   client_cached_cert_hashes, compressed);
-  }
+  compressed_certs_cache->Insert(chain, client_common_set_hashes,
+                                 client_cached_cert_hashes, compressed);
   return compressed;
 }
 
 scoped_refptr<QuicCryptoServerConfig::Config>
 QuicCryptoServerConfig::ParseConfigProtobuf(
     QuicServerConfigProtobuf* protobuf) {
-  scoped_ptr<CryptoHandshakeMessage> msg(
+  std::unique_ptr<CryptoHandshakeMessage> msg(
       CryptoFramer::ParseMessage(protobuf->config()));
 
   if (msg->tag() != kSCFG) {
@@ -1453,7 +1471,7 @@ QuicCryptoServerConfig::ParseConfigProtobuf(
       return nullptr;
     }
 
-    scoped_ptr<KeyExchange> ka;
+    std::unique_ptr<KeyExchange> ka;
     switch (tag) {
       case kC255:
         ka.reset(Curve25519KeyExchange::New(private_key));
diff --git a/chromium/net/quic/crypto/quic_crypto_server_config.h b/chromium/net/quic/crypto/quic_crypto_server_config.h
index 33f088d864e..b6d9e3f11b3 100644
--- a/chromium/net/quic/crypto/quic_crypto_server_config.h
+++ b/chromium/net/quic/crypto/quic_crypto_server_config.h
@@ -9,12 +9,12 @@
 #include <stdint.h>
 
 #include <map>
+#include <memory>
 #include <string>
 #include <vector>
 
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_piece.h"
 #include "base/synchronization/lock.h"
 #include "net/base/ip_address.h"
@@ -266,7 +266,11 @@ class NET_EXPORT_PRIVATE QuicCryptoServerConfig {
   // crypto_proof: output structure containing the crypto proof used in reply to
   //     a proof demand.
   // out: the resulting handshake message (either REJ or SHLO)
-  // error_details: used to store a string describing any error.
+  // out_diversification_nonce: If the resulting handshake message is SHLO and
+  //     the version is greater than QUIC_VERSION_32 then this contains a
+  //     32-byte value that should be included in the public header of
+  //     initially encrypted packets.
+  // error_details: used to store a std::string describing any error.
   QuicErrorCode ProcessClientHello(
       const ValidateClientHelloResultCallback::Result& validate_chlo_result,
       QuicConnectionId connection_id,
@@ -282,6 +286,7 @@ class NET_EXPORT_PRIVATE QuicCryptoServerConfig {
       QuicCryptoNegotiatedParameters* params,
       QuicCryptoProof* crypto_proof,
       CryptoHandshakeMessage* out,
+      DiversificationNonce* out_diversification_nonce,
       std::string* error_details) const;
 
   // BuildServerConfigUpdateMessage sets |out| to be a SCUP message containing
@@ -292,6 +297,7 @@ class NET_EXPORT_PRIVATE QuicCryptoServerConfig {
   // |cached_network_params| is optional, and can be nullptr.
   bool BuildServerConfigUpdateMessage(
       QuicVersion version,
+      base::StringPiece chlo_hash,
       const SourceAddressTokens& previous_source_address_tokens,
       const IPAddress& server_ip,
       const IPAddress& client_ip,
@@ -432,7 +438,7 @@ class NET_EXPORT_PRIVATE QuicCryptoServerConfig {
     // Holds the override source_address_token_boxer instance if the
     // Config is not using the default source address token boxer
     // instance provided by QuicCryptoServerConfig.
-    scoped_ptr<CryptoSecretBoxer> source_address_token_boxer_storage;
+    std::unique_ptr<CryptoSecretBoxer> source_address_token_boxer_storage;
 
    private:
     friend class base::RefCounted<Config>;
@@ -599,13 +605,13 @@ class NET_EXPORT_PRIVATE QuicCryptoServerConfig {
   // active config will be promoted to primary.
   mutable QuicWallTime next_config_promotion_time_;
   // Callback to invoke when the primary config changes.
-  scoped_ptr<PrimaryConfigChangedCallback> primary_config_changed_cb_;
+  std::unique_ptr<PrimaryConfigChangedCallback> primary_config_changed_cb_;
 
   // Protects access to the pointer held by strike_register_client_.
   mutable base::Lock strike_register_client_lock_;
   // strike_register_ contains a data structure that keeps track of previously
   // observed client nonces in order to prevent replay attacks.
-  mutable scoped_ptr<StrikeRegisterClient> strike_register_client_;
+  mutable std::unique_ptr<StrikeRegisterClient> strike_register_client_;
 
   // Default source_address_token_boxer_ used to protect the
   // source-address tokens that are given to clients.  Individual
@@ -625,15 +631,15 @@ class NET_EXPORT_PRIVATE QuicCryptoServerConfig {
   // server_nonce_strike_register_ contains a data structure that keeps track of
   // previously observed server nonces from this server, in order to prevent
   // replay attacks.
-  mutable scoped_ptr<StrikeRegister> server_nonce_strike_register_;
+  mutable std::unique_ptr<StrikeRegister> server_nonce_strike_register_;
 
   // proof_source_ contains an object that can provide certificate chains and
   // signatures.
-  scoped_ptr<ProofSource> proof_source_;
+  std::unique_ptr<ProofSource> proof_source_;
 
   // ephemeral_key_source_ contains an object that caches ephemeral keys for a
   // short period of time.
-  scoped_ptr<EphemeralKeySource> ephemeral_key_source_;
+  std::unique_ptr<EphemeralKeySource> ephemeral_key_source_;
 
   // These fields store configuration values. See the comments for their
   // respective setter functions.
diff --git a/chromium/net/quic/crypto/quic_crypto_server_config_test.cc b/chromium/net/quic/crypto/quic_crypto_server_config_test.cc
index 270cd9a22c5..68367badf8c 100644
--- a/chromium/net/quic/crypto/quic_crypto_server_config_test.cc
+++ b/chromium/net/quic/crypto/quic_crypto_server_config_test.cc
@@ -6,10 +6,12 @@
 
 #include <stdarg.h>
 
+#include <memory>
+
 #include "base/stl_util.h"
 #include "net/quic/crypto/aes_128_gcm_12_encrypter.h"
 #include "net/quic/crypto/cert_compressor.h"
-#include "net/quic/crypto/chacha20_poly1305_rfc7539_encrypter.h"
+#include "net/quic/crypto/chacha20_poly1305_encrypter.h"
 #include "net/quic/crypto/crypto_handshake_message.h"
 #include "net/quic/crypto/crypto_secret_boxer.h"
 #include "net/quic/crypto/crypto_server_config_protobuf.h"
@@ -19,6 +21,7 @@
 #include "net/quic/quic_time.h"
 #include "net/quic/test_tools/crypto_test_utils.h"
 #include "net/quic/test_tools/mock_clock.h"
+#include "net/quic/test_tools/quic_crypto_server_config_peer.h"
 #include "net/quic/test_tools/quic_test_utils.h"
 #include "testing/gmock/include/gmock/gmock.h"
 #include "testing/gtest/include/gtest/gtest.h"
@@ -32,171 +35,6 @@ using std::vector;
 namespace net {
 namespace test {
 
-class QuicCryptoServerConfigPeer {
- public:
-  explicit QuicCryptoServerConfigPeer(QuicCryptoServerConfig* server_config)
-      : server_config_(server_config) {}
-
-  scoped_refptr<QuicCryptoServerConfig::Config> GetConfig(string config_id) {
-    base::AutoLock locked(server_config_->configs_lock_);
-    if (config_id == "<primary>") {
-      return scoped_refptr<QuicCryptoServerConfig::Config>(
-          server_config_->primary_config_);
-    } else {
-      return server_config_->GetConfigWithScid(config_id);
-    }
-  }
-
-  string NewSourceAddressToken(string config_id,
-                               SourceAddressTokens previous_tokens,
-                               const IPAddress& ip,
-                               QuicRandom* rand,
-                               QuicWallTime now,
-                               CachedNetworkParameters* cached_network_params) {
-    return server_config_->NewSourceAddressToken(*GetConfig(config_id),
-                                                 previous_tokens, ip, rand, now,
-                                                 cached_network_params);
-  }
-
-  HandshakeFailureReason ValidateSourceAddressTokens(
-      string config_id,
-      StringPiece srct,
-      const IPAddress& ip,
-      QuicWallTime now,
-      CachedNetworkParameters* cached_network_params) {
-    SourceAddressTokens tokens;
-    HandshakeFailureReason reason = server_config_->ParseSourceAddressToken(
-        *GetConfig(config_id), srct, &tokens);
-    if (reason != HANDSHAKE_OK) {
-      return reason;
-    }
-
-    return server_config_->ValidateSourceAddressTokens(tokens, ip, now,
-                                                       cached_network_params);
-  }
-
-  string NewServerNonce(QuicRandom* rand, QuicWallTime now) const {
-    return server_config_->NewServerNonce(rand, now);
-  }
-
-  HandshakeFailureReason ValidateServerNonce(StringPiece token,
-                                             QuicWallTime now) {
-    return server_config_->ValidateServerNonce(token, now);
-  }
-
-  base::Lock* GetStrikeRegisterClientLock() {
-    return &server_config_->strike_register_client_lock_;
-  }
-
-  // CheckConfigs compares the state of the Configs in |server_config_| to the
-  // description given as arguments. The arguments are given as
-  // nullptr-terminated pairs. The first of each pair is the server config ID of
-  // a Config. The second is a boolean describing whether the config is the
-  // primary. For example:
-  //   CheckConfigs(nullptr);  // checks that no Configs are loaded.
-  //
-  //   // Checks that exactly three Configs are loaded with the given IDs and
-  //   // status.
-  //   CheckConfigs(
-  //     "id1", false,
-  //     "id2", true,
-  //     "id3", false,
-  //     nullptr);
-  void CheckConfigs(const char* server_config_id1, ...) {
-    va_list ap;
-    va_start(ap, server_config_id1);
-
-    vector<pair<ServerConfigID, bool>> expected;
-    bool first = true;
-    for (;;) {
-      const char* server_config_id;
-      if (first) {
-        server_config_id = server_config_id1;
-        first = false;
-      } else {
-        server_config_id = va_arg(ap, const char*);
-      }
-
-      if (!server_config_id) {
-        break;
-      }
-
-      // varargs will promote the value to an int so we have to read that from
-      // the stack and cast down.
-      const bool is_primary = static_cast<bool>(va_arg(ap, int));
-      expected.push_back(std::make_pair(server_config_id, is_primary));
-    }
-
-    va_end(ap);
-
-    base::AutoLock locked(server_config_->configs_lock_);
-
-    ASSERT_EQ(expected.size(), server_config_->configs_.size())
-        << ConfigsDebug();
-
-    for (const pair<const ServerConfigID,
-                    scoped_refptr<QuicCryptoServerConfig::Config>>& i :
-         server_config_->configs_) {
-      bool found = false;
-      for (pair<ServerConfigID, bool>& j : expected) {
-        if (i.first == j.first && i.second->is_primary == j.second) {
-          found = true;
-          j.first.clear();
-          break;
-        }
-      }
-
-      ASSERT_TRUE(found) << "Failed to find match for " << i.first
-                         << " in configs:\n"
-                         << ConfigsDebug();
-    }
-  }
-
-  // ConfigsDebug returns a string that contains debugging information about
-  // the set of Configs loaded in |server_config_| and their status.
-  // ConfigsDebug() should be called after acquiring
-  // server_config_->configs_lock_.
-  string ConfigsDebug() {
-    if (server_config_->configs_.empty()) {
-      return "No Configs in QuicCryptoServerConfig";
-    }
-
-    string s;
-
-    for (const auto& i : server_config_->configs_) {
-      const scoped_refptr<QuicCryptoServerConfig::Config> config = i.second;
-      if (config->is_primary) {
-        s += "(primary) ";
-      } else {
-        s += "          ";
-      }
-      s += config->id;
-      s += "\n";
-    }
-
-    return s;
-  }
-
-  void SelectNewPrimaryConfig(int seconds) {
-    base::AutoLock locked(server_config_->configs_lock_);
-    server_config_->SelectNewPrimaryConfig(
-        QuicWallTime::FromUNIXSeconds(seconds));
-  }
-
-  const string CompressChain(QuicCompressedCertsCache* compressed_certs_cache,
-                             const scoped_refptr<ProofSource::Chain>& chain,
-                             const string& client_common_set_hashes,
-                             const string& client_cached_cert_hashes,
-                             const CommonCertSets* common_sets) {
-    return server_config_->CompressChain(
-        compressed_certs_cache, chain, client_common_set_hashes,
-        client_cached_cert_hashes, common_sets);
-  }
-
- private:
-  const QuicCryptoServerConfig* server_config_;
-};
-
 class TestStrikeRegisterClient : public StrikeRegisterClient {
  public:
   explicit TestStrikeRegisterClient(QuicCryptoServerConfig* config)
@@ -234,7 +72,7 @@ TEST(QuicCryptoServerConfigTest, ServerConfig) {
                                 CryptoTestUtils::ProofSourceForTesting());
   MockClock clock;
 
-  scoped_ptr<CryptoHandshakeMessage> message(server.AddDefaultConfig(
+  std::unique_ptr<CryptoHandshakeMessage> message(server.AddDefaultConfig(
       rand, &clock, QuicCryptoServerConfig::ConfigOptions()));
 
   // The default configuration should have AES-GCM and at least one ChaCha20
@@ -244,11 +82,7 @@ TEST(QuicCryptoServerConfigTest, ServerConfig) {
   ASSERT_EQ(QUIC_NO_ERROR, message->GetTaglist(kAEAD, &aead_tags, &aead_len));
   vector<QuicTag> aead(aead_tags, aead_tags + aead_len);
   EXPECT_THAT(aead, ::testing::Contains(kAESG));
-  if (ChaCha20Poly1305Rfc7539Encrypter::IsSupported()) {
-    EXPECT_LE(2u, aead.size());
-  } else {
-    EXPECT_LE(1u, aead.size());
-  }
+  EXPECT_LE(1u, aead.size());
 }
 
 TEST(QuicCryptoServerConfigTest, ServerConfigDisableChaCha) {
@@ -259,7 +93,7 @@ TEST(QuicCryptoServerConfigTest, ServerConfigDisableChaCha) {
                                 CryptoTestUtils::ProofSourceForTesting());
   MockClock clock;
 
-  scoped_ptr<CryptoHandshakeMessage> message(server.AddDefaultConfig(
+  std::unique_ptr<CryptoHandshakeMessage> message(server.AddDefaultConfig(
       rand, &clock, QuicCryptoServerConfig::ConfigOptions()));
 
   // The default configuration should only contain AES-GCM when ChaCha20 has
@@ -282,7 +116,7 @@ TEST(QuicCryptoServerConfigTest, GetOrbitIsCalledWithoutTheStrikeRegisterLock) {
   server.SetStrikeRegisterClient(strike_register);
 
   QuicCryptoServerConfig::ConfigOptions options;
-  scoped_ptr<CryptoHandshakeMessage> message(
+  std::unique_ptr<CryptoHandshakeMessage> message(
       server.AddDefaultConfig(rand, &clock, options));
   EXPECT_TRUE(strike_register->is_known_orbit_called());
 }
@@ -302,11 +136,7 @@ TEST(QuicCryptoServerConfigTest, CompressCerts) {
   string compressed =
       peer.CompressChain(&compressed_certs_cache, chain, "", "", nullptr);
 
-  if (FLAGS_quic_use_cached_compressed_certs) {
-    EXPECT_EQ(compressed_certs_cache.Size(), 1u);
-  } else {
-    EXPECT_EQ(compressed_certs_cache.Size(), 0u);
-  }
+  EXPECT_EQ(compressed_certs_cache.Size(), 1u);
 }
 
 TEST(QuicCryptoServerConfigTest, CompressSameCertsTwice) {
@@ -326,17 +156,13 @@ TEST(QuicCryptoServerConfigTest, CompressSameCertsTwice) {
 
   string compressed = peer.CompressChain(&compressed_certs_cache, chain,
                                          common_certs, cached_certs, nullptr);
-  if (FLAGS_quic_use_cached_compressed_certs) {
-    EXPECT_EQ(compressed_certs_cache.Size(), 1u);
-  }
+  EXPECT_EQ(compressed_certs_cache.Size(), 1u);
 
   // Compress the same certs, should use cache if available.
   string compressed2 = peer.CompressChain(&compressed_certs_cache, chain,
                                           common_certs, cached_certs, nullptr);
   EXPECT_EQ(compressed, compressed2);
-  if (FLAGS_quic_use_cached_compressed_certs) {
-    EXPECT_EQ(compressed_certs_cache.Size(), 1u);
-  }
+  EXPECT_EQ(compressed_certs_cache.Size(), 1u);
 }
 
 TEST(QuicCryptoServerConfigTest, CompressDifferentCerts) {
@@ -357,31 +183,25 @@ TEST(QuicCryptoServerConfigTest, CompressDifferentCerts) {
 
   string compressed = peer.CompressChain(&compressed_certs_cache, chain,
                                          common_certs, cached_certs, nullptr);
-  if (FLAGS_quic_use_cached_compressed_certs) {
-    EXPECT_EQ(compressed_certs_cache.Size(), 1u);
-  }
+  EXPECT_EQ(compressed_certs_cache.Size(), 1u);
 
   // Compress a similar certs which only differs in the chain.
   scoped_refptr<ProofSource::Chain> chain2(new ProofSource::Chain(certs));
 
   string compressed2 = peer.CompressChain(&compressed_certs_cache, chain2,
                                           common_certs, cached_certs, nullptr);
-  if (FLAGS_quic_use_cached_compressed_certs) {
-    EXPECT_EQ(compressed_certs_cache.Size(), 2u);
-  }
+  EXPECT_EQ(compressed_certs_cache.Size(), 2u);
 
   // Compress a similar certs which only differs in common certs field.
   static const uint64_t set_hash = 42;
-  scoped_ptr<CommonCertSets> common_sets(
+  std::unique_ptr<CommonCertSets> common_sets(
       CryptoTestUtils::MockCommonCertSets(certs[0], set_hash, 1));
   StringPiece different_common_certs(reinterpret_cast<const char*>(&set_hash),
                                      sizeof(set_hash));
   string compressed3 = peer.CompressChain(&compressed_certs_cache, chain,
                                           different_common_certs.as_string(),
                                           cached_certs, common_sets.get());
-  if (FLAGS_quic_use_cached_compressed_certs) {
-    EXPECT_EQ(compressed_certs_cache.Size(), 3u);
-  }
+  EXPECT_EQ(compressed_certs_cache.Size(), 3u);
 }
 
 class SourceAddressTokenTest : public ::testing::Test {
@@ -463,9 +283,9 @@ class SourceAddressTokenTest : public ::testing::Test {
   QuicCryptoServerConfig server_;
   QuicCryptoServerConfigPeer peer_;
   // Stores the primary config.
-  scoped_ptr<CryptoHandshakeMessage> primary_config_;
-  scoped_ptr<QuicServerConfigProtobuf> override_config_protobuf_;
-  scoped_ptr<CryptoHandshakeMessage> override_config_;
+  std::unique_ptr<CryptoHandshakeMessage> primary_config_;
+  std::unique_ptr<QuicServerConfigProtobuf> override_config_protobuf_;
+  std::unique_ptr<CryptoHandshakeMessage> override_config_;
 };
 
 // Test basic behavior of source address tokens including being specific
@@ -572,7 +392,7 @@ TEST(QuicCryptoServerConfigTest, ValidateServerNonce) {
 
   StringPiece message("hello world");
   const size_t key_size = CryptoSecretBoxer::GetKeySize();
-  scoped_ptr<uint8_t[]> key(new uint8_t[key_size]);
+  std::unique_ptr<uint8_t[]> key(new uint8_t[key_size]);
   memset(key.get(), 0x11, key_size);
 
   CryptoSecretBoxer boxer;
diff --git a/chromium/net/quic/crypto/quic_decrypter.cc b/chromium/net/quic/crypto/quic_decrypter.cc
index eae1f8fcf6d..7b2df54d137 100644
--- a/chromium/net/quic/crypto/quic_decrypter.cc
+++ b/chromium/net/quic/crypto/quic_decrypter.cc
@@ -4,11 +4,15 @@
 
 #include "net/quic/crypto/quic_decrypter.h"
 
+#include "crypto/hkdf.h"
 #include "net/quic/crypto/aes_128_gcm_12_decrypter.h"
-#include "net/quic/crypto/chacha20_poly1305_rfc7539_decrypter.h"
+#include "net/quic/crypto/chacha20_poly1305_decrypter.h"
 #include "net/quic/crypto/crypto_protocol.h"
 #include "net/quic/crypto/null_decrypter.h"
 
+using base::StringPiece;
+using std::string;
+
 namespace net {
 
 // static
@@ -17,7 +21,7 @@ QuicDecrypter* QuicDecrypter::Create(QuicTag algorithm) {
     case kAESG:
       return new Aes128Gcm12Decrypter();
     case kCC20:
-      return new ChaCha20Poly1305Rfc7539Decrypter();
+      return new ChaCha20Poly1305Decrypter();
     case kNULL:
       return new NullDecrypter();
     default:
@@ -26,4 +30,20 @@ QuicDecrypter* QuicDecrypter::Create(QuicTag algorithm) {
   }
 }
 
+// static
+void QuicDecrypter::DiversifyPreliminaryKey(StringPiece preliminary_key,
+                                            StringPiece nonce_prefix,
+                                            DiversificationNonce nonce,
+                                            size_t key_size,
+                                            size_t nonce_prefix_size,
+                                            string* out_key,
+                                            string* out_nonce_prefix) {
+  crypto::HKDF hkdf(preliminary_key.as_string() + nonce_prefix.as_string(),
+                    StringPiece(nonce, kDiversificationNonceSize),
+                    "QUIC key diversification", 0, key_size, 0,
+                    nonce_prefix_size, 0);
+  *out_key = hkdf.server_write_key().as_string();
+  *out_nonce_prefix = hkdf.server_write_iv().as_string();
+}
+
 }  // namespace net
diff --git a/chromium/net/quic/crypto/quic_decrypter.h b/chromium/net/quic/crypto/quic_decrypter.h
index 4f2be96ff19..993e3dadcb8 100644
--- a/chromium/net/quic/crypto/quic_decrypter.h
+++ b/chromium/net/quic/crypto/quic_decrypter.h
@@ -42,6 +42,22 @@ class NET_EXPORT_PRIVATE QuicDecrypter {
   // packet number, even when retransmitting a lost packet.
   virtual bool SetNoncePrefix(base::StringPiece nonce_prefix) = 0;
 
+  // Sets the encryption key. Returns true on success, false on failure.
+  // |DecryptPacket| may not be called until |SetDiversificationNonce| is
+  // called and the preliminary keying material will be combined with that
+  // nonce in order to create the actual key and nonce-prefix.
+  //
+  // If this function is called, neither |SetKey| nor |SetNoncePrefix| may be
+  // called.
+  virtual bool SetPreliminaryKey(base::StringPiece key) = 0;
+
+  // SetDiversificationNonce uses |nonce| to derive final keys based on the
+  // input keying material given by calling |SetPreliminaryKey|.
+  //
+  // Calling this function is a no-op if |SetPreliminaryKey| hasn't been
+  // called.
+  virtual bool SetDiversificationNonce(DiversificationNonce nonce) = 0;
+
   // Populates |output| with the decrypted |ciphertext| and populates
   // |output_length| with the length.  Returns 0 if there is an error.
   // |output| size is specified by |max_output_length| and must be
@@ -67,6 +83,14 @@ class NET_EXPORT_PRIVATE QuicDecrypter {
   // For use by unit tests only.
   virtual base::StringPiece GetKey() const = 0;
   virtual base::StringPiece GetNoncePrefix() const = 0;
+
+  static void DiversifyPreliminaryKey(base::StringPiece preliminary_key,
+                                      base::StringPiece nonce_prefix,
+                                      DiversificationNonce nonce,
+                                      size_t key_size,
+                                      size_t nonce_prefix_size,
+                                      std::string* out_key,
+                                      std::string* out_nonce_prefix);
 };
 
 }  // namespace net
diff --git a/chromium/net/quic/crypto/quic_encrypter.cc b/chromium/net/quic/crypto/quic_encrypter.cc
index e483b6f48c7..917d23ba5dd 100644
--- a/chromium/net/quic/crypto/quic_encrypter.cc
+++ b/chromium/net/quic/crypto/quic_encrypter.cc
@@ -5,7 +5,7 @@
 #include "net/quic/crypto/quic_encrypter.h"
 
 #include "net/quic/crypto/aes_128_gcm_12_encrypter.h"
-#include "net/quic/crypto/chacha20_poly1305_rfc7539_encrypter.h"
+#include "net/quic/crypto/chacha20_poly1305_encrypter.h"
 #include "net/quic/crypto/crypto_protocol.h"
 #include "net/quic/crypto/null_encrypter.h"
 
@@ -17,7 +17,7 @@ QuicEncrypter* QuicEncrypter::Create(QuicTag algorithm) {
     case kAESG:
       return new Aes128Gcm12Encrypter();
     case kCC20:
-      return new ChaCha20Poly1305Rfc7539Encrypter();
+      return new ChaCha20Poly1305Encrypter();
     case kNULL:
       return new NullEncrypter();
     default:
diff --git a/chromium/net/quic/crypto/strike_register.h b/chromium/net/quic/crypto/strike_register.h
index fd3f5a7d25e..9d7431bfd05 100644
--- a/chromium/net/quic/crypto/strike_register.h
+++ b/chromium/net/quic/crypto/strike_register.h
@@ -7,12 +7,12 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <set>
 #include <utility>
 #include <vector>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 
 namespace net {
@@ -213,7 +213,7 @@ class NET_EXPORT_PRIVATE StrikeRegister {
   // internal_nodes_ can't be a scoped_ptr because the type isn't defined in
   // this header.
   InternalNode* internal_nodes_;
-  scoped_ptr<uint8_t[]> external_nodes_;
+  std::unique_ptr<uint8_t[]> external_nodes_;
 
   DISALLOW_COPY_AND_ASSIGN(StrikeRegister);
 };
diff --git a/chromium/net/quic/crypto/strike_register_test.cc b/chromium/net/quic/crypto/strike_register_test.cc
index 2fca33fcff4..bff26108866 100644
--- a/chromium/net/quic/crypto/strike_register_test.cc
+++ b/chromium/net/quic/crypto/strike_register_test.cc
@@ -4,6 +4,8 @@
 
 #include "net/quic/crypto/strike_register.h"
 
+#include <cstdint>
+#include <memory>
 #include <set>
 #include <string>
 
@@ -291,10 +293,10 @@ TEST_F(StrikeRegisterStressTest, InOrderInsertion) {
 
   unsigned max_entries = 64;
   uint32_t current_time = 10000, window = 200;
-  scoped_ptr<StrikeRegister> s1(
+  std::unique_ptr<StrikeRegister> s1(
       new StrikeRegister(max_entries, current_time, window, kOrbit,
                          StrikeRegister::DENY_REQUESTS_AT_STARTUP));
-  scoped_ptr<SlowStrikeRegister> s2(
+  std::unique_ptr<SlowStrikeRegister> s2(
       new SlowStrikeRegister(max_entries, current_time, window, kOrbit));
 
   uint64_t i;
@@ -342,10 +344,10 @@ TEST_F(StrikeRegisterStressTest, Stress) {
   srand(42);
   unsigned max_entries = 64;
   uint32_t current_time = 10000, window = 200;
-  scoped_ptr<StrikeRegister> s1(
+  std::unique_ptr<StrikeRegister> s1(
       new StrikeRegister(max_entries, current_time, window, kOrbit,
                          StrikeRegister::DENY_REQUESTS_AT_STARTUP));
-  scoped_ptr<SlowStrikeRegister> s2(
+  std::unique_ptr<SlowStrikeRegister> s2(
       new SlowStrikeRegister(max_entries, current_time, window, kOrbit));
   uint64_t i;
 
diff --git a/chromium/net/quic/iovector_test.cc b/chromium/net/quic/iovector_test.cc
index 7a1d00a8e33..4435459da01 100644
--- a/chromium/net/quic/iovector_test.cc
+++ b/chromium/net/quic/iovector_test.cc
@@ -6,8 +6,9 @@
 
 #include <string.h>
 
+#include <memory>
+
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/test/gtest_util.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
@@ -224,7 +225,7 @@ TEST(IOVectorTest, ConsumeAndCopyHalfBlocks) {
     ASSERT_EQ(str_len, iov2[0].iov_len);
 
     // Consume half of the first block.
-    scoped_ptr<char[]> buffer(new char[str_len]);
+    std::unique_ptr<char[]> buffer(new char[str_len]);
     size_t consumed = iov.ConsumeAndCopy(tmp, buffer.get());
     EXPECT_EQ(0, memcmp(test_data[i], buffer.get(), tmp));
     ASSERT_EQ(tmp, consumed);
@@ -262,7 +263,7 @@ TEST(IOVectorTest, ConsumeAndCopyTwoAndHalfBlocks) {
   const size_t half_len = last_len / 2;
 
   const char* endp = iov.LastBlockEnd();
-  scoped_ptr<char[]> buffer(new char[length]);
+  std::unique_ptr<char[]> buffer(new char[length]);
   size_t consumed = iov.ConsumeAndCopy(length - half_len, buffer.get());
   ASSERT_EQ(length - half_len, consumed);
   const struct iovec* iov2 = iov.iovec();
@@ -292,7 +293,7 @@ TEST(IOVectorTest, ConsumeAndCopyTooMuch) {
   }
 
   int consumed = 0;
-  scoped_ptr<char[]> buffer(new char[length + 1]);
+  std::unique_ptr<char[]> buffer(new char[length + 1]);
   EXPECT_DFATAL({ consumed = iov.ConsumeAndCopy(length + 1, buffer.get()); },
                 "Attempting to consume 1 non-existent bytes.");
   ASSERT_EQ(length, consumed);
diff --git a/chromium/net/quic/p2p/quic_p2p_crypto_config.cc b/chromium/net/quic/p2p/quic_p2p_crypto_config.cc
index d30d3c86b39..6f32056255e 100644
--- a/chromium/net/quic/p2p/quic_p2p_crypto_config.cc
+++ b/chromium/net/quic/p2p/quic_p2p_crypto_config.cc
@@ -30,8 +30,8 @@ bool QuicP2PCryptoConfig::GetNegotiatedParameters(
   if (!CryptoUtils::DeriveKeys(
           out_params->forward_secure_premaster_secret, out_params->aead,
           out_params->client_nonce, out_params->server_nonce, hkdf_input,
-          perspective, &out_params->forward_secure_crypters,
-          &out_params->subkey_secret)) {
+          perspective, CryptoUtils::Diversification::Never(),
+          &out_params->forward_secure_crypters, &out_params->subkey_secret)) {
     return false;
   }
 
diff --git a/chromium/net/quic/p2p/quic_p2p_session.cc b/chromium/net/quic/p2p/quic_p2p_session.cc
index 7b411e02138..17825c0af61 100644
--- a/chromium/net/quic/p2p/quic_p2p_session.cc
+++ b/chromium/net/quic/p2p/quic_p2p_session.cc
@@ -19,19 +19,13 @@ namespace net {
 
 QuicP2PSession::QuicP2PSession(const QuicConfig& config,
                                const QuicP2PCryptoConfig& crypto_config,
-                               scoped_ptr<QuicConnection> connection,
-                               scoped_ptr<Socket> socket)
+                               std::unique_ptr<QuicConnection> connection,
+                               std::unique_ptr<Socket> socket)
     : QuicSession(connection.release(), config),
       socket_(std::move(socket)),
       crypto_stream_(new QuicP2PCryptoStream(this, crypto_config)),
       read_buffer_(new IOBuffer(static_cast<size_t>(kMaxPacketSize))) {
   DCHECK(config.negotiated());
-
-  // Non-null IP address needs to be passed here because QuicConnection uses
-  // ToString() to format addresses for logging and ToString() is not allowed
-  // for empty addresses.
-  // TODO(sergeyu): Fix QuicConnection and remove SetSelfAddress() call below.
-  this->connection()->SetSelfAddress(IPEndPoint(IPAddress::IPv4AllZeros(), 0));
 }
 
 QuicP2PSession::~QuicP2PSession() {}
diff --git a/chromium/net/quic/p2p/quic_p2p_session.h b/chromium/net/quic/p2p/quic_p2p_session.h
index ce02958905a..dcb1db1bb5d 100644
--- a/chromium/net/quic/p2p/quic_p2p_session.h
+++ b/chromium/net/quic/p2p/quic_p2p_session.h
@@ -5,8 +5,9 @@
 #ifndef NET_QUIC_P2P_QUIC_P2P_SESSION_H_
 #define NET_QUIC_P2P_QUIC_P2P_SESSION_H_
 
+#include <memory>
+
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_piece.h"
 #include "net/quic/p2p/quic_p2p_stream.h"
 #include "net/quic/quic_client_session_base.h"
@@ -43,8 +44,8 @@ class NET_EXPORT QuicP2PSession : public QuicSession {
   // shared with the peer.
   QuicP2PSession(const QuicConfig& config,
                  const QuicP2PCryptoConfig& crypto_config,
-                 scoped_ptr<QuicConnection> connection,
-                 scoped_ptr<Socket> socket);
+                 std::unique_ptr<QuicConnection> connection,
+                 std::unique_ptr<Socket> socket);
   ~QuicP2PSession() override;
 
   // QuicSession overrides.
@@ -76,8 +77,8 @@ class NET_EXPORT QuicP2PSession : public QuicSession {
   int DoRead();
   int DoReadComplete(int result);
 
-  scoped_ptr<Socket> socket_;
-  scoped_ptr<QuicP2PCryptoStream> crypto_stream_;
+  std::unique_ptr<Socket> socket_;
+  std::unique_ptr<QuicP2PCryptoStream> crypto_stream_;
 
   Delegate* delegate_ = nullptr;
 
diff --git a/chromium/net/quic/p2p/quic_p2p_session_test.cc b/chromium/net/quic/p2p/quic_p2p_session_test.cc
index c9f248e259f..edeedae9f6e 100644
--- a/chromium/net/quic/p2p/quic_p2p_session_test.cc
+++ b/chromium/net/quic/p2p/quic_p2p_session_test.cc
@@ -12,12 +12,13 @@
 #include "base/memory/weak_ptr.h"
 #include "base/run_loop.h"
 #include "base/single_thread_task_runner.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/io_buffer.h"
 #include "net/base/net_errors.h"
 #include "net/quic/crypto/quic_random.h"
 #include "net/quic/p2p/quic_p2p_crypto_config.h"
 #include "net/quic/p2p/quic_p2p_stream.h"
+#include "net/quic/quic_chromium_alarm_factory.h"
 #include "net/quic/quic_chromium_connection_helper.h"
 #include "net/quic/quic_chromium_packet_writer.h"
 #include "net/quic/test_tools/quic_session_peer.h"
@@ -196,9 +197,9 @@ class QuicP2PSessionTest : public ::testing::Test {
 
  protected:
   QuicP2PSessionTest()
-      : quic_helper_(base::ThreadTaskRunnerHandle::Get().get(),
-                     &quic_clock_,
-                     QuicRandom::GetInstance()) {
+      : quic_helper_(&quic_clock_, QuicRandom::GetInstance()),
+        alarm_factory_(base::ThreadTaskRunnerHandle::Get().get(),
+                       &quic_clock_) {
     // Simulate out-of-bound config handshake.
     CryptoHandshakeMessage hello_message;
     config_.ToHandshakeMessage(&hello_message);
@@ -208,8 +209,8 @@ class QuicP2PSessionTest : public ::testing::Test {
   }
 
   void CreateSessions() {
-    scoped_ptr<FakeP2PDatagramSocket> socket1(new FakeP2PDatagramSocket());
-    scoped_ptr<FakeP2PDatagramSocket> socket2(new FakeP2PDatagramSocket());
+    std::unique_ptr<FakeP2PDatagramSocket> socket1(new FakeP2PDatagramSocket());
+    std::unique_ptr<FakeP2PDatagramSocket> socket2(new FakeP2PDatagramSocket());
     socket1->ConnectWith(socket2.get());
 
     socket1_ = socket1->GetWeakPtr();
@@ -223,17 +224,19 @@ class QuicP2PSessionTest : public ::testing::Test {
                                  Perspective::IS_CLIENT);
   }
 
-  scoped_ptr<QuicP2PSession> CreateP2PSession(scoped_ptr<Socket> socket,
-                                              QuicP2PCryptoConfig crypto_config,
-                                              Perspective perspective) {
+  std::unique_ptr<QuicP2PSession> CreateP2PSession(
+      std::unique_ptr<Socket> socket,
+      QuicP2PCryptoConfig crypto_config,
+      Perspective perspective) {
     QuicChromiumPacketWriter* writer =
         new QuicChromiumPacketWriter(socket.get());
-    scoped_ptr<QuicConnection> quic_connection1(new QuicConnection(
-        0, IPEndPoint(IPAddress::IPv4AllZeros(), 0), &quic_helper_, writer,
-        true /* owns_writer */, perspective, QuicSupportedVersions()));
+    std::unique_ptr<QuicConnection> quic_connection1(new QuicConnection(
+        0, IPEndPoint(IPAddress::IPv4AllZeros(), 0), &quic_helper_,
+        &alarm_factory_, writer, true /* owns_writer */, perspective,
+        QuicSupportedVersions()));
     writer->SetConnection(quic_connection1.get());
 
-    scoped_ptr<QuicP2PSession> result(
+    std::unique_ptr<QuicP2PSession> result(
         new QuicP2PSession(config_, crypto_config, std::move(quic_connection1),
                            std::move(socket)));
     result->Initialize();
@@ -246,13 +249,14 @@ class QuicP2PSessionTest : public ::testing::Test {
 
   QuicClock quic_clock_;
   QuicChromiumConnectionHelper quic_helper_;
+  QuicChromiumAlarmFactory alarm_factory_;
   QuicConfig config_;
 
   base::WeakPtr<FakeP2PDatagramSocket> socket1_;
-  scoped_ptr<QuicP2PSession> session1_;
+  std::unique_ptr<QuicP2PSession> session1_;
 
   base::WeakPtr<FakeP2PDatagramSocket> socket2_;
-  scoped_ptr<QuicP2PSession> session2_;
+  std::unique_ptr<QuicP2PSession> session2_;
 };
 
 void QuicP2PSessionTest::OnWriteResult(int result) {
diff --git a/chromium/net/quic/quic_alarm.h b/chromium/net/quic/quic_alarm.h
index 53a823fd425..ed492cfeb00 100644
--- a/chromium/net/quic/quic_alarm.h
+++ b/chromium/net/quic/quic_alarm.h
@@ -5,8 +5,9 @@
 #ifndef NET_QUIC_QUIC_ALARM_H_
 #define NET_QUIC_QUIC_ALARM_H_
 
+#include <memory>
+
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 #include "net/quic/quic_arena_scoped_ptr.h"
 #include "net/quic/quic_time.h"
diff --git a/chromium/net/quic/quic_alarm_factory.h b/chromium/net/quic/quic_alarm_factory.h
new file mode 100644
index 00000000000..237f2a27eb2
--- /dev/null
+++ b/chromium/net/quic/quic_alarm_factory.h
@@ -0,0 +1,40 @@
+// Copyright (c) 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_QUIC_QUIC_ALARM_FACTORY_H_
+#define NET_QUIC_QUIC_ALARM_FACTORY_H_
+
+#include "net/base/net_export.h"
+#include "net/quic/quic_alarm.h"
+#include "net/quic/quic_one_block_arena.h"
+
+namespace net {
+
+// QuicConnections currently use around 1KB of polymorphic types which would
+// ordinarily be on the heap. Instead, store them inline in an arena.
+using QuicConnectionArena = QuicOneBlockArena<1024>;
+
+// Creates platform-specific alarms used throughout QUIC.
+class NET_EXPORT_PRIVATE QuicAlarmFactory {
+ public:
+  virtual ~QuicAlarmFactory() {}
+
+  // Creates a new platform-specific alarm which will be configured to notify
+  // |delegate| when the alarm fires. Returns an alarm allocated on the heap.
+  // Caller takes ownership of the new alarm, which will not yet be "set" to
+  // fire.
+  virtual QuicAlarm* CreateAlarm(QuicAlarm::Delegate* delegate) = 0;
+
+  // Creates a new platform-specific alarm which will be configured to notify
+  // |delegate| when the alarm fires. Caller takes ownership of the new alarm,
+  // which will not yet be "set" to fire. If |arena| is null, then the alarm
+  // will be created on the heap. Otherwise, it will be created in |arena|.
+  virtual QuicArenaScopedPtr<QuicAlarm> CreateAlarm(
+      QuicArenaScopedPtr<QuicAlarm::Delegate> delegate,
+      QuicConnectionArena* arena) = 0;
+};
+
+}  // namespace net
+
+#endif  // NET_QUIC_QUIC_ALARM_FACTORY_H_
diff --git a/chromium/net/quic/quic_chromium_alarm_factory.cc b/chromium/net/quic/quic_chromium_alarm_factory.cc
new file mode 100644
index 00000000000..8973b97e35c
--- /dev/null
+++ b/chromium/net/quic/quic_chromium_alarm_factory.cc
@@ -0,0 +1,117 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/quic/quic_chromium_alarm_factory.h"
+
+#include "base/bind.h"
+#include "base/location.h"
+#include "base/logging.h"
+#include "base/metrics/sparse_histogram.h"
+#include "base/task_runner.h"
+#include "base/time/time.h"
+
+namespace net {
+
+namespace {
+
+class QuicChromeAlarm : public QuicAlarm {
+ public:
+  QuicChromeAlarm(const QuicClock* clock,
+                  base::TaskRunner* task_runner,
+                  QuicArenaScopedPtr<QuicAlarm::Delegate> delegate)
+      : QuicAlarm(std::move(delegate)),
+        clock_(clock),
+        task_runner_(task_runner),
+        task_deadline_(QuicTime::Zero()),
+        weak_factory_(this) {}
+
+ protected:
+  void SetImpl() override {
+    DCHECK(deadline().IsInitialized());
+    if (task_deadline_.IsInitialized()) {
+      if (task_deadline_ <= deadline()) {
+        // Since tasks can not be un-posted, OnAlarm will be invoked which
+        // will notice that deadline has not yet been reached, and will set
+        // the alarm for the new deadline.
+        return;
+      }
+      // The scheduled task is after new deadline.  Invalidate the weak ptrs
+      // so that task does not execute when we're not expecting it.
+      weak_factory_.InvalidateWeakPtrs();
+    }
+
+    int64_t delay_us = deadline().Subtract(clock_->Now()).ToMicroseconds();
+    if (delay_us < 0) {
+      delay_us = 0;
+    }
+    task_runner_->PostDelayedTask(
+        FROM_HERE,
+        base::Bind(&QuicChromeAlarm::OnAlarm, weak_factory_.GetWeakPtr()),
+        base::TimeDelta::FromMicroseconds(delay_us));
+    task_deadline_ = deadline();
+  }
+
+  void CancelImpl() override {
+    DCHECK(!deadline().IsInitialized());
+    // Since tasks can not be un-posted, OnAlarm will be invoked which
+    // will notice that deadline is not Initialized and will do nothing.
+  }
+
+ private:
+  void OnAlarm() {
+    DCHECK(task_deadline_.IsInitialized());
+    task_deadline_ = QuicTime::Zero();
+    // The alarm may have been cancelled.
+    if (!deadline().IsInitialized()) {
+      return;
+    }
+
+    // The alarm may have been re-set to a later time.
+    if (clock_->Now() < deadline()) {
+      SetImpl();
+      return;
+    }
+
+    Fire();
+  }
+
+  const QuicClock* clock_;
+  base::TaskRunner* task_runner_;
+  // If a task has been posted to the message loop, this is the time it
+  // was scheduled to fire.  Tracking this allows us to avoid posting a
+  // new tast if the new deadline is in the future, but permits us to
+  // post a new task when the new deadline now earlier than when
+  // previously posted.
+  QuicTime task_deadline_;
+  base::WeakPtrFactory<QuicChromeAlarm> weak_factory_;
+};
+
+}  // namespace
+
+QuicChromiumAlarmFactory::QuicChromiumAlarmFactory(
+    base::TaskRunner* task_runner,
+    const QuicClock* clock)
+    : task_runner_(task_runner), clock_(clock), weak_factory_(this) {}
+
+QuicChromiumAlarmFactory::~QuicChromiumAlarmFactory() {}
+
+QuicArenaScopedPtr<QuicAlarm> QuicChromiumAlarmFactory::CreateAlarm(
+    QuicArenaScopedPtr<QuicAlarm::Delegate> delegate,
+    QuicConnectionArena* arena) {
+  if (arena != nullptr) {
+    return arena->New<QuicChromeAlarm>(clock_, task_runner_,
+                                       std::move(delegate));
+  } else {
+    return QuicArenaScopedPtr<QuicAlarm>(
+        new QuicChromeAlarm(clock_, task_runner_, std::move(delegate)));
+  }
+}
+
+QuicAlarm* QuicChromiumAlarmFactory::CreateAlarm(
+    QuicAlarm::Delegate* delegate) {
+  return new QuicChromeAlarm(clock_, task_runner_,
+                             QuicArenaScopedPtr<QuicAlarm::Delegate>(delegate));
+}
+
+}  // namespace net
diff --git a/chromium/net/quic/quic_chromium_alarm_factory.h b/chromium/net/quic/quic_chromium_alarm_factory.h
new file mode 100644
index 00000000000..16345b7251b
--- /dev/null
+++ b/chromium/net/quic/quic_chromium_alarm_factory.h
@@ -0,0 +1,48 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+//
+// The Chrome-specific helper for QuicConnection which uses
+// a TaskRunner for alarms, and uses a DatagramClientSocket for writing data.
+
+#ifndef NET_QUIC_QUIC_CHROMIUM_ALARM_FACTORY_H_
+#define NET_QUIC_QUIC_CHROMIUM_ALARM_FACTORY_H_
+
+#include <set>
+
+#include "base/macros.h"
+#include "base/memory/weak_ptr.h"
+#include "net/quic/quic_alarm_factory.h"
+#include "net/quic/quic_clock.h"
+#include "net/quic/quic_protocol.h"
+#include "net/quic/quic_time.h"
+
+namespace base {
+class TaskRunner;
+}  // namespace base
+
+namespace net {
+
+class NET_EXPORT_PRIVATE QuicChromiumAlarmFactory : public QuicAlarmFactory {
+ public:
+  QuicChromiumAlarmFactory(base::TaskRunner* task_runner,
+                           const QuicClock* clock);
+  ~QuicChromiumAlarmFactory() override;
+
+  // QuicAlarmFactory
+  QuicAlarm* CreateAlarm(QuicAlarm::Delegate* delegate) override;
+  QuicArenaScopedPtr<QuicAlarm> CreateAlarm(
+      QuicArenaScopedPtr<QuicAlarm::Delegate> delegate,
+      QuicConnectionArena* arena) override;
+
+ private:
+  base::TaskRunner* task_runner_;
+  const QuicClock* clock_;
+  base::WeakPtrFactory<QuicChromiumAlarmFactory> weak_factory_;
+
+  DISALLOW_COPY_AND_ASSIGN(QuicChromiumAlarmFactory);
+};
+
+}  // namespace net
+
+#endif  // NET_QUIC_QUIC_CHROMIUM_ALARM_FACTORY_H_
diff --git a/chromium/net/quic/quic_chromium_alarm_factory_test.cc b/chromium/net/quic/quic_chromium_alarm_factory_test.cc
new file mode 100644
index 00000000000..d47c98eb34e
--- /dev/null
+++ b/chromium/net/quic/quic_chromium_alarm_factory_test.cc
@@ -0,0 +1,175 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/quic/quic_chromium_alarm_factory.h"
+
+#include "net/quic/test_tools/mock_clock.h"
+#include "net/quic/test_tools/test_task_runner.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace net {
+namespace test {
+namespace {
+
+class TestDelegate : public QuicAlarm::Delegate {
+ public:
+  TestDelegate() : fired_(false) {}
+
+  void OnAlarm() override { fired_ = true; }
+
+  bool fired() const { return fired_; }
+  void Clear() { fired_ = false; }
+
+ private:
+  bool fired_;
+};
+
+class QuicChromiumAlarmFactoryTest : public ::testing::Test {
+ protected:
+  QuicChromiumAlarmFactoryTest()
+      : runner_(new TestTaskRunner(&clock_)),
+        alarm_factory_(runner_.get(), &clock_) {}
+
+  scoped_refptr<TestTaskRunner> runner_;
+  QuicChromiumAlarmFactory alarm_factory_;
+  MockClock clock_;
+};
+
+TEST_F(QuicChromiumAlarmFactoryTest, CreateAlarm) {
+  TestDelegate* delegate = new TestDelegate();
+  std::unique_ptr<QuicAlarm> alarm(alarm_factory_.CreateAlarm(delegate));
+
+  QuicTime::Delta delta = QuicTime::Delta::FromMicroseconds(1);
+  alarm->Set(clock_.Now().Add(delta));
+
+  // Verify that the alarm task has been posted.
+  ASSERT_EQ(1u, runner_->GetPostedTasks().size());
+  EXPECT_EQ(base::TimeDelta::FromMicroseconds(delta.ToMicroseconds()),
+            runner_->GetPostedTasks()[0].delay);
+
+  runner_->RunNextTask();
+  EXPECT_EQ(QuicTime::Zero().Add(delta), clock_.Now());
+  EXPECT_TRUE(delegate->fired());
+}
+
+TEST_F(QuicChromiumAlarmFactoryTest, CreateAlarmAndCancel) {
+  TestDelegate* delegate = new TestDelegate();
+  std::unique_ptr<QuicAlarm> alarm(alarm_factory_.CreateAlarm(delegate));
+
+  QuicTime::Delta delta = QuicTime::Delta::FromMicroseconds(1);
+  alarm->Set(clock_.Now().Add(delta));
+  alarm->Cancel();
+
+  // The alarm task should still be posted.
+  ASSERT_EQ(1u, runner_->GetPostedTasks().size());
+  EXPECT_EQ(base::TimeDelta::FromMicroseconds(delta.ToMicroseconds()),
+            runner_->GetPostedTasks()[0].delay);
+
+  runner_->RunNextTask();
+  EXPECT_EQ(QuicTime::Zero().Add(delta), clock_.Now());
+  EXPECT_FALSE(delegate->fired());
+}
+
+TEST_F(QuicChromiumAlarmFactoryTest, CreateAlarmAndReset) {
+  TestDelegate* delegate = new TestDelegate();
+  std::unique_ptr<QuicAlarm> alarm(alarm_factory_.CreateAlarm(delegate));
+
+  QuicTime::Delta delta = QuicTime::Delta::FromMicroseconds(1);
+  alarm->Set(clock_.Now().Add(delta));
+  alarm->Cancel();
+  QuicTime::Delta new_delta = QuicTime::Delta::FromMicroseconds(3);
+  alarm->Set(clock_.Now().Add(new_delta));
+
+  // The alarm task should still be posted.
+  ASSERT_EQ(1u, runner_->GetPostedTasks().size());
+  EXPECT_EQ(base::TimeDelta::FromMicroseconds(delta.ToMicroseconds()),
+            runner_->GetPostedTasks()[0].delay);
+
+  runner_->RunNextTask();
+  EXPECT_EQ(QuicTime::Zero().Add(delta), clock_.Now());
+  EXPECT_FALSE(delegate->fired());
+
+  // The alarm task should be posted again.
+  ASSERT_EQ(1u, runner_->GetPostedTasks().size());
+
+  runner_->RunNextTask();
+  EXPECT_EQ(QuicTime::Zero().Add(new_delta), clock_.Now());
+  EXPECT_TRUE(delegate->fired());
+}
+
+TEST_F(QuicChromiumAlarmFactoryTest, CreateAlarmAndResetEarlier) {
+  TestDelegate* delegate = new TestDelegate();
+  std::unique_ptr<QuicAlarm> alarm(alarm_factory_.CreateAlarm(delegate));
+
+  QuicTime::Delta delta = QuicTime::Delta::FromMicroseconds(3);
+  alarm->Set(clock_.Now().Add(delta));
+  alarm->Cancel();
+  QuicTime::Delta new_delta = QuicTime::Delta::FromMicroseconds(1);
+  alarm->Set(clock_.Now().Add(new_delta));
+
+  // Both alarm tasks will be posted.
+  ASSERT_EQ(2u, runner_->GetPostedTasks().size());
+
+  // The earlier task will execute and will fire the alarm->
+  runner_->RunNextTask();
+  EXPECT_EQ(QuicTime::Zero().Add(new_delta), clock_.Now());
+  EXPECT_TRUE(delegate->fired());
+  delegate->Clear();
+
+  // The latter task is still posted.
+  ASSERT_EQ(1u, runner_->GetPostedTasks().size());
+
+  // When the latter task is executed, the weak ptr will be invalid and
+  // the alarm will not fire.
+  runner_->RunNextTask();
+  EXPECT_EQ(QuicTime::Zero().Add(delta), clock_.Now());
+  EXPECT_FALSE(delegate->fired());
+}
+
+TEST_F(QuicChromiumAlarmFactoryTest, CreateAlarmAndUpdate) {
+  TestDelegate* delegate = new TestDelegate();
+  std::unique_ptr<QuicAlarm> alarm(alarm_factory_.CreateAlarm(delegate));
+
+  QuicTime start = clock_.Now();
+  QuicTime::Delta delta = QuicTime::Delta::FromMicroseconds(1);
+  alarm->Set(clock_.Now().Add(delta));
+  QuicTime::Delta new_delta = QuicTime::Delta::FromMicroseconds(3);
+  alarm->Update(clock_.Now().Add(new_delta),
+                QuicTime::Delta::FromMicroseconds(1));
+
+  // The alarm task should still be posted.
+  ASSERT_EQ(1u, runner_->GetPostedTasks().size());
+  EXPECT_EQ(base::TimeDelta::FromMicroseconds(delta.ToMicroseconds()),
+            runner_->GetPostedTasks()[0].delay);
+
+  runner_->RunNextTask();
+  EXPECT_EQ(QuicTime::Zero().Add(delta), clock_.Now());
+  EXPECT_FALSE(delegate->fired());
+
+  // Move the alarm forward 1us and ensure it doesn't move forward.
+  alarm->Update(clock_.Now().Add(new_delta),
+                QuicTime::Delta::FromMicroseconds(2));
+
+  ASSERT_EQ(1u, runner_->GetPostedTasks().size());
+  EXPECT_EQ(base::TimeDelta::FromMicroseconds(
+                new_delta.Subtract(delta).ToMicroseconds()),
+            runner_->GetPostedTasks()[0].delay);
+  runner_->RunNextTask();
+  EXPECT_EQ(start.Add(new_delta), clock_.Now());
+  EXPECT_TRUE(delegate->fired());
+
+  // Set the alarm via an update call.
+  new_delta = QuicTime::Delta::FromMicroseconds(5);
+  alarm->Update(clock_.Now().Add(new_delta),
+                QuicTime::Delta::FromMicroseconds(1));
+  EXPECT_TRUE(alarm->IsSet());
+
+  // Update it with an uninitialized time and ensure it's cancelled.
+  alarm->Update(QuicTime::Zero(), QuicTime::Delta::FromMicroseconds(1));
+  EXPECT_FALSE(alarm->IsSet());
+}
+
+}  // namespace
+}  // namespace test
+}  // namespace net
diff --git a/chromium/net/quic/quic_chromium_client_session.cc b/chromium/net/quic/quic_chromium_client_session.cc
index afb07468ecf..25f7224f2ca 100644
--- a/chromium/net/quic/quic_chromium_client_session.cc
+++ b/chromium/net/quic/quic_chromium_client_session.cc
@@ -8,12 +8,13 @@
 
 #include "base/callback_helpers.h"
 #include "base/location.h"
+#include "base/memory/ptr_util.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/metrics/sparse_histogram.h"
 #include "base/single_thread_task_runner.h"
 #include "base/stl_util.h"
 #include "base/strings/string_number_conversions.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/values.h"
 #include "net/base/io_buffer.h"
 #include "net/base/net_errors.h"
@@ -54,7 +55,7 @@ const size_t kMaxReadersPerQuicSession = 5;
 // Size of the MRU cache of Token Binding signatures. Since the material being
 // signed is constant and there aren't many keys being used to sign, a fairly
 // small number was chosen, somewhat arbitrarily, and to match
-// SSLClientSocketOpenssl.
+// SSLClientSocketImpl.
 const size_t kTokenBindingSignatureMapSize = 10;
 
 // Histograms for tracking down the crashes from http://crbug.com/354669
@@ -115,12 +116,12 @@ void RecordHandshakeState(HandshakeState state) {
                             NUM_HANDSHAKE_STATES);
 }
 
-scoped_ptr<base::Value> NetLogQuicClientSessionCallback(
+std::unique_ptr<base::Value> NetLogQuicClientSessionCallback(
     const QuicServerId* server_id,
     int cert_verify_flags,
     bool require_confirmation,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetString("host", server_id->host());
   dict->SetInteger("port", server_id->port());
   dict->SetBoolean("privacy_mode",
@@ -130,26 +131,13 @@ scoped_ptr<base::Value> NetLogQuicClientSessionCallback(
   return std::move(dict);
 }
 
-scoped_ptr<base::ListValue> SpdyHeaderBlockToListValue(
-    const SpdyHeaderBlock& headers,
-    NetLogCaptureMode capture_mode) {
-  scoped_ptr<base::ListValue> headers_list(new base::ListValue());
-  for (const auto& it : headers) {
-    headers_list->AppendString(
-        it.first.as_string() + ": " +
-        ElideHeaderValueForNetLog(capture_mode, it.first.as_string(),
-                                  it.second.as_string()));
-  }
-  return headers_list;
-}
-
-scoped_ptr<base::Value> NetLogQuicPushPromiseReceivedCallback(
+std::unique_ptr<base::Value> NetLogQuicPushPromiseReceivedCallback(
     const SpdyHeaderBlock* headers,
     SpdyStreamId stream_id,
     SpdyStreamId promised_stream_id,
     NetLogCaptureMode capture_mode) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
-  dict->Set("headers", SpdyHeaderBlockToListValue(*headers, capture_mode));
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  dict->Set("headers", ElideSpdyHeaderBlockForNetLog(*headers, capture_mode));
   dict->SetInteger("id", stream_id);
   dict->SetInteger("promised_stream_id", promised_stream_id);
   return std::move(dict);
@@ -199,12 +187,12 @@ void QuicChromiumClientSession::StreamRequest::OnRequestCompleteFailure(
 
 QuicChromiumClientSession::QuicChromiumClientSession(
     QuicConnection* connection,
-    scoped_ptr<DatagramClientSocket> socket,
+    std::unique_ptr<DatagramClientSocket> socket,
     QuicStreamFactory* stream_factory,
     QuicCryptoClientStreamFactory* crypto_client_stream_factory,
     QuicClock* clock,
     TransportSecurityState* transport_security_state,
-    scoped_ptr<QuicServerInfo> server_info,
+    std::unique_ptr<QuicServerInfo> server_info,
     const QuicServerId& server_id,
     int yield_after_packets,
     QuicTime::Delta yield_after_duration,
@@ -215,7 +203,7 @@ QuicChromiumClientSession::QuicChromiumClientSession(
     base::TimeTicks dns_resolution_end_time,
     QuicClientPushPromiseIndex* push_promise_index,
     base::TaskRunner* task_runner,
-    scoped_ptr<SocketPerformanceWatcher> socket_performance_watcher,
+    std::unique_ptr<SocketPerformanceWatcher> socket_performance_watcher,
     NetLog* net_log)
     : QuicClientSessionBase(connection, push_promise_index, config),
       server_id_(server_id),
@@ -239,12 +227,12 @@ QuicChromiumClientSession::QuicChromiumClientSession(
       streams_pushed_and_claimed_count_(0),
       weak_factory_(this) {
   sockets_.push_back(std::move(socket));
-  packet_readers_.push_back(make_scoped_ptr(new QuicChromiumPacketReader(
+  packet_readers_.push_back(base::WrapUnique(new QuicChromiumPacketReader(
       sockets_.back().get(), clock, this, yield_after_packets,
       yield_after_duration, net_log_)));
   crypto_stream_.reset(
       crypto_client_stream_factory->CreateQuicCryptoClientStream(
-          server_id, this, make_scoped_ptr(new ProofVerifyContextChromium(
+          server_id, this, base::WrapUnique(new ProofVerifyContextChromium(
                                cert_verify_flags, net_log_)),
           crypto_config));
   connection->set_debug_visitor(logger_.get());
@@ -321,10 +309,7 @@ QuicChromiumClientSession::~QuicChromiumClientSession() {
   SSLInfo ssl_info;
   // QUIC supports only secure urls.
   if (GetSSLInfo(&ssl_info) && ssl_info.cert.get()) {
-    if (port_selected) {
-      UMA_HISTOGRAM_CUSTOM_COUNTS("Net.QuicSession.ConnectSelectPortForHTTPS",
-                                  round_trip_handshakes, 0, 3, 4);
-    } else {
+    if (!port_selected) {
       UMA_HISTOGRAM_CUSTOM_COUNTS("Net.QuicSession.ConnectRandomPortForHTTPS",
                                   round_trip_handshakes, 0, 3, 4);
       if (require_confirmation_) {
@@ -695,7 +680,7 @@ QuicChromiumClientSession::CreateIncomingReliableStreamImpl(QuicStreamId id) {
 }
 
 void QuicChromiumClientSession::CloseStream(QuicStreamId stream_id) {
-  ReliableQuicStream* stream = GetStream(stream_id);
+  ReliableQuicStream* stream = GetOrCreateStream(stream_id);
   if (stream) {
     logger_->UpdateReceivedFrameCounts(stream_id, stream->num_frames_received(),
                                        stream->num_duplicate_frames_received());
@@ -720,7 +705,7 @@ void QuicChromiumClientSession::OnClosedStream() {
     request->OnRequestCompleteSuccess(CreateOutgoingReliableStreamImpl());
   }
 
-  if (GetNumOpenOutgoingStreams() == 0) {
+  if (GetNumOpenOutgoingStreams() == 0 && stream_factory_) {
     stream_factory_->OnIdleSession(this);
   }
 }
@@ -817,6 +802,12 @@ void QuicChromiumClientSession::OnConnectionClosed(
       UMA_HISTOGRAM_SPARSE_SLOWLY(
           "Net.QuicSession.ConnectionCloseErrorCodeServer.HandshakeConfirmed",
           error);
+      base::HistogramBase* histogram = base::SparseHistogram::FactoryGet(
+          "Net.QuicSession.StreamCloseErrorCodeServer.HandshakeConfirmed",
+          base::HistogramBase::kUmaTargetedHistogramFlag);
+      size_t num_streams = GetNumActiveStreams();
+      if (num_streams > 0)
+        histogram->AddCount(error, num_streams);
     }
     UMA_HISTOGRAM_SPARSE_SLOWLY(
         "Net.QuicSession.ConnectionCloseErrorCodeServer", error);
@@ -825,6 +816,12 @@ void QuicChromiumClientSession::OnConnectionClosed(
       UMA_HISTOGRAM_SPARSE_SLOWLY(
           "Net.QuicSession.ConnectionCloseErrorCodeClient.HandshakeConfirmed",
           error);
+      base::HistogramBase* histogram = base::SparseHistogram::FactoryGet(
+          "Net.QuicSession.StreamCloseErrorCodeClient.HandshakeConfirmed",
+          base::HistogramBase::kUmaTargetedHistogramFlag);
+      size_t num_streams = GetNumActiveStreams();
+      if (num_streams > 0)
+        histogram->AddCount(error, num_streams);
     }
     UMA_HISTOGRAM_SPARSE_SLOWLY(
         "Net.QuicSession.ConnectionCloseErrorCodeClient", error);
@@ -912,7 +909,14 @@ void QuicChromiumClientSession::OnSuccessfulVersionNegotiation(
 }
 
 void QuicChromiumClientSession::OnPathDegrading() {
-  stream_factory_->MaybeMigrateSessionEarly(this);
+  if (stream_factory_) {
+    stream_factory_->MaybeMigrateSessionEarly(this);
+  }
+}
+
+bool QuicChromiumClientSession::HasOpenDynamicStreams() const {
+  return QuicSession::HasOpenDynamicStreams() ||
+         GetNumDrainingOutgoingStreams() > 0;
 }
 
 void QuicChromiumClientSession::OnProofValid(
@@ -942,7 +946,7 @@ void QuicChromiumClientSession::OnProofVerifyDetailsAvailable(
   cert_verify_result_.reset(new CertVerifyResult);
   cert_verify_result_->CopyFrom(verify_details_chromium->cert_verify_result);
   pinning_failure_log_ = verify_details_chromium->pinning_failure_log;
-  scoped_ptr<ct::CTVerifyResult> ct_verify_result_copy(
+  std::unique_ptr<ct::CTVerifyResult> ct_verify_result_copy(
       new ct::CTVerifyResult(verify_details_chromium->ct_verify_result));
   ct_verify_result_ = std::move(ct_verify_result_copy);
   logger_->OnCertificateVerified(*cert_verify_result_);
@@ -1008,12 +1012,12 @@ void QuicChromiumClientSession::CloseAllObservers(int net_error) {
   }
 }
 
-scoped_ptr<base::Value> QuicChromiumClientSession::GetInfoAsValue(
+std::unique_ptr<base::Value> QuicChromiumClientSession::GetInfoAsValue(
     const std::set<HostPortPair>& aliases) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetString("version", QuicVersionToString(connection()->version()));
   dict->SetInteger("open_streams", GetNumOpenOutgoingStreams());
-  scoped_ptr<base::ListValue> stream_list(new base::ListValue());
+  std::unique_ptr<base::ListValue> stream_list(new base::ListValue());
   for (StreamMap::const_iterator it = dynamic_streams().begin();
        it != dynamic_streams().end(); ++it) {
     stream_list->Append(
@@ -1032,7 +1036,7 @@ scoped_ptr<base::Value> QuicChromiumClientSession::GetInfoAsValue(
   SSLInfo ssl_info;
   dict->SetBoolean("secure", GetSSLInfo(&ssl_info) && ssl_info.cert.get());
 
-  scoped_ptr<base::ListValue> alias_list(new base::ListValue());
+  std::unique_ptr<base::ListValue> alias_list(new base::ListValue());
   for (std::set<HostPortPair>::const_iterator it = aliases.begin();
        it != aliases.end(); it++) {
     alias_list->Append(new base::StringValue(it->ToString()));
@@ -1125,9 +1129,9 @@ void QuicChromiumClientSession::OnConnectTimeout() {
 }
 
 bool QuicChromiumClientSession::MigrateToSocket(
-    scoped_ptr<DatagramClientSocket> socket,
-    scoped_ptr<QuicChromiumPacketReader> reader,
-    scoped_ptr<QuicPacketWriter> writer) {
+    std::unique_ptr<DatagramClientSocket> socket,
+    std::unique_ptr<QuicChromiumPacketReader> reader,
+    std::unique_ptr<QuicPacketWriter> writer) {
   DCHECK_EQ(sockets_.size(), packet_readers_.size());
   if (sockets_.size() >= kMaxReadersPerQuicSession) {
     return false;
diff --git a/chromium/net/quic/quic_chromium_client_session.h b/chromium/net/quic/quic_chromium_client_session.h
index a9e636b6f50..9c032ca0eea 100644
--- a/chromium/net/quic/quic_chromium_client_session.h
+++ b/chromium/net/quic/quic_chromium_client_session.h
@@ -12,15 +12,14 @@
 
 #include <stddef.h>
 
+#include <memory>
 #include <string>
 
 #include "base/containers/mru_cache.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/time/time.h"
 #include "net/base/completion_callback.h"
 #include "net/base/net_error_details.h"
-#include "net/base/socket_performance_watcher.h"
 #include "net/cert/ct_verify_result.h"
 #include "net/proxy/proxy_server.h"
 #include "net/quic/quic_chromium_client_stream.h"
@@ -30,6 +29,7 @@
 #include "net/quic/quic_crypto_client_stream.h"
 #include "net/quic/quic_protocol.h"
 #include "net/quic/quic_time.h"
+#include "net/socket/socket_performance_watcher.h"
 
 namespace net {
 
@@ -116,12 +116,12 @@ class NET_EXPORT_PRIVATE QuicChromiumClientSession
   // TODO(rch): decouple the factory from the session via a Delegate interface.
   QuicChromiumClientSession(
       QuicConnection* connection,
-      scoped_ptr<DatagramClientSocket> socket,
+      std::unique_ptr<DatagramClientSocket> socket,
       QuicStreamFactory* stream_factory,
       QuicCryptoClientStreamFactory* crypto_client_stream_factory,
       QuicClock* clock,
       TransportSecurityState* transport_security_state,
-      scoped_ptr<QuicServerInfo> server_info,
+      std::unique_ptr<QuicServerInfo> server_info,
       const QuicServerId& server_id,
       int yield_after_packets,
       QuicTime::Delta yield_after_duration,
@@ -132,7 +132,7 @@ class NET_EXPORT_PRIVATE QuicChromiumClientSession
       base::TimeTicks dns_resolution_end_time,
       QuicClientPushPromiseIndex* push_promise_index,
       base::TaskRunner* task_runner,
-      scoped_ptr<SocketPerformanceWatcher> socket_performance_watcher,
+      std::unique_ptr<SocketPerformanceWatcher> socket_performance_watcher,
       NetLog* net_log);
   ~QuicChromiumClientSession() override;
 
@@ -183,6 +183,7 @@ class NET_EXPORT_PRIVATE QuicChromiumClientSession
                           ConnectionCloseSource source) override;
   void OnSuccessfulVersionNegotiation(const QuicVersion& version) override;
   void OnPathDegrading() override;
+  bool HasOpenDynamicStreams() const override;
 
   // QuicChromiumPacketReader::Visitor methods:
   void OnReadError(int result, const DatagramClientSocket* socket) override;
@@ -218,7 +219,8 @@ class NET_EXPORT_PRIVATE QuicChromiumClientSession
   void CloseSessionOnErrorAndNotifyFactoryLater(int error,
                                                 QuicErrorCode quic_error);
 
-  scoped_ptr<base::Value> GetInfoAsValue(const std::set<HostPortPair>& aliases);
+  std::unique_ptr<base::Value> GetInfoAsValue(
+      const std::set<HostPortPair>& aliases);
 
   const BoundNetLog& net_log() const { return net_log_; }
 
@@ -244,9 +246,9 @@ class NET_EXPORT_PRIVATE QuicChromiumClientSession
   // session and the session was successfully migrated to using the new socket.
   // Returns false if number of migrations exceeds kMaxReadersPerQuicSession.
   // Takes ownership of |socket|, |reader|, and |writer|.
-  bool MigrateToSocket(scoped_ptr<DatagramClientSocket> socket,
-                       scoped_ptr<QuicChromiumPacketReader> reader,
-                       scoped_ptr<QuicPacketWriter> writer);
+  bool MigrateToSocket(std::unique_ptr<DatagramClientSocket> socket,
+                       std::unique_ptr<QuicChromiumPacketReader> reader,
+                       std::unique_ptr<QuicPacketWriter> writer);
 
   // Populates network error details for this session.
   void PopulateNetErrorDetails(NetErrorDetails* details);
@@ -319,13 +321,13 @@ class NET_EXPORT_PRIVATE QuicChromiumClientSession
 
   QuicServerId server_id_;
   bool require_confirmation_;
-  scoped_ptr<QuicCryptoClientStream> crypto_stream_;
+  std::unique_ptr<QuicCryptoClientStream> crypto_stream_;
   QuicStreamFactory* stream_factory_;
-  std::vector<scoped_ptr<DatagramClientSocket>> sockets_;
+  std::vector<std::unique_ptr<DatagramClientSocket>> sockets_;
   TransportSecurityState* transport_security_state_;
-  scoped_ptr<QuicServerInfo> server_info_;
-  scoped_ptr<CertVerifyResult> cert_verify_result_;
-  scoped_ptr<ct::CTVerifyResult> ct_verify_result_;
+  std::unique_ptr<QuicServerInfo> server_info_;
+  std::unique_ptr<CertVerifyResult> cert_verify_result_;
+  std::unique_ptr<ct::CTVerifyResult> ct_verify_result_;
   std::string pinning_failure_log_;
   ObserverSet observers_;
   StreamRequestQueue stream_requests_;
@@ -333,10 +335,10 @@ class NET_EXPORT_PRIVATE QuicChromiumClientSession
   size_t num_total_streams_;
   base::TaskRunner* task_runner_;
   BoundNetLog net_log_;
-  std::vector<scoped_ptr<QuicChromiumPacketReader>> packet_readers_;
+  std::vector<std::unique_ptr<QuicChromiumPacketReader>> packet_readers_;
   base::TimeTicks dns_resolution_end_time_;
   base::TimeTicks handshake_start_;  // Time the handshake was started.
-  scoped_ptr<QuicConnectionLogger> logger_;
+  std::unique_ptr<QuicConnectionLogger> logger_;
   // True when the session is going away, and streams may no longer be created
   // on this session. Existing stream will continue to be processed.
   bool going_away_;
diff --git a/chromium/net/quic/quic_chromium_client_session_test.cc b/chromium/net/quic/quic_chromium_client_session_test.cc
index 40f40e27ccd..1e10bd2a460 100644
--- a/chromium/net/quic/quic_chromium_client_session_test.cc
+++ b/chromium/net/quic/quic_chromium_client_session_test.cc
@@ -8,9 +8,9 @@
 
 #include "base/base64.h"
 #include "base/files/file_path.h"
+#include "base/memory/ptr_util.h"
 #include "base/rand_util.h"
-#include "base/thread_task_runner_handle.h"
-#include "net/base/socket_performance_watcher.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/test_completion_callback.h"
 #include "net/base/test_data_directory.h"
 #include "net/cert/cert_verify_result.h"
@@ -22,6 +22,7 @@
 #include "net/quic/crypto/quic_decrypter.h"
 #include "net/quic/crypto/quic_encrypter.h"
 #include "net/quic/crypto/quic_server_info.h"
+#include "net/quic/quic_chromium_alarm_factory.h"
 #include "net/quic/quic_chromium_connection_helper.h"
 #include "net/quic/quic_chromium_packet_reader.h"
 #include "net/quic/quic_chromium_packet_writer.h"
@@ -37,6 +38,7 @@
 #include "net/quic/test_tools/quic_test_packet_maker.h"
 #include "net/quic/test_tools/quic_test_utils.h"
 #include "net/quic/test_tools/simple_quic_framer.h"
+#include "net/socket/socket_performance_watcher.h"
 #include "net/socket/socket_test_util.h"
 #include "net/spdy/spdy_test_utils.h"
 #include "net/test/cert_test_util.h"
@@ -62,15 +64,25 @@ class QuicChromiumClientSessionTest
         socket_data_(
             new SequencedSocketData(default_read_.get(), 1, nullptr, 0)),
         random_(0),
-        helper_(base::ThreadTaskRunnerHandle::Get().get(), &clock_, &random_),
-        maker_(GetParam(), 0, &clock_, kServerHostname) {
+        helper_(&clock_, &random_),
+        alarm_factory_(base::ThreadTaskRunnerHandle::Get().get(), &clock_),
+        client_maker_(GetParam(),
+                      0,
+                      &clock_,
+                      kServerHostname,
+                      Perspective::IS_CLIENT),
+        server_maker_(GetParam(),
+                      0,
+                      &clock_,
+                      kServerHostname,
+                      Perspective::IS_SERVER) {
     // Advance the time, because timers do not like uninitialized times.
     clock_.AdvanceTime(QuicTime::Delta::FromSeconds(1));
   }
 
   void Initialize() {
     socket_factory_.AddSocketDataProvider(socket_data_.get());
-    scoped_ptr<DatagramClientSocket> socket =
+    std::unique_ptr<DatagramClientSocket> socket =
         socket_factory_.CreateDatagramClientSocket(DatagramSocket::DEFAULT_BIND,
                                                    base::Bind(&base::RandInt),
                                                    &net_log_, NetLog::Source());
@@ -78,13 +90,13 @@ class QuicChromiumClientSessionTest
     QuicChromiumPacketWriter* writer =
         new net::QuicChromiumPacketWriter(socket.get());
     QuicConnection* connection = new QuicConnection(
-        0, kIpEndPoint, &helper_, writer, true, Perspective::IS_CLIENT,
-        SupportedVersions(GetParam()));
+        0, kIpEndPoint, &helper_, &alarm_factory_, writer, true,
+        Perspective::IS_CLIENT, SupportedVersions(GetParam()));
     writer->SetConnection(connection);
     session_.reset(new QuicChromiumClientSession(
         connection, std::move(socket),
         /*stream_factory=*/nullptr, &crypto_client_stream_factory_, &clock_,
-        &transport_security_state_, make_scoped_ptr((QuicServerInfo*)nullptr),
+        &transport_security_state_, base::WrapUnique((QuicServerInfo*)nullptr),
         QuicServerId(kServerHostname, kServerPort, PRIVACY_MODE_DISABLED),
         kQuicYieldAfterPacketsRead,
         QuicTime::Delta::FromMilliseconds(kQuicYieldAfterDurationMilliseconds),
@@ -111,7 +123,7 @@ class QuicChromiumClientSessionTest
 
   QuicPacketWriter* CreateQuicPacketWriter(DatagramClientSocket* socket,
                                            QuicConnection* connection) const {
-    scoped_ptr<QuicChromiumPacketWriter> writer(
+    std::unique_ptr<QuicChromiumPacketWriter> writer(
         new QuicChromiumPacketWriter(socket));
     writer->SetConnection(connection);
     return writer.release();
@@ -121,17 +133,19 @@ class QuicChromiumClientSessionTest
   TestNetLog net_log_;
   BoundTestNetLog bound_net_log_;
   MockClientSocketFactory socket_factory_;
-  scoped_ptr<MockRead> default_read_;
-  scoped_ptr<SequencedSocketData> socket_data_;
+  std::unique_ptr<MockRead> default_read_;
+  std::unique_ptr<SequencedSocketData> socket_data_;
   MockClock clock_;
   MockRandom random_;
   QuicChromiumConnectionHelper helper_;
+  QuicChromiumAlarmFactory alarm_factory_;
   TransportSecurityState transport_security_state_;
   MockCryptoClientStreamFactory crypto_client_stream_factory_;
-  scoped_ptr<QuicChromiumClientSession> session_;
+  std::unique_ptr<QuicChromiumClientSession> session_;
   QuicConnectionVisitorInterface* visitor_;
   TestCompletionCallback callback_;
-  QuicTestPacketMaker maker_;
+  QuicTestPacketMaker client_maker_;
+  QuicTestPacketMaker server_maker_;
   ProofVerifyDetailsChromium verify_details_;
   QuicClientPushPromiseIndex push_promise_index_;
 };
@@ -147,7 +161,7 @@ TEST_P(QuicChromiumClientSessionTest, CryptoConnect) {
 
 TEST_P(QuicChromiumClientSessionTest, MaxNumStreams) {
   MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)};
-  scoped_ptr<QuicEncryptedPacket> client_rst(maker_.MakeRstPacket(
+  std::unique_ptr<QuicEncryptedPacket> client_rst(client_maker_.MakeRstPacket(
       1, true, kClientDataStreamId1, QUIC_RST_ACKNOWLEDGEMENT));
   MockWrite writes[] = {
       MockWrite(ASYNC, client_rst->data(), client_rst->length(), 1)};
@@ -182,7 +196,7 @@ TEST_P(QuicChromiumClientSessionTest, MaxNumStreams) {
 
 TEST_P(QuicChromiumClientSessionTest, MaxNumStreamsViaRequest) {
   MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)};
-  scoped_ptr<QuicEncryptedPacket> client_rst(maker_.MakeRstPacket(
+  std::unique_ptr<QuicEncryptedPacket> client_rst(client_maker_.MakeRstPacket(
       1, true, kClientDataStreamId1, QUIC_RST_ACKNOWLEDGEMENT));
   MockWrite writes[] = {
       MockWrite(ASYNC, client_rst->data(), client_rst->length(), 1)};
@@ -330,32 +344,39 @@ TEST_P(QuicChromiumClientSessionTest, MigrateToSocket) {
   CompleteCryptoHandshake();
 
   char data[] = "ABCD";
-  scoped_ptr<QuicEncryptedPacket> ping(
-      maker_.MakePingPacket(1, /*include_version=*/false));
-  scoped_ptr<QuicEncryptedPacket> ack_and_data_out(maker_.MakeAckAndDataPacket(
-      2, false, 5, 1, 1, false, 0, StringPiece(data)));
-  MockRead reads[] = {MockRead(SYNCHRONOUS, ping->data(), ping->length(), 0),
-                      MockRead(SYNCHRONOUS, ERR_IO_PENDING, 1)};
-  MockWrite writes[] = {MockWrite(SYNCHRONOUS, ping->data(), ping->length(), 2),
-                        MockWrite(SYNCHRONOUS, ack_and_data_out->data(),
-                                  ack_and_data_out->length(), 3)};
+  std::unique_ptr<QuicEncryptedPacket> client_ping(
+      client_maker_.MakePingPacket(1, /*include_version=*/false));
+  std::unique_ptr<QuicEncryptedPacket> server_ping(
+      server_maker_.MakePingPacket(1, /*include_version=*/false));
+  std::unique_ptr<QuicEncryptedPacket> ack_and_data_out(
+      client_maker_.MakeAckAndDataPacket(2, false, 5, 1, 1, false, 0,
+                                         StringPiece(data)));
+  MockRead reads[] = {
+      MockRead(SYNCHRONOUS, server_ping->data(), server_ping->length(), 0),
+      MockRead(SYNCHRONOUS, ERR_IO_PENDING, 1)};
+  MockWrite writes[] = {
+      MockWrite(SYNCHRONOUS, client_ping->data(), client_ping->length(), 2),
+      MockWrite(SYNCHRONOUS, ack_and_data_out->data(),
+                ack_and_data_out->length(), 3)};
   StaticSocketDataProvider socket_data(reads, arraysize(reads), writes,
                                        arraysize(writes));
   socket_factory_.AddSocketDataProvider(&socket_data);
 
   // Create connected socket.
-  scoped_ptr<DatagramClientSocket> new_socket =
+  std::unique_ptr<DatagramClientSocket> new_socket =
       socket_factory_.CreateDatagramClientSocket(DatagramSocket::DEFAULT_BIND,
                                                  base::Bind(&base::RandInt),
                                                  &net_log_, NetLog::Source());
   EXPECT_EQ(OK, new_socket->Connect(kIpEndPoint));
 
   // Create reader and writer.
-  scoped_ptr<QuicChromiumPacketReader> new_reader(new QuicChromiumPacketReader(
-      new_socket.get(), &clock_, session_.get(), kQuicYieldAfterPacketsRead,
-      QuicTime::Delta::FromMilliseconds(kQuicYieldAfterDurationMilliseconds),
-      bound_net_log_.bound()));
-  scoped_ptr<QuicPacketWriter> new_writer(
+  std::unique_ptr<QuicChromiumPacketReader> new_reader(
+      new QuicChromiumPacketReader(new_socket.get(), &clock_, session_.get(),
+                                   kQuicYieldAfterPacketsRead,
+                                   QuicTime::Delta::FromMilliseconds(
+                                       kQuicYieldAfterDurationMilliseconds),
+                                   bound_net_log_.bound()));
+  std::unique_ptr<QuicPacketWriter> new_writer(
       CreateQuicPacketWriter(new_socket.get(), session_->connection()));
 
   // Migrate session.
@@ -363,11 +384,13 @@ TEST_P(QuicChromiumClientSessionTest, MigrateToSocket) {
       std::move(new_socket), std::move(new_reader), std::move(new_writer)));
 
   // Write data to session.
+  QuicChromiumClientStream* stream =
+      session_->CreateOutgoingDynamicStream(kDefaultPriority);
   struct iovec iov[1];
   iov[0].iov_base = data;
   iov[0].iov_len = 4;
-  session_->WritevData(5, QuicIOVector(iov, arraysize(iov), 4), 0, false,
-                       nullptr);
+  session_->WritevData(stream, stream->id(),
+                       QuicIOVector(iov, arraysize(iov), 4), 0, false, nullptr);
 
   EXPECT_TRUE(socket_data.AllReadDataConsumed());
   EXPECT_TRUE(socket_data.AllWriteDataConsumed());
@@ -379,8 +402,8 @@ TEST_P(QuicChromiumClientSessionTest, MigrateToSocketMaxReaders) {
 
   for (size_t i = 0; i < kMaxReadersPerQuicSession; ++i) {
     MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 1)};
-    scoped_ptr<QuicEncryptedPacket> ping_out(
-        maker_.MakePingPacket(i + 1, /*include_version=*/true));
+    std::unique_ptr<QuicEncryptedPacket> ping_out(
+        client_maker_.MakePingPacket(i + 1, /*include_version=*/true));
     MockWrite writes[] = {
         MockWrite(SYNCHRONOUS, ping_out->data(), ping_out->length(), i + 2)};
     StaticSocketDataProvider socket_data(reads, arraysize(reads), writes,
@@ -388,20 +411,20 @@ TEST_P(QuicChromiumClientSessionTest, MigrateToSocketMaxReaders) {
     socket_factory_.AddSocketDataProvider(&socket_data);
 
     // Create connected socket.
-    scoped_ptr<DatagramClientSocket> new_socket =
+    std::unique_ptr<DatagramClientSocket> new_socket =
         socket_factory_.CreateDatagramClientSocket(DatagramSocket::DEFAULT_BIND,
                                                    base::Bind(&base::RandInt),
                                                    &net_log_, NetLog::Source());
     EXPECT_EQ(OK, new_socket->Connect(kIpEndPoint));
 
     // Create reader and writer.
-    scoped_ptr<QuicChromiumPacketReader> new_reader(
+    std::unique_ptr<QuicChromiumPacketReader> new_reader(
         new QuicChromiumPacketReader(new_socket.get(), &clock_, session_.get(),
                                      kQuicYieldAfterPacketsRead,
                                      QuicTime::Delta::FromMilliseconds(
                                          kQuicYieldAfterDurationMilliseconds),
                                      bound_net_log_.bound()));
-    scoped_ptr<QuicPacketWriter> new_writer(
+    std::unique_ptr<QuicPacketWriter> new_writer(
         CreateQuicPacketWriter(new_socket.get(), session_->connection()));
 
     // Migrate session.
@@ -422,10 +445,12 @@ TEST_P(QuicChromiumClientSessionTest, MigrateToSocketMaxReaders) {
 }
 
 TEST_P(QuicChromiumClientSessionTest, MigrateToSocketReadError) {
-  scoped_ptr<QuicEncryptedPacket> ping(
-      maker_.MakePingPacket(1, /*include_version=*/true));
+  std::unique_ptr<QuicEncryptedPacket> client_ping(
+      client_maker_.MakePingPacket(1, /*include_version=*/false));
+  std::unique_ptr<QuicEncryptedPacket> server_ping(
+      server_maker_.MakePingPacket(1, /*include_version=*/false));
   MockRead old_reads[] = {
-      MockRead(SYNCHRONOUS, ping->data(), ping->length(), 0),
+      MockRead(SYNCHRONOUS, client_ping->data(), client_ping->length(), 0),
       MockRead(ASYNC, ERR_IO_PENDING, 1),  // causes reading to pause.
       MockRead(ASYNC, ERR_NETWORK_CHANGED, 2)};
   socket_data_.reset(
@@ -434,11 +459,11 @@ TEST_P(QuicChromiumClientSessionTest, MigrateToSocketReadError) {
   CompleteCryptoHandshake();
 
   MockWrite writes[] = {
-      MockWrite(SYNCHRONOUS, ping->data(), ping->length(), 1)};
+      MockWrite(SYNCHRONOUS, client_ping->data(), client_ping->length(), 1)};
   MockRead new_reads[] = {
-      MockRead(SYNCHRONOUS, ping->data(), ping->length(), 0),
+      MockRead(SYNCHRONOUS, server_ping->data(), server_ping->length(), 0),
       MockRead(ASYNC, ERR_IO_PENDING, 2),  // pause reading.
-      MockRead(ASYNC, ping->data(), ping->length(), 3),
+      MockRead(ASYNC, server_ping->data(), server_ping->length(), 3),
       MockRead(ASYNC, ERR_IO_PENDING, 4),  // pause reading
       MockRead(ASYNC, ERR_NETWORK_CHANGED, 5)};
   SequencedSocketData new_socket_data(new_reads, arraysize(new_reads), writes,
@@ -446,18 +471,20 @@ TEST_P(QuicChromiumClientSessionTest, MigrateToSocketReadError) {
   socket_factory_.AddSocketDataProvider(&new_socket_data);
 
   // Create connected socket.
-  scoped_ptr<DatagramClientSocket> new_socket =
+  std::unique_ptr<DatagramClientSocket> new_socket =
       socket_factory_.CreateDatagramClientSocket(DatagramSocket::DEFAULT_BIND,
                                                  base::Bind(&base::RandInt),
                                                  &net_log_, NetLog::Source());
   EXPECT_EQ(OK, new_socket->Connect(kIpEndPoint));
 
   // Create reader and writer.
-  scoped_ptr<QuicChromiumPacketReader> new_reader(new QuicChromiumPacketReader(
-      new_socket.get(), &clock_, session_.get(), kQuicYieldAfterPacketsRead,
-      QuicTime::Delta::FromMilliseconds(kQuicYieldAfterDurationMilliseconds),
-      bound_net_log_.bound()));
-  scoped_ptr<QuicPacketWriter> new_writer(
+  std::unique_ptr<QuicChromiumPacketReader> new_reader(
+      new QuicChromiumPacketReader(new_socket.get(), &clock_, session_.get(),
+                                   kQuicYieldAfterPacketsRead,
+                                   QuicTime::Delta::FromMilliseconds(
+                                       kQuicYieldAfterDurationMilliseconds),
+                                   bound_net_log_.bound()));
+  std::unique_ptr<QuicPacketWriter> new_writer(
       CreateQuicPacketWriter(new_socket.get(), session_->connection()));
 
   // Store old socket and migrate session.
@@ -487,8 +514,8 @@ TEST_P(QuicChromiumClientSessionTest, MigrateToSocketWriteError) {
   Initialize();
   CompleteCryptoHandshake();
 
-  scoped_ptr<QuicEncryptedPacket> ping(
-      maker_.MakePingPacket(1, /*include_version=*/true));
+  std::unique_ptr<QuicEncryptedPacket> ping(
+      client_maker_.MakePingPacket(1, /*include_version=*/true));
   MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)};
   MockWrite writes[] = {MockWrite(SYNCHRONOUS, ping->data(), ping->length(), 1),
                         MockWrite(SYNCHRONOUS, ERR_FAILED, 2)};
@@ -497,18 +524,20 @@ TEST_P(QuicChromiumClientSessionTest, MigrateToSocketWriteError) {
   socket_factory_.AddSocketDataProvider(&socket_data);
 
   // Create connected socket.
-  scoped_ptr<DatagramClientSocket> new_socket =
+  std::unique_ptr<DatagramClientSocket> new_socket =
       socket_factory_.CreateDatagramClientSocket(DatagramSocket::DEFAULT_BIND,
                                                  base::Bind(&base::RandInt),
                                                  &net_log_, NetLog::Source());
   EXPECT_EQ(OK, new_socket->Connect(kIpEndPoint));
 
   // Create reader and writer.
-  scoped_ptr<QuicChromiumPacketReader> new_reader(new QuicChromiumPacketReader(
-      new_socket.get(), &clock_, session_.get(), kQuicYieldAfterPacketsRead,
-      QuicTime::Delta::FromMilliseconds(kQuicYieldAfterDurationMilliseconds),
-      bound_net_log_.bound()));
-  scoped_ptr<QuicPacketWriter> new_writer(
+  std::unique_ptr<QuicChromiumPacketReader> new_reader(
+      new QuicChromiumPacketReader(new_socket.get(), &clock_, session_.get(),
+                                   kQuicYieldAfterPacketsRead,
+                                   QuicTime::Delta::FromMilliseconds(
+                                       kQuicYieldAfterDurationMilliseconds),
+                                   bound_net_log_.bound()));
+  std::unique_ptr<QuicPacketWriter> new_writer(
       CreateQuicPacketWriter(new_socket.get(), session_->connection()));
 
   // Migrate session.
diff --git a/chromium/net/quic/quic_chromium_client_stream.cc b/chromium/net/quic/quic_chromium_client_stream.cc
index 06ec9426df6..0f21d51127a 100644
--- a/chromium/net/quic/quic_chromium_client_stream.cc
+++ b/chromium/net/quic/quic_chromium_client_stream.cc
@@ -6,7 +6,7 @@
 
 #include "base/callback_helpers.h"
 #include "base/location.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/io_buffer.h"
 #include "net/base/net_errors.h"
 #include "net/quic/quic_chromium_client_session.h"
@@ -139,6 +139,27 @@ int QuicChromiumClientStream::WriteStreamData(
   return ERR_IO_PENDING;
 }
 
+int QuicChromiumClientStream::WritevStreamData(
+    const std::vector<scoped_refptr<IOBuffer>>& buffers,
+    const std::vector<int>& lengths,
+    bool fin,
+    const CompletionCallback& callback) {
+  // Must not be called when data is buffered.
+  DCHECK(!HasBufferedData());
+  // Writes the data, or buffers it.
+  for (size_t i = 0; i < buffers.size(); ++i) {
+    bool is_fin = fin && (i == buffers.size() - 1);
+    base::StringPiece string_data(buffers[i]->data(), lengths[i]);
+    WriteOrBufferData(string_data, is_fin, nullptr);
+  }
+  if (!HasBufferedData()) {
+    return OK;
+  }
+
+  callback_ = callback;
+  return ERR_IO_PENDING;
+}
+
 void QuicChromiumClientStream::SetDelegate(
     QuicChromiumClientStream::Delegate* delegate) {
   DCHECK(!(delegate_ && delegate));
diff --git a/chromium/net/quic/quic_chromium_client_stream.h b/chromium/net/quic/quic_chromium_client_stream.h
index 41738956b91..1a66865182f 100644
--- a/chromium/net/quic/quic_chromium_client_stream.h
+++ b/chromium/net/quic/quic_chromium_client_stream.h
@@ -8,6 +8,7 @@
 #define NET_QUIC_QUIC_RELIABLE_CLIENT_STREAM_H_
 
 #include <stddef.h>
+#include <vector>
 
 #include "base/callback_forward.h"
 #include "base/macros.h"
@@ -79,6 +80,12 @@ class NET_EXPORT_PRIVATE QuicChromiumClientStream : public QuicSpdyStream {
   int WriteStreamData(base::StringPiece data,
                       bool fin,
                       const CompletionCallback& callback);
+  // Same as WriteStreamData except it writes data from a vector of IOBuffers,
+  // with the length of each buffer at the corresponding index in |lengths|.
+  int WritevStreamData(const std::vector<scoped_refptr<IOBuffer>>& buffers,
+                       const std::vector<int>& lengths,
+                       bool fin,
+                       const CompletionCallback& callback);
   // Set new |delegate|. |delegate| must not be NULL.
   // If this stream has already received data, OnDataReceived() will be
   // called on the delegate.
diff --git a/chromium/net/quic/quic_chromium_client_stream_test.cc b/chromium/net/quic/quic_chromium_client_stream_test.cc
index 94d20a9a0bf..83a3b02e8b1 100644
--- a/chromium/net/quic/quic_chromium_client_stream_test.cc
+++ b/chromium/net/quic/quic_chromium_client_stream_test.cc
@@ -7,6 +7,7 @@
 #include "base/macros.h"
 #include "base/run_loop.h"
 #include "base/strings/string_number_conversions.h"
+#include "net/base/io_buffer.h"
 #include "net/base/net_errors.h"
 #include "net/base/test_completion_callback.h"
 #include "net/quic/quic_chromium_client_session.h"
@@ -65,8 +66,9 @@ class MockQuicClientSessionBase : public QuicClientSessionBase {
   MOCK_METHOD1(CreateIncomingDynamicStream, QuicSpdyStream*(QuicStreamId id));
   MOCK_METHOD1(CreateOutgoingDynamicStream,
                QuicChromiumClientStream*(SpdyPriority priority));
-  MOCK_METHOD5(WritevData,
-               QuicConsumedData(QuicStreamId id,
+  MOCK_METHOD6(WritevData,
+               QuicConsumedData(ReliableQuicStream* stream,
+                                QuicStreamId id,
                                 QuicIOVector data,
                                 QuicStreamOffset offset,
                                 bool fin,
@@ -119,7 +121,7 @@ class MockQuicClientSessionBase : public QuicClientSessionBase {
   MOCK_METHOD0(ShouldCreateOutgoingDynamicStream, bool());
 
  private:
-  scoped_ptr<QuicCryptoStream> crypto_stream_;
+  std::unique_ptr<QuicCryptoStream> crypto_stream_;
 
   DISALLOW_COPY_AND_ASSIGN(MockQuicClientSessionBase);
 };
@@ -132,7 +134,7 @@ MockQuicClientSessionBase::MockQuicClientSessionBase(
                             DefaultQuicConfig()) {
   crypto_stream_.reset(new QuicCryptoStream(this));
   Initialize();
-  ON_CALL(*this, WritevData(_, _, _, _, _))
+  ON_CALL(*this, WritevData(_, _, _, _, _, _))
       .WillByDefault(testing::Return(QuicConsumedData(0, false)));
 }
 
@@ -143,9 +145,10 @@ class QuicChromiumClientStreamTest
  public:
   QuicChromiumClientStreamTest()
       : crypto_config_(CryptoTestUtils::ProofVerifierForTesting()),
-        session_(new MockConnection(&helper_,
-                                    Perspective::IS_CLIENT,
-                                    SupportedVersions(GetParam())),
+        session_(new MockQuicConnection(&helper_,
+                                        &alarm_factory_,
+                                        Perspective::IS_CLIENT,
+                                        SupportedVersions(GetParam())),
                  &push_promise_index_) {
     stream_ =
         new QuicChromiumClientStream(kTestStreamId, &session_, BoundNetLog());
@@ -193,7 +196,8 @@ class QuicChromiumClientStreamTest
 
   QuicCryptoClientConfig crypto_config_;
   testing::StrictMock<MockDelegate> delegate_;
-  MockConnectionHelper helper_;
+  MockQuicConnectionHelper helper_;
+  MockAlarmFactory alarm_factory_;
   MockQuicClientSessionBase session_;
   QuicChromiumClientStream* stream_;
   SpdyHeaderBlock headers_;
@@ -431,7 +435,7 @@ TEST_P(QuicChromiumClientStreamTest, WriteStreamData) {
   const size_t kDataLen = arraysize(kData1);
 
   // All data written.
-  EXPECT_CALL(session_, WritevData(stream_->id(), _, _, _, _))
+  EXPECT_CALL(session_, WritevData(stream_, stream_->id(), _, _, _, _))
       .WillOnce(Return(QuicConsumedData(kDataLen, true)));
   TestCompletionCallback callback;
   EXPECT_EQ(OK, stream_->WriteStreamData(base::StringPiece(kData1, kDataLen),
@@ -446,7 +450,7 @@ TEST_P(QuicChromiumClientStreamTest, WriteStreamDataAsync) {
   const size_t kDataLen = arraysize(kData1);
 
   // No data written.
-  EXPECT_CALL(session_, WritevData(stream_->id(), _, _, _, _))
+  EXPECT_CALL(session_, WritevData(stream_, stream_->id(), _, _, _, _))
       .WillOnce(Return(QuicConsumedData(0, false)));
   TestCompletionCallback callback;
   EXPECT_EQ(ERR_IO_PENDING,
@@ -455,13 +459,59 @@ TEST_P(QuicChromiumClientStreamTest, WriteStreamDataAsync) {
   ASSERT_FALSE(callback.have_result());
 
   // All data written.
-  EXPECT_CALL(session_, WritevData(stream_->id(), _, _, _, _))
+  EXPECT_CALL(session_, WritevData(stream_, stream_->id(), _, _, _, _))
       .WillOnce(Return(QuicConsumedData(kDataLen, true)));
   stream_->OnCanWrite();
   ASSERT_TRUE(callback.have_result());
   EXPECT_EQ(OK, callback.WaitForResult());
 }
 
+TEST_P(QuicChromiumClientStreamTest, WritevStreamData) {
+  EXPECT_CALL(delegate_, OnClose(QUIC_NO_ERROR));
+
+  scoped_refptr<StringIOBuffer> buf1(new StringIOBuffer("hello world!"));
+  scoped_refptr<StringIOBuffer> buf2(
+      new StringIOBuffer("Just a small payload"));
+
+  // All data written.
+  EXPECT_CALL(session_, WritevData(stream_, stream_->id(), _, _, _, _))
+      .WillOnce(Return(QuicConsumedData(buf1->size(), false)))
+      .WillOnce(Return(QuicConsumedData(buf2->size(), true)));
+  TestCompletionCallback callback;
+  EXPECT_EQ(
+      OK, stream_->WritevStreamData({buf1, buf2}, {buf1->size(), buf2->size()},
+                                    true, callback.callback()));
+}
+
+TEST_P(QuicChromiumClientStreamTest, WritevStreamDataAsync) {
+  EXPECT_CALL(delegate_, HasSendHeadersComplete()).Times(AnyNumber());
+  EXPECT_CALL(delegate_, OnClose(QUIC_NO_ERROR));
+
+  scoped_refptr<StringIOBuffer> buf1(new StringIOBuffer("hello world!"));
+  scoped_refptr<StringIOBuffer> buf2(
+      new StringIOBuffer("Just a small payload"));
+
+  // Only a part of the data is written.
+  EXPECT_CALL(session_, WritevData(stream_, stream_->id(), _, _, _, _))
+      // First piece of data is written.
+      .WillOnce(Return(QuicConsumedData(buf1->size(), false)))
+      // Second piece of data is queued.
+      .WillOnce(Return(QuicConsumedData(0, false)));
+  TestCompletionCallback callback;
+  EXPECT_EQ(ERR_IO_PENDING,
+            stream_->WritevStreamData({buf1.get(), buf2.get()},
+                                      {buf1->size(), buf2->size()}, true,
+                                      callback.callback()));
+  ASSERT_FALSE(callback.have_result());
+
+  // The second piece of data is written.
+  EXPECT_CALL(session_, WritevData(stream_, stream_->id(), _, _, _, _))
+      .WillOnce(Return(QuicConsumedData(buf2->size(), true)));
+  stream_->OnCanWrite();
+  ASSERT_TRUE(callback.have_result());
+  EXPECT_EQ(OK, callback.WaitForResult());
+}
+
 TEST_P(QuicChromiumClientStreamTest, HeadersBeforeDelegate) {
   // We don't use stream_ because we want an incoming server push
   // stream.
diff --git a/chromium/net/quic/quic_chromium_connection_helper.cc b/chromium/net/quic/quic_chromium_connection_helper.cc
index d88648f1d03..9bdb4072559 100644
--- a/chromium/net/quic/quic_chromium_connection_helper.cc
+++ b/chromium/net/quic/quic_chromium_connection_helper.cc
@@ -4,101 +4,12 @@
 
 #include "net/quic/quic_chromium_connection_helper.h"
 
-#include "base/location.h"
-#include "base/logging.h"
-#include "base/metrics/sparse_histogram.h"
-#include "base/task_runner.h"
-#include "base/time/time.h"
-#include "net/base/io_buffer.h"
-#include "net/base/net_errors.h"
-#include "net/quic/quic_utils.h"
-
 namespace net {
 
-namespace {
-
-class QuicChromeAlarm : public QuicAlarm {
- public:
-  QuicChromeAlarm(const QuicClock* clock,
-                  base::TaskRunner* task_runner,
-                  QuicArenaScopedPtr<QuicAlarm::Delegate> delegate)
-      : QuicAlarm(std::move(delegate)),
-        clock_(clock),
-        task_runner_(task_runner),
-        task_deadline_(QuicTime::Zero()),
-        weak_factory_(this) {}
-
- protected:
-  void SetImpl() override {
-    DCHECK(deadline().IsInitialized());
-    if (task_deadline_.IsInitialized()) {
-      if (task_deadline_ <= deadline()) {
-        // Since tasks can not be un-posted, OnAlarm will be invoked which
-        // will notice that deadline has not yet been reached, and will set
-        // the alarm for the new deadline.
-        return;
-      }
-      // The scheduled task is after new deadline.  Invalidate the weak ptrs
-      // so that task does not execute when we're not expecting it.
-      weak_factory_.InvalidateWeakPtrs();
-    }
-
-    int64_t delay_us = deadline().Subtract(clock_->Now()).ToMicroseconds();
-    if (delay_us < 0) {
-      delay_us = 0;
-    }
-    task_runner_->PostDelayedTask(
-        FROM_HERE,
-        base::Bind(&QuicChromeAlarm::OnAlarm, weak_factory_.GetWeakPtr()),
-        base::TimeDelta::FromMicroseconds(delay_us));
-    task_deadline_ = deadline();
-  }
-
-  void CancelImpl() override {
-    DCHECK(!deadline().IsInitialized());
-    // Since tasks can not be un-posted, OnAlarm will be invoked which
-    // will notice that deadline is not Initialized and will do nothing.
-  }
-
- private:
-  void OnAlarm() {
-    DCHECK(task_deadline_.IsInitialized());
-    task_deadline_ = QuicTime::Zero();
-    // The alarm may have been cancelled.
-    if (!deadline().IsInitialized()) {
-      return;
-    }
-
-    // The alarm may have been re-set to a later time.
-    if (clock_->Now() < deadline()) {
-      SetImpl();
-      return;
-    }
-
-    Fire();
-  }
-
-  const QuicClock* clock_;
-  base::TaskRunner* task_runner_;
-  // If a task has been posted to the message loop, this is the time it
-  // was scheduled to fire.  Tracking this allows us to avoid posting a
-  // new tast if the new deadline is in the future, but permits us to
-  // post a new task when the new deadline now earlier than when
-  // previously posted.
-  QuicTime task_deadline_;
-  base::WeakPtrFactory<QuicChromeAlarm> weak_factory_;
-};
-
-}  // namespace
-
 QuicChromiumConnectionHelper::QuicChromiumConnectionHelper(
-    base::TaskRunner* task_runner,
     const QuicClock* clock,
     QuicRandom* random_generator)
-    : task_runner_(task_runner),
-      clock_(clock),
-      random_generator_(random_generator),
-      weak_factory_(this) {}
+    : clock_(clock), random_generator_(random_generator) {}
 
 QuicChromiumConnectionHelper::~QuicChromiumConnectionHelper() {}
 
@@ -110,24 +21,6 @@ QuicRandom* QuicChromiumConnectionHelper::GetRandomGenerator() {
   return random_generator_;
 }
 
-QuicArenaScopedPtr<QuicAlarm> QuicChromiumConnectionHelper::CreateAlarm(
-    QuicArenaScopedPtr<QuicAlarm::Delegate> delegate,
-    QuicConnectionArena* arena) {
-  if (arena != nullptr) {
-    return arena->New<QuicChromeAlarm>(clock_, task_runner_,
-                                       std::move(delegate));
-  } else {
-    return QuicArenaScopedPtr<QuicAlarm>(
-        new QuicChromeAlarm(clock_, task_runner_, std::move(delegate)));
-  }
-}
-
-QuicAlarm* QuicChromiumConnectionHelper::CreateAlarm(
-    QuicAlarm::Delegate* delegate) {
-  return new QuicChromeAlarm(clock_, task_runner_,
-                             QuicArenaScopedPtr<QuicAlarm::Delegate>(delegate));
-}
-
 QuicBufferAllocator* QuicChromiumConnectionHelper::GetBufferAllocator() {
   return &buffer_allocator_;
 }
diff --git a/chromium/net/quic/quic_chromium_connection_helper.h b/chromium/net/quic/quic_chromium_connection_helper.h
index 281a3f365f7..34fbe47b224 100644
--- a/chromium/net/quic/quic_chromium_connection_helper.h
+++ b/chromium/net/quic/quic_chromium_connection_helper.h
@@ -8,10 +8,7 @@
 #ifndef NET_QUIC_QUIC_CONNECTION_HELPER_H_
 #define NET_QUIC_QUIC_CONNECTION_HELPER_H_
 
-#include <set>
-
 #include "base/macros.h"
-#include "base/memory/weak_ptr.h"
 #include "net/base/ip_endpoint.h"
 #include "net/quic/quic_connection.h"
 #include "net/quic/quic_protocol.h"
@@ -31,26 +28,19 @@ class QuicRandom;
 class NET_EXPORT_PRIVATE QuicChromiumConnectionHelper
     : public QuicConnectionHelperInterface {
  public:
-  QuicChromiumConnectionHelper(base::TaskRunner* task_runner,
-                               const QuicClock* clock,
+  QuicChromiumConnectionHelper(const QuicClock* clock,
                                QuicRandom* random_generator);
   ~QuicChromiumConnectionHelper() override;
 
   // QuicConnectionHelperInterface
   const QuicClock* GetClock() const override;
   QuicRandom* GetRandomGenerator() override;
-  QuicAlarm* CreateAlarm(QuicAlarm::Delegate* delegate) override;
-  QuicArenaScopedPtr<QuicAlarm> CreateAlarm(
-      QuicArenaScopedPtr<QuicAlarm::Delegate> delegate,
-      QuicConnectionArena* arena) override;
   QuicBufferAllocator* GetBufferAllocator() override;
 
  private:
-  base::TaskRunner* task_runner_;
   const QuicClock* clock_;
   QuicRandom* random_generator_;
   SimpleBufferAllocator buffer_allocator_;
-  base::WeakPtrFactory<QuicChromiumConnectionHelper> weak_factory_;
 
   DISALLOW_COPY_AND_ASSIGN(QuicChromiumConnectionHelper);
 };
diff --git a/chromium/net/quic/quic_chromium_connection_helper_test.cc b/chromium/net/quic/quic_chromium_connection_helper_test.cc
index 9fab8fb50d1..356ac6c7880 100644
--- a/chromium/net/quic/quic_chromium_connection_helper_test.cc
+++ b/chromium/net/quic/quic_chromium_connection_helper_test.cc
@@ -6,33 +6,16 @@
 
 #include "net/quic/test_tools/mock_clock.h"
 #include "net/quic/test_tools/mock_random.h"
-#include "net/quic/test_tools/test_task_runner.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 namespace net {
 namespace test {
 namespace {
 
-class TestDelegate : public QuicAlarm::Delegate {
- public:
-  TestDelegate() : fired_(false) {}
-
-  void OnAlarm() override { fired_ = true; }
-
-  bool fired() const { return fired_; }
-  void Clear() { fired_ = false; }
-
- private:
-  bool fired_;
-};
-
 class QuicChromiumConnectionHelperTest : public ::testing::Test {
  protected:
-  QuicChromiumConnectionHelperTest()
-      : runner_(new TestTaskRunner(&clock_)),
-        helper_(runner_.get(), &clock_, &random_generator_) {}
+  QuicChromiumConnectionHelperTest() : helper_(&clock_, &random_generator_) {}
 
-  scoped_refptr<TestTaskRunner> runner_;
   QuicChromiumConnectionHelper helper_;
   MockClock clock_;
   MockRandom random_generator_;
@@ -46,141 +29,6 @@ TEST_F(QuicChromiumConnectionHelperTest, GetRandomGenerator) {
   EXPECT_EQ(&random_generator_, helper_.GetRandomGenerator());
 }
 
-TEST_F(QuicChromiumConnectionHelperTest, CreateAlarm) {
-  TestDelegate* delegate = new TestDelegate();
-  scoped_ptr<QuicAlarm> alarm(helper_.CreateAlarm(delegate));
-
-  QuicTime::Delta delta = QuicTime::Delta::FromMicroseconds(1);
-  alarm->Set(clock_.Now().Add(delta));
-
-  // Verify that the alarm task has been posted.
-  ASSERT_EQ(1u, runner_->GetPostedTasks().size());
-  EXPECT_EQ(base::TimeDelta::FromMicroseconds(delta.ToMicroseconds()),
-            runner_->GetPostedTasks()[0].delay);
-
-  runner_->RunNextTask();
-  EXPECT_EQ(QuicTime::Zero().Add(delta), clock_.Now());
-  EXPECT_TRUE(delegate->fired());
-}
-
-TEST_F(QuicChromiumConnectionHelperTest, CreateAlarmAndCancel) {
-  TestDelegate* delegate = new TestDelegate();
-  scoped_ptr<QuicAlarm> alarm(helper_.CreateAlarm(delegate));
-
-  QuicTime::Delta delta = QuicTime::Delta::FromMicroseconds(1);
-  alarm->Set(clock_.Now().Add(delta));
-  alarm->Cancel();
-
-  // The alarm task should still be posted.
-  ASSERT_EQ(1u, runner_->GetPostedTasks().size());
-  EXPECT_EQ(base::TimeDelta::FromMicroseconds(delta.ToMicroseconds()),
-            runner_->GetPostedTasks()[0].delay);
-
-  runner_->RunNextTask();
-  EXPECT_EQ(QuicTime::Zero().Add(delta), clock_.Now());
-  EXPECT_FALSE(delegate->fired());
-}
-
-TEST_F(QuicChromiumConnectionHelperTest, CreateAlarmAndReset) {
-  TestDelegate* delegate = new TestDelegate();
-  scoped_ptr<QuicAlarm> alarm(helper_.CreateAlarm(delegate));
-
-  QuicTime::Delta delta = QuicTime::Delta::FromMicroseconds(1);
-  alarm->Set(clock_.Now().Add(delta));
-  alarm->Cancel();
-  QuicTime::Delta new_delta = QuicTime::Delta::FromMicroseconds(3);
-  alarm->Set(clock_.Now().Add(new_delta));
-
-  // The alarm task should still be posted.
-  ASSERT_EQ(1u, runner_->GetPostedTasks().size());
-  EXPECT_EQ(base::TimeDelta::FromMicroseconds(delta.ToMicroseconds()),
-            runner_->GetPostedTasks()[0].delay);
-
-  runner_->RunNextTask();
-  EXPECT_EQ(QuicTime::Zero().Add(delta), clock_.Now());
-  EXPECT_FALSE(delegate->fired());
-
-  // The alarm task should be posted again.
-  ASSERT_EQ(1u, runner_->GetPostedTasks().size());
-
-  runner_->RunNextTask();
-  EXPECT_EQ(QuicTime::Zero().Add(new_delta), clock_.Now());
-  EXPECT_TRUE(delegate->fired());
-}
-
-TEST_F(QuicChromiumConnectionHelperTest, CreateAlarmAndResetEarlier) {
-  TestDelegate* delegate = new TestDelegate();
-  scoped_ptr<QuicAlarm> alarm(helper_.CreateAlarm(delegate));
-
-  QuicTime::Delta delta = QuicTime::Delta::FromMicroseconds(3);
-  alarm->Set(clock_.Now().Add(delta));
-  alarm->Cancel();
-  QuicTime::Delta new_delta = QuicTime::Delta::FromMicroseconds(1);
-  alarm->Set(clock_.Now().Add(new_delta));
-
-  // Both alarm tasks will be posted.
-  ASSERT_EQ(2u, runner_->GetPostedTasks().size());
-
-  // The earlier task will execute and will fire the alarm->
-  runner_->RunNextTask();
-  EXPECT_EQ(QuicTime::Zero().Add(new_delta), clock_.Now());
-  EXPECT_TRUE(delegate->fired());
-  delegate->Clear();
-
-  // The latter task is still posted.
-  ASSERT_EQ(1u, runner_->GetPostedTasks().size());
-
-  // When the latter task is executed, the weak ptr will be invalid and
-  // the alarm will not fire.
-  runner_->RunNextTask();
-  EXPECT_EQ(QuicTime::Zero().Add(delta), clock_.Now());
-  EXPECT_FALSE(delegate->fired());
-}
-
-TEST_F(QuicChromiumConnectionHelperTest, CreateAlarmAndUpdate) {
-  TestDelegate* delegate = new TestDelegate();
-  scoped_ptr<QuicAlarm> alarm(helper_.CreateAlarm(delegate));
-
-  const QuicClock* clock = helper_.GetClock();
-  QuicTime start = clock->Now();
-  QuicTime::Delta delta = QuicTime::Delta::FromMicroseconds(1);
-  alarm->Set(clock->Now().Add(delta));
-  QuicTime::Delta new_delta = QuicTime::Delta::FromMicroseconds(3);
-  alarm->Update(clock->Now().Add(new_delta),
-                QuicTime::Delta::FromMicroseconds(1));
-
-  // The alarm task should still be posted.
-  ASSERT_EQ(1u, runner_->GetPostedTasks().size());
-  EXPECT_EQ(base::TimeDelta::FromMicroseconds(delta.ToMicroseconds()),
-            runner_->GetPostedTasks()[0].delay);
-
-  runner_->RunNextTask();
-  EXPECT_EQ(QuicTime::Zero().Add(delta), clock->Now());
-  EXPECT_FALSE(delegate->fired());
-
-  // Move the alarm forward 1us and ensure it doesn't move forward.
-  alarm->Update(clock->Now().Add(new_delta),
-                QuicTime::Delta::FromMicroseconds(2));
-
-  ASSERT_EQ(1u, runner_->GetPostedTasks().size());
-  EXPECT_EQ(base::TimeDelta::FromMicroseconds(
-                new_delta.Subtract(delta).ToMicroseconds()),
-            runner_->GetPostedTasks()[0].delay);
-  runner_->RunNextTask();
-  EXPECT_EQ(start.Add(new_delta), clock->Now());
-  EXPECT_TRUE(delegate->fired());
-
-  // Set the alarm via an update call.
-  new_delta = QuicTime::Delta::FromMicroseconds(5);
-  alarm->Update(clock->Now().Add(new_delta),
-                QuicTime::Delta::FromMicroseconds(1));
-  EXPECT_TRUE(alarm->IsSet());
-
-  // Update it with an uninitialized time and ensure it's cancelled.
-  alarm->Update(QuicTime::Zero(), QuicTime::Delta::FromMicroseconds(1));
-  EXPECT_FALSE(alarm->IsSet());
-}
-
 }  // namespace
 }  // namespace test
 }  // namespace net
diff --git a/chromium/net/quic/quic_chromium_packet_reader.cc b/chromium/net/quic/quic_chromium_packet_reader.cc
index 4a57ecbcf83..b0aeb373574 100644
--- a/chromium/net/quic/quic_chromium_packet_reader.cc
+++ b/chromium/net/quic/quic_chromium_packet_reader.cc
@@ -7,7 +7,7 @@
 #include "base/location.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/single_thread_task_runner.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/net_errors.h"
 #include "net/quic/quic_clock.h"
 #include "net/quic/quic_time.h"
diff --git a/chromium/net/quic/quic_client_promised_info.cc b/chromium/net/quic/quic_client_promised_info.cc
index f4bef0bc0eb..14cba80ee14 100644
--- a/chromium/net/quic/quic_client_promised_info.cc
+++ b/chromium/net/quic/quic_client_promised_info.cc
@@ -17,7 +17,6 @@ QuicClientPromisedInfo::QuicClientPromisedInfo(QuicClientSessionBase* session,
                                                QuicStreamId id,
                                                string url)
     : session_(session),
-      helper_(session->connection()->helper()),
       id_(id),
       url_(url),
       client_request_delegate_(nullptr) {}
@@ -30,10 +29,11 @@ void QuicClientPromisedInfo::CleanupAlarm::OnAlarm() {
 }
 
 void QuicClientPromisedInfo::Init() {
-  cleanup_alarm_.reset(
-      helper_->CreateAlarm(new QuicClientPromisedInfo::CleanupAlarm(this)));
-  cleanup_alarm_->Set(helper_->GetClock()->ApproximateNow().Add(
-      QuicTime::Delta::FromSeconds(kPushPromiseTimeoutSecs)));
+  cleanup_alarm_.reset(session_->connection()->alarm_factory()->CreateAlarm(
+      new QuicClientPromisedInfo::CleanupAlarm(this)));
+  cleanup_alarm_->Set(
+      session_->connection()->helper()->GetClock()->ApproximateNow().Add(
+          QuicTime::Delta::FromSeconds(kPushPromiseTimeoutSecs)));
 }
 
 void QuicClientPromisedInfo::OnPromiseHeaders(const SpdyHeaderBlock& headers) {
diff --git a/chromium/net/quic/quic_client_promised_info.h b/chromium/net/quic/quic_client_promised_info.h
index f4bb50f28ce..5b14d145491 100644
--- a/chromium/net/quic/quic_client_promised_info.h
+++ b/chromium/net/quic/quic_client_promised_info.h
@@ -54,6 +54,8 @@ class NET_EXPORT_PRIVATE QuicClientPromisedInfo
 
   void Cancel() override;
 
+  void Reset(QuicRstStreamErrorCode error_code);
+
   // Client requests are initially associated to promises by matching
   // URL in the client request against the URL in the promise headers,
   // uing the |promised_by_url| map.  The push can be cross-origin, so
@@ -88,12 +90,9 @@ class NET_EXPORT_PRIVATE QuicClientPromisedInfo
     QuicClientPromisedInfo* promised_;
   };
 
-  void Reset(QuicRstStreamErrorCode error_code);
-
   QuicAsyncStatus FinalValidation();
 
   QuicClientSessionBase* session_;
-  QuicConnectionHelperInterface* helper_;
   QuicStreamId id_;
   std::string url_;
   std::unique_ptr<SpdyHeaderBlock> request_headers_;
diff --git a/chromium/net/quic/quic_client_promised_info_test.cc b/chromium/net/quic/quic_client_promised_info_test.cc
index 1084cae16ba..f80f0ae8ec3 100644
--- a/chromium/net/quic/quic_client_promised_info_test.cc
+++ b/chromium/net/quic/quic_client_promised_info_test.cc
@@ -4,6 +4,8 @@
 
 #include "net/quic/quic_client_promised_info.h"
 
+#include <memory>
+
 #include "base/macros.h"
 #include "base/scoped_ptr.h"
 #include "net/gfe2/balsa_headers.h"
@@ -70,8 +72,9 @@ class QuicClientPromisedInfoTest : public ::testing::Test {
   class StreamVisitor;
 
   QuicClientPromisedInfoTest()
-      : connection_(
-            new StrictMock<MockConnection>(&helper_, Perspective::IS_CLIENT)),
+      : connection_(new StrictMock<MockQuicConnection>(&helper_,
+                                                       &alarm_factory_,
+                                                       Perspective::IS_CLIENT)),
         session_(connection_, &push_promise_index_),
         body_("hello world"),
         promise_id_(gfe_quic::test::kServerDataStreamId1) {
@@ -141,14 +144,15 @@ class QuicClientPromisedInfoTest : public ::testing::Test {
     stream_->OnPromiseHeadersComplete(id, serialized_push_promise_.size());
   }
 
-  MockConnectionHelper helper_;
-  StrictMock<MockConnection>* connection_;
+  MockQuicConnectionHelper helper_;
+  MockAlarmFactory alarm_factory_;
+  StrictMock<MockQuicConnection>* connection_;
   QuicClientPushPromiseIndex push_promise_index_;
 
   MockQuicClientSession session_;
-  scoped_ptr<QuicSpdyClientStream> stream_;
-  scoped_ptr<StreamVisitor> stream_visitor_;
-  scoped_ptr<QuicSpdyClientStream> promised_stream_;
+  std::unique_ptr<QuicSpdyClientStream> stream_;
+  std::unique_ptr<StreamVisitor> stream_visitor_;
+  std::unique_ptr<QuicSpdyClientStream> promised_stream_;
   BalsaHeaders headers_;
   string headers_string_;
   string body_;
@@ -176,7 +180,7 @@ TEST_F(QuicClientPromisedInfoTest, PushPromiseCleanupAlarm) {
   // Fire the alarm that will cancel the promised stream.
   EXPECT_CALL(*connection_,
               SendRstStream(promise_id_, QUIC_STREAM_CANCELLED, 0));
-  helper_.FireAlarm(QuicClientPromisedInfoPeer::GetAlarm(promised));
+  alarm_factory_.FireAlarm(QuicClientPromisedInfoPeer::GetAlarm(promised));
 
   // Verify that the promise is gone after the alarm fires.
   EXPECT_EQ(session_.GetPromisedById(promise_id_), nullptr);
@@ -248,8 +252,8 @@ TEST_F(QuicClientPromisedInfoTest, PushPromiseMismatch) {
 
   // Need to send the promised response headers and initiate the
   // rendezvous for secondary validation to proceed.
-  QuicSpdyClientStream* promise_stream =
-      static_cast<QuicSpdyClientStream*>(session_.GetStream(promise_id_));
+  QuicSpdyClientStream* promise_stream = static_cast<QuicSpdyClientStream*>(
+      session_.GetOrCreateStream(promise_id_));
   promise_stream->OnStreamHeaders(headers_string_);
   promise_stream->OnStreamHeadersComplete(false, headers_string_.size());
 
@@ -275,8 +279,8 @@ TEST_F(QuicClientPromisedInfoTest, PushPromiseVaryWaits) {
   EXPECT_NE(session_.GetPromisedById(promise_id_), nullptr);
 
   // Send Response, should trigger promise validation and complete rendezvous
-  QuicSpdyClientStream* promise_stream =
-      static_cast<QuicSpdyClientStream*>(session_.GetStream(promise_id_));
+  QuicSpdyClientStream* promise_stream = static_cast<QuicSpdyClientStream*>(
+      session_.GetOrCreateStream(promise_id_));
   ASSERT_NE(promise_stream, nullptr);
   promise_stream->OnStreamHeaders(headers_string_);
   promise_stream->OnStreamHeadersComplete(false, headers_string_.size());
@@ -291,8 +295,8 @@ TEST_F(QuicClientPromisedInfoTest, PushPromiseVaryNoWait) {
   QuicClientPromisedInfo* promised = session_.GetPromisedById(promise_id_);
   ASSERT_NE(promised, nullptr);
 
-  QuicSpdyClientStream* promise_stream =
-      static_cast<QuicSpdyClientStream*>(session_.GetStream(promise_id_));
+  QuicSpdyClientStream* promise_stream = static_cast<QuicSpdyClientStream*>(
+      session_.GetOrCreateStream(promise_id_));
   ASSERT_NE(promise_stream, nullptr);
 
   // Send Response, should trigger promise validation and complete rendezvous
@@ -325,7 +329,7 @@ TEST_F(QuicClientPromisedInfoTest, PushPromiseWaitCancels) {
   EXPECT_NE(session_.GetPromisedById(promise_id_), nullptr);
 
   // Create response stream, but no data yet.
-  session_.GetStream(promise_id_);
+  session_.GetOrCreateStream(promise_id_);
 
   // Fire the alarm that will cancel the promised stream.
   EXPECT_CALL(session_, CloseStream(promise_id_));
@@ -343,8 +347,8 @@ TEST_F(QuicClientPromisedInfoTest, PushPromiseDataClosed) {
   QuicClientPromisedInfo* promised = session_.GetPromisedById(promise_id_);
   ASSERT_NE(promised, nullptr);
 
-  QuicSpdyClientStream* promise_stream =
-      static_cast<QuicSpdyClientStream*>(session_.GetStream(promise_id_));
+  QuicSpdyClientStream* promise_stream = static_cast<QuicSpdyClientStream*>(
+      session_.GetOrCreateStream(promise_id_));
   ASSERT_NE(promise_stream, nullptr);
 
   // Send response, rendezvous will be able to finish synchronously.
diff --git a/chromium/net/quic/quic_client_push_promise_index_test.cc b/chromium/net/quic/quic_client_push_promise_index_test.cc
index 85c7f0cbc48..a06379a43aa 100644
--- a/chromium/net/quic/quic_client_push_promise_index_test.cc
+++ b/chromium/net/quic/quic_client_push_promise_index_test.cc
@@ -45,8 +45,9 @@ class MockQuicClientSession : public QuicClientSession {
 class QuicClientPushPromiseIndexTest : public ::testing::Test {
  public:
   QuicClientPushPromiseIndexTest()
-      : connection_(
-            new StrictMock<MockConnection>(&helper_, Perspective::IS_CLIENT)),
+      : connection_(new StrictMock<MockQuicConnection>(&helper_,
+                                                       &alarm_factory_,
+                                                       Perspective::IS_CLIENT)),
         session_(connection_, &index_),
         promised_(&session_, kServerDataStreamId1, url_) {
     FLAGS_quic_supports_push_promise = true;
@@ -58,8 +59,9 @@ class QuicClientPushPromiseIndexTest : public ::testing::Test {
     url_ = SpdyUtils::GetUrlFromHeaderBlock(request_);
   }
 
-  MockConnectionHelper helper_;
-  StrictMock<MockConnection>* connection_;
+  MockQuicConnectionHelper helper_;
+  MockAlarmFactory alarm_factory_;
+  StrictMock<MockQuicConnection>* connection_;
   MockQuicClientSession session_;
   QuicClientPushPromiseIndex index_;
   SpdyHeaderBlock request_;
diff --git a/chromium/net/quic/quic_client_session_base.cc b/chromium/net/quic/quic_client_session_base.cc
index dd9974aa77c..dff71e43e24 100644
--- a/chromium/net/quic/quic_client_session_base.cc
+++ b/chromium/net/quic/quic_client_session_base.cc
@@ -8,6 +8,7 @@
 #include "net/quic/quic_flags.h"
 #include "net/quic/spdy_utils.h"
 
+using base::StringPiece;
 using std::string;
 
 namespace net {
@@ -80,6 +81,30 @@ void QuicClientSessionBase::OnPromiseHeadersComplete(
   stream->OnPromiseHeadersComplete(promised_stream_id, frame_len);
 }
 
+void QuicClientSessionBase::OnPromiseHeaderList(
+    QuicStreamId stream_id,
+    QuicStreamId promised_stream_id,
+    size_t frame_len,
+    const QuicHeaderList& header_list) {
+  if (promised_stream_id != kInvalidStreamId &&
+      promised_stream_id <= largest_promised_stream_id_) {
+    connection()->CloseConnection(
+        QUIC_INVALID_STREAM_ID,
+        "Received push stream id lesser or equal to the"
+        " last accepted before",
+        ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
+    return;
+  }
+  largest_promised_stream_id_ = promised_stream_id;
+
+  QuicSpdyStream* stream = GetSpdyDataStream(stream_id);
+  if (!stream) {
+    // It's quite possible to receive headers after a stream has been reset.
+    return;
+  }
+  stream->OnPromiseHeaderList(promised_stream_id, frame_len, header_list);
+}
+
 void QuicClientSessionBase::HandlePromised(QuicStreamId /* associated_id */,
                                            QuicStreamId id,
                                            const SpdyHeaderBlock& headers) {
diff --git a/chromium/net/quic/quic_client_session_base.h b/chromium/net/quic/quic_client_session_base.h
index d1dfc3180fe..58c7d65be58 100644
--- a/chromium/net/quic/quic_client_session_base.h
+++ b/chromium/net/quic/quic_client_session_base.h
@@ -48,15 +48,21 @@ class NET_EXPORT_PRIVATE QuicClientSessionBase
   // Called by |headers_stream_| when push promise headers have been
   // received for a stream.
   void OnPromiseHeaders(QuicStreamId stream_id,
-                        StringPiece headers_data) override;
+                        base::StringPiece headers_data) override;
 
   // Called by |headers_stream_| when push promise headers have been
-  // completely received.  |fin| will be true if the fin flag was set
-  // in the headers.
+  // completely received.
   void OnPromiseHeadersComplete(QuicStreamId stream_id,
                                 QuicStreamId promised_stream_id,
                                 size_t frame_len) override;
 
+  // Called by |headers_stream_| when push promise headers have been
+  // completely received.
+  void OnPromiseHeaderList(QuicStreamId stream_id,
+                           QuicStreamId promised_stream_id,
+                           size_t frame_len,
+                           const QuicHeaderList& header_list) override;
+
   // Called by |QuicSpdyClientStream| on receipt of response headers,
   // needed to detect promised server push streams, as part of
   // client-request to push-stream rendezvous.
diff --git a/chromium/net/quic/quic_connection.cc b/chromium/net/quic/quic_connection.cc
index 7ce76a82701..8b4f4dd4387 100644
--- a/chromium/net/quic/quic_connection.cc
+++ b/chromium/net/quic/quic_connection.cc
@@ -69,6 +69,10 @@ const QuicPacketCount kDefaultRetransmittablePacketsBeforeAck = 2;
 const QuicPacketCount kMinReceivedBeforeAckDecimation = 100;
 // Wait for up to 10 retransmittable packets before sending an ack.
 const QuicPacketCount kMaxRetransmittablePacketsBeforeAck = 10;
+// One quarter RTT delay when doing ack decimation.
+const float kAckDecimationDelay = 0.25;
+// One eighth RTT delay when doing ack decimation.
+const float kShortAckDecimationDelay = 0.125;
 
 bool Near(QuicPacketNumber a, QuicPacketNumber b) {
   QuicPacketNumber delta = (a > b) ? a - b : b - a;
@@ -81,9 +85,10 @@ bool IsInitializedIPEndPoint(const IPEndPoint& address) {
 }
 
 // An alarm that is scheduled to send an ack if a timeout occurs.
-class AckAlarm : public QuicAlarm::Delegate {
+class AckAlarmDelegate : public QuicAlarm::Delegate {
  public:
-  explicit AckAlarm(QuicConnection* connection) : connection_(connection) {}
+  explicit AckAlarmDelegate(QuicConnection* connection)
+      : connection_(connection) {}
 
   void OnAlarm() override {
     DCHECK(connection_->ack_frame_updated());
@@ -94,15 +99,15 @@ class AckAlarm : public QuicAlarm::Delegate {
  private:
   QuicConnection* connection_;
 
-  DISALLOW_COPY_AND_ASSIGN(AckAlarm);
+  DISALLOW_COPY_AND_ASSIGN(AckAlarmDelegate);
 };
 
 // This alarm will be scheduled any time a data-bearing packet is sent out.
 // When the alarm goes off, the connection checks to see if the oldest packets
 // have been acked, and retransmit them if they have not.
-class RetransmissionAlarm : public QuicAlarm::Delegate {
+class RetransmissionAlarmDelegate : public QuicAlarm::Delegate {
  public:
-  explicit RetransmissionAlarm(QuicConnection* connection)
+  explicit RetransmissionAlarmDelegate(QuicConnection* connection)
       : connection_(connection) {}
 
   void OnAlarm() override { connection_->OnRetransmissionTimeout(); }
@@ -110,50 +115,53 @@ class RetransmissionAlarm : public QuicAlarm::Delegate {
  private:
   QuicConnection* connection_;
 
-  DISALLOW_COPY_AND_ASSIGN(RetransmissionAlarm);
+  DISALLOW_COPY_AND_ASSIGN(RetransmissionAlarmDelegate);
 };
 
 // An alarm that is scheduled when the SentPacketManager requires a delay
 // before sending packets and fires when the packet may be sent.
-class SendAlarm : public QuicAlarm::Delegate {
+class SendAlarmDelegate : public QuicAlarm::Delegate {
  public:
-  explicit SendAlarm(QuicConnection* connection) : connection_(connection) {}
+  explicit SendAlarmDelegate(QuicConnection* connection)
+      : connection_(connection) {}
 
   void OnAlarm() override { connection_->WriteAndBundleAcksIfNotBlocked(); }
 
  private:
   QuicConnection* connection_;
 
-  DISALLOW_COPY_AND_ASSIGN(SendAlarm);
+  DISALLOW_COPY_AND_ASSIGN(SendAlarmDelegate);
 };
 
-class TimeoutAlarm : public QuicAlarm::Delegate {
+class TimeoutAlarmDelegate : public QuicAlarm::Delegate {
  public:
-  explicit TimeoutAlarm(QuicConnection* connection) : connection_(connection) {}
+  explicit TimeoutAlarmDelegate(QuicConnection* connection)
+      : connection_(connection) {}
 
   void OnAlarm() override { connection_->CheckForTimeout(); }
 
  private:
   QuicConnection* connection_;
 
-  DISALLOW_COPY_AND_ASSIGN(TimeoutAlarm);
+  DISALLOW_COPY_AND_ASSIGN(TimeoutAlarmDelegate);
 };
 
-class PingAlarm : public QuicAlarm::Delegate {
+class PingAlarmDelegate : public QuicAlarm::Delegate {
  public:
-  explicit PingAlarm(QuicConnection* connection) : connection_(connection) {}
+  explicit PingAlarmDelegate(QuicConnection* connection)
+      : connection_(connection) {}
 
   void OnAlarm() override { connection_->OnPingTimeout(); }
 
  private:
   QuicConnection* connection_;
 
-  DISALLOW_COPY_AND_ASSIGN(PingAlarm);
+  DISALLOW_COPY_AND_ASSIGN(PingAlarmDelegate);
 };
 
-class MtuDiscoveryAlarm : public QuicAlarm::Delegate {
+class MtuDiscoveryAlarmDelegate : public QuicAlarm::Delegate {
  public:
-  explicit MtuDiscoveryAlarm(QuicConnection* connection)
+  explicit MtuDiscoveryAlarmDelegate(QuicConnection* connection)
       : connection_(connection) {}
 
   void OnAlarm() override { connection_->DiscoverMtu(); }
@@ -161,7 +169,7 @@ class MtuDiscoveryAlarm : public QuicAlarm::Delegate {
  private:
   QuicConnection* connection_;
 
-  DISALLOW_COPY_AND_ASSIGN(MtuDiscoveryAlarm);
+  DISALLOW_COPY_AND_ASSIGN(MtuDiscoveryAlarmDelegate);
 };
 
 // Listens for acks of MTU discovery packets and raises the maximum packet size
@@ -204,6 +212,7 @@ class MtuDiscoveryAckListener : public QuicAckListenerInterface {
 QuicConnection::QuicConnection(QuicConnectionId connection_id,
                                IPEndPoint address,
                                QuicConnectionHelperInterface* helper,
+                               QuicAlarmFactory* alarm_factory,
                                QuicPacketWriter* writer,
                                bool owns_writer,
                                Perspective perspective,
@@ -212,6 +221,7 @@ QuicConnection::QuicConnection(QuicConnectionId connection_id,
               helper->GetClock()->ApproximateNow(),
               perspective),
       helper_(helper),
+      alarm_factory_(alarm_factory),
       per_packet_options_(nullptr),
       writer_(writer),
       owns_writer_(owns_writer),
@@ -244,21 +254,31 @@ QuicConnection::QuicConnection(QuicConnectionId connection_id,
       num_packets_received_since_last_ack_sent_(0),
       stop_waiting_count_(0),
       ack_mode_(TCP_ACKING),
+      ack_decimation_delay_(kAckDecimationDelay),
       delay_setting_retransmission_alarm_(false),
       pending_retransmission_alarm_(false),
       defer_send_in_response_to_packets_(false),
       arena_(),
-      ack_alarm_(helper->CreateAlarm(arena_.New<AckAlarm>(this), &arena_)),
-      retransmission_alarm_(
-          helper->CreateAlarm(arena_.New<RetransmissionAlarm>(this), &arena_)),
-      send_alarm_(helper->CreateAlarm(arena_.New<SendAlarm>(this), &arena_)),
+      ack_alarm_(alarm_factory_->CreateAlarm(arena_.New<AckAlarmDelegate>(this),
+                                             &arena_)),
+      retransmission_alarm_(alarm_factory_->CreateAlarm(
+          arena_.New<RetransmissionAlarmDelegate>(this),
+          &arena_)),
+      send_alarm_(
+          alarm_factory_->CreateAlarm(arena_.New<SendAlarmDelegate>(this),
+                                      &arena_)),
       resume_writes_alarm_(
-          helper->CreateAlarm(arena_.New<SendAlarm>(this), &arena_)),
+          alarm_factory_->CreateAlarm(arena_.New<SendAlarmDelegate>(this),
+                                      &arena_)),
       timeout_alarm_(
-          helper->CreateAlarm(arena_.New<TimeoutAlarm>(this), &arena_)),
-      ping_alarm_(helper->CreateAlarm(arena_.New<PingAlarm>(this), &arena_)),
-      mtu_discovery_alarm_(
-          helper->CreateAlarm(arena_.New<MtuDiscoveryAlarm>(this), &arena_)),
+          alarm_factory_->CreateAlarm(arena_.New<TimeoutAlarmDelegate>(this),
+                                      &arena_)),
+      ping_alarm_(
+          alarm_factory_->CreateAlarm(arena_.New<PingAlarmDelegate>(this),
+                                      &arena_)),
+      mtu_discovery_alarm_(alarm_factory_->CreateAlarm(
+          arena_.New<MtuDiscoveryAlarmDelegate>(this),
+          &arena_)),
       visitor_(nullptr),
       debug_visitor_(nullptr),
       packet_generator_(connection_id_,
@@ -304,6 +324,7 @@ QuicConnection::QuicConnection(QuicConnectionId connection_id,
   SetMaxPacketLength(perspective_ == Perspective::IS_SERVER
                          ? kDefaultServerMaxPacketSize
                          : kDefaultMaxPacketSize);
+  received_packet_manager_.SetVersion(version());
 }
 
 QuicConnection::~QuicConnection() {
@@ -311,9 +332,6 @@ QuicConnection::~QuicConnection() {
     delete writer_;
   }
   STLDeleteElements(&undecryptable_packets_);
-  if (termination_packets_.get() != nullptr) {
-    STLDeleteElements(termination_packets_.get());
-  }
   ClearQueuedPackets();
 }
 
@@ -365,12 +383,18 @@ void QuicConnection::SetFromConfig(const QuicConfig& config) {
   if (config.HasClientSentConnectionOption(kACKD, perspective_)) {
     ack_mode_ = ACK_DECIMATION;
   }
-  if (FLAGS_quic_ack_decimation2 &&
-      config.HasClientSentConnectionOption(kAKD2, perspective_)) {
+  if (config.HasClientSentConnectionOption(kAKD2, perspective_)) {
+    ack_mode_ = ACK_DECIMATION_WITH_REORDERING;
+  }
+  if (config.HasClientSentConnectionOption(kAKD3, perspective_)) {
+    ack_mode_ = ACK_DECIMATION;
+    ack_decimation_delay_ = kShortAckDecimationDelay;
+  }
+  if (config.HasClientSentConnectionOption(kAKD4, perspective_)) {
     ack_mode_ = ACK_DECIMATION_WITH_REORDERING;
+    ack_decimation_delay_ = kShortAckDecimationDelay;
   }
-  if (FLAGS_quic_enable_rto_timeout &&
-      config.HasClientSentConnectionOption(k5RTO, perspective_)) {
+  if (config.HasClientSentConnectionOption(k5RTO, perspective_)) {
     close_connection_after_five_rtos_ = true;
   }
 }
@@ -396,6 +420,10 @@ void QuicConnection::ResumeConnectionState(
                                              max_bandwidth_resumption);
 }
 
+void QuicConnection::SetMaxPacingRate(QuicBandwidth max_pacing_rate) {
+  sent_packet_manager_.SetMaxPacingRate(max_pacing_rate);
+}
+
 void QuicConnection::SetNumOpenStreams(size_t num_streams) {
   sent_packet_manager_.SetNumOpenStreams(num_streams);
 }
@@ -488,6 +516,7 @@ bool QuicConnection::OnProtocolVersionMismatch(QuicVersion received_version) {
   }
 
   version_negotiation_state_ = NEGOTIATED_VERSION;
+  received_packet_manager_.SetVersion(received_version);
   visitor_->OnSuccessfulVersionNegotiation(received_version);
   if (debug_visitor_ != nullptr) {
     debug_visitor_->OnSuccessfulVersionNegotiation(received_version);
@@ -545,6 +574,7 @@ void QuicConnection::OnVersionNegotiationPacket(
 
   DVLOG(1) << ENDPOINT
            << "Negotiated version: " << QuicVersionToString(version());
+  received_packet_manager_.SetVersion(version());
   server_supported_versions_ = packet.versions;
   version_negotiation_state_ = NEGOTIATION_IN_PROGRESS;
   RetransmitUnackedPackets(ALL_UNACKED_RETRANSMISSION);
@@ -617,6 +647,7 @@ bool QuicConnection::OnUnauthenticatedHeader(const QuicPacketHeader& header) {
 void QuicConnection::OnDecryptedPacket(EncryptionLevel level) {
   last_decrypted_packet_level_ = level;
   last_packet_decrypted_ = true;
+
   // If this packet was foward-secure encrypted and the forward-secure encrypter
   // is not being used, start using it.
   if (encryption_level_ != ENCRYPTION_FORWARD_SECURE &&
@@ -660,6 +691,14 @@ bool QuicConnection::OnStreamFrame(const QuicStreamFrame& frame) {
   }
   if (frame.stream_id != kCryptoStreamId &&
       last_decrypted_packet_level_ == ENCRYPTION_NONE) {
+    if (FLAGS_quic_detect_memory_corrpution &&
+        MaybeConsiderAsMemoryCorruption(frame)) {
+      CloseConnection(QUIC_MAYBE_CORRUPTED_MEMORY,
+                      "Received crypto frame on non crypto stream.",
+                      ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
+      return false;
+    }
+
     QUIC_BUG << ENDPOINT
              << "Received an unencrypted data frame: closing connection"
              << " packet_number:" << last_header_.packet_number
@@ -672,7 +711,7 @@ bool QuicConnection::OnStreamFrame(const QuicStreamFrame& frame) {
   }
   visitor_->OnStreamFrame(frame);
   visitor_->PostProcessAfterData();
-  stats_.stream_bytes_received += frame.frame_length;
+  stats_.stream_bytes_received += frame.data_length;
   should_last_packet_instigate_acks_ = true;
   return connected_;
 }
@@ -703,10 +742,14 @@ bool QuicConnection::OnAckFrame(const QuicAckFrame& incoming_ack) {
   if (incoming_ack.is_truncated) {
     should_last_packet_instigate_acks_ = true;
   }
-  // If the peer is still waiting for a packet that we are no longer planning to
-  // send, send an ack to raise the high water mark.
-  if (!incoming_ack.missing_packets.Empty() &&
-      GetLeastUnacked() > incoming_ack.missing_packets.Min()) {
+  // If the incoming ack's packets set expresses missing packets: peer is still
+  // waiting for a packet lower than a packet that we are no longer planning to
+  // send.
+  // If the incoming ack's packets set expresses received packets: peer is still
+  // acking packets which we never care about.
+  // Send an ack to raise the high water mark.
+  if (!incoming_ack.packets.Empty() &&
+      GetLeastUnacked() > incoming_ack.packets.Min()) {
     ++stop_waiting_count_;
   } else {
     stop_waiting_count_ = 0;
@@ -719,9 +762,10 @@ void QuicConnection::ProcessAckFrame(const QuicAckFrame& incoming_ack) {
   largest_seen_packet_with_ack_ = last_header_.packet_number;
   sent_packet_manager_.OnIncomingAck(incoming_ack,
                                      time_of_last_received_packet_);
-  sent_entropy_manager_.ClearEntropyBefore(
-      sent_packet_manager_.least_packet_awaited_by_peer() - 1);
-
+  if (version() <= QUIC_VERSION_33) {
+    sent_entropy_manager_.ClearEntropyBefore(
+        sent_packet_manager_.least_packet_awaited_by_peer() - 1);
+  }
   // Always reset the retransmission alarm when an ack comes in, since we now
   // have a better estimate of the current rtt than when it was set.
   SetRetransmissionAlarm();
@@ -756,6 +800,14 @@ bool QuicConnection::OnStopWaitingFrame(const QuicStopWaitingFrame& frame) {
   return connected_;
 }
 
+bool QuicConnection::OnPaddingFrame(const QuicPaddingFrame& frame) {
+  DCHECK(connected_);
+  if (debug_visitor_ != nullptr) {
+    debug_visitor_->OnPaddingFrame(frame);
+  }
+  return true;
+}
+
 bool QuicConnection::OnPingFrame(const QuicPingFrame& frame) {
   DCHECK(connected_);
   if (debug_visitor_ != nullptr) {
@@ -786,32 +838,42 @@ const char* QuicConnection::ValidateAckFrame(const QuicAckFrame& incoming_ack) {
     return "Largest observed too low.";
   }
 
-  if (!incoming_ack.missing_packets.Empty() &&
-      incoming_ack.missing_packets.Max() > incoming_ack.largest_observed) {
-    LOG(WARNING) << ENDPOINT << "Peer sent missing packet: "
-                 << incoming_ack.missing_packets.Max()
-                 << " which is greater than largest observed: "
-                 << incoming_ack.largest_observed;
-    return "Missing packet higher than largest observed.";
-  }
-
-  if (!incoming_ack.missing_packets.Empty() &&
-      incoming_ack.missing_packets.Min() <
-          sent_packet_manager_.least_packet_awaited_by_peer()) {
-    LOG(WARNING) << ENDPOINT << "Peer sent missing packet: "
-                 << incoming_ack.missing_packets.Min()
-                 << " which is smaller than least_packet_awaited_by_peer_: "
-                 << sent_packet_manager_.least_packet_awaited_by_peer();
-    return "Missing packet smaller than least awaited.";
-  }
+  if (version() <= QUIC_VERSION_33) {
+    if (!incoming_ack.packets.Empty() &&
+        incoming_ack.packets.Max() > incoming_ack.largest_observed) {
+      LOG(WARNING) << ENDPOINT
+                   << "Peer sent missing packet: " << incoming_ack.packets.Max()
+                   << " which is greater than largest observed: "
+                   << incoming_ack.largest_observed;
+      return "Missing packet higher than largest observed.";
+    }
 
-  if (!sent_entropy_manager_.IsValidEntropy(incoming_ack.largest_observed,
-                                            incoming_ack.missing_packets,
-                                            incoming_ack.entropy_hash)) {
-    LOG(WARNING) << ENDPOINT << "Peer sent invalid entropy."
-                 << " largest_observed:" << incoming_ack.largest_observed
-                 << " last_received:" << last_header_.packet_number;
-    return "Invalid entropy.";
+    if (!incoming_ack.packets.Empty() &&
+        incoming_ack.packets.Min() <
+            sent_packet_manager_.least_packet_awaited_by_peer()) {
+      LOG(WARNING) << ENDPOINT
+                   << "Peer sent missing packet: " << incoming_ack.packets.Min()
+                   << " which is smaller than least_packet_awaited_by_peer_: "
+                   << sent_packet_manager_.least_packet_awaited_by_peer();
+      return "Missing packet smaller than least awaited.";
+    }
+    if (!sent_entropy_manager_.IsValidEntropy(incoming_ack.largest_observed,
+                                              incoming_ack.packets,
+                                              incoming_ack.entropy_hash)) {
+      LOG(WARNING) << ENDPOINT << "Peer sent invalid entropy."
+                   << " largest_observed:" << incoming_ack.largest_observed
+                   << " last_received:" << last_header_.packet_number;
+      return "Invalid entropy.";
+    }
+  } else {
+    if (!incoming_ack.packets.Empty() &&
+        incoming_ack.packets.Max() != incoming_ack.largest_observed) {
+      QUIC_BUG << ENDPOINT
+               << "Peer last received packet: " << incoming_ack.packets.Max()
+               << " which is not equal to largest observed: "
+               << incoming_ack.largest_observed;
+      return "Last received packet not equal to largest observed.";
+    }
   }
 
   return nullptr;
@@ -990,7 +1052,8 @@ void QuicConnection::MaybeQueueAck(bool was_missing) {
         // Wait the minimum of a quarter min_rtt and the delayed ack time.
         QuicTime::Delta ack_delay = QuicTime::Delta::Min(
             sent_packet_manager_.DelayedAckTime(),
-            sent_packet_manager_.GetRttStats()->min_rtt().Multiply(0.25));
+            sent_packet_manager_.GetRttStats()->min_rtt().Multiply(
+                ack_decimation_delay_));
         ack_alarm_->Set(clock_->ApproximateNow().Add(ack_delay));
       }
     } else {
@@ -1031,6 +1094,9 @@ void QuicConnection::ClearLastFrames() {
 }
 
 void QuicConnection::MaybeCloseIfTooManyOutstandingPackets() {
+  if (version() > QUIC_VERSION_33) {
+    return;
+  }
   // This occurs if we don't discard old packets we've sent fast enough.
   // It's possible largest observed is less than least unacked.
   if (sent_packet_manager_.largest_observed() >
@@ -1057,8 +1123,10 @@ const QuicFrame QuicConnection::GetUpdatedAckFrame() {
 void QuicConnection::PopulateStopWaitingFrame(
     QuicStopWaitingFrame* stop_waiting) {
   stop_waiting->least_unacked = GetLeastUnacked();
-  stop_waiting->entropy_hash = sent_entropy_manager_.GetCumulativeEntropy(
-      stop_waiting->least_unacked - 1);
+  if (version() <= QUIC_VERSION_33) {
+    stop_waiting->entropy_hash = sent_entropy_manager_.GetCumulativeEntropy(
+        stop_waiting->least_unacked - 1);
+  }
 }
 
 QuicPacketNumber QuicConnection::GetLeastUnacked() const {
@@ -1088,7 +1156,7 @@ void QuicConnection::SendVersionNegotiationPacket() {
   }
   DVLOG(1) << ENDPOINT << "Sending version negotiation packet: {"
            << QuicVersionVectorToString(framer_.supported_versions()) << "}";
-  scoped_ptr<QuicEncryptedPacket> version_packet(
+  std::unique_ptr<QuicEncryptedPacket> version_packet(
       packet_generator_.SerializeVersionNegotiationPacket(
           framer_.supported_versions()));
   WriteResult result = writer_->WritePacket(
@@ -1243,11 +1311,9 @@ void QuicConnection::ProcessUdpPacket(const IPEndPoint& self_address,
   stats_.bytes_received += packet.length();
   ++stats_.packets_received;
 
-  if (FLAGS_quic_use_socket_timestamp) {
-    time_of_last_received_packet_ = packet.receipt_time();
-    DVLOG(1) << ENDPOINT << "time of last received packet: "
-             << time_of_last_received_packet_.ToDebuggingValue();
-  }
+  time_of_last_received_packet_ = packet.receipt_time();
+  DVLOG(1) << ENDPOINT << "time of last received packet: "
+           << time_of_last_received_packet_.ToDebuggingValue();
 
   ScopedRetransmissionScheduler alarm_delayer(this);
   if (!framer_.ProcessPacket(packet)) {
@@ -1306,7 +1372,11 @@ void QuicConnection::OnCanWrite() {
     // We're not write blocked, but some stream didn't write out all of its
     // bytes. Register for 'immediate' resumption so we'll keep writing after
     // other connections and events have had a chance to use the thread.
-    resume_writes_alarm_->Set(clock_->ApproximateNow());
+    if (FLAGS_quic_only_one_sending_alarm) {
+      send_alarm_->Update(clock_->ApproximateNow(), QuicTime::Delta::Zero());
+    } else {
+      resume_writes_alarm_->Set(clock_->ApproximateNow());
+    }
   }
 }
 
@@ -1364,6 +1434,7 @@ bool QuicConnection::ProcessValidatedPacket(const QuicPacketHeader& header) {
         DCHECK_EQ(1u, header.public_header.versions.size());
         DCHECK_EQ(header.public_header.versions[0], version());
         version_negotiation_state_ = NEGOTIATED_VERSION;
+        received_packet_manager_.SetVersion(version());
         visitor_->OnSuccessfulVersionNegotiation(version());
         if (debug_visitor_ != nullptr) {
           debug_visitor_->OnSuccessfulVersionNegotiation(version());
@@ -1375,6 +1446,7 @@ bool QuicConnection::ProcessValidatedPacket(const QuicPacketHeader& header) {
       // it should stop sending version since the version negotiation is done.
       packet_generator_.StopSendingVersion();
       version_negotiation_state_ = NEGOTIATED_VERSION;
+      received_packet_manager_.SetVersion(version());
       visitor_->OnSuccessfulVersionNegotiation(version());
       if (debug_visitor_ != nullptr) {
         debug_visitor_->OnSuccessfulVersionNegotiation(version());
@@ -1384,12 +1456,6 @@ bool QuicConnection::ProcessValidatedPacket(const QuicPacketHeader& header) {
 
   DCHECK_EQ(NEGOTIATED_VERSION, version_negotiation_state_);
 
-  if (!FLAGS_quic_use_socket_timestamp) {
-    time_of_last_received_packet_ = clock_->Now();
-    DVLOG(1) << ENDPOINT << "time of last received packet: "
-             << time_of_last_received_packet_.ToDebuggingValue();
-  }
-
   if (last_size_ > largest_received_packet_size_) {
     largest_received_packet_size_ = last_size_;
   }
@@ -1531,12 +1597,13 @@ bool QuicConnection::WritePacket(SerializedPacket* packet) {
   // Others are deleted at the end of this call.
   if (is_termination_packet) {
     if (termination_packets_.get() == nullptr) {
-      termination_packets_.reset(new std::vector<QuicEncryptedPacket*>);
+      termination_packets_.reset(
+          new std::vector<std::unique_ptr<QuicEncryptedPacket>>);
     }
     // Copy the buffer so it's owned in the future.
     char* buffer_copy = QuicUtils::CopyBuffer(*packet);
-    termination_packets_->push_back(
-        new QuicEncryptedPacket(buffer_copy, encrypted_length, true));
+    termination_packets_->push_back(std::unique_ptr<QuicEncryptedPacket>(
+        new QuicEncryptedPacket(buffer_copy, encrypted_length, true)));
     // This assures we won't try to write *forced* packets when blocked.
     // Return true to stop processing.
     if (writer_->IsWriteBlocked()) {
@@ -1581,7 +1648,8 @@ bool QuicConnection::WritePacket(SerializedPacket* packet) {
   }
   if (result.status != WRITE_STATUS_ERROR && debug_visitor_ != nullptr) {
     // Pass the write result to the visitor.
-    debug_visitor_->OnPacketSent(*packet, packet->original_packet_number,
+    debug_visitor_->OnPacketSent(*packet, packet->original_path_id,
+                                 packet->original_packet_number,
                                  packet->transmission_type, packet_send_time);
   }
   if (packet->transmission_type == NOT_RETRANSMISSION) {
@@ -1604,8 +1672,8 @@ bool QuicConnection::WritePacket(SerializedPacket* packet) {
       sent_packet_manager_.EstimateMaxPacketsInFlight(max_packet_length()));
 
   bool reset_retransmission_alarm = sent_packet_manager_.OnPacketSent(
-      packet, packet->original_packet_number, packet_send_time,
-      packet->transmission_type, IsRetransmittable(*packet));
+      packet, packet->original_path_id, packet->original_packet_number,
+      packet_send_time, packet->transmission_type, IsRetransmittable(*packet));
 
   if (reset_retransmission_alarm || !retransmission_alarm_->IsSet()) {
     SetRetransmissionAlarm();
@@ -1697,11 +1765,9 @@ void QuicConnection::OnUnrecoverableError(QuicErrorCode error,
   TearDownLocalConnectionState(error, error_details, source);
 }
 
-void QuicConnection::OnCongestionWindowChange() {
+void QuicConnection::OnCongestionChange() {
   visitor_->OnCongestionWindowChange(clock_->ApproximateNow());
-}
 
-void QuicConnection::OnRttChange() {
   // Uses the connection's smoothed RTT. If zero, uses initial_rtt.
   QuicTime::Delta rtt = sent_packet_manager_.GetRttStats()->smoothed_rtt();
   if (rtt.IsZero()) {
@@ -1734,9 +1800,10 @@ void QuicConnection::SendOrQueuePacket(SerializedPacket* packet) {
     QUIC_BUG << "packet.encrypted_buffer == nullptr in to SendOrQueuePacket";
     return;
   }
-
-  sent_entropy_manager_.RecordPacketEntropyHash(packet->packet_number,
-                                                packet->entropy_hash);
+  if (version() <= QUIC_VERSION_33) {
+    sent_entropy_manager_.RecordPacketEntropyHash(packet->packet_number,
+                                                  packet->entropy_hash);
+  }
   // If there are already queued packets, queue this one immediately to ensure
   // it's written in sequence number order.
   if (!queued_packets_.empty() || !WritePacket(packet)) {
@@ -1782,9 +1849,7 @@ void QuicConnection::SendAck() {
 }
 
 void QuicConnection::OnRetransmissionTimeout() {
-  if (!sent_packet_manager_.HasUnackedPackets()) {
-    return;
-  }
+  DCHECK(sent_packet_manager_.HasUnackedPackets());
 
   if (close_connection_after_five_rtos_ &&
       sent_packet_manager_.consecutive_rto_count() >= 4) {
@@ -1794,6 +1859,10 @@ void QuicConnection::OnRetransmissionTimeout() {
     return;
   }
 
+  // Cancel the send alarm to ensure TimeUntilSend is re-evaluated.
+  if (FLAGS_quic_only_one_sending_alarm) {
+    send_alarm_->Cancel();
+  }
   sent_packet_manager_.OnRetransmissionTimeout();
   WriteIfNotBlocked();
 
@@ -1835,6 +1904,11 @@ void QuicConnection::SetEncrypter(EncryptionLevel level,
   }
 }
 
+void QuicConnection::SetDiversificationNonce(const DiversificationNonce nonce) {
+  DCHECK_EQ(Perspective::IS_SERVER, perspective_);
+  packet_generator_.SetDiversificationNonce(nonce);
+}
+
 void QuicConnection::SetDefaultEncryptionLevel(EncryptionLevel level) {
   encryption_level_ = level;
   packet_generator_.set_encryption_level(level);
@@ -2110,6 +2184,19 @@ void QuicConnection::SetRetransmissionAlarm() {
     pending_retransmission_alarm_ = true;
     return;
   }
+  // Once the handshake has been confirmed, the retransmission alarm should
+  // never fire before the send alarm.
+  if (FLAGS_quic_only_one_sending_alarm &&
+      sent_packet_manager_.handshake_confirmed() && send_alarm_->IsSet()) {
+    DCHECK(!sent_packet_manager_.GetRetransmissionTime().IsInitialized() ||
+           sent_packet_manager_.GetRetransmissionTime() >=
+               send_alarm_->deadline())
+        << " retransmission_time:"
+        << sent_packet_manager_.GetRetransmissionTime().ToDebuggingValue()
+        << " send_alarm:" << send_alarm_->deadline().ToDebuggingValue();
+    retransmission_alarm_->Cancel();
+    return;
+  }
   QuicTime retransmission_time = sent_packet_manager_.GetRetransmissionTime();
   retransmission_alarm_->Update(retransmission_time,
                                 QuicTime::Delta::FromMilliseconds(1));
@@ -2355,4 +2442,28 @@ StringPiece QuicConnection::GetCurrentPacket() {
   return StringPiece(current_packet_data_, last_size_);
 }
 
+bool QuicConnection::MaybeConsiderAsMemoryCorruption(
+    const QuicStreamFrame& frame) {
+  if (frame.stream_id == kCryptoStreamId ||
+      last_decrypted_packet_level_ != ENCRYPTION_NONE) {
+    return false;
+  }
+
+  if (perspective_ == Perspective::IS_SERVER &&
+      frame.data_length >= sizeof(kCHLO) &&
+      strncmp(frame.data_buffer, reinterpret_cast<const char*>(&kCHLO),
+              sizeof(kCHLO)) == 0) {
+    return true;
+  }
+
+  if (perspective_ == Perspective::IS_CLIENT &&
+      frame.data_length >= sizeof(kREJ) &&
+      strncmp(frame.data_buffer, reinterpret_cast<const char*>(&kREJ),
+              sizeof(kREJ)) == 0) {
+    return true;
+  }
+
+  return false;
+}
+
 }  // namespace net
diff --git a/chromium/net/quic/quic_connection.h b/chromium/net/quic/quic_connection.h
index 5baff2ead02..75385388a22 100644
--- a/chromium/net/quic/quic_connection.h
+++ b/chromium/net/quic/quic_connection.h
@@ -22,18 +22,19 @@
 #include <deque>
 #include <list>
 #include <map>
+#include <memory>
 #include <queue>
 #include <string>
 #include <vector>
 
 #include "base/logging.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_piece.h"
 #include "net/base/ip_address.h"
 #include "net/base/ip_endpoint.h"
 #include "net/quic/crypto/quic_decrypter.h"
 #include "net/quic/quic_alarm.h"
+#include "net/quic/quic_alarm_factory.h"
 #include "net/quic/quic_blocked_writer_interface.h"
 #include "net/quic/quic_fec_group.h"
 #include "net/quic/quic_framer.h"
@@ -167,6 +168,7 @@ class NET_EXPORT_PRIVATE QuicConnectionDebugVisitor
 
   // Called when a packet has been sent.
   virtual void OnPacketSent(const SerializedPacket& serialized_packet,
+                            QuicPathId original_path_id,
                             QuicPacketNumber original_packet_number,
                             TransmissionType transmission_type,
                             QuicTime sent_time) {}
@@ -206,6 +208,9 @@ class NET_EXPORT_PRIVATE QuicConnectionDebugVisitor
   // Called when a StopWaitingFrame has been parsed.
   virtual void OnStopWaitingFrame(const QuicStopWaitingFrame& frame) {}
 
+  // Called when a QuicPaddingFrame has been parsed.
+  virtual void OnPaddingFrame(const QuicPaddingFrame& frame) {}
+
   // Called when a Ping has been parsed.
   virtual void OnPingFrame(const QuicPingFrame& frame) {}
 
@@ -273,20 +278,6 @@ class NET_EXPORT_PRIVATE QuicConnectionHelperInterface {
   // Returns a QuicRandom to be used for all random number related functions.
   virtual QuicRandom* GetRandomGenerator() = 0;
 
-  // Creates a new platform-specific alarm which will be configured to notify
-  // |delegate| when the alarm fires. Returns an alarm allocated on the heap.
-  // Caller takes ownership of the new alarm, which will not yet be "set" to
-  // fire.
-  virtual QuicAlarm* CreateAlarm(QuicAlarm::Delegate* delegate) = 0;
-
-  // Creates a new platform-specific alarm which will be configured to notify
-  // |delegate| when the alarm fires. Caller takes ownership of the new alarm,
-  // which will not yet be "set" to fire. If |arena| is null, then the alarm
-  // will be created on the heap. Otherwise, it will be created in |arena|.
-  virtual QuicArenaScopedPtr<QuicAlarm> CreateAlarm(
-      QuicArenaScopedPtr<QuicAlarm::Delegate> delegate,
-      QuicConnectionArena* arena) = 0;
-
   // Returns a QuicBufferAllocator to be used for all stream frame buffers.
   virtual QuicBufferAllocator* GetBufferAllocator() = 0;
 };
@@ -314,6 +305,7 @@ class NET_EXPORT_PRIVATE QuicConnection
   QuicConnection(QuicConnectionId connection_id,
                  IPEndPoint address,
                  QuicConnectionHelperInterface* helper,
+                 QuicAlarmFactory* alarm_factory,
                  QuicPacketWriter* writer,
                  bool owns_writer,
                  Perspective perspective,
@@ -336,6 +328,9 @@ class NET_EXPORT_PRIVATE QuicConnection
       const CachedNetworkParameters& cached_network_params,
       bool max_bandwidth_resumption);
 
+  // Called by the Session when a max pacing rate for the connection is needed.
+  virtual void SetMaxPacingRate(QuicBandwidth max_pacing_rate);
+
   // Sets the number of active streams on the connection for congestion control.
   void SetNumOpenStreams(size_t num_streams);
 
@@ -443,6 +438,7 @@ class NET_EXPORT_PRIVATE QuicConnection
   bool OnStreamFrame(const QuicStreamFrame& frame) override;
   bool OnAckFrame(const QuicAckFrame& frame) override;
   bool OnStopWaitingFrame(const QuicStopWaitingFrame& frame) override;
+  bool OnPaddingFrame(const QuicPaddingFrame& frame) override;
   bool OnPingFrame(const QuicPingFrame& frame) override;
   bool OnRstStreamFrame(const QuicRstStreamFrame& frame) override;
   bool OnConnectionCloseFrame(const QuicConnectionCloseFrame& frame) override;
@@ -465,8 +461,7 @@ class NET_EXPORT_PRIVATE QuicConnection
                             ConnectionCloseSource source) override;
 
   // QuicSentPacketManager::NetworkChangeVisitor
-  void OnCongestionWindowChange() override;
-  void OnRttChange() override;
+  void OnCongestionChange() override;
   void OnPathDegrading() override;
 
   // Called by the crypto stream when the handshake completes. In the server's
@@ -560,6 +555,11 @@ class NET_EXPORT_PRIVATE QuicConnection
   // takes ownership of |encrypter|.
   void SetEncrypter(EncryptionLevel level, QuicEncrypter* encrypter);
 
+  // SetNonceForPublicHeader sets the nonce that will be transmitted in the
+  // public header of each packet encrypted at the initial encryption level
+  // decrypted. This should only be called on the server side.
+  void SetDiversificationNonce(const DiversificationNonce nonce);
+
   // SetDefaultEncryptionLevel sets the encryption level that will be applied
   // to new packets.
   void SetDefaultEncryptionLevel(EncryptionLevel level);
@@ -656,7 +656,7 @@ class NET_EXPORT_PRIVATE QuicConnection
   // Return the id of the cipher of the primary decrypter of the framer.
   uint32_t cipher_id() const { return framer_.decrypter()->cipher_id(); }
 
-  std::vector<QuicEncryptedPacket*>* termination_packets() {
+  std::vector<std::unique_ptr<QuicEncryptedPacket>>* termination_packets() {
     return termination_packets_.get();
   }
 
@@ -665,6 +665,7 @@ class NET_EXPORT_PRIVATE QuicConnection
   bool ack_frame_updated() const;
 
   QuicConnectionHelperInterface* helper() { return helper_; }
+  QuicAlarmFactory* alarm_factory() { return alarm_factory_; }
 
   base::StringPiece GetCurrentPacket();
 
@@ -674,6 +675,10 @@ class NET_EXPORT_PRIVATE QuicConnection
 
   EncryptionLevel encryption_level() const { return encryption_level_; }
 
+  const IPEndPoint& last_packet_source_address() const {
+    return last_packet_source_address_;
+  }
+
  protected:
   // Send a packet to the peer, and takes ownership of the packet if the packet
   // cannot be written immediately.
@@ -691,10 +696,6 @@ class NET_EXPORT_PRIVATE QuicConnection
   // such a version exists, false otherwise.
   bool SelectMutualVersion(const QuicVersionVector& available_versions);
 
-  const IPEndPoint& last_packet_source_address() const {
-    return last_packet_source_address_;
-  }
-
   // Returns the current per-packet options for the connection.
   PerPacketOptions* per_packet_options() { return per_packet_options_; }
   // Sets the current per-packet options for the connection. The QuicConnection
@@ -837,8 +838,12 @@ class NET_EXPORT_PRIVATE QuicConnection
   // handled, false otherwise.
   bool ProcessValidatedPacket(const QuicPacketHeader& header);
 
+  // Consider receiving crypto frame on non crypto stream as memory corruption.
+  bool MaybeConsiderAsMemoryCorruption(const QuicStreamFrame& frame);
+
   QuicFramer framer_;
   QuicConnectionHelperInterface* helper_;  // Not owned.
+  QuicAlarmFactory* alarm_factory_;        // Not owned.
   PerPacketOptions* per_packet_options_;   // Not owned.
   QuicPacketWriter* writer_;  // Owned or not depending on |owns_writer_|.
   bool owns_writer_;
@@ -909,7 +914,8 @@ class NET_EXPORT_PRIVATE QuicConnection
   bool save_crypto_packets_as_termination_packets_;
 
   // Contains the connection close packets if the connection has been closed.
-  scoped_ptr<std::vector<QuicEncryptedPacket*>> termination_packets_;
+  std::unique_ptr<std::vector<std::unique_ptr<QuicEncryptedPacket>>>
+      termination_packets_;
 
   // Determines whether or not a connection close packet is sent to the peer
   // after idle timeout due to lack of network activity.
@@ -937,6 +943,8 @@ class NET_EXPORT_PRIVATE QuicConnection
   int stop_waiting_count_;
   // Indicates the current ack mode, defaults to acking every 2 packets.
   AckMode ack_mode_;
+  // The max delay in fraction of min_rtt to use when sending decimated acks.
+  float ack_decimation_delay_;
 
   // Indicates the retransmit alarm is going to be set by the
   // ScopedRetransmitAlarmDelayer
@@ -960,6 +968,8 @@ class NET_EXPORT_PRIVATE QuicConnection
   QuicArenaScopedPtr<QuicAlarm> send_alarm_;
   // An alarm that is scheduled when the connection can still write and there
   // may be more data to send.
+  // TODO(ianswett): Remove resume_writes_alarm when deprecating
+  // FLAGS_quic_only_one_sending_alarm
   QuicArenaScopedPtr<QuicAlarm> resume_writes_alarm_;
   // An alarm that fires when the connection may have timed out.
   QuicArenaScopedPtr<QuicAlarm> timeout_alarm_;
diff --git a/chromium/net/quic/quic_connection_logger.cc b/chromium/net/quic/quic_connection_logger.cc
index b9cb00e3223..f99bf35a4c3 100644
--- a/chromium/net/quic/quic_connection_logger.cc
+++ b/chromium/net/quic/quic_connection_logger.cc
@@ -38,24 +38,24 @@ namespace {
 // Hence the largest sample is bounded by the sum of those numbers.
 const int kBoundingSampleInCumulativeHistogram = ((2 + 22) * 21) / 2;
 
-scoped_ptr<base::Value> NetLogQuicPacketCallback(
+std::unique_ptr<base::Value> NetLogQuicPacketCallback(
     const IPEndPoint* self_address,
     const IPEndPoint* peer_address,
     size_t packet_size,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetString("self_address", self_address->ToString());
   dict->SetString("peer_address", peer_address->ToString());
   dict->SetInteger("size", packet_size);
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogQuicPacketSentCallback(
+std::unique_ptr<base::Value> NetLogQuicPacketSentCallback(
     const SerializedPacket& serialized_packet,
     TransmissionType transmission_type,
     QuicTime sent_time,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetInteger("transmission_type", transmission_type);
   dict->SetString("packet_number",
                   base::Uint64ToString(serialized_packet.packet_number));
@@ -64,28 +64,28 @@ scoped_ptr<base::Value> NetLogQuicPacketSentCallback(
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogQuicPacketRetransmittedCallback(
+std::unique_ptr<base::Value> NetLogQuicPacketRetransmittedCallback(
     QuicPacketNumber old_packet_number,
     QuicPacketNumber new_packet_number,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetString("old_packet_number", base::Uint64ToString(old_packet_number));
   dict->SetString("new_packet_number", base::Uint64ToString(new_packet_number));
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogQuicDuplicatePacketCallback(
+std::unique_ptr<base::Value> NetLogQuicDuplicatePacketCallback(
     QuicPacketNumber packet_number,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetString("packet_number", base::Uint64ToString(packet_number));
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogQuicPacketHeaderCallback(
+std::unique_ptr<base::Value> NetLogQuicPacketHeaderCallback(
     const QuicPacketHeader* header,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetString("connection_id",
                   base::Uint64ToString(header->public_header.connection_id));
   dict->SetInteger("reset_flag", header->public_header.reset_flag);
@@ -97,21 +97,21 @@ scoped_ptr<base::Value> NetLogQuicPacketHeaderCallback(
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogQuicStreamFrameCallback(
+std::unique_ptr<base::Value> NetLogQuicStreamFrameCallback(
     const QuicStreamFrame* frame,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetInteger("stream_id", frame->stream_id);
   dict->SetBoolean("fin", frame->fin);
   dict->SetString("offset", base::Uint64ToString(frame->offset));
-  dict->SetInteger("length", frame->frame_length);
+  dict->SetInteger("length", frame->data_length);
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogQuicAckFrameCallback(
+std::unique_ptr<base::Value> NetLogQuicAckFrameCallback(
     const QuicAckFrame* frame,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetString("largest_observed",
                   base::Uint64ToString(frame->largest_observed));
   dict->SetString("delta_time_largest_observed_us",
@@ -120,8 +120,8 @@ scoped_ptr<base::Value> NetLogQuicAckFrameCallback(
   dict->SetBoolean("truncated", frame->is_truncated);
 
   base::ListValue* missing = new base::ListValue();
-  dict->Set("missing_packets", missing);
-  for (QuicPacketNumber packet : frame->missing_packets)
+  dict->Set("packets", missing);
+  for (QuicPacketNumber packet : frame->packets)
     missing->AppendString(base::Uint64ToString(packet));
 
   base::ListValue* received = new base::ListValue();
@@ -139,55 +139,55 @@ scoped_ptr<base::Value> NetLogQuicAckFrameCallback(
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogQuicRstStreamFrameCallback(
+std::unique_ptr<base::Value> NetLogQuicRstStreamFrameCallback(
     const QuicRstStreamFrame* frame,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetInteger("stream_id", frame->stream_id);
   dict->SetInteger("quic_rst_stream_error", frame->error_code);
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogQuicConnectionCloseFrameCallback(
+std::unique_ptr<base::Value> NetLogQuicConnectionCloseFrameCallback(
     const QuicConnectionCloseFrame* frame,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetInteger("quic_error", frame->error_code);
   dict->SetString("details", frame->error_details);
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogQuicWindowUpdateFrameCallback(
+std::unique_ptr<base::Value> NetLogQuicWindowUpdateFrameCallback(
     const QuicWindowUpdateFrame* frame,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetInteger("stream_id", frame->stream_id);
   dict->SetString("byte_offset", base::Uint64ToString(frame->byte_offset));
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogQuicBlockedFrameCallback(
+std::unique_ptr<base::Value> NetLogQuicBlockedFrameCallback(
     const QuicBlockedFrame* frame,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetInteger("stream_id", frame->stream_id);
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogQuicGoAwayFrameCallback(
+std::unique_ptr<base::Value> NetLogQuicGoAwayFrameCallback(
     const QuicGoAwayFrame* frame,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetInteger("quic_error", frame->error_code);
   dict->SetInteger("last_good_stream_id", frame->last_good_stream_id);
   dict->SetString("reason_phrase", frame->reason_phrase);
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogQuicStopWaitingFrameCallback(
+std::unique_ptr<base::Value> NetLogQuicStopWaitingFrameCallback(
     const QuicStopWaitingFrame* frame,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   base::DictionaryValue* sent_info = new base::DictionaryValue();
   dict->Set("sent_info", sent_info);
   sent_info->SetString("least_unacked",
@@ -195,10 +195,10 @@ scoped_ptr<base::Value> NetLogQuicStopWaitingFrameCallback(
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogQuicVersionNegotiationPacketCallback(
+std::unique_ptr<base::Value> NetLogQuicVersionNegotiationPacketCallback(
     const QuicVersionNegotiationPacket* packet,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   base::ListValue* versions = new base::ListValue();
   dict->Set("versions", versions);
   for (QuicVersionVector::const_iterator it = packet->versions.begin();
@@ -208,33 +208,33 @@ scoped_ptr<base::Value> NetLogQuicVersionNegotiationPacketCallback(
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogQuicCryptoHandshakeMessageCallback(
+std::unique_ptr<base::Value> NetLogQuicCryptoHandshakeMessageCallback(
     const CryptoHandshakeMessage* message,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetString("quic_crypto_handshake_message", message->DebugString());
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogQuicOnConnectionClosedCallback(
+std::unique_ptr<base::Value> NetLogQuicOnConnectionClosedCallback(
     QuicErrorCode error,
     ConnectionCloseSource source,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetInteger("quic_error", error);
   dict->SetBoolean("from_peer",
                    source == ConnectionCloseSource::FROM_PEER ? true : false);
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogQuicCertificateVerifiedCallback(
+std::unique_ptr<base::Value> NetLogQuicCertificateVerifiedCallback(
     scoped_refptr<X509Certificate> cert,
     NetLogCaptureMode /* capture_mode */) {
   // Only the subjects are logged so that we can investigate connection pooling.
   // More fields could be logged in the future.
   std::vector<std::string> dns_names;
   cert->GetDNSNames(&dns_names);
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   base::ListValue* subjects = new base::ListValue();
   for (std::vector<std::string>::const_iterator it = dns_names.begin();
        it != dns_names.end(); it++) {
@@ -274,7 +274,7 @@ AddressFamily GetRealAddressFamily(const IPAddress& address) {
 QuicConnectionLogger::QuicConnectionLogger(
     QuicSpdySession* session,
     const char* const connection_description,
-    scoped_ptr<SocketPerformanceWatcher> socket_performance_watcher,
+    std::unique_ptr<SocketPerformanceWatcher> socket_performance_watcher,
     const BoundNetLog& net_log)
     : net_log_(net_log),
       session_(session),
@@ -351,8 +351,12 @@ void QuicConnectionLogger::OnFrameAddedToPacket(const QuicFrame& frame) {
       net_log_.AddEvent(
           NetLog::TYPE_QUIC_SESSION_ACK_FRAME_SENT,
           base::Bind(&NetLogQuicAckFrameCallback, frame.ack_frame));
-      const PacketNumberQueue& missing_packets =
-          frame.ack_frame->missing_packets;
+      // Missing packets histogram only relevant for v33 and lower
+      // TODO(rch, rtenneti) sort out histograms for v34+
+      if (session_->connection()->version() > QUIC_VERSION_33) {
+        break;
+      }
+      const PacketNumberQueue& missing_packets = frame.ack_frame->packets;
       const uint8_t max_ranges = std::numeric_limits<uint8_t>::max();
       // Compute an upper bound on the number of NACK ranges. If the bound
       // is below the max, then it clearly isn't truncated.
@@ -424,6 +428,7 @@ void QuicConnectionLogger::OnFrameAddedToPacket(const QuicFrame& frame) {
 
 void QuicConnectionLogger::OnPacketSent(
     const SerializedPacket& serialized_packet,
+    QuicPathId /* original_path_id */,
     QuicPacketNumber original_packet_number,
     TransmissionType transmission_type,
     QuicTime sent_time) {
@@ -543,10 +548,14 @@ void QuicConnectionLogger::OnAckFrame(const QuicAckFrame& frame) {
   if (frame.is_truncated)
     ++num_truncated_acks_received_;
 
-  if (frame.missing_packets.Empty())
+  if (frame.packets.Empty())
     return;
 
-  const PacketNumberQueue& missing_packets = frame.missing_packets;
+  // TODO(rch, rtenneti) sort out histograms for QUIC_VERSION_34 and above.
+  if (session_->connection()->version() > QUIC_VERSION_33) {
+    return;
+  }
+  const PacketNumberQueue& missing_packets = frame.packets;
   PacketNumberQueue::const_iterator it =
       missing_packets.lower_bound(largest_received_missing_packet_number_);
   if (it == missing_packets.end())
diff --git a/chromium/net/quic/quic_connection_logger.h b/chromium/net/quic/quic_connection_logger.h
index ff2c9173e1a..6dc1998cf80 100644
--- a/chromium/net/quic/quic_connection_logger.h
+++ b/chromium/net/quic/quic_connection_logger.h
@@ -12,11 +12,11 @@
 #include "base/macros.h"
 #include "net/base/ip_endpoint.h"
 #include "net/base/network_change_notifier.h"
-#include "net/base/socket_performance_watcher.h"
 #include "net/log/net_log.h"
 #include "net/quic/quic_connection.h"
 #include "net/quic/quic_protocol.h"
 #include "net/quic/quic_spdy_session.h"
+#include "net/socket/socket_performance_watcher.h"
 
 namespace net {
 namespace test {
@@ -35,7 +35,7 @@ class NET_EXPORT_PRIVATE QuicConnectionLogger
   QuicConnectionLogger(
       QuicSpdySession* session,
       const char* const connection_description,
-      scoped_ptr<SocketPerformanceWatcher> socket_performance_watcher,
+      std::unique_ptr<SocketPerformanceWatcher> socket_performance_watcher,
       const BoundNetLog& net_log);
 
   ~QuicConnectionLogger() override;
@@ -45,6 +45,7 @@ class NET_EXPORT_PRIVATE QuicConnectionLogger
 
   // QuicConnectionDebugVisitorInterface
   void OnPacketSent(const SerializedPacket& serialized_packet,
+                    QuicPathId original_path_id,
                     QuicPacketNumber original_packet_number,
                     TransmissionType transmission_type,
                     QuicTime sent_time) override;
@@ -185,7 +186,7 @@ class NET_EXPORT_PRIVATE QuicConnectionLogger
   const char* const connection_description_;
   // Receives notifications regarding the performance of the underlying socket
   // for the QUIC connection. May be null.
-  const scoped_ptr<SocketPerformanceWatcher> socket_performance_watcher_;
+  const std::unique_ptr<SocketPerformanceWatcher> socket_performance_watcher_;
 
   DISALLOW_COPY_AND_ASSIGN(QuicConnectionLogger);
 };
diff --git a/chromium/net/quic/quic_connection_logger_unittest.cc b/chromium/net/quic/quic_connection_logger_unittest.cc
index ebaa12dbfec..167b63cfc41 100644
--- a/chromium/net/quic/quic_connection_logger_unittest.cc
+++ b/chromium/net/quic/quic_connection_logger_unittest.cc
@@ -4,9 +4,10 @@
 
 #include "net/quic/quic_connection_logger.h"
 
-#include "net/base/socket_performance_watcher.h"
 #include "net/quic/quic_protocol.h"
+#include "net/quic/test_tools/quic_connection_peer.h"
 #include "net/quic/test_tools/quic_test_utils.h"
+#include "net/socket/socket_performance_watcher.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 namespace net {
@@ -32,14 +33,20 @@ class QuicConnectionLoggerPeer {
 class QuicConnectionLoggerTest : public ::testing::Test {
  protected:
   QuicConnectionLoggerTest()
-      : session_(new MockConnection(&helper_, Perspective::IS_CLIENT)),
+      : session_(new MockQuicConnection(&helper_,
+                                        &alarm_factory_,
+                                        Perspective::IS_CLIENT)),
         logger_(&session_,
                 "CONNECTION_UNKNOWN",
                 /*socket_performance_watcher=*/nullptr,
-                net_log_) {}
+                net_log_) {
+    QuicConnectionPeer::GetFramer(session_.connection())
+        ->set_version(QUIC_VERSION_33);
+  }
 
   BoundNetLog net_log_;
-  MockConnectionHelper helper_;
+  MockQuicConnectionHelper helper_;
+  MockAlarmFactory alarm_factory_;
   MockQuicSpdySession session_;
   QuicConnectionLogger logger_;
 };
@@ -50,7 +57,7 @@ TEST_F(QuicConnectionLoggerTest, TruncatedAcksSentNotChanged) {
   EXPECT_EQ(0u, QuicConnectionLoggerPeer::num_truncated_acks_sent(logger_));
 
   for (QuicPacketNumber i = 0; i < 256; ++i) {
-    frame.missing_packets.Add(i);
+    frame.packets.Add(i);
   }
   logger_.OnFrameAddedToPacket(QuicFrame(&frame));
   EXPECT_EQ(0u, QuicConnectionLoggerPeer::num_truncated_acks_sent(logger_));
@@ -59,7 +66,7 @@ TEST_F(QuicConnectionLoggerTest, TruncatedAcksSentNotChanged) {
 TEST_F(QuicConnectionLoggerTest, TruncatedAcksSent) {
   QuicAckFrame frame;
   for (QuicPacketNumber i = 0; i < 512; i += 2) {
-    frame.missing_packets.Add(i);
+    frame.packets.Add(i);
   }
   logger_.OnFrameAddedToPacket(QuicFrame(&frame));
   EXPECT_EQ(1u, QuicConnectionLoggerPeer::num_truncated_acks_sent(logger_));
diff --git a/chromium/net/quic/quic_connection_test.cc b/chromium/net/quic/quic_connection_test.cc
index ee2ab97d0c3..760ef02c909 100644
--- a/chromium/net/quic/quic_connection_test.cc
+++ b/chromium/net/quic/quic_connection_test.cc
@@ -4,11 +4,13 @@
 
 #include "net/quic/quic_connection.h"
 
+#include <errno.h>
+#include <memory>
 #include <ostream>
+#include <utility>
 
 #include "base/bind.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/stl_util.h"
 #include "net/base/ip_address.h"
 #include "net/base/net_errors.h"
@@ -72,6 +74,11 @@ const int kDefaultRetransmissionTimeMs = 500;
 const IPEndPoint kPeerAddress = IPEndPoint(Loopback6(), /*port=*/12345);
 const IPEndPoint kSelfAddress = IPEndPoint(Loopback6(), /*port=*/443);
 
+Perspective InvertPerspective(Perspective perspective) {
+  return perspective == Perspective::IS_CLIENT ? Perspective::IS_SERVER
+                                               : Perspective::IS_CLIENT;
+}
+
 // TaggingEncrypter appends kTagSize bytes of |tag| to the end of each message.
 class TaggingEncrypter : public QuicEncrypter {
  public:
@@ -139,6 +146,15 @@ class TaggingDecrypter : public QuicDecrypter {
 
   bool SetNoncePrefix(StringPiece nonce_prefix) override { return true; }
 
+  bool SetPreliminaryKey(StringPiece key) override {
+    QUIC_BUG << "should not be called";
+    return false;
+  }
+
+  bool SetDiversificationNonce(DiversificationNonce key) override {
+    return true;
+  }
+
   bool DecryptPacket(QuicPathId path_id,
                      QuicPacketNumber packet_number,
                      StringPiece associated_data,
@@ -204,6 +220,30 @@ class StrictTaggingDecrypter : public TaggingDecrypter {
 
 class TestConnectionHelper : public QuicConnectionHelperInterface {
  public:
+  TestConnectionHelper(MockClock* clock, MockRandom* random_generator)
+      : clock_(clock), random_generator_(random_generator) {
+    clock_->AdvanceTime(QuicTime::Delta::FromSeconds(1));
+  }
+
+  // QuicConnectionHelperInterface
+  const QuicClock* GetClock() const override { return clock_; }
+
+  QuicRandom* GetRandomGenerator() override { return random_generator_; }
+
+  QuicBufferAllocator* GetBufferAllocator() override {
+    return &buffer_allocator_;
+  }
+
+ private:
+  MockClock* clock_;
+  MockRandom* random_generator_;
+  SimpleBufferAllocator buffer_allocator_;
+
+  DISALLOW_COPY_AND_ASSIGN(TestConnectionHelper);
+};
+
+class TestAlarmFactory : public QuicAlarmFactory {
+ public:
   class TestAlarm : public QuicAlarm {
    public:
     explicit TestAlarm(QuicArenaScopedPtr<QuicAlarm::Delegate> delegate)
@@ -214,15 +254,7 @@ class TestConnectionHelper : public QuicConnectionHelperInterface {
     using QuicAlarm::Fire;
   };
 
-  TestConnectionHelper(MockClock* clock, MockRandom* random_generator)
-      : clock_(clock), random_generator_(random_generator) {
-    clock_->AdvanceTime(QuicTime::Delta::FromSeconds(1));
-  }
-
-  // QuicConnectionHelperInterface
-  const QuicClock* GetClock() const override { return clock_; }
-
-  QuicRandom* GetRandomGenerator() override { return random_generator_; }
+  TestAlarmFactory() {}
 
   QuicAlarm* CreateAlarm(QuicAlarm::Delegate* delegate) override {
     return new TestAlarm(QuicArenaScopedPtr<QuicAlarm::Delegate>(delegate));
@@ -234,16 +266,8 @@ class TestConnectionHelper : public QuicConnectionHelperInterface {
     return arena->New<TestAlarm>(std::move(delegate));
   }
 
-  QuicBufferAllocator* GetBufferAllocator() override {
-    return &buffer_allocator_;
-  }
-
  private:
-  MockClock* clock_;
-  MockRandom* random_generator_;
-  SimpleBufferAllocator buffer_allocator_;
-
-  DISALLOW_COPY_AND_ASSIGN(TestConnectionHelper);
+  DISALLOW_COPY_AND_ASSIGN(TestAlarmFactory);
 };
 
 class TestPacketWriter : public QuicPacketWriter {
@@ -368,10 +392,8 @@ class TestPacketWriter : public QuicPacketWriter {
   void set_perspective(Perspective perspective) {
     // We invert perspective here, because the framer needs to parse packets
     // we send.
-    perspective = perspective == Perspective::IS_CLIENT
-                      ? Perspective::IS_SERVER
-                      : Perspective::IS_CLIENT;
-    QuicFramerPeer::SetPerspective(framer_.framer(), perspective);
+    QuicFramerPeer::SetPerspective(framer_.framer(),
+                                   InvertPerspective(perspective));
   }
 
   // final_bytes_of_last_packet_ returns the last four bytes of the previous
@@ -425,12 +447,14 @@ class TestConnection : public QuicConnection {
   TestConnection(QuicConnectionId connection_id,
                  IPEndPoint address,
                  TestConnectionHelper* helper,
+                 TestAlarmFactory* alarm_factory,
                  TestPacketWriter* writer,
                  Perspective perspective,
                  QuicVersion version)
       : QuicConnection(connection_id,
                        address,
                        helper,
+                       alarm_factory,
                        writer,
                        /* owns_writer= */ false,
                        perspective,
@@ -542,38 +566,38 @@ class TestConnection : public QuicConnection {
         .WillRepeatedly(Return(QuicBandwidth::FromKBytesPerSecond(10000)));
   }
 
-  TestConnectionHelper::TestAlarm* GetAckAlarm() {
-    return reinterpret_cast<TestConnectionHelper::TestAlarm*>(
+  TestAlarmFactory::TestAlarm* GetAckAlarm() {
+    return reinterpret_cast<TestAlarmFactory::TestAlarm*>(
         QuicConnectionPeer::GetAckAlarm(this));
   }
 
-  TestConnectionHelper::TestAlarm* GetPingAlarm() {
-    return reinterpret_cast<TestConnectionHelper::TestAlarm*>(
+  TestAlarmFactory::TestAlarm* GetPingAlarm() {
+    return reinterpret_cast<TestAlarmFactory::TestAlarm*>(
         QuicConnectionPeer::GetPingAlarm(this));
   }
 
-  TestConnectionHelper::TestAlarm* GetResumeWritesAlarm() {
-    return reinterpret_cast<TestConnectionHelper::TestAlarm*>(
+  TestAlarmFactory::TestAlarm* GetResumeWritesAlarm() {
+    return reinterpret_cast<TestAlarmFactory::TestAlarm*>(
         QuicConnectionPeer::GetResumeWritesAlarm(this));
   }
 
-  TestConnectionHelper::TestAlarm* GetRetransmissionAlarm() {
-    return reinterpret_cast<TestConnectionHelper::TestAlarm*>(
+  TestAlarmFactory::TestAlarm* GetRetransmissionAlarm() {
+    return reinterpret_cast<TestAlarmFactory::TestAlarm*>(
         QuicConnectionPeer::GetRetransmissionAlarm(this));
   }
 
-  TestConnectionHelper::TestAlarm* GetSendAlarm() {
-    return reinterpret_cast<TestConnectionHelper::TestAlarm*>(
+  TestAlarmFactory::TestAlarm* GetSendAlarm() {
+    return reinterpret_cast<TestAlarmFactory::TestAlarm*>(
         QuicConnectionPeer::GetSendAlarm(this));
   }
 
-  TestConnectionHelper::TestAlarm* GetTimeoutAlarm() {
-    return reinterpret_cast<TestConnectionHelper::TestAlarm*>(
+  TestAlarmFactory::TestAlarm* GetTimeoutAlarm() {
+    return reinterpret_cast<TestAlarmFactory::TestAlarm*>(
         QuicConnectionPeer::GetTimeoutAlarm(this));
   }
 
-  TestConnectionHelper::TestAlarm* GetMtuDiscoveryAlarm() {
-    return reinterpret_cast<TestConnectionHelper::TestAlarm*>(
+  TestAlarmFactory::TestAlarm* GetMtuDiscoveryAlarm() {
+    return reinterpret_cast<TestAlarmFactory::TestAlarm*>(
         QuicConnectionPeer::GetMtuDiscoveryAlarm(this));
   }
 
@@ -635,8 +659,12 @@ class QuicConnectionTest : public ::testing::TestWithParam<TestParams> {
         send_algorithm_(new StrictMock<MockSendAlgorithm>),
         loss_algorithm_(new MockLossAlgorithm()),
         helper_(new TestConnectionHelper(&clock_, &random_generator_)),
+        alarm_factory_(new TestAlarmFactory()),
+        peer_framer_(SupportedVersions(version()),
+                     QuicTime::Zero(),
+                     Perspective::IS_SERVER),
         peer_creator_(connection_id_,
-                      &framer_,
+                      &peer_framer_,
                       &random_generator_,
                       &buffer_allocator_,
                       /*delegate=*/nullptr),
@@ -644,6 +672,7 @@ class QuicConnectionTest : public ::testing::TestWithParam<TestParams> {
         connection_(connection_id_,
                     kPeerAddress,
                     helper_.get(),
+                    alarm_factory_.get(),
                     writer_.get(),
                     Perspective::IS_CLIENT,
                     version()),
@@ -661,6 +690,7 @@ class QuicConnectionTest : public ::testing::TestWithParam<TestParams> {
     connection_.SetSendAlgorithm(send_algorithm_);
     connection_.SetLossAlgorithm(loss_algorithm_);
     framer_.set_received_entropy_calculator(&entropy_calculator_);
+    peer_framer_.set_received_entropy_calculator(&peer_entropy_calculator_);
     EXPECT_CALL(*send_algorithm_, TimeUntilSend(_, _))
         .WillRepeatedly(Return(QuicTime::Delta::Zero()));
     EXPECT_CALL(*send_algorithm_, OnPacketSent(_, _, _, _, _))
@@ -690,7 +720,8 @@ class QuicConnectionTest : public ::testing::TestWithParam<TestParams> {
 
     EXPECT_CALL(*loss_algorithm_, GetLossTimeout())
         .WillRepeatedly(Return(QuicTime::Zero()));
-    EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _)).Times(AnyNumber());
+    EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _, _))
+        .Times(AnyNumber());
     // TODO(ianswett): Fix QuicConnectionTests so they don't attempt to write
     // non-crypto stream data at ENCRYPTION_NONE.
     FLAGS_quic_never_write_unencrypted_data = false;
@@ -766,7 +797,7 @@ class QuicConnectionTest : public ::testing::TestWithParam<TestParams> {
     header.packet_number = number;
     QuicFrames frames;
     frames.push_back(frame);
-    scoped_ptr<QuicPacket> packet(ConstructPacket(header, frames));
+    std::unique_ptr<QuicPacket> packet(ConstructPacket(header, frames));
 
     char buffer[kMaxPacketSize];
     size_t encrypted_length = framer_.EncryptPayload(
@@ -789,7 +820,7 @@ class QuicConnectionTest : public ::testing::TestWithParam<TestParams> {
                                   bool entropy_flag,
                                   bool has_stop_waiting,
                                   EncryptionLevel level) {
-    scoped_ptr<QuicPacket> packet(
+    std::unique_ptr<QuicPacket> packet(
         ConstructDataPacket(path_id, number, entropy_flag, has_stop_waiting));
     char buffer[kMaxPacketSize];
     size_t encrypted_length = framer_.EncryptPayload(
@@ -804,7 +835,7 @@ class QuicConnectionTest : public ::testing::TestWithParam<TestParams> {
   }
 
   void ProcessClosePacket(QuicPathId path_id, QuicPacketNumber number) {
-    scoped_ptr<QuicPacket> packet(ConstructClosePacket(number));
+    std::unique_ptr<QuicPacket> packet(ConstructClosePacket(number));
     char buffer[kMaxPacketSize];
     size_t encrypted_length = framer_.EncryptPayload(
         ENCRYPTION_NONE, path_id, number, *packet, buffer, kMaxPacketSize);
@@ -868,11 +899,11 @@ class QuicConnectionTest : public ::testing::TestWithParam<TestParams> {
   }
 
   bool IsMissing(QuicPacketNumber number) {
-    return IsAwaitingPacket(*outgoing_ack(), number);
+    return IsAwaitingPacket(*outgoing_ack(), number, 0);
   }
 
   QuicPacket* ConstructPacket(QuicPacketHeader header, QuicFrames frames) {
-    QuicPacket* packet = BuildUnsizedDataPacket(&framer_, header, frames);
+    QuicPacket* packet = BuildUnsizedDataPacket(&peer_framer_, header, frames);
     EXPECT_NE(nullptr, packet);
     return packet;
   }
@@ -926,9 +957,16 @@ class QuicConnectionTest : public ::testing::TestWithParam<TestParams> {
   // Initialize a frame acknowledging all packets up to largest_observed.
   const QuicAckFrame InitAckFrame(QuicPacketNumber largest_observed) {
     QuicAckFrame frame(MakeAckFrame(largest_observed));
-    if (largest_observed > 0) {
-      frame.entropy_hash = QuicConnectionPeer::GetSentEntropyHash(
-          &connection_, largest_observed);
+    if (GetParam().version <= QUIC_VERSION_33) {
+      if (largest_observed > 0) {
+        frame.entropy_hash = QuicConnectionPeer::GetSentEntropyHash(
+            &connection_, largest_observed);
+      }
+    } else {
+      frame.missing = false;
+      if (largest_observed > 0) {
+        frame.packets.Add(1, largest_observed + 1);
+      }
     }
     return frame;
   }
@@ -942,17 +980,26 @@ class QuicConnectionTest : public ::testing::TestWithParam<TestParams> {
 
   // Explicitly nack a packet.
   void NackPacket(QuicPacketNumber missing, QuicAckFrame* frame) {
-    frame->missing_packets.Add(missing);
-    frame->entropy_hash ^=
-        QuicConnectionPeer::PacketEntropy(&connection_, missing);
+    if (frame->missing) {
+      frame->packets.Add(missing);
+      frame->entropy_hash ^=
+          QuicConnectionPeer::PacketEntropy(&connection_, missing);
+    } else {
+      frame->packets.Remove(missing);
+    }
   }
 
   // Undo nacking a packet within the frame.
   void AckPacket(QuicPacketNumber arrived, QuicAckFrame* frame) {
-    EXPECT_TRUE(frame->missing_packets.Contains(arrived));
-    frame->missing_packets.Remove(arrived);
-    frame->entropy_hash ^=
-        QuicConnectionPeer::PacketEntropy(&connection_, arrived);
+    if (frame->missing) {
+      EXPECT_TRUE(frame->packets.Contains(arrived));
+      frame->packets.Remove(arrived);
+      frame->entropy_hash ^=
+          QuicConnectionPeer::PacketEntropy(&connection_, arrived);
+    } else {
+      EXPECT_FALSE(frame->packets.Contains(arrived));
+      frame->packets.Add(arrived);
+    }
   }
 
   void TriggerConnectionClose() {
@@ -985,23 +1032,32 @@ class QuicConnectionTest : public ::testing::TestWithParam<TestParams> {
         .WillRepeatedly(testing::Return(QuicTime::Delta::Zero()));
   }
 
+  void set_perspective(Perspective perspective) {
+    connection_.set_perspective(perspective);
+    QuicFramerPeer::SetPerspective(&peer_framer_,
+                                   InvertPerspective(perspective));
+  }
+
   QuicConnectionId connection_id_;
   QuicFramer framer_;
   MockEntropyCalculator entropy_calculator_;
+  MockEntropyCalculator peer_entropy_calculator_;
 
   MockSendAlgorithm* send_algorithm_;
   MockLossAlgorithm* loss_algorithm_;
   MockClock clock_;
   MockRandom random_generator_;
   SimpleBufferAllocator buffer_allocator_;
-  scoped_ptr<TestConnectionHelper> helper_;
+  std::unique_ptr<TestConnectionHelper> helper_;
+  std::unique_ptr<TestAlarmFactory> alarm_factory_;
+  QuicFramer peer_framer_;
   QuicPacketCreator peer_creator_;
-  scoped_ptr<TestPacketWriter> writer_;
+  std::unique_ptr<TestPacketWriter> writer_;
   TestConnection connection_;
   QuicPacketCreator* creator_;
   QuicPacketGenerator* generator_;
   QuicSentPacketManager* manager_;
-  StrictMock<MockConnectionVisitor> visitor_;
+  StrictMock<MockQuicConnectionVisitor> visitor_;
 
   QuicStreamFrame frame1_;
   QuicStreamFrame frame2_;
@@ -1040,7 +1096,7 @@ TEST_P(QuicConnectionTest, SelfAddressChangeAtClient) {
 TEST_P(QuicConnectionTest, SelfAddressChangeAtServer) {
   EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_));
 
-  connection_.set_perspective(Perspective::IS_SERVER);
+  set_perspective(Perspective::IS_SERVER);
   QuicPacketCreatorPeer::SetSendVersionInPacket(creator_, false);
 
   EXPECT_EQ(Perspective::IS_SERVER, connection_.perspective());
@@ -1066,7 +1122,8 @@ TEST_P(QuicConnectionTest, MaxPacketSize) {
 TEST_P(QuicConnectionTest, SmallerServerMaxPacketSize) {
   QuicConnectionId connection_id = 42;
   TestConnection connection(connection_id, kPeerAddress, helper_.get(),
-                            writer_.get(), Perspective::IS_SERVER, version());
+                            alarm_factory_.get(), writer_.get(),
+                            Perspective::IS_SERVER, version());
   EXPECT_EQ(Perspective::IS_SERVER, connection.perspective());
   EXPECT_EQ(1000u, connection.max_packet_length());
 }
@@ -1074,7 +1131,7 @@ TEST_P(QuicConnectionTest, SmallerServerMaxPacketSize) {
 TEST_P(QuicConnectionTest, IncreaseServerMaxPacketSize) {
   EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_));
 
-  connection_.set_perspective(Perspective::IS_SERVER);
+  set_perspective(Perspective::IS_SERVER);
   connection_.SetMaxPacketLength(1000);
 
   QuicPacketHeader header;
@@ -1087,7 +1144,7 @@ TEST_P(QuicConnectionTest, IncreaseServerMaxPacketSize) {
   QuicPaddingFrame padding;
   frames.push_back(QuicFrame(&frame1_));
   frames.push_back(QuicFrame(padding));
-  scoped_ptr<QuicPacket> packet(ConstructPacket(header, frames));
+  std::unique_ptr<QuicPacket> packet(ConstructPacket(header, frames));
   char buffer[kMaxPacketSize];
   size_t encrypted_length = framer_.EncryptPayload(
       ENCRYPTION_NONE, kDefaultPathId, 12, *packet, buffer, kMaxPacketSize);
@@ -1107,7 +1164,7 @@ TEST_P(QuicConnectionTest, IncreaseServerMaxPacketSizeWhileWriterLimited) {
 
   const QuicByteCount lower_max_packet_size = 1240;
   writer_->set_max_packet_size(lower_max_packet_size);
-  connection_.set_perspective(Perspective::IS_SERVER);
+  set_perspective(Perspective::IS_SERVER);
   connection_.SetMaxPacketLength(1000);
   EXPECT_EQ(1000u, connection_.max_packet_length());
 
@@ -1121,7 +1178,7 @@ TEST_P(QuicConnectionTest, IncreaseServerMaxPacketSizeWhileWriterLimited) {
   QuicPaddingFrame padding;
   frames.push_back(QuicFrame(&frame1_));
   frames.push_back(QuicFrame(padding));
-  scoped_ptr<QuicPacket> packet(ConstructPacket(header, frames));
+  std::unique_ptr<QuicPacket> packet(ConstructPacket(header, frames));
   char buffer[kMaxPacketSize];
   size_t encrypted_length = framer_.EncryptPayload(
       ENCRYPTION_NONE, kDefaultPathId, 12, *packet, buffer, kMaxPacketSize);
@@ -1154,7 +1211,8 @@ TEST_P(QuicConnectionTest, LimitMaxPacketSizeByWriterForNewConnection) {
   const QuicByteCount lower_max_packet_size = 1240;
   writer_->set_max_packet_size(lower_max_packet_size);
   TestConnection connection(connection_id, kPeerAddress, helper_.get(),
-                            writer_.get(), Perspective::IS_CLIENT, version());
+                            alarm_factory_.get(), writer_.get(),
+                            Perspective::IS_CLIENT, version());
   EXPECT_EQ(Perspective::IS_CLIENT, connection.perspective());
   EXPECT_EQ(lower_max_packet_size, connection.max_packet_length());
 }
@@ -1164,15 +1222,27 @@ TEST_P(QuicConnectionTest, PacketsInOrder) {
 
   ProcessPacket(kDefaultPathId, 1);
   EXPECT_EQ(1u, outgoing_ack()->largest_observed);
-  EXPECT_TRUE(outgoing_ack()->missing_packets.Empty());
+  if (outgoing_ack()->missing) {
+    EXPECT_TRUE(outgoing_ack()->packets.Empty());
+  } else {
+    EXPECT_EQ(1u, outgoing_ack()->packets.NumIntervals());
+  }
 
   ProcessPacket(kDefaultPathId, 2);
   EXPECT_EQ(2u, outgoing_ack()->largest_observed);
-  EXPECT_TRUE(outgoing_ack()->missing_packets.Empty());
+  if (outgoing_ack()->missing) {
+    EXPECT_TRUE(outgoing_ack()->packets.Empty());
+  } else {
+    EXPECT_EQ(1u, outgoing_ack()->packets.NumIntervals());
+  }
 
   ProcessPacket(kDefaultPathId, 3);
   EXPECT_EQ(3u, outgoing_ack()->largest_observed);
-  EXPECT_TRUE(outgoing_ack()->missing_packets.Empty());
+  if (outgoing_ack()->missing) {
+    EXPECT_TRUE(outgoing_ack()->packets.Empty());
+  } else {
+    EXPECT_EQ(1u, outgoing_ack()->packets.NumIntervals());
+  }
 }
 
 TEST_P(QuicConnectionTest, PacketsOutOfOrder) {
@@ -1267,6 +1337,9 @@ TEST_P(QuicConnectionTest, RejectUnencryptedStreamData) {
 }
 
 TEST_P(QuicConnectionTest, TruncatedAck) {
+  if (GetParam().version > QUIC_VERSION_33) {
+    return;
+  }
   EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_));
   QuicPacketNumber num_packets = 256 * 2 + 1;
   for (QuicPacketNumber i = 0; i < num_packets; ++i) {
@@ -1282,8 +1355,8 @@ TEST_P(QuicConnectionTest, TruncatedAck) {
       lost_packets.insert(i * 2);
     }
   }
-  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _));
-  EXPECT_CALL(entropy_calculator_, EntropyHash(511))
+  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _, _));
+  EXPECT_CALL(peer_entropy_calculator_, EntropyHash(511))
       .WillOnce(Return(static_cast<QuicPacketEntropyHash>(0)));
   EXPECT_CALL(*send_algorithm_, OnCongestionEvent(true, _, _, _));
   ProcessAckPacket(&frame);
@@ -1295,7 +1368,7 @@ TEST_P(QuicConnectionTest, TruncatedAck) {
 
   // Removing one missing packet allows us to ack 192 and one more range, but
   // 192 has already been declared lost, so it doesn't register as an ack.
-  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _));
+  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _, _));
   EXPECT_CALL(*send_algorithm_, OnCongestionEvent(true, _, _, _));
   ProcessAckPacket(&frame);
   EXPECT_EQ(num_packets, manager_->largest_observed());
@@ -1370,8 +1443,8 @@ TEST_P(QuicConnectionTest, AckReceiptCausesAckSend) {
   // First nack triggers early retransmit.
   SendAlgorithmInterface::CongestionVector lost_packets;
   lost_packets.push_back(std::make_pair(1, kMaxPacketSize));
-  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _))
-      .WillOnce(SetArgPointee<3>(lost_packets));
+  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _, _))
+      .WillOnce(SetArgPointee<4>(lost_packets));
   EXPECT_CALL(*send_algorithm_, OnCongestionEvent(true, _, _, _));
   QuicPacketNumber retransmission;
   EXPECT_CALL(*send_algorithm_,
@@ -1383,7 +1456,7 @@ TEST_P(QuicConnectionTest, AckReceiptCausesAckSend) {
   QuicAckFrame frame2 = InitAckFrame(retransmission);
   NackPacket(original, &frame2);
   EXPECT_CALL(*send_algorithm_, OnCongestionEvent(true, _, _, _));
-  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _));
+  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _, _));
   ProcessAckPacket(&frame2);
 
   // Now if the peer sends an ack which still reports the retransmitted packet
@@ -1397,7 +1470,7 @@ TEST_P(QuicConnectionTest, AckReceiptCausesAckSend) {
   EXPECT_EQ(1u, writer_->stream_frames().size());
 
   // No more packet loss for the rest of the test.
-  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _)).Times(AnyNumber());
+  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _, _)).Times(AnyNumber());
   ProcessAckPacket(&frame2);
   EXPECT_CALL(*send_algorithm_,
               OnPacketSent(_, _, _, _, HAS_RETRANSMITTABLE_DATA));
@@ -1473,11 +1546,13 @@ TEST_P(QuicConnectionTest, TooManySentPackets) {
 
   // Ack packet 1, which leaves more than the limit outstanding.
   EXPECT_CALL(*send_algorithm_, OnCongestionEvent(true, _, _, _));
-  EXPECT_CALL(visitor_,
-              OnConnectionClosed(QUIC_TOO_MANY_OUTSTANDING_SENT_PACKETS, _,
-                                 ConnectionCloseSource::FROM_SELF));
-  // We're receive buffer limited, so the connection won't try to write more.
-  EXPECT_CALL(visitor_, OnCanWrite()).Times(0);
+  if (GetParam().version <= QUIC_VERSION_33) {
+    EXPECT_CALL(visitor_,
+                OnConnectionClosed(QUIC_TOO_MANY_OUTSTANDING_SENT_PACKETS, _,
+                                   ConnectionCloseSource::FROM_SELF));
+    // We're receive buffer limited, so the connection won't try to write more.
+    EXPECT_CALL(visitor_, OnCanWrite()).Times(0);
+  }
 
   // Nack the first packet and ack the rest, leaving a huge gap.
   QuicAckFrame frame1 = InitAckFrame(num_packets);
@@ -1487,10 +1562,11 @@ TEST_P(QuicConnectionTest, TooManySentPackets) {
 
 TEST_P(QuicConnectionTest, TooManyReceivedPackets) {
   EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_));
-  EXPECT_CALL(visitor_,
-              OnConnectionClosed(QUIC_TOO_MANY_OUTSTANDING_RECEIVED_PACKETS, _,
-                                 ConnectionCloseSource::FROM_SELF));
-
+  if (GetParam().version <= QUIC_VERSION_33) {
+    EXPECT_CALL(visitor_,
+                OnConnectionClosed(QUIC_TOO_MANY_OUTSTANDING_RECEIVED_PACKETS,
+                                   _, ConnectionCloseSource::FROM_SELF));
+  }
   // Miss 99 of every 100 packets for 5500 packets.
   for (QuicPacketNumber i = 1; i < kMaxTrackedPackets + 500; i += 100) {
     ProcessPacket(kDefaultPathId, i);
@@ -1834,7 +1910,7 @@ TEST_P(QuicConnectionTest, FramePackingSendv) {
   EXPECT_EQ(1u, writer_->stream_frames().size());
   QuicStreamFrame* frame = writer_->stream_frames()[0];
   EXPECT_EQ(1u, frame->stream_id);
-  EXPECT_EQ("ABCD", StringPiece(frame->frame_buffer, frame->frame_length));
+  EXPECT_EQ("ABCD", StringPiece(frame->data_buffer, frame->data_length));
 }
 
 TEST_P(QuicConnectionTest, FramePackingSendvQueued) {
@@ -1868,7 +1944,7 @@ TEST_P(QuicConnectionTest, SendingZeroBytes) {
   // Send a zero byte write with a fin using writev.
   EXPECT_CALL(*send_algorithm_, OnPacketSent(_, _, _, _, _));
   QuicIOVector empty_iov(nullptr, 0, 0);
-  connection_.SendStreamData(1, empty_iov, 0, kFin, nullptr);
+  connection_.SendStreamData(kHeadersStreamId, empty_iov, 0, kFin, nullptr);
 
   EXPECT_EQ(0u, connection_.NumQueuedPackets());
   EXPECT_FALSE(connection_.HasQueuedData());
@@ -1876,7 +1952,7 @@ TEST_P(QuicConnectionTest, SendingZeroBytes) {
   // Parse the last packet and ensure it's one stream frame from one stream.
   EXPECT_EQ(1u, writer_->frame_count());
   EXPECT_EQ(1u, writer_->stream_frames().size());
-  EXPECT_EQ(1u, writer_->stream_frames()[0]->stream_id);
+  EXPECT_EQ(kHeadersStreamId, writer_->stream_frames()[0]->stream_id);
   EXPECT_TRUE(writer_->stream_frames()[0]->fin);
 }
 
@@ -1921,8 +1997,8 @@ TEST_P(QuicConnectionTest, RetransmitOnNack) {
   NackPacket(2, &nack_two);
   SendAlgorithmInterface::CongestionVector lost_packets;
   lost_packets.push_back(std::make_pair(2, kMaxPacketSize));
-  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _))
-      .WillOnce(SetArgPointee<3>(lost_packets));
+  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _, _))
+      .WillOnce(SetArgPointee<4>(lost_packets));
   EXPECT_CALL(*send_algorithm_, OnCongestionEvent(true, _, _, _));
   EXPECT_CALL(*send_algorithm_,
               OnPacketSent(_, _, _, second_packet_size - kQuicVersionSize, _))
@@ -1986,7 +2062,7 @@ TEST_P(QuicConnectionTest, DoNotRetransmitForResetStreamOnNack) {
   QuicAckFrame nack_two = InitAckFrame(last_packet);
   NackPacket(last_packet - 1, &nack_two);
   EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_));
-  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _));
+  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _, _));
   EXPECT_CALL(*send_algorithm_, OnCongestionEvent(true, _, _, _));
   EXPECT_CALL(*send_algorithm_, OnPacketSent(_, _, _, _, _)).Times(0);
   ProcessAckPacket(&nack_two);
@@ -2009,8 +2085,8 @@ TEST_P(QuicConnectionTest, RetransmitForQuicRstStreamNoErrorOnNack) {
   EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_));
   SendAlgorithmInterface::CongestionVector lost_packets;
   lost_packets.push_back(std::make_pair(last_packet - 1, kMaxPacketSize));
-  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _))
-      .WillOnce(SetArgPointee<3>(lost_packets));
+  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _, _))
+      .WillOnce(SetArgPointee<4>(lost_packets));
   EXPECT_CALL(*send_algorithm_, OnCongestionEvent(true, _, _, _));
   if (version() > QUIC_VERSION_28) {
     EXPECT_CALL(*send_algorithm_, OnPacketSent(_, _, _, _, _))
@@ -2077,7 +2153,7 @@ TEST_P(QuicConnectionTest, DoNotSendPendingRetransmissionForResetStream) {
   PacketNumberSet lost_packets;
   lost_packets.insert(last_packet - 1);
   EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_));
-  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _));
+  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _, _));
   EXPECT_CALL(*send_algorithm_, OnCongestionEvent(true, _, _, _));
   EXPECT_CALL(*send_algorithm_, OnPacketSent(_, _, _, _, _)).Times(0);
   ProcessAckPacket(&ack);
@@ -2108,8 +2184,8 @@ TEST_P(QuicConnectionTest, SendPendingRetransmissionForQuicRstStreamNoError) {
   EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_));
   SendAlgorithmInterface::CongestionVector lost_packets;
   lost_packets.push_back(std::make_pair(last_packet - 1, kMaxPacketSize));
-  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _))
-      .WillOnce(SetArgPointee<3>(lost_packets));
+  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _, _))
+      .WillOnce(SetArgPointee<4>(lost_packets));
   EXPECT_CALL(*send_algorithm_, OnCongestionEvent(true, _, _, _));
   EXPECT_CALL(*send_algorithm_, OnPacketSent(_, _, _, _, _)).Times(0);
   ProcessAckPacket(&ack);
@@ -2153,14 +2229,14 @@ TEST_P(QuicConnectionTest, DiscardRetransmit) {
 
   SendAlgorithmInterface::CongestionVector lost_packets;
   lost_packets.push_back(std::make_pair(2, kMaxPacketSize));
-  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _))
-      .WillOnce(SetArgPointee<3>(lost_packets));
+  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _, _))
+      .WillOnce(SetArgPointee<4>(lost_packets));
   EXPECT_CALL(*send_algorithm_, OnCongestionEvent(true, _, _, _));
   ProcessAckPacket(&nack_two);
   EXPECT_EQ(1u, connection_.NumQueuedPackets());
 
   // Now, ack the previous transmission.
-  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _));
+  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _, _));
   QuicAckFrame ack_all = InitAckFrame(3);
   ProcessAckPacket(&ack_all);
 
@@ -2189,8 +2265,8 @@ TEST_P(QuicConnectionTest, RetransmitNackedLargestObserved) {
   // The first nack should retransmit the largest observed packet.
   SendAlgorithmInterface::CongestionVector lost_packets;
   lost_packets.push_back(std::make_pair(1, kMaxPacketSize));
-  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _))
-      .WillOnce(SetArgPointee<3>(lost_packets));
+  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _, _))
+      .WillOnce(SetArgPointee<4>(lost_packets));
   EXPECT_CALL(*send_algorithm_, OnCongestionEvent(true, _, _, _));
   EXPECT_CALL(*send_algorithm_,
               OnPacketSent(_, _, _, packet_size - kQuicVersionSize, _));
@@ -2316,8 +2392,8 @@ TEST_P(QuicConnectionTest, NoLimitPacketsPerNack) {
   for (int i = 1; i < 15; ++i) {
     lost_packets.push_back(std::make_pair(i, kMaxPacketSize));
   }
-  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _))
-      .WillOnce(SetArgPointee<3>(lost_packets));
+  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _, _))
+      .WillOnce(SetArgPointee<4>(lost_packets));
   EXPECT_CALL(*send_algorithm_, OnCongestionEvent(true, _, _, _));
   EXPECT_CALL(*send_algorithm_, OnPacketSent(_, _, _, _, _)).Times(14);
   ProcessAckPacket(&nack);
@@ -2821,7 +2897,7 @@ TEST_P(QuicConnectionTest, HandshakeTimeout) {
   EXPECT_TRUE(connection_.connected());
 
   // Send and ack new data 3 seconds later to lengthen the idle timeout.
-  SendStreamDataToPeer(1, "GET /", 0, kFin, nullptr);
+  SendStreamDataToPeer(kHeadersStreamId, "GET /", 0, kFin, nullptr);
   clock_.AdvanceTime(QuicTime::Delta::FromSeconds(3));
   QuicAckFrame frame = InitAckFrame(1);
   EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_));
@@ -2859,7 +2935,7 @@ TEST_P(QuicConnectionTest, PingAfterSend) {
   // the ping alarm.
   clock_.AdvanceTime(QuicTime::Delta::FromMilliseconds(5));
   EXPECT_FALSE(connection_.GetRetransmissionAlarm()->IsSet());
-  SendStreamDataToPeer(1, "GET /", 0, kFin, nullptr);
+  SendStreamDataToPeer(kHeadersStreamId, "GET /", 0, kFin, nullptr);
   EXPECT_TRUE(connection_.GetPingAlarm()->IsSet());
   EXPECT_EQ(clock_.ApproximateNow().Add(QuicTime::Delta::FromSeconds(15)),
             connection_.GetPingAlarm()->deadline());
@@ -3341,7 +3417,6 @@ TEST_P(QuicConnectionTest, TimeoutAfterReceiveNotSendWhenUnacked) {
 }
 
 TEST_P(QuicConnectionTest, TimeoutAfter5RTOs) {
-  FLAGS_quic_enable_rto_timeout = true;
   QuicSentPacketManagerPeer::SetMaxTailLossProbes(manager_, 2);
   EXPECT_TRUE(connection_.connected());
   EXPECT_CALL(*send_algorithm_, SetFromConfig(_, _));
@@ -3413,7 +3488,8 @@ TEST_P(QuicConnectionTest, TestQueueLimitsOnSendStreamData) {
   size_t payload_length;
   size_t length = GetPacketLengthForOneStream(
       connection_.version(), kIncludeVersion, !kIncludePathId,
-      PACKET_8BYTE_CONNECTION_ID, PACKET_1BYTE_PACKET_NUMBER, &payload_length);
+      !kIncludeDiversificationNonce, PACKET_8BYTE_CONNECTION_ID,
+      PACKET_1BYTE_PACKET_NUMBER, &payload_length);
   connection_.SetMaxPacketLength(length);
 
   // Queue the first packet.
@@ -3434,10 +3510,11 @@ TEST_P(QuicConnectionTest, LoopThroughSendingPackets) {
   // offset 0, and 2 for non-zero offsets up through 16K. Increase
   // max_packet_length by 2 so that subsequent packets containing subsequent
   // stream frames with non-zero offets will fit within the packet length.
-  size_t length = 2 + GetPacketLengthForOneStream(
-                          connection_.version(), kIncludeVersion,
-                          !kIncludePathId, PACKET_8BYTE_CONNECTION_ID,
-                          PACKET_1BYTE_PACKET_NUMBER, &payload_length);
+  size_t length =
+      2 + GetPacketLengthForOneStream(
+              connection_.version(), kIncludeVersion, !kIncludePathId,
+              !kIncludeDiversificationNonce, PACKET_8BYTE_CONNECTION_ID,
+              PACKET_1BYTE_PACKET_NUMBER, &payload_length);
   connection_.SetMaxPacketLength(length);
 
   // Queue the first packet.
@@ -3463,30 +3540,8 @@ TEST_P(QuicConnectionTest, LoopThroughSendingPacketsWithTruncation) {
   // we see in this test, due to the non-truncated connection id.
   size_t non_truncated_packet_size = writer_->last_packet_size();
 
-  // Change to a 4 byte connection id.
-  QuicConfig config;
-  QuicConfigPeer::SetReceivedBytesForConnectionId(&config, 4);
-  connection_.SetFromConfig(config);
-  EXPECT_CALL(*send_algorithm_, OnPacketSent(_, _, _, _, _)).Times(2);
-  EXPECT_EQ(payload.size(),
-            connection_.SendStreamDataWithString(3, payload, 0, !kFin, nullptr)
-                .bytes_consumed);
-  // Verify that we have 8 fewer bytes than in the non-truncated case.  The
-  // first packet got 4 bytes of extra payload due to the truncation, and the
-  // headers here are also 4 byte smaller.
-  EXPECT_EQ(non_truncated_packet_size, writer_->last_packet_size() + 8);
-
-  // Change to a 1 byte connection id.
-  QuicConfigPeer::SetReceivedBytesForConnectionId(&config, 1);
-  connection_.SetFromConfig(config);
-  EXPECT_CALL(*send_algorithm_, OnPacketSent(_, _, _, _, _)).Times(2);
-  EXPECT_EQ(payload.size(),
-            connection_.SendStreamDataWithString(3, payload, 0, !kFin, nullptr)
-                .bytes_consumed);
-  // Just like above, we save 7 bytes on payload, and 7 on truncation.
-  EXPECT_EQ(non_truncated_packet_size, writer_->last_packet_size() + 7 * 2);
-
   // Change to a 0 byte connection id.
+  QuicConfig config;
   QuicConfigPeer::SetReceivedBytesForConnectionId(&config, 0);
   connection_.SetFromConfig(config);
   EXPECT_CALL(*send_algorithm_, OnPacketSent(_, _, _, _, _)).Times(2);
@@ -3529,7 +3584,7 @@ TEST_P(QuicConnectionTest, SendDelayedAckDecimation) {
   QuicConnectionPeer::SetAckMode(&connection_, QuicConnection::ACK_DECIMATION);
 
   const size_t kMinRttMs = 40;
-  RttStats* rtt_stats = QuicSentPacketManagerPeer::GetRttStats(manager_);
+  RttStats* rtt_stats = const_cast<RttStats*>(manager_->GetRttStats());
   rtt_stats->UpdateRtt(QuicTime::Delta::FromMilliseconds(kMinRttMs),
                        QuicTime::Delta::Zero(), QuicTime::Zero());
   // The ack time should be based on min_rtt/4, since it's less than the
@@ -3577,13 +3632,65 @@ TEST_P(QuicConnectionTest, SendDelayedAckDecimation) {
   EXPECT_FALSE(connection_.GetAckAlarm()->IsSet());
 }
 
+TEST_P(QuicConnectionTest, SendDelayedAckDecimationEighthRtt) {
+  QuicConnectionPeer::SetAckMode(&connection_, QuicConnection::ACK_DECIMATION);
+  QuicConnectionPeer::SetAckDecimationDelay(&connection_, 0.125);
+
+  const size_t kMinRttMs = 40;
+  RttStats* rtt_stats = const_cast<RttStats*>(manager_->GetRttStats());
+  rtt_stats->UpdateRtt(QuicTime::Delta::FromMilliseconds(kMinRttMs),
+                       QuicTime::Delta::Zero(), QuicTime::Zero());
+  // The ack time should be based on min_rtt/8, since it's less than the
+  // default delayed ack time.
+  QuicTime ack_time = clock_.ApproximateNow().Add(
+      QuicTime::Delta::FromMilliseconds(kMinRttMs / 8));
+  EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_));
+  EXPECT_FALSE(connection_.GetAckAlarm()->IsSet());
+  const uint8_t tag = 0x07;
+  connection_.SetDecrypter(ENCRYPTION_INITIAL, new StrictTaggingDecrypter(tag));
+  framer_.SetEncrypter(ENCRYPTION_INITIAL, new TaggingEncrypter(tag));
+  // Process a packet from the non-crypto stream.
+  frame1_.stream_id = 3;
+
+  // Process all the initial packets in order so there aren't missing packets.
+  QuicPacketNumber kFirstDecimatedPacket = 101;
+  for (unsigned int i = 0; i < kFirstDecimatedPacket - 1; ++i) {
+    EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1);
+    ProcessDataPacketAtLevel(kDefaultPathId, 1 + i, !kEntropyFlag,
+                             !kHasStopWaiting, ENCRYPTION_INITIAL);
+  }
+  EXPECT_FALSE(connection_.GetAckAlarm()->IsSet());
+  // The same as ProcessPacket(1) except that ENCRYPTION_INITIAL is used
+  // instead of ENCRYPTION_NONE.
+  EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1);
+  ProcessDataPacketAtLevel(kDefaultPathId, kFirstDecimatedPacket, !kEntropyFlag,
+                           !kHasStopWaiting, ENCRYPTION_INITIAL);
+
+  // Check if delayed ack timer is running for the expected interval.
+  EXPECT_TRUE(connection_.GetAckAlarm()->IsSet());
+  EXPECT_EQ(ack_time, connection_.GetAckAlarm()->deadline());
+
+  // The 10th received packet causes an ack to be sent.
+  for (int i = 0; i < 9; ++i) {
+    EXPECT_TRUE(connection_.GetAckAlarm()->IsSet());
+    EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1);
+    ProcessDataPacketAtLevel(kDefaultPathId, kFirstDecimatedPacket + 1 + i,
+                             !kEntropyFlag, !kHasStopWaiting,
+                             ENCRYPTION_INITIAL);
+  }
+  // Check that ack is sent and that delayed ack alarm is reset.
+  EXPECT_EQ(2u, writer_->frame_count());
+  EXPECT_FALSE(writer_->stop_waiting_frames().empty());
+  EXPECT_FALSE(writer_->ack_frames().empty());
+  EXPECT_FALSE(connection_.GetAckAlarm()->IsSet());
+}
+
 TEST_P(QuicConnectionTest, SendDelayedAckDecimationWithReordering) {
-  FLAGS_quic_ack_decimation2 = true;
   QuicConnectionPeer::SetAckMode(
       &connection_, QuicConnection::ACK_DECIMATION_WITH_REORDERING);
 
   const size_t kMinRttMs = 40;
-  RttStats* rtt_stats = QuicSentPacketManagerPeer::GetRttStats(manager_);
+  RttStats* rtt_stats = const_cast<RttStats*>(manager_->GetRttStats());
   rtt_stats->UpdateRtt(QuicTime::Delta::FromMilliseconds(kMinRttMs),
                        QuicTime::Delta::Zero(), QuicTime::Zero());
   // The ack time should be based on min_rtt/4, since it's less than the
@@ -3640,12 +3747,11 @@ TEST_P(QuicConnectionTest, SendDelayedAckDecimationWithReordering) {
 }
 
 TEST_P(QuicConnectionTest, SendDelayedAckDecimationWithLargeReordering) {
-  FLAGS_quic_ack_decimation2 = true;
   QuicConnectionPeer::SetAckMode(
       &connection_, QuicConnection::ACK_DECIMATION_WITH_REORDERING);
 
   const size_t kMinRttMs = 40;
-  RttStats* rtt_stats = QuicSentPacketManagerPeer::GetRttStats(manager_);
+  RttStats* rtt_stats = const_cast<RttStats*>(manager_->GetRttStats());
   rtt_stats->UpdateRtt(QuicTime::Delta::FromMilliseconds(kMinRttMs),
                        QuicTime::Delta::Zero(), QuicTime::Zero());
   // The ack time should be based on min_rtt/4, since it's less than the
@@ -3713,6 +3819,143 @@ TEST_P(QuicConnectionTest, SendDelayedAckDecimationWithLargeReordering) {
   EXPECT_FALSE(connection_.GetAckAlarm()->IsSet());
 }
 
+TEST_P(QuicConnectionTest, SendDelayedAckDecimationWithReorderingEighthRtt) {
+  QuicConnectionPeer::SetAckMode(
+      &connection_, QuicConnection::ACK_DECIMATION_WITH_REORDERING);
+  QuicConnectionPeer::SetAckDecimationDelay(&connection_, 0.125);
+
+  const size_t kMinRttMs = 40;
+  RttStats* rtt_stats = const_cast<RttStats*>(manager_->GetRttStats());
+  rtt_stats->UpdateRtt(QuicTime::Delta::FromMilliseconds(kMinRttMs),
+                       QuicTime::Delta::Zero(), QuicTime::Zero());
+  // The ack time should be based on min_rtt/8, since it's less than the
+  // default delayed ack time.
+  QuicTime ack_time = clock_.ApproximateNow().Add(
+      QuicTime::Delta::FromMilliseconds(kMinRttMs / 8));
+  EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_));
+  EXPECT_FALSE(connection_.GetAckAlarm()->IsSet());
+  const uint8_t tag = 0x07;
+  connection_.SetDecrypter(ENCRYPTION_INITIAL, new StrictTaggingDecrypter(tag));
+  framer_.SetEncrypter(ENCRYPTION_INITIAL, new TaggingEncrypter(tag));
+  // Process a packet from the non-crypto stream.
+  frame1_.stream_id = 3;
+
+  // Process all the initial packets in order so there aren't missing packets.
+  QuicPacketNumber kFirstDecimatedPacket = 101;
+  for (unsigned int i = 0; i < kFirstDecimatedPacket - 1; ++i) {
+    EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1);
+    ProcessDataPacketAtLevel(kDefaultPathId, 1 + i, !kEntropyFlag,
+                             !kHasStopWaiting, ENCRYPTION_INITIAL);
+  }
+  EXPECT_FALSE(connection_.GetAckAlarm()->IsSet());
+  // The same as ProcessPacket(1) except that ENCRYPTION_INITIAL is used
+  // instead of ENCRYPTION_NONE.
+  EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1);
+  ProcessDataPacketAtLevel(kDefaultPathId, kFirstDecimatedPacket, !kEntropyFlag,
+                           !kHasStopWaiting, ENCRYPTION_INITIAL);
+
+  // Check if delayed ack timer is running for the expected interval.
+  EXPECT_TRUE(connection_.GetAckAlarm()->IsSet());
+  EXPECT_EQ(ack_time, connection_.GetAckAlarm()->deadline());
+
+  // Process packet 10 first and ensure the alarm is one eighth min_rtt.
+  EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1);
+  ProcessDataPacketAtLevel(kDefaultPathId, kFirstDecimatedPacket + 9,
+                           !kEntropyFlag, !kHasStopWaiting, ENCRYPTION_INITIAL);
+  ack_time = clock_.ApproximateNow().Add(QuicTime::Delta::FromMilliseconds(5));
+  EXPECT_TRUE(connection_.GetAckAlarm()->IsSet());
+  EXPECT_EQ(ack_time, connection_.GetAckAlarm()->deadline());
+
+  // The 10th received packet causes an ack to be sent.
+  for (int i = 0; i < 8; ++i) {
+    EXPECT_TRUE(connection_.GetAckAlarm()->IsSet());
+    EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1);
+    ProcessDataPacketAtLevel(kDefaultPathId, kFirstDecimatedPacket + 1 + i,
+                             !kEntropyFlag, !kHasStopWaiting,
+                             ENCRYPTION_INITIAL);
+  }
+  // Check that ack is sent and that delayed ack alarm is reset.
+  EXPECT_EQ(2u, writer_->frame_count());
+  EXPECT_FALSE(writer_->stop_waiting_frames().empty());
+  EXPECT_FALSE(writer_->ack_frames().empty());
+  EXPECT_FALSE(connection_.GetAckAlarm()->IsSet());
+}
+
+TEST_P(QuicConnectionTest,
+       SendDelayedAckDecimationWithLargeReorderingEighthRtt) {
+  QuicConnectionPeer::SetAckMode(
+      &connection_, QuicConnection::ACK_DECIMATION_WITH_REORDERING);
+  QuicConnectionPeer::SetAckDecimationDelay(&connection_, 0.125);
+
+  const size_t kMinRttMs = 40;
+  RttStats* rtt_stats = const_cast<RttStats*>(manager_->GetRttStats());
+  rtt_stats->UpdateRtt(QuicTime::Delta::FromMilliseconds(kMinRttMs),
+                       QuicTime::Delta::Zero(), QuicTime::Zero());
+  // The ack time should be based on min_rtt/8, since it's less than the
+  // default delayed ack time.
+  QuicTime ack_time = clock_.ApproximateNow().Add(
+      QuicTime::Delta::FromMilliseconds(kMinRttMs / 8));
+  EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_));
+  EXPECT_FALSE(connection_.GetAckAlarm()->IsSet());
+  const uint8_t tag = 0x07;
+  connection_.SetDecrypter(ENCRYPTION_INITIAL, new StrictTaggingDecrypter(tag));
+  framer_.SetEncrypter(ENCRYPTION_INITIAL, new TaggingEncrypter(tag));
+  // Process a packet from the non-crypto stream.
+  frame1_.stream_id = 3;
+
+  // Process all the initial packets in order so there aren't missing packets.
+  QuicPacketNumber kFirstDecimatedPacket = 101;
+  for (unsigned int i = 0; i < kFirstDecimatedPacket - 1; ++i) {
+    EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1);
+    ProcessDataPacketAtLevel(kDefaultPathId, 1 + i, !kEntropyFlag,
+                             !kHasStopWaiting, ENCRYPTION_INITIAL);
+  }
+  EXPECT_FALSE(connection_.GetAckAlarm()->IsSet());
+  // The same as ProcessPacket(1) except that ENCRYPTION_INITIAL is used
+  // instead of ENCRYPTION_NONE.
+  EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1);
+  ProcessDataPacketAtLevel(kDefaultPathId, kFirstDecimatedPacket, !kEntropyFlag,
+                           !kHasStopWaiting, ENCRYPTION_INITIAL);
+
+  // Check if delayed ack timer is running for the expected interval.
+  EXPECT_TRUE(connection_.GetAckAlarm()->IsSet());
+  EXPECT_EQ(ack_time, connection_.GetAckAlarm()->deadline());
+
+  // Process packet 10 first and ensure the alarm is one eighth min_rtt.
+  EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1);
+  ProcessDataPacketAtLevel(kDefaultPathId, kFirstDecimatedPacket + 19,
+                           !kEntropyFlag, !kHasStopWaiting, ENCRYPTION_INITIAL);
+  ack_time = clock_.ApproximateNow().Add(QuicTime::Delta::FromMilliseconds(5));
+  EXPECT_TRUE(connection_.GetAckAlarm()->IsSet());
+  EXPECT_EQ(ack_time, connection_.GetAckAlarm()->deadline());
+
+  // The 10th received packet causes an ack to be sent.
+  for (int i = 0; i < 8; ++i) {
+    EXPECT_TRUE(connection_.GetAckAlarm()->IsSet());
+    EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1);
+    ProcessDataPacketAtLevel(kDefaultPathId, kFirstDecimatedPacket + 1 + i,
+                             !kEntropyFlag, !kHasStopWaiting,
+                             ENCRYPTION_INITIAL);
+  }
+  // Check that ack is sent and that delayed ack alarm is reset.
+  EXPECT_EQ(2u, writer_->frame_count());
+  EXPECT_FALSE(writer_->stop_waiting_frames().empty());
+  EXPECT_FALSE(writer_->ack_frames().empty());
+  EXPECT_FALSE(connection_.GetAckAlarm()->IsSet());
+
+  // The next packet received in order will cause an immediate ack,
+  // because it fills a hole.
+  EXPECT_FALSE(connection_.GetAckAlarm()->IsSet());
+  EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1);
+  ProcessDataPacketAtLevel(kDefaultPathId, kFirstDecimatedPacket + 10,
+                           !kEntropyFlag, !kHasStopWaiting, ENCRYPTION_INITIAL);
+  // Check that ack is sent and that delayed ack alarm is reset.
+  EXPECT_EQ(2u, writer_->frame_count());
+  EXPECT_FALSE(writer_->stop_waiting_frames().empty());
+  EXPECT_FALSE(writer_->ack_frames().empty());
+  EXPECT_FALSE(connection_.GetAckAlarm()->IsSet());
+}
+
 TEST_P(QuicConnectionTest, SendDelayedAckOnHandshakeConfirmed) {
   EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_));
   ProcessPacket(kDefaultPathId, 1);
@@ -3839,8 +4082,8 @@ TEST_P(QuicConnectionTest, BundleAckWithDataOnIncomingAck) {
   NackPacket(1, &ack);
   SendAlgorithmInterface::CongestionVector lost_packets;
   lost_packets.push_back(std::make_pair(1, kMaxPacketSize));
-  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _))
-      .WillOnce(SetArgPointee<3>(lost_packets));
+  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _, _))
+      .WillOnce(SetArgPointee<4>(lost_packets));
   EXPECT_CALL(*send_algorithm_, OnCongestionEvent(true, _, _, _));
   ProcessAckPacket(&ack);
   EXPECT_EQ(1u, writer_->frame_count());
@@ -3851,7 +4094,7 @@ TEST_P(QuicConnectionTest, BundleAckWithDataOnIncomingAck) {
   // and see if there is more data to send.
   ack = InitAckFrame(3);
   NackPacket(1, &ack);
-  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _));
+  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _, _));
   EXPECT_CALL(*send_algorithm_, OnCongestionEvent(true, _, _, _));
   ProcessAckPacket(&ack);
 
@@ -3863,7 +4106,7 @@ TEST_P(QuicConnectionTest, BundleAckWithDataOnIncomingAck) {
   // Send the same ack, but send both data and an ack together.
   ack = InitAckFrame(3);
   NackPacket(1, &ack);
-  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _));
+  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _, _));
   EXPECT_CALL(visitor_, OnCanWrite())
       .WillOnce(IgnoreResult(InvokeWithoutArgs(
           &connection_, &TestConnection::EnsureWritableAndSendStreamData5)));
@@ -3909,9 +4152,9 @@ TEST_P(QuicConnectionTest, PublicReset) {
   header.public_header.reset_flag = true;
   header.public_header.version_flag = false;
   header.rejected_packet_number = 10101;
-  scoped_ptr<QuicEncryptedPacket> packet(
+  std::unique_ptr<QuicEncryptedPacket> packet(
       framer_.BuildPublicResetPacket(header));
-  scoped_ptr<QuicReceivedPacket> received(
+  std::unique_ptr<QuicReceivedPacket> received(
       ConstructReceivedPacket(*packet, QuicTime::Zero()));
   EXPECT_CALL(visitor_, OnConnectionClosed(QUIC_PUBLIC_RESET, _,
                                            ConnectionCloseSource::FROM_PEER));
@@ -3970,10 +4213,17 @@ TEST_P(QuicConnectionTest, MissingPacketsBeforeLeastUnacked) {
   EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_));
   QuicStopWaitingFrame frame = InitStopWaitingFrame(4);
   ProcessStopWaitingPacket(&frame);
-  EXPECT_TRUE(outgoing_ack()->missing_packets.Empty());
+  if (outgoing_ack()->missing) {
+    EXPECT_TRUE(outgoing_ack()->packets.Empty());
+  } else {
+    EXPECT_FALSE(outgoing_ack()->packets.Empty());
+  }
 }
 
 TEST_P(QuicConnectionTest, ReceivedEntropyHashCalculation) {
+  if (GetParam().version > QUIC_VERSION_33) {
+    return;
+  }
   EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(AtLeast(1));
   EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_));
   ProcessDataPacket(kDefaultPathId, 1, kEntropyFlag);
@@ -3984,6 +4234,9 @@ TEST_P(QuicConnectionTest, ReceivedEntropyHashCalculation) {
 }
 
 TEST_P(QuicConnectionTest, UpdateEntropyForReceivedPackets) {
+  if (GetParam().version > QUIC_VERSION_33) {
+    return;
+  }
   EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(AtLeast(1));
   EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_));
   ProcessDataPacket(kDefaultPathId, 1, kEntropyFlag);
@@ -4005,6 +4258,9 @@ TEST_P(QuicConnectionTest, UpdateEntropyForReceivedPackets) {
 }
 
 TEST_P(QuicConnectionTest, UpdateEntropyHashUptoCurrentPacket) {
+  if (GetParam().version > QUIC_VERSION_33) {
+    return;
+  }
   EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(AtLeast(1));
   EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_));
   ProcessDataPacket(kDefaultPathId, 1, kEntropyFlag);
@@ -4026,6 +4282,9 @@ TEST_P(QuicConnectionTest, UpdateEntropyHashUptoCurrentPacket) {
 }
 
 TEST_P(QuicConnectionTest, EntropyCalculationForTruncatedAck) {
+  if (GetParam().version > QUIC_VERSION_33) {
+    return;
+  }
   EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(AtLeast(1));
   EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_));
   QuicPacketEntropyHash entropy[51];
@@ -4052,7 +4311,8 @@ TEST_P(QuicConnectionTest, EntropyCalculationForTruncatedAck) {
 
 TEST_P(QuicConnectionTest, ServerSendsVersionNegotiationPacket) {
   connection_.SetSupportedVersions(QuicSupportedVersions());
-  framer_.set_version_for_tests(QUIC_VERSION_UNSUPPORTED);
+  set_perspective(Perspective::IS_SERVER);
+  peer_framer_.set_version_for_tests(QUIC_VERSION_UNSUPPORTED);
 
   QuicPacketHeader header;
   header.public_header.connection_id = connection_id_;
@@ -4062,13 +4322,12 @@ TEST_P(QuicConnectionTest, ServerSendsVersionNegotiationPacket) {
 
   QuicFrames frames;
   frames.push_back(QuicFrame(&frame1_));
-  scoped_ptr<QuicPacket> packet(ConstructPacket(header, frames));
+  std::unique_ptr<QuicPacket> packet(ConstructPacket(header, frames));
   char buffer[kMaxPacketSize];
   size_t encrypted_length = framer_.EncryptPayload(
       ENCRYPTION_NONE, kDefaultPathId, 12, *packet, buffer, kMaxPacketSize);
 
   framer_.set_version(version());
-  connection_.set_perspective(Perspective::IS_SERVER);
   connection_.ProcessUdpPacket(
       kSelfAddress, kPeerAddress,
       QuicReceivedPacket(buffer, encrypted_length, QuicTime::Zero(), false));
@@ -4088,7 +4347,8 @@ TEST_P(QuicConnectionTest, ServerSendsVersionNegotiationPacket) {
 
 TEST_P(QuicConnectionTest, ServerSendsVersionNegotiationPacketSocketBlocked) {
   connection_.SetSupportedVersions(QuicSupportedVersions());
-  framer_.set_version_for_tests(QUIC_VERSION_UNSUPPORTED);
+  set_perspective(Perspective::IS_SERVER);
+  peer_framer_.set_version_for_tests(QUIC_VERSION_UNSUPPORTED);
 
   QuicPacketHeader header;
   header.public_header.connection_id = connection_id_;
@@ -4097,13 +4357,12 @@ TEST_P(QuicConnectionTest, ServerSendsVersionNegotiationPacketSocketBlocked) {
 
   QuicFrames frames;
   frames.push_back(QuicFrame(&frame1_));
-  scoped_ptr<QuicPacket> packet(ConstructPacket(header, frames));
+  std::unique_ptr<QuicPacket> packet(ConstructPacket(header, frames));
   char buffer[kMaxPacketSize];
   size_t encrypted_length = framer_.EncryptPayload(
       ENCRYPTION_NONE, kDefaultPathId, 12, *packet, buffer, kMaxPacketSize);
 
   framer_.set_version(version());
-  connection_.set_perspective(Perspective::IS_SERVER);
   BlockOnNextWrite();
   connection_.ProcessUdpPacket(
       kSelfAddress, kPeerAddress,
@@ -4130,7 +4389,8 @@ TEST_P(QuicConnectionTest, ServerSendsVersionNegotiationPacketSocketBlocked) {
 TEST_P(QuicConnectionTest,
        ServerSendsVersionNegotiationPacketSocketBlockedDataBuffered) {
   connection_.SetSupportedVersions(QuicSupportedVersions());
-  framer_.set_version_for_tests(QUIC_VERSION_UNSUPPORTED);
+  set_perspective(Perspective::IS_SERVER);
+  peer_framer_.set_version_for_tests(QUIC_VERSION_UNSUPPORTED);
 
   QuicPacketHeader header;
   header.public_header.connection_id = connection_id_;
@@ -4139,13 +4399,13 @@ TEST_P(QuicConnectionTest,
 
   QuicFrames frames;
   frames.push_back(QuicFrame(&frame1_));
-  scoped_ptr<QuicPacket> packet(ConstructPacket(header, frames));
+  std::unique_ptr<QuicPacket> packet(ConstructPacket(header, frames));
   char buffer[kMaxPacketSize];
   size_t encryped_length = framer_.EncryptPayload(
       ENCRYPTION_NONE, kDefaultPathId, 12, *packet, buffer, kMaxPacketSize);
 
   framer_.set_version(version());
-  connection_.set_perspective(Perspective::IS_SERVER);
+  set_perspective(Perspective::IS_SERVER);
   BlockOnNextWrite();
   writer_->set_is_write_blocked_data_buffered(true);
   connection_.ProcessUdpPacket(
@@ -4161,10 +4421,10 @@ TEST_P(QuicConnectionTest, ClientHandlesVersionNegotiation) {
       ->set_version_for_tests(QUIC_VERSION_UNSUPPORTED);
 
   // Send a version negotiation packet.
-  scoped_ptr<QuicEncryptedPacket> encrypted(
+  std::unique_ptr<QuicEncryptedPacket> encrypted(
       framer_.BuildVersionNegotiationPacket(connection_id_,
                                             QuicSupportedVersions()));
-  scoped_ptr<QuicReceivedPacket> received(
+  std::unique_ptr<QuicReceivedPacket> received(
       ConstructReceivedPacket(*encrypted, QuicTime::Zero()));
   connection_.ProcessUdpPacket(kSelfAddress, kPeerAddress, *received);
 
@@ -4177,7 +4437,7 @@ TEST_P(QuicConnectionTest, ClientHandlesVersionNegotiation) {
   header.public_header.version_flag = false;
   QuicFrames frames;
   frames.push_back(QuicFrame(&frame1_));
-  scoped_ptr<QuicPacket> packet(ConstructPacket(header, frames));
+  std::unique_ptr<QuicPacket> packet(ConstructPacket(header, frames));
   char buffer[kMaxPacketSize];
   size_t encrypted_length = framer_.EncryptPayload(
       ENCRYPTION_NONE, kDefaultPathId, 12, *packet, buffer, kMaxPacketSize);
@@ -4197,10 +4457,10 @@ TEST_P(QuicConnectionTest, BadVersionNegotiation) {
   EXPECT_CALL(visitor_,
               OnConnectionClosed(QUIC_INVALID_VERSION_NEGOTIATION_PACKET, _,
                                  ConnectionCloseSource::FROM_SELF));
-  scoped_ptr<QuicEncryptedPacket> encrypted(
+  std::unique_ptr<QuicEncryptedPacket> encrypted(
       framer_.BuildVersionNegotiationPacket(connection_id_,
                                             QuicSupportedVersions()));
-  scoped_ptr<QuicReceivedPacket> received(
+  std::unique_ptr<QuicReceivedPacket> received(
       ConstructReceivedPacket(*encrypted, QuicTime::Zero()));
   connection_.ProcessUdpPacket(kSelfAddress, kPeerAddress, *received);
 }
@@ -4231,8 +4491,8 @@ TEST_P(QuicConnectionTest, CheckSendStats) {
   SendAlgorithmInterface::CongestionVector lost_packets;
   lost_packets.push_back(std::make_pair(1, kMaxPacketSize));
   lost_packets.push_back(std::make_pair(3, kMaxPacketSize));
-  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _))
-      .WillOnce(SetArgPointee<3>(lost_packets));
+  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _, _))
+      .WillOnce(SetArgPointee<4>(lost_packets));
   EXPECT_CALL(*send_algorithm_, OnCongestionEvent(true, _, _, _));
   EXPECT_CALL(visitor_, OnCanWrite());
   EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_));
@@ -4265,7 +4525,7 @@ TEST_P(QuicConnectionTest, ProcessFramesIfPacketClosedConnection) {
   QuicFrames frames;
   frames.push_back(QuicFrame(&frame1_));
   frames.push_back(QuicFrame(&qccf));
-  scoped_ptr<QuicPacket> packet(ConstructPacket(header, frames));
+  std::unique_ptr<QuicPacket> packet(ConstructPacket(header, frames));
   EXPECT_TRUE(nullptr != packet.get());
   char buffer[kMaxPacketSize];
   size_t encrypted_length = framer_.EncryptPayload(
@@ -4377,8 +4637,8 @@ TEST_P(QuicConnectionTest, AckNotifierFailToTriggerCallback) {
   NackPacket(1, &frame);
   SendAlgorithmInterface::CongestionVector lost_packets;
   lost_packets.push_back(std::make_pair(1, kMaxPacketSize));
-  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _))
-      .WillOnce(SetArgPointee<3>(lost_packets));
+  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _, _))
+      .WillOnce(SetArgPointee<4>(lost_packets));
   EXPECT_CALL(*send_algorithm_, OnCongestionEvent(true, _, _, _));
   ProcessAckPacket(&frame);
 }
@@ -4402,15 +4662,15 @@ TEST_P(QuicConnectionTest, AckNotifierCallbackAfterRetransmission) {
   NackPacket(2, &frame);
   SendAlgorithmInterface::CongestionVector lost_packets;
   lost_packets.push_back(std::make_pair(2, kMaxPacketSize));
-  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _))
-      .WillOnce(SetArgPointee<3>(lost_packets));
+  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _, _))
+      .WillOnce(SetArgPointee<4>(lost_packets));
   EXPECT_CALL(*send_algorithm_, OnCongestionEvent(true, _, _, _));
   EXPECT_CALL(*send_algorithm_, OnPacketSent(_, _, _, _, _));
   ProcessAckPacket(&frame);
 
   // Now we get an ACK for packet 5 (retransmitted packet 2), which should
   // trigger the callback.
-  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _));
+  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _, _));
   EXPECT_CALL(*send_algorithm_, OnCongestionEvent(true, _, _, _));
   QuicAckFrame second_ack_frame = InitAckFrame(5);
   ProcessAckPacket(&second_ack_frame);
@@ -4475,21 +4735,21 @@ TEST_P(QuicConnectionTest, AckNotifierCallbackForAckOfNackedPacket) {
   EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_));
   SendAlgorithmInterface::CongestionVector lost_packets;
   lost_packets.push_back(std::make_pair(2, kMaxPacketSize));
-  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _))
-      .WillOnce(SetArgPointee<3>(lost_packets));
+  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _, _))
+      .WillOnce(SetArgPointee<4>(lost_packets));
   EXPECT_CALL(*send_algorithm_, OnCongestionEvent(true, _, _, _));
   EXPECT_CALL(*send_algorithm_, OnPacketSent(_, _, _, _, _));
   ProcessAckPacket(&frame);
 
   // Now we get an ACK for packet 2, which was previously nacked.
   EXPECT_CALL(*listener, OnPacketAcked(3, _));
-  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _));
+  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _, _));
   QuicAckFrame second_ack_frame = InitAckFrame(4);
   ProcessAckPacket(&second_ack_frame);
 
   // Verify that the listener is not notified again when the
   // retransmit is acked.
-  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _));
+  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _, _));
   EXPECT_CALL(*send_algorithm_, OnCongestionEvent(true, _, _, _));
   QuicAckFrame third_ack_frame = InitAckFrame(5);
   ProcessAckPacket(&third_ack_frame);
@@ -4498,7 +4758,7 @@ TEST_P(QuicConnectionTest, AckNotifierCallbackForAckOfNackedPacket) {
 TEST_P(QuicConnectionTest, OnPacketHeaderDebugVisitor) {
   QuicPacketHeader header;
 
-  scoped_ptr<MockQuicConnectionDebugVisitor> debug_visitor(
+  std::unique_ptr<MockQuicConnectionDebugVisitor> debug_visitor(
       new MockQuicConnectionDebugVisitor());
   connection_.set_debug_visitor(debug_visitor.get());
   EXPECT_CALL(*debug_visitor, OnPacketHeader(Ref(header))).Times(1);
@@ -4509,9 +4769,11 @@ TEST_P(QuicConnectionTest, OnPacketHeaderDebugVisitor) {
 
 TEST_P(QuicConnectionTest, Pacing) {
   TestConnection server(connection_id_, kSelfAddress, helper_.get(),
-                        writer_.get(), Perspective::IS_SERVER, version());
+                        alarm_factory_.get(), writer_.get(),
+                        Perspective::IS_SERVER, version());
   TestConnection client(connection_id_, kPeerAddress, helper_.get(),
-                        writer_.get(), Perspective::IS_CLIENT, version());
+                        alarm_factory_.get(), writer_.get(),
+                        Perspective::IS_CLIENT, version());
   EXPECT_FALSE(client.sent_packet_manager().using_pacing());
   EXPECT_FALSE(server.sent_packet_manager().using_pacing());
 }
@@ -4579,7 +4841,7 @@ TEST_P(QuicConnectionTest, ReevaluateTimeUntilSendOnAck) {
 
   // Process an ack and the send alarm will be set to the  new 2ms delay.
   QuicAckFrame ack = InitAckFrame(1);
-  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _));
+  EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _, _));
   EXPECT_CALL(*send_algorithm_, OnCongestionEvent(true, _, _, _));
   EXPECT_CALL(*send_algorithm_, TimeUntilSend(_, _))
       .WillRepeatedly(Return(QuicTime::Delta::FromMilliseconds(2)));
@@ -4701,6 +4963,43 @@ TEST_P(QuicConnectionTest, MultipleCallsToCloseConnection) {
                               ConnectionCloseBehavior::SILENT_CLOSE);
 }
 
+TEST_P(QuicConnectionTest, ServerReceivesChloOnNonCryptoStream) {
+  FLAGS_quic_detect_memory_corrpution = true;
+  EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_));
+
+  set_perspective(Perspective::IS_SERVER);
+  QuicPacketCreatorPeer::SetSendVersionInPacket(creator_, false);
+
+  CryptoHandshakeMessage message;
+  CryptoFramer framer;
+  message.set_tag(kCHLO);
+  std::unique_ptr<QuicData> data(framer.ConstructHandshakeMessage(message));
+  frame1_.stream_id = 10;
+  frame1_.data_buffer = data->data();
+  frame1_.data_length = data->length();
+
+  EXPECT_CALL(visitor_, OnConnectionClosed(QUIC_MAYBE_CORRUPTED_MEMORY, _,
+                                           ConnectionCloseSource::FROM_SELF));
+  ProcessFramePacket(QuicFrame(&frame1_));
+}
+
+TEST_P(QuicConnectionTest, ClientReceivesRejOnNonCryptoStream) {
+  FLAGS_quic_detect_memory_corrpution = true;
+  EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_));
+
+  CryptoHandshakeMessage message;
+  CryptoFramer framer;
+  message.set_tag(kREJ);
+  std::unique_ptr<QuicData> data(framer.ConstructHandshakeMessage(message));
+  frame1_.stream_id = 10;
+  frame1_.data_buffer = data->data();
+  frame1_.data_length = data->length();
+
+  EXPECT_CALL(visitor_, OnConnectionClosed(QUIC_MAYBE_CORRUPTED_MEMORY, _,
+                                           ConnectionCloseSource::FROM_SELF));
+  ProcessFramePacket(QuicFrame(&frame1_));
+}
+
 }  // namespace
 }  // namespace test
 }  // namespace net
diff --git a/chromium/net/quic/quic_crypto_client_stream.cc b/chromium/net/quic/quic_crypto_client_stream.cc
index f91d8946dc1..68d0f0d7a37 100644
--- a/chromium/net/quic/quic_crypto_client_stream.cc
+++ b/chromium/net/quic/quic_crypto_client_stream.cc
@@ -4,6 +4,7 @@
 
 #include "net/quic/quic_crypto_client_stream.h"
 
+#include <memory>
 #include <vector>
 
 #include "base/metrics/histogram_macros.h"
@@ -53,7 +54,7 @@ QuicCryptoClientStream::ChannelIDSourceCallbackImpl::
     ~ChannelIDSourceCallbackImpl() {}
 
 void QuicCryptoClientStream::ChannelIDSourceCallbackImpl::Run(
-    scoped_ptr<ChannelIDKey>* channel_id_key) {
+    std::unique_ptr<ChannelIDKey>* channel_id_key) {
   if (stream_ == nullptr) {
     return;
   }
@@ -81,7 +82,7 @@ QuicCryptoClientStream::ProofVerifierCallbackImpl::
 void QuicCryptoClientStream::ProofVerifierCallbackImpl::Run(
     bool ok,
     const string& error_details,
-    scoped_ptr<ProofVerifyDetails>* details) {
+    std::unique_ptr<ProofVerifyDetails>* details) {
   if (stream_ == nullptr) {
     return;
   }
@@ -357,6 +358,7 @@ void QuicCryptoClientStream::DoSendCHLO(
   string error_details;
   QuicErrorCode error = crypto_config_->FillClientHello(
       server_id_, session()->connection()->connection_id(),
+      session()->connection()->version(),
       session()->connection()->supported_versions().front(), cached,
       session()->connection()->clock()->WallNow(),
       session()->connection()->random_generator(), channel_id_key_.get(),
diff --git a/chromium/net/quic/quic_crypto_client_stream.h b/chromium/net/quic/quic_crypto_client_stream.h
index 30eb0754f1b..75913d1edd1 100644
--- a/chromium/net/quic/quic_crypto_client_stream.h
+++ b/chromium/net/quic/quic_crypto_client_stream.h
@@ -5,8 +5,8 @@
 #ifndef NET_QUIC_QUIC_CRYPTO_CLIENT_STREAM_H_
 #define NET_QUIC_QUIC_CRYPTO_CLIENT_STREAM_H_
 
-#include <stdint.h>
-
+#include <cstdint>
+#include <memory>
 #include <string>
 
 #include "base/macros.h"
@@ -108,7 +108,7 @@ class NET_EXPORT_PRIVATE QuicCryptoClientStream
     ~ChannelIDSourceCallbackImpl() override;
 
     // ChannelIDSourceCallback interface.
-    void Run(scoped_ptr<ChannelIDKey>* channel_id_key) override;
+    void Run(std::unique_ptr<ChannelIDKey>* channel_id_key) override;
 
     // Cancel causes any future callbacks to be ignored. It must be called on
     // the same thread as the callback will be made on.
@@ -129,7 +129,7 @@ class NET_EXPORT_PRIVATE QuicCryptoClientStream
     // ProofVerifierCallback interface.
     void Run(bool ok,
              const std::string& error_details,
-             scoped_ptr<ProofVerifyDetails>* details) override;
+             std::unique_ptr<ProofVerifyDetails>* details) override;
 
     // Cancel causes any future callbacks to be ignored. It must be called on
     // the same thread as the callback will be made on.
@@ -239,11 +239,11 @@ class NET_EXPORT_PRIVATE QuicCryptoClientStream
   // These members are used to store the result of an asynchronous channel ID
   // lookup. These members must not be used after
   // STATE_GET_CHANNEL_ID_COMPLETE.
-  scoped_ptr<ChannelIDKey> channel_id_key_;
+  std::unique_ptr<ChannelIDKey> channel_id_key_;
 
   // verify_context_ contains the context object that we pass to asynchronous
   // proof verifications.
-  scoped_ptr<ProofVerifyContext> verify_context_;
+  std::unique_ptr<ProofVerifyContext> verify_context_;
 
   // proof_verify_callback_ contains the callback object that we passed to an
   // asynchronous proof verification. The ProofVerifier owns this object.
@@ -257,7 +257,7 @@ class NET_EXPORT_PRIVATE QuicCryptoClientStream
   // STATE_VERIFY_PROOF_COMPLETE.
   bool verify_ok_;
   std::string verify_error_details_;
-  scoped_ptr<ProofVerifyDetails> verify_details_;
+  std::unique_ptr<ProofVerifyDetails> verify_details_;
 
   // True if the server responded to a previous CHLO with a stateless
   // reject.  Used for book-keeping between the STATE_RECV_REJ,
diff --git a/chromium/net/quic/quic_crypto_client_stream_factory.cc b/chromium/net/quic/quic_crypto_client_stream_factory.cc
index 41ca05b922c..8c43218ed94 100644
--- a/chromium/net/quic/quic_crypto_client_stream_factory.cc
+++ b/chromium/net/quic/quic_crypto_client_stream_factory.cc
@@ -18,7 +18,7 @@ class DefaultCryptoStreamFactory : public QuicCryptoClientStreamFactory {
   QuicCryptoClientStream* CreateQuicCryptoClientStream(
       const QuicServerId& server_id,
       QuicChromiumClientSession* session,
-      scoped_ptr<ProofVerifyContext> proof_verify_context,
+      std::unique_ptr<ProofVerifyContext> proof_verify_context,
       QuicCryptoClientConfig* crypto_config) override {
     return new QuicCryptoClientStream(server_id, session,
                                       proof_verify_context.release(),
diff --git a/chromium/net/quic/quic_crypto_client_stream_factory.h b/chromium/net/quic/quic_crypto_client_stream_factory.h
index cd1d4302bfb..98460e1e1fa 100644
--- a/chromium/net/quic/quic_crypto_client_stream_factory.h
+++ b/chromium/net/quic/quic_crypto_client_stream_factory.h
@@ -5,9 +5,9 @@
 #ifndef NET_QUIC_QUIC_CRYPTO_CLIENT_STREAM_FACTORY_H_
 #define NET_QUIC_QUIC_CRYPTO_CLIENT_STREAM_FACTORY_H_
 
+#include <memory>
 #include <string>
 
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 
 namespace net {
@@ -27,7 +27,7 @@ class NET_EXPORT QuicCryptoClientStreamFactory {
   virtual QuicCryptoClientStream* CreateQuicCryptoClientStream(
       const QuicServerId& server_id,
       QuicChromiumClientSession* session,
-      scoped_ptr<ProofVerifyContext> proof_verify_context,
+      std::unique_ptr<ProofVerifyContext> proof_verify_context,
       QuicCryptoClientConfig* crypto_config) = 0;
 
   static QuicCryptoClientStreamFactory* GetDefaultFactory();
diff --git a/chromium/net/quic/quic_crypto_client_stream_test.cc b/chromium/net/quic/quic_crypto_client_stream_test.cc
index 2909e3780f5..2644d37b1f1 100644
--- a/chromium/net/quic/quic_crypto_client_stream_test.cc
+++ b/chromium/net/quic/quic_crypto_client_stream_test.cc
@@ -4,7 +4,8 @@
 
 #include "net/quic/quic_crypto_client_stream.h"
 
-#include "base/memory/scoped_ptr.h"
+#include <memory>
+
 #include "net/quic/crypto/aes_128_gcm_12_encrypter.h"
 #include "net/quic/crypto/quic_decrypter.h"
 #include "net/quic/crypto/quic_encrypter.h"
@@ -39,7 +40,8 @@ class QuicCryptoClientStreamTest : public ::testing::Test {
   }
 
   void CreateConnection() {
-    connection_ = new PacketSavingConnection(&helper_, Perspective::IS_CLIENT);
+    connection_ = new PacketSavingConnection(&helper_, &alarm_factory_,
+                                             Perspective::IS_CLIENT);
     // Advance the time, because timers do not like uninitialized times.
     connection_->AdvanceTime(QuicTime::Delta::FromSeconds(1));
 
@@ -49,8 +51,8 @@ class QuicCryptoClientStreamTest : public ::testing::Test {
 
   void CompleteCryptoHandshake() {
     stream()->CryptoConnect();
-    CryptoTestUtils::HandshakeWithFakeServer(&helper_, connection_, stream(),
-                                             server_options_);
+    CryptoTestUtils::HandshakeWithFakeServer(
+        &helper_, &alarm_factory_, connection_, stream(), server_options_);
   }
 
   void ConstructHandshakeMessage() {
@@ -60,12 +62,13 @@ class QuicCryptoClientStreamTest : public ::testing::Test {
 
   QuicCryptoClientStream* stream() { return session_->GetCryptoStream(); }
 
-  MockConnectionHelper helper_;
+  MockQuicConnectionHelper helper_;
+  MockAlarmFactory alarm_factory_;
   PacketSavingConnection* connection_;
-  scoped_ptr<TestQuicSpdyClientSession> session_;
+  std::unique_ptr<TestQuicSpdyClientSession> session_;
   QuicServerId server_id_;
   CryptoHandshakeMessage message_;
-  scoped_ptr<QuicData> message_data_;
+  std::unique_ptr<QuicData> message_data_;
   QuicCryptoClientConfig crypto_config_;
   CryptoTestUtils::FakeServerOptions server_options_;
 };
@@ -193,7 +196,7 @@ TEST_F(QuicCryptoClientStreamTest, ServerConfigUpdate) {
   server_config_update.SetValue(kSourceAddressTokenTag, stk);
   server_config_update.SetValue(kSCFG, scfg);
 
-  scoped_ptr<QuicData> data(
+  std::unique_ptr<QuicData> data(
       CryptoFramer::ConstructHandshakeMessage(server_config_update));
   stream()->OnStreamFrame(QuicStreamFrame(kCryptoStreamId, /*fin=*/false,
                                           /*offset=*/0, data->AsStringPiece()));
@@ -213,7 +216,7 @@ TEST_F(QuicCryptoClientStreamTest, ServerConfigUpdateBeforeHandshake) {
       CloseConnection(QUIC_CRYPTO_UPDATE_BEFORE_HANDSHAKE_COMPLETE, _, _));
   CryptoHandshakeMessage server_config_update;
   server_config_update.set_tag(kSCUP);
-  scoped_ptr<QuicData> data(
+  std::unique_ptr<QuicData> data(
       CryptoFramer::ConstructHandshakeMessage(server_config_update));
   stream()->OnStreamFrame(QuicStreamFrame(kCryptoStreamId, /*fin=*/false,
                                           /*offset=*/0, data->AsStringPiece()));
@@ -266,11 +269,12 @@ class QuicCryptoClientStreamStatelessTest : public ::testing::Test {
             QuicCompressedCertsCache::kQuicCompressedCertsCacheSize),
         server_id_(kServerHostname, kServerPort, PRIVACY_MODE_DISABLED) {
     TestQuicSpdyClientSession* client_session = nullptr;
-    CreateClientSessionForTest(
-        server_id_,
-        /* supports_stateless_rejects= */ true,
-        QuicTime::Delta::FromSeconds(100000), QuicSupportedVersions(), &helper_,
-        &client_crypto_config_, &client_connection_, &client_session);
+    CreateClientSessionForTest(server_id_,
+                               /* supports_stateless_rejects= */ true,
+                               QuicTime::Delta::FromSeconds(100000),
+                               QuicSupportedVersions(), &helper_,
+                               &alarm_factory_, &client_crypto_config_,
+                               &client_connection_, &client_session);
     CHECK(client_session);
     client_session_.reset(client_session);
   }
@@ -289,10 +293,11 @@ class QuicCryptoClientStreamStatelessTest : public ::testing::Test {
   // Initializes the server_stream_ for stateless rejects.
   void InitializeFakeStatelessRejectServer() {
     TestQuicSpdyServerSession* server_session = nullptr;
-    CreateServerSessionForTest(
-        server_id_, QuicTime::Delta::FromSeconds(100000),
-        QuicSupportedVersions(), &helper_, &server_crypto_config_,
-        &server_compressed_certs_cache_, &server_connection_, &server_session);
+    CreateServerSessionForTest(server_id_, QuicTime::Delta::FromSeconds(100000),
+                               QuicSupportedVersions(), &helper_,
+                               &alarm_factory_, &server_crypto_config_,
+                               &server_compressed_certs_cache_,
+                               &server_connection_, &server_session);
     CHECK(server_session);
     server_session_.reset(server_session);
     CryptoTestUtils::FakeServerOptions options;
@@ -302,16 +307,17 @@ class QuicCryptoClientStreamStatelessTest : public ::testing::Test {
     FLAGS_enable_quic_stateless_reject_support = true;
   }
 
-  MockConnectionHelper helper_;
+  MockQuicConnectionHelper helper_;
+  MockAlarmFactory alarm_factory_;
 
   // Client crypto stream state
   PacketSavingConnection* client_connection_;
-  scoped_ptr<TestQuicSpdyClientSession> client_session_;
+  std::unique_ptr<TestQuicSpdyClientSession> client_session_;
   QuicCryptoClientConfig client_crypto_config_;
 
   // Server crypto stream state
   PacketSavingConnection* server_connection_;
-  scoped_ptr<TestQuicSpdyServerSession> server_session_;
+  std::unique_ptr<TestQuicSpdyServerSession> server_session_;
   QuicCryptoServerConfig server_crypto_config_;
   QuicCompressedCertsCache server_compressed_certs_cache_;
   QuicServerId server_id_;
diff --git a/chromium/net/quic/quic_crypto_server_stream.cc b/chromium/net/quic/quic_crypto_server_stream.cc
index 7671c06fe7e..f79e60dae68 100644
--- a/chromium/net/quic/quic_crypto_server_stream.cc
+++ b/chromium/net/quic/quic_crypto_server_stream.cc
@@ -4,6 +4,8 @@
 
 #include "net/quic/quic_crypto_server_stream.h"
 
+#include <memory>
+
 #include "base/base64.h"
 #include "crypto/secure_hash.h"
 #include "net/quic/crypto/crypto_protocol.h"
@@ -16,6 +18,7 @@
 #include "net/quic/quic_protocol.h"
 #include "net/quic/quic_session.h"
 
+using base::StringPiece;
 using std::string;
 
 namespace net {
@@ -111,8 +114,10 @@ void QuicCryptoServerStream::OnHandshakeMessage(
     return;
   }
 
+  CryptoUtils::HashHandshakeMessage(message, &chlo_hash_);
+
   validate_client_hello_cb_ = new ValidateCallback(this);
-  return crypto_config_->ValidateClientHello(
+  crypto_config_->ValidateClientHello(
       message, session()->connection()->peer_address().address(),
       session()->connection()->self_address().address(), version(),
       session()->connection()->clock(), &crypto_proof_,
@@ -131,9 +136,10 @@ void QuicCryptoServerStream::FinishProcessingHandshakeMessage(
   }
 
   CryptoHandshakeMessage reply;
+  DiversificationNonce diversification_nonce;
   string error_details;
-  QuicErrorCode error =
-      ProcessClientHello(message, result, &reply, &error_details);
+  QuicErrorCode error = ProcessClientHello(
+      message, result, &reply, &diversification_nonce, &error_details);
 
   if (error != QUIC_NO_ERROR) {
     CloseConnectionWithDetails(error, error_details);
@@ -194,6 +200,9 @@ void QuicCryptoServerStream::FinishProcessingHandshakeMessage(
   session()->connection()->SetDecrypter(
       ENCRYPTION_INITIAL,
       crypto_negotiated_params_.initial_crypters.decrypter.release());
+  if (version() > QUIC_VERSION_32) {
+    session()->connection()->SetDiversificationNonce(diversification_nonce);
+  }
 
   // We want to be notified when the SHLO is ACKed so that we can disable
   // HANDSHAKE_MODE in the sent packet manager.
@@ -204,6 +213,11 @@ void QuicCryptoServerStream::FinishProcessingHandshakeMessage(
   session()->connection()->SetEncrypter(
       ENCRYPTION_FORWARD_SECURE,
       crypto_negotiated_params_.forward_secure_crypters.encrypter.release());
+  if (config->HasClientSentConnectionOption(kIPFS, Perspective::IS_SERVER)) {
+    session()->connection()->SetDefaultEncryptionLevel(
+        ENCRYPTION_FORWARD_SECURE);
+  }
+
   session()->connection()->SetAlternativeDecrypter(
       ENCRYPTION_FORWARD_SECURE,
       crypto_negotiated_params_.forward_secure_crypters.decrypter.release(),
@@ -222,7 +236,8 @@ void QuicCryptoServerStream::SendServerConfigUpdate(
 
   CryptoHandshakeMessage server_config_update_message;
   if (!crypto_config_->BuildServerConfigUpdateMessage(
-          session()->connection()->version(), previous_source_address_tokens_,
+          session()->connection()->version(), chlo_hash_,
+          previous_source_address_tokens_,
           session()->connection()->self_address().address(),
           session()->connection()->peer_address().address(),
           session()->connection()->clock(),
@@ -236,7 +251,7 @@ void QuicCryptoServerStream::SendServerConfigUpdate(
   DVLOG(1) << "Server: Sending server config update: "
            << server_config_update_message.DebugString();
   const QuicData& data = server_config_update_message.GetSerialized();
-  WriteOrBufferData(string(data.data(), data.length()), false, nullptr);
+  WriteOrBufferData(StringPiece(data.data(), data.length()), false, nullptr);
 
   ++num_server_config_update_messages_sent_;
 }
@@ -289,7 +304,7 @@ bool QuicCryptoServerStream::GetBase64SHA256ClientChannelID(
   }
 
   const string& channel_id(crypto_negotiated_params_.channel_id);
-  scoped_ptr<crypto::SecureHash> hash(
+  std::unique_ptr<crypto::SecureHash> hash(
       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   hash->Update(channel_id.data(), channel_id.size());
   uint8_t digest[32];
@@ -315,6 +330,7 @@ QuicErrorCode QuicCryptoServerStream::ProcessClientHello(
     const CryptoHandshakeMessage& message,
     const ValidateClientHelloResultCallback::Result& result,
     CryptoHandshakeMessage* reply,
+    DiversificationNonce* out_diversification_nonce,
     string* error_details) {
   if (!result.info.server_nonce.empty()) {
     ++num_handshake_messages_with_server_nonces_;
@@ -340,7 +356,7 @@ QuicErrorCode QuicCryptoServerStream::ProcessClientHello(
       use_stateless_rejects_in_crypto_config, server_designated_connection_id,
       connection->clock(), connection->random_generator(),
       compressed_certs_cache_, &crypto_negotiated_params_, &crypto_proof_,
-      reply, error_details);
+      reply, out_diversification_nonce, error_details);
 }
 
 void QuicCryptoServerStream::OverrideQuicConfigDefaults(QuicConfig* config) {}
diff --git a/chromium/net/quic/quic_crypto_server_stream.h b/chromium/net/quic/quic_crypto_server_stream.h
index b78e8881354..8afb86c21e1 100644
--- a/chromium/net/quic/quic_crypto_server_stream.h
+++ b/chromium/net/quic/quic_crypto_server_stream.h
@@ -5,8 +5,8 @@
 #ifndef NET_QUIC_QUIC_CRYPTO_SERVER_STREAM_H_
 #define NET_QUIC_QUIC_CRYPTO_SERVER_STREAM_H_
 
-#include <stdint.h>
-
+#include <cstdint>
+#include <memory>
 #include <string>
 
 #include "base/macros.h"
@@ -121,6 +121,7 @@ class NET_EXPORT_PRIVATE QuicCryptoServerStream
       const CryptoHandshakeMessage& message,
       const ValidateClientHelloResultCallback::Result& result,
       CryptoHandshakeMessage* reply,
+      DiversificationNonce* out_diversification_nonce,
       std::string* error_details);
 
   // Hook that allows the server to set QuicConfig defaults just
@@ -175,6 +176,10 @@ class NET_EXPORT_PRIVATE QuicCryptoServerStream
   // by ProofSource::GetProof.
   QuicCryptoProof crypto_proof_;
 
+  // Hash of the last received CHLO message which can be used for generating
+  // server config update messages.
+  std::string chlo_hash_;
+
   // Pointer to the active callback that will receive the result of
   // the client hello validation request and forward it to
   // FinishProcessingHandshakeMessage for processing.  nullptr if no
@@ -195,7 +200,7 @@ class NET_EXPORT_PRIVATE QuicCryptoServerStream
   // If the client provides CachedNetworkParameters in the STK in the CHLO, then
   // store here, and send back in future STKs if we have no better bandwidth
   // estimate to send.
-  scoped_ptr<CachedNetworkParameters> previous_cached_network_params_;
+  std::unique_ptr<CachedNetworkParameters> previous_cached_network_params_;
 
   // Contains any source address tokens which were present in the CHLO.
   SourceAddressTokens previous_source_address_tokens_;
diff --git a/chromium/net/quic/quic_crypto_server_stream_test.cc b/chromium/net/quic/quic_crypto_server_stream_test.cc
index da3eba03671..5ed418d0d46 100644
--- a/chromium/net/quic/quic_crypto_server_stream_test.cc
+++ b/chromium/net/quic/quic_crypto_server_stream_test.cc
@@ -5,9 +5,9 @@
 #include "net/quic/quic_crypto_server_stream.h"
 
 #include <map>
+#include <memory>
 #include <vector>
 
-#include "base/memory/scoped_ptr.h"
 #include "base/stl_util.h"
 #include "net/quic/crypto/aes_128_gcm_12_encrypter.h"
 #include "net/quic/crypto/crypto_framer.h"
@@ -24,6 +24,7 @@
 #include "net/quic/quic_session.h"
 #include "net/quic/test_tools/crypto_test_utils.h"
 #include "net/quic/test_tools/delayed_verify_strike_register_client.h"
+#include "net/quic/test_tools/quic_crypto_server_config_peer.h"
 #include "net/quic/test_tools/quic_test_utils.h"
 #include "testing/gmock/include/gmock/gmock.h"
 #include "testing/gtest/include/gtest/gtest.h"
@@ -40,16 +41,6 @@ using testing::_;
 namespace net {
 namespace test {
 
-class QuicCryptoServerConfigPeer {
- public:
-  static string GetPrimaryOrbit(const QuicCryptoServerConfig& config) {
-    base::AutoLock lock(config.configs_lock_);
-    CHECK(config.primary_config_.get() != nullptr);
-    return string(reinterpret_cast<const char*>(config.primary_config_->orbit),
-                  kOrbitSize);
-  }
-};
-
 class QuicCryptoServerStreamPeer {
  public:
   static bool DoesPeerSupportStatelessRejects(
@@ -82,14 +73,13 @@ class QuicCryptoServerStreamTest : public ::testing::TestWithParam<bool> {
     InitializeServer();
 
     if (AsyncStrikeRegisterVerification()) {
-      string orbit =
-          QuicCryptoServerConfigPeer::GetPrimaryOrbit(server_crypto_config_);
+      QuicCryptoServerConfigPeer peer(&server_crypto_config_);
       strike_register_client_ = new DelayedVerifyStrikeRegisterClient(
           10000,  // strike_register_max_entries
           static_cast<uint32_t>(
               server_connection_->clock()->WallNow().ToUNIXSeconds()),
           60,  // strike_register_window_secs
-          reinterpret_cast<const uint8_t*>(orbit.data()),
+          peer.GetPrimaryConfig()->orbit,
           StrikeRegister::NO_STARTUP_PERIOD_NEEDED);
       strike_register_client_->StartDelayingVerification();
       server_crypto_config_.SetStrikeRegisterClient(strike_register_client_);
@@ -102,16 +92,18 @@ class QuicCryptoServerStreamTest : public ::testing::TestWithParam<bool> {
     server_session_.reset();
     client_session_.reset();
     STLDeleteElements(&helpers_);
+    STLDeleteElements(&alarm_factories_);
   }
 
   // Initializes the crypto server stream state for testing.  May be
   // called multiple times.
   void InitializeServer() {
     TestQuicSpdyServerSession* server_session = nullptr;
-    helpers_.push_back(new MockConnectionHelper);
+    helpers_.push_back(new MockQuicConnectionHelper);
+    alarm_factories_.push_back(new MockAlarmFactory);
     CreateServerSessionForTest(
         server_id_, QuicTime::Delta::FromSeconds(100000), supported_versions_,
-        helpers_.back(), &server_crypto_config_,
+        helpers_.back(), alarm_factories_.back(), &server_crypto_config_,
         &server_compressed_certs_cache_, &server_connection_, &server_session);
     CHECK(server_session);
     server_session_.reset(server_session);
@@ -134,13 +126,14 @@ class QuicCryptoServerStreamTest : public ::testing::TestWithParam<bool> {
   // testing.  May be called multiple times.
   void InitializeFakeClient(bool supports_stateless_rejects) {
     TestQuicSpdyClientSession* client_session = nullptr;
-    helpers_.push_back(new MockConnectionHelper);
-    CreateClientSessionForTest(server_id_, supports_stateless_rejects,
-                               QuicTime::Delta::FromSeconds(100000),
-                               supported_versions_,
-
-                               helpers_.back(), &client_crypto_config_,
-                               &client_connection_, &client_session);
+    helpers_.push_back(new MockQuicConnectionHelper);
+    alarm_factories_.push_back(new MockAlarmFactory);
+    CreateClientSessionForTest(
+        server_id_, supports_stateless_rejects,
+        QuicTime::Delta::FromSeconds(100000), supported_versions_,
+
+        helpers_.back(), alarm_factories_.back(), &client_crypto_config_,
+        &client_connection_, &client_session);
     CHECK(client_session);
     client_session_.reset(client_session);
   }
@@ -161,8 +154,8 @@ class QuicCryptoServerStreamTest : public ::testing::TestWithParam<bool> {
     CHECK(server_connection_);
     CHECK(server_session_ != nullptr);
     return CryptoTestUtils::HandshakeWithFakeClient(
-        helpers_.back(), server_connection_, server_stream(), server_id_,
-        client_options_);
+        helpers_.back(), alarm_factories_.back(), server_connection_,
+        server_stream(), server_id_, client_options_);
   }
 
   // Performs a single round of handshake message-exchange between the
@@ -178,14 +171,17 @@ class QuicCryptoServerStreamTest : public ::testing::TestWithParam<bool> {
   }
 
  protected:
-  // Every connection gets its own MockConnectionHelper, tracked separately
-  // from the server and client state so their lifetimes persist through the
-  // whole test.
-  std::vector<MockConnectionHelper*> helpers_;
+  // Every connection gets its own MockQuicConnectionHelper and
+  // MockAlarmFactory,
+  // tracked separately from
+  // the server and client state so their lifetimes persist through the whole
+  // test.
+  std::vector<MockQuicConnectionHelper*> helpers_;
+  std::vector<MockAlarmFactory*> alarm_factories_;
 
   // Server state
   PacketSavingConnection* server_connection_;
-  scoped_ptr<TestQuicSpdyServerSession> server_session_;
+  std::unique_ptr<TestQuicSpdyServerSession> server_session_;
   QuicCryptoServerConfig server_crypto_config_;
   QuicCompressedCertsCache server_compressed_certs_cache_;
   QuicServerId server_id_;
@@ -193,10 +189,10 @@ class QuicCryptoServerStreamTest : public ::testing::TestWithParam<bool> {
   // Client state
   PacketSavingConnection* client_connection_;
   QuicCryptoClientConfig client_crypto_config_;
-  scoped_ptr<TestQuicSpdyClientSession> client_session_;
+  std::unique_ptr<TestQuicSpdyClientSession> client_session_;
 
   CryptoHandshakeMessage message_;
-  scoped_ptr<QuicData> message_data_;
+  std::unique_ptr<QuicData> message_data_;
   CryptoTestUtils::FakeClientOptions client_options_;
   DelayedVerifyStrikeRegisterClient* strike_register_client_;
 
@@ -229,6 +225,28 @@ TEST_P(QuicCryptoServerStreamTest, ConnectedAfterCHLO) {
   EXPECT_TRUE(server_stream()->handshake_confirmed());
 }
 
+TEST_P(QuicCryptoServerStreamTest, EncryptionLevelAfterCHLO) {
+  Initialize();
+  InitializeFakeClient(/* supports_stateless_rejects= */ false);
+
+  // Do a first handshake in order to prime the client config with the server's
+  // information.
+  AdvanceHandshakeWithFakeClient();
+  EXPECT_FALSE(server_stream()->encryption_established());
+  EXPECT_FALSE(server_stream()->handshake_confirmed());
+
+  // Now do another handshake, with the blocking SHLO connection option.
+  InitializeServer();
+  InitializeFakeClient(/* supports_stateless_rejects= */ false);
+  client_session_->config()->SetConnectionOptionsToSend({kIPFS});
+
+  AdvanceHandshakeWithFakeClient();
+  EXPECT_TRUE(server_stream()->encryption_established());
+  EXPECT_TRUE(server_stream()->handshake_confirmed());
+  EXPECT_EQ(ENCRYPTION_FORWARD_SECURE,
+            server_session_->connection()->encryption_level());
+}
+
 TEST_P(QuicCryptoServerStreamTest, StatelessRejectAfterCHLO) {
   ValueRestore<bool> old_flag(&FLAGS_enable_quic_stateless_reject_support,
                               true);
@@ -379,11 +397,7 @@ TEST_P(QuicCryptoServerStreamTest, ZeroRTT) {
         server_stream());
   }
 
-  if (AsyncStrikeRegisterVerification()) {
-    EXPECT_EQ(1, client_stream()->num_sent_client_hellos());
-  } else {
-    EXPECT_EQ(2, client_stream()->num_sent_client_hellos());
-  }
+  EXPECT_EQ(1, client_stream()->num_sent_client_hellos());
 }
 
 TEST_P(QuicCryptoServerStreamTest, MessageAfterHandshake) {
@@ -445,6 +459,31 @@ TEST_P(QuicCryptoServerStreamTest, OnlySendSCUPAfterHandshakeComplete) {
   EXPECT_EQ(0, server_stream()->NumServerConfigUpdateMessagesSent());
 }
 
+TEST_P(QuicCryptoServerStreamTest, SendSCUPAfterHandshakeComplete) {
+  FLAGS_quic_use_hash_in_scup = true;
+  Initialize();
+
+  InitializeFakeClient(/* supports_stateless_rejects= */ false);
+
+  // Do a first handshake in order to prime the client config with the server's
+  // information.
+  AdvanceHandshakeWithFakeClient();
+
+  // Now do another handshake, with the blocking SHLO connection option.
+  InitializeServer();
+  InitializeFakeClient(/* supports_stateless_rejects= */ false);
+  AdvanceHandshakeWithFakeClient();
+
+  // Send a SCUP message and ensure that the client was able to verify it.
+  EXPECT_CALL(*client_connection_, CloseConnection(_, _, _)).Times(0);
+  server_stream()->SendServerConfigUpdate(nullptr);
+  CryptoTestUtils::AdvanceHandshake(client_connection_, client_stream(), 1,
+                                    server_connection_, server_stream(), 1);
+
+  EXPECT_EQ(1, server_stream()->NumServerConfigUpdateMessagesSent());
+  EXPECT_EQ(1, client_stream()->num_scup_messages_received());
+}
+
 TEST_P(QuicCryptoServerStreamTest, DoesPeerSupportStatelessRejects) {
   Initialize();
 
diff --git a/chromium/net/quic/quic_crypto_stream.cc b/chromium/net/quic/quic_crypto_stream.cc
index ee44b6cd222..f9048716737 100644
--- a/chromium/net/quic/quic_crypto_stream.cc
+++ b/chromium/net/quic/quic_crypto_stream.cc
@@ -72,7 +72,7 @@ void QuicCryptoStream::SendHandshakeMessage(
   session()->OnCryptoHandshakeMessageSent(message);
   const QuicData& data = message.GetSerialized();
   // TODO(wtc): check the return value.
-  WriteOrBufferData(string(data.data(), data.length()), false, listener);
+  WriteOrBufferData(StringPiece(data.data(), data.length()), false, listener);
 }
 
 bool QuicCryptoStream::ExportKeyingMaterial(StringPiece label,
diff --git a/chromium/net/quic/quic_crypto_stream_test.cc b/chromium/net/quic/quic_crypto_stream_test.cc
index 69d09d2401e..c7024f7cf61 100644
--- a/chromium/net/quic/quic_crypto_stream_test.cc
+++ b/chromium/net/quic/quic_crypto_stream_test.cc
@@ -4,11 +4,12 @@
 
 #include "net/quic/quic_crypto_stream.h"
 
+#include <cstdint>
+#include <memory>
 #include <string>
 #include <vector>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/quic/crypto/crypto_handshake.h"
 #include "net/quic/crypto/crypto_protocol.h"
 #include "net/quic/test_tools/crypto_test_utils.h"
@@ -44,7 +45,9 @@ class MockQuicCryptoStream : public QuicCryptoStream {
 class QuicCryptoStreamTest : public ::testing::Test {
  public:
   QuicCryptoStreamTest()
-      : connection_(new MockConnection(&helper_, Perspective::IS_CLIENT)),
+      : connection_(new MockQuicConnection(&helper_,
+                                           &alarm_factory_,
+                                           Perspective::IS_CLIENT)),
         session_(connection_),
         stream_(&session_) {
     message_.set_tag(kSHLO);
@@ -59,12 +62,13 @@ class QuicCryptoStreamTest : public ::testing::Test {
   }
 
  protected:
-  MockConnectionHelper helper_;
-  MockConnection* connection_;
+  MockQuicConnectionHelper helper_;
+  MockAlarmFactory alarm_factory_;
+  MockQuicConnection* connection_;
   MockQuicSpdySession session_;
   MockQuicCryptoStream stream_;
   CryptoHandshakeMessage message_;
-  scoped_ptr<QuicData> message_data_;
+  std::unique_ptr<QuicData> message_data_;
 
  private:
   DISALLOW_COPY_AND_ASSIGN(QuicCryptoStreamTest);
diff --git a/chromium/net/quic/quic_data_reader.cc b/chromium/net/quic/quic_data_reader.cc
index 191263b1b26..fb8443d88f8 100644
--- a/chromium/net/quic/quic_data_reader.cc
+++ b/chromium/net/quic/quic_data_reader.cc
@@ -53,8 +53,9 @@ bool QuicDataReader::ReadUFloat16(uint64_t* result) {
   // hidden bit.
   *result -= exponent << kUFloat16MantissaBits;
   *result <<= exponent;
-  DCHECK_GE(value, 1 << kUFloat16MantissaEffectiveBits);
-  DCHECK_LE(value, kUFloat16MaxValue);
+  DCHECK_GE(*result,
+            static_cast<uint64_t>(1 << kUFloat16MantissaEffectiveBits));
+  DCHECK_LE(*result, kUFloat16MaxValue);
   return true;
 }
 
diff --git a/chromium/net/quic/quic_data_writer_test.cc b/chromium/net/quic/quic_data_writer_test.cc
index b3d6e7770bd..f3d2bbbdafe 100644
--- a/chromium/net/quic/quic_data_writer_test.cc
+++ b/chromium/net/quic/quic_data_writer_test.cc
@@ -6,7 +6,8 @@
 
 #include <stdint.h>
 
-#include "base/memory/scoped_ptr.h"
+#include <memory>
+
 #include "net/quic/quic_data_reader.h"
 #include "net/test/gtest_util.h"
 #include "testing/gtest/include/gtest/gtest.h"
diff --git a/chromium/net/quic/quic_end_to_end_unittest.cc b/chromium/net/quic/quic_end_to_end_unittest.cc
index 7441c7f36f1..612e48d6cd1 100644
--- a/chromium/net/quic/quic_end_to_end_unittest.cc
+++ b/chromium/net/quic/quic_end_to_end_unittest.cc
@@ -2,12 +2,13 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include <memory>
 #include <ostream>
 #include <utility>
 #include <vector>
 
 #include "base/compiler_specific.h"
-#include "base/memory/scoped_ptr.h"
+#include "base/memory/ptr_util.h"
 #include "base/stl_util.h"
 #include "base/strings/string_number_conversions.h"
 #include "net/base/elements_upload_data_stream.h"
@@ -62,7 +63,7 @@ class TestTransactionFactory : public HttpTransactionFactory {
 
   // HttpTransactionFactory methods
   int CreateTransaction(RequestPriority priority,
-                        scoped_ptr<HttpTransaction>* trans) override {
+                        std::unique_ptr<HttpTransaction>* trans) override {
     trans->reset(new HttpNetworkTransaction(priority, session_.get()));
     return OK;
   }
@@ -72,7 +73,7 @@ class TestTransactionFactory : public HttpTransactionFactory {
   HttpNetworkSession* GetSession() override { return session_.get(); };
 
  private:
-  scoped_ptr<HttpNetworkSession> session_;
+  std::unique_ptr<HttpNetworkSession> session_;
 };
 
 struct TestParams {
@@ -223,8 +224,8 @@ class QuicEndToEndTest : public ::testing::TestWithParam<TestParams> {
   // Initializes |request_| for a post of |length| bytes.
   void InitializePostRequest(size_t length) {
     GenerateBody(length);
-    std::vector<scoped_ptr<UploadElementReader>> element_readers;
-    element_readers.push_back(make_scoped_ptr(new UploadBytesElementReader(
+    std::vector<std::unique_ptr<UploadElementReader>> element_readers;
+    element_readers.push_back(base::WrapUnique(new UploadBytesElementReader(
         request_body_.data(), request_body_.length())));
     upload_data_stream_.reset(
         new ElementsUploadDataStream(std::move(element_readers), 0));
@@ -244,22 +245,22 @@ class QuicEndToEndTest : public ::testing::TestWithParam<TestParams> {
     EXPECT_EQ(body, consumer.content());
   }
 
-  scoped_ptr<MockHostResolver> host_resolver_impl_;
+  std::unique_ptr<MockHostResolver> host_resolver_impl_;
   MappedHostResolver host_resolver_;
   MockCertVerifier cert_verifier_;
-  scoped_ptr<ChannelIDService> channel_id_service_;
+  std::unique_ptr<ChannelIDService> channel_id_service_;
   TransportSecurityState transport_security_state_;
-  scoped_ptr<CTVerifier> cert_transparency_verifier_;
+  std::unique_ptr<CTVerifier> cert_transparency_verifier_;
   scoped_refptr<SSLConfigServiceDefaults> ssl_config_service_;
-  scoped_ptr<ProxyService> proxy_service_;
-  scoped_ptr<HttpAuthHandlerFactory> auth_handler_factory_;
+  std::unique_ptr<ProxyService> proxy_service_;
+  std::unique_ptr<HttpAuthHandlerFactory> auth_handler_factory_;
   HttpServerPropertiesImpl http_server_properties;
   HttpNetworkSession::Params params_;
-  scoped_ptr<TestTransactionFactory> transaction_factory_;
+  std::unique_ptr<TestTransactionFactory> transaction_factory_;
   HttpRequestInfo request_;
   std::string request_body_;
-  scoped_ptr<UploadDataStream> upload_data_stream_;
-  scoped_ptr<ServerThread> server_thread_;
+  std::unique_ptr<UploadDataStream> upload_data_stream_;
+  std::unique_ptr<ServerThread> server_thread_;
   IPEndPoint server_address_;
   std::string server_hostname_;
   QuicConfig server_config_;
diff --git a/chromium/net/quic/quic_fec_group_test.cc b/chromium/net/quic/quic_fec_group_test.cc
index 5f5358dcdda..50c4c55c37e 100644
--- a/chromium/net/quic/quic_fec_group_test.cc
+++ b/chromium/net/quic/quic_fec_group_test.cc
@@ -5,10 +5,10 @@
 #include "net/quic/quic_fec_group.h"
 
 #include <algorithm>
+#include <memory>
 #include <vector>
 
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
 #include "testing/gmock/include/gmock/gmock.h"
 
 using ::testing::_;
@@ -46,7 +46,7 @@ class QuicFecGroupTest : public ::testing::Test {
     // kData[] and kEntropyFlag[] are indexed by packet numbers, which
     // start at 1.
     DCHECK_GE(arraysize(kData), num_packets);
-    scoped_ptr<char[]> redundancy(new char[kDataMaxLen]);
+    std::unique_ptr<char[]> redundancy(new char[kDataMaxLen]);
     for (size_t i = 0; i < kDataMaxLen; i++) {
       redundancy[i] = 0x00;
     }
@@ -278,7 +278,7 @@ class MisalignedBuffer {
   char* buffer_;
   size_t size_;
 
-  scoped_ptr<char[]> allocation_;
+  std::unique_ptr<char[]> allocation_;
 };
 
 MisalignedBuffer::MisalignedBuffer(const string& original, size_t offset) {
diff --git a/chromium/net/quic/quic_flags.cc b/chromium/net/quic/quic_flags.cc
index b36fc3c1c05..06570496195 100644
--- a/chromium/net/quic/quic_flags.cc
+++ b/chromium/net/quic/quic_flags.cc
@@ -37,10 +37,11 @@ int64_t FLAGS_quic_time_wait_list_max_connections = 600000;
 bool FLAGS_enable_quic_stateless_reject_support = true;
 
 // This flag is not in use, just to keep consistency for shared code.
-bool FLAGS_quic_always_log_bugs_for_tests = false;
+bool FLAGS_quic_always_log_bugs_for_tests = true;
 
-// If true, flow controller may grow the receive window size if necessary.
-bool FLAGS_quic_auto_tune_receive_window = true;
+// If true, a QUIC connection option with tag DHDT can be used to disable
+// HPACK\'s dynamic table.
+bool FLAGS_quic_disable_hpack_dynamic_table = true;
 
 // If true, multipath is enabled for the connection.
 bool FLAGS_quic_enable_multipath = false;
@@ -81,46 +82,59 @@ bool FLAGS_quic_cede_correctly = true;
 // AES-GCM.
 bool FLAGS_quic_crypto_server_config_default_has_chacha20 = true;
 
-// If true, always log the cached network parameters, regardless of whether
-// bandwidth-resumption has been enabled.
-bool FLAGS_quic_log_received_parameters = true;
-
 // If true, QUIC will use newly refactored TCP sender code.
 bool FLAGS_quic_use_new_tcp_sender = true;
 
-// If true, the QUIC dispatcher will directly send version negotiation packets
-// without needing to create a QUIC session first.
-bool FLAGS_quic_stateless_version_negotiation = false;
-
-// QUIC Ack Decimation with tolerance for packet reordering.
-bool FLAGS_quic_ack_decimation2 = true;
-
 // If true, QUIC connections will defer responding to ACKs to their send alarms.
 bool FLAGS_quic_connection_defer_ack_response = true;
 
-// If true, SpdyFramer will call OnStreamEnd from SpdyFramerVisitorInterface
-// instead of empty-data sentinel calls when the stream is to be ended.
-bool FLAGS_spdy_on_stream_end = true;
+// Resend 0RTT requests in response to an REJ that re-establishes encryption.
+bool FLAGS_quic_reply_to_rej = true;
 
-// If true, QuicCryptoServerConfig will use cached compressed certificates
-// if the uncompressed certs to be compressed hits the cache.
-bool FLAGS_quic_use_cached_compressed_certs = true;
+// If true, QUIC connections can do bandwidth resumption with an initial window
+// of < 10 packets.
+bool FLAGS_quic_no_lower_bw_resumption_limit = true;
 
-// Enable a connection option allowing connections to time out if more than 5
-// consecutive RTOs are sent.
-bool FLAGS_quic_enable_rto_timeout = true;
+// Limit the ruction of slow start large reduction to 1/2 the current CWND once
+// the initial flight has been acked.
+bool FLAGS_quic_sslr_limit_reduction = true;
 
-// Use a byte conservation approach instead of packet conservation in the
-// Slow Start Large Reduction experiment.
-bool FLAGS_quic_sslr_byte_conservation = true;
+// Simplify QUIC's loss detection by combining time and nack based portions.
+bool FLAGS_quic_simplify_loss_detection = true;
 
-// Try to use the socket timestamp to determine the time a packet was
-// received instead of Now().
-bool FLAGS_quic_use_socket_timestamp = true;
+// If true, respect any configured max pacing rate.
+bool FLAGS_quic_max_pacing_rate = true;
 
-// If true, handling of errors from invalid stream frames is done in
-// one place in QuicStreamSequencer::OnStreamFrame.
-bool FLAGS_quic_consolidate_onstreamframe_errors = true;
+// If true, QuicWriter avoids calling HttpWriter::Write with 0 bytes when
+// last_data == false.
+bool FLAGS_quic_avoid_empty_nonfin_writes = true;
 
-// Resend 0RTT requests in response to an REJ that re-establishes encryption.
-bool FLAGS_quic_reply_to_rej = true;
+// If true, flow controller may grow the receive window size if necessary.
+bool FLAGS_quic_auto_tune_receive_window = true;
+
+// Add the ability for QUIC's time based loss detection to increase it's
+// threshold after spurious losses.
+bool FLAGS_quic_adaptive_loss_recovery = true;
+
+// If true, enable auto tuning by default (server side).
+bool FLAGS_quic_enable_autotune_by_default = true;
+
+// Use largest acked in the most recent ack instead of largest acked ever in
+// loss recovery.
+bool FLAGS_quic_loss_recovery_use_largest_acked = true;
+
+// Only set one alarm for sending at once, either the send alarm or
+// retransmission alarm.  Disabled because it breaks QUIC time loss detection.
+bool FLAGS_quic_only_one_sending_alarm = false;
+
+// If true, the hash of the CHLO message will be used in the proof generated for
+// an SCUP message.
+bool FLAGS_quic_use_hash_in_scup = true;
+
+// If true, consider receiving crypto frame on non crypto stream as memory
+// corruption.
+bool FLAGS_quic_detect_memory_corrpution = true;
+
+// If true, QUIC public reset packets will have the \"pre-v33\" public header
+// flags.
+bool FLAGS_quic_use_old_public_reset_packets = true;
diff --git a/chromium/net/quic/quic_flags.h b/chromium/net/quic/quic_flags.h
index e5c635ed57a..8d875e11281 100644
--- a/chromium/net/quic/quic_flags.h
+++ b/chromium/net/quic/quic_flags.h
@@ -17,7 +17,7 @@ NET_EXPORT_PRIVATE extern int64_t FLAGS_quic_time_wait_list_seconds;
 NET_EXPORT_PRIVATE extern int64_t FLAGS_quic_time_wait_list_max_connections;
 NET_EXPORT_PRIVATE extern bool FLAGS_enable_quic_stateless_reject_support;
 NET_EXPORT_PRIVATE extern bool FLAGS_quic_always_log_bugs_for_tests;
-NET_EXPORT_PRIVATE extern bool FLAGS_quic_auto_tune_receive_window;
+NET_EXPORT_PRIVATE extern bool FLAGS_quic_disable_hpack_dynamic_table;
 NET_EXPORT_PRIVATE extern bool FLAGS_quic_enable_multipath;
 NET_EXPORT_PRIVATE extern bool FLAGS_quic_require_handshake_confirmation;
 NET_EXPORT_PRIVATE extern bool FLAGS_shift_quic_cubic_epoch_when_app_limited;
@@ -25,22 +25,26 @@ NET_EXPORT_PRIVATE extern bool FLAGS_quic_measure_headers_hol_blocking_time;
 NET_EXPORT_PRIVATE extern bool FLAGS_quic_disable_pacing;
 NET_EXPORT_PRIVATE extern bool FLAGS_quic_never_write_unencrypted_data;
 NET_EXPORT_PRIVATE extern bool FLAGS_quic_require_fix;
-NET_EXPORT_PRIVATE extern bool FLAGS_quic_stateless_version_negotiation;
 NET_EXPORT_PRIVATE extern bool FLAGS_quic_supports_push_promise;
 NET_EXPORT_PRIVATE extern bool FLAGS_quic_supports_push_promise;
 NET_EXPORT_PRIVATE extern bool FLAGS_quic_cede_correctly;
 NET_EXPORT_PRIVATE extern bool
     FLAGS_quic_crypto_server_config_default_has_chacha20;
-NET_EXPORT_PRIVATE extern bool FLAGS_quic_log_received_parameters;
 NET_EXPORT_PRIVATE extern bool FLAGS_quic_use_new_tcp_sender;
-NET_EXPORT_PRIVATE extern bool FLAGS_quic_ack_decimation2;
 NET_EXPORT_PRIVATE extern bool FLAGS_quic_connection_defer_ack_response;
-NET_EXPORT_PRIVATE extern bool FLAGS_spdy_on_stream_end;
-NET_EXPORT_PRIVATE extern bool FLAGS_quic_use_cached_compressed_certs;
-NET_EXPORT_PRIVATE extern bool FLAGS_quic_enable_rto_timeout;
-NET_EXPORT_PRIVATE extern bool FLAGS_quic_sslr_byte_conservation;
-NET_EXPORT_PRIVATE extern bool FLAGS_quic_use_socket_timestamp;
-NET_EXPORT_PRIVATE extern bool FLAGS_quic_consolidate_onstreamframe_errors;
 NET_EXPORT_PRIVATE extern bool FLAGS_quic_reply_to_rej;
+NET_EXPORT_PRIVATE extern bool FLAGS_quic_no_lower_bw_resumption_limit;
+NET_EXPORT_PRIVATE extern bool FLAGS_quic_sslr_limit_reduction;
+NET_EXPORT_PRIVATE extern bool FLAGS_quic_simplify_loss_detection;
+NET_EXPORT_PRIVATE extern bool FLAGS_quic_max_pacing_rate;
+NET_EXPORT_PRIVATE extern bool FLAGS_quic_avoid_empty_nonfin_writes;
+NET_EXPORT_PRIVATE extern bool FLAGS_quic_auto_tune_receive_window;
+NET_EXPORT_PRIVATE extern bool FLAGS_quic_adaptive_loss_recovery;
+NET_EXPORT_PRIVATE extern bool FLAGS_quic_enable_autotune_by_default;
+NET_EXPORT_PRIVATE extern bool FLAGS_quic_loss_recovery_use_largest_acked;
+NET_EXPORT_PRIVATE extern bool FLAGS_quic_only_one_sending_alarm;
+NET_EXPORT_PRIVATE extern bool FLAGS_quic_use_hash_in_scup;
+NET_EXPORT_PRIVATE extern bool FLAGS_quic_detect_memory_corrpution;
+NET_EXPORT_PRIVATE extern bool FLAGS_quic_use_old_public_reset_packets;
 
 #endif  // NET_QUIC_QUIC_FLAGS_H_
diff --git a/chromium/net/quic/quic_flow_controller_test.cc b/chromium/net/quic/quic_flow_controller_test.cc
index 96b157dd525..f2f6117aa6e 100644
--- a/chromium/net/quic/quic_flow_controller_test.cc
+++ b/chromium/net/quic/quic_flow_controller_test.cc
@@ -4,6 +4,8 @@
 
 #include "net/quic/quic_flow_controller.h"
 
+#include <memory>
+
 #include "base/format_macros.h"
 #include "base/strings/stringprintf.h"
 #include "net/quic/quic_flags.h"
@@ -29,7 +31,7 @@ class QuicFlowControllerTest : public ::testing::Test {
       : stream_id_(1234),
         send_window_(kInitialSessionFlowControlWindowForTest),
         receive_window_(kInitialSessionFlowControlWindowForTest),
-        connection_(&helper_, Perspective::IS_CLIENT) {}
+        connection_(&helper_, &alarm_factory_, Perspective::IS_CLIENT) {}
 
   void Initialize() {
     flow_controller_.reset(
@@ -41,9 +43,10 @@ class QuicFlowControllerTest : public ::testing::Test {
   QuicStreamId stream_id_;
   QuicByteCount send_window_;
   QuicByteCount receive_window_;
-  scoped_ptr<QuicFlowController> flow_controller_;
-  MockConnectionHelper helper_;
-  MockConnection connection_;
+  std::unique_ptr<QuicFlowController> flow_controller_;
+  MockQuicConnectionHelper helper_;
+  MockAlarmFactory alarm_factory_;
+  MockQuicConnection connection_;
 };
 
 TEST_F(QuicFlowControllerTest, SendingBytes) {
@@ -153,7 +156,7 @@ TEST_F(QuicFlowControllerTest, OnlySendBlockedFrameOncePerOffset) {
 }
 
 TEST_F(QuicFlowControllerTest, ReceivingBytesFastIncreasesFlowWindow) {
-  ValueRestore<bool> old_flag(&FLAGS_quic_auto_tune_receive_window, true);
+  FLAGS_quic_auto_tune_receive_window = true;
   // This test will generate two WINDOW_UPDATE frames.
   EXPECT_CALL(connection_, SendWindowUpdate(stream_id_, ::testing::_)).Times(2);
 
@@ -166,7 +169,7 @@ TEST_F(QuicFlowControllerTest, ReceivingBytesFastIncreasesFlowWindow) {
   QuicSentPacketManager* manager =
       QuicConnectionPeer::GetSentPacketManager(&connection_);
 
-  RttStats* rtt_stats = QuicSentPacketManagerPeer::GetRttStats(manager);
+  RttStats* rtt_stats = const_cast<RttStats*>(manager->GetRttStats());
   rtt_stats->UpdateRtt(QuicTime::Delta::FromMilliseconds(kRtt),
                        QuicTime::Delta::Zero(), QuicTime::Zero());
 
@@ -207,7 +210,7 @@ TEST_F(QuicFlowControllerTest, ReceivingBytesFastIncreasesFlowWindow) {
 }
 
 TEST_F(QuicFlowControllerTest, ReceivingBytesFastStatusQuo) {
-  ValueRestore<bool> old_flag(&FLAGS_quic_auto_tune_receive_window, false);
+  FLAGS_quic_auto_tune_receive_window = false;
   // This test will generate two WINDOW_UPDATE frames.
   EXPECT_CALL(connection_, SendWindowUpdate(stream_id_, ::testing::_)).Times(2);
 
@@ -220,7 +223,7 @@ TEST_F(QuicFlowControllerTest, ReceivingBytesFastStatusQuo) {
   QuicSentPacketManager* manager =
       QuicConnectionPeer::GetSentPacketManager(&connection_);
 
-  RttStats* rtt_stats = QuicSentPacketManagerPeer::GetRttStats(manager);
+  RttStats* rtt_stats = const_cast<RttStats*>(manager->GetRttStats());
   rtt_stats->UpdateRtt(QuicTime::Delta::FromMilliseconds(kRtt),
                        QuicTime::Delta::Zero(), QuicTime::Zero());
 
@@ -261,7 +264,7 @@ TEST_F(QuicFlowControllerTest, ReceivingBytesFastStatusQuo) {
 }
 
 TEST_F(QuicFlowControllerTest, ReceivingBytesNormalStableFlowWindow) {
-  ValueRestore<bool> old_flag(&FLAGS_quic_auto_tune_receive_window, true);
+  FLAGS_quic_auto_tune_receive_window = true;
   // This test will generate two WINDOW_UPDATE frames.
   EXPECT_CALL(connection_, SendWindowUpdate(stream_id_, ::testing::_)).Times(2);
 
@@ -273,7 +276,7 @@ TEST_F(QuicFlowControllerTest, ReceivingBytesNormalStableFlowWindow) {
 
   QuicSentPacketManager* manager =
       QuicConnectionPeer::GetSentPacketManager(&connection_);
-  RttStats* rtt_stats = QuicSentPacketManagerPeer::GetRttStats(manager);
+  RttStats* rtt_stats = const_cast<RttStats*>(manager->GetRttStats());
   rtt_stats->UpdateRtt(QuicTime::Delta::FromMilliseconds(kRtt),
                        QuicTime::Delta::Zero(), QuicTime::Zero());
 
@@ -317,7 +320,7 @@ TEST_F(QuicFlowControllerTest, ReceivingBytesNormalStableFlowWindow) {
 }
 
 TEST_F(QuicFlowControllerTest, ReceivingBytesNormalStatusQuo) {
-  ValueRestore<bool> old_flag(&FLAGS_quic_auto_tune_receive_window, false);
+  FLAGS_quic_auto_tune_receive_window = false;
   // This test will generate two WINDOW_UPDATE frames.
   EXPECT_CALL(connection_, SendWindowUpdate(stream_id_, ::testing::_)).Times(2);
 
@@ -329,7 +332,7 @@ TEST_F(QuicFlowControllerTest, ReceivingBytesNormalStatusQuo) {
 
   QuicSentPacketManager* manager =
       QuicConnectionPeer::GetSentPacketManager(&connection_);
-  RttStats* rtt_stats = QuicSentPacketManagerPeer::GetRttStats(manager);
+  RttStats* rtt_stats = const_cast<RttStats*>(manager->GetRttStats());
   rtt_stats->UpdateRtt(QuicTime::Delta::FromMilliseconds(kRtt),
                        QuicTime::Delta::Zero(), QuicTime::Zero());
 
diff --git a/chromium/net/quic/quic_framer.cc b/chromium/net/quic/quic_framer.cc
index 3d3e36f2c23..cb32e3d5021 100644
--- a/chromium/net/quic/quic_framer.cc
+++ b/chromium/net/quic/quic_framer.cc
@@ -4,7 +4,9 @@
 
 #include "net/quic/quic_framer.h"
 
-#include <stdint.h>
+#include <cstdint>
+#include <memory>
+#include <vector>
 
 #include "base/compiler_specific.h"
 #include "base/logging.h"
@@ -38,9 +40,6 @@ const QuicPacketNumber k4ByteSequenceNumberMask = UINT64_C(0x00000000FFFFFFFF);
 const QuicPacketNumber k2ByteSequenceNumberMask = UINT64_C(0x000000000000FFFF);
 const QuicPacketNumber k1ByteSequenceNumberMask = UINT64_C(0x00000000000000FF);
 
-const QuicConnectionId k1ByteConnectionIdMask = UINT64_C(0x00000000000000FF);
-const QuicConnectionId k4ByteConnectionIdMask = UINT64_C(0x00000000FFFFFFFF);
-
 // Number of bits the packet number length bits are shifted from the right
 // edge of the public header.
 const uint8_t kPublicHeaderSequenceNumberShift = 4;
@@ -97,6 +96,9 @@ const uint8_t kQuicAckTruncatedMask = 0x01;
 
 // Acks may not have any nacks.
 const uint8_t kQuicHasNacksMask = 0x01;
+// Acks may have only one ack block.
+const uint8_t kQuicHasMultipleAckBlocksMask = 0x01;
+const uint8_t kQuicHasMultipleAckBlocksShift = 1;
 
 // Returns the absolute value of the difference between |a| and |b|.
 QuicPacketNumber Delta(QuicPacketNumber a, QuicPacketNumber b) {
@@ -167,21 +169,25 @@ size_t QuicFramer::GetMinStreamFrameSize(QuicStreamId stream_id,
 
 // static
 size_t QuicFramer::GetMinAckFrameSize(
+    QuicVersion version,
     QuicPacketNumberLength largest_observed_length) {
-  return kQuicFrameTypeSize + kQuicEntropyHashSize + largest_observed_length +
-         kQuicDeltaTimeLargestObservedSize;
+  size_t min_size = kQuicFrameTypeSize + largest_observed_length +
+                    kQuicDeltaTimeLargestObservedSize;
+  if (version <= QUIC_VERSION_33) {
+    return min_size + kQuicEntropyHashSize;
+  }
+  return min_size + kQuicNumTimestampsSize;
 }
 
 // static
 size_t QuicFramer::GetStopWaitingFrameSize(
+    QuicVersion version,
     QuicPacketNumberLength packet_number_length) {
-  return kQuicFrameTypeSize + kQuicEntropyHashSize + packet_number_length;
-}
-
-// static
-size_t QuicFramer::GetMinRstStreamFrameSize() {
-  return kQuicFrameTypeSize + kQuicMaxStreamIdSize + kQuicMaxStreamOffsetSize +
-         kQuicErrorCodeSize + kQuicErrorDetailsLengthSize;
+  size_t min_size = kQuicFrameTypeSize + packet_number_length;
+  if (version <= QUIC_VERSION_33) {
+    return min_size + kQuicEntropyHashSize;
+  }
+  return min_size;
 }
 
 // static
@@ -280,9 +286,18 @@ size_t QuicFramer::GetSerializedFrameLength(
     return 0;
   }
   if (frame.type == PADDING_FRAME) {
-    // PADDING implies end of packet.
-    return free_bytes;
+    if (frame.padding_frame.num_padding_bytes == -1) {
+      // Full padding to the end of the packet.
+      return free_bytes;
+    } else {
+      // Lite padding.
+      return free_bytes <
+                     static_cast<size_t>(frame.padding_frame.num_padding_bytes)
+                 ? free_bytes
+                 : frame.padding_frame.num_padding_bytes;
+    }
   }
+
   size_t frame_len =
       ComputeFrameLength(frame, last_frame, packet_number_length);
   if (frame_len <= free_bytes) {
@@ -296,7 +311,8 @@ size_t QuicFramer::GetSerializedFrameLength(
   }
   bool can_truncate =
       frame.type == ACK_FRAME &&
-      free_bytes >= GetMinAckFrameSize(PACKET_6BYTE_PACKET_NUMBER);
+      free_bytes >=
+          GetMinAckFrameSize(quic_version_, PACKET_6BYTE_PACKET_NUMBER);
   if (can_truncate) {
     // Truncate the frame so the packet will not exceed kMaxPacketSize.
     // Note that we may not use every byte of the writer in this case.
@@ -312,6 +328,21 @@ QuicFramer::AckFrameInfo::AckFrameInfo(const AckFrameInfo& other) = default;
 
 QuicFramer::AckFrameInfo::~AckFrameInfo() {}
 
+QuicFramer::AckBlock::AckBlock(uint8_t gap, QuicPacketNumber length)
+    : gap(gap), length(length) {}
+
+QuicFramer::AckBlock::AckBlock(const AckBlock& other) = default;
+
+QuicFramer::AckBlock::~AckBlock() {}
+
+QuicFramer::NewAckFrameInfo::NewAckFrameInfo()
+    : max_block_length(0), first_block_length(0) {}
+
+QuicFramer::NewAckFrameInfo::NewAckFrameInfo(const NewAckFrameInfo& other) =
+    default;
+
+QuicFramer::NewAckFrameInfo::~NewAckFrameInfo() {}
+
 // static
 QuicPacketEntropyHash QuicFramer::GetPacketEntropyHash(
     const QuicPacketHeader& header) {
@@ -349,9 +380,16 @@ size_t QuicFramer::BuildDataPacket(const QuicPacketHeader& header,
         }
         break;
       case ACK_FRAME:
-        if (!AppendAckFrameAndTypeByte(header, *frame.ack_frame, &writer)) {
-          QUIC_BUG << "AppendAckFrameAndTypeByte failed";
-          return 0;
+        if (quic_version_ <= QUIC_VERSION_33) {
+          if (!AppendAckFrameAndTypeByte(header, *frame.ack_frame, &writer)) {
+            QUIC_BUG << "AppendAckFrameAndTypeByte failed";
+            return 0;
+          }
+        } else {
+          if (!AppendNewAckFrameAndTypeByte(*frame.ack_frame, &writer)) {
+            QUIC_BUG << "AppendNewAckFrameAndTypeByte failed";
+            return 0;
+          }
         }
         break;
       case STOP_WAITING_FRAME:
@@ -436,11 +474,15 @@ QuicEncryptedPacket* QuicFramer::BuildPublicResetPacket(
 
   size_t len =
       kPublicFlagsSize + PACKET_8BYTE_CONNECTION_ID + reset_serialized.length();
-  scoped_ptr<char[]> buffer(new char[len]);
+  std::unique_ptr<char[]> buffer(new char[len]);
   QuicDataWriter writer(len, buffer.get());
 
   uint8_t flags = static_cast<uint8_t>(PACKET_PUBLIC_FLAGS_RST |
                                        PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID);
+  if (FLAGS_quic_use_old_public_reset_packets) {
+    // TODO(rch): Remove this QUIC_VERSION_32 is retired.
+    flags |= static_cast<uint8_t>(PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID_OLD);
+  }
   if (!writer.WriteUInt8(flags)) {
     return nullptr;
   }
@@ -462,11 +504,13 @@ QuicEncryptedPacket* QuicFramer::BuildVersionNegotiationPacket(
     const QuicVersionVector& versions) {
   DCHECK(!versions.empty());
   size_t len = GetVersionNegotiationPacketSize(versions.size());
-  scoped_ptr<char[]> buffer(new char[len]);
+  std::unique_ptr<char[]> buffer(new char[len]);
   QuicDataWriter writer(len, buffer.get());
 
-  uint8_t flags = static_cast<uint8_t>(PACKET_PUBLIC_FLAGS_VERSION |
-                                       PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID);
+  uint8_t flags = static_cast<uint8_t>(
+      PACKET_PUBLIC_FLAGS_VERSION | PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID |
+      // TODO(rch): Remove this QUIC_VERSION_32 is retired.
+      PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID_OLD);
   if (!writer.WriteUInt8(flags)) {
     return nullptr;
   }
@@ -524,7 +568,7 @@ bool QuicFramer::ProcessPacket(const QuicEncryptedPacket& packet) {
     rv = ProcessDataPacket(&reader, public_header, packet, buffer,
                            kMaxPacketSize);
   } else {
-    scoped_ptr<char[]> large_buffer(new char[packet.length()]);
+    std::unique_ptr<char[]> large_buffer(new char[packet.length()]);
     rv = ProcessDataPacket(&reader, public_header, packet, large_buffer.get(),
                            packet.length());
     QUIC_BUG_IF(rv) << "QUIC should never successfully process packets larger"
@@ -571,11 +615,17 @@ bool QuicFramer::ProcessDataPacket(QuicDataReader* encrypted_reader,
   }
 
   QuicDataReader reader(decrypted_buffer, decrypted_length);
-  if (!ProcessAuthenticatedHeader(&reader, &header)) {
-    DLOG(WARNING) << "Unable to process packet header.  Stopping parsing.";
-    return false;
+  if (quic_version_ <= QUIC_VERSION_33) {
+    if (!ProcessAuthenticatedHeader(&reader, &header)) {
+      DLOG(WARNING) << "Unable to process packet header.  Stopping parsing.";
+      return false;
+    }
   }
 
+  // Set the last packet number after we have decrypted the packet
+  // so we are confident is not attacker controlled.
+  SetLastPacketNumber(header);
+
   if (!visitor_->OnPacketHeader(header)) {
     // The visitor suppresses further processing of the packet.
     return true;
@@ -604,7 +654,7 @@ bool QuicFramer::ProcessPublicResetPacket(
     const QuicPacketPublicHeader& public_header) {
   QuicPublicResetPacket packet(public_header);
 
-  scoped_ptr<CryptoHandshakeMessage> reset(
+  std::unique_ptr<CryptoHandshakeMessage> reset(
       CryptoFramer::ParseMessage(reader->ReadRemainingPayload()));
   if (!reset.get()) {
     set_detailed_error("Unable to read reset message.");
@@ -652,6 +702,11 @@ bool QuicFramer::AppendPacketHeader(const QuicPacketHeader& header,
       GetSequenceNumberFlags(header.public_header.packet_number_length)
       << kPublicHeaderSequenceNumberShift;
 
+  if (header.public_header.nonce != nullptr) {
+    DCHECK_EQ(Perspective::IS_SERVER, perspective_);
+    public_flags |= PACKET_PUBLIC_FLAGS_NONCE;
+  }
+
   switch (header.public_header.connection_id_length) {
     case PACKET_0BYTE_CONNECTION_ID:
       if (!writer->WriteUInt8(public_flags |
@@ -659,32 +714,19 @@ bool QuicFramer::AppendPacketHeader(const QuicPacketHeader& header,
         return false;
       }
       break;
-    case PACKET_1BYTE_CONNECTION_ID:
-      if (!writer->WriteUInt8(public_flags |
-                              PACKET_PUBLIC_FLAGS_1BYTE_CONNECTION_ID)) {
-        return false;
-      }
-      if (!writer->WriteUInt8(header.public_header.connection_id &
-                              k1ByteConnectionIdMask)) {
-        return false;
-      }
-      break;
-    case PACKET_4BYTE_CONNECTION_ID:
-      if (!writer->WriteUInt8(public_flags |
-                              PACKET_PUBLIC_FLAGS_4BYTE_CONNECTION_ID)) {
-        return false;
-      }
-      if (!writer->WriteUInt32(header.public_header.connection_id &
-                               k4ByteConnectionIdMask)) {
-        return false;
-      }
-      break;
     case PACKET_8BYTE_CONNECTION_ID:
-      if (!writer->WriteUInt8(public_flags |
-                              PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID)) {
-        return false;
+      if (quic_version_ > QUIC_VERSION_32) {
+        public_flags |= PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID;
+        if (perspective_ == Perspective::IS_CLIENT) {
+          // TODO(rch): Fix this when v33 flags are supported by middle boxes.
+          public_flags |= PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID_OLD;
+        }
+
+      } else {
+        public_flags |= PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID_OLD;
       }
-      if (!writer->WriteUInt64(header.public_header.connection_id)) {
+      if (!writer->WriteUInt8(public_flags) ||
+          !writer->WriteUInt64(header.public_header.connection_id)) {
         return false;
       }
       break;
@@ -704,10 +746,19 @@ bool QuicFramer::AppendPacketHeader(const QuicPacketHeader& header,
     return false;
   }
 
+  if (header.public_header.nonce != nullptr &&
+      !writer->WriteBytes(header.public_header.nonce,
+                          kDiversificationNonceSize)) {
+    return false;
+  }
+
   if (!AppendPacketSequenceNumber(header.public_header.packet_number_length,
                                   header.packet_number, writer)) {
     return false;
   }
+  if (quic_version_ > QUIC_VERSION_33) {
+    return true;
+  }
 
   uint8_t private_flags = 0;
   if (header.entropy_flag) {
@@ -764,6 +815,18 @@ bool QuicFramer::IsValidPath(QuicPathId path_id,
   return true;
 }
 
+void QuicFramer::SetLastPacketNumber(const QuicPacketHeader& header) {
+  if (header.public_header.multipath_flag && header.path_id != last_path_id_) {
+    if (last_path_id_ != kInvalidPathId) {
+      // Save current last packet number before changing path.
+      last_packet_numbers_[last_path_id_] = last_packet_number_;
+    }
+    // Change path.
+    last_path_id_ = header.path_id;
+  }
+  last_packet_number_ = header.packet_number;
+}
+
 void QuicFramer::OnPathClosed(QuicPathId path_id) {
   closed_paths_.insert(path_id);
   last_packet_numbers_.erase(path_id);
@@ -826,42 +889,6 @@ bool QuicFramer::ProcessPublicHeader(QuicDataReader* reader,
       }
       public_header->connection_id_length = PACKET_8BYTE_CONNECTION_ID;
       break;
-    case PACKET_PUBLIC_FLAGS_4BYTE_CONNECTION_ID:
-      // If the connection_id is truncated, expect to read the last serialized
-      // connection_id.
-      if (!reader->ReadBytes(&public_header->connection_id,
-                             PACKET_4BYTE_CONNECTION_ID)) {
-        set_detailed_error("Unable to read ConnectionId.");
-        return false;
-      }
-      if (last_serialized_connection_id_ &&
-          (public_header->connection_id & k4ByteConnectionIdMask) !=
-              (last_serialized_connection_id_ & k4ByteConnectionIdMask)) {
-        set_detailed_error(
-            "Truncated 4 byte ConnectionId does not match "
-            "previous connection_id.");
-        return false;
-      }
-      public_header->connection_id_length = PACKET_4BYTE_CONNECTION_ID;
-      public_header->connection_id = last_serialized_connection_id_;
-      break;
-    case PACKET_PUBLIC_FLAGS_1BYTE_CONNECTION_ID:
-      if (!reader->ReadBytes(&public_header->connection_id,
-                             PACKET_1BYTE_CONNECTION_ID)) {
-        set_detailed_error("Unable to read ConnectionId.");
-        return false;
-      }
-      if (last_serialized_connection_id_ &&
-          (public_header->connection_id & k1ByteConnectionIdMask) !=
-              (last_serialized_connection_id_ & k1ByteConnectionIdMask)) {
-        set_detailed_error(
-            "Truncated 1 byte ConnectionId does not match "
-            "previous connection_id.");
-        return false;
-      }
-      public_header->connection_id_length = PACKET_1BYTE_CONNECTION_ID;
-      public_header->connection_id = last_serialized_connection_id_;
-      break;
     case PACKET_PUBLIC_FLAGS_0BYTE_CONNECTION_ID:
       public_header->connection_id_length = PACKET_0BYTE_CONNECTION_ID;
       public_header->connection_id = last_serialized_connection_id_;
@@ -891,6 +918,29 @@ bool QuicFramer::ProcessPublicHeader(QuicDataReader* reader,
     }
     public_header->versions.push_back(version);
   }
+
+  // A nonce should only be present in packets from the server to the client,
+  // which are neither version negotiation nor public reset packets
+  // and only for versions after QUIC_VERSION_32. Earlier versions will
+  // set this bit when indicating an 8-byte connection ID, which should
+  // not be interpreted as indicating a nonce is present.
+  if (quic_version_ > QUIC_VERSION_32 &&
+      public_flags & PACKET_PUBLIC_FLAGS_NONCE &&
+      !(public_flags & PACKET_PUBLIC_FLAGS_VERSION) &&
+      !(public_flags & PACKET_PUBLIC_FLAGS_RST) &&
+      // The nonce flag from a client is ignored and is assumed to be an older
+      // client indicating an eight-byte connection ID.
+      perspective_ == Perspective::IS_CLIENT) {
+    if (!reader->ReadBytes(reinterpret_cast<uint8_t*>(last_nonce_),
+                           sizeof(last_nonce_))) {
+      set_detailed_error("Unable to read nonce.");
+      return false;
+    }
+    public_header->nonce = &last_nonce_;
+  } else {
+    public_header->nonce = nullptr;
+  }
+
   return true;
 }
 
@@ -930,17 +980,17 @@ uint8_t QuicFramer::GetSequenceNumberFlags(
 QuicFramer::AckFrameInfo QuicFramer::GetAckFrameInfo(
     const QuicAckFrame& frame) {
   AckFrameInfo ack_info;
-  if (frame.missing_packets.Empty()) {
+  if (frame.packets.Empty()) {
     return ack_info;
   }
-  DCHECK_GE(frame.largest_observed, frame.missing_packets.Max());
+  DCHECK_GE(frame.largest_observed, frame.packets.Max());
   size_t cur_range_length = 0;
-  PacketNumberQueue::const_iterator iter = frame.missing_packets.begin();
+  PacketNumberQueue::const_iterator iter = frame.packets.begin();
   // TODO(jdorfman): Switch this logic to use the intervals in PacketNumberQueue
   // instead of reconstructing them from the sequence.
   QuicPacketNumber last_missing = *iter;
   ++iter;
-  for (; iter != frame.missing_packets.end(); ++iter) {
+  for (; iter != frame.packets.end(); ++iter) {
     if (cur_range_length < numeric_limits<uint8_t>::max() &&
         *iter == (last_missing + 1)) {
       ++cur_range_length;
@@ -961,6 +1011,49 @@ QuicFramer::AckFrameInfo QuicFramer::GetAckFrameInfo(
   return ack_info;
 }
 
+// static
+QuicFramer::NewAckFrameInfo QuicFramer::GetNewAckFrameInfo(
+    const QuicAckFrame& frame) {
+  NewAckFrameInfo new_ack_info;
+  if (frame.packets.Empty()) {
+    return new_ack_info;
+  }
+  uint64_t cur_range_length = 1;
+  PacketNumberQueue::const_iterator iter = frame.packets.begin();
+  QuicPacketNumber last_received = *iter;
+  ++iter;
+  for (; iter != frame.packets.end(); ++iter) {
+    if (*iter == (last_received + 1)) {
+      ++cur_range_length;
+    } else {
+      size_t total_gap = *iter - last_received - 1;
+      size_t num_blocks = static_cast<size_t>(ceil(
+          static_cast<double>(total_gap) / numeric_limits<uint8_t>::max()));
+      uint8_t last_gap = static_cast<uint8_t>(
+          total_gap - (num_blocks - 1) * numeric_limits<uint8_t>::max());
+      for (size_t i = 0; i < num_blocks; ++i) {
+        if (i == 0) {
+          new_ack_info.ack_blocks.push_back(
+              AckBlock(last_gap, cur_range_length));
+        } else {
+          // Add an ack block of length 0 because there are more than 255
+          // missing packets in a row.
+          new_ack_info.ack_blocks.push_back(
+              AckBlock(numeric_limits<uint8_t>::max(), 0));
+        }
+      }
+      new_ack_info.max_block_length =
+          max(new_ack_info.max_block_length, cur_range_length);
+      cur_range_length = 1;
+    }
+    last_received = *iter;
+  }
+  new_ack_info.first_block_length = cur_range_length;
+  new_ack_info.max_block_length =
+      max(new_ack_info.max_block_length, new_ack_info.first_block_length);
+  return new_ack_info;
+}
+
 bool QuicFramer::ProcessUnauthenticatedHeader(QuicDataReader* encrypted_reader,
                                               QuicPacketHeader* header) {
   header->path_id = kDefaultPathId;
@@ -1036,18 +1129,6 @@ bool QuicFramer::ProcessAuthenticatedHeader(QuicDataReader* reader,
   }
 
   header->entropy_hash = GetPacketEntropyHash(*header);
-  // Set the last packet number after we have decrypted the packet
-  // so we are confident is not attacker controlled.
-  if (header->public_header.multipath_flag &&
-      header->path_id != last_path_id_) {
-    if (last_path_id_ != kInvalidPathId) {
-      // Save current last packet number before changing path.
-      last_packet_numbers_[last_path_id_] = last_packet_number_;
-    }
-    // Change path.
-    last_path_id_ = header->path_id;
-  }
-  last_packet_number_ = header->packet_number;
   return true;
 }
 
@@ -1107,8 +1188,14 @@ bool QuicFramer::ProcessFrameData(QuicDataReader* reader,
       // Ack Frame
       if (frame_type & kQuicFrameTypeAckMask) {
         QuicAckFrame frame;
-        if (!ProcessAckFrame(reader, frame_type, &frame)) {
-          return RaiseError(QUIC_INVALID_ACK_DATA);
+        if (quic_version_ <= QUIC_VERSION_33) {
+          if (!ProcessAckFrame(reader, frame_type, &frame)) {
+            return RaiseError(QUIC_INVALID_ACK_DATA);
+          }
+        } else {
+          if (!ProcessNewAckFrame(reader, frame_type, &frame)) {
+            return RaiseError(QUIC_INVALID_ACK_DATA);
+          }
         }
         if (!visitor_->OnAckFrame(frame)) {
           DVLOG(1) << "Visitor asked to stop further processing.";
@@ -1126,9 +1213,14 @@ bool QuicFramer::ProcessFrameData(QuicDataReader* reader,
     }
 
     switch (frame_type) {
-      case PADDING_FRAME:
+      case PADDING_FRAME: {
+        QuicPaddingFrame frame(reader->BytesRemaining());
+        if (!visitor_->OnPaddingFrame(frame)) {
+          DVLOG(1) << "Visitor asked to stop further processing.";
+        }
         // We're done with the packet.
         return true;
+      }
 
       case RST_STREAM_FRAME: {
         QuicRstStreamFrame frame;
@@ -1290,8 +1382,8 @@ bool QuicFramer::ProcessStreamFrame(QuicDataReader* reader,
       return false;
     }
   }
-  frame->frame_buffer = data.data();
-  frame->frame_length = static_cast<uint16_t>(data.length());
+  frame->data_buffer = data.data();
+  frame->data_length = static_cast<uint16_t>(data.length());
 
   return true;
 }
@@ -1362,8 +1454,8 @@ bool QuicFramer::ProcessAckFrame(QuicDataReader* reader,
       set_detailed_error("Unable to read missing packet number range.");
       return false;
     }
-    ack_frame->missing_packets.Add(last_packet_number - range_length,
-                                   last_packet_number + 1);
+    ack_frame->packets.Add(last_packet_number - range_length,
+                           last_packet_number + 1);
     // Subtract an extra 1 to ensure ranges are represented efficiently and
     // can't overlap by 1 packet number.  This allows a missing_delta of 0
     // to represent an adjacent nack range.
@@ -1394,6 +1486,83 @@ bool QuicFramer::ProcessAckFrame(QuicDataReader* reader,
   return true;
 }
 
+bool QuicFramer::ProcessNewAckFrame(QuicDataReader* reader,
+                                    uint8_t frame_type,
+                                    QuicAckFrame* ack_frame) {
+  // Determine the two lengths from the frame type: largest acked length,
+  // ack block length.
+  const QuicPacketNumberLength ack_block_length =
+      ReadSequenceNumberLength(frame_type);
+  frame_type >>= kQuicSequenceNumberLengthShift;
+  const QuicPacketNumberLength largest_acked_length =
+      ReadSequenceNumberLength(frame_type);
+  frame_type >>= kQuicSequenceNumberLengthShift;
+  frame_type >>= kQuicHasMultipleAckBlocksShift;
+  bool has_ack_blocks = frame_type & kQuicHasMultipleAckBlocksMask;
+  ack_frame->missing = false;
+
+  if (!reader->ReadBytes(&ack_frame->largest_observed, largest_acked_length)) {
+    set_detailed_error("Unable to read largest acked.");
+    return false;
+  }
+
+  uint64_t ack_delay_time_us;
+  if (!reader->ReadUFloat16(&ack_delay_time_us)) {
+    set_detailed_error("Unable to read ack delay time.");
+    return false;
+  }
+
+  if (ack_delay_time_us == kUFloat16MaxValue) {
+    ack_frame->ack_delay_time = QuicTime::Delta::Infinite();
+  } else {
+    ack_frame->ack_delay_time =
+        QuicTime::Delta::FromMicroseconds(ack_delay_time_us);
+  }
+
+  uint8_t num_ack_blocks = 0;
+  if (has_ack_blocks) {
+    if (!reader->ReadBytes(&num_ack_blocks, 1)) {
+      set_detailed_error("Unable to read num of ack blocks.");
+      return false;
+    }
+  }
+
+  size_t first_block_length = 0;
+  if (!reader->ReadBytes(&first_block_length, ack_block_length)) {
+    set_detailed_error("Unable to read first ack block length.");
+    return false;
+  }
+  QuicPacketNumber first_received =
+      ack_frame->largest_observed + 1 - first_block_length;
+  ack_frame->packets.Add(first_received, ack_frame->largest_observed + 1);
+
+  if (num_ack_blocks > 0) {
+    for (size_t i = 0; i < num_ack_blocks; ++i) {
+      size_t gap = 0;
+      if (!reader->ReadBytes(&gap, PACKET_1BYTE_PACKET_NUMBER)) {
+        set_detailed_error("Unable to read gap to next ack block.");
+        return false;
+      }
+      size_t current_block_length = 0;
+      if (!reader->ReadBytes(&current_block_length, ack_block_length)) {
+        set_detailed_error("Unable to ack block length.");
+        return false;
+      }
+      first_received -= (gap + current_block_length);
+      if (current_block_length > 0) {
+        ack_frame->packets.Add(first_received,
+                               first_received + current_block_length);
+      }
+    }
+  }
+
+  if (!ProcessTimestampsInAckFrame(reader, ack_frame)) {
+    return false;
+  }
+
+  return true;
+}
+
 bool QuicFramer::ProcessTimestampsInAckFrame(QuicDataReader* reader,
                                              QuicAckFrame* ack_frame) {
   if (ack_frame->is_truncated) {
@@ -1458,9 +1627,11 @@ bool QuicFramer::ProcessTimestampsInAckFrame(QuicDataReader* reader,
 bool QuicFramer::ProcessStopWaitingFrame(QuicDataReader* reader,
                                          const QuicPacketHeader& header,
                                          QuicStopWaitingFrame* stop_waiting) {
-  if (!reader->ReadBytes(&stop_waiting->entropy_hash, 1)) {
-    set_detailed_error("Unable to read entropy hash for sent packets.");
-    return false;
+  if (quic_version_ <= QUIC_VERSION_33) {
+    if (!reader->ReadBytes(&stop_waiting->entropy_hash, 1)) {
+      set_detailed_error("Unable to read entropy hash for sent packets.");
+      return false;
+    }
   }
 
   QuicPacketNumber least_unacked_delta = 0;
@@ -1494,8 +1665,8 @@ bool QuicFramer::ProcessRstStreamFrame(QuicDataReader* reader,
   }
 
   if (error_code >= QUIC_STREAM_LAST_ERROR) {
-    set_detailed_error("Invalid rst stream error code.");
-    return false;
+    // Ignore invalid stream error code if any.
+    error_code = QUIC_STREAM_LAST_ERROR;
   }
 
   frame->error_code = static_cast<QuicRstStreamErrorCode>(error_code);
@@ -1511,8 +1682,8 @@ bool QuicFramer::ProcessConnectionCloseFrame(QuicDataReader* reader,
   }
 
   if (error_code >= QUIC_LAST_ERROR) {
-    set_detailed_error("Invalid error code.");
-    return false;
+    // Ignore invalid QUIC error code if any.
+    error_code = QUIC_LAST_ERROR;
   }
 
   frame->error_code = static_cast<QuicErrorCode>(error_code);
@@ -1534,12 +1705,12 @@ bool QuicFramer::ProcessGoAwayFrame(QuicDataReader* reader,
     set_detailed_error("Unable to read go away error code.");
     return false;
   }
-  frame->error_code = static_cast<QuicErrorCode>(error_code);
 
   if (error_code >= QUIC_LAST_ERROR) {
-    set_detailed_error("Invalid error code.");
-    return false;
+    // Ignore invalid QUIC error code if any.
+    error_code = QUIC_LAST_ERROR;
   }
+  frame->error_code = static_cast<QuicErrorCode>(error_code);
 
   uint32_t stream_id;
   if (!reader->ReadUInt32(&stream_id)) {
@@ -1595,16 +1766,19 @@ bool QuicFramer::ProcessPathCloseFrame(QuicDataReader* reader,
 
 // static
 StringPiece QuicFramer::GetAssociatedDataFromEncryptedPacket(
+    QuicVersion version,
     const QuicEncryptedPacket& encrypted,
     QuicConnectionIdLength connection_id_length,
     bool includes_version,
     bool includes_path_id,
+    bool includes_diversification_nonce,
     QuicPacketNumberLength packet_number_length) {
   // TODO(ianswett): This is identical to QuicData::AssociatedData.
   return StringPiece(
       encrypted.data(),
-      GetStartOfEncryptedData(connection_id_length, includes_version,
-                              includes_path_id, packet_number_length));
+      GetStartOfEncryptedData(version, connection_id_length, includes_version,
+                              includes_path_id, includes_diversification_nonce,
+                              packet_number_length));
 }
 
 void QuicFramer::SetDecrypter(EncryptionLevel level, QuicDecrypter* decrypter) {
@@ -1665,7 +1839,7 @@ size_t QuicFramer::EncryptPayload(EncryptionLevel level,
                                   size_t buffer_len) {
   DCHECK(encrypter_[level].get() != nullptr);
 
-  StringPiece associated_data = packet.AssociatedData();
+  StringPiece associated_data = packet.AssociatedData(quic_version_);
   // Copy in the header, because the encrypter only populates the encrypted
   // plaintext content.
   const size_t ad_len = associated_data.length();
@@ -1673,8 +1847,9 @@ size_t QuicFramer::EncryptPayload(EncryptionLevel level,
   // Encrypt the plaintext into the buffer.
   size_t output_length = 0;
   if (!encrypter_[level]->EncryptPacket(path_id, packet_number, associated_data,
-                                        packet.Plaintext(), buffer + ad_len,
-                                        &output_length, buffer_len - ad_len)) {
+                                        packet.Plaintext(quic_version_),
+                                        buffer + ad_len, &output_length,
+                                        buffer_len - ad_len)) {
     RaiseError(QUIC_ENCRYPTION_FAILURE);
     return 0;
   }
@@ -1708,15 +1883,31 @@ bool QuicFramer::DecryptPayload(QuicDataReader* encrypted_reader,
   StringPiece encrypted = encrypted_reader->ReadRemainingPayload();
   DCHECK(decrypter_.get() != nullptr);
   StringPiece associated_data = GetAssociatedDataFromEncryptedPacket(
-      packet, header.public_header.connection_id_length,
+      quic_version_, packet, header.public_header.connection_id_length,
       header.public_header.version_flag, header.public_header.multipath_flag,
+      header.public_header.nonce != nullptr,
       header.public_header.packet_number_length);
+
   bool success = decrypter_->DecryptPacket(
       header.path_id, header.packet_number, associated_data, encrypted,
       decrypted_buffer, decrypted_length, buffer_length);
   if (success) {
     visitor_->OnDecryptedPacket(decrypter_level_);
   } else if (alternative_decrypter_.get() != nullptr) {
+    if (header.public_header.nonce != nullptr) {
+      DCHECK_EQ(perspective_, Perspective::IS_CLIENT);
+      alternative_decrypter_->SetDiversificationNonce(
+          *header.public_header.nonce);
+    }
+    if (alternative_decrypter_level_ == ENCRYPTION_INITIAL) {
+      if (perspective_ == Perspective::IS_CLIENT &&
+          quic_version_ > QUIC_VERSION_32) {
+        DCHECK(header.public_header.nonce != nullptr);
+      } else {
+        DCHECK(header.public_header.nonce == nullptr);
+      }
+    }
+
     success = alternative_decrypter_->DecryptPacket(
         header.path_id, header.packet_number, associated_data, encrypted,
         decrypted_buffer, decrypted_length, buffer_length);
@@ -1747,41 +1938,64 @@ bool QuicFramer::DecryptPayload(QuicDataReader* encrypted_reader,
   return true;
 }
 
+size_t QuicFramer::GetAckFrameTimeStampSize(const QuicAckFrame& ack) {
+  if (ack.received_packet_times.empty()) {
+    return 0;
+  }
+
+  return 5 + 3 * (ack.received_packet_times.size() - 1);
+}
+
 size_t QuicFramer::GetAckFrameSize(
     const QuicAckFrame& ack,
     QuicPacketNumberLength packet_number_length) {
-  AckFrameInfo ack_info = GetAckFrameInfo(ack);
-  QuicPacketNumberLength largest_observed_length =
-      GetMinSequenceNumberLength(ack.largest_observed);
-  QuicPacketNumberLength missing_packet_number_length =
-      GetMinSequenceNumberLength(ack_info.max_delta);
-
-  size_t ack_size = GetMinAckFrameSize(largest_observed_length);
-  if (!ack_info.nack_ranges.empty()) {
-    ack_size += kNumberOfNackRangesSize;
-    if (quic_version_ <= QUIC_VERSION_31) {
-      ack_size += kNumberOfRevivedPacketsSize;
+  size_t ack_size = 0;
+  if (quic_version_ <= QUIC_VERSION_33) {
+    AckFrameInfo ack_info = GetAckFrameInfo(ack);
+    QuicPacketNumberLength largest_observed_length =
+        GetMinSequenceNumberLength(ack.largest_observed);
+    QuicPacketNumberLength missing_packet_number_length =
+        GetMinSequenceNumberLength(ack_info.max_delta);
+
+    ack_size = GetMinAckFrameSize(quic_version_, largest_observed_length);
+    if (!ack_info.nack_ranges.empty()) {
+      ack_size += kNumberOfNackRangesSize;
+      if (quic_version_ <= QUIC_VERSION_31) {
+        ack_size += kNumberOfRevivedPacketsSize;
+      }
+      ack_size += min(ack_info.nack_ranges.size(), kMaxNackRanges) *
+                  (missing_packet_number_length + PACKET_1BYTE_PACKET_NUMBER);
     }
-    ack_size += min(ack_info.nack_ranges.size(), kMaxNackRanges) *
-                (missing_packet_number_length + PACKET_1BYTE_PACKET_NUMBER);
-  }
-
-  // In version 23, if the ack will be truncated due to too many nack ranges,
-  // then do not include the number of timestamps (1 byte).
-  if (ack_info.nack_ranges.size() <= kMaxNackRanges) {
-    // 1 byte for the number of timestamps.
-    ack_size += 1;
-    if (ack.received_packet_times.size() > 0) {
-      // 1 byte for packet number, 4 bytes for timestamp for the first
-      // packet.
-      ack_size += 5;
-
-      // 1 byte for packet number, 2 bytes for timestamp for the other
-      // packets.
-      ack_size += 3 * (ack.received_packet_times.size() - 1);
+
+    // In version 23, if the ack will be truncated due to too many nack ranges,
+    // then do not include the number of timestamps (1 byte).
+    if (ack_info.nack_ranges.size() <= kMaxNackRanges) {
+      // 1 byte for the number of timestamps.
+      ack_size += 1;
+      ack_size += GetAckFrameTimeStampSize(ack);
     }
+
+    return ack_size;
   }
 
+  NewAckFrameInfo ack_info = GetNewAckFrameInfo(ack);
+  QuicPacketNumberLength largest_acked_length =
+      GetMinSequenceNumberLength(ack.largest_observed);
+  QuicPacketNumberLength ack_block_length =
+      GetMinSequenceNumberLength(ack_info.max_block_length);
+
+  ack_size = GetMinAckFrameSize(quic_version_, largest_acked_length);
+  // First ack block length.
+  ack_size += ack_block_length;
+  if (!ack_info.ack_blocks.empty()) {
+    ack_size += kNumberOfAckBlocksSize;
+    ack_size += min(ack_info.ack_blocks.size(), kMaxAckBlocks) *
+                (ack_block_length + PACKET_1BYTE_PACKET_NUMBER);
+  }
+
+  // Include timestamps.
+  ack_size += GetAckFrameTimeStampSize(ack);
+
   return ack_size;
 }
 
@@ -1794,12 +2008,12 @@ size_t QuicFramer::ComputeFrameLength(
       return GetMinStreamFrameSize(frame.stream_frame->stream_id,
                                    frame.stream_frame->offset,
                                    last_frame_in_packet) +
-             frame.stream_frame->frame_length;
+             frame.stream_frame->data_length;
     case ACK_FRAME: {
       return GetAckFrameSize(*frame.ack_frame, packet_number_length);
     }
     case STOP_WAITING_FRAME:
-      return GetStopWaitingFrameSize(packet_number_length);
+      return GetStopWaitingFrameSize(quic_version_, packet_number_length);
     case MTU_DISCOVERY_FRAME:
     // MTU discovery frames are serialized as ping frames.
     case PING_FRAME:
@@ -1914,14 +2128,14 @@ bool QuicFramer::AppendStreamFrame(const QuicStreamFrame& frame,
     return false;
   }
   if (!no_stream_frame_length) {
-    if ((frame.frame_length > numeric_limits<uint16_t>::max()) ||
-        !writer->WriteUInt16(static_cast<uint16_t>(frame.frame_length))) {
+    if ((frame.data_length > numeric_limits<uint16_t>::max()) ||
+        !writer->WriteUInt16(static_cast<uint16_t>(frame.data_length))) {
       QUIC_BUG << "Writing stream frame length failed";
       return false;
     }
   }
 
-  if (!writer->WriteBytes(frame.frame_buffer, frame.frame_length)) {
+  if (!writer->WriteBytes(frame.data_buffer, frame.data_length)) {
     QUIC_BUG << "Writing frame data failed.";
     return false;
   }
@@ -1943,9 +2157,9 @@ bool QuicFramer::AppendAckFrameAndTypeByte(const QuicPacketHeader& header,
   QuicPacketNumberLength missing_packet_number_length =
       GetMinSequenceNumberLength(ack_info.max_delta);
   // Determine whether we need to truncate ranges.
-  size_t available_range_bytes = writer->capacity() - writer->length() -
-                                 kNumberOfNackRangesSize -
-                                 GetMinAckFrameSize(largest_observed_length);
+  size_t available_range_bytes =
+      writer->capacity() - writer->length() - kNumberOfNackRangesSize -
+      GetMinAckFrameSize(quic_version_, largest_observed_length);
   if (quic_version_ <= QUIC_VERSION_31) {
     available_range_bytes -= kNumberOfRevivedPacketsSize;
   }
@@ -2068,6 +2282,118 @@ bool QuicFramer::AppendAckFrameAndTypeByte(const QuicPacketHeader& header,
   return true;
 }
 
+bool QuicFramer::AppendNewAckFrameAndTypeByte(const QuicAckFrame& frame,
+                                              QuicDataWriter* writer) {
+  NewAckFrameInfo new_ack_info = GetNewAckFrameInfo(frame);
+  QuicPacketNumber largest_acked = frame.largest_observed;
+  QuicPacketNumberLength largest_acked_length =
+      GetMinSequenceNumberLength(largest_acked);
+  QuicPacketNumberLength ack_block_length =
+      GetMinSequenceNumberLength(new_ack_info.max_block_length);
+  // Calculate available bytes for timestamps and ack blocks.
+  int32_t available_timestamp_and_ack_block_bytes =
+      writer->capacity() - writer->length() - ack_block_length -
+      GetMinAckFrameSize(quic_version_, largest_acked_length) -
+      (!new_ack_info.ack_blocks.empty() ? kNumberOfAckBlocksSize : 0);
+  DCHECK_LE(0, available_timestamp_and_ack_block_bytes);
+
+  // Write out the type byte by setting the low order bits and doing shifts
+  // to make room for the next bit flags to be set.
+  // Whether there are multiple ack blocks.
+  uint8_t type_byte =
+      new_ack_info.ack_blocks.empty() ? 0 : kQuicHasMultipleAckBlocksMask;
+  type_byte <<= kQuicHasMultipleAckBlocksShift;
+
+  // Largest acked length.
+  type_byte <<= kQuicSequenceNumberLengthShift;
+  type_byte |= GetSequenceNumberFlags(largest_acked_length);
+
+  // Ack block length.
+  type_byte <<= kQuicSequenceNumberLengthShift;
+  type_byte |= GetSequenceNumberFlags(ack_block_length);
+
+  type_byte |= kQuicFrameTypeAckMask;
+
+  if (!writer->WriteUInt8(type_byte)) {
+    return false;
+  }
+
+  // Largest acked.
+  if (!AppendPacketSequenceNumber(largest_acked_length, largest_acked,
+                                  writer)) {
+    return false;
+  }
+
+  // Largest acked delta time.
+  uint64_t ack_delay_time_us = kUFloat16MaxValue;
+  if (!frame.ack_delay_time.IsInfinite()) {
+    DCHECK_LE(0u, frame.ack_delay_time.ToMicroseconds());
+    ack_delay_time_us = frame.ack_delay_time.ToMicroseconds();
+  }
+  if (!writer->WriteUFloat16(ack_delay_time_us)) {
+    return false;
+  }
+
+  size_t max_num_ack_blocks = available_timestamp_and_ack_block_bytes /
+                              (ack_block_length + PACKET_1BYTE_PACKET_NUMBER);
+
+  // Number of ack blocks.
+  size_t num_ack_blocks =
+      min(new_ack_info.ack_blocks.size(), max_num_ack_blocks);
+  if (num_ack_blocks > numeric_limits<uint8_t>::max()) {
+    num_ack_blocks = numeric_limits<uint8_t>::max();
+  }
+
+  if (num_ack_blocks > 0) {
+    if (!writer->WriteBytes(&num_ack_blocks, 1)) {
+      return false;
+    }
+  }
+
+  // First ack block length.
+  if (!AppendPacketSequenceNumber(ack_block_length,
+                                  new_ack_info.first_block_length, writer)) {
+    return false;
+  }
+
+  // Ack blocks.
+  if (num_ack_blocks > 0) {
+    std::vector<AckBlock>::reverse_iterator iter =
+        new_ack_info.ack_blocks.rbegin();
+    size_t num_ack_blocks_written = 0;
+    for (; iter != new_ack_info.ack_blocks.rend(); ++iter) {
+      if (!AppendPacketSequenceNumber(PACKET_1BYTE_PACKET_NUMBER, iter->gap,
+                                      writer)) {
+        return false;
+      }
+      if (!AppendPacketSequenceNumber(ack_block_length, iter->length, writer)) {
+        return false;
+      }
+      if (++num_ack_blocks_written == num_ack_blocks) {
+        break;
+      }
+    }
+    DCHECK_EQ(num_ack_blocks, num_ack_blocks_written);
+  }
+
+  // Timestamps.
+  // If we don't have enough available space to append all the timestamps, don't
+  // append any of them.
+  if (writer->capacity() - writer->length() >=
+      GetAckFrameTimeStampSize(frame)) {
+    if (!AppendTimestampToAckFrame(frame, writer)) {
+      return false;
+    }
+  } else {
+    uint8_t num_received_packets = 0;
+    if (!writer->WriteBytes(&num_received_packets, 1)) {
+      return false;
+    }
+  }
+
+  return true;
+}
+
 bool QuicFramer::AppendTimestampToAckFrame(const QuicAckFrame& frame,
                                            QuicDataWriter* writer) {
   DCHECK_GE(numeric_limits<uint8_t>::max(), frame.received_packet_times.size());
@@ -2141,9 +2467,11 @@ bool QuicFramer::AppendStopWaitingFrame(const QuicPacketHeader& header,
       header.packet_number - frame.least_unacked;
   const QuicPacketNumber length_shift =
       header.public_header.packet_number_length * 8;
-  if (!writer->WriteUInt8(frame.entropy_hash)) {
-    QUIC_BUG << " hash failed";
-    return false;
+  if (quic_version_ <= QUIC_VERSION_33) {
+    if (!writer->WriteUInt8(frame.entropy_hash)) {
+      QUIC_BUG << " hash failed";
+      return false;
+    }
   }
 
   if (least_unacked_delta >> length_shift > 0) {
diff --git a/chromium/net/quic/quic_framer.h b/chromium/net/quic/quic_framer.h
index a0a0db1afeb..e51b272bc96 100644
--- a/chromium/net/quic/quic_framer.h
+++ b/chromium/net/quic/quic_framer.h
@@ -8,6 +8,7 @@
 #include <stddef.h>
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 #include <unordered_map>
 #include <unordered_set>
@@ -15,7 +16,6 @@
 
 #include "base/logging.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_piece.h"
 #include "net/base/net_export.h"
 #include "net/quic/quic_protocol.h"
@@ -55,12 +55,14 @@ const size_t kQuicDeltaTimeLargestObservedSize = 2;
 const size_t kQuicNumTimestampsSize = 1;
 // Size in bytes reserved for the number of missing packets in ack frames.
 const size_t kNumberOfNackRangesSize = 1;
+// Size in bytes reserved for the number of ack blocks in ack frames.
+const size_t kNumberOfAckBlocksSize = 1;
 // Maximum number of missing packet ranges that can fit within an ack frame.
 const size_t kMaxNackRanges = (1 << (kNumberOfNackRangesSize * 8)) - 1;
+// Maximum number of ack blocks that can fit within an ack frame.
+const size_t kMaxAckBlocks = (1 << (kNumberOfAckBlocksSize * 8)) - 1;
 // Size in bytes reserved for the number of revived packets in ack frames.
 const size_t kNumberOfRevivedPacketsSize = 1;
-// Maximum number of revived packets that can fit within an ack frame.
-const size_t kMaxRevivedPackets = (1 << (kNumberOfRevivedPacketsSize * 8)) - 1;
 
 // This class receives callbacks from the framer when packets
 // are processed.
@@ -119,6 +121,9 @@ class NET_EXPORT_PRIVATE QuicFramerVisitorInterface {
   // Called when a StopWaitingFrame has been parsed.
   virtual bool OnStopWaitingFrame(const QuicStopWaitingFrame& frame) = 0;
 
+  // Called when a QuicPaddingFrame has been parsed.
+  virtual bool OnPaddingFrame(const QuicPaddingFrame& frame) = 0;
+
   // Called when a PingFrame has been parsed.
   virtual bool OnPingFrame(const QuicPingFrame& frame) = 0;
 
@@ -219,11 +224,14 @@ class NET_EXPORT_PRIVATE QuicFramer {
   static size_t GetMinStreamFrameSize(QuicStreamId stream_id,
                                       QuicStreamOffset offset,
                                       bool last_frame_in_packet);
-  // Size in bytes of all ack frame fields without the missing packets.
+  // Size in bytes of all ack frame fields without the missing packets or ack
+  // blocks.
   static size_t GetMinAckFrameSize(
+      QuicVersion version,
       QuicPacketNumberLength largest_observed_length);
   // Size in bytes of a stop waiting frame.
   static size_t GetStopWaitingFrameSize(
+      QuicVersion version,
       QuicPacketNumberLength packet_number_length);
   // Size in bytes of all reset stream frame without the error details.
   // Used before QUIC_VERSION_25.
@@ -260,10 +268,12 @@ class NET_EXPORT_PRIVATE QuicFramer {
   // Returns the associated data from the encrypted packet |encrypted| as a
   // stringpiece.
   static base::StringPiece GetAssociatedDataFromEncryptedPacket(
+      QuicVersion version,
       const QuicEncryptedPacket& encrypted,
       QuicConnectionIdLength connection_id_length,
       bool includes_version,
       bool includes_path_id,
+      bool includes_diversification_nonce,
       QuicPacketNumberLength packet_number_length);
 
   // Serializes a packet containing |frames| into |buffer|.
@@ -370,6 +380,30 @@ class NET_EXPORT_PRIVATE QuicFramer {
     NackRangeMap nack_ranges;
   };
 
+  struct AckBlock {
+    AckBlock(uint8_t gap, QuicPacketNumber length);
+    AckBlock(const AckBlock& other);
+    ~AckBlock();
+
+    // Gap to the next ack block.
+    uint8_t gap;
+    // Length of this ack block.
+    QuicPacketNumber length;
+  };
+
+  struct NewAckFrameInfo {
+    NewAckFrameInfo();
+    NewAckFrameInfo(const NewAckFrameInfo& other);
+    ~NewAckFrameInfo();
+
+    // The maximum ack block length.
+    QuicPacketNumber max_block_length;
+    // Length of first ack block.
+    QuicPacketNumber first_block_length;
+    // Ack blocks starting with gaps to next block and ack block lengths.
+    std::vector<AckBlock> ack_blocks;
+  };
+
   bool ProcessDataPacket(QuicDataReader* reader,
                          const QuicPacketPublicHeader& public_header,
                          const QuicEncryptedPacket& packet,
@@ -407,6 +441,9 @@ class NET_EXPORT_PRIVATE QuicFramer {
   bool ProcessAckFrame(QuicDataReader* reader,
                        uint8_t frame_type,
                        QuicAckFrame* frame);
+  bool ProcessNewAckFrame(QuicDataReader* reader,
+                          uint8_t frame_type,
+                          QuicAckFrame* frame);
   bool ProcessTimestampsInAckFrame(QuicDataReader* reader, QuicAckFrame* frame);
   bool ProcessStopWaitingFrame(QuicDataReader* reader,
                                const QuicPacketHeader& public_header,
@@ -432,6 +469,10 @@ class NET_EXPORT_PRIVATE QuicFramer {
   // otherwise.
   bool IsValidPath(QuicPathId path_id, QuicPacketNumber* last_packet_number);
 
+  // Sets last_packet_number_. This can only be called after the packet is
+  // successfully decrypted.
+  void SetLastPacketNumber(const QuicPacketHeader& header);
+
   // Returns the full packet number from the truncated
   // wire format version and the last seen packet number.
   QuicPacketNumber CalculatePacketNumberFromWire(
@@ -443,10 +484,16 @@ class NET_EXPORT_PRIVATE QuicFramer {
   // was created.
   const QuicTime::Delta CalculateTimestampFromWire(uint32_t time_delta_us);
 
+  // Computes the wire size in bytes of time stamps in |ack|.
+  size_t GetAckFrameTimeStampSize(const QuicAckFrame& ack);
+
   // Computes the wire size in bytes of the |ack| frame, assuming no truncation.
   size_t GetAckFrameSize(const QuicAckFrame& ack,
                          QuicPacketNumberLength packet_number_length);
 
+  // Computes the wire size in bytes of the |ack| frame.
+  size_t GetNewAckFrameSize(const QuicAckFrame& ack);
+
   // Computes the wire size in bytes of the payload of |frame|.
   size_t ComputeFrameLength(const QuicFrame& frame,
                             bool last_frame_in_packet,
@@ -462,6 +509,8 @@ class NET_EXPORT_PRIVATE QuicFramer {
 
   static AckFrameInfo GetAckFrameInfo(const QuicAckFrame& frame);
 
+  static NewAckFrameInfo GetNewAckFrameInfo(const QuicAckFrame& frame);
+
   // The Append* methods attempt to write the provided header or frame using the
   // |writer|, and return true if successful.
 
@@ -479,6 +528,8 @@ class NET_EXPORT_PRIVATE QuicFramer {
   bool AppendAckFrameAndTypeByte(const QuicPacketHeader& header,
                                  const QuicAckFrame& frame,
                                  QuicDataWriter* builder);
+  bool AppendNewAckFrameAndTypeByte(const QuicAckFrame& frame,
+                                    QuicDataWriter* builder);
   bool AppendTimestampToAckFrame(const QuicAckFrame& frame,
                                  QuicDataWriter* builder);
   bool AppendStopWaitingFrame(const QuicPacketHeader& header,
@@ -530,9 +581,9 @@ class NET_EXPORT_PRIVATE QuicFramer {
   // skipped as necessary).
   QuicVersionVector supported_versions_;
   // Primary decrypter used to decrypt packets during parsing.
-  scoped_ptr<QuicDecrypter> decrypter_;
+  std::unique_ptr<QuicDecrypter> decrypter_;
   // Alternative decrypter that can also be used to decrypt packets.
-  scoped_ptr<QuicDecrypter> alternative_decrypter_;
+  std::unique_ptr<QuicDecrypter> alternative_decrypter_;
   // The encryption level of |decrypter_|.
   EncryptionLevel decrypter_level_;
   // The encryption level of |alternative_decrypter_|.
@@ -542,7 +593,7 @@ class NET_EXPORT_PRIVATE QuicFramer {
   // decrypter.
   bool alternative_decrypter_latch_;
   // Encrypters used to encrypt packets via EncryptPayload().
-  scoped_ptr<QuicEncrypter> encrypter_[NUM_ENCRYPTION_LEVELS];
+  std::unique_ptr<QuicEncrypter> encrypter_[NUM_ENCRYPTION_LEVELS];
   // Tracks if the framer is being used by the entity that received the
   // connection or the entity that initiated it.
   Perspective perspective_;
@@ -554,6 +605,8 @@ class NET_EXPORT_PRIVATE QuicFramer {
   // The time delta computed for the last timestamp frame. This is relative to
   // the creation_time.
   QuicTime::Delta last_timestamp_;
+  // The diversification nonce from the last received packet.
+  DiversificationNonce last_nonce_;
 
   DISALLOW_COPY_AND_ASSIGN(QuicFramer);
 };
diff --git a/chromium/net/quic/quic_framer_test.cc b/chromium/net/quic/quic_framer_test.cc
index 07ad2763a7b..795e56adde6 100644
--- a/chromium/net/quic/quic_framer_test.cc
+++ b/chromium/net/quic/quic_framer_test.cc
@@ -5,13 +5,14 @@
 #include "net/quic/quic_framer.h"
 
 #include <stdint.h>
+
 #include <algorithm>
 #include <map>
+#include <memory>
 #include <string>
 #include <vector>
 
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/stl_util.h"
 #include "net/quic/crypto/quic_decrypter.h"
 #include "net/quic/crypto/quic_encrypter.h"
@@ -44,7 +45,9 @@ const QuicConnectionId kConnectionId = UINT64_C(0xFEDCBA9876543210);
 const QuicPathId kPathId = 0x42;
 const QuicPacketNumber kPacketNumber = UINT64_C(0x123456789ABC);
 const QuicPacketNumber kLargestObserved = UINT64_C(0x0123456789ABF);
+const QuicPacketNumber kSmallLargestObserved = UINT16_C(0x1234);
 const QuicPacketNumber kMissingPacket = UINT64_C(0x0123456789ABE);
+const QuicPacketNumber kSmallMissingPacket = UINT16_C(0x1233);
 const QuicPacketNumber kLeastUnacked = UINT64_C(0x0123456789AA0);
 const QuicStreamId kStreamId = UINT64_C(0x01020304);
 const QuicStreamOffset kStreamOffset = UINT64_C(0xBA98FEDC32107654);
@@ -150,6 +153,13 @@ class TestDecrypter : public QuicDecrypter {
   ~TestDecrypter() override {}
   bool SetKey(StringPiece key) override { return true; }
   bool SetNoncePrefix(StringPiece nonce_prefix) override { return true; }
+  bool SetPreliminaryKey(StringPiece key) override {
+    QUIC_BUG << "should not be called";
+    return false;
+  }
+  bool SetDiversificationNonce(DiversificationNonce key) override {
+    return true;
+  }
   bool DecryptPacket(QuicPathId path_id,
                      QuicPacketNumber packet_number,
                      StringPiece associated_data,
@@ -191,6 +201,7 @@ class TestQuicVisitor : public QuicFramerVisitorInterface {
     STLDeleteElements(&stream_frames_);
     STLDeleteElements(&ack_frames_);
     STLDeleteElements(&stop_waiting_frames_);
+    STLDeleteElements(&padding_frames_);
     STLDeleteElements(&ping_frames_);
     STLDeleteElements(&stream_data_);
   }
@@ -244,7 +255,7 @@ class TestQuicVisitor : public QuicFramerVisitorInterface {
     ++frame_count_;
     // Save a copy of the data so it is valid after the packet is processed.
     string* string_data = new string();
-    StringPiece(frame.frame_buffer, frame.frame_length)
+    StringPiece(frame.data_buffer, frame.data_length)
         .AppendToString(string_data);
     stream_data_.push_back(string_data);
     stream_frames_.push_back(new QuicStreamFrame(frame.stream_id, frame.fin,
@@ -264,6 +275,11 @@ class TestQuicVisitor : public QuicFramerVisitorInterface {
     return true;
   }
 
+  bool OnPaddingFrame(const QuicPaddingFrame& frame) override {
+    padding_frames_.push_back(new QuicPaddingFrame(frame));
+    return true;
+  }
+
   bool OnPingFrame(const QuicPingFrame& frame) override {
     ++frame_count_;
     ping_frames_.push_back(new QuicPingFrame(frame));
@@ -311,13 +327,14 @@ class TestQuicVisitor : public QuicFramerVisitorInterface {
   bool accept_packet_;
   bool accept_public_header_;
 
-  scoped_ptr<QuicPacketHeader> header_;
-  scoped_ptr<QuicPacketPublicHeader> public_header_;
-  scoped_ptr<QuicPublicResetPacket> public_reset_packet_;
-  scoped_ptr<QuicVersionNegotiationPacket> version_negotiation_packet_;
+  std::unique_ptr<QuicPacketHeader> header_;
+  std::unique_ptr<QuicPacketPublicHeader> public_header_;
+  std::unique_ptr<QuicPublicResetPacket> public_reset_packet_;
+  std::unique_ptr<QuicVersionNegotiationPacket> version_negotiation_packet_;
   vector<QuicStreamFrame*> stream_frames_;
   vector<QuicAckFrame*> ack_frames_;
   vector<QuicStopWaitingFrame*> stop_waiting_frames_;
+  vector<QuicPaddingFrame*> padding_frames_;
   vector<QuicPingFrame*> ping_frames_;
   QuicRstStreamFrame rst_stream_frame_;
   QuicConnectionCloseFrame connection_close_frame_;
@@ -363,15 +380,16 @@ class QuicFramerTest : public ::testing::TestWithParam<QuicVersion> {
                  << packet_number << " actual: " << encrypter_->packet_number_;
       return false;
     }
-    if (packet->AssociatedData() != encrypter_->associated_data_) {
+    if (packet->AssociatedData(framer_.version()) !=
+        encrypter_->associated_data_) {
       LOG(ERROR) << "Encrypted incorrect associated data.  expected "
-                 << packet->AssociatedData()
+                 << packet->AssociatedData(framer_.version())
                  << " actual: " << encrypter_->associated_data_;
       return false;
     }
-    if (packet->Plaintext() != encrypter_->plaintext_) {
+    if (packet->Plaintext(framer_.version()) != encrypter_->plaintext_) {
       LOG(ERROR) << "Encrypted incorrect plaintext data.  expected "
-                 << packet->Plaintext()
+                 << packet->Plaintext(framer_.version())
                  << " actual: " << encrypter_->plaintext_;
       return false;
     }
@@ -380,7 +398,8 @@ class QuicFramerTest : public ::testing::TestWithParam<QuicVersion> {
 
   bool CheckDecryption(const QuicEncryptedPacket& encrypted,
                        bool includes_version,
-                       bool includes_path_id) {
+                       bool includes_path_id,
+                       bool includes_diversification_nonce) {
     if (visitor_.header_->packet_number != decrypter_->packet_number_) {
       LOG(ERROR) << "Decrypted incorrect packet number.  expected "
                  << visitor_.header_->packet_number
@@ -388,19 +407,23 @@ class QuicFramerTest : public ::testing::TestWithParam<QuicVersion> {
       return false;
     }
     if (QuicFramer::GetAssociatedDataFromEncryptedPacket(
-            encrypted, PACKET_8BYTE_CONNECTION_ID, includes_version,
-            includes_path_id,
+            framer_.version(), encrypted, PACKET_8BYTE_CONNECTION_ID,
+            includes_version, includes_path_id, includes_diversification_nonce,
             PACKET_6BYTE_PACKET_NUMBER) != decrypter_->associated_data_) {
       LOG(ERROR) << "Decrypted incorrect associated data.  expected "
                  << QuicFramer::GetAssociatedDataFromEncryptedPacket(
-                        encrypted, PACKET_8BYTE_CONNECTION_ID, includes_version,
-                        includes_path_id, PACKET_6BYTE_PACKET_NUMBER)
+                        framer_.version(), encrypted,
+                        PACKET_8BYTE_CONNECTION_ID, includes_version,
+                        includes_path_id, includes_diversification_nonce,
+                        PACKET_6BYTE_PACKET_NUMBER)
                  << " actual: " << decrypter_->associated_data_;
       return false;
     }
-    StringPiece ciphertext(encrypted.AsStringPiece().substr(
-        GetStartOfEncryptedData(PACKET_8BYTE_CONNECTION_ID, includes_version,
-                                includes_path_id, PACKET_6BYTE_PACKET_NUMBER)));
+    StringPiece ciphertext(
+        encrypted.AsStringPiece().substr(GetStartOfEncryptedData(
+            framer_.version(), PACKET_8BYTE_CONNECTION_ID, includes_version,
+            includes_path_id, includes_diversification_nonce,
+            PACKET_6BYTE_PACKET_NUMBER)));
     if (ciphertext != decrypter_->ciphertext_) {
       LOG(ERROR) << "Decrypted incorrect ciphertext data.  expected "
                  << ciphertext << " actual: " << decrypter_->ciphertext_;
@@ -423,7 +446,7 @@ class QuicFramerTest : public ::testing::TestWithParam<QuicVersion> {
 
   // Checks if the supplied string matches data in the supplied StreamFrame.
   void CheckStreamFrameData(string str, QuicStreamFrame* frame) {
-    EXPECT_EQ(str, string(frame->frame_buffer, frame->frame_length));
+    EXPECT_EQ(str, string(frame->data_buffer, frame->data_length));
   }
 
   void CheckStreamFrameBoundaries(unsigned char* packet,
@@ -442,8 +465,10 @@ class QuicFramerTest : public ::testing::TestWithParam<QuicVersion> {
       }
       CheckProcessingFails(
           packet,
-          i + GetPacketHeaderSize(PACKET_8BYTE_CONNECTION_ID, include_version,
-                                  !kIncludePathId, PACKET_6BYTE_PACKET_NUMBER),
+          i + GetPacketHeaderSize(framer_.version(), PACKET_8BYTE_CONNECTION_ID,
+                                  include_version, !kIncludePathId,
+                                  !kIncludeDiversificationNonce,
+                                  PACKET_6BYTE_PACKET_NUMBER),
           expected_error, QUIC_INVALID_STREAM_DATA);
     }
   }
@@ -598,7 +623,7 @@ TEST_P(QuicFramerTest, LargePacket) {
   // clang-format off
   unsigned char packet[kMaxPacketSize + 1] = {
     // public flags (8 byte connection_id)
-    0x3C,
+    0x38,
     // connection_id
     0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
     // packet number
@@ -606,15 +631,15 @@ TEST_P(QuicFramerTest, LargePacket) {
     // private flags
     0x00,
   };
-
-  memset(packet + GetPacketHeaderSize(
-             PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion, !kIncludePathId,
-             PACKET_6BYTE_PACKET_NUMBER), 0,
-         kMaxPacketSize - GetPacketHeaderSize(
-             PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion, !kIncludePathId,
-             PACKET_6BYTE_PACKET_NUMBER) + 1);
   // clang-format on
 
+  const size_t header_size = GetPacketHeaderSize(
+      framer_.version(), PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion,
+      !kIncludePathId, !kIncludeDiversificationNonce,
+      PACKET_6BYTE_PACKET_NUMBER);
+
+  memset(packet + header_size, 0, kMaxPacketSize - header_size);
+
   QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false);
   EXPECT_DFATAL(framer_.ProcessPacket(encrypted), "Packet too large:1");
 
@@ -629,7 +654,7 @@ TEST_P(QuicFramerTest, PacketHeader) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (8 byte connection_id)
-    0x3C,
+    0x38,
     // connection_id
     0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
     // packet number
@@ -637,59 +662,21 @@ TEST_P(QuicFramerTest, PacketHeader) {
     // private flags
     0x00,
   };
-  // clang-format on
-
-  QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false);
-  EXPECT_FALSE(framer_.ProcessPacket(encrypted));
-  EXPECT_EQ(QUIC_MISSING_PAYLOAD, framer_.error());
-  ASSERT_TRUE(visitor_.header_.get());
-  EXPECT_EQ(kConnectionId, visitor_.header_->public_header.connection_id);
-  EXPECT_FALSE(visitor_.header_->public_header.multipath_flag);
-  EXPECT_FALSE(visitor_.header_->public_header.reset_flag);
-  EXPECT_FALSE(visitor_.header_->public_header.version_flag);
-  EXPECT_FALSE(visitor_.header_->fec_flag);
-  EXPECT_FALSE(visitor_.header_->entropy_flag);
-  EXPECT_EQ(0, visitor_.header_->entropy_hash);
-  EXPECT_EQ(kPacketNumber, visitor_.header_->packet_number);
-  EXPECT_EQ(NOT_IN_FEC_GROUP, visitor_.header_->is_in_fec_group);
-  EXPECT_EQ(0u, visitor_.header_->fec_group);
-
-  // Now test framing boundaries.
-  for (size_t i = 0;
-       i < GetPacketHeaderSize(PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion,
-                               !kIncludePathId, PACKET_6BYTE_PACKET_NUMBER);
-       ++i) {
-    string expected_error;
-    if (i < kConnectionIdOffset) {
-      expected_error = "Unable to read public flags.";
-    } else if (i < GetPacketNumberOffset(!kIncludeVersion, !kIncludePathId)) {
-      expected_error = "Unable to read ConnectionId.";
-    } else if (i < GetPrivateFlagsOffset(!kIncludeVersion, !kIncludePathId)) {
-      expected_error = "Unable to read packet number.";
-    } else {
-      expected_error = "Unable to read private flags.";
-    }
-    CheckProcessingFails(packet, i, expected_error, QUIC_INVALID_PACKET_HEADER);
-  }
-}
-
-TEST_P(QuicFramerTest, PacketHeaderWith4ByteConnectionId) {
-  QuicFramerPeer::SetLastSerializedConnectionId(&framer_, kConnectionId);
-
-  // clang-format off
-  unsigned char packet[] = {
-    // public flags (4 byte connection_id)
+  unsigned char packet_34[] = {
+    // public flags (8 byte connection_id)
     0x38,
     // connection_id
-    0x10, 0x32, 0x54, 0x76,
+    0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
     // packet number
     0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12,
-    // private flags
-    0x00,
   };
   // clang-format on
 
-  QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false);
+  QuicEncryptedPacket encrypted(
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34),
+      false);
   EXPECT_FALSE(framer_.ProcessPacket(encrypted));
   EXPECT_EQ(QUIC_MISSING_PAYLOAD, framer_.error());
   ASSERT_TRUE(visitor_.header_.get());
@@ -706,94 +693,62 @@ TEST_P(QuicFramerTest, PacketHeaderWith4ByteConnectionId) {
 
   // Now test framing boundaries.
   for (size_t i = 0;
-       i < GetPacketHeaderSize(PACKET_4BYTE_CONNECTION_ID, !kIncludeVersion,
-                               !kIncludePathId, PACKET_6BYTE_PACKET_NUMBER);
+       i < GetPacketHeaderSize(framer_.version(), PACKET_8BYTE_CONNECTION_ID,
+                               !kIncludeVersion, !kIncludePathId,
+                               !kIncludeDiversificationNonce,
+                               PACKET_6BYTE_PACKET_NUMBER);
        ++i) {
     string expected_error;
     if (i < kConnectionIdOffset) {
       expected_error = "Unable to read public flags.";
-    } else if (i < GetPacketNumberOffset(PACKET_4BYTE_CONNECTION_ID,
-                                         !kIncludeVersion, !kIncludePathId)) {
+    } else if (i < GetPacketNumberOffset(!kIncludeVersion, !kIncludePathId)) {
       expected_error = "Unable to read ConnectionId.";
-    } else if (i < GetPrivateFlagsOffset(PACKET_4BYTE_CONNECTION_ID,
-                                         !kIncludeVersion, !kIncludePathId)) {
-      expected_error = "Unable to read packet number.";
     } else {
-      expected_error = "Unable to read private flags.";
+      if (framer_.version() <= QUIC_VERSION_33) {
+        if (i < GetPrivateFlagsOffset(!kIncludeVersion, !kIncludePathId)) {
+          expected_error = "Unable to read packet number.";
+        } else {
+          expected_error = "Unable to read private flags.";
+        }
+      } else {
+        expected_error = "Unable to read packet number.";
+      }
     }
-    CheckProcessingFails(packet, i, expected_error, QUIC_INVALID_PACKET_HEADER);
+    CheckProcessingFails(
+        framer_.version() <= QUIC_VERSION_33 ? packet : packet_34, i,
+        expected_error, QUIC_INVALID_PACKET_HEADER);
   }
 }
 
-TEST_P(QuicFramerTest, PacketHeader1ByteConnectionId) {
+TEST_P(QuicFramerTest, PacketHeaderWith0ByteConnectionId) {
   QuicFramerPeer::SetLastSerializedConnectionId(&framer_, kConnectionId);
 
   // clang-format off
   unsigned char packet[] = {
-    // public flags (1 byte connection_id)
-    0x34,
+    // public flags (0 byte connection_id)
+    0x30,
     // connection_id
-    0x10,
     // packet number
-    0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12,
+    0xBC, 0x9A, 0x78, 0x56,
+    0x34, 0x12,
     // private flags
     0x00,
   };
-  // clang-format on
-
-  QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false);
-  EXPECT_FALSE(framer_.ProcessPacket(encrypted));
-  EXPECT_EQ(QUIC_MISSING_PAYLOAD, framer_.error());
-  ASSERT_TRUE(visitor_.header_.get());
-  EXPECT_EQ(kConnectionId, visitor_.header_->public_header.connection_id);
-  EXPECT_FALSE(visitor_.header_->public_header.multipath_flag);
-  EXPECT_FALSE(visitor_.header_->public_header.reset_flag);
-  EXPECT_FALSE(visitor_.header_->public_header.version_flag);
-  EXPECT_FALSE(visitor_.header_->fec_flag);
-  EXPECT_FALSE(visitor_.header_->entropy_flag);
-  EXPECT_EQ(0, visitor_.header_->entropy_hash);
-  EXPECT_EQ(kPacketNumber, visitor_.header_->packet_number);
-  EXPECT_EQ(NOT_IN_FEC_GROUP, visitor_.header_->is_in_fec_group);
-  EXPECT_EQ(0u, visitor_.header_->fec_group);
-
-  // Now test framing boundaries.
-  for (size_t i = 0;
-       i < GetPacketHeaderSize(PACKET_1BYTE_CONNECTION_ID, !kIncludeVersion,
-                               !kIncludePathId, PACKET_6BYTE_PACKET_NUMBER);
-       ++i) {
-    string expected_error;
-    if (i < kConnectionIdOffset) {
-      expected_error = "Unable to read public flags.";
-    } else if (i < GetPacketNumberOffset(PACKET_1BYTE_CONNECTION_ID,
-                                         !kIncludeVersion, !kIncludePathId)) {
-      expected_error = "Unable to read ConnectionId.";
-    } else if (i < GetPrivateFlagsOffset(PACKET_1BYTE_CONNECTION_ID,
-                                         !kIncludeVersion, !kIncludePathId)) {
-      expected_error = "Unable to read packet number.";
-    } else {
-      expected_error = "Unable to read private flags.";
-    }
-    CheckProcessingFails(packet, i, expected_error, QUIC_INVALID_PACKET_HEADER);
-  }
-}
-
-TEST_P(QuicFramerTest, PacketHeaderWith0ByteConnectionId) {
-  QuicFramerPeer::SetLastSerializedConnectionId(&framer_, kConnectionId);
-
-  // clang-format off
-  unsigned char packet[] = {
+  unsigned char packet_34[] = {
     // public flags (0 byte connection_id)
     0x30,
     // connection_id
     // packet number
     0xBC, 0x9A, 0x78, 0x56,
     0x34, 0x12,
-    // private flags
-    0x00,
   };
   // clang-format on
 
-  QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false);
+  QuicEncryptedPacket encrypted(
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34),
+      false);
   EXPECT_FALSE(framer_.ProcessPacket(encrypted));
   EXPECT_EQ(QUIC_MISSING_PAYLOAD, framer_.error());
   ASSERT_TRUE(visitor_.header_.get());
@@ -810,8 +765,10 @@ TEST_P(QuicFramerTest, PacketHeaderWith0ByteConnectionId) {
 
   // Now test framing boundaries.
   for (size_t i = 0;
-       i < GetPacketHeaderSize(PACKET_0BYTE_CONNECTION_ID, !kIncludeVersion,
-                               !kIncludePathId, PACKET_6BYTE_PACKET_NUMBER);
+       i < GetPacketHeaderSize(framer_.version(), PACKET_0BYTE_CONNECTION_ID,
+                               !kIncludeVersion, !kIncludePathId,
+                               !kIncludeDiversificationNonce,
+                               PACKET_6BYTE_PACKET_NUMBER);
        ++i) {
     string expected_error;
     if (i < kConnectionIdOffset) {
@@ -819,13 +776,21 @@ TEST_P(QuicFramerTest, PacketHeaderWith0ByteConnectionId) {
     } else if (i < GetPacketNumberOffset(PACKET_0BYTE_CONNECTION_ID,
                                          !kIncludeVersion, !kIncludePathId)) {
       expected_error = "Unable to read ConnectionId.";
-    } else if (i < GetPrivateFlagsOffset(PACKET_0BYTE_CONNECTION_ID,
-                                         !kIncludeVersion, !kIncludePathId)) {
-      expected_error = "Unable to read packet number.";
     } else {
-      expected_error = "Unable to read private flags.";
+      if (framer_.version() <= QUIC_VERSION_33) {
+        if (i < GetPrivateFlagsOffset(PACKET_0BYTE_CONNECTION_ID,
+                                      !kIncludeVersion, !kIncludePathId)) {
+          expected_error = "Unable to read packet number.";
+        } else {
+          expected_error = "Unable to read private flags.";
+        }
+      } else {
+        expected_error = "Unable to read packet number.";
+      }
     }
-    CheckProcessingFails(packet, i, expected_error, QUIC_INVALID_PACKET_HEADER);
+    CheckProcessingFails(
+        framer_.version() <= QUIC_VERSION_33 ? packet : packet_34, i,
+        expected_error, QUIC_INVALID_PACKET_HEADER);
   }
 }
 
@@ -833,7 +798,7 @@ TEST_P(QuicFramerTest, PacketHeaderWithVersionFlag) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (version)
-    0x3D,
+    0x39,
     // connection_id
     0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
     // version tag
@@ -843,9 +808,23 @@ TEST_P(QuicFramerTest, PacketHeaderWithVersionFlag) {
     // private flags
     0x00,
   };
+  unsigned char packet_34[] = {
+    // public flags (version)
+    0x39,
+    // connection_id
+    0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
+    // version tag
+    'Q', '0', GetQuicVersionDigitTens(), GetQuicVersionDigitOnes(),
+    // packet number
+    0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12,
+  };
   // clang-format on
 
-  QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false);
+  QuicEncryptedPacket encrypted(
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34),
+      false);
   EXPECT_FALSE(framer_.ProcessPacket(encrypted));
   EXPECT_EQ(QUIC_MISSING_PAYLOAD, framer_.error());
   ASSERT_TRUE(visitor_.header_.get());
@@ -863,8 +842,10 @@ TEST_P(QuicFramerTest, PacketHeaderWithVersionFlag) {
 
   // Now test framing boundaries.
   for (size_t i = 0;
-       i < GetPacketHeaderSize(PACKET_8BYTE_CONNECTION_ID, kIncludeVersion,
-                               !kIncludePathId, PACKET_6BYTE_PACKET_NUMBER);
+       i < GetPacketHeaderSize(framer_.version(), PACKET_8BYTE_CONNECTION_ID,
+                               kIncludeVersion, !kIncludePathId,
+                               !kIncludeDiversificationNonce,
+                               PACKET_6BYTE_PACKET_NUMBER);
        ++i) {
     string expected_error;
     if (i < kConnectionIdOffset) {
@@ -873,12 +854,20 @@ TEST_P(QuicFramerTest, PacketHeaderWithVersionFlag) {
       expected_error = "Unable to read ConnectionId.";
     } else if (i < GetPacketNumberOffset(kIncludeVersion, !kIncludePathId)) {
       expected_error = "Unable to read protocol version.";
-    } else if (i < GetPrivateFlagsOffset(kIncludeVersion, !kIncludePathId)) {
-      expected_error = "Unable to read packet number.";
     } else {
-      expected_error = "Unable to read private flags.";
+      if (framer_.version() <= QUIC_VERSION_33) {
+        if (i < GetPrivateFlagsOffset(kIncludeVersion, !kIncludePathId)) {
+          expected_error = "Unable to read packet number.";
+        } else {
+          expected_error = "Unable to read private flags.";
+        }
+      } else {
+        expected_error = "Unable to read packet number.";
+      }
     }
-    CheckProcessingFails(packet, i, expected_error, QUIC_INVALID_PACKET_HEADER);
+    CheckProcessingFails(
+        framer_.version() <= QUIC_VERSION_33 ? packet : packet_34, i,
+        expected_error, QUIC_INVALID_PACKET_HEADER);
   }
 }
 
@@ -886,7 +875,7 @@ TEST_P(QuicFramerTest, PacketHeaderWithMultipathFlag) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (version)
-    0x7C,
+    0x78,
     // connection_id
     0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
     // path_id
@@ -896,13 +885,28 @@ TEST_P(QuicFramerTest, PacketHeaderWithMultipathFlag) {
     // private flags
     0x00,
   };
+  unsigned char packet_34[] = {
+    // public flags (version)
+    0x78,
+    // connection_id
+    0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
+    // path_id
+    0x42,
+    // packet number
+    0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12,
+  };
   // clang-format on
 
-  QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false);
+  QuicEncryptedPacket encrypted(
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34),
+      false);
   EXPECT_FALSE(framer_.ProcessPacket(encrypted));
   EXPECT_EQ(QUIC_MISSING_PAYLOAD, framer_.error());
   ASSERT_TRUE(visitor_.header_.get());
-  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, kIncludePathId));
+  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, kIncludePathId,
+                              !kIncludeDiversificationNonce));
   EXPECT_EQ(kConnectionId, visitor_.header_->public_header.connection_id);
   EXPECT_TRUE(visitor_.header_->public_header.multipath_flag);
   EXPECT_FALSE(visitor_.header_->public_header.reset_flag);
@@ -917,8 +921,10 @@ TEST_P(QuicFramerTest, PacketHeaderWithMultipathFlag) {
 
   // Now test framing boundaries.
   for (size_t i = 0;
-       i < GetPacketHeaderSize(PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion,
-                               kIncludePathId, PACKET_6BYTE_PACKET_NUMBER);
+       i < GetPacketHeaderSize(framer_.version(), PACKET_8BYTE_CONNECTION_ID,
+                               !kIncludeVersion, kIncludePathId,
+                               !kIncludeDiversificationNonce,
+                               PACKET_6BYTE_PACKET_NUMBER);
        ++i) {
     string expected_error;
     if (i < kConnectionIdOffset) {
@@ -928,12 +934,20 @@ TEST_P(QuicFramerTest, PacketHeaderWithMultipathFlag) {
       expected_error = "Unable to read ConnectionId.";
     } else if (i < GetPacketNumberOffset(!kIncludeVersion, kIncludePathId)) {
       expected_error = "Unable to read path id.";
-    } else if (i < GetPrivateFlagsOffset(!kIncludeVersion, kIncludePathId)) {
-      expected_error = "Unable to read packet number.";
     } else {
-      expected_error = "Unable to read private flags.";
+      if (framer_.version() <= QUIC_VERSION_33) {
+        if (i < GetPrivateFlagsOffset(!kIncludeVersion, kIncludePathId)) {
+          expected_error = "Unable to read packet number.";
+        } else {
+          expected_error = "Unable to read private flags.";
+        }
+      } else {
+        expected_error = "Unable to read packet number.";
+      }
     }
-    CheckProcessingFails(packet, i, expected_error, QUIC_INVALID_PACKET_HEADER);
+    CheckProcessingFails(
+        framer_.version() <= QUIC_VERSION_33 ? packet : packet_34, i,
+        expected_error, QUIC_INVALID_PACKET_HEADER);
   }
 }
 
@@ -941,7 +955,7 @@ TEST_P(QuicFramerTest, PacketHeaderWithBothVersionFlagAndMultipathFlag) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (version)
-    0x7D,
+    0x79,
     // connection_id
     0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
     // version tag
@@ -953,13 +967,30 @@ TEST_P(QuicFramerTest, PacketHeaderWithBothVersionFlagAndMultipathFlag) {
     // private flags
     0x00,
   };
+  unsigned char packet_34[] = {
+    // public flags (version)
+    0x79,
+    // connection_id
+    0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
+    // version tag
+    'Q', '0', GetQuicVersionDigitTens(), GetQuicVersionDigitOnes(),
+    // path_id
+    0x42,
+    // packet number
+    0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12,
+  };
   // clang-format on
 
-  QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false);
+  QuicEncryptedPacket encrypted(
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34),
+      false);
   EXPECT_FALSE(framer_.ProcessPacket(encrypted));
   EXPECT_EQ(QUIC_MISSING_PAYLOAD, framer_.error());
   ASSERT_TRUE(visitor_.header_.get());
-  EXPECT_TRUE(CheckDecryption(encrypted, kIncludeVersion, kIncludePathId));
+  EXPECT_TRUE(CheckDecryption(encrypted, kIncludeVersion, kIncludePathId,
+                              !kIncludeDiversificationNonce));
   EXPECT_EQ(kConnectionId, visitor_.header_->public_header.connection_id);
   EXPECT_TRUE(visitor_.header_->public_header.multipath_flag);
   EXPECT_FALSE(visitor_.header_->public_header.reset_flag);
@@ -975,8 +1006,10 @@ TEST_P(QuicFramerTest, PacketHeaderWithBothVersionFlagAndMultipathFlag) {
 
   // Now test framing boundaries.
   for (size_t i = 0;
-       i < GetPacketHeaderSize(PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion,
-                               kIncludePathId, PACKET_6BYTE_PACKET_NUMBER);
+       i < GetPacketHeaderSize(framer_.version(), PACKET_8BYTE_CONNECTION_ID,
+                               !kIncludeVersion, kIncludePathId,
+                               !kIncludeDiversificationNonce,
+                               PACKET_6BYTE_PACKET_NUMBER);
        ++i) {
     string expected_error;
     if (i < kConnectionIdOffset) {
@@ -988,12 +1021,20 @@ TEST_P(QuicFramerTest, PacketHeaderWithBothVersionFlagAndMultipathFlag) {
       expected_error = "Unable to read protocol version.";
     } else if (i < GetPacketNumberOffset(kIncludeVersion, kIncludePathId)) {
       expected_error = "Unable to read path id.";
-    } else if (i < GetPrivateFlagsOffset(kIncludeVersion, kIncludePathId)) {
-      expected_error = "Unable to read packet number.";
     } else {
-      expected_error = "Unable to read private flags.";
+      if (framer_.version() <= QUIC_VERSION_33) {
+        if (i < GetPrivateFlagsOffset(kIncludeVersion, kIncludePathId)) {
+          expected_error = "Unable to read packet number.";
+        } else {
+          expected_error = "Unable to read private flags.";
+        }
+      } else {
+        expected_error = "Unable to read packet number.";
+      }
     }
-    CheckProcessingFails(packet, i, expected_error, QUIC_INVALID_PACKET_HEADER);
+    CheckProcessingFails(
+        framer_.version() <= QUIC_VERSION_33 ? packet : packet_34, i,
+        expected_error, QUIC_INVALID_PACKET_HEADER);
   }
 }
 
@@ -1002,7 +1043,7 @@ TEST_P(QuicFramerTest, PacketHeaderWithPathChange) {
   // clang-format off
   unsigned char packet1[] = {
     // public flags (version)
-    0x7C,
+    0x78,
     // connection_id
     0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
     // path_id
@@ -1012,11 +1053,25 @@ TEST_P(QuicFramerTest, PacketHeaderWithPathChange) {
     // private flags
     0x00,
   };
+  unsigned char packet1_34[] = {
+    // public flags (version)
+    0x78,
+    // connection_id
+    0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
+    // path_id
+    0x42,
+    // packet number
+    0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12,
+  };
   // clang-format on
 
   EXPECT_EQ(0u, QuicFramerPeer::GetLastPacketNumber(&framer_));
   EXPECT_EQ(kInvalidPathId, QuicFramerPeer::GetLastPathId(&framer_));
-  QuicEncryptedPacket encrypted1(AsChars(packet1), arraysize(packet1), false);
+  QuicEncryptedPacket encrypted1(
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet1 : packet1_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet1)
+                                           : arraysize(packet1_34),
+      false);
   EXPECT_FALSE(framer_.ProcessPacket(encrypted1));
   EXPECT_EQ(QUIC_MISSING_PAYLOAD, framer_.error());
   ASSERT_TRUE(visitor_.header_.get());
@@ -1030,7 +1085,7 @@ TEST_P(QuicFramerTest, PacketHeaderWithPathChange) {
   // clang-format off
   unsigned char packet2[] = {
     // public flags (version)
-    0x7C,
+    0x78,
     // connection_id
     0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
     // path_id
@@ -1040,9 +1095,23 @@ TEST_P(QuicFramerTest, PacketHeaderWithPathChange) {
     // private flags
     0x00,
   };
+  unsigned char packet2_34[] = {
+    // public flags (version)
+    0x78,
+    // connection_id
+    0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
+    // path_id
+    0x00,
+    // packet number
+    0xCC, 0x9A, 0x78, 0x56, 0x34, 0x12,
+  };
   // clang-format on
 
-  QuicEncryptedPacket encrypted2(AsChars(packet2), arraysize(packet2), false);
+  QuicEncryptedPacket encrypted2(
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet2 : packet2_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet2)
+                                           : arraysize(packet2_34),
+      false);
   EXPECT_FALSE(framer_.ProcessPacket(encrypted2));
   EXPECT_EQ(QUIC_MISSING_PAYLOAD, framer_.error());
   ASSERT_TRUE(visitor_.header_.get());
@@ -1056,7 +1125,7 @@ TEST_P(QuicFramerTest, PacketHeaderWithPathChange) {
   // clang-format off
   unsigned char packet3[] = {
     // public flags (version)
-    0x7C,
+    0x78,
     // connection_id
     0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
     // path_id
@@ -1066,9 +1135,23 @@ TEST_P(QuicFramerTest, PacketHeaderWithPathChange) {
     // private flags
     0x00,
   };
+  unsigned char packet3_34[] = {
+    // public flags (version)
+    0x78,
+    // connection_id
+    0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
+    // path_id
+    0x42,
+    // packet number
+    0xBD, 0x9A, 0x78, 0x56, 0x34, 0x12,
+  };
   // clang-format on
 
-  QuicEncryptedPacket encrypted3(AsChars(packet3), arraysize(packet3), false);
+  QuicEncryptedPacket encrypted3(
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet3 : packet3_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet3)
+                                           : arraysize(packet3_34),
+      false);
   EXPECT_FALSE(framer_.ProcessPacket(encrypted3));
   EXPECT_EQ(QUIC_MISSING_PAYLOAD, framer_.error());
   ASSERT_TRUE(visitor_.header_.get());
@@ -1084,7 +1167,19 @@ TEST_P(QuicFramerTest, ReceivedPacketOnClosedPath) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (version)
-    0x7C,
+    0x78,
+    // connection_id
+    0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
+    // path_id
+    0x42,
+    // packet number
+    0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12,
+    // private flags
+    0x00,
+  };
+  unsigned char packet_34[] = {
+    // public flags (version)
+    0x78,
     // connection_id
     0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
     // path_id
@@ -1097,7 +1192,11 @@ TEST_P(QuicFramerTest, ReceivedPacketOnClosedPath) {
   // clang-format on
 
   framer_.OnPathClosed(kPathId);
-  QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false);
+  QuicEncryptedPacket encrypted(
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34),
+      false);
   EXPECT_FALSE(framer_.ProcessPacket(encrypted));
   EXPECT_EQ(QUIC_NO_ERROR, framer_.error());
   EXPECT_EQ(0u, QuicFramerPeer::GetLastPacketNumber(&framer_));
@@ -1110,7 +1209,7 @@ TEST_P(QuicFramerTest, PacketHeaderWith4BytePacketNumber) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (8 byte connection_id and 4 byte packet number)
-    0x2C,
+    0x28,
     // connection_id
     0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
     // packet number
@@ -1118,9 +1217,21 @@ TEST_P(QuicFramerTest, PacketHeaderWith4BytePacketNumber) {
     // private flags
     0x00,
   };
+  unsigned char packet_34[] = {
+    // public flags (8 byte connection_id and 4 byte packet number)
+    0x28,
+    // connection_id
+    0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
+    // packet number
+    0xBC, 0x9A, 0x78, 0x56,
+  };
   // clang-format on
 
-  QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false);
+  QuicEncryptedPacket encrypted(
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34),
+      false);
   EXPECT_FALSE(framer_.ProcessPacket(encrypted));
   EXPECT_EQ(QUIC_MISSING_PAYLOAD, framer_.error());
   ASSERT_TRUE(visitor_.header_.get());
@@ -1137,21 +1248,31 @@ TEST_P(QuicFramerTest, PacketHeaderWith4BytePacketNumber) {
 
   // Now test framing boundaries.
   for (size_t i = 0;
-       i < GetPacketHeaderSize(PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion,
-                               !kIncludePathId, PACKET_4BYTE_PACKET_NUMBER);
+       i < GetPacketHeaderSize(framer_.version(), PACKET_8BYTE_CONNECTION_ID,
+                               !kIncludeVersion, !kIncludePathId,
+                               !kIncludeDiversificationNonce,
+                               PACKET_4BYTE_PACKET_NUMBER);
        ++i) {
     string expected_error;
     if (i < kConnectionIdOffset) {
       expected_error = "Unable to read public flags.";
     } else if (i < GetPacketNumberOffset(!kIncludeVersion, !kIncludePathId)) {
       expected_error = "Unable to read ConnectionId.";
-    } else if (i < GetPrivateFlagsOffset(!kIncludeVersion, !kIncludePathId,
-                                         PACKET_4BYTE_PACKET_NUMBER)) {
-      expected_error = "Unable to read packet number.";
     } else {
-      expected_error = "Unable to read private flags.";
+      if (framer_.version() <= QUIC_VERSION_33) {
+        if (i < GetPrivateFlagsOffset(!kIncludeVersion, !kIncludePathId,
+                                      PACKET_4BYTE_PACKET_NUMBER)) {
+          expected_error = "Unable to read packet number.";
+        } else {
+          expected_error = "Unable to read private flags.";
+        }
+      } else {
+        expected_error = "Unable to read packet number.";
+      }
     }
-    CheckProcessingFails(packet, i, expected_error, QUIC_INVALID_PACKET_HEADER);
+    CheckProcessingFails(
+        framer_.version() <= QUIC_VERSION_33 ? packet : packet_34, i,
+        expected_error, QUIC_INVALID_PACKET_HEADER);
   }
 }
 
@@ -1161,7 +1282,7 @@ TEST_P(QuicFramerTest, PacketHeaderWith2BytePacketNumber) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (8 byte connection_id and 2 byte packet number)
-    0x1C,
+    0x18,
     // connection_id
     0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
     // packet number
@@ -1169,9 +1290,21 @@ TEST_P(QuicFramerTest, PacketHeaderWith2BytePacketNumber) {
     // private flags
     0x00,
   };
+  unsigned char packet_34[] = {
+    // public flags (8 byte connection_id and 2 byte packet number)
+    0x18,
+    // connection_id
+    0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
+    // packet number
+    0xBC, 0x9A,
+  };
   // clang-format on
 
-  QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false);
+  QuicEncryptedPacket encrypted(
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34),
+      false);
   EXPECT_FALSE(framer_.ProcessPacket(encrypted));
   EXPECT_EQ(QUIC_MISSING_PAYLOAD, framer_.error());
   ASSERT_TRUE(visitor_.header_.get());
@@ -1188,21 +1321,31 @@ TEST_P(QuicFramerTest, PacketHeaderWith2BytePacketNumber) {
 
   // Now test framing boundaries.
   for (size_t i = 0;
-       i < GetPacketHeaderSize(PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion,
-                               !kIncludePathId, PACKET_2BYTE_PACKET_NUMBER);
+       i < GetPacketHeaderSize(framer_.version(), PACKET_8BYTE_CONNECTION_ID,
+                               !kIncludeVersion, !kIncludePathId,
+                               !kIncludeDiversificationNonce,
+                               PACKET_2BYTE_PACKET_NUMBER);
        ++i) {
     string expected_error;
     if (i < kConnectionIdOffset) {
       expected_error = "Unable to read public flags.";
     } else if (i < GetPacketNumberOffset(!kIncludeVersion, !kIncludePathId)) {
       expected_error = "Unable to read ConnectionId.";
-    } else if (i < GetPrivateFlagsOffset(!kIncludeVersion, !kIncludePathId,
-                                         PACKET_2BYTE_PACKET_NUMBER)) {
-      expected_error = "Unable to read packet number.";
     } else {
-      expected_error = "Unable to read private flags.";
+      if (framer_.version() <= QUIC_VERSION_33) {
+        if (i < GetPrivateFlagsOffset(!kIncludeVersion, !kIncludePathId,
+                                      PACKET_2BYTE_PACKET_NUMBER)) {
+          expected_error = "Unable to read packet number.";
+        } else {
+          expected_error = "Unable to read private flags.";
+        }
+      } else {
+        expected_error = "Unable to read packet number.";
+      }
     }
-    CheckProcessingFails(packet, i, expected_error, QUIC_INVALID_PACKET_HEADER);
+    CheckProcessingFails(
+        framer_.version() <= QUIC_VERSION_33 ? packet : packet_34, i,
+        expected_error, QUIC_INVALID_PACKET_HEADER);
   }
 }
 
@@ -1212,7 +1355,7 @@ TEST_P(QuicFramerTest, PacketHeaderWith1BytePacketNumber) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (8 byte connection_id and 1 byte packet number)
-    0x0C,
+    0x08,
     // connection_id
     0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
     // packet number
@@ -1220,9 +1363,21 @@ TEST_P(QuicFramerTest, PacketHeaderWith1BytePacketNumber) {
     // private flags
     0x00,
   };
+  unsigned char packet_34[] = {
+    // public flags (8 byte connection_id and 1 byte packet number)
+    0x08,
+    // connection_id
+    0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
+    // packet number
+    0xBC,
+  };
   // clang-format on
 
-  QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false);
+  QuicEncryptedPacket encrypted(
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34),
+      false);
   EXPECT_FALSE(framer_.ProcessPacket(encrypted));
   EXPECT_EQ(QUIC_MISSING_PAYLOAD, framer_.error());
   ASSERT_TRUE(visitor_.header_.get());
@@ -1239,29 +1394,42 @@ TEST_P(QuicFramerTest, PacketHeaderWith1BytePacketNumber) {
 
   // Now test framing boundaries.
   for (size_t i = 0;
-       i < GetPacketHeaderSize(PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion,
-                               !kIncludePathId, PACKET_1BYTE_PACKET_NUMBER);
+       i < GetPacketHeaderSize(framer_.version(), PACKET_8BYTE_CONNECTION_ID,
+                               !kIncludeVersion, !kIncludePathId,
+                               !kIncludeDiversificationNonce,
+                               PACKET_1BYTE_PACKET_NUMBER);
        ++i) {
     string expected_error;
     if (i < kConnectionIdOffset) {
       expected_error = "Unable to read public flags.";
     } else if (i < GetPacketNumberOffset(!kIncludeVersion, !kIncludePathId)) {
       expected_error = "Unable to read ConnectionId.";
-    } else if (i < GetPrivateFlagsOffset(!kIncludeVersion, !kIncludePathId,
-                                         PACKET_1BYTE_PACKET_NUMBER)) {
-      expected_error = "Unable to read packet number.";
     } else {
-      expected_error = "Unable to read private flags.";
+      if (framer_.version() <= QUIC_VERSION_33) {
+        if (i < GetPrivateFlagsOffset(!kIncludeVersion, !kIncludePathId,
+                                      PACKET_1BYTE_PACKET_NUMBER)) {
+          expected_error = "Unable to read packet number.";
+        } else {
+          expected_error = "Unable to read private flags.";
+        }
+      } else {
+        expected_error = "Unable to read packet number.";
+      }
     }
-    CheckProcessingFails(packet, i, expected_error, QUIC_INVALID_PACKET_HEADER);
+    CheckProcessingFails(
+        framer_.version() <= QUIC_VERSION_33 ? packet : packet_34, i,
+        expected_error, QUIC_INVALID_PACKET_HEADER);
   }
 }
 
 TEST_P(QuicFramerTest, InvalidPublicFlag) {
+  if (framer_.version() > QUIC_VERSION_33) {
+    return;
+  }
   // clang-format off
   unsigned char packet[] = {
     // public flags: all flags set but the public reset flag and version flag.
-    0xFC,
+    0xF8,
     // connection_id
     0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
     // packet number
@@ -1284,7 +1452,73 @@ TEST_P(QuicFramerTest, InvalidPublicFlag) {
   EXPECT_TRUE(framer_.ProcessPacket(encrypted));
 };
 
+TEST_P(QuicFramerTest, PacketWithDiversificationNonce) {
+  // clang-format off
+  unsigned char packet[] = {
+    // public flags: includes nonce flag
+    0x7C,
+    // connection_id
+    0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
+    // nonce
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+    0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+    0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+    // packet number
+    0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12,
+    // private flags
+    0x00,
+
+    // frame type (padding)
+    0x00,
+    0x00, 0x00, 0x00, 0x00
+  };
+  unsigned char packet_34[] = {
+    // public flags: includes nonce flag
+    0x7C,
+    // connection_id
+    0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
+    // nonce
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+    0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+    0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+    // packet number
+    0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12,
+
+    // frame type (padding)
+    0x00,
+    0x00, 0x00, 0x00, 0x00
+  };
+  // clang-format on
+
+  QuicEncryptedPacket encrypted(
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34),
+      false);
+  QuicFramerPeer::SetPerspective(&framer_, Perspective::IS_CLIENT);
+  if (framer_.version() > QUIC_VERSION_32) {
+    EXPECT_TRUE(framer_.ProcessPacket(encrypted));
+    ASSERT_TRUE(visitor_.public_header_->nonce != nullptr);
+    for (char i = 0; i < 32; ++i) {
+      EXPECT_EQ(i, (*visitor_.public_header_->nonce)[static_cast<int>(i)]);
+    }
+  } else if (framer_.version() < QUIC_VERSION_32) {
+    // Packet is successfully parsed by accident.
+    EXPECT_TRUE(framer_.ProcessPacket(encrypted));
+    ASSERT_TRUE(visitor_.public_header_ != nullptr);
+  } else {
+    EXPECT_FALSE(framer_.ProcessPacket(encrypted));
+    EXPECT_EQ(QUIC_INVALID_PACKET_HEADER, framer_.error());
+    EXPECT_EQ("Illegal private flags value.", framer_.detailed_error());
+  }
+};
+
 TEST_P(QuicFramerTest, InvalidPublicFlagWithMatchingVersions) {
+  if (framer_.version() > QUIC_VERSION_33) {
+    return;
+  }
   // clang-format off
   unsigned char packet[] = {
     // public flags (8 byte connection_id and version flag and an unknown flag)
@@ -1313,7 +1547,7 @@ TEST_P(QuicFramerTest, LargePublicFlagWithMismatchedVersions) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (8 byte connection_id, version flag and an unknown flag)
-    0x7D,
+    0x79,
     // connection_id
     0x10, 0x32, 0x54, 0x76,
     0x98, 0xBA, 0xDC, 0xFE,
@@ -1329,8 +1563,28 @@ TEST_P(QuicFramerTest, LargePublicFlagWithMismatchedVersions) {
     0x00,
     0x00, 0x00, 0x00, 0x00
   };
+  unsigned char packet_34[] = {
+    // public flags (8 byte connection_id, version flag and an unknown flag)
+    0x79,
+    // connection_id
+    0x10, 0x32, 0x54, 0x76,
+    0x98, 0xBA, 0xDC, 0xFE,
+    // version tag
+    'Q', '0', '0', '0',
+    // packet number
+    0xBC, 0x9A, 0x78, 0x56,
+    0x34, 0x12,
+
+    // frame type (padding frame)
+    0x00,
+    0x00, 0x00, 0x00, 0x00
+  };
   // clang-format on
-  QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false);
+  QuicEncryptedPacket encrypted(
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34),
+      false);
   EXPECT_TRUE(framer_.ProcessPacket(encrypted));
   EXPECT_EQ(QUIC_NO_ERROR, framer_.error());
   ASSERT_TRUE(visitor_.header_.get());
@@ -1339,10 +1593,13 @@ TEST_P(QuicFramerTest, LargePublicFlagWithMismatchedVersions) {
 };
 
 TEST_P(QuicFramerTest, InvalidPrivateFlag) {
+  if (framer_.version() > QUIC_VERSION_33) {
+    return;
+  }
   // clang-format off
   unsigned char packet[] = {
     // public flags (8 byte connection_id)
-    0x3C,
+    0x38,
     // connection_id
     0x10, 0x32, 0x54, 0x76,
     0x98, 0xBA, 0xDC, 0xFE,
@@ -1363,10 +1620,13 @@ TEST_P(QuicFramerTest, InvalidPrivateFlag) {
 };
 
 TEST_P(QuicFramerTest, InvalidFECGroupOffset) {
+  if (framer_.version() > QUIC_VERSION_33) {
+    return;
+  }
   // clang-format off
   unsigned char packet[] = {
     // public flags (8 byte connection_id)
-    0x3C,
+    0x38,
     // connection_id
     0x10, 0x32, 0x54, 0x76,
     0x98, 0xBA, 0xDC, 0xFE,
@@ -1395,7 +1655,7 @@ TEST_P(QuicFramerTest, PaddingFrame) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (8 byte connection_id)
-    0x3C,
+    0x38,
     // connection_id
     0x10, 0x32, 0x54, 0x76,
     0x98, 0xBA, 0xDC, 0xFE,
@@ -1422,20 +1682,54 @@ TEST_P(QuicFramerTest, PaddingFrame) {
     'o',  ' ',  'w',  'o',
     'r',  'l',  'd',  '!',
   };
+  unsigned char packet_34[] = {
+    // public flags (8 byte connection_id)
+    0x38,
+    // connection_id
+    0x10, 0x32, 0x54, 0x76,
+    0x98, 0xBA, 0xDC, 0xFE,
+    // packet number
+    0xBC, 0x9A, 0x78, 0x56,
+    0x34, 0x12,
+
+    // frame type (padding frame)
+    0x00,
+    // Ignored data (which in this case is a stream frame)
+    // frame type (stream frame with fin)
+    0xFF,
+    // stream id
+    0x04, 0x03, 0x02, 0x01,
+    // offset
+    0x54, 0x76, 0x10, 0x32,
+    0xDC, 0xFE, 0x98, 0xBA,
+    // data length
+    0x0c, 0x00,
+    // data
+    'h',  'e',  'l',  'l',
+    'o',  ' ',  'w',  'o',
+    'r',  'l',  'd',  '!',
+  };
   // clang-format on
 
-  QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false);
+  QuicEncryptedPacket encrypted(
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34),
+      false);
   EXPECT_TRUE(framer_.ProcessPacket(encrypted));
   EXPECT_EQ(QUIC_NO_ERROR, framer_.error());
   ASSERT_TRUE(visitor_.header_.get());
-  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId));
+  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId,
+                              !kIncludeDiversificationNonce));
 
   ASSERT_EQ(0u, visitor_.stream_frames_.size());
   EXPECT_EQ(0u, visitor_.ack_frames_.size());
   // A packet with no frames is not acceptable.
   CheckProcessingFails(
-      packet, GetPacketHeaderSize(PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion,
-                                  !kIncludePathId, PACKET_6BYTE_PACKET_NUMBER),
+      packet, GetPacketHeaderSize(framer_.version(), PACKET_8BYTE_CONNECTION_ID,
+                                  !kIncludeVersion, !kIncludePathId,
+                                  !kIncludeDiversificationNonce,
+                                  PACKET_6BYTE_PACKET_NUMBER),
       "Packet has no frames.", QUIC_MISSING_PAYLOAD);
 }
 
@@ -1443,7 +1737,7 @@ TEST_P(QuicFramerTest, StreamFrame) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (8 byte connection_id)
-    0x3C,
+    0x38,
     // connection_id
     0x10, 0x32, 0x54, 0x76,
     0x98, 0xBA, 0xDC, 0xFE,
@@ -1467,14 +1761,43 @@ TEST_P(QuicFramerTest, StreamFrame) {
     'o',  ' ',  'w',  'o',
     'r',  'l',  'd',  '!',
   };
+  unsigned char packet_34[] = {
+      // public flags (8 byte connection_id)
+      0x38,
+      // connection_id
+      0x10, 0x32, 0x54, 0x76,
+      0x98, 0xBA, 0xDC, 0xFE,
+      // packet number
+      0xBC, 0x9A, 0x78, 0x56,
+      0x34, 0x12,
+
+      // frame type (stream frame with fin)
+      0xFF,
+      // stream id
+      0x04, 0x03, 0x02, 0x01,
+      // offset
+      0x54, 0x76, 0x10, 0x32,
+      0xDC, 0xFE, 0x98, 0xBA,
+      // data length
+      0x0c, 0x00,
+      // data
+      'h',  'e',  'l',  'l',
+      'o',  ' ',  'w',  'o',
+      'r',  'l',  'd',  '!',
+  };
   // clang-format on
 
-  QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false);
+  QuicEncryptedPacket encrypted(
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34),
+      false);
   EXPECT_TRUE(framer_.ProcessPacket(encrypted));
 
   EXPECT_EQ(QUIC_NO_ERROR, framer_.error());
   ASSERT_TRUE(visitor_.header_.get());
-  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId));
+  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId,
+                              !kIncludeDiversificationNonce));
 
   ASSERT_EQ(1u, visitor_.stream_frames_.size());
   EXPECT_EQ(0u, visitor_.ack_frames_.size());
@@ -1484,14 +1807,16 @@ TEST_P(QuicFramerTest, StreamFrame) {
   CheckStreamFrameData("hello world!", visitor_.stream_frames_[0]);
 
   // Now test framing boundaries.
-  CheckStreamFrameBoundaries(packet, kQuicMaxStreamIdSize, !kIncludeVersion);
+  CheckStreamFrameBoundaries(
+      framer_.version() <= QUIC_VERSION_33 ? packet : packet_34,
+      kQuicMaxStreamIdSize, !kIncludeVersion);
 }
 
 TEST_P(QuicFramerTest, StreamFrame3ByteStreamId) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (8 byte connection_id)
-    0x3C,
+    0x38,
     // connection_id
     0x10, 0x32, 0x54, 0x76,
     0x98, 0xBA, 0xDC, 0xFE,
@@ -1515,14 +1840,43 @@ TEST_P(QuicFramerTest, StreamFrame3ByteStreamId) {
     'o',  ' ',  'w',  'o',
     'r',  'l',  'd',  '!',
   };
+  unsigned char packet_34[] = {
+    // public flags (8 byte connection_id)
+    0x38,
+    // connection_id
+    0x10, 0x32, 0x54, 0x76,
+    0x98, 0xBA, 0xDC, 0xFE,
+    // packet number
+    0xBC, 0x9A, 0x78, 0x56,
+    0x34, 0x12,
+
+    // frame type (stream frame with fin)
+    0xFE,
+    // stream id
+    0x04, 0x03, 0x02,
+    // offset
+    0x54, 0x76, 0x10, 0x32,
+    0xDC, 0xFE, 0x98, 0xBA,
+    // data length
+    0x0c, 0x00,
+    // data
+    'h',  'e',  'l',  'l',
+    'o',  ' ',  'w',  'o',
+    'r',  'l',  'd',  '!',
+  };
   // clang-format on
 
-  QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false);
+  QuicEncryptedPacket encrypted(
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34),
+      false);
   EXPECT_TRUE(framer_.ProcessPacket(encrypted));
 
   EXPECT_EQ(QUIC_NO_ERROR, framer_.error());
   ASSERT_TRUE(visitor_.header_.get());
-  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId));
+  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId,
+                              !kIncludeDiversificationNonce));
 
   ASSERT_EQ(1u, visitor_.stream_frames_.size());
   EXPECT_EQ(0u, visitor_.ack_frames_.size());
@@ -1534,14 +1888,16 @@ TEST_P(QuicFramerTest, StreamFrame3ByteStreamId) {
 
   // Now test framing boundaries.
   const size_t stream_id_size = 3;
-  CheckStreamFrameBoundaries(packet, stream_id_size, !kIncludeVersion);
+  CheckStreamFrameBoundaries(
+      framer_.version() <= QUIC_VERSION_33 ? packet : packet_34, stream_id_size,
+      !kIncludeVersion);
 }
 
 TEST_P(QuicFramerTest, StreamFrame2ByteStreamId) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (8 byte connection_id)
-    0x3C,
+    0x38,
     // connection_id
     0x10, 0x32, 0x54, 0x76,
     0x98, 0xBA, 0xDC, 0xFE,
@@ -1565,14 +1921,43 @@ TEST_P(QuicFramerTest, StreamFrame2ByteStreamId) {
     'o',  ' ',  'w',  'o',
     'r',  'l',  'd',  '!',
   };
+  unsigned char packet_34[] = {
+    // public flags (8 byte connection_id)
+    0x38,
+    // connection_id
+    0x10, 0x32, 0x54, 0x76,
+    0x98, 0xBA, 0xDC, 0xFE,
+    // packet number
+    0xBC, 0x9A, 0x78, 0x56,
+    0x34, 0x12,
+
+    // frame type (stream frame with fin)
+    0xFD,
+    // stream id
+    0x04, 0x03,
+    // offset
+    0x54, 0x76, 0x10, 0x32,
+    0xDC, 0xFE, 0x98, 0xBA,
+    // data length
+    0x0c, 0x00,
+    // data
+    'h',  'e',  'l',  'l',
+    'o',  ' ',  'w',  'o',
+    'r',  'l',  'd',  '!',
+  };
   // clang-format on
 
-  QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false);
+  QuicEncryptedPacket encrypted(
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34),
+      false);
   EXPECT_TRUE(framer_.ProcessPacket(encrypted));
 
   EXPECT_EQ(QUIC_NO_ERROR, framer_.error());
   ASSERT_TRUE(visitor_.header_.get());
-  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId));
+  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId,
+                              !kIncludeDiversificationNonce));
 
   ASSERT_EQ(1u, visitor_.stream_frames_.size());
   EXPECT_EQ(0u, visitor_.ack_frames_.size());
@@ -1584,14 +1969,16 @@ TEST_P(QuicFramerTest, StreamFrame2ByteStreamId) {
 
   // Now test framing boundaries.
   const size_t stream_id_size = 2;
-  CheckStreamFrameBoundaries(packet, stream_id_size, !kIncludeVersion);
+  CheckStreamFrameBoundaries(
+      framer_.version() <= QUIC_VERSION_33 ? packet : packet_34, stream_id_size,
+      !kIncludeVersion);
 }
 
 TEST_P(QuicFramerTest, StreamFrame1ByteStreamId) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (8 byte connection_id)
-    0x3C,
+    0x38,
     // connection_id
     0x10, 0x32, 0x54, 0x76,
     0x98, 0xBA, 0xDC, 0xFE,
@@ -1615,14 +2002,43 @@ TEST_P(QuicFramerTest, StreamFrame1ByteStreamId) {
     'o',  ' ',  'w',  'o',
     'r',  'l',  'd',  '!',
   };
+  unsigned char packet_34[] = {
+    // public flags (8 byte connection_id)
+    0x38,
+    // connection_id
+    0x10, 0x32, 0x54, 0x76,
+    0x98, 0xBA, 0xDC, 0xFE,
+    // packet number
+    0xBC, 0x9A, 0x78, 0x56,
+    0x34, 0x12,
+
+    // frame type (stream frame with fin)
+    0xFC,
+    // stream id
+    0x04,
+    // offset
+    0x54, 0x76, 0x10, 0x32,
+    0xDC, 0xFE, 0x98, 0xBA,
+    // data length
+    0x0c, 0x00,
+    // data
+    'h',  'e',  'l',  'l',
+    'o',  ' ',  'w',  'o',
+    'r',  'l',  'd',  '!',
+  };
   // clang-format on
 
-  QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false);
+  QuicEncryptedPacket encrypted(
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34),
+      false);
   EXPECT_TRUE(framer_.ProcessPacket(encrypted));
 
   EXPECT_EQ(QUIC_NO_ERROR, framer_.error());
   ASSERT_TRUE(visitor_.header_.get());
-  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId));
+  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId,
+                              !kIncludeDiversificationNonce));
 
   ASSERT_EQ(1u, visitor_.stream_frames_.size());
   EXPECT_EQ(0u, visitor_.ack_frames_.size());
@@ -1634,14 +2050,16 @@ TEST_P(QuicFramerTest, StreamFrame1ByteStreamId) {
 
   // Now test framing boundaries.
   const size_t stream_id_size = 1;
-  CheckStreamFrameBoundaries(packet, stream_id_size, !kIncludeVersion);
+  CheckStreamFrameBoundaries(
+      framer_.version() <= QUIC_VERSION_33 ? packet : packet_34, stream_id_size,
+      !kIncludeVersion);
 }
 
 TEST_P(QuicFramerTest, StreamFrameWithVersion) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (version, 8 byte connection_id)
-    0x3D,
+    0x39,
     // connection_id
     0x10, 0x32, 0x54, 0x76,
     0x98, 0xBA, 0xDC, 0xFE,
@@ -1667,16 +2085,47 @@ TEST_P(QuicFramerTest, StreamFrameWithVersion) {
     'o',  ' ',  'w',  'o',
     'r',  'l',  'd',  '!',
   };
+  unsigned char packet_34[] = {
+    // public flags (version, 8 byte connection_id)
+    0x39,
+    // connection_id
+    0x10, 0x32, 0x54, 0x76,
+    0x98, 0xBA, 0xDC, 0xFE,
+    // version tag
+    'Q', '0', GetQuicVersionDigitTens(), GetQuicVersionDigitOnes(),
+    // packet number
+    0xBC, 0x9A, 0x78, 0x56,
+    0x34, 0x12,
+
+    // frame type (stream frame with fin)
+    0xFF,
+    // stream id
+    0x04, 0x03, 0x02, 0x01,
+    // offset
+    0x54, 0x76, 0x10, 0x32,
+    0xDC, 0xFE, 0x98, 0xBA,
+    // data length
+    0x0c, 0x00,
+    // data
+    'h',  'e',  'l',  'l',
+    'o',  ' ',  'w',  'o',
+    'r',  'l',  'd',  '!',
+  };
   // clang-format on
 
-  QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false);
+  QuicEncryptedPacket encrypted(
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34),
+      false);
   EXPECT_TRUE(framer_.ProcessPacket(encrypted));
 
   EXPECT_EQ(QUIC_NO_ERROR, framer_.error());
   ASSERT_TRUE(visitor_.header_.get());
   EXPECT_TRUE(visitor_.header_->public_header.version_flag);
   EXPECT_EQ(GetParam(), visitor_.header_->public_header.versions[0]);
-  EXPECT_TRUE(CheckDecryption(encrypted, kIncludeVersion, !kIncludePathId));
+  EXPECT_TRUE(CheckDecryption(encrypted, kIncludeVersion, !kIncludePathId,
+                              !kIncludeDiversificationNonce));
 
   ASSERT_EQ(1u, visitor_.stream_frames_.size());
   EXPECT_EQ(0u, visitor_.ack_frames_.size());
@@ -1686,7 +2135,9 @@ TEST_P(QuicFramerTest, StreamFrameWithVersion) {
   CheckStreamFrameData("hello world!", visitor_.stream_frames_[0]);
 
   // Now test framing boundaries.
-  CheckStreamFrameBoundaries(packet, kQuicMaxStreamIdSize, kIncludeVersion);
+  CheckStreamFrameBoundaries(
+      framer_.version() <= QUIC_VERSION_33 ? packet : packet_34,
+      kQuicMaxStreamIdSize, kIncludeVersion);
 }
 
 TEST_P(QuicFramerTest, RejectPacket) {
@@ -1695,7 +2146,7 @@ TEST_P(QuicFramerTest, RejectPacket) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (8 byte connection_id)
-    0x3C,
+    0x38,
     // connection_id
     0x10, 0x32, 0x54, 0x76,
     0x98, 0xBA, 0xDC, 0xFE,
@@ -1719,14 +2170,43 @@ TEST_P(QuicFramerTest, RejectPacket) {
     'o',  ' ',  'w',  'o',
     'r',  'l',  'd',  '!',
   };
+  unsigned char packet_34[] = {
+      // public flags (8 byte connection_id)
+      0x38,
+      // connection_id
+      0x10, 0x32, 0x54, 0x76,
+      0x98, 0xBA, 0xDC, 0xFE,
+      // packet number
+      0xBC, 0x9A, 0x78, 0x56,
+      0x34, 0x12,
+
+      // frame type (stream frame with fin)
+      0xFF,
+      // stream id
+      0x04, 0x03, 0x02, 0x01,
+      // offset
+      0x54, 0x76, 0x10, 0x32,
+      0xDC, 0xFE, 0x98, 0xBA,
+      // data length
+      0x0c, 0x00,
+      // data
+      'h',  'e',  'l',  'l',
+      'o',  ' ',  'w',  'o',
+      'r',  'l',  'd',  '!',
+  };
   // clang-format on
 
-  QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false);
+  QuicEncryptedPacket encrypted(
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34),
+      false);
   EXPECT_TRUE(framer_.ProcessPacket(encrypted));
 
   EXPECT_EQ(QUIC_NO_ERROR, framer_.error());
   ASSERT_TRUE(visitor_.header_.get());
-  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId));
+  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId,
+                              !kIncludeDiversificationNonce));
 
   ASSERT_EQ(0u, visitor_.stream_frames_.size());
   EXPECT_EQ(0u, visitor_.ack_frames_.size());
@@ -1738,7 +2218,7 @@ TEST_P(QuicFramerTest, RejectPublicHeader) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (8 byte connection_id)
-    0x3C,
+    0x38,
     // connection_id
     0x10, 0x32, 0x54, 0x76,
     0x98, 0xBA, 0xDC, 0xFE,
@@ -1757,7 +2237,7 @@ TEST_P(QuicFramerTest, AckFrameTwoTimestamp) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (8 byte connection_id)
-    0x3C,
+    0x38,
     // connection_id
     0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
     // packet number
@@ -1804,16 +2284,17 @@ TEST_P(QuicFramerTest, AckFrameTwoTimestamp) {
 
   EXPECT_EQ(QUIC_NO_ERROR, framer_.error());
   ASSERT_TRUE(visitor_.header_.get());
-  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId));
+  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId,
+                              !kIncludeDiversificationNonce));
 
   EXPECT_EQ(0u, visitor_.stream_frames_.size());
   ASSERT_EQ(1u, visitor_.ack_frames_.size());
   const QuicAckFrame& frame = *visitor_.ack_frames_[0];
   EXPECT_EQ(0xBA, frame.entropy_hash);
   EXPECT_EQ(kLargestObserved, frame.largest_observed);
-  ASSERT_EQ(1u, frame.missing_packets.NumPacketsSlow());
+  ASSERT_EQ(1u, frame.packets.NumPacketsSlow());
   ASSERT_EQ(2u, frame.received_packet_times.size());
-  EXPECT_EQ(kMissingPacket, frame.missing_packets.Min());
+  EXPECT_EQ(kMissingPacket, frame.packets.Min());
 
   const size_t kReceivedEntropyOffset = kQuicFrameTypeSize;
   const size_t kLargestObservedOffset =
@@ -1871,8 +2352,10 @@ TEST_P(QuicFramerTest, AckFrameTwoTimestamp) {
     }
     CheckProcessingFails(
         packet,
-        i + GetPacketHeaderSize(PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion,
-                                !kIncludePathId, PACKET_6BYTE_PACKET_NUMBER),
+        i + GetPacketHeaderSize(framer_.version(), PACKET_8BYTE_CONNECTION_ID,
+                                !kIncludeVersion, !kIncludePathId,
+                                !kIncludeDiversificationNonce,
+                                PACKET_6BYTE_PACKET_NUMBER),
         expected_error, QUIC_INVALID_ACK_DATA);
   }
 }
@@ -1917,7 +2400,8 @@ TEST_P(QuicFramerTest, AckFrameTwoTimestampVersion32) {
   };
   // clang-format on
 
-  if (framer_.version() <= QUIC_VERSION_31) {
+  if (framer_.version() <= QUIC_VERSION_31 ||
+      framer_.version() > QUIC_VERSION_33) {
     return;
   }
 
@@ -1926,16 +2410,17 @@ TEST_P(QuicFramerTest, AckFrameTwoTimestampVersion32) {
 
   EXPECT_EQ(QUIC_NO_ERROR, framer_.error());
   ASSERT_TRUE(visitor_.header_.get());
-  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId));
+  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId,
+                              !kIncludeDiversificationNonce));
 
   EXPECT_EQ(0u, visitor_.stream_frames_.size());
   ASSERT_EQ(1u, visitor_.ack_frames_.size());
   const QuicAckFrame& frame = *visitor_.ack_frames_[0];
   EXPECT_EQ(0xBA, frame.entropy_hash);
   EXPECT_EQ(kLargestObserved, frame.largest_observed);
-  ASSERT_EQ(1u, frame.missing_packets.NumPacketsSlow());
+  ASSERT_EQ(1u, frame.packets.NumPacketsSlow());
   ASSERT_EQ(2u, frame.received_packet_times.size());
-  EXPECT_EQ(kMissingPacket, frame.missing_packets.Min());
+  EXPECT_EQ(kMissingPacket, frame.packets.Min());
 
   const size_t kReceivedEntropyOffset = kQuicFrameTypeSize;
   const size_t kLargestObservedOffset =
@@ -1984,8 +2469,10 @@ TEST_P(QuicFramerTest, AckFrameTwoTimestampVersion32) {
     }
     CheckProcessingFails(
         packet,
-        i + GetPacketHeaderSize(PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion,
-                                !kIncludePathId, PACKET_6BYTE_PACKET_NUMBER),
+        i + GetPacketHeaderSize(framer_.version(), PACKET_8BYTE_CONNECTION_ID,
+                                !kIncludeVersion, !kIncludePathId,
+                                !kIncludeDiversificationNonce,
+                                PACKET_6BYTE_PACKET_NUMBER),
         expected_error, QUIC_INVALID_ACK_DATA);
   }
 }
@@ -1994,7 +2481,7 @@ TEST_P(QuicFramerTest, AckFrameOneTimestamp) {
   // clang-format off
   unsigned char packet[] = {
       // public flags (8 byte connection_id)
-      0x3C,
+      0x38,
       // connection_id
       0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
       // packet number
@@ -2037,16 +2524,17 @@ TEST_P(QuicFramerTest, AckFrameOneTimestamp) {
 
   EXPECT_EQ(QUIC_NO_ERROR, framer_.error());
   ASSERT_TRUE(visitor_.header_.get());
-  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId));
+  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId,
+                              !kIncludeDiversificationNonce));
 
   EXPECT_EQ(0u, visitor_.stream_frames_.size());
   ASSERT_EQ(1u, visitor_.ack_frames_.size());
   const QuicAckFrame& frame = *visitor_.ack_frames_[0];
   EXPECT_EQ(0xBA, frame.entropy_hash);
   EXPECT_EQ(kLargestObserved, frame.largest_observed);
-  ASSERT_EQ(1u, frame.missing_packets.NumPacketsSlow());
+  ASSERT_EQ(1u, frame.packets.NumPacketsSlow());
   ASSERT_EQ(1u, frame.received_packet_times.size());
-  EXPECT_EQ(kMissingPacket, frame.missing_packets.Min());
+  EXPECT_EQ(kMissingPacket, frame.packets.Min());
 
   const size_t kReceivedEntropyOffset = kQuicFrameTypeSize;
   const size_t kLargestObservedOffset =
@@ -2094,8 +2582,10 @@ TEST_P(QuicFramerTest, AckFrameOneTimestamp) {
     }
     CheckProcessingFails(
         packet,
-        i + GetPacketHeaderSize(PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion,
-                                !kIncludePathId, PACKET_6BYTE_PACKET_NUMBER),
+        i + GetPacketHeaderSize(framer_.version(), PACKET_8BYTE_CONNECTION_ID,
+                                !kIncludeVersion, !kIncludePathId,
+                                !kIncludeDiversificationNonce,
+                                PACKET_6BYTE_PACKET_NUMBER),
         expected_error, QUIC_INVALID_ACK_DATA);
   }
 }
@@ -2136,7 +2626,8 @@ TEST_P(QuicFramerTest, AckFrameOneTimestampVersion32) {
   };
   // clang-format on
 
-  if (framer_.version() <= QUIC_VERSION_31) {
+  if (framer_.version() <= QUIC_VERSION_31 ||
+      framer_.version() > QUIC_VERSION_33) {
     return;
   }
 
@@ -2145,16 +2636,17 @@ TEST_P(QuicFramerTest, AckFrameOneTimestampVersion32) {
 
   EXPECT_EQ(QUIC_NO_ERROR, framer_.error());
   ASSERT_TRUE(visitor_.header_.get());
-  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId));
+  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId,
+                              !kIncludeDiversificationNonce));
 
   EXPECT_EQ(0u, visitor_.stream_frames_.size());
   ASSERT_EQ(1u, visitor_.ack_frames_.size());
   const QuicAckFrame& frame = *visitor_.ack_frames_[0];
   EXPECT_EQ(0xBA, frame.entropy_hash);
   EXPECT_EQ(kLargestObserved, frame.largest_observed);
-  ASSERT_EQ(1u, frame.missing_packets.NumPacketsSlow());
+  ASSERT_EQ(1u, frame.packets.NumPacketsSlow());
   ASSERT_EQ(1u, frame.received_packet_times.size());
-  EXPECT_EQ(kMissingPacket, frame.missing_packets.Min());
+  EXPECT_EQ(kMissingPacket, frame.packets.Min());
 
   const size_t kReceivedEntropyOffset = kQuicFrameTypeSize;
   const size_t kLargestObservedOffset =
@@ -2193,8 +2685,10 @@ TEST_P(QuicFramerTest, AckFrameOneTimestampVersion32) {
     }
     CheckProcessingFails(
         packet,
-        i + GetPacketHeaderSize(PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion,
-                                !kIncludePathId, PACKET_6BYTE_PACKET_NUMBER),
+        i + GetPacketHeaderSize(framer_.version(), PACKET_8BYTE_CONNECTION_ID,
+                                !kIncludeVersion, !kIncludePathId,
+                                !kIncludeDiversificationNonce,
+                                PACKET_6BYTE_PACKET_NUMBER),
         expected_error, QUIC_INVALID_ACK_DATA);
   }
 }
@@ -2242,15 +2736,16 @@ TEST_P(QuicFramerTest, AckFrame) {
 
   EXPECT_EQ(QUIC_NO_ERROR, framer_.error());
   ASSERT_TRUE(visitor_.header_.get());
-  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId));
+  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId,
+                              !kIncludeDiversificationNonce));
 
   EXPECT_EQ(0u, visitor_.stream_frames_.size());
   ASSERT_EQ(1u, visitor_.ack_frames_.size());
   const QuicAckFrame& frame = *visitor_.ack_frames_[0];
   EXPECT_EQ(0xBA, frame.entropy_hash);
   EXPECT_EQ(kLargestObserved, frame.largest_observed);
-  ASSERT_EQ(1u, frame.missing_packets.NumPacketsSlow());
-  EXPECT_EQ(kMissingPacket, frame.missing_packets.Min());
+  ASSERT_EQ(1u, frame.packets.NumPacketsSlow());
+  EXPECT_EQ(kMissingPacket, frame.packets.Min());
 
   const size_t kReceivedEntropyOffset = kQuicFrameTypeSize;
   const size_t kLargestObservedOffset =
@@ -2291,13 +2786,15 @@ TEST_P(QuicFramerTest, AckFrame) {
     }
     CheckProcessingFails(
         packet,
-        i + GetPacketHeaderSize(PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion,
-                                !kIncludePathId, PACKET_6BYTE_PACKET_NUMBER),
+        i + GetPacketHeaderSize(framer_.version(), PACKET_8BYTE_CONNECTION_ID,
+                                !kIncludeVersion, !kIncludePathId,
+                                !kIncludeDiversificationNonce,
+                                PACKET_6BYTE_PACKET_NUMBER),
         expected_error, QUIC_INVALID_ACK_DATA);
   }
 }
 
-TEST_P(QuicFramerTest, AckFrameVersion32) {
+TEST_P(QuicFramerTest, NewAckFrameOneAckBlock) {
   // clang-format off
   unsigned char packet[] = {
       // public flags (8 byte connection_id)
@@ -2305,6 +2802,231 @@ TEST_P(QuicFramerTest, AckFrameVersion32) {
       // connection_id
       0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
       // packet number
+      0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12,
+
+      // frame type (ack frame)
+      // (one ack block, 2 byte largest observed, 2 byte block length)
+      0x45,
+      // largest acked
+      0x34, 0x12,
+      // Zero delta time.
+      0x00, 0x00,
+      // first ack block length.
+      0x34, 0x12,
+      // num timestamps.
+      0x00,
+  };
+  // clang-format on
+
+  if (framer_.version() <= QUIC_VERSION_33) {
+    return;
+  }
+
+  QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false);
+  EXPECT_TRUE(framer_.ProcessPacket(encrypted));
+
+  EXPECT_EQ(QUIC_NO_ERROR, framer_.error());
+  ASSERT_TRUE(visitor_.header_.get());
+  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId,
+                              !kIncludeDiversificationNonce));
+
+  EXPECT_EQ(0u, visitor_.stream_frames_.size());
+  ASSERT_EQ(1u, visitor_.ack_frames_.size());
+  const QuicAckFrame& frame = *visitor_.ack_frames_[0];
+  EXPECT_EQ(kSmallLargestObserved, frame.largest_observed);
+  EXPECT_FALSE(frame.missing);
+  ASSERT_EQ(4660u, frame.packets.NumPacketsSlow());
+
+  const size_t kLargestAckedOffset = kQuicFrameTypeSize;
+  const size_t kLargestAckedDeltaTimeOffset =
+      kLargestAckedOffset + PACKET_2BYTE_PACKET_NUMBER;
+  const size_t kFirstAckBlockLengthOffset =
+      kLargestAckedDeltaTimeOffset + kQuicDeltaTimeLargestObservedSize;
+  const size_t kNumTimestampsOffset =
+      kFirstAckBlockLengthOffset + PACKET_2BYTE_PACKET_NUMBER;
+  // Now test framing boundaries.
+  const size_t ack_frame_size =
+      kFirstAckBlockLengthOffset + PACKET_2BYTE_PACKET_NUMBER;
+  for (size_t i = kQuicFrameTypeSize; i < ack_frame_size; ++i) {
+    string expected_error;
+    if (i < kLargestAckedDeltaTimeOffset) {
+      expected_error = "Unable to read largest acked.";
+    } else if (i < kFirstAckBlockLengthOffset) {
+      expected_error = "Unable to read ack delay time.";
+    } else if (i < kNumTimestampsOffset) {
+      expected_error = "Unable to read first ack block length.";
+    } else {
+      expected_error = "Unable to read num received packets.";
+    }
+    CheckProcessingFails(
+        packet,
+        i + GetPacketHeaderSize(framer_.version(), PACKET_8BYTE_CONNECTION_ID,
+                                !kIncludeVersion, !kIncludePathId,
+                                !kIncludeDiversificationNonce,
+                                PACKET_6BYTE_PACKET_NUMBER),
+        expected_error, QUIC_INVALID_ACK_DATA);
+  }
+}
+
+TEST_P(QuicFramerTest, NewAckFrameTwoTimeStampsMultipleAckBlocks) {
+  // clang-format off
+  unsigned char packet[] = {
+      // public flags (8 byte connection_id)
+      0x3C,
+      // connection_id
+      0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
+      // packet number
+      0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12,
+
+      // frame type (ack frame)
+      // (more than one ack block, 2 byte largest observed, 2 byte block length)
+      0x65,
+      // largest acked
+      0x34, 0x12,
+      // Zero delta time.
+      0x00, 0x00,
+      // num ack blocks ranges.
+      0x04,
+      // first ack block length.
+      0x01, 0x00,
+      // gap to next block.
+      0x01,
+      // ack block length.
+      0xaf, 0x0e,
+      // gap to next block.
+      0xff,
+      // ack block length.
+      0x00, 0x00,
+      // gap to next block.
+      0x91,
+      // ack block length.
+      0xea, 0x01,
+      // gap to next block.
+      0x05,
+      // ack block length.
+      0x04, 0x00,
+      // Number of timestamps.
+      0x02,
+      // Delta from largest observed.
+      0x01,
+      // Delta time.
+      0x10, 0x32, 0x54, 0x76,
+      // Delta from largest observed.
+      0x02,
+      // Delta time.
+      0x10, 0x32,
+  };
+  // clang-format on
+
+  if (framer_.version() <= QUIC_VERSION_33) {
+    return;
+  }
+
+  QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false);
+  EXPECT_TRUE(framer_.ProcessPacket(encrypted));
+
+  EXPECT_EQ(QUIC_NO_ERROR, framer_.error());
+  ASSERT_TRUE(visitor_.header_.get());
+  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId,
+                              !kIncludeDiversificationNonce));
+
+  EXPECT_EQ(0u, visitor_.stream_frames_.size());
+  ASSERT_EQ(1u, visitor_.ack_frames_.size());
+  const QuicAckFrame& frame = *visitor_.ack_frames_[0];
+  EXPECT_EQ(kSmallLargestObserved, frame.largest_observed);
+  EXPECT_FALSE(frame.missing);
+  ASSERT_EQ(4254u, frame.packets.NumPacketsSlow());
+
+  const size_t kLargestAckedOffset = kQuicFrameTypeSize;
+  const size_t kLargestAckedDeltaTimeOffset =
+      kLargestAckedOffset + PACKET_2BYTE_PACKET_NUMBER;
+  const size_t kNumberOfAckBlocksOffset =
+      kLargestAckedDeltaTimeOffset + kQuicDeltaTimeLargestObservedSize;
+  const size_t kFirstAckBlockLengthOffset =
+      kNumberOfAckBlocksOffset + kNumberOfAckBlocksSize;
+  const size_t kGapToNextBlockOffset1 =
+      kFirstAckBlockLengthOffset + PACKET_2BYTE_PACKET_NUMBER;
+  const size_t kAckBlockLengthOffset1 = kGapToNextBlockOffset1 + 1;
+  const size_t kGapToNextBlockOffset2 =
+      kAckBlockLengthOffset1 + PACKET_2BYTE_PACKET_NUMBER;
+  const size_t kAckBlockLengthOffset2 = kGapToNextBlockOffset2 + 1;
+  const size_t kGapToNextBlockOffset3 =
+      kAckBlockLengthOffset2 + PACKET_2BYTE_PACKET_NUMBER;
+  const size_t kAckBlockLengthOffset3 = kGapToNextBlockOffset3 + 1;
+  const size_t kGapToNextBlockOffset4 =
+      kAckBlockLengthOffset3 + PACKET_2BYTE_PACKET_NUMBER;
+  const size_t kAckBlockLengthOffset4 = kGapToNextBlockOffset3 + 1;
+  const size_t kNumTimestampsOffset =
+      kAckBlockLengthOffset4 + PACKET_2BYTE_PACKET_NUMBER;
+  const size_t kTimestampDeltaLargestObserved1 =
+      kNumTimestampsOffset + kQuicNumTimestampsSize;
+  const size_t kTimestampTimeDeltaLargestObserved1 =
+      kTimestampDeltaLargestObserved1 + 1;
+  const size_t kTimestampDeltaLargestObserved2 =
+      kTimestampTimeDeltaLargestObserved1 + 4;
+  const size_t kTimestampTimeDeltaLargestObserved2 =
+      kTimestampDeltaLargestObserved2 + 1;
+
+  // Now test framing boundaries.
+  const size_t ack_frame_size =
+      kAckBlockLengthOffset4 + PACKET_2BYTE_PACKET_NUMBER;
+  for (size_t i = kQuicFrameTypeSize; i < ack_frame_size; ++i) {
+    string expected_error;
+    if (i < kLargestAckedDeltaTimeOffset) {
+      expected_error = "Unable to read largest acked.";
+    } else if (i < kNumberOfAckBlocksOffset) {
+      expected_error = "Unable to read ack delay time.";
+    } else if (i < kFirstAckBlockLengthOffset) {
+      expected_error = "Unable to read num of ack blocks.";
+    } else if (i < kGapToNextBlockOffset1) {
+      expected_error = "Unable to read first ack block length.";
+    } else if (i < kAckBlockLengthOffset1) {
+      expected_error = "Unable to read gap to next ack block.";
+    } else if (i < kGapToNextBlockOffset2) {
+      expected_error = "Unable to ack block length.";
+    } else if (i < kAckBlockLengthOffset2) {
+      expected_error = "Unable to read gap to next ack block.";
+    } else if (i < kGapToNextBlockOffset3) {
+      expected_error = "Unable to ack block length.";
+    } else if (i < kAckBlockLengthOffset3) {
+      expected_error = "Unable to read gap to next ack block.";
+    } else if (i < kGapToNextBlockOffset4) {
+      expected_error = "Unable to ack block length.";
+    } else if (i < kAckBlockLengthOffset4) {
+      expected_error = "Unable to read gap to next ack block.";
+    } else if (i < kNumTimestampsOffset) {
+      expected_error = "Unable to ack block length.";
+    } else if (i < kTimestampDeltaLargestObserved1) {
+      expected_error = "Unable to read num received packets.";
+    } else if (i < kTimestampTimeDeltaLargestObserved1) {
+      expected_error = "Unable to read sequence delta in received packets.";
+    } else if (i < kTimestampDeltaLargestObserved2) {
+      expected_error = "Unable to read time delta in received packets.";
+    } else if (i < kTimestampTimeDeltaLargestObserved2) {
+      expected_error = "Unable to read sequence delta in received packets.";
+    } else {
+      expected_error =
+          "Unable to read incremental time delta in received packets.";
+    }
+
+    CheckProcessingFails(
+        packet,
+        i + GetPacketHeaderSize(framer_.version(), PACKET_8BYTE_CONNECTION_ID,
+                                !kIncludeVersion, !kIncludePathId,
+                                !kIncludeDiversificationNonce,
+                                PACKET_6BYTE_PACKET_NUMBER),
+        expected_error, QUIC_INVALID_ACK_DATA);
+  }
+}
+
+TEST_P(QuicFramerTest, AckFrameVersion32) {
+  // clang-format off
+  unsigned char packet[] = {
+      // public flags (8 byte connection_id)
+      0x38,
+      // connection_id
+      0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
+      // packet number
       0xA8, 0x9A, 0x78, 0x56, 0x34, 0x12,
       // private flags (entropy)
       0x01,
@@ -2329,7 +3051,8 @@ TEST_P(QuicFramerTest, AckFrameVersion32) {
   };
   // clang-format on
 
-  if (framer_.version() <= QUIC_VERSION_31) {
+  if (framer_.version() <= QUIC_VERSION_31 ||
+      framer_.version() > QUIC_VERSION_33) {
     return;
   }
 
@@ -2338,15 +3061,16 @@ TEST_P(QuicFramerTest, AckFrameVersion32) {
 
   EXPECT_EQ(QUIC_NO_ERROR, framer_.error());
   ASSERT_TRUE(visitor_.header_.get());
-  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId));
+  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId,
+                              !kIncludeDiversificationNonce));
 
   EXPECT_EQ(0u, visitor_.stream_frames_.size());
   ASSERT_EQ(1u, visitor_.ack_frames_.size());
   const QuicAckFrame& frame = *visitor_.ack_frames_[0];
   EXPECT_EQ(0xBA, frame.entropy_hash);
   EXPECT_EQ(kLargestObserved, frame.largest_observed);
-  ASSERT_EQ(1u, frame.missing_packets.NumPacketsSlow());
-  EXPECT_EQ(kMissingPacket, frame.missing_packets.Min());
+  ASSERT_EQ(1u, frame.packets.NumPacketsSlow());
+  EXPECT_EQ(kMissingPacket, frame.packets.Min());
 
   const size_t kReceivedEntropyOffset = kQuicFrameTypeSize;
   const size_t kLargestObservedOffset =
@@ -2378,8 +3102,10 @@ TEST_P(QuicFramerTest, AckFrameVersion32) {
     }
     CheckProcessingFails(
         packet,
-        i + GetPacketHeaderSize(PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion,
-                                !kIncludePathId, PACKET_6BYTE_PACKET_NUMBER),
+        i + GetPacketHeaderSize(framer_.version(), PACKET_8BYTE_CONNECTION_ID,
+                                !kIncludeVersion, !kIncludePathId,
+                                !kIncludeDiversificationNonce,
+                                PACKET_6BYTE_PACKET_NUMBER),
         expected_error, QUIC_INVALID_ACK_DATA);
   }
 }
@@ -2388,7 +3114,7 @@ TEST_P(QuicFramerTest, AckFrameRevivedPackets) {
   // clang-format off
   unsigned char packet[] = {
       // public flags (8 byte connection_id)
-      0x3C,
+      0x38,
       // connection_id
       0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
       // packet number
@@ -2431,15 +3157,16 @@ TEST_P(QuicFramerTest, AckFrameRevivedPackets) {
 
   EXPECT_EQ(QUIC_NO_ERROR, framer_.error());
   ASSERT_TRUE(visitor_.header_.get());
-  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId));
+  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId,
+                              !kIncludeDiversificationNonce));
 
   EXPECT_EQ(0u, visitor_.stream_frames_.size());
   ASSERT_EQ(1u, visitor_.ack_frames_.size());
   const QuicAckFrame& frame = *visitor_.ack_frames_[0];
   EXPECT_EQ(0xBA, frame.entropy_hash);
   EXPECT_EQ(kLargestObserved, frame.largest_observed);
-  ASSERT_EQ(1u, frame.missing_packets.NumPacketsSlow());
-  EXPECT_EQ(kMissingPacket, frame.missing_packets.Min());
+  ASSERT_EQ(1u, frame.packets.NumPacketsSlow());
+  EXPECT_EQ(kMissingPacket, frame.packets.Min());
 
   const size_t kReceivedEntropyOffset = kQuicFrameTypeSize;
   const size_t kLargestObservedOffset =
@@ -2486,8 +3213,10 @@ TEST_P(QuicFramerTest, AckFrameRevivedPackets) {
     }
     CheckProcessingFails(
         packet,
-        i + GetPacketHeaderSize(PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion,
-                                !kIncludePathId, PACKET_6BYTE_PACKET_NUMBER),
+        i + GetPacketHeaderSize(framer_.version(), PACKET_8BYTE_CONNECTION_ID,
+                                !kIncludeVersion, !kIncludePathId,
+                                !kIncludeDiversificationNonce,
+                                PACKET_6BYTE_PACKET_NUMBER),
         expected_error, QUIC_INVALID_ACK_DATA);
   }
 }
@@ -2496,7 +3225,8 @@ TEST_P(QuicFramerTest, AckFrameNoNacks) {
   // clang-format off
   unsigned char packet[] = {
       // public flags (8 byte connection_id)
-      0x3C,
+      static_cast<unsigned char>(
+          framer_.version() > QUIC_VERSION_32 ? 0x38 : 0x3C),
       // connection_id
       0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
       // packet number
@@ -2517,25 +3247,29 @@ TEST_P(QuicFramerTest, AckFrameNoNacks) {
       0x00,
   };
   // clang-format on
+  if (framer_.version() >= QUIC_VERSION_31) {
+    return;
+  }
 
   QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false);
   EXPECT_TRUE(framer_.ProcessPacket(encrypted));
 
   EXPECT_EQ(QUIC_NO_ERROR, framer_.error());
   ASSERT_TRUE(visitor_.header_.get());
-  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId));
+  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId,
+                              !kIncludeDiversificationNonce));
 
   EXPECT_EQ(0u, visitor_.stream_frames_.size());
   ASSERT_EQ(1u, visitor_.ack_frames_.size());
   QuicAckFrame* frame = visitor_.ack_frames_[0];
   EXPECT_EQ(0xBA, frame->entropy_hash);
   EXPECT_EQ(kLargestObserved, frame->largest_observed);
-  ASSERT_TRUE(frame->missing_packets.Empty());
+  ASSERT_TRUE(frame->packets.Empty());
 
   // Verify that the packet re-serializes identically.
   QuicFrames frames;
   frames.push_back(QuicFrame(frame));
-  scoped_ptr<QuicPacket> data(BuildDataPacket(*visitor_.header_, frames));
+  std::unique_ptr<QuicPacket> data(BuildDataPacket(*visitor_.header_, frames));
   ASSERT_TRUE(data != nullptr);
 
   test::CompareCharArraysWithHexError("constructed packet", data->data(),
@@ -2547,7 +3281,8 @@ TEST_P(QuicFramerTest, AckFrame500Nacks) {
   // clang-format off
   unsigned char packet[] = {
       // public flags (8 byte connection_id)
-      0x3C,
+      static_cast<unsigned char>(
+          framer_.version() > QUIC_VERSION_32 ? 0x38 : 0x3C),
       // connection_id
       0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
       // packet number
@@ -2592,21 +3327,22 @@ TEST_P(QuicFramerTest, AckFrame500Nacks) {
 
   EXPECT_EQ(QUIC_NO_ERROR, framer_.error());
   ASSERT_TRUE(visitor_.header_.get());
-  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId));
+  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId,
+                              !kIncludeDiversificationNonce));
 
   EXPECT_EQ(0u, visitor_.stream_frames_.size());
   ASSERT_EQ(1u, visitor_.ack_frames_.size());
   QuicAckFrame* frame = visitor_.ack_frames_[0];
   EXPECT_EQ(0xBA, frame->entropy_hash);
   EXPECT_EQ(kLargestObserved, frame->largest_observed);
-  ASSERT_EQ(500u, frame->missing_packets.NumPacketsSlow());
-  EXPECT_EQ(kMissingPacket - 499, frame->missing_packets.Min());
-  EXPECT_EQ(kMissingPacket, frame->missing_packets.Max());
+  ASSERT_EQ(500u, frame->packets.NumPacketsSlow());
+  EXPECT_EQ(kMissingPacket - 499, frame->packets.Min());
+  EXPECT_EQ(kMissingPacket, frame->packets.Max());
 
   // Verify that the packet re-serializes identically.
   QuicFrames frames;
   frames.push_back(QuicFrame(frame));
-  scoped_ptr<QuicPacket> data(BuildDataPacket(*visitor_.header_, frames));
+  std::unique_ptr<QuicPacket> data(BuildDataPacket(*visitor_.header_, frames));
   ASSERT_TRUE(data != nullptr);
 
   test::CompareCharArraysWithHexError("constructed packet", data->data(),
@@ -2618,7 +3354,8 @@ TEST_P(QuicFramerTest, AckFrame500NacksVersion32) {
   // clang-format off
   unsigned char packet[] = {
       // public flags (8 byte connection_id)
-      0x3C,
+      static_cast<unsigned char>(
+          framer_.version() > QUIC_VERSION_32 ? 0x38 : 0x3C),
       // connection_id
       0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
       // packet number
@@ -2652,7 +3389,8 @@ TEST_P(QuicFramerTest, AckFrame500NacksVersion32) {
   };
   // clang-format on
 
-  if (framer_.version() <= QUIC_VERSION_31) {
+  if (framer_.version() <= QUIC_VERSION_31 ||
+      framer_.version() > QUIC_VERSION_33) {
     return;
   }
 
@@ -2661,21 +3399,22 @@ TEST_P(QuicFramerTest, AckFrame500NacksVersion32) {
 
   EXPECT_EQ(QUIC_NO_ERROR, framer_.error());
   ASSERT_TRUE(visitor_.header_.get());
-  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId));
+  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId,
+                              !kIncludeDiversificationNonce));
 
   EXPECT_EQ(0u, visitor_.stream_frames_.size());
   ASSERT_EQ(1u, visitor_.ack_frames_.size());
   QuicAckFrame* frame = visitor_.ack_frames_[0];
   EXPECT_EQ(0xBA, frame->entropy_hash);
   EXPECT_EQ(kLargestObserved, frame->largest_observed);
-  ASSERT_EQ(500u, frame->missing_packets.NumPacketsSlow());
-  EXPECT_EQ(kMissingPacket - 499, frame->missing_packets.Min());
-  EXPECT_EQ(kMissingPacket, frame->missing_packets.Max());
+  ASSERT_EQ(500u, frame->packets.NumPacketsSlow());
+  EXPECT_EQ(kMissingPacket - 499, frame->packets.Min());
+  EXPECT_EQ(kMissingPacket, frame->packets.Max());
 
   // Verify that the packet re-serializes identically.
   QuicFrames frames;
   frames.push_back(QuicFrame(frame));
-  scoped_ptr<QuicPacket> data(BuildDataPacket(*visitor_.header_, frames));
+  std::unique_ptr<QuicPacket> data(BuildDataPacket(*visitor_.header_, frames));
   ASSERT_TRUE(data != nullptr);
 
   test::CompareCharArraysWithHexError("constructed packet", data->data(),
@@ -2684,10 +3423,13 @@ TEST_P(QuicFramerTest, AckFrame500NacksVersion32) {
 }
 
 TEST_P(QuicFramerTest, StopWaitingFrame) {
+  if (framer_.version() > QUIC_VERSION_33) {
+    return;
+  }
   // clang-format off
   unsigned char packet[] = {
     // public flags (8 byte connection_id)
-    0x3C,
+    0x38,
     // connection_id
     0x10, 0x32, 0x54, 0x76,
     0x98, 0xBA, 0xDC, 0xFE,
@@ -2713,7 +3455,8 @@ TEST_P(QuicFramerTest, StopWaitingFrame) {
 
   EXPECT_EQ(QUIC_NO_ERROR, framer_.error());
   ASSERT_TRUE(visitor_.header_.get());
-  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId));
+  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId,
+                              !kIncludeDiversificationNonce));
 
   EXPECT_EQ(0u, visitor_.stream_frames_.size());
   ASSERT_EQ(1u, visitor_.stop_waiting_frames_.size());
@@ -2733,13 +3476,18 @@ TEST_P(QuicFramerTest, StopWaitingFrame) {
     }
     CheckProcessingFails(
         packet,
-        i + GetPacketHeaderSize(PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion,
-                                !kIncludePathId, PACKET_6BYTE_PACKET_NUMBER),
+        i + GetPacketHeaderSize(framer_.version(), PACKET_8BYTE_CONNECTION_ID,
+                                !kIncludeVersion, !kIncludePathId,
+                                !kIncludeDiversificationNonce,
+                                PACKET_6BYTE_PACKET_NUMBER),
         expected_error, QUIC_INVALID_STOP_WAITING_DATA);
   }
 }
 
-TEST_P(QuicFramerTest, RstStreamFrameQuic) {
+TEST_P(QuicFramerTest, NewStopWaitingFrame) {
+  if (framer_.version() <= QUIC_VERSION_33) {
+    return;
+  }
   // clang-format off
   unsigned char packet[] = {
     // public flags (8 byte connection_id)
@@ -2748,6 +3496,52 @@ TEST_P(QuicFramerTest, RstStreamFrameQuic) {
     0x10, 0x32, 0x54, 0x76,
     0x98, 0xBA, 0xDC, 0xFE,
     // packet number
+    0xA8, 0x9A, 0x78, 0x56,
+    0x34, 0x12,
+    // frame type (stop waiting frame)
+    0x06,
+    // least packet number awaiting an ack, delta from packet number.
+    0x08, 0x00, 0x00, 0x00,
+    0x00, 0x00,
+  };
+  // clang-format on
+
+  QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false);
+  EXPECT_TRUE(framer_.ProcessPacket(encrypted));
+
+  EXPECT_EQ(QUIC_NO_ERROR, framer_.error());
+  ASSERT_TRUE(visitor_.header_.get());
+  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId,
+                              !kIncludeDiversificationNonce));
+
+  EXPECT_EQ(0u, visitor_.stream_frames_.size());
+  ASSERT_EQ(1u, visitor_.stop_waiting_frames_.size());
+  const QuicStopWaitingFrame& frame = *visitor_.stop_waiting_frames_[0];
+  EXPECT_EQ(kLeastUnacked, frame.least_unacked);
+
+  const size_t frame_size = 7;
+  for (size_t i = kQuicFrameTypeSize; i < frame_size; ++i) {
+    string expected_error;
+    expected_error = "Unable to read least unacked delta.";
+    CheckProcessingFails(
+        packet,
+        i + GetPacketHeaderSize(framer_.version(), PACKET_8BYTE_CONNECTION_ID,
+                                !kIncludeVersion, !kIncludePathId,
+                                !kIncludeDiversificationNonce,
+                                PACKET_6BYTE_PACKET_NUMBER),
+        expected_error, QUIC_INVALID_STOP_WAITING_DATA);
+  }
+}
+
+TEST_P(QuicFramerTest, RstStreamFrameQuic) {
+  // clang-format off
+  unsigned char packet[] = {
+    // public flags (8 byte connection_id)
+    0x38,
+    // connection_id
+    0x10, 0x32, 0x54, 0x76,
+    0x98, 0xBA, 0xDC, 0xFE,
+    // packet number
     0xBC, 0x9A, 0x78, 0x56,
     0x34, 0x12,
     // private flags
@@ -2765,14 +3559,41 @@ TEST_P(QuicFramerTest, RstStreamFrameQuic) {
     // error code
     0x01, 0x00, 0x00, 0x00,
   };
+  unsigned char packet_34[] = {
+    // public flags (8 byte connection_id)
+    0x38,
+    // connection_id
+    0x10, 0x32, 0x54, 0x76,
+    0x98, 0xBA, 0xDC, 0xFE,
+    // packet number
+    0xBC, 0x9A, 0x78, 0x56,
+    0x34, 0x12,
+
+    // frame type (rst stream frame)
+    0x01,
+    // stream id
+    0x04, 0x03, 0x02, 0x01,
+
+    // sent byte offset
+    0x54, 0x76, 0x10, 0x32,
+    0xDC, 0xFE, 0x98, 0xBA,
+
+    // error code
+    0x01, 0x00, 0x00, 0x00,
+  };
   // clang-format on
 
-  QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false);
+  QuicEncryptedPacket encrypted(
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34),
+      false);
   EXPECT_TRUE(framer_.ProcessPacket(encrypted));
 
   EXPECT_EQ(QUIC_NO_ERROR, framer_.error());
   ASSERT_TRUE(visitor_.header_.get());
-  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId));
+  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId,
+                              !kIncludeDiversificationNonce));
 
   EXPECT_EQ(kStreamId, visitor_.rst_stream_frame_.stream_id);
   EXPECT_EQ(0x01, visitor_.rst_stream_frame_.error_code);
@@ -2792,9 +3613,11 @@ TEST_P(QuicFramerTest, RstStreamFrameQuic) {
       expected_error = "Unable to read rst stream error code.";
     }
     CheckProcessingFails(
-        packet,
-        i + GetPacketHeaderSize(PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion,
-                                !kIncludePathId, PACKET_6BYTE_PACKET_NUMBER),
+        framer_.version() <= QUIC_VERSION_33 ? packet : packet_34,
+        i + GetPacketHeaderSize(framer_.version(), PACKET_8BYTE_CONNECTION_ID,
+                                !kIncludeVersion, !kIncludePathId,
+                                !kIncludeDiversificationNonce,
+                                PACKET_6BYTE_PACKET_NUMBER),
         expected_error, QUIC_INVALID_RST_STREAM_DATA);
   }
 }
@@ -2803,7 +3626,7 @@ TEST_P(QuicFramerTest, ConnectionCloseFrame) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (8 byte connection_id)
-    0x3C,
+    0x38,
     // connection_id
     0x10, 0x32, 0x54, 0x76,
     0x98, 0xBA, 0xDC, 0xFE,
@@ -2826,14 +3649,42 @@ TEST_P(QuicFramerTest, ConnectionCloseFrame) {
     'I',  ' ',  'c',  'a',
     'n',
   };
+  unsigned char packet_34[] = {
+    // public flags (8 byte connection_id)
+    0x38,
+    // connection_id
+    0x10, 0x32, 0x54, 0x76,
+    0x98, 0xBA, 0xDC, 0xFE,
+    // packet number
+    0xBC, 0x9A, 0x78, 0x56,
+    0x34, 0x12,
+
+    // frame type (connection close frame)
+    0x02,
+    // error code
+    0x11, 0x00, 0x00, 0x00,
+
+    // error details length
+    0x0d, 0x00,
+    // error details
+    'b',  'e',  'c',  'a',
+    'u',  's',  'e',  ' ',
+    'I',  ' ',  'c',  'a',
+    'n',
+  };
   // clang-format on
 
-  QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false);
+  QuicEncryptedPacket encrypted(
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34),
+      false);
   EXPECT_TRUE(framer_.ProcessPacket(encrypted));
 
   EXPECT_EQ(QUIC_NO_ERROR, framer_.error());
   ASSERT_TRUE(visitor_.header_.get());
-  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId));
+  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId,
+                              !kIncludeDiversificationNonce));
 
   EXPECT_EQ(0u, visitor_.stream_frames_.size());
 
@@ -2852,9 +3703,11 @@ TEST_P(QuicFramerTest, ConnectionCloseFrame) {
       expected_error = "Unable to read connection close error details.";
     }
     CheckProcessingFails(
-        packet,
-        i + GetPacketHeaderSize(PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion,
-                                !kIncludePathId, PACKET_6BYTE_PACKET_NUMBER),
+        framer_.version() <= QUIC_VERSION_33 ? packet : packet_34,
+        i + GetPacketHeaderSize(framer_.version(), PACKET_8BYTE_CONNECTION_ID,
+                                !kIncludeVersion, !kIncludePathId,
+                                !kIncludeDiversificationNonce,
+                                PACKET_6BYTE_PACKET_NUMBER),
         expected_error, QUIC_INVALID_CONNECTION_CLOSE_DATA);
   }
 }
@@ -2863,7 +3716,7 @@ TEST_P(QuicFramerTest, GoAwayFrame) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (8 byte connection_id)
-    0x3C,
+    0x38,
     // connection_id
     0x10, 0x32, 0x54, 0x76,
     0x98, 0xBA, 0xDC, 0xFE,
@@ -2887,14 +3740,43 @@ TEST_P(QuicFramerTest, GoAwayFrame) {
     'I',  ' ',  'c',  'a',
     'n',
   };
+  unsigned char packet_34[] = {
+    // public flags (8 byte connection_id)
+    0x38,
+    // connection_id
+    0x10, 0x32, 0x54, 0x76,
+    0x98, 0xBA, 0xDC, 0xFE,
+    // packet number
+    0xBC, 0x9A, 0x78, 0x56,
+    0x34, 0x12,
+
+    // frame type (go away frame)
+    0x03,
+    // error code
+    0x09, 0x00, 0x00, 0x00,
+    // stream id
+    0x04, 0x03, 0x02, 0x01,
+    // error details length
+    0x0d, 0x00,
+    // error details
+    'b',  'e',  'c',  'a',
+    'u',  's',  'e',  ' ',
+    'I',  ' ',  'c',  'a',
+    'n',
+  };
   // clang-format on
 
-  QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false);
+  QuicEncryptedPacket encrypted(
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34),
+      false);
   EXPECT_TRUE(framer_.ProcessPacket(encrypted));
 
   EXPECT_EQ(QUIC_NO_ERROR, framer_.error());
   ASSERT_TRUE(visitor_.header_.get());
-  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId));
+  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId,
+                              !kIncludeDiversificationNonce));
 
   EXPECT_EQ(kStreamId, visitor_.goaway_frame_.last_good_stream_id);
   EXPECT_EQ(0x9, visitor_.goaway_frame_.error_code);
@@ -2914,9 +3796,11 @@ TEST_P(QuicFramerTest, GoAwayFrame) {
       expected_error = "Unable to read goaway reason.";
     }
     CheckProcessingFails(
-        packet,
-        i + GetPacketHeaderSize(PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion,
-                                !kIncludePathId, PACKET_6BYTE_PACKET_NUMBER),
+        framer_.version() <= QUIC_VERSION_33 ? packet : packet_34,
+        i + GetPacketHeaderSize(framer_.version(), PACKET_8BYTE_CONNECTION_ID,
+                                !kIncludeVersion, !kIncludePathId,
+                                !kIncludeDiversificationNonce,
+                                PACKET_6BYTE_PACKET_NUMBER),
         expected_error, QUIC_INVALID_GOAWAY_DATA);
   }
 }
@@ -2925,7 +3809,7 @@ TEST_P(QuicFramerTest, WindowUpdateFrame) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (8 byte connection_id)
-    0x3C,
+    0x38,
     // connection_id
     0x10, 0x32, 0x54, 0x76,
     0x98, 0xBA, 0xDC, 0xFE,
@@ -2943,15 +3827,38 @@ TEST_P(QuicFramerTest, WindowUpdateFrame) {
     0x54, 0x76, 0x10, 0x32,
     0xDC, 0xFE, 0x98, 0xBA,
   };
+  unsigned char packet_34[] = {
+    // public flags (8 byte connection_id)
+    0x38,
+    // connection_id
+    0x10, 0x32, 0x54, 0x76,
+    0x98, 0xBA, 0xDC, 0xFE,
+    // packet number
+    0xBC, 0x9A, 0x78, 0x56,
+    0x34, 0x12,
+
+    // frame type (window update frame)
+    0x04,
+    // stream id
+    0x04, 0x03, 0x02, 0x01,
+    // byte offset
+    0x54, 0x76, 0x10, 0x32,
+    0xDC, 0xFE, 0x98, 0xBA,
+  };
   // clang-format on
 
-  QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false);
+  QuicEncryptedPacket encrypted(
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34),
+      false);
 
   EXPECT_TRUE(framer_.ProcessPacket(encrypted));
 
   EXPECT_EQ(QUIC_NO_ERROR, framer_.error());
   ASSERT_TRUE(visitor_.header_.get());
-  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId));
+  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId,
+                              !kIncludeDiversificationNonce));
 
   EXPECT_EQ(kStreamId, visitor_.window_update_frame_.stream_id);
   EXPECT_EQ(kStreamOffset, visitor_.window_update_frame_.byte_offset);
@@ -2966,9 +3873,11 @@ TEST_P(QuicFramerTest, WindowUpdateFrame) {
       expected_error = "Unable to read window byte_offset.";
     }
     CheckProcessingFails(
-        packet,
-        i + GetPacketHeaderSize(PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion,
-                                !kIncludePathId, PACKET_6BYTE_PACKET_NUMBER),
+        framer_.version() <= QUIC_VERSION_33 ? packet : packet_34,
+        i + GetPacketHeaderSize(framer_.version(), PACKET_8BYTE_CONNECTION_ID,
+                                !kIncludeVersion, !kIncludePathId,
+                                !kIncludeDiversificationNonce,
+                                PACKET_6BYTE_PACKET_NUMBER),
         expected_error, QUIC_INVALID_WINDOW_UPDATE_DATA);
   }
 }
@@ -2977,7 +3886,7 @@ TEST_P(QuicFramerTest, BlockedFrame) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (8 byte connection_id)
-    0x3C,
+    0x38,
     // connection_id
     0x10, 0x32, 0x54, 0x76,
     0x98, 0xBA, 0xDC, 0xFE,
@@ -2992,15 +3901,35 @@ TEST_P(QuicFramerTest, BlockedFrame) {
     // stream id
     0x04, 0x03, 0x02, 0x01,
   };
+  unsigned char packet_34[] = {
+    // public flags (8 byte connection_id)
+    0x38,
+    // connection_id
+    0x10, 0x32, 0x54, 0x76,
+    0x98, 0xBA, 0xDC, 0xFE,
+    // packet number
+    0xBC, 0x9A, 0x78, 0x56,
+    0x34, 0x12,
+
+    // frame type (blocked frame)
+    0x05,
+    // stream id
+    0x04, 0x03, 0x02, 0x01,
+  };
   // clang-format on
 
-  QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false);
+  QuicEncryptedPacket encrypted(
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34),
+      false);
 
   EXPECT_TRUE(framer_.ProcessPacket(encrypted));
 
   EXPECT_EQ(QUIC_NO_ERROR, framer_.error());
   ASSERT_TRUE(visitor_.header_.get());
-  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId));
+  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId,
+                              !kIncludeDiversificationNonce));
 
   EXPECT_EQ(kStreamId, visitor_.blocked_frame_.stream_id);
 
@@ -3009,9 +3938,11 @@ TEST_P(QuicFramerTest, BlockedFrame) {
        ++i) {
     string expected_error = "Unable to read stream_id.";
     CheckProcessingFails(
-        packet,
-        i + GetPacketHeaderSize(PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion,
-                                !kIncludePathId, PACKET_6BYTE_PACKET_NUMBER),
+        framer_.version() <= QUIC_VERSION_33 ? packet : packet_34,
+        i + GetPacketHeaderSize(framer_.version(), PACKET_8BYTE_CONNECTION_ID,
+                                !kIncludeVersion, !kIncludePathId,
+                                !kIncludeDiversificationNonce,
+                                PACKET_6BYTE_PACKET_NUMBER),
         expected_error, QUIC_INVALID_BLOCKED_DATA);
   }
 }
@@ -3020,7 +3951,7 @@ TEST_P(QuicFramerTest, PingFrame) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (8 byte connection_id)
-    0x3C,
+    0x38,
     // connection_id
     0x10, 0x32, 0x54, 0x76,
     0x98, 0xBA, 0xDC, 0xFE,
@@ -3033,14 +3964,32 @@ TEST_P(QuicFramerTest, PingFrame) {
     // frame type (ping frame)
     0x07,
   };
+  unsigned char packet_34[] = {
+    // public flags (8 byte connection_id)
+    0x38,
+    // connection_id
+    0x10, 0x32, 0x54, 0x76,
+    0x98, 0xBA, 0xDC, 0xFE,
+    // packet number
+    0xBC, 0x9A, 0x78, 0x56,
+    0x34, 0x12,
+
+    // frame type (ping frame)
+    0x07,
+  };
   // clang-format on
 
-  QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false);
+  QuicEncryptedPacket encrypted(
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34),
+      false);
   EXPECT_TRUE(framer_.ProcessPacket(encrypted));
 
   EXPECT_EQ(QUIC_NO_ERROR, framer_.error());
   ASSERT_TRUE(visitor_.header_.get());
-  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId));
+  EXPECT_TRUE(CheckDecryption(encrypted, !kIncludeVersion, !kIncludePathId,
+                              !kIncludeDiversificationNonce));
 
   EXPECT_EQ(1u, visitor_.ping_frames_.size());
 
@@ -3051,7 +4000,7 @@ TEST_P(QuicFramerTest, PathCloseFrame) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (version)
-    0x7C,
+    0x78,
     // connection_id
     0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
     // path_id
@@ -3066,9 +4015,28 @@ TEST_P(QuicFramerTest, PathCloseFrame) {
     // path id
     0x42,
   };
+  unsigned char packet_34[] = {
+    // public flags (version)
+    0x78,
+    // connection_id
+    0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
+    // path_id
+    0x00,
+    // packet number
+    0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12,
+
+    // frame type (path_close_frame)
+    0x08,
+    // path id
+    0x42,
+  };
   // clang-format on
 
-  QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false);
+  QuicEncryptedPacket encrypted(
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34),
+      false);
   EXPECT_TRUE(framer_.ProcessPacket(encrypted));
 
   EXPECT_EQ(QUIC_NO_ERROR, framer_.error());
@@ -3084,14 +4052,80 @@ TEST_P(QuicFramerTest, PathCloseFrame) {
       expected_error = "Unable to read path_id.";
     }
     CheckProcessingFails(
-        packet,
-        i + GetPacketHeaderSize(PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion,
-                                kIncludePathId, PACKET_6BYTE_PACKET_NUMBER),
+        framer_.version() <= QUIC_VERSION_33 ? packet : packet_34,
+        i + GetPacketHeaderSize(framer_.version(), PACKET_8BYTE_CONNECTION_ID,
+                                !kIncludeVersion, kIncludePathId,
+                                !kIncludeDiversificationNonce,
+                                PACKET_6BYTE_PACKET_NUMBER),
         expected_error, QUIC_INVALID_PATH_CLOSE_DATA);
   }
 }
 
+TEST_P(QuicFramerTest, PublicResetPacketV33) {
+  // clang-format off
+  unsigned char packet[] = {
+    // public flags (public reset, 8 byte connection_id)
+    0x0A,
+    // connection_id
+    0x10, 0x32, 0x54, 0x76,
+    0x98, 0xBA, 0xDC, 0xFE,
+    // message tag (kPRST)
+    'P', 'R', 'S', 'T',
+    // num_entries (2) + padding
+    0x02, 0x00, 0x00, 0x00,
+    // tag kRNON
+    'R', 'N', 'O', 'N',
+    // end offset 8
+    0x08, 0x00, 0x00, 0x00,
+    // tag kRSEQ
+    'R', 'S', 'E', 'Q',
+    // end offset 16
+    0x10, 0x00, 0x00, 0x00,
+    // nonce proof
+    0x89, 0x67, 0x45, 0x23,
+    0x01, 0xEF, 0xCD, 0xAB,
+    // rejected packet number
+    0xBC, 0x9A, 0x78, 0x56,
+    0x34, 0x12, 0x00, 0x00,
+  };
+  // clang-format on
+
+  QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false);
+  EXPECT_TRUE(framer_.ProcessPacket(encrypted));
+  ASSERT_EQ(QUIC_NO_ERROR, framer_.error());
+  ASSERT_TRUE(visitor_.public_reset_packet_.get());
+  EXPECT_EQ(kConnectionId,
+            visitor_.public_reset_packet_->public_header.connection_id);
+  EXPECT_TRUE(visitor_.public_reset_packet_->public_header.reset_flag);
+  EXPECT_FALSE(visitor_.public_reset_packet_->public_header.version_flag);
+  EXPECT_EQ(kNonceProof, visitor_.public_reset_packet_->nonce_proof);
+  EXPECT_EQ(0u, visitor_.public_reset_packet_->rejected_packet_number);
+  EXPECT_EQ(ADDRESS_FAMILY_UNSPECIFIED,
+            visitor_.public_reset_packet_->client_address.GetFamily());
+
+  // Now test framing boundaries.
+  for (size_t i = 0; i < arraysize(packet); ++i) {
+    string expected_error;
+    DVLOG(1) << "iteration: " << i;
+    if (i < kConnectionIdOffset) {
+      expected_error = "Unable to read public flags.";
+      CheckProcessingFails(packet, i, expected_error,
+                           QUIC_INVALID_PACKET_HEADER);
+    } else if (i < kPublicResetPacketMessageTagOffset) {
+      expected_error = "Unable to read ConnectionId.";
+      CheckProcessingFails(packet, i, expected_error,
+                           QUIC_INVALID_PACKET_HEADER);
+    } else {
+      expected_error = "Unable to read reset message.";
+      CheckProcessingFails(packet, i, expected_error,
+                           QUIC_INVALID_PUBLIC_RST_PACKET);
+    }
+  }
+}
+
 TEST_P(QuicFramerTest, PublicResetPacket) {
+  QuicFramerPeer::SetPerspective(&framer_, Perspective::IS_CLIENT);
+
   // clang-format off
   unsigned char packet[] = {
     // public flags (public reset, 8 byte connection_id)
@@ -3157,7 +4191,7 @@ TEST_P(QuicFramerTest, PublicResetPacketWithTrailingJunk) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (public reset, 8 byte connection_id)
-    0x0E,
+    0x0A,
     // connection_id
     0x10, 0x32, 0x54, 0x76,
     0x98, 0xBA, 0xDC, 0xFE,
@@ -3193,7 +4227,7 @@ TEST_P(QuicFramerTest, PublicResetPacketWithClientAddress) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (public reset, 8 byte connection_id)
-    0x0E,
+    0x0A,
     // connection_id
     0x10, 0x32, 0x54, 0x76,
     0x98, 0xBA, 0xDC, 0xFE,
@@ -3264,6 +4298,44 @@ TEST_P(QuicFramerTest, VersionNegotiationPacket) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (version, 8 byte connection_id)
+    0x39,
+    // connection_id
+    0x10, 0x32, 0x54, 0x76,
+    0x98, 0xBA, 0xDC, 0xFE,
+    // version tag
+    'Q', '0', GetQuicVersionDigitTens(), GetQuicVersionDigitOnes(),
+    'Q', '2', '.', '0',
+  };
+  // clang-format on
+
+  QuicFramerPeer::SetPerspective(&framer_, Perspective::IS_CLIENT);
+
+  QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false);
+  EXPECT_TRUE(framer_.ProcessPacket(encrypted));
+  ASSERT_EQ(QUIC_NO_ERROR, framer_.error());
+  ASSERT_TRUE(visitor_.version_negotiation_packet_.get());
+  EXPECT_EQ(2u, visitor_.version_negotiation_packet_->versions.size());
+  EXPECT_EQ(GetParam(), visitor_.version_negotiation_packet_->versions[0]);
+
+  for (size_t i = 0; i <= kPublicFlagsSize + PACKET_8BYTE_CONNECTION_ID; ++i) {
+    string expected_error;
+    QuicErrorCode error_code = QUIC_INVALID_PACKET_HEADER;
+    if (i < kConnectionIdOffset) {
+      expected_error = "Unable to read public flags.";
+    } else if (i < kVersionOffset) {
+      expected_error = "Unable to read ConnectionId.";
+    } else {
+      expected_error = "Unable to read supported version in negotiation.";
+      error_code = QUIC_INVALID_VERSION_NEGOTIATION_PACKET;
+    }
+    CheckProcessingFails(packet, i, expected_error, error_code);
+  }
+}
+
+TEST_P(QuicFramerTest, OldVersionNegotiationPacket) {
+  // clang-format off
+  unsigned char packet[] = {
+    // public flags (version, 8 byte connection_id)
     0x3D,
     // connection_id
     0x10, 0x32, 0x54, 0x76,
@@ -3302,7 +4374,7 @@ TEST_P(QuicFramerTest, DropFecPacket) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (8 byte connection_id)
-    0x3C,
+    0x38,
     // connection_id
     0x10, 0x32, 0x54, 0x76,
     0x98, 0xBA, 0xDC, 0xFE,
@@ -3320,8 +4392,9 @@ TEST_P(QuicFramerTest, DropFecPacket) {
     'i',  'j',  'k',  'l',
     'm',  'n',  'o',  'p',
   };
-  // clang-format on
-
+  if (framer_.version() > QUIC_VERSION_33) {
+    return;
+  }
   QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false);
   if (framer_.version() <= QUIC_VERSION_31) {
     EXPECT_TRUE(framer_.ProcessPacket(encrypted));
@@ -3351,7 +4424,8 @@ TEST_P(QuicFramerTest, BuildPaddingFramePacket) {
   // clang-format off
   unsigned char packet[kMaxPacketSize] = {
     // public flags (8 byte connection_id)
-    0x3C,
+    static_cast<unsigned char>(
+        framer_.version() > QUIC_VERSION_32 ? 0x38 : 0x3C),
     // connection_id
     0x10, 0x32, 0x54, 0x76,
     0x98, 0xBA, 0xDC, 0xFE,
@@ -3365,19 +4439,38 @@ TEST_P(QuicFramerTest, BuildPaddingFramePacket) {
     0x00,
     0x00, 0x00, 0x00, 0x00
   };
+  unsigned char packet_34[kMaxPacketSize] = {
+    // public flags (8 byte connection_id)
+    0x38,
+    // connection_id
+    0x10, 0x32, 0x54, 0x76,
+    0x98, 0xBA, 0xDC, 0xFE,
+    // packet number
+    0xBC, 0x9A, 0x78, 0x56,
+    0x34, 0x12,
+
+    // frame type (padding frame)
+    0x00,
+    0x00, 0x00, 0x00, 0x00
+  };
   // clang-format on
 
-  uint64_t header_size =
-      GetPacketHeaderSize(PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion,
-                          !kIncludePathId, PACKET_6BYTE_PACKET_NUMBER);
-  memset(packet + header_size + 1, 0x00, kMaxPacketSize - header_size - 1);
+  uint64_t header_size = GetPacketHeaderSize(
+      framer_.version(), PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion,
+      !kIncludePathId, !kIncludeDiversificationNonce,
+      PACKET_6BYTE_PACKET_NUMBER);
+  memset((framer_.version() <= QUIC_VERSION_33 ? packet : packet_34) +
+             header_size + 1,
+         0x00, kMaxPacketSize - header_size - 1);
 
-  scoped_ptr<QuicPacket> data(BuildDataPacket(header, frames));
+  std::unique_ptr<QuicPacket> data(BuildDataPacket(header, frames));
   ASSERT_TRUE(data != nullptr);
 
-  test::CompareCharArraysWithHexError("constructed packet", data->data(),
-                                      data->length(), AsChars(packet),
-                                      arraysize(packet));
+  test::CompareCharArraysWithHexError(
+      "constructed packet", data->data(), data->length(),
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34));
 }
 
 TEST_P(QuicFramerTest, Build4ByteSequenceNumberPaddingFramePacket) {
@@ -3399,7 +4492,8 @@ TEST_P(QuicFramerTest, Build4ByteSequenceNumberPaddingFramePacket) {
   // clang-format off
   unsigned char packet[kMaxPacketSize] = {
     // public flags (8 byte connection_id and 4 byte packet number)
-    0x2C,
+    static_cast<unsigned char>(
+        framer_.version() > QUIC_VERSION_32 ? 0x28 : 0x2C),
     // connection_id
     0x10, 0x32, 0x54, 0x76,
     0x98, 0xBA, 0xDC, 0xFE,
@@ -3412,19 +4506,37 @@ TEST_P(QuicFramerTest, Build4ByteSequenceNumberPaddingFramePacket) {
     0x00,
     0x00, 0x00, 0x00, 0x00
   };
+  unsigned char packet_34[kMaxPacketSize] = {
+    // public flags (8 byte connection_id and 4 byte packet number)
+    0x28,
+    // connection_id
+    0x10, 0x32, 0x54, 0x76,
+    0x98, 0xBA, 0xDC, 0xFE,
+    // packet number
+    0xBC, 0x9A, 0x78, 0x56,
+
+    // frame type (padding frame)
+    0x00,
+    0x00, 0x00, 0x00, 0x00
+  };
   // clang-format on
 
-  uint64_t header_size =
-      GetPacketHeaderSize(PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion,
-                          !kIncludePathId, PACKET_4BYTE_PACKET_NUMBER);
-  memset(packet + header_size + 1, 0x00, kMaxPacketSize - header_size - 1);
+  uint64_t header_size = GetPacketHeaderSize(
+      framer_.version(), PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion,
+      !kIncludePathId, !kIncludeDiversificationNonce,
+      PACKET_4BYTE_PACKET_NUMBER);
+  memset((framer_.version() <= QUIC_VERSION_33 ? packet : packet_34) +
+             header_size + 1,
+         0x00, kMaxPacketSize - header_size - 1);
 
-  scoped_ptr<QuicPacket> data(BuildDataPacket(header, frames));
+  std::unique_ptr<QuicPacket> data(BuildDataPacket(header, frames));
   ASSERT_TRUE(data != nullptr);
 
-  test::CompareCharArraysWithHexError("constructed packet", data->data(),
-                                      data->length(), AsChars(packet),
-                                      arraysize(packet));
+  test::CompareCharArraysWithHexError(
+      "constructed packet", data->data(), data->length(),
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34));
 }
 
 TEST_P(QuicFramerTest, Build2ByteSequenceNumberPaddingFramePacket) {
@@ -3446,7 +4558,8 @@ TEST_P(QuicFramerTest, Build2ByteSequenceNumberPaddingFramePacket) {
   // clang-format off
   unsigned char packet[kMaxPacketSize] = {
     // public flags (8 byte connection_id and 2 byte packet number)
-    0x1C,
+    static_cast<unsigned char>(
+        framer_.version() > QUIC_VERSION_32 ? 0x18 : 0x1C),
     // connection_id
     0x10, 0x32, 0x54, 0x76,
     0x98, 0xBA, 0xDC, 0xFE,
@@ -3459,19 +4572,37 @@ TEST_P(QuicFramerTest, Build2ByteSequenceNumberPaddingFramePacket) {
     0x00,
     0x00, 0x00, 0x00, 0x00
   };
+  unsigned char packet_34[kMaxPacketSize] = {
+    // public flags (8 byte connection_id and 2 byte packet number)
+    0x18,
+    // connection_id
+    0x10, 0x32, 0x54, 0x76,
+    0x98, 0xBA, 0xDC, 0xFE,
+    // packet number
+    0xBC, 0x9A,
+
+    // frame type (padding frame)
+    0x00,
+    0x00, 0x00, 0x00, 0x00
+  };
   // clang-format on
 
-  uint64_t header_size =
-      GetPacketHeaderSize(PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion,
-                          !kIncludePathId, PACKET_2BYTE_PACKET_NUMBER);
-  memset(packet + header_size + 1, 0x00, kMaxPacketSize - header_size - 1);
+  uint64_t header_size = GetPacketHeaderSize(
+      framer_.version(), PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion,
+      !kIncludePathId, !kIncludeDiversificationNonce,
+      PACKET_2BYTE_PACKET_NUMBER);
+  memset((framer_.version() <= QUIC_VERSION_33 ? packet : packet_34) +
+             header_size + 1,
+         0x00, kMaxPacketSize - header_size - 1);
 
-  scoped_ptr<QuicPacket> data(BuildDataPacket(header, frames));
+  std::unique_ptr<QuicPacket> data(BuildDataPacket(header, frames));
   ASSERT_TRUE(data != nullptr);
 
-  test::CompareCharArraysWithHexError("constructed packet", data->data(),
-                                      data->length(), AsChars(packet),
-                                      arraysize(packet));
+  test::CompareCharArraysWithHexError(
+      "constructed packet", data->data(), data->length(),
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34));
 }
 
 TEST_P(QuicFramerTest, Build1ByteSequenceNumberPaddingFramePacket) {
@@ -3493,7 +4624,8 @@ TEST_P(QuicFramerTest, Build1ByteSequenceNumberPaddingFramePacket) {
   // clang-format off
   unsigned char packet[kMaxPacketSize] = {
     // public flags (8 byte connection_id and 1 byte packet number)
-    0x0C,
+    static_cast<unsigned char>(
+        framer_.version() > QUIC_VERSION_32 ? 0x08 : 0x0C),
     // connection_id
     0x10, 0x32, 0x54, 0x76,
     0x98, 0xBA, 0xDC, 0xFE,
@@ -3506,19 +4638,37 @@ TEST_P(QuicFramerTest, Build1ByteSequenceNumberPaddingFramePacket) {
     0x00,
     0x00, 0x00, 0x00, 0x00
   };
+  unsigned char packet_34[kMaxPacketSize] = {
+    // public flags (8 byte connection_id and 1 byte packet number)
+    0x08,
+    // connection_id
+    0x10, 0x32, 0x54, 0x76,
+    0x98, 0xBA, 0xDC, 0xFE,
+    // packet number
+    0xBC,
+
+    // frame type (padding frame)
+    0x00,
+    0x00, 0x00, 0x00, 0x00
+  };
   // clang-format on
 
-  uint64_t header_size =
-      GetPacketHeaderSize(PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion,
-                          !kIncludePathId, PACKET_1BYTE_PACKET_NUMBER);
-  memset(packet + header_size + 1, 0x00, kMaxPacketSize - header_size - 1);
+  uint64_t header_size = GetPacketHeaderSize(
+      framer_.version(), PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion,
+      !kIncludePathId, !kIncludeDiversificationNonce,
+      PACKET_1BYTE_PACKET_NUMBER);
+  memset((framer_.version() <= QUIC_VERSION_33 ? packet : packet_34) +
+             header_size + 1,
+         0x00, kMaxPacketSize - header_size - 1);
 
-  scoped_ptr<QuicPacket> data(BuildDataPacket(header, frames));
+  std::unique_ptr<QuicPacket> data(BuildDataPacket(header, frames));
   ASSERT_TRUE(data != nullptr);
 
-  test::CompareCharArraysWithHexError("constructed packet", data->data(),
-                                      data->length(), AsChars(packet),
-                                      arraysize(packet));
+  test::CompareCharArraysWithHexError(
+      "constructed packet", data->data(), data->length(),
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34));
 }
 
 TEST_P(QuicFramerTest, BuildStreamFramePacket) {
@@ -3540,7 +4690,8 @@ TEST_P(QuicFramerTest, BuildStreamFramePacket) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (8 byte connection_id)
-    0x3C,
+    static_cast<unsigned char>(
+        framer_.version() > QUIC_VERSION_32 ? 0x38 : 0x3C),
     // connection_id
     0x10, 0x32, 0x54, 0x76,
     0x98, 0xBA, 0xDC, 0xFE,
@@ -3562,14 +4713,38 @@ TEST_P(QuicFramerTest, BuildStreamFramePacket) {
     'o',  ' ',  'w',  'o',
     'r',  'l',  'd',  '!',
   };
+  unsigned char packet_34[] = {
+    // public flags (8 byte connection_id)
+    0x38,
+    // connection_id
+    0x10, 0x32, 0x54, 0x76,
+    0x98, 0xBA, 0xDC, 0xFE,
+    // packet number
+    0xBC, 0x9A, 0x78, 0x56,
+    0x34, 0x12,
+
+    // frame type (stream frame with fin and no length)
+    0xDF,
+    // stream id
+    0x04, 0x03, 0x02, 0x01,
+    // offset
+    0x54, 0x76, 0x10, 0x32,
+    0xDC, 0xFE, 0x98, 0xBA,
+    // data
+    'h',  'e',  'l',  'l',
+    'o',  ' ',  'w',  'o',
+    'r',  'l',  'd',  '!',
+  };
   // clang-format on
 
-  scoped_ptr<QuicPacket> data(BuildDataPacket(header, frames));
+  std::unique_ptr<QuicPacket> data(BuildDataPacket(header, frames));
   ASSERT_TRUE(data != nullptr);
 
-  test::CompareCharArraysWithHexError("constructed packet", data->data(),
-                                      data->length(), AsChars(packet),
-                                      arraysize(packet));
+  test::CompareCharArraysWithHexError(
+      "constructed packet", data->data(), data->length(),
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34));
 }
 
 TEST_P(QuicFramerTest, BuildStreamFramePacketWithVersionFlag) {
@@ -3591,7 +4766,8 @@ TEST_P(QuicFramerTest, BuildStreamFramePacketWithVersionFlag) {
   // clang-format off
   unsigned char packet[] = {
       // public flags (version, 8 byte connection_id)
-      0x3D,
+      static_cast<unsigned char>(
+          framer_.version() > QUIC_VERSION_32 ? 0x3D : 0x3D),
       // connection_id
       0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
       // version tag
@@ -3610,15 +4786,36 @@ TEST_P(QuicFramerTest, BuildStreamFramePacketWithVersionFlag) {
       // data
       'h',  'e',  'l',  'l',  'o',  ' ',  'w',  'o',  'r', 'l', 'd', '!',
   };
+  unsigned char packet_34[] = {
+      // public flags (version, 8 byte connection_id)
+      0x3D,
+      // connection_id
+      0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
+      // version tag
+      'Q', '0',  GetQuicVersionDigitTens(), GetQuicVersionDigitOnes(),
+      // packet number
+      0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12,
+
+      // frame type (stream frame with fin and no length)
+      0xDF,
+      // stream id
+      0x04, 0x03, 0x02, 0x01,
+      // offset
+      0x54, 0x76, 0x10, 0x32, 0xDC, 0xFE, 0x98, 0xBA,
+      // data
+      'h',  'e',  'l',  'l',  'o',  ' ',  'w',  'o',  'r', 'l', 'd', '!',
+  };
   // clang-format on
 
   QuicFramerPeer::SetPerspective(&framer_, Perspective::IS_CLIENT);
-  scoped_ptr<QuicPacket> data(BuildDataPacket(header, frames));
+  std::unique_ptr<QuicPacket> data(BuildDataPacket(header, frames));
   ASSERT_TRUE(data != nullptr);
 
-  test::CompareCharArraysWithHexError("constructed packet", data->data(),
-                                      data->length(), AsChars(packet),
-                                      arraysize(packet));
+  test::CompareCharArraysWithHexError(
+      "constructed packet", data->data(), data->length(),
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34));
 }
 
 TEST_P(QuicFramerTest, BuildStreamFramePacketWithMultipathFlag) {
@@ -3642,7 +4839,8 @@ TEST_P(QuicFramerTest, BuildStreamFramePacketWithMultipathFlag) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (8 byte connection_id)
-    0x7C,
+    static_cast<unsigned char>(
+        framer_.version() > QUIC_VERSION_32 ? 0x78 : 0x7C),
     // connection_id
     0x10, 0x32, 0x54, 0x76,
     0x98, 0xBA, 0xDC, 0xFE,
@@ -3666,14 +4864,40 @@ TEST_P(QuicFramerTest, BuildStreamFramePacketWithMultipathFlag) {
     'o',  ' ',  'w',  'o',
     'r',  'l',  'd',  '!',
   };
+  unsigned char packet_34[] = {
+    // public flags (8 byte connection_id)
+    0x78,
+    // connection_id
+    0x10, 0x32, 0x54, 0x76,
+    0x98, 0xBA, 0xDC, 0xFE,
+    // path_id
+    0x42,
+    // packet number
+    0xBC, 0x9A, 0x78, 0x56,
+    0x34, 0x12,
+
+    // frame type (stream frame with fin and no length)
+    0xDF,
+    // stream id
+    0x04, 0x03, 0x02, 0x01,
+    // offset
+    0x54, 0x76, 0x10, 0x32,
+    0xDC, 0xFE, 0x98, 0xBA,
+    // data
+    'h',  'e',  'l',  'l',
+    'o',  ' ',  'w',  'o',
+    'r',  'l',  'd',  '!',
+  };
   // clang-format on
 
-  scoped_ptr<QuicPacket> data(BuildDataPacket(header, frames));
+  std::unique_ptr<QuicPacket> data(BuildDataPacket(header, frames));
   ASSERT_TRUE(data != nullptr);
 
-  test::CompareCharArraysWithHexError("constructed packet", data->data(),
-                                      data->length(), AsChars(packet),
-                                      arraysize(packet));
+  test::CompareCharArraysWithHexError(
+      "constructed packet", data->data(), data->length(),
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34));
 }
 
 TEST_P(QuicFramerTest, BuildStreamFramePacketWithBothVersionAndMultipathFlag) {
@@ -3697,7 +4921,8 @@ TEST_P(QuicFramerTest, BuildStreamFramePacketWithBothVersionAndMultipathFlag) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (8 byte connection_id)
-    0x7D,
+    static_cast<unsigned char>(
+        framer_.version() > QUIC_VERSION_32 ? 0x7D : 0x7D),
     // connection_id
     0x10, 0x32, 0x54, 0x76,
     0x98, 0xBA, 0xDC, 0xFE,
@@ -3723,15 +4948,43 @@ TEST_P(QuicFramerTest, BuildStreamFramePacketWithBothVersionAndMultipathFlag) {
     'o',  ' ',  'w',  'o',
     'r',  'l',  'd',  '!',
   };
+  unsigned char packet_34[] = {
+    // public flags (8 byte connection_id)
+    0x7D,
+    // connection_id
+    0x10, 0x32, 0x54, 0x76,
+    0x98, 0xBA, 0xDC, 0xFE,
+    // version tag
+    'Q', '0', GetQuicVersionDigitTens(), GetQuicVersionDigitOnes(),
+    // path_id
+    0x42,
+    // packet number
+    0xBC, 0x9A, 0x78, 0x56,
+    0x34, 0x12,
+
+    // frame type (stream frame with fin and no length)
+    0xDF,
+    // stream id
+    0x04, 0x03, 0x02, 0x01,
+    // offset
+    0x54, 0x76, 0x10, 0x32,
+    0xDC, 0xFE, 0x98, 0xBA,
+    // data
+    'h',  'e',  'l',  'l',
+    'o',  ' ',  'w',  'o',
+    'r',  'l',  'd',  '!',
+  };
   // clang-format on
 
   QuicFramerPeer::SetPerspective(&framer_, Perspective::IS_CLIENT);
-  scoped_ptr<QuicPacket> data(BuildDataPacket(header, frames));
+  std::unique_ptr<QuicPacket> data(BuildDataPacket(header, frames));
   ASSERT_TRUE(data != nullptr);
 
-  test::CompareCharArraysWithHexError("constructed packet", data->data(),
-                                      data->length(), AsChars(packet),
-                                      arraysize(packet));
+  test::CompareCharArraysWithHexError(
+      "constructed packet", data->data(), data->length(),
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34));
 }
 
 TEST_P(QuicFramerTest, BuildVersionNegotiationPacket) {
@@ -3747,14 +5000,19 @@ TEST_P(QuicFramerTest, BuildVersionNegotiationPacket) {
   // clang-format on
 
   QuicConnectionId connection_id = kConnectionId;
-  scoped_ptr<QuicEncryptedPacket> data(framer_.BuildVersionNegotiationPacket(
-      connection_id, SupportedVersions(GetParam())));
+  std::unique_ptr<QuicEncryptedPacket> data(
+      framer_.BuildVersionNegotiationPacket(connection_id,
+                                            SupportedVersions(GetParam())));
   test::CompareCharArraysWithHexError("constructed packet", data->data(),
                                       data->length(), AsChars(packet),
                                       arraysize(packet));
 }
 
 TEST_P(QuicFramerTest, BuildAckFramePacket) {
+  if (framer_.version() > QUIC_VERSION_33) {
+    return;
+  }
+
   QuicPacketHeader header;
   header.public_header.connection_id = kConnectionId;
   header.public_header.reset_flag = false;
@@ -3768,7 +5026,7 @@ TEST_P(QuicFramerTest, BuildAckFramePacket) {
   ack_frame.entropy_hash = 0x43;
   ack_frame.largest_observed = kLargestObserved;
   ack_frame.ack_delay_time = QuicTime::Delta::Zero();
-  ack_frame.missing_packets.Add(kMissingPacket);
+  ack_frame.packets.Add(kMissingPacket);
 
   QuicFrames frames;
   frames.push_back(QuicFrame(&ack_frame));
@@ -3809,7 +5067,8 @@ TEST_P(QuicFramerTest, BuildAckFramePacket) {
   // clang-format off
   unsigned char packet_version32[] = {
       // public flags (8 byte connection_id)
-      0x3C,
+      static_cast<unsigned char>(
+          framer_.version() > QUIC_VERSION_32 ? 0x38 : 0x3C),
       // connection_id
       0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
       // packet number
@@ -3837,7 +5096,7 @@ TEST_P(QuicFramerTest, BuildAckFramePacket) {
   };
   // clang-format on
 
-  scoped_ptr<QuicPacket> data(BuildDataPacket(header, frames));
+  std::unique_ptr<QuicPacket> data(BuildDataPacket(header, frames));
   ASSERT_TRUE(data != nullptr);
 
   if (framer_.version() <= QUIC_VERSION_31) {
@@ -3855,6 +5114,10 @@ TEST_P(QuicFramerTest, BuildAckFramePacket) {
 // revived packets. (In both the large and small packet cases below).
 
 TEST_P(QuicFramerTest, BuildTruncatedAckFrameLargePacket) {
+  if (framer_.version() > QUIC_VERSION_33) {
+    return;
+  }
+
   QuicPacketHeader header;
   header.public_header.connection_id = kConnectionId;
   header.public_header.reset_flag = false;
@@ -3872,7 +5135,7 @@ TEST_P(QuicFramerTest, BuildTruncatedAckFrameLargePacket) {
   ack_frame.largest_observed = 2 * 300;
   ack_frame.ack_delay_time = QuicTime::Delta::Zero();
   for (size_t i = 1; i < 2 * 300; i += 2) {
-    ack_frame.missing_packets.Add(i);
+    ack_frame.packets.Add(i);
   }
 
   QuicFrames frames;
@@ -3960,7 +5223,8 @@ TEST_P(QuicFramerTest, BuildTruncatedAckFrameLargePacket) {
   // clang-format off
   unsigned char packet_version32[] = {
       // public flags (8 byte connection_id)
-      0x3C,
+      static_cast<unsigned char>(
+          framer_.version() > QUIC_VERSION_32 ? 0x38 : 0x3C),
       // connection_id
       0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
       // packet number
@@ -4033,7 +5297,7 @@ TEST_P(QuicFramerTest, BuildTruncatedAckFrameLargePacket) {
   };
   // clang-format on
 
-  scoped_ptr<QuicPacket> data(BuildDataPacket(header, frames));
+  std::unique_ptr<QuicPacket> data(BuildDataPacket(header, frames));
   ASSERT_TRUE(data != nullptr);
 
   if (framer_.version() <= QUIC_VERSION_31) {
@@ -4048,6 +5312,10 @@ TEST_P(QuicFramerTest, BuildTruncatedAckFrameLargePacket) {
 }
 
 TEST_P(QuicFramerTest, BuildTruncatedAckFrameSmallPacket) {
+  if (framer_.version() > QUIC_VERSION_33) {
+    return;
+  }
+
   QuicPacketHeader header;
   header.public_header.connection_id = kConnectionId;
   header.public_header.reset_flag = false;
@@ -4065,7 +5333,7 @@ TEST_P(QuicFramerTest, BuildTruncatedAckFrameSmallPacket) {
   ack_frame.largest_observed = 2 * 300;
   ack_frame.ack_delay_time = QuicTime::Delta::Zero();
   for (size_t i = 1; i < 2 * 300; i += 2) {
-    ack_frame.missing_packets.Add(i);
+    ack_frame.packets.Add(i);
   }
 
   QuicFrames frames;
@@ -4074,7 +5342,7 @@ TEST_P(QuicFramerTest, BuildTruncatedAckFrameSmallPacket) {
   // clang-format off
   unsigned char packet[] = {
       // public flags (8 byte connection_id)
-      0x3C,
+     0x3C,
       // connection_id
       0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
       // packet number
@@ -4106,7 +5374,8 @@ TEST_P(QuicFramerTest, BuildTruncatedAckFrameSmallPacket) {
   // clang-format off
   unsigned char packet_version32[] = {
       // public flags (8 byte connection_id)
-      0x3C,
+      static_cast<unsigned char>(
+          framer_.version() > QUIC_VERSION_32 ? 0x38 : 0x3C),
       // connection_id
       0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
       // packet number
@@ -4134,7 +5403,7 @@ TEST_P(QuicFramerTest, BuildTruncatedAckFrameSmallPacket) {
   // clang-format on
 
   if (framer_.version() <= QUIC_VERSION_31) {
-    scoped_ptr<QuicPacket> data(BuildDataPacket(header, frames, 37u));
+    std::unique_ptr<QuicPacket> data(BuildDataPacket(header, frames, 37u));
     ASSERT_TRUE(data != nullptr);
     // Expect 1 byte unused since at least 2 bytes are needed to fit more nacks.
     EXPECT_EQ(36u, data->length());
@@ -4142,7 +5411,7 @@ TEST_P(QuicFramerTest, BuildTruncatedAckFrameSmallPacket) {
                                         data->length(), AsChars(packet),
                                         arraysize(packet));
   } else {
-    scoped_ptr<QuicPacket> data(BuildDataPacket(header, frames, 36u));
+    std::unique_ptr<QuicPacket> data(BuildDataPacket(header, frames, 36u));
     ASSERT_TRUE(data != nullptr);
     // Expect 1 byte unused since at least 2 bytes are needed to fit more nacks.
     EXPECT_EQ(35u, data->length());
@@ -4152,7 +5421,262 @@ TEST_P(QuicFramerTest, BuildTruncatedAckFrameSmallPacket) {
   }
 }
 
+TEST_P(QuicFramerTest, BuildNewAckFramePacketOneAckBlock) {
+  if (framer_.version() <= QUIC_VERSION_33) {
+    return;
+  }
+
+  QuicPacketHeader header;
+  header.public_header.connection_id = kConnectionId;
+  header.public_header.reset_flag = false;
+  header.public_header.version_flag = false;
+  header.packet_number = kPacketNumber;
+
+  // Use kSmallLargestObserved to make this test finished in a short time.
+  QuicAckFrame ack_frame;
+  ack_frame.largest_observed = kSmallLargestObserved;
+  ack_frame.ack_delay_time = QuicTime::Delta::Zero();
+  ack_frame.missing = false;
+  ack_frame.packets.Add(1, kSmallLargestObserved + 1);
+
+  QuicFrames frames;
+  frames.push_back(QuicFrame(&ack_frame));
+
+  // clang-format off
+  unsigned char packet[] = {
+      // public flags (8 byte connection_id)
+      0x38,
+      // connection_id
+      0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
+      // packet number
+      0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12,
+
+      // frame type (ack frame)
+      // (no ack blocks, 2 byte largest observed, 2 byte block length)
+      0x45,
+      // largest acked
+      0x34, 0x12,
+      // Zero delta time.
+      0x00, 0x00,
+      // first ack block length.
+      0x34, 0x12,
+      // num timestamps.
+      0x00,
+  };
+  // clang-format on
+
+  std::unique_ptr<QuicPacket> data(BuildDataPacket(header, frames));
+  ASSERT_TRUE(data != nullptr);
+
+  test::CompareCharArraysWithHexError("constructed packet", data->data(),
+                                      data->length(), AsChars(packet),
+                                      arraysize(packet));
+}
+
+TEST_P(QuicFramerTest, BuildNewAckFramePacketMultipleAckBlocks) {
+  if (framer_.version() <= QUIC_VERSION_33) {
+    return;
+  }
+
+  QuicPacketHeader header;
+  header.public_header.connection_id = kConnectionId;
+  header.public_header.reset_flag = false;
+  header.public_header.version_flag = false;
+  header.packet_number = kPacketNumber;
+
+  // Use kSmallLargestObserved to make this test finished in a short time.
+  QuicAckFrame ack_frame;
+  ack_frame.largest_observed = kSmallLargestObserved;
+  ack_frame.ack_delay_time = QuicTime::Delta::Zero();
+  ack_frame.missing = false;
+  ack_frame.packets.Add(1, 5);
+  ack_frame.packets.Add(10, 500);
+  ack_frame.packets.Add(900, kSmallMissingPacket);
+  ack_frame.packets.Add(kSmallMissingPacket + 1, kSmallLargestObserved + 1);
+
+  QuicFrames frames;
+  frames.push_back(QuicFrame(&ack_frame));
+
+  // clang-format off
+  unsigned char packet[] = {
+      // public flags (8 byte connection_id)
+      0x38,
+      // connection_id
+      0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
+      // packet number
+      0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12,
+
+      // frame type (ack frame)
+      // (has ack blocks, 2 byte largest observed, 2 byte block length)
+      0x65,
+      // largest acked
+      0x34, 0x12,
+      // Zero delta time.
+      0x00, 0x00,
+      // num ack blocks ranges.
+      0x04,
+      // first ack block length.
+      0x01, 0x00,
+      // gap to next block.
+      0x01,
+      // ack block length.
+      0xaf, 0x0e,
+      // gap to next block.
+      0xff,
+      // ack block length.
+      0x00, 0x00,
+      // gap to next block.
+      0x91,
+      // ack block length.
+      0xea, 0x01,
+      // gap to next block.
+      0x05,
+      // ack block length.
+      0x04, 0x00,
+      // num timestamps.
+      0x00,
+  };
+  // clang-format on
+
+  std::unique_ptr<QuicPacket> data(BuildDataPacket(header, frames));
+  ASSERT_TRUE(data != nullptr);
+
+  test::CompareCharArraysWithHexError("constructed packet", data->data(),
+                                      data->length(), AsChars(packet),
+                                      arraysize(packet));
+}
+
+TEST_P(QuicFramerTest, BuildNewAckFramePacketMaxAckBlocks) {
+  if (framer_.version() <= QUIC_VERSION_33) {
+    return;
+  }
+
+  QuicPacketHeader header;
+  header.public_header.connection_id = kConnectionId;
+  header.public_header.reset_flag = false;
+  header.public_header.version_flag = false;
+  header.packet_number = kPacketNumber;
+
+  // Use kSmallLargestObservedto make this test finished in a short time.
+  QuicAckFrame ack_frame;
+  ack_frame.largest_observed = kSmallLargestObserved;
+  ack_frame.ack_delay_time = QuicTime::Delta::Zero();
+  ack_frame.missing = false;
+  // 300 ack blocks.
+  for (size_t i = 2; i < 2 * 300; i += 2) {
+    ack_frame.packets.Add(i);
+  }
+  ack_frame.packets.Add(600, kSmallLargestObserved + 1);
+
+  QuicFrames frames;
+  frames.push_back(QuicFrame(&ack_frame));
+
+  // clang-format off
+  unsigned char packet[] = {
+      // public flags (8 byte connection_id)
+      0x38,
+      // connection_id
+      0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
+      // packet number
+      0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12,
+      // frame type (ack frame)
+      // (has ack blocks, 2 byte largest observed, 2 byte block length)
+      0x65,
+      // largest acked
+      0x34, 0x12,
+      // Zero delta time.
+      0x00, 0x00,
+      // num ack blocks ranges.
+      0xff,
+      // first ack block length.
+      0xdd, 0x0f,
+      // 255 = 4 * 63 + 3
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00,
+      // num timestamps.
+      0x00,
+  };
+
+  std::unique_ptr<QuicPacket> data(BuildDataPacket(header, frames));
+  ASSERT_TRUE(data != nullptr);
+
+  test::CompareCharArraysWithHexError("constructed packet", data->data(),
+                                      data->length(), AsChars(packet),
+                                      arraysize(packet));
+}
+
 TEST_P(QuicFramerTest, BuildStopWaitingPacket) {
+  if (framer_.version() > QUIC_VERSION_33) {
+    return;
+  }
   QuicPacketHeader header;
   header.public_header.connection_id = kConnectionId;
   header.public_header.reset_flag = false;
@@ -4172,7 +5696,8 @@ TEST_P(QuicFramerTest, BuildStopWaitingPacket) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (8 byte connection_id)
-    0x3C,
+    static_cast<unsigned char>(
+        framer_.version() > QUIC_VERSION_32 ? 0x38 : 0x3C),
     // connection_id
     0x10, 0x32, 0x54, 0x76,
     0x98, 0xBA, 0xDC, 0xFE,
@@ -4191,7 +5716,52 @@ TEST_P(QuicFramerTest, BuildStopWaitingPacket) {
   };
   // clang-format on
 
-  scoped_ptr<QuicPacket> data(BuildDataPacket(header, frames));
+  std::unique_ptr<QuicPacket> data(BuildDataPacket(header, frames));
+  ASSERT_TRUE(data != nullptr);
+
+  test::CompareCharArraysWithHexError("constructed packet", data->data(),
+                                      data->length(), AsChars(packet),
+                                      arraysize(packet));
+}
+
+TEST_P(QuicFramerTest, BuildNewStopWaitingPacket) {
+  if (framer_.version() <= QUIC_VERSION_33) {
+    return;
+  }
+  QuicPacketHeader header;
+  header.public_header.connection_id = kConnectionId;
+  header.public_header.reset_flag = false;
+  header.public_header.version_flag = false;
+  header.fec_flag = false;
+  header.entropy_flag = false;
+  header.packet_number = kPacketNumber;
+  header.fec_group = 0;
+
+  QuicStopWaitingFrame stop_waiting_frame;
+  stop_waiting_frame.least_unacked = kLeastUnacked;
+
+  QuicFrames frames;
+  frames.push_back(QuicFrame(&stop_waiting_frame));
+
+  // clang-format off
+  unsigned char packet[] = {
+    // public flags (8 byte connection_id)
+    0x38,
+    // connection_id
+    0x10, 0x32, 0x54, 0x76,
+    0x98, 0xBA, 0xDC, 0xFE,
+    // packet number
+    0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12,
+
+    // frame type (stop waiting frame)
+    0x06,
+    // least packet number awaiting an ack, delta from packet number.
+    0x1C, 0x00, 0x00, 0x00,
+    0x00, 0x00,
+  };
+  // clang-format on
+
+  std::unique_ptr<QuicPacket> data(BuildDataPacket(header, frames));
   ASSERT_TRUE(data != nullptr);
 
   test::CompareCharArraysWithHexError("constructed packet", data->data(),
@@ -4217,7 +5787,8 @@ TEST_P(QuicFramerTest, BuildRstFramePacketQuic) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (8 byte connection_id)
-    0x3C,
+    static_cast<unsigned char>(
+        framer_.version() > QUIC_VERSION_32 ? 0x38 : 0x3C),
     // connection_id
     0x10, 0x32, 0x54, 0x76,
     0x98, 0xBA, 0xDC, 0xFE,
@@ -4237,17 +5808,39 @@ TEST_P(QuicFramerTest, BuildRstFramePacketQuic) {
     // error code
     0x08, 0x07, 0x06, 0x05,
   };
+  unsigned char packet_34[] = {
+    // public flags (8 byte connection_id)
+    0x38,
+    // connection_id
+    0x10, 0x32, 0x54, 0x76,
+    0x98, 0xBA, 0xDC, 0xFE,
+    // packet number
+    0xBC, 0x9A, 0x78, 0x56,
+    0x34, 0x12,
+
+    // frame type (rst stream frame)
+    0x01,
+    // stream id
+    0x04, 0x03, 0x02, 0x01,
+    // sent byte offset
+    0x01, 0x02, 0x03, 0x04,
+    0x05, 0x06, 0x07, 0x08,
+    // error code
+    0x08, 0x07, 0x06, 0x05,
+  };
   // clang-format on
 
   QuicFrames frames;
   frames.push_back(QuicFrame(&rst_frame));
 
-  scoped_ptr<QuicPacket> data(BuildDataPacket(header, frames));
+  std::unique_ptr<QuicPacket> data(BuildDataPacket(header, frames));
   ASSERT_TRUE(data != nullptr);
 
-  test::CompareCharArraysWithHexError("constructed packet", data->data(),
-                                      data->length(), AsChars(packet),
-                                      arraysize(packet));
+  test::CompareCharArraysWithHexError(
+      "constructed packet", data->data(), data->length(),
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34));
 }
 
 TEST_P(QuicFramerTest, BuildCloseFramePacket) {
@@ -4270,7 +5863,8 @@ TEST_P(QuicFramerTest, BuildCloseFramePacket) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (8 byte connection_id)
-    0x3C,
+    static_cast<unsigned char>(
+        framer_.version() > QUIC_VERSION_32 ? 0x38 : 0x3C),
     // connection_id
     0x10, 0x32, 0x54, 0x76,
     0x98, 0xBA, 0xDC, 0xFE,
@@ -4292,14 +5886,39 @@ TEST_P(QuicFramerTest, BuildCloseFramePacket) {
     'I',  ' ',  'c',  'a',
     'n',
   };
+  unsigned char packet_34[] = {
+    // public flags (8 byte connection_id)
+    static_cast<unsigned char>(
+        framer_.version() > QUIC_VERSION_32 ? 0x38 : 0x3C),
+    // connection_id
+    0x10, 0x32, 0x54, 0x76,
+    0x98, 0xBA, 0xDC, 0xFE,
+    // packet number
+    0xBC, 0x9A, 0x78, 0x56,
+    0x34, 0x12,
+
+    // frame type (connection close frame)
+    0x02,
+    // error code
+    0x08, 0x07, 0x06, 0x05,
+    // error details length
+    0x0d, 0x00,
+    // error details
+    'b',  'e',  'c',  'a',
+    'u',  's',  'e',  ' ',
+    'I',  ' ',  'c',  'a',
+    'n',
+  };
   // clang-format on
 
-  scoped_ptr<QuicPacket> data(BuildDataPacket(header, frames));
+  std::unique_ptr<QuicPacket> data(BuildDataPacket(header, frames));
   ASSERT_TRUE(data != nullptr);
 
-  test::CompareCharArraysWithHexError("constructed packet", data->data(),
-                                      data->length(), AsChars(packet),
-                                      arraysize(packet));
+  test::CompareCharArraysWithHexError(
+      "constructed packet", data->data(), data->length(),
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34));
 }
 
 TEST_P(QuicFramerTest, BuildGoAwayPacket) {
@@ -4323,7 +5942,8 @@ TEST_P(QuicFramerTest, BuildGoAwayPacket) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (8 byte connection_id)
-    0x3C,
+    static_cast<unsigned char>(
+        framer_.version() > QUIC_VERSION_32 ? 0x38 : 0x3C),
     // connection_id
     0x10, 0x32, 0x54, 0x76,
     0x98, 0xBA, 0xDC, 0xFE,
@@ -4347,14 +5967,40 @@ TEST_P(QuicFramerTest, BuildGoAwayPacket) {
     'I',  ' ',  'c',  'a',
     'n',
   };
+  unsigned char packet_34[] = {
+    // public flags (8 byte connection_id)
+    0x38,
+    // connection_id
+    0x10, 0x32, 0x54, 0x76,
+    0x98, 0xBA, 0xDC, 0xFE,
+    // packet number
+    0xBC, 0x9A, 0x78, 0x56,
+    0x34, 0x12,
+
+    // frame type (go away frame)
+    0x03,
+    // error code
+    0x08, 0x07, 0x06, 0x05,
+    // stream id
+    0x04, 0x03, 0x02, 0x01,
+    // error details length
+    0x0d, 0x00,
+    // error details
+    'b',  'e',  'c',  'a',
+    'u',  's',  'e',  ' ',
+    'I',  ' ',  'c',  'a',
+    'n',
+  };
   // clang-format on
 
-  scoped_ptr<QuicPacket> data(BuildDataPacket(header, frames));
+  std::unique_ptr<QuicPacket> data(BuildDataPacket(header, frames));
   ASSERT_TRUE(data != nullptr);
 
-  test::CompareCharArraysWithHexError("constructed packet", data->data(),
-                                      data->length(), AsChars(packet),
-                                      arraysize(packet));
+  test::CompareCharArraysWithHexError(
+      "constructed packet", data->data(), data->length(),
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34));
 }
 
 TEST_P(QuicFramerTest, BuildWindowUpdatePacket) {
@@ -4377,7 +6023,8 @@ TEST_P(QuicFramerTest, BuildWindowUpdatePacket) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (8 byte connection_id)
-    0x3C,
+    static_cast<unsigned char>(
+        framer_.version() > QUIC_VERSION_32 ? 0x38 : 0x3C),
     // connection_id
     0x10, 0x32, 0x54, 0x76,
     0x98, 0xBA, 0xDC, 0xFE,
@@ -4395,14 +6042,34 @@ TEST_P(QuicFramerTest, BuildWindowUpdatePacket) {
     0x88, 0x77, 0x66, 0x55,
     0x44, 0x33, 0x22, 0x11,
   };
+  unsigned char packet_34[] = {
+    // public flags (8 byte connection_id)
+    0x38,
+    // connection_id
+    0x10, 0x32, 0x54, 0x76,
+    0x98, 0xBA, 0xDC, 0xFE,
+    // packet number
+    0xBC, 0x9A, 0x78, 0x56,
+    0x34, 0x12,
+
+    // frame type (window update frame)
+    0x04,
+    // stream id
+    0x04, 0x03, 0x02, 0x01,
+    // byte offset
+    0x88, 0x77, 0x66, 0x55,
+    0x44, 0x33, 0x22, 0x11,
+  };
   // clang-format on
 
-  scoped_ptr<QuicPacket> data(BuildDataPacket(header, frames));
+  std::unique_ptr<QuicPacket> data(BuildDataPacket(header, frames));
   ASSERT_TRUE(data != nullptr);
 
-  test::CompareCharArraysWithHexError("constructed packet", data->data(),
-                                      data->length(), AsChars(packet),
-                                      arraysize(packet));
+  test::CompareCharArraysWithHexError(
+      "constructed packet", data->data(), data->length(),
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34));
 }
 
 TEST_P(QuicFramerTest, BuildBlockedPacket) {
@@ -4424,7 +6091,8 @@ TEST_P(QuicFramerTest, BuildBlockedPacket) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (8 byte connection_id)
-    0x3C,
+    static_cast<unsigned char>(
+        framer_.version() > QUIC_VERSION_32 ? 0x38 : 0x3C),
     // connection_id
     0x10, 0x32, 0x54, 0x76,
     0x98, 0xBA, 0xDC, 0xFE,
@@ -4439,14 +6107,31 @@ TEST_P(QuicFramerTest, BuildBlockedPacket) {
     // stream id
     0x04, 0x03, 0x02, 0x01,
   };
+  unsigned char packet_34[] = {
+    // public flags (8 byte connection_id)
+    0x38,
+    // connection_id
+    0x10, 0x32, 0x54, 0x76,
+    0x98, 0xBA, 0xDC, 0xFE,
+    // packet number
+    0xBC, 0x9A, 0x78, 0x56,
+    0x34, 0x12,
+
+    // frame type (blocked frame)
+    0x05,
+    // stream id
+    0x04, 0x03, 0x02, 0x01,
+  };
   // clang-format on
 
-  scoped_ptr<QuicPacket> data(BuildDataPacket(header, frames));
+  std::unique_ptr<QuicPacket> data(BuildDataPacket(header, frames));
   ASSERT_TRUE(data != nullptr);
 
-  test::CompareCharArraysWithHexError("constructed packet", data->data(),
-                                      data->length(), AsChars(packet),
-                                      arraysize(packet));
+  test::CompareCharArraysWithHexError(
+      "constructed packet", data->data(), data->length(),
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34));
 }
 
 TEST_P(QuicFramerTest, BuildPingPacket) {
@@ -4467,7 +6152,8 @@ TEST_P(QuicFramerTest, BuildPingPacket) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (8 byte connection_id)
-    0x3C,
+    static_cast<unsigned char>(
+        framer_.version() > QUIC_VERSION_32 ? 0x38 : 0x3C),
     // connection_id
     0x10, 0x32, 0x54, 0x76,
     0x98, 0xBA, 0xDC, 0xFE,
@@ -4480,14 +6166,30 @@ TEST_P(QuicFramerTest, BuildPingPacket) {
     // frame type (ping frame)
     0x07,
   };
+  unsigned char packet_34[] = {
+    // public flags (8 byte connection_id)
+    static_cast<unsigned char>(
+        framer_.version() > QUIC_VERSION_32 ? 0x38 : 0x3C),
+    // connection_id
+    0x10, 0x32, 0x54, 0x76,
+    0x98, 0xBA, 0xDC, 0xFE,
+    // packet number
+    0xBC, 0x9A, 0x78, 0x56,
+    0x34, 0x12,
+
+    // frame type (ping frame)
+    0x07,
+  };
   // clang-format on
 
-  scoped_ptr<QuicPacket> data(BuildDataPacket(header, frames));
+  std::unique_ptr<QuicPacket> data(BuildDataPacket(header, frames));
   ASSERT_TRUE(data != nullptr);
 
-  test::CompareCharArraysWithHexError("constructed packet", data->data(),
-                                      data->length(), AsChars(packet),
-                                      arraysize(packet));
+  test::CompareCharArraysWithHexError(
+      "constructed packet", data->data(), data->length(),
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34));
 }
 
 TEST_P(QuicFramerTest, BuildPathClosePacket) {
@@ -4510,7 +6212,8 @@ TEST_P(QuicFramerTest, BuildPathClosePacket) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (version)
-    0x7C,
+    static_cast<unsigned char>(
+        framer_.version() > QUIC_VERSION_32 ? 0x78 : 0X7C),
     // connection_id
     0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
     // path_id
@@ -4525,14 +6228,32 @@ TEST_P(QuicFramerTest, BuildPathClosePacket) {
     // path id
     0x42,
   };
+  unsigned char packet_34[] = {
+    // public flags (version)
+    static_cast<unsigned char>(
+        framer_.version() > QUIC_VERSION_32 ? 0x78 : 0X7C),
+    // connection_id
+    0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE,
+    // path_id
+    0x00,
+    // packet number
+    0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12,
+
+    // frame type (path_close_frame)
+    0x08,
+    // path id
+    0x42,
+  };
   // clang-format on
 
-  scoped_ptr<QuicPacket> data(BuildDataPacket(header, frames));
+  std::unique_ptr<QuicPacket> data(BuildDataPacket(header, frames));
   ASSERT_TRUE(data != nullptr);
 
-  test::CompareCharArraysWithHexError("constructed packet", data->data(),
-                                      data->length(), AsChars(packet),
-                                      arraysize(packet));
+  test::CompareCharArraysWithHexError(
+      "constructed packet", data->data(), data->length(),
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34));
 }
 
 // Test that the MTU discovery packet is serialized correctly as a PING packet.
@@ -4554,7 +6275,8 @@ TEST_P(QuicFramerTest, BuildMtuDiscoveryPacket) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (8 byte connection_id)
-    0x3C,
+    static_cast<unsigned char>(
+        framer_.version() > QUIC_VERSION_32 ? 0x38 : 0x3C),
     // connection_id
     0x10, 0x32, 0x54, 0x76,
     0x98, 0xBA, 0xDC, 0xFE,
@@ -4567,9 +6289,71 @@ TEST_P(QuicFramerTest, BuildMtuDiscoveryPacket) {
     // frame type (ping frame)
     0x07,
   };
+  unsigned char packet_34[] = {
+    // public flags (8 byte connection_id)
+    static_cast<unsigned char>(
+        framer_.version() > QUIC_VERSION_32 ? 0x38 : 0x3C),
+    // connection_id
+    0x10, 0x32, 0x54, 0x76,
+    0x98, 0xBA, 0xDC, 0xFE,
+    // packet number
+    0xBC, 0x9A, 0x78, 0x56,
+    0x34, 0x12,
+
+    // frame type (ping frame)
+    0x07,
+  };
+  // clang-format on
+
+  std::unique_ptr<QuicPacket> data(BuildDataPacket(header, frames));
+  ASSERT_TRUE(data != nullptr);
+
+  test::CompareCharArraysWithHexError(
+      "constructed packet", data->data(), data->length(),
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34));
+}
+
+TEST_P(QuicFramerTest, BuildPublicResetPacketOld) {
+  FLAGS_quic_use_old_public_reset_packets = true;
+  QuicPublicResetPacket reset_packet;
+  reset_packet.public_header.connection_id = kConnectionId;
+  reset_packet.public_header.reset_flag = true;
+  reset_packet.public_header.version_flag = false;
+  reset_packet.rejected_packet_number = kPacketNumber;
+  reset_packet.nonce_proof = kNonceProof;
+
+  // clang-format off
+  unsigned char packet[] = {
+    // public flags (public reset, 8 byte ConnectionId)
+    0x0E,
+    // connection_id
+    0x10, 0x32, 0x54, 0x76,
+    0x98, 0xBA, 0xDC, 0xFE,
+    // message tag (kPRST)
+    'P', 'R', 'S', 'T',
+    // num_entries (2) + padding
+    0x02, 0x00, 0x00, 0x00,
+    // tag kRNON
+    'R', 'N', 'O', 'N',
+    // end offset 8
+    0x08, 0x00, 0x00, 0x00,
+    // tag kRSEQ
+    'R', 'S', 'E', 'Q',
+    // end offset 16
+    0x10, 0x00, 0x00, 0x00,
+    // nonce proof
+    0x89, 0x67, 0x45, 0x23,
+    0x01, 0xEF, 0xCD, 0xAB,
+    // rejected packet number
+    0xBC, 0x9A, 0x78, 0x56,
+    0x34, 0x12, 0x00, 0x00,
+  };
   // clang-format on
 
-  scoped_ptr<QuicPacket> data(BuildDataPacket(header, frames));
+  std::unique_ptr<QuicEncryptedPacket> data(
+      framer_.BuildPublicResetPacket(reset_packet));
   ASSERT_TRUE(data != nullptr);
 
   test::CompareCharArraysWithHexError("constructed packet", data->data(),
@@ -4578,6 +6362,7 @@ TEST_P(QuicFramerTest, BuildMtuDiscoveryPacket) {
 }
 
 TEST_P(QuicFramerTest, BuildPublicResetPacket) {
+  FLAGS_quic_use_old_public_reset_packets = false;
   QuicPublicResetPacket reset_packet;
   reset_packet.public_header.connection_id = kConnectionId;
   reset_packet.public_header.reset_flag = true;
@@ -4588,7 +6373,7 @@ TEST_P(QuicFramerTest, BuildPublicResetPacket) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (public reset, 8 byte ConnectionId)
-    0x0E,
+    0x0A,
     // connection_id
     0x10, 0x32, 0x54, 0x76,
     0x98, 0xBA, 0xDC, 0xFE,
@@ -4613,7 +6398,7 @@ TEST_P(QuicFramerTest, BuildPublicResetPacket) {
   };
   // clang-format on
 
-  scoped_ptr<QuicEncryptedPacket> data(
+  std::unique_ptr<QuicEncryptedPacket> data(
       framer_.BuildPublicResetPacket(reset_packet));
   ASSERT_TRUE(data != nullptr);
 
@@ -4623,6 +6408,7 @@ TEST_P(QuicFramerTest, BuildPublicResetPacket) {
 }
 
 TEST_P(QuicFramerTest, BuildPublicResetPacketWithClientAddress) {
+  FLAGS_quic_use_old_public_reset_packets = false;
   QuicPublicResetPacket reset_packet;
   reset_packet.public_header.connection_id = kConnectionId;
   reset_packet.public_header.reset_flag = true;
@@ -4634,7 +6420,7 @@ TEST_P(QuicFramerTest, BuildPublicResetPacketWithClientAddress) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (public reset, 8 byte ConnectionId)
-    0x0E,
+    0x0A,
     // connection_id
     0x10, 0x32, 0x54, 0x76,
     0x98, 0xBA, 0xDC, 0xFE,
@@ -4667,7 +6453,7 @@ TEST_P(QuicFramerTest, BuildPublicResetPacketWithClientAddress) {
   };
   // clang-format on
 
-  scoped_ptr<QuicEncryptedPacket> data(
+  std::unique_ptr<QuicEncryptedPacket> data(
       framer_.BuildPublicResetPacket(reset_packet));
   ASSERT_TRUE(data != nullptr);
 
@@ -4681,7 +6467,8 @@ TEST_P(QuicFramerTest, EncryptPacket) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (8 byte connection_id)
-    0x3C,
+    static_cast<unsigned char>(
+        framer_.version() > QUIC_VERSION_32 ? 0x38 : 0x3C),
     // connection_id
     0x10, 0x32, 0x54, 0x76,
     0x98, 0xBA, 0xDC, 0xFE,
@@ -4697,11 +6484,31 @@ TEST_P(QuicFramerTest, EncryptPacket) {
     'i',  'j',  'k',  'l',
     'm',  'n',  'o',  'p',
   };
+  unsigned char packet_34[] = {
+    // public flags (8 byte connection_id)
+    static_cast<unsigned char>(
+        framer_.version() > QUIC_VERSION_32 ? 0x38 : 0x3C),
+    // connection_id
+    0x10, 0x32, 0x54, 0x76,
+    0x98, 0xBA, 0xDC, 0xFE,
+    // packet number
+    0xBC, 0x9A, 0x78, 0x56,
+    0x34, 0x12,
+
+    // redundancy
+    'a',  'b',  'c',  'd',
+    'e',  'f',  'g',  'h',
+    'i',  'j',  'k',  'l',
+    'm',  'n',  'o',  'p',
+  };
   // clang-format on
 
-  scoped_ptr<QuicPacket> raw(new QuicPacket(
-      AsChars(packet), arraysize(packet), false, PACKET_8BYTE_CONNECTION_ID,
-      !kIncludeVersion, !kIncludePathId, PACKET_6BYTE_PACKET_NUMBER));
+  std::unique_ptr<QuicPacket> raw(new QuicPacket(
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34),
+      false, PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion, !kIncludePathId,
+      !kIncludeDiversificationNonce, PACKET_6BYTE_PACKET_NUMBER));
   char buffer[kMaxPacketSize];
   size_t encrypted_length =
       framer_.EncryptPayload(ENCRYPTION_NONE, kDefaultPathId, packet_number,
@@ -4716,7 +6523,7 @@ TEST_P(QuicFramerTest, EncryptPacketWithVersionFlag) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (version, 8 byte connection_id)
-    0x3D,
+    0x39,
     // connection_id
     0x10, 0x32, 0x54, 0x76,
     0x98, 0xBA, 0xDC, 0xFE,
@@ -4734,11 +6541,32 @@ TEST_P(QuicFramerTest, EncryptPacketWithVersionFlag) {
     'i',  'j',  'k',  'l',
     'm',  'n',  'o',  'p',
   };
+  unsigned char packet_34[] = {
+    // public flags (version, 8 byte connection_id)
+    0x39,
+    // connection_id
+    0x10, 0x32, 0x54, 0x76,
+    0x98, 0xBA, 0xDC, 0xFE,
+    // version tag
+    'Q', '.', '1', '0',
+    // packet number
+    0xBC, 0x9A, 0x78, 0x56,
+    0x34, 0x12,
+
+    // redundancy
+    'a',  'b',  'c',  'd',
+    'e',  'f',  'g',  'h',
+    'i',  'j',  'k',  'l',
+    'm',  'n',  'o',  'p',
+  };
   // clang-format on
 
-  scoped_ptr<QuicPacket> raw(new QuicPacket(
-      AsChars(packet), arraysize(packet), false, PACKET_8BYTE_CONNECTION_ID,
-      kIncludeVersion, !kIncludePathId, PACKET_6BYTE_PACKET_NUMBER));
+  std::unique_ptr<QuicPacket> raw(new QuicPacket(
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34),
+      false, PACKET_8BYTE_CONNECTION_ID, kIncludeVersion, !kIncludePathId,
+      !kIncludeDiversificationNonce, PACKET_6BYTE_PACKET_NUMBER));
   char buffer[kMaxPacketSize];
   size_t encrypted_length =
       framer_.EncryptPayload(ENCRYPTION_NONE, kDefaultPathId, packet_number,
@@ -4753,7 +6581,7 @@ TEST_P(QuicFramerTest, EncryptPacketWithMultipathFlag) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (version, 8 byte connection_id)
-    0x7C,
+    0x78,
     // connection_id
     0x10, 0x32, 0x54, 0x76,
     0x98, 0xBA, 0xDC, 0xFE,
@@ -4771,11 +6599,32 @@ TEST_P(QuicFramerTest, EncryptPacketWithMultipathFlag) {
     'i',  'j',  'k',  'l',
     'm',  'n',  'o',  'p',
   };
+  unsigned char packet_34[] = {
+    // public flags (version, 8 byte connection_id)
+    0x78,
+    // connection_id
+    0x10, 0x32, 0x54, 0x76,
+    0x98, 0xBA, 0xDC, 0xFE,
+    // path_id
+    0x42,
+    // packet number
+    0xBC, 0x9A, 0x78, 0x56,
+    0x34, 0x12,
+
+    // redundancy
+    'a',  'b',  'c',  'd',
+    'e',  'f',  'g',  'h',
+    'i',  'j',  'k',  'l',
+    'm',  'n',  'o',  'p',
+  };
   // clang-format on
 
-  scoped_ptr<QuicPacket> raw(new QuicPacket(
-      AsChars(packet), arraysize(packet), false, PACKET_8BYTE_CONNECTION_ID,
-      !kIncludeVersion, kIncludePathId, PACKET_6BYTE_PACKET_NUMBER));
+  std::unique_ptr<QuicPacket> raw(new QuicPacket(
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34),
+      false, PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion, kIncludePathId,
+      !kIncludeDiversificationNonce, PACKET_6BYTE_PACKET_NUMBER));
   char buffer[kMaxPacketSize];
   size_t encrypted_length = framer_.EncryptPayload(
       ENCRYPTION_NONE, kPathId, packet_number, *raw, buffer, kMaxPacketSize);
@@ -4789,7 +6638,7 @@ TEST_P(QuicFramerTest, EncryptPacketWithBothVersionFlagAndMultipathFlag) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (version, 8 byte connection_id)
-    0x7D,
+    0x79,
     // connection_id
     0x10, 0x32, 0x54, 0x76,
     0x98, 0xBA, 0xDC, 0xFE,
@@ -4809,11 +6658,34 @@ TEST_P(QuicFramerTest, EncryptPacketWithBothVersionFlagAndMultipathFlag) {
     'i',  'j',  'k',  'l',
     'm',  'n',  'o',  'p',
   };
+  unsigned char packet_34[] = {
+    // public flags (version, 8 byte connection_id)
+    0x79,
+    // connection_id
+    0x10, 0x32, 0x54, 0x76,
+    0x98, 0xBA, 0xDC, 0xFE,
+    // version tag
+    'Q', '.', '1', '0',
+    // path_id
+    0x42,
+    // packet number
+    0xBC, 0x9A, 0x78, 0x56,
+    0x34, 0x12,
+
+    // redundancy
+    'a',  'b',  'c',  'd',
+    'e',  'f',  'g',  'h',
+    'i',  'j',  'k',  'l',
+    'm',  'n',  'o',  'p',
+  };
   // clang-format on
 
-  scoped_ptr<QuicPacket> raw(new QuicPacket(
-      AsChars(packet), arraysize(packet), false, PACKET_8BYTE_CONNECTION_ID,
-      kIncludeVersion, kIncludePathId, PACKET_6BYTE_PACKET_NUMBER));
+  std::unique_ptr<QuicPacket> raw(new QuicPacket(
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34),
+      false, PACKET_8BYTE_CONNECTION_ID, kIncludeVersion, kIncludePathId,
+      !kIncludeDiversificationNonce, PACKET_6BYTE_PACKET_NUMBER));
   char buffer[kMaxPacketSize];
   size_t encrypted_length = framer_.EncryptPayload(
       ENCRYPTION_NONE, kPathId, packet_number, *raw, buffer, kMaxPacketSize);
@@ -4832,8 +6704,13 @@ TEST_P(QuicFramerTest, AckTruncationLargePacket) {
   header.packet_number = kPacketNumber;
   header.fec_group = 0;
 
+  QuicAckFrame ack_frame;
   // Create a packet with just the ack.
-  QuicAckFrame ack_frame = MakeAckFrameWithNackRanges(300, 0u);
+  if (framer_.version() <= QUIC_VERSION_33) {
+    ack_frame = MakeAckFrameWithNackRanges(300, 0u);
+  } else {
+    ack_frame = MakeAckFrameWithAckBlocks(300, 0u);
+  }
   QuicFrame frame;
   frame.type = ACK_FRAME;
   frame.ack_frame = &ack_frame;
@@ -4841,7 +6718,7 @@ TEST_P(QuicFramerTest, AckTruncationLargePacket) {
   frames.push_back(frame);
 
   // Build an ack packet with truncation due to limit in number of nack ranges.
-  scoped_ptr<QuicPacket> raw_ack_packet(BuildDataPacket(header, frames));
+  std::unique_ptr<QuicPacket> raw_ack_packet(BuildDataPacket(header, frames));
   ASSERT_TRUE(raw_ack_packet != nullptr);
   char buffer[kMaxPacketSize];
   size_t encrypted_length = framer_.EncryptPayload(
@@ -4853,11 +6730,21 @@ TEST_P(QuicFramerTest, AckTruncationLargePacket) {
       QuicEncryptedPacket(buffer, encrypted_length, false)));
   ASSERT_EQ(1u, visitor_.ack_frames_.size());
   QuicAckFrame& processed_ack_frame = *visitor_.ack_frames_[0];
-  EXPECT_TRUE(processed_ack_frame.is_truncated);
-  EXPECT_EQ(510u, processed_ack_frame.largest_observed);
-  ASSERT_EQ(255u, processed_ack_frame.missing_packets.NumPacketsSlow());
-  EXPECT_EQ(1u, processed_ack_frame.missing_packets.Min());
-  EXPECT_EQ(509u, processed_ack_frame.missing_packets.Max());
+  if (framer_.version() <= QUIC_VERSION_33) {
+    EXPECT_TRUE(processed_ack_frame.is_truncated);
+    EXPECT_EQ(510u, processed_ack_frame.largest_observed);
+    EXPECT_TRUE(processed_ack_frame.missing);
+    ASSERT_EQ(255u, processed_ack_frame.packets.NumPacketsSlow());
+    EXPECT_EQ(1u, processed_ack_frame.packets.Min());
+    EXPECT_EQ(509u, processed_ack_frame.packets.Max());
+  } else {
+    EXPECT_FALSE(processed_ack_frame.is_truncated);
+    EXPECT_FALSE(processed_ack_frame.missing);
+    EXPECT_EQ(600u, processed_ack_frame.largest_observed);
+    ASSERT_EQ(256u, processed_ack_frame.packets.NumPacketsSlow());
+    EXPECT_EQ(90u, processed_ack_frame.packets.Min());
+    EXPECT_EQ(600u, processed_ack_frame.packets.Max());
+  }
 }
 
 TEST_P(QuicFramerTest, AckTruncationSmallPacket) {
@@ -4871,7 +6758,12 @@ TEST_P(QuicFramerTest, AckTruncationSmallPacket) {
   header.fec_group = 0;
 
   // Create a packet with just the ack.
-  QuicAckFrame ack_frame = MakeAckFrameWithNackRanges(300, 0u);
+  QuicAckFrame ack_frame;
+  if (framer_.version() <= QUIC_VERSION_33) {
+    ack_frame = MakeAckFrameWithNackRanges(300, 0u);
+  } else {
+    ack_frame = MakeAckFrameWithAckBlocks(300, 0u);
+  }
   QuicFrame frame;
   frame.type = ACK_FRAME;
   frame.ack_frame = &ack_frame;
@@ -4879,7 +6771,8 @@ TEST_P(QuicFramerTest, AckTruncationSmallPacket) {
   frames.push_back(frame);
 
   // Build an ack packet with truncation due to limit in number of nack ranges.
-  scoped_ptr<QuicPacket> raw_ack_packet(BuildDataPacket(header, frames, 500));
+  std::unique_ptr<QuicPacket> raw_ack_packet(
+      BuildDataPacket(header, frames, 500));
   ASSERT_TRUE(raw_ack_packet != nullptr);
   char buffer[kMaxPacketSize];
   size_t encrypted_length = framer_.EncryptPayload(
@@ -4891,11 +6784,21 @@ TEST_P(QuicFramerTest, AckTruncationSmallPacket) {
       QuicEncryptedPacket(buffer, encrypted_length, false)));
   ASSERT_EQ(1u, visitor_.ack_frames_.size());
   QuicAckFrame& processed_ack_frame = *visitor_.ack_frames_[0];
-  EXPECT_TRUE(processed_ack_frame.is_truncated);
-  EXPECT_EQ(476u, processed_ack_frame.largest_observed);
-  ASSERT_EQ(238u, processed_ack_frame.missing_packets.NumPacketsSlow());
-  EXPECT_EQ(1u, processed_ack_frame.missing_packets.Min());
-  EXPECT_EQ(475u, processed_ack_frame.missing_packets.Max());
+  if (framer_.version() <= QUIC_VERSION_33) {
+    EXPECT_TRUE(processed_ack_frame.is_truncated);
+    EXPECT_EQ(476u, processed_ack_frame.largest_observed);
+    EXPECT_TRUE(processed_ack_frame.missing);
+    ASSERT_EQ(238u, processed_ack_frame.packets.NumPacketsSlow());
+    EXPECT_EQ(1u, processed_ack_frame.packets.Min());
+    EXPECT_EQ(475u, processed_ack_frame.packets.Max());
+  } else {
+    EXPECT_FALSE(processed_ack_frame.is_truncated);
+    EXPECT_EQ(600u, processed_ack_frame.largest_observed);
+    EXPECT_FALSE(processed_ack_frame.missing);
+    ASSERT_EQ(239u, processed_ack_frame.packets.NumPacketsSlow());
+    EXPECT_EQ(124u, processed_ack_frame.packets.Min());
+    EXPECT_EQ(600u, processed_ack_frame.packets.Max());
+  }
 }
 
 TEST_P(QuicFramerTest, CleanTruncation) {
@@ -4910,7 +6813,7 @@ TEST_P(QuicFramerTest, CleanTruncation) {
 
   QuicAckFrame ack_frame;
   ack_frame.largest_observed = 201;
-  ack_frame.missing_packets.Add(1, ack_frame.largest_observed);
+  ack_frame.packets.Add(1, ack_frame.largest_observed);
 
   // Create a packet with just the ack.
   QuicFrame frame;
@@ -4919,7 +6822,7 @@ TEST_P(QuicFramerTest, CleanTruncation) {
   QuicFrames frames;
   frames.push_back(frame);
 
-  scoped_ptr<QuicPacket> raw_ack_packet(BuildDataPacket(header, frames));
+  std::unique_ptr<QuicPacket> raw_ack_packet(BuildDataPacket(header, frames));
   ASSERT_TRUE(raw_ack_packet != nullptr);
 
   char buffer[kMaxPacketSize];
@@ -4947,10 +6850,14 @@ TEST_P(QuicFramerTest, CleanTruncation) {
 }
 
 TEST_P(QuicFramerTest, EntropyFlagTest) {
+  if (framer_.version() > QUIC_VERSION_33) {
+    return;
+  }
   // clang-format off
   unsigned char packet[] = {
     // public flags (8 byte connection_id)
-    0x3C,
+    static_cast<unsigned char>(
+        framer_.version() > QUIC_VERSION_32 ? 0x38 : 0x3C),
     // connection_id
     0x10, 0x32, 0x54, 0x76,
     0x98, 0xBA, 0xDC, 0xFE,
@@ -4987,7 +6894,8 @@ TEST_P(QuicFramerTest, StopPacketProcessing) {
   // clang-format off
   unsigned char packet[] = {
     // public flags (8 byte connection_id)
-    0x3C,
+    static_cast<unsigned char>(
+        framer_.version() > QUIC_VERSION_32 ? 0x38 : 0x3C),
     // connection_id
     0x10, 0x32, 0x54, 0x76,
     0x98, 0xBA, 0xDC, 0xFE,
@@ -5029,6 +6937,49 @@ TEST_P(QuicFramerTest, StopPacketProcessing) {
     0xBE, 0x9A, 0x78, 0x56,
     0x34, 0x12,
   };
+  unsigned char packet_34[] = {
+    // public flags (8 byte connection_id)
+    static_cast<unsigned char>(
+        framer_.version() > QUIC_VERSION_32 ? 0x38 : 0x3C),
+    // connection_id
+    0x10, 0x32, 0x54, 0x76,
+    0x98, 0xBA, 0xDC, 0xFE,
+    // packet number
+    0xBC, 0x9A, 0x78, 0x56,
+    0x34, 0x12,
+
+    // frame type (stream frame with fin)
+    0xFF,
+    // stream id
+    0x04, 0x03, 0x02, 0x01,
+    // offset
+    0x54, 0x76, 0x10, 0x32,
+    0xDC, 0xFE, 0x98, 0xBA,
+    // data length
+    0x0c, 0x00,
+    // data
+    'h',  'e',  'l',  'l',
+    'o',  ' ',  'w',  'o',
+    'r',  'l',  'd',  '!',
+
+    // frame type (ack frame)
+    0x40,
+    // entropy hash of sent packets till least awaiting - 1.
+    0x14,
+    // least packet number awaiting an ack
+    0xA0, 0x9A, 0x78, 0x56,
+    0x34, 0x12,
+    // entropy hash of all received packets.
+    0x43,
+    // largest observed packet number
+    0xBF, 0x9A, 0x78, 0x56,
+    0x34, 0x12,
+    // num missing packets
+    0x01,
+    // missing packet
+    0xBE, 0x9A, 0x78, 0x56,
+    0x34, 0x12,
+  };
   // clang-format on
 
   MockFramerVisitor visitor;
@@ -5042,7 +6993,11 @@ TEST_P(QuicFramerTest, StopPacketProcessing) {
   EXPECT_CALL(visitor, OnUnauthenticatedHeader(_)).WillOnce(Return(true));
   EXPECT_CALL(visitor, OnDecryptedPacket(_));
 
-  QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false);
+  QuicEncryptedPacket encrypted(
+      AsChars(framer_.version() <= QUIC_VERSION_33 ? packet : packet_34),
+      framer_.version() <= QUIC_VERSION_33 ? arraysize(packet)
+                                           : arraysize(packet_34),
+      false);
   EXPECT_TRUE(framer_.ProcessPacket(encrypted));
   EXPECT_EQ(QUIC_NO_ERROR, framer_.error());
 }
@@ -5052,7 +7007,7 @@ static QuicStreamId kTestQuicStreamId = 1;
 static bool ExpectedStreamFrame(const QuicStreamFrame& frame) {
   return frame.stream_id == kTestQuicStreamId && !frame.fin &&
          frame.offset == 0 &&
-         string(frame.frame_buffer, frame.frame_length) == kTestString;
+         string(frame.data_buffer, frame.data_length) == kTestString;
   // FIN is hard-coded false in ConstructEncryptedPacket.
   // Offset 0 is hard-coded in ConstructEncryptedPacket.
 }
@@ -5064,10 +7019,11 @@ TEST_P(QuicFramerTest, ConstructEncryptedPacket) {
   // crypto to be Null.
   framer_.SetDecrypter(ENCRYPTION_NONE, QuicDecrypter::Create(kNULL));
   framer_.SetEncrypter(ENCRYPTION_NONE, QuicEncrypter::Create(kNULL));
-
-  scoped_ptr<QuicEncryptedPacket> packet(ConstructEncryptedPacket(
+  QuicVersionVector versions;
+  versions.push_back(framer_.version());
+  std::unique_ptr<QuicEncryptedPacket> packet(ConstructEncryptedPacket(
       42, false, false, false, kDefaultPathId, kTestQuicStreamId, kTestString,
-      PACKET_8BYTE_CONNECTION_ID, PACKET_6BYTE_PACKET_NUMBER));
+      PACKET_8BYTE_CONNECTION_ID, PACKET_6BYTE_PACKET_NUMBER, &versions));
 
   MockFramerVisitor visitor;
   framer_.set_visitor(&visitor);
@@ -5097,10 +7053,12 @@ TEST_P(QuicFramerTest, ConstructMisFramedEncryptedPacket) {
   // crypto to be Null.
   framer_.SetDecrypter(ENCRYPTION_NONE, QuicDecrypter::Create(kNULL));
   framer_.SetEncrypter(ENCRYPTION_NONE, QuicEncrypter::Create(kNULL));
-
-  scoped_ptr<QuicEncryptedPacket> packet(ConstructMisFramedEncryptedPacket(
+  QuicVersionVector versions;
+  versions.push_back(framer_.version());
+  std::unique_ptr<QuicEncryptedPacket> packet(ConstructMisFramedEncryptedPacket(
       42, false, false, false, kDefaultPathId, kTestQuicStreamId, kTestString,
-      PACKET_8BYTE_CONNECTION_ID, PACKET_6BYTE_PACKET_NUMBER, nullptr));
+      PACKET_8BYTE_CONNECTION_ID, PACKET_6BYTE_PACKET_NUMBER, &versions,
+      Perspective::IS_SERVER));
 
   MockFramerVisitor visitor;
   framer_.set_visitor(&visitor);
@@ -5111,7 +7069,11 @@ TEST_P(QuicFramerTest, ConstructMisFramedEncryptedPacket) {
   EXPECT_CALL(visitor, OnUnauthenticatedHeader(_))
       .Times(1)
       .WillOnce(Return(true));
-  EXPECT_CALL(visitor, OnPacketHeader(_)).Times(0);
+  if (framer_.version() <= QUIC_VERSION_33) {
+    EXPECT_CALL(visitor, OnPacketHeader(_)).Times(0);
+  } else {
+    EXPECT_CALL(visitor, OnPacketHeader(_)).Times(1);
+  }
   EXPECT_CALL(visitor, OnDecryptedPacket(_)).Times(1);
   EXPECT_CALL(visitor, OnError(_)).Times(1);
   EXPECT_CALL(visitor, OnStreamFrame(_)).Times(0);
@@ -5119,7 +7081,11 @@ TEST_P(QuicFramerTest, ConstructMisFramedEncryptedPacket) {
   EXPECT_CALL(visitor, OnPacketComplete()).Times(0);
 
   EXPECT_FALSE(framer_.ProcessPacket(*packet));
-  EXPECT_EQ(QUIC_INVALID_PACKET_HEADER, framer_.error());
+  if (framer_.version() <= QUIC_VERSION_33) {
+    EXPECT_EQ(QUIC_INVALID_PACKET_HEADER, framer_.error());
+  } else {
+    EXPECT_EQ(QUIC_INVALID_FRAME_DATA, framer_.error());
+  }
 }
 
 // Tests for fuzzing with Dr. Fuzz
diff --git a/chromium/net/quic/quic_header_list.cc b/chromium/net/quic/quic_header_list.cc
new file mode 100644
index 00000000000..4d2f3f64bab
--- /dev/null
+++ b/chromium/net/quic/quic_header_list.cc
@@ -0,0 +1,51 @@
+// Copyright (c) 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/quic/quic_header_list.h"
+
+using std::string;
+
+namespace net {
+
+QuicHeaderList::QuicHeaderList() : uncompressed_header_bytes_(0) {}
+
+QuicHeaderList::QuicHeaderList(QuicHeaderList&& other) = default;
+
+QuicHeaderList::QuicHeaderList(const QuicHeaderList& other) = default;
+
+QuicHeaderList& QuicHeaderList::operator=(const QuicHeaderList& other) =
+    default;
+
+QuicHeaderList& QuicHeaderList::operator=(QuicHeaderList&& other) = default;
+
+QuicHeaderList::~QuicHeaderList() {}
+
+void QuicHeaderList::OnHeaderBlockStart() {
+  QUIC_BUG_IF(uncompressed_header_bytes_ != 0)
+      << "OnHeaderBlockStart called more than once!";
+}
+
+void QuicHeaderList::OnHeader(base::StringPiece name, base::StringPiece value) {
+  header_list_.emplace_back(name.as_string(), value.as_string());
+}
+
+void QuicHeaderList::OnHeaderBlockEnd(size_t uncompressed_header_bytes) {
+  uncompressed_header_bytes_ = uncompressed_header_bytes;
+}
+
+void QuicHeaderList::Clear() {
+  header_list_.clear();
+  uncompressed_header_bytes_ = 0;
+}
+
+string QuicHeaderList::DebugString() const {
+  string s = "{ ";
+  for (const auto& p : *this) {
+    s.append(p.first + "=" + p.second + ", ");
+  }
+  s.append("}");
+  return s;
+}
+
+}  // namespace net
diff --git a/chromium/net/quic/quic_header_list.h b/chromium/net/quic/quic_header_list.h
new file mode 100644
index 00000000000..b218f359f34
--- /dev/null
+++ b/chromium/net/quic/quic_header_list.h
@@ -0,0 +1,56 @@
+// Copyright (c) 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_QUIC_QUIC_HEADER_LIST_H_
+#define NET_QUIC_QUIC_HEADER_LIST_H_
+
+#include <deque>
+#include <functional>
+
+#include "base/strings/string_piece.h"
+#include "net/base/net_export.h"
+#include "net/quic/quic_bug_tracker.h"
+#include "net/spdy/spdy_header_block.h"
+#include "net/spdy/spdy_headers_handler_interface.h"
+
+namespace net {
+
+// A simple class that accumulates header pairs
+class NET_EXPORT_PRIVATE QuicHeaderList : public SpdyHeadersHandlerInterface {
+ public:
+  typedef std::deque<std::pair<std::string, std::string>> ListType;
+  typedef ListType::const_iterator const_iterator;
+
+  QuicHeaderList();
+  QuicHeaderList(QuicHeaderList&& other);
+  QuicHeaderList(const QuicHeaderList& other);
+  QuicHeaderList& operator=(QuicHeaderList&& other);
+  QuicHeaderList& operator=(const QuicHeaderList& other);
+  ~QuicHeaderList() override;
+
+  // From SpdyHeadersHandlerInteface.
+  void OnHeaderBlockStart() override;
+  void OnHeader(base::StringPiece name, base::StringPiece value) override;
+  void OnHeaderBlockEnd(size_t uncompressed_header_bytes) override;
+
+  void Clear();
+
+  const_iterator begin() const { return header_list_.begin(); }
+  const_iterator end() const { return header_list_.end(); }
+
+  bool empty() const { return header_list_.empty(); }
+  size_t uncompressed_header_bytes() const {
+    return uncompressed_header_bytes_;
+  }
+
+  std::string DebugString() const;
+
+ private:
+  std::deque<std::pair<std::string, std::string>> header_list_;
+  size_t uncompressed_header_bytes_;
+};
+
+}  // namespace net
+
+#endif  // NET_QUIC_QUIC_HEADER_LIST_H_
diff --git a/chromium/net/quic/quic_header_list_test.cc b/chromium/net/quic/quic_header_list_test.cc
new file mode 100644
index 00000000000..94f824972e7
--- /dev/null
+++ b/chromium/net/quic/quic_header_list_test.cc
@@ -0,0 +1,36 @@
+// Copyright (c) 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/quic/quic_header_list.h"
+
+#include "net/test/gtest_util.h"
+#include "testing/gmock/include/gmock/gmock.h"
+
+namespace net {
+
+// This test verifies that QuicHeaderList accumulates header pairs in order.
+TEST(QuicHeaderListTest, OnHeader) {
+  QuicHeaderList headers;
+  headers.OnHeader("foo", "bar");
+  headers.OnHeader("april", "fools");
+  headers.OnHeader("beep", "");
+
+  EXPECT_EQ("{ foo=bar, april=fools, beep=, }", headers.DebugString());
+}
+
+// This test verifies that QuicHeaderList is copyable and assignable.
+TEST(QuicHeaderListTest, IsCopyableAndAssignable) {
+  QuicHeaderList headers;
+  headers.OnHeader("foo", "bar");
+  headers.OnHeader("april", "fools");
+  headers.OnHeader("beep", "");
+
+  QuicHeaderList headers2(headers);
+  QuicHeaderList headers3 = headers;
+
+  EXPECT_EQ("{ foo=bar, april=fools, beep=, }", headers2.DebugString());
+  EXPECT_EQ("{ foo=bar, april=fools, beep=, }", headers3.DebugString());
+}
+
+}  // namespace net
diff --git a/chromium/net/quic/quic_headers_stream.cc b/chromium/net/quic/quic_headers_stream.cc
index 9f439272ba7..0e2da5e0011 100644
--- a/chromium/net/quic/quic_headers_stream.cc
+++ b/chromium/net/quic/quic_headers_stream.cc
@@ -9,6 +9,7 @@
 #include "base/strings/stringprintf.h"
 #include "net/quic/quic_bug_tracker.h"
 #include "net/quic/quic_flags.h"
+#include "net/quic/quic_header_list.h"
 #include "net/quic/quic_headers_stream.h"
 #include "net/quic/quic_spdy_session.h"
 #include "net/quic/quic_time.h"
@@ -54,14 +55,7 @@ class QuicHeadersStream::SpdyFramerVisitor
 
   void OnStreamFrameData(SpdyStreamId stream_id,
                          const char* data,
-                         size_t len,
-                         bool fin) override {
-    if (fin && len == 0) {
-      // The framer invokes OnStreamFrameData with zero-length data and
-      // fin = true after processing a SYN_STREAM or SYN_REPLY frame
-      // that had the fin bit set.
-      return;
-    }
+                         size_t len) override {
     CloseConnection("SPDY DATA frame received.");
   }
 
@@ -75,13 +69,18 @@ class QuicHeadersStream::SpdyFramerVisitor
   }
 
   SpdyHeadersHandlerInterface* OnHeaderFrameStart(
-      SpdyStreamId stream_id) override {
-    LOG(FATAL);
-    return nullptr;
+      SpdyStreamId /* stream_id */) override {
+    return &header_list_;
   }
 
-  void OnHeaderFrameEnd(SpdyStreamId stream_id, bool end_headers) override {
-    LOG(FATAL);
+  void OnHeaderFrameEnd(SpdyStreamId /* stream_id */,
+                        bool end_headers) override {
+    if (end_headers) {
+      if (stream_->IsConnected()) {
+        stream_->OnHeaderList(header_list_);
+      }
+      header_list_.Clear();
+    }
   }
 
   void OnError(SpdyFramer* framer) override {
@@ -164,7 +163,16 @@ class QuicHeadersStream::SpdyFramerVisitor
   void OnSendCompressedFrame(SpdyStreamId stream_id,
                              SpdyFrameType type,
                              size_t payload_len,
-                             size_t frame_len) override {}
+                             size_t frame_len) override {
+    if (payload_len == 0) {
+      QUIC_BUG << "Zero payload length.";
+      return;
+    }
+    int compression_pct = 100 - (100 * frame_len) / payload_len;
+    DVLOG(1) << "Net.QuicHpackCompressionPercentage: " << compression_pct;
+    UMA_HISTOGRAM_PERCENTAGE("Net.QuicHpackCompressionPercentage",
+                             compression_pct);
+  }
 
   void OnReceiveCompressedFrame(SpdyStreamId stream_id,
                                 SpdyFrameType type,
@@ -184,6 +192,7 @@ class QuicHeadersStream::SpdyFramerVisitor
 
  private:
   QuicHeadersStream* stream_;
+  QuicHeaderList header_list_;
 
   DISALLOW_COPY_AND_ASSIGN(SpdyFramerVisitor);
 };
@@ -195,6 +204,7 @@ QuicHeadersStream::QuicHeadersStream(QuicSpdySession* session)
       promised_stream_id_(kInvalidStreamId),
       fin_(false),
       frame_len_(0),
+      uncompressed_frame_len_(0),
       measure_headers_hol_blocking_time_(
           FLAGS_quic_measure_headers_hol_blocking_time),
       supports_push_promise_(session->perspective() == Perspective::IS_CLIENT &&
@@ -341,12 +351,20 @@ void QuicHeadersStream::OnControlFrameHeaderData(SpdyStreamId stream_id,
       spdy_session_->OnPromiseHeadersComplete(stream_id_, promised_stream_id_,
                                               frame_len_);
     }
+    if (uncompressed_frame_len_ != 0) {
+      int compression_pct = 100 - (100 * frame_len_) / uncompressed_frame_len_;
+      DVLOG(1) << "Net.QuicHpackDecompressionPercentage: " << compression_pct;
+      UMA_HISTOGRAM_PERCENTAGE("Net.QuicHpackDecompressionPercentage",
+                               compression_pct);
+    }
     // Reset state for the next frame.
     promised_stream_id_ = kInvalidStreamId;
     stream_id_ = kInvalidStreamId;
     fin_ = false;
     frame_len_ = 0;
+    uncompressed_frame_len_ = 0;
   } else {
+    uncompressed_frame_len_ += len;
     if (promised_stream_id_ == kInvalidStreamId) {
       spdy_session_->OnStreamHeaders(stream_id_, StringPiece(header_data, len));
     } else {
@@ -356,6 +374,37 @@ void QuicHeadersStream::OnControlFrameHeaderData(SpdyStreamId stream_id,
   }
 }
 
+void QuicHeadersStream::OnHeaderList(const QuicHeaderList& header_list) {
+  if (measure_headers_hol_blocking_time_) {
+    if (prev_max_timestamp_ > cur_max_timestamp_) {
+      // prev_max_timestamp_ > cur_max_timestamp_ implies that
+      // headers from lower numbered streams actually came off the
+      // wire after headers for the current stream, hence there was
+      // HOL blocking.
+      QuicTime::Delta delta = prev_max_timestamp_.Subtract(cur_max_timestamp_);
+      DVLOG(1) << "stream " << stream_id_
+               << ": Net.QuicSession.HeadersHOLBlockedTime "
+               << delta.ToMilliseconds();
+      spdy_session_->OnHeadersHeadOfLineBlocking(delta);
+    }
+    prev_max_timestamp_ = std::max(prev_max_timestamp_, cur_max_timestamp_);
+    cur_max_timestamp_ = QuicTime::Zero();
+  }
+  if (promised_stream_id_ == kInvalidStreamId) {
+    spdy_session_->OnStreamHeaderList(stream_id_, fin_, frame_len_,
+                                      header_list);
+  } else {
+    spdy_session_->OnPromiseHeaderList(stream_id_, promised_stream_id_,
+                                       frame_len_, header_list);
+  }
+  // Reset state for the next frame.
+  promised_stream_id_ = kInvalidStreamId;
+  stream_id_ = kInvalidStreamId;
+  fin_ = false;
+  frame_len_ = 0;
+  uncompressed_frame_len_ = 0;
+}
+
 void QuicHeadersStream::OnCompressedFrameSize(size_t frame_len) {
   frame_len_ += frame_len;
 }
@@ -364,4 +413,8 @@ bool QuicHeadersStream::IsConnected() {
   return session()->connection()->connected();
 }
 
+void QuicHeadersStream::DisableHpackDynamicTable() {
+  spdy_framer_.UpdateHeaderEncoderTableSize(0);
+}
+
 }  // namespace net
diff --git a/chromium/net/quic/quic_headers_stream.h b/chromium/net/quic/quic_headers_stream.h
index 282a9ea5bac..ffa5ecdd7c5 100644
--- a/chromium/net/quic/quic_headers_stream.h
+++ b/chromium/net/quic/quic_headers_stream.h
@@ -7,9 +7,11 @@
 
 #include <stddef.h>
 
+#include <memory>
+
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
+#include "net/quic/quic_header_list.h"
 #include "net/quic/quic_protocol.h"
 #include "net/quic/reliable_quic_stream.h"
 #include "net/spdy/spdy_framer.h"
@@ -49,6 +51,11 @@ class NET_EXPORT_PRIVATE QuicHeadersStream : public ReliableQuicStream {
 
   bool supports_push_promise() { return supports_push_promise_; }
 
+  // Experimental: force HPACK to use static table and huffman coding
+  // only.  Part of exploring improvements related to headers stream
+  // induced HOL blocking in QUIC.
+  void DisableHpackDynamicTable();
+
  private:
   class SpdyFramerVisitor;
 
@@ -75,6 +82,9 @@ class NET_EXPORT_PRIVATE QuicHeadersStream : public ReliableQuicStream {
                                 const char* header_data,
                                 size_t len);
 
+  // Called when the complete list of headers is available.
+  void OnHeaderList(const QuicHeaderList& header_list);
+
   // Called when the size of the compressed frame payload is available.
   void OnCompressedFrameSize(size_t frame_len);
 
@@ -88,6 +98,7 @@ class NET_EXPORT_PRIVATE QuicHeadersStream : public ReliableQuicStream {
   QuicStreamId promised_stream_id_;
   bool fin_;
   size_t frame_len_;
+  size_t uncompressed_frame_len_;
 
   // Helper variables that cache the corresponding feature flag.
   bool measure_headers_hol_blocking_time_;
@@ -103,7 +114,10 @@ class NET_EXPORT_PRIVATE QuicHeadersStream : public ReliableQuicStream {
   QuicTime prev_max_timestamp_;
 
   SpdyFramer spdy_framer_;
-  scoped_ptr<SpdyFramerVisitor> spdy_framer_visitor_;
+  std::unique_ptr<SpdyFramerVisitor> spdy_framer_visitor_;
+
+  // Either empty, or contains the complete list of headers.
+  QuicHeaderList header_list_;
 
   DISALLOW_COPY_AND_ASSIGN(QuicHeadersStream);
 };
diff --git a/chromium/net/quic/quic_headers_stream_test.cc b/chromium/net/quic/quic_headers_stream_test.cc
index e02f5307708..62a32491972 100644
--- a/chromium/net/quic/quic_headers_stream_test.cc
+++ b/chromium/net/quic/quic_headers_stream_test.cc
@@ -39,9 +39,8 @@ class MockVisitor : public SpdyFramerVisitorInterface {
   MOCK_METHOD1(OnError, void(SpdyFramer* framer));
   MOCK_METHOD3(OnDataFrameHeader,
                void(SpdyStreamId stream_id, size_t length, bool fin));
-  MOCK_METHOD4(
-      OnStreamFrameData,
-      void(SpdyStreamId stream_id, const char* data, size_t len, bool fin));
+  MOCK_METHOD3(OnStreamFrameData,
+               void(SpdyStreamId stream_id, const char* data, size_t len));
   MOCK_METHOD1(OnStreamEnd, void(SpdyStreamId stream_id));
   MOCK_METHOD2(OnStreamPadding, void(SpdyStreamId stream_id, size_t len));
   MOCK_METHOD1(OnHeaderFrameStart,
@@ -96,23 +95,17 @@ class MockVisitor : public SpdyFramerVisitorInterface {
 // Run all tests with each version, perspective (client or server),
 // and relevant flag options (false or true)
 struct TestParams {
-  TestParams(QuicVersion version,
-             Perspective perspective,
-             bool spdy_on_stream_end)
-      : version(version),
-        perspective(perspective),
-        spdy_on_stream_end(spdy_on_stream_end) {}
+  TestParams(QuicVersion version, Perspective perspective)
+      : version(version), perspective(perspective) {}
 
   friend ostream& operator<<(ostream& os, const TestParams& p) {
     os << "{ version: " << QuicVersionToString(p.version);
-    os << ", perspective: " << p.perspective;
-    os << ", spdy_on_stream_end: " << p.spdy_on_stream_end << " }";
+    os << ", perspective: " << p.perspective << " }";
     return os;
   }
 
   QuicVersion version;
   Perspective perspective;
-  bool spdy_on_stream_end;
 };
 
 // Constructs various test permutations.
@@ -120,10 +113,8 @@ vector<TestParams> GetTestParams() {
   vector<TestParams> params;
   QuicVersionVector all_supported_versions = QuicSupportedVersions();
   for (const QuicVersion version : all_supported_versions) {
-    params.push_back(TestParams(version, Perspective::IS_CLIENT, true));
-    params.push_back(TestParams(version, Perspective::IS_SERVER, true));
-    params.push_back(TestParams(version, Perspective::IS_CLIENT, false));
-    params.push_back(TestParams(version, Perspective::IS_SERVER, false));
+    params.push_back(TestParams(version, Perspective::IS_CLIENT));
+    params.push_back(TestParams(version, Perspective::IS_SERVER));
   }
   FLAGS_quic_supports_push_promise = true;
   return params;
@@ -132,9 +123,10 @@ vector<TestParams> GetTestParams() {
 class QuicHeadersStreamTest : public ::testing::TestWithParam<TestParams> {
  public:
   QuicHeadersStreamTest()
-      : connection_(new StrictMock<MockConnection>(&helper_,
-                                                   perspective(),
-                                                   GetVersion())),
+      : connection_(new StrictMock<MockQuicConnection>(&helper_,
+                                                       &alarm_factory_,
+                                                       perspective(),
+                                                       GetVersion())),
         session_(connection_),
         headers_stream_(QuicSpdySessionPeer::GetHeadersStream(&session_)),
         body_("hello world"),
@@ -144,7 +136,6 @@ class QuicHeadersStreamTest : public ::testing::TestWithParam<TestParams> {
     headers_[":version"] = "HTTP/1.1";
     headers_[":status"] = "200 Ok";
     headers_["content-length"] = "11";
-    FLAGS_spdy_on_stream_end = GetParam().spdy_on_stream_end;
     framer_ = std::unique_ptr<SpdyFramer>(new SpdyFramer(HTTP2));
     framer_->set_visitor(&visitor_);
     EXPECT_EQ(version(), session_.connection()->version());
@@ -186,8 +177,9 @@ class QuicHeadersStreamTest : public ::testing::TestWithParam<TestParams> {
                                 SpdyPriority priority,
                                 SpdyFrameType type) {
     // Write the headers and capture the outgoing data
-    EXPECT_CALL(session_, WritevData(kHeadersStreamId, _, _, false, nullptr))
-        .WillOnce(WithArgs<1>(Invoke(this, &QuicHeadersStreamTest::SaveIov)));
+    EXPECT_CALL(session_, WritevData(headers_stream_, kHeadersStreamId, _, _,
+                                     false, nullptr))
+        .WillOnce(WithArgs<2>(Invoke(this, &QuicHeadersStreamTest::SaveIov)));
     headers_stream_->WriteHeaders(stream_id, headers_, fin, priority, nullptr);
 
     // Parse the outgoing data and check that it matches was was written.
@@ -207,11 +199,7 @@ class QuicHeadersStreamTest : public ::testing::TestWithParam<TestParams> {
         .WillRepeatedly(WithArgs<1, 2>(
             Invoke(this, &QuicHeadersStreamTest::SaveHeaderData)));
     if (fin) {
-      if (FLAGS_spdy_on_stream_end) {
-        EXPECT_CALL(visitor_, OnStreamEnd(stream_id));
-      } else {
-        EXPECT_CALL(visitor_, OnStreamFrameData(stream_id, nullptr, 0, true));
-      }
+      EXPECT_CALL(visitor_, OnStreamEnd(stream_id));
     }
     framer_->ProcessInput(saved_data_.data(), saved_data_.length());
     EXPECT_FALSE(framer_->HasError())
@@ -248,8 +236,9 @@ class QuicHeadersStreamTest : public ::testing::TestWithParam<TestParams> {
   static const bool kFrameComplete = true;
   static const bool kHasPriority = true;
 
-  MockConnectionHelper helper_;
-  StrictMock<MockConnection>* connection_;
+  MockQuicConnectionHelper helper_;
+  MockAlarmFactory alarm_factory_;
+  StrictMock<MockQuicConnection>* connection_;
   StrictMock<MockQuicSpdySession> session_;
   QuicHeadersStream* headers_stream_;
   SpdyHeaderBlock headers_;
@@ -292,8 +281,9 @@ TEST_P(QuicHeadersStreamTest, WritePushPromises) {
     QuicStreamId promised_stream_id = NextPromisedStreamId();
     if (perspective() == Perspective::IS_SERVER) {
       // Write the headers and capture the outgoing data
-      EXPECT_CALL(session_, WritevData(kHeadersStreamId, _, _, false, nullptr))
-          .WillOnce(WithArgs<1>(Invoke(this, &QuicHeadersStreamTest::SaveIov)));
+      EXPECT_CALL(session_, WritevData(headers_stream_, kHeadersStreamId, _, _,
+                                       false, nullptr))
+          .WillOnce(WithArgs<2>(Invoke(this, &QuicHeadersStreamTest::SaveIov)));
       headers_stream_->WritePushPromise(stream_id, promised_stream_id, headers_,
                                         nullptr);
 
@@ -341,8 +331,8 @@ TEST_P(QuicHeadersStreamTest, ProcessRawData) {
                 this, &QuicHeadersStreamTest::SaveHeaderDataStringPiece)));
         EXPECT_CALL(session_,
                     OnStreamHeadersComplete(stream_id, fin, frame.size()));
-        stream_frame_.frame_buffer = frame.data();
-        stream_frame_.frame_length = frame.size();
+        stream_frame_.data_buffer = frame.data();
+        stream_frame_.data_length = frame.size();
         headers_stream_->OnStreamFrame(stream_frame_);
         stream_frame_.offset += frame.size();
         CheckHeaders();
@@ -373,8 +363,8 @@ TEST_P(QuicHeadersStreamTest, ProcessPushPromise) {
       EXPECT_CALL(session_, OnPromiseHeadersComplete(
                                 stream_id, promised_stream_id, frame.size()));
     }
-    stream_frame_.frame_buffer = frame.data();
-    stream_frame_.frame_length = frame.size();
+    stream_frame_.data_buffer = frame.data();
+    stream_frame_.data_length = frame.size();
     headers_stream_->OnStreamFrame(stream_frame_);
     if (perspective() == Perspective::IS_CLIENT) {
       stream_frame_.offset += frame.size();
@@ -384,6 +374,9 @@ TEST_P(QuicHeadersStreamTest, ProcessPushPromise) {
 }
 
 TEST_P(QuicHeadersStreamTest, EmptyHeaderHOLBlockedTime) {
+  if (!FLAGS_quic_measure_headers_hol_blocking_time) {
+    return;
+  }
   EXPECT_CALL(session_, OnHeadersHeadOfLineBlocking(_)).Times(0);
   testing::InSequence seq;
   bool fin = true;
@@ -407,8 +400,8 @@ TEST_P(QuicHeadersStreamTest, EmptyHeaderHOLBlockedTime) {
     EXPECT_CALL(session_, OnStreamHeaders(stream_id, _));
     EXPECT_CALL(session_,
                 OnStreamHeadersComplete(stream_id, fin, frame.size()));
-    stream_frame_.frame_buffer = frame.data();
-    stream_frame_.frame_length = frame.size();
+    stream_frame_.data_buffer = frame.data();
+    stream_frame_.data_length = frame.size();
     headers_stream_->OnStreamFrame(stream_frame_);
     connection_->AdvanceTime(QuicTime::Delta::FromMilliseconds(1));
     stream_frame_.offset += frame.size();
@@ -416,6 +409,9 @@ TEST_P(QuicHeadersStreamTest, EmptyHeaderHOLBlockedTime) {
 }
 
 TEST_P(QuicHeadersStreamTest, NonEmptyHeaderHOLBlockedTime) {
+  if (!FLAGS_quic_measure_headers_hol_blocking_time) {
+    return;
+  }
   QuicStreamId stream_id;
   bool fin = true;
   QuicStreamFrame stream_frames[10];
@@ -440,8 +436,8 @@ TEST_P(QuicHeadersStreamTest, NonEmptyHeaderHOLBlockedTime) {
       }
       stream_frames[stream_num].stream_id = stream_frame_.stream_id;
       stream_frames[stream_num].offset = stream_frame_.offset;
-      stream_frames[stream_num].frame_buffer = frames[stream_num].data();
-      stream_frames[stream_num].frame_length = frames[stream_num].size();
+      stream_frames[stream_num].data_buffer = frames[stream_num].data();
+      stream_frames[stream_num].data_length = frames[stream_num].size();
       DVLOG(1) << "make frame for stream " << stream_num << " offset "
                << stream_frames[stream_num].offset;
       stream_frame_.offset += frames[stream_num].size();
@@ -493,8 +489,8 @@ TEST_P(QuicHeadersStreamTest, ProcessLargeRawData) {
                 this, &QuicHeadersStreamTest::SaveHeaderDataStringPiece)));
         EXPECT_CALL(session_,
                     OnStreamHeadersComplete(stream_id, fin, frame.size()));
-        stream_frame_.frame_buffer = frame.data();
-        stream_frame_.frame_length = frame.size();
+        stream_frame_.data_buffer = frame.data();
+        stream_frame_.data_length = frame.size();
         headers_stream_->OnStreamFrame(stream_frame_);
         stream_frame_.offset += frame.size();
         CheckHeaders();
@@ -508,8 +504,8 @@ TEST_P(QuicHeadersStreamTest, ProcessBadData) {
   EXPECT_CALL(*connection_,
               CloseConnection(QUIC_INVALID_HEADERS_STREAM_DATA, _, _))
       .Times(::testing::AnyNumber());
-  stream_frame_.frame_buffer = kBadData;
-  stream_frame_.frame_length = strlen(kBadData);
+  stream_frame_.data_buffer = kBadData;
+  stream_frame_.data_length = strlen(kBadData);
   headers_stream_->OnStreamFrame(stream_frame_);
 }
 
@@ -520,8 +516,8 @@ TEST_P(QuicHeadersStreamTest, ProcessSpdyDataFrame) {
                                             "SPDY DATA frame received.", _))
       .WillOnce(InvokeWithoutArgs(
           this, &QuicHeadersStreamTest::TearDownLocalConnectionState));
-  stream_frame_.frame_buffer = frame.data();
-  stream_frame_.frame_length = frame.size();
+  stream_frame_.data_buffer = frame.data();
+  stream_frame_.data_length = frame.size();
   headers_stream_->OnStreamFrame(stream_frame_);
 }
 
@@ -533,8 +529,8 @@ TEST_P(QuicHeadersStreamTest, ProcessSpdyRstStreamFrame) {
                               "SPDY RST_STREAM frame received.", _))
       .WillOnce(InvokeWithoutArgs(
           this, &QuicHeadersStreamTest::TearDownLocalConnectionState));
-  stream_frame_.frame_buffer = frame.data();
-  stream_frame_.frame_length = frame.size();
+  stream_frame_.data_buffer = frame.data();
+  stream_frame_.data_length = frame.size();
   headers_stream_->OnStreamFrame(stream_frame_);
 }
 
@@ -546,8 +542,8 @@ TEST_P(QuicHeadersStreamTest, ProcessSpdySettingsFrame) {
                                             "SPDY SETTINGS frame received.", _))
       .WillOnce(InvokeWithoutArgs(
           this, &QuicHeadersStreamTest::TearDownLocalConnectionState));
-  stream_frame_.frame_buffer = frame.data();
-  stream_frame_.frame_length = frame.size();
+  stream_frame_.data_buffer = frame.data();
+  stream_frame_.data_length = frame.size();
   headers_stream_->OnStreamFrame(stream_frame_);
 }
 
@@ -558,8 +554,8 @@ TEST_P(QuicHeadersStreamTest, ProcessSpdyPingFrame) {
                                             "SPDY PING frame received.", _))
       .WillOnce(InvokeWithoutArgs(
           this, &QuicHeadersStreamTest::TearDownLocalConnectionState));
-  stream_frame_.frame_buffer = frame.data();
-  stream_frame_.frame_length = frame.size();
+  stream_frame_.data_buffer = frame.data();
+  stream_frame_.data_length = frame.size();
   headers_stream_->OnStreamFrame(stream_frame_);
 }
 
@@ -570,8 +566,8 @@ TEST_P(QuicHeadersStreamTest, ProcessSpdyGoAwayFrame) {
                                             "SPDY GOAWAY frame received.", _))
       .WillOnce(InvokeWithoutArgs(
           this, &QuicHeadersStreamTest::TearDownLocalConnectionState));
-  stream_frame_.frame_buffer = frame.data();
-  stream_frame_.frame_length = frame.size();
+  stream_frame_.data_buffer = frame.data();
+  stream_frame_.data_length = frame.size();
   headers_stream_->OnStreamFrame(stream_frame_);
 }
 
@@ -583,8 +579,8 @@ TEST_P(QuicHeadersStreamTest, ProcessSpdyWindowUpdateFrame) {
                               "SPDY WINDOW_UPDATE frame received.", _))
       .WillOnce(InvokeWithoutArgs(
           this, &QuicHeadersStreamTest::TearDownLocalConnectionState));
-  stream_frame_.frame_buffer = frame.data();
-  stream_frame_.frame_length = frame.size();
+  stream_frame_.data_buffer = frame.data();
+  stream_frame_.data_length = frame.size();
   headers_stream_->OnStreamFrame(stream_frame_);
 }
 
diff --git a/chromium/net/quic/quic_http_stream.cc b/chromium/net/quic/quic_http_stream.cc
index 591f3cefb15..8b0ad0135ac 100644
--- a/chromium/net/quic/quic_http_stream.cc
+++ b/chromium/net/quic/quic_http_stream.cc
@@ -29,11 +29,11 @@ namespace net {
 
 namespace {
 
-scoped_ptr<base::Value> NetLogQuicPushStreamCallback(
+std::unique_ptr<base::Value> NetLogQuicPushStreamCallback(
     QuicStreamId stream_id,
     const GURL* url,
     NetLogCaptureMode capture_mode) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetInteger("stream_id", stream_id);
   dict->SetString("url", url->spec());
   return std::move(dict);
@@ -529,7 +529,8 @@ void QuicHttpStream::OnDataAvailable() {
 }
 
 void QuicHttpStream::OnClose(QuicErrorCode error) {
-  if (error != QUIC_NO_ERROR) {
+  if (error != QUIC_NO_ERROR ||
+      stream_->stream_error() != QUIC_STREAM_NO_ERROR) {
     response_status_ = was_handshake_confirmed_ ? ERR_QUIC_PROTOCOL_ERROR
                                                 : ERR_QUIC_HANDSHAKE_FAILED;
   } else if (!response_headers_received_) {
diff --git a/chromium/net/quic/quic_http_stream_test.cc b/chromium/net/quic/quic_http_stream_test.cc
index afd0f9554de..70fb0cdcff2 100644
--- a/chromium/net/quic/quic_http_stream_test.cc
+++ b/chromium/net/quic/quic_http_stream_test.cc
@@ -6,15 +6,15 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <vector>
 
-#include "base/memory/scoped_ptr.h"
+#include "base/memory/ptr_util.h"
 #include "base/strings/string_number_conversions.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/chunked_upload_data_stream.h"
 #include "net/base/elements_upload_data_stream.h"
 #include "net/base/net_errors.h"
-#include "net/base/socket_performance_watcher.h"
 #include "net/base/test_completion_callback.h"
 #include "net/base/test_data_directory.h"
 #include "net/base/upload_bytes_element_reader.h"
@@ -28,6 +28,7 @@
 #include "net/quic/crypto/quic_decrypter.h"
 #include "net/quic/crypto/quic_encrypter.h"
 #include "net/quic/crypto/quic_server_info.h"
+#include "net/quic/quic_chromium_alarm_factory.h"
 #include "net/quic/quic_chromium_client_session.h"
 #include "net/quic/quic_chromium_client_stream.h"
 #include "net/quic/quic_chromium_connection_helper.h"
@@ -45,6 +46,7 @@
 #include "net/quic/test_tools/quic_test_packet_maker.h"
 #include "net/quic/test_tools/quic_test_utils.h"
 #include "net/quic/test_tools/test_task_runner.h"
+#include "net/socket/socket_performance_watcher.h"
 #include "net/socket/socket_test_util.h"
 #include "net/spdy/spdy_frame_builder.h"
 #include "net/spdy/spdy_framer.h"
@@ -73,10 +75,12 @@ class TestQuicConnection : public QuicConnection {
                      QuicConnectionId connection_id,
                      IPEndPoint address,
                      QuicChromiumConnectionHelper* helper,
+                     QuicChromiumAlarmFactory* alarm_factory,
                      QuicPacketWriter* writer)
       : QuicConnection(connection_id,
                        address,
                        helper,
+                       alarm_factory,
                        writer,
                        true /* owns_writer */,
                        Perspective::IS_CLIENT,
@@ -145,7 +149,16 @@ class QuicHttpStreamTest : public ::testing::TestWithParam<QuicVersion> {
         promise_id_(kServerDataStreamId1),
         stream_id_(kClientDataStreamId1),
         connection_id_(2),
-        maker_(GetParam(), connection_id_, &clock_, kDefaultServerHostName),
+        client_maker_(GetParam(),
+                      connection_id_,
+                      &clock_,
+                      kDefaultServerHostName,
+                      Perspective::IS_CLIENT),
+        server_maker_(GetParam(),
+                      connection_id_,
+                      &clock_,
+                      kDefaultServerHostName,
+                      Perspective::IS_SERVER),
         random_generator_(0),
         response_offset_(0) {
     IPAddress ip(192, 0, 2, 33);
@@ -162,7 +175,7 @@ class QuicHttpStreamTest : public ::testing::TestWithParam<QuicVersion> {
   }
 
   // Adds a packet to the list of expected writes.
-  void AddWrite(scoped_ptr<QuicReceivedPacket> packet) {
+  void AddWrite(std::unique_ptr<QuicReceivedPacket> packet) {
     writes_.push_back(PacketToWrite(SYNCHRONOUS, packet.release()));
   }
 
@@ -178,7 +191,7 @@ class QuicHttpStreamTest : public ::testing::TestWithParam<QuicVersion> {
            socket_data_->AllWriteDataConsumed();
   }
 
-  void ProcessPacket(scoped_ptr<QuicReceivedPacket> packet) {
+  void ProcessPacket(std::unique_ptr<QuicReceivedPacket> packet) {
     connection_->ProcessUdpPacket(self_addr_, peer_addr_, *packet);
   }
 
@@ -197,7 +210,7 @@ class QuicHttpStreamTest : public ::testing::TestWithParam<QuicVersion> {
     socket_data_.reset(new StaticSocketDataProvider(
         nullptr, 0, mock_writes_.get(), writes_.size()));
 
-    scoped_ptr<MockUDPClientSocket> socket(new MockUDPClientSocket(
+    std::unique_ptr<MockUDPClientSocket> socket(new MockUDPClientSocket(
         socket_data_.get(), net_log_.bound().net_log()));
     socket->Connect(peer_addr_);
     runner_ = new TestTaskRunner(&clock_);
@@ -217,11 +230,14 @@ class QuicHttpStreamTest : public ::testing::TestWithParam<QuicVersion> {
     EXPECT_CALL(*send_algorithm_, BandwidthEstimate())
         .WillRepeatedly(Return(QuicBandwidth::Zero()));
     EXPECT_CALL(*send_algorithm_, SetFromConfig(_, _)).Times(AnyNumber());
-    helper_.reset(new QuicChromiumConnectionHelper(runner_.get(), &clock_,
-                                                   &random_generator_));
-    connection_ = new TestQuicConnection(
-        SupportedVersions(GetParam()), connection_id_, peer_addr_,
-        helper_.get(), new QuicChromiumPacketWriter(socket.get()));
+    helper_.reset(
+        new QuicChromiumConnectionHelper(&clock_, &random_generator_));
+    alarm_factory_.reset(new QuicChromiumAlarmFactory(runner_.get(), &clock_));
+
+    connection_ =
+        new TestQuicConnection(SupportedVersions(GetParam()), connection_id_,
+                               peer_addr_, helper_.get(), alarm_factory_.get(),
+                               new QuicChromiumPacketWriter(socket.get()));
     connection_->set_visitor(&visitor_);
     connection_->SetSendAlgorithm(send_algorithm_);
 
@@ -238,7 +254,7 @@ class QuicHttpStreamTest : public ::testing::TestWithParam<QuicVersion> {
         connection_, std::move(socket),
         /*stream_factory=*/nullptr, &crypto_client_stream_factory_, &clock_,
         &transport_security_state_,
-        make_scoped_ptr(static_cast<QuicServerInfo*>(nullptr)),
+        base::WrapUnique(static_cast<QuicServerInfo*>(nullptr)),
         QuicServerId(kDefaultServerHostName, kDefaultServerPort,
                      PRIVACY_MODE_DISABLED),
         kQuicYieldAfterPacketsRead,
@@ -277,36 +293,49 @@ class QuicHttpStreamTest : public ::testing::TestWithParam<QuicVersion> {
   void SetRequest(const string& method,
                   const string& path,
                   RequestPriority priority) {
-    request_headers_ = maker_.GetRequestHeaders(method, "http", path);
+    request_headers_ = client_maker_.GetRequestHeaders(method, "http", path);
   }
 
   void SetResponse(const string& status, const string& body) {
-    response_headers_ = maker_.GetResponseHeaders(status);
+    response_headers_ = server_maker_.GetResponseHeaders(status);
     response_data_ = body;
   }
 
-  scoped_ptr<QuicReceivedPacket> InnerConstructDataPacket(
+  std::unique_ptr<QuicReceivedPacket> InnerConstructDataPacket(
       QuicPacketNumber packet_number,
       QuicStreamId stream_id,
       bool should_include_version,
       bool fin,
       QuicStreamOffset offset,
-      base::StringPiece data) {
-    return maker_.MakeDataPacket(packet_number, stream_id,
+      base::StringPiece data,
+      QuicTestPacketMaker* maker) {
+    return maker->MakeDataPacket(packet_number, stream_id,
                                  should_include_version, fin, offset, data);
   }
 
-  scoped_ptr<QuicReceivedPacket> ConstructDataPacket(
+  std::unique_ptr<QuicReceivedPacket> ConstructClientDataPacket(
       QuicPacketNumber packet_number,
       bool should_include_version,
       bool fin,
       QuicStreamOffset offset,
       base::StringPiece data) {
     return InnerConstructDataPacket(packet_number, stream_id_,
-                                    should_include_version, fin, offset, data);
+                                    should_include_version, fin, offset, data,
+                                    &client_maker_);
   }
 
-  scoped_ptr<QuicReceivedPacket> InnerConstructRequestHeadersPacket(
+  std::unique_ptr<QuicReceivedPacket> ConstructServerDataPacket(
+      QuicPacketNumber packet_number,
+      bool should_include_version,
+      bool fin,
+      QuicStreamOffset offset,
+      base::StringPiece data) {
+    return InnerConstructDataPacket(packet_number, stream_id_,
+                                    should_include_version, fin, offset, data,
+                                    &server_maker_);
+  }
+
+  std::unique_ptr<QuicReceivedPacket> InnerConstructRequestHeadersPacket(
       QuicPacketNumber packet_number,
       QuicStreamId stream_id,
       bool should_include_version,
@@ -315,12 +344,12 @@ class QuicHttpStreamTest : public ::testing::TestWithParam<QuicVersion> {
       size_t* spdy_headers_frame_length) {
     SpdyPriority priority =
         ConvertRequestPriorityToQuicPriority(request_priority);
-    return maker_.MakeRequestHeadersPacket(
+    return client_maker_.MakeRequestHeadersPacket(
         packet_number, stream_id, should_include_version, fin, priority,
         request_headers_, spdy_headers_frame_length);
   }
 
-  scoped_ptr<QuicReceivedPacket> ConstructRequestHeadersPacket(
+  std::unique_ptr<QuicReceivedPacket> ConstructRequestHeadersPacket(
       QuicPacketNumber packet_number,
       bool fin,
       RequestPriority request_priority,
@@ -330,17 +359,17 @@ class QuicHttpStreamTest : public ::testing::TestWithParam<QuicVersion> {
         spdy_headers_frame_length);
   }
 
-  scoped_ptr<QuicReceivedPacket> InnerConstructResponseHeadersPacket(
+  std::unique_ptr<QuicReceivedPacket> InnerConstructResponseHeadersPacket(
       QuicPacketNumber packet_number,
       QuicStreamId stream_id,
       bool fin,
       size_t* spdy_headers_frame_length) {
-    return maker_.MakeResponseHeadersPacket(
+    return server_maker_.MakeResponseHeadersPacket(
         packet_number, stream_id, !kIncludeVersion, fin, response_headers_,
         spdy_headers_frame_length, &response_offset_);
   }
 
-  scoped_ptr<QuicReceivedPacket> ConstructResponseHeadersPacket(
+  std::unique_ptr<QuicReceivedPacket> ConstructResponseHeadersPacket(
       QuicPacketNumber packet_number,
       bool fin,
       size_t* spdy_headers_frame_length) {
@@ -348,68 +377,78 @@ class QuicHttpStreamTest : public ::testing::TestWithParam<QuicVersion> {
                                                spdy_headers_frame_length);
   }
 
-  scoped_ptr<QuicReceivedPacket> ConstructResponseHeadersPacketWithOffset(
+  std::unique_ptr<QuicReceivedPacket> ConstructResponseHeadersPacketWithOffset(
       QuicPacketNumber packet_number,
       bool fin,
       size_t* spdy_headers_frame_length,
       QuicStreamOffset* offset) {
-    return maker_.MakeResponseHeadersPacket(
+    return server_maker_.MakeResponseHeadersPacket(
         packet_number, stream_id_, !kIncludeVersion, fin, response_headers_,
         spdy_headers_frame_length, offset);
   }
 
-  scoped_ptr<QuicReceivedPacket> ConstructResponseTrailersPacket(
+  std::unique_ptr<QuicReceivedPacket> ConstructResponseTrailersPacket(
       QuicPacketNumber packet_number,
       bool fin,
       const SpdyHeaderBlock& trailers,
       size_t* spdy_headers_frame_length,
       QuicStreamOffset* offset) {
-    return maker_.MakeResponseHeadersPacket(packet_number, stream_id_,
-                                            !kIncludeVersion, fin, trailers,
-                                            spdy_headers_frame_length, offset);
+    return server_maker_.MakeResponseHeadersPacket(
+        packet_number, stream_id_, !kIncludeVersion, fin, trailers,
+        spdy_headers_frame_length, offset);
   }
 
-  scoped_ptr<QuicReceivedPacket> ConstructRstStreamPacket(
+  std::unique_ptr<QuicReceivedPacket> ConstructClientRstStreamPacket(
       QuicPacketNumber packet_number) {
-    return maker_.MakeRstPacket(
+    return client_maker_.MakeRstPacket(
         packet_number, true, stream_id_,
         AdjustErrorForVersion(QUIC_RST_ACKNOWLEDGEMENT, GetParam()));
   }
 
-  scoped_ptr<QuicReceivedPacket> ConstructRstStreamCancelledPacket(
+  std::unique_ptr<QuicReceivedPacket> ConstructClientRstStreamCancelledPacket(
       QuicPacketNumber packet_number) {
-    return maker_.MakeRstPacket(packet_number, !kIncludeVersion, stream_id_,
-                                QUIC_STREAM_CANCELLED);
+    return client_maker_.MakeRstPacket(packet_number, !kIncludeVersion,
+                                       stream_id_, QUIC_STREAM_CANCELLED);
   }
 
-  scoped_ptr<QuicReceivedPacket> ConstructRstStreamVaryMismatchPacket(
-      QuicPacketNumber packet_number) {
-    return maker_.MakeRstPacket(packet_number, !kIncludeVersion, promise_id_,
-                                QUIC_PROMISE_VARY_MISMATCH);
+  std::unique_ptr<QuicReceivedPacket>
+  ConstructClientRstStreamVaryMismatchPacket(QuicPacketNumber packet_number) {
+    return client_maker_.MakeRstPacket(packet_number, !kIncludeVersion,
+                                       promise_id_, QUIC_PROMISE_VARY_MISMATCH);
   }
 
-  scoped_ptr<QuicReceivedPacket> ConstructAckAndRstStreamPacket(
+  std::unique_ptr<QuicReceivedPacket> ConstructAckAndRstStreamPacket(
       QuicPacketNumber packet_number,
       QuicPacketNumber largest_received,
       QuicPacketNumber ack_least_unacked,
       QuicPacketNumber stop_least_unacked) {
-    return maker_.MakeAckAndRstPacket(
+    return client_maker_.MakeAckAndRstPacket(
         packet_number, !kIncludeVersion, stream_id_, QUIC_STREAM_CANCELLED,
         largest_received, ack_least_unacked, stop_least_unacked,
         !kIncludeCongestionFeedback);
   }
 
-  scoped_ptr<QuicReceivedPacket> ConstructAckAndRstStreamPacket(
+  std::unique_ptr<QuicReceivedPacket> ConstructAckAndRstStreamPacket(
       QuicPacketNumber packet_number) {
     return ConstructAckAndRstStreamPacket(packet_number, 2, 1, 1);
   }
 
-  scoped_ptr<QuicReceivedPacket> ConstructAckPacket(
+  std::unique_ptr<QuicReceivedPacket> ConstructClientAckPacket(
       QuicPacketNumber packet_number,
       QuicPacketNumber largest_received,
       QuicPacketNumber least_unacked) {
-    return maker_.MakeAckPacket(packet_number, largest_received, least_unacked,
-                                !kIncludeCongestionFeedback);
+    return client_maker_.MakeAckPacket(packet_number, largest_received,
+                                       least_unacked,
+                                       !kIncludeCongestionFeedback);
+  }
+
+  std::unique_ptr<QuicReceivedPacket> ConstructServerAckPacket(
+      QuicPacketNumber packet_number,
+      QuicPacketNumber largest_received,
+      QuicPacketNumber least_unacked) {
+    return server_maker_.MakeAckPacket(packet_number, largest_received,
+                                       least_unacked,
+                                       !kIncludeCongestionFeedback);
   }
 
   void ReceivePromise(QuicStreamId id) {
@@ -424,14 +463,15 @@ class QuicHttpStreamTest : public ::testing::TestWithParam<QuicVersion> {
   bool use_closing_stream_;
   MockSendAlgorithm* send_algorithm_;
   scoped_refptr<TestTaskRunner> runner_;
-  scoped_ptr<MockWrite[]> mock_writes_;
+  std::unique_ptr<MockWrite[]> mock_writes_;
   MockClock clock_;
   TestQuicConnection* connection_;
-  scoped_ptr<QuicChromiumConnectionHelper> helper_;
-  testing::StrictMock<MockConnectionVisitor> visitor_;
-  scoped_ptr<QuicHttpStream> stream_;
+  std::unique_ptr<QuicChromiumConnectionHelper> helper_;
+  std::unique_ptr<QuicChromiumAlarmFactory> alarm_factory_;
+  testing::StrictMock<MockQuicConnectionVisitor> visitor_;
+  std::unique_ptr<QuicHttpStream> stream_;
   TransportSecurityState transport_security_state_;
-  scoped_ptr<QuicChromiumClientSession> session_;
+  std::unique_ptr<QuicChromiumClientSession> session_;
   QuicCryptoClientConfig crypto_config_;
   TestCompletionCallback callback_;
   HttpRequestInfo request_;
@@ -445,7 +485,7 @@ class QuicHttpStreamTest : public ::testing::TestWithParam<QuicVersion> {
   QuicClientPushPromiseIndex push_promise_index_;
 
   // For server push testing
-  scoped_ptr<QuicHttpStream> promised_stream_;
+  std::unique_ptr<QuicHttpStream> promised_stream_;
   SpdyHeaderBlock push_promise_;
   SpdyHeaderBlock promised_response_;
   const QuicStreamId promise_id_;
@@ -453,15 +493,15 @@ class QuicHttpStreamTest : public ::testing::TestWithParam<QuicVersion> {
   string serialized_push_promise_;
   const QuicStreamId stream_id_;
 
- private:
   const QuicConnectionId connection_id_;
-  QuicTestPacketMaker maker_;
+  QuicTestPacketMaker client_maker_;
+  QuicTestPacketMaker server_maker_;
   IPEndPoint self_addr_;
   IPEndPoint peer_addr_;
   MockRandom random_generator_;
   ProofVerifyDetailsChromium verify_details_;
   MockCryptoClientStreamFactory crypto_client_stream_factory_;
-  scoped_ptr<StaticSocketDataProvider> socket_data_;
+  std::unique_ptr<StaticSocketDataProvider> socket_data_;
   std::vector<PacketToWrite> writes_;
   QuicStreamOffset response_offset_;
 };
@@ -508,7 +548,7 @@ TEST_P(QuicHttpStreamTest, GetRequest) {
             stream_->SendRequest(headers_, &response_, callback_.callback()));
 
   // Ack the request.
-  ProcessPacket(ConstructAckPacket(1, 0, 0));
+  ProcessPacket(ConstructServerAckPacket(1, 0, 0));
 
   EXPECT_EQ(ERR_IO_PENDING, stream_->ReadResponseHeaders(callback_.callback()));
 
@@ -547,7 +587,7 @@ TEST_P(QuicHttpStreamTest, GetRequestWithTrailers) {
   size_t spdy_request_header_frame_length;
   AddWrite(ConstructRequestHeadersPacket(1, kFin, DEFAULT_PRIORITY,
                                          &spdy_request_header_frame_length));
-  AddWrite(ConstructAckPacket(2, 3, 1));  // Ack the data packet.
+  AddWrite(ConstructClientAckPacket(2, 3, 1));  // Ack the data packet.
 
   Initialize();
 
@@ -560,9 +600,8 @@ TEST_P(QuicHttpStreamTest, GetRequestWithTrailers) {
 
   EXPECT_EQ(OK,
             stream_->SendRequest(headers_, &response_, callback_.callback()));
-
   // Ack the request.
-  ProcessPacket(ConstructAckPacket(1, 0, 0));
+  ProcessPacket(ConstructServerAckPacket(1, 0, 0));
 
   EXPECT_EQ(ERR_IO_PENDING, stream_->ReadResponseHeaders(callback_.callback()));
 
@@ -584,7 +623,7 @@ TEST_P(QuicHttpStreamTest, GetRequestWithTrailers) {
   // Send the response body.
   const char kResponseBody[] = "Hello world!";
   ProcessPacket(
-      ConstructDataPacket(3, false, !kFin, /*offset=*/0, kResponseBody));
+      ConstructServerDataPacket(3, false, !kFin, /*offset=*/0, kResponseBody));
   SpdyHeaderBlock trailers;
   size_t spdy_trailers_frame_length;
   trailers["foo"] = "bar";
@@ -650,7 +689,7 @@ TEST_P(QuicHttpStreamTest, GetRequestLargeResponse) {
             stream_->SendRequest(headers_, &response_, callback_.callback()));
 
   // Ack the request.
-  ProcessPacket(ConstructAckPacket(1, 0, 0));
+  ProcessPacket(ConstructServerAckPacket(1, 0, 0));
 
   EXPECT_EQ(ERR_IO_PENDING, stream_->ReadResponseHeaders(callback_.callback()));
 
@@ -752,7 +791,7 @@ TEST_P(QuicHttpStreamTest, LogGranularQuicConnectionError) {
             stream_->SendRequest(headers_, &response_, callback_.callback()));
 
   // Ack the request.
-  ProcessPacket(ConstructAckPacket(1, 0, 0));
+  ProcessPacket(ConstructServerAckPacket(1, 0, 0));
   EXPECT_EQ(ERR_IO_PENDING, stream_->ReadResponseHeaders(callback_.callback()));
 
   EXPECT_TRUE(QuicHttpStreamPeer::WasHandshakeConfirmed(stream_.get()));
@@ -783,7 +822,7 @@ TEST_P(QuicHttpStreamTest, DoNotLogGranularQuicErrorIfHandshakeNotConfirmed) {
             stream_->SendRequest(headers_, &response_, callback_.callback()));
 
   // Ack the request.
-  ProcessPacket(ConstructAckPacket(1, 0, 0));
+  ProcessPacket(ConstructServerAckPacket(1, 0, 0));
   EXPECT_EQ(ERR_IO_PENDING, stream_->ReadResponseHeaders(callback_.callback()));
 
   // The test setup defaults handshake to be confirmed. Manually set
@@ -835,13 +874,13 @@ TEST_P(QuicHttpStreamTest, SendPostRequest) {
   size_t spdy_request_headers_frame_length;
   AddWrite(ConstructRequestHeadersPacket(1, !kFin, DEFAULT_PRIORITY,
                                          &spdy_request_headers_frame_length));
-  AddWrite(ConstructDataPacket(2, kIncludeVersion, kFin, 0, kUploadData));
-  AddWrite(ConstructAckPacket(3, 3, 1));
+  AddWrite(ConstructClientDataPacket(2, kIncludeVersion, kFin, 0, kUploadData));
+  AddWrite(ConstructClientAckPacket(3, 3, 1));
 
   Initialize();
 
-  std::vector<scoped_ptr<UploadElementReader>> element_readers;
-  element_readers.push_back(make_scoped_ptr(
+  std::vector<std::unique_ptr<UploadElementReader>> element_readers;
+  element_readers.push_back(base::WrapUnique(
       new UploadBytesElementReader(kUploadData, strlen(kUploadData))));
   ElementsUploadDataStream upload_data_stream(std::move(element_readers), 0);
   request_.method = "POST";
@@ -856,7 +895,7 @@ TEST_P(QuicHttpStreamTest, SendPostRequest) {
             stream_->SendRequest(headers_, &response_, callback_.callback()));
 
   // Ack both packets in the request.
-  ProcessPacket(ConstructAckPacket(1, 0, 0));
+  ProcessPacket(ConstructServerAckPacket(1, 0, 0));
 
   // Send the response headers (but not the body).
   SetResponse("200 OK", string());
@@ -873,7 +912,7 @@ TEST_P(QuicHttpStreamTest, SendPostRequest) {
 
   // Send the response body.
   const char kResponseBody[] = "Hello world!";
-  ProcessPacket(ConstructDataPacket(3, false, kFin, 0, kResponseBody));
+  ProcessPacket(ConstructServerDataPacket(3, false, kFin, 0, kResponseBody));
   // Since the body has already arrived, this should return immediately.
   EXPECT_EQ(static_cast<int>(strlen(kResponseBody)),
             stream_->ReadResponseBody(read_buffer_.get(), read_buffer_->size(),
@@ -898,10 +937,11 @@ TEST_P(QuicHttpStreamTest, SendChunkedPostRequest) {
   size_t spdy_request_headers_frame_length;
   AddWrite(ConstructRequestHeadersPacket(1, !kFin, DEFAULT_PRIORITY,
                                          &spdy_request_headers_frame_length));
-  AddWrite(ConstructDataPacket(2, kIncludeVersion, !kFin, 0, kUploadData));
   AddWrite(
-      ConstructDataPacket(3, kIncludeVersion, kFin, chunk_size, kUploadData));
-  AddWrite(ConstructAckPacket(4, 3, 1));
+      ConstructClientDataPacket(2, kIncludeVersion, !kFin, 0, kUploadData));
+  AddWrite(ConstructClientDataPacket(3, kIncludeVersion, kFin, chunk_size,
+                                     kUploadData));
+  AddWrite(ConstructClientAckPacket(4, 3, 1));
   Initialize();
 
   ChunkedUploadDataStream upload_data_stream(0);
@@ -923,7 +963,7 @@ TEST_P(QuicHttpStreamTest, SendChunkedPostRequest) {
   EXPECT_EQ(OK, callback_.WaitForResult());
 
   // Ack both packets in the request.
-  ProcessPacket(ConstructAckPacket(1, 0, 0));
+  ProcessPacket(ConstructServerAckPacket(1, 0, 0));
 
   // Send the response headers (but not the body).
   SetResponse("200 OK", string());
@@ -940,8 +980,8 @@ TEST_P(QuicHttpStreamTest, SendChunkedPostRequest) {
 
   // Send the response body.
   const char kResponseBody[] = "Hello world!";
-  ProcessPacket(ConstructDataPacket(3, false, kFin, response_data_.length(),
-                                    kResponseBody));
+  ProcessPacket(ConstructServerDataPacket(
+      3, false, kFin, response_data_.length(), kResponseBody));
 
   // Since the body has already arrived, this should return immediately.
   ASSERT_EQ(static_cast<int>(strlen(kResponseBody)),
@@ -967,9 +1007,10 @@ TEST_P(QuicHttpStreamTest, SendChunkedPostRequestWithFinalEmptyDataPacket) {
   size_t spdy_request_headers_frame_length;
   AddWrite(ConstructRequestHeadersPacket(1, !kFin, DEFAULT_PRIORITY,
                                          &spdy_request_headers_frame_length));
-  AddWrite(ConstructDataPacket(2, kIncludeVersion, !kFin, 0, kUploadData));
-  AddWrite(ConstructDataPacket(3, kIncludeVersion, kFin, chunk_size, ""));
-  AddWrite(ConstructAckPacket(4, 3, 1));
+  AddWrite(
+      ConstructClientDataPacket(2, kIncludeVersion, !kFin, 0, kUploadData));
+  AddWrite(ConstructClientDataPacket(3, kIncludeVersion, kFin, chunk_size, ""));
+  AddWrite(ConstructClientAckPacket(4, 3, 1));
   Initialize();
 
   ChunkedUploadDataStream upload_data_stream(0);
@@ -990,7 +1031,7 @@ TEST_P(QuicHttpStreamTest, SendChunkedPostRequestWithFinalEmptyDataPacket) {
   upload_data_stream.AppendData(nullptr, 0, true);
   EXPECT_EQ(OK, callback_.WaitForResult());
 
-  ProcessPacket(ConstructAckPacket(1, 0, 0));
+  ProcessPacket(ConstructServerAckPacket(1, 0, 0));
 
   // Send the response headers (but not the body).
   SetResponse("200 OK", string());
@@ -1007,8 +1048,8 @@ TEST_P(QuicHttpStreamTest, SendChunkedPostRequestWithFinalEmptyDataPacket) {
 
   // Send the response body.
   const char kResponseBody[] = "Hello world!";
-  ProcessPacket(ConstructDataPacket(3, false, kFin, response_data_.length(),
-                                    kResponseBody));
+  ProcessPacket(ConstructServerDataPacket(
+      3, false, kFin, response_data_.length(), kResponseBody));
 
   // The body has arrived, but it is delivered asynchronously
   ASSERT_EQ(static_cast<int>(strlen(kResponseBody)),
@@ -1032,8 +1073,8 @@ TEST_P(QuicHttpStreamTest, SendChunkedPostRequestWithOneEmptyDataPacket) {
   size_t spdy_request_headers_frame_length;
   AddWrite(ConstructRequestHeadersPacket(1, !kFin, DEFAULT_PRIORITY,
                                          &spdy_request_headers_frame_length));
-  AddWrite(ConstructDataPacket(2, kIncludeVersion, kFin, 0, ""));
-  AddWrite(ConstructAckPacket(3, 3, 1));
+  AddWrite(ConstructClientDataPacket(2, kIncludeVersion, kFin, 0, ""));
+  AddWrite(ConstructClientAckPacket(3, 3, 1));
   Initialize();
 
   ChunkedUploadDataStream upload_data_stream(0);
@@ -1053,7 +1094,7 @@ TEST_P(QuicHttpStreamTest, SendChunkedPostRequestWithOneEmptyDataPacket) {
   upload_data_stream.AppendData(nullptr, 0, true);
   EXPECT_EQ(OK, callback_.WaitForResult());
 
-  ProcessPacket(ConstructAckPacket(1, 0, 0));
+  ProcessPacket(ConstructServerAckPacket(1, 0, 0));
 
   // Send the response headers (but not the body).
   SetResponse("200 OK", string());
@@ -1070,8 +1111,8 @@ TEST_P(QuicHttpStreamTest, SendChunkedPostRequestWithOneEmptyDataPacket) {
 
   // Send the response body.
   const char kResponseBody[] = "Hello world!";
-  ProcessPacket(ConstructDataPacket(3, false, kFin, response_data_.length(),
-                                    kResponseBody));
+  ProcessPacket(ConstructServerDataPacket(
+      3, false, kFin, response_data_.length(), kResponseBody));
 
   // The body has arrived, but it is delivered asynchronously
   ASSERT_EQ(static_cast<int>(strlen(kResponseBody)),
@@ -1109,7 +1150,7 @@ TEST_P(QuicHttpStreamTest, DestroyedEarly) {
             stream_->SendRequest(headers_, &response_, callback_.callback()));
 
   // Ack the request.
-  ProcessPacket(ConstructAckPacket(1, 0, 0));
+  ProcessPacket(ConstructServerAckPacket(1, 0, 0));
   EXPECT_EQ(ERR_IO_PENDING, stream_->ReadResponseHeaders(callback_.callback()));
 
   // Send the response with a body.
@@ -1158,7 +1199,7 @@ TEST_P(QuicHttpStreamTest, Priority) {
             ConvertQuicPriorityToRequestPriority(reliable_stream->priority()));
 
   // Ack the request.
-  ProcessPacket(ConstructAckPacket(1, 0, 0));
+  ProcessPacket(ConstructServerAckPacket(1, 0, 0));
   EXPECT_EQ(ERR_IO_PENDING, stream_->ReadResponseHeaders(callback_.callback()));
 
   // Send the response with a body.
@@ -1183,7 +1224,7 @@ TEST_P(QuicHttpStreamTest, CheckPriorityWithNoDelegate) {
   SetRequest("GET", "/", MEDIUM);
   use_closing_stream_ = true;
 
-  AddWrite(ConstructRstStreamPacket(1));
+  AddWrite(ConstructClientRstStreamPacket(1));
 
   Initialize();
 
@@ -1289,8 +1330,8 @@ TEST_P(QuicHttpStreamTest, ServerPushGetRequest) {
 
   // Receive the promised response body.
   const char kResponseBody[] = "Hello world!";
-  ProcessPacket(
-      InnerConstructDataPacket(2, promise_id_, false, kFin, 0, kResponseBody));
+  ProcessPacket(InnerConstructDataPacket(2, promise_id_, false, kFin, 0,
+                                         kResponseBody, &server_maker_));
 
   // Now sending a matching request will have successful rendezvous
   // with the promised stream.
@@ -1359,8 +1400,8 @@ TEST_P(QuicHttpStreamTest, ServerPushGetRequestSlowResponse) {
 
   // Receive the promised response body.
   const char kResponseBody[] = "Hello world!";
-  ProcessPacket(
-      InnerConstructDataPacket(2, promise_id_, false, kFin, 0, kResponseBody));
+  ProcessPacket(InnerConstructDataPacket(2, promise_id_, false, kFin, 0,
+                                         kResponseBody, &server_maker_));
 
   base::MessageLoop::current()->RunUntilIdle();
 
@@ -1432,8 +1473,8 @@ TEST_P(QuicHttpStreamTest, ServerPushCrossOriginOK) {
 
   // Receive the promised response body.
   const char kResponseBody[] = "Hello world!";
-  ProcessPacket(
-      InnerConstructDataPacket(2, promise_id_, false, kFin, 0, kResponseBody));
+  ProcessPacket(InnerConstructDataPacket(2, promise_id_, false, kFin, 0,
+                                         kResponseBody, &server_maker_));
 
   // Now sending a matching request will have successful rendezvous
   // with the promised stream.
@@ -1534,8 +1575,8 @@ TEST_P(QuicHttpStreamTest, ServerPushVaryCheckOK) {
 
   // Receive the promised response body.
   const char kResponseBody[] = "Hello world!";
-  ProcessPacket(
-      InnerConstructDataPacket(2, promise_id_, false, kFin, 0, kResponseBody));
+  ProcessPacket(InnerConstructDataPacket(2, promise_id_, false, kFin, 0,
+                                         kResponseBody, &server_maker_));
 
   base::MessageLoop::current()->RunUntilIdle();
 
@@ -1575,12 +1616,12 @@ TEST_P(QuicHttpStreamTest, ServerPushVaryCheckFail) {
   request_headers_["accept-encoding"] = "sdch";
 
   size_t spdy_request_header_frame_length;
-  AddWrite(ConstructRstStreamVaryMismatchPacket(1));
+  AddWrite(ConstructClientRstStreamVaryMismatchPacket(1));
   AddWrite(InnerConstructRequestHeadersPacket(
       2, stream_id_ + 2, !kIncludeVersion, kFin, DEFAULT_PRIORITY,
       &spdy_request_header_frame_length));
-  AddWrite(ConstructAckPacket(3, 3, 1));
-  AddWrite(ConstructRstStreamCancelledPacket(4));
+  AddWrite(ConstructClientAckPacket(3, 3, 1));
+  AddWrite(ConstructClientRstStreamCancelledPacket(4));
   Initialize();
 
   // Initialize the first stream, for receiving the promise on.
@@ -1648,7 +1689,7 @@ TEST_P(QuicHttpStreamTest, ServerPushVaryCheckFail) {
   // client-initiated version of |promised_stream_| works as intended.
 
   // Ack the request.
-  ProcessPacket(ConstructAckPacket(2, 0, 0));
+  ProcessPacket(ConstructServerAckPacket(2, 0, 0));
 
   SetResponse("404 Not Found", string());
   size_t spdy_response_header_frame_length;
diff --git a/chromium/net/quic/quic_http_utils.cc b/chromium/net/quic/quic_http_utils.cc
index 6091c08cf9e..c6dd505f2c6 100644
--- a/chromium/net/quic/quic_http_utils.cc
+++ b/chromium/net/quic/quic_http_utils.cc
@@ -22,13 +22,14 @@ ConvertQuicPriorityToRequestPriority(SpdyPriority priority) {
                          : static_cast<RequestPriority>(HIGHEST - priority);
 }
 
-scoped_ptr<base::Value> QuicRequestNetLogCallback(
+std::unique_ptr<base::Value> QuicRequestNetLogCallback(
     QuicStreamId stream_id,
     const SpdyHeaderBlock* headers,
     SpdyPriority priority,
     NetLogCaptureMode capture_mode) {
-  scoped_ptr<base::DictionaryValue> dict(static_cast<base::DictionaryValue*>(
-      SpdyHeaderBlockNetLogCallback(headers, capture_mode).release()));
+  std::unique_ptr<base::DictionaryValue> dict(
+      static_cast<base::DictionaryValue*>(
+          SpdyHeaderBlockNetLogCallback(headers, capture_mode).release()));
   dict->SetInteger("quic_priority", static_cast<int>(priority));
   dict->SetInteger("quic_stream_id", static_cast<int>(stream_id));
   return std::move(dict);
diff --git a/chromium/net/quic/quic_http_utils.h b/chromium/net/quic/quic_http_utils.h
index 1bde98a631b..ce5dd2f59a7 100644
--- a/chromium/net/quic/quic_http_utils.h
+++ b/chromium/net/quic/quic_http_utils.h
@@ -21,7 +21,7 @@ NET_EXPORT_PRIVATE RequestPriority
 ConvertQuicPriorityToRequestPriority(SpdyPriority priority);
 
 // Converts a SpdyHeaderBlock and priority into NetLog event parameters.
-NET_EXPORT scoped_ptr<base::Value> QuicRequestNetLogCallback(
+NET_EXPORT std::unique_ptr<base::Value> QuicRequestNetLogCallback(
     QuicStreamId stream_id,
     const SpdyHeaderBlock* headers,
     SpdyPriority priority,
diff --git a/chromium/net/quic/quic_network_transaction_unittest.cc b/chromium/net/quic/quic_network_transaction_unittest.cc
index 4774b5bf552..dceb822f875 100644
--- a/chromium/net/quic/quic_network_transaction_unittest.cc
+++ b/chromium/net/quic/quic_network_transaction_unittest.cc
@@ -2,17 +2,18 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include <memory>
+#include <ostream>
+#include <string>
+#include <utility>
 #include <vector>
 
 #include "base/compiler_specific.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/run_loop.h"
 #include "base/stl_util.h"
 #include "base/strings/stringprintf.h"
 #include "net/base/chunked_upload_data_stream.h"
-#include "net/base/socket_performance_watcher.h"
-#include "net/base/socket_performance_watcher_factory.h"
 #include "net/base/test_completion_callback.h"
 #include "net/base/test_data_directory.h"
 #include "net/cert/mock_cert_verifier.h"
@@ -45,6 +46,8 @@
 #include "net/quic/test_tools/quic_test_utils.h"
 #include "net/socket/client_socket_factory.h"
 #include "net/socket/mock_client_socket_pool_manager.h"
+#include "net/socket/socket_performance_watcher.h"
+#include "net/socket/socket_performance_watcher_factory.h"
 #include "net/socket/socket_test_util.h"
 #include "net/socket/ssl_client_socket.h"
 #include "net/spdy/spdy_frame_builder.h"
@@ -53,12 +56,21 @@
 #include "net/test/cert_test_util.h"
 #include "testing/gtest/include/gtest/gtest.h"
 #include "testing/platform_test.h"
+#include "url/gurl.h"
 
 namespace net {
 namespace test {
 
 namespace {
 
+enum DestinationType {
+  // In pooling tests with two requests for different origins to the same
+  // destination, the destination should be
+  SAME_AS_FIRST,   // the same as the first origin,
+  SAME_AS_SECOND,  // the same as the second origin, or
+  DIFFERENT,       // different from both.
+};
+
 static const char kQuicAlternateProtocolHeader[] =
     "Alternate-Protocol: 443:quic\r\n\r\n";
 static const char kQuicAlternateProtocolWithProbabilityHeader[] =
@@ -73,6 +85,44 @@ static const char kQuicAlternativeServiceDifferentPortHeader[] =
     "Alt-Svc: quic=\":137\"\r\n\r\n";
 
 const char kDefaultServerHostName[] = "mail.example.org";
+const char kDifferentHostname[] = "different.example.com";
+
+// Run QuicNetworkTransactionWithDestinationTest instances with all value
+// combinations of version and destination_type.
+struct PoolingTestParams {
+  friend std::ostream& operator<<(std::ostream& os,
+                                  const PoolingTestParams& p) {
+    os << "{ version: " << QuicVersionToString(p.version)
+       << ", destination_type: ";
+    switch (p.destination_type) {
+      case SAME_AS_FIRST:
+        os << "SAME_AS_FIRST";
+        break;
+      case SAME_AS_SECOND:
+        os << "SAME_AS_SECOND";
+        break;
+      case DIFFERENT:
+        os << "DIFFERENT";
+        break;
+    }
+    os << " }";
+    return os;
+  }
+
+  QuicVersion version;
+  DestinationType destination_type;
+};
+
+std::vector<PoolingTestParams> GetPoolingTestParams() {
+  std::vector<PoolingTestParams> params;
+  QuicVersionVector all_supported_versions = QuicSupportedVersions();
+  for (const QuicVersion version : all_supported_versions) {
+    params.push_back(PoolingTestParams{version, SAME_AS_FIRST});
+    params.push_back(PoolingTestParams{version, SAME_AS_SECOND});
+    params.push_back(PoolingTestParams{version, DIFFERENT});
+  }
+  return params;
+}
 
 }  // namespace
 
@@ -84,13 +134,13 @@ class MockQuicData {
 
   ~MockQuicData() { STLDeleteElements(&packets_); }
 
-  void AddSynchronousRead(scoped_ptr<QuicEncryptedPacket> packet) {
+  void AddSynchronousRead(std::unique_ptr<QuicEncryptedPacket> packet) {
     reads_.push_back(MockRead(SYNCHRONOUS, packet->data(), packet->length(),
                               packet_number_++));
     packets_.push_back(packet.release());
   }
 
-  void AddRead(scoped_ptr<QuicEncryptedPacket> packet) {
+  void AddRead(std::unique_ptr<QuicEncryptedPacket> packet) {
     reads_.push_back(
         MockRead(ASYNC, packet->data(), packet->length(), packet_number_++));
     packets_.push_back(packet.release());
@@ -100,7 +150,7 @@ class MockQuicData {
     reads_.push_back(MockRead(mode, rv, packet_number_++));
   }
 
-  void AddWrite(scoped_ptr<QuicEncryptedPacket> packet) {
+  void AddWrite(std::unique_ptr<QuicEncryptedPacket> packet) {
     writes_.push_back(MockWrite(SYNCHRONOUS, packet->data(), packet->length(),
                                 packet_number_++));
     packets_.push_back(packet.release());
@@ -121,7 +171,7 @@ class MockQuicData {
   std::vector<MockWrite> writes_;
   std::vector<MockRead> reads_;
   size_t packet_number_;
-  scoped_ptr<SequencedSocketData> socket_data_;
+  std::unique_ptr<SequencedSocketData> socket_data_;
 };
 
 class ProxyHeadersHandler {
@@ -167,13 +217,13 @@ class TestSocketPerformanceWatcherFactory
   ~TestSocketPerformanceWatcherFactory() override {}
 
   // SocketPerformanceWatcherFactory implementation:
-  scoped_ptr<SocketPerformanceWatcher> CreateSocketPerformanceWatcher(
+  std::unique_ptr<SocketPerformanceWatcher> CreateSocketPerformanceWatcher(
       const Protocol protocol) override {
     if (protocol != PROTOCOL_QUIC) {
       return nullptr;
     }
     ++watcher_count_;
-    return scoped_ptr<SocketPerformanceWatcher>(
+    return std::unique_ptr<SocketPerformanceWatcher>(
         new TestSocketPerformanceWatcher(&rtt_notification_received_));
   }
 
@@ -194,7 +244,16 @@ class QuicNetworkTransactionTest
  protected:
   QuicNetworkTransactionTest()
       : clock_(new MockClock),
-        maker_(GetParam(), 0, clock_, kDefaultServerHostName),
+        client_maker_(GetParam(),
+                      0,
+                      clock_,
+                      kDefaultServerHostName,
+                      Perspective::IS_CLIENT),
+        server_maker_(GetParam(),
+                      0,
+                      clock_,
+                      kDefaultServerHostName,
+                      Perspective::IS_SERVER),
         cert_transparency_verifier_(new MultiLogCTVerifier()),
         ssl_config_service_(new SSLConfigServiceDefaults),
         proxy_service_(ProxyService::CreateDirect()),
@@ -209,8 +268,8 @@ class QuicNetworkTransactionTest
     request_.load_flags = 0;
     clock_->AdvanceTime(QuicTime::Delta::FromMilliseconds(20));
 
-    params_.parse_alternative_services = true;
     params_.enable_alternative_service_with_different_host = true;
+    params_.enable_alternative_service_for_insecure_origins = true;
 
     scoped_refptr<X509Certificate> cert(
         ImportCertFromFile(GetTestCertsDirectory(), "wildcard.pem"));
@@ -233,111 +292,120 @@ class QuicNetworkTransactionTest
     base::MessageLoop::current()->RunUntilIdle();
   }
 
-  scoped_ptr<QuicEncryptedPacket> ConstructConnectionClosePacket(
+  std::unique_ptr<QuicEncryptedPacket> ConstructClientConnectionClosePacket(
       QuicPacketNumber num) {
-    return maker_.MakeConnectionClosePacket(num);
+    return client_maker_.MakeConnectionClosePacket(num);
   }
 
-  scoped_ptr<QuicEncryptedPacket> ConstructGoAwayPacket(
+  std::unique_ptr<QuicEncryptedPacket> ConstructServerConnectionClosePacket(
+      QuicPacketNumber num) {
+    return server_maker_.MakeConnectionClosePacket(num);
+  }
+
+  std::unique_ptr<QuicEncryptedPacket> ConstructServerGoAwayPacket(
       QuicPacketNumber num,
       QuicErrorCode error_code,
       std::string reason_phrase) {
-    return maker_.MakeGoAwayPacket(num, error_code, reason_phrase);
+    return server_maker_.MakeGoAwayPacket(num, error_code, reason_phrase);
   }
 
-  scoped_ptr<QuicEncryptedPacket> ConstructAckPacket(
+  std::unique_ptr<QuicEncryptedPacket> ConstructClientAckPacket(
       QuicPacketNumber largest_received,
       QuicPacketNumber least_unacked) {
-    return maker_.MakeAckPacket(2, largest_received, least_unacked,
-                                least_unacked, true);
+    return client_maker_.MakeAckPacket(2, largest_received, least_unacked,
+                                       least_unacked, true);
   }
 
-  scoped_ptr<QuicEncryptedPacket> ConstructAckAndRstPacket(
+  std::unique_ptr<QuicEncryptedPacket> ConstructClientAckAndRstPacket(
       QuicPacketNumber num,
       QuicStreamId stream_id,
       QuicRstStreamErrorCode error_code,
       QuicPacketNumber largest_received,
       QuicPacketNumber ack_least_unacked,
       QuicPacketNumber stop_least_unacked) {
-    return maker_.MakeAckAndRstPacket(num, false, stream_id, error_code,
-                                      largest_received, ack_least_unacked,
-                                      stop_least_unacked, true);
+    return client_maker_.MakeAckAndRstPacket(
+        num, false, stream_id, error_code, largest_received, ack_least_unacked,
+        stop_least_unacked, true);
   }
 
-  scoped_ptr<QuicEncryptedPacket> ConstructAckPacket(
+  std::unique_ptr<QuicEncryptedPacket> ConstructClientAckPacket(
       QuicPacketNumber largest_received,
       QuicPacketNumber least_unacked,
       QuicTestPacketMaker* maker) {
-    return maker->MakeAckPacket(2, largest_received, least_unacked,
-                                least_unacked, true);
+    return client_maker_.MakeAckPacket(2, largest_received, least_unacked,
+                                       least_unacked, true);
   }
 
-  scoped_ptr<QuicEncryptedPacket> ConstructAckAndConnectionClosePacket(
+  std::unique_ptr<QuicEncryptedPacket>
+  ConstructClientAckAndConnectionClosePacket(
       QuicPacketNumber packet_number,
       QuicPacketNumber largest_received,
       QuicPacketNumber ack_least_unacked,
       QuicPacketNumber stop_least_unacked) {
-    return maker_.MakeAckPacket(packet_number, largest_received,
-                                ack_least_unacked, stop_least_unacked, true);
+    return client_maker_.MakeAckPacket(packet_number, largest_received,
+                                       ack_least_unacked, stop_least_unacked,
+                                       true);
   }
 
-  scoped_ptr<QuicEncryptedPacket> ConstructAckAndConnectionClosePacket(
+  std::unique_ptr<QuicEncryptedPacket>
+  ConstructClientAckAndConnectionClosePacket(
       QuicPacketNumber num,
       QuicTime::Delta delta_time_largest_observed,
       QuicPacketNumber largest_received,
       QuicPacketNumber least_unacked,
       QuicErrorCode quic_error,
-      std::string& quic_error_details) {
-    return maker_.MakeAckAndConnectionClosePacket(
+      const std::string& quic_error_details) {
+    return client_maker_.MakeAckAndConnectionClosePacket(
         num, false, delta_time_largest_observed, largest_received,
         least_unacked, quic_error, quic_error_details);
   }
 
-  scoped_ptr<QuicEncryptedPacket> ConstructRstPacket(
+  std::unique_ptr<QuicEncryptedPacket> ConstructServerRstPacket(
       QuicPacketNumber num,
       bool include_version,
       QuicStreamId stream_id,
       QuicRstStreamErrorCode error_code) {
-    return maker_.MakeRstPacket(num, include_version, stream_id, error_code);
+    return server_maker_.MakeRstPacket(num, include_version, stream_id,
+                                       error_code);
   }
 
   // Uses default QuicTestPacketMaker.
   SpdyHeaderBlock GetRequestHeaders(const std::string& method,
                                     const std::string& scheme,
                                     const std::string& path) {
-    return GetRequestHeaders(method, scheme, path, maker_);
+    return GetRequestHeaders(method, scheme, path, &client_maker_);
   }
 
   // Uses customized QuicTestPacketMaker.
   SpdyHeaderBlock GetRequestHeaders(const std::string& method,
                                     const std::string& scheme,
                                     const std::string& path,
-                                    QuicTestPacketMaker& maker) {
-    return maker.GetRequestHeaders(method, scheme, path);
+                                    QuicTestPacketMaker* maker) {
+    return maker->GetRequestHeaders(method, scheme, path);
   }
 
   SpdyHeaderBlock GetResponseHeaders(const std::string& status) {
-    return maker_.GetResponseHeaders(status);
+    return server_maker_.GetResponseHeaders(status);
   }
 
   // Appends alt_svc headers in the response headers.
   SpdyHeaderBlock GetResponseHeaders(const std::string& status,
                                      const std::string& alt_svc) {
-    return maker_.GetResponseHeaders(status, alt_svc);
+    return server_maker_.GetResponseHeaders(status, alt_svc);
   }
 
-  scoped_ptr<QuicEncryptedPacket> ConstructDataPacket(
+  std::unique_ptr<QuicEncryptedPacket> ConstructServerDataPacket(
       QuicPacketNumber packet_number,
       QuicStreamId stream_id,
       bool should_include_version,
       bool fin,
       QuicStreamOffset offset,
       base::StringPiece data) {
-    return maker_.MakeDataPacket(packet_number, stream_id,
-                                 should_include_version, fin, offset, data);
+    return server_maker_.MakeDataPacket(
+        packet_number, stream_id, should_include_version, fin, offset, data);
   }
 
-  scoped_ptr<QuicEncryptedPacket> ConstructRequestHeadersPacket(
+  std::unique_ptr<QuicEncryptedPacket> ConstructClientRequestHeadersPacket(
       QuicPacketNumber packet_number,
       QuicStreamId stream_id,
       bool should_include_version,
@@ -346,12 +414,12 @@ class QuicNetworkTransactionTest
       QuicStreamOffset* offset) {
     SpdyPriority priority =
         ConvertRequestPriorityToQuicPriority(DEFAULT_PRIORITY);
-    return maker_.MakeRequestHeadersPacketWithOffsetTracking(
+    return client_maker_.MakeRequestHeadersPacketWithOffsetTracking(
         packet_number, stream_id, should_include_version, fin, priority,
         headers, offset);
   }
 
-  scoped_ptr<QuicEncryptedPacket> ConstructRequestHeadersPacket(
+  std::unique_ptr<QuicEncryptedPacket> ConstructClientRequestHeadersPacket(
       QuicPacketNumber packet_number,
       QuicStreamId stream_id,
       bool should_include_version,
@@ -361,68 +429,68 @@ class QuicNetworkTransactionTest
       QuicTestPacketMaker* maker) {
     SpdyPriority priority =
         ConvertRequestPriorityToQuicPriority(DEFAULT_PRIORITY);
-    return maker->MakeRequestHeadersPacketWithOffsetTracking(
+    return client_maker_.MakeRequestHeadersPacketWithOffsetTracking(
         packet_number, stream_id, should_include_version, fin, priority,
         headers, offset);
   }
 
-  scoped_ptr<QuicEncryptedPacket> ConstructRequestHeadersPacket(
+  std::unique_ptr<QuicEncryptedPacket> ConstructClientRequestHeadersPacket(
       QuicPacketNumber packet_number,
       QuicStreamId stream_id,
       bool should_include_version,
       bool fin,
       const SpdyHeaderBlock& headers) {
-    return ConstructRequestHeadersPacket(packet_number, stream_id,
-                                         should_include_version, fin, headers,
-                                         nullptr, &maker_);
+    return ConstructClientRequestHeadersPacket(
+        packet_number, stream_id, should_include_version, fin, headers, nullptr,
+        &client_maker_);
   }
-  scoped_ptr<QuicEncryptedPacket> ConstructRequestHeadersPacket(
+  std::unique_ptr<QuicEncryptedPacket> ConstructClientRequestHeadersPacket(
       QuicPacketNumber packet_number,
       QuicStreamId stream_id,
       bool should_include_version,
       bool fin,
       const SpdyHeaderBlock& headers,
       QuicTestPacketMaker* maker) {
-    return ConstructRequestHeadersPacket(packet_number, stream_id,
-                                         should_include_version, fin, headers,
-                                         nullptr, maker);
+    return ConstructClientRequestHeadersPacket(packet_number, stream_id,
+                                               should_include_version, fin,
+                                               headers, nullptr, maker);
   }
 
-  scoped_ptr<QuicEncryptedPacket> ConstructResponseHeadersPacket(
+  std::unique_ptr<QuicEncryptedPacket> ConstructServerResponseHeadersPacket(
       QuicPacketNumber packet_number,
       QuicStreamId stream_id,
       bool should_include_version,
       bool fin,
       const SpdyHeaderBlock& headers) {
-    return ConstructResponseHeadersPacket(packet_number, stream_id,
-                                          should_include_version, fin, headers,
-                                          nullptr, &maker_);
+    return ConstructServerResponseHeadersPacket(
+        packet_number, stream_id, should_include_version, fin, headers, nullptr,
+        &server_maker_);
   }
 
-  scoped_ptr<QuicEncryptedPacket> ConstructResponseHeadersPacket(
+  std::unique_ptr<QuicEncryptedPacket> ConstructServerResponseHeadersPacket(
       QuicPacketNumber packet_number,
       QuicStreamId stream_id,
       bool should_include_version,
       bool fin,
       const SpdyHeaderBlock& headers,
       QuicTestPacketMaker* maker) {
-    return ConstructResponseHeadersPacket(packet_number, stream_id,
-                                          should_include_version, fin, headers,
-                                          nullptr, maker);
+    return ConstructServerResponseHeadersPacket(packet_number, stream_id,
+                                                should_include_version, fin,
+                                                headers, nullptr, maker);
   }
 
-  scoped_ptr<QuicEncryptedPacket> ConstructResponseHeadersPacket(
+  std::unique_ptr<QuicEncryptedPacket> ConstructServerResponseHeadersPacket(
       QuicPacketNumber packet_number,
       QuicStreamId stream_id,
       bool should_include_version,
       bool fin,
       const SpdyHeaderBlock& headers,
       QuicStreamOffset* offset) {
-    return maker_.MakeResponseHeadersPacketWithOffsetTracking(
+    return server_maker_.MakeResponseHeadersPacketWithOffsetTracking(
         packet_number, stream_id, should_include_version, fin, headers, offset);
   }
 
-  scoped_ptr<QuicEncryptedPacket> ConstructResponseHeadersPacket(
+  std::unique_ptr<QuicEncryptedPacket> ConstructServerResponseHeadersPacket(
       QuicPacketNumber packet_number,
       QuicStreamId stream_id,
       bool should_include_version,
@@ -430,17 +498,15 @@ class QuicNetworkTransactionTest
       const SpdyHeaderBlock& headers,
       QuicStreamOffset* offset,
       QuicTestPacketMaker* maker) {
-    return maker->MakeResponseHeadersPacketWithOffsetTracking(
+    return server_maker_.MakeResponseHeadersPacketWithOffsetTracking(
         packet_number, stream_id, should_include_version, fin, headers, offset);
   }
 
-  void CreateSession() { CreateSessionWithFactory(&socket_factory_); }
-
-  void CreateSessionWithFactory(ClientSocketFactory* socket_factory) {
+  void CreateSession() {
     params_.enable_quic = true;
     params_.quic_clock = clock_;
     params_.quic_random = &random_generator_;
-    params_.client_socket_factory = socket_factory;
+    params_.client_socket_factory = &socket_factory_;
     params_.quic_crypto_client_stream_factory = &crypto_client_stream_factory_;
     params_.host_resolver = &host_resolver_;
     params_.cert_verifier = &cert_verifier_;
@@ -466,7 +532,8 @@ class QuicNetworkTransactionTest
               session_->quic_stream_factory()->socket_receive_buffer_size());
   }
 
-  void CheckWasQuicResponse(const scoped_ptr<HttpNetworkTransaction>& trans) {
+  void CheckWasQuicResponse(
+      const std::unique_ptr<HttpNetworkTransaction>& trans) {
     const HttpResponseInfo* response = trans->GetResponseInfo();
     ASSERT_TRUE(response != nullptr);
     ASSERT_TRUE(response->headers.get() != nullptr);
@@ -477,14 +544,15 @@ class QuicNetworkTransactionTest
               response->connection_info);
   }
 
-  void CheckResponsePort(const scoped_ptr<HttpNetworkTransaction>& trans,
+  void CheckResponsePort(const std::unique_ptr<HttpNetworkTransaction>& trans,
                          uint16_t port) {
     const HttpResponseInfo* response = trans->GetResponseInfo();
     ASSERT_TRUE(response != nullptr);
     EXPECT_EQ(port, response->socket_address.port());
   }
 
-  void CheckWasHttpResponse(const scoped_ptr<HttpNetworkTransaction>& trans) {
+  void CheckWasHttpResponse(
+      const std::unique_ptr<HttpNetworkTransaction>& trans) {
     const HttpResponseInfo* response = trans->GetResponseInfo();
     ASSERT_TRUE(response != nullptr);
     ASSERT_TRUE(response->headers.get() != nullptr);
@@ -495,14 +563,14 @@ class QuicNetworkTransactionTest
               response->connection_info);
   }
 
-  void CheckResponseData(const scoped_ptr<HttpNetworkTransaction>& trans,
+  void CheckResponseData(const std::unique_ptr<HttpNetworkTransaction>& trans,
                          const std::string& expected) {
     std::string response_data;
     ASSERT_EQ(OK, ReadTransaction(trans.get(), &response_data));
     EXPECT_EQ(expected, response_data);
   }
 
-  void RunTransaction(const scoped_ptr<HttpNetworkTransaction>& trans) {
+  void RunTransaction(const std::unique_ptr<HttpNetworkTransaction>& trans) {
     TestCompletionCallback callback;
     int rv = trans->Start(&request_, callback.callback(), net_log_.bound());
     EXPECT_EQ(ERR_IO_PENDING, rv);
@@ -510,7 +578,7 @@ class QuicNetworkTransactionTest
   }
 
   void SendRequestAndExpectHttpResponse(const std::string& expected) {
-    scoped_ptr<HttpNetworkTransaction> trans(
+    std::unique_ptr<HttpNetworkTransaction> trans(
         new HttpNetworkTransaction(DEFAULT_PRIORITY, session_.get()));
     RunTransaction(trans);
     CheckWasHttpResponse(trans);
@@ -521,11 +589,6 @@ class QuicNetworkTransactionTest
     SendRequestAndExpectQuicResponseMaybeFromProxy(expected, false, 443);
   }
 
-  void SendRequestAndExpectQuicResponseOnPort(const std::string& expected,
-                                              uint16_t port) {
-    SendRequestAndExpectQuicResponseMaybeFromProxy(expected, false, port);
-  }
-
   void SendRequestAndExpectQuicResponseFromProxyOnPort(
       const std::string& expected,
       uint16_t port) {
@@ -535,44 +598,44 @@ class QuicNetworkTransactionTest
   void AddQuicAlternateProtocolMapping(
       MockCryptoClientStream::HandshakeMode handshake_mode) {
     crypto_client_stream_factory_.set_handshake_mode(handshake_mode);
-    HostPortPair host_port_pair = HostPortPair::FromURL(request_.url);
-    AlternativeService alternative_service(QUIC, host_port_pair.host(), 443);
+    url::SchemeHostPort server(request_.url);
+    AlternativeService alternative_service(QUIC, server.host(), 443);
     base::Time expiration = base::Time::Now() + base::TimeDelta::FromDays(1);
-    http_server_properties_.SetAlternativeService(
-        host_port_pair, alternative_service, expiration);
+    http_server_properties_.SetAlternativeService(server, alternative_service,
+                                                  expiration);
   }
 
   void AddQuicRemoteAlternativeServiceMapping(
       MockCryptoClientStream::HandshakeMode handshake_mode,
       const HostPortPair& alternative) {
     crypto_client_stream_factory_.set_handshake_mode(handshake_mode);
-    HostPortPair host_port_pair = HostPortPair::FromURL(request_.url);
+    url::SchemeHostPort server(request_.url);
     AlternativeService alternative_service(QUIC, alternative.host(),
                                            alternative.port());
     base::Time expiration = base::Time::Now() + base::TimeDelta::FromDays(1);
-    http_server_properties_.SetAlternativeService(
-        host_port_pair, alternative_service, expiration);
+    http_server_properties_.SetAlternativeService(server, alternative_service,
+                                                  expiration);
   }
 
   void ExpectBrokenAlternateProtocolMapping() {
-    const HostPortPair origin = HostPortPair::FromURL(request_.url);
+    const url::SchemeHostPort server(request_.url);
     const AlternativeServiceVector alternative_service_vector =
-        http_server_properties_.GetAlternativeServices(origin);
+        http_server_properties_.GetAlternativeServices(server);
     EXPECT_EQ(1u, alternative_service_vector.size());
     EXPECT_TRUE(http_server_properties_.IsAlternativeServiceBroken(
         alternative_service_vector[0]));
   }
 
   void ExpectQuicAlternateProtocolMapping() {
-    const HostPortPair origin = HostPortPair::FromURL(request_.url);
+    const url::SchemeHostPort server(request_.url);
     const AlternativeServiceVector alternative_service_vector =
-        http_server_properties_.GetAlternativeServices(origin);
+        http_server_properties_.GetAlternativeServices(server);
     EXPECT_EQ(1u, alternative_service_vector.size());
     EXPECT_EQ(QUIC, alternative_service_vector[0].protocol);
   }
 
   void AddHangingNonAlternateProtocolSocketData() {
-    scoped_ptr<StaticSocketDataProvider> hanging_data;
+    std::unique_ptr<StaticSocketDataProvider> hanging_data;
     hanging_data.reset(new StaticSocketDataProvider());
     MockConnect hanging_connect(SYNCHRONOUS, ERR_IO_PENDING);
     hanging_data->set_connect_data(hanging_connect);
@@ -582,25 +645,26 @@ class QuicNetworkTransactionTest
   }
 
   MockClock* clock_;  // Owned by QuicStreamFactory after CreateSession.
-  QuicTestPacketMaker maker_;
-  scoped_ptr<HttpNetworkSession> session_;
+  QuicTestPacketMaker client_maker_;
+  QuicTestPacketMaker server_maker_;
+  std::unique_ptr<HttpNetworkSession> session_;
   MockClientSocketFactory socket_factory_;
   ProofVerifyDetailsChromium verify_details_;
   MockCryptoClientStreamFactory crypto_client_stream_factory_;
   MockHostResolver host_resolver_;
   MockCertVerifier cert_verifier_;
   TransportSecurityState transport_security_state_;
-  scoped_ptr<CTVerifier> cert_transparency_verifier_;
+  std::unique_ptr<CTVerifier> cert_transparency_verifier_;
   TestSocketPerformanceWatcherFactory test_socket_performance_watcher_factory_;
   scoped_refptr<SSLConfigServiceDefaults> ssl_config_service_;
-  scoped_ptr<ProxyService> proxy_service_;
-  scoped_ptr<HttpAuthHandlerFactory> auth_handler_factory_;
+  std::unique_ptr<ProxyService> proxy_service_;
+  std::unique_ptr<HttpAuthHandlerFactory> auth_handler_factory_;
   MockRandom random_generator_;
   HttpServerPropertiesImpl http_server_properties_;
   HttpNetworkSession::Params params_;
   HttpRequestInfo request_;
   BoundTestNetLog net_log_;
-  std::vector<scoped_ptr<StaticSocketDataProvider>> hanging_data_;
+  std::vector<std::unique_ptr<StaticSocketDataProvider>> hanging_data_;
   SSLSocketDataProvider ssl_data_;
 
  private:
@@ -608,7 +672,7 @@ class QuicNetworkTransactionTest
       const std::string& expected,
       bool used_proxy,
       uint16_t port) {
-    scoped_ptr<HttpNetworkTransaction> trans(
+    std::unique_ptr<HttpNetworkTransaction> trans(
         new HttpNetworkTransaction(DEFAULT_PRIORITY, session_.get()));
     ProxyHeadersHandler proxy_headers_handler;
     trans->SetBeforeProxyHeadersSentCallback(
@@ -631,14 +695,14 @@ TEST_P(QuicNetworkTransactionTest, ForceQuic) {
       HostPortPair::FromString("mail.example.org:443"));
 
   MockQuicData mock_quic_data;
-  mock_quic_data.AddWrite(
-      ConstructRequestHeadersPacket(1, kClientDataStreamId1, true, true,
-                                    GetRequestHeaders("GET", "https", "/")));
-  mock_quic_data.AddRead(ConstructResponseHeadersPacket(
+  mock_quic_data.AddWrite(ConstructClientRequestHeadersPacket(
+      1, kClientDataStreamId1, true, true,
+      GetRequestHeaders("GET", "https", "/")));
+  mock_quic_data.AddRead(ConstructServerResponseHeadersPacket(
       1, kClientDataStreamId1, false, false, GetResponseHeaders("200 OK")));
-  mock_quic_data.AddRead(
-      ConstructDataPacket(2, kClientDataStreamId1, false, true, 0, "hello!"));
-  mock_quic_data.AddWrite(ConstructAckPacket(2, 1));
+  mock_quic_data.AddRead(ConstructServerDataPacket(2, kClientDataStreamId1,
+                                                   false, true, 0, "hello!"));
+  mock_quic_data.AddWrite(ConstructClientAckPacket(2, 1));
   mock_quic_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING);  // No more data to read
 
   mock_quic_data.AddSocketDataToFactory(&socket_factory_);
@@ -647,7 +711,6 @@ TEST_P(QuicNetworkTransactionTest, ForceQuic) {
   // the alternate-protocol job will "win".
   AddHangingNonAlternateProtocolSocketData();
 
-  params_.parse_alternative_services = false;
   params_.enable_alternative_service_with_different_host = false;
   CreateSession();
 
@@ -697,19 +760,19 @@ TEST_P(QuicNetworkTransactionTest, ForceQuic) {
 }
 
 TEST_P(QuicNetworkTransactionTest, QuicProxy) {
-  params_.enable_quic_for_proxies = true;
+  params_.enable_quic = true;
   proxy_service_ =
       ProxyService::CreateFixedFromPacResult("QUIC mail.example.org:70");
 
   MockQuicData mock_quic_data;
-  mock_quic_data.AddWrite(
-      ConstructRequestHeadersPacket(1, kClientDataStreamId1, true, true,
-                                    GetRequestHeaders("GET", "http", "/")));
-  mock_quic_data.AddRead(ConstructResponseHeadersPacket(
+  mock_quic_data.AddWrite(ConstructClientRequestHeadersPacket(
+      1, kClientDataStreamId1, true, true,
+      GetRequestHeaders("GET", "http", "/")));
+  mock_quic_data.AddRead(ConstructServerResponseHeadersPacket(
       1, kClientDataStreamId1, false, false, GetResponseHeaders("200 OK")));
-  mock_quic_data.AddRead(
-      ConstructDataPacket(2, kClientDataStreamId1, false, true, 0, "hello!"));
-  mock_quic_data.AddWrite(ConstructAckPacket(2, 1));
+  mock_quic_data.AddRead(ConstructServerDataPacket(2, kClientDataStreamId1,
+                                                   false, true, 0, "hello!"));
+  mock_quic_data.AddWrite(ConstructClientAckPacket(2, 1));
   mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING);  // No more data to read
   mock_quic_data.AddRead(ASYNC, 0);               // EOF
 
@@ -721,7 +784,6 @@ TEST_P(QuicNetworkTransactionTest, QuicProxy) {
   // no attempt will be made to speak to the proxy over TCP.
 
   request_.url = GURL("http://mail.example.org/");
-  params_.parse_alternative_services = false;
   params_.enable_alternative_service_with_different_host = false;
   CreateSession();
 
@@ -737,20 +799,20 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyWithCert) {
   const std::string origin_host = "mail.example.com";
   const std::string proxy_host = "www.example.org";
 
-  params_.enable_quic_for_proxies = true;
+  params_.enable_quic = true;
   proxy_service_ =
       ProxyService::CreateFixedFromPacResult("QUIC " + proxy_host + ":70");
 
-  maker_.set_hostname(origin_host);
+  client_maker_.set_hostname(origin_host);
   MockQuicData mock_quic_data;
-  mock_quic_data.AddWrite(
-      ConstructRequestHeadersPacket(1, kClientDataStreamId1, true, true,
-                                    GetRequestHeaders("GET", "http", "/")));
-  mock_quic_data.AddRead(ConstructResponseHeadersPacket(
+  mock_quic_data.AddWrite(ConstructClientRequestHeadersPacket(
+      1, kClientDataStreamId1, true, true,
+      GetRequestHeaders("GET", "http", "/")));
+  mock_quic_data.AddRead(ConstructServerResponseHeadersPacket(
       1, kClientDataStreamId1, false, false, GetResponseHeaders("200 OK")));
-  mock_quic_data.AddRead(
-      ConstructDataPacket(2, kClientDataStreamId1, false, true, 0, "hello!"));
-  mock_quic_data.AddWrite(ConstructAckPacket(2, 1));
+  mock_quic_data.AddRead(ConstructServerDataPacket(2, kClientDataStreamId1,
+                                                   false, true, 0, "hello!"));
+  mock_quic_data.AddWrite(ConstructClientAckPacket(2, 1));
   mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING);  // No more data to read
   mock_quic_data.AddRead(ASYNC, 0);
   mock_quic_data.AddSocketDataToFactory(&socket_factory_);
@@ -795,16 +857,16 @@ TEST_P(QuicNetworkTransactionTest, AlternativeServicesDifferentHost) {
   verify_details.cert_verify_result.verified_cert = cert;
   crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details);
 
-  maker_.set_hostname(origin.host());
+  client_maker_.set_hostname(origin.host());
   MockQuicData mock_quic_data;
-  mock_quic_data.AddWrite(
-      ConstructRequestHeadersPacket(1, kClientDataStreamId1, true, true,
-                                    GetRequestHeaders("GET", "https", "/")));
-  mock_quic_data.AddRead(ConstructResponseHeadersPacket(
+  mock_quic_data.AddWrite(ConstructClientRequestHeadersPacket(
+      1, kClientDataStreamId1, true, true,
+      GetRequestHeaders("GET", "https", "/")));
+  mock_quic_data.AddRead(ConstructServerResponseHeadersPacket(
       1, kClientDataStreamId1, false, false, GetResponseHeaders("200 OK")));
-  mock_quic_data.AddRead(
-      ConstructDataPacket(2, kClientDataStreamId1, false, true, 0, "hello!"));
-  mock_quic_data.AddWrite(ConstructAckPacket(2, 1));
+  mock_quic_data.AddRead(ConstructServerDataPacket(2, kClientDataStreamId1,
+                                                   false, true, 0, "hello!"));
+  mock_quic_data.AddWrite(ConstructClientAckPacket(2, 1));
   mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING);  // No more data to read
   mock_quic_data.AddRead(ASYNC, 0);
   mock_quic_data.AddSocketDataToFactory(&socket_factory_);
@@ -833,13 +895,12 @@ TEST_P(QuicNetworkTransactionTest, ForceQuicWithErrorConnecting) {
   mock_quic_data1.AddSocketDataToFactory(&socket_factory_);
   mock_quic_data2.AddSocketDataToFactory(&socket_factory_);
 
-  params_.parse_alternative_services = false;
   params_.enable_alternative_service_with_different_host = false;
   CreateSession();
 
   EXPECT_EQ(0U, test_socket_performance_watcher_factory_.watcher_count());
   for (size_t i = 0; i < 2; ++i) {
-    scoped_ptr<HttpNetworkTransaction> trans(
+    std::unique_ptr<HttpNetworkTransaction> trans(
         new HttpNetworkTransaction(DEFAULT_PRIORITY, session_.get()));
     TestCompletionCallback callback;
     int rv = trans->Start(&request_, callback.callback(), net_log_.bound());
@@ -864,7 +925,6 @@ TEST_P(QuicNetworkTransactionTest, DoNotForceQuicForHttps) {
   SSLSocketDataProvider ssl(ASYNC, OK);
   socket_factory_.AddSSLSocketDataProvider(&ssl);
 
-  params_.parse_alternative_services = false;
   params_.enable_alternative_service_with_different_host = false;
   CreateSession();
 
@@ -885,14 +945,14 @@ TEST_P(QuicNetworkTransactionTest, UseAlternativeServiceForQuic) {
   socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
 
   MockQuicData mock_quic_data;
-  mock_quic_data.AddWrite(
-      ConstructRequestHeadersPacket(1, kClientDataStreamId1, true, true,
-                                    GetRequestHeaders("GET", "https", "/")));
-  mock_quic_data.AddRead(ConstructResponseHeadersPacket(
+  mock_quic_data.AddWrite(ConstructClientRequestHeadersPacket(
+      1, kClientDataStreamId1, true, true,
+      GetRequestHeaders("GET", "https", "/")));
+  mock_quic_data.AddRead(ConstructServerResponseHeadersPacket(
       1, kClientDataStreamId1, false, false, GetResponseHeaders("200 OK")));
-  mock_quic_data.AddRead(
-      ConstructDataPacket(2, kClientDataStreamId1, false, true, 0, "hello!"));
-  mock_quic_data.AddWrite(ConstructAckPacket(2, 1));
+  mock_quic_data.AddRead(ConstructServerDataPacket(2, kClientDataStreamId1,
+                                                   false, true, 0, "hello!"));
+  mock_quic_data.AddWrite(ConstructClientAckPacket(2, 1));
   mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING);  // No more data to read
   mock_quic_data.AddRead(ASYNC, 0);               // EOF
 
@@ -920,14 +980,14 @@ TEST_P(QuicNetworkTransactionTest,
   socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
 
   MockQuicData mock_quic_data;
-  mock_quic_data.AddWrite(
-      ConstructRequestHeadersPacket(1, kClientDataStreamId1, true, true,
-                                    GetRequestHeaders("GET", "https", "/")));
-  mock_quic_data.AddRead(ConstructResponseHeadersPacket(
+  mock_quic_data.AddWrite(ConstructClientRequestHeadersPacket(
+      1, kClientDataStreamId1, true, true,
+      GetRequestHeaders("GET", "https", "/")));
+  mock_quic_data.AddRead(ConstructServerResponseHeadersPacket(
       1, kClientDataStreamId1, false, false, GetResponseHeaders("200 OK")));
-  mock_quic_data.AddRead(
-      ConstructDataPacket(2, kClientDataStreamId1, false, true, 0, "hello!"));
-  mock_quic_data.AddWrite(ConstructAckPacket(2, 1));
+  mock_quic_data.AddRead(ConstructServerDataPacket(2, kClientDataStreamId1,
+                                                   false, true, 0, "hello!"));
+  mock_quic_data.AddWrite(ConstructClientAckPacket(2, 1));
   mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING);  // No more data to read
   mock_quic_data.AddRead(ASYNC, 0);               // EOF
 
@@ -940,6 +1000,72 @@ TEST_P(QuicNetworkTransactionTest,
   SendRequestAndExpectQuicResponse("hello!");
 }
 
+TEST_P(QuicNetworkTransactionTest, SetAlternativeServiceWithScheme) {
+  MockRead http_reads[] = {
+      MockRead("HTTP/1.1 200 OK\r\n"),
+      MockRead("Alt-Svc: quic=\"foo.example.org:443\", quic=\":444\"\r\n\r\n"),
+      MockRead("hello world"),
+      MockRead(SYNCHRONOUS, ERR_TEST_PEER_CLOSE_AFTER_NEXT_MOCK_READ),
+      MockRead(ASYNC, OK)};
+
+  StaticSocketDataProvider http_data(http_reads, arraysize(http_reads), nullptr,
+                                     0);
+
+  socket_factory_.AddSocketDataProvider(&http_data);
+  socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
+
+  CreateSession();
+  // Send http request, ignore alternative service advertising if response
+  // header advertises alternative service for mail.example.org.
+  request_.url = GURL("http://mail.example.org:443");
+  SendRequestAndExpectHttpResponse("hello world");
+  base::WeakPtr<HttpServerProperties> http_server_properties =
+      session_->http_server_properties();
+  url::SchemeHostPort http_server("http", "mail.example.org", 443);
+  url::SchemeHostPort https_server("https", "mail.example.org", 443);
+  // Check alternative service is set for the correct origin.
+  EXPECT_EQ(2u,
+            http_server_properties->GetAlternativeServices(http_server).size());
+  EXPECT_EQ(
+      0u, http_server_properties->GetAlternativeServices(https_server).size());
+}
+
+TEST_P(QuicNetworkTransactionTest, DoNotGetAltSvcForDifferentOrigin) {
+  MockRead http_reads[] = {
+      MockRead("HTTP/1.1 200 OK\r\n"),
+      MockRead("Alt-Svc: quic=\"foo.example.org:443\", quic=\":444\"\r\n\r\n"),
+      MockRead("hello world"),
+      MockRead(SYNCHRONOUS, ERR_TEST_PEER_CLOSE_AFTER_NEXT_MOCK_READ),
+      MockRead(ASYNC, OK)};
+
+  StaticSocketDataProvider http_data(http_reads, arraysize(http_reads), nullptr,
+                                     0);
+
+  socket_factory_.AddSocketDataProvider(&http_data);
+  socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
+  socket_factory_.AddSocketDataProvider(&http_data);
+  socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
+
+  CreateSession();
+
+  // Send https request and set alternative services if response header
+  // advertises alternative service for mail.example.org.
+  SendRequestAndExpectHttpResponse("hello world");
+  base::WeakPtr<HttpServerProperties> http_server_properties =
+      session_->http_server_properties();
+
+  const url::SchemeHostPort https_server(request_.url);
+  // Check alternative service is set.
+  AlternativeServiceVector alternative_service_vector =
+      http_server_properties->GetAlternativeServices(https_server);
+  EXPECT_EQ(2u, alternative_service_vector.size());
+
+  // Send http request to the same origin but with diffrent scheme, should not
+  // use QUIC.
+  request_.url = GURL("http://mail.example.org:443");
+  SendRequestAndExpectHttpResponse("hello world");
+}
+
 TEST_P(QuicNetworkTransactionTest, UseAlternativeServiceQuicSupportedVersion) {
   std::string altsvc_header = base::StringPrintf(
       "Alt-Svc: quic=\":443\"; v=\"%u\"\r\n\r\n", GetParam());
@@ -955,14 +1081,14 @@ TEST_P(QuicNetworkTransactionTest, UseAlternativeServiceQuicSupportedVersion) {
   socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
 
   MockQuicData mock_quic_data;
-  mock_quic_data.AddWrite(
-      ConstructRequestHeadersPacket(1, kClientDataStreamId1, true, true,
-                                    GetRequestHeaders("GET", "https", "/")));
-  mock_quic_data.AddRead(ConstructResponseHeadersPacket(
+  mock_quic_data.AddWrite(ConstructClientRequestHeadersPacket(
+      1, kClientDataStreamId1, true, true,
+      GetRequestHeaders("GET", "https", "/")));
+  mock_quic_data.AddRead(ConstructServerResponseHeadersPacket(
       1, kClientDataStreamId1, false, false, GetResponseHeaders("200 OK")));
-  mock_quic_data.AddRead(
-      ConstructDataPacket(2, kClientDataStreamId1, false, true, 0, "hello!"));
-  mock_quic_data.AddWrite(ConstructAckPacket(2, 1));
+  mock_quic_data.AddRead(ConstructServerDataPacket(2, kClientDataStreamId1,
+                                                   false, true, 0, "hello!"));
+  mock_quic_data.AddWrite(ConstructClientAckPacket(2, 1));
   mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING);  // No more data to read
   mock_quic_data.AddRead(ASYNC, 0);               // EOF
 
@@ -977,20 +1103,20 @@ TEST_P(QuicNetworkTransactionTest, UseAlternativeServiceQuicSupportedVersion) {
 
 TEST_P(QuicNetworkTransactionTest, GoAwayWithConnectionMigrationOnPortsOnly) {
   MockQuicData mock_quic_data;
-  mock_quic_data.AddWrite(
-      ConstructRequestHeadersPacket(1, kClientDataStreamId1, true, true,
-                                    GetRequestHeaders("GET", "https", "/")));
-  mock_quic_data.AddRead(ConstructResponseHeadersPacket(
+  mock_quic_data.AddWrite(ConstructClientRequestHeadersPacket(
+      1, kClientDataStreamId1, true, true,
+      GetRequestHeaders("GET", "https", "/")));
+  mock_quic_data.AddRead(ConstructServerResponseHeadersPacket(
       1, kClientDataStreamId1, false, false, GetResponseHeaders("200 OK")));
   // Read a GoAway packet with
   // QuicErrorCode: QUIC_ERROR_MIGRATING_PORT from the peer.
-  mock_quic_data.AddRead(
-      ConstructGoAwayPacket(2, QUIC_ERROR_MIGRATING_PORT,
-                            "connection migration with port change only"));
-  mock_quic_data.AddWrite(ConstructAckPacket(2, 1));
-  mock_quic_data.AddRead(
-      ConstructDataPacket(3, kClientDataStreamId1, false, true, 0, "hello!"));
-  mock_quic_data.AddWrite(ConstructAckAndRstPacket(
+  mock_quic_data.AddRead(ConstructServerGoAwayPacket(
+      2, QUIC_ERROR_MIGRATING_PORT,
+      "connection migration with port change only"));
+  mock_quic_data.AddWrite(ConstructClientAckPacket(2, 1));
+  mock_quic_data.AddRead(ConstructServerDataPacket(3, kClientDataStreamId1,
+                                                   false, true, 0, "hello!"));
+  mock_quic_data.AddWrite(ConstructClientAckAndRstPacket(
       3, kClientDataStreamId1, QUIC_STREAM_CANCELLED, 3, 3, 1));
   mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING);  // No more data to read
   mock_quic_data.AddRead(ASYNC, 0);               // EOF
@@ -1018,7 +1144,7 @@ TEST_P(QuicNetworkTransactionTest, GoAwayWithConnectionMigrationOnPortsOnly) {
   session_->quic_stream_factory()->set_require_confirmation(true);
   AddQuicAlternateProtocolMapping(MockCryptoClientStream::ZERO_RTT);
 
-  scoped_ptr<HttpNetworkTransaction> trans(
+  std::unique_ptr<HttpNetworkTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session_.get()));
   TestCompletionCallback callback;
   int rv = trans->Start(&request_, callback.callback(), net_log_.bound());
@@ -1082,32 +1208,33 @@ TEST_P(QuicNetworkTransactionTest, UseExistingAlternativeServiceForQuic) {
   // Open a session to foo.example.org:443 using the first entry of the
   // alternative service list.
   MockQuicData mock_quic_data;
-  mock_quic_data.AddWrite(ConstructRequestHeadersPacket(
+  mock_quic_data.AddWrite(ConstructClientRequestHeadersPacket(
       1, kClientDataStreamId1, true, true,
       GetRequestHeaders("GET", "https", "/"), &request_header_offset));
 
   std::string alt_svc_list =
       "quic=\"mail.example.org:444\", quic=\"foo.example.org:443\", "
       "quic=\"bar.example.org:445\"";
-  mock_quic_data.AddRead(ConstructResponseHeadersPacket(
+  mock_quic_data.AddRead(ConstructServerResponseHeadersPacket(
       1, kClientDataStreamId1, false, false,
       GetResponseHeaders("200 OK", alt_svc_list), &response_header_offset));
-  mock_quic_data.AddRead(
-      ConstructDataPacket(2, kClientDataStreamId1, false, true, 0, "hello!"));
-  mock_quic_data.AddWrite(ConstructAckPacket(2, 1));
+  mock_quic_data.AddRead(ConstructServerDataPacket(2, kClientDataStreamId1,
+                                                   false, true, 0, "hello!"));
+  mock_quic_data.AddWrite(ConstructClientAckPacket(2, 1));
 
   // Second QUIC request data.
   // Connection pooling, using existing session, no need to include version
   // as version negotiation has been completed.
-  mock_quic_data.AddWrite(ConstructRequestHeadersPacket(
+  mock_quic_data.AddWrite(ConstructClientRequestHeadersPacket(
       3, kClientDataStreamId2, false, true,
       GetRequestHeaders("GET", "https", "/"), &request_header_offset));
-  mock_quic_data.AddRead(ConstructResponseHeadersPacket(
+  mock_quic_data.AddRead(ConstructServerResponseHeadersPacket(
       3, kClientDataStreamId2, false, false, GetResponseHeaders("200 OK"),
       &response_header_offset));
-  mock_quic_data.AddRead(
-      ConstructDataPacket(4, kClientDataStreamId2, false, true, 0, "hello!"));
-  mock_quic_data.AddWrite(ConstructAckAndConnectionClosePacket(4, 4, 3, 1));
+  mock_quic_data.AddRead(ConstructServerDataPacket(4, kClientDataStreamId2,
+                                                   false, true, 0, "hello!"));
+  mock_quic_data.AddWrite(
+      ConstructClientAckAndConnectionClosePacket(4, 4, 3, 1));
   mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING);  // No more data to read
   mock_quic_data.AddRead(ASYNC, 0);               // EOF
 
@@ -1118,98 +1245,150 @@ TEST_P(QuicNetworkTransactionTest, UseExistingAlternativeServiceForQuic) {
 
   SendRequestAndExpectHttpResponse("hello world");
 
-  SendRequestAndExpectQuicResponseOnPort("hello!", 443);
-  SendRequestAndExpectQuicResponseOnPort("hello!", 443);
+  SendRequestAndExpectQuicResponse("hello!");
+  SendRequestAndExpectQuicResponse("hello!");
 }
 
-// When multiple alternative services that has existing QUIC session.
-// HttpStreamFactoryImpl::RequestStreamInternal() should select the first
-// alternative service which uses existing QUIC session.
-TEST_P(QuicNetworkTransactionTest, UseFirstExistingAlternativeServiceForQuic) {
-  MockRead http_reads[] = {
-      MockRead("HTTP/1.1 200 OK\r\n"),
-      MockRead("Alt-Svc: quic=\"foo.example.org:443\", quic=\":446\"\r\n\r\n"),
-      MockRead("hello world"),
-      MockRead(SYNCHRONOUS, ERR_TEST_PEER_CLOSE_AFTER_NEXT_MOCK_READ),
-      MockRead(ASYNC, OK)};
-
-  StaticSocketDataProvider http_data(http_reads, arraysize(http_reads), nullptr,
-                                     0);
-  socket_factory_.AddSocketDataProvider(&http_data);
-  socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
-
-  QuicStreamOffset request_header_offset = 0;
-  QuicStreamOffset response_header_offset = 0;
-
-  QuicTestPacketMaker maker(GetParam(), 0, clock_, kDefaultServerHostName);
-
+// Pool to existing session with matching QuicServerId
+// even if alternative service destination is different.
+TEST_P(QuicNetworkTransactionTest, PoolByOrigin) {
   MockQuicData mock_quic_data;
-  MockQuicData mock_quic_data2;
-  crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details_);
-  // First QUIC request data.
-  // Open a QUIC session to foo.example.org:443.
-  mock_quic_data.AddWrite(ConstructRequestHeadersPacket(
-      1, kClientDataStreamId1, true, true,
-      GetRequestHeaders("GET", "https", "/"), &request_header_offset));
-
-  std::string alt_svc_list =
-      "quic=\"bar.example.org:444\", quic=\"frog.example.org:445\", "
-      "quic=\"mail.example.org:446\"";
-  // Response header from the server resets the alt_svc list for the origin.
-  mock_quic_data.AddRead(ConstructResponseHeadersPacket(
-      1, kClientDataStreamId1, false, false,
-      GetResponseHeaders("200 OK", alt_svc_list), &response_header_offset));
-  mock_quic_data.AddRead(ConstructDataPacket(2, kClientDataStreamId1, false,
-                                             true, 0, "hello from foo!"));
-  mock_quic_data.AddWrite(ConstructAckPacket(2, 1));
+  QuicStreamOffset request_header_offset(0);
+  QuicStreamOffset response_header_offset(0);
 
-  // Second QUIC request data.
-  // Existing QUIC session to foo.example.org is not viable from the updated
-  // alt_svc. Unable to pool the existing QUIC session.
-  // Open a new QUIC session to bar.example.org:443.
-  mock_quic_data2.AddWrite(ConstructRequestHeadersPacket(
+  // First request.
+  mock_quic_data.AddWrite(ConstructClientRequestHeadersPacket(
       1, kClientDataStreamId1, true, true,
-      GetRequestHeaders("GET", "https", "/"), &maker));
-  alt_svc_list =
-      "quic=\"foo.example.org:443\", quic=\"mail.example.org:446\", "
-      "quic=\"bar.example.org:444\"";
-  // Response header from the server resets the alt_svc list for the origin.
-  mock_quic_data2.AddRead(ConstructResponseHeadersPacket(
-      1, kClientDataStreamId1, false, false,
-      GetResponseHeaders("200 OK", alt_svc_list), &maker));
-  mock_quic_data2.AddRead(ConstructDataPacket(2, kClientDataStreamId1, false,
-                                              true, 0, "hello from bar!"));
-  mock_quic_data2.AddWrite(ConstructAckPacket(2, 1, &maker));
-  mock_quic_data2.AddRead(ASYNC, ERR_IO_PENDING);  // No more data to read
-  mock_quic_data2.AddRead(ASYNC, 0);               // EOF
+      GetRequestHeaders("GET", "https", "/"), &request_header_offset));
+  mock_quic_data.AddRead(ConstructServerResponseHeadersPacket(
+      1, kClientDataStreamId1, false, false, GetResponseHeaders("200 OK"),
+      &response_header_offset));
+  mock_quic_data.AddRead(ConstructServerDataPacket(2, kClientDataStreamId1,
+                                                   false, true, 0, "hello!"));
+  mock_quic_data.AddWrite(ConstructClientAckPacket(2, 1));
 
-  // Third QUIC request data.
-  // Connection pooling, using the first existing session to foo.example.org
-  mock_quic_data.AddWrite(ConstructRequestHeadersPacket(
+  // Second request.
+  mock_quic_data.AddWrite(ConstructClientRequestHeadersPacket(
       3, kClientDataStreamId2, false, true,
       GetRequestHeaders("GET", "https", "/"), &request_header_offset));
-  mock_quic_data.AddRead(ConstructResponseHeadersPacket(
+  mock_quic_data.AddRead(ConstructServerResponseHeadersPacket(
       3, kClientDataStreamId2, false, false, GetResponseHeaders("200 OK"),
       &response_header_offset));
-  mock_quic_data.AddRead(ConstructDataPacket(4, kClientDataStreamId2, false,
-                                             true, 0, "hello from foo!"));
-  mock_quic_data.AddWrite(ConstructAckAndConnectionClosePacket(4, 4, 3, 1));
+  mock_quic_data.AddRead(ConstructServerDataPacket(4, kClientDataStreamId2,
+                                                   false, true, 0, "hello!"));
+  mock_quic_data.AddWrite(
+      ConstructClientAckAndConnectionClosePacket(4, 4, 3, 1));
   mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING);  // No more data to read
   mock_quic_data.AddRead(ASYNC, 0);               // EOF
 
   mock_quic_data.AddSocketDataToFactory(&socket_factory_);
+
+  AddHangingNonAlternateProtocolSocketData();
   AddHangingNonAlternateProtocolSocketData();
 
-  mock_quic_data2.AddSocketDataToFactory(&socket_factory_);
+  CreateSession();
+
+  const char destination1[] = "first.example.com";
+  const char destination2[] = "second.example.com";
+
+  // Set up alternative service entry to destination1.
+  url::SchemeHostPort server(request_.url);
+  AlternativeService alternative_service(QUIC, destination1, 443);
+  base::Time expiration = base::Time::Now() + base::TimeDelta::FromDays(1);
+  http_server_properties_.SetAlternativeService(server, alternative_service,
+                                                expiration);
+  // First request opens connection to |destination1|
+  // with QuicServerId.host() == kDefaultServerHostName.
+  SendRequestAndExpectQuicResponse("hello!");
+
+  // Set up alternative service entry to a different destination.
+  alternative_service = AlternativeService(QUIC, destination2, 443);
+  http_server_properties_.SetAlternativeService(server, alternative_service,
+                                                expiration);
+  // Second request pools to existing connection with same QuicServerId,
+  // even though alternative service destination is different.
+  SendRequestAndExpectQuicResponse("hello!");
+}
+
+// Pool to existing session with matching destination and matching certificate
+// even if origin is different, and even if the alternative service with
+// matching destination is not the first one on the list.
+TEST_P(QuicNetworkTransactionTest, PoolByDestination) {
+  GURL origin1 = request_.url;
+  GURL origin2("https://www.example.org/");
+  ASSERT_NE(origin1.host(), origin2.host());
+
+  MockQuicData mock_quic_data;
+  QuicStreamOffset request_header_offset(0);
+  QuicStreamOffset response_header_offset(0);
+
+  // First request.
+  mock_quic_data.AddWrite(ConstructClientRequestHeadersPacket(
+      1, kClientDataStreamId1, true, true,
+      GetRequestHeaders("GET", "https", "/"), &request_header_offset));
+  mock_quic_data.AddRead(ConstructServerResponseHeadersPacket(
+      1, kClientDataStreamId1, false, false, GetResponseHeaders("200 OK"),
+      &response_header_offset));
+  mock_quic_data.AddRead(ConstructServerDataPacket(2, kClientDataStreamId1,
+                                                   false, true, 0, "hello!"));
+  mock_quic_data.AddWrite(ConstructClientAckPacket(2, 1));
+
+  // Second request.
+  QuicTestPacketMaker client_maker2(GetParam(), 0, clock_, origin2.host(),
+                                    Perspective::IS_CLIENT);
+  QuicTestPacketMaker server_maker2(GetParam(), 0, clock_, origin2.host(),
+                                    Perspective::IS_SERVER);
+  mock_quic_data.AddWrite(ConstructClientRequestHeadersPacket(
+      3, kClientDataStreamId2, false, true,
+      GetRequestHeaders("GET", "https", "/", &client_maker2),
+      &request_header_offset, &client_maker2));
+  mock_quic_data.AddRead(ConstructServerResponseHeadersPacket(
+      3, kClientDataStreamId2, false, false, GetResponseHeaders("200 OK"),
+      &response_header_offset, &server_maker2));
+  mock_quic_data.AddRead(ConstructServerDataPacket(4, kClientDataStreamId2,
+                                                   false, true, 0, "hello!"));
+  mock_quic_data.AddWrite(
+      ConstructClientAckAndConnectionClosePacket(4, 4, 3, 1));
+  mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING);  // No more data to read
+  mock_quic_data.AddRead(ASYNC, 0);               // EOF
+
+  mock_quic_data.AddSocketDataToFactory(&socket_factory_);
 
   AddHangingNonAlternateProtocolSocketData();
+  AddHangingNonAlternateProtocolSocketData();
 
   CreateSession();
 
-  SendRequestAndExpectHttpResponse("hello world");
-  SendRequestAndExpectQuicResponseOnPort("hello from foo!", 443);
-  SendRequestAndExpectQuicResponseOnPort("hello from bar!", 444);
-  SendRequestAndExpectQuicResponseOnPort("hello from foo!", 443);
+  const char destination1[] = "first.example.com";
+  const char destination2[] = "second.example.com";
+
+  // Set up alternative service for |origin1|.
+  AlternativeService alternative_service1(QUIC, destination1, 443);
+  base::Time expiration = base::Time::Now() + base::TimeDelta::FromDays(1);
+  http_server_properties_.SetAlternativeService(
+      url::SchemeHostPort(origin1), alternative_service1, expiration);
+
+  // Set up multiple alternative service entries for |origin2|,
+  // the first one with a different destination as for |origin1|,
+  // the second one with the same.  The second one should be used,
+  // because the request can be pooled to that one.
+  AlternativeService alternative_service2(QUIC, destination2, 443);
+  AlternativeServiceInfoVector alternative_services;
+  alternative_services.push_back(
+      AlternativeServiceInfo(alternative_service2, expiration));
+  alternative_services.push_back(
+      AlternativeServiceInfo(alternative_service1, expiration));
+  http_server_properties_.SetAlternativeServices(url::SchemeHostPort(origin2),
+                                                 alternative_services);
+  // First request opens connection to |destination1|
+  // with QuicServerId.host() == origin1.host().
+  SendRequestAndExpectQuicResponse("hello!");
+
+  // Second request pools to existing connection with same destination,
+  // because certificate matches, even though QuicServerId is different.
+  request_.url = origin2;
+
+  SendRequestAndExpectQuicResponse("hello!");
 }
 
 // Multiple origins have listed the same alternative services. When there's a
@@ -1249,38 +1428,41 @@ TEST_P(QuicNetworkTransactionTest,
   QuicStreamOffset request_header_offset = 0;
   QuicStreamOffset response_header_offset = 0;
 
-  QuicTestPacketMaker maker(GetParam(), 0, clock_, "mail.example.org");
-  maker_.set_hostname("www.example.org");
+  QuicTestPacketMaker client_maker(GetParam(), 0, clock_, "mail.example.org",
+                                   Perspective::IS_CLIENT);
+  server_maker_.set_hostname("www.example.org");
+  client_maker_.set_hostname("www.example.org");
   MockQuicData mock_quic_data;
 
   // First QUIC request data.
-  mock_quic_data.AddWrite(ConstructRequestHeadersPacket(
+  mock_quic_data.AddWrite(ConstructClientRequestHeadersPacket(
       1, kClientDataStreamId1, true, true,
       GetRequestHeaders("GET", "https", "/"), &request_header_offset));
 
-  mock_quic_data.AddRead(ConstructResponseHeadersPacket(
+  mock_quic_data.AddRead(ConstructServerResponseHeadersPacket(
       1, kClientDataStreamId1, false, false, GetResponseHeaders("200 OK"),
       &response_header_offset));
-  mock_quic_data.AddRead(ConstructDataPacket(2, kClientDataStreamId1, false,
-                                             true, 0, "hello from mail QUIC!"));
-  mock_quic_data.AddWrite(ConstructAckPacket(2, 1));
+  mock_quic_data.AddRead(ConstructServerDataPacket(
+      2, kClientDataStreamId1, false, true, 0, "hello from mail QUIC!"));
+  mock_quic_data.AddWrite(ConstructClientAckPacket(2, 1));
   // Second QUIC request data.
-  mock_quic_data.AddWrite(ConstructRequestHeadersPacket(
+  mock_quic_data.AddWrite(ConstructClientRequestHeadersPacket(
       3, kClientDataStreamId2, false, true,
-      GetRequestHeaders("GET", "https", "/", maker), &request_header_offset,
-      &maker));
-  mock_quic_data.AddRead(ConstructResponseHeadersPacket(
+      GetRequestHeaders("GET", "https", "/", &client_maker),
+      &request_header_offset, &client_maker));
+  mock_quic_data.AddRead(ConstructServerResponseHeadersPacket(
       3, kClientDataStreamId2, false, false, GetResponseHeaders("200 OK"),
       &response_header_offset));
-  mock_quic_data.AddRead(ConstructDataPacket(4, kClientDataStreamId2, false,
-                                             true, 0, "hello from mail QUIC!"));
-  mock_quic_data.AddWrite(ConstructAckAndConnectionClosePacket(4, 4, 3, 1));
+  mock_quic_data.AddRead(ConstructServerDataPacket(
+      4, kClientDataStreamId2, false, true, 0, "hello from mail QUIC!"));
+  mock_quic_data.AddWrite(
+      ConstructClientAckAndConnectionClosePacket(4, 4, 3, 1));
   mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING);  // No more data to read
   mock_quic_data.AddRead(ASYNC, 0);               // EOF
 
   mock_quic_data.AddSocketDataToFactory(&socket_factory_);
-  AddHangingNonAlternateProtocolSocketData();
 
+  AddHangingNonAlternateProtocolSocketData();
   CreateSession();
 
   // Send two HTTP requests, responses set up alt-svc lists for the origins.
@@ -1292,106 +1474,11 @@ TEST_P(QuicNetworkTransactionTest,
   // Open a QUIC session to mail.example.org:443 when making request
   // to mail.example.org.
   request_.url = GURL("https://www.example.org/");
-  SendRequestAndExpectQuicResponseOnPort("hello from mail QUIC!", 443);
+  SendRequestAndExpectQuicResponse("hello from mail QUIC!");
 
   // Uses the existing QUIC session when making request to www.example.org.
   request_.url = GURL("https://mail.example.org/");
-  SendRequestAndExpectQuicResponseOnPort("hello from mail QUIC!", 443);
-}
-
-// Multiple origins have listed the same alternative services. When there's a
-// existing QUIC session opened by a request to other origin,
-// if the cert is NOT valid, should ignore this QUIC session.
-TEST_P(QuicNetworkTransactionTest,
-       DoNotUseSharedExistingAlternativeServiceForQuicWithInvalidCert) {
-  // Default cert is valid *.example.org
-  // NOT valid for mail.example.com.
-
-  // HTTP data for request to mail.example.org.
-  MockRead http_reads[] = {
-      MockRead("HTTP/1.1 200 OK\r\n"),
-      MockRead("Alt-Svc: quic=\":443\"\r\n\r\n"),
-      MockRead("hello world from mail.example.org"),
-      MockRead(SYNCHRONOUS, ERR_TEST_PEER_CLOSE_AFTER_NEXT_MOCK_READ),
-      MockRead(ASYNC, OK)};
-
-  StaticSocketDataProvider http_data(http_reads, arraysize(http_reads), nullptr,
-                                     0);
-  socket_factory_.AddSocketDataProvider(&http_data);
-  socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
-
-  // HTTP data for request to mail.example.com.
-  MockRead http_reads2[] = {
-      MockRead("HTTP/1.1 200 OK\r\n"),
-      MockRead("Alt-Svc: quic=\":444\", quic=\"mail.example.org:443\"\r\n\r\n"),
-      MockRead("hello world from mail.example.com"),
-      MockRead(SYNCHRONOUS, ERR_TEST_PEER_CLOSE_AFTER_NEXT_MOCK_READ),
-      MockRead(ASYNC, OK)};
-
-  StaticSocketDataProvider http_data2(http_reads2, arraysize(http_reads2),
-                                      nullptr, 0);
-  socket_factory_.AddSocketDataProvider(&http_data2);
-  socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
-
-  QuicTestPacketMaker maker(GetParam(), 0, clock_, "mail.example.org");
-  maker.set_hostname("mail.example.com");
-  MockQuicData mock_quic_data;
-  MockQuicData mock_quic_data2;
-
-  // Adding a valid cert for *.example.org but not mail.example.com.
-  ProofVerifyDetailsChromium verify_details;
-  scoped_refptr<X509Certificate> cert(
-      ImportCertFromFile(GetTestCertsDirectory(), "spdy_pooling.pem"));
-  verify_details.cert_verify_result.verified_cert = cert;
-  verify_details.cert_verify_result.is_issued_by_known_root = true;
-  crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details);
-
-  // First QUIC request data.
-  mock_quic_data.AddWrite(
-      ConstructRequestHeadersPacket(1, kClientDataStreamId1, true, true,
-                                    GetRequestHeaders("GET", "https", "/")));
-  mock_quic_data.AddRead(ConstructResponseHeadersPacket(
-      1, kClientDataStreamId1, false, false, GetResponseHeaders("200 OK")));
-  mock_quic_data.AddRead(ConstructDataPacket(2, kClientDataStreamId1, false,
-                                             true, 0, "hello from mail QUIC!"));
-  mock_quic_data.AddWrite(ConstructAckPacket(2, 1));
-  mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING);  // No more data to read
-  mock_quic_data.AddRead(ASYNC, 0);               // EOF
-
-  // First QUIC request data.
-  mock_quic_data2.AddWrite(ConstructRequestHeadersPacket(
-      1, kClientDataStreamId1, true, true,
-      GetRequestHeaders("GET", "https", "/", maker), &maker));
-  mock_quic_data2.AddRead(
-      ConstructResponseHeadersPacket(1, kClientDataStreamId1, false, false,
-                                     GetResponseHeaders("200 OK"), &maker));
-  mock_quic_data2.AddRead(ConstructDataPacket(
-      2, kClientDataStreamId1, false, true, 0, "hello from docs QUIC!"));
-  mock_quic_data2.AddWrite(ConstructAckPacket(2, 1, &maker));
-  mock_quic_data2.AddRead(ASYNC, ERR_IO_PENDING);  // No more data to read
-  mock_quic_data2.AddRead(ASYNC, 0);               // EOF
-
-  mock_quic_data.AddSocketDataToFactory(&socket_factory_);
-  AddHangingNonAlternateProtocolSocketData();
-
-  mock_quic_data2.AddSocketDataToFactory(&socket_factory_);
-  AddHangingNonAlternateProtocolSocketData();
-
-  CreateSession();
-
-  // Send HTTP requests, responses set up the alt-svc lists for the origins.
-  SendRequestAndExpectHttpResponse("hello world from mail.example.org");
-  request_.url = GURL("https://mail.example.com/");
-  SendRequestAndExpectHttpResponse("hello world from mail.example.com");
-
-  // Open a QUIC session to mail.example.org:443 when making request
-  // to mail.example.org.
-  request_.url = GURL("https://mail.example.org/");
-  SendRequestAndExpectQuicResponseOnPort("hello from mail QUIC!", 443);
-
-  // Open another new QUIC session to mail.example.com:444.
-  request_.url = GURL("https://mail.example.com/");
-  SendRequestAndExpectQuicResponseOnPort("hello from docs QUIC!", 444);
+  SendRequestAndExpectQuicResponse("hello from mail QUIC!");
 }
 
 TEST_P(QuicNetworkTransactionTest, AlternativeServiceDifferentPort) {
@@ -1407,25 +1494,19 @@ TEST_P(QuicNetworkTransactionTest, AlternativeServiceDifferentPort) {
   socket_factory_.AddSocketDataProvider(&http_data);
   socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
 
-  MockQuicData mock_quic_data;
-  mock_quic_data.AddWrite(
-      ConstructRequestHeadersPacket(1, kClientDataStreamId1, true, true,
-                                    GetRequestHeaders("GET", "https", "/")));
-  mock_quic_data.AddRead(ConstructResponseHeadersPacket(
-      1, kClientDataStreamId1, false, false, GetResponseHeaders("200 OK")));
-  mock_quic_data.AddRead(
-      ConstructDataPacket(2, kClientDataStreamId1, false, true, 0, "hello!"));
-  mock_quic_data.AddWrite(ConstructAckPacket(2, 1));
-  mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING);  // No more data to read
-  mock_quic_data.AddRead(ASYNC, 0);               // EOF
-
-  mock_quic_data.AddSocketDataToFactory(&socket_factory_);
-
   AddHangingNonAlternateProtocolSocketData();
   CreateSession();
 
   SendRequestAndExpectHttpResponse("hello world");
-  SendRequestAndExpectQuicResponseOnPort("hello!", 137);
+
+  url::SchemeHostPort http_server("https", kDefaultServerHostName, 443);
+  AlternativeServiceVector alternative_service_vector =
+      http_server_properties_.GetAlternativeServices(http_server);
+  ASSERT_EQ(1u, alternative_service_vector.size());
+  const AlternativeService alternative_service = alternative_service_vector[0];
+  EXPECT_EQ(QUIC, alternative_service_vector[0].protocol);
+  EXPECT_EQ(kDefaultServerHostName, alternative_service_vector[0].host);
+  EXPECT_EQ(137, alternative_service_vector[0].port);
 }
 
 TEST_P(QuicNetworkTransactionTest, ConfirmAlternativeService) {
@@ -1441,14 +1522,14 @@ TEST_P(QuicNetworkTransactionTest, ConfirmAlternativeService) {
   socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
 
   MockQuicData mock_quic_data;
-  mock_quic_data.AddWrite(
-      ConstructRequestHeadersPacket(1, kClientDataStreamId1, true, true,
-                                    GetRequestHeaders("GET", "https", "/")));
-  mock_quic_data.AddRead(ConstructResponseHeadersPacket(
+  mock_quic_data.AddWrite(ConstructClientRequestHeadersPacket(
+      1, kClientDataStreamId1, true, true,
+      GetRequestHeaders("GET", "https", "/")));
+  mock_quic_data.AddRead(ConstructServerResponseHeadersPacket(
       1, kClientDataStreamId1, false, false, GetResponseHeaders("200 OK")));
-  mock_quic_data.AddRead(
-      ConstructDataPacket(2, kClientDataStreamId1, false, true, 0, "hello!"));
-  mock_quic_data.AddWrite(ConstructAckPacket(2, 1));
+  mock_quic_data.AddRead(ConstructServerDataPacket(2, kClientDataStreamId1,
+                                                   false, true, 0, "hello!"));
+  mock_quic_data.AddWrite(ConstructClientAckPacket(2, 1));
   mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING);  // No more data to read
   mock_quic_data.AddRead(ASYNC, 0);               // EOF
 
@@ -1486,14 +1567,14 @@ TEST_P(QuicNetworkTransactionTest, UseAlternativeServiceForQuicForHttps) {
   socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
 
   MockQuicData mock_quic_data;
-  mock_quic_data.AddWrite(
-      ConstructRequestHeadersPacket(1, kClientDataStreamId1, true, true,
-                                    GetRequestHeaders("GET", "https", "/")));
-  mock_quic_data.AddRead(ConstructResponseHeadersPacket(
+  mock_quic_data.AddWrite(ConstructClientRequestHeadersPacket(
+      1, kClientDataStreamId1, true, true,
+      GetRequestHeaders("GET", "https", "/")));
+  mock_quic_data.AddRead(ConstructServerResponseHeadersPacket(
       1, kClientDataStreamId1, false, false, GetResponseHeaders("200 OK")));
-  mock_quic_data.AddRead(
-      ConstructDataPacket(2, kClientDataStreamId1, false, true, 0, "hello!"));
-  mock_quic_data.AddWrite(ConstructAckPacket(2, 1));
+  mock_quic_data.AddRead(ConstructServerDataPacket(2, kClientDataStreamId1,
+                                                   false, true, 0, "hello!"));
+  mock_quic_data.AddWrite(ConstructClientAckPacket(2, 1));
   mock_quic_data.AddRead(SYNCHRONOUS, 0);  // EOF
 
   mock_quic_data.AddSocketDataToFactory(&socket_factory_);
@@ -1518,14 +1599,14 @@ TEST_P(QuicNetworkTransactionTest, UseAlternateProtocolForQuic) {
   socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
 
   MockQuicData mock_quic_data;
-  mock_quic_data.AddWrite(
-      ConstructRequestHeadersPacket(1, kClientDataStreamId1, true, true,
-                                    GetRequestHeaders("GET", "https", "/")));
-  mock_quic_data.AddRead(ConstructResponseHeadersPacket(
+  mock_quic_data.AddWrite(ConstructClientRequestHeadersPacket(
+      1, kClientDataStreamId1, true, true,
+      GetRequestHeaders("GET", "https", "/")));
+  mock_quic_data.AddRead(ConstructServerResponseHeadersPacket(
       1, kClientDataStreamId1, false, false, GetResponseHeaders("200 OK")));
-  mock_quic_data.AddRead(
-      ConstructDataPacket(2, kClientDataStreamId1, false, true, 0, "hello!"));
-  mock_quic_data.AddWrite(ConstructAckPacket(2, 1));
+  mock_quic_data.AddRead(ConstructServerDataPacket(2, kClientDataStreamId1,
+                                                   false, true, 0, "hello!"));
+  mock_quic_data.AddWrite(ConstructClientAckPacket(2, 1));
   mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING);  // No more data to read
   mock_quic_data.AddRead(ASYNC, 0);               // EOF
 
@@ -1557,14 +1638,14 @@ TEST_P(QuicNetworkTransactionTest, UseAlternateProtocolWithProbabilityForQuic) {
   socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
 
   MockQuicData mock_quic_data;
-  mock_quic_data.AddWrite(
-      ConstructRequestHeadersPacket(1, kClientDataStreamId1, true, true,
-                                    GetRequestHeaders("GET", "https", "/")));
-  mock_quic_data.AddRead(ConstructResponseHeadersPacket(
+  mock_quic_data.AddWrite(ConstructClientRequestHeadersPacket(
+      1, kClientDataStreamId1, true, true,
+      GetRequestHeaders("GET", "https", "/")));
+  mock_quic_data.AddRead(ConstructServerResponseHeadersPacket(
       1, kClientDataStreamId1, false, false, GetResponseHeaders("200 OK")));
-  mock_quic_data.AddRead(
-      ConstructDataPacket(2, kClientDataStreamId1, false, true, 0, "hello!"));
-  mock_quic_data.AddWrite(ConstructAckPacket(2, 1));
+  mock_quic_data.AddRead(ConstructServerDataPacket(2, kClientDataStreamId1,
+                                                   false, true, 0, "hello!"));
+  mock_quic_data.AddWrite(ConstructClientAckPacket(2, 1));
   mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING);  // No more data to read
   mock_quic_data.AddRead(ASYNC, 0);               // EOF
 
@@ -1595,20 +1676,6 @@ TEST_P(QuicNetworkTransactionTest, AlternateProtocolDifferentPort) {
   socket_factory_.AddSocketDataProvider(&http_data);
   socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
 
-  MockQuicData mock_quic_data;
-  mock_quic_data.AddWrite(
-      ConstructRequestHeadersPacket(1, kClientDataStreamId1, true, true,
-                                    GetRequestHeaders("GET", "https", "/")));
-  mock_quic_data.AddRead(ConstructResponseHeadersPacket(
-      1, kClientDataStreamId1, false, false, GetResponseHeaders("200 OK")));
-  mock_quic_data.AddRead(
-      ConstructDataPacket(2, kClientDataStreamId1, false, true, 0, "hello!"));
-  mock_quic_data.AddWrite(ConstructAckPacket(2, 1));
-  mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING);  // No more data to read
-  mock_quic_data.AddRead(ASYNC, 0);               // EOF
-
-  mock_quic_data.AddSocketDataToFactory(&socket_factory_);
-
   // The non-alternate protocol job needs to hang in order to guarantee that
   // the alternate-protocol job will "win".
   AddHangingNonAlternateProtocolSocketData();
@@ -1617,7 +1684,15 @@ TEST_P(QuicNetworkTransactionTest, AlternateProtocolDifferentPort) {
   CreateSession();
 
   SendRequestAndExpectHttpResponse("hello world");
-  SendRequestAndExpectQuicResponseOnPort("hello!", 137);
+
+  url::SchemeHostPort http_server("https", kDefaultServerHostName, 443);
+  AlternativeServiceVector alternative_service_vector =
+      http_server_properties_.GetAlternativeServices(http_server);
+  ASSERT_EQ(1u, alternative_service_vector.size());
+  const AlternativeService alternative_service = alternative_service_vector[0];
+  EXPECT_EQ(QUIC, alternative_service_vector[0].protocol);
+  EXPECT_EQ(kDefaultServerHostName, alternative_service_vector[0].host);
+  EXPECT_EQ(137, alternative_service_vector[0].port);
 }
 
 TEST_P(QuicNetworkTransactionTest, ConfirmAlternateProtocol) {
@@ -1633,14 +1708,14 @@ TEST_P(QuicNetworkTransactionTest, ConfirmAlternateProtocol) {
   socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
 
   MockQuicData mock_quic_data;
-  mock_quic_data.AddWrite(
-      ConstructRequestHeadersPacket(1, kClientDataStreamId1, true, true,
-                                    GetRequestHeaders("GET", "https", "/")));
-  mock_quic_data.AddRead(ConstructResponseHeadersPacket(
+  mock_quic_data.AddWrite(ConstructClientRequestHeadersPacket(
+      1, kClientDataStreamId1, true, true,
+      GetRequestHeaders("GET", "https", "/")));
+  mock_quic_data.AddRead(ConstructServerResponseHeadersPacket(
       1, kClientDataStreamId1, false, false, GetResponseHeaders("200 OK")));
-  mock_quic_data.AddRead(
-      ConstructDataPacket(2, kClientDataStreamId1, false, true, 0, "hello!"));
-  mock_quic_data.AddWrite(ConstructAckPacket(2, 1));
+  mock_quic_data.AddRead(ConstructServerDataPacket(2, kClientDataStreamId1,
+                                                   false, true, 0, "hello!"));
+  mock_quic_data.AddWrite(ConstructClientAckPacket(2, 1));
   mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING);  // No more data to read
   mock_quic_data.AddRead(ASYNC, 0);               // EOF
 
@@ -1670,7 +1745,6 @@ TEST_P(QuicNetworkTransactionTest, ConfirmAlternateProtocol) {
 }
 
 TEST_P(QuicNetworkTransactionTest, UseAlternateProtocolForQuicForHttps) {
-  params_.parse_alternative_services = false;
   MockRead http_reads[] = {
       MockRead("HTTP/1.1 200 OK\r\n"), MockRead(kQuicAlternateProtocolHeader),
       MockRead("hello world"),
@@ -1682,14 +1756,14 @@ TEST_P(QuicNetworkTransactionTest, UseAlternateProtocolForQuicForHttps) {
   socket_factory_.AddSocketDataProvider(&http_data);
 
   MockQuicData mock_quic_data;
-  mock_quic_data.AddWrite(
-      ConstructRequestHeadersPacket(1, kClientDataStreamId1, true, true,
-                                    GetRequestHeaders("GET", "https", "/")));
-  mock_quic_data.AddRead(ConstructResponseHeadersPacket(
+  mock_quic_data.AddWrite(ConstructClientRequestHeadersPacket(
+      1, kClientDataStreamId1, true, true,
+      GetRequestHeaders("GET", "https", "/")));
+  mock_quic_data.AddRead(ConstructServerResponseHeadersPacket(
       1, kClientDataStreamId1, false, false, GetResponseHeaders("200 OK")));
-  mock_quic_data.AddRead(
-      ConstructDataPacket(2, kClientDataStreamId1, false, true, 0, "hello!"));
-  mock_quic_data.AddWrite(ConstructAckPacket(2, 1));
+  mock_quic_data.AddRead(ConstructServerDataPacket(2, kClientDataStreamId1,
+                                                   false, true, 0, "hello!"));
+  mock_quic_data.AddWrite(ConstructClientAckPacket(2, 1));
   mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING);  // No more data to read
   mock_quic_data.AddRead(ASYNC, 0);               // EOF
 
@@ -1705,88 +1779,6 @@ TEST_P(QuicNetworkTransactionTest, UseAlternateProtocolForQuicForHttps) {
   SendRequestAndExpectHttpResponse("hello world");
 }
 
-class QuicAltSvcCertificateVerificationTest
-    : public QuicNetworkTransactionTest {
- public:
-  void Run(bool valid) {
-    HostPortPair origin(valid ? "mail.example.org" : "mail.example.com", 443);
-    HostPortPair alternative("www.example.org", 443);
-    std::string url("https://");
-    url.append(origin.host());
-    url.append(":443");
-    request_.url = GURL(url);
-
-    maker_.set_hostname(origin.host());
-    MockQuicData mock_quic_data;
-    mock_quic_data.AddWrite(
-        ConstructRequestHeadersPacket(1, kClientDataStreamId1, true, true,
-                                      GetRequestHeaders("GET", "https", "/")));
-    mock_quic_data.AddRead(ConstructResponseHeadersPacket(
-        1, kClientDataStreamId1, false, false, GetResponseHeaders("200 OK")));
-    mock_quic_data.AddRead(
-        ConstructDataPacket(2, kClientDataStreamId1, false, true, 0, "hello!"));
-    mock_quic_data.AddWrite(ConstructAckPacket(2, 1));
-    mock_quic_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING);
-    mock_quic_data.AddSocketDataToFactory(&socket_factory_);
-
-    scoped_refptr<X509Certificate> cert(
-        ImportCertFromFile(GetTestCertsDirectory(), "wildcard.pem"));
-    ASSERT_TRUE(cert.get());
-    bool common_name_fallback_used;
-    EXPECT_EQ(valid,
-              cert->VerifyNameMatch(origin.host(), &common_name_fallback_used));
-    EXPECT_TRUE(
-        cert->VerifyNameMatch(alternative.host(), &common_name_fallback_used));
-    ProofVerifyDetailsChromium verify_details;
-    verify_details.cert_verify_result.verified_cert = cert;
-    verify_details.cert_verify_result.is_issued_by_known_root = true;
-    crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details);
-    crypto_client_stream_factory_.set_handshake_mode(
-        MockCryptoClientStream::CONFIRM_HANDSHAKE);
-
-    // Connection to |origin| fails, so that success of |request| depends on
-    // connection to |alternate| only.
-    MockConnect refused_connect(ASYNC, ERR_CONNECTION_REFUSED);
-    StaticSocketDataProvider refused_data;
-    refused_data.set_connect_data(refused_connect);
-    socket_factory_.AddSocketDataProvider(&refused_data);
-
-    CreateSession();
-    AlternativeService alternative_service(QUIC, alternative);
-    base::Time expiration = base::Time::Now() + base::TimeDelta::FromDays(1);
-    session_->http_server_properties()->SetAlternativeService(
-        origin, alternative_service, expiration);
-    scoped_ptr<HttpNetworkTransaction> trans(
-        new HttpNetworkTransaction(DEFAULT_PRIORITY, session_.get()));
-    TestCompletionCallback callback;
-    int rv = trans->Start(&request_, callback.callback(), net_log_.bound());
-    EXPECT_EQ(ERR_IO_PENDING, rv);
-    rv = callback.WaitForResult();
-    if (valid) {
-      EXPECT_EQ(OK, rv);
-      CheckWasQuicResponse(trans);
-      CheckResponsePort(trans, 443);
-      CheckResponseData(trans, "hello!");
-    } else {
-      EXPECT_EQ(ERR_CONNECTION_REFUSED, rv);
-    }
-  }
-};
-
-INSTANTIATE_TEST_CASE_P(Version,
-                        QuicAltSvcCertificateVerificationTest,
-                        ::testing::ValuesIn(QuicSupportedVersions()));
-
-TEST_P(QuicAltSvcCertificateVerificationTest,
-       RequestSucceedsWithValidCertificate) {
-  Run(true);
-}
-
-TEST_P(QuicAltSvcCertificateVerificationTest,
-       RequestFailsWithInvalidCertificate) {
-  Run(false);
-}
-
 TEST_P(QuicNetworkTransactionTest, HungAlternateProtocol) {
   params_.parse_alternative_services = false;
   crypto_client_stream_factory_.set_handshake_mode(
@@ -1802,12 +1794,10 @@ TEST_P(QuicNetworkTransactionTest, HungAlternateProtocol) {
       MockRead(SYNCHRONOUS, 4, kQuicAlternateProtocolHeader),
       MockRead(SYNCHRONOUS, 5, "hello world"), MockRead(SYNCHRONOUS, OK, 6)};
 
-  MockClientSocketFactory socket_factory;
-
   SequencedSocketData http_data(http_reads, arraysize(http_reads), http_writes,
                                 arraysize(http_writes));
-  socket_factory.AddSocketDataProvider(&http_data);
-  socket_factory.AddSSLSocketDataProvider(&ssl_data_);
+  socket_factory_.AddSocketDataProvider(&http_data);
+  socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
 
   // The QUIC transaction will not be allowed to complete.
   MockWrite quic_writes[] = {MockWrite(SYNCHRONOUS, ERR_IO_PENDING, 1)};
@@ -1816,15 +1806,15 @@ TEST_P(QuicNetworkTransactionTest, HungAlternateProtocol) {
   };
   SequencedSocketData quic_data(quic_reads, arraysize(quic_reads), quic_writes,
                                 arraysize(quic_writes));
-  socket_factory.AddSocketDataProvider(&quic_data);
+  socket_factory_.AddSocketDataProvider(&quic_data);
 
   // The HTTP transaction will complete.
   SequencedSocketData http_data2(http_reads, arraysize(http_reads), http_writes,
                                  arraysize(http_writes));
-  socket_factory.AddSocketDataProvider(&http_data2);
-  socket_factory.AddSSLSocketDataProvider(&ssl_data_);
+  socket_factory_.AddSocketDataProvider(&http_data2);
+  socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
 
-  CreateSessionWithFactory(&socket_factory);
+  CreateSession();
 
   // Run the first request.
   SendRequestAndExpectHttpResponse("hello world");
@@ -1843,14 +1833,14 @@ TEST_P(QuicNetworkTransactionTest, HungAlternateProtocol) {
 
 TEST_P(QuicNetworkTransactionTest, ZeroRTTWithHttpRace) {
   MockQuicData mock_quic_data;
-  mock_quic_data.AddWrite(
-      ConstructRequestHeadersPacket(1, kClientDataStreamId1, true, true,
-                                    GetRequestHeaders("GET", "https", "/")));
-  mock_quic_data.AddRead(ConstructResponseHeadersPacket(
+  mock_quic_data.AddWrite(ConstructClientRequestHeadersPacket(
+      1, kClientDataStreamId1, true, true,
+      GetRequestHeaders("GET", "https", "/")));
+  mock_quic_data.AddRead(ConstructServerResponseHeadersPacket(
       1, kClientDataStreamId1, false, false, GetResponseHeaders("200 OK")));
-  mock_quic_data.AddRead(
-      ConstructDataPacket(2, kClientDataStreamId1, false, true, 0, "hello!"));
-  mock_quic_data.AddWrite(ConstructAckPacket(2, 1));
+  mock_quic_data.AddRead(ConstructServerDataPacket(2, kClientDataStreamId1,
+                                                   false, true, 0, "hello!"));
+  mock_quic_data.AddWrite(ConstructClientAckPacket(2, 1));
   mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING);  // No more data to read
   mock_quic_data.AddRead(ASYNC, 0);               // EOF
 
@@ -1867,14 +1857,14 @@ TEST_P(QuicNetworkTransactionTest, ZeroRTTWithHttpRace) {
 
 TEST_P(QuicNetworkTransactionTest, ZeroRTTWithNoHttpRace) {
   MockQuicData mock_quic_data;
-  mock_quic_data.AddWrite(
-      ConstructRequestHeadersPacket(1, kClientDataStreamId1, true, true,
-                                    GetRequestHeaders("GET", "https", "/")));
-  mock_quic_data.AddRead(ConstructResponseHeadersPacket(
+  mock_quic_data.AddWrite(ConstructClientRequestHeadersPacket(
+      1, kClientDataStreamId1, true, true,
+      GetRequestHeaders("GET", "https", "/")));
+  mock_quic_data.AddRead(ConstructServerResponseHeadersPacket(
       1, kClientDataStreamId1, false, false, GetResponseHeaders("200 OK")));
-  mock_quic_data.AddRead(
-      ConstructDataPacket(2, kClientDataStreamId1, false, true, 0, "hello!"));
-  mock_quic_data.AddWrite(ConstructAckPacket(2, 1));
+  mock_quic_data.AddRead(ConstructServerDataPacket(2, kClientDataStreamId1,
+                                                   false, true, 0, "hello!"));
+  mock_quic_data.AddWrite(ConstructClientAckPacket(2, 1));
   mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING);  // No more data to read
   mock_quic_data.AddRead(ASYNC, 0);               // EOF
   mock_quic_data.AddSocketDataToFactory(&socket_factory_);
@@ -1890,6 +1880,7 @@ TEST_P(QuicNetworkTransactionTest, ZeroRTTWithNoHttpRace) {
   host_resolver_.Resolve(info, DEFAULT_PRIORITY, &address, CompletionCallback(),
                          nullptr, net_log_.bound());
 
+  AddHangingNonAlternateProtocolSocketData();
   CreateSession();
   AddQuicAlternateProtocolMapping(MockCryptoClientStream::ZERO_RTT);
   SendRequestAndExpectQuicResponse("hello!");
@@ -1932,14 +1923,14 @@ TEST_P(QuicNetworkTransactionTest, ZeroRTTWithProxy) {
 
 TEST_P(QuicNetworkTransactionTest, ZeroRTTWithConfirmationRequired) {
   MockQuicData mock_quic_data;
-  mock_quic_data.AddWrite(
-      ConstructRequestHeadersPacket(1, kClientDataStreamId1, true, true,
-                                    GetRequestHeaders("GET", "https", "/")));
-  mock_quic_data.AddRead(ConstructResponseHeadersPacket(
+  mock_quic_data.AddWrite(ConstructClientRequestHeadersPacket(
+      1, kClientDataStreamId1, true, true,
+      GetRequestHeaders("GET", "https", "/")));
+  mock_quic_data.AddRead(ConstructServerResponseHeadersPacket(
       1, kClientDataStreamId1, false, false, GetResponseHeaders("200 OK")));
-  mock_quic_data.AddRead(
-      ConstructDataPacket(2, kClientDataStreamId1, false, true, 0, "hello!"));
-  mock_quic_data.AddWrite(ConstructAckPacket(2, 1));
+  mock_quic_data.AddRead(ConstructServerDataPacket(2, kClientDataStreamId1,
+                                                   false, true, 0, "hello!"));
+  mock_quic_data.AddWrite(ConstructClientAckPacket(2, 1));
   mock_quic_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING);  // No more data to read
   mock_quic_data.AddSocketDataToFactory(&socket_factory_);
 
@@ -1964,7 +1955,7 @@ TEST_P(QuicNetworkTransactionTest, ZeroRTTWithConfirmationRequired) {
   session_->quic_stream_factory()->set_require_confirmation(true);
   AddQuicAlternateProtocolMapping(MockCryptoClientStream::ZERO_RTT);
 
-  scoped_ptr<HttpNetworkTransaction> trans(
+  std::unique_ptr<HttpNetworkTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session_.get()));
   TestCompletionCallback callback;
   int rv = trans->Start(&request_, callback.callback(), net_log_.bound());
@@ -1981,12 +1972,12 @@ TEST_P(QuicNetworkTransactionTest, ZeroRTTWithConfirmationRequired) {
 TEST_P(QuicNetworkTransactionTest,
        LogGranularQuicErrorCodeOnQuicProtocolErrorLocal) {
   MockQuicData mock_quic_data;
-  mock_quic_data.AddWrite(
-      ConstructRequestHeadersPacket(1, kClientDataStreamId1, true, true,
-                                    GetRequestHeaders("GET", "https", "/")));
+  mock_quic_data.AddWrite(ConstructClientRequestHeadersPacket(
+      1, kClientDataStreamId1, true, true,
+      GetRequestHeaders("GET", "https", "/")));
   // Read a close connection packet with
   // QuicErrorCode: QUIC_CRYPTO_VERSION_NOT_SUPPORTED from the peer.
-  mock_quic_data.AddRead(ConstructConnectionClosePacket(1));
+  mock_quic_data.AddRead(ConstructServerConnectionClosePacket(1));
   mock_quic_data.AddSocketDataToFactory(&socket_factory_);
 
   // The non-alternate protocol job needs to hang in order to guarantee that
@@ -2010,7 +2001,7 @@ TEST_P(QuicNetworkTransactionTest,
   session_->quic_stream_factory()->set_require_confirmation(true);
   AddQuicAlternateProtocolMapping(MockCryptoClientStream::ZERO_RTT);
 
-  scoped_ptr<HttpNetworkTransaction> trans(
+  std::unique_ptr<HttpNetworkTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session_.get()));
   TestCompletionCallback callback;
   int rv = trans->Start(&request_, callback.callback(), net_log_.bound());
@@ -2031,16 +2022,16 @@ TEST_P(QuicNetworkTransactionTest,
 TEST_P(QuicNetworkTransactionTest,
        LogGranularQuicErrorCodeOnQuicProtocolErrorRemote) {
   MockQuicData mock_quic_data;
-  mock_quic_data.AddWrite(
-      ConstructRequestHeadersPacket(1, kClientDataStreamId1, true, true,
-                                    GetRequestHeaders("GET", "https", "/")));
-  // Peer sending an invalid stream frame with a invalid stream error causes
-  // this end to raise error and close connection.
-  mock_quic_data.AddRead(ConstructRstPacket(1, false, kClientDataStreamId1,
-                                            QUIC_STREAM_LAST_ERROR));
-  std::string quic_error_details = "Invalid rst stream error code.";
-  mock_quic_data.AddWrite(ConstructAckAndConnectionClosePacket(
-      2, QuicTime::Delta::Infinite(), 0, 1, QUIC_INVALID_RST_STREAM_DATA,
+  mock_quic_data.AddWrite(ConstructClientRequestHeadersPacket(
+      1, kClientDataStreamId1, true, true,
+      GetRequestHeaders("GET", "https", "/")));
+  // Peer sending data from an non-existing stream causes this end to raise
+  // error and close connection.
+  mock_quic_data.AddRead(
+      ConstructServerRstPacket(1, false, 99, QUIC_STREAM_LAST_ERROR));
+  std::string quic_error_details = "Data for nonexistent stream";
+  mock_quic_data.AddWrite(ConstructClientAckAndConnectionClosePacket(
+      2, QuicTime::Delta::Infinite(), 0, 1, QUIC_INVALID_STREAM_ID,
       quic_error_details));
   mock_quic_data.AddSocketDataToFactory(&socket_factory_);
 
@@ -2065,7 +2056,7 @@ TEST_P(QuicNetworkTransactionTest,
   session_->quic_stream_factory()->set_require_confirmation(true);
   AddQuicAlternateProtocolMapping(MockCryptoClientStream::ZERO_RTT);
 
-  scoped_ptr<HttpNetworkTransaction> trans(
+  std::unique_ptr<HttpNetworkTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session_.get()));
   TestCompletionCallback callback;
   int rv = trans->Start(&request_, callback.callback(), net_log_.bound());
@@ -2078,12 +2069,116 @@ TEST_P(QuicNetworkTransactionTest,
   EXPECT_EQ(QUIC_NO_ERROR, details.quic_connection_error);
 
   trans->PopulateNetErrorDetails(&details);
-  EXPECT_EQ(QUIC_INVALID_RST_STREAM_DATA, details.quic_connection_error);
+  EXPECT_EQ(QUIC_INVALID_STREAM_ID, details.quic_connection_error);
+}
+
+TEST_P(QuicNetworkTransactionTest, RstSteamErrorHandling) {
+  MockQuicData mock_quic_data;
+  mock_quic_data.AddWrite(ConstructClientRequestHeadersPacket(
+      1, kClientDataStreamId1, true, true,
+      GetRequestHeaders("GET", "https", "/")));
+  // Read the response headers, then a RST_STREAM frame.
+  mock_quic_data.AddRead(ConstructServerResponseHeadersPacket(
+      1, kClientDataStreamId1, false, false, GetResponseHeaders("200 OK")));
+  mock_quic_data.AddRead(ConstructServerRstPacket(
+      2, false, kClientDataStreamId1, QUIC_STREAM_CANCELLED));
+  mock_quic_data.AddWrite(ConstructClientAckPacket(2, 1));
+  mock_quic_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING);  // No more read data.
+  mock_quic_data.AddSocketDataToFactory(&socket_factory_);
+
+  // The non-alternate protocol job needs to hang in order to guarantee that
+  // the alternate-protocol job will "win".
+  AddHangingNonAlternateProtocolSocketData();
+
+  // In order for a new QUIC session to be established via alternate-protocol
+  // without racing an HTTP connection, we need the host resolution to happen
+  // synchronously.  Of course, even though QUIC *could* perform a 0-RTT
+  // connection to the the server, in this test we require confirmation
+  // before encrypting so the HTTP job will still start.
+  host_resolver_.set_synchronous_mode(true);
+  host_resolver_.rules()->AddIPLiteralRule("mail.example.org", "192.168.0.1",
+                                           "");
+  HostResolver::RequestInfo info(HostPortPair("mail.example.org", 443));
+  AddressList address;
+  host_resolver_.Resolve(info, DEFAULT_PRIORITY, &address, CompletionCallback(),
+                         nullptr, net_log_.bound());
+
+  CreateSession();
+  session_->quic_stream_factory()->set_require_confirmation(true);
+  AddQuicAlternateProtocolMapping(MockCryptoClientStream::ZERO_RTT);
+
+  std::unique_ptr<HttpNetworkTransaction> trans(
+      new HttpNetworkTransaction(DEFAULT_PRIORITY, session_.get()));
+  TestCompletionCallback callback;
+  int rv = trans->Start(&request_, callback.callback(), net_log_.bound());
+  EXPECT_EQ(ERR_IO_PENDING, rv);
+
+  crypto_client_stream_factory_.last_stream()->SendOnCryptoHandshakeEvent(
+      QuicSession::HANDSHAKE_CONFIRMED);
+  // Read the headers.
+  EXPECT_EQ(OK, callback.WaitForResult());
+
+  const HttpResponseInfo* response = trans->GetResponseInfo();
+  ASSERT_TRUE(response != nullptr);
+  ASSERT_TRUE(response->headers.get() != nullptr);
+  EXPECT_EQ("HTTP/1.1 200 OK", response->headers->GetStatusLine());
+  EXPECT_TRUE(response->was_fetched_via_spdy);
+  EXPECT_TRUE(response->was_npn_negotiated);
+  EXPECT_EQ(HttpResponseInfo::CONNECTION_INFO_QUIC1_SPDY3,
+            response->connection_info);
+
+  std::string response_data;
+  ASSERT_EQ(ERR_QUIC_PROTOCOL_ERROR,
+            ReadTransaction(trans.get(), &response_data));
+}
+
+TEST_P(QuicNetworkTransactionTest, RstSteamBeforeHeaders) {
+  MockQuicData mock_quic_data;
+  mock_quic_data.AddWrite(ConstructClientRequestHeadersPacket(
+      1, kClientDataStreamId1, true, true,
+      GetRequestHeaders("GET", "https", "/")));
+  mock_quic_data.AddRead(ConstructServerRstPacket(
+      1, false, kClientDataStreamId1, QUIC_STREAM_CANCELLED));
+  mock_quic_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING);  // No more read data.
+  mock_quic_data.AddSocketDataToFactory(&socket_factory_);
+
+  // The non-alternate protocol job needs to hang in order to guarantee that
+  // the alternate-protocol job will "win".
+  AddHangingNonAlternateProtocolSocketData();
+
+  // In order for a new QUIC session to be established via alternate-protocol
+  // without racing an HTTP connection, we need the host resolution to happen
+  // synchronously.  Of course, even though QUIC *could* perform a 0-RTT
+  // connection to the the server, in this test we require confirmation
+  // before encrypting so the HTTP job will still start.
+  host_resolver_.set_synchronous_mode(true);
+  host_resolver_.rules()->AddIPLiteralRule("mail.example.org", "192.168.0.1",
+                                           "");
+  HostResolver::RequestInfo info(HostPortPair("mail.example.org", 443));
+  AddressList address;
+  host_resolver_.Resolve(info, DEFAULT_PRIORITY, &address, CompletionCallback(),
+                         nullptr, net_log_.bound());
+
+  CreateSession();
+  session_->quic_stream_factory()->set_require_confirmation(true);
+  AddQuicAlternateProtocolMapping(MockCryptoClientStream::ZERO_RTT);
+
+  std::unique_ptr<HttpNetworkTransaction> trans(
+      new HttpNetworkTransaction(DEFAULT_PRIORITY, session_.get()));
+  TestCompletionCallback callback;
+  int rv = trans->Start(&request_, callback.callback(), net_log_.bound());
+  EXPECT_EQ(ERR_IO_PENDING, rv);
+
+  crypto_client_stream_factory_.last_stream()->SendOnCryptoHandshakeEvent(
+      QuicSession::HANDSHAKE_CONFIRMED);
+  // Read the headers.
+  EXPECT_EQ(ERR_QUIC_PROTOCOL_ERROR, callback.WaitForResult());
 }
 
 TEST_P(QuicNetworkTransactionTest, BrokenAlternateProtocol) {
   // Alternate-protocol job
-  scoped_ptr<QuicEncryptedPacket> close(ConstructConnectionClosePacket(1));
+  std::unique_ptr<QuicEncryptedPacket> close(
+      ConstructServerConnectionClosePacket(1));
   MockRead quic_reads[] = {
       MockRead(ASYNC, close->data(), close->length()),
       MockRead(ASYNC, ERR_IO_PENDING),  // No more data to read
@@ -2157,10 +2252,11 @@ TEST_P(QuicNetworkTransactionTest, NoBrokenAlternateProtocolIfTcpFails) {
   socket_factory_.AddSocketDataProvider(&http_data);
   socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
 
+  AddHangingNonAlternateProtocolSocketData();
   CreateSession();
 
   AddQuicAlternateProtocolMapping(MockCryptoClientStream::COLD_START);
-  scoped_ptr<HttpNetworkTransaction> trans(
+  std::unique_ptr<HttpNetworkTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session_.get()));
   TestCompletionCallback callback;
   int rv = trans->Start(&request_, callback.callback(), net_log_.bound());
@@ -2178,8 +2274,6 @@ TEST_P(QuicNetworkTransactionTest, FailedZeroRttBrokenAlternateProtocol) {
                                      0);
   socket_factory_.AddSocketDataProvider(&quic_data);
 
-  AddHangingNonAlternateProtocolSocketData();
-
   // Second Alternate-protocol job which will race with the TCP job.
   StaticSocketDataProvider quic_data2(quic_reads, arraysize(quic_reads),
                                       nullptr, 0);
@@ -2196,6 +2290,7 @@ TEST_P(QuicNetworkTransactionTest, FailedZeroRttBrokenAlternateProtocol) {
   socket_factory_.AddSocketDataProvider(&http_data);
   socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
 
+  AddHangingNonAlternateProtocolSocketData();
   CreateSession();
 
   AddQuicAlternateProtocolMapping(MockCryptoClientStream::ZERO_RTT);
@@ -2227,6 +2322,7 @@ TEST_P(QuicNetworkTransactionTest, DISABLED_HangingZeroRttFallback) {
                                      0);
   socket_factory_.AddSocketDataProvider(&http_data);
 
+  AddHangingNonAlternateProtocolSocketData();
   CreateSession();
 
   AddQuicAlternateProtocolMapping(MockCryptoClientStream::ZERO_RTT);
@@ -2261,11 +2357,11 @@ TEST_P(QuicNetworkTransactionTest, BrokenAlternateProtocolOnConnectFailure) {
 
 TEST_P(QuicNetworkTransactionTest, ConnectionCloseDuringConnect) {
   MockQuicData mock_quic_data;
-  mock_quic_data.AddSynchronousRead(ConstructConnectionClosePacket(1));
-  mock_quic_data.AddWrite(
-      ConstructRequestHeadersPacket(1, kClientDataStreamId1, true, true,
-                                    GetRequestHeaders("GET", "https", "/")));
-  mock_quic_data.AddWrite(ConstructAckPacket(2, 1));
+  mock_quic_data.AddSynchronousRead(ConstructServerConnectionClosePacket(1));
+  mock_quic_data.AddWrite(ConstructClientRequestHeadersPacket(
+      1, kClientDataStreamId1, true, true,
+      GetRequestHeaders("GET", "https", "/")));
+  mock_quic_data.AddWrite(ConstructClientAckPacket(2, 1));
   mock_quic_data.AddSocketDataToFactory(&socket_factory_);
 
   // When the QUIC connection fails, we will try the request again over HTTP.
@@ -2297,18 +2393,18 @@ TEST_P(QuicNetworkTransactionTest, ConnectionCloseDuringConnect) {
 }
 
 TEST_P(QuicNetworkTransactionTest, SecureResourceOverSecureQuic) {
-  maker_.set_hostname("www.example.org");
+  client_maker_.set_hostname("www.example.org");
   EXPECT_FALSE(
       test_socket_performance_watcher_factory_.rtt_notification_received());
   MockQuicData mock_quic_data;
-  mock_quic_data.AddWrite(
-      ConstructRequestHeadersPacket(1, kClientDataStreamId1, true, true,
-                                    GetRequestHeaders("GET", "https", "/")));
-  mock_quic_data.AddRead(ConstructResponseHeadersPacket(
+  mock_quic_data.AddWrite(ConstructClientRequestHeadersPacket(
+      1, kClientDataStreamId1, true, true,
+      GetRequestHeaders("GET", "https", "/")));
+  mock_quic_data.AddRead(ConstructServerResponseHeadersPacket(
       1, kClientDataStreamId1, false, false, GetResponseHeaders("200 OK")));
-  mock_quic_data.AddRead(
-      ConstructDataPacket(2, kClientDataStreamId1, false, true, 0, "hello!"));
-  mock_quic_data.AddWrite(ConstructAckPacket(2, 1));
+  mock_quic_data.AddRead(ConstructServerDataPacket(2, kClientDataStreamId1,
+                                                   false, true, 0, "hello!"));
+  mock_quic_data.AddWrite(ConstructClientAckPacket(2, 1));
   mock_quic_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING);  // No more read data.
   mock_quic_data.AddSocketDataToFactory(&socket_factory_);
 
@@ -2335,7 +2431,6 @@ TEST_P(QuicNetworkTransactionTest, QuicUpload) {
   // the alternate-protocol job will "win".
   AddHangingNonAlternateProtocolSocketData();
 
-  params_.parse_alternative_services = false;
   params_.enable_alternative_service_with_different_host = false;
   CreateSession();
   request_.method = "POST";
@@ -2344,7 +2439,7 @@ TEST_P(QuicNetworkTransactionTest, QuicUpload) {
 
   request_.upload_data_stream = &upload_data;
 
-  scoped_ptr<HttpNetworkTransaction> trans(
+  std::unique_ptr<HttpNetworkTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session_.get()));
   TestCompletionCallback callback;
   int rv = trans->Start(&request_, callback.callback(), net_log_.bound());
@@ -2352,5 +2447,423 @@ TEST_P(QuicNetworkTransactionTest, QuicUpload) {
   EXPECT_NE(OK, callback.WaitForResult());
 }
 
+class QuicNetworkTransactionWithDestinationTest
+    : public PlatformTest,
+      public ::testing::WithParamInterface<PoolingTestParams> {
+ protected:
+  QuicNetworkTransactionWithDestinationTest()
+      : clock_(new MockClock),
+        version_(GetParam().version),
+        destination_type_(GetParam().destination_type),
+        cert_transparency_verifier_(new MultiLogCTVerifier()),
+        ssl_config_service_(new SSLConfigServiceDefaults),
+        proxy_service_(ProxyService::CreateDirect()),
+        auth_handler_factory_(
+            HttpAuthHandlerFactory::CreateDefault(&host_resolver_)),
+        random_generator_(0),
+        ssl_data_(ASYNC, OK) {}
+
+  void SetUp() override {
+    NetworkChangeNotifier::NotifyObserversOfIPAddressChangeForTests();
+    base::MessageLoop::current()->RunUntilIdle();
+
+    HttpNetworkSession::Params params;
+
+    clock_->AdvanceTime(QuicTime::Delta::FromMilliseconds(20));
+    params.quic_clock = clock_;
+
+    crypto_client_stream_factory_.set_handshake_mode(
+        MockCryptoClientStream::CONFIRM_HANDSHAKE);
+    params.quic_crypto_client_stream_factory = &crypto_client_stream_factory_;
+
+    params.enable_alternative_service_with_different_host = true;
+    params.enable_quic = true;
+    params.quic_random = &random_generator_;
+    params.client_socket_factory = &socket_factory_;
+    params.host_resolver = &host_resolver_;
+    params.cert_verifier = &cert_verifier_;
+    params.transport_security_state = &transport_security_state_;
+    params.cert_transparency_verifier = cert_transparency_verifier_.get();
+    params.socket_performance_watcher_factory =
+        &test_socket_performance_watcher_factory_;
+    params.ssl_config_service = ssl_config_service_.get();
+    params.proxy_service = proxy_service_.get();
+    params.http_auth_handler_factory = auth_handler_factory_.get();
+    params.http_server_properties = http_server_properties_.GetWeakPtr();
+    params.quic_supported_versions = SupportedVersions(version_);
+    params.quic_host_whitelist.insert("news.example.org");
+    params.quic_host_whitelist.insert("mail.example.org");
+    params.quic_host_whitelist.insert("mail.example.com");
+
+    session_.reset(new HttpNetworkSession(params));
+    session_->quic_stream_factory()->set_require_confirmation(true);
+    ASSERT_EQ(params.quic_socket_receive_buffer_size,
+              session_->quic_stream_factory()->socket_receive_buffer_size());
+  }
+
+  void TearDown() override {
+    NetworkChangeNotifier::NotifyObserversOfIPAddressChangeForTests();
+    // Empty the current queue.
+    base::MessageLoop::current()->RunUntilIdle();
+    PlatformTest::TearDown();
+    NetworkChangeNotifier::NotifyObserversOfIPAddressChangeForTests();
+    base::MessageLoop::current()->RunUntilIdle();
+  }
+
+  void SetAlternativeService(const std::string& origin) {
+    HostPortPair destination;
+    switch (destination_type_) {
+      case SAME_AS_FIRST:
+        destination = HostPortPair(origin1_, 443);
+        break;
+      case SAME_AS_SECOND:
+        destination = HostPortPair(origin2_, 443);
+        break;
+      case DIFFERENT:
+        destination = HostPortPair(kDifferentHostname, 443);
+        break;
+    }
+    AlternativeService alternative_service(QUIC, destination);
+    base::Time expiration = base::Time::Now() + base::TimeDelta::FromDays(1);
+    http_server_properties_.SetAlternativeService(
+        url::SchemeHostPort("https", origin, 443), alternative_service,
+        expiration);
+  }
+
+  std::unique_ptr<QuicEncryptedPacket> ConstructClientRequestHeadersPacket(
+      QuicPacketNumber packet_number,
+      QuicStreamId stream_id,
+      bool should_include_version,
+      QuicStreamOffset* offset,
+      QuicTestPacketMaker* maker) {
+    SpdyPriority priority =
+        ConvertRequestPriorityToQuicPriority(DEFAULT_PRIORITY);
+    SpdyHeaderBlock headers(maker->GetRequestHeaders("GET", "https", "/"));
+    return maker->MakeRequestHeadersPacketWithOffsetTracking(
+        packet_number, stream_id, should_include_version, true, priority,
+        headers, offset);
+  }
+
+  std::unique_ptr<QuicEncryptedPacket> ConstructClientRequestHeadersPacket(
+      QuicPacketNumber packet_number,
+      QuicStreamId stream_id,
+      bool should_include_version,
+      QuicTestPacketMaker* maker) {
+    return ConstructClientRequestHeadersPacket(
+        packet_number, stream_id, should_include_version, nullptr, maker);
+  }
+
+  std::unique_ptr<QuicEncryptedPacket> ConstructServerResponseHeadersPacket(
+      QuicPacketNumber packet_number,
+      QuicStreamId stream_id,
+      QuicStreamOffset* offset,
+      QuicTestPacketMaker* maker) {
+    SpdyHeaderBlock headers(maker->GetResponseHeaders("200 OK"));
+    return maker->MakeResponseHeadersPacketWithOffsetTracking(
+        packet_number, stream_id, false, false, headers, offset);
+  }
+
+  std::unique_ptr<QuicEncryptedPacket> ConstructServerResponseHeadersPacket(
+      QuicPacketNumber packet_number,
+      QuicStreamId stream_id,
+      QuicTestPacketMaker* maker) {
+    return ConstructServerResponseHeadersPacket(packet_number, stream_id,
+                                                nullptr, maker);
+  }
+
+  std::unique_ptr<QuicEncryptedPacket> ConstructServerDataPacket(
+      QuicPacketNumber packet_number,
+      QuicStreamId stream_id,
+      QuicTestPacketMaker* maker) {
+    return maker->MakeDataPacket(packet_number, stream_id, false, true, 0,
+                                 "hello");
+  }
+
+  std::unique_ptr<QuicEncryptedPacket> ConstructClientAckPacket(
+      QuicPacketNumber packet_number,
+      QuicPacketNumber largest_received,
+      QuicPacketNumber ack_least_unacked,
+      QuicPacketNumber stop_least_unacked,
+      QuicTestPacketMaker* maker) {
+    return maker->MakeAckPacket(packet_number, largest_received,
+                                ack_least_unacked, stop_least_unacked, true);
+  }
+
+  void AddRefusedSocketData() {
+    std::unique_ptr<StaticSocketDataProvider> refused_data(
+        new StaticSocketDataProvider());
+    MockConnect refused_connect(SYNCHRONOUS, ERR_CONNECTION_REFUSED);
+    refused_data->set_connect_data(refused_connect);
+    socket_factory_.AddSocketDataProvider(refused_data.get());
+    static_socket_data_provider_vector_.push_back(std::move(refused_data));
+  }
+
+  void AddHangingSocketData() {
+    std::unique_ptr<StaticSocketDataProvider> hanging_data(
+        new StaticSocketDataProvider());
+    MockConnect hanging_connect(SYNCHRONOUS, ERR_IO_PENDING);
+    hanging_data->set_connect_data(hanging_connect);
+    socket_factory_.AddSocketDataProvider(hanging_data.get());
+    static_socket_data_provider_vector_.push_back(std::move(hanging_data));
+    socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
+  }
+
+  bool AllDataConsumed() {
+    for (const auto& socket_data_ptr : static_socket_data_provider_vector_) {
+      if (!socket_data_ptr->AllReadDataConsumed() ||
+          !socket_data_ptr->AllWriteDataConsumed()) {
+        return false;
+      }
+    }
+    return true;
+  }
+
+  void SendRequestAndExpectQuicResponse(const std::string& host) {
+    HttpNetworkTransaction trans(DEFAULT_PRIORITY, session_.get());
+    HttpRequestInfo request;
+    std::string url("https://");
+    url.append(host);
+    request.url = GURL(url);
+    request.load_flags = 0;
+    request.method = "GET";
+    TestCompletionCallback callback;
+    int rv = trans.Start(&request, callback.callback(), net_log_.bound());
+    EXPECT_EQ(OK, callback.GetResult(rv));
+
+    std::string response_data;
+    ASSERT_EQ(OK, ReadTransaction(&trans, &response_data));
+    EXPECT_EQ("hello", response_data);
+
+    const HttpResponseInfo* response = trans.GetResponseInfo();
+    ASSERT_TRUE(response != nullptr);
+    ASSERT_TRUE(response->headers.get() != nullptr);
+    EXPECT_EQ("HTTP/1.1 200 OK", response->headers->GetStatusLine());
+    EXPECT_TRUE(response->was_fetched_via_spdy);
+    EXPECT_TRUE(response->was_npn_negotiated);
+    EXPECT_EQ(HttpResponseInfo::CONNECTION_INFO_QUIC1_SPDY3,
+              response->connection_info);
+    EXPECT_EQ(443, response->socket_address.port());
+  }
+
+  MockClock* clock_;
+  QuicVersion version_;
+  DestinationType destination_type_;
+  std::string origin1_;
+  std::string origin2_;
+  std::unique_ptr<HttpNetworkSession> session_;
+  MockClientSocketFactory socket_factory_;
+  MockHostResolver host_resolver_;
+  MockCertVerifier cert_verifier_;
+  TransportSecurityState transport_security_state_;
+  std::unique_ptr<CTVerifier> cert_transparency_verifier_;
+  TestSocketPerformanceWatcherFactory test_socket_performance_watcher_factory_;
+  scoped_refptr<SSLConfigServiceDefaults> ssl_config_service_;
+  std::unique_ptr<ProxyService> proxy_service_;
+  std::unique_ptr<HttpAuthHandlerFactory> auth_handler_factory_;
+  MockRandom random_generator_;
+  HttpServerPropertiesImpl http_server_properties_;
+  BoundTestNetLog net_log_;
+  MockCryptoClientStreamFactory crypto_client_stream_factory_;
+  std::vector<std::unique_ptr<StaticSocketDataProvider>>
+      static_socket_data_provider_vector_;
+  SSLSocketDataProvider ssl_data_;
+};
+
+INSTANTIATE_TEST_CASE_P(Version,
+                        QuicNetworkTransactionWithDestinationTest,
+                        ::testing::ValuesIn(GetPoolingTestParams()));
+
+// A single QUIC request fails because the certificate does not match the origin
+// hostname, regardless of whether it matches the alternative service hostname.
+TEST_P(QuicNetworkTransactionWithDestinationTest, InvalidCertificate) {
+  if (destination_type_ == DIFFERENT)
+    return;
+
+  GURL url("https://mail.example.com/");
+  origin1_ = url.host();
+
+  // Not used for requests, but this provides a test case where the certificate
+  // is valid for the hostname of the alternative service.
+  origin2_ = "mail.example.org";
+
+  SetAlternativeService(origin1_);
+
+  scoped_refptr<X509Certificate> cert(
+      ImportCertFromFile(GetTestCertsDirectory(), "wildcard.pem"));
+  bool unused;
+  ASSERT_FALSE(cert->VerifyNameMatch(origin1_, &unused));
+  ASSERT_TRUE(cert->VerifyNameMatch(origin2_, &unused));
+
+  ProofVerifyDetailsChromium verify_details;
+  verify_details.cert_verify_result.verified_cert = cert;
+  verify_details.cert_verify_result.is_issued_by_known_root = true;
+  crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details);
+
+  MockQuicData mock_quic_data;
+  mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING);
+  mock_quic_data.AddRead(ASYNC, 0);
+
+  mock_quic_data.AddSocketDataToFactory(&socket_factory_);
+
+  AddRefusedSocketData();
+
+  HttpRequestInfo request;
+  request.url = url;
+
+  HttpNetworkTransaction trans(DEFAULT_PRIORITY, session_.get());
+  TestCompletionCallback callback;
+  int rv = trans.Start(&request, callback.callback(), net_log_.bound());
+  EXPECT_EQ(ERR_CONNECTION_REFUSED, callback.GetResult(rv));
+
+  EXPECT_TRUE(AllDataConsumed());
+}
+
+// First request opens QUIC session to alternative service.  Second request
+// pools to it, because destination matches and certificate is valid, even
+// though QuicServerId is different.
+TEST_P(QuicNetworkTransactionWithDestinationTest, PoolIfCertificateValid) {
+  origin1_ = "mail.example.org";
+  origin2_ = "news.example.org";
+
+  SetAlternativeService(origin1_);
+  SetAlternativeService(origin2_);
+
+  scoped_refptr<X509Certificate> cert(
+      ImportCertFromFile(GetTestCertsDirectory(), "wildcard.pem"));
+  bool unused;
+  ASSERT_TRUE(cert->VerifyNameMatch(origin1_, &unused));
+  ASSERT_TRUE(cert->VerifyNameMatch(origin2_, &unused));
+  ASSERT_FALSE(cert->VerifyNameMatch(kDifferentHostname, &unused));
+
+  ProofVerifyDetailsChromium verify_details;
+  verify_details.cert_verify_result.verified_cert = cert;
+  verify_details.cert_verify_result.is_issued_by_known_root = true;
+  crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details);
+
+  QuicTestPacketMaker client_maker1(version_, 0, clock_, origin1_,
+                                    Perspective::IS_CLIENT);
+  QuicTestPacketMaker server_maker1(version_, 0, clock_, origin1_,
+                                    Perspective::IS_SERVER);
+
+  QuicStreamOffset request_header_offset(0);
+  QuicStreamOffset response_header_offset(0);
+
+  MockQuicData mock_quic_data;
+  mock_quic_data.AddWrite(ConstructClientRequestHeadersPacket(
+      1, kClientDataStreamId1, true, &request_header_offset, &client_maker1));
+  mock_quic_data.AddRead(ConstructServerResponseHeadersPacket(
+      1, kClientDataStreamId1, &response_header_offset, &server_maker1));
+  mock_quic_data.AddRead(
+      ConstructServerDataPacket(2, kClientDataStreamId1, &server_maker1));
+  mock_quic_data.AddWrite(ConstructClientAckPacket(2, 2, 1, 1, &client_maker1));
+
+  QuicTestPacketMaker client_maker2(version_, 0, clock_, origin2_,
+                                    Perspective::IS_CLIENT);
+  QuicTestPacketMaker server_maker2(version_, 0, clock_, origin2_,
+                                    Perspective::IS_SERVER);
+
+  mock_quic_data.AddWrite(ConstructClientRequestHeadersPacket(
+      3, kClientDataStreamId2, false, &request_header_offset, &client_maker2));
+  mock_quic_data.AddRead(ConstructServerResponseHeadersPacket(
+      3, kClientDataStreamId2, &response_header_offset, &server_maker2));
+  mock_quic_data.AddRead(
+      ConstructServerDataPacket(4, kClientDataStreamId2, &server_maker2));
+  mock_quic_data.AddWrite(ConstructClientAckPacket(4, 4, 3, 1, &client_maker2));
+  mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING);  // No more data to read
+  mock_quic_data.AddRead(ASYNC, 0);               // EOF
+
+  mock_quic_data.AddSocketDataToFactory(&socket_factory_);
+
+  AddHangingSocketData();
+  AddHangingSocketData();
+
+  SendRequestAndExpectQuicResponse(origin1_);
+  SendRequestAndExpectQuicResponse(origin2_);
+
+  EXPECT_TRUE(AllDataConsumed());
+}
+
+// First request opens QUIC session to alternative service.  Second request does
+// not pool to it, even though destination matches, because certificate is not
+// valid.  Instead, a new QUIC session is opened to the same destination with a
+// different QuicServerId.
+TEST_P(QuicNetworkTransactionWithDestinationTest,
+       DoNotPoolIfCertificateInvalid) {
+  origin1_ = "news.example.org";
+  origin2_ = "mail.example.com";
+
+  SetAlternativeService(origin1_);
+  SetAlternativeService(origin2_);
+
+  scoped_refptr<X509Certificate> cert1(
+      ImportCertFromFile(GetTestCertsDirectory(), "wildcard.pem"));
+  bool unused;
+  ASSERT_TRUE(cert1->VerifyNameMatch(origin1_, &unused));
+  ASSERT_FALSE(cert1->VerifyNameMatch(origin2_, &unused));
+  ASSERT_FALSE(cert1->VerifyNameMatch(kDifferentHostname, &unused));
+
+  scoped_refptr<X509Certificate> cert2(
+      ImportCertFromFile(GetTestCertsDirectory(), "spdy_pooling.pem"));
+  ASSERT_TRUE(cert2->VerifyNameMatch(origin2_, &unused));
+  ASSERT_FALSE(cert2->VerifyNameMatch(kDifferentHostname, &unused));
+
+  ProofVerifyDetailsChromium verify_details1;
+  verify_details1.cert_verify_result.verified_cert = cert1;
+  verify_details1.cert_verify_result.is_issued_by_known_root = true;
+  crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details1);
+
+  ProofVerifyDetailsChromium verify_details2;
+  verify_details2.cert_verify_result.verified_cert = cert2;
+  verify_details2.cert_verify_result.is_issued_by_known_root = true;
+  crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details2);
+
+  QuicTestPacketMaker client_maker1(version_, 0, clock_, origin1_,
+                                    Perspective::IS_CLIENT);
+  QuicTestPacketMaker server_maker1(version_, 0, clock_, origin1_,
+                                    Perspective::IS_SERVER);
+
+  MockQuicData mock_quic_data1;
+  mock_quic_data1.AddWrite(ConstructClientRequestHeadersPacket(
+      1, kClientDataStreamId1, true, &client_maker1));
+  mock_quic_data1.AddRead(ConstructServerResponseHeadersPacket(
+      1, kClientDataStreamId1, &server_maker1));
+  mock_quic_data1.AddRead(
+      ConstructServerDataPacket(2, kClientDataStreamId1, &server_maker1));
+  mock_quic_data1.AddWrite(
+      ConstructClientAckPacket(2, 2, 1, 1, &client_maker1));
+  mock_quic_data1.AddRead(ASYNC, ERR_IO_PENDING);  // No more data to read
+  mock_quic_data1.AddRead(ASYNC, 0);               // EOF
+
+  mock_quic_data1.AddSocketDataToFactory(&socket_factory_);
+
+  AddHangingSocketData();
+
+  QuicTestPacketMaker client_maker2(version_, 0, clock_, origin2_,
+                                    Perspective::IS_CLIENT);
+  QuicTestPacketMaker server_maker2(version_, 0, clock_, origin2_,
+                                    Perspective::IS_SERVER);
+
+  MockQuicData mock_quic_data2;
+  mock_quic_data2.AddWrite(ConstructClientRequestHeadersPacket(
+      1, kClientDataStreamId1, true, &client_maker2));
+  mock_quic_data2.AddRead(ConstructServerResponseHeadersPacket(
+      1, kClientDataStreamId1, &server_maker2));
+  mock_quic_data2.AddRead(
+      ConstructServerDataPacket(2, kClientDataStreamId1, &server_maker2));
+  mock_quic_data2.AddWrite(
+      ConstructClientAckPacket(2, 2, 1, 1, &client_maker2));
+  mock_quic_data2.AddRead(ASYNC, ERR_IO_PENDING);  // No more data to read
+  mock_quic_data2.AddRead(ASYNC, 0);               // EOF
+
+  mock_quic_data2.AddSocketDataToFactory(&socket_factory_);
+
+  AddHangingSocketData();
+
+  SendRequestAndExpectQuicResponse(origin1_);
+  SendRequestAndExpectQuicResponse(origin2_);
+
+  EXPECT_TRUE(AllDataConsumed());
+}
+
 }  // namespace test
 }  // namespace net
diff --git a/chromium/net/quic/quic_packet_creator.cc b/chromium/net/quic/quic_packet_creator.cc
index 5147b09e672..686fed285aa 100644
--- a/chromium/net/quic/quic_packet_creator.cc
+++ b/chromium/net/quic/quic_packet_creator.cc
@@ -70,6 +70,7 @@ QuicPacketCreator::QuicPacketCreator(QuicConnectionId connection_id,
       send_version_in_packet_(framer->perspective() == Perspective::IS_CLIENT),
       send_path_id_in_packet_(false),
       next_packet_number_length_(PACKET_1BYTE_PACKET_NUMBER),
+      have_diversification_nonce_(false),
       max_packet_length_(0),
       connection_id_length_(PACKET_8BYTE_CONNECTION_ID),
       packet_size_(0),
@@ -135,6 +136,13 @@ void QuicPacketCreator::StopSendingVersion() {
   }
 }
 
+void QuicPacketCreator::SetDiversificationNonce(
+    const DiversificationNonce nonce) {
+  DCHECK(!have_diversification_nonce_);
+  have_diversification_nonce_ = true;
+  memcpy(&diversification_nonce_, nonce, sizeof(diversification_nonce_));
+}
+
 void QuicPacketCreator::UpdatePacketNumberLength(
     QuicPacketNumber least_packet_awaited_by_peer,
     QuicPacketCount max_packets_in_flight) {
@@ -151,7 +159,7 @@ bool QuicPacketCreator::ConsumeData(QuicStreamId id,
                                     size_t iov_offset,
                                     QuicStreamOffset offset,
                                     bool fin,
-                                    bool needs_padding,
+                                    bool needs_full_padding,
                                     QuicFrame* frame) {
   if (!HasRoomForStreamFrame(id, offset)) {
     return false;
@@ -162,8 +170,8 @@ bool QuicPacketCreator::ConsumeData(QuicStreamId id,
     delete frame->stream_frame;
     return false;
   }
-  if (needs_padding) {
-    packet_.needs_padding = true;
+  if (needs_full_padding) {
+    packet_.num_padding_bytes = -1;
   }
   return true;
 }
@@ -175,26 +183,30 @@ bool QuicPacketCreator::HasRoomForStreamFrame(QuicStreamId id,
 
 // static
 size_t QuicPacketCreator::StreamFramePacketOverhead(
+    QuicVersion version,
     QuicConnectionIdLength connection_id_length,
     bool include_version,
     bool include_path_id,
+    bool include_diversification_nonce,
     QuicPacketNumberLength packet_number_length,
     QuicStreamOffset offset) {
-  return GetPacketHeaderSize(connection_id_length, include_version,
-                             include_path_id, packet_number_length) +
+  return GetPacketHeaderSize(version, connection_id_length, include_version,
+                             include_path_id, include_diversification_nonce,
+                             packet_number_length) +
          // Assumes this is a stream with a single lone packet.
          QuicFramer::GetMinStreamFrameSize(1u, offset, true);
 }
 
-size_t QuicPacketCreator::CreateStreamFrame(QuicStreamId id,
-                                            QuicIOVector iov,
-                                            size_t iov_offset,
-                                            QuicStreamOffset offset,
-                                            bool fin,
-                                            QuicFrame* frame) {
+void QuicPacketCreator::CreateStreamFrame(QuicStreamId id,
+                                          QuicIOVector iov,
+                                          size_t iov_offset,
+                                          QuicStreamOffset offset,
+                                          bool fin,
+                                          QuicFrame* frame) {
   DCHECK_GT(max_packet_length_,
-            StreamFramePacketOverhead(connection_id_length_, kIncludeVersion,
-                                      kIncludePathId,
+            StreamFramePacketOverhead(framer_->version(), connection_id_length_,
+                                      kIncludeVersion, kIncludePathId,
+                                      IncludeNonceInPublicHeader(),
                                       PACKET_6BYTE_PACKET_NUMBER, offset));
 
   MaybeUpdatePacketNumberLength();
@@ -208,7 +220,7 @@ size_t QuicPacketCreator::CreateStreamFrame(QuicStreamId id,
     QUIC_BUG_IF(!fin) << "Creating a stream frame with no data or fin.";
     // Create a new packet for the fin, if necessary.
     *frame = QuicFrame(new QuicStreamFrame(id, true, offset, StringPiece()));
-    return 0;
+    return;
   }
 
   const size_t data_size = iov.total_length - iov_offset;
@@ -222,7 +234,6 @@ size_t QuicPacketCreator::CreateStreamFrame(QuicStreamId id,
   CopyToBuffer(iov, iov_offset, bytes_consumed, buffer.get());
   *frame = QuicFrame(new QuicStreamFrame(id, set_fin, offset, bytes_consumed,
                                          std::move(buffer)));
-  return bytes_consumed;
 }
 
 // static
@@ -283,7 +294,7 @@ void QuicPacketCreator::ReserializeAllFrames(
     char* buffer,
     size_t buffer_len) {
   DCHECK(queued_frames_.empty());
-  DCHECK(!packet_.needs_padding);
+  DCHECK_EQ(0, packet_.num_padding_bytes);
   QUIC_BUG_IF(retransmission.retransmittable_frames.empty())
       << "Attempt to serialize empty packet";
   const QuicPacketNumberLength saved_length = packet_.packet_number_length;
@@ -293,7 +304,7 @@ void QuicPacketCreator::ReserializeAllFrames(
   // Temporarily set the packet number length and change the encryption level.
   packet_.packet_number_length = retransmission.packet_number_length;
   next_packet_number_length_ = retransmission.packet_number_length;
-  packet_.needs_padding = retransmission.needs_padding;
+  packet_.num_padding_bytes = retransmission.num_padding_bytes;
   // Only preserve the original encryption level if it's a handshake packet or
   // if we haven't gone forward secure.
   if (retransmission.has_crypto_handshake ||
@@ -307,6 +318,7 @@ void QuicPacketCreator::ReserializeAllFrames(
     DCHECK(success);
   }
   SerializePacket(buffer, buffer_len);
+  packet_.original_path_id = retransmission.path_id;
   packet_.original_packet_number = retransmission.packet_number;
   packet_.transmission_type = retransmission.transmission_type;
   OnSerializedPacket();
@@ -351,7 +363,8 @@ void QuicPacketCreator::ClearPacket() {
   packet_.has_ack = false;
   packet_.has_stop_waiting = false;
   packet_.has_crypto_handshake = NOT_HANDSHAKE;
-  packet_.needs_padding = false;
+  packet_.num_padding_bytes = 0;
+  packet_.original_path_id = kInvalidPathId;
   packet_.original_packet_number = 0;
   packet_.transmission_type = NOT_RETRANSMISSION;
   packet_.encrypted_buffer = nullptr;
@@ -389,7 +402,8 @@ size_t QuicPacketCreator::PacketSize() {
   // Update packet number length on packet boundary.
   packet_.packet_number_length = next_packet_number_length_;
   packet_size_ = GetPacketHeaderSize(
-      connection_id_length_, send_version_in_packet_, send_path_id_in_packet_,
+      framer_->version(), connection_id_length_, send_version_in_packet_,
+      send_path_id_in_packet_, IncludeNonceInPublicHeader(),
       packet_.packet_number_length);
   return packet_size_;
 }
@@ -400,7 +414,7 @@ bool QuicPacketCreator::AddSavedFrame(const QuicFrame& frame) {
 
 bool QuicPacketCreator::AddPaddedSavedFrame(const QuicFrame& frame) {
   if (AddFrame(frame, /*save_retransmittable_frames=*/true)) {
-    packet_.needs_padding = true;
+    packet_.num_padding_bytes = -1;
     return true;
   }
   return false;
@@ -446,8 +460,8 @@ void QuicPacketCreator::SerializePacket(char* encrypted_buffer,
   }
   const size_t encrypted_length = framer_->EncryptInPlace(
       packet_.encryption_level, packet_.path_id, packet_.packet_number,
-      GetStartOfEncryptedData(header), length, encrypted_buffer_len,
-      encrypted_buffer);
+      GetStartOfEncryptedData(framer_->version(), header), length,
+      encrypted_buffer_len, encrypted_buffer);
   if (encrypted_length == 0) {
     QUIC_BUG << "Failed to encrypt packet number " << packet_.packet_number;
     return;
@@ -482,7 +496,12 @@ void QuicPacketCreator::FillPacketHeader(QuicPacketHeader* header) {
   header->public_header.multipath_flag = send_path_id_in_packet_;
   header->public_header.reset_flag = false;
   header->public_header.version_flag = send_version_in_packet_;
-  header->fec_flag = false;
+  if (IncludeNonceInPublicHeader()) {
+    DCHECK_EQ(Perspective::IS_SERVER, framer_->perspective());
+    header->public_header.nonce = &diversification_nonce_;
+  } else {
+    header->public_header.nonce = nullptr;
+  }
   header->path_id = packet_.path_id;
   header->packet_number = ++packet_.packet_number;
   header->public_header.packet_number_length = packet_.packet_number_length;
@@ -557,7 +576,7 @@ bool QuicPacketCreator::AddFrame(const QuicFrame& frame,
 }
 
 void QuicPacketCreator::MaybeAddPadding() {
-  if (!packet_.needs_padding) {
+  if (packet_.num_padding_bytes == 0) {
     return;
   }
 
@@ -566,7 +585,8 @@ void QuicPacketCreator::MaybeAddPadding() {
     return;
   }
 
-  bool success = AddFrame(QuicFrame(QuicPaddingFrame()), false);
+  bool success =
+      AddFrame(QuicFrame(QuicPaddingFrame(packet_.num_padding_bytes)), false);
   DCHECK(success);
 }
 
@@ -596,4 +616,9 @@ void QuicPacketCreator::SetCurrentPath(
   UpdatePacketNumberLength(least_packet_awaited_by_peer, max_packets_in_flight);
 }
 
+bool QuicPacketCreator::IncludeNonceInPublicHeader() {
+  return have_diversification_nonce_ &&
+         packet_.encryption_level == ENCRYPTION_INITIAL;
+}
+
 }  // namespace net
diff --git a/chromium/net/quic/quic_packet_creator.h b/chromium/net/quic/quic_packet_creator.h
index f74244f2829..f0ed8fd0f9a 100644
--- a/chromium/net/quic/quic_packet_creator.h
+++ b/chromium/net/quic/quic_packet_creator.h
@@ -12,13 +12,13 @@
 
 #include <stddef.h>
 
+#include <memory>
 #include <string>
 #include <unordered_map>
 #include <utility>
 #include <vector>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_piece.h"
 #include "net/quic/quic_framer.h"
 #include "net/quic/quic_protocol.h"
@@ -38,9 +38,8 @@ class NET_EXPORT_PRIVATE QuicPacketCreator {
    public:
     virtual ~DelegateInterface() {}
     // Called when a packet is serialized. Delegate does not take the ownership
-    // of |serialized_packet|, but may take ownership of |packet.packet|
-    // and |packet.retransmittable_frames|.  If it does so, they must be set
-    // to nullptr.
+    // of |serialized_packet|, but takes ownership of any frames it removes
+    // from |packet.retransmittable_frames|.
     virtual void OnSerializedPacket(SerializedPacket* serialized_packet) = 0;
 
     // Called when an unrecoverable error is encountered.
@@ -72,6 +71,11 @@ class NET_EXPORT_PRIVATE QuicPacketCreator {
   // Makes the framer not serialize the protocol version in sent packets.
   void StopSendingVersion();
 
+  // SetDiversificationNonce sets the nonce that will be sent in each public
+  // header of packets encrypted at the initial encryption level. Should only
+  // be called by servers.
+  void SetDiversificationNonce(const DiversificationNonce nonce);
+
   // Update the packet number length to use in future packets as soon as it
   // can be safely changed.
   // TODO(fayang): Directly set packet number length instead of compute it in
@@ -81,9 +85,11 @@ class NET_EXPORT_PRIVATE QuicPacketCreator {
 
   // The overhead the framing will add for a packet with one frame.
   static size_t StreamFramePacketOverhead(
+      QuicVersion version,
       QuicConnectionIdLength connection_id_length,
       bool include_version,
       bool include_path_id,
+      bool include_diversification_nonce,
       QuicPacketNumberLength packet_number_length,
       QuicStreamOffset offset);
 
@@ -97,7 +103,7 @@ class NET_EXPORT_PRIVATE QuicPacketCreator {
                    size_t iov_offset,
                    QuicStreamOffset offset,
                    bool fin,
-                   bool needs_padding,
+                   bool needs_full_padding,
                    QuicFrame* frame);
 
   // Returns true if current open packet can accommodate more stream frames of
@@ -214,16 +220,15 @@ class NET_EXPORT_PRIVATE QuicPacketCreator {
 
   // Converts a raw payload to a frame which fits into the current open
   // packet.  The payload begins at |iov_offset| into the |iov|.
-  // Returns the number of bytes consumed from data.
   // If data is empty and fin is true, the expected behavior is to consume the
   // fin but return 0.  If any data is consumed, it will be copied into a
   // new buffer that |frame| will point to and own.
-  size_t CreateStreamFrame(QuicStreamId id,
-                           QuicIOVector iov,
-                           size_t iov_offset,
-                           QuicStreamOffset offset,
-                           bool fin,
-                           QuicFrame* frame);
+  void CreateStreamFrame(QuicStreamId id,
+                         QuicIOVector iov,
+                         size_t iov_offset,
+                         QuicStreamOffset offset,
+                         bool fin,
+                         QuicFrame* frame);
 
   // Copies |length| bytes from iov starting at offset |iov_offset| into buffer.
   // |iov| must be at least iov_offset+length total length and buffer must be
@@ -262,12 +267,16 @@ class NET_EXPORT_PRIVATE QuicPacketCreator {
   // Clears all fields of packet_ that should be cleared between serializations.
   void ClearPacket();
 
+  // Returns true if a diversification nonce should be included in the current
+  // packet's public header.
+  bool IncludeNonceInPublicHeader();
+
   // Does not own these delegates or the framer.
   DelegateInterface* delegate_;
   DebugDelegate* debug_delegate_;
   QuicFramer* framer_;
 
-  scoped_ptr<QuicRandomBoolSource> random_bool_source_;
+  std::unique_ptr<QuicRandomBoolSource> random_bool_source_;
   QuicBufferAllocator* const buffer_allocator_;
 
   // Controls whether version should be included while serializing the packet.
@@ -279,6 +288,10 @@ class NET_EXPORT_PRIVATE QuicPacketCreator {
   // a packet boundary, when the creator's packet_number_length_ can be changed
   // to this new value.
   QuicPacketNumberLength next_packet_number_length_;
+  // If true, then |nonce_for_public_header_| will be included in the public
+  // header of all packets created at the initial encryption level.
+  bool have_diversification_nonce_;
+  DiversificationNonce diversification_nonce_;
   // Maximum length including headers and encryption (UDP payload length.)
   QuicByteCount max_packet_length_;
   size_t max_plaintext_size_;
diff --git a/chromium/net/quic/quic_packet_creator_test.cc b/chromium/net/quic/quic_packet_creator_test.cc
index fc649ba9598..6e571a1eb3a 100644
--- a/chromium/net/quic/quic_packet_creator_test.cc
+++ b/chromium/net/quic/quic_packet_creator_test.cc
@@ -4,7 +4,9 @@
 
 #include "net/quic/quic_packet_creator.h"
 
-#include <stdint.h>
+#include <cstdint>
+#include <memory>
+#include <string>
 
 #include "base/macros.h"
 #include "base/stl_util.h"
@@ -60,19 +62,15 @@ struct TestParams {
 // Constructs various test permutations.
 vector<TestParams> GetTestParams() {
   vector<TestParams> params;
-  QuicConnectionIdLength max = PACKET_8BYTE_CONNECTION_ID;
+  constexpr QuicConnectionIdLength kMax = PACKET_8BYTE_CONNECTION_ID;
   QuicVersionVector all_supported_versions = QuicSupportedVersions();
   for (size_t i = 0; i < all_supported_versions.size(); ++i) {
-    params.push_back(TestParams(all_supported_versions[i], true, max));
-    params.push_back(TestParams(all_supported_versions[i], false, max));
+    params.push_back(TestParams(all_supported_versions[i], true, kMax));
+    params.push_back(TestParams(all_supported_versions[i], false, kMax));
   }
   params.push_back(
       TestParams(all_supported_versions[0], true, PACKET_0BYTE_CONNECTION_ID));
-  params.push_back(
-      TestParams(all_supported_versions[0], true, PACKET_1BYTE_CONNECTION_ID));
-  params.push_back(
-      TestParams(all_supported_versions[0], true, PACKET_4BYTE_CONNECTION_ID));
-  params.push_back(TestParams(all_supported_versions[0], true, max));
+  params.push_back(TestParams(all_supported_versions[0], true, kMax));
   return params;
 }
 
@@ -172,17 +170,18 @@ class QuicPacketCreatorTest : public ::testing::TestWithParam<TestParams> {
     EXPECT_EQ(STREAM_FRAME, frame.type);
     ASSERT_TRUE(frame.stream_frame);
     EXPECT_EQ(stream_id, frame.stream_frame->stream_id);
-    EXPECT_EQ(data, StringPiece(frame.stream_frame->frame_buffer,
-                                frame.stream_frame->frame_length));
+    EXPECT_EQ(data, StringPiece(frame.stream_frame->data_buffer,
+                                frame.stream_frame->data_length));
     EXPECT_EQ(offset, frame.stream_frame->offset);
     EXPECT_EQ(fin, frame.stream_frame->fin);
   }
 
   // Returns the number of bytes consumed by the header of packet, including
   // the version.
-  size_t GetPacketHeaderOverhead() {
+  size_t GetPacketHeaderOverhead(QuicVersion version) {
     return GetPacketHeaderSize(
-        creator_.connection_id_length(), kIncludeVersion, !kIncludePathId,
+        version, creator_.connection_id_length(), kIncludeVersion,
+        !kIncludePathId, !kIncludeDiversificationNonce,
         QuicPacketCreatorPeer::NextPacketNumberLength(&creator_));
   }
 
@@ -207,12 +206,12 @@ class QuicPacketCreatorTest : public ::testing::TestWithParam<TestParams> {
   PendingRetransmission CreateRetransmission(
       const QuicFrames& retransmittable_frames,
       bool has_crypto_handshake,
-      bool needs_padding,
+      int num_padding_bytes,
       EncryptionLevel encryption_level,
       QuicPacketNumberLength packet_number_length) {
     return PendingRetransmission(1u, 1u, NOT_RETRANSMISSION,
                                  retransmittable_frames, has_crypto_handshake,
-                                 needs_padding, encryption_level,
+                                 num_padding_bytes, encryption_level,
                                  packet_number_length);
   }
 
@@ -417,7 +416,7 @@ TEST_P(QuicPacketCreatorTest, ReserializeFramesWithSequenceNumberLength) {
   frames.push_back(QuicFrame(stream_frame));
   char buffer[kMaxPacketSize];
   PendingRetransmission retransmission(CreateRetransmission(
-      frames, true /* has_crypto_handshake */, true /* needs padding */,
+      frames, true /* has_crypto_handshake */, -1 /* needs full padding */,
       ENCRYPTION_NONE, PACKET_1BYTE_PACKET_NUMBER));
   EXPECT_CALL(delegate_, OnSerializedPacket(_))
       .WillOnce(Invoke(this, &QuicPacketCreatorTest::SaveSerializedPacket));
@@ -437,6 +436,7 @@ TEST_P(QuicPacketCreatorTest, ReserializeFramesWithSequenceNumberLength) {
     EXPECT_CALL(framer_visitor_, OnDecryptedPacket(_));
     EXPECT_CALL(framer_visitor_, OnPacketHeader(_));
     EXPECT_CALL(framer_visitor_, OnStreamFrame(_));
+    EXPECT_CALL(framer_visitor_, OnPaddingFrame(_));
     EXPECT_CALL(framer_visitor_, OnPacketComplete());
   }
   ProcessPacket(serialized_packet_);
@@ -451,7 +451,7 @@ TEST_P(QuicPacketCreatorTest, ReserializeCryptoFrameWithForwardSecurity) {
   creator_.set_encryption_level(ENCRYPTION_FORWARD_SECURE);
   char buffer[kMaxPacketSize];
   PendingRetransmission retransmission(CreateRetransmission(
-      frames, true /* has_crypto_handshake */, true /* needs padding */,
+      frames, true /* has_crypto_handshake */, -1 /* needs full padding */,
       ENCRYPTION_NONE,
       QuicPacketCreatorPeer::NextPacketNumberLength(&creator_)));
   EXPECT_CALL(delegate_, OnSerializedPacket(_))
@@ -469,7 +469,7 @@ TEST_P(QuicPacketCreatorTest, ReserializeFrameWithForwardSecurity) {
   creator_.set_encryption_level(ENCRYPTION_FORWARD_SECURE);
   char buffer[kMaxPacketSize];
   PendingRetransmission retransmission(CreateRetransmission(
-      frames, false /* has_crypto_handshake */, false /* needs padding */,
+      frames, false /* has_crypto_handshake */, 0 /* no padding */,
       ENCRYPTION_NONE,
       QuicPacketCreatorPeer::NextPacketNumberLength(&creator_)));
   EXPECT_CALL(delegate_, OnSerializedPacket(_))
@@ -479,7 +479,7 @@ TEST_P(QuicPacketCreatorTest, ReserializeFrameWithForwardSecurity) {
   delete stream_frame;
 }
 
-TEST_P(QuicPacketCreatorTest, ReserializeFramesWithPadding) {
+TEST_P(QuicPacketCreatorTest, ReserializeFramesWithFullPadding) {
   QuicFrame frame;
   QuicIOVector io_vector(MakeIOVector("fake handshake message data"));
   QuicPacketCreatorPeer::CreateStreamFrame(&creator_, kCryptoStreamId,
@@ -488,7 +488,7 @@ TEST_P(QuicPacketCreatorTest, ReserializeFramesWithPadding) {
   frames.push_back(frame);
   char buffer[kMaxPacketSize];
   PendingRetransmission retransmission(CreateRetransmission(
-      frames, true /* has_crypto_handshake */, true /* needs padding */,
+      frames, true /* has_crypto_handshake */, -1 /* needs full padding */,
       ENCRYPTION_NONE,
       QuicPacketCreatorPeer::NextPacketNumberLength(&creator_)));
   EXPECT_CALL(delegate_, OnSerializedPacket(_))
@@ -498,9 +498,48 @@ TEST_P(QuicPacketCreatorTest, ReserializeFramesWithPadding) {
   delete frame.stream_frame;
 }
 
+TEST_P(QuicPacketCreatorTest, ReserializeFramesWithSpecifiedPadding) {
+  QuicFrame frame;
+  QuicIOVector io_vector(MakeIOVector("fake message data"));
+  QuicPacketCreatorPeer::CreateStreamFrame(&creator_, kCryptoStreamId,
+                                           io_vector, 0u, 0u, false, &frame);
+
+  const int kNumPaddingBytes1 = 4;
+  int packet_size = 0;
+  {
+    QuicFrames frames;
+    frames.push_back(frame);
+    char buffer[kMaxPacketSize];
+    PendingRetransmission retransmission(CreateRetransmission(
+        frames, false /* has_crypto_handshake */,
+        kNumPaddingBytes1 /* padding bytes */, ENCRYPTION_NONE,
+        QuicPacketCreatorPeer::NextPacketNumberLength(&creator_)));
+    EXPECT_CALL(delegate_, OnSerializedPacket(_))
+        .WillOnce(Invoke(this, &QuicPacketCreatorTest::SaveSerializedPacket));
+    creator_.ReserializeAllFrames(retransmission, buffer, kMaxPacketSize);
+    packet_size = serialized_packet_.encrypted_length;
+  }
+
+  const int kNumPaddingBytes2 = 44;
+  QuicFrames frames;
+  frames.push_back(frame);
+  char buffer[kMaxPacketSize];
+  PendingRetransmission retransmission(CreateRetransmission(
+      frames, false /* has_crypto_handshake */,
+      kNumPaddingBytes2 /* padding bytes */, ENCRYPTION_NONE,
+      QuicPacketCreatorPeer::NextPacketNumberLength(&creator_)));
+  EXPECT_CALL(delegate_, OnSerializedPacket(_))
+      .WillOnce(Invoke(this, &QuicPacketCreatorTest::SaveSerializedPacket));
+  creator_.ReserializeAllFrames(retransmission, buffer, kMaxPacketSize);
+
+  EXPECT_EQ(packet_size + kNumPaddingBytes2 - kNumPaddingBytes1,
+            serialized_packet_.encrypted_length);
+  delete frame.stream_frame;
+}
+
 TEST_P(QuicPacketCreatorTest, ReserializeFramesWithFullPacketAndPadding) {
-  const size_t overhead = GetPacketHeaderOverhead() + GetEncryptionOverhead() +
-                          GetStreamFrameOverhead();
+  const size_t overhead = GetPacketHeaderOverhead(client_framer_.version()) +
+                          GetEncryptionOverhead() + GetStreamFrameOverhead();
   size_t capacity = kDefaultMaxPacketSize - overhead;
   for (int delta = -5; delta <= 0; ++delta) {
     string data(capacity + delta, 'A');
@@ -515,7 +554,7 @@ TEST_P(QuicPacketCreatorTest, ReserializeFramesWithFullPacketAndPadding) {
     frames.push_back(frame);
     char buffer[kMaxPacketSize];
     PendingRetransmission retransmission(CreateRetransmission(
-        frames, true /* has_crypto_handshake */, true /* needs padding */,
+        frames, true /* has_crypto_handshake */, -1 /* needs full padding */,
         ENCRYPTION_NONE,
         QuicPacketCreatorPeer::NextPacketNumberLength(&creator_)));
     EXPECT_CALL(delegate_, OnSerializedPacket(_))
@@ -567,7 +606,7 @@ TEST_P(QuicPacketCreatorTest, ConsumeData) {
   ASSERT_TRUE(
       creator_.ConsumeData(1u, io_vector, 0u, 0u, false, false, &frame));
   ASSERT_TRUE(frame.stream_frame);
-  size_t consumed = frame.stream_frame->frame_length;
+  size_t consumed = frame.stream_frame->data_length;
   EXPECT_EQ(4u, consumed);
   CheckStreamFrame(frame, 1u, "test", 0u, false);
   EXPECT_TRUE(creator_.HasPendingFrames());
@@ -579,7 +618,7 @@ TEST_P(QuicPacketCreatorTest, ConsumeDataFin) {
   ASSERT_TRUE(
       creator_.ConsumeData(1u, io_vector, 0u, 10u, true, false, &frame));
   ASSERT_TRUE(frame.stream_frame);
-  size_t consumed = frame.stream_frame->frame_length;
+  size_t consumed = frame.stream_frame->data_length;
   EXPECT_EQ(4u, consumed);
   CheckStreamFrame(frame, 1u, "test", 10u, true);
   EXPECT_TRUE(creator_.HasPendingFrames());
@@ -590,14 +629,15 @@ TEST_P(QuicPacketCreatorTest, ConsumeDataFinOnly) {
   QuicIOVector io_vector(nullptr, 0, 0);
   ASSERT_TRUE(creator_.ConsumeData(1u, io_vector, 0u, 0u, true, false, &frame));
   ASSERT_TRUE(frame.stream_frame);
-  size_t consumed = frame.stream_frame->frame_length;
+  size_t consumed = frame.stream_frame->data_length;
   EXPECT_EQ(0u, consumed);
   CheckStreamFrame(frame, 1u, string(), 0u, true);
   EXPECT_TRUE(creator_.HasPendingFrames());
 }
 
 TEST_P(QuicPacketCreatorTest, CreateAllFreeBytesForStreamFrames) {
-  const size_t overhead = GetPacketHeaderOverhead() + GetEncryptionOverhead();
+  const size_t overhead = GetPacketHeaderOverhead(client_framer_.version()) +
+                          GetEncryptionOverhead();
   for (size_t i = overhead; i < overhead + 100; ++i) {
     creator_.SetMaxPacketLength(i);
     const bool should_have_room = i > overhead + GetStreamFrameOverhead();
@@ -612,7 +652,7 @@ TEST_P(QuicPacketCreatorTest, CreateAllFreeBytesForStreamFrames) {
       ASSERT_TRUE(creator_.ConsumeData(kClientDataStreamId1, io_vector, 0u,
                                        kOffset, false, false, &frame));
       ASSERT_TRUE(frame.stream_frame);
-      size_t bytes_consumed = frame.stream_frame->frame_length;
+      size_t bytes_consumed = frame.stream_frame->data_length;
       EXPECT_LT(0u, bytes_consumed);
       creator_.Flush();
     }
@@ -621,8 +661,8 @@ TEST_P(QuicPacketCreatorTest, CreateAllFreeBytesForStreamFrames) {
 
 TEST_P(QuicPacketCreatorTest, StreamFrameConsumption) {
   // Compute the total overhead for a single frame in packet.
-  const size_t overhead = GetPacketHeaderOverhead() + GetEncryptionOverhead() +
-                          GetStreamFrameOverhead();
+  const size_t overhead = GetPacketHeaderOverhead(client_framer_.version()) +
+                          GetEncryptionOverhead() + GetStreamFrameOverhead();
   size_t capacity = kDefaultMaxPacketSize - overhead;
   // Now, test various sizes around this size.
   for (int delta = -5; delta <= 5; ++delta) {
@@ -649,8 +689,8 @@ TEST_P(QuicPacketCreatorTest, StreamFrameConsumption) {
 
 TEST_P(QuicPacketCreatorTest, CryptoStreamFramePacketPadding) {
   // Compute the total overhead for a single frame in packet.
-  const size_t overhead = GetPacketHeaderOverhead() + GetEncryptionOverhead() +
-                          GetStreamFrameOverhead();
+  const size_t overhead = GetPacketHeaderOverhead(client_framer_.version()) +
+                          GetEncryptionOverhead() + GetStreamFrameOverhead();
   ASSERT_GT(kMaxPacketSize, overhead);
   size_t capacity = kDefaultMaxPacketSize - overhead;
   // Now, test various sizes around this size.
@@ -666,7 +706,7 @@ TEST_P(QuicPacketCreatorTest, CryptoStreamFramePacketPadding) {
     ASSERT_TRUE(creator_.ConsumeData(kCryptoStreamId, io_vector, 0u, kOffset,
                                      false, true, &frame));
     ASSERT_TRUE(frame.stream_frame);
-    size_t bytes_consumed = frame.stream_frame->frame_length;
+    size_t bytes_consumed = frame.stream_frame->data_length;
     EXPECT_LT(0u, bytes_consumed);
     creator_.Flush();
     ASSERT_TRUE(serialized_packet_.encrypted_buffer);
@@ -685,8 +725,8 @@ TEST_P(QuicPacketCreatorTest, CryptoStreamFramePacketPadding) {
 
 TEST_P(QuicPacketCreatorTest, NonCryptoStreamFramePacketNonPadding) {
   // Compute the total overhead for a single frame in packet.
-  const size_t overhead = GetPacketHeaderOverhead() + GetEncryptionOverhead() +
-                          GetStreamFrameOverhead();
+  const size_t overhead = GetPacketHeaderOverhead(client_framer_.version()) +
+                          GetEncryptionOverhead() + GetStreamFrameOverhead();
   ASSERT_GT(kDefaultMaxPacketSize, overhead);
   size_t capacity = kDefaultMaxPacketSize - overhead;
   // Now, test various sizes around this size.
@@ -701,7 +741,7 @@ TEST_P(QuicPacketCreatorTest, NonCryptoStreamFramePacketNonPadding) {
     ASSERT_TRUE(creator_.ConsumeData(kClientDataStreamId1, io_vector, 0u,
                                      kOffset, false, false, &frame));
     ASSERT_TRUE(frame.stream_frame);
-    size_t bytes_consumed = frame.stream_frame->frame_length;
+    size_t bytes_consumed = frame.stream_frame->data_length;
     EXPECT_LT(0u, bytes_consumed);
     creator_.Flush();
     ASSERT_TRUE(serialized_packet_.encrypted_buffer);
@@ -719,7 +759,7 @@ TEST_P(QuicPacketCreatorTest, SerializeVersionNegotiationPacket) {
   QuicFramerPeer::SetPerspective(&client_framer_, Perspective::IS_SERVER);
   QuicVersionVector versions;
   versions.push_back(test::QuicVersionMax());
-  scoped_ptr<QuicEncryptedPacket> encrypted(
+  std::unique_ptr<QuicEncryptedPacket> encrypted(
       creator_.SerializeVersionNegotiationPacket(versions));
 
   {
@@ -817,8 +857,8 @@ TEST_P(QuicPacketCreatorTest, ConsumeDataLargerThanOneStreamFrame) {
       client_framer_.version(),
       QuicPacketCreatorPeer::SendVersionInPacket(&creator_),
       QuicPacketCreatorPeer::SendPathIdInPacket(&creator_),
-      creator_.connection_id_length(), PACKET_1BYTE_PACKET_NUMBER,
-      &payload_length));
+      !kIncludeDiversificationNonce, creator_.connection_id_length(),
+      PACKET_1BYTE_PACKET_NUMBER, &payload_length));
   QuicFrame frame;
   const string too_long_payload(payload_length * 2, 'a');
   QuicIOVector io_vector(MakeIOVector(too_long_payload));
@@ -826,7 +866,7 @@ TEST_P(QuicPacketCreatorTest, ConsumeDataLargerThanOneStreamFrame) {
       .WillOnce(Invoke(this, &QuicPacketCreatorTest::SaveSerializedPacket));
   ASSERT_TRUE(creator_.ConsumeData(1u, io_vector, 0u, 0u, true, false, &frame));
   ASSERT_TRUE(frame.stream_frame);
-  size_t consumed = frame.stream_frame->frame_length;
+  size_t consumed = frame.stream_frame->data_length;
   EXPECT_EQ(payload_length, consumed);
   const string payload(payload_length, 'a');
   CheckStreamFrame(frame, 1u, payload, 0u, false);
@@ -843,10 +883,10 @@ TEST_P(QuicPacketCreatorTest, AddFrameAndFlush) {
   EXPECT_FALSE(creator_.HasPendingFrames());
   EXPECT_EQ(max_plaintext_size -
                 GetPacketHeaderSize(
-                    creator_.connection_id_length(),
+                    client_framer_.version(), creator_.connection_id_length(),
                     QuicPacketCreatorPeer::SendVersionInPacket(&creator_),
                     QuicPacketCreatorPeer::SendPathIdInPacket(&creator_),
-                    PACKET_1BYTE_PACKET_NUMBER),
+                    !kIncludeDiversificationNonce, PACKET_1BYTE_PACKET_NUMBER),
             creator_.BytesFree());
 
   // Add a variety of frame types and then a padding frame.
@@ -859,7 +899,7 @@ TEST_P(QuicPacketCreatorTest, AddFrameAndFlush) {
   ASSERT_TRUE(
       creator_.ConsumeData(1u, io_vector, 0u, 0u, false, false, &frame));
   ASSERT_TRUE(frame.stream_frame);
-  size_t consumed = frame.stream_frame->frame_length;
+  size_t consumed = frame.stream_frame->data_length;
   EXPECT_EQ(4u, consumed);
   EXPECT_TRUE(creator_.HasPendingFrames());
 
@@ -885,9 +925,10 @@ TEST_P(QuicPacketCreatorTest, AddFrameAndFlush) {
   EXPECT_FALSE(creator_.HasPendingFrames());
   EXPECT_EQ(max_plaintext_size -
                 GetPacketHeaderSize(
-                    creator_.connection_id_length(),
+                    client_framer_.version(), creator_.connection_id_length(),
                     QuicPacketCreatorPeer::SendVersionInPacket(&creator_),
-                    /*include_path_id=*/false, PACKET_1BYTE_PACKET_NUMBER),
+                    /*include_path_id=*/false, !kIncludeDiversificationNonce,
+                    PACKET_1BYTE_PACKET_NUMBER),
             creator_.BytesFree());
 }
 
@@ -918,13 +959,16 @@ TEST_P(QuicPacketCreatorTest, SerializeTruncatedAckFrameWithLargePacketSize) {
   ASSERT_TRUE(
       creator_.ConsumeData(2u, io_vector, 0u, 0u, false, false, &frame));
   ASSERT_TRUE(frame.stream_frame);
-  size_t consumed = frame.stream_frame->frame_length;
+  size_t consumed = frame.stream_frame->data_length;
   EXPECT_EQ(4u, consumed);
   EXPECT_TRUE(creator_.HasPendingFrames());
 
   // Ensure the packet is successfully created, and the packet size estimate
   // matches the serialized packet length.
-  EXPECT_CALL(entropy_calculator_, EntropyHash(_)).WillOnce(testing::Return(0));
+  if (GetParam().version <= QUIC_VERSION_33) {
+    EXPECT_CALL(entropy_calculator_, EntropyHash(_))
+        .WillOnce(testing::Return(0));
+  }
   EXPECT_CALL(delegate_, OnSerializedPacket(_))
       .WillOnce(Invoke(this, &QuicPacketCreatorTest::SaveSerializedPacket));
   size_t est_packet_size = creator_.PacketSize();
@@ -962,7 +1006,9 @@ TEST_P(QuicPacketCreatorTest, SerializeTruncatedAckFrameWithSmallPacketSize) {
 
   // Ensure the packet is successfully created, and the packet size estimate
   // may not match the serialized packet length.
-  EXPECT_CALL(entropy_calculator_, EntropyHash(_)).WillOnce(Return(0));
+  if (GetParam().version <= QUIC_VERSION_33) {
+    EXPECT_CALL(entropy_calculator_, EntropyHash(_)).WillOnce(Return(0));
+  }
   size_t est_packet_size = creator_.PacketSize();
   EXPECT_CALL(delegate_, OnSerializedPacket(_))
       .WillOnce(Invoke(this, &QuicPacketCreatorTest::SaveSerializedPacket));
@@ -1008,7 +1054,7 @@ TEST_P(QuicPacketCreatorTest, SetCurrentPath) {
   ASSERT_TRUE(
       creator_.ConsumeData(1u, io_vector, 0u, 0u, false, false, &frame));
   ASSERT_TRUE(frame.stream_frame);
-  size_t consumed = frame.stream_frame->frame_length;
+  size_t consumed = frame.stream_frame->data_length;
   EXPECT_EQ(4u, consumed);
   EXPECT_TRUE(creator_.HasPendingFrames());
   EXPECT_EQ(0u, creator_.packet_number());
@@ -1040,7 +1086,7 @@ TEST_P(QuicPacketCreatorTest, SetCurrentPath) {
   ASSERT_TRUE(
       creator_.ConsumeData(1u, io_vector, 0u, 0u, false, false, &frame));
   ASSERT_TRUE(frame.stream_frame);
-  consumed = frame.stream_frame->frame_length;
+  consumed = frame.stream_frame->data_length;
   EXPECT_EQ(4u, consumed);
   EXPECT_TRUE(creator_.HasPendingFrames());
 
@@ -1099,7 +1145,7 @@ TEST_P(QuicPacketCreatorTest, SerializePacketOnDifferentPath) {
   ASSERT_TRUE(
       creator_.ConsumeData(1u, io_vector, 0u, 0u, false, false, &frame));
   ASSERT_TRUE(frame.stream_frame);
-  size_t consumed = frame.stream_frame->frame_length;
+  size_t consumed = frame.stream_frame->data_length;
   EXPECT_EQ(4u, consumed);
   EXPECT_TRUE(creator_.HasPendingFrames());
   EXPECT_EQ(0u, creator_.packet_number());
@@ -1126,7 +1172,7 @@ TEST_P(QuicPacketCreatorTest, SerializePacketOnDifferentPath) {
   ASSERT_TRUE(
       creator_.ConsumeData(1u, io_vector, 0u, 0u, false, false, &frame));
   ASSERT_TRUE(frame.stream_frame);
-  consumed = frame.stream_frame->frame_length;
+  consumed = frame.stream_frame->data_length;
   EXPECT_EQ(4u, consumed);
   EXPECT_TRUE(creator_.HasPendingFrames());
   creator_.Flush();
diff --git a/chromium/net/quic/quic_packet_generator.cc b/chromium/net/quic/quic_packet_generator.cc
index f83dfb63b9b..c8c927dd507 100644
--- a/chromium/net/quic/quic_packet_generator.cc
+++ b/chromium/net/quic/quic_packet_generator.cc
@@ -59,7 +59,9 @@ QuicConsumedData QuicPacketGenerator::ConsumeData(
     QuicStreamOffset offset,
     bool fin,
     QuicAckListenerInterface* listener) {
-  bool has_handshake = id == kCryptoStreamId;
+  bool has_handshake = (id == kCryptoStreamId);
+  QUIC_BUG_IF(has_handshake && fin)
+      << "Handshake packets should never send a fin";
   // To make reasoning about crypto frames easier, we don't combine them with
   // other retransmittable frames in a single packet.
   const bool flush =
@@ -91,7 +93,7 @@ QuicConsumedData QuicPacketGenerator::ConsumeData(
     }
 
     // A stream frame is created and added.
-    size_t bytes_consumed = frame.stream_frame->frame_length;
+    size_t bytes_consumed = frame.stream_frame->data_length;
     if (listener != nullptr) {
       packet_creator_.AddAckListener(listener, bytes_consumed);
     }
@@ -238,6 +240,11 @@ void QuicPacketGenerator::StopSendingVersion() {
   packet_creator_.StopSendingVersion();
 }
 
+void QuicPacketGenerator::SetDiversificationNonce(
+    const DiversificationNonce nonce) {
+  packet_creator_.SetDiversificationNonce(nonce);
+}
+
 QuicPacketNumber QuicPacketGenerator::packet_number() const {
   return packet_creator_.packet_number();
 }
@@ -273,10 +280,6 @@ void QuicPacketGenerator::UpdateSequenceNumberLength(
 void QuicPacketGenerator::SetConnectionIdLength(uint32_t length) {
   if (length == 0) {
     packet_creator_.set_connection_id_length(PACKET_0BYTE_CONNECTION_ID);
-  } else if (length == 1) {
-    packet_creator_.set_connection_id_length(PACKET_1BYTE_CONNECTION_ID);
-  } else if (length <= 4) {
-    packet_creator_.set_connection_id_length(PACKET_4BYTE_CONNECTION_ID);
   } else {
     packet_creator_.set_connection_id_length(PACKET_8BYTE_CONNECTION_ID);
   }
diff --git a/chromium/net/quic/quic_packet_generator.h b/chromium/net/quic/quic_packet_generator.h
index cb366c90fdf..ad19b898feb 100644
--- a/chromium/net/quic/quic_packet_generator.h
+++ b/chromium/net/quic/quic_packet_generator.h
@@ -120,6 +120,11 @@ class NET_EXPORT_PRIVATE QuicPacketGenerator {
   // Makes the framer not serialize the protocol version in sent packets.
   void StopSendingVersion();
 
+  // SetDiversificationNonce sets the nonce that will be sent in each public
+  // header of packets encrypted at the initial encryption level. Should only
+  // be called by servers.
+  void SetDiversificationNonce(const DiversificationNonce nonce);
+
   // Creates a version negotiation packet which supports |supported_versions|.
   // Caller owns the created  packet. Also, sets the entropy hash of the
   // serialized packet to a random bool and returns that value as a member of
diff --git a/chromium/net/quic/quic_packet_generator_test.cc b/chromium/net/quic/quic_packet_generator_test.cc
index 0adbfe904d6..05d2fdfcb8e 100644
--- a/chromium/net/quic/quic_packet_generator_test.cc
+++ b/chromium/net/quic/quic_packet_generator_test.cc
@@ -4,6 +4,8 @@
 
 #include "net/quic/quic_packet_generator.h"
 
+#include <cstdint>
+#include <memory>
 #include <string>
 
 #include "base/macros.h"
@@ -216,7 +218,7 @@ class QuicPacketGeneratorTest : public ::testing::Test {
   QuicAckFrame ack_frame_;
 
  private:
-  scoped_ptr<char[]> data_array_;
+  std::unique_ptr<char[]> data_array_;
   struct iovec iov_;
 };
 
@@ -447,7 +449,8 @@ TEST_F(QuicPacketGeneratorTest, ConsumeData_FramesPreviouslyQueued) {
   size_t length =
       NullEncrypter().GetCiphertextSize(0) +
       GetPacketHeaderSize(
-          creator_->connection_id_length(), kIncludeVersion, !kIncludePathId,
+          framer_.version(), creator_->connection_id_length(), kIncludeVersion,
+          !kIncludePathId, !kIncludeDiversificationNonce,
           QuicPacketCreatorPeer::NextPacketNumberLength(creator_)) +
       // Add an extra 3 bytes for the payload and 1 byte so BytesFree is larger
       // than the GetMinStreamFrameSize.
@@ -573,24 +576,11 @@ TEST_F(QuicPacketGeneratorTest, NotWritableThenBatchOperations2) {
 TEST_F(QuicPacketGeneratorTest, TestConnectionIdLength) {
   generator_.SetConnectionIdLength(0);
   EXPECT_EQ(PACKET_0BYTE_CONNECTION_ID, creator_->connection_id_length());
-  generator_.SetConnectionIdLength(1);
-  EXPECT_EQ(PACKET_1BYTE_CONNECTION_ID, creator_->connection_id_length());
-  generator_.SetConnectionIdLength(2);
-  EXPECT_EQ(PACKET_4BYTE_CONNECTION_ID, creator_->connection_id_length());
-  generator_.SetConnectionIdLength(3);
-  EXPECT_EQ(PACKET_4BYTE_CONNECTION_ID, creator_->connection_id_length());
-  generator_.SetConnectionIdLength(4);
-  EXPECT_EQ(PACKET_4BYTE_CONNECTION_ID, creator_->connection_id_length());
-  generator_.SetConnectionIdLength(5);
-  EXPECT_EQ(PACKET_8BYTE_CONNECTION_ID, creator_->connection_id_length());
-  generator_.SetConnectionIdLength(6);
-  EXPECT_EQ(PACKET_8BYTE_CONNECTION_ID, creator_->connection_id_length());
-  generator_.SetConnectionIdLength(7);
-  EXPECT_EQ(PACKET_8BYTE_CONNECTION_ID, creator_->connection_id_length());
-  generator_.SetConnectionIdLength(8);
-  EXPECT_EQ(PACKET_8BYTE_CONNECTION_ID, creator_->connection_id_length());
-  generator_.SetConnectionIdLength(9);
-  EXPECT_EQ(PACKET_8BYTE_CONNECTION_ID, creator_->connection_id_length());
+
+  for (size_t i = 1; i < 10; i++) {
+    generator_.SetConnectionIdLength(i);
+    EXPECT_EQ(PACKET_8BYTE_CONNECTION_ID, creator_->connection_id_length());
+  }
 }
 
 // Test whether SetMaxPacketLength() works in the situation when the queue is
diff --git a/chromium/net/quic/quic_protocol.cc b/chromium/net/quic/quic_protocol.cc
index 2da013e829e..612cd8b196d 100644
--- a/chromium/net/quic/quic_protocol.cc
+++ b/chromium/net/quic/quic_protocol.cc
@@ -5,6 +5,7 @@
 #include "net/quic/quic_protocol.h"
 
 #include "base/stl_util.h"
+#include "base/strings/string_number_conversions.h"
 #include "net/quic/quic_flags.h"
 #include "net/quic/quic_utils.h"
 
@@ -18,35 +19,45 @@ namespace net {
 
 const char* const kFinalOffsetHeaderKey = ":final-offset";
 
-size_t GetPacketHeaderSize(const QuicPacketHeader& header) {
-  return GetPacketHeaderSize(header.public_header.connection_id_length,
+size_t GetPacketHeaderSize(QuicVersion version,
+                           const QuicPacketHeader& header) {
+  return GetPacketHeaderSize(version, header.public_header.connection_id_length,
                              header.public_header.version_flag,
                              header.public_header.multipath_flag,
+                             header.public_header.nonce != nullptr,
                              header.public_header.packet_number_length);
 }
 
-size_t GetPacketHeaderSize(QuicConnectionIdLength connection_id_length,
+size_t GetPacketHeaderSize(QuicVersion version,
+                           QuicConnectionIdLength connection_id_length,
                            bool include_version,
                            bool include_path_id,
+                           bool include_diversification_nonce,
                            QuicPacketNumberLength packet_number_length) {
   return kPublicFlagsSize + connection_id_length +
          (include_version ? kQuicVersionSize : 0) +
          (include_path_id ? kQuicPathIdSize : 0) + packet_number_length +
-         kPrivateFlagsSize;
+         (include_diversification_nonce ? kDiversificationNonceSize : 0) +
+         (version <= QUIC_VERSION_33 ? kPrivateFlagsSize : 0);
 }
 
-size_t GetStartOfEncryptedData(const QuicPacketHeader& header) {
-  return GetPacketHeaderSize(header) - kPrivateFlagsSize;
+size_t GetStartOfEncryptedData(QuicVersion version,
+                               const QuicPacketHeader& header) {
+  return GetPacketHeaderSize(version, header) -
+         (version <= QUIC_VERSION_33 ? kPrivateFlagsSize : 0);
 }
 
-size_t GetStartOfEncryptedData(QuicConnectionIdLength connection_id_length,
+size_t GetStartOfEncryptedData(QuicVersion version,
+                               QuicConnectionIdLength connection_id_length,
                                bool include_version,
                                bool include_path_id,
+                               bool include_diversification_nonce,
                                QuicPacketNumberLength packet_number_length) {
   // Encryption starts before private flags.
-  return GetPacketHeaderSize(connection_id_length, include_version,
-                             include_path_id, packet_number_length) -
-         kPrivateFlagsSize;
+  return GetPacketHeaderSize(version, connection_id_length, include_version,
+                             include_path_id, include_diversification_nonce,
+                             packet_number_length) -
+         (version <= QUIC_VERSION_33 ? kPrivateFlagsSize : 0);
 }
 
 QuicPacketPublicHeader::QuicPacketPublicHeader()
@@ -55,17 +66,11 @@ QuicPacketPublicHeader::QuicPacketPublicHeader()
       multipath_flag(false),
       reset_flag(false),
       version_flag(false),
-      packet_number_length(PACKET_6BYTE_PACKET_NUMBER) {}
+      packet_number_length(PACKET_6BYTE_PACKET_NUMBER),
+      nonce(nullptr) {}
 
 QuicPacketPublicHeader::QuicPacketPublicHeader(
-    const QuicPacketPublicHeader& other)
-    : connection_id(other.connection_id),
-      connection_id_length(other.connection_id_length),
-      multipath_flag(other.multipath_flag),
-      reset_flag(other.reset_flag),
-      version_flag(other.version_flag),
-      packet_number_length(other.packet_number_length),
-      versions(other.versions) {}
+    const QuicPacketPublicHeader& other) = default;
 
 QuicPacketPublicHeader::~QuicPacketPublicHeader() {}
 
@@ -128,33 +133,33 @@ QuicStreamFrame::QuicStreamFrame(QuicStreamId stream_id,
 QuicStreamFrame::QuicStreamFrame(QuicStreamId stream_id,
                                  bool fin,
                                  QuicStreamOffset offset,
-                                 QuicPacketLength frame_length,
+                                 QuicPacketLength data_length,
                                  UniqueStreamBuffer buffer)
     : QuicStreamFrame(stream_id,
                       fin,
                       offset,
                       nullptr,
-                      frame_length,
+                      data_length,
                       std::move(buffer)) {
   DCHECK(this->buffer != nullptr);
-  DCHECK_EQ(frame_buffer, this->buffer.get());
+  DCHECK_EQ(data_buffer, this->buffer.get());
 }
 
 QuicStreamFrame::QuicStreamFrame(QuicStreamId stream_id,
                                  bool fin,
                                  QuicStreamOffset offset,
-                                 const char* frame_buffer,
-                                 QuicPacketLength frame_length,
+                                 const char* data_buffer,
+                                 QuicPacketLength data_length,
                                  UniqueStreamBuffer buffer)
     : stream_id(stream_id),
       fin(fin),
-      frame_length(frame_length),
-      frame_buffer(frame_buffer),
+      data_length(data_length),
+      data_buffer(data_buffer),
       offset(offset),
       buffer(std::move(buffer)) {
   if (this->buffer != nullptr) {
-    DCHECK(frame_buffer == nullptr);
-    this->frame_buffer = this->buffer.get();
+    DCHECK(data_buffer == nullptr);
+    this->data_buffer = this->buffer.get();
   }
 }
 
@@ -196,6 +201,10 @@ QuicTag QuicVersionToQuicTag(const QuicVersion version) {
       return MakeQuicTag('Q', '0', '3', '1');
     case QUIC_VERSION_32:
       return MakeQuicTag('Q', '0', '3', '2');
+    case QUIC_VERSION_33:
+      return MakeQuicTag('Q', '0', '3', '3');
+    case QUIC_VERSION_34:
+      return MakeQuicTag('Q', '0', '3', '4');
     default:
       // This shold be an ERROR because we should never attempt to convert an
       // invalid QuicVersion to be written to the wire.
@@ -230,6 +239,8 @@ string QuicVersionToString(const QuicVersion version) {
     RETURN_STRING_LITERAL(QUIC_VERSION_30);
     RETURN_STRING_LITERAL(QUIC_VERSION_31);
     RETURN_STRING_LITERAL(QUIC_VERSION_32);
+    RETURN_STRING_LITERAL(QUIC_VERSION_33);
+    RETURN_STRING_LITERAL(QUIC_VERSION_34);
     default:
       return "QUIC_VERSION_UNSUPPORTED";
   }
@@ -257,31 +268,41 @@ ostream& operator<<(ostream& os, const Perspective& s) {
 
 ostream& operator<<(ostream& os, const QuicPacketHeader& header) {
   os << "{ connection_id: " << header.public_header.connection_id
-     << ", connection_id_length:" << header.public_header.connection_id_length
-     << ", packet_number_length:" << header.public_header.packet_number_length
+     << ", connection_id_length: " << header.public_header.connection_id_length
+     << ", packet_number_length: " << header.public_header.packet_number_length
      << ", multipath_flag: " << header.public_header.multipath_flag
      << ", reset_flag: " << header.public_header.reset_flag
      << ", version_flag: " << header.public_header.version_flag;
   if (header.public_header.version_flag) {
-    os << " version: ";
+    os << ", version:";
     for (size_t i = 0; i < header.public_header.versions.size(); ++i) {
-      os << header.public_header.versions[i] << " ";
+      os << " ";
+      os << header.public_header.versions[i];
     }
   }
+  if (header.public_header.nonce != nullptr) {
+    os << ", diversification_nonce: "
+       << net::QuicUtils::HexDecode(*header.public_header.nonce);
+  }
   os << ", fec_flag: " << header.fec_flag
      << ", entropy_flag: " << header.entropy_flag
      << ", entropy hash: " << static_cast<int>(header.entropy_hash)
-     << ", path_id: " << header.path_id
+     << ", path_id: " << static_cast<int>(header.path_id)
      << ", packet_number: " << header.packet_number
-     << ", is_in_fec_group:" << header.is_in_fec_group
-     << ", fec_group: " << header.fec_group << "}\n";
+     << ", is_in_fec_group: " << header.is_in_fec_group
+     << ", fec_group: " << header.fec_group << " }\n";
   return os;
 }
 
 bool IsAwaitingPacket(const QuicAckFrame& ack_frame,
-                      QuicPacketNumber packet_number) {
-  return packet_number > ack_frame.largest_observed ||
-         ack_frame.missing_packets.Contains(packet_number);
+                      QuicPacketNumber packet_number,
+                      QuicPacketNumber peer_least_packet_awaiting_ack) {
+  if (ack_frame.missing) {
+    return packet_number > ack_frame.largest_observed ||
+           ack_frame.packets.Contains(packet_number);
+  }
+  return packet_number >= peer_least_packet_awaiting_ack &&
+         !ack_frame.packets.Contains(packet_number);
 }
 
 QuicStopWaitingFrame::QuicStopWaitingFrame()
@@ -294,7 +315,8 @@ QuicAckFrame::QuicAckFrame()
       entropy_hash(0),
       is_truncated(false),
       largest_observed(0),
-      ack_delay_time(QuicTime::Delta::Infinite()) {}
+      ack_delay_time(QuicTime::Delta::Infinite()),
+      missing(true) {}
 
 QuicAckFrame::QuicAckFrame(const QuicAckFrame& other) = default;
 
@@ -311,9 +333,9 @@ QuicRstStreamFrame::QuicRstStreamFrame()
 QuicRstStreamFrame::QuicRstStreamFrame(QuicStreamId stream_id,
                                        QuicRstStreamErrorCode error_code,
                                        QuicStreamOffset bytes_written)
-    : stream_id(stream_id), error_code(error_code), byte_offset(bytes_written) {
-  DCHECK_LE(error_code, numeric_limits<uint8_t>::max());
-}
+    : stream_id(stream_id),
+      error_code(error_code),
+      byte_offset(bytes_written) {}
 
 QuicConnectionCloseFrame::QuicConnectionCloseFrame()
     : error_code(QUIC_NO_ERROR) {}
@@ -356,8 +378,8 @@ QuicFrame::QuicFrame(QuicPathCloseFrame* frame)
     : type(PATH_CLOSE_FRAME), path_close_frame(frame) {}
 
 ostream& operator<<(ostream& os, const QuicStopWaitingFrame& sent_info) {
-  os << "entropy_hash: " << static_cast<int>(sent_info.entropy_hash)
-     << " least_unacked: " << sent_info.least_unacked << "\n";
+  os << "{ entropy_hash: " << static_cast<int>(sent_info.entropy_hash)
+     << ", least_unacked: " << sent_info.least_unacked << " }\n";
   return os;
 }
 
@@ -443,6 +465,11 @@ void PacketNumberQueue::Remove(QuicPacketNumber packet_number) {
   packet_number_intervals_.Difference(packet_number, packet_number + 1);
 }
 
+void PacketNumberQueue::Remove(QuicPacketNumber lower,
+                               QuicPacketNumber higher) {
+  packet_number_intervals_.Difference(lower, higher);
+}
+
 bool PacketNumberQueue::RemoveUpTo(QuicPacketNumber higher) {
   if (Empty()) {
     return false;
@@ -478,6 +505,15 @@ size_t PacketNumberQueue::NumPacketsSlow() const {
   return num_packets;
 }
 
+size_t PacketNumberQueue::NumIntervals() const {
+  return packet_number_intervals_.Size();
+}
+
+QuicPacketNumber PacketNumberQueue::LastIntervalLength() const {
+  DCHECK(!Empty());
+  return packet_number_intervals_.rbegin()->Length();
+}
+
 PacketNumberQueue::const_iterator PacketNumberQueue::begin() const {
   QuicPacketNumber first;
   QuicPacketNumber last;
@@ -525,24 +561,24 @@ ostream& operator<<(ostream& os, const PacketNumberQueue& q) {
 }
 
 ostream& operator<<(ostream& os, const QuicAckFrame& ack_frame) {
-  os << "entropy_hash: " << static_cast<int>(ack_frame.entropy_hash)
-     << " largest_observed: " << ack_frame.largest_observed
-     << " ack_delay_time: " << ack_frame.ack_delay_time.ToMicroseconds()
-     << " missing_packets: [ " << ack_frame.missing_packets
-     << " ] is_truncated: " << ack_frame.is_truncated
-     << " received_packets: [ ";
+  os << "{ entropy_hash: " << static_cast<int>(ack_frame.entropy_hash)
+     << ", largest_observed: " << ack_frame.largest_observed
+     << ", ack_delay_time: " << ack_frame.ack_delay_time.ToMicroseconds()
+     << ", packets: [ " << ack_frame.packets << " ]"
+     << ", is_truncated: " << ack_frame.is_truncated
+     << ", received_packets: [ ";
   for (const std::pair<QuicPacketNumber, QuicTime>& p :
        ack_frame.received_packet_times) {
     os << p.first << " at " << p.second.ToDebuggingValue() << " ";
   }
-  os << " ]\n";
+  os << " ] }\n";
   return os;
 }
 
 ostream& operator<<(ostream& os, const QuicFrame& frame) {
   switch (frame.type) {
     case PADDING_FRAME: {
-      os << "type { PADDING_FRAME } ";
+      os << "type { PADDING_FRAME } " << frame.padding_frame;
       break;
     }
     case RST_STREAM_FRAME: {
@@ -598,48 +634,52 @@ ostream& operator<<(ostream& os, const QuicFrame& frame) {
   return os;
 }
 
+ostream& operator<<(ostream& os, const QuicPaddingFrame& padding_frame) {
+  os << "{ num_padding_bytes: " << padding_frame.num_padding_bytes << " }\n";
+  return os;
+}
+
 ostream& operator<<(ostream& os, const QuicRstStreamFrame& rst_frame) {
-  os << "stream_id { " << rst_frame.stream_id << " } "
-     << "error_code { " << rst_frame.error_code << " }\n";
+  os << "{ stream_id: " << rst_frame.stream_id
+     << ", error_code: " << rst_frame.error_code << " }\n";
   return os;
 }
 
 ostream& operator<<(ostream& os,
                     const QuicConnectionCloseFrame& connection_close_frame) {
-  os << "error_code { " << connection_close_frame.error_code << " } "
-     << "error_details { " << connection_close_frame.error_details << " }\n";
+  os << "{ error_code: " << connection_close_frame.error_code
+     << ", error_details: '" << connection_close_frame.error_details << "' }\n";
   return os;
 }
 
 ostream& operator<<(ostream& os, const QuicGoAwayFrame& goaway_frame) {
-  os << "error_code { " << goaway_frame.error_code << " } "
-     << "last_good_stream_id { " << goaway_frame.last_good_stream_id << " } "
-     << "reason_phrase { " << goaway_frame.reason_phrase << " }\n";
+  os << "{ error_code: " << goaway_frame.error_code
+     << ", last_good_stream_id: " << goaway_frame.last_good_stream_id
+     << ", reason_phrase: '" << goaway_frame.reason_phrase << "' }\n";
   return os;
 }
 
 ostream& operator<<(ostream& os,
                     const QuicWindowUpdateFrame& window_update_frame) {
-  os << "stream_id { " << window_update_frame.stream_id << " } "
-     << "byte_offset { " << window_update_frame.byte_offset << " }\n";
+  os << "{ stream_id: " << window_update_frame.stream_id
+     << ", byte_offset: " << window_update_frame.byte_offset << " }\n";
   return os;
 }
 
 ostream& operator<<(ostream& os, const QuicBlockedFrame& blocked_frame) {
-  os << "stream_id { " << blocked_frame.stream_id << " }\n";
+  os << "{ stream_id: " << blocked_frame.stream_id << " }\n";
   return os;
 }
 
 ostream& operator<<(ostream& os, const QuicPathCloseFrame& path_close_frame) {
-  os << "path_id { " << path_close_frame.path_id << " }\n";
+  os << "{ path_id: " << static_cast<int>(path_close_frame.path_id) << " }\n";
   return os;
 }
 
 ostream& operator<<(ostream& os, const QuicStreamFrame& stream_frame) {
-  os << "stream_id { " << stream_frame.stream_id << " } "
-     << "fin { " << stream_frame.fin << " } "
-     << "offset { " << stream_frame.offset << " } "
-     << "length { " << stream_frame.frame_length << " }\n";
+  os << "{ stream_id: " << stream_frame.stream_id
+     << ", fin: " << stream_frame.fin << ", offset: " << stream_frame.offset
+     << ", length: " << stream_frame.data_length << " }\n";
   return os;
 }
 
@@ -651,9 +691,7 @@ QuicGoAwayFrame::QuicGoAwayFrame(QuicErrorCode error_code,
                                  const string& reason)
     : error_code(error_code),
       last_good_stream_id(last_good_stream_id),
-      reason_phrase(reason) {
-  DCHECK_LE(error_code, numeric_limits<uint8_t>::max());
-}
+      reason_phrase(reason) {}
 
 QuicData::QuicData(const char* buffer, size_t length)
     : buffer_(buffer), length_(length), owns_buffer_(false) {}
@@ -682,12 +720,14 @@ QuicPacket::QuicPacket(char* buffer,
                        QuicConnectionIdLength connection_id_length,
                        bool includes_version,
                        bool includes_path_id,
+                       bool includes_diversification_nonce,
                        QuicPacketNumberLength packet_number_length)
     : QuicData(buffer, length, owns_buffer),
       buffer_(buffer),
       connection_id_length_(connection_id_length),
       includes_version_(includes_version),
       includes_path_id_(includes_path_id),
+      includes_diversification_nonce_(includes_diversification_nonce),
       packet_number_length_(packet_number_length) {}
 
 QuicEncryptedPacket::QuicEncryptedPacket(const char* buffer, size_t length)
@@ -732,16 +772,18 @@ ostream& operator<<(ostream& os, const QuicReceivedPacket& s) {
   return os;
 }
 
-StringPiece QuicPacket::AssociatedData() const {
-  return StringPiece(data(), GetStartOfEncryptedData(
-                                 connection_id_length_, includes_version_,
-                                 includes_path_id_, packet_number_length_));
+StringPiece QuicPacket::AssociatedData(QuicVersion version) const {
+  return StringPiece(
+      data(), GetStartOfEncryptedData(version, connection_id_length_,
+                                      includes_version_, includes_path_id_,
+                                      includes_diversification_nonce_,
+                                      packet_number_length_));
 }
 
-StringPiece QuicPacket::Plaintext() const {
-  const size_t start_of_encrypted_data =
-      GetStartOfEncryptedData(connection_id_length_, includes_version_,
-                              includes_path_id_, packet_number_length_);
+StringPiece QuicPacket::Plaintext(QuicVersion version) const {
+  const size_t start_of_encrypted_data = GetStartOfEncryptedData(
+      version, connection_id_length_, includes_version_, includes_path_id_,
+      includes_diversification_nonce_, packet_number_length_);
   return StringPiece(data() + start_of_encrypted_data,
                      length() - start_of_encrypted_data);
 }
@@ -768,7 +810,7 @@ SerializedPacket::SerializedPacket(QuicPathId path_id,
     : encrypted_buffer(encrypted_buffer),
       encrypted_length(encrypted_length),
       has_crypto_handshake(NOT_HANDSHAKE),
-      needs_padding(false),
+      num_padding_bytes(0),
       path_id(path_id),
       packet_number(packet_number),
       packet_number_length(packet_number_length),
@@ -776,6 +818,7 @@ SerializedPacket::SerializedPacket(QuicPathId path_id,
       entropy_hash(entropy_hash),
       has_ack(has_ack),
       has_stop_waiting(has_stop_waiting),
+      original_path_id(kInvalidPathId),
       original_packet_number(0),
       transmission_type(NOT_RETRANSMISSION) {}
 
@@ -793,7 +836,7 @@ TransmissionInfo::TransmissionInfo()
       in_flight(false),
       is_unackable(false),
       has_crypto_handshake(false),
-      needs_padding(false),
+      num_padding_bytes(0),
       retransmission(0) {}
 
 TransmissionInfo::TransmissionInfo(EncryptionLevel level,
@@ -802,7 +845,7 @@ TransmissionInfo::TransmissionInfo(EncryptionLevel level,
                                    QuicTime sent_time,
                                    QuicPacketLength bytes_sent,
                                    bool has_crypto_handshake,
-                                   bool needs_padding)
+                                   int num_padding_bytes)
     : encryption_level(level),
       packet_number_length(packet_number_length),
       bytes_sent(bytes_sent),
@@ -812,7 +855,7 @@ TransmissionInfo::TransmissionInfo(EncryptionLevel level,
       in_flight(false),
       is_unackable(false),
       has_crypto_handshake(has_crypto_handshake),
-      needs_padding(needs_padding),
+      num_padding_bytes(num_padding_bytes),
       retransmission(0) {}
 
 TransmissionInfo::TransmissionInfo(const TransmissionInfo& other) = default;
diff --git a/chromium/net/quic/quic_protocol.h b/chromium/net/quic/quic_protocol.h
index 44bcbac1ffd..7ea471b68f3 100644
--- a/chromium/net/quic/quic_protocol.h
+++ b/chromium/net/quic/quic_protocol.h
@@ -11,6 +11,7 @@
 #include <limits>
 #include <list>
 #include <map>
+#include <memory>
 #include <ostream>
 #include <set>
 #include <string>
@@ -20,7 +21,6 @@
 #include "base/logging.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_piece.h"
 #include "net/base/int128.h"
 #include "net/base/iovec.h"
@@ -78,9 +78,6 @@ const QuicByteCount kSessionReceiveWindowLimit = 24 * 1024 * 1024;  // 24 MB
 // Minimum size of the CWND, in packets, when doing bandwidth resumption.
 const QuicPacketCount kMinCongestionWindowForBandwidthResumption = 10;
 
-// Maximum size of the CWND, in packets.
-const QuicPacketCount kMaxCongestionWindow = 200;
-
 // Maximum number of tracked packets.
 const QuicPacketCount kMaxTrackedPackets = 5000;
 
@@ -122,6 +119,8 @@ const size_t kFecGroupSize = 1;
 const bool kIncludeVersion = true;
 // Signifies that the QuicPacket will contain path id.
 const bool kIncludePathId = true;
+// Signifies that the QuicPacket will include a diversification nonce.
+const bool kIncludeDiversificationNonce = true;
 
 // Stream ID is reserved to denote an invalid ID.
 const QuicStreamId kInvalidStreamId = 0;
@@ -209,6 +208,11 @@ const QuicPathId kDefaultPathId = 0;
 // Invalid path ID.
 const QuicPathId kInvalidPathId = 0xff;
 
+// kDiversificationNonceSize is the size, in bytes, of the nonce that a server
+// may set in the packet header to ensure that its INITIAL keys are not
+// duplicated.
+const size_t kDiversificationNonceSize = 32;
+
 enum TransmissionType : int8_t {
   NOT_RETRANSMISSION,
   FIRST_TRANSMISSION_TYPE = NOT_RETRANSMISSION,
@@ -265,8 +269,6 @@ enum QuicFrameType {
 
 enum QuicConnectionIdLength {
   PACKET_0BYTE_CONNECTION_ID = 0,
-  PACKET_1BYTE_CONNECTION_ID = 1,
-  PACKET_4BYTE_CONNECTION_ID = 4,
   PACKET_8BYTE_CONNECTION_ID = 8
 };
 
@@ -300,15 +302,16 @@ enum QuicPacketPublicFlags {
   // Bit 1: Is this packet a public reset packet?
   PACKET_PUBLIC_FLAGS_RST = 1 << 1,
 
-  // Bits 2 and 3 specify the length of the ConnectionId as follows:
-  // ----00--: 0 bytes
-  // ----01--: 1 byte
-  // ----10--: 4 bytes
-  // ----11--: 8 bytes
+  // Bit 2: indicates the that public header includes a nonce.
+  PACKET_PUBLIC_FLAGS_NONCE = 1 << 2,
+
+  // Bit 3: indicates whether a ConnectionID is included.
   PACKET_PUBLIC_FLAGS_0BYTE_CONNECTION_ID = 0,
-  PACKET_PUBLIC_FLAGS_1BYTE_CONNECTION_ID = 1 << 2,
-  PACKET_PUBLIC_FLAGS_4BYTE_CONNECTION_ID = 1 << 3,
-  PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID = 1 << 3 | 1 << 2,
+  PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID = 1 << 3,
+
+  // QUIC_VERSION_32 and earlier use two bits for an 8 byte
+  // connection id.
+  PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID_OLD = 1 << 3 | 1 << 2,
 
   // Bits 4 and 5 describe the packet number length as follows:
   // --00----: 1 byte
@@ -323,6 +326,11 @@ enum QuicPacketPublicFlags {
   // Bit 6: Does the packet header contain a path id?
   PACKET_PUBLIC_FLAGS_MULTIPATH = 1 << 6,
 
+  // Reserved, unimplemented flags:
+
+  // Bit 7: indicates the presence of a second flags byte.
+  PACKET_PUBLIC_FLAGS_TWO_OR_MORE_BYTES = 1 << 7,
+
   // All bits set (bit 7 is not currently used): 01111111
   PACKET_PUBLIC_FLAGS_MAX = (1 << 7) - 1,
 };
@@ -366,6 +374,9 @@ enum QuicVersion {
   QUIC_VERSION_30 = 30,  // Add server side support of cert transparency.
   QUIC_VERSION_31 = 31,  // Adds a hash of the client hello to crypto proof.
   QUIC_VERSION_32 = 32,  // FEC related fields are removed from wire format.
+  QUIC_VERSION_33 = 33,  // Adds diversification nonces.
+  QUIC_VERSION_34 = 34,  // Deprecates entropy, removes private flag from packet
+                         // header, uses new ack and stop waiting wire format.
 };
 
 // This vector contains QUIC versions which we currently support.
@@ -376,8 +387,9 @@ enum QuicVersion {
 // IMPORTANT: if you are adding to this list, follow the instructions at
 // http://sites/quic/adding-and-removing-versions
 static const QuicVersion kSupportedQuicVersions[] = {
-    QUIC_VERSION_32, QUIC_VERSION_31, QUIC_VERSION_30, QUIC_VERSION_29,
-    QUIC_VERSION_28, QUIC_VERSION_27, QUIC_VERSION_26, QUIC_VERSION_25};
+    QUIC_VERSION_34, QUIC_VERSION_33, QUIC_VERSION_32, QUIC_VERSION_31,
+    QUIC_VERSION_30, QUIC_VERSION_29, QUIC_VERSION_28, QUIC_VERSION_27,
+    QUIC_VERSION_26, QUIC_VERSION_25};
 
 typedef std::vector<QuicVersion> QuicVersionVector;
 
@@ -419,22 +431,27 @@ NET_EXPORT_PRIVATE bool ContainsQuicTag(const QuicTagVector& tag_vector,
                                         QuicTag tag);
 
 // Size in bytes of the data packet header.
-NET_EXPORT_PRIVATE size_t GetPacketHeaderSize(const QuicPacketHeader& header);
+NET_EXPORT_PRIVATE size_t GetPacketHeaderSize(QuicVersion version,
+                                              const QuicPacketHeader& header);
 
 NET_EXPORT_PRIVATE size_t
-GetPacketHeaderSize(QuicConnectionIdLength connection_id_length,
+GetPacketHeaderSize(QuicVersion version,
+                    QuicConnectionIdLength connection_id_length,
                     bool include_version,
                     bool include_path_id,
+                    bool include_diversification_nonce,
                     QuicPacketNumberLength packet_number_length);
 
 // Index of the first byte in a QUIC packet of encrypted data.
 NET_EXPORT_PRIVATE size_t
-GetStartOfEncryptedData(const QuicPacketHeader& header);
+GetStartOfEncryptedData(QuicVersion version, const QuicPacketHeader& header);
 
 NET_EXPORT_PRIVATE size_t
-GetStartOfEncryptedData(QuicConnectionIdLength connection_id_length,
+GetStartOfEncryptedData(QuicVersion version,
+                        QuicConnectionIdLength connection_id_length,
                         bool include_version,
                         bool include_path_id,
+                        bool include_diversification_nonce,
                         QuicPacketNumberLength packet_number_length);
 
 enum QuicRstStreamErrorCode {
@@ -475,6 +492,10 @@ enum QuicRstStreamErrorCode {
   // No error. Used as bound while iterating.
   QUIC_STREAM_LAST_ERROR,
 };
+// QUIC error codes are encoded to a single octet on-the-wire.
+static_assert(static_cast<int>(QUIC_STREAM_LAST_ERROR) <=
+                  std::numeric_limits<uint8_t>::max(),
+              "QuicErrorCode exceeds single octet");
 
 // Because receiving an unknown QuicRstStreamErrorCode results in connection
 // teardown, we use this to make sure any errors predating a given version are
@@ -508,6 +529,8 @@ enum QuicErrorCode {
   QUIC_UNENCRYPTED_STREAM_DATA = 61,
   // Attempt to send unencrypted STREAM frame.
   QUIC_ATTEMPT_TO_SEND_UNENCRYPTED_STREAM_DATA = 88,
+  // Received a frame which is likely the result of memory corruption.
+  QUIC_MAYBE_CORRUPTED_MEMORY = 89,
   // FEC frame data is not encrypted.
   QUIC_UNENCRYPTED_FEC_DATA = 77,
   // RST_STREAM frame data is malformed.
@@ -674,13 +697,15 @@ enum QuicErrorCode {
   QUIC_CONNECTION_MIGRATION_NON_MIGRATABLE_STREAM = 84,
 
   // No error. Used as bound while iterating.
-  QUIC_LAST_ERROR = 89,
+  QUIC_LAST_ERROR = 90,
 };
 
 // Must be updated any time a QuicErrorCode is deprecated.
 const int kDeprecatedQuicErrorCount = 4;
 const int kActiveQuicErrorCount = QUIC_LAST_ERROR - kDeprecatedQuicErrorCount;
 
+typedef char DiversificationNonce[32];
+
 struct NET_EXPORT_PRIVATE QuicPacketPublicHeader {
   QuicPacketPublicHeader();
   explicit QuicPacketPublicHeader(const QuicPacketPublicHeader& other);
@@ -695,6 +720,9 @@ struct NET_EXPORT_PRIVATE QuicPacketPublicHeader {
   bool version_flag;
   QuicPacketNumberLength packet_number_length;
   QuicVersionVector versions;
+  // nonce contains an optional, 32-byte nonce value. If not included in the
+  // packet, |nonce| will be empty.
+  DiversificationNonce* nonce;
 };
 
 // An integer which cannot be a packet number.
@@ -746,7 +774,18 @@ enum QuicVersionNegotiationState {
 typedef QuicPacketPublicHeader QuicVersionNegotiationPacket;
 
 // A padding frame contains no payload.
-struct NET_EXPORT_PRIVATE QuicPaddingFrame {};
+struct NET_EXPORT_PRIVATE QuicPaddingFrame {
+  QuicPaddingFrame() : num_padding_bytes(-1) {}
+  explicit QuicPaddingFrame(int num_padding_bytes)
+      : num_padding_bytes(num_padding_bytes) {}
+
+  NET_EXPORT_PRIVATE friend std::ostream& operator<<(std::ostream& os,
+                                                     const QuicPaddingFrame& s);
+
+  // -1: full padding to the end of a max-sized packet
+  // otherwise: only pad up to num_padding_bytes bytes
+  int num_padding_bytes;
+};
 
 // A ping frame contains no payload, though it is retransmittable,
 // and ACK'd just like other normal frames.
@@ -809,7 +848,7 @@ struct NET_EXPORT_PRIVATE QuicStreamFrame {
   QuicStreamFrame(QuicStreamId stream_id,
                   bool fin,
                   QuicStreamOffset offset,
-                  QuicPacketLength frame_length,
+                  QuicPacketLength data_length,
                   UniqueStreamBuffer buffer);
   ~QuicStreamFrame();
 
@@ -818,8 +857,8 @@ struct NET_EXPORT_PRIVATE QuicStreamFrame {
 
   QuicStreamId stream_id;
   bool fin;
-  QuicPacketLength frame_length;
-  const char* frame_buffer;
+  QuicPacketLength data_length;
+  const char* data_buffer;
   QuicStreamOffset offset;  // Location of this data in the stream.
   // nullptr when the QuicStreamFrame is received, and non-null when sent.
   UniqueStreamBuffer buffer;
@@ -828,8 +867,8 @@ struct NET_EXPORT_PRIVATE QuicStreamFrame {
   QuicStreamFrame(QuicStreamId stream_id,
                   bool fin,
                   QuicStreamOffset offset,
-                  const char* frame_buffer,
-                  QuicPacketLength frame_length,
+                  const char* data_buffer,
+                  QuicPacketLength data_length,
                   UniqueStreamBuffer buffer);
 
   DISALLOW_COPY_AND_ASSIGN(QuicStreamFrame);
@@ -917,6 +956,10 @@ class NET_EXPORT_PRIVATE PacketNumberQueue {
   // Removes |packet_number| from the set of packets in the queue.
   void Remove(QuicPacketNumber packet_number);
 
+  // Removes packets numbers between [lower, higher) to the set of packets in
+  // the queue. It is undefined behavior to call this with |higher| < |lower|.
+  void Remove(QuicPacketNumber lower, QuicPacketNumber higher);
+
   // Removes packets with values less than |higher| from the set of packets in
   // the queue. Returns true if packets were removed.
   bool RemoveUpTo(QuicPacketNumber higher);
@@ -939,6 +982,13 @@ class NET_EXPORT_PRIVATE PacketNumberQueue {
   // exposed for testing.
   size_t NumPacketsSlow() const;
 
+  // Returns the number of disjoint packet number intervals contained in the
+  // queue.
+  size_t NumIntervals() const;
+
+  // Returns the length of last interval.
+  QuicPacketNumber LastIntervalLength() const;
+
   // Returns iterators over the individual packet numbers.
   const_iterator begin() const;
   const_iterator end() const;
@@ -987,15 +1037,21 @@ struct NET_EXPORT_PRIVATE QuicAckFrame {
   // Vector of <packet_number, time> for when packets arrived.
   PacketTimeVector received_packet_times;
 
-  // The set of packets which we're expecting and have not received.
-  PacketNumberQueue missing_packets;
+  // Set of packets.
+  PacketNumberQueue packets;
+
+  // If true, |packets| express missing packets. Otherwise, |packets| express
+  // received packets.
+  bool missing;
 };
 
 // True if the packet number is greater than largest_observed or is listed
 // as missing.
 // Always returns false for packet numbers less than least_unacked.
-bool NET_EXPORT_PRIVATE IsAwaitingPacket(const QuicAckFrame& ack_frame,
-                                         QuicPacketNumber packet_number);
+bool NET_EXPORT_PRIVATE
+IsAwaitingPacket(const QuicAckFrame& ack_frame,
+                 QuicPacketNumber packet_number,
+                 QuicPacketNumber peer_least_packet_awaiting_ack);
 
 // Defines for all types of congestion control algorithms that can be used in
 // QUIC. Note that this is separate from the congestion feedback type -
@@ -1010,8 +1066,9 @@ enum CongestionControlType {
 };
 
 enum LossDetectionType {
-  kNack,  // Used to mimic TCP's loss detection.
-  kTime,  // Time based loss detection.
+  kNack,          // Used to mimic TCP's loss detection.
+  kTime,          // Time based loss detection.
+  kAdaptiveTime,  // Adaptive time based loss detection.
 };
 
 struct NET_EXPORT_PRIVATE QuicRstStreamFrame {
@@ -1220,10 +1277,11 @@ class NET_EXPORT_PRIVATE QuicPacket : public QuicData {
              QuicConnectionIdLength connection_id_length,
              bool includes_version,
              bool includes_path_id,
+             bool includes_diversification_nonce,
              QuicPacketNumberLength packet_number_length);
 
-  base::StringPiece AssociatedData() const;
-  base::StringPiece Plaintext() const;
+  base::StringPiece AssociatedData(QuicVersion version) const;
+  base::StringPiece Plaintext(QuicVersion version) const;
 
   char* mutable_data() { return buffer_; }
 
@@ -1232,6 +1290,7 @@ class NET_EXPORT_PRIVATE QuicPacket : public QuicData {
   const QuicConnectionIdLength connection_id_length_;
   const bool includes_version_;
   const bool includes_path_id_;
+  const bool includes_diversification_nonce_;
   const QuicPacketNumberLength packet_number_length_;
 
   DISALLOW_COPY_AND_ASSIGN(QuicPacket);
@@ -1335,7 +1394,10 @@ struct NET_EXPORT_PRIVATE SerializedPacket {
   QuicPacketLength encrypted_length;
   QuicFrames retransmittable_frames;
   IsHandshake has_crypto_handshake;
-  bool needs_padding;
+  // -1: full padding to the end of a max-sized packet
+  //  0: no padding
+  //  otherwise: only pad up to num_padding_bytes bytes
+  int num_padding_bytes;
   QuicPathId path_id;
   QuicPacketNumber packet_number;
   QuicPacketNumberLength packet_number_length;
@@ -1343,6 +1405,7 @@ struct NET_EXPORT_PRIVATE SerializedPacket {
   QuicPacketEntropyHash entropy_hash;
   bool has_ack;
   bool has_stop_waiting;
+  QuicPathId original_path_id;
   QuicPacketNumber original_packet_number;
   TransmissionType transmission_type;
 
@@ -1362,7 +1425,7 @@ struct NET_EXPORT_PRIVATE TransmissionInfo {
                    QuicTime sent_time,
                    QuicPacketLength bytes_sent,
                    bool has_crypto_handshake,
-                   bool needs_padding);
+                   int num_padding_bytes);
 
   TransmissionInfo(const TransmissionInfo& other);
 
@@ -1378,20 +1441,20 @@ struct NET_EXPORT_PRIVATE TransmissionInfo {
   TransmissionType transmission_type;
   // In flight packets have not been abandoned or lost.
   bool in_flight;
-  // True if the packet can never be acked, so it can be removed.
+  // True if the packet can never be acked, so it can be removed.  Occurs when
+  // a packet is never sent, after it is acknowledged once, or if it's a crypto
+  // packet we never expect to receive an ack for.
   bool is_unackable;
   // True if the packet contains stream data from the crypto stream.
   bool has_crypto_handshake;
-  // True if the packet needs padding if it's retransmitted.
-  bool needs_padding;
+  // Non-zero if the packet needs padding if it's retransmitted.
+  int num_padding_bytes;
   // Stores the packet number of the next retransmission of this packet.
   // Zero if the packet has not been retransmitted.
   QuicPacketNumber retransmission;
   // Non-empty if there is a listener for this packet.
   std::list<AckListenerWrapper> ack_listeners;
 };
-static_assert(sizeof(TransmissionInfo) <= 128,
-              "TODO(ianswett): Keep the TransmissionInfo size to a cacheline.");
 
 // Struct to store the pending retransmission information.
 struct PendingRetransmission {
@@ -1400,7 +1463,7 @@ struct PendingRetransmission {
                         TransmissionType transmission_type,
                         const QuicFrames& retransmittable_frames,
                         bool has_crypto_handshake,
-                        bool needs_padding,
+                        int num_padding_bytes,
                         EncryptionLevel encryption_level,
                         QuicPacketNumberLength packet_number_length)
       : packet_number(packet_number),
@@ -1408,7 +1471,7 @@ struct PendingRetransmission {
         transmission_type(transmission_type),
         path_id(path_id),
         has_crypto_handshake(has_crypto_handshake),
-        needs_padding(needs_padding),
+        num_padding_bytes(num_padding_bytes),
         encryption_level(encryption_level),
         packet_number_length(packet_number_length) {}
 
@@ -1417,7 +1480,7 @@ struct PendingRetransmission {
   TransmissionType transmission_type;
   QuicPathId path_id;
   bool has_crypto_handshake;
-  bool needs_padding;
+  int num_padding_bytes;
   EncryptionLevel encryption_level;
   QuicPacketNumberLength packet_number_length;
 };
diff --git a/chromium/net/quic/quic_protocol_test.cc b/chromium/net/quic/quic_protocol_test.cc
index 6a34620c4ec..3eb31554316 100644
--- a/chromium/net/quic/quic_protocol_test.cc
+++ b/chromium/net/quic/quic_protocol_test.cc
@@ -39,11 +39,32 @@ TEST(QuicProtocolTest, MakeQuicTag) {
 TEST(QuicProtocolTest, IsAawaitingPacket) {
   QuicAckFrame ack_frame;
   ack_frame.largest_observed = 10u;
-  EXPECT_TRUE(IsAwaitingPacket(ack_frame, 11u));
-  EXPECT_FALSE(IsAwaitingPacket(ack_frame, 1u));
-
-  ack_frame.missing_packets.Add(10);
-  EXPECT_TRUE(IsAwaitingPacket(ack_frame, 10u));
+  EXPECT_TRUE(IsAwaitingPacket(ack_frame, 11u, 0u));
+  EXPECT_FALSE(IsAwaitingPacket(ack_frame, 1u, 0u));
+
+  ack_frame.packets.Add(10);
+  EXPECT_TRUE(IsAwaitingPacket(ack_frame, 10u, 0u));
+
+  QuicAckFrame ack_frame1;
+  ack_frame1.missing = false;
+  ack_frame1.largest_observed = 10u;
+  ack_frame1.packets.Add(1, 11);
+  EXPECT_TRUE(IsAwaitingPacket(ack_frame1, 11u, 0u));
+  EXPECT_FALSE(IsAwaitingPacket(ack_frame1, 1u, 0u));
+
+  ack_frame1.packets.Remove(10);
+  EXPECT_TRUE(IsAwaitingPacket(ack_frame1, 10u, 0u));
+
+  QuicAckFrame ack_frame2;
+  ack_frame2.missing = false;
+  ack_frame2.largest_observed = 100u;
+  ack_frame2.packets.Add(21, 100);
+  EXPECT_FALSE(IsAwaitingPacket(ack_frame2, 11u, 20u));
+  EXPECT_FALSE(IsAwaitingPacket(ack_frame2, 80u, 20u));
+  EXPECT_TRUE(IsAwaitingPacket(ack_frame2, 101u, 20u));
+
+  ack_frame2.packets.Remove(50);
+  EXPECT_TRUE(IsAwaitingPacket(ack_frame2, 50u, 20u));
 }
 
 TEST(QuicProtocolTest, QuicDeprecatedErrorCodeCount) {
@@ -173,6 +194,108 @@ TEST(QuicProtocolTest, QuicVersionToString) {
   }
 }
 
+TEST(QuicProtocolTest, AckFrameToString) {
+  QuicAckFrame frame;
+  frame.entropy_hash = 1;
+  frame.largest_observed = 2;
+  frame.ack_delay_time = QuicTime::Delta::FromMicroseconds(3);
+  frame.packets.Add(4);
+  frame.packets.Add(5);
+  frame.received_packet_times = {
+      {6, QuicTime::Zero().Add(QuicTime::Delta::FromMicroseconds(7))}};
+  std::ostringstream stream;
+  stream << frame;
+  EXPECT_EQ(
+      "{ entropy_hash: 1, largest_observed: 2, ack_delay_time: 3, "
+      "packets: [ 4 5  ], is_truncated: 0, received_packets: [ 6 at 7  ] }\n",
+      stream.str());
+}
+
+TEST(QuicProtocolTest, PaddingFrameToString) {
+  QuicPaddingFrame frame;
+  frame.num_padding_bytes = 1;
+  std::ostringstream stream;
+  stream << frame;
+  EXPECT_EQ("{ num_padding_bytes: 1 }\n", stream.str());
+}
+
+TEST(QuicProtocolTest, RstStreamFrameToString) {
+  QuicRstStreamFrame frame;
+  frame.stream_id = 1;
+  frame.error_code = QUIC_STREAM_CANCELLED;
+  std::ostringstream stream;
+  stream << frame;
+  EXPECT_EQ("{ stream_id: 1, error_code: 6 }\n", stream.str());
+}
+
+TEST(QuicProtocolTest, ConnectionCloseFrameToString) {
+  QuicConnectionCloseFrame frame;
+  frame.error_code = QUIC_NETWORK_IDLE_TIMEOUT;
+  frame.error_details = "No recent network activity.";
+  std::ostringstream stream;
+  stream << frame;
+  EXPECT_EQ(
+      "{ error_code: 25, error_details: 'No recent network activity.' }\n",
+      stream.str());
+}
+
+TEST(QuicProtocolTest, GoAwayFrameToString) {
+  QuicGoAwayFrame frame;
+  frame.error_code = QUIC_NETWORK_IDLE_TIMEOUT;
+  frame.last_good_stream_id = 2;
+  frame.reason_phrase = "Reason";
+  std::ostringstream stream;
+  stream << frame;
+  EXPECT_EQ(
+      "{ error_code: 25, last_good_stream_id: 2, reason_phrase: 'Reason' }\n",
+      stream.str());
+}
+
+TEST(QuicProtocolTest, WindowUpdateFrameToString) {
+  QuicWindowUpdateFrame frame;
+  std::ostringstream stream;
+  frame.stream_id = 1;
+  frame.byte_offset = 2;
+  stream << frame;
+  EXPECT_EQ("{ stream_id: 1, byte_offset: 2 }\n", stream.str());
+}
+
+TEST(QuicProtocolTest, BlockedFrameToString) {
+  QuicBlockedFrame frame;
+  frame.stream_id = 1;
+  std::ostringstream stream;
+  stream << frame;
+  EXPECT_EQ("{ stream_id: 1 }\n", stream.str());
+}
+
+TEST(QuicProtocolTest, StreamFrameToString) {
+  QuicStreamFrame frame;
+  frame.stream_id = 1;
+  frame.fin = false;
+  frame.offset = 2;
+  frame.data_length = 3;
+  std::ostringstream stream;
+  stream << frame;
+  EXPECT_EQ("{ stream_id: 1, fin: 0, offset: 2, length: 3 }\n", stream.str());
+}
+
+TEST(QuicProtocolTest, StopWaitingFrameToString) {
+  QuicStopWaitingFrame frame;
+  frame.entropy_hash = 1;
+  frame.least_unacked = 2;
+  std::ostringstream stream;
+  stream << frame;
+  EXPECT_EQ("{ entropy_hash: 1, least_unacked: 2 }\n", stream.str());
+}
+
+TEST(QuicProtocolTest, PathCloseFrameToString) {
+  QuicPathCloseFrame frame;
+  frame.path_id = 1;
+  std::ostringstream stream;
+  stream << frame;
+  EXPECT_EQ("{ path_id: 1 }\n", stream.str());
+}
+
 // Tests that a queue contains the expected data after calls to Add().
 TEST(PacketNumberQueueTest, AddRange) {
   PacketNumberQueue queue;
@@ -266,6 +389,19 @@ TEST(PacketNumberQueueTest, Iterators) {
   EXPECT_TRUE(queue.end() == it_low);
 }
 
+TEST(PacketNumberQueueTest, IntervalLengthAndRemoveInterval) {
+  PacketNumberQueue queue;
+  queue.Add(1, 10);
+  queue.Add(20, 30);
+  queue.Add(40, 50);
+  EXPECT_EQ(3u, queue.NumIntervals());
+  EXPECT_EQ(10u, queue.LastIntervalLength());
+  queue.Remove(9, 21);
+  EXPECT_EQ(3u, queue.NumIntervals());
+  EXPECT_FALSE(queue.Contains(9));
+  EXPECT_FALSE(queue.Contains(20));
+}
+
 }  // namespace
 }  // namespace test
 }  // namespace net
diff --git a/chromium/net/quic/quic_received_packet_manager.cc b/chromium/net/quic/quic_received_packet_manager.cc
index 9e7a9e5dbae..73226a1d245 100644
--- a/chromium/net/quic/quic_received_packet_manager.cc
+++ b/chromium/net/quic/quic_received_packet_manager.cc
@@ -151,17 +151,23 @@ void QuicReceivedPacketManager::RecordPacketReceived(
     ack_frame_.received_packet_times.clear();
   }
   ack_frame_updated_ = true;
-  // Adds the range of packet numbers from max(largest observed + 1, least
-  // awaiting ack) up to packet_number not including packet_number.
-  ack_frame_.missing_packets.Add(
-      max(ack_frame_.largest_observed + 1, peer_least_packet_awaiting_ack_),
-      packet_number);
+  if (ack_frame_.missing) {
+    // Adds the range of packet numbers from max(largest observed + 1, least
+    // awaiting ack) up to packet_number not including packet_number.
+    ack_frame_.packets.Add(
+        max(ack_frame_.largest_observed + 1, peer_least_packet_awaiting_ack_),
+        packet_number);
+  } else {
+    ack_frame_.packets.Add(header.packet_number);
+  }
 
   if (ack_frame_.largest_observed > packet_number) {
-    // We've gotten one of the out of order packets - remove it from our
-    // "missing packets" list.
-    DVLOG(1) << "Removing " << packet_number << " from missing list";
-    ack_frame_.missing_packets.Remove(packet_number);
+    if (ack_frame_.missing) {
+      // We've gotten one of the out of order packets - remove it from our
+      // "missing packets" list.
+      DVLOG(1) << "Removing " << packet_number << " from missing list";
+      ack_frame_.packets.Remove(packet_number);
+    }
 
     // Record how out of order stats.
     ++stats_->packets_reordered;
@@ -177,19 +183,27 @@ void QuicReceivedPacketManager::RecordPacketReceived(
     ack_frame_.largest_observed = packet_number;
     time_largest_observed_ = receipt_time;
   }
-  entropy_tracker_.RecordPacketEntropyHash(packet_number, header.entropy_hash);
+  if (ack_frame_.missing) {
+    entropy_tracker_.RecordPacketEntropyHash(packet_number,
+                                             header.entropy_hash);
+  }
 
   ack_frame_.received_packet_times.push_back(
       std::make_pair(packet_number, receipt_time));
 }
 
 bool QuicReceivedPacketManager::IsMissing(QuicPacketNumber packet_number) {
-  return ack_frame_.missing_packets.Contains(packet_number);
+  if (ack_frame_.missing) {
+    return ack_frame_.packets.Contains(packet_number);
+  }
+  return packet_number < ack_frame_.largest_observed &&
+         !ack_frame_.packets.Contains(packet_number);
 }
 
 bool QuicReceivedPacketManager::IsAwaitingPacket(
     QuicPacketNumber packet_number) {
-  return ::net::IsAwaitingPacket(ack_frame_, packet_number);
+  return ::net::IsAwaitingPacket(ack_frame_, packet_number,
+                                 peer_least_packet_awaiting_ack_);
 }
 
 namespace {
@@ -208,7 +222,9 @@ struct isTooLarge {
 const QuicFrame QuicReceivedPacketManager::GetUpdatedAckFrame(
     QuicTime approximate_now) {
   ack_frame_updated_ = false;
-  ack_frame_.entropy_hash = EntropyHash(ack_frame_.largest_observed);
+  if (ack_frame_.missing) {
+    ack_frame_.entropy_hash = EntropyHash(ack_frame_.largest_observed);
+  }
 
   if (time_largest_observed_ == QuicTime::Zero()) {
     // We have received no packets.
@@ -243,45 +259,63 @@ QuicPacketEntropyHash QuicReceivedPacketManager::EntropyHash(
 
 bool QuicReceivedPacketManager::DontWaitForPacketsBefore(
     QuicPacketNumber least_unacked) {
-  return ack_frame_.missing_packets.RemoveUpTo(least_unacked);
+  peer_least_packet_awaiting_ack_ = least_unacked;
+  return ack_frame_.packets.RemoveUpTo(least_unacked);
 }
 
 void QuicReceivedPacketManager::UpdatePacketInformationSentByPeer(
     const QuicStopWaitingFrame& stop_waiting) {
-  // ValidateAck() should fail if peer_least_packet_awaiting_ack_ shrinks.
+  // ValidateAck() should fail if peer_least_packet_awaiting_ack shrinks.
   DCHECK_LE(peer_least_packet_awaiting_ack_, stop_waiting.least_unacked);
   if (stop_waiting.least_unacked > peer_least_packet_awaiting_ack_) {
-    bool missed_packets = DontWaitForPacketsBefore(stop_waiting.least_unacked);
-    if (missed_packets) {
-      DVLOG(1) << "Updating entropy hashed since we missed packets";
-      // There were some missing packets that we won't ever get now. Recalculate
-      // the received entropy hash.
-      entropy_tracker_.SetCumulativeEntropyUpTo(stop_waiting.least_unacked,
-                                                stop_waiting.entropy_hash);
-      // Ack frame gets updated because missing packets are updated because of
-      // stop waiting frame.
+    bool packets_updated = DontWaitForPacketsBefore(stop_waiting.least_unacked);
+    if (packets_updated) {
+      if (ack_frame_.missing) {
+        DVLOG(1) << "Updating entropy hashed since we missed packets";
+        // There were some missing packets that we won't ever get now.
+        // Recalculate the received entropy hash.
+        entropy_tracker_.SetCumulativeEntropyUpTo(stop_waiting.least_unacked,
+                                                  stop_waiting.entropy_hash);
+      }
+      // Ack frame gets updated because packets set is updated because of stop
+      // waiting frame.
       ack_frame_updated_ = true;
     }
-    peer_least_packet_awaiting_ack_ = stop_waiting.least_unacked;
   }
-  DCHECK(ack_frame_.missing_packets.Empty() ||
-         ack_frame_.missing_packets.Min() >= peer_least_packet_awaiting_ack_);
+  DCHECK(ack_frame_.packets.Empty() ||
+         ack_frame_.packets.Min() >= peer_least_packet_awaiting_ack_);
 }
 
 bool QuicReceivedPacketManager::HasMissingPackets() const {
-  return !ack_frame_.missing_packets.Empty();
+  if (ack_frame_.missing) {
+    return !ack_frame_.packets.Empty();
+  }
+
+  return ack_frame_.packets.NumIntervals() > 1 ||
+         (!ack_frame_.packets.Empty() &&
+          ack_frame_.packets.Min() >
+              max(QuicPacketNumber(1), peer_least_packet_awaiting_ack_));
 }
 
 bool QuicReceivedPacketManager::HasNewMissingPackets() const {
-  return !ack_frame_.missing_packets.Empty() &&
-         (ack_frame_.largest_observed - ack_frame_.missing_packets.Max()) <=
-             kMaxPacketsAfterNewMissing;
+  if (ack_frame_.missing) {
+    return !ack_frame_.packets.Empty() &&
+           (ack_frame_.largest_observed - ack_frame_.packets.Max()) <=
+               kMaxPacketsAfterNewMissing;
+  }
+
+  return HasMissingPackets() &&
+         ack_frame_.packets.LastIntervalLength() <= kMaxPacketsAfterNewMissing;
 }
 
 size_t QuicReceivedPacketManager::NumTrackedPackets() const {
   return entropy_tracker_.size();
 }
 
+void QuicReceivedPacketManager::SetVersion(QuicVersion version) {
+  ack_frame_.missing = version <= QUIC_VERSION_33;
+}
+
 bool QuicReceivedPacketManager::ack_frame_updated() const {
   return ack_frame_updated_;
 }
diff --git a/chromium/net/quic/quic_received_packet_manager.h b/chromium/net/quic/quic_received_packet_manager.h
index 99f0a5cd255..44a770b751d 100644
--- a/chromium/net/quic/quic_received_packet_manager.h
+++ b/chromium/net/quic/quic_received_packet_manager.h
@@ -140,6 +140,9 @@ class NET_EXPORT_PRIVATE QuicReceivedPacketManager
   // Returns the number of packets being tracked in the EntropyTracker.
   size_t NumTrackedPackets() const;
 
+  // Sets the mode of packets set of ack_frame_ based on |version|.
+  void SetVersion(QuicVersion version);
+
   QuicPacketNumber peer_least_packet_awaiting_ack() {
     return peer_least_packet_awaiting_ack_;
   }
diff --git a/chromium/net/quic/quic_received_packet_manager_test.cc b/chromium/net/quic/quic_received_packet_manager_test.cc
index 8016fbd3a4d..a3bca2f539d 100644
--- a/chromium/net/quic/quic_received_packet_manager_test.cc
+++ b/chromium/net/quic/quic_received_packet_manager_test.cc
@@ -186,9 +186,32 @@ TEST(EntropyTrackerTest, SetCumulativeEntropyUpTo) {
   EXPECT_EQ(42 ^ 21, tracker.EntropyHash(9));
 }
 
-class QuicReceivedPacketManagerTest : public ::testing::Test {
+struct TestParams {
+  explicit TestParams(QuicVersion version) : version(version) {}
+
+  friend std::ostream& operator<<(std::ostream& os, const TestParams& p) {
+    os << "{ version: " << QuicVersionToString(p.version) << " }";
+    return os;
+  }
+
+  QuicVersion version;
+};
+
+vector<TestParams> GetTestParams() {
+  vector<TestParams> params;
+  QuicVersionVector all_supported_versions = QuicSupportedVersions();
+  for (size_t i = 0; i < all_supported_versions.size(); ++i) {
+    params.push_back(TestParams(all_supported_versions[i]));
+  }
+  return params;
+}
+
+class QuicReceivedPacketManagerTest
+    : public ::testing::TestWithParam<TestParams> {
  protected:
-  QuicReceivedPacketManagerTest() : received_manager_(&stats_) {}
+  QuicReceivedPacketManagerTest() : received_manager_(&stats_) {
+    received_manager_.SetVersion(GetParam().version);
+  }
 
   void RecordPacketReceipt(QuicPacketNumber packet_number,
                            QuicPacketEntropyHash entropy_hash) {
@@ -208,7 +231,14 @@ class QuicReceivedPacketManagerTest : public ::testing::Test {
   QuicReceivedPacketManager received_manager_;
 };
 
-TEST_F(QuicReceivedPacketManagerTest, ReceivedPacketEntropyHash) {
+INSTANTIATE_TEST_CASE_P(QuicReceivedPacketManagerTest,
+                        QuicReceivedPacketManagerTest,
+                        ::testing::ValuesIn(GetTestParams()));
+
+TEST_P(QuicReceivedPacketManagerTest, ReceivedPacketEntropyHash) {
+  if (GetParam().version > QUIC_VERSION_33) {
+    return;
+  }
   vector<pair<QuicPacketNumber, QuicPacketEntropyHash>> entropies;
   entropies.push_back(std::make_pair(1, 12));
   entropies.push_back(std::make_pair(7, 1));
@@ -239,19 +269,28 @@ TEST_F(QuicReceivedPacketManagerTest, ReceivedPacketEntropyHash) {
   EXPECT_EQ(2u, stats_.packets_reordered);
 }
 
-TEST_F(QuicReceivedPacketManagerTest, EntropyHashBelowLeastObserved) {
+TEST_P(QuicReceivedPacketManagerTest, EntropyHashBelowLeastObserved) {
+  if (GetParam().version > QUIC_VERSION_33) {
+    return;
+  }
   EXPECT_EQ(0, received_manager_.EntropyHash(0));
   RecordPacketReceipt(4, 5);
   EXPECT_EQ(0, received_manager_.EntropyHash(3));
 }
 
-TEST_F(QuicReceivedPacketManagerTest, EntropyHashAboveLargestObserved) {
+TEST_P(QuicReceivedPacketManagerTest, EntropyHashAboveLargestObserved) {
+  if (GetParam().version > QUIC_VERSION_33) {
+    return;
+  }
   EXPECT_EQ(0, received_manager_.EntropyHash(0));
   RecordPacketReceipt(4, 5);
   EXPECT_EQ(0, received_manager_.EntropyHash(3));
 }
 
-TEST_F(QuicReceivedPacketManagerTest, SetCumulativeEntropyUpTo) {
+TEST_P(QuicReceivedPacketManagerTest, SetCumulativeEntropyUpTo) {
+  if (GetParam().version > QUIC_VERSION_33) {
+    return;
+  }
   vector<pair<QuicPacketNumber, QuicPacketEntropyHash>> entropies;
   entropies.push_back(std::make_pair(1, 12));
   entropies.push_back(std::make_pair(2, 1));
@@ -286,7 +325,7 @@ TEST_F(QuicReceivedPacketManagerTest, SetCumulativeEntropyUpTo) {
   EXPECT_EQ(0u, stats_.packets_reordered);
 }
 
-TEST_F(QuicReceivedPacketManagerTest, DontWaitForPacketsBefore) {
+TEST_P(QuicReceivedPacketManagerTest, DontWaitForPacketsBefore) {
   QuicPacketHeader header;
   header.packet_number = 2u;
   received_manager_.RecordPacketReceived(0u, header, QuicTime::Zero());
@@ -300,7 +339,7 @@ TEST_F(QuicReceivedPacketManagerTest, DontWaitForPacketsBefore) {
   EXPECT_TRUE(received_manager_.IsAwaitingPacket(6u));
 }
 
-TEST_F(QuicReceivedPacketManagerTest, GetUpdatedAckFrame) {
+TEST_P(QuicReceivedPacketManagerTest, GetUpdatedAckFrame) {
   QuicPacketHeader header;
   header.packet_number = 2u;
   QuicTime two_ms = QuicTime::Zero().Add(QuicTime::Delta::FromMilliseconds(2));
@@ -339,7 +378,7 @@ TEST_F(QuicReceivedPacketManagerTest, GetUpdatedAckFrame) {
   EXPECT_EQ(2u, ack.ack_frame->received_packet_times.size());
 }
 
-TEST_F(QuicReceivedPacketManagerTest, UpdateReceivedConnectionStats) {
+TEST_P(QuicReceivedPacketManagerTest, UpdateReceivedConnectionStats) {
   EXPECT_FALSE(received_manager_.ack_frame_updated());
   RecordPacketReceipt(1, 0);
   EXPECT_TRUE(received_manager_.ack_frame_updated());
diff --git a/chromium/net/quic/quic_sent_packet_manager.cc b/chromium/net/quic/quic_sent_packet_manager.cc
index bed16fe8e7a..75676825737 100644
--- a/chromium/net/quic/quic_sent_packet_manager.cc
+++ b/chromium/net/quic/quic_sent_packet_manager.cc
@@ -8,6 +8,7 @@
 
 #include "base/logging.h"
 #include "base/stl_util.h"
+#include "net/quic/congestion_control/general_loss_algorithm.h"
 #include "net/quic/congestion_control/pacing_sender.h"
 #include "net/quic/crypto/crypto_protocol.h"
 #include "net/quic/proto/cached_network_parameters.pb.h"
@@ -85,7 +86,7 @@ QuicSentPacketManager::QuicSentPacketManager(
                                          congestion_control_type,
                                          stats,
                                          initial_congestion_window_)),
-      loss_algorithm_(LossDetectionInterface::Create(loss_type)),
+      loss_algorithm_(new GeneralLossAlgorithm(loss_type)),
       n_connection_simulation_(false),
       receive_buffer_bytes_(kDefaultSocketReceiveBuffer),
       least_packet_awaited_by_peer_(1),
@@ -98,6 +99,8 @@ QuicSentPacketManager::QuicSentPacketManager(
       enable_half_rtt_tail_loss_probe_(false),
       using_pacing_(false),
       use_new_rto_(false),
+      undo_pending_retransmits_(false),
+      largest_newly_acked_(0),
       handshake_confirmed_(false) {}
 
 QuicSentPacketManager::~QuicSentPacketManager() {}
@@ -116,10 +119,6 @@ void QuicSentPacketManager::SetFromConfig(const QuicConfig& config) {
             min(kMaxInitialRoundTripTimeUs,
                 config.GetInitialRoundTripTimeUsToSend())));
   }
-  // Initial RTT may have changed.
-  if (network_change_visitor_ != nullptr) {
-    network_change_visitor_->OnRttChange();
-  }
   // TODO(ianswett): BBR is currently a server only feature.
   if (FLAGS_quic_allow_bbr && config.HasReceivedConnectionOptions() &&
       ContainsQuicTag(config.ReceivedConnectionOptions(), kTBBR)) {
@@ -165,7 +164,16 @@ void QuicSentPacketManager::SetFromConfig(const QuicConfig& config) {
   }
   if (config.HasReceivedConnectionOptions() &&
       ContainsQuicTag(config.ReceivedConnectionOptions(), kTIME)) {
-    loss_algorithm_.reset(LossDetectionInterface::Create(kTime));
+    loss_algorithm_.reset(new GeneralLossAlgorithm(kTime));
+  }
+  if (FLAGS_quic_adaptive_loss_recovery &&
+      config.HasReceivedConnectionOptions() &&
+      ContainsQuicTag(config.ReceivedConnectionOptions(), kATIM)) {
+    loss_algorithm_.reset(new GeneralLossAlgorithm(kAdaptiveTime));
+  }
+  if (FLAGS_quic_loss_recovery_use_largest_acked &&
+      config.HasClientSentConnectionOption(kUNDO, perspective_)) {
+    undo_pending_retransmits_ = true;
   }
   if (config.HasReceivedSocketReceiveBuffer()) {
     receive_buffer_bytes_ =
@@ -178,7 +186,7 @@ void QuicSentPacketManager::SetFromConfig(const QuicConfig& config) {
   send_algorithm_->SetFromConfig(config, perspective_);
 
   if (network_change_visitor_ != nullptr) {
-    network_change_visitor_->OnCongestionWindowChange();
+    network_change_visitor_->OnCongestionChange();
   }
 }
 
@@ -204,10 +212,17 @@ void QuicSentPacketManager::SetNumOpenStreams(size_t num_streams) {
   }
 }
 
+void QuicSentPacketManager::SetMaxPacingRate(QuicBandwidth max_pacing_rate) {
+  if (FLAGS_quic_max_pacing_rate && using_pacing_) {
+    static_cast<PacingSender*>(send_algorithm_.get())
+        ->SetMaxPacingRate(max_pacing_rate);
+  }
+}
+
 void QuicSentPacketManager::OnIncomingAck(const QuicAckFrame& ack_frame,
                                           QuicTime ack_receive_time) {
+  DCHECK_LE(ack_frame.largest_observed, unacked_packets_.largest_sent_packet());
   QuicByteCount bytes_in_flight = unacked_packets_.bytes_in_flight();
-
   UpdatePacketInformationReceivedByPeer(ack_frame);
   bool rtt_updated = MaybeUpdateRTT(ack_frame, ack_receive_time);
   DCHECK_GE(ack_frame.largest_observed, unacked_packets_.largest_observed());
@@ -248,6 +263,17 @@ void QuicSentPacketManager::OnIncomingAck(const QuicAckFrame& ack_frame,
     consecutive_tlp_count_ = 0;
     consecutive_crypto_retransmission_count_ = 0;
   }
+  // TODO(ianswett): Consider replacing the pending_retransmissions_ with a
+  // fast way to retrieve the next pending retransmission, if there are any.
+  // A single packet number indicating all packets below that are lost should
+  // be all the state that is necessary.
+  while (undo_pending_retransmits_ && !pending_retransmissions_.empty() &&
+         pending_retransmissions_.front().first > largest_newly_acked_ &&
+         pending_retransmissions_.front().second == LOSS_RETRANSMISSION) {
+    // Cancel any pending retransmissions larger than largest_newly_acked_.
+    unacked_packets_.RestoreToInFlight(pending_retransmissions_.front().first);
+    pending_retransmissions_.erase(pending_retransmissions_.begin());
+  }
 
   if (debug_delegate_ != nullptr) {
     debug_delegate_->OnIncomingAck(ack_frame, ack_receive_time,
@@ -258,10 +284,10 @@ void QuicSentPacketManager::OnIncomingAck(const QuicAckFrame& ack_frame,
 
 void QuicSentPacketManager::UpdatePacketInformationReceivedByPeer(
     const QuicAckFrame& ack_frame) {
-  if (ack_frame.missing_packets.Empty()) {
+  if (ack_frame.packets.Empty()) {
     least_packet_awaited_by_peer_ = ack_frame.largest_observed + 1;
   } else {
-    least_packet_awaited_by_peer_ = ack_frame.missing_packets.Min();
+    least_packet_awaited_by_peer_ = ack_frame.packets.Min();
   }
 }
 
@@ -276,7 +302,7 @@ void QuicSentPacketManager::MaybeInvokeCongestionEvent(
   packets_acked_.clear();
   packets_lost_.clear();
   if (network_change_visitor_ != nullptr) {
-    network_change_visitor_->OnCongestionWindowChange();
+    network_change_visitor_->OnCongestionChange();
   }
 }
 
@@ -293,9 +319,10 @@ void QuicSentPacketManager::HandleAckForSentPackets(
       break;
     }
 
-    if (ack_frame.missing_packets.Contains(packet_number)) {
+    if ((ack_frame.missing && ack_frame.packets.Contains(packet_number)) ||
+        (!ack_frame.missing && !ack_frame.packets.Contains(packet_number))) {
       // Don't continue to increase the nack count for packets not in flight.
-      if (!it->in_flight) {
+      if (FLAGS_quic_simplify_loss_detection || !it->in_flight) {
         continue;
       }
       // Consider it multiple nacks when there is a gap between the missing
@@ -317,6 +344,9 @@ void QuicSentPacketManager::HandleAckForSentPackets(
     // packet, then inform the caller.
     if (it->in_flight) {
       packets_acked_.push_back(std::make_pair(packet_number, it->bytes_sent));
+    } else if (FLAGS_quic_loss_recovery_use_largest_acked &&
+               !it->is_unackable) {
+      largest_newly_acked_ = packet_number;
     }
     MarkPacketHandled(packet_number, &(*it), ack_delay_time);
   }
@@ -409,6 +439,13 @@ void QuicSentPacketManager::RecordSpuriousRetransmissions(
     retransmission = retransmit_info.retransmission;
     RecordOneSpuriousRetransmission(retransmit_info);
   }
+  // Only inform the loss detection of spurious retransmits it caused.
+  if (FLAGS_quic_adaptive_loss_recovery &&
+      unacked_packets_.GetTransmissionInfo(info.retransmission)
+              .transmission_type == LOSS_RETRANSMISSION) {
+    loss_algorithm_->SpuriousRetransmitDetected(
+        unacked_packets_, clock_->Now(), rtt_stats_, info.retransmission);
+  }
 }
 
 bool QuicSentPacketManager::HasPendingRetransmissions() const {
@@ -440,7 +477,7 @@ PendingRetransmission QuicSentPacketManager::NextPendingRetransmission() {
   return PendingRetransmission(path_id_, packet_number, transmission_type,
                                transmission_info.retransmittable_frames,
                                transmission_info.has_crypto_handshake,
-                               transmission_info.needs_padding,
+                               transmission_info.num_padding_bytes,
                                transmission_info.encryption_level,
                                transmission_info.packet_number_length);
 }
@@ -517,6 +554,9 @@ void QuicSentPacketManager::MarkPacketHandled(QuicPacketNumber packet_number,
 
   unacked_packets_.RemoveFromInFlight(info);
   unacked_packets_.RemoveRetransmittability(info);
+  if (FLAGS_quic_loss_recovery_use_largest_acked) {
+    info->is_unackable = true;
+  }
 }
 
 bool QuicSentPacketManager::IsUnacked(QuicPacketNumber packet_number) const {
@@ -533,6 +573,7 @@ QuicPacketNumber QuicSentPacketManager::GetLeastUnacked() const {
 
 bool QuicSentPacketManager::OnPacketSent(
     SerializedPacket* serialized_packet,
+    QuicPathId /*original_path_id*/,
     QuicPacketNumber original_packet_number,
     QuicTime sent_time,
     TransmissionType transmission_type,
@@ -700,8 +741,12 @@ QuicSentPacketManager::GetRetransmissionMode() const {
 }
 
 void QuicSentPacketManager::InvokeLossDetection(QuicTime time) {
+  if (FLAGS_quic_loss_recovery_use_largest_acked && !packets_acked_.empty()) {
+    DCHECK_LE(packets_acked_.front().first, packets_acked_.back().first);
+    largest_newly_acked_ = packets_acked_.back().first;
+  }
   loss_algorithm_->DetectLosses(unacked_packets_, time, rtt_stats_,
-                                &packets_lost_);
+                                largest_newly_acked_, &packets_lost_);
   for (const pair<QuicPacketNumber, QuicByteCount>& pair : packets_lost_) {
     ++stats_->packets_lost;
     if (debug_delegate_ != nullptr) {
@@ -745,10 +790,6 @@ bool QuicSentPacketManager::MaybeUpdateRTT(const QuicAckFrame& ack_frame,
       ack_receive_time.Subtract(transmission_info.sent_time);
   rtt_stats_.UpdateRtt(send_delta, ack_frame.ack_delay_time, ack_receive_time);
 
-  if (network_change_visitor_ != nullptr) {
-    network_change_visitor_->OnRttChange();
-  }
-
   return true;
 }
 
diff --git a/chromium/net/quic/quic_sent_packet_manager.h b/chromium/net/quic/quic_sent_packet_manager.h
index 6d4241e1e3d..ab83f1b9dd5 100644
--- a/chromium/net/quic/quic_sent_packet_manager.h
+++ b/chromium/net/quic/quic_sent_packet_manager.h
@@ -8,12 +8,12 @@
 #include <stddef.h>
 
 #include <map>
+#include <memory>
 #include <set>
 #include <utility>
 #include <vector>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/linked_hash_map.h"
 #include "net/quic/congestion_control/loss_detection_interface.h"
 #include "net/quic/congestion_control/rtt_stats.h"
@@ -95,12 +95,8 @@ class NET_EXPORT_PRIVATE QuicSentPacketManager {
    public:
     virtual ~NetworkChangeVisitor() {}
 
-    // Called when congestion window may have changed.
-    virtual void OnCongestionWindowChange() = 0;
-
-    // Called when RTT may have changed, including when an RTT is read from
-    // the config.
-    virtual void OnRttChange() = 0;
+    // Called when congestion window or RTT may have changed.
+    virtual void OnCongestionChange() = 0;
 
     // Called with the path may be degrading. Note that the path may only be
     // temporarily degrading.
@@ -127,6 +123,8 @@ class NET_EXPORT_PRIVATE QuicSentPacketManager {
 
   void SetNumOpenStreams(size_t num_streams);
 
+  void SetMaxPacingRate(QuicBandwidth max_pacing_rate);
+
   void SetHandshakeConfirmed() { handshake_confirmed_ = true; }
 
   // Processes the incoming ack.
@@ -160,6 +158,7 @@ class NET_EXPORT_PRIVATE QuicSentPacketManager {
   bool HasRetransmittableFrames(QuicPacketNumber packet_number) const;
 
   // Returns true if there are pending retransmissions.
+  // Not const because retransmissions may be cancelled before returning.
   bool HasPendingRetransmissions() const;
 
   // Retrieves the next pending retransmission.  You must ensure that
@@ -176,6 +175,7 @@ class NET_EXPORT_PRIVATE QuicSentPacketManager {
   // the number of bytes sent and if they were retransmitted.  Returns true if
   // the sender should reset the retransmission timer.
   virtual bool OnPacketSent(SerializedPacket* serialized_packet,
+                            QuicPathId /*original_path_id*/,
                             QuicPacketNumber original_packet_number,
                             QuicTime sent_time,
                             TransmissionType transmission_type,
@@ -238,6 +238,8 @@ class NET_EXPORT_PRIVATE QuicSentPacketManager {
 
   bool using_pacing() const { return using_pacing_; }
 
+  bool handshake_confirmed() const { return handshake_confirmed_; }
+
   void set_debug_delegate(DebugDelegate* debug_delegate) {
     debug_delegate_ = debug_delegate;
   }
@@ -404,8 +406,8 @@ class NET_EXPORT_PRIVATE QuicSentPacketManager {
   NetworkChangeVisitor* network_change_visitor_;
   const QuicPacketCount initial_congestion_window_;
   RttStats rtt_stats_;
-  scoped_ptr<SendAlgorithmInterface> send_algorithm_;
-  scoped_ptr<LossDetectionInterface> loss_algorithm_;
+  std::unique_ptr<SendAlgorithmInterface> send_algorithm_;
+  std::unique_ptr<LossDetectionInterface> loss_algorithm_;
   bool n_connection_simulation_;
 
   // Receiver side buffer in bytes.
@@ -433,10 +435,15 @@ class NET_EXPORT_PRIVATE QuicSentPacketManager {
   // If true, use the new RTO with loss based CWND reduction instead of the send
   // algorithms's OnRetransmissionTimeout to reduce the congestion window.
   bool use_new_rto_;
+  // If true, cancel pending retransmissions if they're larger than
+  // largest_newly_acked.
+  bool undo_pending_retransmits_;
 
   // Vectors packets acked and lost as a result of the last congestion event.
   SendAlgorithmInterface::CongestionVector packets_acked_;
   SendAlgorithmInterface::CongestionVector packets_lost_;
+  // Largest newly acknowledged packet.
+  QuicPacketNumber largest_newly_acked_;
 
   // Set to true after the crypto handshake has successfully completed. After
   // this is true we no longer use HANDSHAKE_MODE, and further frames sent on
diff --git a/chromium/net/quic/quic_sent_packet_manager_test.cc b/chromium/net/quic/quic_sent_packet_manager_test.cc
index 5098261e5c5..6b8f96e50ad 100644
--- a/chromium/net/quic/quic_sent_packet_manager_test.cc
+++ b/chromium/net/quic/quic_sent_packet_manager_test.cc
@@ -4,6 +4,8 @@
 
 #include "net/quic/quic_sent_packet_manager.h"
 
+#include <memory>
+
 #include "base/stl_util.h"
 #include "net/quic/quic_flags.h"
 #include "net/quic/test_tools/quic_config_peer.h"
@@ -20,6 +22,7 @@ using testing::Not;
 using testing::Pair;
 using testing::Pointwise;
 using testing::Return;
+using testing::SetArgPointee;
 using testing::StrictMock;
 using testing::_;
 
@@ -53,7 +56,27 @@ class MockDebugDelegate : public QuicSentPacketManager::DebugDelegate {
                     QuicTime detection_time));
 };
 
-class QuicSentPacketManagerTest : public ::testing::TestWithParam<bool> {
+// Run tests with different ack frame packets set mode.
+struct TestParams {
+  explicit TestParams(bool missing) : missing(missing) {}
+
+  friend std::ostream& operator<<(std::ostream& os, const TestParams& p) {
+    os << "{ ack frame packets set mode: " << p.missing << " }";
+    return os;
+  }
+
+  bool missing;
+};
+
+vector<TestParams> GetTestParams() {
+  vector<TestParams> params;
+  for (bool missing : {true, false}) {
+    params.push_back(TestParams(missing));
+  }
+  return params;
+}
+
+class QuicSentPacketManagerTest : public ::testing::TestWithParam<TestParams> {
  protected:
   QuicSentPacketManagerTest()
       : manager_(Perspective::IS_SERVER,
@@ -124,15 +147,13 @@ class QuicSentPacketManagerTest : public ::testing::TestWithParam<bool> {
         *send_algorithm_,
         OnCongestionEvent(true, _, ElementsAre(Pair(largest_observed, _)),
                           IsEmpty()));
-    EXPECT_CALL(*network_change_visitor_, OnCongestionWindowChange());
-    EXPECT_CALL(*network_change_visitor_, OnRttChange());
+    EXPECT_CALL(*network_change_visitor_, OnCongestionChange());
   }
 
   void ExpectUpdatedRtt(QuicPacketNumber largest_observed) {
     EXPECT_CALL(*send_algorithm_,
                 OnCongestionEvent(true, _, IsEmpty(), IsEmpty()));
-    EXPECT_CALL(*network_change_visitor_, OnCongestionWindowChange());
-    EXPECT_CALL(*network_change_visitor_, OnRttChange());
+    EXPECT_CALL(*network_change_visitor_, OnCongestionChange());
   }
 
   void ExpectAckAndLoss(bool rtt_updated,
@@ -142,8 +163,7 @@ class QuicSentPacketManagerTest : public ::testing::TestWithParam<bool> {
                 OnCongestionEvent(rtt_updated, _,
                                   ElementsAre(Pair(largest_observed, _)),
                                   ElementsAre(Pair(lost_packet, _))));
-    EXPECT_CALL(*network_change_visitor_, OnCongestionWindowChange());
-    EXPECT_CALL(*network_change_visitor_, OnRttChange());
+    EXPECT_CALL(*network_change_visitor_, OnCongestionChange());
   }
 
   // |packets_acked| and |packets_lost| should be in packet number order.
@@ -164,28 +184,35 @@ class QuicSentPacketManagerTest : public ::testing::TestWithParam<bool> {
         *send_algorithm_,
         OnCongestionEvent(rtt_updated, _, Pointwise(KeyEq(), ack_vector),
                           Pointwise(KeyEq(), lost_vector)));
-    EXPECT_CALL(*network_change_visitor_, OnCongestionWindowChange())
+    EXPECT_CALL(*network_change_visitor_, OnCongestionChange())
         .Times(AnyNumber());
-    EXPECT_CALL(*network_change_visitor_, OnRttChange()).Times(AnyNumber());
   }
 
   void RetransmitAndSendPacket(QuicPacketNumber old_packet_number,
                                QuicPacketNumber new_packet_number) {
+    RetransmitAndSendPacket(old_packet_number, new_packet_number,
+                            TLP_RETRANSMISSION);
+  }
+
+  void RetransmitAndSendPacket(QuicPacketNumber old_packet_number,
+                               QuicPacketNumber new_packet_number,
+                               TransmissionType transmission_type) {
     QuicSentPacketManagerPeer::MarkForRetransmission(
-        &manager_, old_packet_number, TLP_RETRANSMISSION);
+        &manager_, old_packet_number, transmission_type);
     EXPECT_TRUE(manager_.HasPendingRetransmissions());
     PendingRetransmission next_retransmission =
         manager_.NextPendingRetransmission();
     EXPECT_EQ(old_packet_number, next_retransmission.packet_number);
-    EXPECT_EQ(TLP_RETRANSMISSION, next_retransmission.transmission_type);
+    EXPECT_EQ(transmission_type, next_retransmission.transmission_type);
 
     EXPECT_CALL(*send_algorithm_,
                 OnPacketSent(_, BytesInFlight(), new_packet_number,
                              kDefaultLength, HAS_RETRANSMITTABLE_DATA))
         .WillOnce(Return(true));
     SerializedPacket packet(CreatePacket(new_packet_number, false));
-    manager_.OnPacketSent(&packet, old_packet_number, clock_.Now(),
-                          TLP_RETRANSMISSION, HAS_RETRANSMITTABLE_DATA);
+    manager_.OnPacketSent(&packet, packet.path_id, old_packet_number,
+                          clock_.Now(), transmission_type,
+                          HAS_RETRANSMITTABLE_DATA);
     EXPECT_TRUE(QuicSentPacketManagerPeer::IsRetransmission(&manager_,
                                                             new_packet_number));
   }
@@ -212,8 +239,8 @@ class QuicSentPacketManagerTest : public ::testing::TestWithParam<bool> {
         .Times(1)
         .WillOnce(Return(true));
     SerializedPacket packet(CreateDataPacket(packet_number));
-    manager_.OnPacketSent(&packet, 0, clock_.Now(), NOT_RETRANSMISSION,
-                          HAS_RETRANSMITTABLE_DATA);
+    manager_.OnPacketSent(&packet, kInvalidPathId, 0, clock_.Now(),
+                          NOT_RETRANSMISSION, HAS_RETRANSMITTABLE_DATA);
   }
 
   void SendCryptoPacket(QuicPacketNumber packet_number) {
@@ -226,8 +253,8 @@ class QuicSentPacketManagerTest : public ::testing::TestWithParam<bool> {
     packet.retransmittable_frames.push_back(
         QuicFrame(new QuicStreamFrame(1, false, 0, StringPiece())));
     packet.has_crypto_handshake = IS_HANDSHAKE;
-    manager_.OnPacketSent(&packet, 0, clock_.Now(), NOT_RETRANSMISSION,
-                          HAS_RETRANSMITTABLE_DATA);
+    manager_.OnPacketSent(&packet, kInvalidPathId, 0, clock_.Now(),
+                          NOT_RETRANSMISSION, HAS_RETRANSMITTABLE_DATA);
   }
 
   void SendAckPacket(QuicPacketNumber packet_number) {
@@ -237,8 +264,8 @@ class QuicSentPacketManagerTest : public ::testing::TestWithParam<bool> {
         .Times(1)
         .WillOnce(Return(false));
     SerializedPacket packet(CreatePacket(packet_number, false));
-    manager_.OnPacketSent(&packet, 0, clock_.Now(), NOT_RETRANSMISSION,
-                          NO_RETRANSMITTABLE_DATA);
+    manager_.OnPacketSent(&packet, kInvalidPathId, 0, clock_.Now(),
+                          NOT_RETRANSMISSION, NO_RETRANSMITTABLE_DATA);
   }
 
   // Based on QuicConnection's WritePendingRetransmissions.
@@ -251,8 +278,32 @@ class QuicSentPacketManagerTest : public ::testing::TestWithParam<bool> {
         .WillOnce(Return(true));
     const PendingRetransmission pending = manager_.NextPendingRetransmission();
     SerializedPacket packet(CreatePacket(retransmission_packet_number, false));
-    manager_.OnPacketSent(&packet, pending.packet_number, clock_.Now(),
-                          pending.transmission_type, HAS_RETRANSMITTABLE_DATA);
+    manager_.OnPacketSent(&packet, pending.path_id, pending.packet_number,
+                          clock_.Now(), pending.transmission_type,
+                          HAS_RETRANSMITTABLE_DATA);
+  }
+
+  // Initialize a frame acknowledging all packets up to largest_observed.
+  const QuicAckFrame InitAckFrame(QuicPacketNumber largest_observed) {
+    QuicAckFrame frame(MakeAckFrame(largest_observed));
+    frame.missing = GetParam().missing;
+    if (!GetParam().missing) {
+      if (largest_observed > 0) {
+        frame.packets.Add(1, largest_observed + 1);
+      }
+    }
+    return frame;
+  }
+
+  // Explicitly nack packet [lower, higher).
+  void NackPackets(QuicPacketNumber lower,
+                   QuicPacketNumber higher,
+                   QuicAckFrame* frame) {
+    if (frame->missing) {
+      frame->packets.Add(lower, higher);
+    } else {
+      frame->packets.Remove(lower, higher);
+    }
   }
 
   QuicSentPacketManager manager_;
@@ -260,11 +311,15 @@ class QuicSentPacketManagerTest : public ::testing::TestWithParam<bool> {
   MockClock clock_;
   QuicConnectionStats stats_;
   MockSendAlgorithm* send_algorithm_;
-  scoped_ptr<MockNetworkChangeVisitor> network_change_visitor_;
+  std::unique_ptr<MockNetworkChangeVisitor> network_change_visitor_;
   bool saved_FLAGS_quic_disable_pacing_;
 };
 
-TEST_F(QuicSentPacketManagerTest, IsUnacked) {
+INSTANTIATE_TEST_CASE_P(QuicSentPacketManagerTest,
+                        QuicSentPacketManagerTest,
+                        ::testing::ValuesIn(GetTestParams()));
+
+TEST_P(QuicSentPacketManagerTest, IsUnacked) {
   VerifyUnackedPackets(nullptr, 0);
   SendDataPacket(1);
 
@@ -274,7 +329,7 @@ TEST_F(QuicSentPacketManagerTest, IsUnacked) {
   VerifyRetransmittablePackets(retransmittable, arraysize(retransmittable));
 }
 
-TEST_F(QuicSentPacketManagerTest, IsUnAckedRetransmit) {
+TEST_P(QuicSentPacketManagerTest, IsUnAckedRetransmit) {
   SendDataPacket(1);
   RetransmitAndSendPacket(1, 2);
 
@@ -285,14 +340,13 @@ TEST_F(QuicSentPacketManagerTest, IsUnAckedRetransmit) {
   VerifyRetransmittablePackets(retransmittable, arraysize(retransmittable));
 }
 
-TEST_F(QuicSentPacketManagerTest, RetransmitThenAck) {
+TEST_P(QuicSentPacketManagerTest, RetransmitThenAck) {
   SendDataPacket(1);
   RetransmitAndSendPacket(1, 2);
 
   // Ack 2 but not 1.
-  QuicAckFrame ack_frame;
-  ack_frame.largest_observed = 2;
-  ack_frame.missing_packets.Add(1);
+  QuicAckFrame ack_frame = InitAckFrame(2);
+  NackPackets(1, 2, &ack_frame);
   ExpectAck(2);
   manager_.OnIncomingAck(ack_frame, clock_.Now());
 
@@ -303,15 +357,14 @@ TEST_F(QuicSentPacketManagerTest, RetransmitThenAck) {
   VerifyRetransmittablePackets(nullptr, 0);
 }
 
-TEST_F(QuicSentPacketManagerTest, RetransmitThenAckBeforeSend) {
+TEST_P(QuicSentPacketManagerTest, RetransmitThenAckBeforeSend) {
   SendDataPacket(1);
   QuicSentPacketManagerPeer::MarkForRetransmission(&manager_, 1,
                                                    TLP_RETRANSMISSION);
   EXPECT_TRUE(manager_.HasPendingRetransmissions());
 
   // Ack 1.
-  QuicAckFrame ack_frame;
-  ack_frame.largest_observed = 1;
+  QuicAckFrame ack_frame = InitAckFrame(1);
   ExpectAck(1);
   manager_.OnIncomingAck(ack_frame, clock_.Now());
 
@@ -324,7 +377,7 @@ TEST_F(QuicSentPacketManagerTest, RetransmitThenAckBeforeSend) {
   EXPECT_EQ(0u, stats_.packets_spuriously_retransmitted);
 }
 
-TEST_F(QuicSentPacketManagerTest, RetransmitThenStopRetransmittingBeforeSend) {
+TEST_P(QuicSentPacketManagerTest, RetransmitThenStopRetransmittingBeforeSend) {
   SendDataPacket(1);
   QuicSentPacketManagerPeer::MarkForRetransmission(&manager_, 1,
                                                    TLP_RETRANSMISSION);
@@ -341,7 +394,7 @@ TEST_F(QuicSentPacketManagerTest, RetransmitThenStopRetransmittingBeforeSend) {
   EXPECT_EQ(0u, stats_.packets_spuriously_retransmitted);
 }
 
-TEST_F(QuicSentPacketManagerTest, RetransmitThenAckPrevious) {
+TEST_P(QuicSentPacketManagerTest, RetransmitThenAckPrevious) {
   SendDataPacket(1);
   RetransmitAndSendPacket(1, 2);
   QuicTime::Delta rtt = QuicTime::Delta::FromMilliseconds(15);
@@ -349,8 +402,7 @@ TEST_F(QuicSentPacketManagerTest, RetransmitThenAckPrevious) {
 
   // Ack 1 but not 2.
   ExpectAck(1);
-  QuicAckFrame ack_frame;
-  ack_frame.largest_observed = 1;
+  QuicAckFrame ack_frame = InitAckFrame(1);
   manager_.OnIncomingAck(ack_frame, clock_.ApproximateNow());
 
   // 2 remains unacked, but no packets have retransmittable data.
@@ -362,7 +414,7 @@ TEST_F(QuicSentPacketManagerTest, RetransmitThenAckPrevious) {
   EXPECT_EQ(1u, stats_.packets_spuriously_retransmitted);
 }
 
-TEST_F(QuicSentPacketManagerTest, RetransmitThenAckPreviousThenNackRetransmit) {
+TEST_P(QuicSentPacketManagerTest, RetransmitThenAckPreviousThenNackRetransmit) {
   SendDataPacket(1);
   RetransmitAndSendPacket(1, 2);
   QuicTime::Delta rtt = QuicTime::Delta::FromMilliseconds(15);
@@ -370,8 +422,7 @@ TEST_F(QuicSentPacketManagerTest, RetransmitThenAckPreviousThenNackRetransmit) {
 
   // First, ACK packet 1 which makes packet 2 non-retransmittable.
   ExpectAck(1);
-  QuicAckFrame ack_frame;
-  ack_frame.largest_observed = 1;
+  QuicAckFrame ack_frame = InitAckFrame(1);
   manager_.OnIncomingAck(ack_frame, clock_.ApproximateNow());
 
   SendDataPacket(3);
@@ -380,16 +431,18 @@ TEST_F(QuicSentPacketManagerTest, RetransmitThenAckPreviousThenNackRetransmit) {
   clock_.AdvanceTime(rtt);
 
   // Next, NACK packet 2 three times.
-  ack_frame.largest_observed = 3;
-  ack_frame.missing_packets.Add(2);
+  ack_frame = InitAckFrame(3);
+  NackPackets(2, 3, &ack_frame);
   ExpectAck(3);
   manager_.OnIncomingAck(ack_frame, clock_.ApproximateNow());
 
-  ack_frame.largest_observed = 4;
+  ack_frame = InitAckFrame(4);
+  NackPackets(2, 3, &ack_frame);
   ExpectAck(4);
   manager_.OnIncomingAck(ack_frame, clock_.ApproximateNow());
 
-  ack_frame.largest_observed = 5;
+  ack_frame = InitAckFrame(5);
+  NackPackets(2, 3, &ack_frame);
   ExpectAckAndLoss(true, 5, 2);
   manager_.OnIncomingAck(ack_frame, clock_.ApproximateNow());
 
@@ -403,22 +456,21 @@ TEST_F(QuicSentPacketManagerTest, RetransmitThenAckPreviousThenNackRetransmit) {
   EXPECT_EQ(QuicTime::Zero(), manager_.GetRetransmissionTime());
 }
 
-TEST_F(QuicSentPacketManagerTest,
+TEST_P(QuicSentPacketManagerTest,
        DISABLED_RetransmitTwiceThenAckPreviousBeforeSend) {
   SendDataPacket(1);
   RetransmitAndSendPacket(1, 2);
 
   // Fire the RTO, which will mark 2 for retransmission (but will not send it).
   EXPECT_CALL(*send_algorithm_, OnRetransmissionTimeout(true));
-  EXPECT_CALL(*network_change_visitor_, OnCongestionWindowChange());
+  EXPECT_CALL(*network_change_visitor_, OnCongestionChange());
   manager_.OnRetransmissionTimeout();
   EXPECT_TRUE(manager_.HasPendingRetransmissions());
 
   // Ack 1 but not 2, before 2 is able to be sent.
   // Since 1 has been retransmitted, it has already been lost, and so the
   // send algorithm is not informed that it has been ACK'd.
-  QuicAckFrame ack_frame;
-  ack_frame.largest_observed = 1;
+  QuicAckFrame ack_frame = InitAckFrame(1);
   ExpectUpdatedRtt(1);
   EXPECT_CALL(*send_algorithm_, RevertRetransmissionTimeout());
   manager_.OnIncomingAck(ack_frame, clock_.ApproximateNow());
@@ -434,7 +486,7 @@ TEST_F(QuicSentPacketManagerTest,
   EXPECT_EQ(QuicTime::Zero(), manager_.GetRetransmissionTime());
 }
 
-TEST_F(QuicSentPacketManagerTest, RetransmitTwiceThenAckFirst) {
+TEST_P(QuicSentPacketManagerTest, RetransmitTwiceThenAckFirst) {
   StrictMock<MockDebugDelegate> debug_delegate;
   EXPECT_CALL(debug_delegate, OnSpuriousPacketRetransmission(TLP_RETRANSMISSION,
                                                              kDefaultLength))
@@ -449,8 +501,7 @@ TEST_F(QuicSentPacketManagerTest, RetransmitTwiceThenAckFirst) {
 
   // Ack 1 but not 2 or 3.
   ExpectAck(1);
-  QuicAckFrame ack_frame;
-  ack_frame.largest_observed = 1;
+  QuicAckFrame ack_frame = InitAckFrame(1);
   manager_.OnIncomingAck(ack_frame, clock_.ApproximateNow());
 
   // 2 and 3 remain unacked, but no packets have retransmittable data.
@@ -461,8 +512,8 @@ TEST_F(QuicSentPacketManagerTest, RetransmitTwiceThenAckFirst) {
 
   // Ensure packet 2 is lost when 4 is sent and 3 and 4 are acked.
   SendDataPacket(4);
-  ack_frame.largest_observed = 4;
-  ack_frame.missing_packets.Add(2);
+  ack_frame = InitAckFrame(4);
+  NackPackets(2, 3, &ack_frame);
   QuicPacketNumber acked[] = {3, 4};
   ExpectAcksAndLosses(true, acked, arraysize(acked), nullptr, 0);
   manager_.OnIncomingAck(ack_frame, clock_.ApproximateNow());
@@ -472,7 +523,8 @@ TEST_F(QuicSentPacketManagerTest, RetransmitTwiceThenAckFirst) {
   EXPECT_TRUE(QuicSentPacketManagerPeer::HasPendingPackets(&manager_));
 
   SendDataPacket(5);
-  ack_frame.largest_observed = 5;
+  ack_frame = InitAckFrame(5);
+  NackPackets(2, 3, &ack_frame);
   ExpectAckAndLoss(true, 5, 2);
   EXPECT_CALL(debug_delegate, OnPacketLoss(2, LOSS_RETRANSMISSION, _));
   manager_.OnIncomingAck(ack_frame, clock_.ApproximateNow());
@@ -482,7 +534,50 @@ TEST_F(QuicSentPacketManagerTest, RetransmitTwiceThenAckFirst) {
   EXPECT_EQ(2u, stats_.packets_spuriously_retransmitted);
 }
 
-TEST_F(QuicSentPacketManagerTest, AckPreviousTransmissionThenTruncatedAck) {
+TEST_P(QuicSentPacketManagerTest, AckOriginalTransmission) {
+  FLAGS_quic_adaptive_loss_recovery = true;
+  MockLossAlgorithm* loss_algorithm = new MockLossAlgorithm();
+  QuicSentPacketManagerPeer::SetLossAlgorithm(&manager_, loss_algorithm);
+
+  SendDataPacket(1);
+  RetransmitAndSendPacket(1, 2);
+
+  // Ack original transmission, but that wasn't lost via fast retransmit,
+  // so no call on OnSpuriousRetransmission is expected.
+  {
+    QuicAckFrame ack_frame = InitAckFrame(1);
+    ExpectAck(1);
+    EXPECT_CALL(*loss_algorithm, DetectLosses(_, _, _, _, _));
+    manager_.OnIncomingAck(ack_frame, clock_.Now());
+  }
+
+  SendDataPacket(3);
+  SendDataPacket(4);
+  // Ack 4, which causes 3 to be retransmitted.
+  {
+    QuicAckFrame ack_frame = InitAckFrame(4);
+    NackPackets(2, 4, &ack_frame);
+    ExpectAck(4);
+    EXPECT_CALL(*loss_algorithm, DetectLosses(_, _, _, _, _));
+    manager_.OnIncomingAck(ack_frame, clock_.Now());
+    RetransmitAndSendPacket(3, 5, LOSS_RETRANSMISSION);
+  }
+
+  // Ack 3, which causes SpuriousRetransmitDetected to be called.
+  {
+    QuicAckFrame ack_frame = InitAckFrame(4);
+    NackPackets(2, 3, &ack_frame);
+    EXPECT_CALL(*loss_algorithm, DetectLosses(_, _, _, _, _));
+    EXPECT_CALL(*loss_algorithm, SpuriousRetransmitDetected(_, _, _, 5));
+    manager_.OnIncomingAck(ack_frame, clock_.Now());
+  }
+}
+
+TEST_P(QuicSentPacketManagerTest, AckPreviousTransmissionThenTruncatedAck) {
+  FLAGS_quic_loss_recovery_use_largest_acked = false;
+  if (!GetParam().missing) {
+    return;
+  }
   SendDataPacket(1);
   RetransmitAndSendPacket(1, 2);
   RetransmitAndSendPacket(2, 3);
@@ -495,9 +590,8 @@ TEST_F(QuicSentPacketManagerTest, AckPreviousTransmissionThenTruncatedAck) {
 
   // Ack previous transmission
   {
-    QuicAckFrame ack_frame;
-    ack_frame.largest_observed = 2;
-    ack_frame.missing_packets.Add(1);
+    QuicAckFrame ack_frame = InitAckFrame(2);
+    NackPackets(1, 2, &ack_frame);
     ExpectAck(2);
     manager_.OnIncomingAck(ack_frame, clock_.Now());
     EXPECT_TRUE(manager_.IsUnacked(4));
@@ -505,9 +599,8 @@ TEST_F(QuicSentPacketManagerTest, AckPreviousTransmissionThenTruncatedAck) {
 
   // Truncated ack with 4 NACKs
   {
-    QuicAckFrame ack_frame;
-    ack_frame.largest_observed = 6;
-    ack_frame.missing_packets.Add(3, 7);
+    QuicAckFrame ack_frame = InitAckFrame(6);
+    NackPackets(3, 7, &ack_frame);
     ack_frame.is_truncated = true;
     ExpectAckAndLoss(true, 1, 3);
     manager_.OnIncomingAck(ack_frame, clock_.Now());
@@ -520,22 +613,21 @@ TEST_F(QuicSentPacketManagerTest, AckPreviousTransmissionThenTruncatedAck) {
   VerifyRetransmittablePackets(retransmittable, arraysize(retransmittable));
 }
 
-TEST_F(QuicSentPacketManagerTest, GetLeastUnacked) {
+TEST_P(QuicSentPacketManagerTest, GetLeastUnacked) {
   EXPECT_EQ(1u, manager_.GetLeastUnacked());
 }
 
-TEST_F(QuicSentPacketManagerTest, GetLeastUnackedUnacked) {
+TEST_P(QuicSentPacketManagerTest, GetLeastUnackedUnacked) {
   SendDataPacket(1);
   EXPECT_EQ(1u, manager_.GetLeastUnacked());
 }
 
-TEST_F(QuicSentPacketManagerTest, AckAckAndUpdateRtt) {
+TEST_P(QuicSentPacketManagerTest, AckAckAndUpdateRtt) {
   SendDataPacket(1);
   SendAckPacket(2);
 
   // Now ack the ack and expect an RTT update.
-  QuicAckFrame ack_frame;
-  ack_frame.largest_observed = 2;
+  QuicAckFrame ack_frame = InitAckFrame(2);
   ack_frame.ack_delay_time = QuicTime::Delta::FromMilliseconds(5);
 
   ExpectAck(1);
@@ -544,27 +636,25 @@ TEST_F(QuicSentPacketManagerTest, AckAckAndUpdateRtt) {
   SendAckPacket(3);
 
   // Now ack the ack and expect only an RTT update.
-  ack_frame.largest_observed = 3;
+  ack_frame = InitAckFrame(3);
   ExpectUpdatedRtt(3);
   manager_.OnIncomingAck(ack_frame, clock_.Now());
 }
 
-TEST_F(QuicSentPacketManagerTest, Rtt) {
+TEST_P(QuicSentPacketManagerTest, Rtt) {
   QuicPacketNumber packet_number = 1;
   QuicTime::Delta expected_rtt = QuicTime::Delta::FromMilliseconds(15);
   SendDataPacket(packet_number);
   clock_.AdvanceTime(QuicTime::Delta::FromMilliseconds(20));
 
   ExpectAck(packet_number);
-  QuicAckFrame ack_frame;
-  ack_frame.largest_observed = packet_number;
+  QuicAckFrame ack_frame = InitAckFrame(packet_number);
   ack_frame.ack_delay_time = QuicTime::Delta::FromMilliseconds(5);
   manager_.OnIncomingAck(ack_frame, clock_.Now());
-  EXPECT_EQ(expected_rtt,
-            QuicSentPacketManagerPeer::GetRttStats(&manager_)->latest_rtt());
+  EXPECT_EQ(expected_rtt, manager_.GetRttStats()->latest_rtt());
 }
 
-TEST_F(QuicSentPacketManagerTest, RttWithInvalidDelta) {
+TEST_P(QuicSentPacketManagerTest, RttWithInvalidDelta) {
   // Expect that the RTT is equal to the local time elapsed, since the
   // ack_delay_time is larger than the local time elapsed
   // and is hence invalid.
@@ -574,15 +664,13 @@ TEST_F(QuicSentPacketManagerTest, RttWithInvalidDelta) {
   clock_.AdvanceTime(expected_rtt);
 
   ExpectAck(packet_number);
-  QuicAckFrame ack_frame;
-  ack_frame.largest_observed = packet_number;
+  QuicAckFrame ack_frame = InitAckFrame(packet_number);
   ack_frame.ack_delay_time = QuicTime::Delta::FromMilliseconds(11);
   manager_.OnIncomingAck(ack_frame, clock_.Now());
-  EXPECT_EQ(expected_rtt,
-            QuicSentPacketManagerPeer::GetRttStats(&manager_)->latest_rtt());
+  EXPECT_EQ(expected_rtt, manager_.GetRttStats()->latest_rtt());
 }
 
-TEST_F(QuicSentPacketManagerTest, RttWithInfiniteDelta) {
+TEST_P(QuicSentPacketManagerTest, RttWithInfiniteDelta) {
   // Expect that the RTT is equal to the local time elapsed, since the
   // ack_delay_time is infinite, and is hence invalid.
   QuicPacketNumber packet_number = 1;
@@ -591,15 +679,13 @@ TEST_F(QuicSentPacketManagerTest, RttWithInfiniteDelta) {
   clock_.AdvanceTime(expected_rtt);
 
   ExpectAck(packet_number);
-  QuicAckFrame ack_frame;
-  ack_frame.largest_observed = packet_number;
+  QuicAckFrame ack_frame = InitAckFrame(packet_number);
   ack_frame.ack_delay_time = QuicTime::Delta::Infinite();
   manager_.OnIncomingAck(ack_frame, clock_.Now());
-  EXPECT_EQ(expected_rtt,
-            QuicSentPacketManagerPeer::GetRttStats(&manager_)->latest_rtt());
+  EXPECT_EQ(expected_rtt, manager_.GetRttStats()->latest_rtt());
 }
 
-TEST_F(QuicSentPacketManagerTest, RttZeroDelta) {
+TEST_P(QuicSentPacketManagerTest, RttZeroDelta) {
   // Expect that the RTT is the time between send and receive since the
   // ack_delay_time is zero.
   QuicPacketNumber packet_number = 1;
@@ -608,15 +694,13 @@ TEST_F(QuicSentPacketManagerTest, RttZeroDelta) {
   clock_.AdvanceTime(expected_rtt);
 
   ExpectAck(packet_number);
-  QuicAckFrame ack_frame;
-  ack_frame.largest_observed = packet_number;
+  QuicAckFrame ack_frame = InitAckFrame(packet_number);
   ack_frame.ack_delay_time = QuicTime::Delta::Zero();
   manager_.OnIncomingAck(ack_frame, clock_.Now());
-  EXPECT_EQ(expected_rtt,
-            QuicSentPacketManagerPeer::GetRttStats(&manager_)->latest_rtt());
+  EXPECT_EQ(expected_rtt, manager_.GetRttStats()->latest_rtt());
 }
 
-TEST_F(QuicSentPacketManagerTest, TailLossProbeTimeout) {
+TEST_P(QuicSentPacketManagerTest, TailLossProbeTimeout) {
   QuicSentPacketManagerPeer::SetMaxTailLossProbes(&manager_, 2);
 
   // Send 1 packet.
@@ -649,17 +733,21 @@ TEST_F(QuicSentPacketManagerTest, TailLossProbeTimeout) {
 
   // Ack the third and ensure the first two are still pending.
   ExpectAck(3);
-  QuicAckFrame ack_frame;
-  ack_frame.largest_observed = 3;
-  ack_frame.missing_packets.Add(1, 3);
+
+  QuicAckFrame ack_frame = InitAckFrame(3);
+  NackPackets(1, 3, &ack_frame);
   manager_.OnIncomingAck(ack_frame, clock_.ApproximateNow());
 
   EXPECT_TRUE(QuicSentPacketManagerPeer::HasPendingPackets(&manager_));
 
   // Acking two more packets will lose both of them due to nacks.
-  ack_frame.largest_observed = 5;
+  SendDataPacket(4);
+  SendDataPacket(5);
+  ack_frame = InitAckFrame(5);
+  NackPackets(1, 3, &ack_frame);
+  QuicPacketNumber acked[] = {4, 5};
   QuicPacketNumber lost[] = {1, 2};
-  ExpectAcksAndLosses(false, nullptr, 0, lost, arraysize(lost));
+  ExpectAcksAndLosses(true, acked, arraysize(acked), lost, arraysize(lost));
   manager_.OnIncomingAck(ack_frame, clock_.ApproximateNow());
 
   EXPECT_FALSE(manager_.HasPendingRetransmissions());
@@ -668,7 +756,7 @@ TEST_F(QuicSentPacketManagerTest, TailLossProbeTimeout) {
   EXPECT_EQ(0u, stats_.rto_count);
 }
 
-TEST_F(QuicSentPacketManagerTest, TailLossProbeThenRTO) {
+TEST_P(QuicSentPacketManagerTest, TailLossProbeThenRTO) {
   QuicSentPacketManagerPeer::SetMaxTailLossProbes(&manager_, 2);
 
   // Send 100 packets.
@@ -728,20 +816,18 @@ TEST_F(QuicSentPacketManagerTest, TailLossProbeThenRTO) {
             QuicSentPacketManagerPeer::GetBytesInFlight(&manager_));
 
   RetransmitNextPacket(103);
-  QuicAckFrame ack_frame;
-  ack_frame.largest_observed = 103;
-  ack_frame.missing_packets.Add(0, 103);
+  QuicAckFrame ack_frame = InitAckFrame(103);
+  NackPackets(0, 103, &ack_frame);
   EXPECT_CALL(*send_algorithm_, OnRetransmissionTimeout(true));
   EXPECT_CALL(*send_algorithm_,
               OnCongestionEvent(true, _, ElementsAre(Pair(103, _)), _));
-  EXPECT_CALL(*network_change_visitor_, OnCongestionWindowChange());
-  EXPECT_CALL(*network_change_visitor_, OnRttChange());
+  EXPECT_CALL(*network_change_visitor_, OnCongestionChange());
   manager_.OnIncomingAck(ack_frame, clock_.ApproximateNow());
   // All packets before 103 should be lost.
   EXPECT_EQ(0u, QuicSentPacketManagerPeer::GetBytesInFlight(&manager_));
 }
 
-TEST_F(QuicSentPacketManagerTest, CryptoHandshakeTimeout) {
+TEST_P(QuicSentPacketManagerTest, CryptoHandshakeTimeout) {
   // Send 2 crypto packets and 3 data packets.
   const size_t kNumSentCryptoPackets = 2;
   for (size_t i = 1; i <= kNumSentCryptoPackets; ++i) {
@@ -775,16 +861,15 @@ TEST_F(QuicSentPacketManagerTest, CryptoHandshakeTimeout) {
   // and ensure the first four crypto packets get abandoned, but not lost.
   QuicPacketNumber acked[] = {3, 4, 5, 8, 9};
   ExpectAcksAndLosses(true, acked, arraysize(acked), nullptr, 0);
-  QuicAckFrame ack_frame;
-  ack_frame.largest_observed = 9;
-  ack_frame.missing_packets.Add(1, 3);
-  ack_frame.missing_packets.Add(6, 8);
+  QuicAckFrame ack_frame = InitAckFrame(9);
+  NackPackets(1, 3, &ack_frame);
+  NackPackets(6, 8, &ack_frame);
   manager_.OnIncomingAck(ack_frame, clock_.ApproximateNow());
 
   EXPECT_FALSE(QuicSentPacketManagerPeer::HasUnackedCryptoPackets(&manager_));
 }
 
-TEST_F(QuicSentPacketManagerTest, CryptoHandshakeTimeoutVersionNegotiation) {
+TEST_P(QuicSentPacketManagerTest, CryptoHandshakeTimeoutVersionNegotiation) {
   // Send 2 crypto packets and 3 data packets.
   const size_t kNumSentCryptoPackets = 2;
   for (size_t i = 1; i <= kNumSentCryptoPackets; ++i) {
@@ -826,16 +911,15 @@ TEST_F(QuicSentPacketManagerTest, CryptoHandshakeTimeoutVersionNegotiation) {
   // crypto packets.
   QuicPacketNumber acked[] = {8, 9};
   ExpectAcksAndLosses(true, acked, arraysize(acked), nullptr, 0);
-  QuicAckFrame ack_frame;
-  ack_frame.largest_observed = 9;
+  QuicAckFrame ack_frame = InitAckFrame(9);
   for (QuicPacketNumber i = 1; i < 8; ++i) {
-    ack_frame.missing_packets.Add(i);
+    NackPackets(i, i + 1, &ack_frame);
   }
   manager_.OnIncomingAck(ack_frame, clock_.ApproximateNow());
   EXPECT_EQ(10u, manager_.GetLeastUnacked());
 }
 
-TEST_F(QuicSentPacketManagerTest, CryptoHandshakeSpuriousRetransmission) {
+TEST_P(QuicSentPacketManagerTest, CryptoHandshakeSpuriousRetransmission) {
   // Send 1 crypto packet.
   SendCryptoPacket(1);
   EXPECT_TRUE(QuicSentPacketManagerPeer::HasUnackedCryptoPackets(&manager_));
@@ -851,9 +935,8 @@ TEST_F(QuicSentPacketManagerTest, CryptoHandshakeSpuriousRetransmission) {
   // Now ack the second crypto packet, and ensure the first gets removed, but
   // the third does not.
   ExpectUpdatedRtt(2);
-  QuicAckFrame ack_frame;
-  ack_frame.largest_observed = 2;
-  ack_frame.missing_packets.Add(1);
+  QuicAckFrame ack_frame = InitAckFrame(2);
+  NackPackets(1, 2, &ack_frame);
   manager_.OnIncomingAck(ack_frame, clock_.ApproximateNow());
 
   EXPECT_FALSE(QuicSentPacketManagerPeer::HasUnackedCryptoPackets(&manager_));
@@ -861,7 +944,7 @@ TEST_F(QuicSentPacketManagerTest, CryptoHandshakeSpuriousRetransmission) {
   VerifyUnackedPackets(unacked, arraysize(unacked));
 }
 
-TEST_F(QuicSentPacketManagerTest, CryptoHandshakeTimeoutUnsentDataPacket) {
+TEST_P(QuicSentPacketManagerTest, CryptoHandshakeTimeoutUnsentDataPacket) {
   // Send 2 crypto packets and 1 data packet.
   const size_t kNumSentCryptoPackets = 2;
   for (size_t i = 1; i <= kNumSentCryptoPackets; ++i) {
@@ -878,7 +961,7 @@ TEST_F(QuicSentPacketManagerTest, CryptoHandshakeTimeoutUnsentDataPacket) {
   EXPECT_TRUE(QuicSentPacketManagerPeer::HasUnackedCryptoPackets(&manager_));
 }
 
-TEST_F(QuicSentPacketManagerTest,
+TEST_P(QuicSentPacketManagerTest,
        CryptoHandshakeRetransmissionThenRetransmitAll) {
   // Send 1 crypto packet.
   SendCryptoPacket(1);
@@ -898,7 +981,7 @@ TEST_F(QuicSentPacketManagerTest,
   EXPECT_FALSE(QuicSentPacketManagerPeer::HasPendingPackets(&manager_));
 }
 
-TEST_F(QuicSentPacketManagerTest,
+TEST_P(QuicSentPacketManagerTest,
        CryptoHandshakeRetransmissionThenNeuterAndAck) {
   // Send 1 crypto packet.
   SendCryptoPacket(1);
@@ -926,16 +1009,15 @@ TEST_F(QuicSentPacketManagerTest,
   EXPECT_FALSE(QuicSentPacketManagerPeer::HasPendingPackets(&manager_));
 
   // Ensure both packets get discarded when packet 2 is acked.
-  QuicAckFrame ack_frame;
-  ack_frame.largest_observed = 3;
-  ack_frame.missing_packets.Add(1, 3);
+  QuicAckFrame ack_frame = InitAckFrame(3);
+  NackPackets(1, 3, &ack_frame);
   ExpectUpdatedRtt(3);
   manager_.OnIncomingAck(ack_frame, clock_.ApproximateNow());
   VerifyUnackedPackets(nullptr, 0);
   VerifyRetransmittablePackets(nullptr, 0);
 }
 
-TEST_F(QuicSentPacketManagerTest, RetransmissionTimeout) {
+TEST_P(QuicSentPacketManagerTest, RetransmissionTimeout) {
   StrictMock<MockDebugDelegate> debug_delegate;
   manager_.set_debug_delegate(&debug_delegate);
 
@@ -955,16 +1037,14 @@ TEST_F(QuicSentPacketManagerTest, RetransmissionTimeout) {
   EXPECT_FALSE(manager_.HasPendingRetransmissions());
 
   // Ack a retransmission.
-  QuicAckFrame ack_frame;
+  QuicAckFrame ack_frame = InitAckFrame(102);
+  NackPackets(0, 102, &ack_frame);
   ack_frame.ack_delay_time = QuicTime::Delta::Zero();
-  ack_frame.largest_observed = 102;
-  ack_frame.missing_packets.Add(0, 102);
   // Ensure no packets are lost.
   EXPECT_CALL(*send_algorithm_,
               OnCongestionEvent(true, _, ElementsAre(Pair(102, _)),
                                 /*lost_packets=*/IsEmpty()));
-  EXPECT_CALL(*network_change_visitor_, OnCongestionWindowChange());
-  EXPECT_CALL(*network_change_visitor_, OnRttChange());
+  EXPECT_CALL(*network_change_visitor_, OnCongestionChange());
   EXPECT_CALL(*send_algorithm_, OnRetransmissionTimeout(true));
   // RTO's use loss detection instead of immediately declaring retransmitted
   // packets lost.
@@ -974,14 +1054,13 @@ TEST_F(QuicSentPacketManagerTest, RetransmissionTimeout) {
   manager_.OnIncomingAck(ack_frame, clock_.Now());
 }
 
-TEST_F(QuicSentPacketManagerTest, NewRetransmissionTimeout) {
+TEST_P(QuicSentPacketManagerTest, NewRetransmissionTimeout) {
   QuicConfig client_config;
   QuicTagVector options;
   options.push_back(kNRTO);
   QuicSentPacketManagerPeer::SetPerspective(&manager_, Perspective::IS_CLIENT);
   client_config.SetConnectionOptionsToSend(options);
-  EXPECT_CALL(*network_change_visitor_, OnCongestionWindowChange());
-  EXPECT_CALL(*network_change_visitor_, OnRttChange());
+  EXPECT_CALL(*network_change_visitor_, OnCongestionChange());
   EXPECT_CALL(*send_algorithm_, SetFromConfig(_, _));
   EXPECT_CALL(*send_algorithm_, PacingRate())
       .WillRepeatedly(Return(QuicBandwidth::Zero()));
@@ -1006,20 +1085,18 @@ TEST_F(QuicSentPacketManagerTest, NewRetransmissionTimeout) {
   EXPECT_FALSE(manager_.HasPendingRetransmissions());
 
   // Ack a retransmission and expect no call to OnRetransmissionTimeout.
-  QuicAckFrame ack_frame;
+  QuicAckFrame ack_frame = InitAckFrame(102);
+  NackPackets(0, 102, &ack_frame);
   ack_frame.ack_delay_time = QuicTime::Delta::Zero();
-  ack_frame.largest_observed = 102;
-  ack_frame.missing_packets.Add(0, 102);
   // This will include packets in the lost packet map.
   EXPECT_CALL(*send_algorithm_,
               OnCongestionEvent(true, _, ElementsAre(Pair(102, _)),
                                 /*lost_packets=*/Not(IsEmpty())));
-  EXPECT_CALL(*network_change_visitor_, OnCongestionWindowChange());
-  EXPECT_CALL(*network_change_visitor_, OnRttChange());
+  EXPECT_CALL(*network_change_visitor_, OnCongestionChange());
   manager_.OnIncomingAck(ack_frame, clock_.Now());
 }
 
-TEST_F(QuicSentPacketManagerTest, TwoRetransmissionTimeoutsAckSecond) {
+TEST_P(QuicSentPacketManagerTest, TwoRetransmissionTimeoutsAckSecond) {
   // Send 1 packet.
   SendDataPacket(1);
 
@@ -1041,10 +1118,9 @@ TEST_F(QuicSentPacketManagerTest, TwoRetransmissionTimeoutsAckSecond) {
 
   // Ack a retransmission and ensure OnRetransmissionTimeout is called.
   EXPECT_CALL(*send_algorithm_, OnRetransmissionTimeout(true));
-  QuicAckFrame ack_frame;
+  QuicAckFrame ack_frame = InitAckFrame(2);
+  NackPackets(1, 2, &ack_frame);
   ack_frame.ack_delay_time = QuicTime::Delta::Zero();
-  ack_frame.largest_observed = 2;
-  ack_frame.missing_packets.Add(1);
   ExpectAck(2);
   manager_.OnIncomingAck(ack_frame, clock_.Now());
 
@@ -1053,7 +1129,7 @@ TEST_F(QuicSentPacketManagerTest, TwoRetransmissionTimeoutsAckSecond) {
             QuicSentPacketManagerPeer::GetBytesInFlight(&manager_));
 }
 
-TEST_F(QuicSentPacketManagerTest, TwoRetransmissionTimeoutsAckFirst) {
+TEST_P(QuicSentPacketManagerTest, TwoRetransmissionTimeoutsAckFirst) {
   // Send 1 packet.
   SendDataPacket(1);
 
@@ -1075,10 +1151,9 @@ TEST_F(QuicSentPacketManagerTest, TwoRetransmissionTimeoutsAckFirst) {
 
   // Ack a retransmission and ensure OnRetransmissionTimeout is called.
   EXPECT_CALL(*send_algorithm_, OnRetransmissionTimeout(true));
-  QuicAckFrame ack_frame;
+  QuicAckFrame ack_frame = InitAckFrame(3);
+  NackPackets(1, 3, &ack_frame);
   ack_frame.ack_delay_time = QuicTime::Delta::Zero();
-  ack_frame.largest_observed = 3;
-  ack_frame.missing_packets.Add(1, 3);
   ExpectAck(3);
   manager_.OnIncomingAck(ack_frame, clock_.Now());
 
@@ -1087,7 +1162,7 @@ TEST_F(QuicSentPacketManagerTest, TwoRetransmissionTimeoutsAckFirst) {
             QuicSentPacketManagerPeer::GetBytesInFlight(&manager_));
 }
 
-TEST_F(QuicSentPacketManagerTest, OnPathDegrading) {
+TEST_P(QuicSentPacketManagerTest, OnPathDegrading) {
   SendDataPacket(1);
   QuicTime::Delta delay = QuicTime::Delta::FromMilliseconds(500);
   EXPECT_CALL(*send_algorithm_, RetransmissionDelay())
@@ -1102,15 +1177,15 @@ TEST_F(QuicSentPacketManagerTest, OnPathDegrading) {
   manager_.OnRetransmissionTimeout();
 }
 
-TEST_F(QuicSentPacketManagerTest, GetTransmissionTime) {
+TEST_P(QuicSentPacketManagerTest, GetTransmissionTime) {
   EXPECT_EQ(QuicTime::Zero(), manager_.GetRetransmissionTime());
 }
 
-TEST_F(QuicSentPacketManagerTest, GetTransmissionTimeCryptoHandshake) {
+TEST_P(QuicSentPacketManagerTest, GetTransmissionTimeCryptoHandshake) {
   SendCryptoPacket(1);
 
   // Check the min.
-  RttStats* rtt_stats = QuicSentPacketManagerPeer::GetRttStats(&manager_);
+  RttStats* rtt_stats = const_cast<RttStats*>(manager_.GetRttStats());
   rtt_stats->set_initial_rtt_us(1 * kNumMicrosPerMilli);
   EXPECT_EQ(clock_.Now().Add(QuicTime::Delta::FromMilliseconds(10)),
             manager_.GetRetransmissionTime());
@@ -1133,13 +1208,13 @@ TEST_F(QuicSentPacketManagerTest, GetTransmissionTimeCryptoHandshake) {
   EXPECT_EQ(expected_time, manager_.GetRetransmissionTime());
 }
 
-TEST_F(QuicSentPacketManagerTest, GetTransmissionTimeTailLossProbe) {
+TEST_P(QuicSentPacketManagerTest, GetTransmissionTimeTailLossProbe) {
   QuicSentPacketManagerPeer::SetMaxTailLossProbes(&manager_, 2);
   SendDataPacket(1);
   SendDataPacket(2);
 
   // Check the min.
-  RttStats* rtt_stats = QuicSentPacketManagerPeer::GetRttStats(&manager_);
+  RttStats* rtt_stats = const_cast<RttStats*>(manager_.GetRttStats());
   rtt_stats->set_initial_rtt_us(1 * kNumMicrosPerMilli);
   EXPECT_EQ(clock_.Now().Add(QuicTime::Delta::FromMilliseconds(10)),
             manager_.GetRetransmissionTime());
@@ -1171,11 +1246,10 @@ TEST_F(QuicSentPacketManagerTest, GetTransmissionTimeTailLossProbe) {
   EXPECT_EQ(expected_time, manager_.GetRetransmissionTime());
 }
 
-TEST_F(QuicSentPacketManagerTest, GetTransmissionTimeSpuriousRTO) {
-  QuicSentPacketManagerPeer::GetRttStats(&manager_)
+TEST_P(QuicSentPacketManagerTest, GetTransmissionTimeSpuriousRTO) {
+  const_cast<RttStats*>(manager_.GetRttStats())
       ->UpdateRtt(QuicTime::Delta::FromMilliseconds(100),
                   QuicTime::Delta::Zero(), QuicTime::Zero());
-
   SendDataPacket(1);
   SendDataPacket(2);
   SendDataPacket(3);
@@ -1208,9 +1282,8 @@ TEST_F(QuicSentPacketManagerTest, GetTransmissionTimeSpuriousRTO) {
 
   // Ack a packet before the first RTO and ensure the RTO timeout returns to the
   // original value and OnRetransmissionTimeout is not called or reverted.
-  QuicAckFrame ack_frame;
-  ack_frame.largest_observed = 2;
-  ack_frame.missing_packets.Add(1);
+  QuicAckFrame ack_frame = InitAckFrame(2);
+  NackPackets(1, 2, &ack_frame);
   ExpectAck(2);
   manager_.OnIncomingAck(ack_frame, clock_.ApproximateNow());
   EXPECT_FALSE(manager_.HasPendingRetransmissions());
@@ -1227,7 +1300,7 @@ TEST_F(QuicSentPacketManagerTest, GetTransmissionTimeSpuriousRTO) {
   EXPECT_EQ(expected_time, manager_.GetRetransmissionTime());
 }
 
-TEST_F(QuicSentPacketManagerTest, GetTransmissionDelayMin) {
+TEST_P(QuicSentPacketManagerTest, GetTransmissionDelayMin) {
   SendDataPacket(1);
   EXPECT_CALL(*send_algorithm_, RetransmissionDelay())
       .WillRepeatedly(Return(QuicTime::Delta::FromMilliseconds(1)));
@@ -1245,7 +1318,7 @@ TEST_F(QuicSentPacketManagerTest, GetTransmissionDelayMin) {
   }
 }
 
-TEST_F(QuicSentPacketManagerTest, GetTransmissionDelayMax) {
+TEST_P(QuicSentPacketManagerTest, GetTransmissionDelayMax) {
   EXPECT_CALL(*send_algorithm_, RetransmissionDelay())
       .WillOnce(Return(QuicTime::Delta::FromSeconds(500)));
 
@@ -1253,7 +1326,7 @@ TEST_F(QuicSentPacketManagerTest, GetTransmissionDelayMax) {
             QuicSentPacketManagerPeer::GetRetransmissionDelay(&manager_));
 }
 
-TEST_F(QuicSentPacketManagerTest, GetTransmissionDelay) {
+TEST_P(QuicSentPacketManagerTest, GetTransmissionDelay) {
   SendDataPacket(1);
   QuicTime::Delta delay = QuicTime::Delta::FromMilliseconds(500);
   EXPECT_CALL(*send_algorithm_, RetransmissionDelay())
@@ -1270,7 +1343,7 @@ TEST_F(QuicSentPacketManagerTest, GetTransmissionDelay) {
   }
 }
 
-TEST_F(QuicSentPacketManagerTest, GetLossDelay) {
+TEST_P(QuicSentPacketManagerTest, GetLossDelay) {
   MockLossAlgorithm* loss_algorithm = new MockLossAlgorithm();
   QuicSentPacketManagerPeer::SetLossAlgorithm(&manager_, loss_algorithm);
 
@@ -1282,10 +1355,9 @@ TEST_F(QuicSentPacketManagerTest, GetLossDelay) {
   // Handle an ack which causes the loss algorithm to be evaluated and
   // set the loss timeout.
   ExpectAck(2);
-  EXPECT_CALL(*loss_algorithm, DetectLosses(_, _, _, _));
-  QuicAckFrame ack_frame;
-  ack_frame.largest_observed = 2;
-  ack_frame.missing_packets.Add(1);
+  EXPECT_CALL(*loss_algorithm, DetectLosses(_, _, _, _, _));
+  QuicAckFrame ack_frame = InitAckFrame(2);
+  NackPackets(1, 2, &ack_frame);
   manager_.OnIncomingAck(ack_frame, clock_.Now());
 
   QuicTime timeout(clock_.Now().Add(QuicTime::Delta::FromMilliseconds(10)));
@@ -1295,11 +1367,11 @@ TEST_F(QuicSentPacketManagerTest, GetLossDelay) {
 
   // Fire the retransmission timeout and ensure the loss detection algorithm
   // is invoked.
-  EXPECT_CALL(*loss_algorithm, DetectLosses(_, _, _, _));
+  EXPECT_CALL(*loss_algorithm, DetectLosses(_, _, _, _, _));
   manager_.OnRetransmissionTimeout();
 }
 
-TEST_F(QuicSentPacketManagerTest, NegotiateTimeLossDetectionFromOptions) {
+TEST_P(QuicSentPacketManagerTest, NegotiateTimeLossDetectionFromOptions) {
   EXPECT_EQ(kNack, QuicSentPacketManagerPeer::GetLossAlgorithm(&manager_)
                        ->GetLossDetectionType());
 
@@ -1308,23 +1380,21 @@ TEST_F(QuicSentPacketManagerTest, NegotiateTimeLossDetectionFromOptions) {
   options.push_back(kTIME);
   QuicConfigPeer::SetReceivedConnectionOptions(&config, options);
   EXPECT_CALL(*send_algorithm_, SetFromConfig(_, _));
-  EXPECT_CALL(*network_change_visitor_, OnCongestionWindowChange());
-  EXPECT_CALL(*network_change_visitor_, OnRttChange());
+  EXPECT_CALL(*network_change_visitor_, OnCongestionChange());
   manager_.SetFromConfig(config);
 
   EXPECT_EQ(kTime, QuicSentPacketManagerPeer::GetLossAlgorithm(&manager_)
                        ->GetLossDetectionType());
 }
 
-TEST_F(QuicSentPacketManagerTest, NegotiateCongestionControlFromOptions) {
-  ValueRestore<bool> old_flag(&FLAGS_quic_allow_bbr, true);
+TEST_P(QuicSentPacketManagerTest, NegotiateCongestionControlFromOptions) {
+  FLAGS_quic_allow_bbr = true;
   QuicConfig config;
   QuicTagVector options;
 
   options.push_back(kRENO);
   QuicConfigPeer::SetReceivedConnectionOptions(&config, options);
-  EXPECT_CALL(*network_change_visitor_, OnCongestionWindowChange());
-  EXPECT_CALL(*network_change_visitor_, OnRttChange());
+  EXPECT_CALL(*network_change_visitor_, OnCongestionChange());
   manager_.SetFromConfig(config);
   EXPECT_EQ(kReno, QuicSentPacketManagerPeer::GetSendAlgorithm(manager_)
                        ->GetCongestionControlType());
@@ -1334,8 +1404,7 @@ TEST_F(QuicSentPacketManagerTest, NegotiateCongestionControlFromOptions) {
   options.clear();
   options.push_back(kTBBR);
   QuicConfigPeer::SetReceivedConnectionOptions(&config, options);
-  EXPECT_CALL(*network_change_visitor_, OnCongestionWindowChange());
-  EXPECT_CALL(*network_change_visitor_, OnRttChange());
+  EXPECT_CALL(*network_change_visitor_, OnCongestionChange());
   manager_.SetFromConfig(config);
   EXPECT_EQ(kBBR, QuicSentPacketManagerPeer::GetSendAlgorithm(
       manager_)->GetCongestionControlType());
@@ -1344,8 +1413,7 @@ TEST_F(QuicSentPacketManagerTest, NegotiateCongestionControlFromOptions) {
   options.clear();
   options.push_back(kBYTE);
   QuicConfigPeer::SetReceivedConnectionOptions(&config, options);
-  EXPECT_CALL(*network_change_visitor_, OnCongestionWindowChange());
-  EXPECT_CALL(*network_change_visitor_, OnRttChange());
+  EXPECT_CALL(*network_change_visitor_, OnCongestionChange());
   manager_.SetFromConfig(config);
   EXPECT_EQ(kCubicBytes, QuicSentPacketManagerPeer::GetSendAlgorithm(manager_)
                              ->GetCongestionControlType());
@@ -1354,21 +1422,19 @@ TEST_F(QuicSentPacketManagerTest, NegotiateCongestionControlFromOptions) {
   options.push_back(kRENO);
   options.push_back(kBYTE);
   QuicConfigPeer::SetReceivedConnectionOptions(&config, options);
-  EXPECT_CALL(*network_change_visitor_, OnCongestionWindowChange());
-  EXPECT_CALL(*network_change_visitor_, OnRttChange());
+  EXPECT_CALL(*network_change_visitor_, OnCongestionChange());
   manager_.SetFromConfig(config);
   EXPECT_EQ(kRenoBytes, QuicSentPacketManagerPeer::GetSendAlgorithm(manager_)
                             ->GetCongestionControlType());
 }
 
-TEST_F(QuicSentPacketManagerTest, NegotiateNumConnectionsFromOptions) {
+TEST_P(QuicSentPacketManagerTest, NegotiateNumConnectionsFromOptions) {
   QuicConfig config;
   QuicTagVector options;
 
   options.push_back(k1CON);
   QuicConfigPeer::SetReceivedConnectionOptions(&config, options);
-  EXPECT_CALL(*network_change_visitor_, OnCongestionWindowChange());
-  EXPECT_CALL(*network_change_visitor_, OnRttChange());
+  EXPECT_CALL(*network_change_visitor_, OnCongestionChange());
   EXPECT_CALL(*send_algorithm_, SetNumEmulatedConnections(1));
   EXPECT_CALL(*send_algorithm_, SetFromConfig(_, _));
   manager_.SetFromConfig(config);
@@ -1376,14 +1442,13 @@ TEST_F(QuicSentPacketManagerTest, NegotiateNumConnectionsFromOptions) {
   QuicSentPacketManagerPeer::SetPerspective(&manager_, Perspective::IS_CLIENT);
   QuicConfig client_config;
   client_config.SetConnectionOptionsToSend(options);
-  EXPECT_CALL(*network_change_visitor_, OnCongestionWindowChange());
-  EXPECT_CALL(*network_change_visitor_, OnRttChange());
+  EXPECT_CALL(*network_change_visitor_, OnCongestionChange());
   EXPECT_CALL(*send_algorithm_, SetNumEmulatedConnections(1));
   EXPECT_CALL(*send_algorithm_, SetFromConfig(_, _));
   manager_.SetFromConfig(client_config);
 }
 
-TEST_F(QuicSentPacketManagerTest, NegotiateNConnectionFromOptions) {
+TEST_P(QuicSentPacketManagerTest, NegotiateNConnectionFromOptions) {
   // By default, changing the number of open streams does nothing.
   manager_.SetNumOpenStreams(5);
 
@@ -1392,8 +1457,7 @@ TEST_F(QuicSentPacketManagerTest, NegotiateNConnectionFromOptions) {
 
   options.push_back(kNCON);
   QuicConfigPeer::SetReceivedConnectionOptions(&config, options);
-  EXPECT_CALL(*network_change_visitor_, OnCongestionWindowChange());
-  EXPECT_CALL(*network_change_visitor_, OnRttChange());
+  EXPECT_CALL(*network_change_visitor_, OnCongestionChange());
   EXPECT_CALL(*send_algorithm_, SetFromConfig(_, _));
   manager_.SetFromConfig(config);
 
@@ -1401,77 +1465,72 @@ TEST_F(QuicSentPacketManagerTest, NegotiateNConnectionFromOptions) {
   manager_.SetNumOpenStreams(5);
 }
 
-TEST_F(QuicSentPacketManagerTest, NegotiateNoTLPFromOptionsAtServer) {
+TEST_P(QuicSentPacketManagerTest, NegotiateNoTLPFromOptionsAtServer) {
   QuicConfig config;
   QuicTagVector options;
 
   options.push_back(kNTLP);
   QuicConfigPeer::SetReceivedConnectionOptions(&config, options);
-  EXPECT_CALL(*network_change_visitor_, OnCongestionWindowChange());
-  EXPECT_CALL(*network_change_visitor_, OnRttChange());
+  EXPECT_CALL(*network_change_visitor_, OnCongestionChange());
   EXPECT_CALL(*send_algorithm_, SetFromConfig(_, _));
   manager_.SetFromConfig(config);
   EXPECT_EQ(0u, QuicSentPacketManagerPeer::GetMaxTailLossProbes(&manager_));
 }
 
-TEST_F(QuicSentPacketManagerTest, NegotiateNoTLPFromOptionsAtClient) {
+TEST_P(QuicSentPacketManagerTest, NegotiateNoTLPFromOptionsAtClient) {
   QuicConfig client_config;
   QuicTagVector options;
 
   options.push_back(kNTLP);
   QuicSentPacketManagerPeer::SetPerspective(&manager_, Perspective::IS_CLIENT);
   client_config.SetConnectionOptionsToSend(options);
-  EXPECT_CALL(*network_change_visitor_, OnCongestionWindowChange());
-  EXPECT_CALL(*network_change_visitor_, OnRttChange());
+  EXPECT_CALL(*network_change_visitor_, OnCongestionChange());
   EXPECT_CALL(*send_algorithm_, SetFromConfig(_, _));
   manager_.SetFromConfig(client_config);
   EXPECT_EQ(0u, QuicSentPacketManagerPeer::GetMaxTailLossProbes(&manager_));
 }
 
-TEST_F(QuicSentPacketManagerTest, NegotiateTLPRttFromOptionsAtServer) {
+TEST_P(QuicSentPacketManagerTest, NegotiateTLPRttFromOptionsAtServer) {
   QuicConfig config;
   QuicTagVector options;
 
   options.push_back(kTLPR);
   QuicConfigPeer::SetReceivedConnectionOptions(&config, options);
-  EXPECT_CALL(*network_change_visitor_, OnCongestionWindowChange());
-  EXPECT_CALL(*network_change_visitor_, OnRttChange());
+  EXPECT_CALL(*network_change_visitor_, OnCongestionChange());
   EXPECT_CALL(*send_algorithm_, SetFromConfig(_, _));
   manager_.SetFromConfig(config);
   EXPECT_TRUE(
       QuicSentPacketManagerPeer::GetEnableHalfRttTailLossProbe(&manager_));
 }
 
-TEST_F(QuicSentPacketManagerTest, NegotiateTLPRttFromOptionsAtClient) {
+TEST_P(QuicSentPacketManagerTest, NegotiateTLPRttFromOptionsAtClient) {
   QuicConfig client_config;
   QuicTagVector options;
 
   options.push_back(kTLPR);
   QuicSentPacketManagerPeer::SetPerspective(&manager_, Perspective::IS_CLIENT);
   client_config.SetConnectionOptionsToSend(options);
-  EXPECT_CALL(*network_change_visitor_, OnCongestionWindowChange());
-  EXPECT_CALL(*network_change_visitor_, OnRttChange());
+  EXPECT_CALL(*network_change_visitor_, OnCongestionChange());
   EXPECT_CALL(*send_algorithm_, SetFromConfig(_, _));
   manager_.SetFromConfig(client_config);
   EXPECT_TRUE(
       QuicSentPacketManagerPeer::GetEnableHalfRttTailLossProbe(&manager_));
 }
 
-TEST_F(QuicSentPacketManagerTest, NegotiateNewRTOFromOptionsAtServer) {
+TEST_P(QuicSentPacketManagerTest, NegotiateNewRTOFromOptionsAtServer) {
   EXPECT_FALSE(QuicSentPacketManagerPeer::GetUseNewRto(&manager_));
   QuicConfig config;
   QuicTagVector options;
 
   options.push_back(kNRTO);
   QuicConfigPeer::SetReceivedConnectionOptions(&config, options);
-  EXPECT_CALL(*network_change_visitor_, OnCongestionWindowChange());
-  EXPECT_CALL(*network_change_visitor_, OnRttChange());
+  EXPECT_CALL(*network_change_visitor_, OnCongestionChange());
   EXPECT_CALL(*send_algorithm_, SetFromConfig(_, _));
   manager_.SetFromConfig(config);
   EXPECT_TRUE(QuicSentPacketManagerPeer::GetUseNewRto(&manager_));
 }
 
-TEST_F(QuicSentPacketManagerTest, NegotiateNewRTOFromOptionsAtClient) {
+TEST_P(QuicSentPacketManagerTest, NegotiateNewRTOFromOptionsAtClient) {
   EXPECT_FALSE(QuicSentPacketManagerPeer::GetUseNewRto(&manager_));
   QuicConfig client_config;
   QuicTagVector options;
@@ -1479,14 +1538,80 @@ TEST_F(QuicSentPacketManagerTest, NegotiateNewRTOFromOptionsAtClient) {
   options.push_back(kNRTO);
   QuicSentPacketManagerPeer::SetPerspective(&manager_, Perspective::IS_CLIENT);
   client_config.SetConnectionOptionsToSend(options);
-  EXPECT_CALL(*network_change_visitor_, OnCongestionWindowChange());
-  EXPECT_CALL(*network_change_visitor_, OnRttChange());
+  EXPECT_CALL(*network_change_visitor_, OnCongestionChange());
   EXPECT_CALL(*send_algorithm_, SetFromConfig(_, _));
   manager_.SetFromConfig(client_config);
   EXPECT_TRUE(QuicSentPacketManagerPeer::GetUseNewRto(&manager_));
 }
 
-TEST_F(QuicSentPacketManagerTest,
+TEST_P(QuicSentPacketManagerTest, NegotiateUndoFromOptionsAtServer) {
+  FLAGS_quic_loss_recovery_use_largest_acked = true;
+  EXPECT_FALSE(QuicSentPacketManagerPeer::GetUndoRetransmits(&manager_));
+  QuicConfig config;
+  QuicTagVector options;
+
+  options.push_back(kUNDO);
+  QuicConfigPeer::SetReceivedConnectionOptions(&config, options);
+  EXPECT_CALL(*network_change_visitor_, OnCongestionChange());
+  EXPECT_CALL(*send_algorithm_, SetFromConfig(_, _));
+  manager_.SetFromConfig(config);
+  EXPECT_TRUE(QuicSentPacketManagerPeer::GetUndoRetransmits(&manager_));
+
+  // Ensure undo works as intended.
+  // Send 5 packets, mark the first 4 for retransmission, and then cancel
+  // them when 1 is acked.
+  EXPECT_CALL(*send_algorithm_, PacingRate())
+      .WillRepeatedly(Return(QuicBandwidth::Zero()));
+  EXPECT_CALL(*send_algorithm_, GetCongestionWindow())
+      .WillOnce(Return(10 * kDefaultTCPMSS));
+  const size_t kNumSentPackets = 5;
+  for (size_t i = 1; i <= kNumSentPackets; ++i) {
+    SendDataPacket(i);
+  }
+  MockLossAlgorithm* loss_algorithm = new MockLossAlgorithm();
+  QuicSentPacketManagerPeer::SetLossAlgorithm(&manager_, loss_algorithm);
+  EXPECT_CALL(*send_algorithm_, OnCongestionEvent(true, _, _, _));
+  EXPECT_CALL(*network_change_visitor_, OnCongestionChange());
+  SendAlgorithmInterface::CongestionVector lost_packets;
+  for (size_t i = 1; i < kNumSentPackets; ++i) {
+    lost_packets.push_back(std::make_pair(i, kMaxPacketSize));
+  }
+  EXPECT_CALL(*loss_algorithm, DetectLosses(_, _, _, _, _))
+      .WillOnce(SetArgPointee<4>(lost_packets));
+  QuicAckFrame ack_frame = InitAckFrame(kNumSentPackets);
+  NackPackets(1, kNumSentPackets, &ack_frame);
+  // Congestion block the sending right before losing the packets.
+  EXPECT_CALL(*send_algorithm_, TimeUntilSend(_, _))
+      .WillRepeatedly(Return(QuicTime::Delta::Infinite()));
+  manager_.OnIncomingAck(ack_frame, clock_.Now());
+  EXPECT_TRUE(manager_.HasPendingRetransmissions());
+  EXPECT_EQ(0u, BytesInFlight());
+
+  // Ack 1 and ensure the retransmissions are cancelled and put back in flight.
+  EXPECT_CALL(*loss_algorithm, DetectLosses(_, _, _, _, _));
+  ack_frame = InitAckFrame(5);
+  NackPackets(2, kNumSentPackets, &ack_frame);
+  manager_.OnIncomingAck(ack_frame, clock_.Now());
+  EXPECT_FALSE(manager_.HasPendingRetransmissions());
+  EXPECT_EQ(3u * kDefaultLength, BytesInFlight());
+}
+
+TEST_P(QuicSentPacketManagerTest, NegotiateUndoFromOptionsAtClient) {
+  FLAGS_quic_loss_recovery_use_largest_acked = true;
+  EXPECT_FALSE(QuicSentPacketManagerPeer::GetUndoRetransmits(&manager_));
+  QuicConfig client_config;
+  QuicTagVector options;
+
+  options.push_back(kUNDO);
+  QuicSentPacketManagerPeer::SetPerspective(&manager_, Perspective::IS_CLIENT);
+  client_config.SetConnectionOptionsToSend(options);
+  EXPECT_CALL(*network_change_visitor_, OnCongestionChange());
+  EXPECT_CALL(*send_algorithm_, SetFromConfig(_, _));
+  manager_.SetFromConfig(client_config);
+  EXPECT_TRUE(QuicSentPacketManagerPeer::GetUndoRetransmits(&manager_));
+}
+
+TEST_P(QuicSentPacketManagerTest,
        NegotiateConservativeReceiveWindowFromOptions) {
   EXPECT_EQ(kDefaultSocketReceiveBuffer,
             QuicSentPacketManagerPeer::GetReceiveWindow(&manager_));
@@ -1501,8 +1626,7 @@ TEST_F(QuicSentPacketManagerTest,
       .WillRepeatedly(Return(QuicBandwidth::Zero()));
   EXPECT_CALL(*send_algorithm_, GetCongestionWindow())
       .WillOnce(Return(10 * kDefaultTCPMSS));
-  EXPECT_CALL(*network_change_visitor_, OnCongestionWindowChange());
-  EXPECT_CALL(*network_change_visitor_, OnRttChange());
+  EXPECT_CALL(*network_change_visitor_, OnCongestionChange());
   manager_.SetFromConfig(client_config);
 
   EXPECT_EQ(kMinSocketReceiveBuffer,
@@ -1519,8 +1643,8 @@ TEST_F(QuicSentPacketManagerTest,
                              HAS_RETRANSMITTABLE_DATA))
         .WillOnce(Return(true));
     SerializedPacket packet(CreatePacket(i, true));
-    manager_.OnPacketSent(&packet, 0, clock_.Now(), NOT_RETRANSMISSION,
-                          HAS_RETRANSMITTABLE_DATA);
+    manager_.OnPacketSent(&packet, kInvalidPathId, 0, clock_.Now(),
+                          NOT_RETRANSMISSION, HAS_RETRANSMITTABLE_DATA);
   }
   EXPECT_CALL(*send_algorithm_, TimeUntilSend(_, _))
       .WillOnce(Return(QuicTime::Delta::Infinite()));
@@ -1528,7 +1652,7 @@ TEST_F(QuicSentPacketManagerTest,
             manager_.TimeUntilSend(clock_.Now(), HAS_RETRANSMITTABLE_DATA));
 }
 
-TEST_F(QuicSentPacketManagerTest, ReceiveWindowLimited) {
+TEST_P(QuicSentPacketManagerTest, ReceiveWindowLimited) {
   EXPECT_EQ(kDefaultSocketReceiveBuffer,
             QuicSentPacketManagerPeer::GetReceiveWindow(&manager_));
 
@@ -1543,8 +1667,8 @@ TEST_F(QuicSentPacketManagerTest, ReceiveWindowLimited) {
                              HAS_RETRANSMITTABLE_DATA))
         .WillOnce(Return(true));
     SerializedPacket packet(CreatePacket(i, true));
-    manager_.OnPacketSent(&packet, 0, clock_.Now(), NOT_RETRANSMISSION,
-                          HAS_RETRANSMITTABLE_DATA);
+    manager_.OnPacketSent(&packet, kInvalidPathId, 0, clock_.Now(),
+                          NOT_RETRANSMISSION, HAS_RETRANSMITTABLE_DATA);
   }
   EXPECT_CALL(*send_algorithm_, TimeUntilSend(_, _))
       .WillOnce(Return(QuicTime::Delta::Infinite()));
@@ -1552,7 +1676,7 @@ TEST_F(QuicSentPacketManagerTest, ReceiveWindowLimited) {
             manager_.TimeUntilSend(clock_.Now(), HAS_RETRANSMITTABLE_DATA));
 }
 
-TEST_F(QuicSentPacketManagerTest, UseInitialRoundTripTimeToSend) {
+TEST_P(QuicSentPacketManagerTest, UseInitialRoundTripTimeToSend) {
   uint32_t initial_rtt_us = 325000;
   EXPECT_NE(initial_rtt_us,
             manager_.GetRttStats()->smoothed_rtt().ToMicroseconds());
@@ -1560,15 +1684,14 @@ TEST_F(QuicSentPacketManagerTest, UseInitialRoundTripTimeToSend) {
   QuicConfig config;
   config.SetInitialRoundTripTimeUsToSend(initial_rtt_us);
   EXPECT_CALL(*send_algorithm_, SetFromConfig(_, _));
-  EXPECT_CALL(*network_change_visitor_, OnCongestionWindowChange());
-  EXPECT_CALL(*network_change_visitor_, OnRttChange());
+  EXPECT_CALL(*network_change_visitor_, OnCongestionChange());
   manager_.SetFromConfig(config);
 
   EXPECT_EQ(0, manager_.GetRttStats()->smoothed_rtt().ToMicroseconds());
   EXPECT_EQ(initial_rtt_us, manager_.GetRttStats()->initial_rtt_us());
 }
 
-TEST_F(QuicSentPacketManagerTest, ResumeConnectionState) {
+TEST_P(QuicSentPacketManagerTest, ResumeConnectionState) {
   // The sent packet manager should use the RTT from CachedNetworkParameters if
   // it is provided.
   const int kRttMs = 1234;
@@ -1581,8 +1704,8 @@ TEST_F(QuicSentPacketManagerTest, ResumeConnectionState) {
             static_cast<uint64_t>(manager_.GetRttStats()->initial_rtt_us()));
 }
 
-TEST_F(QuicSentPacketManagerTest, ConnectionMigrationUnspecifiedChange) {
-  RttStats* rtt_stats = QuicSentPacketManagerPeer::GetRttStats(&manager_);
+TEST_P(QuicSentPacketManagerTest, ConnectionMigrationUnspecifiedChange) {
+  RttStats* rtt_stats = const_cast<RttStats*>(manager_.GetRttStats());
   int64_t default_init_rtt = rtt_stats->initial_rtt_us();
   rtt_stats->set_initial_rtt_us(default_init_rtt * 2);
   EXPECT_EQ(2 * default_init_rtt, rtt_stats->initial_rtt_us());
@@ -1600,8 +1723,8 @@ TEST_F(QuicSentPacketManagerTest, ConnectionMigrationUnspecifiedChange) {
   EXPECT_EQ(0u, manager_.consecutive_tlp_count());
 }
 
-TEST_F(QuicSentPacketManagerTest, ConnectionMigrationIPSubnetChange) {
-  RttStats* rtt_stats = QuicSentPacketManagerPeer::GetRttStats(&manager_);
+TEST_P(QuicSentPacketManagerTest, ConnectionMigrationIPSubnetChange) {
+  RttStats* rtt_stats = const_cast<RttStats*>(manager_.GetRttStats());
   int64_t default_init_rtt = rtt_stats->initial_rtt_us();
   rtt_stats->set_initial_rtt_us(default_init_rtt * 2);
   EXPECT_EQ(2 * default_init_rtt, rtt_stats->initial_rtt_us());
@@ -1618,8 +1741,8 @@ TEST_F(QuicSentPacketManagerTest, ConnectionMigrationIPSubnetChange) {
   EXPECT_EQ(2u, manager_.consecutive_tlp_count());
 }
 
-TEST_F(QuicSentPacketManagerTest, ConnectionMigrationPortChange) {
-  RttStats* rtt_stats = QuicSentPacketManagerPeer::GetRttStats(&manager_);
+TEST_P(QuicSentPacketManagerTest, ConnectionMigrationPortChange) {
+  RttStats* rtt_stats = const_cast<RttStats*>(manager_.GetRttStats());
   int64_t default_init_rtt = rtt_stats->initial_rtt_us();
   rtt_stats->set_initial_rtt_us(default_init_rtt * 2);
   EXPECT_EQ(2 * default_init_rtt, rtt_stats->initial_rtt_us());
diff --git a/chromium/net/quic/quic_session.cc b/chromium/net/quic/quic_session.cc
index de558968e98..3a433e58da0 100644
--- a/chromium/net/quic/quic_session.cc
+++ b/chromium/net/quic/quic_session.cc
@@ -45,7 +45,9 @@ QuicSession::QuicSession(QuicConnection* connection, const QuicConfig& config)
                        perspective(),
                        kMinimumFlowControlSendWindow,
                        config_.GetInitialSessionFlowControlWindowToSend(),
-                       false),
+                       FLAGS_quic_enable_autotune_by_default
+                           ? perspective() == Perspective::IS_SERVER
+                           : false),
       currently_writing_stream_id_(0) {}
 
 void QuicSession::Initialize() {
@@ -75,13 +77,13 @@ QuicSession::~QuicSession() {
 void QuicSession::OnStreamFrame(const QuicStreamFrame& frame) {
   // TODO(rch) deal with the error case of stream id 0.
   QuicStreamId stream_id = frame.stream_id;
-  ReliableQuicStream* stream = GetStream(stream_id);
+  ReliableQuicStream* stream = GetOrCreateStream(stream_id);
   if (!stream) {
     // The stream no longer exists, but we may still be interested in the
     // final stream byte offset sent by the peer. A frame with a FIN can give
     // us this offset.
     if (frame.fin) {
-      QuicStreamOffset final_byte_offset = frame.offset + frame.frame_length;
+      QuicStreamOffset final_byte_offset = frame.offset + frame.data_length;
       UpdateFlowControlOnFinalReceivedByteOffset(stream_id, final_byte_offset);
     }
     return;
@@ -100,7 +102,7 @@ void QuicSession::OnRstStream(const QuicRstStreamFrame& frame) {
   ReliableQuicStream* stream = GetOrCreateDynamicStream(frame.stream_id);
   if (!stream) {
     HandleRstOnValidNonexistentStream(frame);
-    return;  // Errors are handled by GetStream.
+    return;  // Errors are handled by GetOrCreateStream.
   }
 
   stream->OnStreamReset(frame);
@@ -148,7 +150,7 @@ void QuicSession::OnWindowUpdateFrame(const QuicWindowUpdateFrame& frame) {
     flow_controller_.UpdateSendWindowOffset(frame.byte_offset);
     return;
   }
-  ReliableQuicStream* stream = GetStream(stream_id);
+  ReliableQuicStream* stream = GetOrCreateStream(stream_id);
   if (stream) {
     stream->OnWindowUpdateFrame(frame);
   }
@@ -200,7 +202,8 @@ void QuicSession::OnCanWrite() {
       return;
     }
     currently_writing_stream_id_ = write_blocked_streams_.PopFront();
-    ReliableQuicStream* stream = GetStream(currently_writing_stream_id_);
+    ReliableQuicStream* stream =
+        GetOrCreateStream(currently_writing_stream_id_);
     if (stream != nullptr && !stream->flow_controller()->IsBlocked()) {
       // If the stream can't write all bytes it'll re-add itself to the blocked
       // list.
@@ -236,11 +239,25 @@ void QuicSession::ProcessUdpPacket(const IPEndPoint& self_address,
 }
 
 QuicConsumedData QuicSession::WritevData(
+    ReliableQuicStream* stream,
     QuicStreamId id,
     QuicIOVector iov,
     QuicStreamOffset offset,
     bool fin,
     QuicAckListenerInterface* ack_notifier_delegate) {
+  // This check is an attempt to deal with potential memory corruption
+  // in which |id| ends up set to 1 (the crypto stream id). If this happen
+  // it might end up resulting in unencrypted stream data being sent.
+  // While this is impossible to avoid given sufficient corruption, this
+  // seems like a reasonable mitigation.
+  if (id == kCryptoStreamId && stream != GetCryptoStream()) {
+    QUIC_BUG << "Stream id mismatch";
+    connection_->CloseConnection(
+        QUIC_INTERNAL_ERROR,
+        "Non-crypto stream attempted to write data as crypto stream.",
+        ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
+    return QuicConsumedData(0, false);
+  }
   if (!IsEncryptionEstablished() && id != kCryptoStreamId) {
     // Do not let streams write without encryption. The calling stream will end
     // up write blocked until OnCanWrite is next called.
@@ -375,7 +392,8 @@ void QuicSession::OnConfigNegotiated() {
   connection_->SetFromConfig(config_);
 
   uint32_t max_streams = config_.MaxStreamsPerConnection();
-  if (perspective() == Perspective::IS_SERVER) {
+  if (!FLAGS_quic_enable_autotune_by_default &&
+      perspective() == Perspective::IS_SERVER) {
     if (config_.HasReceivedConnectionOptions()) {
       if (ContainsQuicTag(config_.ReceivedConnectionOptions(), kAFCW)) {
         // The following variations change the initial receive flow control
@@ -418,6 +436,8 @@ void QuicSession::OnConfigNegotiated() {
   }
 }
 
+// TODO(ckrasic): remove the following two methods when deprecating
+// FLAGS_quic_enable_autotune_by_default.
 void QuicSession::EnableAutoTuneReceiveWindow() {
   DVLOG(1) << ENDPOINT << "Enable auto tune receive windows";
   flow_controller_.set_auto_tune_receive_window(true);
@@ -577,7 +597,8 @@ QuicStreamId QuicSession::GetNextOutgoingStreamId() {
   return id;
 }
 
-ReliableQuicStream* QuicSession::GetStream(const QuicStreamId stream_id) {
+ReliableQuicStream* QuicSession::GetOrCreateStream(
+    const QuicStreamId stream_id) {
   StreamMap::iterator it = static_stream_map_.find(stream_id);
   if (it != static_stream_map_.end()) {
     return it->second;
@@ -749,8 +770,8 @@ size_t QuicSession::GetNumAvailableStreams() const {
 }
 
 void QuicSession::MarkConnectionLevelWriteBlocked(QuicStreamId id) {
-  QUIC_BUG_IF(GetStream(id) == nullptr) << "Marking unknown stream " << id
-                                        << " blocked.";
+  QUIC_BUG_IF(GetOrCreateStream(id) == nullptr) << "Marking unknown stream "
+                                                << id << " blocked.";
 
   write_blocked_streams_.AddStream(id);
 }
diff --git a/chromium/net/quic/quic_session.h b/chromium/net/quic/quic_session.h
index b072c9b0a0f..46c22d3c343 100644
--- a/chromium/net/quic/quic_session.h
+++ b/chromium/net/quic/quic_session.h
@@ -10,6 +10,7 @@
 #include <stddef.h>
 
 #include <map>
+#include <memory>
 #include <string>
 #include <unordered_map>
 #include <unordered_set>
@@ -17,7 +18,6 @@
 
 #include "base/compiler_specific.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_piece.h"
 #include "net/base/ip_endpoint.h"
 #include "net/quic/quic_connection.h"
@@ -98,6 +98,7 @@ class NET_EXPORT_PRIVATE QuicSession : public QuicConnectionVisitorInterface {
   // If provided, |ack_notifier_delegate| will be registered to be notified when
   // we have seen ACKs for all packets resulting from this call.
   virtual QuicConsumedData WritevData(
+      ReliableQuicStream* stream,
       QuicStreamId id,
       QuicIOVector iov,
       QuicStreamOffset offset,
@@ -213,7 +214,11 @@ class NET_EXPORT_PRIVATE QuicSession : public QuicConnectionVisitorInterface {
 
   size_t MaxAvailableStreams() const;
 
-  ReliableQuicStream* GetStream(const QuicStreamId stream_id);
+  // Returns existing static or dynamic stream with id = |stream_id|. If no
+  // such stream exists, and |stream_id| is a peer-created dynamic stream id,
+  // then a new stream is created and returned. In all other cases, nullptr is
+  // returned.
+  ReliableQuicStream* GetOrCreateStream(const QuicStreamId stream_id);
 
   // Mark a stream as draining.
   virtual void StreamDraining(QuicStreamId id);
@@ -348,7 +353,7 @@ class NET_EXPORT_PRIVATE QuicSession : public QuicConnectionVisitorInterface {
   std::map<QuicStreamId, QuicStreamOffset>
       locally_closed_streams_highest_offset_;
 
-  scoped_ptr<QuicConnection> connection_;
+  std::unique_ptr<QuicConnection> connection_;
 
   std::vector<ReliableQuicStream*> closed_streams_;
 
diff --git a/chromium/net/quic/quic_session_test.cc b/chromium/net/quic/quic_session_test.cc
index d70ab5c2d6e..9e03746d4a6 100644
--- a/chromium/net/quic/quic_session_test.cc
+++ b/chromium/net/quic/quic_session_test.cc
@@ -152,6 +152,7 @@ class TestSession : public QuicSpdySession {
   }
 
   QuicConsumedData WritevData(
+      ReliableQuicStream* stream,
       QuicStreamId id,
       QuicIOVector data,
       QuicStreamOffset offset,
@@ -159,8 +160,8 @@ class TestSession : public QuicSpdySession {
       QuicAckListenerInterface* ack_notifier_delegate) override {
     QuicConsumedData consumed(data.total_length, fin);
     if (!writev_consumes_all_data_) {
-      consumed =
-          QuicSession::WritevData(id, data, offset, fin, ack_notifier_delegate);
+      consumed = QuicSession::WritevData(stream, id, data, offset, fin,
+                                         ack_notifier_delegate);
     }
     QuicSessionPeer::GetWriteBlockedStreams(this)->UpdateBytesForStream(
         id, consumed.bytes_consumed);
@@ -171,17 +172,19 @@ class TestSession : public QuicSpdySession {
     writev_consumes_all_data_ = val;
   }
 
-  QuicConsumedData SendStreamData(QuicStreamId id) {
+  QuicConsumedData SendStreamData(ReliableQuicStream* stream) {
     struct iovec iov;
-    return WritevData(id, MakeIOVector("not empty", &iov), 0, true, nullptr);
+    return WritevData(stream, stream->id(), MakeIOVector("not empty", &iov), 0,
+                      true, nullptr);
   }
 
-  QuicConsumedData SendLargeFakeData(QuicStreamId id, int bytes) {
+  QuicConsumedData SendLargeFakeData(ReliableQuicStream* stream, int bytes) {
     DCHECK(writev_consumes_all_data_);
     struct iovec iov;
     iov.iov_base = nullptr;  // should not be read.
     iov.iov_len = static_cast<size_t>(bytes);
-    return WritevData(id, QuicIOVector(&iov, 1, bytes), 0, true, nullptr);
+    return WritevData(stream, stream->id(), QuicIOVector(&iov, 1, bytes), 0,
+                      true, nullptr);
   }
 
   using QuicSession::PostProcessAfterData;
@@ -196,9 +199,10 @@ class QuicSessionTestBase : public ::testing::TestWithParam<QuicVersion> {
  protected:
   explicit QuicSessionTestBase(Perspective perspective)
       : connection_(
-            new StrictMock<MockConnection>(&helper_,
-                                           perspective,
-                                           SupportedVersions(GetParam()))),
+            new StrictMock<MockQuicConnection>(&helper_,
+                                               &alarm_factory_,
+                                               perspective,
+                                               SupportedVersions(GetParam()))),
         session_(connection_) {
     FLAGS_quic_always_log_bugs_for_tests = true;
     session_.config()->SetInitialStreamFlowControlWindowToSend(
@@ -256,8 +260,9 @@ class QuicSessionTestBase : public ::testing::TestWithParam<QuicVersion> {
 
   QuicVersion version() const { return connection_->version(); }
 
-  MockConnectionHelper helper_;
-  StrictMock<MockConnection>* connection_;
+  MockQuicConnectionHelper helper_;
+  MockAlarmFactory alarm_factory_;
+  StrictMock<MockQuicConnection>* connection_;
   TestSession session_;
   set<QuicStreamId> closed_streams_;
   SpdyHeaderBlock headers_;
@@ -417,15 +422,13 @@ TEST_P(QuicSessionTestServer, TestBatchedWrites) {
   EXPECT_CALL(*stream2, OnCanWrite())
       .WillOnce(DoAll(testing::IgnoreResult(Invoke(CreateFunctor(
                           &TestSession::SendLargeFakeData,
-                          base::Unretained(&session_),
-                          stream2->id(), 6000))),
+                          base::Unretained(&session_), stream2, 6000))),
                       Invoke(&stream2_blocker,
                              &StreamBlocker::MarkConnectionLevelWriteBlocked)));
   EXPECT_CALL(*stream2, OnCanWrite())
       .WillOnce(DoAll(testing::IgnoreResult(Invoke(CreateFunctor(
                           &TestSession::SendLargeFakeData,
-                          base::Unretained(&session_),
-                          stream2->id(), 6000))),
+                          base::Unretained(&session_), stream2, 6000))),
                       Invoke(&stream2_blocker,
                              &StreamBlocker::MarkConnectionLevelWriteBlocked)));
   session_.OnCanWrite();
@@ -435,15 +438,13 @@ TEST_P(QuicSessionTestServer, TestBatchedWrites) {
   EXPECT_CALL(*stream2, OnCanWrite())
       .WillOnce(DoAll(testing::IgnoreResult(Invoke(CreateFunctor(
                           &TestSession::SendLargeFakeData,
-                          base::Unretained(&session_),
-                          stream2->id(), 6000))),
+                          base::Unretained(&session_), stream2, 6000))),
                       Invoke(&stream2_blocker,
                              &StreamBlocker::MarkConnectionLevelWriteBlocked)));
   EXPECT_CALL(*stream4, OnCanWrite())
       .WillOnce(DoAll(testing::IgnoreResult(Invoke(CreateFunctor(
                           &TestSession::SendLargeFakeData,
-                          base::Unretained(&session_),
-                          stream4->id(), 6000))),
+                          base::Unretained(&session_), stream4, 6000))),
                       Invoke(&stream4_blocker,
                              &StreamBlocker::MarkConnectionLevelWriteBlocked)));
   session_.OnCanWrite();
@@ -455,15 +456,15 @@ TEST_P(QuicSessionTestServer, TestBatchedWrites) {
   EXPECT_CALL(*stream4, OnCanWrite())
       .WillOnce(DoAll(testing::IgnoreResult(Invoke(CreateFunctor(
                           &TestSession::SendLargeFakeData,
-                          base::Unretained(&session_), stream4->id(), 6000))),
+                          base::Unretained(&session_), stream4, 6000))),
                       Invoke(&stream4_blocker,
                              &StreamBlocker::MarkConnectionLevelWriteBlocked),
                       Invoke(&stream6_blocker,
                              &StreamBlocker::MarkConnectionLevelWriteBlocked)));
   EXPECT_CALL(*stream6, OnCanWrite())
-      .WillOnce(testing::IgnoreResult(Invoke(CreateFunctor(
-          &TestSession::SendLargeFakeData,
-          base::Unretained(&session_), stream4->id(), 6000))));
+      .WillOnce(testing::IgnoreResult(
+          Invoke(CreateFunctor(&TestSession::SendLargeFakeData,
+                               base::Unretained(&session_), stream4, 6000))));
   session_.OnCanWrite();
 
   // Stream4 alread did 6k worth of writes, so after doing another 12k it should
@@ -471,15 +472,13 @@ TEST_P(QuicSessionTestServer, TestBatchedWrites) {
   EXPECT_CALL(*stream4, OnCanWrite())
       .WillOnce(DoAll(testing::IgnoreResult(Invoke(CreateFunctor(
                           &TestSession::SendLargeFakeData,
-                          base::Unretained(&session_),
-                          stream4->id(), 12000))),
+                          base::Unretained(&session_), stream4, 12000))),
                       Invoke(&stream4_blocker,
                              &StreamBlocker::MarkConnectionLevelWriteBlocked)));
   EXPECT_CALL(*stream2, OnCanWrite())
       .WillOnce(DoAll(testing::IgnoreResult(Invoke(CreateFunctor(
                           &TestSession::SendLargeFakeData,
-                          base::Unretained(&session_),
-                          stream2->id(), 6000))),
+                          base::Unretained(&session_), stream2, 6000))),
                       Invoke(&stream2_blocker,
                              &StreamBlocker::MarkConnectionLevelWriteBlocked)));
   session_.OnCanWrite();
@@ -507,19 +506,17 @@ TEST_P(QuicSessionTestServer, OnCanWriteBundlesStreams) {
   EXPECT_CALL(*send_algorithm, GetCongestionWindow())
       .WillRepeatedly(Return(kMaxPacketSize * 10));
   EXPECT_CALL(*stream2, OnCanWrite())
-      .WillOnce(testing::IgnoreResult(Invoke(CreateFunctor(
-          &TestSession::SendStreamData,
-          base::Unretained(&session_), stream2->id()))));
+      .WillOnce(testing::IgnoreResult(
+          Invoke(CreateFunctor(&TestSession::SendStreamData,
+                               base::Unretained(&session_), stream2))));
   EXPECT_CALL(*stream4, OnCanWrite())
-      .WillOnce(testing::IgnoreResult(Invoke(CreateFunctor(
-          &TestSession::SendStreamData,
-          base::Unretained(&session_),
-          stream4->id()))));
+      .WillOnce(testing::IgnoreResult(
+          Invoke(CreateFunctor(&TestSession::SendStreamData,
+                               base::Unretained(&session_), stream4))));
   EXPECT_CALL(*stream6, OnCanWrite())
-      .WillOnce(testing::IgnoreResult(Invoke(CreateFunctor(
-          &TestSession::SendStreamData,
-          base::Unretained(&session_),
-          stream6->id()))));
+      .WillOnce(testing::IgnoreResult(
+          Invoke(CreateFunctor(&TestSession::SendStreamData,
+                               base::Unretained(&session_), stream6))));
 
   // Expect that we only send one packet, the writes from different streams
   // should be bundled together.
@@ -673,7 +670,7 @@ TEST_P(QuicSessionTestServer, SendGoAway) {
   EXPECT_CALL(*writer, WritePacket(_, _, _, _, _))
       .WillOnce(Return(WriteResult(WRITE_STATUS_OK, 0)));
   EXPECT_CALL(*connection_, SendGoAway(_, _, _))
-      .WillOnce(Invoke(connection_, &MockConnection::ReallySendGoAway));
+      .WillOnce(Invoke(connection_, &MockQuicConnection::ReallySendGoAway));
   session_.SendGoAway(QUIC_PEER_GOING_AWAY, "Going Away.");
   EXPECT_TRUE(session_.goaway_sent());
 
diff --git a/chromium/net/quic/quic_socket_address_coder.cc b/chromium/net/quic/quic_socket_address_coder.cc
index c0f528d5a4e..f0d213edef0 100644
--- a/chromium/net/quic/quic_socket_address_coder.cc
+++ b/chromium/net/quic/quic_socket_address_coder.cc
@@ -60,10 +60,10 @@ bool QuicSocketAddressCoder::Decode(const char* data, size_t length) {
   size_t ip_length;
   switch (address_family) {
     case kIPv4:
-      ip_length = kIPv4AddressSize;
+      ip_length = IPAddress::kIPv4AddressSize;
       break;
     case kIPv6:
-      ip_length = kIPv6AddressSize;
+      ip_length = IPAddress::kIPv6AddressSize;
       break;
     default:
       return false;
diff --git a/chromium/net/quic/quic_spdy_session.cc b/chromium/net/quic/quic_spdy_session.cc
index 119974c1f13..071d0118aff 100644
--- a/chromium/net/quic/quic_spdy_session.cc
+++ b/chromium/net/quic/quic_spdy_session.cc
@@ -7,6 +7,7 @@
 #include "net/quic/quic_bug_tracker.h"
 #include "net/quic/quic_headers_stream.h"
 
+using base::StringPiece;
 using std::string;
 
 namespace net {
@@ -72,6 +73,18 @@ void QuicSpdySession::OnStreamHeadersComplete(QuicStreamId stream_id,
   stream->OnStreamHeadersComplete(fin, frame_len);
 }
 
+void QuicSpdySession::OnStreamHeaderList(QuicStreamId stream_id,
+                                         bool fin,
+                                         size_t frame_len,
+                                         const QuicHeaderList& header_list) {
+  QuicSpdyStream* stream = GetSpdyDataStream(stream_id);
+  if (!stream) {
+    // It's quite possible to receive headers after a stream has been reset.
+    return;
+  }
+  stream->OnStreamHeaderList(fin, frame_len, header_list);
+}
+
 size_t QuicSpdySession::WriteHeaders(
     QuicStreamId id,
     const SpdyHeaderBlock& headers,
@@ -122,4 +135,22 @@ void QuicSpdySession::OnPromiseHeadersComplete(QuicStreamId stream_id,
                                 ConnectionCloseBehavior::SILENT_CLOSE);
 }
 
+void QuicSpdySession::OnPromiseHeaderList(QuicStreamId stream_id,
+                                          QuicStreamId promised_stream_id,
+                                          size_t frame_len,
+                                          const QuicHeaderList& header_list) {
+  string error = "OnPromiseHeaderList should be overriden in client code.";
+  QUIC_BUG << error;
+  connection()->CloseConnection(QUIC_INTERNAL_ERROR, error,
+                                ConnectionCloseBehavior::SILENT_CLOSE);
+}
+
+void QuicSpdySession::OnConfigNegotiated() {
+  QuicSession::OnConfigNegotiated();
+  if (FLAGS_quic_disable_hpack_dynamic_table &&
+      config()->HasClientSentConnectionOption(kDHDT, perspective())) {
+    headers_stream_->DisableHpackDynamicTable();
+  }
+}
+
 }  // namespace net
diff --git a/chromium/net/quic/quic_spdy_session.h b/chromium/net/quic/quic_spdy_session.h
index 8db704918bf..6b671f7c516 100644
--- a/chromium/net/quic/quic_spdy_session.h
+++ b/chromium/net/quic/quic_spdy_session.h
@@ -7,7 +7,10 @@
 
 #include <stddef.h>
 
+#include <memory>
+
 #include "base/macros.h"
+#include "net/quic/quic_header_list.h"
 #include "net/quic/quic_headers_stream.h"
 #include "net/quic/quic_session.h"
 #include "net/quic/quic_spdy_stream.h"
@@ -29,7 +32,7 @@ class NET_EXPORT_PRIVATE QuicSpdySession : public QuicSession {
 
   // Called by |headers_stream_| when headers have been received for a stream.
   virtual void OnStreamHeaders(QuicStreamId stream_id,
-                               StringPiece headers_data);
+                               base::StringPiece headers_data);
   // Called by |headers_stream_| when headers with a priority have been
   // received for this stream.  This method will only be called for server
   // streams.
@@ -42,10 +45,18 @@ class NET_EXPORT_PRIVATE QuicSpdySession : public QuicSession {
                                        bool fin,
                                        size_t frame_len);
 
+  // Called by |headers_stream_| when headers have been completely received
+  // for a stream.  |fin| will be true if the fin flag was set in the headers
+  // frame.
+  virtual void OnStreamHeaderList(QuicStreamId stream_id,
+                                  bool fin,
+                                  size_t frame_len,
+                                  const QuicHeaderList& header_list);
+
   // Called by |headers_stream_| when push promise headers have been
   // received for a stream.
   virtual void OnPromiseHeaders(QuicStreamId stream_id,
-                                StringPiece headers_data);
+                                base::StringPiece headers_data);
 
   // Called by |headers_stream_| when push promise headers have been
   // completely received.  |fin| will be true if the fin flag was set
@@ -54,6 +65,14 @@ class NET_EXPORT_PRIVATE QuicSpdySession : public QuicSession {
                                         QuicStreamId promised_stream_id,
                                         size_t frame_len);
 
+  // Called by |headers_stream_| when push promise headers have been
+  // completely received.  |fin| will be true if the fin flag was set
+  // in the headers.
+  virtual void OnPromiseHeaderList(QuicStreamId stream_id,
+                                   QuicStreamId promised_stream_id,
+                                   size_t frame_len,
+                                   const QuicHeaderList& header_list);
+
   // Writes |headers| for the stream |id| to the dedicated headers stream.
   // If |fin| is true, then no more data will be sent for the stream |id|.
   // If provided, |ack_notifier_delegate| will be registered to be notified when
@@ -79,6 +98,8 @@ class NET_EXPORT_PRIVATE QuicSpdySession : public QuicSession {
   // list.
   void UpdateStreamPriority(QuicStreamId id, SpdyPriority new_priority);
 
+  void OnConfigNegotiated() override;
+
  protected:
   // Override CreateIncomingDynamicStream() and CreateOutgoingDynamicStream()
   // with QuicSpdyStream return type to make sure that all data streams are
@@ -98,7 +119,7 @@ class NET_EXPORT_PRIVATE QuicSpdySession : public QuicSession {
  private:
   friend class test::QuicSpdySessionPeer;
 
-  scoped_ptr<QuicHeadersStream> headers_stream_;
+  std::unique_ptr<QuicHeadersStream> headers_stream_;
 
   DISALLOW_COPY_AND_ASSIGN(QuicSpdySession);
 };
diff --git a/chromium/net/quic/quic_spdy_stream.cc b/chromium/net/quic/quic_spdy_stream.cc
index de59465356f..b6adeecdc6e 100644
--- a/chromium/net/quic/quic_spdy_stream.cc
+++ b/chromium/net/quic/quic_spdy_stream.cc
@@ -29,7 +29,8 @@ QuicSpdyStream::QuicSpdyStream(QuicStreamId id, QuicSpdySession* spdy_session)
       visitor_(nullptr),
       headers_decompressed_(false),
       priority_(kDefaultPriority),
-      trailers_decompressed_(false) {
+      trailers_decompressed_(false),
+      avoid_empty_nonfin_writes_(FLAGS_quic_avoid_empty_nonfin_writes) {
   DCHECK_NE(kCryptoStreamId, id);
   // Don't receive any callbacks from the sequencer until headers
   // are complete.
@@ -88,7 +89,7 @@ void QuicSpdyStream::WriteOrBufferBody(
 }
 
 size_t QuicSpdyStream::WriteTrailers(
-    SpdyHeaderBlock trailer_block,
+    const SpdyHeaderBlock& trailer_block,
     QuicAckListenerInterface* ack_notifier_delegate) {
   if (fin_sent()) {
     QUIC_BUG << "Trailers cannot be sent after a FIN.";
@@ -97,7 +98,10 @@ size_t QuicSpdyStream::WriteTrailers(
 
   // The header block must contain the final offset for this stream, as the
   // trailers may be processed out of order at the peer.
-  trailer_block.insert(std::make_pair(
+  DVLOG(1) << "Inserting trailer: (" << kFinalOffsetHeaderKey << ", "
+           << stream_bytes_written() + queued_data_bytes() << ")";
+  SpdyHeaderBlock trailer_block_with_offset(trailer_block);
+  trailer_block_with_offset.insert(std::make_pair(
       kFinalOffsetHeaderKey,
       base::IntToString(stream_bytes_written() + queued_data_bytes())));
 
@@ -105,7 +109,7 @@ size_t QuicSpdyStream::WriteTrailers(
   // trailers are the last thing to be sent on a stream.
   const bool kFin = true;
   size_t bytes_written = spdy_session_->WriteHeaders(
-      id(), trailer_block, kFin, priority_, ack_notifier_delegate);
+      id(), trailer_block_with_offset, kFin, priority_, ack_notifier_delegate);
   set_fin_sent(kFin);
 
   // Trailers are the last thing to be sent on a stream, but if there is still
@@ -157,6 +161,13 @@ void QuicSpdyStream::MarkTrailersConsumed(size_t bytes_consumed) {
   decompressed_trailers_.erase(0, bytes_consumed);
 }
 
+void QuicSpdyStream::ConsumeHeaderList() {
+  header_list_.Clear();
+  if (FinishedReadingHeaders()) {
+    sequencer()->SetUnblocked();
+  }
+}
+
 void QuicSpdyStream::SetPriority(SpdyPriority priority) {
   DCHECK_EQ(0u, stream_bytes_written());
   spdy_session_->UpdateStreamPriority(id(), priority);
@@ -185,6 +196,16 @@ void QuicSpdyStream::OnStreamHeadersComplete(bool fin, size_t frame_len) {
   }
 }
 
+void QuicSpdyStream::OnStreamHeaderList(bool fin,
+                                        size_t frame_len,
+                                        const QuicHeaderList& header_list) {
+  if (!headers_decompressed_) {
+    OnInitialHeadersComplete(fin, frame_len, header_list);
+  } else {
+    OnTrailingHeadersComplete(fin, frame_len, header_list);
+  }
+}
+
 void QuicSpdyStream::OnInitialHeadersComplete(bool fin, size_t /*frame_len*/) {
   headers_decompressed_ = true;
   if (fin) {
@@ -195,6 +216,20 @@ void QuicSpdyStream::OnInitialHeadersComplete(bool fin, size_t /*frame_len*/) {
   }
 }
 
+void QuicSpdyStream::OnInitialHeadersComplete(
+    bool fin,
+    size_t /*frame_len*/,
+    const QuicHeaderList& header_list) {
+  headers_decompressed_ = true;
+  header_list_ = header_list;
+  if (fin) {
+    OnStreamFrame(QuicStreamFrame(id(), fin, 0, StringPiece()));
+  }
+  if (FinishedReadingHeaders()) {
+    sequencer()->SetUnblocked();
+  }
+}
+
 void QuicSpdyStream::OnPromiseHeaders(StringPiece headers_data) {
   headers_data.AppendToString(&decompressed_headers_);
 }
@@ -210,6 +245,18 @@ void QuicSpdyStream::OnPromiseHeadersComplete(
   return;
 }
 
+void QuicSpdyStream::OnPromiseHeaderList(
+    QuicStreamId /* promised_id */,
+    size_t /* frame_len */,
+    const QuicHeaderList& /*header_list */) {
+  // To be overridden in QuicSpdyClientStream.  Not supported on
+  // server side.
+  session()->connection()->CloseConnection(
+      QUIC_INVALID_HEADERS_STREAM_DATA, "Promise headers received by server",
+      ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
+  return;
+}
+
 void QuicSpdyStream::OnTrailingHeadersComplete(bool fin, size_t /*frame_len*/) {
   DCHECK(!trailers_decompressed_);
   if (fin_received()) {
@@ -247,6 +294,39 @@ void QuicSpdyStream::OnTrailingHeadersComplete(bool fin, size_t /*frame_len*/) {
   trailers_decompressed_ = true;
 }
 
+void QuicSpdyStream::OnTrailingHeadersComplete(
+    bool fin,
+    size_t /*frame_len*/,
+    const QuicHeaderList& header_list) {
+  DCHECK(!trailers_decompressed_);
+  if (fin_received()) {
+    DLOG(ERROR) << "Received Trailers after FIN, on stream: " << id();
+    session()->connection()->CloseConnection(
+        QUIC_INVALID_HEADERS_STREAM_DATA, "Trailers after fin",
+        ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
+    return;
+  }
+  if (!fin) {
+    DLOG(ERROR) << "Trailers must have FIN set, on stream: " << id();
+    session()->connection()->CloseConnection(
+        QUIC_INVALID_HEADERS_STREAM_DATA, "Fin missing from trailers",
+        ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
+    return;
+  }
+
+  size_t final_byte_offset = 0;
+  if (!SpdyUtils::CopyAndValidateTrailers(header_list, &final_byte_offset,
+                                          &received_trailers_)) {
+    DLOG(ERROR) << "Trailers are malformed: " << id();
+    session()->connection()->CloseConnection(
+        QUIC_INVALID_HEADERS_STREAM_DATA, "Trailers are malformed",
+        ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
+    return;
+  }
+  OnStreamFrame(QuicStreamFrame(id(), fin, final_byte_offset, StringPiece()));
+  trailers_decompressed_ = true;
+}
+
 void QuicSpdyStream::OnStreamReset(const QuicRstStreamFrame& frame) {
   if (frame.error_code != QUIC_STREAM_NO_ERROR ||
       version() <= QUIC_VERSION_28) {
@@ -273,7 +353,8 @@ void QuicSpdyStream::OnClose() {
 }
 
 bool QuicSpdyStream::FinishedReadingHeaders() const {
-  return headers_decompressed_ && decompressed_headers_.empty();
+  return headers_decompressed_ && decompressed_headers_.empty() &&
+         header_list_.empty();
 }
 
 bool QuicSpdyStream::ParseHeaderStatusCode(SpdyHeaderBlock* header,
diff --git a/chromium/net/quic/quic_spdy_stream.h b/chromium/net/quic/quic_spdy_stream.h
index 71c50b4cbd0..d8cf3964cc2 100644
--- a/chromium/net/quic/quic_spdy_stream.h
+++ b/chromium/net/quic/quic_spdy_stream.h
@@ -20,6 +20,8 @@
 #include "net/base/iovec.h"
 #include "net/base/ip_endpoint.h"
 #include "net/base/net_export.h"
+#include "net/quic/quic_flags.h"
+#include "net/quic/quic_header_list.h"
 #include "net/quic/quic_protocol.h"
 #include "net/quic/quic_stream_sequencer.h"
 #include "net/quic/reliable_quic_stream.h"
@@ -51,6 +53,10 @@ class NET_EXPORT_PRIVATE QuicSpdyStream : public ReliableQuicStream {
     // Called when the stream is closed.
     virtual void OnClose(QuicSpdyStream* stream) = 0;
 
+    // Allows subclasses to override and do work.
+    virtual void OnPromiseHeadersComplete(QuicStreamId promised_id,
+                                          size_t frame_len) {}
+
    protected:
     virtual ~Visitor() {}
 
@@ -84,17 +90,30 @@ class NET_EXPORT_PRIVATE QuicSpdyStream : public ReliableQuicStream {
   // should be closed; no more data will be sent by the peer.
   virtual void OnStreamHeadersComplete(bool fin, size_t frame_len);
 
+  // Called by the session when decompressed headers have been completely
+  // delivered to this stream.  If |fin| is true, then this stream
+  // should be closed; no more data will be sent by the peer.
+  virtual void OnStreamHeaderList(bool fin,
+                                  size_t frame_len,
+                                  const QuicHeaderList& header_list);
+
   // Called by the session when decompressed PUSH_PROMISE headers data
   // is received for this stream.
   // May be called multiple times, with each call providing additional headers
   // data until OnPromiseHeadersComplete is called.
-  virtual void OnPromiseHeaders(StringPiece headers_data);
+  virtual void OnPromiseHeaders(base::StringPiece headers_data);
 
   // Called by the session when decompressed push promise headers have
   // been completely delivered to this stream.
   virtual void OnPromiseHeadersComplete(QuicStreamId promised_id,
                                         size_t frame_len);
 
+  // Called by the session when decompressed push promise headers have
+  // been completely delivered to this stream.
+  virtual void OnPromiseHeaderList(QuicStreamId promised_id,
+                                   size_t frame_len,
+                                   const QuicHeaderList& header_list);
+
   // Override the base class to not discard response when receiving
   // QUIC_STREAM_NO_ERROR on QUIC_VERSION_29 and later versions.
   void OnStreamReset(const QuicRstStreamFrame& frame) override;
@@ -112,8 +131,8 @@ class NET_EXPORT_PRIVATE QuicSpdyStream : public ReliableQuicStream {
 
   // Writes the trailers contained in |trailer_block| to the dedicated
   // headers stream. Trailers will always have the FIN set.
-  size_t WriteTrailers(SpdyHeaderBlock trailer_block,
-                       QuicAckListenerInterface* ack_notifier_delegate);
+  virtual size_t WriteTrailers(const SpdyHeaderBlock& trailer_block,
+                               QuicAckListenerInterface* ack_notifier_delegate);
 
   // Marks |bytes_consumed| of the headers data as consumed.
   void MarkHeadersConsumed(size_t bytes_consumed);
@@ -121,6 +140,9 @@ class NET_EXPORT_PRIVATE QuicSpdyStream : public ReliableQuicStream {
   // Marks |bytes_consumed| of the trailers data as consumed.
   void MarkTrailersConsumed(size_t bytes_consumed);
 
+  // Clears |header_list_|.
+  void ConsumeHeaderList();
+
   // This block of functions wraps the sequencer's functions of the same
   // name.  These methods return uncompressed data until that has
   // been fully processed.  Then they simply delegate to the sequencer.
@@ -144,6 +166,8 @@ class NET_EXPORT_PRIVATE QuicSpdyStream : public ReliableQuicStream {
     return decompressed_headers_;
   }
 
+  const QuicHeaderList& header_list() const { return header_list_; }
+
   bool trailers_decompressed() const { return trailers_decompressed_; }
 
   const std::string& decompressed_trailers() const {
@@ -165,11 +189,20 @@ class NET_EXPORT_PRIVATE QuicSpdyStream : public ReliableQuicStream {
   // use of the spdy_session_ member.
   void ClearSession();
 
+  // Latched value of --quic_avoid_empty_nonfin_writes.
+  bool avoid_empty_nonfin_writes() const { return avoid_empty_nonfin_writes_; }
+
  protected:
   // Called by OnStreamHeadersComplete depending on which type (initial or
   // trailing) headers are expected next.
   virtual void OnInitialHeadersComplete(bool fin, size_t frame_len);
   virtual void OnTrailingHeadersComplete(bool fin, size_t frame_len);
+  virtual void OnInitialHeadersComplete(bool fin,
+                                        size_t frame_len,
+                                        const QuicHeaderList& header_list);
+  virtual void OnTrailingHeadersComplete(bool fin,
+                                         size_t frame_len,
+                                         const QuicHeaderList& header_list);
   QuicSpdySession* spdy_session() const { return spdy_session_; }
   Visitor* visitor() { return visitor_; }
 
@@ -194,6 +227,9 @@ class NET_EXPORT_PRIVATE QuicSpdyStream : public ReliableQuicStream {
   // Contains a copy of the decompressed headers until they are consumed
   // via ProcessData or Readv.
   std::string decompressed_headers_;
+  // Contains a copy of the decompressed header (name, value) pairs until they
+  // are consumed via Readv.
+  QuicHeaderList header_list_;
 
   // True if the trailers have been completely decompressed.
   bool trailers_decompressed_;
@@ -203,6 +239,8 @@ class NET_EXPORT_PRIVATE QuicSpdyStream : public ReliableQuicStream {
   // The parsed trailers received from the peer.
   SpdyHeaderBlock received_trailers_;
 
+  bool avoid_empty_nonfin_writes_;
+
   DISALLOW_COPY_AND_ASSIGN(QuicSpdyStream);
 };
 
diff --git a/chromium/net/quic/quic_spdy_stream_test.cc b/chromium/net/quic/quic_spdy_stream_test.cc
index a50c082470a..c9a4ea006c1 100644
--- a/chromium/net/quic/quic_spdy_stream_test.cc
+++ b/chromium/net/quic/quic_spdy_stream_test.cc
@@ -4,8 +4,9 @@
 
 #include "net/quic/quic_spdy_stream.h"
 
-#include "base/strings/string_number_conversions.h"
+#include <memory>
 
+#include "base/strings/string_number_conversions.h"
 #include "net/quic/quic_connection.h"
 #include "net/quic/quic_utils.h"
 #include "net/quic/quic_write_blocked_list.h"
@@ -96,8 +97,9 @@ class QuicSpdyStreamTest : public ::testing::TestWithParam<QuicVersion> {
   }
 
   void Initialize(bool stream_should_process_data) {
-    connection_ = new testing::StrictMock<MockConnection>(
-        &helper_, Perspective::IS_SERVER, SupportedVersions(GetParam()));
+    connection_ = new testing::StrictMock<MockQuicConnection>(
+        &helper_, &alarm_factory_, Perspective::IS_SERVER,
+        SupportedVersions(GetParam()));
     session_.reset(new testing::StrictMock<MockQuicSpdySession>(connection_));
     stream_ = new TestStream(kClientDataStreamId1, session_.get(),
                              stream_should_process_data);
@@ -108,9 +110,10 @@ class QuicSpdyStreamTest : public ::testing::TestWithParam<QuicVersion> {
   }
 
  protected:
-  MockConnectionHelper helper_;
-  MockConnection* connection_;
-  scoped_ptr<MockQuicSpdySession> session_;
+  MockQuicConnectionHelper helper_;
+  MockAlarmFactory alarm_factory_;
+  MockQuicConnection* connection_;
+  std::unique_ptr<MockQuicSpdySession> session_;
 
   // Owned by the |session_|.
   TestStream* stream_;
@@ -138,6 +141,22 @@ TEST_P(QuicSpdyStreamTest, ProcessHeaders) {
   EXPECT_FALSE(stream_->IsDoneReading());
 }
 
+TEST_P(QuicSpdyStreamTest, ProcessHeaderList) {
+  Initialize(kShouldProcessData);
+
+  size_t total_bytes = 0;
+  QuicHeaderList headers;
+  for (auto p : headers_) {
+    headers.OnHeader(p.first, p.second);
+    total_bytes += p.first.size() + p.second.size();
+  }
+  stream_->OnStreamHeadersPriority(kV3HighestPriority);
+  stream_->OnStreamHeaderList(false, total_bytes, headers);
+  EXPECT_EQ("", stream_->data());
+  EXPECT_FALSE(stream_->header_list().empty());
+  EXPECT_FALSE(stream_->IsDoneReading());
+}
+
 TEST_P(QuicSpdyStreamTest, ProcessHeadersWithFin) {
   Initialize(kShouldProcessData);
 
@@ -154,6 +173,23 @@ TEST_P(QuicSpdyStreamTest, ProcessHeadersWithFin) {
   EXPECT_TRUE(stream_->HasFinalReceivedByteOffset());
 }
 
+TEST_P(QuicSpdyStreamTest, ProcessHeaderListWithFin) {
+  Initialize(kShouldProcessData);
+
+  size_t total_bytes = 0;
+  QuicHeaderList headers;
+  for (auto p : headers_) {
+    headers.OnHeader(p.first, p.second);
+    total_bytes += p.first.size() + p.second.size();
+  }
+  stream_->OnStreamHeadersPriority(kV3HighestPriority);
+  stream_->OnStreamHeaderList(true, total_bytes, headers);
+  EXPECT_EQ("", stream_->data());
+  EXPECT_FALSE(stream_->header_list().empty());
+  EXPECT_FALSE(stream_->IsDoneReading());
+  EXPECT_TRUE(stream_->HasFinalReceivedByteOffset());
+}
+
 TEST_P(QuicSpdyStreamTest, ParseHeaderStatusCode) {
   // A valid status code should be 3-digit integer. The first digit should be in
   // the range of [1, 5]. All the others are invalid.
@@ -407,7 +443,7 @@ TEST_P(QuicSpdyStreamTest, StreamFlowControlBlocked) {
   GenerateBody(&body, kWindow + kOverflow);
 
   EXPECT_CALL(*connection_, SendBlocked(kClientDataStreamId1));
-  EXPECT_CALL(*session_, WritevData(kClientDataStreamId1, _, _, _, _))
+  EXPECT_CALL(*session_, WritevData(stream_, kClientDataStreamId1, _, _, _, _))
       .WillOnce(Return(QuicConsumedData(kWindow, true)));
   stream_->WriteOrBufferData(body, false, nullptr);
 
@@ -653,7 +689,7 @@ TEST_P(QuicSpdyStreamTest, StreamFlowControlFinNotBlocked) {
   bool fin = true;
 
   EXPECT_CALL(*connection_, SendBlocked(kClientDataStreamId1)).Times(0);
-  EXPECT_CALL(*session_, WritevData(kClientDataStreamId1, _, _, _, _))
+  EXPECT_CALL(*session_, WritevData(stream_, kClientDataStreamId1, _, _, _, _))
       .WillOnce(Return(QuicConsumedData(0, fin)));
 
   stream_->WriteOrBufferData(body, fin, nullptr);
@@ -844,9 +880,9 @@ TEST_P(QuicSpdyStreamTest, WritingTrailersSendsAFin) {
   // Test that writing trailers will send a FIN, as Trailers are the last thing
   // to be sent on a stream.
   Initialize(kShouldProcessData);
-  EXPECT_CALL(*session_, WritevData(_, _, _, _, _))
+  EXPECT_CALL(*session_, WritevData(_, _, _, _, _, _))
       .Times(AnyNumber())
-      .WillRepeatedly(Invoke(MockQuicSpdySession::ConsumeAllData));
+      .WillRepeatedly(Invoke(MockQuicSession::ConsumeAllData));
 
   // Write the initial headers, without a FIN.
   EXPECT_CALL(*session_, WriteHeaders(_, _, _, _, _));
@@ -865,9 +901,9 @@ TEST_P(QuicSpdyStreamTest, WritingTrailersFinalOffset) {
   // Test that when writing trailers, the trailers that are actually sent to the
   // peer contain the final offset field indicating last byte of data.
   Initialize(kShouldProcessData);
-  EXPECT_CALL(*session_, WritevData(_, _, _, _, _))
+  EXPECT_CALL(*session_, WritevData(_, _, _, _, _, _))
       .Times(AnyNumber())
-      .WillRepeatedly(Invoke(MockQuicSpdySession::ConsumeAllData));
+      .WillRepeatedly(Invoke(MockQuicSession::ConsumeAllData));
 
   // Write the initial headers.
   EXPECT_CALL(*session_, WriteHeaders(_, _, _, _, _));
@@ -892,9 +928,9 @@ TEST_P(QuicSpdyStreamTest, WritingTrailersClosesWriteSide) {
   // Test that if trailers are written after all other data has been written
   // (headers and body), that this closes the stream for writing.
   Initialize(kShouldProcessData);
-  EXPECT_CALL(*session_, WritevData(_, _, _, _, _))
+  EXPECT_CALL(*session_, WritevData(_, _, _, _, _, _))
       .Times(AnyNumber())
-      .WillRepeatedly(Invoke(MockQuicSpdySession::ConsumeAllData));
+      .WillRepeatedly(Invoke(MockQuicSession::ConsumeAllData));
 
   // Write the initial headers.
   EXPECT_CALL(*session_, WriteHeaders(_, _, _, _, _));
@@ -917,9 +953,9 @@ TEST_P(QuicSpdyStreamTest, WritingTrailersWithQueuedBytes) {
   // Test that the stream is not closed for writing when trailers are sent
   // while there are still body bytes queued.
   Initialize(kShouldProcessData);
-  EXPECT_CALL(*session_, WritevData(_, _, _, _, _))
+  EXPECT_CALL(*session_, WritevData(_, _, _, _, _, _))
       .Times(AnyNumber())
-      .WillRepeatedly(Invoke(MockQuicSpdySession::ConsumeAllData));
+      .WillRepeatedly(Invoke(MockQuicSession::ConsumeAllData));
 
   // Write the initial headers.
   EXPECT_CALL(*session_, WriteHeaders(_, _, _, _, _));
@@ -927,7 +963,7 @@ TEST_P(QuicSpdyStreamTest, WritingTrailersWithQueuedBytes) {
 
   // Write non-zero body data, but only consume partially, ensuring queueing.
   const int kBodySize = 1 * 1024;  // 1 MB
-  EXPECT_CALL(*session_, WritevData(_, _, _, _, _))
+  EXPECT_CALL(*session_, WritevData(_, _, _, _, _, _))
       .WillOnce(Return(QuicConsumedData(kBodySize - 1, false)));
   stream_->WriteOrBufferData(string(kBodySize, 'x'), false, nullptr);
   EXPECT_EQ(1u, stream_->queued_data_bytes());
@@ -944,9 +980,9 @@ TEST_P(QuicSpdyStreamTest, WritingTrailersWithQueuedBytes) {
 TEST_P(QuicSpdyStreamTest, WritingTrailersAfterFIN) {
   // Test that it is not possible to write Trailers after a FIN has been sent.
   Initialize(kShouldProcessData);
-  EXPECT_CALL(*session_, WritevData(_, _, _, _, _))
+  EXPECT_CALL(*session_, WritevData(_, _, _, _, _, _))
       .Times(AnyNumber())
-      .WillRepeatedly(Invoke(MockQuicSpdySession::ConsumeAllData));
+      .WillRepeatedly(Invoke(MockQuicSession::ConsumeAllData));
 
   // Write the initial headers, with a FIN.
   EXPECT_CALL(*session_, WriteHeaders(_, _, _, _, _));
diff --git a/chromium/net/quic/quic_stream_factory.cc b/chromium/net/quic/quic_stream_factory.cc
index 385b2552204..e431d69e1d3 100644
--- a/chromium/net/quic/quic_stream_factory.cc
+++ b/chromium/net/quic/quic_stream_factory.cc
@@ -5,11 +5,14 @@
 #include "net/quic/quic_stream_factory.h"
 
 #include <algorithm>
-#include <set>
+#include <tuple>
 #include <utility>
 
+#include <openssl/aead.h>
+
 #include "base/location.h"
 #include "base/macros.h"
+#include "base/memory/ptr_util.h"
 #include "base/metrics/field_trial.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/metrics/sparse_histogram.h"
@@ -18,13 +21,12 @@
 #include "base/stl_util.h"
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/trace_event/trace_event.h"
 #include "base/values.h"
+#include "crypto/openssl_util.h"
 #include "net/base/ip_address.h"
 #include "net/base/net_errors.h"
-#include "net/base/socket_performance_watcher.h"
-#include "net/base/socket_performance_watcher_factory.h"
 #include "net/cert/cert_verifier.h"
 #include "net/cert/ct_verifier.h"
 #include "net/dns/host_resolver.h"
@@ -37,6 +39,7 @@
 #include "net/quic/crypto/quic_random.h"
 #include "net/quic/crypto/quic_server_info.h"
 #include "net/quic/port_suggester.h"
+#include "net/quic/quic_chromium_alarm_factory.h"
 #include "net/quic/quic_chromium_client_session.h"
 #include "net/quic/quic_chromium_connection_helper.h"
 #include "net/quic/quic_chromium_packet_reader.h"
@@ -50,22 +53,12 @@
 #include "net/quic/quic_protocol.h"
 #include "net/quic/quic_server_id.h"
 #include "net/socket/client_socket_factory.h"
+#include "net/socket/socket_performance_watcher.h"
+#include "net/socket/socket_performance_watcher_factory.h"
 #include "net/ssl/token_binding.h"
 #include "net/udp/udp_client_socket.h"
 
-#if defined(OS_WIN)
-#include "base/win/windows_version.h"
-#endif
-
-#if defined(USE_OPENSSL)
-#include <openssl/aead.h>
-#include "crypto/openssl_util.h"
-#else
-#include "base/cpu.h"
-#endif
-
 using std::min;
-using std::vector;
 using NetworkHandle = net::NetworkChangeNotifier::NetworkHandle;
 
 namespace net {
@@ -107,15 +100,6 @@ void HistogramMigrationStatus(enum QuicConnectionMigrationStatus status) {
                             MIGRATION_STATUS_MAX);
 }
 
-bool IsEcdsaSupported() {
-#if defined(OS_WIN)
-  if (base::win::GetVersion() < base::win::VERSION_VISTA)
-    return false;
-#endif
-
-  return true;
-}
-
 QuicConfig InitializeQuicConfig(const QuicTagVector& connection_options,
                                 int idle_connection_timeout_seconds) {
   DCHECK_GT(idle_connection_timeout_seconds, 0);
@@ -135,8 +119,7 @@ class QuicStreamFactory::Job {
  public:
   Job(QuicStreamFactory* factory,
       HostResolver* host_resolver,
-      const QuicServerId& server_id,
-      bool server_and_origin_have_same_host,
+      const QuicSessionKey& key,
       bool was_alternative_service_recently_broken,
       int cert_verify_flags,
       bool is_post,
@@ -148,7 +131,7 @@ class QuicStreamFactory::Job {
   Job(QuicStreamFactory* factory,
       HostResolver* host_resolver,
       QuicChromiumClientSession* session,
-      QuicServerId server_id);
+      const QuicSessionKey& key);
 
   ~Job();
 
@@ -171,7 +154,7 @@ class QuicStreamFactory::Job {
 
   void CancelWaitForDataReadyCallback();
 
-  const QuicServerId server_id() const { return server_id_; }
+  const QuicSessionKey& key() const { return key_; }
 
   base::WeakPtr<Job> GetWeakPtr() { return weak_factory_.GetWeakPtr(); }
 
@@ -190,13 +173,11 @@ class QuicStreamFactory::Job {
 
   QuicStreamFactory* factory_;
   SingleRequestHostResolver host_resolver_;
-  QuicServerId server_id_;
+  QuicSessionKey key_;
   int cert_verify_flags_;
-  // True if and only if server and origin have the same hostname.
-  bool server_and_origin_have_same_host_;
   bool is_post_;
   bool was_alternative_service_recently_broken_;
-  scoped_ptr<QuicServerInfo> server_info_;
+  std::unique_ptr<QuicServerInfo> server_info_;
   bool started_another_job_;
   const BoundNetLog net_log_;
   int num_sent_client_hellos_;
@@ -211,8 +192,7 @@ class QuicStreamFactory::Job {
 
 QuicStreamFactory::Job::Job(QuicStreamFactory* factory,
                             HostResolver* host_resolver,
-                            const QuicServerId& server_id,
-                            bool server_and_origin_have_same_host,
+                            const QuicSessionKey& key,
                             bool was_alternative_service_recently_broken,
                             int cert_verify_flags,
                             bool is_post,
@@ -221,9 +201,8 @@ QuicStreamFactory::Job::Job(QuicStreamFactory* factory,
     : io_state_(STATE_RESOLVE_HOST),
       factory_(factory),
       host_resolver_(host_resolver),
-      server_id_(server_id),
+      key_(key),
       cert_verify_flags_(cert_verify_flags),
-      server_and_origin_have_same_host_(server_and_origin_have_same_host),
       is_post_(is_post),
       was_alternative_service_recently_broken_(
           was_alternative_service_recently_broken),
@@ -237,13 +216,12 @@ QuicStreamFactory::Job::Job(QuicStreamFactory* factory,
 QuicStreamFactory::Job::Job(QuicStreamFactory* factory,
                             HostResolver* host_resolver,
                             QuicChromiumClientSession* session,
-                            QuicServerId server_id)
+                            const QuicSessionKey& key)
     : io_state_(STATE_RESUME_CONNECT),
       factory_(factory),
       host_resolver_(host_resolver),  // unused
-      server_id_(server_id),
+      key_(key),
       cert_verify_flags_(0),                            // unused
-      server_and_origin_have_same_host_(false),         // unused
       is_post_(false),                                  // unused
       was_alternative_service_recently_broken_(false),  // unused
       started_another_job_(false),                      // unused
@@ -344,7 +322,7 @@ int QuicStreamFactory::Job::DoResolveHost() {
   io_state_ = STATE_RESOLVE_HOST_COMPLETE;
   dns_resolution_start_time_ = base::TimeTicks::Now();
   return host_resolver_.Resolve(
-      HostResolver::RequestInfo(server_id_.host_port_pair()), DEFAULT_PRIORITY,
+      HostResolver::RequestInfo(key_.destination()), DEFAULT_PRIORITY,
       &address_list_,
       base::Bind(&QuicStreamFactory::Job::OnIOComplete, GetWeakPtr()),
       net_log_);
@@ -357,11 +335,11 @@ int QuicStreamFactory::Job::DoResolveHostComplete(int rv) {
   if (rv != OK)
     return rv;
 
-  DCHECK(!factory_->HasActiveSession(server_id_));
+  DCHECK(!factory_->HasActiveSession(key_.server_id()));
 
   // Inform the factory of this resolution, which will set up
   // a session alias, if possible.
-  if (factory_->OnResolution(server_id_, address_list_)) {
+  if (factory_->OnResolution(key_, address_list_)) {
     return OK;
   }
 
@@ -383,12 +361,12 @@ int QuicStreamFactory::Job::DoLoadServerInfo() {
     const int kMaxLoadServerInfoTimeoutMs = 50;
     // Wait for DiskCache a maximum of 50ms.
     int64_t load_server_info_timeout_ms =
-        min(static_cast<int>(
-                (factory_->load_server_info_timeout_srtt_multiplier_ *
-                 factory_->GetServerNetworkStatsSmoothedRttInMicroseconds(
-                     server_id_)) /
-                1000),
-            kMaxLoadServerInfoTimeoutMs);
+        std::min(static_cast<int>(
+                     (factory_->load_server_info_timeout_srtt_multiplier_ *
+                      factory_->GetServerNetworkStatsSmoothedRttInMicroseconds(
+                          key_.server_id())) /
+                     1000),
+                 kMaxLoadServerInfoTimeoutMs);
     if (load_server_info_timeout_ms > 0) {
       factory_->task_runner_->PostDelayedTask(
           FROM_HERE,
@@ -404,9 +382,7 @@ int QuicStreamFactory::Job::DoLoadServerInfo() {
     // If we are waiting to load server config from the disk cache, then start
     // another job.
     started_another_job_ = true;
-    factory_->CreateAuxilaryJob(server_id_, cert_verify_flags_,
-                                server_and_origin_have_same_host_, is_post_,
-                                net_log_);
+    factory_->CreateAuxilaryJob(key_, cert_verify_flags_, is_post_, net_log_);
   }
   return rv;
 }
@@ -420,7 +396,7 @@ int QuicStreamFactory::Job::DoLoadServerInfoComplete(int rv) {
 
   if (started_another_job_ &&
       (!server_info_ || server_info_->state().server_config.empty() ||
-       !factory_->CryptoConfigCacheIsEmpty(server_id_))) {
+       !factory_->CryptoConfigCacheIsEmpty(key_.server_id()))) {
     // If we have started another job and if we didn't load the server config
     // from the disk cache or if we have received a new server config from the
     // server, then cancel the current job.
@@ -436,7 +412,7 @@ int QuicStreamFactory::Job::DoConnect() {
   io_state_ = STATE_CONNECT_COMPLETE;
 
   int rv = factory_->CreateSession(
-      server_id_, cert_verify_flags_, std::move(server_info_), address_list_,
+      key_, cert_verify_flags_, std::move(server_info_), address_list_,
       dns_resolution_end_time_, net_log_, &session_);
   if (rv != OK) {
     DCHECK(rv != ERR_IO_PENDING);
@@ -452,13 +428,17 @@ int QuicStreamFactory::Job::DoConnect() {
   if (!session_->connection()->connected()) {
     return ERR_QUIC_PROTOCOL_ERROR;
   }
-  bool require_confirmation = factory_->require_confirmation() ||
-                              !server_and_origin_have_same_host_ || is_post_ ||
+  bool require_confirmation = factory_->require_confirmation() || is_post_ ||
                               was_alternative_service_recently_broken_;
 
   rv = session_->CryptoConnect(
       require_confirmation,
       base::Bind(&QuicStreamFactory::Job::OnIOComplete, GetWeakPtr()));
+
+  if (!session_->connection()->connected() &&
+      session_->error() == QUIC_PROOF_INVALID)
+    return ERR_QUIC_HANDSHAKE_FAILED;
+
   return rv;
 }
 
@@ -486,11 +466,11 @@ int QuicStreamFactory::Job::DoConnectComplete(int rv) {
   if (rv != OK)
     return rv;
 
-  DCHECK(!factory_->HasActiveSession(server_id_));
+  DCHECK(!factory_->HasActiveSession(key_.server_id()));
   // There may well now be an active session for this IP.  If so, use the
   // existing session instead.
   AddressList address(session_->connection()->peer_address());
-  if (factory_->OnResolution(server_id_, address)) {
+  if (factory_->OnResolution(key_, address)) {
     session_->connection()->CloseConnection(
         QUIC_CONNECTION_IP_POOLED, "An active session exists for the given IP.",
         ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
@@ -498,7 +478,7 @@ int QuicStreamFactory::Job::DoConnectComplete(int rv) {
     return OK;
   }
 
-  factory_->ActivateSession(server_id_, session_);
+  factory_->ActivateSession(key_, session_);
 
   return OK;
 }
@@ -511,7 +491,7 @@ QuicStreamRequest::~QuicStreamRequest() {
     factory_->CancelRequest(this);
 }
 
-int QuicStreamRequest::Request(const HostPortPair& host_port_pair,
+int QuicStreamRequest::Request(const HostPortPair& destination,
                                PrivacyMode privacy_mode,
                                int cert_verify_flags,
                                const GURL& url,
@@ -520,13 +500,11 @@ int QuicStreamRequest::Request(const HostPortPair& host_port_pair,
                                const CompletionCallback& callback) {
   DCHECK(callback_.is_null());
   DCHECK(factory_);
-  origin_host_ = url.host();
-  privacy_mode_ = privacy_mode;
+  server_id_ = QuicServerId(HostPortPair::FromURL(url), privacy_mode);
 
-  int rv = factory_->Create(host_port_pair, privacy_mode, cert_verify_flags,
-                            url, method, net_log, this);
+  int rv = factory_->Create(server_id_, destination, cert_verify_flags, url,
+                            method, net_log, this);
   if (rv == ERR_IO_PENDING) {
-    host_port_pair_ = host_port_pair;
     net_log_ = net_log;
     callback_ = callback;
   } else {
@@ -550,21 +528,20 @@ void QuicStreamRequest::OnRequestComplete(int rv) {
 base::TimeDelta QuicStreamRequest::GetTimeDelayForWaitingJob() const {
   if (!factory_)
     return base::TimeDelta();
-  return factory_->GetTimeDelayForWaitingJob(
-      QuicServerId(host_port_pair_, privacy_mode_));
+  return factory_->GetTimeDelayForWaitingJob(server_id_);
 }
 
-scoped_ptr<QuicHttpStream> QuicStreamRequest::CreateStream() {
+std::unique_ptr<QuicHttpStream> QuicStreamRequest::CreateStream() {
   if (!session_)
     return nullptr;
-  return make_scoped_ptr(new QuicHttpStream(session_));
+  return base::WrapUnique(new QuicHttpStream(session_));
 }
 
-scoped_ptr<BidirectionalStreamImpl>
+std::unique_ptr<BidirectionalStreamImpl>
 QuicStreamRequest::CreateBidirectionalStreamImpl() {
   if (!session_)
     return nullptr;
-  return make_scoped_ptr(new BidirectionalStreamQuicImpl(session_));
+  return base::WrapUnique(new BidirectionalStreamQuicImpl(session_));
 }
 
 QuicStreamFactory::QuicStreamFactory(
@@ -669,6 +646,7 @@ QuicStreamFactory::QuicStreamFactory(
   DCHECK(http_server_properties_);
   crypto_config_.set_user_agent_id(user_agent_id);
   crypto_config_.AddCanonicalSuffix(".c.youtube.com");
+  crypto_config_.AddCanonicalSuffix(".ggpht.com");
   crypto_config_.AddCanonicalSuffix(".googlevideo.com");
   crypto_config_.AddCanonicalSuffix(".googleusercontent.com");
   // TODO(rtenneti): http://crbug.com/487355. Temporary fix for b/20760730 until
@@ -677,21 +655,14 @@ QuicStreamFactory::QuicStreamFactory(
     crypto_config_.SetChannelIDSource(
         new ChannelIDSourceChromium(channel_id_service));
   }
-  if (enable_token_binding && channel_id_service && IsTokenBindingSupported())
+  if (enable_token_binding && channel_id_service)
     crypto_config_.tb_key_params.push_back(kP256);
-#if defined(USE_OPENSSL)
   crypto::EnsureOpenSSLInit();
   bool has_aes_hardware_support = !!EVP_has_aes_hardware();
-#else
-  base::CPU cpu;
-  bool has_aes_hardware_support = cpu.has_aesni() && cpu.has_avx();
-#endif
   UMA_HISTOGRAM_BOOLEAN("Net.QuicSession.PreferAesGcm",
                         has_aes_hardware_support);
   if (has_aes_hardware_support || prefer_aes_)
     crypto_config_.PreferAesGcm();
-  if (!IsEcdsaSupported())
-    crypto_config_.DisableEcdsa();
   // When disk cache is used to store the server configs, HttpCache code calls
   // |set_quic_server_info_factory| if |quic_server_info_factory_| wasn't
   // created.
@@ -764,27 +735,35 @@ void QuicStreamFactory::set_quic_server_info_factory(
   quic_server_info_factory_.reset(quic_server_info_factory);
 }
 
-bool QuicStreamFactory::CanUseExistingSession(QuicServerId server_id,
-                                              PrivacyMode privacy_mode,
-                                              StringPiece origin_host) {
+bool QuicStreamFactory::CanUseExistingSession(const QuicServerId& server_id,
+                                              const HostPortPair& destination) {
   // TODO(zhongyi): delete active_sessions_.empty() checks once the
   // android crash issue(crbug.com/498823) is resolved.
   if (active_sessions_.empty())
     return false;
-  SessionMap::iterator it = active_sessions_.find(server_id);
-  if (it == active_sessions_.end())
-    return false;
-  QuicChromiumClientSession* session = it->second;
-  return session->CanPool(origin_host.as_string(), privacy_mode);
+
+  if (ContainsKey(active_sessions_, server_id))
+    return true;
+
+  for (const auto& key_value : active_sessions_) {
+    QuicChromiumClientSession* session = key_value.second;
+    if (destination.Equals(all_sessions_[session].destination()) &&
+        session->CanPool(server_id.host(), server_id.privacy_mode())) {
+      return true;
+    }
+  }
+
+  return false;
 }
 
-int QuicStreamFactory::Create(const HostPortPair& host_port_pair,
-                              PrivacyMode privacy_mode,
+int QuicStreamFactory::Create(const QuicServerId& server_id,
+                              const HostPortPair& destination,
                               int cert_verify_flags,
                               const GURL& url,
                               base::StringPiece method,
                               const BoundNetLog& net_log,
                               QuicStreamRequest* request) {
+  DCHECK(server_id.host_port_pair().Equals(HostPortPair::FromURL(url)));
   // Enforce session affinity for promised streams.
   QuicClientPromisedInfo* promised =
       push_promise_index_.GetPromised(url.spec());
@@ -792,7 +771,7 @@ int QuicStreamFactory::Create(const HostPortPair& host_port_pair,
     QuicChromiumClientSession* session =
         static_cast<QuicChromiumClientSession*>(promised->session());
     DCHECK(session);
-    if (session->server_id().privacy_mode() == privacy_mode) {
+    if (session->server_id().privacy_mode() == server_id.privacy_mode()) {
       request->SetSession(session);
       ++num_push_streams_created_;
       return OK;
@@ -803,25 +782,36 @@ int QuicStreamFactory::Create(const HostPortPair& host_port_pair,
     promised->Cancel();
   }
 
-  QuicServerId server_id(host_port_pair, privacy_mode);
+  // Use active session for |server_id| if such exists.
   // TODO(rtenneti): crbug.com/498823 - delete active_sessions_.empty() checks.
   if (!active_sessions_.empty()) {
     SessionMap::iterator it = active_sessions_.find(server_id);
     if (it != active_sessions_.end()) {
       QuicChromiumClientSession* session = it->second;
-      if (!session->CanPool(url.host(), privacy_mode))
-        return ERR_ALTERNATIVE_CERT_NOT_VALID_FOR_ORIGIN;
       request->SetSession(session);
       return OK;
     }
   }
 
+  // Associate with active job to |server_id| if such exists.
   if (HasActiveJob(server_id)) {
     active_requests_[request] = server_id;
     job_requests_map_[server_id].insert(request);
     return ERR_IO_PENDING;
   }
 
+  // Pool to active session to |destination| if possible.
+  if (!active_sessions_.empty() && !disable_connection_pooling_) {
+    for (const auto& key_value : active_sessions_) {
+      QuicChromiumClientSession* session = key_value.second;
+      if (destination.Equals(all_sessions_[session].destination()) &&
+          session->CanPool(server_id.host(), server_id.privacy_mode())) {
+        request->SetSession(session);
+        return OK;
+      }
+    }
+  }
+
   // TODO(rtenneti): |task_runner_| is used by the Job. Initialize task_runner_
   // in the constructor after WebRequestActionWithThreadsTest.* tests are fixed.
   if (!task_runner_)
@@ -831,7 +821,7 @@ int QuicStreamFactory::Create(const HostPortPair& host_port_pair,
   if (quic_server_info_factory_.get()) {
     bool load_from_disk_cache = !disable_disk_cache_;
     MaybeInitialize();
-    if (!ContainsKey(quic_supported_servers_at_startup_, host_port_pair)) {
+    if (!ContainsKey(quic_supported_servers_at_startup_, destination)) {
       // If there is no entry for QUIC, consider that as a new server and
       // don't wait for Cache thread to load the data for that server.
       load_from_disk_cache = false;
@@ -841,11 +831,11 @@ int QuicStreamFactory::Create(const HostPortPair& host_port_pair,
     }
   }
 
-  bool server_and_origin_have_same_host = host_port_pair.host() == url.host();
-  scoped_ptr<Job> job(
-      new Job(this, host_resolver_, server_id, server_and_origin_have_same_host,
-              WasQuicRecentlyBroken(server_id), cert_verify_flags,
-              method == "POST" /* is_post */, quic_server_info, net_log));
+  QuicSessionKey key(destination, server_id);
+  std::unique_ptr<Job> job(
+      new Job(this, host_resolver_, key, WasQuicRecentlyBroken(server_id),
+              cert_verify_flags, method == "POST" /* is_post */,
+              quic_server_info, net_log));
   int rv = job->Run(base::Bind(&QuicStreamFactory::OnJobComplete,
                                base::Unretained(this), job.get()));
   if (rv == ERR_IO_PENDING) {
@@ -864,30 +854,44 @@ int QuicStreamFactory::Create(const HostPortPair& host_port_pair,
     if (it == active_sessions_.end())
       return ERR_QUIC_PROTOCOL_ERROR;
     QuicChromiumClientSession* session = it->second;
-    if (!session->CanPool(url.host(), privacy_mode))
-      return ERR_ALTERNATIVE_CERT_NOT_VALID_FOR_ORIGIN;
     request->SetSession(session);
   }
   return rv;
 }
 
-void QuicStreamFactory::CreateAuxilaryJob(const QuicServerId server_id,
+QuicStreamFactory::QuicSessionKey::QuicSessionKey(
+    const HostPortPair& destination,
+    const QuicServerId& server_id)
+    : destination_(destination), server_id_(server_id) {}
+
+bool QuicStreamFactory::QuicSessionKey::operator<(
+    const QuicSessionKey& other) const {
+  return std::tie(destination_, server_id_) <
+         std::tie(other.destination_, other.server_id_);
+}
+
+bool QuicStreamFactory::QuicSessionKey::operator==(
+    const QuicSessionKey& other) const {
+  return destination_.Equals(other.destination_) &&
+         server_id_ == other.server_id_;
+}
+
+void QuicStreamFactory::CreateAuxilaryJob(const QuicSessionKey& key,
                                           int cert_verify_flags,
-                                          bool server_and_origin_have_same_host,
                                           bool is_post,
                                           const BoundNetLog& net_log) {
   Job* aux_job =
-      new Job(this, host_resolver_, server_id, server_and_origin_have_same_host,
-              WasQuicRecentlyBroken(server_id), cert_verify_flags, is_post,
-              nullptr, net_log);
-  active_jobs_[server_id].insert(aux_job);
+      new Job(this, host_resolver_, key, WasQuicRecentlyBroken(key.server_id()),
+              cert_verify_flags, is_post, nullptr, net_log);
+  active_jobs_[key.server_id()].insert(aux_job);
   task_runner_->PostTask(FROM_HERE,
                          base::Bind(&QuicStreamFactory::Job::RunAuxilaryJob,
                                     aux_job->GetWeakPtr()));
 }
 
-bool QuicStreamFactory::OnResolution(const QuicServerId& server_id,
+bool QuicStreamFactory::OnResolution(const QuicSessionKey& key,
                                      const AddressList& address_list) {
+  const QuicServerId& server_id(key.server_id());
   DCHECK(!HasActiveSession(server_id));
   if (disable_connection_pooling_) {
     return false;
@@ -901,7 +905,7 @@ bool QuicStreamFactory::OnResolution(const QuicServerId& server_id,
       if (!session->CanPool(server_id.host(), server_id.privacy_mode()))
         continue;
       active_sessions_[server_id] = session;
-      session_aliases_[session].insert(server_id);
+      session_aliases_[session].insert(key);
       return true;
     }
   }
@@ -909,7 +913,9 @@ bool QuicStreamFactory::OnResolution(const QuicServerId& server_id,
 }
 
 void QuicStreamFactory::OnJobComplete(Job* job, int rv) {
-  QuicServerId server_id = job->server_id();
+  // Copy |server_id|, because |job| might be destroyed before this method
+  // returns.
+  const QuicServerId server_id(job->key().server_id());
   if (rv != OK) {
     JobSet* jobs = &(active_jobs_[server_id]);
     if (jobs->size() > 1) {
@@ -926,26 +932,15 @@ void QuicStreamFactory::OnJobComplete(Job* job, int rv) {
     if (!always_require_handshake_confirmation_)
       set_require_confirmation(false);
 
-    // Create all the streams, but do not notify them yet.
-    SessionMap::iterator session_it = active_sessions_.find(server_id);
-    for (RequestSet::iterator request_it = job_requests_map_[server_id].begin();
-         request_it != job_requests_map_[server_id].end();) {
+    if (!job_requests_map_[server_id].empty()) {
+      SessionMap::iterator session_it = active_sessions_.find(server_id);
       DCHECK(session_it != active_sessions_.end());
       QuicChromiumClientSession* session = session_it->second;
-      QuicStreamRequest* request = *request_it;
-      if (!session->CanPool(request->origin_host(), request->privacy_mode())) {
-        RequestSet::iterator old_request_it = request_it;
-        ++request_it;
-        // Remove request from containers so that OnRequestComplete() is not
-        // called later again on the same request.
-        job_requests_map_[server_id].erase(old_request_it);
-        active_requests_.erase(request);
-        // Notify request of certificate error.
-        request->OnRequestComplete(ERR_ALTERNATIVE_CERT_NOT_VALID_FOR_ORIGIN);
-        continue;
+      for (QuicStreamRequest* request : job_requests_map_[server_id]) {
+        DCHECK(request->server_id() == server_id);
+        // Do not notify |request| yet.
+        request->SetSession(session);
       }
-      request->SetSession(session);
-      ++request_it;
     }
   }
 
@@ -970,9 +965,10 @@ void QuicStreamFactory::OnJobComplete(Job* job, int rv) {
   job_requests_map_.erase(server_id);
 }
 
-scoped_ptr<QuicHttpStream> QuicStreamFactory::CreateFromSession(
+std::unique_ptr<QuicHttpStream> QuicStreamFactory::CreateFromSession(
     QuicChromiumClientSession* session) {
-  return scoped_ptr<QuicHttpStream>(new QuicHttpStream(session->GetWeakPtr()));
+  return std::unique_ptr<QuicHttpStream>(
+      new QuicHttpStream(session->GetWeakPtr()));
 }
 
 QuicChromiumClientSession::QuicDisabledReason
@@ -1079,18 +1075,19 @@ void QuicStreamFactory::OnSessionGoingAway(QuicChromiumClientSession* session) {
   const AliasSet& aliases = session_aliases_[session];
   for (AliasSet::const_iterator it = aliases.begin(); it != aliases.end();
        ++it) {
-    DCHECK(active_sessions_.count(*it));
-    DCHECK_EQ(session, active_sessions_[*it]);
+    const QuicServerId& server_id = it->server_id();
+    DCHECK(active_sessions_.count(server_id));
+    DCHECK_EQ(session, active_sessions_[server_id]);
     // Track sessions which have recently gone away so that we can disable
     // port suggestions.
     if (session->goaway_received()) {
       gone_away_aliases_.insert(*it);
     }
 
-    active_sessions_.erase(*it);
-    ProcessGoingAwaySession(session, *it, true);
+    active_sessions_.erase(server_id);
+    ProcessGoingAwaySession(session, server_id, true);
   }
-  ProcessGoingAwaySession(session, all_sessions_[session], false);
+  ProcessGoingAwaySession(session, all_sessions_[session].server_id(), false);
   if (!aliases.empty()) {
     const IPEndPoint peer_address = session->connection()->peer_address();
     ip_aliases_[peer_address].erase(session);
@@ -1200,36 +1197,39 @@ void QuicStreamFactory::OnSessionClosed(QuicChromiumClientSession* session) {
 void QuicStreamFactory::OnSessionConnectTimeout(
     QuicChromiumClientSession* session) {
   const AliasSet& aliases = session_aliases_[session];
-  for (AliasSet::const_iterator it = aliases.begin(); it != aliases.end();
-       ++it) {
-    DCHECK(active_sessions_.count(*it));
-    DCHECK_EQ(session, active_sessions_[*it]);
-    active_sessions_.erase(*it);
-  }
 
   if (aliases.empty()) {
     return;
   }
 
+  for (const QuicSessionKey& key : aliases) {
+    const QuicServerId& server_id = key.server_id();
+    SessionMap::iterator session_it = active_sessions_.find(server_id);
+    DCHECK(session_it != active_sessions_.end());
+    DCHECK_EQ(session, session_it->second);
+    active_sessions_.erase(session_it);
+  }
+
   const IPEndPoint peer_address = session->connection()->peer_address();
   ip_aliases_[peer_address].erase(session);
   if (ip_aliases_[peer_address].empty()) {
     ip_aliases_.erase(peer_address);
   }
-  QuicServerId server_id = *aliases.begin();
+  QuicSessionKey key = *aliases.begin();
   session_aliases_.erase(session);
-  Job* job = new Job(this, host_resolver_, session, server_id);
-  active_jobs_[server_id].insert(job);
+  Job* job = new Job(this, host_resolver_, session, key);
+  active_jobs_[key.server_id()].insert(job);
   int rv = job->Run(base::Bind(&QuicStreamFactory::OnJobComplete,
                                base::Unretained(this), job));
   DCHECK_EQ(ERR_IO_PENDING, rv);
 }
 
 void QuicStreamFactory::CancelRequest(QuicStreamRequest* request) {
-  DCHECK(ContainsKey(active_requests_, request));
-  QuicServerId server_id = active_requests_[request];
+  RequestMap::iterator request_it = active_requests_.find(request);
+  DCHECK(request_it != active_requests_.end());
+  const QuicServerId& server_id = request_it->second;
   job_requests_map_[server_id].erase(request);
-  active_requests_.erase(request);
+  active_requests_.erase(request_it);
 }
 
 void QuicStreamFactory::CloseAllSessions(int error, QuicErrorCode quic_error) {
@@ -1247,9 +1247,9 @@ void QuicStreamFactory::CloseAllSessions(int error, QuicErrorCode quic_error) {
   DCHECK(all_sessions_.empty());
 }
 
-scoped_ptr<base::Value> QuicStreamFactory::QuicStreamFactoryInfoToValue()
+std::unique_ptr<base::Value> QuicStreamFactory::QuicStreamFactoryInfoToValue()
     const {
-  scoped_ptr<base::ListValue> list(new base::ListValue());
+  std::unique_ptr<base::ListValue> list(new base::ListValue());
 
   for (SessionMap::const_iterator it = active_sessions_.begin();
        it != active_sessions_.end(); ++it) {
@@ -1257,11 +1257,11 @@ scoped_ptr<base::Value> QuicStreamFactory::QuicStreamFactoryInfoToValue()
     QuicChromiumClientSession* session = it->second;
     const AliasSet& aliases = session_aliases_.find(session)->second;
     // Only add a session to the list once.
-    if (server_id == *aliases.begin()) {
+    if (server_id == aliases.begin()->server_id()) {
       std::set<HostPortPair> hosts;
       for (AliasSet::const_iterator alias_it = aliases.begin();
            alias_it != aliases.end(); ++alias_it) {
-        hosts.insert(alias_it->host_port_pair());
+        hosts.insert(alias_it->server_id().host_port_pair());
       }
       list->Append(session->GetInfoAsValue(hosts));
     }
@@ -1319,7 +1319,6 @@ void QuicStreamFactory::MaybeMigrateOrCloseSessions(NetworkHandle network,
   QuicStreamFactory::SessionIdMap::iterator it = all_sessions_.begin();
   while (it != all_sessions_.end()) {
     QuicChromiumClientSession* session = it->first;
-    QuicServerId server_id = it->second;
     ++it;
 
     if (session->GetDefaultSocket()->GetBoundNetwork() != network) {
@@ -1394,7 +1393,7 @@ void QuicStreamFactory::MigrateSessionToNetwork(
   // Use OS-specified port for socket (DEFAULT_BIND) instead of
   // using the PortSuggester since the connection is being migrated
   // and not being newly created.
-  scoped_ptr<DatagramClientSocket> socket(
+  std::unique_ptr<DatagramClientSocket> socket(
       client_socket_factory_->CreateDatagramClientSocket(
           DatagramSocket::DEFAULT_BIND, RandIntCallback(),
           session->net_log().net_log(), session->net_log().source()));
@@ -1405,10 +1404,11 @@ void QuicStreamFactory::MigrateSessionToNetwork(
     HistogramMigrationStatus(MIGRATION_STATUS_INTERNAL_ERROR);
     return;
   }
-  scoped_ptr<QuicChromiumPacketReader> new_reader(new QuicChromiumPacketReader(
-      socket.get(), clock_.get(), session, yield_after_packets_,
-      yield_after_duration_, session->net_log()));
-  scoped_ptr<QuicPacketWriter> new_writer(
+  std::unique_ptr<QuicChromiumPacketReader> new_reader(
+      new QuicChromiumPacketReader(socket.get(), clock_.get(), session,
+                                   yield_after_packets_, yield_after_duration_,
+                                   session->net_log()));
+  std::unique_ptr<QuicPacketWriter> new_writer(
       new QuicChromiumPacketWriter(socket.get()));
 
   if (!session->MigrateToSocket(std::move(socket), std::move(new_reader),
@@ -1449,8 +1449,8 @@ bool QuicStreamFactory::HasActiveSession(const QuicServerId& server_id) const {
   return ContainsKey(active_sessions_, server_id);
 }
 
-bool QuicStreamFactory::HasActiveJob(const QuicServerId& key) const {
-  return ContainsKey(active_jobs_, key);
+bool QuicStreamFactory::HasActiveJob(const QuicServerId& server_id) const {
+  return ContainsKey(active_jobs_, server_id);
 }
 
 int QuicStreamFactory::ConfigureSocket(DatagramClientSocket* socket,
@@ -1514,23 +1514,25 @@ int QuicStreamFactory::ConfigureSocket(DatagramClientSocket* socket,
   return OK;
 }
 
-int QuicStreamFactory::CreateSession(const QuicServerId& server_id,
-                                     int cert_verify_flags,
-                                     scoped_ptr<QuicServerInfo> server_info,
-                                     const AddressList& address_list,
-                                     base::TimeTicks dns_resolution_end_time,
-                                     const BoundNetLog& net_log,
-                                     QuicChromiumClientSession** session) {
+int QuicStreamFactory::CreateSession(
+    const QuicSessionKey& key,
+    int cert_verify_flags,
+    std::unique_ptr<QuicServerInfo> server_info,
+    const AddressList& address_list,
+    base::TimeTicks dns_resolution_end_time,
+    const BoundNetLog& net_log,
+    QuicChromiumClientSession** session) {
   TRACE_EVENT0("net", "QuicStreamFactory::CreateSession");
   IPEndPoint addr = *address_list.begin();
   bool enable_port_selection = enable_port_selection_;
-  if (enable_port_selection && ContainsKey(gone_away_aliases_, server_id)) {
+  if (enable_port_selection && ContainsKey(gone_away_aliases_, key)) {
     // Disable port selection when the server is going away.
     // There is no point in trying to return to the same server, if
     // that server is no longer handling requests.
     enable_port_selection = false;
-    gone_away_aliases_.erase(server_id);
+    gone_away_aliases_.erase(key);
   }
+  const QuicServerId& server_id = key.server_id();
   scoped_refptr<PortSuggester> port_suggester =
       new PortSuggester(server_id.host_port_pair(), port_seed_);
   DatagramSocket::BindType bind_type =
@@ -1538,7 +1540,7 @@ int QuicStreamFactory::CreateSession(const QuicServerId& server_id,
                             :            // Use our callback.
           DatagramSocket::DEFAULT_BIND;  // Use OS to randomize.
 
-  scoped_ptr<DatagramClientSocket> socket(
+  std::unique_ptr<DatagramClientSocket> socket(
       client_socket_factory_->CreateDatagramClientSocket(
           bind_type, base::Bind(&PortSuggester::SuggestPort, port_suggester),
           net_log.net_log(), net_log.source()));
@@ -1550,8 +1552,6 @@ int QuicStreamFactory::CreateSession(const QuicServerId& server_id,
     return rv;
   }
 
-  UMA_HISTOGRAM_COUNTS("Net.QuicEphemeralPortsSuggested",
-                       port_suggester->call_count());
   if (enable_port_selection) {
     DCHECK_LE(1u, port_suggester->call_count());
   } else {
@@ -1559,17 +1559,21 @@ int QuicStreamFactory::CreateSession(const QuicServerId& server_id,
   }
 
   if (!helper_.get()) {
-    helper_.reset(new QuicChromiumConnectionHelper(
-        base::ThreadTaskRunnerHandle::Get().get(), clock_.get(),
-        random_generator_));
+    helper_.reset(
+        new QuicChromiumConnectionHelper(clock_.get(), random_generator_));
+  }
+
+  if (!alarm_factory_.get()) {
+    alarm_factory_.reset(new QuicChromiumAlarmFactory(
+        base::ThreadTaskRunnerHandle::Get().get(), clock_.get()));
   }
   QuicConnectionId connection_id = random_generator_->RandUint64();
   InitializeCachedStateInCryptoConfig(server_id, server_info, &connection_id);
 
   QuicChromiumPacketWriter* writer = new QuicChromiumPacketWriter(socket.get());
   QuicConnection* connection = new QuicConnection(
-      connection_id, addr, helper_.get(), writer, true /* owns_writer */,
-      Perspective::IS_CLIENT, supported_versions_);
+      connection_id, addr, helper_.get(), alarm_factory_.get(), writer,
+      true /* owns_writer */, Perspective::IS_CLIENT, supported_versions_);
   writer->SetConnection(connection);
   connection->SetMaxPacketLength(max_packet_length_);
 
@@ -1594,7 +1598,7 @@ int QuicStreamFactory::CreateSession(const QuicServerId& server_id,
 
   // Use the factory to create a new socket performance watcher, and pass the
   // ownership to QuicChromiumClientSession.
-  scoped_ptr<SocketPerformanceWatcher> socket_performance_watcher;
+  std::unique_ptr<SocketPerformanceWatcher> socket_performance_watcher;
   if (socket_performance_watcher_factory_) {
     socket_performance_watcher =
         socket_performance_watcher_factory_->CreateSocketPerformanceWatcher(
@@ -1610,7 +1614,7 @@ int QuicStreamFactory::CreateSession(const QuicServerId& server_id,
       base::ThreadTaskRunnerHandle::Get().get(),
       std::move(socket_performance_watcher), net_log.net_log());
 
-  all_sessions_[*session] = server_id;  // owning pointer
+  all_sessions_[*session] = key;  // owning pointer
 
   (*session)->Initialize();
   bool closed_during_initialize = !ContainsKey(all_sessions_, *session) ||
@@ -1625,12 +1629,13 @@ int QuicStreamFactory::CreateSession(const QuicServerId& server_id,
   return OK;
 }
 
-void QuicStreamFactory::ActivateSession(const QuicServerId& server_id,
+void QuicStreamFactory::ActivateSession(const QuicSessionKey& key,
                                         QuicChromiumClientSession* session) {
+  const QuicServerId& server_id(key.server_id());
   DCHECK(!HasActiveSession(server_id));
   UMA_HISTOGRAM_COUNTS("Net.QuicActiveSessions", active_sessions_.size());
   active_sessions_[server_id] = session;
-  session_aliases_[session].insert(server_id);
+  session_aliases_[session].insert(key);
   const IPEndPoint peer_address = session->connection()->peer_address();
   DCHECK(!ContainsKey(ip_aliases_[peer_address], session));
   ip_aliases_[peer_address].insert(session);
@@ -1638,9 +1643,10 @@ void QuicStreamFactory::ActivateSession(const QuicServerId& server_id,
 
 int64_t QuicStreamFactory::GetServerNetworkStatsSmoothedRttInMicroseconds(
     const QuicServerId& server_id) const {
+  url::SchemeHostPort server("https", server_id.host_port_pair().host(),
+                             server_id.host_port_pair().port());
   const ServerNetworkStats* stats =
-      http_server_properties_->GetServerNetworkStats(
-          server_id.host_port_pair());
+      http_server_properties_->GetServerNetworkStats(server);
   if (stats == nullptr)
     return 0;
   return stats->srtt.InMicroseconds();
@@ -1663,7 +1669,7 @@ bool QuicStreamFactory::CryptoConfigCacheIsEmpty(
 
 void QuicStreamFactory::InitializeCachedStateInCryptoConfig(
     const QuicServerId& server_id,
-    const scoped_ptr<QuicServerInfo>& server_info,
+    const std::unique_ptr<QuicServerInfo>& server_info,
     QuicConnectionId* connection_id) {
   QuicCryptoClientConfig::CachedState* cached =
       crypto_config_.LookupOrCreate(server_id);
@@ -1703,12 +1709,13 @@ void QuicStreamFactory::MaybeInitialize() {
     return;
 
   has_initialized_data_ = true;
-  for (const std::pair<const HostPortPair, AlternativeServiceInfoVector>&
+  for (const std::pair<const url::SchemeHostPort, AlternativeServiceInfoVector>&
            key_value : http_server_properties_->alternative_service_map()) {
+    HostPortPair host_port_pair(key_value.first.host(), key_value.first.port());
     for (const AlternativeServiceInfo& alternative_service_info :
          key_value.second) {
       if (alternative_service_info.alternative_service.protocol == QUIC) {
-        quic_supported_servers_at_startup_.insert(key_value.first);
+        quic_supported_servers_at_startup_.insert(host_port_pair);
         break;
       }
     }
@@ -1718,13 +1725,13 @@ void QuicStreamFactory::MaybeInitialize() {
     return;
   // Create a temporary QuicServerInfo object to deserialize and to populate the
   // in-memory crypto server config cache in the MRU order.
-  scoped_ptr<QuicServerInfo> server_info;
+  std::unique_ptr<QuicServerInfo> server_info;
   CompletionCallback callback;
   // Get the list of servers to be deserialized first because WaitForDataReady
   // touches quic_server_info_map.
   const QuicServerInfoMap& quic_server_info_map =
       http_server_properties_->quic_server_info_map();
-  vector<QuicServerId> server_list(quic_server_info_map.size());
+  std::vector<QuicServerId> server_list(quic_server_info_map.size());
   for (const auto& key_value : quic_server_info_map)
     server_list.push_back(key_value.first);
   for (auto it = server_list.rbegin(); it != server_list.rend(); ++it) {
@@ -1752,8 +1759,9 @@ void QuicStreamFactory::ProcessGoingAwaySession(
     ServerNetworkStats network_stats;
     network_stats.srtt = base::TimeDelta::FromMicroseconds(stats.srtt_us);
     network_stats.bandwidth_estimate = stats.estimated_bandwidth;
-    http_server_properties_->SetServerNetworkStats(server_id.host_port_pair(),
-                                                   network_stats);
+    url::SchemeHostPort server("https", server_id.host_port_pair().host(),
+                               server_id.host_port_pair().port());
+    http_server_properties_->SetServerNetworkStats(server, network_stats);
     return;
   }
 
diff --git a/chromium/net/quic/quic_stream_factory.h b/chromium/net/quic/quic_stream_factory.h
index c2dbfbcf89f..542687f5e5f 100644
--- a/chromium/net/quic/quic_stream_factory.h
+++ b/chromium/net/quic/quic_stream_factory.h
@@ -36,6 +36,7 @@
 #include "net/quic/quic_crypto_stream.h"
 #include "net/quic/quic_http_stream.h"
 #include "net/quic/quic_protocol.h"
+#include "net/quic/quic_server_id.h"
 #include "net/ssl/ssl_config_service.h"
 
 namespace net {
@@ -48,11 +49,11 @@ class CTVerifier;
 class HostResolver;
 class HttpServerProperties;
 class QuicClock;
+class QuicChromiumAlarmFactory;
 class QuicChromiumClientSession;
 class QuicChromiumConnectionHelper;
 class QuicCryptoClientStreamFactory;
 class QuicRandom;
-class QuicServerId;
 class QuicServerInfo;
 class QuicServerInfoFactory;
 class QuicStreamFactory;
@@ -77,7 +78,9 @@ class NET_EXPORT_PRIVATE QuicStreamRequest {
 
   // |cert_verify_flags| is bitwise OR'd of CertVerifier::VerifyFlags and it is
   // passed to CertVerifier::Verify.
-  int Request(const HostPortPair& host_port_pair,
+  // |destination| will be resolved and resulting IPEndPoint used to open a
+  // QuicConnection.  This can be different than HostPortPair::FromURL(url).
+  int Request(const HostPortPair& destination,
               PrivacyMode privacy_mode,
               int cert_verify_flags,
               const GURL& url,
@@ -91,25 +94,20 @@ class NET_EXPORT_PRIVATE QuicStreamRequest {
   // returns the amount of time waiting job should be delayed.
   base::TimeDelta GetTimeDelayForWaitingJob() const;
 
-  scoped_ptr<QuicHttpStream> CreateStream();
+  std::unique_ptr<QuicHttpStream> CreateStream();
 
-  scoped_ptr<BidirectionalStreamImpl> CreateBidirectionalStreamImpl();
+  std::unique_ptr<BidirectionalStreamImpl> CreateBidirectionalStreamImpl();
 
   // Sets |session_|.
   void SetSession(QuicChromiumClientSession* session);
 
-  const std::string& origin_host() const { return origin_host_; }
-
-  PrivacyMode privacy_mode() const { return privacy_mode_; }
+  const QuicServerId& server_id() const { return server_id_; }
 
   const BoundNetLog& net_log() const { return net_log_; }
 
  private:
   QuicStreamFactory* factory_;
-  HostPortPair host_port_pair_;
-  std::string origin_host_;
-  std::string url_;
-  PrivacyMode privacy_mode_;
+  QuicServerId server_id_;
   BoundNetLog net_log_;
   CompletionCallback callback_;
   base::WeakPtr<QuicChromiumClientSession> session_;
@@ -125,6 +123,31 @@ class NET_EXPORT_PRIVATE QuicStreamFactory
       public SSLConfigService::Observer,
       public CertDatabase::Observer {
  public:
+  // This class encompasses |destination| and |server_id|.
+  // |destination| is a HostPortPair which is resolved
+  // and a QuicConnection is made to the resulting IP address.
+  // |server_id| identifies the origin of the request,
+  // the crypto handshake advertises |server_id.host()| to the server,
+  // and the certificate is also matched against |server_id.host()|.
+  class NET_EXPORT_PRIVATE QuicSessionKey {
+   public:
+    QuicSessionKey() = default;
+    QuicSessionKey(const HostPortPair& destination,
+                   const QuicServerId& server_id);
+    ~QuicSessionKey() = default;
+
+    // Needed to be an element of std::set.
+    bool operator<(const QuicSessionKey& other) const;
+    bool operator==(const QuicSessionKey& other) const;
+
+    const HostPortPair& destination() const { return destination_; }
+    const QuicServerId& server_id() const { return server_id_; }
+
+   private:
+    HostPortPair destination_;
+    QuicServerId server_id_;
+  };
+
   QuicStreamFactory(
       HostResolver* host_resolver,
       ClientSocketFactory* client_socket_factory,
@@ -166,19 +189,19 @@ class NET_EXPORT_PRIVATE QuicStreamFactory
       bool enable_token_binding);
   ~QuicStreamFactory() override;
 
-  // Returns true if there is an existing session to |server_id| which can be
-  // used for request to |origin_host|.
-  bool CanUseExistingSession(QuicServerId server_id,
-                             PrivacyMode privacy_mode,
-                             StringPiece origin_host);
+  // Returns true if there is an existing session for |server_id| or if the
+  // request can be pooled to an existing session to the IP address of
+  // |destination|.
+  bool CanUseExistingSession(const QuicServerId& server_id,
+                             const HostPortPair& destination);
 
   // Creates a new QuicHttpStream to |host_port_pair| which will be
   // owned by |request|.
   // If a matching session already exists, this method will return OK.  If no
   // matching session exists, this will return ERR_IO_PENDING and will invoke
   // OnRequestComplete asynchronously.
-  int Create(const HostPortPair& host_port_pair,
-             PrivacyMode privacy_mode,
+  int Create(const QuicServerId& server_id,
+             const HostPortPair& destination,
              int cert_verify_flags,
              const GURL& url,
              base::StringPiece method,
@@ -229,7 +252,7 @@ class NET_EXPORT_PRIVATE QuicStreamFactory
   // Closes all current sessions with specified network and QUIC error codes.
   void CloseAllSessions(int error, QuicErrorCode quic_error);
 
-  scoped_ptr<base::Value> QuicStreamFactoryInfoToValue() const;
+  std::unique_ptr<base::Value> QuicStreamFactoryInfoToValue() const;
 
   // Delete all cached state objects in |crypto_config_|.
   void ClearCachedStatesInCryptoConfig();
@@ -305,6 +328,8 @@ class NET_EXPORT_PRIVATE QuicStreamFactory
 
   QuicChromiumConnectionHelper* helper() { return helper_.get(); }
 
+  QuicChromiumAlarmFactory* alarm_factory() { return alarm_factory_.get(); }
+
   bool enable_port_selection() const { return enable_port_selection_; }
 
   bool has_quic_server_info_factory() {
@@ -329,8 +354,8 @@ class NET_EXPORT_PRIVATE QuicStreamFactory
   FRIEND_TEST_ALL_PREFIXES(HttpStreamFactoryTest, QuicLossyProxyMarkedAsBad);
 
   typedef std::map<QuicServerId, QuicChromiumClientSession*> SessionMap;
-  typedef std::map<QuicChromiumClientSession*, QuicServerId> SessionIdMap;
-  typedef std::set<QuicServerId> AliasSet;
+  typedef std::map<QuicChromiumClientSession*, QuicSessionKey> SessionIdMap;
+  typedef std::set<QuicSessionKey> AliasSet;
   typedef std::map<QuicChromiumClientSession*, AliasSet> SessionAliasMap;
   typedef std::set<QuicChromiumClientSession*> SessionSet;
   typedef std::map<IPEndPoint, SessionSet> IPAliasMap;
@@ -351,29 +376,27 @@ class NET_EXPORT_PRIVATE QuicStreamFactory
 
   // Creates a job which doesn't wait for server config to be loaded from the
   // disk cache. This job is started via a PostTask.
-  void CreateAuxilaryJob(const QuicServerId server_id,
+  void CreateAuxilaryJob(const QuicSessionKey& key,
                          int cert_verify_flags,
-                         bool server_and_origin_have_same_host,
                          bool is_post,
                          const BoundNetLog& net_log);
 
   // Returns a newly created QuicHttpStream owned by the caller.
-  scoped_ptr<QuicHttpStream> CreateFromSession(
+  std::unique_ptr<QuicHttpStream> CreateFromSession(
       QuicChromiumClientSession* session);
 
-  bool OnResolution(const QuicServerId& server_id,
-                    const AddressList& address_list);
+  bool OnResolution(const QuicSessionKey& key, const AddressList& address_list);
   void OnJobComplete(Job* job, int rv);
   bool HasActiveSession(const QuicServerId& server_id) const;
   bool HasActiveJob(const QuicServerId& server_id) const;
-  int CreateSession(const QuicServerId& server_id,
+  int CreateSession(const QuicSessionKey& key,
                     int cert_verify_flags,
-                    scoped_ptr<QuicServerInfo> quic_server_info,
+                    std::unique_ptr<QuicServerInfo> quic_server_info,
                     const AddressList& address_list,
                     base::TimeTicks dns_resolution_end_time,
                     const BoundNetLog& net_log,
                     QuicChromiumClientSession** session);
-  void ActivateSession(const QuicServerId& key,
+  void ActivateSession(const QuicSessionKey& key,
                        QuicChromiumClientSession* session);
 
   // Returns |srtt| in micro seconds from ServerNetworkStats. Returns 0 if there
@@ -393,7 +416,7 @@ class NET_EXPORT_PRIVATE QuicStreamFactory
   // if any, and otherwise leaves it unchanged.
   void InitializeCachedStateInCryptoConfig(
       const QuicServerId& server_id,
-      const scoped_ptr<QuicServerInfo>& server_info,
+      const std::unique_ptr<QuicServerInfo>& server_info,
       QuicConnectionId* connection_id);
 
   // Initialize |quic_supported_servers_at_startup_| with the list of servers
@@ -416,10 +439,10 @@ class NET_EXPORT_PRIVATE QuicStreamFactory
   base::WeakPtr<HttpServerProperties> http_server_properties_;
   TransportSecurityState* transport_security_state_;
   CTVerifier* cert_transparency_verifier_;
-  scoped_ptr<QuicServerInfoFactory> quic_server_info_factory_;
+  std::unique_ptr<QuicServerInfoFactory> quic_server_info_factory_;
   QuicCryptoClientStreamFactory* quic_crypto_client_stream_factory_;
   QuicRandom* random_generator_;
-  scoped_ptr<QuicClock> clock_;
+  std::unique_ptr<QuicClock> clock_;
   const size_t max_packet_length_;
 
   // Factory which is used to create socket performance watcher. A new watcher
@@ -428,7 +451,10 @@ class NET_EXPORT_PRIVATE QuicStreamFactory
   SocketPerformanceWatcherFactory* socket_performance_watcher_factory_;
 
   // The helper used for all connections.
-  scoped_ptr<QuicChromiumConnectionHelper> helper_;
+  std::unique_ptr<QuicChromiumConnectionHelper> helper_;
+
+  // The alarm factory used for all connections.
+  std::unique_ptr<QuicChromiumAlarmFactory> alarm_factory_;
 
   // Contains owning pointers to all sessions that currently exist.
   SessionIdMap all_sessions_;
diff --git a/chromium/net/quic/quic_stream_factory_test.cc b/chromium/net/quic/quic_stream_factory_test.cc
index e6fffabfbed..731a88fa770 100644
--- a/chromium/net/quic/quic_stream_factory_test.cc
+++ b/chromium/net/quic/quic_stream_factory_test.cc
@@ -4,9 +4,11 @@
 
 #include "net/quic/quic_stream_factory.h"
 
+#include <ostream>
+
 #include "base/run_loop.h"
 #include "base/strings/string_util.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/test_data_directory.h"
 #include "net/cert/cert_verifier.h"
 #include "net/cert/multi_log_ct_verifier.h"
@@ -44,7 +46,6 @@
 #include "testing/gtest/include/gtest/gtest.h"
 
 using base::StringPiece;
-using std::ostream;
 using std::string;
 using std::vector;
 
@@ -53,48 +54,105 @@ namespace net {
 namespace test {
 
 namespace {
+
+enum DestinationType {
+  // In pooling tests with two requests for different origins to the same
+  // destination, the destination should be
+  SAME_AS_FIRST,   // the same as the first origin,
+  SAME_AS_SECOND,  // the same as the second origin, or
+  DIFFERENT,       // different from both.
+};
+
 const char kDefaultServerHostName[] = "www.example.org";
 const char kServer2HostName[] = "mail.example.org";
 const char kServer3HostName[] = "docs.example.org";
 const char kServer4HostName[] = "images.example.org";
+const char kDifferentHostname[] = "different.example.com";
 const int kDefaultServerPort = 443;
 const char kDefaultUrl[] = "https://www.example.org/";
 const char kServer2Url[] = "https://mail.example.org/";
 const char kServer3Url[] = "https://docs.example.org/";
 const char kServer4Url[] = "https://images.example.org/";
 
-// Run all tests with all the combinations of versions and
-// enable_connection_racing.
+// Run QuicStreamFactoryTest instances with all value combinations of version
+// and enable_connection_racting.
 struct TestParams {
-  TestParams(const QuicVersion version, bool enable_connection_racing)
-      : version(version), enable_connection_racing(enable_connection_racing) {}
+  friend std::ostream& operator<<(std::ostream& os, const TestParams& p) {
+    os << "{ version: " << QuicVersionToString(p.version)
+       << ", enable_connection_racing: "
+       << (p.enable_connection_racing ? "true" : "false") << " }";
+    return os;
+  }
+
+  QuicVersion version;
+  bool enable_connection_racing;
+};
+
+std::vector<TestParams> GetTestParams() {
+  std::vector<TestParams> params;
+  QuicVersionVector all_supported_versions = QuicSupportedVersions();
+  for (const QuicVersion version : all_supported_versions) {
+    params.push_back(TestParams{version, false});
+    params.push_back(TestParams{version, true});
+  }
+  return params;
+}
 
-  friend ostream& operator<<(ostream& os, const TestParams& p) {
-    os << "{ version: " << QuicVersionToString(p.version);
-    os << " enable_connection_racing: " << p.enable_connection_racing << " }";
+// Run QuicStreamFactoryWithDestinationTest instances with all value
+// combinations of version, enable_connection_racting, and destination_type.
+struct PoolingTestParams {
+  friend std::ostream& operator<<(std::ostream& os,
+                                  const PoolingTestParams& p) {
+    os << "{ version: " << QuicVersionToString(p.version)
+       << ", enable_connection_racing: "
+       << (p.enable_connection_racing ? "true" : "false")
+       << ", destination_type: ";
+    switch (p.destination_type) {
+      case SAME_AS_FIRST:
+        os << "SAME_AS_FIRST";
+        break;
+      case SAME_AS_SECOND:
+        os << "SAME_AS_SECOND";
+        break;
+      case DIFFERENT:
+        os << "DIFFERENT";
+        break;
+    }
+    os << " }";
     return os;
   }
 
   QuicVersion version;
   bool enable_connection_racing;
+  DestinationType destination_type;
 };
 
-// Constructs various test permutations.
-vector<TestParams> GetTestParams() {
-  vector<TestParams> params;
+std::vector<PoolingTestParams> GetPoolingTestParams() {
+  std::vector<PoolingTestParams> params;
   QuicVersionVector all_supported_versions = QuicSupportedVersions();
   for (const QuicVersion version : all_supported_versions) {
-    params.push_back(TestParams(version, false));
-    params.push_back(TestParams(version, true));
+    params.push_back(PoolingTestParams{version, false, SAME_AS_FIRST});
+    params.push_back(PoolingTestParams{version, false, SAME_AS_SECOND});
+    params.push_back(PoolingTestParams{version, false, DIFFERENT});
+    params.push_back(PoolingTestParams{version, true, SAME_AS_FIRST});
+    params.push_back(PoolingTestParams{version, true, SAME_AS_SECOND});
+    params.push_back(PoolingTestParams{version, true, DIFFERENT});
   }
   return params;
 }
 
-}  // namespace anonymous
+}  // namespace
+
+class QuicHttpStreamPeer {
+ public:
+  static QuicChromiumClientSession* GetSession(QuicHttpStream* stream) {
+    return stream->session_.get();
+  }
+};
 
 class MockQuicServerInfo : public QuicServerInfo {
  public:
-  MockQuicServerInfo(const QuicServerId& server_id)
+  explicit MockQuicServerInfo(const QuicServerId& server_id)
       : QuicServerInfo(server_id) {}
   ~MockQuicServerInfo() override {}
 
@@ -187,18 +245,28 @@ class ScopedMockNetworkChangeNotifier {
   }
 
  private:
-  scoped_ptr<NetworkChangeNotifier::DisableForTest>
+  std::unique_ptr<NetworkChangeNotifier::DisableForTest>
       disable_network_change_notifier_for_tests_;
-  scoped_ptr<MockNetworkChangeNotifier> mock_network_change_notifier_;
+  std::unique_ptr<MockNetworkChangeNotifier> mock_network_change_notifier_;
 };
 
-class QuicStreamFactoryTest : public ::testing::TestWithParam<TestParams> {
+class QuicStreamFactoryTestBase {
  protected:
-  QuicStreamFactoryTest()
+  QuicStreamFactoryTestBase(QuicVersion version, bool enable_connection_racing)
       : random_generator_(0),
         clock_(new MockClock()),
         runner_(new TestTaskRunner(clock_)),
-        maker_(GetParam().version, 0, clock_, kDefaultServerHostName),
+        version_(version),
+        client_maker_(version_,
+                      0,
+                      clock_,
+                      kDefaultServerHostName,
+                      Perspective::IS_CLIENT),
+        server_maker_(version_,
+                      0,
+                      clock_,
+                      kDefaultServerHostName,
+                      Perspective::IS_SERVER),
         cert_verifier_(CertVerifier::CreateDefault()),
         channel_id_service_(
             new ChannelIDService(new DefaultChannelIDStore(nullptr),
@@ -216,7 +284,7 @@ class QuicStreamFactoryTest : public ::testing::TestWithParam<TestParams> {
         always_require_handshake_confirmation_(false),
         disable_connection_pooling_(false),
         load_server_info_timeout_srtt_multiplier_(0.0f),
-        enable_connection_racing_(true),
+        enable_connection_racing_(enable_connection_racing),
         enable_non_blocking_io_(true),
         disable_disk_cache_(false),
         prefer_aes_(false),
@@ -226,7 +294,7 @@ class QuicStreamFactoryTest : public ::testing::TestWithParam<TestParams> {
         threshold_timeouts_with_open_streams_(2),
         threshold_public_resets_post_handshake_(2),
         receive_buffer_size_(0),
-        delay_tcp_race_(false),
+        delay_tcp_race_(true),
         close_sessions_on_ip_change_(false),
         disable_quic_on_timeout_with_open_streams_(false),
         idle_connection_timeout_seconds_(kIdleConnectionTimeoutSeconds),
@@ -235,19 +303,27 @@ class QuicStreamFactoryTest : public ::testing::TestWithParam<TestParams> {
     clock_->AdvanceTime(QuicTime::Delta::FromSeconds(1));
   }
 
+  ~QuicStreamFactoryTestBase() {
+    // If |factory_| was initialized, then it took over ownership of |clock_|.
+    // If |factory_| was not initialized, then |clock_| needs to be destroyed.
+    if (!factory_) {
+      delete clock_;
+    }
+  }
+
   void Initialize() {
+    DCHECK(!factory_);
     factory_.reset(new QuicStreamFactory(
         &host_resolver_, &socket_factory_, http_server_properties_.GetWeakPtr(),
         cert_verifier_.get(), nullptr, channel_id_service_.get(),
         &transport_security_state_, cert_transparency_verifier_.get(),
         /*SocketPerformanceWatcherFactory*/ nullptr,
         &crypto_client_stream_factory_, &random_generator_, clock_,
-        kDefaultMaxPacketSize, std::string(),
-        SupportedVersions(GetParam().version), enable_port_selection_,
-        always_require_handshake_confirmation_, disable_connection_pooling_,
-        load_server_info_timeout_srtt_multiplier_, enable_connection_racing_,
-        enable_non_blocking_io_, disable_disk_cache_, prefer_aes_,
-        max_number_of_lossy_connections_, packet_loss_threshold_,
+        kDefaultMaxPacketSize, std::string(), SupportedVersions(version_),
+        enable_port_selection_, always_require_handshake_confirmation_,
+        disable_connection_pooling_, load_server_info_timeout_srtt_multiplier_,
+        enable_connection_racing_, enable_non_blocking_io_, disable_disk_cache_,
+        prefer_aes_, max_number_of_lossy_connections_, packet_loss_threshold_,
         max_disabled_reasons_, threshold_timeouts_with_open_streams_,
         threshold_public_resets_post_handshake_, receive_buffer_size_,
         delay_tcp_race_, /*max_server_configs_stored_in_properties*/ 0,
@@ -280,10 +356,15 @@ class QuicStreamFactoryTest : public ::testing::TestWithParam<TestParams> {
                                                    host_port_pair);
   }
 
-  scoped_ptr<QuicHttpStream> CreateFromSession(
+  QuicChromiumClientSession* GetActiveSession(
       const HostPortPair& host_port_pair) {
-    QuicChromiumClientSession* session =
-        QuicStreamFactoryPeer::GetActiveSession(factory_.get(), host_port_pair);
+    return QuicStreamFactoryPeer::GetActiveSession(factory_.get(),
+                                                   host_port_pair);
+  }
+
+  std::unique_ptr<QuicHttpStream> CreateFromSession(
+      const HostPortPair& host_port_pair) {
+    QuicChromiumClientSession* session = GetActiveSession(host_port_pair);
     return QuicStreamFactoryPeer::CreateFromSession(factory_.get(), session);
   }
 
@@ -313,12 +394,11 @@ class QuicStreamFactoryTest : public ::testing::TestWithParam<TestParams> {
                               callback_.callback()));
 
     EXPECT_EQ(OK, callback_.WaitForResult());
-    scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+    std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
     EXPECT_TRUE(stream.get());
     stream.reset();
 
-    QuicChromiumClientSession* session =
-        QuicStreamFactoryPeer::GetActiveSession(factory_.get(), destination);
+    QuicChromiumClientSession* session = GetActiveSession(destination);
 
     if (socket_count + 1 != socket_factory_.udp_client_socket_ports().size()) {
       ADD_FAILURE();
@@ -337,16 +417,16 @@ class QuicStreamFactoryTest : public ::testing::TestWithParam<TestParams> {
     return socket_factory_.udp_client_socket_ports()[socket_count];
   }
 
-  scoped_ptr<QuicEncryptedPacket> ConstructConnectionClosePacket(
+  std::unique_ptr<QuicEncryptedPacket> ConstructClientConnectionClosePacket(
       QuicPacketNumber num) {
-    return maker_.MakeConnectionClosePacket(num);
+    return client_maker_.MakeConnectionClosePacket(num);
   }
 
-  scoped_ptr<QuicEncryptedPacket> ConstructRstPacket() {
+  std::unique_ptr<QuicEncryptedPacket> ConstructClientRstPacket() {
     QuicStreamId stream_id = kClientDataStreamId1;
-    return maker_.MakeRstPacket(
+    return client_maker_.MakeRstPacket(
         1, true, stream_id,
-        AdjustErrorForVersion(QUIC_RST_ACKNOWLEDGEMENT, GetParam().version));
+        AdjustErrorForVersion(QUIC_RST_ACKNOWLEDGEMENT, version_));
   }
 
   static ProofVerifyDetailsChromium DefaultProofVerifyDetails() {
@@ -366,48 +446,50 @@ class QuicStreamFactoryTest : public ::testing::TestWithParam<TestParams> {
     base::MessageLoop::current()->RunUntilIdle();
   }
 
-  scoped_ptr<QuicEncryptedPacket> ConstructGetRequestPacket(
+  std::unique_ptr<QuicEncryptedPacket> ConstructGetRequestPacket(
       QuicPacketNumber packet_number,
       QuicStreamId stream_id,
       bool should_include_version,
       bool fin) {
-    SpdyHeaderBlock headers = maker_.GetRequestHeaders("GET", "https", "/");
+    SpdyHeaderBlock headers =
+        client_maker_.GetRequestHeaders("GET", "https", "/");
     SpdyPriority priority =
         ConvertRequestPriorityToQuicPriority(DEFAULT_PRIORITY);
     size_t spdy_headers_frame_len;
-    return maker_.MakeRequestHeadersPacket(
+    return client_maker_.MakeRequestHeadersPacket(
         packet_number, stream_id, should_include_version, fin, priority,
         headers, &spdy_headers_frame_len);
   }
 
-  scoped_ptr<QuicEncryptedPacket> ConstructOkResponsePacket(
+  std::unique_ptr<QuicEncryptedPacket> ConstructOkResponsePacket(
       QuicPacketNumber packet_number,
       QuicStreamId stream_id,
       bool should_include_version,
       bool fin) {
-    SpdyHeaderBlock headers = maker_.GetResponseHeaders("200 OK");
+    SpdyHeaderBlock headers = server_maker_.GetResponseHeaders("200 OK");
     size_t spdy_headers_frame_len;
-    return maker_.MakeResponseHeadersPacket(packet_number, stream_id,
-                                            should_include_version, fin,
-                                            headers, &spdy_headers_frame_len);
+    return server_maker_.MakeResponseHeadersPacket(
+        packet_number, stream_id, should_include_version, fin, headers,
+        &spdy_headers_frame_len);
   }
 
   MockHostResolver host_resolver_;
   MockClientSocketFactory socket_factory_;
   MockCryptoClientStreamFactory crypto_client_stream_factory_;
-  ProofVerifyDetailsChromium verify_details_;
   MockRandom random_generator_;
-  MockClock* clock_;  // Owned by factory_.
+  MockClock* clock_;  // Owned by |factory_| once created.
   scoped_refptr<TestTaskRunner> runner_;
-  QuicTestPacketMaker maker_;
+  QuicVersion version_;
+  QuicTestPacketMaker client_maker_;
+  QuicTestPacketMaker server_maker_;
   HttpServerPropertiesImpl http_server_properties_;
-  scoped_ptr<CertVerifier> cert_verifier_;
-  scoped_ptr<ChannelIDService> channel_id_service_;
+  std::unique_ptr<CertVerifier> cert_verifier_;
+  std::unique_ptr<ChannelIDService> channel_id_service_;
   TransportSecurityState transport_security_state_;
-  scoped_ptr<CTVerifier> cert_transparency_verifier_;
-  scoped_ptr<ScopedMockNetworkChangeNotifier>
+  std::unique_ptr<CTVerifier> cert_transparency_verifier_;
+  std::unique_ptr<ScopedMockNetworkChangeNotifier>
       scoped_mock_network_change_notifier_;
-  scoped_ptr<QuicStreamFactory> factory_;
+  std::unique_ptr<QuicStreamFactory> factory_;
   HostPortPair host_port_pair_;
   GURL url_;
   GURL url2_;
@@ -441,6 +523,14 @@ class QuicStreamFactoryTest : public ::testing::TestWithParam<TestParams> {
   bool migrate_sessions_early_;
 };
 
+class QuicStreamFactoryTest : public QuicStreamFactoryTestBase,
+                              public ::testing::TestWithParam<TestParams> {
+ protected:
+  QuicStreamFactoryTest()
+      : QuicStreamFactoryTestBase(GetParam().version,
+                                  GetParam().enable_connection_racing) {}
+};
+
 INSTANTIATE_TEST_CASE_P(Version,
                         QuicStreamFactoryTest,
                         ::testing::ValuesIn(GetTestParams()));
@@ -461,7 +551,7 @@ TEST_P(QuicStreamFactoryTest, Create) {
                             callback_.callback()));
 
   EXPECT_EQ(OK, callback_.WaitForResult());
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_TRUE(stream.get());
 
   // Will reset stream 3.
@@ -501,7 +591,7 @@ TEST_P(QuicStreamFactoryTest, CreateZeroRtt) {
                                 /*cert_verify_flags=*/0, url_, "GET", net_log_,
                                 callback_.callback()));
 
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_TRUE(stream.get());
   EXPECT_TRUE(socket_data.AllReadDataConsumed());
   EXPECT_TRUE(socket_data.AllWriteDataConsumed());
@@ -534,40 +624,7 @@ TEST_P(QuicStreamFactoryTest, CreateZeroRttPost) {
       QuicSession::HANDSHAKE_CONFIRMED);
 
   EXPECT_EQ(OK, callback_.WaitForResult());
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
-  EXPECT_TRUE(stream.get());
-  EXPECT_TRUE(socket_data.AllReadDataConsumed());
-  EXPECT_TRUE(socket_data.AllWriteDataConsumed());
-}
-
-TEST_P(QuicStreamFactoryTest, NoZeroRttForDifferentHost) {
-  Initialize();
-  ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails();
-  crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details);
-
-  MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)};
-  SequencedSocketData socket_data(reads, arraysize(reads), nullptr, 0);
-  socket_factory_.AddSocketDataProvider(&socket_data);
-
-  crypto_client_stream_factory_.set_handshake_mode(
-      MockCryptoClientStream::ZERO_RTT);
-  host_resolver_.set_synchronous_mode(true);
-  host_resolver_.rules()->AddIPLiteralRule(host_port_pair_.host(),
-                                           "192.168.0.1", "");
-
-  QuicStreamRequest request(factory_.get());
-  int rv = request.Request(host_port_pair_, privacy_mode_,
-                           /*cert_verify_flags=*/0, url2_, "GET", net_log_,
-                           callback_.callback());
-  // If server and origin have different hostnames, then handshake confirmation
-  // should be required, so Request will return asynchronously.
-  EXPECT_EQ(ERR_IO_PENDING, rv);
-  // Confirm handshake.
-  crypto_client_stream_factory_.last_stream()->SendOnCryptoHandshakeEvent(
-      QuicSession::HANDSHAKE_CONFIRMED);
-  EXPECT_EQ(OK, callback_.WaitForResult());
-
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_TRUE(stream.get());
   EXPECT_TRUE(socket_data.AllReadDataConsumed());
   EXPECT_TRUE(socket_data.AllWriteDataConsumed());
@@ -589,16 +646,14 @@ TEST_P(QuicStreamFactoryTest, GoAway) {
                             callback_.callback()));
 
   EXPECT_EQ(OK, callback_.WaitForResult());
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_TRUE(stream.get());
 
-  QuicChromiumClientSession* session =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), host_port_pair_);
+  QuicChromiumClientSession* session = GetActiveSession(host_port_pair_);
 
   session->OnGoAway(QuicGoAwayFrame());
 
-  EXPECT_FALSE(
-      QuicStreamFactoryPeer::HasActiveSession(factory_.get(), host_port_pair_));
+  EXPECT_FALSE(HasActiveSession(host_port_pair_));
 
   EXPECT_TRUE(socket_data.AllReadDataConsumed());
   EXPECT_TRUE(socket_data.AllWriteDataConsumed());
@@ -620,11 +675,10 @@ TEST_P(QuicStreamFactoryTest, GoAwayForConnectionMigrationWithPortOnly) {
                             callback_.callback()));
 
   EXPECT_EQ(OK, callback_.WaitForResult());
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_TRUE(stream.get());
 
-  QuicChromiumClientSession* session =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), host_port_pair_);
+  QuicChromiumClientSession* session = GetActiveSession(host_port_pair_);
 
   session->OnGoAway(
       QuicGoAwayFrame(QUIC_ERROR_MIGRATING_PORT, 0,
@@ -637,8 +691,7 @@ TEST_P(QuicStreamFactoryTest, GoAwayForConnectionMigrationWithPortOnly) {
   stream->PopulateNetErrorDetails(&details);
   EXPECT_TRUE(details.quic_port_migration_detected);
 
-  EXPECT_FALSE(
-      QuicStreamFactoryPeer::HasActiveSession(factory_.get(), host_port_pair_));
+  EXPECT_FALSE(HasActiveSession(host_port_pair_));
 
   EXPECT_TRUE(socket_data.AllReadDataConsumed());
   EXPECT_TRUE(socket_data.AllWriteDataConsumed());
@@ -663,7 +716,7 @@ TEST_P(QuicStreamFactoryTest, Pooling) {
   EXPECT_EQ(OK, request.Request(host_port_pair_, privacy_mode_,
                                 /*cert_verify_flags=*/0, url_, "GET", net_log_,
                                 callback_.callback()));
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_TRUE(stream.get());
 
   TestCompletionCallback callback;
@@ -671,12 +724,10 @@ TEST_P(QuicStreamFactoryTest, Pooling) {
   EXPECT_EQ(OK, request2.Request(server2, privacy_mode_,
                                  /*cert_verify_flags=*/0, url2_, "GET",
                                  net_log_, callback.callback()));
-  scoped_ptr<QuicHttpStream> stream2 = request2.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream2 = request2.CreateStream();
   EXPECT_TRUE(stream2.get());
 
-  EXPECT_EQ(
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), host_port_pair_),
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), server2));
+  EXPECT_EQ(GetActiveSession(host_port_pair_), GetActiveSession(server2));
 
   EXPECT_TRUE(socket_data.AllReadDataConsumed());
   EXPECT_TRUE(socket_data.AllWriteDataConsumed());
@@ -705,7 +756,7 @@ TEST_P(QuicStreamFactoryTest, NoPoolingIfDisabled) {
   EXPECT_EQ(OK, request.Request(host_port_pair_, privacy_mode_,
                                 /*cert_verify_flags=*/0, url_, "GET", net_log_,
                                 callback_.callback()));
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_TRUE(stream.get());
 
   TestCompletionCallback callback;
@@ -713,12 +764,10 @@ TEST_P(QuicStreamFactoryTest, NoPoolingIfDisabled) {
   EXPECT_EQ(OK, request2.Request(server2, privacy_mode_,
                                  /*cert_verify_flags=*/0, url2_, "GET",
                                  net_log_, callback.callback()));
-  scoped_ptr<QuicHttpStream> stream2 = request2.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream2 = request2.CreateStream();
   EXPECT_TRUE(stream2.get());
 
-  EXPECT_NE(
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), host_port_pair_),
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), server2));
+  EXPECT_NE(GetActiveSession(host_port_pair_), GetActiveSession(server2));
 
   EXPECT_TRUE(socket_data1.AllReadDataConsumed());
   EXPECT_TRUE(socket_data1.AllWriteDataConsumed());
@@ -748,7 +797,7 @@ TEST_P(QuicStreamFactoryTest, NoPoolingAfterGoAway) {
   EXPECT_EQ(OK, request.Request(host_port_pair_, privacy_mode_,
                                 /*cert_verify_flags=*/0, url_, "GET", net_log_,
                                 callback_.callback()));
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_TRUE(stream.get());
 
   TestCompletionCallback callback;
@@ -756,25 +805,22 @@ TEST_P(QuicStreamFactoryTest, NoPoolingAfterGoAway) {
   EXPECT_EQ(OK, request2.Request(server2, privacy_mode_,
                                  /*cert_verify_flags=*/0, url2_, "GET",
                                  net_log_, callback.callback()));
-  scoped_ptr<QuicHttpStream> stream2 = request2.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream2 = request2.CreateStream();
   EXPECT_TRUE(stream2.get());
 
-  factory_->OnSessionGoingAway(
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), host_port_pair_));
-  EXPECT_FALSE(
-      QuicStreamFactoryPeer::HasActiveSession(factory_.get(), host_port_pair_));
-  EXPECT_FALSE(
-      QuicStreamFactoryPeer::HasActiveSession(factory_.get(), server2));
+  factory_->OnSessionGoingAway(GetActiveSession(host_port_pair_));
+  EXPECT_FALSE(HasActiveSession(host_port_pair_));
+  EXPECT_FALSE(HasActiveSession(server2));
 
   TestCompletionCallback callback3;
   QuicStreamRequest request3(factory_.get());
   EXPECT_EQ(OK, request3.Request(server2, privacy_mode_,
                                  /*cert_verify_flags=*/0, url2_, "GET",
                                  net_log_, callback3.callback()));
-  scoped_ptr<QuicHttpStream> stream3 = request3.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream3 = request3.CreateStream();
   EXPECT_TRUE(stream3.get());
 
-  EXPECT_TRUE(QuicStreamFactoryPeer::HasActiveSession(factory_.get(), server2));
+  EXPECT_TRUE(HasActiveSession(server2));
 
   EXPECT_TRUE(socket_data1.AllReadDataConsumed());
   EXPECT_TRUE(socket_data1.AllWriteDataConsumed());
@@ -803,7 +849,7 @@ TEST_P(QuicStreamFactoryTest, HttpsPooling) {
   EXPECT_EQ(OK, request.Request(server1, privacy_mode_,
                                 /*cert_verify_flags=*/0, url_, "GET", net_log_,
                                 callback_.callback()));
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_TRUE(stream.get());
 
   TestCompletionCallback callback;
@@ -811,11 +857,10 @@ TEST_P(QuicStreamFactoryTest, HttpsPooling) {
   EXPECT_EQ(OK, request2.Request(server2, privacy_mode_,
                                  /*cert_verify_flags=*/0, url2_, "GET",
                                  net_log_, callback_.callback()));
-  scoped_ptr<QuicHttpStream> stream2 = request2.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream2 = request2.CreateStream();
   EXPECT_TRUE(stream2.get());
 
-  EXPECT_EQ(QuicStreamFactoryPeer::GetActiveSession(factory_.get(), server1),
-            QuicStreamFactoryPeer::GetActiveSession(factory_.get(), server2));
+  EXPECT_EQ(GetActiveSession(server1), GetActiveSession(server2));
 
   EXPECT_TRUE(socket_data.AllReadDataConsumed());
   EXPECT_TRUE(socket_data.AllWriteDataConsumed());
@@ -846,7 +891,7 @@ TEST_P(QuicStreamFactoryTest, NoHttpsPoolingIfDisabled) {
   EXPECT_EQ(OK, request.Request(server1, privacy_mode_,
                                 /*cert_verify_flags=*/0, url_, "GET", net_log_,
                                 callback_.callback()));
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_TRUE(stream.get());
 
   TestCompletionCallback callback;
@@ -854,11 +899,10 @@ TEST_P(QuicStreamFactoryTest, NoHttpsPoolingIfDisabled) {
   EXPECT_EQ(OK, request2.Request(server2, privacy_mode_,
                                  /*cert_verify_flags=*/0, url2_, "GET",
                                  net_log_, callback_.callback()));
-  scoped_ptr<QuicHttpStream> stream2 = request2.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream2 = request2.CreateStream();
   EXPECT_TRUE(stream2.get());
 
-  EXPECT_NE(QuicStreamFactoryPeer::GetActiveSession(factory_.get(), server1),
-            QuicStreamFactoryPeer::GetActiveSession(factory_.get(), server2));
+  EXPECT_NE(GetActiveSession(server1), GetActiveSession(server2));
 
   EXPECT_TRUE(socket_data1.AllReadDataConsumed());
   EXPECT_TRUE(socket_data1.AllWriteDataConsumed());
@@ -866,77 +910,6 @@ TEST_P(QuicStreamFactoryTest, NoHttpsPoolingIfDisabled) {
   EXPECT_TRUE(socket_data2.AllWriteDataConsumed());
 }
 
-class QuicAlternativeServiceCertificateValidationPooling
-    : public QuicStreamFactoryTest {
- public:
-  void Run(bool valid) {
-    MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)};
-    SequencedSocketData socket_data1(reads, arraysize(reads), nullptr, 0);
-    socket_factory_.AddSocketDataProvider(&socket_data1);
-
-    HostPortPair server1(kDefaultServerHostName, 443);
-    HostPortPair server2(kServer2HostName, 443);
-
-    GURL url(valid ? url2_ : GURL("http://invalid.example.com/"));
-    HostPortPair alternative(kDefaultServerHostName, 443);
-
-    ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails();
-    bool common_name_fallback_used;
-    EXPECT_EQ(valid,
-              verify_details.cert_verify_result.verified_cert->VerifyNameMatch(
-                  url.host(), &common_name_fallback_used));
-    EXPECT_TRUE(
-        verify_details.cert_verify_result.verified_cert->VerifyNameMatch(
-            alternative.host(), &common_name_fallback_used));
-    crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details);
-
-    host_resolver_.set_synchronous_mode(true);
-    host_resolver_.rules()->AddIPLiteralRule(alternative.host(), "192.168.0.1",
-                                             "");
-
-    // Open first stream to alternative.
-    QuicStreamRequest request1(factory_.get());
-    EXPECT_EQ(OK, request1.Request(alternative, privacy_mode_,
-                                   /*cert_verify_flags=*/0, url_, "GET",
-                                   net_log_, callback_.callback()));
-    scoped_ptr<QuicHttpStream> stream1 = request1.CreateStream();
-    EXPECT_TRUE(stream1.get());
-
-    QuicStreamRequest request2(factory_.get());
-    int rv = request2.Request(alternative, privacy_mode_,
-                              /*cert_verify_flags=*/0, url, "GET", net_log_,
-                              callback_.callback());
-    if (valid) {
-      // Alternative service of origin to |alternative| should pool to session
-      // of |stream1| even if origin is different.  Since only one
-      // SocketDataProvider is set up, the second request succeeding means that
-      // it pooled to the session opened by the first one.
-      EXPECT_EQ(OK, rv);
-      scoped_ptr<QuicHttpStream> stream2 = request2.CreateStream();
-      EXPECT_TRUE(stream2.get());
-    } else {
-      EXPECT_EQ(ERR_ALTERNATIVE_CERT_NOT_VALID_FOR_ORIGIN, rv);
-    }
-
-    EXPECT_TRUE(socket_data1.AllReadDataConsumed());
-    EXPECT_TRUE(socket_data1.AllWriteDataConsumed());
-  }
-};
-
-INSTANTIATE_TEST_CASE_P(Version,
-                        QuicAlternativeServiceCertificateValidationPooling,
-                        ::testing::ValuesIn(GetTestParams()));
-
-TEST_P(QuicAlternativeServiceCertificateValidationPooling, Valid) {
-  Initialize();
-  Run(true);
-}
-
-TEST_P(QuicAlternativeServiceCertificateValidationPooling, Invalid) {
-  Initialize();
-  Run(false);
-}
-
 TEST_P(QuicStreamFactoryTest, HttpsPoolingWithMatchingPins) {
   Initialize();
   MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)};
@@ -963,7 +936,7 @@ TEST_P(QuicStreamFactoryTest, HttpsPoolingWithMatchingPins) {
   EXPECT_EQ(OK, request.Request(server1, privacy_mode_,
                                 /*cert_verify_flags=*/0, url_, "GET", net_log_,
                                 callback_.callback()));
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_TRUE(stream.get());
 
   TestCompletionCallback callback;
@@ -971,11 +944,10 @@ TEST_P(QuicStreamFactoryTest, HttpsPoolingWithMatchingPins) {
   EXPECT_EQ(OK, request2.Request(server2, privacy_mode_,
                                  /*cert_verify_flags=*/0, url2_, "GET",
                                  net_log_, callback_.callback()));
-  scoped_ptr<QuicHttpStream> stream2 = request2.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream2 = request2.CreateStream();
   EXPECT_TRUE(stream2.get());
 
-  EXPECT_EQ(QuicStreamFactoryPeer::GetActiveSession(factory_.get(), server1),
-            QuicStreamFactoryPeer::GetActiveSession(factory_.get(), server2));
+  EXPECT_EQ(GetActiveSession(server1), GetActiveSession(server2));
 
   EXPECT_TRUE(socket_data.AllReadDataConsumed());
   EXPECT_TRUE(socket_data.AllWriteDataConsumed());
@@ -1012,7 +984,7 @@ TEST_P(QuicStreamFactoryTest, NoHttpsPoolingWithMatchingPinsIfDisabled) {
   EXPECT_EQ(OK, request.Request(server1, privacy_mode_,
                                 /*cert_verify_flags=*/0, url_, "GET", net_log_,
                                 callback_.callback()));
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_TRUE(stream.get());
 
   TestCompletionCallback callback;
@@ -1020,11 +992,10 @@ TEST_P(QuicStreamFactoryTest, NoHttpsPoolingWithMatchingPinsIfDisabled) {
   EXPECT_EQ(OK, request2.Request(server2, privacy_mode_,
                                  /*cert_verify_flags=*/0, url2_, "GET",
                                  net_log_, callback_.callback()));
-  scoped_ptr<QuicHttpStream> stream2 = request2.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream2 = request2.CreateStream();
   EXPECT_TRUE(stream2.get());
 
-  EXPECT_NE(QuicStreamFactoryPeer::GetActiveSession(factory_.get(), server1),
-            QuicStreamFactoryPeer::GetActiveSession(factory_.get(), server2));
+  EXPECT_NE(GetActiveSession(server1), GetActiveSession(server2));
 
   EXPECT_TRUE(socket_data1.AllReadDataConsumed());
   EXPECT_TRUE(socket_data1.AllWriteDataConsumed());
@@ -1066,7 +1037,7 @@ TEST_P(QuicStreamFactoryTest, NoHttpsPoolingWithDifferentPins) {
   EXPECT_EQ(OK, request.Request(server1, privacy_mode_,
                                 /*cert_verify_flags=*/0, url_, "GET", net_log_,
                                 callback_.callback()));
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_TRUE(stream.get());
 
   TestCompletionCallback callback;
@@ -1074,11 +1045,10 @@ TEST_P(QuicStreamFactoryTest, NoHttpsPoolingWithDifferentPins) {
   EXPECT_EQ(OK, request2.Request(server2, privacy_mode_,
                                  /*cert_verify_flags=*/0, url2_, "GET",
                                  net_log_, callback_.callback()));
-  scoped_ptr<QuicHttpStream> stream2 = request2.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream2 = request2.CreateStream();
   EXPECT_TRUE(stream2.get());
 
-  EXPECT_NE(QuicStreamFactoryPeer::GetActiveSession(factory_.get(), server1),
-            QuicStreamFactoryPeer::GetActiveSession(factory_.get(), server2));
+  EXPECT_NE(GetActiveSession(server1), GetActiveSession(server2));
 
   EXPECT_TRUE(socket_data1.AllReadDataConsumed());
   EXPECT_TRUE(socket_data1.AllWriteDataConsumed());
@@ -1105,18 +1075,15 @@ TEST_P(QuicStreamFactoryTest, Goaway) {
                             callback_.callback()));
 
   EXPECT_EQ(OK, callback_.WaitForResult());
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_TRUE(stream.get());
 
   // Mark the session as going away.  Ensure that while it is still alive
   // that it is no longer active.
-  QuicChromiumClientSession* session =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), host_port_pair_);
+  QuicChromiumClientSession* session = GetActiveSession(host_port_pair_);
   factory_->OnSessionGoingAway(session);
   EXPECT_EQ(true,
             QuicStreamFactoryPeer::IsLiveSession(factory_.get(), session));
-  EXPECT_FALSE(
-      QuicStreamFactoryPeer::HasActiveSession(factory_.get(), host_port_pair_));
   EXPECT_FALSE(HasActiveSession(host_port_pair_));
 
   // Create a new request for the same destination and verify that a
@@ -1127,13 +1094,11 @@ TEST_P(QuicStreamFactoryTest, Goaway) {
                              /*cert_verify_flags=*/0, url_, "GET", net_log_,
                              callback_.callback()));
   EXPECT_EQ(OK, callback_.WaitForResult());
-  scoped_ptr<QuicHttpStream> stream2 = request2.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream2 = request2.CreateStream();
   EXPECT_TRUE(stream2.get());
 
-  EXPECT_TRUE(
-      QuicStreamFactoryPeer::HasActiveSession(factory_.get(), host_port_pair_));
-  EXPECT_NE(session, QuicStreamFactoryPeer::GetActiveSession(factory_.get(),
-                                                             host_port_pair_));
+  EXPECT_TRUE(HasActiveSession(host_port_pair_));
+  EXPECT_NE(session, GetActiveSession(host_port_pair_));
   EXPECT_EQ(true,
             QuicStreamFactoryPeer::IsLiveSession(factory_.get(), session));
 
@@ -1152,13 +1117,13 @@ TEST_P(QuicStreamFactoryTest, MaxOpenStream) {
   crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details);
 
   QuicStreamId stream_id = kClientDataStreamId1;
-  scoped_ptr<QuicEncryptedPacket> client_rst(
-      maker_.MakeRstPacket(1, true, stream_id, QUIC_STREAM_CANCELLED));
+  std::unique_ptr<QuicEncryptedPacket> client_rst(
+      client_maker_.MakeRstPacket(1, true, stream_id, QUIC_STREAM_CANCELLED));
   MockWrite writes[] = {
       MockWrite(ASYNC, client_rst->data(), client_rst->length(), 0),
   };
-  scoped_ptr<QuicEncryptedPacket> server_rst(
-      maker_.MakeRstPacket(1, false, stream_id, QUIC_STREAM_CANCELLED));
+  std::unique_ptr<QuicEncryptedPacket> server_rst(
+      server_maker_.MakeRstPacket(1, false, stream_id, QUIC_STREAM_CANCELLED));
   MockRead reads[] = {
       MockRead(ASYNC, server_rst->data(), server_rst->length(), 1),
       MockRead(SYNCHRONOUS, ERR_IO_PENDING, 2)};
@@ -1181,7 +1146,7 @@ TEST_P(QuicStreamFactoryTest, MaxOpenStream) {
     } else {
       EXPECT_EQ(OK, rv);
     }
-    scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+    std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
     EXPECT_TRUE(stream);
     EXPECT_EQ(OK, stream->InitializeStream(&request_info, DEFAULT_PRIORITY,
                                            net_log_, CompletionCallback()));
@@ -1192,7 +1157,7 @@ TEST_P(QuicStreamFactoryTest, MaxOpenStream) {
   EXPECT_EQ(OK, request.Request(host_port_pair_, privacy_mode_,
                                 /*cert_verify_flags=*/0, url_, "GET", net_log_,
                                 CompletionCallback()));
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_TRUE(stream);
   EXPECT_EQ(ERR_IO_PENDING,
             stream->InitializeStream(&request_info, DEFAULT_PRIORITY, net_log_,
@@ -1210,8 +1175,7 @@ TEST_P(QuicStreamFactoryTest, MaxOpenStream) {
   // Force close of the connection to suppress the generation of RST
   // packets when streams are torn down, which wouldn't be relevant to
   // this test anyway.
-  QuicChromiumClientSession* session =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), host_port_pair_);
+  QuicChromiumClientSession* session = GetActiveSession(host_port_pair_);
   session->connection()->CloseConnection(QUIC_PUBLIC_RESET, "test",
                                          ConnectionCloseBehavior::SILENT_CLOSE);
 
@@ -1271,7 +1235,7 @@ TEST_P(QuicStreamFactoryTest, CancelCreate) {
 
   base::RunLoop().RunUntilIdle();
 
-  scoped_ptr<QuicHttpStream> stream(CreateFromSession(host_port_pair_));
+  std::unique_ptr<QuicHttpStream> stream(CreateFromSession(host_port_pair_));
   EXPECT_TRUE(stream.get());
   stream.reset();
 
@@ -1321,7 +1285,7 @@ TEST_P(QuicStreamFactoryTest, CloseAllSessions) {
   crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details);
 
   MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)};
-  scoped_ptr<QuicEncryptedPacket> rst(ConstructRstPacket());
+  std::unique_ptr<QuicEncryptedPacket> rst(ConstructClientRstPacket());
   std::vector<MockWrite> writes;
   writes.push_back(MockWrite(ASYNC, rst->data(), rst->length(), 1));
   SequencedSocketData socket_data(reads, arraysize(reads),
@@ -1340,7 +1304,7 @@ TEST_P(QuicStreamFactoryTest, CloseAllSessions) {
                             callback_.callback()));
 
   EXPECT_EQ(OK, callback_.WaitForResult());
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   HttpRequestInfo request_info;
   EXPECT_EQ(OK, stream->InitializeStream(&request_info, DEFAULT_PRIORITY,
                                          net_log_, CompletionCallback()));
@@ -1377,7 +1341,7 @@ TEST_P(QuicStreamFactoryTest, OnIPAddressChanged) {
   crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details);
 
   MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)};
-  scoped_ptr<QuicEncryptedPacket> rst(ConstructRstPacket());
+  std::unique_ptr<QuicEncryptedPacket> rst(ConstructClientRstPacket());
   std::vector<MockWrite> writes;
   writes.push_back(MockWrite(ASYNC, rst->data(), rst->length(), 1));
   SequencedSocketData socket_data(reads, arraysize(reads),
@@ -1396,7 +1360,7 @@ TEST_P(QuicStreamFactoryTest, OnIPAddressChanged) {
                             callback_.callback()));
 
   EXPECT_EQ(OK, callback_.WaitForResult());
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   HttpRequestInfo request_info;
   EXPECT_EQ(OK, stream->InitializeStream(&request_info, DEFAULT_PRIORITY,
                                          net_log_, CompletionCallback()));
@@ -1434,7 +1398,7 @@ TEST_P(QuicStreamFactoryTest, OnNetworkChangeSoonToDisconnect) {
   crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details);
 
   MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)};
-  scoped_ptr<QuicEncryptedPacket> request_packet(
+  std::unique_ptr<QuicEncryptedPacket> request_packet(
       ConstructGetRequestPacket(1, kClientDataStreamId1, true, true));
   MockWrite writes[] = {MockWrite(SYNCHRONOUS, request_packet->data(),
                                   request_packet->length(), 1)};
@@ -1449,7 +1413,7 @@ TEST_P(QuicStreamFactoryTest, OnNetworkChangeSoonToDisconnect) {
                             /*cert_verify_flags=*/0, url_, "GET", net_log_,
                             callback_.callback()));
   EXPECT_EQ(OK, callback_.WaitForResult());
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_TRUE(stream.get());
 
   // Cause QUIC stream to be created.
@@ -1460,8 +1424,7 @@ TEST_P(QuicStreamFactoryTest, OnNetworkChangeSoonToDisconnect) {
                                          net_log_, CompletionCallback()));
 
   // Ensure that session is alive and active.
-  QuicChromiumClientSession* session =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), host_port_pair_);
+  QuicChromiumClientSession* session = GetActiveSession(host_port_pair_);
   EXPECT_TRUE(QuicStreamFactoryPeer::IsLiveSession(factory_.get(), session));
   EXPECT_TRUE(HasActiveSession(host_port_pair_));
 
@@ -1473,11 +1436,11 @@ TEST_P(QuicStreamFactoryTest, OnNetworkChangeSoonToDisconnect) {
 
   // Set up second socket data provider that is used after migration.
   // The response to the earlier request is read on this new socket.
-  scoped_ptr<QuicEncryptedPacket> ping(
-      maker_.MakePingPacket(2, /*include_version=*/true));
+  std::unique_ptr<QuicEncryptedPacket> ping(
+      client_maker_.MakePingPacket(2, /*include_version=*/true));
   MockWrite writes1[] = {
       MockWrite(SYNCHRONOUS, ping->data(), ping->length(), 0)};
-  scoped_ptr<QuicEncryptedPacket> response_headers_packet(
+  std::unique_ptr<QuicEncryptedPacket> response_headers_packet(
       ConstructOkResponsePacket(1, kClientDataStreamId1, false, false));
   MockRead reads1[] = {MockRead(ASYNC, response_headers_packet->data(),
                                 response_headers_packet->length(), 1),
@@ -1514,13 +1477,11 @@ TEST_P(QuicStreamFactoryTest, OnNetworkChangeSoonToDisconnect) {
                              /*cert_verify_flags=*/0, url_, "GET", net_log_,
                              callback_.callback()));
   EXPECT_EQ(OK, callback_.WaitForResult());
-  scoped_ptr<QuicHttpStream> stream2 = request2.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream2 = request2.CreateStream();
   EXPECT_TRUE(stream2.get());
 
-  EXPECT_TRUE(
-      QuicStreamFactoryPeer::HasActiveSession(factory_.get(), host_port_pair_));
-  QuicChromiumClientSession* new_session =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), host_port_pair_);
+  EXPECT_TRUE(HasActiveSession(host_port_pair_));
+  QuicChromiumClientSession* new_session = GetActiveSession(host_port_pair_);
   EXPECT_NE(session, new_session);
 
   // On a DISCONNECTED notification, nothing happens to the migrated
@@ -1549,7 +1510,7 @@ TEST_P(QuicStreamFactoryTest, OnNetworkChangeDisconnected) {
   crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details);
 
   MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)};
-  scoped_ptr<QuicEncryptedPacket> request_packet(
+  std::unique_ptr<QuicEncryptedPacket> request_packet(
       ConstructGetRequestPacket(1, kClientDataStreamId1, true, true));
   MockWrite writes[] = {MockWrite(SYNCHRONOUS, request_packet->data(),
                                   request_packet->length(), 1)};
@@ -1564,7 +1525,7 @@ TEST_P(QuicStreamFactoryTest, OnNetworkChangeDisconnected) {
                             /*cert_verify_flags=*/0, url_, "GET", net_log_,
                             callback_.callback()));
   EXPECT_EQ(OK, callback_.WaitForResult());
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_TRUE(stream.get());
 
   // Cause QUIC stream to be created.
@@ -1575,8 +1536,7 @@ TEST_P(QuicStreamFactoryTest, OnNetworkChangeDisconnected) {
                                          net_log_, CompletionCallback()));
 
   // Ensure that session is alive and active.
-  QuicChromiumClientSession* session =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), host_port_pair_);
+  QuicChromiumClientSession* session = GetActiveSession(host_port_pair_);
   EXPECT_TRUE(QuicStreamFactoryPeer::IsLiveSession(factory_.get(), session));
   EXPECT_TRUE(HasActiveSession(host_port_pair_));
 
@@ -1587,13 +1547,13 @@ TEST_P(QuicStreamFactoryTest, OnNetworkChangeDisconnected) {
                                     callback_.callback()));
 
   // Set up second socket data provider that is used after migration.
-  scoped_ptr<QuicEncryptedPacket> ping(
-      maker_.MakePingPacket(2, /*include_version=*/true));
-  scoped_ptr<QuicEncryptedPacket> client_rst(maker_.MakeRstPacket(
+  std::unique_ptr<QuicEncryptedPacket> ping(
+      client_maker_.MakePingPacket(2, /*include_version=*/true));
+  std::unique_ptr<QuicEncryptedPacket> client_rst(client_maker_.MakeRstPacket(
       3, true, kClientDataStreamId1, QUIC_STREAM_CANCELLED));
   MockWrite writes1[] = {
       MockWrite(SYNCHRONOUS, ping->data(), ping->length(), 0)};
-  scoped_ptr<QuicEncryptedPacket> response_packet(
+  std::unique_ptr<QuicEncryptedPacket> response_packet(
       ConstructOkResponsePacket(1, kClientDataStreamId1, false, false));
   MockRead reads1[] = {
       MockRead(ASYNC, response_packet->data(), response_packet->length(), 1),
@@ -1625,13 +1585,11 @@ TEST_P(QuicStreamFactoryTest, OnNetworkChangeDisconnected) {
                              /*cert_verify_flags=*/0, url_, "GET", net_log_,
                              callback_.callback()));
   EXPECT_EQ(OK, callback_.WaitForResult());
-  scoped_ptr<QuicHttpStream> stream2 = request2.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream2 = request2.CreateStream();
   EXPECT_TRUE(stream2.get());
 
-  EXPECT_TRUE(
-      QuicStreamFactoryPeer::HasActiveSession(factory_.get(), host_port_pair_));
-  EXPECT_NE(session, QuicStreamFactoryPeer::GetActiveSession(factory_.get(),
-                                                             host_port_pair_));
+  EXPECT_TRUE(HasActiveSession(host_port_pair_));
+  EXPECT_NE(session, GetActiveSession(host_port_pair_));
   EXPECT_EQ(true,
             QuicStreamFactoryPeer::IsLiveSession(factory_.get(), session));
 
@@ -1650,7 +1608,7 @@ TEST_P(QuicStreamFactoryTest, OnNetworkChangeSoonToDisconnectNoNetworks) {
   crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details);
 
   MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)};
-  scoped_ptr<QuicEncryptedPacket> client_rst(maker_.MakeRstPacket(
+  std::unique_ptr<QuicEncryptedPacket> client_rst(client_maker_.MakeRstPacket(
       1, true, kClientDataStreamId1, QUIC_STREAM_CANCELLED));
   MockWrite writes[] = {
       MockWrite(SYNCHRONOUS, client_rst->data(), client_rst->length(), 1),
@@ -1666,7 +1624,7 @@ TEST_P(QuicStreamFactoryTest, OnNetworkChangeSoonToDisconnectNoNetworks) {
                             /*cert_verify_flags=*/0, url_, "GET", net_log_,
                             callback_.callback()));
   EXPECT_EQ(OK, callback_.WaitForResult());
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_TRUE(stream.get());
 
   // Cause QUIC stream to be created.
@@ -1675,8 +1633,7 @@ TEST_P(QuicStreamFactoryTest, OnNetworkChangeSoonToDisconnectNoNetworks) {
                                          net_log_, CompletionCallback()));
 
   // Ensure that session is alive and active.
-  QuicChromiumClientSession* session =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), host_port_pair_);
+  QuicChromiumClientSession* session = GetActiveSession(host_port_pair_);
   EXPECT_TRUE(QuicStreamFactoryPeer::IsLiveSession(factory_.get(), session));
   EXPECT_TRUE(HasActiveSession(host_port_pair_));
   EXPECT_EQ(1u, session->GetNumActiveStreams());
@@ -1704,7 +1661,7 @@ TEST_P(QuicStreamFactoryTest, OnNetworkChangeDisconnectedNoNetworks) {
   crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details);
 
   MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)};
-  scoped_ptr<QuicEncryptedPacket> client_rst(maker_.MakeRstPacket(
+  std::unique_ptr<QuicEncryptedPacket> client_rst(client_maker_.MakeRstPacket(
       1, true, kClientDataStreamId1, QUIC_RST_ACKNOWLEDGEMENT));
   MockWrite writes[] = {
       MockWrite(ASYNC, client_rst->data(), client_rst->length(), 1),
@@ -1720,7 +1677,7 @@ TEST_P(QuicStreamFactoryTest, OnNetworkChangeDisconnectedNoNetworks) {
                             /*cert_verify_flags=*/0, url_, "GET", net_log_,
                             callback_.callback()));
   EXPECT_EQ(OK, callback_.WaitForResult());
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_TRUE(stream.get());
 
   // Cause QUIC stream to be created.
@@ -1729,8 +1686,7 @@ TEST_P(QuicStreamFactoryTest, OnNetworkChangeDisconnectedNoNetworks) {
                                          net_log_, CompletionCallback()));
 
   // Ensure that session is alive and active.
-  QuicChromiumClientSession* session =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), host_port_pair_);
+  QuicChromiumClientSession* session = GetActiveSession(host_port_pair_);
   EXPECT_TRUE(QuicStreamFactoryPeer::IsLiveSession(factory_.get(), session));
   EXPECT_TRUE(HasActiveSession(host_port_pair_));
 
@@ -1753,7 +1709,7 @@ TEST_P(QuicStreamFactoryTest, OnNetworkChangeSoonToDisconnectNoNewNetwork) {
   crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details);
 
   MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)};
-  scoped_ptr<QuicEncryptedPacket> client_rst(maker_.MakeRstPacket(
+  std::unique_ptr<QuicEncryptedPacket> client_rst(client_maker_.MakeRstPacket(
       1, true, kClientDataStreamId1, QUIC_STREAM_CANCELLED));
   MockWrite writes[] = {
       MockWrite(SYNCHRONOUS, client_rst->data(), client_rst->length(), 1),
@@ -1769,7 +1725,7 @@ TEST_P(QuicStreamFactoryTest, OnNetworkChangeSoonToDisconnectNoNewNetwork) {
                             /*cert_verify_flags=*/0, url_, "GET", net_log_,
                             callback_.callback()));
   EXPECT_EQ(OK, callback_.WaitForResult());
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_TRUE(stream.get());
 
   // Cause QUIC stream to be created.
@@ -1778,8 +1734,7 @@ TEST_P(QuicStreamFactoryTest, OnNetworkChangeSoonToDisconnectNoNewNetwork) {
                                          net_log_, CompletionCallback()));
 
   // Ensure that session is alive and active.
-  QuicChromiumClientSession* session =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), host_port_pair_);
+  QuicChromiumClientSession* session = GetActiveSession(host_port_pair_);
   EXPECT_TRUE(QuicStreamFactoryPeer::IsLiveSession(factory_.get(), session));
   EXPECT_TRUE(HasActiveSession(host_port_pair_));
 
@@ -1805,7 +1760,7 @@ TEST_P(QuicStreamFactoryTest, OnNetworkChangeDisconnectedNoNewNetwork) {
   crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details);
 
   MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)};
-  scoped_ptr<QuicEncryptedPacket> client_rst(maker_.MakeRstPacket(
+  std::unique_ptr<QuicEncryptedPacket> client_rst(client_maker_.MakeRstPacket(
       1, true, kClientDataStreamId1, QUIC_RST_ACKNOWLEDGEMENT));
   MockWrite writes[] = {
       MockWrite(ASYNC, client_rst->data(), client_rst->length(), 1),
@@ -1821,7 +1776,7 @@ TEST_P(QuicStreamFactoryTest, OnNetworkChangeDisconnectedNoNewNetwork) {
                             /*cert_verify_flags=*/0, url_, "GET", net_log_,
                             callback_.callback()));
   EXPECT_EQ(OK, callback_.WaitForResult());
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_TRUE(stream.get());
 
   // Cause QUIC stream to be created.
@@ -1830,8 +1785,7 @@ TEST_P(QuicStreamFactoryTest, OnNetworkChangeDisconnectedNoNewNetwork) {
                                          net_log_, CompletionCallback()));
 
   // Ensure that session is alive and active.
-  QuicChromiumClientSession* session =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), host_port_pair_);
+  QuicChromiumClientSession* session = GetActiveSession(host_port_pair_);
   EXPECT_TRUE(QuicStreamFactoryPeer::IsLiveSession(factory_.get(), session));
   EXPECT_TRUE(HasActiveSession(host_port_pair_));
 
@@ -1856,7 +1810,7 @@ TEST_P(QuicStreamFactoryTest,
   crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details);
 
   MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)};
-  scoped_ptr<QuicEncryptedPacket> client_rst(maker_.MakeRstPacket(
+  std::unique_ptr<QuicEncryptedPacket> client_rst(client_maker_.MakeRstPacket(
       1, true, kClientDataStreamId1, QUIC_STREAM_CANCELLED));
   MockWrite writes[] = {
       MockWrite(SYNCHRONOUS, client_rst->data(), client_rst->length(), 1),
@@ -1872,7 +1826,7 @@ TEST_P(QuicStreamFactoryTest,
                             /*cert_verify_flags=*/0, url_, "GET", net_log_,
                             callback_.callback()));
   EXPECT_EQ(OK, callback_.WaitForResult());
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_TRUE(stream.get());
 
   // Cause QUIC stream to be created, but marked as non-migratable.
@@ -1882,8 +1836,7 @@ TEST_P(QuicStreamFactoryTest,
                                          net_log_, CompletionCallback()));
 
   // Ensure that session is alive and active.
-  QuicChromiumClientSession* session =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), host_port_pair_);
+  QuicChromiumClientSession* session = GetActiveSession(host_port_pair_);
   EXPECT_TRUE(QuicStreamFactoryPeer::IsLiveSession(factory_.get(), session));
   EXPECT_TRUE(HasActiveSession(host_port_pair_));
 
@@ -1910,7 +1863,7 @@ TEST_P(QuicStreamFactoryTest,
   crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details);
 
   MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)};
-  scoped_ptr<QuicEncryptedPacket> client_rst(maker_.MakeRstPacket(
+  std::unique_ptr<QuicEncryptedPacket> client_rst(client_maker_.MakeRstPacket(
       1, true, kClientDataStreamId1, QUIC_STREAM_CANCELLED));
   MockWrite writes[] = {
       MockWrite(SYNCHRONOUS, client_rst->data(), client_rst->length(), 1),
@@ -1926,7 +1879,7 @@ TEST_P(QuicStreamFactoryTest,
                             /*cert_verify_flags=*/0, url_, "GET", net_log_,
                             callback_.callback()));
   EXPECT_EQ(OK, callback_.WaitForResult());
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_TRUE(stream.get());
 
   // Cause QUIC stream to be created.
@@ -1935,8 +1888,7 @@ TEST_P(QuicStreamFactoryTest,
                                          net_log_, CompletionCallback()));
 
   // Ensure that session is alive and active.
-  QuicChromiumClientSession* session =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), host_port_pair_);
+  QuicChromiumClientSession* session = GetActiveSession(host_port_pair_);
   EXPECT_TRUE(QuicStreamFactoryPeer::IsLiveSession(factory_.get(), session));
   EXPECT_TRUE(HasActiveSession(host_port_pair_));
 
@@ -1966,7 +1918,7 @@ TEST_P(QuicStreamFactoryTest, OnNetworkChangeDisconnectedNonMigratableStream) {
   crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details);
 
   MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)};
-  scoped_ptr<QuicEncryptedPacket> client_rst(maker_.MakeRstPacket(
+  std::unique_ptr<QuicEncryptedPacket> client_rst(client_maker_.MakeRstPacket(
       1, true, kClientDataStreamId1, QUIC_RST_ACKNOWLEDGEMENT));
   MockWrite writes[] = {
       MockWrite(ASYNC, client_rst->data(), client_rst->length(), 1),
@@ -1982,7 +1934,7 @@ TEST_P(QuicStreamFactoryTest, OnNetworkChangeDisconnectedNonMigratableStream) {
                             /*cert_verify_flags=*/0, url_, "GET", net_log_,
                             callback_.callback()));
   EXPECT_EQ(OK, callback_.WaitForResult());
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_TRUE(stream.get());
 
   // Cause QUIC stream to be created, but marked as non-migratable.
@@ -1992,8 +1944,7 @@ TEST_P(QuicStreamFactoryTest, OnNetworkChangeDisconnectedNonMigratableStream) {
                                          net_log_, CompletionCallback()));
 
   // Ensure that session is alive and active.
-  QuicChromiumClientSession* session =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), host_port_pair_);
+  QuicChromiumClientSession* session = GetActiveSession(host_port_pair_);
   EXPECT_TRUE(QuicStreamFactoryPeer::IsLiveSession(factory_.get(), session));
   EXPECT_TRUE(HasActiveSession(host_port_pair_));
 
@@ -2018,7 +1969,7 @@ TEST_P(QuicStreamFactoryTest,
   crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details);
 
   MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)};
-  scoped_ptr<QuicEncryptedPacket> client_rst(maker_.MakeRstPacket(
+  std::unique_ptr<QuicEncryptedPacket> client_rst(client_maker_.MakeRstPacket(
       1, true, kClientDataStreamId1, QUIC_RST_ACKNOWLEDGEMENT));
   MockWrite writes[] = {
       MockWrite(ASYNC, client_rst->data(), client_rst->length(), 1),
@@ -2034,7 +1985,7 @@ TEST_P(QuicStreamFactoryTest,
                             /*cert_verify_flags=*/0, url_, "GET", net_log_,
                             callback_.callback()));
   EXPECT_EQ(OK, callback_.WaitForResult());
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_TRUE(stream.get());
 
   // Cause QUIC stream to be created.
@@ -2043,8 +1994,7 @@ TEST_P(QuicStreamFactoryTest,
                                          net_log_, CompletionCallback()));
 
   // Ensure that session is alive and active.
-  QuicChromiumClientSession* session =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), host_port_pair_);
+  QuicChromiumClientSession* session = GetActiveSession(host_port_pair_);
   EXPECT_TRUE(QuicStreamFactoryPeer::IsLiveSession(factory_.get(), session));
   EXPECT_TRUE(HasActiveSession(host_port_pair_));
 
@@ -2082,12 +2032,11 @@ TEST_P(QuicStreamFactoryTest, OnNetworkChangeSoonToDisconnectNoOpenStreams) {
                             /*cert_verify_flags=*/0, url_, "GET", net_log_,
                             callback_.callback()));
   EXPECT_EQ(OK, callback_.WaitForResult());
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_TRUE(stream.get());
 
   // Ensure that session is alive and active.
-  QuicChromiumClientSession* session =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), host_port_pair_);
+  QuicChromiumClientSession* session = GetActiveSession(host_port_pair_);
   EXPECT_TRUE(QuicStreamFactoryPeer::IsLiveSession(factory_.get(), session));
   EXPECT_TRUE(HasActiveSession(host_port_pair_));
 
@@ -2120,12 +2069,11 @@ TEST_P(QuicStreamFactoryTest, OnNetworkChangeDisconnectedNoOpenStreams) {
                             /*cert_verify_flags=*/0, url_, "GET", net_log_,
                             callback_.callback()));
   EXPECT_EQ(OK, callback_.WaitForResult());
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_TRUE(stream.get());
 
   // Ensure that session is alive and active.
-  QuicChromiumClientSession* session =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), host_port_pair_);
+  QuicChromiumClientSession* session = GetActiveSession(host_port_pair_);
   EXPECT_TRUE(QuicStreamFactoryPeer::IsLiveSession(factory_.get(), session));
   EXPECT_TRUE(HasActiveSession(host_port_pair_));
 
@@ -2149,7 +2097,7 @@ TEST_P(QuicStreamFactoryTest, MigrateSessionEarly) {
   crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details);
 
   MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)};
-  scoped_ptr<QuicEncryptedPacket> request_packet(
+  std::unique_ptr<QuicEncryptedPacket> request_packet(
       ConstructGetRequestPacket(1, kClientDataStreamId1, true, true));
   MockWrite writes[] = {MockWrite(SYNCHRONOUS, request_packet->data(),
                                   request_packet->length(), 1)};
@@ -2164,7 +2112,7 @@ TEST_P(QuicStreamFactoryTest, MigrateSessionEarly) {
                             /*cert_verify_flags=*/0, url_, "GET", net_log_,
                             callback_.callback()));
   EXPECT_EQ(OK, callback_.WaitForResult());
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_TRUE(stream.get());
 
   // Cause QUIC stream to be created.
@@ -2175,8 +2123,7 @@ TEST_P(QuicStreamFactoryTest, MigrateSessionEarly) {
                                          net_log_, CompletionCallback()));
 
   // Ensure that session is alive and active.
-  QuicChromiumClientSession* session =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), host_port_pair_);
+  QuicChromiumClientSession* session = GetActiveSession(host_port_pair_);
   EXPECT_TRUE(QuicStreamFactoryPeer::IsLiveSession(factory_.get(), session));
   EXPECT_TRUE(HasActiveSession(host_port_pair_));
 
@@ -2188,11 +2135,11 @@ TEST_P(QuicStreamFactoryTest, MigrateSessionEarly) {
 
   // Set up second socket data provider that is used after migration.
   // The response to the earlier request is read on this new socket.
-  scoped_ptr<QuicEncryptedPacket> ping(
-      maker_.MakePingPacket(2, /*include_version=*/true));
+  std::unique_ptr<QuicEncryptedPacket> ping(
+      client_maker_.MakePingPacket(2, /*include_version=*/true));
   MockWrite writes1[] = {
       MockWrite(SYNCHRONOUS, ping->data(), ping->length(), 0)};
-  scoped_ptr<QuicEncryptedPacket> response_headers_packet(
+  std::unique_ptr<QuicEncryptedPacket> response_headers_packet(
       ConstructOkResponsePacket(1, kClientDataStreamId1, false, false));
   MockRead reads1[] = {MockRead(ASYNC, response_headers_packet->data(),
                                 response_headers_packet->length(), 1),
@@ -2232,13 +2179,11 @@ TEST_P(QuicStreamFactoryTest, MigrateSessionEarly) {
                              /*cert_verify_flags=*/0, url_, "GET", net_log_,
                              callback_.callback()));
   EXPECT_EQ(OK, callback_.WaitForResult());
-  scoped_ptr<QuicHttpStream> stream2 = request2.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream2 = request2.CreateStream();
   EXPECT_TRUE(stream2.get());
 
-  EXPECT_TRUE(
-      QuicStreamFactoryPeer::HasActiveSession(factory_.get(), host_port_pair_));
-  QuicChromiumClientSession* new_session =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), host_port_pair_);
+  EXPECT_TRUE(HasActiveSession(host_port_pair_));
+  QuicChromiumClientSession* new_session = GetActiveSession(host_port_pair_);
   EXPECT_NE(session, new_session);
 
   // On a SOON_TO_DISCONNECT notification, nothing happens to the
@@ -2271,7 +2216,7 @@ TEST_P(QuicStreamFactoryTest, MigrateSessionEarlyNoNewNetwork) {
   crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details);
 
   MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)};
-  scoped_ptr<QuicEncryptedPacket> client_rst(maker_.MakeRstPacket(
+  std::unique_ptr<QuicEncryptedPacket> client_rst(client_maker_.MakeRstPacket(
       1, true, kClientDataStreamId1, QUIC_STREAM_CANCELLED));
   MockWrite writes[] = {
       MockWrite(SYNCHRONOUS, client_rst->data(), client_rst->length(), 1),
@@ -2287,7 +2232,7 @@ TEST_P(QuicStreamFactoryTest, MigrateSessionEarlyNoNewNetwork) {
                             /*cert_verify_flags=*/0, url_, "GET", net_log_,
                             callback_.callback()));
   EXPECT_EQ(OK, callback_.WaitForResult());
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_TRUE(stream.get());
 
   // Cause QUIC stream to be created.
@@ -2296,8 +2241,7 @@ TEST_P(QuicStreamFactoryTest, MigrateSessionEarlyNoNewNetwork) {
                                          net_log_, CompletionCallback()));
 
   // Ensure that session is alive and active.
-  QuicChromiumClientSession* session =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), host_port_pair_);
+  QuicChromiumClientSession* session = GetActiveSession(host_port_pair_);
   EXPECT_TRUE(QuicStreamFactoryPeer::IsLiveSession(factory_.get(), session));
   EXPECT_TRUE(HasActiveSession(host_port_pair_));
 
@@ -2327,7 +2271,7 @@ TEST_P(QuicStreamFactoryTest, MigrateSessionEarlyNonMigratableStream) {
   crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details);
 
   MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)};
-  scoped_ptr<QuicEncryptedPacket> client_rst(maker_.MakeRstPacket(
+  std::unique_ptr<QuicEncryptedPacket> client_rst(client_maker_.MakeRstPacket(
       1, true, kClientDataStreamId1, QUIC_STREAM_CANCELLED));
   MockWrite writes[] = {
       MockWrite(SYNCHRONOUS, client_rst->data(), client_rst->length(), 1),
@@ -2343,7 +2287,7 @@ TEST_P(QuicStreamFactoryTest, MigrateSessionEarlyNonMigratableStream) {
                             /*cert_verify_flags=*/0, url_, "GET", net_log_,
                             callback_.callback()));
   EXPECT_EQ(OK, callback_.WaitForResult());
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_TRUE(stream.get());
 
   // Cause QUIC stream to be created, but marked as non-migratable.
@@ -2353,8 +2297,7 @@ TEST_P(QuicStreamFactoryTest, MigrateSessionEarlyNonMigratableStream) {
                                          net_log_, CompletionCallback()));
 
   // Ensure that session is alive and active.
-  QuicChromiumClientSession* session =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), host_port_pair_);
+  QuicChromiumClientSession* session = GetActiveSession(host_port_pair_);
   EXPECT_TRUE(QuicStreamFactoryPeer::IsLiveSession(factory_.get(), session));
   EXPECT_TRUE(HasActiveSession(host_port_pair_));
 
@@ -2383,7 +2326,7 @@ TEST_P(QuicStreamFactoryTest, MigrateSessionEarlyConnectionMigrationDisabled) {
   crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details);
 
   MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)};
-  scoped_ptr<QuicEncryptedPacket> client_rst(maker_.MakeRstPacket(
+  std::unique_ptr<QuicEncryptedPacket> client_rst(client_maker_.MakeRstPacket(
       1, true, kClientDataStreamId1, QUIC_STREAM_CANCELLED));
   MockWrite writes[] = {
       MockWrite(SYNCHRONOUS, client_rst->data(), client_rst->length(), 1),
@@ -2399,7 +2342,7 @@ TEST_P(QuicStreamFactoryTest, MigrateSessionEarlyConnectionMigrationDisabled) {
                             /*cert_verify_flags=*/0, url_, "GET", net_log_,
                             callback_.callback()));
   EXPECT_EQ(OK, callback_.WaitForResult());
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_TRUE(stream.get());
 
   // Cause QUIC stream to be created.
@@ -2408,8 +2351,7 @@ TEST_P(QuicStreamFactoryTest, MigrateSessionEarlyConnectionMigrationDisabled) {
                                          net_log_, CompletionCallback()));
 
   // Ensure that session is alive and active.
-  QuicChromiumClientSession* session =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), host_port_pair_);
+  QuicChromiumClientSession* session = GetActiveSession(host_port_pair_);
   EXPECT_TRUE(QuicStreamFactoryPeer::IsLiveSession(factory_.get(), session));
   EXPECT_TRUE(HasActiveSession(host_port_pair_));
 
@@ -2442,7 +2384,7 @@ TEST_P(QuicStreamFactoryTest, OnSSLConfigChanged) {
   crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details);
 
   MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)};
-  scoped_ptr<QuicEncryptedPacket> rst(ConstructRstPacket());
+  std::unique_ptr<QuicEncryptedPacket> rst(ConstructClientRstPacket());
   std::vector<MockWrite> writes;
   writes.push_back(MockWrite(ASYNC, rst->data(), rst->length(), 1));
   SequencedSocketData socket_data(reads, arraysize(reads),
@@ -2461,7 +2403,7 @@ TEST_P(QuicStreamFactoryTest, OnSSLConfigChanged) {
                             callback_.callback()));
 
   EXPECT_EQ(OK, callback_.WaitForResult());
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   HttpRequestInfo request_info;
   EXPECT_EQ(OK, stream->InitializeStream(&request_info, DEFAULT_PRIORITY,
                                          net_log_, CompletionCallback()));
@@ -2497,7 +2439,7 @@ TEST_P(QuicStreamFactoryTest, OnCertAdded) {
   crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details);
 
   MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)};
-  scoped_ptr<QuicEncryptedPacket> rst(ConstructRstPacket());
+  std::unique_ptr<QuicEncryptedPacket> rst(ConstructClientRstPacket());
   std::vector<MockWrite> writes;
   writes.push_back(MockWrite(ASYNC, rst->data(), rst->length(), 1));
   SequencedSocketData socket_data(reads, arraysize(reads),
@@ -2516,7 +2458,7 @@ TEST_P(QuicStreamFactoryTest, OnCertAdded) {
                             callback_.callback()));
 
   EXPECT_EQ(OK, callback_.WaitForResult());
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   HttpRequestInfo request_info;
   EXPECT_EQ(OK, stream->InitializeStream(&request_info, DEFAULT_PRIORITY,
                                          net_log_, CompletionCallback()));
@@ -2553,7 +2495,7 @@ TEST_P(QuicStreamFactoryTest, OnCACertChanged) {
   crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details);
 
   MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)};
-  scoped_ptr<QuicEncryptedPacket> rst(ConstructRstPacket());
+  std::unique_ptr<QuicEncryptedPacket> rst(ConstructClientRstPacket());
   std::vector<MockWrite> writes;
   writes.push_back(MockWrite(ASYNC, rst->data(), rst->length(), 1));
   SequencedSocketData socket_data(reads, arraysize(reads),
@@ -2572,7 +2514,7 @@ TEST_P(QuicStreamFactoryTest, OnCACertChanged) {
                             callback_.callback()));
 
   EXPECT_EQ(OK, callback_.WaitForResult());
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   HttpRequestInfo request_info;
   EXPECT_EQ(OK, stream->InitializeStream(&request_info, DEFAULT_PRIORITY,
                                          net_log_, CompletionCallback()));
@@ -2680,7 +2622,7 @@ TEST_P(QuicStreamFactoryTest, RacingConnections) {
   ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails();
   crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details);
 
-  if (!GetParam().enable_connection_racing)
+  if (!enable_connection_racing_)
     return;
 
   QuicStreamFactoryPeer::SetTaskRunner(factory_.get(), runner_.get());
@@ -2700,8 +2642,11 @@ TEST_P(QuicStreamFactoryTest, RacingConnections) {
   alternative_service_info_vector.push_back(
       AlternativeServiceInfo(alternative_service1, expiration));
 
+  url::SchemeHostPort server("https", kDefaultServerHostName,
+                             kDefaultServerPort);
+
   http_server_properties_.SetAlternativeServices(
-      host_port_pair_, alternative_service_info_vector);
+      server, alternative_service_info_vector);
 
   crypto_client_stream_factory_.set_handshake_mode(
       MockCryptoClientStream::ZERO_RTT);
@@ -2720,7 +2665,7 @@ TEST_P(QuicStreamFactoryTest, RacingConnections) {
 
   runner_->RunNextTask();
 
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_TRUE(stream.get());
   EXPECT_TRUE(socket_data.AllReadDataConsumed());
   EXPECT_TRUE(socket_data.AllWriteDataConsumed());
@@ -2755,7 +2700,7 @@ TEST_P(QuicStreamFactoryTest, EnableNotLoadFromDiskCache) {
   // the CancelWaitForDataReady task hasn't been posted.
   ASSERT_EQ(0u, runner_->GetPostedTasks().size());
 
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_TRUE(stream.get());
   EXPECT_TRUE(socket_data.AllReadDataConsumed());
   EXPECT_TRUE(socket_data.AllWriteDataConsumed());
@@ -2809,8 +2754,7 @@ TEST_P(QuicStreamFactoryTest, BadPacketLoss) {
                                 /*cert_verify_flags=*/0, url_, "GET", net_log_,
                                 callback_.callback()));
 
-  QuicChromiumClientSession* session =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), host_port_pair_);
+  QuicChromiumClientSession* session = GetActiveSession(host_port_pair_);
 
   DVLOG(1) << "Create 1st session and test packet loss";
 
@@ -2818,8 +2762,7 @@ TEST_P(QuicStreamFactoryTest, BadPacketLoss) {
   EXPECT_FALSE(
       factory_->OnHandshakeConfirmed(session, /*packet_loss_rate=*/0.9f));
   EXPECT_TRUE(session->connection()->connected());
-  EXPECT_TRUE(
-      QuicStreamFactoryPeer::HasActiveSession(factory_.get(), host_port_pair_));
+  EXPECT_TRUE(HasActiveSession(host_port_pair_));
   EXPECT_FALSE(QuicStreamFactoryPeer::IsQuicDisabled(factory_.get(),
                                                      host_port_pair_.port()));
   EXPECT_EQ(0, QuicStreamFactoryPeer::GetNumberOfLossyConnections(
@@ -2834,8 +2777,7 @@ TEST_P(QuicStreamFactoryTest, BadPacketLoss) {
   EXPECT_TRUE(session->connection()->connected());
   EXPECT_FALSE(QuicStreamFactoryPeer::IsQuicDisabled(factory_.get(),
                                                      host_port_pair_.port()));
-  EXPECT_TRUE(
-      QuicStreamFactoryPeer::HasActiveSession(factory_.get(), host_port_pair_));
+  EXPECT_TRUE(HasActiveSession(host_port_pair_));
 
   // Test N-in-a-row high packet loss connections.
 
@@ -2844,10 +2786,9 @@ TEST_P(QuicStreamFactoryTest, BadPacketLoss) {
   TestCompletionCallback callback2;
   QuicStreamRequest request2(factory_.get());
   EXPECT_EQ(OK, request2.Request(server2, privacy_mode_,
-                                 /*cert_verify_flags=*/0, url_, "GET", net_log_,
-                                 callback2.callback()));
-  QuicChromiumClientSession* session2 =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), server2);
+                                 /*cert_verify_flags=*/0, url2_, "GET",
+                                 net_log_, callback2.callback()));
+  QuicChromiumClientSession* session2 = GetActiveSession(server2);
 
   // If there is no packet loss during handshake confirmation, number of lossy
   // connections for the port should be 0.
@@ -2869,7 +2810,7 @@ TEST_P(QuicStreamFactoryTest, BadPacketLoss) {
   EXPECT_TRUE(session2->connection()->connected());
   EXPECT_FALSE(
       QuicStreamFactoryPeer::IsQuicDisabled(factory_.get(), server2.port()));
-  EXPECT_TRUE(QuicStreamFactoryPeer::HasActiveSession(factory_.get(), server2));
+  EXPECT_TRUE(HasActiveSession(server2));
 
   DVLOG(1) << "Create 3rd session which also has packet loss";
 
@@ -2878,8 +2819,7 @@ TEST_P(QuicStreamFactoryTest, BadPacketLoss) {
   EXPECT_EQ(OK, request3.Request(server3, privacy_mode_,
                                  /*cert_verify_flags=*/0, url3_, "GET",
                                  net_log_, callback3.callback()));
-  QuicChromiumClientSession* session3 =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), server3);
+  QuicChromiumClientSession* session3 = GetActiveSession(server3);
 
   DVLOG(1) << "Create 4th session with packet loss and test IsQuicDisabled()";
   TestCompletionCallback callback4;
@@ -2887,8 +2827,7 @@ TEST_P(QuicStreamFactoryTest, BadPacketLoss) {
   EXPECT_EQ(OK, request4.Request(server4, privacy_mode_,
                                  /*cert_verify_flags=*/0, url4_, "GET",
                                  net_log_, callback4.callback()));
-  QuicChromiumClientSession* session4 =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), server4);
+  QuicChromiumClientSession* session4 = GetActiveSession(server4);
 
   // Set packet_loss_rate to higher value than packet_loss_threshold 2nd time in
   // a row and that should close the session and disable QUIC.
@@ -2899,8 +2838,6 @@ TEST_P(QuicStreamFactoryTest, BadPacketLoss) {
   EXPECT_FALSE(session3->connection()->connected());
   EXPECT_TRUE(
       QuicStreamFactoryPeer::IsQuicDisabled(factory_.get(), server3.port()));
-  EXPECT_FALSE(
-      QuicStreamFactoryPeer::HasActiveSession(factory_.get(), server3));
   EXPECT_FALSE(HasActiveSession(server3));
 
   // Set packet_loss_rate to higher value than packet_loss_threshold 3rd time in
@@ -2912,17 +2849,15 @@ TEST_P(QuicStreamFactoryTest, BadPacketLoss) {
   EXPECT_FALSE(session4->connection()->connected());
   EXPECT_TRUE(
       QuicStreamFactoryPeer::IsQuicDisabled(factory_.get(), server4.port()));
-  EXPECT_FALSE(
-      QuicStreamFactoryPeer::HasActiveSession(factory_.get(), server4));
   EXPECT_FALSE(HasActiveSession(server4));
 
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_TRUE(stream.get());
-  scoped_ptr<QuicHttpStream> stream2 = request2.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream2 = request2.CreateStream();
   EXPECT_TRUE(stream2.get());
-  scoped_ptr<QuicHttpStream> stream3 = request3.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream3 = request3.CreateStream();
   EXPECT_TRUE(stream3.get());
-  scoped_ptr<QuicHttpStream> stream4 = request4.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream4 = request4.CreateStream();
   EXPECT_TRUE(stream4.get());
   EXPECT_TRUE(socket_data.AllReadDataConsumed());
   EXPECT_TRUE(socket_data.AllWriteDataConsumed());
@@ -2969,8 +2904,7 @@ TEST_P(QuicStreamFactoryTest, PublicResetPostHandshakeTwoOfTwo) {
                                 /*cert_verify_flags=*/0, url_, "GET", net_log_,
                                 callback_.callback()));
 
-  QuicChromiumClientSession* session =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), host_port_pair_);
+  QuicChromiumClientSession* session = GetActiveSession(host_port_pair_);
 
   DVLOG(1) << "Created 1st session. Now trigger public reset post handshake";
   session->connection()->CloseConnection(QUIC_PUBLIC_RESET, "test",
@@ -2992,8 +2926,7 @@ TEST_P(QuicStreamFactoryTest, PublicResetPostHandshakeTwoOfTwo) {
   EXPECT_EQ(OK, request2.Request(server2, privacy_mode_,
                                  /*cert_verify_flags=*/0, url2_, "GET",
                                  net_log_, callback2.callback()));
-  QuicChromiumClientSession* session2 =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), server2);
+  QuicChromiumClientSession* session2 = GetActiveSession(server2);
 
   session2->connection()->CloseConnection(
       QUIC_PUBLIC_RESET, "test", ConnectionCloseBehavior::SILENT_CLOSE);
@@ -3009,9 +2942,9 @@ TEST_P(QuicStreamFactoryTest, PublicResetPostHandshakeTwoOfTwo) {
       QuicChromiumClientSession::QUIC_DISABLED_PUBLIC_RESET_POST_HANDSHAKE,
       factory_->QuicDisabledReason(host_port_pair_.port()));
 
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_FALSE(stream.get());  // Session is already closed.
-  scoped_ptr<QuicHttpStream> stream2 = request2.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream2 = request2.CreateStream();
   EXPECT_FALSE(stream2.get());  // Session is already closed.
   EXPECT_TRUE(socket_data.AllReadDataConsumed());
   EXPECT_TRUE(socket_data.AllWriteDataConsumed());
@@ -3054,10 +2987,9 @@ TEST_P(QuicStreamFactoryTest, TimeoutsWithOpenStreamsTwoOfTwo) {
                                 /*cert_verify_flags=*/0, url_, "GET", net_log_,
                                 callback_.callback()));
 
-  QuicChromiumClientSession* session =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), host_port_pair_);
+  QuicChromiumClientSession* session = GetActiveSession(host_port_pair_);
 
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_TRUE(stream.get());
   HttpRequestInfo request_info;
   EXPECT_EQ(OK, stream->InitializeStream(&request_info, DEFAULT_PRIORITY,
@@ -3084,10 +3016,9 @@ TEST_P(QuicStreamFactoryTest, TimeoutsWithOpenStreamsTwoOfTwo) {
   EXPECT_EQ(OK, request2.Request(server2, privacy_mode_,
                                  /*cert_verify_flags=*/0, url2_, "GET",
                                  net_log_, callback2.callback()));
-  QuicChromiumClientSession* session2 =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), server2);
+  QuicChromiumClientSession* session2 = GetActiveSession(server2);
 
-  scoped_ptr<QuicHttpStream> stream2 = request2.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream2 = request2.CreateStream();
   EXPECT_TRUE(stream2.get());
   EXPECT_EQ(OK, stream2->InitializeStream(&request_info, DEFAULT_PRIORITY,
                                           net_log_, CompletionCallback()));
@@ -3159,8 +3090,7 @@ TEST_P(QuicStreamFactoryTest, PublicResetPostHandshakeTwoOfThree) {
                                 /*cert_verify_flags=*/0, url_, "GET", net_log_,
                                 callback_.callback()));
 
-  QuicChromiumClientSession* session =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), host_port_pair_);
+  QuicChromiumClientSession* session = GetActiveSession(host_port_pair_);
 
   DVLOG(1) << "Created 1st session. Now trigger public reset post handshake";
   session->connection()->CloseConnection(QUIC_PUBLIC_RESET, "test",
@@ -3181,8 +3111,7 @@ TEST_P(QuicStreamFactoryTest, PublicResetPostHandshakeTwoOfThree) {
   EXPECT_EQ(OK, request2.Request(server2, privacy_mode_,
                                  /*cert_verify_flags=*/0, url2_, "GET",
                                  net_log_, callback2.callback()));
-  QuicChromiumClientSession* session2 =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), server2);
+  QuicChromiumClientSession* session2 = GetActiveSession(server2);
 
   session2->connection()->CloseConnection(
       QUIC_NO_ERROR, "test", ConnectionCloseBehavior::SILENT_CLOSE);
@@ -3200,10 +3129,9 @@ TEST_P(QuicStreamFactoryTest, PublicResetPostHandshakeTwoOfThree) {
   TestCompletionCallback callback3;
   QuicStreamRequest request3(factory_.get());
   EXPECT_EQ(OK, request3.Request(server3, privacy_mode_,
-                                 /*cert_verify_flags=*/0, url2_, "GET",
+                                 /*cert_verify_flags=*/0, url3_, "GET",
                                  net_log_, callback3.callback()));
-  QuicChromiumClientSession* session3 =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), server3);
+  QuicChromiumClientSession* session3 = GetActiveSession(server3);
 
   session3->connection()->CloseConnection(
       QUIC_PUBLIC_RESET, "test", ConnectionCloseBehavior::SILENT_CLOSE);
@@ -3219,11 +3147,11 @@ TEST_P(QuicStreamFactoryTest, PublicResetPostHandshakeTwoOfThree) {
       QuicChromiumClientSession::QUIC_DISABLED_PUBLIC_RESET_POST_HANDSHAKE,
       factory_->QuicDisabledReason(host_port_pair_.port()));
 
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_FALSE(stream.get());  // Session is already closed.
-  scoped_ptr<QuicHttpStream> stream2 = request2.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream2 = request2.CreateStream();
   EXPECT_FALSE(stream2.get());  // Session is already closed.
-  scoped_ptr<QuicHttpStream> stream3 = request3.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream3 = request3.CreateStream();
   EXPECT_FALSE(stream3.get());  // Session is already closed.
 
   EXPECT_TRUE(socket_data.AllReadDataConsumed());
@@ -3277,10 +3205,9 @@ TEST_P(QuicStreamFactoryTest, TimeoutsWithOpenStreamsTwoOfThree) {
                                 /*cert_verify_flags=*/0, url_, "GET", net_log_,
                                 callback_.callback()));
 
-  QuicChromiumClientSession* session =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), host_port_pair_);
+  QuicChromiumClientSession* session = GetActiveSession(host_port_pair_);
 
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_TRUE(stream.get());
   HttpRequestInfo request_info;
   EXPECT_EQ(OK, stream->InitializeStream(&request_info, DEFAULT_PRIORITY,
@@ -3307,8 +3234,7 @@ TEST_P(QuicStreamFactoryTest, TimeoutsWithOpenStreamsTwoOfThree) {
   EXPECT_EQ(OK, request2.Request(server2, privacy_mode_,
                                  /*cert_verify_flags=*/0, url2_, "GET",
                                  net_log_, callback2.callback()));
-  QuicChromiumClientSession* session2 =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), server2);
+  QuicChromiumClientSession* session2 = GetActiveSession(server2);
 
   session2->connection()->CloseConnection(
       QUIC_NO_ERROR, "test", ConnectionCloseBehavior::SILENT_CLOSE);
@@ -3329,10 +3255,9 @@ TEST_P(QuicStreamFactoryTest, TimeoutsWithOpenStreamsTwoOfThree) {
   EXPECT_EQ(OK, request3.Request(server3, privacy_mode_,
                                  /*cert_verify_flags=*/0, url3_, "GET",
                                  net_log_, callback3.callback()));
-  QuicChromiumClientSession* session3 =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), server3);
+  QuicChromiumClientSession* session3 = GetActiveSession(server3);
 
-  scoped_ptr<QuicHttpStream> stream3 = request3.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream3 = request3.CreateStream();
   EXPECT_TRUE(stream3.get());
   EXPECT_EQ(OK, stream3->InitializeStream(&request_info, DEFAULT_PRIORITY,
                                           net_log_, CompletionCallback()));
@@ -3349,7 +3274,7 @@ TEST_P(QuicStreamFactoryTest, TimeoutsWithOpenStreamsTwoOfThree) {
   EXPECT_EQ(QuicChromiumClientSession::QUIC_DISABLED_TIMEOUT_WITH_OPEN_STREAMS,
             factory_->QuicDisabledReason(host_port_pair_.port()));
 
-  scoped_ptr<QuicHttpStream> stream2 = request2.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream2 = request2.CreateStream();
   EXPECT_FALSE(stream2.get());  // Session is already closed.
 
   // Verify that QUIC is un-disabled after a network change.
@@ -3396,10 +3321,9 @@ TEST_P(QuicStreamFactoryTest, DisableQuicWhenTimeoutsWithOpenStreams) {
                                 /*cert_verify_flags=*/0, url_, "GET", net_log_,
                                 callback_.callback()));
 
-  QuicChromiumClientSession* session =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), host_port_pair_);
+  QuicChromiumClientSession* session = GetActiveSession(host_port_pair_);
 
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_TRUE(stream.get());
   HttpRequestInfo request_info;
   EXPECT_EQ(OK, stream->InitializeStream(&request_info, DEFAULT_PRIORITY,
@@ -3485,8 +3409,7 @@ TEST_P(QuicStreamFactoryTest, PublicResetPostHandshakeTwoOfFour) {
                                 /*cert_verify_flags=*/0, url_, "GET", net_log_,
                                 callback_.callback()));
 
-  QuicChromiumClientSession* session =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), host_port_pair_);
+  QuicChromiumClientSession* session = GetActiveSession(host_port_pair_);
 
   DVLOG(1) << "Created 1st session. Now trigger public reset post handshake";
   session->connection()->CloseConnection(QUIC_PUBLIC_RESET, "test",
@@ -3507,8 +3430,7 @@ TEST_P(QuicStreamFactoryTest, PublicResetPostHandshakeTwoOfFour) {
   EXPECT_EQ(OK, request2.Request(server2, privacy_mode_,
                                  /*cert_verify_flags=*/0, url2_, "GET",
                                  net_log_, callback2.callback()));
-  QuicChromiumClientSession* session2 =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), server2);
+  QuicChromiumClientSession* session2 = GetActiveSession(server2);
 
   session2->connection()->CloseConnection(
       QUIC_NO_ERROR, "test", ConnectionCloseBehavior::SILENT_CLOSE);
@@ -3526,8 +3448,7 @@ TEST_P(QuicStreamFactoryTest, PublicResetPostHandshakeTwoOfFour) {
   EXPECT_EQ(OK, request3.Request(server3, privacy_mode_,
                                  /*cert_verify_flags=*/0, url3_, "GET",
                                  net_log_, callback3.callback()));
-  QuicChromiumClientSession* session3 =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), server3);
+  QuicChromiumClientSession* session3 = GetActiveSession(server3);
 
   session3->connection()->CloseConnection(
       QUIC_NO_ERROR, "test", ConnectionCloseBehavior::SILENT_CLOSE);
@@ -3547,8 +3468,7 @@ TEST_P(QuicStreamFactoryTest, PublicResetPostHandshakeTwoOfFour) {
   EXPECT_EQ(OK, request4.Request(server4, privacy_mode_,
                                  /*cert_verify_flags=*/0, url4_, "GET",
                                  net_log_, callback4.callback()));
-  QuicChromiumClientSession* session4 =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), server4);
+  QuicChromiumClientSession* session4 = GetActiveSession(server4);
 
   session4->connection()->CloseConnection(
       QUIC_PUBLIC_RESET, "test", ConnectionCloseBehavior::SILENT_CLOSE);
@@ -3561,13 +3481,13 @@ TEST_P(QuicStreamFactoryTest, PublicResetPostHandshakeTwoOfFour) {
   EXPECT_FALSE(QuicStreamFactoryPeer::IsQuicDisabled(factory_.get(),
                                                      host_port_pair_.port()));
 
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_FALSE(stream.get());  // Session is already closed.
-  scoped_ptr<QuicHttpStream> stream2 = request2.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream2 = request2.CreateStream();
   EXPECT_FALSE(stream2.get());  // Session is already closed.
-  scoped_ptr<QuicHttpStream> stream3 = request3.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream3 = request3.CreateStream();
   EXPECT_FALSE(stream3.get());  // Session is already closed.
-  scoped_ptr<QuicHttpStream> stream4 = request4.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream4 = request4.CreateStream();
   EXPECT_FALSE(stream4.get());  // Session is already closed.
 
   EXPECT_TRUE(socket_data.AllReadDataConsumed());
@@ -3629,10 +3549,9 @@ TEST_P(QuicStreamFactoryTest, TimeoutsWithOpenStreamsTwoOfFour) {
                                 /*cert_verify_flags=*/0, url_, "GET", net_log_,
                                 callback_.callback()));
 
-  QuicChromiumClientSession* session =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), host_port_pair_);
+  QuicChromiumClientSession* session = GetActiveSession(host_port_pair_);
 
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_TRUE(stream.get());
   HttpRequestInfo request_info;
   EXPECT_EQ(OK, stream->InitializeStream(&request_info, DEFAULT_PRIORITY,
@@ -3658,8 +3577,7 @@ TEST_P(QuicStreamFactoryTest, TimeoutsWithOpenStreamsTwoOfFour) {
   EXPECT_EQ(OK, request2.Request(server2, privacy_mode_,
                                  /*cert_verify_flags=*/0, url2_, "GET",
                                  net_log_, callback2.callback()));
-  QuicChromiumClientSession* session2 =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), server2);
+  QuicChromiumClientSession* session2 = GetActiveSession(server2);
 
   session2->connection()->CloseConnection(
       QUIC_NO_ERROR, "test", ConnectionCloseBehavior::SILENT_CLOSE);
@@ -3677,8 +3595,7 @@ TEST_P(QuicStreamFactoryTest, TimeoutsWithOpenStreamsTwoOfFour) {
   EXPECT_EQ(OK, request3.Request(server3, privacy_mode_,
                                  /*cert_verify_flags=*/0, url3_, "GET",
                                  net_log_, callback3.callback()));
-  QuicChromiumClientSession* session3 =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), server3);
+  QuicChromiumClientSession* session3 = GetActiveSession(server3);
 
   session3->connection()->CloseConnection(
       QUIC_NO_ERROR, "test", ConnectionCloseBehavior::SILENT_CLOSE);
@@ -3699,10 +3616,9 @@ TEST_P(QuicStreamFactoryTest, TimeoutsWithOpenStreamsTwoOfFour) {
   EXPECT_EQ(OK, request4.Request(server4, privacy_mode_,
                                  /*cert_verify_flags=*/0, url4_, "GET",
                                  net_log_, callback4.callback()));
-  QuicChromiumClientSession* session4 =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), server4);
+  QuicChromiumClientSession* session4 = GetActiveSession(server4);
 
-  scoped_ptr<QuicHttpStream> stream4 = request4.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream4 = request4.CreateStream();
   EXPECT_TRUE(stream4.get());
   EXPECT_EQ(OK, stream4->InitializeStream(&request_info, DEFAULT_PRIORITY,
                                           net_log_, CompletionCallback()));
@@ -3717,9 +3633,9 @@ TEST_P(QuicStreamFactoryTest, TimeoutsWithOpenStreamsTwoOfFour) {
   EXPECT_FALSE(QuicStreamFactoryPeer::IsQuicDisabled(factory_.get(),
                                                      host_port_pair_.port()));
 
-  scoped_ptr<QuicHttpStream> stream2 = request2.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream2 = request2.CreateStream();
   EXPECT_FALSE(stream2.get());  // Session is already closed.
-  scoped_ptr<QuicHttpStream> stream3 = request3.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream3 = request3.CreateStream();
   EXPECT_FALSE(stream3.get());  // Session is already closed.
 
   EXPECT_TRUE(socket_data.AllReadDataConsumed());
@@ -3744,7 +3660,9 @@ TEST_P(QuicStreamFactoryTest, EnableDelayTcpRace) {
 
   ServerNetworkStats stats1;
   stats1.srtt = base::TimeDelta::FromMicroseconds(10);
-  http_server_properties_.SetServerNetworkStats(host_port_pair_, stats1);
+  url::SchemeHostPort server("https", kDefaultServerHostName,
+                             kDefaultServerPort);
+  http_server_properties_.SetServerNetworkStats(server, stats1);
 
   crypto_client_stream_factory_.set_handshake_mode(
       MockCryptoClientStream::ZERO_RTT);
@@ -3775,7 +3693,7 @@ TEST_P(QuicStreamFactoryTest, EnableDelayTcpRace) {
 
   EXPECT_EQ(OK, callback_.WaitForResult());
 
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_TRUE(stream.get());
   EXPECT_TRUE(socket_data.AllReadDataConsumed());
   EXPECT_TRUE(socket_data.AllWriteDataConsumed());
@@ -3798,18 +3716,20 @@ TEST_P(QuicStreamFactoryTest, MaybeInitialize) {
   base::Time expiration = base::Time::Now() + base::TimeDelta::FromDays(1);
   alternative_service_info_vector.push_back(
       AlternativeServiceInfo(alternative_service1, expiration));
-
+  url::SchemeHostPort server("https", kDefaultServerHostName,
+                             kDefaultServerPort);
   http_server_properties_.SetAlternativeServices(
-      host_port_pair_, alternative_service_info_vector);
+      server, alternative_service_info_vector);
 
   HostPortPair host_port_pair2(kServer2HostName, kDefaultServerPort);
+  url::SchemeHostPort server2("https", kServer2HostName, kDefaultServerPort);
   const AlternativeService alternative_service2(QUIC, host_port_pair2.host(),
                                                 host_port_pair2.port());
   AlternativeServiceInfoVector alternative_service_info_vector2;
   alternative_service_info_vector2.push_back(
       AlternativeServiceInfo(alternative_service2, expiration));
   http_server_properties_.SetAlternativeServices(
-      host_port_pair2, alternative_service_info_vector2);
+      server2, alternative_service_info_vector2);
 
   http_server_properties_.SetMaxServerConfigsStoredInProperties(
       kMaxQuicServersToPersist);
@@ -3821,7 +3741,7 @@ TEST_P(QuicStreamFactoryTest, MaybeInitialize) {
           http_server_properties_.GetWeakPtr());
   factory_->set_quic_server_info_factory(quic_server_info_factory);
 
-  scoped_ptr<QuicServerInfo> quic_server_info(
+  std::unique_ptr<QuicServerInfo> quic_server_info(
       quic_server_info_factory->GetForServer(quic_server_id));
 
   // Update quic_server_info's server_config and persist it.
@@ -3859,7 +3779,7 @@ TEST_P(QuicStreamFactoryTest, MaybeInitialize) {
   quic_server_info->Persist();
 
   QuicServerId quic_server_id2(kServer2HostName, 80, PRIVACY_MODE_DISABLED);
-  scoped_ptr<QuicServerInfo> quic_server_info2(
+  std::unique_ptr<QuicServerInfo> quic_server_info2(
       quic_server_info_factory->GetForServer(quic_server_id2));
 
   // Update quic_server_info2's server_config and persist it.
@@ -3966,8 +3886,8 @@ TEST_P(QuicStreamFactoryTest, YieldAfterPackets) {
   crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details);
   QuicStreamFactoryPeer::SetYieldAfterPackets(factory_.get(), 0);
 
-  scoped_ptr<QuicEncryptedPacket> close_packet(
-      ConstructConnectionClosePacket(0));
+  std::unique_ptr<QuicEncryptedPacket> close_packet(
+      ConstructClientConnectionClosePacket(0));
   vector<MockRead> reads;
   reads.push_back(
       MockRead(SYNCHRONOUS, close_packet->data(), close_packet->length(), 0));
@@ -4002,7 +3922,7 @@ TEST_P(QuicStreamFactoryTest, YieldAfterPackets) {
   // yielded the read.
   EXPECT_EQ(1u, observer.executed_count());
 
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_FALSE(stream.get());  // Session is already closed.
   EXPECT_TRUE(socket_data.AllReadDataConsumed());
   EXPECT_TRUE(socket_data.AllWriteDataConsumed());
@@ -4015,8 +3935,8 @@ TEST_P(QuicStreamFactoryTest, YieldAfterDuration) {
   QuicStreamFactoryPeer::SetYieldAfterDuration(
       factory_.get(), QuicTime::Delta::FromMilliseconds(-1));
 
-  scoped_ptr<QuicEncryptedPacket> close_packet(
-      ConstructConnectionClosePacket(0));
+  std::unique_ptr<QuicEncryptedPacket> close_packet(
+      ConstructClientConnectionClosePacket(0));
   vector<MockRead> reads;
   reads.push_back(
       MockRead(SYNCHRONOUS, close_packet->data(), close_packet->length(), 0));
@@ -4051,7 +3971,7 @@ TEST_P(QuicStreamFactoryTest, YieldAfterDuration) {
   // yielded the read.
   EXPECT_EQ(1u, observer.executed_count());
 
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_FALSE(stream.get());  // Session is already closed.
   EXPECT_TRUE(socket_data.AllReadDataConsumed());
   EXPECT_TRUE(socket_data.AllWriteDataConsumed());
@@ -4073,15 +3993,14 @@ TEST_P(QuicStreamFactoryTest, ServerPushSessionAffinity) {
                             callback_.callback()));
 
   EXPECT_EQ(OK, callback_.WaitForResult());
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_TRUE(stream.get());
 
   EXPECT_EQ(0, QuicStreamFactoryPeer::GetNumPushStreamsCreated(factory_.get()));
 
   std::string url = "https://www.example.org/";
 
-  QuicChromiumClientSession* session =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), host_port_pair_);
+  QuicChromiumClientSession* session = GetActiveSession(host_port_pair_);
 
   QuicClientPromisedInfo promised(session, kServerDataStreamId1, url);
   (*QuicStreamFactoryPeer::GetPushPromiseIndex(factory_.get())
@@ -4103,7 +4022,7 @@ TEST_P(QuicStreamFactoryTest, ServerPushPrivacyModeMismatch) {
 
   MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)};
 
-  scoped_ptr<QuicEncryptedPacket> client_rst(maker_.MakeRstPacket(
+  std::unique_ptr<QuicEncryptedPacket> client_rst(client_maker_.MakeRstPacket(
       1, true, kServerDataStreamId1, QUIC_STREAM_CANCELLED));
   MockWrite writes[] = {
       MockWrite(SYNCHRONOUS, client_rst->data(), client_rst->length(), 1),
@@ -4123,14 +4042,13 @@ TEST_P(QuicStreamFactoryTest, ServerPushPrivacyModeMismatch) {
                             callback_.callback()));
 
   EXPECT_EQ(OK, callback_.WaitForResult());
-  scoped_ptr<QuicHttpStream> stream = request.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream = request.CreateStream();
   EXPECT_TRUE(stream.get());
 
   EXPECT_EQ(0, QuicStreamFactoryPeer::GetNumPushStreamsCreated(factory_.get()));
 
   std::string url = "https://www.example.org/";
-  QuicChromiumClientSession* session =
-      QuicStreamFactoryPeer::GetActiveSession(factory_.get(), host_port_pair_);
+  QuicChromiumClientSession* session = GetActiveSession(host_port_pair_);
 
   QuicClientPromisedInfo promised(session, kServerDataStreamId1, url);
 
@@ -4152,7 +4070,7 @@ TEST_P(QuicStreamFactoryTest, ServerPushPrivacyModeMismatch) {
   EXPECT_EQ(index->GetPromised(url), nullptr);
 
   EXPECT_EQ(OK, callback_.WaitForResult());
-  scoped_ptr<QuicHttpStream> stream2 = request2.CreateStream();
+  std::unique_ptr<QuicHttpStream> stream2 = request2.CreateStream();
   EXPECT_TRUE(stream2.get());
 
   EXPECT_TRUE(socket_data1.AllReadDataConsumed());
@@ -4161,5 +4079,270 @@ TEST_P(QuicStreamFactoryTest, ServerPushPrivacyModeMismatch) {
   EXPECT_TRUE(socket_data2.AllWriteDataConsumed());
 }
 
+// Pool to existing session with matching QuicServerId
+// even if destination is different.
+TEST_P(QuicStreamFactoryTest, PoolByOrigin) {
+  Initialize();
+
+  HostPortPair destination1("first.example.com", 443);
+  HostPortPair destination2("second.example.com", 443);
+
+  ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails();
+  crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details);
+
+  MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)};
+  SequencedSocketData socket_data(reads, arraysize(reads), nullptr, 0);
+  socket_factory_.AddSocketDataProvider(&socket_data);
+
+  QuicStreamRequest request1(factory_.get());
+  EXPECT_EQ(ERR_IO_PENDING,
+            request1.Request(destination1, privacy_mode_,
+                             /*cert_verify_flags=*/0, url_, "GET", net_log_,
+                             callback_.callback()));
+  EXPECT_EQ(OK, callback_.WaitForResult());
+  std::unique_ptr<QuicHttpStream> stream1 = request1.CreateStream();
+  EXPECT_TRUE(stream1.get());
+  EXPECT_TRUE(HasActiveSession(host_port_pair_));
+
+  // Second request returns synchronously because it pools to existing session.
+  TestCompletionCallback callback2;
+  QuicStreamRequest request2(factory_.get());
+  EXPECT_EQ(OK, request2.Request(destination2, privacy_mode_,
+                                 /*cert_verify_flags=*/0, url_, "GET", net_log_,
+                                 callback2.callback()));
+  std::unique_ptr<QuicHttpStream> stream2 = request2.CreateStream();
+  EXPECT_TRUE(stream2.get());
+
+  QuicChromiumClientSession* session1 =
+      QuicHttpStreamPeer::GetSession(stream1.get());
+  QuicChromiumClientSession* session2 =
+      QuicHttpStreamPeer::GetSession(stream2.get());
+  EXPECT_EQ(session1, session2);
+  EXPECT_EQ(QuicServerId(host_port_pair_, privacy_mode_),
+            session1->server_id());
+
+  EXPECT_TRUE(socket_data.AllReadDataConsumed());
+  EXPECT_TRUE(socket_data.AllWriteDataConsumed());
+}
+
+class QuicStreamFactoryWithDestinationTest
+    : public QuicStreamFactoryTestBase,
+      public ::testing::TestWithParam<PoolingTestParams> {
+ protected:
+  QuicStreamFactoryWithDestinationTest()
+      : QuicStreamFactoryTestBase(GetParam().version,
+                                  GetParam().enable_connection_racing),
+        destination_type_(GetParam().destination_type),
+        hanging_read_(SYNCHRONOUS, ERR_IO_PENDING, 0) {}
+
+  HostPortPair GetDestination() {
+    switch (destination_type_) {
+      case SAME_AS_FIRST:
+        return origin1_;
+      case SAME_AS_SECOND:
+        return origin2_;
+      case DIFFERENT:
+        return HostPortPair(kDifferentHostname, 443);
+      default:
+        NOTREACHED();
+        return HostPortPair();
+    }
+  }
+
+  void AddHangingSocketData() {
+    std::unique_ptr<SequencedSocketData> sequenced_socket_data(
+        new SequencedSocketData(&hanging_read_, 1, nullptr, 0));
+    socket_factory_.AddSocketDataProvider(sequenced_socket_data.get());
+    sequenced_socket_data_vector_.push_back(std::move(sequenced_socket_data));
+  }
+
+  bool AllDataConsumed() {
+    for (const auto& socket_data_ptr : sequenced_socket_data_vector_) {
+      if (!socket_data_ptr->AllReadDataConsumed() ||
+          !socket_data_ptr->AllWriteDataConsumed()) {
+        return false;
+      }
+    }
+    return true;
+  }
+
+  DestinationType destination_type_;
+  HostPortPair origin1_;
+  HostPortPair origin2_;
+  MockRead hanging_read_;
+  std::vector<std::unique_ptr<SequencedSocketData>>
+      sequenced_socket_data_vector_;
+};
+
+INSTANTIATE_TEST_CASE_P(Version,
+                        QuicStreamFactoryWithDestinationTest,
+                        ::testing::ValuesIn(GetPoolingTestParams()));
+
+// A single QUIC request fails because the certificate does not match the origin
+// hostname, regardless of whether it matches the alternative service hostname.
+TEST_P(QuicStreamFactoryWithDestinationTest, InvalidCertificate) {
+  if (destination_type_ == DIFFERENT)
+    return;
+
+  Initialize();
+
+  GURL url("https://mail.example.com/");
+  origin1_ = HostPortPair::FromURL(url);
+
+  // Not used for requests, but this provides a test case where the certificate
+  // is valid for the hostname of the alternative service.
+  origin2_ = HostPortPair("mail.example.org", 433);
+
+  HostPortPair destination = GetDestination();
+
+  scoped_refptr<X509Certificate> cert(
+      ImportCertFromFile(GetTestCertsDirectory(), "wildcard.pem"));
+  bool unused;
+  ASSERT_FALSE(cert->VerifyNameMatch(origin1_.host(), &unused));
+  ASSERT_TRUE(cert->VerifyNameMatch(origin2_.host(), &unused));
+
+  ProofVerifyDetailsChromium verify_details;
+  verify_details.cert_verify_result.verified_cert = cert;
+  verify_details.cert_verify_result.is_issued_by_known_root = true;
+  crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details);
+
+  AddHangingSocketData();
+
+  QuicStreamRequest request(factory_.get());
+  EXPECT_EQ(ERR_IO_PENDING, request.Request(destination, privacy_mode_,
+                                            /*cert_verify_flags=*/0, url, "GET",
+                                            net_log_, callback_.callback()));
+
+  EXPECT_EQ(ERR_QUIC_HANDSHAKE_FAILED, callback_.WaitForResult());
+
+  EXPECT_TRUE(AllDataConsumed());
+}
+
+// QuicStreamRequest is pooled based on |destination| if certificate matches.
+TEST_P(QuicStreamFactoryWithDestinationTest, SharedCertificate) {
+  Initialize();
+
+  GURL url1("https://www.example.org/");
+  GURL url2("https://mail.example.org/");
+  origin1_ = HostPortPair::FromURL(url1);
+  origin2_ = HostPortPair::FromURL(url2);
+
+  HostPortPair destination = GetDestination();
+
+  scoped_refptr<X509Certificate> cert(
+      ImportCertFromFile(GetTestCertsDirectory(), "wildcard.pem"));
+  bool unused;
+  ASSERT_TRUE(cert->VerifyNameMatch(origin1_.host(), &unused));
+  ASSERT_TRUE(cert->VerifyNameMatch(origin2_.host(), &unused));
+  ASSERT_FALSE(cert->VerifyNameMatch(kDifferentHostname, &unused));
+
+  ProofVerifyDetailsChromium verify_details;
+  verify_details.cert_verify_result.verified_cert = cert;
+  verify_details.cert_verify_result.is_issued_by_known_root = true;
+  crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details);
+
+  AddHangingSocketData();
+
+  QuicStreamRequest request1(factory_.get());
+  EXPECT_EQ(ERR_IO_PENDING,
+            request1.Request(destination, privacy_mode_,
+                             /*cert_verify_flags=*/0, url1, "GET", net_log_,
+                             callback_.callback()));
+  EXPECT_EQ(OK, callback_.WaitForResult());
+  std::unique_ptr<QuicHttpStream> stream1 = request1.CreateStream();
+  EXPECT_TRUE(stream1.get());
+  EXPECT_TRUE(HasActiveSession(origin1_));
+
+  // Second request returns synchronously because it pools to existing session.
+  TestCompletionCallback callback2;
+  QuicStreamRequest request2(factory_.get());
+  EXPECT_EQ(OK, request2.Request(destination, privacy_mode_,
+                                 /*cert_verify_flags=*/0, url2, "GET", net_log_,
+                                 callback2.callback()));
+  std::unique_ptr<QuicHttpStream> stream2 = request2.CreateStream();
+  EXPECT_TRUE(stream2.get());
+
+  QuicChromiumClientSession* session1 =
+      QuicHttpStreamPeer::GetSession(stream1.get());
+  QuicChromiumClientSession* session2 =
+      QuicHttpStreamPeer::GetSession(stream2.get());
+  EXPECT_EQ(session1, session2);
+
+  EXPECT_EQ(QuicServerId(origin1_, privacy_mode_), session1->server_id());
+
+  EXPECT_TRUE(AllDataConsumed());
+}
+
+// QuicStreamRequest is not pooled if certificate does not match its origin.
+TEST_P(QuicStreamFactoryWithDestinationTest, DisjointCertificate) {
+  Initialize();
+
+  GURL url1("https://news.example.org/");
+  GURL url2("https://mail.example.com/");
+  origin1_ = HostPortPair::FromURL(url1);
+  origin2_ = HostPortPair::FromURL(url2);
+
+  HostPortPair destination = GetDestination();
+
+  scoped_refptr<X509Certificate> cert1(
+      ImportCertFromFile(GetTestCertsDirectory(), "wildcard.pem"));
+  bool unused;
+  ASSERT_TRUE(cert1->VerifyNameMatch(origin1_.host(), &unused));
+  ASSERT_FALSE(cert1->VerifyNameMatch(origin2_.host(), &unused));
+  ASSERT_FALSE(cert1->VerifyNameMatch(kDifferentHostname, &unused));
+
+  ProofVerifyDetailsChromium verify_details1;
+  verify_details1.cert_verify_result.verified_cert = cert1;
+  verify_details1.cert_verify_result.is_issued_by_known_root = true;
+  crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details1);
+
+  scoped_refptr<X509Certificate> cert2(
+      ImportCertFromFile(GetTestCertsDirectory(), "spdy_pooling.pem"));
+  ASSERT_TRUE(cert2->VerifyNameMatch(origin2_.host(), &unused));
+  ASSERT_FALSE(cert2->VerifyNameMatch(kDifferentHostname, &unused));
+
+  ProofVerifyDetailsChromium verify_details2;
+  verify_details2.cert_verify_result.verified_cert = cert2;
+  verify_details2.cert_verify_result.is_issued_by_known_root = true;
+  crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details2);
+
+  AddHangingSocketData();
+  AddHangingSocketData();
+
+  QuicStreamRequest request1(factory_.get());
+  EXPECT_EQ(ERR_IO_PENDING,
+            request1.Request(destination, privacy_mode_,
+                             /*cert_verify_flags=*/0, url1, "GET", net_log_,
+                             callback_.callback()));
+  EXPECT_EQ(OK, callback_.WaitForResult());
+  std::unique_ptr<QuicHttpStream> stream1 = request1.CreateStream();
+  EXPECT_TRUE(stream1.get());
+  EXPECT_TRUE(HasActiveSession(origin1_));
+
+  TestCompletionCallback callback2;
+  QuicStreamRequest request2(factory_.get());
+  EXPECT_EQ(ERR_IO_PENDING,
+            request2.Request(destination, privacy_mode_,
+                             /*cert_verify_flags=*/0, url2, "GET", net_log_,
+                             callback2.callback()));
+  EXPECT_EQ(OK, callback2.WaitForResult());
+  std::unique_ptr<QuicHttpStream> stream2 = request2.CreateStream();
+  EXPECT_TRUE(stream2.get());
+
+  // |request2| does not pool to the first session, because the certificate does
+  // not match.  Instead, another session is opened to the same destination, but
+  // with a different QuicServerId.
+  QuicChromiumClientSession* session1 =
+      QuicHttpStreamPeer::GetSession(stream1.get());
+  QuicChromiumClientSession* session2 =
+      QuicHttpStreamPeer::GetSession(stream2.get());
+  EXPECT_NE(session1, session2);
+
+  EXPECT_EQ(QuicServerId(origin1_, privacy_mode_), session1->server_id());
+  EXPECT_EQ(QuicServerId(origin2_, privacy_mode_), session2->server_id());
+
+  EXPECT_TRUE(AllDataConsumed());
+}
+
 }  // namespace test
 }  // namespace net
diff --git a/chromium/net/quic/quic_stream_sequencer.cc b/chromium/net/quic/quic_stream_sequencer.cc
index b63618d1ffa..da26cc52fa9 100644
--- a/chromium/net/quic/quic_stream_sequencer.cc
+++ b/chromium/net/quic/quic_stream_sequencer.cc
@@ -10,6 +10,7 @@
 #include <utility>
 
 #include "base/logging.h"
+#include "base/strings/string_number_conversions.h"
 #include "net/quic/quic_bug_tracker.h"
 #include "net/quic/quic_clock.h"
 #include "net/quic/quic_flags.h"
@@ -18,6 +19,7 @@
 #include "net/quic/quic_utils.h"
 #include "net/quic/reliable_quic_stream.h"
 
+using base::StringPiece;
 using std::min;
 using std::numeric_limits;
 using std::string;
@@ -41,16 +43,7 @@ QuicStreamSequencer::~QuicStreamSequencer() {}
 void QuicStreamSequencer::OnStreamFrame(const QuicStreamFrame& frame) {
   ++num_frames_received_;
   const QuicStreamOffset byte_offset = frame.offset;
-  const size_t data_len = frame.frame_length;
-  bool consolidate_errors = FLAGS_quic_consolidate_onstreamframe_errors;
-  if (!consolidate_errors && data_len == 0 && !frame.fin) {
-    // Stream frames must have data or a fin flag.
-    LOG(WARNING) << "QUIC_INVALID_STREAM_FRAM: Empty stream frame "
-                    "without FIN set.";
-    stream_->CloseConnectionWithDetails(QUIC_EMPTY_STREAM_FRAME_NO_FIN,
-                                        "Empty stream frame without FIN set.");
-    return;
-  }
+  const size_t data_len = frame.data_length;
 
   if (frame.fin) {
     CloseStreamAtOffset(frame.offset + data_len);
@@ -61,26 +54,20 @@ void QuicStreamSequencer::OnStreamFrame(const QuicStreamFrame& frame) {
   size_t bytes_written;
   string error_details;
   QuicErrorCode result = buffered_frames_.OnStreamData(
-      byte_offset, StringPiece(frame.frame_buffer, frame.frame_length),
+      byte_offset, StringPiece(frame.data_buffer, frame.data_length),
       clock_->ApproximateNow(), &bytes_written, &error_details);
-  if (!consolidate_errors) {
-    if (result == QUIC_OVERLAPPING_STREAM_DATA) {
-      LOG(WARNING) << "QUIC_INVALID_STREAM_FRAME: Stream frame "
-                      "overlaps with buffered data.";
-      stream_->CloseConnectionWithDetails(
-          QUIC_EMPTY_STREAM_FRAME_NO_FIN,
-          "Stream frame overlaps with buffered data.");
-      return;
-    }
-  } else {
-    if (result != QUIC_NO_ERROR) {
-      LOG(WARNING) << QuicUtils::ErrorToString(result) << ": " << error_details;
-      stream_->CloseConnectionWithDetails(result, error_details);
-      return;
-    }
+  if (result != QUIC_NO_ERROR) {
+    string details = "Stream" + base::Uint64ToString(stream_->id()) + ": " +
+                     QuicUtils::ErrorToString(result) + ": " + error_details +
+                     "\nPeer Address: " +
+                     stream_->PeerAddressOfLatestPacket().ToString();
+    DLOG(WARNING) << QuicUtils::ErrorToString(result);
+    DLOG(WARNING) << details;
+    stream_->CloseConnectionWithDetails(result, details);
+    return;
   }
 
-  if ((consolidate_errors || result == QUIC_NO_ERROR) && bytes_written == 0) {
+  if (bytes_written == 0) {
     ++num_duplicate_frames_received_;
     // Silently ignore duplicates.
     return;
diff --git a/chromium/net/quic/quic_stream_sequencer_buffer.cc b/chromium/net/quic/quic_stream_sequencer_buffer.cc
index dabb2ce3709..352db230dc6 100644
--- a/chromium/net/quic/quic_stream_sequencer_buffer.cc
+++ b/chromium/net/quic/quic_stream_sequencer_buffer.cc
@@ -16,8 +16,8 @@ namespace net {
 namespace {
 
 string RangeDebugString(QuicStreamOffset start, QuicStreamOffset end) {
-  return string("[") + base::IntToString(start) + ", " +
-         base::IntToString(end) + ") ";
+  return string("[") + base::Uint64ToString(start) + ", " +
+         base::Uint64ToString(end) + ") ";
 }
 
 }  // namespace
@@ -106,26 +106,21 @@ QuicErrorCode QuicStreamSequencerBuffer::OnStreamData(
     *error_details =
         string("Beginning of received data overlaps with buffered data.\n") +
         "New frame range " + RangeDebugString(offset, offset + size) +
-        "\n"
-        "Currently received frames: " +
-        ReceivedFramesDebugString() +
-        "\n"
-        "Current gaps: " +
-        GapsDebugString() + "\n";
+        " with first 128 bytes: " +
+        string(data.data(), data.length() < 128 ? data.length() : 128) +
+        "\nCurrently received frames: " + ReceivedFramesDebugString() +
+        "\nCurrent gaps: " + GapsDebugString();
     return QUIC_OVERLAPPING_STREAM_DATA;
   }
   if (offset + size > current_gap->end_offset) {
     // End of new data overlaps with data after current gap.
     *error_details =
-        "End of received data overlaps with buffered data.\n"
-        "New frame range " +
-        RangeDebugString(offset, offset + size) +
-        "\n"
-        "Currently received frames: " +
-        ReceivedFramesDebugString() +
-        "\n"
-        "Current gaps: " +
-        GapsDebugString() + "\n";
+        string("End of received data overlaps with buffered data.\n") +
+        "New frame range " + RangeDebugString(offset, offset + size) +
+        " with first 128 bytes: " +
+        string(data.data(), data.length() < 128 ? data.length() : 128) +
+        "\nCurrently received frames: " + ReceivedFramesDebugString() +
+        "\nCurrent gaps: " + GapsDebugString();
     return QUIC_OVERLAPPING_STREAM_DATA;
   }
 
diff --git a/chromium/net/quic/quic_stream_sequencer_buffer.h b/chromium/net/quic/quic_stream_sequencer_buffer.h
index 7b854aeeb69..f992ea25df7 100644
--- a/chromium/net/quic/quic_stream_sequencer_buffer.h
+++ b/chromium/net/quic/quic_stream_sequencer_buffer.h
@@ -69,8 +69,6 @@
 #include "base/macros.h"
 #include "net/quic/quic_protocol.h"
 
-using base::StringPiece;
-
 namespace net {
 
 namespace test {
diff --git a/chromium/net/quic/quic_stream_sequencer_buffer_interface.h b/chromium/net/quic/quic_stream_sequencer_buffer_interface.h
index 2fc9e653f6f..d5ad8fe49a8 100644
--- a/chromium/net/quic/quic_stream_sequencer_buffer_interface.h
+++ b/chromium/net/quic/quic_stream_sequencer_buffer_interface.h
@@ -9,8 +9,6 @@
 
 #include "net/quic/quic_protocol.h"
 
-using base::StringPiece;
-
 namespace net {
 
 // The QuicStreamSequencer uses an implementation of this interface to store
@@ -30,7 +28,7 @@ class NET_EXPORT_PRIVATE QuicStreamSequencerBufferInterface {
   // bytes buffered in |bytes_buffered|. Returns an error otherwise.
   // |timestamp| is the time the data arrived.
   virtual QuicErrorCode OnStreamData(QuicStreamOffset offset,
-                                     StringPiece data,
+                                     base::StringPiece data,
                                      QuicTime timestamp,
                                      size_t* bytes_buffered) = 0;
 
diff --git a/chromium/net/quic/quic_stream_sequencer_test.cc b/chromium/net/quic/quic_stream_sequencer_test.cc
index b66bf1d4a84..67cd07d0968 100644
--- a/chromium/net/quic/quic_stream_sequencer_test.cc
+++ b/chromium/net/quic/quic_stream_sequencer_test.cc
@@ -4,6 +4,9 @@
 
 #include "net/quic/quic_stream_sequencer.h"
 
+#include <algorithm>
+#include <cstdint>
+#include <memory>
 #include <utility>
 #include <vector>
 
@@ -49,6 +52,13 @@ class MockStream : public ReliableQuicStream {
   MOCK_METHOD1(Reset, void(QuicRstStreamErrorCode error));
   MOCK_METHOD0(OnCanWrite, void());
   virtual bool IsFlowControlEnabled() const { return true; }
+
+  const IPEndPoint& PeerAddressOfLatestPacket() const override {
+    return peer_address_;
+  }
+
+ protected:
+  IPEndPoint peer_address_ = IPEndPoint(net::test::Any4(), 65535);
 };
 
 namespace {
@@ -69,7 +79,9 @@ class QuicStreamSequencerTest : public ::testing::Test {
 
  protected:
   QuicStreamSequencerTest()
-      : connection_(new MockConnection(&helper_, Perspective::IS_CLIENT)),
+      : connection_(new MockQuicConnection(&helper_,
+                                           &alarm_factory_,
+                                           Perspective::IS_CLIENT)),
         session_(connection_),
         stream_(&session_, 1),
         sequencer_(new QuicStreamSequencer(&stream_, &clock_)) {}
@@ -125,8 +137,8 @@ class QuicStreamSequencerTest : public ::testing::Test {
     QuicStreamFrame frame;
     frame.stream_id = 1;
     frame.offset = byte_offset;
-    frame.frame_buffer = data;
-    frame.frame_length = strlen(data);
+    frame.data_buffer = data;
+    frame.data_length = strlen(data);
     frame.fin = true;
     sequencer_->OnStreamFrame(frame);
   }
@@ -135,8 +147,8 @@ class QuicStreamSequencerTest : public ::testing::Test {
     QuicStreamFrame frame;
     frame.stream_id = 1;
     frame.offset = byte_offset;
-    frame.frame_buffer = data;
-    frame.frame_length = strlen(data);
+    frame.data_buffer = data;
+    frame.data_length = strlen(data);
     frame.fin = false;
     sequencer_->OnStreamFrame(frame);
   }
@@ -145,12 +157,13 @@ class QuicStreamSequencerTest : public ::testing::Test {
     return QuicStreamSequencerPeer::GetNumBufferedBytes(sequencer_.get());
   }
 
-  MockConnectionHelper helper_;
-  MockConnection* connection_;
+  MockQuicConnectionHelper helper_;
+  MockAlarmFactory alarm_factory_;
+  MockQuicConnection* connection_;
   MockClock clock_;
   MockQuicSpdySession session_;
   testing::StrictMock<MockStream> stream_;
-  scoped_ptr<QuicStreamSequencer> sequencer_;
+  std::unique_ptr<QuicStreamSequencer> sequencer_;
 };
 
 // TODO(rch): reorder these tests so they build on each other.
@@ -563,11 +576,8 @@ TEST_F(QuicStreamSequencerTest, DontAcceptOverlappingFrames) {
   sequencer_->OnStreamFrame(frame1);
 
   QuicStreamFrame frame2(kClientDataStreamId1, false, 2, StringPiece("hello"));
-  EXPECT_CALL(stream_, CloseConnectionWithDetails(
-                           FLAGS_quic_consolidate_onstreamframe_errors
-                               ? QUIC_OVERLAPPING_STREAM_DATA
-                               : QUIC_EMPTY_STREAM_FRAME_NO_FIN,
-                           _))
+  EXPECT_CALL(stream_,
+              CloseConnectionWithDetails(QUIC_OVERLAPPING_STREAM_DATA, _))
       .Times(1);
   sequencer_->OnStreamFrame(frame2);
 }
diff --git a/chromium/net/quic/quic_unacked_packet_map.cc b/chromium/net/quic/quic_unacked_packet_map.cc
index fc72388d0cc..59465dd2c08 100644
--- a/chromium/net/quic/quic_unacked_packet_map.cc
+++ b/chromium/net/quic/quic_unacked_packet_map.cc
@@ -49,7 +49,7 @@ void QuicUnackedPacketMap::AddSentPacket(SerializedPacket* packet,
       packet->has_crypto_handshake == IS_HANDSHAKE;
   TransmissionInfo info(packet->encryption_level, packet->packet_number_length,
                         transmission_type, sent_time, bytes_sent,
-                        has_crypto_handshake, packet->needs_padding);
+                        has_crypto_handshake, packet->num_padding_bytes);
   if (old_packet_number > 0) {
     TransferRetransmissionInfo(old_packet_number, packet_number,
                                transmission_type, &info);
@@ -107,11 +107,11 @@ void QuicUnackedPacketMap::TransferRetransmissionInfo(
     wrapper.ack_listener->OnPacketRetransmitted(wrapper.length);
   }
 
-  // Swap the frames and preserve needs_padding and has_crypto_handshake.
+  // Swap the frames and preserve num_padding_bytes and has_crypto_handshake.
   frames->swap(info->retransmittable_frames);
   info->has_crypto_handshake = transmission_info->has_crypto_handshake;
   transmission_info->has_crypto_handshake = false;
-  info->needs_padding = transmission_info->needs_padding;
+  info->num_padding_bytes = transmission_info->num_padding_bytes;
 
   // Transfer the AckListeners if any are present.
   info->ack_listeners.swap(transmission_info->ack_listeners);
@@ -123,7 +123,7 @@ void QuicUnackedPacketMap::TransferRetransmissionInfo(
   // encryption changes.
   if (transmission_type == ALL_INITIAL_RETRANSMISSION ||
       transmission_type == ALL_UNACKED_RETRANSMISSION) {
-    RemoveAckability(transmission_info);
+    transmission_info->is_unackable = true;
   } else {
     transmission_info->retransmission = new_packet_number;
   }
@@ -141,6 +141,7 @@ bool QuicUnackedPacketMap::HasRetransmittableFrames(
 
 void QuicUnackedPacketMap::NackPacket(QuicPacketNumber packet_number,
                                       uint16_t min_nacks) {
+  DCHECK(!FLAGS_quic_simplify_loss_detection);
   DCHECK_GE(packet_number, least_unacked_);
   DCHECK_LT(packet_number, least_unacked_ + unacked_packets_.size());
   unacked_packets_[packet_number - least_unacked_].nack_count = max(
@@ -164,12 +165,6 @@ void QuicUnackedPacketMap::RemoveRetransmittability(
   RemoveRetransmittability(info);
 }
 
-void QuicUnackedPacketMap::RemoveAckability(TransmissionInfo* info) {
-  DCHECK(info->retransmittable_frames.empty());
-  DCHECK_EQ(0u, info->retransmission);
-  info->is_unackable = true;
-}
-
 void QuicUnackedPacketMap::MaybeRemoveRetransmittableFrames(
     TransmissionInfo* transmission_info) {
   if (transmission_info->has_crypto_handshake) {
@@ -259,6 +254,15 @@ void QuicUnackedPacketMap::RemoveFromInFlight(QuicPacketNumber packet_number) {
   RemoveFromInFlight(info);
 }
 
+void QuicUnackedPacketMap::RestoreToInFlight(QuicPacketNumber packet_number) {
+  DCHECK_GE(packet_number, least_unacked_);
+  DCHECK_LT(packet_number, least_unacked_ + unacked_packets_.size());
+  TransmissionInfo* info = &unacked_packets_[packet_number - least_unacked_];
+  DCHECK(!info->is_unackable);
+  bytes_in_flight_ += info->bytes_sent;
+  info->in_flight = true;
+}
+
 void QuicUnackedPacketMap::CancelRetransmissionsForStream(
     QuicStreamId stream_id) {
   QuicPacketNumber packet_number = least_unacked_;
diff --git a/chromium/net/quic/quic_unacked_packet_map.h b/chromium/net/quic/quic_unacked_packet_map.h
index 31fc7f43008..7418f666ced 100644
--- a/chromium/net/quic/quic_unacked_packet_map.h
+++ b/chromium/net/quic/quic_unacked_packet_map.h
@@ -58,9 +58,11 @@ class NET_EXPORT_PRIVATE QuicUnackedPacketMap {
   void RemoveFromInFlight(TransmissionInfo* info);
 
   // Marks |packet_number| as no longer in flight.
-  // TODO(ianswett): Remove this test-only method.
   void RemoveFromInFlight(QuicPacketNumber packet_number);
 
+  // Marks |packet_number| as in flight.  Must not be unackable.
+  void RestoreToInFlight(QuicPacketNumber packet_number);
+
   // No longer retransmit data for |stream_id|.
   void CancelRetransmissionsForStream(QuicStreamId stream_id);
 
@@ -134,9 +136,6 @@ class NET_EXPORT_PRIVATE QuicUnackedPacketMap {
   // RemoveRetransmittability.
   void RemoveRetransmittability(QuicPacketNumber packet_number);
 
-  // Removes any other retransmissions and marks all transmissions unackable.
-  void RemoveAckability(TransmissionInfo* info);
-
   // Increases the largest observed.  Any packets less or equal to
   // |largest_acked_packet| are discarded if they are only for the RTT purposes.
   void IncreaseLargestObserved(QuicPacketNumber largest_observed);
diff --git a/chromium/net/quic/quic_utils.cc b/chromium/net/quic/quic_utils.cc
index dffdc14ca69..b7d6bc49aa4 100644
--- a/chromium/net/quic/quic_utils.cc
+++ b/chromium/net/quic/quic_utils.cc
@@ -79,8 +79,7 @@ uint128 IncrementalHash(uint128 hash, const char* data, size_t len) {
 }
 
 bool IsInitializedIPEndPoint(const IPEndPoint& address) {
-  return net::GetAddressFamily(address.address().bytes()) !=
-         net::ADDRESS_FAMILY_UNSPECIFIED;
+  return address.address().IsValid();
 }
 
 }  // namespace
@@ -298,6 +297,7 @@ const char* QuicUtils::ErrorToString(QuicErrorCode error) {
     RETURN_STRING_LITERAL(QUIC_CONNECTION_MIGRATION_NON_MIGRATABLE_STREAM);
     RETURN_STRING_LITERAL(QUIC_TOO_MANY_RTOS);
     RETURN_STRING_LITERAL(QUIC_ATTEMPT_TO_SEND_UNENCRYPTED_STREAM_DATA);
+    RETURN_STRING_LITERAL(QUIC_MAYBE_CORRUPTED_MEMORY);
     RETURN_STRING_LITERAL(QUIC_LAST_ERROR);
     // Intentionally have no default case, so we'll break the build
     // if we add errors and don't put them here.
@@ -531,4 +531,42 @@ PeerAddressChangeType QuicUtils::DetermineAddressChangeType(
   return UNSPECIFIED_CHANGE;
 }
 
+string QuicUtils::HexEncode(const char* data, size_t length) {
+  return HexEncode(StringPiece(data, length));
+}
+
+string QuicUtils::HexEncode(StringPiece data) {
+  return ::base::HexEncode(data.data(), data.size());
+}
+
+string QuicUtils::HexDecode(const char* data, size_t length) {
+  return HexDecode(StringPiece(data, length));
+}
+
+string QuicUtils::HexDecode(StringPiece data) {
+  if (data.empty())
+    return "";
+  std::vector<uint8_t> v;
+  if (!base::HexStringToBytes(data.as_string(), &v))
+    return "";
+  string out;
+  if (!v.empty())
+    out.assign(reinterpret_cast<const char*>(&v[0]), v.size());
+  return out;
+}
+
+string QuicUtils::BinaryToAscii(StringPiece binary) {
+  string out = "";
+  for (const unsigned char c : binary) {
+    // Leading space.
+    out += " ";
+    if (isprint(c)) {
+      out += c;
+    } else {
+      out += '.';
+    }
+  }
+  return out;
+}
+
 }  // namespace net
diff --git a/chromium/net/quic/quic_utils.h b/chromium/net/quic/quic_utils.h
index 5af98c40ee6..fb842df6407 100644
--- a/chromium/net/quic/quic_utils.h
+++ b/chromium/net/quic/quic_utils.h
@@ -130,6 +130,20 @@ class NET_EXPORT_PRIVATE QuicUtils {
       const IPEndPoint& old_address,
       const IPEndPoint& new_address);
 
+  // This converts 'num' bytes of binary to a 2*'num'-character hexadecimal
+  // representation. Return value: 2*'num' characters of ascii std::string.
+  static std::string HexEncode(const char* data, size_t length);
+  static std::string HexEncode(base::StringPiece data);
+
+  // This converts 2*'num' hexadecimal characters to 'num' binary data.
+  // Return value: 'num' bytes of binary data (via the 'to' argument).
+  static std::string HexDecode(const char* data, size_t length);
+  static std::string HexDecode(base::StringPiece data);
+
+  // Converts binary data into an ASCII string. Each character in the resulting
+  // string is preceeded by a space, and replaced with a '.' if not printable.
+  static std::string BinaryToAscii(base::StringPiece binary);
+
  private:
   DISALLOW_COPY_AND_ASSIGN(QuicUtils);
 };
diff --git a/chromium/net/quic/reliable_quic_stream.cc b/chromium/net/quic/reliable_quic_stream.cc
index 6df81ee0795..f72dc09f3c3 100644
--- a/chromium/net/quic/reliable_quic_stream.cc
+++ b/chromium/net/quic/reliable_quic_stream.cc
@@ -101,7 +101,7 @@ void ReliableQuicStream::OnStreamFrame(const QuicStreamFrame& frame) {
   }
 
   // This count includes duplicate data received.
-  size_t frame_payload_size = frame.frame_length;
+  size_t frame_payload_size = frame.data_length;
   stream_bytes_read_ += frame_payload_size;
 
   // Flow control is interested in tracking highest received offset.
@@ -307,9 +307,9 @@ QuicConsumedData ReliableQuicStream::WritevData(
     write_length = static_cast<size_t>(send_window);
   }
 
-  QuicConsumedData consumed_data =
-      session()->WritevData(id(), QuicIOVector(iov, iov_count, write_length),
-                            stream_bytes_written_, fin, ack_listener);
+  QuicConsumedData consumed_data = session()->WritevData(
+      this, id(), QuicIOVector(iov, iov_count, write_length),
+      stream_bytes_written_, fin, ack_listener);
   stream_bytes_written_ += consumed_data.bytes_consumed;
 
   AddBytesSent(consumed_data.bytes_consumed);
@@ -378,6 +378,10 @@ void ReliableQuicStream::StopReading() {
   sequencer_.StopReading();
 }
 
+const IPEndPoint& ReliableQuicStream::PeerAddressOfLatestPacket() const {
+  return session_->connection()->last_packet_source_address();
+}
+
 void ReliableQuicStream::OnClose() {
   CloseReadSide();
   CloseWriteSide();
diff --git a/chromium/net/quic/reliable_quic_stream.h b/chromium/net/quic/reliable_quic_stream.h
index e0be70b0f1f..da320363d36 100644
--- a/chromium/net/quic/reliable_quic_stream.h
+++ b/chromium/net/quic/reliable_quic_stream.h
@@ -33,8 +33,6 @@
 #include "net/quic/quic_protocol.h"
 #include "net/quic/quic_stream_sequencer.h"
 #include "net/quic/quic_types.h"
-// TODO(alyssar) remove this after cleaning Priority logic from this class.
-#include "net/quic/quic_write_blocked_list.h"
 
 namespace net {
 
@@ -171,6 +169,9 @@ class NET_EXPORT_PRIVATE ReliableQuicStream {
   // stop sending stream-level flow-control updates when this end sends FIN.
   virtual void StopReading();
 
+  // Get peer IP of the lastest packet which connection is dealing/delt with.
+  virtual const IPEndPoint& PeerAddressOfLatestPacket() const;
+
  protected:
   // Sends as much of 'data' to the connection as the connection will consume,
   // and then buffers any remaining data in queued_data_.
diff --git a/chromium/net/quic/reliable_quic_stream_test.cc b/chromium/net/quic/reliable_quic_stream_test.cc
index ea75789271b..d30140c0b71 100644
--- a/chromium/net/quic/reliable_quic_stream_test.cc
+++ b/chromium/net/quic/reliable_quic_stream_test.cc
@@ -4,6 +4,8 @@
 
 #include "net/quic/reliable_quic_stream.h"
 
+#include <memory>
+
 #include "net/quic/quic_connection.h"
 #include "net/quic/quic_flags.h"
 #include "net/quic/quic_utils.h"
@@ -103,8 +105,8 @@ class ReliableQuicStreamTest : public ::testing::TestWithParam<bool> {
   }
 
   void Initialize(bool stream_should_process_data) {
-    connection_ = new StrictMock<MockConnection>(
-        &helper_, Perspective::IS_SERVER, supported_versions_);
+    connection_ = new StrictMock<MockQuicConnection>(
+        &helper_, &alarm_factory_, Perspective::IS_SERVER, supported_versions_);
     session_.reset(new StrictMock<MockQuicSession>(connection_));
 
     // New streams rely on having the peer's flow control receive window
@@ -137,6 +139,7 @@ class ReliableQuicStreamTest : public ::testing::TestWithParam<bool> {
   }
 
   QuicConsumedData CloseStreamOnWriteError(
+      ReliableQuicStream* /*stream*/,
       QuicStreamId id,
       QuicIOVector /*iov*/,
       QuicStreamOffset /*offset*/,
@@ -147,9 +150,10 @@ class ReliableQuicStreamTest : public ::testing::TestWithParam<bool> {
   }
 
  protected:
-  MockConnectionHelper helper_;
-  MockConnection* connection_;
-  scoped_ptr<MockQuicSession> session_;
+  MockQuicConnectionHelper helper_;
+  MockAlarmFactory alarm_factory_;
+  MockQuicConnection* connection_;
+  std::unique_ptr<MockQuicSession> session_;
   TestStream* stream_;
   SpdyHeaderBlock headers_;
   QuicWriteBlockedList* write_blocked_list_;
@@ -162,12 +166,14 @@ class ReliableQuicStreamTest : public ::testing::TestWithParam<bool> {
 TEST_F(ReliableQuicStreamTest, WriteAllData) {
   Initialize(kShouldProcessData);
 
-  size_t length = 1 + QuicPacketCreator::StreamFramePacketOverhead(
-                          PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion,
-                          !kIncludePathId, PACKET_6BYTE_PACKET_NUMBER, 0u);
+  size_t length =
+      1 + QuicPacketCreator::StreamFramePacketOverhead(
+              connection_->version(), PACKET_8BYTE_CONNECTION_ID,
+              !kIncludeVersion, !kIncludePathId, !kIncludeDiversificationNonce,
+              PACKET_6BYTE_PACKET_NUMBER, 0u);
   connection_->SetMaxPacketLength(length);
 
-  EXPECT_CALL(*session_, WritevData(kTestStreamId, _, _, _, _))
+  EXPECT_CALL(*session_, WritevData(stream_, kTestStreamId, _, _, _, _))
       .WillOnce(Return(QuicConsumedData(kDataLen, true)));
   stream_->WriteOrBufferData(kData1, false, nullptr);
   EXPECT_FALSE(HasWriteBlockedStreams());
@@ -187,7 +193,7 @@ TEST_F(ReliableQuicStreamTest, BlockIfOnlySomeDataConsumed) {
 
   // Write some data and no fin.  If we consume some but not all of the data,
   // we should be write blocked a not all the data was consumed.
-  EXPECT_CALL(*session_, WritevData(kTestStreamId, _, _, _, _))
+  EXPECT_CALL(*session_, WritevData(stream_, kTestStreamId, _, _, _, _))
       .WillOnce(Return(QuicConsumedData(1, false)));
   stream_->WriteOrBufferData(StringPiece(kData1, 2), false, nullptr);
   ASSERT_EQ(1u, write_blocked_list_->NumBlockedStreams());
@@ -201,7 +207,7 @@ TEST_F(ReliableQuicStreamTest, BlockIfFinNotConsumedWithData) {
   // we should be write blocked because the fin was not consumed.
   // (This should never actually happen as the fin should be sent out with the
   // last data)
-  EXPECT_CALL(*session_, WritevData(kTestStreamId, _, _, _, _))
+  EXPECT_CALL(*session_, WritevData(stream_, kTestStreamId, _, _, _, _))
       .WillOnce(Return(QuicConsumedData(2, false)));
   stream_->WriteOrBufferData(StringPiece(kData1, 2), true, nullptr);
   ASSERT_EQ(1u, write_blocked_list_->NumBlockedStreams());
@@ -212,7 +218,7 @@ TEST_F(ReliableQuicStreamTest, BlockIfSoloFinNotConsumed) {
 
   // Write no data and a fin.  If we consume nothing we should be write blocked,
   // as the fin was not consumed.
-  EXPECT_CALL(*session_, WritevData(kTestStreamId, _, _, _, _))
+  EXPECT_CALL(*session_, WritevData(stream_, kTestStreamId, _, _, _, _))
       .WillOnce(Return(QuicConsumedData(0, false)));
   stream_->WriteOrBufferData(StringPiece(), true, nullptr);
   ASSERT_EQ(1u, write_blocked_list_->NumBlockedStreams());
@@ -224,7 +230,7 @@ TEST_F(ReliableQuicStreamTest, CloseOnPartialWrite) {
   // Write some data and no fin. However, while writing the data
   // close the stream and verify that MarkConnectionLevelWriteBlocked does not
   // crash with an unknown stream.
-  EXPECT_CALL(*session_, WritevData(kTestStreamId, _, _, _, _))
+  EXPECT_CALL(*session_, WritevData(stream_, kTestStreamId, _, _, _, _))
       .WillOnce(Invoke(this, &ReliableQuicStreamTest::CloseStreamOnWriteError));
   stream_->WriteOrBufferData(StringPiece(kData1, 2), false, nullptr);
   ASSERT_EQ(0u, write_blocked_list_->NumBlockedStreams());
@@ -234,12 +240,14 @@ TEST_F(ReliableQuicStreamTest, WriteOrBufferData) {
   Initialize(kShouldProcessData);
 
   EXPECT_FALSE(HasWriteBlockedStreams());
-  size_t length = 1 + QuicPacketCreator::StreamFramePacketOverhead(
-                          PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion,
-                          !kIncludePathId, PACKET_6BYTE_PACKET_NUMBER, 0u);
+  size_t length =
+      1 + QuicPacketCreator::StreamFramePacketOverhead(
+              connection_->version(), PACKET_8BYTE_CONNECTION_ID,
+              !kIncludeVersion, !kIncludePathId, !kIncludeDiversificationNonce,
+              PACKET_6BYTE_PACKET_NUMBER, 0u);
   connection_->SetMaxPacketLength(length);
 
-  EXPECT_CALL(*session_, WritevData(_, _, _, _, _))
+  EXPECT_CALL(*session_, WritevData(_, _, _, _, _, _))
       .WillOnce(Return(QuicConsumedData(kDataLen - 1, false)));
   stream_->WriteOrBufferData(kData1, false, nullptr);
   EXPECT_TRUE(HasWriteBlockedStreams());
@@ -249,14 +257,14 @@ TEST_F(ReliableQuicStreamTest, WriteOrBufferData) {
 
   // Make sure we get the tail of the first write followed by the bytes_consumed
   InSequence s;
-  EXPECT_CALL(*session_, WritevData(_, _, _, _, _))
+  EXPECT_CALL(*session_, WritevData(_, _, _, _, _, _))
       .WillOnce(Return(QuicConsumedData(1, false)));
-  EXPECT_CALL(*session_, WritevData(_, _, _, _, _))
+  EXPECT_CALL(*session_, WritevData(_, _, _, _, _, _))
       .WillOnce(Return(QuicConsumedData(kDataLen - 2, false)));
   stream_->OnCanWrite();
 
   // And finally the end of the bytes_consumed.
-  EXPECT_CALL(*session_, WritevData(_, _, _, _, _))
+  EXPECT_CALL(*session_, WritevData(_, _, _, _, _, _))
       .WillOnce(Return(QuicConsumedData(2, true)));
   stream_->OnCanWrite();
 }
@@ -284,7 +292,7 @@ TEST_F(ReliableQuicStreamTest, RstAlwaysSentIfNoFinSent) {
   EXPECT_FALSE(rst_sent());
 
   // Write some data, with no FIN.
-  EXPECT_CALL(*session_, WritevData(kTestStreamId, _, _, _, _))
+  EXPECT_CALL(*session_, WritevData(stream_, kTestStreamId, _, _, _, _))
       .WillOnce(Return(QuicConsumedData(1, false)));
   stream_->WriteOrBufferData(StringPiece(kData1, 1), false, nullptr);
   EXPECT_FALSE(fin_sent());
@@ -307,7 +315,7 @@ TEST_F(ReliableQuicStreamTest, RstNotSentIfFinSent) {
   EXPECT_FALSE(rst_sent());
 
   // Write some data, with FIN.
-  EXPECT_CALL(*session_, WritevData(kTestStreamId, _, _, _, _))
+  EXPECT_CALL(*session_, WritevData(stream_, kTestStreamId, _, _, _, _))
       .WillOnce(Return(QuicConsumedData(1, true)));
   stream_->WriteOrBufferData(StringPiece(kData1, 1), true, nullptr);
   EXPECT_TRUE(fin_sent());
@@ -401,23 +409,26 @@ TEST_F(ReliableQuicStreamTest, WriteOrBufferDataWithQuicAckNotifier) {
 
   scoped_refptr<QuicAckListenerInterface> ack_listener;
 
-  EXPECT_CALL(*session_, WritevData(kTestStreamId, _, _, _, _))
+  EXPECT_CALL(*session_, WritevData(_, kTestStreamId, _, _, _, _))
       .WillOnce(DoAll(
-          WithArgs<4>(Invoke(CreateFunctor(SaveAckListener, &ack_listener))),
+          WithArgs<5>(Invoke(CreateFunctor(SaveAckListener, &ack_listener))),
           Return(QuicConsumedData(kFirstWriteSize, false))));
   stream_->WriteOrBufferData(kData, false, delegate.get());
   EXPECT_TRUE(HasWriteBlockedStreams());
 
-  EXPECT_CALL(*session_, WritevData(kTestStreamId, _, _, _, ack_listener.get()))
+  EXPECT_CALL(*session_,
+              WritevData(stream_, kTestStreamId, _, _, _, ack_listener.get()))
       .WillOnce(Return(QuicConsumedData(kSecondWriteSize, false)));
   stream_->OnCanWrite();
 
   // No ack expected for an empty write.
-  EXPECT_CALL(*session_, WritevData(kTestStreamId, _, _, _, ack_listener.get()))
+  EXPECT_CALL(*session_,
+              WritevData(stream_, kTestStreamId, _, _, _, ack_listener.get()))
       .WillOnce(Return(QuicConsumedData(0, false)));
   stream_->OnCanWrite();
 
-  EXPECT_CALL(*session_, WritevData(kTestStreamId, _, _, _, ack_listener.get()))
+  EXPECT_CALL(*session_,
+              WritevData(stream_, kTestStreamId, _, _, _, ack_listener.get()))
       .WillOnce(Return(QuicConsumedData(kLastWriteSize, false)));
   stream_->OnCanWrite();
 }
@@ -440,16 +451,16 @@ TEST_F(ReliableQuicStreamTest, WriteOrBufferDataAckNotificationBeforeFlush) {
 
   scoped_refptr<QuicAckListenerInterface> proxy_delegate;
 
-  EXPECT_CALL(*session_, WritevData(kTestStreamId, _, _, _, _))
+  EXPECT_CALL(*session_, WritevData(stream_, kTestStreamId, _, _, _, _))
       .WillOnce(DoAll(
-          WithArgs<4>(Invoke(CreateFunctor(SaveAckListener, &proxy_delegate))),
+          WithArgs<5>(Invoke(CreateFunctor(SaveAckListener, &proxy_delegate))),
           Return(QuicConsumedData(kInitialWriteSize, false))));
   stream_->WriteOrBufferData(kData, false, ack_listener.get());
   EXPECT_TRUE(HasWriteBlockedStreams());
 
-  EXPECT_CALL(*session_, WritevData(kTestStreamId, _, _, _, _))
+  EXPECT_CALL(*session_, WritevData(stream_, kTestStreamId, _, _, _, _))
       .WillOnce(DoAll(
-          WithArgs<4>(Invoke(CreateFunctor(SaveAckListener, &proxy_delegate))),
+          WithArgs<5>(Invoke(CreateFunctor(SaveAckListener, &proxy_delegate))),
           Return(QuicConsumedData(kDataSize - kInitialWriteSize, false))));
   stream_->OnCanWrite();
 }
@@ -462,9 +473,9 @@ TEST_F(ReliableQuicStreamTest, WriteAndBufferDataWithAckNotiferNoBuffer) {
 
   scoped_refptr<QuicAckListenerInterface> proxy_delegate;
 
-  EXPECT_CALL(*session_, WritevData(kTestStreamId, _, _, _, _))
+  EXPECT_CALL(*session_, WritevData(stream_, kTestStreamId, _, _, _, _))
       .WillOnce(DoAll(
-          WithArgs<4>(Invoke(CreateFunctor(SaveAckListener, &proxy_delegate))),
+          WithArgs<5>(Invoke(CreateFunctor(SaveAckListener, &proxy_delegate))),
           Return(QuicConsumedData(kDataLen, true))));
   stream_->WriteOrBufferData(kData1, true, delegate.get());
   EXPECT_FALSE(HasWriteBlockedStreams());
@@ -478,14 +489,14 @@ TEST_F(ReliableQuicStreamTest, BufferOnWriteAndBufferDataWithAckNotifer) {
 
   scoped_refptr<QuicAckListenerInterface> proxy_delegate;
 
-  EXPECT_CALL(*session_, WritevData(kTestStreamId, _, _, _, _))
+  EXPECT_CALL(*session_, WritevData(stream_, kTestStreamId, _, _, _, _))
       .WillOnce(Return(QuicConsumedData(0, false)));
   stream_->WriteOrBufferData(kData1, true, delegate.get());
   EXPECT_TRUE(HasWriteBlockedStreams());
 
-  EXPECT_CALL(*session_, WritevData(kTestStreamId, _, _, _, _))
+  EXPECT_CALL(*session_, WritevData(stream_, kTestStreamId, _, _, _, _))
       .WillOnce(DoAll(
-          WithArgs<4>(Invoke(CreateFunctor(SaveAckListener, &proxy_delegate))),
+          WithArgs<5>(Invoke(CreateFunctor(SaveAckListener, &proxy_delegate))),
           Return(QuicConsumedData(kDataLen, true))));
   stream_->OnCanWrite();
 }
@@ -499,16 +510,16 @@ TEST_F(ReliableQuicStreamTest, WriteAndBufferDataWithAckNotiferOnlyFinRemains) {
 
   scoped_refptr<QuicAckListenerInterface> proxy_delegate;
 
-  EXPECT_CALL(*session_, WritevData(kTestStreamId, _, _, _, _))
+  EXPECT_CALL(*session_, WritevData(stream_, kTestStreamId, _, _, _, _))
       .WillOnce(DoAll(
-          WithArgs<4>(Invoke(CreateFunctor(SaveAckListener, &proxy_delegate))),
+          WithArgs<5>(Invoke(CreateFunctor(SaveAckListener, &proxy_delegate))),
           Return(QuicConsumedData(kDataLen, false))));
   stream_->WriteOrBufferData(kData1, true, delegate.get());
   EXPECT_TRUE(HasWriteBlockedStreams());
 
-  EXPECT_CALL(*session_, WritevData(kTestStreamId, _, _, _, _))
+  EXPECT_CALL(*session_, WritevData(stream_, kTestStreamId, _, _, _, _))
       .WillOnce(DoAll(
-          WithArgs<4>(Invoke(CreateFunctor(SaveAckListener, &proxy_delegate))),
+          WithArgs<5>(Invoke(CreateFunctor(SaveAckListener, &proxy_delegate))),
           Return(QuicConsumedData(0, true))));
   stream_->OnCanWrite();
 }
@@ -600,7 +611,7 @@ TEST_F(ReliableQuicStreamTest, SetDrainingIncomingOutgoing) {
   EXPECT_EQ(1u, session_->GetNumOpenIncomingStreams());
 
   // Outgoing data with FIN.
-  EXPECT_CALL(*session_, WritevData(kTestStreamId, _, _, _, _))
+  EXPECT_CALL(*session_, WritevData(stream_, kTestStreamId, _, _, _, _))
       .WillOnce(Return(QuicConsumedData(2, true)));
   stream_->WriteOrBufferData(StringPiece(kData1, 2), true, nullptr);
   EXPECT_TRUE(stream_->write_side_closed());
@@ -615,7 +626,7 @@ TEST_F(ReliableQuicStreamTest, SetDrainingOutgoingIncoming) {
   Initialize(kShouldNotProcessData);
 
   // Outgoing data with FIN.
-  EXPECT_CALL(*session_, WritevData(kTestStreamId, _, _, _, _))
+  EXPECT_CALL(*session_, WritevData(stream_, kTestStreamId, _, _, _, _))
       .WillOnce(Return(QuicConsumedData(2, true)));
   stream_->WriteOrBufferData(StringPiece(kData1, 2), true, nullptr);
   EXPECT_TRUE(stream_->write_side_closed());
@@ -642,7 +653,7 @@ TEST_F(ReliableQuicStreamTest, EarlyResponseFinHandling) {
 
   Initialize(kShouldProcessData);
   EXPECT_CALL(*connection_, CloseConnection(_, _, _)).Times(0);
-  EXPECT_CALL(*session_, WritevData(_, _, _, _, _))
+  EXPECT_CALL(*session_, WritevData(_, _, _, _, _, _))
       .WillRepeatedly(Invoke(MockQuicSession::ConsumeAllData));
 
   // Receive data for the request.
diff --git a/chromium/net/quic/spdy_utils.cc b/chromium/net/quic/spdy_utils.cc
index 468c9823e1a..6b9982a31f6 100644
--- a/chromium/net/quic/spdy_utils.cc
+++ b/chromium/net/quic/spdy_utils.cc
@@ -4,17 +4,20 @@
 
 #include "net/quic/spdy_utils.h"
 
+#include <memory>
 #include <vector>
 
-#include "base/memory/scoped_ptr.h"
 #include "base/stl_util.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_split.h"
+#include "base/strings/string_util.h"
+#include "base/strings/stringprintf.h"
 #include "net/spdy/spdy_frame_builder.h"
 #include "net/spdy/spdy_framer.h"
 #include "net/spdy/spdy_protocol.h"
 #include "url/gurl.h"
 
+using base::StringPiece;
 using std::string;
 using std::vector;
 
@@ -107,6 +110,115 @@ bool SpdyUtils::ParseTrailers(const char* data,
   return true;
 }
 
+bool SpdyUtils::CopyAndValidateHeaders(const QuicHeaderList& header_list,
+                                       int64_t* content_length,
+                                       SpdyHeaderBlock* headers) {
+  for (const auto& p : header_list) {
+    const string& name = p.first;
+    if (name.empty()) {
+      DVLOG(1) << "Header name must not be empty.";
+      return false;
+    }
+
+    if (std::any_of(name.begin(), name.end(), base::IsAsciiUpper<char>)) {
+      DLOG(ERROR) << "Malformed header: Header name " << name
+                  << " contains upper-case characters.";
+      return false;
+    }
+
+    auto iter = headers->find(name);
+    if (iter == headers->end()) {
+      (*headers)[name] = p.second;
+    } else if (name == "cookie") {
+      // Obeys section 8.1.2.5 in RFC 7540 for cookie reconstruction.
+      headers->ReplaceOrAppendHeader(
+          name, base::StringPrintf("%s; %s", iter->second.as_string().c_str(),
+                                   p.second.c_str()));
+    } else {
+      // This header had multiple values, so it must be reconstructed.
+      string value = base::StringPrintf(
+          "%s%c%s", iter->second.as_string().c_str(), '\0', p.second.c_str());
+      headers->ReplaceOrAppendHeader(name, value);
+    }
+  }
+
+  if (ContainsKey(*headers, "content-length")) {
+    // Check whether multiple values are consistent.
+    StringPiece content_length_header = (*headers)["content-length"];
+    vector<string> values =
+        base::SplitString(content_length_header, base::StringPiece("\0", 1),
+                          base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL);
+    for (const string& value : values) {
+      int64_t new_value;
+      if (!base::StringToInt64(value, &new_value) || new_value < 0) {
+        DLOG(ERROR) << "Content length was either unparseable or negative.";
+        return false;
+      }
+      if (*content_length < 0) {
+        *content_length = new_value;
+        continue;
+      }
+      if (new_value != *content_length) {
+        DLOG(ERROR) << "Parsed content length " << new_value << " is "
+                    << "inconsistent with previously detected content length "
+                    << *content_length;
+        return false;
+      }
+    }
+  }
+
+  DVLOG(1) << "Successfully parsed headers: " << headers->DebugString();
+  return true;
+}
+
+bool SpdyUtils::CopyAndValidateTrailers(const QuicHeaderList& header_list,
+                                        size_t* final_byte_offset,
+                                        SpdyHeaderBlock* trailers) {
+  bool found_final_byte_offset = false;
+  for (const auto& p : header_list) {
+    const string& name = p.first;
+
+    // Pull out the final offset pseudo header which indicates the number of
+    // response body bytes expected.
+    int offset;
+    if (!found_final_byte_offset && name == kFinalOffsetHeaderKey &&
+        base::StringToInt(p.second, &offset)) {
+      *final_byte_offset = offset;
+      found_final_byte_offset = true;
+      continue;
+    }
+
+    if (name.empty() || name[0] == ':') {
+      DVLOG(1) << "Trailers must not be empty, and must not contain pseudo-"
+               << "headers. Found: '" << name << "'";
+      return false;
+    }
+
+    if (std::any_of(name.begin(), name.end(), base::IsAsciiUpper<char>)) {
+      DVLOG(1) << "Malformed header: Header name " << name
+               << " contains upper-case characters.";
+      return false;
+    }
+
+    if (trailers->find(name) != trailers->end()) {
+      DVLOG(1) << "Duplicate header '" << name << "' found in trailers.";
+      return false;
+    }
+
+    (*trailers)[name] = p.second;
+  }
+
+  if (!found_final_byte_offset) {
+    DVLOG(1) << "Required key '" << kFinalOffsetHeaderKey << "' not present";
+    return false;
+  }
+
+  // TODO(rjshade): Check for other forbidden keys, following the HTTP/2 spec.
+
+  DVLOG(1) << "Successfully parsed Trailers: " << trailers->DebugString();
+  return true;
+}
+
 // static
 string SpdyUtils::GetUrlFromHeaderBlock(const SpdyHeaderBlock& headers) {
   SpdyHeaderBlock::const_iterator it = headers.find(":scheme");
diff --git a/chromium/net/quic/spdy_utils.h b/chromium/net/quic/spdy_utils.h
index ba8fecb9a26..6a9b15e375e 100644
--- a/chromium/net/quic/spdy_utils.h
+++ b/chromium/net/quic/spdy_utils.h
@@ -13,6 +13,7 @@
 
 #include "base/macros.h"
 #include "net/base/net_export.h"
+#include "net/quic/quic_header_list.h"
 #include "net/quic/quic_protocol.h"
 #include "net/spdy/spdy_framer.h"
 
@@ -43,6 +44,18 @@ class NET_EXPORT_PRIVATE SpdyUtils {
                             size_t* final_byte_offset,
                             SpdyHeaderBlock* trailers);
 
+  // Copies a list of headers to a SpdyHeaderBlock. Performs similar validation
+  // to SpdyFramer::ParseHeaderBlockInBuffer and ParseHeaders, above.
+  static bool CopyAndValidateHeaders(const QuicHeaderList& header_list,
+                                     int64_t* content_length,
+                                     SpdyHeaderBlock* headers);
+
+  // Copies a list of headers to a SpdyHeaderBlock. Performs similar validation
+  // to SpdyFramer::ParseHeaderBlockInBuffer and ParseTrailers, above.
+  static bool CopyAndValidateTrailers(const QuicHeaderList& header_list,
+                                      size_t* final_byte_offset,
+                                      SpdyHeaderBlock* trailers);
+
   // Returns URL composed from scheme, authority, and path header
   // values, or empty string if any of those fields are missing.
   static std::string GetUrlFromHeaderBlock(const net::SpdyHeaderBlock& headers);
diff --git a/chromium/net/quic/spdy_utils_test.cc b/chromium/net/quic/spdy_utils_test.cc
index c3ebf704b52..a465260ad56 100644
--- a/chromium/net/quic/spdy_utils_test.cc
+++ b/chromium/net/quic/spdy_utils_test.cc
@@ -5,9 +5,13 @@
 
 #include "base/macros.h"
 #include "base/strings/string_number_conversions.h"
+#include "base/strings/string_piece.h"
 #include "net/test/gtest_util.h"
 
+using base::StringPiece;
 using std::string;
+using testing::UnorderedElementsAre;
+using testing::Pair;
 
 namespace net {
 namespace test {
@@ -108,6 +112,142 @@ TEST(SpdyUtilsTest, SerializeAndParseTrailersWithPseudoHeaders) {
                                         serialized_trailers.size(),
                                         &final_byte_offset, &output_trailers));
 }
+static std::unique_ptr<QuicHeaderList> FromList(
+    const QuicHeaderList::ListType& src) {
+  std::unique_ptr<QuicHeaderList> headers(new QuicHeaderList);
+  headers->OnHeaderBlockStart();
+  for (const auto& p : src) {
+    headers->OnHeader(p.first, p.second);
+  }
+  headers->OnHeaderBlockEnd(0);
+  return headers;
+}
+
+TEST(SpdyUtilsTest, CopyAndValidateHeaders) {
+  auto headers =
+      FromList({{"foo", "foovalue"}, {"bar", "barvalue"}, {"baz", ""}});
+  int64_t content_length = -1;
+  SpdyHeaderBlock block;
+  ASSERT_TRUE(
+      SpdyUtils::CopyAndValidateHeaders(*headers, &content_length, &block));
+  EXPECT_THAT(block,
+              UnorderedElementsAre(Pair("foo", "foovalue"),
+                                   Pair("bar", "barvalue"), Pair("baz", "")));
+  EXPECT_EQ(-1, content_length);
+}
+
+TEST(SpdyUtilsTest, CopyAndValidateHeadersEmptyName) {
+  auto headers = FromList({{"foo", "foovalue"}, {"", "barvalue"}, {"baz", ""}});
+  int64_t content_length = -1;
+  SpdyHeaderBlock block;
+  ASSERT_FALSE(
+      SpdyUtils::CopyAndValidateHeaders(*headers, &content_length, &block));
+}
+
+TEST(SpdyUtilsTest, CopyAndValidateHeadersUpperCaseName) {
+  auto headers =
+      FromList({{"foo", "foovalue"}, {"bar", "barvalue"}, {"bAz", ""}});
+  int64_t content_length = -1;
+  SpdyHeaderBlock block;
+  ASSERT_FALSE(
+      SpdyUtils::CopyAndValidateHeaders(*headers, &content_length, &block));
+}
+
+TEST(SpdyUtilsTest, CopyAndValidateHeadersMultipleContentLengths) {
+  auto headers = FromList({{"content-length", "9"},
+                           {"foo", "foovalue"},
+                           {"content-length", "9"},
+                           {"bar", "barvalue"},
+                           {"baz", ""}});
+  int64_t content_length = -1;
+  SpdyHeaderBlock block;
+  ASSERT_TRUE(
+      SpdyUtils::CopyAndValidateHeaders(*headers, &content_length, &block));
+  EXPECT_THAT(block, UnorderedElementsAre(
+                         Pair("foo", "foovalue"), Pair("bar", "barvalue"),
+                         Pair("content-length", StringPiece("9"
+                                                            "\0"
+                                                            "9",
+                                                            3)),
+                         Pair("baz", "")));
+  EXPECT_EQ(9, content_length);
+}
+
+TEST(SpdyUtilsTest, CopyAndValidateHeadersInconsistentContentLengths) {
+  auto headers = FromList({{"content-length", "9"},
+                           {"foo", "foovalue"},
+                           {"content-length", "8"},
+                           {"bar", "barvalue"},
+                           {"baz", ""}});
+  int64_t content_length = -1;
+  SpdyHeaderBlock block;
+  ASSERT_FALSE(
+      SpdyUtils::CopyAndValidateHeaders(*headers, &content_length, &block));
+}
+
+TEST(SpdyUtilsTest, CopyAndValidateHeadersLargeContentLength) {
+  auto headers = FromList({{"content-length", "9000000000"},
+                           {"foo", "foovalue"},
+                           {"bar", "barvalue"},
+                           {"baz", ""}});
+  int64_t content_length = -1;
+  SpdyHeaderBlock block;
+  ASSERT_TRUE(
+      SpdyUtils::CopyAndValidateHeaders(*headers, &content_length, &block));
+  EXPECT_THAT(block, UnorderedElementsAre(
+                         Pair("foo", "foovalue"), Pair("bar", "barvalue"),
+                         Pair("content-length", StringPiece("9000000000")),
+                         Pair("baz", "")));
+  EXPECT_EQ(9000000000, content_length);
+}
+
+TEST(SpdyUtilsTest, CopyAndValidateHeadersMultipleValues) {
+  auto headers = FromList({{"foo", "foovalue"},
+                           {"bar", "barvalue"},
+                           {"baz", ""},
+                           {"foo", "boo"},
+                           {"baz", "buzz"}});
+  int64_t content_length = -1;
+  SpdyHeaderBlock block;
+  ASSERT_TRUE(
+      SpdyUtils::CopyAndValidateHeaders(*headers, &content_length, &block));
+  EXPECT_THAT(
+      block, UnorderedElementsAre(Pair("foo", StringPiece("foovalue\0boo", 12)),
+                                  Pair("bar", "barvalue"),
+                                  Pair("baz", StringPiece("\0buzz", 5))));
+  EXPECT_EQ(-1, content_length);
+}
+
+TEST(SpdyUtilsTest, CopyAndValidateHeadersCookie) {
+  auto headers = FromList({{"foo", "foovalue"},
+                           {"bar", "barvalue"},
+                           {"cookie", "value1"},
+                           {"baz", ""}});
+  int64_t content_length = -1;
+  SpdyHeaderBlock block;
+  ASSERT_TRUE(
+      SpdyUtils::CopyAndValidateHeaders(*headers, &content_length, &block));
+  EXPECT_THAT(block, UnorderedElementsAre(
+                         Pair("foo", "foovalue"), Pair("bar", "barvalue"),
+                         Pair("cookie", "value1"), Pair("baz", "")));
+  EXPECT_EQ(-1, content_length);
+}
+
+TEST(SpdyUtilsTest, CopyAndValidateHeadersMultipleCookies) {
+  auto headers = FromList({{"foo", "foovalue"},
+                           {"bar", "barvalue"},
+                           {"cookie", "value1"},
+                           {"baz", ""},
+                           {"cookie", "value2"}});
+  int64_t content_length = -1;
+  SpdyHeaderBlock block;
+  ASSERT_TRUE(
+      SpdyUtils::CopyAndValidateHeaders(*headers, &content_length, &block));
+  EXPECT_THAT(block, UnorderedElementsAre(
+                         Pair("foo", "foovalue"), Pair("bar", "barvalue"),
+                         Pair("cookie", "value1; value2"), Pair("baz", "")));
+  EXPECT_EQ(-1, content_length);
+}
 
 TEST(SpdyUtilsTest, GetUrlFromHeaderBlock) {
   SpdyHeaderBlock headers;
diff --git a/chromium/net/quic/test_tools/crypto_test_utils.cc b/chromium/net/quic/test_tools/crypto_test_utils.cc
index 29232949bc6..59270b25155 100644
--- a/chromium/net/quic/test_tools/crypto_test_utils.cc
+++ b/chromium/net/quic/test_tools/crypto_test_utils.cc
@@ -4,6 +4,19 @@
 
 #include "net/quic/test_tools/crypto_test_utils.h"
 
+#include <openssl/bn.h>
+#include <openssl/ec.h>
+#include <openssl/ecdsa.h>
+#include <openssl/evp.h>
+#include <openssl/obj_mac.h>
+#include <openssl/sha.h>
+
+#include <memory>
+
+#include "base/strings/string_util.h"
+#include "crypto/openssl_util.h"
+#include "crypto/scoped_openssl_types.h"
+#include "crypto/secure_hash.h"
 #include "net/quic/crypto/channel_id.h"
 #include "net/quic/crypto/common_cert_set.h"
 #include "net/quic/crypto/crypto_handshake.h"
@@ -83,7 +96,7 @@ class AsyncTestChannelIDSource : public ChannelIDSource,
 
   // ChannelIDSource implementation.
   QuicAsyncStatus GetChannelIDKey(const string& hostname,
-                                  scoped_ptr<ChannelIDKey>* channel_id_key,
+                                  std::unique_ptr<ChannelIDKey>* channel_id_key,
                                   ChannelIDSourceCallback* callback) override {
     // Synchronous mode.
     if (!callback) {
@@ -109,9 +122,141 @@ class AsyncTestChannelIDSource : public ChannelIDSource,
   }
 
  private:
-  scoped_ptr<ChannelIDSource> sync_source_;
-  scoped_ptr<ChannelIDSourceCallback> callback_;
-  scoped_ptr<ChannelIDKey> channel_id_key_;
+  std::unique_ptr<ChannelIDSource> sync_source_;
+  std::unique_ptr<ChannelIDSourceCallback> callback_;
+  std::unique_ptr<ChannelIDKey> channel_id_key_;
+};
+
+class TestChannelIDKey : public ChannelIDKey {
+ public:
+  explicit TestChannelIDKey(EVP_PKEY* ecdsa_key) : ecdsa_key_(ecdsa_key) {}
+  ~TestChannelIDKey() override {}
+
+  // ChannelIDKey implementation.
+
+  bool Sign(StringPiece signed_data, string* out_signature) const override {
+    crypto::ScopedEVP_MD_CTX md_ctx(EVP_MD_CTX_create());
+    if (!md_ctx ||
+        EVP_DigestSignInit(md_ctx.get(), nullptr, EVP_sha256(), nullptr,
+                           ecdsa_key_.get()) != 1) {
+      return false;
+    }
+
+    EVP_DigestUpdate(md_ctx.get(), ChannelIDVerifier::kContextStr,
+                     strlen(ChannelIDVerifier::kContextStr) + 1);
+    EVP_DigestUpdate(md_ctx.get(), ChannelIDVerifier::kClientToServerStr,
+                     strlen(ChannelIDVerifier::kClientToServerStr) + 1);
+    EVP_DigestUpdate(md_ctx.get(), signed_data.data(), signed_data.size());
+
+    size_t sig_len;
+    if (!EVP_DigestSignFinal(md_ctx.get(), nullptr, &sig_len)) {
+      return false;
+    }
+
+    std::unique_ptr<uint8_t[]> der_sig(new uint8_t[sig_len]);
+    if (!EVP_DigestSignFinal(md_ctx.get(), der_sig.get(), &sig_len)) {
+      return false;
+    }
+
+    uint8_t* derp = der_sig.get();
+    crypto::ScopedECDSA_SIG sig(
+        d2i_ECDSA_SIG(nullptr, const_cast<const uint8_t**>(&derp), sig_len));
+    if (sig.get() == nullptr) {
+      return false;
+    }
+
+    // The signature consists of a pair of 32-byte numbers.
+    static const size_t kSignatureLength = 32 * 2;
+    std::unique_ptr<uint8_t[]> signature(new uint8_t[kSignatureLength]);
+    if (!BN_bn2bin_padded(&signature[0], 32, sig->r) ||
+        !BN_bn2bin_padded(&signature[32], 32, sig->s)) {
+      return false;
+    }
+
+    *out_signature =
+        string(reinterpret_cast<char*>(signature.get()), kSignatureLength);
+
+    return true;
+  }
+
+  string SerializeKey() const override {
+    // i2d_PublicKey will produce an ANSI X9.62 public key which, for a P-256
+    // key, is 0x04 (meaning uncompressed) followed by the x and y field
+    // elements as 32-byte, big-endian numbers.
+    static const int kExpectedKeyLength = 65;
+
+    int len = i2d_PublicKey(ecdsa_key_.get(), nullptr);
+    if (len != kExpectedKeyLength) {
+      return "";
+    }
+
+    uint8_t buf[kExpectedKeyLength];
+    uint8_t* derp = buf;
+    i2d_PublicKey(ecdsa_key_.get(), &derp);
+
+    return string(reinterpret_cast<char*>(buf + 1), kExpectedKeyLength - 1);
+  }
+
+ private:
+  crypto::ScopedEVP_PKEY ecdsa_key_;
+};
+
+class TestChannelIDSource : public ChannelIDSource {
+ public:
+  ~TestChannelIDSource() override {}
+
+  // ChannelIDSource implementation.
+
+  QuicAsyncStatus GetChannelIDKey(
+      const string& hostname,
+      std::unique_ptr<ChannelIDKey>* channel_id_key,
+      ChannelIDSourceCallback* /*callback*/) override {
+    channel_id_key->reset(new TestChannelIDKey(HostnameToKey(hostname)));
+    return QUIC_SUCCESS;
+  }
+
+ private:
+  static EVP_PKEY* HostnameToKey(const string& hostname) {
+    // In order to generate a deterministic key for a given hostname the
+    // hostname is hashed with SHA-256 and the resulting digest is treated as a
+    // big-endian number. The most-significant bit is cleared to ensure that
+    // the resulting value is less than the order of the group and then it's
+    // taken as a private key. Given the private key, the public key is
+    // calculated with a group multiplication.
+    SHA256_CTX sha256;
+    SHA256_Init(&sha256);
+    SHA256_Update(&sha256, hostname.data(), hostname.size());
+
+    unsigned char digest[SHA256_DIGEST_LENGTH];
+    SHA256_Final(digest, &sha256);
+
+    // Ensure that the digest is less than the order of the P-256 group by
+    // clearing the most-significant bit.
+    digest[0] &= 0x7f;
+
+    crypto::ScopedBIGNUM k(BN_new());
+    CHECK(BN_bin2bn(digest, sizeof(digest), k.get()) != nullptr);
+
+    crypto::ScopedEC_GROUP p256(
+        EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
+    CHECK(p256);
+
+    crypto::ScopedEC_KEY ecdsa_key(EC_KEY_new());
+    CHECK(ecdsa_key && EC_KEY_set_group(ecdsa_key.get(), p256.get()));
+
+    crypto::ScopedEC_POINT point(EC_POINT_new(p256.get()));
+    CHECK(EC_POINT_mul(p256.get(), point.get(), k.get(), nullptr, nullptr,
+                       nullptr));
+
+    EC_KEY_set_private_key(ecdsa_key.get(), k.get());
+    EC_KEY_set_public_key(ecdsa_key.get(), point.get());
+
+    crypto::ScopedEVP_PKEY pkey(EVP_PKEY_new());
+    // EVP_PKEY_set1_EC_KEY takes a reference so no |release| here.
+    EVP_PKEY_set1_EC_KEY(pkey.get(), ecdsa_key.get());
+
+    return pkey.release();
+  }
 };
 
 }  // anonymous namespace
@@ -126,12 +271,14 @@ CryptoTestUtils::FakeClientOptions::FakeClientOptions()
 
 // static
 int CryptoTestUtils::HandshakeWithFakeServer(
-    MockConnectionHelper* helper,
+    MockQuicConnectionHelper* helper,
+    MockAlarmFactory* alarm_factory,
     PacketSavingConnection* client_conn,
     QuicCryptoClientStream* client,
     const FakeServerOptions& options) {
-  PacketSavingConnection* server_conn = new PacketSavingConnection(
-      helper, Perspective::IS_SERVER, client_conn->supported_versions());
+  PacketSavingConnection* server_conn =
+      new PacketSavingConnection(helper, alarm_factory, Perspective::IS_SERVER,
+                                 client_conn->supported_versions());
 
   QuicConfig config = DefaultQuicConfig();
   QuicCryptoServerConfig crypto_config(QuicCryptoServerConfig::TESTING,
@@ -158,13 +305,14 @@ int CryptoTestUtils::HandshakeWithFakeServer(
 
 // static
 int CryptoTestUtils::HandshakeWithFakeClient(
-    MockConnectionHelper* helper,
+    MockQuicConnectionHelper* helper,
+    MockAlarmFactory* alarm_factory,
     PacketSavingConnection* server_conn,
     QuicCryptoServerStream* server,
     const QuicServerId& server_id,
     const FakeClientOptions& options) {
   PacketSavingConnection* client_conn =
-      new PacketSavingConnection(helper, Perspective::IS_CLIENT);
+      new PacketSavingConnection(helper, alarm_factory, Perspective::IS_CLIENT);
   // Advance the time, because timers do not like uninitialized times.
   client_conn->AdvanceTime(QuicTime::Delta::FromSeconds(1));
 
@@ -196,7 +344,7 @@ int CryptoTestUtils::HandshakeWithFakeClient(
   CompareClientAndServerKeys(client_session.GetCryptoStream(), server);
 
   if (options.channel_id_enabled) {
-    scoped_ptr<ChannelIDKey> channel_id_key;
+    std::unique_ptr<ChannelIDKey> channel_id_key;
     QuicAsyncStatus status = crypto_config.channel_id_source()->GetChannelIDKey(
         server_id.host(), &channel_id_key, nullptr);
     EXPECT_EQ(QUIC_SUCCESS, status);
@@ -220,40 +368,45 @@ void CryptoTestUtils::SetupCryptoServerConfigForTest(
   QuicCryptoServerConfig::ConfigOptions options;
   options.channel_id_enabled = true;
   options.token_binding_enabled = fake_options.token_binding_enabled;
-  scoped_ptr<CryptoHandshakeMessage> scfg(
+  std::unique_ptr<CryptoHandshakeMessage> scfg(
       crypto_config->AddDefaultConfig(rand, clock, options));
 }
 
 // static
 void CryptoTestUtils::CommunicateHandshakeMessages(
-    PacketSavingConnection* a_conn,
-    QuicCryptoStream* a,
-    PacketSavingConnection* b_conn,
-    QuicCryptoStream* b) {
-  CommunicateHandshakeMessagesAndRunCallbacks(a_conn, a, b_conn, b, nullptr);
+    PacketSavingConnection* client_conn,
+    QuicCryptoStream* client,
+    PacketSavingConnection* server_conn,
+    QuicCryptoStream* server) {
+  CommunicateHandshakeMessagesAndRunCallbacks(client_conn, client, server_conn,
+                                              server, nullptr);
 }
 
 // static
 void CryptoTestUtils::CommunicateHandshakeMessagesAndRunCallbacks(
-    PacketSavingConnection* a_conn,
-    QuicCryptoStream* a,
-    PacketSavingConnection* b_conn,
-    QuicCryptoStream* b,
+    PacketSavingConnection* client_conn,
+    QuicCryptoStream* client,
+    PacketSavingConnection* server_conn,
+    QuicCryptoStream* server,
     CallbackSource* callback_source) {
-  size_t a_i = 0, b_i = 0;
-  while (!a->handshake_confirmed()) {
-    ASSERT_GT(a_conn->encrypted_packets_.size(), a_i);
-    VLOG(1) << "Processing " << a_conn->encrypted_packets_.size() - a_i
-            << " packets a->b";
-    MovePackets(a_conn, &a_i, b, b_conn);
+  size_t client_i = 0, server_i = 0;
+  while (!client->handshake_confirmed()) {
+    ASSERT_GT(client_conn->encrypted_packets_.size(), client_i);
+    VLOG(1) << "Processing "
+            << client_conn->encrypted_packets_.size() - client_i
+            << " packets client->server";
+    MovePackets(client_conn, &client_i, server, server_conn,
+                Perspective::IS_SERVER);
     if (callback_source) {
       callback_source->RunPendingCallbacks();
     }
 
-    ASSERT_GT(b_conn->encrypted_packets_.size(), b_i);
-    VLOG(1) << "Processing " << b_conn->encrypted_packets_.size() - b_i
-            << " packets b->a";
-    MovePackets(b_conn, &b_i, a, a_conn);
+    ASSERT_GT(server_conn->encrypted_packets_.size(), server_i);
+    VLOG(1) << "Processing "
+            << server_conn->encrypted_packets_.size() - server_i
+            << " packets server->client";
+    MovePackets(server_conn, &server_i, client, client_conn,
+                Perspective::IS_CLIENT);
     if (callback_source) {
       callback_source->RunPendingCallbacks();
     }
@@ -262,24 +415,26 @@ void CryptoTestUtils::CommunicateHandshakeMessagesAndRunCallbacks(
 
 // static
 pair<size_t, size_t> CryptoTestUtils::AdvanceHandshake(
-    PacketSavingConnection* a_conn,
-    QuicCryptoStream* a,
-    size_t a_i,
-    PacketSavingConnection* b_conn,
-    QuicCryptoStream* b,
-    size_t b_i) {
-  VLOG(1) << "Processing " << a_conn->encrypted_packets_.size() - a_i
-          << " packets a->b";
-  MovePackets(a_conn, &a_i, b, b_conn);
-
-  VLOG(1) << "Processing " << b_conn->encrypted_packets_.size() - b_i
-          << " packets b->a";
-  if (b_conn->encrypted_packets_.size() - b_i == 2) {
+    PacketSavingConnection* client_conn,
+    QuicCryptoStream* client,
+    size_t client_i,
+    PacketSavingConnection* server_conn,
+    QuicCryptoStream* server,
+    size_t server_i) {
+  VLOG(1) << "Processing " << client_conn->encrypted_packets_.size() - client_i
+          << " packets client->server";
+  MovePackets(client_conn, &client_i, server, server_conn,
+              Perspective::IS_SERVER);
+
+  VLOG(1) << "Processing " << server_conn->encrypted_packets_.size() - server_i
+          << " packets server->client";
+  if (server_conn->encrypted_packets_.size() - server_i == 2) {
     VLOG(1) << "here";
   }
-  MovePackets(b_conn, &b_i, a, a_conn);
+  MovePackets(server_conn, &server_i, client, client_conn,
+              Perspective::IS_CLIENT);
 
-  return std::make_pair(a_i, b_i);
+  return std::make_pair(client_i, server_i);
 }
 
 // static
@@ -574,7 +729,7 @@ CryptoHandshakeMessage CryptoTestUtils::Message(const char* message_tag, ...) {
       len--;
 
       CHECK_EQ(0u, len % 2);
-      scoped_ptr<uint8_t[]> buf(new uint8_t[len / 2]);
+      std::unique_ptr<uint8_t[]> buf(new uint8_t[len / 2]);
 
       for (size_t i = 0; i < len / 2; i++) {
         uint8_t v = 0;
@@ -594,8 +749,8 @@ CryptoHandshakeMessage CryptoTestUtils::Message(const char* message_tag, ...) {
 
   // The CryptoHandshakeMessage needs to be serialized and parsed to ensure
   // that any padding is included.
-  scoped_ptr<QuicData> bytes(CryptoFramer::ConstructHandshakeMessage(msg));
-  scoped_ptr<CryptoHandshakeMessage> parsed(
+  std::unique_ptr<QuicData> bytes(CryptoFramer::ConstructHandshakeMessage(msg));
+  std::unique_ptr<CryptoHandshakeMessage> parsed(
       CryptoFramer::ParseMessage(bytes->AsStringPiece()));
   CHECK(parsed.get());
 
@@ -604,11 +759,17 @@ CryptoHandshakeMessage CryptoTestUtils::Message(const char* message_tag, ...) {
 }
 
 // static
+ChannelIDSource* CryptoTestUtils::ChannelIDSourceForTesting() {
+  return new TestChannelIDSource();
+}
+
+// static
 void CryptoTestUtils::MovePackets(PacketSavingConnection* source_conn,
                                   size_t* inout_packet_index,
                                   QuicCryptoStream* dest_stream,
-                                  PacketSavingConnection* dest_conn) {
-  SimpleQuicFramer framer(source_conn->supported_versions());
+                                  PacketSavingConnection* dest_conn,
+                                  Perspective dest_perspective) {
+  SimpleQuicFramer framer(source_conn->supported_versions(), dest_perspective);
   CryptoFramer crypto_framer;
   CryptoFramerVisitor crypto_visitor;
 
@@ -631,7 +792,7 @@ void CryptoTestUtils::MovePackets(PacketSavingConnection* source_conn,
 
     for (const QuicStreamFrame* stream_frame : framer.stream_frames()) {
       ASSERT_TRUE(crypto_framer.ProcessInput(
-          StringPiece(stream_frame->frame_buffer, stream_frame->frame_length)));
+          StringPiece(stream_frame->data_buffer, stream_frame->data_length)));
       ASSERT_FALSE(crypto_visitor.error());
     }
   }
diff --git a/chromium/net/quic/test_tools/crypto_test_utils.h b/chromium/net/quic/test_tools/crypto_test_utils.h
index 6d2ad006954..62373abbb7d 100644
--- a/chromium/net/quic/test_tools/crypto_test_utils.h
+++ b/chromium/net/quic/test_tools/crypto_test_utils.h
@@ -85,13 +85,17 @@ class CryptoTestUtils {
   };
 
   // returns: the number of client hellos that the client sent.
-  static int HandshakeWithFakeServer(MockConnectionHelper* helper,
+  static int HandshakeWithFakeServer(MockQuicConnectionHelper* helper,
+                                     MockAlarmFactory* alarm_factory,
                                      PacketSavingConnection* client_conn,
                                      QuicCryptoClientStream* client,
                                      const FakeServerOptions& options);
 
   // returns: the number of client hellos that the client sent.
-  static int HandshakeWithFakeClient(MockConnectionHelper* helper,
+  static int HandshakeWithFakeClient(MockQuicConnectionHelper* helper,
+
+                                     MockAlarmFactory* alarm_factory,
+
                                      PacketSavingConnection* server_conn,
                                      QuicCryptoServerStream* server,
                                      const QuicServerId& server_id,
@@ -106,34 +110,34 @@ class CryptoTestUtils {
       QuicCryptoServerConfig* crypto_config,
       const FakeServerOptions& options);
 
-  // CommunicateHandshakeMessages moves messages from |a| to |b| and back until
-  // |a|'s handshake has completed.
-  static void CommunicateHandshakeMessages(PacketSavingConnection* a_conn,
-                                           QuicCryptoStream* a,
-                                           PacketSavingConnection* b_conn,
-                                           QuicCryptoStream* b);
-
-  // CommunicateHandshakeMessagesAndRunCallbacks moves messages from |a| to |b|
-  // and back until |a|'s handshake has completed. If |callback_source| is not
-  // nullptr, CommunicateHandshakeMessagesAndRunCallbacks also runs callbacks
-  // from
+  // CommunicateHandshakeMessages moves messages from |client| to |server| and
+  // back until |clients|'s handshake has completed.
+  static void CommunicateHandshakeMessages(PacketSavingConnection* client_conn,
+                                           QuicCryptoStream* client,
+                                           PacketSavingConnection* server_conn,
+                                           QuicCryptoStream* server);
+
+  // CommunicateHandshakeMessagesAndRunCallbacks moves messages from |client|
+  // to |server| and back until |client|'s handshake has completed. If
+  // |callback_source| is not nullptr,
+  // CommunicateHandshakeMessagesAndRunCallbacks also runs callbacks from
   // |callback_source| between processing messages.
   static void CommunicateHandshakeMessagesAndRunCallbacks(
-      PacketSavingConnection* a_conn,
-      QuicCryptoStream* a,
-      PacketSavingConnection* b_conn,
-      QuicCryptoStream* b,
+      PacketSavingConnection* client_conn,
+      QuicCryptoStream* client,
+      PacketSavingConnection* server_conn,
+      QuicCryptoStream* server,
       CallbackSource* callback_source);
 
-  // AdvanceHandshake attempts to moves messages from |a| to |b| and |b| to |a|.
-  // Returns the number of messages moved.
+  // AdvanceHandshake attempts to moves messages from |client| to |server| and
+  // |server| to |client|. Returns the number of messages moved.
   static std::pair<size_t, size_t> AdvanceHandshake(
-      PacketSavingConnection* a_conn,
-      QuicCryptoStream* a,
-      size_t a_i,
-      PacketSavingConnection* b_conn,
-      QuicCryptoStream* b,
-      size_t b_i);
+      PacketSavingConnection* client_conn,
+      QuicCryptoStream* client,
+      size_t client_i,
+      PacketSavingConnection* server_conn,
+      QuicCryptoStream* server,
+      size_t server_i);
 
   // Returns the value for the tag |tag| in the tag value map of |message|.
   static std::string GetValueForTag(const CryptoHandshakeMessage& message,
@@ -196,7 +200,8 @@ class CryptoTestUtils {
   static void MovePackets(PacketSavingConnection* source_conn,
                           size_t* inout_packet_index,
                           QuicCryptoStream* dest_stream,
-                          PacketSavingConnection* dest_conn);
+                          PacketSavingConnection* dest_conn,
+                          Perspective dest_perspective);
 
  private:
   static void CompareClientAndServerKeys(QuicCryptoClientStream* client,
diff --git a/chromium/net/quic/test_tools/crypto_test_utils_chromium.cc b/chromium/net/quic/test_tools/crypto_test_utils_chromium.cc
index 3932f31c0fc..121db431bee 100644
--- a/chromium/net/quic/test_tools/crypto_test_utils_chromium.cc
+++ b/chromium/net/quic/test_tools/crypto_test_utils_chromium.cc
@@ -2,15 +2,14 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "net/quic/test_tools/crypto_test_utils.h"
-
+#include <memory>
 #include <utility>
 
 #include "base/callback_helpers.h"
 #include "base/logging.h"
 #include "base/macros.h"
+#include "base/memory/ptr_util.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/stl_util.h"
 #include "base/strings/stringprintf.h"
 #include "net/base/net_errors.h"
@@ -30,6 +29,7 @@
 #include "net/quic/crypto/crypto_utils.h"
 #include "net/quic/crypto/proof_source_chromium.h"
 #include "net/quic/crypto/proof_verifier_chromium.h"
+#include "net/quic/test_tools/crypto_test_utils.h"
 #include "net/ssl/ssl_config_service.h"
 #include "net/test/cert_test_util.h"
 
@@ -47,9 +47,9 @@ namespace {
 class TestProofVerifierChromium : public ProofVerifierChromium {
  public:
   TestProofVerifierChromium(
-      scoped_ptr<CertVerifier> cert_verifier,
-      scoped_ptr<TransportSecurityState> transport_security_state,
-      scoped_ptr<CTVerifier> cert_transparency_verifier,
+      std::unique_ptr<CertVerifier> cert_verifier,
+      std::unique_ptr<TransportSecurityState> transport_security_state,
+      std::unique_ptr<CTVerifier> cert_transparency_verifier,
       const std::string& cert_file)
       : ProofVerifierChromium(cert_verifier.get(),
                               nullptr,
@@ -70,160 +70,16 @@ class TestProofVerifierChromium : public ProofVerifierChromium {
 
  private:
   ScopedTestRoot scoped_root_;
-  scoped_ptr<CertVerifier> cert_verifier_;
-  scoped_ptr<TransportSecurityState> transport_security_state_;
-  scoped_ptr<CTVerifier> cert_transparency_verifier_;
-};
-
-const char kSignature[] = "signature";
-const char kSCT[] = "CryptoServerTests";
-
-class FakeProofSource : public ProofSource {
- public:
-  FakeProofSource() {}
-  ~FakeProofSource() override {}
-
-  // ProofSource interface
-  bool Initialize(const base::FilePath& cert_path,
-                  const base::FilePath& key_path,
-                  const base::FilePath& sct_path) {
-    std::string cert_data;
-    if (!base::ReadFileToString(cert_path, &cert_data)) {
-      DLOG(FATAL) << "Unable to read certificates.";
-      return false;
-    }
-
-    CertificateList certs_in_file =
-        X509Certificate::CreateCertificateListFromBytes(
-            cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO);
-
-    if (certs_in_file.empty()) {
-      DLOG(FATAL) << "No certificates.";
-      return false;
-    }
-
-    vector<string> certs;
-    for (const scoped_refptr<X509Certificate>& cert : certs_in_file) {
-      std::string der_encoded_cert;
-      if (!X509Certificate::GetDEREncoded(cert->os_cert_handle(),
-                                          &der_encoded_cert)) {
-        return false;
-      }
-      certs.push_back(der_encoded_cert);
-    }
-    chain_ = new ProofSource::Chain(certs);
-    return true;
-  }
-
-  bool GetProof(const IPAddress& server_ip,
-                const std::string& hostname,
-                const std::string& server_config,
-                QuicVersion quic_version,
-                StringPiece chlo_hash,
-                bool ecdsa_ok,
-                scoped_refptr<ProofSource::Chain>* out_chain,
-                std::string* out_signature,
-                std::string* out_leaf_cert_sct) override {
-    out_signature->assign(kSignature);
-    *out_chain = chain_;
-    *out_leaf_cert_sct = kSCT;
-    return true;
-  }
-
- private:
-  scoped_refptr<ProofSource::Chain> chain_;
-
-  DISALLOW_COPY_AND_ASSIGN(FakeProofSource);
-};
-
-class FakeProofVerifier : public TestProofVerifierChromium {
- public:
-  FakeProofVerifier(scoped_ptr<CertVerifier> cert_verifier,
-                    scoped_ptr<TransportSecurityState> transport_security_state,
-                    scoped_ptr<CTVerifier> cert_transparency_verifier,
-                    const std::string& cert_file)
-      : TestProofVerifierChromium(std::move(cert_verifier),
-                                  std::move(transport_security_state),
-                                  std::move(cert_transparency_verifier),
-                                  cert_file) {}
-  ~FakeProofVerifier() override {}
-
-  // ProofVerifier interface
-  QuicAsyncStatus VerifyProof(const std::string& hostname,
-                              const uint16_t port,
-                              const std::string& server_config,
-                              QuicVersion quic_version,
-                              StringPiece chlo_hash,
-                              const std::vector<std::string>& certs,
-                              const std::string& cert_sct,
-                              const std::string& signature,
-                              const ProofVerifyContext* verify_context,
-                              std::string* error_details,
-                              scoped_ptr<ProofVerifyDetails>* verify_details,
-                              ProofVerifierCallback* callback) override {
-    error_details->clear();
-    scoped_ptr<ProofVerifyDetailsChromium> verify_details_chromium(
-        new ProofVerifyDetailsChromium);
-    DCHECK(!certs.empty());
-    // Convert certs to X509Certificate.
-    vector<StringPiece> cert_pieces(certs.size());
-    for (unsigned i = 0; i < certs.size(); i++) {
-      cert_pieces[i] = base::StringPiece(certs[i]);
-    }
-    scoped_refptr<X509Certificate> x509_cert =
-        X509Certificate::CreateFromDERCertChain(cert_pieces);
-
-    if (!x509_cert.get()) {
-      *error_details = "Failed to create certificate chain";
-      verify_details_chromium->cert_verify_result.cert_status =
-          CERT_STATUS_INVALID;
-      *verify_details = std::move(verify_details_chromium);
-      return QUIC_FAILURE;
-    }
-
-    const ProofVerifyContextChromium* chromium_context =
-        reinterpret_cast<const ProofVerifyContextChromium*>(verify_context);
-    scoped_ptr<CertVerifier::Request> cert_verifier_request_;
-    TestCompletionCallback test_callback;
-    int result = cert_verifier()->Verify(
-        x509_cert.get(), hostname, std::string(),
-        chromium_context->cert_verify_flags,
-        SSLConfigService::GetCRLSet().get(),
-        &verify_details_chromium->cert_verify_result, test_callback.callback(),
-        &cert_verifier_request_, chromium_context->net_log);
-    if (result != OK) {
-      std::string error_string = ErrorToString(result);
-      *error_details = StringPrintf("Failed to verify certificate chain: %s",
-                                    error_string.c_str());
-      verify_details_chromium->cert_verify_result.cert_status =
-          CERT_STATUS_INVALID;
-      *verify_details = std::move(verify_details_chromium);
-      return QUIC_FAILURE;
-    }
-    if (signature != kSignature) {
-      *error_details = "Invalid proof";
-      verify_details_chromium->cert_verify_result.cert_status =
-          CERT_STATUS_INVALID;
-      *verify_details = std::move(verify_details_chromium);
-      return QUIC_FAILURE;
-    }
-    *verify_details = std::move(verify_details_chromium);
-    return QUIC_SUCCESS;
-  }
-
- private:
-  DISALLOW_COPY_AND_ASSIGN(FakeProofVerifier);
+  std::unique_ptr<CertVerifier> cert_verifier_;
+  std::unique_ptr<TransportSecurityState> transport_security_state_;
+  std::unique_ptr<CTVerifier> cert_transparency_verifier_;
 };
 
 }  // namespace
 
 // static
 ProofSource* CryptoTestUtils::ProofSourceForTesting() {
-#if defined(USE_OPENSSL)
   ProofSourceChromium* source = new ProofSourceChromium();
-#else
-  FakeProofSource* source = new FakeProofSource();
-#endif
   base::FilePath certs_dir = GetTestCertsDirectory();
   CHECK(source->Initialize(
       certs_dir.AppendASCII("quic_chain.crt"),
@@ -235,7 +91,7 @@ ProofSource* CryptoTestUtils::ProofSourceForTesting() {
 // static
 ProofVerifier* ProofVerifierForTestingInternal(bool use_real_proof_verifier) {
   // TODO(rch): use a real cert verifier?
-  scoped_ptr<MockCertVerifier> cert_verifier(new MockCertVerifier());
+  std::unique_ptr<MockCertVerifier> cert_verifier(new MockCertVerifier());
   net::CertVerifyResult verify_result;
   verify_result.verified_cert =
       ImportCertFromFile(GetTestCertsDirectory(), "quic_test.example.com.crt");
@@ -247,18 +103,12 @@ ProofVerifier* ProofVerifierForTestingInternal(bool use_real_proof_verifier) {
                                          "test.example.com", verify_result, OK);
   if (use_real_proof_verifier) {
     return new TestProofVerifierChromium(
-        std::move(cert_verifier), make_scoped_ptr(new TransportSecurityState),
-        make_scoped_ptr(new MultiLogCTVerifier), "quic_root.crt");
+        std::move(cert_verifier), base::WrapUnique(new TransportSecurityState),
+        base::WrapUnique(new MultiLogCTVerifier), "quic_root.crt");
   }
-#if defined(USE_OPENSSL)
   return new TestProofVerifierChromium(
-      std::move(cert_verifier), make_scoped_ptr(new TransportSecurityState),
-      make_scoped_ptr(new MultiLogCTVerifier), "quic_root.crt");
-#else
-  return new FakeProofVerifier(
-      std::move(cert_verifier), make_scoped_ptr(new TransportSecurityState),
-      make_scoped_ptr(new MultiLogCTVerifier), "quic_root.crt");
-#endif
+      std::move(cert_verifier), base::WrapUnique(new TransportSecurityState),
+      base::WrapUnique(new MultiLogCTVerifier), "quic_root.crt");
 }
 
 // static
diff --git a/chromium/net/quic/test_tools/crypto_test_utils_nss.cc b/chromium/net/quic/test_tools/crypto_test_utils_nss.cc
deleted file mode 100644
index 946b0531824..00000000000
--- a/chromium/net/quic/test_tools/crypto_test_utils_nss.cc
+++ /dev/null
@@ -1,62 +0,0 @@
-// Copyright 2013 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "net/quic/test_tools/crypto_test_utils.h"
-
-#include "base/stl_util.h"
-#include "base/strings/string_util.h"
-#include "crypto/ec_private_key.h"
-#include "crypto/ec_signature_creator.h"
-#include "net/quic/crypto/channel_id.h"
-#include "net/quic/crypto/channel_id_chromium.h"
-
-using base::StringPiece;
-using std::string;
-
-namespace net {
-
-namespace test {
-
-class TestChannelIDSource : public ChannelIDSource {
- public:
-  ~TestChannelIDSource() override { STLDeleteValues(&hostname_to_key_); }
-
-  // ChannelIDSource implementation.
-
-  QuicAsyncStatus GetChannelIDKey(
-      const string& hostname,
-      scoped_ptr<ChannelIDKey>* channel_id_key,
-      ChannelIDSourceCallback* /*callback*/) override {
-    channel_id_key->reset(new ChannelIDKeyChromium(HostnameToKey(hostname)));
-    return QUIC_SUCCESS;
-  }
-
- private:
-  typedef std::map<string, crypto::ECPrivateKey*> HostnameToKeyMap;
-
-  scoped_ptr<crypto::ECPrivateKey> HostnameToKey(const string& hostname) {
-    HostnameToKeyMap::const_iterator it = hostname_to_key_.find(hostname);
-    if (it != hostname_to_key_.end()) {
-      return make_scoped_ptr(it->second->Copy());
-    }
-
-    crypto::ECPrivateKey* keypair = crypto::ECPrivateKey::Create();
-    if (!keypair) {
-      return nullptr;
-    }
-    hostname_to_key_[hostname] = keypair;
-    return make_scoped_ptr(keypair->Copy());
-  }
-
-  HostnameToKeyMap hostname_to_key_;
-};
-
-// static
-ChannelIDSource* CryptoTestUtils::ChannelIDSourceForTesting() {
-  return new TestChannelIDSource();
-}
-
-}  // namespace test
-
-}  // namespace net
diff --git a/chromium/net/quic/test_tools/crypto_test_utils_openssl.cc b/chromium/net/quic/test_tools/crypto_test_utils_openssl.cc
deleted file mode 100644
index 80228ee90ce..00000000000
--- a/chromium/net/quic/test_tools/crypto_test_utils_openssl.cc
+++ /dev/null
@@ -1,165 +0,0 @@
-// Copyright 2013 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "net/quic/test_tools/crypto_test_utils.h"
-
-#include <openssl/bn.h>
-#include <openssl/ec.h>
-#include <openssl/ecdsa.h>
-#include <openssl/evp.h>
-#include <openssl/obj_mac.h>
-#include <openssl/sha.h>
-
-#include "crypto/openssl_util.h"
-#include "crypto/scoped_openssl_types.h"
-#include "crypto/secure_hash.h"
-#include "net/quic/crypto/channel_id.h"
-
-using base::StringPiece;
-using std::string;
-
-namespace net {
-
-namespace test {
-
-class TestChannelIDKey : public ChannelIDKey {
- public:
-  explicit TestChannelIDKey(EVP_PKEY* ecdsa_key) : ecdsa_key_(ecdsa_key) {}
-  ~TestChannelIDKey() override {}
-
-  // ChannelIDKey implementation.
-
-  bool Sign(StringPiece signed_data, string* out_signature) const override {
-    crypto::ScopedEVP_MD_CTX md_ctx(EVP_MD_CTX_create());
-    if (!md_ctx ||
-        EVP_DigestSignInit(md_ctx.get(), nullptr, EVP_sha256(), nullptr,
-                           ecdsa_key_.get()) != 1) {
-      return false;
-    }
-
-    EVP_DigestUpdate(md_ctx.get(), ChannelIDVerifier::kContextStr,
-                     strlen(ChannelIDVerifier::kContextStr) + 1);
-    EVP_DigestUpdate(md_ctx.get(), ChannelIDVerifier::kClientToServerStr,
-                     strlen(ChannelIDVerifier::kClientToServerStr) + 1);
-    EVP_DigestUpdate(md_ctx.get(), signed_data.data(), signed_data.size());
-
-    size_t sig_len;
-    if (!EVP_DigestSignFinal(md_ctx.get(), nullptr, &sig_len)) {
-      return false;
-    }
-
-    scoped_ptr<uint8_t[]> der_sig(new uint8_t[sig_len]);
-    if (!EVP_DigestSignFinal(md_ctx.get(), der_sig.get(), &sig_len)) {
-      return false;
-    }
-
-    uint8_t* derp = der_sig.get();
-    crypto::ScopedECDSA_SIG sig(
-        d2i_ECDSA_SIG(nullptr, const_cast<const uint8_t**>(&derp), sig_len));
-    if (sig.get() == nullptr) {
-      return false;
-    }
-
-    // The signature consists of a pair of 32-byte numbers.
-    static const size_t kSignatureLength = 32 * 2;
-    scoped_ptr<uint8_t[]> signature(new uint8_t[kSignatureLength]);
-    if (!BN_bn2bin_padded(&signature[0], 32, sig->r) ||
-        !BN_bn2bin_padded(&signature[32], 32, sig->s)) {
-      return false;
-    }
-
-    *out_signature =
-        string(reinterpret_cast<char*>(signature.get()), kSignatureLength);
-
-    return true;
-  }
-
-  string SerializeKey() const override {
-    // i2d_PublicKey will produce an ANSI X9.62 public key which, for a P-256
-    // key, is 0x04 (meaning uncompressed) followed by the x and y field
-    // elements as 32-byte, big-endian numbers.
-    static const int kExpectedKeyLength = 65;
-
-    int len = i2d_PublicKey(ecdsa_key_.get(), nullptr);
-    if (len != kExpectedKeyLength) {
-      return "";
-    }
-
-    uint8_t buf[kExpectedKeyLength];
-    uint8_t* derp = buf;
-    i2d_PublicKey(ecdsa_key_.get(), &derp);
-
-    return string(reinterpret_cast<char*>(buf + 1), kExpectedKeyLength - 1);
-  }
-
- private:
-  crypto::ScopedEVP_PKEY ecdsa_key_;
-};
-
-class TestChannelIDSource : public ChannelIDSource {
- public:
-  ~TestChannelIDSource() override {}
-
-  // ChannelIDSource implementation.
-
-  QuicAsyncStatus GetChannelIDKey(
-      const string& hostname,
-      scoped_ptr<ChannelIDKey>* channel_id_key,
-      ChannelIDSourceCallback* /*callback*/) override {
-    channel_id_key->reset(new TestChannelIDKey(HostnameToKey(hostname)));
-    return QUIC_SUCCESS;
-  }
-
- private:
-  static EVP_PKEY* HostnameToKey(const string& hostname) {
-    // In order to generate a deterministic key for a given hostname the
-    // hostname is hashed with SHA-256 and the resulting digest is treated as a
-    // big-endian number. The most-significant bit is cleared to ensure that
-    // the resulting value is less than the order of the group and then it's
-    // taken as a private key. Given the private key, the public key is
-    // calculated with a group multiplication.
-    SHA256_CTX sha256;
-    SHA256_Init(&sha256);
-    SHA256_Update(&sha256, hostname.data(), hostname.size());
-
-    unsigned char digest[SHA256_DIGEST_LENGTH];
-    SHA256_Final(digest, &sha256);
-
-    // Ensure that the digest is less than the order of the P-256 group by
-    // clearing the most-significant bit.
-    digest[0] &= 0x7f;
-
-    crypto::ScopedBIGNUM k(BN_new());
-    CHECK(BN_bin2bn(digest, sizeof(digest), k.get()) != nullptr);
-
-    crypto::ScopedEC_GROUP p256(
-        EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
-    CHECK(p256);
-
-    crypto::ScopedEC_KEY ecdsa_key(EC_KEY_new());
-    CHECK(ecdsa_key && EC_KEY_set_group(ecdsa_key.get(), p256.get()));
-
-    crypto::ScopedEC_POINT point(EC_POINT_new(p256.get()));
-    CHECK(EC_POINT_mul(p256.get(), point.get(), k.get(), nullptr, nullptr,
-                       nullptr));
-
-    EC_KEY_set_private_key(ecdsa_key.get(), k.get());
-    EC_KEY_set_public_key(ecdsa_key.get(), point.get());
-
-    crypto::ScopedEVP_PKEY pkey(EVP_PKEY_new());
-    // EVP_PKEY_set1_EC_KEY takes a reference so no |release| here.
-    EVP_PKEY_set1_EC_KEY(pkey.get(), ecdsa_key.get());
-
-    return pkey.release();
-  }
-};
-
-// static
-ChannelIDSource* CryptoTestUtils::ChannelIDSourceForTesting() {
-  return new TestChannelIDSource();
-}
-
-}  // namespace test
-
-}  // namespace net
diff --git a/chromium/net/quic/test_tools/mock_crypto_client_stream_factory.cc b/chromium/net/quic/test_tools/mock_crypto_client_stream_factory.cc
index 52501788b4a..eb35bfd0bfe 100644
--- a/chromium/net/quic/test_tools/mock_crypto_client_stream_factory.cc
+++ b/chromium/net/quic/test_tools/mock_crypto_client_stream_factory.cc
@@ -23,7 +23,7 @@ QuicCryptoClientStream*
 MockCryptoClientStreamFactory::CreateQuicCryptoClientStream(
     const QuicServerId& server_id,
     QuicChromiumClientSession* session,
-    scoped_ptr<ProofVerifyContext> /*proof_verify_context*/,
+    std::unique_ptr<ProofVerifyContext> /*proof_verify_context*/,
     QuicCryptoClientConfig* crypto_config) {
   const ProofVerifyDetailsChromium* proof_verify_details = nullptr;
   if (!proof_verify_details_queue_.empty()) {
diff --git a/chromium/net/quic/test_tools/mock_crypto_client_stream_factory.h b/chromium/net/quic/test_tools/mock_crypto_client_stream_factory.h
index 1a12a39f78c..db64c3aaf83 100644
--- a/chromium/net/quic/test_tools/mock_crypto_client_stream_factory.h
+++ b/chromium/net/quic/test_tools/mock_crypto_client_stream_factory.h
@@ -26,7 +26,7 @@ class MockCryptoClientStreamFactory : public QuicCryptoClientStreamFactory {
   QuicCryptoClientStream* CreateQuicCryptoClientStream(
       const QuicServerId& server_id,
       QuicChromiumClientSession* session,
-      scoped_ptr<ProofVerifyContext> proof_verify_context,
+      std::unique_ptr<ProofVerifyContext> proof_verify_context,
       QuicCryptoClientConfig* crypto_config) override;
 
   void set_handshake_mode(
diff --git a/chromium/net/quic/test_tools/mock_quic_dispatcher.cc b/chromium/net/quic/test_tools/mock_quic_dispatcher.cc
index a31365198c8..dc8098cd7c5 100644
--- a/chromium/net/quic/test_tools/mock_quic_dispatcher.cc
+++ b/chromium/net/quic/test_tools/mock_quic_dispatcher.cc
@@ -12,8 +12,13 @@ namespace test {
 MockQuicDispatcher::MockQuicDispatcher(
     const QuicConfig& config,
     const QuicCryptoServerConfig* crypto_config,
-    QuicConnectionHelperInterface* helper)
-    : QuicDispatcher(config, crypto_config, QuicSupportedVersions(), helper) {}
+    std::unique_ptr<QuicConnectionHelperInterface> helper,
+    std::unique_ptr<QuicAlarmFactory> alarm_factory)
+    : QuicDispatcher(config,
+                     crypto_config,
+                     QuicSupportedVersions(),
+                     std::move(helper),
+                     std::move(alarm_factory)) {}
 
 MockQuicDispatcher::~MockQuicDispatcher() {}
 
diff --git a/chromium/net/quic/test_tools/mock_quic_dispatcher.h b/chromium/net/quic/test_tools/mock_quic_dispatcher.h
index 05c9c9baa55..8d666a1519e 100644
--- a/chromium/net/quic/test_tools/mock_quic_dispatcher.h
+++ b/chromium/net/quic/test_tools/mock_quic_dispatcher.h
@@ -20,7 +20,8 @@ class MockQuicDispatcher : public QuicDispatcher {
  public:
   MockQuicDispatcher(const QuicConfig& config,
                      const QuicCryptoServerConfig* crypto_config,
-                     QuicConnectionHelperInterface* helper);
+                     std::unique_ptr<QuicConnectionHelperInterface> helper,
+                     std::unique_ptr<QuicAlarmFactory> alarm_factory);
 
   ~MockQuicDispatcher() override;
 
diff --git a/chromium/net/quic/test_tools/quic_config_peer.cc b/chromium/net/quic/test_tools/quic_config_peer.cc
index 6c0daa70eca..1dac69d5d03 100644
--- a/chromium/net/quic/test_tools/quic_config_peer.cc
+++ b/chromium/net/quic/test_tools/quic_config_peer.cc
@@ -42,6 +42,7 @@ void QuicConfigPeer::SetReceivedConnectionOptions(
 // static
 void QuicConfigPeer::SetReceivedBytesForConnectionId(QuicConfig* config,
                                                      uint32_t bytes) {
+  DCHECK(bytes == 0 || bytes == 8);
   config->bytes_for_connection_id_.SetReceivedValue(bytes);
 }
 
diff --git a/chromium/net/quic/test_tools/quic_connection_peer.cc b/chromium/net/quic/test_tools/quic_connection_peer.cc
index 8b2407c34d5..d5bbac45f42 100644
--- a/chromium/net/quic/test_tools/quic_connection_peer.cc
+++ b/chromium/net/quic/test_tools/quic_connection_peer.cc
@@ -146,6 +146,12 @@ QuicConnectionHelperInterface* QuicConnectionPeer::GetHelper(
 }
 
 // static
+QuicAlarmFactory* QuicConnectionPeer::GetAlarmFactory(
+    QuicConnection* connection) {
+  return connection->alarm_factory_;
+}
+
+// static
 QuicFramer* QuicConnectionPeer::GetFramer(QuicConnection* connection) {
   return &connection->framer_;
 }
@@ -217,7 +223,7 @@ QuicEncryptedPacket* QuicConnectionPeer::GetConnectionClosePacket(
       connection->termination_packets_->empty()) {
     return nullptr;
   }
-  return (*connection->termination_packets_)[0];
+  return (*connection->termination_packets_)[0].get();
 }
 
 // static
@@ -262,5 +268,11 @@ void QuicConnectionPeer::SetAckMode(QuicConnection* connection,
   connection->ack_mode_ = ack_mode;
 }
 
+// static
+void QuicConnectionPeer::SetAckDecimationDelay(QuicConnection* connection,
+                                               float ack_decimation_delay) {
+  connection->ack_decimation_delay_ = ack_decimation_delay;
+}
+
 }  // namespace test
 }  // namespace net
diff --git a/chromium/net/quic/test_tools/quic_connection_peer.h b/chromium/net/quic/test_tools/quic_connection_peer.h
index d6130e9f36a..30af9148930 100644
--- a/chromium/net/quic/test_tools/quic_connection_peer.h
+++ b/chromium/net/quic/test_tools/quic_connection_peer.h
@@ -85,6 +85,8 @@ class QuicConnectionPeer {
 
   static QuicConnectionHelperInterface* GetHelper(QuicConnection* connection);
 
+  static QuicAlarmFactory* GetAlarmFactory(QuicConnection* connection);
+
   static QuicFramer* GetFramer(QuicConnection* connection);
 
   static QuicAlarm* GetAckAlarm(QuicConnection* connection);
@@ -119,6 +121,8 @@ class QuicConnectionPeer {
                                 QuicPacketNumber number);
   static void SetAckMode(QuicConnection* connection,
                          QuicConnection::AckMode ack_mode);
+  static void SetAckDecimationDelay(QuicConnection* connection,
+                                    float ack_decimation_delay);
 
  private:
   DISALLOW_COPY_AND_ASSIGN(QuicConnectionPeer);
diff --git a/chromium/net/quic/test_tools/quic_crypto_server_config_peer.cc b/chromium/net/quic/test_tools/quic_crypto_server_config_peer.cc
new file mode 100644
index 00000000000..ed83bdd52ae
--- /dev/null
+++ b/chromium/net/quic/test_tools/quic_crypto_server_config_peer.cc
@@ -0,0 +1,206 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/quic/test_tools/quic_crypto_server_config_peer.h"
+
+#include "net/quic/test_tools/mock_clock.h"
+#include "net/quic/test_tools/mock_random.h"
+#include "net/quic/test_tools/quic_test_utils.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+using std::pair;
+using std::string;
+using std::vector;
+
+namespace net {
+namespace test {
+
+scoped_refptr<QuicCryptoServerConfig::Config>
+QuicCryptoServerConfigPeer::GetPrimaryConfig() {
+  base::AutoLock locked(server_config_->configs_lock_);
+  return scoped_refptr<QuicCryptoServerConfig::Config>(
+      server_config_->primary_config_);
+}
+
+scoped_refptr<QuicCryptoServerConfig::Config>
+QuicCryptoServerConfigPeer::GetConfig(string config_id) {
+  base::AutoLock locked(server_config_->configs_lock_);
+  if (config_id == "<primary>") {
+    return scoped_refptr<QuicCryptoServerConfig::Config>(
+        server_config_->primary_config_);
+  } else {
+    return server_config_->GetConfigWithScid(config_id);
+  }
+}
+
+string QuicCryptoServerConfigPeer::NewSourceAddressToken(
+    string config_id,
+    SourceAddressTokens previous_tokens,
+    const IPAddress& ip,
+    QuicRandom* rand,
+    QuicWallTime now,
+    CachedNetworkParameters* cached_network_params) {
+  return server_config_->NewSourceAddressToken(*GetConfig(config_id),
+                                               previous_tokens, ip, rand, now,
+                                               cached_network_params);
+}
+
+HandshakeFailureReason QuicCryptoServerConfigPeer::ValidateSourceAddressTokens(
+    string config_id,
+    StringPiece srct,
+    const IPAddress& ip,
+    QuicWallTime now,
+    CachedNetworkParameters* cached_network_params) {
+  SourceAddressTokens tokens;
+  HandshakeFailureReason reason = server_config_->ParseSourceAddressToken(
+      *GetConfig(config_id), srct, &tokens);
+  if (reason != HANDSHAKE_OK) {
+    return reason;
+  }
+
+  return server_config_->ValidateSourceAddressTokens(tokens, ip, now,
+                                                     cached_network_params);
+}
+
+HandshakeFailureReason
+QuicCryptoServerConfigPeer::ValidateSingleSourceAddressToken(
+    StringPiece token,
+    const IPAddress& ip,
+    QuicWallTime now) {
+  SourceAddressTokens tokens;
+  HandshakeFailureReason parse_status = server_config_->ParseSourceAddressToken(
+      *GetPrimaryConfig(), token, &tokens);
+  if (HANDSHAKE_OK != parse_status) {
+    return parse_status;
+  }
+  EXPECT_EQ(1, tokens.tokens_size());
+  return server_config_->ValidateSingleSourceAddressToken(tokens.tokens(0), ip,
+                                                          now);
+}
+
+string QuicCryptoServerConfigPeer::NewServerNonce(QuicRandom* rand,
+                                                  QuicWallTime now) const {
+  return server_config_->NewServerNonce(rand, now);
+}
+
+HandshakeFailureReason QuicCryptoServerConfigPeer::ValidateServerNonce(
+    StringPiece token,
+    QuicWallTime now) {
+  return server_config_->ValidateServerNonce(token, now);
+}
+
+base::Lock* QuicCryptoServerConfigPeer::GetStrikeRegisterClientLock() {
+  return &server_config_->strike_register_client_lock_;
+}
+
+void QuicCryptoServerConfigPeer::CheckConfigs(const char* server_config_id1,
+                                              ...) {
+  va_list ap;
+  va_start(ap, server_config_id1);
+
+  vector<pair<ServerConfigID, bool>> expected;
+  bool first = true;
+  for (;;) {
+    const char* server_config_id;
+    if (first) {
+      server_config_id = server_config_id1;
+      first = false;
+    } else {
+      server_config_id = va_arg(ap, const char*);
+    }
+
+    if (!server_config_id) {
+      break;
+    }
+
+    // varargs will promote the value to an int so we have to read that from
+    // the stack and cast down.
+    const bool is_primary = static_cast<bool>(va_arg(ap, int));
+    expected.push_back(std::make_pair(server_config_id, is_primary));
+  }
+
+  va_end(ap);
+
+  base::AutoLock locked(server_config_->configs_lock_);
+
+  ASSERT_EQ(expected.size(), server_config_->configs_.size()) << ConfigsDebug();
+
+  for (const pair<const ServerConfigID,
+                  scoped_refptr<QuicCryptoServerConfig::Config>>& i :
+       server_config_->configs_) {
+    bool found = false;
+    for (pair<ServerConfigID, bool>& j : expected) {
+      if (i.first == j.first && i.second->is_primary == j.second) {
+        found = true;
+        j.first.clear();
+        break;
+      }
+    }
+
+    ASSERT_TRUE(found) << "Failed to find match for " << i.first
+                       << " in configs:\n"
+                       << ConfigsDebug();
+  }
+}
+
+// ConfigsDebug returns a string that contains debugging information about
+// the set of Configs loaded in |server_config_| and their status.
+string QuicCryptoServerConfigPeer::ConfigsDebug() {
+  if (server_config_->configs_.empty()) {
+    return "No Configs in QuicCryptoServerConfig";
+  }
+
+  string s;
+
+  for (const auto& i : server_config_->configs_) {
+    const scoped_refptr<QuicCryptoServerConfig::Config> config = i.second;
+    if (config->is_primary) {
+      s += "(primary) ";
+    } else {
+      s += "          ";
+    }
+    s += config->id;
+    s += "\n";
+  }
+
+  return s;
+}
+
+void QuicCryptoServerConfigPeer::SelectNewPrimaryConfig(int seconds) {
+  base::AutoLock locked(server_config_->configs_lock_);
+  server_config_->SelectNewPrimaryConfig(
+      QuicWallTime::FromUNIXSeconds(seconds));
+}
+
+const string QuicCryptoServerConfigPeer::CompressChain(
+    QuicCompressedCertsCache* compressed_certs_cache,
+    const scoped_refptr<ProofSource::Chain>& chain,
+    const string& client_common_set_hashes,
+    const string& client_cached_cert_hashes,
+    const CommonCertSets* common_sets) {
+  return server_config_->CompressChain(compressed_certs_cache, chain,
+                                       client_common_set_hashes,
+                                       client_cached_cert_hashes, common_sets);
+}
+
+uint32_t QuicCryptoServerConfigPeer::source_address_token_future_secs() {
+  return server_config_->source_address_token_future_secs_;
+}
+
+uint32_t QuicCryptoServerConfigPeer::source_address_token_lifetime_secs() {
+  return server_config_->source_address_token_lifetime_secs_;
+}
+
+uint32_t
+QuicCryptoServerConfigPeer::server_nonce_strike_register_max_entries() {
+  return server_config_->server_nonce_strike_register_max_entries_;
+}
+
+uint32_t
+QuicCryptoServerConfigPeer::server_nonce_strike_register_window_secs() {
+  return server_config_->server_nonce_strike_register_window_secs_;
+}
+
+}  // namespace test
+}  // namespace net
diff --git a/chromium/net/quic/test_tools/quic_crypto_server_config_peer.h b/chromium/net/quic/test_tools/quic_crypto_server_config_peer.h
new file mode 100644
index 00000000000..1341a494577
--- /dev/null
+++ b/chromium/net/quic/test_tools/quic_crypto_server_config_peer.h
@@ -0,0 +1,106 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_QUIC_TEST_TOOLS_QUIC_CRYPTO_SERVER_CONFIG_PEER_H_
+#define NET_QUIC_TEST_TOOLS_QUIC_CRYPTO_SERVER_CONFIG_PEER_H_
+
+#include "net/quic/crypto/quic_crypto_server_config.h"
+
+namespace net {
+namespace test {
+
+// Peer for accessing otherwise private members of a QuicCryptoServerConfig.
+class QuicCryptoServerConfigPeer {
+ public:
+  explicit QuicCryptoServerConfigPeer(
+      const QuicCryptoServerConfig* server_config)
+      : server_config_(server_config) {}
+
+  // Returns the primary config.
+  scoped_refptr<QuicCryptoServerConfig::Config> GetPrimaryConfig();
+
+  // Returns the config associated with |config_id|.
+  scoped_refptr<QuicCryptoServerConfig::Config> GetConfig(
+      std::string config_id);
+
+  // Generates a new valid source address token.
+  std::string NewSourceAddressToken(
+      std::string config_id,
+      SourceAddressTokens previous_tokens,
+      const IPAddress& ip,
+      QuicRandom* rand,
+      QuicWallTime now,
+      CachedNetworkParameters* cached_network_params);
+
+  // Attempts to validate the tokens in |tokens|.
+  HandshakeFailureReason ValidateSourceAddressTokens(
+      std::string config_id,
+      base::StringPiece tokens,
+      const IPAddress& ip,
+      QuicWallTime now,
+      CachedNetworkParameters* cached_network_params);
+
+  // Attempts to validate the single source address token in |token|.
+  HandshakeFailureReason ValidateSingleSourceAddressToken(
+      base::StringPiece token,
+      const IPAddress& ip,
+      QuicWallTime now);
+
+  // Returns a new server nonce.
+  std::string NewServerNonce(QuicRandom* rand, QuicWallTime now) const;
+
+  // Check if |nonce| is valid |now|.
+  HandshakeFailureReason ValidateServerNonce(base::StringPiece nonce,
+                                             QuicWallTime now);
+
+  // Returns the mutex needed to access the strike register client.
+  base::Lock* GetStrikeRegisterClientLock();
+
+  // CheckConfigs compares the state of the Configs in |server_config_| to the
+  // description given as arguments. The arguments are given as
+  // nullptr-terminated std:pairs. The first of each std:pair is the server
+  // config ID of
+  // a Config. The second is a boolean describing whether the config is the
+  // primary. For example:
+  //   CheckConfigs(nullptr);  // checks that no Configs are loaded.
+  //
+  //   // Checks that exactly three Configs are loaded with the given IDs and
+  //   // status.
+  //   CheckConfigs(
+  //     "id1", false,
+  //     "id2", true,
+  //     "id3", false,
+  //     nullptr);
+  void CheckConfigs(const char* server_config_id1, ...);
+
+  // ConfigsDebug returns a std::string that contains debugging information
+  // about
+  // the set of Configs loaded in |server_config_| and their status.
+  std::string ConfigsDebug();
+
+  void SelectNewPrimaryConfig(int seconds);
+
+  const std::string CompressChain(
+      QuicCompressedCertsCache* compressed_certs_cache,
+      const scoped_refptr<ProofSource::Chain>& chain,
+      const std::string& client_common_set_hashes,
+      const std::string& client_cached_cert_hashes,
+      const CommonCertSets* common_sets);
+
+  uint32_t source_address_token_future_secs();
+
+  uint32_t source_address_token_lifetime_secs();
+
+  uint32_t server_nonce_strike_register_max_entries();
+
+  uint32_t server_nonce_strike_register_window_secs();
+
+ private:
+  const QuicCryptoServerConfig* server_config_;
+};
+
+}  // namespace test
+}  // namespace net
+
+#endif  // NET_QUIC_TEST_TOOLS_QUIC_CRYPTO_SERVER_CONFIG_PEER_H_
diff --git a/chromium/net/quic/test_tools/quic_packet_creator_peer.cc b/chromium/net/quic/test_tools/quic_packet_creator_peer.cc
index 83b783c4d38..90821dd194c 100644
--- a/chromium/net/quic/test_tools/quic_packet_creator_peer.cc
+++ b/chromium/net/quic/test_tools/quic_packet_creator_peer.cc
@@ -70,14 +70,14 @@ void QuicPacketCreatorPeer::FillPacketHeader(QuicPacketCreator* creator,
 }
 
 // static
-size_t QuicPacketCreatorPeer::CreateStreamFrame(QuicPacketCreator* creator,
-                                                QuicStreamId id,
-                                                QuicIOVector iov,
-                                                size_t iov_offset,
-                                                QuicStreamOffset offset,
-                                                bool fin,
-                                                QuicFrame* frame) {
-  return creator->CreateStreamFrame(id, iov, iov_offset, offset, fin, frame);
+void QuicPacketCreatorPeer::CreateStreamFrame(QuicPacketCreator* creator,
+                                              QuicStreamId id,
+                                              QuicIOVector iov,
+                                              size_t iov_offset,
+                                              QuicStreamOffset offset,
+                                              bool fin,
+                                              QuicFrame* frame) {
+  creator->CreateStreamFrame(id, iov, iov_offset, offset, fin, frame);
 }
 
 // static
diff --git a/chromium/net/quic/test_tools/quic_packet_creator_peer.h b/chromium/net/quic/test_tools/quic_packet_creator_peer.h
index 6849c1f1bd1..7c56c456f39 100644
--- a/chromium/net/quic/test_tools/quic_packet_creator_peer.h
+++ b/chromium/net/quic/test_tools/quic_packet_creator_peer.h
@@ -37,13 +37,13 @@ class QuicPacketCreatorPeer {
   static void SetPacketNumber(QuicPacketCreator* creator, QuicPacketNumber s);
   static void FillPacketHeader(QuicPacketCreator* creator,
                                QuicPacketHeader* header);
-  static size_t CreateStreamFrame(QuicPacketCreator* creator,
-                                  QuicStreamId id,
-                                  QuicIOVector iov,
-                                  size_t iov_offset,
-                                  QuicStreamOffset offset,
-                                  bool fin,
-                                  QuicFrame* frame);
+  static void CreateStreamFrame(QuicPacketCreator* creator,
+                                QuicStreamId id,
+                                QuicIOVector iov,
+                                size_t iov_offset,
+                                QuicStreamOffset offset,
+                                bool fin,
+                                QuicFrame* frame);
   static SerializedPacket SerializeAllFrames(QuicPacketCreator* creator,
                                              const QuicFrames& frames,
                                              char* buffer,
diff --git a/chromium/net/quic/test_tools/quic_sent_packet_manager_peer.cc b/chromium/net/quic/test_tools/quic_sent_packet_manager_peer.cc
index 8e6ec36c9b9..ed5e554b600 100644
--- a/chromium/net/quic/test_tools/quic_sent_packet_manager_peer.cc
+++ b/chromium/net/quic/test_tools/quic_sent_packet_manager_peer.cc
@@ -40,6 +40,12 @@ bool QuicSentPacketManagerPeer::GetUseNewRto(
 }
 
 // static
+bool QuicSentPacketManagerPeer::GetUndoRetransmits(
+    QuicSentPacketManager* sent_packet_manager) {
+  return sent_packet_manager->undo_pending_retransmits_;
+}
+
+// static
 QuicByteCount QuicSentPacketManagerPeer::GetReceiveWindow(
     QuicSentPacketManager* sent_packet_manager) {
   return sent_packet_manager->receive_buffer_bytes_;
@@ -79,12 +85,6 @@ void QuicSentPacketManagerPeer::SetLossAlgorithm(
 }
 
 // static
-RttStats* QuicSentPacketManagerPeer::GetRttStats(
-    QuicSentPacketManager* sent_packet_manager) {
-  return &sent_packet_manager->rtt_stats_;
-}
-
-// static
 bool QuicSentPacketManagerPeer::HasPendingPackets(
     const QuicSentPacketManager* sent_packet_manager) {
   return sent_packet_manager->unacked_packets_.HasInFlightPackets();
diff --git a/chromium/net/quic/test_tools/quic_sent_packet_manager_peer.h b/chromium/net/quic/test_tools/quic_sent_packet_manager_peer.h
index 9fbbd28e231..392e986f13a 100644
--- a/chromium/net/quic/test_tools/quic_sent_packet_manager_peer.h
+++ b/chromium/net/quic/test_tools/quic_sent_packet_manager_peer.h
@@ -30,6 +30,8 @@ class QuicSentPacketManagerPeer {
 
   static bool GetUseNewRto(QuicSentPacketManager* sent_packet_manager);
 
+  static bool GetUndoRetransmits(QuicSentPacketManager* sent_packet_manager);
+
   static QuicByteCount GetReceiveWindow(
       QuicSentPacketManager* sent_packet_manager);
 
@@ -48,8 +50,6 @@ class QuicSentPacketManagerPeer {
   static void SetLossAlgorithm(QuicSentPacketManager* sent_packet_manager,
                                LossDetectionInterface* loss_detector);
 
-  static RttStats* GetRttStats(QuicSentPacketManager* sent_packet_manager);
-
   static bool HasPendingPackets(
       const QuicSentPacketManager* sent_packet_manager);
 
diff --git a/chromium/net/quic/test_tools/quic_session_peer.cc b/chromium/net/quic/test_tools/quic_session_peer.cc
index a2d624777a9..14c14755297 100644
--- a/chromium/net/quic/test_tools/quic_session_peer.cc
+++ b/chromium/net/quic/test_tools/quic_session_peer.cc
@@ -72,6 +72,12 @@ std::unordered_set<QuicStreamId>* QuicSessionPeer::GetDrainingStreams(
 }
 
 // static
+void QuicSessionPeer::ActivateStream(QuicSession* session,
+                                     ReliableQuicStream* stream) {
+  return session->ActivateStream(stream);
+}
+
+// static
 bool QuicSessionPeer::IsStreamClosed(QuicSession* session, QuicStreamId id) {
   DCHECK_NE(0u, id);
   return session->IsClosedStream(id);
diff --git a/chromium/net/quic/test_tools/quic_session_peer.h b/chromium/net/quic/test_tools/quic_session_peer.h
index d621dfef950..19dd88d6467 100644
--- a/chromium/net/quic/test_tools/quic_session_peer.h
+++ b/chromium/net/quic/test_tools/quic_session_peer.h
@@ -41,6 +41,7 @@ class QuicSessionPeer {
   static QuicSession::StreamMap& static_streams(QuicSession* session);
   static std::unordered_set<QuicStreamId>* GetDrainingStreams(
       QuicSession* session);
+  static void ActivateStream(QuicSession* session, ReliableQuicStream* stream);
 
   // Discern the state of a stream.  Exactly one of these should be true at a
   // time for any stream id > 0 (other than the special streams 1 and 3).
diff --git a/chromium/net/quic/test_tools/quic_stream_factory_peer.cc b/chromium/net/quic/test_tools/quic_stream_factory_peer.cc
index bcb7ba7a364..0d58f20a63b 100644
--- a/chromium/net/quic/test_tools/quic_stream_factory_peer.cc
+++ b/chromium/net/quic/test_tools/quic_stream_factory_peer.cc
@@ -40,7 +40,7 @@ QuicChromiumClientSession* QuicStreamFactoryPeer::GetActiveSession(
   return factory->active_sessions_[server_id];
 }
 
-scoped_ptr<QuicHttpStream> QuicStreamFactoryPeer::CreateFromSession(
+std::unique_ptr<QuicHttpStream> QuicStreamFactoryPeer::CreateFromSession(
     QuicStreamFactory* factory,
     QuicChromiumClientSession* session) {
   return factory->CreateFromSession(session);
diff --git a/chromium/net/quic/test_tools/quic_stream_factory_peer.h b/chromium/net/quic/test_tools/quic_stream_factory_peer.h
index c2d299322ce..e0d85a34c64 100644
--- a/chromium/net/quic/test_tools/quic_stream_factory_peer.h
+++ b/chromium/net/quic/test_tools/quic_stream_factory_peer.h
@@ -40,7 +40,7 @@ class QuicStreamFactoryPeer {
       QuicStreamFactory* factory,
       const HostPortPair& host_port_pair);
 
-  static scoped_ptr<QuicHttpStream> CreateFromSession(
+  static std::unique_ptr<QuicHttpStream> CreateFromSession(
       QuicStreamFactory* factory,
       QuicChromiumClientSession* session);
 
diff --git a/chromium/net/quic/test_tools/quic_test_packet_maker.cc b/chromium/net/quic/test_tools/quic_test_packet_maker.cc
index 67e0ffa91fd..08aca3aac2a 100644
--- a/chromium/net/quic/test_tools/quic_test_packet_maker.cc
+++ b/chromium/net/quic/test_tools/quic_test_packet_maker.cc
@@ -5,7 +5,9 @@
 #include "net/quic/test_tools/quic_test_packet_maker.h"
 
 #include <list>
+#include <memory>
 
+#include "base/memory/ptr_util.h"
 #include "net/quic/quic_framer.h"
 #include "net/quic/quic_http_utils.h"
 #include "net/quic/quic_utils.h"
@@ -19,13 +21,15 @@ namespace test {
 QuicTestPacketMaker::QuicTestPacketMaker(QuicVersion version,
                                          QuicConnectionId connection_id,
                                          MockClock* clock,
-                                         const std::string& host)
+                                         const std::string& host,
+                                         Perspective perspective)
     : version_(version),
       connection_id_(connection_id),
       clock_(clock),
       host_(host),
       spdy_request_framer_(HTTP2),
-      spdy_response_framer_(HTTP2) {}
+      spdy_response_framer_(HTTP2),
+      perspective_(perspective) {}
 
 QuicTestPacketMaker::~QuicTestPacketMaker() {}
 
@@ -33,7 +37,7 @@ void QuicTestPacketMaker::set_hostname(const std::string& host) {
   host_.assign(host);
 }
 
-scoped_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakePingPacket(
+std::unique_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakePingPacket(
     QuicPacketNumber num,
     bool include_version) {
   QuicPacketHeader header;
@@ -47,10 +51,11 @@ scoped_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakePingPacket(
   header.fec_group = 0;
 
   QuicPingFrame ping;
-  return scoped_ptr<QuicReceivedPacket>(MakePacket(header, QuicFrame(ping)));
+  return std::unique_ptr<QuicReceivedPacket>(
+      MakePacket(header, QuicFrame(ping)));
 }
 
-scoped_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeRstPacket(
+std::unique_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeRstPacket(
     QuicPacketNumber num,
     bool include_version,
     QuicStreamId stream_id,
@@ -58,7 +63,7 @@ scoped_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeRstPacket(
   return MakeRstPacket(num, include_version, stream_id, error_code, 0);
 }
 
-scoped_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeRstPacket(
+std::unique_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeRstPacket(
     QuicPacketNumber num,
     bool include_version,
     QuicStreamId stream_id,
@@ -76,10 +81,11 @@ scoped_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeRstPacket(
 
   QuicRstStreamFrame rst(stream_id, error_code, bytes_written);
   DVLOG(1) << "Adding frame: " << QuicFrame(&rst);
-  return scoped_ptr<QuicReceivedPacket>(MakePacket(header, QuicFrame(&rst)));
+  return std::unique_ptr<QuicReceivedPacket>(
+      MakePacket(header, QuicFrame(&rst)));
 }
 
-scoped_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeAckAndRstPacket(
+std::unique_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeAckAndRstPacket(
     QuicPacketNumber num,
     bool include_version,
     QuicStreamId stream_id,
@@ -103,6 +109,10 @@ scoped_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeAckAndRstPacket(
   for (QuicPacketNumber i = ack_least_unacked; i <= largest_received; ++i) {
     ack.received_packet_times.push_back(make_pair(i, clock_->Now()));
   }
+  if (largest_received > 0 && version_ > QUIC_VERSION_33) {
+    ack.missing = false;
+    ack.packets.Add(1, largest_received + 1);
+  }
   QuicFrames frames;
   frames.push_back(QuicFrame(&ack));
   DVLOG(1) << "Adding frame: " << frames[0];
@@ -116,9 +126,8 @@ scoped_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeAckAndRstPacket(
   frames.push_back(QuicFrame(&rst));
   DVLOG(1) << "Adding frame: " << frames[2];
 
-  QuicFramer framer(SupportedVersions(version_), clock_->Now(),
-                    Perspective::IS_CLIENT);
-  scoped_ptr<QuicPacket> packet(
+  QuicFramer framer(SupportedVersions(version_), clock_->Now(), perspective_);
+  std::unique_ptr<QuicPacket> packet(
       BuildUnsizedDataPacket(&framer, header, frames));
   char buffer[kMaxPacketSize];
   size_t encrypted_size = framer.EncryptPayload(ENCRYPTION_NONE, /*path_id=*/0u,
@@ -126,10 +135,10 @@ scoped_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeAckAndRstPacket(
                                                 buffer, kMaxPacketSize);
   EXPECT_NE(0u, encrypted_size);
   QuicReceivedPacket encrypted(buffer, encrypted_size, QuicTime::Zero(), false);
-  return scoped_ptr<QuicReceivedPacket>(encrypted.Clone());
+  return std::unique_ptr<QuicReceivedPacket>(encrypted.Clone());
 }
 
-scoped_ptr<QuicReceivedPacket>
+std::unique_ptr<QuicReceivedPacket>
 QuicTestPacketMaker::MakeAckAndConnectionClosePacket(
     QuicPacketNumber num,
     bool include_version,
@@ -137,7 +146,7 @@ QuicTestPacketMaker::MakeAckAndConnectionClosePacket(
     QuicPacketNumber largest_received,
     QuicPacketNumber least_unacked,
     QuicErrorCode quic_error,
-    std::string& quic_error_details) {
+    const std::string& quic_error_details) {
   QuicPacketHeader header;
   header.public_header.connection_id = connection_id_;
   header.public_header.reset_flag = false;
@@ -153,6 +162,10 @@ QuicTestPacketMaker::MakeAckAndConnectionClosePacket(
   for (QuicPacketNumber i = least_unacked; i <= largest_received; ++i) {
     ack.received_packet_times.push_back(make_pair(i, clock_->Now()));
   }
+  if (largest_received > 0 && version_ > QUIC_VERSION_33) {
+    ack.missing = false;
+    ack.packets.Add(1, largest_received + 1);
+  }
   QuicFrames frames;
   frames.push_back(QuicFrame(&ack));
   DVLOG(1) << "Adding frame: " << frames[0];
@@ -169,9 +182,8 @@ QuicTestPacketMaker::MakeAckAndConnectionClosePacket(
   frames.push_back(QuicFrame(&close));
   DVLOG(1) << "Adding frame: " << frames[2];
 
-  QuicFramer framer(SupportedVersions(version_), clock_->Now(),
-                    Perspective::IS_CLIENT);
-  scoped_ptr<QuicPacket> packet(
+  QuicFramer framer(SupportedVersions(version_), clock_->Now(), perspective_);
+  std::unique_ptr<QuicPacket> packet(
       BuildUnsizedDataPacket(&framer, header, frames));
   char buffer[kMaxPacketSize];
   size_t encrypted_size = framer.EncryptPayload(ENCRYPTION_NONE, /*path_id=*/0u,
@@ -179,11 +191,11 @@ QuicTestPacketMaker::MakeAckAndConnectionClosePacket(
                                                 buffer, kMaxPacketSize);
   EXPECT_NE(0u, encrypted_size);
   QuicReceivedPacket encrypted(buffer, encrypted_size, clock_->Now(), false);
-  return scoped_ptr<QuicReceivedPacket>(encrypted.Clone());
+  return std::unique_ptr<QuicReceivedPacket>(encrypted.Clone());
 }
 
-scoped_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeConnectionClosePacket(
-    QuicPacketNumber num) {
+std::unique_ptr<QuicReceivedPacket>
+QuicTestPacketMaker::MakeConnectionClosePacket(QuicPacketNumber num) {
   QuicPacketHeader header;
   header.public_header.connection_id = connection_id_;
   header.public_header.reset_flag = false;
@@ -197,10 +209,11 @@ scoped_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeConnectionClosePacket(
   QuicConnectionCloseFrame close;
   close.error_code = QUIC_CRYPTO_VERSION_NOT_SUPPORTED;
   close.error_details = "Time to panic!";
-  return scoped_ptr<QuicReceivedPacket>(MakePacket(header, QuicFrame(&close)));
+  return std::unique_ptr<QuicReceivedPacket>(
+      MakePacket(header, QuicFrame(&close)));
 }
 
-scoped_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeGoAwayPacket(
+std::unique_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeGoAwayPacket(
     QuicPacketNumber num,
     QuicErrorCode error_code,
     std::string reason_phrase) {
@@ -218,12 +231,13 @@ scoped_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeGoAwayPacket(
   goaway.error_code = error_code;
   goaway.last_good_stream_id = 0;
   goaway.reason_phrase = reason_phrase;
-  return scoped_ptr<QuicReceivedPacket>(MakePacket(header, QuicFrame(&goaway)));
+  return std::unique_ptr<QuicReceivedPacket>(
+      MakePacket(header, QuicFrame(&goaway)));
 }
 
 // Sets both least_unacked fields in stop waiting frame and ack frame
 // to be |least_unacked|.
-scoped_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeAckPacket(
+std::unique_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeAckPacket(
     QuicPacketNumber packet_number,
     QuicPacketNumber largest_received,
     QuicPacketNumber least_unacked,
@@ -232,7 +246,7 @@ scoped_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeAckPacket(
                        least_unacked, send_feedback);
 }
 
-scoped_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeAckPacket(
+std::unique_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeAckPacket(
     QuicPacketNumber packet_number,
     QuicPacketNumber largest_received,
     QuicPacketNumber ack_least_unacked,
@@ -253,9 +267,12 @@ scoped_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeAckPacket(
   for (QuicPacketNumber i = ack_least_unacked; i <= largest_received; ++i) {
     ack.received_packet_times.push_back(make_pair(i, clock_->Now()));
   }
+  if (largest_received > 0 && version_ > QUIC_VERSION_33) {
+    ack.missing = false;
+    ack.packets.Add(1, largest_received + 1);
+  }
 
-  QuicFramer framer(SupportedVersions(version_), clock_->Now(),
-                    Perspective::IS_CLIENT);
+  QuicFramer framer(SupportedVersions(version_), clock_->Now(), perspective_);
   QuicFrames frames;
   frames.push_back(QuicFrame(&ack));
 
@@ -263,7 +280,7 @@ scoped_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeAckPacket(
   stop_waiting.least_unacked = stop_least_unacked;
   frames.push_back(QuicFrame(&stop_waiting));
 
-  scoped_ptr<QuicPacket> packet(
+  std::unique_ptr<QuicPacket> packet(
       BuildUnsizedDataPacket(&framer, header, frames));
   char buffer[kMaxPacketSize];
   size_t encrypted_size = framer.EncryptPayload(ENCRYPTION_NONE, /*path_id=*/0u,
@@ -271,11 +288,11 @@ scoped_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeAckPacket(
                                                 buffer, kMaxPacketSize);
   EXPECT_NE(0u, encrypted_size);
   QuicReceivedPacket encrypted(buffer, encrypted_size, clock_->Now(), false);
-  return scoped_ptr<QuicReceivedPacket>(encrypted.Clone());
+  return std::unique_ptr<QuicReceivedPacket>(encrypted.Clone());
 }
 
 // Returns a newly created packet to send kData on stream 1.
-scoped_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeDataPacket(
+std::unique_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeDataPacket(
     QuicPacketNumber packet_number,
     QuicStreamId stream_id,
     bool should_include_version,
@@ -287,7 +304,34 @@ scoped_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeDataPacket(
   return MakePacket(header_, QuicFrame(&frame));
 }
 
-scoped_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeAckAndDataPacket(
+std::unique_ptr<QuicReceivedPacket>
+QuicTestPacketMaker::MakeMultipleDataFramesPacket(
+    QuicPacketNumber packet_number,
+    QuicStreamId stream_id,
+    bool should_include_version,
+    bool fin,
+    QuicStreamOffset offset,
+    const std::vector<std::string>& data_writes) {
+  InitializeHeader(packet_number, should_include_version);
+  QuicFrames data_frames;
+  // QuicFrame takes a raw pointer. Use a std::vector here so we keep
+  // StreamFrames alive until MakeMultipleFramesPacket is done.
+  std::vector<std::unique_ptr<QuicStreamFrame>> stream_frames;
+  for (size_t i = 0; i < data_writes.size(); ++i) {
+    bool is_fin = fin && (i == data_writes.size() - 1);
+    stream_frames.push_back(base::WrapUnique(new QuicStreamFrame(
+        stream_id, is_fin, offset, base::StringPiece(data_writes[i]))));
+    offset += data_writes[i].length();
+  }
+  for (const auto& stream_frame : stream_frames) {
+    QuicFrame quic_frame(stream_frame.get());
+    DVLOG(1) << "Adding frame: " << quic_frame;
+    data_frames.push_back(quic_frame);
+  }
+  return MakeMultipleFramesPacket(header_, data_frames);
+}
+
+std::unique_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeAckAndDataPacket(
     QuicPacketNumber packet_number,
     bool include_version,
     QuicStreamId stream_id,
@@ -303,6 +347,10 @@ scoped_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeAckAndDataPacket(
   for (QuicPacketNumber i = least_unacked; i <= largest_received; ++i) {
     ack.received_packet_times.push_back(make_pair(i, clock_->Now()));
   }
+  if (largest_received > 0 && version_ > QUIC_VERSION_33) {
+    ack.missing = false;
+    ack.packets.Add(1, largest_received + 1);
+  }
   QuicFrames frames;
   frames.push_back(QuicFrame(&ack));
 
@@ -316,30 +364,85 @@ scoped_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeAckAndDataPacket(
   return MakeMultipleFramesPacket(header_, frames);
 }
 
-scoped_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeRequestHeadersPacket(
+std::unique_ptr<QuicReceivedPacket>
+QuicTestPacketMaker::MakeRequestHeadersAndMultipleDataFramesPacket(
     QuicPacketNumber packet_number,
     QuicStreamId stream_id,
     bool should_include_version,
     bool fin,
     SpdyPriority priority,
     const SpdyHeaderBlock& headers,
-    size_t* spdy_headers_frame_length) {
-  return MakeRequestHeadersPacket(packet_number, stream_id,
-                                  should_include_version, fin, priority,
-                                  headers, spdy_headers_frame_length, nullptr);
+    size_t* spdy_headers_frame_length,
+    const std::vector<std::string>& data_writes) {
+  InitializeHeader(packet_number, should_include_version);
+  SpdySerializedFrame spdy_frame;
+  if (spdy_request_framer_.protocol_version() == SPDY3) {
+    SpdySynStreamIR syn_stream(stream_id);
+    syn_stream.set_header_block(headers);
+    syn_stream.set_fin(fin);
+    syn_stream.set_priority(priority);
+    spdy_frame = spdy_request_framer_.SerializeSynStream(syn_stream);
+  } else {
+    SpdyHeadersIR headers_frame(stream_id);
+    headers_frame.set_header_block(headers);
+    headers_frame.set_fin(fin);
+    headers_frame.set_priority(priority);
+    headers_frame.set_has_priority(true);
+    spdy_frame = spdy_request_framer_.SerializeFrame(headers_frame);
+  }
+  if (spdy_headers_frame_length) {
+    *spdy_headers_frame_length = spdy_frame.size();
+  }
+  QuicStreamFrame frame(
+      kHeadersStreamId, false, 0,
+      base::StringPiece(spdy_frame.data(), spdy_frame.size()));
+
+  QuicFrames frames;
+  frames.push_back(QuicFrame(&frame));
+
+  QuicStreamOffset offset = 0;
+  // QuicFrame takes a raw pointer. Use a std::vector here so we keep
+  // StreamFrames alive until MakeMultipleFramesPacket is done.
+  std::vector<std::unique_ptr<QuicStreamFrame>> stream_frames;
+  for (size_t i = 0; i < data_writes.size(); ++i) {
+    bool is_fin = fin && (i == data_writes.size() - 1);
+    stream_frames.push_back(base::WrapUnique(new QuicStreamFrame(
+        stream_id, is_fin, offset, base::StringPiece(data_writes[i]))));
+    offset += data_writes[i].length();
+  }
+  for (const auto& stream_frame : stream_frames) {
+    QuicFrame quic_frame(stream_frame.get());
+    DVLOG(1) << "Adding frame: " << quic_frame;
+    frames.push_back(quic_frame);
+  }
+  return MakeMultipleFramesPacket(header_, frames);
 }
 
-// If |offset| is provided, will use the value when creating the packet.
-// Will also update the value after packet creation.
-scoped_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeRequestHeadersPacket(
+std::unique_ptr<QuicReceivedPacket>
+QuicTestPacketMaker::MakeRequestHeadersPacket(
     QuicPacketNumber packet_number,
     QuicStreamId stream_id,
     bool should_include_version,
     bool fin,
     SpdyPriority priority,
     const SpdyHeaderBlock& headers,
-    size_t* spdy_headers_frame_length,
-    QuicStreamOffset* offset) {
+    size_t* spdy_headers_frame_length) {
+  return MakeRequestHeadersPacket(packet_number, stream_id,
+                                  should_include_version, fin, priority,
+                                  headers, spdy_headers_frame_length, nullptr);
+}
+
+// If |offset| is provided, will use the value when creating the packet.
+// Will also update the value after packet creation.
+std::unique_ptr<QuicReceivedPacket>
+QuicTestPacketMaker::MakeRequestHeadersPacket(QuicPacketNumber packet_number,
+                                              QuicStreamId stream_id,
+                                              bool should_include_version,
+                                              bool fin,
+                                              SpdyPriority priority,
+                                              const SpdyHeaderBlock& headers,
+                                              size_t* spdy_headers_frame_length,
+                                              QuicStreamOffset* offset) {
   InitializeHeader(packet_number, should_include_version);
   SpdySerializedFrame spdy_frame;
   if (spdy_request_framer_.protocol_version() == SPDY3) {
@@ -376,7 +479,7 @@ scoped_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeRequestHeadersPacket(
 
 // Convenience method for calling MakeRequestHeadersPacket with nullptr for
 // |spdy_headers_frame_length|.
-scoped_ptr<QuicReceivedPacket>
+std::unique_ptr<QuicReceivedPacket>
 QuicTestPacketMaker::MakeRequestHeadersPacketWithOffsetTracking(
     QuicPacketNumber packet_number,
     QuicStreamId stream_id,
@@ -392,7 +495,8 @@ QuicTestPacketMaker::MakeRequestHeadersPacketWithOffsetTracking(
 
 // If |offset| is provided, will use the value when creating the packet.
 // Will also update the value after packet creation.
-scoped_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeResponseHeadersPacket(
+std::unique_ptr<QuicReceivedPacket>
+QuicTestPacketMaker::MakeResponseHeadersPacket(
     QuicPacketNumber packet_number,
     QuicStreamId stream_id,
     bool should_include_version,
@@ -430,7 +534,8 @@ scoped_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeResponseHeadersPacket(
   }
 }
 
-scoped_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeResponseHeadersPacket(
+std::unique_ptr<QuicReceivedPacket>
+QuicTestPacketMaker::MakeResponseHeadersPacket(
     QuicPacketNumber packet_number,
     QuicStreamId stream_id,
     bool should_include_version,
@@ -444,7 +549,7 @@ scoped_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeResponseHeadersPacket(
 
 // Convenience method for calling MakeResponseHeadersPacket with nullptr for
 // |spdy_headers_frame_length|.
-scoped_ptr<QuicReceivedPacket>
+std::unique_ptr<QuicReceivedPacket>
 QuicTestPacketMaker::MakeResponseHeadersPacketWithOffsetTracking(
     QuicPacketNumber packet_number,
     QuicStreamId stream_id,
@@ -487,7 +592,7 @@ SpdyHeaderBlock QuicTestPacketMaker::GetResponseHeaders(
   return headers;
 }
 
-scoped_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakePacket(
+std::unique_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakePacket(
     const QuicPacketHeader& header,
     const QuicFrame& frame) {
   QuicFrames frames;
@@ -495,12 +600,11 @@ scoped_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakePacket(
   return MakeMultipleFramesPacket(header, frames);
 }
 
-scoped_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeMultipleFramesPacket(
-    const QuicPacketHeader& header,
-    const QuicFrames& frames) {
-  QuicFramer framer(SupportedVersions(version_), clock_->Now(),
-                    Perspective::IS_CLIENT);
-  scoped_ptr<QuicPacket> packet(
+std::unique_ptr<QuicReceivedPacket>
+QuicTestPacketMaker::MakeMultipleFramesPacket(const QuicPacketHeader& header,
+                                              const QuicFrames& frames) {
+  QuicFramer framer(SupportedVersions(version_), clock_->Now(), perspective_);
+  std::unique_ptr<QuicPacket> packet(
       BuildUnsizedDataPacket(&framer, header, frames));
   char buffer[kMaxPacketSize];
   size_t encrypted_size = framer.EncryptPayload(ENCRYPTION_NONE, /*path_id=*/0u,
@@ -508,7 +612,7 @@ scoped_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeMultipleFramesPacket(
                                                 buffer, kMaxPacketSize);
   EXPECT_NE(0u, encrypted_size);
   QuicReceivedPacket encrypted(buffer, encrypted_size, clock_->Now(), false);
-  return scoped_ptr<QuicReceivedPacket>(encrypted.Clone());
+  return std::unique_ptr<QuicReceivedPacket>(encrypted.Clone());
 }
 
 void QuicTestPacketMaker::InitializeHeader(QuicPacketNumber packet_number,
diff --git a/chromium/net/quic/test_tools/quic_test_packet_maker.h b/chromium/net/quic/test_tools/quic_test_packet_maker.h
index 3574ab7185c..34f8915107f 100644
--- a/chromium/net/quic/test_tools/quic_test_packet_maker.h
+++ b/chromium/net/quic/test_tools/quic_test_packet_maker.h
@@ -9,8 +9,9 @@
 
 #include <stddef.h>
 
+#include <memory>
+
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/request_priority.h"
 #include "net/quic/quic_protocol.h"
 #include "net/quic/test_tools/mock_clock.h"
@@ -26,26 +27,27 @@ class QuicTestPacketMaker {
   QuicTestPacketMaker(QuicVersion version,
                       QuicConnectionId connection_id,
                       MockClock* clock,
-                      const std::string& host);
+                      const std::string& host,
+                      Perspective perspective);
   ~QuicTestPacketMaker();
 
   void set_hostname(const std::string& host);
-  scoped_ptr<QuicReceivedPacket> MakePingPacket(QuicPacketNumber num,
-                                                bool include_version);
-  scoped_ptr<QuicReceivedPacket> MakeRstPacket(
+  std::unique_ptr<QuicReceivedPacket> MakePingPacket(QuicPacketNumber num,
+                                                     bool include_version);
+  std::unique_ptr<QuicReceivedPacket> MakeRstPacket(
       QuicPacketNumber num,
       bool include_version,
       QuicStreamId stream_id,
       QuicRstStreamErrorCode error_code);
 
-  scoped_ptr<QuicReceivedPacket> MakeRstPacket(
+  std::unique_ptr<QuicReceivedPacket> MakeRstPacket(
       QuicPacketNumber num,
       bool include_version,
       QuicStreamId stream_id,
       QuicRstStreamErrorCode error_code,
       size_t bytes_written);
 
-  scoped_ptr<QuicReceivedPacket> MakeAckAndRstPacket(
+  std::unique_ptr<QuicReceivedPacket> MakeAckAndRstPacket(
       QuicPacketNumber num,
       bool include_version,
       QuicStreamId stream_id,
@@ -54,37 +56,46 @@ class QuicTestPacketMaker {
       QuicPacketNumber ack_least_unacked,
       QuicPacketNumber stop_least_unacked,
       bool send_feedback);
-  scoped_ptr<QuicReceivedPacket> MakeAckAndConnectionClosePacket(
+  std::unique_ptr<QuicReceivedPacket> MakeAckAndConnectionClosePacket(
       QuicPacketNumber num,
       bool include_version,
       QuicTime::Delta delta_time_largest_observed,
       QuicPacketNumber largest_received,
       QuicPacketNumber least_unacked,
       QuicErrorCode quic_error,
-      std::string& quic_error_details);
-  scoped_ptr<QuicReceivedPacket> MakeConnectionClosePacket(
+      const std::string& quic_error_details);
+  std::unique_ptr<QuicReceivedPacket> MakeConnectionClosePacket(
       QuicPacketNumber num);
-  scoped_ptr<QuicReceivedPacket> MakeGoAwayPacket(QuicPacketNumber num,
-                                                  QuicErrorCode error_code,
-                                                  std::string reason_phrase);
-  scoped_ptr<QuicReceivedPacket> MakeAckPacket(
+  std::unique_ptr<QuicReceivedPacket> MakeGoAwayPacket(
+      QuicPacketNumber num,
+      QuicErrorCode error_code,
+      std::string reason_phrase);
+  std::unique_ptr<QuicReceivedPacket> MakeAckPacket(
       QuicPacketNumber packet_number,
       QuicPacketNumber largest_received,
       QuicPacketNumber least_unacked,
       bool send_feedback);
-  scoped_ptr<QuicReceivedPacket> MakeAckPacket(
+  std::unique_ptr<QuicReceivedPacket> MakeAckPacket(
       QuicPacketNumber packet_number,
       QuicPacketNumber largest_received,
       QuicPacketNumber ack_least_unacked,
       QuicPacketNumber stop_least_unacked,
       bool send_feedback);
-  scoped_ptr<QuicReceivedPacket> MakeDataPacket(QuicPacketNumber packet_number,
-                                                QuicStreamId stream_id,
-                                                bool should_include_version,
-                                                bool fin,
-                                                QuicStreamOffset offset,
-                                                base::StringPiece data);
-  scoped_ptr<QuicReceivedPacket> MakeAckAndDataPacket(
+  std::unique_ptr<QuicReceivedPacket> MakeDataPacket(
+      QuicPacketNumber packet_number,
+      QuicStreamId stream_id,
+      bool should_include_version,
+      bool fin,
+      QuicStreamOffset offset,
+      base::StringPiece data);
+  std::unique_ptr<QuicReceivedPacket> MakeMultipleDataFramesPacket(
+      QuicPacketNumber packet_number,
+      QuicStreamId stream_id,
+      bool should_include_version,
+      bool fin,
+      QuicStreamOffset offset,
+      const std::vector<std::string>& data_writes);
+  std::unique_ptr<QuicReceivedPacket> MakeAckAndDataPacket(
       QuicPacketNumber packet_number,
       bool include_version,
       QuicStreamId stream_id,
@@ -94,41 +105,52 @@ class QuicTestPacketMaker {
       QuicStreamOffset offset,
       base::StringPiece data);
 
-  // If |spdy_headers_frame_length| is non-null, it will be set to the size of
-  // the SPDY headers frame created for this packet.
-  scoped_ptr<QuicReceivedPacket> MakeRequestHeadersPacket(
+  std::unique_ptr<QuicReceivedPacket>
+  MakeRequestHeadersAndMultipleDataFramesPacket(
       QuicPacketNumber packet_number,
       QuicStreamId stream_id,
       bool should_include_version,
       bool fin,
       SpdyPriority priority,
       const SpdyHeaderBlock& headers,
-      size_t* spdy_headers_frame_length);
+      size_t* spdy_headers_frame_length,
+      const std::vector<std::string>& data_writes);
 
-  scoped_ptr<QuicReceivedPacket> MakeRequestHeadersPacket(
+  // If |spdy_headers_frame_length| is non-null, it will be set to the size of
+  // the SPDY headers frame created for this packet.
+  std::unique_ptr<QuicReceivedPacket> MakeRequestHeadersPacket(
       QuicPacketNumber packet_number,
       QuicStreamId stream_id,
       bool should_include_version,
       bool fin,
       SpdyPriority priority,
       const SpdyHeaderBlock& headers,
-      size_t* spdy_headers_frame_length,
-      QuicStreamOffset* offset);
+      size_t* spdy_headers_frame_length);
 
-  // Convenience method for calling MakeRequestHeadersPacket with nullptr for
-  // |spdy_headers_frame_length|.
-  scoped_ptr<QuicReceivedPacket> MakeRequestHeadersPacketWithOffsetTracking(
+  std::unique_ptr<QuicReceivedPacket> MakeRequestHeadersPacket(
       QuicPacketNumber packet_number,
       QuicStreamId stream_id,
       bool should_include_version,
       bool fin,
       SpdyPriority priority,
       const SpdyHeaderBlock& headers,
+      size_t* spdy_headers_frame_length,
       QuicStreamOffset* offset);
 
+  // Convenience method for calling MakeRequestHeadersPacket with nullptr for
+  // |spdy_headers_frame_length|.
+  std::unique_ptr<QuicReceivedPacket>
+  MakeRequestHeadersPacketWithOffsetTracking(QuicPacketNumber packet_number,
+                                             QuicStreamId stream_id,
+                                             bool should_include_version,
+                                             bool fin,
+                                             SpdyPriority priority,
+                                             const SpdyHeaderBlock& headers,
+                                             QuicStreamOffset* offset);
+
   // If |spdy_headers_frame_length| is non-null, it will be set to the size of
   // the SPDY headers frame created for this packet.
-  scoped_ptr<QuicReceivedPacket> MakeResponseHeadersPacket(
+  std::unique_ptr<QuicReceivedPacket> MakeResponseHeadersPacket(
       QuicPacketNumber packet_number,
       QuicStreamId stream_id,
       bool should_include_version,
@@ -137,7 +159,7 @@ class QuicTestPacketMaker {
       size_t* spdy_headers_frame_length,
       QuicStreamOffset* offset);
 
-  scoped_ptr<QuicReceivedPacket> MakeResponseHeadersPacket(
+  std::unique_ptr<QuicReceivedPacket> MakeResponseHeadersPacket(
       QuicPacketNumber packet_number,
       QuicStreamId stream_id,
       bool should_include_version,
@@ -147,13 +169,13 @@ class QuicTestPacketMaker {
 
   // Convenience method for calling MakeResponseHeadersPacket with nullptr for
   // |spdy_headers_frame_length|.
-  scoped_ptr<QuicReceivedPacket> MakeResponseHeadersPacketWithOffsetTracking(
-      QuicPacketNumber packet_number,
-      QuicStreamId stream_id,
-      bool should_include_version,
-      bool fin,
-      const SpdyHeaderBlock& headers,
-      QuicStreamOffset* offset);
+  std::unique_ptr<QuicReceivedPacket>
+  MakeResponseHeadersPacketWithOffsetTracking(QuicPacketNumber packet_number,
+                                              QuicStreamId stream_id,
+                                              bool should_include_version,
+                                              bool fin,
+                                              const SpdyHeaderBlock& headers,
+                                              QuicStreamOffset* offset);
 
   SpdyHeaderBlock GetRequestHeaders(const std::string& method,
                                     const std::string& scheme,
@@ -164,9 +186,9 @@ class QuicTestPacketMaker {
                                      const std::string& alt_svc);
 
  private:
-  scoped_ptr<QuicReceivedPacket> MakePacket(const QuicPacketHeader& header,
-                                            const QuicFrame& frame);
-  scoped_ptr<QuicReceivedPacket> MakeMultipleFramesPacket(
+  std::unique_ptr<QuicReceivedPacket> MakePacket(const QuicPacketHeader& header,
+                                                 const QuicFrame& frame);
+  std::unique_ptr<QuicReceivedPacket> MakeMultipleFramesPacket(
       const QuicPacketHeader& header,
       const QuicFrames& frames);
 
@@ -181,6 +203,7 @@ class QuicTestPacketMaker {
   SpdyFramer spdy_response_framer_;
   MockRandom random_generator_;
   QuicPacketHeader header_;
+  Perspective perspective_;
 
   DISALLOW_COPY_AND_ASSIGN(QuicTestPacketMaker);
 };
diff --git a/chromium/net/quic/test_tools/quic_test_utils.cc b/chromium/net/quic/test_tools/quic_test_utils.cc
index 6c5438a2bbb..e292e2f5123 100644
--- a/chromium/net/quic/test_tools/quic_test_utils.cc
+++ b/chromium/net/quic/test_tools/quic_test_utils.cc
@@ -4,6 +4,8 @@
 
 #include "net/quic/test_tools/quic_test_utils.h"
 
+#include <memory>
+
 #include "base/sha1.h"
 #include "base/stl_util.h"
 #include "base/strings/string_number_conversions.h"
@@ -45,7 +47,18 @@ QuicAckFrame MakeAckFrameWithNackRanges(size_t num_nack_ranges,
   QuicAckFrame ack = MakeAckFrame(2 * num_nack_ranges + least_unacked);
   // Add enough missing packets to get num_nack_ranges nack ranges.
   for (QuicPacketNumber i = 1; i < 2 * num_nack_ranges; i += 2) {
-    ack.missing_packets.Add(least_unacked + i);
+    ack.packets.Add(least_unacked + i);
+  }
+  return ack;
+}
+
+QuicAckFrame MakeAckFrameWithAckBlocks(size_t num_ack_blocks,
+                                       QuicPacketNumber least_unacked) {
+  QuicAckFrame ack = MakeAckFrame(2 * num_ack_blocks + least_unacked);
+  ack.missing = false;
+  // Add enough received packets to get num_ack_blocks ack blocks.
+  for (QuicPacketNumber i = 2; i < 2 * num_ack_blocks + 1; i += 2) {
+    ack.packets.Add(least_unacked + i);
   }
   return ack;
 }
@@ -54,7 +67,7 @@ QuicPacket* BuildUnsizedDataPacket(QuicFramer* framer,
                                    const QuicPacketHeader& header,
                                    const QuicFrames& frames) {
   const size_t max_plaintext_size = framer->GetMaxPlaintextSize(kMaxPacketSize);
-  size_t packet_size = GetPacketHeaderSize(header);
+  size_t packet_size = GetPacketHeaderSize(framer->version(), header);
   for (size_t i = 0; i < frames.size(); ++i) {
     DCHECK_LE(packet_size, max_plaintext_size);
     bool first_frame = i == 0;
@@ -80,6 +93,7 @@ QuicPacket* BuildUnsizedDataPacket(QuicFramer* framer,
                         header.public_header.connection_id_length,
                         header.public_header.version_flag,
                         header.public_header.multipath_flag,
+                        header.public_header.nonce != nullptr,
                         header.public_header.packet_number_length);
 }
 
@@ -111,6 +125,8 @@ MockFramerVisitor::MockFramerVisitor() {
 
   ON_CALL(*this, OnStopWaitingFrame(_)).WillByDefault(testing::Return(true));
 
+  ON_CALL(*this, OnPaddingFrame(_)).WillByDefault(testing::Return(true));
+
   ON_CALL(*this, OnPingFrame(_)).WillByDefault(testing::Return(true));
 
   ON_CALL(*this, OnRstStreamFrame(_)).WillByDefault(testing::Return(true));
@@ -153,6 +169,10 @@ bool NoOpFramerVisitor::OnStopWaitingFrame(const QuicStopWaitingFrame& frame) {
   return true;
 }
 
+bool NoOpFramerVisitor::OnPaddingFrame(const QuicPaddingFrame& frame) {
+  return true;
+}
+
 bool NoOpFramerVisitor::OnPingFrame(const QuicPingFrame& frame) {
   return true;
 }
@@ -183,89 +203,101 @@ bool NoOpFramerVisitor::OnPathCloseFrame(const QuicPathCloseFrame& frame) {
   return true;
 }
 
-MockConnectionVisitor::MockConnectionVisitor() {}
+MockQuicConnectionVisitor::MockQuicConnectionVisitor() {}
 
-MockConnectionVisitor::~MockConnectionVisitor() {}
+MockQuicConnectionVisitor::~MockQuicConnectionVisitor() {}
 
-MockConnectionHelper::MockConnectionHelper() {}
+MockQuicConnectionHelper::MockQuicConnectionHelper() {}
 
-MockConnectionHelper::~MockConnectionHelper() {}
+MockQuicConnectionHelper::~MockQuicConnectionHelper() {}
 
-const QuicClock* MockConnectionHelper::GetClock() const {
+const QuicClock* MockQuicConnectionHelper::GetClock() const {
   return &clock_;
 }
 
-QuicRandom* MockConnectionHelper::GetRandomGenerator() {
+QuicRandom* MockQuicConnectionHelper::GetRandomGenerator() {
   return &random_generator_;
 }
 
-QuicAlarm* MockConnectionHelper::CreateAlarm(QuicAlarm::Delegate* delegate) {
-  return new MockConnectionHelper::TestAlarm(
+QuicAlarm* MockAlarmFactory::CreateAlarm(QuicAlarm::Delegate* delegate) {
+  return new MockAlarmFactory::TestAlarm(
       QuicArenaScopedPtr<QuicAlarm::Delegate>(delegate));
 }
 
-QuicArenaScopedPtr<QuicAlarm> MockConnectionHelper::CreateAlarm(
+QuicArenaScopedPtr<QuicAlarm> MockAlarmFactory::CreateAlarm(
     QuicArenaScopedPtr<QuicAlarm::Delegate> delegate,
     QuicConnectionArena* arena) {
   if (arena != nullptr) {
-    return arena->New<MockConnectionHelper::TestAlarm>(std::move(delegate));
+    return arena->New<MockAlarmFactory::TestAlarm>(std::move(delegate));
   } else {
-    return QuicArenaScopedPtr<MockConnectionHelper::TestAlarm>(
+    return QuicArenaScopedPtr<MockAlarmFactory::TestAlarm>(
         new TestAlarm(std::move(delegate)));
   }
 }
 
-QuicBufferAllocator* MockConnectionHelper::GetBufferAllocator() {
+QuicBufferAllocator* MockQuicConnectionHelper::GetBufferAllocator() {
   return &buffer_allocator_;
 }
 
-void MockConnectionHelper::AdvanceTime(QuicTime::Delta delta) {
+void MockQuicConnectionHelper::AdvanceTime(QuicTime::Delta delta) {
   clock_.AdvanceTime(delta);
 }
 
-MockConnection::MockConnection(MockConnectionHelper* helper,
-                               Perspective perspective)
-    : MockConnection(kTestConnectionId,
-                     IPEndPoint(TestPeerIPAddress(), kTestPort),
-                     helper,
-                     perspective,
-                     QuicSupportedVersions()) {}
-
-MockConnection::MockConnection(IPEndPoint address,
-                               MockConnectionHelper* helper,
-                               Perspective perspective)
-    : MockConnection(kTestConnectionId,
-                     address,
-                     helper,
-                     perspective,
-                     QuicSupportedVersions()) {}
-
-MockConnection::MockConnection(QuicConnectionId connection_id,
-                               MockConnectionHelper* helper,
-                               Perspective perspective)
-    : MockConnection(connection_id,
-                     IPEndPoint(TestPeerIPAddress(), kTestPort),
-                     helper,
-                     perspective,
-                     QuicSupportedVersions()) {}
-
-MockConnection::MockConnection(MockConnectionHelper* helper,
-                               Perspective perspective,
-                               const QuicVersionVector& supported_versions)
-    : MockConnection(kTestConnectionId,
-                     IPEndPoint(TestPeerIPAddress(), kTestPort),
-                     helper,
-                     perspective,
-                     supported_versions) {}
-
-MockConnection::MockConnection(QuicConnectionId connection_id,
-                               IPEndPoint address,
-                               MockConnectionHelper* helper,
-                               Perspective perspective,
-                               const QuicVersionVector& supported_versions)
+MockQuicConnection::MockQuicConnection(MockQuicConnectionHelper* helper,
+                                       MockAlarmFactory* alarm_factory,
+                                       Perspective perspective)
+    : MockQuicConnection(kTestConnectionId,
+                         IPEndPoint(TestPeerIPAddress(), kTestPort),
+                         helper,
+                         alarm_factory,
+                         perspective,
+                         QuicSupportedVersions()) {}
+
+MockQuicConnection::MockQuicConnection(IPEndPoint address,
+                                       MockQuicConnectionHelper* helper,
+                                       MockAlarmFactory* alarm_factory,
+                                       Perspective perspective)
+    : MockQuicConnection(kTestConnectionId,
+                         address,
+                         helper,
+                         alarm_factory,
+                         perspective,
+                         QuicSupportedVersions()) {}
+
+MockQuicConnection::MockQuicConnection(QuicConnectionId connection_id,
+                                       MockQuicConnectionHelper* helper,
+                                       MockAlarmFactory* alarm_factory,
+                                       Perspective perspective)
+    : MockQuicConnection(connection_id,
+                         IPEndPoint(TestPeerIPAddress(), kTestPort),
+                         helper,
+                         alarm_factory,
+                         perspective,
+                         QuicSupportedVersions()) {}
+
+MockQuicConnection::MockQuicConnection(
+    MockQuicConnectionHelper* helper,
+    MockAlarmFactory* alarm_factory,
+    Perspective perspective,
+    const QuicVersionVector& supported_versions)
+    : MockQuicConnection(kTestConnectionId,
+                         IPEndPoint(TestPeerIPAddress(), kTestPort),
+                         helper,
+                         alarm_factory,
+                         perspective,
+                         supported_versions) {}
+
+MockQuicConnection::MockQuicConnection(
+    QuicConnectionId connection_id,
+    IPEndPoint address,
+    MockQuicConnectionHelper* helper,
+    MockAlarmFactory* alarm_factory,
+    Perspective perspective,
+    const QuicVersionVector& supported_versions)
     : QuicConnection(connection_id,
                      address,
                      helper,
+                     alarm_factory,
                      new testing::NiceMock<MockPacketWriter>(),
                      /* owns_writer= */ true,
                      perspective,
@@ -275,21 +307,26 @@ MockConnection::MockConnection(QuicConnectionId connection_id,
           Invoke(this, &PacketSavingConnection::QuicConnection_OnError));
 }
 
-MockConnection::~MockConnection() {}
+MockQuicConnection::~MockQuicConnection() {}
 
-void MockConnection::AdvanceTime(QuicTime::Delta delta) {
-  static_cast<MockConnectionHelper*>(helper())->AdvanceTime(delta);
+void MockQuicConnection::AdvanceTime(QuicTime::Delta delta) {
+  static_cast<MockQuicConnectionHelper*>(helper())->AdvanceTime(delta);
 }
 
-PacketSavingConnection::PacketSavingConnection(MockConnectionHelper* helper,
+PacketSavingConnection::PacketSavingConnection(MockQuicConnectionHelper* helper,
+                                               MockAlarmFactory* alarm_factory,
                                                Perspective perspective)
-    : MockConnection(helper, perspective) {}
+    : MockQuicConnection(helper, alarm_factory, perspective) {}
 
 PacketSavingConnection::PacketSavingConnection(
-    MockConnectionHelper* helper,
+    MockQuicConnectionHelper* helper,
+    MockAlarmFactory* alarm_factory,
     Perspective perspective,
     const QuicVersionVector& supported_versions)
-    : MockConnection(helper, perspective, supported_versions) {}
+    : MockQuicConnection(helper,
+                         alarm_factory,
+                         perspective,
+                         supported_versions) {}
 
 PacketSavingConnection::~PacketSavingConnection() {
   STLDeleteElements(&encrypted_packets_);
@@ -300,7 +337,7 @@ void PacketSavingConnection::SendOrQueuePacket(SerializedPacket* packet) {
       QuicUtils::CopyBuffer(*packet), packet->encrypted_length, true));
   // Transfer ownership of the packet to the SentPacketManager and the
   // ack notifier to the AckNotifierManager.
-  sent_packet_manager_.OnPacketSent(packet, 0, QuicTime::Zero(),
+  sent_packet_manager_.OnPacketSent(packet, kInvalidPathId, 0, QuicTime::Zero(),
                                     NOT_RETRANSMISSION,
                                     HAS_RETRANSMITTABLE_DATA);
 }
@@ -309,7 +346,7 @@ MockQuicSession::MockQuicSession(QuicConnection* connection)
     : QuicSession(connection, DefaultQuicConfig()) {
   crypto_stream_.reset(new QuicCryptoStream(this));
   Initialize();
-  ON_CALL(*this, WritevData(_, _, _, _, _))
+  ON_CALL(*this, WritevData(_, _, _, _, _, _))
       .WillByDefault(testing::Return(QuicConsumedData(0, false)));
 }
 
@@ -317,6 +354,7 @@ MockQuicSession::~MockQuicSession() {}
 
 // static
 QuicConsumedData MockQuicSession::ConsumeAllData(
+    ReliableQuicStream* /*stream*/,
     QuicStreamId /*id*/,
     const QuicIOVector& data,
     QuicStreamOffset /*offset*/,
@@ -329,22 +367,12 @@ MockQuicSpdySession::MockQuicSpdySession(QuicConnection* connection)
     : QuicSpdySession(connection, DefaultQuicConfig()) {
   crypto_stream_.reset(new QuicCryptoStream(this));
   Initialize();
-  ON_CALL(*this, WritevData(_, _, _, _, _))
+  ON_CALL(*this, WritevData(_, _, _, _, _, _))
       .WillByDefault(testing::Return(QuicConsumedData(0, false)));
 }
 
 MockQuicSpdySession::~MockQuicSpdySession() {}
 
-// static
-QuicConsumedData MockQuicSpdySession::ConsumeAllData(
-    QuicStreamId /*id*/,
-    const QuicIOVector& data,
-    QuicStreamOffset /*offset*/,
-    bool fin,
-    QuicAckListenerInterface* /*ack_notifier_delegate*/) {
-  return QuicConsumedData(data.total_length, fin);
-}
-
 TestQuicSpdyServerSession::TestQuicSpdyServerSession(
     QuicConnection* connection,
     const QuicConfig& config,
@@ -534,6 +562,23 @@ QuicEncryptedPacket* ConstructEncryptedPacket(
     QuicConnectionIdLength connection_id_length,
     QuicPacketNumberLength packet_number_length,
     QuicVersionVector* versions) {
+  return ConstructEncryptedPacket(connection_id, version_flag, multipath_flag,
+                                  reset_flag, path_id, packet_number, data,
+                                  connection_id_length, packet_number_length,
+                                  versions, Perspective::IS_CLIENT);
+}
+QuicEncryptedPacket* ConstructEncryptedPacket(
+    QuicConnectionId connection_id,
+    bool version_flag,
+    bool multipath_flag,
+    bool reset_flag,
+    QuicPathId path_id,
+    QuicPacketNumber packet_number,
+    const string& data,
+    QuicConnectionIdLength connection_id_length,
+    QuicPacketNumberLength packet_number_length,
+    QuicVersionVector* versions,
+    Perspective perspective) {
   QuicPacketHeader header;
   header.public_header.connection_id = connection_id;
   header.public_header.connection_id_length = connection_id_length;
@@ -553,9 +598,9 @@ QuicEncryptedPacket* ConstructEncryptedPacket(
   QuicFrames frames;
   frames.push_back(frame);
   QuicFramer framer(versions != nullptr ? *versions : QuicSupportedVersions(),
-                    QuicTime::Zero(), Perspective::IS_CLIENT);
+                    QuicTime::Zero(), perspective);
 
-  scoped_ptr<QuicPacket> packet(
+  std::unique_ptr<QuicPacket> packet(
       BuildUnsizedDataPacket(&framer, header, frames));
   EXPECT_TRUE(packet != nullptr);
   char* buffer = new char[kMaxPacketSize];
@@ -584,7 +629,8 @@ QuicEncryptedPacket* ConstructMisFramedEncryptedPacket(
     const string& data,
     QuicConnectionIdLength connection_id_length,
     QuicPacketNumberLength packet_number_length,
-    QuicVersionVector* versions) {
+    QuicVersionVector* versions,
+    Perspective perspective) {
   QuicPacketHeader header;
   header.public_header.connection_id = connection_id;
   header.public_header.connection_id_length = connection_id_length;
@@ -604,17 +650,26 @@ QuicEncryptedPacket* ConstructMisFramedEncryptedPacket(
   QuicFrames frames;
   frames.push_back(frame);
   QuicFramer framer(versions != nullptr ? *versions : QuicSupportedVersions(),
-                    QuicTime::Zero(), Perspective::IS_CLIENT);
+                    QuicTime::Zero(), perspective);
 
-  scoped_ptr<QuicPacket> packet(
+  std::unique_ptr<QuicPacket> packet(
       BuildUnsizedDataPacket(&framer, header, frames));
   EXPECT_TRUE(packet != nullptr);
 
-  // Now set the packet's private flags byte to 0xFF, which is an invalid value.
-  reinterpret_cast<unsigned char*>(
-      packet->mutable_data())[GetStartOfEncryptedData(
-      connection_id_length, version_flag, multipath_flag,
-      packet_number_length)] = 0xFF;
+  if (framer.version() <= QUIC_VERSION_33) {
+    // Now set the packet's private flags byte to 0xFF, which is an invalid
+    // value.
+    reinterpret_cast<unsigned char*>(
+        packet->mutable_data())[GetStartOfEncryptedData(
+        framer.version(), connection_id_length, version_flag, multipath_flag,
+        false /* no diversification nonce */, packet_number_length)] = 0xFF;
+  } else {
+    // Now set the frame type to 0x1F, which is an invalid frame type.
+    reinterpret_cast<unsigned char*>(
+        packet->mutable_data())[GetStartOfEncryptedData(
+        framer.version(), connection_id_length, version_flag, multipath_flag,
+        false /* no diversification nonce */, packet_number_length)] = 0x1F;
+  }
 
   char* buffer = new char[kMaxPacketSize];
   size_t encrypted_length = framer.EncryptPayload(
@@ -631,7 +686,7 @@ void CompareCharArraysWithHexError(const string& description,
   EXPECT_EQ(actual_len, expected_len);
   const int min_len = min(actual_len, expected_len);
   const int max_len = max(actual_len, expected_len);
-  scoped_ptr<bool[]> marks(new bool[max_len]);
+  std::unique_ptr<bool[]> marks(new bool[max_len]);
   bool identical = (actual_len == expected_len);
   for (int i = 0; i < min_len; ++i) {
     if (actual[i] != expected[i]) {
@@ -671,7 +726,8 @@ static QuicPacket* ConstructPacketFromHandshakeMessage(
     const CryptoHandshakeMessage& message,
     bool should_include_version) {
   CryptoFramer crypto_framer;
-  scoped_ptr<QuicData> data(crypto_framer.ConstructHandshakeMessage(message));
+  std::unique_ptr<QuicData> data(
+      crypto_framer.ConstructHandshakeMessage(message));
   QuicFramer quic_framer(QuicSupportedVersions(), QuicTime::Zero(),
                          Perspective::IS_CLIENT);
 
@@ -704,6 +760,7 @@ QuicPacket* ConstructHandshakePacket(QuicConnectionId connection_id,
 size_t GetPacketLengthForOneStream(QuicVersion version,
                                    bool include_version,
                                    bool include_path_id,
+                                   bool include_diversification_nonce,
                                    QuicConnectionIdLength connection_id_length,
                                    QuicPacketNumberLength packet_number_length,
                                    size_t* payload_length) {
@@ -711,21 +768,22 @@ size_t GetPacketLengthForOneStream(QuicVersion version,
   const size_t stream_length =
       NullEncrypter().GetCiphertextSize(*payload_length) +
       QuicPacketCreator::StreamFramePacketOverhead(
-          PACKET_8BYTE_CONNECTION_ID, include_version, include_path_id,
-          packet_number_length, 0u);
+          version, PACKET_8BYTE_CONNECTION_ID, include_version, include_path_id,
+          include_diversification_nonce, packet_number_length, 0u);
   const size_t ack_length =
       NullEncrypter().GetCiphertextSize(
-          QuicFramer::GetMinAckFrameSize(PACKET_1BYTE_PACKET_NUMBER)) +
-      GetPacketHeaderSize(connection_id_length, include_version,
-                          include_path_id, packet_number_length);
+          QuicFramer::GetMinAckFrameSize(version, PACKET_1BYTE_PACKET_NUMBER)) +
+      GetPacketHeaderSize(version, connection_id_length, include_version,
+                          include_path_id, include_diversification_nonce,
+                          packet_number_length);
   if (stream_length < ack_length) {
     *payload_length = 1 + ack_length - stream_length;
   }
 
   return NullEncrypter().GetCiphertextSize(*payload_length) +
          QuicPacketCreator::StreamFramePacketOverhead(
-             connection_id_length, include_version, include_path_id,
-             packet_number_length, 0u);
+             version, connection_id_length, include_version, include_path_id,
+             include_diversification_nonce, packet_number_length, 0u);
 }
 
 TestEntropyCalculator::TestEntropyCalculator() {}
@@ -777,7 +835,8 @@ void CreateClientSessionForTest(QuicServerId server_id,
                                 bool supports_stateless_rejects,
                                 QuicTime::Delta connection_start_time,
                                 QuicVersionVector supported_versions,
-                                MockConnectionHelper* helper,
+                                MockQuicConnectionHelper* helper,
+                                MockAlarmFactory* alarm_factory,
                                 QuicCryptoClientConfig* crypto_client_config,
                                 PacketSavingConnection** client_connection,
                                 TestQuicSpdyClientSession** client_session) {
@@ -792,7 +851,7 @@ void CreateClientSessionForTest(QuicServerId server_id,
                           ? DefaultQuicConfigStatelessRejects()
                           : DefaultQuicConfig();
   *client_connection = new PacketSavingConnection(
-      helper, Perspective::IS_CLIENT, supported_versions);
+      helper, alarm_factory, Perspective::IS_CLIENT, supported_versions);
   *client_session = new TestQuicSpdyClientSession(
       *client_connection, config, server_id, crypto_client_config);
   (*client_connection)->AdvanceTime(connection_start_time);
@@ -802,7 +861,8 @@ void CreateServerSessionForTest(
     QuicServerId server_id,
     QuicTime::Delta connection_start_time,
     QuicVersionVector supported_versions,
-    MockConnectionHelper* helper,
+    MockQuicConnectionHelper* helper,
+    MockAlarmFactory* alarm_factory,
     QuicCryptoServerConfig* server_crypto_config,
     QuicCompressedCertsCache* compressed_certs_cache,
     PacketSavingConnection** server_connection,
@@ -815,7 +875,7 @@ void CreateServerSessionForTest(
       << "strike-register will be unhappy.";
 
   *server_connection = new PacketSavingConnection(
-      helper, Perspective::IS_SERVER, supported_versions);
+      helper, alarm_factory, Perspective::IS_SERVER, supported_versions);
   *server_session = new TestQuicSpdyServerSession(
       *server_connection, DefaultQuicConfig(), server_crypto_config,
       compressed_certs_cache);
diff --git a/chromium/net/quic/test_tools/quic_test_utils.h b/chromium/net/quic/test_tools/quic_test_utils.h
index 2f2def36b04..bf3fad0929a 100644
--- a/chromium/net/quic/test_tools/quic_test_utils.h
+++ b/chromium/net/quic/test_tools/quic_test_utils.h
@@ -10,6 +10,8 @@
 #include <stddef.h>
 #include <stdint.h>
 
+#include <cstdint>
+#include <memory>
 #include <string>
 #include <vector>
 
@@ -34,6 +36,8 @@
 #include "net/tools/quic/test_tools/mock_quic_server_session_visitor.h"
 #include "testing/gmock/include/gmock/gmock.h"
 
+using base::StringPiece;
+
 namespace net {
 
 namespace test {
@@ -84,6 +88,23 @@ QuicEncryptedPacket* ConstructEncryptedPacket(
     const std::string& data,
     QuicConnectionIdLength connection_id_length,
     QuicPacketNumberLength packet_number_length,
+    QuicVersionVector* versions,
+    Perspective perspective);
+
+// Create an encrypted packet for testing.
+// If versions == nullptr, uses &QuicSupportedVersions().
+// Note that the packet is encrypted with NullEncrypter, so to decrypt the
+// constructed packet, the framer must be set to use NullDecrypter.
+QuicEncryptedPacket* ConstructEncryptedPacket(
+    QuicConnectionId connection_id,
+    bool version_flag,
+    bool multipath_flag,
+    bool reset_flag,
+    QuicPathId path_id,
+    QuicPacketNumber packet_number,
+    const std::string& data,
+    QuicConnectionIdLength connection_id_length,
+    QuicPacketNumberLength packet_number_length,
     QuicVersionVector* versions);
 
 // This form assumes |versions| == nullptr.
@@ -130,7 +151,8 @@ QuicEncryptedPacket* ConstructMisFramedEncryptedPacket(
     const std::string& data,
     QuicConnectionIdLength connection_id_length,
     QuicPacketNumberLength packet_number_length,
-    QuicVersionVector* versions);
+    QuicVersionVector* versions,
+    Perspective perspective);
 
 void CompareCharArraysWithHexError(const std::string& description,
                                    const char* actual,
@@ -138,7 +160,7 @@ void CompareCharArraysWithHexError(const std::string& description,
                                    const char* expected,
                                    const int expected_len);
 
-bool DecodeHexString(const base::StringPiece& hex, std::string* bytes);
+bool DecodeHexString(const StringPiece& hex, std::string* bytes);
 
 // Returns the length of a QuicPacket that is capable of holding either a
 // stream frame or a minimal ack frame.  Sets |*payload_length| to the number
@@ -146,6 +168,7 @@ bool DecodeHexString(const base::StringPiece& hex, std::string* bytes);
 size_t GetPacketLengthForOneStream(QuicVersion version,
                                    bool include_version,
                                    bool include_path_id,
+                                   bool include_diversification_nonce,
                                    QuicConnectionIdLength connection_id_length,
                                    QuicPacketNumberLength packet_number_length,
                                    size_t* payload_length);
@@ -168,6 +191,11 @@ QuicAckFrame MakeAckFrame(QuicPacketNumber largest_observed);
 QuicAckFrame MakeAckFrameWithNackRanges(size_t num_nack_ranges,
                                         QuicPacketNumber least_unacked);
 
+// Testing convenience method to construct a QuicAckFrame with |num_ack_blocks|
+// ack blocks of width 1 packet, starting from |least_unacked| + 2.
+QuicAckFrame MakeAckFrameWithAckBlocks(size_t num_ack_blocks,
+                                       QuicPacketNumber least_unacked);
+
 // Returns a QuicPacket that is owned by the caller, and
 // is populated with the fields in |header| and |frames|, or is nullptr if the
 // packet could not be created.
@@ -236,6 +264,7 @@ class MockFramerVisitor : public QuicFramerVisitorInterface {
   MOCK_METHOD1(OnStreamFrame, bool(const QuicStreamFrame& frame));
   MOCK_METHOD1(OnAckFrame, bool(const QuicAckFrame& frame));
   MOCK_METHOD1(OnStopWaitingFrame, bool(const QuicStopWaitingFrame& frame));
+  MOCK_METHOD1(OnPaddingFrame, bool(const QuicPaddingFrame& frame));
   MOCK_METHOD1(OnPingFrame, bool(const QuicPingFrame& frame));
   MOCK_METHOD1(OnRstStreamFrame, bool(const QuicRstStreamFrame& frame));
   MOCK_METHOD1(OnConnectionCloseFrame,
@@ -268,6 +297,7 @@ class NoOpFramerVisitor : public QuicFramerVisitorInterface {
   bool OnStreamFrame(const QuicStreamFrame& frame) override;
   bool OnAckFrame(const QuicAckFrame& frame) override;
   bool OnStopWaitingFrame(const QuicStopWaitingFrame& frame) override;
+  bool OnPaddingFrame(const QuicPaddingFrame& frame) override;
   bool OnPingFrame(const QuicPingFrame& frame) override;
   bool OnRstStreamFrame(const QuicRstStreamFrame& frame) override;
   bool OnConnectionCloseFrame(const QuicConnectionCloseFrame& frame) override;
@@ -281,10 +311,10 @@ class NoOpFramerVisitor : public QuicFramerVisitorInterface {
   DISALLOW_COPY_AND_ASSIGN(NoOpFramerVisitor);
 };
 
-class MockConnectionVisitor : public QuicConnectionVisitorInterface {
+class MockQuicConnectionVisitor : public QuicConnectionVisitorInterface {
  public:
-  MockConnectionVisitor();
-  ~MockConnectionVisitor() override;
+  MockQuicConnectionVisitor();
+  ~MockQuicConnectionVisitor() override;
 
   MOCK_METHOD1(OnStreamFrame, void(const QuicStreamFrame& frame));
   MOCK_METHOD1(OnWindowUpdateFrame, void(const QuicWindowUpdateFrame& frame));
@@ -309,21 +339,32 @@ class MockConnectionVisitor : public QuicConnectionVisitorInterface {
   MOCK_METHOD0(PostProcessAfterData, void());
 
  private:
-  DISALLOW_COPY_AND_ASSIGN(MockConnectionVisitor);
+  DISALLOW_COPY_AND_ASSIGN(MockQuicConnectionVisitor);
 };
 
-class MockConnectionHelper : public QuicConnectionHelperInterface {
+class MockQuicConnectionHelper : public QuicConnectionHelperInterface {
  public:
-  MockConnectionHelper();
-  ~MockConnectionHelper() override;
+  MockQuicConnectionHelper();
+  ~MockQuicConnectionHelper() override;
   const QuicClock* GetClock() const override;
   QuicRandom* GetRandomGenerator() override;
+  QuicBufferAllocator* GetBufferAllocator() override;
+  void AdvanceTime(QuicTime::Delta delta);
+
+ private:
+  MockClock clock_;
+  MockRandom random_generator_;
+  SimpleBufferAllocator buffer_allocator_;
+
+  DISALLOW_COPY_AND_ASSIGN(MockQuicConnectionHelper);
+};
+
+class MockAlarmFactory : public QuicAlarmFactory {
+ public:
   QuicAlarm* CreateAlarm(QuicAlarm::Delegate* delegate) override;
   QuicArenaScopedPtr<QuicAlarm> CreateAlarm(
       QuicArenaScopedPtr<QuicAlarm::Delegate> delegate,
       QuicConnectionArena* arena) override;
-  QuicBufferAllocator* GetBufferAllocator() override;
-  void AdvanceTime(QuicTime::Delta delta);
 
   // No-op alarm implementation
   class TestAlarm : public QuicAlarm {
@@ -340,44 +381,43 @@ class MockConnectionHelper : public QuicConnectionHelperInterface {
   void FireAlarm(QuicAlarm* alarm) {
     reinterpret_cast<TestAlarm*>(alarm)->Fire();
   }
-
- private:
-  MockClock clock_;
-  MockRandom random_generator_;
-  SimpleBufferAllocator buffer_allocator_;
-
-  DISALLOW_COPY_AND_ASSIGN(MockConnectionHelper);
 };
 
-class MockConnection : public QuicConnection {
+class MockQuicConnection : public QuicConnection {
  public:
   // Uses a ConnectionId of 42 and 127.0.0.1:123.
-  MockConnection(MockConnectionHelper* helper, Perspective perspective);
+  MockQuicConnection(MockQuicConnectionHelper* helper,
+                     MockAlarmFactory* alarm_factory,
+                     Perspective perspective);
 
   // Uses a ConnectionId of 42.
-  MockConnection(IPEndPoint address,
-                 MockConnectionHelper* helper,
-                 Perspective perspective);
+  MockQuicConnection(IPEndPoint address,
+                     MockQuicConnectionHelper* helper,
+                     MockAlarmFactory* alarm_factory,
+                     Perspective perspective);
 
   // Uses 127.0.0.1:123.
-  MockConnection(QuicConnectionId connection_id,
-                 MockConnectionHelper* helper,
-                 Perspective perspective);
+  MockQuicConnection(QuicConnectionId connection_id,
+                     MockQuicConnectionHelper* helper,
+                     MockAlarmFactory* alarm_factory,
+                     Perspective perspective);
 
   // Uses a ConnectionId of 42, and 127.0.0.1:123.
-  MockConnection(MockConnectionHelper* helper,
-                 Perspective perspective,
-                 const QuicVersionVector& supported_versions);
+  MockQuicConnection(MockQuicConnectionHelper* helper,
+                     MockAlarmFactory* alarm_factory,
+                     Perspective perspective,
+                     const QuicVersionVector& supported_versions);
 
-  MockConnection(QuicConnectionId connection_id,
-                 IPEndPoint address,
-                 MockConnectionHelper* helper,
-                 Perspective perspective,
-                 const QuicVersionVector& supported_versions);
+  MockQuicConnection(QuicConnectionId connection_id,
+                     IPEndPoint address,
+                     MockQuicConnectionHelper* helper,
+                     MockAlarmFactory* alarm_factory,
+                     Perspective perspective,
+                     const QuicVersionVector& supported_versions);
 
-  ~MockConnection() override;
+  ~MockQuicConnection() override;
 
-  // If the constructor that uses a MockConnectionHelper has been used then
+  // If the constructor that uses a MockQuicConnectionHelper has been used then
   // this method
   // will advance the time of the MockClock.
   void AdvanceTime(QuicTime::Delta delta);
@@ -409,6 +449,7 @@ class MockConnection : public QuicConnection {
   MOCK_METHOD1(OnSendConnectionState, void(const CachedNetworkParameters&));
   MOCK_METHOD2(ResumeConnectionState,
                void(const CachedNetworkParameters&, bool));
+  MOCK_METHOD1(SetMaxPacingRate, void(QuicBandwidth));
 
   MOCK_METHOD1(OnError, void(QuicFramer* framer));
   void QuicConnection_OnError(QuicFramer* framer) {
@@ -430,14 +471,17 @@ class MockConnection : public QuicConnection {
   }
 
  private:
-  DISALLOW_COPY_AND_ASSIGN(MockConnection);
+  DISALLOW_COPY_AND_ASSIGN(MockQuicConnection);
 };
 
-class PacketSavingConnection : public MockConnection {
+class PacketSavingConnection : public MockQuicConnection {
  public:
-  PacketSavingConnection(MockConnectionHelper* helper, Perspective perspective);
+  PacketSavingConnection(MockQuicConnectionHelper* helper,
+                         MockAlarmFactory* alarm_factory,
+                         Perspective perspective);
 
-  PacketSavingConnection(MockConnectionHelper* helper,
+  PacketSavingConnection(MockQuicConnectionHelper* helper,
+                         MockAlarmFactory* alarm_factory,
                          Perspective perspective,
                          const QuicVersionVector& supported_versions);
 
@@ -468,8 +512,9 @@ class MockQuicSession : public QuicSession {
                ReliableQuicStream*(SpdyPriority priority));
   MOCK_METHOD1(ShouldCreateIncomingDynamicStream, bool(QuicStreamId id));
   MOCK_METHOD0(ShouldCreateOutgoingDynamicStream, bool());
-  MOCK_METHOD5(WritevData,
-               QuicConsumedData(QuicStreamId id,
+  MOCK_METHOD6(WritevData,
+               QuicConsumedData(ReliableQuicStream* stream,
+                                QuicStreamId id,
                                 QuicIOVector data,
                                 QuicStreamOffset offset,
                                 bool fin,
@@ -493,6 +538,7 @@ class MockQuicSession : public QuicSession {
   // Returns a QuicConsumedData that indicates all of |data| (and |fin| if set)
   // has been consumed.
   static QuicConsumedData ConsumeAllData(
+      ReliableQuicStream* stream,
       QuicStreamId id,
       const QuicIOVector& data,
       QuicStreamOffset offset,
@@ -522,8 +568,9 @@ class MockQuicSpdySession : public QuicSpdySession {
                QuicSpdyStream*(SpdyPriority priority));
   MOCK_METHOD1(ShouldCreateIncomingDynamicStream, bool(QuicStreamId id));
   MOCK_METHOD0(ShouldCreateOutgoingDynamicStream, bool());
-  MOCK_METHOD5(WritevData,
-               QuicConsumedData(QuicStreamId id,
+  MOCK_METHOD6(WritevData,
+               QuicConsumedData(ReliableQuicStream* stream,
+                                QuicStreamId id,
                                 QuicIOVector data,
                                 QuicStreamOffset offset,
                                 bool fin,
@@ -535,18 +582,28 @@ class MockQuicSpdySession : public QuicSpdySession {
                     QuicStreamOffset bytes_written));
 
   MOCK_METHOD2(OnStreamHeaders,
-               void(QuicStreamId stream_id, base::StringPiece headers_data));
+               void(QuicStreamId stream_id, StringPiece headers_data));
   MOCK_METHOD2(OnStreamHeadersPriority,
                void(QuicStreamId stream_id, SpdyPriority priority));
   MOCK_METHOD3(OnStreamHeadersComplete,
                void(QuicStreamId stream_id, bool fin, size_t frame_len));
+  MOCK_METHOD4(OnStreamHeaderList,
+               void(QuicStreamId stream_id,
+                    bool fin,
+                    size_t frame_len,
+                    const QuicHeaderList& header_list));
+  MOCK_METHOD0(IsCryptoHandshakeConfirmed, bool());
   MOCK_METHOD2(OnPromiseHeaders,
                void(QuicStreamId stream_id, StringPiece headers_data));
   MOCK_METHOD3(OnPromiseHeadersComplete,
                void(QuicStreamId stream_id,
                     QuicStreamId promised_stream_id,
                     size_t frame_len));
-  MOCK_METHOD0(IsCryptoHandshakeConfirmed, bool());
+  MOCK_METHOD4(OnPromiseHeaderList,
+               void(QuicStreamId stream_id,
+                    QuicStreamId promised_stream_id,
+                    size_t frame_len,
+                    const QuicHeaderList& header_list));
   MOCK_METHOD5(WriteHeaders,
                size_t(QuicStreamId id,
                       const SpdyHeaderBlock& headers,
@@ -557,17 +614,8 @@ class MockQuicSpdySession : public QuicSpdySession {
 
   using QuicSession::ActivateStream;
 
-  // Returns a QuicConsumedData that indicates all of |data| (and |fin| if set)
-  // has been consumed.
-  static QuicConsumedData ConsumeAllData(
-      QuicStreamId id,
-      const QuicIOVector& data,
-      QuicStreamOffset offset,
-      bool fin,
-      QuicAckListenerInterface* ack_notifier_delegate);
-
  private:
-  scoped_ptr<QuicCryptoStream> crypto_stream_;
+  std::unique_ptr<QuicCryptoStream> crypto_stream_;
 
   DISALLOW_COPY_AND_ASSIGN(MockQuicSpdySession);
 };
@@ -621,7 +669,7 @@ class TestQuicSpdyClientSession : public QuicClientSessionBase {
   QuicCryptoClientStream* GetCryptoStream() override;
 
  private:
-  scoped_ptr<QuicCryptoClientStream> crypto_stream_;
+  std::unique_ptr<QuicCryptoClientStream> crypto_stream_;
   QuicClientPushPromiseIndex push_promise_index_;
 
   DISALLOW_COPY_AND_ASSIGN(TestQuicSpdyClientSession);
@@ -698,12 +746,18 @@ class MockLossAlgorithm : public LossDetectionInterface {
   ~MockLossAlgorithm() override;
 
   MOCK_CONST_METHOD0(GetLossDetectionType, LossDetectionType());
-  MOCK_METHOD4(DetectLosses,
+  MOCK_METHOD5(DetectLosses,
                void(const QuicUnackedPacketMap& unacked_packets,
                     QuicTime time,
                     const RttStats& rtt_stats,
+                    QuicPacketNumber largest_recently_acked,
                     SendAlgorithmInterface::CongestionVector* packets_lost));
   MOCK_CONST_METHOD0(GetLossTimeout, QuicTime());
+  MOCK_METHOD4(SpuriousRetransmitDetected,
+               void(const QuicUnackedPacketMap&,
+                    QuicTime,
+                    const RttStats&,
+                    QuicPacketNumber));
 
  private:
   DISALLOW_COPY_AND_ASSIGN(MockLossAlgorithm);
@@ -757,8 +811,7 @@ class MockNetworkChangeVisitor
   MockNetworkChangeVisitor();
   ~MockNetworkChangeVisitor() override;
 
-  MOCK_METHOD0(OnCongestionWindowChange, void());
-  MOCK_METHOD0(OnRttChange, void());
+  MOCK_METHOD0(OnCongestionChange, void());
   MOCK_METHOD0(OnPathDegrading, void());
 
  private:
@@ -772,8 +825,9 @@ class MockQuicConnectionDebugVisitor : public QuicConnectionDebugVisitor {
 
   MOCK_METHOD1(OnFrameAddedToPacket, void(const QuicFrame&));
 
-  MOCK_METHOD4(OnPacketSent,
+  MOCK_METHOD5(OnPacketSent,
                void(const SerializedPacket&,
+                    QuicPathId,
                     QuicPacketNumber,
                     TransmissionType,
                     QuicTime));
@@ -833,7 +887,7 @@ class MockReceivedPacketManager : public QuicReceivedPacketManager {
 //   connection_start_time should be synchronized witht the server
 //   start time, otherwise nonce verification will fail.
 // supported_versions: Set of QUIC versions this client supports.
-// helper: Pointer to the MockConnectionHelper to use for the session.
+// helper: Pointer to the MockQuicConnectionHelper to use for the session.
 // crypto_client_config: Pointer to the crypto client config.
 // client_connection: Pointer reference for newly created
 //   connection.  This object will be owned by the
@@ -844,7 +898,8 @@ void CreateClientSessionForTest(QuicServerId server_id,
                                 bool supports_stateless_rejects,
                                 QuicTime::Delta connection_start_time,
                                 QuicVersionVector supported_versions,
-                                MockConnectionHelper* helper,
+                                MockQuicConnectionHelper* helper,
+                                MockAlarmFactory* alarm_factory,
                                 QuicCryptoClientConfig* crypto_client_config,
                                 PacketSavingConnection** client_connection,
                                 TestQuicSpdyClientSession** client_session);
@@ -857,7 +912,7 @@ void CreateClientSessionForTest(QuicServerId server_id,
 //   connection_start_time should be synchronized witht the client
 //   start time, otherwise nonce verification will fail.
 // supported_versions: Set of QUIC versions this server supports.
-// helper: Pointer to the MockConnectionHelper to use for the session.
+// helper: Pointer to the MockQuicConnectionHelper to use for the session.
 // crypto_server_config: Pointer to the crypto server config.
 // server_connection: Pointer reference for newly created
 //   connection.  This object will be owned by the
@@ -868,7 +923,8 @@ void CreateServerSessionForTest(
     QuicServerId server_id,
     QuicTime::Delta connection_start_time,
     QuicVersionVector supported_versions,
-    MockConnectionHelper* helper,
+    MockQuicConnectionHelper* helper,
+    MockAlarmFactory* alarm_factory,
     QuicCryptoServerConfig* crypto_server_config,
     QuicCompressedCertsCache* compressed_certs_cache,
     PacketSavingConnection** server_connection,
diff --git a/chromium/net/quic/test_tools/simple_quic_framer.cc b/chromium/net/quic/test_tools/simple_quic_framer.cc
index dd0e0cb6a74..5fc13a30c34 100644
--- a/chromium/net/quic/test_tools/simple_quic_framer.cc
+++ b/chromium/net/quic/test_tools/simple_quic_framer.cc
@@ -4,6 +4,8 @@
 
 #include "net/quic/test_tools/simple_quic_framer.h"
 
+#include <memory>
+
 #include "base/macros.h"
 #include "base/stl_util.h"
 #include "net/quic/crypto/quic_decrypter.h"
@@ -55,7 +57,7 @@ class SimpleFramerVisitor : public QuicFramerVisitorInterface {
   bool OnStreamFrame(const QuicStreamFrame& frame) override {
     // Save a copy of the data so it is valid after the packet is processed.
     string* string_data = new string();
-    StringPiece(frame.frame_buffer, frame.frame_length)
+    StringPiece(frame.data_buffer, frame.data_length)
         .AppendToString(string_data);
     stream_data_.push_back(string_data);
     // TODO(ianswett): A pointer isn't necessary with emplace_back.
@@ -74,6 +76,11 @@ class SimpleFramerVisitor : public QuicFramerVisitorInterface {
     return true;
   }
 
+  bool OnPaddingFrame(const QuicPaddingFrame& frame) override {
+    padding_frames_.push_back(frame);
+    return true;
+  }
+
   bool OnPingFrame(const QuicPingFrame& frame) override {
     ping_frames_.push_back(frame);
     return true;
@@ -137,10 +144,11 @@ class SimpleFramerVisitor : public QuicFramerVisitorInterface {
   QuicErrorCode error_;
   bool has_header_;
   QuicPacketHeader header_;
-  scoped_ptr<QuicVersionNegotiationPacket> version_negotiation_packet_;
-  scoped_ptr<QuicPublicResetPacket> public_reset_packet_;
+  std::unique_ptr<QuicVersionNegotiationPacket> version_negotiation_packet_;
+  std::unique_ptr<QuicPublicResetPacket> public_reset_packet_;
   vector<QuicAckFrame> ack_frames_;
   vector<QuicStopWaitingFrame> stop_waiting_frames_;
+  vector<QuicPaddingFrame> padding_frames_;
   vector<QuicPingFrame> ping_frames_;
   vector<QuicStreamFrame*> stream_frames_;
   vector<QuicRstStreamFrame> rst_stream_frames_;
@@ -162,6 +170,10 @@ SimpleQuicFramer::SimpleQuicFramer()
 SimpleQuicFramer::SimpleQuicFramer(const QuicVersionVector& supported_versions)
     : framer_(supported_versions, QuicTime::Zero(), Perspective::IS_SERVER) {}
 
+SimpleQuicFramer::SimpleQuicFramer(const QuicVersionVector& supported_versions,
+                                   Perspective perspective)
+    : framer_(supported_versions, QuicTime::Zero(), perspective) {}
+
 SimpleQuicFramer::~SimpleQuicFramer() {}
 
 bool SimpleQuicFramer::ProcessPacket(const QuicEncryptedPacket& packet) {
diff --git a/chromium/net/quic/test_tools/simple_quic_framer.h b/chromium/net/quic/test_tools/simple_quic_framer.h
index f09db61e830..2247aef51f3 100644
--- a/chromium/net/quic/test_tools/simple_quic_framer.h
+++ b/chromium/net/quic/test_tools/simple_quic_framer.h
@@ -7,10 +7,10 @@
 
 #include <stddef.h>
 
+#include <memory>
 #include <vector>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_piece.h"
 #include "net/quic/quic_framer.h"
 #include "net/quic/quic_protocol.h"
@@ -32,6 +32,8 @@ class SimpleQuicFramer {
  public:
   SimpleQuicFramer();
   explicit SimpleQuicFramer(const QuicVersionVector& supported_versions);
+  SimpleQuicFramer(const QuicVersionVector& supported_versions,
+                   Perspective perspective);
   ~SimpleQuicFramer();
 
   bool ProcessPacket(const QuicEncryptedPacket& packet);
@@ -56,7 +58,7 @@ class SimpleQuicFramer {
 
  private:
   QuicFramer framer_;
-  scoped_ptr<SimpleFramerVisitor> visitor_;
+  std::unique_ptr<SimpleFramerVisitor> visitor_;
   DISALLOW_COPY_AND_ASSIGN(SimpleQuicFramer);
 };
 
diff --git a/chromium/net/sdch/sdch_owner.cc b/chromium/net/sdch/sdch_owner.cc
index 03e268e1343..5dc949a3e2f 100644
--- a/chromium/net/sdch/sdch_owner.cc
+++ b/chromium/net/sdch/sdch_owner.cc
@@ -10,6 +10,7 @@
 #include "base/debug/alias.h"
 #include "base/logging.h"
 #include "base/macros.h"
+#include "base/memory/ptr_util.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/strings/string_util.h"
 #include "base/time/default_clock.h"
@@ -79,7 +80,7 @@ class ValueMapPrefStorage : public SdchOwner::PrefStorage {
     *result = &storage_;
     return true;
   }
-  void SetValue(scoped_ptr<base::DictionaryValue> value) override {
+  void SetValue(std::unique_ptr<base::DictionaryValue> value) override {
     storage_.Clear();
     storage_.MergeDictionary(value.get());
   }
@@ -119,10 +120,10 @@ base::DictionaryValue* GetPersistentStoreDictionaryMap(
 // above schema, removing anything previously in the store under
 // kPreferenceName.
 void InitializePrefStore(SdchOwner::PrefStorage* store) {
-  scoped_ptr<base::DictionaryValue> empty_store(new base::DictionaryValue);
+  std::unique_ptr<base::DictionaryValue> empty_store(new base::DictionaryValue);
   empty_store->SetInteger(kVersionKey, kVersion);
   empty_store->Set(kDictionariesKey,
-                   make_scoped_ptr(new base::DictionaryValue));
+                   base::WrapUnique(new base::DictionaryValue));
   store->SetValue(std::move(empty_store));
 }
 
@@ -338,7 +339,8 @@ SdchOwner::~SdchOwner() {
   }
 }
 
-void SdchOwner::EnablePersistentStorage(scoped_ptr<PrefStorage> pref_store) {
+void SdchOwner::EnablePersistentStorage(
+    std::unique_ptr<PrefStorage> pref_store) {
   DCHECK(!external_pref_store_);
   DCHECK(pref_store);
   external_pref_store_ = std::move(pref_store);
@@ -483,7 +485,7 @@ void SdchOwner::OnDictionaryFetched(base::Time last_used,
   total_dictionary_bytes_ += dictionary_text.size();
 
   // Record the addition in the pref store.
-  scoped_ptr<base::DictionaryValue> dictionary_description(
+  std::unique_ptr<base::DictionaryValue> dictionary_description(
       new base::DictionaryValue());
   dictionary_description->SetString(kDictionaryUrlKey, dictionary_url.spec());
   dictionary_description->SetDouble(kDictionaryLastUsedKey,
@@ -640,7 +642,7 @@ void SdchOwner::OnPrefStorageInitializationComplete(bool succeeded) {
   in_memory_pref_store_ = nullptr;
 }
 
-void SdchOwner::SetClockForTesting(scoped_ptr<base::Clock> clock) {
+void SdchOwner::SetClockForTesting(std::unique_ptr<base::Clock> clock) {
   clock_ = std::move(clock);
 }
 
@@ -663,7 +665,7 @@ bool SdchOwner::HasDictionaryFromURLForTesting(const GURL& url) const {
 }
 
 void SdchOwner::SetFetcherForTesting(
-    scoped_ptr<SdchDictionaryFetcher> fetcher) {
+    std::unique_ptr<SdchDictionaryFetcher> fetcher) {
   fetcher_ = std::move(fetcher);
 }
 
diff --git a/chromium/net/sdch/sdch_owner.h b/chromium/net/sdch/sdch_owner.h
index 6af0bf01f0b..e6af26642f1 100644
--- a/chromium/net/sdch/sdch_owner.h
+++ b/chromium/net/sdch/sdch_owner.h
@@ -70,7 +70,7 @@ class NET_EXPORT SdchOwner : public SdchObserver {
     // Gets or sets the value in the preferences store.
     virtual bool GetValue(const base::DictionaryValue** result) const = 0;
     virtual bool GetMutableValue(base::DictionaryValue** result) = 0;
-    virtual void SetValue(scoped_ptr<base::DictionaryValue> value) = 0;
+    virtual void SetValue(std::unique_ptr<base::DictionaryValue> value) = 0;
 
     // Notifies the storage system that a value was changed via mutating the
     // result of GetMutableValue().
@@ -98,7 +98,7 @@ class NET_EXPORT SdchOwner : public SdchObserver {
 
   // Enables use of pref persistence. Ownership of the storage will be passed.
   // This routine may only be called once per SdchOwner instance.
-  void EnablePersistentStorage(scoped_ptr<PrefStorage> pref_store);
+  void EnablePersistentStorage(std::unique_ptr<PrefStorage> pref_store);
 
   // Defaults to kMaxTotalDictionarySize.
   void SetMaxTotalDictionarySize(size_t max_total_dictionary_size);
@@ -131,7 +131,7 @@ class NET_EXPORT SdchOwner : public SdchObserver {
                            const BoundNetLog& net_log,
                            bool was_from_cache);
 
-  void SetClockForTesting(scoped_ptr<base::Clock> clock);
+  void SetClockForTesting(std::unique_ptr<base::Clock> clock);
 
   // Returns the total number of dictionaries loaded.
   int GetDictionaryCountForTesting() const;
@@ -139,7 +139,7 @@ class NET_EXPORT SdchOwner : public SdchObserver {
   // Returns whether this SdchOwner has dictionary from |url| loaded.
   bool HasDictionaryFromURLForTesting(const GURL& url) const;
 
-  void SetFetcherForTesting(scoped_ptr<SdchDictionaryFetcher> fetcher);
+  void SetFetcherForTesting(std::unique_ptr<SdchDictionaryFetcher> fetcher);
 
  private:
   // For each active dictionary, stores local info.
@@ -215,11 +215,11 @@ class NET_EXPORT SdchOwner : public SdchObserver {
       int use_count, DictionaryFate fate);
 
   net::SdchManager* manager_;
-  scoped_ptr<net::SdchDictionaryFetcher> fetcher_;
+  std::unique_ptr<net::SdchDictionaryFetcher> fetcher_;
 
   size_t total_dictionary_bytes_;
 
-  scoped_ptr<base::Clock> clock_;
+  std::unique_ptr<base::Clock> clock_;
 
   size_t max_total_dictionary_size_;
   size_t min_space_for_dictionary_fetch_;
@@ -239,8 +239,8 @@ class NET_EXPORT SdchOwner : public SdchObserver {
   //   be freed, and pref_store_ will point to the external one.
   // * |pref_store_| holds an unowned pointer to the currently
   //   active pref store (one of the preceding two).
-  scoped_ptr<PrefStorage> in_memory_pref_store_;
-  scoped_ptr<PrefStorage> external_pref_store_;
+  std::unique_ptr<PrefStorage> in_memory_pref_store_;
+  std::unique_ptr<PrefStorage> external_pref_store_;
   PrefStorage* pref_store_;
 
   // The use counts of dictionaries when they were loaded from the persistent
diff --git a/chromium/net/sdch/sdch_owner_unittest.cc b/chromium/net/sdch/sdch_owner_unittest.cc
index 91d1e6d51f3..4a05a5960a4 100644
--- a/chromium/net/sdch/sdch_owner_unittest.cc
+++ b/chromium/net/sdch/sdch_owner_unittest.cc
@@ -9,12 +9,13 @@
 #include "base/location.h"
 #include "base/macros.h"
 #include "base/memory/memory_pressure_listener.h"
+#include "base/memory/ptr_util.h"
 #include "base/run_loop.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/stringprintf.h"
 #include "base/test/histogram_tester.h"
 #include "base/test/simple_test_clock.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/values.h"
 #include "net/base/sdch_manager.h"
 #include "net/log/net_log.h"
@@ -91,7 +92,7 @@ class TestPrefStorage : public SdchOwner::PrefStorage {
     *result = &storage_;
     return true;
   }
-  void SetValue(scoped_ptr<base::DictionaryValue> value) override {
+  void SetValue(std::unique_ptr<base::DictionaryValue> value) override {
     storage_.Clear();
     storage_.MergeDictionary(value.get());
   }
@@ -334,7 +335,7 @@ class SdchOwnerTest : public testing::Test {
   bool DictionaryPresentInManager(const std::string& server_hash) {
     // Presumes all tests use generic url.
     SdchProblemCode tmp;
-    scoped_ptr<SdchManager::DictionarySet> set(
+    std::unique_ptr<SdchManager::DictionarySet> set(
         sdch_manager_.GetDictionarySetByHash(GURL(generic_url), server_hash,
                                              &tmp));
     return !!set.get();
@@ -405,7 +406,7 @@ class SdchOwnerTest : public testing::Test {
   MockURLRequestJobFactory job_factory_;
   URLRequestContext url_request_context_;
   SdchManager sdch_manager_;
-  scoped_ptr<SdchOwner> sdch_owner_;
+  std::unique_ptr<SdchOwner> sdch_owner_;
 
   DISALLOW_COPY_AND_ASSIGN(SdchOwnerTest);
 };
@@ -477,7 +478,7 @@ TEST_F(SdchOwnerTest, ConfirmAutoEviction) {
   std::string server_hash_d3;
 
   base::SimpleTestClock* test_clock = new base::SimpleTestClock();
-  sdch_owner().SetClockForTesting(make_scoped_ptr(test_clock));
+  sdch_owner().SetClockForTesting(base::WrapUnique(test_clock));
   test_clock->SetNow(base::Time::Now());
 
   // Add two dictionaries, one recent, one more than a day in the past.
@@ -734,13 +735,13 @@ TEST_F(SdchOwnerTest, PinRemoveUse) {
   // Pass ownership of the storage to the SdchOwner, but keep a pointer.
   TestPrefStorage* pref_store = new TestPrefStorage(true);
   sdch_owner().EnablePersistentStorage(
-      scoped_ptr<SdchOwner::PrefStorage>(pref_store));
+      std::unique_ptr<SdchOwner::PrefStorage>(pref_store));
 
   std::string server_hash_d1;
   EXPECT_TRUE(CreateAndAddDictionary(kMaxSizeForTesting / 2, base::Time::Now(),
                                      &server_hash_d1));
 
-  scoped_ptr<SdchManager::DictionarySet> return_set(
+  std::unique_ptr<SdchManager::DictionarySet> return_set(
       sdch_manager().GetDictionarySet(
           GURL(std::string(generic_url) + "/x.html")));
   ASSERT_TRUE(return_set.get());
@@ -758,7 +759,7 @@ TEST_F(SdchOwnerTest, PinRemoveUse) {
   EXPECT_TRUE(dict_result->Get("dictionaries", &result));
   EXPECT_FALSE(dict_result->Get("dictionaries." + server_hash_d1, &result));
 
-  scoped_ptr<SdchManager::DictionarySet> return_set2(
+  std::unique_ptr<SdchManager::DictionarySet> return_set2(
       sdch_manager().GetDictionarySet(
           GURL(std::string(generic_url) + "/x.html")));
   EXPECT_FALSE(return_set2.get());
@@ -802,7 +803,7 @@ class SdchOwnerPersistenceTest : public ::testing::Test {
 
   // If the storage points is non-null it will be saved as the persistent
   // storage for the SdchOwner.
-  void ResetOwner(scoped_ptr<SdchOwner::PrefStorage> storage) {
+  void ResetOwner(std::unique_ptr<SdchOwner::PrefStorage> storage) {
     // This has to be done first, since SdchOwner may be observing SdchManager,
     // and SdchManager can't be destroyed with a live observer.
     owner_.reset(NULL);
@@ -813,7 +814,7 @@ class SdchOwnerPersistenceTest : public ::testing::Test {
     owner_->SetMaxTotalDictionarySize(SdchOwnerTest::kMaxSizeForTesting);
     owner_->SetMinSpaceForDictionaryFetch(
         SdchOwnerTest::kMinFetchSpaceForTesting);
-    owner_->SetFetcherForTesting(make_scoped_ptr(fetcher_));
+    owner_->SetFetcherForTesting(base::WrapUnique(fetcher_));
     if (storage)
       owner_->EnablePersistentStorage(std::move(storage));
   }
@@ -842,24 +843,24 @@ class SdchOwnerPersistenceTest : public ::testing::Test {
 
  protected:
   BoundNetLog net_log_;
-  scoped_ptr<SdchManager> manager_;
+  std::unique_ptr<SdchManager> manager_;
   MockSdchDictionaryFetcher* fetcher_;
-  scoped_ptr<SdchOwner> owner_;
+  std::unique_ptr<SdchOwner> owner_;
   TestURLRequestContext url_request_context_;
 };
 
 // Test an empty persistence store.
 TEST_F(SdchOwnerPersistenceTest, Empty) {
-  ResetOwner(make_scoped_ptr(new TestPrefStorage(true)));
+  ResetOwner(base::WrapUnique(new TestPrefStorage(true)));
   EXPECT_EQ(0, owner_->GetDictionaryCountForTesting());
 }
 
 // Test a persistence store with a bad version number.
 TEST_F(SdchOwnerPersistenceTest, Persistent_BadVersion) {
-  scoped_ptr<base::DictionaryValue> sdch_dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> sdch_dict(new base::DictionaryValue());
   sdch_dict->SetInteger("version", 2);
 
-  scoped_ptr<TestPrefStorage> storage(new TestPrefStorage(true));
+  std::unique_ptr<TestPrefStorage> storage(new TestPrefStorage(true));
   storage->SetValue(std::move(sdch_dict));
 
   TestPrefStorage* old_storage = storage.get();  // Save storage pointer.
@@ -872,12 +873,12 @@ TEST_F(SdchOwnerPersistenceTest, Persistent_BadVersion) {
 
 // Test a persistence store with an empty dictionaries map.
 TEST_F(SdchOwnerPersistenceTest, Persistent_EmptyDictList) {
-  scoped_ptr<base::DictionaryValue> sdch_dict(new base::DictionaryValue());
-  scoped_ptr<base::DictionaryValue> dicts(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> sdch_dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dicts(new base::DictionaryValue());
   sdch_dict->SetInteger("version", 1);
   sdch_dict->Set("dictionaries", std::move(dicts));
 
-  scoped_ptr<TestPrefStorage> storage(new TestPrefStorage(true));
+  std::unique_ptr<TestPrefStorage> storage(new TestPrefStorage(true));
   storage->SetValue(std::move(sdch_dict));
   ResetOwner(std::move(storage));
   EXPECT_EQ(0, owner_->GetDictionaryCountForTesting());
@@ -886,7 +887,7 @@ TEST_F(SdchOwnerPersistenceTest, Persistent_EmptyDictList) {
 TEST_F(SdchOwnerPersistenceTest, OneDict) {
   const GURL url("http://www.example.com/dict");
 
-  scoped_ptr<TestPrefStorage> storage(new TestPrefStorage(true));
+  std::unique_ptr<TestPrefStorage> storage(new TestPrefStorage(true));
   TestPrefStorage* old_storage = storage.get();  // Save storage pointer.
   ResetOwner(std::move(storage));  // Takes ownership of storage pointer.
   EXPECT_EQ(0, owner_->GetDictionaryCountForTesting());
@@ -904,7 +905,7 @@ TEST_F(SdchOwnerPersistenceTest, TwoDicts) {
   const GURL url0("http://www.example.com/dict0");
   const GURL url1("http://www.example.com/dict1");
 
-  scoped_ptr<TestPrefStorage> storage(new TestPrefStorage(true));
+  std::unique_ptr<TestPrefStorage> storage(new TestPrefStorage(true));
   TestPrefStorage* old_storage = storage.get();  // Save storage pointer.
   ResetOwner(std::move(storage));  // Takes ownership of storage pointer.
   InsertDictionaryForURL(url0, "0");
@@ -923,7 +924,7 @@ TEST_F(SdchOwnerPersistenceTest, OneGoodDictOneBadDict) {
   const GURL url0("http://www.example.com/dict0");
   const GURL url1("http://www.example.com/dict1");
 
-  scoped_ptr<TestPrefStorage> storage(new TestPrefStorage(true));
+  std::unique_ptr<TestPrefStorage> storage(new TestPrefStorage(true));
   TestPrefStorage* old_storage = storage.get();  // Save storage pointer.
   ResetOwner(std::move(storage));                // Takes ownership of storage.
   InsertDictionaryForURL(url0, "0");
@@ -946,7 +947,7 @@ TEST_F(SdchOwnerPersistenceTest, OneGoodDictOneBadDict) {
 TEST_F(SdchOwnerPersistenceTest, UsingDictionaryUpdatesUseCount) {
   const GURL url("http://www.example.com/dict");
 
-  scoped_ptr<TestPrefStorage> storage(new TestPrefStorage(true));
+  std::unique_ptr<TestPrefStorage> storage(new TestPrefStorage(true));
   TestPrefStorage* old_storage = storage.get();  // Save storage pointer.
   ResetOwner(std::move(storage));  // Takes ownership of storage pointer.
   InsertDictionaryForURL(url, "0");
@@ -980,13 +981,13 @@ TEST_F(SdchOwnerPersistenceTest, LoadingDictionaryMerges) {
   const GURL url0("http://www.example.com/dict0");
   const GURL url1("http://www.example.com/dict1");
 
-  scoped_ptr<TestPrefStorage> storage(new TestPrefStorage(true));
+  std::unique_ptr<TestPrefStorage> storage(new TestPrefStorage(true));
   TestPrefStorage* old_storage = storage.get();  // Save storage pointer.
   ResetOwner(std::move(storage));  // Takes ownership of storage pointer.
   InsertDictionaryForURL(url1, "1");
 
   storage.reset(new TestPrefStorage(*old_storage));
-  ResetOwner(scoped_ptr<SdchOwner::PrefStorage>());
+  ResetOwner(std::unique_ptr<SdchOwner::PrefStorage>());
   InsertDictionaryForURL(url0, "0");
   EXPECT_EQ(1, owner_->GetDictionaryCountForTesting());
   owner_->EnablePersistentStorage(std::move(storage));
@@ -998,7 +999,7 @@ TEST_F(SdchOwnerPersistenceTest, PersistenceMetrics) {
   const GURL url0("http://www.example.com/dict0");
   const GURL url1("http://www.example.com/dict1");
 
-  scoped_ptr<TestPrefStorage> storage(new TestPrefStorage(true));
+  std::unique_ptr<TestPrefStorage> storage(new TestPrefStorage(true));
   TestPrefStorage* old_storage = storage.get();  // Save storage pointer.
   ResetOwner(std::move(storage));  // Takes ownership of storage pointer.
 
diff --git a/chromium/net/server/http_connection.cc b/chromium/net/server/http_connection.cc
index d4d16cae191..69330438f4e 100644
--- a/chromium/net/server/http_connection.cc
+++ b/chromium/net/server/http_connection.cc
@@ -150,7 +150,7 @@ int HttpConnection::QueuedWriteIOBuffer::GetSizeToWrite() const {
   return pending_data_.front().size() - consumed;
 }
 
-HttpConnection::HttpConnection(int id, scoped_ptr<StreamSocket> socket)
+HttpConnection::HttpConnection(int id, std::unique_ptr<StreamSocket> socket)
     : id_(id),
       socket_(std::move(socket)),
       read_buf_(new ReadIOBuffer()),
@@ -159,7 +159,7 @@ HttpConnection::HttpConnection(int id, scoped_ptr<StreamSocket> socket)
 HttpConnection::~HttpConnection() {
 }
 
-void HttpConnection::SetWebSocket(scoped_ptr<WebSocket> web_socket) {
+void HttpConnection::SetWebSocket(std::unique_ptr<WebSocket> web_socket) {
   DCHECK(!web_socket_);
   web_socket_ = std::move(web_socket);
 }
diff --git a/chromium/net/server/http_connection.h b/chromium/net/server/http_connection.h
index 8103e4e5072..e708d3584fd 100644
--- a/chromium/net/server/http_connection.h
+++ b/chromium/net/server/http_connection.h
@@ -5,12 +5,12 @@
 #ifndef NET_SERVER_HTTP_CONNECTION_H_
 #define NET_SERVER_HTTP_CONNECTION_H_
 
+#include <memory>
 #include <queue>
 #include <string>
 
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/io_buffer.h"
 
 namespace net {
@@ -110,7 +110,7 @@ class HttpConnection {
     DISALLOW_COPY_AND_ASSIGN(QueuedWriteIOBuffer);
   };
 
-  HttpConnection(int id, scoped_ptr<StreamSocket> socket);
+  HttpConnection(int id, std::unique_ptr<StreamSocket> socket);
   ~HttpConnection();
 
   int id() const { return id_; }
@@ -119,15 +119,15 @@ class HttpConnection {
   QueuedWriteIOBuffer* write_buf() const { return write_buf_.get(); }
 
   WebSocket* web_socket() const { return web_socket_.get(); }
-  void SetWebSocket(scoped_ptr<WebSocket> web_socket);
+  void SetWebSocket(std::unique_ptr<WebSocket> web_socket);
 
  private:
   const int id_;
-  const scoped_ptr<StreamSocket> socket_;
+  const std::unique_ptr<StreamSocket> socket_;
   const scoped_refptr<ReadIOBuffer> read_buf_;
   const scoped_refptr<QueuedWriteIOBuffer> write_buf_;
 
-  scoped_ptr<WebSocket> web_socket_;
+  std::unique_ptr<WebSocket> web_socket_;
 
   DISALLOW_COPY_AND_ASSIGN(HttpConnection);
 };
diff --git a/chromium/net/server/http_server.cc b/chromium/net/server/http_server.cc
index ab05af87ed8..ecda01701cd 100644
--- a/chromium/net/server/http_server.cc
+++ b/chromium/net/server/http_server.cc
@@ -10,13 +10,14 @@
 #include "base/compiler_specific.h"
 #include "base/location.h"
 #include "base/logging.h"
+#include "base/memory/ptr_util.h"
 #include "base/single_thread_task_runner.h"
 #include "base/stl_util.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
 #include "base/sys_byteorder.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "build/build_config.h"
 #include "net/base/net_errors.h"
 #include "net/server/http_connection.h"
@@ -29,7 +30,7 @@
 
 namespace net {
 
-HttpServer::HttpServer(scoped_ptr<ServerSocket> server_socket,
+HttpServer::HttpServer(std::unique_ptr<ServerSocket> server_socket,
                        HttpServer::Delegate* delegate)
     : server_socket_(std::move(server_socket)),
       delegate_(delegate),
@@ -239,7 +240,7 @@ int HttpServer::HandleReadResult(HttpConnection* connection, int rv) {
 
     if (request.HasHeaderValue("connection", "upgrade")) {
       connection->SetWebSocket(
-          make_scoped_ptr(new WebSocket(this, connection)));
+          base::WrapUnique(new WebSocket(this, connection)));
       read_buf->DidConsume(pos);
       delegate_->OnWebSocketRequest(connection->id(), request);
       if (HasClosedConnection(connection))
diff --git a/chromium/net/server/http_server.h b/chromium/net/server/http_server.h
index 7e103ddb4fc..a0062d6821b 100644
--- a/chromium/net/server/http_server.h
+++ b/chromium/net/server/http_server.h
@@ -9,10 +9,10 @@
 #include <stdint.h>
 
 #include <map>
+#include <memory>
 #include <string>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "net/http/http_status_code.h"
 
@@ -48,7 +48,7 @@ class HttpServer {
   // listening, but not accepting.  This constructor schedules accepting
   // connections asynchronously in case when |delegate| is not ready to get
   // callbacks yet.
-  HttpServer(scoped_ptr<ServerSocket> server_socket,
+  HttpServer(std::unique_ptr<ServerSocket> server_socket,
              HttpServer::Delegate* delegate);
   ~HttpServer();
 
@@ -109,8 +109,8 @@ class HttpServer {
   // Whether or not Close() has been called during delegate callback processing.
   bool HasClosedConnection(HttpConnection* connection);
 
-  const scoped_ptr<ServerSocket> server_socket_;
-  scoped_ptr<StreamSocket> accepted_socket_;
+  const std::unique_ptr<ServerSocket> server_socket_;
+  std::unique_ptr<StreamSocket> accepted_socket_;
   HttpServer::Delegate* const delegate_;
 
   int last_id_;
diff --git a/chromium/net/server/http_server_unittest.cc b/chromium/net/server/http_server_unittest.cc
index 2c72323db98..2f573cf29c1 100644
--- a/chromium/net/server/http_server_unittest.cc
+++ b/chromium/net/server/http_server_unittest.cc
@@ -2,9 +2,12 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "net/server/http_server.h"
+
 #include <stdint.h>
 
 #include <algorithm>
+#include <memory>
 #include <utility>
 #include <vector>
 
@@ -16,15 +19,15 @@
 #include "base/location.h"
 #include "base/logging.h"
 #include "base/macros.h"
+#include "base/memory/ptr_util.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "base/run_loop.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/string_split.h"
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/time/time.h"
 #include "net/base/address_list.h"
 #include "net/base/io_buffer.h"
@@ -34,7 +37,6 @@
 #include "net/http/http_response_headers.h"
 #include "net/http/http_util.h"
 #include "net/log/net_log.h"
-#include "net/server/http_server.h"
 #include "net/server/http_server_request_info.h"
 #include "net/socket/tcp_client_socket.h"
 #include "net/socket/tcp_server_socket.h"
@@ -78,7 +80,7 @@ class TestHttpClient {
   int ConnectAndWait(const IPEndPoint& address) {
     AddressList addresses(address);
     NetLog::Source source;
-    socket_.reset(new TCPClientSocket(addresses, NULL, source));
+    socket_.reset(new TCPClientSocket(addresses, NULL, NULL, source));
 
     base::RunLoop run_loop;
     connect_result_ = socket_->Connect(base::Bind(&TestHttpClient::OnConnect,
@@ -173,7 +175,7 @@ class TestHttpClient {
 
   scoped_refptr<IOBufferWithSize> read_buffer_;
   scoped_refptr<DrainableIOBuffer> write_buffer_;
-  scoped_ptr<TCPClientSocket> socket_;
+  std::unique_ptr<TCPClientSocket> socket_;
   int connect_result_;
 };
 
@@ -185,7 +187,7 @@ class HttpServerTest : public testing::Test,
   HttpServerTest() : quit_after_request_count_(0) {}
 
   void SetUp() override {
-    scoped_ptr<ServerSocket> server_socket(
+    std::unique_ptr<ServerSocket> server_socket(
         new TCPServerSocket(NULL, NetLog::Source()));
     server_socket->ListenWithAddressAndPort("127.0.0.1", 0, 1);
     server_.reset(new HttpServer(std::move(server_socket), this));
@@ -232,13 +234,13 @@ class HttpServerTest : public testing::Test,
     return requests_[request_index].second;
   }
 
-  void HandleAcceptResult(scoped_ptr<StreamSocket> socket) {
+  void HandleAcceptResult(std::unique_ptr<StreamSocket> socket) {
     server_->accepted_socket_.reset(socket.release());
     server_->HandleAcceptResult(OK);
   }
 
  protected:
-  scoped_ptr<HttpServer> server_;
+  std::unique_ptr<HttpServer> server_;
   IPEndPoint server_address_;
   base::Closure run_loop_quit_func_;
   std::vector<std::pair<HttpServerRequestInfo, int> > requests_;
@@ -423,7 +425,7 @@ TEST_F(HttpServerTest, RequestWithTooLargeBody) {
 
   scoped_refptr<URLRequestContextGetter> request_context_getter(
       new TestURLRequestContextGetter(base::ThreadTaskRunnerHandle::Get()));
-  scoped_ptr<URLFetcher> fetcher =
+  std::unique_ptr<URLFetcher> fetcher =
       URLFetcher::Create(GURL(base::StringPrintf("http://127.0.0.1:%d/test",
                                                  server_address_.port())),
                          URLFetcher::GET, &delegate);
@@ -568,7 +570,7 @@ class MockStreamSocket : public StreamSocket {
 
 TEST_F(HttpServerTest, RequestWithBodySplitAcrossPackets) {
   MockStreamSocket* socket = new MockStreamSocket();
-  HandleAcceptResult(make_scoped_ptr<StreamSocket>(socket));
+  HandleAcceptResult(base::WrapUnique<StreamSocket>(socket));
   std::string body("body");
   std::string request_text = base::StringPrintf(
       "GET /test HTTP/1.1\r\n"
diff --git a/chromium/net/server/web_socket.h b/chromium/net/server/web_socket.h
index 19e9c71a5dc..aa01f11e163 100644
--- a/chromium/net/server/web_socket.h
+++ b/chromium/net/server/web_socket.h
@@ -5,10 +5,10 @@
 #ifndef NET_SERVER_WEB_SOCKET_H_
 #define NET_SERVER_WEB_SOCKET_H_
 
+#include <memory>
 #include <string>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_piece.h"
 
 namespace net {
@@ -40,7 +40,7 @@ class WebSocket final {
 
   HttpServer* const server_;
   HttpConnection* const connection_;
-  scoped_ptr<WebSocketEncoder> encoder_;
+  std::unique_ptr<WebSocketEncoder> encoder_;
   bool closed_;
 
   DISALLOW_COPY_AND_ASSIGN(WebSocket);
diff --git a/chromium/net/server/web_socket_encoder.cc b/chromium/net/server/web_socket_encoder.cc
index d90a156aaae..60a9a47021c 100644
--- a/chromium/net/server/web_socket_encoder.cc
+++ b/chromium/net/server/web_socket_encoder.cc
@@ -9,6 +9,7 @@
 #include <vector>
 
 #include "base/logging.h"
+#include "base/memory/ptr_util.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/stringprintf.h"
 #include "net/base/io_buffer.h"
@@ -186,12 +187,12 @@ void EncodeFrameHybi17(const std::string& message,
 }  // anonymous namespace
 
 // static
-scoped_ptr<WebSocketEncoder> WebSocketEncoder::CreateServer() {
-  return make_scoped_ptr(new WebSocketEncoder(FOR_SERVER, nullptr, nullptr));
+std::unique_ptr<WebSocketEncoder> WebSocketEncoder::CreateServer() {
+  return base::WrapUnique(new WebSocketEncoder(FOR_SERVER, nullptr, nullptr));
 }
 
 // static
-scoped_ptr<WebSocketEncoder> WebSocketEncoder::CreateServer(
+std::unique_ptr<WebSocketEncoder> WebSocketEncoder::CreateServer(
     const std::string& extensions,
     WebSocketDeflateParameters* deflate_parameters) {
   WebSocketExtensionParser parser;
@@ -218,9 +219,9 @@ scoped_ptr<WebSocketEncoder> WebSocketEncoder::CreateServer(
     }
     DCHECK(response.IsValidAsResponse());
     DCHECK(offer.IsCompatibleWith(response));
-    auto deflater = make_scoped_ptr(
+    auto deflater = base::WrapUnique(
         new WebSocketDeflater(response.server_context_take_over_mode()));
-    auto inflater = make_scoped_ptr(
+    auto inflater = base::WrapUnique(
         new WebSocketInflater(kInflaterChunkSize, kInflaterChunkSize));
     if (!deflater->Initialize(response.PermissiveServerMaxWindowBits()) ||
         !inflater->Initialize(response.PermissiveClientMaxWindowBits())) {
@@ -228,16 +229,16 @@ scoped_ptr<WebSocketEncoder> WebSocketEncoder::CreateServer(
       continue;
     }
     *deflate_parameters = response;
-    return make_scoped_ptr(new WebSocketEncoder(FOR_SERVER, std::move(deflater),
-                                                std::move(inflater)));
+    return base::WrapUnique(new WebSocketEncoder(
+        FOR_SERVER, std::move(deflater), std::move(inflater)));
   }
 
   // We cannot find an acceptable offer.
-  return make_scoped_ptr(new WebSocketEncoder(FOR_SERVER, nullptr, nullptr));
+  return base::WrapUnique(new WebSocketEncoder(FOR_SERVER, nullptr, nullptr));
 }
 
 // static
-scoped_ptr<WebSocketEncoder> WebSocketEncoder::CreateClient(
+std::unique_ptr<WebSocketEncoder> WebSocketEncoder::CreateClient(
     const std::string& response_extensions) {
   // TODO(yhirano): Add a way to return an error.
 
@@ -248,12 +249,12 @@ scoped_ptr<WebSocketEncoder> WebSocketEncoder::CreateClient(
     // 2) There is a malformed Sec-WebSocketExtensions header.
     // We should return a deflate-disabled encoder for the former case and
     // fail the connection for the latter case.
-    return make_scoped_ptr(new WebSocketEncoder(FOR_CLIENT, nullptr, nullptr));
+    return base::WrapUnique(new WebSocketEncoder(FOR_CLIENT, nullptr, nullptr));
   }
   if (parser.extensions().size() != 1) {
     // Only permessage-deflate extension is supported.
     // TODO (yhirano): Fail the connection.
-    return make_scoped_ptr(new WebSocketEncoder(FOR_CLIENT, nullptr, nullptr));
+    return base::WrapUnique(new WebSocketEncoder(FOR_CLIENT, nullptr, nullptr));
   }
   const auto& extension = parser.extensions()[0];
   WebSocketDeflateParameters params;
@@ -261,26 +262,26 @@ scoped_ptr<WebSocketEncoder> WebSocketEncoder::CreateClient(
   if (!params.Initialize(extension, &failure_message) ||
       !params.IsValidAsResponse(&failure_message)) {
     // TODO (yhirano): Fail the connection.
-    return make_scoped_ptr(new WebSocketEncoder(FOR_CLIENT, nullptr, nullptr));
+    return base::WrapUnique(new WebSocketEncoder(FOR_CLIENT, nullptr, nullptr));
   }
 
-  auto deflater = make_scoped_ptr(
+  auto deflater = base::WrapUnique(
       new WebSocketDeflater(params.client_context_take_over_mode()));
-  auto inflater = make_scoped_ptr(
+  auto inflater = base::WrapUnique(
       new WebSocketInflater(kInflaterChunkSize, kInflaterChunkSize));
   if (!deflater->Initialize(params.PermissiveClientMaxWindowBits()) ||
       !inflater->Initialize(params.PermissiveServerMaxWindowBits())) {
     // TODO (yhirano): Fail the connection.
-    return make_scoped_ptr(new WebSocketEncoder(FOR_CLIENT, nullptr, nullptr));
+    return base::WrapUnique(new WebSocketEncoder(FOR_CLIENT, nullptr, nullptr));
   }
 
-  return make_scoped_ptr(new WebSocketEncoder(FOR_CLIENT, std::move(deflater),
-                                              std::move(inflater)));
+  return base::WrapUnique(new WebSocketEncoder(FOR_CLIENT, std::move(deflater),
+                                               std::move(inflater)));
 }
 
 WebSocketEncoder::WebSocketEncoder(Type type,
-                                   scoped_ptr<WebSocketDeflater> deflater,
-                                   scoped_ptr<WebSocketInflater> inflater)
+                                   std::unique_ptr<WebSocketDeflater> deflater,
+                                   std::unique_ptr<WebSocketInflater> inflater)
     : type_(type),
       deflater_(std::move(deflater)),
       inflater_(std::move(inflater)) {}
diff --git a/chromium/net/server/web_socket_encoder.h b/chromium/net/server/web_socket_encoder.h
index caeec946599..af8122845d7 100644
--- a/chromium/net/server/web_socket_encoder.h
+++ b/chromium/net/server/web_socket_encoder.h
@@ -5,10 +5,10 @@
 #ifndef NET_SERVER_WEB_SOCKET_ENCODER_H_
 #define NET_SERVER_WEB_SOCKET_ENCODER_H_
 
+#include <memory>
 #include <string>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_piece.h"
 #include "net/server/web_socket.h"
 #include "net/websockets/websocket_deflater.h"
@@ -25,14 +25,14 @@ class WebSocketEncoder final {
   ~WebSocketEncoder();
 
   // Creates and returns an encoder for a server without extensions.
-  static scoped_ptr<WebSocketEncoder> CreateServer();
+  static std::unique_ptr<WebSocketEncoder> CreateServer();
   // Creates and returns an encoder.
   // |extensions| is the value of a Sec-WebSocket-Extensions header.
   // Returns nullptr when there is an error.
-  static scoped_ptr<WebSocketEncoder> CreateServer(
+  static std::unique_ptr<WebSocketEncoder> CreateServer(
       const std::string& extensions,
       WebSocketDeflateParameters* params);
-  static scoped_ptr<WebSocketEncoder> CreateClient(
+  static std::unique_ptr<WebSocketEncoder> CreateClient(
       const std::string& response_extensions);
 
   WebSocket::ParseResult DecodeFrame(const base::StringPiece& frame,
@@ -51,15 +51,15 @@ class WebSocketEncoder final {
   };
 
   WebSocketEncoder(Type type,
-                   scoped_ptr<WebSocketDeflater> deflater,
-                   scoped_ptr<WebSocketInflater> inflater);
+                   std::unique_ptr<WebSocketDeflater> deflater,
+                   std::unique_ptr<WebSocketInflater> inflater);
 
   bool Inflate(std::string* message);
   bool Deflate(const std::string& message, std::string* output);
 
   Type type_;
-  scoped_ptr<WebSocketDeflater> deflater_;
-  scoped_ptr<WebSocketInflater> inflater_;
+  std::unique_ptr<WebSocketDeflater> deflater_;
+  std::unique_ptr<WebSocketInflater> inflater_;
 
   DISALLOW_COPY_AND_ASSIGN(WebSocketEncoder);
 };
diff --git a/chromium/net/server/web_socket_encoder_unittest.cc b/chromium/net/server/web_socket_encoder_unittest.cc
index 27babda7fac..711a852a9f6 100644
--- a/chromium/net/server/web_socket_encoder_unittest.cc
+++ b/chromium/net/server/web_socket_encoder_unittest.cc
@@ -12,7 +12,7 @@ namespace net {
 
 TEST(WebSocketEncoderHandshakeTest, EmptyRequestShouldBeRejected) {
   WebSocketDeflateParameters params;
-  scoped_ptr<WebSocketEncoder> server =
+  std::unique_ptr<WebSocketEncoder> server =
       WebSocketEncoder::CreateServer("", &params);
 
   EXPECT_FALSE(server);
@@ -21,7 +21,7 @@ TEST(WebSocketEncoderHandshakeTest, EmptyRequestShouldBeRejected) {
 TEST(WebSocketEncoderHandshakeTest,
      CreateServerWithoutClientMaxWindowBitsParameter) {
   WebSocketDeflateParameters params;
-  scoped_ptr<WebSocketEncoder> server =
+  std::unique_ptr<WebSocketEncoder> server =
       WebSocketEncoder::CreateServer("permessage-deflate", &params);
 
   ASSERT_TRUE(server);
@@ -32,7 +32,7 @@ TEST(WebSocketEncoderHandshakeTest,
 TEST(WebSocketEncoderHandshakeTest,
      CreateServerWithServerNoContextTakeoverParameter) {
   WebSocketDeflateParameters params;
-  scoped_ptr<WebSocketEncoder> server = WebSocketEncoder::CreateServer(
+  std::unique_ptr<WebSocketEncoder> server = WebSocketEncoder::CreateServer(
       "permessage-deflate; server_no_context_takeover", &params);
   ASSERT_TRUE(server);
   EXPECT_TRUE(server->deflate_enabled());
@@ -42,7 +42,7 @@ TEST(WebSocketEncoderHandshakeTest,
 
 TEST(WebSocketEncoderHandshakeTest, FirstExtensionShouldBeChosen) {
   WebSocketDeflateParameters params;
-  scoped_ptr<WebSocketEncoder> server = WebSocketEncoder::CreateServer(
+  std::unique_ptr<WebSocketEncoder> server = WebSocketEncoder::CreateServer(
       "permessage-deflate; server_no_context_takeover,"
       "permessage-deflate; server_max_window_bits=15",
       &params);
@@ -55,7 +55,7 @@ TEST(WebSocketEncoderHandshakeTest, FirstExtensionShouldBeChosen) {
 
 TEST(WebSocketEncoderHandshakeTest, FirstValidExtensionShouldBeChosen) {
   WebSocketDeflateParameters params;
-  scoped_ptr<WebSocketEncoder> server = WebSocketEncoder::CreateServer(
+  std::unique_ptr<WebSocketEncoder> server = WebSocketEncoder::CreateServer(
       "permessage-deflate; Xserver_no_context_takeover,"
       "permessage-deflate; server_max_window_bits=15",
       &params);
@@ -68,7 +68,7 @@ TEST(WebSocketEncoderHandshakeTest, FirstValidExtensionShouldBeChosen) {
 
 TEST(WebSocketEncoderHandshakeTest, AllExtensionsAreUnknownOrMalformed) {
   WebSocketDeflateParameters params;
-  scoped_ptr<WebSocketEncoder> server =
+  std::unique_ptr<WebSocketEncoder> server =
       WebSocketEncoder::CreateServer("unknown, permessage-deflate; x", &params);
 
   ASSERT_TRUE(server);
@@ -87,8 +87,8 @@ class WebSocketEncoderTest : public testing::Test {
   }
 
  protected:
-  scoped_ptr<WebSocketEncoder> server_;
-  scoped_ptr<WebSocketEncoder> client_;
+  std::unique_ptr<WebSocketEncoder> server_;
+  std::unique_ptr<WebSocketEncoder> client_;
 };
 
 class WebSocketEncoderCompressionTest : public WebSocketEncoderTest {
@@ -108,8 +108,8 @@ class WebSocketEncoderCompressionTest : public WebSocketEncoderTest {
 };
 
 TEST_F(WebSocketEncoderTest, DeflateDisabledEncoder) {
-  scoped_ptr<WebSocketEncoder> server = WebSocketEncoder::CreateServer();
-  scoped_ptr<WebSocketEncoder> client = WebSocketEncoder::CreateClient("");
+  std::unique_ptr<WebSocketEncoder> server = WebSocketEncoder::CreateServer();
+  std::unique_ptr<WebSocketEncoder> client = WebSocketEncoder::CreateClient("");
 
   ASSERT_TRUE(server);
   ASSERT_TRUE(client);
diff --git a/chromium/net/socket/client_socket_factory.cc b/chromium/net/socket/client_socket_factory.cc
index 311f926b59f..42daa5a5200 100644
--- a/chromium/net/socket/client_socket_factory.cc
+++ b/chromium/net/socket/client_socket_factory.cc
@@ -10,15 +10,10 @@
 #include "build/build_config.h"
 #include "net/cert/cert_database.h"
 #include "net/socket/client_socket_handle.h"
+#include "net/socket/ssl_client_socket_impl.h"
 #include "net/socket/tcp_client_socket.h"
 #include "net/udp/udp_client_socket.h"
 
-#if defined(USE_OPENSSL)
-#include "net/socket/ssl_client_socket_openssl.h"
-#else
-#include "net/socket/ssl_client_socket_nss.h"
-#endif
-
 namespace net {
 
 class X509Certificate;
@@ -49,35 +44,31 @@ class DefaultClientSocketFactory : public ClientSocketFactory,
     ClearSSLSessionCache();
   }
 
-  scoped_ptr<DatagramClientSocket> CreateDatagramClientSocket(
+  std::unique_ptr<DatagramClientSocket> CreateDatagramClientSocket(
       DatagramSocket::BindType bind_type,
       const RandIntCallback& rand_int_cb,
       NetLog* net_log,
       const NetLog::Source& source) override {
-    return scoped_ptr<DatagramClientSocket>(
+    return std::unique_ptr<DatagramClientSocket>(
         new UDPClientSocket(bind_type, rand_int_cb, net_log, source));
   }
 
-  scoped_ptr<StreamSocket> CreateTransportClientSocket(
+  std::unique_ptr<StreamSocket> CreateTransportClientSocket(
       const AddressList& addresses,
+      std::unique_ptr<SocketPerformanceWatcher> socket_performance_watcher,
       NetLog* net_log,
       const NetLog::Source& source) override {
-    return scoped_ptr<StreamSocket>(
-        new TCPClientSocket(addresses, net_log, source));
+    return std::unique_ptr<StreamSocket>(new TCPClientSocket(
+        addresses, std::move(socket_performance_watcher), net_log, source));
   }
 
-  scoped_ptr<SSLClientSocket> CreateSSLClientSocket(
-      scoped_ptr<ClientSocketHandle> transport_socket,
+  std::unique_ptr<SSLClientSocket> CreateSSLClientSocket(
+      std::unique_ptr<ClientSocketHandle> transport_socket,
       const HostPortPair& host_and_port,
       const SSLConfig& ssl_config,
       const SSLClientSocketContext& context) override {
-#if defined(USE_OPENSSL)
-    return scoped_ptr<SSLClientSocket>(new SSLClientSocketOpenSSL(
-        std::move(transport_socket), host_and_port, ssl_config, context));
-#else
-    return scoped_ptr<SSLClientSocket>(new SSLClientSocketNSS(
+    return std::unique_ptr<SSLClientSocket>(new SSLClientSocketImpl(
         std::move(transport_socket), host_and_port, ssl_config, context));
-#endif
   }
 
   void ClearSSLSessionCache() override { SSLClientSocket::ClearSessionCache(); }
diff --git a/chromium/net/socket/client_socket_factory.h b/chromium/net/socket/client_socket_factory.h
index 668f39e3032..5fdb36585d7 100644
--- a/chromium/net/socket/client_socket_factory.h
+++ b/chromium/net/socket/client_socket_factory.h
@@ -5,12 +5,13 @@
 #ifndef NET_SOCKET_CLIENT_SOCKET_FACTORY_H_
 #define NET_SOCKET_CLIENT_SOCKET_FACTORY_H_
 
+#include <memory>
 #include <string>
 
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 #include "net/base/rand_callback.h"
 #include "net/log/net_log.h"
+#include "net/socket/socket_performance_watcher.h"
 #include "net/udp/datagram_socket.h"
 
 namespace net {
@@ -32,22 +33,23 @@ class NET_EXPORT ClientSocketFactory {
 
   // |source| is the NetLog::Source for the entity trying to create the socket,
   // if it has one.
-  virtual scoped_ptr<DatagramClientSocket> CreateDatagramClientSocket(
+  virtual std::unique_ptr<DatagramClientSocket> CreateDatagramClientSocket(
       DatagramSocket::BindType bind_type,
       const RandIntCallback& rand_int_cb,
       NetLog* net_log,
       const NetLog::Source& source) = 0;
 
-  virtual scoped_ptr<StreamSocket> CreateTransportClientSocket(
+  virtual std::unique_ptr<StreamSocket> CreateTransportClientSocket(
       const AddressList& addresses,
+      std::unique_ptr<SocketPerformanceWatcher> socket_performance_watcher,
       NetLog* net_log,
       const NetLog::Source& source) = 0;
 
   // It is allowed to pass in a |transport_socket| that is not obtained from a
   // socket pool. The caller could create a ClientSocketHandle directly and call
   // set_socket() on it to set a valid StreamSocket instance.
-  virtual scoped_ptr<SSLClientSocket> CreateSSLClientSocket(
-      scoped_ptr<ClientSocketHandle> transport_socket,
+  virtual std::unique_ptr<SSLClientSocket> CreateSSLClientSocket(
+      std::unique_ptr<ClientSocketHandle> transport_socket,
       const HostPortPair& host_and_port,
       const SSLConfig& ssl_config,
       const SSLClientSocketContext& context) = 0;
diff --git a/chromium/net/socket/client_socket_handle.cc b/chromium/net/socket/client_socket_handle.cc
index 97b1b89d844..0dc7b39309c 100644
--- a/chromium/net/socket/client_socket_handle.cc
+++ b/chromium/net/socket/client_socket_handle.cc
@@ -136,7 +136,7 @@ bool ClientSocketHandle::GetLoadTimingInfo(
   return true;
 }
 
-void ClientSocketHandle::SetSocket(scoped_ptr<StreamSocket> s) {
+void ClientSocketHandle::SetSocket(std::unique_ptr<StreamSocket> s) {
   socket_ = std::move(s);
 }
 
@@ -148,7 +148,7 @@ void ClientSocketHandle::OnIOComplete(int result) {
   callback.Run(result);
 }
 
-scoped_ptr<StreamSocket> ClientSocketHandle::PassSocket() {
+std::unique_ptr<StreamSocket> ClientSocketHandle::PassSocket() {
   return std::move(socket_);
 }
 
diff --git a/chromium/net/socket/client_socket_handle.h b/chromium/net/socket/client_socket_handle.h
index a8af5c078be..2b1cf5cc3a8 100644
--- a/chromium/net/socket/client_socket_handle.h
+++ b/chromium/net/socket/client_socket_handle.h
@@ -5,12 +5,12 @@
 #ifndef NET_SOCKET_CLIENT_SOCKET_HANDLE_H_
 #define NET_SOCKET_CLIENT_SOCKET_HANDLE_H_
 
+#include <memory>
 #include <string>
 
 #include "base/logging.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/time/time.h"
 #include "net/base/completion_callback.h"
 #include "net/base/ip_endpoint.h"
@@ -132,7 +132,7 @@ class NET_EXPORT ClientSocketHandle {
   //
   // SetSocket() may also be used if this handle is used as simply for
   // socket storage (e.g., http://crbug.com/37810).
-  void SetSocket(scoped_ptr<StreamSocket> s);
+  void SetSocket(std::unique_ptr<StreamSocket> s);
   void set_reuse_type(SocketReuseType reuse_type) { reuse_type_ = reuse_type; }
   void set_idle_time(base::TimeDelta idle_time) { idle_time_ = idle_time; }
   void set_pool_id(int id) { pool_id_ = id; }
@@ -176,7 +176,7 @@ class NET_EXPORT ClientSocketHandle {
 
   // SetSocket() must be called with a new socket before this handle
   // is destroyed if is_initialized() is true.
-  scoped_ptr<StreamSocket> PassSocket();
+  std::unique_ptr<StreamSocket> PassSocket();
 
   // These may only be used if is_initialized() is true.
   const std::string& group_name() const { return group_name_; }
@@ -210,7 +210,7 @@ class NET_EXPORT ClientSocketHandle {
   bool is_initialized_;
   ClientSocketPool* pool_;
   HigherLayeredPool* higher_pool_;
-  scoped_ptr<StreamSocket> socket_;
+  std::unique_ptr<StreamSocket> socket_;
   std::string group_name_;
   SocketReuseType reuse_type_;
   CompletionCallback callback_;
@@ -220,7 +220,7 @@ class NET_EXPORT ClientSocketHandle {
   bool is_ssl_error_;
   HttpResponseInfo ssl_error_response_info_;
   SSLFailureState ssl_failure_state_;
-  scoped_ptr<ClientSocketHandle> pending_http_proxy_connection_;
+  std::unique_ptr<ClientSocketHandle> pending_http_proxy_connection_;
   std::vector<ConnectionAttempt> connection_attempts_;
   base::TimeTicks init_time_;
   base::TimeDelta setup_time_;
diff --git a/chromium/net/socket/client_socket_pool.h b/chromium/net/socket/client_socket_pool.h
index 73d90dd485c..b59f6049da8 100644
--- a/chromium/net/socket/client_socket_pool.h
+++ b/chromium/net/socket/client_socket_pool.h
@@ -6,11 +6,11 @@
 #define NET_SOCKET_CLIENT_SOCKET_POOL_H_
 
 #include <deque>
+#include <memory>
 #include <string>
 
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/time/time.h"
 #include "net/base/completion_callback.h"
 #include "net/base/load_states.h"
@@ -139,7 +139,7 @@ class NET_EXPORT ClientSocketPool : public LowerLayeredPool {
   // change when it flushes, so it can use this |id| to discard sockets with
   // mismatched ids.
   virtual void ReleaseSocket(const std::string& group_name,
-                             scoped_ptr<StreamSocket> socket,
+                             std::unique_ptr<StreamSocket> socket,
                              int id) = 0;
 
   // This flushes all state from the ClientSocketPool.  This means that all
@@ -166,7 +166,7 @@ class NET_EXPORT ClientSocketPool : public LowerLayeredPool {
   // DictionaryValue.
   // If |include_nested_pools| is true, the states of any nested
   // ClientSocketPools will be included.
-  virtual scoped_ptr<base::DictionaryValue> GetInfoAsValue(
+  virtual std::unique_ptr<base::DictionaryValue> GetInfoAsValue(
       const std::string& name,
       const std::string& type,
       bool include_nested_pools) const = 0;
diff --git a/chromium/net/socket/client_socket_pool_base.cc b/chromium/net/socket/client_socket_pool_base.cc
index b240e3db026..df27d1566e3 100644
--- a/chromium/net/socket/client_socket_pool_base.cc
+++ b/chromium/net/socket/client_socket_pool_base.cc
@@ -14,7 +14,7 @@
 #include "base/single_thread_task_runner.h"
 #include "base/stl_util.h"
 #include "base/strings/string_util.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/time/time.h"
 #include "base/trace_event/trace_event.h"
 #include "base/values.h"
@@ -27,24 +27,6 @@ namespace net {
 
 namespace {
 
-// Indicate whether we should enable idle socket cleanup timer. When timer is
-// disabled, sockets are closed next time a socket request is made.
-// Keep this enabled for windows as long as we support Windows XP, see the note
-// in kCleanupInterval below.
-#if defined(OS_WIN)
-bool g_cleanup_timer_enabled = true;
-#else
-bool g_cleanup_timer_enabled = false;
-#endif
-
-// The timeout value, in seconds, used to clean up idle sockets that can't be
-// reused.
-//
-// Note: It's important to close idle sockets that have received data as soon
-// as possible because the received data may cause BSOD on Windows XP under
-// some conditions.  See http://crbug.com/4606.
-const int kCleanupInterval = 10;  // DO NOT INCREASE THIS TIMEOUT.
-
 // Indicate whether or not we should establish a new transport layer connection
 // after a certain timeout has passed without receiving an ACK.
 bool g_connect_backup_jobs_enabled = true;
@@ -74,12 +56,12 @@ ConnectJob::~ConnectJob() {
   net_log().EndEvent(NetLog::TYPE_SOCKET_POOL_CONNECT_JOB);
 }
 
-scoped_ptr<StreamSocket> ConnectJob::PassSocket() {
+std::unique_ptr<StreamSocket> ConnectJob::PassSocket() {
   return std::move(socket_);
 }
 
 int ConnectJob::Connect() {
-  if (timeout_duration_ != base::TimeDelta())
+  if (!timeout_duration_.is_zero())
     timer_.Start(FROM_HERE, timeout_duration_, this, &ConnectJob::OnTimeout);
 
   idle_ = false;
@@ -96,7 +78,7 @@ int ConnectJob::Connect() {
   return rv;
 }
 
-void ConnectJob::SetSocket(scoped_ptr<StreamSocket> socket) {
+void ConnectJob::SetSocket(std::unique_ptr<StreamSocket> socket) {
   if (socket) {
     net_log().AddEvent(NetLog::TYPE_CONNECT_JOB_SET_SOCKET,
                        socket->NetLog().source().ToEventParametersCallback());
@@ -132,7 +114,7 @@ void ConnectJob::LogConnectCompletion(int net_error) {
 
 void ConnectJob::OnTimeout() {
   // Make sure the socket is NULL before calling into |delegate|.
-  SetSocket(scoped_ptr<StreamSocket>());
+  SetSocket(std::unique_ptr<StreamSocket>());
 
   net_log_.AddEvent(NetLog::TYPE_SOCKET_POOL_CONNECT_JOB_TIMED_OUT);
 
@@ -178,7 +160,6 @@ ClientSocketPoolBaseHelper::ClientSocketPoolBaseHelper(
       handed_out_socket_count_(0),
       max_sockets_(max_sockets),
       max_sockets_per_group_(max_sockets_per_group),
-      use_cleanup_timer_(g_cleanup_timer_enabled),
       unused_idle_socket_timeout_(unused_idle_socket_timeout),
       used_idle_socket_timeout_(used_idle_socket_timeout),
       connect_job_factory_(connect_job_factory),
@@ -279,13 +260,12 @@ void ClientSocketPoolBaseHelper::RemoveHigherLayeredPool(
 
 int ClientSocketPoolBaseHelper::RequestSocket(
     const std::string& group_name,
-    scoped_ptr<const Request> request) {
+    std::unique_ptr<const Request> request) {
   CHECK(!request->callback().is_null());
   CHECK(request->handle());
 
-  // Cleanup any timed-out idle sockets if no timer is used.
-  if (!use_cleanup_timer_)
-    CleanupIdleSockets(false);
+  // Cleanup any timed-out idle sockets.
+  CleanupIdleSockets(false);
 
   request->net_log().BeginEvent(NetLog::TYPE_SOCKET_POOL);
   Group* group = GetOrCreateGroup(group_name);
@@ -319,9 +299,8 @@ void ClientSocketPoolBaseHelper::RequestSockets(
   DCHECK(request.callback().is_null());
   DCHECK(!request.handle());
 
-  // Cleanup any timed out idle sockets if no timer is used.
-  if (!use_cleanup_timer_)
-    CleanupIdleSockets(false);
+  // Cleanup any timed-out idle sockets.
+  CleanupIdleSockets(false);
 
   if (num_sockets > max_sockets_per_group_) {
     num_sockets = max_sockets_per_group_;
@@ -416,7 +395,7 @@ int ClientSocketPoolBaseHelper::RequestSocketInternal(
 
   // We couldn't find a socket to reuse, and there's space to allocate one,
   // so allocate and connect a new one.
-  scoped_ptr<ConnectJob> connect_job(
+  std::unique_ptr<ConnectJob> connect_job(
       connect_job_factory_->NewConnectJob(group_name, request, this));
 
   int rv = connect_job->Connect();
@@ -442,7 +421,7 @@ int ClientSocketPoolBaseHelper::RequestSocketInternal(
     group->AddJob(std::move(connect_job), preconnecting);
   } else {
     LogBoundConnectJobToRequest(connect_job->net_log().source(), request);
-    scoped_ptr<StreamSocket> error_socket;
+    std::unique_ptr<StreamSocket> error_socket;
     if (!preconnecting) {
       DCHECK(handle);
       connect_job->GetAdditionalErrorState(handle);
@@ -511,14 +490,9 @@ bool ClientSocketPoolBaseHelper::AssignIdleSocketToRequest(
     if (idle_socket.socket->WasEverUsed())
       idle_socket.socket->ClearConnectionAttempts();
 
-    HandOutSocket(
-        scoped_ptr<StreamSocket>(idle_socket.socket),
-        reuse_type,
-        LoadTimingInfo::ConnectTiming(),
-        request.handle(),
-        idle_time,
-        group,
-        request.net_log());
+    HandOutSocket(std::unique_ptr<StreamSocket>(idle_socket.socket), reuse_type,
+                  LoadTimingInfo::ConnectTiming(), request.handle(), idle_time,
+                  group, request.net_log());
     return true;
   }
 
@@ -538,7 +512,7 @@ void ClientSocketPoolBaseHelper::CancelRequest(
   if (callback_it != pending_callback_map_.end()) {
     int result = callback_it->second.result;
     pending_callback_map_.erase(callback_it);
-    scoped_ptr<StreamSocket> socket = handle->PassSocket();
+    std::unique_ptr<StreamSocket> socket = handle->PassSocket();
     if (socket) {
       if (result != OK)
         socket->Disconnect();
@@ -552,7 +526,7 @@ void ClientSocketPoolBaseHelper::CancelRequest(
   Group* group = GetOrCreateGroup(group_name);
 
   // Search pending_requests for matching handle.
-  scoped_ptr<const Request> request =
+  std::unique_ptr<const Request> request =
       group->FindAndRemovePendingRequest(handle);
   if (request) {
     request->net_log().AddEvent(NetLog::TYPE_CANCELLED);
@@ -611,9 +585,10 @@ LoadState ClientSocketPoolBaseHelper::GetLoadState(
   return LOAD_STATE_WAITING_FOR_AVAILABLE_SOCKET;
 }
 
-scoped_ptr<base::DictionaryValue> ClientSocketPoolBaseHelper::GetInfoAsValue(
-    const std::string& name, const std::string& type) const {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+std::unique_ptr<base::DictionaryValue>
+ClientSocketPoolBaseHelper::GetInfoAsValue(const std::string& name,
+                                           const std::string& type) const {
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetString("name", name);
   dict->SetString("type", type);
   dict->SetInteger("handed_out_socket_count", handed_out_socket_count_);
@@ -760,35 +735,17 @@ void ClientSocketPoolBaseHelper::EnableConnectBackupJobs() {
 }
 
 void ClientSocketPoolBaseHelper::IncrementIdleCount() {
-  if (++idle_socket_count_ == 1 && use_cleanup_timer_)
-    StartIdleSocketTimer();
+  ++idle_socket_count_;
 }
 
 void ClientSocketPoolBaseHelper::DecrementIdleCount() {
-  if (--idle_socket_count_ == 0)
-    timer_.Stop();
-}
-
-// static
-bool ClientSocketPoolBaseHelper::cleanup_timer_enabled() {
-  return g_cleanup_timer_enabled;
+  --idle_socket_count_;
 }
 
-// static
-bool ClientSocketPoolBaseHelper::set_cleanup_timer_enabled(bool enabled) {
-  bool old_value = g_cleanup_timer_enabled;
-  g_cleanup_timer_enabled = enabled;
-  return old_value;
-}
-
-void ClientSocketPoolBaseHelper::StartIdleSocketTimer() {
-  timer_.Start(FROM_HERE, TimeDelta::FromSeconds(kCleanupInterval), this,
-               &ClientSocketPoolBaseHelper::OnCleanupTimerFired);
-}
-
-void ClientSocketPoolBaseHelper::ReleaseSocket(const std::string& group_name,
-                                               scoped_ptr<StreamSocket> socket,
-                                               int id) {
+void ClientSocketPoolBaseHelper::ReleaseSocket(
+    const std::string& group_name,
+    std::unique_ptr<StreamSocket> socket,
+    int id) {
   GroupMap::iterator i = group_map_.find(group_name);
   CHECK(i != group_map_.end());
 
@@ -894,7 +851,7 @@ void ClientSocketPoolBaseHelper::OnConnectJobComplete(
   CHECK(group_it != group_map_.end());
   Group* group = group_it->second;
 
-  scoped_ptr<StreamSocket> socket = job->PassSocket();
+  std::unique_ptr<StreamSocket> socket = job->PassSocket();
 
   // Copies of these are needed because |job| may be deleted before they are
   // accessed.
@@ -907,7 +864,7 @@ void ClientSocketPoolBaseHelper::OnConnectJobComplete(
   if (result == OK) {
     DCHECK(socket.get());
     RemoveConnectJob(job, group);
-    scoped_ptr<const Request> request = group->PopNextPendingRequest();
+    std::unique_ptr<const Request> request = group->PopNextPendingRequest();
     if (request) {
       LogBoundConnectJobToRequest(job_log.source(), *request);
       HandOutSocket(std::move(socket), ClientSocketHandle::UNUSED,
@@ -924,7 +881,7 @@ void ClientSocketPoolBaseHelper::OnConnectJobComplete(
     // If we got a socket, it must contain error information so pass that
     // up so that the caller can retrieve it.
     bool handed_out_socket = false;
-    scoped_ptr<const Request> request = group->PopNextPendingRequest();
+    std::unique_ptr<const Request> request = group->PopNextPendingRequest();
     if (request) {
       LogBoundConnectJobToRequest(job_log.source(), *request);
       job->GetAdditionalErrorState(request->handle());
@@ -993,7 +950,7 @@ void ClientSocketPoolBaseHelper::ProcessPendingRequest(
 
   int rv = RequestSocketInternal(group_name, *next_request);
   if (rv != ERR_IO_PENDING) {
-    scoped_ptr<const Request> request = group->PopNextPendingRequest();
+    std::unique_ptr<const Request> request = group->PopNextPendingRequest();
     DCHECK(request);
     if (group->IsEmpty())
       RemoveGroup(group_name);
@@ -1004,7 +961,7 @@ void ClientSocketPoolBaseHelper::ProcessPendingRequest(
 }
 
 void ClientSocketPoolBaseHelper::HandOutSocket(
-    scoped_ptr<StreamSocket> socket,
+    std::unique_ptr<StreamSocket> socket,
     ClientSocketHandle::SocketReuseType reuse_type,
     const LoadTimingInfo::ConnectTiming& connect_timing,
     ClientSocketHandle* handle,
@@ -1034,7 +991,7 @@ void ClientSocketPoolBaseHelper::HandOutSocket(
 }
 
 void ClientSocketPoolBaseHelper::AddIdleSocket(
-    scoped_ptr<StreamSocket> socket,
+    std::unique_ptr<StreamSocket> socket,
     Group* group) {
   DCHECK(socket);
   IdleSocket idle_socket;
@@ -1069,7 +1026,7 @@ void ClientSocketPoolBaseHelper::CancelAllRequestsWithError(int error) {
     Group* group = i->second;
 
     while (true) {
-      scoped_ptr<const Request> request = group->PopNextPendingRequest();
+      std::unique_ptr<const Request> request = group->PopNextPendingRequest();
       if (!request)
         break;
       InvokeUserCallbackLater(request->handle(), request->callback(), error);
@@ -1210,7 +1167,7 @@ bool ClientSocketPoolBaseHelper::Group::TryToUseUnassignedConnectJob() {
   return true;
 }
 
-void ClientSocketPoolBaseHelper::Group::AddJob(scoped_ptr<ConnectJob> job,
+void ClientSocketPoolBaseHelper::Group::AddJob(std::unique_ptr<ConnectJob> job,
                                                bool is_preconnect) {
   SanityCheck();
 
@@ -1220,7 +1177,7 @@ void ClientSocketPoolBaseHelper::Group::AddJob(scoped_ptr<ConnectJob> job,
 }
 
 void ClientSocketPoolBaseHelper::Group::RemoveJob(ConnectJob* job) {
-  scoped_ptr<ConnectJob> owned_job(job);
+  std::unique_ptr<ConnectJob> owned_job(job);
   SanityCheck();
 
   // Check that |job| is in the list.
@@ -1258,7 +1215,7 @@ void ClientSocketPoolBaseHelper::Group::OnBackupJobTimerFired(
   if (pending_requests_.empty())
     return;
 
-  scoped_ptr<ConnectJob> backup_job =
+  std::unique_ptr<ConnectJob> backup_job =
       pool->connect_job_factory_->NewConnectJob(
           group_name, *pending_requests_.FirstMax().value(), pool);
   backup_job->net_log().AddEvent(NetLog::TYPE_BACKUP_CONNECT_JOB_CREATED);
@@ -1307,7 +1264,7 @@ bool ClientSocketPoolBaseHelper::Group::HasConnectJobForHandle(
 }
 
 void ClientSocketPoolBaseHelper::Group::InsertPendingRequest(
-    scoped_ptr<const Request> request) {
+    std::unique_ptr<const Request> request) {
   // This value must be cached before we release |request|.
   RequestPriority priority = request->priority();
   if (request->respect_limits() == ClientSocketPool::RespectLimits::DISABLED) {
@@ -1321,33 +1278,33 @@ void ClientSocketPoolBaseHelper::Group::InsertPendingRequest(
   }
 }
 
-scoped_ptr<const ClientSocketPoolBaseHelper::Request>
+std::unique_ptr<const ClientSocketPoolBaseHelper::Request>
 ClientSocketPoolBaseHelper::Group::PopNextPendingRequest() {
   if (pending_requests_.empty())
-    return scoped_ptr<const ClientSocketPoolBaseHelper::Request>();
+    return std::unique_ptr<const ClientSocketPoolBaseHelper::Request>();
   return RemovePendingRequest(pending_requests_.FirstMax());
 }
 
-scoped_ptr<const ClientSocketPoolBaseHelper::Request>
+std::unique_ptr<const ClientSocketPoolBaseHelper::Request>
 ClientSocketPoolBaseHelper::Group::FindAndRemovePendingRequest(
     ClientSocketHandle* handle) {
   for (RequestQueue::Pointer pointer = pending_requests_.FirstMax();
        !pointer.is_null();
        pointer = pending_requests_.GetNextTowardsLastMin(pointer)) {
     if (pointer.value()->handle() == handle) {
-      scoped_ptr<const Request> request = RemovePendingRequest(pointer);
+      std::unique_ptr<const Request> request = RemovePendingRequest(pointer);
       return request;
     }
   }
-  return scoped_ptr<const ClientSocketPoolBaseHelper::Request>();
+  return std::unique_ptr<const ClientSocketPoolBaseHelper::Request>();
 }
 
-scoped_ptr<const ClientSocketPoolBaseHelper::Request>
+std::unique_ptr<const ClientSocketPoolBaseHelper::Request>
 ClientSocketPoolBaseHelper::Group::RemovePendingRequest(
     const RequestQueue::Pointer& pointer) {
   // TODO(eroman): Temporary for debugging http://crbug.com/467797.
   CHECK(!pointer.is_null());
-  scoped_ptr<const Request> request(pointer.value());
+  std::unique_ptr<const Request> request(pointer.value());
   pending_requests_.Erase(pointer);
   // If there are no more requests, kill the backup timer.
   if (pending_requests_.empty())
diff --git a/chromium/net/socket/client_socket_pool_base.h b/chromium/net/socket/client_socket_pool_base.h
index 1e57adb65b1..a5e17b38036 100644
--- a/chromium/net/socket/client_socket_pool_base.h
+++ b/chromium/net/socket/client_socket_pool_base.h
@@ -24,10 +24,12 @@
 
 #include <stddef.h>
 #include <stdint.h>
+
 #include <cstddef>
 #include <deque>
 #include <list>
 #include <map>
+#include <memory>
 #include <set>
 #include <string>
 #include <utility>
@@ -35,7 +37,6 @@
 
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "base/time/time.h"
 #include "base/timer/timer.h"
@@ -68,7 +69,7 @@ class NET_EXPORT_PRIVATE ConnectJob {
     virtual ~Delegate() {}
 
     // Alerts the delegate that the connection completed. |job| must
-    // be destroyed by the delegate. A scoped_ptr<> isn't used because
+    // be destroyed by the delegate. A std::unique_ptr<> isn't used because
     // the caller of this function doesn't own |job|.
     virtual void OnConnectJobComplete(int result,
                                       ConnectJob* job) = 0;
@@ -93,7 +94,7 @@ class NET_EXPORT_PRIVATE ConnectJob {
   // Releases ownership of the underlying socket to the caller.
   // Returns the released socket, or NULL if there was a connection
   // error.
-  scoped_ptr<StreamSocket> PassSocket();
+  std::unique_ptr<StreamSocket> PassSocket();
 
   // Begins connecting the socket.  Returns OK on success, ERR_IO_PENDING if it
   // cannot complete synchronously without blocking, or another net error code
@@ -121,7 +122,7 @@ class NET_EXPORT_PRIVATE ConnectJob {
   ClientSocketPool::RespectLimits respect_limits() const {
     return respect_limits_;
   }
-  void SetSocket(scoped_ptr<StreamSocket> socket);
+  void SetSocket(std::unique_ptr<StreamSocket> socket);
   StreamSocket* socket() { return socket_.get(); }
   void NotifyDelegateOfCompletion(int rv);
   void ResetTimer(base::TimeDelta remainingTime);
@@ -146,7 +147,7 @@ class NET_EXPORT_PRIVATE ConnectJob {
   // Timer to abort jobs that take too long.
   base::OneShotTimer timer_;
   Delegate* delegate_;
-  scoped_ptr<StreamSocket> socket_;
+  std::unique_ptr<StreamSocket> socket_;
   BoundNetLog net_log_;
   // A ConnectJob is idle until Connect() has been called.
   bool idle_;
@@ -222,7 +223,7 @@ class NET_EXPORT_PRIVATE ClientSocketPoolBaseHelper
     ConnectJobFactory() {}
     virtual ~ConnectJobFactory() {}
 
-    virtual scoped_ptr<ConnectJob> NewConnectJob(
+    virtual std::unique_ptr<ConnectJob> NewConnectJob(
         const std::string& group_name,
         const Request& request,
         ConnectJob::Delegate* delegate) const = 0;
@@ -257,7 +258,7 @@ class NET_EXPORT_PRIVATE ClientSocketPoolBaseHelper
 
   // See ClientSocketPool::RequestSocket for documentation on this function.
   int RequestSocket(const std::string& group_name,
-                    scoped_ptr<const Request> request);
+                    std::unique_ptr<const Request> request);
 
   // See ClientSocketPool::RequestSocket for documentation on this function.
   void RequestSockets(const std::string& group_name,
@@ -270,7 +271,7 @@ class NET_EXPORT_PRIVATE ClientSocketPoolBaseHelper
 
   // See ClientSocketPool::ReleaseSocket for documentation on this function.
   void ReleaseSocket(const std::string& group_name,
-                     scoped_ptr<StreamSocket> socket,
+                     std::unique_ptr<StreamSocket> socket,
                      int id);
 
   // See ClientSocketPool::FlushWithError for documentation on this function.
@@ -313,14 +314,6 @@ class NET_EXPORT_PRIVATE ClientSocketPoolBaseHelper
 
   bool HasGroup(const std::string& group_name) const;
 
-  // Called to enable/disable cleaning up idle sockets. When enabled,
-  // idle sockets that have been around for longer than a period defined
-  // by kCleanupInterval are cleaned up using a timer. Otherwise they are
-  // closed next time client makes a request. This may reduce network
-  // activity and power consumption.
-  static bool cleanup_timer_enabled();
-  static bool set_cleanup_timer_enabled(bool enabled);
-
   // Closes all idle sockets if |force| is true.  Else, only closes idle
   // sockets that timed out or can't be reused.  Made public for testing.
   void CleanupIdleSockets(bool force);
@@ -336,7 +329,7 @@ class NET_EXPORT_PRIVATE ClientSocketPoolBaseHelper
   bool CloseOneIdleConnectionInHigherLayeredPool();
 
   // See ClientSocketPool::GetInfoAsValue for documentation on this function.
-  scoped_ptr<base::DictionaryValue> GetInfoAsValue(
+  std::unique_ptr<base::DictionaryValue> GetInfoAsValue(
       const std::string& name,
       const std::string& type) const;
 
@@ -433,7 +426,7 @@ class NET_EXPORT_PRIVATE ClientSocketPoolBaseHelper
     // Otherwise, returns false.
     bool TryToUseUnassignedConnectJob();
 
-    void AddJob(scoped_ptr<ConnectJob> job, bool is_preconnect);
+    void AddJob(std::unique_ptr<ConnectJob> job, bool is_preconnect);
     // Remove |job| from this group, which must already own |job|.
     void RemoveJob(ConnectJob* job);
     void RemoveAllJobs();
@@ -456,15 +449,15 @@ class NET_EXPORT_PRIVATE ClientSocketPoolBaseHelper
     // Inserts the request into the queue based on priority
     // order. Older requests are prioritized over requests of equal
     // priority.
-    void InsertPendingRequest(scoped_ptr<const Request> request);
+    void InsertPendingRequest(std::unique_ptr<const Request> request);
 
     // Gets and removes the next pending request. Returns NULL if
     // there are no pending requests.
-    scoped_ptr<const Request> PopNextPendingRequest();
+    std::unique_ptr<const Request> PopNextPendingRequest();
 
     // Finds the pending request for |handle| and removes it. Returns
     // the removed pending request, or NULL if there was none.
-    scoped_ptr<const Request> FindAndRemovePendingRequest(
+    std::unique_ptr<const Request> FindAndRemovePendingRequest(
         ClientSocketHandle* handle);
 
     void IncrementActiveSocketCount() { active_socket_count_++; }
@@ -479,7 +472,7 @@ class NET_EXPORT_PRIVATE ClientSocketPoolBaseHelper
    private:
     // Returns the iterator's pending request after removing it from
     // the queue.
-    scoped_ptr<const Request> RemovePendingRequest(
+    std::unique_ptr<const Request> RemovePendingRequest(
         const RequestQueue::Pointer& pointer);
 
     // Called when the backup socket timer fires.
@@ -532,21 +525,12 @@ class NET_EXPORT_PRIVATE ClientSocketPoolBaseHelper
   void IncrementIdleCount();
   void DecrementIdleCount();
 
-  // Start cleanup timer for idle sockets.
-  void StartIdleSocketTimer();
-
   // Scans the group map for groups which have an available socket slot and
   // at least one pending request. Returns true if any groups are stalled, and
   // if so (and if both |group| and |group_name| are not NULL), fills |group|
   // and |group_name| with data of the stalled group having highest priority.
   bool FindTopStalledGroup(Group** group, std::string* group_name) const;
 
-  // Called when timer_ fires.  This method scans the idle sockets removing
-  // sockets that timed out or can't be reused.
-  void OnCleanupTimerFired() {
-    CleanupIdleSockets(false);
-  }
-
   // Removes |job| from |group|, which must already own |job|.
   void RemoveConnectJob(ConnectJob* job, Group* group);
 
@@ -557,7 +541,7 @@ class NET_EXPORT_PRIVATE ClientSocketPoolBaseHelper
   void ProcessPendingRequest(const std::string& group_name, Group* group);
 
   // Assigns |socket| to |handle| and updates |group|'s counters appropriately.
-  void HandOutSocket(scoped_ptr<StreamSocket> socket,
+  void HandOutSocket(std::unique_ptr<StreamSocket> socket,
                      ClientSocketHandle::SocketReuseType reuse_type,
                      const LoadTimingInfo::ConnectTiming& connect_timing,
                      ClientSocketHandle* handle,
@@ -566,7 +550,7 @@ class NET_EXPORT_PRIVATE ClientSocketPoolBaseHelper
                      const BoundNetLog& net_log);
 
   // Adds |socket| to the list of idle sockets for |group|.
-  void AddIdleSocket(scoped_ptr<StreamSocket> socket, Group* group);
+  void AddIdleSocket(std::unique_ptr<StreamSocket> socket, Group* group);
 
   // Iterates through |group_map_|, canceling all ConnectJobs and deleting
   // groups if they are no longer needed.
@@ -624,10 +608,6 @@ class NET_EXPORT_PRIVATE ClientSocketPoolBaseHelper
   // possible that the request is cancelled.
   PendingCallbackMap pending_callback_map_;
 
-  // Timer used to periodically prune idle sockets that timed out or can't be
-  // reused.
-  base::RepeatingTimer timer_;
-
   // The total number of idle sockets in the system.
   int idle_socket_count_;
 
@@ -643,14 +623,11 @@ class NET_EXPORT_PRIVATE ClientSocketPoolBaseHelper
   // The maximum number of sockets kept per group.
   const int max_sockets_per_group_;
 
-  // Whether to use timer to cleanup idle sockets.
-  bool use_cleanup_timer_;
-
   // The time to wait until closing idle sockets.
   const base::TimeDelta unused_idle_socket_timeout_;
   const base::TimeDelta used_idle_socket_timeout_;
 
-  const scoped_ptr<ConnectJobFactory> connect_job_factory_;
+  const std::unique_ptr<ConnectJobFactory> connect_job_factory_;
 
   // TODO(vandebo) Remove when backup jobs move to TransportClientSocketPool
   bool connect_backup_jobs_enabled_;
@@ -711,7 +688,7 @@ class ClientSocketPoolBase {
     ConnectJobFactory() {}
     virtual ~ConnectJobFactory() {}
 
-    virtual scoped_ptr<ConnectJob> NewConnectJob(
+    virtual std::unique_ptr<ConnectJob> NewConnectJob(
         const std::string& group_name,
         const Request& request,
         ConnectJob::Delegate* delegate) const = 0;
@@ -765,7 +742,7 @@ class ClientSocketPoolBase {
                     ClientSocketHandle* handle,
                     const CompletionCallback& callback,
                     const BoundNetLog& net_log) {
-    scoped_ptr<const Request> request(new Request(
+    std::unique_ptr<const Request> request(new Request(
         handle, callback, priority, respect_limits,
         internal::ClientSocketPoolBaseHelper::NORMAL, params, net_log));
     return helper_.RequestSocket(group_name, std::move(request));
@@ -791,7 +768,7 @@ class ClientSocketPoolBase {
   }
 
   void ReleaseSocket(const std::string& group_name,
-                     scoped_ptr<StreamSocket> socket,
+                     std::unique_ptr<StreamSocket> socket,
                      int id) {
     return helper_.ReleaseSocket(group_name, std::move(socket), id);
   }
@@ -837,8 +814,9 @@ class ClientSocketPoolBase {
     return helper_.CleanupIdleSockets(force);
   }
 
-  scoped_ptr<base::DictionaryValue> GetInfoAsValue(const std::string& name,
-                                        const std::string& type) const {
+  std::unique_ptr<base::DictionaryValue> GetInfoAsValue(
+      const std::string& name,
+      const std::string& type) const {
     return helper_.GetInfoAsValue(name, type);
   }
 
@@ -870,7 +848,7 @@ class ClientSocketPoolBase {
         : connect_job_factory_(connect_job_factory) {}
     ~ConnectJobFactoryAdaptor() override {}
 
-    scoped_ptr<ConnectJob> NewConnectJob(
+    std::unique_ptr<ConnectJob> NewConnectJob(
         const std::string& group_name,
         const internal::ClientSocketPoolBaseHelper::Request& request,
         ConnectJob::Delegate* delegate) const override {
@@ -883,7 +861,7 @@ class ClientSocketPoolBase {
       return connect_job_factory_->ConnectionTimeout();
     }
 
-    const scoped_ptr<ConnectJobFactory> connect_job_factory_;
+    const std::unique_ptr<ConnectJobFactory> connect_job_factory_;
   };
 
   internal::ClientSocketPoolBaseHelper helper_;
diff --git a/chromium/net/socket/client_socket_pool_base_unittest.cc b/chromium/net/socket/client_socket_pool_base_unittest.cc
index 308d4af9248..43a80a85638 100644
--- a/chromium/net/socket/client_socket_pool_base_unittest.cc
+++ b/chromium/net/socket/client_socket_pool_base_unittest.cc
@@ -22,8 +22,8 @@
 #include "base/single_thread_task_runner.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/stringprintf.h"
-#include "base/thread_task_runner_handle.h"
 #include "base/threading/platform_thread.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/values.h"
 #include "net/base/load_timing_info.h"
 #include "net/base/load_timing_info_test_util.h"
@@ -37,6 +37,7 @@
 #include "net/log/test_net_log_util.h"
 #include "net/socket/client_socket_factory.h"
 #include "net/socket/client_socket_handle.h"
+#include "net/socket/socket_performance_watcher.h"
 #include "net/socket/socket_test_util.h"
 #include "net/socket/ssl_client_socket.h"
 #include "net/socket/stream_socket.h"
@@ -203,30 +204,32 @@ class MockClientSocketFactory : public ClientSocketFactory {
  public:
   MockClientSocketFactory() : allocation_count_(0) {}
 
-  scoped_ptr<DatagramClientSocket> CreateDatagramClientSocket(
+  std::unique_ptr<DatagramClientSocket> CreateDatagramClientSocket(
       DatagramSocket::BindType bind_type,
       const RandIntCallback& rand_int_cb,
       NetLog* net_log,
       const NetLog::Source& source) override {
     NOTREACHED();
-    return scoped_ptr<DatagramClientSocket>();
+    return std::unique_ptr<DatagramClientSocket>();
   }
 
-  scoped_ptr<StreamSocket> CreateTransportClientSocket(
+  std::unique_ptr<StreamSocket> CreateTransportClientSocket(
       const AddressList& addresses,
+      std::unique_ptr<
+          SocketPerformanceWatcher> /* socket_performance_watcher */,
       NetLog* /* net_log */,
       const NetLog::Source& /*source*/) override {
     allocation_count_++;
-    return scoped_ptr<StreamSocket>();
+    return std::unique_ptr<StreamSocket>();
   }
 
-  scoped_ptr<SSLClientSocket> CreateSSLClientSocket(
-      scoped_ptr<ClientSocketHandle> transport_socket,
+  std::unique_ptr<SSLClientSocket> CreateSSLClientSocket(
+      std::unique_ptr<ClientSocketHandle> transport_socket,
       const HostPortPair& host_and_port,
       const SSLConfig& ssl_config,
       const SSLClientSocketContext& context) override {
     NOTIMPLEMENTED();
-    return scoped_ptr<SSLClientSocket>();
+    return std::unique_ptr<SSLClientSocket>();
   }
 
   void ClearSSLSessionCache() override { NOTIMPLEMENTED(); }
@@ -309,10 +312,10 @@ class TestConnectJob : public ConnectJob {
 
   int ConnectInternal() override {
     AddressList ignored;
-    client_socket_factory_->CreateTransportClientSocket(ignored, NULL,
+    client_socket_factory_->CreateTransportClientSocket(ignored, NULL, NULL,
                                                         NetLog::Source());
-    SetSocket(
-        scoped_ptr<StreamSocket>(new MockClientSocket(net_log().net_log())));
+    SetSocket(std::unique_ptr<StreamSocket>(
+        new MockClientSocket(net_log().net_log())));
     switch (job_type_) {
       case kMockJob:
         return DoConnect(true /* successful */, false /* sync */,
@@ -389,7 +392,7 @@ class TestConnectJob : public ConnectJob {
       }
       default:
         NOTREACHED();
-        SetSocket(scoped_ptr<StreamSocket>());
+        SetSocket(std::unique_ptr<StreamSocket>());
         return ERR_FAILED;
     }
   }
@@ -402,7 +405,7 @@ class TestConnectJob : public ConnectJob {
       result = ERR_PROXY_AUTH_REQUESTED;
     } else {
       result = ERR_CONNECTION_FAILED;
-      SetSocket(scoped_ptr<StreamSocket>());
+      SetSocket(std::unique_ptr<StreamSocket>());
     }
 
     if (was_async)
@@ -447,7 +450,7 @@ class TestConnectJobFactory
 
   // ConnectJobFactory implementation.
 
-  scoped_ptr<ConnectJob> NewConnectJob(
+  std::unique_ptr<ConnectJob> NewConnectJob(
       const std::string& group_name,
       const TestClientSocketPoolBase::Request& request,
       ConnectJob::Delegate* delegate) const override {
@@ -457,13 +460,9 @@ class TestConnectJobFactory
       job_type = job_types_->front();
       job_types_->pop_front();
     }
-    return scoped_ptr<ConnectJob>(new TestConnectJob(job_type,
-                                                     group_name,
-                                                     request,
-                                                     timeout_duration_,
-                                                     delegate,
-                                                     client_socket_factory_,
-                                                     net_log_));
+    return std::unique_ptr<ConnectJob>(
+        new TestConnectJob(job_type, group_name, request, timeout_duration_,
+                           delegate, client_socket_factory_, net_log_));
   }
 
   base::TimeDelta ConnectionTimeout() const override {
@@ -528,7 +527,7 @@ class TestClientSocketPool : public ClientSocketPool {
   }
 
   void ReleaseSocket(const std::string& group_name,
-                     scoped_ptr<StreamSocket> socket,
+                     std::unique_ptr<StreamSocket> socket,
                      int id) override {
     base_.ReleaseSocket(group_name, std::move(socket), id);
   }
@@ -558,7 +557,7 @@ class TestClientSocketPool : public ClientSocketPool {
     base_.RemoveHigherLayeredPool(higher_pool);
   }
 
-  scoped_ptr<base::DictionaryValue> GetInfoAsValue(
+  std::unique_ptr<base::DictionaryValue> GetInfoAsValue(
       const std::string& name,
       const std::string& type,
       bool include_nested_pools) const override {
@@ -633,8 +632,8 @@ class TestConnectJobDelegate : public ConnectJob::Delegate {
 
   void OnConnectJobComplete(int result, ConnectJob* job) override {
     result_ = result;
-    scoped_ptr<ConnectJob> owned_job(job);
-    scoped_ptr<StreamSocket> socket = owned_job->PassSocket();
+    std::unique_ptr<ConnectJob> owned_job(job);
+    std::unique_ptr<StreamSocket> socket = owned_job->PassSocket();
     // socket.get() should be NULL iff result != OK
     EXPECT_EQ(socket == NULL, result != OK);
     have_result_ = true;
@@ -665,15 +664,11 @@ class ClientSocketPoolBaseTest : public testing::Test {
     connect_backup_jobs_enabled_ =
         internal::ClientSocketPoolBaseHelper::connect_backup_jobs_enabled();
     internal::ClientSocketPoolBaseHelper::set_connect_backup_jobs_enabled(true);
-    cleanup_timer_enabled_ =
-        internal::ClientSocketPoolBaseHelper::cleanup_timer_enabled();
   }
 
   ~ClientSocketPoolBaseTest() override {
     internal::ClientSocketPoolBaseHelper::set_connect_backup_jobs_enabled(
         connect_backup_jobs_enabled_);
-    internal::ClientSocketPoolBaseHelper::set_cleanup_timer_enabled(
-        cleanup_timer_enabled_);
   }
 
   void CreatePool(int max_sockets, int max_sockets_per_group) {
@@ -725,18 +720,17 @@ class ClientSocketPoolBaseTest : public testing::Test {
 
   TestSocketRequest* request(int i) { return test_base_.request(i); }
   size_t requests_size() const { return test_base_.requests_size(); }
-  std::vector<scoped_ptr<TestSocketRequest>>* requests() {
+  std::vector<std::unique_ptr<TestSocketRequest>>* requests() {
     return test_base_.requests();
   }
   size_t completion_count() const { return test_base_.completion_count(); }
 
   TestNetLog net_log_;
   bool connect_backup_jobs_enabled_;
-  bool cleanup_timer_enabled_;
   MockClientSocketFactory client_socket_factory_;
   TestConnectJobFactory* connect_job_factory_;
   scoped_refptr<TestSocketParams> params_;
-  scoped_ptr<TestClientSocketPool> pool_;
+  std::unique_ptr<TestClientSocketPool> pool_;
   ClientSocketPoolTest test_base_;
 };
 
@@ -749,14 +743,10 @@ TEST_F(ClientSocketPoolBaseTest, ConnectJob_NoTimeoutOnSynchronousCompletion) {
       &ignored, CompletionCallback(), DEFAULT_PRIORITY,
       ClientSocketPool::RespectLimits::ENABLED,
       internal::ClientSocketPoolBaseHelper::NORMAL, params_, BoundNetLog());
-  scoped_ptr<TestConnectJob> job(
-      new TestConnectJob(TestConnectJob::kMockJob,
-                         "a",
-                         request,
-                         base::TimeDelta::FromMicroseconds(1),
-                         &delegate,
-                         &client_socket_factory_,
-                         NULL));
+  std::unique_ptr<TestConnectJob> job(
+      new TestConnectJob(TestConnectJob::kMockJob, "a", request,
+                         base::TimeDelta::FromMicroseconds(1), &delegate,
+                         &client_socket_factory_, NULL));
   EXPECT_EQ(OK, job->Connect());
 }
 
@@ -2067,11 +2057,8 @@ TEST_F(ClientSocketPoolBaseTest, AdditionalErrorStateAsynchronous) {
   EXPECT_FALSE(handle.ssl_error_response_info().headers.get() == NULL);
 }
 
-// Make sure we can reuse sockets when the cleanup timer is disabled.
-TEST_F(ClientSocketPoolBaseTest, DisableCleanupTimerReuse) {
-  // Disable cleanup timer.
-  internal::ClientSocketPoolBaseHelper::set_cleanup_timer_enabled(false);
-
+// Make sure we can reuse sockets.
+TEST_F(ClientSocketPoolBaseTest, CleanupTimedOutIdleSocketsReuse) {
   CreatePoolWithIdleTimeouts(
       kDefaultMaxSockets, kDefaultMaxSocketsPerGroup,
       base::TimeDelta(),  // Time out unused sockets immediately.
@@ -2118,15 +2105,14 @@ TEST_F(ClientSocketPoolBaseTest, DisableCleanupTimerReuse) {
 
 #if defined(OS_IOS)
 // TODO(droger): Enable this test (crbug.com/512595).
-#define MAYBE_DisableCleanupTimerNoReuse DISABLED_DisableCleanupTimerNoReuse
+#define MAYBE_CleanupTimedOutIdleSocketsNoReuse \
+  DISABLED_CleanupTimedOutIdleSocketsNoReuse
 #else
-#define MAYBE_DisableCleanupTimerNoReuse DisableCleanupTimerNoReuse
+#define MAYBE_CleanupTimedOutIdleSocketsNoReuse \
+  CleanupTimedOutIdleSocketsNoReuse
 #endif
-// Make sure we cleanup old unused sockets when the cleanup timer is disabled.
-TEST_F(ClientSocketPoolBaseTest, MAYBE_DisableCleanupTimerNoReuse) {
-  // Disable cleanup timer.
-  internal::ClientSocketPoolBaseHelper::set_cleanup_timer_enabled(false);
-
+// Make sure we cleanup old unused sockets.
+TEST_F(ClientSocketPoolBaseTest, MAYBE_CleanupTimedOutIdleSocketsNoReuse) {
   CreatePoolWithIdleTimeouts(
       kDefaultMaxSockets, kDefaultMaxSocketsPerGroup,
       base::TimeDelta(),  // Time out unused sockets immediately
@@ -2195,69 +2181,6 @@ TEST_F(ClientSocketPoolBaseTest, MAYBE_DisableCleanupTimerNoReuse) {
       entries, 1, NetLog::TYPE_SOCKET_POOL_REUSED_AN_EXISTING_SOCKET));
 }
 
-TEST_F(ClientSocketPoolBaseTest, CleanupTimedOutIdleSockets) {
-  CreatePoolWithIdleTimeouts(
-      kDefaultMaxSockets, kDefaultMaxSocketsPerGroup,
-      base::TimeDelta(),  // Time out unused sockets immediately.
-      base::TimeDelta::FromDays(1));  // Don't time out used sockets.
-
-  connect_job_factory_->set_job_type(TestConnectJob::kMockPendingJob);
-
-  // Startup two mock pending connect jobs, which will sit in the MessageLoop.
-
-  ClientSocketHandle handle;
-  TestCompletionCallback callback;
-  int rv = handle.Init("a", params_, LOWEST,
-                       ClientSocketPool::RespectLimits::ENABLED,
-                       callback.callback(), pool_.get(), BoundNetLog());
-  EXPECT_EQ(ERR_IO_PENDING, rv);
-  EXPECT_EQ(LOAD_STATE_CONNECTING, pool_->GetLoadState("a", &handle));
-
-  ClientSocketHandle handle2;
-  TestCompletionCallback callback2;
-  rv = handle2.Init("a", params_, LOWEST,
-                    ClientSocketPool::RespectLimits::ENABLED,
-                    callback2.callback(), pool_.get(), BoundNetLog());
-  EXPECT_EQ(ERR_IO_PENDING, rv);
-  EXPECT_EQ(LOAD_STATE_CONNECTING, pool_->GetLoadState("a", &handle2));
-
-  // Cancel one of the requests.  Wait for the other, which will get the first
-  // job.  Release the socket.  Run the loop again to make sure the second
-  // socket is sitting idle and the first one is released (since ReleaseSocket()
-  // just posts a DoReleaseSocket() task).
-
-  handle.Reset();
-  EXPECT_EQ(OK, callback2.WaitForResult());
-  // Use the socket.
-  EXPECT_EQ(1, handle2.socket()->Write(NULL, 1, CompletionCallback()));
-  handle2.Reset();
-
-  // We post all of our delayed tasks with a 2ms delay. I.e. they don't
-  // actually become pending until 2ms after they have been created. In order
-  // to flush all tasks, we need to wait so that we know there are no
-  // soon-to-be-pending tasks waiting.
-  base::PlatformThread::Sleep(base::TimeDelta::FromMilliseconds(10));
-  base::MessageLoop::current()->RunUntilIdle();
-
-  ASSERT_EQ(2, pool_->IdleSocketCount());
-
-  // Invoke the idle socket cleanup check.  Only one socket should be left, the
-  // used socket.  Request it to make sure that it's used.
-
-  pool_->CleanupTimedOutIdleSockets();
-  BoundTestNetLog log;
-  rv = handle.Init("a", params_, LOWEST,
-                   ClientSocketPool::RespectLimits::ENABLED,
-                   callback.callback(), pool_.get(), log.bound());
-  EXPECT_EQ(OK, rv);
-  EXPECT_TRUE(handle.is_reused());
-
-  TestNetLogEntry::List entries;
-  log.GetEntries(&entries);
-  EXPECT_TRUE(LogContainsEntryWithType(
-      entries, 1, NetLog::TYPE_SOCKET_POOL_REUSED_AN_EXISTING_SOCKET));
-}
-
 // Make sure that we process all pending requests even when we're stalling
 // because of multiple releasing disconnected sockets.
 TEST_F(ClientSocketPoolBaseTest, MultipleReleasingDisconnectedSockets) {
diff --git a/chromium/net/socket/client_socket_pool_manager.cc b/chromium/net/socket/client_socket_pool_manager.cc
index dee8218294a..ce8a5a5bfc0 100644
--- a/chromium/net/socket/client_socket_pool_manager.cc
+++ b/chromium/net/socket/client_socket_pool_manager.cc
@@ -85,7 +85,7 @@ int InitSocketPoolHelper(ClientSocketPoolManager::SocketGroupType group_type,
                          const CompletionCallback& callback) {
   scoped_refptr<HttpProxySocketParams> http_proxy_params;
   scoped_refptr<SOCKSSocketParams> socks_params;
-  scoped_ptr<HostPortPair> proxy_host_port;
+  std::unique_ptr<HostPortPair> proxy_host_port;
 
   bool using_ssl = group_type == ClientSocketPoolManager::SSL_GROUP;
   HostPortPair origin_host_port = endpoint;
diff --git a/chromium/net/socket/client_socket_pool_manager.h b/chromium/net/socket/client_socket_pool_manager.h
index d8d22a1b3eb..66c26f503ca 100644
--- a/chromium/net/socket/client_socket_pool_manager.h
+++ b/chromium/net/socket/client_socket_pool_manager.h
@@ -84,7 +84,7 @@ class NET_EXPORT_PRIVATE ClientSocketPoolManager {
   virtual SSLClientSocketPool* GetSocketPoolForSSLWithProxy(
       const HostPortPair& proxy_server) = 0;
   // Creates a Value summary of the state of the socket pools.
-  virtual scoped_ptr<base::Value> SocketPoolInfoToValue() const = 0;
+  virtual std::unique_ptr<base::Value> SocketPoolInfoToValue() const = 0;
 };
 
 // A helper method that uses the passed in proxy information to initialize a
diff --git a/chromium/net/socket/client_socket_pool_manager_impl.cc b/chromium/net/socket/client_socket_pool_manager_impl.cc
index f2d512c2a91..305f05ecd46 100644
--- a/chromium/net/socket/client_socket_pool_manager_impl.cc
+++ b/chromium/net/socket/client_socket_pool_manager_impl.cc
@@ -19,6 +19,8 @@
 
 namespace net {
 
+class SocketPerformanceWatcherFactory;
+
 namespace {
 
 // Appends information about all |socket_pools| to the end of |list|.
@@ -40,6 +42,7 @@ void AddSocketPoolsToList(base::ListValue* list,
 ClientSocketPoolManagerImpl::ClientSocketPoolManagerImpl(
     NetLog* net_log,
     ClientSocketFactory* socket_factory,
+    SocketPerformanceWatcherFactory* socket_performance_watcher_factory,
     HostResolver* host_resolver,
     CertVerifier* cert_verifier,
     ChannelIDService* channel_id_service,
@@ -51,6 +54,7 @@ ClientSocketPoolManagerImpl::ClientSocketPoolManagerImpl(
     HttpNetworkSession::SocketPoolType pool_type)
     : net_log_(net_log),
       socket_factory_(socket_factory),
+      socket_performance_watcher_factory_(socket_performance_watcher_factory),
       host_resolver_(host_resolver),
       cert_verifier_(cert_verifier),
       channel_id_service_(channel_id_service),
@@ -60,19 +64,21 @@ ClientSocketPoolManagerImpl::ClientSocketPoolManagerImpl(
       ssl_session_cache_shard_(ssl_session_cache_shard),
       ssl_config_service_(ssl_config_service),
       pool_type_(pool_type),
-      transport_socket_pool_(
-          pool_type == HttpNetworkSession::WEBSOCKET_SOCKET_POOL
-              ? new WebSocketTransportClientSocketPool(
-                    max_sockets_per_pool(pool_type),
-                    max_sockets_per_group(pool_type),
-                    host_resolver,
-                    socket_factory_,
-                    net_log)
-              : new TransportClientSocketPool(max_sockets_per_pool(pool_type),
-                                              max_sockets_per_group(pool_type),
-                                              host_resolver,
-                                              socket_factory_,
-                                              net_log)),
+      transport_socket_pool_(pool_type ==
+                                     HttpNetworkSession::WEBSOCKET_SOCKET_POOL
+                                 ? new WebSocketTransportClientSocketPool(
+                                       max_sockets_per_pool(pool_type),
+                                       max_sockets_per_group(pool_type),
+                                       host_resolver,
+                                       socket_factory_,
+                                       net_log)
+                                 : new TransportClientSocketPool(
+                                       max_sockets_per_pool(pool_type),
+                                       max_sockets_per_group(pool_type),
+                                       host_resolver,
+                                       socket_factory_,
+                                       socket_performance_watcher_factory_,
+                                       net_log)),
       ssl_socket_pool_(new SSLClientSocketPool(max_sockets_per_pool(pool_type),
                                                max_sockets_per_group(pool_type),
                                                cert_verifier,
@@ -216,25 +222,19 @@ SOCKSClientSocketPool* ClientSocketPoolManagerImpl::GetSocketPoolForSOCKSProxy(
                                    max_sockets_per_group(pool_type_));
 
   std::pair<TransportSocketPoolMap::iterator, bool> tcp_ret =
-      transport_socket_pools_for_socks_proxies_.insert(
-          std::make_pair(
-              socks_proxy,
-              new TransportClientSocketPool(
-                  sockets_per_proxy_server,
-                  sockets_per_group,
-                  host_resolver_,
-                  socket_factory_,
-                  net_log_)));
+      transport_socket_pools_for_socks_proxies_.insert(std::make_pair(
+          socks_proxy,
+          new TransportClientSocketPool(sockets_per_proxy_server,
+                                        sockets_per_group, host_resolver_,
+                                        socket_factory_, nullptr, net_log_)));
   DCHECK(tcp_ret.second);
 
   std::pair<SOCKSSocketPoolMap::iterator, bool> ret =
-      socks_socket_pools_.insert(
-          std::make_pair(socks_proxy, new SOCKSClientSocketPool(
-              sockets_per_proxy_server,
-              sockets_per_group,
-              host_resolver_,
-              tcp_ret.first->second,
-              net_log_)));
+      socks_socket_pools_.insert(std::make_pair(
+          socks_proxy,
+          new SOCKSClientSocketPool(sockets_per_proxy_server, sockets_per_group,
+                                    host_resolver_, tcp_ret.first->second,
+                                    nullptr, net_log_)));
 
   return ret.first->second;
 }
@@ -260,27 +260,19 @@ ClientSocketPoolManagerImpl::GetSocketPoolForHTTPProxy(
                                    max_sockets_per_group(pool_type_));
 
   std::pair<TransportSocketPoolMap::iterator, bool> tcp_http_ret =
-      transport_socket_pools_for_http_proxies_.insert(
-          std::make_pair(
-              http_proxy,
-              new TransportClientSocketPool(
-                  sockets_per_proxy_server,
-                  sockets_per_group,
-                  host_resolver_,
-                  socket_factory_,
-                  net_log_)));
+      transport_socket_pools_for_http_proxies_.insert(std::make_pair(
+          http_proxy,
+          new TransportClientSocketPool(
+              sockets_per_proxy_server, sockets_per_group, host_resolver_,
+              socket_factory_, socket_performance_watcher_factory_, net_log_)));
   DCHECK(tcp_http_ret.second);
 
   std::pair<TransportSocketPoolMap::iterator, bool> tcp_https_ret =
-      transport_socket_pools_for_https_proxies_.insert(
-          std::make_pair(
-              http_proxy,
-              new TransportClientSocketPool(
-                  sockets_per_proxy_server,
-                  sockets_per_group,
-                  host_resolver_,
-                  socket_factory_,
-                  net_log_)));
+      transport_socket_pools_for_https_proxies_.insert(std::make_pair(
+          http_proxy,
+          new TransportClientSocketPool(
+              sockets_per_proxy_server, sockets_per_group, host_resolver_,
+              socket_factory_, socket_performance_watcher_factory_, net_log_)));
   DCHECK(tcp_https_ret.second);
 
   std::pair<SSLSocketPoolMap::iterator, bool> ssl_https_ret =
@@ -338,9 +330,9 @@ SSLClientSocketPool* ClientSocketPoolManagerImpl::GetSocketPoolForSSLWithProxy(
   return ret.first->second;
 }
 
-scoped_ptr<base::Value> ClientSocketPoolManagerImpl::SocketPoolInfoToValue()
-    const {
-  scoped_ptr<base::ListValue> list(new base::ListValue());
+std::unique_ptr<base::Value>
+ClientSocketPoolManagerImpl::SocketPoolInfoToValue() const {
+  std::unique_ptr<base::ListValue> list(new base::ListValue());
   list->Append(transport_socket_pool_->GetInfoAsValue("transport_socket_pool",
                                                 "transport_socket_pool",
                                                 false));
diff --git a/chromium/net/socket/client_socket_pool_manager_impl.h b/chromium/net/socket/client_socket_pool_manager_impl.h
index e0662f19037..3fae145a304 100644
--- a/chromium/net/socket/client_socket_pool_manager_impl.h
+++ b/chromium/net/socket/client_socket_pool_manager_impl.h
@@ -6,12 +6,12 @@
 #define NET_SOCKET_CLIENT_SOCKET_POOL_MANAGER_IMPL_H_
 
 #include <map>
+#include <memory>
 #include <type_traits>
 
 #include "base/compiler_specific.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/stl_util.h"
 #include "base/threading/non_thread_safe.h"
 #include "net/cert/cert_database.h"
@@ -27,6 +27,7 @@ class CTVerifier;
 class HttpProxyClientSocketPool;
 class HostResolver;
 class NetLog;
+class SocketPerformanceWatcherFactory;
 class SOCKSClientSocketPool;
 class SSLClientSocketPool;
 class SSLConfigService;
@@ -54,17 +55,19 @@ class ClientSocketPoolManagerImpl : public base::NonThreadSafe,
                                     public ClientSocketPoolManager,
                                     public CertDatabase::Observer {
  public:
-  ClientSocketPoolManagerImpl(NetLog* net_log,
-                              ClientSocketFactory* socket_factory,
-                              HostResolver* host_resolver,
-                              CertVerifier* cert_verifier,
-                              ChannelIDService* channel_id_service,
-                              TransportSecurityState* transport_security_state,
-                              CTVerifier* cert_transparency_verifier,
-                              CTPolicyEnforcer* ct_policy_enforcer,
-                              const std::string& ssl_session_cache_shard,
-                              SSLConfigService* ssl_config_service,
-                              HttpNetworkSession::SocketPoolType pool_type);
+  ClientSocketPoolManagerImpl(
+      NetLog* net_log,
+      ClientSocketFactory* socket_factory,
+      SocketPerformanceWatcherFactory* socket_performance_watcher_factory,
+      HostResolver* host_resolver,
+      CertVerifier* cert_verifier,
+      ChannelIDService* channel_id_service,
+      TransportSecurityState* transport_security_state,
+      CTVerifier* cert_transparency_verifier,
+      CTPolicyEnforcer* ct_policy_enforcer,
+      const std::string& ssl_session_cache_shard,
+      SSLConfigService* ssl_config_service,
+      HttpNetworkSession::SocketPoolType pool_type);
   ~ClientSocketPoolManagerImpl() override;
 
   void FlushSocketPoolsWithError(int error) override;
@@ -84,7 +87,7 @@ class ClientSocketPoolManagerImpl : public base::NonThreadSafe,
       const HostPortPair& proxy_server) override;
 
   // Creates a Value summary of the state of the socket pools.
-  scoped_ptr<base::Value> SocketPoolInfoToValue() const override;
+  std::unique_ptr<base::Value> SocketPoolInfoToValue() const override;
 
   // CertDatabase::Observer methods:
   void OnCertAdded(const X509Certificate* cert) override;
@@ -102,6 +105,7 @@ class ClientSocketPoolManagerImpl : public base::NonThreadSafe,
 
   NetLog* const net_log_;
   ClientSocketFactory* const socket_factory_;
+  SocketPerformanceWatcherFactory* socket_performance_watcher_factory_;
   HostResolver* const host_resolver_;
   CertVerifier* const cert_verifier_;
   ChannelIDService* const channel_id_service_;
@@ -114,8 +118,8 @@ class ClientSocketPoolManagerImpl : public base::NonThreadSafe,
 
   // Note: this ordering is important.
 
-  scoped_ptr<TransportClientSocketPool> transport_socket_pool_;
-  scoped_ptr<SSLClientSocketPool> ssl_socket_pool_;
+  std::unique_ptr<TransportClientSocketPool> transport_socket_pool_;
+  std::unique_ptr<SSLClientSocketPool> ssl_socket_pool_;
   TransportSocketPoolMap transport_socket_pools_for_socks_proxies_;
   SOCKSSocketPoolMap socks_socket_pools_;
   TransportSocketPoolMap transport_socket_pools_for_http_proxies_;
diff --git a/chromium/net/socket/fuzzed_socket.cc b/chromium/net/socket/fuzzed_socket.cc
new file mode 100644
index 00000000000..3894009d96d
--- /dev/null
+++ b/chromium/net/socket/fuzzed_socket.cc
@@ -0,0 +1,287 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/socket/fuzzed_socket.h"
+
+#include <algorithm>
+
+#include "base/bind.h"
+#include "base/location.h"
+#include "base/logging.h"
+#include "base/threading/thread_task_runner_handle.h"
+#include "net/base/fuzzed_data_provider.h"
+#include "net/base/io_buffer.h"
+
+namespace net {
+
+namespace {
+
+// Some of the socket errors that can be returned by normal socket connection
+// attempts.
+const Error kConnectErrors[] = {
+    ERR_CONNECTION_RESET,     ERR_CONNECTION_CLOSED, ERR_FAILED,
+    ERR_CONNECTION_TIMED_OUT, ERR_ACCESS_DENIED,     ERR_CONNECTION_REFUSED,
+    ERR_ADDRESS_UNREACHABLE};
+
+// Some of the socket errors that can be returned by normal socket reads /
+// writes. The first one is returned when no more input data remains, so it's
+// one of the most common ones.
+const Error kReadWriteErrors[] = {ERR_CONNECTION_CLOSED, ERR_FAILED,
+                                  ERR_TIMED_OUT, ERR_CONNECTION_RESET};
+
+}  // namespace
+
+FuzzedSocket::FuzzedSocket(FuzzedDataProvider* data_provider,
+                           net::NetLog* net_log)
+    : data_provider_(data_provider),
+      bound_net_log_(BoundNetLog::Make(net_log, NetLog::SOURCE_SOCKET)),
+      remote_address_(IPEndPoint(IPAddress::IPv4Localhost(), 80)),
+      weak_factory_(this) {}
+
+FuzzedSocket::~FuzzedSocket() {}
+
+int FuzzedSocket::Read(IOBuffer* buf,
+                       int buf_len,
+                       const CompletionCallback& callback) {
+  DCHECK(!connect_pending_);
+  DCHECK(!read_pending_);
+
+  bool sync;
+  int result;
+
+  if (net_error_ != OK) {
+    // If an error has already been generated, use it to determine what to do.
+    result = net_error_;
+    sync = !error_pending_;
+  } else {
+    // Otherwise, use |data_provider_|.
+    sync = data_provider_->ConsumeBool();
+    result = data_provider_->ConsumeUint8();
+    if (result > buf_len)
+      result = buf_len;
+
+    if (result > 0) {
+      base::StringPiece data = data_provider_->ConsumeBytes(result);
+      result = data.length();
+      std::copy(data.data(), data.data() + result, buf->data());
+    }
+
+    if (result == 0) {
+      net_error_ = ConsumeReadWriteErrorFromData();
+      result = net_error_;
+      if (!sync)
+        error_pending_ = true;
+    }
+  }
+
+  // Graceful close of a socket returns OK, at least in theory. This doesn't
+  // perfectly reflect real socket behavior, but close enough.
+  if (result == ERR_CONNECTION_CLOSED)
+    result = 0;
+
+  if (sync) {
+    if (result > 0)
+      total_bytes_read_ += result;
+    return result;
+  }
+
+  read_pending_ = true;
+  base::ThreadTaskRunnerHandle::Get()->PostTask(
+      FROM_HERE, base::Bind(&FuzzedSocket::OnReadComplete,
+                            weak_factory_.GetWeakPtr(), callback, result));
+  return ERR_IO_PENDING;
+}
+
+int FuzzedSocket::Write(IOBuffer* buf,
+                        int buf_len,
+                        const CompletionCallback& callback) {
+  DCHECK(!connect_pending_);
+  DCHECK(!write_pending_);
+
+  bool sync;
+  int result;
+
+  if (net_error_ != OK) {
+    // If an error has already been generated, use it to determine what to do.
+    result = net_error_;
+    sync = !error_pending_;
+  } else {
+    // Otherwise, use |data_|.
+    sync = data_provider_->ConsumeBool();
+    result = data_provider_->ConsumeUint8();
+    if (result > buf_len)
+      result = buf_len;
+    if (result == 0) {
+      net_error_ = ConsumeReadWriteErrorFromData();
+      result = net_error_;
+      if (!sync)
+        error_pending_ = true;
+    }
+  }
+
+  if (sync) {
+    if (result > 0)
+      total_bytes_written_ += result;
+    return result;
+  }
+
+  write_pending_ = true;
+  base::ThreadTaskRunnerHandle::Get()->PostTask(
+      FROM_HERE, base::Bind(&FuzzedSocket::OnWriteComplete,
+                            weak_factory_.GetWeakPtr(), callback, result));
+  return ERR_IO_PENDING;
+}
+
+int FuzzedSocket::SetReceiveBufferSize(int32_t size) {
+  return OK;
+}
+
+int FuzzedSocket::SetSendBufferSize(int32_t size) {
+  return OK;
+}
+
+int FuzzedSocket::Connect(const CompletionCallback& callback) {
+  // Sockets can normally be reused, but don't support it here.
+  DCHECK_NE(net_error_, OK);
+  DCHECK(!connect_pending_);
+  DCHECK(!read_pending_);
+  DCHECK(!write_pending_);
+  DCHECK(!error_pending_);
+  DCHECK(!total_bytes_read_);
+  DCHECK(!total_bytes_written_);
+
+  bool sync = true;
+  Error result = OK;
+  if (fuzz_connect_result_) {
+    // Decide if sync or async. Use async, if no data is left.
+    sync = data_provider_->ConsumeBool();
+    // Decide if the connect succeeds or not, and if so, pick an error code.
+    if (data_provider_->ConsumeBool()) {
+      result = kConnectErrors[data_provider_->ConsumeValueInRange(
+          0, arraysize(kConnectErrors) - 1)];
+    }
+  }
+
+  if (sync) {
+    net_error_ = result;
+    return result;
+  }
+
+  connect_pending_ = true;
+  if (result != OK)
+    error_pending_ = true;
+  base::ThreadTaskRunnerHandle::Get()->PostTask(
+      FROM_HERE, base::Bind(&FuzzedSocket::OnConnectComplete,
+                            weak_factory_.GetWeakPtr(), callback, result));
+  return ERR_IO_PENDING;
+}
+
+void FuzzedSocket::Disconnect() {
+  net_error_ = ERR_CONNECTION_CLOSED;
+  weak_factory_.InvalidateWeakPtrs();
+  connect_pending_ = false;
+  read_pending_ = false;
+  write_pending_ = false;
+  error_pending_ = false;
+}
+
+bool FuzzedSocket::IsConnected() const {
+  return net_error_ == OK && !error_pending_;
+}
+
+bool FuzzedSocket::IsConnectedAndIdle() const {
+  return IsConnected();
+}
+
+int FuzzedSocket::GetPeerAddress(IPEndPoint* address) const {
+  if (!IsConnected())
+    return ERR_SOCKET_NOT_CONNECTED;
+  *address = remote_address_;
+  return OK;
+}
+
+int FuzzedSocket::GetLocalAddress(IPEndPoint* address) const {
+  if (!IsConnected())
+    return ERR_SOCKET_NOT_CONNECTED;
+  *address = IPEndPoint(IPAddress(127, 0, 0, 1), 43434);
+  return OK;
+}
+
+const BoundNetLog& FuzzedSocket::NetLog() const {
+  return bound_net_log_;
+}
+
+void FuzzedSocket::SetSubresourceSpeculation() {}
+
+void FuzzedSocket::SetOmniboxSpeculation() {}
+
+bool FuzzedSocket::WasEverUsed() const {
+  return total_bytes_written_ != 0 || total_bytes_read_ != 0;
+}
+
+void FuzzedSocket::EnableTCPFastOpenIfSupported() {}
+
+bool FuzzedSocket::WasNpnNegotiated() const {
+  return false;
+}
+
+NextProto FuzzedSocket::GetNegotiatedProtocol() const {
+  return kProtoUnknown;
+}
+
+bool FuzzedSocket::GetSSLInfo(SSLInfo* ssl_info) {
+  return false;
+}
+
+void FuzzedSocket::GetConnectionAttempts(ConnectionAttempts* out) const {
+  out->clear();
+}
+
+void FuzzedSocket::ClearConnectionAttempts() {}
+
+void FuzzedSocket::AddConnectionAttempts(const ConnectionAttempts& attempts) {}
+
+int64_t FuzzedSocket::GetTotalReceivedBytes() const {
+  return total_bytes_read_;
+}
+
+Error FuzzedSocket::ConsumeReadWriteErrorFromData() {
+  return kReadWriteErrors[data_provider_->ConsumeValueInRange(
+      0, arraysize(kReadWriteErrors) - 1)];
+}
+
+void FuzzedSocket::OnReadComplete(const CompletionCallback& callback,
+                                  int result) {
+  CHECK(read_pending_);
+  read_pending_ = false;
+  if (result <= 0) {
+    error_pending_ = false;
+  } else {
+    total_bytes_read_ += result;
+  }
+  callback.Run(result);
+}
+
+void FuzzedSocket::OnWriteComplete(const CompletionCallback& callback,
+                                   int result) {
+  CHECK(write_pending_);
+  write_pending_ = false;
+  if (result <= 0) {
+    error_pending_ = false;
+  } else {
+    total_bytes_written_ += result;
+  }
+  callback.Run(result);
+}
+
+void FuzzedSocket::OnConnectComplete(const CompletionCallback& callback,
+                                     int result) {
+  CHECK(connect_pending_);
+  connect_pending_ = false;
+  if (result < 0)
+    error_pending_ = false;
+  callback.Run(result);
+}
+
+}  // namespace net
diff --git a/chromium/net/socket/fuzzed_socket.h b/chromium/net/socket/fuzzed_socket.h
new file mode 100644
index 00000000000..dd57f2e9f05
--- /dev/null
+++ b/chromium/net/socket/fuzzed_socket.h
@@ -0,0 +1,129 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_SOCKET_FUZZED_SOCKET_H
+#define NET_SOCKET_FUZZED_SOCKET_H
+
+#include <stdint.h>
+
+#include "base/macros.h"
+#include "base/memory/weak_ptr.h"
+#include "base/strings/string_piece.h"
+#include "net/base/completion_callback.h"
+#include "net/base/ip_endpoint.h"
+#include "net/base/net_errors.h"
+#include "net/log/net_log.h"
+#include "net/socket/stream_socket.h"
+
+namespace net {
+
+class FuzzedDataProvider;
+class IPEndPoint;
+class IOBuffer;
+
+// A StreamSocket that uses a FuzzedDataProvider to generate responses. Writes
+// can succeed synchronously or asynchronously, can write some or all of the
+// provided data, and can fail with several different errors. Reads can do the
+// same, but the read data is also generated from the FuzzedDataProvider. The
+// number of bytes written/read from a single call is currently capped at 255
+// bytes.
+//
+// Reads and writes are executed independently of one another, so to guarantee
+// the fuzzer behaves the same across repeated runs with the same input, the
+// reads and writes must be done in a deterministic order and for a
+// deterministic number of bytes, every time the fuzzer is run with the same
+// data.
+class FuzzedSocket : public StreamSocket {
+ public:
+  // |data_provider| is used as to determine behavior of the FuzzedSocket. It
+  // must remain valid until after the FuzzedSocket is destroyed.
+  FuzzedSocket(FuzzedDataProvider* data_provider, net::NetLog* net_log);
+  ~FuzzedSocket() override;
+
+  // If set to true, the socket will fuzz the result of the Connect() call.
+  // It can fail or succeed, and return synchronously or asynchronously. If
+  // false, Connect() succeeds synchronously. Defaults to false.
+  void set_fuzz_connect_result(bool fuzz_connect_result) {
+    fuzz_connect_result_ = fuzz_connect_result;
+  }
+
+  // Sets the remote address the socket claims to be using.
+  void set_remote_address(const IPEndPoint& remote_address) {
+    remote_address_ = remote_address;
+  }
+
+  // Socket implementation:
+  int Read(IOBuffer* buf,
+           int buf_len,
+           const CompletionCallback& callback) override;
+  int Write(IOBuffer* buf,
+            int buf_len,
+            const CompletionCallback& callback) override;
+  int SetReceiveBufferSize(int32_t size) override;
+  int SetSendBufferSize(int32_t size) override;
+
+  // StreamSocket implementation:
+  int Connect(const CompletionCallback& callback) override;
+  void Disconnect() override;
+  bool IsConnected() const override;
+  bool IsConnectedAndIdle() const override;
+  int GetPeerAddress(IPEndPoint* address) const override;
+  int GetLocalAddress(IPEndPoint* address) const override;
+  const BoundNetLog& NetLog() const override;
+  void SetSubresourceSpeculation() override;
+  void SetOmniboxSpeculation() override;
+  bool WasEverUsed() const override;
+  void EnableTCPFastOpenIfSupported() override;
+  bool WasNpnNegotiated() const override;
+  NextProto GetNegotiatedProtocol() const override;
+  bool GetSSLInfo(SSLInfo* ssl_info) override;
+  void GetConnectionAttempts(ConnectionAttempts* out) const override;
+  void ClearConnectionAttempts() override;
+  void AddConnectionAttempts(const ConnectionAttempts& attempts) override;
+  int64_t GetTotalReceivedBytes() const override;
+
+ private:
+  // Returns a net::Error that can be returned by a read or a write. Reads and
+  // writes return basically the same set of errors, at the TCP socket layer.
+  Error ConsumeReadWriteErrorFromData();
+
+  void OnReadComplete(const CompletionCallback& callback, int result);
+  void OnWriteComplete(const CompletionCallback& callback, int result);
+  void OnConnectComplete(const CompletionCallback& callback, int result);
+
+  FuzzedDataProvider* data_provider_;
+
+  // If true, the result of the Connect() call is fuzzed - it can succeed or
+  // fail with a variety of connection errors, and it can complete synchronously
+  // or asynchronously.
+  bool fuzz_connect_result_ = false;
+
+  bool connect_pending_ = false;
+  bool read_pending_ = false;
+  bool write_pending_ = false;
+
+  // This is true when the first callback returning an error is pending in the
+  // message queue. If true, the socket acts like it's connected until that task
+  // is run (Or Disconnect() is called), and reads / writes will return the same
+  // error asynchronously, until it becomes false, at which point they'll return
+  // it synchronously.
+  bool error_pending_ = false;
+  // If this is not OK, all reads/writes will fail with this error.
+  int net_error_ = ERR_CONNECTION_CLOSED;
+
+  int64_t total_bytes_read_ = 0;
+  int64_t total_bytes_written_ = 0;
+
+  BoundNetLog bound_net_log_;
+
+  IPEndPoint remote_address_;
+
+  base::WeakPtrFactory<FuzzedSocket> weak_factory_;
+
+  DISALLOW_COPY_AND_ASSIGN(FuzzedSocket);
+};
+
+}  // namespace net
+
+#endif  // NET_SOCKET_FUZZED_SOCKET_H
diff --git a/chromium/net/socket/fuzzed_socket_factory.cc b/chromium/net/socket/fuzzed_socket_factory.cc
new file mode 100644
index 00000000000..5c9199004b7
--- /dev/null
+++ b/chromium/net/socket/fuzzed_socket_factory.cc
@@ -0,0 +1,237 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/socket/fuzzed_socket_factory.h"
+
+#include "base/logging.h"
+#include "base/memory/ptr_util.h"
+#include "net/base/address_list.h"
+#include "net/base/ip_endpoint.h"
+#include "net/base/net_errors.h"
+#include "net/base/network_change_notifier.h"
+#include "net/log/net_log.h"
+#include "net/socket/client_socket_handle.h"
+#include "net/socket/connection_attempts.h"
+#include "net/socket/fuzzed_socket.h"
+#include "net/socket/ssl_client_socket.h"
+#include "net/ssl/ssl_failure_state.h"
+#include "net/udp/datagram_client_socket.h"
+
+namespace net {
+
+namespace {
+
+// Datagram ClientSocket implementation that always failed to connect.
+class FailingUDPClientSocket : public DatagramClientSocket {
+ public:
+  FailingUDPClientSocket() {}
+  ~FailingUDPClientSocket() override {}
+
+  // DatagramClientSocket implementation:
+  int Connect(const IPEndPoint& address) override { return ERR_FAILED; }
+
+  int ConnectUsingNetwork(NetworkChangeNotifier::NetworkHandle network,
+                          const IPEndPoint& address) override {
+    return ERR_FAILED;
+  }
+
+  int ConnectUsingDefaultNetwork(const IPEndPoint& address) override {
+    return ERR_FAILED;
+  }
+
+  NetworkChangeNotifier::NetworkHandle GetBoundNetwork() const override {
+    return -1;
+  }
+
+  // DatagramSocket implementation:
+  void Close() override {}
+
+  int GetPeerAddress(IPEndPoint* address) const override {
+    return ERR_SOCKET_NOT_CONNECTED;
+  }
+
+  int GetLocalAddress(IPEndPoint* address) const override {
+    return ERR_SOCKET_NOT_CONNECTED;
+  }
+
+  const BoundNetLog& NetLog() const override { return net_log_; }
+
+  // Socket implementation:
+  int Read(IOBuffer* buf,
+           int buf_len,
+           const CompletionCallback& callback) override {
+    NOTREACHED();
+    return ERR_UNEXPECTED;
+  }
+
+  int Write(IOBuffer* buf,
+            int buf_len,
+            const CompletionCallback& callback) override {
+    NOTREACHED();
+    return ERR_UNEXPECTED;
+  }
+
+  int SetReceiveBufferSize(int32_t size) override {
+    NOTREACHED();
+    return ERR_UNEXPECTED;
+  }
+
+  int SetSendBufferSize(int32_t size) override {
+    NOTREACHED();
+    return ERR_UNEXPECTED;
+  }
+
+  BoundNetLog net_log_;
+
+  DISALLOW_COPY_AND_ASSIGN(FailingUDPClientSocket);
+};
+
+// SSLClientSocket implementation that always fails to connect.
+class FailingSSLClientSocket : public SSLClientSocket {
+ public:
+  FailingSSLClientSocket() {}
+  ~FailingSSLClientSocket() override {}
+
+  // Socket implementation:
+  int Read(IOBuffer* buf,
+           int buf_len,
+           const CompletionCallback& callback) override {
+    NOTREACHED();
+    return ERR_UNEXPECTED;
+  }
+
+  int Write(IOBuffer* buf,
+            int buf_len,
+            const CompletionCallback& callback) override {
+    NOTREACHED();
+    return ERR_UNEXPECTED;
+  }
+
+  int SetReceiveBufferSize(int32_t size) override { return OK; }
+  int SetSendBufferSize(int32_t size) override { return OK; }
+
+  // StreamSocket implementation:
+  int Connect(const CompletionCallback& callback) override {
+    return ERR_FAILED;
+  }
+
+  void Disconnect() override {}
+  bool IsConnected() const override { return false; }
+  bool IsConnectedAndIdle() const override { return false; }
+
+  int GetPeerAddress(IPEndPoint* address) const override {
+    return ERR_SOCKET_NOT_CONNECTED;
+  }
+  int GetLocalAddress(IPEndPoint* address) const override {
+    return ERR_SOCKET_NOT_CONNECTED;
+  }
+
+  const BoundNetLog& NetLog() const override { return net_log_; }
+
+  void SetSubresourceSpeculation() override {}
+  void SetOmniboxSpeculation() override {}
+
+  bool WasEverUsed() const override { return false; }
+
+  void EnableTCPFastOpenIfSupported() override {}
+
+  bool WasNpnNegotiated() const override { return false; }
+
+  NextProto GetNegotiatedProtocol() const override { return kProtoUnknown; }
+
+  bool GetSSLInfo(SSLInfo* ssl_info) override { return false; }
+
+  void GetConnectionAttempts(ConnectionAttempts* out) const override {
+    out->clear();
+  }
+
+  void ClearConnectionAttempts() override {}
+
+  void AddConnectionAttempts(const ConnectionAttempts& attempts) override {}
+
+  int64_t GetTotalReceivedBytes() const override { return 0; }
+
+  // SSLSocket implementation:
+  int ExportKeyingMaterial(const base::StringPiece& label,
+                           bool has_context,
+                           const base::StringPiece& context,
+                           unsigned char* out,
+                           unsigned int outlen) override {
+    NOTREACHED();
+    return 0;
+  }
+
+  // SSLClientSocket implementation:
+  void GetSSLCertRequestInfo(SSLCertRequestInfo* cert_request_info) override {}
+
+  NextProtoStatus GetNextProto(std::string* proto) const override {
+    return NextProtoStatus::kNextProtoUnsupported;
+  }
+
+  ChannelIDService* GetChannelIDService() const override {
+    NOTREACHED();
+    return nullptr;
+  }
+
+  Error GetSignedEKMForTokenBinding(crypto::ECPrivateKey* key,
+                                    std::vector<uint8_t>* out) override {
+    NOTREACHED();
+    return ERR_UNEXPECTED;
+  }
+
+  crypto::ECPrivateKey* GetChannelIDKey() const override {
+    NOTREACHED();
+    return nullptr;
+  }
+
+  SSLFailureState GetSSLFailureState() const override {
+    return SSL_FAILURE_UNKNOWN;
+  }
+
+ private:
+  BoundNetLog net_log_;
+
+  DISALLOW_COPY_AND_ASSIGN(FailingSSLClientSocket);
+};
+
+}  // namespace
+
+FuzzedSocketFactory::FuzzedSocketFactory(FuzzedDataProvider* data_provider)
+    : data_provider_(data_provider) {}
+
+FuzzedSocketFactory::~FuzzedSocketFactory() {}
+
+std::unique_ptr<DatagramClientSocket>
+FuzzedSocketFactory::CreateDatagramClientSocket(
+    DatagramSocket::BindType bind_type,
+    const RandIntCallback& rand_int_cb,
+    NetLog* net_log,
+    const NetLog::Source& source) {
+  return base::WrapUnique(new FailingUDPClientSocket());
+}
+
+std::unique_ptr<StreamSocket> FuzzedSocketFactory::CreateTransportClientSocket(
+    const AddressList& addresses,
+    std::unique_ptr<SocketPerformanceWatcher> socket_performance_watcher,
+    NetLog* net_log,
+    const NetLog::Source& source) {
+  std::unique_ptr<FuzzedSocket> socket(
+      new FuzzedSocket(data_provider_, net_log));
+  socket->set_fuzz_connect_result(true);
+  // Just use the first address.
+  socket->set_remote_address(*addresses.begin());
+  return std::move(socket);
+}
+
+std::unique_ptr<SSLClientSocket> FuzzedSocketFactory::CreateSSLClientSocket(
+    std::unique_ptr<ClientSocketHandle> transport_socket,
+    const HostPortPair& host_and_port,
+    const SSLConfig& ssl_config,
+    const SSLClientSocketContext& context) {
+  return base::WrapUnique(new FailingSSLClientSocket());
+}
+
+void FuzzedSocketFactory::ClearSSLSessionCache() {}
+
+}  // namespace net
diff --git a/chromium/net/socket/fuzzed_socket_factory.h b/chromium/net/socket/fuzzed_socket_factory.h
new file mode 100644
index 00000000000..6b102ff8b8f
--- /dev/null
+++ b/chromium/net/socket/fuzzed_socket_factory.h
@@ -0,0 +1,64 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_SOCKET_FUZZED_SOCKET_FACTORY_H
+#define NET_SOCKET_FUZZED_SOCKET_FACTORY_H
+
+#include <memory>
+
+#include "base/macros.h"
+#include "net/socket/client_socket_factory.h"
+
+namespace net {
+
+class FuzzedDataProvider;
+
+// A socket factory that creates FuzzedSockets that share the same
+// FuzzedDataProvider. To behave consistently, the read operations on all
+// sockets must be the same, and in the same order (both on each socket, and
+// between sockets).
+//
+// Currently doesn't support UDP or SSL sockets - just returns sockets that
+// synchronously fail to connect when trying to create either type of socket.
+// TODO(mmenke): Add support for both types of socket.
+// TODO(mmenke): add fuzzing for generation of valid cryptographically signed
+// messages.
+class FuzzedSocketFactory : public ClientSocketFactory {
+ public:
+  // |data_provider| must outlive the FuzzedSocketFactory, and all sockets it
+  // creates. Other objects can also continue to consume |data_provider|, as
+  // long as their calls into it are made on the CLientSocketFactory's thread
+  // and the calls are deterministic.
+  explicit FuzzedSocketFactory(FuzzedDataProvider* data_provider);
+  ~FuzzedSocketFactory() override;
+
+  std::unique_ptr<DatagramClientSocket> CreateDatagramClientSocket(
+      DatagramSocket::BindType bind_type,
+      const RandIntCallback& rand_int_cb,
+      NetLog* net_log,
+      const NetLog::Source& source) override;
+
+  std::unique_ptr<StreamSocket> CreateTransportClientSocket(
+      const AddressList& addresses,
+      std::unique_ptr<SocketPerformanceWatcher> socket_performance_watcher,
+      NetLog* net_log,
+      const NetLog::Source& source) override;
+
+  std::unique_ptr<SSLClientSocket> CreateSSLClientSocket(
+      std::unique_ptr<ClientSocketHandle> transport_socket,
+      const HostPortPair& host_and_port,
+      const SSLConfig& ssl_config,
+      const SSLClientSocketContext& context) override;
+
+  void ClearSSLSessionCache() override;
+
+ private:
+  FuzzedDataProvider* data_provider_;
+
+  DISALLOW_COPY_AND_ASSIGN(FuzzedSocketFactory);
+};
+
+}  // namespace net
+
+#endif  // NET_SOCKET_FUZZED_SOCKET_FACTORY_H
diff --git a/chromium/net/socket/mock_client_socket_pool_manager.cc b/chromium/net/socket/mock_client_socket_pool_manager.cc
index bdf18f62d5f..668c303e84d 100644
--- a/chromium/net/socket/mock_client_socket_pool_manager.cc
+++ b/chromium/net/socket/mock_client_socket_pool_manager.cc
@@ -87,10 +87,10 @@ SSLClientSocketPool* MockClientSocketPoolManager::GetSocketPoolForSSLWithProxy(
   return NULL;
 }
 
-scoped_ptr<base::Value> MockClientSocketPoolManager::SocketPoolInfoToValue()
-    const {
+std::unique_ptr<base::Value>
+MockClientSocketPoolManager::SocketPoolInfoToValue() const {
   NOTIMPLEMENTED();
-  return scoped_ptr<base::Value>(nullptr);
+  return std::unique_ptr<base::Value>(nullptr);
 }
 
 }  // namespace net
diff --git a/chromium/net/socket/mock_client_socket_pool_manager.h b/chromium/net/socket/mock_client_socket_pool_manager.h
index e24b2fb3ae6..919ef32f3aa 100644
--- a/chromium/net/socket/mock_client_socket_pool_manager.h
+++ b/chromium/net/socket/mock_client_socket_pool_manager.h
@@ -37,7 +37,7 @@ class MockClientSocketPoolManager : public ClientSocketPoolManager {
       const HostPortPair& http_proxy) override;
   SSLClientSocketPool* GetSocketPoolForSSLWithProxy(
       const HostPortPair& proxy_server) override;
-  scoped_ptr<base::Value> SocketPoolInfoToValue() const override;
+  std::unique_ptr<base::Value> SocketPoolInfoToValue() const override;
 
  private:
   typedef internal::OwnedPoolMap<HostPortPair, TransportClientSocketPool*>
@@ -49,8 +49,8 @@ class MockClientSocketPoolManager : public ClientSocketPoolManager {
   typedef internal::OwnedPoolMap<HostPortPair, SSLClientSocketPool*>
       SSLSocketPoolMap;
 
-  scoped_ptr<TransportClientSocketPool> transport_socket_pool_;
-  scoped_ptr<SSLClientSocketPool> ssl_socket_pool_;
+  std::unique_ptr<TransportClientSocketPool> transport_socket_pool_;
+  std::unique_ptr<SSLClientSocketPool> ssl_socket_pool_;
   SOCKSSocketPoolMap socks_socket_pools_;
   HTTPProxySocketPoolMap http_proxy_socket_pools_;
   SSLSocketPoolMap ssl_socket_pools_for_proxies_;
diff --git a/chromium/net/socket/nss_ssl_util.cc b/chromium/net/socket/nss_ssl_util.cc
deleted file mode 100644
index 6d0064d0b94..00000000000
--- a/chromium/net/socket/nss_ssl_util.cc
+++ /dev/null
@@ -1,412 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "net/socket/nss_ssl_util.h"
-
-#include <nss.h>
-#include <secerr.h>
-#include <ssl.h>
-#include <sslerr.h>
-#include <sslproto.h>
-
-#include <string>
-#include <utility>
-
-#include "base/bind.h"
-#include "base/cpu.h"
-#include "base/lazy_instance.h"
-#include "base/logging.h"
-#include "base/memory/singleton.h"
-#include "base/threading/thread_restrictions.h"
-#include "base/values.h"
-#include "build/build_config.h"
-#include "crypto/nss_util.h"
-#include "net/base/net_errors.h"
-#include "net/base/nss_memio.h"
-#include "net/log/net_log.h"
-
-#if defined(OS_WIN)
-#include "base/win/windows_version.h"
-#endif
-
-namespace net {
-
-namespace {
-
-// CiphersRemove takes a zero-terminated array of cipher suite ids in
-// |to_remove| and sets every instance of them in |ciphers| to zero. It returns
-// true if it found and removed every element of |to_remove|. It assumes that
-// there are no duplicates in |ciphers| nor in |to_remove|.
-bool CiphersRemove(const uint16_t* to_remove, uint16_t* ciphers, size_t num) {
-  size_t i, found = 0;
-
-  for (i = 0; ; i++) {
-    if (to_remove[i] == 0)
-      break;
-
-    for (size_t j = 0; j < num; j++) {
-      if (to_remove[i] == ciphers[j]) {
-        ciphers[j] = 0;
-        found++;
-        break;
-      }
-    }
-  }
-
-  return found == i;
-}
-
-// CiphersCompact takes an array of cipher suite ids in |ciphers|, where some
-// entries are zero, and moves the entries so that all the non-zero elements
-// are compacted at the end of the array.
-void CiphersCompact(uint16_t* ciphers, size_t num) {
-  size_t j = num - 1;
-
-  for (size_t i = num - 1; i < num; i--) {
-    if (ciphers[i] == 0)
-      continue;
-    ciphers[j--] = ciphers[i];
-  }
-}
-
-// CiphersCopy copies the zero-terminated array |in| to |out|. It returns the
-// number of cipher suite ids copied.
-size_t CiphersCopy(const uint16_t* in, uint16_t* out) {
-  for (size_t i = 0; ; i++) {
-    if (in[i] == 0)
-      return i;
-    out[i] = in[i];
-  }
-}
-
-scoped_ptr<base::Value> NetLogSSLErrorCallback(
-    int net_error,
-    int ssl_lib_error,
-    NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
-  dict->SetInteger("net_error", net_error);
-  if (ssl_lib_error)
-    dict->SetInteger("ssl_lib_error", ssl_lib_error);
-  return std::move(dict);
-}
-
-class NSSSSLInitSingleton {
- public:
-  NSSSSLInitSingleton() : model_fd_(NULL) {
-    crypto::EnsureNSSInit();
-
-    NSS_SetDomesticPolicy();
-
-    const PRUint16* const ssl_ciphers = SSL_GetImplementedCiphers();
-    const PRUint16 num_ciphers = SSL_GetNumImplementedCiphers();
-
-    // Disable ECDSA cipher suites on platforms that do not support ECDSA
-    // signed certificates, as servers may use the presence of such
-    // ciphersuites as a hint to send an ECDSA certificate.
-    bool disableECDSA = false;
-#if defined(OS_WIN)
-    if (base::win::GetVersion() < base::win::VERSION_VISTA)
-      disableECDSA = true;
-#endif
-
-    // Explicitly enable exactly those ciphers with keys of at least 80 bits.
-    for (int i = 0; i < num_ciphers; i++) {
-      SSLCipherSuiteInfo info;
-      if (SSL_GetCipherSuiteInfo(ssl_ciphers[i], &info,
-                                 sizeof(info)) == SECSuccess) {
-        bool enabled = info.effectiveKeyBits >= 80;
-        if (info.authAlgorithm == ssl_auth_ecdsa && disableECDSA)
-          enabled = false;
-
-        // Trim the list of cipher suites in order to keep the size of the
-        // ClientHello down. DSS, ECDH, CAMELLIA, SEED, ECC+3DES, and
-        // HMAC-SHA256 cipher suites are disabled.
-        if (info.symCipher == ssl_calg_camellia ||
-            info.symCipher == ssl_calg_seed ||
-            (info.symCipher == ssl_calg_3des && info.keaType != ssl_kea_rsa) ||
-            info.authAlgorithm == ssl_auth_dsa ||
-            info.macAlgorithm == ssl_hmac_sha256 ||
-            info.nonStandard ||
-            strcmp(info.keaTypeName, "ECDH") == 0) {
-          enabled = false;
-        }
-
-        SSL_CipherPrefSetDefault(ssl_ciphers[i], enabled);
-      }
-    }
-
-    // Enable SSL.
-    SSL_OptionSetDefault(SSL_SECURITY, PR_TRUE);
-
-    // Calculate the order of ciphers that we'll use for NSS sockets. (Note
-    // that, even if a cipher is specified in the ordering, it must still be
-    // enabled in order to be included in a ClientHello.)
-    //
-    // Our top preference cipher suites are either forward-secret AES-GCM or
-    // forward-secret ChaCha20-Poly1305. If the local machine has AES-NI then
-    // we prefer AES-GCM, otherwise ChaCha20. The remainder of the cipher suite
-    // preference is inheriented from NSS. */
-    static const uint16_t chacha_ciphers[] = {
-        TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
-        TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
-        TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0,
-    };
-    static const uint16_t aes_gcm_ciphers[] = {
-        TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-        TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, 0,
-    };
-    scoped_ptr<uint16_t[]> ciphers(new uint16_t[num_ciphers]);
-    memcpy(ciphers.get(), ssl_ciphers, sizeof(uint16_t) * num_ciphers);
-
-    if (CiphersRemove(chacha_ciphers, ciphers.get(), num_ciphers) &&
-        CiphersRemove(aes_gcm_ciphers, ciphers.get(), num_ciphers)) {
-      CiphersCompact(ciphers.get(), num_ciphers);
-
-      const uint16_t* preference_ciphers = chacha_ciphers;
-      const uint16_t* other_ciphers = aes_gcm_ciphers;
-      base::CPU cpu;
-
-      if (cpu.has_aesni() && cpu.has_avx()) {
-        preference_ciphers = aes_gcm_ciphers;
-        other_ciphers = chacha_ciphers;
-      }
-      unsigned i = CiphersCopy(preference_ciphers, ciphers.get());
-      CiphersCopy(other_ciphers, &ciphers[i]);
-
-      if ((model_fd_ = memio_CreateIOLayer(1, 1)) == NULL ||
-          SSL_ImportFD(NULL, model_fd_) == NULL ||
-          SECSuccess !=
-              SSL_CipherOrderSet(model_fd_, ciphers.get(), num_ciphers)) {
-        NOTREACHED();
-        if (model_fd_) {
-          PR_Close(model_fd_);
-          model_fd_ = NULL;
-        }
-      }
-    }
-
-    // All other SSL options are set per-session by SSLClientSocket and
-    // SSLServerSocket.
-  }
-
-  PRFileDesc* GetModelSocket() {
-    return model_fd_;
-  }
-
-  ~NSSSSLInitSingleton() {
-    // Have to clear the cache, or NSS_Shutdown fails with SEC_ERROR_BUSY.
-    SSL_ClearSessionCache();
-    if (model_fd_)
-      PR_Close(model_fd_);
-  }
-
- private:
-  PRFileDesc* model_fd_;
-};
-
-base::LazyInstance<NSSSSLInitSingleton>::Leaky g_nss_ssl_init_singleton =
-    LAZY_INSTANCE_INITIALIZER;
-
-}  // anonymous namespace
-
-// Initialize the NSS SSL library if it isn't already initialized.  This must
-// be called before any other NSS SSL functions.  This function is
-// thread-safe, and the NSS SSL library will only ever be initialized once.
-// The NSS SSL library will be properly shut down on program exit.
-void EnsureNSSSSLInit() {
-  // Initializing SSL causes us to do blocking IO.
-  // Temporarily allow it until we fix
-  //   http://code.google.com/p/chromium/issues/detail?id=59847
-  base::ThreadRestrictions::ScopedAllowIO allow_io;
-
-  g_nss_ssl_init_singleton.Get();
-}
-
-PRFileDesc* GetNSSModelSocket() {
-  return g_nss_ssl_init_singleton.Get().GetModelSocket();
-}
-
-// Map a Chromium net error code to an NSS error code.
-// See _MD_unix_map_default_error in the NSS source
-// tree for inspiration.
-PRErrorCode MapErrorToNSS(int result) {
-  if (result >=0)
-    return result;
-
-  switch (result) {
-    case ERR_IO_PENDING:
-      return PR_WOULD_BLOCK_ERROR;
-    case ERR_ACCESS_DENIED:
-    case ERR_NETWORK_ACCESS_DENIED:
-      // For connect, this could be mapped to PR_ADDRESS_NOT_SUPPORTED_ERROR.
-      return PR_NO_ACCESS_RIGHTS_ERROR;
-    case ERR_NOT_IMPLEMENTED:
-      return PR_NOT_IMPLEMENTED_ERROR;
-    case ERR_SOCKET_NOT_CONNECTED:
-      return PR_NOT_CONNECTED_ERROR;
-    case ERR_INTERNET_DISCONNECTED:  // Equivalent to ENETDOWN.
-      return PR_NETWORK_UNREACHABLE_ERROR;  // Best approximation.
-    case ERR_CONNECTION_TIMED_OUT:
-    case ERR_TIMED_OUT:
-      return PR_IO_TIMEOUT_ERROR;
-    case ERR_CONNECTION_RESET:
-      return PR_CONNECT_RESET_ERROR;
-    case ERR_CONNECTION_ABORTED:
-      return PR_CONNECT_ABORTED_ERROR;
-    case ERR_CONNECTION_REFUSED:
-      return PR_CONNECT_REFUSED_ERROR;
-    case ERR_ADDRESS_UNREACHABLE:
-      return PR_HOST_UNREACHABLE_ERROR;  // Also PR_NETWORK_UNREACHABLE_ERROR.
-    case ERR_ADDRESS_INVALID:
-      return PR_ADDRESS_NOT_AVAILABLE_ERROR;
-    case ERR_NAME_NOT_RESOLVED:
-      return PR_DIRECTORY_LOOKUP_ERROR;
-    default:
-      LOG(WARNING) << "MapErrorToNSS " << result
-                   << " mapped to PR_UNKNOWN_ERROR";
-      return PR_UNKNOWN_ERROR;
-  }
-}
-
-// The default error mapping function.
-// Maps an NSS error code to a network error code.
-int MapNSSError(PRErrorCode err) {
-  // TODO(port): fill this out as we learn what's important
-  switch (err) {
-    case PR_WOULD_BLOCK_ERROR:
-      return ERR_IO_PENDING;
-    case PR_ADDRESS_NOT_SUPPORTED_ERROR:  // For connect.
-    case PR_NO_ACCESS_RIGHTS_ERROR:
-      return ERR_ACCESS_DENIED;
-    case PR_IO_TIMEOUT_ERROR:
-      return ERR_TIMED_OUT;
-    case PR_CONNECT_RESET_ERROR:
-      return ERR_CONNECTION_RESET;
-    case PR_CONNECT_ABORTED_ERROR:
-      return ERR_CONNECTION_ABORTED;
-    case PR_CONNECT_REFUSED_ERROR:
-      return ERR_CONNECTION_REFUSED;
-    case PR_NOT_CONNECTED_ERROR:
-      return ERR_SOCKET_NOT_CONNECTED;
-    case PR_HOST_UNREACHABLE_ERROR:
-    case PR_NETWORK_UNREACHABLE_ERROR:
-      return ERR_ADDRESS_UNREACHABLE;
-    case PR_ADDRESS_NOT_AVAILABLE_ERROR:
-      return ERR_ADDRESS_INVALID;
-    case PR_INVALID_ARGUMENT_ERROR:
-      return ERR_INVALID_ARGUMENT;
-    case PR_END_OF_FILE_ERROR:
-      return ERR_CONNECTION_CLOSED;
-    case PR_NOT_IMPLEMENTED_ERROR:
-      return ERR_NOT_IMPLEMENTED;
-
-    case SEC_ERROR_LIBRARY_FAILURE:
-      return ERR_UNEXPECTED;
-    case SEC_ERROR_INVALID_ARGS:
-      return ERR_INVALID_ARGUMENT;
-    case SEC_ERROR_NO_MEMORY:
-      return ERR_OUT_OF_MEMORY;
-    case SEC_ERROR_NO_KEY:
-      return ERR_SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY;
-    case SEC_ERROR_INVALID_KEY:
-    case SSL_ERROR_SIGN_HASHES_FAILURE:
-      LOG(ERROR) << "ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED: NSS error " << err
-                 << ", OS error " << PR_GetOSError();
-      return ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED;
-    // A handshake (initial or renegotiation) may fail because some signature
-    // (for example, the signature in the ServerKeyExchange message for an
-    // ephemeral Diffie-Hellman cipher suite) is invalid.
-    case SEC_ERROR_BAD_SIGNATURE:
-      return ERR_SSL_PROTOCOL_ERROR;
-
-    case SSL_ERROR_SSL_DISABLED:
-      return ERR_NO_SSL_VERSIONS_ENABLED;
-    case SSL_ERROR_NO_CYPHER_OVERLAP:
-    case SSL_ERROR_PROTOCOL_VERSION_ALERT:
-    case SSL_ERROR_UNSUPPORTED_VERSION:
-      return ERR_SSL_VERSION_OR_CIPHER_MISMATCH;
-    case SSL_ERROR_HANDSHAKE_FAILURE_ALERT:
-    case SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT:
-    case SSL_ERROR_ILLEGAL_PARAMETER_ALERT:
-      return ERR_SSL_PROTOCOL_ERROR;
-    case SSL_ERROR_DECOMPRESSION_FAILURE_ALERT:
-      return ERR_SSL_DECOMPRESSION_FAILURE_ALERT;
-    case SSL_ERROR_BAD_MAC_ALERT:
-      return ERR_SSL_BAD_RECORD_MAC_ALERT;
-    case SSL_ERROR_DECRYPT_ERROR_ALERT:
-      return ERR_SSL_DECRYPT_ERROR_ALERT;
-    case SSL_ERROR_UNRECOGNIZED_NAME_ALERT:
-      return ERR_SSL_UNRECOGNIZED_NAME_ALERT;
-    case SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY:
-      return ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY;
-    case SSL_ERROR_HANDSHAKE_NOT_COMPLETED:
-      return ERR_SSL_HANDSHAKE_NOT_COMPLETED;
-    case SEC_ERROR_BAD_KEY:
-    case SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE:
-    // TODO(wtc): the following errors may also occur in contexts unrelated
-    // to the peer's public key.  We should add new error codes for them, or
-    // map them to ERR_SSL_BAD_PEER_PUBLIC_KEY only in the right context.
-    // General unsupported/unknown key algorithm error.
-    case SEC_ERROR_UNSUPPORTED_KEYALG:
-    // General DER decoding errors.
-    case SEC_ERROR_BAD_DER:
-    case SEC_ERROR_EXTRA_INPUT:
-      return ERR_SSL_BAD_PEER_PUBLIC_KEY;
-    // During renegotiation, the server presented a different certificate than
-    // was used earlier.
-    case SSL_ERROR_WRONG_CERTIFICATE:
-      return ERR_SSL_SERVER_CERT_CHANGED;
-    case SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT:
-      return ERR_SSL_INAPPROPRIATE_FALLBACK;
-
-    default: {
-      const char* err_name = PR_ErrorToName(err);
-      if (err_name == NULL)
-        err_name = "";
-      if (IS_SSL_ERROR(err)) {
-        LOG(WARNING) << "Unknown SSL error " << err << " (" << err_name << ")"
-                     << " mapped to net::ERR_SSL_PROTOCOL_ERROR";
-        return ERR_SSL_PROTOCOL_ERROR;
-      }
-      LOG(WARNING) << "Unknown error " << err << " (" << err_name << ")"
-                   << " mapped to net::ERR_FAILED";
-      return ERR_FAILED;
-    }
-  }
-}
-
-// Returns parameters to attach to the NetLog when we receive an error in
-// response to a call to an NSS function.  Used instead of
-// NetLogSSLErrorCallback with events of type TYPE_SSL_NSS_ERROR.
-scoped_ptr<base::Value> NetLogSSLFailedNSSFunctionCallback(
-    const char* function,
-    const char* param,
-    int ssl_lib_error,
-    NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
-  dict->SetString("function", function);
-  if (param[0] != '\0')
-    dict->SetString("param", param);
-  dict->SetInteger("ssl_lib_error", ssl_lib_error);
-  return std::move(dict);
-}
-
-void LogFailedNSSFunction(const BoundNetLog& net_log,
-                          const char* function,
-                          const char* param) {
-  DCHECK(function);
-  DCHECK(param);
-  net_log.AddEvent(
-      NetLog::TYPE_SSL_NSS_ERROR,
-      base::Bind(&NetLogSSLFailedNSSFunctionCallback,
-                 function, param, PR_GetError()));
-}
-
-NetLog::ParametersCallback CreateNetLogSSLErrorCallback(int net_error,
-                                                        int ssl_lib_error) {
-  return base::Bind(&NetLogSSLErrorCallback, net_error, ssl_lib_error);
-}
-
-}  // namespace net
diff --git a/chromium/net/socket/nss_ssl_util.h b/chromium/net/socket/nss_ssl_util.h
deleted file mode 100644
index 5d9ec7e04e8..00000000000
--- a/chromium/net/socket/nss_ssl_util.h
+++ /dev/null
@@ -1,46 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-// This file is only included in ssl_client_socket_nss.cc and
-// ssl_server_socket_nss.cc to share common functions of NSS.
-
-#ifndef NET_SOCKET_NSS_SSL_UTIL_H_
-#define NET_SOCKET_NSS_SSL_UTIL_H_
-
-#include <prerror.h>
-#include <prio.h>
-
-#include "net/base/net_export.h"
-#include "net/log/net_log.h"
-
-namespace net {
-
-class BoundNetLog;
-
-// Initalize NSS SSL library.
-NET_EXPORT void EnsureNSSSSLInit();
-
-// Log a failed NSS funcion call.
-void LogFailedNSSFunction(const BoundNetLog& net_log,
-                          const char* function,
-                          const char* param);
-
-// Map network error code to NSS error code.
-PRErrorCode MapErrorToNSS(int result);
-
-// GetNSSModelSocket returns either NULL, or an NSS socket that can be passed
-// to |SSL_ImportFD| in order to inherit some default options.
-PRFileDesc* GetNSSModelSocket();
-
-// Map NSS error code to network error code.
-int MapNSSError(PRErrorCode err);
-
-// Creates a NetLog callback for an SSL error.
-NetLog::ParametersCallback CreateNetLogSSLErrorCallback(int net_error,
-                                                        int ssl_lib_error);
-
-
-}  // namespace net
-
-#endif  // NET_SOCKET_NSS_SSL_UTIL_H_
diff --git a/chromium/net/socket/sequenced_socket_data_unittest.cc b/chromium/net/socket/sequenced_socket_data_unittest.cc
index c27fd615fd4..6a732e98f43 100644
--- a/chromium/net/socket/sequenced_socket_data_unittest.cc
+++ b/chromium/net/socket/sequenced_socket_data_unittest.cc
@@ -2,11 +2,11 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include <memory>
 #include <string>
 
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/run_loop.h"
 #include "net/base/io_buffer.h"
 #include "net/base/test_completion_callback.h"
@@ -213,7 +213,7 @@ class SequencedSocketDataTest : public testing::Test {
 
  private:
   MockConnect connect_data_;
-  scoped_ptr<SequencedSocketData> data_;
+  std::unique_ptr<SequencedSocketData> data_;
 
   const HostPortPair endpoint_;
   scoped_refptr<TransportSocketParams> tcp_params_;
diff --git a/chromium/net/socket/server_socket.h b/chromium/net/socket/server_socket.h
index a0794f16dee..9ad5cf81b93 100644
--- a/chromium/net/socket/server_socket.h
+++ b/chromium/net/socket/server_socket.h
@@ -7,10 +7,10 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/completion_callback.h"
 #include "net/base/net_export.h"
 
@@ -39,7 +39,7 @@ class NET_EXPORT ServerSocket {
 
   // Accepts connection. Callback is called when new connection is
   // accepted.
-  virtual int Accept(scoped_ptr<StreamSocket>* socket,
+  virtual int Accept(std::unique_ptr<StreamSocket>* socket,
                      const CompletionCallback& callback) = 0;
 
  private:
diff --git a/chromium/net/socket/socket_descriptor.cc b/chromium/net/socket/socket_descriptor.cc
index 0822d2d9983..b10f2dcb41d 100644
--- a/chromium/net/socket/socket_descriptor.cc
+++ b/chromium/net/socket/socket_descriptor.cc
@@ -11,7 +11,6 @@
 
 #if defined(OS_WIN)
 #include <ws2tcpip.h>
-#include "base/win/windows_version.h"
 #include "net/base/winsock_init.h"
 #endif
 
@@ -22,8 +21,7 @@ SocketDescriptor CreatePlatformSocket(int family, int type, int protocol) {
   EnsureWinsockInit();
   SocketDescriptor result = ::WSASocket(family, type, protocol, nullptr, 0,
                                         WSA_FLAG_OVERLAPPED);
-  if (result != kInvalidSocket && family == AF_INET6 &&
-      base::win::OSInfo::GetInstance()->version() >= base::win::VERSION_VISTA) {
+  if (result != kInvalidSocket && family == AF_INET6) {
     DWORD value = 0;
     if (setsockopt(result, IPPROTO_IPV6, IPV6_V6ONLY,
                    reinterpret_cast<const char*>(&value), sizeof(value))) {
diff --git a/chromium/net/socket/socket_net_log_params.cc b/chromium/net/socket/socket_net_log_params.cc
index 347644ac06d..d53bd8a6286 100644
--- a/chromium/net/socket/socket_net_log_params.cc
+++ b/chromium/net/socket/socket_net_log_params.cc
@@ -15,37 +15,37 @@ namespace net {
 
 namespace {
 
-scoped_ptr<base::Value> NetLogSocketErrorCallback(
+std::unique_ptr<base::Value> NetLogSocketErrorCallback(
     int net_error,
     int os_error,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetInteger("net_error", net_error);
   dict->SetInteger("os_error", os_error);
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogHostPortPairCallback(
+std::unique_ptr<base::Value> NetLogHostPortPairCallback(
     const HostPortPair* host_and_port,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetString("host_and_port", host_and_port->ToString());
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogIPEndPointCallback(
+std::unique_ptr<base::Value> NetLogIPEndPointCallback(
     const IPEndPoint* address,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetString("address", address->ToString());
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogSourceAddressCallback(
+std::unique_ptr<base::Value> NetLogSourceAddressCallback(
     const struct sockaddr* net_address,
     socklen_t address_len,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   IPEndPoint ipe;
   bool result = ipe.FromSockAddr(net_address, address_len);
   DCHECK(result);
diff --git a/chromium/net/base/socket_performance_watcher.h b/chromium/net/socket/socket_performance_watcher.h
index 74413679890..8665cbdcb5e 100644
--- a/chromium/net/base/socket_performance_watcher.h
+++ b/chromium/net/socket/socket_performance_watcher.h
@@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#ifndef NET_BASE_SOCKET_PERFORMANCE_WATCHER_H_
-#define NET_BASE_SOCKET_PERFORMANCE_WATCHER_H_
+#ifndef NET_SOCKET_SOCKET_PERFORMANCE_WATCHER_H_
+#define NET_SOCKET_SOCKET_PERFORMANCE_WATCHER_H_
 
 #include "net/base/net_export.h"
 
@@ -40,4 +40,4 @@ class NET_EXPORT_PRIVATE SocketPerformanceWatcher {
 
 }  // namespace net
 
-#endif  // NET_BASE_SOCKET_PERFORMANCE_WATCHER_H_
+#endif  // NET_SOCKET_SOCKET_PERFORMANCE_WATCHER_H_
diff --git a/chromium/net/base/socket_performance_watcher_factory.h b/chromium/net/socket/socket_performance_watcher_factory.h
index df54e597efe..79648204fbc 100644
--- a/chromium/net/base/socket_performance_watcher_factory.h
+++ b/chromium/net/socket/socket_performance_watcher_factory.h
@@ -2,11 +2,12 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#ifndef NET_BASE_SOCKET_PERFORMANCE_WATCHER_FACTORY_H_
-#define NET_BASE_SOCKET_PERFORMANCE_WATCHER_FACTORY_H_
+#ifndef NET_SOCKET_SOCKET_PERFORMANCE_WATCHER_FACTORY_H_
+#define NET_SOCKET_SOCKET_PERFORMANCE_WATCHER_FACTORY_H_
+
+#include <memory>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 
 namespace net {
@@ -27,8 +28,8 @@ class NET_EXPORT_PRIVATE SocketPerformanceWatcherFactory {
   // single socket that uses |protocol| as the transport layer protocol.
   // Implementations must return a valid, unique SocketRecorder for every call;
   // recorders must not be shared across calls or objects, nor is nullptr valid.
-  virtual scoped_ptr<SocketPerformanceWatcher> CreateSocketPerformanceWatcher(
-      const Protocol protocol) = 0;
+  virtual std::unique_ptr<SocketPerformanceWatcher>
+  CreateSocketPerformanceWatcher(const Protocol protocol) = 0;
 
  protected:
   SocketPerformanceWatcherFactory() {}
@@ -39,4 +40,4 @@ class NET_EXPORT_PRIVATE SocketPerformanceWatcherFactory {
 
 }  // namespace net
 
-#endif  // NET_BASE_SOCKET_PERFORMANCE_WATCHER_FACTORY_H_
+#endif  // NET_SOCKET_SOCKET_PERFORMANCE_WATCHER_FACTORY_H_
diff --git a/chromium/net/socket/socket_posix.cc b/chromium/net/socket/socket_posix.cc
index ca8b04f09a4..19d4343fa42 100644
--- a/chromium/net/socket/socket_posix.cc
+++ b/chromium/net/socket/socket_posix.cc
@@ -142,7 +142,7 @@ int SocketPosix::Listen(int backlog) {
   return OK;
 }
 
-int SocketPosix::Accept(scoped_ptr<SocketPosix>* socket,
+int SocketPosix::Accept(std::unique_ptr<SocketPosix>* socket,
                         const CompletionCallback& callback) {
   DCHECK(thread_checker_.CalledOnValidThread());
   DCHECK_NE(kInvalidSocket, socket_fd_);
@@ -367,7 +367,7 @@ void SocketPosix::OnFileCanWriteWithoutBlocking(int fd) {
   }
 }
 
-int SocketPosix::DoAccept(scoped_ptr<SocketPosix>* socket) {
+int SocketPosix::DoAccept(std::unique_ptr<SocketPosix>* socket) {
   SockaddrStorage new_peer_address;
   int new_socket = HANDLE_EINTR(accept(socket_fd_,
                                        new_peer_address.addr,
@@ -375,7 +375,7 @@ int SocketPosix::DoAccept(scoped_ptr<SocketPosix>* socket) {
   if (new_socket < 0)
     return MapAcceptError(errno);
 
-  scoped_ptr<SocketPosix> accepted_socket(new SocketPosix);
+  std::unique_ptr<SocketPosix> accepted_socket(new SocketPosix);
   int rv = accepted_socket->AdoptConnectedSocket(new_socket, new_peer_address);
   if (rv != OK)
     return rv;
diff --git a/chromium/net/socket/socket_posix.h b/chromium/net/socket/socket_posix.h
index f6df5292bf6..956552abb89 100644
--- a/chromium/net/socket/socket_posix.h
+++ b/chromium/net/socket/socket_posix.h
@@ -5,10 +5,11 @@
 #ifndef NET_SOCKET_SOCKET_POSIX_H_
 #define NET_SOCKET_SOCKET_POSIX_H_
 
+#include <memory>
+
 #include "base/compiler_specific.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/message_loop/message_loop.h"
 #include "base/threading/thread_checker.h"
 #include "net/base/completion_callback.h"
@@ -39,7 +40,7 @@ class NET_EXPORT_PRIVATE SocketPosix : public base::MessageLoopForIO::Watcher {
   int Bind(const SockaddrStorage& address);
 
   int Listen(int backlog);
-  int Accept(scoped_ptr<SocketPosix>* socket,
+  int Accept(std::unique_ptr<SocketPosix>* socket,
              const CompletionCallback& callback);
 
   // Connects socket. On non-ERR_IO_PENDING error, sets errno and returns a net
@@ -87,7 +88,7 @@ class NET_EXPORT_PRIVATE SocketPosix : public base::MessageLoopForIO::Watcher {
   void OnFileCanReadWithoutBlocking(int fd) override;
   void OnFileCanWriteWithoutBlocking(int fd) override;
 
-  int DoAccept(scoped_ptr<SocketPosix>* socket);
+  int DoAccept(std::unique_ptr<SocketPosix>* socket);
   void AcceptCompleted();
 
   int DoConnect();
@@ -104,7 +105,7 @@ class NET_EXPORT_PRIVATE SocketPosix : public base::MessageLoopForIO::Watcher {
   SocketDescriptor socket_fd_;
 
   base::MessageLoopForIO::FileDescriptorWatcher accept_socket_watcher_;
-  scoped_ptr<SocketPosix>* accept_socket_;
+  std::unique_ptr<SocketPosix>* accept_socket_;
   CompletionCallback accept_callback_;
 
   base::MessageLoopForIO::FileDescriptorWatcher read_socket_watcher_;
@@ -123,7 +124,7 @@ class NET_EXPORT_PRIVATE SocketPosix : public base::MessageLoopForIO::Watcher {
   // called when connect is complete.
   bool waiting_connect_;
 
-  scoped_ptr<SockaddrStorage> peer_address_;
+  std::unique_ptr<SockaddrStorage> peer_address_;
 
   base::ThreadChecker thread_checker_;
 
diff --git a/chromium/net/socket/socket_test_util.cc b/chromium/net/socket/socket_test_util.cc
index f6b2e098feb..d21e5d4ad91 100644
--- a/chromium/net/socket/socket_test_util.cc
+++ b/chromium/net/socket/socket_test_util.cc
@@ -13,9 +13,10 @@
 #include "base/compiler_specific.h"
 #include "base/location.h"
 #include "base/logging.h"
+#include "base/memory/ptr_util.h"
 #include "base/run_loop.h"
 #include "base/single_thread_task_runner.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/time/time.h"
 #include "net/base/address_family.h"
 #include "net/base/address_list.h"
@@ -710,14 +711,14 @@ void MockClientSocketFactory::ResetNextMockIndexes() {
   mock_ssl_data_.ResetNextIndex();
 }
 
-scoped_ptr<DatagramClientSocket>
+std::unique_ptr<DatagramClientSocket>
 MockClientSocketFactory::CreateDatagramClientSocket(
     DatagramSocket::BindType bind_type,
     const RandIntCallback& rand_int_cb,
     NetLog* net_log,
     const NetLog::Source& source) {
   SocketDataProvider* data_provider = mock_data_.GetNext();
-  scoped_ptr<MockUDPClientSocket> socket(
+  std::unique_ptr<MockUDPClientSocket> socket(
       new MockUDPClientSocket(data_provider, net_log));
   if (bind_type == DatagramSocket::RANDOM_BIND)
     socket->set_source_port(
@@ -726,18 +727,20 @@ MockClientSocketFactory::CreateDatagramClientSocket(
   return std::move(socket);
 }
 
-scoped_ptr<StreamSocket> MockClientSocketFactory::CreateTransportClientSocket(
+std::unique_ptr<StreamSocket>
+MockClientSocketFactory::CreateTransportClientSocket(
     const AddressList& addresses,
+    std::unique_ptr<SocketPerformanceWatcher> socket_performance_watcher,
     NetLog* net_log,
     const NetLog::Source& source) {
   SocketDataProvider* data_provider = mock_data_.GetNext();
-  scoped_ptr<MockTCPClientSocket> socket(
+  std::unique_ptr<MockTCPClientSocket> socket(
       new MockTCPClientSocket(addresses, net_log, data_provider));
   return std::move(socket);
 }
 
-scoped_ptr<SSLClientSocket> MockClientSocketFactory::CreateSSLClientSocket(
-    scoped_ptr<ClientSocketHandle> transport_socket,
+std::unique_ptr<SSLClientSocket> MockClientSocketFactory::CreateSSLClientSocket(
+    std::unique_ptr<ClientSocketHandle> transport_socket,
     const HostPortPair& host_and_port,
     const SSLConfig& ssl_config,
     const SSLClientSocketContext& context) {
@@ -750,7 +753,7 @@ scoped_ptr<SSLClientSocket> MockClientSocketFactory::CreateSSLClientSocket(
                    next_ssl_data->next_protos_expected_in_ssl_config.end(),
                    ssl_config.alpn_protos.begin()));
   }
-  return scoped_ptr<SSLClientSocket>(new MockSSLClientSocket(
+  return std::unique_ptr<SSLClientSocket>(new MockSSLClientSocket(
       std::move(transport_socket), host_and_port, ssl_config, next_ssl_data));
 }
 
@@ -1137,15 +1140,14 @@ void MockSSLClientSocket::ConnectCallback(
 }
 
 MockSSLClientSocket::MockSSLClientSocket(
-    scoped_ptr<ClientSocketHandle> transport_socket,
+    std::unique_ptr<ClientSocketHandle> transport_socket,
     const HostPortPair& host_port_pair,
     const SSLConfig& ssl_config,
     SSLSocketDataProvider* data)
     : MockClientSocket(
           // Have to use the right BoundNetLog for LoadTimingInfo regression
           // tests.
-          transport_socket->socket()
-              ->NetLog()),
+          transport_socket->socket()->NetLog()),
       transport_(std::move(transport_socket)),
       data_(data) {
   DCHECK(data_);
@@ -1524,7 +1526,7 @@ int ClientSocketPoolTest::GetOrderOfRequest(size_t index) const {
 }
 
 bool ClientSocketPoolTest::ReleaseOneConnection(KeepAlive keep_alive) {
-  for (scoped_ptr<TestSocketRequest>& it : requests_) {
+  for (std::unique_ptr<TestSocketRequest>& it : requests_) {
     if (it->handle()->is_initialized()) {
       if (keep_alive == NO_KEEP_ALIVE)
         it->handle()->socket()->Disconnect();
@@ -1544,7 +1546,7 @@ void ClientSocketPoolTest::ReleaseAllConnections(KeepAlive keep_alive) {
 }
 
 MockTransportClientSocketPool::MockConnectJob::MockConnectJob(
-    scoped_ptr<StreamSocket> socket,
+    std::unique_ptr<StreamSocket> socket,
     ClientSocketHandle* handle,
     const CompletionCallback& callback)
     : socket_(std::move(socket)), handle_(handle), user_callback_(callback) {}
@@ -1612,12 +1614,12 @@ MockTransportClientSocketPool::MockTransportClientSocketPool(
                                 max_sockets_per_group,
                                 NULL,
                                 NULL,
+                                NULL,
                                 NULL),
       client_socket_factory_(socket_factory),
       last_request_priority_(DEFAULT_PRIORITY),
       release_count_(0),
-      cancel_count_(0) {
-}
+      cancel_count_(0) {}
 
 MockTransportClientSocketPool::~MockTransportClientSocketPool() {}
 
@@ -1630,18 +1632,18 @@ int MockTransportClientSocketPool::RequestSocket(
     const CompletionCallback& callback,
     const BoundNetLog& net_log) {
   last_request_priority_ = priority;
-  scoped_ptr<StreamSocket> socket =
+  std::unique_ptr<StreamSocket> socket =
       client_socket_factory_->CreateTransportClientSocket(
-          AddressList(), net_log.net_log(), NetLog::Source());
+          AddressList(), NULL, net_log.net_log(), NetLog::Source());
   MockConnectJob* job = new MockConnectJob(std::move(socket), handle, callback);
-  job_list_.push_back(make_scoped_ptr(job));
+  job_list_.push_back(base::WrapUnique(job));
   handle->set_pool_id(1);
   return job->Connect();
 }
 
 void MockTransportClientSocketPool::CancelRequest(const std::string& group_name,
                                                   ClientSocketHandle* handle) {
-  for (scoped_ptr<MockConnectJob>& it : job_list_) {
+  for (std::unique_ptr<MockConnectJob>& it : job_list_) {
     if (it->CancelHandle(handle)) {
       cancel_count_++;
       break;
@@ -1651,7 +1653,7 @@ void MockTransportClientSocketPool::CancelRequest(const std::string& group_name,
 
 void MockTransportClientSocketPool::ReleaseSocket(
     const std::string& group_name,
-    scoped_ptr<StreamSocket> socket,
+    std::unique_ptr<StreamSocket> socket,
     int id) {
   EXPECT_EQ(1, id);
   release_count_++;
@@ -1665,9 +1667,9 @@ MockSOCKSClientSocketPool::MockSOCKSClientSocketPool(
                             max_sockets_per_group,
                             NULL,
                             transport_pool,
+                            NULL,
                             NULL),
-      transport_pool_(transport_pool) {
-}
+      transport_pool_(transport_pool) {}
 
 MockSOCKSClientSocketPool::~MockSOCKSClientSocketPool() {}
 
@@ -1689,9 +1691,10 @@ void MockSOCKSClientSocketPool::CancelRequest(
   return transport_pool_->CancelRequest(group_name, handle);
 }
 
-void MockSOCKSClientSocketPool::ReleaseSocket(const std::string& group_name,
-                                              scoped_ptr<StreamSocket> socket,
-                                              int id) {
+void MockSOCKSClientSocketPool::ReleaseSocket(
+    const std::string& group_name,
+    std::unique_ptr<StreamSocket> socket,
+    int id) {
   return transport_pool_->ReleaseSocket(group_name, std::move(socket), id);
 }
 
diff --git a/chromium/net/socket/socket_test_util.h b/chromium/net/socket/socket_test_util.h
index dada520bd0d..3d118679758 100644
--- a/chromium/net/socket/socket_test_util.h
+++ b/chromium/net/socket/socket_test_util.h
@@ -10,14 +10,15 @@
 
 #include <cstring>
 #include <deque>
+#include <memory>
 #include <string>
 #include <vector>
 
 #include "base/callback.h"
 #include "base/logging.h"
 #include "base/macros.h"
+#include "base/memory/ptr_util.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/scoped_vector.h"
 #include "base/memory/weak_ptr.h"
 #include "base/strings/string16.h"
@@ -32,6 +33,7 @@
 #include "net/socket/client_socket_factory.h"
 #include "net/socket/client_socket_handle.h"
 #include "net/socket/connection_attempts.h"
+#include "net/socket/socket_performance_watcher.h"
 #include "net/socket/socks_client_socket_pool.h"
 #include "net/socket/ssl_client_socket.h"
 #include "net/socket/ssl_client_socket_pool.h"
@@ -453,7 +455,7 @@ class SequencedSocketData : public SocketDataProvider {
   bool is_using_tcp_fast_open_;
 
   // Used by RunUntilPaused.  NULL at all other times.
-  scoped_ptr<base::RunLoop> run_until_paused_run_loop_;
+  std::unique_ptr<base::RunLoop> run_until_paused_run_loop_;
 
   base::WeakPtrFactory<SequencedSocketData> weak_factory_;
 
@@ -514,17 +516,18 @@ class MockClientSocketFactory : public ClientSocketFactory {
   }
 
   // ClientSocketFactory
-  scoped_ptr<DatagramClientSocket> CreateDatagramClientSocket(
+  std::unique_ptr<DatagramClientSocket> CreateDatagramClientSocket(
       DatagramSocket::BindType bind_type,
       const RandIntCallback& rand_int_cb,
       NetLog* net_log,
       const NetLog::Source& source) override;
-  scoped_ptr<StreamSocket> CreateTransportClientSocket(
+  std::unique_ptr<StreamSocket> CreateTransportClientSocket(
       const AddressList& addresses,
+      std::unique_ptr<SocketPerformanceWatcher> socket_performance_watcher,
       NetLog* net_log,
       const NetLog::Source& source) override;
-  scoped_ptr<SSLClientSocket> CreateSSLClientSocket(
-      scoped_ptr<ClientSocketHandle> transport_socket,
+  std::unique_ptr<SSLClientSocket> CreateSSLClientSocket(
+      std::unique_ptr<ClientSocketHandle> transport_socket,
       const HostPortPair& host_and_port,
       const SSLConfig& ssl_config,
       const SSLClientSocketContext& context) override;
@@ -673,7 +676,7 @@ class MockTCPClientSocket : public MockClientSocket, public AsyncSocket {
 
 class MockSSLClientSocket : public MockClientSocket, public AsyncSocket {
  public:
-  MockSSLClientSocket(scoped_ptr<ClientSocketHandle> transport_socket,
+  MockSSLClientSocket(std::unique_ptr<ClientSocketHandle> transport_socket,
                       const HostPortPair& host_and_port,
                       const SSLConfig& ssl_config,
                       SSLSocketDataProvider* socket);
@@ -718,7 +721,7 @@ class MockSSLClientSocket : public MockClientSocket, public AsyncSocket {
                               const CompletionCallback& callback,
                               int rv);
 
-  scoped_ptr<ClientSocketHandle> transport_;
+  std::unique_ptr<ClientSocketHandle> transport_;
   SSLSocketDataProvider* data_;
 
   DISALLOW_COPY_AND_ASSIGN(MockSSLClientSocket);
@@ -839,7 +842,7 @@ class ClientSocketPoolTest {
     DCHECK(socket_pool);
     TestSocketRequest* request(
         new TestSocketRequest(&request_order_, &completion_count_));
-    requests_.push_back(make_scoped_ptr(request));
+    requests_.push_back(base::WrapUnique(request));
     int rv = request->handle()->Init(group_name, socket_params, priority,
                                      respect_limits, request->callback(),
                                      socket_pool, BoundNetLog());
@@ -866,11 +869,13 @@ class ClientSocketPoolTest {
   TestSocketRequest* request(int i) { return requests_[i].get(); }
 
   size_t requests_size() const { return requests_.size(); }
-  std::vector<scoped_ptr<TestSocketRequest>>* requests() { return &requests_; }
+  std::vector<std::unique_ptr<TestSocketRequest>>* requests() {
+    return &requests_;
+  }
   size_t completion_count() const { return completion_count_; }
 
  private:
-  std::vector<scoped_ptr<TestSocketRequest>> requests_;
+  std::vector<std::unique_ptr<TestSocketRequest>> requests_;
   std::vector<TestSocketRequest*> request_order_;
   size_t completion_count_;
 
@@ -892,7 +897,7 @@ class MockTransportClientSocketPool : public TransportClientSocketPool {
 
   class MockConnectJob {
    public:
-    MockConnectJob(scoped_ptr<StreamSocket> socket,
+    MockConnectJob(std::unique_ptr<StreamSocket> socket,
                    ClientSocketHandle* handle,
                    const CompletionCallback& callback);
     ~MockConnectJob();
@@ -903,7 +908,7 @@ class MockTransportClientSocketPool : public TransportClientSocketPool {
    private:
     void OnConnect(int rv);
 
-    scoped_ptr<StreamSocket> socket_;
+    std::unique_ptr<StreamSocket> socket_;
     ClientSocketHandle* handle_;
     CompletionCallback user_callback_;
 
@@ -934,12 +939,12 @@ class MockTransportClientSocketPool : public TransportClientSocketPool {
   void CancelRequest(const std::string& group_name,
                      ClientSocketHandle* handle) override;
   void ReleaseSocket(const std::string& group_name,
-                     scoped_ptr<StreamSocket> socket,
+                     std::unique_ptr<StreamSocket> socket,
                      int id) override;
 
  private:
   ClientSocketFactory* client_socket_factory_;
-  std::vector<scoped_ptr<MockConnectJob>> job_list_;
+  std::vector<std::unique_ptr<MockConnectJob>> job_list_;
   RequestPriority last_request_priority_;
   int release_count_;
   int cancel_count_;
@@ -967,7 +972,7 @@ class MockSOCKSClientSocketPool : public SOCKSClientSocketPool {
   void CancelRequest(const std::string& group_name,
                      ClientSocketHandle* handle) override;
   void ReleaseSocket(const std::string& group_name,
-                     scoped_ptr<StreamSocket> socket,
+                     std::unique_ptr<StreamSocket> socket,
                      int id) override;
 
  private:
diff --git a/chromium/net/socket/socks5_client_socket.cc b/chromium/net/socket/socks5_client_socket.cc
index 8c172b0b514..ae362ceb4ce 100644
--- a/chromium/net/socket/socks5_client_socket.cc
+++ b/chromium/net/socket/socks5_client_socket.cc
@@ -29,7 +29,7 @@ static_assert(sizeof(struct in_addr) == 4, "incorrect system size of IPv4");
 static_assert(sizeof(struct in6_addr) == 16, "incorrect system size of IPv6");
 
 SOCKS5ClientSocket::SOCKS5ClientSocket(
-    scoped_ptr<ClientSocketHandle> transport_socket,
+    std::unique_ptr<ClientSocketHandle> transport_socket,
     const HostResolver::RequestInfo& req_info)
     : io_callback_(base::Bind(&SOCKS5ClientSocket::OnIOComplete,
                               base::Unretained(this))),
diff --git a/chromium/net/socket/socks5_client_socket.h b/chromium/net/socket/socks5_client_socket.h
index 4d3d6dbcf1d..c65ddc28f93 100644
--- a/chromium/net/socket/socks5_client_socket.h
+++ b/chromium/net/socket/socks5_client_socket.h
@@ -8,11 +8,11 @@
 #include <stddef.h>
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/address_list.h"
 #include "net/base/completion_callback.h"
 #include "net/base/net_errors.h"
@@ -36,7 +36,7 @@ class NET_EXPORT_PRIVATE SOCKS5ClientSocket : public StreamSocket {
   // Although SOCKS 5 supports 3 different modes of addressing, we will
   // always pass it a hostname. This means the DNS resolving is done
   // proxy side.
-  SOCKS5ClientSocket(scoped_ptr<ClientSocketHandle> transport_socket,
+  SOCKS5ClientSocket(std::unique_ptr<ClientSocketHandle> transport_socket,
                      const HostResolver::RequestInfo& req_info);
 
   // On destruction Disconnect() is called.
@@ -123,7 +123,7 @@ class NET_EXPORT_PRIVATE SOCKS5ClientSocket : public StreamSocket {
   CompletionCallback io_callback_;
 
   // Stores the underlying socket.
-  scoped_ptr<ClientSocketHandle> transport_;
+  std::unique_ptr<ClientSocketHandle> transport_;
 
   State next_state_;
 
diff --git a/chromium/net/socket/socks5_client_socket_fuzzer.cc b/chromium/net/socket/socks5_client_socket_fuzzer.cc
new file mode 100644
index 00000000000..3c0864c75ed
--- /dev/null
+++ b/chromium/net/socket/socks5_client_socket_fuzzer.cc
@@ -0,0 +1,45 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include <memory>
+
+#include "base/logging.h"
+#include "net/base/address_list.h"
+#include "net/base/fuzzed_data_provider.h"
+#include "net/base/net_errors.h"
+#include "net/base/test_completion_callback.h"
+#include "net/log/test_net_log.h"
+#include "net/socket/client_socket_handle.h"
+#include "net/socket/fuzzed_socket.h"
+#include "net/socket/socks5_client_socket.h"
+
+// Fuzzer for Socks5ClientSocket.  Only covers the SOCKS5 greeet and
+// handshake.
+//
+// |data| is used to create a FuzzedSocket to fuzz reads and writes, see that
+// class for details.
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  // Use a test NetLog, to exercise logging code.
+  net::TestNetLog test_net_log;
+
+  net::FuzzedDataProvider data_provider(data, size);
+
+  net::TestCompletionCallback callback;
+  std::unique_ptr<net::FuzzedSocket> fuzzed_socket(
+      new net::FuzzedSocket(&data_provider, &test_net_log));
+  CHECK_EQ(net::OK, fuzzed_socket->Connect(callback.callback()));
+
+  std::unique_ptr<net::ClientSocketHandle> socket_handle(
+      new net::ClientSocketHandle());
+  socket_handle->SetSocket(std::move(fuzzed_socket));
+
+  net::HostResolver::RequestInfo request_info(net::HostPortPair("foo", 80));
+  net::SOCKS5ClientSocket socket(std::move(socket_handle), request_info);
+  int result = socket.Connect(callback.callback());
+  callback.GetResult(result);
+  return 0;
+}
diff --git a/chromium/net/socket/socks5_client_socket_unittest.cc b/chromium/net/socket/socks5_client_socket_unittest.cc
index c41c6b94ada..a32f449fac3 100644
--- a/chromium/net/socket/socks5_client_socket_unittest.cc
+++ b/chromium/net/socket/socks5_client_socket_unittest.cc
@@ -36,27 +36,28 @@ class SOCKS5ClientSocketTest : public PlatformTest {
  public:
   SOCKS5ClientSocketTest();
   // Create a SOCKSClientSocket on top of a MockSocket.
-  scoped_ptr<SOCKS5ClientSocket> BuildMockSocket(MockRead reads[],
-                                                 size_t reads_count,
-                                                 MockWrite writes[],
-                                                 size_t writes_count,
-                                                 const std::string& hostname,
-                                                 int port,
-                                                 NetLog* net_log);
+  std::unique_ptr<SOCKS5ClientSocket> BuildMockSocket(
+      MockRead reads[],
+      size_t reads_count,
+      MockWrite writes[],
+      size_t writes_count,
+      const std::string& hostname,
+      int port,
+      NetLog* net_log);
 
   void SetUp() override;
 
  protected:
   const uint16_t kNwPort;
   TestNetLog net_log_;
-  scoped_ptr<SOCKS5ClientSocket> user_sock_;
+  std::unique_ptr<SOCKS5ClientSocket> user_sock_;
   AddressList address_list_;
   // Filled in by BuildMockSocket() and owned by its return value
   // (which |user_sock| is set to).
   StreamSocket* tcp_sock_;
   TestCompletionCallback callback_;
-  scoped_ptr<MockHostResolver> host_resolver_;
-  scoped_ptr<SocketDataProvider> data_;
+  std::unique_ptr<MockHostResolver> host_resolver_;
+  std::unique_ptr<SocketDataProvider> data_;
 
  private:
   DISALLOW_COPY_AND_ASSIGN(SOCKS5ClientSocketTest);
@@ -85,7 +86,7 @@ void SOCKS5ClientSocketTest::SetUp() {
   ASSERT_EQ(OK, rv);
 }
 
-scoped_ptr<SOCKS5ClientSocket> SOCKS5ClientSocketTest::BuildMockSocket(
+std::unique_ptr<SOCKS5ClientSocket> SOCKS5ClientSocketTest::BuildMockSocket(
     MockRead reads[],
     size_t reads_count,
     MockWrite writes[],
@@ -104,11 +105,11 @@ scoped_ptr<SOCKS5ClientSocket> SOCKS5ClientSocketTest::BuildMockSocket(
   EXPECT_EQ(OK, rv);
   EXPECT_TRUE(tcp_sock_->IsConnected());
 
-  scoped_ptr<ClientSocketHandle> connection(new ClientSocketHandle);
+  std::unique_ptr<ClientSocketHandle> connection(new ClientSocketHandle);
   // |connection| takes ownership of |tcp_sock_|, but keep a
   // non-owning pointer to it.
-  connection->SetSocket(scoped_ptr<StreamSocket>(tcp_sock_));
-  return scoped_ptr<SOCKS5ClientSocket>(new SOCKS5ClientSocket(
+  connection->SetSocket(std::unique_ptr<StreamSocket>(tcp_sock_));
+  return std::unique_ptr<SOCKS5ClientSocket>(new SOCKS5ClientSocket(
       std::move(connection),
       HostResolver::RequestInfo(HostPortPair(hostname, port))));
 }
diff --git a/chromium/net/socket/socks_client_socket.cc b/chromium/net/socket/socks_client_socket.cc
index 0f6e925596e..b5d5ce02e10 100644
--- a/chromium/net/socket/socks_client_socket.cc
+++ b/chromium/net/socket/socks_client_socket.cc
@@ -57,7 +57,7 @@ static_assert(sizeof(SOCKS4ServerResponse) == kReadHeaderSize,
               "socks4 server response struct has incorrect size");
 
 SOCKSClientSocket::SOCKSClientSocket(
-    scoped_ptr<ClientSocketHandle> transport_socket,
+    std::unique_ptr<ClientSocketHandle> transport_socket,
     const HostResolver::RequestInfo& req_info,
     RequestPriority priority,
     HostResolver* host_resolver)
@@ -417,7 +417,7 @@ int SOCKSClientSocket::DoHandshakeReadComplete(int result) {
       reinterpret_cast<const SOCKS4ServerResponse*>(buffer_.data());
 
   if (response->reserved_null != 0x00) {
-    LOG(ERROR) << "Unknown response from SOCKS server.";
+    DVLOG(1) << "Unknown response from SOCKS server.";
     return ERR_SOCKS_CONNECTION_FAILED;
   }
 
@@ -426,18 +426,18 @@ int SOCKSClientSocket::DoHandshakeReadComplete(int result) {
       completed_handshake_ = true;
       return OK;
     case kServerResponseRejected:
-      LOG(ERROR) << "SOCKS request rejected or failed";
+      DVLOG(1) << "SOCKS request rejected or failed";
       return ERR_SOCKS_CONNECTION_FAILED;
     case kServerResponseNotReachable:
-      LOG(ERROR) << "SOCKS request failed because client is not running "
-                 << "identd (or not reachable from the server)";
+      DVLOG(1) << "SOCKS request failed because client is not running "
+               << "identd (or not reachable from the server)";
       return ERR_SOCKS_CONNECTION_HOST_UNREACHABLE;
     case kServerResponseMismatchedUserId:
-      LOG(ERROR) << "SOCKS request failed because client's identd could "
-                 << "not confirm the user ID string in the request";
+      DVLOG(1) << "SOCKS request failed because client's identd could "
+               << "not confirm the user ID string in the request";
       return ERR_SOCKS_CONNECTION_FAILED;
     default:
-      LOG(ERROR) << "SOCKS server sent unknown response";
+      DVLOG(1) << "SOCKS server sent unknown response";
       return ERR_SOCKS_CONNECTION_FAILED;
   }
 
diff --git a/chromium/net/socket/socks_client_socket.h b/chromium/net/socket/socks_client_socket.h
index c01156050a4..d6702631c99 100644
--- a/chromium/net/socket/socks_client_socket.h
+++ b/chromium/net/socket/socks_client_socket.h
@@ -8,12 +8,12 @@
 #include <stddef.h>
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 
 #include "base/gtest_prod_util.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/address_list.h"
 #include "net/base/completion_callback.h"
 #include "net/base/net_errors.h"
@@ -32,7 +32,7 @@ class NET_EXPORT_PRIVATE SOCKSClientSocket : public StreamSocket {
  public:
   // |req_info| contains the hostname and port to which the socket above will
   // communicate to via the socks layer. For testing the referrer is optional.
-  SOCKSClientSocket(scoped_ptr<ClientSocketHandle> transport_socket,
+  SOCKSClientSocket(std::unique_ptr<ClientSocketHandle> transport_socket,
                     const HostResolver::RequestInfo& req_info,
                     RequestPriority priority,
                     HostResolver* host_resolver);
@@ -103,7 +103,7 @@ class NET_EXPORT_PRIVATE SOCKSClientSocket : public StreamSocket {
   const std::string BuildHandshakeWriteBuffer() const;
 
   // Stores the underlying socket.
-  scoped_ptr<ClientSocketHandle> transport_;
+  std::unique_ptr<ClientSocketHandle> transport_;
 
   State next_state_;
 
diff --git a/chromium/net/socket/socks_client_socket_fuzzer.cc b/chromium/net/socket/socks_client_socket_fuzzer.cc
new file mode 100644
index 00000000000..498af718963
--- /dev/null
+++ b/chromium/net/socket/socks_client_socket_fuzzer.cc
@@ -0,0 +1,66 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include <memory>
+
+#include "base/logging.h"
+#include "net/base/address_list.h"
+#include "net/base/fuzzed_data_provider.h"
+#include "net/base/net_errors.h"
+#include "net/base/test_completion_callback.h"
+#include "net/dns/host_resolver.h"
+#include "net/dns/mock_host_resolver.h"
+#include "net/log/test_net_log.h"
+#include "net/socket/client_socket_handle.h"
+#include "net/socket/fuzzed_socket.h"
+#include "net/socket/socks_client_socket.h"
+
+// Fuzzer for SocksClientSocket.  Only covers the SOCKS4 handshake.
+//
+// |data| is used to create a FuzzedSocket to fuzz reads and writes, see that
+// class for details.
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  // Use a test NetLog, to exercise logging code.
+  net::TestNetLog test_net_log;
+
+  net::FuzzedDataProvider data_provider(data, size);
+
+  // Determine if the DNS lookup returns synchronously or asynchronously,
+  // succeeds or fails, and returns an IPv4 or IPv6 address.
+  net::MockHostResolver mock_host_resolver;
+  scoped_refptr<net::RuleBasedHostResolverProc> rules(
+      new net::RuleBasedHostResolverProc(nullptr));
+  mock_host_resolver.set_synchronous_mode(data_provider.ConsumeBool());
+  switch (data_provider.ConsumeValueInRange(0, 2)) {
+    case 0:
+      rules->AddRule("*", "127.0.0.1");
+      break;
+    case 1:
+      rules->AddRule("*", "::1");
+      break;
+    case 2:
+      rules->AddSimulatedFailure("*");
+      break;
+  }
+  mock_host_resolver.set_rules(rules.get());
+
+  net::TestCompletionCallback callback;
+  std::unique_ptr<net::FuzzedSocket> fuzzed_socket(
+      new net::FuzzedSocket(&data_provider, &test_net_log));
+  CHECK_EQ(net::OK, fuzzed_socket->Connect(callback.callback()));
+
+  std::unique_ptr<net::ClientSocketHandle> socket_handle(
+      new net::ClientSocketHandle());
+  socket_handle->SetSocket(std::move(fuzzed_socket));
+
+  net::HostResolver::RequestInfo request_info(net::HostPortPair("foo", 80));
+  net::SOCKSClientSocket socket(std::move(socket_handle), request_info,
+                                net::DEFAULT_PRIORITY, &mock_host_resolver);
+  int result = socket.Connect(callback.callback());
+  callback.GetResult(result);
+  return 0;
+}
diff --git a/chromium/net/socket/socks_client_socket_pool.cc b/chromium/net/socket/socks_client_socket_pool.cc
index d7f97f3ec8b..4fae68cad4a 100644
--- a/chromium/net/socket/socks_client_socket_pool.cc
+++ b/chromium/net/socket/socks_client_socket_pool.cc
@@ -59,7 +59,8 @@ SOCKSConnectJob::SOCKSConnectJob(
 
 SOCKSConnectJob::~SOCKSConnectJob() {
   // We don't worry about cancelling the tcp socket since the destructor in
-  // scoped_ptr<ClientSocketHandle> transport_socket_handle_ will take care of
+  // std::unique_ptr<ClientSocketHandle> transport_socket_handle_ will take care
+  // of
   // it.
 }
 
@@ -166,12 +167,12 @@ int SOCKSConnectJob::ConnectInternal() {
   return DoLoop(OK);
 }
 
-scoped_ptr<ConnectJob>
+std::unique_ptr<ConnectJob>
 SOCKSClientSocketPool::SOCKSConnectJobFactory::NewConnectJob(
     const std::string& group_name,
     const PoolBase::Request& request,
     ConnectJob::Delegate* delegate) const {
-  return scoped_ptr<ConnectJob>(new SOCKSConnectJob(
+  return std::unique_ptr<ConnectJob>(new SOCKSConnectJob(
       group_name, request.priority(), request.respect_limits(),
       request.params(), ConnectionTimeout(), transport_pool_, host_resolver_,
       delegate, net_log_));
@@ -188,6 +189,7 @@ SOCKSClientSocketPool::SOCKSClientSocketPool(
     int max_sockets_per_group,
     HostResolver* host_resolver,
     TransportClientSocketPool* transport_pool,
+    SocketPerformanceWatcherFactory*,
     NetLog* net_log)
     : transport_pool_(transport_pool),
       base_(
@@ -236,7 +238,7 @@ void SOCKSClientSocketPool::CancelRequest(const std::string& group_name,
 }
 
 void SOCKSClientSocketPool::ReleaseSocket(const std::string& group_name,
-                                          scoped_ptr<StreamSocket> socket,
+                                          std::unique_ptr<StreamSocket> socket,
                                           int id) {
   base_.ReleaseSocket(group_name, std::move(socket), id);
 }
@@ -263,13 +265,13 @@ LoadState SOCKSClientSocketPool::GetLoadState(
   return base_.GetLoadState(group_name, handle);
 }
 
-scoped_ptr<base::DictionaryValue> SOCKSClientSocketPool::GetInfoAsValue(
+std::unique_ptr<base::DictionaryValue> SOCKSClientSocketPool::GetInfoAsValue(
     const std::string& name,
     const std::string& type,
     bool include_nested_pools) const {
-  scoped_ptr<base::DictionaryValue> dict(base_.GetInfoAsValue(name, type));
+  std::unique_ptr<base::DictionaryValue> dict(base_.GetInfoAsValue(name, type));
   if (include_nested_pools) {
-    scoped_ptr<base::ListValue> list(new base::ListValue());
+    std::unique_ptr<base::ListValue> list(new base::ListValue());
     list->Append(transport_pool_->GetInfoAsValue("transport_socket_pool",
                                                  "transport_socket_pool",
                                                  false));
diff --git a/chromium/net/socket/socks_client_socket_pool.h b/chromium/net/socket/socks_client_socket_pool.h
index 66d0e53794e..b1371bba143 100644
--- a/chromium/net/socket/socks_client_socket_pool.h
+++ b/chromium/net/socket/socks_client_socket_pool.h
@@ -5,12 +5,12 @@
 #ifndef NET_SOCKET_SOCKS_CLIENT_SOCKET_POOL_H_
 #define NET_SOCKET_SOCKS_CLIENT_SOCKET_POOL_H_
 
+#include <memory>
 #include <string>
 
 #include "base/compiler_specific.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/time/time.h"
 #include "net/base/host_port_pair.h"
 #include "net/dns/host_resolver.h"
@@ -20,6 +20,7 @@
 namespace net {
 
 class ConnectJobFactory;
+class SocketPerformanceWatcherFactory;
 class TransportClientSocketPool;
 class TransportSocketParams;
 
@@ -96,8 +97,8 @@ class SOCKSConnectJob : public ConnectJob {
 
   State next_state_;
   CompletionCallback callback_;
-  scoped_ptr<ClientSocketHandle> transport_socket_handle_;
-  scoped_ptr<StreamSocket> socket_;
+  std::unique_ptr<ClientSocketHandle> transport_socket_handle_;
+  std::unique_ptr<StreamSocket> socket_;
 
   DISALLOW_COPY_AND_ASSIGN(SOCKSConnectJob);
 };
@@ -107,12 +108,12 @@ class NET_EXPORT_PRIVATE SOCKSClientSocketPool
  public:
   typedef SOCKSSocketParams SocketParams;
 
-  SOCKSClientSocketPool(
-      int max_sockets,
-      int max_sockets_per_group,
-      HostResolver* host_resolver,
-      TransportClientSocketPool* transport_pool,
-      NetLog* net_log);
+  SOCKSClientSocketPool(int max_sockets,
+                        int max_sockets_per_group,
+                        HostResolver* host_resolver,
+                        TransportClientSocketPool* transport_pool,
+                        SocketPerformanceWatcherFactory*,
+                        NetLog* net_log);
 
   ~SOCKSClientSocketPool() override;
 
@@ -134,7 +135,7 @@ class NET_EXPORT_PRIVATE SOCKSClientSocketPool
                      ClientSocketHandle* handle) override;
 
   void ReleaseSocket(const std::string& group_name,
-                     scoped_ptr<StreamSocket> socket,
+                     std::unique_ptr<StreamSocket> socket,
                      int id) override;
 
   void FlushWithError(int error) override;
@@ -148,7 +149,7 @@ class NET_EXPORT_PRIVATE SOCKSClientSocketPool
   LoadState GetLoadState(const std::string& group_name,
                          const ClientSocketHandle* handle) const override;
 
-  scoped_ptr<base::DictionaryValue> GetInfoAsValue(
+  std::unique_ptr<base::DictionaryValue> GetInfoAsValue(
       const std::string& name,
       const std::string& type,
       bool include_nested_pools) const override;
@@ -180,7 +181,7 @@ class NET_EXPORT_PRIVATE SOCKSClientSocketPool
     ~SOCKSConnectJobFactory() override {}
 
     // ClientSocketPoolBase::ConnectJobFactory methods.
-    scoped_ptr<ConnectJob> NewConnectJob(
+    std::unique_ptr<ConnectJob> NewConnectJob(
         const std::string& group_name,
         const PoolBase::Request& request,
         ConnectJob::Delegate* delegate) const override;
diff --git a/chromium/net/socket/socks_client_socket_pool_unittest.cc b/chromium/net/socket/socks_client_socket_pool_unittest.cc
index 5d16ce4cdb5..17b7df8d759 100644
--- a/chromium/net/socket/socks_client_socket_pool_unittest.cc
+++ b/chromium/net/socket/socks_client_socket_pool_unittest.cc
@@ -83,9 +83,9 @@ class SOCKSClientSocketPoolTest : public testing::Test {
     SocketDataProvider* data_provider() { return data_.get(); }
 
    private:
-    scoped_ptr<StaticSocketDataProvider> data_;
-    scoped_ptr<MockWrite[]> writes_;
-    scoped_ptr<MockRead[]> reads_;
+    std::unique_ptr<StaticSocketDataProvider> data_;
+    std::unique_ptr<MockWrite[]> writes_;
+    std::unique_ptr<MockRead[]> reads_;
   };
 
   SOCKSClientSocketPoolTest()
@@ -96,6 +96,7 @@ class SOCKSClientSocketPoolTest : public testing::Test {
               kMaxSocketsPerGroup,
               &host_resolver_,
               &transport_socket_pool_,
+              NULL,
               NULL) {}
 
   ~SOCKSClientSocketPoolTest() override {}
@@ -110,7 +111,7 @@ class SOCKSClientSocketPoolTest : public testing::Test {
     return test_base_.GetOrderOfRequest(index);
   }
 
-  std::vector<scoped_ptr<TestSocketRequest>>* requests() {
+  std::vector<std::unique_ptr<TestSocketRequest>>* requests() {
     return test_base_.requests();
   }
 
diff --git a/chromium/net/socket/socks_client_socket_unittest.cc b/chromium/net/socket/socks_client_socket_unittest.cc
index bff76c109c6..764c71bcf33 100644
--- a/chromium/net/socket/socks_client_socket_unittest.cc
+++ b/chromium/net/socket/socks_client_socket_unittest.cc
@@ -4,10 +4,10 @@
 
 #include "net/socket/socks_client_socket.h"
 
+#include <memory>
 #include <utility>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/address_list.h"
 #include "net/base/test_completion_callback.h"
 #include "net/base/winsock_init.h"
@@ -34,23 +34,26 @@ class SOCKSClientSocketTest : public PlatformTest {
  public:
   SOCKSClientSocketTest();
   // Create a SOCKSClientSocket on top of a MockSocket.
-  scoped_ptr<SOCKSClientSocket> BuildMockSocket(
-      MockRead reads[], size_t reads_count,
-      MockWrite writes[], size_t writes_count,
+  std::unique_ptr<SOCKSClientSocket> BuildMockSocket(
+      MockRead reads[],
+      size_t reads_count,
+      MockWrite writes[],
+      size_t writes_count,
       HostResolver* host_resolver,
-      const std::string& hostname, int port,
+      const std::string& hostname,
+      int port,
       NetLog* net_log);
   void SetUp() override;
 
  protected:
-  scoped_ptr<SOCKSClientSocket> user_sock_;
+  std::unique_ptr<SOCKSClientSocket> user_sock_;
   AddressList address_list_;
   // Filled in by BuildMockSocket() and owned by its return value
   // (which |user_sock| is set to).
   StreamSocket* tcp_sock_;
   TestCompletionCallback callback_;
-  scoped_ptr<MockHostResolver> host_resolver_;
-  scoped_ptr<SocketDataProvider> data_;
+  std::unique_ptr<MockHostResolver> host_resolver_;
+  std::unique_ptr<SocketDataProvider> data_;
 };
 
 SOCKSClientSocketTest::SOCKSClientSocketTest()
@@ -62,7 +65,7 @@ void SOCKSClientSocketTest::SetUp() {
   PlatformTest::SetUp();
 }
 
-scoped_ptr<SOCKSClientSocket> SOCKSClientSocketTest::BuildMockSocket(
+std::unique_ptr<SOCKSClientSocket> SOCKSClientSocketTest::BuildMockSocket(
     MockRead reads[],
     size_t reads_count,
     MockWrite writes[],
@@ -71,7 +74,6 @@ scoped_ptr<SOCKSClientSocket> SOCKSClientSocketTest::BuildMockSocket(
     const std::string& hostname,
     int port,
     NetLog* net_log) {
-
   TestCompletionCallback callback;
   data_.reset(new StaticSocketDataProvider(reads, reads_count,
                                            writes, writes_count));
@@ -83,11 +85,11 @@ scoped_ptr<SOCKSClientSocket> SOCKSClientSocketTest::BuildMockSocket(
   EXPECT_EQ(OK, rv);
   EXPECT_TRUE(tcp_sock_->IsConnected());
 
-  scoped_ptr<ClientSocketHandle> connection(new ClientSocketHandle);
+  std::unique_ptr<ClientSocketHandle> connection(new ClientSocketHandle);
   // |connection| takes ownership of |tcp_sock_|, but keep a
   // non-owning pointer to it.
-  connection->SetSocket(scoped_ptr<StreamSocket>(tcp_sock_));
-  return scoped_ptr<SOCKSClientSocket>(new SOCKSClientSocket(
+  connection->SetSocket(std::unique_ptr<StreamSocket>(tcp_sock_));
+  return std::unique_ptr<SOCKSClientSocket>(new SOCKSClientSocket(
       std::move(connection),
       HostResolver::RequestInfo(HostPortPair(hostname, port)), DEFAULT_PRIORITY,
       host_resolver));
@@ -387,8 +389,8 @@ TEST_F(SOCKSClientSocketTest, FailedDNS) {
 // Calls Disconnect() while a host resolve is in progress. The outstanding host
 // resolve should be cancelled.
 TEST_F(SOCKSClientSocketTest, DisconnectWhileHostResolveInProgress) {
-  scoped_ptr<HangingHostResolverWithCancel> hanging_resolver(
-    new HangingHostResolverWithCancel());
+  std::unique_ptr<HangingHostResolverWithCancel> hanging_resolver(
+      new HangingHostResolverWithCancel());
 
   // Doesn't matter what the socket data is, we will never use it -- garbage.
   MockWrite data_writes[] = { MockWrite(SYNCHRONOUS, "", 0) };
@@ -438,7 +440,7 @@ TEST_F(SOCKSClientSocketTest, NoIPv6) {
 TEST_F(SOCKSClientSocketTest, NoIPv6RealResolver) {
   const char kHostName[] = "::1";
 
-  scoped_ptr<HostResolver> host_resolver(
+  std::unique_ptr<HostResolver> host_resolver(
       HostResolver::CreateSystemResolver(HostResolver::Options(), NULL));
 
   user_sock_ = BuildMockSocket(NULL, 0,
diff --git a/chromium/net/socket/ssl_client_socket.cc b/chromium/net/socket/ssl_client_socket.cc
index a7c0dd420ad..6517daa00a4 100644
--- a/chromium/net/socket/ssl_client_socket.cc
+++ b/chromium/net/socket/ssl_client_socket.cc
@@ -10,14 +10,12 @@
 #include "crypto/ec_private_key.h"
 #include "net/base/connection_type_histograms.h"
 #include "net/base/net_errors.h"
+#include "net/socket/ssl_client_socket_impl.h"
 #include "net/ssl/channel_id_service.h"
 #include "net/ssl/ssl_cipher_suite_names.h"
 #include "net/ssl/ssl_config_service.h"
 #include "net/ssl/ssl_connection_status_flags.h"
 
-#if defined(USE_OPENSSL)
-#include "net/socket/ssl_client_socket_openssl.h"
-#endif
 
 namespace net {
 
@@ -78,8 +76,8 @@ const char* SSLClientSocket::NextProtoStatusToString(
 void SSLClientSocket::SetSSLKeyLogFile(
     const base::FilePath& path,
     const scoped_refptr<base::SequencedTaskRunner>& task_runner) {
-#if defined(USE_OPENSSL) && !defined(OS_NACL)
-  SSLClientSocketOpenSSL::SetSSLKeyLogFile(path, task_runner);
+#if !defined(OS_NACL)
+  SSLClientSocketImpl::SetSSLKeyLogFile(path, task_runner);
 #else
   NOTIMPLEMENTED();
 #endif
diff --git a/chromium/net/socket/ssl_client_socket_openssl.cc b/chromium/net/socket/ssl_client_socket_impl.cc
index cfad9deeba2..80ff994982f 100644
--- a/chromium/net/socket/ssl_client_socket_openssl.cc
+++ b/chromium/net/socket/ssl_client_socket_impl.cc
@@ -2,10 +2,7 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-// OpenSSL binding for SSLClientSocket. The class layout and general principle
-// of operation is derived from SSLClientSocketNSS.
-
-#include "net/socket/ssl_client_socket_openssl.h"
+#include "net/socket/ssl_client_socket_impl.h"
 
 #include <errno.h>
 #include <openssl/bio.h>
@@ -48,7 +45,8 @@
 #include "net/http/transport_security_state.h"
 #include "net/ssl/scoped_openssl_types.h"
 #include "net/ssl/ssl_cert_request_info.h"
-#include "net/ssl/ssl_client_session_cache_openssl.h"
+#include "net/ssl/ssl_cipher_suite_names.h"
+#include "net/ssl/ssl_client_session_cache.h"
 #include "net/ssl/ssl_connection_status_flags.h"
 #include "net/ssl/ssl_failure_state.h"
 #include "net/ssl/ssl_info.h"
@@ -59,7 +57,7 @@
 #include "net/ssl/ssl_key_logger.h"
 #endif
 
-#if defined(USE_NSS_VERIFIER)
+#if defined(USE_NSS_CERTS)
 #include "net/cert_net/nss_ocsp.h"
 #endif
 
@@ -69,9 +67,11 @@ namespace {
 
 // Enable this to see logging for state machine state transitions.
 #if 0
-#define GotoState(s) do { DVLOG(2) << (void *)this << " " << __FUNCTION__ << \
-                           " jump to state " << s; \
-                           next_handshake_state_ = s; } while (0)
+#define GotoState(s)                                                          \
+  do {                                                                        \
+    DVLOG(2) << (void*)this << " " << __FUNCTION__ << " jump to state " << s; \
+    next_handshake_state_ = s;                                                \
+  } while (0)
 #else
 #define GotoState(s) next_handshake_state_ = s
 #endif
@@ -118,7 +118,7 @@ bool EVP_MDToPrivateKeyHash(const EVP_MD* md, SSLPrivateKey::Hash* hash) {
   }
 }
 
-scoped_ptr<base::Value> NetLogPrivateKeyOperationCallback(
+std::unique_ptr<base::Value> NetLogPrivateKeyOperationCallback(
     SSLPrivateKey::Type type,
     SSLPrivateKey::Hash hash,
     NetLogCaptureMode mode) {
@@ -151,17 +151,17 @@ scoped_ptr<base::Value> NetLogPrivateKeyOperationCallback(
       break;
   }
 
-  scoped_ptr<base::DictionaryValue> value(new base::DictionaryValue);
+  std::unique_ptr<base::DictionaryValue> value(new base::DictionaryValue);
   value->SetString("type", type_str);
   value->SetString("hash", hash_str);
   return std::move(value);
 }
 
-scoped_ptr<base::Value> NetLogChannelIDLookupCallback(
+std::unique_ptr<base::Value> NetLogChannelIDLookupCallback(
     ChannelIDService* channel_id_service,
     NetLogCaptureMode capture_mode) {
   ChannelIDStore* store = channel_id_service->GetChannelIDStore();
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetBoolean("ephemeral", store->IsEphemeral());
   dict->SetString("service", base::HexEncode(&channel_id_service,
                                              sizeof(channel_id_service)));
@@ -169,11 +169,11 @@ scoped_ptr<base::Value> NetLogChannelIDLookupCallback(
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogChannelIDLookupCompleteCallback(
+std::unique_ptr<base::Value> NetLogChannelIDLookupCompleteCallback(
     crypto::ECPrivateKey* key,
     int result,
     NetLogCaptureMode capture_mode) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetInteger("net_error", result);
   std::string raw_key;
   if (result == OK && key && key->ExportRawPublicKey(&raw_key)) {
@@ -186,25 +186,49 @@ scoped_ptr<base::Value> NetLogChannelIDLookupCompleteCallback(
   return std::move(dict);
 }
 
+std::unique_ptr<base::Value> NetLogSSLInfoCallback(
+    SSLClientSocketImpl* socket,
+    NetLogCaptureMode capture_mode) {
+  SSLInfo ssl_info;
+  if (!socket->GetSSLInfo(&ssl_info))
+    return nullptr;
+
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  const char* version_str;
+  SSLVersionToString(&version_str,
+                     SSLConnectionStatusToVersion(ssl_info.connection_status));
+  dict->SetString("version", version_str);
+  dict->SetBoolean("is_resumed",
+                   ssl_info.handshake_type == SSLInfo::HANDSHAKE_RESUME);
+  dict->SetInteger("cipher_suite", SSLConnectionStatusToCipherSuite(
+                                       ssl_info.connection_status));
+
+  std::string next_proto;
+  socket->GetNextProto(&next_proto);
+  dict->SetString("next_proto", next_proto);
+
+  return std::move(dict);
+}
+
 }  // namespace
 
-class SSLClientSocketOpenSSL::SSLContext {
+class SSLClientSocketImpl::SSLContext {
  public:
   static SSLContext* GetInstance() {
     return base::Singleton<SSLContext>::get();
   }
   SSL_CTX* ssl_ctx() { return ssl_ctx_.get(); }
-  SSLClientSessionCacheOpenSSL* session_cache() { return &session_cache_; }
+  SSLClientSessionCache* session_cache() { return &session_cache_; }
 
-  SSLClientSocketOpenSSL* GetClientSocketFromSSL(const SSL* ssl) {
+  SSLClientSocketImpl* GetClientSocketFromSSL(const SSL* ssl) {
     DCHECK(ssl);
-    SSLClientSocketOpenSSL* socket = static_cast<SSLClientSocketOpenSSL*>(
+    SSLClientSocketImpl* socket = static_cast<SSLClientSocketImpl*>(
         SSL_get_ex_data(ssl, ssl_socket_data_index_));
     DCHECK(socket);
     return socket;
   }
 
-  bool SetClientSocketForSSL(SSL* ssl, SSLClientSocketOpenSSL* socket) {
+  bool SetClientSocketForSSL(SSL* ssl, SSLClientSocketImpl* socket) {
     return SSL_set_ex_data(ssl, ssl_socket_data_index_, socket) != 0;
   }
 
@@ -223,7 +247,7 @@ class SSLClientSocketOpenSSL::SSLContext {
  private:
   friend struct base::DefaultSingletonTraits<SSLContext>;
 
-  SSLContext() : session_cache_(SSLClientSessionCacheOpenSSL::Config()) {
+  SSLContext() : session_cache_(SSLClientSessionCache::Config()) {
     crypto::EnsureOpenSSLInit();
     ssl_socket_data_index_ = SSL_get_ex_new_index(0, 0, 0, 0, 0);
     DCHECK_NE(ssl_socket_data_index_, -1);
@@ -241,7 +265,7 @@ class SSLClientSocketOpenSSL::SSLContext {
                                      NULL);
 
     // Disable the internal session cache. Session caching is handled
-    // externally (i.e. by SSLClientSessionCacheOpenSSL).
+    // externally (i.e. by SSLClientSessionCache).
     SSL_CTX_set_session_cache_mode(
         ssl_ctx_.get(), SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_NO_INTERNAL);
     SSL_CTX_sess_set_new_cb(ssl_ctx_.get(), NewSessionCallback);
@@ -261,9 +285,9 @@ class SSLClientSocketOpenSSL::SSLContext {
                                      int* out_alert_value,
                                      void* add_arg) {
     DCHECK_EQ(extension_value, kTbExtNum);
-    SSLClientSocketOpenSSL* socket =
-        SSLClientSocketOpenSSL::SSLContext::GetInstance()
-            ->GetClientSocketFromSSL(ssl);
+    SSLClientSocketImpl* socket =
+        SSLClientSocketImpl::SSLContext::GetInstance()->GetClientSocketFromSSL(
+            ssl);
     return socket->TokenBindingAdd(out, out_len, out_alert_value);
   }
 
@@ -282,47 +306,49 @@ class SSLClientSocketOpenSSL::SSLContext {
                                        int* out_alert_value,
                                        void* parse_arg) {
     DCHECK_EQ(extension_value, kTbExtNum);
-    SSLClientSocketOpenSSL* socket =
-        SSLClientSocketOpenSSL::SSLContext::GetInstance()
-            ->GetClientSocketFromSSL(ssl);
+    SSLClientSocketImpl* socket =
+        SSLClientSocketImpl::SSLContext::GetInstance()->GetClientSocketFromSSL(
+            ssl);
     return socket->TokenBindingParse(contents, contents_len, out_alert_value);
   }
 
   static int ClientCertRequestCallback(SSL* ssl, void* arg) {
-    SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl);
+    SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl);
     DCHECK(socket);
     return socket->ClientCertRequestCallback(ssl);
   }
 
-  static int CertVerifyCallback(X509_STORE_CTX *store_ctx, void *arg) {
+  static int CertVerifyCallback(X509_STORE_CTX* store_ctx, void* arg) {
     SSL* ssl = reinterpret_cast<SSL*>(X509_STORE_CTX_get_ex_data(
         store_ctx, SSL_get_ex_data_X509_STORE_CTX_idx()));
-    SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl);
+    SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl);
     CHECK(socket);
 
     return socket->CertVerifyCallback(store_ctx);
   }
 
   static int SelectNextProtoCallback(SSL* ssl,
-                                     unsigned char** out, unsigned char* outlen,
+                                     unsigned char** out,
+                                     unsigned char* outlen,
                                      const unsigned char* in,
-                                     unsigned int inlen, void* arg) {
-    SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl);
+                                     unsigned int inlen,
+                                     void* arg) {
+    SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl);
     return socket->SelectNextProtoCallback(out, outlen, in, inlen);
   }
 
   static int NewSessionCallback(SSL* ssl, SSL_SESSION* session) {
-    SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl);
+    SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl);
     return socket->NewSessionCallback(session);
   }
 
   static int PrivateKeyTypeCallback(SSL* ssl) {
-    SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl);
+    SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl);
     return socket->PrivateKeyTypeCallback();
   }
 
   static size_t PrivateKeyMaxSignatureLenCallback(SSL* ssl) {
-    SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl);
+    SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl);
     return socket->PrivateKeyMaxSignatureLenCallback();
   }
 
@@ -333,7 +359,7 @@ class SSLClientSocketOpenSSL::SSLContext {
                                                          const EVP_MD* md,
                                                          const uint8_t* in,
                                                          size_t in_len) {
-    SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl);
+    SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl);
     return socket->PrivateKeySignCallback(out, out_len, max_out, md, in,
                                           in_len);
   }
@@ -343,7 +369,7 @@ class SSLClientSocketOpenSSL::SSLContext {
       uint8_t* out,
       size_t* out_len,
       size_t max_out) {
-    SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl);
+    SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl);
     return socket->PrivateKeySignCompleteCallback(out, out_len, max_out);
   }
 
@@ -354,13 +380,13 @@ class SSLClientSocketOpenSSL::SSLContext {
 #endif
 
   // This is the index used with SSL_get_ex_data to retrieve the owner
-  // SSLClientSocketOpenSSL object from an SSL instance.
+  // SSLClientSocketImpl object from an SSL instance.
   int ssl_socket_data_index_;
 
   ScopedSSL_CTX ssl_ctx_;
 
 #if !defined(OS_NACL)
-  scoped_ptr<SSLKeyLogger> ssl_key_logger_;
+  std::unique_ptr<SSLKeyLogger> ssl_key_logger_;
 #endif
 
   // TODO(davidben): Use a separate cache per URLRequestContext.
@@ -368,24 +394,24 @@ class SSLClientSocketOpenSSL::SSLContext {
   //
   // TODO(davidben): Sessions should be invalidated on fatal
   // alerts. https://crbug.com/466352
-  SSLClientSessionCacheOpenSSL session_cache_;
+  SSLClientSessionCache session_cache_;
 };
 
 const SSL_PRIVATE_KEY_METHOD
-    SSLClientSocketOpenSSL::SSLContext::kPrivateKeyMethod = {
-        &SSLClientSocketOpenSSL::SSLContext::PrivateKeyTypeCallback,
-        &SSLClientSocketOpenSSL::SSLContext::PrivateKeyMaxSignatureLenCallback,
-        &SSLClientSocketOpenSSL::SSLContext::PrivateKeySignCallback,
-        &SSLClientSocketOpenSSL::SSLContext::PrivateKeySignCompleteCallback,
+    SSLClientSocketImpl::SSLContext::kPrivateKeyMethod = {
+        &SSLClientSocketImpl::SSLContext::PrivateKeyTypeCallback,
+        &SSLClientSocketImpl::SSLContext::PrivateKeyMaxSignatureLenCallback,
+        &SSLClientSocketImpl::SSLContext::PrivateKeySignCallback,
+        &SSLClientSocketImpl::SSLContext::PrivateKeySignCompleteCallback,
 };
 
 // PeerCertificateChain is a helper object which extracts the certificate
 // chain, as given by the server, from an OpenSSL socket and performs the needed
 // resource management. The first element of the chain is the leaf certificate
 // and the other elements are in the order given by the server.
-class SSLClientSocketOpenSSL::PeerCertificateChain {
+class SSLClientSocketImpl::PeerCertificateChain {
  public:
-  explicit PeerCertificateChain(STACK_OF(X509)* chain) { Reset(chain); }
+  explicit PeerCertificateChain(STACK_OF(X509) * chain) { Reset(chain); }
   PeerCertificateChain(const PeerCertificateChain& other) { *this = other; }
   ~PeerCertificateChain() {}
   PeerCertificateChain& operator=(const PeerCertificateChain& other);
@@ -394,9 +420,9 @@ class SSLClientSocketOpenSSL::PeerCertificateChain {
   // which may be NULL, indicating to empty the store certificates.
   // Note: If an error occurs, such as being unable to parse the certificates,
   // this will behave as if Reset(NULL) was called.
-  void Reset(STACK_OF(X509)* chain);
+  void Reset(STACK_OF(X509) * chain);
 
-  // Note that when USE_OPENSSL is defined, OSCertHandle is X509*
+  // Note that when USE_OPENSSL_CERTS is defined, OSCertHandle is X509*
   scoped_refptr<X509Certificate> AsOSChain() const;
 
   size_t size() const {
@@ -405,9 +431,7 @@ class SSLClientSocketOpenSSL::PeerCertificateChain {
     return sk_X509_num(openssl_chain_.get());
   }
 
-  bool empty() const {
-    return size() == 0;
-  }
+  bool empty() const { return size() == 0; }
 
   X509* Get(size_t index) const {
     DCHECK_LT(index, size());
@@ -418,8 +442,8 @@ class SSLClientSocketOpenSSL::PeerCertificateChain {
   ScopedX509Stack openssl_chain_;
 };
 
-SSLClientSocketOpenSSL::PeerCertificateChain&
-SSLClientSocketOpenSSL::PeerCertificateChain::operator=(
+SSLClientSocketImpl::PeerCertificateChain&
+SSLClientSocketImpl::PeerCertificateChain::operator=(
     const PeerCertificateChain& other) {
   if (this == &other)
     return *this;
@@ -428,13 +452,12 @@ SSLClientSocketOpenSSL::PeerCertificateChain::operator=(
   return *this;
 }
 
-void SSLClientSocketOpenSSL::PeerCertificateChain::Reset(
-    STACK_OF(X509)* chain) {
+void SSLClientSocketImpl::PeerCertificateChain::Reset(STACK_OF(X509) * chain) {
   openssl_chain_.reset(chain ? X509_chain_up_ref(chain) : NULL);
 }
 
 scoped_refptr<X509Certificate>
-SSLClientSocketOpenSSL::PeerCertificateChain::AsOSChain() const {
+SSLClientSocketImpl::PeerCertificateChain::AsOSChain() const {
 #if defined(USE_OPENSSL_CERTS)
   // When OSCertHandle is typedef'ed to X509, this implementation does a short
   // cut to avoid converting back and forth between DER and the X509 struct.
@@ -462,13 +485,13 @@ SSLClientSocketOpenSSL::PeerCertificateChain::AsOSChain() const {
 
 // static
 void SSLClientSocket::ClearSessionCache() {
-  SSLClientSocketOpenSSL::SSLContext* context =
-      SSLClientSocketOpenSSL::SSLContext::GetInstance();
+  SSLClientSocketImpl::SSLContext* context =
+      SSLClientSocketImpl::SSLContext::GetInstance();
   context->session_cache()->Flush();
 }
 
-SSLClientSocketOpenSSL::SSLClientSocketOpenSSL(
-    scoped_ptr<ClientSocketHandle> transport_socket,
+SSLClientSocketImpl::SSLClientSocketImpl(
+    std::unique_ptr<ClientSocketHandle> transport_socket,
     const HostPortPair& host_and_port,
     const SSLConfig& ssl_config,
     const SSLClientSocketContext& context)
@@ -508,37 +531,36 @@ SSLClientSocketOpenSSL::SSLClientSocketOpenSSL(
   DCHECK(cert_verifier_);
 }
 
-SSLClientSocketOpenSSL::~SSLClientSocketOpenSSL() {
+SSLClientSocketImpl::~SSLClientSocketImpl() {
   Disconnect();
 }
 
 #if !defined(OS_NACL)
-void SSLClientSocketOpenSSL::SetSSLKeyLogFile(
+void SSLClientSocketImpl::SetSSLKeyLogFile(
     const base::FilePath& ssl_keylog_file,
     const scoped_refptr<base::SequencedTaskRunner>& task_runner) {
   SSLContext::GetInstance()->SetSSLKeyLogFile(ssl_keylog_file, task_runner);
 }
 #endif
 
-void SSLClientSocketOpenSSL::GetSSLCertRequestInfo(
+void SSLClientSocketImpl::GetSSLCertRequestInfo(
     SSLCertRequestInfo* cert_request_info) {
   cert_request_info->host_and_port = host_and_port_;
   cert_request_info->cert_authorities = cert_authorities_;
   cert_request_info->cert_key_types = cert_key_types_;
 }
 
-SSLClientSocket::NextProtoStatus SSLClientSocketOpenSSL::GetNextProto(
+SSLClientSocket::NextProtoStatus SSLClientSocketImpl::GetNextProto(
     std::string* proto) const {
   *proto = npn_proto_;
   return npn_status_;
 }
 
-ChannelIDService*
-SSLClientSocketOpenSSL::GetChannelIDService() const {
+ChannelIDService* SSLClientSocketImpl::GetChannelIDService() const {
   return channel_id_service_;
 }
 
-Error SSLClientSocketOpenSSL::GetSignedEKMForTokenBinding(
+Error SSLClientSocketImpl::GetSignedEKMForTokenBinding(
     crypto::ECPrivateKey* key,
     std::vector<uint8_t>* out) {
   // The same key will be used across multiple requests to sign the same value,
@@ -571,18 +593,19 @@ Error SSLClientSocketOpenSSL::GetSignedEKMForTokenBinding(
   return OK;
 }
 
-crypto::ECPrivateKey* SSLClientSocketOpenSSL::GetChannelIDKey() const {
+crypto::ECPrivateKey* SSLClientSocketImpl::GetChannelIDKey() const {
   return channel_id_key_.get();
 }
 
-SSLFailureState SSLClientSocketOpenSSL::GetSSLFailureState() const {
+SSLFailureState SSLClientSocketImpl::GetSSLFailureState() const {
   return ssl_failure_state_;
 }
 
-int SSLClientSocketOpenSSL::ExportKeyingMaterial(
-    const base::StringPiece& label,
-    bool has_context, const base::StringPiece& context,
-    unsigned char* out, unsigned int outlen) {
+int SSLClientSocketImpl::ExportKeyingMaterial(const base::StringPiece& label,
+                                              bool has_context,
+                                              const base::StringPiece& context,
+                                              unsigned char* out,
+                                              unsigned int outlen) {
   if (!IsConnected())
     return ERR_SOCKET_NOT_CONNECTED;
 
@@ -596,14 +619,13 @@ int SSLClientSocketOpenSSL::ExportKeyingMaterial(
   if (rv != 1) {
     int ssl_error = SSL_get_error(ssl_, rv);
     LOG(ERROR) << "Failed to export keying material;"
-               << " returned " << rv
-               << ", SSL error code " << ssl_error;
+               << " returned " << rv << ", SSL error code " << ssl_error;
     return MapOpenSSLError(ssl_error, err_tracer);
   }
   return OK;
 }
 
-int SSLClientSocketOpenSSL::Connect(const CompletionCallback& callback) {
+int SSLClientSocketImpl::Connect(const CompletionCallback& callback) {
   // It is an error to create an SSLClientSocket whose context has no
   // TransportSecurityState.
   DCHECK(transport_security_state_);
@@ -621,7 +643,7 @@ int SSLClientSocketOpenSSL::Connect(const CompletionCallback& callback) {
   // Set up new ssl object.
   int rv = Init();
   if (rv != OK) {
-    net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv);
+    LogConnectEndEvent(rv);
     return rv;
   }
 
@@ -633,13 +655,13 @@ int SSLClientSocketOpenSSL::Connect(const CompletionCallback& callback) {
   if (rv == ERR_IO_PENDING) {
     user_connect_callback_ = callback;
   } else {
-    net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv);
+    LogConnectEndEvent(rv);
   }
 
   return rv > OK ? OK : rv;
 }
 
-void SSLClientSocketOpenSSL::Disconnect() {
+void SSLClientSocketImpl::Disconnect() {
   crypto::OpenSSLErrStackTracer tracer(FROM_HERE);
 
   if (ssl_) {
@@ -669,10 +691,10 @@ void SSLClientSocketOpenSSL::Disconnect() {
   user_connect_callback_.Reset();
   user_read_callback_.Reset();
   user_write_callback_.Reset();
-  user_read_buf_         = NULL;
-  user_read_buf_len_     = 0;
-  user_write_buf_        = NULL;
-  user_write_buf_len_    = 0;
+  user_read_buf_ = NULL;
+  user_read_buf_len_ = 0;
+  user_write_buf_ = NULL;
+  user_write_buf_len_ = 0;
 
   pending_read_error_ = kNoPendingResult;
   pending_read_ssl_error_ = SSL_ERROR_NONE;
@@ -703,7 +725,7 @@ void SSLClientSocketOpenSSL::Disconnect() {
   signature_.clear();
 }
 
-bool SSLClientSocketOpenSSL::IsConnected() const {
+bool SSLClientSocketImpl::IsConnected() const {
   // If the handshake has not yet completed.
   if (!completed_connect_)
     return false;
@@ -714,7 +736,7 @@ bool SSLClientSocketOpenSSL::IsConnected() const {
   return transport_->socket()->IsConnected();
 }
 
-bool SSLClientSocketOpenSSL::IsConnectedAndIdle() const {
+bool SSLClientSocketImpl::IsConnectedAndIdle() const {
   // If the handshake has not yet completed.
   if (!completed_connect_)
     return false;
@@ -735,19 +757,19 @@ bool SSLClientSocketOpenSSL::IsConnectedAndIdle() const {
   return transport_->socket()->IsConnectedAndIdle();
 }
 
-int SSLClientSocketOpenSSL::GetPeerAddress(IPEndPoint* addressList) const {
+int SSLClientSocketImpl::GetPeerAddress(IPEndPoint* addressList) const {
   return transport_->socket()->GetPeerAddress(addressList);
 }
 
-int SSLClientSocketOpenSSL::GetLocalAddress(IPEndPoint* addressList) const {
+int SSLClientSocketImpl::GetLocalAddress(IPEndPoint* addressList) const {
   return transport_->socket()->GetLocalAddress(addressList);
 }
 
-const BoundNetLog& SSLClientSocketOpenSSL::NetLog() const {
+const BoundNetLog& SSLClientSocketImpl::NetLog() const {
   return net_log_;
 }
 
-void SSLClientSocketOpenSSL::SetSubresourceSpeculation() {
+void SSLClientSocketImpl::SetSubresourceSpeculation() {
   if (transport_.get() && transport_->socket()) {
     transport_->socket()->SetSubresourceSpeculation();
   } else {
@@ -755,7 +777,7 @@ void SSLClientSocketOpenSSL::SetSubresourceSpeculation() {
   }
 }
 
-void SSLClientSocketOpenSSL::SetOmniboxSpeculation() {
+void SSLClientSocketImpl::SetOmniboxSpeculation() {
   if (transport_.get() && transport_->socket()) {
     transport_->socket()->SetOmniboxSpeculation();
   } else {
@@ -763,11 +785,11 @@ void SSLClientSocketOpenSSL::SetOmniboxSpeculation() {
   }
 }
 
-bool SSLClientSocketOpenSSL::WasEverUsed() const {
+bool SSLClientSocketImpl::WasEverUsed() const {
   return was_ever_used_;
 }
 
-bool SSLClientSocketOpenSSL::GetSSLInfo(SSLInfo* ssl_info) {
+bool SSLClientSocketImpl::GetSSLInfo(SSLInfo* ssl_info) {
   ssl_info->Reset();
   if (server_cert_chain_->empty())
     return false;
@@ -777,8 +799,7 @@ bool SSLClientSocketOpenSSL::GetSSLInfo(SSLInfo* ssl_info) {
   ssl_info->cert_status = server_cert_verify_result_.cert_status;
   ssl_info->is_issued_by_known_root =
       server_cert_verify_result_.is_issued_by_known_root;
-  ssl_info->public_key_hashes =
-    server_cert_verify_result_.public_key_hashes;
+  ssl_info->public_key_hashes = server_cert_verify_result_.public_key_hashes;
   ssl_info->client_cert_sent =
       ssl_config_.send_client_cert && ssl_config_.client_cert.get();
   ssl_info->channel_id_sent = channel_id_sent_;
@@ -806,28 +827,28 @@ bool SSLClientSocketOpenSSL::GetSSLInfo(SSLInfo* ssl_info) {
   if (ssl_config_.version_fallback)
     ssl_info->connection_status |= SSL_CONNECTION_VERSION_FALLBACK;
 
-  ssl_info->handshake_type = SSL_session_reused(ssl_) ?
-      SSLInfo::HANDSHAKE_RESUME : SSLInfo::HANDSHAKE_FULL;
+  ssl_info->handshake_type = SSL_session_reused(ssl_)
+                                 ? SSLInfo::HANDSHAKE_RESUME
+                                 : SSLInfo::HANDSHAKE_FULL;
 
   DVLOG(3) << "Encoded connection status: cipher suite = "
-      << SSLConnectionStatusToCipherSuite(ssl_info->connection_status)
-      << " version = "
-      << SSLConnectionStatusToVersion(ssl_info->connection_status);
+           << SSLConnectionStatusToCipherSuite(ssl_info->connection_status)
+           << " version = "
+           << SSLConnectionStatusToVersion(ssl_info->connection_status);
   return true;
 }
 
-void SSLClientSocketOpenSSL::GetConnectionAttempts(
-    ConnectionAttempts* out) const {
+void SSLClientSocketImpl::GetConnectionAttempts(ConnectionAttempts* out) const {
   out->clear();
 }
 
-int64_t SSLClientSocketOpenSSL::GetTotalReceivedBytes() const {
+int64_t SSLClientSocketImpl::GetTotalReceivedBytes() const {
   return transport_->socket()->GetTotalReceivedBytes();
 }
 
-int SSLClientSocketOpenSSL::Read(IOBuffer* buf,
-                                 int buf_len,
-                                 const CompletionCallback& callback) {
+int SSLClientSocketImpl::Read(IOBuffer* buf,
+                              int buf_len,
+                              const CompletionCallback& callback) {
   user_read_buf_ = buf;
   user_read_buf_len_ = buf_len;
 
@@ -845,9 +866,9 @@ int SSLClientSocketOpenSSL::Read(IOBuffer* buf,
   return rv;
 }
 
-int SSLClientSocketOpenSSL::Write(IOBuffer* buf,
-                                  int buf_len,
-                                  const CompletionCallback& callback) {
+int SSLClientSocketImpl::Write(IOBuffer* buf,
+                               int buf_len,
+                               const CompletionCallback& callback) {
   user_write_buf_ = buf;
   user_write_buf_len_ = buf_len;
 
@@ -865,19 +886,19 @@ int SSLClientSocketOpenSSL::Write(IOBuffer* buf,
   return rv;
 }
 
-int SSLClientSocketOpenSSL::SetReceiveBufferSize(int32_t size) {
+int SSLClientSocketImpl::SetReceiveBufferSize(int32_t size) {
   return transport_->socket()->SetReceiveBufferSize(size);
 }
 
-int SSLClientSocketOpenSSL::SetSendBufferSize(int32_t size) {
+int SSLClientSocketImpl::SetSendBufferSize(int32_t size) {
   return transport_->socket()->SetSendBufferSize(size);
 }
 
-int SSLClientSocketOpenSSL::Init() {
+int SSLClientSocketImpl::Init() {
   DCHECK(!ssl_);
   DCHECK(!transport_bio_);
 
-#if defined(USE_NSS_VERIFIER)
+#if defined(USE_NSS_CERTS)
   if (ssl_config_.cert_io_enabled) {
     // TODO(davidben): Move this out of SSLClientSocket. See
     // https://crbug.com/539520.
@@ -915,7 +936,7 @@ int SSLClientSocketOpenSSL::Init() {
 
   BIO* ssl_bio = NULL;
 
-  // SSLClientSocketOpenSSL retains ownership of the BIO buffers.
+  // SSLClientSocketImpl retains ownership of the BIO buffers.
   if (!BIO_new_bio_pair_external_buf(
           &ssl_bio, send_buffer_->capacity(),
           reinterpret_cast<uint8_t*>(send_buffer_->data()), &transport_bio_,
@@ -926,7 +947,7 @@ int SSLClientSocketOpenSSL::Init() {
   DCHECK(transport_bio_);
 
   // Install a callback on OpenSSL's end to plumb transport errors through.
-  BIO_set_callback(ssl_bio, &SSLClientSocketOpenSSL::BIOCallback);
+  BIO_set_callback(ssl_bio, &SSLClientSocketImpl::BIOCallback);
   BIO_set_callback_arg(ssl_bio, reinterpret_cast<char*>(this));
 
   SSL_set_bio(ssl_, ssl_bio, ssl_bio);
@@ -996,7 +1017,8 @@ int SSLClientSocketOpenSSL::Init() {
   // This will almost certainly result in the socket failing to complete the
   // handshake at which point the appropriate error is bubbled up to the client.
   LOG_IF(WARNING, rv != 1) << "SSL_set_cipher_list('" << command << "') "
-                              "returned " << rv;
+                                                                    "returned "
+                           << rv;
 
   // TLS channel ids.
   if (IsChannelIDEnabled(ssl_config_, channel_id_service_)) {
@@ -1038,7 +1060,7 @@ int SSLClientSocketOpenSSL::Init() {
   return OK;
 }
 
-void SSLClientSocketOpenSSL::DoReadCallback(int rv) {
+void SSLClientSocketImpl::DoReadCallback(int rv) {
   // Since Run may result in Read being called, clear |user_read_callback_|
   // up front.
   if (rv > 0)
@@ -1048,7 +1070,7 @@ void SSLClientSocketOpenSSL::DoReadCallback(int rv) {
   base::ResetAndReturn(&user_read_callback_).Run(rv);
 }
 
-void SSLClientSocketOpenSSL::DoWriteCallback(int rv) {
+void SSLClientSocketImpl::DoWriteCallback(int rv) {
   // Since Run may result in Write being called, clear |user_write_callback_|
   // up front.
   if (rv > 0)
@@ -1058,7 +1080,7 @@ void SSLClientSocketOpenSSL::DoWriteCallback(int rv) {
   base::ResetAndReturn(&user_write_callback_).Run(rv);
 }
 
-bool SSLClientSocketOpenSSL::DoTransportIO() {
+bool SSLClientSocketImpl::DoTransportIO() {
   bool network_moved = false;
   int rv;
   // Read and write as much data as possible. The loop is necessary because
@@ -1078,7 +1100,7 @@ bool SSLClientSocketOpenSSL::DoTransportIO() {
 base::LazyInstance<base::ThreadLocalBoolean>::Leaky g_first_run_completed =
     LAZY_INSTANCE_INITIALIZER;
 
-int SSLClientSocketOpenSSL::DoHandshake() {
+int SSLClientSocketImpl::DoHandshake() {
   crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
 
   int rv;
@@ -1165,7 +1187,7 @@ int SSLClientSocketOpenSSL::DoHandshake() {
   return net_error;
 }
 
-int SSLClientSocketOpenSSL::DoHandshakeComplete(int result) {
+int SSLClientSocketImpl::DoHandshakeComplete(int result) {
   if (result < 0)
     return result;
 
@@ -1226,19 +1248,19 @@ int SSLClientSocketOpenSSL::DoHandshakeComplete(int result) {
   return OK;
 }
 
-int SSLClientSocketOpenSSL::DoChannelIDLookup() {
+int SSLClientSocketImpl::DoChannelIDLookup() {
   NetLog::ParametersCallback callback = base::Bind(
       &NetLogChannelIDLookupCallback, base::Unretained(channel_id_service_));
   net_log_.BeginEvent(NetLog::TYPE_SSL_GET_CHANNEL_ID, callback);
   GotoState(STATE_CHANNEL_ID_LOOKUP_COMPLETE);
   return channel_id_service_->GetOrCreateChannelID(
       host_and_port_.host(), &channel_id_key_,
-      base::Bind(&SSLClientSocketOpenSSL::OnHandshakeIOComplete,
+      base::Bind(&SSLClientSocketImpl::OnHandshakeIOComplete,
                  base::Unretained(this)),
       &channel_id_request_);
 }
 
-int SSLClientSocketOpenSSL::DoChannelIDLookupComplete(int result) {
+int SSLClientSocketImpl::DoChannelIDLookupComplete(int result) {
   net_log_.EndEvent(NetLog::TYPE_SSL_GET_CHANNEL_ID,
                     base::Bind(&NetLogChannelIDLookupCompleteCallback,
                                channel_id_key_.get(), result));
@@ -1262,7 +1284,7 @@ int SSLClientSocketOpenSSL::DoChannelIDLookupComplete(int result) {
   return OK;
 }
 
-int SSLClientSocketOpenSSL::DoVerifyCert(int result) {
+int SSLClientSocketImpl::DoVerifyCert(int result) {
   DCHECK(!server_cert_chain_->empty());
   DCHECK(start_cert_verification_time_.is_null());
 
@@ -1307,12 +1329,12 @@ int SSLClientSocketOpenSSL::DoVerifyCert(int result) {
       // TODO(davidben): Route the CRLSet through SSLConfig so
       // SSLClientSocket doesn't depend on SSLConfigService.
       SSLConfigService::GetCRLSet().get(), &server_cert_verify_result_,
-      base::Bind(&SSLClientSocketOpenSSL::OnHandshakeIOComplete,
+      base::Bind(&SSLClientSocketImpl::OnHandshakeIOComplete,
                  base::Unretained(this)),
       &cert_verifier_request_, net_log_);
 }
 
-int SSLClientSocketOpenSSL::DoVerifyCertComplete(int result) {
+int SSLClientSocketImpl::DoVerifyCertComplete(int result) {
   cert_verifier_request_.reset();
 
   if (!start_cert_verification_time_.is_null()) {
@@ -1346,8 +1368,8 @@ int SSLClientSocketOpenSSL::DoVerifyCertComplete(int result) {
     certificate_verified_ = true;
     MaybeCacheSession();
   } else {
-    DVLOG(1) << "DoVerifyCertComplete error " << ErrorToString(result)
-             << " (" << result << ")";
+    DVLOG(1) << "DoVerifyCertComplete error " << ErrorToString(result) << " ("
+             << result << ")";
   }
 
   completed_connect_ = true;
@@ -1356,7 +1378,7 @@ int SSLClientSocketOpenSSL::DoVerifyCertComplete(int result) {
   return result;
 }
 
-void SSLClientSocketOpenSSL::DoConnectCallback(int rv) {
+void SSLClientSocketImpl::DoConnectCallback(int rv) {
   if (!user_connect_callback_.is_null()) {
     CompletionCallback c = user_connect_callback_;
     user_connect_callback_.Reset();
@@ -1364,18 +1386,17 @@ void SSLClientSocketOpenSSL::DoConnectCallback(int rv) {
   }
 }
 
-void SSLClientSocketOpenSSL::UpdateServerCert() {
+void SSLClientSocketImpl::UpdateServerCert() {
   server_cert_chain_->Reset(SSL_get_peer_cert_chain(ssl_));
   server_cert_ = server_cert_chain_->AsOSChain();
   if (server_cert_.get()) {
-    net_log_.AddEvent(
-        NetLog::TYPE_SSL_CERTIFICATES_RECEIVED,
-        base::Bind(&NetLogX509CertificateCallback,
-                   base::Unretained(server_cert_.get())));
+    net_log_.AddEvent(NetLog::TYPE_SSL_CERTIFICATES_RECEIVED,
+                      base::Bind(&NetLogX509CertificateCallback,
+                                 base::Unretained(server_cert_.get())));
   }
 }
 
-void SSLClientSocketOpenSSL::VerifyCT() {
+void SSLClientSocketImpl::VerifyCT() {
   if (!cert_transparency_verifier_)
     return;
 
@@ -1437,15 +1458,15 @@ void SSLClientSocketOpenSSL::VerifyCT() {
   }
 }
 
-void SSLClientSocketOpenSSL::OnHandshakeIOComplete(int result) {
+void SSLClientSocketImpl::OnHandshakeIOComplete(int result) {
   int rv = DoHandshakeLoop(result);
   if (rv != ERR_IO_PENDING) {
-    net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv);
+    LogConnectEndEvent(rv);
     DoConnectCallback(rv);
   }
 }
 
-void SSLClientSocketOpenSSL::OnSendComplete(int result) {
+void SSLClientSocketImpl::OnSendComplete(int result) {
   if (next_handshake_state_ == STATE_HANDSHAKE) {
     // In handshake phase.
     OnHandshakeIOComplete(result);
@@ -1457,8 +1478,8 @@ void SSLClientSocketOpenSSL::OnSendComplete(int result) {
   PumpReadWriteEvents();
 }
 
-void SSLClientSocketOpenSSL::OnRecvComplete(int result) {
-  TRACE_EVENT0("net", "SSLClientSocketOpenSSL::OnRecvComplete");
+void SSLClientSocketImpl::OnRecvComplete(int result) {
+  TRACE_EVENT0("net", "SSLClientSocketImpl::OnRecvComplete");
   if (next_handshake_state_ == STATE_HANDSHAKE) {
     // In handshake phase.
     OnHandshakeIOComplete(result);
@@ -1475,8 +1496,8 @@ void SSLClientSocketOpenSSL::OnRecvComplete(int result) {
     DoReadCallback(rv);
 }
 
-int SSLClientSocketOpenSSL::DoHandshakeLoop(int last_io_result) {
-  TRACE_EVENT0("net", "SSLClientSocketOpenSSL::DoHandshakeLoop");
+int SSLClientSocketImpl::DoHandshakeLoop(int last_io_result) {
+  TRACE_EVENT0("net", "SSLClientSocketImpl::DoHandshakeLoop");
   int rv = last_io_result;
   do {
     // Default to STATE_NONE for next state.
@@ -1496,14 +1517,14 @@ int SSLClientSocketOpenSSL::DoHandshakeLoop(int last_io_result) {
       case STATE_CHANNEL_ID_LOOKUP:
         DCHECK_EQ(OK, rv);
         rv = DoChannelIDLookup();
-       break;
+        break;
       case STATE_CHANNEL_ID_LOOKUP_COMPLETE:
         rv = DoChannelIDLookupComplete(rv);
         break;
       case STATE_VERIFY_CERT:
         DCHECK_EQ(OK, rv);
         rv = DoVerifyCert(rv);
-       break;
+        break;
       case STATE_VERIFY_CERT_COMPLETE:
         rv = DoVerifyCertComplete(rv);
         break;
@@ -1525,7 +1546,7 @@ int SSLClientSocketOpenSSL::DoHandshakeLoop(int last_io_result) {
   return rv;
 }
 
-int SSLClientSocketOpenSSL::DoReadLoop() {
+int SSLClientSocketImpl::DoReadLoop() {
   bool network_moved;
   int rv;
   do {
@@ -1536,7 +1557,7 @@ int SSLClientSocketOpenSSL::DoReadLoop() {
   return rv;
 }
 
-int SSLClientSocketOpenSSL::DoWriteLoop() {
+int SSLClientSocketImpl::DoWriteLoop() {
   bool network_moved;
   int rv;
   do {
@@ -1547,7 +1568,7 @@ int SSLClientSocketOpenSSL::DoWriteLoop() {
   return rv;
 }
 
-int SSLClientSocketOpenSSL::DoPayloadRead() {
+int SSLClientSocketImpl::DoPayloadRead() {
   crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
 
   DCHECK_LT(0, user_read_buf_len_);
@@ -1558,8 +1579,8 @@ int SSLClientSocketOpenSSL::DoPayloadRead() {
     rv = pending_read_error_;
     pending_read_error_ = kNoPendingResult;
     if (rv == 0) {
-      net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_RECEIVED,
-                                    rv, user_read_buf_->data());
+      net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_RECEIVED, rv,
+                                    user_read_buf_->data());
     } else {
       net_log_.AddEvent(
           NetLog::TYPE_SSL_READ_ERROR,
@@ -1649,7 +1670,7 @@ int SSLClientSocketOpenSSL::DoPayloadRead() {
   return rv;
 }
 
-int SSLClientSocketOpenSSL::DoPayloadWrite() {
+int SSLClientSocketImpl::DoPayloadWrite() {
   crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
   int rv = SSL_write(ssl_, user_write_buf_->data(), user_write_buf_len_);
 
@@ -1663,8 +1684,8 @@ int SSLClientSocketOpenSSL::DoPayloadWrite() {
   if (ssl_error == SSL_ERROR_WANT_PRIVATE_KEY_OPERATION)
     return ERR_IO_PENDING;
   OpenSSLErrorInfo error_info;
-  int net_error = MapOpenSSLErrorWithDetails(ssl_error, err_tracer,
-                                             &error_info);
+  int net_error =
+      MapOpenSSLErrorWithDetails(ssl_error, err_tracer, &error_info);
 
   if (net_error != ERR_IO_PENDING) {
     net_log_.AddEvent(
@@ -1674,7 +1695,7 @@ int SSLClientSocketOpenSSL::DoPayloadWrite() {
   return net_error;
 }
 
-void SSLClientSocketOpenSSL::PumpReadWriteEvents() {
+void SSLClientSocketImpl::PumpReadWriteEvents() {
   int rv_read = ERR_IO_PENDING;
   int rv_write = ERR_IO_PENDING;
   bool network_moved;
@@ -1690,7 +1711,7 @@ void SSLClientSocketOpenSSL::PumpReadWriteEvents() {
   // Performing the Read callback may cause |this| to be deleted. If this
   // happens, the Write callback should not be invoked. Guard against this by
   // holding a WeakPtr to |this| and ensuring it's still valid.
-  base::WeakPtr<SSLClientSocketOpenSSL> guard(weak_factory_.GetWeakPtr());
+  base::WeakPtr<SSLClientSocketImpl> guard(weak_factory_.GetWeakPtr());
   if (user_read_buf_.get() && rv_read != ERR_IO_PENDING)
     DoReadCallback(rv_read);
 
@@ -1701,7 +1722,7 @@ void SSLClientSocketOpenSSL::PumpReadWriteEvents() {
     DoWriteCallback(rv_write);
 }
 
-int SSLClientSocketOpenSSL::BufferSend(void) {
+int SSLClientSocketImpl::BufferSend(void) {
   if (transport_send_busy_)
     return ERR_IO_PENDING;
 
@@ -1719,7 +1740,7 @@ int SSLClientSocketOpenSSL::BufferSend(void) {
 
   int rv = transport_->socket()->Write(
       send_buffer_.get(), max_read,
-      base::Bind(&SSLClientSocketOpenSSL::BufferSendComplete,
+      base::Bind(&SSLClientSocketImpl::BufferSendComplete,
                  base::Unretained(this)));
   if (rv == ERR_IO_PENDING) {
     transport_send_busy_ = true;
@@ -1729,7 +1750,7 @@ int SSLClientSocketOpenSSL::BufferSend(void) {
   return rv;
 }
 
-int SSLClientSocketOpenSSL::BufferRecv(void) {
+int SSLClientSocketImpl::BufferRecv(void) {
   if (transport_recv_busy_)
     return ERR_IO_PENDING;
 
@@ -1767,9 +1788,8 @@ int SSLClientSocketOpenSSL::BufferRecv(void) {
 
   recv_buffer_->set_offset(buffer_write_offset);
   int rv = transport_->socket()->Read(
-      recv_buffer_.get(),
-      max_write,
-      base::Bind(&SSLClientSocketOpenSSL::BufferRecvComplete,
+      recv_buffer_.get(), max_write,
+      base::Bind(&SSLClientSocketImpl::BufferRecvComplete,
                  base::Unretained(this)));
   if (rv == ERR_IO_PENDING) {
     transport_recv_busy_ = true;
@@ -1779,17 +1799,17 @@ int SSLClientSocketOpenSSL::BufferRecv(void) {
   return rv;
 }
 
-void SSLClientSocketOpenSSL::BufferSendComplete(int result) {
+void SSLClientSocketImpl::BufferSendComplete(int result) {
   TransportWriteComplete(result);
   OnSendComplete(result);
 }
 
-void SSLClientSocketOpenSSL::BufferRecvComplete(int result) {
+void SSLClientSocketImpl::BufferRecvComplete(int result) {
   result = TransportReadComplete(result);
   OnRecvComplete(result);
 }
 
-void SSLClientSocketOpenSSL::TransportWriteComplete(int result) {
+void SSLClientSocketImpl::TransportWriteComplete(int result) {
   DCHECK(ERR_IO_PENDING != result);
   int bytes_written = 0;
   if (result < 0) {
@@ -1805,7 +1825,7 @@ void SSLClientSocketOpenSSL::TransportWriteComplete(int result) {
   transport_send_busy_ = false;
 }
 
-int SSLClientSocketOpenSSL::TransportReadComplete(int result) {
+int SSLClientSocketImpl::TransportReadComplete(int result) {
   DCHECK(ERR_IO_PENDING != result);
   // If an EOF, canonicalize to ERR_CONNECTION_CLOSED here so MapOpenSSLError
   // does not report success.
@@ -1827,7 +1847,7 @@ int SSLClientSocketOpenSSL::TransportReadComplete(int result) {
   return result;
 }
 
-int SSLClientSocketOpenSSL::ClientCertRequestCallback(SSL* ssl) {
+int SSLClientSocketImpl::ClientCertRequestCallback(SSL* ssl) {
   DVLOG(3) << "OpenSSL ClientCertRequestCallback called";
   DCHECK(ssl == ssl_);
 
@@ -1839,18 +1859,17 @@ int SSLClientSocketOpenSSL::ClientCertRequestCallback(SSL* ssl) {
 #if defined(OS_IOS)
   // TODO(droger): Support client auth on iOS. See http://crbug.com/145954).
   LOG(WARNING) << "Client auth is not supported";
-#else  // !defined(OS_IOS)
+#else   // !defined(OS_IOS)
   if (!ssl_config_.send_client_cert) {
     // First pass: we know that a client certificate is needed, but we do not
     // have one at hand.
-    STACK_OF(X509_NAME) *authorities = SSL_get_client_CA_list(ssl);
+    STACK_OF(X509_NAME)* authorities = SSL_get_client_CA_list(ssl);
     for (size_t i = 0; i < sk_X509_NAME_num(authorities); i++) {
-      X509_NAME *ca_name = (X509_NAME *)sk_X509_NAME_value(authorities, i);
+      X509_NAME* ca_name = (X509_NAME*)sk_X509_NAME_value(authorities, i);
       unsigned char* str = NULL;
       int length = i2d_X509_NAME(ca_name, &str);
       cert_authorities_.push_back(std::string(
-          reinterpret_cast<const char*>(str),
-          static_cast<size_t>(length)));
+          reinterpret_cast<const char*>(str), static_cast<size_t>(length)));
       OPENSSL_free(str);
     }
 
@@ -1940,7 +1959,7 @@ int SSLClientSocketOpenSSL::ClientCertRequestCallback(SSL* ssl) {
   return 1;
 }
 
-int SSLClientSocketOpenSSL::CertVerifyCallback(X509_STORE_CTX* store_ctx) {
+int SSLClientSocketImpl::CertVerifyCallback(X509_STORE_CTX* store_ctx) {
   if (!completed_connect_) {
     // If the first handshake hasn't completed then we accept any certificates
     // because we verify after the handshake.
@@ -1971,10 +1990,10 @@ int SSLClientSocketOpenSSL::CertVerifyCallback(X509_STORE_CTX* store_ctx) {
 // server supports NPN, selects a protocol from the list that the server
 // provides. According to third_party/boringssl/src/ssl/ssl_lib.c, the
 // callback can assume that |in| is syntactically valid.
-int SSLClientSocketOpenSSL::SelectNextProtoCallback(unsigned char** out,
-                                                    unsigned char* outlen,
-                                                    const unsigned char* in,
-                                                    unsigned int inlen) {
+int SSLClientSocketImpl::SelectNextProtoCallback(unsigned char** out,
+                                                 unsigned char* outlen,
+                                                 const unsigned char* in,
+                                                 unsigned int inlen) {
   if (ssl_config_.npn_protos.empty()) {
     *out = reinterpret_cast<uint8_t*>(
         const_cast<char*>(kDefaultSupportedNPNProtocol));
@@ -2017,12 +2036,13 @@ int SSLClientSocketOpenSSL::SelectNextProtoCallback(unsigned char** out,
   return SSL_TLSEXT_ERR_OK;
 }
 
-long SSLClientSocketOpenSSL::MaybeReplayTransportError(
-    BIO *bio,
-    int cmd,
-    const char *argp, int argi, long argl,
-    long retvalue) {
-  if (cmd == (BIO_CB_READ|BIO_CB_RETURN) && retvalue <= 0) {
+long SSLClientSocketImpl::MaybeReplayTransportError(BIO* bio,
+                                                    int cmd,
+                                                    const char* argp,
+                                                    int argi,
+                                                    long argl,
+                                                    long retvalue) {
+  if (cmd == (BIO_CB_READ | BIO_CB_RETURN) && retvalue <= 0) {
     // If there is no more data in the buffer, report any pending errors that
     // were observed. Note that both the readbuf and the writebuf are checked
     // for errors, since the application may have encountered a socket error
@@ -2050,19 +2070,20 @@ long SSLClientSocketOpenSSL::MaybeReplayTransportError(
 }
 
 // static
-long SSLClientSocketOpenSSL::BIOCallback(
-    BIO *bio,
-    int cmd,
-    const char *argp, int argi, long argl,
-    long retvalue) {
-  SSLClientSocketOpenSSL* socket = reinterpret_cast<SSLClientSocketOpenSSL*>(
-      BIO_get_callback_arg(bio));
+long SSLClientSocketImpl::BIOCallback(BIO* bio,
+                                      int cmd,
+                                      const char* argp,
+                                      int argi,
+                                      long argl,
+                                      long retvalue) {
+  SSLClientSocketImpl* socket =
+      reinterpret_cast<SSLClientSocketImpl*>(BIO_get_callback_arg(bio));
   CHECK(socket);
-  return socket->MaybeReplayTransportError(
-      bio, cmd, argp, argi, argl, retvalue);
+  return socket->MaybeReplayTransportError(bio, cmd, argp, argi, argl,
+                                           retvalue);
 }
 
-void SSLClientSocketOpenSSL::MaybeCacheSession() {
+void SSLClientSocketImpl::MaybeCacheSession() {
   // Only cache the session once both a new session has been established and the
   // certificate has been verified. Due to False Start, these events may happen
   // in either order.
@@ -2074,7 +2095,7 @@ void SSLClientSocketOpenSSL::MaybeCacheSession() {
   session_pending_ = false;
 }
 
-int SSLClientSocketOpenSSL::NewSessionCallback(SSL_SESSION* session) {
+int SSLClientSocketImpl::NewSessionCallback(SSL_SESSION* session) {
   DCHECK_EQ(session, SSL_get_session(ssl_));
 
   // Only sessions from the initial handshake get cached. Note this callback may
@@ -2088,11 +2109,11 @@ int SSLClientSocketOpenSSL::NewSessionCallback(SSL_SESSION* session) {
   return 1;
 }
 
-void SSLClientSocketOpenSSL::AddCTInfoToSSLInfo(SSLInfo* ssl_info) const {
+void SSLClientSocketImpl::AddCTInfoToSSLInfo(SSLInfo* ssl_info) const {
   ssl_info->UpdateCertificateTransparencyInfo(ct_verify_result_);
 }
 
-std::string SSLClientSocketOpenSSL::GetSessionCacheKey() const {
+std::string SSLClientSocketImpl::GetSessionCacheKey() const {
   std::string result = host_and_port_.ToString();
   result.append("/");
   result.append(ssl_session_cache_shard_);
@@ -2125,7 +2146,7 @@ std::string SSLClientSocketOpenSSL::GetSessionCacheKey() const {
   return result;
 }
 
-bool SSLClientSocketOpenSSL::IsRenegotiationAllowed() const {
+bool SSLClientSocketImpl::IsRenegotiationAllowed() const {
   if (tb_was_negotiated_)
     return false;
 
@@ -2140,7 +2161,7 @@ bool SSLClientSocketOpenSSL::IsRenegotiationAllowed() const {
   return false;
 }
 
-int SSLClientSocketOpenSSL::PrivateKeyTypeCallback() {
+int SSLClientSocketImpl::PrivateKeyTypeCallback() {
   switch (ssl_config_.client_private_key->GetType()) {
     case SSLPrivateKey::Type::RSA:
       return EVP_PKEY_RSA;
@@ -2151,11 +2172,11 @@ int SSLClientSocketOpenSSL::PrivateKeyTypeCallback() {
   return EVP_PKEY_NONE;
 }
 
-size_t SSLClientSocketOpenSSL::PrivateKeyMaxSignatureLenCallback() {
+size_t SSLClientSocketImpl::PrivateKeyMaxSignatureLenCallback() {
   return ssl_config_.client_private_key->GetMaxSignatureLengthInBytes();
 }
 
-ssl_private_key_result_t SSLClientSocketOpenSSL::PrivateKeySignCallback(
+ssl_private_key_result_t SSLClientSocketImpl::PrivateKeySignCallback(
     uint8_t* out,
     size_t* out_len,
     size_t max_out,
@@ -2180,12 +2201,12 @@ ssl_private_key_result_t SSLClientSocketOpenSSL::PrivateKeySignCallback(
   signature_result_ = ERR_IO_PENDING;
   ssl_config_.client_private_key->SignDigest(
       hash, base::StringPiece(reinterpret_cast<const char*>(in), in_len),
-      base::Bind(&SSLClientSocketOpenSSL::OnPrivateKeySignComplete,
+      base::Bind(&SSLClientSocketImpl::OnPrivateKeySignComplete,
                  weak_factory_.GetWeakPtr()));
   return ssl_private_key_retry;
 }
 
-ssl_private_key_result_t SSLClientSocketOpenSSL::PrivateKeySignCompleteCallback(
+ssl_private_key_result_t SSLClientSocketImpl::PrivateKeySignCompleteCallback(
     uint8_t* out,
     size_t* out_len,
     size_t max_out) {
@@ -2208,7 +2229,7 @@ ssl_private_key_result_t SSLClientSocketOpenSSL::PrivateKeySignCompleteCallback(
   return ssl_private_key_success;
 }
 
-void SSLClientSocketOpenSSL::OnPrivateKeySignComplete(
+void SSLClientSocketImpl::OnPrivateKeySignComplete(
     Error error,
     const std::vector<uint8_t>& signature) {
   DCHECK_EQ(ERR_IO_PENDING, signature_result_);
@@ -2232,9 +2253,9 @@ void SSLClientSocketOpenSSL::OnPrivateKeySignComplete(
   PumpReadWriteEvents();
 }
 
-int SSLClientSocketOpenSSL::TokenBindingAdd(const uint8_t** out,
-                                            size_t* out_len,
-                                            int* out_alert_value) {
+int SSLClientSocketImpl::TokenBindingAdd(const uint8_t** out,
+                                         size_t* out_len,
+                                         int* out_alert_value) {
   if (ssl_config_.token_binding_params.empty()) {
     return 0;
   }
@@ -2262,9 +2283,9 @@ int SSLClientSocketOpenSSL::TokenBindingAdd(const uint8_t** out,
   return 1;
 }
 
-int SSLClientSocketOpenSSL::TokenBindingParse(const uint8_t* contents,
-                                              size_t contents_len,
-                                              int* out_alert_value) {
+int SSLClientSocketImpl::TokenBindingParse(const uint8_t* contents,
+                                           size_t contents_len,
+                                           int* out_alert_value) {
   if (completed_connect_) {
     // Token Binding may only be negotiated on the initial handshake.
     *out_alert_value = SSL_AD_ILLEGAL_PARAMETER;
@@ -2311,4 +2332,14 @@ int SSLClientSocketOpenSSL::TokenBindingParse(const uint8_t* contents,
   return 0;
 }
 
+void SSLClientSocketImpl::LogConnectEndEvent(int rv) {
+  if (rv != OK) {
+    net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv);
+    return;
+  }
+
+  net_log_.EndEvent(NetLog::TYPE_SSL_CONNECT,
+                    base::Bind(&NetLogSSLInfoCallback, base::Unretained(this)));
+}
+
 }  // namespace net
diff --git a/chromium/net/socket/ssl_client_socket_openssl.h b/chromium/net/socket/ssl_client_socket_impl.h
index 628d4dbeedc..5fa33673747 100644
--- a/chromium/net/socket/ssl_client_socket_openssl.h
+++ b/chromium/net/socket/ssl_client_socket_impl.h
@@ -2,21 +2,21 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#ifndef NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_
-#define NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_
+#ifndef NET_SOCKET_SSL_CLIENT_SOCKET_IMPL_H_
+#define NET_SOCKET_SSL_CLIENT_SOCKET_IMPL_H_
 
 #include <openssl/base.h>
 #include <openssl/ssl.h>
 #include <stddef.h>
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 #include <vector>
 
 #include "base/compiler_specific.h"
 #include "base/containers/mru_cache.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "build/build_config.h"
 #include "net/base/completion_callback.h"
@@ -46,18 +46,17 @@ class SSLInfo;
 
 using SignedEkmMap = base::MRUCache<std::string, std::vector<uint8_t>>;
 
-// An SSL client socket implemented with OpenSSL.
-class SSLClientSocketOpenSSL : public SSLClientSocket {
+class SSLClientSocketImpl : public SSLClientSocket {
  public:
   // Takes ownership of the transport_socket, which may already be connected.
   // The given hostname will be compared with the name(s) in the server's
   // certificate during the SSL handshake.  ssl_config specifies the SSL
   // settings.
-  SSLClientSocketOpenSSL(scoped_ptr<ClientSocketHandle> transport_socket,
-                         const HostPortPair& host_and_port,
-                         const SSLConfig& ssl_config,
-                         const SSLClientSocketContext& context);
-  ~SSLClientSocketOpenSSL() override;
+  SSLClientSocketImpl(std::unique_ptr<ClientSocketHandle> transport_socket,
+                      const HostPortPair& host_and_port,
+                      const SSLConfig& ssl_config,
+                      const SSLClientSocketContext& context);
+  ~SSLClientSocketImpl() override;
 
   const HostPortPair& host_and_port() const { return host_and_port_; }
   const std::string& ssl_session_cache_shard() const {
@@ -165,25 +164,31 @@ class SSLClientSocketOpenSSL : public SSLClientSocket {
   // CertVerifyCallback is called to verify the server's certificates. We do
   // verification after the handshake so this function only enforces that the
   // certificates don't change during renegotiation.
-  int CertVerifyCallback(X509_STORE_CTX *store_ctx);
+  int CertVerifyCallback(X509_STORE_CTX* store_ctx);
 
   // Callback from the SSL layer to check which NPN protocol we are supporting
-  int SelectNextProtoCallback(unsigned char** out, unsigned char* outlen,
-                              const unsigned char* in, unsigned int inlen);
+  int SelectNextProtoCallback(unsigned char** out,
+                              unsigned char* outlen,
+                              const unsigned char* in,
+                              unsigned int inlen);
 
   // Called during an operation on |transport_bio_|'s peer. Checks saved
   // transport error state and, if appropriate, returns an error through
   // OpenSSL's error system.
-  long MaybeReplayTransportError(BIO *bio,
+  long MaybeReplayTransportError(BIO* bio,
                                  int cmd,
-                                 const char *argp, int argi, long argl,
+                                 const char* argp,
+                                 int argi,
+                                 long argl,
                                  long retvalue);
 
   // Callback from the SSL layer when an operation is performed on
   // |transport_bio_|'s peer.
-  static long BIOCallback(BIO *bio,
+  static long BIOCallback(BIO* bio,
                           int cmd,
-                          const char *argp, int argi, long argl,
+                          const char* argp,
+                          int argi,
+                          long argl,
                           long retvalue);
 
   // Called after the initial handshake completes and after the server
@@ -234,10 +239,12 @@ class SSLClientSocketOpenSSL : public SSLClientSocket {
                         size_t contents_len,
                         int* out_alert_value);
 
+  void LogConnectEndEvent(int rv);
+
   bool transport_send_busy_;
   bool transport_recv_busy_;
 
-  // Buffers which are shared by BoringSSL and SSLClientSocketOpenSSL.
+  // Buffers which are shared by BoringSSL and SSLClientSocketImpl.
   // GrowableIOBuffer is used to keep ownership and setting offset.
   scoped_refptr<GrowableIOBuffer> send_buffer_;
   scoped_refptr<GrowableIOBuffer> recv_buffer_;
@@ -279,7 +286,7 @@ class SSLClientSocketOpenSSL : public SSLClientSocket {
   int transport_write_error_;
 
   // Set when Connect finishes.
-  scoped_ptr<PeerCertificateChain> server_cert_chain_;
+  std::unique_ptr<PeerCertificateChain> server_cert_chain_;
   scoped_refptr<X509Certificate> server_cert_;
   CertVerifyResult server_cert_verify_result_;
   bool completed_connect_;
@@ -296,7 +303,7 @@ class SSLClientSocketOpenSSL : public SSLClientSocket {
   std::vector<SSLClientCertType> cert_key_types_;
 
   CertVerifier* const cert_verifier_;
-  scoped_ptr<CertVerifier::Request> cert_verifier_request_;
+  std::unique_ptr<CertVerifier::Request> cert_verifier_request_;
   base::TimeTicks start_cert_verification_time_;
 
   // Certificate Transparency: Verifier and result holder.
@@ -313,7 +320,7 @@ class SSLClientSocketOpenSSL : public SSLClientSocket {
   SSL* ssl_;
   BIO* transport_bio_;
 
-  scoped_ptr<ClientSocketHandle> transport_;
+  std::unique_ptr<ClientSocketHandle> transport_;
   const HostPortPair host_and_port_;
   SSLConfig ssl_config_;
   // ssl_session_cache_shard_ is an opaque string that partitions the SSL
@@ -338,7 +345,7 @@ class SSLClientSocketOpenSSL : public SSLClientSocket {
   NextProtoStatus npn_status_;
   std::string npn_proto_;
   // Written by the |channel_id_service_|.
-  scoped_ptr<crypto::ECPrivateKey> channel_id_key_;
+  std::unique_ptr<crypto::ECPrivateKey> channel_id_key_;
   // True if a channel ID was sent.
   bool channel_id_sent_;
   // True if the current session was newly-established, but the certificate had
@@ -364,9 +371,9 @@ class SSLClientSocketOpenSSL : public SSLClientSocket {
   std::string pinning_failure_log_;
 
   BoundNetLog net_log_;
-  base::WeakPtrFactory<SSLClientSocketOpenSSL> weak_factory_;
+  base::WeakPtrFactory<SSLClientSocketImpl> weak_factory_;
 };
 
 }  // namespace net
 
-#endif  // NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_
+#endif  // NET_SOCKET_SSL_CLIENT_SOCKET_IMPL_H_
diff --git a/chromium/net/socket/ssl_client_socket_nss.cc b/chromium/net/socket/ssl_client_socket_nss.cc
deleted file mode 100644
index e3d0a36bde4..00000000000
--- a/chromium/net/socket/ssl_client_socket_nss.cc
+++ /dev/null
@@ -1,3189 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-// This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived
-// from AuthCertificateCallback() in
-// mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.
-
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *   Ian McGreer <mcgreer@netscape.com>
- *   Javier Delgadillo <javi@netscape.com>
- *   Kai Engert <kengert@redhat.com>
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#include "net/socket/ssl_client_socket_nss.h"
-
-#include <certdb.h>
-#include <hasht.h>
-#include <keyhi.h>
-#include <nspr.h>
-#include <nss.h>
-#include <ocsp.h>
-#include <pk11pub.h>
-#include <secerr.h>
-#include <sechash.h>
-#include <ssl.h>
-#include <sslerr.h>
-#include <sslproto.h>
-
-#include <algorithm>
-#include <limits>
-#include <map>
-#include <utility>
-
-#include "base/bind.h"
-#include "base/bind_helpers.h"
-#include "base/callback_helpers.h"
-#include "base/compiler_specific.h"
-#include "base/location.h"
-#include "base/logging.h"
-#include "base/macros.h"
-#include "base/metrics/histogram_macros.h"
-#include "base/single_thread_task_runner.h"
-#include "base/stl_util.h"
-#include "base/strings/string_number_conversions.h"
-#include "base/strings/string_util.h"
-#include "base/strings/stringprintf.h"
-#include "base/thread_task_runner_handle.h"
-#include "base/threading/thread_restrictions.h"
-#include "base/values.h"
-#include "crypto/ec_private_key.h"
-#include "crypto/nss_util.h"
-#include "crypto/nss_util_internal.h"
-#include "crypto/rsa_private_key.h"
-#include "crypto/scoped_nss_types.h"
-#include "net/base/address_list.h"
-#include "net/base/io_buffer.h"
-#include "net/base/net_errors.h"
-#include "net/base/sockaddr_storage.h"
-#include "net/cert/asn1_util.h"
-#include "net/cert/cert_status_flags.h"
-#include "net/cert/cert_verifier.h"
-#include "net/cert/ct_ev_whitelist.h"
-#include "net/cert/ct_policy_enforcer.h"
-#include "net/cert/ct_policy_status.h"
-#include "net/cert/ct_verifier.h"
-#include "net/cert/ct_verify_result.h"
-#include "net/cert/scoped_nss_types.h"
-#include "net/cert/sct_status_flags.h"
-#include "net/cert/x509_certificate_net_log_param.h"
-#include "net/cert/x509_util.h"
-#include "net/cert_net/nss_ocsp.h"
-#include "net/dns/dns_util.h"
-#include "net/http/transport_security_state.h"
-#include "net/log/net_log.h"
-#include "net/socket/client_socket_handle.h"
-#include "net/socket/nss_ssl_util.h"
-#include "net/ssl/ssl_cert_request_info.h"
-#include "net/ssl/ssl_cipher_suite_names.h"
-#include "net/ssl/ssl_connection_status_flags.h"
-#include "net/ssl/ssl_failure_state.h"
-#include "net/ssl/ssl_info.h"
-
-#if defined(USE_NSS_CERTS)
-#include <dlfcn.h>
-#endif
-
-namespace net {
-
-// State machines are easier to debug if you log state transitions.
-// Enable these if you want to see what's going on.
-#if 1
-#define EnterFunction(x)
-#define LeaveFunction(x)
-#define GotoState(s) next_handshake_state_ = s
-#else
-#define EnterFunction(x)\
-    VLOG(1) << (void *)this << " " << __FUNCTION__ << " enter " << x\
-            << "; next_handshake_state " << next_handshake_state_
-#define LeaveFunction(x)\
-    VLOG(1) << (void *)this << " " << __FUNCTION__ << " leave " << x\
-            << "; next_handshake_state " << next_handshake_state_
-#define GotoState(s)\
-    do {\
-      VLOG(1) << (void *)this << " " << __FUNCTION__ << " jump to state " << s;\
-      next_handshake_state_ = s;\
-    } while (0)
-#endif
-
-namespace {
-
-// SSL plaintext fragments are shorter than 16KB. Although the record layer
-// overhead is allowed to be 2K + 5 bytes, in practice the overhead is much
-// smaller than 1KB. So a 17KB buffer should be large enough to hold an
-// entire SSL record.
-const int kRecvBufferSize = 17 * 1024;
-const int kSendBufferSize = 17 * 1024;
-
-// Used by SSLClientSocketNSS::Core to indicate there is no read result
-// obtained by a previous operation waiting to be returned to the caller.
-// This constant can be any non-negative/non-zero value (eg: it does not
-// overlap with any value of the net::Error range, including net::OK).
-const int kNoPendingReadResult = 1;
-
-// Helper functions to make it possible to log events from within the
-// SSLClientSocketNSS::Core.
-void AddLogEvent(const base::WeakPtr<BoundNetLog>& net_log,
-                 NetLog::EventType event_type) {
-  if (!net_log)
-    return;
-  net_log->AddEvent(event_type);
-}
-
-// Helper function to make it possible to log events from within the
-// SSLClientSocketNSS::Core.
-void AddLogEventWithCallback(const base::WeakPtr<BoundNetLog>& net_log,
-                             NetLog::EventType event_type,
-                             const NetLog::ParametersCallback& callback) {
-  if (!net_log)
-    return;
-  net_log->AddEvent(event_type, callback);
-}
-
-// Helper function to make it easier to call BoundNetLog::AddByteTransferEvent
-// from within the SSLClientSocketNSS::Core.
-// AddByteTransferEvent expects to receive a const char*, which within the
-// Core is backed by an IOBuffer. If the "const char*" is bound via
-// base::Bind and posted to another thread, and the IOBuffer that backs that
-// pointer then goes out of scope on the origin thread, this would result in
-// an invalid read of a stale pointer.
-// Instead, provide a signature that accepts an IOBuffer*, so that a reference
-// to the owning IOBuffer can be bound to the Callback. This ensures that the
-// IOBuffer will stay alive long enough to cross threads if needed.
-void LogByteTransferEvent(
-    const base::WeakPtr<BoundNetLog>& net_log, NetLog::EventType event_type,
-    int len, IOBuffer* buffer) {
-  if (!net_log)
-    return;
-  net_log->AddByteTransferEvent(event_type, len, buffer->data());
-}
-
-// PeerCertificateChain is a helper object which extracts the certificate
-// chain, as given by the server, from an NSS socket and performs the needed
-// resource management. The first element of the chain is the leaf certificate
-// and the other elements are in the order given by the server.
-class PeerCertificateChain {
- public:
-  PeerCertificateChain() {}
-  PeerCertificateChain(const PeerCertificateChain& other);
-  ~PeerCertificateChain();
-  PeerCertificateChain& operator=(const PeerCertificateChain& other);
-
-  // Resets the current chain, freeing any resources, and updates the current
-  // chain to be a copy of the chain stored in |nss_fd|.
-  // If |nss_fd| is NULL, then the current certificate chain will be freed.
-  void Reset(PRFileDesc* nss_fd);
-
-  // Returns the current certificate chain as a vector of DER-encoded
-  // base::StringPieces. The returned vector remains valid until Reset is
-  // called.
-  std::vector<base::StringPiece> AsStringPieceVector() const;
-
-  bool empty() const { return certs_.empty(); }
-
-  CERTCertificate* operator[](size_t index) const {
-    DCHECK_LT(index, certs_.size());
-    return certs_[index];
-  }
-
- private:
-  std::vector<CERTCertificate*> certs_;
-};
-
-PeerCertificateChain::PeerCertificateChain(
-    const PeerCertificateChain& other) {
-  *this = other;
-}
-
-PeerCertificateChain::~PeerCertificateChain() {
-  Reset(NULL);
-}
-
-PeerCertificateChain& PeerCertificateChain::operator=(
-    const PeerCertificateChain& other) {
-  if (this == &other)
-    return *this;
-
-  Reset(NULL);
-  certs_.reserve(other.certs_.size());
-  for (size_t i = 0; i < other.certs_.size(); ++i)
-    certs_.push_back(CERT_DupCertificate(other.certs_[i]));
-
-  return *this;
-}
-
-void PeerCertificateChain::Reset(PRFileDesc* nss_fd) {
-  for (size_t i = 0; i < certs_.size(); ++i)
-    CERT_DestroyCertificate(certs_[i]);
-  certs_.clear();
-
-  if (nss_fd == NULL)
-    return;
-
-  CERTCertList* list = SSL_PeerCertificateChain(nss_fd);
-  // The handshake on |nss_fd| may not have completed.
-  if (list == NULL)
-    return;
-
-  for (CERTCertListNode* node = CERT_LIST_HEAD(list);
-       !CERT_LIST_END(node, list); node = CERT_LIST_NEXT(node)) {
-    certs_.push_back(CERT_DupCertificate(node->cert));
-  }
-  CERT_DestroyCertList(list);
-}
-
-std::vector<base::StringPiece>
-PeerCertificateChain::AsStringPieceVector() const {
-  std::vector<base::StringPiece> v(certs_.size());
-  for (unsigned i = 0; i < certs_.size(); i++) {
-    v[i] = base::StringPiece(
-        reinterpret_cast<const char*>(certs_[i]->derCert.data),
-        certs_[i]->derCert.len);
-  }
-
-  return v;
-}
-
-// HandshakeState is a helper struct used to pass handshake state between
-// the NSS task runner and the network task runner.
-//
-// It contains members that may be read or written on the NSS task runner,
-// but which also need to be read from the network task runner. The NSS task
-// runner will notify the network task runner whenever this state changes, so
-// that the network task runner can safely make a copy, which avoids the need
-// for locking.
-struct HandshakeState {
-  HandshakeState() { Reset(); }
-
-  void Reset() {
-    next_proto_status = SSLClientSocket::kNextProtoUnsupported;
-    next_proto.clear();
-    negotiation_extension_ = SSLClientSocket::kExtensionUnknown;
-    channel_id_sent = false;
-    server_cert_chain.Reset(NULL);
-    server_cert = NULL;
-    sct_list_from_tls_extension.clear();
-    stapled_ocsp_response.clear();
-    resumed_handshake = false;
-    ssl_connection_status = 0;
-  }
-
-  // Set to kNextProtoNegotiated if NPN was successfully negotiated, with the
-  // negotiated protocol stored in |next_proto|.
-  SSLClientSocket::NextProtoStatus next_proto_status;
-  std::string next_proto;
-
-  // TLS extension used for protocol negotiation.
-  SSLClientSocket::SSLNegotiationExtension negotiation_extension_;
-
-  // True if a channel ID was sent.
-  bool channel_id_sent;
-
-  // List of DER-encoded X.509 DistinguishedName of certificate authorities
-  // allowed by the server.
-  std::vector<std::string> cert_authorities;
-
-  // Set when the handshake fully completes.
-  //
-  // The server certificate is first received from NSS as an NSS certificate
-  // chain (|server_cert_chain|) and then converted into a platform-specific
-  // X509Certificate object (|server_cert|). It's possible for some
-  // certificates to be successfully parsed by NSS, and not by the platform
-  // libraries (i.e.: when running within a sandbox, different parsing
-  // algorithms, etc), so it's not safe to assume that |server_cert| will
-  // always be non-NULL.
-  PeerCertificateChain server_cert_chain;
-  scoped_refptr<X509Certificate> server_cert;
-  // SignedCertificateTimestampList received via TLS extension (RFC 6962).
-  std::string sct_list_from_tls_extension;
-  // Stapled OCSP response received.
-  std::string stapled_ocsp_response;
-
-  // True if the current handshake was the result of TLS session resumption.
-  bool resumed_handshake;
-
-  // The negotiated security parameters (TLS version, cipher, extensions) of
-  // the SSL connection.
-  int ssl_connection_status;
-};
-
-// Client-side error mapping functions.
-
-// Map NSS error code to network error code.
-int MapNSSClientError(PRErrorCode err) {
-  switch (err) {
-    case SSL_ERROR_BAD_CERT_ALERT:
-    case SSL_ERROR_UNSUPPORTED_CERT_ALERT:
-    case SSL_ERROR_REVOKED_CERT_ALERT:
-    case SSL_ERROR_EXPIRED_CERT_ALERT:
-    case SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT:
-    case SSL_ERROR_UNKNOWN_CA_ALERT:
-    case SSL_ERROR_ACCESS_DENIED_ALERT:
-      return ERR_BAD_SSL_CLIENT_AUTH_CERT;
-    default:
-      return MapNSSError(err);
-  }
-}
-
-}  // namespace
-
-// SSLClientSocketNSS::Core provides a thread-safe, ref-counted core that is
-// able to marshal data between NSS functions and an underlying transport
-// socket.
-//
-// All public functions are meant to be called from the network task runner,
-// and any callbacks supplied will be invoked there as well, provided that
-// Detach() has not been called yet.
-//
-/////////////////////////////////////////////////////////////////////////////
-//
-// Threading within SSLClientSocketNSS and SSLClientSocketNSS::Core:
-//
-// Because NSS may block on either hardware or user input during operations
-// such as signing, creating certificates, or locating private keys, the Core
-// handles all of the interactions with the underlying NSS SSL socket, so
-// that these blocking calls can be executed on a dedicated task runner.
-//
-// Note that the network task runner and the NSS task runner may be executing
-// on the same thread. If that happens, then it's more performant to try to
-// complete as much work as possible synchronously, even if it might block,
-// rather than continually PostTask-ing to the same thread.
-//
-// Because NSS functions should only be called on the NSS task runner, while
-// I/O resources should only be accessed on the network task runner, most
-// public functions are implemented via three methods, each with different
-// task runner affinities.
-//
-// In the single-threaded mode (where the network and NSS task runners run on
-// the same thread), these are all attempted synchronously, while in the
-// multi-threaded mode, message passing is used.
-//
-// 1) NSS Task Runner: Execute NSS function (DoPayloadRead, DoPayloadWrite,
-//    DoHandshake)
-// 2) NSS Task Runner: Prepare data to go from NSS to an IO function:
-//    (BufferRecv, BufferSend)
-// 3) Network Task Runner: Perform IO on that data (DoBufferRecv,
-//    DoBufferSend, DoGetChannelID, OnGetChannelIDComplete)
-// 4) Both Task Runners: Callback for asynchronous completion or to marshal
-//    data from the network task runner back to NSS (BufferRecvComplete,
-//    BufferSendComplete, OnHandshakeIOComplete)
-//
-/////////////////////////////////////////////////////////////////////////////
-// Single-threaded example
-//
-// |--------------------------Network Task Runner--------------------------|
-//  SSLClientSocketNSS              Core               (Transport Socket)
-//       Read()
-//         |-------------------------V
-//                                 Read()
-//                                   |
-//                            DoPayloadRead()
-//                                   |
-//                               BufferRecv()
-//                                   |
-//                              DoBufferRecv()
-//                                   |-------------------------V
-//                                                           Read()
-//                                   V-------------------------|
-//                          BufferRecvComplete()
-//                                   |
-//                           PostOrRunCallback()
-//         V-------------------------|
-//    (Read Callback)
-//
-/////////////////////////////////////////////////////////////////////////////
-// Multi-threaded example:
-//
-// |--------------------Network Task Runner-------------|--NSS Task Runner--|
-//  SSLClientSocketNSS          Core            Socket         Core
-//       Read()
-//         |---------------------V
-//                             Read()
-//                               |-------------------------------V
-//                                                             Read()
-//                                                               |
-//                                                         DoPayloadRead()
-//                                                               |
-//                                                          BufferRecv
-//                               V-------------------------------|
-//                          DoBufferRecv
-//                               |----------------V
-//                                              Read()
-//                               V----------------|
-//                        BufferRecvComplete()
-//                               |-------------------------------V
-//                                                      BufferRecvComplete()
-//                                                               |
-//                                                       PostOrRunCallback()
-//                               V-------------------------------|
-//                        PostOrRunCallback()
-//         V---------------------|
-//    (Read Callback)
-//
-/////////////////////////////////////////////////////////////////////////////
-class SSLClientSocketNSS::Core : public base::RefCountedThreadSafe<Core> {
- public:
-  // Creates a new Core.
-  //
-  // Any calls to NSS are executed on the |nss_task_runner|, while any calls
-  // that need to operate on the underlying transport, net log, or server
-  // bound certificate fetching will happen on the |network_task_runner|, so
-  // that their lifetimes match that of the owning SSLClientSocketNSS.
-  //
-  // The caller retains ownership of |transport|, |net_log|, and
-  // |channel_id_service|, and they will not be accessed once Detach()
-  // has been called.
-  Core(base::SequencedTaskRunner* network_task_runner,
-       base::SequencedTaskRunner* nss_task_runner,
-       ClientSocketHandle* transport,
-       const HostPortPair& host_and_port,
-       const SSLConfig& ssl_config,
-       BoundNetLog* net_log,
-       ChannelIDService* channel_id_service);
-
-  // Called on the network task runner.
-  // Transfers ownership of |socket|, an NSS SSL socket, and |buffers|, the
-  // underlying memio implementation, to the Core. Returns true if the Core
-  // was successfully registered with the socket.
-  bool Init(PRFileDesc* socket, memio_Private* buffers);
-
-  // Called on the network task runner.
-  //
-  // Attempts to perform an SSL handshake. If the handshake cannot be
-  // completed synchronously, returns ERR_IO_PENDING, invoking |callback| on
-  // the network task runner once the handshake has completed. Otherwise,
-  // returns OK on success or a network error code on failure.
-  int Connect(const CompletionCallback& callback);
-
-  // Called on the network task runner.
-  // Signals that the resources owned by the network task runner are going
-  // away. No further callbacks will be invoked on the network task runner.
-  // May be called at any time.
-  void Detach();
-
-  // Called on the network task runner.
-  // Returns the current state of the underlying SSL socket. May be called at
-  // any time.
-  const HandshakeState& state() const { return network_handshake_state_; }
-
-  // Called on the network task runner.
-  // Read() and Write() mirror the net::Socket functions of the same name.
-  // If ERR_IO_PENDING is returned, |callback| will be invoked on the network
-  // task runner at a later point, unless the caller calls Detach().
-  int Read(IOBuffer* buf, int buf_len, const CompletionCallback& callback);
-  int Write(IOBuffer* buf, int buf_len, const CompletionCallback& callback);
-
-  // Called on the network task runner.
-  bool IsConnected() const;
-  bool HasPendingAsyncOperation() const;
-  bool HasUnhandledReceivedData() const;
-  bool WasEverUsed() const;
-
-  // Called on the network task runner.
-  // Causes the associated SSL/TLS session ID to be added to NSS's session
-  // cache, but only if the connection has not been False Started.
-  //
-  // This should only be called after the server's certificate has been
-  // verified, and may not be called within an NSS callback.
-  void CacheSessionIfNecessary();
-
-  crypto::ECPrivateKey* GetChannelIDKey() const {
-    return channel_id_key_.get();
-  }
-
- private:
-  friend class base::RefCountedThreadSafe<Core>;
-  ~Core();
-
-  enum State {
-    STATE_NONE,
-    STATE_HANDSHAKE,
-    STATE_GET_DOMAIN_BOUND_CERT_COMPLETE,
-  };
-
-  bool OnNSSTaskRunner() const;
-  bool OnNetworkTaskRunner() const;
-
-  ////////////////////////////////////////////////////////////////////////////
-  // Methods that are ONLY called on the NSS task runner:
-  ////////////////////////////////////////////////////////////////////////////
-
-  // Called by NSS during full handshakes to allow the application to
-  // verify the certificate. Instead of verifying the certificate in the midst
-  // of the handshake, SECSuccess is always returned and the peer's certificate
-  // is verified afterwards.
-  // This behaviour is an artifact of the original SSLClientSocketWin
-  // implementation, which could not verify the peer's certificate until after
-  // the handshake had completed, as well as bugs in NSS that prevent
-  // SSL_RestartHandshakeAfterCertReq from working.
-  static SECStatus OwnAuthCertHandler(void* arg,
-                                      PRFileDesc* socket,
-                                      PRBool checksig,
-                                      PRBool is_server);
-
-  // Callbacks called by NSS when the peer requests client certificate
-  // authentication.
-  // See the documentation in third_party/nss/ssl/ssl.h for the meanings of
-  // the arguments.
-  static SECStatus ClientAuthHandler(void* arg,
-                                     PRFileDesc* socket,
-                                     CERTDistNames* ca_names,
-                                     CERTCertificate** result_certificate,
-                                     SECKEYPrivateKey** result_private_key);
-
-  // Called by NSS to determine if we can False Start.
-  // |arg| contains a pointer to the current SSLClientSocketNSS::Core.
-  static SECStatus CanFalseStartCallback(PRFileDesc* socket,
-                                         void* arg,
-                                         PRBool* can_false_start);
-
-  // Called by NSS each time a handshake completely finishes.
-  // |arg| contains a pointer to the current SSLClientSocketNSS::Core.
-  static void HandshakeCallback(PRFileDesc* socket, void* arg);
-
-  // Called once for each successful handshake. If the initial handshake false
-  // starts, it is called when it false starts and not when it completely
-  // finishes. is_initial is true if this is the initial handshake.
-  void HandshakeSucceeded(bool is_initial);
-
-  // Handles an NSS error generated while handshaking or performing IO.
-  // Returns a network error code mapped from the original NSS error.
-  int HandleNSSError(PRErrorCode error);
-
-  int DoHandshakeLoop(int last_io_result);
-  int DoReadLoop(int result);
-  int DoWriteLoop(int result);
-
-  int DoHandshake();
-  int DoGetDBCertComplete(int result);
-
-  int DoPayloadRead();
-  int DoPayloadWrite();
-
-  bool DoTransportIO();
-  int BufferRecv();
-  int BufferSend();
-
-  void OnRecvComplete(int result);
-  void OnSendComplete(int result);
-
-  void DoConnectCallback(int result);
-  void DoReadCallback(int result);
-  void DoWriteCallback(int result);
-
-  // Client channel ID handler.
-  static SECStatus ClientChannelIDHandler(
-      void* arg,
-      PRFileDesc* socket,
-      SECKEYPublicKey **out_public_key,
-      SECKEYPrivateKey **out_private_key);
-
-  // ImportChannelIDKeys is a helper function for turning a DER-encoded cert and
-  // key into a SECKEYPublicKey and SECKEYPrivateKey. Returns OK upon success
-  // and an error code otherwise.
-  // Requires |domain_bound_private_key_| and |domain_bound_cert_| to have been
-  // set by a call to ChannelIDService->GetChannelID. The caller
-  // takes ownership of the |*cert| and |*key|.
-  int ImportChannelIDKeys(SECKEYPublicKey** public_key, SECKEYPrivateKey** key);
-
-  // Updates the NSS and platform specific certificates.
-  void UpdateServerCert();
-  // Update the nss_handshake_state_ with the SignedCertificateTimestampList
-  // received in the handshake via a TLS extension.
-  void UpdateSignedCertTimestamps();
-  // Update the OCSP response cache with the stapled response received in the
-  // handshake, and update nss_handshake_state_ with
-  // the SignedCertificateTimestampList received in the stapled OCSP response.
-  void UpdateStapledOCSPResponse();
-  // Updates the nss_handshake_state_ with the negotiated security parameters.
-  void UpdateConnectionStatus();
-  // Record histograms for channel id support during full handshakes - resumed
-  // handshakes are ignored.
-  void RecordChannelIDSupportOnNSSTaskRunner();
-  // UpdateNextProto gets any application-layer protocol that may have been
-  // negotiated by the TLS connection.
-  void UpdateNextProto();
-  // Record TLS extension used for protocol negotiation (NPN or ALPN).
-  void UpdateExtensionUsed();
-
-  // Returns true if renegotiations are allowed.
-  bool IsRenegotiationAllowed() const;
-
-  ////////////////////////////////////////////////////////////////////////////
-  // Methods that are ONLY called on the network task runner:
-  ////////////////////////////////////////////////////////////////////////////
-  int DoBufferRecv(IOBuffer* buffer, int len);
-  int DoBufferSend(IOBuffer* buffer, int len);
-  int DoGetChannelID(const std::string& host);
-
-  void OnGetChannelIDComplete(int result);
-  void OnHandshakeStateUpdated(const HandshakeState& state);
-  void OnNSSBufferUpdated(int amount_in_read_buffer);
-  void DidNSSRead(int result);
-  void DidNSSWrite(int result);
-  void RecordChannelIDSupportOnNetworkTaskRunner(bool negotiated_channel_id,
-                                                 bool channel_id_enabled) const;
-
-  ////////////////////////////////////////////////////////////////////////////
-  // Methods that are called on both the network task runner and the NSS
-  // task runner.
-  ////////////////////////////////////////////////////////////////////////////
-  void OnHandshakeIOComplete(int result);
-  void BufferRecvComplete(IOBuffer* buffer, int result);
-  void BufferSendComplete(int result);
-
-  // PostOrRunCallback is a helper function to ensure that |callback| is
-  // invoked on the network task runner, but only if Detach() has not yet
-  // been called.
-  void PostOrRunCallback(const tracked_objects::Location& location,
-                         const base::Closure& callback);
-
-  // Uses PostOrRunCallback and |weak_net_log_| to try and log a
-  // SSL_CLIENT_CERT_PROVIDED event, with the indicated count.
-  void AddCertProvidedEvent(int cert_count);
-
-  // Sets the handshake state |channel_id_sent| flag and logs the
-  // SSL_CHANNEL_ID_PROVIDED event.
-  void SetChannelIDProvided();
-
-  ////////////////////////////////////////////////////////////////////////////
-  // Members that are ONLY accessed on the network task runner:
-  ////////////////////////////////////////////////////////////////////////////
-
-  // True if the owning SSLClientSocketNSS has called Detach(). No further
-  // callbacks will be invoked nor access to members owned by the network
-  // task runner.
-  bool detached_;
-
-  // The underlying transport to use for network IO.
-  ClientSocketHandle* transport_;
-  base::WeakPtrFactory<BoundNetLog> weak_net_log_factory_;
-
-  // The current handshake state. Mirrors |nss_handshake_state_|.
-  HandshakeState network_handshake_state_;
-
-  // The service for retrieving Channel ID keys.  May be NULL.
-  ChannelIDService* channel_id_service_;
-  ChannelIDService::Request channel_id_request_;
-
-  // The information about NSS task runner.
-  int unhandled_buffer_size_;
-  bool nss_waiting_read_;
-  bool nss_waiting_write_;
-  bool nss_is_closed_;
-
-  // Set when Read() or Write() successfully reads or writes data to or from the
-  // network.
-  bool was_ever_used_;
-
-  ////////////////////////////////////////////////////////////////////////////
-  // Members that are ONLY accessed on the NSS task runner:
-  ////////////////////////////////////////////////////////////////////////////
-  HostPortPair host_and_port_;
-  SSLConfig ssl_config_;
-
-  // NSS SSL socket.
-  PRFileDesc* nss_fd_;
-
-  // Buffers for the network end of the SSL state machine
-  memio_Private* nss_bufs_;
-
-  // Used by DoPayloadRead() when attempting to fill the caller's buffer with
-  // as much data as possible, without blocking.
-  // If DoPayloadRead() encounters an error after having read some data, stores
-  // the results to return on the *next* call to DoPayloadRead(). A value of
-  // kNoPendingReadResult indicates there is no pending result, otherwise 0
-  // indicates EOF and < 0 indicates an error.
-  int pending_read_result_;
-  // Contains the previously observed NSS error. Only valid when
-  // pending_read_result_ != kNoPendingReadResult.
-  PRErrorCode pending_read_nss_error_;
-
-  // The certificate chain, in DER form, that is expected to be received from
-  // the server.
-  std::vector<std::string> predicted_certs_;
-
-  State next_handshake_state_;
-
-  // True if channel ID extension was negotiated.
-  bool channel_id_xtn_negotiated_;
-  // True if the handshake state machine was interrupted for channel ID.
-  bool channel_id_needed_;
-  // True if the handshake state machine was interrupted for client auth.
-  bool client_auth_cert_needed_;
-  // True if NSS has False Started in the initial handshake, but the initial
-  // handshake has not yet completely finished..
-  bool false_started_;
-  // True if NSS has called HandshakeCallback.
-  bool handshake_callback_called_;
-
-  HandshakeState nss_handshake_state_;
-
-  bool transport_recv_busy_;
-  bool transport_recv_eof_;
-  bool transport_send_busy_;
-
-  // Used by Read function.
-  scoped_refptr<IOBuffer> user_read_buf_;
-  int user_read_buf_len_;
-
-  // Used by Write function.
-  scoped_refptr<IOBuffer> user_write_buf_;
-  int user_write_buf_len_;
-
-  CompletionCallback user_connect_callback_;
-  CompletionCallback user_read_callback_;
-  CompletionCallback user_write_callback_;
-
-  ////////////////////////////////////////////////////////////////////////////
-  // Members that are accessed on both the network task runner and the NSS
-  // task runner.
-  ////////////////////////////////////////////////////////////////////////////
-  scoped_refptr<base::SequencedTaskRunner> network_task_runner_;
-  scoped_refptr<base::SequencedTaskRunner> nss_task_runner_;
-
-  // Dereferenced only on the network task runner, but bound to tasks destined
-  // for the network task runner from the NSS task runner.
-  base::WeakPtr<BoundNetLog> weak_net_log_;
-
-  // Written on the network task runner by the |channel_id_service_|,
-  // prior to invoking OnHandshakeIOComplete.
-  // Read on the NSS task runner when once OnHandshakeIOComplete is invoked
-  // on the NSS task runner.
-  scoped_ptr<crypto::ECPrivateKey> channel_id_key_;
-
-  DISALLOW_COPY_AND_ASSIGN(Core);
-};
-
-SSLClientSocketNSS::Core::Core(
-    base::SequencedTaskRunner* network_task_runner,
-    base::SequencedTaskRunner* nss_task_runner,
-    ClientSocketHandle* transport,
-    const HostPortPair& host_and_port,
-    const SSLConfig& ssl_config,
-    BoundNetLog* net_log,
-    ChannelIDService* channel_id_service)
-    : detached_(false),
-      transport_(transport),
-      weak_net_log_factory_(net_log),
-      channel_id_service_(channel_id_service),
-      unhandled_buffer_size_(0),
-      nss_waiting_read_(false),
-      nss_waiting_write_(false),
-      nss_is_closed_(false),
-      was_ever_used_(false),
-      host_and_port_(host_and_port),
-      ssl_config_(ssl_config),
-      nss_fd_(NULL),
-      nss_bufs_(NULL),
-      pending_read_result_(kNoPendingReadResult),
-      pending_read_nss_error_(0),
-      next_handshake_state_(STATE_NONE),
-      channel_id_xtn_negotiated_(false),
-      channel_id_needed_(false),
-      client_auth_cert_needed_(false),
-      false_started_(false),
-      handshake_callback_called_(false),
-      transport_recv_busy_(false),
-      transport_recv_eof_(false),
-      transport_send_busy_(false),
-      user_read_buf_len_(0),
-      user_write_buf_len_(0),
-      network_task_runner_(network_task_runner),
-      nss_task_runner_(nss_task_runner),
-      weak_net_log_(weak_net_log_factory_.GetWeakPtr()) {
-}
-
-SSLClientSocketNSS::Core::~Core() {
-  // TODO(wtc): Send SSL close_notify alert.
-  if (nss_fd_ != NULL) {
-    PR_Close(nss_fd_);
-    nss_fd_ = NULL;
-  }
-  nss_bufs_ = NULL;
-}
-
-bool SSLClientSocketNSS::Core::Init(PRFileDesc* socket,
-                                    memio_Private* buffers) {
-  DCHECK(OnNetworkTaskRunner());
-  DCHECK(!nss_fd_);
-  DCHECK(!nss_bufs_);
-
-  nss_fd_ = socket;
-  nss_bufs_ = buffers;
-
-  SECStatus rv = SECSuccess;
-
-  if (!ssl_config_.alpn_protos.empty()) {
-    NextProtoVector alpn_protos = ssl_config_.alpn_protos;
-    // TODO(bnc): Check ssl_config_.disabled_cipher_suites.
-    if (!IsTLSVersionAdequateForHTTP2(ssl_config_))
-      DisableHTTP2(&alpn_protos);
-    // |ssl_config_| has fallback protocol at the end of the list, but NSS
-    // expects fallback at the first place, thus protocols need to be reordered.
-    ReorderNextProtos(&alpn_protos);
-    // NSS only supports a single protocol vector to be used with ALPN and NPN.
-    // Because of this limitation, |alpn_prototos| will be used for both.
-    // However, it is possible to enable ALPN and NPN separately.
-    std::vector<uint8_t> wire_protos = SerializeNextProtos(alpn_protos);
-    rv = SSL_SetNextProtoNego(
-        nss_fd_, wire_protos.empty() ? NULL : &wire_protos[0],
-        wire_protos.size());
-    if (rv != SECSuccess)
-      LogFailedNSSFunction(*weak_net_log_, "SSL_SetNextProtoNego", "");
-    rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_ALPN, PR_TRUE);
-    if (rv != SECSuccess)
-      LogFailedNSSFunction(*weak_net_log_, "SSL_OptionSet", "SSL_ENABLE_ALPN");
-    if (!ssl_config_.npn_protos.empty()) {
-      rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_NPN, PR_TRUE);
-      if (rv != SECSuccess)
-        LogFailedNSSFunction(*weak_net_log_, "SSL_OptionSet", "SSL_ENABLE_NPN");
-    }
-  }
-
-  rv = SSL_AuthCertificateHook(
-      nss_fd_, SSLClientSocketNSS::Core::OwnAuthCertHandler, this);
-  if (rv != SECSuccess) {
-    LogFailedNSSFunction(*weak_net_log_, "SSL_AuthCertificateHook", "");
-    return false;
-  }
-
-  rv = SSL_GetClientAuthDataHook(
-      nss_fd_, SSLClientSocketNSS::Core::ClientAuthHandler, this);
-  if (rv != SECSuccess) {
-    LogFailedNSSFunction(*weak_net_log_, "SSL_GetClientAuthDataHook", "");
-    return false;
-  }
-
-  if (IsChannelIDEnabled(ssl_config_, channel_id_service_)) {
-    rv = SSL_SetClientChannelIDCallback(
-        nss_fd_, SSLClientSocketNSS::Core::ClientChannelIDHandler, this);
-    if (rv != SECSuccess) {
-      LogFailedNSSFunction(
-          *weak_net_log_, "SSL_SetClientChannelIDCallback", "");
-    }
-  }
-
-  rv = SSL_SetCanFalseStartCallback(
-      nss_fd_, SSLClientSocketNSS::Core::CanFalseStartCallback, this);
-  if (rv != SECSuccess) {
-    LogFailedNSSFunction(*weak_net_log_, "SSL_SetCanFalseStartCallback", "");
-    return false;
-  }
-
-  rv = SSL_HandshakeCallback(
-      nss_fd_, SSLClientSocketNSS::Core::HandshakeCallback, this);
-  if (rv != SECSuccess) {
-    LogFailedNSSFunction(*weak_net_log_, "SSL_HandshakeCallback", "");
-    return false;
-  }
-
-  return true;
-}
-
-int SSLClientSocketNSS::Core::Connect(const CompletionCallback& callback) {
-  if (!OnNSSTaskRunner()) {
-    DCHECK(!detached_);
-    bool posted = nss_task_runner_->PostTask(
-        FROM_HERE,
-        base::Bind(IgnoreResult(&Core::Connect), this, callback));
-    return posted ? ERR_IO_PENDING : ERR_ABORTED;
-  }
-
-  DCHECK(OnNSSTaskRunner());
-  DCHECK_EQ(STATE_NONE, next_handshake_state_);
-  DCHECK(user_read_callback_.is_null());
-  DCHECK(user_write_callback_.is_null());
-  DCHECK(user_connect_callback_.is_null());
-  DCHECK(!user_read_buf_.get());
-  DCHECK(!user_write_buf_.get());
-
-  next_handshake_state_ = STATE_HANDSHAKE;
-  int rv = DoHandshakeLoop(OK);
-  if (rv == ERR_IO_PENDING) {
-    user_connect_callback_ = callback;
-  } else if (rv > OK) {
-    rv = OK;
-  }
-  if (rv != ERR_IO_PENDING && !OnNetworkTaskRunner()) {
-    PostOrRunCallback(FROM_HERE, base::Bind(callback, rv));
-    return ERR_IO_PENDING;
-  }
-
-  return rv;
-}
-
-void SSLClientSocketNSS::Core::Detach() {
-  DCHECK(OnNetworkTaskRunner());
-
-  detached_ = true;
-  transport_ = NULL;
-  weak_net_log_factory_.InvalidateWeakPtrs();
-
-  network_handshake_state_.Reset();
-
-  channel_id_request_.Cancel();
-}
-
-int SSLClientSocketNSS::Core::Read(IOBuffer* buf, int buf_len,
-                                   const CompletionCallback& callback) {
-  if (!OnNSSTaskRunner()) {
-    DCHECK(OnNetworkTaskRunner());
-    DCHECK(!detached_);
-    DCHECK(transport_);
-    DCHECK(!nss_waiting_read_);
-
-    nss_waiting_read_ = true;
-    bool posted = nss_task_runner_->PostTask(
-        FROM_HERE, base::Bind(IgnoreResult(&Core::Read), this,
-                              base::RetainedRef(buf), buf_len, callback));
-    if (!posted) {
-      nss_is_closed_ = true;
-      nss_waiting_read_ = false;
-    }
-    return posted ? ERR_IO_PENDING : ERR_ABORTED;
-  }
-
-  DCHECK(OnNSSTaskRunner());
-  DCHECK(false_started_ || handshake_callback_called_);
-  DCHECK_EQ(STATE_NONE, next_handshake_state_);
-  DCHECK(user_read_callback_.is_null());
-  DCHECK(user_connect_callback_.is_null());
-  DCHECK(!user_read_buf_.get());
-  DCHECK(nss_bufs_);
-
-  user_read_buf_ = buf;
-  user_read_buf_len_ = buf_len;
-
-  int rv = DoReadLoop(OK);
-  if (rv == ERR_IO_PENDING) {
-    if (OnNetworkTaskRunner())
-      nss_waiting_read_ = true;
-    user_read_callback_ = callback;
-  } else {
-    user_read_buf_ = NULL;
-    user_read_buf_len_ = 0;
-
-    if (!OnNetworkTaskRunner()) {
-      PostOrRunCallback(FROM_HERE, base::Bind(&Core::DidNSSRead, this, rv));
-      PostOrRunCallback(FROM_HERE, base::Bind(callback, rv));
-      return ERR_IO_PENDING;
-    } else {
-      DCHECK(!nss_waiting_read_);
-      if (rv <= 0) {
-        nss_is_closed_ = true;
-      } else {
-        was_ever_used_ = true;
-      }
-    }
-  }
-
-  return rv;
-}
-
-int SSLClientSocketNSS::Core::Write(IOBuffer* buf, int buf_len,
-                                    const CompletionCallback& callback) {
-  if (!OnNSSTaskRunner()) {
-    DCHECK(OnNetworkTaskRunner());
-    DCHECK(!detached_);
-    DCHECK(transport_);
-    DCHECK(!nss_waiting_write_);
-
-    nss_waiting_write_ = true;
-    bool posted = nss_task_runner_->PostTask(
-        FROM_HERE, base::Bind(IgnoreResult(&Core::Write), this,
-                              base::RetainedRef(buf), buf_len, callback));
-    if (!posted) {
-      nss_is_closed_ = true;
-      nss_waiting_write_ = false;
-    }
-    return posted ? ERR_IO_PENDING : ERR_ABORTED;
-  }
-
-  DCHECK(OnNSSTaskRunner());
-  DCHECK(false_started_ || handshake_callback_called_);
-  DCHECK_EQ(STATE_NONE, next_handshake_state_);
-  DCHECK(user_write_callback_.is_null());
-  DCHECK(user_connect_callback_.is_null());
-  DCHECK(!user_write_buf_.get());
-  DCHECK(nss_bufs_);
-
-  user_write_buf_ = buf;
-  user_write_buf_len_ = buf_len;
-
-  int rv = DoWriteLoop(OK);
-  if (rv == ERR_IO_PENDING) {
-    if (OnNetworkTaskRunner())
-      nss_waiting_write_ = true;
-    user_write_callback_ = callback;
-  } else {
-    user_write_buf_ = NULL;
-    user_write_buf_len_ = 0;
-
-    if (!OnNetworkTaskRunner()) {
-      PostOrRunCallback(FROM_HERE, base::Bind(&Core::DidNSSWrite, this, rv));
-      PostOrRunCallback(FROM_HERE, base::Bind(callback, rv));
-      return ERR_IO_PENDING;
-    } else {
-      DCHECK(!nss_waiting_write_);
-      if (rv < 0) {
-        nss_is_closed_ = true;
-      } else if (rv > 0) {
-        was_ever_used_ = true;
-      }
-    }
-  }
-
-  return rv;
-}
-
-bool SSLClientSocketNSS::Core::IsConnected() const {
-  DCHECK(OnNetworkTaskRunner());
-  return !nss_is_closed_;
-}
-
-bool SSLClientSocketNSS::Core::HasPendingAsyncOperation() const {
-  DCHECK(OnNetworkTaskRunner());
-  return nss_waiting_read_ || nss_waiting_write_;
-}
-
-bool SSLClientSocketNSS::Core::HasUnhandledReceivedData() const {
-  DCHECK(OnNetworkTaskRunner());
-  return unhandled_buffer_size_ != 0;
-}
-
-bool SSLClientSocketNSS::Core::WasEverUsed() const {
-  DCHECK(OnNetworkTaskRunner());
-  return was_ever_used_;
-}
-
-void SSLClientSocketNSS::Core::CacheSessionIfNecessary() {
-  // TODO(rsleevi): This should occur on the NSS task runner, due to the use of
-  // nss_fd_. However, it happens on the network task runner in order to match
-  // the buggy behavior of ExportKeyingMaterial.
-  //
-  // Once http://crbug.com/330360 is fixed, this should be moved to an
-  // implementation that exclusively does this work on the NSS TaskRunner. This
-  // is "safe" because it is only called during the certificate verification
-  // state machine of the main socket, which is safe because no underlying
-  // transport IO will be occuring in that state, and NSS will not be blocking
-  // on any PKCS#11 related locks that might block the Network TaskRunner.
-  DCHECK(OnNetworkTaskRunner());
-
-  // Only cache the session if the connection was not False Started, because
-  // sessions should only be cached *after* the peer's Finished message is
-  // processed.
-  // In the case of False Start, the session will be cached once the
-  // HandshakeCallback is called, which signals the receipt and processing of
-  // the Finished message, and which will happen during a call to
-  // PR_Read/PR_Write.
-  if (!false_started_)
-    SSL_CacheSession(nss_fd_);
-}
-
-bool SSLClientSocketNSS::Core::OnNSSTaskRunner() const {
-  return nss_task_runner_->RunsTasksOnCurrentThread();
-}
-
-bool SSLClientSocketNSS::Core::OnNetworkTaskRunner() const {
-  return network_task_runner_->RunsTasksOnCurrentThread();
-}
-
-// static
-SECStatus SSLClientSocketNSS::Core::OwnAuthCertHandler(
-    void* arg,
-    PRFileDesc* socket,
-    PRBool checksig,
-    PRBool is_server) {
-  Core* core = reinterpret_cast<Core*>(arg);
-  if (core->handshake_callback_called_) {
-    // Disallow the server certificate to change in a renegotiation.
-    CERTCertificate* old_cert = core->nss_handshake_state_.server_cert_chain[0];
-    ScopedCERTCertificate new_cert(SSL_PeerCertificate(socket));
-    if (new_cert->derCert.len != old_cert->derCert.len ||
-        memcmp(new_cert->derCert.data, old_cert->derCert.data,
-               new_cert->derCert.len) != 0) {
-      // NSS doesn't have an error code that indicates the server certificate
-      // changed. Borrow SSL_ERROR_WRONG_CERTIFICATE (which NSS isn't using)
-      // for this purpose.
-      PORT_SetError(SSL_ERROR_WRONG_CERTIFICATE);
-      return SECFailure;
-    }
-  }
-
-  // Tell NSS to not verify the certificate.
-  return SECSuccess;
-}
-
-#if defined(OS_IOS)
-
-// static
-SECStatus SSLClientSocketNSS::Core::ClientAuthHandler(
-    void* arg,
-    PRFileDesc* socket,
-    CERTDistNames* ca_names,
-    CERTCertificate** result_certificate,
-    SECKEYPrivateKey** result_private_key) {
-  Core* core = reinterpret_cast<Core*>(arg);
-  DCHECK(core->OnNSSTaskRunner());
-
-  core->PostOrRunCallback(
-      FROM_HERE,
-      base::Bind(&AddLogEvent, core->weak_net_log_,
-                 NetLog::TYPE_SSL_CLIENT_CERT_REQUESTED));
-
-  // TODO(droger): Support client auth on iOS. See http://crbug.com/145954).
-  LOG(WARNING) << "Client auth is not supported";
-
-  // Never send a certificate.
-  core->AddCertProvidedEvent(0);
-  return SECFailure;
-}
-
-#else   // !OS_IOS
-
-// static
-// Based on Mozilla's NSS_GetClientAuthData.
-SECStatus SSLClientSocketNSS::Core::ClientAuthHandler(
-    void* arg,
-    PRFileDesc* socket,
-    CERTDistNames* ca_names,
-    CERTCertificate** result_certificate,
-    SECKEYPrivateKey** result_private_key) {
-  Core* core = reinterpret_cast<Core*>(arg);
-  DCHECK(core->OnNSSTaskRunner());
-
-  core->PostOrRunCallback(
-      FROM_HERE,
-      base::Bind(&AddLogEvent, core->weak_net_log_,
-                 NetLog::TYPE_SSL_CLIENT_CERT_REQUESTED));
-
-  // Regular client certificate requested.
-  core->client_auth_cert_needed_ = !core->ssl_config_.send_client_cert;
-  void* wincx  = SSL_RevealPinArg(socket);
-
-  if (core->ssl_config_.send_client_cert) {
-    // Second pass: a client certificate should have been selected.
-    if (core->ssl_config_.client_cert.get()) {
-      CERTCertificate* cert =
-          CERT_DupCertificate(core->ssl_config_.client_cert->os_cert_handle());
-      SECKEYPrivateKey* privkey = PK11_FindKeyByAnyCert(cert, wincx);
-      if (privkey) {
-        // TODO(jsorianopastor): We should wait for server certificate
-        // verification before sending our credentials.  See
-        // http://crbug.com/13934.
-        *result_certificate = cert;
-        *result_private_key = privkey;
-        // A cert_count of -1 means the number of certificates is unknown.
-        // NSS will construct the certificate chain.
-        core->AddCertProvidedEvent(-1);
-
-        return SECSuccess;
-      }
-      LOG(WARNING) << "Client cert found without private key";
-    }
-    // Send no client certificate.
-    core->AddCertProvidedEvent(0);
-    return SECFailure;
-  }
-
-  // First pass: client certificate is needed.
-  core->nss_handshake_state_.cert_authorities.clear();
-
-  // Retrieve the DER-encoded DistinguishedName of the cert issuers accepted by
-  // the server and save them in |cert_authorities|.
-  for (int i = 0; i < ca_names->nnames; i++) {
-    core->nss_handshake_state_.cert_authorities.push_back(std::string(
-        reinterpret_cast<const char*>(ca_names->names[i].data),
-        static_cast<size_t>(ca_names->names[i].len)));
-  }
-
-  // Update the network task runner's view of the handshake state now that
-  // server certificate request has been recorded.
-  core->PostOrRunCallback(
-      FROM_HERE, base::Bind(&Core::OnHandshakeStateUpdated, core,
-                            core->nss_handshake_state_));
-
-  // Tell NSS to suspend the client authentication.  We will then abort the
-  // handshake by returning ERR_SSL_CLIENT_AUTH_CERT_NEEDED.
-  return SECWouldBlock;
-}
-#endif  // OS_IOS
-
-// static
-SECStatus SSLClientSocketNSS::Core::CanFalseStartCallback(
-    PRFileDesc* socket,
-    void* arg,
-    PRBool* can_false_start) {
-  // If the server doesn't support NPN or ALPN, then we don't do False
-  // Start with it.
-  PRBool negotiated_extension;
-  SECStatus rv = SSL_HandshakeNegotiatedExtension(socket,
-                                                  ssl_app_layer_protocol_xtn,
-                                                  &negotiated_extension);
-  if (rv != SECSuccess || !negotiated_extension) {
-    rv = SSL_HandshakeNegotiatedExtension(socket,
-                                          ssl_next_proto_nego_xtn,
-                                          &negotiated_extension);
-  }
-  if (rv != SECSuccess || !negotiated_extension) {
-    *can_false_start = PR_FALSE;
-    return SECSuccess;
-  }
-
-  SSLChannelInfo channel_info;
-  SECStatus ok =
-      SSL_GetChannelInfo(socket, &channel_info, sizeof(channel_info));
-  if (ok != SECSuccess || channel_info.length != sizeof(channel_info) ||
-      channel_info.protocolVersion < SSL_LIBRARY_VERSION_TLS_1_2 ||
-      !IsSecureTLSCipherSuite(channel_info.cipherSuite)) {
-    *can_false_start = PR_FALSE;
-    return SECSuccess;
-  }
-
-  return SSL_RecommendedCanFalseStart(socket, can_false_start);
-}
-
-// static
-void SSLClientSocketNSS::Core::HandshakeCallback(
-    PRFileDesc* socket,
-    void* arg) {
-  Core* core = reinterpret_cast<Core*>(arg);
-  DCHECK(core->OnNSSTaskRunner());
-
-  bool is_initial = !core->handshake_callback_called_;
-  core->handshake_callback_called_ = true;
-  if (core->false_started_) {
-    core->false_started_ = false;
-    // If the connection was False Started, then at the time of this callback,
-    // the peer's certificate will have been verified or the caller will have
-    // accepted the error.
-    // This is guaranteed when using False Start because this callback will
-    // not be invoked until processing the peer's Finished message, which
-    // will only happen in a PR_Read/PR_Write call, which can only happen
-    // after the peer's certificate is verified.
-    SSL_CacheSessionUnlocked(socket);
-
-    // Additionally, when False Starting, DoHandshake() will have already
-    // called HandshakeSucceeded(), so return now.
-    return;
-  }
-  core->HandshakeSucceeded(is_initial);
-}
-
-void SSLClientSocketNSS::Core::HandshakeSucceeded(bool is_initial) {
-  DCHECK(OnNSSTaskRunner());
-
-  PRBool last_handshake_resumed;
-  SECStatus rv = SSL_HandshakeResumedSession(nss_fd_, &last_handshake_resumed);
-  if (rv == SECSuccess && last_handshake_resumed) {
-    nss_handshake_state_.resumed_handshake = true;
-  } else {
-    nss_handshake_state_.resumed_handshake = false;
-  }
-
-  RecordChannelIDSupportOnNSSTaskRunner();
-  UpdateServerCert();
-  UpdateSignedCertTimestamps();
-  UpdateStapledOCSPResponse();
-  UpdateConnectionStatus();
-  UpdateNextProto();
-  UpdateExtensionUsed();
-
-  if (is_initial && IsRenegotiationAllowed()) {
-    // For compatibility, do not enforce RFC 5746 support. Per section 4.1,
-    // enforcement falls largely on the server.
-    //
-    // This is done in a callback rather than after SSL_ForceHandshake returns
-    // because SSL_ForceHandshake will otherwise greedly consume renegotiations
-    // before returning if Finished and HelloRequest are in the same
-    // record.
-    //
-    // Note that SSL_OptionSet should only be called for an initial
-    // handshake. See https://crbug.com/125299.
-    SECStatus rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_RENEGOTIATION,
-                                 SSL_RENEGOTIATE_TRANSITIONAL);
-    DCHECK_EQ(SECSuccess, rv);
-  }
-
-  // Update the network task runners view of the handshake state whenever
-  // a handshake has completed.
-  PostOrRunCallback(
-      FROM_HERE, base::Bind(&Core::OnHandshakeStateUpdated, this,
-                            nss_handshake_state_));
-}
-
-int SSLClientSocketNSS::Core::HandleNSSError(PRErrorCode nss_error) {
-  DCHECK(OnNSSTaskRunner());
-
-  return MapNSSClientError(nss_error);
-}
-
-int SSLClientSocketNSS::Core::DoHandshakeLoop(int last_io_result) {
-  DCHECK(OnNSSTaskRunner());
-
-  int rv = last_io_result;
-  do {
-    // Default to STATE_NONE for next state.
-    State state = next_handshake_state_;
-    GotoState(STATE_NONE);
-
-    switch (state) {
-      case STATE_HANDSHAKE:
-        rv = DoHandshake();
-        break;
-      case STATE_GET_DOMAIN_BOUND_CERT_COMPLETE:
-        rv = DoGetDBCertComplete(rv);
-        break;
-      case STATE_NONE:
-      default:
-        rv = ERR_UNEXPECTED;
-        LOG(DFATAL) << "unexpected state " << state;
-        break;
-    }
-
-    // Do the actual network I/O
-    bool network_moved = DoTransportIO();
-    if (network_moved && next_handshake_state_ == STATE_HANDSHAKE) {
-      // In general we exit the loop if rv is ERR_IO_PENDING.  In this
-      // special case we keep looping even if rv is ERR_IO_PENDING because
-      // the transport IO may allow DoHandshake to make progress.
-      DCHECK(rv == OK || rv == ERR_IO_PENDING);
-      rv = OK;  // This causes us to stay in the loop.
-    }
-  } while (rv != ERR_IO_PENDING && next_handshake_state_ != STATE_NONE);
-  return rv;
-}
-
-int SSLClientSocketNSS::Core::DoReadLoop(int result) {
-  DCHECK(OnNSSTaskRunner());
-  DCHECK(false_started_ || handshake_callback_called_);
-  DCHECK_EQ(STATE_NONE, next_handshake_state_);
-
-  if (result < 0)
-    return result;
-
-  if (!nss_bufs_) {
-    LOG(DFATAL) << "!nss_bufs_";
-    int rv = ERR_UNEXPECTED;
-    PostOrRunCallback(
-        FROM_HERE,
-        base::Bind(&AddLogEventWithCallback, weak_net_log_,
-                   NetLog::TYPE_SSL_READ_ERROR,
-                   CreateNetLogSSLErrorCallback(rv, 0)));
-    return rv;
-  }
-
-  bool network_moved;
-  int rv;
-  do {
-    rv = DoPayloadRead();
-    network_moved = DoTransportIO();
-  } while (rv == ERR_IO_PENDING && network_moved);
-
-  return rv;
-}
-
-int SSLClientSocketNSS::Core::DoWriteLoop(int result) {
-  DCHECK(OnNSSTaskRunner());
-  DCHECK(false_started_ || handshake_callback_called_);
-  DCHECK_EQ(STATE_NONE, next_handshake_state_);
-
-  if (result < 0)
-    return result;
-
-  if (!nss_bufs_) {
-    LOG(DFATAL) << "!nss_bufs_";
-    int rv = ERR_UNEXPECTED;
-    PostOrRunCallback(
-        FROM_HERE,
-        base::Bind(&AddLogEventWithCallback, weak_net_log_,
-                   NetLog::TYPE_SSL_READ_ERROR,
-                   CreateNetLogSSLErrorCallback(rv, 0)));
-    return rv;
-  }
-
-  bool network_moved;
-  int rv;
-  do {
-    rv = DoPayloadWrite();
-    network_moved = DoTransportIO();
-  } while (rv == ERR_IO_PENDING && network_moved);
-
-  LeaveFunction(rv);
-  return rv;
-}
-
-int SSLClientSocketNSS::Core::DoHandshake() {
-  DCHECK(OnNSSTaskRunner());
-
-  int net_error = OK;
-  SECStatus rv = SSL_ForceHandshake(nss_fd_);
-
-  // Note: this function may be called multiple times during the handshake, so
-  // even though channel id and client auth are separate else cases, they can
-  // both be used during a single SSL handshake.
-  if (channel_id_needed_) {
-    GotoState(STATE_GET_DOMAIN_BOUND_CERT_COMPLETE);
-    net_error = ERR_IO_PENDING;
-  } else if (client_auth_cert_needed_) {
-    net_error = ERR_SSL_CLIENT_AUTH_CERT_NEEDED;
-    PostOrRunCallback(
-        FROM_HERE,
-        base::Bind(&AddLogEventWithCallback, weak_net_log_,
-                   NetLog::TYPE_SSL_HANDSHAKE_ERROR,
-                   CreateNetLogSSLErrorCallback(net_error, 0)));
-  } else if (rv == SECSuccess) {
-    if (!handshake_callback_called_) {
-      false_started_ = true;
-      HandshakeSucceeded(true);
-    }
-  } else {
-    PRErrorCode prerr = PR_GetError();
-    net_error = HandleNSSError(prerr);
-
-    // If not done, stay in this state
-    if (net_error == ERR_IO_PENDING) {
-      GotoState(STATE_HANDSHAKE);
-    } else {
-      PostOrRunCallback(
-          FROM_HERE,
-          base::Bind(&AddLogEventWithCallback, weak_net_log_,
-                     NetLog::TYPE_SSL_HANDSHAKE_ERROR,
-                     CreateNetLogSSLErrorCallback(net_error, prerr)));
-    }
-  }
-
-  return net_error;
-}
-
-int SSLClientSocketNSS::Core::DoGetDBCertComplete(int result) {
-  SECStatus rv;
-  PostOrRunCallback(
-      FROM_HERE,
-      base::Bind(&BoundNetLog::EndEventWithNetErrorCode, weak_net_log_,
-                 NetLog::TYPE_SSL_GET_DOMAIN_BOUND_CERT, result));
-
-  channel_id_needed_ = false;
-
-  if (result != OK)
-    return result;
-
-  SECKEYPublicKey* public_key;
-  SECKEYPrivateKey* private_key;
-  int error = ImportChannelIDKeys(&public_key, &private_key);
-  if (error != OK)
-    return error;
-
-  rv = SSL_RestartHandshakeAfterChannelIDReq(nss_fd_, public_key, private_key);
-  if (rv != SECSuccess)
-    return MapNSSError(PORT_GetError());
-
-  SetChannelIDProvided();
-  GotoState(STATE_HANDSHAKE);
-  return OK;
-}
-
-int SSLClientSocketNSS::Core::DoPayloadRead() {
-  DCHECK(OnNSSTaskRunner());
-  DCHECK(user_read_buf_.get());
-  DCHECK_GT(user_read_buf_len_, 0);
-
-  int rv;
-  // If a previous greedy read resulted in an error that was not consumed (eg:
-  // due to the caller having read some data successfully), then return that
-  // pending error now.
-  if (pending_read_result_ != kNoPendingReadResult) {
-    rv = pending_read_result_;
-    PRErrorCode prerr = pending_read_nss_error_;
-    pending_read_result_ = kNoPendingReadResult;
-    pending_read_nss_error_ = 0;
-
-    if (rv == 0) {
-      PostOrRunCallback(FROM_HERE,
-                        base::Bind(&LogByteTransferEvent, weak_net_log_,
-                                   NetLog::TYPE_SSL_SOCKET_BYTES_RECEIVED, rv,
-                                   base::RetainedRef(user_read_buf_)));
-    } else {
-      PostOrRunCallback(
-          FROM_HERE,
-          base::Bind(&AddLogEventWithCallback, weak_net_log_,
-                     NetLog::TYPE_SSL_READ_ERROR,
-                     CreateNetLogSSLErrorCallback(rv, prerr)));
-    }
-    return rv;
-  }
-
-  // Perform a greedy read, attempting to read as much as the caller has
-  // requested. In the current NSS implementation, PR_Read will return
-  // exactly one SSL application data record's worth of data per invocation.
-  // The record size is dictated by the server, and may be noticeably smaller
-  // than the caller's buffer. This may be as little as a single byte, if the
-  // server is performing 1/n-1 record splitting.
-  //
-  // However, this greedy read may result in renegotiations/re-handshakes
-  // happening or may lead to some data being read, followed by an EOF (such as
-  // a TLS close-notify). If at least some data was read, then that result
-  // should be deferred until the next call to DoPayloadRead(). Otherwise, if no
-  // data was read, it's safe to return the error or EOF immediately.
-  int total_bytes_read = 0;
-  do {
-    rv = PR_Read(nss_fd_, user_read_buf_->data() + total_bytes_read,
-                 user_read_buf_len_ - total_bytes_read);
-    if (rv > 0)
-      total_bytes_read += rv;
-  } while (total_bytes_read < user_read_buf_len_ && rv > 0);
-  int amount_in_read_buffer = memio_GetReadableBufferSize(nss_bufs_);
-  PostOrRunCallback(FROM_HERE, base::Bind(&Core::OnNSSBufferUpdated, this,
-                                          amount_in_read_buffer));
-
-  if (total_bytes_read == user_read_buf_len_) {
-    // The caller's entire request was satisfied without error. No further
-    // processing needed.
-    rv = total_bytes_read;
-  } else {
-    // Otherwise, an error occurred (rv <= 0). The error needs to be handled
-    // immediately, while the NSPR/NSS errors are still available in
-    // thread-local storage. However, the handled/remapped error code should
-    // only be returned if no application data was already read; if it was, the
-    // error code should be deferred until the next call of DoPayloadRead.
-    //
-    // If no data was read, |*next_result| will point to the return value of
-    // this function. If at least some data was read, |*next_result| will point
-    // to |pending_read_error_|, to be returned in a future call to
-    // DoPayloadRead() (e.g.: after the current data is handled).
-    int* next_result = &rv;
-    if (total_bytes_read > 0) {
-      pending_read_result_ = rv;
-      rv = total_bytes_read;
-      next_result = &pending_read_result_;
-    }
-
-    if (client_auth_cert_needed_) {
-      *next_result = ERR_SSL_CLIENT_AUTH_CERT_NEEDED;
-      pending_read_nss_error_ = 0;
-    } else if (*next_result < 0) {
-      // If *next_result == 0, then that indicates EOF, and no special error
-      // handling is needed.
-      pending_read_nss_error_ = PR_GetError();
-      *next_result = HandleNSSError(pending_read_nss_error_);
-      if (rv > 0 && *next_result == ERR_IO_PENDING) {
-        // If at least some data was read from PR_Read(), do not treat
-        // insufficient data as an error to return in the next call to
-        // DoPayloadRead() - instead, let the call fall through to check
-        // PR_Read() again. This is because DoTransportIO() may complete
-        // in between the next call to DoPayloadRead(), and thus it is
-        // important to check PR_Read() on subsequent invocations to see
-        // if a complete record may now be read.
-        pending_read_nss_error_ = 0;
-        pending_read_result_ = kNoPendingReadResult;
-      }
-    }
-  }
-
-  DCHECK_NE(ERR_IO_PENDING, pending_read_result_);
-
-  if (rv >= 0) {
-    PostOrRunCallback(FROM_HERE,
-                      base::Bind(&LogByteTransferEvent, weak_net_log_,
-                                 NetLog::TYPE_SSL_SOCKET_BYTES_RECEIVED, rv,
-                                 base::RetainedRef(user_read_buf_)));
-  } else if (rv != ERR_IO_PENDING) {
-    PostOrRunCallback(
-        FROM_HERE,
-        base::Bind(&AddLogEventWithCallback, weak_net_log_,
-                   NetLog::TYPE_SSL_READ_ERROR,
-                   CreateNetLogSSLErrorCallback(rv, pending_read_nss_error_)));
-    pending_read_nss_error_ = 0;
-  }
-  return rv;
-}
-
-int SSLClientSocketNSS::Core::DoPayloadWrite() {
-  DCHECK(OnNSSTaskRunner());
-
-  DCHECK(user_write_buf_.get());
-
-  int old_amount_in_read_buffer = memio_GetReadableBufferSize(nss_bufs_);
-  int rv = PR_Write(nss_fd_, user_write_buf_->data(), user_write_buf_len_);
-  int new_amount_in_read_buffer = memio_GetReadableBufferSize(nss_bufs_);
-  // PR_Write could potentially consume the unhandled data in the memio read
-  // buffer if a renegotiation is in progress. If the buffer is consumed,
-  // notify the latest buffer size to NetworkRunner.
-  if (old_amount_in_read_buffer != new_amount_in_read_buffer) {
-    PostOrRunCallback(
-        FROM_HERE,
-        base::Bind(&Core::OnNSSBufferUpdated, this, new_amount_in_read_buffer));
-  }
-  if (rv >= 0) {
-    PostOrRunCallback(FROM_HERE,
-                      base::Bind(&LogByteTransferEvent, weak_net_log_,
-                                 NetLog::TYPE_SSL_SOCKET_BYTES_SENT, rv,
-                                 base::RetainedRef(user_write_buf_)));
-    return rv;
-  }
-  PRErrorCode prerr = PR_GetError();
-  if (prerr == PR_WOULD_BLOCK_ERROR)
-    return ERR_IO_PENDING;
-
-  rv = HandleNSSError(prerr);
-  PostOrRunCallback(
-      FROM_HERE,
-      base::Bind(&AddLogEventWithCallback, weak_net_log_,
-                 NetLog::TYPE_SSL_WRITE_ERROR,
-                 CreateNetLogSSLErrorCallback(rv, prerr)));
-  return rv;
-}
-
-// Do as much network I/O as possible between the buffer and the
-// transport socket. Return true if some I/O performed, false
-// otherwise (error or ERR_IO_PENDING).
-bool SSLClientSocketNSS::Core::DoTransportIO() {
-  DCHECK(OnNSSTaskRunner());
-
-  bool network_moved = false;
-  if (nss_bufs_ != NULL) {
-    int rv;
-    // Read and write as much data as we can. The loop is neccessary
-    // because Write() may return synchronously.
-    do {
-      rv = BufferSend();
-      if (rv != ERR_IO_PENDING && rv != 0)
-        network_moved = true;
-    } while (rv > 0);
-    if (!transport_recv_eof_ && BufferRecv() != ERR_IO_PENDING)
-      network_moved = true;
-  }
-  return network_moved;
-}
-
-int SSLClientSocketNSS::Core::BufferRecv() {
-  DCHECK(OnNSSTaskRunner());
-
-  if (transport_recv_busy_)
-    return ERR_IO_PENDING;
-
-  // If NSS is blocked on reading from |nss_bufs_|, because it is empty,
-  // determine how much data NSS wants to read. If NSS was not blocked,
-  // this will return 0.
-  int requested = memio_GetReadRequest(nss_bufs_);
-  if (requested == 0) {
-    // This is not a perfect match of error codes, as no operation is
-    // actually pending. However, returning 0 would be interpreted as a
-    // possible sign of EOF, which is also an inappropriate match.
-    return ERR_IO_PENDING;
-  }
-
-  char* buf;
-  int nb = memio_GetReadParams(nss_bufs_, &buf);
-  int rv;
-  if (!nb) {
-    // buffer too full to read into, so no I/O possible at moment
-    rv = ERR_IO_PENDING;
-  } else {
-    scoped_refptr<IOBuffer> read_buffer(new IOBuffer(nb));
-    if (OnNetworkTaskRunner()) {
-      rv = DoBufferRecv(read_buffer.get(), nb);
-    } else {
-      bool posted = network_task_runner_->PostTask(
-          FROM_HERE, base::Bind(IgnoreResult(&Core::DoBufferRecv), this,
-                                base::RetainedRef(read_buffer), nb));
-      rv = posted ? ERR_IO_PENDING : ERR_ABORTED;
-    }
-
-    if (rv == ERR_IO_PENDING) {
-      transport_recv_busy_ = true;
-    } else {
-      if (rv > 0) {
-        memcpy(buf, read_buffer->data(), rv);
-      } else if (rv == 0) {
-        transport_recv_eof_ = true;
-      }
-      memio_PutReadResult(nss_bufs_, MapErrorToNSS(rv));
-    }
-  }
-  return rv;
-}
-
-// Return 0 if nss_bufs_ was empty,
-// > 0 for bytes transferred immediately,
-// < 0 for error (or the non-error ERR_IO_PENDING).
-int SSLClientSocketNSS::Core::BufferSend() {
-  DCHECK(OnNSSTaskRunner());
-
-  if (transport_send_busy_)
-    return ERR_IO_PENDING;
-
-  const char* buf1;
-  const char* buf2;
-  unsigned int len1, len2;
-  if (memio_GetWriteParams(nss_bufs_, &buf1, &len1, &buf2, &len2)) {
-    // It is important this return synchronously to prevent spinning infinitely
-    // in the off-thread NSS case. The error code itself is ignored, so just
-    // return ERR_ABORTED. See https://crbug.com/381160.
-    return ERR_ABORTED;
-  }
-  const size_t len = len1 + len2;
-
-  int rv = 0;
-  if (len) {
-    scoped_refptr<IOBuffer> send_buffer(new IOBuffer(len));
-    memcpy(send_buffer->data(), buf1, len1);
-    memcpy(send_buffer->data() + len1, buf2, len2);
-
-    if (OnNetworkTaskRunner()) {
-      rv = DoBufferSend(send_buffer.get(), len);
-    } else {
-      bool posted = network_task_runner_->PostTask(
-          FROM_HERE, base::Bind(IgnoreResult(&Core::DoBufferSend), this,
-                                base::RetainedRef(send_buffer), len));
-      rv = posted ? ERR_IO_PENDING : ERR_ABORTED;
-    }
-
-    if (rv == ERR_IO_PENDING) {
-      transport_send_busy_ = true;
-    } else {
-      memio_PutWriteResult(nss_bufs_, MapErrorToNSS(rv));
-    }
-  }
-
-  return rv;
-}
-
-void SSLClientSocketNSS::Core::OnRecvComplete(int result) {
-  DCHECK(OnNSSTaskRunner());
-
-  if (next_handshake_state_ == STATE_HANDSHAKE) {
-    OnHandshakeIOComplete(result);
-    return;
-  }
-
-  // Network layer received some data, check if client requested to read
-  // decrypted data.
-  if (!user_read_buf_.get())
-    return;
-
-  int rv = DoReadLoop(result);
-  if (rv != ERR_IO_PENDING)
-    DoReadCallback(rv);
-}
-
-void SSLClientSocketNSS::Core::OnSendComplete(int result) {
-  DCHECK(OnNSSTaskRunner());
-
-  if (next_handshake_state_ == STATE_HANDSHAKE) {
-    OnHandshakeIOComplete(result);
-    return;
-  }
-
-  // OnSendComplete may need to call DoPayloadRead while the renegotiation
-  // handshake is in progress.
-  int rv_read = ERR_IO_PENDING;
-  int rv_write = ERR_IO_PENDING;
-  bool network_moved;
-  do {
-    if (user_read_buf_.get())
-      rv_read = DoPayloadRead();
-    if (user_write_buf_.get())
-      rv_write = DoPayloadWrite();
-    network_moved = DoTransportIO();
-  } while (rv_read == ERR_IO_PENDING && rv_write == ERR_IO_PENDING &&
-           (user_read_buf_.get() || user_write_buf_.get()) && network_moved);
-
-  // If the parent SSLClientSocketNSS is deleted during the processing of the
-  // Read callback and OnNSSTaskRunner() == OnNetworkTaskRunner(), then the Core
-  // will be detached (and possibly deleted). Guard against deletion by taking
-  // an extra reference, then check if the Core was detached before invoking the
-  // next callback.
-  scoped_refptr<Core> guard(this);
-  if (user_read_buf_.get() && rv_read != ERR_IO_PENDING)
-    DoReadCallback(rv_read);
-
-  if (OnNetworkTaskRunner() && detached_)
-    return;
-
-  if (user_write_buf_.get() && rv_write != ERR_IO_PENDING)
-    DoWriteCallback(rv_write);
-}
-
-// As part of Connect(), the SSLClientSocketNSS object performs an SSL
-// handshake. This requires network IO, which in turn calls
-// BufferRecvComplete() with a non-zero byte count. This byte count eventually
-// winds its way through the state machine and ends up being passed to the
-// callback. For Read() and Write(), that's what we want. But for Connect(),
-// the caller expects OK (i.e. 0) for success.
-void SSLClientSocketNSS::Core::DoConnectCallback(int rv) {
-  DCHECK(OnNSSTaskRunner());
-  DCHECK_NE(rv, ERR_IO_PENDING);
-  DCHECK(!user_connect_callback_.is_null());
-
-  base::Closure c = base::Bind(
-      base::ResetAndReturn(&user_connect_callback_),
-      rv > OK ? OK : rv);
-  PostOrRunCallback(FROM_HERE, c);
-}
-
-void SSLClientSocketNSS::Core::DoReadCallback(int rv) {
-  DCHECK(OnNSSTaskRunner());
-  DCHECK_NE(ERR_IO_PENDING, rv);
-  DCHECK(!user_read_callback_.is_null());
-
-  user_read_buf_ = NULL;
-  user_read_buf_len_ = 0;
-  int amount_in_read_buffer = memio_GetReadableBufferSize(nss_bufs_);
-  // This is used to curry the |amount_int_read_buffer| and |user_cb| back to
-  // the network task runner.
-  PostOrRunCallback(
-      FROM_HERE,
-      base::Bind(&Core::OnNSSBufferUpdated, this, amount_in_read_buffer));
-  PostOrRunCallback(
-      FROM_HERE,
-      base::Bind(&Core::DidNSSRead, this, rv));
-  PostOrRunCallback(
-      FROM_HERE,
-      base::Bind(base::ResetAndReturn(&user_read_callback_), rv));
-}
-
-void SSLClientSocketNSS::Core::DoWriteCallback(int rv) {
-  DCHECK(OnNSSTaskRunner());
-  DCHECK_NE(ERR_IO_PENDING, rv);
-  DCHECK(!user_write_callback_.is_null());
-
-  // Since Run may result in Write being called, clear |user_write_callback_|
-  // up front.
-  user_write_buf_ = NULL;
-  user_write_buf_len_ = 0;
-  // Update buffer status because DoWriteLoop called DoTransportIO which may
-  // perform read operations.
-  int amount_in_read_buffer = memio_GetReadableBufferSize(nss_bufs_);
-  // This is used to curry the |amount_int_read_buffer| and |user_cb| back to
-  // the network task runner.
-  PostOrRunCallback(
-      FROM_HERE,
-      base::Bind(&Core::OnNSSBufferUpdated, this, amount_in_read_buffer));
-  PostOrRunCallback(
-      FROM_HERE,
-      base::Bind(&Core::DidNSSWrite, this, rv));
-  PostOrRunCallback(
-      FROM_HERE,
-      base::Bind(base::ResetAndReturn(&user_write_callback_), rv));
-}
-
-SECStatus SSLClientSocketNSS::Core::ClientChannelIDHandler(
-    void* arg,
-    PRFileDesc* socket,
-    SECKEYPublicKey **out_public_key,
-    SECKEYPrivateKey **out_private_key) {
-  Core* core = reinterpret_cast<Core*>(arg);
-  DCHECK(core->OnNSSTaskRunner());
-
-  core->PostOrRunCallback(
-      FROM_HERE,
-      base::Bind(&AddLogEvent, core->weak_net_log_,
-                 NetLog::TYPE_SSL_CHANNEL_ID_REQUESTED));
-
-  // We have negotiated the TLS channel ID extension.
-  core->channel_id_xtn_negotiated_ = true;
-  std::string host = core->host_and_port_.host();
-  int error = ERR_UNEXPECTED;
-  if (core->OnNetworkTaskRunner()) {
-    error = core->DoGetChannelID(host);
-  } else {
-    bool posted = core->network_task_runner_->PostTask(
-        FROM_HERE,
-        base::Bind(
-            IgnoreResult(&Core::DoGetChannelID),
-            core, host));
-    error = posted ? ERR_IO_PENDING : ERR_ABORTED;
-  }
-
-  if (error == ERR_IO_PENDING) {
-    // Asynchronous case.
-    core->channel_id_needed_ = true;
-    return SECWouldBlock;
-  }
-
-  core->PostOrRunCallback(
-      FROM_HERE,
-      base::Bind(&BoundNetLog::EndEventWithNetErrorCode, core->weak_net_log_,
-                 NetLog::TYPE_SSL_GET_DOMAIN_BOUND_CERT, error));
-  SECStatus rv = SECSuccess;
-  if (error == OK) {
-    // Synchronous success.
-    int result = core->ImportChannelIDKeys(out_public_key, out_private_key);
-    if (result == OK)
-      core->SetChannelIDProvided();
-    else
-      rv = SECFailure;
-  } else {
-    rv = SECFailure;
-  }
-
-  return rv;
-}
-
-int SSLClientSocketNSS::Core::ImportChannelIDKeys(SECKEYPublicKey** public_key,
-                                                  SECKEYPrivateKey** key) {
-  if (!channel_id_key_)
-    return SECFailure;
-
-  *public_key = SECKEY_CopyPublicKey(channel_id_key_->public_key());
-  *key = SECKEY_CopyPrivateKey(channel_id_key_->key());
-
-  return OK;
-}
-
-void SSLClientSocketNSS::Core::UpdateServerCert() {
-  nss_handshake_state_.server_cert_chain.Reset(nss_fd_);
-  nss_handshake_state_.server_cert = X509Certificate::CreateFromDERCertChain(
-      nss_handshake_state_.server_cert_chain.AsStringPieceVector());
-  if (nss_handshake_state_.server_cert.get()) {
-    // Since this will be called asynchronously on another thread, it needs to
-    // own a reference to the certificate.
-    NetLog::ParametersCallback net_log_callback =
-        base::Bind(&NetLogX509CertificateCallback,
-                   base::RetainedRef(nss_handshake_state_.server_cert));
-    PostOrRunCallback(
-        FROM_HERE,
-        base::Bind(&AddLogEventWithCallback, weak_net_log_,
-                   NetLog::TYPE_SSL_CERTIFICATES_RECEIVED,
-                   net_log_callback));
-  }
-}
-
-void SSLClientSocketNSS::Core::UpdateSignedCertTimestamps() {
-  const SECItem* signed_cert_timestamps =
-      SSL_PeerSignedCertTimestamps(nss_fd_);
-
-  if (!signed_cert_timestamps || !signed_cert_timestamps->len)
-    return;
-
-  nss_handshake_state_.sct_list_from_tls_extension = std::string(
-      reinterpret_cast<char*>(signed_cert_timestamps->data),
-      signed_cert_timestamps->len);
-}
-
-void SSLClientSocketNSS::Core::UpdateStapledOCSPResponse() {
-  PRBool ocsp_requested = PR_FALSE;
-  SSL_OptionGet(nss_fd_, SSL_ENABLE_OCSP_STAPLING, &ocsp_requested);
-  const SECItemArray* ocsp_responses =
-      SSL_PeerStapledOCSPResponses(nss_fd_);
-  bool ocsp_responses_present = ocsp_responses && ocsp_responses->len;
-  if (ocsp_requested)
-    UMA_HISTOGRAM_BOOLEAN("Net.OCSPResponseStapled", ocsp_responses_present);
-  if (!ocsp_responses_present)
-    return;
-
-  nss_handshake_state_.stapled_ocsp_response = std::string(
-      reinterpret_cast<char*>(ocsp_responses->items[0].data),
-      ocsp_responses->items[0].len);
-}
-
-void SSLClientSocketNSS::Core::UpdateConnectionStatus() {
-  // Note: This function may be called multiple times for a single connection
-  // if renegotiations occur.
-  nss_handshake_state_.ssl_connection_status = 0;
-
-  SSLChannelInfo channel_info;
-  SECStatus ok = SSL_GetChannelInfo(nss_fd_,
-                                    &channel_info, sizeof(channel_info));
-  if (ok == SECSuccess &&
-      channel_info.length == sizeof(channel_info) &&
-      channel_info.cipherSuite) {
-    nss_handshake_state_.ssl_connection_status |= channel_info.cipherSuite;
-
-    nss_handshake_state_.ssl_connection_status |=
-        (static_cast<int>(channel_info.compressionMethod) &
-         SSL_CONNECTION_COMPRESSION_MASK) <<
-        SSL_CONNECTION_COMPRESSION_SHIFT;
-
-    int version = SSL_CONNECTION_VERSION_UNKNOWN;
-    if (channel_info.protocolVersion == SSL_LIBRARY_VERSION_TLS_1_0) {
-      version = SSL_CONNECTION_VERSION_TLS1;
-    } else if (channel_info.protocolVersion == SSL_LIBRARY_VERSION_TLS_1_1) {
-      version = SSL_CONNECTION_VERSION_TLS1_1;
-    } else if (channel_info.protocolVersion == SSL_LIBRARY_VERSION_TLS_1_2) {
-      version = SSL_CONNECTION_VERSION_TLS1_2;
-    }
-    DCHECK_NE(SSL_CONNECTION_VERSION_UNKNOWN, version);
-    nss_handshake_state_.ssl_connection_status |=
-        (version & SSL_CONNECTION_VERSION_MASK) <<
-        SSL_CONNECTION_VERSION_SHIFT;
-  }
-
-  PRBool peer_supports_renego_ext;
-  ok = SSL_HandshakeNegotiatedExtension(nss_fd_, ssl_renegotiation_info_xtn,
-                                        &peer_supports_renego_ext);
-  if (ok == SECSuccess) {
-    if (!peer_supports_renego_ext) {
-      nss_handshake_state_.ssl_connection_status |=
-          SSL_CONNECTION_NO_RENEGOTIATION_EXTENSION;
-      // Log an informational message if the server does not support secure
-      // renegotiation (RFC 5746).
-      VLOG(1) << "The server " << host_and_port_.ToString()
-              << " does not support the TLS renegotiation_info extension.";
-    }
-  }
-
-  if (ssl_config_.version_fallback) {
-    nss_handshake_state_.ssl_connection_status |=
-        SSL_CONNECTION_VERSION_FALLBACK;
-  }
-}
-
-void SSLClientSocketNSS::Core::UpdateNextProto() {
-  uint8_t buf[256];
-  SSLNextProtoState state;
-  unsigned buf_len;
-
-  SECStatus rv = SSL_GetNextProto(nss_fd_, &state, buf, &buf_len, sizeof(buf));
-  if (rv != SECSuccess)
-    return;
-
-  nss_handshake_state_.next_proto =
-      std::string(reinterpret_cast<char*>(buf), buf_len);
-  switch (state) {
-    case SSL_NEXT_PROTO_NEGOTIATED:
-    case SSL_NEXT_PROTO_SELECTED:
-      nss_handshake_state_.next_proto_status = kNextProtoNegotiated;
-      break;
-    case SSL_NEXT_PROTO_NO_OVERLAP:
-      nss_handshake_state_.next_proto_status = kNextProtoNoOverlap;
-      break;
-    case SSL_NEXT_PROTO_NO_SUPPORT:
-      nss_handshake_state_.next_proto_status = kNextProtoUnsupported;
-      break;
-    default:
-      NOTREACHED();
-      break;
-  }
-}
-
-void SSLClientSocketNSS::Core::UpdateExtensionUsed() {
-  PRBool negotiated_extension;
-  SECStatus rv = SSL_HandshakeNegotiatedExtension(nss_fd_,
-                                                  ssl_app_layer_protocol_xtn,
-                                                  &negotiated_extension);
-  if (rv == SECSuccess && negotiated_extension) {
-    nss_handshake_state_.negotiation_extension_ = kExtensionALPN;
-  } else {
-    rv = SSL_HandshakeNegotiatedExtension(nss_fd_,
-                                          ssl_next_proto_nego_xtn,
-                                          &negotiated_extension);
-    if (rv == SECSuccess && negotiated_extension) {
-      nss_handshake_state_.negotiation_extension_ = kExtensionNPN;
-    }
-  }
-}
-
-bool SSLClientSocketNSS::Core::IsRenegotiationAllowed() const {
-  DCHECK(OnNSSTaskRunner());
-
-  if (nss_handshake_state_.next_proto_status == kNextProtoUnsupported)
-    return ssl_config_.renego_allowed_default;
-
-  NextProto next_proto = NextProtoFromString(nss_handshake_state_.next_proto);
-  for (NextProto allowed : ssl_config_.renego_allowed_for_protos) {
-    if (next_proto == allowed)
-      return true;
-  }
-  return false;
-}
-
-void SSLClientSocketNSS::Core::RecordChannelIDSupportOnNSSTaskRunner() {
-  DCHECK(OnNSSTaskRunner());
-  if (nss_handshake_state_.resumed_handshake)
-    return;
-
-  // Copy the NSS task runner-only state to the network task runner and
-  // log histograms from there, since the histograms also need access to the
-  // network task runner state.
-  PostOrRunCallback(
-      FROM_HERE,
-      base::Bind(&Core::RecordChannelIDSupportOnNetworkTaskRunner, this,
-                 channel_id_xtn_negotiated_, ssl_config_.channel_id_enabled));
-}
-
-void SSLClientSocketNSS::Core::RecordChannelIDSupportOnNetworkTaskRunner(
-    bool negotiated_channel_id,
-    bool channel_id_enabled) const {
-  DCHECK(OnNetworkTaskRunner());
-
-  RecordChannelIDSupport(channel_id_service_, negotiated_channel_id,
-                         channel_id_enabled);
-}
-
-int SSLClientSocketNSS::Core::DoBufferRecv(IOBuffer* read_buffer, int len) {
-  DCHECK(OnNetworkTaskRunner());
-  DCHECK_GT(len, 0);
-
-  if (detached_)
-    return ERR_ABORTED;
-
-  int rv = transport_->socket()->Read(
-      read_buffer, len,
-      base::Bind(&Core::BufferRecvComplete, base::Unretained(this),
-                 base::RetainedRef(read_buffer)));
-
-  if (!OnNSSTaskRunner() && rv != ERR_IO_PENDING) {
-    nss_task_runner_->PostTask(FROM_HERE,
-                               base::Bind(&Core::BufferRecvComplete, this,
-                                          base::RetainedRef(read_buffer), rv));
-    return rv;
-  }
-
-  return rv;
-}
-
-int SSLClientSocketNSS::Core::DoBufferSend(IOBuffer* send_buffer, int len) {
-  DCHECK(OnNetworkTaskRunner());
-  DCHECK_GT(len, 0);
-
-  if (detached_)
-    return ERR_ABORTED;
-
-  int rv = transport_->socket()->Write(
-      send_buffer, len,
-      base::Bind(&Core::BufferSendComplete,
-                 base::Unretained(this)));
-
-  if (!OnNSSTaskRunner() && rv != ERR_IO_PENDING) {
-    nss_task_runner_->PostTask(
-        FROM_HERE,
-        base::Bind(&Core::BufferSendComplete, this, rv));
-    return rv;
-  }
-
-  return rv;
-}
-
-int SSLClientSocketNSS::Core::DoGetChannelID(const std::string& host) {
-  DCHECK(OnNetworkTaskRunner());
-
-  if (detached_)
-    return ERR_ABORTED;
-
-  weak_net_log_->BeginEvent(NetLog::TYPE_SSL_GET_DOMAIN_BOUND_CERT);
-
-  int rv = channel_id_service_->GetOrCreateChannelID(
-      host, &channel_id_key_,
-      base::Bind(&Core::OnGetChannelIDComplete, base::Unretained(this)),
-      &channel_id_request_);
-
-  if (rv != ERR_IO_PENDING && !OnNSSTaskRunner()) {
-    nss_task_runner_->PostTask(
-        FROM_HERE,
-        base::Bind(&Core::OnHandshakeIOComplete, this, rv));
-    return ERR_IO_PENDING;
-  }
-
-  return rv;
-}
-
-void SSLClientSocketNSS::Core::OnHandshakeStateUpdated(
-    const HandshakeState& state) {
-  DCHECK(OnNetworkTaskRunner());
-  network_handshake_state_ = state;
-}
-
-void SSLClientSocketNSS::Core::OnNSSBufferUpdated(int amount_in_read_buffer) {
-  DCHECK(OnNetworkTaskRunner());
-  unhandled_buffer_size_ = amount_in_read_buffer;
-}
-
-void SSLClientSocketNSS::Core::DidNSSRead(int result) {
-  DCHECK(OnNetworkTaskRunner());
-  DCHECK(nss_waiting_read_);
-  nss_waiting_read_ = false;
-  if (result <= 0) {
-    nss_is_closed_ = true;
-  } else {
-    was_ever_used_ = true;
-  }
-}
-
-void SSLClientSocketNSS::Core::DidNSSWrite(int result) {
-  DCHECK(OnNetworkTaskRunner());
-  DCHECK(nss_waiting_write_);
-  nss_waiting_write_ = false;
-  if (result < 0) {
-    nss_is_closed_ = true;
-  } else if (result > 0) {
-    was_ever_used_ = true;
-  }
-}
-
-void SSLClientSocketNSS::Core::BufferSendComplete(int result) {
-  if (!OnNSSTaskRunner()) {
-    if (detached_)
-      return;
-
-    nss_task_runner_->PostTask(
-        FROM_HERE, base::Bind(&Core::BufferSendComplete, this, result));
-    return;
-  }
-
-  DCHECK(OnNSSTaskRunner());
-
-  memio_PutWriteResult(nss_bufs_, MapErrorToNSS(result));
-  transport_send_busy_ = false;
-  OnSendComplete(result);
-}
-
-void SSLClientSocketNSS::Core::OnHandshakeIOComplete(int result) {
-  if (!OnNSSTaskRunner()) {
-    if (detached_)
-      return;
-
-    nss_task_runner_->PostTask(
-        FROM_HERE, base::Bind(&Core::OnHandshakeIOComplete, this, result));
-    return;
-  }
-
-  DCHECK(OnNSSTaskRunner());
-
-  int rv = DoHandshakeLoop(result);
-  if (rv != ERR_IO_PENDING)
-    DoConnectCallback(rv);
-}
-
-void SSLClientSocketNSS::Core::OnGetChannelIDComplete(int result) {
-  DVLOG(1) << __FUNCTION__ << " " << result;
-  DCHECK(OnNetworkTaskRunner());
-
-  OnHandshakeIOComplete(result);
-}
-
-void SSLClientSocketNSS::Core::BufferRecvComplete(
-    IOBuffer* read_buffer,
-    int result) {
-  DCHECK(read_buffer);
-
-  if (!OnNSSTaskRunner()) {
-    if (detached_)
-      return;
-
-    nss_task_runner_->PostTask(
-        FROM_HERE, base::Bind(&Core::BufferRecvComplete, this,
-                              base::RetainedRef(read_buffer), result));
-    return;
-  }
-
-  DCHECK(OnNSSTaskRunner());
-
-  if (result > 0) {
-    char* buf;
-    int nb = memio_GetReadParams(nss_bufs_, &buf);
-    CHECK_GE(nb, result);
-    memcpy(buf, read_buffer->data(), result);
-  } else if (result == 0) {
-    transport_recv_eof_ = true;
-  }
-
-  memio_PutReadResult(nss_bufs_, MapErrorToNSS(result));
-  transport_recv_busy_ = false;
-  OnRecvComplete(result);
-}
-
-void SSLClientSocketNSS::Core::PostOrRunCallback(
-    const tracked_objects::Location& location,
-    const base::Closure& task) {
-  if (!OnNetworkTaskRunner()) {
-    network_task_runner_->PostTask(
-        FROM_HERE,
-        base::Bind(&Core::PostOrRunCallback, this, location, task));
-    return;
-  }
-
-  if (detached_ || task.is_null())
-    return;
-  task.Run();
-}
-
-void SSLClientSocketNSS::Core::AddCertProvidedEvent(int cert_count) {
-  PostOrRunCallback(FROM_HERE,
-                    base::Bind(&AddLogEventWithCallback, weak_net_log_,
-                               NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED,
-                               NetLog::IntCallback("cert_count", cert_count)));
-}
-
-void SSLClientSocketNSS::Core::SetChannelIDProvided() {
-  PostOrRunCallback(
-      FROM_HERE, base::Bind(&AddLogEvent, weak_net_log_,
-                            NetLog::TYPE_SSL_CHANNEL_ID_PROVIDED));
-  nss_handshake_state_.channel_id_sent = true;
-  // Update the network task runner's view of the handshake state now that
-  // channel id has been sent.
-  PostOrRunCallback(
-      FROM_HERE, base::Bind(&Core::OnHandshakeStateUpdated, this,
-                            nss_handshake_state_));
-}
-
-SSLClientSocketNSS::SSLClientSocketNSS(
-    scoped_ptr<ClientSocketHandle> transport_socket,
-    const HostPortPair& host_and_port,
-    const SSLConfig& ssl_config,
-    const SSLClientSocketContext& context)
-    : transport_(std::move(transport_socket)),
-      host_and_port_(host_and_port),
-      ssl_config_(ssl_config),
-      cert_verifier_(context.cert_verifier),
-      cert_transparency_verifier_(context.cert_transparency_verifier),
-      channel_id_service_(context.channel_id_service),
-      ssl_session_cache_shard_(context.ssl_session_cache_shard),
-      completed_handshake_(false),
-      next_handshake_state_(STATE_NONE),
-      disconnected_(false),
-      nss_fd_(NULL),
-      net_log_(transport_->socket()->NetLog()),
-      transport_security_state_(context.transport_security_state),
-      policy_enforcer_(context.ct_policy_enforcer),
-      valid_thread_id_(base::kInvalidThreadId) {
-  DCHECK(cert_verifier_);
-
-  EnterFunction("");
-  InitCore();
-  LeaveFunction("");
-}
-
-SSLClientSocketNSS::~SSLClientSocketNSS() {
-  EnterFunction("");
-  Disconnect();
-  LeaveFunction("");
-}
-
-// static
-void SSLClientSocket::ClearSessionCache() {
-  // SSL_ClearSessionCache can't be called before NSS is initialized.  Don't
-  // bother initializing NSS just to clear an empty SSL session cache.
-  if (!NSS_IsInitialized())
-    return;
-
-  SSL_ClearSessionCache();
-}
-
-bool SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) {
-  EnterFunction("");
-  ssl_info->Reset();
-  if (core_->state().server_cert_chain.empty() ||
-      !core_->state().server_cert_chain[0]) {
-    return false;
-  }
-
-  ssl_info->cert_status = server_cert_verify_result_.cert_status;
-  ssl_info->cert = server_cert_verify_result_.verified_cert;
-  ssl_info->unverified_cert = core_->state().server_cert;
-
-  AddCTInfoToSSLInfo(ssl_info);
-
-  ssl_info->connection_status =
-      core_->state().ssl_connection_status;
-  ssl_info->public_key_hashes = server_cert_verify_result_.public_key_hashes;
-  ssl_info->is_issued_by_known_root =
-      server_cert_verify_result_.is_issued_by_known_root;
-  ssl_info->client_cert_sent =
-      ssl_config_.send_client_cert && ssl_config_.client_cert.get();
-  ssl_info->channel_id_sent = core_->state().channel_id_sent;
-  ssl_info->pinning_failure_log = pinning_failure_log_;
-
-  PRUint16 cipher_suite = SSLConnectionStatusToCipherSuite(
-      core_->state().ssl_connection_status);
-  SSLCipherSuiteInfo cipher_info;
-  SECStatus ok = SSL_GetCipherSuiteInfo(cipher_suite,
-                                        &cipher_info, sizeof(cipher_info));
-  if (ok == SECSuccess) {
-    ssl_info->security_bits = cipher_info.effectiveKeyBits;
-  } else {
-    ssl_info->security_bits = -1;
-    LOG(DFATAL) << "SSL_GetCipherSuiteInfo returned " << PR_GetError()
-                << " for cipherSuite " << cipher_suite;
-  }
-
-  ssl_info->handshake_type = core_->state().resumed_handshake ?
-      SSLInfo::HANDSHAKE_RESUME : SSLInfo::HANDSHAKE_FULL;
-
-  LeaveFunction("");
-  return true;
-}
-
-void SSLClientSocketNSS::GetConnectionAttempts(ConnectionAttempts* out) const {
-  out->clear();
-}
-
-int64_t SSLClientSocketNSS::GetTotalReceivedBytes() const {
-  NOTIMPLEMENTED();
-  return 0;
-}
-
-void SSLClientSocketNSS::GetSSLCertRequestInfo(
-    SSLCertRequestInfo* cert_request_info) {
-  EnterFunction("");
-  cert_request_info->host_and_port = host_and_port_;
-  cert_request_info->cert_authorities = core_->state().cert_authorities;
-  LeaveFunction("");
-}
-
-int SSLClientSocketNSS::ExportKeyingMaterial(const base::StringPiece& label,
-                                             bool has_context,
-                                             const base::StringPiece& context,
-                                             unsigned char* out,
-                                             unsigned int outlen) {
-  if (!IsConnected())
-    return ERR_SOCKET_NOT_CONNECTED;
-
-  // SSL_ExportKeyingMaterial may block the current thread if |core_| is in
-  // the midst of a handshake.
-  SECStatus result = SSL_ExportKeyingMaterial(
-      nss_fd_, label.data(), label.size(), has_context,
-      reinterpret_cast<const unsigned char*>(context.data()),
-      context.length(), out, outlen);
-  if (result != SECSuccess) {
-    LogFailedNSSFunction(net_log_, "SSL_ExportKeyingMaterial", "");
-    return MapNSSError(PORT_GetError());
-  }
-  return OK;
-}
-
-SSLClientSocket::NextProtoStatus SSLClientSocketNSS::GetNextProto(
-    std::string* proto) const {
-  *proto = core_->state().next_proto;
-  return core_->state().next_proto_status;
-}
-
-int SSLClientSocketNSS::Connect(const CompletionCallback& callback) {
-  EnterFunction("");
-  DCHECK(transport_.get());
-  // It is an error to create an SSLClientSocket whose context has no
-  // TransportSecurityState.
-  DCHECK(transport_security_state_);
-  DCHECK_EQ(STATE_NONE, next_handshake_state_);
-  DCHECK(user_connect_callback_.is_null());
-  DCHECK(!callback.is_null());
-
-  // Although StreamSocket does allow calling Connect() after Disconnect(),
-  // this has never worked for layered sockets. CHECK to detect any consumers
-  // reconnecting an SSL socket.
-  //
-  // TODO(davidben,mmenke): Remove this API feature. See
-  // https://crbug.com/499289.
-  CHECK(!disconnected_);
-
-  EnsureThreadIdAssigned();
-
-  net_log_.BeginEvent(NetLog::TYPE_SSL_CONNECT);
-
-  int rv = Init();
-  if (rv != OK) {
-    net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv);
-    return rv;
-  }
-
-  rv = InitializeSSLOptions();
-  if (rv != OK) {
-    net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv);
-    return rv;
-  }
-
-  rv = InitializeSSLPeerName();
-  if (rv != OK) {
-    net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv);
-    return rv;
-  }
-
-  GotoState(STATE_HANDSHAKE);
-
-  rv = DoHandshakeLoop(OK);
-  if (rv == ERR_IO_PENDING) {
-    user_connect_callback_ = callback;
-  } else {
-    net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv);
-  }
-
-  LeaveFunction("");
-  return rv > OK ? OK : rv;
-}
-
-void SSLClientSocketNSS::Disconnect() {
-  EnterFunction("");
-
-  CHECK(CalledOnValidThread());
-
-  // Shut down anything that may call us back.
-  core_->Detach();
-  cert_verifier_request_.reset();
-  transport_->socket()->Disconnect();
-
-  disconnected_ = true;
-
-  // Reset object state.
-  user_connect_callback_.Reset();
-  server_cert_verify_result_.Reset();
-  completed_handshake_   = false;
-  start_cert_verification_time_ = base::TimeTicks();
-  InitCore();
-
-  LeaveFunction("");
-}
-
-bool SSLClientSocketNSS::IsConnected() const {
-  EnterFunction("");
-  bool ret = completed_handshake_ &&
-             (core_->HasPendingAsyncOperation() ||
-              (core_->IsConnected() && core_->HasUnhandledReceivedData()) ||
-              transport_->socket()->IsConnected());
-  LeaveFunction("");
-  return ret;
-}
-
-bool SSLClientSocketNSS::IsConnectedAndIdle() const {
-  EnterFunction("");
-  bool ret = completed_handshake_ &&
-             !core_->HasPendingAsyncOperation() &&
-             !(core_->IsConnected() && core_->HasUnhandledReceivedData()) &&
-             transport_->socket()->IsConnectedAndIdle();
-  LeaveFunction("");
-  return ret;
-}
-
-int SSLClientSocketNSS::GetPeerAddress(IPEndPoint* address) const {
-  return transport_->socket()->GetPeerAddress(address);
-}
-
-int SSLClientSocketNSS::GetLocalAddress(IPEndPoint* address) const {
-  return transport_->socket()->GetLocalAddress(address);
-}
-
-const BoundNetLog& SSLClientSocketNSS::NetLog() const {
-  return net_log_;
-}
-
-void SSLClientSocketNSS::SetSubresourceSpeculation() {
-  if (transport_.get() && transport_->socket()) {
-    transport_->socket()->SetSubresourceSpeculation();
-  } else {
-    NOTREACHED();
-  }
-}
-
-void SSLClientSocketNSS::SetOmniboxSpeculation() {
-  if (transport_.get() && transport_->socket()) {
-    transport_->socket()->SetOmniboxSpeculation();
-  } else {
-    NOTREACHED();
-  }
-}
-
-bool SSLClientSocketNSS::WasEverUsed() const {
-  DCHECK(core_.get());
-
-  return core_->WasEverUsed();
-}
-
-int SSLClientSocketNSS::Read(IOBuffer* buf, int buf_len,
-                             const CompletionCallback& callback) {
-  DCHECK(core_.get());
-  DCHECK(!callback.is_null());
-
-  EnterFunction(buf_len);
-  int rv = core_->Read(buf, buf_len, callback);
-  LeaveFunction(rv);
-
-  return rv;
-}
-
-int SSLClientSocketNSS::Write(IOBuffer* buf, int buf_len,
-                              const CompletionCallback& callback) {
-  DCHECK(core_.get());
-  DCHECK(!callback.is_null());
-
-  EnterFunction(buf_len);
-  int rv = core_->Write(buf, buf_len, callback);
-  LeaveFunction(rv);
-
-  return rv;
-}
-
-int SSLClientSocketNSS::SetReceiveBufferSize(int32_t size) {
-  return transport_->socket()->SetReceiveBufferSize(size);
-}
-
-int SSLClientSocketNSS::SetSendBufferSize(int32_t size) {
-  return transport_->socket()->SetSendBufferSize(size);
-}
-
-int SSLClientSocketNSS::Init() {
-  EnterFunction("");
-  // Initialize the NSS SSL library in a threadsafe way.  This also
-  // initializes the NSS base library.
-  EnsureNSSSSLInit();
-  if (!NSS_IsInitialized())
-    return ERR_UNEXPECTED;
-#if defined(USE_NSS_VERIFIER)
-  if (ssl_config_.cert_io_enabled) {
-    // We must call EnsureNSSHttpIOInit() here, on the IO thread, to get the IO
-    // loop by MessageLoopForIO::current().
-    // X509Certificate::Verify() runs on a worker thread of CertVerifier.
-    EnsureNSSHttpIOInit();
-  }
-#endif
-
-  LeaveFunction("");
-  return OK;
-}
-
-void SSLClientSocketNSS::InitCore() {
-  // TODO(davidben): Both task runners are now always the same. Unwind this code
-  // further, although the entire class is due to be deleted eventually, so it
-  // may not be worth bothering.
-  core_ = new Core(base::ThreadTaskRunnerHandle::Get().get(),
-                   base::ThreadTaskRunnerHandle::Get().get(), transport_.get(),
-                   host_and_port_, ssl_config_, &net_log_, channel_id_service_);
-}
-
-int SSLClientSocketNSS::InitializeSSLOptions() {
-  // Transport connected, now hook it up to nss
-  nss_fd_ = memio_CreateIOLayer(kRecvBufferSize, kSendBufferSize);
-  if (nss_fd_ == NULL) {
-    return ERR_OUT_OF_MEMORY;  // TODO(port): map NSPR error code.
-  }
-
-  // Grab pointer to buffers
-  memio_Private* nss_bufs = memio_GetSecret(nss_fd_);
-
-  /* Create SSL state machine */
-  /* Push SSL onto our fake I/O socket */
-  if (SSL_ImportFD(GetNSSModelSocket(), nss_fd_) == NULL) {
-    LogFailedNSSFunction(net_log_, "SSL_ImportFD", "");
-    PR_Close(nss_fd_);
-    nss_fd_ = NULL;
-    return ERR_OUT_OF_MEMORY;  // TODO(port): map NSPR/NSS error code.
-  }
-  // TODO(port): set more ssl options!  Check errors!
-
-  int rv;
-
-  rv = SSL_OptionSet(nss_fd_, SSL_SECURITY, PR_TRUE);
-  if (rv != SECSuccess) {
-    LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_SECURITY");
-    return ERR_UNEXPECTED;
-  }
-
-  rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SSL2, PR_FALSE);
-  if (rv != SECSuccess) {
-    LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_SSL2");
-    return ERR_UNEXPECTED;
-  }
-
-  // Don't do V2 compatible hellos because they don't support TLS extensions.
-  rv = SSL_OptionSet(nss_fd_, SSL_V2_COMPATIBLE_HELLO, PR_FALSE);
-  if (rv != SECSuccess) {
-    LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_V2_COMPATIBLE_HELLO");
-    return ERR_UNEXPECTED;
-  }
-
-  SSLVersionRange version_range;
-  version_range.min = ssl_config_.version_min;
-  version_range.max = ssl_config_.version_max;
-  rv = SSL_VersionRangeSet(nss_fd_, &version_range);
-  if (rv != SECSuccess) {
-    LogFailedNSSFunction(net_log_, "SSL_VersionRangeSet", "");
-    return ERR_NO_SSL_VERSIONS_ENABLED;
-  }
-
-  if (ssl_config_.require_ecdhe) {
-    const PRUint16* const ssl_ciphers = SSL_GetImplementedCiphers();
-    const PRUint16 num_ciphers = SSL_GetNumImplementedCiphers();
-
-    // Iterate over the cipher suites and disable those that don't use ECDHE.
-    for (unsigned i = 0; i < num_ciphers; i++) {
-      SSLCipherSuiteInfo info;
-      if (SSL_GetCipherSuiteInfo(ssl_ciphers[i], &info, sizeof(info)) ==
-          SECSuccess) {
-        if (strcmp(info.keaTypeName, "ECDHE") != 0) {
-          SSL_CipherPrefSet(nss_fd_, ssl_ciphers[i], PR_FALSE);
-        }
-      }
-    }
-  }
-
-  if (ssl_config_.version_fallback) {
-    rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_FALLBACK_SCSV, PR_TRUE);
-    if (rv != SECSuccess) {
-      LogFailedNSSFunction(
-          net_log_, "SSL_OptionSet", "SSL_ENABLE_FALLBACK_SCSV");
-    }
-  }
-
-  for (std::vector<uint16_t>::const_iterator it =
-           ssl_config_.disabled_cipher_suites.begin();
-       it != ssl_config_.disabled_cipher_suites.end(); ++it) {
-    // This will fail if the specified cipher is not implemented by NSS, but
-    // the failure is harmless.
-    SSL_CipherPrefSet(nss_fd_, *it, PR_FALSE);
-  }
-
-  const PRUint16* const ssl_ciphers = SSL_GetImplementedCiphers();
-  const PRUint16 num_ciphers = SSL_GetNumImplementedCiphers();
-  for (int i = 0; i < num_ciphers; i++) {
-    SSLCipherSuiteInfo info;
-    if (SSL_GetCipherSuiteInfo(ssl_ciphers[i], &info, sizeof(info)) !=
-        SECSuccess) {
-      continue;
-    }
-    if (info.symCipher == ssl_calg_rc4 &&
-        !(ssl_config_.rc4_enabled &&
-          ssl_config_.deprecated_cipher_suites_enabled)) {
-      SSL_CipherPrefSet(nss_fd_, ssl_ciphers[i], PR_FALSE);
-    }
-    if (info.keaType == ssl_kea_dh &&
-        !ssl_config_.deprecated_cipher_suites_enabled) {
-      // Only offer DHE on the second handshake. https://crbug.com/538690
-      SSL_CipherPrefSet(nss_fd_, ssl_ciphers[i], PR_FALSE);
-    }
-  }
-
-  // Support RFC 5077
-  rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SESSION_TICKETS, PR_TRUE);
-  if (rv != SECSuccess) {
-    LogFailedNSSFunction(
-        net_log_, "SSL_OptionSet", "SSL_ENABLE_SESSION_TICKETS");
-  }
-
-  rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_FALSE_START,
-                     ssl_config_.false_start_enabled);
-  if (rv != SECSuccess)
-    LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_FALSE_START");
-
-  // By default, renegotiations are rejected. After the initial handshake
-  // completes, some application protocols may re-enable it.
-  rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_RENEGOTIATION, SSL_RENEGOTIATE_NEVER);
-  if (rv != SECSuccess) {
-    LogFailedNSSFunction(
-        net_log_, "SSL_OptionSet", "SSL_ENABLE_RENEGOTIATION");
-  }
-
-  rv = SSL_OptionSet(nss_fd_, SSL_CBC_RANDOM_IV, PR_TRUE);
-  if (rv != SECSuccess)
-    LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_CBC_RANDOM_IV");
-
-// Added in NSS 3.15
-#ifdef SSL_ENABLE_OCSP_STAPLING
-  // Request OCSP stapling even on platforms that don't support it, in
-  // order to extract Certificate Transparency information.
-  rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_OCSP_STAPLING,
-                     cert_verifier_->SupportsOCSPStapling() ||
-                         ssl_config_.signed_cert_timestamps_enabled);
-  if (rv != SECSuccess) {
-    LogFailedNSSFunction(net_log_, "SSL_OptionSet",
-                         "SSL_ENABLE_OCSP_STAPLING");
-  }
-#endif
-
-  rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SIGNED_CERT_TIMESTAMPS,
-                     ssl_config_.signed_cert_timestamps_enabled);
-  if (rv != SECSuccess) {
-    LogFailedNSSFunction(net_log_, "SSL_OptionSet",
-                         "SSL_ENABLE_SIGNED_CERT_TIMESTAMPS");
-  }
-
-  rv = SSL_OptionSet(nss_fd_, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE);
-  if (rv != SECSuccess) {
-    LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_HANDSHAKE_AS_CLIENT");
-    return ERR_UNEXPECTED;
-  }
-
-  if (!core_->Init(nss_fd_, nss_bufs))
-    return ERR_UNEXPECTED;
-
-  // Tell SSL the hostname we're trying to connect to.
-  SSL_SetURL(nss_fd_, host_and_port_.host().c_str());
-
-  // Tell SSL we're a client; needed if not letting NSPR do socket I/O
-  SSL_ResetHandshake(nss_fd_, PR_FALSE);
-
-  return OK;
-}
-
-int SSLClientSocketNSS::InitializeSSLPeerName() {
-  // Tell NSS who we're connected to
-  IPEndPoint peer_address;
-  int err = transport_->socket()->GetPeerAddress(&peer_address);
-  if (err != OK)
-    return err;
-
-  SockaddrStorage storage;
-  if (!peer_address.ToSockAddr(storage.addr, &storage.addr_len))
-    return ERR_ADDRESS_INVALID;
-
-  PRNetAddr peername;
-  memset(&peername, 0, sizeof(peername));
-  DCHECK_LE(static_cast<size_t>(storage.addr_len), sizeof(peername));
-  size_t len = std::min(static_cast<size_t>(storage.addr_len),
-                        sizeof(peername));
-  memcpy(&peername, storage.addr, len);
-
-  // Adjust the address family field for BSD, whose sockaddr
-  // structure has a one-byte length and one-byte address family
-  // field at the beginning.  PRNetAddr has a two-byte address
-  // family field at the beginning.
-  peername.raw.family = storage.addr->sa_family;
-
-  memio_SetPeerName(nss_fd_, &peername);
-
-  // Set the peer ID for session reuse.  This is necessary when we create an
-  // SSL tunnel through a proxy -- GetPeerName returns the proxy's address
-  // rather than the destination server's address in that case.
-  std::string peer_id = host_and_port_.ToString();
-  // Append |ssl_session_cache_shard_| to the peer id. This is used to partition
-  // the session cache for incognito mode.
-  peer_id += "/" + ssl_session_cache_shard_;
-  peer_id += "/";
-  // Shard the session cache based on maximum protocol version. This causes
-  // fallback connections to use a separate session cache.
-  switch (ssl_config_.version_max) {
-    case SSL_PROTOCOL_VERSION_TLS1:
-      peer_id += "tls1";
-      break;
-    case SSL_PROTOCOL_VERSION_TLS1_1:
-      peer_id += "tls1.1";
-      break;
-    case SSL_PROTOCOL_VERSION_TLS1_2:
-      peer_id += "tls1.2";
-      break;
-    default:
-      NOTREACHED();
-  }
-  peer_id += "/";
-  if (ssl_config_.deprecated_cipher_suites_enabled)
-    peer_id += "deprecated";
-
-  peer_id += "/";
-  if (ssl_config_.channel_id_enabled)
-    peer_id += "channelid";
-
-  SECStatus rv = SSL_SetSockPeerID(nss_fd_, const_cast<char*>(peer_id.c_str()));
-  if (rv != SECSuccess)
-    LogFailedNSSFunction(net_log_, "SSL_SetSockPeerID", peer_id.c_str());
-
-  return OK;
-}
-
-void SSLClientSocketNSS::DoConnectCallback(int rv) {
-  EnterFunction(rv);
-  DCHECK_NE(ERR_IO_PENDING, rv);
-  DCHECK(!user_connect_callback_.is_null());
-
-  base::ResetAndReturn(&user_connect_callback_).Run(rv > OK ? OK : rv);
-  LeaveFunction("");
-}
-
-void SSLClientSocketNSS::OnHandshakeIOComplete(int result) {
-  EnterFunction(result);
-  int rv = DoHandshakeLoop(result);
-  if (rv != ERR_IO_PENDING) {
-    net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv);
-    DoConnectCallback(rv);
-  }
-  LeaveFunction("");
-}
-
-int SSLClientSocketNSS::DoHandshakeLoop(int last_io_result) {
-  EnterFunction(last_io_result);
-  int rv = last_io_result;
-  do {
-    // Default to STATE_NONE for next state.
-    // (This is a quirk carried over from the windows
-    // implementation.  It makes reading the logs a bit harder.)
-    // State handlers can and often do call GotoState just
-    // to stay in the current state.
-    State state = next_handshake_state_;
-    GotoState(STATE_NONE);
-    switch (state) {
-      case STATE_HANDSHAKE:
-        rv = DoHandshake();
-        break;
-      case STATE_HANDSHAKE_COMPLETE:
-        rv = DoHandshakeComplete(rv);
-        break;
-      case STATE_VERIFY_CERT:
-        DCHECK(rv == OK);
-        rv = DoVerifyCert(rv);
-        break;
-      case STATE_VERIFY_CERT_COMPLETE:
-        rv = DoVerifyCertComplete(rv);
-        break;
-      case STATE_NONE:
-      default:
-        rv = ERR_UNEXPECTED;
-        LOG(DFATAL) << "unexpected state " << state;
-        break;
-    }
-  } while (rv != ERR_IO_PENDING && next_handshake_state_ != STATE_NONE);
-  LeaveFunction("");
-  return rv;
-}
-
-int SSLClientSocketNSS::DoHandshake() {
-  EnterFunction("");
-
-  int rv = core_->Connect(
-      base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete,
-                 base::Unretained(this)));
-  GotoState(STATE_HANDSHAKE_COMPLETE);
-
-  LeaveFunction(rv);
-  return rv;
-}
-
-int SSLClientSocketNSS::DoHandshakeComplete(int result) {
-  EnterFunction(result);
-
-  if (result == OK) {
-    if (ssl_config_.version_fallback &&
-        ssl_config_.version_max < ssl_config_.version_fallback_min) {
-      return ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION;
-    }
-
-    RecordNegotiationExtension();
-
-    // SSL handshake is completed. Let's verify the certificate.
-    GotoState(STATE_VERIFY_CERT);
-    // Done!
-  }
-  set_signed_cert_timestamps_received(
-      !core_->state().sct_list_from_tls_extension.empty());
-  set_stapled_ocsp_response_received(
-      !core_->state().stapled_ocsp_response.empty());
-  set_negotiation_extension(core_->state().negotiation_extension_);
-
-  LeaveFunction(result);
-  return result;
-}
-
-int SSLClientSocketNSS::DoVerifyCert(int result) {
-  DCHECK(!core_->state().server_cert_chain.empty());
-  DCHECK(core_->state().server_cert_chain[0]);
-
-  GotoState(STATE_VERIFY_CERT_COMPLETE);
-
-  // NSS decoded the certificate, but the platform certificate implementation
-  // could not. This is treated as a fatal SSL-level protocol error rather than
-  // a certificate error. See https://crbug.com/91341.
-  if (!core_->state().server_cert.get())
-    return ERR_SSL_SERVER_CERT_BAD_FORMAT;
-
-  // If the certificate is expected to be bad we can use the expectation as
-  // the cert status.
-  base::StringPiece der_cert(
-      reinterpret_cast<char*>(
-          core_->state().server_cert_chain[0]->derCert.data),
-      core_->state().server_cert_chain[0]->derCert.len);
-  CertStatus cert_status;
-  if (ssl_config_.IsAllowedBadCert(der_cert, &cert_status)) {
-    DCHECK(start_cert_verification_time_.is_null());
-    VLOG(1) << "Received an expected bad cert with status: " << cert_status;
-    server_cert_verify_result_.Reset();
-    server_cert_verify_result_.cert_status = cert_status;
-    server_cert_verify_result_.verified_cert = core_->state().server_cert;
-    return OK;
-  }
-
-  start_cert_verification_time_ = base::TimeTicks::Now();
-
-  return cert_verifier_->Verify(
-      core_->state().server_cert.get(), host_and_port_.host(),
-      core_->state().stapled_ocsp_response, ssl_config_.GetCertVerifyFlags(),
-      SSLConfigService::GetCRLSet().get(), &server_cert_verify_result_,
-      base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete,
-                 base::Unretained(this)),
-      &cert_verifier_request_, net_log_);
-}
-
-// Derived from AuthCertificateCallback() in
-// mozilla/source/security/manager/ssl/src/nsNSSCallbacks.cpp.
-int SSLClientSocketNSS::DoVerifyCertComplete(int result) {
-  cert_verifier_request_.reset();
-
-  if (!start_cert_verification_time_.is_null()) {
-    base::TimeDelta verify_time =
-        base::TimeTicks::Now() - start_cert_verification_time_;
-    if (result == OK)
-        UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTime", verify_time);
-    else
-        UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTimeError", verify_time);
-  }
-
-  // We used to remember the intermediate CA certs in the NSS database
-  // persistently.  However, NSS opens a connection to the SQLite database
-  // during NSS initialization and doesn't close the connection until NSS
-  // shuts down.  If the file system where the database resides is gone,
-  // the database connection goes bad.  What's worse, the connection won't
-  // recover when the file system comes back.  Until this NSS or SQLite bug
-  // is fixed, we need to  avoid using the NSS database for non-essential
-  // purposes.  See https://bugzilla.mozilla.org/show_bug.cgi?id=508081 and
-  // http://crbug.com/15630 for more info.
-
-  const CertStatus cert_status = server_cert_verify_result_.cert_status;
-  if (transport_security_state_ &&
-      (result == OK ||
-       (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) &&
-      !transport_security_state_->CheckPublicKeyPins(
-          host_and_port_, server_cert_verify_result_.is_issued_by_known_root,
-          server_cert_verify_result_.public_key_hashes,
-          core_->state().server_cert.get(),
-          server_cert_verify_result_.verified_cert.get(),
-          TransportSecurityState::ENABLE_PIN_REPORTS, &pinning_failure_log_)) {
-    result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN;
-  }
-
-  if (result == OK) {
-    // Only check Certificate Transparency if there were no other errors with
-    // the connection.
-    VerifyCT();
-
-    // Only cache the session if the certificate verified successfully.
-    core_->CacheSessionIfNecessary();
-  }
-
-  completed_handshake_ = true;
-
-  // Exit DoHandshakeLoop and return the result to the caller to Connect.
-  DCHECK_EQ(STATE_NONE, next_handshake_state_);
-  return result;
-}
-
-void SSLClientSocketNSS::VerifyCT() {
-  if (!cert_transparency_verifier_)
-    return;
-
-  // Note that this is a completely synchronous operation: The CT Log Verifier
-  // gets all the data it needs for SCT verification and does not do any
-  // external communication.
-  cert_transparency_verifier_->Verify(
-      server_cert_verify_result_.verified_cert.get(),
-      core_->state().stapled_ocsp_response,
-      core_->state().sct_list_from_tls_extension, &ct_verify_result_, net_log_);
-  // TODO(ekasper): wipe stapled_ocsp_response and sct_list_from_tls_extension
-  // from the state after verification is complete, to conserve memory.
-
-  ct_verify_result_.ct_policies_applied = (policy_enforcer_ != nullptr);
-  ct_verify_result_.ev_policy_compliance =
-      ct::EVPolicyCompliance::EV_POLICY_DOES_NOT_APPLY;
-  if (policy_enforcer_) {
-    if ((server_cert_verify_result_.cert_status & CERT_STATUS_IS_EV)) {
-      scoped_refptr<ct::EVCertsWhitelist> ev_whitelist =
-          SSLConfigService::GetEVCertsWhitelist();
-      ct::EVPolicyCompliance ev_policy_compliance =
-          policy_enforcer_->DoesConformToCTEVPolicy(
-              server_cert_verify_result_.verified_cert.get(),
-              ev_whitelist.get(), ct_verify_result_.verified_scts, net_log_);
-      ct_verify_result_.ev_policy_compliance = ev_policy_compliance;
-      if (ev_policy_compliance !=
-              ct::EVPolicyCompliance::EV_POLICY_DOES_NOT_APPLY &&
-          ev_policy_compliance !=
-              ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_WHITELIST &&
-          ev_policy_compliance !=
-              ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_SCTS) {
-        // TODO(eranm): Log via the BoundNetLog, see crbug.com/437766
-        VLOG(1) << "EV certificate for "
-                << server_cert_verify_result_.verified_cert->subject()
-                       .GetDisplayName()
-                << " does not conform to CT policy, removing EV status.";
-        server_cert_verify_result_.cert_status |=
-            CERT_STATUS_CT_COMPLIANCE_FAILED;
-        server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV;
-      }
-    }
-    ct_verify_result_.cert_policy_compliance =
-        policy_enforcer_->DoesConformToCertPolicy(
-            server_cert_verify_result_.verified_cert.get(),
-            ct_verify_result_.verified_scts, net_log_);
-  }
-}
-
-void SSLClientSocketNSS::EnsureThreadIdAssigned() const {
-  base::AutoLock auto_lock(lock_);
-  if (valid_thread_id_ != base::kInvalidThreadId)
-    return;
-  valid_thread_id_ = base::PlatformThread::CurrentId();
-}
-
-bool SSLClientSocketNSS::CalledOnValidThread() const {
-  EnsureThreadIdAssigned();
-  base::AutoLock auto_lock(lock_);
-  return valid_thread_id_ == base::PlatformThread::CurrentId();
-}
-
-void SSLClientSocketNSS::AddCTInfoToSSLInfo(SSLInfo* ssl_info) const {
-  ssl_info->UpdateCertificateTransparencyInfo(ct_verify_result_);
-}
-
-// static
-void SSLClientSocketNSS::ReorderNextProtos(NextProtoVector* next_protos) {
-  if (next_protos->size() < 2) {
-    return;
-  }
-
-  NextProto fallback_proto = next_protos->back();
-  for (size_t i = next_protos->size() - 1; i > 0; --i) {
-    (*next_protos)[i] = (*next_protos)[i - 1];
-  }
-  (*next_protos)[0] = fallback_proto;
-}
-
-ChannelIDService* SSLClientSocketNSS::GetChannelIDService() const {
-  return channel_id_service_;
-}
-
-Error SSLClientSocketNSS::GetSignedEKMForTokenBinding(
-    crypto::ECPrivateKey* key,
-    std::vector<uint8_t>* out) {
-  NOTREACHED();
-  return ERR_NOT_IMPLEMENTED;
-}
-
-crypto::ECPrivateKey* SSLClientSocketNSS::GetChannelIDKey() const {
-  return core_->GetChannelIDKey();
-}
-
-SSLFailureState SSLClientSocketNSS::GetSSLFailureState() const {
-  if (completed_handshake_)
-    return SSL_FAILURE_NONE;
-  return SSL_FAILURE_UNKNOWN;
-}
-
-}  // namespace net
diff --git a/chromium/net/socket/ssl_client_socket_nss.h b/chromium/net/socket/ssl_client_socket_nss.h
deleted file mode 100644
index 7073290a791..00000000000
--- a/chromium/net/socket/ssl_client_socket_nss.h
+++ /dev/null
@@ -1,218 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_
-#define NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_
-
-#include <certt.h>
-#include <keyt.h>
-#include <nspr.h>
-#include <nss.h>
-#include <stdint.h>
-
-#include <string>
-#include <vector>
-
-#include "base/memory/scoped_ptr.h"
-#include "base/synchronization/lock.h"
-#include "base/threading/platform_thread.h"
-#include "base/time/time.h"
-#include "net/base/completion_callback.h"
-#include "net/base/host_port_pair.h"
-#include "net/base/net_export.h"
-#include "net/base/nss_memio.h"
-#include "net/cert/cert_verifier.h"
-#include "net/cert/cert_verify_result.h"
-#include "net/cert/ct_verify_result.h"
-#include "net/cert/x509_certificate.h"
-#include "net/log/net_log.h"
-#include "net/socket/ssl_client_socket.h"
-#include "net/ssl/channel_id_service.h"
-#include "net/ssl/ssl_config_service.h"
-
-namespace net {
-
-class BoundNetLog;
-class CTPolicyEnforcer;
-class CertVerifier;
-class ChannelIDService;
-class CTVerifier;
-class ClientSocketHandle;
-class TransportSecurityState;
-class X509Certificate;
-
-// An SSL client socket implemented with Mozilla NSS.
-class SSLClientSocketNSS : public SSLClientSocket {
- public:
-  // Takes ownership of the |transport_socket|, which must already be connected.
-  // The hostname specified in |host_and_port| will be compared with the name(s)
-  // in the server's certificate during the SSL handshake.  If SSL client
-  // authentication is requested, the host_and_port field of SSLCertRequestInfo
-  // will be populated with |host_and_port|.  |ssl_config| specifies
-  // the SSL settings.
-  SSLClientSocketNSS(scoped_ptr<ClientSocketHandle> transport_socket,
-                     const HostPortPair& host_and_port,
-                     const SSLConfig& ssl_config,
-                     const SSLClientSocketContext& context);
-  ~SSLClientSocketNSS() override;
-
-  // SSLClientSocket implementation.
-  void GetSSLCertRequestInfo(SSLCertRequestInfo* cert_request_info) override;
-  NextProtoStatus GetNextProto(std::string* proto) const override;
-
-  // SSLSocket implementation.
-  int ExportKeyingMaterial(const base::StringPiece& label,
-                           bool has_context,
-                           const base::StringPiece& context,
-                           unsigned char* out,
-                           unsigned int outlen) override;
-
-  // StreamSocket implementation.
-  int Connect(const CompletionCallback& callback) override;
-  void Disconnect() override;
-  bool IsConnected() const override;
-  bool IsConnectedAndIdle() const override;
-  int GetPeerAddress(IPEndPoint* address) const override;
-  int GetLocalAddress(IPEndPoint* address) const override;
-  const BoundNetLog& NetLog() const override;
-  void SetSubresourceSpeculation() override;
-  void SetOmniboxSpeculation() override;
-  bool WasEverUsed() const override;
-  bool GetSSLInfo(SSLInfo* ssl_info) override;
-  void GetConnectionAttempts(ConnectionAttempts* out) const override;
-  void ClearConnectionAttempts() override {}
-  void AddConnectionAttempts(const ConnectionAttempts& attempts) override {}
-  int64_t GetTotalReceivedBytes() const override;
-
-  // Socket implementation.
-  int Read(IOBuffer* buf,
-           int buf_len,
-           const CompletionCallback& callback) override;
-  int Write(IOBuffer* buf,
-            int buf_len,
-            const CompletionCallback& callback) override;
-  int SetReceiveBufferSize(int32_t size) override;
-  int SetSendBufferSize(int32_t size) override;
-
-  // SSLClientSocket implementation.
-  ChannelIDService* GetChannelIDService() const override;
-  Error GetSignedEKMForTokenBinding(crypto::ECPrivateKey* key,
-                                    std::vector<uint8_t>* out) override;
-  crypto::ECPrivateKey* GetChannelIDKey() const override;
-  SSLFailureState GetSSLFailureState() const override;
-
- private:
-  // Helper class to handle marshalling any NSS interaction to and from the
-  // NSS and network task runners. Not every call needs to happen on the Core
-  class Core;
-
-  enum State {
-    STATE_NONE,
-    STATE_HANDSHAKE,
-    STATE_HANDSHAKE_COMPLETE,
-    STATE_VERIFY_CERT,
-    STATE_VERIFY_CERT_COMPLETE,
-  };
-
-  int Init();
-  void InitCore();
-
-  // Initializes NSS SSL options.  Returns a net error code.
-  int InitializeSSLOptions();
-
-  // Initializes the socket peer name in SSL.  Returns a net error code.
-  int InitializeSSLPeerName();
-
-  void DoConnectCallback(int result);
-  void OnHandshakeIOComplete(int result);
-
-  int DoHandshakeLoop(int last_io_result);
-  int DoHandshake();
-  int DoHandshakeComplete(int result);
-  int DoVerifyCert(int result);
-  int DoVerifyCertComplete(int result);
-
-  void VerifyCT();
-
-  // The following methods are for debugging bug 65948. Will remove this code
-  // after fixing bug 65948.
-  void EnsureThreadIdAssigned() const;
-  bool CalledOnValidThread() const;
-
-  // Adds the SignedCertificateTimestamps from ct_verify_result_ to |ssl_info|.
-  // SCTs are held in three separate vectors in ct_verify_result, each
-  // vetor representing a particular verification state, this method associates
-  // each of the SCTs with the corresponding SCTVerifyStatus as it adds it to
-  // the |ssl_info|.signed_certificate_timestamps list.
-  void AddCTInfoToSSLInfo(SSLInfo* ssl_info) const;
-
-  // Move last protocol to first place: SSLConfig::next_protos has protocols in
-  // decreasing order of preference with NPN fallback protocol at the end, but
-  // NSS moves the first one to the last place before sending them in ALPN, and
-  // uses the first one as a fallback for NPN.
-  static void ReorderNextProtos(NextProtoVector* next_protos);
-
-  scoped_ptr<ClientSocketHandle> transport_;
-  HostPortPair host_and_port_;
-  SSLConfig ssl_config_;
-
-  scoped_refptr<Core> core_;
-
-  CompletionCallback user_connect_callback_;
-
-  CertVerifyResult server_cert_verify_result_;
-
-  CertVerifier* const cert_verifier_;
-  scoped_ptr<CertVerifier::Request> cert_verifier_request_;
-
-  // Certificate Transparency: Verifier and result holder.
-  ct::CTVerifyResult ct_verify_result_;
-  CTVerifier* cert_transparency_verifier_;
-
-  // The service for retrieving Channel ID keys.  May be NULL.
-  ChannelIDService* channel_id_service_;
-
-  // ssl_session_cache_shard_ is an opaque string that partitions the SSL
-  // session cache. i.e. sessions created with one value will not attempt to
-  // resume on the socket with a different value.
-  const std::string ssl_session_cache_shard_;
-
-  // True if the SSL handshake has been completed.
-  bool completed_handshake_;
-
-  State next_handshake_state_;
-
-  // True if the socket has been disconnected.
-  bool disconnected_;
-
-  // The NSS SSL state machine. This is owned by |core_|.
-  // TODO(rsleevi): http://crbug.com/130616 - Remove this member once
-  // ExportKeyingMaterial is updated to be asynchronous.
-  PRFileDesc* nss_fd_;
-
-  BoundNetLog net_log_;
-
-  base::TimeTicks start_cert_verification_time_;
-
-  TransportSecurityState* transport_security_state_;
-
-  CTPolicyEnforcer* const policy_enforcer_;
-
-  // pinning_failure_log contains a message produced by
-  // TransportSecurityState::CheckPublicKeyPins in the event of a
-  // pinning failure. It is a (somewhat) human-readable string.
-  std::string pinning_failure_log_;
-
-  // The following two variables are added for debugging bug 65948. Will
-  // remove this code after fixing bug 65948.
-  // Added the following code Debugging in release mode.
-  mutable base::Lock lock_;
-  // This is mutable so that CalledOnValidThread can set it.
-  // It's guarded by |lock_|.
-  mutable base::PlatformThreadId valid_thread_id_;
-};
-
-}  // namespace net
-
-#endif  // NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_
diff --git a/chromium/net/socket/ssl_client_socket_pool.cc b/chromium/net/socket/ssl_client_socket_pool.cc
index 2a2865c65f9..00a36c5acbf 100644
--- a/chromium/net/socket/ssl_client_socket_pool.cc
+++ b/chromium/net/socket/ssl_client_socket_pool.cc
@@ -551,11 +551,12 @@ SSLClientSocketPool::~SSLClientSocketPool() {
     ssl_config_service_->RemoveObserver(this);
 }
 
-scoped_ptr<ConnectJob> SSLClientSocketPool::SSLConnectJobFactory::NewConnectJob(
+std::unique_ptr<ConnectJob>
+SSLClientSocketPool::SSLConnectJobFactory::NewConnectJob(
     const std::string& group_name,
     const PoolBase::Request& request,
     ConnectJob::Delegate* delegate) const {
-  return scoped_ptr<ConnectJob>(new SSLConnectJob(
+  return std::unique_ptr<ConnectJob>(new SSLConnectJob(
       group_name, request.priority(), request.respect_limits(),
       request.params(), ConnectionTimeout(), transport_pool_, socks_pool_,
       http_proxy_pool_, client_socket_factory_, context_, delegate, net_log_));
@@ -597,7 +598,7 @@ void SSLClientSocketPool::CancelRequest(const std::string& group_name,
 }
 
 void SSLClientSocketPool::ReleaseSocket(const std::string& group_name,
-                                        scoped_ptr<StreamSocket> socket,
+                                        std::unique_ptr<StreamSocket> socket,
                                         int id) {
   base_.ReleaseSocket(group_name, std::move(socket), id);
 }
@@ -624,11 +625,11 @@ LoadState SSLClientSocketPool::GetLoadState(
   return base_.GetLoadState(group_name, handle);
 }
 
-scoped_ptr<base::DictionaryValue> SSLClientSocketPool::GetInfoAsValue(
+std::unique_ptr<base::DictionaryValue> SSLClientSocketPool::GetInfoAsValue(
     const std::string& name,
     const std::string& type,
     bool include_nested_pools) const {
-  scoped_ptr<base::DictionaryValue> dict(base_.GetInfoAsValue(name, type));
+  std::unique_ptr<base::DictionaryValue> dict(base_.GetInfoAsValue(name, type));
   if (include_nested_pools) {
     base::ListValue* list = new base::ListValue();
     if (transport_pool_) {
diff --git a/chromium/net/socket/ssl_client_socket_pool.h b/chromium/net/socket/ssl_client_socket_pool.h
index d5f480799ef..3dc03e5b84b 100644
--- a/chromium/net/socket/ssl_client_socket_pool.h
+++ b/chromium/net/socket/ssl_client_socket_pool.h
@@ -5,11 +5,11 @@
 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_POOL_H_
 #define NET_SOCKET_SSL_CLIENT_SOCKET_POOL_H_
 
+#include <memory>
 #include <string>
 
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/time/time.h"
 #include "net/base/privacy_mode.h"
 #include "net/http/http_response_info.h"
@@ -160,8 +160,8 @@ class SSLConnectJob : public ConnectJob {
 
   State next_state_;
   CompletionCallback callback_;
-  scoped_ptr<ClientSocketHandle> transport_socket_handle_;
-  scoped_ptr<SSLClientSocket> ssl_socket_;
+  std::unique_ptr<ClientSocketHandle> transport_socket_handle_;
+  std::unique_ptr<SSLClientSocket> ssl_socket_;
 
   HttpResponseInfo error_response_info_;
 
@@ -218,7 +218,7 @@ class NET_EXPORT_PRIVATE SSLClientSocketPool
                      ClientSocketHandle* handle) override;
 
   void ReleaseSocket(const std::string& group_name,
-                     scoped_ptr<StreamSocket> socket,
+                     std::unique_ptr<StreamSocket> socket,
                      int id) override;
 
   void FlushWithError(int error) override;
@@ -232,7 +232,7 @@ class NET_EXPORT_PRIVATE SSLClientSocketPool
   LoadState GetLoadState(const std::string& group_name,
                          const ClientSocketHandle* handle) const override;
 
-  scoped_ptr<base::DictionaryValue> GetInfoAsValue(
+  std::unique_ptr<base::DictionaryValue> GetInfoAsValue(
       const std::string& name,
       const std::string& type,
       bool include_nested_pools) const override;
@@ -271,7 +271,7 @@ class NET_EXPORT_PRIVATE SSLClientSocketPool
     ~SSLConnectJobFactory() override;
 
     // ClientSocketPoolBase::ConnectJobFactory methods.
-    scoped_ptr<ConnectJob> NewConnectJob(
+    std::unique_ptr<ConnectJob> NewConnectJob(
         const std::string& group_name,
         const PoolBase::Request& request,
         ConnectJob::Delegate* delegate) const override;
diff --git a/chromium/net/socket/ssl_client_socket_pool_unittest.cc b/chromium/net/socket/ssl_client_socket_pool_unittest.cc
index f83ffd50d13..f3caaf544cd 100644
--- a/chromium/net/socket/ssl_client_socket_pool_unittest.cc
+++ b/chromium/net/socket/ssl_client_socket_pool_unittest.cc
@@ -176,13 +176,13 @@ class SSLClientSocketPoolTest
 
   MockClientSocketFactory socket_factory_;
   MockCachingHostResolver host_resolver_;
-  scoped_ptr<CertVerifier> cert_verifier_;
-  scoped_ptr<TransportSecurityState> transport_security_state_;
-  const scoped_ptr<ProxyService> proxy_service_;
+  std::unique_ptr<CertVerifier> cert_verifier_;
+  std::unique_ptr<TransportSecurityState> transport_security_state_;
+  const std::unique_ptr<ProxyService> proxy_service_;
   const scoped_refptr<SSLConfigService> ssl_config_service_;
-  const scoped_ptr<HttpAuthHandlerFactory> http_auth_handler_factory_;
+  const std::unique_ptr<HttpAuthHandlerFactory> http_auth_handler_factory_;
   HttpServerPropertiesImpl http_server_properties_;
-  const scoped_ptr<HttpNetworkSession> session_;
+  const std::unique_ptr<HttpNetworkSession> session_;
 
   scoped_refptr<TransportSocketParams> direct_transport_socket_params_;
   MockTransportClientSocketPool transport_socket_pool_;
@@ -196,7 +196,7 @@ class SSLClientSocketPoolTest
   HttpProxyClientSocketPool http_proxy_socket_pool_;
 
   SSLConfig ssl_config_;
-  scoped_ptr<SSLClientSocketPool> pool_;
+  std::unique_ptr<SSLClientSocketPool> pool_;
 };
 
 INSTANTIATE_TEST_CASE_P(NextProto,
@@ -794,7 +794,7 @@ TEST_P(SSLClientSocketPoolTest, NeedProxyAuth) {
   EXPECT_FALSE(handle.is_ssl_error());
   const HttpResponseInfo& tunnel_info = handle.ssl_error_response_info();
   EXPECT_EQ(tunnel_info.headers->response_code(), 407);
-  scoped_ptr<ClientSocketHandle> tunnel_handle(
+  std::unique_ptr<ClientSocketHandle> tunnel_handle(
       handle.release_pending_http_proxy_connection());
   EXPECT_TRUE(tunnel_handle->socket());
   EXPECT_FALSE(tunnel_handle->socket()->IsConnected());
diff --git a/chromium/net/socket/ssl_client_socket_unittest.cc b/chromium/net/socket/ssl_client_socket_unittest.cc
index d5656567984..8bad8a66a2a 100644
--- a/chromium/net/socket/ssl_client_socket_unittest.cc
+++ b/chromium/net/socket/ssl_client_socket_unittest.cc
@@ -4,8 +4,15 @@
 
 #include "net/socket/ssl_client_socket.h"
 
+#include <errno.h>
+#include <string.h>
+
 #include <utility>
 
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/pem.h>
+
 #include "base/callback_helpers.h"
 #include "base/files/file_util.h"
 #include "base/location.h"
@@ -13,8 +20,9 @@
 #include "base/memory/ref_counted.h"
 #include "base/run_loop.h"
 #include "base/single_thread_task_runner.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/time/time.h"
+#include "crypto/scoped_openssl_types.h"
 #include "net/base/address_list.h"
 #include "net/base/io_buffer.h"
 #include "net/base/net_errors.h"
@@ -45,23 +53,13 @@
 #include "net/ssl/ssl_config_service.h"
 #include "net/ssl/ssl_connection_status_flags.h"
 #include "net/ssl/ssl_info.h"
+#include "net/ssl/test_ssl_private_key.h"
 #include "net/test/cert_test_util.h"
 #include "net/test/spawned_test_server/spawned_test_server.h"
 #include "testing/gmock/include/gmock/gmock.h"
 #include "testing/gtest/include/gtest/gtest.h"
 #include "testing/platform_test.h"
 
-#if defined(USE_OPENSSL)
-#include <errno.h>
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-#include <openssl/pem.h>
-#include <string.h>
-
-#include "crypto/scoped_openssl_types.h"
-#include "net/ssl/test_ssl_private_key.h"
-#endif
-
 using testing::_;
 using testing::Return;
 using testing::Truly;
@@ -78,7 +76,7 @@ namespace {
 // StreamSocket.
 class WrappedStreamSocket : public StreamSocket {
  public:
-  explicit WrappedStreamSocket(scoped_ptr<StreamSocket> transport)
+  explicit WrappedStreamSocket(std::unique_ptr<StreamSocket> transport)
       : transport_(std::move(transport)) {}
   ~WrappedStreamSocket() override {}
 
@@ -144,7 +142,7 @@ class WrappedStreamSocket : public StreamSocket {
   }
 
  protected:
-  scoped_ptr<StreamSocket> transport_;
+  std::unique_ptr<StreamSocket> transport_;
 };
 
 // ReadBufferingStreamSocket is a wrapper for an existing StreamSocket that
@@ -155,7 +153,7 @@ class WrappedStreamSocket : public StreamSocket {
 // them from the TestServer.
 class ReadBufferingStreamSocket : public WrappedStreamSocket {
  public:
-  explicit ReadBufferingStreamSocket(scoped_ptr<StreamSocket> transport);
+  explicit ReadBufferingStreamSocket(std::unique_ptr<StreamSocket> transport);
   ~ReadBufferingStreamSocket() override {}
 
   // Socket implementation:
@@ -193,7 +191,7 @@ class ReadBufferingStreamSocket : public WrappedStreamSocket {
 };
 
 ReadBufferingStreamSocket::ReadBufferingStreamSocket(
-    scoped_ptr<StreamSocket> transport)
+    std::unique_ptr<StreamSocket> transport)
     : WrappedStreamSocket(std::move(transport)),
       read_buffer_(new GrowableIOBuffer()),
       buffer_size_(0) {}
@@ -285,7 +283,8 @@ void ReadBufferingStreamSocket::OnReadCompleted(int result) {
 // Simulates synchronously receiving an error during Read() or Write()
 class SynchronousErrorStreamSocket : public WrappedStreamSocket {
  public:
-  explicit SynchronousErrorStreamSocket(scoped_ptr<StreamSocket> transport);
+  explicit SynchronousErrorStreamSocket(
+      std::unique_ptr<StreamSocket> transport);
   ~SynchronousErrorStreamSocket() override {}
 
   // Socket implementation:
@@ -327,7 +326,7 @@ class SynchronousErrorStreamSocket : public WrappedStreamSocket {
 };
 
 SynchronousErrorStreamSocket::SynchronousErrorStreamSocket(
-    scoped_ptr<StreamSocket> transport)
+    std::unique_ptr<StreamSocket> transport)
     : WrappedStreamSocket(std::move(transport)),
       have_read_error_(false),
       pending_read_error_(OK),
@@ -356,7 +355,7 @@ int SynchronousErrorStreamSocket::Write(IOBuffer* buf,
 // semantics).
 class FakeBlockingStreamSocket : public WrappedStreamSocket {
  public:
-  explicit FakeBlockingStreamSocket(scoped_ptr<StreamSocket> transport);
+  explicit FakeBlockingStreamSocket(std::unique_ptr<StreamSocket> transport);
   ~FakeBlockingStreamSocket() override {}
 
   // Socket implementation:
@@ -410,7 +409,7 @@ class FakeBlockingStreamSocket : public WrappedStreamSocket {
   int pending_read_result_;
 
   // WaitForReadResult() wait loop.
-  scoped_ptr<base::RunLoop> read_loop_;
+  std::unique_ptr<base::RunLoop> read_loop_;
 
   // True if write calls are blocked.
   bool should_block_write_;
@@ -425,11 +424,11 @@ class FakeBlockingStreamSocket : public WrappedStreamSocket {
   int pending_write_len_;
 
   // WaitForWrite() wait loop.
-  scoped_ptr<base::RunLoop> write_loop_;
+  std::unique_ptr<base::RunLoop> write_loop_;
 };
 
 FakeBlockingStreamSocket::FakeBlockingStreamSocket(
-    scoped_ptr<StreamSocket> transport)
+    std::unique_ptr<StreamSocket> transport)
     : WrappedStreamSocket(std::move(transport)),
       should_block_read_(false),
       pending_read_result_(ERR_IO_PENDING),
@@ -577,7 +576,7 @@ void FakeBlockingStreamSocket::OnReadCompleted(int result) {
 // reads and writes on the socket.
 class CountingStreamSocket : public WrappedStreamSocket {
  public:
-  explicit CountingStreamSocket(scoped_ptr<StreamSocket> transport)
+  explicit CountingStreamSocket(std::unique_ptr<StreamSocket> transport)
       : WrappedStreamSocket(std::move(transport)),
         read_count_(0),
         write_count_(0) {}
@@ -638,14 +637,15 @@ class DeleteSocketCallback : public TestCompletionCallbackBase {
 // channel id.
 class FailingChannelIDStore : public ChannelIDStore {
   int GetChannelID(const std::string& server_identifier,
-                   scoped_ptr<crypto::ECPrivateKey>* key_result,
+                   std::unique_ptr<crypto::ECPrivateKey>* key_result,
                    const GetChannelIDCallback& callback) override {
     return ERR_UNEXPECTED;
   }
-  void SetChannelID(scoped_ptr<ChannelID> channel_id) override {}
+  void SetChannelID(std::unique_ptr<ChannelID> channel_id) override {}
   void DeleteChannelID(const std::string& server_identifier,
                        const base::Closure& completion_callback) override {}
-  void DeleteAllCreatedBetween(
+  void DeleteForDomainsCreatedBetween(
+      const base::Callback<bool(const std::string&)>& domain_predicate,
       base::Time delete_begin,
       base::Time delete_end,
       const base::Closure& completion_callback) override {}
@@ -660,17 +660,18 @@ class FailingChannelIDStore : public ChannelIDStore {
 // channel id.
 class AsyncFailingChannelIDStore : public ChannelIDStore {
   int GetChannelID(const std::string& server_identifier,
-                   scoped_ptr<crypto::ECPrivateKey>* key_result,
+                   std::unique_ptr<crypto::ECPrivateKey>* key_result,
                    const GetChannelIDCallback& callback) override {
     base::ThreadTaskRunnerHandle::Get()->PostTask(
         FROM_HERE,
         base::Bind(callback, ERR_UNEXPECTED, server_identifier, nullptr));
     return ERR_IO_PENDING;
   }
-  void SetChannelID(scoped_ptr<ChannelID> channel_id) override {}
+  void SetChannelID(std::unique_ptr<ChannelID> channel_id) override {}
   void DeleteChannelID(const std::string& server_identifier,
                        const base::Closure& completion_callback) override {}
-  void DeleteAllCreatedBetween(
+  void DeleteForDomainsCreatedBetween(
+      const base::Callback<bool(const std::string&)>& domain_predicate,
       base::Time delete_begin,
       base::Time delete_end,
       const base::Closure& completion_callback) override {}
@@ -752,11 +753,11 @@ class SSLClientSocketTest : public PlatformTest {
     return true;
   }
 
-  scoped_ptr<SSLClientSocket> CreateSSLClientSocket(
-      scoped_ptr<StreamSocket> transport_socket,
+  std::unique_ptr<SSLClientSocket> CreateSSLClientSocket(
+      std::unique_ptr<StreamSocket> transport_socket,
       const HostPortPair& host_and_port,
       const SSLConfig& ssl_config) {
-    scoped_ptr<ClientSocketHandle> connection(new ClientSocketHandle);
+    std::unique_ptr<ClientSocketHandle> connection(new ClientSocketHandle);
     connection->SetSocket(std::move(transport_socket));
     return socket_factory_->CreateSSLClientSocket(
         std::move(connection), host_and_port, ssl_config, context_);
@@ -772,8 +773,8 @@ class SSLClientSocketTest : public PlatformTest {
   // itself was a success.
   bool CreateAndConnectSSLClientSocket(const SSLConfig& ssl_config,
                                        int* result) {
-    scoped_ptr<StreamSocket> transport(
-        new TCPClientSocket(addr_, &log_, NetLog::Source()));
+    std::unique_ptr<StreamSocket> transport(
+        new TCPClientSocket(addr_, NULL, &log_, NetLog::Source()));
     int rv = callback_.GetResult(transport->Connect(callback_.callback()));
     if (rv != OK) {
       LOG(ERROR) << "Could not connect to SpawnedTestServer";
@@ -805,14 +806,14 @@ class SSLClientSocketTest : public PlatformTest {
   }
 
   ClientSocketFactory* socket_factory_;
-  scoped_ptr<MockCertVerifier> cert_verifier_;
-  scoped_ptr<TransportSecurityState> transport_security_state_;
+  std::unique_ptr<MockCertVerifier> cert_verifier_;
+  std::unique_ptr<TransportSecurityState> transport_security_state_;
   SSLClientSocketContext context_;
-  scoped_ptr<SSLClientSocket> sock_;
+  std::unique_ptr<SSLClientSocket> sock_;
   TestNetLog log_;
 
  private:
-  scoped_ptr<SpawnedTestServer> spawned_test_server_;
+  std::unique_ptr<SpawnedTestServer> spawned_test_server_;
   TestCompletionCallback callback_;
   AddressList addr_;
 };
@@ -835,12 +836,12 @@ class SSLClientSocketCertRequestInfoTest : public SSLClientSocketTest {
 
     TestCompletionCallback callback;
     TestNetLog log;
-    scoped_ptr<StreamSocket> transport(
-        new TCPClientSocket(addr, &log, NetLog::Source()));
+    std::unique_ptr<StreamSocket> transport(
+        new TCPClientSocket(addr, NULL, &log, NetLog::Source()));
     int rv = callback.GetResult(transport->Connect(callback.callback()));
     EXPECT_EQ(OK, rv);
 
-    scoped_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
+    std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
         std::move(transport), spawned_test_server.host_port_pair(),
         SSLConfig()));
     EXPECT_FALSE(sock->IsConnected());
@@ -878,18 +879,18 @@ class SSLClientSocketFalseStartTest : public SSLClientSocketTest {
       const SSLConfig& client_config,
       TestCompletionCallback* callback,
       FakeBlockingStreamSocket** out_raw_transport,
-      scoped_ptr<SSLClientSocket>* out_sock) {
+      std::unique_ptr<SSLClientSocket>* out_sock) {
     CHECK(spawned_test_server());
 
-    scoped_ptr<StreamSocket> real_transport(
-        new TCPClientSocket(addr(), NULL, NetLog::Source()));
-    scoped_ptr<FakeBlockingStreamSocket> transport(
+    std::unique_ptr<StreamSocket> real_transport(
+        new TCPClientSocket(addr(), NULL, NULL, NetLog::Source()));
+    std::unique_ptr<FakeBlockingStreamSocket> transport(
         new FakeBlockingStreamSocket(std::move(real_transport)));
     int rv = callback->GetResult(transport->Connect(callback->callback()));
     EXPECT_EQ(OK, rv);
 
     FakeBlockingStreamSocket* raw_transport = transport.get();
-    scoped_ptr<SSLClientSocket> sock = CreateSSLClientSocket(
+    std::unique_ptr<SSLClientSocket> sock = CreateSSLClientSocket(
         std::move(transport), spawned_test_server()->host_port_pair(),
         client_config);
 
@@ -924,7 +925,7 @@ class SSLClientSocketFalseStartTest : public SSLClientSocketTest {
 
     TestCompletionCallback callback;
     FakeBlockingStreamSocket* raw_transport = NULL;
-    scoped_ptr<SSLClientSocket> sock;
+    std::unique_ptr<SSLClientSocket> sock;
     ASSERT_NO_FATAL_FAILURE(CreateAndConnectUntilServerFinishedReceived(
         client_config, &callback, &raw_transport, &sock));
 
@@ -990,7 +991,7 @@ class SSLClientSocketChannelIDTest : public SSLClientSocketTest {
   }
 
  private:
-  scoped_ptr<ChannelIDService> channel_id_service_;
+  std::unique_ptr<ChannelIDService> channel_id_service_;
 };
 
 }  // namespace
@@ -1000,12 +1001,12 @@ TEST_F(SSLClientSocketTest, Connect) {
 
   TestCompletionCallback callback;
   TestNetLog log;
-  scoped_ptr<StreamSocket> transport(
-      new TCPClientSocket(addr(), &log, NetLog::Source()));
+  std::unique_ptr<StreamSocket> transport(
+      new TCPClientSocket(addr(), NULL, &log, NetLog::Source()));
   int rv = callback.GetResult(transport->Connect(callback.callback()));
   EXPECT_EQ(OK, rv);
 
-  scoped_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
+  std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
       std::move(transport), spawned_test_server()->host_port_pair(),
       SSLConfig()));
 
@@ -1146,14 +1147,14 @@ TEST_F(SSLClientSocketTest, Read) {
   ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions()));
 
   TestCompletionCallback callback;
-  scoped_ptr<StreamSocket> transport(
-      new TCPClientSocket(addr(), NULL, NetLog::Source()));
+  std::unique_ptr<StreamSocket> transport(
+      new TCPClientSocket(addr(), NULL, NULL, NetLog::Source()));
   EXPECT_EQ(0, transport->GetTotalReceivedBytes());
 
   int rv = callback.GetResult(transport->Connect(callback.callback()));
   EXPECT_EQ(OK, rv);
 
-  scoped_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
+  std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
       std::move(transport), spawned_test_server()->host_port_pair(),
       SSLConfig()));
   EXPECT_EQ(0, sock->GetTotalReceivedBytes());
@@ -1203,9 +1204,9 @@ TEST_F(SSLClientSocketTest, Connect_WithSynchronousError) {
   ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions()));
 
   TestCompletionCallback callback;
-  scoped_ptr<StreamSocket> real_transport(
-      new TCPClientSocket(addr(), NULL, NetLog::Source()));
-  scoped_ptr<SynchronousErrorStreamSocket> transport(
+  std::unique_ptr<StreamSocket> real_transport(
+      new TCPClientSocket(addr(), NULL, NULL, NetLog::Source()));
+  std::unique_ptr<SynchronousErrorStreamSocket> transport(
       new SynchronousErrorStreamSocket(std::move(real_transport)));
   int rv = callback.GetResult(transport->Connect(callback.callback()));
   EXPECT_EQ(OK, rv);
@@ -1215,7 +1216,7 @@ TEST_F(SSLClientSocketTest, Connect_WithSynchronousError) {
   ssl_config.false_start_enabled = false;
 
   SynchronousErrorStreamSocket* raw_transport = transport.get();
-  scoped_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
+  std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
       std::move(transport), spawned_test_server()->host_port_pair(),
       ssl_config));
 
@@ -1234,9 +1235,9 @@ TEST_F(SSLClientSocketTest, Read_WithSynchronousError) {
   ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions()));
 
   TestCompletionCallback callback;
-  scoped_ptr<StreamSocket> real_transport(
-      new TCPClientSocket(addr(), NULL, NetLog::Source()));
-  scoped_ptr<SynchronousErrorStreamSocket> transport(
+  std::unique_ptr<StreamSocket> real_transport(
+      new TCPClientSocket(addr(), NULL, NULL, NetLog::Source()));
+  std::unique_ptr<SynchronousErrorStreamSocket> transport(
       new SynchronousErrorStreamSocket(std::move(real_transport)));
   int rv = callback.GetResult(transport->Connect(callback.callback()));
   EXPECT_EQ(OK, rv);
@@ -1246,7 +1247,7 @@ TEST_F(SSLClientSocketTest, Read_WithSynchronousError) {
   ssl_config.false_start_enabled = false;
 
   SynchronousErrorStreamSocket* raw_transport = transport.get();
-  scoped_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
+  std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
       std::move(transport), spawned_test_server()->host_port_pair(),
       ssl_config));
 
@@ -1284,14 +1285,14 @@ TEST_F(SSLClientSocketTest, Write_WithSynchronousError) {
   ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions()));
 
   TestCompletionCallback callback;
-  scoped_ptr<StreamSocket> real_transport(
-      new TCPClientSocket(addr(), NULL, NetLog::Source()));
+  std::unique_ptr<StreamSocket> real_transport(
+      new TCPClientSocket(addr(), NULL, NULL, NetLog::Source()));
   // Note: |error_socket|'s ownership is handed to |transport|, but a pointer
   // is retained in order to configure additional errors.
-  scoped_ptr<SynchronousErrorStreamSocket> error_socket(
+  std::unique_ptr<SynchronousErrorStreamSocket> error_socket(
       new SynchronousErrorStreamSocket(std::move(real_transport)));
   SynchronousErrorStreamSocket* raw_error_socket = error_socket.get();
-  scoped_ptr<FakeBlockingStreamSocket> transport(
+  std::unique_ptr<FakeBlockingStreamSocket> transport(
       new FakeBlockingStreamSocket(std::move(error_socket)));
   FakeBlockingStreamSocket* raw_transport = transport.get();
   int rv = callback.GetResult(transport->Connect(callback.callback()));
@@ -1301,7 +1302,7 @@ TEST_F(SSLClientSocketTest, Write_WithSynchronousError) {
   SSLConfig ssl_config;
   ssl_config.false_start_enabled = false;
 
-  scoped_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
+  std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
       std::move(transport), spawned_test_server()->host_port_pair(),
       ssl_config));
 
@@ -1351,14 +1352,14 @@ TEST_F(SSLClientSocketTest, Write_WithSynchronousErrorNoRead) {
   ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions()));
 
   TestCompletionCallback callback;
-  scoped_ptr<StreamSocket> real_transport(
-      new TCPClientSocket(addr(), NULL, NetLog::Source()));
+  std::unique_ptr<StreamSocket> real_transport(
+      new TCPClientSocket(addr(), NULL, NULL, NetLog::Source()));
   // Note: intermediate sockets' ownership are handed to |sock|, but a pointer
   // is retained in order to query them.
-  scoped_ptr<SynchronousErrorStreamSocket> error_socket(
+  std::unique_ptr<SynchronousErrorStreamSocket> error_socket(
       new SynchronousErrorStreamSocket(std::move(real_transport)));
   SynchronousErrorStreamSocket* raw_error_socket = error_socket.get();
-  scoped_ptr<CountingStreamSocket> counting_socket(
+  std::unique_ptr<CountingStreamSocket> counting_socket(
       new CountingStreamSocket(std::move(error_socket)));
   CountingStreamSocket* raw_counting_socket = counting_socket.get();
   int rv = callback.GetResult(counting_socket->Connect(callback.callback()));
@@ -1368,7 +1369,7 @@ TEST_F(SSLClientSocketTest, Write_WithSynchronousErrorNoRead) {
   SSLConfig ssl_config;
   ssl_config.false_start_enabled = false;
 
-  scoped_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
+  std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
       std::move(counting_socket), spawned_test_server()->host_port_pair(),
       ssl_config));
 
@@ -1451,14 +1452,14 @@ TEST_F(SSLClientSocketTest, Read_DeleteWhilePendingFullDuplex) {
   ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions()));
 
   TestCompletionCallback callback;
-  scoped_ptr<StreamSocket> real_transport(
-      new TCPClientSocket(addr(), NULL, NetLog::Source()));
+  std::unique_ptr<StreamSocket> real_transport(
+      new TCPClientSocket(addr(), NULL, NULL, NetLog::Source()));
   // Note: |error_socket|'s ownership is handed to |transport|, but a pointer
   // is retained in order to configure additional errors.
-  scoped_ptr<SynchronousErrorStreamSocket> error_socket(
+  std::unique_ptr<SynchronousErrorStreamSocket> error_socket(
       new SynchronousErrorStreamSocket(std::move(real_transport)));
   SynchronousErrorStreamSocket* raw_error_socket = error_socket.get();
-  scoped_ptr<FakeBlockingStreamSocket> transport(
+  std::unique_ptr<FakeBlockingStreamSocket> transport(
       new FakeBlockingStreamSocket(std::move(error_socket)));
   FakeBlockingStreamSocket* raw_transport = transport.get();
 
@@ -1469,7 +1470,7 @@ TEST_F(SSLClientSocketTest, Read_DeleteWhilePendingFullDuplex) {
   SSLConfig ssl_config;
   ssl_config.false_start_enabled = false;
 
-  scoped_ptr<SSLClientSocket> sock = CreateSSLClientSocket(
+  std::unique_ptr<SSLClientSocket> sock = CreateSSLClientSocket(
       std::move(transport), spawned_test_server()->host_port_pair(),
       ssl_config);
 
@@ -1502,38 +1503,8 @@ TEST_F(SSLClientSocketTest, Read_DeleteWhilePendingFullDuplex) {
   ASSERT_EQ(ERR_IO_PENDING, rv);
   ASSERT_FALSE(read_callback.have_result());
 
-#if !defined(USE_OPENSSL)
-  // NSS follows a pattern where a call to PR_Write will only consume as
-  // much data as it can encode into application data records before the
-  // internal memio buffer is full, which should only fill if writing a large
-  // amount of data and the underlying transport is blocked. Once this happens,
-  // NSS will return (total size of all application data records it wrote) - 1,
-  // with the caller expected to resume with the remaining unsent data.
-  //
-  // This causes SSLClientSocketNSS::Write to return that it wrote some data
-  // before it will return ERR_IO_PENDING, so make an extra call to Write() to
-  // get the socket in the state needed for the test below.
-  //
-  // This is not needed for OpenSSL, because for OpenSSL,
-  // SSL_MODE_ENABLE_PARTIAL_WRITE is not specified - thus
-  // SSLClientSocketOpenSSL::Write() will not return until all of
-  // |request_buffer| has been written to the underlying BIO (although not
-  // necessarily the underlying transport).
-  rv = callback.GetResult(raw_sock->Write(request_buffer.get(),
-                                          request_buffer->BytesRemaining(),
-                                          callback.callback()));
-  ASSERT_LT(0, rv);
-  request_buffer->DidConsume(rv);
-
-  // Guard to ensure that |request_buffer| was larger than all of the internal
-  // buffers (transport, memio, NSS) along the way - otherwise the next call
-  // to Write() will crash with an invalid buffer.
-  ASSERT_LT(0, request_buffer->BytesRemaining());
-#endif
-
-  // Attempt to write the remaining data. NSS will not be able to consume the
-  // application data because the internal buffers are full, while OpenSSL will
-  // return that its blocked because the underlying transport is blocked.
+  // Attempt to write the remaining data. OpenSSL will return that its blocked
+  // because the underlying transport is blocked.
   rv = raw_sock->Write(request_buffer.get(),
                        request_buffer->BytesRemaining(),
                        callback.callback());
@@ -1560,14 +1531,14 @@ TEST_F(SSLClientSocketTest, Read_WithWriteError) {
   ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions()));
 
   TestCompletionCallback callback;
-  scoped_ptr<StreamSocket> real_transport(
-      new TCPClientSocket(addr(), NULL, NetLog::Source()));
+  std::unique_ptr<StreamSocket> real_transport(
+      new TCPClientSocket(addr(), NULL, NULL, NetLog::Source()));
   // Note: |error_socket|'s ownership is handed to |transport|, but a pointer
   // is retained in order to configure additional errors.
-  scoped_ptr<SynchronousErrorStreamSocket> error_socket(
+  std::unique_ptr<SynchronousErrorStreamSocket> error_socket(
       new SynchronousErrorStreamSocket(std::move(real_transport)));
   SynchronousErrorStreamSocket* raw_error_socket = error_socket.get();
-  scoped_ptr<FakeBlockingStreamSocket> transport(
+  std::unique_ptr<FakeBlockingStreamSocket> transport(
       new FakeBlockingStreamSocket(std::move(error_socket)));
   FakeBlockingStreamSocket* raw_transport = transport.get();
 
@@ -1578,7 +1549,7 @@ TEST_F(SSLClientSocketTest, Read_WithWriteError) {
   SSLConfig ssl_config;
   ssl_config.false_start_enabled = false;
 
-  scoped_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
+  std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
       std::move(transport), spawned_test_server()->host_port_pair(),
       ssl_config));
 
@@ -1640,15 +1611,8 @@ TEST_F(SSLClientSocketTest, Read_WithWriteError) {
   raw_transport->UnblockReadResult();
   rv = read_callback.WaitForResult();
 
-#if defined(USE_OPENSSL)
   // Should still read bytes despite the write error.
   EXPECT_LT(0, rv);
-#else
-  // NSS attempts to flush the write buffer in PR_Read on an SSL socket before
-  // pumping the read state machine, unless configured with SSL_ENABLE_FDX, so
-  // the write error stops future reads.
-  EXPECT_EQ(ERR_CONNECTION_RESET, rv);
-#endif
 }
 
 // Tests that SSLClientSocket fails the handshake if the underlying
@@ -1657,15 +1621,15 @@ TEST_F(SSLClientSocketTest, Connect_WithZeroReturn) {
   ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions()));
 
   TestCompletionCallback callback;
-  scoped_ptr<StreamSocket> real_transport(
-      new TCPClientSocket(addr(), NULL, NetLog::Source()));
-  scoped_ptr<SynchronousErrorStreamSocket> transport(
+  std::unique_ptr<StreamSocket> real_transport(
+      new TCPClientSocket(addr(), NULL, NULL, NetLog::Source()));
+  std::unique_ptr<SynchronousErrorStreamSocket> transport(
       new SynchronousErrorStreamSocket(std::move(real_transport)));
   int rv = callback.GetResult(transport->Connect(callback.callback()));
   EXPECT_EQ(OK, rv);
 
   SynchronousErrorStreamSocket* raw_transport = transport.get();
-  scoped_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
+  std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
       std::move(transport), spawned_test_server()->host_port_pair(),
       SSLConfig()));
 
@@ -1683,9 +1647,9 @@ TEST_F(SSLClientSocketTest, Read_WithZeroReturn) {
   ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions()));
 
   TestCompletionCallback callback;
-  scoped_ptr<StreamSocket> real_transport(
-      new TCPClientSocket(addr(), NULL, NetLog::Source()));
-  scoped_ptr<SynchronousErrorStreamSocket> transport(
+  std::unique_ptr<StreamSocket> real_transport(
+      new TCPClientSocket(addr(), NULL, NULL, NetLog::Source()));
+  std::unique_ptr<SynchronousErrorStreamSocket> transport(
       new SynchronousErrorStreamSocket(std::move(real_transport)));
   int rv = callback.GetResult(transport->Connect(callback.callback()));
   EXPECT_EQ(OK, rv);
@@ -1695,7 +1659,7 @@ TEST_F(SSLClientSocketTest, Read_WithZeroReturn) {
   ssl_config.false_start_enabled = false;
 
   SynchronousErrorStreamSocket* raw_transport = transport.get();
-  scoped_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
+  std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
       std::move(transport), spawned_test_server()->host_port_pair(),
       ssl_config));
 
@@ -1716,12 +1680,12 @@ TEST_F(SSLClientSocketTest, Read_WithAsyncZeroReturn) {
   ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions()));
 
   TestCompletionCallback callback;
-  scoped_ptr<StreamSocket> real_transport(
-      new TCPClientSocket(addr(), NULL, NetLog::Source()));
-  scoped_ptr<SynchronousErrorStreamSocket> error_socket(
+  std::unique_ptr<StreamSocket> real_transport(
+      new TCPClientSocket(addr(), NULL, NULL, NetLog::Source()));
+  std::unique_ptr<SynchronousErrorStreamSocket> error_socket(
       new SynchronousErrorStreamSocket(std::move(real_transport)));
   SynchronousErrorStreamSocket* raw_error_socket = error_socket.get();
-  scoped_ptr<FakeBlockingStreamSocket> transport(
+  std::unique_ptr<FakeBlockingStreamSocket> transport(
       new FakeBlockingStreamSocket(std::move(error_socket)));
   FakeBlockingStreamSocket* raw_transport = transport.get();
   int rv = callback.GetResult(transport->Connect(callback.callback()));
@@ -1731,7 +1695,7 @@ TEST_F(SSLClientSocketTest, Read_WithAsyncZeroReturn) {
   SSLConfig ssl_config;
   ssl_config.false_start_enabled = false;
 
-  scoped_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
+  std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
       std::move(transport), spawned_test_server()->host_port_pair(),
       ssl_config));
 
@@ -1797,15 +1761,15 @@ TEST_F(SSLClientSocketTest, Read_ManySmallRecords) {
 
   TestCompletionCallback callback;
 
-  scoped_ptr<StreamSocket> real_transport(
-      new TCPClientSocket(addr(), NULL, NetLog::Source()));
-  scoped_ptr<ReadBufferingStreamSocket> transport(
+  std::unique_ptr<StreamSocket> real_transport(
+      new TCPClientSocket(addr(), NULL, NULL, NetLog::Source()));
+  std::unique_ptr<ReadBufferingStreamSocket> transport(
       new ReadBufferingStreamSocket(std::move(real_transport)));
   ReadBufferingStreamSocket* raw_transport = transport.get();
   int rv = callback.GetResult(transport->Connect(callback.callback()));
   ASSERT_EQ(OK, rv);
 
-  scoped_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
+  std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
       std::move(transport), spawned_test_server()->host_port_pair(),
       SSLConfig()));
 
@@ -1868,12 +1832,12 @@ TEST_F(SSLClientSocketTest, Read_FullLogging) {
   TestCompletionCallback callback;
   TestNetLog log;
   log.SetCaptureMode(NetLogCaptureMode::IncludeSocketBytes());
-  scoped_ptr<StreamSocket> transport(
-      new TCPClientSocket(addr(), &log, NetLog::Source()));
+  std::unique_ptr<StreamSocket> transport(
+      new TCPClientSocket(addr(), NULL, &log, NetLog::Source()));
   int rv = callback.GetResult(transport->Connect(callback.callback()));
   EXPECT_EQ(OK, rv);
 
-  scoped_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
+  std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
       std::move(transport), spawned_test_server()->host_port_pair(),
       SSLConfig()));
 
@@ -1937,12 +1901,12 @@ TEST_F(SSLClientSocketTest, PrematureApplicationData) {
   StaticSocketDataProvider data(data_reads, arraysize(data_reads), NULL, 0);
 
   TestCompletionCallback callback;
-  scoped_ptr<StreamSocket> transport(
+  std::unique_ptr<StreamSocket> transport(
       new MockTCPClientSocket(addr(), NULL, &data));
   int rv = callback.GetResult(transport->Connect(callback.callback()));
   EXPECT_EQ(OK, rv);
 
-  scoped_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
+  std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
       std::move(transport), spawned_test_server()->host_port_pair(),
       SSLConfig()));
 
@@ -1982,15 +1946,15 @@ TEST_F(SSLClientSocketTest, ClientSocketHandleNotFromPool) {
   ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions()));
 
   TestCompletionCallback callback;
-  scoped_ptr<StreamSocket> transport(
-      new TCPClientSocket(addr(), NULL, NetLog::Source()));
+  std::unique_ptr<StreamSocket> transport(
+      new TCPClientSocket(addr(), NULL, NULL, NetLog::Source()));
   int rv = callback.GetResult(transport->Connect(callback.callback()));
   EXPECT_EQ(OK, rv);
 
-  scoped_ptr<ClientSocketHandle> socket_handle(new ClientSocketHandle());
+  std::unique_ptr<ClientSocketHandle> socket_handle(new ClientSocketHandle());
   socket_handle->SetSocket(std::move(transport));
 
-  scoped_ptr<SSLClientSocket> sock(socket_factory_->CreateSSLClientSocket(
+  std::unique_ptr<SSLClientSocket> sock(socket_factory_->CreateSSLClientSocket(
       std::move(socket_handle), spawned_test_server()->host_port_pair(),
       SSLConfig(), context_));
 
@@ -2272,8 +2236,6 @@ TEST_F(SSLClientSocketCertRequestInfoTest, TwoAuthorities) {
       request_info->cert_authorities[1]);
 }
 
-// cert_key_types is currently only populated on OpenSSL.
-#if defined(USE_OPENSSL)
 TEST_F(SSLClientSocketCertRequestInfoTest, CertKeyTypes) {
   SpawnedTestServer::SSLOptions ssl_options;
   ssl_options.request_client_certificate = true;
@@ -2285,7 +2247,6 @@ TEST_F(SSLClientSocketCertRequestInfoTest, CertKeyTypes) {
   EXPECT_EQ(CLIENT_CERT_RSA_SIGN, request_info->cert_key_types[0]);
   EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, request_info->cert_key_types[1]);
 }
-#endif  // defined(USE_OPENSSL)
 
 TEST_F(SSLClientSocketTest, ConnectSignedCertTimestampsEnabledTLSExtension) {
   SpawnedTestServer::SSLOptions ssl_options;
@@ -2498,10 +2459,8 @@ TEST_F(SSLClientSocketTest, ReuseStates) {
 
   // TODO(davidben): Read one byte to ensure the test server has responded and
   // then assert IsConnectedAndIdle is false. This currently doesn't work
-  // because neither SSLClientSocketNSS nor SSLClientSocketOpenSSL check their
-  // SSL implementation's internal buffers. Either call PR_Available and
-  // SSL_pending, although the former isn't actually implemented or perhaps
-  // attempt to read one byte extra.
+  // because SSLClientSocketImpl doesn't check the implementation's internal
+  // buffer. Call SSL_pending.
 }
 
 // Tests that IsConnectedAndIdle treats a socket as idle even if a Write hasn't
@@ -2511,14 +2470,14 @@ TEST_F(SSLClientSocketTest, ReusableAfterWrite) {
   ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions()));
 
   TestCompletionCallback callback;
-  scoped_ptr<StreamSocket> real_transport(
-      new TCPClientSocket(addr(), NULL, NetLog::Source()));
-  scoped_ptr<FakeBlockingStreamSocket> transport(
+  std::unique_ptr<StreamSocket> real_transport(
+      new TCPClientSocket(addr(), NULL, NULL, NetLog::Source()));
+  std::unique_ptr<FakeBlockingStreamSocket> transport(
       new FakeBlockingStreamSocket(std::move(real_transport)));
   FakeBlockingStreamSocket* raw_transport = transport.get();
   ASSERT_EQ(OK, callback.GetResult(transport->Connect(callback.callback())));
 
-  scoped_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
+  std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
       std::move(transport), spawned_test_server()->host_port_pair(),
       SSLConfig()));
   ASSERT_EQ(OK, callback.GetResult(sock->Connect(callback.callback())));
@@ -2532,8 +2491,8 @@ TEST_F(SSLClientSocketTest, ReusableAfterWrite) {
   scoped_refptr<IOBuffer> request_buffer(new IOBuffer(kRequestLen));
   memcpy(request_buffer->data(), kRequestText, kRequestLen);
 
-  // Although transport writes are blocked, both SSLClientSocketOpenSSL and
-  // SSLClientSocketNSS complete the outer Write operation.
+  // Although transport writes are blocked, SSLClientSocketImpl completes the
+  // outer Write operation.
   EXPECT_EQ(static_cast<int>(kRequestLen),
             callback.GetResult(sock->Write(request_buffer.get(), kRequestLen,
                                            callback.callback())));
@@ -2567,11 +2526,11 @@ TEST_F(SSLClientSocketTest, SessionResumption) {
   sock_.reset();
 
   // Using a different HostPortPair uses a different session cache key.
-  scoped_ptr<StreamSocket> transport(
-      new TCPClientSocket(addr(), &log_, NetLog::Source()));
+  std::unique_ptr<StreamSocket> transport(
+      new TCPClientSocket(addr(), NULL, &log_, NetLog::Source()));
   TestCompletionCallback callback;
   ASSERT_EQ(OK, callback.GetResult(transport->Connect(callback.callback())));
-  scoped_ptr<SSLClientSocket> sock = CreateSSLClientSocket(
+  std::unique_ptr<SSLClientSocket> sock = CreateSSLClientSocket(
       std::move(transport), HostPortPair("example.com", 443), ssl_config);
   ASSERT_EQ(OK, callback.GetResult(sock->Connect(callback.callback())));
   ASSERT_TRUE(sock->GetSSLInfo(&ssl_info));
@@ -2838,9 +2797,6 @@ TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) {
       SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM;
   server_options.npn_protocols.push_back(std::string("http/1.1"));
   SSLConfig client_config;
-#if !defined(USE_OPENSSL)
-  client_config.alpn_protos.push_back(kProtoHTTP11);
-#endif
   client_config.npn_protos.push_back(kProtoHTTP11);
   ASSERT_NO_FATAL_FAILURE(
       TestFalseStart(server_options, client_config, true));
@@ -2869,9 +2825,6 @@ TEST_F(SSLClientSocketFalseStartTest, RSA) {
       SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM;
   server_options.npn_protocols.push_back(std::string("http/1.1"));
   SSLConfig client_config;
-#if !defined(USE_OPENSSL)
-  client_config.alpn_protos.push_back(kProtoHTTP11);
-#endif
   client_config.npn_protos.push_back(kProtoHTTP11);
   ASSERT_NO_FATAL_FAILURE(
       TestFalseStart(server_options, client_config, false));
@@ -2886,9 +2839,6 @@ TEST_F(SSLClientSocketFalseStartTest, DHE_RSA) {
       SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM;
   server_options.npn_protocols.push_back(std::string("http/1.1"));
   SSLConfig client_config;
-#if !defined(USE_OPENSSL)
-  client_config.alpn_protos.push_back(kProtoHTTP11);
-#endif
   client_config.npn_protos.push_back(kProtoHTTP11);
   // DHE is only advertised when deprecated ciphers are enabled.
   client_config.deprecated_cipher_suites_enabled = true;
@@ -2904,9 +2854,6 @@ TEST_F(SSLClientSocketFalseStartTest, NoAEAD) {
       SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128;
   server_options.npn_protocols.push_back(std::string("http/1.1"));
   SSLConfig client_config;
-#if !defined(USE_OPENSSL)
-  client_config.alpn_protos.push_back(kProtoHTTP11);
-#endif
   client_config.npn_protos.push_back(kProtoHTTP11);
   ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, false));
 }
@@ -2921,9 +2868,6 @@ TEST_F(SSLClientSocketFalseStartTest, SessionResumption) {
       SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM;
   server_options.npn_protocols.push_back(std::string("http/1.1"));
   SSLConfig client_config;
-#if !defined(USE_OPENSSL)
-  client_config.alpn_protos.push_back(kProtoHTTP11);
-#endif
   client_config.npn_protos.push_back(kProtoHTTP11);
 
   // Let a full handshake complete with False Start.
@@ -2954,15 +2898,12 @@ TEST_F(SSLClientSocketFalseStartTest, NoSessionResumptionBeforeFinished) {
   ASSERT_TRUE(StartTestServer(server_options));
 
   SSLConfig client_config;
-#if !defined(USE_OPENSSL)
-  client_config.alpn_protos.push_back(kProtoHTTP11);
-#endif
   client_config.npn_protos.push_back(kProtoHTTP11);
 
   // Start a handshake up to the server Finished message.
   TestCompletionCallback callback;
   FakeBlockingStreamSocket* raw_transport1 = NULL;
-  scoped_ptr<SSLClientSocket> sock1;
+  std::unique_ptr<SSLClientSocket> sock1;
   ASSERT_NO_FATAL_FAILURE(CreateAndConnectUntilServerFinishedReceived(
       client_config, &callback, &raw_transport1, &sock1));
   // Although raw_transport1 has the server Finished blocked, the handshake
@@ -3011,15 +2952,12 @@ TEST_F(SSLClientSocketFalseStartTest, NoSessionResumptionBadFinished) {
   ASSERT_TRUE(StartTestServer(server_options));
 
   SSLConfig client_config;
-#if !defined(USE_OPENSSL)
-  client_config.alpn_protos.push_back(kProtoHTTP11);
-#endif
   client_config.npn_protos.push_back(kProtoHTTP11);
 
   // Start a handshake up to the server Finished message.
   TestCompletionCallback callback;
   FakeBlockingStreamSocket* raw_transport1 = NULL;
-  scoped_ptr<SSLClientSocket> sock1;
+  std::unique_ptr<SSLClientSocket> sock1;
   ASSERT_NO_FATAL_FAILURE(CreateAndConnectUntilServerFinishedReceived(
       client_config, &callback, &raw_transport1, &sock1));
   // Although raw_transport1 has the server Finished blocked, the handshake
@@ -3160,10 +3098,6 @@ TEST_F(SSLClientSocketTest, NPN) {
   ASSERT_TRUE(StartTestServer(server_options));
 
   SSLConfig client_config;
-#if !defined(USE_OPENSSL)
-  client_config.alpn_protos.push_back(kProtoHTTP2);
-  client_config.alpn_protos.push_back(kProtoHTTP11);
-#endif
   client_config.npn_protos.push_back(kProtoHTTP2);
   client_config.npn_protos.push_back(kProtoHTTP11);
 
@@ -3184,10 +3118,6 @@ TEST_F(SSLClientSocketTest, NPNNoOverlap) {
   ASSERT_TRUE(StartTestServer(server_options));
 
   SSLConfig client_config;
-#if !defined(USE_OPENSSL)
-  client_config.alpn_protos.push_back(kProtoSPDY31);
-  client_config.alpn_protos.push_back(kProtoHTTP2);
-#endif
   client_config.npn_protos.push_back(kProtoSPDY31);
   client_config.npn_protos.push_back(kProtoHTTP2);
 
@@ -3209,10 +3139,6 @@ TEST_F(SSLClientSocketTest, NPNServerPreference) {
   ASSERT_TRUE(StartTestServer(server_options));
 
   SSLConfig client_config;
-#if !defined(USE_OPENSSL)
-  client_config.alpn_protos.push_back(kProtoHTTP2);
-  client_config.alpn_protos.push_back(kProtoSPDY31);
-#endif
   client_config.npn_protos.push_back(kProtoHTTP2);
   client_config.npn_protos.push_back(kProtoSPDY31);
 
@@ -3250,9 +3176,6 @@ TEST_F(SSLClientSocketTest, NPNServerDisabled) {
   ASSERT_TRUE(StartTestServer(server_options));
 
   SSLConfig client_config;
-#if !defined(USE_OPENSSL)
-  client_config.alpn_protos.push_back(kProtoHTTP11);
-#endif
   client_config.npn_protos.push_back(kProtoHTTP11);
 
   int rv;
@@ -3264,9 +3187,6 @@ TEST_F(SSLClientSocketTest, NPNServerDisabled) {
             sock_->GetNextProto(&proto));
 }
 
-// Client auth is not supported in NSS ports.
-#if defined(USE_OPENSSL)
-
 namespace {
 
 // Loads a PEM-encoded private key file into a SSLPrivateKey object.
@@ -3369,6 +3289,5 @@ TEST_F(SSLClientSocketTest, SendGoodCert) {
   sock_->Disconnect();
   EXPECT_FALSE(sock_->IsConnected());
 }
-#endif  // defined(USE_OPENSSL)
 
 }  // namespace net
diff --git a/chromium/net/socket/ssl_server_socket.h b/chromium/net/socket/ssl_server_socket.h
index 479bbc7a4f9..dfda6c1d23c 100644
--- a/chromium/net/socket/ssl_server_socket.h
+++ b/chromium/net/socket/ssl_server_socket.h
@@ -5,7 +5,8 @@
 #ifndef NET_SOCKET_SSL_SERVER_SOCKET_H_
 #define NET_SOCKET_SSL_SERVER_SOCKET_H_
 
-#include "base/memory/scoped_ptr.h"
+#include <memory>
+
 #include "net/base/completion_callback.h"
 #include "net/base/net_export.h"
 #include "net/socket/ssl_socket.h"
@@ -41,8 +42,8 @@ class SSLServerContext {
   //
   // The caller starts the SSL server handshake by calling Handshake on the
   // returned socket.
-  virtual scoped_ptr<SSLServerSocket> CreateSSLServerSocket(
-      scoped_ptr<StreamSocket> socket) = 0;
+  virtual std::unique_ptr<SSLServerSocket> CreateSSLServerSocket(
+      std::unique_ptr<StreamSocket> socket) = 0;
 };
 
 // Configures the underlying SSL library for the use of SSL server sockets.
@@ -62,7 +63,7 @@ NET_EXPORT void EnableSSLServerSockets();
 // It takes a reference to |certificate|.
 // The |key| and |ssl_config| parameters are copied.
 //
-NET_EXPORT scoped_ptr<SSLServerContext> CreateSSLServerContext(
+NET_EXPORT std::unique_ptr<SSLServerContext> CreateSSLServerContext(
     X509Certificate* certificate,
     const crypto::RSAPrivateKey& key,
     const SSLServerConfig& ssl_config);
diff --git a/chromium/net/socket/ssl_server_socket_openssl.cc b/chromium/net/socket/ssl_server_socket_impl.cc
index 74f223131d8..0bc3da7c59b 100644
--- a/chromium/net/socket/ssl_server_socket_openssl.cc
+++ b/chromium/net/socket/ssl_server_socket_impl.cc
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "net/socket/ssl_server_socket_openssl.h"
+#include "net/socket/ssl_server_socket_impl.h"
 
 #include <openssl/err.h>
 #include <openssl/ssl.h>
@@ -51,12 +51,12 @@ scoped_refptr<X509Certificate> CreateX509Certificate(X509* cert,
   return X509Certificate::CreateFromDERCertChain(der_chain);
 }
 
-class SSLServerSocketOpenSSL : public SSLServerSocket {
+class SSLServerSocketImpl : public SSLServerSocket {
  public:
   // See comments on CreateSSLServerSocket for details of how these
   // parameters are used.
-  SSLServerSocketOpenSSL(scoped_ptr<StreamSocket> socket, SSL* ssl);
-  ~SSLServerSocketOpenSSL() override;
+  SSLServerSocketImpl(std::unique_ptr<StreamSocket> socket, SSL* ssl);
+  ~SSLServerSocketImpl() override;
 
   // SSLServerSocket interface.
   int Handshake(const CompletionCallback& callback) override;
@@ -160,7 +160,7 @@ class SSLServerSocketOpenSSL : public SSLServerSocket {
   BIO* transport_bio_;
 
   // StreamSocket for sending and receiving data.
-  scoped_ptr<StreamSocket> transport_socket_;
+  std::unique_ptr<StreamSocket> transport_socket_;
 
   // Certificate for the client.
   scoped_refptr<X509Certificate> client_cert_;
@@ -168,11 +168,11 @@ class SSLServerSocketOpenSSL : public SSLServerSocket {
   State next_handshake_state_;
   bool completed_handshake_;
 
-  DISALLOW_COPY_AND_ASSIGN(SSLServerSocketOpenSSL);
+  DISALLOW_COPY_AND_ASSIGN(SSLServerSocketImpl);
 };
 
-SSLServerSocketOpenSSL::SSLServerSocketOpenSSL(
-    scoped_ptr<StreamSocket> transport_socket,
+SSLServerSocketImpl::SSLServerSocketImpl(
+    std::unique_ptr<StreamSocket> transport_socket,
     SSL* ssl)
     : transport_send_busy_(false),
       transport_recv_busy_(false),
@@ -186,7 +186,7 @@ SSLServerSocketOpenSSL::SSLServerSocketOpenSSL(
       next_handshake_state_(STATE_NONE),
       completed_handshake_(false) {}
 
-SSLServerSocketOpenSSL::~SSLServerSocketOpenSSL() {
+SSLServerSocketImpl::~SSLServerSocketImpl() {
   if (ssl_) {
     // Calling SSL_shutdown prevents the session from being marked as
     // unresumable.
@@ -200,7 +200,7 @@ SSLServerSocketOpenSSL::~SSLServerSocketOpenSSL() {
   }
 }
 
-int SSLServerSocketOpenSSL::Handshake(const CompletionCallback& callback) {
+int SSLServerSocketImpl::Handshake(const CompletionCallback& callback) {
   net_log_.BeginEvent(NetLog::TYPE_SSL_SERVER_HANDSHAKE);
 
   // Set up new ssl object.
@@ -225,12 +225,11 @@ int SSLServerSocketOpenSSL::Handshake(const CompletionCallback& callback) {
   return rv > OK ? OK : rv;
 }
 
-int SSLServerSocketOpenSSL::ExportKeyingMaterial(
-    const base::StringPiece& label,
-    bool has_context,
-    const base::StringPiece& context,
-    unsigned char* out,
-    unsigned int outlen) {
+int SSLServerSocketImpl::ExportKeyingMaterial(const base::StringPiece& label,
+                                              bool has_context,
+                                              const base::StringPiece& context,
+                                              unsigned char* out,
+                                              unsigned int outlen) {
   if (!IsConnected())
     return ERR_SOCKET_NOT_CONNECTED;
 
@@ -238,22 +237,21 @@ int SSLServerSocketOpenSSL::ExportKeyingMaterial(
 
   int rv = SSL_export_keying_material(
       ssl_, out, outlen, label.data(), label.size(),
-      reinterpret_cast<const unsigned char*>(context.data()),
-      context.length(), context.length() > 0);
+      reinterpret_cast<const unsigned char*>(context.data()), context.length(),
+      context.length() > 0);
 
   if (rv != 1) {
     int ssl_error = SSL_get_error(ssl_, rv);
     LOG(ERROR) << "Failed to export keying material;"
-               << " returned " << rv
-               << ", SSL error code " << ssl_error;
+               << " returned " << rv << ", SSL error code " << ssl_error;
     return MapOpenSSLError(ssl_error, err_tracer);
   }
   return OK;
 }
 
-int SSLServerSocketOpenSSL::Read(IOBuffer* buf,
-                                 int buf_len,
-                                 const CompletionCallback& callback) {
+int SSLServerSocketImpl::Read(IOBuffer* buf,
+                              int buf_len,
+                              const CompletionCallback& callback) {
   DCHECK(user_read_callback_.is_null());
   DCHECK(user_handshake_callback_.is_null());
   DCHECK(!user_read_buf_);
@@ -276,9 +274,9 @@ int SSLServerSocketOpenSSL::Read(IOBuffer* buf,
   return rv;
 }
 
-int SSLServerSocketOpenSSL::Write(IOBuffer* buf,
-                                  int buf_len,
-                                  const CompletionCallback& callback) {
+int SSLServerSocketImpl::Write(IOBuffer* buf,
+                               int buf_len,
+                               const CompletionCallback& callback) {
   DCHECK(user_write_callback_.is_null());
   DCHECK(!user_write_buf_);
   DCHECK(!callback.is_null());
@@ -297,72 +295,72 @@ int SSLServerSocketOpenSSL::Write(IOBuffer* buf,
   return rv;
 }
 
-int SSLServerSocketOpenSSL::SetReceiveBufferSize(int32_t size) {
+int SSLServerSocketImpl::SetReceiveBufferSize(int32_t size) {
   return transport_socket_->SetReceiveBufferSize(size);
 }
 
-int SSLServerSocketOpenSSL::SetSendBufferSize(int32_t size) {
+int SSLServerSocketImpl::SetSendBufferSize(int32_t size) {
   return transport_socket_->SetSendBufferSize(size);
 }
 
-int SSLServerSocketOpenSSL::Connect(const CompletionCallback& callback) {
+int SSLServerSocketImpl::Connect(const CompletionCallback& callback) {
   NOTIMPLEMENTED();
   return ERR_NOT_IMPLEMENTED;
 }
 
-void SSLServerSocketOpenSSL::Disconnect() {
+void SSLServerSocketImpl::Disconnect() {
   transport_socket_->Disconnect();
 }
 
-bool SSLServerSocketOpenSSL::IsConnected() const {
+bool SSLServerSocketImpl::IsConnected() const {
   // TODO(wtc): Find out if we should check transport_socket_->IsConnected()
   // as well.
   return completed_handshake_;
 }
 
-bool SSLServerSocketOpenSSL::IsConnectedAndIdle() const {
+bool SSLServerSocketImpl::IsConnectedAndIdle() const {
   return completed_handshake_ && transport_socket_->IsConnectedAndIdle();
 }
 
-int SSLServerSocketOpenSSL::GetPeerAddress(IPEndPoint* address) const {
+int SSLServerSocketImpl::GetPeerAddress(IPEndPoint* address) const {
   if (!IsConnected())
     return ERR_SOCKET_NOT_CONNECTED;
   return transport_socket_->GetPeerAddress(address);
 }
 
-int SSLServerSocketOpenSSL::GetLocalAddress(IPEndPoint* address) const {
+int SSLServerSocketImpl::GetLocalAddress(IPEndPoint* address) const {
   if (!IsConnected())
     return ERR_SOCKET_NOT_CONNECTED;
   return transport_socket_->GetLocalAddress(address);
 }
 
-const BoundNetLog& SSLServerSocketOpenSSL::NetLog() const {
+const BoundNetLog& SSLServerSocketImpl::NetLog() const {
   return net_log_;
 }
 
-void SSLServerSocketOpenSSL::SetSubresourceSpeculation() {
+void SSLServerSocketImpl::SetSubresourceSpeculation() {
   transport_socket_->SetSubresourceSpeculation();
 }
 
-void SSLServerSocketOpenSSL::SetOmniboxSpeculation() {
+void SSLServerSocketImpl::SetOmniboxSpeculation() {
   transport_socket_->SetOmniboxSpeculation();
 }
 
-bool SSLServerSocketOpenSSL::WasEverUsed() const {
+bool SSLServerSocketImpl::WasEverUsed() const {
   return transport_socket_->WasEverUsed();
 }
 
-bool SSLServerSocketOpenSSL::WasNpnNegotiated() const {
+bool SSLServerSocketImpl::WasNpnNegotiated() const {
   NOTIMPLEMENTED();
   return false;
 }
 
-NextProto SSLServerSocketOpenSSL::GetNegotiatedProtocol() const {
+NextProto SSLServerSocketImpl::GetNegotiatedProtocol() const {
   // NPN is not supported by this class.
   return kProtoUnknown;
 }
 
-bool SSLServerSocketOpenSSL::GetSSLInfo(SSLInfo* ssl_info) {
+bool SSLServerSocketImpl::GetSSLInfo(SSLInfo* ssl_info) {
   ssl_info->Reset();
   if (!completed_handshake_)
     return false;
@@ -389,16 +387,15 @@ bool SSLServerSocketOpenSSL::GetSSLInfo(SSLInfo* ssl_info) {
   return true;
 }
 
-void SSLServerSocketOpenSSL::GetConnectionAttempts(
-    ConnectionAttempts* out) const {
+void SSLServerSocketImpl::GetConnectionAttempts(ConnectionAttempts* out) const {
   out->clear();
 }
 
-int64_t SSLServerSocketOpenSSL::GetTotalReceivedBytes() const {
+int64_t SSLServerSocketImpl::GetTotalReceivedBytes() const {
   return transport_socket_->GetTotalReceivedBytes();
 }
 
-void SSLServerSocketOpenSSL::OnSendComplete(int result) {
+void SSLServerSocketImpl::OnSendComplete(int result) {
   if (next_handshake_state_ == STATE_HANDSHAKE) {
     // In handshake phase.
     OnHandshakeIOComplete(result);
@@ -406,7 +403,7 @@ void SSLServerSocketOpenSSL::OnSendComplete(int result) {
   }
 
   // TODO(byungchul): This state machine is not correct. Copy the state machine
-  // of SSLClientSocketOpenSSL::OnSendComplete() which handles it better.
+  // of SSLClientSocketImpl::OnSendComplete() which handles it better.
   if (!completed_handshake_)
     return;
 
@@ -420,7 +417,7 @@ void SSLServerSocketOpenSSL::OnSendComplete(int result) {
   }
 }
 
-void SSLServerSocketOpenSSL::OnRecvComplete(int result) {
+void SSLServerSocketImpl::OnRecvComplete(int result) {
   if (next_handshake_state_ == STATE_HANDSHAKE) {
     // In handshake phase.
     OnHandshakeIOComplete(result);
@@ -437,7 +434,7 @@ void SSLServerSocketOpenSSL::OnRecvComplete(int result) {
     DoReadCallback(rv);
 }
 
-void SSLServerSocketOpenSSL::OnHandshakeIOComplete(int result) {
+void SSLServerSocketImpl::OnHandshakeIOComplete(int result) {
   int rv = DoHandshakeLoop(result);
   if (rv == ERR_IO_PENDING)
     return;
@@ -450,7 +447,7 @@ void SSLServerSocketOpenSSL::OnHandshakeIOComplete(int result) {
 // Return 0 for EOF,
 // > 0 for bytes transferred immediately,
 // < 0 for error (or the non-error ERR_IO_PENDING).
-int SSLServerSocketOpenSSL::BufferSend() {
+int SSLServerSocketImpl::BufferSend() {
   if (transport_send_busy_)
     return ERR_IO_PENDING;
 
@@ -467,7 +464,7 @@ int SSLServerSocketOpenSSL::BufferSend() {
 
   int rv = transport_socket_->Write(
       send_buffer_.get(), send_buffer_->BytesRemaining(),
-      base::Bind(&SSLServerSocketOpenSSL::BufferSendComplete,
+      base::Bind(&SSLServerSocketImpl::BufferSendComplete,
                  base::Unretained(this)));
   if (rv == ERR_IO_PENDING) {
     transport_send_busy_ = true;
@@ -477,13 +474,13 @@ int SSLServerSocketOpenSSL::BufferSend() {
   return rv;
 }
 
-void SSLServerSocketOpenSSL::BufferSendComplete(int result) {
+void SSLServerSocketImpl::BufferSendComplete(int result) {
   transport_send_busy_ = false;
   TransportWriteComplete(result);
   OnSendComplete(result);
 }
 
-void SSLServerSocketOpenSSL::TransportWriteComplete(int result) {
+void SSLServerSocketImpl::TransportWriteComplete(int result) {
   DCHECK(ERR_IO_PENDING != result);
   if (result < 0) {
     // Got a socket write error; close the BIO to indicate this upward.
@@ -510,7 +507,7 @@ void SSLServerSocketOpenSSL::TransportWriteComplete(int result) {
   }
 }
 
-int SSLServerSocketOpenSSL::BufferRecv() {
+int SSLServerSocketImpl::BufferRecv() {
   if (transport_recv_busy_)
     return ERR_IO_PENDING;
 
@@ -539,7 +536,7 @@ int SSLServerSocketOpenSSL::BufferRecv() {
   recv_buffer_ = new IOBuffer(max_write);
   int rv = transport_socket_->Read(
       recv_buffer_.get(), max_write,
-      base::Bind(&SSLServerSocketOpenSSL::BufferRecvComplete,
+      base::Bind(&SSLServerSocketImpl::BufferRecvComplete,
                  base::Unretained(this)));
   if (rv == ERR_IO_PENDING) {
     transport_recv_busy_ = true;
@@ -549,12 +546,12 @@ int SSLServerSocketOpenSSL::BufferRecv() {
   return rv;
 }
 
-void SSLServerSocketOpenSSL::BufferRecvComplete(int result) {
+void SSLServerSocketImpl::BufferRecvComplete(int result) {
   result = TransportReadComplete(result);
   OnRecvComplete(result);
 }
 
-int SSLServerSocketOpenSSL::TransportReadComplete(int result) {
+int SSLServerSocketImpl::TransportReadComplete(int result) {
   DCHECK(ERR_IO_PENDING != result);
   if (result <= 0) {
     DVLOG(1) << "TransportReadComplete result " << result;
@@ -583,7 +580,7 @@ int SSLServerSocketOpenSSL::TransportReadComplete(int result) {
 // Do as much network I/O as possible between the buffer and the
 // transport socket. Return true if some I/O performed, false
 // otherwise (error or ERR_IO_PENDING).
-bool SSLServerSocketOpenSSL::DoTransportIO() {
+bool SSLServerSocketImpl::DoTransportIO() {
   bool network_moved = false;
   int rv;
   // Read and write as much data as possible. The loop is necessary because
@@ -598,7 +595,7 @@ bool SSLServerSocketOpenSSL::DoTransportIO() {
   return network_moved;
 }
 
-int SSLServerSocketOpenSSL::DoPayloadRead() {
+int SSLServerSocketImpl::DoPayloadRead() {
   DCHECK(user_read_buf_);
   DCHECK_GT(user_read_buf_len_, 0);
   crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
@@ -607,8 +604,8 @@ int SSLServerSocketOpenSSL::DoPayloadRead() {
     return rv;
   int ssl_error = SSL_get_error(ssl_, rv);
   OpenSSLErrorInfo error_info;
-  int net_error = MapOpenSSLErrorWithDetails(ssl_error, err_tracer,
-                                             &error_info);
+  int net_error =
+      MapOpenSSLErrorWithDetails(ssl_error, err_tracer, &error_info);
   if (net_error != ERR_IO_PENDING) {
     net_log_.AddEvent(
         NetLog::TYPE_SSL_READ_ERROR,
@@ -617,7 +614,7 @@ int SSLServerSocketOpenSSL::DoPayloadRead() {
   return net_error;
 }
 
-int SSLServerSocketOpenSSL::DoPayloadWrite() {
+int SSLServerSocketImpl::DoPayloadWrite() {
   DCHECK(user_write_buf_);
   crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
   int rv = SSL_write(ssl_, user_write_buf_->data(), user_write_buf_len_);
@@ -625,8 +622,8 @@ int SSLServerSocketOpenSSL::DoPayloadWrite() {
     return rv;
   int ssl_error = SSL_get_error(ssl_, rv);
   OpenSSLErrorInfo error_info;
-  int net_error = MapOpenSSLErrorWithDetails(ssl_error, err_tracer,
-                                             &error_info);
+  int net_error =
+      MapOpenSSLErrorWithDetails(ssl_error, err_tracer, &error_info);
   if (net_error != ERR_IO_PENDING) {
     net_log_.AddEvent(
         NetLog::TYPE_SSL_WRITE_ERROR,
@@ -635,7 +632,7 @@ int SSLServerSocketOpenSSL::DoPayloadWrite() {
   return net_error;
 }
 
-int SSLServerSocketOpenSSL::DoHandshakeLoop(int last_io_result) {
+int SSLServerSocketImpl::DoHandshakeLoop(int last_io_result) {
   int rv = last_io_result;
   do {
     // Default to STATE_NONE for next state.
@@ -668,7 +665,7 @@ int SSLServerSocketOpenSSL::DoHandshakeLoop(int last_io_result) {
   return rv;
 }
 
-int SSLServerSocketOpenSSL::DoReadLoop(int result) {
+int SSLServerSocketImpl::DoReadLoop(int result) {
   DCHECK(completed_handshake_);
   DCHECK(next_handshake_state_ == STATE_NONE);
 
@@ -684,7 +681,7 @@ int SSLServerSocketOpenSSL::DoReadLoop(int result) {
   return rv;
 }
 
-int SSLServerSocketOpenSSL::DoWriteLoop(int result) {
+int SSLServerSocketImpl::DoWriteLoop(int result) {
   DCHECK(completed_handshake_);
   DCHECK_EQ(next_handshake_state_, STATE_NONE);
 
@@ -700,7 +697,7 @@ int SSLServerSocketOpenSSL::DoWriteLoop(int result) {
   return rv;
 }
 
-int SSLServerSocketOpenSSL::DoHandshake() {
+int SSLServerSocketImpl::DoHandshake() {
   crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
   int net_error = OK;
   int rv = SSL_do_handshake(ssl_);
@@ -733,9 +730,8 @@ int SSLServerSocketOpenSSL::DoHandshake() {
     if (net_error == ERR_IO_PENDING) {
       GotoState(STATE_HANDSHAKE);
     } else {
-      LOG(ERROR) << "handshake failed; returned " << rv
-                 << ", SSL error code " << ssl_error
-                 << ", net_error " << net_error;
+      LOG(ERROR) << "handshake failed; returned " << rv << ", SSL error code "
+                 << ssl_error << ", net_error " << net_error;
       net_log_.AddEvent(
           NetLog::TYPE_SSL_HANDSHAKE_ERROR,
           CreateNetLogOpenSSLErrorCallback(net_error, ssl_error, error_info));
@@ -744,12 +740,12 @@ int SSLServerSocketOpenSSL::DoHandshake() {
   return net_error;
 }
 
-void SSLServerSocketOpenSSL::DoHandshakeCallback(int rv) {
+void SSLServerSocketImpl::DoHandshakeCallback(int rv) {
   DCHECK_NE(rv, ERR_IO_PENDING);
   base::ResetAndReturn(&user_handshake_callback_).Run(rv > OK ? OK : rv);
 }
 
-void SSLServerSocketOpenSSL::DoReadCallback(int rv) {
+void SSLServerSocketImpl::DoReadCallback(int rv) {
   DCHECK(rv != ERR_IO_PENDING);
   DCHECK(!user_read_callback_.is_null());
 
@@ -758,7 +754,7 @@ void SSLServerSocketOpenSSL::DoReadCallback(int rv) {
   base::ResetAndReturn(&user_read_callback_).Run(rv);
 }
 
-void SSLServerSocketOpenSSL::DoWriteCallback(int rv) {
+void SSLServerSocketImpl::DoWriteCallback(int rv) {
   DCHECK(rv != ERR_IO_PENDING);
   DCHECK(!user_write_callback_.is_null());
 
@@ -767,7 +763,7 @@ void SSLServerSocketOpenSSL::DoWriteCallback(int rv) {
   base::ResetAndReturn(&user_write_callback_).Run(rv);
 }
 
-int SSLServerSocketOpenSSL::Init() {
+int SSLServerSocketImpl::Init() {
   DCHECK(!transport_bio_);
 
   crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
@@ -788,8 +784,8 @@ int SSLServerSocketOpenSSL::Init() {
 }
 
 // static
-int SSLServerSocketOpenSSL::CertVerifyCallback(X509_STORE_CTX* store_ctx,
-                                               void* arg) {
+int SSLServerSocketImpl::CertVerifyCallback(X509_STORE_CTX* store_ctx,
+                                            void* arg) {
   ClientCertVerifier* verifier = reinterpret_cast<ClientCertVerifier*>(arg);
   // If a verifier was not supplied, all certificates are accepted.
   if (!verifier)
@@ -805,7 +801,7 @@ int SSLServerSocketOpenSSL::CertVerifyCallback(X509_STORE_CTX* store_ctx,
   // http://crbug.com/347402
   // The API for Verify supports the parts needed for async completion
   // but is currently expected to complete synchronously.
-  scoped_ptr<ClientCertVerifier::Request> ignore_async;
+  std::unique_ptr<ClientCertVerifier::Request> ignore_async;
   int res =
       verifier->Verify(client_cert.get(), CompletionCallback(), &ignore_async);
   DCHECK_NE(res, ERR_IO_PENDING);
@@ -819,15 +815,15 @@ int SSLServerSocketOpenSSL::CertVerifyCallback(X509_STORE_CTX* store_ctx,
 
 }  // namespace
 
-scoped_ptr<SSLServerContext> CreateSSLServerContext(
+std::unique_ptr<SSLServerContext> CreateSSLServerContext(
     X509Certificate* certificate,
     const crypto::RSAPrivateKey& key,
     const SSLServerConfig& ssl_server_config) {
-  return scoped_ptr<SSLServerContext>(
-      new SSLServerContextOpenSSL(certificate, key, ssl_server_config));
+  return std::unique_ptr<SSLServerContext>(
+      new SSLServerContextImpl(certificate, key, ssl_server_config));
 }
 
-SSLServerContextOpenSSL::SSLServerContextOpenSSL(
+SSLServerContextImpl::SSLServerContextImpl(
     X509Certificate* certificate,
     const crypto::RSAPrivateKey& key,
     const SSLServerConfig& ssl_server_config)
@@ -850,9 +846,9 @@ SSLServerContextOpenSSL::SSLServerContextOpenSSL(
     case SSLServerConfig::ClientCertType::OPTIONAL_CLIENT_CERT:
       verify_mode |= SSL_VERIFY_PEER;
       SSL_CTX_set_verify(ssl_ctx_.get(), verify_mode, nullptr);
-      SSL_CTX_set_cert_verify_callback(
-          ssl_ctx_.get(), SSLServerSocketOpenSSL::CertVerifyCallback,
-          ssl_server_config_.client_cert_verifier);
+      SSL_CTX_set_cert_verify_callback(ssl_ctx_.get(),
+                                       SSLServerSocketImpl::CertVerifyCallback,
+                                       ssl_server_config_.client_cert_verifier);
       break;
     case SSLServerConfig::ClientCertType::NO_CLIENT_CERT:
       break;
@@ -941,13 +937,13 @@ SSLServerContextOpenSSL::SSLServerContextOpenSSL(
   }
 }
 
-SSLServerContextOpenSSL::~SSLServerContextOpenSSL() {}
+SSLServerContextImpl::~SSLServerContextImpl() {}
 
-scoped_ptr<SSLServerSocket> SSLServerContextOpenSSL::CreateSSLServerSocket(
-    scoped_ptr<StreamSocket> socket) {
+std::unique_ptr<SSLServerSocket> SSLServerContextImpl::CreateSSLServerSocket(
+    std::unique_ptr<StreamSocket> socket) {
   SSL* ssl = SSL_new(ssl_ctx_.get());
-  return scoped_ptr<SSLServerSocket>(
-      new SSLServerSocketOpenSSL(std::move(socket), ssl));
+  return std::unique_ptr<SSLServerSocket>(
+      new SSLServerSocketImpl(std::move(socket), ssl));
 }
 
 void EnableSSLServerSockets() {
diff --git a/chromium/net/socket/ssl_server_socket_openssl.h b/chromium/net/socket/ssl_server_socket_impl.h
index 3a9d9c85fc1..19a47971941 100644
--- a/chromium/net/socket/ssl_server_socket_openssl.h
+++ b/chromium/net/socket/ssl_server_socket_impl.h
@@ -2,13 +2,14 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#ifndef NET_SOCKET_SSL_SERVER_SOCKET_OPENSSL_H_
-#define NET_SOCKET_SSL_SERVER_SOCKET_OPENSSL_H_
+#ifndef NET_SOCKET_SSL_SERVER_SOCKET_IMPL_H_
+#define NET_SOCKET_SSL_SERVER_SOCKET_IMPL_H_
 
 #include <stdint.h>
 
+#include <memory>
+
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/completion_callback.h"
 #include "net/base/io_buffer.h"
 #include "net/log/net_log.h"
@@ -27,15 +28,15 @@ namespace net {
 
 class SSLInfo;
 
-class SSLServerContextOpenSSL : public SSLServerContext {
+class SSLServerContextImpl : public SSLServerContext {
  public:
-  SSLServerContextOpenSSL(X509Certificate* certificate,
-                          const crypto::RSAPrivateKey& key,
-                          const SSLServerConfig& ssl_server_config);
-  ~SSLServerContextOpenSSL() override;
+  SSLServerContextImpl(X509Certificate* certificate,
+                       const crypto::RSAPrivateKey& key,
+                       const SSLServerConfig& ssl_server_config);
+  ~SSLServerContextImpl() override;
 
-  scoped_ptr<SSLServerSocket> CreateSSLServerSocket(
-      scoped_ptr<StreamSocket> socket) override;
+  std::unique_ptr<SSLServerSocket> CreateSSLServerSocket(
+      std::unique_ptr<StreamSocket> socket) override;
 
  private:
   ScopedSSL_CTX ssl_ctx_;
@@ -47,9 +48,9 @@ class SSLServerContextOpenSSL : public SSLServerContext {
   scoped_refptr<X509Certificate> cert_;
 
   // Private key used by the server.
-  scoped_ptr<crypto::RSAPrivateKey> key_;
+  std::unique_ptr<crypto::RSAPrivateKey> key_;
 };
 
 }  // namespace net
 
-#endif  // NET_SOCKET_SSL_SERVER_SOCKET_OPENSSL_H_
+#endif  // NET_SOCKET_SSL_SERVER_SOCKET_IMPL_H_
diff --git a/chromium/net/socket/ssl_server_socket_nss.cc b/chromium/net/socket/ssl_server_socket_nss.cc
deleted file mode 100644
index 8e02909cf54..00000000000
--- a/chromium/net/socket/ssl_server_socket_nss.cc
+++ /dev/null
@@ -1,982 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "net/socket/ssl_server_socket_nss.h"
-
-#include <utility>
-
-#if defined(OS_WIN)
-#include <winsock2.h>
-#endif
-
-#if defined(USE_SYSTEM_SSL)
-#include <dlfcn.h>
-#endif
-#if defined(OS_MACOSX)
-#include <Security/Security.h>
-#endif
-#include <certdb.h>
-#include <cryptohi.h>
-#include <hasht.h>
-#include <keyhi.h>
-#include <nspr.h>
-#include <nss.h>
-#include <pk11pub.h>
-#include <secerr.h>
-#include <sechash.h>
-#include <ssl.h>
-#include <sslerr.h>
-#include <sslproto.h>
-
-#include <limits>
-
-#include "base/callback_helpers.h"
-#include "base/lazy_instance.h"
-#include "base/logging.h"
-#include "base/memory/ref_counted.h"
-#include "crypto/nss_util_internal.h"
-#include "crypto/rsa_private_key.h"
-#include "net/base/io_buffer.h"
-#include "net/base/net_errors.h"
-#include "net/log/net_log.h"
-#include "net/socket/nss_ssl_util.h"
-
-// SSL plaintext fragments are shorter than 16KB. Although the record layer
-// overhead is allowed to be 2K + 5 bytes, in practice the overhead is much
-// smaller than 1KB. So a 17KB buffer should be large enough to hold an
-// entire SSL record.
-static const int kRecvBufferSize = 17 * 1024;
-static const int kSendBufferSize = 17 * 1024;
-
-#define GotoState(s) next_handshake_state_ = s
-
-namespace net {
-
-namespace {
-
-bool g_nss_server_sockets_init = false;
-
-class NSSSSLServerInitSingleton {
- public:
-  NSSSSLServerInitSingleton() {
-    EnsureNSSSSLInit();
-
-    SSL_ConfigServerSessionIDCache(64, 28800, 28800, NULL);
-    g_nss_server_sockets_init = true;
-  }
-
-  ~NSSSSLServerInitSingleton() {
-    SSL_ShutdownServerSessionIDCache();
-    g_nss_server_sockets_init = false;
-  }
-};
-
-static base::LazyInstance<NSSSSLServerInitSingleton>::Leaky
-    g_nss_ssl_server_init_singleton = LAZY_INSTANCE_INITIALIZER;
-
-class SSLServerSocketNSS : public SSLServerSocket {
- public:
-  // See comments on CreateSSLServerSocket for details of how these
-  // parameters are used.
-  SSLServerSocketNSS(scoped_ptr<StreamSocket> socket,
-                     X509Certificate* certificate,
-                     const crypto::RSAPrivateKey& key,
-                     const SSLServerConfig& ssl_server_config);
-  ~SSLServerSocketNSS() override;
-
-  // SSLServerSocket interface.
-  int Handshake(const CompletionCallback& callback) override;
-
-  // SSLSocket interface.
-  int ExportKeyingMaterial(const base::StringPiece& label,
-                           bool has_context,
-                           const base::StringPiece& context,
-                           unsigned char* out,
-                           unsigned int outlen) override;
-
-  // Socket interface (via StreamSocket).
-  int Read(IOBuffer* buf,
-           int buf_len,
-           const CompletionCallback& callback) override;
-  int Write(IOBuffer* buf,
-            int buf_len,
-            const CompletionCallback& callback) override;
-  int SetReceiveBufferSize(int32_t size) override;
-  int SetSendBufferSize(int32_t size) override;
-
-  // StreamSocket implementation.
-  int Connect(const CompletionCallback& callback) override;
-  void Disconnect() override;
-  bool IsConnected() const override;
-  bool IsConnectedAndIdle() const override;
-  int GetPeerAddress(IPEndPoint* address) const override;
-  int GetLocalAddress(IPEndPoint* address) const override;
-  const BoundNetLog& NetLog() const override;
-  void SetSubresourceSpeculation() override;
-  void SetOmniboxSpeculation() override;
-  bool WasEverUsed() const override;
-  bool WasNpnNegotiated() const override;
-  NextProto GetNegotiatedProtocol() const override;
-  bool GetSSLInfo(SSLInfo* ssl_info) override;
-  void GetConnectionAttempts(ConnectionAttempts* out) const override;
-  void ClearConnectionAttempts() override {}
-  void AddConnectionAttempts(const ConnectionAttempts& attempts) override {}
-  int64_t GetTotalReceivedBytes() const override;
-
- private:
-  enum State {
-    STATE_NONE,
-    STATE_HANDSHAKE,
-  };
-
-  int InitializeSSLOptions();
-
-  void OnSendComplete(int result);
-  void OnRecvComplete(int result);
-  void OnHandshakeIOComplete(int result);
-
-  int BufferSend();
-  void BufferSendComplete(int result);
-  int BufferRecv();
-  void BufferRecvComplete(int result);
-  bool DoTransportIO();
-  int DoPayloadRead();
-  int DoPayloadWrite();
-
-  int DoHandshakeLoop(int last_io_result);
-  int DoReadLoop(int result);
-  int DoWriteLoop(int result);
-  int DoHandshake();
-  void DoHandshakeCallback(int result);
-  void DoReadCallback(int result);
-  void DoWriteCallback(int result);
-
-  static SECStatus OwnAuthCertHandler(void* arg,
-                                      PRFileDesc* socket,
-                                      PRBool checksig,
-                                      PRBool is_server);
-  static void HandshakeCallback(PRFileDesc* socket, void* arg);
-
-  int Init();
-
-  // Members used to send and receive buffer.
-  bool transport_send_busy_;
-  bool transport_recv_busy_;
-
-  scoped_refptr<IOBuffer> recv_buffer_;
-
-  BoundNetLog net_log_;
-
-  CompletionCallback user_handshake_callback_;
-  CompletionCallback user_read_callback_;
-  CompletionCallback user_write_callback_;
-
-  // Used by Read function.
-  scoped_refptr<IOBuffer> user_read_buf_;
-  int user_read_buf_len_;
-
-  // Used by Write function.
-  scoped_refptr<IOBuffer> user_write_buf_;
-  int user_write_buf_len_;
-
-  // The NSS SSL state machine
-  PRFileDesc* nss_fd_;
-
-  // Buffers for the network end of the SSL state machine
-  memio_Private* nss_bufs_;
-
-  // StreamSocket for sending and receiving data.
-  scoped_ptr<StreamSocket> transport_socket_;
-
-  // Options for the SSL socket.
-  SSLServerConfig ssl_server_config_;
-
-  // Certificate for the server.
-  scoped_refptr<X509Certificate> cert_;
-
-  // Private key used by the server.
-  scoped_ptr<crypto::RSAPrivateKey> key_;
-
-  State next_handshake_state_;
-  bool completed_handshake_;
-
-  DISALLOW_COPY_AND_ASSIGN(SSLServerSocketNSS);
-};
-
-SSLServerSocketNSS::SSLServerSocketNSS(
-    scoped_ptr<StreamSocket> transport_socket,
-    X509Certificate* cert,
-    const crypto::RSAPrivateKey& key,
-    const SSLServerConfig& ssl_server_config)
-    : transport_send_busy_(false),
-      transport_recv_busy_(false),
-      user_read_buf_len_(0),
-      user_write_buf_len_(0),
-      nss_fd_(NULL),
-      nss_bufs_(NULL),
-      transport_socket_(std::move(transport_socket)),
-      ssl_server_config_(ssl_server_config),
-      cert_(cert),
-      key_(key.Copy()),
-      next_handshake_state_(STATE_NONE),
-      completed_handshake_(false) {
-  CHECK(key_);
-}
-
-SSLServerSocketNSS::~SSLServerSocketNSS() {
-  if (nss_fd_ != NULL) {
-    PR_Close(nss_fd_);
-    nss_fd_ = NULL;
-  }
-}
-
-int SSLServerSocketNSS::Handshake(const CompletionCallback& callback) {
-  net_log_.BeginEvent(NetLog::TYPE_SSL_SERVER_HANDSHAKE);
-
-  int rv = Init();
-  if (rv != OK) {
-    LOG(ERROR) << "Failed to initialize NSS";
-    net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_SERVER_HANDSHAKE, rv);
-    return rv;
-  }
-
-  rv = InitializeSSLOptions();
-  if (rv != OK) {
-    LOG(ERROR) << "Failed to initialize SSL options";
-    net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_SERVER_HANDSHAKE, rv);
-    return rv;
-  }
-
-  // Set peer address. TODO(hclam): This should be in a separate method.
-  PRNetAddr peername;
-  memset(&peername, 0, sizeof(peername));
-  peername.raw.family = AF_INET;
-  memio_SetPeerName(nss_fd_, &peername);
-
-  GotoState(STATE_HANDSHAKE);
-  rv = DoHandshakeLoop(OK);
-  if (rv == ERR_IO_PENDING) {
-    user_handshake_callback_ = callback;
-  } else {
-    net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_SERVER_HANDSHAKE, rv);
-  }
-
-  return rv > OK ? OK : rv;
-}
-
-int SSLServerSocketNSS::ExportKeyingMaterial(const base::StringPiece& label,
-                                             bool has_context,
-                                             const base::StringPiece& context,
-                                             unsigned char* out,
-                                             unsigned int outlen) {
-  if (!IsConnected())
-    return ERR_SOCKET_NOT_CONNECTED;
-  SECStatus result = SSL_ExportKeyingMaterial(
-      nss_fd_, label.data(), label.size(), has_context,
-      reinterpret_cast<const unsigned char*>(context.data()),
-      context.length(), out, outlen);
-  if (result != SECSuccess) {
-    LogFailedNSSFunction(net_log_, "SSL_ExportKeyingMaterial", "");
-    return MapNSSError(PORT_GetError());
-  }
-  return OK;
-}
-
-int SSLServerSocketNSS::Connect(const CompletionCallback& callback) {
-  NOTIMPLEMENTED();
-  return ERR_NOT_IMPLEMENTED;
-}
-
-int SSLServerSocketNSS::Read(IOBuffer* buf,
-                             int buf_len,
-                             const CompletionCallback& callback) {
-  DCHECK(user_read_callback_.is_null());
-  DCHECK(user_handshake_callback_.is_null());
-  DCHECK(!user_read_buf_);
-  DCHECK(nss_bufs_);
-  DCHECK(!callback.is_null());
-
-  user_read_buf_ = buf;
-  user_read_buf_len_ = buf_len;
-
-  DCHECK(completed_handshake_);
-
-  int rv = DoReadLoop(OK);
-
-  if (rv == ERR_IO_PENDING) {
-    user_read_callback_ = callback;
-  } else {
-    user_read_buf_ = NULL;
-    user_read_buf_len_ = 0;
-  }
-  return rv;
-}
-
-int SSLServerSocketNSS::Write(IOBuffer* buf,
-                              int buf_len,
-                              const CompletionCallback& callback) {
-  DCHECK(user_write_callback_.is_null());
-  DCHECK(!user_write_buf_);
-  DCHECK(nss_bufs_);
-  DCHECK(!callback.is_null());
-
-  user_write_buf_ = buf;
-  user_write_buf_len_ = buf_len;
-
-  int rv = DoWriteLoop(OK);
-
-  if (rv == ERR_IO_PENDING) {
-    user_write_callback_ = callback;
-  } else {
-    user_write_buf_ = NULL;
-    user_write_buf_len_ = 0;
-  }
-  return rv;
-}
-
-int SSLServerSocketNSS::SetReceiveBufferSize(int32_t size) {
-  return transport_socket_->SetReceiveBufferSize(size);
-}
-
-int SSLServerSocketNSS::SetSendBufferSize(int32_t size) {
-  return transport_socket_->SetSendBufferSize(size);
-}
-
-bool SSLServerSocketNSS::IsConnected() const {
-  // TODO(wtc): Find out if we should check transport_socket_->IsConnected()
-  // as well.
-  return completed_handshake_;
-}
-
-void SSLServerSocketNSS::Disconnect() {
-  transport_socket_->Disconnect();
-}
-
-bool SSLServerSocketNSS::IsConnectedAndIdle() const {
-  return completed_handshake_ && transport_socket_->IsConnectedAndIdle();
-}
-
-int SSLServerSocketNSS::GetPeerAddress(IPEndPoint* address) const {
-  if (!IsConnected())
-    return ERR_SOCKET_NOT_CONNECTED;
-  return transport_socket_->GetPeerAddress(address);
-}
-
-int SSLServerSocketNSS::GetLocalAddress(IPEndPoint* address) const {
-  if (!IsConnected())
-    return ERR_SOCKET_NOT_CONNECTED;
-  return transport_socket_->GetLocalAddress(address);
-}
-
-const BoundNetLog& SSLServerSocketNSS::NetLog() const {
-  return net_log_;
-}
-
-void SSLServerSocketNSS::SetSubresourceSpeculation() {
-  transport_socket_->SetSubresourceSpeculation();
-}
-
-void SSLServerSocketNSS::SetOmniboxSpeculation() {
-  transport_socket_->SetOmniboxSpeculation();
-}
-
-bool SSLServerSocketNSS::WasEverUsed() const {
-  return transport_socket_->WasEverUsed();
-}
-
-bool SSLServerSocketNSS::WasNpnNegotiated() const {
-  NOTIMPLEMENTED();
-  return false;
-}
-
-NextProto SSLServerSocketNSS::GetNegotiatedProtocol() const {
-  // NPN is not supported by this class.
-  return kProtoUnknown;
-}
-
-bool SSLServerSocketNSS::GetSSLInfo(SSLInfo* ssl_info) {
-  NOTIMPLEMENTED();
-  return false;
-}
-
-void SSLServerSocketNSS::GetConnectionAttempts(ConnectionAttempts* out) const {
-  out->clear();
-}
-
-int64_t SSLServerSocketNSS::GetTotalReceivedBytes() const {
-  NOTIMPLEMENTED();
-  return 0;
-}
-
-int SSLServerSocketNSS::InitializeSSLOptions() {
-  // Transport connected, now hook it up to nss
-  nss_fd_ = memio_CreateIOLayer(kRecvBufferSize, kSendBufferSize);
-  if (nss_fd_ == NULL) {
-    return ERR_OUT_OF_MEMORY;  // TODO(port): map NSPR error code.
-  }
-
-  // Grab pointer to buffers
-  nss_bufs_ = memio_GetSecret(nss_fd_);
-
-  /* Create SSL state machine */
-  /* Push SSL onto our fake I/O socket */
-  nss_fd_ = SSL_ImportFD(NULL, nss_fd_);
-  if (nss_fd_ == NULL) {
-    LogFailedNSSFunction(net_log_, "SSL_ImportFD", "");
-    return ERR_OUT_OF_MEMORY;  // TODO(port): map NSPR/NSS error code.
-  }
-  // TODO(port): set more ssl options!  Check errors!
-
-  int rv;
-
-  if (ssl_server_config_.client_cert_type ==
-      SSLServerConfig::ClientCertType::REQUIRE_CLIENT_CERT) {
-    rv = SSL_OptionSet(nss_fd_, SSL_REQUEST_CERTIFICATE, PR_TRUE);
-    if (rv != SECSuccess) {
-      LogFailedNSSFunction(net_log_, "SSL_OptionSet",
-                           "SSL_REQUEST_CERTIFICATE");
-      return ERR_UNEXPECTED;
-    }
-  }
-
-  rv = SSL_OptionSet(nss_fd_, SSL_SECURITY, PR_TRUE);
-  if (rv != SECSuccess) {
-    LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_SECURITY");
-    return ERR_UNEXPECTED;
-  }
-
-  rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SSL2, PR_FALSE);
-  if (rv != SECSuccess) {
-    LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_SSL2");
-    return ERR_UNEXPECTED;
-  }
-
-  SSLVersionRange version_range;
-  version_range.min = ssl_server_config_.version_min;
-  version_range.max = ssl_server_config_.version_max;
-  rv = SSL_VersionRangeSet(nss_fd_, &version_range);
-  if (rv != SECSuccess) {
-    LogFailedNSSFunction(net_log_, "SSL_VersionRangeSet", "");
-    return ERR_NO_SSL_VERSIONS_ENABLED;
-  }
-
-  if (ssl_server_config_.require_ecdhe) {
-    const PRUint16* const ssl_ciphers = SSL_GetImplementedCiphers();
-    const PRUint16 num_ciphers = SSL_GetNumImplementedCiphers();
-
-    // Iterate over the cipher suites and disable those that don't use ECDHE.
-    for (unsigned i = 0; i < num_ciphers; i++) {
-      SSLCipherSuiteInfo info;
-      if (SSL_GetCipherSuiteInfo(ssl_ciphers[i], &info, sizeof(info)) ==
-          SECSuccess) {
-        if (strcmp(info.keaTypeName, "ECDHE") != 0) {
-          SSL_CipherPrefSet(nss_fd_, ssl_ciphers[i], PR_FALSE);
-        }
-      }
-    }
-  }
-
-  for (std::vector<uint16_t>::const_iterator it =
-           ssl_server_config_.disabled_cipher_suites.begin();
-       it != ssl_server_config_.disabled_cipher_suites.end(); ++it) {
-    // This will fail if the specified cipher is not implemented by NSS, but
-    // the failure is harmless.
-    SSL_CipherPrefSet(nss_fd_, *it, PR_FALSE);
-  }
-
-  // Server socket doesn't need session tickets.
-  rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SESSION_TICKETS, PR_FALSE);
-  if (rv != SECSuccess) {
-    LogFailedNSSFunction(
-        net_log_, "SSL_OptionSet", "SSL_ENABLE_SESSION_TICKETS");
-  }
-
-  // Doing this will force PR_Accept perform handshake as server.
-  rv = SSL_OptionSet(nss_fd_, SSL_HANDSHAKE_AS_CLIENT, PR_FALSE);
-  if (rv != SECSuccess) {
-    LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_HANDSHAKE_AS_CLIENT");
-    return ERR_UNEXPECTED;
-  }
-
-  rv = SSL_OptionSet(nss_fd_, SSL_HANDSHAKE_AS_SERVER, PR_TRUE);
-  if (rv != SECSuccess) {
-    LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_HANDSHAKE_AS_SERVER");
-    return ERR_UNEXPECTED;
-  }
-
-  rv = SSL_OptionSet(nss_fd_, SSL_REQUEST_CERTIFICATE, PR_FALSE);
-  if (rv != SECSuccess) {
-    LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_REQUEST_CERTIFICATE");
-    return ERR_UNEXPECTED;
-  }
-
-  rv = SSL_OptionSet(nss_fd_, SSL_REQUIRE_CERTIFICATE, PR_FALSE);
-  if (rv != SECSuccess) {
-    LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_REQUIRE_CERTIFICATE");
-    return ERR_UNEXPECTED;
-  }
-
-  rv = SSL_AuthCertificateHook(nss_fd_, OwnAuthCertHandler, this);
-  if (rv != SECSuccess) {
-    LogFailedNSSFunction(net_log_, "SSL_AuthCertificateHook", "");
-    return ERR_UNEXPECTED;
-  }
-
-  rv = SSL_HandshakeCallback(nss_fd_, HandshakeCallback, this);
-  if (rv != SECSuccess) {
-    LogFailedNSSFunction(net_log_, "SSL_HandshakeCallback", "");
-    return ERR_UNEXPECTED;
-  }
-
-  // Get a certificate of CERTCertificate structure.
-  std::string der_string;
-  if (!X509Certificate::GetDEREncoded(cert_->os_cert_handle(), &der_string))
-    return ERR_UNEXPECTED;
-
-  SECItem der_cert;
-  der_cert.data = reinterpret_cast<unsigned char*>(const_cast<char*>(
-      der_string.data()));
-  der_cert.len  = der_string.length();
-  der_cert.type = siDERCertBuffer;
-
-  // Parse into a CERTCertificate structure.
-  CERTCertificate* cert = CERT_NewTempCertificate(
-      CERT_GetDefaultCertDB(), &der_cert, NULL, PR_FALSE, PR_TRUE);
-  if (!cert) {
-    LogFailedNSSFunction(net_log_, "CERT_NewTempCertificate", "");
-    return MapNSSError(PORT_GetError());
-  }
-
-  // Get a key of SECKEYPrivateKey* structure.
-  std::vector<uint8_t> key_vector;
-  if (!key_->ExportPrivateKey(&key_vector)) {
-    CERT_DestroyCertificate(cert);
-    return ERR_UNEXPECTED;
-  }
-
-  SECKEYPrivateKeyStr* private_key = NULL;
-  PK11SlotInfo* slot = PK11_GetInternalSlot();
-  if (!slot) {
-    CERT_DestroyCertificate(cert);
-    return ERR_UNEXPECTED;
-  }
-
-  SECItem der_private_key_info;
-  der_private_key_info.data =
-      const_cast<unsigned char*>(&key_vector.front());
-  der_private_key_info.len = key_vector.size();
-  // The server's RSA private key must be imported into NSS with the
-  // following key usage bits:
-  // - KU_KEY_ENCIPHERMENT, required for the RSA key exchange algorithm.
-  // - KU_DIGITAL_SIGNATURE, required for the DHE_RSA and ECDHE_RSA key
-  //   exchange algorithms.
-  const unsigned int key_usage = KU_KEY_ENCIPHERMENT | KU_DIGITAL_SIGNATURE;
-  rv =  PK11_ImportDERPrivateKeyInfoAndReturnKey(
-      slot, &der_private_key_info, NULL, NULL, PR_FALSE, PR_FALSE,
-      key_usage, &private_key, NULL);
-  PK11_FreeSlot(slot);
-  if (rv != SECSuccess) {
-    CERT_DestroyCertificate(cert);
-    return ERR_UNEXPECTED;
-  }
-
-  // Assign server certificate and private key.
-  SSLKEAType cert_kea = NSS_FindCertKEAType(cert);
-  rv = SSL_ConfigSecureServer(nss_fd_, cert, private_key, cert_kea);
-  CERT_DestroyCertificate(cert);
-  SECKEY_DestroyPrivateKey(private_key);
-
-  if (rv != SECSuccess) {
-    PRErrorCode prerr = PR_GetError();
-    LOG(ERROR) << "Failed to config SSL server: " << prerr;
-    LogFailedNSSFunction(net_log_, "SSL_ConfigureSecureServer", "");
-    return ERR_UNEXPECTED;
-  }
-
-  // Tell SSL we're a server; needed if not letting NSPR do socket I/O
-  rv = SSL_ResetHandshake(nss_fd_, PR_TRUE);
-  if (rv != SECSuccess) {
-    LogFailedNSSFunction(net_log_, "SSL_ResetHandshake", "");
-    return ERR_UNEXPECTED;
-  }
-
-  return OK;
-}
-
-void SSLServerSocketNSS::OnSendComplete(int result) {
-  if (next_handshake_state_ == STATE_HANDSHAKE) {
-    // In handshake phase.
-    OnHandshakeIOComplete(result);
-    return;
-  }
-
-  // TODO(byungchul): This state machine is not correct. Copy the state machine
-  // of SSLClientSocketNSS::OnSendComplete() which handles it better.
-  if (!completed_handshake_)
-    return;
-
-  if (user_write_buf_) {
-    int rv = DoWriteLoop(result);
-    if (rv != ERR_IO_PENDING)
-      DoWriteCallback(rv);
-  } else {
-    // Ensure that any queued ciphertext is flushed.
-    DoTransportIO();
-  }
-}
-
-void SSLServerSocketNSS::OnRecvComplete(int result) {
-  if (next_handshake_state_ == STATE_HANDSHAKE) {
-    // In handshake phase.
-    OnHandshakeIOComplete(result);
-    return;
-  }
-
-  // Network layer received some data, check if client requested to read
-  // decrypted data.
-  if (!user_read_buf_ || !completed_handshake_)
-    return;
-
-  int rv = DoReadLoop(result);
-  if (rv != ERR_IO_PENDING)
-    DoReadCallback(rv);
-}
-
-void SSLServerSocketNSS::OnHandshakeIOComplete(int result) {
-  int rv = DoHandshakeLoop(result);
-  if (rv == ERR_IO_PENDING)
-    return;
-
-  net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_SERVER_HANDSHAKE, rv);
-  if (!user_handshake_callback_.is_null())
-    DoHandshakeCallback(rv);
-}
-
-// Return 0 for EOF,
-// > 0 for bytes transferred immediately,
-// < 0 for error (or the non-error ERR_IO_PENDING).
-int SSLServerSocketNSS::BufferSend(void) {
-  if (transport_send_busy_)
-    return ERR_IO_PENDING;
-
-  const char* buf1;
-  const char* buf2;
-  unsigned int len1, len2;
-  if (memio_GetWriteParams(nss_bufs_, &buf1, &len1, &buf2, &len2)) {
-    // The error code itself is ignored, so just return ERR_ABORTED.
-    return ERR_ABORTED;
-  }
-  const size_t len = len1 + len2;
-
-  int rv = 0;
-  if (len) {
-    scoped_refptr<IOBuffer> send_buffer(new IOBuffer(len));
-    memcpy(send_buffer->data(), buf1, len1);
-    memcpy(send_buffer->data() + len1, buf2, len2);
-    rv = transport_socket_->Write(
-        send_buffer.get(), len,
-        base::Bind(&SSLServerSocketNSS::BufferSendComplete,
-                   base::Unretained(this)));
-    if (rv == ERR_IO_PENDING) {
-      transport_send_busy_ = true;
-    } else {
-      memio_PutWriteResult(nss_bufs_, MapErrorToNSS(rv));
-    }
-  }
-
-  return rv;
-}
-
-void SSLServerSocketNSS::BufferSendComplete(int result) {
-  memio_PutWriteResult(nss_bufs_, MapErrorToNSS(result));
-  transport_send_busy_ = false;
-  OnSendComplete(result);
-}
-
-int SSLServerSocketNSS::BufferRecv(void) {
-  if (transport_recv_busy_) return ERR_IO_PENDING;
-
-  char* buf;
-  int nb = memio_GetReadParams(nss_bufs_, &buf);
-  int rv;
-  if (!nb) {
-    // buffer too full to read into, so no I/O possible at moment
-    rv = ERR_IO_PENDING;
-  } else {
-    recv_buffer_ = new IOBuffer(nb);
-    rv = transport_socket_->Read(
-        recv_buffer_.get(), nb,
-        base::Bind(&SSLServerSocketNSS::BufferRecvComplete,
-                   base::Unretained(this)));
-    if (rv == ERR_IO_PENDING) {
-      transport_recv_busy_ = true;
-    } else {
-      if (rv > 0)
-        memcpy(buf, recv_buffer_->data(), rv);
-      memio_PutReadResult(nss_bufs_, MapErrorToNSS(rv));
-      recv_buffer_ = NULL;
-    }
-  }
-  return rv;
-}
-
-void SSLServerSocketNSS::BufferRecvComplete(int result) {
-  if (result > 0) {
-    char* buf;
-    memio_GetReadParams(nss_bufs_, &buf);
-    memcpy(buf, recv_buffer_->data(), result);
-  }
-  recv_buffer_ = NULL;
-  memio_PutReadResult(nss_bufs_, MapErrorToNSS(result));
-  transport_recv_busy_ = false;
-  OnRecvComplete(result);
-}
-
-// Do as much network I/O as possible between the buffer and the
-// transport socket. Return true if some I/O performed, false
-// otherwise (error or ERR_IO_PENDING).
-bool SSLServerSocketNSS::DoTransportIO() {
-  bool network_moved = false;
-  if (nss_bufs_ != NULL) {
-    int rv;
-    // Read and write as much data as we can. The loop is neccessary
-    // because Write() may return synchronously.
-    do {
-      rv = BufferSend();
-      if (rv > 0)
-        network_moved = true;
-    } while (rv > 0);
-    if (BufferRecv() >= 0)
-      network_moved = true;
-  }
-  return network_moved;
-}
-
-int SSLServerSocketNSS::DoPayloadRead() {
-  DCHECK(user_read_buf_);
-  DCHECK_GT(user_read_buf_len_, 0);
-  int rv = PR_Read(nss_fd_, user_read_buf_->data(), user_read_buf_len_);
-  if (rv >= 0)
-    return rv;
-  PRErrorCode prerr = PR_GetError();
-  if (prerr == PR_WOULD_BLOCK_ERROR) {
-    return ERR_IO_PENDING;
-  }
-  rv = MapNSSError(prerr);
-  net_log_.AddEvent(NetLog::TYPE_SSL_READ_ERROR,
-                    CreateNetLogSSLErrorCallback(rv, prerr));
-  return rv;
-}
-
-int SSLServerSocketNSS::DoPayloadWrite() {
-  DCHECK(user_write_buf_);
-  int rv = PR_Write(nss_fd_, user_write_buf_->data(), user_write_buf_len_);
-  if (rv >= 0)
-    return rv;
-  PRErrorCode prerr = PR_GetError();
-  if (prerr == PR_WOULD_BLOCK_ERROR) {
-    return ERR_IO_PENDING;
-  }
-  rv = MapNSSError(prerr);
-  net_log_.AddEvent(NetLog::TYPE_SSL_WRITE_ERROR,
-                    CreateNetLogSSLErrorCallback(rv, prerr));
-  return rv;
-}
-
-int SSLServerSocketNSS::DoHandshakeLoop(int last_io_result) {
-  int rv = last_io_result;
-  do {
-    // Default to STATE_NONE for next state.
-    // (This is a quirk carried over from the windows
-    // implementation.  It makes reading the logs a bit harder.)
-    // State handlers can and often do call GotoState just
-    // to stay in the current state.
-    State state = next_handshake_state_;
-    GotoState(STATE_NONE);
-    switch (state) {
-      case STATE_HANDSHAKE:
-        rv = DoHandshake();
-        break;
-      case STATE_NONE:
-      default:
-        rv = ERR_UNEXPECTED;
-        LOG(DFATAL) << "unexpected state " << state;
-        break;
-    }
-
-    // Do the actual network I/O
-    bool network_moved = DoTransportIO();
-    if (network_moved && next_handshake_state_ == STATE_HANDSHAKE) {
-      // In general we exit the loop if rv is ERR_IO_PENDING.  In this
-      // special case we keep looping even if rv is ERR_IO_PENDING because
-      // the transport IO may allow DoHandshake to make progress.
-      rv = OK;  // This causes us to stay in the loop.
-    }
-  } while (rv != ERR_IO_PENDING && next_handshake_state_ != STATE_NONE);
-  return rv;
-}
-
-int SSLServerSocketNSS::DoReadLoop(int result) {
-  DCHECK(completed_handshake_);
-  DCHECK(next_handshake_state_ == STATE_NONE);
-
-  if (result < 0)
-    return result;
-
-  if (!nss_bufs_) {
-    LOG(DFATAL) << "!nss_bufs_";
-    int rv = ERR_UNEXPECTED;
-    net_log_.AddEvent(NetLog::TYPE_SSL_READ_ERROR,
-                      CreateNetLogSSLErrorCallback(rv, 0));
-    return rv;
-  }
-
-  bool network_moved;
-  int rv;
-  do {
-    rv = DoPayloadRead();
-    network_moved = DoTransportIO();
-  } while (rv == ERR_IO_PENDING && network_moved);
-  return rv;
-}
-
-int SSLServerSocketNSS::DoWriteLoop(int result) {
-  DCHECK(completed_handshake_);
-  DCHECK_EQ(next_handshake_state_, STATE_NONE);
-
-  if (result < 0)
-    return result;
-
-  if (!nss_bufs_) {
-    LOG(DFATAL) << "!nss_bufs_";
-    int rv = ERR_UNEXPECTED;
-    net_log_.AddEvent(NetLog::TYPE_SSL_WRITE_ERROR,
-                      CreateNetLogSSLErrorCallback(rv, 0));
-    return rv;
-  }
-
-  bool network_moved;
-  int rv;
-  do {
-    rv = DoPayloadWrite();
-    network_moved = DoTransportIO();
-  } while (rv == ERR_IO_PENDING && network_moved);
-  return rv;
-}
-
-int SSLServerSocketNSS::DoHandshake() {
-  int net_error = OK;
-  SECStatus rv = SSL_ForceHandshake(nss_fd_);
-
-  if (rv == SECSuccess) {
-    completed_handshake_ = true;
-  } else {
-    PRErrorCode prerr = PR_GetError();
-    net_error = MapNSSError(prerr);
-
-    // If not done, stay in this state
-    if (net_error == ERR_IO_PENDING) {
-      GotoState(STATE_HANDSHAKE);
-    } else {
-      LOG(ERROR) << "handshake failed; NSS error code " << prerr
-                 << ", net_error " << net_error;
-      net_log_.AddEvent(NetLog::TYPE_SSL_HANDSHAKE_ERROR,
-                        CreateNetLogSSLErrorCallback(net_error, prerr));
-    }
-  }
-  return net_error;
-}
-
-void SSLServerSocketNSS::DoHandshakeCallback(int rv) {
-  DCHECK_NE(rv, ERR_IO_PENDING);
-  base::ResetAndReturn(&user_handshake_callback_).Run(rv > OK ? OK : rv);
-}
-
-void SSLServerSocketNSS::DoReadCallback(int rv) {
-  DCHECK(rv != ERR_IO_PENDING);
-  DCHECK(!user_read_callback_.is_null());
-
-  user_read_buf_ = NULL;
-  user_read_buf_len_ = 0;
-  base::ResetAndReturn(&user_read_callback_).Run(rv);
-}
-
-void SSLServerSocketNSS::DoWriteCallback(int rv) {
-  DCHECK(rv != ERR_IO_PENDING);
-  DCHECK(!user_write_callback_.is_null());
-
-  user_write_buf_ = NULL;
-  user_write_buf_len_ = 0;
-  base::ResetAndReturn(&user_write_callback_).Run(rv);
-}
-
-// static
-// NSS calls this if an incoming certificate needs to be verified.
-// Do nothing but return SECSuccess.
-// This is called only in full handshake mode.
-// Peer certificate is retrieved in HandshakeCallback() later, which is called
-// in full handshake mode or in resumption handshake mode.
-SECStatus SSLServerSocketNSS::OwnAuthCertHandler(void* arg,
-                                                 PRFileDesc* socket,
-                                                 PRBool checksig,
-                                                 PRBool is_server) {
-  // TODO(hclam): Implement.
-  // Tell NSS to not verify the certificate.
-  return SECSuccess;
-}
-
-// static
-// NSS calls this when handshake is completed.
-// After the SSL handshake is finished we need to verify the certificate.
-void SSLServerSocketNSS::HandshakeCallback(PRFileDesc* socket, void* arg) {
-  // TODO(hclam): Implement.
-}
-
-int SSLServerSocketNSS::Init() {
-  // Initialize the NSS SSL library in a threadsafe way.  This also
-  // initializes the NSS base library.
-  EnsureNSSSSLInit();
-  if (!NSS_IsInitialized())
-    return ERR_UNEXPECTED;
-
-  EnableSSLServerSockets();
-  return OK;
-}
-
-}  // namespace
-
-scoped_ptr<SSLServerContext> CreateSSLServerContext(
-    X509Certificate* certificate,
-    const crypto::RSAPrivateKey& key,
-    const SSLServerConfig& ssl_server_config) {
-  return scoped_ptr<SSLServerContext>(
-      new SSLServerContextNSS(certificate, key, ssl_server_config));
-}
-
-SSLServerContextNSS::SSLServerContextNSS(
-    X509Certificate* certificate,
-    const crypto::RSAPrivateKey& key,
-    const SSLServerConfig& ssl_server_config)
-    : ssl_server_config_(ssl_server_config),
-      cert_(certificate),
-      key_(key.Copy()) {
-  CHECK(key_);
-}
-
-SSLServerContextNSS::~SSLServerContextNSS() {}
-
-scoped_ptr<SSLServerSocket> SSLServerContextNSS::CreateSSLServerSocket(
-    scoped_ptr<StreamSocket> socket) {
-  DCHECK(g_nss_server_sockets_init) << "EnableSSLServerSockets() has not been"
-                                    << " called yet!";
-
-  return scoped_ptr<SSLServerSocket>(new SSLServerSocketNSS(
-      std::move(socket), cert_.get(), *key_, ssl_server_config_));
-}
-
-void EnableSSLServerSockets() {
-  g_nss_ssl_server_init_singleton.Get();
-}
-
-}  // namespace net
diff --git a/chromium/net/socket/ssl_server_socket_nss.h b/chromium/net/socket/ssl_server_socket_nss.h
deleted file mode 100644
index 497d461767a..00000000000
--- a/chromium/net/socket/ssl_server_socket_nss.h
+++ /dev/null
@@ -1,48 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef NET_SOCKET_SSL_SERVER_SOCKET_NSS_H_
-#define NET_SOCKET_SSL_SERVER_SOCKET_NSS_H_
-
-#include <certt.h>
-#include <keyt.h>
-#include <nspr.h>
-#include <nss.h>
-#include <stdint.h>
-
-#include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
-#include "net/base/completion_callback.h"
-#include "net/base/host_port_pair.h"
-#include "net/base/nss_memio.h"
-#include "net/log/net_log.h"
-#include "net/socket/ssl_server_socket.h"
-#include "net/ssl/ssl_server_config.h"
-
-namespace net {
-
-class SSLServerContextNSS : public SSLServerContext {
- public:
-  SSLServerContextNSS(X509Certificate* certificate,
-                      const crypto::RSAPrivateKey& key,
-                      const SSLServerConfig& ssl_server_config);
-  ~SSLServerContextNSS() override;
-
-  scoped_ptr<SSLServerSocket> CreateSSLServerSocket(
-      scoped_ptr<StreamSocket> socket) override;
-
- private:
-  // Options for the SSL socket.
-  SSLServerConfig ssl_server_config_;
-
-  // Certificate for the server.
-  scoped_refptr<X509Certificate> cert_;
-
-  // Private key used by the server.
-  scoped_ptr<crypto::RSAPrivateKey> key_;
-};
-
-}  // namespace net
-
-#endif  // NET_SOCKET_SSL_SERVER_SOCKET_NSS_H_
diff --git a/chromium/net/socket/ssl_server_socket_unittest.cc b/chromium/net/socket/ssl_server_socket_unittest.cc
index 7327586d37c..eaa36b9276d 100644
--- a/chromium/net/socket/ssl_server_socket_unittest.cc
+++ b/chromium/net/socket/ssl_server_socket_unittest.cc
@@ -20,6 +20,10 @@
 #include <queue>
 #include <utility>
 
+#include <openssl/evp.h>
+#include <openssl/ssl.h>
+#include <openssl/x509.h>
+
 #include "base/callback_helpers.h"
 #include "base/compiler_specific.h"
 #include "base/files/file_path.h"
@@ -29,7 +33,7 @@
 #include "base/macros.h"
 #include "base/message_loop/message_loop.h"
 #include "base/single_thread_task_runner.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "build/build_config.h"
 #include "crypto/nss_util.h"
 #include "crypto/rsa_private_key.h"
@@ -65,12 +69,6 @@
 #include "testing/gtest/include/gtest/gtest.h"
 #include "testing/platform_test.h"
 
-#if defined(USE_OPENSSL)
-#include <openssl/evp.h>
-#include <openssl/ssl.h>
-#include <openssl/x509.h>
-#endif
-
 namespace net {
 
 namespace {
@@ -375,10 +373,11 @@ class SSLServerSocketTest : public PlatformTest {
     server_socket_.reset();
     channel_1_.reset(new FakeDataChannel());
     channel_2_.reset(new FakeDataChannel());
-    scoped_ptr<ClientSocketHandle> client_connection(new ClientSocketHandle);
-    client_connection->SetSocket(scoped_ptr<StreamSocket>(
+    std::unique_ptr<ClientSocketHandle> client_connection(
+        new ClientSocketHandle);
+    client_connection->SetSocket(std::unique_ptr<StreamSocket>(
         new FakeSocket(channel_1_.get(), channel_2_.get())));
-    scoped_ptr<StreamSocket> server_socket(
+    std::unique_ptr<StreamSocket> server_socket(
         new FakeSocket(channel_2_.get(), channel_1_.get()));
 
     HostPortPair host_and_pair("unittest", 0);
@@ -396,7 +395,6 @@ class SSLServerSocketTest : public PlatformTest {
     ASSERT_TRUE(server_socket_);
   }
 
-#if defined(USE_OPENSSL)
   void ConfigureClientCertsForClient(const char* cert_file_name,
                                      const char* private_key_file_name) {
     client_ssl_config_.send_client_cert = true;
@@ -404,7 +402,8 @@ class SSLServerSocketTest : public PlatformTest {
         ImportCertFromFile(GetTestCertsDirectory(), cert_file_name);
     ASSERT_TRUE(client_ssl_config_.client_cert);
 
-    scoped_ptr<crypto::RSAPrivateKey> key = ReadTestKey(private_key_file_name);
+    std::unique_ptr<crypto::RSAPrivateKey> key =
+        ReadTestKey(private_key_file_name);
     ASSERT_TRUE(key);
 
     client_ssl_config_.client_private_key = WrapOpenSSLPrivateKey(
@@ -441,7 +440,8 @@ class SSLServerSocketTest : public PlatformTest {
     server_ssl_config_.client_cert_verifier = client_cert_verifier_.get();
   }
 
-  scoped_ptr<crypto::RSAPrivateKey> ReadTestKey(const base::StringPiece& name) {
+  std::unique_ptr<crypto::RSAPrivateKey> ReadTestKey(
+      const base::StringPiece& name) {
     base::FilePath certs_dir(GetTestCertsDirectory());
     base::FilePath key_path = certs_dir.AppendASCII(name);
     std::string key_string;
@@ -451,24 +451,23 @@ class SSLServerSocketTest : public PlatformTest {
         reinterpret_cast<const uint8_t*>(key_string.data()),
         reinterpret_cast<const uint8_t*>(key_string.data() +
                                          key_string.length()));
-    scoped_ptr<crypto::RSAPrivateKey> key(
+    std::unique_ptr<crypto::RSAPrivateKey> key(
         crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_vector));
     return key;
   }
-#endif
 
-  scoped_ptr<FakeDataChannel> channel_1_;
-  scoped_ptr<FakeDataChannel> channel_2_;
+  std::unique_ptr<FakeDataChannel> channel_1_;
+  std::unique_ptr<FakeDataChannel> channel_2_;
   SSLConfig client_ssl_config_;
   SSLServerConfig server_ssl_config_;
-  scoped_ptr<SSLClientSocket> client_socket_;
-  scoped_ptr<SSLServerSocket> server_socket_;
+  std::unique_ptr<SSLClientSocket> client_socket_;
+  std::unique_ptr<SSLServerSocket> server_socket_;
   ClientSocketFactory* socket_factory_;
-  scoped_ptr<MockCertVerifier> cert_verifier_;
-  scoped_ptr<MockClientCertVerifier> client_cert_verifier_;
-  scoped_ptr<TransportSecurityState> transport_security_state_;
-  scoped_ptr<SSLServerContext> server_context_;
-  scoped_ptr<crypto::RSAPrivateKey> server_private_key_;
+  std::unique_ptr<MockCertVerifier> cert_verifier_;
+  std::unique_ptr<MockClientCertVerifier> client_cert_verifier_;
+  std::unique_ptr<TransportSecurityState> transport_security_state_;
+  std::unique_ptr<SSLServerContext> server_context_;
+  std::unique_ptr<crypto::RSAPrivateKey> server_private_key_;
   scoped_refptr<X509Certificate> server_cert_;
 };
 
@@ -517,9 +516,6 @@ TEST_F(SSLServerSocketTest, Handshake) {
   EXPECT_TRUE(is_aead);
 }
 
-// NSS ports don't support client certificates and have a global session cache.
-#if defined(USE_OPENSSL)
-
 // This test makes sure the session cache is working.
 TEST_F(SSLServerSocketTest, HandshakeCached) {
   ASSERT_NO_FATAL_FAILURE(CreateContext());
@@ -862,7 +858,6 @@ TEST_F(SSLServerSocketTest, HandshakeWithWrongClientCertSuppliedCached) {
   EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
             handshake_callback2.GetResult(server_ret2));
 }
-#endif  // defined(USE_OPENSSL)
 
 TEST_F(SSLServerSocketTest, DataTransfer) {
   ASSERT_NO_FATAL_FAILURE(CreateContext());
diff --git a/chromium/net/socket/tcp_client_socket.cc b/chromium/net/socket/tcp_client_socket.cc
index 56238ba0d12..1c292bb8073 100644
--- a/chromium/net/socket/tcp_client_socket.cc
+++ b/chromium/net/socket/tcp_client_socket.cc
@@ -14,22 +14,29 @@
 #include "net/base/io_buffer.h"
 #include "net/base/ip_endpoint.h"
 #include "net/base/net_errors.h"
+#include "net/socket/socket_performance_watcher.h"
 
 namespace net {
 
-TCPClientSocket::TCPClientSocket(const AddressList& addresses,
-                                 net::NetLog* net_log,
-                                 const net::NetLog::Source& source)
-    : socket_(new TCPSocket(net_log, source)),
+TCPClientSocket::TCPClientSocket(
+    const AddressList& addresses,
+    std::unique_ptr<SocketPerformanceWatcher> socket_performance_watcher,
+    net::NetLog* net_log,
+    const net::NetLog::Source& source)
+    : socket_performance_watcher_(socket_performance_watcher.get()),
+      socket_(new TCPSocket(std::move(socket_performance_watcher),
+                            net_log,
+                            source)),
       addresses_(addresses),
       current_address_index_(-1),
       next_connect_state_(CONNECT_STATE_NONE),
       previously_disconnected_(false),
       total_received_bytes_(0) {}
 
-TCPClientSocket::TCPClientSocket(scoped_ptr<TCPSocket> connected_socket,
+TCPClientSocket::TCPClientSocket(std::unique_ptr<TCPSocket> connected_socket,
                                  const IPEndPoint& peer_address)
-    : socket_(std::move(connected_socket)),
+    : socket_performance_watcher_(nullptr),
+      socket_(std::move(connected_socket)),
       addresses_(AddressList(peer_address)),
       current_address_index_(0),
       next_connect_state_(CONNECT_STATE_NONE),
@@ -152,6 +159,11 @@ int TCPClientSocket::DoConnect() {
     }
   }
 
+  // Notify |socket_performance_watcher_| only if the |socket_| is reused to
+  // connect to a different IP Address.
+  if (socket_performance_watcher_ && current_address_index_ != 0)
+    socket_performance_watcher_->OnConnectionChanged();
+
   // |socket_| is owned by this class and the callback won't be run once
   // |socket_| is gone. Therefore, it is safe to use base::Unretained() here.
   return socket_->Connect(endpoint,
diff --git a/chromium/net/socket/tcp_client_socket.h b/chromium/net/socket/tcp_client_socket.h
index ae6083fed6c..bf41545d180 100644
--- a/chromium/net/socket/tcp_client_socket.h
+++ b/chromium/net/socket/tcp_client_socket.h
@@ -7,9 +7,10 @@
 
 #include <stdint.h>
 
+#include <memory>
+
 #include "base/compiler_specific.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/address_list.h"
 #include "net/base/completion_callback.h"
 #include "net/base/net_export.h"
@@ -20,19 +21,23 @@
 
 namespace net {
 
+class SocketPerformanceWatcher;
+
 // A client socket that uses TCP as the transport layer.
 class NET_EXPORT TCPClientSocket : public StreamSocket {
  public:
   // The IP address(es) and port number to connect to.  The TCP socket will try
   // each IP address in the list until it succeeds in establishing a
   // connection.
-  TCPClientSocket(const AddressList& addresses,
-                  net::NetLog* net_log,
-                  const net::NetLog::Source& source);
+  TCPClientSocket(
+      const AddressList& addresses,
+      std::unique_ptr<SocketPerformanceWatcher> socket_performance_watcher,
+      net::NetLog* net_log,
+      const net::NetLog::Source& source);
 
   // Adopts the given, connected socket and then acts as if Connect() had been
   // called. This function is used by TCPServerSocket and for testing.
-  TCPClientSocket(scoped_ptr<TCPSocket> connected_socket,
+  TCPClientSocket(std::unique_ptr<TCPSocket> connected_socket,
                   const IPEndPoint& peer_address);
 
   ~TCPClientSocket() override;
@@ -104,11 +109,18 @@ class NET_EXPORT TCPClientSocket : public StreamSocket {
   // disconnected.
   void EmitTCPMetricsHistogramsOnDisconnect();
 
-  scoped_ptr<TCPSocket> socket_;
+  // Socket performance statistics (such as RTT) are reported to the
+  // |socket_performance_watcher_|. May be nullptr.
+  // |socket_performance_watcher_| is owned by |socket_|. If non-null,
+  // |socket_performance_watcher_| is guaranteed to be destroyed when |socket_|
+  // is destroyed.
+  SocketPerformanceWatcher* socket_performance_watcher_;
+
+  std::unique_ptr<TCPSocket> socket_;
 
   // Local IP address and port we are bound to. Set to NULL if Bind()
   // wasn't called (in that case OS chooses address/port).
-  scoped_ptr<IPEndPoint> bind_address_;
+  std::unique_ptr<IPEndPoint> bind_address_;
 
   // The list of addresses we should try in order to establish a connection.
   AddressList addresses_;
diff --git a/chromium/net/socket/tcp_client_socket_unittest.cc b/chromium/net/socket/tcp_client_socket_unittest.cc
index 1c39719f59d..d8499b44c5c 100644
--- a/chromium/net/socket/tcp_client_socket_unittest.cc
+++ b/chromium/net/socket/tcp_client_socket_unittest.cc
@@ -8,13 +8,20 @@
 
 #include "net/socket/tcp_client_socket.h"
 
+#include <stddef.h>
+
 #include "net/base/ip_address.h"
 #include "net/base/ip_endpoint.h"
 #include "net/base/net_errors.h"
 #include "net/base/test_completion_callback.h"
+#include "net/socket/socket_performance_watcher.h"
 #include "net/socket/tcp_server_socket.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
+namespace base {
+class TimeDelta;
+}
+
 namespace net {
 
 namespace {
@@ -29,7 +36,8 @@ TEST(TCPClientSocketTest, BindLoopbackToLoopback) {
   IPEndPoint server_address;
   ASSERT_EQ(OK, server.GetLocalAddress(&server_address));
 
-  TCPClientSocket socket(AddressList(server_address), NULL, NetLog::Source());
+  TCPClientSocket socket(AddressList(server_address), NULL, NULL,
+                         NetLog::Source());
 
   EXPECT_EQ(OK, socket.Bind(IPEndPoint(lo_address, 0)));
 
@@ -41,7 +49,7 @@ TEST(TCPClientSocketTest, BindLoopbackToLoopback) {
   EXPECT_EQ(ERR_IO_PENDING, socket.Connect(connect_callback.callback()));
 
   TestCompletionCallback accept_callback;
-  scoped_ptr<StreamSocket> accepted_socket;
+  std::unique_ptr<StreamSocket> accepted_socket;
   int result = server.Accept(&accepted_socket, accept_callback.callback());
   if (result == ERR_IO_PENDING)
     result = accept_callback.WaitForResult();
@@ -61,7 +69,7 @@ TEST(TCPClientSocketTest, BindLoopbackToLoopback) {
 TEST(TCPClientSocketTest, BindLoopbackToExternal) {
   IPAddress external_ip(72, 14, 213, 105);
   TCPClientSocket socket(AddressList::CreateFromIPAddress(external_ip, 80),
-                         NULL, NetLog::Source());
+                         NULL, NULL, NetLog::Source());
 
   EXPECT_EQ(OK, socket.Bind(IPEndPoint(IPAddress::IPv4Localhost(), 0)));
 
@@ -89,7 +97,8 @@ TEST(TCPClientSocketTest, BindLoopbackToIPv6) {
 
   IPEndPoint server_address;
   ASSERT_EQ(OK, server.GetLocalAddress(&server_address));
-  TCPClientSocket socket(AddressList(server_address), NULL, NetLog::Source());
+  TCPClientSocket socket(AddressList(server_address), NULL, NULL,
+                         NetLog::Source());
 
   EXPECT_EQ(OK, socket.Bind(IPEndPoint(IPAddress::IPv4Localhost(), 0)));
 
@@ -101,6 +110,58 @@ TEST(TCPClientSocketTest, BindLoopbackToIPv6) {
   EXPECT_NE(OK, result);
 }
 
+class TestSocketPerformanceWatcher : public SocketPerformanceWatcher {
+ public:
+  TestSocketPerformanceWatcher() : connection_changed_count_(0u) {}
+  ~TestSocketPerformanceWatcher() override {}
+
+  bool ShouldNotifyUpdatedRTT() const override { return true; }
+
+  void OnUpdatedRTTAvailable(const base::TimeDelta& rtt) override {}
+
+  void OnConnectionChanged() override { connection_changed_count_++; }
+
+  size_t connection_changed_count() const { return connection_changed_count_; }
+
+ private:
+  size_t connection_changed_count_;
+
+  DISALLOW_COPY_AND_ASSIGN(TestSocketPerformanceWatcher);
+};
+
+// TestSocketPerformanceWatcher requires kernel support for tcp_info struct, and
+// so it is enabled only on certain platforms.
+#if defined(TCP_INFO) || defined(OS_LINUX)
+#define MAYBE_TestSocketPerformanceWatcher TestSocketPerformanceWatcher
+#else
+#define MAYBE_TestSocketPerformanceWatcher TestSocketPerformanceWatcher
+#endif
+// Tests if the socket performance watcher is notified if the same socket is
+// used for a different connection.
+TEST(TCPClientSocketTest, MAYBE_TestSocketPerformanceWatcher) {
+  const size_t kNumIPs = 2;
+  IPAddressList ip_list;
+  for (size_t i = 0; i < kNumIPs; ++i)
+    ip_list.push_back(IPAddress(72, 14, 213, i));
+
+  std::unique_ptr<TestSocketPerformanceWatcher> watcher(
+      new TestSocketPerformanceWatcher());
+  TestSocketPerformanceWatcher* watcher_ptr = watcher.get();
+
+  TCPClientSocket socket(
+      AddressList::CreateFromIPAddressList(ip_list, "example.com"),
+      std::move(watcher), NULL, NetLog::Source());
+
+  EXPECT_EQ(OK, socket.Bind(IPEndPoint(IPAddress::IPv4Localhost(), 0)));
+
+  TestCompletionCallback connect_callback;
+
+  ASSERT_NE(OK, connect_callback.GetResult(
+                    socket.Connect(connect_callback.callback())));
+
+  EXPECT_EQ(kNumIPs - 1, watcher_ptr->connection_changed_count());
+}
+
 }  // namespace
 
 }  // namespace net
diff --git a/chromium/net/socket/tcp_server_socket.cc b/chromium/net/socket/tcp_server_socket.cc
index 06f75122033..d617fa596c4 100644
--- a/chromium/net/socket/tcp_server_socket.cc
+++ b/chromium/net/socket/tcp_server_socket.cc
@@ -15,9 +15,7 @@
 namespace net {
 
 TCPServerSocket::TCPServerSocket(NetLog* net_log, const NetLog::Source& source)
-    : socket_(net_log, source),
-      pending_accept_(false) {
-}
+    : socket_(nullptr, net_log, source), pending_accept_(false) {}
 
 TCPServerSocket::~TCPServerSocket() {
 }
@@ -52,7 +50,7 @@ int TCPServerSocket::GetLocalAddress(IPEndPoint* address) const {
   return socket_.GetLocalAddress(address);
 }
 
-int TCPServerSocket::Accept(scoped_ptr<StreamSocket>* socket,
+int TCPServerSocket::Accept(std::unique_ptr<StreamSocket>* socket,
                             const CompletionCallback& callback) {
   DCHECK(socket);
   DCHECK(!callback.is_null());
@@ -87,9 +85,9 @@ void TCPServerSocket::DetachFromThread() {
 
 int TCPServerSocket::ConvertAcceptedSocket(
     int result,
-    scoped_ptr<StreamSocket>* output_accepted_socket) {
+    std::unique_ptr<StreamSocket>* output_accepted_socket) {
   // Make sure the TCPSocket object is destroyed in any case.
-  scoped_ptr<TCPSocket> temp_accepted_socket(std::move(accepted_socket_));
+  std::unique_ptr<TCPSocket> temp_accepted_socket(std::move(accepted_socket_));
   if (result != OK)
     return result;
 
@@ -100,7 +98,7 @@ int TCPServerSocket::ConvertAcceptedSocket(
 }
 
 void TCPServerSocket::OnAcceptCompleted(
-    scoped_ptr<StreamSocket>* output_accepted_socket,
+    std::unique_ptr<StreamSocket>* output_accepted_socket,
     const CompletionCallback& forward_callback,
     int result) {
   result = ConvertAcceptedSocket(result, output_accepted_socket);
diff --git a/chromium/net/socket/tcp_server_socket.h b/chromium/net/socket/tcp_server_socket.h
index 7611ff911b9..993d4bafdc7 100644
--- a/chromium/net/socket/tcp_server_socket.h
+++ b/chromium/net/socket/tcp_server_socket.h
@@ -5,8 +5,9 @@
 #ifndef NET_SOCKET_TCP_SERVER_SOCKET_H_
 #define NET_SOCKET_TCP_SERVER_SOCKET_H_
 
+#include <memory>
+
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/ip_endpoint.h"
 #include "net/base/net_export.h"
 #include "net/log/net_log.h"
@@ -23,7 +24,7 @@ class NET_EXPORT TCPServerSocket : public ServerSocket {
   // net::ServerSocket implementation.
   int Listen(const IPEndPoint& address, int backlog) override;
   int GetLocalAddress(IPEndPoint* address) const override;
-  int Accept(scoped_ptr<StreamSocket>* socket,
+  int Accept(std::unique_ptr<StreamSocket>* socket,
              const CompletionCallback& callback) override;
 
   // Detachs from the current thread, to allow the socket to be transferred to
@@ -36,16 +37,17 @@ class NET_EXPORT TCPServerSocket : public ServerSocket {
   // |output_accepted_socket|.
   // |output_accepted_socket| is untouched on failure. But |accepted_socket_| is
   // set to NULL in any case.
-  int ConvertAcceptedSocket(int result,
-                            scoped_ptr<StreamSocket>* output_accepted_socket);
+  int ConvertAcceptedSocket(
+      int result,
+      std::unique_ptr<StreamSocket>* output_accepted_socket);
   // Completion callback for calling TCPSocket::Accept().
-  void OnAcceptCompleted(scoped_ptr<StreamSocket>* output_accepted_socket,
+  void OnAcceptCompleted(std::unique_ptr<StreamSocket>* output_accepted_socket,
                          const CompletionCallback& forward_callback,
                          int result);
 
   TCPSocket socket_;
 
-  scoped_ptr<TCPSocket> accepted_socket_;
+  std::unique_ptr<TCPSocket> accepted_socket_;
   IPEndPoint accepted_address_;
   bool pending_accept_;
 
diff --git a/chromium/net/socket/tcp_server_socket_unittest.cc b/chromium/net/socket/tcp_server_socket_unittest.cc
index 651cd6964ad..a0d6c49c98c 100644
--- a/chromium/net/socket/tcp_server_socket_unittest.cc
+++ b/chromium/net/socket/tcp_server_socket_unittest.cc
@@ -4,12 +4,12 @@
 
 #include "net/socket/tcp_server_socket.h"
 
+#include <memory>
 #include <string>
 #include <vector>
 
 #include "base/compiler_specific.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/address_list.h"
 #include "net/base/io_buffer.h"
 #include "net/base/ip_address.h"
@@ -67,12 +67,12 @@ TEST_F(TCPServerSocketTest, Accept) {
   ASSERT_NO_FATAL_FAILURE(SetUpIPv4());
 
   TestCompletionCallback connect_callback;
-  TCPClientSocket connecting_socket(local_address_list(),
-                                    NULL, NetLog::Source());
+  TCPClientSocket connecting_socket(local_address_list(), NULL, NULL,
+                                    NetLog::Source());
   connecting_socket.Connect(connect_callback.callback());
 
   TestCompletionCallback accept_callback;
-  scoped_ptr<StreamSocket> accepted_socket;
+  std::unique_ptr<StreamSocket> accepted_socket;
   int result = socket_.Accept(&accepted_socket, accept_callback.callback());
   if (result == ERR_IO_PENDING)
     result = accept_callback.WaitForResult();
@@ -92,14 +92,14 @@ TEST_F(TCPServerSocketTest, AcceptAsync) {
   ASSERT_NO_FATAL_FAILURE(SetUpIPv4());
 
   TestCompletionCallback accept_callback;
-  scoped_ptr<StreamSocket> accepted_socket;
+  std::unique_ptr<StreamSocket> accepted_socket;
 
   ASSERT_EQ(ERR_IO_PENDING,
             socket_.Accept(&accepted_socket, accept_callback.callback()));
 
   TestCompletionCallback connect_callback;
-  TCPClientSocket connecting_socket(local_address_list(),
-                                    NULL, NetLog::Source());
+  TCPClientSocket connecting_socket(local_address_list(), NULL, NULL,
+                                    NetLog::Source());
   connecting_socket.Connect(connect_callback.callback());
 
   EXPECT_EQ(OK, connect_callback.WaitForResult());
@@ -117,25 +117,25 @@ TEST_F(TCPServerSocketTest, Accept2Connections) {
   ASSERT_NO_FATAL_FAILURE(SetUpIPv4());
 
   TestCompletionCallback accept_callback;
-  scoped_ptr<StreamSocket> accepted_socket;
+  std::unique_ptr<StreamSocket> accepted_socket;
 
   ASSERT_EQ(ERR_IO_PENDING,
             socket_.Accept(&accepted_socket, accept_callback.callback()));
 
   TestCompletionCallback connect_callback;
-  TCPClientSocket connecting_socket(local_address_list(),
-                                    NULL, NetLog::Source());
+  TCPClientSocket connecting_socket(local_address_list(), NULL, NULL,
+                                    NetLog::Source());
   connecting_socket.Connect(connect_callback.callback());
 
   TestCompletionCallback connect_callback2;
-  TCPClientSocket connecting_socket2(local_address_list(),
-                                     NULL, NetLog::Source());
+  TCPClientSocket connecting_socket2(local_address_list(), NULL, NULL,
+                                     NetLog::Source());
   connecting_socket2.Connect(connect_callback2.callback());
 
   EXPECT_EQ(OK, accept_callback.WaitForResult());
 
   TestCompletionCallback accept_callback2;
-  scoped_ptr<StreamSocket> accepted_socket2;
+  std::unique_ptr<StreamSocket> accepted_socket2;
   int result = socket_.Accept(&accepted_socket2, accept_callback2.callback());
   if (result == ERR_IO_PENDING)
     result = accept_callback2.WaitForResult();
@@ -160,12 +160,12 @@ TEST_F(TCPServerSocketTest, AcceptIPv6) {
     return;
 
   TestCompletionCallback connect_callback;
-  TCPClientSocket connecting_socket(local_address_list(),
-                                    NULL, NetLog::Source());
+  TCPClientSocket connecting_socket(local_address_list(), NULL, NULL,
+                                    NetLog::Source());
   connecting_socket.Connect(connect_callback.callback());
 
   TestCompletionCallback accept_callback;
-  scoped_ptr<StreamSocket> accepted_socket;
+  std::unique_ptr<StreamSocket> accepted_socket;
   int result = socket_.Accept(&accepted_socket, accept_callback.callback());
   if (result == ERR_IO_PENDING)
     result = accept_callback.WaitForResult();
@@ -184,12 +184,12 @@ TEST_F(TCPServerSocketTest, AcceptIO) {
   ASSERT_NO_FATAL_FAILURE(SetUpIPv4());
 
   TestCompletionCallback connect_callback;
-  TCPClientSocket connecting_socket(local_address_list(),
-                                    NULL, NetLog::Source());
+  TCPClientSocket connecting_socket(local_address_list(), NULL, NULL,
+                                    NetLog::Source());
   connecting_socket.Connect(connect_callback.callback());
 
   TestCompletionCallback accept_callback;
-  scoped_ptr<StreamSocket> accepted_socket;
+  std::unique_ptr<StreamSocket> accepted_socket;
   int result = socket_.Accept(&accepted_socket, accept_callback.callback());
   ASSERT_EQ(OK, accept_callback.GetResult(result));
 
diff --git a/chromium/net/socket/tcp_socket_posix.cc b/chromium/net/socket/tcp_socket_posix.cc
index 95fe6b5bd01..10247715cd1 100644
--- a/chromium/net/socket/tcp_socket_posix.cc
+++ b/chromium/net/socket/tcp_socket_posix.cc
@@ -14,8 +14,10 @@
 #include "base/logging.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/posix/eintr_wrapper.h"
+#include "base/profiler/scoped_tracker.h"
 #include "base/task_runner_util.h"
 #include "base/threading/worker_pool.h"
+#include "base/time/default_tick_clock.h"
 #include "net/base/address_list.h"
 #include "net/base/connection_type_histograms.h"
 #include "net/base/io_buffer.h"
@@ -136,8 +138,14 @@ void CheckSupportAndMaybeEnableTCPFastOpen(bool user_enabled) {
 #endif
 }
 
-TCPSocketPosix::TCPSocketPosix(NetLog* net_log, const NetLog::Source& source)
-    : use_tcp_fastopen_(false),
+TCPSocketPosix::TCPSocketPosix(
+    std::unique_ptr<SocketPerformanceWatcher> socket_performance_watcher,
+    NetLog* net_log,
+    const NetLog::Source& source)
+    : socket_performance_watcher_(std::move(socket_performance_watcher)),
+      tick_clock_(new base::DefaultTickClock()),
+      rtt_notifications_minimum_interval_(base::TimeDelta::FromSeconds(1)),
+      use_tcp_fastopen_(false),
       tcp_fastopen_write_attempted_(false),
       tcp_fastopen_connected_(false),
       tcp_fastopen_status_(TCP_FASTOPEN_STATUS_UNKNOWN),
@@ -194,7 +202,7 @@ int TCPSocketPosix::Listen(int backlog) {
   return socket_->Listen(backlog);
 }
 
-int TCPSocketPosix::Accept(scoped_ptr<TCPSocketPosix>* tcp_socket,
+int TCPSocketPosix::Accept(std::unique_ptr<TCPSocketPosix>* tcp_socket,
                            IPEndPoint* address,
                            const CompletionCallback& callback) {
   DCHECK(tcp_socket);
@@ -474,16 +482,22 @@ void TCPSocketPosix::EndLoggingMultipleConnectAttempts(int net_error) {
   }
 }
 
-void TCPSocketPosix::AcceptCompleted(scoped_ptr<TCPSocketPosix>* tcp_socket,
-                                     IPEndPoint* address,
-                                     const CompletionCallback& callback,
-                                     int rv) {
+void TCPSocketPosix::SetTickClockForTesting(
+    std::unique_ptr<base::TickClock> tick_clock) {
+  tick_clock_ = std::move(tick_clock);
+}
+
+void TCPSocketPosix::AcceptCompleted(
+    std::unique_ptr<TCPSocketPosix>* tcp_socket,
+    IPEndPoint* address,
+    const CompletionCallback& callback,
+    int rv) {
   DCHECK_NE(ERR_IO_PENDING, rv);
   callback.Run(HandleAcceptCompleted(tcp_socket, address, rv));
 }
 
 int TCPSocketPosix::HandleAcceptCompleted(
-    scoped_ptr<TCPSocketPosix>* tcp_socket,
+    std::unique_ptr<TCPSocketPosix>* tcp_socket,
     IPEndPoint* address,
     int rv) {
   if (rv == OK)
@@ -499,8 +513,9 @@ int TCPSocketPosix::HandleAcceptCompleted(
   return rv;
 }
 
-int TCPSocketPosix::BuildTcpSocketPosix(scoped_ptr<TCPSocketPosix>* tcp_socket,
-                                        IPEndPoint* address) {
+int TCPSocketPosix::BuildTcpSocketPosix(
+    std::unique_ptr<TCPSocketPosix>* tcp_socket,
+    IPEndPoint* address) {
   DCHECK(accept_socket_);
 
   SockaddrStorage storage;
@@ -510,24 +525,26 @@ int TCPSocketPosix::BuildTcpSocketPosix(scoped_ptr<TCPSocketPosix>* tcp_socket,
     return ERR_ADDRESS_INVALID;
   }
 
-  tcp_socket->reset(new TCPSocketPosix(net_log_.net_log(), net_log_.source()));
+  tcp_socket->reset(
+      new TCPSocketPosix(nullptr, net_log_.net_log(), net_log_.source()));
   (*tcp_socket)->socket_.reset(accept_socket_.release());
   return OK;
 }
 
 void TCPSocketPosix::ConnectCompleted(const CompletionCallback& callback,
-                                      int rv) const {
+                                      int rv) {
   DCHECK_NE(ERR_IO_PENDING, rv);
   callback.Run(HandleConnectCompleted(rv));
 }
 
-int TCPSocketPosix::HandleConnectCompleted(int rv) const {
+int TCPSocketPosix::HandleConnectCompleted(int rv) {
   // Log the end of this attempt (and any OS error it threw).
   if (rv != OK) {
     net_log_.EndEvent(NetLog::TYPE_TCP_CONNECT_ATTEMPT,
                       NetLog::IntCallback("os_error", errno));
   } else {
     net_log_.EndEvent(NetLog::TYPE_TCP_CONNECT_ATTEMPT);
+    NotifySocketPerformanceWatcher();
   }
 
   // Give a more specific error when the user is offline.
@@ -597,6 +614,11 @@ int TCPSocketPosix::HandleReadCompleted(IOBuffer* buf, int rv) {
                       CreateNetLogSocketErrorCallback(rv, errno));
     return rv;
   }
+
+  // Notify the watcher only if at least 1 byte was read.
+  if (rv > 0)
+    NotifySocketPerformanceWatcher();
+
   net_log_.AddByteTransferEvent(NetLog::TYPE_SOCKET_BYTES_RECEIVED, rv,
                                 buf->data());
   NetworkActivityMonitor::GetInstance()->IncrementBytesReceived(rv);
@@ -628,6 +650,11 @@ int TCPSocketPosix::HandleWriteCompleted(IOBuffer* buf, int rv) {
                       CreateNetLogSocketErrorCallback(rv, errno));
     return rv;
   }
+
+  // Notify the watcher only if at least 1 byte was written.
+  if (rv > 0)
+    NotifySocketPerformanceWatcher();
+
   net_log_.AddByteTransferEvent(NetLog::TYPE_SOCKET_BYTES_SENT, rv,
                                 buf->data());
   NetworkActivityMonitor::GetInstance()->IncrementBytesSent(rv);
@@ -695,6 +722,45 @@ int TCPSocketPosix::TcpFastOpenWrite(IOBuffer* buf,
   return socket_->WaitForWrite(buf, buf_len, callback);
 }
 
+void TCPSocketPosix::NotifySocketPerformanceWatcher() {
+#if defined(TCP_INFO)
+  // TODO(tbansal): Remove ScopedTracker once crbug.com/590254 is fixed.
+  tracked_objects::ScopedTracker tracking_profile(
+      FROM_HERE_WITH_EXPLICIT_FUNCTION(
+          "590254 TCPSocketPosix::NotifySocketPerformanceWatcher"));
+
+  const base::TimeTicks now_ticks = tick_clock_->NowTicks();
+  // Do not notify |socket_performance_watcher_| if the last notification was
+  // recent than |rtt_notifications_minimum_interval_| ago. This helps in
+  // reducing the overall overhead of the tcp_info syscalls.
+  if (now_ticks - last_rtt_notification_ < rtt_notifications_minimum_interval_)
+    return;
+
+  // Check if |socket_performance_watcher_| is interested in receiving a RTT
+  // update notification.
+  if (!socket_performance_watcher_ ||
+      !socket_performance_watcher_->ShouldNotifyUpdatedRTT()) {
+    return;
+  }
+
+  tcp_info info;
+  if (!GetTcpInfo(socket_->socket_fd(), &info))
+    return;
+
+  // Only notify the |socket_performance_watcher_| if the RTT in |tcp_info|
+  // struct was populated. A value of 0 may be valid in certain cases
+  // (on very fast networks), but it is discarded. This means that
+  // some of the RTT values may be missed, but the values that are kept are
+  // guaranteed to be correct.
+  if (info.tcpi_rtt == 0 && info.tcpi_rttvar == 0)
+    return;
+
+  socket_performance_watcher_->OnUpdatedRTTAvailable(
+      base::TimeDelta::FromMicroseconds(info.tcpi_rtt));
+  last_rtt_notification_ = now_ticks;
+#endif  // defined(TCP_INFO)
+}
+
 void TCPSocketPosix::UpdateTCPFastOpenStatusAfterRead() {
   DCHECK(tcp_fastopen_status_ == TCP_FASTOPEN_FAST_CONNECT_RETURN ||
          tcp_fastopen_status_ == TCP_FASTOPEN_SLOW_CONNECT_RETURN);
diff --git a/chromium/net/socket/tcp_socket_posix.h b/chromium/net/socket/tcp_socket_posix.h
index 98849e45a19..4d157e7ee9e 100644
--- a/chromium/net/socket/tcp_socket_posix.h
+++ b/chromium/net/socket/tcp_socket_posix.h
@@ -7,15 +7,21 @@
 
 #include <stdint.h>
 
+#include <memory>
+
 #include "base/callback.h"
 #include "base/compiler_specific.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/time/time.h"
 #include "net/base/address_family.h"
 #include "net/base/completion_callback.h"
 #include "net/base/net_export.h"
 #include "net/log/net_log.h"
+#include "net/socket/socket_performance_watcher.h"
+
+namespace base {
+class TickClock;
+}
 
 namespace net {
 
@@ -26,7 +32,12 @@ class SocketPosix;
 
 class NET_EXPORT TCPSocketPosix {
  public:
-  TCPSocketPosix(NetLog* net_log, const NetLog::Source& source);
+  // |socket_performance_watcher| is notified of the performance metrics related
+  // to this socket. |socket_performance_watcher| may be null.
+  TCPSocketPosix(
+      std::unique_ptr<SocketPerformanceWatcher> socket_performance_watcher,
+      NetLog* net_log,
+      const NetLog::Source& source);
   virtual ~TCPSocketPosix();
 
   int Open(AddressFamily family);
@@ -36,7 +47,7 @@ class NET_EXPORT TCPSocketPosix {
   int Bind(const IPEndPoint& address);
 
   int Listen(int backlog);
-  int Accept(scoped_ptr<TCPSocketPosix>* socket,
+  int Accept(std::unique_ptr<TCPSocketPosix>* socket,
              IPEndPoint* address,
              const CompletionCallback& callback);
 
@@ -95,6 +106,8 @@ class NET_EXPORT TCPSocketPosix {
   void StartLoggingMultipleConnectAttempts(const AddressList& addresses);
   void EndLoggingMultipleConnectAttempts(int net_error);
 
+  void SetTickClockForTesting(std::unique_ptr<base::TickClock> tick_clock);
+
   const BoundNetLog& net_log() const { return net_log_; }
 
  private:
@@ -167,18 +180,18 @@ class NET_EXPORT TCPSocketPosix {
     TCP_FASTOPEN_MAX_VALUE
   };
 
-  void AcceptCompleted(scoped_ptr<TCPSocketPosix>* tcp_socket,
+  void AcceptCompleted(std::unique_ptr<TCPSocketPosix>* tcp_socket,
                        IPEndPoint* address,
                        const CompletionCallback& callback,
                        int rv);
-  int HandleAcceptCompleted(scoped_ptr<TCPSocketPosix>* tcp_socket,
+  int HandleAcceptCompleted(std::unique_ptr<TCPSocketPosix>* tcp_socket,
                             IPEndPoint* address,
                             int rv);
-  int BuildTcpSocketPosix(scoped_ptr<TCPSocketPosix>* tcp_socket,
+  int BuildTcpSocketPosix(std::unique_ptr<TCPSocketPosix>* tcp_socket,
                           IPEndPoint* address);
 
-  void ConnectCompleted(const CompletionCallback& callback, int rv) const;
-  int HandleConnectCompleted(int rv) const;
+  void ConnectCompleted(const CompletionCallback& callback, int rv);
+  int HandleConnectCompleted(int rv);
   void LogConnectBegin(const AddressList& addresses) const;
   void LogConnectEnd(int net_error) const;
 
@@ -195,11 +208,29 @@ class NET_EXPORT TCPSocketPosix {
                        int buf_len,
                        const CompletionCallback& callback);
 
+  // Notifies |socket_performance_watcher_| of the latest RTT estimate available
+  // from the tcp_info struct for this TCP socket.
+  void NotifySocketPerformanceWatcher();
+
   // Called after the first read completes on a TCP FastOpen socket.
   void UpdateTCPFastOpenStatusAfterRead();
 
-  scoped_ptr<SocketPosix> socket_;
-  scoped_ptr<SocketPosix> accept_socket_;
+  std::unique_ptr<SocketPosix> socket_;
+  std::unique_ptr<SocketPosix> accept_socket_;
+
+  // Socket performance statistics (such as RTT) are reported to the
+  // |socket_performance_watcher_|. May be nullptr.
+  std::unique_ptr<SocketPerformanceWatcher> socket_performance_watcher_;
+
+  std::unique_ptr<base::TickClock> tick_clock_;
+
+  // Minimum interval betweeen consecutive notifications to
+  // |socket_performance_watcher_|.
+  const base::TimeDelta rtt_notifications_minimum_interval_;
+
+  // Time when the |socket_performance_watcher_| was last notified of updated
+  // RTT.
+  base::TimeTicks last_rtt_notification_;
 
   // Enables experimental TCP FastOpen option.
   bool use_tcp_fastopen_;
diff --git a/chromium/net/socket/tcp_socket_unittest.cc b/chromium/net/socket/tcp_socket_unittest.cc
index 15f93551673..b24d104fd69 100644
--- a/chromium/net/socket/tcp_socket_unittest.cc
+++ b/chromium/net/socket/tcp_socket_unittest.cc
@@ -4,13 +4,16 @@
 
 #include "net/socket/tcp_socket.h"
 
+#include <stddef.h>
 #include <string.h>
 
+#include <memory>
 #include <string>
 #include <vector>
 
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
+#include "base/test/simple_test_tick_clock.h"
+#include "base/time/time.h"
 #include "net/base/address_list.h"
 #include "net/base/io_buffer.h"
 #include "net/base/ip_endpoint.h"
@@ -18,6 +21,7 @@
 #include "net/base/net_errors.h"
 #include "net/base/sockaddr_storage.h"
 #include "net/base/test_completion_callback.h"
+#include "net/socket/socket_performance_watcher.h"
 #include "net/socket/tcp_client_socket.h"
 #include "testing/gtest/include/gtest/gtest.h"
 #include "testing/platform_test.h"
@@ -25,12 +29,42 @@
 namespace net {
 
 namespace {
+
+class TestSocketPerformanceWatcher : public SocketPerformanceWatcher {
+ public:
+  explicit TestSocketPerformanceWatcher(bool should_notify_updated_rtt)
+      : should_notify_updated_rtt_(should_notify_updated_rtt),
+        connection_changed_count_(0u),
+        rtt_notification_count_(0u) {}
+  ~TestSocketPerformanceWatcher() override {}
+
+  bool ShouldNotifyUpdatedRTT() const override {
+    return should_notify_updated_rtt_;
+  }
+
+  void OnUpdatedRTTAvailable(const base::TimeDelta& rtt) override {
+    rtt_notification_count_++;
+  }
+
+  void OnConnectionChanged() override { connection_changed_count_++; }
+
+  size_t rtt_notification_count() const { return rtt_notification_count_; }
+
+  size_t connection_changed_count() const { return connection_changed_count_; }
+
+ private:
+  const bool should_notify_updated_rtt_;
+  size_t connection_changed_count_;
+  size_t rtt_notification_count_;
+
+  DISALLOW_COPY_AND_ASSIGN(TestSocketPerformanceWatcher);
+};
+
 const int kListenBacklog = 5;
 
 class TCPSocketTest : public PlatformTest {
  protected:
-  TCPSocketTest() : socket_(NULL, NetLog::Source()) {
-  }
+  TCPSocketTest() : socket_(NULL, NULL, NetLog::Source()) {}
 
   void SetUpListenIPv4() {
     ASSERT_EQ(OK, socket_.Open(ADDRESS_FAMILY_IPV4));
@@ -55,15 +89,15 @@ class TCPSocketTest : public PlatformTest {
 
   void TestAcceptAsync() {
     TestCompletionCallback accept_callback;
-    scoped_ptr<TCPSocket> accepted_socket;
+    std::unique_ptr<TCPSocket> accepted_socket;
     IPEndPoint accepted_address;
     ASSERT_EQ(ERR_IO_PENDING,
               socket_.Accept(&accepted_socket, &accepted_address,
                              accept_callback.callback()));
 
     TestCompletionCallback connect_callback;
-    TCPClientSocket connecting_socket(local_address_list(),
-                                      NULL, NetLog::Source());
+    TCPClientSocket connecting_socket(local_address_list(), NULL, NULL,
+                                      NetLog::Source());
     connecting_socket.Connect(connect_callback.callback());
 
     EXPECT_EQ(OK, connect_callback.WaitForResult());
@@ -75,6 +109,87 @@ class TCPSocketTest : public PlatformTest {
     EXPECT_EQ(accepted_address.address(), local_address_.address());
   }
 
+#if defined(TCP_INFO) || defined(OS_LINUX)
+  // Tests that notifications to Socket Performance Watcher (SPW) are delivered
+  // correctly. |advance_ticks| is the duration by which the clock is advanced
+  // before a message is read. |should_notify_updated_rtt| is true if the SPW
+  // is interested in receiving RTT notifications. |num_messages| is the number
+  // of messages that are written/read by the sockets.
+  // |expect_connection_changed_count| is the expected number of connection
+  // change notifications received by the SPW. |expect_rtt_notification_count|
+  // is the expected number of RTT notifications received by the SPW.
+  // This test works by writing |num_messages| to the socket. A different
+  // socket (with a SPW attached to it) reads the messages.
+  void TestSPWNotifications(const base::TimeDelta& advance_ticks,
+                            bool should_notify_updated_rtt,
+                            size_t num_messages,
+                            size_t expect_connection_changed_count,
+                            size_t expect_rtt_notification_count) {
+    ASSERT_NO_FATAL_FAILURE(SetUpListenIPv4());
+
+    std::unique_ptr<base::SimpleTestTickClock> tick_clock(
+        new base::SimpleTestTickClock());
+    base::SimpleTestTickClock* tick_clock_ptr = tick_clock.get();
+    tick_clock_ptr->SetNowTicks(base::TimeTicks::Now());
+
+    TestCompletionCallback connect_callback;
+
+    std::unique_ptr<TestSocketPerformanceWatcher> watcher(
+        new TestSocketPerformanceWatcher(should_notify_updated_rtt));
+    TestSocketPerformanceWatcher* watcher_ptr = watcher.get();
+
+    TCPSocket connecting_socket(std::move(watcher), NULL, NetLog::Source());
+    connecting_socket.SetTickClockForTesting(std::move(tick_clock));
+
+    int result = connecting_socket.Open(ADDRESS_FAMILY_IPV4);
+    ASSERT_EQ(OK, result);
+    connecting_socket.Connect(local_address_, connect_callback.callback());
+
+    TestCompletionCallback accept_callback;
+    std::unique_ptr<TCPSocket> accepted_socket;
+    IPEndPoint accepted_address;
+    result = socket_.Accept(&accepted_socket, &accepted_address,
+                            accept_callback.callback());
+    ASSERT_EQ(OK, accept_callback.GetResult(result));
+
+    ASSERT_TRUE(accepted_socket.get());
+
+    // Both sockets should be on the loopback network interface.
+    EXPECT_EQ(accepted_address.address(), local_address_.address());
+
+    ASSERT_EQ(OK, connect_callback.WaitForResult());
+
+    for (size_t i = 0; i < num_messages; ++i) {
+      tick_clock_ptr->Advance(advance_ticks);
+
+      // Use a 1 byte message so that the watcher is notified at most once per
+      // message.
+      const std::string message("t");
+
+      scoped_refptr<IOBufferWithSize> write_buffer(
+          new IOBufferWithSize(message.size()));
+      memmove(write_buffer->data(), message.data(), message.size());
+
+      TestCompletionCallback write_callback;
+      int write_result = accepted_socket->Write(
+          write_buffer.get(), write_buffer->size(), write_callback.callback());
+
+      scoped_refptr<IOBufferWithSize> read_buffer(
+          new IOBufferWithSize(message.size()));
+      TestCompletionCallback read_callback;
+      int read_result = connecting_socket.Read(
+          read_buffer.get(), read_buffer->size(), read_callback.callback());
+
+      ASSERT_EQ(1, write_callback.GetResult(write_result));
+      ASSERT_EQ(1, read_callback.GetResult(read_result));
+    }
+    EXPECT_EQ(expect_connection_changed_count,
+              watcher_ptr->connection_changed_count());
+    EXPECT_EQ(expect_rtt_notification_count,
+              watcher_ptr->rtt_notification_count());
+  }
+#endif  // defined(TCP_INFO) || defined(OS_LINUX)
+
   AddressList local_address_list() const {
     return AddressList(local_address_);
   }
@@ -90,12 +205,12 @@ TEST_F(TCPSocketTest, Accept) {
   TestCompletionCallback connect_callback;
   // TODO(yzshen): Switch to use TCPSocket when it supports client socket
   // operations.
-  TCPClientSocket connecting_socket(local_address_list(),
-                                    NULL, NetLog::Source());
+  TCPClientSocket connecting_socket(local_address_list(), NULL, NULL,
+                                    NetLog::Source());
   connecting_socket.Connect(connect_callback.callback());
 
   TestCompletionCallback accept_callback;
-  scoped_ptr<TCPSocket> accepted_socket;
+  std::unique_ptr<TCPSocket> accepted_socket;
   IPEndPoint accepted_address;
   int result = socket_.Accept(&accepted_socket, &accepted_address,
                               accept_callback.callback());
@@ -141,7 +256,7 @@ TEST_F(TCPSocketTest, Accept2Connections) {
   ASSERT_NO_FATAL_FAILURE(SetUpListenIPv4());
 
   TestCompletionCallback accept_callback;
-  scoped_ptr<TCPSocket> accepted_socket;
+  std::unique_ptr<TCPSocket> accepted_socket;
   IPEndPoint accepted_address;
 
   ASSERT_EQ(ERR_IO_PENDING,
@@ -149,19 +264,19 @@ TEST_F(TCPSocketTest, Accept2Connections) {
                            accept_callback.callback()));
 
   TestCompletionCallback connect_callback;
-  TCPClientSocket connecting_socket(local_address_list(),
-                                    NULL, NetLog::Source());
+  TCPClientSocket connecting_socket(local_address_list(), NULL, NULL,
+                                    NetLog::Source());
   connecting_socket.Connect(connect_callback.callback());
 
   TestCompletionCallback connect_callback2;
-  TCPClientSocket connecting_socket2(local_address_list(),
-                                     NULL, NetLog::Source());
+  TCPClientSocket connecting_socket2(local_address_list(), NULL, NULL,
+                                     NetLog::Source());
   connecting_socket2.Connect(connect_callback2.callback());
 
   EXPECT_EQ(OK, accept_callback.WaitForResult());
 
   TestCompletionCallback accept_callback2;
-  scoped_ptr<TCPSocket> accepted_socket2;
+  std::unique_ptr<TCPSocket> accepted_socket2;
   IPEndPoint accepted_address2;
 
   int result = socket_.Accept(&accepted_socket2, &accepted_address2,
@@ -189,12 +304,12 @@ TEST_F(TCPSocketTest, AcceptIPv6) {
     return;
 
   TestCompletionCallback connect_callback;
-  TCPClientSocket connecting_socket(local_address_list(),
-                                    NULL, NetLog::Source());
+  TCPClientSocket connecting_socket(local_address_list(), NULL, NULL,
+                                    NetLog::Source());
   connecting_socket.Connect(connect_callback.callback());
 
   TestCompletionCallback accept_callback;
-  scoped_ptr<TCPSocket> accepted_socket;
+  std::unique_ptr<TCPSocket> accepted_socket;
   IPEndPoint accepted_address;
   int result = socket_.Accept(&accepted_socket, &accepted_address,
                               accept_callback.callback());
@@ -214,13 +329,13 @@ TEST_F(TCPSocketTest, ReadWrite) {
   ASSERT_NO_FATAL_FAILURE(SetUpListenIPv4());
 
   TestCompletionCallback connect_callback;
-  TCPSocket connecting_socket(NULL, NetLog::Source());
+  TCPSocket connecting_socket(NULL, NULL, NetLog::Source());
   int result = connecting_socket.Open(ADDRESS_FAMILY_IPV4);
   ASSERT_EQ(OK, result);
   connecting_socket.Connect(local_address_, connect_callback.callback());
 
   TestCompletionCallback accept_callback;
-  scoped_ptr<TCPSocket> accepted_socket;
+  std::unique_ptr<TCPSocket> accepted_socket;
   IPEndPoint accepted_address;
   result = socket_.Accept(&accepted_socket, &accepted_address,
                           accept_callback.callback());
@@ -270,5 +385,30 @@ TEST_F(TCPSocketTest, ReadWrite) {
   ASSERT_EQ(message, received_message);
 }
 
+// These tests require kernel support for tcp_info struct, and so they are
+// enabled only on certain platforms.
+#if defined(TCP_INFO) || defined(OS_LINUX)
+// If SocketPerformanceWatcher::ShouldNotifyUpdatedRTT always returns false,
+// then the wtatcher should not receive any notifications.
+TEST_F(TCPSocketTest, SPWNotInterested) {
+  TestSPWNotifications(base::TimeDelta::FromSeconds(0), false, 2u, 0u, 0u);
+}
+
+// One notification should be received when the socket connects. No additional
+// notifications should be received when the message is read because the clock
+// is not advanced.
+TEST_F(TCPSocketTest, SPWNoAdvance) {
+  TestSPWNotifications(base::TimeDelta::FromSeconds(0), true, 2u, 0u, 1u);
+}
+
+// One notification should be received when the socket connects. One
+// additional notification should be received for each message read since this
+// test advances clock by 2 seconds (which is longer than the minimum interval
+// between consecutive notifications) before every read.
+TEST_F(TCPSocketTest, SPWAdvance) {
+  TestSPWNotifications(base::TimeDelta::FromSeconds(2), true, 2u, 0u, 3u);
+}
+#endif  // defined(TCP_INFO) || defined(OS_LINUX)
+
 }  // namespace
 }  // namespace net
diff --git a/chromium/net/socket/tcp_socket_win.cc b/chromium/net/socket/tcp_socket_win.cc
index 0d11a0d7443..d4bdabd1416 100644
--- a/chromium/net/socket/tcp_socket_win.cc
+++ b/chromium/net/socket/tcp_socket_win.cc
@@ -242,9 +242,12 @@ void TCPSocketWin::Core::WriteDelegate::OnObjectSignaled(
 
 //-----------------------------------------------------------------------------
 
-TCPSocketWin::TCPSocketWin(net::NetLog* net_log,
-                           const net::NetLog::Source& source)
+TCPSocketWin::TCPSocketWin(
+    std::unique_ptr<SocketPerformanceWatcher> socket_performance_watcher,
+    net::NetLog* net_log,
+    const net::NetLog::Source& source)
     : socket_(INVALID_SOCKET),
+      socket_performance_watcher_(std::move(socket_performance_watcher)),
       accept_event_(WSA_INVALID_EVENT),
       accept_socket_(NULL),
       accept_address_(NULL),
@@ -360,7 +363,7 @@ int TCPSocketWin::Listen(int backlog) {
   return OK;
 }
 
-int TCPSocketWin::Accept(scoped_ptr<TCPSocketWin>* socket,
+int TCPSocketWin::Accept(std::unique_ptr<TCPSocketWin>* socket,
                          IPEndPoint* address,
                          const CompletionCallback& callback) {
   DCHECK(CalledOnValidThread());
@@ -679,7 +682,7 @@ void TCPSocketWin::EndLoggingMultipleConnectAttempts(int net_error) {
   }
 }
 
-int TCPSocketWin::AcceptInternal(scoped_ptr<TCPSocketWin>* socket,
+int TCPSocketWin::AcceptInternal(std::unique_ptr<TCPSocketWin>* socket,
                                  IPEndPoint* address) {
   SockaddrStorage storage;
   int new_socket = accept(socket_, storage.addr, &storage.addr_len);
@@ -699,8 +702,8 @@ int TCPSocketWin::AcceptInternal(scoped_ptr<TCPSocketWin>* socket,
     net_log_.EndEventWithNetErrorCode(NetLog::TYPE_TCP_ACCEPT, net_error);
     return net_error;
   }
-  scoped_ptr<TCPSocketWin> tcp_socket(new TCPSocketWin(
-      net_log_.net_log(), net_log_.source()));
+  std::unique_ptr<TCPSocketWin> tcp_socket(
+      new TCPSocketWin(NULL, net_log_.net_log(), net_log_.source()));
   int adopt_result = tcp_socket->AdoptConnectedSocket(new_socket, ip_end_point);
   if (adopt_result != OK) {
     net_log_.EndEventWithNetErrorCode(NetLog::TYPE_TCP_ACCEPT, adopt_result);
diff --git a/chromium/net/socket/tcp_socket_win.h b/chromium/net/socket/tcp_socket_win.h
index 1786af11ada..63491f67f4c 100644
--- a/chromium/net/socket/tcp_socket_win.h
+++ b/chromium/net/socket/tcp_socket_win.h
@@ -8,16 +8,18 @@
 #include <stdint.h>
 #include <winsock2.h>
 
+#include <memory>
+
 #include "base/compiler_specific.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/threading/non_thread_safe.h"
 #include "base/win/object_watcher.h"
 #include "net/base/address_family.h"
 #include "net/base/completion_callback.h"
 #include "net/base/net_export.h"
 #include "net/log/net_log.h"
+#include "net/socket/socket_performance_watcher.h"
 
 namespace net {
 
@@ -28,7 +30,10 @@ class IPEndPoint;
 class NET_EXPORT TCPSocketWin : NON_EXPORTED_BASE(public base::NonThreadSafe),
                                 public base::win::ObjectWatcher::Delegate  {
  public:
-  TCPSocketWin(NetLog* net_log, const NetLog::Source& source);
+  TCPSocketWin(
+      std::unique_ptr<SocketPerformanceWatcher> socket_performance_watcher,
+      NetLog* net_log,
+      const NetLog::Source& source);
   ~TCPSocketWin() override;
 
   int Open(AddressFamily family);
@@ -43,7 +48,7 @@ class NET_EXPORT TCPSocketWin : NON_EXPORTED_BASE(public base::NonThreadSafe),
   int Bind(const IPEndPoint& address);
 
   int Listen(int backlog);
-  int Accept(scoped_ptr<TCPSocketWin>* socket,
+  int Accept(std::unique_ptr<TCPSocketWin>* socket,
              IPEndPoint* address,
              const CompletionCallback& callback);
 
@@ -64,7 +69,6 @@ class NET_EXPORT TCPSocketWin : NON_EXPORTED_BASE(public base::NonThreadSafe),
   // - SetExclusiveAddrUse().
   int SetDefaultOptionsForServer();
   // The commonly used options for client sockets and accepted sockets:
-  // - Increase the socket buffer sizes for WinXP;
   // - SetNoDelay(true);
   // - SetKeepAlive(true, 45).
   void SetDefaultOptionsForClient();
@@ -112,7 +116,7 @@ class NET_EXPORT TCPSocketWin : NON_EXPORTED_BASE(public base::NonThreadSafe),
   // base::ObjectWatcher::Delegate implementation.
   void OnObjectSignaled(HANDLE object) override;
 
-  int AcceptInternal(scoped_ptr<TCPSocketWin>* socket,
+  int AcceptInternal(std::unique_ptr<TCPSocketWin>* socket,
                      IPEndPoint* address);
 
   int DoConnect();
@@ -128,10 +132,13 @@ class NET_EXPORT TCPSocketWin : NON_EXPORTED_BASE(public base::NonThreadSafe),
 
   SOCKET socket_;
 
+  // |socket_performance_watcher_| may be nullptr.
+  std::unique_ptr<SocketPerformanceWatcher> socket_performance_watcher_;
+
   HANDLE accept_event_;
   base::win::ObjectWatcher accept_watcher_;
 
-  scoped_ptr<TCPSocketWin>* accept_socket_;
+  std::unique_ptr<TCPSocketWin>* accept_socket_;
   IPEndPoint* accept_address_;
   CompletionCallback accept_callback_;
 
@@ -151,7 +158,7 @@ class NET_EXPORT TCPSocketWin : NON_EXPORTED_BASE(public base::NonThreadSafe),
   // External callback; called when write is complete.
   CompletionCallback write_callback_;
 
-  scoped_ptr<IPEndPoint> peer_address_;
+  std::unique_ptr<IPEndPoint> peer_address_;
   // The OS error that a connect attempt last completed with.
   int connect_os_error_;
 
diff --git a/chromium/net/socket/transport_client_socket_pool.cc b/chromium/net/socket/transport_client_socket_pool.cc
index dbc701a9386..c94c0a1b3c8 100644
--- a/chromium/net/socket/transport_client_socket_pool.cc
+++ b/chromium/net/socket/transport_client_socket_pool.cc
@@ -25,6 +25,8 @@
 #include "net/socket/client_socket_handle.h"
 #include "net/socket/client_socket_pool_base.h"
 #include "net/socket/socket_net_log_params.h"
+#include "net/socket/socket_performance_watcher.h"
+#include "net/socket/socket_performance_watcher_factory.h"
 #include "net/socket/tcp_client_socket.h"
 
 using base::TimeDelta;
@@ -200,6 +202,7 @@ TransportConnectJob::TransportConnectJob(
     const scoped_refptr<TransportSocketParams>& params,
     base::TimeDelta timeout_duration,
     ClientSocketFactory* client_socket_factory,
+    SocketPerformanceWatcherFactory* socket_performance_watcher_factory,
     HostResolver* host_resolver,
     Delegate* delegate,
     NetLog* net_log)
@@ -210,6 +213,7 @@ TransportConnectJob::TransportConnectJob(
                  delegate,
                  BoundNetLog::Make(net_log, NetLog::SOURCE_CONNECT_JOB)),
       helper_(params, client_socket_factory, host_resolver, &connect_timing_),
+      socket_performance_watcher_factory_(socket_performance_watcher_factory),
       interval_between_connects_(CONNECT_INTERVAL_GT_20MS),
       resolve_result_(OK) {
   helper_.SetOnIOComplete(this);
@@ -296,9 +300,17 @@ int TransportConnectJob::DoTransportConnect() {
 
   helper_.set_next_state(
       TransportConnectJobHelper::STATE_TRANSPORT_CONNECT_COMPLETE);
+  // Create a |SocketPerformanceWatcher|, and pass the ownership.
+  std::unique_ptr<SocketPerformanceWatcher> socket_performance_watcher;
+  if (socket_performance_watcher_factory_) {
+    socket_performance_watcher =
+        socket_performance_watcher_factory_->CreateSocketPerformanceWatcher(
+            SocketPerformanceWatcherFactory::PROTOCOL_TCP);
+  }
   transport_socket_ =
       helper_.client_socket_factory()->CreateTransportClientSocket(
-          helper_.addresses(), net_log().net_log(), net_log().source());
+          helper_.addresses(), std::move(socket_performance_watcher),
+          net_log().net_log(), net_log().source());
 
   // If the list contains IPv6 and IPv4 addresses, the first address will
   // be IPv6, and the IPv4 addresses will be tried as fallback addresses,
@@ -413,11 +425,20 @@ void TransportConnectJob::DoIPv6FallbackTransportConnect() {
   DCHECK(!fallback_transport_socket_.get());
   DCHECK(!fallback_addresses_.get());
 
+  // Create a |SocketPerformanceWatcher|, and pass the ownership.
+  std::unique_ptr<SocketPerformanceWatcher> socket_performance_watcher;
+  if (socket_performance_watcher_factory_) {
+    socket_performance_watcher =
+        socket_performance_watcher_factory_->CreateSocketPerformanceWatcher(
+            SocketPerformanceWatcherFactory::PROTOCOL_TCP);
+  }
+
   fallback_addresses_.reset(new AddressList(helper_.addresses()));
   MakeAddressListStartWithIPv4(fallback_addresses_.get());
   fallback_transport_socket_ =
       helper_.client_socket_factory()->CreateTransportClientSocket(
-          *fallback_addresses_, net_log().net_log(), net_log().source());
+          *fallback_addresses_, std::move(socket_performance_watcher),
+          net_log().net_log(), net_log().source());
   fallback_connect_start_time_ = base::TimeTicks::Now();
   int rv = fallback_transport_socket_->Connect(
       base::Bind(
@@ -484,15 +505,15 @@ void TransportConnectJob::CopyConnectionAttemptsFromSockets() {
   }
 }
 
-scoped_ptr<ConnectJob>
+std::unique_ptr<ConnectJob>
 TransportClientSocketPool::TransportConnectJobFactory::NewConnectJob(
     const std::string& group_name,
     const PoolBase::Request& request,
     ConnectJob::Delegate* delegate) const {
-  return scoped_ptr<ConnectJob>(new TransportConnectJob(
+  return std::unique_ptr<ConnectJob>(new TransportConnectJob(
       group_name, request.priority(), request.respect_limits(),
       request.params(), ConnectionTimeout(), client_socket_factory_,
-      host_resolver_, delegate, net_log_));
+      socket_performance_watcher_factory_, host_resolver_, delegate, net_log_));
 }
 
 base::TimeDelta
@@ -506,6 +527,7 @@ TransportClientSocketPool::TransportClientSocketPool(
     int max_sockets_per_group,
     HostResolver* host_resolver,
     ClientSocketFactory* client_socket_factory,
+    SocketPerformanceWatcherFactory* socket_performance_watcher_factory,
     NetLog* net_log)
     : base_(NULL,
             max_sockets,
@@ -514,6 +536,7 @@ TransportClientSocketPool::TransportClientSocketPool(
             ClientSocketPool::used_idle_socket_timeout(),
             new TransportConnectJobFactory(client_socket_factory,
                                            host_resolver,
+                                           socket_performance_watcher_factory,
                                            net_log)) {
   base_.EnableConnectBackupJobs();
 }
@@ -575,7 +598,7 @@ void TransportClientSocketPool::CancelRequest(
 
 void TransportClientSocketPool::ReleaseSocket(
     const std::string& group_name,
-    scoped_ptr<StreamSocket> socket,
+    std::unique_ptr<StreamSocket> socket,
     int id) {
   base_.ReleaseSocket(group_name, std::move(socket), id);
 }
@@ -602,10 +625,10 @@ LoadState TransportClientSocketPool::GetLoadState(
   return base_.GetLoadState(group_name, handle);
 }
 
-scoped_ptr<base::DictionaryValue> TransportClientSocketPool::GetInfoAsValue(
-    const std::string& name,
-    const std::string& type,
-    bool include_nested_pools) const {
+std::unique_ptr<base::DictionaryValue>
+TransportClientSocketPool::GetInfoAsValue(const std::string& name,
+                                          const std::string& type,
+                                          bool include_nested_pools) const {
   return base_.GetInfoAsValue(name, type);
 }
 
diff --git a/chromium/net/socket/transport_client_socket_pool.h b/chromium/net/socket/transport_client_socket_pool.h
index 085fbb91e86..bd4f33e47cc 100644
--- a/chromium/net/socket/transport_client_socket_pool.h
+++ b/chromium/net/socket/transport_client_socket_pool.h
@@ -5,11 +5,11 @@
 #ifndef NET_SOCKET_TRANSPORT_CLIENT_SOCKET_POOL_H_
 #define NET_SOCKET_TRANSPORT_CLIENT_SOCKET_POOL_H_
 
+#include <memory>
 #include <string>
 
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/time/time.h"
 #include "base/timer/timer.h"
 #include "net/base/host_port_pair.h"
@@ -22,6 +22,7 @@
 namespace net {
 
 class ClientSocketFactory;
+class SocketPerformanceWatcherFactory;
 
 typedef base::Callback<int(const AddressList&, const BoundNetLog& net_log)>
 OnHostResolutionCallback;
@@ -153,15 +154,17 @@ class NET_EXPORT_PRIVATE TransportConnectJobHelper {
 // a headstart) and return the one that completes first to the socket pool.
 class NET_EXPORT_PRIVATE TransportConnectJob : public ConnectJob {
  public:
-  TransportConnectJob(const std::string& group_name,
-                      RequestPriority priority,
-                      ClientSocketPool::RespectLimits respect_limits,
-                      const scoped_refptr<TransportSocketParams>& params,
-                      base::TimeDelta timeout_duration,
-                      ClientSocketFactory* client_socket_factory,
-                      HostResolver* host_resolver,
-                      Delegate* delegate,
-                      NetLog* net_log);
+  TransportConnectJob(
+      const std::string& group_name,
+      RequestPriority priority,
+      ClientSocketPool::RespectLimits respect_limits,
+      const scoped_refptr<TransportSocketParams>& params,
+      base::TimeDelta timeout_duration,
+      ClientSocketFactory* client_socket_factory,
+      SocketPerformanceWatcherFactory* socket_performance_watcher_factory,
+      HostResolver* host_resolver,
+      Delegate* delegate,
+      NetLog* net_log);
   ~TransportConnectJob() override;
 
   // ConnectJob methods.
@@ -199,12 +202,13 @@ class NET_EXPORT_PRIVATE TransportConnectJob : public ConnectJob {
 
   TransportConnectJobHelper helper_;
 
-  scoped_ptr<StreamSocket> transport_socket_;
+  std::unique_ptr<StreamSocket> transport_socket_;
 
-  scoped_ptr<StreamSocket> fallback_transport_socket_;
-  scoped_ptr<AddressList> fallback_addresses_;
+  std::unique_ptr<StreamSocket> fallback_transport_socket_;
+  std::unique_ptr<AddressList> fallback_addresses_;
   base::TimeTicks fallback_connect_start_time_;
   base::OneShotTimer fallback_timer_;
+  SocketPerformanceWatcherFactory* socket_performance_watcher_factory_;
 
   // Track the interval between this connect and previous connect.
   ConnectInterval interval_between_connects_;
@@ -231,6 +235,7 @@ class NET_EXPORT_PRIVATE TransportClientSocketPool : public ClientSocketPool {
       int max_sockets_per_group,
       HostResolver* host_resolver,
       ClientSocketFactory* client_socket_factory,
+      SocketPerformanceWatcherFactory* socket_performance_watcher_factory,
       NetLog* net_log);
 
   ~TransportClientSocketPool() override;
@@ -250,7 +255,7 @@ class NET_EXPORT_PRIVATE TransportClientSocketPool : public ClientSocketPool {
   void CancelRequest(const std::string& group_name,
                      ClientSocketHandle* handle) override;
   void ReleaseSocket(const std::string& group_name,
-                     scoped_ptr<StreamSocket> socket,
+                     std::unique_ptr<StreamSocket> socket,
                      int id) override;
   void FlushWithError(int error) override;
   void CloseIdleSockets() override;
@@ -258,7 +263,7 @@ class NET_EXPORT_PRIVATE TransportClientSocketPool : public ClientSocketPool {
   int IdleSocketCountInGroup(const std::string& group_name) const override;
   LoadState GetLoadState(const std::string& group_name,
                          const ClientSocketHandle* handle) const override;
-  scoped_ptr<base::DictionaryValue> GetInfoAsValue(
+  std::unique_ptr<base::DictionaryValue> GetInfoAsValue(
       const std::string& name,
       const std::string& type,
       bool include_nested_pools) const override;
@@ -281,10 +286,14 @@ class NET_EXPORT_PRIVATE TransportClientSocketPool : public ClientSocketPool {
   class TransportConnectJobFactory
       : public PoolBase::ConnectJobFactory {
    public:
-    TransportConnectJobFactory(ClientSocketFactory* client_socket_factory,
-                         HostResolver* host_resolver,
-                         NetLog* net_log)
+    TransportConnectJobFactory(
+        ClientSocketFactory* client_socket_factory,
+        HostResolver* host_resolver,
+        SocketPerformanceWatcherFactory* socket_performance_watcher_factory,
+        NetLog* net_log)
         : client_socket_factory_(client_socket_factory),
+          socket_performance_watcher_factory_(
+              socket_performance_watcher_factory),
           host_resolver_(host_resolver),
           net_log_(net_log) {}
 
@@ -292,7 +301,7 @@ class NET_EXPORT_PRIVATE TransportClientSocketPool : public ClientSocketPool {
 
     // ClientSocketPoolBase::ConnectJobFactory methods.
 
-    scoped_ptr<ConnectJob> NewConnectJob(
+    std::unique_ptr<ConnectJob> NewConnectJob(
         const std::string& group_name,
         const PoolBase::Request& request,
         ConnectJob::Delegate* delegate) const override;
@@ -301,6 +310,7 @@ class NET_EXPORT_PRIVATE TransportClientSocketPool : public ClientSocketPool {
 
    private:
     ClientSocketFactory* const client_socket_factory_;
+    SocketPerformanceWatcherFactory* socket_performance_watcher_factory_;
     HostResolver* const host_resolver_;
     NetLog* net_log_;
 
diff --git a/chromium/net/socket/transport_client_socket_pool_test_util.cc b/chromium/net/socket/transport_client_socket_pool_test_util.cc
index 190b1c57579..3dbffa61559 100644
--- a/chromium/net/socket/transport_client_socket_pool_test_util.cc
+++ b/chromium/net/socket/transport_client_socket_pool_test_util.cc
@@ -14,7 +14,7 @@
 #include "base/memory/weak_ptr.h"
 #include "base/run_loop.h"
 #include "base/single_thread_task_runner.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/ip_address.h"
 #include "net/base/ip_endpoint.h"
 #include "net/base/load_timing_info.h"
@@ -190,34 +190,34 @@ class MockTriggerableClientSocket : public StreamSocket {
                       weak_factory_.GetWeakPtr());
   }
 
-  static scoped_ptr<StreamSocket> MakeMockPendingClientSocket(
+  static std::unique_ptr<StreamSocket> MakeMockPendingClientSocket(
       const AddressList& addrlist,
       bool should_connect,
       net::NetLog* net_log) {
-    scoped_ptr<MockTriggerableClientSocket> socket(
+    std::unique_ptr<MockTriggerableClientSocket> socket(
         new MockTriggerableClientSocket(addrlist, should_connect, net_log));
     base::ThreadTaskRunnerHandle::Get()->PostTask(FROM_HERE,
                                                   socket->GetConnectCallback());
     return std::move(socket);
   }
 
-  static scoped_ptr<StreamSocket> MakeMockDelayedClientSocket(
+  static std::unique_ptr<StreamSocket> MakeMockDelayedClientSocket(
       const AddressList& addrlist,
       bool should_connect,
       const base::TimeDelta& delay,
       net::NetLog* net_log) {
-    scoped_ptr<MockTriggerableClientSocket> socket(
+    std::unique_ptr<MockTriggerableClientSocket> socket(
         new MockTriggerableClientSocket(addrlist, should_connect, net_log));
     base::ThreadTaskRunnerHandle::Get()->PostDelayedTask(
         FROM_HERE, socket->GetConnectCallback(), delay);
     return std::move(socket);
   }
 
-  static scoped_ptr<StreamSocket> MakeMockStalledClientSocket(
+  static std::unique_ptr<StreamSocket> MakeMockStalledClientSocket(
       const AddressList& addrlist,
       net::NetLog* net_log,
       bool failing) {
-    scoped_ptr<MockTriggerableClientSocket> socket(
+    std::unique_ptr<MockTriggerableClientSocket> socket(
         new MockTriggerableClientSocket(addrlist, true, net_log));
     if (failing) {
       DCHECK_LE(1u, addrlist.size());
@@ -359,19 +359,20 @@ MockTransportClientSocketFactory::MockTransportClientSocketFactory(
 
 MockTransportClientSocketFactory::~MockTransportClientSocketFactory() {}
 
-scoped_ptr<DatagramClientSocket>
+std::unique_ptr<DatagramClientSocket>
 MockTransportClientSocketFactory::CreateDatagramClientSocket(
     DatagramSocket::BindType bind_type,
     const RandIntCallback& rand_int_cb,
     NetLog* net_log,
     const NetLog::Source& source) {
   NOTREACHED();
-  return scoped_ptr<DatagramClientSocket>();
+  return std::unique_ptr<DatagramClientSocket>();
 }
 
-scoped_ptr<StreamSocket>
+std::unique_ptr<StreamSocket>
 MockTransportClientSocketFactory::CreateTransportClientSocket(
     const AddressList& addresses,
+    std::unique_ptr<SocketPerformanceWatcher> /* socket_performance_watcher */,
     NetLog* /* net_log */,
     const NetLog::Source& /* source */) {
   allocation_count_++;
@@ -383,10 +384,10 @@ MockTransportClientSocketFactory::CreateTransportClientSocket(
 
   switch (type) {
     case MOCK_CLIENT_SOCKET:
-      return scoped_ptr<StreamSocket>(
+      return std::unique_ptr<StreamSocket>(
           new MockConnectClientSocket(addresses, net_log_));
     case MOCK_FAILING_CLIENT_SOCKET:
-      return scoped_ptr<StreamSocket>(
+      return std::unique_ptr<StreamSocket>(
           new MockFailingClientSocket(addresses, net_log_));
     case MOCK_PENDING_CLIENT_SOCKET:
       return MockTriggerableClientSocket::MakeMockPendingClientSocket(
@@ -407,7 +408,7 @@ MockTransportClientSocketFactory::CreateTransportClientSocket(
       return MockTriggerableClientSocket::MakeMockStalledClientSocket(
           addresses, net_log_, true);
     case MOCK_TRIGGERABLE_CLIENT_SOCKET: {
-      scoped_ptr<MockTriggerableClientSocket> rv(
+      std::unique_ptr<MockTriggerableClientSocket> rv(
           new MockTriggerableClientSocket(addresses, true, net_log_));
       triggerable_sockets_.push(rv->GetConnectCallback());
       // run_loop_quit_closure_ behaves like a condition variable. It will
@@ -420,19 +421,19 @@ MockTransportClientSocketFactory::CreateTransportClientSocket(
     }
     default:
       NOTREACHED();
-      return scoped_ptr<StreamSocket>(
+      return std::unique_ptr<StreamSocket>(
           new MockConnectClientSocket(addresses, net_log_));
   }
 }
 
-scoped_ptr<SSLClientSocket>
+std::unique_ptr<SSLClientSocket>
 MockTransportClientSocketFactory::CreateSSLClientSocket(
-    scoped_ptr<ClientSocketHandle> transport_socket,
+    std::unique_ptr<ClientSocketHandle> transport_socket,
     const HostPortPair& host_and_port,
     const SSLConfig& ssl_config,
     const SSLClientSocketContext& context) {
   NOTIMPLEMENTED();
-  return scoped_ptr<SSLClientSocket>();
+  return std::unique_ptr<SSLClientSocket>();
 }
 
 void MockTransportClientSocketFactory::ClearSSLSessionCache() {
diff --git a/chromium/net/socket/transport_client_socket_pool_test_util.h b/chromium/net/socket/transport_client_socket_pool_test_util.h
index 6e38af66613..97702a87a40 100644
--- a/chromium/net/socket/transport_client_socket_pool_test_util.h
+++ b/chromium/net/socket/transport_client_socket_pool_test_util.h
@@ -9,17 +9,18 @@
 #ifndef NET_SOCKET_TRANSPORT_CLIENT_SOCKET_POOL_TEST_UTIL_H_
 #define NET_SOCKET_TRANSPORT_CLIENT_SOCKET_POOL_TEST_UTIL_H_
 
+#include <memory>
 #include <queue>
 
 #include "base/callback.h"
 #include "base/compiler_specific.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/time/time.h"
 #include "net/base/address_list.h"
 #include "net/log/net_log.h"
 #include "net/socket/client_socket_factory.h"
 #include "net/socket/client_socket_handle.h"
+#include "net/socket/socket_performance_watcher.h"
 #include "net/socket/stream_socket.h"
 
 namespace net {
@@ -72,19 +73,21 @@ class MockTransportClientSocketFactory : public ClientSocketFactory {
   explicit MockTransportClientSocketFactory(NetLog* net_log);
   ~MockTransportClientSocketFactory() override;
 
-  scoped_ptr<DatagramClientSocket> CreateDatagramClientSocket(
+  std::unique_ptr<DatagramClientSocket> CreateDatagramClientSocket(
       DatagramSocket::BindType bind_type,
       const RandIntCallback& rand_int_cb,
       NetLog* net_log,
       const NetLog::Source& source) override;
 
-  scoped_ptr<StreamSocket> CreateTransportClientSocket(
+  std::unique_ptr<StreamSocket> CreateTransportClientSocket(
       const AddressList& addresses,
+      std::unique_ptr<
+          SocketPerformanceWatcher> /* socket_performance_watcher */,
       NetLog* /* net_log */,
       const NetLog::Source& /* source */) override;
 
-  scoped_ptr<SSLClientSocket> CreateSSLClientSocket(
-      scoped_ptr<ClientSocketHandle> transport_socket,
+  std::unique_ptr<SSLClientSocket> CreateSSLClientSocket(
+      std::unique_ptr<ClientSocketHandle> transport_socket,
       const HostPortPair& host_and_port,
       const SSLConfig& ssl_config,
       const SSLClientSocketContext& context) override;
diff --git a/chromium/net/socket/transport_client_socket_pool_unittest.cc b/chromium/net/socket/transport_client_socket_pool_unittest.cc
index c8702f70fb2..0695c0b505f 100644
--- a/chromium/net/socket/transport_client_socket_pool_unittest.cc
+++ b/chromium/net/socket/transport_client_socket_pool_unittest.cc
@@ -39,20 +39,19 @@ class TransportClientSocketPoolTest : public testing::Test {
   TransportClientSocketPoolTest()
       : connect_backup_jobs_enabled_(
             ClientSocketPoolBaseHelper::set_connect_backup_jobs_enabled(true)),
-        params_(
-            new TransportSocketParams(
-                HostPortPair("www.google.com", 80),
-                false,
-                OnHostResolutionCallback(),
-                TransportSocketParams::COMBINE_CONNECT_AND_WRITE_DEFAULT)),
+        params_(new TransportSocketParams(
+            HostPortPair("www.google.com", 80),
+            false,
+            OnHostResolutionCallback(),
+            TransportSocketParams::COMBINE_CONNECT_AND_WRITE_DEFAULT)),
         host_resolver_(new MockHostResolver),
         client_socket_factory_(&net_log_),
         pool_(kMaxSockets,
               kMaxSocketsPerGroup,
               host_resolver_.get(),
               &client_socket_factory_,
-              NULL) {
-  }
+              NULL,
+              NULL) {}
 
   ~TransportClientSocketPoolTest() override {
     internal::ClientSocketPoolBaseHelper::set_connect_backup_jobs_enabled(
@@ -86,7 +85,7 @@ class TransportClientSocketPoolTest : public testing::Test {
     test_base_.ReleaseAllConnections(keep_alive);
   }
 
-  std::vector<scoped_ptr<TestSocketRequest>>* requests() {
+  std::vector<std::unique_ptr<TestSocketRequest>>* requests() {
     return test_base_.requests();
   }
   size_t completion_count() const { return test_base_.completion_count(); }
@@ -94,7 +93,7 @@ class TransportClientSocketPoolTest : public testing::Test {
   bool connect_backup_jobs_enabled_;
   TestNetLog net_log_;
   scoped_refptr<TransportSocketParams> params_;
-  scoped_ptr<MockHostResolver> host_resolver_;
+  std::unique_ptr<MockHostResolver> host_resolver_;
   MockTransportClientSocketFactory client_socket_factory_;
   TransportClientSocketPool pool_;
   ClientSocketPoolTest test_base_;
@@ -855,11 +854,9 @@ TEST_F(TransportClientSocketPoolTest, BackupSocketFailAfterDelay) {
 TEST_F(TransportClientSocketPoolTest, IPv6FallbackSocketIPv4FinishesFirst) {
   // Create a pool without backup jobs.
   ClientSocketPoolBaseHelper::set_connect_backup_jobs_enabled(false);
-  TransportClientSocketPool pool(kMaxSockets,
-                                 kMaxSocketsPerGroup,
-                                 host_resolver_.get(),
-                                 &client_socket_factory_,
-                                 NULL);
+  TransportClientSocketPool pool(kMaxSockets, kMaxSocketsPerGroup,
+                                 host_resolver_.get(), &client_socket_factory_,
+                                 NULL, NULL);
 
   MockTransportClientSocketFactory::ClientSocketType case_types[] = {
       // This is the IPv6 socket. It stalls, but presents one failed connection
@@ -888,14 +885,14 @@ TEST_F(TransportClientSocketPoolTest, IPv6FallbackSocketIPv4FinishesFirst) {
   EXPECT_TRUE(handle.socket());
   IPEndPoint endpoint;
   handle.socket()->GetLocalAddress(&endpoint);
-  EXPECT_EQ(kIPv4AddressSize, endpoint.address().size());
+  EXPECT_TRUE(endpoint.address().IsIPv4());
 
   // Check that the failed connection attempt on the main socket is collected.
   ConnectionAttempts attempts;
   handle.socket()->GetConnectionAttempts(&attempts);
   ASSERT_EQ(1u, attempts.size());
   EXPECT_EQ(ERR_CONNECTION_FAILED, attempts[0].result);
-  EXPECT_EQ(kIPv6AddressSize, attempts[0].endpoint.address().size());
+  EXPECT_TRUE(attempts[0].endpoint.address().IsIPv6());
 
   EXPECT_EQ(2, client_socket_factory_.allocation_count());
 }
@@ -906,11 +903,9 @@ TEST_F(TransportClientSocketPoolTest, IPv6FallbackSocketIPv4FinishesFirst) {
 TEST_F(TransportClientSocketPoolTest, IPv6FallbackSocketIPv6FinishesFirst) {
   // Create a pool without backup jobs.
   ClientSocketPoolBaseHelper::set_connect_backup_jobs_enabled(false);
-  TransportClientSocketPool pool(kMaxSockets,
-                                 kMaxSocketsPerGroup,
-                                 host_resolver_.get(),
-                                 &client_socket_factory_,
-                                 NULL);
+  TransportClientSocketPool pool(kMaxSockets, kMaxSocketsPerGroup,
+                                 host_resolver_.get(), &client_socket_factory_,
+                                 NULL, NULL);
 
   MockTransportClientSocketFactory::ClientSocketType case_types[] = {
       // This is the IPv6 socket.
@@ -941,7 +936,7 @@ TEST_F(TransportClientSocketPoolTest, IPv6FallbackSocketIPv6FinishesFirst) {
   EXPECT_TRUE(handle.socket());
   IPEndPoint endpoint;
   handle.socket()->GetLocalAddress(&endpoint);
-  EXPECT_EQ(kIPv6AddressSize, endpoint.address().size());
+  EXPECT_TRUE(endpoint.address().IsIPv6());
 
   // Check that the failed connection attempt on the fallback socket is
   // collected.
@@ -949,7 +944,7 @@ TEST_F(TransportClientSocketPoolTest, IPv6FallbackSocketIPv6FinishesFirst) {
   handle.socket()->GetConnectionAttempts(&attempts);
   ASSERT_EQ(1u, attempts.size());
   EXPECT_EQ(ERR_CONNECTION_FAILED, attempts[0].result);
-  EXPECT_EQ(kIPv4AddressSize, attempts[0].endpoint.address().size());
+  EXPECT_TRUE(attempts[0].endpoint.address().IsIPv4());
 
   EXPECT_EQ(2, client_socket_factory_.allocation_count());
 }
@@ -957,11 +952,9 @@ TEST_F(TransportClientSocketPoolTest, IPv6FallbackSocketIPv6FinishesFirst) {
 TEST_F(TransportClientSocketPoolTest, IPv6NoIPv4AddressesToFallbackTo) {
   // Create a pool without backup jobs.
   ClientSocketPoolBaseHelper::set_connect_backup_jobs_enabled(false);
-  TransportClientSocketPool pool(kMaxSockets,
-                                 kMaxSocketsPerGroup,
-                                 host_resolver_.get(),
-                                 &client_socket_factory_,
-                                 NULL);
+  TransportClientSocketPool pool(kMaxSockets, kMaxSocketsPerGroup,
+                                 host_resolver_.get(), &client_socket_factory_,
+                                 NULL, NULL);
 
   client_socket_factory_.set_default_client_socket_type(
       MockTransportClientSocketFactory::MOCK_DELAYED_CLIENT_SOCKET);
@@ -984,7 +977,7 @@ TEST_F(TransportClientSocketPoolTest, IPv6NoIPv4AddressesToFallbackTo) {
   EXPECT_TRUE(handle.socket());
   IPEndPoint endpoint;
   handle.socket()->GetLocalAddress(&endpoint);
-  EXPECT_EQ(kIPv6AddressSize, endpoint.address().size());
+  EXPECT_TRUE(endpoint.address().IsIPv6());
   EXPECT_EQ(0u, handle.connection_attempts().size());
   EXPECT_EQ(1, client_socket_factory_.allocation_count());
 }
@@ -992,11 +985,9 @@ TEST_F(TransportClientSocketPoolTest, IPv6NoIPv4AddressesToFallbackTo) {
 TEST_F(TransportClientSocketPoolTest, IPv4HasNoFallback) {
   // Create a pool without backup jobs.
   ClientSocketPoolBaseHelper::set_connect_backup_jobs_enabled(false);
-  TransportClientSocketPool pool(kMaxSockets,
-                                 kMaxSocketsPerGroup,
-                                 host_resolver_.get(),
-                                 &client_socket_factory_,
-                                 NULL);
+  TransportClientSocketPool pool(kMaxSockets, kMaxSocketsPerGroup,
+                                 host_resolver_.get(), &client_socket_factory_,
+                                 NULL, NULL);
 
   client_socket_factory_.set_default_client_socket_type(
       MockTransportClientSocketFactory::MOCK_DELAYED_CLIENT_SOCKET);
@@ -1018,7 +1009,7 @@ TEST_F(TransportClientSocketPoolTest, IPv4HasNoFallback) {
   EXPECT_TRUE(handle.socket());
   IPEndPoint endpoint;
   handle.socket()->GetLocalAddress(&endpoint);
-  EXPECT_EQ(kIPv4AddressSize, endpoint.address().size());
+  EXPECT_TRUE(endpoint.address().IsIPv4());
   EXPECT_EQ(0u, handle.connection_attempts().size());
   EXPECT_EQ(1, client_socket_factory_.allocation_count());
 }
@@ -1031,11 +1022,8 @@ TEST_F(TransportClientSocketPoolTest, TCPFastOpenOnIPv4WithNoFallback) {
   factory.AddSocketDataProvider(&socket_data);
   // Create a pool without backup jobs.
   ClientSocketPoolBaseHelper::set_connect_backup_jobs_enabled(false);
-  TransportClientSocketPool pool(kMaxSockets,
-                                 kMaxSocketsPerGroup,
-                                 host_resolver_.get(),
-                                 &factory,
-                                 NULL);
+  TransportClientSocketPool pool(kMaxSockets, kMaxSocketsPerGroup,
+                                 host_resolver_.get(), &factory, NULL, NULL);
   // Resolve an AddressList with only IPv4 addresses.
   host_resolver_->rules()->AddIPLiteralRule("*", "1.1.1.1", std::string());
 
@@ -1057,11 +1045,8 @@ TEST_F(TransportClientSocketPoolTest, TCPFastOpenOnIPv6WithNoFallback) {
   factory.AddSocketDataProvider(&socket_data);
   // Create a pool without backup jobs.
   ClientSocketPoolBaseHelper::set_connect_backup_jobs_enabled(false);
-  TransportClientSocketPool pool(kMaxSockets,
-                                 kMaxSocketsPerGroup,
-                                 host_resolver_.get(),
-                                 &factory,
-                                 NULL);
+  TransportClientSocketPool pool(kMaxSockets, kMaxSocketsPerGroup,
+                                 host_resolver_.get(), &factory, NULL, NULL);
   client_socket_factory_.set_default_client_socket_type(
       MockTransportClientSocketFactory::MOCK_DELAYED_CLIENT_SOCKET);
   // Resolve an AddressList with only IPv6 addresses.
@@ -1091,11 +1076,8 @@ TEST_F(TransportClientSocketPoolTest,
   factory.AddSocketDataProvider(&socket_data_2);
   // Create a pool without backup jobs.
   ClientSocketPoolBaseHelper::set_connect_backup_jobs_enabled(false);
-  TransportClientSocketPool pool(kMaxSockets,
-                                 kMaxSocketsPerGroup,
-                                 host_resolver_.get(),
-                                 &factory,
-                                 NULL);
+  TransportClientSocketPool pool(kMaxSockets, kMaxSocketsPerGroup,
+                                 host_resolver_.get(), &factory, NULL, NULL);
 
   // Resolve an AddressList with a IPv6 address first and then a IPv4 address.
   host_resolver_->rules()
@@ -1111,7 +1093,7 @@ TEST_F(TransportClientSocketPoolTest,
   // Verify that the socket used is connected to the fallback IPv4 address.
   IPEndPoint endpoint;
   handle.socket()->GetPeerAddress(&endpoint);
-  EXPECT_EQ(kIPv4AddressSize, endpoint.address().size());
+  EXPECT_TRUE(endpoint.address().IsIPv4());
   // Verify that TCP FastOpen was not turned on for the socket.
   EXPECT_FALSE(socket_data_1.IsUsingTCPFastOpen());
 }
@@ -1126,11 +1108,8 @@ TEST_F(TransportClientSocketPoolTest,
   factory.AddSocketDataProvider(&socket_data);
   // Create a pool without backup jobs.
   ClientSocketPoolBaseHelper::set_connect_backup_jobs_enabled(false);
-  TransportClientSocketPool pool(kMaxSockets,
-                                 kMaxSocketsPerGroup,
-                                 host_resolver_.get(),
-                                 &factory,
-                                 NULL);
+  TransportClientSocketPool pool(kMaxSockets, kMaxSocketsPerGroup,
+                                 host_resolver_.get(), &factory, NULL, NULL);
 
   // Resolve an AddressList with a IPv6 address first and then a IPv4 address.
   host_resolver_->rules()
@@ -1146,7 +1125,7 @@ TEST_F(TransportClientSocketPoolTest,
   IPEndPoint endpoint;
   handle.socket()->GetPeerAddress(&endpoint);
   // Verify that the socket used is connected to the IPv6 address.
-  EXPECT_EQ(kIPv6AddressSize, endpoint.address().size());
+  EXPECT_TRUE(endpoint.address().IsIPv6());
   // Verify that TCP FastOpen was not turned on for the socket.
   EXPECT_FALSE(socket_data.IsUsingTCPFastOpen());
 }
diff --git a/chromium/net/socket/transport_client_socket_unittest.cc b/chromium/net/socket/transport_client_socket_unittest.cc
index f9b095ca925..eb45e6d89bf 100644
--- a/chromium/net/socket/transport_client_socket_unittest.cc
+++ b/chromium/net/socket/transport_client_socket_unittest.cc
@@ -2,11 +2,11 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include <memory>
 #include <string>
 
 #include "base/bind.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/run_loop.h"
 #include "net/base/address_list.h"
 #include "net/base/io_buffer.h"
@@ -85,11 +85,11 @@ class TransportClientSocketTest
   uint16_t listen_port_;
   TestNetLog net_log_;
   ClientSocketFactory* const socket_factory_;
-  scoped_ptr<StreamSocket> sock_;
-  scoped_ptr<StreamSocket> connected_sock_;
+  std::unique_ptr<StreamSocket> sock_;
+  std::unique_ptr<StreamSocket> connected_sock_;
 
  private:
-  scoped_ptr<TCPServerSocket> listen_sock_;
+  std::unique_ptr<TCPServerSocket> listen_sock_;
   bool close_server_socket_on_next_send_;
 };
 
@@ -109,7 +109,7 @@ void TransportClientSocketTest::SetUp() {
 
   AddressList addr;
   // MockHostResolver resolves everything to 127.0.0.1.
-  scoped_ptr<HostResolver> resolver(new MockHostResolver());
+  std::unique_ptr<HostResolver> resolver(new MockHostResolver());
   HostResolver::RequestInfo info(HostPortPair("localhost", listen_port_));
   TestCompletionCallback callback;
   int rv = resolver->Resolve(info, DEFAULT_PRIORITY, &addr, callback.callback(),
@@ -117,7 +117,7 @@ void TransportClientSocketTest::SetUp() {
   CHECK_EQ(ERR_IO_PENDING, rv);
   rv = callback.WaitForResult();
   CHECK_EQ(rv, OK);
-  sock_ = socket_factory_->CreateTransportClientSocket(addr, &net_log_,
+  sock_ = socket_factory_->CreateTransportClientSocket(addr, NULL, &net_log_,
                                                        NetLog::Source());
 }
 
@@ -418,7 +418,8 @@ TEST_P(TransportClientSocketTest, FullDuplex_ReadFirst) {
   EXPECT_GE(rv, 0);
 }
 
-TEST_P(TransportClientSocketTest, FullDuplex_WriteFirst) {
+// FLaky on Win 10 Tests x64 builder: http://crbug/552053
+TEST_P(TransportClientSocketTest, DISABLED_FullDuplex_WriteFirst) {
   TestCompletionCallback callback;
   EstablishConnection(&callback);
 
diff --git a/chromium/net/socket/unix_domain_client_socket_posix.cc b/chromium/net/socket/unix_domain_client_socket_posix.cc
index 792cfac9bd2..bf86475768c 100644
--- a/chromium/net/socket/unix_domain_client_socket_posix.cc
+++ b/chromium/net/socket/unix_domain_client_socket_posix.cc
@@ -21,7 +21,8 @@ UnixDomainClientSocket::UnixDomainClientSocket(const std::string& socket_path,
       use_abstract_namespace_(use_abstract_namespace) {
 }
 
-UnixDomainClientSocket::UnixDomainClientSocket(scoped_ptr<SocketPosix> socket)
+UnixDomainClientSocket::UnixDomainClientSocket(
+    std::unique_ptr<SocketPosix> socket)
     : use_abstract_namespace_(false), socket_(std::move(socket)) {}
 
 UnixDomainClientSocket::~UnixDomainClientSocket() {
diff --git a/chromium/net/socket/unix_domain_client_socket_posix.h b/chromium/net/socket/unix_domain_client_socket_posix.h
index 596aa096c53..e7b033a71c3 100644
--- a/chromium/net/socket/unix_domain_client_socket_posix.h
+++ b/chromium/net/socket/unix_domain_client_socket_posix.h
@@ -7,10 +7,10 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/completion_callback.h"
 #include "net/base/net_export.h"
 #include "net/log/net_log.h"
@@ -31,7 +31,7 @@ class NET_EXPORT UnixDomainClientSocket : public StreamSocket {
                          bool use_abstract_namespace);
   // Builds a client socket with SocketPosix which is already connected.
   // UnixDomainServerSocket uses this after it accepts a connection.
-  explicit UnixDomainClientSocket(scoped_ptr<SocketPosix> socket);
+  explicit UnixDomainClientSocket(std::unique_ptr<SocketPosix> socket);
 
   ~UnixDomainClientSocket() override;
 
@@ -78,7 +78,7 @@ class NET_EXPORT UnixDomainClientSocket : public StreamSocket {
  private:
   const std::string socket_path_;
   const bool use_abstract_namespace_;
-  scoped_ptr<SocketPosix> socket_;
+  std::unique_ptr<SocketPosix> socket_;
   // This net log is just to comply StreamSocket::NetLog(). It throws away
   // everything.
   BoundNetLog net_log_;
diff --git a/chromium/net/socket/unix_domain_client_socket_posix_unittest.cc b/chromium/net/socket/unix_domain_client_socket_posix_unittest.cc
index b20678b420a..4cccfc283bb 100644
--- a/chromium/net/socket/unix_domain_client_socket_posix_unittest.cc
+++ b/chromium/net/socket/unix_domain_client_socket_posix_unittest.cc
@@ -5,12 +5,13 @@
 #include "net/socket/unix_domain_client_socket_posix.h"
 
 #include <unistd.h>
+
+#include <memory>
 #include <utility>
 
 #include "base/bind.h"
 #include "base/files/file_path.h"
 #include "base/files/scoped_temp_dir.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/posix/eintr_wrapper.h"
 #include "net/base/io_buffer.h"
 #include "net/base/net_errors.h"
@@ -133,7 +134,7 @@ TEST_F(UnixDomainClientSocketTest, Connect) {
                                        kUseAbstractNamespace);
   EXPECT_EQ(OK, server_socket.BindAndListen(socket_path_, /*backlog=*/1));
 
-  scoped_ptr<StreamSocket> accepted_socket;
+  std::unique_ptr<StreamSocket> accepted_socket;
   TestCompletionCallback accept_callback;
   EXPECT_EQ(ERR_IO_PENDING,
             server_socket.Accept(&accepted_socket, accept_callback.callback()));
@@ -184,7 +185,7 @@ TEST_F(UnixDomainClientSocketTest, ConnectWithSocketDescriptor) {
   // to be sure it hasn't gotten accidentally closed.
   SockaddrStorage addr;
   ASSERT_TRUE(UnixDomainClientSocket::FillAddress(socket_path_, false, &addr));
-  scoped_ptr<SocketPosix> adopter(new SocketPosix);
+  std::unique_ptr<SocketPosix> adopter(new SocketPosix);
   adopter->AdoptConnectedSocket(client_socket_fd, addr);
   UnixDomainClientSocket rewrapped_socket(std::move(adopter));
   EXPECT_TRUE(rewrapped_socket.IsConnected());
@@ -211,7 +212,7 @@ TEST_F(UnixDomainClientSocketTest, ConnectWithAbstractNamespace) {
                                        kUseAbstractNamespace);
   EXPECT_EQ(OK, server_socket.BindAndListen(socket_path_, /*backlog=*/1));
 
-  scoped_ptr<StreamSocket> accepted_socket;
+  std::unique_ptr<StreamSocket> accepted_socket;
   TestCompletionCallback accept_callback;
   EXPECT_EQ(ERR_IO_PENDING,
             server_socket.Accept(&accepted_socket, accept_callback.callback()));
@@ -256,7 +257,7 @@ TEST_F(UnixDomainClientSocketTest,
 TEST_F(UnixDomainClientSocketTest, DisconnectFromClient) {
   UnixDomainServerSocket server_socket(CreateAuthCallback(true), false);
   EXPECT_EQ(OK, server_socket.BindAndListen(socket_path_, /*backlog=*/1));
-  scoped_ptr<StreamSocket> accepted_socket;
+  std::unique_ptr<StreamSocket> accepted_socket;
   TestCompletionCallback accept_callback;
   EXPECT_EQ(ERR_IO_PENDING,
             server_socket.Accept(&accepted_socket, accept_callback.callback()));
@@ -289,7 +290,7 @@ TEST_F(UnixDomainClientSocketTest, DisconnectFromClient) {
 TEST_F(UnixDomainClientSocketTest, DisconnectFromServer) {
   UnixDomainServerSocket server_socket(CreateAuthCallback(true), false);
   EXPECT_EQ(OK, server_socket.BindAndListen(socket_path_, /*backlog=*/1));
-  scoped_ptr<StreamSocket> accepted_socket;
+  std::unique_ptr<StreamSocket> accepted_socket;
   TestCompletionCallback accept_callback;
   EXPECT_EQ(ERR_IO_PENDING,
             server_socket.Accept(&accepted_socket, accept_callback.callback()));
@@ -322,7 +323,7 @@ TEST_F(UnixDomainClientSocketTest, DisconnectFromServer) {
 TEST_F(UnixDomainClientSocketTest, ReadAfterWrite) {
   UnixDomainServerSocket server_socket(CreateAuthCallback(true), false);
   EXPECT_EQ(OK, server_socket.BindAndListen(socket_path_, /*backlog=*/1));
-  scoped_ptr<StreamSocket> accepted_socket;
+  std::unique_ptr<StreamSocket> accepted_socket;
   TestCompletionCallback accept_callback;
   EXPECT_EQ(ERR_IO_PENDING,
             server_socket.Accept(&accepted_socket, accept_callback.callback()));
@@ -391,7 +392,7 @@ TEST_F(UnixDomainClientSocketTest, ReadAfterWrite) {
 TEST_F(UnixDomainClientSocketTest, ReadBeforeWrite) {
   UnixDomainServerSocket server_socket(CreateAuthCallback(true), false);
   EXPECT_EQ(OK, server_socket.BindAndListen(socket_path_, /*backlog=*/1));
-  scoped_ptr<StreamSocket> accepted_socket;
+  std::unique_ptr<StreamSocket> accepted_socket;
   TestCompletionCallback accept_callback;
   EXPECT_EQ(ERR_IO_PENDING,
             server_socket.Accept(&accepted_socket, accept_callback.callback()));
diff --git a/chromium/net/socket/unix_domain_server_socket_posix.cc b/chromium/net/socket/unix_domain_server_socket_posix.cc
index b6ba35c6362..ecd9adf3d36 100644
--- a/chromium/net/socket/unix_domain_server_socket_posix.cc
+++ b/chromium/net/socket/unix_domain_server_socket_posix.cc
@@ -21,13 +21,13 @@ namespace net {
 namespace {
 
 // Intended for use as SetterCallbacks in Accept() helper methods.
-void SetStreamSocket(scoped_ptr<StreamSocket>* socket,
-                     scoped_ptr<SocketPosix> accepted_socket) {
+void SetStreamSocket(std::unique_ptr<StreamSocket>* socket,
+                     std::unique_ptr<SocketPosix> accepted_socket) {
   socket->reset(new UnixDomainClientSocket(std::move(accepted_socket)));
 }
 
 void SetSocketDescriptor(SocketDescriptor* socket,
-                         scoped_ptr<SocketPosix> accepted_socket) {
+                         std::unique_ptr<SocketPosix> accepted_socket) {
   *socket = accepted_socket->ReleaseConnectedSocket();
 }
 
@@ -86,7 +86,7 @@ int UnixDomainServerSocket::BindAndListen(const std::string& socket_path,
     return ERR_ADDRESS_INVALID;
   }
 
-  scoped_ptr<SocketPosix> socket(new SocketPosix);
+  std::unique_ptr<SocketPosix> socket(new SocketPosix);
   int rv = socket->Open(AF_UNIX);
   DCHECK_NE(ERR_IO_PENDING, rv);
   if (rv != OK)
@@ -118,7 +118,7 @@ int UnixDomainServerSocket::GetLocalAddress(IPEndPoint* address) const {
   return ERR_ADDRESS_INVALID;
 }
 
-int UnixDomainServerSocket::Accept(scoped_ptr<StreamSocket>* socket,
+int UnixDomainServerSocket::Accept(std::unique_ptr<StreamSocket>* socket,
                                    const CompletionCallback& callback) {
   DCHECK(socket);
 
diff --git a/chromium/net/socket/unix_domain_server_socket_posix.h b/chromium/net/socket/unix_domain_server_socket_posix.h
index 7395f058ce5..0d52835120b 100644
--- a/chromium/net/socket/unix_domain_server_socket_posix.h
+++ b/chromium/net/socket/unix_domain_server_socket_posix.h
@@ -8,11 +8,11 @@
 #include <stdint.h>
 #include <sys/types.h>
 
+#include <memory>
 #include <string>
 
 #include "base/callback.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 #include "net/socket/server_socket.h"
 #include "net/socket/socket_descriptor.h"
@@ -56,7 +56,7 @@ class NET_EXPORT UnixDomainServerSocket : public ServerSocket {
                                uint16_t port,
                                int backlog) override;
   int GetLocalAddress(IPEndPoint* address) const override;
-  int Accept(scoped_ptr<StreamSocket>* socket,
+  int Accept(std::unique_ptr<StreamSocket>* socket,
              const CompletionCallback& callback) override;
 
   // Creates a server socket, binds it to the specified |socket_path| and
@@ -72,7 +72,7 @@ class NET_EXPORT UnixDomainServerSocket : public ServerSocket {
   // A callback to wrap the setting of the out-parameter to Accept().
   // This allows the internal machinery of that call to be implemented in
   // a manner that's agnostic to the caller's desired output.
-  typedef base::Callback<void(scoped_ptr<SocketPosix>)> SetterCallback;
+  typedef base::Callback<void(std::unique_ptr<SocketPosix>)> SetterCallback;
 
   int DoAccept(const SetterCallback& setter_callback,
                const CompletionCallback& callback);
@@ -81,11 +81,11 @@ class NET_EXPORT UnixDomainServerSocket : public ServerSocket {
                        int rv);
   bool AuthenticateAndGetStreamSocket(const SetterCallback& setter_callback);
 
-  scoped_ptr<SocketPosix> listen_socket_;
+  std::unique_ptr<SocketPosix> listen_socket_;
   const AuthCallback auth_callback_;
   const bool use_abstract_namespace_;
 
-  scoped_ptr<SocketPosix> accept_socket_;
+  std::unique_ptr<SocketPosix> accept_socket_;
 
   DISALLOW_COPY_AND_ASSIGN(UnixDomainServerSocket);
 };
diff --git a/chromium/net/socket/unix_domain_server_socket_posix_unittest.cc b/chromium/net/socket/unix_domain_server_socket_posix_unittest.cc
index be472c0775c..f44e544e761 100644
--- a/chromium/net/socket/unix_domain_server_socket_posix_unittest.cc
+++ b/chromium/net/socket/unix_domain_server_socket_posix_unittest.cc
@@ -4,12 +4,12 @@
 
 #include "net/socket/unix_domain_server_socket_posix.h"
 
+#include <memory>
 #include <vector>
 
 #include "base/bind.h"
 #include "base/files/file_path.h"
 #include "base/files/scoped_temp_dir.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/run_loop.h"
 #include "base/stl_util.h"
 #include "net/base/io_buffer.h"
@@ -86,7 +86,7 @@ TEST_F(UnixDomainServerSocketTest, AcceptWithForbiddenUser) {
                                        kUseAbstractNamespace);
   EXPECT_EQ(OK, server_socket.BindAndListen(socket_path_, /*backlog=*/1));
 
-  scoped_ptr<StreamSocket> accepted_socket;
+  std::unique_ptr<StreamSocket> accepted_socket;
   TestCompletionCallback accept_callback;
   EXPECT_EQ(ERR_IO_PENDING,
             server_socket.Accept(&accepted_socket, accept_callback.callback()));
diff --git a/chromium/net/socket/websocket_endpoint_lock_manager.cc b/chromium/net/socket/websocket_endpoint_lock_manager.cc
index 42dab824d5b..52cf5342a24 100644
--- a/chromium/net/socket/websocket_endpoint_lock_manager.cc
+++ b/chromium/net/socket/websocket_endpoint_lock_manager.cc
@@ -10,7 +10,7 @@
 #include "base/location.h"
 #include "base/logging.h"
 #include "base/single_thread_task_runner.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/net_errors.h"
 #include "net/log/net_log.h"
 
diff --git a/chromium/net/socket/websocket_endpoint_lock_manager.h b/chromium/net/socket/websocket_endpoint_lock_manager.h
index dfbc30897ab..a0388b619c2 100644
--- a/chromium/net/socket/websocket_endpoint_lock_manager.h
+++ b/chromium/net/socket/websocket_endpoint_lock_manager.h
@@ -104,7 +104,7 @@ class NET_EXPORT_PRIVATE WebSocketEndpointLockManager {
     // Must be NULL to copy this object into the map. Must be set to non-NULL
     // after the object is inserted into the map then point to the same list
     // until this object is deleted.
-    scoped_ptr<WaiterQueue> queue;
+    std::unique_ptr<WaiterQueue> queue;
 
     // This pointer is only used to identify the last instance of StreamSocket
     // that was passed to RememberSocket() for this endpoint. It should only be
diff --git a/chromium/net/socket/websocket_transport_client_socket_pool.cc b/chromium/net/socket/websocket_transport_client_socket_pool.cc
index e4f0883acce..5c2ade2887c 100644
--- a/chromium/net/socket/websocket_transport_client_socket_pool.cc
+++ b/chromium/net/socket/websocket_transport_client_socket_pool.cc
@@ -13,7 +13,7 @@
 #include "base/numerics/safe_conversions.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/string_util.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/time/time.h"
 #include "base/values.h"
 #include "net/base/net_errors.h"
@@ -241,6 +241,7 @@ WebSocketTransportClientSocketPool::WebSocketTransportClientSocketPool(
                                 max_sockets_per_group,
                                 host_resolver,
                                 client_socket_factory,
+                                NULL,
                                 net_log),
       connect_job_delegate_(this),
       pool_net_log_(net_log),
@@ -309,7 +310,7 @@ int WebSocketTransportClientSocketPool::RequestSocket(
     return ERR_IO_PENDING;
   }
 
-  scoped_ptr<WebSocketTransportConnectJob> connect_job(
+  std::unique_ptr<WebSocketTransportConnectJob> connect_job(
       new WebSocketTransportConnectJob(
           group_name, priority, respect_limits, casted_params,
           ConnectionTimeout(), callback, client_socket_factory_, host_resolver_,
@@ -332,7 +333,7 @@ int WebSocketTransportClientSocketPool::RequestSocket(
     // TODO(ricea): Implement backup job timer?
     AddJob(handle, std::move(connect_job));
   } else {
-    scoped_ptr<StreamSocket> error_socket;
+    std::unique_ptr<StreamSocket> error_socket;
     connect_job->GetAdditionalErrorState(handle);
     error_socket = connect_job->PassSocket();
     if (error_socket) {
@@ -362,7 +363,7 @@ void WebSocketTransportClientSocketPool::CancelRequest(
   DCHECK(!handle->is_initialized());
   if (DeleteStalledRequest(handle))
     return;
-  scoped_ptr<StreamSocket> socket = handle->PassSocket();
+  std::unique_ptr<StreamSocket> socket = handle->PassSocket();
   if (socket)
     ReleaseSocket(handle->group_name(), std::move(socket), handle->id());
   if (!DeleteJob(handle))
@@ -373,7 +374,7 @@ void WebSocketTransportClientSocketPool::CancelRequest(
 
 void WebSocketTransportClientSocketPool::ReleaseSocket(
     const std::string& group_name,
-    scoped_ptr<StreamSocket> socket,
+    std::unique_ptr<StreamSocket> socket,
     int id) {
   WebSocketEndpointLockManager::GetInstance()->UnlockSocket(socket.get());
   CHECK_GT(handed_out_socket_count_, 0);
@@ -431,12 +432,12 @@ LoadState WebSocketTransportClientSocketPool::GetLoadState(
   return LookupConnectJob(handle)->GetLoadState();
 }
 
-scoped_ptr<base::DictionaryValue>
-    WebSocketTransportClientSocketPool::GetInfoAsValue(
-        const std::string& name,
-        const std::string& type,
-        bool include_nested_pools) const {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+std::unique_ptr<base::DictionaryValue>
+WebSocketTransportClientSocketPool::GetInfoAsValue(
+    const std::string& name,
+    const std::string& type,
+    bool include_nested_pools) const {
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetString("name", name);
   dict->SetString("type", type);
   dict->SetInteger("handed_out_socket_count", handed_out_socket_count_);
@@ -461,7 +462,7 @@ void WebSocketTransportClientSocketPool::OnConnectJobComplete(
     WebSocketTransportConnectJob* job) {
   DCHECK_NE(ERR_IO_PENDING, result);
 
-  scoped_ptr<StreamSocket> socket = job->PassSocket();
+  std::unique_ptr<StreamSocket> socket = job->PassSocket();
 
   // See comment in FlushWithError.
   if (flushing_) {
@@ -526,7 +527,7 @@ bool WebSocketTransportClientSocketPool::ReachedMaxSocketsLimit() const {
 }
 
 void WebSocketTransportClientSocketPool::HandOutSocket(
-    scoped_ptr<StreamSocket> socket,
+    std::unique_ptr<StreamSocket> socket,
     const LoadTimingInfo::ConnectTiming& connect_timing,
     ClientSocketHandle* handle,
     const BoundNetLog& net_log) {
@@ -546,7 +547,7 @@ void WebSocketTransportClientSocketPool::HandOutSocket(
 
 void WebSocketTransportClientSocketPool::AddJob(
     ClientSocketHandle* handle,
-    scoped_ptr<WebSocketTransportConnectJob> connect_job) {
+    std::unique_ptr<WebSocketTransportConnectJob> connect_job) {
   bool inserted =
       pending_connects_.insert(PendingConnectsMap::value_type(
                                    handle, connect_job.release())).second;
diff --git a/chromium/net/socket/websocket_transport_client_socket_pool.h b/chromium/net/socket/websocket_transport_client_socket_pool.h
index 23b777457fa..0fda8857b78 100644
--- a/chromium/net/socket/websocket_transport_client_socket_pool.h
+++ b/chromium/net/socket/websocket_transport_client_socket_pool.h
@@ -7,12 +7,12 @@
 
 #include <list>
 #include <map>
+#include <memory>
 #include <set>
 #include <string>
 
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "base/time/time.h"
 #include "base/timer/timer.h"
@@ -98,8 +98,8 @@ class NET_EXPORT_PRIVATE WebSocketTransportConnectJob : public ConnectJob {
   // in parallel. If the list of IPv6 addresses is non-empty, then the IPv6 jobs
   // go first, followed after |kIPv6FallbackTimerInMs| by the IPv4
   // addresses. First sub-job to establish a connection wins.
-  scoped_ptr<WebSocketTransportConnectSubJob> ipv4_job_;
-  scoped_ptr<WebSocketTransportConnectSubJob> ipv6_job_;
+  std::unique_ptr<WebSocketTransportConnectSubJob> ipv4_job_;
+  std::unique_ptr<WebSocketTransportConnectSubJob> ipv6_job_;
 
   base::OneShotTimer fallback_timer_;
   TransportConnectJobHelper::ConnectionLatencyHistogram race_result_;
@@ -146,7 +146,7 @@ class NET_EXPORT_PRIVATE WebSocketTransportClientSocketPool
   void CancelRequest(const std::string& group_name,
                      ClientSocketHandle* handle) override;
   void ReleaseSocket(const std::string& group_name,
-                     scoped_ptr<StreamSocket> socket,
+                     std::unique_ptr<StreamSocket> socket,
                      int id) override;
   void FlushWithError(int error) override;
   void CloseIdleSockets() override;
@@ -154,7 +154,7 @@ class NET_EXPORT_PRIVATE WebSocketTransportClientSocketPool
   int IdleSocketCountInGroup(const std::string& group_name) const override;
   LoadState GetLoadState(const std::string& group_name,
                          const ClientSocketHandle* handle) const override;
-  scoped_ptr<base::DictionaryValue> GetInfoAsValue(
+  std::unique_ptr<base::DictionaryValue> GetInfoAsValue(
       const std::string& name,
       const std::string& type,
       bool include_nested_pools) const override;
@@ -211,12 +211,12 @@ class NET_EXPORT_PRIVATE WebSocketTransportClientSocketPool
                           const CompletionCallback& callback,
                           int rv);
   bool ReachedMaxSocketsLimit() const;
-  void HandOutSocket(scoped_ptr<StreamSocket> socket,
+  void HandOutSocket(std::unique_ptr<StreamSocket> socket,
                      const LoadTimingInfo::ConnectTiming& connect_timing,
                      ClientSocketHandle* handle,
                      const BoundNetLog& net_log);
   void AddJob(ClientSocketHandle* handle,
-              scoped_ptr<WebSocketTransportConnectJob> connect_job);
+              std::unique_ptr<WebSocketTransportConnectJob> connect_job);
   bool DeleteJob(ClientSocketHandle* handle);
   const WebSocketTransportConnectJob* LookupConnectJob(
       const ClientSocketHandle* handle) const;
diff --git a/chromium/net/socket/websocket_transport_client_socket_pool_unittest.cc b/chromium/net/socket/websocket_transport_client_socket_pool_unittest.cc
index bbc9de80018..2271a2bd3ac 100644
--- a/chromium/net/socket/websocket_transport_client_socket_pool_unittest.cc
+++ b/chromium/net/socket/websocket_transport_client_socket_pool_unittest.cc
@@ -15,7 +15,7 @@
 #include "base/run_loop.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/stringprintf.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/time/time.h"
 #include "net/base/ip_endpoint.h"
 #include "net/base/load_timing_info.h"
@@ -100,14 +100,14 @@ class WebSocketTransportClientSocketPoolTest : public ::testing::Test {
 
   TestSocketRequest* request(int i) { return test_base_.request(i); }
 
-  std::vector<scoped_ptr<TestSocketRequest>>* requests() {
+  std::vector<std::unique_ptr<TestSocketRequest>>* requests() {
     return test_base_.requests();
   }
   size_t completion_count() const { return test_base_.completion_count(); }
 
   TestNetLog net_log_;
   scoped_refptr<TransportSocketParams> params_;
-  scoped_ptr<MockHostResolver> host_resolver_;
+  std::unique_ptr<MockHostResolver> host_resolver_;
   MockTransportClientSocketFactory client_socket_factory_;
   WebSocketTransportClientSocketPool pool_;
   ClientSocketPoolTest test_base_;
@@ -463,7 +463,7 @@ TEST_F(WebSocketTransportClientSocketPoolTest, LockReleasedOnHandleReset) {
 // The lock on the endpoint is released when a ClientSocketHandle is deleted.
 TEST_F(WebSocketTransportClientSocketPoolTest, LockReleasedOnHandleDelete) {
   TestCompletionCallback callback;
-  scoped_ptr<ClientSocketHandle> handle(new ClientSocketHandle);
+  std::unique_ptr<ClientSocketHandle> handle(new ClientSocketHandle);
   int rv =
       handle->Init("a", params_, LOW, ClientSocketPool::RespectLimits::ENABLED,
                    callback.callback(), &pool_, BoundNetLog());
@@ -544,7 +544,7 @@ TEST_F(WebSocketTransportClientSocketPoolTest,
   EXPECT_TRUE(handle.socket());
   IPEndPoint endpoint;
   handle.socket()->GetLocalAddress(&endpoint);
-  EXPECT_EQ(kIPv4AddressSize, endpoint.address().size());
+  EXPECT_TRUE(endpoint.address().IsIPv4());
   EXPECT_EQ(2, client_socket_factory_.allocation_count());
 }
 
@@ -587,7 +587,7 @@ TEST_F(WebSocketTransportClientSocketPoolTest,
   EXPECT_TRUE(handle.socket());
   IPEndPoint endpoint;
   handle.socket()->GetLocalAddress(&endpoint);
-  EXPECT_EQ(kIPv6AddressSize, endpoint.address().size());
+  EXPECT_TRUE(endpoint.address().IsIPv6());
   EXPECT_EQ(2, client_socket_factory_.allocation_count());
 }
 
@@ -620,7 +620,7 @@ TEST_F(WebSocketTransportClientSocketPoolTest,
   EXPECT_TRUE(handle.socket());
   IPEndPoint endpoint;
   handle.socket()->GetLocalAddress(&endpoint);
-  EXPECT_EQ(kIPv6AddressSize, endpoint.address().size());
+  EXPECT_TRUE(endpoint.address().IsIPv6());
   EXPECT_EQ(1, client_socket_factory_.allocation_count());
 }
 
@@ -651,7 +651,7 @@ TEST_F(WebSocketTransportClientSocketPoolTest, IPv4HasNoFallback) {
   EXPECT_TRUE(handle.socket());
   IPEndPoint endpoint;
   handle.socket()->GetLocalAddress(&endpoint);
-  EXPECT_EQ(kIPv4AddressSize, endpoint.address().size());
+  EXPECT_TRUE(endpoint.address().IsIPv4());
   EXPECT_EQ(1, client_socket_factory_.allocation_count());
 }
 
diff --git a/chromium/net/socket/websocket_transport_connect_sub_job.cc b/chromium/net/socket/websocket_transport_connect_sub_job.cc
index 25c0744cfac..636e3daa070 100644
--- a/chromium/net/socket/websocket_transport_connect_sub_job.cc
+++ b/chromium/net/socket/websocket_transport_connect_sub_job.cc
@@ -137,7 +137,7 @@ int WebSocketTransportConnectSubJob::DoTransportConnect() {
   next_state_ = STATE_TRANSPORT_CONNECT_COMPLETE;
   AddressList one_address(CurrentAddress());
   transport_socket_ = client_socket_factory()->CreateTransportClientSocket(
-      one_address, net_log().net_log(), net_log().source());
+      one_address, nullptr, net_log().net_log(), net_log().source());
   // This use of base::Unretained() is safe because transport_socket_ is
   // destroyed in the destructor.
   return transport_socket_->Connect(base::Bind(
diff --git a/chromium/net/socket/websocket_transport_connect_sub_job.h b/chromium/net/socket/websocket_transport_connect_sub_job.h
index 36a4e943eb0..f7ff53393c2 100644
--- a/chromium/net/socket/websocket_transport_connect_sub_job.h
+++ b/chromium/net/socket/websocket_transport_connect_sub_job.h
@@ -6,11 +6,12 @@
 #define NET_SOCKET_WEBSOCKET_TRANSPORT_CONNECT_SUB_JOB_H_
 
 #include <stddef.h>
+
+#include <memory>
 #include <utility>
 
 #include "base/compiler_specific.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/address_list.h"
 #include "net/base/load_states.h"
 #include "net/socket/websocket_endpoint_lock_manager.h"
@@ -47,7 +48,9 @@ class WebSocketTransportConnectSubJob
 
   SubJobType type() const { return type_; }
 
-  scoped_ptr<StreamSocket> PassSocket() { return std::move(transport_socket_); }
+  std::unique_ptr<StreamSocket> PassSocket() {
+    return std::move(transport_socket_);
+  }
 
   // Implementation of WebSocketEndpointLockManager::EndpointWaiter.
   void GotEndpointLock() override;
@@ -83,7 +86,7 @@ class WebSocketTransportConnectSubJob
   State next_state_;
   const SubJobType type_;
 
-  scoped_ptr<StreamSocket> transport_socket_;
+  std::unique_ptr<StreamSocket> transport_socket_;
 
   DISALLOW_COPY_AND_ASSIGN(WebSocketTransportConnectSubJob);
 };
diff --git a/chromium/net/spdy/bidirectional_stream_spdy_impl.cc b/chromium/net/spdy/bidirectional_stream_spdy_impl.cc
index c7e023baeb4..6a394c2ff61 100644
--- a/chromium/net/spdy/bidirectional_stream_spdy_impl.cc
+++ b/chromium/net/spdy/bidirectional_stream_spdy_impl.cc
@@ -41,17 +41,15 @@ BidirectionalStreamSpdyImpl::BidirectionalStreamSpdyImpl(
       weak_factory_(this) {}
 
 BidirectionalStreamSpdyImpl::~BidirectionalStreamSpdyImpl() {
-  if (stream_) {
-    stream_->DetachDelegate();
-    DCHECK(!stream_);
-  }
+  Cancel();
 }
 
 void BidirectionalStreamSpdyImpl::Start(
     const BidirectionalStreamRequestInfo* request_info,
     const BoundNetLog& net_log,
+    bool /*send_request_headers_automatically*/,
     BidirectionalStreamImpl::Delegate* delegate,
-    scoped_ptr<base::Timer> timer) {
+    std::unique_ptr<base::Timer> timer) {
   DCHECK(!stream_);
   DCHECK(timer);
 
@@ -59,7 +57,10 @@ void BidirectionalStreamSpdyImpl::Start(
   timer_ = std::move(timer);
 
   if (!spdy_session_) {
-    delegate_->OnFailed(ERR_CONNECTION_CLOSED);
+    base::ThreadTaskRunnerHandle::Get()->PostTask(
+        FROM_HERE,
+        base::Bind(&BidirectionalStreamSpdyImpl::NotifyError,
+                   weak_factory_.GetWeakPtr(), ERR_CONNECTION_CLOSED));
     return;
   }
 
@@ -74,6 +75,11 @@ void BidirectionalStreamSpdyImpl::Start(
     OnStreamInitialized(rv);
 }
 
+void BidirectionalStreamSpdyImpl::SendRequestHeaders() {
+  // Request headers will be sent automatically.
+  NOTREACHED();
+}
+
 int BidirectionalStreamSpdyImpl::ReadData(IOBuffer* buf, int buf_len) {
   if (stream_)
     DCHECK(!stream_->IsIdle());
@@ -95,22 +101,63 @@ int BidirectionalStreamSpdyImpl::ReadData(IOBuffer* buf, int buf_len) {
   return ERR_IO_PENDING;
 }
 
-void BidirectionalStreamSpdyImpl::SendData(IOBuffer* data,
+void BidirectionalStreamSpdyImpl::SendData(const scoped_refptr<IOBuffer>& data,
                                            int length,
                                            bool end_stream) {
+  DCHECK(length > 0 || (length == 0 && end_stream));
+
+  if (!stream_) {
+    LOG(ERROR) << "Trying to send data after stream has been destroyed.";
+    base::ThreadTaskRunnerHandle::Get()->PostTask(
+        FROM_HERE, base::Bind(&BidirectionalStreamSpdyImpl::NotifyError,
+                              weak_factory_.GetWeakPtr(), ERR_UNEXPECTED));
+    return;
+  }
+
   DCHECK(!stream_closed_);
-  DCHECK(stream_);
+  stream_->SendData(data.get(), length,
+                    end_stream ? NO_MORE_DATA_TO_SEND : MORE_DATA_TO_SEND);
+}
 
-  stream_->SendData(data, length,
+void BidirectionalStreamSpdyImpl::SendvData(
+    const std::vector<scoped_refptr<IOBuffer>>& buffers,
+    const std::vector<int>& lengths,
+    bool end_stream) {
+  DCHECK_EQ(buffers.size(), lengths.size());
+
+  if (!stream_) {
+    LOG(ERROR) << "Trying to send data after stream has been destroyed.";
+    base::ThreadTaskRunnerHandle::Get()->PostTask(
+        FROM_HERE, base::Bind(&BidirectionalStreamSpdyImpl::NotifyError,
+                              weak_factory_.GetWeakPtr(), ERR_UNEXPECTED));
+    return;
+  }
+
+  DCHECK(!stream_closed_);
+  int total_len = 0;
+  for (int len : lengths) {
+    total_len += len;
+  }
+
+  pending_combined_buffer_ = new net::IOBuffer(total_len);
+  int len = 0;
+  // TODO(xunjieli): Get rid of extra copy. Coalesce headers and data frames.
+  for (size_t i = 0; i < buffers.size(); ++i) {
+    memcpy(pending_combined_buffer_->data() + len, buffers[i]->data(),
+           lengths[i]);
+    len += lengths[i];
+  }
+  stream_->SendData(pending_combined_buffer_.get(), total_len,
                     end_stream ? NO_MORE_DATA_TO_SEND : MORE_DATA_TO_SEND);
 }
 
 void BidirectionalStreamSpdyImpl::Cancel() {
-  if (!stream_)
-    return;
-  // Cancels the stream and detaches the delegate so it doesn't get called back.
-  stream_->DetachDelegate();
-  DCHECK(!stream_);
+  if (delegate_) {
+    delegate_ = nullptr;
+    // Cancel any pending callback.
+    weak_factory_.InvalidateWeakPtrs();
+  }
+  ResetStream();
 }
 
 NextProto BidirectionalStreamSpdyImpl::GetProtocol() const {
@@ -141,19 +188,22 @@ void BidirectionalStreamSpdyImpl::OnRequestHeadersSent() {
   DCHECK(stream_);
 
   negotiated_protocol_ = stream_->GetProtocol();
-  delegate_->OnHeadersSent();
+  if (delegate_)
+    delegate_->OnStreamReady(/*request_headers_sent=*/true);
 }
 
 SpdyResponseHeadersStatus BidirectionalStreamSpdyImpl::OnResponseHeadersUpdated(
     const SpdyHeaderBlock& response_headers) {
   DCHECK(stream_);
 
-  delegate_->OnHeadersReceived(response_headers);
+  if (delegate_)
+    delegate_->OnHeadersReceived(response_headers);
+
   return RESPONSE_HEADERS_ARE_COMPLETE;
 }
 
 void BidirectionalStreamSpdyImpl::OnDataReceived(
-    scoped_ptr<SpdyBuffer> buffer) {
+    std::unique_ptr<SpdyBuffer> buffer) {
   DCHECK(stream_);
   DCHECK(!stream_closed_);
 
@@ -176,14 +226,17 @@ void BidirectionalStreamSpdyImpl::OnDataSent() {
   DCHECK(stream_);
   DCHECK(!stream_closed_);
 
-  delegate_->OnDataSent();
+  pending_combined_buffer_ = nullptr;
+  if (delegate_)
+    delegate_->OnDataSent();
 }
 
 void BidirectionalStreamSpdyImpl::OnTrailers(const SpdyHeaderBlock& trailers) {
   DCHECK(stream_);
   DCHECK(!stream_closed_);
 
-  delegate_->OnTrailersReceived(trailers);
+  if (delegate_)
+    delegate_->OnTrailersReceived(trailers);
 }
 
 void BidirectionalStreamSpdyImpl::OnClose(int status) {
@@ -193,12 +246,12 @@ void BidirectionalStreamSpdyImpl::OnClose(int status) {
   closed_stream_status_ = status;
   closed_stream_received_bytes_ = stream_->raw_received_bytes();
   closed_stream_sent_bytes_ = stream_->raw_sent_bytes();
-  stream_.reset();
 
   if (status != OK) {
-    delegate_->OnFailed(status);
+    NotifyError(status);
     return;
   }
+  ResetStream();
   // Complete any remaining read, as all data has been buffered.
   // If user has not called ReadData (i.e |read_buffer_| is nullptr), this will
   // do nothing.
@@ -206,8 +259,8 @@ void BidirectionalStreamSpdyImpl::OnClose(int status) {
   DoBufferedRead();
 }
 
-void BidirectionalStreamSpdyImpl::SendRequestHeaders() {
-  scoped_ptr<SpdyHeaderBlock> headers(new SpdyHeaderBlock);
+int BidirectionalStreamSpdyImpl::SendRequestHeadersHelper() {
+  std::unique_ptr<SpdyHeaderBlock> headers(new SpdyHeaderBlock);
   HttpRequestInfo http_request_info;
   http_request_info.url = request_info_->url;
   http_request_info.method = request_info_->method;
@@ -216,10 +269,10 @@ void BidirectionalStreamSpdyImpl::SendRequestHeaders() {
   CreateSpdyHeadersFromHttpRequest(
       http_request_info, http_request_info.extra_headers,
       stream_->GetProtocolVersion(), true, headers.get());
-  stream_->SendRequestHeaders(std::move(headers),
-                              request_info_->end_stream_on_headers
-                                  ? NO_MORE_DATA_TO_SEND
-                                  : MORE_DATA_TO_SEND);
+  return stream_->SendRequestHeaders(std::move(headers),
+                                     request_info_->end_stream_on_headers
+                                         ? NO_MORE_DATA_TO_SEND
+                                         : MORE_DATA_TO_SEND);
 }
 
 void BidirectionalStreamSpdyImpl::OnStreamInitialized(int rv) {
@@ -227,10 +280,40 @@ void BidirectionalStreamSpdyImpl::OnStreamInitialized(int rv) {
   if (rv == OK) {
     stream_ = stream_request_.ReleaseStream();
     stream_->SetDelegate(this);
-    SendRequestHeaders();
+    rv = SendRequestHeadersHelper();
+    if (rv == OK) {
+      OnRequestHeadersSent();
+      return;
+    } else if (rv == ERR_IO_PENDING) {
+      return;
+    }
+  }
+  NotifyError(rv);
+}
+
+void BidirectionalStreamSpdyImpl::NotifyError(int rv) {
+  ResetStream();
+  if (delegate_) {
+    BidirectionalStreamImpl::Delegate* delegate = delegate_;
+    delegate_ = nullptr;
+    // Cancel any pending callback.
+    weak_factory_.InvalidateWeakPtrs();
+    delegate->OnFailed(rv);
+    // |this| can be null when returned from delegate.
+  }
+}
+
+void BidirectionalStreamSpdyImpl::ResetStream() {
+  if (!stream_)
     return;
+  if (!stream_->IsClosed()) {
+    // This sends a RST to the remote.
+    stream_->DetachDelegate();
+    DCHECK(!stream_);
+  } else {
+    // Stream is already closed, so it is not legal to call DetachDelegate.
+    stream_.reset();
   }
-  delegate_->OnFailed(rv);
 }
 
 void BidirectionalStreamSpdyImpl::ScheduleBufferedRead() {
@@ -266,7 +349,8 @@ void BidirectionalStreamSpdyImpl::DoBufferedRead() {
     DCHECK_NE(ERR_IO_PENDING, rv);
     read_buffer_ = nullptr;
     read_buffer_len_ = 0;
-    delegate_->OnDataRead(rv);
+    if (delegate_)
+      delegate_->OnDataRead(rv);
   }
 }
 
diff --git a/chromium/net/spdy/bidirectional_stream_spdy_impl.h b/chromium/net/spdy/bidirectional_stream_spdy_impl.h
index 62e7bb66f00..b40c1ff9aaf 100644
--- a/chromium/net/spdy/bidirectional_stream_spdy_impl.h
+++ b/chromium/net/spdy/bidirectional_stream_spdy_impl.h
@@ -7,8 +7,11 @@
 
 #include <stdint.h>
 
+#include <memory>
+#include <vector>
+
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
+#include "base/memory/ref_counted.h"
 #include "base/memory/weak_ptr.h"
 #include "net/http/bidirectional_stream_impl.h"
 #include "net/http/bidirectional_stream_request_info.h"
@@ -39,10 +42,17 @@ class NET_EXPORT_PRIVATE BidirectionalStreamSpdyImpl
   // BidirectionalStreamImpl implementation:
   void Start(const BidirectionalStreamRequestInfo* request_info,
              const BoundNetLog& net_log,
+             bool send_request_headers_automatically,
              BidirectionalStreamImpl::Delegate* delegate,
-             scoped_ptr<base::Timer> timer) override;
+             std::unique_ptr<base::Timer> timer) override;
+  void SendRequestHeaders() override;
   int ReadData(IOBuffer* buf, int buf_len) override;
-  void SendData(IOBuffer* data, int length, bool end_stream) override;
+  void SendData(const scoped_refptr<IOBuffer>& data,
+                int length,
+                bool end_stream) override;
+  void SendvData(const std::vector<scoped_refptr<IOBuffer>>& buffers,
+                 const std::vector<int>& lengths,
+                 bool end_stream) override;
   void Cancel() override;
   NextProto GetProtocol() const override;
   int64_t GetTotalReceivedBytes() const override;
@@ -52,14 +62,17 @@ class NET_EXPORT_PRIVATE BidirectionalStreamSpdyImpl
   void OnRequestHeadersSent() override;
   SpdyResponseHeadersStatus OnResponseHeadersUpdated(
       const SpdyHeaderBlock& response_headers) override;
-  void OnDataReceived(scoped_ptr<SpdyBuffer> buffer) override;
+  void OnDataReceived(std::unique_ptr<SpdyBuffer> buffer) override;
   void OnDataSent() override;
   void OnTrailers(const SpdyHeaderBlock& trailers) override;
   void OnClose(int status) override;
 
  private:
-  void SendRequestHeaders();
+  int SendRequestHeadersHelper();
   void OnStreamInitialized(int rv);
+  // Notifies delegate of an error.
+  void NotifyError(int rv);
+  void ResetStream();
   void ScheduleBufferedRead();
   void DoBufferedRead();
   bool ShouldWaitForMoreBufferedData() const;
@@ -67,7 +80,7 @@ class NET_EXPORT_PRIVATE BidirectionalStreamSpdyImpl
   const base::WeakPtr<SpdySession> spdy_session_;
   const BidirectionalStreamRequestInfo* request_info_;
   BidirectionalStreamImpl::Delegate* delegate_;
-  scoped_ptr<base::Timer> timer_;
+  std::unique_ptr<base::Timer> timer_;
   SpdyStreamRequest stream_request_;
   base::WeakPtr<SpdyStream> stream_;
 
@@ -91,6 +104,9 @@ class NET_EXPORT_PRIVATE BidirectionalStreamSpdyImpl
   // After |stream_| has been closed, this keeps track of the total number of
   // bytes sent over the network for |stream_| while it was open.
   int64_t closed_stream_sent_bytes_;
+  // This is the combined buffer of buffers passed in through SendvData.
+  // Keep a reference here so it is alive until OnDataSent is invoked.
+  scoped_refptr<IOBuffer> pending_combined_buffer_;
 
   base::WeakPtrFactory<BidirectionalStreamSpdyImpl> weak_factory_;
 
diff --git a/chromium/net/spdy/bidirectional_stream_spdy_impl_unittest.cc b/chromium/net/spdy/bidirectional_stream_spdy_impl_unittest.cc
new file mode 100644
index 00000000000..7e56cfee04c
--- /dev/null
+++ b/chromium/net/spdy/bidirectional_stream_spdy_impl_unittest.cc
@@ -0,0 +1,373 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/spdy/bidirectional_stream_spdy_impl.h"
+
+#include <memory>
+#include <string>
+
+#include "base/macros.h"
+#include "base/memory/ptr_util.h"
+#include "base/run_loop.h"
+#include "base/strings/string_number_conversions.h"
+#include "base/strings/string_piece.h"
+#include "base/time/time.h"
+#include "base/timer/mock_timer.h"
+#include "net/base/net_errors.h"
+#include "net/base/test_data_directory.h"
+#include "net/http/http_request_info.h"
+#include "net/http/http_response_headers.h"
+#include "net/http/http_response_info.h"
+#include "net/log/net_log.h"
+#include "net/log/test_net_log.h"
+#include "net/socket/socket_test_util.h"
+#include "net/spdy/spdy_session.h"
+#include "net/spdy/spdy_test_util_common.h"
+#include "net/test/cert_test_util.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace net {
+
+namespace {
+
+const char kBodyData[] = "Body data";
+const size_t kBodyDataSize = arraysize(kBodyData);
+// Size of the buffer to be allocated for each read.
+const size_t kReadBufferSize = 4096;
+
+class TestDelegateBase : public BidirectionalStreamImpl::Delegate {
+ public:
+  TestDelegateBase(base::WeakPtr<SpdySession> session,
+                   IOBuffer* read_buf,
+                   int read_buf_len)
+      : stream_(new BidirectionalStreamSpdyImpl(session)),
+        read_buf_(read_buf),
+        read_buf_len_(read_buf_len),
+        loop_(nullptr),
+        error_(OK),
+        bytes_read_(0),
+        on_data_read_count_(0),
+        on_data_sent_count_(0),
+        do_not_start_read_(false),
+        run_until_completion_(false),
+        not_expect_callback_(false),
+        on_failed_called_(false) {}
+
+  ~TestDelegateBase() override {}
+
+  void OnStreamReady(bool request_headers_sent) override {
+    CHECK(!on_failed_called_);
+  }
+
+  void OnHeadersReceived(const SpdyHeaderBlock& response_headers) override {
+    CHECK(!on_failed_called_);
+    CHECK(!not_expect_callback_);
+    response_headers_ = response_headers;
+    if (!do_not_start_read_)
+      StartOrContinueReading();
+  }
+
+  void OnDataRead(int bytes_read) override {
+    CHECK(!on_failed_called_);
+    CHECK(!not_expect_callback_);
+    on_data_read_count_++;
+    CHECK_GE(bytes_read, OK);
+    bytes_read_ += bytes_read;
+    data_received_.append(read_buf_->data(), bytes_read);
+    if (!do_not_start_read_)
+      StartOrContinueReading();
+  }
+
+  void OnDataSent() override {
+    CHECK(!on_failed_called_);
+    CHECK(!not_expect_callback_);
+    on_data_sent_count_++;
+  }
+
+  void OnTrailersReceived(const SpdyHeaderBlock& trailers) override {
+    CHECK(!on_failed_called_);
+    trailers_ = trailers;
+    if (run_until_completion_)
+      loop_->Quit();
+  }
+
+  void OnFailed(int error) override {
+    CHECK(!on_failed_called_);
+    CHECK(!not_expect_callback_);
+    CHECK_NE(OK, error);
+    error_ = error;
+    on_failed_called_ = true;
+    if (run_until_completion_)
+      loop_->Quit();
+  }
+
+  void Start(const BidirectionalStreamRequestInfo* request,
+             const BoundNetLog& net_log) {
+    stream_->Start(request, net_log,
+                   /*send_request_headers_automatically=*/false, this,
+                   base::WrapUnique(new base::Timer(false, false)));
+    not_expect_callback_ = false;
+  }
+
+  void SendData(IOBuffer* data, int length, bool end_of_stream) {
+    not_expect_callback_ = true;
+    stream_->SendData(data, length, end_of_stream);
+    not_expect_callback_ = false;
+  }
+
+  void SendvData(const std::vector<scoped_refptr<IOBuffer>>& data,
+                 const std::vector<int>& length,
+                 bool end_of_stream) {
+    not_expect_callback_ = true;
+    stream_->SendvData(data, length, end_of_stream);
+    not_expect_callback_ = false;
+  }
+
+  // Sets whether the delegate should wait until the completion of the stream.
+  void SetRunUntilCompletion(bool run_until_completion) {
+    run_until_completion_ = run_until_completion;
+    loop_.reset(new base::RunLoop);
+  }
+
+  // Starts or continues read data from |stream_| until there is no more
+  // byte can be read synchronously.
+  void StartOrContinueReading() {
+    int rv = ReadData();
+    while (rv > 0) {
+      rv = ReadData();
+    }
+    if (run_until_completion_ && rv == 0)
+      loop_->Quit();
+  }
+
+  // Calls ReadData on the |stream_| and updates internal states.
+  int ReadData() {
+    int rv = stream_->ReadData(read_buf_.get(), read_buf_len_);
+    if (rv > 0) {
+      data_received_.append(read_buf_->data(), rv);
+      bytes_read_ += rv;
+    }
+    return rv;
+  }
+
+  NextProto GetProtocol() const { return stream_->GetProtocol(); }
+
+  int64_t GetTotalReceivedBytes() const {
+    return stream_->GetTotalReceivedBytes();
+  }
+
+  int64_t GetTotalSentBytes() const { return stream_->GetTotalSentBytes(); }
+
+  // Const getters for internal states.
+  const std::string& data_received() const { return data_received_; }
+  int bytes_read() const { return bytes_read_; }
+  int error() const { return error_; }
+  const SpdyHeaderBlock response_headers() const { return response_headers_; }
+  const SpdyHeaderBlock trailers() const { return trailers_; }
+  int on_data_read_count() const { return on_data_read_count_; }
+  int on_data_sent_count() const { return on_data_sent_count_; }
+  bool on_failed_called() const { return on_failed_called_; }
+
+  // Sets whether the delegate should automatically start reading.
+  void set_do_not_start_read(bool do_not_start_read) {
+    do_not_start_read_ = do_not_start_read;
+  }
+
+  // Cancels |stream_|.
+  void CancelStream() { stream_->Cancel(); }
+
+ private:
+  std::unique_ptr<BidirectionalStreamSpdyImpl> stream_;
+  scoped_refptr<IOBuffer> read_buf_;
+  int read_buf_len_;
+  std::string data_received_;
+  std::unique_ptr<base::RunLoop> loop_;
+  SpdyHeaderBlock response_headers_;
+  SpdyHeaderBlock trailers_;
+  int error_;
+  int bytes_read_;
+  int on_data_read_count_;
+  int on_data_sent_count_;
+  bool do_not_start_read_;
+  bool run_until_completion_;
+  bool not_expect_callback_;
+  bool on_failed_called_;
+
+  DISALLOW_COPY_AND_ASSIGN(TestDelegateBase);
+};
+
+}  // namespace
+
+class BidirectionalStreamSpdyImplTest : public testing::Test {
+ public:
+  BidirectionalStreamSpdyImplTest()
+      : spdy_util_(kProtoHTTP2, true),
+        session_deps_(kProtoHTTP2),
+        ssl_data_(SSLSocketDataProvider(ASYNC, OK)) {
+    ssl_data_.SetNextProto(kProtoHTTP2);
+    ssl_data_.cert = ImportCertFromFile(GetTestCertsDirectory(), "ok_cert.pem");
+  }
+
+ protected:
+  void TearDown() override {
+    if (sequenced_data_) {
+      EXPECT_TRUE(sequenced_data_->AllReadDataConsumed());
+      EXPECT_TRUE(sequenced_data_->AllWriteDataConsumed());
+    }
+  }
+
+  // Initializes the session using SequencedSocketData.
+  void InitSession(MockRead* reads,
+                   size_t reads_count,
+                   MockWrite* writes,
+                   size_t writes_count,
+                   const SpdySessionKey& key) {
+    ASSERT_TRUE(ssl_data_.cert.get());
+    session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl_data_);
+    sequenced_data_.reset(
+        new SequencedSocketData(reads, reads_count, writes, writes_count));
+    session_deps_.socket_factory->AddSocketDataProvider(sequenced_data_.get());
+    session_deps_.net_log = net_log_.bound().net_log();
+    http_session_ = SpdySessionDependencies::SpdyCreateSession(&session_deps_);
+    session_ =
+        CreateSecureSpdySession(http_session_.get(), key, net_log_.bound());
+  }
+
+  BoundTestNetLog net_log_;
+  SpdyTestUtil spdy_util_;
+  SpdySessionDependencies session_deps_;
+  std::unique_ptr<SequencedSocketData> sequenced_data_;
+  std::unique_ptr<HttpNetworkSession> http_session_;
+  base::WeakPtr<SpdySession> session_;
+
+ private:
+  SSLSocketDataProvider ssl_data_;
+};
+
+TEST_F(BidirectionalStreamSpdyImplTest, SendDataAfterStreamFailed) {
+  std::unique_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
+      "https://www.example.org", 1, kBodyDataSize * 3, LOW, nullptr, 0));
+  std::unique_ptr<SpdySerializedFrame> rst(
+      spdy_util_.ConstructSpdyRstStream(1, RST_STREAM_PROTOCOL_ERROR));
+
+  MockWrite writes[] = {
+      CreateMockWrite(*req, 0), CreateMockWrite(*rst, 2),
+  };
+
+  const char* const kExtraHeaders[] = {"X-UpperCase", "yes"};
+  std::unique_ptr<SpdySerializedFrame> resp(
+      spdy_util_.ConstructSpdyGetSynReply(kExtraHeaders, 1, 1));
+
+  MockRead reads[] = {
+      CreateMockRead(*resp, 1), MockRead(ASYNC, 0, 3),
+  };
+
+  HostPortPair host_port_pair("www.example.org", 443);
+  SpdySessionKey key(host_port_pair, ProxyServer::Direct(),
+                     PRIVACY_MODE_DISABLED);
+  InitSession(reads, arraysize(reads), writes, arraysize(writes), key);
+
+  BidirectionalStreamRequestInfo request_info;
+  request_info.method = "POST";
+  request_info.url = GURL("https://www.example.org/");
+  request_info.extra_headers.SetHeader(net::HttpRequestHeaders::kContentLength,
+                                       base::SizeTToString(kBodyDataSize * 3));
+
+  scoped_refptr<IOBuffer> read_buffer(new IOBuffer(kReadBufferSize));
+  std::unique_ptr<TestDelegateBase> delegate(
+      new TestDelegateBase(session_, read_buffer.get(), kReadBufferSize));
+  delegate->SetRunUntilCompletion(true);
+  delegate->Start(&request_info, net_log_.bound());
+  base::RunLoop().RunUntilIdle();
+
+  EXPECT_TRUE(delegate->on_failed_called());
+
+  // Try to send data after OnFailed(), should not get called back.
+  scoped_refptr<StringIOBuffer> buf(new StringIOBuffer("dummy"));
+  delegate->SendData(buf.get(), buf->size(), false);
+  base::RunLoop().RunUntilIdle();
+
+  EXPECT_EQ(ERR_SPDY_PROTOCOL_ERROR, delegate->error());
+  EXPECT_EQ(0, delegate->on_data_read_count());
+  EXPECT_EQ(0, delegate->on_data_sent_count());
+  EXPECT_EQ(kProtoHTTP2, delegate->GetProtocol());
+  // BidirectionalStreamSpdyStreamJob does not count the bytes sent for |rst|
+  // because it is sent after SpdyStream::Delegate::OnClose is called.
+  EXPECT_EQ(CountWriteBytes(writes, 1), delegate->GetTotalSentBytes());
+  EXPECT_EQ(CountReadBytes(reads, arraysize(reads)),
+            delegate->GetTotalReceivedBytes());
+}
+
+TEST_F(BidirectionalStreamSpdyImplTest, SendDataAfterCancelStream) {
+  BufferedSpdyFramer framer(spdy_util_.spdy_version());
+
+  std::unique_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
+      "https://www.example.org", 1, kBodyDataSize * 3, LOWEST, nullptr, 0));
+  std::unique_ptr<SpdySerializedFrame> data_frame(
+      framer.CreateDataFrame(1, kBodyData, kBodyDataSize, DATA_FLAG_NONE));
+  std::unique_ptr<SpdySerializedFrame> rst(
+      spdy_util_.ConstructSpdyRstStream(1, RST_STREAM_CANCEL));
+
+  MockWrite writes[] = {
+      CreateMockWrite(*req, 0), CreateMockWrite(*data_frame, 3),
+      CreateMockWrite(*rst, 5),
+  };
+
+  std::unique_ptr<SpdySerializedFrame> resp(
+      spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 1));
+  std::unique_ptr<SpdySerializedFrame> response_body_frame(
+      spdy_util_.ConstructSpdyBodyFrame(1, false));
+
+  MockRead reads[] = {
+      CreateMockRead(*resp, 1),
+      MockRead(ASYNC, ERR_IO_PENDING, 2),  // Force a pause.
+      MockRead(ASYNC, ERR_IO_PENDING, 4),  // Force a pause.
+      MockRead(ASYNC, 0, 6),
+  };
+
+  HostPortPair host_port_pair("www.example.org", 443);
+  SpdySessionKey key(host_port_pair, ProxyServer::Direct(),
+                     PRIVACY_MODE_DISABLED);
+  InitSession(reads, arraysize(reads), writes, arraysize(writes), key);
+
+  BidirectionalStreamRequestInfo request_info;
+  request_info.method = "POST";
+  request_info.url = GURL("https://www.example.org/");
+  request_info.priority = LOWEST;
+  request_info.extra_headers.SetHeader(net::HttpRequestHeaders::kContentLength,
+                                       base::SizeTToString(kBodyDataSize * 3));
+
+  scoped_refptr<IOBuffer> read_buffer(new IOBuffer(kReadBufferSize));
+  std::unique_ptr<TestDelegateBase> delegate(
+      new TestDelegateBase(session_, read_buffer.get(), kReadBufferSize));
+  delegate->set_do_not_start_read(true);
+  delegate->Start(&request_info, net_log_.bound());
+  // Send the request and receive response headers.
+  sequenced_data_->RunUntilPaused();
+  EXPECT_EQ(kProtoHTTP2, delegate->GetProtocol());
+
+  // Send a DATA frame.
+  scoped_refptr<StringIOBuffer> buf(
+      new StringIOBuffer(std::string(kBodyData, kBodyDataSize)));
+  delegate->SendData(buf.get(), buf->size(), false);
+  sequenced_data_->Resume();
+  base::RunLoop().RunUntilIdle();
+  // Cancel the stream.
+  delegate->CancelStream();
+  sequenced_data_->Resume();
+  base::RunLoop().RunUntilIdle();
+
+  // Try to send data after Cancel(), should not get called back.
+  delegate->SendData(buf.get(), buf->size(), false);
+  base::MessageLoop::current()->RunUntilIdle();
+  EXPECT_FALSE(delegate->on_failed_called());
+
+  EXPECT_EQ("200", delegate->response_headers().find(":status")->second);
+  EXPECT_EQ(0, delegate->on_data_read_count());
+  EXPECT_EQ(kProtoHTTP2, delegate->GetProtocol());
+  EXPECT_EQ(0, delegate->GetTotalSentBytes());
+  EXPECT_EQ(0, delegate->GetTotalReceivedBytes());
+}
+
+}  // namespace net
diff --git a/chromium/net/spdy/buffered_spdy_framer.cc b/chromium/net/spdy/buffered_spdy_framer.cc
index ba0f4583fe3..4dd34ceda53 100644
--- a/chromium/net/spdy/buffered_spdy_framer.cc
+++ b/chromium/net/spdy/buffered_spdy_framer.cc
@@ -196,13 +196,12 @@ void BufferedSpdyFramer::OnDataFrameHeader(SpdyStreamId stream_id,
 
 void BufferedSpdyFramer::OnStreamFrameData(SpdyStreamId stream_id,
                                            const char* data,
-                                           size_t len,
-                                           bool fin) {
-  visitor_->OnStreamFrameData(stream_id, data, len, fin);
+                                           size_t len) {
+  visitor_->OnStreamFrameData(stream_id, data, len);
 }
 
 void BufferedSpdyFramer::OnStreamEnd(SpdyStreamId stream_id) {
-  visitor_->OnStreamFrameData(stream_id, nullptr, 0, true);
+  visitor_->OnStreamEnd(stream_id);
 }
 
 void BufferedSpdyFramer::OnStreamPadding(SpdyStreamId stream_id, size_t len) {
diff --git a/chromium/net/spdy/buffered_spdy_framer.h b/chromium/net/spdy/buffered_spdy_framer.h
index 8ad0defed0f..87283b0f6f1 100644
--- a/chromium/net/spdy/buffered_spdy_framer.h
+++ b/chromium/net/spdy/buffered_spdy_framer.h
@@ -8,10 +8,10 @@
 #include <stddef.h>
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 #include "net/socket/next_proto.h"
 #include "net/spdy/spdy_framer.h"
@@ -68,12 +68,13 @@ class NET_EXPORT_PRIVATE BufferedSpdyFramerVisitorInterface {
   // |data| A buffer containing the data received.
   // |len| The length of the data buffer (at most 2^24 - 1 for SPDY/3,
   // but 2^16 - 1 - 8 for SPDY/4).
-  // When the other side has finished sending data on this stream,
-  // this method will be called with a zero-length buffer.
   virtual void OnStreamFrameData(SpdyStreamId stream_id,
                                  const char* data,
-                                 size_t len,
-                                 bool fin) = 0;
+                                 size_t len) = 0;
+
+  // Called when the other side has finished sending data on this stream.
+  // |stream_id| The stream that was receivin data.
+  virtual void OnStreamEnd(SpdyStreamId stream_id) = 0;
 
   // Called when padding is received (padding length field or padding octets).
   // |stream_id| The stream receiving data.
@@ -179,8 +180,7 @@ class NET_EXPORT_PRIVATE BufferedSpdyFramer
                                 size_t len) override;
   void OnStreamFrameData(SpdyStreamId stream_id,
                          const char* data,
-                         size_t len,
-                         bool fin) override;
+                         size_t len) override;
   void OnStreamEnd(SpdyStreamId stream_id) override;
   void OnStreamPadding(SpdyStreamId stream_id, size_t len) override;
   SpdyHeadersHandlerInterface* OnHeaderFrameStart(
@@ -301,7 +301,7 @@ class NET_EXPORT_PRIVATE BufferedSpdyFramer
     bool fin;
     bool unidirectional;
   };
-  scoped_ptr<ControlFrameFields> control_frame_fields_;
+  std::unique_ptr<ControlFrameFields> control_frame_fields_;
 
   // Collection of fields of a GOAWAY frame that this class needs to buffer.
   struct GoAwayFields {
@@ -309,7 +309,7 @@ class NET_EXPORT_PRIVATE BufferedSpdyFramer
     SpdyGoAwayStatus status;
     std::string debug_data;
   };
-  scoped_ptr<GoAwayFields> goaway_fields_;
+  std::unique_ptr<GoAwayFields> goaway_fields_;
 
   DISALLOW_COPY_AND_ASSIGN(BufferedSpdyFramer);
 };
diff --git a/chromium/net/spdy/buffered_spdy_framer_unittest.cc b/chromium/net/spdy/buffered_spdy_framer_unittest.cc
index be2d66e6036..90f45603788 100644
--- a/chromium/net/spdy/buffered_spdy_framer_unittest.cc
+++ b/chromium/net/spdy/buffered_spdy_framer_unittest.cc
@@ -4,6 +4,7 @@
 
 #include "net/spdy/buffered_spdy_framer.h"
 
+#include "base/logging.h"
 #include "net/spdy/spdy_test_util_common.h"
 #include "testing/platform_test.h"
 
@@ -26,14 +27,14 @@ class TestBufferedSpdyVisitor : public BufferedSpdyFramerVisitorInterface {
         promised_stream_id_(static_cast<SpdyStreamId>(-1)) {}
 
   void OnError(SpdyFramer::SpdyError error_code) override {
-    LOG(INFO) << "SpdyFramer Error: " << error_code;
+    VLOG(1) << "SpdyFramer Error: " << error_code;
     error_count_++;
   }
 
   void OnStreamError(SpdyStreamId stream_id,
                      const std::string& description) override {
-    LOG(INFO) << "SpdyFramer Error on stream: " << stream_id  << " "
-              << description;
+    VLOG(1) << "SpdyFramer Error on stream: " << stream_id << " "
+            << description;
     error_count_++;
   }
 
@@ -79,11 +80,14 @@ class TestBufferedSpdyVisitor : public BufferedSpdyFramerVisitorInterface {
 
   void OnStreamFrameData(SpdyStreamId stream_id,
                          const char* data,
-                         size_t len,
-                         bool fin) override {
+                         size_t len) override {
     LOG(FATAL) << "Unexpected OnStreamFrameData call.";
   }
 
+  void OnStreamEnd(SpdyStreamId stream_id) override {
+    LOG(FATAL) << "Unexpected OnStreamEnd call.";
+  }
+
   void OnStreamPadding(SpdyStreamId stream_id, size_t len) override {
     LOG(FATAL) << "Unexpected OnStreamPadding call.";
   }
@@ -111,7 +115,7 @@ class TestBufferedSpdyVisitor : public BufferedSpdyFramerVisitorInterface {
 
   void OnGoAway(SpdyStreamId last_accepted_stream_id,
                 SpdyGoAwayStatus status,
-                StringPiece debug_data) override {
+                base::StringPiece debug_data) override {
     goaway_count_++;
     goaway_last_accepted_stream_id_ = last_accepted_stream_id;
     goaway_status_ = status;
@@ -227,7 +231,7 @@ TEST_P(BufferedSpdyFramerTest, ReadSynStreamHeaderBlock) {
   headers["aa"] = "vv";
   headers["bb"] = "ww";
   BufferedSpdyFramer framer(spdy_version());
-  scoped_ptr<SpdySerializedFrame> control_frame(
+  std::unique_ptr<SpdySerializedFrame> control_frame(
       framer.CreateSynStream(1,  // stream_id
                              0,  // associated_stream_id
                              1,  // priority
@@ -255,7 +259,7 @@ TEST_P(BufferedSpdyFramerTest, ReadSynReplyHeaderBlock) {
   headers["alpha"] = "beta";
   headers["gamma"] = "delta";
   BufferedSpdyFramer framer(spdy_version());
-  scoped_ptr<SpdySerializedFrame> control_frame(
+  std::unique_ptr<SpdySerializedFrame> control_frame(
       framer.CreateSynReply(1,  // stream_id
                             CONTROL_FLAG_NONE, &headers));
   EXPECT_TRUE(control_frame.get() != NULL);
@@ -282,7 +286,7 @@ TEST_P(BufferedSpdyFramerTest, ReadHeadersHeaderBlock) {
   headers["alpha"] = "beta";
   headers["gamma"] = "delta";
   BufferedSpdyFramer framer(spdy_version());
-  scoped_ptr<SpdySerializedFrame> control_frame(
+  std::unique_ptr<SpdySerializedFrame> control_frame(
       framer.CreateHeaders(1,  // stream_id
                            CONTROL_FLAG_NONE,
                            0,  // priority
@@ -308,7 +312,7 @@ TEST_P(BufferedSpdyFramerTest, ReadPushPromiseHeaderBlock) {
   headers["alpha"] = "beta";
   headers["gamma"] = "delta";
   BufferedSpdyFramer framer(spdy_version());
-  scoped_ptr<SpdySerializedFrame> control_frame(
+  std::unique_ptr<SpdySerializedFrame> control_frame(
       framer.CreatePushPromise(1, 2, &headers));
   EXPECT_TRUE(control_frame.get() != NULL);
 
@@ -330,7 +334,7 @@ TEST_P(BufferedSpdyFramerTest, GoAwayDebugData) {
   if (spdy_version() < HTTP2)
     return;
   BufferedSpdyFramer framer(spdy_version());
-  scoped_ptr<SpdySerializedFrame> goaway_frame(
+  std::unique_ptr<SpdySerializedFrame> goaway_frame(
       framer.CreateGoAway(2u, GOAWAY_FRAME_SIZE_ERROR, "foo"));
 
   TestBufferedSpdyVisitor visitor(spdy_version());
diff --git a/chromium/net/spdy/fuzzing/hpack_fuzz_util.h b/chromium/net/spdy/fuzzing/hpack_fuzz_util.h
index 3ee64e6b3fe..289bb6a1646 100644
--- a/chromium/net/spdy/fuzzing/hpack_fuzz_util.h
+++ b/chromium/net/spdy/fuzzing/hpack_fuzz_util.h
@@ -8,10 +8,10 @@
 #include <stddef.h>
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 #include <vector>
 
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_piece.h"
 #include "net/base/net_export.h"
 #include "net/spdy/hpack/hpack_decoder.h"
@@ -69,9 +69,9 @@ class NET_EXPORT_PRIVATE HpackFuzzUtil {
   struct NET_EXPORT_PRIVATE FuzzerContext {
     FuzzerContext();
     ~FuzzerContext();
-    scoped_ptr<HpackDecoder> first_stage;
-    scoped_ptr<HpackEncoder> second_stage;
-    scoped_ptr<HpackDecoder> third_stage;
+    std::unique_ptr<HpackDecoder> first_stage;
+    std::unique_ptr<HpackEncoder> second_stage;
+    std::unique_ptr<HpackDecoder> third_stage;
   };
 
   static void InitializeFuzzerContext(FuzzerContext* context);
diff --git a/chromium/net/spdy/hpack/hpack_constants.cc b/chromium/net/spdy/hpack/hpack_constants.cc
index 59a55dac96a..b9db0ef2d6c 100644
--- a/chromium/net/spdy/hpack/hpack_constants.cc
+++ b/chromium/net/spdy/hpack/hpack_constants.cc
@@ -4,10 +4,10 @@
 
 #include "net/spdy/hpack/hpack_constants.h"
 
+#include <memory>
 #include <vector>
 
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/singleton.h"
 #include "net/spdy/hpack/hpack_huffman_table.h"
 #include "net/spdy/hpack/hpack_static_table.h"
@@ -22,7 +22,7 @@ struct SharedHpackHuffmanTable {
  public:
   SharedHpackHuffmanTable() {
     std::vector<HpackHuffmanSymbol> code = HpackHuffmanCode();
-    scoped_ptr<HpackHuffmanTable> mutable_table(new HpackHuffmanTable());
+    std::unique_ptr<HpackHuffmanTable> mutable_table(new HpackHuffmanTable());
     CHECK(mutable_table->Initialize(&code[0], code.size()));
     CHECK(mutable_table->IsInitialized());
     table.reset(mutable_table.release());
@@ -32,7 +32,7 @@ struct SharedHpackHuffmanTable {
     return base::Singleton<SharedHpackHuffmanTable>::get();
   }
 
-  scoped_ptr<const HpackHuffmanTable> table;
+  std::unique_ptr<const HpackHuffmanTable> table;
 };
 
 // SharedHpackStaticTable is a Singleton wrapping a HpackStaticTable
@@ -41,7 +41,7 @@ struct SharedHpackStaticTable {
  public:
   SharedHpackStaticTable() {
     std::vector<HpackStaticEntry> static_table = HpackStaticTableVector();
-    scoped_ptr<HpackStaticTable> mutable_table(new HpackStaticTable());
+    std::unique_ptr<HpackStaticTable> mutable_table(new HpackStaticTable());
     mutable_table->Initialize(&static_table[0], static_table.size());
     CHECK(mutable_table->IsInitialized());
     table.reset(mutable_table.release());
@@ -51,7 +51,7 @@ struct SharedHpackStaticTable {
     return base::Singleton<SharedHpackStaticTable>::get();
   }
 
-  scoped_ptr<const HpackStaticTable> table;
+  std::unique_ptr<const HpackStaticTable> table;
 };
 
 }  // namespace
diff --git a/chromium/net/spdy/hpack/hpack_decoder.cc b/chromium/net/spdy/hpack/hpack_decoder.cc
index 6d4ab9896d7..e8f3f263915 100644
--- a/chromium/net/spdy/hpack/hpack_decoder.cc
+++ b/chromium/net/spdy/hpack/hpack_decoder.cc
@@ -26,15 +26,15 @@ HpackDecoder::HpackDecoder()
       handler_(nullptr),
       total_header_bytes_(0),
       regular_header_seen_(false),
-      header_block_started_(false) {}
+      header_block_started_(false),
+      total_parsed_bytes_(0) {}
 
 HpackDecoder::~HpackDecoder() {}
 
 bool HpackDecoder::HandleControlFrameHeadersData(const char* headers_data,
                                                  size_t headers_data_length) {
-  decoded_block_.clear();
   if (!header_block_started_) {
-    header_block_started_ = true;
+    decoded_block_.clear();
     if (handler_ != nullptr) {
       handler_->OnHeaderBlockStart();
     }
@@ -45,26 +45,53 @@ bool HpackDecoder::HandleControlFrameHeadersData(const char* headers_data,
   }
   headers_block_buffer_.insert(headers_block_buffer_.end(), headers_data,
                                headers_data + headers_data_length);
-  return true;
-}
 
-bool HpackDecoder::HandleControlFrameHeadersComplete(size_t* compressed_len) {
+  // Parse as many data in buffer as possible. And remove the parsed data
+  // from buffer.
   HpackInputStream input_stream(max_string_literal_size_,
                                 headers_block_buffer_);
-  regular_header_seen_ = false;
-  if (compressed_len) {
-    *compressed_len = headers_block_buffer_.size();
+
+  // If this is the start of the header block, process table size updates.
+  if (!header_block_started_) {
+    if (!DecodeAtMostTwoHeaderTableSizeUpdates(&input_stream)) {
+      return false;
+    }
+    input_stream.MarkCurrentPosition();
   }
   while (input_stream.HasMoreData()) {
-    if (!DecodeNextOpcode(&input_stream)) {
-      headers_block_buffer_.clear();
+    if (!DecodeNextOpcodeWrapper(&input_stream)) {
+      if (input_stream.NeedMoreData()) {
+        break;
+      }
       return false;
     }
   }
+  uint32_t parsed_bytes = input_stream.ParsedBytes();
+  DCHECK_GE(headers_block_buffer_.size(), parsed_bytes);
+  headers_block_buffer_.erase(0, parsed_bytes);
+  total_parsed_bytes_ += parsed_bytes;
+  header_block_started_ = true;
+  return true;
+}
+
+bool HpackDecoder::HandleControlFrameHeadersComplete(size_t* compressed_len) {
+  regular_header_seen_ = false;
+
+  if (compressed_len != nullptr) {
+    *compressed_len = total_parsed_bytes_;
+  }
+
+  // Data in headers_block_buffer_ should have been parsed by
+  // HandleControlFrameHeadersData and removed.
+  if (headers_block_buffer_.size() > 0) {
+    return false;
+  }
+
   if (handler_ != nullptr) {
     handler_->OnHeaderBlockEnd(total_header_bytes_);
   }
   headers_block_buffer_.clear();
+  total_parsed_bytes_ = 0;
   header_block_started_ = false;
   handler_ = nullptr;
   return true;
@@ -104,6 +131,15 @@ bool HpackDecoder::HandleHeaderRepresentation(StringPiece name,
   return true;
 }
 
+bool HpackDecoder::DecodeNextOpcodeWrapper(HpackInputStream* input_stream) {
+  if (DecodeNextOpcode(input_stream)) {
+    // Decoding next opcode succeeds. Mark total bytes parsed successfully.
+    input_stream->MarkCurrentPosition();
+    return true;
+  }
+  return false;
+}
+
 bool HpackDecoder::DecodeNextOpcode(HpackInputStream* input_stream) {
   // Implements 7.1: Indexed Header Field Representation.
   if (input_stream->MatchPrefixAndConsume(kIndexedOpcode)) {
@@ -124,12 +160,36 @@ bool HpackDecoder::DecodeNextOpcode(HpackInputStream* input_stream) {
   }
   // Implements 7.3: Header Table Size Update.
   if (input_stream->MatchPrefixAndConsume(kHeaderTableSizeUpdateOpcode)) {
-    return DecodeNextHeaderTableSizeUpdate(input_stream);
+    // Header table size updates cannot appear mid-block.
+    return false;
   }
   // Unrecognized opcode.
   return false;
 }
 
+// Process 0, 1, or 2 Table Size Updates.
+bool HpackDecoder::DecodeAtMostTwoHeaderTableSizeUpdates(
+    HpackInputStream* input_stream) {
+  // Implements 7.3: Header Table Size Update.
+  if (input_stream->HasMoreData() &&
+      input_stream->MatchPrefixAndConsume(kHeaderTableSizeUpdateOpcode)) {
+    // One table size update, decode it.
+    if (DecodeNextHeaderTableSizeUpdate(input_stream)) {
+      // Check for a second table size update.
+      if (input_stream->HasMoreData() &&
+          input_stream->MatchPrefixAndConsume(kHeaderTableSizeUpdateOpcode)) {
+        // Second update found, return the result of decode.
+        return DecodeNextHeaderTableSizeUpdate(input_stream);
+      }
+    } else {
+      // Decoding the first table size update failed.
+      return false;
+    }
+  }
+  // No table size updates in this block.
+  return true;
+}
+
 bool HpackDecoder::DecodeNextHeaderTableSizeUpdate(
     HpackInputStream* input_stream) {
   uint32_t size = 0;
diff --git a/chromium/net/spdy/hpack/hpack_decoder.h b/chromium/net/spdy/hpack/hpack_decoder.h
index b430f7c56ba..778e3082d22 100644
--- a/chromium/net/spdy/hpack/hpack_decoder.h
+++ b/chromium/net/spdy/hpack/hpack_decoder.h
@@ -112,10 +112,16 @@ class NET_EXPORT_PRIVATE HpackDecoder {
   // Flag to keep track of having seen the header block start.
   bool header_block_started_;
 
+  // Total bytes have been removed from headers_block_buffer_.
+  // Its value is updated during incremental decoding.
+  uint32_t total_parsed_bytes_;
+
   // Handlers for decoding HPACK opcodes and header representations
   // (or parts thereof). These methods return true on success and
   // false on error.
+  bool DecodeNextOpcodeWrapper(HpackInputStream* input_stream);
   bool DecodeNextOpcode(HpackInputStream* input_stream);
+  bool DecodeAtMostTwoHeaderTableSizeUpdates(HpackInputStream* input_stream);
   bool DecodeNextHeaderTableSizeUpdate(HpackInputStream* input_stream);
   bool DecodeNextIndexedHeader(HpackInputStream* input_stream);
   bool DecodeNextLiteralHeader(HpackInputStream* input_stream,
diff --git a/chromium/net/spdy/hpack/hpack_decoder_test.cc b/chromium/net/spdy/hpack/hpack_decoder_test.cc
index e0c49caed8f..9f4c5fb8554 100644
--- a/chromium/net/spdy/hpack/hpack_decoder_test.cc
+++ b/chromium/net/spdy/hpack/hpack_decoder_test.cc
@@ -37,6 +37,13 @@ class HpackDecoderPeer {
   const SpdyHeaderBlock& decoded_block() const {
     return decoder_->decoded_block_;
   }
+
+  bool DecodeNextStringLiteral(HpackInputStream* in,
+                               bool is_header_key,
+                               StringPiece* str) {
+    return decoder_->DecodeNextStringLiteral(in, is_header_key, str);
+  }
+
   const string& headers_block_buffer() const {
     return decoder_->headers_block_buffer_;
   }
@@ -60,16 +67,26 @@ class HpackDecoderTest : public ::testing::TestWithParam<bool> {
  protected:
   HpackDecoderTest() : decoder_(), decoder_peer_(&decoder_) {}
 
+  void SetUp() override { handler_exists_ = GetParam(); }
+
   bool DecodeHeaderBlock(StringPiece str) {
-    if (GetParam()) {
+    if (handler_exists_) {
       decoder_.HandleControlFrameHeadersStart(&handler_);
     }
     return decoder_.HandleControlFrameHeadersData(str.data(), str.size()) &&
            decoder_.HandleControlFrameHeadersComplete(nullptr);
   }
 
+  bool HandleControlFrameHeadersData(StringPiece str) {
+    return decoder_.HandleControlFrameHeadersData(str.data(), str.size());
+  }
+
+  bool HandleControlFrameHeadersComplete(size_t* size) {
+    return decoder_.HandleControlFrameHeadersComplete(size);
+  }
+
   const SpdyHeaderBlock& decoded_block() const {
-    if (GetParam()) {
+    if (handler_exists_) {
       return handler_.decoded_block();
     } else {
       return decoder_peer_.decoded_block();
@@ -95,13 +112,14 @@ class HpackDecoderTest : public ::testing::TestWithParam<bool> {
   HpackDecoder decoder_;
   test::HpackDecoderPeer decoder_peer_;
   TestHeadersHandler handler_;
+  bool handler_exists_;
 };
 
 INSTANTIATE_TEST_CASE_P(WithAndWithoutHeadersHandler,
                         HpackDecoderTest,
                         ::testing::Bool());
 
-TEST_P(HpackDecoderTest, HandleControlFrameHeadersData) {
+TEST_P(HpackDecoderTest, AddHeaderDataWithHandleControlFrameHeadersData) {
   // Strings under threshold are concatenated in the buffer.
   EXPECT_TRUE(decoder_.HandleControlFrameHeadersData("small string one", 16));
   EXPECT_TRUE(decoder_.HandleControlFrameHeadersData("small string two", 16));
@@ -113,8 +131,29 @@ TEST_P(HpackDecoderTest, HandleControlFrameHeadersData) {
             "small string onesmall string two");
 }
 
+// Decode with incomplete data in buffer.
+TEST_P(HpackDecoderTest, DecodeWithIncompleteData) {
+  // No need to wait for more data.
+  EXPECT_TRUE(HandleControlFrameHeadersData("\x82\x85\x82"));
+  EXPECT_EQ("", decoder_peer_.headers_block_buffer());
+
+  // Need to wait for more data.
+  EXPECT_TRUE(
+      HandleControlFrameHeadersData("\x40\x03goo"
+                                    "\x03gar\xbe\x40\x04spam"));
+  EXPECT_EQ("\x40\x04spam", decoder_peer_.headers_block_buffer());
+
+  // Add the needed data.
+  EXPECT_TRUE(HandleControlFrameHeadersData("\x04gggs"));
+  EXPECT_EQ("", decoder_peer_.headers_block_buffer());
+
+  size_t size = 0;
+  EXPECT_TRUE(HandleControlFrameHeadersComplete(&size));
+  EXPECT_EQ(24u, size);
+}
+
 TEST_P(HpackDecoderTest, HandleHeaderRepresentation) {
-  if (GetParam()) {
+  if (handler_exists_) {
     decoder_.HandleControlFrameHeadersStart(&handler_);
   }
 
@@ -165,6 +204,26 @@ TEST_P(HpackDecoderTest, DecodeNextNameLiteral) {
   EXPECT_TRUE(decoder_peer_.DecodeNextName(&input_stream, &string_piece));
   EXPECT_EQ("name", string_piece);
   EXPECT_FALSE(input_stream.HasMoreData());
+  EXPECT_FALSE(input_stream.NeedMoreData());
+  input_stream.MarkCurrentPosition();
+  EXPECT_EQ(6u, input_stream.ParsedBytes());
+}
+
+// Decoding an encoded name with an incomplete string literal.
+TEST_P(HpackDecoderTest, DecodeNextNameLiteralWithIncompleteHeader) {
+  HpackInputStream input_stream(kLiteralBound,
+                                StringPiece("\x00\x04name\x00\x02g", 9));
+
+  StringPiece string_piece;
+  EXPECT_TRUE(decoder_peer_.DecodeNextName(&input_stream, &string_piece));
+  EXPECT_FALSE(input_stream.NeedMoreData());
+  input_stream.MarkCurrentPosition();
+  EXPECT_EQ(6u, input_stream.ParsedBytes());
+
+  EXPECT_FALSE(decoder_peer_.DecodeNextName(&input_stream, &string_piece));
+  EXPECT_TRUE(input_stream.NeedMoreData());
+  input_stream.MarkCurrentPosition();
+  EXPECT_EQ(8u, input_stream.ParsedBytes());
 }
 
 TEST_P(HpackDecoderTest, DecodeNextNameLiteralWithHuffmanEncoding) {
@@ -175,6 +234,30 @@ TEST_P(HpackDecoderTest, DecodeNextNameLiteralWithHuffmanEncoding) {
   EXPECT_TRUE(decoder_peer_.DecodeNextName(&input_stream, &string_piece));
   EXPECT_EQ("custom-key", string_piece);
   EXPECT_FALSE(input_stream.HasMoreData());
+  EXPECT_FALSE(input_stream.NeedMoreData());
+  input_stream.MarkCurrentPosition();
+  EXPECT_EQ(input.size(), input_stream.ParsedBytes());
+}
+
+// Decode with incomplete huffman encoding.
+TEST_P(HpackDecoderTest, DecodeNextNameLiteralWithIncompleteHuffmanEncoding) {
+  // CHECK(huffman_table_.Initialize(kHpackHuffmanCode,
+  //                                 arraysize(kHpackHuffmanCode)));
+  // Put two copies of the same huffman encoding into input.
+  string input = a2b_hex("008825a849e95ba97d7f008825a849e95ba97d7f");
+  input.resize(input.size() - 1);  // Remove the last byte.
+  HpackInputStream input_stream(kLiteralBound, input);
+
+  StringPiece string_piece;
+  EXPECT_TRUE(decoder_peer_.DecodeNextName(&input_stream, &string_piece));
+  EXPECT_FALSE(input_stream.NeedMoreData());
+  input_stream.MarkCurrentPosition();
+  EXPECT_EQ(10u, input_stream.ParsedBytes());
+
+  EXPECT_FALSE(decoder_peer_.DecodeNextName(&input_stream, &string_piece));
+  EXPECT_TRUE(input_stream.NeedMoreData());
+  input_stream.MarkCurrentPosition();
+  EXPECT_EQ(12u, input_stream.ParsedBytes());
 }
 
 // Decoding an encoded name with a valid index should work.
@@ -185,6 +268,9 @@ TEST_P(HpackDecoderTest, DecodeNextNameIndexed) {
   EXPECT_TRUE(decoder_peer_.DecodeNextName(&input_stream, &string_piece));
   EXPECT_EQ(":authority", string_piece);
   EXPECT_FALSE(input_stream.HasMoreData());
+  EXPECT_FALSE(input_stream.NeedMoreData());
+  input_stream.MarkCurrentPosition();
+  EXPECT_EQ(1u, input_stream.ParsedBytes());
 }
 
 // Decoding an encoded name with an invalid index should fail.
@@ -194,6 +280,9 @@ TEST_P(HpackDecoderTest, DecodeNextNameInvalidIndex) {
 
   StringPiece string_piece;
   EXPECT_FALSE(decoder_peer_.DecodeNextName(&input_stream, &string_piece));
+  EXPECT_FALSE(input_stream.NeedMoreData());
+  input_stream.MarkCurrentPosition();
+  EXPECT_EQ(1u, input_stream.ParsedBytes());
 }
 
 // Decoding indexed static table field should work.
@@ -302,6 +391,85 @@ TEST_P(HpackDecoderTest, ContextUpdateMaximumSize) {
   }
 }
 
+// Two HeaderTableSizeUpdates may appear at the beginning of the block
+TEST_P(HpackDecoderTest, TwoTableSizeUpdates) {
+  string input;
+  {
+    // Should accept two table size updates, update to second one
+    HpackOutputStream output_stream;
+    output_stream.AppendPrefix(kHeaderTableSizeUpdateOpcode);
+    output_stream.AppendUint32(0);
+    output_stream.AppendPrefix(kHeaderTableSizeUpdateOpcode);
+    output_stream.AppendUint32(122);
+
+    output_stream.TakeString(&input);
+    EXPECT_TRUE(DecodeHeaderBlock(StringPiece(input)));
+    EXPECT_EQ(122u, decoder_peer_.header_table()->max_size());
+  }
+}
+
+// Three HeaderTableSizeUpdates should result in an error
+TEST_P(HpackDecoderTest, ThreeTableSizeUpdatesError) {
+  string input;
+  {
+    // Should reject three table size updates, update to second one
+    HpackOutputStream output_stream;
+    output_stream.AppendPrefix(kHeaderTableSizeUpdateOpcode);
+    output_stream.AppendUint32(5);
+    output_stream.AppendPrefix(kHeaderTableSizeUpdateOpcode);
+    output_stream.AppendUint32(10);
+    output_stream.AppendPrefix(kHeaderTableSizeUpdateOpcode);
+    output_stream.AppendUint32(15);
+
+    output_stream.TakeString(&input);
+
+    EXPECT_FALSE(DecodeHeaderBlock(StringPiece(input)));
+    EXPECT_EQ(10u, decoder_peer_.header_table()->max_size());
+  }
+}
+
+// HeaderTableSizeUpdates may only appear at the beginning of the block
+// Any other updates should result in an error
+TEST_P(HpackDecoderTest, TableSizeUpdateSecondError) {
+  string input;
+  {
+    // Should reject a table size update appearing after a different entry
+    // The table size should remain as the default
+    HpackOutputStream output_stream;
+    output_stream.AppendBytes("\x82\x85");
+    output_stream.AppendPrefix(kHeaderTableSizeUpdateOpcode);
+    output_stream.AppendUint32(123);
+
+    output_stream.TakeString(&input);
+
+    EXPECT_FALSE(DecodeHeaderBlock(StringPiece(input)));
+    EXPECT_EQ(kDefaultHeaderTableSizeSetting,
+              decoder_peer_.header_table()->max_size());
+  }
+}
+
+// HeaderTableSizeUpdates may only appear at the beginning of the block
+// Any other updates should result in an error
+TEST_P(HpackDecoderTest, TableSizeUpdateFirstThirdError) {
+  string input;
+  {
+    // Should reject the second table size update
+    // if a different entry appears after the first update
+    // The table size should update to the first but not the second
+    HpackOutputStream output_stream;
+    output_stream.AppendPrefix(kHeaderTableSizeUpdateOpcode);
+    output_stream.AppendUint32(60);
+    output_stream.AppendBytes("\x82\x85");
+    output_stream.AppendPrefix(kHeaderTableSizeUpdateOpcode);
+    output_stream.AppendUint32(125);
+
+    output_stream.TakeString(&input);
+
+    EXPECT_FALSE(DecodeHeaderBlock(StringPiece(input)));
+    EXPECT_EQ(60u, decoder_peer_.header_table()->max_size());
+  }
+}
+
 // Decoding two valid encoded literal headers with no indexing should
 // work.
 TEST_P(HpackDecoderTest, LiteralHeaderNoIndexing) {
@@ -353,6 +521,30 @@ TEST_P(HpackDecoderTest, LiteralHeaderNeverIndexedInvalidNameIndex) {
   EXPECT_FALSE(DecodeHeaderBlock(StringPiece("\x1f\x2f\x03ooo")));
 }
 
+// Decode with incomplete string literal.
+TEST_P(HpackDecoderTest, StringLiteralIncomplete) {
+  const char input[] = "\x0c/sample/path\x06:path2\x0e/sample/path/";
+  HpackInputStream input_stream(kLiteralBound, input);
+  StringPiece str;
+  EXPECT_TRUE(
+      decoder_peer_.DecodeNextStringLiteral(&input_stream, false, &str));
+  EXPECT_FALSE(input_stream.NeedMoreData());
+  input_stream.MarkCurrentPosition();
+  EXPECT_EQ(13u, input_stream.ParsedBytes());
+
+  EXPECT_TRUE(
+      decoder_peer_.DecodeNextStringLiteral(&input_stream, false, &str));
+  EXPECT_FALSE(input_stream.NeedMoreData());
+  input_stream.MarkCurrentPosition();
+  EXPECT_EQ(20u, input_stream.ParsedBytes());
+
+  EXPECT_FALSE(
+      decoder_peer_.DecodeNextStringLiteral(&input_stream, false, &str));
+  EXPECT_TRUE(input_stream.NeedMoreData());
+  input_stream.MarkCurrentPosition();
+  EXPECT_EQ(21u, input_stream.ParsedBytes());
+}
+
 // Round-tripping the header set from E.2.1 should work.
 TEST_P(HpackDecoderTest, BasicE21) {
   HpackEncoder encoder(ObtainHpackHuffmanTable());
diff --git a/chromium/net/spdy/hpack/hpack_huffman_decoder.cc b/chromium/net/spdy/hpack/hpack_huffman_decoder.cc
index 3573744c052..926223f8ad9 100644
--- a/chromium/net/spdy/hpack/hpack_huffman_decoder.cc
+++ b/chromium/net/spdy/hpack/hpack_huffman_decoder.cc
@@ -158,7 +158,7 @@ const uint8_t kCanonicalToSymbol[] = {
 };
 // clang-format on
 
-#ifndef NDEBUG
+#if !defined(NDEBUG) || defined(DCHECK_ALWAYS_ON)
 
 // Only used in DLOG.
 bool IsEOSPrefix(HuffmanWord bits, HuffmanCodeLength bits_available) {
@@ -171,7 +171,7 @@ bool IsEOSPrefix(HuffmanWord bits, HuffmanCodeLength bits_available) {
   return bits == expected;
 }
 
-#endif  // NDEBUG
+#endif  // NDEBUG && !defined(DCHECK_ALWAYS_ON)
 
 }  // namespace
 
diff --git a/chromium/net/spdy/hpack/hpack_huffman_table.cc b/chromium/net/spdy/hpack/hpack_huffman_table.cc
index e29e1c4debd..8a6b7235570 100644
--- a/chromium/net/spdy/hpack/hpack_huffman_table.cc
+++ b/chromium/net/spdy/hpack/hpack_huffman_table.cc
@@ -169,7 +169,8 @@ void HpackHuffmanTable::BuildDecodeTables(const std::vector<Symbol>& symbols) {
       if (entry.length != 0 && entry.length < total_indexed) {
         // The difference between entry & table bit counts tells us how
         // many additional entries map to this one.
-        size_t fill_count = 1 << (total_indexed - entry.length);
+        size_t fill_count = static_cast<size_t>(1)
+                            << (total_indexed - entry.length);
         CHECK_LE(j + fill_count, table.size());
 
         for (size_t k = 1; k != fill_count; k++) {
diff --git a/chromium/net/spdy/hpack/hpack_input_stream.cc b/chromium/net/spdy/hpack/hpack_input_stream.cc
index e9e9540e0ca..79455e51fe7 100644
--- a/chromium/net/spdy/hpack/hpack_input_stream.cc
+++ b/chromium/net/spdy/hpack/hpack_input_stream.cc
@@ -8,6 +8,7 @@
 
 #include "base/logging.h"
 #include "net/spdy/hpack/hpack_huffman_decoder.h"
+#include "net/spdy/spdy_bug_tracker.h"
 
 namespace net {
 
@@ -18,7 +19,10 @@ HpackInputStream::HpackInputStream(uint32_t max_string_literal_size,
                                    StringPiece buffer)
     : max_string_literal_size_(max_string_literal_size),
       buffer_(buffer),
-      bit_offset_(0) {}
+      bit_offset_(0),
+      parsed_bytes_(0),
+      parsed_bytes_current_(0),
+      need_more_data_(false) {}
 
 HpackInputStream::~HpackInputStream() {}
 
@@ -27,6 +31,11 @@ bool HpackInputStream::HasMoreData() const {
 }
 
 bool HpackInputStream::MatchPrefixAndConsume(HpackPrefix prefix) {
+  if (buffer_.empty()) {
+    need_more_data_ = true;
+    return false;
+  }
+
   DCHECK_GT(prefix.bit_size, 0u);
   DCHECK_LE(prefix.bit_size, 8u);
 
@@ -45,7 +54,11 @@ bool HpackInputStream::MatchPrefixAndConsume(HpackPrefix prefix) {
 }
 
 bool HpackInputStream::PeekNextOctet(uint8_t* next_octet) {
-  if ((bit_offset_ > 0) || buffer_.empty()) {
+  if (buffer_.empty()) {
+    need_more_data_ = true;
+    return false;
+  }
+  if ((bit_offset_ > 0)) {
     DVLOG(1) << "HpackInputStream::PeekNextOctet bit_offset_=" << bit_offset_;
     return false;
   }
@@ -60,6 +73,7 @@ bool HpackInputStream::DecodeNextOctet(uint8_t* next_octet) {
   }
 
   buffer_.remove_prefix(1);
+  parsed_bytes_current_ += 1;
   return true;
 }
 
@@ -75,7 +89,9 @@ bool HpackInputStream::DecodeNextUint32(uint32_t* I) {
   uint8_t next_marker = (1 << N) - 1;
   uint8_t next_octet = 0;
   if (!DecodeNextOctet(&next_octet)) {
-    DVLOG(1) << "HpackInputStream::DecodeNextUint32 initial octet error";
+    if (!need_more_data_) {
+      DVLOG(1) << "HpackInputStream::DecodeNextUint32 initial octet error";
+    }
     return false;
   }
   *I = next_octet & next_marker;
@@ -85,7 +101,9 @@ bool HpackInputStream::DecodeNextUint32(uint32_t* I) {
   while (has_more && (shift < 32)) {
     uint8_t next_octet = 0;
     if (!DecodeNextOctet(&next_octet)) {
-      DVLOG(1) << "HpackInputStream::DecodeNextUint32 shift=" << shift;
+      if (!need_more_data_) {
+        DVLOG(1) << "HpackInputStream::DecodeNextUint32 shift=" << shift;
+      }
       return false;
     }
     has_more = (next_octet & 0x80) != 0;
@@ -114,23 +132,28 @@ bool HpackInputStream::DecodeNextIdentityString(StringPiece* str) {
   }
 
   if (size > buffer_.size()) {
+    need_more_data_ = true;
     return false;
   }
 
   *str = StringPiece(buffer_.data(), size);
   buffer_.remove_prefix(size);
+  parsed_bytes_current_ += size;
   return true;
 }
 
 bool HpackInputStream::DecodeNextHuffmanString(string* str) {
   uint32_t encoded_size = 0;
   if (!DecodeNextUint32(&encoded_size)) {
-    DVLOG(1) << "HpackInputStream::DecodeNextHuffmanString "
-             << "unable to decode size";
+    if (!need_more_data_) {
+      DVLOG(1) << "HpackInputStream::DecodeNextHuffmanString "
+               << "unable to decode size";
+    }
     return false;
   }
 
   if (encoded_size > buffer_.size()) {
+    need_more_data_ = true;
     DVLOG(1) << "HpackInputStream::DecodeNextHuffmanString " << encoded_size
              << " > " << buffer_.size();
     return false;
@@ -139,6 +162,7 @@ bool HpackInputStream::DecodeNextHuffmanString(string* str) {
   HpackInputStream bounded_reader(max_string_literal_size_,
                                   StringPiece(buffer_.data(), encoded_size));
   buffer_.remove_prefix(encoded_size);
+  parsed_bytes_current_ += encoded_size;
 
   // DecodeString will not append more than |max_string_literal_size_| chars
   // to |str|.
@@ -200,8 +224,8 @@ std::pair<size_t, uint32_t> HpackInputStream::InitializePeekBits() {
         break;
     }
   } else {
-    LOG(DFATAL) << "InitializePeekBits called with non-zero bit_offset_: "
-                << bit_offset_;
+    SPDY_BUG << "InitializePeekBits called with non-zero bit_offset_: "
+             << bit_offset_;
   }
   return std::make_pair(peeked_count, bits);
 }
@@ -214,6 +238,7 @@ void HpackInputStream::ConsumeBits(size_t bit_count) {
     CHECK_GT(buffer_.size(), 0u);
   }
   buffer_.remove_prefix(byte_count);
+  parsed_bytes_current_ += byte_count;
 }
 
 void HpackInputStream::ConsumeByteRemainder() {
@@ -222,4 +247,16 @@ void HpackInputStream::ConsumeByteRemainder() {
   }
 }
 
+uint32_t HpackInputStream::ParsedBytes() const {
+  return parsed_bytes_;
+}
+
+bool HpackInputStream::NeedMoreData() const {
+  return need_more_data_;
+}
+
+void HpackInputStream::MarkCurrentPosition() {
+  parsed_bytes_ = parsed_bytes_current_;
+}
+
 }  // namespace net
diff --git a/chromium/net/spdy/hpack/hpack_input_stream.h b/chromium/net/spdy/hpack/hpack_input_stream.h
index ab716d0eff4..b7ec8effa47 100644
--- a/chromium/net/spdy/hpack/hpack_input_stream.h
+++ b/chromium/net/spdy/hpack/hpack_input_stream.h
@@ -22,12 +22,18 @@
 
 namespace net {
 
+namespace test {
+class HpackInputStreamPeer;
+}  // namespace test
+
 typedef std::pair<size_t, uint32_t> InitialPeekResult;
 
 // An HpackInputStream handles all the low-level details of decoding
 // header fields.
 class NET_EXPORT_PRIVATE HpackInputStream {
  public:
+  friend class test::HpackInputStreamPeer;
+
   // |max_string_literal_size| is the largest that any one string
   // literal (header name or header value) can be.
   HpackInputStream(uint32_t max_string_literal_size, base::StringPiece buffer);
@@ -72,14 +78,31 @@ class NET_EXPORT_PRIVATE HpackInputStream {
   // remaining bits in the current byte.
   void ConsumeByteRemainder();
 
-  // Accessors for testing.
+  // Return the total bytes that have been parsed SUCCESSFULLY.
+  uint32_t ParsedBytes() const;
+
+  // When incrementally decode the header, need to remember the current
+  // position in the buffer after we successfully decode one opcode.
+  void MarkCurrentPosition();
 
-  void SetBitOffsetForTest(size_t bit_offset) { bit_offset_ = bit_offset; }
+  // Returning true indicates this instance of HpackInputStream
+  // doesn't have enough data to parse the current opcode, and we
+  // are done with this instance. When more data arrive, a new
+  // HpackInputStream should be created to restart the parsing.
+  bool NeedMoreData() const;
 
  private:
   const uint32_t max_string_literal_size_;
   base::StringPiece buffer_;
   size_t bit_offset_;
+  // Total number of bytes parsed successfully. Only get updated when an
+  // opcode is parsed successfully.
+  uint32_t parsed_bytes_;
+  // Total number of bytes parsed currently. Get updated when an octet,
+  // a number or a string has been parsed successfully. Can point to the
+  // middle of an opcode.
+  uint32_t parsed_bytes_current_;
+  bool need_more_data_;
 
   bool PeekNextOctet(uint8_t* next_octet);
 
diff --git a/chromium/net/spdy/hpack/hpack_input_stream_test.cc b/chromium/net/spdy/hpack/hpack_input_stream_test.cc
index 1b68754080e..a923944a14b 100644
--- a/chromium/net/spdy/hpack/hpack_input_stream_test.cc
+++ b/chromium/net/spdy/hpack/hpack_input_stream_test.cc
@@ -17,7 +17,7 @@
 
 namespace net {
 
-namespace {
+namespace test {
 
 using base::StringPiece;
 using std::string;
@@ -35,15 +35,33 @@ const char kEncodedHuffmanFixture[] =
 const char kDecodedHuffmanFixture[] =
     "foo=ASDJKHQKBZXOQWEOPIUAXQWEOIU; max-age=3600; version=1";
 
+class HpackInputStreamPeer {
+ public:
+  explicit HpackInputStreamPeer(HpackInputStream* input_stream)
+      : input_stream_(input_stream) {}
+
+  void SetBitOffsetForTest(size_t bit_offset) {
+    input_stream_->bit_offset_ = bit_offset;
+  }
+
+  uint32_t ParsedBytesCurrent() { return input_stream_->parsed_bytes_current_; }
+
+ private:
+  HpackInputStream* input_stream_;
+};
+
 // Utility function to decode an assumed-valid uint32_t with an N-bit
 // prefix.
 uint32_t DecodeValidUint32(uint8_t N, StringPiece str) {
   EXPECT_GT(N, 0);
   EXPECT_LE(N, 8);
   HpackInputStream input_stream(kLiteralBound, str);
-  input_stream.SetBitOffsetForTest(8 - N);
+  HpackInputStreamPeer input_stream_peer(&input_stream);
+  input_stream_peer.SetBitOffsetForTest(8 - N);
   uint32_t I;
   EXPECT_TRUE(input_stream.DecodeNextUint32(&I));
+  EXPECT_EQ(str.size(), input_stream_peer.ParsedBytesCurrent());
+  EXPECT_FALSE(input_stream.NeedMoreData());
   return I;
 }
 
@@ -53,7 +71,8 @@ void ExpectDecodeUint32Invalid(uint8_t N, StringPiece str) {
   EXPECT_GT(N, 0);
   EXPECT_LE(N, 8);
   HpackInputStream input_stream(kLiteralBound, str);
-  input_stream.SetBitOffsetForTest(8 - N);
+  HpackInputStreamPeer input_stream_peer(&input_stream);
+  input_stream_peer.SetBitOffsetForTest(8 - N);
   uint32_t I;
   EXPECT_FALSE(input_stream.DecodeNextUint32(&I));
 }
@@ -478,12 +497,15 @@ TEST(HpackInputStreamTest, SevenByteIntegersOneToSevenBitPrefixes) {
 // Decoding a valid encoded string literal should work.
 TEST(HpackInputStreamTest, DecodeNextIdentityString) {
   HpackInputStream input_stream(kLiteralBound, "\x0estring literal");
+  HpackInputStreamPeer input_stream_peer(&input_stream);
 
   EXPECT_TRUE(input_stream.HasMoreData());
   StringPiece string_piece;
   EXPECT_TRUE(input_stream.DecodeNextIdentityString(&string_piece));
   EXPECT_EQ("string literal", string_piece);
   EXPECT_FALSE(input_stream.HasMoreData());
+  EXPECT_EQ(string_piece.size() + 1, input_stream_peer.ParsedBytesCurrent());
+  EXPECT_FALSE(input_stream.NeedMoreData());
 }
 
 // Decoding an encoded string literal with size larger than
@@ -494,6 +516,7 @@ TEST(HpackInputStreamTest, DecodeNextIdentityStringSizeLimit) {
   EXPECT_TRUE(input_stream.HasMoreData());
   StringPiece string_piece;
   EXPECT_FALSE(input_stream.DecodeNextIdentityString(&string_piece));
+  EXPECT_FALSE(input_stream.NeedMoreData());
 }
 
 // Decoding an encoded string literal with size larger than the
@@ -505,16 +528,20 @@ TEST(HpackInputStreamTest, DecodeNextIdentityStringNotEnoughInput) {
   EXPECT_TRUE(input_stream.HasMoreData());
   StringPiece string_piece;
   EXPECT_FALSE(input_stream.DecodeNextIdentityString(&string_piece));
+  EXPECT_TRUE(input_stream.NeedMoreData());
 }
 
 TEST(HpackInputStreamTest, DecodeNextHuffmanString) {
   string output, input(a2b_hex(kEncodedHuffmanFixture));
   HpackInputStream input_stream(arraysize(kDecodedHuffmanFixture) - 1, input);
+  HpackInputStreamPeer input_stream_peer(&input_stream);
 
   EXPECT_TRUE(input_stream.HasMoreData());
   EXPECT_TRUE(input_stream.DecodeNextHuffmanString(&output));
   EXPECT_EQ(kDecodedHuffmanFixture, output);
   EXPECT_FALSE(input_stream.HasMoreData());
+  EXPECT_FALSE(input_stream.NeedMoreData());
+  EXPECT_EQ(46u, input_stream_peer.ParsedBytesCurrent());
 }
 
 TEST(HpackInputStreamTest, DecodeNextHuffmanStringSizeLimit) {
@@ -525,6 +552,7 @@ TEST(HpackInputStreamTest, DecodeNextHuffmanStringSizeLimit) {
   // Decoded string overflows the max string literal.
   EXPECT_TRUE(input_stream.HasMoreData());
   EXPECT_FALSE(input_stream.DecodeNextHuffmanString(&output));
+  EXPECT_FALSE(input_stream.NeedMoreData());
 }
 
 TEST(HpackInputStreamTest, DecodeNextHuffmanStringNotEnoughInput) {
@@ -535,6 +563,7 @@ TEST(HpackInputStreamTest, DecodeNextHuffmanStringNotEnoughInput) {
   // Not enough buffer for declared encoded length.
   EXPECT_TRUE(input_stream.HasMoreData());
   EXPECT_FALSE(input_stream.DecodeNextHuffmanString(&output));
+  EXPECT_TRUE(input_stream.NeedMoreData());
 }
 
 TEST(HpackInputStreamTest, PeekBitsAndConsume) {
@@ -674,8 +703,8 @@ TEST(HpackInputStreamTest, InitializePeekBits) {
     bits <<= 28;
     EXPECT_EQ(0xb0000000, bits);
 
-    EXPECT_DFATAL(peeked_count_and_bits = input_stream.InitializePeekBits(),
-                  "bit_offset_");
+    EXPECT_SPDY_BUG(peeked_count_and_bits = input_stream.InitializePeekBits(),
+                    "bit_offset_");
     EXPECT_EQ(0u, peeked_count_and_bits.first);
     EXPECT_EQ(0u, peeked_count_and_bits.second);
     EXPECT_TRUE(input_stream.HasMoreData());
@@ -705,6 +734,75 @@ TEST(HpackInputStreamTest, ConsumeByteRemainder) {
   EXPECT_FALSE(input_stream.HasMoreData());
 }
 
-}  // namespace
+TEST(HpackInputStreamTest, IncompleteHeaderMatchPrefixAndConsume) {
+  HpackInputStream input_stream(kLiteralBound, "");
+  HpackInputStreamPeer input_stream_peer(&input_stream);
+  EXPECT_FALSE(input_stream.MatchPrefixAndConsume(kIndexedOpcode));
+  EXPECT_EQ(0u, input_stream_peer.ParsedBytesCurrent());
+  EXPECT_TRUE(input_stream.NeedMoreData());
+}
+
+TEST(HpackInputStreamTest, IncompleteHeaderDecodeNextUint32) {
+  // First byte only
+  HpackInputStream input_stream1(kLiteralBound, "\xff");
+  HpackInputStreamPeer input_stream1_peer(&input_stream1);
+  EXPECT_TRUE(input_stream1.MatchPrefixAndConsume(kIndexedOpcode));
+  uint32_t result;
+  EXPECT_FALSE(input_stream1.DecodeNextUint32(&result));
+  EXPECT_TRUE(input_stream1.NeedMoreData());
+  EXPECT_EQ(1u, input_stream1_peer.ParsedBytesCurrent());
+
+  // No last byte
+  HpackInputStream input_stream2(kLiteralBound, "\xff\x80\x80\x80");
+  HpackInputStreamPeer input_stream2_peer(&input_stream2);
+  EXPECT_TRUE(input_stream2.MatchPrefixAndConsume(kIndexedOpcode));
+  EXPECT_FALSE(input_stream2.DecodeNextUint32(&result));
+  EXPECT_TRUE(input_stream2.NeedMoreData());
+  EXPECT_EQ(4u, input_stream2_peer.ParsedBytesCurrent());
+
+  // Error happens before finishing parsing.
+  HpackInputStream input_stream3(kLiteralBound, "\xff\xff\xff\xff\xff\xff\xff");
+  HpackInputStreamPeer input_stream3_peer(&input_stream3);
+  EXPECT_TRUE(input_stream3.MatchPrefixAndConsume(kIndexedOpcode));
+  EXPECT_FALSE(input_stream3.DecodeNextUint32(&result));
+  EXPECT_FALSE(input_stream3.NeedMoreData());
+  EXPECT_EQ(6u, input_stream3_peer.ParsedBytesCurrent());
+}
+
+TEST(HpackInputStreamTest, IncompleteHeaderDecodeNextIdentityString) {
+  HpackInputStream input_stream1(kLiteralBound, "\x0estring litera");
+  HpackInputStreamPeer input_stream1_peer(&input_stream1);
+  StringPiece string_piece;
+  EXPECT_FALSE(input_stream1.DecodeNextIdentityString(&string_piece));
+  // Only parsed first byte.
+  EXPECT_EQ(1u, input_stream1_peer.ParsedBytesCurrent());
+  EXPECT_TRUE(input_stream1.NeedMoreData());
+
+  HpackInputStream input_stream2(kLiteralBound, "\x0e");
+  HpackInputStreamPeer input_stream2_peer(&input_stream2);
+  EXPECT_FALSE(input_stream2.DecodeNextIdentityString(&string_piece));
+  // Only parsed first byte.
+  EXPECT_EQ(1u, input_stream2_peer.ParsedBytesCurrent());
+  EXPECT_TRUE(input_stream2.NeedMoreData());
+}
+
+TEST(HpackInputStreamTest, IncompleteHeaderDecodeNextHuffmanString) {
+  string output, input(a2b_hex(kEncodedHuffmanFixture));
+  input.resize(input.size() - 1);  // Remove last byte.
+  HpackInputStream input_stream1(arraysize(kDecodedHuffmanFixture) - 1, input);
+  HpackInputStreamPeer input_stream1_peer(&input_stream1);
+  EXPECT_FALSE(input_stream1.DecodeNextHuffmanString(&output));
+  EXPECT_EQ(1u, input_stream1_peer.ParsedBytesCurrent());
+  EXPECT_TRUE(input_stream1.NeedMoreData());
+
+  input.erase(1, input.size());  // Remove all bytes except the first one.
+  HpackInputStream input_stream2(arraysize(kDecodedHuffmanFixture) - 1, input);
+  HpackInputStreamPeer input_stream2_peer(&input_stream2);
+  EXPECT_FALSE(input_stream2.DecodeNextHuffmanString(&output));
+  EXPECT_EQ(1u, input_stream2_peer.ParsedBytesCurrent());
+  EXPECT_TRUE(input_stream2.NeedMoreData());
+}
+
+}  // namespace test
 
 }  // namespace net
diff --git a/chromium/net/spdy/http2_write_scheduler.h b/chromium/net/spdy/http2_write_scheduler.h
index 2bf5aee0cf5..0a5179ca74f 100644
--- a/chromium/net/spdy/http2_write_scheduler.h
+++ b/chromium/net/spdy/http2_write_scheduler.h
@@ -11,21 +11,28 @@
 #include <cmath>
 #include <deque>
 #include <map>
+#include <memory>
 #include <queue>
 #include <set>
 #include <unordered_map>
 #include <utility>
 #include <vector>
 
-#include "base/containers/hash_tables.h"
 #include "base/containers/linked_list.h"
 #include "base/logging.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/stl_util.h"
+#include "net/spdy/spdy_bug_tracker.h"
+#include "net/spdy/spdy_protocol.h"
+#include "net/spdy/write_scheduler.h"
 
 namespace net {
 
+namespace test {
+template <typename StreamIdType>
+class Http2PriorityWriteSchedulerPeer;
+}
+
 // This data structure implements the HTTP/2 stream priority tree defined in
 // section 5.3 of RFC 7540:
 // http://tools.ietf.org/html/rfc7540#section-5.3
@@ -35,105 +42,51 @@ namespace net {
 // parent stream, and 0 or more child streams.  Individual streams can be
 // marked as ready to read/write, and then the whole structure can be queried
 // to pick the next stream to read/write out of those that are ready.
-//
-// The StreamIdType type must be a POD that supports comparison (most
-// likely, it will be a number).
-
-namespace test {
-template <typename StreamIdType>
-class Http2PriorityWriteSchedulerPeer;
-}
-
-const unsigned int kHttp2RootStreamId = 0;
-const int kHttp2DefaultStreamWeight = 16;
-const int kHttp2MinStreamWeight = 1;
-const int kHttp2MaxStreamWeight = 256;
-
 template <typename StreamIdType>
-class Http2PriorityWriteScheduler {
+class Http2PriorityWriteScheduler : public WriteScheduler<StreamIdType> {
  public:
   Http2PriorityWriteScheduler();
 
-  friend class test::Http2PriorityWriteSchedulerPeer<StreamIdType>;
-
-  // Return the number of streams currently in the tree.
-  int num_streams() const;
-
-  // Return true if the tree contains a stream with the given ID.
-  bool StreamRegistered(StreamIdType stream_id) const;
-
-  // Registers a new stream with the given weight and parent, adding it to the
-  // dependency tree. Non-exclusive streams simply get added below the parent
-  // stream. If exclusive = true, the stream becomes the parent's sole child
-  // and the parent's previous children become the children of the new
-  // stream. If the stream was already registered, logs DFATAL and does
-  // nothing. If the parent stream is not registered, logs DFATAL and uses the
-  // root stream as the parent.
+  // WriteScheduler methods
   void RegisterStream(StreamIdType stream_id,
                       StreamIdType parent_id,
                       int weight,
-                      bool exclusive);
-
-  // Unregisters the given stream from the scheduler, removing it from the
-  // dependency tree. If the stream was not previously registered, logs DFATAL
-  // and does nothing.
-  void UnregisterStream(StreamIdType stream_id);
-
-  // Returns the weight value for the specified stream. If the stream is not
-  // registered, logs DFATAL and returns the lowest weight.
-  int GetStreamWeight(StreamIdType stream_id) const;
-
-  // Returns the stream ID for the parent of the given stream. If the stream
-  // isn't registered, logs DFATAL and returns the root stream ID (0).
-  StreamIdType GetStreamParent(StreamIdType stream_id) const;
-
-  // Returns stream IDs of the children of the given stream, if any. If the
-  // stream isn't registered, logs DFATAL and returns an empty vector.
-  std::vector<StreamIdType> GetStreamChildren(StreamIdType stream_id) const;
-
-  // Sets the weight of the given stream. If the stream isn't registered or is
-  // the root stream, logs DFATAL and does nothing.
-  void SetStreamWeight(StreamIdType stream_id, int weight);
-
-  // Sets the parent of the given stream. If the stream and/or parent aren't
-  // registered, logs DFATAL and does nothing. If the new parent is a
-  // descendant of the stream (i.e. this would have created a cycle) then the
-  // topology of the tree is rearranged as described in section 5.3.3 of RFC
-  // 7540: https://tools.ietf.org/html/rfc7540#section-5.3.3
-  void SetStreamParent(StreamIdType stream_id,
-                       StreamIdType parent_id,
-                       bool exclusive);
+                      bool exclusive) override;
+  void RegisterStream(StreamIdType stream_id, SpdyPriority priority) override;
+  void UnregisterStream(StreamIdType stream_id) override;
+  bool StreamRegistered(StreamIdType stream_id) const override;
+  SpdyPriority GetStreamPriority(StreamIdType stream_id) const override;
+  void UpdateStreamPriority(StreamIdType stream_id,
+                            SpdyPriority priority) override;
+  int GetStreamWeight(StreamIdType stream_id) const override;
+  void UpdateStreamWeight(StreamIdType stream_id, int weight) override;
+  StreamIdType GetStreamParent(StreamIdType stream_id) const override;
+  void UpdateStreamParent(StreamIdType stream_id,
+                          StreamIdType parent_id,
+                          bool exclusive) override;
+  std::vector<StreamIdType> GetStreamChildren(
+      StreamIdType stream_id) const override;
+  void RecordStreamEventTime(StreamIdType stream_id,
+                             int64_t now_in_usec) override;
+  int64_t GetLatestEventWithPrecedence(StreamIdType stream_id) const override;
+  bool ShouldYield(StreamIdType stream_id) const override;
+  void MarkStreamReady(StreamIdType stream_id, bool add_to_front) override;
+  void MarkStreamNotReady(StreamIdType stream_id) override;
+  bool HasReadyStreams() const override;
+  StreamIdType PopNextReadyStream() override;
+  size_t NumReadyStreams() const override;
 
   // Returns true if the stream parent_id has child_id in its children. If
-  // either parent or child stream aren't registered, logs DFATAL and returns
+  // either parent or child stream aren't registered, logs SPDY_BUG and returns
   // false.
   bool StreamHasChild(StreamIdType parent_id, StreamIdType child_id) const;
 
-  // Marks the stream as blocked or unblocked. If the stream is not registered,
-  // logs DFATAL and does nothing.
-  void MarkStreamBlocked(StreamIdType stream_id, bool blocked);
-
-  // Marks the stream as ready or not ready to write; i.e. whether there is
-  // buffered data for the associated stream. If the stream is not registered,
-  // logs DFATAL and does nothing.
-  void MarkStreamReady(StreamIdType stream_id, bool ready);
-
-  // Returns true iff the scheduler has one or more usable streams. A stream is
-  // usable if it has ready == true and blocked == false, and is not the direct
-  // or indirect child of another stream that itself has ready == true and
-  // blocked == false. (Note that the root stream always has ready == false.)
-  bool HasUsableStreams() const;
-
-  // If the scheduler has any usable streams, returns the ID of the next usable
-  // stream, in the process changing its ready state to false. If the scheduler
-  // does not have any usable streams, logs DFATAL and returns the root stream
-  // ID (0). If there are multiple usable streams, precedence is given to the
-  // one with the highest priority (thus preserving SPDY priority semantics),
-  // or, if there are multiple with the highest priority, the one with the
-  // lowest ordinal (ensuring round-robin ordering).
-  StreamIdType PopNextUsableStream();
+  // Return the number of streams currently in the tree.
+  int num_streams() const;
 
  private:
+  friend class test::Http2PriorityWriteSchedulerPeer<StreamIdType>;
+
   struct StreamInfo;
   using StreamInfoVector = std::vector<StreamInfo*>;
   using StreamInfoMap = std::unordered_map<StreamIdType, StreamInfo*>;
@@ -141,7 +94,7 @@ class Http2PriorityWriteScheduler {
   struct StreamInfo : public base::LinkNode<StreamInfo> {
     // ID for this stream.
     StreamIdType id;
-    // ID of parent stream.
+    // StreamInfo for parent stream.
     StreamInfo* parent = nullptr;
     // Weights can range between 1 and 256 (inclusive).
     int weight = kHttp2DefaultStreamWeight;
@@ -149,23 +102,20 @@ class Http2PriorityWriteScheduler {
     int total_child_weights = 0;
     // Pointers to StreamInfos for children, if any.
     StreamInfoVector children;
-    // Is the associated stream write-blocked?
-    bool blocked = false;
-    // Does the stream have data ready for writing?
+    // Whether the stream is ready for writing. The stream is present in
+    // scheduling_queue_ iff true.
     bool ready = false;
-    // Whether the stream is currently present in scheduling_queue_.
-    bool scheduled = false;
     // The scheduling priority of this stream. Streams with higher priority
     // values are scheduled first.
+    // TODO(mpw): rename to avoid confusion with SPDY priorities,
+    //   which this is not.
     float priority = 0;
     // Ordinal value for this stream, used to ensure round-robin scheduling:
     // among streams with the same scheduling priority, streams with lower
-    // ordinal are scheduled first. The ordinal is reset to a new, greater
-    // value when the stream is next inserted into scheduling_queue_.
+    // ordinal are scheduled first.
     int64_t ordinal = 0;
-
-    // Whether the stream ought to be in scheduling_queue_.
-    bool IsSchedulable() const { return ready && !blocked; }
+    // Time of latest write event for stream of this priority, in microseconds.
+    int64_t last_event_time_usec = 0;
 
     // Whether this stream should be scheduled ahead of another stream.
     bool SchedulesBefore(const StreamInfo& other) const {
@@ -177,13 +127,9 @@ class Http2PriorityWriteScheduler {
   static bool Remove(StreamInfoVector* stream_infos,
                      const StreamInfo* stream_info);
 
-  // Clamps weight to a value in [kHttp2MinStreamWeight,
-  // kHttp2MaxStreamWeight].
-  static int ClampWeight(int weight);
-
   // Returns true iff any direct or transitive parent of the given stream is
-  // currently scheduled.
-  static bool HasScheduledAncestor(const StreamInfo& stream_info);
+  // currently ready.
+  static bool HasReadyAncestor(const StreamInfo& stream_info);
 
   // Returns StreamInfo for the given stream, or nullptr if it isn't
   // registered.
@@ -194,13 +140,9 @@ class Http2PriorityWriteScheduler {
   // including the stream itself. If this results in priority value changes for
   // scheduled streams, those streams are rescheduled to ensure proper ordering
   // of scheduling_queue_.
+  // TODO(mpw): rename to avoid confusion with SPDY priorities.
   void UpdatePrioritiesUnder(StreamInfo* stream_info);
 
-  // Adds or removes stream from scheduling_queue_ according to whether it is
-  // schedulable. If stream is newly schedulable, assigns it the next
-  // (increasing) ordinal value.
-  void UpdateScheduling(StreamInfo* stream_info);
-
   // Inserts stream into scheduling_queue_ at the appropriate location given
   // its priority and ordinal. Time complexity is O(scheduling_queue.size()).
   void Schedule(StreamInfo* stream_info);
@@ -217,17 +159,20 @@ class Http2PriorityWriteScheduler {
   // Maps from stream IDs to StreamInfo objects.
   StreamInfoMap all_stream_infos_;
   STLValueDeleter<StreamInfoMap> all_stream_infos_deleter_;
-  // Queue containing all streams that are ready and unblocked, ordered with
-  // streams of higher priority before streams of lower priority, and, among
-  // streams of equal priority, streams with lower ordinal before those with
-  // higher ordinal. Note that not all streams in scheduling_queue_ are
-  // necessarily usable: some may have ancestor stream(s) that are ready and
-  // unblocked. In these situations the occluded child streams are left in the
-  // queue, to reduce churn.
+  // Queue containing all ready streams, ordered with streams of higher
+  // priority before streams of lower priority, and, among streams of equal
+  // priority, streams with lower ordinal before those with higher
+  // ordinal. Note that not all streams in scheduling_queue_ are eligible to be
+  // picked as the next stream: some may have ancestor stream(s) that are ready
+  // and unblocked. In these situations the occluded child streams are left in
+  // the queue, to reduce churn.
   base::LinkedList<StreamInfo> scheduling_queue_;
-  // Ordinal value to assign to next node inserted into
-  // scheduling_queue_. Incremented after each insertion.
-  int64_t next_ordinal_ = 0;
+  // Ordinal value to assign to next node inserted into scheduling_queue_ when
+  // |add_to_front == true|. Decremented after each assignment.
+  int64_t head_ordinal_ = -1;
+  // Ordinal value to assign to next node inserted into scheduling_queue_ when
+  // |add_to_front == false|. Incremented after each assignment.
+  int64_t tail_ordinal_ = 0;
 
   DISALLOW_COPY_AND_ASSIGN(Http2PriorityWriteScheduler);
 };
@@ -240,7 +185,7 @@ Http2PriorityWriteScheduler<StreamIdType>::Http2PriorityWriteScheduler()
   root_stream_info_->weight = kHttp2DefaultStreamWeight;
   root_stream_info_->parent = nullptr;
   root_stream_info_->priority = 1.0;
-  root_stream_info_->ready = true;
+  root_stream_info_->ready = false;
   all_stream_infos_[kHttp2RootStreamId] = root_stream_info_;
 }
 
@@ -262,14 +207,14 @@ void Http2PriorityWriteScheduler<StreamIdType>::RegisterStream(
     int weight,
     bool exclusive) {
   if (StreamRegistered(stream_id)) {
-    LOG(DFATAL) << "Stream " << stream_id << " already registered";
+    SPDY_BUG << "Stream " << stream_id << " already registered";
     return;
   }
-  weight = ClampWeight(weight);
+  weight = ClampHttp2Weight(weight);
 
   StreamInfo* parent = FindStream(parent_id);
   if (parent == nullptr) {
-    LOG(DFATAL) << "Parent stream " << parent_id << " not registered";
+    SPDY_BUG << "Parent stream " << parent_id << " not registered";
     parent = root_stream_info_;
   }
 
@@ -300,26 +245,34 @@ void Http2PriorityWriteScheduler<StreamIdType>::RegisterStream(
   UpdatePrioritiesUnder(parent);
 
   // Stream starts with ready == false, so no need to schedule it yet.
-  DCHECK(!new_stream_info->IsSchedulable());
+  DCHECK(!new_stream_info->ready);
+}
+
+template <typename StreamIdType>
+void Http2PriorityWriteScheduler<StreamIdType>::RegisterStream(
+    StreamIdType stream_id,
+    SpdyPriority priority) {
+  RegisterStream(stream_id, kHttp2RootStreamId,
+                 SpdyPriorityToHttp2Weight(priority), false);
 }
 
 template <typename StreamIdType>
 void Http2PriorityWriteScheduler<StreamIdType>::UnregisterStream(
     StreamIdType stream_id) {
   if (stream_id == kHttp2RootStreamId) {
-    LOG(DFATAL) << "Cannot unregister root stream";
+    SPDY_BUG << "Cannot unregister root stream";
     return;
   }
   // Remove the stream from table.
   typename StreamInfoMap::iterator it = all_stream_infos_.find(stream_id);
   if (it == all_stream_infos_.end()) {
-    LOG(DFATAL) << "Stream " << stream_id << " not registered";
+    SPDY_BUG << "Stream " << stream_id << " not registered";
     return;
   }
-  scoped_ptr<StreamInfo> stream_info(std::move(it->second));
+  std::unique_ptr<StreamInfo> stream_info(std::move(it->second));
   all_stream_infos_.erase(it);
-  // If scheduled, unschedule.
-  if (stream_info->scheduled) {
+  // If ready (and hence scheduled), unschedule.
+  if (stream_info->ready) {
     Unschedule(stream_info.get());
   }
 
@@ -349,11 +302,17 @@ void Http2PriorityWriteScheduler<StreamIdType>::UnregisterStream(
 }
 
 template <typename StreamIdType>
+SpdyPriority Http2PriorityWriteScheduler<StreamIdType>::GetStreamPriority(
+    StreamIdType stream_id) const {
+  return Http2WeightToSpdyPriority(GetStreamWeight(stream_id));
+}
+
+template <typename StreamIdType>
 int Http2PriorityWriteScheduler<StreamIdType>::GetStreamWeight(
     StreamIdType stream_id) const {
   const StreamInfo* stream_info = FindStream(stream_id);
   if (stream_info == nullptr) {
-    LOG(DFATAL) << "Stream " << stream_id << " not registered";
+    SPDY_BUG << "Stream " << stream_id << " not registered";
     return kHttp2MinStreamWeight;
   }
   return stream_info->weight;
@@ -364,7 +323,7 @@ StreamIdType Http2PriorityWriteScheduler<StreamIdType>::GetStreamParent(
     StreamIdType stream_id) const {
   const StreamInfo* stream_info = FindStream(stream_id);
   if (stream_info == nullptr) {
-    LOG(DFATAL) << "Stream " << stream_id << " not registered";
+    SPDY_BUG << "Stream " << stream_id << " not registered";
     return kHttp2RootStreamId;
   }
   if (stream_info->parent == nullptr) {  // root stream
@@ -379,7 +338,7 @@ std::vector<StreamIdType> Http2PriorityWriteScheduler<
   std::vector<StreamIdType> child_vec;
   const StreamInfo* stream_info = FindStream(stream_id);
   if (stream_info == nullptr) {
-    LOG(DFATAL) << "Stream " << stream_id << " not registered";
+    SPDY_BUG << "Stream " << stream_id << " not registered";
   } else {
     child_vec.reserve(stream_info->children.size());
     for (StreamInfo* child : stream_info->children) {
@@ -390,19 +349,26 @@ std::vector<StreamIdType> Http2PriorityWriteScheduler<
 }
 
 template <typename StreamIdType>
-void Http2PriorityWriteScheduler<StreamIdType>::SetStreamWeight(
+void Http2PriorityWriteScheduler<StreamIdType>::UpdateStreamPriority(
+    StreamIdType stream_id,
+    SpdyPriority priority) {
+  UpdateStreamWeight(stream_id, SpdyPriorityToHttp2Weight(priority));
+}
+
+template <typename StreamIdType>
+void Http2PriorityWriteScheduler<StreamIdType>::UpdateStreamWeight(
     StreamIdType stream_id,
     int weight) {
   if (stream_id == kHttp2RootStreamId) {
-    LOG(DFATAL) << "Cannot set weight of root stream";
+    SPDY_BUG << "Cannot set weight of root stream";
     return;
   }
   StreamInfo* stream_info = FindStream(stream_id);
   if (stream_info == nullptr) {
-    LOG(DFATAL) << "Stream " << stream_id << " not registered";
+    SPDY_BUG << "Stream " << stream_id << " not registered";
     return;
   }
-  weight = ClampWeight(weight);
+  weight = ClampHttp2Weight(weight);
   if (weight == stream_info->weight) {
     return;
   }
@@ -416,26 +382,26 @@ void Http2PriorityWriteScheduler<StreamIdType>::SetStreamWeight(
 }
 
 template <typename StreamIdType>
-void Http2PriorityWriteScheduler<StreamIdType>::SetStreamParent(
+void Http2PriorityWriteScheduler<StreamIdType>::UpdateStreamParent(
     StreamIdType stream_id,
     StreamIdType parent_id,
     bool exclusive) {
   if (stream_id == kHttp2RootStreamId) {
-    LOG(DFATAL) << "Cannot set parent of root stream";
+    SPDY_BUG << "Cannot set parent of root stream";
     return;
   }
   if (stream_id == parent_id) {
-    LOG(DFATAL) << "Cannot set stream to be its own parent";
+    SPDY_BUG << "Cannot set stream to be its own parent";
     return;
   }
   StreamInfo* stream_info = FindStream(stream_id);
   if (stream_info == nullptr) {
-    LOG(DFATAL) << "Stream " << stream_id << " not registered";
+    SPDY_BUG << "Stream " << stream_id << " not registered";
     return;
   }
   StreamInfo* new_parent = FindStream(parent_id);
   if (new_parent == nullptr) {
-    LOG(DFATAL) << "Parent stream " << parent_id << " not registered";
+    SPDY_BUG << "Parent stream " << parent_id << " not registered";
     return;
   }
 
@@ -458,7 +424,7 @@ void Http2PriorityWriteScheduler<StreamIdType>::SetStreamParent(
 
   if (cycle_exists) {
     // The new parent moves to the level of the current stream.
-    SetStreamParent(parent_id, stream_info->parent->id, false);
+    UpdateStreamParent(parent_id, stream_info->parent->id, false);
   }
 
   // Remove stream from old parent's child list.
@@ -487,37 +453,112 @@ void Http2PriorityWriteScheduler<StreamIdType>::SetStreamParent(
 }
 
 template <typename StreamIdType>
-void Http2PriorityWriteScheduler<StreamIdType>::MarkStreamBlocked(
+void Http2PriorityWriteScheduler<StreamIdType>::RecordStreamEventTime(
     StreamIdType stream_id,
-    bool blocked) {
+    int64_t now_in_usec) {
   if (stream_id == kHttp2RootStreamId) {
-    LOG(DFATAL) << "Cannot mark root stream blocked or unblocked";
+    SPDY_BUG << "Cannot record event time for root stream";
     return;
   }
   StreamInfo* stream_info = FindStream(stream_id);
   if (stream_info == nullptr) {
-    LOG(DFATAL) << "Stream " << stream_id << " not registered";
+    SPDY_BUG << "Stream " << stream_id << " not registered";
     return;
   }
-  stream_info->blocked = blocked;
-  UpdateScheduling(stream_info);
+  stream_info->last_event_time_usec = now_in_usec;
+}
+
+// O(n) in the number of streams, which isn't great. However, this method will
+// soon be superseded by
+// Http2WeightedWriteScheduler::GetLatestEventWithPrecedence(), for which an
+// efficient implementation is straightforward. Also, this method is only
+// called when calculating idle timeouts, so performance isn't key.
+template <typename StreamIdType>
+int64_t Http2PriorityWriteScheduler<StreamIdType>::GetLatestEventWithPrecedence(
+    StreamIdType stream_id) const {
+  if (stream_id == kHttp2RootStreamId) {
+    SPDY_BUG << "Invalid argument: root stream";
+    return 0;
+  }
+  const StreamInfo* stream_info = FindStream(stream_id);
+  if (stream_info == nullptr) {
+    SPDY_BUG << "Stream " << stream_id << " not registered";
+    return 0;
+  }
+  int64_t last_event_time_usec = 0;
+  for (const auto& kv : all_stream_infos_) {
+    const StreamInfo& other = *kv.second;
+    if (other.priority > stream_info->priority) {
+      last_event_time_usec =
+          std::max(last_event_time_usec, other.last_event_time_usec);
+    }
+  }
+  return last_event_time_usec;
+}
+
+// Worst-case time complexity of O(n*d), where n is scheduling queue length and
+// d is tree depth. In practice, should be much shorter, since loop terminates
+// at first writable stream or |stream_id| (whichever is first).
+template <typename StreamIdType>
+bool Http2PriorityWriteScheduler<StreamIdType>::ShouldYield(
+    StreamIdType stream_id) const {
+  if (stream_id == kHttp2RootStreamId) {
+    SPDY_BUG << "Invalid argument: root stream";
+    return false;
+  }
+  const StreamInfo* stream_info = FindStream(stream_id);
+  if (stream_info == nullptr) {
+    SPDY_BUG << "Stream " << stream_id << " not registered";
+    return false;
+  }
+  for (base::LinkNode<StreamInfo>* s = scheduling_queue_.head();
+       s != scheduling_queue_.end(); s = s->next()) {
+    if (stream_info == s->value()) {
+      return false;
+    }
+    if (!HasReadyAncestor(*s->value())) {
+      return true;
+    }
+  }
+  return false;
 }
 
 template <typename StreamIdType>
 void Http2PriorityWriteScheduler<StreamIdType>::MarkStreamReady(
     StreamIdType stream_id,
-    bool ready) {
+    bool add_to_front) {
+  if (stream_id == kHttp2RootStreamId) {
+    SPDY_BUG << "Cannot mark root stream ready";
+    return;
+  }
+  StreamInfo* stream_info = FindStream(stream_id);
+  if (stream_info == nullptr) {
+    SPDY_BUG << "Stream " << stream_id << " not registered";
+    return;
+  }
+  if (stream_info->ready) {
+    return;
+  }
+  stream_info->ordinal = add_to_front ? head_ordinal_-- : tail_ordinal_++;
+  Schedule(stream_info);
+}
+
+template <typename StreamIdType>
+void Http2PriorityWriteScheduler<StreamIdType>::MarkStreamNotReady(
+    StreamIdType stream_id) {
   if (stream_id == kHttp2RootStreamId) {
-    LOG(DFATAL) << "Cannot mark root stream ready or unready";
+    SPDY_BUG << "Cannot mark root stream unready";
     return;
   }
   StreamInfo* stream_info = FindStream(stream_id);
   if (stream_info == nullptr) {
-    LOG(DFATAL) << "Stream " << stream_id << " not registered";
+    SPDY_BUG << "Stream " << stream_id << " not registered";
+    return;
+  }
+  if (!stream_info->ready) {
     return;
   }
-  stream_info->ready = ready;
-  UpdateScheduling(stream_info);
+  Unschedule(stream_info);
 }
 
 template <typename StreamIdType>
@@ -535,24 +576,11 @@ bool Http2PriorityWriteScheduler<StreamIdType>::Remove(
 }
 
 template <typename StreamIdType>
-int Http2PriorityWriteScheduler<StreamIdType>::ClampWeight(int weight) {
-  if (weight < kHttp2MinStreamWeight) {
-    LOG(DFATAL) << "Invalid weight: " << weight;
-    return kHttp2MinStreamWeight;
-  }
-  if (weight > kHttp2MaxStreamWeight) {
-    LOG(DFATAL) << "Invalid weight: " << weight;
-    return kHttp2MaxStreamWeight;
-  }
-  return weight;
-}
-
-template <typename StreamIdType>
-bool Http2PriorityWriteScheduler<StreamIdType>::HasScheduledAncestor(
+bool Http2PriorityWriteScheduler<StreamIdType>::HasReadyAncestor(
     const StreamInfo& stream_info) {
   for (const StreamInfo* parent = stream_info.parent; parent != nullptr;
        parent = parent->parent) {
-    if (parent->scheduled) {
+    if (parent->ready) {
       return true;
     }
   }
@@ -581,7 +609,7 @@ void Http2PriorityWriteScheduler<StreamIdType>::UpdatePrioritiesUnder(
     child->priority = stream_info->priority *
                       (static_cast<float>(child->weight) /
                        static_cast<float>(stream_info->total_child_weights));
-    if (child->scheduled) {
+    if (child->ready) {
       // Reposition in scheduling_queue_. Use post-order for scheduling, to
       // benefit from the fact that children have priority <= parent priority.
       Unschedule(child);
@@ -594,42 +622,27 @@ void Http2PriorityWriteScheduler<StreamIdType>::UpdatePrioritiesUnder(
 }
 
 template <typename StreamIdType>
-void Http2PriorityWriteScheduler<StreamIdType>::UpdateScheduling(
-    StreamInfo* stream_info) {
-  if (stream_info->IsSchedulable() != stream_info->scheduled) {
-    if (stream_info->scheduled) {
-      Unschedule(stream_info);
-    } else {
-      stream_info->ordinal = next_ordinal_++;
-      Schedule(stream_info);
-    }
-  }
-}
-
-template <typename StreamIdType>
 void Http2PriorityWriteScheduler<StreamIdType>::Schedule(
     StreamInfo* stream_info) {
-  DCHECK(!stream_info->scheduled);
+  DCHECK(!stream_info->ready);
   for (base::LinkNode<StreamInfo>* s = scheduling_queue_.head();
        s != scheduling_queue_.end(); s = s->next()) {
     if (stream_info->SchedulesBefore(*s->value())) {
       stream_info->InsertBefore(s);
-      stream_info->scheduled = true;
-      break;
+      stream_info->ready = true;
+      return;
     }
   }
-  if (!stream_info->scheduled) {
-    stream_info->InsertAfter(scheduling_queue_.tail());
-    stream_info->scheduled = true;
-  }
+  stream_info->InsertAfter(scheduling_queue_.tail());
+  stream_info->ready = true;
 }
 
 template <typename StreamIdType>
 void Http2PriorityWriteScheduler<StreamIdType>::Unschedule(
     StreamInfo* stream_info) {
-  DCHECK(stream_info->scheduled);
+  DCHECK(stream_info->ready);
   stream_info->RemoveFromList();
-  stream_info->scheduled = false;
+  stream_info->ready = false;
 }
 
 template <typename StreamIdType>
@@ -638,11 +651,11 @@ bool Http2PriorityWriteScheduler<StreamIdType>::StreamHasChild(
     StreamIdType child_id) const {
   const StreamInfo* parent = FindStream(parent_id);
   if (parent == nullptr) {
-    LOG(DFATAL) << "Parent stream " << parent_id << " not registered";
+    SPDY_BUG << "Parent stream " << parent_id << " not registered";
     return false;
   }
   if (!StreamRegistered(child_id)) {
-    LOG(DFATAL) << "Child stream " << child_id << " not registered";
+    SPDY_BUG << "Child stream " << child_id << " not registered";
     return false;
   }
   auto found = std::find_if(parent->children.begin(), parent->children.end(),
@@ -653,29 +666,34 @@ bool Http2PriorityWriteScheduler<StreamIdType>::StreamHasChild(
 }
 
 template <typename StreamIdType>
-bool Http2PriorityWriteScheduler<StreamIdType>::HasUsableStreams() const {
-  // Even though not every stream in scheduling queue is guaranteed to be
-  // usable (since children are occluded by parents), the presence of any
-  // streams guarantees at least one is usable.
+bool Http2PriorityWriteScheduler<StreamIdType>::HasReadyStreams() const {
   return !scheduling_queue_.empty();
 }
 
 template <typename StreamIdType>
-StreamIdType Http2PriorityWriteScheduler<StreamIdType>::PopNextUsableStream() {
+StreamIdType Http2PriorityWriteScheduler<StreamIdType>::PopNextReadyStream() {
   for (base::LinkNode<StreamInfo>* s = scheduling_queue_.head();
        s != scheduling_queue_.end(); s = s->next()) {
     StreamInfo* stream_info = s->value();
-    if (!HasScheduledAncestor(*stream_info)) {
-      stream_info->ready = false;
+    if (!HasReadyAncestor(*stream_info)) {
       Unschedule(stream_info);
       return stream_info->id;
     }
   }
-  LOG(DFATAL) << "No usable streams";
+  SPDY_BUG << "No ready streams";
   return kHttp2RootStreamId;
 }
 
 template <typename StreamIdType>
+size_t Http2PriorityWriteScheduler<StreamIdType>::NumReadyStreams() const {
+  base::LinkNode<StreamInfo>* node = scheduling_queue_.head();
+  size_t size = 0;
+  while (node != scheduling_queue_.end())
+    ++size;
+  return size;
+}
+
+template <typename StreamIdType>
 bool Http2PriorityWriteScheduler<StreamIdType>::ValidateInvariantsForTests()
     const {
   int total_streams = 0;
diff --git a/chromium/net/spdy/http2_write_scheduler_test.cc b/chromium/net/spdy/http2_write_scheduler_test.cc
index f581d353263..194bd163246 100644
--- a/chromium/net/spdy/http2_write_scheduler_test.cc
+++ b/chromium/net/spdy/http2_write_scheduler_test.cc
@@ -4,6 +4,7 @@
 
 #include "net/spdy/http2_write_scheduler.h"
 
+#include "net/spdy/spdy_test_utils.h"
 #include "net/test/gtest_util.h"
 #include "testing/gmock/include/gmock/gmock.h"
 #include "testing/gtest/include/gtest/gtest.h"
@@ -62,8 +63,8 @@ TEST_F(Http2PriorityWriteSchedulerTest, RegisterAndUnregisterStreams) {
 
   scheduler_.RegisterStream(5, 0, 50, false);
   // Should not be able to add a stream with an id that already exists.
-  EXPECT_DFATAL(scheduler_.RegisterStream(5, 1, 50, false),
-                "Stream 5 already registered");
+  EXPECT_SPDY_BUG(scheduler_.RegisterStream(5, 1, 50, false),
+                  "Stream 5 already registered");
   EXPECT_EQ(3, scheduler_.num_streams());
   EXPECT_TRUE(scheduler_.StreamRegistered(1));
   ASSERT_TRUE(scheduler_.StreamRegistered(5));
@@ -80,7 +81,7 @@ TEST_F(Http2PriorityWriteSchedulerTest, RegisterAndUnregisterStreams) {
 
   scheduler_.UnregisterStream(5);
   // Cannot remove a stream that has already been removed.
-  EXPECT_DFATAL(scheduler_.UnregisterStream(5), "Stream 5 not registered");
+  EXPECT_SPDY_BUG(scheduler_.UnregisterStream(5), "Stream 5 not registered");
   EXPECT_EQ(3, scheduler_.num_streams());
   EXPECT_TRUE(scheduler_.StreamRegistered(1));
   EXPECT_FALSE(scheduler_.StreamRegistered(5));
@@ -88,77 +89,108 @@ TEST_F(Http2PriorityWriteSchedulerTest, RegisterAndUnregisterStreams) {
   EXPECT_EQ(kHttp2RootStreamId, scheduler_.GetStreamParent(13));
 
   // The parent stream 19 doesn't exist, so this should use 0 as parent stream:
-  EXPECT_DFATAL(scheduler_.RegisterStream(7, 19, 70, false),
-                "Parent stream 19 not registered");
+  EXPECT_SPDY_BUG(scheduler_.RegisterStream(7, 19, 70, false),
+                  "Parent stream 19 not registered");
   EXPECT_TRUE(scheduler_.StreamRegistered(7));
   EXPECT_EQ(0u, scheduler_.GetStreamParent(7));
   // Now stream 7 already exists, so this should fail:
-  EXPECT_DFATAL(scheduler_.RegisterStream(7, 1, 70, false),
-                "Stream 7 already registered");
+  EXPECT_SPDY_BUG(scheduler_.RegisterStream(7, 1, 70, false),
+                  "Stream 7 already registered");
   // Try adding a second child to stream 13:
   scheduler_.RegisterStream(17, 13, 170, false);
 
   // TODO(birenroy): Add a separate test that verifies weight invariants when
-  // SetStreamWeight is called.
-  scheduler_.SetStreamWeight(17, 150);
+  // UpdateStreamWeight is called.
+  scheduler_.UpdateStreamWeight(17, 150);
   EXPECT_EQ(150, scheduler_.GetStreamWeight(17));
 
   ASSERT_TRUE(peer_.ValidateInvariants());
 }
 
+TEST_F(Http2PriorityWriteSchedulerTest, RegisterStream) {
+  EXPECT_FALSE(scheduler_.StreamRegistered(1));
+  scheduler_.RegisterStream(1, 3);
+  EXPECT_EQ(0u, scheduler_.NumReadyStreams());
+  EXPECT_TRUE(scheduler_.StreamRegistered(1));
+  EXPECT_EQ(3, scheduler_.GetStreamPriority(1));
+  EXPECT_EQ(SpdyPriorityToHttp2Weight(3), scheduler_.GetStreamWeight(1));
+  EXPECT_EQ(kHttp2RootStreamId, scheduler_.GetStreamParent(1));
+  EXPECT_THAT(scheduler_.GetStreamChildren(1), IsEmpty());
+
+  EXPECT_SPDY_BUG(scheduler_.RegisterStream(1, 4),
+                  "Stream 1 already registered");
+  EXPECT_EQ(3, scheduler_.GetStreamPriority(1));
+}
+
 TEST_F(Http2PriorityWriteSchedulerTest, GetStreamWeight) {
-  EXPECT_DFATAL(EXPECT_EQ(kHttp2MinStreamWeight, scheduler_.GetStreamWeight(3)),
-                "Stream 3 not registered");
+  EXPECT_SPDY_BUG(
+      EXPECT_EQ(kHttp2MinStreamWeight, scheduler_.GetStreamWeight(3)),
+      "Stream 3 not registered");
   scheduler_.RegisterStream(3, 0, 130, true);
   EXPECT_EQ(130, scheduler_.GetStreamWeight(3));
-  scheduler_.SetStreamWeight(3, 50);
+  scheduler_.UpdateStreamWeight(3, 50);
   EXPECT_EQ(50, scheduler_.GetStreamWeight(3));
   scheduler_.UnregisterStream(3);
-  EXPECT_DFATAL(EXPECT_EQ(kHttp2MinStreamWeight, scheduler_.GetStreamWeight(3)),
-                "Stream 3 not registered");
+  EXPECT_SPDY_BUG(
+      EXPECT_EQ(kHttp2MinStreamWeight, scheduler_.GetStreamWeight(3)),
+      "Stream 3 not registered");
+}
+
+TEST_F(Http2PriorityWriteSchedulerTest, GetStreamPriority) {
+  EXPECT_SPDY_BUG(EXPECT_EQ(kV3LowestPriority, scheduler_.GetStreamPriority(3)),
+                  "Stream 3 not registered");
+  scheduler_.RegisterStream(3, 0, 130, true);
+  EXPECT_EQ(Http2WeightToSpdyPriority(130), scheduler_.GetStreamPriority(3));
+  scheduler_.UpdateStreamWeight(3, 50);
+  EXPECT_EQ(Http2WeightToSpdyPriority(50), scheduler_.GetStreamPriority(3));
+  scheduler_.UnregisterStream(3);
+  EXPECT_SPDY_BUG(EXPECT_EQ(kV3LowestPriority, scheduler_.GetStreamPriority(3)),
+                  "Stream 3 not registered");
 }
 
 TEST_F(Http2PriorityWriteSchedulerTest, GetStreamParent) {
-  EXPECT_DFATAL(EXPECT_EQ(kHttp2RootStreamId, scheduler_.GetStreamParent(3)),
-                "Stream 3 not registered");
+  EXPECT_SPDY_BUG(EXPECT_EQ(kHttp2RootStreamId, scheduler_.GetStreamParent(3)),
+                  "Stream 3 not registered");
   scheduler_.RegisterStream(2, 0, 20, false);
   scheduler_.RegisterStream(3, 2, 30, false);
   EXPECT_EQ(2u, scheduler_.GetStreamParent(3));
   scheduler_.UnregisterStream(3);
-  EXPECT_DFATAL(EXPECT_EQ(kHttp2RootStreamId, scheduler_.GetStreamParent(3)),
-                "Stream 3 not registered");
+  EXPECT_SPDY_BUG(EXPECT_EQ(kHttp2RootStreamId, scheduler_.GetStreamParent(3)),
+                  "Stream 3 not registered");
 }
 
 TEST_F(Http2PriorityWriteSchedulerTest, GetStreamChildren) {
-  EXPECT_DFATAL(EXPECT_THAT(scheduler_.GetStreamChildren(7), IsEmpty()),
-                "Stream 7 not registered");
+  EXPECT_SPDY_BUG(EXPECT_THAT(scheduler_.GetStreamChildren(7), IsEmpty()),
+                  "Stream 7 not registered");
   scheduler_.RegisterStream(7, 0, 70, false);
   EXPECT_THAT(scheduler_.GetStreamChildren(7), IsEmpty());
   scheduler_.RegisterStream(9, 7, 90, false);
   scheduler_.RegisterStream(15, 7, 150, false);
   EXPECT_THAT(scheduler_.GetStreamChildren(7), UnorderedElementsAre(9, 15));
   scheduler_.UnregisterStream(7);
-  EXPECT_DFATAL(EXPECT_THAT(scheduler_.GetStreamChildren(7), IsEmpty()),
-                "Stream 7 not registered");
+  EXPECT_SPDY_BUG(EXPECT_THAT(scheduler_.GetStreamChildren(7), IsEmpty()),
+                  "Stream 7 not registered");
 }
 
-TEST_F(Http2PriorityWriteSchedulerTest, SetStreamWeight) {
-  EXPECT_DFATAL(scheduler_.SetStreamWeight(0, 10),
-                "Cannot set weight of root stream");
-  EXPECT_DFATAL(scheduler_.SetStreamWeight(3, 10), "Stream 3 not registered");
+TEST_F(Http2PriorityWriteSchedulerTest, UpdateStreamWeight) {
+  EXPECT_SPDY_BUG(scheduler_.UpdateStreamWeight(0, 10),
+                  "Cannot set weight of root stream");
+  EXPECT_SPDY_BUG(scheduler_.UpdateStreamWeight(3, 10),
+                  "Stream 3 not registered");
   scheduler_.RegisterStream(3, 0, 10, false);
-  scheduler_.SetStreamWeight(3, 20);
+  scheduler_.UpdateStreamWeight(3, 20);
   EXPECT_EQ(20, scheduler_.GetStreamWeight(3));
-  EXPECT_DFATAL(scheduler_.SetStreamWeight(3, 500), "Invalid weight: 500");
+  EXPECT_SPDY_BUG(scheduler_.UpdateStreamWeight(3, 500), "Invalid weight: 500");
   EXPECT_EQ(kHttp2MaxStreamWeight, scheduler_.GetStreamWeight(3));
-  EXPECT_DFATAL(scheduler_.SetStreamWeight(3, 0), "Invalid weight: 0");
+  EXPECT_SPDY_BUG(scheduler_.UpdateStreamWeight(3, 0), "Invalid weight: 0");
   EXPECT_EQ(kHttp2MinStreamWeight, scheduler_.GetStreamWeight(3));
   scheduler_.UnregisterStream(3);
-  EXPECT_DFATAL(scheduler_.SetStreamWeight(3, 10), "Stream 3 not registered");
+  EXPECT_SPDY_BUG(scheduler_.UpdateStreamWeight(3, 10),
+                  "Stream 3 not registered");
 }
 
 // Basic case of reparenting a subtree.
-TEST_F(Http2PriorityWriteSchedulerTest, SetStreamParentBasicNonExclusive) {
+TEST_F(Http2PriorityWriteSchedulerTest, UpdateStreamParentBasicNonExclusive) {
   /* Tree:
         0
        / \
@@ -170,7 +202,7 @@ TEST_F(Http2PriorityWriteSchedulerTest, SetStreamParentBasicNonExclusive) {
   scheduler_.RegisterStream(2, 0, 100, false);
   scheduler_.RegisterStream(3, 1, 100, false);
   scheduler_.RegisterStream(4, 1, 100, false);
-  scheduler_.SetStreamParent(1, 2, false);
+  scheduler_.UpdateStreamParent(1, 2, false);
   EXPECT_THAT(scheduler_.GetStreamChildren(0), ElementsAre(2));
   EXPECT_THAT(scheduler_.GetStreamChildren(1), UnorderedElementsAre(3, 4));
   EXPECT_THAT(scheduler_.GetStreamChildren(2), ElementsAre(1));
@@ -181,7 +213,7 @@ TEST_F(Http2PriorityWriteSchedulerTest, SetStreamParentBasicNonExclusive) {
 
 // Basic case of reparenting a subtree.  Result here is the same as the
 // non-exclusive case.
-TEST_F(Http2PriorityWriteSchedulerTest, SetStreamParentBasicExclusive) {
+TEST_F(Http2PriorityWriteSchedulerTest, UpdateStreamParentBasicExclusive) {
   /* Tree:
         0
        / \
@@ -193,7 +225,7 @@ TEST_F(Http2PriorityWriteSchedulerTest, SetStreamParentBasicExclusive) {
   scheduler_.RegisterStream(2, 0, 100, false);
   scheduler_.RegisterStream(3, 1, 100, false);
   scheduler_.RegisterStream(4, 1, 100, false);
-  scheduler_.SetStreamParent(1, 2, true);
+  scheduler_.UpdateStreamParent(1, 2, true);
   EXPECT_THAT(scheduler_.GetStreamChildren(0), ElementsAre(2));
   EXPECT_THAT(scheduler_.GetStreamChildren(1), UnorderedElementsAre(3, 4));
   EXPECT_THAT(scheduler_.GetStreamChildren(2), ElementsAre(1));
@@ -204,16 +236,16 @@ TEST_F(Http2PriorityWriteSchedulerTest, SetStreamParentBasicExclusive) {
 
 // We can't set the parent of a nonexistent stream, or set the parent to a
 // nonexistent stream.
-TEST_F(Http2PriorityWriteSchedulerTest, SetStreamParentNonexistent) {
+TEST_F(Http2PriorityWriteSchedulerTest, UpdateStreamParentNonexistent) {
   scheduler_.RegisterStream(1, 0, 100, false);
   scheduler_.RegisterStream(2, 0, 100, false);
   for (bool exclusive : {true, false}) {
-    EXPECT_DFATAL(scheduler_.SetStreamParent(1, 3, exclusive),
-                  "Parent stream 3 not registered");
-    EXPECT_DFATAL(scheduler_.SetStreamParent(4, 2, exclusive),
-                  "Stream 4 not registered");
-    EXPECT_DFATAL(scheduler_.SetStreamParent(3, 4, exclusive),
-                  "Stream 3 not registered");
+    EXPECT_SPDY_BUG(scheduler_.UpdateStreamParent(1, 3, exclusive),
+                    "Parent stream 3 not registered");
+    EXPECT_SPDY_BUG(scheduler_.UpdateStreamParent(4, 2, exclusive),
+                    "Stream 4 not registered");
+    EXPECT_SPDY_BUG(scheduler_.UpdateStreamParent(3, 4, exclusive),
+                    "Stream 3 not registered");
     EXPECT_THAT(scheduler_.GetStreamChildren(0), UnorderedElementsAre(1, 2));
     EXPECT_THAT(scheduler_.GetStreamChildren(1), IsEmpty());
     EXPECT_THAT(scheduler_.GetStreamChildren(2), IsEmpty());
@@ -223,7 +255,7 @@ TEST_F(Http2PriorityWriteSchedulerTest, SetStreamParentNonexistent) {
 
 // We should be able to add multiple children to streams.
 TEST_F(Http2PriorityWriteSchedulerTest,
-       SetStreamParentMultipleChildrenNonExclusive) {
+       UpdateStreamParentMultipleChildrenNonExclusive) {
   /* Tree:
         0
        / \
@@ -236,7 +268,7 @@ TEST_F(Http2PriorityWriteSchedulerTest,
   scheduler_.RegisterStream(3, 1, 100, false);
   scheduler_.RegisterStream(4, 1, 100, false);
   scheduler_.RegisterStream(5, 2, 100, false);
-  scheduler_.SetStreamParent(2, 1, false);
+  scheduler_.UpdateStreamParent(2, 1, false);
   EXPECT_THAT(scheduler_.GetStreamChildren(0), ElementsAre(1));
   EXPECT_THAT(scheduler_.GetStreamChildren(1), UnorderedElementsAre(2, 3, 4));
   EXPECT_THAT(scheduler_.GetStreamChildren(2), ElementsAre(5));
@@ -247,7 +279,7 @@ TEST_F(Http2PriorityWriteSchedulerTest,
 }
 
 TEST_F(Http2PriorityWriteSchedulerTest,
-       SetStreamParentMultipleChildrenExclusive) {
+       UpdateStreamParentMultipleChildrenExclusive) {
   /* Tree:
         0
        / \
@@ -260,7 +292,7 @@ TEST_F(Http2PriorityWriteSchedulerTest,
   scheduler_.RegisterStream(3, 1, 100, false);
   scheduler_.RegisterStream(4, 1, 100, false);
   scheduler_.RegisterStream(5, 2, 100, false);
-  scheduler_.SetStreamParent(2, 1, true);
+  scheduler_.UpdateStreamParent(2, 1, true);
   EXPECT_THAT(scheduler_.GetStreamChildren(0), ElementsAre(1));
   EXPECT_THAT(scheduler_.GetStreamChildren(1), ElementsAre(2));
   EXPECT_THAT(scheduler_.GetStreamChildren(2), UnorderedElementsAre(3, 4, 5));
@@ -270,7 +302,7 @@ TEST_F(Http2PriorityWriteSchedulerTest,
   ASSERT_TRUE(peer_.ValidateInvariants());
 }
 
-TEST_F(Http2PriorityWriteSchedulerTest, SetStreamParentToChildNonExclusive) {
+TEST_F(Http2PriorityWriteSchedulerTest, UpdateStreamParentToChildNonExclusive) {
   /* Tree:
         0
         |
@@ -284,7 +316,7 @@ TEST_F(Http2PriorityWriteSchedulerTest, SetStreamParentToChildNonExclusive) {
   scheduler_.RegisterStream(2, 1, 100, false);
   scheduler_.RegisterStream(3, 1, 100, false);
   scheduler_.RegisterStream(4, 2, 100, false);
-  scheduler_.SetStreamParent(1, 2, false);
+  scheduler_.UpdateStreamParent(1, 2, false);
   EXPECT_THAT(scheduler_.GetStreamChildren(0), ElementsAre(2));
   EXPECT_THAT(scheduler_.GetStreamChildren(1), ElementsAre(3));
   EXPECT_THAT(scheduler_.GetStreamChildren(2), UnorderedElementsAre(1, 4));
@@ -293,7 +325,7 @@ TEST_F(Http2PriorityWriteSchedulerTest, SetStreamParentToChildNonExclusive) {
   ASSERT_TRUE(peer_.ValidateInvariants());
 }
 
-TEST_F(Http2PriorityWriteSchedulerTest, SetStreamParentToChildExclusive) {
+TEST_F(Http2PriorityWriteSchedulerTest, UpdateStreamParentToChildExclusive) {
   /* Tree:
         0
         |
@@ -307,7 +339,7 @@ TEST_F(Http2PriorityWriteSchedulerTest, SetStreamParentToChildExclusive) {
   scheduler_.RegisterStream(2, 1, 100, false);
   scheduler_.RegisterStream(3, 1, 100, false);
   scheduler_.RegisterStream(4, 2, 100, false);
-  scheduler_.SetStreamParent(1, 2, true);
+  scheduler_.UpdateStreamParent(1, 2, true);
   EXPECT_THAT(scheduler_.GetStreamChildren(0), ElementsAre(2));
   EXPECT_THAT(scheduler_.GetStreamChildren(1), UnorderedElementsAre(3, 4));
   EXPECT_THAT(scheduler_.GetStreamChildren(2), ElementsAre(1));
@@ -317,7 +349,7 @@ TEST_F(Http2PriorityWriteSchedulerTest, SetStreamParentToChildExclusive) {
 }
 
 TEST_F(Http2PriorityWriteSchedulerTest,
-       SetStreamParentToGrandchildNonExclusive) {
+       UpdateStreamParentToGrandchildNonExclusive) {
   /* Tree:
         0
         |
@@ -335,7 +367,7 @@ TEST_F(Http2PriorityWriteSchedulerTest,
   scheduler_.RegisterStream(4, 2, 100, false);
   scheduler_.RegisterStream(5, 2, 100, false);
   scheduler_.RegisterStream(6, 4, 100, false);
-  scheduler_.SetStreamParent(1, 4, false);
+  scheduler_.UpdateStreamParent(1, 4, false);
   EXPECT_THAT(scheduler_.GetStreamChildren(0), ElementsAre(4));
   EXPECT_THAT(scheduler_.GetStreamChildren(1), UnorderedElementsAre(2, 3));
   EXPECT_THAT(scheduler_.GetStreamChildren(2), ElementsAre(5));
@@ -346,7 +378,8 @@ TEST_F(Http2PriorityWriteSchedulerTest,
   ASSERT_TRUE(peer_.ValidateInvariants());
 }
 
-TEST_F(Http2PriorityWriteSchedulerTest, SetStreamParentToGrandchildExclusive) {
+TEST_F(Http2PriorityWriteSchedulerTest,
+       UpdateStreamParentToGrandchildExclusive) {
   /* Tree:
         0
         |
@@ -364,7 +397,7 @@ TEST_F(Http2PriorityWriteSchedulerTest, SetStreamParentToGrandchildExclusive) {
   scheduler_.RegisterStream(4, 2, 100, false);
   scheduler_.RegisterStream(5, 2, 100, false);
   scheduler_.RegisterStream(6, 4, 100, false);
-  scheduler_.SetStreamParent(1, 4, true);
+  scheduler_.UpdateStreamParent(1, 4, true);
   EXPECT_THAT(scheduler_.GetStreamChildren(0), ElementsAre(4));
   EXPECT_THAT(scheduler_.GetStreamChildren(1), UnorderedElementsAre(2, 3, 6));
   EXPECT_THAT(scheduler_.GetStreamChildren(2), ElementsAre(5));
@@ -375,12 +408,12 @@ TEST_F(Http2PriorityWriteSchedulerTest, SetStreamParentToGrandchildExclusive) {
   ASSERT_TRUE(peer_.ValidateInvariants());
 }
 
-TEST_F(Http2PriorityWriteSchedulerTest, SetStreamParentToParent) {
+TEST_F(Http2PriorityWriteSchedulerTest, UpdateStreamParentToParent) {
   scheduler_.RegisterStream(1, 0, 100, false);
   scheduler_.RegisterStream(2, 1, 100, false);
   scheduler_.RegisterStream(3, 1, 100, false);
   for (bool exclusive : {true, false}) {
-    scheduler_.SetStreamParent(2, 1, exclusive);
+    scheduler_.UpdateStreamParent(2, 1, exclusive);
     EXPECT_THAT(scheduler_.GetStreamChildren(0), ElementsAre(1));
     EXPECT_THAT(scheduler_.GetStreamChildren(1), UnorderedElementsAre(2, 3));
     EXPECT_THAT(scheduler_.GetStreamChildren(2), IsEmpty());
@@ -389,12 +422,12 @@ TEST_F(Http2PriorityWriteSchedulerTest, SetStreamParentToParent) {
   ASSERT_TRUE(peer_.ValidateInvariants());
 }
 
-TEST_F(Http2PriorityWriteSchedulerTest, SetStreamParentToSelf) {
+TEST_F(Http2PriorityWriteSchedulerTest, UpdateStreamParentToSelf) {
   scheduler_.RegisterStream(1, 0, 100, false);
-  EXPECT_DFATAL(scheduler_.SetStreamParent(1, 1, false),
-                "Cannot set stream to be its own parent");
-  EXPECT_DFATAL(scheduler_.SetStreamParent(1, 1, true),
-                "Cannot set stream to be its own parent");
+  EXPECT_SPDY_BUG(scheduler_.UpdateStreamParent(1, 1, false),
+                  "Cannot set stream to be its own parent");
+  EXPECT_SPDY_BUG(scheduler_.UpdateStreamParent(1, 1, true),
+                  "Cannot set stream to be its own parent");
   EXPECT_THAT(scheduler_.GetStreamChildren(0), ElementsAre(1));
   EXPECT_THAT(scheduler_.GetStreamChildren(1), IsEmpty());
   ASSERT_TRUE(peer_.ValidateInvariants());
@@ -404,10 +437,10 @@ TEST_F(Http2PriorityWriteSchedulerTest, StreamHasChild) {
   scheduler_.RegisterStream(1, 0, 10, false);
   scheduler_.RegisterStream(2, 1, 20, false);
   scheduler_.RegisterStream(3, 1, 30, false);
-  EXPECT_DFATAL(EXPECT_FALSE(scheduler_.StreamHasChild(4, 1)),
-                "Parent stream 4 not registered");
-  EXPECT_DFATAL(EXPECT_FALSE(scheduler_.StreamHasChild(3, 7)),
-                "Child stream 7 not registered");
+  EXPECT_SPDY_BUG(EXPECT_FALSE(scheduler_.StreamHasChild(4, 1)),
+                  "Parent stream 4 not registered");
+  EXPECT_SPDY_BUG(EXPECT_FALSE(scheduler_.StreamHasChild(3, 7)),
+                  "Child stream 7 not registered");
   EXPECT_FALSE(scheduler_.StreamHasChild(3, 1));
   EXPECT_TRUE(scheduler_.StreamHasChild(1, 3));
   EXPECT_TRUE(scheduler_.StreamHasChild(1, 2));
@@ -445,7 +478,7 @@ TEST_F(Http2PriorityWriteSchedulerTest, BlockAndUnblock) {
   scheduler_.RegisterStream(7, 0, 100, false);
   scheduler_.RegisterStream(13, 7, 100, true);
   scheduler_.RegisterStream(14, 7, 100, false);
-  scheduler_.SetStreamParent(7, 3, false);
+  scheduler_.UpdateStreamParent(7, 3, false);
   EXPECT_EQ(0u, scheduler_.GetStreamParent(1));
   EXPECT_EQ(0u, scheduler_.GetStreamParent(2));
   EXPECT_EQ(0u, scheduler_.GetStreamParent(3));
@@ -476,22 +509,18 @@ TEST_F(Http2PriorityWriteSchedulerTest, BlockAndUnblock) {
   ASSERT_TRUE(peer_.ValidateInvariants());
 }
 
-TEST_F(Http2PriorityWriteSchedulerTest, HasUsableStreams) {
-  EXPECT_FALSE(scheduler_.HasUsableStreams());
+TEST_F(Http2PriorityWriteSchedulerTest, HasReadyStreams) {
+  EXPECT_FALSE(scheduler_.HasReadyStreams());
   scheduler_.RegisterStream(1, 0, 10, false);
-  EXPECT_FALSE(scheduler_.HasUsableStreams());
-  scheduler_.MarkStreamReady(1, true);
-  EXPECT_TRUE(scheduler_.HasUsableStreams());
-  scheduler_.MarkStreamBlocked(1, true);
-  EXPECT_FALSE(scheduler_.HasUsableStreams());
+  EXPECT_FALSE(scheduler_.HasReadyStreams());
   scheduler_.MarkStreamReady(1, false);
-  EXPECT_FALSE(scheduler_.HasUsableStreams());
-  scheduler_.MarkStreamBlocked(1, false);
-  EXPECT_FALSE(scheduler_.HasUsableStreams());
+  EXPECT_TRUE(scheduler_.HasReadyStreams());
+  scheduler_.MarkStreamNotReady(1);
+  EXPECT_FALSE(scheduler_.HasReadyStreams());
   scheduler_.MarkStreamReady(1, true);
-  EXPECT_TRUE(scheduler_.HasUsableStreams());
+  EXPECT_TRUE(scheduler_.HasReadyStreams());
   scheduler_.UnregisterStream(1);
-  EXPECT_FALSE(scheduler_.HasUsableStreams());
+  EXPECT_FALSE(scheduler_.HasReadyStreams());
   ASSERT_TRUE(peer_.ValidateInvariants());
 }
 
@@ -529,7 +558,53 @@ TEST_F(Http2PriorityWriteSchedulerTest, CalculateRoundedWeights) {
   ASSERT_TRUE(peer_.ValidateInvariants());
 }
 
-class PopNextUsableStreamTest : public Http2PriorityWriteSchedulerTest {
+TEST_F(Http2PriorityWriteSchedulerTest, GetLatestEventWithPrecedence) {
+  EXPECT_SPDY_BUG(scheduler_.RecordStreamEventTime(3, 5),
+                  "Stream 3 not registered");
+  EXPECT_SPDY_BUG(EXPECT_EQ(0, scheduler_.GetLatestEventWithPrecedence(4)),
+                  "Stream 4 not registered");
+
+  for (int i = 1; i < 5; ++i) {
+    scheduler_.RegisterStream(i, 0, SpdyPriorityToHttp2Weight(i), false);
+  }
+  for (int i = 1; i < 5; ++i) {
+    EXPECT_EQ(0, scheduler_.GetLatestEventWithPrecedence(i));
+  }
+  for (int i = 1; i < 5; ++i) {
+    scheduler_.RecordStreamEventTime(i, i * 100);
+  }
+  for (int i = 1; i < 5; ++i) {
+    EXPECT_EQ((i - 1) * 100, scheduler_.GetLatestEventWithPrecedence(i));
+  }
+}
+
+// Add ready streams at front and back.
+TEST_F(Http2PriorityWriteSchedulerTest, MarkReadyFrontAndBack) {
+  scheduler_.RegisterStream(1, 0, 10, false);
+  scheduler_.RegisterStream(2, 0, 20, false);
+  scheduler_.RegisterStream(3, 0, 20, false);
+  scheduler_.RegisterStream(4, 0, 20, false);
+  scheduler_.RegisterStream(5, 0, 30, false);
+
+  for (int i = 1; i < 6; ++i) {
+    scheduler_.MarkStreamReady(i, false);
+  }
+  EXPECT_EQ(5u, scheduler_.PopNextReadyStream());
+  EXPECT_EQ(2u, scheduler_.PopNextReadyStream());
+  scheduler_.MarkStreamReady(2, false);
+  EXPECT_EQ(3u, scheduler_.PopNextReadyStream());
+  scheduler_.MarkStreamReady(3, false);
+  EXPECT_EQ(4u, scheduler_.PopNextReadyStream());
+  scheduler_.MarkStreamReady(4, false);
+  EXPECT_EQ(2u, scheduler_.PopNextReadyStream());
+  scheduler_.MarkStreamReady(2, true);
+  EXPECT_EQ(2u, scheduler_.PopNextReadyStream());
+  scheduler_.MarkStreamReady(5, false);
+  scheduler_.MarkStreamReady(2, true);
+  EXPECT_EQ(5u, scheduler_.PopNextReadyStream());
+}
+
+class PopNextReadyStreamTest : public Http2PriorityWriteSchedulerTest {
  protected:
   void SetUp() override {
     /* Create the tree.
@@ -554,7 +629,7 @@ class PopNextUsableStreamTest : public Http2PriorityWriteSchedulerTest {
 
     // Set all nodes ready to write.
     for (SpdyStreamId id = 1; id <= 8; ++id) {
-      scheduler_.MarkStreamReady(id, true);
+      scheduler_.MarkStreamReady(id, false);
     }
   }
 
@@ -564,8 +639,8 @@ class PopNextUsableStreamTest : public Http2PriorityWriteSchedulerTest {
     const int kNumCyclesToCheck = 2;
     for (int i = 0; i < kNumCyclesToCheck; i++) {
       for (SpdyStreamId expected_id : stream_ids) {
-        SpdyStreamId next_id = scheduler_.PopNextUsableStream();
-        scheduler_.MarkStreamReady(next_id, true);
+        SpdyStreamId next_id = scheduler_.PopNextReadyStream();
+        scheduler_.MarkStreamReady(next_id, false);
         if (next_id != expected_id) {
           return AssertionFailure() << "Pick " << count << ": expected stream "
                                     << expected_id << " instead of " << next_id;
@@ -581,39 +656,39 @@ class PopNextUsableStreamTest : public Http2PriorityWriteSchedulerTest {
 };
 
 // When all streams are schedulable, only top-level streams should be returned.
-TEST_F(PopNextUsableStreamTest, NoneBlocked) {
+TEST_F(PopNextReadyStreamTest, NoneBlocked) {
   EXPECT_TRUE(PopNextReturnsCycle({1, 2, 3}));
 }
 
 // When a parent stream is blocked, its children should be scheduled, if
 // priorities allow.
-TEST_F(PopNextUsableStreamTest, SingleStreamBlocked) {
-  scheduler_.MarkStreamReady(1, false);
+TEST_F(PopNextReadyStreamTest, SingleStreamBlocked) {
+  scheduler_.MarkStreamNotReady(1);
 
   // Round-robin only across 2 and 3, since children of 1 have lower priority.
   EXPECT_TRUE(PopNextReturnsCycle({2, 3}));
 
   // Make children of 1 have equal priority as 2 and 3, after which they should
   // be returned as well.
-  scheduler_.SetStreamWeight(1, 200);
+  scheduler_.UpdateStreamWeight(1, 200);
   EXPECT_TRUE(PopNextReturnsCycle({4, 5, 2, 3}));
 }
 
 // Block multiple levels of streams.
-TEST_F(PopNextUsableStreamTest, MultiLevelBlocked) {
+TEST_F(PopNextReadyStreamTest, MultiLevelBlocked) {
   for (SpdyStreamId stream_id : {1, 4, 5}) {
-    scheduler_.MarkStreamReady(stream_id, false);
+    scheduler_.MarkStreamNotReady(stream_id);
   }
   // Round-robin only across 2 and 3, since children of 1 have lower priority.
   EXPECT_TRUE(PopNextReturnsCycle({2, 3}));
 
   // Make 8 have equal priority as 2 and 3.
-  scheduler_.SetStreamWeight(1, 200);
+  scheduler_.UpdateStreamWeight(1, 200);
   EXPECT_TRUE(PopNextReturnsCycle({8, 2, 3}));
 }
 
 // A removed stream shouldn't be scheduled.
-TEST_F(PopNextUsableStreamTest, RemoveStream) {
+TEST_F(PopNextReadyStreamTest, RemoveStream) {
   scheduler_.UnregisterStream(1);
 
   // Round-robin only across 2 and 3, since previous children of 1 have lower
@@ -622,52 +697,52 @@ TEST_F(PopNextUsableStreamTest, RemoveStream) {
   EXPECT_TRUE(PopNextReturnsCycle({2, 3}));
 
   // Make previous children of 1 have equal priority as 2 and 3.
-  scheduler_.SetStreamWeight(4, 100);
-  scheduler_.SetStreamWeight(5, 100);
+  scheduler_.UpdateStreamWeight(4, 100);
+  scheduler_.UpdateStreamWeight(5, 100);
   EXPECT_TRUE(PopNextReturnsCycle({4, 5, 2, 3}));
 }
 
 // Block an entire subtree.
-TEST_F(PopNextUsableStreamTest, SubtreeBlocked) {
+TEST_F(PopNextReadyStreamTest, SubtreeBlocked) {
   for (SpdyStreamId stream_id : {1, 4, 5, 8}) {
-    scheduler_.MarkStreamReady(stream_id, false);
+    scheduler_.MarkStreamNotReady(stream_id);
   }
   EXPECT_TRUE(PopNextReturnsCycle({2, 3}));
 }
 
 // If all parent streams are blocked, children should be returned.
-TEST_F(PopNextUsableStreamTest, ParentsBlocked) {
+TEST_F(PopNextReadyStreamTest, ParentsBlocked) {
   for (SpdyStreamId stream_id : {1, 2, 3}) {
-    scheduler_.MarkStreamReady(stream_id, false);
+    scheduler_.MarkStreamNotReady(stream_id);
   }
   EXPECT_TRUE(PopNextReturnsCycle({4, 5, 6, 7}));
 }
 
 // Unblocking streams should make them schedulable.
-TEST_F(PopNextUsableStreamTest, BlockAndUnblock) {
+TEST_F(PopNextReadyStreamTest, BlockAndUnblock) {
   EXPECT_TRUE(PopNextReturnsCycle({1, 2, 3}));
-  scheduler_.MarkStreamReady(2, false);
+  scheduler_.MarkStreamNotReady(2);
   EXPECT_TRUE(PopNextReturnsCycle({1, 3}));
-  scheduler_.MarkStreamReady(2, true);
+  scheduler_.MarkStreamReady(2, false);
   // Cycle order permuted since 2 effectively appended at tail.
   EXPECT_TRUE(PopNextReturnsCycle({1, 3, 2}));
 }
 
 // Block nodes in multiple subtrees.
-TEST_F(PopNextUsableStreamTest, ScatteredBlocked) {
+TEST_F(PopNextReadyStreamTest, ScatteredBlocked) {
   for (SpdyStreamId stream_id : {1, 2, 6, 7}) {
-    scheduler_.MarkStreamReady(stream_id, false);
+    scheduler_.MarkStreamNotReady(stream_id);
   }
   // Only 3 returned, since of remaining streams it has highest priority.
   EXPECT_TRUE(PopNextReturnsCycle({3}));
 
   // Make children of 1 have priority equal to 3.
-  scheduler_.SetStreamWeight(1, 200);
+  scheduler_.UpdateStreamWeight(1, 200);
   EXPECT_TRUE(PopNextReturnsCycle({4, 5, 3}));
 
   // When 4 is blocked, its child 8 should take its place, since it has same
   // priority.
-  scheduler_.MarkStreamReady(4, false);
+  scheduler_.MarkStreamNotReady(4);
   EXPECT_TRUE(PopNextReturnsCycle({8, 5, 3}));
 }
 
diff --git a/chromium/net/spdy/mock_spdy_framer_visitor.h b/chromium/net/spdy/mock_spdy_framer_visitor.h
index d330c262b25..ac97a3dbb81 100644
--- a/chromium/net/spdy/mock_spdy_framer_visitor.h
+++ b/chromium/net/spdy/mock_spdy_framer_visitor.h
@@ -24,10 +24,8 @@ class MockSpdyFramerVisitor : public SpdyFramerVisitorInterface {
   MOCK_METHOD3(OnDataFrameHeader, void(SpdyStreamId stream_id,
                                        size_t length,
                                        bool fin));
-  MOCK_METHOD4(OnStreamFrameData, void(SpdyStreamId stream_id,
-                                       const char* data,
-                                       size_t len,
-                                       bool fin));
+  MOCK_METHOD3(OnStreamFrameData,
+               void(SpdyStreamId stream_id, const char* data, size_t len));
   MOCK_METHOD1(OnStreamEnd, void(SpdyStreamId stream_id));
   MOCK_METHOD2(OnStreamPadding, void(SpdyStreamId stream_id, size_t len));
   MOCK_METHOD1(OnHeaderFrameStart,
diff --git a/chromium/net/spdy/priority_write_scheduler.h b/chromium/net/spdy/priority_write_scheduler.h
index e1e144dd96c..80dd5c4fef0 100644
--- a/chromium/net/spdy/priority_write_scheduler.h
+++ b/chromium/net/spdy/priority_write_scheduler.h
@@ -6,91 +6,95 @@
 #define NET_SPDY_PRIORITY_WRITE_SCHEDULER_H_
 
 #include <stddef.h>
+#include <stdint.h>
 
 #include <algorithm>
 #include <deque>
 #include <unordered_map>
 #include <utility>
+#include <vector>
 
 #include "base/logging.h"
+#include "net/spdy/spdy_bug_tracker.h"
 #include "net/spdy/spdy_protocol.h"
+#include "net/spdy/write_scheduler.h"
 
 namespace net {
 
-// Class that manages the order in which streams are written using the SPDY
-// priority scheme described at:
+namespace test {
+template <typename StreamIdType>
+class PriorityWriteSchedulerPeer;
+}
+
+// WriteScheduler implementation that manages the order in which streams are
+// written using the SPDY priority scheme described at:
 // https://www.chromium.org/spdy/spdy-protocol/spdy-protocol-draft3-1#TOC-2.3.3-Stream-priority
 //
-// Callers must first register a stream with the PriorityWriteScheduler (by
-// calling RegisterStream(), which informs the PriorityWriteScheduler of the
-// stream's priority) before calling other methods referencing that stream,
-// which may implicitly use the stream's priority. When the stream is
-// eventually closed, the caller should unregister it from the
-// PriorityWriteScheduler (by calling UnregisterStream()), to free data
-// structures associated with it.
-//
-// Each stream can be in one of two states: ready or not ready (for writing).
-// Ready state is changed by calling the MarkStreamReady() and
-// MarkStreamNotReady() methods. Only streams in the ready state can be
-// returned by PopNextReadyStream(); when returned by that method, the stream's
-// state changes to not ready.
-//
-// Internally, PriorityWriteScheduler consists of 8 per-priority sublists, one
-// for each priority value.  The elements (if any) of each sublist are streams
-// that are ready to write and have that priority.
+// Internally, PriorityWriteScheduler consists of 8 PriorityInfo objects, one
+// for each priority value.  Each PriorityInfo contains a list of streams of
+// that priority that are ready to write, as well as a timestamp of the last
+// I/O event that occurred for a stream of that priority.
 template <typename StreamIdType>
-class PriorityWriteScheduler {
+class PriorityWriteScheduler : public WriteScheduler<StreamIdType> {
  public:
   // Creates scheduler with no streams.
   PriorityWriteScheduler() = default;
 
-  // Registers the given stream with the scheduler, which will now track its
-  // priority and ready state. If the stream was already registered, logs
-  // DFATAL and does nothing.
-  void RegisterStream(StreamIdType stream_id, SpdyPriority priority) {
-    priority = ClampPriority(priority);
+  void RegisterStream(StreamIdType stream_id,
+                      StreamIdType parent_id,
+                      int weight,
+                      bool exclusive) override {
+    // parent_id not used here, but may as well validate it
+    SPDY_BUG_IF(parent_id != kHttp2RootStreamId && !StreamRegistered(parent_id))
+        << "Stream " << parent_id << " not registered";
+    RegisterStream(stream_id, Http2WeightToSpdyPriority(weight));
+  }
+
+  void RegisterStream(StreamIdType stream_id, SpdyPriority priority) override {
+    if (stream_id == kHttp2RootStreamId) {
+      SPDY_BUG << "Stream " << kHttp2RootStreamId << " already registered";
+      return;
+    }
+    priority = ClampSpdyPriority(priority);
     StreamInfo stream_info = {priority, false};
     bool inserted =
         stream_infos_.insert(std::make_pair(stream_id, stream_info)).second;
-    if (!inserted) {
-      LOG(DFATAL) << "Stream " << stream_id << " already registered";
-    }
+    SPDY_BUG_IF(!inserted) << "Stream " << stream_id << " already registered";
   }
 
-  // Unregisters the given stream from the scheduler, which will no
-  // longer keep track of its priority and ready state. If the stream
-  // was not previously registered, logs DFATAL and does nothing.
-  void UnregisterStream(StreamIdType stream_id) {
+  void UnregisterStream(StreamIdType stream_id) override {
     auto it = stream_infos_.find(stream_id);
     if (it == stream_infos_.end()) {
-      LOG(DFATAL) << "Stream " << stream_id << " not registered";
+      SPDY_BUG << "Stream " << stream_id << " not registered";
       return;
     }
     StreamInfo& stream_info = it->second;
     if (stream_info.ready) {
-      bool erased = Erase(&ready_lists_[stream_info.priority], stream_id);
+      bool erased =
+          Erase(&priority_infos_[stream_info.priority].ready_list, stream_id);
       DCHECK(erased);
     }
     stream_infos_.erase(it);
   }
 
-  // Returns the priority value for the specified stream. If the stream is not
-  // registered, logs DFATAL and returns the lowest priority.
-  SpdyPriority GetStreamPriority(StreamIdType stream_id) const {
+  bool StreamRegistered(StreamIdType stream_id) const override {
+    return stream_infos_.find(stream_id) != stream_infos_.end();
+  }
+
+  SpdyPriority GetStreamPriority(StreamIdType stream_id) const override {
     auto it = stream_infos_.find(stream_id);
     if (it == stream_infos_.end()) {
-      LOG(DFATAL) << "Stream " << stream_id << " not registered";
+      SPDY_BUG << "Stream " << stream_id << " not registered";
       return kV3LowestPriority;
     }
     return it->second.priority;
   }
 
-  // Updates the priority of the given stream. If the stream is not registered,
-  // logs DFATAL and does nothing.
-  void UpdateStreamPriority(StreamIdType stream_id, SpdyPriority priority) {
+  void UpdateStreamPriority(StreamIdType stream_id,
+                            SpdyPriority priority) override {
     auto it = stream_infos_.find(stream_id);
     if (it == stream_infos_.end()) {
-      LOG(DFATAL) << "Stream " << stream_id << " not registered";
+      SPDY_BUG << "Stream " << stream_id << " not registered";
       return;
     }
     StreamInfo& stream_info = it->second;
@@ -98,56 +102,101 @@ class PriorityWriteScheduler {
       return;
     }
     if (stream_info.ready) {
-      bool erased = Erase(&ready_lists_[stream_info.priority], stream_id);
+      bool erased =
+          Erase(&priority_infos_[stream_info.priority].ready_list, stream_id);
       DCHECK(erased);
-      ready_lists_[priority].push_back(stream_id);
+      priority_infos_[priority].ready_list.push_back(stream_id);
     }
     stream_info.priority = priority;
   }
 
-  // If the scheduler has any ready streams, pops the next stream ID from the
-  // highest priority non-empty ready list and returns it, transitioning the
-  // stream from ready to not ready. If the scheduler doesn't have any ready
-  // streams, logs DFATAL and returns 0.
-  StreamIdType PopNextReadyStream() {
+  int GetStreamWeight(StreamIdType stream_id) const override {
+    return SpdyPriorityToHttp2Weight(GetStreamPriority(stream_id));
+  }
+
+  void UpdateStreamWeight(StreamIdType stream_id, int weight) override {
+    UpdateStreamPriority(stream_id, Http2WeightToSpdyPriority(weight));
+  }
+
+  StreamIdType GetStreamParent(StreamIdType stream_id) const override {
+    return kHttp2RootStreamId;
+  }
+
+  void UpdateStreamParent(StreamIdType stream_id,
+                          StreamIdType parent_id,
+                          bool exclusive) override {}
+
+  std::vector<StreamIdType> GetStreamChildren(
+      StreamIdType stream_id) const override {
+    return std::vector<StreamIdType>();
+  }
+
+  void RecordStreamEventTime(StreamIdType stream_id,
+                             int64_t now_in_usec) override {
+    auto it = stream_infos_.find(stream_id);
+    if (it == stream_infos_.end()) {
+      SPDY_BUG << "Stream " << stream_id << " not registered";
+      return;
+    }
+    PriorityInfo& priority_info = priority_infos_[it->second.priority];
+    priority_info.last_event_time_usec =
+        std::max(priority_info.last_event_time_usec, now_in_usec);
+  }
+
+  int64_t GetLatestEventWithPrecedence(StreamIdType stream_id) const override {
+    auto it = stream_infos_.find(stream_id);
+    if (it == stream_infos_.end()) {
+      SPDY_BUG << "Stream " << stream_id << " not registered";
+      return 0;
+    }
+    int64_t last_event_time_usec = 0;
+    const StreamInfo& stream_info = it->second;
+    for (SpdyPriority p = kV3HighestPriority; p < stream_info.priority; ++p) {
+      last_event_time_usec = std::max(last_event_time_usec,
+                                      priority_infos_[p].last_event_time_usec);
+    }
+    return last_event_time_usec;
+  }
+
+  StreamIdType PopNextReadyStream() override {
     StreamIdType stream_id = 0;
     for (SpdyPriority p = kV3HighestPriority; p <= kV3LowestPriority; ++p) {
-      StreamIdList& ready_list = ready_lists_[p];
+      StreamIdList& ready_list = priority_infos_[p].ready_list;
       if (!ready_list.empty()) {
         stream_id = ready_list.front();
         ready_list.pop_front();
 
         auto it = stream_infos_.find(stream_id);
         if (it == stream_infos_.end()) {
-          LOG(DFATAL) << "Missing StreamInfo for stream " << stream_id;
+          SPDY_BUG << "Missing StreamInfo for stream " << stream_id;
         } else {
           it->second.ready = false;
         }
         return stream_id;
       }
     }
-    LOG(DFATAL) << "No ready streams available";
+    SPDY_BUG << "No ready streams available";
     return stream_id;
   }
 
-  // Returns true if there's another stream of greater or equal priority ahead
-  // of |stream_id| in the queue.  This function can be called to see if
-  // |stream_id| should yield work to another stream.
-  bool ShouldYield(StreamIdType stream_id) const {
-    // If there's a higher priority stream, this stream should yield.
-    if (HasHigherPriorityReadyStream(stream_id)) {
-      return true;
-    }
-
+  bool ShouldYield(StreamIdType stream_id) const override {
     auto it = stream_infos_.find(stream_id);
     if (it == stream_infos_.end()) {
-      LOG(DFATAL) << "Stream " << stream_id << " not registered";
+      SPDY_BUG << "Stream " << stream_id << " not registered";
       return false;
     }
 
+    // If there's a higher priority stream, this stream should yield.
+    const StreamInfo& stream_info = it->second;
+    for (SpdyPriority p = kV3HighestPriority; p < stream_info.priority; ++p) {
+      if (!priority_infos_[p].ready_list.empty()) {
+        return true;
+      }
+    }
+
     // If this priority level is empty, or this stream is the next up, there's
     // no need to yield.
-    auto ready_list = ready_lists_[it->second.priority];
+    auto ready_list = priority_infos_[it->second.priority].ready_list;
     if (ready_list.empty() || ready_list.front() == stream_id) {
       return false;
     }
@@ -157,39 +206,17 @@ class PriorityWriteScheduler {
     return true;
   }
 
-  // Returns true if the scheduler has any ready streams with a higher priority
-  // than that of the specified stream. If the stream is not registered, logs
-  // DFATAL and returns false.
-  bool HasHigherPriorityReadyStream(StreamIdType stream_id) const {
+  void MarkStreamReady(StreamIdType stream_id, bool add_to_front) override {
     auto it = stream_infos_.find(stream_id);
     if (it == stream_infos_.end()) {
-      LOG(DFATAL) << "Stream " << stream_id << " not registered";
-      return false;
-    }
-    const StreamInfo& stream_info = it->second;
-    for (SpdyPriority p = kV3HighestPriority; p < stream_info.priority; ++p) {
-      if (!ready_lists_[p].empty()) {
-        return true;
-      }
-    }
-    return false;
-  }
-
-  // Marks the given stream as ready to write. If stream was already ready,
-  // does nothing. If stream was not registered, logs DFATAL and does
-  // nothing. If |add_to_front| is true, adds stream to the front of its
-  // per-priority ready list, otherwise adds it to the back.
-  void MarkStreamReady(StreamIdType stream_id, bool add_to_front) {
-    auto it = stream_infos_.find(stream_id);
-    if (it == stream_infos_.end()) {
-      LOG(DFATAL) << "Stream " << stream_id << " not registered";
+      SPDY_BUG << "Stream " << stream_id << " not registered";
       return;
     }
     StreamInfo& stream_info = it->second;
     if (stream_info.ready) {
       return;
     }
-    StreamIdList& ready_list = ready_lists_[stream_info.priority];
+    StreamIdList& ready_list = priority_infos_[stream_info.priority].ready_list;
     if (add_to_front) {
       ready_list.push_front(stream_id);
     } else {
@@ -198,28 +225,26 @@ class PriorityWriteScheduler {
     stream_info.ready = true;
   }
 
-  // Marks the given stream as not ready to write, removing it from the ready
-  // list for its priority. If stream was already not ready, does nothing. If
-  // stream was not registered, logs DFATAL and does nothing.
-  void MarkStreamNotReady(StreamIdType stream_id) {
+  void MarkStreamNotReady(StreamIdType stream_id) override {
     auto it = stream_infos_.find(stream_id);
     if (it == stream_infos_.end()) {
-      LOG(DFATAL) << "Stream " << stream_id << " not registered";
+      SPDY_BUG << "Stream " << stream_id << " not registered";
       return;
     }
     StreamInfo& stream_info = it->second;
     if (!stream_info.ready) {
       return;
     }
-    bool erased = Erase(&ready_lists_[stream_info.priority], stream_id);
+    bool erased =
+        Erase(&priority_infos_[stream_info.priority].ready_list, stream_id);
     DCHECK(erased);
     stream_info.ready = false;
   }
 
   // Returns true iff the number of ready streams is non-zero.
-  bool HasReadyStreams() const {
+  bool HasReadyStreams() const override {
     for (SpdyPriority i = kV3HighestPriority; i <= kV3LowestPriority; ++i) {
-      if (!ready_lists_[i].empty()) {
+      if (!priority_infos_[i].ready_list.empty()) {
         return true;
       }
     }
@@ -227,44 +252,36 @@ class PriorityWriteScheduler {
   }
 
   // Returns the number of ready streams.
-  size_t NumReadyStreams() const {
+  size_t NumReadyStreams() const override {
     size_t n = 0;
     for (SpdyPriority i = kV3HighestPriority; i <= kV3LowestPriority; ++i) {
-      n += ready_lists_[i].size();
+      n += priority_infos_[i].ready_list.size();
     }
     return n;
   }
 
-  // Returns the number of ready streams with the given priority.
-  size_t NumReadyStreams(SpdyPriority priority) const {
-    priority = ClampPriority(priority);
-    return ready_lists_[priority].size();
-  }
-
  private:
+  friend class test::PriorityWriteSchedulerPeer<StreamIdType>;
+
   // 0(1) size lookup, 0(1) insert at front or back.
   typedef std::deque<StreamIdType> StreamIdList;
 
   // State kept for all registered streams. All ready streams have ready = true
-  // and should be present in ready_lists_[priority].
+  // and should be present in priority_infos_[priority].ready_list.
   struct StreamInfo {
     SpdyPriority priority;
     bool ready;
   };
 
-  typedef std::unordered_map<StreamIdType, StreamInfo> StreamInfoMap;
+  // State kept for each priority level.
+  struct PriorityInfo {
+    // IDs of streams that are ready to write.
+    StreamIdList ready_list;
+    // Time of latest write event for stream of this priority, in microseconds.
+    int64_t last_event_time_usec = 0;
+  };
 
-  static SpdyPriority ClampPriority(SpdyPriority priority) {
-    if (priority < kV3HighestPriority) {
-      LOG(DFATAL) << "Invalid priority: " << static_cast<int>(priority);
-      return kV3HighestPriority;
-    }
-    if (priority > kV3LowestPriority) {
-      LOG(DFATAL) << "Invalid priority: " << static_cast<int>(priority);
-      return kV3LowestPriority;
-    }
-    return priority;
-  }
+  typedef std::unordered_map<StreamIdType, StreamInfo> StreamInfoMap;
 
   // Erases first occurrence (which should be the only one) of |stream_id| in
   // |ready_list|, returning true if found (and erased), or false otherwise.
@@ -277,8 +294,8 @@ class PriorityWriteScheduler {
     return true;
   }
 
-  // IDs of streams that are ready to write, grouped by priority.
-  StreamIdList ready_lists_[kV3LowestPriority + 1];
+  // Per-priority state, including ready lists.
+  PriorityInfo priority_infos_[kV3LowestPriority + 1];
   // StreamInfos for all registered streams.
   StreamInfoMap stream_infos_;
 };
diff --git a/chromium/net/spdy/priority_write_scheduler_test.cc b/chromium/net/spdy/priority_write_scheduler_test.cc
index 56f659d0d7d..dd7a01e3f8b 100644
--- a/chromium/net/spdy/priority_write_scheduler_test.cc
+++ b/chromium/net/spdy/priority_write_scheduler_test.cc
@@ -4,24 +4,53 @@
 
 #include "net/spdy/priority_write_scheduler.h"
 
+#include "net/spdy/spdy_protocol.h"
+#include "net/spdy/spdy_test_utils.h"
 #include "net/test/gtest_util.h"
 
 namespace net {
 namespace test {
+
+template <typename StreamIdType>
+class PriorityWriteSchedulerPeer {
+ public:
+  explicit PriorityWriteSchedulerPeer(
+      PriorityWriteScheduler<StreamIdType>* scheduler)
+      : scheduler_(scheduler) {}
+
+  size_t NumReadyStreams(SpdyPriority priority) const {
+    return scheduler_->priority_infos_[priority].ready_list.size();
+  }
+
+ private:
+  PriorityWriteScheduler<StreamIdType>* scheduler_;
+};
+
 namespace {
 
 class PriorityWriteSchedulerTest : public ::testing::Test {
  public:
-  PriorityWriteScheduler<int> scheduler_;
+  PriorityWriteSchedulerTest() : peer_(&scheduler_) {}
+
+  PriorityWriteScheduler<unsigned int> scheduler_;
+  PriorityWriteSchedulerPeer<unsigned int> peer_;
 };
 
 TEST_F(PriorityWriteSchedulerTest, RegisterUnregisterStreams) {
   EXPECT_FALSE(scheduler_.HasReadyStreams());
+  EXPECT_FALSE(scheduler_.StreamRegistered(1));
   scheduler_.RegisterStream(1, 1);
+  EXPECT_TRUE(scheduler_.StreamRegistered(1));
+
+  // Root stream counts as already registered.
+  EXPECT_SPDY_BUG(scheduler_.RegisterStream(kHttp2RootStreamId, 1),
+                  "Stream 0 already registered");
 
   // Try redundant registrations.
-  EXPECT_DFATAL(scheduler_.RegisterStream(1, 1), "Stream 1 already registered");
-  EXPECT_DFATAL(scheduler_.RegisterStream(1, 2), "Stream 1 already registered");
+  EXPECT_SPDY_BUG(scheduler_.RegisterStream(1, 1),
+                  "Stream 1 already registered");
+  EXPECT_SPDY_BUG(scheduler_.RegisterStream(1, 2),
+                  "Stream 1 already registered");
 
   scheduler_.RegisterStream(2, 3);
 
@@ -32,19 +61,38 @@ TEST_F(PriorityWriteSchedulerTest, RegisterUnregisterStreams) {
   scheduler_.UnregisterStream(2);
 
   // Try redundant unregistration.
-  EXPECT_DFATAL(scheduler_.UnregisterStream(1), "Stream 1 not registered");
-  EXPECT_DFATAL(scheduler_.UnregisterStream(2), "Stream 2 not registered");
+  EXPECT_SPDY_BUG(scheduler_.UnregisterStream(1), "Stream 1 not registered");
+  EXPECT_SPDY_BUG(scheduler_.UnregisterStream(2), "Stream 2 not registered");
+}
+
+TEST_F(PriorityWriteSchedulerTest, RegisterStream) {
+  EXPECT_FALSE(scheduler_.HasReadyStreams());
+  EXPECT_FALSE(scheduler_.StreamRegistered(1));
+  scheduler_.RegisterStream(1, kHttp2RootStreamId, 123, false);
+  EXPECT_TRUE(scheduler_.StreamRegistered(1));
+  EXPECT_EQ(Http2WeightToSpdyPriority(123), scheduler_.GetStreamPriority(1));
+  EXPECT_EQ(kHttp2RootStreamId, scheduler_.GetStreamParent(1));
+  EXPECT_FALSE(scheduler_.HasReadyStreams());
+
+  EXPECT_SPDY_BUG(scheduler_.RegisterStream(1, kHttp2RootStreamId, 456, false),
+                  "Stream 1 already registered");
+  EXPECT_EQ(Http2WeightToSpdyPriority(123), scheduler_.GetStreamPriority(1));
+
+  EXPECT_SPDY_BUG(scheduler_.RegisterStream(2, 3, 123, false),
+                  "Stream 3 not registered");
+  EXPECT_TRUE(scheduler_.StreamRegistered(2));
 }
 
 TEST_F(PriorityWriteSchedulerTest, GetStreamPriority) {
-  EXPECT_DFATAL(EXPECT_EQ(kV3LowestPriority, scheduler_.GetStreamPriority(1)),
-                "Stream 1 not registered");
+  EXPECT_SPDY_BUG(EXPECT_EQ(kV3LowestPriority, scheduler_.GetStreamPriority(1)),
+                  "Stream 1 not registered");
 
   scheduler_.RegisterStream(1, 3);
   EXPECT_EQ(3, scheduler_.GetStreamPriority(1));
 
   // Redundant registration shouldn't change stream priority.
-  EXPECT_DFATAL(scheduler_.RegisterStream(1, 4), "Stream 1 already registered");
+  EXPECT_SPDY_BUG(scheduler_.RegisterStream(1, 4),
+                  "Stream 1 already registered");
   EXPECT_EQ(3, scheduler_.GetStreamPriority(1));
 
   scheduler_.UpdateStreamPriority(1, 5);
@@ -55,28 +103,28 @@ TEST_F(PriorityWriteSchedulerTest, GetStreamPriority) {
   EXPECT_EQ(5, scheduler_.GetStreamPriority(1));
 
   // Test changing priority of ready stream.
-  EXPECT_EQ(1u, scheduler_.NumReadyStreams(5));
+  EXPECT_EQ(1u, peer_.NumReadyStreams(5));
   scheduler_.UpdateStreamPriority(1, 6);
   EXPECT_EQ(6, scheduler_.GetStreamPriority(1));
-  EXPECT_EQ(0u, scheduler_.NumReadyStreams(5));
-  EXPECT_EQ(1u, scheduler_.NumReadyStreams(6));
+  EXPECT_EQ(0u, peer_.NumReadyStreams(5));
+  EXPECT_EQ(1u, peer_.NumReadyStreams(6));
 
-  EXPECT_EQ(1, scheduler_.PopNextReadyStream());
+  EXPECT_EQ(1u, scheduler_.PopNextReadyStream());
   EXPECT_EQ(6, scheduler_.GetStreamPriority(1));
 
   scheduler_.UnregisterStream(1);
-  EXPECT_DFATAL(EXPECT_EQ(kV3LowestPriority, scheduler_.GetStreamPriority(1)),
-                "Stream 1 not registered");
+  EXPECT_SPDY_BUG(EXPECT_EQ(kV3LowestPriority, scheduler_.GetStreamPriority(1)),
+                  "Stream 1 not registered");
 }
 
 TEST_F(PriorityWriteSchedulerTest, UpdateStreamPriority) {
   // Updating priority of unregistered stream should have no effect.
-  EXPECT_DFATAL(EXPECT_EQ(kV3LowestPriority, scheduler_.GetStreamPriority(3)),
-                "Stream 3 not registered");
-  EXPECT_DFATAL(scheduler_.UpdateStreamPriority(3, 1),
-                "Stream 3 not registered");
-  EXPECT_DFATAL(EXPECT_EQ(kV3LowestPriority, scheduler_.GetStreamPriority(3)),
-                "Stream 3 not registered");
+  EXPECT_SPDY_BUG(EXPECT_EQ(kV3LowestPriority, scheduler_.GetStreamPriority(3)),
+                  "Stream 3 not registered");
+  EXPECT_SPDY_BUG(scheduler_.UpdateStreamPriority(3, 1),
+                  "Stream 3 not registered");
+  EXPECT_SPDY_BUG(EXPECT_EQ(kV3LowestPriority, scheduler_.GetStreamPriority(3)),
+                  "Stream 3 not registered");
 
   scheduler_.RegisterStream(3, 1);
   EXPECT_EQ(1, scheduler_.GetStreamPriority(3));
@@ -93,55 +141,61 @@ TEST_F(PriorityWriteSchedulerTest, UpdateStreamPriority) {
   scheduler_.RegisterStream(4, 1);
   scheduler_.MarkStreamReady(3, false);  // priority 2
   scheduler_.MarkStreamReady(4, false);  // priority 1
-  EXPECT_EQ(4, scheduler_.PopNextReadyStream());
-  EXPECT_EQ(3, scheduler_.PopNextReadyStream());
+  EXPECT_EQ(4u, scheduler_.PopNextReadyStream());
+  EXPECT_EQ(3u, scheduler_.PopNextReadyStream());
 
   // Verify that lowering priority of stream 4 causes it to be returned later
   // by PopNextReadyStream().
   scheduler_.MarkStreamReady(3, false);  // priority 2
   scheduler_.MarkStreamReady(4, false);  // priority 1
   scheduler_.UpdateStreamPriority(4, 3);
-  EXPECT_EQ(3, scheduler_.PopNextReadyStream());
-  EXPECT_EQ(4, scheduler_.PopNextReadyStream());
+  EXPECT_EQ(3u, scheduler_.PopNextReadyStream());
+  EXPECT_EQ(4u, scheduler_.PopNextReadyStream());
 
   scheduler_.UnregisterStream(3);
-  EXPECT_DFATAL(scheduler_.UpdateStreamPriority(3, 1),
-                "Stream 3 not registered");
+  EXPECT_SPDY_BUG(scheduler_.UpdateStreamPriority(3, 1),
+                  "Stream 3 not registered");
 }
 
-TEST_F(PriorityWriteSchedulerTest, HasHigherPriorityReadyStream) {
-  EXPECT_DFATAL(EXPECT_FALSE(scheduler_.HasHigherPriorityReadyStream(1)),
-                "Stream 1 not registered");
+TEST_F(PriorityWriteSchedulerTest, GetStreamWeight) {
+  EXPECT_SPDY_BUG(
+      EXPECT_EQ(kHttp2MinStreamWeight, scheduler_.GetStreamWeight(1)),
+      "Stream 1 not registered");
 
-  // Add ready streams of lower and equal priority.
-  scheduler_.RegisterStream(1, 4);
-  EXPECT_FALSE(scheduler_.HasHigherPriorityReadyStream(1));
-  scheduler_.RegisterStream(2, 5);
-  scheduler_.MarkStreamReady(2, false);
-  EXPECT_FALSE(scheduler_.HasHigherPriorityReadyStream(1));
-  scheduler_.RegisterStream(3, 4);
-  scheduler_.MarkStreamReady(3, false);
-  EXPECT_FALSE(scheduler_.HasHigherPriorityReadyStream(1));
+  scheduler_.RegisterStream(1, 3);
+  scheduler_.RegisterStream(2, 4);
+  EXPECT_EQ(SpdyPriorityToHttp2Weight(3), scheduler_.GetStreamWeight(1));
+  EXPECT_EQ(SpdyPriorityToHttp2Weight(4), scheduler_.GetStreamWeight(2));
 
-  // Verify that registration of a stream with higher priority isn't
-  // sufficient--it needs to be marked ready.
-  scheduler_.RegisterStream(4, 3);
-  EXPECT_FALSE(scheduler_.HasHigherPriorityReadyStream(1));
-  scheduler_.MarkStreamReady(4, false);
-  EXPECT_TRUE(scheduler_.HasHigherPriorityReadyStream(1));
+  scheduler_.UnregisterStream(1);
+  EXPECT_SPDY_BUG(
+      EXPECT_EQ(kHttp2MinStreamWeight, scheduler_.GetStreamWeight(1)),
+      "Stream 1 not registered");
+}
 
-  // Verify method is responsive to changes in priority.
-  scheduler_.UpdateStreamPriority(1, 2);
-  EXPECT_FALSE(scheduler_.HasHigherPriorityReadyStream(1));
+TEST_F(PriorityWriteSchedulerTest, UpdateStreamWeight) {
+  EXPECT_SPDY_BUG(scheduler_.UpdateStreamWeight(3, 100),
+                  "Stream 3 not registered");
+
+  scheduler_.RegisterStream(3, 3);
+  EXPECT_EQ(SpdyPriorityToHttp2Weight(3), scheduler_.GetStreamWeight(3));
+
+  scheduler_.UpdateStreamWeight(3, SpdyPriorityToHttp2Weight(4));
+  EXPECT_EQ(SpdyPriorityToHttp2Weight(4), scheduler_.GetStreamWeight(3));
+  EXPECT_EQ(4, scheduler_.GetStreamPriority(3));
+
+  scheduler_.UnregisterStream(3);
+  EXPECT_SPDY_BUG(scheduler_.UpdateStreamWeight(3, 100),
+                  "Stream 3 not registered");
 }
 
 TEST_F(PriorityWriteSchedulerTest, MarkStreamReadyBack) {
   EXPECT_FALSE(scheduler_.HasReadyStreams());
-  EXPECT_DFATAL(scheduler_.MarkStreamReady(1, false),
-                "Stream 1 not registered");
+  EXPECT_SPDY_BUG(scheduler_.MarkStreamReady(1, false),
+                  "Stream 1 not registered");
   EXPECT_FALSE(scheduler_.HasReadyStreams());
-  EXPECT_DFATAL(EXPECT_EQ(0, scheduler_.PopNextReadyStream()),
-                "No ready streams available");
+  EXPECT_SPDY_BUG(EXPECT_EQ(0u, scheduler_.PopNextReadyStream()),
+                  "No ready streams available");
 
   // Add a bunch of ready streams to tail of per-priority lists.
   // Expected order: (P2) 4, (P3) 1, 2, 3, (P5) 5.
@@ -157,21 +211,22 @@ TEST_F(PriorityWriteSchedulerTest, MarkStreamReadyBack) {
   scheduler_.RegisterStream(5, 5);
   scheduler_.MarkStreamReady(5, false);
 
-  EXPECT_EQ(4, scheduler_.PopNextReadyStream());
-  EXPECT_EQ(1, scheduler_.PopNextReadyStream());
-  EXPECT_EQ(2, scheduler_.PopNextReadyStream());
-  EXPECT_EQ(3, scheduler_.PopNextReadyStream());
-  EXPECT_EQ(5, scheduler_.PopNextReadyStream());
-  EXPECT_DFATAL(EXPECT_EQ(0, scheduler_.PopNextReadyStream()),
-                "No ready streams available");
+  EXPECT_EQ(4u, scheduler_.PopNextReadyStream());
+  EXPECT_EQ(1u, scheduler_.PopNextReadyStream());
+  EXPECT_EQ(2u, scheduler_.PopNextReadyStream());
+  EXPECT_EQ(3u, scheduler_.PopNextReadyStream());
+  EXPECT_EQ(5u, scheduler_.PopNextReadyStream());
+  EXPECT_SPDY_BUG(EXPECT_EQ(0u, scheduler_.PopNextReadyStream()),
+                  "No ready streams available");
 }
 
 TEST_F(PriorityWriteSchedulerTest, MarkStreamReadyFront) {
   EXPECT_FALSE(scheduler_.HasReadyStreams());
-  EXPECT_DFATAL(scheduler_.MarkStreamReady(1, true), "Stream 1 not registered");
+  EXPECT_SPDY_BUG(scheduler_.MarkStreamReady(1, true),
+                  "Stream 1 not registered");
   EXPECT_FALSE(scheduler_.HasReadyStreams());
-  EXPECT_DFATAL(EXPECT_EQ(0, scheduler_.PopNextReadyStream()),
-                "No ready streams available");
+  EXPECT_SPDY_BUG(EXPECT_EQ(0u, scheduler_.PopNextReadyStream()),
+                  "No ready streams available");
 
   // Add a bunch of ready streams to head of per-priority lists.
   // Expected order: (P2) 4, (P3) 3, 2, 1, (P5) 5
@@ -187,13 +242,13 @@ TEST_F(PriorityWriteSchedulerTest, MarkStreamReadyFront) {
   scheduler_.RegisterStream(5, 5);
   scheduler_.MarkStreamReady(5, true);
 
-  EXPECT_EQ(4, scheduler_.PopNextReadyStream());
-  EXPECT_EQ(3, scheduler_.PopNextReadyStream());
-  EXPECT_EQ(2, scheduler_.PopNextReadyStream());
-  EXPECT_EQ(1, scheduler_.PopNextReadyStream());
-  EXPECT_EQ(5, scheduler_.PopNextReadyStream());
-  EXPECT_DFATAL(EXPECT_EQ(0, scheduler_.PopNextReadyStream()),
-                "No ready streams available");
+  EXPECT_EQ(4u, scheduler_.PopNextReadyStream());
+  EXPECT_EQ(3u, scheduler_.PopNextReadyStream());
+  EXPECT_EQ(2u, scheduler_.PopNextReadyStream());
+  EXPECT_EQ(1u, scheduler_.PopNextReadyStream());
+  EXPECT_EQ(5u, scheduler_.PopNextReadyStream());
+  EXPECT_SPDY_BUG(EXPECT_EQ(0u, scheduler_.PopNextReadyStream()),
+                  "No ready streams available");
 }
 
 TEST_F(PriorityWriteSchedulerTest, MarkStreamReadyBackAndFront) {
@@ -214,14 +269,14 @@ TEST_F(PriorityWriteSchedulerTest, MarkStreamReadyBackAndFront) {
   scheduler_.MarkStreamReady(5, false);
   scheduler_.MarkStreamReady(6, true);
 
-  EXPECT_EQ(6, scheduler_.PopNextReadyStream());
-  EXPECT_EQ(4, scheduler_.PopNextReadyStream());
-  EXPECT_EQ(2, scheduler_.PopNextReadyStream());
-  EXPECT_EQ(3, scheduler_.PopNextReadyStream());
-  EXPECT_EQ(1, scheduler_.PopNextReadyStream());
-  EXPECT_EQ(5, scheduler_.PopNextReadyStream());
-  EXPECT_DFATAL(EXPECT_EQ(0, scheduler_.PopNextReadyStream()),
-                "No ready streams available");
+  EXPECT_EQ(6u, scheduler_.PopNextReadyStream());
+  EXPECT_EQ(4u, scheduler_.PopNextReadyStream());
+  EXPECT_EQ(2u, scheduler_.PopNextReadyStream());
+  EXPECT_EQ(3u, scheduler_.PopNextReadyStream());
+  EXPECT_EQ(1u, scheduler_.PopNextReadyStream());
+  EXPECT_EQ(5u, scheduler_.PopNextReadyStream());
+  EXPECT_SPDY_BUG(EXPECT_EQ(0u, scheduler_.PopNextReadyStream()),
+                  "No ready streams available");
 }
 
 TEST_F(PriorityWriteSchedulerTest, MarkStreamNotReady) {
@@ -234,15 +289,15 @@ TEST_F(PriorityWriteSchedulerTest, MarkStreamNotReady) {
   EXPECT_EQ(0u, scheduler_.NumReadyStreams());
 
   // Empty pop should fail.
-  EXPECT_DFATAL(EXPECT_EQ(0, scheduler_.PopNextReadyStream()),
-                "No ready streams available");
+  EXPECT_SPDY_BUG(EXPECT_EQ(0u, scheduler_.PopNextReadyStream()),
+                  "No ready streams available");
 
   // Tolerate redundant marking of a stream as not ready.
   scheduler_.MarkStreamNotReady(1);
   EXPECT_EQ(0u, scheduler_.NumReadyStreams());
 
   // Should only be able to mark registered streams.
-  EXPECT_DFATAL(scheduler_.MarkStreamNotReady(3), "Stream 3 not registered");
+  EXPECT_SPDY_BUG(scheduler_.MarkStreamNotReady(3), "Stream 3 not registered");
 }
 
 TEST_F(PriorityWriteSchedulerTest, UnregisterRemovesStream) {
@@ -253,8 +308,8 @@ TEST_F(PriorityWriteSchedulerTest, UnregisterRemovesStream) {
   // Unregistering a stream should remove it from set of ready streams.
   scheduler_.UnregisterStream(3);
   EXPECT_EQ(0u, scheduler_.NumReadyStreams());
-  EXPECT_DFATAL(EXPECT_EQ(0, scheduler_.PopNextReadyStream()),
-                "No ready streams available");
+  EXPECT_SPDY_BUG(EXPECT_EQ(0u, scheduler_.PopNextReadyStream()),
+                  "No ready streams available");
 }
 
 TEST_F(PriorityWriteSchedulerTest, ShouldYield) {
@@ -284,6 +339,26 @@ TEST_F(PriorityWriteSchedulerTest, ShouldYield) {
   EXPECT_TRUE(scheduler_.ShouldYield(5));
 }
 
+TEST_F(PriorityWriteSchedulerTest, GetLatestEventWithPrecedence) {
+  EXPECT_SPDY_BUG(scheduler_.RecordStreamEventTime(3, 5),
+                  "Stream 3 not registered");
+  EXPECT_SPDY_BUG(EXPECT_EQ(0, scheduler_.GetLatestEventWithPrecedence(4)),
+                  "Stream 4 not registered");
+
+  for (int i = 1; i < 5; ++i) {
+    scheduler_.RegisterStream(i, i);
+  }
+  for (int i = 1; i < 5; ++i) {
+    EXPECT_EQ(0, scheduler_.GetLatestEventWithPrecedence(i));
+  }
+  for (int i = 1; i < 5; ++i) {
+    scheduler_.RecordStreamEventTime(i, i * 100);
+  }
+  for (int i = 1; i < 5; ++i) {
+    EXPECT_EQ((i - 1) * 100, scheduler_.GetLatestEventWithPrecedence(i));
+  }
+}
+
 }  // namespace
 }  // namespace test
 }  // namespace net
diff --git a/chromium/net/spdy/spdy_alt_svc_wire_format.cc b/chromium/net/spdy/spdy_alt_svc_wire_format.cc
index 2ec677754b7..38c8fdde36b 100644
--- a/chromium/net/spdy/spdy_alt_svc_wire_format.cc
+++ b/chromium/net/spdy/spdy_alt_svc_wire_format.cc
@@ -44,13 +44,11 @@ SpdyAltSvcWireFormat::AlternativeService::AlternativeService(
     const std::string& host,
     uint16_t port,
     uint32_t max_age,
-    double probability,
     VersionVector version)
     : protocol_id(protocol_id),
       host(host),
       port(port),
       max_age(max_age),
-      probability(probability),
       version(version) {}
 
 SpdyAltSvcWireFormat::AlternativeService::~AlternativeService() {}
@@ -114,7 +112,6 @@ bool SpdyAltSvcWireFormat::ParseHeaderFieldValue(
     ++c;
     // Parse parameters.
     uint32_t max_age = 86400;
-    double probability = 1.0;
     VersionVector version;
     StringPiece::const_iterator parameters_end = std::find(c, value.end(), ',');
     while (c != parameters_end) {
@@ -150,14 +147,6 @@ bool SpdyAltSvcWireFormat::ParseHeaderFieldValue(
         if (!ParsePositiveInteger32(parameter_value_begin, c, &max_age)) {
           return false;
         }
-      } else if (parameter_name.compare("p") == 0) {
-        // Probability value is enclosed in quotation marks.
-        if (*parameter_value_begin != '"' || *(c - 1) != '"') {
-          return false;
-        }
-        if (!ParseProbability(parameter_value_begin + 1, c - 1, &probability)) {
-          return false;
-        }
       } else if (parameter_name.compare("v") == 0) {
         // Version is a comma separated list of positive integers enclosed in
         // quotation marks.  Since it can contain commas, which are not
@@ -191,8 +180,7 @@ bool SpdyAltSvcWireFormat::ParseHeaderFieldValue(
         }
       }
     }
-    altsvc_vector->push_back(AlternativeService(protocol_id, host, port,
-                                                max_age, probability, version));
+    altsvc_vector->emplace_back(protocol_id, host, port, max_age, version);
     for (; c != value.end() && (*c == ' ' || *c == '\t' || *c == ','); ++c) {
     }
   }
@@ -255,9 +243,6 @@ std::string SpdyAltSvcWireFormat::SerializeHeaderFieldValue(
     if (altsvc.max_age != 86400) {
       base::StringAppendF(&value, "; ma=%d", altsvc.max_age);
     }
-    if (altsvc.probability != 1.0) {
-      base::StringAppendF(&value, "; p=\"%.2f\"", altsvc.probability);
-    }
     if (!altsvc.version.empty()) {
       value.append("; v=\"");
       for (VersionVector::const_iterator it = altsvc.version.begin();
@@ -355,45 +340,4 @@ bool SpdyAltSvcWireFormat::ParsePositiveInteger32(
   return ParsePositiveIntegerImpl<uint32_t>(c, end, value);
 }
 
-// Probability is a decimal fraction between 0.0 and 1.0, inclusive, with
-// optional leading zero, optional decimal point, and optional digits following
-// the decimal point, with the restriction that there has to be at least one
-// digit (that is, "" and "." are not valid).
-// static
-bool SpdyAltSvcWireFormat::ParseProbability(StringPiece::const_iterator c,
-                                            StringPiece::const_iterator end,
-                                            double* probability) {
-  // "" is invalid.
-  if (c == end) {
-    return false;
-  }
-  // "." is invalid.
-  if (end - c == 1 && *c == '.') {
-    return false;
-  }
-  if (*c == '1') {
-    *probability = 1.0;
-    ++c;
-  } else {
-    *probability = 0.0;
-    if (*c == '0') {
-      ++c;
-    }
-  }
-  if (c == end) {
-    return true;
-  }
-  if (*c != '.') {
-    return false;
-  }
-  // So far we could have had ".", "0.", or "1.".
-  ++c;
-  double place_value = 0.1;
-  for (; c != end && isdigit(*c); ++c) {
-    *probability += place_value * (*c - '0');
-    place_value *= 0.1;
-  }
-  return (c == end && *probability <= 1.0);
-}
-
 }  // namespace net
diff --git a/chromium/net/spdy/spdy_alt_svc_wire_format.h b/chromium/net/spdy/spdy_alt_svc_wire_format.h
index de4043527a9..03eca99cc66 100644
--- a/chromium/net/spdy/spdy_alt_svc_wire_format.h
+++ b/chromium/net/spdy/spdy_alt_svc_wire_format.h
@@ -35,8 +35,6 @@ class NET_EXPORT_PRIVATE SpdyAltSvcWireFormat {
     uint16_t port = 0;
     // Default is one day.
     uint32_t max_age = 86400;
-    // Default is always use.
-    double probability = 1.0;
     // Default is empty: unspecified version.
     VersionVector version;
 
@@ -45,7 +43,6 @@ class NET_EXPORT_PRIVATE SpdyAltSvcWireFormat {
                        const std::string& host,
                        uint16_t port,
                        uint32_t max_age,
-                       double probability,
                        VersionVector version);
     AlternativeService(const AlternativeService& other);
     ~AlternativeService();
@@ -53,7 +50,7 @@ class NET_EXPORT_PRIVATE SpdyAltSvcWireFormat {
     bool operator==(const AlternativeService& other) const {
       return protocol_id == other.protocol_id && host == other.host &&
              port == other.port && version == other.version &&
-             max_age == other.max_age && probability == other.probability;
+             max_age == other.max_age;
     }
   };
   // An empty vector means alternative services should be cleared for given
@@ -83,9 +80,6 @@ class NET_EXPORT_PRIVATE SpdyAltSvcWireFormat {
   static bool ParsePositiveInteger32(base::StringPiece::const_iterator c,
                                      base::StringPiece::const_iterator end,
                                      uint32_t* value);
-  static bool ParseProbability(base::StringPiece::const_iterator c,
-                               base::StringPiece::const_iterator end,
-                               double* probability);
 };
 
 }  // namespace net
diff --git a/chromium/net/spdy/spdy_alt_svc_wire_format_test.cc b/chromium/net/spdy/spdy_alt_svc_wire_format_test.cc
index 565194f4222..902ff03bec9 100644
--- a/chromium/net/spdy/spdy_alt_svc_wire_format_test.cc
+++ b/chromium/net/spdy/spdy_alt_svc_wire_format_test.cc
@@ -43,11 +43,6 @@ class SpdyAltSvcWireFormatPeer {
                                      uint32_t* max_age) {
     return SpdyAltSvcWireFormat::ParsePositiveInteger32(c, end, max_age);
   }
-  static bool ParseProbability(StringPiece::const_iterator c,
-                               StringPiece::const_iterator end,
-                               double* probability) {
-    return SpdyAltSvcWireFormat::ParseProbability(c, end, probability);
-  }
 };
 
 }  // namespace test
@@ -89,23 +84,14 @@ void FuzzHeaderFieldValue(
   if (i & 1 << 4) {
     header_field_value->append("; J=s");
   }
-  if (i & 1 << 5) {
-    expected_altsvc->probability = 0.33;
-    header_field_value->append("; P=\".33\"");
-  }
   if (i & 1 << 6) {
-    expected_altsvc->probability = 0.0;
     expected_altsvc->version.push_back(24);
-    header_field_value->append("; p=\"0\";v=\"24\"");
+    header_field_value->append("; v=\"24\"");
   }
   if (i & 1 << 7) {
     expected_altsvc->max_age = 999999999;
     header_field_value->append("; Ma=999999999");
   }
-  if (i & 1 << 8) {
-    expected_altsvc->probability = 0.1;
-    header_field_value->append("; P=\"0.1\"");
-  }
   if (i & 1 << 9) {
     header_field_value->append(";");
   }
@@ -140,10 +126,6 @@ void FuzzAlternativeService(int i,
     altsvc->max_age = 1111;
     expected_header_field_value->append("; ma=1111");
   }
-  if (i & 1 << 2) {
-    altsvc->probability = 0.33;
-    expected_header_field_value->append("; p=\"0.33\"");
-  }
   if (i & 1 << 3) {
     altsvc->version.push_back(24);
     altsvc->version.push_back(25);
@@ -161,7 +143,6 @@ TEST(SpdyAltSvcWireFormatTest, DefaultValues) {
   EXPECT_EQ("", altsvc.host);
   EXPECT_EQ(0u, altsvc.port);
   EXPECT_EQ(86400u, altsvc.max_age);
-  EXPECT_DOUBLE_EQ(1.0, altsvc.probability);
   EXPECT_TRUE(altsvc.version.empty());
 }
 
@@ -193,7 +174,6 @@ TEST(SpdyAltSvcWireFormatTest, ParseHeaderFieldValue) {
     EXPECT_EQ(expected_altsvc.host, altsvc_vector[0].host);
     EXPECT_EQ(expected_altsvc.port, altsvc_vector[0].port);
     EXPECT_EQ(expected_altsvc.max_age, altsvc_vector[0].max_age);
-    EXPECT_DOUBLE_EQ(expected_altsvc.probability, altsvc_vector[0].probability);
     EXPECT_EQ(expected_altsvc.version, altsvc_vector[0].version);
 
     // Roundtrip test starting with |altsvc_vector|.
@@ -208,8 +188,6 @@ TEST(SpdyAltSvcWireFormatTest, ParseHeaderFieldValue) {
     EXPECT_EQ(expected_altsvc.host, roundtrip_altsvc_vector[0].host);
     EXPECT_EQ(expected_altsvc.port, roundtrip_altsvc_vector[0].port);
     EXPECT_EQ(expected_altsvc.max_age, roundtrip_altsvc_vector[0].max_age);
-    EXPECT_DOUBLE_EQ(expected_altsvc.probability,
-                     roundtrip_altsvc_vector[0].probability);
     EXPECT_EQ(expected_altsvc.version, roundtrip_altsvc_vector[0].version);
   }
 }
@@ -240,8 +218,6 @@ TEST(SpdyAltSvcWireFormatTest, ParseHeaderFieldValueMultiple) {
       EXPECT_EQ(expected_altsvc_vector[j].host, altsvc_vector[j].host);
       EXPECT_EQ(expected_altsvc_vector[j].port, altsvc_vector[j].port);
       EXPECT_EQ(expected_altsvc_vector[j].max_age, altsvc_vector[j].max_age);
-      EXPECT_DOUBLE_EQ(expected_altsvc_vector[j].probability,
-                       altsvc_vector[j].probability);
       EXPECT_EQ(expected_altsvc_vector[j].version, altsvc_vector[j].version);
     }
 
@@ -261,8 +237,6 @@ TEST(SpdyAltSvcWireFormatTest, ParseHeaderFieldValueMultiple) {
                 roundtrip_altsvc_vector[j].port);
       EXPECT_EQ(expected_altsvc_vector[j].max_age,
                 roundtrip_altsvc_vector[j].max_age);
-      EXPECT_DOUBLE_EQ(expected_altsvc_vector[j].probability,
-                       roundtrip_altsvc_vector[j].probability);
       EXPECT_EQ(expected_altsvc_vector[j].version,
                 roundtrip_altsvc_vector[j].version);
     }
@@ -294,7 +268,6 @@ TEST(SpdyAltSvcWireFormatTest, RoundTrip) {
     EXPECT_EQ(altsvc.host, parsed_altsvc_vector[0].host);
     EXPECT_EQ(altsvc.port, parsed_altsvc_vector[0].port);
     EXPECT_EQ(altsvc.max_age, parsed_altsvc_vector[0].max_age);
-    EXPECT_DOUBLE_EQ(altsvc.probability, parsed_altsvc_vector[0].probability);
     EXPECT_EQ(altsvc.version, parsed_altsvc_vector[0].version);
 
     // Test SerializeHeaderFieldValue().
@@ -332,7 +305,6 @@ TEST(SpdyAltSvcWireFormatTest, RoundTripMultiple) {
     EXPECT_EQ(expected_it->host, parsed_it->host);
     EXPECT_EQ(expected_it->port, parsed_it->port);
     EXPECT_EQ(expected_it->max_age, parsed_it->max_age);
-    EXPECT_DOUBLE_EQ(expected_it->probability, parsed_it->probability);
     EXPECT_EQ(expected_it->version, parsed_it->version);
   }
 
@@ -343,18 +315,33 @@ TEST(SpdyAltSvcWireFormatTest, RoundTripMultiple) {
 
 // ParseHeaderFieldValue() should return false on malformed field values:
 // invalid percent encoding, unmatched quotation mark, empty port, non-numeric
-// characters in numeric fields, negative or larger than 1.0 probability.
+// characters in numeric fields.
 TEST(SpdyAltSvcWireFormatTest, ParseHeaderFieldValueInvalid) {
   SpdyAltSvcWireFormat::AlternativeServiceVector altsvc_vector;
-  const char* invalid_field_value_array[] = {"a%", "a%x", "a%b", "a%9z",
-      "a=", "a=\"", "a=\"b\"", "a=\":\"", "a=\"c:\"", "a=\"c:foo\"",
-      "a=\"c:42foo\"", "a=\"b:42\"bar", "a=\"b:42\" ; m",
-      "a=\"b:42\" ; min-age", "a=\"b:42\" ; ma", "a=\"b:42\" ; ma=",
-      "a=\"b:42\" ; ma=ma", "a=\"b:42\" ; ma=123bar", "a=\"b:42\" ; p=\"-2\"",
-      "a=\"b:42\" ; p=\"..\"", "a=\"b:42\" ; p=\"1.05\"", "a=\"b:42\" ; p=0.4",
-      "a=\"b:42\" ; p=\" 1.0\"", "a=\"b:42\" ; v=24", "a=\"b:42\" ; v=24,25",
-      "a=\"b:42\" ; v=\"-3\"", "a=\"b:42\" ; v=\"1.2\"",
-      "a=\"b:42\" ; v=\"24,\""};
+  const char* invalid_field_value_array[] = {"a%",
+                                             "a%x",
+                                             "a%b",
+                                             "a%9z",
+                                             "a=",
+                                             "a=\"",
+                                             "a=\"b\"",
+                                             "a=\":\"",
+                                             "a=\"c:\"",
+                                             "a=\"c:foo\"",
+                                             "a=\"c:42foo\"",
+                                             "a=\"b:42\"bar",
+                                             "a=\"b:42\" ; m",
+                                             "a=\"b:42\" ; min-age",
+                                             "a=\"b:42\" ; ma",
+                                             "a=\"b:42\" ; ma=",
+                                             "a=\"b:42\" ; v=\"..\"",
+                                             "a=\"b:42\" ; ma=ma",
+                                             "a=\"b:42\" ; ma=123bar",
+                                             "a=\"b:42\" ; v=24",
+                                             "a=\"b:42\" ; v=24,25",
+                                             "a=\"b:42\" ; v=\"-3\"",
+                                             "a=\"b:42\" ; v=\"1.2\"",
+                                             "a=\"b:42\" ; v=\"24,\""};
   for (const char* invalid_field_value : invalid_field_value_array) {
     EXPECT_FALSE(SpdyAltSvcWireFormat::ParseHeaderFieldValue(
         invalid_field_value, &altsvc_vector))
@@ -367,8 +354,8 @@ TEST(SpdyAltSvcWireFormatTest, ParseHeaderFieldValueInvalid) {
 // of the input.
 TEST(SpdyAltSvcWireFormatTest, ParseTruncatedHeaderFieldValue) {
   SpdyAltSvcWireFormat::AlternativeServiceVector altsvc_vector;
-  const char* field_value_array[] = {
-      "p=\":137\"", "p=\"foo:137\"", "p%25=\"foo\\\"bar\\\\baz:137\""};
+  const char* field_value_array[] = {"a=\":137\"", "a=\"foo:137\"",
+                                     "a%25=\"foo\\\"bar\\\\baz:137\""};
   for (const std::string& field_value : field_value_array) {
     for (size_t len = 1; len < field_value.size(); ++len) {
       EXPECT_FALSE(SpdyAltSvcWireFormat::ParseHeaderFieldValue(
@@ -447,8 +434,9 @@ TEST(SpdyAltSvcWireFormatTest, ParseAltAuthorityValid) {
 // Test ParseAltAuthority() on invalid input: empty string, no port, zero port,
 // non-digit characters following port.
 TEST(SpdyAltSvcWireFormatTest, ParseAltAuthorityInvalid) {
-  const char* invalid_input_array[] = {"", ":", "foo:", ":bar", ":0", "foo:0",
-      ":12bar", "foo:23bar", " ", ":12 ", "foo:12 "};
+  const char* invalid_input_array[] = {"",   ":",     "foo:",   ":bar",
+                                       ":0", "foo:0", ":12bar", "foo:23bar",
+                                       " ",  ":12 ",  "foo:12 "};
   for (const char* invalid_input : invalid_input_array) {
     StringPiece input(invalid_input);
     std::string host;
@@ -526,71 +514,6 @@ TEST(SpdyAltSvcWireFormatTest, ParseIntegerOverflow) {
       input.begin(), input.end(), &value32));
 }
 
-// Test ParseProbability() on valid input.
-TEST(SpdyAltSvcWireFormatTest, ParseProbabilityValid) {
-  StringPiece input("0");
-  double probability = -2.0;
-  ASSERT_TRUE(test::SpdyAltSvcWireFormatPeer::ParseProbability(
-      input.begin(), input.end(), &probability));
-  EXPECT_DOUBLE_EQ(0.0, probability);
-
-  input = StringPiece("0.");
-  probability = -2.0;
-  ASSERT_TRUE(test::SpdyAltSvcWireFormatPeer::ParseProbability(
-      input.begin(), input.end(), &probability));
-  EXPECT_DOUBLE_EQ(0.0, probability);
-
-  input = StringPiece("0.0");
-  probability = -2.0;
-  ASSERT_TRUE(test::SpdyAltSvcWireFormatPeer::ParseProbability(
-      input.begin(), input.end(), &probability));
-  EXPECT_DOUBLE_EQ(0.0, probability);
-
-  input = StringPiece("1");
-  probability = -2.0;
-  ASSERT_TRUE(test::SpdyAltSvcWireFormatPeer::ParseProbability(
-      input.begin(), input.end(), &probability));
-  EXPECT_DOUBLE_EQ(1.0, probability);
-
-  input = StringPiece("1.");
-  probability = -2.0;
-  ASSERT_TRUE(test::SpdyAltSvcWireFormatPeer::ParseProbability(
-      input.begin(), input.end(), &probability));
-  EXPECT_DOUBLE_EQ(1.0, probability);
-
-  input = StringPiece("1.0");
-  probability = -2.0;
-  ASSERT_TRUE(test::SpdyAltSvcWireFormatPeer::ParseProbability(
-      input.begin(), input.end(), &probability));
-  EXPECT_DOUBLE_EQ(1.0, probability);
-
-  input = StringPiece("0.37");
-  probability = -2.0;
-  ASSERT_TRUE(test::SpdyAltSvcWireFormatPeer::ParseProbability(
-      input.begin(), input.end(), &probability));
-  EXPECT_DOUBLE_EQ(0.37, probability);
-
-  input = StringPiece("0.72");
-  probability = -2.0;
-  ASSERT_TRUE(test::SpdyAltSvcWireFormatPeer::ParseProbability(
-      input.begin(), input.end(), &probability));
-  EXPECT_DOUBLE_EQ(0.72, probability);
-}
-
-// Test ParseProbability() on invalid input: empty string, non-digit characters,
-// negative input, larger than 1.0.
-TEST(SpdyAltSvcWireFormatTest, ParseProbabilityInvalid) {
-  const char* invalid_input_array[] = {"", " ", ".", "a", "-2", "-0", "0a",
-      "1b ", "0.9z2", "0.33 ", "0.98x", "2.0", "1.0001", "1.00001",
-      "1.000001"};
-  for (const char* invalid_input : invalid_input_array) {
-    StringPiece input(invalid_input);
-    double probability;
-    EXPECT_FALSE(test::SpdyAltSvcWireFormatPeer::ParseProbability(
-        input.begin(), input.end(), &probability));
-  }
-}
-
 }  // namespace
 
 }  // namespace net
diff --git a/chromium/net/spdy/spdy_buffer.cc b/chromium/net/spdy/spdy_buffer.cc
index be783fc6a1a..28e807def4d 100644
--- a/chromium/net/spdy/spdy_buffer.cc
+++ b/chromium/net/spdy/spdy_buffer.cc
@@ -22,14 +22,14 @@ const size_t kMaxSpdyFrameSize = 0x00ffffff;
 
 // Makes a SpdySerializedFrame with |size| bytes of data copied from |data|.
 // |data| must be non-NULL and |size| must be positive.
-scoped_ptr<SpdySerializedFrame> MakeSpdySerializedFrame(const char* data,
-                                                        size_t size) {
+std::unique_ptr<SpdySerializedFrame> MakeSpdySerializedFrame(const char* data,
+                                                             size_t size) {
   DCHECK(data);
   CHECK_GT(size, 0u);
   CHECK_LE(size, kMaxSpdyFrameSize);
-  scoped_ptr<char[]> frame_data(new char[size]);
+  std::unique_ptr<char[]> frame_data(new char[size]);
   std::memcpy(frame_data.get(), data, size);
-  scoped_ptr<SpdySerializedFrame> frame(new SpdySerializedFrame(
+  std::unique_ptr<SpdySerializedFrame> frame(new SpdySerializedFrame(
       frame_data.release(), size, true /* owns_buffer */));
   return frame;
 }
@@ -57,7 +57,7 @@ class SpdyBuffer::SharedFrameIOBuffer : public IOBuffer {
   DISALLOW_COPY_AND_ASSIGN(SharedFrameIOBuffer);
 };
 
-SpdyBuffer::SpdyBuffer(scoped_ptr<SpdySerializedFrame> frame)
+SpdyBuffer::SpdyBuffer(std::unique_ptr<SpdySerializedFrame> frame)
     : shared_frame_(new SharedFrame()), offset_(0) {
   shared_frame_->data = std::move(frame);
 }
diff --git a/chromium/net/spdy/spdy_buffer.h b/chromium/net/spdy/spdy_buffer.h
index d12c89fcf83..0d9ffbf248b 100644
--- a/chromium/net/spdy/spdy_buffer.h
+++ b/chromium/net/spdy/spdy_buffer.h
@@ -6,12 +6,12 @@
 #define NET_SPDY_SPDY_BUFFER_H_
 
 #include <cstddef>
+#include <memory>
 #include <vector>
 
 #include "base/callback_forward.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 
 namespace net {
@@ -47,7 +47,7 @@ class NET_EXPORT_PRIVATE SpdyBuffer {
 
   // Construct with the data in the given frame. Assumes that data is
   // owned by |frame| or outlives it.
-  explicit SpdyBuffer(scoped_ptr<SpdySerializedFrame> frame);
+  explicit SpdyBuffer(std::unique_ptr<SpdySerializedFrame> frame);
 
   // Construct with a copy of the given raw data. |data| must be
   // non-NULL and |size| must be non-zero.
@@ -88,7 +88,8 @@ class NET_EXPORT_PRIVATE SpdyBuffer {
 
   // Ref-count the passed-in SpdySerializedFrame to support the semantics of
   // |GetIOBufferForRemainingData()|.
-  typedef base::RefCountedData<scoped_ptr<SpdySerializedFrame>> SharedFrame;
+  typedef base::RefCountedData<std::unique_ptr<SpdySerializedFrame>>
+      SharedFrame;
 
   class SharedFrameIOBuffer;
 
diff --git a/chromium/net/spdy/spdy_buffer_producer.cc b/chromium/net/spdy/spdy_buffer_producer.cc
index 8f18d19f24f..46d766bb675 100644
--- a/chromium/net/spdy/spdy_buffer_producer.cc
+++ b/chromium/net/spdy/spdy_buffer_producer.cc
@@ -16,12 +16,12 @@ SpdyBufferProducer::SpdyBufferProducer() {}
 
 SpdyBufferProducer::~SpdyBufferProducer() {}
 
-SimpleBufferProducer::SimpleBufferProducer(scoped_ptr<SpdyBuffer> buffer)
+SimpleBufferProducer::SimpleBufferProducer(std::unique_ptr<SpdyBuffer> buffer)
     : buffer_(std::move(buffer)) {}
 
 SimpleBufferProducer::~SimpleBufferProducer() {}
 
-scoped_ptr<SpdyBuffer> SimpleBufferProducer::ProduceBuffer() {
+std::unique_ptr<SpdyBuffer> SimpleBufferProducer::ProduceBuffer() {
   DCHECK(buffer_);
   return std::move(buffer_);
 }
diff --git a/chromium/net/spdy/spdy_buffer_producer.h b/chromium/net/spdy/spdy_buffer_producer.h
index 849ecd24dfe..8d09f7b4ea2 100644
--- a/chromium/net/spdy/spdy_buffer_producer.h
+++ b/chromium/net/spdy/spdy_buffer_producer.h
@@ -5,9 +5,10 @@
 #ifndef NET_SPDY_SPDY_BUFFER_PRODUCER_H_
 #define NET_SPDY_SPDY_BUFFER_PRODUCER_H_
 
+#include <memory>
+
 #include "base/compiler_specific.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 
 namespace net {
@@ -22,7 +23,7 @@ class NET_EXPORT_PRIVATE SpdyBufferProducer {
   SpdyBufferProducer();
 
   // Produces the buffer to be written. Will be called at most once.
-  virtual scoped_ptr<SpdyBuffer> ProduceBuffer() = 0;
+  virtual std::unique_ptr<SpdyBuffer> ProduceBuffer() = 0;
 
   virtual ~SpdyBufferProducer();
 
@@ -33,14 +34,14 @@ class NET_EXPORT_PRIVATE SpdyBufferProducer {
 // A simple wrapper around a single SpdyBuffer.
 class NET_EXPORT_PRIVATE SimpleBufferProducer : public SpdyBufferProducer {
  public:
-  explicit SimpleBufferProducer(scoped_ptr<SpdyBuffer> buffer);
+  explicit SimpleBufferProducer(std::unique_ptr<SpdyBuffer> buffer);
 
   ~SimpleBufferProducer() override;
 
-  scoped_ptr<SpdyBuffer> ProduceBuffer() override;
+  std::unique_ptr<SpdyBuffer> ProduceBuffer() override;
 
  private:
-  scoped_ptr<SpdyBuffer> buffer_;
+  std::unique_ptr<SpdyBuffer> buffer_;
 
   DISALLOW_COPY_AND_ASSIGN(SimpleBufferProducer);
 };
diff --git a/chromium/net/spdy/spdy_buffer_unittest.cc b/chromium/net/spdy/spdy_buffer_unittest.cc
index 46a5c2b63fd..3dd49420b23 100644
--- a/chromium/net/spdy/spdy_buffer_unittest.cc
+++ b/chromium/net/spdy/spdy_buffer_unittest.cc
@@ -6,11 +6,11 @@
 
 #include <cstddef>
 #include <cstring>
+#include <memory>
 #include <string>
 
 #include "base/bind.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/io_buffer.h"
 #include "net/spdy/spdy_protocol.h"
 #include "testing/gtest/include/gtest/gtest.h"
@@ -32,8 +32,9 @@ std::string BufferToString(const SpdyBuffer& buffer) {
 // Construct a SpdyBuffer from a SpdySerializedFrame and make sure its data
 // points to the frame's underlying data.
 TEST_F(SpdyBufferTest, FrameConstructor) {
-  SpdyBuffer buffer(scoped_ptr<SpdySerializedFrame>(new SpdySerializedFrame(
-      const_cast<char*>(kData), kDataSize, false /* owns_buffer */)));
+  SpdyBuffer buffer(
+      std::unique_ptr<SpdySerializedFrame>(new SpdySerializedFrame(
+          const_cast<char*>(kData), kDataSize, false /* owns_buffer */)));
 
   EXPECT_EQ(kData, buffer.GetRemainingData());
   EXPECT_EQ(kDataSize, buffer.GetRemainingSize());
@@ -119,7 +120,7 @@ TEST_F(SpdyBufferTest, GetIOBufferForRemainingData) {
 // Make sure the IOBuffer returned by GetIOBufferForRemainingData()
 // outlives the buffer itself.
 TEST_F(SpdyBufferTest, IOBufferForRemainingDataOutlivesBuffer) {
-  scoped_ptr<SpdyBuffer> buffer(new SpdyBuffer(kData, kDataSize));
+  std::unique_ptr<SpdyBuffer> buffer(new SpdyBuffer(kData, kDataSize));
 
   scoped_refptr<IOBuffer> io_buffer = buffer->GetIOBufferForRemainingData();
   buffer.reset();
diff --git a/chromium/net/spdy/spdy_bug_tracker.h b/chromium/net/spdy/spdy_bug_tracker.h
new file mode 100644
index 00000000000..fc05f68d7e2
--- /dev/null
+++ b/chromium/net/spdy/spdy_bug_tracker.h
@@ -0,0 +1,14 @@
+// Copyright (c) 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_SPDY_SPDY_BUG_TRACKER_H_
+#define NET_SPDY_SPDY_BUG_TRACKER_H_
+
+#include "base/logging.h"
+
+#define SPDY_BUG LOG(DFATAL)
+#define SPDY_BUG_IF(condition) LOG_IF(DFATAL, (condition))
+#define FLAGS_spdy_always_log_bugs_for_tests (true)
+
+#endif  // NET_SPDY_SPDY_BUG_TRACKER_H_
diff --git a/chromium/net/spdy/spdy_frame_builder.cc b/chromium/net/spdy/spdy_frame_builder.cc
index 7911b808ac7..91a48b12a95 100644
--- a/chromium/net/spdy/spdy_frame_builder.cc
+++ b/chromium/net/spdy/spdy_frame_builder.cc
@@ -7,6 +7,7 @@
 #include <limits>
 
 #include "base/logging.h"
+#include "net/spdy/spdy_bug_tracker.h"
 #include "net/spdy/spdy_framer.h"
 #include "net/spdy/spdy_protocol.h"
 
@@ -108,7 +109,7 @@ bool SpdyFrameBuilder::BeginNewFrame(const SpdyFramer& framer,
   if (length_ > 0) {
     // Update length field for previous frame.
     OverwriteLength(framer, length_ - framer.GetPrefixLength(type));
-    DLOG_IF(DFATAL, SpdyConstants::GetFrameMaximumSize(version_) < length_)
+    SPDY_BUG_IF(SpdyConstants::GetFrameMaximumSize(version_) < length_)
         << "Frame length  " << length_
         << " is longer than the maximum allowed length.";
   }
diff --git a/chromium/net/spdy/spdy_frame_builder.h b/chromium/net/spdy/spdy_frame_builder.h
index d1f9535f2f6..86c8ee001e6 100644
--- a/chromium/net/spdy/spdy_frame_builder.h
+++ b/chromium/net/spdy/spdy_frame_builder.h
@@ -8,12 +8,13 @@
 #include <stddef.h>
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_piece.h"
 #include "base/sys_byteorder.h"
 #include "net/base/net_export.h"
+#include "net/spdy/spdy_bug_tracker.h"
 #include "net/spdy/spdy_protocol.h"
 
 namespace net {
@@ -76,7 +77,7 @@ class NET_EXPORT_PRIVATE SpdyFrameBuilder {
   // Takes the buffer from the SpdyFrameBuilder.
   SpdySerializedFrame take() {
     if (version_ == HTTP2) {
-      DLOG_IF(DFATAL, SpdyConstants::GetFrameMaximumSize(version_) < length_)
+      SPDY_BUG_IF(SpdyConstants::GetFrameMaximumSize(version_) < length_)
           << "Frame length " << length_
           << " is longer than the maximum allowed length.";
     }
@@ -138,7 +139,7 @@ class NET_EXPORT_PRIVATE SpdyFrameBuilder {
   // write of given size, in bytes.
   bool CanWrite(size_t length) const;
 
-  scoped_ptr<char[]> buffer_;
+  std::unique_ptr<char[]> buffer_;
   size_t capacity_;  // Allocation size of payload, set by constructor.
   size_t length_;    // Length of the latest frame in the buffer.
   size_t offset_;    // Position at which the latest frame begins.
diff --git a/chromium/net/spdy/spdy_frame_reader_test.cc b/chromium/net/spdy/spdy_frame_reader_test.cc
index ca178de33f5..c68f3f42cf4 100644
--- a/chromium/net/spdy/spdy_frame_reader_test.cc
+++ b/chromium/net/spdy/spdy_frame_reader_test.cc
@@ -2,12 +2,13 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "net/spdy/spdy_frame_reader.h"
+
 #include <algorithm>
 #include <iostream>
+#include <memory>
 
-#include "base/memory/scoped_ptr.h"
 #include "base/sys_byteorder.h"
-#include "net/spdy/spdy_frame_reader.h"
 #include "testing/platform_test.h"
 
 namespace net {
diff --git a/chromium/net/spdy/spdy_framer.cc b/chromium/net/spdy/spdy_framer.cc
index ab242b8e1c9..7ead331721b 100644
--- a/chromium/net/spdy/spdy_framer.cc
+++ b/chromium/net/spdy/spdy_framer.cc
@@ -7,21 +7,24 @@
 #include <string.h>
 
 #include <algorithm>
+#include <ios>
 #include <iterator>
+#include <memory>
 #include <string>
 #include <vector>
 
 #include "base/lazy_instance.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/metrics/histogram_macros.h"
 #include "net/quic/quic_flags.h"
 #include "net/spdy/hpack/hpack_constants.h"
+#include "net/spdy/spdy_bitmasks.h"
+#include "net/spdy/spdy_bug_tracker.h"
 #include "net/spdy/spdy_frame_builder.h"
 #include "net/spdy/spdy_frame_reader.h"
-#include "net/spdy/spdy_bitmasks.h"
 #include "third_party/zlib/zlib.h"
 
 using base::StringPiece;
+using std::hex;
 using std::string;
 using std::vector;
 
@@ -144,7 +147,7 @@ SettingsFlagsAndId SettingsFlagsAndId::FromWireFormat(SpdyMajorVersion version,
 
 SettingsFlagsAndId::SettingsFlagsAndId(uint8_t flags, uint32_t id)
     : flags_(flags), id_(id & 0x00ffffff) {
-  LOG_IF(DFATAL, id > (1u << 24)) << "SPDY setting ID too large: " << id;
+  SPDY_BUG_IF(id > (1u << 24)) << "SPDY setting ID too large: " << id;
 }
 
 uint32_t SettingsFlagsAndId::GetWireFormat(SpdyMajorVersion version) const {
@@ -172,12 +175,13 @@ SpdyFramer::SpdyFramer(SpdyMajorVersion version)
       enable_compression_(true),
       syn_frame_processed_(false),
       probable_http_response_(false),
-      end_stream_when_done_(false),
-      spdy_on_stream_end_(FLAGS_spdy_on_stream_end) {
+      end_stream_when_done_(false) {
   DCHECK(protocol_version_ == SPDY3 || protocol_version_ == HTTP2);
-  DCHECK_LE(kMaxControlFrameSize,
-            SpdyConstants::GetFrameMaximumSize(protocol_version_) +
-                SpdyConstants::GetControlFrameHeaderSize(protocol_version_));
+  // TODO(bnc): The way kMaxControlFrameSize is currently interpreted, it
+  // includes the frame header, whereas kSpdyInitialFrameSizeLimit does not.
+  // Therefore this assertion is unnecessarily strict.
+  static_assert(kMaxControlFrameSize <= kSpdyInitialFrameSizeLimit,
+                "Our send limit should be at most our receive limit");
   Reset();
 }
 
@@ -243,6 +247,7 @@ size_t SpdyFramer::GetSynReplyMinimumSize() const {
   return size;
 }
 
+// TODO(jamessynge): Rename this to GetRstStreamSize as the frame is fixed size.
 size_t SpdyFramer::GetRstStreamMinimumSize() const {
   // Size, in bytes, of a RST_STREAM frame.
   if (protocol_version_ == SPDY3) {
@@ -419,6 +424,8 @@ const char* SpdyFramer::ErrorCodeToString(int error_code) {
   switch (error_code) {
     case SPDY_NO_ERROR:
       return "NO_ERROR";
+    case SPDY_INVALID_STREAM_ID:
+      return "INVALID_STREAM_ID";
     case SPDY_INVALID_CONTROL_FRAME:
       return "INVALID_CONTROL_FRAME";
     case SPDY_CONTROL_PAYLOAD_TOO_LARGE:
@@ -433,6 +440,8 @@ const char* SpdyFramer::ErrorCodeToString(int error_code) {
       return "DECOMPRESS_FAILURE";
     case SPDY_COMPRESS_FAILURE:
       return "COMPRESS_FAILURE";
+    case SPDY_INVALID_PADDING:
+      return "SPDY_INVALID_PADDING";
     case SPDY_INVALID_DATA_FRAME_FLAGS:
       return "SPDY_INVALID_DATA_FRAME_FLAGS";
     case SPDY_INVALID_CONTROL_FRAME_FLAGS:
@@ -638,8 +647,8 @@ size_t SpdyFramer::ProcessInput(const char* data, size_t len) {
       }
 
       default:
-        LOG(DFATAL) << "Invalid value for " << display_protocol_
-                    << " framer state: " << state_;
+        SPDY_BUG << "Invalid value for " << display_protocol_
+                 << " framer state: " << state_;
         // This ensures that we don't infinite-loop if state_ gets an
         // invalid value somehow, such as due to a SpdyFramer getting deleted
         // from a callback it calls.
@@ -679,6 +688,75 @@ void SpdyFramer::SpdySettingsScratch::Reset() {
   last_setting_id = -1;
 }
 
+SpdyFrameType SpdyFramer::ValidateFrameHeader(bool is_control_frame,
+                                              int frame_type_field) {
+  if (!SpdyConstants::IsValidFrameType(protocol_version_, frame_type_field)) {
+    if (protocol_version_ == SPDY3) {
+      if (is_control_frame) {
+        DLOG(WARNING) << "Invalid control frame type " << frame_type_field
+                      << " (protocol version: " << protocol_version_ << ")";
+        set_error(SPDY_INVALID_CONTROL_FRAME);
+      } else {
+        // Else it's a SPDY3 data frame which we don't validate further here
+      }
+    } else {
+      // In HTTP2 we ignore unknown frame types for extensibility, as long as
+      // the rest of the control frame header is valid.
+      // We rely on the visitor to check validity of current_frame_stream_id_.
+      bool valid_stream =
+          visitor_->OnUnknownFrame(current_frame_stream_id_, frame_type_field);
+      if (expect_continuation_) {
+        // Report an unexpected frame error and close the connection
+        // if we expect a continuation and receive an unknown frame.
+        DLOG(ERROR) << "The framer was expecting to receive a CONTINUATION "
+                    << "frame, but instead received an unknown frame of type "
+                    << frame_type_field;
+        set_error(SPDY_UNEXPECTED_FRAME);
+      } else if (!valid_stream) {
+        // Report an invalid frame error and close the stream if the
+        // stream_id is not valid.
+        DLOG(WARNING) << "Unknown control frame type " << frame_type_field
+                      << " received on invalid stream "
+                      << current_frame_stream_id_;
+        set_error(SPDY_INVALID_CONTROL_FRAME);
+      } else {
+        DVLOG(1) << "Ignoring unknown frame type.";
+        CHANGE_STATE(SPDY_IGNORE_REMAINING_PAYLOAD);
+      }
+    }
+    return DATA;
+  }
+
+  SpdyFrameType frame_type =
+      SpdyConstants::ParseFrameType(protocol_version_, frame_type_field);
+
+  if (protocol_version_ == HTTP2) {
+    if (!SpdyConstants::IsValidHTTP2FrameStreamId(current_frame_stream_id_,
+                                                  frame_type)) {
+      DLOG(ERROR) << "The framer received an invalid streamID of "
+                  << current_frame_stream_id_ << " for a frame of type "
+                  << FrameTypeToString(frame_type);
+      set_error(SPDY_INVALID_STREAM_ID);
+      return frame_type;
+    }
+
+    // Ensure that we see a CONTINUATION frame iff we expect to.
+    if ((frame_type == CONTINUATION) != (expect_continuation_ != 0)) {
+      if (expect_continuation_ != 0) {
+        DLOG(ERROR) << "The framer was expecting to receive a CONTINUATION "
+                    << "frame, but instead received a frame of type "
+                    << FrameTypeToString(frame_type);
+      } else {
+        DLOG(ERROR) << "The framer received an unexpected CONTINUATION frame.";
+      }
+      set_error(SPDY_UNEXPECTED_FRAME);
+      return frame_type;
+    }
+  }
+
+  return frame_type;
+}
+
 size_t SpdyFramer::ProcessCommonHeader(const char* data, size_t len) {
   // This should only be called when we're in the SPDY_READING_COMMON_HEADER
   // state.
@@ -721,8 +799,6 @@ size_t SpdyFramer::ProcessCommonHeader(const char* data, size_t len) {
         set_error(SPDY_UNSUPPORTED_VERSION);
         return 0;
       }
-      // We check control_frame_type_field's validity in
-      // ProcessControlFrameHeader().
       uint16_t control_frame_type_field_uint16;
       successful_read = reader.ReadUInt16(&control_frame_type_field_uint16);
       control_frame_type_field = control_frame_type_field_uint16;
@@ -768,24 +844,8 @@ size_t SpdyFramer::ProcessCommonHeader(const char* data, size_t len) {
     DCHECK(successful_read);
 
     remaining_data_length_ = current_frame_length_ - reader.GetBytesConsumed();
-
-    // Before we accept a DATA frame, we need to make sure we're not in the
-    // middle of processing a header block.
-    const bool is_continuation_frame =
-        (control_frame_type_field ==
-         SpdyConstants::SerializeFrameType(protocol_version_, CONTINUATION));
-    if ((expect_continuation_ != 0) != is_continuation_frame) {
-      if (expect_continuation_ != 0) {
-        DLOG(ERROR) << "The framer was expecting to receive a CONTINUATION "
-                    << "frame, but instead received frame type "
-                    << control_frame_type_field;
-      } else {
-        DLOG(ERROR) << "The framer received an unexpected CONTINUATION frame.";
-      }
-      set_error(SPDY_UNEXPECTED_FRAME);
-      return original_len - len;
-    }
   }
+
   DCHECK_EQ(is_control_frame ? GetControlFrameHeaderSize()
                              : GetDataFrameMinimumSize(),
             reader.GetBytesConsumed());
@@ -807,6 +867,13 @@ size_t SpdyFramer::ProcessCommonHeader(const char* data, size_t len) {
     }
   }
 
+  current_frame_type_ =
+      ValidateFrameHeader(is_control_frame, control_frame_type_field);
+
+  if (state_ == SPDY_ERROR || state_ == SPDY_IGNORE_REMAINING_PAYLOAD) {
+    return original_len - len;
+  }
+
   // if we're here, then we have the common header all received.
   if (!is_control_frame) {
     if (protocol_version_ == HTTP2) {
@@ -819,8 +886,7 @@ size_t SpdyFramer::ProcessCommonHeader(const char* data, size_t len) {
     if (protocol_version_ == SPDY3) {
       valid_data_flags = DATA_FLAG_FIN;
     } else {
-      valid_data_flags =
-          DATA_FLAG_FIN | DATA_FLAG_END_SEGMENT | DATA_FLAG_PADDED;
+      valid_data_flags = DATA_FLAG_FIN | DATA_FLAG_PADDED;
     }
 
     if (current_frame_flags_ & ~valid_data_flags) {
@@ -834,12 +900,7 @@ size_t SpdyFramer::ProcessCommonHeader(const char* data, size_t len) {
       } else {
         // Empty data frame.
         if (current_frame_flags_ & DATA_FLAG_FIN) {
-          if (spdy_on_stream_end_) {
-            visitor_->OnStreamEnd(current_frame_stream_id_);
-          } else {
-            visitor_->OnStreamFrameData(current_frame_stream_id_, nullptr, 0,
-                                        true);
-          }
+          visitor_->OnStreamEnd(current_frame_stream_id_);
         }
         CHANGE_STATE(SPDY_FRAME_COMPLETE);
       }
@@ -855,38 +916,6 @@ void SpdyFramer::ProcessControlFrameHeader(int control_frame_type_field) {
   DCHECK_EQ(SPDY_NO_ERROR, error_code_);
   DCHECK_LE(GetControlFrameHeaderSize(), current_frame_buffer_.len());
 
-  if (!SpdyConstants::IsValidFrameType(protocol_version_,
-                                       control_frame_type_field)) {
-    if (protocol_version_ == SPDY3) {
-      DLOG(WARNING) << "Invalid control frame type " << control_frame_type_field
-                    << " (protocol version: " << protocol_version_ << ")";
-      set_error(SPDY_INVALID_CONTROL_FRAME);
-      return;
-    } else {
-      // In HTTP2 we ignore unknown frame types for extensibility, as long as
-      // the rest of the control frame header is valid.
-      // We rely on the visitor to check validity of current_frame_stream_id_.
-      bool valid_stream = visitor_->OnUnknownFrame(current_frame_stream_id_,
-                                                   control_frame_type_field);
-      if (valid_stream) {
-        DVLOG(1) << "Ignoring unknown frame type.";
-        CHANGE_STATE(SPDY_IGNORE_REMAINING_PAYLOAD);
-      } else {
-        // Report an invalid frame error and close the stream if the
-        // stream_id is not valid.
-        DLOG(WARNING) << "Unknown control frame type "
-                      << control_frame_type_field
-                      << " received on invalid stream "
-                      << current_frame_stream_id_;
-        set_error(SPDY_INVALID_CONTROL_FRAME);
-      }
-      return;
-    }
-  }
-
-  current_frame_type_ = SpdyConstants::ParseFrameType(protocol_version_,
-                                                      control_frame_type_field);
-
   // Do some sanity checking on the control frame sizes and flags.
   switch (current_frame_type_) {
     case SYN_STREAM:
@@ -905,13 +934,12 @@ void SpdyFramer::ProcessControlFrameHeader(int control_frame_type_field) {
       }
       break;
     case RST_STREAM:
-      if ((current_frame_length_ != GetRstStreamMinimumSize() &&
-           protocol_version_ == SPDY3) ||
-          (current_frame_length_ < GetRstStreamMinimumSize() &&
-           protocol_version_ == HTTP2)) {
+      if (current_frame_length_ != GetRstStreamMinimumSize()) {
         set_error(SPDY_INVALID_CONTROL_FRAME_SIZE);
       } else if (current_frame_flags_ != 0) {
-        set_error(SPDY_INVALID_CONTROL_FRAME_FLAGS);
+        VLOG(1) << "Undefined frame flags for RST_STREAM frame: " << hex
+                << static_cast<int>(current_frame_flags_);
+        current_frame_flags_ = 0;
       }
       break;
     case SETTINGS:
@@ -932,21 +960,31 @@ void SpdyFramer::ProcessControlFrameHeader(int control_frame_type_field) {
                      ~SETTINGS_FLAG_CLEAR_PREVIOUSLY_PERSISTED_SETTINGS) {
         set_error(SPDY_INVALID_CONTROL_FRAME_FLAGS);
       } else if (protocol_version_ == HTTP2 &&
-                 current_frame_flags_ & ~SETTINGS_FLAG_ACK) {
-        set_error(SPDY_INVALID_CONTROL_FRAME_FLAGS);
-      } else if (protocol_version_ == HTTP2 &&
                  current_frame_flags_ & SETTINGS_FLAG_ACK &&
                  current_frame_length_ > GetSettingsMinimumSize()) {
         set_error(SPDY_INVALID_CONTROL_FRAME_SIZE);
+      } else if (protocol_version_ == HTTP2 &&
+                 current_frame_flags_ & ~SETTINGS_FLAG_ACK) {
+        VLOG(1) << "Undefined frame flags for SETTINGS frame: " << hex
+                << static_cast<int>(current_frame_flags_);
+        current_frame_flags_ &= SETTINGS_FLAG_ACK;
       }
       break;
     }
     case PING:
       if (current_frame_length_ != GetPingSize()) {
         set_error(SPDY_INVALID_CONTROL_FRAME_SIZE);
-      } else if ((protocol_version_ == SPDY3 && current_frame_flags_ != 0) ||
-                 (current_frame_flags_ & ~PING_FLAG_ACK)) {
-        set_error(SPDY_INVALID_CONTROL_FRAME_FLAGS);
+      } else {
+        if (protocol_version_ == SPDY3 && current_frame_flags_ != 0) {
+          VLOG(1) << "Undefined frame flags for PING frame: " << hex
+                  << static_cast<int>(current_frame_flags_);
+          current_frame_flags_ = 0;
+        } else if (protocol_version_ == HTTP2 &&
+                   current_frame_flags_ & ~PING_FLAG_ACK) {
+          VLOG(1) << "Undefined frame flags for PING frame: " << hex
+                  << static_cast<int>(current_frame_flags_);
+          current_frame_flags_ &= PING_FLAG_ACK;
+        }
       }
       break;
     case GOAWAY:
@@ -960,7 +998,9 @@ void SpdyFramer::ProcessControlFrameHeader(int control_frame_type_field) {
              current_frame_length_ < GetGoAwayMinimumSize())) {
           set_error(SPDY_INVALID_CONTROL_FRAME);
         } else if (current_frame_flags_ != 0) {
-          set_error(SPDY_INVALID_CONTROL_FRAME_FLAGS);
+          VLOG(1) << "Undefined frame flags for GOAWAY frame: " << hex
+                  << static_cast<int>(current_frame_flags_);
+          current_frame_flags_ = 0;
         }
         break;
       }
@@ -977,13 +1017,18 @@ void SpdyFramer::ProcessControlFrameHeader(int control_frame_type_field) {
           set_error(SPDY_INVALID_CONTROL_FRAME);
         } else if (protocol_version_ == SPDY3 &&
                    current_frame_flags_ & ~CONTROL_FLAG_FIN) {
-          set_error(SPDY_INVALID_CONTROL_FRAME_FLAGS);
+          VLOG(1) << "Undefined frame flags for HEADERS frame: " << hex
+                  << static_cast<int>(current_frame_flags_);
+          current_frame_flags_ &= CONTROL_FLAG_FIN;
         } else if (protocol_version_ == HTTP2 &&
                    current_frame_flags_ &
                        ~(CONTROL_FLAG_FIN | HEADERS_FLAG_PRIORITY |
-                         HEADERS_FLAG_END_HEADERS | HEADERS_FLAG_END_SEGMENT |
-                         HEADERS_FLAG_PADDED)) {
-          set_error(SPDY_INVALID_CONTROL_FRAME_FLAGS);
+                         HEADERS_FLAG_END_HEADERS | HEADERS_FLAG_PADDED)) {
+          VLOG(1) << "Undefined frame flags for HEADERS frame: " << hex
+                  << static_cast<int>(current_frame_flags_);
+          current_frame_flags_ &=
+              (CONTROL_FLAG_FIN | HEADERS_FLAG_PRIORITY |
+               HEADERS_FLAG_END_HEADERS | HEADERS_FLAG_PADDED);
         }
       }
       break;
@@ -991,7 +1036,9 @@ void SpdyFramer::ProcessControlFrameHeader(int control_frame_type_field) {
       if (current_frame_length_ != GetWindowUpdateSize()) {
         set_error(SPDY_INVALID_CONTROL_FRAME_SIZE);
       } else if (current_frame_flags_ != 0) {
-        set_error(SPDY_INVALID_CONTROL_FRAME_FLAGS);
+        VLOG(1) << "Undefined frame flags for WINDOW_UPDATE frame: " << hex
+                << static_cast<int>(current_frame_flags_);
+        current_frame_flags_ = 0;
       }
       break;
     case BLOCKED:
@@ -999,19 +1046,26 @@ void SpdyFramer::ProcessControlFrameHeader(int control_frame_type_field) {
           current_frame_length_ != GetBlockedSize()) {
         set_error(SPDY_INVALID_CONTROL_FRAME);
       } else if (current_frame_flags_ != 0) {
-        set_error(SPDY_INVALID_CONTROL_FRAME_FLAGS);
+        VLOG(1) << "Undefined frame flags for BLOCKED frame: " << hex
+                << static_cast<int>(current_frame_flags_);
+        current_frame_flags_ = 0;
       }
       break;
     case PUSH_PROMISE:
       if (current_frame_length_ < GetPushPromiseMinimumSize()) {
         set_error(SPDY_INVALID_CONTROL_FRAME);
       } else if (protocol_version_ == SPDY3 && current_frame_flags_ != 0) {
-        set_error(SPDY_INVALID_CONTROL_FRAME_FLAGS);
+        VLOG(1) << "Undefined frame flags for PUSH_PROMISE frame: " << hex
+                << static_cast<int>(current_frame_flags_);
+        current_frame_flags_ = 0;
       } else if (protocol_version_ == HTTP2 &&
                  current_frame_flags_ &
                      ~(PUSH_PROMISE_FLAG_END_PUSH_PROMISE |
                        HEADERS_FLAG_PADDED)) {
-        set_error(SPDY_INVALID_CONTROL_FRAME_FLAGS);
+        VLOG(1) << "Undefined frame flags for PUSH_PROMISE frame: " << hex
+                << static_cast<int>(current_frame_flags_);
+        current_frame_flags_ &=
+            (PUSH_PROMISE_FLAG_END_PUSH_PROMISE | HEADERS_FLAG_PADDED);
       }
       break;
     case CONTINUATION:
@@ -1019,14 +1073,18 @@ void SpdyFramer::ProcessControlFrameHeader(int control_frame_type_field) {
           current_frame_length_ < GetContinuationMinimumSize()) {
         set_error(SPDY_INVALID_CONTROL_FRAME);
       } else if (current_frame_flags_ & ~HEADERS_FLAG_END_HEADERS) {
-        set_error(SPDY_INVALID_CONTROL_FRAME_FLAGS);
+        VLOG(1) << "Undefined frame flags for CONTINUATION frame: " << hex
+                << static_cast<int>(current_frame_flags_);
+        current_frame_flags_ &= HEADERS_FLAG_END_HEADERS;
       }
       break;
     case ALTSVC:
       if (current_frame_length_ <= GetAltSvcMinimumSize()) {
         set_error(SPDY_INVALID_CONTROL_FRAME);
       } else if (current_frame_flags_ != 0) {
-        set_error(SPDY_INVALID_CONTROL_FRAME_FLAGS);
+        VLOG(1) << "Undefined frame flags for ALTSVC frame: " << hex
+                << static_cast<int>(current_frame_flags_);
+        current_frame_flags_ = 0;
       }
       break;
     case PRIORITY:
@@ -1034,7 +1092,9 @@ void SpdyFramer::ProcessControlFrameHeader(int control_frame_type_field) {
           current_frame_length_ != GetPrioritySize()) {
         set_error(SPDY_INVALID_CONTROL_FRAME_SIZE);
       } else if (current_frame_flags_ != 0) {
-        set_error(SPDY_INVALID_CONTROL_FRAME_FLAGS);
+        VLOG(1) << "Undefined frame flags for PRIORITY frame: " << hex
+                << static_cast<int>(current_frame_flags_);
+        current_frame_flags_ = 0;
       }
       break;
     default:
@@ -1055,7 +1115,7 @@ void SpdyFramer::ProcessControlFrameHeader(int control_frame_type_field) {
   }
 
   if (current_frame_length_ >
-      SpdyConstants::GetFrameMaximumSize(protocol_version_) +
+      kSpdyInitialFrameSizeLimit +
           SpdyConstants::GetControlFrameHeaderSize(protocol_version_)) {
     DLOG(WARNING) << "Received control frame of type " << current_frame_type_
                   << " with way too big of a payload: "
@@ -1125,8 +1185,8 @@ void SpdyFramer::ProcessControlFrameHeader(int control_frame_type_field) {
     // We should already be in an error state. Double-check.
     DCHECK_EQ(SPDY_ERROR, state_);
     if (state_ != SPDY_ERROR) {
-      LOG(DFATAL) << display_protocol_
-                  << " control frame buffer too small for fixed-length frame.";
+      SPDY_BUG << display_protocol_
+               << " control frame buffer too small for fixed-length frame.";
       set_error(SPDY_CONTROL_PAYLOAD_TOO_LARGE);
     }
     return;
@@ -1524,7 +1584,7 @@ size_t SpdyFramer::ProcessControlFrameBeforeHeaderBlock(const char* data,
           // expect_continuation_ != 0, so this doubles as a check
           // that current_frame_stream_id != 0.
           if (current_frame_stream_id_ != expect_continuation_) {
-            set_error(SPDY_INVALID_CONTROL_FRAME);
+            set_error(SPDY_UNEXPECTED_FRAME);
             return original_len - len;
           }
           if (current_frame_flags_ & HEADERS_FLAG_END_HEADERS) {
@@ -1569,8 +1629,14 @@ size_t SpdyFramer::ProcessControlFrameHeaderBlock(const char* data,
       current_frame_type_ != HEADERS &&
       current_frame_type_ != PUSH_PROMISE &&
       current_frame_type_ != CONTINUATION) {
-    LOG(DFATAL) << "Unhandled frame type in ProcessControlFrameHeaderBlock.";
+    SPDY_BUG << "Unhandled frame type in ProcessControlFrameHeaderBlock.";
+  }
+
+  if (remaining_padding_payload_length_ > remaining_data_length_) {
+    set_error(SPDY_INVALID_PADDING);
+    return data_len;
   }
+
   size_t process_bytes = std::min(
       data_len, remaining_data_length_ - remaining_padding_payload_length_);
   if (is_hpack_header_block) {
@@ -1989,6 +2055,7 @@ size_t SpdyFramer::ProcessRstStreamFramePayload(const char* data, size_t len) {
   }
 
   // Handle remaining data as opaque.
+  // TODO(jamessynge): Remove support for variable length/opaque trailer.
   bool processed_successfully = true;
   if (len > 0) {
     processed_successfully = visitor_->OnRstStreamFrameData(data, len);
@@ -2074,7 +2141,7 @@ size_t SpdyFramer::ProcessDataFramePaddingLength(const char* data, size_t len) {
   }
 
   if (remaining_padding_payload_length_ > remaining_data_length_) {
-    set_error(SPDY_INVALID_DATA_FRAME_FLAGS);
+    set_error(SPDY_INVALID_PADDING);
     return 0;
   }
   CHANGE_STATE(SPDY_FORWARD_STREAM_FRAME);
@@ -2089,7 +2156,8 @@ size_t SpdyFramer::ProcessFramePadding(const char* data, size_t len) {
     DCHECK_EQ(remaining_padding_payload_length_, remaining_data_length_);
     size_t amount_to_discard = std::min(remaining_padding_payload_length_, len);
     if (current_frame_type_ == DATA && amount_to_discard > 0) {
-      DCHECK_EQ(HTTP2, protocol_version_);
+      SPDY_BUG_IF(protocol_version_ == SPDY3)
+          << "Padding invalid for SPDY version " << protocol_version_;
       visitor_->OnStreamPadding(current_frame_stream_id_, amount_to_discard);
     }
     data += amount_to_discard;
@@ -2105,11 +2173,7 @@ size_t SpdyFramer::ProcessFramePadding(const char* data, size_t len) {
         ((current_frame_flags_ & CONTROL_FLAG_FIN) != 0 ||
          end_stream_when_done_)) {
       end_stream_when_done_ = false;
-      if (spdy_on_stream_end_) {
-        visitor_->OnStreamEnd(current_frame_stream_id_);
-      } else {
-        visitor_->OnStreamFrameData(current_frame_stream_id_, nullptr, 0, true);
-      }
+      visitor_->OnStreamEnd(current_frame_stream_id_);
     }
     CHANGE_STATE(SPDY_FRAME_COMPLETE);
   }
@@ -2124,8 +2188,8 @@ size_t SpdyFramer::ProcessDataFramePayload(const char* data, size_t len) {
     if (amount_to_forward && state_ != SPDY_IGNORE_REMAINING_PAYLOAD) {
       // Only inform the visitor if there is data.
       if (amount_to_forward) {
-        visitor_->OnStreamFrameData(
-            current_frame_stream_id_, data, amount_to_forward, false);
+        visitor_->OnStreamFrameData(current_frame_stream_id_, data,
+                                    amount_to_forward);
       }
     }
     data += amount_to_forward;
@@ -2197,9 +2261,9 @@ bool SpdyFramer::ParseHeaderBlockInBuffer(const char* header_data,
     (*block)[name] = value;
   }
   if (reader.GetBytesConsumed() != header_length) {
-    LOG(DFATAL) << "Buffer expected to consist entirely of headers, but only "
-                << reader.GetBytesConsumed() << " bytes consumed, from "
-                << header_length;
+    SPDY_BUG << "Buffer expected to consist entirely of headers, but only "
+             << reader.GetBytesConsumed() << " bytes consumed, from "
+             << header_length;
     return false;
   }
 
@@ -2290,7 +2354,7 @@ SpdySerializedFrame SpdyFramer::SerializeSynStream(
   // Sanitize priority.
   uint8_t priority = syn_stream.priority();
   if (priority > GetLowestPriority()) {
-    DLOG(DFATAL) << "Priority out-of-bounds.";
+    SPDY_BUG << "Priority out-of-bounds.";
     priority = GetLowestPriority();
   }
 
@@ -2514,7 +2578,7 @@ SpdySerializedFrame SpdyFramer::SerializeHeaders(const SpdyHeadersIR& headers) {
   SpdyPriority priority = static_cast<SpdyPriority>(headers.priority());
   if (headers.has_priority()) {
     if (headers.priority() > GetLowestPriority()) {
-      DLOG(DFATAL) << "Priority out-of-bounds.";
+      SPDY_BUG << "Priority out-of-bounds.";
       priority = GetLowestPriority();
     }
     size += 5;
@@ -2981,7 +3045,7 @@ bool SpdyFramer::IncrementallyDecompressControlFrameHeaderData(
   // Get a decompressor or set error.
   z_stream* decomp = GetHeaderDecompressor();
   if (decomp == NULL) {
-    LOG(DFATAL) << "Couldn't get decompressor for handling compressed headers.";
+    SPDY_BUG << "Couldn't get decompressor for handling compressed headers.";
     set_error(SPDY_DECOMPRESS_FAILURE);
     return false;
   }
@@ -3101,7 +3165,7 @@ void SpdyFramer::SerializeHeaderBlock(SpdyFrameBuilder* builder,
 
   z_stream* compressor = GetHeaderCompressor();
   if (!compressor) {
-    LOG(DFATAL) << "Could not obtain compressor.";
+    SPDY_BUG << "Could not obtain compressor.";
     return;
   }
   // Create an output frame.
diff --git a/chromium/net/spdy/spdy_framer.h b/chromium/net/spdy/spdy_framer.h
index 7375333d6f5..d67d41c937f 100644
--- a/chromium/net/spdy/spdy_framer.h
+++ b/chromium/net/spdy/spdy_framer.h
@@ -13,7 +13,6 @@
 #include <string>
 #include <utility>
 
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_piece.h"
 #include "base/sys_byteorder.h"
 #include "net/base/net_export.h"
@@ -112,12 +111,9 @@ class NET_EXPORT_PRIVATE SpdyFramerVisitorInterface {
   // |stream_id| The stream receiving data.
   // |data| A buffer containing the data received.
   // |len| The length of the data buffer.
-  // When the other side has finished sending data on this stream,
-  // this method will be called with a zero-length buffer.
   virtual void OnStreamFrameData(SpdyStreamId stream_id,
                                  const char* data,
-                                 size_t len,
-                                 bool fin) = 0;
+                                 size_t len) = 0;
 
   // Called when the other side has finished sending data on this stream.
   // |stream_id| The stream that was receivin data.
@@ -329,6 +325,7 @@ class NET_EXPORT_PRIVATE SpdyFramer {
   // SPDY error codes.
   enum SpdyError {
     SPDY_NO_ERROR,
+    SPDY_INVALID_STREAM_ID,            // Stream ID is invalid
     SPDY_INVALID_CONTROL_FRAME,        // Control frame is mal-formatted.
     SPDY_CONTROL_PAYLOAD_TOO_LARGE,    // Control frame payload was too large.
     SPDY_ZLIB_INIT_FAILURE,            // The Zlib library could not initialize.
@@ -337,6 +334,7 @@ class NET_EXPORT_PRIVATE SpdyFramer {
     SPDY_COMPRESS_FAILURE,             // There was an error compressing.
     SPDY_GOAWAY_FRAME_CORRUPT,         // GOAWAY frame could not be parsed.
     SPDY_RST_STREAM_FRAME_CORRUPT,     // RST_STREAM frame could not be parsed.
+    SPDY_INVALID_PADDING,              // HEADERS or DATA frame padding invalid
     SPDY_INVALID_DATA_FRAME_FLAGS,     // Data frame has invalid flags.
     SPDY_INVALID_CONTROL_FRAME_FLAGS,  // Control frame has invalid flags.
     SPDY_UNEXPECTED_FRAME,             // Frame received out of order.
@@ -544,12 +542,14 @@ class NET_EXPORT_PRIVATE SpdyFramer {
 
   bool probable_http_response() const { return probable_http_response_; }
 
-  SpdyPriority GetLowestPriority() const { return 7; }
+  SpdyPriority GetLowestPriority() const { return kV3LowestPriority; }
 
-  SpdyPriority GetHighestPriority() const { return 0; }
+  SpdyPriority GetHighestPriority() const { return kV3HighestPriority; }
 
-  // Interpolates SpdyPriority values into SPDY4/HTTP2 priority weights,
-  // and vice versa.
+  // Interpolates SpdyPriority values into SPDY4/HTTP2 priority weights, and
+  // vice versa. Note that these methods accept/return weight values in their
+  // on-the-wire form, i.e. in range [0, 255], rather than their effective
+  // values in range [1, 256].
   static uint8_t MapPriorityToWeight(SpdyPriority priority);
   static SpdyPriority MapWeightToPriority(uint8_t weight);
 
@@ -592,7 +592,7 @@ class NET_EXPORT_PRIVATE SpdyFramer {
     size_t len() const { return len_; }
 
    private:
-    scoped_ptr<char[]> buffer_;
+    std::unique_ptr<char[]> buffer_;
     size_t capacity_;
     size_t len_;
   };
@@ -632,6 +632,18 @@ class NET_EXPORT_PRIVATE SpdyFramer {
   size_t ProcessAltSvcFramePayload(const char* data, size_t len);
   size_t ProcessIgnoredControlFramePayload(/*const char* data,*/ size_t len);
 
+  // Validates the frame header against the current protocol, e.g.
+  // Frame type must be known, must specify a non-zero stream id.
+  //
+  // is_control_frame: the control bit for SPDY3
+  // frame_type_field: the unparsed frame type octet(s)
+  //
+  // For valid frames, returns the correct SpdyFrameType.
+  // Otherwise returns a best guess at invalid frame type,
+  // after setting the appropriate SpdyError.
+  SpdyFrameType ValidateFrameHeader(bool is_control_frame,
+                                    int frame_type_field);
+
   // TODO(jgraettinger): To be removed with migration to
   // SpdyHeadersHandlerInterface.  Serializes the last-processed
   // header block of |hpack_decoder_| as a SPDY3 format block, and
@@ -697,10 +709,11 @@ class NET_EXPORT_PRIVATE SpdyFramer {
   // frame data is streamed to the visitor.
   static const size_t kControlFrameBufferSize;
 
-  // The maximum size of the control frames that we support.
-  // This limit is arbitrary. We can enforce it here or at the application
-  // layer. We chose the framing layer, but this can be changed (or removed)
-  // if necessary later down the line.
+  // The maximum size of the control frames that we send, including the size of
+  // the header. This limit is arbitrary. We can enforce it here or at the
+  // application layer. We chose the framing layer, but this can be changed (or
+  // removed) if necessary later down the line.
+  // TODO(diannahu): Rename to make it clear that this limit is for sending.
   static const size_t kMaxControlFrameSize;
 
   SpdyState state_;
@@ -742,14 +755,14 @@ class NET_EXPORT_PRIVATE SpdyFramer {
   // current_frame_buffer_.
   SpdySettingsScratch settings_scratch_;
 
-  scoped_ptr<CharBuffer> altsvc_scratch_;
+  std::unique_ptr<CharBuffer> altsvc_scratch_;
 
   // SPDY header compressors.
-  scoped_ptr<z_stream> header_compressor_;
-  scoped_ptr<z_stream> header_decompressor_;
+  std::unique_ptr<z_stream> header_compressor_;
+  std::unique_ptr<z_stream> header_decompressor_;
 
-  scoped_ptr<HpackEncoder> hpack_encoder_;
-  scoped_ptr<HpackDecoder> hpack_decoder_;
+  std::unique_ptr<HpackEncoder> hpack_encoder_;
+  std::unique_ptr<HpackDecoder> hpack_decoder_;
 
   SpdyFramerVisitorInterface* visitor_;
   SpdyFramerDebugVisitorInterface* debug_visitor_;
@@ -789,11 +802,6 @@ class NET_EXPORT_PRIVATE SpdyFramer {
   // If true, then ProcessInput returns after processing a full frame,
   // rather than reading all available input.
   bool process_single_input_frame_ = false;
-
-  // Latched value of --FLAGS_spdy_on_stream_end.
-  // If true, OnStreamEnd will be called instead of the sentinel call of
-  // OnStreamFrameData(stream_id, nullptr, 0, true)
-  bool spdy_on_stream_end_;
 };
 
 }  // namespace net
diff --git a/chromium/net/spdy/spdy_framer_test.cc b/chromium/net/spdy/spdy_framer_test.cc
index 3c4724eb77b..1ce33951a21 100644
--- a/chromium/net/spdy/spdy_framer_test.cc
+++ b/chromium/net/spdy/spdy_framer_test.cc
@@ -14,8 +14,9 @@
 #include <vector>
 
 #include "base/compiler_specific.h"
+#include "base/logging.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
+#include "base/strings/string_number_conversions.h"
 #include "net/quic/quic_flags.h"
 #include "net/spdy/hpack/hpack_constants.h"
 #include "net/spdy/mock_spdy_framer_visitor.h"
@@ -94,8 +95,7 @@ class SpdyFramerTestUtil {
     }
     void OnStreamFrameData(SpdyStreamId stream_id,
                            const char* data,
-                           size_t len,
-                           bool fin) override {
+                           size_t len) override {
       LOG(FATAL);
     }
 
@@ -240,7 +240,7 @@ class SpdyFramerTestUtil {
 
    private:
     SpdyMajorVersion version_;
-    scoped_ptr<char[]> buffer_;
+    std::unique_ptr<char[]> buffer_;
     size_t size_;
     bool finished_;
 
@@ -297,65 +297,58 @@ class TestSpdyVisitor : public SpdyFramerVisitorInterface,
         header_buffer_valid_(false) {}
 
   void OnError(SpdyFramer* f) override {
-    LOG(INFO) << "SpdyFramer Error: "
-              << SpdyFramer::ErrorCodeToString(f->error_code());
+    VLOG(1) << "SpdyFramer Error: "
+            << SpdyFramer::ErrorCodeToString(f->error_code());
     ++error_count_;
   }
 
   void OnDataFrameHeader(SpdyStreamId stream_id,
                          size_t length,
                          bool fin) override {
+    VLOG(1) << "OnDataFrameHeader(" << stream_id << ", " << length << ", "
+            << fin << ")";
     ++data_frame_count_;
     header_stream_id_ = stream_id;
   }
 
   void OnStreamFrameData(SpdyStreamId stream_id,
                          const char* data,
-                         size_t len,
-                         bool fin) override {
+                         size_t len) override {
+    VLOG(1) << "OnStreamFrameData(" << stream_id << ", data, " << len << ", "
+            << ")   data:\n"
+            << base::HexEncode(data, len);
     EXPECT_EQ(header_stream_id_, stream_id);
-    if (!FLAGS_spdy_on_stream_end) {
-      if (len == 0) {
-        ++end_of_stream_count_;
-      }
-    }
-
     data_bytes_ += len;
-    LOG(INFO) << "OnStreamFrameData(" << stream_id << ", \"";
-    if (len > 0) {
-      for (size_t i = 0 ; i < len; ++i) {
-        LOG(INFO) << std::hex << (0xFF & static_cast<unsigned int>(data[i]))
-                  << std::dec;
-      }
-    }
-    LOG(INFO) << "\", " << len << ")\n";
   }
 
   void OnStreamEnd(SpdyStreamId stream_id) override {
-    LOG(INFO) << "OnStreamEnd(" << stream_id << ")";
+    VLOG(1) << "OnStreamEnd(" << stream_id << ")";
     EXPECT_EQ(header_stream_id_, stream_id);
     ++end_of_stream_count_;
   }
 
   void OnStreamPadding(SpdyStreamId stream_id, size_t len) override {
+    VLOG(1) << "OnStreamPadding(" << stream_id << ", " << len << ")\n";
     EXPECT_EQ(header_stream_id_, stream_id);
     data_bytes_ += len;
-    LOG(INFO) << "OnStreamPadding(" << stream_id << ", " << len << ")\n";
   }
 
   SpdyHeadersHandlerInterface* OnHeaderFrameStart(
       SpdyStreamId stream_id) override {
-    LOG(FATAL);
+    LOG(FATAL) << "OnHeaderFrameStart(" << stream_id << ")";
     return nullptr;
   }
 
   void OnHeaderFrameEnd(SpdyStreamId stream_id, bool end_headers) override {
-    LOG(FATAL);
+    LOG(FATAL) << "OnHeaderFrameEnd(" << stream_id << ", " << end_headers
+               << ")";
   }
 
   bool OnControlFrameHeaderData(SpdyStreamId stream_id,
                                 const char* header_data,
                                 size_t len) override {
+    VLOG(1) << "OnControlFrameHeaderData(" << stream_id << ", data, " << len
+            << ")";
     ++control_frame_header_data_count_;
     CHECK_EQ(header_stream_id_, stream_id);
     if (len == 0) {
@@ -381,6 +374,9 @@ class TestSpdyVisitor : public SpdyFramerVisitorInterface,
                    SpdyPriority priority,
                    bool fin,
                    bool unidirectional) override {
+    VLOG(1) << "OnSynStream(" << stream_id << ", " << associated_stream_id
+            << ", " << priority << ", " << (fin ? 1 : 0) << ", "
+            << (unidirectional ? 1 : 0) << ")";
     ++syn_frame_count_;
     if (framer_.protocol_version() == SPDY3) {
       InitHeaderStreaming(SYN_STREAM, stream_id);
@@ -406,6 +402,7 @@ class TestSpdyVisitor : public SpdyFramerVisitorInterface,
 
   void OnRstStream(SpdyStreamId stream_id,
                    SpdyRstStreamStatus status) override {
+    VLOG(1) << "OnRstStream(" << stream_id << ", " << status << ")";
     ++fin_frame_count_;
   }
 
@@ -417,24 +414,31 @@ class TestSpdyVisitor : public SpdyFramerVisitorInterface,
   }
 
   void OnSetting(SpdySettingsIds id, uint8_t flags, uint32_t value) override {
+    VLOG(1) << "OnSetting(" << id << ", " << std::hex << flags << ", " << value
+            << ")";
     ++setting_count_;
   }
 
   void OnSettingsAck() override {
+    VLOG(1) << "OnSettingsAck";
     DCHECK_EQ(HTTP2, framer_.protocol_version());
     ++settings_ack_received_;
   }
 
   void OnSettingsEnd() override {
+    VLOG(1) << "OnSettingsEnd";
     if (framer_.protocol_version() == HTTP2) {
       ++settings_ack_sent_;
     }
   }
 
-  void OnPing(SpdyPingId unique_id, bool is_ack) override { DLOG(FATAL); }
+  void OnPing(SpdyPingId unique_id, bool is_ack) override {
+    LOG(DFATAL) << "OnPing(" << unique_id << ", " << (is_ack ? 1 : 0) << ")";
+  }
 
   void OnGoAway(SpdyStreamId last_accepted_stream_id,
                 SpdyGoAwayStatus status) override {
+    VLOG(1) << "OnGoAway(" << last_accepted_stream_id << ", " << status << ")";
     ++goaway_count_;
   }
 
@@ -445,6 +449,9 @@ class TestSpdyVisitor : public SpdyFramerVisitorInterface,
                  bool exclusive,
                  bool fin,
                  bool end) override {
+    VLOG(1) << "OnHeaders(" << stream_id << ", " << has_priority << ", "
+            << priority << ", " << parent_stream_id << ", " << exclusive << ", "
+            << fin << ", " << end << ")";
     ++headers_frame_count_;
     InitHeaderStreaming(HEADERS, stream_id);
     if (fin) {
@@ -456,6 +463,8 @@ class TestSpdyVisitor : public SpdyFramerVisitorInterface,
   }
 
   void OnWindowUpdate(SpdyStreamId stream_id, int delta_window_size) override {
+    VLOG(1) << "OnWindowUpdate(" << stream_id << ", " << delta_window_size
+            << ")";
     last_window_update_stream_ = stream_id;
     last_window_update_delta_ = delta_window_size;
   }
@@ -463,6 +472,8 @@ class TestSpdyVisitor : public SpdyFramerVisitorInterface,
   void OnPushPromise(SpdyStreamId stream_id,
                      SpdyStreamId promised_stream_id,
                      bool end) override {
+    VLOG(1) << "OnPushPromise(" << stream_id << ", " << promised_stream_id
+            << ", " << end << ")";
     ++push_promise_frame_count_;
     InitHeaderStreaming(PUSH_PROMISE, stream_id);
     last_push_promise_stream_ = stream_id;
@@ -470,6 +481,7 @@ class TestSpdyVisitor : public SpdyFramerVisitorInterface,
   }
 
   void OnContinuation(SpdyStreamId stream_id, bool end) override {
+    VLOG(1) << "OnContinuation(" << stream_id << ", " << end << ")";
     ++continuation_count_;
   }
 
@@ -477,6 +489,8 @@ class TestSpdyVisitor : public SpdyFramerVisitorInterface,
                 StringPiece origin,
                 const SpdyAltSvcWireFormat::AlternativeServiceVector&
                     altsvc_vector) override {
+    VLOG(1) << "OnAltSvc(" << stream_id << ", \"" << origin
+            << "\", altsvc_vector)";
     test_altsvc_ir_.set_stream_id(stream_id);
     if (origin.length() > 0) {
       test_altsvc_ir_.set_origin(origin.as_string());
@@ -492,11 +506,13 @@ class TestSpdyVisitor : public SpdyFramerVisitorInterface,
                   SpdyStreamId parent_stream_id,
                   uint8_t weight,
                   bool exclusive) override {
+    VLOG(1) << "OnPriority(" << stream_id << ", " << parent_stream_id << ", "
+            << weight << ", " << (exclusive ? 1 : 0) << ")";
     ++priority_count_;
   }
 
   bool OnUnknownFrame(SpdyStreamId stream_id, int frame_type) override {
-    DLOG(INFO) << "Unknown frame type " << frame_type;
+    VLOG(1) << "OnUnknownFrame(" << stream_id << ", " << frame_type << ")";
     return on_unknown_frame_result_;
   }
 
@@ -504,6 +520,8 @@ class TestSpdyVisitor : public SpdyFramerVisitorInterface,
                              SpdyFrameType type,
                              size_t payload_len,
                              size_t frame_len) override {
+    VLOG(1) << "OnSendCompressedFrame(" << stream_id << ", " << type << ", "
+            << payload_len << ", " << frame_len << ")";
     last_payload_len_ = payload_len;
     last_frame_len_ = frame_len;
   }
@@ -511,6 +529,8 @@ class TestSpdyVisitor : public SpdyFramerVisitorInterface,
   void OnReceiveCompressedFrame(SpdyStreamId stream_id,
                                 SpdyFrameType type,
                                 size_t frame_len) override {
+    VLOG(1) << "OnReceiveCompressedFrame(" << stream_id << ", " << type << ", "
+            << frame_len << ")";
     last_frame_len_ = frame_len;
   }
 
@@ -563,6 +583,12 @@ class TestSpdyVisitor : public SpdyFramerVisitorInterface,
     return SpdyFramer::kMaxControlFrameSize;
   }
 
+  // Largest control frame that the SPDY implementation is willing to receive,
+  // excluding the size of the header.
+  static size_t received_control_frame_max_size() {
+    return kSpdyInitialFrameSizeLimit;
+  }
+
   static size_t header_data_chunk_max_size() {
     return SpdyFramer::kHeaderDataChunkMaxSize;
   }
@@ -602,7 +628,7 @@ class TestSpdyVisitor : public SpdyFramerVisitorInterface,
   size_t last_frame_len_;
 
   // Header block streaming state:
-  scoped_ptr<char[]> header_buffer_;
+  std::unique_ptr<char[]> header_buffer_;
   size_t header_buffer_length_;
   size_t header_buffer_size_;
   SpdyStreamId header_stream_id_;
@@ -803,6 +829,150 @@ TEST_P(SpdyFramerTest, HeaderStreamDependencyValues) {
   }
 }
 
+// Test that if we receive a DATA frame with padding length larger than the
+// payload length, we set an error of SPDY_INVALID_PADDING
+TEST_P(SpdyFramerTest, OversizedDataPaddingError) {
+  if (!IsHttp2()) {
+    return;
+  }
+
+  testing::StrictMock<test::MockSpdyFramerVisitor> visitor;
+  SpdyFramer framer(spdy_version_);
+  framer.set_visitor(&visitor);
+
+  // DATA frame with invalid padding length.
+  // |kH2FrameData| has to be |unsigned char|, because Chromium on Windows uses
+  // MSVC, where |char| is signed by default, which would not compile because of
+  // the element exceeding 127.
+  unsigned char kH2FrameData[] = {
+      0x00, 0x00, 0x05,        // Length
+      0x00,                    // Type (DATA)
+      0x09,                    // Flags (PADDED, END_STREAM)
+      0x00, 0x00, 0x00, 0x01,  // Stream id
+      0xFF,                    // Padding length (here larger than length)
+      0x00, 0x00, 0x00, 0x00,  // Arbitrary data payload
+  };
+
+  SpdySerializedFrame frame(reinterpret_cast<char*>(kH2FrameData),
+                            sizeof(kH2FrameData), false);
+
+  {
+    testing::InSequence seq;
+    EXPECT_CALL(visitor, OnDataFrameHeader(1, 5, 1));
+    EXPECT_CALL(visitor, OnStreamPadding(1, 1));
+    EXPECT_CALL(visitor, OnError(testing::Eq(&framer)));
+  }
+  EXPECT_GT(frame.size(), framer.ProcessInput(frame.data(), frame.size()));
+  EXPECT_TRUE(framer.HasError());
+  EXPECT_EQ(SpdyFramer::SPDY_INVALID_PADDING, framer.error_code())
+      << SpdyFramer::ErrorCodeToString(framer.error_code());
+}
+
+// Test that if we receive a DATA frame with padding length not larger than the
+// payload length, we do not set an error of SPDY_INVALID_PADDING
+TEST_P(SpdyFramerTest, CorrectlySizedDataPaddingNoError) {
+  if (!IsHttp2()) {
+    return;
+  }
+
+  testing::StrictMock<test::MockSpdyFramerVisitor> visitor;
+  SpdyFramer framer(spdy_version_);
+  framer.set_visitor(&visitor);
+
+  // DATA frame with valid Padding length
+  char kH2FrameData[] = {
+      0x00, 0x00, 0x05,        // Length
+      0x00,                    // Type (DATA)
+      0x08,                    // Flags (PADDED)
+      0x00, 0x00, 0x00, 0x01,  // Stream id
+      0x04,                    // Padding length (here one less than length)
+      0x00, 0x00, 0x00, 0x00,  // Padding bytes
+  };
+
+  SpdySerializedFrame frame(kH2FrameData, sizeof(kH2FrameData), false);
+
+  {
+    testing::InSequence seq;
+    EXPECT_CALL(visitor, OnDataFrameHeader(1, 5, false));
+    EXPECT_CALL(visitor, OnStreamPadding(1, 1));
+    EXPECT_CALL(visitor, OnError(testing::Eq(&framer))).Times(0);
+    // Note that OnStreamFrameData(1, _, 1)) is never called
+    // since there is no data, only padding
+    EXPECT_CALL(visitor, OnStreamPadding(1, 4));
+  }
+
+  EXPECT_EQ(frame.size(), framer.ProcessInput(frame.data(), frame.size()));
+  EXPECT_FALSE(framer.HasError());
+  EXPECT_EQ(SpdyFramer::SPDY_NO_ERROR, framer.error_code())
+      << SpdyFramer::ErrorCodeToString(framer.error_code());
+}
+
+// Test that if we receive a HEADERS frame with padding length larger than the
+// payload length, we set an error of SPDY_INVALID_PADDING
+TEST_P(SpdyFramerTest, OversizedHeadersPaddingError) {
+  if (!IsHttp2()) {
+    return;
+  }
+
+  testing::StrictMock<test::MockSpdyFramerVisitor> visitor;
+  SpdyFramer framer(spdy_version_);
+  framer.set_visitor(&visitor);
+
+  // HEADERS frame with invalid padding length.
+  // |kH2FrameData| has to be |unsigned char|, because Chromium on Windows uses
+  // MSVC, where |char| is signed by default, which would not compile because of
+  // the element exceeding 127.
+  unsigned char kH2FrameData[] = {
+      0x00, 0x00, 0x05,        // Length
+      0x01,                    // Type (HEADERS)
+      0x08,                    // Flags (PADDED)
+      0x00, 0x00, 0x00, 0x01,  // Stream id
+      0xFF,                    // Padding length (here larger than length)
+      0x00, 0x00, 0x00, 0x00,  // Arbitrary data payload
+  };
+
+  SpdySerializedFrame frame(reinterpret_cast<char*>(kH2FrameData),
+                            sizeof(kH2FrameData), false);
+
+  EXPECT_CALL(visitor, OnHeaders(1, false, 0, 0, false, false, false));
+  EXPECT_CALL(visitor, OnError(testing::Eq(&framer)));
+  EXPECT_EQ(frame.size(), framer.ProcessInput(frame.data(), frame.size()));
+  EXPECT_TRUE(framer.HasError());
+  EXPECT_EQ(SpdyFramer::SPDY_INVALID_PADDING, framer.error_code())
+      << SpdyFramer::ErrorCodeToString(framer.error_code());
+}
+
+// Test that if we receive a HEADERS frame with padding length not larger
+// than the payload length, we do not set an error of SPDY_INVALID_PADDING
+TEST_P(SpdyFramerTest, CorrectlySizedHeadersPaddingNoError) {
+  if (!IsHttp2()) {
+    return;
+  }
+
+  testing::StrictMock<test::MockSpdyFramerVisitor> visitor;
+  SpdyFramer framer(spdy_version_);
+  framer.set_visitor(&visitor);
+
+  // HEADERS frame with invalid Padding length
+  char kH2FrameData[] = {
+      0x00, 0x00, 0x05,        // Length
+      0x01,                    // Type (HEADERS)
+      0x08,                    // Flags (PADDED)
+      0x00, 0x00, 0x00, 0x01,  // Stream id
+      0x04,                    // Padding length
+      0x00, 0x00, 0x00, 0x00,  // Padding
+  };
+
+  SpdySerializedFrame frame(kH2FrameData, sizeof(kH2FrameData), false);
+
+  EXPECT_CALL(visitor, OnHeaders(1, false, 0, 0, false, false, false));
+
+  EXPECT_EQ(frame.size(), framer.ProcessInput(frame.data(), frame.size()));
+  EXPECT_FALSE(framer.HasError());
+  EXPECT_EQ(SpdyFramer::SPDY_NO_ERROR, framer.error_code())
+      << SpdyFramer::ErrorCodeToString(framer.error_code());
+}
+
 // Test that if we receive a SYN_REPLY with stream ID zero, we signal an error
 // (but don't crash).
 TEST_P(SpdyFramerTest, SynReplyWithStreamIdZero) {
@@ -826,6 +996,29 @@ TEST_P(SpdyFramerTest, SynReplyWithStreamIdZero) {
       << SpdyFramer::ErrorCodeToString(framer.error_code());
 }
 
+// Test that if we receive a DATA with stream ID zero, we signal an error
+// (but don't crash).
+TEST_P(SpdyFramerTest, DataWithStreamIdZero) {
+  if (!IsHttp2()) {
+    return;
+  }
+
+  testing::StrictMock<test::MockSpdyFramerVisitor> visitor;
+  SpdyFramer framer(spdy_version_);
+  framer.set_visitor(&visitor);
+
+  const char bytes[] = "hello";
+  SpdyDataIR data_ir(0, bytes);
+  SpdySerializedFrame frame(framer.SerializeData(data_ir));
+
+  // We shouldn't have to read the whole frame before we signal an error.
+  EXPECT_CALL(visitor, OnError(testing::Eq(&framer)));
+  EXPECT_GT(frame.size(), framer.ProcessInput(frame.data(), frame.size()));
+  EXPECT_TRUE(framer.HasError());
+  EXPECT_EQ(SpdyFramer::SPDY_INVALID_STREAM_ID, framer.error_code())
+      << SpdyFramer::ErrorCodeToString(framer.error_code());
+}
+
 // Test that if we receive a HEADERS with stream ID zero, we signal an error
 // (but don't crash).
 TEST_P(SpdyFramerTest, HeadersWithStreamIdZero) {
@@ -841,12 +1034,149 @@ TEST_P(SpdyFramerTest, HeadersWithStreamIdZero) {
   EXPECT_CALL(visitor, OnError(testing::Eq(&framer)));
   EXPECT_GT(frame.size(), framer.ProcessInput(frame.data(), frame.size()));
   EXPECT_TRUE(framer.HasError());
-  EXPECT_EQ(SpdyFramer::SPDY_INVALID_CONTROL_FRAME, framer.error_code())
+  if (IsHttp2()) {
+    EXPECT_EQ(SpdyFramer::SPDY_INVALID_STREAM_ID, framer.error_code())
+        << SpdyFramer::ErrorCodeToString(framer.error_code());
+  } else {
+    EXPECT_EQ(SpdyFramer::SPDY_INVALID_CONTROL_FRAME, framer.error_code())
+        << SpdyFramer::ErrorCodeToString(framer.error_code());
+  }
+}
+
+// Test that if we receive a PRIORITY with stream ID zero, we signal an error
+// (but don't crash).
+TEST_P(SpdyFramerTest, PriorityWithStreamIdZero) {
+  if (!IsHttp2()) {
+    return;
+  }
+
+  testing::StrictMock<test::MockSpdyFramerVisitor> visitor;
+  SpdyFramer framer(spdy_version_);
+  framer.set_visitor(&visitor);
+
+  SpdyPriorityIR priority_ir(0, 1, 16, true);
+  SpdySerializedFrame frame(framer.SerializeFrame(priority_ir));
+
+  // We shouldn't have to read the whole frame before we signal an error.
+  EXPECT_CALL(visitor, OnError(testing::Eq(&framer)));
+  EXPECT_GT(frame.size(), framer.ProcessInput(frame.data(), frame.size()));
+  EXPECT_TRUE(framer.HasError());
+  EXPECT_EQ(SpdyFramer::SPDY_INVALID_STREAM_ID, framer.error_code())
+      << SpdyFramer::ErrorCodeToString(framer.error_code());
+}
+
+// Test that if we receive a RST_STREAM with stream ID zero, we signal an error
+// (but don't crash).
+TEST_P(SpdyFramerTest, RstStreamWithStreamIdZero) {
+  if (!IsHttp2()) {
+    return;
+  }
+
+  testing::StrictMock<test::MockSpdyFramerVisitor> visitor;
+  SpdyFramer framer(spdy_version_);
+  framer.set_visitor(&visitor);
+
+  SpdyRstStreamIR rst_stream_ir(0, RST_STREAM_PROTOCOL_ERROR);
+  SpdySerializedFrame frame(framer.SerializeRstStream(rst_stream_ir));
+
+  // We shouldn't have to read the whole frame before we signal an error.
+  EXPECT_CALL(visitor, OnError(testing::Eq(&framer)));
+  EXPECT_GT(frame.size(), framer.ProcessInput(frame.data(), frame.size()));
+  EXPECT_TRUE(framer.HasError());
+  EXPECT_EQ(SpdyFramer::SPDY_INVALID_STREAM_ID, framer.error_code())
+      << SpdyFramer::ErrorCodeToString(framer.error_code());
+}
+
+// Test that if we receive a SETTINGS with stream ID other than zero,
+// we signal an error (but don't crash).
+TEST_P(SpdyFramerTest, SettingsWithStreamIdNotZero) {
+  if (!IsHttp2()) {
+    return;
+  }
+
+  testing::StrictMock<test::MockSpdyFramerVisitor> visitor;
+  SpdyFramer framer(spdy_version_);
+  framer.set_visitor(&visitor);
+
+  // Settings frame with invalid StreamID of 0x01
+  char kH2FrameData[] = {
+      0x00, 0x00, 0x06,        // Length
+      0x04,                    // Type (SETTINGS)
+      0x00,                    // Flags
+      0x00, 0x00, 0x00, 0x01,  // Stream id
+      0x00, 0x04,              // Setting id
+      0x0a, 0x0b, 0x0c, 0x0d,  // Setting value
+  };
+
+  SpdySerializedFrame frame(kH2FrameData, sizeof(kH2FrameData), false);
+
+  // We shouldn't have to read the whole frame before we signal an error.
+  EXPECT_CALL(visitor, OnError(testing::Eq(&framer)));
+  EXPECT_GT(frame.size(), framer.ProcessInput(frame.data(), frame.size()));
+  EXPECT_TRUE(framer.HasError());
+  EXPECT_EQ(SpdyFramer::SPDY_INVALID_STREAM_ID, framer.error_code())
+      << SpdyFramer::ErrorCodeToString(framer.error_code());
+}
+
+// Test that if we receive a GOAWAY with stream ID other than zero,
+// we signal an error (but don't crash).
+TEST_P(SpdyFramerTest, GoawayWithStreamIdNotZero) {
+  if (!IsHttp2()) {
+    return;
+  }
+
+  testing::StrictMock<test::MockSpdyFramerVisitor> visitor;
+  SpdyFramer framer(spdy_version_);
+  framer.set_visitor(&visitor);
+
+  // GOAWAY frame with invalid StreamID of 0x01
+  char kH2FrameData[] = {
+      0x00, 0x00, 0x0a,        // Length
+      0x07,                    // Type (GOAWAY)
+      0x00,                    // Flags
+      0x00, 0x00, 0x00, 0x01,  // Stream id
+      0x00, 0x00, 0x00, 0x00,  // Last-stream ID
+      0x00, 0x00, 0x00, 0x00,  // Error code
+      0x47, 0x41,              // Opaque Description
+  };
+
+  SpdySerializedFrame frame(kH2FrameData, sizeof(kH2FrameData), false);
+
+  // We shouldn't have to read the whole frame before we signal an error.
+  EXPECT_CALL(visitor, OnError(testing::Eq(&framer)));
+  EXPECT_GT(frame.size(), framer.ProcessInput(frame.data(), frame.size()));
+  EXPECT_TRUE(framer.HasError());
+  EXPECT_EQ(SpdyFramer::SPDY_INVALID_STREAM_ID, framer.error_code())
+      << SpdyFramer::ErrorCodeToString(framer.error_code());
+}
+
+// Test that if we receive a CONTINUATION with stream ID zero, we signal an
+// SPDY_INVALID_STREAM_ID.
+TEST_P(SpdyFramerTest, ContinuationWithStreamIdZero) {
+  if (!IsHttp2()) {
+    return;
+  }
+
+  testing::StrictMock<test::MockSpdyFramerVisitor> visitor;
+  SpdyFramer framer(spdy_version_);
+  framer.set_visitor(&visitor);
+
+  SpdyContinuationIR continuation(0);
+  continuation.SetHeader("bar", "foo");
+  continuation.SetHeader("foo", "bar");
+  continuation.set_end_headers(true);
+  SpdySerializedFrame frame(framer.SerializeContinuation(continuation));
+
+  // We shouldn't have to read the whole frame before we signal an error.
+  EXPECT_CALL(visitor, OnError(testing::Eq(&framer)));
+  EXPECT_GT(frame.size(), framer.ProcessInput(frame.data(), frame.size()));
+  EXPECT_TRUE(framer.HasError());
+  EXPECT_EQ(SpdyFramer::SPDY_INVALID_STREAM_ID, framer.error_code())
       << SpdyFramer::ErrorCodeToString(framer.error_code());
 }
 
 // Test that if we receive a PUSH_PROMISE with stream ID zero, we signal an
-// error (but don't crash).
+// SPDY_INVALID_STREAM_ID.
 TEST_P(SpdyFramerTest, PushPromiseWithStreamIdZero) {
   if (!IsHttp2()) {
     return;
@@ -864,12 +1194,12 @@ TEST_P(SpdyFramerTest, PushPromiseWithStreamIdZero) {
   EXPECT_CALL(visitor, OnError(testing::Eq(&framer)));
   EXPECT_GT(frame.size(), framer.ProcessInput(frame.data(), frame.size()));
   EXPECT_TRUE(framer.HasError());
-  EXPECT_EQ(SpdyFramer::SPDY_INVALID_CONTROL_FRAME, framer.error_code())
+  EXPECT_EQ(SpdyFramer::SPDY_INVALID_STREAM_ID, framer.error_code())
       << SpdyFramer::ErrorCodeToString(framer.error_code());
 }
 
 // Test that if we receive a PUSH_PROMISE with promised stream ID zero, we
-// signal an error (but don't crash).
+// signal SPDY_INVALID_STREAM_ID.
 TEST_P(SpdyFramerTest, PushPromiseWithPromisedStreamIdZero) {
   if (!IsHttp2()) {
     return;
@@ -983,7 +1313,7 @@ TEST_P(SpdyFramerTest, BasicCompression) {
     return;
   }
 
-  scoped_ptr<TestSpdyVisitor> visitor(new TestSpdyVisitor(spdy_version_));
+  std::unique_ptr<TestSpdyVisitor> visitor(new TestSpdyVisitor(spdy_version_));
   SpdyFramer framer(spdy_version_);
   framer.set_debug_visitor(visitor.get());
   SpdySynStreamIR syn_stream(1);
@@ -1165,12 +1495,10 @@ TEST_P(SpdyFramerTest, Basic) {
     0x00, 0x00, 0x00, 0x00,
     0x03,
 
-    0x00, 0x00, 0x0f, 0x03,  // RST_STREAM on Stream #3
+    0x00, 0x00, 0x04, 0x03,  // RST_STREAM on Stream #3
     0x00, 0x00, 0x00, 0x00,
     0x03, 0x00, 0x00, 0x00,  // RST_STREAM_CANCEL
-    0x08, 0x52, 0x45, 0x53,  // opaque data
-    0x45, 0x54, 0x53, 0x54,
-    0x52, 0x45, 0x41, 0x4d,
+    0x08,
   };
 
   TestSpdyVisitor visitor(spdy_version_);
@@ -1192,8 +1520,7 @@ TEST_P(SpdyFramerTest, Basic) {
   } else {
     EXPECT_EQ(3, visitor.headers_frame_count_);
     EXPECT_EQ(0, visitor.syn_frame_count_);
-    StringPiece reset_stream = "RESETSTREAM";
-    EXPECT_EQ(reset_stream, visitor.fin_opaque_data_);
+    EXPECT_TRUE(visitor.fin_opaque_data_.empty());
   }
 
   EXPECT_EQ(0, visitor.fin_flag_count_);
@@ -1753,7 +2080,7 @@ TEST_P(SpdyFramerTest, CreateDataFrame) {
     };
 
     const int kFrameSize = arraysize(kFrameHeader) + kDataSize;
-    scoped_ptr<unsigned char[]> expected_frame_data(
+    std::unique_ptr<unsigned char[]> expected_frame_data(
         new unsigned char[kFrameSize]);
     memcpy(expected_frame_data.get(), kFrameHeader, arraysize(kFrameHeader));
     memset(expected_frame_data.get() + arraysize(kFrameHeader), 'A', kDataSize);
@@ -2806,17 +3133,19 @@ TEST_P(SpdyFramerTest, CreatePushPromiseUncompressed) {
     const char kDescription[] = "PUSH_PROMISE frame without padding";
 
     const unsigned char kFrameData[] = {
-        0x00, 0x00, 0x16, 0x05,  // PUSH_PROMISE
-        0x04, 0x00, 0x00, 0x00,  // END_HEADERS
-        0x2a, 0x00, 0x00, 0x00,  // Stream 42
-        0x39, 0x00, 0x03, 0x62,  // Promised stream 57, @.b
+        0x00, 0x00, 0x16,        // Length 22
+        0x05,                    // PUSH_PROMISE
+        0x04,                    // END_HEADERS
+        0x00, 0x00, 0x00, 0x29,  // Stream 41
+        0x00, 0x00, 0x00, 0x3a,  // Promised stream 58
+        0x00, 0x03, 0x62,        // @.b
         0x61, 0x72, 0x03, 0x66,  // ar.f
         0x6f, 0x6f, 0x00, 0x03,  // oo@.
         0x66, 0x6f, 0x6f, 0x03,  // foo.
         0x62, 0x61, 0x72,        // bar
     };
 
-    SpdyPushPromiseIR push_promise(42, 57);
+    SpdyPushPromiseIR push_promise(41, 58);
     push_promise.SetHeader("bar", "foo");
     push_promise.SetHeader("foo", "bar");
     SpdySerializedFrame frame(framer.SerializePushPromise(push_promise));
@@ -2830,17 +3159,20 @@ TEST_P(SpdyFramerTest, CreatePushPromiseUncompressed) {
     const char kDescription[] = "PUSH_PROMISE frame with one byte of padding";
 
     const unsigned char kFrameData[] = {
-        0x00, 0x00, 0x17, 0x05,  // PUSH_PROMISE
-        0x0c, 0x00, 0x00, 0x00,  // END_HEADERS | PADDED
-        0x2a, 0x00, 0x00, 0x00,  // Stream 42, Pad length field
-        0x00, 0x39, 0x00, 0x03,  // Promised stream 57
+        0x00, 0x00, 0x17,
+        0x05,                    // PUSH_PROMISE
+        0x0c,                    // END_HEADERS | PADDED
+        0x00, 0x00, 0x00, 0x29,  // Stream 41,
+        0x00,                    //  Pad length field
+        0x00, 0x00, 0x00, 0x3a,  // Promised stream 58
+        0x00, 0x03,              // @.
         0x62, 0x61, 0x72, 0x03,  // bar.
         0x66, 0x6f, 0x6f, 0x00,  // foo@
         0x03, 0x66, 0x6f, 0x6f,  // .foo
         0x03, 0x62, 0x61, 0x72,  // .bar
     };
 
-    SpdyPushPromiseIR push_promise(42, 57);
+    SpdyPushPromiseIR push_promise(41, 58);
     push_promise.set_padding_len(1);
     push_promise.SetHeader("bar", "foo");
     push_promise.SetHeader("foo", "bar");
@@ -2934,6 +3266,39 @@ TEST_P(SpdyFramerTest, CreateContinuationUncompressed) {
   CompareFrame(kDescription, frame, kFrameData, arraysize(kFrameData));
 }
 
+// Test that if we send an unexpected CONTINUATION
+// we signal an error (but don't crash).
+TEST_P(SpdyFramerTest, SendUnexpectedContinuation) {
+  if (!IsHttp2()) {
+    return;
+  }
+
+  testing::StrictMock<test::MockSpdyFramerVisitor> visitor;
+  SpdyFramer framer(spdy_version_);
+  framer.set_visitor(&visitor);
+
+  char kH2FrameData[] = {
+      0x00, 0x00, 0x12,        // Length
+      0x09,                    // Type (CONTINUATION)
+      0x04,                    // Flags (end_headers)
+      0x00, 0x00, 0x00, 0x2a,  // Stream 42
+      0x00, 0x03, 0x62,        // @.b
+      0x61, 0x72, 0x03, 0x66,  // ar.f
+      0x6f, 0x6f, 0x00, 0x03,  // oo@.
+      0x66, 0x6f, 0x6f, 0x03,  // foo.
+      0x62, 0x61, 0x72,        // bar
+  };
+
+  SpdySerializedFrame frame(kH2FrameData, sizeof(kH2FrameData), false);
+
+  // We shouldn't have to read the whole frame before we signal an error.
+  EXPECT_CALL(visitor, OnError(testing::Eq(&framer)));
+  EXPECT_GT(frame.size(), framer.ProcessInput(frame.data(), frame.size()));
+  EXPECT_TRUE(framer.HasError());
+  EXPECT_EQ(SpdyFramer::SPDY_UNEXPECTED_FRAME, framer.error_code())
+      << SpdyFramer::ErrorCodeToString(framer.error_code());
+}
+
 TEST_P(SpdyFramerTest, CreatePushPromiseThenContinuationUncompressed) {
   if (!IsHttp2()) {
     return;
@@ -3046,20 +3411,19 @@ TEST_P(SpdyFramerTest, CreateAltSvc) {
   const char kType = static_cast<unsigned char>(
       SpdyConstants::SerializeFrameType(spdy_version_, ALTSVC));
   const unsigned char kFrameData[] = {
-      0x00, 0x00, 0x53, kType, 0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x06, 'o',
+      0x00, 0x00, 0x49, kType, 0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x06, 'o',
       'r',  'i',  'g',  'i',   'n',  'p',  'i',  'd',  '1',  '=',  '"',  'h',
       'o',  's',  't',  ':',   '4',  '4',  '3',  '"',  ';',  ' ',  'm',  'a',
       '=',  '5',  ',',  'p',   '%',  '2',  '2',  '%',  '3',  'D',  'i',  '%',
       '3',  'A',  'd',  '=',   '"',  'h',  '_',  '\\', '\\', 'o',  '\\', '"',
       's',  't',  ':',  '1',   '2',  '3',  '"',  ';',  ' ',  'm',  'a',  '=',
-      '4',  '2',  ';',  ' ',   'p',  '=',  '"',  '0',  '.',  '2',  '0',  '"',
-      ';',  ' ',  'v',  '=',   '"',  '2',  '4',  '"'};
+      '4',  '2',  ';',  ' ',   'v',  '=',  '"',  '2',  '4',  '"'};
   SpdyAltSvcIR altsvc_ir(3);
   altsvc_ir.set_origin("origin");
   altsvc_ir.add_altsvc(SpdyAltSvcWireFormat::AlternativeService(
-      "pid1", "host", 443, 5, 1.0, SpdyAltSvcWireFormat::VersionVector{}));
+      "pid1", "host", 443, 5, SpdyAltSvcWireFormat::VersionVector()));
   altsvc_ir.add_altsvc(SpdyAltSvcWireFormat::AlternativeService(
-      "p\"=i:d", "h_\\o\"st", 123, 42, 0.2,
+      "p\"=i:d", "h_\\o\"st", 123, 42,
       SpdyAltSvcWireFormat::VersionVector{24}));
   SpdySerializedFrame frame(framer.SerializeFrame(altsvc_ir));
   CompareFrame(kDescription, frame, kFrameData, arraysize(kFrameData));
@@ -3217,7 +3581,7 @@ TEST_P(SpdyFramerTest, ControlFrameAtMaxSizeLimit) {
   EXPECT_LT(kBigValueSize, visitor.header_buffer_length_);
 }
 
-TEST_P(SpdyFramerTest, ControlFrameMaximumSize) {
+TEST_P(SpdyFramerTest, ControlFrameTooLarge) {
   if (!IsSpdy3()) {
     // TODO(jgraettinger): This test setup doesn't work with HPACK.
     return;
@@ -3232,26 +3596,34 @@ TEST_P(SpdyFramerTest, ControlFrameMaximumSize) {
   syn_stream.set_priority(1);
   SpdySerializedFrame control_frame(framer.SerializeSynStream(syn_stream));
   const size_t kBigValueSize =
-      SpdyConstants::GetFrameMaximumSize(spdy_version_) - control_frame.size();
+      TestSpdyVisitor::received_control_frame_max_size() +
+      SpdyConstants::GetControlFrameHeaderSize(spdy_version_) -
+      control_frame.size() + 1;
 
   // Create a frame at exatly that size.
   string big_value(kBigValueSize, 'x');
   syn_stream.SetHeader("aa", big_value);
-  // Upstream branches here and wraps HTTP/2 with EXPECT_DEBUG_DFATAL. We
-  // neither support that in Chromium, nor do we use the same DFATAL (see
-  // SpdyFrameBuilder::WriteFramePrefix()).
-  control_frame = framer.SerializeSynStream(syn_stream);
-
-  EXPECT_EQ(SpdyConstants::GetFrameMaximumSize(spdy_version_),
+  if (IsSpdy3()) {
+    control_frame = framer.SerializeSynStream(syn_stream);
+  } else {
+    EXPECT_SPDY_BUG({ control_frame = framer.SerializeSynStream(syn_stream); },
+                    "Serializing frame over-capacity.");
+  }
+  EXPECT_EQ(TestSpdyVisitor::received_control_frame_max_size() +
+                SpdyConstants::GetControlFrameHeaderSize(spdy_version_) + 1,
             control_frame.size());
 
   TestSpdyVisitor visitor(spdy_version_);
   visitor.SimulateInFramer(
       reinterpret_cast<unsigned char*>(control_frame.data()),
       control_frame.size());
-  EXPECT_TRUE(visitor.header_buffer_valid_);
-  EXPECT_EQ(0, visitor.error_count_);
-  EXPECT_EQ(1, visitor.syn_frame_count_);
+  EXPECT_FALSE(visitor.header_buffer_valid_);
+  EXPECT_EQ(1, visitor.error_count_);
+  EXPECT_EQ(SpdyFramer::SPDY_CONTROL_PAYLOAD_TOO_LARGE,
+            visitor.framer_.error_code())
+      << SpdyFramer::ErrorCodeToString(visitor.framer_.error_code());
+  EXPECT_EQ(0, visitor.syn_frame_count_);
+  EXPECT_EQ(0u, visitor.header_buffer_length_);
 }
 
 TEST_P(SpdyFramerTest, TooLargeHeadersFrameUsesContinuation) {
@@ -3339,7 +3711,7 @@ TEST_P(SpdyFramerTest, ControlFrameMuchTooLarge) {
   EXPECT_EQ(1, visitor.error_count_);
   EXPECT_EQ(SpdyFramer::SPDY_CONTROL_PAYLOAD_TOO_LARGE,
             visitor.framer_.error_code())
-      << SpdyFramer::ErrorCodeToString(framer.error_code());
+      << SpdyFramer::ErrorCodeToString(visitor.framer_.error_code());
 
   // The framer should have stoped delivering chunks after the visitor
   // signaled "stop" by returning false from OnControlFrameHeaderData().
@@ -3378,7 +3750,7 @@ TEST_P(SpdyFramerTest, DecompressCorruptHeaderBlock) {
       control_frame.size());
   EXPECT_EQ(1, visitor.error_count_);
   EXPECT_EQ(SpdyFramer::SPDY_DECOMPRESS_FAILURE, visitor.framer_.error_code())
-      << SpdyFramer::ErrorCodeToString(framer.error_code());
+      << SpdyFramer::ErrorCodeToString(visitor.framer_.error_code());
   EXPECT_EQ(0u, visitor.header_buffer_length_);
 }
 
@@ -3426,7 +3798,7 @@ TEST_P(SpdyFramerTest, ControlFrameSizesAreValidated) {
   EXPECT_EQ(1, visitor.error_count_);  // This generated an error.
   EXPECT_EQ(SpdyFramer::SPDY_INVALID_CONTROL_FRAME,
             visitor.framer_.error_code())
-      << SpdyFramer::ErrorCodeToString(framer.error_code());
+      << SpdyFramer::ErrorCodeToString(visitor.framer_.error_code());
   EXPECT_EQ(0, visitor.goaway_count_);  // Frame not parsed.
 }
 
@@ -3710,14 +4082,14 @@ TEST_P(SpdyFramerTest, ProcessDataFrameWithPadding) {
   bytes_consumed += 1;
 
   // Send the first two bytes of the data payload, i.e., "he".
-  EXPECT_CALL(visitor, OnStreamFrameData(1, _, 2, false));
+  EXPECT_CALL(visitor, OnStreamFrameData(1, _, 2));
   CHECK_EQ(2u, framer.ProcessInput(frame.data() + bytes_consumed, 2));
   CHECK_EQ(framer.state(), SpdyFramer::SPDY_FORWARD_STREAM_FRAME);
   CHECK_EQ(framer.error_code(), SpdyFramer::SPDY_NO_ERROR);
   bytes_consumed += 2;
 
   // Send the rest three bytes of the data payload, i.e., "llo".
-  EXPECT_CALL(visitor, OnStreamFrameData(1, _, 3, false));
+  EXPECT_CALL(visitor, OnStreamFrameData(1, _, 3));
   CHECK_EQ(3u, framer.ProcessInput(frame.data() + bytes_consumed, 3));
   CHECK_EQ(framer.state(), SpdyFramer::SPDY_CONSUME_PADDING);
   CHECK_EQ(framer.error_code(), SpdyFramer::SPDY_NO_ERROR);
@@ -3866,54 +4238,73 @@ TEST_P(SpdyFramerTest, ReadPushPromiseWithContinuation) {
                   testing::Pair("name", "value")));
 }
 
-TEST_P(SpdyFramerTest, ReadContinuationWithWrongStreamId) {
+// Receiving an unknown frame when a continuation is expected should
+// result in a SPDY_UNEXPECTED_FRAME error
+TEST_P(SpdyFramerTest, ReceiveUnknownMidContinuation) {
   if (!IsHttp2()) {
     return;
   }
 
   const unsigned char kInput[] = {
-    0x00, 0x00, 0x10, 0x01, 0x00,  // HEADERS
-    0x00, 0x00, 0x00, 0x01,  // Stream 1
-    0x00, 0x06, 0x63, 0x6f,
-    0x6f, 0x6b, 0x69, 0x65,
-    0x07, 0x66, 0x6f, 0x6f,
-    0x3d, 0x62, 0x61, 0x72,
-
-    0x00, 0x00, 0x14, 0x09, 0x00,  // CONTINUATION
-    0x00, 0x00, 0x00, 0x02,  // Stream 2
-    0x00, 0x06, 0x63, 0x6f,
-    0x6f, 0x6b, 0x69, 0x65,
-    0x08, 0x62, 0x61, 0x7a,
-    0x3d, 0x62, 0x69, 0x6e,
-    0x67, 0x00, 0x06, 0x63,
+      0x00, 0x00, 0x10,        // Length
+      0x01,                    // Type (HEADERS)
+      0x00,                    // Flags (none, thus expect CONTINUATION)
+      0x00, 0x00, 0x00, 0x01,  // Stream 1
+      0x00, 0x06, 0x63, 0x6f,  // Header block fragment
+      0x6f, 0x6b, 0x69, 0x65,  // Header block fragment
+      0x07, 0x66, 0x6f, 0x6f,  // Header block fragment
+      0x3d, 0x62, 0x61, 0x72,  // Header block fragment
+
+      0x00, 0x00, 0x14,        // Length
+      0xa9,                    // Type (UNKNOWN)
+      0x00,                    // Flags (none)
+      0x00, 0x00, 0x00, 0x01,  // Stream 1
+      0x00, 0x06, 0x63, 0x6f,  // Payload
+      0x6f, 0x6b, 0x69, 0x65,  // Payload
+      0x08, 0x62, 0x61, 0x7a,  // Payload
+      0x3d, 0x62, 0x69, 0x6e,  // Payload
+      0x67, 0x00, 0x06, 0x63,  // Payload
   };
 
   SpdyFramer framer(spdy_version_);
   TestSpdyVisitor visitor(spdy_version_);
+  // Assume the unknown frame is allowed
+  visitor.on_unknown_frame_result_ = true;
   framer.set_visitor(&visitor);
   visitor.SimulateInFramer(kInput, sizeof(kInput));
 
   EXPECT_EQ(1, visitor.error_count_);
-  EXPECT_EQ(SpdyFramer::SPDY_INVALID_CONTROL_FRAME,
-            visitor.framer_.error_code())
-      << SpdyFramer::ErrorCodeToString(framer.error_code());
+  EXPECT_EQ(SpdyFramer::SPDY_UNEXPECTED_FRAME, visitor.framer_.error_code())
+      << SpdyFramer::ErrorCodeToString(visitor.framer_.error_code());
   EXPECT_EQ(1, visitor.headers_frame_count_);
   EXPECT_EQ(0, visitor.continuation_count_);
   EXPECT_EQ(0u, visitor.header_buffer_length_);
 }
 
-TEST_P(SpdyFramerTest, ReadContinuationOutOfOrder) {
+TEST_P(SpdyFramerTest, ReceiveContinuationOnWrongStream) {
   if (!IsHttp2()) {
     return;
   }
 
   const unsigned char kInput[] = {
-    0x00, 0x00, 0x18, 0x09, 0x00,  // CONTINUATION
-    0x00, 0x00, 0x00, 0x01,  // Stream 1
-    0x00, 0x06, 0x63, 0x6f,
-    0x6f, 0x6b, 0x69, 0x65,
-    0x07, 0x66, 0x6f, 0x6f,
-    0x3d, 0x62, 0x61, 0x72,
+      0x00, 0x00, 0x10,        // Length
+      0x01,                    // Type (HEADERS)
+      0x00,                    // Flags (none, thus expect CONTINUATION)
+      0x00, 0x00, 0x00, 0x01,  // Stream 1
+      0x00, 0x06, 0x63, 0x6f,  // Header block fragment
+      0x6f, 0x6b, 0x69, 0x65,  // Header block fragment
+      0x07, 0x66, 0x6f, 0x6f,  // Header block fragment
+      0x3d, 0x62, 0x61, 0x72,  // Header block fragment
+
+      0x00, 0x00, 0x14,        // Length
+      0x09,                    // Type (CONTINUATION)
+      0x00,                    // Flags (none)
+      0x00, 0x00, 0x00, 0x02,  // Stream 2
+      0x00, 0x06, 0x63, 0x6f,  // Header block fragment
+      0x6f, 0x6b, 0x69, 0x65,  // Header block fragment
+      0x08, 0x62, 0x61, 0x7a,  // Header block fragment
+      0x3d, 0x62, 0x69, 0x6e,  // Header block fragment
+      0x67, 0x00, 0x06, 0x63,  // Header block fragment
   };
 
   SpdyFramer framer(spdy_version_);
@@ -3922,29 +4313,25 @@ TEST_P(SpdyFramerTest, ReadContinuationOutOfOrder) {
   visitor.SimulateInFramer(kInput, sizeof(kInput));
 
   EXPECT_EQ(1, visitor.error_count_);
-  EXPECT_EQ(SpdyFramer::SPDY_UNEXPECTED_FRAME,
-            visitor.framer_.error_code())
-      << SpdyFramer::ErrorCodeToString(framer.error_code());
+  EXPECT_EQ(SpdyFramer::SPDY_UNEXPECTED_FRAME, visitor.framer_.error_code())
+      << SpdyFramer::ErrorCodeToString(visitor.framer_.error_code());
+  EXPECT_EQ(1, visitor.headers_frame_count_);
   EXPECT_EQ(0, visitor.continuation_count_);
   EXPECT_EQ(0u, visitor.header_buffer_length_);
 }
 
-TEST_P(SpdyFramerTest, ExpectContinuationReceiveData) {
+TEST_P(SpdyFramerTest, ReadContinuationOutOfOrder) {
   if (!IsHttp2()) {
     return;
   }
 
   const unsigned char kInput[] = {
-    0x00, 0x00, 0x10, 0x01, 0x00,  // HEADERS
+    0x00, 0x00, 0x18, 0x09, 0x00,  // CONTINUATION
     0x00, 0x00, 0x00, 0x01,  // Stream 1
     0x00, 0x06, 0x63, 0x6f,
     0x6f, 0x6b, 0x69, 0x65,
     0x07, 0x66, 0x6f, 0x6f,
     0x3d, 0x62, 0x61, 0x72,
-
-    0x00, 0x00, 0x00, 0x00, 0x01,  // DATA on Stream #1
-    0x00, 0x00, 0x00, 0x04,
-    0xde, 0xad, 0xbe, 0xef,
   };
 
   SpdyFramer framer(spdy_version_);
@@ -3953,35 +4340,28 @@ TEST_P(SpdyFramerTest, ExpectContinuationReceiveData) {
   visitor.SimulateInFramer(kInput, sizeof(kInput));
 
   EXPECT_EQ(1, visitor.error_count_);
-  EXPECT_EQ(SpdyFramer::SPDY_UNEXPECTED_FRAME,
-            visitor.framer_.error_code())
-      << SpdyFramer::ErrorCodeToString(framer.error_code());
-  EXPECT_EQ(1, visitor.headers_frame_count_);
+  EXPECT_EQ(SpdyFramer::SPDY_UNEXPECTED_FRAME, visitor.framer_.error_code())
+      << SpdyFramer::ErrorCodeToString(visitor.framer_.error_code());
   EXPECT_EQ(0, visitor.continuation_count_);
   EXPECT_EQ(0u, visitor.header_buffer_length_);
-  EXPECT_EQ(0, visitor.data_frame_count_);
 }
 
-TEST_P(SpdyFramerTest, ExpectContinuationReceiveControlFrame) {
+TEST_P(SpdyFramerTest, ExpectContinuationReceiveData) {
   if (!IsHttp2()) {
     return;
   }
 
   const unsigned char kInput[] = {
-    0x00, 0x00, 0x18, 0x01, 0x00,  // HEADERS
+    0x00, 0x00, 0x10, 0x01, 0x00,  // HEADERS
     0x00, 0x00, 0x00, 0x01,  // Stream 1
     0x00, 0x06, 0x63, 0x6f,
     0x6f, 0x6b, 0x69, 0x65,
     0x07, 0x66, 0x6f, 0x6f,
     0x3d, 0x62, 0x61, 0x72,
 
-    0x00, 0x00, 0x1c, 0x08, 0x00,  // HEADERS
-    0x00, 0x00, 0x00, 0x01,  // Stream 1
-    0x00, 0x06, 0x63, 0x6f,  // (Note this is a valid continued encoding).
-    0x6f, 0x6b, 0x69, 0x65,
-    0x08, 0x62, 0x61, 0x7a,
-    0x3d, 0x62, 0x69, 0x6e,
-    0x67, 0x00, 0x06, 0x63,
+    0x00, 0x00, 0x00, 0x00, 0x01,  // DATA on Stream #1
+    0x00, 0x00, 0x00, 0x04,
+    0xde, 0xad, 0xbe, 0xef,
   };
 
   SpdyFramer framer(spdy_version_);
@@ -3990,62 +4370,51 @@ TEST_P(SpdyFramerTest, ExpectContinuationReceiveControlFrame) {
   visitor.SimulateInFramer(kInput, sizeof(kInput));
 
   EXPECT_EQ(1, visitor.error_count_);
-  EXPECT_EQ(SpdyFramer::SPDY_UNEXPECTED_FRAME,
-            visitor.framer_.error_code())
-      << SpdyFramer::ErrorCodeToString(framer.error_code());
+  EXPECT_EQ(SpdyFramer::SPDY_UNEXPECTED_FRAME, visitor.framer_.error_code())
+      << SpdyFramer::ErrorCodeToString(visitor.framer_.error_code());
   EXPECT_EQ(1, visitor.headers_frame_count_);
   EXPECT_EQ(0, visitor.continuation_count_);
   EXPECT_EQ(0u, visitor.header_buffer_length_);
   EXPECT_EQ(0, visitor.data_frame_count_);
 }
 
-TEST_P(SpdyFramerTest, EndSegmentOnDataFrame) {
-  if (!IsHttp2()) {
-    return;
-  }
-
-  const unsigned char kInput[] = {
-    0x00, 0x00, 0x0c, 0x00, 0x02,  // DATA: END_SEGMENT
-    0x00, 0x00, 0x00, 0x01,  // Stream 1
-    0xde, 0xad, 0xbe, 0xef,
-    0xde, 0xad, 0xbe, 0xef,
-    0xde, 0xad, 0xbe, 0xef,
-  };
-
-  TestSpdyVisitor visitor(spdy_version_);
-  visitor.SimulateInFramer(kInput, sizeof(kInput));
-
-  // TODO(jgraettinger): Verify END_SEGMENT when support is added.
-  EXPECT_EQ(0, visitor.error_count_);
-  EXPECT_EQ(12, visitor.data_bytes_);
-  EXPECT_EQ(0, visitor.fin_frame_count_);
-  EXPECT_EQ(0, visitor.fin_flag_count_);
-}
-
-TEST_P(SpdyFramerTest, EndSegmentOnHeadersFrame) {
+TEST_P(SpdyFramerTest, ExpectContinuationReceiveControlFrame) {
   if (!IsHttp2()) {
     return;
   }
 
   const unsigned char kInput[] = {
-    0x00, 0x00, 0x10, 0x01, 0x06,  // HEADERS: END_SEGMENT | END_HEADERS
-    0x00, 0x00, 0x00, 0x01,  // Stream 1
-    0x00, 0x06, 0x63, 0x6f,
-    0x6f, 0x6b, 0x69, 0x65,
-    0x07, 0x66, 0x6f, 0x6f,
-    0x3d, 0x62, 0x61, 0x72,
+      0x00, 0x00, 0x10,        // Payload Size
+      0x01,                    // HEADERS
+      0x00,                    // No flags (!END_HEADERS)
+      0x00, 0x00, 0x00, 0x01,  // Stream 1
+      0x00, 0x06, 0x63, 0x6f,  // Payload
+      0x6f, 0x6b, 0x69, 0x65,  // Payload
+      0x07, 0x66, 0x6f, 0x6f,  // Payload
+      0x3d, 0x62, 0x61, 0x72,  // Payload
+
+      0x00, 0x00, 0x10,        // Payload Size
+      0x01,                    // HEADERS
+      0x00,                    // No flags (!END_HEADERS)
+      0x00, 0x00, 0x00, 0x01,  // Stream 1
+      0x00, 0x06, 0x63, 0x6f,  // Payload
+      0x6f, 0x6b, 0x69, 0x65,  // Payload
+      0x07, 0x66, 0x6f, 0x6f,  // Payload
+      0x3d, 0x62, 0x61, 0x72,  // Payload
   };
 
+  SpdyFramer framer(spdy_version_);
   TestSpdyVisitor visitor(spdy_version_);
+  framer.set_visitor(&visitor);
   visitor.SimulateInFramer(kInput, sizeof(kInput));
 
-  // TODO(jgraettinger): Verify END_SEGMENT when support is added.
-  EXPECT_EQ(0, visitor.error_count_);
+  EXPECT_EQ(1, visitor.error_count_);
+  EXPECT_EQ(SpdyFramer::SPDY_UNEXPECTED_FRAME, visitor.framer_.error_code())
+      << SpdyFramer::ErrorCodeToString(visitor.framer_.error_code());
   EXPECT_EQ(1, visitor.headers_frame_count_);
-  EXPECT_EQ(1, visitor.zero_length_control_frame_header_data_count_);
-
-  EXPECT_THAT(visitor.headers_,
-              testing::ElementsAre(testing::Pair("cookie", "foo=bar")));
+  EXPECT_EQ(0, visitor.continuation_count_);
+  EXPECT_EQ(0u, visitor.header_buffer_length_);
+  EXPECT_EQ(0, visitor.data_frame_count_);
 }
 
 TEST_P(SpdyFramerTest, ReadGarbage) {
@@ -4067,10 +4436,12 @@ TEST_P(SpdyFramerTest, ReadUnknownExtensionFrame) {
 
   // The unrecognized frame type should still have a valid length.
   const unsigned char unknown_frame[] = {
-    0x00, 0x00, 0x08, 0xff, 0xff,
-    0xff, 0xff, 0xff, 0xff,
-    0xff, 0xff, 0xff, 0xff,
-    0xff, 0xff, 0xff, 0xff,
+      0x00, 0x00, 0x08,        // Payload length 8
+      0xff,                    // Frame type 0xff
+      0xff,                    // Flags 0xff
+      0xff, 0xff, 0xff, 0xff,  // R=1 and Stream Id 0x7fffffff
+      0xff, 0xff, 0xff, 0xff,  // Payload
+      0xff, 0xff, 0xff, 0xff,  // Payload
   };
   TestSpdyVisitor visitor(spdy_version_);
 
@@ -4225,6 +4596,8 @@ TEST_P(SpdyFramerTest, StateToStringTest) {
 TEST_P(SpdyFramerTest, ErrorCodeToStringTest) {
   EXPECT_STREQ("NO_ERROR",
                SpdyFramer::ErrorCodeToString(SpdyFramer::SPDY_NO_ERROR));
+  EXPECT_STREQ("INVALID_STREAM_ID", SpdyFramer::ErrorCodeToString(
+                                        SpdyFramer::SPDY_INVALID_STREAM_ID));
   EXPECT_STREQ("INVALID_CONTROL_FRAME",
                SpdyFramer::ErrorCodeToString(
                    SpdyFramer::SPDY_INVALID_CONTROL_FRAME));
@@ -4246,6 +4619,8 @@ TEST_P(SpdyFramerTest, ErrorCodeToStringTest) {
   EXPECT_STREQ("COMPRESS_FAILURE",
                SpdyFramer::ErrorCodeToString(
                    SpdyFramer::SPDY_COMPRESS_FAILURE));
+  EXPECT_STREQ("SPDY_INVALID_PADDING",
+               SpdyFramer::ErrorCodeToString(SpdyFramer::SPDY_INVALID_PADDING));
   EXPECT_STREQ("SPDY_INVALID_DATA_FRAME_FLAGS",
                SpdyFramer::ErrorCodeToString(
                    SpdyFramer::SPDY_INVALID_DATA_FRAME_FLAGS));
@@ -4335,15 +4710,14 @@ TEST_P(SpdyFramerTest, CatchProbableHttpResponse) {
 }
 
 TEST_P(SpdyFramerTest, DataFrameFlagsV2V3) {
-  FLAGS_spdy_on_stream_end = true;
-
   if (!IsSpdy3()) {
     return;
   }
 
   uint8_t flags = 0;
   do {
-    SCOPED_TRACE(testing::Message() << "Flags " << flags);
+    SCOPED_TRACE(testing::Message() << "Flags " << flags << std::hex
+                                    << static_cast<int>(flags));
 
     testing::StrictMock<test::MockSpdyFramerVisitor> visitor;
     SpdyFramer framer(spdy_version_);
@@ -4357,7 +4731,7 @@ TEST_P(SpdyFramerTest, DataFrameFlagsV2V3) {
       EXPECT_CALL(visitor, OnError(_));
     } else {
       EXPECT_CALL(visitor, OnDataFrameHeader(1, 5, flags & DATA_FLAG_FIN));
-      EXPECT_CALL(visitor, OnStreamFrameData(_, _, 5, false));
+      EXPECT_CALL(visitor, OnStreamFrameData(_, _, 5));
       if (flags & DATA_FLAG_FIN) {
         EXPECT_CALL(visitor, OnStreamEnd(_));
       }
@@ -4376,62 +4750,17 @@ TEST_P(SpdyFramerTest, DataFrameFlagsV2V3) {
   } while (++flags != 0);
 }
 
-TEST_P(SpdyFramerTest, DataFrameFlagsV2V3disabled) {
-  FLAGS_spdy_on_stream_end = false;
-
-  if (!IsSpdy3()) {
-    return;
-  }
-
-  uint8_t flags = 0;
-  do {
-    SCOPED_TRACE(testing::Message() << "Flags " << flags);
-
-    testing::StrictMock<test::MockSpdyFramerVisitor> visitor;
-    SpdyFramer framer(spdy_version_);
-    framer.set_visitor(&visitor);
-
-    SpdyDataIR data_ir(1, "hello");
-    SpdySerializedFrame frame(framer.SerializeData(data_ir));
-    SetFrameFlags(&frame, flags, spdy_version_);
-
-    if (flags & ~DATA_FLAG_FIN) {
-      EXPECT_CALL(visitor, OnError(_));
-    } else {
-      EXPECT_CALL(visitor, OnDataFrameHeader(1, 5, flags & DATA_FLAG_FIN));
-      EXPECT_CALL(visitor, OnStreamFrameData(_, _, 5, false));
-      if (flags & DATA_FLAG_FIN) {
-        EXPECT_CALL(visitor, OnStreamFrameData(_, _, 0, true));
-      }
-    }
-
-    framer.ProcessInput(frame.data(), frame.size());
-    if (flags & ~DATA_FLAG_FIN) {
-      EXPECT_EQ(SpdyFramer::SPDY_ERROR, framer.state());
-      EXPECT_EQ(SpdyFramer::SPDY_INVALID_DATA_FRAME_FLAGS,
-                framer.error_code())
-          << SpdyFramer::ErrorCodeToString(framer.error_code());
-    } else {
-      EXPECT_EQ(SpdyFramer::SPDY_READY_FOR_FRAME, framer.state());
-      EXPECT_EQ(SpdyFramer::SPDY_NO_ERROR, framer.error_code())
-          << SpdyFramer::ErrorCodeToString(framer.error_code());
-    }
-  } while (++flags != 0);
-}
-
 TEST_P(SpdyFramerTest, DataFrameFlagsV4) {
-  FLAGS_spdy_on_stream_end = true;
-
   if (!IsHttp2()) {
     return;
   }
 
-  uint8_t valid_data_flags =
-      DATA_FLAG_FIN | DATA_FLAG_END_SEGMENT | DATA_FLAG_PADDED;
+  uint8_t valid_data_flags = DATA_FLAG_FIN | DATA_FLAG_PADDED;
 
   uint8_t flags = 0;
   do {
-    SCOPED_TRACE(testing::Message() << "Flags " << flags);
+    SCOPED_TRACE(testing::Message() << "Flags " << flags << std::hex
+                                    << static_cast<int>(flags));
 
     testing::StrictMock<test::MockSpdyFramerVisitor> visitor;
     SpdyFramer framer(spdy_version_);
@@ -4446,12 +4775,13 @@ TEST_P(SpdyFramerTest, DataFrameFlagsV4) {
     } else {
       EXPECT_CALL(visitor, OnDataFrameHeader(1, 5, flags & DATA_FLAG_FIN));
       if (flags & DATA_FLAG_PADDED) {
-        // The first byte of payload is parsed as padding length.
+        // The first byte of payload is parsed as padding length, but 'h'
+        // (0x68) is too large a padding length for a 5 byte payload.
         EXPECT_CALL(visitor, OnStreamPadding(_, 1));
         // Expect Error since the frame ends prematurely.
         EXPECT_CALL(visitor, OnError(_));
       } else {
-        EXPECT_CALL(visitor, OnStreamFrameData(_, _, 5, false));
+        EXPECT_CALL(visitor, OnStreamFrameData(_, _, 5));
         if (flags & DATA_FLAG_FIN) {
           EXPECT_CALL(visitor, OnStreamEnd(_));
         }
@@ -4459,61 +4789,13 @@ TEST_P(SpdyFramerTest, DataFrameFlagsV4) {
     }
 
     framer.ProcessInput(frame.data(), frame.size());
-    if ((flags & ~valid_data_flags) || (flags & DATA_FLAG_PADDED)) {
+    if (flags & ~valid_data_flags) {
       EXPECT_EQ(SpdyFramer::SPDY_ERROR, framer.state());
       EXPECT_EQ(SpdyFramer::SPDY_INVALID_DATA_FRAME_FLAGS, framer.error_code())
           << SpdyFramer::ErrorCodeToString(framer.error_code());
-    } else {
-      EXPECT_EQ(SpdyFramer::SPDY_READY_FOR_FRAME, framer.state());
-      EXPECT_EQ(SpdyFramer::SPDY_NO_ERROR, framer.error_code())
-          << SpdyFramer::ErrorCodeToString(framer.error_code());
-    }
-  } while (++flags != 0);
-}
-
-TEST_P(SpdyFramerTest, DataFrameFlagsV4disabled) {
-  FLAGS_spdy_on_stream_end = false;
-
-  if (!IsHttp2()) {
-    return;
-  }
-
-  uint8_t valid_data_flags =
-      DATA_FLAG_FIN | DATA_FLAG_END_SEGMENT | DATA_FLAG_PADDED;
-
-  uint8_t flags = 0;
-  do {
-    SCOPED_TRACE(testing::Message() << "Flags " << flags);
-
-    testing::StrictMock<test::MockSpdyFramerVisitor> visitor;
-    SpdyFramer framer(spdy_version_);
-    framer.set_visitor(&visitor);
-
-    SpdyDataIR data_ir(1, "hello");
-    SpdySerializedFrame frame(framer.SerializeData(data_ir));
-    SetFrameFlags(&frame, flags, spdy_version_);
-
-    if (flags & ~valid_data_flags) {
-      EXPECT_CALL(visitor, OnError(_));
-    } else {
-      EXPECT_CALL(visitor, OnDataFrameHeader(1, 5, flags & DATA_FLAG_FIN));
-      if (flags & DATA_FLAG_PADDED) {
-        // The first byte of payload is parsed as padding length.
-        EXPECT_CALL(visitor, OnStreamPadding(_, 1));
-        // Expect Error since the frame ends prematurely.
-        EXPECT_CALL(visitor, OnError(_));
-      } else {
-        EXPECT_CALL(visitor, OnStreamFrameData(_, _, 5, false));
-        if (flags & DATA_FLAG_FIN) {
-          EXPECT_CALL(visitor, OnStreamFrameData(_, _, 0, true));
-        }
-      }
-    }
-
-    framer.ProcessInput(frame.data(), frame.size());
-    if ((flags & ~valid_data_flags) || (flags & DATA_FLAG_PADDED)) {
+    } else if (flags & DATA_FLAG_PADDED) {
       EXPECT_EQ(SpdyFramer::SPDY_ERROR, framer.state());
-      EXPECT_EQ(SpdyFramer::SPDY_INVALID_DATA_FRAME_FLAGS, framer.error_code())
+      EXPECT_EQ(SpdyFramer::SPDY_INVALID_PADDING, framer.error_code())
           << SpdyFramer::ErrorCodeToString(framer.error_code());
     } else {
       EXPECT_EQ(SpdyFramer::SPDY_READY_FOR_FRAME, framer.state());
@@ -4524,15 +4806,14 @@ TEST_P(SpdyFramerTest, DataFrameFlagsV4disabled) {
 }
 
 TEST_P(SpdyFramerTest, SynStreamFrameFlags) {
-  FLAGS_spdy_on_stream_end = true;
-
   if (!IsSpdy3()) {
     return;
   }
 
   uint8_t flags = 0;
   do {
-    SCOPED_TRACE(testing::Message() << "Flags " << flags);
+    SCOPED_TRACE(testing::Message() << "Flags " << flags << std::hex
+                                    << static_cast<int>(flags));
 
     testing::StrictMock<test::MockSpdyFramerVisitor> visitor;
     testing::StrictMock<test::MockDebugVisitor> debug_visitor;
@@ -4579,72 +4860,15 @@ TEST_P(SpdyFramerTest, SynStreamFrameFlags) {
   } while (++flags != 0);
 }
 
-TEST_P(SpdyFramerTest, SynStreamFrameFlagsDisabled) {
-  FLAGS_spdy_on_stream_end = false;
-
-  if (!IsSpdy3()) {
-    return;
-  }
-
-  uint8_t flags = 0;
-  do {
-    SCOPED_TRACE(testing::Message() << "Flags " << flags);
-
-    testing::StrictMock<test::MockSpdyFramerVisitor> visitor;
-    testing::StrictMock<test::MockDebugVisitor> debug_visitor;
-    SpdyFramer framer(spdy_version_);
-    framer.set_visitor(&visitor);
-    framer.set_debug_visitor(&debug_visitor);
-
-    EXPECT_CALL(debug_visitor, OnSendCompressedFrame(8, SYN_STREAM, _, _));
-
-    SpdySynStreamIR syn_stream(8);
-    syn_stream.set_associated_to_stream_id(3);
-    syn_stream.set_priority(1);
-    syn_stream.SetHeader("foo", "bar");
-    SpdySerializedFrame frame(framer.SerializeSynStream(syn_stream));
-    SetFrameFlags(&frame, flags, spdy_version_);
-
-    if (flags & ~(CONTROL_FLAG_FIN | CONTROL_FLAG_UNIDIRECTIONAL)) {
-      EXPECT_CALL(visitor, OnError(_));
-    } else {
-      EXPECT_CALL(debug_visitor, OnReceiveCompressedFrame(8, SYN_STREAM, _));
-      EXPECT_CALL(visitor, OnSynStream(8, 3, 1, flags & CONTROL_FLAG_FIN,
-                                       flags & CONTROL_FLAG_UNIDIRECTIONAL));
-      EXPECT_CALL(visitor, OnControlFrameHeaderData(8, _, _))
-          .WillRepeatedly(testing::Return(true));
-      if (flags & DATA_FLAG_FIN) {
-        EXPECT_CALL(visitor, OnStreamFrameData(_, _, 0, true));
-      } else {
-        // Do not close the stream if we are expecting a CONTINUATION frame.
-        EXPECT_CALL(visitor, OnStreamFrameData(_, _, 0, true)).Times(0);
-      }
-    }
-
-    framer.ProcessInput(frame.data(), frame.size());
-    if (flags & ~(CONTROL_FLAG_FIN | CONTROL_FLAG_UNIDIRECTIONAL)) {
-      EXPECT_EQ(SpdyFramer::SPDY_ERROR, framer.state());
-      EXPECT_EQ(SpdyFramer::SPDY_INVALID_CONTROL_FRAME_FLAGS,
-                framer.error_code())
-          << SpdyFramer::ErrorCodeToString(framer.error_code());
-    } else {
-      EXPECT_EQ(SpdyFramer::SPDY_READY_FOR_FRAME, framer.state());
-      EXPECT_EQ(SpdyFramer::SPDY_NO_ERROR, framer.error_code())
-          << SpdyFramer::ErrorCodeToString(framer.error_code());
-    }
-  } while (++flags != 0);
-}
-
 TEST_P(SpdyFramerTest, SynReplyFrameFlags) {
-  FLAGS_spdy_on_stream_end = true;
-
   if (!IsSpdy3()) {
     return;
   }
 
   uint8_t flags = 0;
   do {
-    SCOPED_TRACE(testing::Message() << "Flags " << flags);
+    SCOPED_TRACE(testing::Message() << "Flags " << flags << std::hex
+                                    << static_cast<int>(flags));
 
     testing::StrictMock<test::MockSpdyFramerVisitor> visitor;
     SpdyFramer framer(spdy_version_);
@@ -4680,55 +4904,11 @@ TEST_P(SpdyFramerTest, SynReplyFrameFlags) {
   } while (++flags != 0);
 }
 
-TEST_P(SpdyFramerTest, SynReplyFrameFlagsDisabled) {
-  FLAGS_spdy_on_stream_end = false;
-
-  if (!IsSpdy3()) {
-    return;
-  }
-
-  uint8_t flags = 0;
-  do {
-    SCOPED_TRACE(testing::Message() << "Flags " << flags);
-
-    testing::StrictMock<test::MockSpdyFramerVisitor> visitor;
-    SpdyFramer framer(spdy_version_);
-    framer.set_visitor(&visitor);
-
-    SpdySynReplyIR syn_reply(37);
-    syn_reply.SetHeader("foo", "bar");
-    SpdySerializedFrame frame(framer.SerializeSynReply(syn_reply));
-    SetFrameFlags(&frame, flags, spdy_version_);
-
-    if (flags & ~CONTROL_FLAG_FIN) {
-      EXPECT_CALL(visitor, OnError(_));
-    } else {
-      EXPECT_CALL(visitor, OnSynReply(37, flags & CONTROL_FLAG_FIN));
-      EXPECT_CALL(visitor, OnControlFrameHeaderData(37, _, _))
-          .WillRepeatedly(testing::Return(true));
-      if (flags & DATA_FLAG_FIN) {
-        EXPECT_CALL(visitor, OnStreamFrameData(_, _, 0, true));
-      }
-    }
-
-    framer.ProcessInput(frame.data(), frame.size());
-    if (flags & ~CONTROL_FLAG_FIN) {
-      EXPECT_EQ(SpdyFramer::SPDY_ERROR, framer.state());
-      EXPECT_EQ(SpdyFramer::SPDY_INVALID_CONTROL_FRAME_FLAGS,
-                framer.error_code())
-          << SpdyFramer::ErrorCodeToString(framer.error_code());
-    } else {
-      EXPECT_EQ(SpdyFramer::SPDY_READY_FOR_FRAME, framer.state());
-      EXPECT_EQ(SpdyFramer::SPDY_NO_ERROR, framer.error_code())
-          << SpdyFramer::ErrorCodeToString(framer.error_code());
-    }
-  } while (++flags != 0);
-}
-
 TEST_P(SpdyFramerTest, RstStreamFrameFlags) {
   uint8_t flags = 0;
   do {
-    SCOPED_TRACE(testing::Message() << "Flags " << flags);
+    SCOPED_TRACE(testing::Message() << "Flags " << flags << std::hex
+                                    << static_cast<int>(flags));
 
     testing::StrictMock<test::MockSpdyFramerVisitor> visitor;
     SpdyFramer framer(spdy_version_);
@@ -4738,23 +4918,13 @@ TEST_P(SpdyFramerTest, RstStreamFrameFlags) {
     SpdySerializedFrame frame(framer.SerializeRstStream(rst_stream));
     SetFrameFlags(&frame, flags, spdy_version_);
 
-    if (flags != 0) {
-      EXPECT_CALL(visitor, OnError(_));
-    } else {
-      EXPECT_CALL(visitor, OnRstStream(13, RST_STREAM_CANCEL));
-    }
+    EXPECT_CALL(visitor, OnRstStream(13, RST_STREAM_CANCEL));
 
     framer.ProcessInput(frame.data(), frame.size());
-    if (flags != 0) {
-      EXPECT_EQ(SpdyFramer::SPDY_ERROR, framer.state());
-      EXPECT_EQ(SpdyFramer::SPDY_INVALID_CONTROL_FRAME_FLAGS,
-                framer.error_code())
-          << SpdyFramer::ErrorCodeToString(framer.error_code());
-    } else {
-      EXPECT_EQ(SpdyFramer::SPDY_READY_FOR_FRAME, framer.state());
-      EXPECT_EQ(SpdyFramer::SPDY_NO_ERROR, framer.error_code())
-          << SpdyFramer::ErrorCodeToString(framer.error_code());
-    }
+
+    EXPECT_EQ(SpdyFramer::SPDY_READY_FOR_FRAME, framer.state());
+    EXPECT_EQ(SpdyFramer::SPDY_NO_ERROR, framer.error_code())
+        << SpdyFramer::ErrorCodeToString(framer.error_code());
   } while (++flags != 0);
 }
 
@@ -4765,7 +4935,8 @@ TEST_P(SpdyFramerTest, SettingsFrameFlagsOldFormat) {
 
   uint8_t flags = 0;
   do {
-    SCOPED_TRACE(testing::Message() << "Flags " << flags);
+    SCOPED_TRACE(testing::Message() << "Flags " << flags << std::hex
+                                    << static_cast<int>(flags));
 
     testing::StrictMock<test::MockSpdyFramerVisitor> visitor;
     SpdyFramer framer(spdy_version_);
@@ -4810,7 +4981,8 @@ TEST_P(SpdyFramerTest, SettingsFrameFlags) {
 
   uint8_t flags = 0;
   do {
-    SCOPED_TRACE(testing::Message() << "Flags " << flags);
+    SCOPED_TRACE(testing::Message() << "Flags " << flags << std::hex
+                                    << static_cast<int>(flags));
 
     testing::StrictMock<test::MockSpdyFramerVisitor> visitor;
     SpdyFramer framer(spdy_version_);
@@ -4821,7 +4993,7 @@ TEST_P(SpdyFramerTest, SettingsFrameFlags) {
     SpdySerializedFrame frame(framer.SerializeSettings(settings_ir));
     SetFrameFlags(&frame, flags, spdy_version_);
 
-    if (flags != 0) {
+    if (flags & SETTINGS_FLAG_ACK) {
       EXPECT_CALL(visitor, OnError(_));
     } else {
       EXPECT_CALL(visitor, OnSettings(flags & SETTINGS_FLAG_ACK));
@@ -4830,12 +5002,7 @@ TEST_P(SpdyFramerTest, SettingsFrameFlags) {
     }
 
     framer.ProcessInput(frame.data(), frame.size());
-    if (flags & ~SETTINGS_FLAG_ACK) {
-      EXPECT_EQ(SpdyFramer::SPDY_ERROR, framer.state());
-      EXPECT_EQ(SpdyFramer::SPDY_INVALID_CONTROL_FRAME_FLAGS,
-                framer.error_code())
-          << SpdyFramer::ErrorCodeToString(framer.error_code());
-    } else if (flags & SETTINGS_FLAG_ACK) {
+    if (flags & SETTINGS_FLAG_ACK) {
       // The frame is invalid because ACK frames should have no payload.
       EXPECT_EQ(SpdyFramer::SPDY_ERROR, framer.state());
       EXPECT_EQ(SpdyFramer::SPDY_INVALID_CONTROL_FRAME_SIZE,
@@ -4852,7 +5019,8 @@ TEST_P(SpdyFramerTest, SettingsFrameFlags) {
 TEST_P(SpdyFramerTest, GoawayFrameFlags) {
   uint8_t flags = 0;
   do {
-    SCOPED_TRACE(testing::Message() << "Flags " << flags);
+    SCOPED_TRACE(testing::Message() << "Flags " << flags << std::hex
+                                    << static_cast<int>(flags));
 
     testing::StrictMock<test::MockSpdyFramerVisitor> visitor;
     SpdyFramer framer(spdy_version_);
@@ -4862,32 +5030,20 @@ TEST_P(SpdyFramerTest, GoawayFrameFlags) {
     SpdySerializedFrame frame(framer.SerializeGoAway(goaway_ir));
     SetFrameFlags(&frame, flags, spdy_version_);
 
-    if (flags != 0) {
-      EXPECT_CALL(visitor, OnError(_));
-    } else {
-      EXPECT_CALL(visitor, OnGoAway(97, GOAWAY_OK));
-    }
+    EXPECT_CALL(visitor, OnGoAway(97, GOAWAY_OK));
 
     framer.ProcessInput(frame.data(), frame.size());
-    if (flags != 0) {
-      EXPECT_EQ(SpdyFramer::SPDY_ERROR, framer.state());
-      EXPECT_EQ(SpdyFramer::SPDY_INVALID_CONTROL_FRAME_FLAGS,
-                framer.error_code())
-          << SpdyFramer::ErrorCodeToString(framer.error_code());
-    } else {
-      EXPECT_EQ(SpdyFramer::SPDY_READY_FOR_FRAME, framer.state());
-      EXPECT_EQ(SpdyFramer::SPDY_NO_ERROR, framer.error_code())
-          << SpdyFramer::ErrorCodeToString(framer.error_code());
-    }
+    EXPECT_EQ(SpdyFramer::SPDY_READY_FOR_FRAME, framer.state());
+    EXPECT_EQ(SpdyFramer::SPDY_NO_ERROR, framer.error_code())
+        << SpdyFramer::ErrorCodeToString(framer.error_code());
   } while (++flags != 0);
 }
 
 TEST_P(SpdyFramerTest, HeadersFrameFlags) {
-  FLAGS_spdy_on_stream_end = true;
-
   uint8_t flags = 0;
   do {
-    SCOPED_TRACE(testing::Message() << "Flags " << flags);
+    SCOPED_TRACE(testing::Message() << "Flags " << flags << std::hex
+                                    << static_cast<int>(flags));
 
     testing::StrictMock<test::MockSpdyFramerVisitor> visitor;
     SpdyFramer framer(spdy_version_);
@@ -4910,164 +5066,44 @@ TEST_P(SpdyFramerTest, HeadersFrameFlags) {
     }
     SetFrameFlags(&frame, set_flags, spdy_version_);
 
-    if (!IsHttp2() && flags & ~CONTROL_FLAG_FIN) {
-      EXPECT_CALL(visitor, OnError(_));
-    } else if (IsHttp2() &&
-               flags &
-                   ~(CONTROL_FLAG_FIN | HEADERS_FLAG_END_HEADERS |
-                     HEADERS_FLAG_END_SEGMENT | HEADERS_FLAG_PADDED |
-                     HEADERS_FLAG_PRIORITY)) {
-      EXPECT_CALL(visitor, OnError(_));
-    } else {
-      // Expected callback values
-      SpdyStreamId stream_id = 57;
-      bool has_priority = false;
-      SpdyPriority priority = 0;
-      SpdyStreamId parent_stream_id = 0;
-      bool exclusive = false;
-      bool fin = flags & CONTROL_FLAG_FIN;
-      bool end = IsSpdy3() || (flags & HEADERS_FLAG_END_HEADERS);
-      if (IsHttp2() && flags & HEADERS_FLAG_PRIORITY) {
-        has_priority = true;
-        priority = 3;
-        parent_stream_id = 5;
-        exclusive = true;
-      }
-      EXPECT_CALL(visitor, OnHeaders(stream_id, has_priority, priority,
-                                     parent_stream_id, exclusive, fin, end));
-      EXPECT_CALL(visitor, OnControlFrameHeaderData(57, _, _))
-          .WillRepeatedly(testing::Return(true));
-      if (flags & DATA_FLAG_FIN &&
-          (IsSpdy3() || flags & HEADERS_FLAG_END_HEADERS)) {
-        EXPECT_CALL(visitor, OnStreamEnd(_));
-      } else {
-        // Do not close the stream if we are expecting a CONTINUATION frame.
-        EXPECT_CALL(visitor, OnStreamEnd(_)).Times(0);
-      }
+    // Expected callback values
+    SpdyStreamId stream_id = 57;
+    bool has_priority = false;
+    SpdyPriority priority = 0;
+    SpdyStreamId parent_stream_id = 0;
+    bool exclusive = false;
+    bool fin = flags & CONTROL_FLAG_FIN;
+    bool end = IsSpdy3() || (flags & HEADERS_FLAG_END_HEADERS);
+    if (IsHttp2() && flags & HEADERS_FLAG_PRIORITY) {
+      has_priority = true;
+      priority = 3;
+      parent_stream_id = 5;
+      exclusive = true;
     }
-
-    framer.ProcessInput(frame.data(), frame.size());
-    if (IsSpdy3() && flags & ~CONTROL_FLAG_FIN) {
-      EXPECT_EQ(SpdyFramer::SPDY_ERROR, framer.state());
-      EXPECT_EQ(SpdyFramer::SPDY_INVALID_CONTROL_FRAME_FLAGS,
-                framer.error_code())
-          << SpdyFramer::ErrorCodeToString(framer.error_code());
-    } else if (IsHttp2() &&
-               flags &
-                   ~(CONTROL_FLAG_FIN | HEADERS_FLAG_END_HEADERS |
-                     HEADERS_FLAG_END_SEGMENT | HEADERS_FLAG_PADDED |
-                     HEADERS_FLAG_PRIORITY)) {
-      EXPECT_EQ(SpdyFramer::SPDY_ERROR, framer.state());
-      EXPECT_EQ(SpdyFramer::SPDY_INVALID_CONTROL_FRAME_FLAGS,
-                framer.error_code())
-          << SpdyFramer::ErrorCodeToString(framer.error_code());
-    } else if (IsHttp2() && ~(flags & HEADERS_FLAG_END_HEADERS)) {
-      EXPECT_EQ(SpdyFramer::SPDY_READY_FOR_FRAME, framer.state());
-      EXPECT_EQ(SpdyFramer::SPDY_NO_ERROR, framer.error_code())
-          << SpdyFramer::ErrorCodeToString(framer.error_code());
+    EXPECT_CALL(visitor, OnHeaders(stream_id, has_priority, priority,
+                                   parent_stream_id, exclusive, fin, end));
+    EXPECT_CALL(visitor, OnControlFrameHeaderData(57, _, _))
+        .WillRepeatedly(testing::Return(true));
+    if (flags & DATA_FLAG_FIN &&
+        (IsSpdy3() || flags & HEADERS_FLAG_END_HEADERS)) {
+      EXPECT_CALL(visitor, OnStreamEnd(_));
     } else {
-      EXPECT_EQ(SpdyFramer::SPDY_READY_FOR_FRAME, framer.state());
-      EXPECT_EQ(SpdyFramer::SPDY_NO_ERROR, framer.error_code())
-          << SpdyFramer::ErrorCodeToString(framer.error_code());
-    }
-  } while (++flags != 0);
-}
-
-TEST_P(SpdyFramerTest, HeadersFrameFlagsDisabled) {
-  FLAGS_spdy_on_stream_end = false;
-
-  uint8_t flags = 0;
-  do {
-    SCOPED_TRACE(testing::Message() << "Flags " << flags);
-
-    testing::StrictMock<test::MockSpdyFramerVisitor> visitor;
-    SpdyFramer framer(spdy_version_);
-    framer.set_visitor(&visitor);
-
-    SpdyHeadersIR headers_ir(57);
-    if (IsHttp2() && (flags & HEADERS_FLAG_PRIORITY)) {
-      headers_ir.set_priority(3);
-      headers_ir.set_has_priority(true);
-      headers_ir.set_parent_stream_id(5);
-      headers_ir.set_exclusive(true);
-    }
-    headers_ir.SetHeader("foo", "bar");
-    SpdySerializedFrame frame(framer.SerializeHeaders(headers_ir));
-    uint8_t set_flags = flags;
-    if (IsHttp2()) {
-      // TODO(jgraettinger): Add padding to SpdyHeadersIR,
-      // and implement framing.
-      set_flags &= ~HEADERS_FLAG_PADDED;
-    }
-    SetFrameFlags(&frame, set_flags, spdy_version_);
-
-    if (!IsHttp2() && flags & ~CONTROL_FLAG_FIN) {
-      EXPECT_CALL(visitor, OnError(_));
-    } else if (IsHttp2() &&
-               flags &
-                   ~(CONTROL_FLAG_FIN | HEADERS_FLAG_END_HEADERS |
-                     HEADERS_FLAG_END_SEGMENT | HEADERS_FLAG_PADDED |
-                     HEADERS_FLAG_PRIORITY)) {
-      EXPECT_CALL(visitor, OnError(_));
-    } else {
-      // Expected callback values
-      SpdyStreamId stream_id = 57;
-      bool has_priority = false;
-      SpdyPriority priority = 0;
-      SpdyStreamId parent_stream_id = 0;
-      bool exclusive = false;
-      bool fin = flags & CONTROL_FLAG_FIN;
-      bool end = IsSpdy3() || (flags & HEADERS_FLAG_END_HEADERS);
-      if (IsHttp2() && flags & HEADERS_FLAG_PRIORITY) {
-        has_priority = true;
-        priority = 3;
-        parent_stream_id = 5;
-        exclusive = true;
-      }
-      EXPECT_CALL(visitor, OnHeaders(stream_id, has_priority, priority,
-                                     parent_stream_id, exclusive, fin, end));
-      EXPECT_CALL(visitor, OnControlFrameHeaderData(57, _, _))
-          .WillRepeatedly(testing::Return(true));
-      if (flags & DATA_FLAG_FIN &&
-          (IsSpdy3() || flags & HEADERS_FLAG_END_HEADERS)) {
-        EXPECT_CALL(visitor, OnStreamFrameData(_, _, 0, true));
-      } else {
-        // Do not close the stream if we are expecting a CONTINUATION frame.
-        EXPECT_CALL(visitor, OnStreamFrameData(_, _, 0, true)).Times(0);
-      }
+      // Do not close the stream if we are expecting a CONTINUATION frame.
+      EXPECT_CALL(visitor, OnStreamEnd(_)).Times(0);
     }
 
     framer.ProcessInput(frame.data(), frame.size());
-    if (IsSpdy3() && flags & ~CONTROL_FLAG_FIN) {
-      EXPECT_EQ(SpdyFramer::SPDY_ERROR, framer.state());
-      EXPECT_EQ(SpdyFramer::SPDY_INVALID_CONTROL_FRAME_FLAGS,
-                framer.error_code())
-          << SpdyFramer::ErrorCodeToString(framer.error_code());
-    } else if (IsHttp2() && flags & ~(CONTROL_FLAG_FIN |
-                                      HEADERS_FLAG_END_HEADERS |
-                                      HEADERS_FLAG_END_SEGMENT |
-                                      HEADERS_FLAG_PADDED |
-                                      HEADERS_FLAG_PRIORITY)) {
-      EXPECT_EQ(SpdyFramer::SPDY_ERROR, framer.state());
-      EXPECT_EQ(SpdyFramer::SPDY_INVALID_CONTROL_FRAME_FLAGS,
-                framer.error_code())
-          << SpdyFramer::ErrorCodeToString(framer.error_code());
-    } else if (IsHttp2() && ~(flags & HEADERS_FLAG_END_HEADERS)) {
-      EXPECT_EQ(SpdyFramer::SPDY_READY_FOR_FRAME, framer.state());
-      EXPECT_EQ(SpdyFramer::SPDY_NO_ERROR, framer.error_code())
-          << SpdyFramer::ErrorCodeToString(framer.error_code());
-    } else {
-      EXPECT_EQ(SpdyFramer::SPDY_READY_FOR_FRAME, framer.state());
-      EXPECT_EQ(SpdyFramer::SPDY_NO_ERROR, framer.error_code())
-          << SpdyFramer::ErrorCodeToString(framer.error_code());
-    }
+    EXPECT_EQ(SpdyFramer::SPDY_READY_FOR_FRAME, framer.state());
+    EXPECT_EQ(SpdyFramer::SPDY_NO_ERROR, framer.error_code())
+        << SpdyFramer::ErrorCodeToString(framer.error_code());
   } while (++flags != 0);
 }
 
 TEST_P(SpdyFramerTest, PingFrameFlags) {
   uint8_t flags = 0;
   do {
-    SCOPED_TRACE(testing::Message() << "Flags " << flags);
+    SCOPED_TRACE(testing::Message() << "Flags " << flags << std::hex
+                                    << static_cast<int>(flags));
 
     testing::StrictMock<test::MockSpdyFramerVisitor> visitor;
     SpdyFramer framer(spdy_version_);
@@ -5076,32 +5112,24 @@ TEST_P(SpdyFramerTest, PingFrameFlags) {
     SpdySerializedFrame frame(framer.SerializePing(SpdyPingIR(42)));
     SetFrameFlags(&frame, flags, spdy_version_);
 
-    if (IsHttp2() && flags == PING_FLAG_ACK) {
+    if (IsHttp2() && (flags & PING_FLAG_ACK)) {
       EXPECT_CALL(visitor, OnPing(42, true));
-    } else if (flags == 0) {
-      EXPECT_CALL(visitor, OnPing(42, false));
     } else {
-      EXPECT_CALL(visitor, OnError(_));
+      EXPECT_CALL(visitor, OnPing(42, false));
     }
 
     framer.ProcessInput(frame.data(), frame.size());
-    if ((IsHttp2() && flags == PING_FLAG_ACK) || flags == 0) {
-      EXPECT_EQ(SpdyFramer::SPDY_READY_FOR_FRAME, framer.state());
-      EXPECT_EQ(SpdyFramer::SPDY_NO_ERROR, framer.error_code())
-          << SpdyFramer::ErrorCodeToString(framer.error_code());
-    } else {
-      EXPECT_EQ(SpdyFramer::SPDY_ERROR, framer.state());
-      EXPECT_EQ(SpdyFramer::SPDY_INVALID_CONTROL_FRAME_FLAGS,
-                framer.error_code())
-          << SpdyFramer::ErrorCodeToString(framer.error_code());
-    }
+    EXPECT_EQ(SpdyFramer::SPDY_READY_FOR_FRAME, framer.state());
+    EXPECT_EQ(SpdyFramer::SPDY_NO_ERROR, framer.error_code())
+        << SpdyFramer::ErrorCodeToString(framer.error_code());
   } while (++flags != 0);
 }
 
 TEST_P(SpdyFramerTest, WindowUpdateFrameFlags) {
   uint8_t flags = 0;
   do {
-    SCOPED_TRACE(testing::Message() << "Flags " << flags);
+    SCOPED_TRACE(testing::Message() << "Flags " << flags << std::hex
+                                    << static_cast<int>(flags));
 
     testing::StrictMock<test::MockSpdyFramerVisitor> visitor;
     SpdyFramer framer(spdy_version_);
@@ -5111,23 +5139,12 @@ TEST_P(SpdyFramerTest, WindowUpdateFrameFlags) {
         framer.SerializeWindowUpdate(SpdyWindowUpdateIR(4, 1024)));
     SetFrameFlags(&frame, flags, spdy_version_);
 
-    if (flags != 0) {
-      EXPECT_CALL(visitor, OnError(_));
-    } else {
-      EXPECT_CALL(visitor, OnWindowUpdate(4, 1024));
-    }
+    EXPECT_CALL(visitor, OnWindowUpdate(4, 1024));
 
     framer.ProcessInput(frame.data(), frame.size());
-    if (flags != 0) {
-      EXPECT_EQ(SpdyFramer::SPDY_ERROR, framer.state());
-      EXPECT_EQ(SpdyFramer::SPDY_INVALID_CONTROL_FRAME_FLAGS,
-                framer.error_code())
-          << SpdyFramer::ErrorCodeToString(framer.error_code());
-    } else {
-      EXPECT_EQ(SpdyFramer::SPDY_READY_FOR_FRAME, framer.state());
-      EXPECT_EQ(SpdyFramer::SPDY_NO_ERROR, framer.error_code())
-          << SpdyFramer::ErrorCodeToString(framer.error_code());
-    }
+    EXPECT_EQ(SpdyFramer::SPDY_READY_FOR_FRAME, framer.state());
+    EXPECT_EQ(SpdyFramer::SPDY_NO_ERROR, framer.error_code())
+        << SpdyFramer::ErrorCodeToString(framer.error_code());
   } while (++flags != 0);
 }
 
@@ -5136,9 +5153,12 @@ TEST_P(SpdyFramerTest, PushPromiseFrameFlags) {
     return;
   }
 
+  const SpdyStreamId client_id = 123;   // Must be odd.
+  const SpdyStreamId promised_id = 22;  // Must be even.
   uint8_t flags = 0;
   do {
-    SCOPED_TRACE(testing::Message() << "Flags " << flags);
+    SCOPED_TRACE(testing::Message() << "Flags " << flags << std::hex
+                                    << static_cast<int>(flags));
 
     testing::StrictMock<test::MockSpdyFramerVisitor> visitor;
     testing::StrictMock<test::MockDebugVisitor> debug_visitor;
@@ -5146,36 +5166,27 @@ TEST_P(SpdyFramerTest, PushPromiseFrameFlags) {
     framer.set_visitor(&visitor);
     framer.set_debug_visitor(&debug_visitor);
 
-    EXPECT_CALL(debug_visitor, OnSendCompressedFrame(42, PUSH_PROMISE, _, _));
+    EXPECT_CALL(debug_visitor,
+                OnSendCompressedFrame(client_id, PUSH_PROMISE, _, _));
 
-    SpdyPushPromiseIR push_promise(42, 57);
+    SpdyPushPromiseIR push_promise(client_id, promised_id);
     push_promise.SetHeader("foo", "bar");
     SpdySerializedFrame frame(framer.SerializePushPromise(push_promise));
     // TODO(jgraettinger): Add padding to SpdyPushPromiseIR,
     // and implement framing.
     SetFrameFlags(&frame, flags & ~HEADERS_FLAG_PADDED, spdy_version_);
 
-    if (flags & ~(PUSH_PROMISE_FLAG_END_PUSH_PROMISE | HEADERS_FLAG_PADDED)) {
-      EXPECT_CALL(visitor, OnError(_));
-    } else {
-      EXPECT_CALL(debug_visitor, OnReceiveCompressedFrame(42, PUSH_PROMISE, _));
-      EXPECT_CALL(visitor, OnPushPromise(42, 57,
-          flags & PUSH_PROMISE_FLAG_END_PUSH_PROMISE));
-      EXPECT_CALL(visitor, OnControlFrameHeaderData(42, _, _))
-          .WillRepeatedly(testing::Return(true));
-    }
+    bool end = flags & PUSH_PROMISE_FLAG_END_PUSH_PROMISE;
+    EXPECT_CALL(debug_visitor,
+                OnReceiveCompressedFrame(client_id, PUSH_PROMISE, _));
+    EXPECT_CALL(visitor, OnPushPromise(client_id, promised_id, end));
+    EXPECT_CALL(visitor, OnControlFrameHeaderData(client_id, _, _))
+        .WillRepeatedly(testing::Return(true));
 
     framer.ProcessInput(frame.data(), frame.size());
-    if (flags & ~(PUSH_PROMISE_FLAG_END_PUSH_PROMISE | HEADERS_FLAG_PADDED)) {
-      EXPECT_EQ(SpdyFramer::SPDY_ERROR, framer.state());
-      EXPECT_EQ(SpdyFramer::SPDY_INVALID_CONTROL_FRAME_FLAGS,
-                framer.error_code())
-          << SpdyFramer::ErrorCodeToString(framer.error_code());
-    } else {
-      EXPECT_EQ(SpdyFramer::SPDY_READY_FOR_FRAME, framer.state());
-      EXPECT_EQ(SpdyFramer::SPDY_NO_ERROR, framer.error_code())
-          << SpdyFramer::ErrorCodeToString(framer.error_code());
-    }
+    EXPECT_EQ(SpdyFramer::SPDY_READY_FOR_FRAME, framer.state());
+    EXPECT_EQ(SpdyFramer::SPDY_NO_ERROR, framer.error_code())
+        << SpdyFramer::ErrorCodeToString(framer.error_code());
   } while (++flags != 0);
 }
 
@@ -5186,7 +5197,8 @@ TEST_P(SpdyFramerTest, ContinuationFrameFlags) {
 
   uint8_t flags = 0;
   do {
-    SCOPED_TRACE(testing::Message() << "Flags " << flags);
+    SCOPED_TRACE(testing::Message() << "Flags " << flags << std::hex
+                                    << static_cast<int>(flags));
 
     testing::StrictMock<test::MockSpdyFramerVisitor> visitor;
     testing::StrictMock<test::MockDebugVisitor> debug_visitor;
@@ -5210,28 +5222,16 @@ TEST_P(SpdyFramerTest, ContinuationFrameFlags) {
     SpdySerializedFrame frame(framer.SerializeContinuation(continuation));
     SetFrameFlags(&frame, flags, spdy_version_);
 
-    if (flags & ~(HEADERS_FLAG_END_HEADERS)) {
-      EXPECT_CALL(visitor, OnError(_));
-    } else {
-      EXPECT_CALL(debug_visitor, OnReceiveCompressedFrame(42, CONTINUATION, _));
-      EXPECT_CALL(visitor, OnContinuation(42,
-                                          flags & HEADERS_FLAG_END_HEADERS));
-      EXPECT_CALL(visitor, OnControlFrameHeaderData(42, _, _))
-          .WillRepeatedly(testing::Return(true));
-    }
+    EXPECT_CALL(debug_visitor, OnReceiveCompressedFrame(42, CONTINUATION, _));
+    EXPECT_CALL(visitor, OnContinuation(42, flags & HEADERS_FLAG_END_HEADERS));
+    EXPECT_CALL(visitor, OnControlFrameHeaderData(42, _, _))
+        .WillRepeatedly(testing::Return(true));
 
     framer.ProcessInput(frame0.data(), frame0.size());
     framer.ProcessInput(frame.data(), frame.size());
-    if (flags & ~(HEADERS_FLAG_END_HEADERS)) {
-      EXPECT_EQ(SpdyFramer::SPDY_ERROR, framer.state());
-      EXPECT_EQ(SpdyFramer::SPDY_INVALID_CONTROL_FRAME_FLAGS,
-                framer.error_code())
-          << SpdyFramer::ErrorCodeToString(framer.error_code());
-    } else {
-      EXPECT_EQ(SpdyFramer::SPDY_READY_FOR_FRAME, framer.state());
-      EXPECT_EQ(SpdyFramer::SPDY_NO_ERROR, framer.error_code())
-          << SpdyFramer::ErrorCodeToString(framer.error_code());
-    }
+    EXPECT_EQ(SpdyFramer::SPDY_READY_FOR_FRAME, framer.state());
+    EXPECT_EQ(SpdyFramer::SPDY_NO_ERROR, framer.error_code())
+        << SpdyFramer::ErrorCodeToString(framer.error_code());
   } while (++flags != 0);
 }
 
@@ -5449,10 +5449,9 @@ TEST_P(SpdyFramerTest, OnAltSvc) {
   framer.set_visitor(&visitor);
 
   SpdyAltSvcWireFormat::AlternativeService altsvc1(
-      "pid1", "host", 443, 5, 1.0, SpdyAltSvcWireFormat::VersionVector());
+      "pid1", "host", 443, 5, SpdyAltSvcWireFormat::VersionVector());
   SpdyAltSvcWireFormat::AlternativeService altsvc2(
-      "p\"=i:d", "h_\\o\"st", 123, 42, 0.2,
-      SpdyAltSvcWireFormat::VersionVector{24});
+      "p\"=i:d", "h_\\o\"st", 123, 42, SpdyAltSvcWireFormat::VersionVector{24});
   SpdyAltSvcWireFormat::AlternativeServiceVector altsvc_vector;
   altsvc_vector.push_back(altsvc1);
   altsvc_vector.push_back(altsvc2);
@@ -5483,10 +5482,9 @@ TEST_P(SpdyFramerTest, OnAltSvcNoOrigin) {
   framer.set_visitor(&visitor);
 
   SpdyAltSvcWireFormat::AlternativeService altsvc1(
-      "pid1", "host", 443, 5, 1.0, SpdyAltSvcWireFormat::VersionVector());
+      "pid1", "host", 443, 5, SpdyAltSvcWireFormat::VersionVector());
   SpdyAltSvcWireFormat::AlternativeService altsvc2(
-      "p\"=i:d", "h_\\o\"st", 123, 42, 0.2,
-      SpdyAltSvcWireFormat::VersionVector{24});
+      "p\"=i:d", "h_\\o\"st", 123, 42, SpdyAltSvcWireFormat::VersionVector{24});
   SpdyAltSvcWireFormat::AlternativeServiceVector altsvc_vector;
   altsvc_vector.push_back(altsvc1);
   altsvc_vector.push_back(altsvc2);
@@ -5517,9 +5515,9 @@ TEST_P(SpdyFramerTest, OnAltSvcEmptyProtocolId) {
   SpdyAltSvcIR altsvc_ir(1);
   altsvc_ir.set_origin("o1");
   altsvc_ir.add_altsvc(SpdyAltSvcWireFormat::AlternativeService(
-      "pid1", "host", 443, 5, 1.0, SpdyAltSvcWireFormat::VersionVector()));
+      "pid1", "host", 443, 5, SpdyAltSvcWireFormat::VersionVector()));
   altsvc_ir.add_altsvc(SpdyAltSvcWireFormat::AlternativeService(
-      "", "h1", 443, 10, 1.0, SpdyAltSvcWireFormat::VersionVector()));
+      "", "h1", 443, 10, SpdyAltSvcWireFormat::VersionVector()));
   SpdySerializedFrame frame(framer.SerializeFrame(altsvc_ir));
   framer.ProcessInput(frame.data(), frame.size());
 
@@ -5540,7 +5538,7 @@ TEST_P(SpdyFramerTest, OnAltSvcBadLengths) {
   framer.set_visitor(&visitor);
 
   SpdyAltSvcWireFormat::AlternativeService altsvc(
-      "pid", "h1", 443, 10, 1.0, SpdyAltSvcWireFormat::VersionVector());
+      "pid", "h1", 443, 10, SpdyAltSvcWireFormat::VersionVector());
   SpdyAltSvcWireFormat::AlternativeServiceVector altsvc_vector;
   altsvc_vector.push_back(altsvc);
   EXPECT_CALL(visitor, OnAltSvc(kStreamId, StringPiece("o1"), altsvc_vector));
@@ -5565,10 +5563,9 @@ TEST_P(SpdyFramerTest, ReadChunkedAltSvcFrame) {
   SpdyFramer framer(spdy_version_);
   SpdyAltSvcIR altsvc_ir(1);
   SpdyAltSvcWireFormat::AlternativeService altsvc1(
-      "pid1", "host", 443, 5, 1.0, SpdyAltSvcWireFormat::VersionVector());
+      "pid1", "host", 443, 5, SpdyAltSvcWireFormat::VersionVector());
   SpdyAltSvcWireFormat::AlternativeService altsvc2(
-      "p\"=i:d", "h_\\o\"st", 123, 42, 0.2,
-      SpdyAltSvcWireFormat::VersionVector{24});
+      "p\"=i:d", "h_\\o\"st", 123, 42, SpdyAltSvcWireFormat::VersionVector{24});
   altsvc_ir.add_altsvc(altsvc1);
   altsvc_ir.add_altsvc(altsvc2);
 
@@ -5679,8 +5676,11 @@ TEST_P(SpdyFramerTest, ReadIncorrectlySizedPing) {
 
   // PING frame of size 4, which isn't correct.
   const unsigned char kFrameData[] = {
-      0x00, 0x00, 0x04, 0x06, 0x00, 0x00, 0x00,
-      0x00, 0x03, 0x00, 0x00, 0x00, 0x01,
+      0x00, 0x00, 0x04,        // Length
+      0x06,                    // Type (PING)
+      0x00,                    // Flags
+      0x00, 0x00, 0x00, 0x00,  // Stream id
+      0x00, 0x00, 0x00, 0x01,  // Opaque data
   };
 
   TestSpdyVisitor visitor(spdy_version_);
@@ -5736,7 +5736,7 @@ TEST_P(SpdyFramerTest, ReadIncorrectlySizedRstStream) {
 // to ProcessInput (i.e. will not be calling set_process_single_input_frame()).
 TEST_P(SpdyFramerTest, ProcessAllInput) {
   SpdyFramer framer(spdy_version_);
-  scoped_ptr<TestSpdyVisitor> visitor(new TestSpdyVisitor(spdy_version_));
+  std::unique_ptr<TestSpdyVisitor> visitor(new TestSpdyVisitor(spdy_version_));
   framer.set_visitor(visitor.get());
 
   // Create two input frames.
@@ -5759,8 +5759,8 @@ TEST_P(SpdyFramerTest, ProcessAllInput) {
   const size_t frame1_size = frame1.size();
   const size_t frame2_size = frame2.size();
 
-  LOG(INFO) << "frame1_size = " << frame1_size;
-  LOG(INFO) << "frame2_size = " << frame2_size;
+  VLOG(1) << "frame1_size = " << frame1_size;
+  VLOG(1) << "frame2_size = " << frame2_size;
 
   string input_buffer;
   input_buffer.append(frame1.data(), frame1_size);
@@ -5769,7 +5769,7 @@ TEST_P(SpdyFramerTest, ProcessAllInput) {
   const char* buf = input_buffer.data();
   const size_t buf_size = input_buffer.size();
 
-  LOG(INFO) << "buf_size = " << buf_size;
+  VLOG(1) << "buf_size = " << buf_size;
 
   size_t processed = framer.ProcessInput(buf, buf_size);
   EXPECT_EQ(buf_size, processed);
@@ -5786,7 +5786,7 @@ TEST_P(SpdyFramerTest, ProcessAllInput) {
 TEST_P(SpdyFramerTest, ProcessAtMostOneFrame) {
   SpdyFramer framer(spdy_version_);
   framer.set_process_single_input_frame(true);
-  scoped_ptr<TestSpdyVisitor> visitor;
+  std::unique_ptr<TestSpdyVisitor> visitor;
 
   // Create two input frames.
   const char four_score[] = "Four score and ...";
@@ -5807,8 +5807,8 @@ TEST_P(SpdyFramerTest, ProcessAtMostOneFrame) {
   const size_t frame1_size = frame1.size();
   const size_t frame2_size = frame2.size();
 
-  LOG(INFO) << "frame1_size = " << frame1_size;
-  LOG(INFO) << "frame2_size = " << frame2_size;
+  VLOG(1) << "frame1_size = " << frame1_size;
+  VLOG(1) << "frame2_size = " << frame2_size;
 
   string input_buffer;
   input_buffer.append(frame1.data(), frame1_size);
@@ -5817,10 +5817,10 @@ TEST_P(SpdyFramerTest, ProcessAtMostOneFrame) {
   const char* buf = input_buffer.data();
   const size_t buf_size = input_buffer.size();
 
-  LOG(INFO) << "buf_size = " << buf_size;
+  VLOG(1) << "buf_size = " << buf_size;
 
   for (size_t first_size = 0; first_size <= buf_size; ++first_size) {
-    LOG(INFO) << "first_size = " << first_size;
+    VLOG(1) << "first_size = " << first_size;
     visitor.reset(new TestSpdyVisitor(spdy_version_));
     framer.set_visitor(visitor.get());
 
@@ -5838,7 +5838,7 @@ TEST_P(SpdyFramerTest, ProcessAtMostOneFrame) {
 
       const char* rest = buf + processed_first;
       const size_t remaining = buf_size - processed_first;
-      LOG(INFO) << "remaining = " << remaining;
+      VLOG(1) << "remaining = " << remaining;
 
       size_t processed_second = framer.ProcessInput(rest, remaining);
 
diff --git a/chromium/net/spdy/spdy_header_block.cc b/chromium/net/spdy/spdy_header_block.cc
index b24085fea02..fbcfcdcc376 100644
--- a/chromium/net/spdy/spdy_header_block.cc
+++ b/chromium/net/spdy/spdy_header_block.cc
@@ -85,7 +85,7 @@ class SpdyHeaderBlock::Storage {
 
  private:
   // TODO(bnc): As soon as move semantics are allowed, change from naked pointer
-  // to scoped_ptr<>, or better yet, unique_ptr<>.
+  // to std::unique_ptr<>, or better yet, unique_ptr<>.
   struct Block {
     char* data;
     size_t size = 0;
@@ -210,6 +210,11 @@ SpdyHeaderBlock::StringPieceProxy SpdyHeaderBlock::operator[](
   return StringPieceProxy(&block_, storage_.get(), iter, out_key);
 }
 
+StringPiece SpdyHeaderBlock::GetHeader(const StringPiece key) const {
+  auto iter = block_.find(key);
+  return iter == block_.end() ? StringPiece() : iter->second;
+}
+
 void SpdyHeaderBlock::ReplaceOrAppendHeader(const StringPiece key,
                                             const StringPiece value) {
   // TODO(birenroy): Write new value in place of old value, if it fits.
@@ -228,10 +233,10 @@ void SpdyHeaderBlock::AppendHeader(const StringPiece key,
   block_.insert(make_pair(storage_->Write(key), storage_->Write(value)));
 }
 
-scoped_ptr<base::Value> SpdyHeaderBlockNetLogCallback(
+std::unique_ptr<base::Value> SpdyHeaderBlockNetLogCallback(
     const SpdyHeaderBlock* headers,
     NetLogCaptureMode capture_mode) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   base::DictionaryValue* headers_dict = new base::DictionaryValue();
   for (SpdyHeaderBlock::const_iterator it = headers->begin();
        it != headers->end(); ++it) {
diff --git a/chromium/net/spdy/spdy_header_block.h b/chromium/net/spdy/spdy_header_block.h
index 58d6cf4cdd8..43b4ea13a7e 100644
--- a/chromium/net/spdy/spdy_header_block.h
+++ b/chromium/net/spdy/spdy_header_block.h
@@ -11,7 +11,6 @@
 #include <memory>
 #include <string>
 
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_piece.h"
 #include "net/base/linked_hash_map.h"
 #include "net/base/net_export.h"
@@ -83,6 +82,11 @@ class NET_EXPORT SpdyHeaderBlock {
   // Allows either lookup or mutation of the value associated with a key.
   StringPieceProxy operator[](const base::StringPiece key);
 
+  // Non-mutating lookup of header value. Returns empty StringPiece if key not
+  // present. To distinguish between absence of header and empty header value,
+  // use find().
+  base::StringPiece GetHeader(const base::StringPiece key) const;
+
   // This object provides automatic conversions that allow SpdyHeaderBlock to be
   // nearly a drop-in replacement for linked_hash_map<string, string>. It reads
   // data from or writes data to a SpdyHeaderBlock::Storage.
@@ -126,11 +130,11 @@ class NET_EXPORT SpdyHeaderBlock {
   void AppendHeader(const base::StringPiece key, const base::StringPiece value);
 
   MapType block_;
-  scoped_ptr<Storage> storage_;
+  std::unique_ptr<Storage> storage_;
 };
 
 // Converts a SpdyHeaderBlock into NetLog event parameters.
-NET_EXPORT scoped_ptr<base::Value> SpdyHeaderBlockNetLogCallback(
+NET_EXPORT std::unique_ptr<base::Value> SpdyHeaderBlockNetLogCallback(
     const SpdyHeaderBlock* headers,
     NetLogCaptureMode capture_mode);
 
diff --git a/chromium/net/spdy/spdy_header_block_test.cc b/chromium/net/spdy/spdy_header_block_test.cc
index ec2b665106c..a263f2a136d 100644
--- a/chromium/net/spdy/spdy_header_block_test.cc
+++ b/chromium/net/spdy/spdy_header_block_test.cc
@@ -4,9 +4,9 @@
 
 #include "net/spdy/spdy_header_block.h"
 
+#include <memory>
 #include <utility>
 
-#include "base/memory/scoped_ptr.h"
 #include "base/values.h"
 #include "net/log/net_log.h"
 #include "net/spdy/spdy_test_utils.h"
@@ -30,6 +30,7 @@ TEST(SpdyHeaderBlockTest, EmptyBlock) {
   EXPECT_TRUE(block.empty());
   EXPECT_EQ(0u, block.size());
   EXPECT_EQ(block.end(), block.find("foo"));
+  EXPECT_EQ("", block.GetHeader("foo"));
   EXPECT_TRUE(block.end() == block.begin());
 
   // Should have no effect.
@@ -47,12 +48,15 @@ TEST(SpdyHeaderBlockTest, AddHeaders) {
 
   EXPECT_EQ(Pair("foo", string(300, 'x')), *block1.find("foo"));
   EXPECT_EQ("baz", block1["bar"]);
+  EXPECT_EQ("baz", block1.GetHeader("bar"));
   string qux("qux");
   EXPECT_EQ("qux2", block1[qux]);
+  EXPECT_EQ("qux2", block1.GetHeader(qux));
   EXPECT_EQ(Pair("key", "value"), *block1.find("key"));
 
   block1.erase("key");
   EXPECT_EQ(block1.end(), block1.find("key"));
+  EXPECT_EQ("", block1.GetHeader("key"));
 }
 
 // This test verifies that SpdyHeaderBlock can be copied.
@@ -76,7 +80,7 @@ TEST(SpdyHeaderBlockTest, ToNetLogParamAndBackAgain) {
   headers["A"] = "a";
   headers["B"] = "b";
 
-  scoped_ptr<base::Value> event_param(SpdyHeaderBlockNetLogCallback(
+  std::unique_ptr<base::Value> event_param(SpdyHeaderBlockNetLogCallback(
       &headers, NetLogCaptureMode::IncludeCookiesAndCredentials()));
 
   SpdyHeaderBlock headers2;
diff --git a/chromium/net/spdy/spdy_headers_block_parser.cc b/chromium/net/spdy/spdy_headers_block_parser.cc
index 83a216028d8..d5f03413a18 100644
--- a/chromium/net/spdy/spdy_headers_block_parser.cc
+++ b/chromium/net/spdy/spdy_headers_block_parser.cc
@@ -5,6 +5,7 @@
 #include "net/spdy/spdy_headers_block_parser.h"
 
 #include "base/sys_byteorder.h"
+#include "net/spdy/spdy_bug_tracker.h"
 
 namespace net {
 namespace {
@@ -45,7 +46,7 @@ bool SpdyHeadersBlockParser::HandleControlFrameHeadersData(
     error_ = NO_PARSER_ERROR;
   }
   if (error_ != NO_PARSER_ERROR) {
-    LOG(DFATAL) << "Unexpected error: " << error_;
+    SPDY_BUG << "Unexpected error: " << error_;
     return false;
   }
 
@@ -55,13 +56,13 @@ bool SpdyHeadersBlockParser::HandleControlFrameHeadersData(
     stream_id_ = stream_id;
   }
   if (stream_id != stream_id_) {
-    LOG(DFATAL) << "Unexpected stream id: " << stream_id << " (expected "
-                << stream_id_ << ")";
+    SPDY_BUG << "Unexpected stream id: " << stream_id << " (expected "
+             << stream_id_ << ")";
     error_ = UNEXPECTED_STREAM_ID;
     return false;
   }
   if (stream_id_ == kInvalidStreamId) {
-    LOG(DFATAL) << "Expected nonzero stream id, saw: " << stream_id_;
+    SPDY_BUG << "Expected nonzero stream id, saw: " << stream_id_;
     error_ = UNEXPECTED_STREAM_ID;
     return false;
   }
diff --git a/chromium/net/spdy/spdy_headers_block_parser.h b/chromium/net/spdy/spdy_headers_block_parser.h
index 4ee8760dc7d..8e2db8b4ca4 100644
--- a/chromium/net/spdy/spdy_headers_block_parser.h
+++ b/chromium/net/spdy/spdy_headers_block_parser.h
@@ -8,8 +8,9 @@
 #include <stddef.h>
 #include <stdint.h>
 
+#include <memory>
+
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_piece.h"
 #include "net/base/net_export.h"
 #include "net/spdy/spdy_headers_handler_interface.h"
diff --git a/chromium/net/spdy/spdy_headers_block_parser_test.cc b/chromium/net/spdy/spdy_headers_block_parser_test.cc
index 85beb6cd7b4..2f80fdc3f81 100644
--- a/chromium/net/spdy/spdy_headers_block_parser_test.cc
+++ b/chromium/net/spdy/spdy_headers_block_parser_test.cc
@@ -4,11 +4,12 @@
 
 #include "net/spdy/spdy_headers_block_parser.h"
 
+#include <memory>
 #include <string>
 
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/sys_byteorder.h"
+#include "net/spdy/spdy_test_utils.h"
 #include "net/test/gtest_util.h"
 #include "testing/gmock/include/gmock/gmock.h"
 #include "testing/gtest/include/gtest/gtest.h"
@@ -86,7 +87,7 @@ class SpdyHeadersBlockParserTest :
   SpdyMajorVersion spdy_version_;
 
   MockSpdyHeadersHandler handler_;
-  scoped_ptr<SpdyHeadersBlockParser> parser_;
+  std::unique_ptr<SpdyHeadersBlockParser> parser_;
 
   static const char *const kBaseKey;
   static const char *const kBaseValue;
@@ -247,7 +248,7 @@ TEST_P(SpdyHeadersBlockParserTest, WrongStreamIdTest) {
   EXPECT_FALSE(parser_->HandleControlFrameHeadersData(1, headers.data(), 1));
   EXPECT_EQ(SpdyHeadersBlockParser::NEED_MORE_DATA, parser_->get_error());
   bool result;
-  EXPECT_DFATAL(
+  EXPECT_SPDY_BUG(
       result = parser_->HandleControlFrameHeadersData(2, headers.data() + 1, 1),
       "Unexpected stream id: 2 \\(expected 1\\)");
   EXPECT_FALSE(result);
@@ -257,7 +258,7 @@ TEST_P(SpdyHeadersBlockParserTest, WrongStreamIdTest) {
 TEST_P(SpdyHeadersBlockParserTest, InvalidStreamIdTest) {
   string headers(CreateHeaders(kNumHeadersInBlock, false));
   bool result;
-  EXPECT_DFATAL(
+  EXPECT_SPDY_BUG(
       result = parser_->HandleControlFrameHeadersData(0, headers.data(), 1),
       "Expected nonzero stream id, saw: 0");
   EXPECT_FALSE(result);
diff --git a/chromium/net/spdy/spdy_headers_handler_interface.h b/chromium/net/spdy/spdy_headers_handler_interface.h
index a6861afa217..99944c67afb 100644
--- a/chromium/net/spdy/spdy_headers_handler_interface.h
+++ b/chromium/net/spdy/spdy_headers_handler_interface.h
@@ -8,12 +8,13 @@
 #include <stddef.h>
 
 #include "base/strings/string_piece.h"
+#include "net/base/net_export.h"
 
 namespace net {
 
 // This interface defines how an object that accepts header data should behave.
 // It is used by both SpdyHeadersBlockParser and HpackDecoder.
-class SpdyHeadersHandlerInterface {
+class NET_EXPORT_PRIVATE SpdyHeadersHandlerInterface {
  public:
   virtual ~SpdyHeadersHandlerInterface() {}
 
diff --git a/chromium/net/spdy/spdy_http_stream.cc b/chromium/net/spdy/spdy_http_stream.cc
index 4fdbc0e918e..259581a5229 100644
--- a/chromium/net/spdy/spdy_http_stream.cc
+++ b/chromium/net/spdy/spdy_http_stream.cc
@@ -14,7 +14,7 @@
 #include "base/logging.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/stringprintf.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/values.h"
 #include "net/base/host_port_pair.h"
 #include "net/base/upload_data_stream.h"
@@ -29,6 +29,8 @@
 
 namespace net {
 
+const size_t SpdyHttpStream::kRequestBodyBufferSize = 1 << 14;  // 16KB
+
 SpdyHttpStream::SpdyHttpStream(const base::WeakPtr<SpdySession>& spdy_session,
                                bool direct)
     : spdy_session_(spdy_session),
@@ -232,9 +234,7 @@ int SpdyHttpStream::SendRequest(const HttpRequestHeaders& request_headers,
 
   CHECK(!request_body_buf_.get());
   if (HasUploadData()) {
-    // Use kMaxSpdyFrameChunkSize as the buffer size, since the request
-    // body data is written with this size at a time.
-    request_body_buf_ = new IOBufferWithSize(kMaxSpdyFrameChunkSize);
+    request_body_buf_ = new IOBufferWithSize(kRequestBodyBufferSize);
     // The request body buffer is empty at first.
     request_body_buf_size_ = 0;
   }
@@ -274,7 +274,7 @@ int SpdyHttpStream::SendRequest(const HttpRequestHeaders& request_headers,
     return ERR_IO_PENDING;
   }
 
-  scoped_ptr<SpdyHeaderBlock> headers(new SpdyHeaderBlock);
+  std::unique_ptr<SpdyHeaderBlock> headers(new SpdyHeaderBlock);
   CreateSpdyHeadersFromHttpRequest(*request_info_, request_headers,
                                    stream_->GetProtocolVersion(), direct_,
                                    headers.get());
@@ -351,7 +351,7 @@ SpdyResponseHeadersStatus SpdyHttpStream::OnResponseHeadersUpdated(
   return RESPONSE_HEADERS_ARE_COMPLETE;
 }
 
-void SpdyHttpStream::OnDataReceived(scoped_ptr<SpdyBuffer> buffer) {
+void SpdyHttpStream::OnDataReceived(std::unique_ptr<SpdyBuffer> buffer) {
   CHECK_EQ(response_headers_status_, RESPONSE_HEADERS_ARE_COMPLETE);
 
   // Note that data may be received for a SpdyStream prior to the user calling
diff --git a/chromium/net/spdy/spdy_http_stream.h b/chromium/net/spdy/spdy_http_stream.h
index 76130d8c641..25d60e352fc 100644
--- a/chromium/net/spdy/spdy_http_stream.h
+++ b/chromium/net/spdy/spdy_http_stream.h
@@ -32,6 +32,7 @@ class UploadDataStream;
 class NET_EXPORT_PRIVATE SpdyHttpStream : public SpdyStream::Delegate,
                                           public HttpStream {
  public:
+  static const size_t kRequestBodyBufferSize;
   // |spdy_session| must not be NULL.
   SpdyHttpStream(const base::WeakPtr<SpdySession>& spdy_session, bool direct);
   ~SpdyHttpStream() override;
@@ -89,7 +90,7 @@ class NET_EXPORT_PRIVATE SpdyHttpStream : public SpdyStream::Delegate,
   void OnRequestHeadersSent() override;
   SpdyResponseHeadersStatus OnResponseHeadersUpdated(
       const SpdyHeaderBlock& response_headers) override;
-  void OnDataReceived(scoped_ptr<SpdyBuffer> buffer) override;
+  void OnDataReceived(std::unique_ptr<SpdyBuffer> buffer) override;
   void OnDataSent() override;
   void OnTrailers(const SpdyHeaderBlock& trailers) override;
   void OnClose(int status) override;
@@ -147,7 +148,7 @@ class NET_EXPORT_PRIVATE SpdyHttpStream : public SpdyStream::Delegate,
   // It is not owned by this stream object, or point to |push_response_info_|.
   HttpResponseInfo* response_info_;
 
-  scoped_ptr<HttpResponseInfo> push_response_info_;
+  std::unique_ptr<HttpResponseInfo> push_response_info_;
 
   // We don't use SpdyStream's |response_header_status_| as we
   // sometimes call back into our delegate before it is updated.
diff --git a/chromium/net/spdy/spdy_http_stream_unittest.cc b/chromium/net/spdy/spdy_http_stream_unittest.cc
index 9ef70cede19..a6d4a12abb1 100644
--- a/chromium/net/spdy/spdy_http_stream_unittest.cc
+++ b/chromium/net/spdy/spdy_http_stream_unittest.cc
@@ -6,7 +6,8 @@
 
 #include <stdint.h>
 
-#include "base/memory/scoped_ptr.h"
+#include <memory>
+
 #include "base/message_loop/message_loop.h"
 #include "base/run_loop.h"
 #include "base/stl_util.h"
@@ -126,8 +127,8 @@ class SpdyHttpStreamTest : public testing::Test,
   SpdyTestUtil spdy_util_;
   TestNetLog net_log_;
   SpdySessionDependencies session_deps_;
-  scoped_ptr<SequencedSocketData> sequenced_data_;
-  scoped_ptr<HttpNetworkSession> http_session_;
+  std::unique_ptr<SequencedSocketData> sequenced_data_;
+  std::unique_ptr<HttpNetworkSession> http_session_;
   base::WeakPtr<SpdySession> session_;
 
  private:
@@ -162,12 +163,12 @@ TEST_P(SpdyHttpStreamTest, GetUploadProgressBeforeInitialization) {
 }
 
 TEST_P(SpdyHttpStreamTest, SendRequest) {
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
   MockWrite writes[] = {
       CreateMockWrite(*req.get(), 0),
   };
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
   MockRead reads[] = {
       CreateMockRead(*resp, 1), MockRead(SYNCHRONOUS, 0, 2)  // EOF
@@ -185,7 +186,8 @@ TEST_P(SpdyHttpStreamTest, SendRequest) {
   HttpResponseInfo response;
   HttpRequestHeaders headers;
   BoundNetLog net_log;
-  scoped_ptr<SpdyHttpStream> http_stream(new SpdyHttpStream(session_, true));
+  std::unique_ptr<SpdyHttpStream> http_stream(
+      new SpdyHttpStream(session_, true));
   // Make sure getting load timing information the stream early does not crash.
   LoadTimingInfo load_timing_info;
   EXPECT_FALSE(http_stream->GetLoadTimingInfo(&load_timing_info));
@@ -223,21 +225,21 @@ TEST_P(SpdyHttpStreamTest, SendRequest) {
 }
 
 TEST_P(SpdyHttpStreamTest, LoadTimingTwoRequests) {
-  scoped_ptr<SpdySerializedFrame> req1(
+  std::unique_ptr<SpdySerializedFrame> req1(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> req2(
+  std::unique_ptr<SpdySerializedFrame> req2(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 3, LOWEST, true));
   MockWrite writes[] = {
     CreateMockWrite(*req1, 0),
     CreateMockWrite(*req2, 1),
   };
-  scoped_ptr<SpdySerializedFrame> resp1(
+  std::unique_ptr<SpdySerializedFrame> resp1(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> body1(
+  std::unique_ptr<SpdySerializedFrame> body1(
       spdy_util_.ConstructSpdyBodyFrame(1, "", 0, true));
-  scoped_ptr<SpdySerializedFrame> resp2(
+  std::unique_ptr<SpdySerializedFrame> resp2(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 3));
-  scoped_ptr<SpdySerializedFrame> body2(
+  std::unique_ptr<SpdySerializedFrame> body2(
       spdy_util_.ConstructSpdyBodyFrame(3, "", 0, true));
   MockRead reads[] = {
     CreateMockRead(*resp1, 2),
@@ -258,7 +260,8 @@ TEST_P(SpdyHttpStreamTest, LoadTimingTwoRequests) {
   TestCompletionCallback callback1;
   HttpResponseInfo response1;
   HttpRequestHeaders headers1;
-  scoped_ptr<SpdyHttpStream> http_stream1(new SpdyHttpStream(session_, true));
+  std::unique_ptr<SpdyHttpStream> http_stream1(
+      new SpdyHttpStream(session_, true));
 
   HttpRequestInfo request2;
   request2.method = "GET";
@@ -266,7 +269,8 @@ TEST_P(SpdyHttpStreamTest, LoadTimingTwoRequests) {
   TestCompletionCallback callback2;
   HttpResponseInfo response2;
   HttpRequestHeaders headers2;
-  scoped_ptr<SpdyHttpStream> http_stream2(new SpdyHttpStream(session_, true));
+  std::unique_ptr<SpdyHttpStream> http_stream2(
+      new SpdyHttpStream(session_, true));
 
   // First write.
   ASSERT_EQ(OK,
@@ -325,16 +329,16 @@ TEST_P(SpdyHttpStreamTest, LoadTimingTwoRequests) {
 TEST_P(SpdyHttpStreamTest, SendChunkedPost) {
   BufferedSpdyFramer framer(spdy_util_.spdy_version());
 
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructChunkedSpdyPost(NULL, 0));
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       framer.CreateDataFrame(1, kUploadData, kUploadDataSize, DATA_FLAG_FIN));
   MockWrite writes[] = {
       CreateMockWrite(*req, 0),  // request
       CreateMockWrite(*body, 1)  // POST upload frame
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyPostSynReply(NULL, 0));
   MockRead reads[] = {
       CreateMockRead(*resp, 2),
@@ -390,16 +394,16 @@ TEST_P(SpdyHttpStreamTest, SendChunkedPost) {
 TEST_P(SpdyHttpStreamTest, ConnectionClosedDuringChunkedPost) {
   BufferedSpdyFramer framer(spdy_util_.spdy_version());
 
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructChunkedSpdyPost(NULL, 0));
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       framer.CreateDataFrame(1, kUploadData, kUploadDataSize, DATA_FLAG_NONE));
   MockWrite writes[] = {
       CreateMockWrite(*req, 0),  // Request
       CreateMockWrite(*body, 1)  // First POST upload frame
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyPostSynReply(NULL, 0));
   MockRead reads[] = {
       MockRead(ASYNC, ERR_CONNECTION_CLOSED, 2)  // Server hangs up early.
@@ -461,13 +465,13 @@ TEST_P(SpdyHttpStreamTest, ConnectionClosedDuringChunkedPost) {
 TEST_P(SpdyHttpStreamTest, DelayedSendChunkedPost) {
   const char kUploadData1[] = "12345678";
   const int kUploadData1Size = arraysize(kUploadData1)-1;
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructChunkedSpdyPost(NULL, 0));
-  scoped_ptr<SpdySerializedFrame> chunk1(
+  std::unique_ptr<SpdySerializedFrame> chunk1(
       spdy_util_.ConstructSpdyBodyFrame(1, false));
-  scoped_ptr<SpdySerializedFrame> chunk2(spdy_util_.ConstructSpdyBodyFrame(
+  std::unique_ptr<SpdySerializedFrame> chunk2(spdy_util_.ConstructSpdyBodyFrame(
       1, kUploadData1, kUploadData1Size, false));
-  scoped_ptr<SpdySerializedFrame> chunk3(
+  std::unique_ptr<SpdySerializedFrame> chunk3(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockWrite writes[] = {
     CreateMockWrite(*req.get(), 0),
@@ -475,7 +479,7 @@ TEST_P(SpdyHttpStreamTest, DelayedSendChunkedPost) {
     CreateMockWrite(*chunk2, 2),
     CreateMockWrite(*chunk3, 3),
   };
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyPostSynReply(NULL, 0));
   MockRead reads[] = {
     CreateMockRead(*resp, 4),
@@ -501,7 +505,8 @@ TEST_P(SpdyHttpStreamTest, DelayedSendChunkedPost) {
   upload_stream.AppendData(kUploadData, kUploadDataSize, false);
 
   BoundNetLog net_log;
-  scoped_ptr<SpdyHttpStream> http_stream(new SpdyHttpStream(session_, true));
+  std::unique_ptr<SpdyHttpStream> http_stream(
+      new SpdyHttpStream(session_, true));
   ASSERT_EQ(OK, http_stream->InitializeStream(&request, DEFAULT_PRIORITY,
                                               net_log, CompletionCallback()));
 
@@ -564,18 +569,18 @@ TEST_P(SpdyHttpStreamTest, DelayedSendChunkedPost) {
 // Test that the SpdyStream state machine can handle sending a final empty data
 // frame when uploading a chunked data stream.
 TEST_P(SpdyHttpStreamTest, DelayedSendChunkedPostWithEmptyFinalDataFrame) {
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructChunkedSpdyPost(NULL, 0));
-  scoped_ptr<SpdySerializedFrame> chunk1(
+  std::unique_ptr<SpdySerializedFrame> chunk1(
       spdy_util_.ConstructSpdyBodyFrame(1, false));
-  scoped_ptr<SpdySerializedFrame> chunk2(
+  std::unique_ptr<SpdySerializedFrame> chunk2(
       spdy_util_.ConstructSpdyBodyFrame(1, "", 0, true));
   MockWrite writes[] = {
     CreateMockWrite(*req.get(), 0),
     CreateMockWrite(*chunk1, 1),  // POST upload frames
     CreateMockWrite(*chunk2, 2),
   };
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyPostSynReply(NULL, 0));
   MockRead reads[] = {
     CreateMockRead(*resp, 3),
@@ -600,7 +605,8 @@ TEST_P(SpdyHttpStreamTest, DelayedSendChunkedPostWithEmptyFinalDataFrame) {
   upload_stream.AppendData(kUploadData, kUploadDataSize, false);
 
   BoundNetLog net_log;
-  scoped_ptr<SpdyHttpStream> http_stream(new SpdyHttpStream(session_, true));
+  std::unique_ptr<SpdyHttpStream> http_stream(
+      new SpdyHttpStream(session_, true));
   ASSERT_EQ(OK, http_stream->InitializeStream(&request, DEFAULT_PRIORITY,
                                               net_log, CompletionCallback()));
 
@@ -656,15 +662,15 @@ TEST_P(SpdyHttpStreamTest, DelayedSendChunkedPostWithEmptyFinalDataFrame) {
 // Test that the SpdyStream state machine handles a chunked upload with no
 // payload. Unclear if this is a case worth supporting.
 TEST_P(SpdyHttpStreamTest, ChunkedPostWithEmptyPayload) {
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructChunkedSpdyPost(NULL, 0));
-  scoped_ptr<SpdySerializedFrame> chunk(
+  std::unique_ptr<SpdySerializedFrame> chunk(
       spdy_util_.ConstructSpdyBodyFrame(1, "", 0, true));
   MockWrite writes[] = {
     CreateMockWrite(*req.get(), 0),
     CreateMockWrite(*chunk, 1),
   };
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyPostSynReply(NULL, 0));
   MockRead reads[] = {
     CreateMockRead(*resp, 2),
@@ -688,7 +694,8 @@ TEST_P(SpdyHttpStreamTest, ChunkedPostWithEmptyPayload) {
   upload_stream.AppendData("", 0, true);
 
   BoundNetLog net_log;
-  scoped_ptr<SpdyHttpStream> http_stream(new SpdyHttpStream(session_, true));
+  std::unique_ptr<SpdyHttpStream> http_stream(
+      new SpdyHttpStream(session_, true));
   ASSERT_EQ(OK, http_stream->InitializeStream(&request, DEFAULT_PRIORITY,
                                               net_log, CompletionCallback()));
 
@@ -728,12 +735,12 @@ TEST_P(SpdyHttpStreamTest, ChunkedPostWithEmptyPayload) {
 TEST_P(SpdyHttpStreamTest, SpdyURLTest) {
   const char* const full_url = "http://www.example.org/foo?query=what#anchor";
   const char* const base_url = "http://www.example.org/foo?query=what";
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(base_url, 1, LOWEST));
   MockWrite writes[] = {
       CreateMockWrite(*req.get(), 0),
   };
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
   MockRead reads[] = {
       CreateMockRead(*resp, 1), MockRead(SYNCHRONOUS, 0, 2)  // EOF
@@ -751,7 +758,8 @@ TEST_P(SpdyHttpStreamTest, SpdyURLTest) {
   HttpResponseInfo response;
   HttpRequestHeaders headers;
   BoundNetLog net_log;
-  scoped_ptr<SpdyHttpStream> http_stream(new SpdyHttpStream(session_, true));
+  std::unique_ptr<SpdyHttpStream> http_stream(
+      new SpdyHttpStream(session_, true));
   ASSERT_EQ(OK,
             http_stream->InitializeStream(
                 &request, DEFAULT_PRIORITY, net_log, CompletionCallback()));
@@ -776,17 +784,17 @@ TEST_P(SpdyHttpStreamTest, SpdyURLTest) {
 // Test the receipt of a WINDOW_UPDATE frame while waiting for a chunk to be
 // made available is handled correctly.
 TEST_P(SpdyHttpStreamTest, DelayedSendChunkedPostWithWindowUpdate) {
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructChunkedSpdyPost(NULL, 0));
-  scoped_ptr<SpdySerializedFrame> chunk1(
+  std::unique_ptr<SpdySerializedFrame> chunk1(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockWrite writes[] = {
     CreateMockWrite(*req.get(), 0),
     CreateMockWrite(*chunk1, 1),
   };
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyPostSynReply(NULL, 0));
-  scoped_ptr<SpdySerializedFrame> window_update(
+  std::unique_ptr<SpdySerializedFrame> window_update(
       spdy_util_.ConstructSpdyWindowUpdate(1, kUploadDataSize));
   MockRead reads[] = {
       CreateMockRead(*window_update, 2),
@@ -812,7 +820,8 @@ TEST_P(SpdyHttpStreamTest, DelayedSendChunkedPostWithWindowUpdate) {
   ASSERT_EQ(OK, upload_stream.Init(TestCompletionCallback().callback()));
 
   BoundNetLog net_log;
-  scoped_ptr<SpdyHttpStream> http_stream(new SpdyHttpStream(session_, true));
+  std::unique_ptr<SpdyHttpStream> http_stream(
+      new SpdyHttpStream(session_, true));
   ASSERT_EQ(OK, http_stream->InitializeStream(&request, DEFAULT_PRIORITY,
                                               net_log, CompletionCallback()));
 
diff --git a/chromium/net/spdy/spdy_network_transaction_unittest.cc b/chromium/net/spdy/spdy_network_transaction_unittest.cc
index 900f1038a45..d1ed0689a22 100644
--- a/chromium/net/spdy/spdy_network_transaction_unittest.cc
+++ b/chromium/net/spdy/spdy_network_transaction_unittest.cc
@@ -2,6 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include <cmath>
+#include <memory>
 #include <string>
 #include <utility>
 #include <vector>
@@ -10,11 +12,11 @@
 #include "base/bind_helpers.h"
 #include "base/files/file_util.h"
 #include "base/files/scoped_temp_dir.h"
-#include "base/memory/scoped_ptr.h"
+#include "base/memory/ptr_util.h"
 #include "base/run_loop.h"
 #include "base/strings/string_piece.h"
 #include "base/test/test_file_util.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/auth.h"
 #include "net/base/chunked_upload_data_stream.h"
 #include "net/base/elements_upload_data_stream.h"
@@ -57,6 +59,8 @@ namespace {
 using testing::Each;
 using testing::Eq;
 
+const int32_t kBufferSize = SpdyHttpStream::kRequestBodyBufferSize;
+
 enum SpdyNetworkTransactionTestSSLType {
   // Request an https:// URL and use NPN (or ALPN) to negotiate SPDY during
   // the TLS handshake.
@@ -109,7 +113,7 @@ void UpdateSpdySessionDependencies(SpdyNetworkTransactionTestParams test_params,
   if (test_params.ssl_type == HTTP_SPDY_VIA_ALT_SVC) {
     base::Time expiration = base::Time::Now() + base::TimeDelta::FromDays(1);
     session_deps->http_server_properties.SetAlternativeService(
-        HostPortPair("www.example.org", 80),
+        url::SchemeHostPort("http", "www.example.org", 80),
         AlternativeService(AlternateProtocolFromNextProto(test_params.protocol),
                            "www.example.org", 443),
         expiration);
@@ -118,19 +122,20 @@ void UpdateSpdySessionDependencies(SpdyNetworkTransactionTestParams test_params,
       test_params.priority_to_dependency;
 }
 
-scoped_ptr<SpdySessionDependencies> CreateSpdySessionDependencies(
+std::unique_ptr<SpdySessionDependencies> CreateSpdySessionDependencies(
     SpdyNetworkTransactionTestParams test_params) {
-  scoped_ptr<SpdySessionDependencies> session_deps(
+  std::unique_ptr<SpdySessionDependencies> session_deps(
       new SpdySessionDependencies(test_params.protocol));
   UpdateSpdySessionDependencies(test_params, session_deps.get());
   return session_deps;
 }
 
-scoped_ptr<SpdySessionDependencies> CreateSpdySessionDependencies(
+std::unique_ptr<SpdySessionDependencies> CreateSpdySessionDependencies(
     SpdyNetworkTransactionTestParams test_params,
-    scoped_ptr<ProxyService> proxy_service) {
-  scoped_ptr<SpdySessionDependencies> session_deps(new SpdySessionDependencies(
-      test_params.protocol, std::move(proxy_service)));
+    std::unique_ptr<ProxyService> proxy_service) {
+  std::unique_ptr<SpdySessionDependencies> session_deps(
+      new SpdySessionDependencies(test_params.protocol,
+                                  std::move(proxy_service)));
   UpdateSpdySessionDependencies(test_params, session_deps.get());
   return session_deps;
 }
@@ -174,7 +179,7 @@ class SpdyNetworkTransactionTest
         RequestPriority priority,
         const BoundNetLog& log,
         SpdyNetworkTransactionTestParams test_params,
-        scoped_ptr<SpdySessionDependencies> session_deps)
+        std::unique_ptr<SpdySessionDependencies> session_deps)
         : request_(request),
           priority_(priority),
           session_deps_(session_deps.get() == NULL
@@ -307,7 +312,7 @@ class SpdyNetworkTransactionTest
 
     void RunToCompletionWithSSLData(
         SocketDataProvider* data,
-        scoped_ptr<SSLSocketDataProvider> ssl_provider) {
+        std::unique_ptr<SSLSocketDataProvider> ssl_provider) {
       RunPreTestSetup();
       AddDataWithSSLSocketDataProvider(data, std::move(ssl_provider));
       RunDefaultTest();
@@ -315,7 +320,7 @@ class SpdyNetworkTransactionTest
     }
 
     void AddData(SocketDataProvider* data) {
-      scoped_ptr<SSLSocketDataProvider> ssl_provider(
+      std::unique_ptr<SSLSocketDataProvider> ssl_provider(
           new SSLSocketDataProvider(ASYNC, OK));
       ssl_provider->cert =
           ImportCertFromFile(GetTestCertsDirectory(), "spdy_pooling.pem");
@@ -324,7 +329,7 @@ class SpdyNetworkTransactionTest
 
     void AddDataWithSSLSocketDataProvider(
         SocketDataProvider* data,
-        scoped_ptr<SSLSocketDataProvider> ssl_provider) {
+        std::unique_ptr<SSLSocketDataProvider> ssl_provider) {
       data_vector_.push_back(data);
       if (ssl_provider->next_proto_status ==
           SSLClientSocket::kNextProtoUnsupported) {
@@ -338,8 +343,8 @@ class SpdyNetworkTransactionTest
       session_deps_->socket_factory->AddSocketDataProvider(data);
       if (test_params_.ssl_type == HTTP_SPDY_VIA_ALT_SVC) {
         MockConnect hanging_connect(SYNCHRONOUS, ERR_IO_PENDING);
-        scoped_ptr<StaticSocketDataProvider> hanging_non_alt_svc_socket(
-            make_scoped_ptr(new StaticSocketDataProvider(NULL, 0, NULL, 0)));
+        std::unique_ptr<StaticSocketDataProvider> hanging_non_alt_svc_socket(
+            base::WrapUnique(new StaticSocketDataProvider(NULL, 0, NULL, 0)));
         hanging_non_alt_svc_socket->set_connect_data(hanging_connect);
         session_deps_->socket_factory->AddSocketDataProvider(
             hanging_non_alt_svc_socket.get());
@@ -347,7 +352,7 @@ class SpdyNetworkTransactionTest
       }
     }
 
-    void SetSession(scoped_ptr<HttpNetworkSession> session) {
+    void SetSession(std::unique_ptr<HttpNetworkSession> session) {
       session_ = std::move(session);
     }
     HttpNetworkTransaction* trans() { return trans_.get(); }
@@ -355,7 +360,7 @@ class SpdyNetworkTransactionTest
     TransactionHelperResult& output() { return output_; }
     const HttpRequestInfo& request() const { return request_; }
     HttpNetworkSession* session() const { return session_.get(); }
-    scoped_ptr<SpdySessionDependencies>& session_deps() {
+    std::unique_ptr<SpdySessionDependencies>& session_deps() {
       return session_deps_;
     }
     int port() const { return port_; }
@@ -365,18 +370,18 @@ class SpdyNetworkTransactionTest
 
    private:
     typedef std::vector<SocketDataProvider*> DataVector;
-    typedef std::vector<scoped_ptr<SSLSocketDataProvider>> SSLVector;
-    typedef std::vector<scoped_ptr<SocketDataProvider>> AlternateVector;
+    typedef std::vector<std::unique_ptr<SSLSocketDataProvider>> SSLVector;
+    typedef std::vector<std::unique_ptr<SocketDataProvider>> AlternateVector;
     HttpRequestInfo request_;
     RequestPriority priority_;
-    scoped_ptr<SpdySessionDependencies> session_deps_;
-    scoped_ptr<HttpNetworkSession> session_;
+    std::unique_ptr<SpdySessionDependencies> session_deps_;
+    std::unique_ptr<HttpNetworkSession> session_;
     TransactionHelperResult output_;
-    scoped_ptr<SocketDataProvider> first_transaction_;
+    std::unique_ptr<SocketDataProvider> first_transaction_;
     SSLVector ssl_vector_;
     TestCompletionCallback callback_;
-    scoped_ptr<HttpNetworkTransaction> trans_;
-    scoped_ptr<HttpNetworkTransaction> trans_http_;
+    std::unique_ptr<HttpNetworkTransaction> trans_;
+    std::unique_ptr<HttpNetworkTransaction> trans_http_;
     DataVector data_vector_;
     AlternateVector alternate_vector_;
     const BoundNetLog log_;
@@ -420,8 +425,8 @@ class SpdyNetworkTransactionTest
 
   const HttpRequestInfo& CreatePostRequest() {
     if (!post_request_initialized_) {
-      std::vector<scoped_ptr<UploadElementReader>> element_readers;
-      element_readers.push_back(make_scoped_ptr(
+      std::vector<std::unique_ptr<UploadElementReader>> element_readers;
+      element_readers.push_back(base::WrapUnique(
           new UploadBytesElementReader(kUploadData, kUploadDataSize)));
       upload_data_stream_.reset(
           new ElementsUploadDataStream(std::move(element_readers), 0));
@@ -441,8 +446,8 @@ class SpdyNetworkTransactionTest
       CHECK_EQ(static_cast<int>(kUploadDataSize),
                base::WriteFile(file_path, kUploadData, kUploadDataSize));
 
-      std::vector<scoped_ptr<UploadElementReader>> element_readers;
-      element_readers.push_back(make_scoped_ptr(new UploadFileElementReader(
+      std::vector<std::unique_ptr<UploadElementReader>> element_readers;
+      element_readers.push_back(base::WrapUnique(new UploadFileElementReader(
           base::ThreadTaskRunnerHandle::Get().get(), file_path, 0,
           kUploadDataSize, base::Time())));
       upload_data_stream_.reset(
@@ -466,8 +471,8 @@ class SpdyNetworkTransactionTest
              base::WriteFile(file_path, kUploadData, kUploadDataSize));
     CHECK(base::MakeFileUnreadable(file_path));
 
-    std::vector<scoped_ptr<UploadElementReader>> element_readers;
-    element_readers.push_back(make_scoped_ptr(new UploadFileElementReader(
+    std::vector<std::unique_ptr<UploadElementReader>> element_readers;
+    element_readers.push_back(base::WrapUnique(new UploadFileElementReader(
         base::ThreadTaskRunnerHandle::Get().get(), file_path, 0,
         kUploadDataSize, base::Time())));
     upload_data_stream_.reset(
@@ -491,13 +496,13 @@ class SpdyNetworkTransactionTest
       CHECK_EQ(static_cast<int>(kUploadDataSize),
                base::WriteFile(file_path, kUploadData, kUploadDataSize));
 
-      std::vector<scoped_ptr<UploadElementReader>> element_readers;
-      element_readers.push_back(make_scoped_ptr(
+      std::vector<std::unique_ptr<UploadElementReader>> element_readers;
+      element_readers.push_back(base::WrapUnique(
           new UploadBytesElementReader(kUploadData, kFileRangeOffset)));
-      element_readers.push_back(make_scoped_ptr(new UploadFileElementReader(
+      element_readers.push_back(base::WrapUnique(new UploadFileElementReader(
           base::ThreadTaskRunnerHandle::Get().get(), file_path,
           kFileRangeOffset, kFileRangeLength, base::Time())));
-      element_readers.push_back(make_scoped_ptr(new UploadBytesElementReader(
+      element_readers.push_back(base::WrapUnique(new UploadBytesElementReader(
           kUploadData + kFileRangeOffset + kFileRangeLength,
           kUploadDataSize - (kFileRangeOffset + kFileRangeLength))));
       upload_data_stream_.reset(
@@ -583,7 +588,7 @@ class SpdyNetworkTransactionTest
     rv = callback.WaitForResult();
 
     // Request the pushed path.
-    scoped_ptr<HttpNetworkTransaction> trans2(
+    std::unique_ptr<HttpNetworkTransaction> trans2(
         new HttpNetworkTransaction(DEFAULT_PRIORITY, helper.session()));
     rv = trans2->Start(
         &CreateGetPushRequest(), callback.callback(), BoundNetLog());
@@ -604,6 +609,16 @@ class SpdyNetworkTransactionTest
     EXPECT_TRUE(data->AllReadDataConsumed());
     EXPECT_TRUE(data->AllWriteDataConsumed());
 
+    LoadTimingInfo load_timing_info;
+    EXPECT_TRUE(trans->GetLoadTimingInfo(&load_timing_info));
+    EXPECT_TRUE(load_timing_info.push_start.is_null());
+    EXPECT_TRUE(load_timing_info.push_end.is_null());
+
+    LoadTimingInfo load_timing_info2;
+    EXPECT_TRUE(trans2->GetLoadTimingInfo(&load_timing_info2));
+    EXPECT_FALSE(load_timing_info2.push_start.is_null());
+    EXPECT_FALSE(load_timing_info2.push_end.is_null());
+
     // Verify that the received push data is same as the expected push data.
     EXPECT_EQ(result2.compare(expected), 0) << "Received data: "
                                             << result2
@@ -626,7 +641,7 @@ class SpdyNetworkTransactionTest
   static void StartTransactionCallback(HttpNetworkSession* session,
                                        GURL url,
                                        int result) {
-    scoped_ptr<HttpNetworkTransaction> trans(
+    std::unique_ptr<HttpNetworkTransaction> trans(
         new HttpNetworkTransaction(DEFAULT_PRIORITY, session));
     TestCompletionCallback callback;
     HttpRequestInfo request;
@@ -661,8 +676,8 @@ class SpdyNetworkTransactionTest
   SpdyTestUtil spdy_util_;
 
  private:
-  scoped_ptr<ChunkedUploadDataStream> upload_chunked_data_stream_;
-  scoped_ptr<UploadDataStream> upload_data_stream_;
+  std::unique_ptr<ChunkedUploadDataStream> upload_chunked_data_stream_;
+  std::unique_ptr<UploadDataStream> upload_data_stream_;
   bool get_request_initialized_;
   bool post_request_initialized_;
   bool chunked_post_request_initialized_;
@@ -702,23 +717,23 @@ INSTANTIATE_TEST_CASE_P(
 
 // Verify HttpNetworkTransaction constructor.
 TEST_P(SpdyNetworkTransactionTest, Constructor) {
-  scoped_ptr<SpdySessionDependencies> session_deps(
+  std::unique_ptr<SpdySessionDependencies> session_deps(
       CreateSpdySessionDependencies(GetParam()));
-  scoped_ptr<HttpNetworkSession> session(
+  std::unique_ptr<HttpNetworkSession> session(
       SpdySessionDependencies::SpdyCreateSession(session_deps.get()));
-  scoped_ptr<HttpTransaction> trans(
+  std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
 }
 
 TEST_P(SpdyNetworkTransactionTest, Get) {
   // Construct the request.
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
   MockWrite writes[] = {CreateMockWrite(*req, 0)};
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockRead reads[] = {
       CreateMockRead(*resp, 1),
@@ -744,7 +759,7 @@ TEST_P(SpdyNetworkTransactionTest, GetAtEachPriority) {
     spdy_test_util.set_default_url(GURL(GetDefaultUrl()));
 
     // Construct the request.
-    scoped_ptr<SpdySerializedFrame> req(
+    std::unique_ptr<SpdySerializedFrame> req(
         spdy_test_util.ConstructSpdyGet(nullptr, 0, 1, p, true));
     MockWrite writes[] = {CreateMockWrite(*req, 0)};
 
@@ -774,9 +789,9 @@ TEST_P(SpdyNetworkTransactionTest, GetAtEachPriority) {
         FAIL();
     }
 
-    scoped_ptr<SpdySerializedFrame> resp(
+    std::unique_ptr<SpdySerializedFrame> resp(
         spdy_test_util.ConstructSpdyGetSynReply(nullptr, 0, 1));
-    scoped_ptr<SpdySerializedFrame> body(
+    std::unique_ptr<SpdySerializedFrame> body(
         spdy_test_util.ConstructSpdyBodyFrame(1, true));
     MockRead reads[] = {
         CreateMockRead(*resp, 1),
@@ -809,31 +824,31 @@ TEST_P(SpdyNetworkTransactionTest, GetAtEachPriority) {
 // can allow multiple streams in flight.
 
 TEST_P(SpdyNetworkTransactionTest, ThreeGets) {
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       spdy_util_.ConstructSpdyBodyFrame(1, false));
-  scoped_ptr<SpdySerializedFrame> fbody(
+  std::unique_ptr<SpdySerializedFrame> fbody(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
 
-  scoped_ptr<SpdySerializedFrame> req2(
+  std::unique_ptr<SpdySerializedFrame> req2(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 3, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> resp2(
+  std::unique_ptr<SpdySerializedFrame> resp2(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 3));
-  scoped_ptr<SpdySerializedFrame> body2(
+  std::unique_ptr<SpdySerializedFrame> body2(
       spdy_util_.ConstructSpdyBodyFrame(3, false));
-  scoped_ptr<SpdySerializedFrame> fbody2(
+  std::unique_ptr<SpdySerializedFrame> fbody2(
       spdy_util_.ConstructSpdyBodyFrame(3, true));
 
-  scoped_ptr<SpdySerializedFrame> req3(
+  std::unique_ptr<SpdySerializedFrame> req3(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 5, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> resp3(
+  std::unique_ptr<SpdySerializedFrame> resp3(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 5));
-  scoped_ptr<SpdySerializedFrame> body3(
+  std::unique_ptr<SpdySerializedFrame> body3(
       spdy_util_.ConstructSpdyBodyFrame(5, false));
-  scoped_ptr<SpdySerializedFrame> fbody3(
+  std::unique_ptr<SpdySerializedFrame> fbody3(
       spdy_util_.ConstructSpdyBodyFrame(5, true));
 
   MockWrite writes[] = {
@@ -870,11 +885,11 @@ TEST_P(SpdyNetworkTransactionTest, ThreeGets) {
   // on will negotiate SPDY and will be used for all requests.
   helper.AddData(&data_placeholder1);
   helper.AddData(&data_placeholder2);
-  scoped_ptr<HttpNetworkTransaction> trans1(
+  std::unique_ptr<HttpNetworkTransaction> trans1(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, helper.session()));
-  scoped_ptr<HttpNetworkTransaction> trans2(
+  std::unique_ptr<HttpNetworkTransaction> trans2(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, helper.session()));
-  scoped_ptr<HttpNetworkTransaction> trans3(
+  std::unique_ptr<HttpNetworkTransaction> trans3(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, helper.session()));
 
   TestCompletionCallback callback1;
@@ -915,22 +930,22 @@ TEST_P(SpdyNetworkTransactionTest, ThreeGets) {
 }
 
 TEST_P(SpdyNetworkTransactionTest, TwoGetsLateBinding) {
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       spdy_util_.ConstructSpdyBodyFrame(1, false));
-  scoped_ptr<SpdySerializedFrame> fbody(
+  std::unique_ptr<SpdySerializedFrame> fbody(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
 
-  scoped_ptr<SpdySerializedFrame> req2(
+  std::unique_ptr<SpdySerializedFrame> req2(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 3, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> resp2(
+  std::unique_ptr<SpdySerializedFrame> resp2(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 3));
-  scoped_ptr<SpdySerializedFrame> body2(
+  std::unique_ptr<SpdySerializedFrame> body2(
       spdy_util_.ConstructSpdyBodyFrame(3, false));
-  scoped_ptr<SpdySerializedFrame> fbody2(
+  std::unique_ptr<SpdySerializedFrame> fbody2(
       spdy_util_.ConstructSpdyBodyFrame(3, true));
 
   MockWrite writes[] = {
@@ -961,9 +976,9 @@ TEST_P(SpdyNetworkTransactionTest, TwoGetsLateBinding) {
   // the same time which results in two sockets being connected. The first
   // on will negotiate SPDY and will be used for all requests.
   helper.AddData(&data_placeholder);
-  scoped_ptr<HttpNetworkTransaction> trans1(
+  std::unique_ptr<HttpNetworkTransaction> trans1(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, helper.session()));
-  scoped_ptr<HttpNetworkTransaction> trans2(
+  std::unique_ptr<HttpNetworkTransaction> trans2(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, helper.session()));
 
   TestCompletionCallback callback1;
@@ -1006,22 +1021,22 @@ TEST_P(SpdyNetworkTransactionTest, TwoGetsLateBinding) {
 }
 
 TEST_P(SpdyNetworkTransactionTest, TwoGetsLateBindingFromPreconnect) {
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       spdy_util_.ConstructSpdyBodyFrame(1, false));
-  scoped_ptr<SpdySerializedFrame> fbody(
+  std::unique_ptr<SpdySerializedFrame> fbody(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
 
-  scoped_ptr<SpdySerializedFrame> req2(
+  std::unique_ptr<SpdySerializedFrame> req2(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 3, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> resp2(
+  std::unique_ptr<SpdySerializedFrame> resp2(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 3));
-  scoped_ptr<SpdySerializedFrame> body2(
+  std::unique_ptr<SpdySerializedFrame> body2(
       spdy_util_.ConstructSpdyBodyFrame(3, false));
-  scoped_ptr<SpdySerializedFrame> fbody2(
+  std::unique_ptr<SpdySerializedFrame> fbody2(
       spdy_util_.ConstructSpdyBodyFrame(3, true));
 
   MockWrite writes[] = {
@@ -1055,9 +1070,9 @@ TEST_P(SpdyNetworkTransactionTest, TwoGetsLateBindingFromPreconnect) {
   helper.AddData(&data_placeholder);
   helper.AddData(&data_placeholder);
 
-  scoped_ptr<HttpNetworkTransaction> trans1(
+  std::unique_ptr<HttpNetworkTransaction> trans1(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, helper.session()));
-  scoped_ptr<HttpNetworkTransaction> trans2(
+  std::unique_ptr<HttpNetworkTransaction> trans2(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, helper.session()));
 
   TestCompletionCallback callback1;
@@ -1066,15 +1081,10 @@ TEST_P(SpdyNetworkTransactionTest, TwoGetsLateBindingFromPreconnect) {
   HttpRequestInfo httpreq = CreateGetRequest();
 
   // Preconnect the first.
-  SSLConfig preconnect_ssl_config;
-  helper.session()->ssl_config_service()->GetSSLConfig(&preconnect_ssl_config);
   HttpStreamFactory* http_stream_factory =
       helper.session()->http_stream_factory();
-  helper.session()->GetAlpnProtos(&preconnect_ssl_config.alpn_protos);
-  helper.session()->GetNpnProtos(&preconnect_ssl_config.npn_protos);
 
-  http_stream_factory->PreconnectStreams(1, httpreq, preconnect_ssl_config,
-                                         preconnect_ssl_config);
+  http_stream_factory->PreconnectStreams(1, httpreq);
 
   out.rv = trans1->Start(&httpreq, callback1.callback(), log);
   ASSERT_EQ(ERR_IO_PENDING, out.rv);
@@ -1117,42 +1127,42 @@ TEST_P(SpdyNetworkTransactionTest, TwoGetsLateBindingFromPreconnect) {
 TEST_P(SpdyNetworkTransactionTest, ThreeGetsWithMaxConcurrent) {
   // Construct the request.
   // Each request fully completes before the next starts.
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       spdy_util_.ConstructSpdyBodyFrame(1, false));
-  scoped_ptr<SpdySerializedFrame> fbody(
+  std::unique_ptr<SpdySerializedFrame> fbody(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   spdy_util_.UpdateWithStreamDestruction(1);
 
-  scoped_ptr<SpdySerializedFrame> req2(
+  std::unique_ptr<SpdySerializedFrame> req2(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 3, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> resp2(
+  std::unique_ptr<SpdySerializedFrame> resp2(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 3));
-  scoped_ptr<SpdySerializedFrame> body2(
+  std::unique_ptr<SpdySerializedFrame> body2(
       spdy_util_.ConstructSpdyBodyFrame(3, false));
-  scoped_ptr<SpdySerializedFrame> fbody2(
+  std::unique_ptr<SpdySerializedFrame> fbody2(
       spdy_util_.ConstructSpdyBodyFrame(3, true));
   spdy_util_.UpdateWithStreamDestruction(3);
 
-  scoped_ptr<SpdySerializedFrame> req3(
+  std::unique_ptr<SpdySerializedFrame> req3(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 5, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> resp3(
+  std::unique_ptr<SpdySerializedFrame> resp3(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 5));
-  scoped_ptr<SpdySerializedFrame> body3(
+  std::unique_ptr<SpdySerializedFrame> body3(
       spdy_util_.ConstructSpdyBodyFrame(5, false));
-  scoped_ptr<SpdySerializedFrame> fbody3(
+  std::unique_ptr<SpdySerializedFrame> fbody3(
       spdy_util_.ConstructSpdyBodyFrame(5, true));
 
   SettingsMap settings;
   const uint32_t max_concurrent_streams = 1;
   settings[SETTINGS_MAX_CONCURRENT_STREAMS] =
       SettingsFlagsAndValue(SETTINGS_FLAG_NONE, max_concurrent_streams);
-  scoped_ptr<SpdySerializedFrame> settings_frame(
+  std::unique_ptr<SpdySerializedFrame> settings_frame(
       spdy_util_.ConstructSpdySettings(settings));
-  scoped_ptr<SpdySerializedFrame> settings_ack(
+  std::unique_ptr<SpdySerializedFrame> settings_ack(
       spdy_util_.ConstructSpdySettingsAck());
 
   MockWrite writes[] = {
@@ -1186,11 +1196,11 @@ TEST_P(SpdyNetworkTransactionTest, ThreeGetsWithMaxConcurrent) {
                                        BoundNetLog(), GetParam(), NULL);
     helper.RunPreTestSetup();
     helper.AddData(&data);
-    scoped_ptr<HttpNetworkTransaction> trans1(
+    std::unique_ptr<HttpNetworkTransaction> trans1(
         new HttpNetworkTransaction(DEFAULT_PRIORITY, helper.session()));
-    scoped_ptr<HttpNetworkTransaction> trans2(
+    std::unique_ptr<HttpNetworkTransaction> trans2(
         new HttpNetworkTransaction(DEFAULT_PRIORITY, helper.session()));
-    scoped_ptr<HttpNetworkTransaction> trans3(
+    std::unique_ptr<HttpNetworkTransaction> trans3(
         new HttpNetworkTransaction(DEFAULT_PRIORITY, helper.session()));
 
     TestCompletionCallback callback1;
@@ -1257,50 +1267,50 @@ TEST_P(SpdyNetworkTransactionTest, ThreeGetsWithMaxConcurrent) {
 // the response from the server.
 TEST_P(SpdyNetworkTransactionTest, FourGetsWithMaxConcurrentPriority) {
   // Construct the request.
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       spdy_util_.ConstructSpdyBodyFrame(1, false));
-  scoped_ptr<SpdySerializedFrame> fbody(
+  std::unique_ptr<SpdySerializedFrame> fbody(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   spdy_util_.UpdateWithStreamDestruction(1);
 
-  scoped_ptr<SpdySerializedFrame> req2(
+  std::unique_ptr<SpdySerializedFrame> req2(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 3, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> resp2(
+  std::unique_ptr<SpdySerializedFrame> resp2(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 3));
-  scoped_ptr<SpdySerializedFrame> body2(
+  std::unique_ptr<SpdySerializedFrame> body2(
       spdy_util_.ConstructSpdyBodyFrame(3, false));
-  scoped_ptr<SpdySerializedFrame> fbody2(
+  std::unique_ptr<SpdySerializedFrame> fbody2(
       spdy_util_.ConstructSpdyBodyFrame(3, true));
   spdy_util_.UpdateWithStreamDestruction(3);
 
-  scoped_ptr<SpdySerializedFrame> req4(
+  std::unique_ptr<SpdySerializedFrame> req4(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 5, HIGHEST, true));
-  scoped_ptr<SpdySerializedFrame> resp4(
+  std::unique_ptr<SpdySerializedFrame> resp4(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 5));
-  scoped_ptr<SpdySerializedFrame> fbody4(
+  std::unique_ptr<SpdySerializedFrame> fbody4(
       spdy_util_.ConstructSpdyBodyFrame(5, true));
   spdy_util_.UpdateWithStreamDestruction(5);
 
-  scoped_ptr<SpdySerializedFrame> req3(
+  std::unique_ptr<SpdySerializedFrame> req3(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 7, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> resp3(
+  std::unique_ptr<SpdySerializedFrame> resp3(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 7));
-  scoped_ptr<SpdySerializedFrame> body3(
+  std::unique_ptr<SpdySerializedFrame> body3(
       spdy_util_.ConstructSpdyBodyFrame(7, false));
-  scoped_ptr<SpdySerializedFrame> fbody3(
+  std::unique_ptr<SpdySerializedFrame> fbody3(
       spdy_util_.ConstructSpdyBodyFrame(7, true));
 
   SettingsMap settings;
   const uint32_t max_concurrent_streams = 1;
   settings[SETTINGS_MAX_CONCURRENT_STREAMS] =
       SettingsFlagsAndValue(SETTINGS_FLAG_NONE, max_concurrent_streams);
-  scoped_ptr<SpdySerializedFrame> settings_frame(
+  std::unique_ptr<SpdySerializedFrame> settings_frame(
       spdy_util_.ConstructSpdySettings(settings));
-  scoped_ptr<SpdySerializedFrame> settings_ack(
+  std::unique_ptr<SpdySerializedFrame> settings_ack(
       spdy_util_.ConstructSpdySettingsAck());
   MockWrite writes[] = {
       CreateMockWrite(*req, 0),
@@ -1336,13 +1346,13 @@ TEST_P(SpdyNetworkTransactionTest, FourGetsWithMaxConcurrentPriority) {
   helper.RunPreTestSetup();
   helper.AddData(&data);
 
-  scoped_ptr<HttpNetworkTransaction> trans1(
+  std::unique_ptr<HttpNetworkTransaction> trans1(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, helper.session()));
-  scoped_ptr<HttpNetworkTransaction> trans2(
+  std::unique_ptr<HttpNetworkTransaction> trans2(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, helper.session()));
-  scoped_ptr<HttpNetworkTransaction> trans3(
+  std::unique_ptr<HttpNetworkTransaction> trans3(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, helper.session()));
-  scoped_ptr<HttpNetworkTransaction> trans4(
+  std::unique_ptr<HttpNetworkTransaction> trans4(
       new HttpNetworkTransaction(HIGHEST, helper.session()));
 
   TestCompletionCallback callback1;
@@ -1421,32 +1431,32 @@ TEST_P(SpdyNetworkTransactionTest, FourGetsWithMaxConcurrentPriority) {
 // the spdy_session
 TEST_P(SpdyNetworkTransactionTest, ThreeGetsWithMaxConcurrentDelete) {
   // Construct the request.
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       spdy_util_.ConstructSpdyBodyFrame(1, false));
-  scoped_ptr<SpdySerializedFrame> fbody(
+  std::unique_ptr<SpdySerializedFrame> fbody(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   spdy_util_.UpdateWithStreamDestruction(1);
 
-  scoped_ptr<SpdySerializedFrame> req2(
+  std::unique_ptr<SpdySerializedFrame> req2(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 3, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> resp2(
+  std::unique_ptr<SpdySerializedFrame> resp2(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 3));
-  scoped_ptr<SpdySerializedFrame> body2(
+  std::unique_ptr<SpdySerializedFrame> body2(
       spdy_util_.ConstructSpdyBodyFrame(3, false));
-  scoped_ptr<SpdySerializedFrame> fbody2(
+  std::unique_ptr<SpdySerializedFrame> fbody2(
       spdy_util_.ConstructSpdyBodyFrame(3, true));
 
   SettingsMap settings;
   const uint32_t max_concurrent_streams = 1;
   settings[SETTINGS_MAX_CONCURRENT_STREAMS] =
       SettingsFlagsAndValue(SETTINGS_FLAG_NONE, max_concurrent_streams);
-  scoped_ptr<SpdySerializedFrame> settings_frame(
+  std::unique_ptr<SpdySerializedFrame> settings_frame(
       spdy_util_.ConstructSpdySettings(settings));
-  scoped_ptr<SpdySerializedFrame> settings_ack(
+  std::unique_ptr<SpdySerializedFrame> settings_ack(
       spdy_util_.ConstructSpdySettingsAck());
 
   MockWrite writes[] = {
@@ -1473,11 +1483,11 @@ TEST_P(SpdyNetworkTransactionTest, ThreeGetsWithMaxConcurrentDelete) {
                                      BoundNetLog(), GetParam(), NULL);
   helper.RunPreTestSetup();
   helper.AddData(&data);
-  scoped_ptr<HttpNetworkTransaction> trans1(
+  std::unique_ptr<HttpNetworkTransaction> trans1(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, helper.session()));
-  scoped_ptr<HttpNetworkTransaction> trans2(
+  std::unique_ptr<HttpNetworkTransaction> trans2(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, helper.session()));
-  scoped_ptr<HttpNetworkTransaction> trans3(
+  std::unique_ptr<HttpNetworkTransaction> trans3(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, helper.session()));
 
   TestCompletionCallback callback1;
@@ -1560,28 +1570,28 @@ class KillerCallback : public TestCompletionCallbackBase {
 // a pending stream creation.  http://crbug.com/52901
 TEST_P(SpdyNetworkTransactionTest, ThreeGetsWithMaxConcurrentSocketClose) {
   // Construct the request.
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       spdy_util_.ConstructSpdyBodyFrame(1, false));
-  scoped_ptr<SpdySerializedFrame> fin_body(
+  std::unique_ptr<SpdySerializedFrame> fin_body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   spdy_util_.UpdateWithStreamDestruction(1);
 
-  scoped_ptr<SpdySerializedFrame> req2(
+  std::unique_ptr<SpdySerializedFrame> req2(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 3, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> resp2(
+  std::unique_ptr<SpdySerializedFrame> resp2(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 3));
 
   SettingsMap settings;
   const uint32_t max_concurrent_streams = 1;
   settings[SETTINGS_MAX_CONCURRENT_STREAMS] =
       SettingsFlagsAndValue(SETTINGS_FLAG_NONE, max_concurrent_streams);
-  scoped_ptr<SpdySerializedFrame> settings_frame(
+  std::unique_ptr<SpdySerializedFrame> settings_frame(
       spdy_util_.ConstructSpdySettings(settings));
-  scoped_ptr<SpdySerializedFrame> settings_ack(
+  std::unique_ptr<SpdySerializedFrame> settings_ack(
       spdy_util_.ConstructSpdySettingsAck());
 
   MockWrite writes[] = {
@@ -1663,17 +1673,17 @@ TEST_P(SpdyNetworkTransactionTest, Put) {
   request.method = "PUT";
   request.url = GURL(GetDefaultUrl());
 
-  scoped_ptr<SpdyHeaderBlock> put_headers(
+  std::unique_ptr<SpdyHeaderBlock> put_headers(
       spdy_util_.ConstructPutHeaderBlock(GetDefaultUrl(), 0));
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdySyn(1, *put_headers, LOWEST, true));
   MockWrite writes[] = {
       CreateMockWrite(*req, 0),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockRead reads[] = {
       CreateMockRead(*resp, 1),
@@ -1698,17 +1708,17 @@ TEST_P(SpdyNetworkTransactionTest, Head) {
   request.method = "HEAD";
   request.url = GURL(GetDefaultUrl());
 
-  scoped_ptr<SpdyHeaderBlock> head_headers(
+  std::unique_ptr<SpdyHeaderBlock> head_headers(
       spdy_util_.ConstructHeadHeaderBlock(GetDefaultUrl(), 0));
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdySyn(1, *head_headers, LOWEST, true));
   MockWrite writes[] = {
       CreateMockWrite(*req, 0),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockRead reads[] = {
       CreateMockRead(*resp, 1),
@@ -1728,15 +1738,15 @@ TEST_P(SpdyNetworkTransactionTest, Head) {
 
 // Test that a simple POST works.
 TEST_P(SpdyNetworkTransactionTest, Post) {
-  scoped_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
+  std::unique_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
       GetDefaultUrl(), 1, kUploadDataSize, LOWEST, NULL, 0));
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockWrite writes[] = {
       CreateMockWrite(*req, 0), CreateMockWrite(*body, 1),  // POST upload frame
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyPostSynReply(NULL, 0));
   MockRead reads[] = {
       CreateMockRead(*resp, 2),
@@ -1756,15 +1766,15 @@ TEST_P(SpdyNetworkTransactionTest, Post) {
 
 // Test that a POST with a file works.
 TEST_P(SpdyNetworkTransactionTest, FilePost) {
-  scoped_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
+  std::unique_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
       GetDefaultUrl(), 1, kUploadDataSize, LOWEST, NULL, 0));
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockWrite writes[] = {
       CreateMockWrite(*req, 0), CreateMockWrite(*body, 1),  // POST upload frame
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyPostSynReply(NULL, 0));
   MockRead reads[] = {
       CreateMockRead(*resp, 2),
@@ -1806,15 +1816,15 @@ TEST_P(SpdyNetworkTransactionTest, UnreadableFilePost) {
 
 // Test that a complex POST works.
 TEST_P(SpdyNetworkTransactionTest, ComplexPost) {
-  scoped_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
+  std::unique_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
       GetDefaultUrl(), 1, kUploadDataSize, LOWEST, NULL, 0));
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockWrite writes[] = {
       CreateMockWrite(*req, 0), CreateMockWrite(*body, 1),  // POST upload frame
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyPostSynReply(NULL, 0));
   MockRead reads[] = {
       CreateMockRead(*resp, 2),
@@ -1835,15 +1845,15 @@ TEST_P(SpdyNetworkTransactionTest, ComplexPost) {
 
 // Test that a chunked POST works.
 TEST_P(SpdyNetworkTransactionTest, ChunkedPost) {
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructChunkedSpdyPost(NULL, 0));
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockWrite writes[] = {
       CreateMockWrite(*req, 0), CreateMockWrite(*body, 1),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyPostSynReply(NULL, 0));
   MockRead reads[] = {
       CreateMockRead(*resp, 2),
@@ -1871,13 +1881,13 @@ TEST_P(SpdyNetworkTransactionTest, ChunkedPost) {
 
 // Test that a chunked POST works with chunks appended after transaction starts.
 TEST_P(SpdyNetworkTransactionTest, DelayedChunkedPost) {
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructChunkedSpdyPost(NULL, 0));
-  scoped_ptr<SpdySerializedFrame> chunk1(
+  std::unique_ptr<SpdySerializedFrame> chunk1(
       spdy_util_.ConstructSpdyBodyFrame(1, false));
-  scoped_ptr<SpdySerializedFrame> chunk2(
+  std::unique_ptr<SpdySerializedFrame> chunk2(
       spdy_util_.ConstructSpdyBodyFrame(1, false));
-  scoped_ptr<SpdySerializedFrame> chunk3(
+  std::unique_ptr<SpdySerializedFrame> chunk3(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockWrite writes[] = {
       CreateMockWrite(*req, 0),
@@ -1886,7 +1896,7 @@ TEST_P(SpdyNetworkTransactionTest, DelayedChunkedPost) {
       CreateMockWrite(*chunk3, 3),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyPostSynReply(NULL, 0));
   MockRead reads[] = {
       CreateMockRead(*resp, 4),
@@ -1938,18 +1948,18 @@ TEST_P(SpdyNetworkTransactionTest, NullPost) {
 
   // When request.upload_data_stream is NULL for post, content-length is
   // expected to be 0.
-  scoped_ptr<SpdyHeaderBlock> req_block(
+  std::unique_ptr<SpdyHeaderBlock> req_block(
       spdy_util_.ConstructPostHeaderBlock(GetDefaultUrl(), 0));
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdySyn(1, *req_block, LOWEST, true));
 
   MockWrite writes[] = {
       CreateMockWrite(*req, 0),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyPostSynReply(NULL, 0));
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockRead reads[] = {
       CreateMockRead(*resp, 1),
@@ -1972,7 +1982,7 @@ TEST_P(SpdyNetworkTransactionTest, NullPost) {
 TEST_P(SpdyNetworkTransactionTest, EmptyPost) {
   BufferedSpdyFramer framer(spdy_util_.spdy_version());
   // Create an empty UploadDataStream.
-  std::vector<scoped_ptr<UploadElementReader>> element_readers;
+  std::vector<std::unique_ptr<UploadElementReader>> element_readers;
   ElementsUploadDataStream stream(std::move(element_readers), 0);
 
   // Setup the request
@@ -1983,18 +1993,18 @@ TEST_P(SpdyNetworkTransactionTest, EmptyPost) {
 
   const uint64_t kContentLength = 0;
 
-  scoped_ptr<SpdyHeaderBlock> req_block(
+  std::unique_ptr<SpdyHeaderBlock> req_block(
       spdy_util_.ConstructPostHeaderBlock(GetDefaultUrl(), kContentLength));
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdySyn(1, *req_block, LOWEST, true));
 
   MockWrite writes[] = {
       CreateMockWrite(*req, 0),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyPostSynReply(NULL, 0));
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockRead reads[] = {
       CreateMockRead(*resp, 1),
@@ -2015,15 +2025,15 @@ TEST_P(SpdyNetworkTransactionTest, EmptyPost) {
 
 // While we're doing a post, the server sends the reply before upload completes.
 TEST_P(SpdyNetworkTransactionTest, ResponseBeforePostCompletes) {
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructChunkedSpdyPost(NULL, 0));
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockWrite writes[] = {
     CreateMockWrite(*req, 0),
     CreateMockWrite(*body, 3),
   };
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyPostSynReply(NULL, 0));
   MockRead reads[] = {
     CreateMockRead(*resp, 1),
@@ -2063,9 +2073,9 @@ TEST_P(SpdyNetworkTransactionTest, ResponseBeforePostCompletes) {
 // socket causes the TCP write to return zero. This test checks that the client
 // tries to queue up the RST_STREAM frame again.
 TEST_P(SpdyNetworkTransactionTest, SocketWriteReturnsZero) {
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(1, RST_STREAM_CANCEL));
   MockWrite writes[] = {
     CreateMockWrite(*req.get(), 0, SYNCHRONOUS),
@@ -2073,7 +2083,7 @@ TEST_P(SpdyNetworkTransactionTest, SocketWriteReturnsZero) {
     CreateMockWrite(*rst.get(), 3, SYNCHRONOUS),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
   MockRead reads[] = {
     CreateMockRead(*resp.get(), 1, ASYNC),
@@ -2100,15 +2110,15 @@ TEST_P(SpdyNetworkTransactionTest, SocketWriteReturnsZero) {
 
 // Test that the transaction doesn't crash when we don't have a reply.
 TEST_P(SpdyNetworkTransactionTest, ResponseWithoutSynReply) {
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockRead reads[] = {
       CreateMockRead(*body, 1), MockRead(ASYNC, 0, 3)  // EOF
   };
 
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(1, RST_STREAM_PROTOCOL_ERROR));
   MockWrite writes[] = {
       CreateMockWrite(*req, 0), CreateMockWrite(*rst, 2),
@@ -2124,19 +2134,19 @@ TEST_P(SpdyNetworkTransactionTest, ResponseWithoutSynReply) {
 // Test that the transaction doesn't crash when we get two replies on the same
 // stream ID. See http://crbug.com/45639.
 TEST_P(SpdyNetworkTransactionTest, ResponseWithTwoSynReplies) {
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(1, RST_STREAM_PROTOCOL_ERROR));
   MockWrite writes[] = {
       CreateMockWrite(*req, 0), CreateMockWrite(*rst, 4),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp0(
+  std::unique_ptr<SpdySerializedFrame> resp0(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 1));
-  scoped_ptr<SpdySerializedFrame> resp1(
+  std::unique_ptr<SpdySerializedFrame> resp1(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 1));
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockRead reads[] = {
       CreateMockRead(*resp0, 1), CreateMockRead(*resp1, 2),
@@ -2171,9 +2181,9 @@ TEST_P(SpdyNetworkTransactionTest, ResponseWithTwoSynReplies) {
 
 TEST_P(SpdyNetworkTransactionTest, ResetReplyWithTransferEncoding) {
   // Construct the request.
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(1, RST_STREAM_PROTOCOL_ERROR));
   MockWrite writes[] = {
       CreateMockWrite(*req, 0), CreateMockWrite(*rst, 2),
@@ -2182,9 +2192,9 @@ TEST_P(SpdyNetworkTransactionTest, ResetReplyWithTransferEncoding) {
   const char* const headers[] = {
     "transfer-encoding", "chunked"
   };
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(headers, 1, 1));
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockRead reads[] = {
       CreateMockRead(*resp, 1),
@@ -2205,23 +2215,23 @@ TEST_P(SpdyNetworkTransactionTest, ResetReplyWithTransferEncoding) {
 
 TEST_P(SpdyNetworkTransactionTest, ResetPushWithTransferEncoding) {
   // Construct the request.
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(2, RST_STREAM_PROTOCOL_ERROR));
   MockWrite writes[] = {
       CreateMockWrite(*req, 0), CreateMockWrite(*rst, 4),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
   const char* const headers[] = {
     "transfer-encoding", "chunked"
   };
-  scoped_ptr<SpdySerializedFrame> push(
+  std::unique_ptr<SpdySerializedFrame> push(
       spdy_util_.ConstructSpdyPush(headers, arraysize(headers) / 2, 2, 1,
                                    GetDefaultUrlWithPath("/1").c_str()));
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockRead reads[] = {
       CreateMockRead(*resp, 1),
@@ -2245,13 +2255,13 @@ TEST_P(SpdyNetworkTransactionTest, ResetPushWithTransferEncoding) {
 
 TEST_P(SpdyNetworkTransactionTest, CancelledTransaction) {
   // Construct the request.
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
   MockWrite writes[] = {
     CreateMockWrite(*req),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
   MockRead reads[] = {
     CreateMockRead(*resp),
@@ -2285,16 +2295,16 @@ TEST_P(SpdyNetworkTransactionTest, CancelledTransaction) {
 
 // Verify that the client sends a Rst Frame upon cancelling the stream.
 TEST_P(SpdyNetworkTransactionTest, CancelledTransactionSendRst) {
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(1, RST_STREAM_CANCEL));
   MockWrite writes[] = {
     CreateMockWrite(*req, 0, SYNCHRONOUS),
     CreateMockWrite(*rst, 2, SYNCHRONOUS),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
   MockRead reads[] = {
     CreateMockRead(*resp, 1, ASYNC),
@@ -2326,7 +2336,7 @@ TEST_P(SpdyNetworkTransactionTest, CancelledTransactionSendRst) {
 // to start another transaction on a session that is closing down. See
 // http://crbug.com/47455
 TEST_P(SpdyNetworkTransactionTest, StartTransactionOnReadCallback) {
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
   MockWrite writes[] = {CreateMockWrite(*req)};
   MockWrite writes2[] = {CreateMockWrite(*req, 0)};
@@ -2339,7 +2349,7 @@ TEST_P(SpdyNetworkTransactionTest, StartTransactionOnReadCallback) {
       0x07, 'h',  'e',  'l',  'l',  'o',  '!',
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
   MockRead reads[] = {
       CreateMockRead(*resp, 1),
@@ -2391,13 +2401,13 @@ TEST_P(SpdyNetworkTransactionTest, StartTransactionOnReadCallback) {
 // transaction. Failures will usually be valgrind errors. See
 // http://crbug.com/46925
 TEST_P(SpdyNetworkTransactionTest, DeleteSessionOnReadCallback) {
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
   MockWrite writes[] = {CreateMockWrite(*req, 0)};
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockRead reads[] = {
       CreateMockRead(*resp.get(), 1),
@@ -2439,21 +2449,21 @@ TEST_P(SpdyNetworkTransactionTest, DeleteSessionOnReadCallback) {
 
 // Send a spdy request to www.example.org that gets redirected to www.foo.com.
 TEST_P(SpdyNetworkTransactionTest, DISABLED_RedirectGetRequest) {
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructGetHeaderBlock(GetDefaultUrl()));
   (*headers)["user-agent"] = "";
   (*headers)["accept-encoding"] = "gzip, deflate";
-  scoped_ptr<SpdyHeaderBlock> headers2(
+  std::unique_ptr<SpdyHeaderBlock> headers2(
       spdy_util_.ConstructGetHeaderBlock("http://www.foo.com/index.php"));
   (*headers2)["user-agent"] = "";
   (*headers2)["accept-encoding"] = "gzip, deflate";
 
   // Setup writes/reads to www.example.org
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdySyn(1, *headers, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> req2(
+  std::unique_ptr<SpdySerializedFrame> req2(
       spdy_util_.ConstructSpdySyn(1, *headers2, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReplyRedirect(1));
   MockWrite writes[] = {
     CreateMockWrite(*req, 1),
@@ -2464,9 +2474,9 @@ TEST_P(SpdyNetworkTransactionTest, DISABLED_RedirectGetRequest) {
   };
 
   // Setup writes/reads to www.foo.com
-  scoped_ptr<SpdySerializedFrame> resp2(
+  std::unique_ptr<SpdySerializedFrame> resp2(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> body2(
+  std::unique_ptr<SpdySerializedFrame> body2(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockWrite writes2[] = {
     CreateMockWrite(*req2, 1),
@@ -2484,7 +2494,7 @@ TEST_P(SpdyNetworkTransactionTest, DISABLED_RedirectGetRequest) {
   TestDelegate d;
   {
     SpdyURLRequestContext spdy_url_request_context(GetParam().protocol);
-    scoped_ptr<URLRequest> r(spdy_url_request_context.CreateRequest(
+    std::unique_ptr<URLRequest> r(spdy_url_request_context.CreateRequest(
         GURL(GetDefaultUrl()), DEFAULT_PRIORITY, &d));
     spdy_url_request_context.socket_factory().
         AddSocketDataProvider(&data);
@@ -2514,22 +2524,22 @@ TEST_P(SpdyNetworkTransactionTest, DISABLED_RedirectGetRequest) {
 // Send a spdy request to www.example.org. Get a pushed stream that redirects to
 // www.foo.com.
 TEST_P(SpdyNetworkTransactionTest, DISABLED_RedirectServerPush) {
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructGetHeaderBlock(GetDefaultUrl()));
   (*headers)["user-agent"] = "";
   (*headers)["accept-encoding"] = "gzip, deflate";
 
   // Setup writes/reads to www.example.org
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdySyn(1, *headers, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> rep(spdy_util_.ConstructSpdyPush(
+  std::unique_ptr<SpdySerializedFrame> rep(spdy_util_.ConstructSpdyPush(
       NULL, 0, 2, 1, GetDefaultUrlWithPath("/foo.dat").c_str(),
       "301 Moved Permanently", "http://www.foo.com/index.php"));
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(2, RST_STREAM_CANCEL));
   MockWrite writes[] = {
     CreateMockWrite(*req, 1),
@@ -2544,15 +2554,15 @@ TEST_P(SpdyNetworkTransactionTest, DISABLED_RedirectServerPush) {
   };
 
   // Setup writes/reads to www.foo.com
-  scoped_ptr<SpdyHeaderBlock> headers2(
+  std::unique_ptr<SpdyHeaderBlock> headers2(
       spdy_util_.ConstructGetHeaderBlock("http://www.foo.com/index.php"));
   (*headers2)["user-agent"] = "";
   (*headers2)["accept-encoding"] = "gzip, deflate";
-  scoped_ptr<SpdySerializedFrame> req2(
+  std::unique_ptr<SpdySerializedFrame> req2(
       spdy_util_.ConstructSpdySyn(1, *headers2, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> resp2(
+  std::unique_ptr<SpdySerializedFrame> resp2(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> body2(
+  std::unique_ptr<SpdySerializedFrame> body2(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockWrite writes2[] = {
     CreateMockWrite(*req2, 1),
@@ -2571,7 +2581,7 @@ TEST_P(SpdyNetworkTransactionTest, DISABLED_RedirectServerPush) {
   TestDelegate d2;
   SpdyURLRequestContext spdy_url_request_context(GetParam().protocol);
   {
-    scoped_ptr<URLRequest> r(spdy_url_request_context.CreateRequest(
+    std::unique_ptr<URLRequest> r(spdy_url_request_context.CreateRequest(
         GURL(GetDefaultUrl()), DEFAULT_PRIORITY, &d));
     spdy_url_request_context.socket_factory().
         AddSocketDataProvider(&data);
@@ -2583,7 +2593,7 @@ TEST_P(SpdyNetworkTransactionTest, DISABLED_RedirectServerPush) {
     std::string contents("hello!");
     EXPECT_EQ(contents, d.data_received());
 
-    scoped_ptr<URLRequest> r2(spdy_url_request_context.CreateRequest(
+    std::unique_ptr<URLRequest> r2(spdy_url_request_context.CreateRequest(
         GURL(GetDefaultUrlWithPath("/foo.dat")), DEFAULT_PRIORITY, &d2));
     spdy_url_request_context.socket_factory().
         AddSocketDataProvider(&data2);
@@ -2608,20 +2618,20 @@ TEST_P(SpdyNetworkTransactionTest, DISABLED_RedirectServerPush) {
 }
 
 TEST_P(SpdyNetworkTransactionTest, ServerPushSingleDataFrame) {
-  scoped_ptr<SpdySerializedFrame> stream1_syn(
+  std::unique_ptr<SpdySerializedFrame> stream1_syn(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> stream1_body(
+  std::unique_ptr<SpdySerializedFrame> stream1_body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockWrite writes[] = {
       CreateMockWrite(*stream1_syn, 0),
   };
 
-  scoped_ptr<SpdySerializedFrame> stream1_reply(
+  std::unique_ptr<SpdySerializedFrame> stream1_reply(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> stream2_syn(spdy_util_.ConstructSpdyPush(
+  std::unique_ptr<SpdySerializedFrame> stream2_syn(spdy_util_.ConstructSpdyPush(
       NULL, 0, 2, 1, GetDefaultUrlWithPath("/foo.dat").c_str()));
   const char kPushedData[] = "pushed";
-  scoped_ptr<SpdySerializedFrame> stream2_body(
+  std::unique_ptr<SpdySerializedFrame> stream2_body(
       spdy_util_.ConstructSpdyBodyFrame(2, kPushedData, strlen(kPushedData),
                                         true));
   MockRead reads[] = {
@@ -2651,20 +2661,20 @@ TEST_P(SpdyNetworkTransactionTest, ServerPushSingleDataFrame) {
 }
 
 TEST_P(SpdyNetworkTransactionTest, ServerPushBeforeSynReply) {
-  scoped_ptr<SpdySerializedFrame> stream1_syn(
+  std::unique_ptr<SpdySerializedFrame> stream1_syn(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
   MockWrite writes[] = {
       CreateMockWrite(*stream1_syn, 0),
   };
 
-  scoped_ptr<SpdySerializedFrame> stream2_syn(spdy_util_.ConstructSpdyPush(
+  std::unique_ptr<SpdySerializedFrame> stream2_syn(spdy_util_.ConstructSpdyPush(
       nullptr, 0, 2, 1, GetDefaultUrlWithPath("/foo.dat").c_str()));
-  scoped_ptr<SpdySerializedFrame> stream1_reply(
+  std::unique_ptr<SpdySerializedFrame> stream1_reply(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> stream1_body(
+  std::unique_ptr<SpdySerializedFrame> stream1_body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   const char kPushedData[] = "pushed";
-  scoped_ptr<SpdySerializedFrame> stream2_body(
+  std::unique_ptr<SpdySerializedFrame> stream2_body(
       spdy_util_.ConstructSpdyBodyFrame(2, kPushedData, strlen(kPushedData),
                                         true));
   MockRead reads[] = {
@@ -2694,21 +2704,21 @@ TEST_P(SpdyNetworkTransactionTest, ServerPushBeforeSynReply) {
 }
 
 TEST_P(SpdyNetworkTransactionTest, ServerPushSingleDataFrame2) {
-  scoped_ptr<SpdySerializedFrame> stream1_syn(
+  std::unique_ptr<SpdySerializedFrame> stream1_syn(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
   MockWrite writes[] = {
       CreateMockWrite(*stream1_syn, 0),
   };
 
-  scoped_ptr<SpdySerializedFrame> stream1_reply(
+  std::unique_ptr<SpdySerializedFrame> stream1_reply(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> stream2_syn(spdy_util_.ConstructSpdyPush(
+  std::unique_ptr<SpdySerializedFrame> stream2_syn(spdy_util_.ConstructSpdyPush(
       NULL, 0, 2, 1, GetDefaultUrlWithPath("/foo.dat").c_str()));
   const char kPushedData[] = "pushed";
-  scoped_ptr<SpdySerializedFrame> stream2_body(
+  std::unique_ptr<SpdySerializedFrame> stream2_body(
       spdy_util_.ConstructSpdyBodyFrame(2, kPushedData, strlen(kPushedData),
                                         true));
-  scoped_ptr<SpdySerializedFrame> stream1_body(
+  std::unique_ptr<SpdySerializedFrame> stream1_body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockRead reads[] = {
       CreateMockRead(*stream1_reply, 1),
@@ -2737,19 +2747,19 @@ TEST_P(SpdyNetworkTransactionTest, ServerPushSingleDataFrame2) {
 }
 
 TEST_P(SpdyNetworkTransactionTest, ServerPushServerAborted) {
-  scoped_ptr<SpdySerializedFrame> stream1_syn(
+  std::unique_ptr<SpdySerializedFrame> stream1_syn(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> stream1_body(
+  std::unique_ptr<SpdySerializedFrame> stream1_body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockWrite writes[] = {
       CreateMockWrite(*stream1_syn, 0),
   };
 
-  scoped_ptr<SpdySerializedFrame> stream1_reply(
+  std::unique_ptr<SpdySerializedFrame> stream1_reply(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> stream2_syn(spdy_util_.ConstructSpdyPush(
+  std::unique_ptr<SpdySerializedFrame> stream2_syn(spdy_util_.ConstructSpdyPush(
       NULL, 0, 2, 1, GetDefaultUrlWithPath("/foo.dat").c_str()));
-  scoped_ptr<SpdySerializedFrame> stream2_rst(
+  std::unique_ptr<SpdySerializedFrame> stream2_rst(
       spdy_util_.ConstructSpdyRstStream(2, RST_STREAM_PROTOCOL_ERROR));
   MockRead reads[] = {
       CreateMockRead(*stream1_reply, 1),
@@ -2789,25 +2799,25 @@ TEST_P(SpdyNetworkTransactionTest, ServerPushServerAborted) {
 // Verify that we don't leak streams and that we properly send a reset
 // if the server pushes the same stream twice.
 TEST_P(SpdyNetworkTransactionTest, ServerPushDuplicate) {
-  scoped_ptr<SpdySerializedFrame> stream1_syn(
+  std::unique_ptr<SpdySerializedFrame> stream1_syn(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> stream1_body(
+  std::unique_ptr<SpdySerializedFrame> stream1_body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
-  scoped_ptr<SpdySerializedFrame> stream3_rst(
+  std::unique_ptr<SpdySerializedFrame> stream3_rst(
       spdy_util_.ConstructSpdyRstStream(4, RST_STREAM_PROTOCOL_ERROR));
   MockWrite writes[] = {
       CreateMockWrite(*stream1_syn, 0), CreateMockWrite(*stream3_rst, 4),
   };
 
-  scoped_ptr<SpdySerializedFrame> stream1_reply(
+  std::unique_ptr<SpdySerializedFrame> stream1_reply(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> stream2_syn(spdy_util_.ConstructSpdyPush(
+  std::unique_ptr<SpdySerializedFrame> stream2_syn(spdy_util_.ConstructSpdyPush(
       NULL, 0, 2, 1, GetDefaultUrlWithPath("/foo.dat").c_str()));
   const char kPushedData[] = "pushed";
-  scoped_ptr<SpdySerializedFrame> stream2_body(
+  std::unique_ptr<SpdySerializedFrame> stream2_body(
       spdy_util_.ConstructSpdyBodyFrame(2, kPushedData, strlen(kPushedData),
                                         true));
-  scoped_ptr<SpdySerializedFrame> stream3_syn(spdy_util_.ConstructSpdyPush(
+  std::unique_ptr<SpdySerializedFrame> stream3_syn(spdy_util_.ConstructSpdyPush(
       NULL, 0, 4, 1, GetDefaultUrlWithPath("/foo.dat").c_str()));
   MockRead reads[] = {
       CreateMockRead(*stream1_reply, 1),
@@ -2837,30 +2847,30 @@ TEST_P(SpdyNetworkTransactionTest, ServerPushDuplicate) {
 }
 
 TEST_P(SpdyNetworkTransactionTest, ServerPushMultipleDataFrame) {
-  scoped_ptr<SpdySerializedFrame> stream1_syn(
+  std::unique_ptr<SpdySerializedFrame> stream1_syn(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> stream1_body(
+  std::unique_ptr<SpdySerializedFrame> stream1_body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockWrite writes[] = {
       CreateMockWrite(*stream1_syn, 0),
   };
 
-  scoped_ptr<SpdySerializedFrame> stream1_reply(
+  std::unique_ptr<SpdySerializedFrame> stream1_reply(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> stream2_syn(spdy_util_.ConstructSpdyPush(
+  std::unique_ptr<SpdySerializedFrame> stream2_syn(spdy_util_.ConstructSpdyPush(
       NULL, 0, 2, 1, GetDefaultUrlWithPath("/foo.dat").c_str()));
   static const char kPushedData[] = "pushed my darling hello my baby";
-  scoped_ptr<SpdySerializedFrame> stream2_body_base(
+  std::unique_ptr<SpdySerializedFrame> stream2_body_base(
       spdy_util_.ConstructSpdyBodyFrame(2, kPushedData, strlen(kPushedData),
                                         true));
   const size_t kChunkSize = strlen(kPushedData) / 4;
-  scoped_ptr<SpdySerializedFrame> stream2_body1(
+  std::unique_ptr<SpdySerializedFrame> stream2_body1(
       new SpdySerializedFrame(stream2_body_base->data(), kChunkSize, false));
-  scoped_ptr<SpdySerializedFrame> stream2_body2(new SpdySerializedFrame(
+  std::unique_ptr<SpdySerializedFrame> stream2_body2(new SpdySerializedFrame(
       stream2_body_base->data() + kChunkSize, kChunkSize, false));
-  scoped_ptr<SpdySerializedFrame> stream2_body3(new SpdySerializedFrame(
+  std::unique_ptr<SpdySerializedFrame> stream2_body3(new SpdySerializedFrame(
       stream2_body_base->data() + 2 * kChunkSize, kChunkSize, false));
-  scoped_ptr<SpdySerializedFrame> stream2_body4(new SpdySerializedFrame(
+  std::unique_ptr<SpdySerializedFrame> stream2_body4(new SpdySerializedFrame(
       stream2_body_base->data() + 3 * kChunkSize,
       stream2_body_base->size() - 3 * kChunkSize, false));
   MockRead reads[] = {
@@ -2890,30 +2900,30 @@ TEST_P(SpdyNetworkTransactionTest, ServerPushMultipleDataFrame) {
 }
 
 TEST_P(SpdyNetworkTransactionTest, ServerPushMultipleDataFrameInterrupted) {
-  scoped_ptr<SpdySerializedFrame> stream1_syn(
+  std::unique_ptr<SpdySerializedFrame> stream1_syn(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> stream1_body(
+  std::unique_ptr<SpdySerializedFrame> stream1_body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockWrite writes[] = {
       CreateMockWrite(*stream1_syn, 0),
   };
 
-  scoped_ptr<SpdySerializedFrame> stream1_reply(
+  std::unique_ptr<SpdySerializedFrame> stream1_reply(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> stream2_syn(spdy_util_.ConstructSpdyPush(
+  std::unique_ptr<SpdySerializedFrame> stream2_syn(spdy_util_.ConstructSpdyPush(
       NULL, 0, 2, 1, GetDefaultUrlWithPath("/foo.dat").c_str()));
   static const char kPushedData[] = "pushed my darling hello my baby";
-  scoped_ptr<SpdySerializedFrame> stream2_body_base(
+  std::unique_ptr<SpdySerializedFrame> stream2_body_base(
       spdy_util_.ConstructSpdyBodyFrame(2, kPushedData, strlen(kPushedData),
                                         true));
   const size_t kChunkSize = strlen(kPushedData) / 4;
-  scoped_ptr<SpdySerializedFrame> stream2_body1(
+  std::unique_ptr<SpdySerializedFrame> stream2_body1(
       new SpdySerializedFrame(stream2_body_base->data(), kChunkSize, false));
-  scoped_ptr<SpdySerializedFrame> stream2_body2(new SpdySerializedFrame(
+  std::unique_ptr<SpdySerializedFrame> stream2_body2(new SpdySerializedFrame(
       stream2_body_base->data() + kChunkSize, kChunkSize, false));
-  scoped_ptr<SpdySerializedFrame> stream2_body3(new SpdySerializedFrame(
+  std::unique_ptr<SpdySerializedFrame> stream2_body3(new SpdySerializedFrame(
       stream2_body_base->data() + 2 * kChunkSize, kChunkSize, false));
-  scoped_ptr<SpdySerializedFrame> stream2_body4(new SpdySerializedFrame(
+  std::unique_ptr<SpdySerializedFrame> stream2_body4(new SpdySerializedFrame(
       stream2_body_base->data() + 3 * kChunkSize,
       stream2_body_base->size() - 3 * kChunkSize, false));
   MockRead reads[] = {
@@ -2942,23 +2952,23 @@ TEST_P(SpdyNetworkTransactionTest, ServerPushMultipleDataFrameInterrupted) {
 }
 
 TEST_P(SpdyNetworkTransactionTest, ServerPushInvalidAssociatedStreamID0) {
-  scoped_ptr<SpdySerializedFrame> stream1_syn(
+  std::unique_ptr<SpdySerializedFrame> stream1_syn(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> goaway;
+  std::unique_ptr<SpdySerializedFrame> goaway;
   if (spdy_util_.spdy_version() == SPDY3) {
     goaway.reset(spdy_util_.ConstructSpdyGoAway(0, GOAWAY_PROTOCOL_ERROR,
                                                 "Push on even stream id."));
   } else {
     goaway.reset(spdy_util_.ConstructSpdyGoAway(
-        0, GOAWAY_PROTOCOL_ERROR, "Framer error: 1 (INVALID_CONTROL_FRAME)."));
+        0, GOAWAY_PROTOCOL_ERROR, "Framer error: 1 (INVALID_STREAM_ID)."));
   }
   MockWrite writes[] = {
       CreateMockWrite(*stream1_syn, 0), CreateMockWrite(*goaway, 3),
   };
 
-  scoped_ptr<SpdySerializedFrame> stream1_reply(
+  std::unique_ptr<SpdySerializedFrame> stream1_reply(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> stream2_syn(spdy_util_.ConstructSpdyPush(
+  std::unique_ptr<SpdySerializedFrame> stream2_syn(spdy_util_.ConstructSpdyPush(
       NULL, 0, 2, 0, GetDefaultUrlWithPath("/foo.dat").c_str()));
   MockRead reads[] = {
       CreateMockRead(*stream1_reply, 1),
@@ -2993,19 +3003,19 @@ TEST_P(SpdyNetworkTransactionTest, ServerPushInvalidAssociatedStreamID0) {
 }
 
 TEST_P(SpdyNetworkTransactionTest, ServerPushInvalidAssociatedStreamID9) {
-  scoped_ptr<SpdySerializedFrame> stream1_syn(
+  std::unique_ptr<SpdySerializedFrame> stream1_syn(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> stream1_body(
+  std::unique_ptr<SpdySerializedFrame> stream1_body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
-  scoped_ptr<SpdySerializedFrame> stream2_rst(
+  std::unique_ptr<SpdySerializedFrame> stream2_rst(
       spdy_util_.ConstructSpdyRstStream(2, RST_STREAM_INVALID_STREAM));
   MockWrite writes[] = {
       CreateMockWrite(*stream1_syn, 0), CreateMockWrite(*stream2_rst, 3),
   };
 
-  scoped_ptr<SpdySerializedFrame> stream1_reply(
+  std::unique_ptr<SpdySerializedFrame> stream1_reply(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> stream2_syn(spdy_util_.ConstructSpdyPush(
+  std::unique_ptr<SpdySerializedFrame> stream2_syn(spdy_util_.ConstructSpdyPush(
       NULL, 0, 2, 9, GetDefaultUrlWithPath("/foo.dat").c_str()));
   MockRead reads[] = {
       CreateMockRead(*stream1_reply, 1),
@@ -3042,23 +3052,23 @@ TEST_P(SpdyNetworkTransactionTest, ServerPushInvalidAssociatedStreamID9) {
 }
 
 TEST_P(SpdyNetworkTransactionTest, ServerPushNoURL) {
-  scoped_ptr<SpdySerializedFrame> stream1_syn(
+  std::unique_ptr<SpdySerializedFrame> stream1_syn(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> stream1_body(
+  std::unique_ptr<SpdySerializedFrame> stream1_body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
-  scoped_ptr<SpdySerializedFrame> stream2_rst(
+  std::unique_ptr<SpdySerializedFrame> stream2_rst(
       spdy_util_.ConstructSpdyRstStream(2, RST_STREAM_PROTOCOL_ERROR));
   MockWrite writes[] = {
       CreateMockWrite(*stream1_syn, 0), CreateMockWrite(*stream2_rst, 3),
   };
 
-  scoped_ptr<SpdySerializedFrame> stream1_reply(
+  std::unique_ptr<SpdySerializedFrame> stream1_reply(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdyHeaderBlock> incomplete_headers(new SpdyHeaderBlock());
+  std::unique_ptr<SpdyHeaderBlock> incomplete_headers(new SpdyHeaderBlock());
   (*incomplete_headers)[spdy_util_.GetStatusKey()] = "200 OK";
   (*incomplete_headers)[spdy_util_.GetVersionKey()] = "HTTP/1.1";
   (*incomplete_headers)["hello"] = "bye";
-  scoped_ptr<SpdySerializedFrame> stream2_syn(
+  std::unique_ptr<SpdySerializedFrame> stream2_syn(
       spdy_util_.ConstructInitialSpdyPushFrame(std::move(incomplete_headers), 2,
                                                1));
   MockRead reads[] = {
@@ -3097,19 +3107,19 @@ TEST_P(SpdyNetworkTransactionTest, ServerPushNoURL) {
 
 // PUSH_PROMISE on a server-initiated stream should trigger GOAWAY.
 TEST_P(SpdyNetworkTransactionTest, ServerPushOnPushedStream) {
-  scoped_ptr<SpdySerializedFrame> stream1_syn(
+  std::unique_ptr<SpdySerializedFrame> stream1_syn(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> goaway(spdy_util_.ConstructSpdyGoAway(
+  std::unique_ptr<SpdySerializedFrame> goaway(spdy_util_.ConstructSpdyGoAway(
       2, GOAWAY_PROTOCOL_ERROR, "Push on even stream id."));
   MockWrite writes[] = {
       CreateMockWrite(*stream1_syn, 0), CreateMockWrite(*goaway, 4),
   };
 
-  scoped_ptr<SpdySerializedFrame> stream1_reply(
+  std::unique_ptr<SpdySerializedFrame> stream1_reply(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> stream2_syn(spdy_util_.ConstructSpdyPush(
+  std::unique_ptr<SpdySerializedFrame> stream2_syn(spdy_util_.ConstructSpdyPush(
       nullptr, 0, 2, 1, GetDefaultUrlWithPath("/foo.dat").c_str()));
-  scoped_ptr<SpdySerializedFrame> stream3_syn(spdy_util_.ConstructSpdyPush(
+  std::unique_ptr<SpdySerializedFrame> stream3_syn(spdy_util_.ConstructSpdyPush(
       nullptr, 0, 4, 2, GetDefaultUrlWithPath("/bar.dat").c_str()));
   MockRead reads[] = {
       CreateMockRead(*stream1_reply, 1), CreateMockRead(*stream2_syn, 2),
@@ -3124,19 +3134,19 @@ TEST_P(SpdyNetworkTransactionTest, ServerPushOnPushedStream) {
 
 // PUSH_PROMISE on a closed client-initiated stream should trigger RST_STREAM.
 TEST_P(SpdyNetworkTransactionTest, ServerPushOnClosedStream) {
-  scoped_ptr<SpdySerializedFrame> stream1_syn(
+  std::unique_ptr<SpdySerializedFrame> stream1_syn(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(2, RST_STREAM_INVALID_STREAM));
   MockWrite writes[] = {
       CreateMockWrite(*stream1_syn, 0), CreateMockWrite(*rst, 5),
   };
 
-  scoped_ptr<SpdySerializedFrame> stream1_reply(
+  std::unique_ptr<SpdySerializedFrame> stream1_reply(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 1));
-  scoped_ptr<SpdySerializedFrame> stream1_body(
+  std::unique_ptr<SpdySerializedFrame> stream1_body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
-  scoped_ptr<SpdySerializedFrame> stream2_syn(spdy_util_.ConstructSpdyPush(
+  std::unique_ptr<SpdySerializedFrame> stream2_syn(spdy_util_.ConstructSpdyPush(
       nullptr, 0, 2, 1, GetDefaultUrlWithPath("/foo.dat").c_str()));
   MockRead reads[] = {
       CreateMockRead(*stream1_reply, 1), CreateMockRead(*stream1_body, 2),
@@ -3168,25 +3178,25 @@ TEST_P(SpdyNetworkTransactionTest, ServerPushOnClosedStream) {
 // PUSH_PROMISE on a server-initiated stream should trigger GOAWAY even if
 // stream is closed.
 TEST_P(SpdyNetworkTransactionTest, ServerPushOnClosedPushedStream) {
-  scoped_ptr<SpdySerializedFrame> stream1_syn(
+  std::unique_ptr<SpdySerializedFrame> stream1_syn(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> goaway(spdy_util_.ConstructSpdyGoAway(
+  std::unique_ptr<SpdySerializedFrame> goaway(spdy_util_.ConstructSpdyGoAway(
       2, GOAWAY_PROTOCOL_ERROR, "Push on even stream id."));
   MockWrite writes[] = {
       CreateMockWrite(*stream1_syn, 0), CreateMockWrite(*goaway, 7),
   };
 
-  scoped_ptr<SpdySerializedFrame> stream1_reply(
+  std::unique_ptr<SpdySerializedFrame> stream1_reply(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 1));
-  scoped_ptr<SpdySerializedFrame> stream2_syn(spdy_util_.ConstructSpdyPush(
+  std::unique_ptr<SpdySerializedFrame> stream2_syn(spdy_util_.ConstructSpdyPush(
       nullptr, 0, 2, 1, GetDefaultUrlWithPath("/foo.dat").c_str()));
-  scoped_ptr<SpdySerializedFrame> stream1_body(
+  std::unique_ptr<SpdySerializedFrame> stream1_body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   const char kPushedData[] = "pushed";
-  scoped_ptr<SpdySerializedFrame> stream2_body(
+  std::unique_ptr<SpdySerializedFrame> stream2_body(
       spdy_util_.ConstructSpdyBodyFrame(2, kPushedData, strlen(kPushedData),
                                         true));
-  scoped_ptr<SpdySerializedFrame> stream3_syn(spdy_util_.ConstructSpdyPush(
+  std::unique_ptr<SpdySerializedFrame> stream3_syn(spdy_util_.ConstructSpdyPush(
       nullptr, 0, 4, 2, GetDefaultUrlWithPath("/bar.dat").c_str()));
 
   MockRead reads[] = {
@@ -3211,7 +3221,7 @@ TEST_P(SpdyNetworkTransactionTest, ServerPushOnClosedPushedStream) {
   EXPECT_TRUE(response.headers.get());
   EXPECT_EQ("HTTP/1.1 200", response.headers->GetStatusLine());
 
-  scoped_ptr<HttpNetworkTransaction> trans2(
+  std::unique_ptr<HttpNetworkTransaction> trans2(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, helper.session()));
   TestCompletionCallback callback2;
   rv = trans2->Start(&CreateGetPushRequest(), callback2.callback(),
@@ -3274,21 +3284,21 @@ TEST_P(SpdyNetworkTransactionTest, SynReplyHeaders) {
   test_cases[1].expected_headers["hello"] = "bye";
   test_cases[2].expected_headers["hello"] = "bye";
 
-  test_cases[0].expected_headers["cookie"] = StringPiece("val1\0val2", 9);
+  test_cases[0].expected_headers["cookie"] = base::StringPiece("val1\0val2", 9);
   test_cases[2].expected_headers["cookie"] = "val1,val2";
 
   for (size_t i = 0; i < arraysize(test_cases); ++i) {
     SpdyTestUtil spdy_test_util(GetParam().protocol,
                                 GetParam().priority_to_dependency);
     spdy_test_util.set_default_url(GURL(GetDefaultUrl()));
-    scoped_ptr<SpdySerializedFrame> req(
+    std::unique_ptr<SpdySerializedFrame> req(
         spdy_test_util.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
     MockWrite writes[] = {CreateMockWrite(*req, 0)};
 
-    scoped_ptr<SpdySerializedFrame> resp(
+    std::unique_ptr<SpdySerializedFrame> resp(
         spdy_test_util.ConstructSpdyGetSynReply(test_cases[i].extra_headers,
                                                 test_cases[i].num_headers, 1));
-    scoped_ptr<SpdySerializedFrame> body(
+    std::unique_ptr<SpdySerializedFrame> body(
         spdy_test_util.ConstructSpdyBodyFrame(1, true));
     MockRead reads[] = {
         CreateMockRead(*resp, 1),
@@ -3315,7 +3325,7 @@ TEST_P(SpdyNetworkTransactionTest, SynReplyHeaders) {
     while (headers->EnumerateHeaderLines(&iter, &name, &value)) {
       SpdyHeaderBlock::StringPieceProxy mutable_header_block_value =
           header_block[name];
-      if (static_cast<StringPiece>(mutable_header_block_value).empty()) {
+      if (static_cast<base::StringPiece>(mutable_header_block_value).empty()) {
         mutable_header_block_value = value;
       } else {
         std::string joint_value = mutable_header_block_value.as_string();
@@ -3373,9 +3383,10 @@ TEST_P(SpdyNetworkTransactionTest, SynReplyHeadersVary) {
     spdy_test_util.set_default_url(GURL(GetDefaultUrl()));
 
     // Construct the request.
-    scoped_ptr<SpdySerializedFrame> frame_req(spdy_test_util.ConstructSpdyGet(
-        test_cases[i].extra_headers[0], test_cases[i].num_headers[0], 1, LOWEST,
-        true));
+    std::unique_ptr<SpdySerializedFrame> frame_req(
+        spdy_test_util.ConstructSpdyGet(test_cases[i].extra_headers[0],
+                                        test_cases[i].num_headers[0], 1, LOWEST,
+                                        true));
 
     MockWrite writes[] = {
         CreateMockWrite(*frame_req, 0),
@@ -3386,10 +3397,10 @@ TEST_P(SpdyNetworkTransactionTest, SynReplyHeadersVary) {
     AppendToHeaderBlock(test_cases[i].extra_headers[1],
                         test_cases[i].num_headers[1],
                         &reply_headers);
-    scoped_ptr<SpdySerializedFrame> frame_reply(
+    std::unique_ptr<SpdySerializedFrame> frame_reply(
         spdy_test_util.ConstructSpdyReply(1, reply_headers));
 
-    scoped_ptr<SpdySerializedFrame> body(
+    std::unique_ptr<SpdySerializedFrame> body(
         spdy_test_util.ConstructSpdyBodyFrame(1, true));
     MockRead reads[] = {
         CreateMockRead(*frame_reply, 1),
@@ -3468,9 +3479,9 @@ TEST_P(SpdyNetworkTransactionTest, InvalidSynReply) {
                                 GetParam().priority_to_dependency);
     spdy_test_util.set_default_url(GURL(GetDefaultUrl()));
 
-    scoped_ptr<SpdySerializedFrame> req(
+    std::unique_ptr<SpdySerializedFrame> req(
         spdy_test_util.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-    scoped_ptr<SpdySerializedFrame> rst(
+    std::unique_ptr<SpdySerializedFrame> rst(
         spdy_test_util.ConstructSpdyRstStream(1, RST_STREAM_PROTOCOL_ERROR));
     MockWrite writes[] = {
         CreateMockWrite(*req, 0), CreateMockWrite(*rst, 2),
@@ -3480,7 +3491,7 @@ TEST_P(SpdyNetworkTransactionTest, InvalidSynReply) {
     SpdyHeaderBlock reply_headers;
     AppendToHeaderBlock(
         test_cases[i].headers, test_cases[i].num_headers, &reply_headers);
-    scoped_ptr<SpdySerializedFrame> resp(
+    std::unique_ptr<SpdySerializedFrame> resp(
         spdy_test_util.ConstructSpdyReply(1, reply_headers));
     MockRead reads[] = {
         CreateMockRead(*resp, 1), MockRead(ASYNC, 0, 3)  // EOF
@@ -3501,16 +3512,16 @@ TEST_P(SpdyNetworkTransactionTest, CorruptFrameSessionError) {
     return;
   }
 
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> goaway(spdy_util_.ConstructSpdyGoAway(
+  std::unique_ptr<SpdySerializedFrame> goaway(spdy_util_.ConstructSpdyGoAway(
       0, GOAWAY_COMPRESSION_ERROR, "Framer error: 5 (DECOMPRESS_FAILURE)."));
   MockWrite writes[] = {
       CreateMockWrite(*req, 0), CreateMockWrite(*goaway, 3),
   };
 
   // This is the length field that's too short.
-  scoped_ptr<SpdySerializedFrame> syn_reply_wrong_length(
+  std::unique_ptr<SpdySerializedFrame> syn_reply_wrong_length(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 1));
   size_t right_size =
       syn_reply_wrong_length->size() -
@@ -3519,7 +3530,7 @@ TEST_P(SpdyNetworkTransactionTest, CorruptFrameSessionError) {
   test::SetFrameLength(syn_reply_wrong_length.get(),
                        wrong_size,
                        spdy_util_.spdy_version());
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockRead reads[] = {
       MockRead(ASYNC, syn_reply_wrong_length->data(),
@@ -3540,14 +3551,14 @@ TEST_P(SpdyNetworkTransactionTest, CorruptFrameSessionErrorSpdy4) {
     return;
   }
 
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> goaway(spdy_util_.ConstructSpdyGoAway(
-      0, GOAWAY_COMPRESSION_ERROR, "Framer error: 5 (DECOMPRESS_FAILURE)."));
+  std::unique_ptr<SpdySerializedFrame> goaway(spdy_util_.ConstructSpdyGoAway(
+      0, GOAWAY_COMPRESSION_ERROR, "Framer error: 6 (DECOMPRESS_FAILURE)."));
   MockWrite writes[] = {CreateMockWrite(*req, 0), CreateMockWrite(*goaway, 2)};
 
   // This is the length field that's too short.
-  scoped_ptr<SpdySerializedFrame> syn_reply_wrong_length(
+  std::unique_ptr<SpdySerializedFrame> syn_reply_wrong_length(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 1));
   size_t right_size =
       syn_reply_wrong_length->size() -
@@ -3575,14 +3586,14 @@ TEST_P(SpdyNetworkTransactionTest, GoAwayOnDecompressionFailure) {
     // Decompression failures are a stream error in SPDY3.
     return;
   }
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> goaway(spdy_util_.ConstructSpdyGoAway(
-      0, GOAWAY_COMPRESSION_ERROR, "Framer error: 5 (DECOMPRESS_FAILURE)."));
+  std::unique_ptr<SpdySerializedFrame> goaway(spdy_util_.ConstructSpdyGoAway(
+      0, GOAWAY_COMPRESSION_ERROR, "Framer error: 6 (DECOMPRESS_FAILURE)."));
   MockWrite writes[] = {CreateMockWrite(*req, 0), CreateMockWrite(*goaway, 2)};
 
   // Read HEADERS with corrupted payload.
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
   memset(resp->data() + 12, 0xcf, resp->size() - 12);
   MockRead reads[] = {CreateMockRead(*resp, 1)};
@@ -3596,15 +3607,15 @@ TEST_P(SpdyNetworkTransactionTest, GoAwayOnDecompressionFailure) {
 }
 
 TEST_P(SpdyNetworkTransactionTest, GoAwayOnFrameSizeError) {
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> goaway(spdy_util_.ConstructSpdyGoAway(
+  std::unique_ptr<SpdySerializedFrame> goaway(spdy_util_.ConstructSpdyGoAway(
       0, GOAWAY_FRAME_SIZE_ERROR,
-      "Framer error: 12 (INVALID_CONTROL_FRAME_SIZE)."));
+      "Framer error: 14 (INVALID_CONTROL_FRAME_SIZE)."));
   MockWrite writes[] = {CreateMockWrite(*req, 0), CreateMockWrite(*goaway, 2)};
 
   // Read WINDOW_UPDATE with incorrectly-sized payload.
-  scoped_ptr<SpdySerializedFrame> bad_window_update(
+  std::unique_ptr<SpdySerializedFrame> bad_window_update(
       spdy_util_.ConstructSpdyWindowUpdate(1, 1));
   test::SetFrameLength(bad_window_update.get(),
                        bad_window_update->size() - 1,
@@ -3621,7 +3632,7 @@ TEST_P(SpdyNetworkTransactionTest, GoAwayOnFrameSizeError) {
 
 // Test that we shutdown correctly on write errors.
 TEST_P(SpdyNetworkTransactionTest, WriteError) {
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
   MockWrite writes[] = {
       // We'll write 10 bytes successfully
@@ -3651,17 +3662,17 @@ TEST_P(SpdyNetworkTransactionTest, WriteError) {
 // Test that partial writes work.
 TEST_P(SpdyNetworkTransactionTest, PartialWrite) {
   // Chop the SYN_STREAM frame into 5 chunks.
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
   const int kChunks = 5;
-  scoped_ptr<MockWrite[]> writes(ChopWriteFrame(*req.get(), kChunks));
+  std::unique_ptr<MockWrite[]> writes(ChopWriteFrame(*req.get(), kChunks));
   for (int i = 0; i < kChunks; ++i) {
     writes[i].sequence_number = i;
   }
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockRead reads[] = {
       CreateMockRead(*resp, kChunks),
@@ -3684,13 +3695,13 @@ TEST_P(SpdyNetworkTransactionTest, NetLog) {
   static const char* const kExtraHeaders[] = {
     "user-agent",   "Chrome",
   };
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(kExtraHeaders, 1, 1, LOWEST, true));
   MockWrite writes[] = {CreateMockWrite(*req, 0)};
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockRead reads[] = {
       CreateMockRead(*resp, 1),
@@ -3777,14 +3788,14 @@ TEST_P(SpdyNetworkTransactionTest, NetLog) {
 TEST_P(SpdyNetworkTransactionTest, BufferFull) {
   BufferedSpdyFramer framer(spdy_util_.spdy_version());
 
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
   MockWrite writes[] = {CreateMockWrite(*req, 0)};
 
   // 2 data frames in a single read.
-  scoped_ptr<SpdySerializedFrame> data_frame_1(
+  std::unique_ptr<SpdySerializedFrame> data_frame_1(
       framer.CreateDataFrame(1, "goodby", 6, DATA_FLAG_NONE));
-  scoped_ptr<SpdySerializedFrame> data_frame_2(
+  std::unique_ptr<SpdySerializedFrame> data_frame_2(
       framer.CreateDataFrame(1, "e worl", 6, DATA_FLAG_NONE));
   const SpdySerializedFrame* data_frames[2] = {
       data_frame_1.get(), data_frame_2.get(),
@@ -3793,10 +3804,10 @@ TEST_P(SpdyNetworkTransactionTest, BufferFull) {
   int combined_data_frames_len =
       CombineFrames(data_frames, arraysize(data_frames),
                     combined_data_frames, arraysize(combined_data_frames));
-  scoped_ptr<SpdySerializedFrame> last_frame(
+  std::unique_ptr<SpdySerializedFrame> last_frame(
       framer.CreateDataFrame(1, "d", 1, DATA_FLAG_FIN));
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
   MockRead reads[] = {
       CreateMockRead(*resp, 1),
@@ -3870,14 +3881,14 @@ TEST_P(SpdyNetworkTransactionTest, BufferFull) {
 TEST_P(SpdyNetworkTransactionTest, Buffering) {
   BufferedSpdyFramer framer(spdy_util_.spdy_version());
 
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
   MockWrite writes[] = {CreateMockWrite(*req, 0)};
 
   // 4 data frames in a single read.
-  scoped_ptr<SpdySerializedFrame> data_frame(
+  std::unique_ptr<SpdySerializedFrame> data_frame(
       framer.CreateDataFrame(1, "message", 7, DATA_FLAG_NONE));
-  scoped_ptr<SpdySerializedFrame> data_frame_fin(
+  std::unique_ptr<SpdySerializedFrame> data_frame_fin(
       framer.CreateDataFrame(1, "message", 7, DATA_FLAG_FIN));
   const SpdySerializedFrame* data_frames[4] = {
       data_frame.get(), data_frame.get(), data_frame.get(),
@@ -3887,7 +3898,7 @@ TEST_P(SpdyNetworkTransactionTest, Buffering) {
       CombineFrames(data_frames, arraysize(data_frames),
                     combined_data_frames, arraysize(combined_data_frames));
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
   MockRead reads[] = {
       CreateMockRead(*resp, 1),
@@ -3962,16 +3973,16 @@ TEST_P(SpdyNetworkTransactionTest, Buffering) {
 TEST_P(SpdyNetworkTransactionTest, BufferedAll) {
   BufferedSpdyFramer framer(spdy_util_.spdy_version());
 
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
   MockWrite writes[] = {CreateMockWrite(*req, 0)};
 
   // 5 data frames in a single read.
-  scoped_ptr<SpdySerializedFrame> reply(
+  std::unique_ptr<SpdySerializedFrame> reply(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> data_frame(
+  std::unique_ptr<SpdySerializedFrame> data_frame(
       framer.CreateDataFrame(1, "message", 7, DATA_FLAG_NONE));
-  scoped_ptr<SpdySerializedFrame> data_frame_fin(
+  std::unique_ptr<SpdySerializedFrame> data_frame_fin(
       framer.CreateDataFrame(1, "message", 7, DATA_FLAG_FIN));
   const SpdySerializedFrame* frames[5] = {reply.get(), data_frame.get(),
                                           data_frame.get(), data_frame.get(),
@@ -4048,13 +4059,13 @@ TEST_P(SpdyNetworkTransactionTest, BufferedAll) {
 TEST_P(SpdyNetworkTransactionTest, BufferedClosed) {
   BufferedSpdyFramer framer(spdy_util_.spdy_version());
 
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
   MockWrite writes[] = {CreateMockWrite(*req, 0)};
 
   // All data frames in a single read.
   // NOTE: We don't FIN the stream.
-  scoped_ptr<SpdySerializedFrame> data_frame(
+  std::unique_ptr<SpdySerializedFrame> data_frame(
       framer.CreateDataFrame(1, "message", 7, DATA_FLAG_NONE));
   const SpdySerializedFrame* data_frames[4] = {
       data_frame.get(), data_frame.get(), data_frame.get(), data_frame.get()};
@@ -4062,7 +4073,7 @@ TEST_P(SpdyNetworkTransactionTest, BufferedClosed) {
   int combined_data_frames_len =
       CombineFrames(data_frames, arraysize(data_frames),
                     combined_data_frames, arraysize(combined_data_frames));
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
   MockRead reads[] = {
       CreateMockRead(*resp, 1),
@@ -4135,17 +4146,17 @@ TEST_P(SpdyNetworkTransactionTest, BufferedClosed) {
 TEST_P(SpdyNetworkTransactionTest, BufferedCancelled) {
   BufferedSpdyFramer framer(spdy_util_.spdy_version());
 
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(1, RST_STREAM_CANCEL));
   MockWrite writes[] = {CreateMockWrite(*req, 0), CreateMockWrite(*rst, 4)};
 
   // NOTE: We don't FIN the stream.
-  scoped_ptr<SpdySerializedFrame> data_frame(
+  std::unique_ptr<SpdySerializedFrame> data_frame(
       framer.CreateDataFrame(1, "message", 7, DATA_FLAG_NONE));
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
   MockRead reads[] = {
       CreateMockRead(*resp, 1),
@@ -4227,20 +4238,24 @@ TEST_P(SpdyNetworkTransactionTest, SettingsSaved) {
 
   // Verify that no settings exist initially.
   HostPortPair host_port_pair("www.example.org", helper.port());
+  url::SchemeHostPort spdy_server("https", host_port_pair.host(),
+                                  host_port_pair.port());
+
   SpdySessionPool* spdy_session_pool = helper.session()->spdy_session_pool();
-  EXPECT_TRUE(spdy_session_pool->http_server_properties()->GetSpdySettings(
-      host_port_pair).empty());
+  EXPECT_TRUE(spdy_session_pool->http_server_properties()
+                  ->GetSpdySettings(spdy_server)
+                  .empty());
 
   // Construct the request.
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
   MockWrite writes[] = {CreateMockWrite(*req, 0)};
 
   // Construct the reply.
-  scoped_ptr<SpdyHeaderBlock> reply_headers(new SpdyHeaderBlock());
+  std::unique_ptr<SpdyHeaderBlock> reply_headers(new SpdyHeaderBlock());
   (*reply_headers)[spdy_util_.GetStatusKey()] = "200";
   (*reply_headers)[spdy_util_.GetVersionKey()] = "HTTP/1.1";
-  scoped_ptr<SpdySerializedFrame> reply(
+  std::unique_ptr<SpdySerializedFrame> reply(
       spdy_util_.ConstructSpdyFrame(kSynReplyInfo, std::move(reply_headers)));
 
   const SpdySettingsIds kSampleId1 = SETTINGS_UPLOAD_BANDWIDTH;
@@ -4249,7 +4264,7 @@ TEST_P(SpdyNetworkTransactionTest, SettingsSaved) {
   unsigned int kSampleValue2 = 0x0b0b0b0b;
   const SpdySettingsIds kSampleId3 = SETTINGS_ROUND_TRIP_TIME;
   unsigned int kSampleValue3 = 0x0c0c0c0c;
-  scoped_ptr<SpdySerializedFrame> settings_frame;
+  std::unique_ptr<SpdySerializedFrame> settings_frame;
   {
     // Construct the SETTINGS frame.
     SettingsMap settings;
@@ -4265,7 +4280,7 @@ TEST_P(SpdyNetworkTransactionTest, SettingsSaved) {
     settings_frame.reset(spdy_util_.ConstructSpdySettings(settings));
   }
 
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockRead reads[] = {
       CreateMockRead(*reply, 1),
@@ -4287,7 +4302,7 @@ TEST_P(SpdyNetworkTransactionTest, SettingsSaved) {
     // Verify we had two persisted settings.
     const SettingsMap& settings_map =
         spdy_session_pool->http_server_properties()->GetSpdySettings(
-            host_port_pair);
+            spdy_server);
     ASSERT_EQ(2u, settings_map.size());
 
     // Verify the first persisted setting.
@@ -4338,8 +4353,11 @@ TEST_P(SpdyNetworkTransactionTest, SettingsPlayback) {
 
   // Verify that no settings exist initially.
   HostPortPair host_port_pair("www.example.org", helper.port());
-  EXPECT_TRUE(spdy_session_pool->http_server_properties()->GetSpdySettings(
-      host_port_pair).empty());
+  url::SchemeHostPort spdy_server("https", host_port_pair.host(),
+                                  host_port_pair.port());
+  EXPECT_TRUE(spdy_session_pool->http_server_properties()
+                  ->GetSpdySettings(spdy_server)
+                  .empty());
 
   const SpdySettingsIds kSampleId1 = SETTINGS_MAX_CONCURRENT_STREAMS;
   unsigned int kSampleValue1 = 0x0a0a0a0a;
@@ -4348,37 +4366,31 @@ TEST_P(SpdyNetworkTransactionTest, SettingsPlayback) {
 
   // First add a persisted setting.
   spdy_session_pool->http_server_properties()->SetSpdySetting(
-      host_port_pair,
-      kSampleId1,
-      SETTINGS_FLAG_PLEASE_PERSIST,
-      kSampleValue1);
+      spdy_server, kSampleId1, SETTINGS_FLAG_PLEASE_PERSIST, kSampleValue1);
 
   // Next add another persisted setting.
   spdy_session_pool->http_server_properties()->SetSpdySetting(
-      host_port_pair,
-      kSampleId2,
-      SETTINGS_FLAG_PLEASE_PERSIST,
-      kSampleValue2);
+      spdy_server, kSampleId2, SETTINGS_FLAG_PLEASE_PERSIST, kSampleValue2);
 
-  EXPECT_EQ(2u, spdy_session_pool->http_server_properties()->GetSpdySettings(
-      host_port_pair).size());
+  EXPECT_EQ(2u, spdy_session_pool->http_server_properties()
+                    ->GetSpdySettings(spdy_server)
+                    .size());
 
   // Construct the initial SETTINGS frame.
   SettingsMap initial_settings;
   initial_settings[SETTINGS_MAX_CONCURRENT_STREAMS] =
       SettingsFlagsAndValue(SETTINGS_FLAG_NONE, kMaxConcurrentPushedStreams);
-  scoped_ptr<SpdySerializedFrame> initial_settings_frame(
+  std::unique_ptr<SpdySerializedFrame> initial_settings_frame(
       spdy_util_.ConstructSpdySettings(initial_settings));
 
   // Construct the persisted SETTINGS frame.
   const SettingsMap& settings =
-      spdy_session_pool->http_server_properties()->GetSpdySettings(
-          host_port_pair);
-  scoped_ptr<SpdySerializedFrame> settings_frame(
+      spdy_session_pool->http_server_properties()->GetSpdySettings(spdy_server);
+  std::unique_ptr<SpdySerializedFrame> settings_frame(
       spdy_util_.ConstructSpdySettings(settings));
 
   // Construct the request.
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
 
   MockWrite writes[] = {
@@ -4388,13 +4400,13 @@ TEST_P(SpdyNetworkTransactionTest, SettingsPlayback) {
   };
 
   // Construct the reply.
-  scoped_ptr<SpdyHeaderBlock> reply_headers(new SpdyHeaderBlock());
+  std::unique_ptr<SpdyHeaderBlock> reply_headers(new SpdyHeaderBlock());
   (*reply_headers)[spdy_util_.GetStatusKey()] = "200";
   (*reply_headers)[spdy_util_.GetVersionKey()] = "HTTP/1.1";
-  scoped_ptr<SpdySerializedFrame> reply(
+  std::unique_ptr<SpdySerializedFrame> reply(
       spdy_util_.ConstructSpdyFrame(kSynReplyInfo, std::move(reply_headers)));
 
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockRead reads[] = {
       CreateMockRead(*reply, 3),
@@ -4415,7 +4427,7 @@ TEST_P(SpdyNetworkTransactionTest, SettingsPlayback) {
     // Verify we had two persisted settings.
     const SettingsMap& settings_map =
         spdy_session_pool->http_server_properties()->GetSpdySettings(
-            host_port_pair);
+            spdy_server);
     ASSERT_EQ(2u, settings_map.size());
 
     // Verify the first persisted setting.
@@ -4435,11 +4447,12 @@ TEST_P(SpdyNetworkTransactionTest, SettingsPlayback) {
 }
 
 TEST_P(SpdyNetworkTransactionTest, GoAwayWithActiveStream) {
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
   MockWrite writes[] = {CreateMockWrite(*req, 0)};
 
-  scoped_ptr<SpdySerializedFrame> go_away(spdy_util_.ConstructSpdyGoAway());
+  std::unique_ptr<SpdySerializedFrame> go_away(
+      spdy_util_.ConstructSpdyGoAway());
   MockRead reads[] = {
       CreateMockRead(*go_away, 1),
   };
@@ -4454,11 +4467,11 @@ TEST_P(SpdyNetworkTransactionTest, GoAwayWithActiveStream) {
 }
 
 TEST_P(SpdyNetworkTransactionTest, CloseWithActiveStream) {
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
   MockWrite writes[] = {CreateMockWrite(*req, 0)};
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
   MockRead reads[] = {
       CreateMockRead(*resp, 1), MockRead(SYNCHRONOUS, 0, 2)  // EOF
@@ -4499,7 +4512,7 @@ TEST_P(SpdyNetworkTransactionTest, HTTP11RequiredError) {
   NormalSpdyTransactionHelper helper(CreateGetRequest(), DEFAULT_PRIORITY,
                                      BoundNetLog(), GetParam(), nullptr);
 
-  scoped_ptr<SpdySerializedFrame> go_away(spdy_util_.ConstructSpdyGoAway(
+  std::unique_ptr<SpdySerializedFrame> go_away(spdy_util_.ConstructSpdyGoAway(
       0, GOAWAY_HTTP_1_1_REQUIRED, "Try again using HTTP/1.1 please."));
   MockRead reads[] = {
       CreateMockRead(*go_away, 0),
@@ -4526,7 +4539,7 @@ TEST_P(SpdyNetworkTransactionTest, HTTP11RequiredRetry) {
   HttpRequestInfo request;
   request.method = "GET";
   request.url = GURL("https://www.example.org/");
-  scoped_ptr<SpdySessionDependencies> session_deps(
+  std::unique_ptr<SpdySessionDependencies> session_deps(
       CreateSpdySessionDependencies(GetParam()));
   // Do not force SPDY so that second socket can negotiate HTTP/1.1.
   NormalSpdyTransactionHelper helper(request, DEFAULT_PRIORITY, BoundNetLog(),
@@ -4534,17 +4547,18 @@ TEST_P(SpdyNetworkTransactionTest, HTTP11RequiredRetry) {
 
   // First socket: HTTP/2 request rejected with HTTP_1_1_REQUIRED.
   const char* url = request.url.spec().c_str();
-  scoped_ptr<SpdyHeaderBlock> headers(spdy_util_.ConstructGetHeaderBlock(url));
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdyHeaderBlock> headers(
+      spdy_util_.ConstructGetHeaderBlock(url));
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdySyn(1, *headers, LOWEST, true));
   MockWrite writes0[] = {CreateMockWrite(*req, 0)};
-  scoped_ptr<SpdySerializedFrame> go_away(spdy_util_.ConstructSpdyGoAway(
+  std::unique_ptr<SpdySerializedFrame> go_away(spdy_util_.ConstructSpdyGoAway(
       0, GOAWAY_HTTP_1_1_REQUIRED, "Try again using HTTP/1.1 please."));
   MockRead reads0[] = {CreateMockRead(*go_away, 1)};
   SequencedSocketData data0(reads0, arraysize(reads0), writes0,
                             arraysize(writes0));
 
-  scoped_ptr<SSLSocketDataProvider> ssl_provider0(
+  std::unique_ptr<SSLSocketDataProvider> ssl_provider0(
       new SSLSocketDataProvider(ASYNC, OK));
   // Expect HTTP/2 protocols too in SSLConfig.
   ssl_provider0->next_protos_expected_in_ssl_config.push_back(kProtoHTTP2);
@@ -4566,7 +4580,7 @@ TEST_P(SpdyNetworkTransactionTest, HTTP11RequiredRetry) {
   SequencedSocketData data1(reads1, arraysize(reads1), writes1,
                             arraysize(writes1));
 
-  scoped_ptr<SSLSocketDataProvider> ssl_provider1(
+  std::unique_ptr<SSLSocketDataProvider> ssl_provider1(
       new SSLSocketDataProvider(ASYNC, OK));
   // Expect only HTTP/1.1 protocol in SSLConfig.
   ssl_provider1->next_protos_expected_in_ssl_config.push_back(kProtoHTTP11);
@@ -4615,7 +4629,7 @@ TEST_P(SpdyNetworkTransactionTest, HTTP11RequiredProxyRetry) {
   HttpRequestInfo request;
   request.method = "GET";
   request.url = GURL("https://www.example.org/");
-  scoped_ptr<SpdySessionDependencies> session_deps(
+  std::unique_ptr<SpdySessionDependencies> session_deps(
       CreateSpdySessionDependencies(
           GetParam(),
           ProxyService::CreateFixedFromPacResult("HTTPS myproxy:70")));
@@ -4624,16 +4638,16 @@ TEST_P(SpdyNetworkTransactionTest, HTTP11RequiredProxyRetry) {
                                      GetParam(), std::move(session_deps));
 
   // First socket: HTTP/2 CONNECT rejected with HTTP_1_1_REQUIRED.
-  scoped_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyConnect(
+  std::unique_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyConnect(
       nullptr, 0, 1, LOWEST, HostPortPair("www.example.org", 443)));
   MockWrite writes0[] = {CreateMockWrite(*req, 0)};
-  scoped_ptr<SpdySerializedFrame> go_away(spdy_util_.ConstructSpdyGoAway(
+  std::unique_ptr<SpdySerializedFrame> go_away(spdy_util_.ConstructSpdyGoAway(
       0, GOAWAY_HTTP_1_1_REQUIRED, "Try again using HTTP/1.1 please."));
   MockRead reads0[] = {CreateMockRead(*go_away, 1)};
   SequencedSocketData data0(reads0, arraysize(reads0), writes0,
                             arraysize(writes0));
 
-  scoped_ptr<SSLSocketDataProvider> ssl_provider0(
+  std::unique_ptr<SSLSocketDataProvider> ssl_provider0(
       new SSLSocketDataProvider(ASYNC, OK));
   // Expect HTTP/2 protocols too in SSLConfig.
   ssl_provider0->next_protos_expected_in_ssl_config.push_back(kProtoHTTP2);
@@ -4665,7 +4679,7 @@ TEST_P(SpdyNetworkTransactionTest, HTTP11RequiredProxyRetry) {
   SequencedSocketData data1(reads1, arraysize(reads1), writes1,
                             arraysize(writes1));
 
-  scoped_ptr<SSLSocketDataProvider> ssl_provider1(
+  std::unique_ptr<SSLSocketDataProvider> ssl_provider1(
       new SSLSocketDataProvider(ASYNC, OK));
   // Expect only HTTP/1.1 protocol in SSLConfig.
   ssl_provider1->next_protos_expected_in_ssl_config.push_back(kProtoHTTP11);
@@ -4674,7 +4688,7 @@ TEST_P(SpdyNetworkTransactionTest, HTTP11RequiredProxyRetry) {
   helper.AddDataWithSSLSocketDataProvider(&data1, std::move(ssl_provider1));
 
   // A third socket is needed for the tunnelled connection.
-  scoped_ptr<SSLSocketDataProvider> ssl_provider2(
+  std::unique_ptr<SSLSocketDataProvider> ssl_provider2(
       new SSLSocketDataProvider(ASYNC, OK));
   helper.session_deps()->socket_factory->AddSSLSocketDataProvider(
       ssl_provider2.get());
@@ -4721,11 +4735,11 @@ TEST_P(SpdyNetworkTransactionTest, ProxyConnect) {
       "Host: www.example.org:443\r\n"
       "Proxy-Connection: keep-alive\r\n\r\n"};
   const char kHTTP200[] = {"HTTP/1.1 200 OK\r\n\r\n"};
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
 
   MockWrite writes[] = {
@@ -4738,7 +4752,7 @@ TEST_P(SpdyNetworkTransactionTest, ProxyConnect) {
       CreateMockRead(*body.get(), 4),
       MockRead(ASYNC, 0, 0, 5),
   };
-  scoped_ptr<SequencedSocketData> data(new SequencedSocketData(
+  std::unique_ptr<SequencedSocketData> data(new SequencedSocketData(
       reads, arraysize(reads), writes, arraysize(writes)));
 
   helper.AddData(data.get());
@@ -4785,15 +4799,15 @@ TEST_P(SpdyNetworkTransactionTest, DirectConnectProxyReconnect) {
   helper.RunPreTestSetup();
 
   // Construct and send a simple GET request.
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
   MockWrite writes[] = {
       CreateMockWrite(*req, 0),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockRead reads[] = {
       CreateMockRead(*resp, 1),
@@ -4844,11 +4858,11 @@ TEST_P(SpdyNetworkTransactionTest, DirectConnectProxyReconnect) {
       "Host: www.example.org:443\r\n"
       "Proxy-Connection: keep-alive\r\n\r\n"};
   const char kHTTP200[] = {"HTTP/1.1 200 OK\r\n\r\n"};
-  scoped_ptr<SpdySerializedFrame> req2(spdy_util_2.ConstructSpdyGet(
+  std::unique_ptr<SpdySerializedFrame> req2(spdy_util_2.ConstructSpdyGet(
       GetDefaultUrlWithPath("/foo.dat").c_str(), 1, LOWEST));
-  scoped_ptr<SpdySerializedFrame> resp2(
+  std::unique_ptr<SpdySerializedFrame> resp2(
       spdy_util_2.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> body2(
+  std::unique_ptr<SpdySerializedFrame> body2(
       spdy_util_2.ConstructSpdyBodyFrame(1, true));
 
   MockWrite writes2[] = {
@@ -4862,7 +4876,7 @@ TEST_P(SpdyNetworkTransactionTest, DirectConnectProxyReconnect) {
       MockRead(ASYNC, 0, 5)  // EOF
   };
 
-  scoped_ptr<SequencedSocketData> data_proxy(new SequencedSocketData(
+  std::unique_ptr<SequencedSocketData> data_proxy(new SequencedSocketData(
       reads2, arraysize(reads2), writes2, arraysize(writes2)));
 
   // Create another request to www.example.org, but this time through a proxy.
@@ -4870,15 +4884,15 @@ TEST_P(SpdyNetworkTransactionTest, DirectConnectProxyReconnect) {
   request_proxy.method = "GET";
   request_proxy.url = GURL(GetDefaultUrlWithPath("/foo.dat"));
   request_proxy.load_flags = 0;
-  scoped_ptr<SpdySessionDependencies> ssd_proxy(
+  std::unique_ptr<SpdySessionDependencies> ssd_proxy(
       CreateSpdySessionDependencies(GetParam()));
   // Ensure that this transaction uses the same SpdySessionPool.
-  scoped_ptr<HttpNetworkSession> session_proxy(
+  std::unique_ptr<HttpNetworkSession> session_proxy(
       SpdySessionDependencies::SpdyCreateSession(ssd_proxy.get()));
   NormalSpdyTransactionHelper helper_proxy(request_proxy, DEFAULT_PRIORITY,
                                            BoundNetLog(), GetParam(), NULL);
   HttpNetworkSessionPeer session_peer(session_proxy.get());
-  scoped_ptr<ProxyService> proxy_service(
+  std::unique_ptr<ProxyService> proxy_service(
       ProxyService::CreateFixedFromPacResult("PROXY myproxy:70"));
   session_peer.SetProxyService(proxy_service.get());
   helper_proxy.session_deps().swap(ssd_proxy);
@@ -4910,9 +4924,9 @@ TEST_P(SpdyNetworkTransactionTest, DirectConnectProxyReconnect) {
 // This can happen when a server reboots without saying goodbye, or when
 // we're behind a NAT that masked the RST.
 TEST_P(SpdyNetworkTransactionTest, VerifyRetryOnConnectionReset) {
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockRead reads[] = {
       CreateMockRead(*resp, 1),
@@ -4927,12 +4941,12 @@ TEST_P(SpdyNetworkTransactionTest, VerifyRetryOnConnectionReset) {
       MockRead(ASYNC, 0, 3)  // EOF
   };
 
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
   // In all cases the connection will be reset before req3 can be
   // dispatched, destroying both streams.
   spdy_util_.UpdateWithStreamDestruction(1);
-  scoped_ptr<SpdySerializedFrame> req3(
+  std::unique_ptr<SpdySerializedFrame> req3(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 3, LOWEST, true));
   MockWrite writes1[] = {CreateMockWrite(*req, 0), CreateMockWrite(*req3, 5)};
   MockWrite writes2[] = {CreateMockWrite(*req, 0)};
@@ -4961,7 +4975,7 @@ TEST_P(SpdyNetworkTransactionTest, VerifyRetryOnConnectionReset) {
     helper.RunPreTestSetup();
 
     for (int i = 0; i < 2; ++i) {
-      scoped_ptr<HttpNetworkTransaction> trans(
+      std::unique_ptr<HttpNetworkTransaction> trans(
           new HttpNetworkTransaction(DEFAULT_PRIORITY, helper.session()));
 
       TestCompletionCallback callback;
@@ -5002,13 +5016,13 @@ TEST_P(SpdyNetworkTransactionTest, VerifyRetryOnConnectionReset) {
 // Test that turning SPDY on and off works properly.
 TEST_P(SpdyNetworkTransactionTest, SpdyOnOffToggle) {
   HttpStreamFactory::set_spdy_enabled(true);
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
   MockWrite spdy_writes[] = {CreateMockWrite(*req, 0)};
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockRead spdy_reads[] = {
       CreateMockRead(*resp, 1),
@@ -5059,14 +5073,14 @@ TEST_P(SpdyNetworkTransactionTest, SpdyBasicAuth) {
 
   // The first request will be a bare GET, the second request will be a
   // GET with an Authorization header.
-  scoped_ptr<SpdySerializedFrame> req_get(
+  std::unique_ptr<SpdySerializedFrame> req_get(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
   // Will be refused for lack of auth.
   spdy_util_.UpdateWithStreamDestruction(1);
   const char* const kExtraAuthorizationHeaders[] = {
     "authorization", "Basic Zm9vOmJhcg=="
   };
-  scoped_ptr<SpdySerializedFrame> req_get_authorization(
+  std::unique_ptr<SpdySerializedFrame> req_get_authorization(
       spdy_util_.ConstructSpdyGet(kExtraAuthorizationHeaders,
                                   arraysize(kExtraAuthorizationHeaders) / 2, 3,
                                   LOWEST, true));
@@ -5081,15 +5095,15 @@ TEST_P(SpdyNetworkTransactionTest, SpdyBasicAuth) {
     "www-authenticate",
     "Basic realm=\"MyRealm\""
   };
-  scoped_ptr<SpdySerializedFrame> resp_authentication(
+  std::unique_ptr<SpdySerializedFrame> resp_authentication(
       spdy_util_.ConstructSpdySynReplyError(
           "401 Authentication Required", kExtraAuthenticationHeaders,
           arraysize(kExtraAuthenticationHeaders) / 2, 1));
-  scoped_ptr<SpdySerializedFrame> body_authentication(
+  std::unique_ptr<SpdySerializedFrame> body_authentication(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
-  scoped_ptr<SpdySerializedFrame> resp_data(
+  std::unique_ptr<SpdySerializedFrame> resp_data(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 3));
-  scoped_ptr<SpdySerializedFrame> body_data(
+  std::unique_ptr<SpdySerializedFrame> body_data(
       spdy_util_.ConstructSpdyBodyFrame(3, true));
   MockRead spdy_reads[] = {
       CreateMockRead(*resp_authentication, 1),
@@ -5146,19 +5160,19 @@ TEST_P(SpdyNetworkTransactionTest, SpdyBasicAuth) {
 }
 
 TEST_P(SpdyNetworkTransactionTest, ServerPushWithHeaders) {
-  scoped_ptr<SpdySerializedFrame> stream1_syn(
+  std::unique_ptr<SpdySerializedFrame> stream1_syn(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
   MockWrite writes[] = {
       CreateMockWrite(*stream1_syn, 0),
   };
 
-  scoped_ptr<SpdySerializedFrame> stream1_reply(
+  std::unique_ptr<SpdySerializedFrame> stream1_reply(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 1));
 
-  scoped_ptr<SpdyHeaderBlock> initial_headers(new SpdyHeaderBlock());
+  std::unique_ptr<SpdyHeaderBlock> initial_headers(new SpdyHeaderBlock());
   spdy_util_.AddUrlToHeaderBlock(GetDefaultUrlWithPath("/foo.dat"),
                                  initial_headers.get());
-  scoped_ptr<SpdySerializedFrame> stream2_syn(
+  std::unique_ptr<SpdySerializedFrame> stream2_syn(
       spdy_util_.ConstructInitialSpdyPushFrame(std::move(initial_headers), 2,
                                                1));
 
@@ -5166,14 +5180,14 @@ TEST_P(SpdyNetworkTransactionTest, ServerPushWithHeaders) {
   late_headers[spdy_util_.GetStatusKey()] = "200";
   late_headers[spdy_util_.GetVersionKey()] = "HTTP/1.1";
   late_headers["hello"] = "bye";
-  scoped_ptr<SpdySerializedFrame> stream2_headers(
+  std::unique_ptr<SpdySerializedFrame> stream2_headers(
       spdy_util_.ConstructSpdyResponseHeaders(2, late_headers, false));
 
-  scoped_ptr<SpdySerializedFrame> stream1_body(
+  std::unique_ptr<SpdySerializedFrame> stream1_body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
 
   const char kPushedData[] = "pushed";
-  scoped_ptr<SpdySerializedFrame> stream2_body(
+  std::unique_ptr<SpdySerializedFrame> stream2_body(
       spdy_util_.ConstructSpdyBodyFrame(2, kPushedData, strlen(kPushedData),
                                         true));
 
@@ -5206,30 +5220,30 @@ TEST_P(SpdyNetworkTransactionTest, ServerPushWithHeaders) {
 
 TEST_P(SpdyNetworkTransactionTest, ServerPushClaimBeforeHeaders) {
   // We push a stream and attempt to claim it before the headers come down.
-  scoped_ptr<SpdySerializedFrame> stream1_syn(
+  std::unique_ptr<SpdySerializedFrame> stream1_syn(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
   MockWrite writes[] = {
     CreateMockWrite(*stream1_syn, 0, SYNCHRONOUS),
   };
 
-  scoped_ptr<SpdySerializedFrame> stream1_reply(
+  std::unique_ptr<SpdySerializedFrame> stream1_reply(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 1));
-  scoped_ptr<SpdyHeaderBlock> initial_headers(new SpdyHeaderBlock());
+  std::unique_ptr<SpdyHeaderBlock> initial_headers(new SpdyHeaderBlock());
   spdy_util_.AddUrlToHeaderBlock(GetDefaultUrlWithPath("/foo.dat"),
                                  initial_headers.get());
-  scoped_ptr<SpdySerializedFrame> stream2_syn(
+  std::unique_ptr<SpdySerializedFrame> stream2_syn(
       spdy_util_.ConstructInitialSpdyPushFrame(std::move(initial_headers), 2,
                                                1));
-  scoped_ptr<SpdySerializedFrame> stream1_body(
+  std::unique_ptr<SpdySerializedFrame> stream1_body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   SpdyHeaderBlock late_headers;
   late_headers[spdy_util_.GetStatusKey()] = "200";
   late_headers[spdy_util_.GetVersionKey()] = "HTTP/1.1";
   late_headers["hello"] = "bye";
-  scoped_ptr<SpdySerializedFrame> stream2_headers(
+  std::unique_ptr<SpdySerializedFrame> stream2_headers(
       spdy_util_.ConstructSpdyResponseHeaders(2, late_headers, false));
   const char kPushedData[] = "pushed";
-  scoped_ptr<SpdySerializedFrame> stream2_body(
+  std::unique_ptr<SpdySerializedFrame> stream2_body(
       spdy_util_.ConstructSpdyBodyFrame(2, kPushedData, strlen(kPushedData),
                                         true));
   MockRead reads[] = {
@@ -5264,7 +5278,7 @@ TEST_P(SpdyNetworkTransactionTest, ServerPushClaimBeforeHeaders) {
 
   // Request the pushed path.  At this point, we've received the push, but the
   // headers are not yet complete.
-  scoped_ptr<HttpNetworkTransaction> trans2(
+  std::unique_ptr<HttpNetworkTransaction> trans2(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, helper.session()));
   rv = trans2->Start(
       &CreateGetPushRequest(), callback.callback(), BoundNetLog());
@@ -5314,32 +5328,32 @@ TEST_P(SpdyNetworkTransactionTest, ServerPushClaimBeforeHeaders) {
 // TODO(baranovich): HTTP 2 does not allow multiple HEADERS frames
 TEST_P(SpdyNetworkTransactionTest, ServerPushWithTwoHeaderFrames) {
   // We push a stream and attempt to claim it before the headers come down.
-  scoped_ptr<SpdySerializedFrame> stream1_syn(
+  std::unique_ptr<SpdySerializedFrame> stream1_syn(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
   MockWrite writes[] = {
     CreateMockWrite(*stream1_syn, 0, SYNCHRONOUS),
   };
 
-  scoped_ptr<SpdySerializedFrame> stream1_reply(
+  std::unique_ptr<SpdySerializedFrame> stream1_reply(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 1));
 
-  scoped_ptr<SpdyHeaderBlock> initial_headers(new SpdyHeaderBlock());
+  std::unique_ptr<SpdyHeaderBlock> initial_headers(new SpdyHeaderBlock());
   if (spdy_util_.spdy_version() < HTTP2) {
     // In HTTP/2 PUSH_PROMISE headers won't show up in the response headers.
     (*initial_headers)["alpha"] = "beta";
   }
   spdy_util_.AddUrlToHeaderBlock(GetDefaultUrlWithPath("/foo.dat"),
                                  initial_headers.get());
-  scoped_ptr<SpdySerializedFrame> stream2_syn(
+  std::unique_ptr<SpdySerializedFrame> stream2_syn(
       spdy_util_.ConstructInitialSpdyPushFrame(std::move(initial_headers), 2,
                                                1));
 
-  scoped_ptr<SpdySerializedFrame> stream1_body(
+  std::unique_ptr<SpdySerializedFrame> stream1_body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
 
   SpdyHeaderBlock middle_headers;
   middle_headers["hello"] = "bye";
-  scoped_ptr<SpdySerializedFrame> stream2_headers1(
+  std::unique_ptr<SpdySerializedFrame> stream2_headers1(
       spdy_util_.ConstructSpdyResponseHeaders(2, middle_headers, false));
 
   SpdyHeaderBlock late_headers;
@@ -5348,11 +5362,11 @@ TEST_P(SpdyNetworkTransactionTest, ServerPushWithTwoHeaderFrames) {
     // HTTP/2 eliminates use of the :version header.
     late_headers[spdy_util_.GetVersionKey()] = "HTTP/1.1";
   }
-  scoped_ptr<SpdySerializedFrame> stream2_headers2(
+  std::unique_ptr<SpdySerializedFrame> stream2_headers2(
       spdy_util_.ConstructSpdyResponseHeaders(2, late_headers, false));
 
   const char kPushedData[] = "pushed";
-  scoped_ptr<SpdySerializedFrame> stream2_body(
+  std::unique_ptr<SpdySerializedFrame> stream2_body(
       spdy_util_.ConstructSpdyBodyFrame(2, kPushedData, strlen(kPushedData),
                                         true));
 
@@ -5391,7 +5405,7 @@ TEST_P(SpdyNetworkTransactionTest, ServerPushWithTwoHeaderFrames) {
 
   // Request the pushed path.  At this point, we've received the push, but the
   // headers are not yet complete.
-  scoped_ptr<HttpNetworkTransaction> trans2(
+  std::unique_ptr<HttpNetworkTransaction> trans2(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, helper.session()));
   rv = trans2->Start(
       &CreateGetPushRequest(), callback.callback(), BoundNetLog());
@@ -5446,32 +5460,32 @@ TEST_P(SpdyNetworkTransactionTest, ServerPushWithTwoHeaderFrames) {
 
 TEST_P(SpdyNetworkTransactionTest, ServerPushWithNoStatusHeaderFrames) {
   // We push a stream and attempt to claim it before the headers come down.
-  scoped_ptr<SpdySerializedFrame> stream1_syn(
+  std::unique_ptr<SpdySerializedFrame> stream1_syn(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
   MockWrite writes[] = {
     CreateMockWrite(*stream1_syn, 0, SYNCHRONOUS),
   };
 
-  scoped_ptr<SpdySerializedFrame> stream1_reply(
+  std::unique_ptr<SpdySerializedFrame> stream1_reply(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 1));
 
-  scoped_ptr<SpdyHeaderBlock> initial_headers(new SpdyHeaderBlock());
+  std::unique_ptr<SpdyHeaderBlock> initial_headers(new SpdyHeaderBlock());
   spdy_util_.AddUrlToHeaderBlock(GetDefaultUrlWithPath("/foo.dat"),
                                  initial_headers.get());
-  scoped_ptr<SpdySerializedFrame> stream2_syn(
+  std::unique_ptr<SpdySerializedFrame> stream2_syn(
       spdy_util_.ConstructInitialSpdyPushFrame(std::move(initial_headers), 2,
                                                1));
 
-  scoped_ptr<SpdySerializedFrame> stream1_body(
+  std::unique_ptr<SpdySerializedFrame> stream1_body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
 
   SpdyHeaderBlock middle_headers;
   middle_headers["hello"] = "bye";
-  scoped_ptr<SpdySerializedFrame> stream2_headers1(
+  std::unique_ptr<SpdySerializedFrame> stream2_headers1(
       spdy_util_.ConstructSpdyResponseHeaders(2, middle_headers, false));
 
   const char kPushedData[] = "pushed";
-  scoped_ptr<SpdySerializedFrame> stream2_body(
+  std::unique_ptr<SpdySerializedFrame> stream2_body(
       spdy_util_.ConstructSpdyBodyFrame(2, kPushedData, strlen(kPushedData),
                                         true));
 
@@ -5504,7 +5518,7 @@ TEST_P(SpdyNetworkTransactionTest, ServerPushWithNoStatusHeaderFrames) {
 
   // Request the pushed path.  At this point, we've received the push, but the
   // headers are not yet complete.
-  scoped_ptr<HttpNetworkTransaction> trans2(
+  std::unique_ptr<HttpNetworkTransaction> trans2(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, helper.session()));
   rv = trans2->Start(
       &CreateGetPushRequest(), callback.callback(), BoundNetLog());
@@ -5544,22 +5558,22 @@ TEST_P(SpdyNetworkTransactionTest, ServerPushWithNoStatusHeaderFrames) {
 }
 
 TEST_P(SpdyNetworkTransactionTest, SynReplyWithHeaders) {
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(1, RST_STREAM_PROTOCOL_ERROR));
   MockWrite writes[] = {
       CreateMockWrite(*req, 0), CreateMockWrite(*rst, 4),
   };
 
-  scoped_ptr<SpdySerializedFrame> stream1_reply(
+  std::unique_ptr<SpdySerializedFrame> stream1_reply(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
 
   SpdyHeaderBlock late_headers;
   late_headers["hello"] = "bye";
-  scoped_ptr<SpdySerializedFrame> stream1_headers(
+  std::unique_ptr<SpdySerializedFrame> stream1_headers(
       spdy_util_.ConstructSpdyResponseHeaders(1, late_headers, false));
-  scoped_ptr<SpdySerializedFrame> stream1_body(
+  std::unique_ptr<SpdySerializedFrame> stream1_body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockRead reads[] = {
       CreateMockRead(*stream1_reply, 1),
@@ -5580,24 +5594,24 @@ TEST_P(SpdyNetworkTransactionTest, SynReplyWithHeaders) {
 // trigger a ERR_SPDY_PROTOCOL_ERROR because trailing HEADERS must not be
 // followed by any DATA frames.
 TEST_P(SpdyNetworkTransactionTest, SyncReplyDataAfterTrailers) {
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(1, RST_STREAM_PROTOCOL_ERROR));
   MockWrite writes[] = {
       CreateMockWrite(*req, 0), CreateMockWrite(*rst, 5),
   };
 
-  scoped_ptr<SpdySerializedFrame> stream1_reply(
+  std::unique_ptr<SpdySerializedFrame> stream1_reply(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> stream1_body(
+  std::unique_ptr<SpdySerializedFrame> stream1_body(
       spdy_util_.ConstructSpdyBodyFrame(1, false));
 
   SpdyHeaderBlock late_headers;
   late_headers["hello"] = "bye";
-  scoped_ptr<SpdySerializedFrame> stream1_headers(
+  std::unique_ptr<SpdySerializedFrame> stream1_headers(
       spdy_util_.ConstructSpdyResponseHeaders(1, late_headers, false));
-  scoped_ptr<SpdySerializedFrame> stream1_body2(
+  std::unique_ptr<SpdySerializedFrame> stream1_body2(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockRead reads[] = {
       CreateMockRead(*stream1_reply, 1), CreateMockRead(*stream1_body, 2),
@@ -5645,25 +5659,25 @@ TEST_P(SpdyNetworkTransactionTest, ServerPushCrossOriginCorrectness) {
 
     SpdyTestUtil spdy_test_util(GetParam().protocol,
                                 GetParam().priority_to_dependency);
-    scoped_ptr<SpdySerializedFrame> stream1_syn(
+    std::unique_ptr<SpdySerializedFrame> stream1_syn(
         spdy_test_util.ConstructSpdyGet(url_to_fetch, 1, LOWEST));
-    scoped_ptr<SpdySerializedFrame> stream1_body(
+    std::unique_ptr<SpdySerializedFrame> stream1_body(
         spdy_test_util.ConstructSpdyBodyFrame(1, true));
-    scoped_ptr<SpdySerializedFrame> push_rst(
+    std::unique_ptr<SpdySerializedFrame> push_rst(
         spdy_test_util.ConstructSpdyRstStream(2, RST_STREAM_REFUSED_STREAM));
     MockWrite writes[] = {
         CreateMockWrite(*stream1_syn, 0), CreateMockWrite(*push_rst, 3),
     };
 
-    scoped_ptr<SpdySerializedFrame> stream1_reply(
+    std::unique_ptr<SpdySerializedFrame> stream1_reply(
         spdy_test_util.ConstructSpdyGetSynReply(nullptr, 0, 1));
-    scoped_ptr<SpdySerializedFrame> stream2_syn(
+    std::unique_ptr<SpdySerializedFrame> stream2_syn(
         spdy_test_util.ConstructSpdyPush(nullptr, 0, 2, 1, url_to_push));
     const char kPushedData[] = "pushed";
-    scoped_ptr<SpdySerializedFrame> stream2_body(
+    std::unique_ptr<SpdySerializedFrame> stream2_body(
         spdy_test_util.ConstructSpdyBodyFrame(2, kPushedData,
                                               strlen(kPushedData), true));
-    scoped_ptr<SpdySerializedFrame> rst(
+    std::unique_ptr<SpdySerializedFrame> rst(
         spdy_test_util.ConstructSpdyRstStream(2, RST_STREAM_CANCEL));
 
     MockRead reads[] = {
@@ -5685,9 +5699,9 @@ TEST_P(SpdyNetworkTransactionTest, ServerPushCrossOriginCorrectness) {
 
     // Enable cross-origin push. Since we are not using a proxy, this should
     // not actually enable cross-origin SPDY push.
-    scoped_ptr<SpdySessionDependencies> session_deps(
+    std::unique_ptr<SpdySessionDependencies> session_deps(
         CreateSpdySessionDependencies(GetParam()));
-    scoped_ptr<TestProxyDelegate> proxy_delegate(new TestProxyDelegate());
+    std::unique_ptr<TestProxyDelegate> proxy_delegate(new TestProxyDelegate());
     proxy_delegate->set_trusted_spdy_proxy(net::ProxyServer::FromURI(
         "https://123.45.67.89:443", net::ProxyServer::SCHEME_HTTP));
     session_deps->proxy_delegate.reset(proxy_delegate.release());
@@ -5732,21 +5746,22 @@ TEST_P(SpdyNetworkTransactionTest, ServerPushValidCrossOrigin) {
   const char* url_to_fetch = "https://www.example.org";
   const char* url_to_push = "https://mail.example.org";
 
-  scoped_ptr<SpdySerializedFrame> headers(
+  std::unique_ptr<SpdySerializedFrame> headers(
       spdy_util_.ConstructSpdyGet(url_to_fetch, 1, LOWEST));
   MockWrite writes[] = {
       CreateMockWrite(*headers, 0),
   };
 
-  scoped_ptr<SpdySerializedFrame> reply(
+  std::unique_ptr<SpdySerializedFrame> reply(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 1));
-  scoped_ptr<SpdySerializedFrame> push(
+  std::unique_ptr<SpdySerializedFrame> push(
       spdy_util_.ConstructSpdyPush(nullptr, 0, 2, 1, url_to_push));
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   const char kPushedData[] = "pushed";
-  scoped_ptr<SpdySerializedFrame> pushed_body(spdy_util_.ConstructSpdyBodyFrame(
-      2, kPushedData, strlen(kPushedData), true));
+  std::unique_ptr<SpdySerializedFrame> pushed_body(
+      spdy_util_.ConstructSpdyBodyFrame(2, kPushedData, strlen(kPushedData),
+                                        true));
   MockRead reads[] = {
       CreateMockRead(*reply, 1),
       CreateMockRead(*push, 2),
@@ -5786,7 +5801,7 @@ TEST_P(SpdyNetworkTransactionTest, ServerPushValidCrossOrigin) {
   EXPECT_EQ(1u,
             spdy_session->unclaimed_pushed_streams_.count(GURL(url_to_push)));
 
-  scoped_ptr<HttpNetworkTransaction> trans1(
+  std::unique_ptr<HttpNetworkTransaction> trans1(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, helper.session()));
   HttpRequestInfo push_request;
   push_request.method = "GET";
@@ -5834,16 +5849,16 @@ TEST_P(SpdyNetworkTransactionTest, ServerPushValidCrossOriginWithOpenSession) {
   SpdyTestUtil spdy_util_0(GetParam().protocol,
                            GetParam().priority_to_dependency);
 
-  scoped_ptr<SpdySerializedFrame> headers0(
+  std::unique_ptr<SpdySerializedFrame> headers0(
       spdy_util_0.ConstructSpdyGet(url_to_fetch0, 1, LOWEST));
   MockWrite writes0[] = {
       CreateMockWrite(*headers0, 0),
   };
 
-  scoped_ptr<SpdySerializedFrame> reply0(
+  std::unique_ptr<SpdySerializedFrame> reply0(
       spdy_util_0.ConstructSpdyGetSynReply(nullptr, 0, 1));
   const char kData0[] = "first";
-  scoped_ptr<SpdySerializedFrame> body0(
+  std::unique_ptr<SpdySerializedFrame> body0(
       spdy_util_0.ConstructSpdyBodyFrame(1, kData0, strlen(kData0), true));
   MockRead reads0[] = {
       CreateMockRead(*reply0, 1),
@@ -5857,21 +5872,21 @@ TEST_P(SpdyNetworkTransactionTest, ServerPushValidCrossOriginWithOpenSession) {
   SpdyTestUtil spdy_util_1(GetParam().protocol,
                            GetParam().priority_to_dependency);
 
-  scoped_ptr<SpdySerializedFrame> headers1(
+  std::unique_ptr<SpdySerializedFrame> headers1(
       spdy_util_1.ConstructSpdyGet(url_to_fetch1, 1, LOWEST));
   MockWrite writes1[] = {
       CreateMockWrite(*headers1, 0),
   };
 
-  scoped_ptr<SpdySerializedFrame> reply1(
+  std::unique_ptr<SpdySerializedFrame> reply1(
       spdy_util_1.ConstructSpdyGetSynReply(nullptr, 0, 1));
-  scoped_ptr<SpdySerializedFrame> push(
+  std::unique_ptr<SpdySerializedFrame> push(
       spdy_util_1.ConstructSpdyPush(nullptr, 0, 2, 1, url_to_push));
   const char kData1[] = "second";
-  scoped_ptr<SpdySerializedFrame> body1(
+  std::unique_ptr<SpdySerializedFrame> body1(
       spdy_util_1.ConstructSpdyBodyFrame(1, kData1, strlen(kData1), true));
   const char kPushedData[] = "pushed";
-  scoped_ptr<SpdySerializedFrame> pushed_body(
+  std::unique_ptr<SpdySerializedFrame> pushed_body(
       spdy_util_1.ConstructSpdyBodyFrame(2, kPushedData, strlen(kPushedData),
                                          true));
 
@@ -5899,14 +5914,14 @@ TEST_P(SpdyNetworkTransactionTest, ServerPushValidCrossOriginWithOpenSession) {
 
   // "spdy_pooling.pem" is valid for www.example.org, but not for
   // docs.example.org.
-  scoped_ptr<SSLSocketDataProvider> ssl_provider0(
+  std::unique_ptr<SSLSocketDataProvider> ssl_provider0(
       new SSLSocketDataProvider(ASYNC, OK));
   ssl_provider0->cert =
       ImportCertFromFile(GetTestCertsDirectory(), "spdy_pooling.pem");
   helper.AddDataWithSSLSocketDataProvider(&data0, std::move(ssl_provider0));
 
   // "wildcard.pem" is valid for both www.example.org and docs.example.org.
-  scoped_ptr<SSLSocketDataProvider> ssl_provider1(
+  std::unique_ptr<SSLSocketDataProvider> ssl_provider1(
       new SSLSocketDataProvider(ASYNC, OK));
   ssl_provider1->cert =
       ImportCertFromFile(GetTestCertsDirectory(), "wildcard.pem");
@@ -5921,7 +5936,7 @@ TEST_P(SpdyNetworkTransactionTest, ServerPushValidCrossOriginWithOpenSession) {
   // Request |url_to_fetch1|, during which docs.example.org pushes
   // |url_to_push|, which happens to be for www.example.org, to which there is
   // already an open connection.
-  scoped_ptr<HttpNetworkTransaction> trans1(
+  std::unique_ptr<HttpNetworkTransaction> trans1(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, helper.session()));
   HttpRequestInfo request1;
   request1.method = "GET";
@@ -5954,7 +5969,7 @@ TEST_P(SpdyNetworkTransactionTest, ServerPushValidCrossOriginWithOpenSession) {
             spdy_session1->unclaimed_pushed_streams_.count(GURL(url_to_push)));
 
   // Request |url_to_push|, which should be served from the pushed resource.
-  scoped_ptr<HttpNetworkTransaction> trans2(
+  std::unique_ptr<HttpNetworkTransaction> trans2(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, helper.session()));
   HttpRequestInfo push_request;
   push_request.method = "GET";
@@ -6005,24 +6020,25 @@ TEST_P(SpdyNetworkTransactionTest, ServerPushInvalidCrossOrigin) {
   const char* url_to_fetch = "https://www.example.org";
   const char* url_to_push = "https://invalid.example.org";
 
-  scoped_ptr<SpdySerializedFrame> headers(
+  std::unique_ptr<SpdySerializedFrame> headers(
       spdy_util_.ConstructSpdyGet(url_to_fetch, 1, LOWEST));
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(2, RST_STREAM_REFUSED_STREAM));
   MockWrite writes[] = {
       CreateMockWrite(*headers, 0),
       CreateMockWrite(*rst, 3),
   };
 
-  scoped_ptr<SpdySerializedFrame> reply(
+  std::unique_ptr<SpdySerializedFrame> reply(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 1));
-  scoped_ptr<SpdySerializedFrame> push(
+  std::unique_ptr<SpdySerializedFrame> push(
       spdy_util_.ConstructSpdyPush(nullptr, 0, 2, 1, url_to_push));
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   const char kPushedData[] = "pushed";
-  scoped_ptr<SpdySerializedFrame> pushed_body(spdy_util_.ConstructSpdyBodyFrame(
-      2, kPushedData, strlen(kPushedData), true));
+  std::unique_ptr<SpdySerializedFrame> pushed_body(
+      spdy_util_.ConstructSpdyBodyFrame(2, kPushedData, strlen(kPushedData),
+                                        true));
   MockRead reads[] = {
       CreateMockRead(*reply, 1),
       CreateMockRead(*push, 2),
@@ -6048,21 +6064,21 @@ TEST_P(SpdyNetworkTransactionTest, ServerPushInvalidCrossOrigin) {
 
 TEST_P(SpdyNetworkTransactionTest, RetryAfterRefused) {
   // Construct the request.
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
   // Will be destroyed by the RST before stream 3 starts.
   spdy_util_.UpdateWithStreamDestruction(1);
-  scoped_ptr<SpdySerializedFrame> req2(
+  std::unique_ptr<SpdySerializedFrame> req2(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 3, LOWEST, true));
   MockWrite writes[] = {
       CreateMockWrite(*req, 0), CreateMockWrite(*req2, 2),
   };
 
-  scoped_ptr<SpdySerializedFrame> refused(
+  std::unique_ptr<SpdySerializedFrame> refused(
       spdy_util_.ConstructSpdyRstStream(1, RST_STREAM_REFUSED_STREAM));
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 3));
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       spdy_util_.ConstructSpdyBodyFrame(3, true));
   MockRead reads[] = {
       CreateMockRead(*refused, 1),
@@ -6115,29 +6131,29 @@ TEST_P(SpdyNetworkTransactionTest, OutOfOrderSynStream) {
   // req1 is alive when req2 is attempted (during but not after the
   // |data.RunFor(2);| statement below) but not when req3 is attempted.
   // The call to spdy_util_.UpdateWithStreamDestruction() reflects this.
-  scoped_ptr<SpdySerializedFrame> req1(
+  std::unique_ptr<SpdySerializedFrame> req1(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> req2(
+  std::unique_ptr<SpdySerializedFrame> req2(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 3, HIGHEST, true));
   spdy_util_.UpdateWithStreamDestruction(1);
-  scoped_ptr<SpdySerializedFrame> req3(
+  std::unique_ptr<SpdySerializedFrame> req3(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 5, MEDIUM, true));
   MockWrite writes[] = {
       MockWrite(ASYNC, ERR_IO_PENDING, 0), CreateMockWrite(*req1, 1),
       CreateMockWrite(*req2, 5), CreateMockWrite(*req3, 6),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp1(
+  std::unique_ptr<SpdySerializedFrame> resp1(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-  scoped_ptr<SpdySerializedFrame> body1(
+  std::unique_ptr<SpdySerializedFrame> body1(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
-  scoped_ptr<SpdySerializedFrame> resp2(
+  std::unique_ptr<SpdySerializedFrame> resp2(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 3));
-  scoped_ptr<SpdySerializedFrame> body2(
+  std::unique_ptr<SpdySerializedFrame> body2(
       spdy_util_.ConstructSpdyBodyFrame(3, true));
-  scoped_ptr<SpdySerializedFrame> resp3(
+  std::unique_ptr<SpdySerializedFrame> resp3(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 5));
-  scoped_ptr<SpdySerializedFrame> body3(
+  std::unique_ptr<SpdySerializedFrame> body3(
       spdy_util_.ConstructSpdyBodyFrame(5, true));
   MockRead reads[] = {
       CreateMockRead(*resp1, 2), MockRead(ASYNC, ERR_IO_PENDING, 3),
@@ -6167,7 +6183,7 @@ TEST_P(SpdyNetworkTransactionTest, OutOfOrderSynStream) {
   // Now, start both new transactions
   HttpRequestInfo info2 = CreateGetRequest();
   TestCompletionCallback callback2;
-  scoped_ptr<HttpNetworkTransaction> trans2(
+  std::unique_ptr<HttpNetworkTransaction> trans2(
       new HttpNetworkTransaction(MEDIUM, helper.session()));
   rv = trans2->Start(&info2, callback2.callback(), BoundNetLog());
   EXPECT_EQ(ERR_IO_PENDING, rv);
@@ -6175,7 +6191,7 @@ TEST_P(SpdyNetworkTransactionTest, OutOfOrderSynStream) {
 
   HttpRequestInfo info3 = CreateGetRequest();
   TestCompletionCallback callback3;
-  scoped_ptr<HttpNetworkTransaction> trans3(
+  std::unique_ptr<HttpNetworkTransaction> trans3(
       new HttpNetworkTransaction(HIGHEST, helper.session()));
   rv = trans3->Start(&info3, callback3.callback(), BoundNetLog());
   EXPECT_EQ(ERR_IO_PENDING, rv);
@@ -6222,15 +6238,16 @@ TEST_P(SpdyNetworkTransactionTest, OutOfOrderSynStream) {
 // fail under specific circumstances.
 TEST_P(SpdyNetworkTransactionTest, WindowUpdateReceived) {
   static int kFrameCount = 2;
-  scoped_ptr<std::string> content(
+  std::unique_ptr<std::string> content(
       new std::string(kMaxSpdyFrameChunkSize, 'a'));
-  scoped_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
+  std::unique_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
       GetDefaultUrl(), 1, kMaxSpdyFrameChunkSize * kFrameCount, LOWEST, NULL,
       0));
-  scoped_ptr<SpdySerializedFrame> body(spdy_util_.ConstructSpdyBodyFrame(
+  std::unique_ptr<SpdySerializedFrame> body(spdy_util_.ConstructSpdyBodyFrame(
       1, content->c_str(), content->size(), false));
-  scoped_ptr<SpdySerializedFrame> body_end(spdy_util_.ConstructSpdyBodyFrame(
-      1, content->c_str(), content->size(), true));
+  std::unique_ptr<SpdySerializedFrame> body_end(
+      spdy_util_.ConstructSpdyBodyFrame(1, content->c_str(), content->size(),
+                                        true));
 
   MockWrite writes[] = {
     CreateMockWrite(*req, 0),
@@ -6240,11 +6257,11 @@ TEST_P(SpdyNetworkTransactionTest, WindowUpdateReceived) {
 
   static const int32_t kDeltaWindowSize = 0xff;
   static const int kDeltaCount = 4;
-  scoped_ptr<SpdySerializedFrame> window_update(
+  std::unique_ptr<SpdySerializedFrame> window_update(
       spdy_util_.ConstructSpdyWindowUpdate(1, kDeltaWindowSize));
-  scoped_ptr<SpdySerializedFrame> window_update_dummy(
+  std::unique_ptr<SpdySerializedFrame> window_update_dummy(
       spdy_util_.ConstructSpdyWindowUpdate(2, kDeltaWindowSize));
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyPostSynReply(NULL, 0));
   MockRead reads[] = {
       CreateMockRead(*window_update_dummy, 3),
@@ -6260,9 +6277,9 @@ TEST_P(SpdyNetworkTransactionTest, WindowUpdateReceived) {
 
   SequencedSocketData data(reads, arraysize(reads), writes, arraysize(writes));
 
-  std::vector<scoped_ptr<UploadElementReader>> element_readers;
+  std::vector<std::unique_ptr<UploadElementReader>> element_readers;
   for (int i = 0; i < kFrameCount; ++i) {
-    element_readers.push_back(make_scoped_ptr(
+    element_readers.push_back(base::WrapUnique(
         new UploadBytesElementReader(content->c_str(), content->size())));
   }
   ElementsUploadDataStream upload_data_stream(std::move(element_readers), 0);
@@ -6343,17 +6360,17 @@ TEST_P(SpdyNetworkTransactionTest, WindowUpdateSent) {
       SettingsFlagsAndValue(SETTINGS_FLAG_NONE, kMaxConcurrentPushedStreams);
   initial_settings[SETTINGS_INITIAL_WINDOW_SIZE] =
       SettingsFlagsAndValue(SETTINGS_FLAG_NONE, stream_max_recv_window_size);
-  scoped_ptr<SpdySerializedFrame> initial_settings_frame(
+  std::unique_ptr<SpdySerializedFrame> initial_settings_frame(
       spdy_util_.ConstructSpdySettings(initial_settings));
-  scoped_ptr<SpdySerializedFrame> initial_window_update(
+  std::unique_ptr<SpdySerializedFrame> initial_window_update(
       spdy_util_.ConstructSpdyWindowUpdate(
           kSessionFlowControlStreamId,
           session_max_recv_window_size - default_initial_window_size));
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> session_window_update(
+  std::unique_ptr<SpdySerializedFrame> session_window_update(
       spdy_util_.ConstructSpdyWindowUpdate(0, session_window_update_delta));
-  scoped_ptr<SpdySerializedFrame> stream_window_update(
+  std::unique_ptr<SpdySerializedFrame> stream_window_update(
       spdy_util_.ConstructSpdyWindowUpdate(1, stream_window_update_delta));
 
   std::vector<MockWrite> writes;
@@ -6366,15 +6383,15 @@ TEST_P(SpdyNetworkTransactionTest, WindowUpdateSent) {
   writes.push_back(CreateMockWrite(*req, writes.size()));
 
   std::vector<MockRead> reads;
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
   reads.push_back(CreateMockRead(*resp, writes.size() + reads.size()));
 
-  std::vector<scoped_ptr<SpdySerializedFrame>> body_frames;
+  std::vector<std::unique_ptr<SpdySerializedFrame>> body_frames;
   const std::string body_data(kChunkSize, 'x');
   for (size_t remaining = kTargetSize; remaining != 0;) {
     size_t frame_size = std::min(remaining, body_data.size());
-    body_frames.push_back(make_scoped_ptr(spdy_util_.ConstructSpdyBodyFrame(
+    body_frames.push_back(base::WrapUnique(spdy_util_.ConstructSpdyBodyFrame(
         1, body_data.data(), frame_size, false)));
     reads.push_back(
         CreateMockRead(*body_frames.back(), writes.size() + reads.size()));
@@ -6446,14 +6463,14 @@ TEST_P(SpdyNetworkTransactionTest, WindowUpdateOverflow) {
   // set content-length header correctly)
   static int kFrameCount = 3;
 
-  scoped_ptr<std::string> content(
+  std::unique_ptr<std::string> content(
       new std::string(kMaxSpdyFrameChunkSize, 'a'));
-  scoped_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
+  std::unique_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
       GetDefaultUrl(), 1, kMaxSpdyFrameChunkSize * kFrameCount, LOWEST, NULL,
       0));
-  scoped_ptr<SpdySerializedFrame> body(spdy_util_.ConstructSpdyBodyFrame(
+  std::unique_ptr<SpdySerializedFrame> body(spdy_util_.ConstructSpdyBodyFrame(
       1, content->c_str(), content->size(), false));
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(1, RST_STREAM_FLOW_CONTROL_ERROR));
 
   // We're not going to write a data frame with FIN, we'll receive a bad
@@ -6465,7 +6482,7 @@ TEST_P(SpdyNetworkTransactionTest, WindowUpdateOverflow) {
   };
 
   static const int32_t kDeltaWindowSize = 0x7fffffff;  // cause an overflow
-  scoped_ptr<SpdySerializedFrame> window_update(
+  std::unique_ptr<SpdySerializedFrame> window_update(
       spdy_util_.ConstructSpdyWindowUpdate(1, kDeltaWindowSize));
   MockRead reads[] = {
     CreateMockRead(*window_update, 1),
@@ -6474,9 +6491,9 @@ TEST_P(SpdyNetworkTransactionTest, WindowUpdateOverflow) {
 
   SequencedSocketData data(reads, arraysize(reads), writes, arraysize(writes));
 
-  std::vector<scoped_ptr<UploadElementReader>> element_readers;
+  std::vector<std::unique_ptr<UploadElementReader>> element_readers;
   for (int i = 0; i < kFrameCount; ++i) {
-    element_readers.push_back(make_scoped_ptr(
+    element_readers.push_back(base::WrapUnique(
         new UploadBytesElementReader(content->c_str(), content->size())));
   }
   ElementsUploadDataStream upload_data_stream(std::move(element_readers), 0);
@@ -6521,70 +6538,106 @@ TEST_P(SpdyNetworkTransactionTest, WindowUpdateOverflow) {
 TEST_P(SpdyNetworkTransactionTest, FlowControlStallResume) {
   const int32_t initial_window_size =
       SpdySession::GetDefaultInitialWindowSize(GetParam().protocol);
-  // Number of frames we need to send to zero out the window size: data
-  // frames plus SYN_STREAM plus the last data frame; also we need another
-  // data frame that we will send once the WINDOW_UPDATE is received,
-  // therefore +3.
-  size_t num_writes = initial_window_size / kMaxSpdyFrameChunkSize + 3;
-
-  // Calculate last frame's size; 0 size data frame is legal.
-  size_t last_frame_size = initial_window_size % kMaxSpdyFrameChunkSize;
+  // Number of upload data buffers we need to send to zero out the window size
+  // is the minimal number of upload buffers takes to be bigger than
+  // |initial_window_size|.
+  size_t num_upload_buffers =
+      ceil(static_cast<double>(initial_window_size) / kBufferSize);
+  // Each upload data buffer consists of |num_frames_in_one_upload_buffer|
+  // frames, each with |kMaxSpdyFrameChunkSize| bytes except the last frame,
+  // which has kBufferSize % kMaxSpdyChunkSize bytes.
+  size_t num_frames_in_one_upload_buffer =
+      ceil(static_cast<double>(kBufferSize) / kMaxSpdyFrameChunkSize);
 
   // Construct content for a data frame of maximum size.
   std::string content(kMaxSpdyFrameChunkSize, 'a');
 
-  scoped_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
-      GetDefaultUrl(), 1, initial_window_size + kUploadDataSize, LOWEST, NULL,
-      0));
+  std::unique_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
+      GetDefaultUrl(), 1,
+      /*content_length=*/kBufferSize * num_upload_buffers + kUploadDataSize,
+      LOWEST, NULL, 0));
 
   // Full frames.
-  scoped_ptr<SpdySerializedFrame> body1(spdy_util_.ConstructSpdyBodyFrame(
+  std::unique_ptr<SpdySerializedFrame> body1(spdy_util_.ConstructSpdyBodyFrame(
       1, content.c_str(), content.size(), false));
 
-  // Last frame to zero out the window size.
-  scoped_ptr<SpdySerializedFrame> body2(spdy_util_.ConstructSpdyBodyFrame(
-      1, content.c_str(), last_frame_size, false));
+  // Last frame in each upload data buffer.
+  std::unique_ptr<SpdySerializedFrame> body2(spdy_util_.ConstructSpdyBodyFrame(
+      1, content.c_str(), kBufferSize % kMaxSpdyFrameChunkSize, false));
+
+  // The very last frame before the stalled frames.
+  std::unique_ptr<SpdySerializedFrame> body3(spdy_util_.ConstructSpdyBodyFrame(
+      1, content.c_str(),
+      initial_window_size % kBufferSize % kMaxSpdyFrameChunkSize, false));
 
-  // Data frame to be sent once WINDOW_UPDATE frame is received.
-  scoped_ptr<SpdySerializedFrame> body3(
+  // Data frames to be sent once WINDOW_UPDATE frame is received.
+
+  // If kBufferSize * num_upload_buffers > initial_window_size,
+  // we need one additional frame to send the rest of 'a'.
+  std::string last_body(kBufferSize * num_upload_buffers - initial_window_size,
+                        'a');
+  std::unique_ptr<SpdySerializedFrame> body4(spdy_util_.ConstructSpdyBodyFrame(
+      1, last_body.c_str(), last_body.size(), false));
+
+  // Also send a "hello!" after WINDOW_UPDATE.
+  std::unique_ptr<SpdySerializedFrame> body5(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
 
   // Fill in mock writes.
-  scoped_ptr<MockWrite[]> writes(new MockWrite[num_writes]);
   size_t i = 0;
-  writes[i] = CreateMockWrite(*req, i);
-  for (i = 1; i < num_writes - 2; i++)
-    writes[i] = CreateMockWrite(*body1, i);
-  writes[i] = CreateMockWrite(*body2, i);
-  // The last write must not be attempted until after the WINDOW_UPDATES
-  // have been received.
-  writes[i + 1] = CreateMockWrite(*body3, i + 4, SYNCHRONOUS);
-
-  // Construct read frame, give enough space to upload the rest of the
-  // data.
-  scoped_ptr<SpdySerializedFrame> session_window_update(
-      spdy_util_.ConstructSpdyWindowUpdate(0, kUploadDataSize));
-  scoped_ptr<SpdySerializedFrame> window_update(
-      spdy_util_.ConstructSpdyWindowUpdate(1, kUploadDataSize));
-  scoped_ptr<SpdySerializedFrame> reply(
+  std::vector<MockWrite> writes;
+  writes.push_back(CreateMockWrite(*req, i++));
+  for (size_t j = 0; j < num_upload_buffers; j++) {
+    for (size_t k = 0; k < num_frames_in_one_upload_buffer; k++) {
+      if (k == num_frames_in_one_upload_buffer - 1 &&
+          kBufferSize % kMaxSpdyFrameChunkSize != 0) {
+        if (j == num_upload_buffers - 1 &&
+            (initial_window_size % kBufferSize != 0)) {
+          writes.push_back(CreateMockWrite(*body3, i++));
+        } else {
+          writes.push_back(CreateMockWrite(*body2, i++));
+        }
+      } else {
+        writes.push_back(CreateMockWrite(*body1, i++));
+      }
+    }
+  }
+
+  // Fill in mock reads.
+  std::vector<MockRead> reads;
+  // Force a pause.
+  reads.push_back(MockRead(ASYNC, ERR_IO_PENDING, i++));
+  // Construct read frame for window updates that gives enough space to upload
+  // the rest of the data.
+  std::unique_ptr<SpdySerializedFrame> session_window_update(
+      spdy_util_.ConstructSpdyWindowUpdate(0,
+                                           kUploadDataSize + last_body.size()));
+  std::unique_ptr<SpdySerializedFrame> window_update(
+      spdy_util_.ConstructSpdyWindowUpdate(1,
+                                           kUploadDataSize + last_body.size()));
+
+  reads.push_back(CreateMockRead(*session_window_update, i++));
+  reads.push_back(CreateMockRead(*window_update, i++));
+
+  // Stalled frames which can be sent after receiving window updates.
+  if (last_body.size() > 0)
+    writes.push_back(CreateMockWrite(*body4, i++));
+  writes.push_back(CreateMockWrite(*body5, i++));
+
+  std::unique_ptr<SpdySerializedFrame> reply(
       spdy_util_.ConstructSpdyPostSynReply(NULL, 0));
-  MockRead reads[] = {
-      MockRead(ASYNC, ERR_IO_PENDING, i + 1),  // Force a pause
-      CreateMockRead(*session_window_update, i + 2),
-      CreateMockRead(*window_update, i + 3),
-      // Now the last write will occur.
-      CreateMockRead(*reply, i + 5),
-      CreateMockRead(*body2, i + 6),
-      CreateMockRead(*body3, i + 7),
-      MockRead(ASYNC, 0, i + 8)  // EOF
-  };
+  reads.push_back(CreateMockRead(*reply, i++));
+  reads.push_back(CreateMockRead(*body2, i++));
+  reads.push_back(CreateMockRead(*body5, i++));
+  reads.push_back(MockRead(ASYNC, 0, i++));  // EOF
 
-  SequencedSocketData data(reads, arraysize(reads), writes.get(), num_writes);
+  SequencedSocketData data(reads.data(), reads.size(), writes.data(),
+                           writes.size());
 
-  std::vector<scoped_ptr<UploadElementReader>> element_readers;
-  std::string upload_data_string(initial_window_size, 'a');
+  std::vector<std::unique_ptr<UploadElementReader>> element_readers;
+  std::string upload_data_string(kBufferSize * num_upload_buffers, 'a');
   upload_data_string.append(kUploadData, kUploadDataSize);
-  element_readers.push_back(make_scoped_ptr(new UploadBytesElementReader(
+  element_readers.push_back(base::WrapUnique(new UploadBytesElementReader(
       upload_data_string.c_str(), upload_data_string.size())));
   ElementsUploadDataStream upload_data_stream(std::move(element_readers), 0);
 
@@ -6592,8 +6645,8 @@ TEST_P(SpdyNetworkTransactionTest, FlowControlStallResume) {
   request.method = "POST";
   request.url = GURL(GetDefaultUrl());
   request.upload_data_stream = &upload_data_stream;
-  NormalSpdyTransactionHelper helper(request, DEFAULT_PRIORITY,
-                                     BoundNetLog(), GetParam(), NULL);
+  NormalSpdyTransactionHelper helper(request, DEFAULT_PRIORITY, BoundNetLog(),
+                                     GetParam(), NULL);
   helper.AddData(&data);
   helper.RunPreTestSetup();
 
@@ -6609,10 +6662,17 @@ TEST_P(SpdyNetworkTransactionTest, FlowControlStallResume) {
   ASSERT_TRUE(stream != NULL);
   ASSERT_TRUE(stream->stream() != NULL);
   EXPECT_EQ(0, stream->stream()->send_window_size());
-  // All the body data should have been read.
-  // TODO(satorux): This is because of the weirdness in reading the request
-  // body in OnSendBodyComplete(). See crbug.com/113107.
-  EXPECT_TRUE(upload_data_stream.IsEOF());
+  if (initial_window_size % kBufferSize != 0) {
+    // If it does not take whole number of full upload buffer to zero out
+    // initial window size, then the upload data is not at EOF, because the
+    // last read must be stalled.
+    EXPECT_FALSE(upload_data_stream.IsEOF());
+  } else {
+    // All the body data should have been read.
+    // TODO(satorux): This is because of the weirdness in reading the request
+    // body in OnSendBodyComplete(). See crbug.com/113107.
+    EXPECT_TRUE(upload_data_stream.IsEOF());
+  }
   // But the body is not yet fully sent (kUploadData is not yet sent)
   // since we're send-stalled.
   EXPECT_TRUE(stream->stream()->send_stalled_by_flow_control());
@@ -6627,43 +6687,74 @@ TEST_P(SpdyNetworkTransactionTest, FlowControlStallResume) {
 TEST_P(SpdyNetworkTransactionTest, FlowControlStallResumeAfterSettings) {
   const int32_t initial_window_size =
       SpdySession::GetDefaultInitialWindowSize(GetParam().protocol);
-
-  // Number of frames we need to send to zero out the window size: data
-  // frames plus SYN_STREAM plus the last data frame; also we need another
-  // data frame that we will send once the SETTING is received, therefore +3.
-  size_t num_writes = initial_window_size / kMaxSpdyFrameChunkSize + 3;
-
-  // Calculate last frame's size; 0 size data frame is legal.
-  size_t last_frame_size = initial_window_size % kMaxSpdyFrameChunkSize;
+  // Number of upload data buffers we need to send to zero out the window size
+  // is the minimal number of upload buffers takes to be bigger than
+  // |initial_window_size|.
+  size_t num_upload_buffers =
+      ceil(static_cast<double>(initial_window_size) / kBufferSize);
+  // Each upload data buffer consists of |num_frames_in_one_upload_buffer|
+  // frames, each with |kMaxSpdyFrameChunkSize| bytes except the last frame,
+  // which has kBufferSize % kMaxSpdyChunkSize bytes.
+  size_t num_frames_in_one_upload_buffer =
+      ceil(static_cast<double>(kBufferSize) / kMaxSpdyFrameChunkSize);
 
   // Construct content for a data frame of maximum size.
   std::string content(kMaxSpdyFrameChunkSize, 'a');
 
-  scoped_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
-      GetDefaultUrl(), 1, initial_window_size + kUploadDataSize, LOWEST, NULL,
-      0));
+  std::unique_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
+      GetDefaultUrl(), 1,
+      /*content_length=*/kBufferSize * num_upload_buffers + kUploadDataSize,
+      LOWEST, NULL, 0));
 
   // Full frames.
-  scoped_ptr<SpdySerializedFrame> body1(spdy_util_.ConstructSpdyBodyFrame(
+  std::unique_ptr<SpdySerializedFrame> body1(spdy_util_.ConstructSpdyBodyFrame(
       1, content.c_str(), content.size(), false));
 
-  // Last frame to zero out the window size.
-  scoped_ptr<SpdySerializedFrame> body2(spdy_util_.ConstructSpdyBodyFrame(
-      1, content.c_str(), last_frame_size, false));
+  // Last frame in each upload data buffer.
+  std::unique_ptr<SpdySerializedFrame> body2(spdy_util_.ConstructSpdyBodyFrame(
+      1, content.c_str(), kBufferSize % kMaxSpdyFrameChunkSize, false));
 
-  // Data frame to be sent once SETTINGS frame is received.
-  scoped_ptr<SpdySerializedFrame> body3(
+  // The very last frame before the stalled frames.
+  std::unique_ptr<SpdySerializedFrame> body3(spdy_util_.ConstructSpdyBodyFrame(
+      1, content.c_str(),
+      initial_window_size % kBufferSize % kMaxSpdyFrameChunkSize, false));
+
+  // Data frames to be sent once WINDOW_UPDATE frame is received.
+
+  // If kBufferSize * num_upload_buffers > initial_window_size,
+  // we need one additional frame to send the rest of 'a'.
+  std::string last_body(kBufferSize * num_upload_buffers - initial_window_size,
+                        'a');
+  std::unique_ptr<SpdySerializedFrame> body4(spdy_util_.ConstructSpdyBodyFrame(
+      1, last_body.c_str(), last_body.size(), false));
+
+  // Also send a "hello!" after WINDOW_UPDATE.
+  std::unique_ptr<SpdySerializedFrame> body5(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
 
-  // Fill in mock reads/writes.
-  std::vector<MockRead> reads;
-  std::vector<MockWrite> writes;
+  // Fill in mock writes.
   size_t i = 0;
+  std::vector<MockWrite> writes;
   writes.push_back(CreateMockWrite(*req, i++));
-  while (i < num_writes - 2)
-    writes.push_back(CreateMockWrite(*body1, i++));
-  writes.push_back(CreateMockWrite(*body2, i++));
+  for (size_t j = 0; j < num_upload_buffers; j++) {
+    for (size_t k = 0; k < num_frames_in_one_upload_buffer; k++) {
+      if (k == num_frames_in_one_upload_buffer - 1 &&
+          kBufferSize % kMaxSpdyFrameChunkSize != 0) {
+        if (j == num_upload_buffers - 1 &&
+            (initial_window_size % kBufferSize != 0)) {
+          writes.push_back(CreateMockWrite(*body3, i++));
+        } else {
+          writes.push_back(CreateMockWrite(*body2, i++));
+        }
+      } else {
+        writes.push_back(CreateMockWrite(*body1, i++));
+      }
+    }
+  }
 
+  // Fill in mock reads.
+  std::vector<MockRead> reads;
+  // Force a pause.
   reads.push_back(MockRead(ASYNC, ERR_IO_PENDING, i++));
 
   // Construct read frame for SETTINGS that gives enough space to upload the
@@ -6671,26 +6762,30 @@ TEST_P(SpdyNetworkTransactionTest, FlowControlStallResumeAfterSettings) {
   SettingsMap settings;
   settings[SETTINGS_INITIAL_WINDOW_SIZE] =
       SettingsFlagsAndValue(SETTINGS_FLAG_NONE, initial_window_size * 2);
-  scoped_ptr<SpdySerializedFrame> settings_frame_large(
+  std::unique_ptr<SpdySerializedFrame> settings_frame_large(
       spdy_util_.ConstructSpdySettings(settings));
 
   reads.push_back(CreateMockRead(*settings_frame_large, i++));
 
-  scoped_ptr<SpdySerializedFrame> session_window_update(
-      spdy_util_.ConstructSpdyWindowUpdate(0, kUploadDataSize));
+  std::unique_ptr<SpdySerializedFrame> session_window_update(
+      spdy_util_.ConstructSpdyWindowUpdate(0,
+                                           last_body.size() + kUploadDataSize));
   reads.push_back(CreateMockRead(*session_window_update, i++));
 
-  scoped_ptr<SpdySerializedFrame> settings_ack(
+  std::unique_ptr<SpdySerializedFrame> settings_ack(
       spdy_util_.ConstructSpdySettingsAck());
   writes.push_back(CreateMockWrite(*settings_ack, i++));
 
-  writes.push_back(CreateMockWrite(*body3, i++));
+  // Stalled frames which can be sent after |settings_ack|.
+  if (last_body.size() > 0)
+    writes.push_back(CreateMockWrite(*body4, i++));
+  writes.push_back(CreateMockWrite(*body5, i++));
 
-  scoped_ptr<SpdySerializedFrame> reply(
+  std::unique_ptr<SpdySerializedFrame> reply(
       spdy_util_.ConstructSpdyPostSynReply(NULL, 0));
   reads.push_back(CreateMockRead(*reply, i++));
   reads.push_back(CreateMockRead(*body2, i++));
-  reads.push_back(CreateMockRead(*body3, i++));
+  reads.push_back(CreateMockRead(*body5, i++));
   reads.push_back(MockRead(ASYNC, 0, i++));  // EOF
 
   // Force all writes to happen before any read, last write will not
@@ -6698,10 +6793,10 @@ TEST_P(SpdyNetworkTransactionTest, FlowControlStallResumeAfterSettings) {
   SequencedSocketData data(reads.data(), reads.size(), writes.data(),
                            writes.size());
 
-  std::vector<scoped_ptr<UploadElementReader>> element_readers;
-  std::string upload_data_string(initial_window_size, 'a');
+  std::vector<std::unique_ptr<UploadElementReader>> element_readers;
+  std::string upload_data_string(kBufferSize * num_upload_buffers, 'a');
   upload_data_string.append(kUploadData, kUploadDataSize);
-  element_readers.push_back(make_scoped_ptr(new UploadBytesElementReader(
+  element_readers.push_back(base::WrapUnique(new UploadBytesElementReader(
       upload_data_string.c_str(), upload_data_string.size())));
   ElementsUploadDataStream upload_data_stream(std::move(element_readers), 0);
 
@@ -6728,10 +6823,17 @@ TEST_P(SpdyNetworkTransactionTest, FlowControlStallResumeAfterSettings) {
   ASSERT_TRUE(stream->stream() != NULL);
   EXPECT_EQ(0, stream->stream()->send_window_size());
 
-  // All the body data should have been read.
-  // TODO(satorux): This is because of the weirdness in reading the request
-  // body in OnSendBodyComplete(). See crbug.com/113107.
-  EXPECT_TRUE(upload_data_stream.IsEOF());
+  if (initial_window_size % kBufferSize != 0) {
+    // If it does not take whole number of full upload buffer to zero out
+    // initial window size, then the upload data is not at EOF, because the
+    // last read must be stalled.
+    EXPECT_FALSE(upload_data_stream.IsEOF());
+  } else {
+    // All the body data should have been read.
+    // TODO(satorux): This is because of the weirdness in reading the request
+    // body in OnSendBodyComplete(). See crbug.com/113107.
+    EXPECT_TRUE(upload_data_stream.IsEOF());
+  }
   // But the body is not yet fully sent (kUploadData is not yet sent)
   // since we're send-stalled.
   EXPECT_TRUE(stream->stream()->send_stalled_by_flow_control());
@@ -6751,73 +6853,107 @@ TEST_P(SpdyNetworkTransactionTest, FlowControlStallResumeAfterSettings) {
 TEST_P(SpdyNetworkTransactionTest, FlowControlNegativeSendWindowSize) {
   const int32_t initial_window_size =
       SpdySession::GetDefaultInitialWindowSize(GetParam().protocol);
-  // Number of frames we need to send to zero out the window size: data
-  // frames plus SYN_STREAM plus the last data frame; also we need another
-  // data frame that we will send once the SETTING is received, therefore +3.
-  size_t num_writes = initial_window_size / kMaxSpdyFrameChunkSize + 3;
-
-  // Calculate last frame's size; 0 size data frame is legal.
-  size_t last_frame_size = initial_window_size % kMaxSpdyFrameChunkSize;
+  // Number of upload data buffers we need to send to zero out the window size
+  // is the minimal number of upload buffers takes to be bigger than
+  // |initial_window_size|.
+  size_t num_upload_buffers =
+      ceil(static_cast<double>(initial_window_size) / kBufferSize);
+  // Each upload data buffer consists of |num_frames_in_one_upload_buffer|
+  // frames, each with |kMaxSpdyFrameChunkSize| bytes except the last frame,
+  // which has kBufferSize % kMaxSpdyChunkSize bytes.
+  size_t num_frames_in_one_upload_buffer =
+      ceil(static_cast<double>(kBufferSize) / kMaxSpdyFrameChunkSize);
 
   // Construct content for a data frame of maximum size.
   std::string content(kMaxSpdyFrameChunkSize, 'a');
 
-  scoped_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
-      GetDefaultUrl(), 1, initial_window_size + kUploadDataSize, LOWEST, NULL,
-      0));
+  std::unique_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
+      GetDefaultUrl(), 1,
+      /*content_length=*/kBufferSize * num_upload_buffers + kUploadDataSize,
+      LOWEST, NULL, 0));
 
   // Full frames.
-  scoped_ptr<SpdySerializedFrame> body1(spdy_util_.ConstructSpdyBodyFrame(
+  std::unique_ptr<SpdySerializedFrame> body1(spdy_util_.ConstructSpdyBodyFrame(
       1, content.c_str(), content.size(), false));
 
-  // Last frame to zero out the window size.
-  scoped_ptr<SpdySerializedFrame> body2(spdy_util_.ConstructSpdyBodyFrame(
-      1, content.c_str(), last_frame_size, false));
+  // Last frame in each upload data buffer.
+  std::unique_ptr<SpdySerializedFrame> body2(spdy_util_.ConstructSpdyBodyFrame(
+      1, content.c_str(), kBufferSize % kMaxSpdyFrameChunkSize, false));
+
+  // The very last frame before the stalled frames.
+  std::unique_ptr<SpdySerializedFrame> body3(spdy_util_.ConstructSpdyBodyFrame(
+      1, content.c_str(),
+      initial_window_size % kBufferSize % kMaxSpdyFrameChunkSize, false));
 
-  // Data frame to be sent once SETTINGS frame is received.
-  scoped_ptr<SpdySerializedFrame> body3(
+  // Data frames to be sent once WINDOW_UPDATE frame is received.
+
+  // If kBufferSize * num_upload_buffers > initial_window_size,
+  // we need one additional frame to send the rest of 'a'.
+  std::string last_body(kBufferSize * num_upload_buffers - initial_window_size,
+                        'a');
+  std::unique_ptr<SpdySerializedFrame> body4(spdy_util_.ConstructSpdyBodyFrame(
+      1, last_body.c_str(), last_body.size(), false));
+
+  // Also send a "hello!" after WINDOW_UPDATE.
+  std::unique_ptr<SpdySerializedFrame> body5(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
 
-  // Fill in mock reads/writes.
-  std::vector<MockRead> reads;
-  std::vector<MockWrite> writes;
+  // Fill in mock writes.
   size_t i = 0;
+  std::vector<MockWrite> writes;
   writes.push_back(CreateMockWrite(*req, i++));
-  while (i < num_writes - 2)
-    writes.push_back(CreateMockWrite(*body1, i++));
-  writes.push_back(CreateMockWrite(*body2, i++));
+  for (size_t j = 0; j < num_upload_buffers; j++) {
+    for (size_t k = 0; k < num_frames_in_one_upload_buffer; k++) {
+      if (k == num_frames_in_one_upload_buffer - 1 &&
+          kBufferSize % kMaxSpdyFrameChunkSize != 0) {
+        if (j == num_upload_buffers - 1 &&
+            (initial_window_size % kBufferSize != 0)) {
+          writes.push_back(CreateMockWrite(*body3, i++));
+        } else {
+          writes.push_back(CreateMockWrite(*body2, i++));
+        }
+      } else {
+        writes.push_back(CreateMockWrite(*body1, i++));
+      }
+    }
+  }
 
+  // Fill in mock reads.
+  std::vector<MockRead> reads;
+  // Force a pause.
   reads.push_back(MockRead(ASYNC, ERR_IO_PENDING, i++));
-
   // Construct read frame for SETTINGS that makes the send_window_size
   // negative.
   SettingsMap new_settings;
   new_settings[SETTINGS_INITIAL_WINDOW_SIZE] =
       SettingsFlagsAndValue(SETTINGS_FLAG_NONE, initial_window_size / 2);
-  scoped_ptr<SpdySerializedFrame> settings_frame_small(
+  std::unique_ptr<SpdySerializedFrame> settings_frame_small(
       spdy_util_.ConstructSpdySettings(new_settings));
   // Construct read frames for WINDOW_UPDATE that makes the send_window_size
   // positive.
-  scoped_ptr<SpdySerializedFrame> session_window_update_init_size(
+  std::unique_ptr<SpdySerializedFrame> session_window_update_init_size(
       spdy_util_.ConstructSpdyWindowUpdate(0, initial_window_size));
-  scoped_ptr<SpdySerializedFrame> window_update_init_size(
+  std::unique_ptr<SpdySerializedFrame> window_update_init_size(
       spdy_util_.ConstructSpdyWindowUpdate(1, initial_window_size));
 
   reads.push_back(CreateMockRead(*settings_frame_small, i++));
   reads.push_back(CreateMockRead(*session_window_update_init_size, i++));
   reads.push_back(CreateMockRead(*window_update_init_size, i++));
 
-  scoped_ptr<SpdySerializedFrame> settings_ack(
+  std::unique_ptr<SpdySerializedFrame> settings_ack(
       spdy_util_.ConstructSpdySettingsAck());
   writes.push_back(CreateMockWrite(*settings_ack, i++));
 
-  writes.push_back(CreateMockWrite(*body3, i++));
+  // Stalled frames which can be sent after |settings_ack|.
+  if (last_body.size() > 0)
+    writes.push_back(CreateMockWrite(*body4, i++));
+  writes.push_back(CreateMockWrite(*body5, i++));
 
-  scoped_ptr<SpdySerializedFrame> reply(
+  std::unique_ptr<SpdySerializedFrame> reply(
       spdy_util_.ConstructSpdyPostSynReply(NULL, 0));
   reads.push_back(CreateMockRead(*reply, i++));
   reads.push_back(CreateMockRead(*body2, i++));
-  reads.push_back(CreateMockRead(*body3, i++));
+  reads.push_back(CreateMockRead(*body5, i++));
   reads.push_back(MockRead(ASYNC, 0, i++));  // EOF
 
   // Force all writes to happen before any read, last write will not
@@ -6825,10 +6961,10 @@ TEST_P(SpdyNetworkTransactionTest, FlowControlNegativeSendWindowSize) {
   SequencedSocketData data(reads.data(), reads.size(), writes.data(),
                            writes.size());
 
-  std::vector<scoped_ptr<UploadElementReader>> element_readers;
-  std::string upload_data_string(initial_window_size, 'a');
+  std::vector<std::unique_ptr<UploadElementReader>> element_readers;
+  std::string upload_data_string(kBufferSize * num_upload_buffers, 'a');
   upload_data_string.append(kUploadData, kUploadDataSize);
-  element_readers.push_back(make_scoped_ptr(new UploadBytesElementReader(
+  element_readers.push_back(base::WrapUnique(new UploadBytesElementReader(
       upload_data_string.c_str(), upload_data_string.size())));
   ElementsUploadDataStream upload_data_stream(std::move(element_readers), 0);
 
@@ -6855,13 +6991,17 @@ TEST_P(SpdyNetworkTransactionTest, FlowControlNegativeSendWindowSize) {
   ASSERT_TRUE(stream->stream() != NULL);
   EXPECT_EQ(0, stream->stream()->send_window_size());
 
-  // All the body data should have been read.
-  // TODO(satorux): This is because of the weirdness in reading the request
-  // body in OnSendBodyComplete(). See crbug.com/113107.
-  EXPECT_TRUE(upload_data_stream.IsEOF());
-  // But the body is not yet fully sent (kUploadData is not yet sent)
-  // since we're send-stalled.
-  EXPECT_TRUE(stream->stream()->send_stalled_by_flow_control());
+  if (initial_window_size % kBufferSize != 0) {
+    // If it does not take whole number of full upload buffer to zero out
+    // initial window size, then the upload data is not at EOF, because the
+    // last read must be stalled.
+    EXPECT_FALSE(upload_data_stream.IsEOF());
+  } else {
+    // All the body data should have been read.
+    // TODO(satorux): This is because of the weirdness in reading the request
+    // body in OnSendBodyComplete(). See crbug.com/113107.
+    EXPECT_TRUE(upload_data_stream.IsEOF());
+  }
 
   // Read in WINDOW_UPDATE or SETTINGS frame.
   data.Resume();
@@ -6871,16 +7011,16 @@ TEST_P(SpdyNetworkTransactionTest, FlowControlNegativeSendWindowSize) {
 }
 
 TEST_P(SpdyNetworkTransactionTest, GoAwayOnOddPushStreamId) {
-  scoped_ptr<SpdyHeaderBlock> push_headers(new SpdyHeaderBlock);
+  std::unique_ptr<SpdyHeaderBlock> push_headers(new SpdyHeaderBlock);
   spdy_util_.AddUrlToHeaderBlock("http://www.example.org/a.dat",
                                  push_headers.get());
-  scoped_ptr<SpdySerializedFrame> push(
+  std::unique_ptr<SpdySerializedFrame> push(
       spdy_util_.ConstructInitialSpdyPushFrame(std::move(push_headers), 3, 1));
   MockRead reads[] = {CreateMockRead(*push, 1)};
 
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> goaway(spdy_util_.ConstructSpdyGoAway(
+  std::unique_ptr<SpdySerializedFrame> goaway(spdy_util_.ConstructSpdyGoAway(
       0, GOAWAY_PROTOCOL_ERROR, "Odd push stream id."));
   MockWrite writes[] = {
       CreateMockWrite(*req, 0), CreateMockWrite(*goaway, 2),
@@ -6896,21 +7036,21 @@ TEST_P(SpdyNetworkTransactionTest, GoAwayOnOddPushStreamId) {
 
 TEST_P(SpdyNetworkTransactionTest,
        GoAwayOnPushStreamIdLesserOrEqualThanLastAccepted) {
-  scoped_ptr<SpdySerializedFrame> push_a(spdy_util_.ConstructSpdyPush(
+  std::unique_ptr<SpdySerializedFrame> push_a(spdy_util_.ConstructSpdyPush(
       NULL, 0, 4, 1, GetDefaultUrlWithPath("/a.dat").c_str()));
-  scoped_ptr<SpdyHeaderBlock> push_b_headers(new SpdyHeaderBlock);
+  std::unique_ptr<SpdyHeaderBlock> push_b_headers(new SpdyHeaderBlock);
   spdy_util_.AddUrlToHeaderBlock(GetDefaultUrlWithPath("/b.dat"),
                                  push_b_headers.get());
-  scoped_ptr<SpdySerializedFrame> push_b(
+  std::unique_ptr<SpdySerializedFrame> push_b(
       spdy_util_.ConstructInitialSpdyPushFrame(std::move(push_b_headers), 2,
                                                1));
   MockRead reads[] = {
       CreateMockRead(*push_a, 1), CreateMockRead(*push_b, 2),
   };
 
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> goaway(spdy_util_.ConstructSpdyGoAway(
+  std::unique_ptr<SpdySerializedFrame> goaway(spdy_util_.ConstructSpdyGoAway(
       4, GOAWAY_PROTOCOL_ERROR,
       "New push stream id must be greater than the last accepted."));
   MockWrite writes[] = {
@@ -6936,18 +7076,18 @@ TEST_P(SpdyNetworkTransactionTest, LargeRequest) {
   request.url = GURL(GetDefaultUrl());
   request.extra_headers.SetHeader(kKey, kValue);
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructGetHeaderBlock(GetDefaultUrl()));
   (*headers)[kKey] = kValue;
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdySyn(1, *headers, LOWEST, true));
   MockWrite writes[] = {
       CreateMockWrite(*req, 0),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 1));
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockRead reads[] = {
       CreateMockRead(*resp, 1),
@@ -6968,9 +7108,9 @@ TEST_P(SpdyNetworkTransactionTest, LargeRequest) {
 
 // Regression test for https://crbug.com/535629: response header exceeds 16 kB.
 TEST_P(SpdyNetworkTransactionTest, LargeResponseHeader) {
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructGetHeaderBlock(GetDefaultUrl()));
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdySyn(1, *headers, LOWEST, true));
   MockWrite writes[] = {
       CreateMockWrite(*req, 0),
@@ -6983,9 +7123,9 @@ TEST_P(SpdyNetworkTransactionTest, LargeResponseHeader) {
   const std::string kValue(16 * 1024, 'b');
   response_headers[1] = kValue.data();
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(response_headers, 1, 1));
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockRead reads[] = {
       CreateMockRead(*resp, 1), CreateMockRead(*body, 2),
@@ -7011,15 +7151,16 @@ TEST_P(SpdyNetworkTransactionTest, LargeResponseHeader) {
 class SpdyNetworkTransactionNoTLSUsageCheckTest
     : public SpdyNetworkTransactionTest {
  protected:
-  void RunNoTLSUsageCheckTest(scoped_ptr<SSLSocketDataProvider> ssl_provider) {
+  void RunNoTLSUsageCheckTest(
+      std::unique_ptr<SSLSocketDataProvider> ssl_provider) {
     // Construct the request.
-    scoped_ptr<SpdySerializedFrame> req(
+    std::unique_ptr<SpdySerializedFrame> req(
         spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
     MockWrite writes[] = {CreateMockWrite(*req, 0)};
 
-    scoped_ptr<SpdySerializedFrame> resp(
+    std::unique_ptr<SpdySerializedFrame> resp(
         spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-    scoped_ptr<SpdySerializedFrame> body(
+    std::unique_ptr<SpdySerializedFrame> body(
         spdy_util_.ConstructSpdyBodyFrame(1, true));
     MockRead reads[] = {
         CreateMockRead(*resp, 1),
@@ -7056,7 +7197,7 @@ INSTANTIATE_TEST_CASE_P(
                                                        false)));
 
 TEST_P(SpdyNetworkTransactionNoTLSUsageCheckTest, TLSVersionTooOld) {
-  scoped_ptr<SSLSocketDataProvider> ssl_provider(
+  std::unique_ptr<SSLSocketDataProvider> ssl_provider(
       new SSLSocketDataProvider(ASYNC, OK));
   SSLConnectionStatusSetVersion(SSL_CONNECTION_VERSION_SSL3,
                                 &ssl_provider->connection_status);
@@ -7065,7 +7206,7 @@ TEST_P(SpdyNetworkTransactionNoTLSUsageCheckTest, TLSVersionTooOld) {
 }
 
 TEST_P(SpdyNetworkTransactionNoTLSUsageCheckTest, TLSCipherSuiteSucky) {
-  scoped_ptr<SSLSocketDataProvider> ssl_provider(
+  std::unique_ptr<SSLSocketDataProvider> ssl_provider(
       new SSLSocketDataProvider(ASYNC, OK));
   // Set to TLS_RSA_WITH_NULL_MD5
   SSLConnectionStatusSetCipherSuite(0x1, &ssl_provider->connection_status);
@@ -7076,8 +7217,9 @@ TEST_P(SpdyNetworkTransactionNoTLSUsageCheckTest, TLSCipherSuiteSucky) {
 class SpdyNetworkTransactionTLSUsageCheckTest
     : public SpdyNetworkTransactionTest {
  protected:
-  void RunTLSUsageCheckTest(scoped_ptr<SSLSocketDataProvider> ssl_provider) {
-    scoped_ptr<SpdySerializedFrame> goaway(
+  void RunTLSUsageCheckTest(
+      std::unique_ptr<SSLSocketDataProvider> ssl_provider) {
+    std::unique_ptr<SpdySerializedFrame> goaway(
         spdy_util_.ConstructSpdyGoAway(0, GOAWAY_INADEQUATE_SECURITY, ""));
     MockWrite writes[] = {CreateMockWrite(*goaway)};
 
@@ -7104,7 +7246,7 @@ INSTANTIATE_TEST_CASE_P(
                                                        true)));
 
 TEST_P(SpdyNetworkTransactionTLSUsageCheckTest, TLSVersionTooOld) {
-  scoped_ptr<SSLSocketDataProvider> ssl_provider(
+  std::unique_ptr<SSLSocketDataProvider> ssl_provider(
       new SSLSocketDataProvider(ASYNC, OK));
   SSLConnectionStatusSetVersion(SSL_CONNECTION_VERSION_SSL3,
                                 &ssl_provider->connection_status);
@@ -7113,7 +7255,7 @@ TEST_P(SpdyNetworkTransactionTLSUsageCheckTest, TLSVersionTooOld) {
 }
 
 TEST_P(SpdyNetworkTransactionTLSUsageCheckTest, TLSCipherSuiteSucky) {
-  scoped_ptr<SSLSocketDataProvider> ssl_provider(
+  std::unique_ptr<SSLSocketDataProvider> ssl_provider(
       new SSLSocketDataProvider(ASYNC, OK));
   // Set to TLS_RSA_WITH_NULL_MD5
   SSLConnectionStatusSetCipherSuite(0x1, &ssl_provider->connection_status);
diff --git a/chromium/net/spdy/spdy_pinnable_buffer_piece.h b/chromium/net/spdy/spdy_pinnable_buffer_piece.h
index d0fe866c8ed..01c9d9a2a94 100644
--- a/chromium/net/spdy/spdy_pinnable_buffer_piece.h
+++ b/chromium/net/spdy/spdy_pinnable_buffer_piece.h
@@ -9,7 +9,6 @@
 
 #include <memory>
 
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_piece.h"
 #include "net/base/net_export.h"
 
@@ -52,7 +51,7 @@ struct NET_EXPORT_PRIVATE SpdyPinnableBufferPiece {
   const char * buffer_;
   size_t length_;
   // Null iff |buffer_| isn't pinned.
-  scoped_ptr<char[]> storage_;
+  std::unique_ptr<char[]> storage_;
 };
 
 }  // namespace net
diff --git a/chromium/net/spdy/spdy_protocol.cc b/chromium/net/spdy/spdy_protocol.cc
index f69e02c10be..4ef25f6b56a 100644
--- a/chromium/net/spdy/spdy_protocol.cc
+++ b/chromium/net/spdy/spdy_protocol.cc
@@ -4,6 +4,8 @@
 
 #include "net/spdy/spdy_protocol.h"
 
+#include "net/spdy/spdy_bug_tracker.h"
+
 namespace net {
 
 bool SpdyConstants::IsValidFrameType(SpdyMajorVersion version,
@@ -41,7 +43,7 @@ bool SpdyConstants::IsValidFrameType(SpdyMajorVersion version,
       return true;
   }
 
-  LOG(DFATAL) << "Unhandled SPDY version " << version;
+  SPDY_BUG << "Unhandled SPDY version " << version;
   return false;
 }
 
@@ -98,7 +100,7 @@ SpdyFrameType SpdyConstants::ParseFrameType(SpdyMajorVersion version,
       break;
   }
 
-  LOG(DFATAL) << "Unhandled frame type " << frame_type_field;
+  SPDY_BUG << "Unhandled frame type " << frame_type_field;
   return DATA;
 }
 
@@ -124,7 +126,7 @@ int SpdyConstants::SerializeFrameType(SpdyMajorVersion version,
         case WINDOW_UPDATE:
           return 9;
         default:
-          LOG(DFATAL) << "Serializing unhandled frame type " << frame_type;
+          SPDY_BUG << "Serializing unhandled frame type " << frame_type;
           return -1;
       }
     case HTTP2:
@@ -155,12 +157,12 @@ int SpdyConstants::SerializeFrameType(SpdyMajorVersion version,
         case BLOCKED:
           return 11;
         default:
-          LOG(DFATAL) << "Serializing unhandled frame type " << frame_type;
+          SPDY_BUG << "Serializing unhandled frame type " << frame_type;
           return -1;
       }
   }
 
-  LOG(DFATAL) << "Unhandled SPDY version " << version;
+  SPDY_BUG << "Unhandled SPDY version " << version;
   return -1;
 }
 
@@ -172,10 +174,39 @@ int SpdyConstants::DataFrameType(SpdyMajorVersion version) {
       return SerializeFrameType(version, DATA);
   }
 
-  LOG(DFATAL) << "Unhandled SPDY version " << version;
+  SPDY_BUG << "Unhandled SPDY version " << version;
   return 0;
 }
 
+bool SpdyConstants::IsValidHTTP2FrameStreamId(
+    SpdyStreamId current_frame_stream_id,
+    SpdyFrameType frame_type_field) {
+  if (current_frame_stream_id == 0) {
+    switch (frame_type_field) {
+      case DATA:
+      case HEADERS:
+      case PRIORITY:
+      case RST_STREAM:
+      case CONTINUATION:
+      case PUSH_PROMISE:
+        // These frame types must specify a stream
+        return false;
+      default:
+        return true;
+    }
+  } else {
+    switch (frame_type_field) {
+      case GOAWAY:
+      case SETTINGS:
+      case PING:
+        // These frame types must not specify a stream
+        return false;
+      default:
+        return true;
+    }
+  }
+}
+
 bool SpdyConstants::IsValidSettingId(SpdyMajorVersion version,
                                      int setting_id_field) {
   switch (version) {
@@ -209,7 +240,7 @@ bool SpdyConstants::IsValidSettingId(SpdyMajorVersion version,
       return true;
   }
 
-  LOG(DFATAL) << "Unhandled SPDY version " << version;
+  SPDY_BUG << "Unhandled SPDY version " << version;
   return false;
 }
 
@@ -252,7 +283,7 @@ SpdySettingsIds SpdyConstants::ParseSettingId(SpdyMajorVersion version,
       break;
   }
 
-  LOG(DFATAL) << "Unhandled setting ID " << setting_id_field;
+  SPDY_BUG << "Unhandled setting ID " << setting_id_field;
   return SETTINGS_UPLOAD_BANDWIDTH;
 }
 
@@ -276,7 +307,7 @@ int SpdyConstants::SerializeSettingId(SpdyMajorVersion version,
         case SETTINGS_INITIAL_WINDOW_SIZE:
           return 7;
         default:
-          LOG(DFATAL) << "Serializing unhandled setting id " << id;
+          SPDY_BUG << "Serializing unhandled setting id " << id;
           return -1;
       }
     case HTTP2:
@@ -294,11 +325,11 @@ int SpdyConstants::SerializeSettingId(SpdyMajorVersion version,
         case SETTINGS_MAX_HEADER_LIST_SIZE:
           return 6;
         default:
-          LOG(DFATAL) << "Serializing unhandled setting id " << id;
+          SPDY_BUG << "Serializing unhandled setting id " << id;
           return -1;
       }
   }
-  LOG(DFATAL) << "Unhandled SPDY version " << version;
+  SPDY_BUG << "Unhandled SPDY version " << version;
   return -1;
 }
 
@@ -345,7 +376,7 @@ bool SpdyConstants::IsValidRstStreamStatus(SpdyMajorVersion version,
 
       return true;
   }
-  LOG(DFATAL) << "Unhandled SPDY version " << version;
+  SPDY_BUG << "Unhandled SPDY version " << version;
   return false;
 }
 
@@ -405,7 +436,7 @@ SpdyRstStreamStatus SpdyConstants::ParseRstStreamStatus(
       break;
   }
 
-  LOG(DFATAL) << "Invalid RST_STREAM status " << rst_stream_status_field;
+  SPDY_BUG << "Invalid RST_STREAM status " << rst_stream_status_field;
   return RST_STREAM_PROTOCOL_ERROR;
 }
 
@@ -436,8 +467,7 @@ int SpdyConstants::SerializeRstStreamStatus(
         case RST_STREAM_FRAME_TOO_LARGE:
           return 11;
         default:
-          LOG(DFATAL) << "Unhandled RST_STREAM status "
-                      << rst_stream_status;
+          SPDY_BUG << "Unhandled RST_STREAM status " << rst_stream_status;
           return -1;
       }
     case HTTP2:
@@ -465,12 +495,11 @@ int SpdyConstants::SerializeRstStreamStatus(
         case RST_STREAM_HTTP_1_1_REQUIRED:
           return 13;
         default:
-          LOG(DFATAL) << "Unhandled RST_STREAM status "
-                      << rst_stream_status;
+          SPDY_BUG << "Unhandled RST_STREAM status " << rst_stream_status;
           return -1;
       }
   }
-  LOG(DFATAL) << "Unhandled SPDY version " << version;
+  SPDY_BUG << "Unhandled SPDY version " << version;
   return -1;
 }
 
@@ -505,7 +534,7 @@ bool SpdyConstants::IsValidGoAwayStatus(SpdyMajorVersion version,
 
       return true;
   }
-  LOG(DFATAL) << "Unknown SpdyMajorVersion " << version;
+  SPDY_BUG << "Unknown SpdyMajorVersion " << version;
   return false;
 }
 
@@ -556,7 +585,7 @@ SpdyGoAwayStatus SpdyConstants::ParseGoAwayStatus(SpdyMajorVersion version,
       break;
   }
 
-  LOG(DFATAL) << "Unhandled GOAWAY status " << goaway_status_field;
+  SPDY_BUG << "Unhandled GOAWAY status " << goaway_status_field;
   return GOAWAY_PROTOCOL_ERROR;
 }
 
@@ -583,7 +612,7 @@ int SpdyConstants::SerializeGoAwayStatus(SpdyMajorVersion version,
         case GOAWAY_HTTP_1_1_REQUIRED:
           return 1;  // PROTOCOL_ERROR.
         default:
-          LOG(DFATAL) << "Serializing unhandled GOAWAY status " << status;
+          SPDY_BUG << "Serializing unhandled GOAWAY status " << status;
           return -1;
       }
     case HTTP2:
@@ -617,11 +646,11 @@ int SpdyConstants::SerializeGoAwayStatus(SpdyMajorVersion version,
         case GOAWAY_HTTP_1_1_REQUIRED:
           return 13;
         default:
-          LOG(DFATAL) << "Serializing unhandled GOAWAY status " << status;
+          SPDY_BUG << "Serializing unhandled GOAWAY status " << status;
           return -1;
       }
   }
-  LOG(DFATAL) << "Unknown SpdyMajorVersion " << version;
+  SPDY_BUG << "Unknown SpdyMajorVersion " << version;
   return -1;
 }
 
@@ -632,7 +661,7 @@ size_t SpdyConstants::GetDataFrameMinimumSize(SpdyMajorVersion version) {
     case HTTP2:
       return 9;
   }
-  LOG(DFATAL) << "Unhandled SPDY version.";
+  SPDY_BUG << "Unhandled SPDY version.";
   return 0;
 }
 
@@ -643,7 +672,7 @@ size_t SpdyConstants::GetControlFrameHeaderSize(SpdyMajorVersion version) {
     case HTTP2:
       return 9;
   }
-  LOG(DFATAL) << "Unhandled SPDY version.";
+  SPDY_BUG << "Unhandled SPDY version.";
   return 0;
 }
 
@@ -692,7 +721,7 @@ std::string SpdyConstants::GetVersionString(SpdyMajorVersion version) {
     case HTTP2:
       return "h2";
     default:
-      LOG(DFATAL) << "Unsupported SPDY major version: " << version;
+      SPDY_BUG << "Unsupported SPDY major version: " << version;
       return "spdy/3";
   }
 }
diff --git a/chromium/net/spdy/spdy_protocol.h b/chromium/net/spdy/spdy_protocol.h
index e22f89c0260..f8bc425d184 100644
--- a/chromium/net/spdy/spdy_protocol.h
+++ b/chromium/net/spdy/spdy_protocol.h
@@ -14,12 +14,12 @@
 
 #include <limits>
 #include <map>
+#include <memory>
 #include <string>
 
 #include "base/compiler_specific.h"
 #include "base/logging.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_piece.h"
 #include "base/sys_byteorder.h"
 #include "net/base/net_export.h"
@@ -48,11 +48,16 @@ typedef uint32_t SpdyStreamId;
 // flow control).
 const SpdyStreamId kSessionFlowControlStreamId = 0;
 
-// The maxmium possible control frame size allowed by the spec.
-const int32_t kSpdyMaxControlFrameSize = (1 << 24) - 1;
+// The maxmium possible frame payload size allowed by the spec.
+const uint32_t kSpdyMaxFrameSizeLimit = (1 << 24) - 1;
 
-// The maximum control frame size we accept.
-const int32_t kControlFrameSizeLimit = 1 << 14;
+// The initial value for the maximum frame payload size as per the spec. This is
+// the maximum control frame size we accept.
+const uint32_t kSpdyInitialFrameSizeLimit = 1 << 14;
+
+// The initial value for the maximum size of the header list, "unlimited" (max
+// unsigned 32-bit int) as per the spec.
+const uint32_t kSpdyInitialHeaderListSizeLimit = 0xFFFFFFFF;
 
 // Maximum window size for a Spdy stream or session.
 const int32_t kSpdyMaximumWindowSize = 0x7FFFFFFF;  // Max signed 32bit int
@@ -282,9 +287,7 @@ enum SpdyFrameType {
 enum SpdyDataFlags {
   DATA_FLAG_NONE = 0x00,
   DATA_FLAG_FIN = 0x01,
-  DATA_FLAG_END_SEGMENT = 0x02,
   DATA_FLAG_PADDED = 0x08,
-  DATA_FLAG_COMPRESSED = 0x20,
 };
 
 // Flags on control packets
@@ -300,7 +303,6 @@ enum SpdyPingFlags {
 
 // Used by HEADERS, PUSH_PROMISE, and CONTINUATION.
 enum SpdyHeadersFlags {
-  HEADERS_FLAG_END_SEGMENT = 0x02,
   HEADERS_FLAG_END_HEADERS = 0x04,
   HEADERS_FLAG_PADDED = 0x08,
   HEADERS_FLAG_PRIORITY = 0x20,
@@ -406,16 +408,20 @@ typedef uint8_t SpdyPriority;
 const SpdyPriority kV3HighestPriority = 0;
 const SpdyPriority kV3LowestPriority = 7;
 
+// HTTP/2 stream weights are integers in range [1, 256], as specified in RFC
+// 7540 section 5.3.2. Default stream weight is defined in section 5.3.5.
+const int kHttp2MinStreamWeight = 1;
+const int kHttp2MaxStreamWeight = 256;
+const int kHttp2DefaultStreamWeight = 16;
+
+// Reserved ID for root stream of HTTP/2 stream dependency tree, as specified
+// in RFC 7540 section 5.3.1.
+const unsigned int kHttp2RootStreamId = 0;
+
 typedef uint64_t SpdyPingId;
 
 typedef std::string SpdyProtocolId;
 
-enum class SpdyHeaderValidatorType {
-  REQUEST,
-  RESPONSE_HEADER,
-  RESPONSE_TRAILER
-};
-
 // TODO(hkhalil): Add direct testing for this? It won't increase coverage any,
 // but is good to do anyway.
 class NET_EXPORT_PRIVATE SpdyConstants {
@@ -441,6 +447,12 @@ class NET_EXPORT_PRIVATE SpdyConstants {
   // in the given SPDY version.
   static int DataFrameType(SpdyMajorVersion version);
 
+  // (HTTP/2) All standard frame types except WINDOW_UPDATE are
+  // (stream-specific xor connection-level). Returns false iff we know
+  // the given frame type does not align with the given streamID.
+  static bool IsValidHTTP2FrameStreamId(SpdyStreamId current_frame_stream_id,
+                                        SpdyFrameType frame_type_field);
+
   // Returns true if a given on-the-wire enumeration of a setting id is valid
   // for a given protocol version, false otherwise.
   static bool IsValidSettingId(SpdyMajorVersion version, int setting_id_field);
@@ -646,7 +658,7 @@ class NET_EXPORT_PRIVATE SpdyDataIR
 
  private:
   // Used to store data that this SpdyDataIR should own.
-  scoped_ptr<std::string> data_store_;
+  std::unique_ptr<std::string> data_store_;
   base::StringPiece data_;
 
   bool padded_;
@@ -855,7 +867,7 @@ class NET_EXPORT_PRIVATE SpdyWindowUpdateIR : public SpdyFrameWithStreamIdIR {
   }
   int32_t delta() const { return delta_; }
   void set_delta(int32_t delta) {
-    DCHECK_LT(0, delta);
+    DCHECK_LE(0, delta);
     DCHECK_LE(delta, kSpdyMaximumWindowSize);
     delta_ = delta;
   }
diff --git a/chromium/net/spdy/spdy_protocol_test.cc b/chromium/net/spdy/spdy_protocol_test.cc
index c224818447a..d451f058593 100644
--- a/chromium/net/spdy/spdy_protocol_test.cc
+++ b/chromium/net/spdy/spdy_protocol_test.cc
@@ -5,10 +5,11 @@
 #include "net/spdy/spdy_protocol.h"
 
 #include <limits>
+#include <memory>
 
-#include "base/memory/scoped_ptr.h"
 #include "net/spdy/spdy_bitmasks.h"
 #include "net/spdy/spdy_framer.h"
+#include "net/spdy/spdy_test_utils.h"
 #include "net/test/gtest_util.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
@@ -19,10 +20,10 @@ namespace {
 namespace net {
 
 TEST(SpdyProtocolDeathTest, TestSpdySettingsAndIdOutOfBounds) {
-  scoped_ptr<SettingsFlagsAndId> flags_and_id;
+  std::unique_ptr<SettingsFlagsAndId> flags_and_id;
 
-  EXPECT_DFATAL(flags_and_id.reset(new SettingsFlagsAndId(1, 0xffffffff)),
-                "SPDY setting ID too large.");
+  EXPECT_SPDY_BUG(flags_and_id.reset(new SettingsFlagsAndId(1, 0xffffffff)),
+                  "SPDY setting ID too large.");
   // Make sure that we get expected values in opt mode.
   if (flags_and_id.get() != nullptr) {
     EXPECT_EQ(1, flags_and_id->flags());
@@ -30,4 +31,33 @@ TEST(SpdyProtocolDeathTest, TestSpdySettingsAndIdOutOfBounds) {
   }
 }
 
+TEST(SpdyProtocolTest, IsValidHTTP2FrameStreamId) {
+  // Stream-specific frames must have non-zero stream ids
+  EXPECT_TRUE(SpdyConstants::IsValidHTTP2FrameStreamId(1, DATA));
+  EXPECT_FALSE(SpdyConstants::IsValidHTTP2FrameStreamId(0, DATA));
+  EXPECT_TRUE(SpdyConstants::IsValidHTTP2FrameStreamId(1, HEADERS));
+  EXPECT_FALSE(SpdyConstants::IsValidHTTP2FrameStreamId(0, HEADERS));
+  EXPECT_TRUE(SpdyConstants::IsValidHTTP2FrameStreamId(1, PRIORITY));
+  EXPECT_FALSE(SpdyConstants::IsValidHTTP2FrameStreamId(0, PRIORITY));
+  EXPECT_TRUE(SpdyConstants::IsValidHTTP2FrameStreamId(1, RST_STREAM));
+  EXPECT_FALSE(SpdyConstants::IsValidHTTP2FrameStreamId(0, RST_STREAM));
+  EXPECT_TRUE(SpdyConstants::IsValidHTTP2FrameStreamId(1, CONTINUATION));
+  EXPECT_FALSE(SpdyConstants::IsValidHTTP2FrameStreamId(0, CONTINUATION));
+  EXPECT_TRUE(SpdyConstants::IsValidHTTP2FrameStreamId(1, PUSH_PROMISE));
+  EXPECT_FALSE(SpdyConstants::IsValidHTTP2FrameStreamId(0, PUSH_PROMISE));
+
+  // Connection-level frames must have zero stream ids
+  EXPECT_FALSE(SpdyConstants::IsValidHTTP2FrameStreamId(1, GOAWAY));
+  EXPECT_TRUE(SpdyConstants::IsValidHTTP2FrameStreamId(0, GOAWAY));
+  EXPECT_FALSE(SpdyConstants::IsValidHTTP2FrameStreamId(1, SETTINGS));
+  EXPECT_TRUE(SpdyConstants::IsValidHTTP2FrameStreamId(0, SETTINGS));
+  EXPECT_FALSE(SpdyConstants::IsValidHTTP2FrameStreamId(1, PING));
+  EXPECT_TRUE(SpdyConstants::IsValidHTTP2FrameStreamId(0, PING));
+
+  // Frames that are neither stream-specific nor connection-level
+  // should not have their stream id declared invalid
+  EXPECT_TRUE(SpdyConstants::IsValidHTTP2FrameStreamId(1, WINDOW_UPDATE));
+  EXPECT_TRUE(SpdyConstants::IsValidHTTP2FrameStreamId(0, WINDOW_UPDATE));
+}
+
 }  // namespace net
diff --git a/chromium/net/spdy/spdy_proxy_client_socket.cc b/chromium/net/spdy/spdy_proxy_client_socket.cc
index 2d75c4cdc56..36bdf392a1d 100644
--- a/chromium/net/spdy/spdy_proxy_client_socket.cc
+++ b/chromium/net/spdy/spdy_proxy_client_socket.cc
@@ -14,7 +14,7 @@
 #include "base/logging.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/string_util.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/values.h"
 #include "net/base/auth.h"
 #include "net/base/io_buffer.h"
@@ -364,7 +364,7 @@ int SpdyProxyClientSocket::DoSendRequest() {
       base::Bind(&HttpRequestHeaders::NetLogCallback,
                  base::Unretained(&request_.extra_headers), &request_line));
 
-  scoped_ptr<SpdyHeaderBlock> headers(new SpdyHeaderBlock());
+  std::unique_ptr<SpdyHeaderBlock> headers(new SpdyHeaderBlock());
   CreateSpdyHeadersFromHttpRequest(request_, request_.extra_headers,
                                    spdy_stream_->GetProtocolVersion(), true,
                                    headers.get());
@@ -460,7 +460,7 @@ SpdyResponseHeadersStatus SpdyProxyClientSocket::OnResponseHeadersUpdated(
 }
 
 // Called when data is received or on EOF (if |buffer| is NULL).
-void SpdyProxyClientSocket::OnDataReceived(scoped_ptr<SpdyBuffer> buffer) {
+void SpdyProxyClientSocket::OnDataReceived(std::unique_ptr<SpdyBuffer> buffer) {
   if (buffer) {
     net_log_.AddByteTransferEvent(NetLog::TYPE_SOCKET_BYTES_RECEIVED,
                                   buffer->GetRemainingSize(),
@@ -525,7 +525,7 @@ void SpdyProxyClientSocket::OnClose(int status)  {
     read_callback.Run(status);
   } else if (!read_callback_.is_null()) {
     // If we have a read_callback_, the we need to make sure we call it back.
-    OnDataReceived(scoped_ptr<SpdyBuffer>());
+    OnDataReceived(std::unique_ptr<SpdyBuffer>());
   }
   // This may have been deleted by read_callback_, so check first.
   if (weak_ptr.get() && !write_callback.is_null())
diff --git a/chromium/net/spdy/spdy_proxy_client_socket.h b/chromium/net/spdy/spdy_proxy_client_socket.h
index f773666ed22..09c10e402f4 100644
--- a/chromium/net/spdy/spdy_proxy_client_socket.h
+++ b/chromium/net/spdy/spdy_proxy_client_socket.h
@@ -94,7 +94,7 @@ class NET_EXPORT_PRIVATE SpdyProxyClientSocket : public ProxyClientSocket,
   void OnRequestHeadersSent() override;
   SpdyResponseHeadersStatus OnResponseHeadersUpdated(
       const SpdyHeaderBlock& response_headers) override;
-  void OnDataReceived(scoped_ptr<SpdyBuffer> buffer) override;
+  void OnDataReceived(std::unique_ptr<SpdyBuffer> buffer) override;
   void OnDataSent() override;
   void OnTrailers(const SpdyHeaderBlock& trailers) override;
   void OnClose(int status) override;
diff --git a/chromium/net/spdy/spdy_proxy_client_socket_unittest.cc b/chromium/net/spdy/spdy_proxy_client_socket_unittest.cc
index 6e83c3989a3..78c8ce5738d 100644
--- a/chromium/net/spdy/spdy_proxy_client_socket_unittest.cc
+++ b/chromium/net/spdy/spdy_proxy_client_socket_unittest.cc
@@ -134,14 +134,14 @@ class SpdyProxyClientSocketTest : public PlatformTest,
   }
 
   SpdyTestUtil spdy_util_;
-  scoped_ptr<SpdyProxyClientSocket> sock_;
+  std::unique_ptr<SpdyProxyClientSocket> sock_;
   TestCompletionCallback read_callback_;
   TestCompletionCallback write_callback_;
-  scoped_ptr<SequencedSocketData> data_;
+  std::unique_ptr<SequencedSocketData> data_;
   BoundTestNetLog net_log_;
 
  private:
-  scoped_ptr<HttpNetworkSession> session_;
+  std::unique_ptr<HttpNetworkSession> session_;
   scoped_refptr<IOBuffer> read_buf_;
   SpdySessionDependencies session_deps_;
   MockConnect connect_data_;
@@ -396,12 +396,12 @@ SpdySerializedFrame* SpdyProxyClientSocketTest::ConstructBodyFrame(
 // ----------- Connect
 
 TEST_P(SpdyProxyClientSocketTest, ConnectSendsCorrectRequest) {
-  scoped_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
+  std::unique_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
   MockWrite writes[] = {
     CreateMockWrite(*conn, 0, SYNCHRONOUS),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
+  std::unique_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
   MockRead reads[] = {
       CreateMockRead(*resp, 1, ASYNC), MockRead(SYNCHRONOUS, ERR_IO_PENDING, 2),
   };
@@ -416,12 +416,12 @@ TEST_P(SpdyProxyClientSocketTest, ConnectSendsCorrectRequest) {
 }
 
 TEST_P(SpdyProxyClientSocketTest, ConnectWithAuthRequested) {
-  scoped_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
+  std::unique_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
   MockWrite writes[] = {
     CreateMockWrite(*conn, 0, SYNCHRONOUS),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(ConstructConnectAuthReplyFrame());
+  std::unique_ptr<SpdySerializedFrame> resp(ConstructConnectAuthReplyFrame());
   MockRead reads[] = {
       CreateMockRead(*resp, 1, ASYNC), MockRead(SYNCHRONOUS, ERR_IO_PENDING, 2),
   };
@@ -436,12 +436,12 @@ TEST_P(SpdyProxyClientSocketTest, ConnectWithAuthRequested) {
 }
 
 TEST_P(SpdyProxyClientSocketTest, ConnectWithAuthCredentials) {
-  scoped_ptr<SpdySerializedFrame> conn(ConstructConnectAuthRequestFrame());
+  std::unique_ptr<SpdySerializedFrame> conn(ConstructConnectAuthRequestFrame());
   MockWrite writes[] = {
     CreateMockWrite(*conn, 0, SYNCHRONOUS),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
+  std::unique_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
   MockRead reads[] = {
       CreateMockRead(*resp, 1, ASYNC), MockRead(SYNCHRONOUS, ERR_IO_PENDING, 2),
   };
@@ -455,14 +455,15 @@ TEST_P(SpdyProxyClientSocketTest, ConnectWithAuthCredentials) {
 }
 
 TEST_P(SpdyProxyClientSocketTest, ConnectRedirects) {
-  scoped_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(1, RST_STREAM_CANCEL));
   MockWrite writes[] = {
       CreateMockWrite(*conn, 0, SYNCHRONOUS), CreateMockWrite(*rst, 3),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(ConstructConnectRedirectReplyFrame());
+  std::unique_ptr<SpdySerializedFrame> resp(
+      ConstructConnectRedirectReplyFrame());
   MockRead reads[] = {
       CreateMockRead(*resp, 1, ASYNC), MockRead(SYNCHRONOUS, ERR_IO_PENDING, 2),
   };
@@ -488,12 +489,12 @@ TEST_P(SpdyProxyClientSocketTest, ConnectRedirects) {
 }
 
 TEST_P(SpdyProxyClientSocketTest, ConnectFails) {
-  scoped_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
+  std::unique_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
   MockWrite writes[] = {
     CreateMockWrite(*conn, 0, SYNCHRONOUS),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
+  std::unique_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
   MockRead reads[] = {
     MockRead(ASYNC, 0, 1),  // EOF
   };
@@ -510,14 +511,14 @@ TEST_P(SpdyProxyClientSocketTest, ConnectFails) {
 // ----------- WasEverUsed
 
 TEST_P(SpdyProxyClientSocketTest, WasEverUsedReturnsCorrectValues) {
-  scoped_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(1, RST_STREAM_CANCEL));
   MockWrite writes[] = {
       CreateMockWrite(*conn, 0, SYNCHRONOUS), CreateMockWrite(*rst, 3),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
+  std::unique_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
   MockRead reads[] = {
       CreateMockRead(*resp, 1, ASYNC), MockRead(SYNCHRONOUS, ERR_IO_PENDING, 2),
   };
@@ -537,12 +538,12 @@ TEST_P(SpdyProxyClientSocketTest, WasEverUsedReturnsCorrectValues) {
 // ----------- GetPeerAddress
 
 TEST_P(SpdyProxyClientSocketTest, GetPeerAddressReturnsCorrectValues) {
-  scoped_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
+  std::unique_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
   MockWrite writes[] = {
     CreateMockWrite(*conn, 0, SYNCHRONOUS),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
+  std::unique_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
   MockRead reads[] = {
       CreateMockRead(*resp, 1, ASYNC), MockRead(ASYNC, ERR_IO_PENDING, 2),
       MockRead(ASYNC, 0, 3),  // EOF
@@ -570,16 +571,16 @@ TEST_P(SpdyProxyClientSocketTest, GetPeerAddressReturnsCorrectValues) {
 // ----------- Write
 
 TEST_P(SpdyProxyClientSocketTest, WriteSendsDataInDataFrame) {
-  scoped_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
-  scoped_ptr<SpdySerializedFrame> msg1(ConstructBodyFrame(kMsg1, kLen1));
-  scoped_ptr<SpdySerializedFrame> msg2(ConstructBodyFrame(kMsg2, kLen2));
+  std::unique_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
+  std::unique_ptr<SpdySerializedFrame> msg1(ConstructBodyFrame(kMsg1, kLen1));
+  std::unique_ptr<SpdySerializedFrame> msg2(ConstructBodyFrame(kMsg2, kLen2));
   MockWrite writes[] = {
       CreateMockWrite(*conn, 0, SYNCHRONOUS),
       CreateMockWrite(*msg1, 3, SYNCHRONOUS),
       CreateMockWrite(*msg2, 4, SYNCHRONOUS),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
+  std::unique_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
   MockRead reads[] = {
       CreateMockRead(*resp, 1, ASYNC), MockRead(SYNCHRONOUS, ERR_IO_PENDING, 2),
   };
@@ -594,15 +595,15 @@ TEST_P(SpdyProxyClientSocketTest, WriteSendsDataInDataFrame) {
 
 TEST_P(SpdyProxyClientSocketTest, WriteSplitsLargeDataIntoMultipleFrames) {
   std::string chunk_data(kMaxSpdyFrameChunkSize, 'x');
-  scoped_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
-  scoped_ptr<SpdySerializedFrame> chunk(
+  std::unique_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
+  std::unique_ptr<SpdySerializedFrame> chunk(
       ConstructBodyFrame(chunk_data.data(), chunk_data.length()));
   MockWrite writes[] = {CreateMockWrite(*conn, 0, SYNCHRONOUS),
                         CreateMockWrite(*chunk, 3, SYNCHRONOUS),
                         CreateMockWrite(*chunk, 4, SYNCHRONOUS),
                         CreateMockWrite(*chunk, 5, SYNCHRONOUS)};
 
-  scoped_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
+  std::unique_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
   MockRead reads[] = {
       CreateMockRead(*resp, 1, ASYNC), MockRead(SYNCHRONOUS, ERR_IO_PENDING, 2),
   };
@@ -623,13 +624,13 @@ TEST_P(SpdyProxyClientSocketTest, WriteSplitsLargeDataIntoMultipleFrames) {
 // ----------- Read
 
 TEST_P(SpdyProxyClientSocketTest, ReadReadsDataInDataFrame) {
-  scoped_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
+  std::unique_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
   MockWrite writes[] = {
     CreateMockWrite(*conn, 0, SYNCHRONOUS),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
-  scoped_ptr<SpdySerializedFrame> msg1(ConstructBodyFrame(kMsg1, kLen1));
+  std::unique_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
+  std::unique_ptr<SpdySerializedFrame> msg1(ConstructBodyFrame(kMsg1, kLen1));
   MockRead reads[] = {
       CreateMockRead(*resp, 1, ASYNC), MockRead(ASYNC, ERR_IO_PENDING, 2),
       CreateMockRead(*msg1, 3, ASYNC), MockRead(SYNCHRONOUS, ERR_IO_PENDING, 4),
@@ -645,14 +646,14 @@ TEST_P(SpdyProxyClientSocketTest, ReadReadsDataInDataFrame) {
 }
 
 TEST_P(SpdyProxyClientSocketTest, ReadDataFromBufferedFrames) {
-  scoped_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
+  std::unique_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
   MockWrite writes[] = {
     CreateMockWrite(*conn, 0, SYNCHRONOUS),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
-  scoped_ptr<SpdySerializedFrame> msg1(ConstructBodyFrame(kMsg1, kLen1));
-  scoped_ptr<SpdySerializedFrame> msg2(ConstructBodyFrame(kMsg2, kLen2));
+  std::unique_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
+  std::unique_ptr<SpdySerializedFrame> msg1(ConstructBodyFrame(kMsg1, kLen1));
+  std::unique_ptr<SpdySerializedFrame> msg2(ConstructBodyFrame(kMsg2, kLen2));
   MockRead reads[] = {
       CreateMockRead(*resp, 1, ASYNC), MockRead(ASYNC, ERR_IO_PENDING, 2),
       CreateMockRead(*msg1, 3, ASYNC), MockRead(ASYNC, ERR_IO_PENDING, 4),
@@ -672,14 +673,14 @@ TEST_P(SpdyProxyClientSocketTest, ReadDataFromBufferedFrames) {
 }
 
 TEST_P(SpdyProxyClientSocketTest, ReadDataMultipleBufferedFrames) {
-  scoped_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
+  std::unique_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
   MockWrite writes[] = {
     CreateMockWrite(*conn, 0, SYNCHRONOUS),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
-  scoped_ptr<SpdySerializedFrame> msg1(ConstructBodyFrame(kMsg1, kLen1));
-  scoped_ptr<SpdySerializedFrame> msg2(ConstructBodyFrame(kMsg2, kLen2));
+  std::unique_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
+  std::unique_ptr<SpdySerializedFrame> msg1(ConstructBodyFrame(kMsg1, kLen1));
+  std::unique_ptr<SpdySerializedFrame> msg2(ConstructBodyFrame(kMsg2, kLen2));
   MockRead reads[] = {
       CreateMockRead(*resp, 1, ASYNC),
       MockRead(ASYNC, ERR_IO_PENDING, 2),
@@ -701,14 +702,14 @@ TEST_P(SpdyProxyClientSocketTest, ReadDataMultipleBufferedFrames) {
 
 TEST_P(SpdyProxyClientSocketTest,
        LargeReadWillMergeDataFromDifferentFrames) {
-  scoped_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
+  std::unique_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
   MockWrite writes[] = {
     CreateMockWrite(*conn, 0, SYNCHRONOUS),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
-  scoped_ptr<SpdySerializedFrame> msg1(ConstructBodyFrame(kMsg1, kLen1));
-  scoped_ptr<SpdySerializedFrame> msg3(ConstructBodyFrame(kMsg3, kLen3));
+  std::unique_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
+  std::unique_ptr<SpdySerializedFrame> msg1(ConstructBodyFrame(kMsg1, kLen1));
+  std::unique_ptr<SpdySerializedFrame> msg3(ConstructBodyFrame(kMsg3, kLen3));
   MockRead reads[] = {
       CreateMockRead(*resp, 1, ASYNC),
       MockRead(ASYNC, ERR_IO_PENDING, 2),
@@ -730,15 +731,15 @@ TEST_P(SpdyProxyClientSocketTest,
 }
 
 TEST_P(SpdyProxyClientSocketTest, MultipleShortReadsThenMoreRead) {
-  scoped_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
+  std::unique_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
   MockWrite writes[] = {
     CreateMockWrite(*conn, 0, SYNCHRONOUS),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
-  scoped_ptr<SpdySerializedFrame> msg1(ConstructBodyFrame(kMsg1, kLen1));
-  scoped_ptr<SpdySerializedFrame> msg3(ConstructBodyFrame(kMsg3, kLen3));
-  scoped_ptr<SpdySerializedFrame> msg2(ConstructBodyFrame(kMsg2, kLen2));
+  std::unique_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
+  std::unique_ptr<SpdySerializedFrame> msg1(ConstructBodyFrame(kMsg1, kLen1));
+  std::unique_ptr<SpdySerializedFrame> msg3(ConstructBodyFrame(kMsg3, kLen3));
+  std::unique_ptr<SpdySerializedFrame> msg2(ConstructBodyFrame(kMsg2, kLen2));
   MockRead reads[] = {
       CreateMockRead(*resp, 1, ASYNC),
       MockRead(ASYNC, ERR_IO_PENDING, 2),
@@ -764,15 +765,16 @@ TEST_P(SpdyProxyClientSocketTest, MultipleShortReadsThenMoreRead) {
 }
 
 TEST_P(SpdyProxyClientSocketTest, ReadWillSplitDataFromLargeFrame) {
-  scoped_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
+  std::unique_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
   MockWrite writes[] = {
     CreateMockWrite(*conn, 0, SYNCHRONOUS),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
-  scoped_ptr<SpdySerializedFrame> msg1(ConstructBodyFrame(kMsg1, kLen1));
-  scoped_ptr<SpdySerializedFrame> msg33(ConstructBodyFrame(kMsg33, kLen33));
-  scoped_ptr<SpdySerializedFrame> msg2(ConstructBodyFrame(kMsg2, kLen2));
+  std::unique_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
+  std::unique_ptr<SpdySerializedFrame> msg1(ConstructBodyFrame(kMsg1, kLen1));
+  std::unique_ptr<SpdySerializedFrame> msg33(
+      ConstructBodyFrame(kMsg33, kLen33));
+  std::unique_ptr<SpdySerializedFrame> msg2(ConstructBodyFrame(kMsg2, kLen2));
   MockRead reads[] = {
       CreateMockRead(*resp, 1, ASYNC),
       MockRead(ASYNC, ERR_IO_PENDING, 2),
@@ -796,13 +798,14 @@ TEST_P(SpdyProxyClientSocketTest, ReadWillSplitDataFromLargeFrame) {
 }
 
 TEST_P(SpdyProxyClientSocketTest, MultipleReadsFromSameLargeFrame) {
-  scoped_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
+  std::unique_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
   MockWrite writes[] = {
     CreateMockWrite(*conn, 0, SYNCHRONOUS),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
-  scoped_ptr<SpdySerializedFrame> msg333(ConstructBodyFrame(kMsg333, kLen333));
+  std::unique_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
+  std::unique_ptr<SpdySerializedFrame> msg333(
+      ConstructBodyFrame(kMsg333, kLen333));
   MockRead reads[] = {
       CreateMockRead(*resp, 1, ASYNC), MockRead(ASYNC, ERR_IO_PENDING, 2),
       CreateMockRead(*msg333, 3, ASYNC),
@@ -827,14 +830,14 @@ TEST_P(SpdyProxyClientSocketTest, MultipleReadsFromSameLargeFrame) {
 }
 
 TEST_P(SpdyProxyClientSocketTest, ReadAuthResponseBody) {
-  scoped_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
+  std::unique_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
   MockWrite writes[] = {
     CreateMockWrite(*conn, 0, SYNCHRONOUS),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(ConstructConnectAuthReplyFrame());
-  scoped_ptr<SpdySerializedFrame> msg1(ConstructBodyFrame(kMsg1, kLen1));
-  scoped_ptr<SpdySerializedFrame> msg2(ConstructBodyFrame(kMsg2, kLen2));
+  std::unique_ptr<SpdySerializedFrame> resp(ConstructConnectAuthReplyFrame());
+  std::unique_ptr<SpdySerializedFrame> msg1(ConstructBodyFrame(kMsg1, kLen1));
+  std::unique_ptr<SpdySerializedFrame> msg2(ConstructBodyFrame(kMsg2, kLen2));
   MockRead reads[] = {
       CreateMockRead(*resp, 1, ASYNC),
       MockRead(ASYNC, ERR_IO_PENDING, 2),
@@ -855,14 +858,14 @@ TEST_P(SpdyProxyClientSocketTest, ReadAuthResponseBody) {
 }
 
 TEST_P(SpdyProxyClientSocketTest, ReadErrorResponseBody) {
-  scoped_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
+  std::unique_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
   MockWrite writes[] = {
     CreateMockWrite(*conn, 0, SYNCHRONOUS),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(ConstructConnectErrorReplyFrame());
-  scoped_ptr<SpdySerializedFrame> msg1(ConstructBodyFrame(kMsg1, kLen1));
-  scoped_ptr<SpdySerializedFrame> msg2(ConstructBodyFrame(kMsg2, kLen2));
+  std::unique_ptr<SpdySerializedFrame> resp(ConstructConnectErrorReplyFrame());
+  std::unique_ptr<SpdySerializedFrame> msg1(ConstructBodyFrame(kMsg1, kLen1));
+  std::unique_ptr<SpdySerializedFrame> msg2(ConstructBodyFrame(kMsg2, kLen2));
   MockRead reads[] = {
     CreateMockRead(*resp, 1, ASYNC),
     CreateMockRead(*msg1, 2, ASYNC),
@@ -878,16 +881,16 @@ TEST_P(SpdyProxyClientSocketTest, ReadErrorResponseBody) {
 // ----------- Reads and Writes
 
 TEST_P(SpdyProxyClientSocketTest, AsyncReadAroundWrite) {
-  scoped_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
-  scoped_ptr<SpdySerializedFrame> msg2(ConstructBodyFrame(kMsg2, kLen2));
+  std::unique_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
+  std::unique_ptr<SpdySerializedFrame> msg2(ConstructBodyFrame(kMsg2, kLen2));
   MockWrite writes[] = {
       CreateMockWrite(*conn, 0, SYNCHRONOUS),
       CreateMockWrite(*msg2, 4, SYNCHRONOUS),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
-  scoped_ptr<SpdySerializedFrame> msg1(ConstructBodyFrame(kMsg1, kLen1));
-  scoped_ptr<SpdySerializedFrame> msg3(ConstructBodyFrame(kMsg3, kLen3));
+  std::unique_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
+  std::unique_ptr<SpdySerializedFrame> msg1(ConstructBodyFrame(kMsg1, kLen1));
+  std::unique_ptr<SpdySerializedFrame> msg3(ConstructBodyFrame(kMsg3, kLen3));
   MockRead reads[] = {
       CreateMockRead(*resp, 1, ASYNC),
       MockRead(ASYNC, ERR_IO_PENDING, 2),
@@ -916,16 +919,16 @@ TEST_P(SpdyProxyClientSocketTest, AsyncReadAroundWrite) {
 }
 
 TEST_P(SpdyProxyClientSocketTest, AsyncWriteAroundReads) {
-  scoped_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
-  scoped_ptr<SpdySerializedFrame> msg2(ConstructBodyFrame(kMsg2, kLen2));
+  std::unique_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
+  std::unique_ptr<SpdySerializedFrame> msg2(ConstructBodyFrame(kMsg2, kLen2));
   MockWrite writes[] = {
       CreateMockWrite(*conn, 0, SYNCHRONOUS),
       MockWrite(ASYNC, ERR_IO_PENDING, 7), CreateMockWrite(*msg2, 8, ASYNC),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
-  scoped_ptr<SpdySerializedFrame> msg1(ConstructBodyFrame(kMsg1, kLen1));
-  scoped_ptr<SpdySerializedFrame> msg3(ConstructBodyFrame(kMsg3, kLen3));
+  std::unique_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
+  std::unique_ptr<SpdySerializedFrame> msg1(ConstructBodyFrame(kMsg1, kLen1));
+  std::unique_ptr<SpdySerializedFrame> msg3(ConstructBodyFrame(kMsg3, kLen3));
   MockRead reads[] = {
       CreateMockRead(*resp, 1, ASYNC), MockRead(ASYNC, ERR_IO_PENDING, 2),
       CreateMockRead(*msg1, 3, ASYNC), MockRead(ASYNC, ERR_IO_PENDING, 4),
@@ -954,12 +957,12 @@ TEST_P(SpdyProxyClientSocketTest, AsyncWriteAroundReads) {
 
 // Reading from an already closed socket should return 0
 TEST_P(SpdyProxyClientSocketTest, ReadOnClosedSocketReturnsZero) {
-  scoped_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
+  std::unique_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
   MockWrite writes[] = {
     CreateMockWrite(*conn, 0, SYNCHRONOUS),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
+  std::unique_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
   MockRead reads[] = {
       CreateMockRead(*resp, 1, ASYNC), MockRead(ASYNC, ERR_IO_PENDING, 2),
       MockRead(ASYNC, 0, 3),  // EOF
@@ -980,12 +983,12 @@ TEST_P(SpdyProxyClientSocketTest, ReadOnClosedSocketReturnsZero) {
 
 // Read pending when socket is closed should return 0
 TEST_P(SpdyProxyClientSocketTest, PendingReadOnCloseReturnsZero) {
-  scoped_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
+  std::unique_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
   MockWrite writes[] = {
     CreateMockWrite(*conn, 0, SYNCHRONOUS),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
+  std::unique_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
   MockRead reads[] = {
       CreateMockRead(*resp, 1, ASYNC), MockRead(ASYNC, ERR_IO_PENDING, 2),
       MockRead(ASYNC, 0, 3),  // EOF
@@ -1005,14 +1008,14 @@ TEST_P(SpdyProxyClientSocketTest, PendingReadOnCloseReturnsZero) {
 // Reading from a disconnected socket is an error
 TEST_P(SpdyProxyClientSocketTest,
        ReadOnDisconnectSocketReturnsNotConnected) {
-  scoped_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(1, RST_STREAM_CANCEL));
   MockWrite writes[] = {
       CreateMockWrite(*conn, 0, SYNCHRONOUS), CreateMockWrite(*rst, 3),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
+  std::unique_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
   MockRead reads[] = {
       CreateMockRead(*resp, 1, ASYNC), MockRead(SYNCHRONOUS, ERR_IO_PENDING, 2),
   };
@@ -1033,13 +1036,13 @@ TEST_P(SpdyProxyClientSocketTest,
 // Reading buffered data from an already closed socket should return
 // buffered data, then 0.
 TEST_P(SpdyProxyClientSocketTest, ReadOnClosedSocketReturnsBufferedData) {
-  scoped_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
+  std::unique_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
   MockWrite writes[] = {
     CreateMockWrite(*conn, 0, SYNCHRONOUS),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
-  scoped_ptr<SpdySerializedFrame> msg1(ConstructBodyFrame(kMsg1, kLen1));
+  std::unique_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
+  std::unique_ptr<SpdySerializedFrame> msg1(ConstructBodyFrame(kMsg1, kLen1));
   MockRead reads[] = {
       CreateMockRead(*resp, 1, ASYNC), MockRead(ASYNC, ERR_IO_PENDING, 2),
       CreateMockRead(*msg1, 3, ASYNC), MockRead(ASYNC, 0, 4),  // EOF
@@ -1065,13 +1068,13 @@ TEST_P(SpdyProxyClientSocketTest, ReadOnClosedSocketReturnsBufferedData) {
 
 // Calling Write() on a closed socket is an error
 TEST_P(SpdyProxyClientSocketTest, WriteOnClosedStream) {
-  scoped_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
+  std::unique_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
   MockWrite writes[] = {
     CreateMockWrite(*conn, 0, SYNCHRONOUS),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
-  scoped_ptr<SpdySerializedFrame> msg1(ConstructBodyFrame(kMsg1, kLen1));
+  std::unique_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
+  std::unique_ptr<SpdySerializedFrame> msg1(ConstructBodyFrame(kMsg1, kLen1));
   MockRead reads[] = {
       CreateMockRead(*resp, 1, ASYNC), MockRead(ASYNC, ERR_IO_PENDING, 2),
       MockRead(ASYNC, 0, 3),  // EOF
@@ -1090,15 +1093,15 @@ TEST_P(SpdyProxyClientSocketTest, WriteOnClosedStream) {
 
 // Calling Write() on a disconnected socket is an error.
 TEST_P(SpdyProxyClientSocketTest, WriteOnDisconnectedSocket) {
-  scoped_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(1, RST_STREAM_CANCEL));
   MockWrite writes[] = {
       CreateMockWrite(*conn, 0, SYNCHRONOUS), CreateMockWrite(*rst, 3),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
-  scoped_ptr<SpdySerializedFrame> msg1(ConstructBodyFrame(kMsg1, kLen1));
+  std::unique_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
+  std::unique_ptr<SpdySerializedFrame> msg1(ConstructBodyFrame(kMsg1, kLen1));
   MockRead reads[] = {
       CreateMockRead(*resp, 1, ASYNC), MockRead(SYNCHRONOUS, ERR_IO_PENDING, 2),
   };
@@ -1120,13 +1123,13 @@ TEST_P(SpdyProxyClientSocketTest, WriteOnDisconnectedSocket) {
 // If the socket is closed with a pending Write(), the callback
 // should be called with ERR_CONNECTION_CLOSED.
 TEST_P(SpdyProxyClientSocketTest, WritePendingOnClose) {
-  scoped_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
+  std::unique_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
   MockWrite writes[] = {
       CreateMockWrite(*conn, 0, SYNCHRONOUS),
       MockWrite(SYNCHRONOUS, ERR_IO_PENDING, 3),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
+  std::unique_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
   MockRead reads[] = {
       CreateMockRead(*resp, 1, ASYNC), MockRead(SYNCHRONOUS, ERR_IO_PENDING, 2),
   };
@@ -1151,14 +1154,14 @@ TEST_P(SpdyProxyClientSocketTest, WritePendingOnClose) {
 // If the socket is Disconnected with a pending Write(), the callback
 // should not be called.
 TEST_P(SpdyProxyClientSocketTest, DisconnectWithWritePending) {
-  scoped_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(1, RST_STREAM_CANCEL));
   MockWrite writes[] = {
       CreateMockWrite(*conn, 0, SYNCHRONOUS), CreateMockWrite(*rst, 3),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
+  std::unique_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
   MockRead reads[] = {
       CreateMockRead(*resp, 1, ASYNC), MockRead(SYNCHRONOUS, ERR_IO_PENDING, 2),
   };
@@ -1185,14 +1188,14 @@ TEST_P(SpdyProxyClientSocketTest, DisconnectWithWritePending) {
 // If the socket is Disconnected with a pending Read(), the callback
 // should not be called.
 TEST_P(SpdyProxyClientSocketTest, DisconnectWithReadPending) {
-  scoped_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(1, RST_STREAM_CANCEL));
   MockWrite writes[] = {
       CreateMockWrite(*conn, 0, SYNCHRONOUS), CreateMockWrite(*rst, 3),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
+  std::unique_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
   MockRead reads[] = {
       CreateMockRead(*resp, 1, ASYNC), MockRead(SYNCHRONOUS, ERR_IO_PENDING, 2),
   };
@@ -1219,13 +1222,13 @@ TEST_P(SpdyProxyClientSocketTest, DisconnectWithReadPending) {
 // If the socket is Reset when both a read and write are pending,
 // both should be called back.
 TEST_P(SpdyProxyClientSocketTest, RstWithReadAndWritePending) {
-  scoped_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
+  std::unique_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
   MockWrite writes[] = {
     CreateMockWrite(*conn, 0, SYNCHRONOUS),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(1, RST_STREAM_CANCEL));
   MockRead reads[] = {
       CreateMockRead(*resp, 1, ASYNC), MockRead(ASYNC, ERR_IO_PENDING, 2),
@@ -1261,15 +1264,15 @@ TEST_P(SpdyProxyClientSocketTest, RstWithReadAndWritePending) {
 // Makes sure the proxy client socket's source gets the expected NetLog events
 // and only the expected NetLog events (No SpdySession events).
 TEST_P(SpdyProxyClientSocketTest, NetLog) {
-  scoped_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(1, RST_STREAM_CANCEL));
   MockWrite writes[] = {
       CreateMockWrite(*conn, 0, SYNCHRONOUS), CreateMockWrite(*rst, 5),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
-  scoped_ptr<SpdySerializedFrame> msg1(ConstructBodyFrame(kMsg1, kLen1));
+  std::unique_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
+  std::unique_ptr<SpdySerializedFrame> msg1(ConstructBodyFrame(kMsg1, kLen1));
   MockRead reads[] = {
       CreateMockRead(*resp, 1, ASYNC), MockRead(ASYNC, ERR_IO_PENDING, 2),
       CreateMockRead(*msg1, 3, ASYNC), MockRead(SYNCHRONOUS, ERR_IO_PENDING, 4),
@@ -1321,11 +1324,10 @@ TEST_P(SpdyProxyClientSocketTest, NetLog) {
 // deleted when Run is invoked.
 class DeleteSockCallback : public TestCompletionCallbackBase {
  public:
-  explicit DeleteSockCallback(scoped_ptr<SpdyProxyClientSocket>* sock)
+  explicit DeleteSockCallback(std::unique_ptr<SpdyProxyClientSocket>* sock)
       : sock_(sock),
         callback_(base::Bind(&DeleteSockCallback::OnComplete,
-                             base::Unretained(this))) {
-  }
+                             base::Unretained(this))) {}
 
   ~DeleteSockCallback() override {}
 
@@ -1337,7 +1339,7 @@ class DeleteSockCallback : public TestCompletionCallbackBase {
     SetResult(result);
   }
 
-  scoped_ptr<SpdyProxyClientSocket>* sock_;
+  std::unique_ptr<SpdyProxyClientSocket>* sock_;
   CompletionCallback callback_;
 
   DISALLOW_COPY_AND_ASSIGN(DeleteSockCallback);
@@ -1347,13 +1349,13 @@ class DeleteSockCallback : public TestCompletionCallbackBase {
 // read callback causes the socket to be deleted, the write callback should
 // not be called.
 TEST_P(SpdyProxyClientSocketTest, RstWithReadAndWritePendingDelete) {
-  scoped_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
+  std::unique_ptr<SpdySerializedFrame> conn(ConstructConnectRequestFrame());
   MockWrite writes[] = {
     CreateMockWrite(*conn, 0, SYNCHRONOUS),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> resp(ConstructConnectReplyFrame());
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(1, RST_STREAM_CANCEL));
   MockRead reads[] = {
       CreateMockRead(*resp, 1, ASYNC), MockRead(ASYNC, ERR_IO_PENDING, 2),
diff --git a/chromium/net/spdy/spdy_read_queue.cc b/chromium/net/spdy/spdy_read_queue.cc
index 627bf5b83b4..7948ff4480d 100644
--- a/chromium/net/spdy/spdy_read_queue.cc
+++ b/chromium/net/spdy/spdy_read_queue.cc
@@ -25,7 +25,7 @@ size_t SpdyReadQueue::GetTotalSize() const {
   return total_size_;
 }
 
-void SpdyReadQueue::Enqueue(scoped_ptr<SpdyBuffer> buffer) {
+void SpdyReadQueue::Enqueue(std::unique_ptr<SpdyBuffer> buffer) {
   DCHECK_GT(buffer->GetRemainingSize(), 0u);
   total_size_ += buffer->GetRemainingSize();
   queue_.push_back(buffer.release());
diff --git a/chromium/net/spdy/spdy_read_queue.h b/chromium/net/spdy/spdy_read_queue.h
index 7c4172cecfb..bf85afbb12c 100644
--- a/chromium/net/spdy/spdy_read_queue.h
+++ b/chromium/net/spdy/spdy_read_queue.h
@@ -7,9 +7,9 @@
 
 #include <cstddef>
 #include <deque>
+#include <memory>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 
 namespace net {
@@ -30,7 +30,7 @@ class NET_EXPORT_PRIVATE SpdyReadQueue {
   size_t GetTotalSize() const;
 
   // Enqueues the bytes in |buffer|.
-  void Enqueue(scoped_ptr<SpdyBuffer> buffer);
+  void Enqueue(std::unique_ptr<SpdyBuffer> buffer);
 
   // Dequeues up to |len| (which must be positive) bytes into
   // |out|. Returns the number of bytes dequeued.
diff --git a/chromium/net/spdy/spdy_read_queue_unittest.cc b/chromium/net/spdy/spdy_read_queue_unittest.cc
index 7281f6857cf..468764dabad 100644
--- a/chromium/net/spdy/spdy_read_queue_unittest.cc
+++ b/chromium/net/spdy/spdy_read_queue_unittest.cc
@@ -6,9 +6,9 @@
 
 #include <algorithm>
 #include <cstddef>
+#include <memory>
 #include <string>
 
-#include "base/memory/scoped_ptr.h"
 #include "base/stl_util.h"
 #include "net/spdy/spdy_buffer.h"
 #include "testing/gtest/include/gtest/gtest.h"
@@ -30,8 +30,8 @@ void EnqueueString(const std::string& data,
   size_t old_total_size = queue->GetTotalSize();
   for (size_t i = 0; i < data.size();) {
     size_t buffer_size = std::min(data.size() - i, max_buffer_size);
-    queue->Enqueue(
-        scoped_ptr<SpdyBuffer>(new SpdyBuffer(data.data() + i, buffer_size)));
+    queue->Enqueue(std::unique_ptr<SpdyBuffer>(
+        new SpdyBuffer(data.data() + i, buffer_size)));
     i += buffer_size;
     EXPECT_FALSE(queue->IsEmpty());
     EXPECT_EQ(old_total_size + i, queue->GetTotalSize());
@@ -46,7 +46,7 @@ std::string DrainToString(size_t max_buffer_size, SpdyReadQueue* queue) {
   // Pad the buffer so we can detect out-of-bound writes.
   size_t padding = std::max(static_cast<size_t>(4096), queue->GetTotalSize());
   size_t buffer_size_with_padding = padding + max_buffer_size + padding;
-  scoped_ptr<char[]> buffer(new char[buffer_size_with_padding]);
+  std::unique_ptr<char[]> buffer(new char[buffer_size_with_padding]);
   std::memset(buffer.get(), 0, buffer_size_with_padding);
   char* buffer_data = buffer.get() + padding;
 
diff --git a/chromium/net/spdy/spdy_session.cc b/chromium/net/spdy/spdy_session.cc
index d4c6f06c08b..76b74a5e0bd 100644
--- a/chromium/net/spdy/spdy_session.cc
+++ b/chromium/net/spdy/spdy_session.cc
@@ -22,7 +22,7 @@
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
 #include "base/strings/utf_string_conversions.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/time/time.h"
 #include "base/trace_event/trace_event.h"
 #include "base/values.h"
@@ -61,29 +61,15 @@ const int kHungIntervalSeconds = 10;
 // Minimum seconds that unclaimed pushed streams will be kept in memory.
 const int kMinPushedStreamLifetimeSeconds = 300;
 
-scoped_ptr<base::ListValue> SpdyHeaderBlockToListValue(
-    const SpdyHeaderBlock& headers,
-    NetLogCaptureMode capture_mode) {
-  scoped_ptr<base::ListValue> headers_list(new base::ListValue());
-  for (SpdyHeaderBlock::const_iterator it = headers.begin();
-       it != headers.end(); ++it) {
-    headers_list->AppendString(
-        it->first.as_string() + ": " +
-        ElideHeaderValueForNetLog(capture_mode, it->first.as_string(),
-                                  it->second.as_string()));
-  }
-  return headers_list;
-}
-
-scoped_ptr<base::Value> NetLogSpdySynStreamSentCallback(
+std::unique_ptr<base::Value> NetLogSpdySynStreamSentCallback(
     const SpdyHeaderBlock* headers,
     bool fin,
     bool unidirectional,
     SpdyPriority spdy_priority,
     SpdyStreamId stream_id,
     NetLogCaptureMode capture_mode) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
-  dict->Set("headers", SpdyHeaderBlockToListValue(*headers, capture_mode));
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  dict->Set("headers", ElideSpdyHeaderBlockForNetLog(*headers, capture_mode));
   dict->SetBoolean("fin", fin);
   dict->SetBoolean("unidirectional", unidirectional);
   dict->SetInteger("priority", static_cast<int>(spdy_priority));
@@ -91,7 +77,7 @@ scoped_ptr<base::Value> NetLogSpdySynStreamSentCallback(
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogSpdyHeadersSentCallback(
+std::unique_ptr<base::Value> NetLogSpdyHeadersSentCallback(
     const SpdyHeaderBlock* headers,
     bool fin,
     SpdyStreamId stream_id,
@@ -100,8 +86,8 @@ scoped_ptr<base::Value> NetLogSpdyHeadersSentCallback(
     SpdyStreamId parent_stream_id,
     bool exclusive,
     NetLogCaptureMode capture_mode) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
-  dict->Set("headers", SpdyHeaderBlockToListValue(*headers, capture_mode));
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  dict->Set("headers", ElideSpdyHeaderBlockForNetLog(*headers, capture_mode));
   dict->SetBoolean("fin", fin);
   dict->SetInteger("stream_id", stream_id);
   dict->SetBoolean("has_priority", has_priority);
@@ -113,7 +99,7 @@ scoped_ptr<base::Value> NetLogSpdyHeadersSentCallback(
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogSpdySynStreamReceivedCallback(
+std::unique_ptr<base::Value> NetLogSpdySynStreamReceivedCallback(
     const SpdyHeaderBlock* headers,
     bool fin,
     bool unidirectional,
@@ -121,8 +107,8 @@ scoped_ptr<base::Value> NetLogSpdySynStreamReceivedCallback(
     SpdyStreamId stream_id,
     SpdyStreamId associated_stream,
     NetLogCaptureMode capture_mode) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
-  dict->Set("headers", SpdyHeaderBlockToListValue(*headers, capture_mode));
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  dict->Set("headers", ElideSpdyHeaderBlockForNetLog(*headers, capture_mode));
   dict->SetBoolean("fin", fin);
   dict->SetBoolean("unidirectional", unidirectional);
   dict->SetInteger("priority", static_cast<int>(spdy_priority));
@@ -131,42 +117,42 @@ scoped_ptr<base::Value> NetLogSpdySynStreamReceivedCallback(
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogSpdySynReplyOrHeadersReceivedCallback(
+std::unique_ptr<base::Value> NetLogSpdySynReplyOrHeadersReceivedCallback(
     const SpdyHeaderBlock* headers,
     bool fin,
     SpdyStreamId stream_id,
     NetLogCaptureMode capture_mode) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
-  dict->Set("headers", SpdyHeaderBlockToListValue(*headers, capture_mode));
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  dict->Set("headers", ElideSpdyHeaderBlockForNetLog(*headers, capture_mode));
   dict->SetBoolean("fin", fin);
   dict->SetInteger("stream_id", stream_id);
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogSpdySessionCloseCallback(
+std::unique_ptr<base::Value> NetLogSpdySessionCloseCallback(
     int net_error,
     const std::string* description,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetInteger("net_error", net_error);
   dict->SetString("description", *description);
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogSpdySessionCallback(
+std::unique_ptr<base::Value> NetLogSpdySessionCallback(
     const HostPortProxyPair* host_pair,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetString("host", host_pair->first.ToString());
   dict->SetString("proxy", host_pair->second.ToPacString());
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogSpdyInitializedCallback(
+std::unique_ptr<base::Value> NetLogSpdyInitializedCallback(
     NetLog::Source source,
     const NextProto protocol_version,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   if (source.IsValid()) {
     source.AddToEventParameters(dict.get());
   }
@@ -175,23 +161,23 @@ scoped_ptr<base::Value> NetLogSpdyInitializedCallback(
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogSpdySettingsCallback(
+std::unique_ptr<base::Value> NetLogSpdySettingsCallback(
     const HostPortPair& host_port_pair,
     bool clear_persisted,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetString("host", host_port_pair.ToString());
   dict->SetBoolean("clear_persisted", clear_persisted);
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogSpdySettingCallback(
+std::unique_ptr<base::Value> NetLogSpdySettingCallback(
     SpdySettingsIds id,
     const SpdyMajorVersion protocol_version,
     SpdySettingsFlags flags,
     uint32_t value,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetInteger("id",
                    SpdyConstants::SerializeSettingId(protocol_version, id));
   dict->SetInteger("flags", flags);
@@ -199,12 +185,12 @@ scoped_ptr<base::Value> NetLogSpdySettingCallback(
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogSpdySendSettingsCallback(
+std::unique_ptr<base::Value> NetLogSpdySendSettingsCallback(
     const SettingsMap* settings,
     const SpdyMajorVersion protocol_version,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
-  scoped_ptr<base::ListValue> settings_list(new base::ListValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::ListValue> settings_list(new base::ListValue());
   for (SettingsMap::const_iterator it = settings->begin();
        it != settings->end(); ++it) {
     const SpdySettingsIds id = it->first;
@@ -220,70 +206,70 @@ scoped_ptr<base::Value> NetLogSpdySendSettingsCallback(
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogSpdyWindowUpdateFrameCallback(
+std::unique_ptr<base::Value> NetLogSpdyWindowUpdateFrameCallback(
     SpdyStreamId stream_id,
     uint32_t delta,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetInteger("stream_id", static_cast<int>(stream_id));
   dict->SetInteger("delta", delta);
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogSpdySessionWindowUpdateCallback(
+std::unique_ptr<base::Value> NetLogSpdySessionWindowUpdateCallback(
     int32_t delta,
     int32_t window_size,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetInteger("delta", delta);
   dict->SetInteger("window_size", window_size);
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogSpdyDataCallback(
+std::unique_ptr<base::Value> NetLogSpdyDataCallback(
     SpdyStreamId stream_id,
     int size,
     bool fin,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetInteger("stream_id", static_cast<int>(stream_id));
   dict->SetInteger("size", size);
   dict->SetBoolean("fin", fin);
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogSpdyRstCallback(
+std::unique_ptr<base::Value> NetLogSpdyRstCallback(
     SpdyStreamId stream_id,
     int status,
     const std::string* description,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetInteger("stream_id", static_cast<int>(stream_id));
   dict->SetInteger("status", status);
   dict->SetString("description", *description);
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogSpdyPingCallback(
+std::unique_ptr<base::Value> NetLogSpdyPingCallback(
     SpdyPingId unique_id,
     bool is_ack,
     const char* type,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetInteger("unique_id", static_cast<int>(unique_id));
   dict->SetString("type", type);
   dict->SetBoolean("is_ack", is_ack);
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogSpdyGoAwayCallback(
+std::unique_ptr<base::Value> NetLogSpdyGoAwayCallback(
     SpdyStreamId last_stream_id,
     int active_streams,
     int unclaimed_streams,
     SpdyGoAwayStatus status,
-    StringPiece debug_data,
+    base::StringPiece debug_data,
     NetLogCaptureMode capture_mode) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetInteger("last_accepted_stream_id",
                    static_cast<int>(last_stream_id));
   dict->SetInteger("active_streams", active_streams);
@@ -294,23 +280,23 @@ scoped_ptr<base::Value> NetLogSpdyGoAwayCallback(
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogSpdyPushPromiseReceivedCallback(
+std::unique_ptr<base::Value> NetLogSpdyPushPromiseReceivedCallback(
     const SpdyHeaderBlock* headers,
     SpdyStreamId stream_id,
     SpdyStreamId promised_stream_id,
     NetLogCaptureMode capture_mode) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
-  dict->Set("headers", SpdyHeaderBlockToListValue(*headers, capture_mode));
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  dict->Set("headers", ElideSpdyHeaderBlockForNetLog(*headers, capture_mode));
   dict->SetInteger("id", stream_id);
   dict->SetInteger("promised_stream_id", promised_stream_id);
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogSpdyAdoptedPushStreamCallback(
+std::unique_ptr<base::Value> NetLogSpdyAdoptedPushStreamCallback(
     SpdyStreamId stream_id,
     const GURL* url,
     NetLogCaptureMode capture_mode) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetInteger("stream_id", stream_id);
   dict->SetString("url", url->spec());
   return std::move(dict);
@@ -368,6 +354,8 @@ SpdyProtocolErrorDetails MapFramerErrorToProtocolError(
       return SPDY_ERROR_GOAWAY_FRAME_CORRUPT;
     case SpdyFramer::SPDY_RST_STREAM_FRAME_CORRUPT:
       return SPDY_ERROR_RST_STREAM_FRAME_CORRUPT;
+    case SpdyFramer::SPDY_INVALID_PADDING:
+      return SPDY_ERROR_INVALID_PADDING;
     case SpdyFramer::SPDY_INVALID_DATA_FRAME_FLAGS:
       return SPDY_ERROR_INVALID_DATA_FRAME_FLAGS;
     case SpdyFramer::SPDY_INVALID_CONTROL_FRAME_FLAGS:
@@ -376,6 +364,8 @@ SpdyProtocolErrorDetails MapFramerErrorToProtocolError(
       return SPDY_ERROR_UNEXPECTED_FRAME;
     case SpdyFramer::SPDY_INVALID_CONTROL_FRAME_SIZE:
       return SPDY_ERROR_INVALID_CONTROL_FRAME_SIZE;
+    case SpdyFramer::SPDY_INVALID_STREAM_ID:
+      return SPDY_ERROR_INVALID_STREAM_ID;
     default:
       NOTREACHED();
       return static_cast<SpdyProtocolErrorDetails>(-1);
@@ -402,6 +392,8 @@ Error MapFramerErrorToNetError(SpdyFramer::SpdyError err) {
       return ERR_SPDY_PROTOCOL_ERROR;
     case SpdyFramer::SPDY_RST_STREAM_FRAME_CORRUPT:
       return ERR_SPDY_PROTOCOL_ERROR;
+    case SpdyFramer::SPDY_INVALID_PADDING:
+      return ERR_SPDY_PROTOCOL_ERROR;
     case SpdyFramer::SPDY_INVALID_DATA_FRAME_FLAGS:
       return ERR_SPDY_PROTOCOL_ERROR;
     case SpdyFramer::SPDY_INVALID_CONTROL_FRAME_FLAGS:
@@ -410,6 +402,8 @@ Error MapFramerErrorToNetError(SpdyFramer::SpdyError err) {
       return ERR_SPDY_PROTOCOL_ERROR;
     case SpdyFramer::SPDY_INVALID_CONTROL_FRAME_SIZE:
       return ERR_SPDY_FRAME_SIZE_ERROR;
+    case SpdyFramer::SPDY_INVALID_STREAM_ID:
+      return ERR_SPDY_PROTOCOL_ERROR;
     default:
       NOTREACHED();
       return ERR_SPDY_PROTOCOL_ERROR;
@@ -770,7 +764,7 @@ SpdySession::~SpdySession() {
 }
 
 void SpdySession::InitializeWithSocket(
-    scoped_ptr<ClientSocketHandle> connection,
+    std::unique_ptr<ClientSocketHandle> connection,
     SpdySessionPool* pool,
     bool is_secure,
     int certificate_error_code) {
@@ -946,7 +940,7 @@ int SpdySession::CreateStream(const SpdyStreamRequest& request,
     return ERR_CONNECTION_CLOSED;
   }
 
-  scoped_ptr<SpdyStream> new_stream(
+  std::unique_ptr<SpdyStream> new_stream(
       new SpdyStream(request.type(), GetWeakPtr(), request.url(),
                      request.priority(), stream_initial_send_window_size_,
                      stream_max_recv_window_size_, request.net_log()));
@@ -1083,14 +1077,14 @@ bool SpdySession::CloseOneIdleConnection() {
 void SpdySession::EnqueueStreamWrite(
     const base::WeakPtr<SpdyStream>& stream,
     SpdyFrameType frame_type,
-    scoped_ptr<SpdyBufferProducer> producer) {
+    std::unique_ptr<SpdyBufferProducer> producer) {
   DCHECK(frame_type == HEADERS ||
          frame_type == DATA ||
          frame_type == SYN_STREAM);
   EnqueueWrite(stream->priority(), frame_type, std::move(producer), stream);
 }
 
-scoped_ptr<SpdySerializedFrame> SpdySession::CreateSynStream(
+std::unique_ptr<SpdySerializedFrame> SpdySession::CreateSynStream(
     SpdyStreamId stream_id,
     RequestPriority priority,
     SpdyControlFlags flags,
@@ -1105,7 +1099,7 @@ scoped_ptr<SpdySerializedFrame> SpdySession::CreateSynStream(
   SpdyPriority spdy_priority =
       ConvertRequestPriorityToSpdyPriority(priority, GetProtocolVersion());
 
-  scoped_ptr<SpdySerializedFrame> syn_frame;
+  std::unique_ptr<SpdySerializedFrame> syn_frame;
   // TODO(hkhalil): Avoid copy of |block|.
   if (GetProtocolVersion() <= SPDY3) {
     SpdySynStreamIR syn_stream(stream_id);
@@ -1158,12 +1152,13 @@ scoped_ptr<SpdySerializedFrame> SpdySession::CreateSynStream(
   return syn_frame;
 }
 
-scoped_ptr<SpdyBuffer> SpdySession::CreateDataBuffer(SpdyStreamId stream_id,
-                                                     IOBuffer* data,
-                                                     int len,
-                                                     SpdyDataFlags flags) {
+std::unique_ptr<SpdyBuffer> SpdySession::CreateDataBuffer(
+    SpdyStreamId stream_id,
+    IOBuffer* data,
+    int len,
+    SpdyDataFlags flags) {
   if (availability_state_ == STATE_DRAINING) {
-    return scoped_ptr<SpdyBuffer>();
+    return std::unique_ptr<SpdyBuffer>();
   }
 
   ActiveStreamMap::const_iterator it = active_streams_.find(stream_id);
@@ -1173,7 +1168,7 @@ scoped_ptr<SpdyBuffer> SpdySession::CreateDataBuffer(SpdyStreamId stream_id,
 
   if (len < 0) {
     NOTREACHED();
-    return scoped_ptr<SpdyBuffer>();
+    return std::unique_ptr<SpdyBuffer>();
   }
 
   int effective_len = std::min(len, kMaxSpdyFrameChunkSize);
@@ -1213,7 +1208,7 @@ scoped_ptr<SpdyBuffer> SpdySession::CreateDataBuffer(SpdyStreamId stream_id,
     net_log().AddEvent(
         NetLog::TYPE_HTTP2_SESSION_STREAM_STALLED_BY_STREAM_SEND_WINDOW,
         NetLog::IntCallback("stream_id", stream_id));
-    return scoped_ptr<SpdyBuffer>();
+    return std::unique_ptr<SpdyBuffer>();
   }
 
   effective_len = std::min(effective_len, stream->send_window_size());
@@ -1225,7 +1220,7 @@ scoped_ptr<SpdyBuffer> SpdySession::CreateDataBuffer(SpdyStreamId stream_id,
     net_log().AddEvent(
         NetLog::TYPE_HTTP2_SESSION_STREAM_STALLED_BY_SESSION_SEND_WINDOW,
         NetLog::IntCallback("stream_id", stream_id));
-    return scoped_ptr<SpdyBuffer>();
+    return std::unique_ptr<SpdyBuffer>();
   }
 
   effective_len = std::min(effective_len, session_send_window_size_);
@@ -1249,10 +1244,12 @@ scoped_ptr<SpdyBuffer> SpdySession::CreateDataBuffer(SpdyStreamId stream_id,
 
   // TODO(mbelshe): reduce memory copies here.
   DCHECK(buffered_spdy_framer_.get());
-  scoped_ptr<SpdySerializedFrame> frame(buffered_spdy_framer_->CreateDataFrame(
-      stream_id, data->data(), static_cast<uint32_t>(effective_len), flags));
+  std::unique_ptr<SpdySerializedFrame> frame(
+      buffered_spdy_framer_->CreateDataFrame(
+          stream_id, data->data(), static_cast<uint32_t>(effective_len),
+          flags));
 
-  scoped_ptr<SpdyBuffer> data_buffer(new SpdyBuffer(std::move(frame)));
+  std::unique_ptr<SpdyBuffer> data_buffer(new SpdyBuffer(std::move(frame)));
 
   // Send window size is based on payload size, so nothing to do if this is
   // just a FIN with no payload.
@@ -1321,7 +1318,7 @@ void SpdySession::CloseActiveStreamIterator(ActiveStreamMap::iterator it,
   // TODO(mbelshe): We should send a RST_STREAM control frame here
   //                so that the server can cancel a large send.
 
-  scoped_ptr<SpdyStream> owned_stream(it->second.stream);
+  std::unique_ptr<SpdyStream> owned_stream(it->second.stream);
   active_streams_.erase(it);
   if (priority_dependencies_enabled_)
     priority_dependency_state_.OnStreamDestruction(owned_stream->stream_id());
@@ -1352,7 +1349,7 @@ void SpdySession::CloseActiveStreamIterator(ActiveStreamMap::iterator it,
 
 void SpdySession::CloseCreatedStreamIterator(CreatedStreamSet::iterator it,
                                              int status) {
-  scoped_ptr<SpdyStream> owned_stream(*it);
+  std::unique_ptr<SpdyStream> owned_stream(*it);
   created_streams_.erase(it);
   DeleteStream(std::move(owned_stream), status);
 }
@@ -1382,7 +1379,7 @@ void SpdySession::EnqueueResetStreamFrame(SpdyStreamId stream_id,
       base::Bind(&NetLogSpdyRstCallback, stream_id, status, &description));
 
   DCHECK(buffered_spdy_framer_.get());
-  scoped_ptr<SpdySerializedFrame> rst_frame(
+  std::unique_ptr<SpdySerializedFrame> rst_frame(
       buffered_spdy_framer_->CreateRstStream(stream_id, status));
 
   EnqueueSessionWrite(priority, RST_STREAM, std::move(rst_frame));
@@ -1573,7 +1570,7 @@ int SpdySession::DoWrite() {
   } else {
     // Grab the next frame to send.
     SpdyFrameType frame_type = DATA;
-    scoped_ptr<SpdyBufferProducer> producer;
+    std::unique_ptr<SpdyBufferProducer> producer;
     base::WeakPtr<SpdyStream> stream;
     if (!write_queue_.Dequeue(&frame_type, &producer, &stream)) {
       write_state_ = WRITE_STATE_IDLE;
@@ -1588,7 +1585,7 @@ int SpdySession::DoWrite() {
     if (frame_type == SYN_STREAM) {
       CHECK(stream.get());
       CHECK_EQ(stream->stream_id(), 0u);
-      scoped_ptr<SpdyStream> owned_stream =
+      std::unique_ptr<SpdyStream> owned_stream =
           ActivateCreatedStream(stream.get());
       InsertActivatedStream(std::move(owned_stream));
 
@@ -1781,9 +1778,10 @@ void SpdySession::DoDrainSession(Error err, const std::string& description) {
     SpdyGoAwayIR goaway_ir(last_accepted_push_stream_id_,
                            MapNetErrorToGoAwayStatus(err),
                            description);
-    EnqueueSessionWrite(HIGHEST, GOAWAY,
-                        scoped_ptr<SpdySerializedFrame>(new SpdySerializedFrame(
-                            buffered_spdy_framer_->SerializeFrame(goaway_ir))));
+    EnqueueSessionWrite(
+        HIGHEST, GOAWAY,
+        std::unique_ptr<SpdySerializedFrame>(new SpdySerializedFrame(
+            buffered_spdy_framer_->SerializeFrame(goaway_ir))));
   }
 
   availability_state_ = STATE_DRAINING;
@@ -1850,14 +1848,14 @@ void SpdySession::MakeUnavailable() {
   }
 }
 
-scoped_ptr<base::Value> SpdySession::GetInfoAsValue() const {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+std::unique_ptr<base::Value> SpdySession::GetInfoAsValue() const {
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
 
   dict->SetInteger("source_id", net_log_.source().id);
 
   dict->SetString("host_port_pair", host_port_pair().ToString());
   if (!pooled_aliases_.empty()) {
-    scoped_ptr<base::ListValue> alias_list(new base::ListValue());
+    std::unique_ptr<base::ListValue> alias_list(new base::ListValue());
     for (const auto& alias : pooled_aliases_) {
       alias_list->AppendString(alias.host_port_pair().ToString());
     }
@@ -1941,21 +1939,23 @@ int SpdySession::GetLocalAddress(IPEndPoint* address) const {
   return rv;
 }
 
-void SpdySession::EnqueueSessionWrite(RequestPriority priority,
-                                      SpdyFrameType frame_type,
-                                      scoped_ptr<SpdySerializedFrame> frame) {
+void SpdySession::EnqueueSessionWrite(
+    RequestPriority priority,
+    SpdyFrameType frame_type,
+    std::unique_ptr<SpdySerializedFrame> frame) {
   DCHECK(frame_type == RST_STREAM || frame_type == SETTINGS ||
          frame_type == WINDOW_UPDATE || frame_type == PING ||
          frame_type == GOAWAY);
-  EnqueueWrite(priority, frame_type,
-               scoped_ptr<SpdyBufferProducer>(new SimpleBufferProducer(
-                   scoped_ptr<SpdyBuffer>(new SpdyBuffer(std::move(frame))))),
-               base::WeakPtr<SpdyStream>());
+  EnqueueWrite(
+      priority, frame_type,
+      std::unique_ptr<SpdyBufferProducer>(new SimpleBufferProducer(
+          std::unique_ptr<SpdyBuffer>(new SpdyBuffer(std::move(frame))))),
+      base::WeakPtr<SpdyStream>());
 }
 
 void SpdySession::EnqueueWrite(RequestPriority priority,
                                SpdyFrameType frame_type,
-                               scoped_ptr<SpdyBufferProducer> producer,
+                               std::unique_ptr<SpdyBufferProducer> producer,
                                const base::WeakPtr<SpdyStream>& stream) {
   if (availability_state_ == STATE_DRAINING)
     return;
@@ -1975,22 +1975,23 @@ void SpdySession::MaybePostWriteLoop() {
   }
 }
 
-void SpdySession::InsertCreatedStream(scoped_ptr<SpdyStream> stream) {
+void SpdySession::InsertCreatedStream(std::unique_ptr<SpdyStream> stream) {
   CHECK_EQ(stream->stream_id(), 0u);
   CHECK(created_streams_.find(stream.get()) == created_streams_.end());
   created_streams_.insert(stream.release());
 }
 
-scoped_ptr<SpdyStream> SpdySession::ActivateCreatedStream(SpdyStream* stream) {
+std::unique_ptr<SpdyStream> SpdySession::ActivateCreatedStream(
+    SpdyStream* stream) {
   CHECK_EQ(stream->stream_id(), 0u);
   CHECK(created_streams_.find(stream) != created_streams_.end());
   stream->set_stream_id(GetNewStreamId());
-  scoped_ptr<SpdyStream> owned_stream(stream);
+  std::unique_ptr<SpdyStream> owned_stream(stream);
   created_streams_.erase(stream);
   return owned_stream;
 }
 
-void SpdySession::InsertActivatedStream(scoped_ptr<SpdyStream> stream) {
+void SpdySession::InsertActivatedStream(std::unique_ptr<SpdyStream> stream) {
   SpdyStreamId stream_id = stream->stream_id();
   CHECK_NE(stream_id, 0u);
   std::pair<ActiveStreamMap::iterator, bool> result =
@@ -2000,7 +2001,7 @@ void SpdySession::InsertActivatedStream(scoped_ptr<SpdyStream> stream) {
   ignore_result(stream.release());
 }
 
-void SpdySession::DeleteStream(scoped_ptr<SpdyStream> stream, int status) {
+void SpdySession::DeleteStream(std::unique_ptr<SpdyStream> stream, int status) {
   if (in_flight_write_stream_.get() == stream.get()) {
     // If we're deleting the stream for the in-flight write, we still
     // need to let the write complete, so we clear
@@ -2038,6 +2039,11 @@ base::WeakPtr<SpdyStream> SpdySession::GetActivePushStream(const GURL& url) {
   return active_it->second.stream->GetWeakPtr();
 }
 
+url::SchemeHostPort SpdySession::GetServer() {
+  return url::SchemeHostPort(is_secure_ ? "https" : "http",
+                             host_port_pair().host(), host_port_pair().port());
+}
+
 bool SpdySession::GetSSLInfo(SSLInfo* ssl_info,
                              bool* was_npn_negotiated,
                              NextProto* protocol_negotiated) {
@@ -2105,14 +2111,13 @@ void SpdySession::OnDataFrameHeader(SpdyStreamId stream_id,
 
 void SpdySession::OnStreamFrameData(SpdyStreamId stream_id,
                                     const char* data,
-                                    size_t len,
-                                    bool fin) {
+                                    size_t len) {
   CHECK(in_io_loop_);
   DCHECK_LT(len, 1u << 24);
   if (net_log().IsCapturing()) {
     net_log().AddEvent(
         NetLog::TYPE_HTTP2_SESSION_RECV_DATA,
-        base::Bind(&NetLogSpdyDataCallback, stream_id, len, fin));
+        base::Bind(&NetLogSpdyDataCallback, stream_id, len, false));
   }
 
   // Build the buffer as early as possible so that we go through the
@@ -2120,7 +2125,7 @@ void SpdySession::OnStreamFrameData(SpdyStreamId stream_id,
   // |unacked_recv_window_bytes_| properly even when the stream is
   // inactive (since the other side has still reduced its session send
   // window).
-  scoped_ptr<SpdyBuffer> buffer;
+  std::unique_ptr<SpdyBuffer> buffer;
   if (data) {
     DCHECK_GT(len, 0u);
     CHECK_LE(len, static_cast<size_t>(kReadBufferSize));
@@ -2154,6 +2159,39 @@ void SpdySession::OnStreamFrameData(SpdyStreamId stream_id,
   stream->OnDataReceived(std::move(buffer));
 }
 
+void SpdySession::OnStreamEnd(SpdyStreamId stream_id) {
+  CHECK(in_io_loop_);
+  if (net_log().IsCapturing()) {
+    net_log().AddEvent(NetLog::TYPE_HTTP2_SESSION_RECV_DATA,
+                       base::Bind(&NetLogSpdyDataCallback, stream_id, 0, true));
+  }
+
+  // Build the buffer as early as possible so that we go through the
+  // session flow control checks and update
+  // |unacked_recv_window_bytes_| properly even when the stream is
+  // inactive (since the other side has still reduced its session send
+  // window).
+  std::unique_ptr<SpdyBuffer> buffer;
+
+  ActiveStreamMap::iterator it = active_streams_.find(stream_id);
+
+  // By the time data comes in, the stream may already be inactive.
+  if (it == active_streams_.end())
+    return;
+
+  SpdyStream* stream = it->second.stream;
+  CHECK_EQ(stream->stream_id(), stream_id);
+
+  if (it->second.waiting_for_syn_reply) {
+    const std::string& error = "Data received before SYN_REPLY.";
+    stream->LogStreamError(ERR_SPDY_PROTOCOL_ERROR, error);
+    ResetStreamIterator(it, RST_STREAM_PROTOCOL_ERROR, error);
+    return;
+  }
+
+  stream->OnDataReceived(std::move(buffer));
+}
+
 void SpdySession::OnStreamPadding(SpdyStreamId stream_id, size_t len) {
   CHECK(in_io_loop_);
 
@@ -2184,7 +2222,7 @@ void SpdySession::OnSettings(bool clear_persisted) {
   CHECK(in_io_loop_);
 
   if (clear_persisted)
-    http_server_properties_->ClearSpdySettings(host_port_pair());
+    http_server_properties_->ClearSpdySettings(GetServer());
 
   if (net_log_.IsCapturing()) {
     net_log_.AddEvent(NetLog::TYPE_HTTP2_SESSION_RECV_SETTINGS,
@@ -2198,7 +2236,7 @@ void SpdySession::OnSettings(bool clear_persisted) {
     settings_ir.set_is_ack(true);
     EnqueueSessionWrite(
         HIGHEST, SETTINGS,
-        scoped_ptr<SpdySerializedFrame>(new SpdySerializedFrame(
+        std::unique_ptr<SpdySerializedFrame>(new SpdySerializedFrame(
             buffered_spdy_framer_->SerializeFrame(settings_ir))));
   }
 }
@@ -2208,10 +2246,7 @@ void SpdySession::OnSetting(SpdySettingsIds id, uint8_t flags, uint32_t value) {
 
   HandleSetting(id, value);
   http_server_properties_->SetSpdySetting(
-      host_port_pair(),
-      id,
-      static_cast<SpdySettingsFlags>(flags),
-      value);
+      GetServer(), id, static_cast<SpdySettingsFlags>(flags), value);
   received_settings_ = true;
 
   // Log the setting.
@@ -2492,7 +2527,7 @@ void SpdySession::OnRstStream(SpdyStreamId stream_id,
   CHECK_EQ(it->second.stream->stream_id(), stream_id);
 
   if (status == 0) {
-    it->second.stream->OnDataReceived(scoped_ptr<SpdyBuffer>());
+    it->second.stream->OnDataReceived(std::unique_ptr<SpdyBuffer>());
   } else if (status == RST_STREAM_REFUSED_STREAM) {
     CloseActiveStreamIterator(it, ERR_SPDY_SERVER_REFUSED_STREAM);
   } else if (status == RST_STREAM_HTTP_1_1_REQUIRED) {
@@ -2516,7 +2551,7 @@ void SpdySession::OnRstStream(SpdyStreamId stream_id,
 
 void SpdySession::OnGoAway(SpdyStreamId last_accepted_stream_id,
                            SpdyGoAwayStatus status,
-                           StringPiece debug_data) {
+                           base::StringPiece debug_data) {
   CHECK(in_io_loop_);
 
   // TODO(jgraettinger): UMA histogram on |status|.
@@ -2767,7 +2802,7 @@ bool SpdySession::TryCreatePushStream(SpdyStreamId stream_id,
     return false;
   }
 
-  scoped_ptr<SpdyStream> stream(
+  std::unique_ptr<SpdyStream> stream(
       new SpdyStream(SPDY_PUSH_STREAM, GetWeakPtr(), gurl, request_priority,
                      stream_initial_send_window_size_,
                      stream_max_recv_window_size_, net_log_));
@@ -2834,7 +2869,7 @@ void SpdySession::SendInitialData() {
 
   if (send_connection_header_prefix_) {
     DCHECK_EQ(protocol_, kProtoHTTP2);
-    scoped_ptr<SpdySerializedFrame> connection_header_prefix_frame(
+    std::unique_ptr<SpdySerializedFrame> connection_header_prefix_frame(
         new SpdySerializedFrame(const_cast<char*>(kHttp2ConnectionHeaderPrefix),
                                 kHttp2ConnectionHeaderPrefixSize,
                                 false /* take_ownership */));
@@ -2874,7 +2909,7 @@ void SpdySession::SendInitialData() {
     // previously told us to use when communicating with them (after
     // applying them).
     const SettingsMap& server_settings_map =
-        http_server_properties_->GetSpdySettings(host_port_pair());
+        http_server_properties_->GetSpdySettings(GetServer());
     if (server_settings_map.empty())
       return;
 
@@ -2902,7 +2937,7 @@ void SpdySession::SendSettings(const SettingsMap& settings) {
       base::Bind(&NetLogSpdySendSettingsCallback, &settings, protocol_version));
   // Create the SETTINGS frame and send it.
   DCHECK(buffered_spdy_framer_.get());
-  scoped_ptr<SpdySerializedFrame> settings_frame(
+  std::unique_ptr<SpdySerializedFrame> settings_frame(
       buffered_spdy_framer_->CreateSettings(settings));
   sent_settings_ = true;
   EnqueueSessionWrite(HIGHEST, SETTINGS, std::move(settings_frame));
@@ -2977,14 +3012,14 @@ void SpdySession::SendWindowUpdateFrame(SpdyStreamId stream_id,
                                delta_window_size));
 
   DCHECK(buffered_spdy_framer_.get());
-  scoped_ptr<SpdySerializedFrame> window_update_frame(
+  std::unique_ptr<SpdySerializedFrame> window_update_frame(
       buffered_spdy_framer_->CreateWindowUpdate(stream_id, delta_window_size));
   EnqueueSessionWrite(priority, WINDOW_UPDATE, std::move(window_update_frame));
 }
 
 void SpdySession::WritePingFrame(SpdyPingId unique_id, bool is_ack) {
   DCHECK(buffered_spdy_framer_.get());
-  scoped_ptr<SpdySerializedFrame> ping_frame(
+  std::unique_ptr<SpdySerializedFrame> ping_frame(
       buffered_spdy_framer_->CreatePingFrame(unique_id, is_ack));
   EnqueueSessionWrite(HIGHEST, PING, std::move(ping_frame));
 
@@ -3081,7 +3116,7 @@ void SpdySession::RecordHistograms() {
   if (received_settings_) {
     // Enumerate the saved settings, and set histograms for it.
     const SettingsMap& settings_map =
-        http_server_properties_->GetSpdySettings(host_port_pair());
+        http_server_properties_->GetSpdySettings(GetServer());
 
     SettingsMap::const_iterator it;
     for (it = settings_map.begin(); it != settings_map.end(); ++it) {
diff --git a/chromium/net/spdy/spdy_session.h b/chromium/net/spdy/spdy_session.h
index d99ae0b0f21..328420b1880 100644
--- a/chromium/net/spdy/spdy_session.h
+++ b/chromium/net/spdy/spdy_session.h
@@ -10,6 +10,7 @@
 
 #include <deque>
 #include <map>
+#include <memory>
 #include <set>
 #include <string>
 #include <vector>
@@ -17,7 +18,6 @@
 #include "base/gtest_prod_util.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "base/time/time.h"
 #include "net/base/host_port_pair.h"
@@ -42,6 +42,7 @@
 #include "net/spdy/spdy_write_queue.h"
 #include "net/ssl/ssl_config_service.h"
 #include "url/gurl.h"
+#include "url/scheme_host_port.h"
 
 namespace net {
 
@@ -94,10 +95,12 @@ enum SpdyProtocolErrorDetails {
   SPDY_ERROR_COMPRESS_FAILURE = 6,
   SPDY_ERROR_GOAWAY_FRAME_CORRUPT = 29,
   SPDY_ERROR_RST_STREAM_FRAME_CORRUPT = 30,
+  SPDY_ERROR_INVALID_PADDING = 39,
   SPDY_ERROR_INVALID_DATA_FRAME_FLAGS = 8,
   SPDY_ERROR_INVALID_CONTROL_FRAME_FLAGS = 9,
   SPDY_ERROR_UNEXPECTED_FRAME = 31,
   SPDY_ERROR_INVALID_CONTROL_FRAME_SIZE = 37,
+  SPDY_ERROR_INVALID_STREAM_ID = 38,
   // SpdyRstStreamStatus mappings.
   // RST_STREAM_INVALID not mapped.
   STATUS_CODE_PROTOCOL_ERROR = 11,
@@ -126,7 +129,7 @@ enum SpdyProtocolErrorDetails {
   PROTOCOL_ERROR_RECEIVE_WINDOW_VIOLATION = 28,
 
   // Next free value.
-  NUM_SPDY_PROTOCOL_ERROR_DETAILS = 38,
+  NUM_SPDY_PROTOCOL_ERROR_DETAILS = 40,
 };
 SpdyProtocolErrorDetails NET_EXPORT_PRIVATE
     MapFramerErrorToProtocolError(SpdyFramer::SpdyError error);
@@ -137,7 +140,7 @@ SpdyGoAwayStatus NET_EXPORT_PRIVATE MapNetErrorToGoAwayStatus(Error err);
 
 // If these compile asserts fail then SpdyProtocolErrorDetails needs
 // to be updated with new values, as do the mapping functions above.
-static_assert(13 == SpdyFramer::LAST_ERROR,
+static_assert(15 == SpdyFramer::LAST_ERROR,
               "SpdyProtocolErrorDetails / Spdy Errors mismatch");
 static_assert(17 == RST_STREAM_NUM_STATUS_CODES,
               "SpdyProtocolErrorDetails / RstStreamStatus mismatch");
@@ -338,7 +341,7 @@ class NET_EXPORT SpdySession : public BufferedSpdyFramerVisitorInterface,
   // The session begins reading from |connection| on a subsequent event loop
   // iteration, so the SpdySession may close immediately afterwards if the first
   // read of |connection| fails.
-  void InitializeWithSocket(scoped_ptr<ClientSocketHandle> connection,
+  void InitializeWithSocket(std::unique_ptr<ClientSocketHandle> connection,
                             SpdySessionPool* pool,
                             bool is_secure,
                             int certificate_error_code);
@@ -364,10 +367,10 @@ class NET_EXPORT SpdySession : public BufferedSpdyFramerVisitorInterface,
   // producer is used to produce its frame.
   void EnqueueStreamWrite(const base::WeakPtr<SpdyStream>& stream,
                           SpdyFrameType frame_type,
-                          scoped_ptr<SpdyBufferProducer> producer);
+                          std::unique_ptr<SpdyBufferProducer> producer);
 
   // Creates and returns a SYN frame for |stream_id|.
-  scoped_ptr<SpdySerializedFrame> CreateSynStream(
+  std::unique_ptr<SpdySerializedFrame> CreateSynStream(
       SpdyStreamId stream_id,
       RequestPriority priority,
       SpdyControlFlags flags,
@@ -375,10 +378,10 @@ class NET_EXPORT SpdySession : public BufferedSpdyFramerVisitorInterface,
 
   // Creates and returns a SpdyBuffer holding a data frame with the
   // given data. May return NULL if stalled by flow control.
-  scoped_ptr<SpdyBuffer> CreateDataBuffer(SpdyStreamId stream_id,
-                                          IOBuffer* data,
-                                          int len,
-                                          SpdyDataFlags flags);
+  std::unique_ptr<SpdyBuffer> CreateDataBuffer(SpdyStreamId stream_id,
+                                               IOBuffer* data,
+                                               int len,
+                                               SpdyDataFlags flags);
 
   // Close the stream with the given ID, which must exist and be
   // active. Note that that stream may hold the last reference to the
@@ -404,6 +407,9 @@ class NET_EXPORT SpdySession : public BufferedSpdyFramerVisitorInterface,
   // status, such as "resolving host", "connecting", etc.
   LoadState GetLoadState() const;
 
+  // Returns server infomation in the form of (scheme/host/port).
+  url::SchemeHostPort GetServer();
+
   // Fills SSL info in |ssl_info| and returns true when SSL is in use.
   bool GetSSLInfo(SSLInfo* ssl_info,
                   bool* was_npn_negotiated,
@@ -454,7 +460,7 @@ class NET_EXPORT SpdySession : public BufferedSpdyFramerVisitorInterface,
 
   // Retrieves information on the current state of the SPDY session as a
   // Value.
-  scoped_ptr<base::Value> GetInfoAsValue() const;
+  std::unique_ptr<base::Value> GetInfoAsValue() const;
 
   // Indicates whether the session is being reused after having successfully
   // used to send/receive data in the past or if the underlying socket was idle
@@ -790,29 +796,29 @@ class NET_EXPORT SpdySession : public BufferedSpdyFramerVisitorInterface,
   // queue for the session.
   void EnqueueSessionWrite(RequestPriority priority,
                            SpdyFrameType frame_type,
-                           scoped_ptr<SpdySerializedFrame> frame);
+                           std::unique_ptr<SpdySerializedFrame> frame);
 
   // Puts |producer| associated with |stream| onto the write queue
   // with the given priority.
   void EnqueueWrite(RequestPriority priority,
                     SpdyFrameType frame_type,
-                    scoped_ptr<SpdyBufferProducer> producer,
+                    std::unique_ptr<SpdyBufferProducer> producer,
                     const base::WeakPtr<SpdyStream>& stream);
 
   // Inserts a newly-created stream into |created_streams_|.
-  void InsertCreatedStream(scoped_ptr<SpdyStream> stream);
+  void InsertCreatedStream(std::unique_ptr<SpdyStream> stream);
 
   // Activates |stream| (which must be in |created_streams_|) by
   // assigning it an ID and returns it.
-  scoped_ptr<SpdyStream> ActivateCreatedStream(SpdyStream* stream);
+  std::unique_ptr<SpdyStream> ActivateCreatedStream(SpdyStream* stream);
 
   // Inserts a newly-activated stream into |active_streams_|.
-  void InsertActivatedStream(scoped_ptr<SpdyStream> stream);
+  void InsertActivatedStream(std::unique_ptr<SpdyStream> stream);
 
   // Remove all internal references to |stream|, call OnClose() on it,
   // and process any pending stream requests before deleting it.  Note
   // that |stream| may hold the last reference to the session.
-  void DeleteStream(scoped_ptr<SpdyStream> stream, int status);
+  void DeleteStream(std::unique_ptr<SpdyStream> stream, int status);
 
   // Check if we have a pending pushed-stream for this url
   // Returns the stream if found (and returns it from the pending
@@ -876,8 +882,8 @@ class NET_EXPORT SpdySession : public BufferedSpdyFramerVisitorInterface,
                          bool fin) override;
   void OnStreamFrameData(SpdyStreamId stream_id,
                          const char* data,
-                         size_t len,
-                         bool fin) override;
+                         size_t len) override;
+  void OnStreamEnd(SpdyStreamId stream_id) override;
   void OnStreamPadding(SpdyStreamId stream_id, size_t len) override;
   SpdyHeadersHandlerInterface* OnHeaderFrameStart(
       SpdyStreamId stream_id) override;
@@ -1022,7 +1028,7 @@ class NET_EXPORT SpdySession : public BufferedSpdyFramerVisitorInterface,
   TransportSecurityState* transport_security_state_;
 
   // The socket handle for this session.
-  scoped_ptr<ClientSocketHandle> connection_;
+  std::unique_ptr<ClientSocketHandle> connection_;
 
   // The read buffer used to read data from the socket.
   scoped_refptr<IOBuffer> read_buffer_;
@@ -1072,7 +1078,7 @@ class NET_EXPORT SpdySession : public BufferedSpdyFramerVisitorInterface,
   // Data for the frame we are currently sending.
 
   // The buffer we're currently writing.
-  scoped_ptr<SpdyBuffer> in_flight_write_;
+  std::unique_ptr<SpdyBuffer> in_flight_write_;
   // The type of the frame in |in_flight_write_|.
   SpdyFrameType in_flight_write_frame_type_;
   // The size of the frame in |in_flight_write_|.
@@ -1088,7 +1094,7 @@ class NET_EXPORT SpdySession : public BufferedSpdyFramerVisitorInterface,
   int certificate_error_code_;
 
   // Spdy Frame state.
-  scoped_ptr<BufferedSpdyFramer> buffered_spdy_framer_;
+  std::unique_ptr<BufferedSpdyFramer> buffered_spdy_framer_;
 
   // The state variables.
   AvailabilityState availability_state_;
diff --git a/chromium/net/spdy/spdy_session_pool.cc b/chromium/net/spdy/spdy_session_pool.cc
index 1875224e73b..31565a9e08c 100644
--- a/chromium/net/spdy/spdy_session_pool.cc
+++ b/chromium/net/spdy/spdy_session_pool.cc
@@ -85,7 +85,7 @@ SpdySessionPool::~SpdySessionPool() {
 
 base::WeakPtr<SpdySession> SpdySessionPool::CreateAvailableSessionFromSocket(
     const SpdySessionKey& key,
-    scoped_ptr<ClientSocketHandle> connection,
+    std::unique_ptr<ClientSocketHandle> connection,
     const BoundNetLog& net_log,
     int certificate_error_code,
     bool is_secure) {
@@ -96,7 +96,7 @@ base::WeakPtr<SpdySession> SpdySessionPool::CreateAvailableSessionFromSocket(
   UMA_HISTOGRAM_ENUMERATION(
       "Net.SpdySessionGet", IMPORTED_FROM_SOCKET, SPDY_SESSION_GET_MAX);
 
-  scoped_ptr<SpdySession> new_session(new SpdySession(
+  std::unique_ptr<SpdySession> new_session(new SpdySession(
       key, http_server_properties_, transport_security_state_,
       verify_domain_authentication_, enable_sending_initial_data_,
       enable_ping_based_connection_checking_, enable_priority_dependencies_,
@@ -254,7 +254,7 @@ void SpdySessionPool::RemoveUnavailableSession(
 
   SessionSet::iterator it = sessions_.find(unavailable_session.get());
   CHECK(it != sessions_.end());
-  scoped_ptr<SpdySession> owned_session(*it);
+  std::unique_ptr<SpdySession> owned_session(*it);
   sessions_.erase(it);
 }
 
@@ -326,8 +326,9 @@ void SpdySessionPool::UnregisterUnclaimedPushedStream(
   DCHECK_EQ(1u, removed);
 }
 
-scoped_ptr<base::Value> SpdySessionPool::SpdySessionPoolInfoToValue() const {
-  scoped_ptr<base::ListValue> list(new base::ListValue());
+std::unique_ptr<base::Value> SpdySessionPool::SpdySessionPoolInfoToValue()
+    const {
+  std::unique_ptr<base::ListValue> list(new base::ListValue());
 
   for (AvailableSessionMap::const_iterator it = available_sessions_.begin();
        it != available_sessions_.end(); ++it) {
diff --git a/chromium/net/spdy/spdy_session_pool.h b/chromium/net/spdy/spdy_session_pool.h
index eeae3148f54..13664dc527f 100644
--- a/chromium/net/spdy/spdy_session_pool.h
+++ b/chromium/net/spdy/spdy_session_pool.h
@@ -86,7 +86,7 @@ class NET_EXPORT SpdySessionPool
   // immediately afterwards if the first read of |connection| fails.
   base::WeakPtr<SpdySession> CreateAvailableSessionFromSocket(
       const SpdySessionKey& key,
-      scoped_ptr<ClientSocketHandle> connection,
+      std::unique_ptr<ClientSocketHandle> connection,
       const BoundNetLog& net_log,
       int certificate_error_code,
       bool is_secure);
@@ -131,7 +131,7 @@ class NET_EXPORT SpdySessionPool
                                        SpdySession* spdy_session);
 
   // Creates a Value summary of the state of the spdy session pool.
-  scoped_ptr<base::Value> SpdySessionPoolInfoToValue() const;
+  std::unique_ptr<base::Value> SpdySessionPoolInfoToValue() const;
 
   base::WeakPtr<HttpServerProperties> http_server_properties() {
     return http_server_properties_;
diff --git a/chromium/net/spdy/spdy_session_pool_unittest.cc b/chromium/net/spdy/spdy_session_pool_unittest.cc
index 4d34869fcf5..1f339737bcc 100644
--- a/chromium/net/spdy/spdy_session_pool_unittest.cc
+++ b/chromium/net/spdy/spdy_session_pool_unittest.cc
@@ -5,11 +5,11 @@
 #include "net/spdy/spdy_session_pool.h"
 
 #include <cstddef>
+#include <memory>
 #include <string>
 #include <utility>
 
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/dns/host_cache.h"
 #include "net/http/http_network_session.h"
 #include "net/socket/client_socket_handle.h"
@@ -43,7 +43,7 @@ class SpdySessionPoolTest : public ::testing::Test,
   void RunIPPoolingTest(SpdyPoolCloseSessionsType close_sessions_type);
 
   SpdySessionDependencies session_deps_;
-  scoped_ptr<HttpNetworkSession> http_session_;
+  std::unique_ptr<HttpNetworkSession> http_session_;
   SpdySessionPool* spdy_session_pool_;
 };
 
@@ -69,7 +69,7 @@ class SessionOpeningDelegate : public SpdyStream::Delegate {
     return RESPONSE_HEADERS_ARE_COMPLETE;
   }
 
-  void OnDataReceived(scoped_ptr<SpdyBuffer> buffer) override {}
+  void OnDataReceived(std::unique_ptr<SpdyBuffer> buffer) override {}
 
   void OnDataSent() override {}
 
@@ -526,7 +526,7 @@ TEST_P(SpdySessionPoolTest, IPAddressChanged) {
   MockRead reads[] = {
       MockRead(SYNCHRONOUS, ERR_IO_PENDING)  // Stall forever.
   };
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util.ConstructSpdyGet("http://www.a.com", 1, MEDIUM));
   MockWrite writes[] = {CreateMockWrite(*req, 1)};
 
@@ -554,7 +554,7 @@ TEST_P(SpdySessionPoolTest, IPAddressChanged) {
   test::StreamDelegateDoNothing delegateA(spdy_streamA);
   spdy_streamA->SetDelegate(&delegateA);
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util.ConstructGetHeaderBlock(urlA.spec()));
   spdy_streamA->SendRequestHeaders(std::move(headers), NO_MORE_DATA_TO_SEND);
   EXPECT_TRUE(spdy_streamA->HasUrlFromHeaders());
diff --git a/chromium/net/spdy/spdy_session_unittest.cc b/chromium/net/spdy/spdy_session_unittest.cc
index 0cd890f6672..dae8a5f4e3b 100644
--- a/chromium/net/spdy/spdy_session_unittest.cc
+++ b/chromium/net/spdy/spdy_session_unittest.cc
@@ -4,12 +4,12 @@
 
 #include "net/spdy/spdy_session.h"
 
+#include <memory>
 #include <utility>
 
 #include "base/base64.h"
 #include "base/bind.h"
 #include "base/callback.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/run_loop.h"
 #include "base/test/histogram_tester.h"
 #include "net/base/host_port_pair.h"
@@ -135,8 +135,8 @@ class SpdySessionTest : public PlatformTest,
         session_deps_(GetProtocol()),
         spdy_session_pool_(nullptr),
         test_url_(kDefaultURL),
-        test_host_port_pair_(HostPortPair::FromURL(test_url_)),
-        key_(test_host_port_pair_,
+        test_server_(test_url_),
+        key_(HostPortPair::FromURL(test_url_),
              ProxyServer::Direct(),
              PRIVACY_MODE_DISABLED) {
     session_deps_.enable_priority_dependencies = GetDependenciesFromPriority();
@@ -206,11 +206,11 @@ class SpdySessionTest : public PlatformTest,
 
   SpdyTestUtil spdy_util_;
   SpdySessionDependencies session_deps_;
-  scoped_ptr<HttpNetworkSession> http_session_;
+  std::unique_ptr<HttpNetworkSession> http_session_;
   base::WeakPtr<SpdySession> session_;
   SpdySessionPool* spdy_session_pool_;
   GURL test_url_;
-  HostPortPair test_host_port_pair_;
+  url::SchemeHostPort test_server_;
   SpdySessionKey key_;
   BoundTestNetLog log_;
 };
@@ -244,7 +244,7 @@ class StreamRequestDestroyingCallback : public TestCompletionCallbackBase {
 
   ~StreamRequestDestroyingCallback() override {}
 
-  void SetRequestToDestroy(scoped_ptr<SpdyStreamRequest> request) {
+  void SetRequestToDestroy(std::unique_ptr<SpdyStreamRequest> request) {
     request_ = std::move(request);
   }
 
@@ -259,7 +259,7 @@ class StreamRequestDestroyingCallback : public TestCompletionCallbackBase {
     SetResult(result);
   }
 
-  scoped_ptr<SpdyStreamRequest> request_;
+  std::unique_ptr<SpdyStreamRequest> request_;
 };
 
 }  // namespace
@@ -287,7 +287,7 @@ TEST_P(SpdySessionTest, PendingStreamCancellingAnother) {
   }
 
   SpdyStreamRequest request1;
-  scoped_ptr<SpdyStreamRequest> request2(new SpdyStreamRequest);
+  std::unique_ptr<SpdyStreamRequest> request2(new SpdyStreamRequest);
 
   StreamRequestDestroyingCallback callback1;
   ASSERT_EQ(
@@ -312,7 +312,8 @@ TEST_P(SpdySessionTest, PendingStreamCancellingAnother) {
 TEST_P(SpdySessionTest, GoAwayWithNoActiveStreams) {
   session_deps_.host_resolver->set_synchronous_mode(true);
 
-  scoped_ptr<SpdySerializedFrame> goaway(spdy_util_.ConstructSpdyGoAway(1));
+  std::unique_ptr<SpdySerializedFrame> goaway(
+      spdy_util_.ConstructSpdyGoAway(1));
   MockRead reads[] = {
     CreateMockRead(*goaway, 0),
   };
@@ -337,7 +338,8 @@ TEST_P(SpdySessionTest, GoAwayWithNoActiveStreams) {
 TEST_P(SpdySessionTest, GoAwayImmediatelyWithNoActiveStreams) {
   session_deps_.host_resolver->set_synchronous_mode(true);
 
-  scoped_ptr<SpdySerializedFrame> goaway(spdy_util_.ConstructSpdyGoAway(1));
+  std::unique_ptr<SpdySerializedFrame> goaway(
+      spdy_util_.ConstructSpdyGoAway(1));
   MockRead reads[] = {
       CreateMockRead(*goaway, 0, SYNCHRONOUS), MockRead(ASYNC, 0, 1)  // EOF
   };
@@ -360,16 +362,17 @@ TEST_P(SpdySessionTest, GoAwayImmediatelyWithNoActiveStreams) {
 TEST_P(SpdySessionTest, GoAwayWithActiveStreams) {
   session_deps_.host_resolver->set_synchronous_mode(true);
 
-  scoped_ptr<SpdySerializedFrame> goaway(spdy_util_.ConstructSpdyGoAway(1));
+  std::unique_ptr<SpdySerializedFrame> goaway(
+      spdy_util_.ConstructSpdyGoAway(1));
   MockRead reads[] = {
       MockRead(ASYNC, ERR_IO_PENDING, 2),
       CreateMockRead(*goaway, 3),
       MockRead(ASYNC, ERR_IO_PENDING, 4),
       MockRead(ASYNC, 0, 5)  // EOF
   };
-  scoped_ptr<SpdySerializedFrame> req1(
+  std::unique_ptr<SpdySerializedFrame> req1(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, MEDIUM, true));
-  scoped_ptr<SpdySerializedFrame> req2(
+  std::unique_ptr<SpdySerializedFrame> req2(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 3, MEDIUM, true));
   MockWrite writes[] = {
     CreateMockWrite(*req1, 0),
@@ -393,9 +396,9 @@ TEST_P(SpdySessionTest, GoAwayWithActiveStreams) {
   test::StreamDelegateDoNothing delegate2(spdy_stream2);
   spdy_stream2->SetDelegate(&delegate2);
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
-  scoped_ptr<SpdyHeaderBlock> headers2(new SpdyHeaderBlock(*headers));
+  std::unique_ptr<SpdyHeaderBlock> headers2(new SpdyHeaderBlock(*headers));
 
   spdy_stream1->SendRequestHeaders(std::move(headers), NO_MORE_DATA_TO_SEND);
   EXPECT_TRUE(spdy_stream1->HasUrlFromHeaders());
@@ -435,13 +438,14 @@ TEST_P(SpdySessionTest, GoAwayWithActiveStreams) {
 TEST_P(SpdySessionTest, GoAwayWithActiveAndCreatedStream) {
   session_deps_.host_resolver->set_synchronous_mode(true);
 
-  scoped_ptr<SpdySerializedFrame> goaway(spdy_util_.ConstructSpdyGoAway(0));
+  std::unique_ptr<SpdySerializedFrame> goaway(
+      spdy_util_.ConstructSpdyGoAway(0));
   MockRead reads[] = {
       MockRead(ASYNC, ERR_IO_PENDING, 1), CreateMockRead(*goaway, 2),
   };
 
   // No |req2|, because the second stream will never get activated.
-  scoped_ptr<SpdySerializedFrame> req1(
+  std::unique_ptr<SpdySerializedFrame> req1(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, MEDIUM, true));
   MockWrite writes[] = {
       CreateMockWrite(*req1, 0),
@@ -458,7 +462,7 @@ TEST_P(SpdySessionTest, GoAwayWithActiveAndCreatedStream) {
       SPDY_REQUEST_RESPONSE_STREAM, session_, test_url_, MEDIUM, BoundNetLog());
   test::StreamDelegateDoNothing delegate1(spdy_stream1);
   spdy_stream1->SetDelegate(&delegate1);
-  scoped_ptr<SpdyHeaderBlock> headers1(
+  std::unique_ptr<SpdyHeaderBlock> headers1(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
   spdy_stream1->SendRequestHeaders(std::move(headers1), NO_MORE_DATA_TO_SEND);
   EXPECT_TRUE(spdy_stream1->HasUrlFromHeaders());
@@ -493,8 +497,10 @@ TEST_P(SpdySessionTest, GoAwayWithActiveAndCreatedStream) {
 TEST_P(SpdySessionTest, GoAwayTwice) {
   session_deps_.host_resolver->set_synchronous_mode(true);
 
-  scoped_ptr<SpdySerializedFrame> goaway1(spdy_util_.ConstructSpdyGoAway(1));
-  scoped_ptr<SpdySerializedFrame> goaway2(spdy_util_.ConstructSpdyGoAway(0));
+  std::unique_ptr<SpdySerializedFrame> goaway1(
+      spdy_util_.ConstructSpdyGoAway(1));
+  std::unique_ptr<SpdySerializedFrame> goaway2(
+      spdy_util_.ConstructSpdyGoAway(0));
   MockRead reads[] = {
       MockRead(ASYNC, ERR_IO_PENDING, 2),
       CreateMockRead(*goaway1, 3),
@@ -503,9 +509,9 @@ TEST_P(SpdySessionTest, GoAwayTwice) {
       MockRead(ASYNC, ERR_IO_PENDING, 6),
       MockRead(ASYNC, 0, 7)  // EOF
   };
-  scoped_ptr<SpdySerializedFrame> req1(
+  std::unique_ptr<SpdySerializedFrame> req1(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, MEDIUM, true));
-  scoped_ptr<SpdySerializedFrame> req2(
+  std::unique_ptr<SpdySerializedFrame> req2(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 3, MEDIUM, true));
   MockWrite writes[] = {
     CreateMockWrite(*req1, 0),
@@ -529,9 +535,9 @@ TEST_P(SpdySessionTest, GoAwayTwice) {
   test::StreamDelegateDoNothing delegate2(spdy_stream2);
   spdy_stream2->SetDelegate(&delegate2);
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
-  scoped_ptr<SpdyHeaderBlock> headers2(new SpdyHeaderBlock(*headers));
+  std::unique_ptr<SpdyHeaderBlock> headers2(new SpdyHeaderBlock(*headers));
 
   spdy_stream1->SendRequestHeaders(std::move(headers), NO_MORE_DATA_TO_SEND);
   EXPECT_TRUE(spdy_stream1->HasUrlFromHeaders());
@@ -569,16 +575,17 @@ TEST_P(SpdySessionTest, GoAwayTwice) {
 TEST_P(SpdySessionTest, GoAwayWithActiveStreamsThenClose) {
   session_deps_.host_resolver->set_synchronous_mode(true);
 
-  scoped_ptr<SpdySerializedFrame> goaway(spdy_util_.ConstructSpdyGoAway(1));
+  std::unique_ptr<SpdySerializedFrame> goaway(
+      spdy_util_.ConstructSpdyGoAway(1));
   MockRead reads[] = {
       MockRead(ASYNC, ERR_IO_PENDING, 2),
       CreateMockRead(*goaway, 3),
       MockRead(ASYNC, ERR_IO_PENDING, 4),
       MockRead(ASYNC, 0, 5)  // EOF
   };
-  scoped_ptr<SpdySerializedFrame> req1(
+  std::unique_ptr<SpdySerializedFrame> req1(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, MEDIUM, true));
-  scoped_ptr<SpdySerializedFrame> req2(
+  std::unique_ptr<SpdySerializedFrame> req2(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 3, MEDIUM, true));
   MockWrite writes[] = {
     CreateMockWrite(*req1, 0),
@@ -602,9 +609,9 @@ TEST_P(SpdySessionTest, GoAwayWithActiveStreamsThenClose) {
   test::StreamDelegateDoNothing delegate2(spdy_stream2);
   spdy_stream2->SetDelegate(&delegate2);
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
-  scoped_ptr<SpdyHeaderBlock> headers2(new SpdyHeaderBlock(*headers));
+  std::unique_ptr<SpdyHeaderBlock> headers2(new SpdyHeaderBlock(*headers));
 
   spdy_stream1->SendRequestHeaders(std::move(headers), NO_MORE_DATA_TO_SEND);
   EXPECT_TRUE(spdy_stream1->HasUrlFromHeaders());
@@ -643,21 +650,22 @@ TEST_P(SpdySessionTest, GoAwayWithActiveStreamsThenClose) {
 TEST_P(SpdySessionTest, GoAwayWhileDraining) {
   session_deps_.host_resolver->set_synchronous_mode(true);
 
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, MEDIUM, true));
   MockWrite writes[] = {
       CreateMockWrite(*req, 0),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 1));
-  scoped_ptr<SpdySerializedFrame> goaway(spdy_util_.ConstructSpdyGoAway(1));
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> goaway(
+      spdy_util_.ConstructSpdyGoAway(1));
+  std::unique_ptr<SpdySerializedFrame> body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   size_t joint_size = goaway->size() * 2 + body->size();
 
   // Compose interleaved |goaway| and |body| frames into a single read.
-  scoped_ptr<char[]> buffer(new char[joint_size]);
+  std::unique_ptr<char[]> buffer(new char[joint_size]);
   {
     size_t out = 0;
     memcpy(&buffer[out], goaway->data(), goaway->size());
@@ -686,7 +694,7 @@ TEST_P(SpdySessionTest, GoAwayWhileDraining) {
   test::StreamDelegateDoNothing delegate(spdy_stream);
   spdy_stream->SetDelegate(&delegate);
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
   spdy_stream->SendRequestHeaders(std::move(headers), NO_MORE_DATA_TO_SEND);
   EXPECT_TRUE(spdy_stream->HasUrlFromHeaders());
@@ -705,14 +713,15 @@ TEST_P(SpdySessionTest, GoAwayWhileDraining) {
 TEST_P(SpdySessionTest, CreateStreamAfterGoAway) {
   session_deps_.host_resolver->set_synchronous_mode(true);
 
-  scoped_ptr<SpdySerializedFrame> goaway(spdy_util_.ConstructSpdyGoAway(1));
+  std::unique_ptr<SpdySerializedFrame> goaway(
+      spdy_util_.ConstructSpdyGoAway(1));
   MockRead reads[] = {
       MockRead(ASYNC, ERR_IO_PENDING, 1),
       CreateMockRead(*goaway, 2),
       MockRead(ASYNC, ERR_IO_PENDING, 3),
       MockRead(ASYNC, 0, 4)  // EOF
   };
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, MEDIUM, true));
   MockWrite writes[] = {
     CreateMockWrite(*req, 0),
@@ -730,7 +739,7 @@ TEST_P(SpdySessionTest, CreateStreamAfterGoAway) {
   test::StreamDelegateDoNothing delegate(spdy_stream);
   spdy_stream->SetDelegate(&delegate);
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
   spdy_stream->SendRequestHeaders(std::move(headers), NO_MORE_DATA_TO_SEND);
   EXPECT_TRUE(spdy_stream->HasUrlFromHeaders());
@@ -765,8 +774,9 @@ TEST_P(SpdySessionTest, CreateStreamAfterGoAway) {
 TEST_P(SpdySessionTest, SynStreamAfterGoAway) {
   session_deps_.host_resolver->set_synchronous_mode(true);
 
-  scoped_ptr<SpdySerializedFrame> goaway(spdy_util_.ConstructSpdyGoAway(1));
-  scoped_ptr<SpdySerializedFrame> push(
+  std::unique_ptr<SpdySerializedFrame> goaway(
+      spdy_util_.ConstructSpdyGoAway(1));
+  std::unique_ptr<SpdySerializedFrame> push(
       spdy_util_.ConstructSpdyPush(nullptr, 0, 2, 1, kDefaultURL));
   MockRead reads[] = {
       MockRead(ASYNC, ERR_IO_PENDING, 1),
@@ -775,9 +785,9 @@ TEST_P(SpdySessionTest, SynStreamAfterGoAway) {
       CreateMockRead(*push, 4),
       MockRead(ASYNC, 0, 6)  // EOF
   };
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, MEDIUM, true));
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(2, RST_STREAM_REFUSED_STREAM));
   MockWrite writes[] = {CreateMockWrite(*req, 0), CreateMockWrite(*rst, 5)};
   SequencedSocketData data(reads, arraysize(reads), writes, arraysize(writes));
@@ -793,7 +803,7 @@ TEST_P(SpdySessionTest, SynStreamAfterGoAway) {
   test::StreamDelegateDoNothing delegate(spdy_stream);
   spdy_stream->SetDelegate(&delegate);
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
   spdy_stream->SendRequestHeaders(std::move(headers), NO_MORE_DATA_TO_SEND);
   EXPECT_TRUE(spdy_stream->HasUrlFromHeaders());
@@ -826,7 +836,7 @@ TEST_P(SpdySessionTest, NetworkChangeWithActiveStreams) {
   MockRead reads[] = {
       MockRead(ASYNC, ERR_IO_PENDING, 1), MockRead(ASYNC, 0, 2)  // EOF
   };
-  scoped_ptr<SpdySerializedFrame> req1(
+  std::unique_ptr<SpdySerializedFrame> req1(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, MEDIUM, true));
   MockWrite writes[] = {
     CreateMockWrite(*req1, 0),
@@ -844,7 +854,7 @@ TEST_P(SpdySessionTest, NetworkChangeWithActiveStreams) {
   test::StreamDelegateDoNothing delegate(spdy_stream);
   spdy_stream->SetDelegate(&delegate);
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
 
   spdy_stream->SendRequestHeaders(std::move(headers), NO_MORE_DATA_TO_SEND);
@@ -885,14 +895,14 @@ TEST_P(SpdySessionTest, ClientPing) {
   session_deps_.enable_ping = true;
   session_deps_.host_resolver->set_synchronous_mode(true);
 
-  scoped_ptr<SpdySerializedFrame> read_ping(
+  std::unique_ptr<SpdySerializedFrame> read_ping(
       spdy_util_.ConstructSpdyPing(1, true));
   MockRead reads[] = {
       CreateMockRead(*read_ping, 1),
       MockRead(ASYNC, ERR_IO_PENDING, 2),
       MockRead(ASYNC, 0, 3)  // EOF
   };
-  scoped_ptr<SpdySerializedFrame> write_ping(
+  std::unique_ptr<SpdySerializedFrame> write_ping(
       spdy_util_.ConstructSpdyPing(1, false));
   MockWrite writes[] = {
     CreateMockWrite(*write_ping, 0),
@@ -938,13 +948,13 @@ TEST_P(SpdySessionTest, ClientPing) {
 TEST_P(SpdySessionTest, ServerPing) {
   session_deps_.host_resolver->set_synchronous_mode(true);
 
-  scoped_ptr<SpdySerializedFrame> read_ping(
+  std::unique_ptr<SpdySerializedFrame> read_ping(
       spdy_util_.ConstructSpdyPing(2, false));
   MockRead reads[] = {
     CreateMockRead(*read_ping),
     MockRead(SYNCHRONOUS, 0, 0)  // EOF
   };
-  scoped_ptr<SpdySerializedFrame> write_ping(
+  std::unique_ptr<SpdySerializedFrame> write_ping(
       spdy_util_.ConstructSpdyPing(2, true));
   MockWrite writes[] = {
     CreateMockWrite(*write_ping),
@@ -979,9 +989,9 @@ TEST_P(SpdySessionTest, PingAndWriteLoop) {
   session_deps_.enable_ping = true;
   session_deps_.time_func = TheNearFuture;
 
-  scoped_ptr<SpdySerializedFrame> write_ping(
+  std::unique_ptr<SpdySerializedFrame> write_ping(
       spdy_util_.ConstructSpdyPing(1, false));
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
   MockWrite writes[] = {
     CreateMockWrite(*req, 0),
@@ -1005,7 +1015,7 @@ TEST_P(SpdySessionTest, PingAndWriteLoop) {
   test::StreamDelegateDoNothing delegate(spdy_stream);
   spdy_stream->SetDelegate(&delegate);
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
   spdy_stream->SendRequestHeaders(std::move(headers), NO_MORE_DATA_TO_SEND);
 
@@ -1031,23 +1041,23 @@ TEST_P(SpdySessionTest, StreamIdSpaceExhausted) {
   // stalled streams are aborted. Also verify the activated streams complete,
   // at which point the session closes.
 
-  scoped_ptr<SpdySerializedFrame> req1(
+  std::unique_ptr<SpdySerializedFrame> req1(
       spdy_util_.ConstructSpdyGet(nullptr, 0, kLastStreamId - 2, MEDIUM, true));
-  scoped_ptr<SpdySerializedFrame> req2(
+  std::unique_ptr<SpdySerializedFrame> req2(
       spdy_util_.ConstructSpdyGet(nullptr, 0, kLastStreamId, MEDIUM, true));
 
   MockWrite writes[] = {
       CreateMockWrite(*req1, 0), CreateMockWrite(*req2, 1),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp1(
+  std::unique_ptr<SpdySerializedFrame> resp1(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, kLastStreamId - 2));
-  scoped_ptr<SpdySerializedFrame> resp2(
+  std::unique_ptr<SpdySerializedFrame> resp2(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, kLastStreamId));
 
-  scoped_ptr<SpdySerializedFrame> body1(
+  std::unique_ptr<SpdySerializedFrame> body1(
       spdy_util_.ConstructSpdyBodyFrame(kLastStreamId - 2, true));
-  scoped_ptr<SpdySerializedFrame> body2(
+  std::unique_ptr<SpdySerializedFrame> body2(
       spdy_util_.ConstructSpdyBodyFrame(kLastStreamId, true));
 
   MockRead reads[] = {
@@ -1100,7 +1110,7 @@ TEST_P(SpdySessionTest, StreamIdSpaceExhausted) {
 
   // Activate stream 1. One ID remains available.
   stream1->SendRequestHeaders(
-      scoped_ptr<SpdyHeaderBlock>(
+      std::unique_ptr<SpdyHeaderBlock>(
           spdy_util_.ConstructGetHeaderBlock(kDefaultURL)),
       NO_MORE_DATA_TO_SEND);
   base::RunLoop().RunUntilIdle();
@@ -1112,7 +1122,7 @@ TEST_P(SpdySessionTest, StreamIdSpaceExhausted) {
 
   // Activate stream 2. ID space is exhausted.
   stream2->SendRequestHeaders(
-      scoped_ptr<SpdyHeaderBlock>(
+      std::unique_ptr<SpdyHeaderBlock>(
           spdy_util_.ConstructGetHeaderBlock(kDefaultURL)),
       NO_MORE_DATA_TO_SEND);
   base::RunLoop().RunUntilIdle();
@@ -1151,13 +1161,13 @@ TEST_P(SpdySessionTest, MaxConcurrentStreamsZero) {
   SettingsMap settings_zero;
   settings_zero[SETTINGS_MAX_CONCURRENT_STREAMS] =
       SettingsFlagsAndValue(SETTINGS_FLAG_NONE, 0);
-  scoped_ptr<SpdySerializedFrame> settings_frame_zero(
+  std::unique_ptr<SpdySerializedFrame> settings_frame_zero(
       spdy_util_.ConstructSpdySettings(settings_zero));
   reads.push_back(CreateMockRead(*settings_frame_zero, seq++));
 
   // Acknowledge it.
   std::vector<MockWrite> writes;
-  scoped_ptr<SpdySerializedFrame> settings_ack0;
+  std::unique_ptr<SpdySerializedFrame> settings_ack0;
   if (GetProtocol() == kProtoHTTP2) {
     settings_ack0.reset(spdy_util_.ConstructSpdySettingsAck());
     writes.push_back(CreateMockWrite(*settings_ack0, seq++));
@@ -1170,27 +1180,27 @@ TEST_P(SpdySessionTest, MaxConcurrentStreamsZero) {
   SettingsMap settings_one;
   settings_one[SETTINGS_MAX_CONCURRENT_STREAMS] =
       SettingsFlagsAndValue(SETTINGS_FLAG_NONE, 1);
-  scoped_ptr<SpdySerializedFrame> settings_frame_one(
+  std::unique_ptr<SpdySerializedFrame> settings_frame_one(
       spdy_util_.ConstructSpdySettings(settings_one));
   reads.push_back(CreateMockRead(*settings_frame_one, seq++));
 
   // Acknowledge it.
-  scoped_ptr<SpdySerializedFrame> settings_ack1;
+  std::unique_ptr<SpdySerializedFrame> settings_ack1;
   if (GetProtocol() == kProtoHTTP2) {
     settings_ack1.reset(spdy_util_.ConstructSpdySettingsAck());
     writes.push_back(CreateMockWrite(*settings_ack1, seq++));
   }
 
   // Request and response.
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, MEDIUM, true));
   writes.push_back(CreateMockWrite(*req, seq++));
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 1));
   reads.push_back(CreateMockRead(*resp, seq++));
 
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   reads.push_back(CreateMockRead(*body, seq++));
 
@@ -1235,7 +1245,7 @@ TEST_P(SpdySessionTest, MaxConcurrentStreamsZero) {
   base::WeakPtr<SpdyStream> stream = request.ReleaseStream();
   test::StreamDelegateDoNothing delegate(stream);
   stream->SetDelegate(&delegate);
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
   stream->SendRequestHeaders(std::move(headers), NO_MORE_DATA_TO_SEND);
   EXPECT_TRUE(stream->HasUrlFromHeaders());
@@ -1313,19 +1323,19 @@ TEST_P(SpdySessionTest, DeleteExpiredPushStreams) {
   session_deps_.host_resolver->set_synchronous_mode(true);
   session_deps_.time_func = TheNearFuture;
 
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, MEDIUM, true));
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(2, RST_STREAM_REFUSED_STREAM));
   MockWrite writes[] = {CreateMockWrite(*req, 0), CreateMockWrite(*rst, 5)};
 
-  scoped_ptr<SpdySerializedFrame> push_a(spdy_util_.ConstructSpdyPush(
+  std::unique_ptr<SpdySerializedFrame> push_a(spdy_util_.ConstructSpdyPush(
       nullptr, 0, 2, 1, "http://www.example.org/a.dat"));
-  scoped_ptr<SpdySerializedFrame> push_a_body(
+  std::unique_ptr<SpdySerializedFrame> push_a_body(
       spdy_util_.ConstructSpdyBodyFrame(2, false));
   // In ascii "0" < "a". We use it to verify that we properly handle std::map
   // iterators inside. See http://crbug.com/443490
-  scoped_ptr<SpdySerializedFrame> push_b(spdy_util_.ConstructSpdyPush(
+  std::unique_ptr<SpdySerializedFrame> push_b(spdy_util_.ConstructSpdyPush(
       nullptr, 0, 4, 1, "http://www.example.org/0.dat"));
   MockRead reads[] = {
       CreateMockRead(*push_a, 1),
@@ -1348,7 +1358,7 @@ TEST_P(SpdySessionTest, DeleteExpiredPushStreams) {
   test::StreamDelegateDoNothing delegate(spdy_stream);
   spdy_stream->SetDelegate(&delegate);
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
   spdy_stream->SendRequestHeaders(std::move(headers), NO_MORE_DATA_TO_SEND);
 
@@ -1394,9 +1404,9 @@ TEST_P(SpdySessionTest, FailedPing) {
   MockRead reads[] = {
       MockRead(SYNCHRONOUS, ERR_IO_PENDING)  // Stall forever.
   };
-  scoped_ptr<SpdySerializedFrame> write_ping(
+  std::unique_ptr<SpdySerializedFrame> write_ping(
       spdy_util_.ConstructSpdyPing(1, false));
-  scoped_ptr<SpdySerializedFrame> goaway(
+  std::unique_ptr<SpdySerializedFrame> goaway(
       spdy_util_.ConstructSpdyGoAway(0, GOAWAY_PROTOCOL_ERROR, "Failed ping."));
   MockWrite writes[] = {CreateMockWrite(*write_ping), CreateMockWrite(*goaway)};
 
@@ -1452,7 +1462,7 @@ TEST_P(SpdySessionTest, OnSettings) {
 
   int seq = 0;
   std::vector<MockWrite> writes;
-  scoped_ptr<SpdySerializedFrame> settings_ack(
+  std::unique_ptr<SpdySerializedFrame> settings_ack(
       spdy_util_.ConstructSpdySettingsAck());
   if (GetProtocol() == kProtoHTTP2) {
     writes.push_back(CreateMockWrite(*settings_ack, ++seq));
@@ -1462,7 +1472,7 @@ TEST_P(SpdySessionTest, OnSettings) {
   const uint32_t max_concurrent_streams = kInitialMaxConcurrentStreams + 1;
   new_settings[kSpdySettingsIds] =
       SettingsFlagsAndValue(SETTINGS_FLAG_NONE, max_concurrent_streams);
-  scoped_ptr<SpdySerializedFrame> settings_frame(
+  std::unique_ptr<SpdySerializedFrame> settings_frame(
       spdy_util_.ConstructSpdySettings(new_settings));
   MockRead reads[] = {
       CreateMockRead(*settings_frame, 0),
@@ -1519,7 +1529,7 @@ TEST_P(SpdySessionTest, ClearSettings) {
   const uint32_t max_concurrent_streams = kInitialMaxConcurrentStreams + 1;
   new_settings[SETTINGS_MAX_CONCURRENT_STREAMS] =
       SettingsFlagsAndValue(SETTINGS_FLAG_NONE, max_concurrent_streams);
-  scoped_ptr<SpdySerializedFrame> settings_frame(
+  std::unique_ptr<SpdySerializedFrame> settings_frame(
       spdy_util_.ConstructSpdySettings(new_settings));
   uint8_t flags = SETTINGS_FLAG_CLEAR_PREVIOUSLY_PERSISTED_SETTINGS;
   test::SetFrameFlags(settings_frame.get(), flags, spdy_util_.spdy_version());
@@ -1536,14 +1546,12 @@ TEST_P(SpdySessionTest, ClearSettings) {
 
   // Initialize the SpdySetting with the default.
   spdy_session_pool_->http_server_properties()->SetSpdySetting(
-      test_host_port_pair_,
-      SETTINGS_MAX_CONCURRENT_STREAMS,
-      SETTINGS_FLAG_PLEASE_PERSIST,
-      kInitialMaxConcurrentStreams);
+      test_server_, SETTINGS_MAX_CONCURRENT_STREAMS,
+      SETTINGS_FLAG_PLEASE_PERSIST, kInitialMaxConcurrentStreams);
 
-  EXPECT_FALSE(
-      spdy_session_pool_->http_server_properties()->GetSpdySettings(
-          test_host_port_pair_).empty());
+  EXPECT_FALSE(spdy_session_pool_->http_server_properties()
+                   ->GetSpdySettings(test_server_)
+                   .empty());
 
   CreateInsecureSpdySession();
 
@@ -1567,9 +1575,9 @@ TEST_P(SpdySessionTest, ClearSettings) {
   EXPECT_EQ(OK, stream_releaser.WaitForResult());
 
   // Make sure that persisted data is cleared.
-  EXPECT_TRUE(
-      spdy_session_pool_->http_server_properties()->GetSpdySettings(
-          test_host_port_pair_).empty());
+  EXPECT_TRUE(spdy_session_pool_->http_server_properties()
+                  ->GetSpdySettings(test_server_)
+                  .empty());
 
   // Make sure session's max_concurrent_streams is correct.
   EXPECT_EQ(kInitialMaxConcurrentStreams + 1,
@@ -1599,10 +1607,8 @@ TEST_P(SpdySessionTest, CancelPendingCreateStream) {
 
   // Initialize the SpdySetting with 1 max concurrent streams.
   spdy_session_pool_->http_server_properties()->SetSpdySetting(
-      test_host_port_pair_,
-      SETTINGS_MAX_CONCURRENT_STREAMS,
-      SETTINGS_FLAG_PLEASE_PERSIST,
-      1);
+      test_server_, SETTINGS_MAX_CONCURRENT_STREAMS,
+      SETTINGS_FLAG_PLEASE_PERSIST, 1);
 
   CreateInsecureSpdySession();
 
@@ -1620,7 +1626,7 @@ TEST_P(SpdySessionTest, CancelPendingCreateStream) {
 
   // Use scoped_ptr to let us invalidate the memory when we want to, to trigger
   // a valgrind error if the callback is invoked when it's not supposed to be.
-  scoped_ptr<TestCompletionCallback> callback(new TestCompletionCallback);
+  std::unique_ptr<TestCompletionCallback> callback(new TestCompletionCallback);
 
   SpdyStreamRequest request;
   ASSERT_EQ(ERR_IO_PENDING,
@@ -1648,7 +1654,7 @@ TEST_P(SpdySessionTest, SendInitialDataOnNewSession) {
   SettingsMap settings;
   settings[SETTINGS_MAX_CONCURRENT_STREAMS] =
       SettingsFlagsAndValue(SETTINGS_FLAG_NONE, kMaxConcurrentPushedStreams);
-  scoped_ptr<SpdySerializedFrame> settings_frame(
+  std::unique_ptr<SpdySerializedFrame> settings_frame(
       spdy_util_.ConstructSpdySettings(settings));
   std::vector<MockWrite> writes;
   if (GetProtocol() == kProtoHTTP2) {
@@ -1664,7 +1670,7 @@ TEST_P(SpdySessionTest, SendInitialDataOnNewSession) {
   server_settings[SETTINGS_MAX_CONCURRENT_STREAMS] =
       SettingsFlagsAndValue(SETTINGS_FLAG_PERSISTED,
                             initial_max_concurrent_streams);
-  scoped_ptr<SpdySerializedFrame> server_settings_frame(
+  std::unique_ptr<SpdySerializedFrame> server_settings_frame(
       spdy_util_.ConstructSpdySettings(server_settings));
   if (GetProtocol() == kProtoSPDY31) {
     writes.push_back(CreateMockWrite(*server_settings_frame));
@@ -1677,10 +1683,8 @@ TEST_P(SpdySessionTest, SendInitialDataOnNewSession) {
   CreateNetworkSession();
 
   spdy_session_pool_->http_server_properties()->SetSpdySetting(
-      test_host_port_pair_,
-      SETTINGS_MAX_CONCURRENT_STREAMS,
-      SETTINGS_FLAG_PLEASE_PERSIST,
-      initial_max_concurrent_streams);
+      test_server_, SETTINGS_MAX_CONCURRENT_STREAMS,
+      SETTINGS_FLAG_PLEASE_PERSIST, initial_max_concurrent_streams);
 
   SpdySessionPoolPeer pool_peer(spdy_session_pool_);
   pool_peer.SetEnableSendingInitialData(true);
@@ -1697,16 +1701,14 @@ TEST_P(SpdySessionTest, ClearSettingsStorageOnIPAddressChanged) {
   base::WeakPtr<HttpServerProperties> test_http_server_properties =
       spdy_session_pool_->http_server_properties();
   SettingsFlagsAndValue flags_and_value1(SETTINGS_FLAG_PLEASE_PERSIST, 2);
-  test_http_server_properties->SetSpdySetting(
-      test_host_port_pair_,
-      SETTINGS_MAX_CONCURRENT_STREAMS,
-      SETTINGS_FLAG_PLEASE_PERSIST,
-      2);
-  EXPECT_NE(0u, test_http_server_properties->GetSpdySettings(
-      test_host_port_pair_).size());
+  test_http_server_properties->SetSpdySetting(test_server_,
+                                              SETTINGS_MAX_CONCURRENT_STREAMS,
+                                              SETTINGS_FLAG_PLEASE_PERSIST, 2);
+  EXPECT_NE(0u,
+            test_http_server_properties->GetSpdySettings(test_server_).size());
   spdy_session_pool_->OnIPAddressChanged();
-  EXPECT_EQ(0u, test_http_server_properties->GetSpdySettings(
-      test_host_port_pair_).size());
+  EXPECT_EQ(0u,
+            test_http_server_properties->GetSpdySettings(test_server_).size());
 }
 
 TEST_P(SpdySessionTest, Initialize) {
@@ -1746,7 +1748,7 @@ TEST_P(SpdySessionTest, Initialize) {
 TEST_P(SpdySessionTest, NetLogOnSessionGoaway) {
   session_deps_.host_resolver->set_synchronous_mode(true);
 
-  scoped_ptr<SpdySerializedFrame> goaway(
+  std::unique_ptr<SpdySerializedFrame> goaway(
       spdy_util_.ConstructSpdyGoAway(42, GOAWAY_ENHANCE_YOUR_CALM, "foo"));
   MockRead reads[] = {
     CreateMockRead(*goaway),
@@ -1842,7 +1844,7 @@ TEST_P(SpdySessionTest, NetLogOnSessionEOF) {
 }
 
 TEST_P(SpdySessionTest, SynCompressionHistograms) {
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, MEDIUM, true));
   MockWrite writes[] = {
     CreateMockWrite(*req, 0),
@@ -1861,7 +1863,7 @@ TEST_P(SpdySessionTest, SynCompressionHistograms) {
   test::StreamDelegateDoNothing delegate(spdy_stream);
   spdy_stream->SetDelegate(&delegate);
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
   spdy_stream->SendRequestHeaders(std::move(headers), NO_MORE_DATA_TO_SEND);
   EXPECT_TRUE(spdy_stream->HasUrlFromHeaders());
@@ -1896,22 +1898,22 @@ TEST_P(SpdySessionTest, SynCompressionHistograms) {
 // first.
 TEST_P(SpdySessionTest, OutOfOrderSynStreams) {
   // Construct the request.
-  scoped_ptr<SpdySerializedFrame> req_highest(
+  std::unique_ptr<SpdySerializedFrame> req_highest(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, HIGHEST, true));
-  scoped_ptr<SpdySerializedFrame> req_lowest(
+  std::unique_ptr<SpdySerializedFrame> req_lowest(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 3, LOWEST, true));
   MockWrite writes[] = {
     CreateMockWrite(*req_highest, 0),
     CreateMockWrite(*req_lowest, 1),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp_highest(
+  std::unique_ptr<SpdySerializedFrame> resp_highest(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 1));
-  scoped_ptr<SpdySerializedFrame> body_highest(
+  std::unique_ptr<SpdySerializedFrame> body_highest(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
-  scoped_ptr<SpdySerializedFrame> resp_lowest(
+  std::unique_ptr<SpdySerializedFrame> resp_lowest(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 3));
-  scoped_ptr<SpdySerializedFrame> body_lowest(
+  std::unique_ptr<SpdySerializedFrame> body_lowest(
       spdy_util_.ConstructSpdyBodyFrame(3, true));
   MockRead reads[] = {
     CreateMockRead(*resp_highest, 2),
@@ -1946,13 +1948,13 @@ TEST_P(SpdySessionTest, OutOfOrderSynStreams) {
 
   // Queue the lower priority one first.
 
-  scoped_ptr<SpdyHeaderBlock> headers_lowest(
+  std::unique_ptr<SpdyHeaderBlock> headers_lowest(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
   spdy_stream_lowest->SendRequestHeaders(std::move(headers_lowest),
                                          NO_MORE_DATA_TO_SEND);
   EXPECT_TRUE(spdy_stream_lowest->HasUrlFromHeaders());
 
-  scoped_ptr<SpdyHeaderBlock> headers_highest(
+  std::unique_ptr<SpdyHeaderBlock> headers_highest(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
   spdy_stream_highest->SendRequestHeaders(std::move(headers_highest),
                                           NO_MORE_DATA_TO_SEND);
@@ -1969,15 +1971,15 @@ TEST_P(SpdySessionTest, OutOfOrderSynStreams) {
 TEST_P(SpdySessionTest, CancelStream) {
   // Request 1, at HIGHEST priority, will be cancelled before it writes data.
   // Request 2, at LOWEST priority, will be a full request and will be id 1.
-  scoped_ptr<SpdySerializedFrame> req2(
+  std::unique_ptr<SpdySerializedFrame> req2(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
   MockWrite writes[] = {
     CreateMockWrite(*req2, 0),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp2(
+  std::unique_ptr<SpdySerializedFrame> resp2(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 1));
-  scoped_ptr<SpdySerializedFrame> body2(
+  std::unique_ptr<SpdySerializedFrame> body2(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockRead reads[] = {
       CreateMockRead(*resp2, 1),
@@ -2009,12 +2011,12 @@ TEST_P(SpdySessionTest, CancelStream) {
   test::StreamDelegateDoNothing delegate2(spdy_stream2);
   spdy_stream2->SetDelegate(&delegate2);
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
   spdy_stream1->SendRequestHeaders(std::move(headers), NO_MORE_DATA_TO_SEND);
   EXPECT_TRUE(spdy_stream1->HasUrlFromHeaders());
 
-  scoped_ptr<SpdyHeaderBlock> headers2(
+  std::unique_ptr<SpdyHeaderBlock> headers2(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
   spdy_stream2->SendRequestHeaders(std::move(headers2), NO_MORE_DATA_TO_SEND);
   EXPECT_TRUE(spdy_stream2->HasUrlFromHeaders());
@@ -2072,12 +2074,12 @@ TEST_P(SpdySessionTest, CloseSessionWithTwoCreatedSelfClosingStreams) {
   test::ClosingDelegate delegate2(spdy_stream2);
   spdy_stream2->SetDelegate(&delegate2);
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
   spdy_stream1->SendRequestHeaders(std::move(headers), NO_MORE_DATA_TO_SEND);
   EXPECT_TRUE(spdy_stream1->HasUrlFromHeaders());
 
-  scoped_ptr<SpdyHeaderBlock> headers2(
+  std::unique_ptr<SpdyHeaderBlock> headers2(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
   spdy_stream2->SendRequestHeaders(std::move(headers2), NO_MORE_DATA_TO_SEND);
   EXPECT_TRUE(spdy_stream2->HasUrlFromHeaders());
@@ -2128,12 +2130,12 @@ TEST_P(SpdySessionTest, CloseSessionWithTwoCreatedMutuallyClosingStreams) {
   test::ClosingDelegate delegate2(spdy_stream1);
   spdy_stream2->SetDelegate(&delegate2);
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
   spdy_stream1->SendRequestHeaders(std::move(headers), NO_MORE_DATA_TO_SEND);
   EXPECT_TRUE(spdy_stream1->HasUrlFromHeaders());
 
-  scoped_ptr<SpdyHeaderBlock> headers2(
+  std::unique_ptr<SpdyHeaderBlock> headers2(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
   spdy_stream2->SendRequestHeaders(std::move(headers2), NO_MORE_DATA_TO_SEND);
   EXPECT_TRUE(spdy_stream2->HasUrlFromHeaders());
@@ -2160,9 +2162,9 @@ TEST_P(SpdySessionTest, CloseSessionWithTwoCreatedMutuallyClosingStreams) {
 TEST_P(SpdySessionTest, CloseSessionWithTwoActivatedSelfClosingStreams) {
   session_deps_.host_resolver->set_synchronous_mode(true);
 
-  scoped_ptr<SpdySerializedFrame> req1(
+  std::unique_ptr<SpdySerializedFrame> req1(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, MEDIUM, true));
-  scoped_ptr<SpdySerializedFrame> req2(
+  std::unique_ptr<SpdySerializedFrame> req2(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 3, MEDIUM, true));
   MockWrite writes[] = {
     CreateMockWrite(*req1, 0),
@@ -2195,12 +2197,12 @@ TEST_P(SpdySessionTest, CloseSessionWithTwoActivatedSelfClosingStreams) {
   test::ClosingDelegate delegate2(spdy_stream2);
   spdy_stream2->SetDelegate(&delegate2);
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
   spdy_stream1->SendRequestHeaders(std::move(headers), NO_MORE_DATA_TO_SEND);
   EXPECT_TRUE(spdy_stream1->HasUrlFromHeaders());
 
-  scoped_ptr<SpdyHeaderBlock> headers2(
+  std::unique_ptr<SpdyHeaderBlock> headers2(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
   spdy_stream2->SendRequestHeaders(std::move(headers2), NO_MORE_DATA_TO_SEND);
   EXPECT_TRUE(spdy_stream2->HasUrlFromHeaders());
@@ -2234,9 +2236,9 @@ TEST_P(SpdySessionTest, CloseSessionWithTwoActivatedSelfClosingStreams) {
 TEST_P(SpdySessionTest, CloseSessionWithTwoActivatedMutuallyClosingStreams) {
   session_deps_.host_resolver->set_synchronous_mode(true);
 
-  scoped_ptr<SpdySerializedFrame> req1(
+  std::unique_ptr<SpdySerializedFrame> req1(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, MEDIUM, true));
-  scoped_ptr<SpdySerializedFrame> req2(
+  std::unique_ptr<SpdySerializedFrame> req2(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 3, MEDIUM, true));
   MockWrite writes[] = {
     CreateMockWrite(*req1, 0),
@@ -2271,12 +2273,12 @@ TEST_P(SpdySessionTest, CloseSessionWithTwoActivatedMutuallyClosingStreams) {
   test::ClosingDelegate delegate2(spdy_stream1);
   spdy_stream2->SetDelegate(&delegate2);
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
   spdy_stream1->SendRequestHeaders(std::move(headers), NO_MORE_DATA_TO_SEND);
   EXPECT_TRUE(spdy_stream1->HasUrlFromHeaders());
 
-  scoped_ptr<SpdyHeaderBlock> headers2(
+  std::unique_ptr<SpdyHeaderBlock> headers2(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
   spdy_stream2->SendRequestHeaders(std::move(headers2), NO_MORE_DATA_TO_SEND);
   EXPECT_TRUE(spdy_stream2->HasUrlFromHeaders());
@@ -2328,11 +2330,11 @@ class SessionClosingDelegate : public test::StreamDelegateDoNothing {
 TEST_P(SpdySessionTest, CloseActivatedStreamThatClosesSession) {
   session_deps_.host_resolver->set_synchronous_mode(true);
 
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, MEDIUM, true));
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(1, RST_STREAM_CANCEL));
-  scoped_ptr<SpdySerializedFrame> goaway(
+  std::unique_ptr<SpdySerializedFrame> goaway(
       spdy_util_.ConstructSpdyGoAway(0, GOAWAY_PROTOCOL_ERROR, "Error"));
   // The GOAWAY has higher-priority than the RST_STREAM, and is written first
   // despite being queued second.
@@ -2359,7 +2361,7 @@ TEST_P(SpdySessionTest, CloseActivatedStreamThatClosesSession) {
   SessionClosingDelegate delegate(spdy_stream, session_);
   spdy_stream->SetDelegate(&delegate);
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
   spdy_stream->SendRequestHeaders(std::move(headers), NO_MORE_DATA_TO_SEND);
   EXPECT_TRUE(spdy_stream->HasUrlFromHeaders());
@@ -2451,15 +2453,15 @@ TEST_P(SpdySessionTest, CloseTwoStalledCreateStream) {
   new_settings[kSpdySettingsIds1] =
       SettingsFlagsAndValue(SETTINGS_FLAG_NONE, max_concurrent_streams);
 
-  scoped_ptr<SpdySerializedFrame> settings_ack(
+  std::unique_ptr<SpdySerializedFrame> settings_ack(
       spdy_util_.ConstructSpdySettingsAck());
-  scoped_ptr<SpdySerializedFrame> req1(
+  std::unique_ptr<SpdySerializedFrame> req1(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
   spdy_util_.UpdateWithStreamDestruction(1);
-  scoped_ptr<SpdySerializedFrame> req2(
+  std::unique_ptr<SpdySerializedFrame> req2(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 3, LOWEST, true));
   spdy_util_.UpdateWithStreamDestruction(3);
-  scoped_ptr<SpdySerializedFrame> req3(
+  std::unique_ptr<SpdySerializedFrame> req3(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 5, LOWEST, true));
   MockWrite writes[] = {
     CreateMockWrite(*settings_ack, 1),
@@ -2470,22 +2472,22 @@ TEST_P(SpdySessionTest, CloseTwoStalledCreateStream) {
 
   // Set up the socket so we read a SETTINGS frame that sets max concurrent
   // streams to 1.
-  scoped_ptr<SpdySerializedFrame> settings_frame(
+  std::unique_ptr<SpdySerializedFrame> settings_frame(
       spdy_util_.ConstructSpdySettings(new_settings));
 
-  scoped_ptr<SpdySerializedFrame> resp1(
+  std::unique_ptr<SpdySerializedFrame> resp1(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 1));
-  scoped_ptr<SpdySerializedFrame> body1(
+  std::unique_ptr<SpdySerializedFrame> body1(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
 
-  scoped_ptr<SpdySerializedFrame> resp2(
+  std::unique_ptr<SpdySerializedFrame> resp2(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 3));
-  scoped_ptr<SpdySerializedFrame> body2(
+  std::unique_ptr<SpdySerializedFrame> body2(
       spdy_util_.ConstructSpdyBodyFrame(3, true));
 
-  scoped_ptr<SpdySerializedFrame> resp3(
+  std::unique_ptr<SpdySerializedFrame> resp3(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 5));
-  scoped_ptr<SpdySerializedFrame> body3(
+  std::unique_ptr<SpdySerializedFrame> body3(
       spdy_util_.ConstructSpdyBodyFrame(5, true));
 
   MockRead reads[] = {
@@ -2534,7 +2536,7 @@ TEST_P(SpdySessionTest, CloseTwoStalledCreateStream) {
   EXPECT_EQ(1u, session_->num_created_streams());
   EXPECT_EQ(2u, session_->pending_create_stream_queue_size(LOWEST));
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
   spdy_stream1->SendRequestHeaders(std::move(headers), NO_MORE_DATA_TO_SEND);
   EXPECT_TRUE(spdy_stream1->HasUrlFromHeaders());
@@ -2559,7 +2561,7 @@ TEST_P(SpdySessionTest, CloseTwoStalledCreateStream) {
   base::WeakPtr<SpdyStream> stream2 = request2.ReleaseStream();
   test::StreamDelegateDoNothing delegate2(stream2);
   stream2->SetDelegate(&delegate2);
-  scoped_ptr<SpdyHeaderBlock> headers2(
+  std::unique_ptr<SpdyHeaderBlock> headers2(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
   stream2->SendRequestHeaders(std::move(headers2), NO_MORE_DATA_TO_SEND);
   EXPECT_TRUE(stream2->HasUrlFromHeaders());
@@ -2584,7 +2586,7 @@ TEST_P(SpdySessionTest, CloseTwoStalledCreateStream) {
   base::WeakPtr<SpdyStream> stream3 = request3.ReleaseStream();
   test::StreamDelegateDoNothing delegate3(stream3);
   stream3->SetDelegate(&delegate3);
-  scoped_ptr<SpdyHeaderBlock> headers3(
+  std::unique_ptr<SpdyHeaderBlock> headers3(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
   stream3->SendRequestHeaders(std::move(headers3), NO_MORE_DATA_TO_SEND);
   EXPECT_TRUE(stream3->HasUrlFromHeaders());
@@ -2683,7 +2685,7 @@ TEST_P(SpdySessionTest, ReadDataWithoutYielding) {
 
   BufferedSpdyFramer framer(spdy_util_.spdy_version());
 
-  scoped_ptr<SpdySerializedFrame> req1(
+  std::unique_ptr<SpdySerializedFrame> req1(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, MEDIUM, true));
   MockWrite writes[] = {
     CreateMockWrite(*req1, 0),
@@ -2699,12 +2701,12 @@ TEST_P(SpdySessionTest, ReadDataWithoutYielding) {
   char* payload_data = payload->data();
   test_stream.GetBytes(payload_data, kPayloadSize);
 
-  scoped_ptr<SpdySerializedFrame> partial_data_frame(
+  std::unique_ptr<SpdySerializedFrame> partial_data_frame(
       framer.CreateDataFrame(1, payload_data, kPayloadSize, DATA_FLAG_NONE));
-  scoped_ptr<SpdySerializedFrame> finish_data_frame(
+  std::unique_ptr<SpdySerializedFrame> finish_data_frame(
       framer.CreateDataFrame(1, payload_data, kPayloadSize - 1, DATA_FLAG_FIN));
 
-  scoped_ptr<SpdySerializedFrame> resp1(
+  std::unique_ptr<SpdySerializedFrame> resp1(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 1));
 
   // Write 1 byte less than kMaxReadBytes to check that DoRead reads up to 32k
@@ -2733,7 +2735,7 @@ TEST_P(SpdySessionTest, ReadDataWithoutYielding) {
   test::StreamDelegateDoNothing delegate1(spdy_stream1);
   spdy_stream1->SetDelegate(&delegate1);
 
-  scoped_ptr<SpdyHeaderBlock> headers1(
+  std::unique_ptr<SpdyHeaderBlock> headers1(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
   spdy_stream1->SendRequestHeaders(std::move(headers1), NO_MORE_DATA_TO_SEND);
   EXPECT_TRUE(spdy_stream1->HasUrlFromHeaders());
@@ -2770,13 +2772,13 @@ TEST_P(SpdySessionTest, TestYieldingSlowReads) {
 
   BufferedSpdyFramer framer(spdy_util_.spdy_version());
 
-  scoped_ptr<SpdySerializedFrame> req1(
+  std::unique_ptr<SpdySerializedFrame> req1(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, MEDIUM, true));
   MockWrite writes[] = {
       CreateMockWrite(*req1, 0),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp1(
+  std::unique_ptr<SpdySerializedFrame> resp1(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 1));
 
   MockRead reads[] = {
@@ -2797,7 +2799,7 @@ TEST_P(SpdySessionTest, TestYieldingSlowReads) {
   test::StreamDelegateDoNothing delegate1(spdy_stream1);
   spdy_stream1->SetDelegate(&delegate1);
 
-  scoped_ptr<SpdyHeaderBlock> headers1(
+  std::unique_ptr<SpdyHeaderBlock> headers1(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
   spdy_stream1->SendRequestHeaders(std::move(headers1), NO_MORE_DATA_TO_SEND);
   EXPECT_TRUE(spdy_stream1->HasUrlFromHeaders());
@@ -2831,18 +2833,18 @@ TEST_P(SpdySessionTest, TestYieldingSlowSynchronousReads) {
 
   BufferedSpdyFramer framer(spdy_util_.spdy_version());
 
-  scoped_ptr<SpdySerializedFrame> req1(
+  std::unique_ptr<SpdySerializedFrame> req1(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, MEDIUM, true));
   MockWrite writes[] = {
       CreateMockWrite(*req1, 0),
   };
 
-  scoped_ptr<SpdySerializedFrame> partial_data_frame(
+  std::unique_ptr<SpdySerializedFrame> partial_data_frame(
       framer.CreateDataFrame(1, "foo ", 4, DATA_FLAG_NONE));
-  scoped_ptr<SpdySerializedFrame> finish_data_frame(
+  std::unique_ptr<SpdySerializedFrame> finish_data_frame(
       framer.CreateDataFrame(1, "bar", 3, DATA_FLAG_FIN));
 
-  scoped_ptr<SpdySerializedFrame> resp1(
+  std::unique_ptr<SpdySerializedFrame> resp1(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 1));
 
   MockRead reads[] = {
@@ -2868,7 +2870,7 @@ TEST_P(SpdySessionTest, TestYieldingSlowSynchronousReads) {
   test::StreamDelegateDoNothing delegate1(spdy_stream1);
   spdy_stream1->SetDelegate(&delegate1);
 
-  scoped_ptr<SpdyHeaderBlock> headers1(
+  std::unique_ptr<SpdyHeaderBlock> headers1(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
   spdy_stream1->SendRequestHeaders(std::move(headers1), NO_MORE_DATA_TO_SEND);
   EXPECT_TRUE(spdy_stream1->HasUrlFromHeaders());
@@ -2899,7 +2901,7 @@ TEST_P(SpdySessionTest, TestYieldingDuringReadData) {
 
   BufferedSpdyFramer framer(spdy_util_.spdy_version());
 
-  scoped_ptr<SpdySerializedFrame> req1(
+  std::unique_ptr<SpdySerializedFrame> req1(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, MEDIUM, true));
   MockWrite writes[] = {
     CreateMockWrite(*req1, 0),
@@ -2915,12 +2917,12 @@ TEST_P(SpdySessionTest, TestYieldingDuringReadData) {
   char* payload_data = payload->data();
   test_stream.GetBytes(payload_data, kPayloadSize);
 
-  scoped_ptr<SpdySerializedFrame> partial_data_frame(
+  std::unique_ptr<SpdySerializedFrame> partial_data_frame(
       framer.CreateDataFrame(1, payload_data, kPayloadSize, DATA_FLAG_NONE));
-  scoped_ptr<SpdySerializedFrame> finish_data_frame(
+  std::unique_ptr<SpdySerializedFrame> finish_data_frame(
       framer.CreateDataFrame(1, "h", 1, DATA_FLAG_FIN));
 
-  scoped_ptr<SpdySerializedFrame> resp1(
+  std::unique_ptr<SpdySerializedFrame> resp1(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 1));
 
   // Write 1 byte more than kMaxReadBytes to check that DoRead yields.
@@ -2949,7 +2951,7 @@ TEST_P(SpdySessionTest, TestYieldingDuringReadData) {
   test::StreamDelegateDoNothing delegate1(spdy_stream1);
   spdy_stream1->SetDelegate(&delegate1);
 
-  scoped_ptr<SpdyHeaderBlock> headers1(
+  std::unique_ptr<SpdyHeaderBlock> headers1(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
   spdy_stream1->SendRequestHeaders(std::move(headers1), NO_MORE_DATA_TO_SEND);
   EXPECT_TRUE(spdy_stream1->HasUrlFromHeaders());
@@ -2993,7 +2995,7 @@ TEST_P(SpdySessionTest, TestYieldingDuringAsyncReadData) {
 
   BufferedSpdyFramer framer(spdy_util_.spdy_version());
 
-  scoped_ptr<SpdySerializedFrame> req1(
+  std::unique_ptr<SpdySerializedFrame> req1(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, MEDIUM, true));
   MockWrite writes[] = {
     CreateMockWrite(*req1, 0),
@@ -3016,14 +3018,14 @@ TEST_P(SpdySessionTest, TestYieldingDuringAsyncReadData) {
   char* twok_payload_data = twok_payload->data();
   test_stream2.GetBytes(twok_payload_data, kTwoKPayloadSize);
 
-  scoped_ptr<SpdySerializedFrame> eightk_data_frame(framer.CreateDataFrame(
+  std::unique_ptr<SpdySerializedFrame> eightk_data_frame(framer.CreateDataFrame(
       1, eightk_payload_data, kEightKPayloadSize, DATA_FLAG_NONE));
-  scoped_ptr<SpdySerializedFrame> twok_data_frame(framer.CreateDataFrame(
+  std::unique_ptr<SpdySerializedFrame> twok_data_frame(framer.CreateDataFrame(
       1, twok_payload_data, kTwoKPayloadSize, DATA_FLAG_NONE));
-  scoped_ptr<SpdySerializedFrame> finish_data_frame(
+  std::unique_ptr<SpdySerializedFrame> finish_data_frame(
       framer.CreateDataFrame(1, "h", 1, DATA_FLAG_FIN));
 
-  scoped_ptr<SpdySerializedFrame> resp1(
+  std::unique_ptr<SpdySerializedFrame> resp1(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 1));
 
   MockRead reads[] = {
@@ -3056,7 +3058,7 @@ TEST_P(SpdySessionTest, TestYieldingDuringAsyncReadData) {
   test::StreamDelegateDoNothing delegate1(spdy_stream1);
   spdy_stream1->SetDelegate(&delegate1);
 
-  scoped_ptr<SpdyHeaderBlock> headers1(
+  std::unique_ptr<SpdyHeaderBlock> headers1(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
   spdy_stream1->SendRequestHeaders(std::move(headers1), NO_MORE_DATA_TO_SEND);
   EXPECT_TRUE(spdy_stream1->HasUrlFromHeaders());
@@ -3092,17 +3094,17 @@ TEST_P(SpdySessionTest, GoAwayWhileInDoReadLoop) {
 
   BufferedSpdyFramer framer(spdy_util_.spdy_version());
 
-  scoped_ptr<SpdySerializedFrame> req1(
+  std::unique_ptr<SpdySerializedFrame> req1(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, MEDIUM, true));
   MockWrite writes[] = {
     CreateMockWrite(*req1, 0),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp1(
+  std::unique_ptr<SpdySerializedFrame> resp1(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 1));
-  scoped_ptr<SpdySerializedFrame> body1(
+  std::unique_ptr<SpdySerializedFrame> body1(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
-  scoped_ptr<SpdySerializedFrame> goaway(spdy_util_.ConstructSpdyGoAway());
+  std::unique_ptr<SpdySerializedFrame> goaway(spdy_util_.ConstructSpdyGoAway());
 
   MockRead reads[] = {
       CreateMockRead(*resp1, 1),
@@ -3125,7 +3127,7 @@ TEST_P(SpdySessionTest, GoAwayWhileInDoReadLoop) {
   ASSERT_TRUE(spdy_stream1.get() != nullptr);
   EXPECT_EQ(0u, spdy_stream1->stream_id());
 
-  scoped_ptr<SpdyHeaderBlock> headers1(
+  std::unique_ptr<SpdyHeaderBlock> headers1(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
   spdy_stream1->SendRequestHeaders(std::move(headers1), NO_MORE_DATA_TO_SEND);
   EXPECT_TRUE(spdy_stream1->HasUrlFromHeaders());
@@ -3201,7 +3203,7 @@ TEST_P(SpdySessionTest, CloseOneIdleConnection) {
   scoped_refptr<TransportSocketParams> params2(new TransportSocketParams(
       host_port2, false, OnHostResolutionCallback(),
       TransportSocketParams::COMBINE_CONNECT_AND_WRITE_DEFAULT));
-  scoped_ptr<ClientSocketHandle> connection2(new ClientSocketHandle);
+  std::unique_ptr<ClientSocketHandle> connection2(new ClientSocketHandle);
   EXPECT_EQ(ERR_IO_PENDING,
             connection2->Init(host_port2.ToString(), params2, DEFAULT_PRIORITY,
                               ClientSocketPool::RespectLimits::ENABLED,
@@ -3276,7 +3278,7 @@ TEST_P(SpdySessionTest, CloseOneIdleConnectionWithAlias) {
   scoped_refptr<TransportSocketParams> params3(new TransportSocketParams(
       host_port3, false, OnHostResolutionCallback(),
       TransportSocketParams::COMBINE_CONNECT_AND_WRITE_DEFAULT));
-  scoped_ptr<ClientSocketHandle> connection3(new ClientSocketHandle);
+  std::unique_ptr<ClientSocketHandle> connection3(new ClientSocketHandle);
   EXPECT_EQ(ERR_IO_PENDING,
             connection3->Init(host_port3.ToString(), params3, DEFAULT_PRIORITY,
                               ClientSocketPool::RespectLimits::ENABLED,
@@ -3302,9 +3304,9 @@ TEST_P(SpdySessionTest, CloseSessionOnIdleWhenPoolStalled) {
   MockRead reads[] = {
     MockRead(SYNCHRONOUS, ERR_IO_PENDING)  // Stall forever.
   };
-  scoped_ptr<SpdySerializedFrame> req1(
+  std::unique_ptr<SpdySerializedFrame> req1(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> cancel1(
+  std::unique_ptr<SpdySerializedFrame> cancel1(
       spdy_util_.ConstructSpdyRstStream(1, RST_STREAM_CANCEL));
   MockWrite writes[] = {
     CreateMockWrite(*req1, 1),
@@ -3342,7 +3344,7 @@ TEST_P(SpdySessionTest, CloseSessionOnIdleWhenPoolStalled) {
   test::StreamDelegateDoNothing delegate1(spdy_stream1);
   spdy_stream1->SetDelegate(&delegate1);
 
-  scoped_ptr<SpdyHeaderBlock> headers1(
+  std::unique_ptr<SpdyHeaderBlock> headers1(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
   EXPECT_EQ(ERR_IO_PENDING, spdy_stream1->SendRequestHeaders(
                                 std::move(headers1), NO_MORE_DATA_TO_SEND));
@@ -3357,7 +3359,7 @@ TEST_P(SpdySessionTest, CloseSessionOnIdleWhenPoolStalled) {
   scoped_refptr<TransportSocketParams> params2(new TransportSocketParams(
       host_port2, false, OnHostResolutionCallback(),
       TransportSocketParams::COMBINE_CONNECT_AND_WRITE_DEFAULT));
-  scoped_ptr<ClientSocketHandle> connection2(new ClientSocketHandle);
+  std::unique_ptr<ClientSocketHandle> connection2(new ClientSocketHandle);
   EXPECT_EQ(ERR_IO_PENDING,
             connection2->Init(host_port2.ToString(), params2, DEFAULT_PRIORITY,
                               ClientSocketPool::RespectLimits::ENABLED,
@@ -3444,13 +3446,13 @@ class StreamCreatingDelegate : public test::StreamDelegateDoNothing {
 TEST_P(SpdySessionTest, CreateStreamOnStreamReset) {
   session_deps_.host_resolver->set_synchronous_mode(true);
 
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, MEDIUM, true));
   MockWrite writes[] = {
     CreateMockWrite(*req, 0),
   };
 
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(1, RST_STREAM_REFUSED_STREAM));
   MockRead reads[] = {
       MockRead(ASYNC, ERR_IO_PENDING, 1),
@@ -3472,7 +3474,7 @@ TEST_P(SpdySessionTest, CreateStreamOnStreamReset) {
   StreamCreatingDelegate delegate(spdy_stream, session_);
   spdy_stream->SetDelegate(&delegate);
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
   spdy_stream->SendRequestHeaders(std::move(headers), NO_MORE_DATA_TO_SEND);
   EXPECT_TRUE(spdy_stream->HasUrlFromHeaders());
@@ -3508,7 +3510,7 @@ TEST_P(SpdySessionTest, UpdateStreamsSendWindowSize) {
 
   // Set up the socket so we read a SETTINGS frame that sets
   // INITIAL_WINDOW_SIZE.
-  scoped_ptr<SpdySerializedFrame> settings_frame(
+  std::unique_ptr<SpdySerializedFrame> settings_frame(
       spdy_util_.ConstructSpdySettings(new_settings));
   MockRead reads[] = {
       CreateMockRead(*settings_frame, 0),
@@ -3516,7 +3518,7 @@ TEST_P(SpdySessionTest, UpdateStreamsSendWindowSize) {
       MockRead(ASYNC, 0, 2)  // EOF
   };
 
-  scoped_ptr<SpdySerializedFrame> settings_ack(
+  std::unique_ptr<SpdySerializedFrame> settings_ack(
       spdy_util_.ConstructSpdySettingsAck());
   MockWrite writes[] = {
       CreateMockWrite(*settings_ack, 3),
@@ -3571,7 +3573,7 @@ TEST_P(SpdySessionTest, AdjustRecvWindowSize) {
   MockRead reads[] = {
       MockRead(ASYNC, ERR_IO_PENDING, 1), MockRead(ASYNC, 0, 2)  // EOF
   };
-  scoped_ptr<SpdySerializedFrame> window_update(
+  std::unique_ptr<SpdySerializedFrame> window_update(
       spdy_util_.ConstructSpdyWindowUpdate(
           kSessionFlowControlStreamId,
           initial_window_size + delta_window_size));
@@ -3649,7 +3651,7 @@ TEST_P(SpdySessionTest, AdjustSendWindowSize) {
 TEST_P(SpdySessionTest, SessionFlowControlInactiveStream) {
   session_deps_.host_resolver->set_synchronous_mode(true);
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyBodyFrame(1, false));
   MockRead reads[] = {
       CreateMockRead(*resp, 0),
@@ -3688,7 +3690,7 @@ TEST_P(SpdySessionTest, SessionFlowControlPadding) {
   session_deps_.host_resolver->set_synchronous_mode(true);
 
   const int padding_length = 42;
-  scoped_ptr<SpdySerializedFrame> resp(spdy_util_.ConstructSpdyBodyFrame(
+  std::unique_ptr<SpdySerializedFrame> resp(spdy_util_.ConstructSpdyBodyFrame(
       1, kUploadData, kUploadDataSize, false, padding_length));
   MockRead reads[] = {
       CreateMockRead(*resp, 0),
@@ -3722,19 +3724,20 @@ TEST_P(SpdySessionTest, StreamFlowControlTooMuchData) {
   const int32_t stream_max_recv_window_size = 1024;
   const int32_t data_frame_size = 2 * stream_max_recv_window_size;
 
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(1, RST_STREAM_FLOW_CONTROL_ERROR));
   MockWrite writes[] = {
       CreateMockWrite(*req, 0), CreateMockWrite(*rst, 4),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 1));
   const std::string payload(data_frame_size, 'a');
-  scoped_ptr<SpdySerializedFrame> data_frame(spdy_util_.ConstructSpdyBodyFrame(
-      1, payload.data(), data_frame_size, false));
+  std::unique_ptr<SpdySerializedFrame> data_frame(
+      spdy_util_.ConstructSpdyBodyFrame(1, payload.data(), data_frame_size,
+                                        false));
   MockRead reads[] = {
       CreateMockRead(*resp, 1),
       MockRead(ASYNC, ERR_IO_PENDING, 2),
@@ -3758,7 +3761,7 @@ TEST_P(SpdySessionTest, StreamFlowControlTooMuchData) {
   test::StreamDelegateDoNothing delegate(spdy_stream);
   spdy_stream->SetDelegate(&delegate);
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
   EXPECT_EQ(ERR_IO_PENDING, spdy_stream->SendRequestHeaders(
                                 std::move(headers), NO_MORE_DATA_TO_SEND));
@@ -3797,7 +3800,7 @@ TEST_P(SpdySessionTest, SessionFlowControlTooMuchDataTwoDataFrames) {
 
   session_deps_.host_resolver->set_synchronous_mode(true);
 
-  scoped_ptr<SpdySerializedFrame> goaway(spdy_util_.ConstructSpdyGoAway(
+  std::unique_ptr<SpdySerializedFrame> goaway(spdy_util_.ConstructSpdyGoAway(
       0, GOAWAY_FLOW_CONTROL_ERROR,
       "delta_window_size is 400 in DecreaseRecvWindowSize, which is larger "
       "than the receive window size of 500"));
@@ -3806,10 +3809,10 @@ TEST_P(SpdySessionTest, SessionFlowControlTooMuchDataTwoDataFrames) {
   };
 
   const std::string first_data_frame(first_data_frame_size, 'a');
-  scoped_ptr<SpdySerializedFrame> first(spdy_util_.ConstructSpdyBodyFrame(
+  std::unique_ptr<SpdySerializedFrame> first(spdy_util_.ConstructSpdyBodyFrame(
       1, first_data_frame.data(), first_data_frame_size, false));
   const std::string second_data_frame(second_data_frame_size, 'b');
-  scoped_ptr<SpdySerializedFrame> second(spdy_util_.ConstructSpdyBodyFrame(
+  std::unique_ptr<SpdySerializedFrame> second(spdy_util_.ConstructSpdyBodyFrame(
       1, second_data_frame.data(), second_data_frame_size, false));
   MockRead reads[] = {
       CreateMockRead(*first, 0),
@@ -3856,21 +3859,21 @@ TEST_P(SpdySessionTest, StreamFlowControlTooMuchDataTwoDataFrames) {
   ASSERT_LT(stream_max_recv_window_size,
             first_data_frame_size + second_data_frame_size);
 
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(1, RST_STREAM_FLOW_CONTROL_ERROR));
   MockWrite writes[] = {
       CreateMockWrite(*req, 0), CreateMockWrite(*rst, 6),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 1));
   const std::string first_data_frame(first_data_frame_size, 'a');
-  scoped_ptr<SpdySerializedFrame> first(spdy_util_.ConstructSpdyBodyFrame(
+  std::unique_ptr<SpdySerializedFrame> first(spdy_util_.ConstructSpdyBodyFrame(
       1, first_data_frame.data(), first_data_frame_size, false));
   const std::string second_data_frame(second_data_frame_size, 'b');
-  scoped_ptr<SpdySerializedFrame> second(spdy_util_.ConstructSpdyBodyFrame(
+  std::unique_ptr<SpdySerializedFrame> second(spdy_util_.ConstructSpdyBodyFrame(
       1, second_data_frame.data(), second_data_frame_size, false));
   MockRead reads[] = {
       CreateMockRead(*resp, 1),
@@ -3896,7 +3899,7 @@ TEST_P(SpdySessionTest, StreamFlowControlTooMuchDataTwoDataFrames) {
   test::StreamDelegateDoNothing delegate(spdy_stream);
   spdy_stream->SetDelegate(&delegate);
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
   EXPECT_EQ(ERR_IO_PENDING, spdy_stream->SendRequestHeaders(
                                 std::move(headers), NO_MORE_DATA_TO_SEND));
@@ -3940,7 +3943,7 @@ class DropReceivedDataDelegate : public test::StreamDelegateSendImmediate {
   ~DropReceivedDataDelegate() override {}
 
   // Drop any received data.
-  void OnDataReceived(scoped_ptr<SpdyBuffer> buffer) override {}
+  void OnDataReceived(std::unique_ptr<SpdyBuffer> buffer) override {}
 };
 
 // Send data back and forth but use a delegate that drops its received
@@ -3950,20 +3953,20 @@ TEST_P(SpdySessionTest, SessionFlowControlNoReceiveLeaks) {
   const int32_t kMsgDataSize = 100;
   const std::string msg_data(kMsgDataSize, 'a');
 
-  scoped_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
+  std::unique_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
       kDefaultURL, 1, kMsgDataSize, MEDIUM, nullptr, 0));
-  scoped_ptr<SpdySerializedFrame> msg(spdy_util_.ConstructSpdyBodyFrame(
+  std::unique_ptr<SpdySerializedFrame> msg(spdy_util_.ConstructSpdyBodyFrame(
       1, msg_data.data(), kMsgDataSize, false));
   MockWrite writes[] = {
     CreateMockWrite(*req, 0),
     CreateMockWrite(*msg, 2),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 1));
-  scoped_ptr<SpdySerializedFrame> echo(spdy_util_.ConstructSpdyBodyFrame(
+  std::unique_ptr<SpdySerializedFrame> echo(spdy_util_.ConstructSpdyBodyFrame(
       1, msg_data.data(), kMsgDataSize, false));
-  scoped_ptr<SpdySerializedFrame> window_update(
+  std::unique_ptr<SpdySerializedFrame> window_update(
       spdy_util_.ConstructSpdyWindowUpdate(kSessionFlowControlStreamId,
                                            kMsgDataSize));
   MockRead reads[] = {
@@ -3989,7 +3992,7 @@ TEST_P(SpdySessionTest, SessionFlowControlNoReceiveLeaks) {
   DropReceivedDataDelegate delegate(stream, msg_data);
   stream->SetDelegate(&delegate);
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructPostHeaderBlock(kDefaultURL, kMsgDataSize));
   EXPECT_EQ(ERR_IO_PENDING,
             stream->SendRequestHeaders(std::move(headers), MORE_DATA_TO_SEND));
@@ -4025,13 +4028,13 @@ TEST_P(SpdySessionTest, SessionFlowControlNoSendLeaks) {
   const int32_t kMsgDataSize = 100;
   const std::string msg_data(kMsgDataSize, 'a');
 
-  scoped_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
+  std::unique_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
       kDefaultURL, 1, kMsgDataSize, MEDIUM, nullptr, 0));
   MockWrite writes[] = {
       CreateMockWrite(*req, 0),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 1));
   MockRead reads[] = {
       MockRead(ASYNC, ERR_IO_PENDING, 1),
@@ -4055,7 +4058,7 @@ TEST_P(SpdySessionTest, SessionFlowControlNoSendLeaks) {
   test::StreamDelegateSendImmediate delegate(stream, msg_data);
   stream->SetDelegate(&delegate);
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructPostHeaderBlock(kDefaultURL, kMsgDataSize));
   EXPECT_EQ(ERR_IO_PENDING,
             stream->SendRequestHeaders(std::move(headers), MORE_DATA_TO_SEND));
@@ -4098,20 +4101,20 @@ TEST_P(SpdySessionTest, SessionFlowControlEndToEnd) {
   const int32_t kMsgDataSize = 100;
   const std::string msg_data(kMsgDataSize, 'a');
 
-  scoped_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
+  std::unique_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
       kDefaultURL, 1, kMsgDataSize, MEDIUM, nullptr, 0));
-  scoped_ptr<SpdySerializedFrame> msg(spdy_util_.ConstructSpdyBodyFrame(
+  std::unique_ptr<SpdySerializedFrame> msg(spdy_util_.ConstructSpdyBodyFrame(
       1, msg_data.data(), kMsgDataSize, false));
   MockWrite writes[] = {
     CreateMockWrite(*req, 0),
     CreateMockWrite(*msg, 2),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 1));
-  scoped_ptr<SpdySerializedFrame> echo(spdy_util_.ConstructSpdyBodyFrame(
+  std::unique_ptr<SpdySerializedFrame> echo(spdy_util_.ConstructSpdyBodyFrame(
       1, msg_data.data(), kMsgDataSize, false));
-  scoped_ptr<SpdySerializedFrame> window_update(
+  std::unique_ptr<SpdySerializedFrame> window_update(
       spdy_util_.ConstructSpdyWindowUpdate(kSessionFlowControlStreamId,
                                            kMsgDataSize));
   MockRead reads[] = {
@@ -4140,7 +4143,7 @@ TEST_P(SpdySessionTest, SessionFlowControlEndToEnd) {
   test::StreamDelegateSendImmediate delegate(stream, msg_data);
   stream->SetDelegate(&delegate);
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructPostHeaderBlock(kDefaultURL, kMsgDataSize));
   EXPECT_EQ(ERR_IO_PENDING,
             stream->SendRequestHeaders(std::move(headers), MORE_DATA_TO_SEND));
@@ -4208,18 +4211,18 @@ void SpdySessionTest::RunResumeAfterUnstallTest(
     const base::Callback<void(SpdyStream*, int32_t)>& unstall_function) {
   session_deps_.host_resolver->set_synchronous_mode(true);
 
-  scoped_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
+  std::unique_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
       kDefaultURL, 1, kBodyDataSize, LOWEST, nullptr, 0));
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       spdy_util_.ConstructSpdyBodyFrame(1, kBodyData, kBodyDataSize, true));
   MockWrite writes[] = {
     CreateMockWrite(*req, 0),
     CreateMockWrite(*body, 1),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 1));
-  scoped_ptr<SpdySerializedFrame> echo(
+  std::unique_ptr<SpdySerializedFrame> echo(
       spdy_util_.ConstructSpdyBodyFrame(1, kBodyData, kBodyDataSize, false));
   MockRead reads[] = {
       CreateMockRead(*resp, 2), MockRead(ASYNC, 0, 3)  // EOF
@@ -4241,7 +4244,7 @@ void SpdySessionTest::RunResumeAfterUnstallTest(
   EXPECT_FALSE(stream->HasUrlFromHeaders());
   EXPECT_FALSE(stream->send_stalled_by_flow_control());
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructPostHeaderBlock(kDefaultURL, kBodyDataSize));
   EXPECT_EQ(ERR_IO_PENDING,
             stream->SendRequestHeaders(std::move(headers), MORE_DATA_TO_SEND));
@@ -4326,13 +4329,13 @@ TEST_P(SpdySessionTest, StallSessionStreamResumeAfterUnstallStreamSession) {
 TEST_P(SpdySessionTest, ResumeByPriorityAfterSendWindowSizeIncrease) {
   session_deps_.host_resolver->set_synchronous_mode(true);
 
-  scoped_ptr<SpdySerializedFrame> req1(spdy_util_.ConstructSpdyPost(
+  std::unique_ptr<SpdySerializedFrame> req1(spdy_util_.ConstructSpdyPost(
       kDefaultURL, 1, kBodyDataSize, LOWEST, nullptr, 0));
-  scoped_ptr<SpdySerializedFrame> req2(spdy_util_.ConstructSpdyPost(
+  std::unique_ptr<SpdySerializedFrame> req2(spdy_util_.ConstructSpdyPost(
       kDefaultURL, 3, kBodyDataSize, MEDIUM, nullptr, 0));
-  scoped_ptr<SpdySerializedFrame> body1(
+  std::unique_ptr<SpdySerializedFrame> body1(
       spdy_util_.ConstructSpdyBodyFrame(1, kBodyData, kBodyDataSize, true));
-  scoped_ptr<SpdySerializedFrame> body2(
+  std::unique_ptr<SpdySerializedFrame> body2(
       spdy_util_.ConstructSpdyBodyFrame(3, kBodyData, kBodyDataSize, true));
   MockWrite writes[] = {
     CreateMockWrite(*req1, 0),
@@ -4341,9 +4344,9 @@ TEST_P(SpdySessionTest, ResumeByPriorityAfterSendWindowSizeIncrease) {
     CreateMockWrite(*body1, 3),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp1(
+  std::unique_ptr<SpdySerializedFrame> resp1(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 1));
-  scoped_ptr<SpdySerializedFrame> resp2(
+  std::unique_ptr<SpdySerializedFrame> resp2(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 3));
   MockRead reads[] = {
       CreateMockRead(*resp1, 4),
@@ -4380,7 +4383,7 @@ TEST_P(SpdySessionTest, ResumeByPriorityAfterSendWindowSizeIncrease) {
 
   StallSessionSend();
 
-  scoped_ptr<SpdyHeaderBlock> headers1(
+  std::unique_ptr<SpdyHeaderBlock> headers1(
       spdy_util_.ConstructPostHeaderBlock(kDefaultURL, kBodyDataSize));
   EXPECT_EQ(ERR_IO_PENDING, stream1->SendRequestHeaders(std::move(headers1),
                                                         MORE_DATA_TO_SEND));
@@ -4391,7 +4394,7 @@ TEST_P(SpdySessionTest, ResumeByPriorityAfterSendWindowSizeIncrease) {
   EXPECT_EQ(1u, stream1->stream_id());
   EXPECT_TRUE(stream1->send_stalled_by_flow_control());
 
-  scoped_ptr<SpdyHeaderBlock> headers2(
+  std::unique_ptr<SpdyHeaderBlock> headers2(
       spdy_util_.ConstructPostHeaderBlock(kDefaultURL, kBodyDataSize));
   EXPECT_EQ(ERR_IO_PENDING, stream2->SendRequestHeaders(std::move(headers2),
                                                         MORE_DATA_TO_SEND));
@@ -4467,13 +4470,13 @@ class StreamClosingDelegate : public test::StreamDelegateWithBody {
 TEST_P(SpdySessionTest, SendWindowSizeIncreaseWithDeletedStreams) {
   session_deps_.host_resolver->set_synchronous_mode(true);
 
-  scoped_ptr<SpdySerializedFrame> req1(spdy_util_.ConstructSpdyPost(
+  std::unique_ptr<SpdySerializedFrame> req1(spdy_util_.ConstructSpdyPost(
       kDefaultURL, 1, kBodyDataSize, LOWEST, nullptr, 0));
-  scoped_ptr<SpdySerializedFrame> req2(spdy_util_.ConstructSpdyPost(
+  std::unique_ptr<SpdySerializedFrame> req2(spdy_util_.ConstructSpdyPost(
       kDefaultURL, 3, kBodyDataSize, LOWEST, nullptr, 0));
-  scoped_ptr<SpdySerializedFrame> req3(spdy_util_.ConstructSpdyPost(
+  std::unique_ptr<SpdySerializedFrame> req3(spdy_util_.ConstructSpdyPost(
       kDefaultURL, 5, kBodyDataSize, LOWEST, nullptr, 0));
-  scoped_ptr<SpdySerializedFrame> body2(
+  std::unique_ptr<SpdySerializedFrame> body2(
       spdy_util_.ConstructSpdyBodyFrame(3, kBodyData, kBodyDataSize, true));
   MockWrite writes[] = {
     CreateMockWrite(*req1, 0),
@@ -4482,7 +4485,7 @@ TEST_P(SpdySessionTest, SendWindowSizeIncreaseWithDeletedStreams) {
     CreateMockWrite(*body2, 3),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp2(
+  std::unique_ptr<SpdySerializedFrame> resp2(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 3));
   MockRead reads[] = {
       CreateMockRead(*resp2, 4),
@@ -4529,7 +4532,7 @@ TEST_P(SpdySessionTest, SendWindowSizeIncreaseWithDeletedStreams) {
 
   StallSessionSend();
 
-  scoped_ptr<SpdyHeaderBlock> headers1(
+  std::unique_ptr<SpdyHeaderBlock> headers1(
       spdy_util_.ConstructPostHeaderBlock(kDefaultURL, kBodyDataSize));
   EXPECT_EQ(ERR_IO_PENDING, stream1->SendRequestHeaders(std::move(headers1),
                                                         MORE_DATA_TO_SEND));
@@ -4540,7 +4543,7 @@ TEST_P(SpdySessionTest, SendWindowSizeIncreaseWithDeletedStreams) {
   EXPECT_EQ(1u, stream1->stream_id());
   EXPECT_TRUE(stream1->send_stalled_by_flow_control());
 
-  scoped_ptr<SpdyHeaderBlock> headers2(
+  std::unique_ptr<SpdyHeaderBlock> headers2(
       spdy_util_.ConstructPostHeaderBlock(kDefaultURL, kBodyDataSize));
   EXPECT_EQ(ERR_IO_PENDING, stream2->SendRequestHeaders(std::move(headers2),
                                                         MORE_DATA_TO_SEND));
@@ -4551,7 +4554,7 @@ TEST_P(SpdySessionTest, SendWindowSizeIncreaseWithDeletedStreams) {
   EXPECT_EQ(3u, stream2->stream_id());
   EXPECT_TRUE(stream2->send_stalled_by_flow_control());
 
-  scoped_ptr<SpdyHeaderBlock> headers3(
+  std::unique_ptr<SpdyHeaderBlock> headers3(
       spdy_util_.ConstructPostHeaderBlock(kDefaultURL, kBodyDataSize));
   EXPECT_EQ(ERR_IO_PENDING, stream3->SendRequestHeaders(std::move(headers3),
                                                         MORE_DATA_TO_SEND));
@@ -4614,11 +4617,11 @@ TEST_P(SpdySessionTest, SendWindowSizeIncreaseWithDeletedStreams) {
 TEST_P(SpdySessionTest, SendWindowSizeIncreaseWithDeletedSession) {
   session_deps_.host_resolver->set_synchronous_mode(true);
 
-  scoped_ptr<SpdySerializedFrame> req1(spdy_util_.ConstructSpdyPost(
+  std::unique_ptr<SpdySerializedFrame> req1(spdy_util_.ConstructSpdyPost(
       kDefaultURL, 1, kBodyDataSize, LOWEST, nullptr, 0));
-  scoped_ptr<SpdySerializedFrame> req2(spdy_util_.ConstructSpdyPost(
+  std::unique_ptr<SpdySerializedFrame> req2(spdy_util_.ConstructSpdyPost(
       kDefaultURL, 3, kBodyDataSize, LOWEST, nullptr, 0));
-  scoped_ptr<SpdySerializedFrame> body1(
+  std::unique_ptr<SpdySerializedFrame> body1(
       spdy_util_.ConstructSpdyBodyFrame(1, kBodyData, kBodyDataSize, false));
   MockWrite writes[] = {
     CreateMockWrite(*req1, 0),
@@ -4658,7 +4661,7 @@ TEST_P(SpdySessionTest, SendWindowSizeIncreaseWithDeletedSession) {
 
   StallSessionSend();
 
-  scoped_ptr<SpdyHeaderBlock> headers1(
+  std::unique_ptr<SpdyHeaderBlock> headers1(
       spdy_util_.ConstructPostHeaderBlock(kDefaultURL, kBodyDataSize));
   EXPECT_EQ(ERR_IO_PENDING, stream1->SendRequestHeaders(std::move(headers1),
                                                         MORE_DATA_TO_SEND));
@@ -4669,7 +4672,7 @@ TEST_P(SpdySessionTest, SendWindowSizeIncreaseWithDeletedSession) {
   EXPECT_EQ(1u, stream1->stream_id());
   EXPECT_TRUE(stream1->send_stalled_by_flow_control());
 
-  scoped_ptr<SpdyHeaderBlock> headers2(
+  std::unique_ptr<SpdyHeaderBlock> headers2(
       spdy_util_.ConstructPostHeaderBlock(kDefaultURL, kBodyDataSize));
   EXPECT_EQ(ERR_IO_PENDING, stream2->SendRequestHeaders(std::move(headers2),
                                                         MORE_DATA_TO_SEND));
@@ -4707,9 +4710,9 @@ TEST_P(SpdySessionTest, SendWindowSizeIncreaseWithDeletedSession) {
 }
 
 TEST_P(SpdySessionTest, GoAwayOnSessionFlowControlError) {
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> goaway(spdy_util_.ConstructSpdyGoAway(
+  std::unique_ptr<SpdySerializedFrame> goaway(spdy_util_.ConstructSpdyGoAway(
       0, GOAWAY_FLOW_CONTROL_ERROR,
       "delta_window_size is 6 in DecreaseRecvWindowSize, which is larger than "
       "the receive window size of 1"));
@@ -4717,9 +4720,9 @@ TEST_P(SpdySessionTest, GoAwayOnSessionFlowControlError) {
       CreateMockWrite(*req, 0), CreateMockWrite(*goaway, 4),
   };
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(nullptr, 0, 1));
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       spdy_util_.ConstructSpdyBodyFrame(1, true));
   MockRead reads[] = {
       MockRead(ASYNC, ERR_IO_PENDING, 1),
@@ -4739,7 +4742,7 @@ TEST_P(SpdySessionTest, GoAwayOnSessionFlowControlError) {
   test::StreamDelegateDoNothing delegate(spdy_stream);
   spdy_stream->SetDelegate(&delegate);
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
   spdy_stream->SendRequestHeaders(std::move(headers), NO_MORE_DATA_TO_SEND);
 
@@ -4786,9 +4789,9 @@ TEST_P(SpdySessionTest, PushedStreamShouldNotCountToClientConcurrencyLimit) {
   SettingsMap new_settings;
   new_settings[SETTINGS_MAX_CONCURRENT_STREAMS] =
       SettingsFlagsAndValue(SETTINGS_FLAG_NONE, 2);
-  scoped_ptr<SpdySerializedFrame> settings_frame(
+  std::unique_ptr<SpdySerializedFrame> settings_frame(
       spdy_util_.ConstructSpdySettings(new_settings));
-  scoped_ptr<SpdySerializedFrame> pushed(spdy_util_.ConstructSpdyPush(
+  std::unique_ptr<SpdySerializedFrame> pushed(spdy_util_.ConstructSpdyPush(
       nullptr, 0, 2, 1, "http://www.example.org/a.dat"));
   MockRead reads[] = {
       CreateMockRead(*settings_frame, 0),
@@ -4798,9 +4801,9 @@ TEST_P(SpdySessionTest, PushedStreamShouldNotCountToClientConcurrencyLimit) {
       MockRead(ASYNC, 0, 6),
   };
 
-  scoped_ptr<SpdySerializedFrame> settings_ack(
+  std::unique_ptr<SpdySerializedFrame> settings_ack(
       spdy_util_.ConstructSpdySettingsAck());
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
   MockWrite writes[] = {
       CreateMockWrite(*settings_ack, 1), CreateMockWrite(*req, 2),
@@ -4827,7 +4830,7 @@ TEST_P(SpdySessionTest, PushedStreamShouldNotCountToClientConcurrencyLimit) {
   EXPECT_EQ(0u, session_->num_pushed_streams());
   EXPECT_EQ(0u, session_->num_active_pushed_streams());
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
   spdy_stream1->SendRequestHeaders(std::move(headers), NO_MORE_DATA_TO_SEND);
   EXPECT_TRUE(spdy_stream1->HasUrlFromHeaders());
@@ -4867,9 +4870,9 @@ TEST_P(SpdySessionTest, PushedStreamShouldNotCountToClientConcurrencyLimit) {
 }
 
 TEST_P(SpdySessionTest, RejectPushedStreamExceedingConcurrencyLimit) {
-  scoped_ptr<SpdySerializedFrame> push_a(spdy_util_.ConstructSpdyPush(
+  std::unique_ptr<SpdySerializedFrame> push_a(spdy_util_.ConstructSpdyPush(
       nullptr, 0, 2, 1, "http://www.example.org/a.dat"));
-  scoped_ptr<SpdySerializedFrame> push_b(spdy_util_.ConstructSpdyPush(
+  std::unique_ptr<SpdySerializedFrame> push_b(spdy_util_.ConstructSpdyPush(
       nullptr, 0, 4, 1, "http://www.example.org/b.dat"));
   MockRead reads[] = {
       MockRead(ASYNC, ERR_IO_PENDING, 1),
@@ -4880,9 +4883,9 @@ TEST_P(SpdySessionTest, RejectPushedStreamExceedingConcurrencyLimit) {
       MockRead(ASYNC, 0, 7),
   };
 
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(4, RST_STREAM_REFUSED_STREAM));
   MockWrite writes[] = {
       CreateMockWrite(*req, 0), CreateMockWrite(*rst, 5),
@@ -4907,7 +4910,7 @@ TEST_P(SpdySessionTest, RejectPushedStreamExceedingConcurrencyLimit) {
   EXPECT_EQ(0u, session_->num_pushed_streams());
   EXPECT_EQ(0u, session_->num_active_pushed_streams());
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
   spdy_stream1->SendRequestHeaders(std::move(headers), NO_MORE_DATA_TO_SEND);
   EXPECT_TRUE(spdy_stream1->HasUrlFromHeaders());
@@ -4953,11 +4956,11 @@ TEST_P(SpdySessionTest, TrustedSpdyProxy) {
 
   // cross_origin_push contains HTTP resource for an origin different from the
   // origin of kDefaultURL, and should be accepted.
-  scoped_ptr<SpdySerializedFrame> cross_origin_push(
+  std::unique_ptr<SpdySerializedFrame> cross_origin_push(
       spdy_util_.ConstructSpdyPush(nullptr, 0, 2, 1,
                                    kHttpURLFromAnotherOrigin));
   // cross_origin_https_push contains HTTPS resource, and should be refused.
-  scoped_ptr<SpdySerializedFrame> cross_origin_https_push(
+  std::unique_ptr<SpdySerializedFrame> cross_origin_https_push(
       spdy_util_.ConstructSpdyPush(nullptr, 0, 4, 1,
                                    kHttpsURLFromAnotherOrigin));
   MockRead reads[] = {
@@ -4969,9 +4972,9 @@ TEST_P(SpdySessionTest, TrustedSpdyProxy) {
       MockRead(ASYNC, 0, 7),
   };
 
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(4, RST_STREAM_REFUSED_STREAM));
   MockWrite writes[] = {
       CreateMockWrite(*req, 0), CreateMockWrite(*rst, 5),
@@ -4980,7 +4983,7 @@ TEST_P(SpdySessionTest, TrustedSpdyProxy) {
   SequencedSocketData data(reads, arraysize(reads), writes, arraysize(writes));
   session_deps_.socket_factory->AddSocketDataProvider(&data);
 
-  scoped_ptr<TestProxyDelegate> proxy_delegate(new TestProxyDelegate());
+  std::unique_ptr<TestProxyDelegate> proxy_delegate(new TestProxyDelegate());
   proxy_delegate->set_trusted_spdy_proxy(
       net::ProxyServer(net::ProxyServer::SCHEME_HTTPS,
                        HostPortPair(GURL(kDefaultURL).host(), 80)));
@@ -5001,7 +5004,7 @@ TEST_P(SpdySessionTest, TrustedSpdyProxy) {
   EXPECT_EQ(0u, session_->num_pushed_streams());
   EXPECT_EQ(0u, session_->num_active_pushed_streams());
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
   spdy_stream->SendRequestHeaders(std::move(headers), NO_MORE_DATA_TO_SEND);
   EXPECT_TRUE(spdy_stream->HasUrlFromHeaders());
@@ -5046,7 +5049,7 @@ TEST_P(SpdySessionTest, TrustedSpdyProxyNotSet) {
 
   // cross_origin_push contains resource for an origin different from the
   // origin of kDefaultURL, and should be refused.
-  scoped_ptr<SpdySerializedFrame> cross_origin_push(
+  std::unique_ptr<SpdySerializedFrame> cross_origin_push(
       spdy_util_.ConstructSpdyPush(nullptr, 0, 2, 1,
                                    kHttpURLFromAnotherOrigin));
   MockRead reads[] = {
@@ -5054,9 +5057,9 @@ TEST_P(SpdySessionTest, TrustedSpdyProxyNotSet) {
       MockRead(ASYNC, 0, 4),
   };
 
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(2, RST_STREAM_REFUSED_STREAM));
   MockWrite writes[] = {
       CreateMockWrite(*req, 0), CreateMockWrite(*rst, 3),
@@ -5080,7 +5083,7 @@ TEST_P(SpdySessionTest, TrustedSpdyProxyNotSet) {
   EXPECT_EQ(0u, session_->num_pushed_streams());
   EXPECT_EQ(0u, session_->num_active_pushed_streams());
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
   spdy_stream->SendRequestHeaders(std::move(headers), NO_MORE_DATA_TO_SEND);
   EXPECT_TRUE(spdy_stream->HasUrlFromHeaders());
@@ -5105,14 +5108,14 @@ TEST_P(SpdySessionTest, IgnoreReservedRemoteStreamsCount) {
   if (spdy_util_.spdy_version() < HTTP2)
     return;
 
-  scoped_ptr<SpdySerializedFrame> push_a(spdy_util_.ConstructSpdyPush(
+  std::unique_ptr<SpdySerializedFrame> push_a(spdy_util_.ConstructSpdyPush(
       nullptr, 0, 2, 1, "http://www.example.org/a.dat"));
-  scoped_ptr<SpdyHeaderBlock> push_headers(new SpdyHeaderBlock);
+  std::unique_ptr<SpdyHeaderBlock> push_headers(new SpdyHeaderBlock);
   spdy_util_.AddUrlToHeaderBlock("http://www.example.org/b.dat",
                                  push_headers.get());
-  scoped_ptr<SpdySerializedFrame> push_b(
+  std::unique_ptr<SpdySerializedFrame> push_b(
       spdy_util_.ConstructInitialSpdyPushFrame(std::move(push_headers), 4, 1));
-  scoped_ptr<SpdySerializedFrame> headers_b(
+  std::unique_ptr<SpdySerializedFrame> headers_b(
       spdy_util_.ConstructSpdyPushHeaders(4, nullptr, 0));
   MockRead reads[] = {
       MockRead(ASYNC, ERR_IO_PENDING, 1),
@@ -5125,9 +5128,9 @@ TEST_P(SpdySessionTest, IgnoreReservedRemoteStreamsCount) {
       MockRead(ASYNC, 0, 9),
   };
 
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(4, RST_STREAM_REFUSED_STREAM));
   MockWrite writes[] = {
       CreateMockWrite(*req, 0), CreateMockWrite(*rst, 7),
@@ -5152,7 +5155,7 @@ TEST_P(SpdySessionTest, IgnoreReservedRemoteStreamsCount) {
   EXPECT_EQ(0u, session_->num_pushed_streams());
   EXPECT_EQ(0u, session_->num_active_pushed_streams());
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
   spdy_stream1->SendRequestHeaders(std::move(headers), NO_MORE_DATA_TO_SEND);
   EXPECT_TRUE(spdy_stream1->HasUrlFromHeaders());
@@ -5203,11 +5206,11 @@ TEST_P(SpdySessionTest, CancelReservedStreamOnHeadersReceived) {
     return;
 
   const char kPushedUrl[] = "http://www.example.org/a.dat";
-  scoped_ptr<SpdyHeaderBlock> push_headers(new SpdyHeaderBlock);
+  std::unique_ptr<SpdyHeaderBlock> push_headers(new SpdyHeaderBlock);
   spdy_util_.AddUrlToHeaderBlock(kPushedUrl, push_headers.get());
-  scoped_ptr<SpdySerializedFrame> push_promise(
+  std::unique_ptr<SpdySerializedFrame> push_promise(
       spdy_util_.ConstructInitialSpdyPushFrame(std::move(push_headers), 2, 1));
-  scoped_ptr<SpdySerializedFrame> headers_frame(
+  std::unique_ptr<SpdySerializedFrame> headers_frame(
       spdy_util_.ConstructSpdyPushHeaders(2, nullptr, 0));
   MockRead reads[] = {
       MockRead(ASYNC, ERR_IO_PENDING, 1),
@@ -5218,9 +5221,9 @@ TEST_P(SpdySessionTest, CancelReservedStreamOnHeadersReceived) {
       MockRead(ASYNC, 0, 7),
   };
 
-  scoped_ptr<SpdySerializedFrame> req(
+  std::unique_ptr<SpdySerializedFrame> req(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(2, RST_STREAM_CANCEL));
   MockWrite writes[] = {
       CreateMockWrite(*req, 0), CreateMockWrite(*rst, 5),
@@ -5244,7 +5247,7 @@ TEST_P(SpdySessionTest, CancelReservedStreamOnHeadersReceived) {
   EXPECT_EQ(0u, session_->num_pushed_streams());
   EXPECT_EQ(0u, session_->num_active_pushed_streams());
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
   spdy_stream1->SendRequestHeaders(std::move(headers), NO_MORE_DATA_TO_SEND);
   EXPECT_TRUE(spdy_stream1->HasUrlFromHeaders());
diff --git a/chromium/net/spdy/spdy_stream.cc b/chromium/net/spdy/spdy_stream.cc
index 9a7ddef8162..078ea22e9c3 100644
--- a/chromium/net/spdy/spdy_stream.cc
+++ b/chromium/net/spdy/spdy_stream.cc
@@ -14,8 +14,9 @@
 #include "base/metrics/histogram_macros.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/string_number_conversions.h"
+#include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/values.h"
 #include "net/spdy/spdy_buffer_producer.h"
 #include "net/spdy/spdy_http_utils.h"
@@ -25,24 +26,24 @@ namespace net {
 
 namespace {
 
-scoped_ptr<base::Value> NetLogSpdyStreamErrorCallback(
+std::unique_ptr<base::Value> NetLogSpdyStreamErrorCallback(
     SpdyStreamId stream_id,
     int status,
     const std::string* description,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetInteger("stream_id", static_cast<int>(stream_id));
   dict->SetInteger("status", status);
   dict->SetString("description", *description);
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogSpdyStreamWindowUpdateCallback(
+std::unique_ptr<base::Value> NetLogSpdyStreamWindowUpdateCallback(
     SpdyStreamId stream_id,
     int32_t delta,
     int32_t window_size,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetInteger("stream_id", stream_id);
   dict->SetInteger("delta", delta);
   dict->SetInteger("window_size", window_size);
@@ -50,12 +51,7 @@ scoped_ptr<base::Value> NetLogSpdyStreamWindowUpdateCallback(
 }
 
 bool ContainsUppercaseAscii(const std::string& str) {
-  for (std::string::const_iterator i(str.begin()); i != str.end(); ++i) {
-    if (*i >= 'A' && *i <= 'Z') {
-      return true;
-    }
-  }
-  return false;
+  return std::any_of(str.begin(), str.end(), base::IsAsciiUpper<char>);
 }
 
 }  // namespace
@@ -72,13 +68,13 @@ class SpdyStream::SynStreamBufferProducer : public SpdyBufferProducer {
 
   ~SynStreamBufferProducer() override {}
 
-  scoped_ptr<SpdyBuffer> ProduceBuffer() override {
+  std::unique_ptr<SpdyBuffer> ProduceBuffer() override {
     if (!stream_.get()) {
       NOTREACHED();
-      return scoped_ptr<SpdyBuffer>();
+      return std::unique_ptr<SpdyBuffer>();
     }
     DCHECK_GT(stream_->stream_id(), 0u);
-    return scoped_ptr<SpdyBuffer>(
+    return std::unique_ptr<SpdyBuffer>(
         new SpdyBuffer(stream_->ProduceSynStreamFrame()));
   }
 
@@ -181,7 +177,7 @@ void SpdyStream::PushedStreamReplay() {
 
   while (!pending_recv_data_.empty()) {
     // Take ownership of the first element of |pending_recv_data_|.
-    scoped_ptr<SpdyBuffer> buffer = std::move(pending_recv_data_.at(0));
+    std::unique_ptr<SpdyBuffer> buffer = std::move(pending_recv_data_.at(0));
     pending_recv_data_.erase(pending_recv_data_.begin());
 
     bool eof = (buffer == NULL);
@@ -203,7 +199,7 @@ void SpdyStream::PushedStreamReplay() {
   }
 }
 
-scoped_ptr<SpdySerializedFrame> SpdyStream::ProduceSynStreamFrame() {
+std::unique_ptr<SpdySerializedFrame> SpdyStream::ProduceSynStreamFrame() {
   CHECK_EQ(io_state_, STATE_IDLE);
   CHECK(request_headers_);
   CHECK_GT(stream_id_, 0u);
@@ -211,7 +207,7 @@ scoped_ptr<SpdySerializedFrame> SpdyStream::ProduceSynStreamFrame() {
   SpdyControlFlags flags =
       (pending_send_status_ == NO_MORE_DATA_TO_SEND) ?
       CONTROL_FLAG_FIN : CONTROL_FLAG_NONE;
-  scoped_ptr<SpdySerializedFrame> frame(session_->CreateSynStream(
+  std::unique_ptr<SpdySerializedFrame> frame(session_->CreateSynStream(
       stream_id_, priority_, flags, *request_headers_));
   send_time_ = base::TimeTicks::Now();
   return frame;
@@ -477,9 +473,13 @@ void SpdyStream::OnPushPromiseHeadersReceived(const SpdyHeaderBlock& headers) {
   request_headers_.reset(new SpdyHeaderBlock(headers));
 }
 
-void SpdyStream::OnDataReceived(scoped_ptr<SpdyBuffer> buffer) {
+void SpdyStream::OnDataReceived(std::unique_ptr<SpdyBuffer> buffer) {
   DCHECK(session_->IsStreamActive(stream_id_));
 
+  // Track our bandwidth.
+  recv_bytes_ += buffer ? buffer->GetRemainingSize() : 0;
+  recv_last_byte_time_ = base::TimeTicks::Now();
+
   // If we're still buffering data for a push stream, we will do the
   // check for data received with incomplete headers in
   // PushedStreamReplayData().
@@ -541,10 +541,6 @@ void SpdyStream::OnDataReceived(scoped_ptr<SpdyBuffer> buffer) {
   buffer->AddConsumeCallback(
       base::Bind(&SpdyStream::OnReadBufferConsumed, GetWeakPtr()));
 
-  // Track our bandwidth.
-  recv_bytes_ += length;
-  recv_last_byte_time_ = base::TimeTicks::Now();
-
   // May close |this|.
   delegate_->OnDataReceived(std::move(buffer));
 }
@@ -576,9 +572,9 @@ void SpdyStream::OnFrameWriteComplete(SpdyFrameType frame_type,
   }
 
   if (pending_send_status_ == NO_MORE_DATA_TO_SEND) {
-    if(io_state_ == STATE_OPEN) {
+    if (io_state_ == STATE_OPEN) {
       io_state_ = STATE_HALF_CLOSED_LOCAL;
-    } else if(io_state_ == STATE_HALF_CLOSED_REMOTE) {
+    } else if (io_state_ == STATE_HALF_CLOSED_REMOTE) {
       io_state_ = STATE_CLOSED;
     } else {
       NOTREACHED() << io_state_;
@@ -688,8 +684,9 @@ base::WeakPtr<SpdyStream> SpdyStream::GetWeakPtr() {
   return weak_ptr_factory_.GetWeakPtr();
 }
 
-int SpdyStream::SendRequestHeaders(scoped_ptr<SpdyHeaderBlock> request_headers,
-                                   SpdySendStatus send_status) {
+int SpdyStream::SendRequestHeaders(
+    std::unique_ptr<SpdyHeaderBlock> request_headers,
+    SpdySendStatus send_status) {
   CHECK_NE(type_, SPDY_PUSH_STREAM);
   CHECK_EQ(pending_send_status_, MORE_DATA_TO_SEND);
   CHECK(!request_headers_);
@@ -697,10 +694,9 @@ int SpdyStream::SendRequestHeaders(scoped_ptr<SpdyHeaderBlock> request_headers,
   CHECK_EQ(io_state_, STATE_IDLE);
   request_headers_ = std::move(request_headers);
   pending_send_status_ = send_status;
-  session_->EnqueueStreamWrite(
-      GetWeakPtr(), SYN_STREAM,
-      scoped_ptr<SpdyBufferProducer>(
-          new SynStreamBufferProducer(GetWeakPtr())));
+  session_->EnqueueStreamWrite(GetWeakPtr(), SYN_STREAM,
+                               std::unique_ptr<SpdyBufferProducer>(
+                                   new SynStreamBufferProducer(GetWeakPtr())));
   return ERR_IO_PENDING;
 }
 
@@ -774,8 +770,15 @@ void SpdyStream::AddRawSentBytes(size_t sent_bytes) {
 bool SpdyStream::GetLoadTimingInfo(LoadTimingInfo* load_timing_info) const {
   if (stream_id_ == 0)
     return false;
-
-  return session_->GetLoadTimingInfo(stream_id_, load_timing_info);
+  bool result = session_->GetLoadTimingInfo(stream_id_, load_timing_info);
+  if (type_ == SPDY_PUSH_STREAM) {
+    load_timing_info->push_start = recv_first_byte_time_;
+    bool done_receiving = IsClosed() || (!pending_recv_data_.empty() &&
+                                         !pending_recv_data_.back());
+    if (done_receiving)
+      load_timing_info->push_end = recv_last_byte_time_;
+  }
+  return result;
 }
 
 GURL SpdyStream::GetUrlFromHeaders() const {
@@ -836,11 +839,9 @@ void SpdyStream::QueueNextDataFrame() {
   SpdyDataFlags flags =
       (pending_send_status_ == NO_MORE_DATA_TO_SEND) ?
       DATA_FLAG_FIN : DATA_FLAG_NONE;
-  scoped_ptr<SpdyBuffer> data_buffer(
-      session_->CreateDataBuffer(stream_id_,
-                                 pending_send_data_.get(),
-                                 pending_send_data_->BytesRemaining(),
-                                 flags));
+  std::unique_ptr<SpdyBuffer> data_buffer(
+      session_->CreateDataBuffer(stream_id_, pending_send_data_.get(),
+                                 pending_send_data_->BytesRemaining(), flags));
   // We'll get called again by PossiblyResumeIfSendStalled().
   if (!data_buffer)
     return;
@@ -864,7 +865,7 @@ void SpdyStream::QueueNextDataFrame() {
 
   session_->EnqueueStreamWrite(
       GetWeakPtr(), DATA,
-      scoped_ptr<SpdyBufferProducer>(
+      std::unique_ptr<SpdyBufferProducer>(
           new SimpleBufferProducer(std::move(data_buffer))));
 }
 
diff --git a/chromium/net/spdy/spdy_stream.h b/chromium/net/spdy/spdy_stream.h
index 742f24867c9..499372a9ca8 100644
--- a/chromium/net/spdy/spdy_stream.h
+++ b/chromium/net/spdy/spdy_stream.h
@@ -9,12 +9,12 @@
 #include <stdint.h>
 
 #include <deque>
+#include <memory>
 #include <string>
 #include <vector>
 
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "net/base/io_buffer.h"
 #include "net/base/net_export.h"
@@ -138,7 +138,7 @@ class NET_EXPORT_PRIVATE SpdyStream {
     // a network error code otherwise.
     //
     // May cause the stream to be closed.
-    virtual void OnDataReceived(scoped_ptr<SpdyBuffer> buffer) = 0;
+    virtual void OnDataReceived(std::unique_ptr<SpdyBuffer> buffer) = 0;
 
     // Called when data is sent. Must not cause the stream to be
     // closed.
@@ -321,7 +321,7 @@ class NET_EXPORT_PRIVATE SpdyStream {
   //
   // |length| is the number of bytes received (at most 2^24 - 1) or 0 if
   //          the stream is being closed.
-  void OnDataReceived(scoped_ptr<SpdyBuffer> buffer);
+  void OnDataReceived(std::unique_ptr<SpdyBuffer> buffer);
 
   // Called by the SpdySession when padding is consumed to allow for the stream
   // receiving window to be updated.
@@ -373,7 +373,7 @@ class NET_EXPORT_PRIVATE SpdyStream {
   // bidirectional streams; for request/response streams, it must be
   // MORE_DATA_TO_SEND if the request has data to upload, or
   // NO_MORE_DATA_TO_SEND if not.
-  int SendRequestHeaders(scoped_ptr<SpdyHeaderBlock> request_headers,
+  int SendRequestHeaders(std::unique_ptr<SpdyHeaderBlock> request_headers,
                          SpdySendStatus send_status);
 
   // Sends a DATA frame. The delegate will be notified via
@@ -481,12 +481,12 @@ class NET_EXPORT_PRIVATE SpdyStream {
 
   // Produces the SYN_STREAM frame for the stream. The stream must
   // already be activated.
-  scoped_ptr<SpdySerializedFrame> ProduceSynStreamFrame();
+  std::unique_ptr<SpdySerializedFrame> ProduceSynStreamFrame();
 
   // Produce the initial HEADER frame for the stream with the given
   // block. The stream must already be activated.
-  scoped_ptr<SpdySerializedFrame> ProduceHeaderFrame(
-      scoped_ptr<SpdyHeaderBlock> header_block);
+  std::unique_ptr<SpdySerializedFrame> ProduceHeaderFrame(
+      std::unique_ptr<SpdyHeaderBlock> header_block);
 
   // Queues the send for next frame of the remaining data in
   // |pending_send_data_|. Must be called only when
@@ -536,7 +536,7 @@ class NET_EXPORT_PRIVATE SpdyStream {
   //
   // TODO(akalin): Hang onto this only until we send it. This
   // necessitates stashing the URL separately.
-  scoped_ptr<SpdyHeaderBlock> request_headers_;
+  std::unique_ptr<SpdyHeaderBlock> request_headers_;
 
   // Data waiting to be sent, and the close state of the local endpoint
   // after the data is fully written.
@@ -547,7 +547,7 @@ class NET_EXPORT_PRIVATE SpdyStream {
   // after the data is fully read. Specifically, data received before the
   // delegate is attached must be buffered and later replayed. A remote FIN
   // is represented by a final, zero-length buffer.
-  std::vector<scoped_ptr<SpdyBuffer>> pending_recv_data_;
+  std::vector<std::unique_ptr<SpdyBuffer>> pending_recv_data_;
 
   // The time at which the request was made that resulted in this response.
   // For cached responses, this time could be "far" in the past.
diff --git a/chromium/net/spdy/spdy_stream_test_util.cc b/chromium/net/spdy/spdy_stream_test_util.cc
index e0d8e69ada0..e052b881b81 100644
--- a/chromium/net/spdy/spdy_stream_test_util.cc
+++ b/chromium/net/spdy/spdy_stream_test_util.cc
@@ -30,7 +30,7 @@ SpdyResponseHeadersStatus ClosingDelegate::OnResponseHeadersUpdated(
   return RESPONSE_HEADERS_ARE_COMPLETE;
 }
 
-void ClosingDelegate::OnDataReceived(scoped_ptr<SpdyBuffer> buffer) {}
+void ClosingDelegate::OnDataReceived(std::unique_ptr<SpdyBuffer> buffer) {}
 
 void ClosingDelegate::OnDataSent() {}
 
@@ -65,7 +65,7 @@ SpdyResponseHeadersStatus StreamDelegateBase::OnResponseHeadersUpdated(
   return RESPONSE_HEADERS_ARE_COMPLETE;
 }
 
-void StreamDelegateBase::OnDataReceived(scoped_ptr<SpdyBuffer> buffer) {
+void StreamDelegateBase::OnDataReceived(std::unique_ptr<SpdyBuffer> buffer) {
   if (buffer)
     received_data_queue_.Enqueue(std::move(buffer));
 }
diff --git a/chromium/net/spdy/spdy_stream_test_util.h b/chromium/net/spdy/spdy_stream_test_util.h
index 9c260ea2e0e..ef3617f6944 100644
--- a/chromium/net/spdy/spdy_stream_test_util.h
+++ b/chromium/net/spdy/spdy_stream_test_util.h
@@ -5,9 +5,10 @@
 #ifndef NET_SPDY_SPDY_STREAM_TEST_UTIL_H_
 #define NET_SPDY_SPDY_STREAM_TEST_UTIL_H_
 
+#include <memory>
+
 #include "base/compiler_specific.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_piece.h"
 #include "net/base/io_buffer.h"
 #include "net/base/test_completion_callback.h"
@@ -29,7 +30,7 @@ class ClosingDelegate : public SpdyStream::Delegate {
   void OnRequestHeadersSent() override;
   SpdyResponseHeadersStatus OnResponseHeadersUpdated(
       const SpdyHeaderBlock& response_headers) override;
-  void OnDataReceived(scoped_ptr<SpdyBuffer> buffer) override;
+  void OnDataReceived(std::unique_ptr<SpdyBuffer> buffer) override;
   void OnDataSent() override;
   void OnTrailers(const SpdyHeaderBlock& trailers) override;
   void OnClose(int status) override;
@@ -51,7 +52,7 @@ class StreamDelegateBase : public SpdyStream::Delegate {
   void OnRequestHeadersSent() override;
   SpdyResponseHeadersStatus OnResponseHeadersUpdated(
       const SpdyHeaderBlock& response_headers) override;
-  void OnDataReceived(scoped_ptr<SpdyBuffer> buffer) override;
+  void OnDataReceived(std::unique_ptr<SpdyBuffer> buffer) override;
   void OnDataSent() override;
   void OnTrailers(const SpdyHeaderBlock& trailers) override;
   void OnClose(int status) override;
diff --git a/chromium/net/spdy/spdy_stream_unittest.cc b/chromium/net/spdy/spdy_stream_unittest.cc
index e9867dc1ecd..6a56ae35bf6 100644
--- a/chromium/net/spdy/spdy_stream_unittest.cc
+++ b/chromium/net/spdy/spdy_stream_unittest.cc
@@ -5,14 +5,15 @@
 #include "net/spdy/spdy_stream.h"
 
 #include <stdint.h>
+
 #include <cstddef>
 #include <limits>
+#include <memory>
 #include <string>
 #include <utility>
 #include <vector>
 
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/run_loop.h"
 #include "base/strings/string_piece.h"
 #include "net/base/completion_callback.h"
@@ -134,9 +135,16 @@ class SpdyStreamTest : public ::testing::Test,
     return writes_.size();
   }
 
+  void ActivatePushStream(SpdySession* session, SpdyStream* stream) {
+    std::unique_ptr<SpdyStream> activated =
+        session->ActivateCreatedStream(stream);
+    activated->set_stream_id(2);
+    session->InsertActivatedStream(std::move(activated));
+  }
+
   SpdyTestUtil spdy_util_;
   SpdySessionDependencies session_deps_;
-  scoped_ptr<HttpNetworkSession> session_;
+  std::unique_ptr<HttpNetworkSession> session_;
 
  private:
   // Used by Add{Read,Write}() above.
@@ -154,19 +162,19 @@ INSTANTIATE_TEST_CASE_P(ProtoPlusDepend,
 TEST_P(SpdyStreamTest, SendDataAfterOpen) {
   GURL url(kStreamUrl);
 
-  scoped_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
+  std::unique_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
       kStreamUrl, 1, kPostBodyLength, LOWEST, NULL, 0));
   AddWrite(*req);
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyPostSynReply(NULL, 0));
   AddRead(*resp);
 
-  scoped_ptr<SpdySerializedFrame> msg(
+  std::unique_ptr<SpdySerializedFrame> msg(
       spdy_util_.ConstructSpdyBodyFrame(1, kPostBody, kPostBodyLength, false));
   AddWrite(*msg);
 
-  scoped_ptr<SpdySerializedFrame> echo(
+  std::unique_ptr<SpdySerializedFrame> echo(
       spdy_util_.ConstructSpdyBodyFrame(1, kPostBody, kPostBodyLength, false));
   AddRead(*echo);
 
@@ -191,7 +199,7 @@ TEST_P(SpdyStreamTest, SendDataAfterOpen) {
 
   EXPECT_FALSE(stream->HasUrlFromHeaders());
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructPostHeaderBlock(kStreamUrl, kPostBodyLength));
   EXPECT_EQ(ERR_IO_PENDING,
             stream->SendRequestHeaders(std::move(headers), MORE_DATA_TO_SEND));
@@ -230,25 +238,25 @@ class StreamDelegateWithTrailers : public test::StreamDelegateWithBody {
 TEST_P(SpdyStreamTest, Trailers) {
   GURL url(kStreamUrl);
 
-  scoped_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
+  std::unique_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
       kStreamUrl, 1, kPostBodyLength, LOWEST, NULL, 0));
   AddWrite(*req);
 
-  scoped_ptr<SpdySerializedFrame> msg(
+  std::unique_ptr<SpdySerializedFrame> msg(
       spdy_util_.ConstructSpdyBodyFrame(1, kPostBody, kPostBodyLength, true));
   AddWrite(*msg);
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyPostSynReply(NULL, 0));
   AddRead(*resp);
 
-  scoped_ptr<SpdySerializedFrame> echo(
+  std::unique_ptr<SpdySerializedFrame> echo(
       spdy_util_.ConstructSpdyBodyFrame(1, kPostBody, kPostBodyLength, false));
   AddRead(*echo);
 
   SpdyHeaderBlock late_headers;
   late_headers["foo"] = "bar";
-  scoped_ptr<SpdySerializedFrame> trailers(
+  std::unique_ptr<SpdySerializedFrame> trailers(
       spdy_util_.ConstructSpdyResponseHeaders(1, late_headers, false));
   AddRead(*trailers);
 
@@ -272,7 +280,7 @@ TEST_P(SpdyStreamTest, Trailers) {
 
   EXPECT_FALSE(stream->HasUrlFromHeaders());
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructPostHeaderBlock(kStreamUrl, kPostBodyLength));
   EXPECT_EQ(ERR_IO_PENDING,
             stream->SendRequestHeaders(std::move(headers), MORE_DATA_TO_SEND));
@@ -304,36 +312,51 @@ TEST_P(SpdyStreamTest, PushedStream) {
   base::WeakPtr<SpdySession> spdy_session(CreateDefaultSpdySession());
 
   // Conjure up a stream.
-  SpdyStream stream(SPDY_PUSH_STREAM, spdy_session, GURL(), DEFAULT_PRIORITY,
-                    SpdySession::GetDefaultInitialWindowSize(kProtoSPDY31),
-                    SpdySession::GetDefaultInitialWindowSize(kProtoSPDY31),
-                    BoundNetLog());
-  stream.set_stream_id(2);
-  EXPECT_FALSE(stream.HasUrlFromHeaders());
+  SpdyStreamRequest stream_request;
+  int result = stream_request.StartRequest(SPDY_PUSH_STREAM, spdy_session,
+                                           GURL(), DEFAULT_PRIORITY,
+                                           BoundNetLog(), CompletionCallback());
+  ASSERT_EQ(OK, result);
+  base::WeakPtr<SpdyStream> stream = stream_request.ReleaseStream();
+  ActivatePushStream(spdy_session.get(), stream.get());
+
+  EXPECT_FALSE(stream->HasUrlFromHeaders());
 
   // Set required request headers.
   SpdyHeaderBlock request_headers;
   spdy_util_.AddUrlToHeaderBlock(kStreamUrl, &request_headers);
-  stream.OnPushPromiseHeadersReceived(request_headers);
+  stream->OnPushPromiseHeadersReceived(request_headers);
 
+  base::Time response_time = base::Time::Now();
+  base::TimeTicks first_byte_time = base::TimeTicks::Now();
   // Send some basic response headers.
   SpdyHeaderBlock response;
   response[spdy_util_.GetStatusKey()] = "200";
   response[spdy_util_.GetVersionKey()] = "OK";
-  stream.OnInitialResponseHeadersReceived(
-      response, base::Time::Now(), base::TimeTicks::Now());
+  stream->OnInitialResponseHeadersReceived(response, response_time,
+                                           first_byte_time);
 
   // And some more headers.
   // TODO(baranovich): not valid for HTTP 2.
   SpdyHeaderBlock headers;
   headers["alpha"] = "beta";
-  stream.OnAdditionalResponseHeadersReceived(headers);
+  stream->OnAdditionalResponseHeadersReceived(headers);
+
+  EXPECT_TRUE(stream->HasUrlFromHeaders());
+  EXPECT_EQ(kStreamUrl, stream->GetUrlFromHeaders().spec());
+
+  StreamDelegateDoNothing delegate(stream->GetWeakPtr());
+  stream->SetDelegate(&delegate);
 
-  EXPECT_TRUE(stream.HasUrlFromHeaders());
-  EXPECT_EQ(kStreamUrl, stream.GetUrlFromHeaders().spec());
+  LoadTimingInfo load_timing_info;
+  EXPECT_TRUE(stream->GetLoadTimingInfo(&load_timing_info));
+  EXPECT_EQ(first_byte_time, load_timing_info.push_start);
+  EXPECT_TRUE(load_timing_info.push_end.is_null());
 
-  StreamDelegateDoNothing delegate(stream.GetWeakPtr());
-  stream.SetDelegate(&delegate);
+  stream->OnDataReceived(nullptr);
+  LoadTimingInfo load_timing_info2;
+  EXPECT_TRUE(stream->GetLoadTimingInfo(&load_timing_info2));
+  EXPECT_FALSE(load_timing_info2.push_end.is_null());
 
   base::RunLoop().RunUntilIdle();
 
@@ -346,19 +369,19 @@ TEST_P(SpdyStreamTest, PushedStream) {
 TEST_P(SpdyStreamTest, StreamError) {
   GURL url(kStreamUrl);
 
-  scoped_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
+  std::unique_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
       kStreamUrl, 1, kPostBodyLength, LOWEST, NULL, 0));
   AddWrite(*req);
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
   AddRead(*resp);
 
-  scoped_ptr<SpdySerializedFrame> msg(
+  std::unique_ptr<SpdySerializedFrame> msg(
       spdy_util_.ConstructSpdyBodyFrame(1, kPostBody, kPostBodyLength, false));
   AddWrite(*msg);
 
-  scoped_ptr<SpdySerializedFrame> echo(
+  std::unique_ptr<SpdySerializedFrame> echo(
       spdy_util_.ConstructSpdyBodyFrame(1, kPostBody, kPostBodyLength, false));
   AddRead(*echo);
 
@@ -385,7 +408,7 @@ TEST_P(SpdyStreamTest, StreamError) {
 
   EXPECT_FALSE(stream->HasUrlFromHeaders());
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructPostHeaderBlock(kStreamUrl, kPostBodyLength));
   EXPECT_EQ(ERR_IO_PENDING,
             stream->SendRequestHeaders(std::move(headers), MORE_DATA_TO_SEND));
@@ -422,21 +445,22 @@ TEST_P(SpdyStreamTest, StreamError) {
 TEST_P(SpdyStreamTest, SendLargeDataAfterOpenRequestResponse) {
   GURL url(kStreamUrl);
 
-  scoped_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
+  std::unique_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
       kStreamUrl, 1, kPostBodyLength, LOWEST, NULL, 0));
   AddWrite(*req);
 
   std::string chunk_data(kMaxSpdyFrameChunkSize, 'x');
-  scoped_ptr<SpdySerializedFrame> chunk(spdy_util_.ConstructSpdyBodyFrame(
+  std::unique_ptr<SpdySerializedFrame> chunk(spdy_util_.ConstructSpdyBodyFrame(
       1, chunk_data.data(), chunk_data.length(), false));
   AddWrite(*chunk);
   AddWrite(*chunk);
 
-  scoped_ptr<SpdySerializedFrame> last_chunk(spdy_util_.ConstructSpdyBodyFrame(
-      1, chunk_data.data(), chunk_data.length(), true));
+  std::unique_ptr<SpdySerializedFrame> last_chunk(
+      spdy_util_.ConstructSpdyBodyFrame(1, chunk_data.data(),
+                                        chunk_data.length(), true));
   AddWrite(*last_chunk);
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyPostSynReply(NULL, 0));
   AddRead(*resp);
 
@@ -462,7 +486,7 @@ TEST_P(SpdyStreamTest, SendLargeDataAfterOpenRequestResponse) {
 
   EXPECT_FALSE(stream->HasUrlFromHeaders());
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructPostHeaderBlock(kStreamUrl, kPostBodyLength));
   EXPECT_EQ(ERR_IO_PENDING,
             stream->SendRequestHeaders(std::move(headers), MORE_DATA_TO_SEND));
@@ -483,16 +507,16 @@ TEST_P(SpdyStreamTest, SendLargeDataAfterOpenRequestResponse) {
 TEST_P(SpdyStreamTest, SendLargeDataAfterOpenBidirectional) {
   GURL url(kStreamUrl);
 
-  scoped_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
+  std::unique_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
       kStreamUrl, 1, kPostBodyLength, LOWEST, NULL, 0));
   AddWrite(*req);
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyPostSynReply(NULL, 0));
   AddRead(*resp);
 
   std::string chunk_data(kMaxSpdyFrameChunkSize, 'x');
-  scoped_ptr<SpdySerializedFrame> chunk(spdy_util_.ConstructSpdyBodyFrame(
+  std::unique_ptr<SpdySerializedFrame> chunk(spdy_util_.ConstructSpdyBodyFrame(
       1, chunk_data.data(), chunk_data.length(), false));
   AddWrite(*chunk);
   AddWrite(*chunk);
@@ -520,7 +544,7 @@ TEST_P(SpdyStreamTest, SendLargeDataAfterOpenBidirectional) {
 
   EXPECT_FALSE(stream->HasUrlFromHeaders());
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructPostHeaderBlock(kStreamUrl, kPostBodyLength));
   EXPECT_EQ(ERR_IO_PENDING,
             stream->SendRequestHeaders(std::move(headers), MORE_DATA_TO_SEND));
@@ -540,16 +564,16 @@ TEST_P(SpdyStreamTest, SendLargeDataAfterOpenBidirectional) {
 TEST_P(SpdyStreamTest, UpperCaseHeaders) {
   GURL url(kStreamUrl);
 
-  scoped_ptr<SpdySerializedFrame> syn(
+  std::unique_ptr<SpdySerializedFrame> syn(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
   AddWrite(*syn);
 
   const char* const kExtraHeaders[] = {"X-UpperCase", "yes"};
-  scoped_ptr<SpdySerializedFrame> reply(
+  std::unique_ptr<SpdySerializedFrame> reply(
       spdy_util_.ConstructSpdyGetSynReply(kExtraHeaders, 1, 1));
   AddRead(*reply);
 
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(1, RST_STREAM_PROTOCOL_ERROR));
   AddWrite(*rst);
 
@@ -574,7 +598,7 @@ TEST_P(SpdyStreamTest, UpperCaseHeaders) {
 
   EXPECT_FALSE(stream->HasUrlFromHeaders());
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructGetHeaderBlock(kStreamUrl));
   EXPECT_EQ(ERR_IO_PENDING, stream->SendRequestHeaders(std::move(headers),
                                                        NO_MORE_DATA_TO_SEND));
@@ -589,20 +613,20 @@ TEST_P(SpdyStreamTest, UpperCaseHeaders) {
 TEST_P(SpdyStreamTest, UpperCaseHeadersOnPush) {
   GURL url(kStreamUrl);
 
-  scoped_ptr<SpdySerializedFrame> syn(
+  std::unique_ptr<SpdySerializedFrame> syn(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
   AddWrite(*syn);
 
-  scoped_ptr<SpdySerializedFrame> reply(
+  std::unique_ptr<SpdySerializedFrame> reply(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
   AddRead(*reply);
 
   const char* const extra_headers[] = {"X-UpperCase", "yes"};
-  scoped_ptr<SpdySerializedFrame> push(
+  std::unique_ptr<SpdySerializedFrame> push(
       spdy_util_.ConstructSpdyPush(extra_headers, 1, 2, 1, kStreamUrl));
   AddRead(*push);
 
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(2, RST_STREAM_PROTOCOL_ERROR));
   AddWrite(*rst);
 
@@ -629,7 +653,7 @@ TEST_P(SpdyStreamTest, UpperCaseHeadersOnPush) {
 
   EXPECT_FALSE(stream->HasUrlFromHeaders());
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructGetHeaderBlock(kStreamUrl));
   EXPECT_EQ(ERR_IO_PENDING, stream->SendRequestHeaders(std::move(headers),
                                                        NO_MORE_DATA_TO_SEND));
@@ -652,15 +676,15 @@ TEST_P(SpdyStreamTest, UpperCaseHeadersOnPush) {
 TEST_P(SpdyStreamTest, UpperCaseHeadersInHeadersFrame) {
   GURL url(kStreamUrl);
 
-  scoped_ptr<SpdySerializedFrame> syn(
+  std::unique_ptr<SpdySerializedFrame> syn(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
   AddWrite(*syn);
 
-  scoped_ptr<SpdySerializedFrame> reply(
+  std::unique_ptr<SpdySerializedFrame> reply(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
   AddRead(*reply);
 
-  scoped_ptr<SpdySerializedFrame> push(
+  std::unique_ptr<SpdySerializedFrame> push(
       spdy_util_.ConstructSpdyPush(NULL, 0, 2, 1, kStreamUrl));
   AddRead(*push);
 
@@ -668,13 +692,13 @@ TEST_P(SpdyStreamTest, UpperCaseHeadersInHeadersFrame) {
 
   SpdyHeaderBlock late_headers;
   late_headers["X-UpperCase"] = "yes";
-  scoped_ptr<SpdySerializedFrame> headers_frame(
+  std::unique_ptr<SpdySerializedFrame> headers_frame(
       spdy_util_.ConstructSpdyReply(2, late_headers));
   AddRead(*headers_frame);
 
   AddWritePause();
 
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(2, RST_STREAM_PROTOCOL_ERROR));
   AddWrite(*rst);
 
@@ -699,7 +723,7 @@ TEST_P(SpdyStreamTest, UpperCaseHeadersInHeadersFrame) {
 
   EXPECT_FALSE(stream->HasUrlFromHeaders());
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructGetHeaderBlock(kStreamUrl));
   EXPECT_EQ(ERR_IO_PENDING, stream->SendRequestHeaders(std::move(headers),
                                                        NO_MORE_DATA_TO_SEND));
@@ -728,15 +752,15 @@ TEST_P(SpdyStreamTest, UpperCaseHeadersInHeadersFrame) {
 TEST_P(SpdyStreamTest, DuplicateHeaders) {
   GURL url(kStreamUrl);
 
-  scoped_ptr<SpdySerializedFrame> syn(
+  std::unique_ptr<SpdySerializedFrame> syn(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
   AddWrite(*syn);
 
-  scoped_ptr<SpdySerializedFrame> reply(
+  std::unique_ptr<SpdySerializedFrame> reply(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
   AddRead(*reply);
 
-  scoped_ptr<SpdySerializedFrame> push(
+  std::unique_ptr<SpdySerializedFrame> push(
       spdy_util_.ConstructSpdyPush(NULL, 0, 2, 1, kStreamUrl));
   AddRead(*push);
 
@@ -744,13 +768,13 @@ TEST_P(SpdyStreamTest, DuplicateHeaders) {
 
   SpdyHeaderBlock late_headers;
   late_headers[spdy_util_.GetStatusKey()] = "500 Server Error";
-  scoped_ptr<SpdySerializedFrame> headers_frame(
+  std::unique_ptr<SpdySerializedFrame> headers_frame(
       spdy_util_.ConstructSpdyReply(2, late_headers));
   AddRead(*headers_frame);
 
   AddReadPause();
 
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(2, RST_STREAM_PROTOCOL_ERROR));
   AddWrite(*rst);
 
@@ -775,7 +799,7 @@ TEST_P(SpdyStreamTest, DuplicateHeaders) {
 
   EXPECT_FALSE(stream->HasUrlFromHeaders());
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructGetHeaderBlock(kStreamUrl));
   EXPECT_EQ(ERR_IO_PENDING, stream->SendRequestHeaders(std::move(headers),
                                                        NO_MORE_DATA_TO_SEND));
@@ -803,7 +827,7 @@ TEST_P(SpdyStreamTest, DuplicateHeaders) {
 // to overflow an int32_t. The SpdyStream should handle that case
 // gracefully.
 TEST_P(SpdyStreamTest, IncreaseSendWindowSizeOverflow) {
-  scoped_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
+  std::unique_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
       kStreamUrl, 1, kPostBodyLength, LOWEST, NULL, 0));
   AddWrite(*req);
 
@@ -811,7 +835,7 @@ TEST_P(SpdyStreamTest, IncreaseSendWindowSizeOverflow) {
 
   // Triggered by the overflowing call to IncreaseSendWindowSize
   // below.
-  scoped_ptr<SpdySerializedFrame> rst(
+  std::unique_ptr<SpdySerializedFrame> rst(
       spdy_util_.ConstructSpdyRstStream(1, RST_STREAM_FLOW_CONTROL_ERROR));
   AddWrite(*rst);
 
@@ -836,7 +860,7 @@ TEST_P(SpdyStreamTest, IncreaseSendWindowSizeOverflow) {
   StreamDelegateSendImmediate delegate(stream, kPostBodyStringPiece);
   stream->SetDelegate(&delegate);
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructPostHeaderBlock(kStreamUrl, kPostBodyLength));
   EXPECT_EQ(ERR_IO_PENDING,
             stream->SendRequestHeaders(std::move(headers), MORE_DATA_TO_SEND));
@@ -895,15 +919,15 @@ void SpdyStreamTest::RunResumeAfterUnstallRequestResponseTest(
     const UnstallFunction& unstall_function) {
   GURL url(kStreamUrl);
 
-  scoped_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
+  std::unique_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
       kStreamUrl, 1, kPostBodyLength, LOWEST, NULL, 0));
   AddWrite(*req);
 
-  scoped_ptr<SpdySerializedFrame> body(
+  std::unique_ptr<SpdySerializedFrame> body(
       spdy_util_.ConstructSpdyBodyFrame(1, kPostBody, kPostBodyLength, true));
   AddWrite(*body);
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
   AddRead(*resp);
 
@@ -929,7 +953,7 @@ void SpdyStreamTest::RunResumeAfterUnstallRequestResponseTest(
   EXPECT_FALSE(stream->HasUrlFromHeaders());
   EXPECT_FALSE(stream->send_stalled_by_flow_control());
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructPostHeaderBlock(kStreamUrl, kPostBodyLength));
   EXPECT_EQ(ERR_IO_PENDING,
             stream->SendRequestHeaders(std::move(headers), MORE_DATA_TO_SEND));
@@ -971,21 +995,21 @@ void SpdyStreamTest::RunResumeAfterUnstallBidirectionalTest(
     const UnstallFunction& unstall_function) {
   GURL url(kStreamUrl);
 
-  scoped_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
+  std::unique_ptr<SpdySerializedFrame> req(spdy_util_.ConstructSpdyPost(
       kStreamUrl, 1, kPostBodyLength, LOWEST, NULL, 0));
   AddWrite(*req);
 
   AddReadPause();
 
-  scoped_ptr<SpdySerializedFrame> resp(
+  std::unique_ptr<SpdySerializedFrame> resp(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
   AddRead(*resp);
 
-  scoped_ptr<SpdySerializedFrame> msg(
+  std::unique_ptr<SpdySerializedFrame> msg(
       spdy_util_.ConstructSpdyBodyFrame(1, kPostBody, kPostBodyLength, false));
   AddWrite(*msg);
 
-  scoped_ptr<SpdySerializedFrame> echo(
+  std::unique_ptr<SpdySerializedFrame> echo(
       spdy_util_.ConstructSpdyBodyFrame(1, kPostBody, kPostBodyLength, false));
   AddRead(*echo);
 
@@ -1010,7 +1034,7 @@ void SpdyStreamTest::RunResumeAfterUnstallBidirectionalTest(
 
   EXPECT_FALSE(stream->HasUrlFromHeaders());
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructPostHeaderBlock(kStreamUrl, kPostBodyLength));
   EXPECT_EQ(ERR_IO_PENDING,
             stream->SendRequestHeaders(std::move(headers), MORE_DATA_TO_SEND));
@@ -1055,19 +1079,19 @@ TEST_P(SpdyStreamTest, ResumeAfterSendWindowSizeAdjustBidirectional) {
 TEST_P(SpdyStreamTest, ReceivedBytes) {
   GURL url(kStreamUrl);
 
-  scoped_ptr<SpdySerializedFrame> syn(
+  std::unique_ptr<SpdySerializedFrame> syn(
       spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true));
   AddWrite(*syn);
 
   AddReadPause();
 
-  scoped_ptr<SpdySerializedFrame> reply(
+  std::unique_ptr<SpdySerializedFrame> reply(
       spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
   AddRead(*reply);
 
   AddReadPause();
 
-  scoped_ptr<SpdySerializedFrame> msg(
+  std::unique_ptr<SpdySerializedFrame> msg(
       spdy_util_.ConstructSpdyBodyFrame(1, kPostBody, kPostBodyLength, false));
   AddRead(*msg);
 
@@ -1094,7 +1118,7 @@ TEST_P(SpdyStreamTest, ReceivedBytes) {
 
   EXPECT_FALSE(stream->HasUrlFromHeaders());
 
-  scoped_ptr<SpdyHeaderBlock> headers(
+  std::unique_ptr<SpdyHeaderBlock> headers(
       spdy_util_.ConstructGetHeaderBlock(kStreamUrl));
   EXPECT_EQ(ERR_IO_PENDING, stream->SendRequestHeaders(std::move(headers),
                                                        NO_MORE_DATA_TO_SEND));
diff --git a/chromium/net/spdy/spdy_test_util_common.cc b/chromium/net/spdy/spdy_test_util_common.cc
index 53e73345364..048bf721767 100644
--- a/chromium/net/spdy/spdy_test_util_common.cc
+++ b/chromium/net/spdy/spdy_test_util_common.cc
@@ -5,12 +5,14 @@
 #include "net/spdy/spdy_test_util_common.h"
 
 #include <stdint.h>
+
 #include <cstddef>
+#include <memory>
 #include <utility>
 
 #include "base/compiler_specific.h"
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
+#include "base/memory/ptr_util.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_split.h"
 #include "net/base/host_port_pair.h"
@@ -211,8 +213,8 @@ class PriorityGetter : public BufferedSpdyFramerVisitorInterface {
                          bool fin) override {}
   void OnStreamFrameData(SpdyStreamId stream_id,
                          const char* data,
-                         size_t len,
-                         bool fin) override {}
+                         size_t len) override {}
+  void OnStreamEnd(SpdyStreamId stream_id) override {}
   void OnStreamPadding(SpdyStreamId stream_id, size_t len) override {}
   SpdyHeadersHandlerInterface* OnHeaderFrameStart(
       SpdyStreamId stream_id) override {
@@ -226,7 +228,7 @@ class PriorityGetter : public BufferedSpdyFramerVisitorInterface {
                    SpdyRstStreamStatus status) override {}
   void OnGoAway(SpdyStreamId last_accepted_stream_id,
                 SpdyGoAwayStatus status,
-                StringPiece debug_data) override {}
+                base::StringPiece debug_data) override {}
   void OnWindowUpdate(SpdyStreamId stream_id, int delta_window_size) override {}
   void OnPushPromise(SpdyStreamId stream_id,
                      SpdyStreamId promised_stream_id,
@@ -346,14 +348,15 @@ SpdySessionDependencies::SpdySessionDependencies(NextProto protocol)
       enable_priority_dependencies(true),
       enable_spdy31(true),
       enable_quic(false),
+      enable_alternative_service_for_insecure_origins(true),
       protocol(protocol),
       session_max_recv_window_size(
           SpdySession::GetDefaultInitialWindowSize(protocol)),
       stream_max_recv_window_size(
           SpdySession::GetDefaultInitialWindowSize(protocol)),
       time_func(&base::TimeTicks::Now),
-      parse_alternative_services(false),
-      enable_alternative_service_with_different_host(false),
+      parse_alternative_services(true),
+      enable_alternative_service_with_different_host(true),
       net_log(NULL) {
   DCHECK(next_proto_is_spdy(protocol)) << "Invalid protocol: " << protocol;
 
@@ -368,7 +371,7 @@ SpdySessionDependencies::SpdySessionDependencies(NextProto protocol)
 
 SpdySessionDependencies::SpdySessionDependencies(
     NextProto protocol,
-    scoped_ptr<ProxyService> proxy_service)
+    std::unique_ptr<ProxyService> proxy_service)
     : host_resolver(new MockHostResolver),
       cert_verifier(new MockCertVerifier),
       channel_id_service(nullptr),
@@ -385,14 +388,15 @@ SpdySessionDependencies::SpdySessionDependencies(
       enable_priority_dependencies(true),
       enable_spdy31(true),
       enable_quic(false),
+      enable_alternative_service_for_insecure_origins(true),
       protocol(protocol),
       session_max_recv_window_size(
           SpdySession::GetDefaultInitialWindowSize(protocol)),
       stream_max_recv_window_size(
           SpdySession::GetDefaultInitialWindowSize(protocol)),
       time_func(&base::TimeTicks::Now),
-      parse_alternative_services(false),
-      enable_alternative_service_with_different_host(false),
+      parse_alternative_services(true),
+      enable_alternative_service_with_different_host(true),
       net_log(NULL) {
   DCHECK(next_proto_is_spdy(protocol)) << "Invalid protocol: " << protocol;
 }
@@ -400,11 +404,12 @@ SpdySessionDependencies::SpdySessionDependencies(
 SpdySessionDependencies::~SpdySessionDependencies() {}
 
 // static
-scoped_ptr<HttpNetworkSession> SpdySessionDependencies::SpdyCreateSession(
+std::unique_ptr<HttpNetworkSession> SpdySessionDependencies::SpdyCreateSession(
     SpdySessionDependencies* session_deps) {
   HttpNetworkSession::Params params = CreateSessionParams(session_deps);
   params.client_socket_factory = session_deps->socket_factory.get();
-  scoped_ptr<HttpNetworkSession> http_session(new HttpNetworkSession(params));
+  std::unique_ptr<HttpNetworkSession> http_session(
+      new HttpNetworkSession(params));
   SpdySessionPoolPeer pool_peer(http_session->spdy_session_pool());
   pool_peer.SetEnableSendingInitialData(false);
   return http_session;
@@ -436,6 +441,8 @@ HttpNetworkSession::Params SpdySessionDependencies::CreateSessionParams(
       session_deps->enable_priority_dependencies;
   params.enable_spdy31 = session_deps->enable_spdy31;
   params.enable_quic = session_deps->enable_quic;
+  params.enable_alternative_service_for_insecure_origins =
+      session_deps->enable_alternative_service_for_insecure_origins;
   params.spdy_default_protocol = session_deps->protocol;
   params.spdy_session_max_recv_window_size =
       session_deps->session_max_recv_window_size;
@@ -454,17 +461,18 @@ SpdyURLRequestContext::SpdyURLRequestContext(NextProto protocol)
     : storage_(this) {
   DCHECK(next_proto_is_spdy(protocol)) << "Invalid protocol: " << protocol;
 
-  storage_.set_host_resolver(scoped_ptr<HostResolver>(new MockHostResolver));
-  storage_.set_cert_verifier(make_scoped_ptr(new MockCertVerifier));
+  storage_.set_host_resolver(
+      std::unique_ptr<HostResolver>(new MockHostResolver));
+  storage_.set_cert_verifier(base::WrapUnique(new MockCertVerifier));
   storage_.set_transport_security_state(
-      make_scoped_ptr(new TransportSecurityState));
+      base::WrapUnique(new TransportSecurityState));
   storage_.set_proxy_service(ProxyService::CreateDirect());
   storage_.set_ssl_config_service(new SSLConfigServiceDefaults);
   storage_.set_http_auth_handler_factory(
       HttpAuthHandlerFactory::CreateDefault(host_resolver()));
   storage_.set_http_server_properties(
-      scoped_ptr<HttpServerProperties>(new HttpServerPropertiesImpl()));
-  storage_.set_job_factory(make_scoped_ptr(new URLRequestJobFactoryImpl()));
+      std::unique_ptr<HttpServerProperties>(new HttpServerPropertiesImpl()));
+  storage_.set_job_factory(base::WrapUnique(new URLRequestJobFactoryImpl()));
   HttpNetworkSession::Params params;
   params.client_socket_factory = &socket_factory_;
   params.host_resolver = host_resolver();
@@ -477,11 +485,11 @@ SpdyURLRequestContext::SpdyURLRequestContext(NextProto protocol)
   params.spdy_default_protocol = protocol;
   params.http_server_properties = http_server_properties();
   storage_.set_http_network_session(
-      make_scoped_ptr(new HttpNetworkSession(params)));
+      base::WrapUnique(new HttpNetworkSession(params)));
   SpdySessionPoolPeer pool_peer(
       storage_.http_network_session()->spdy_session_pool());
   pool_peer.SetEnableSendingInitialData(false);
-  storage_.set_http_transaction_factory(make_scoped_ptr(
+  storage_.set_http_transaction_factory(base::WrapUnique(
       new HttpCache(storage_.http_network_session(),
                     HttpCache::DefaultBackend::InMemory(0), false)));
 }
@@ -509,7 +517,7 @@ base::WeakPtr<SpdySession> CreateSpdySessionHelper(
           key.host_port_pair(), false, OnHostResolutionCallback(),
           TransportSocketParams::COMBINE_CONNECT_AND_WRITE_DEFAULT));
 
-  scoped_ptr<ClientSocketHandle> connection(new ClientSocketHandle);
+  std::unique_ptr<ClientSocketHandle> connection(new ClientSocketHandle);
   TestCompletionCallback callback;
 
   int rv = ERR_UNEXPECTED;
@@ -642,9 +650,10 @@ base::WeakPtr<SpdySession> CreateFakeSpdySessionHelper(
     Error expected_status) {
   EXPECT_NE(expected_status, ERR_IO_PENDING);
   EXPECT_FALSE(HasSpdySession(pool, key));
-  scoped_ptr<ClientSocketHandle> handle(new ClientSocketHandle());
-  handle->SetSocket(scoped_ptr<StreamSocket>(new FakeSpdySessionClientSocket(
-      expected_status == OK ? ERR_IO_PENDING : expected_status)));
+  std::unique_ptr<ClientSocketHandle> handle(new ClientSocketHandle());
+  handle->SetSocket(
+      std::unique_ptr<StreamSocket>(new FakeSpdySessionClientSocket(
+          expected_status == OK ? ERR_IO_PENDING : expected_status)));
   base::WeakPtr<SpdySession> spdy_session =
       pool->CreateAvailableSessionFromSocket(
           key, std::move(handle), BoundNetLog(), OK, true /* is_secure */);
@@ -714,30 +723,30 @@ void SpdyTestUtil::AddUrlToHeaderBlock(base::StringPiece url,
   (*headers)[GetPathKey()] = path;
 }
 
-scoped_ptr<SpdyHeaderBlock> SpdyTestUtil::ConstructGetHeaderBlock(
+std::unique_ptr<SpdyHeaderBlock> SpdyTestUtil::ConstructGetHeaderBlock(
     base::StringPiece url) const {
   return ConstructHeaderBlock("GET", url, NULL);
 }
 
-scoped_ptr<SpdyHeaderBlock> SpdyTestUtil::ConstructGetHeaderBlockForProxy(
+std::unique_ptr<SpdyHeaderBlock> SpdyTestUtil::ConstructGetHeaderBlockForProxy(
     base::StringPiece url) const {
-  scoped_ptr<SpdyHeaderBlock> headers(ConstructGetHeaderBlock(url));
+  std::unique_ptr<SpdyHeaderBlock> headers(ConstructGetHeaderBlock(url));
   return headers;
 }
 
-scoped_ptr<SpdyHeaderBlock> SpdyTestUtil::ConstructHeadHeaderBlock(
+std::unique_ptr<SpdyHeaderBlock> SpdyTestUtil::ConstructHeadHeaderBlock(
     base::StringPiece url,
     int64_t content_length) const {
   return ConstructHeaderBlock("HEAD", url, nullptr);
 }
 
-scoped_ptr<SpdyHeaderBlock> SpdyTestUtil::ConstructPostHeaderBlock(
+std::unique_ptr<SpdyHeaderBlock> SpdyTestUtil::ConstructPostHeaderBlock(
     base::StringPiece url,
     int64_t content_length) const {
   return ConstructHeaderBlock("POST", url, &content_length);
 }
 
-scoped_ptr<SpdyHeaderBlock> SpdyTestUtil::ConstructPutHeaderBlock(
+std::unique_ptr<SpdyHeaderBlock> SpdyTestUtil::ConstructPutHeaderBlock(
     base::StringPiece url,
     int64_t content_length) const {
   return ConstructHeaderBlock("PUT", url, &content_length);
@@ -745,7 +754,7 @@ scoped_ptr<SpdyHeaderBlock> SpdyTestUtil::ConstructPutHeaderBlock(
 
 SpdySerializedFrame* SpdyTestUtil::ConstructSpdyFrame(
     const SpdyHeaderInfo& header_info,
-    scoped_ptr<SpdyHeaderBlock> headers) const {
+    std::unique_ptr<SpdyHeaderBlock> headers) const {
   BufferedSpdyFramer framer(spdy_version_);
   SpdySerializedFrame* frame = NULL;
   switch (header_info.kind) {
@@ -787,7 +796,7 @@ SpdySerializedFrame* SpdyTestUtil::ConstructSpdyFrame(
     int extra_header_count,
     const char* const tail_headers[],
     int tail_header_count) const {
-  scoped_ptr<SpdyHeaderBlock> headers(new SpdyHeaderBlock());
+  std::unique_ptr<SpdyHeaderBlock> headers(new SpdyHeaderBlock());
   AppendToHeaderBlock(extra_headers, extra_header_count, headers.get());
   if (tail_headers && tail_header_count)
     AppendToHeaderBlock(tail_headers, tail_header_count, headers.get());
@@ -892,7 +901,7 @@ SpdySerializedFrame* SpdyTestUtil::ConstructSpdyGet(
     const char* const url,
     SpdyStreamId stream_id,
     RequestPriority request_priority) {
-  scoped_ptr<SpdyHeaderBlock> block(ConstructGetHeaderBlock(url));
+  std::unique_ptr<SpdyHeaderBlock> block(ConstructGetHeaderBlock(url));
   return ConstructSpdySyn(stream_id, *block, request_priority, true);
 }
 
@@ -963,7 +972,7 @@ SpdySerializedFrame* SpdyTestUtil::ConstructSpdyPush(
         response_spdy_framer_.SerializeFrame(headers));
 
     int joint_data_size = push_promise_frame.size() + headers_frame.size();
-    scoped_ptr<char[]> data(new char[joint_data_size]);
+    std::unique_ptr<char[]> data(new char[joint_data_size]);
     const SpdySerializedFrame* frames[2] = {
         &push_promise_frame, &headers_frame,
     };
@@ -1010,7 +1019,7 @@ SpdySerializedFrame* SpdyTestUtil::ConstructSpdyPush(
         response_spdy_framer_.SerializeFrame(headers));
 
     int joint_data_size = push_promise_frame.size() + headers_frame.size();
-    scoped_ptr<char[]> data(new char[joint_data_size]);
+    std::unique_ptr<char[]> data(new char[joint_data_size]);
     const SpdySerializedFrame* frames[2] = {
         &push_promise_frame, &headers_frame,
     };
@@ -1022,7 +1031,7 @@ SpdySerializedFrame* SpdyTestUtil::ConstructSpdyPush(
 }
 
 SpdySerializedFrame* SpdyTestUtil::ConstructInitialSpdyPushFrame(
-    scoped_ptr<SpdyHeaderBlock> headers,
+    std::unique_ptr<SpdyHeaderBlock> headers,
     int stream_id,
     int associated_stream_id) {
   if (spdy_version() < HTTP2) {
@@ -1172,7 +1181,7 @@ SpdySerializedFrame* SpdyTestUtil::ConstructSpdyPost(
     RequestPriority priority,
     const char* const extra_headers[],
     int extra_header_count) {
-  scoped_ptr<SpdyHeaderBlock> block(
+  std::unique_ptr<SpdyHeaderBlock> block(
       ConstructPostHeaderBlock(url, content_length));
   AppendToHeaderBlock(extra_headers, extra_header_count, block.get());
   return ConstructSpdySyn(stream_id, *block, priority, false);
@@ -1228,7 +1237,7 @@ SpdySerializedFrame* SpdyTestUtil::ConstructSpdyBodyFrame(int stream_id,
 }
 
 SpdySerializedFrame* SpdyTestUtil::ConstructWrappedSpdyFrame(
-    const scoped_ptr<SpdySerializedFrame>& frame,
+    const std::unique_ptr<SpdySerializedFrame>& frame,
     int stream_id) {
   return ConstructSpdyBodyFrame(stream_id, frame->data(),
                                 frame->size(), false);
@@ -1275,13 +1284,13 @@ const char* SpdyTestUtil::GetPathKey() const {
   return ":path";
 }
 
-scoped_ptr<SpdyHeaderBlock> SpdyTestUtil::ConstructHeaderBlock(
+std::unique_ptr<SpdyHeaderBlock> SpdyTestUtil::ConstructHeaderBlock(
     base::StringPiece method,
     base::StringPiece url,
     int64_t* content_length) const {
   std::string scheme, host, path;
   ParseUrl(url.data(), &scheme, &host, &path);
-  scoped_ptr<SpdyHeaderBlock> headers(new SpdyHeaderBlock());
+  std::unique_ptr<SpdyHeaderBlock> headers(new SpdyHeaderBlock());
   if (include_version_header()) {
     (*headers)[GetVersionKey()] = "HTTP/1.1";
   }
diff --git a/chromium/net/spdy/spdy_test_util_common.h b/chromium/net/spdy/spdy_test_util_common.h
index c25fa968878..43bf93e61ca 100644
--- a/chromium/net/spdy/spdy_test_util_common.h
+++ b/chromium/net/spdy/spdy_test_util_common.h
@@ -8,12 +8,12 @@
 #include <stddef.h>
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 #include <vector>
 
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "crypto/ec_private_key.h"
 #include "crypto/ec_signature_creator.h"
 #include "net/base/completion_callback.h"
@@ -175,24 +175,24 @@ struct SpdySessionDependencies {
 
   // Custom proxy service dependency.
   SpdySessionDependencies(NextProto protocol,
-                          scoped_ptr<ProxyService> proxy_service);
+                          std::unique_ptr<ProxyService> proxy_service);
 
   ~SpdySessionDependencies();
 
-  static scoped_ptr<HttpNetworkSession> SpdyCreateSession(
+  static std::unique_ptr<HttpNetworkSession> SpdyCreateSession(
       SpdySessionDependencies* session_deps);
   static HttpNetworkSession::Params CreateSessionParams(
       SpdySessionDependencies* session_deps);
 
   // NOTE: host_resolver must be ordered before http_auth_handler_factory.
-  scoped_ptr<MockHostResolverBase> host_resolver;
-  scoped_ptr<CertVerifier> cert_verifier;
-  scoped_ptr<ChannelIDService> channel_id_service;
-  scoped_ptr<TransportSecurityState> transport_security_state;
-  scoped_ptr<ProxyService> proxy_service;
+  std::unique_ptr<MockHostResolverBase> host_resolver;
+  std::unique_ptr<CertVerifier> cert_verifier;
+  std::unique_ptr<ChannelIDService> channel_id_service;
+  std::unique_ptr<TransportSecurityState> transport_security_state;
+  std::unique_ptr<ProxyService> proxy_service;
   scoped_refptr<SSLConfigService> ssl_config_service;
-  scoped_ptr<MockClientSocketFactory> socket_factory;
-  scoped_ptr<HttpAuthHandlerFactory> http_auth_handler_factory;
+  std::unique_ptr<MockClientSocketFactory> socket_factory;
+  std::unique_ptr<HttpAuthHandlerFactory> http_auth_handler_factory;
   HttpServerPropertiesImpl http_server_properties;
   bool enable_ip_pooling;
   bool enable_ping;
@@ -201,11 +201,12 @@ struct SpdySessionDependencies {
   bool enable_priority_dependencies;
   bool enable_spdy31;
   bool enable_quic;
+  bool enable_alternative_service_for_insecure_origins;
   NextProto protocol;
   size_t session_max_recv_window_size;
   size_t stream_max_recv_window_size;
   SpdySession::TimeFunc time_func;
-  scoped_ptr<ProxyDelegate> proxy_delegate;
+  std::unique_ptr<ProxyDelegate> proxy_delegate;
   bool parse_alternative_services;
   bool enable_alternative_service_with_different_host;
   NetLog* net_log;
@@ -291,17 +292,17 @@ class SpdyTestUtil {
   void AddUrlToHeaderBlock(base::StringPiece url,
                            SpdyHeaderBlock* headers) const;
 
-  scoped_ptr<SpdyHeaderBlock> ConstructGetHeaderBlock(
+  std::unique_ptr<SpdyHeaderBlock> ConstructGetHeaderBlock(
       base::StringPiece url) const;
-  scoped_ptr<SpdyHeaderBlock> ConstructGetHeaderBlockForProxy(
+  std::unique_ptr<SpdyHeaderBlock> ConstructGetHeaderBlockForProxy(
       base::StringPiece url) const;
-  scoped_ptr<SpdyHeaderBlock> ConstructHeadHeaderBlock(
+  std::unique_ptr<SpdyHeaderBlock> ConstructHeadHeaderBlock(
       base::StringPiece url,
       int64_t content_length) const;
-  scoped_ptr<SpdyHeaderBlock> ConstructPostHeaderBlock(
+  std::unique_ptr<SpdyHeaderBlock> ConstructPostHeaderBlock(
       base::StringPiece url,
       int64_t content_length) const;
-  scoped_ptr<SpdyHeaderBlock> ConstructPutHeaderBlock(
+  std::unique_ptr<SpdyHeaderBlock> ConstructPutHeaderBlock(
       base::StringPiece url,
       int64_t content_length) const;
 
@@ -310,7 +311,7 @@ class SpdyTestUtil {
   // frame.
   SpdySerializedFrame* ConstructSpdyFrame(
       const SpdyHeaderInfo& header_info,
-      scoped_ptr<SpdyHeaderBlock> headers) const;
+      std::unique_ptr<SpdyHeaderBlock> headers) const;
 
   // Construct a SPDY frame.  If it is a SYN_STREAM or SYN_REPLY frame (as
   // specified in header_info.kind), the headers provided in extra_headers and
@@ -407,7 +408,7 @@ class SpdyTestUtil {
                                          const char* location);
 
   SpdySerializedFrame* ConstructInitialSpdyPushFrame(
-      scoped_ptr<SpdyHeaderBlock> headers,
+      std::unique_ptr<SpdyHeaderBlock> headers,
       int stream_id,
       int associated_stream_id);
 
@@ -509,7 +510,7 @@ class SpdyTestUtil {
 
   // Wraps |frame| in the payload of a data frame in stream |stream_id|.
   SpdySerializedFrame* ConstructWrappedSpdyFrame(
-      const scoped_ptr<SpdySerializedFrame>& frame,
+      const std::unique_ptr<SpdySerializedFrame>& frame,
       int stream_id);
 
   // Called when necessary (when it will affect stream dependency specification
@@ -541,7 +542,7 @@ class SpdyTestUtil {
  private:
   // |content_length| may be NULL, in which case the content-length
   // header will be omitted.
-  scoped_ptr<SpdyHeaderBlock> ConstructHeaderBlock(
+  std::unique_ptr<SpdyHeaderBlock> ConstructHeaderBlock(
       base::StringPiece method,
       base::StringPiece url,
       int64_t* content_length) const;
diff --git a/chromium/net/spdy/spdy_test_utils.cc b/chromium/net/spdy/spdy_test_utils.cc
index acc61c17914..76ad5de4d54 100644
--- a/chromium/net/spdy/spdy_test_utils.cc
+++ b/chromium/net/spdy/spdy_test_utils.cc
@@ -5,11 +5,11 @@
 #include "net/spdy/spdy_test_utils.h"
 
 #include <cstring>
+#include <memory>
 #include <vector>
 
 #include "base/base64.h"
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/sys_byteorder.h"
 #include "net/http/transport_security_state.h"
@@ -68,7 +68,7 @@ void CompareCharArraysWithHexError(const string& description,
                                    const int expected_len) {
   const int min_len = std::min(actual_len, expected_len);
   const int max_len = std::max(actual_len, expected_len);
-  scoped_ptr<bool[]> marks(new bool[max_len]);
+  std::unique_ptr<bool[]> marks(new bool[max_len]);
   bool identical = (actual_len == expected_len);
   for (int i = 0; i < min_len; ++i) {
     if (actual[i] != expected[i]) {
diff --git a/chromium/net/spdy/spdy_test_utils.h b/chromium/net/spdy/spdy_test_utils.h
index 388cb2baee4..297fcd19e76 100644
--- a/chromium/net/spdy/spdy_test_utils.h
+++ b/chromium/net/spdy/spdy_test_utils.h
@@ -11,9 +11,13 @@
 #include <string>
 
 #include "base/strings/string_piece.h"
+#include "net/spdy/spdy_bug_tracker.h"
 #include "net/spdy/spdy_header_block.h"
 #include "net/spdy/spdy_headers_handler_interface.h"
 #include "net/spdy/spdy_protocol.h"
+#include "net/test/gtest_util.h"
+
+#define EXPECT_SPDY_BUG EXPECT_DFATAL
 
 namespace net {
 
diff --git a/chromium/net/spdy/spdy_write_queue.cc b/chromium/net/spdy/spdy_write_queue.cc
index a8e6553283a..b49573cdd6a 100644
--- a/chromium/net/spdy/spdy_write_queue.cc
+++ b/chromium/net/spdy/spdy_write_queue.cc
@@ -46,7 +46,7 @@ bool SpdyWriteQueue::IsEmpty() const {
 
 void SpdyWriteQueue::Enqueue(RequestPriority priority,
                              SpdyFrameType frame_type,
-                             scoped_ptr<SpdyBufferProducer> frame_producer,
+                             std::unique_ptr<SpdyBufferProducer> frame_producer,
                              const base::WeakPtr<SpdyStream>& stream) {
   CHECK(!removing_writes_);
   CHECK_GE(priority, MINIMUM_PRIORITY);
@@ -57,9 +57,10 @@ void SpdyWriteQueue::Enqueue(RequestPriority priority,
       PendingWrite(frame_type, frame_producer.release(), stream));
 }
 
-bool SpdyWriteQueue::Dequeue(SpdyFrameType* frame_type,
-                             scoped_ptr<SpdyBufferProducer>* frame_producer,
-                             base::WeakPtr<SpdyStream>* stream) {
+bool SpdyWriteQueue::Dequeue(
+    SpdyFrameType* frame_type,
+    std::unique_ptr<SpdyBufferProducer>* frame_producer,
+    base::WeakPtr<SpdyStream>* stream) {
   CHECK(!removing_writes_);
   for (int i = MAXIMUM_PRIORITY; i >= MINIMUM_PRIORITY; --i) {
     if (!queue_[i].empty()) {
diff --git a/chromium/net/spdy/spdy_write_queue.h b/chromium/net/spdy/spdy_write_queue.h
index 8383e7a3cea..ebc81579751 100644
--- a/chromium/net/spdy/spdy_write_queue.h
+++ b/chromium/net/spdy/spdy_write_queue.h
@@ -6,9 +6,9 @@
 #define NET_SPDY_SPDY_WRITE_QUEUE_H_
 
 #include <deque>
+#include <memory>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "net/base/net_export.h"
 #include "net/base/request_priority.h"
@@ -38,7 +38,7 @@ class NET_EXPORT_PRIVATE SpdyWriteQueue {
   // must remain non-NULL until the write is dequeued or removed.
   void Enqueue(RequestPriority priority,
                SpdyFrameType frame_type,
-               scoped_ptr<SpdyBufferProducer> frame_producer,
+               std::unique_ptr<SpdyBufferProducer> frame_producer,
                const base::WeakPtr<SpdyStream>& stream);
 
   // Dequeues the frame producer with the highest priority that was
@@ -46,7 +46,7 @@ class NET_EXPORT_PRIVATE SpdyWriteQueue {
   // fills in |frame_type|, |frame_producer|, and |stream| if
   // successful -- otherwise, just returns false.
   bool Dequeue(SpdyFrameType* frame_type,
-               scoped_ptr<SpdyBufferProducer>* frame_producer,
+               std::unique_ptr<SpdyBufferProducer>* frame_producer,
                base::WeakPtr<SpdyStream>* stream);
 
   // Removes all pending writes for the given stream, which must be
diff --git a/chromium/net/spdy/spdy_write_queue_unittest.cc b/chromium/net/spdy/spdy_write_queue_unittest.cc
index da9d98778f7..9ffacc840a9 100644
--- a/chromium/net/spdy/spdy_write_queue_unittest.cc
+++ b/chromium/net/spdy/spdy_write_queue_unittest.cc
@@ -6,11 +6,11 @@
 
 #include <cstddef>
 #include <cstring>
+#include <memory>
 #include <string>
 #include <utility>
 
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_number_conversions.h"
 #include "net/base/request_priority.h"
 #include "net/log/net_log.h"
@@ -32,17 +32,18 @@ class SpdyWriteQueueTest : public ::testing::Test {};
 
 // Makes a SpdyFrameProducer producing a frame with the data in the
 // given string.
-scoped_ptr<SpdyBufferProducer> StringToProducer(const std::string& s) {
-  scoped_ptr<char[]> data(new char[s.size()]);
+std::unique_ptr<SpdyBufferProducer> StringToProducer(const std::string& s) {
+  std::unique_ptr<char[]> data(new char[s.size()]);
   std::memcpy(data.get(), s.data(), s.size());
-  return scoped_ptr<SpdyBufferProducer>(new SimpleBufferProducer(
-      scoped_ptr<SpdyBuffer>(new SpdyBuffer(scoped_ptr<SpdySerializedFrame>(
-          new SpdySerializedFrame(data.release(), s.size(), true))))));
+  return std::unique_ptr<SpdyBufferProducer>(
+      new SimpleBufferProducer(std::unique_ptr<SpdyBuffer>(
+          new SpdyBuffer(std::unique_ptr<SpdySerializedFrame>(
+              new SpdySerializedFrame(data.release(), s.size(), true))))));
 }
 
 // Makes a SpdyBufferProducer producing a frame with the data in the
 // given int (converted to a string).
-scoped_ptr<SpdyBufferProducer> IntToProducer(int i) {
+std::unique_ptr<SpdyBufferProducer> IntToProducer(int i) {
   return StringToProducer(base::IntToString(i));
 }
 
@@ -56,13 +57,15 @@ class RequeingBufferProducer : public SpdyBufferProducer {
         base::Bind(RequeingBufferProducer::ConsumeCallback, queue));
   }
 
-  scoped_ptr<SpdyBuffer> ProduceBuffer() override { return std::move(buffer_); }
+  std::unique_ptr<SpdyBuffer> ProduceBuffer() override {
+    return std::move(buffer_);
+  }
 
   static void ConsumeCallback(SpdyWriteQueue* queue,
                               size_t size,
                               SpdyBuffer::ConsumeSource source) {
-    scoped_ptr<SpdyBufferProducer> producer(
-        new SimpleBufferProducer(scoped_ptr<SpdyBuffer>(
+    std::unique_ptr<SpdyBufferProducer> producer(
+        new SimpleBufferProducer(std::unique_ptr<SpdyBuffer>(
             new SpdyBuffer(kRequeued, arraysize(kRequeued)))));
 
     queue->Enqueue(MEDIUM, RST_STREAM, std::move(producer),
@@ -70,19 +73,19 @@ class RequeingBufferProducer : public SpdyBufferProducer {
   }
 
  private:
-  scoped_ptr<SpdyBuffer> buffer_;
+  std::unique_ptr<SpdyBuffer> buffer_;
 };
 
 // Produces a frame with the given producer and returns a copy of its
 // data as a string.
-std::string ProducerToString(scoped_ptr<SpdyBufferProducer> producer) {
-  scoped_ptr<SpdyBuffer> buffer = producer->ProduceBuffer();
+std::string ProducerToString(std::unique_ptr<SpdyBufferProducer> producer) {
+  std::unique_ptr<SpdyBuffer> buffer = producer->ProduceBuffer();
   return std::string(buffer->GetRemainingData(), buffer->GetRemainingSize());
 }
 
 // Produces a frame with the given producer and returns a copy of its
 // data as an int (converted from a string).
-int ProducerToInt(scoped_ptr<SpdyBufferProducer> producer) {
+int ProducerToInt(std::unique_ptr<SpdyBufferProducer> producer) {
   int i = 0;
   EXPECT_TRUE(base::StringToInt(ProducerToString(std::move(producer)), &i));
   return i;
@@ -102,12 +105,14 @@ SpdyStream* MakeTestStream(RequestPriority priority) {
 TEST_F(SpdyWriteQueueTest, DequeuesByPriority) {
   SpdyWriteQueue write_queue;
 
-  scoped_ptr<SpdyBufferProducer> producer_low = StringToProducer("LOW");
-  scoped_ptr<SpdyBufferProducer> producer_medium = StringToProducer("MEDIUM");
-  scoped_ptr<SpdyBufferProducer> producer_highest = StringToProducer("HIGHEST");
+  std::unique_ptr<SpdyBufferProducer> producer_low = StringToProducer("LOW");
+  std::unique_ptr<SpdyBufferProducer> producer_medium =
+      StringToProducer("MEDIUM");
+  std::unique_ptr<SpdyBufferProducer> producer_highest =
+      StringToProducer("HIGHEST");
 
-  scoped_ptr<SpdyStream> stream_medium(MakeTestStream(MEDIUM));
-  scoped_ptr<SpdyStream> stream_highest(MakeTestStream(HIGHEST));
+  std::unique_ptr<SpdyStream> stream_medium(MakeTestStream(MEDIUM));
+  std::unique_ptr<SpdyStream> stream_highest(MakeTestStream(HIGHEST));
 
   // A NULL stream should still work.
   write_queue.Enqueue(LOW, SYN_STREAM, std::move(producer_low),
@@ -118,7 +123,7 @@ TEST_F(SpdyWriteQueueTest, DequeuesByPriority) {
                       stream_highest->GetWeakPtr());
 
   SpdyFrameType frame_type = DATA;
-  scoped_ptr<SpdyBufferProducer> frame_producer;
+  std::unique_ptr<SpdyBufferProducer> frame_producer;
   base::WeakPtr<SpdyStream> stream;
   ASSERT_TRUE(write_queue.Dequeue(&frame_type, &frame_producer, &stream));
   EXPECT_EQ(RST_STREAM, frame_type);
@@ -143,13 +148,13 @@ TEST_F(SpdyWriteQueueTest, DequeuesByPriority) {
 TEST_F(SpdyWriteQueueTest, DequeuesFIFO) {
   SpdyWriteQueue write_queue;
 
-  scoped_ptr<SpdyBufferProducer> producer1 = IntToProducer(1);
-  scoped_ptr<SpdyBufferProducer> producer2 = IntToProducer(2);
-  scoped_ptr<SpdyBufferProducer> producer3 = IntToProducer(3);
+  std::unique_ptr<SpdyBufferProducer> producer1 = IntToProducer(1);
+  std::unique_ptr<SpdyBufferProducer> producer2 = IntToProducer(2);
+  std::unique_ptr<SpdyBufferProducer> producer3 = IntToProducer(3);
 
-  scoped_ptr<SpdyStream> stream1(MakeTestStream(DEFAULT_PRIORITY));
-  scoped_ptr<SpdyStream> stream2(MakeTestStream(DEFAULT_PRIORITY));
-  scoped_ptr<SpdyStream> stream3(MakeTestStream(DEFAULT_PRIORITY));
+  std::unique_ptr<SpdyStream> stream1(MakeTestStream(DEFAULT_PRIORITY));
+  std::unique_ptr<SpdyStream> stream2(MakeTestStream(DEFAULT_PRIORITY));
+  std::unique_ptr<SpdyStream> stream3(MakeTestStream(DEFAULT_PRIORITY));
 
   write_queue.Enqueue(DEFAULT_PRIORITY, SYN_STREAM, std::move(producer1),
                       stream1->GetWeakPtr());
@@ -159,7 +164,7 @@ TEST_F(SpdyWriteQueueTest, DequeuesFIFO) {
                       stream3->GetWeakPtr());
 
   SpdyFrameType frame_type = DATA;
-  scoped_ptr<SpdyBufferProducer> frame_producer;
+  std::unique_ptr<SpdyBufferProducer> frame_producer;
   base::WeakPtr<SpdyStream> stream;
   ASSERT_TRUE(write_queue.Dequeue(&frame_type, &frame_producer, &stream));
   EXPECT_EQ(SYN_STREAM, frame_type);
@@ -185,8 +190,8 @@ TEST_F(SpdyWriteQueueTest, DequeuesFIFO) {
 TEST_F(SpdyWriteQueueTest, RemovePendingWritesForStream) {
   SpdyWriteQueue write_queue;
 
-  scoped_ptr<SpdyStream> stream1(MakeTestStream(DEFAULT_PRIORITY));
-  scoped_ptr<SpdyStream> stream2(MakeTestStream(DEFAULT_PRIORITY));
+  std::unique_ptr<SpdyStream> stream1(MakeTestStream(DEFAULT_PRIORITY));
+  std::unique_ptr<SpdyStream> stream2(MakeTestStream(DEFAULT_PRIORITY));
 
   for (int i = 0; i < 100; ++i) {
     base::WeakPtr<SpdyStream> stream =
@@ -198,7 +203,7 @@ TEST_F(SpdyWriteQueueTest, RemovePendingWritesForStream) {
 
   for (int i = 0; i < 100; i += 3) {
     SpdyFrameType frame_type = DATA;
-    scoped_ptr<SpdyBufferProducer> frame_producer;
+    std::unique_ptr<SpdyBufferProducer> frame_producer;
     base::WeakPtr<SpdyStream> stream;
     ASSERT_TRUE(write_queue.Dequeue(&frame_type, &frame_producer, &stream));
     EXPECT_EQ(SYN_STREAM, frame_type);
@@ -207,7 +212,7 @@ TEST_F(SpdyWriteQueueTest, RemovePendingWritesForStream) {
   }
 
   SpdyFrameType frame_type = DATA;
-  scoped_ptr<SpdyBufferProducer> frame_producer;
+  std::unique_ptr<SpdyBufferProducer> frame_producer;
   base::WeakPtr<SpdyStream> stream;
   EXPECT_FALSE(write_queue.Dequeue(&frame_type, &frame_producer, &stream));
 }
@@ -219,14 +224,14 @@ TEST_F(SpdyWriteQueueTest, RemovePendingWritesForStream) {
 TEST_F(SpdyWriteQueueTest, RemovePendingWritesForStreamsAfter) {
   SpdyWriteQueue write_queue;
 
-  scoped_ptr<SpdyStream> stream1(MakeTestStream(DEFAULT_PRIORITY));
+  std::unique_ptr<SpdyStream> stream1(MakeTestStream(DEFAULT_PRIORITY));
   stream1->set_stream_id(1);
-  scoped_ptr<SpdyStream> stream2(MakeTestStream(DEFAULT_PRIORITY));
+  std::unique_ptr<SpdyStream> stream2(MakeTestStream(DEFAULT_PRIORITY));
   stream2->set_stream_id(3);
-  scoped_ptr<SpdyStream> stream3(MakeTestStream(DEFAULT_PRIORITY));
+  std::unique_ptr<SpdyStream> stream3(MakeTestStream(DEFAULT_PRIORITY));
   stream3->set_stream_id(5);
   // No stream id assigned.
-  scoped_ptr<SpdyStream> stream4(MakeTestStream(DEFAULT_PRIORITY));
+  std::unique_ptr<SpdyStream> stream4(MakeTestStream(DEFAULT_PRIORITY));
   base::WeakPtr<SpdyStream> streams[] = {
     stream1->GetWeakPtr(), stream2->GetWeakPtr(),
     stream3->GetWeakPtr(), stream4->GetWeakPtr()
@@ -241,7 +246,7 @@ TEST_F(SpdyWriteQueueTest, RemovePendingWritesForStreamsAfter) {
 
   for (int i = 0; i < 100; i += arraysize(streams)) {
     SpdyFrameType frame_type = DATA;
-    scoped_ptr<SpdyBufferProducer> frame_producer;
+    std::unique_ptr<SpdyBufferProducer> frame_producer;
     base::WeakPtr<SpdyStream> stream;
     ASSERT_TRUE(write_queue.Dequeue(&frame_type, &frame_producer, &stream))
         << "Unable to Dequeue i: " << i;
@@ -251,7 +256,7 @@ TEST_F(SpdyWriteQueueTest, RemovePendingWritesForStreamsAfter) {
   }
 
   SpdyFrameType frame_type = DATA;
-  scoped_ptr<SpdyBufferProducer> frame_producer;
+  std::unique_ptr<SpdyBufferProducer> frame_producer;
   base::WeakPtr<SpdyStream> stream;
   EXPECT_FALSE(write_queue.Dequeue(&frame_type, &frame_producer, &stream));
 }
@@ -270,7 +275,7 @@ TEST_F(SpdyWriteQueueTest, Clear) {
   write_queue.Clear();
 
   SpdyFrameType frame_type = DATA;
-  scoped_ptr<SpdyBufferProducer> frame_producer;
+  std::unique_ptr<SpdyBufferProducer> frame_producer;
   base::WeakPtr<SpdyStream> stream;
   EXPECT_FALSE(write_queue.Dequeue(&frame_type, &frame_producer, &stream));
 }
@@ -278,13 +283,12 @@ TEST_F(SpdyWriteQueueTest, Clear) {
 TEST_F(SpdyWriteQueueTest, RequeingProducerWithoutReentrance) {
   SpdyWriteQueue queue;
   queue.Enqueue(
-      DEFAULT_PRIORITY,
-      SYN_STREAM,
-      scoped_ptr<SpdyBufferProducer>(new RequeingBufferProducer(&queue)),
+      DEFAULT_PRIORITY, SYN_STREAM,
+      std::unique_ptr<SpdyBufferProducer>(new RequeingBufferProducer(&queue)),
       base::WeakPtr<SpdyStream>());
   {
     SpdyFrameType frame_type;
-    scoped_ptr<SpdyBufferProducer> producer;
+    std::unique_ptr<SpdyBufferProducer> producer;
     base::WeakPtr<SpdyStream> stream;
 
     EXPECT_TRUE(queue.Dequeue(&frame_type, &producer, &stream));
@@ -295,7 +299,7 @@ TEST_F(SpdyWriteQueueTest, RequeingProducerWithoutReentrance) {
   EXPECT_FALSE(queue.IsEmpty());
 
   SpdyFrameType frame_type;
-  scoped_ptr<SpdyBufferProducer> producer;
+  std::unique_ptr<SpdyBufferProducer> producer;
   base::WeakPtr<SpdyStream> stream;
 
   EXPECT_TRUE(queue.Dequeue(&frame_type, &producer, &stream));
@@ -305,16 +309,15 @@ TEST_F(SpdyWriteQueueTest, RequeingProducerWithoutReentrance) {
 TEST_F(SpdyWriteQueueTest, ReentranceOnClear) {
   SpdyWriteQueue queue;
   queue.Enqueue(
-      DEFAULT_PRIORITY,
-      SYN_STREAM,
-      scoped_ptr<SpdyBufferProducer>(new RequeingBufferProducer(&queue)),
+      DEFAULT_PRIORITY, SYN_STREAM,
+      std::unique_ptr<SpdyBufferProducer>(new RequeingBufferProducer(&queue)),
       base::WeakPtr<SpdyStream>());
 
   queue.Clear();
   EXPECT_FALSE(queue.IsEmpty());
 
   SpdyFrameType frame_type;
-  scoped_ptr<SpdyBufferProducer> producer;
+  std::unique_ptr<SpdyBufferProducer> producer;
   base::WeakPtr<SpdyStream> stream;
 
   EXPECT_TRUE(queue.Dequeue(&frame_type, &producer, &stream));
@@ -322,21 +325,20 @@ TEST_F(SpdyWriteQueueTest, ReentranceOnClear) {
 }
 
 TEST_F(SpdyWriteQueueTest, ReentranceOnRemovePendingWritesAfter) {
-  scoped_ptr<SpdyStream> stream(MakeTestStream(DEFAULT_PRIORITY));
+  std::unique_ptr<SpdyStream> stream(MakeTestStream(DEFAULT_PRIORITY));
   stream->set_stream_id(2);
 
   SpdyWriteQueue queue;
   queue.Enqueue(
-      DEFAULT_PRIORITY,
-      SYN_STREAM,
-      scoped_ptr<SpdyBufferProducer>(new RequeingBufferProducer(&queue)),
+      DEFAULT_PRIORITY, SYN_STREAM,
+      std::unique_ptr<SpdyBufferProducer>(new RequeingBufferProducer(&queue)),
       stream->GetWeakPtr());
 
   queue.RemovePendingWritesForStreamsAfter(1);
   EXPECT_FALSE(queue.IsEmpty());
 
   SpdyFrameType frame_type;
-  scoped_ptr<SpdyBufferProducer> producer;
+  std::unique_ptr<SpdyBufferProducer> producer;
   base::WeakPtr<SpdyStream> weak_stream;
 
   EXPECT_TRUE(queue.Dequeue(&frame_type, &producer, &weak_stream));
@@ -344,21 +346,20 @@ TEST_F(SpdyWriteQueueTest, ReentranceOnRemovePendingWritesAfter) {
 }
 
 TEST_F(SpdyWriteQueueTest, ReentranceOnRemovePendingWritesForStream) {
-  scoped_ptr<SpdyStream> stream(MakeTestStream(DEFAULT_PRIORITY));
+  std::unique_ptr<SpdyStream> stream(MakeTestStream(DEFAULT_PRIORITY));
   stream->set_stream_id(2);
 
   SpdyWriteQueue queue;
   queue.Enqueue(
-      DEFAULT_PRIORITY,
-      SYN_STREAM,
-      scoped_ptr<SpdyBufferProducer>(new RequeingBufferProducer(&queue)),
+      DEFAULT_PRIORITY, SYN_STREAM,
+      std::unique_ptr<SpdyBufferProducer>(new RequeingBufferProducer(&queue)),
       stream->GetWeakPtr());
 
   queue.RemovePendingWritesForStream(stream->GetWeakPtr());
   EXPECT_FALSE(queue.IsEmpty());
 
   SpdyFrameType frame_type;
-  scoped_ptr<SpdyBufferProducer> producer;
+  std::unique_ptr<SpdyBufferProducer> producer;
   base::WeakPtr<SpdyStream> weak_stream;
 
   EXPECT_TRUE(queue.Dequeue(&frame_type, &producer, &weak_stream));
diff --git a/chromium/net/spdy/write_blocked_list.h b/chromium/net/spdy/write_blocked_list.h
index 76d22da257a..c7d278eadef 100644
--- a/chromium/net/spdy/write_blocked_list.h
+++ b/chromium/net/spdy/write_blocked_list.h
@@ -9,9 +9,10 @@
 
 #include <algorithm>
 #include <deque>
+#include <unordered_map>
 
-#include "base/containers/hash_tables.h"
 #include "base/logging.h"
+#include "net/spdy/spdy_bug_tracker.h"
 #include "net/spdy/spdy_protocol.h"
 
 namespace net {
@@ -31,11 +32,11 @@ class WriteBlockedList {
 
   static SpdyPriority ClampPriority(SpdyPriority priority) {
     if (priority < kV3HighestPriority) {
-      LOG(DFATAL) << "Invalid priority: " << static_cast<int>(priority);
+      SPDY_BUG << "Invalid priority: " << static_cast<int>(priority);
       return kV3HighestPriority;
     }
     if (priority > kV3LowestPriority) {
-      LOG(DFATAL) << "Invalid priority: " << static_cast<int>(priority);
+      SPDY_BUG << "Invalid priority: " << static_cast<int>(priority);
       return kV3LowestPriority;
     }
     return priority;
@@ -48,7 +49,7 @@ class WriteBlockedList {
         return i;
       }
     }
-    LOG(DFATAL) << "No blocked streams";
+    SPDY_BUG << "No blocked streams";
     return kV3HighestPriority;
   }
 
@@ -151,7 +152,7 @@ class WriteBlockedList {
  private:
   friend class net::test::WriteBlockedListPeer;
 
-  typedef base::hash_map<IdType, SpdyPriority> StreamToPriorityMap;
+  using StreamToPriorityMap = std::unordered_map<IdType, SpdyPriority>;
 
   void AddStream(IdType stream_id, SpdyPriority priority, bool push_back) {
     priority = ClampPriority(priority);
diff --git a/chromium/net/spdy/write_scheduler.cc b/chromium/net/spdy/write_scheduler.cc
new file mode 100644
index 00000000000..2a7e64b2726
--- /dev/null
+++ b/chromium/net/spdy/write_scheduler.cc
@@ -0,0 +1,49 @@
+// Copyright (c) 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/spdy/write_scheduler.h"
+
+#include "base/logging.h"
+#include "net/spdy/spdy_bug_tracker.h"
+#include "net/spdy/spdy_protocol.h"
+
+namespace net {
+
+SpdyPriority ClampSpdyPriority(SpdyPriority priority) {
+  if (priority < kV3HighestPriority) {
+    SPDY_BUG << "Invalid priority: " << static_cast<int>(priority);
+    return kV3HighestPriority;
+  }
+  if (priority > kV3LowestPriority) {
+    SPDY_BUG << "Invalid priority: " << static_cast<int>(priority);
+    return kV3LowestPriority;
+  }
+  return priority;
+}
+
+int ClampHttp2Weight(int weight) {
+  if (weight < kHttp2MinStreamWeight) {
+    SPDY_BUG << "Invalid weight: " << weight;
+    return kHttp2MinStreamWeight;
+  }
+  if (weight > kHttp2MaxStreamWeight) {
+    SPDY_BUG << "Invalid weight: " << weight;
+    return kHttp2MaxStreamWeight;
+  }
+  return weight;
+}
+
+int SpdyPriorityToHttp2Weight(SpdyPriority priority) {
+  priority = ClampSpdyPriority(priority);
+  const float kSteps = 255.9f / 7.f;
+  return static_cast<int>(kSteps * (7.f - priority)) + 1;
+}
+
+SpdyPriority Http2WeightToSpdyPriority(int weight) {
+  weight = ClampHttp2Weight(weight);
+  const float kSteps = 255.9f / 7.f;
+  return static_cast<SpdyPriority>(7.f - (weight - 1) / kSteps);
+}
+
+}  // namespace net
diff --git a/chromium/net/spdy/write_scheduler.h b/chromium/net/spdy/write_scheduler.h
new file mode 100644
index 00000000000..4538e1f08eb
--- /dev/null
+++ b/chromium/net/spdy/write_scheduler.h
@@ -0,0 +1,185 @@
+// Copyright (c) 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_SPDY_WRITE_SCHEDULER_H_
+#define NET_SPDY_WRITE_SCHEDULER_H_
+
+#include <vector>
+
+#include "net/spdy/spdy_protocol.h"
+
+namespace net {
+
+// Abstract superclass for classes that decide which SPDY or HTTP/2 stream to
+// write next. Concrete subclasses implement various scheduling policies:
+//
+// PriorityWriteScheduler: implements SPDY priority-based stream scheduling,
+//     where (writable) higher-priority streams are always given precedence
+//     over lower-priority streams.
+//
+// Http2PriorityWriteScheduler: implements SPDY priority-based stream
+//     scheduling coupled with the HTTP/2 stream dependency model. This is only
+//     intended as a transitional step towards Http2WeightedWriteScheduler.
+//
+// Http2WeightedWriteScheduler (coming soon): implements the HTTP/2 stream
+//     dependency model with weighted stream scheduling, fully conforming to
+//     RFC 7540.
+//
+// The type used to represent stream IDs (StreamIdType) is templated in order
+// to allow for use by both SPDY and QUIC codebases. It must be a POD that
+// supports comparison (i.e., a numeric type).
+//
+// Each stream can be in one of two states: ready or not ready (for writing).
+// Ready state is changed by calling the MarkStreamReady() and
+// MarkStreamNotReady() methods. Only streams in the ready state can be
+// returned by PopNextReadyStream(); when returned by that method, the stream's
+// state changes to not ready.
+template <typename StreamIdType>
+class NET_EXPORT_PRIVATE WriteScheduler {
+ public:
+  virtual ~WriteScheduler() {}
+
+  // Registers new stream |stream_id| with the scheduler, assigning it the
+  // given weight, which should be in the range [1, 256]. If the scheduler
+  // supports stream dependencies, the stream is inserted into the dependency
+  // tree under the specified parent stream.
+  //
+  // Preconditions: |stream_id| should be unregistered, and |parent_id| should
+  // be registered or |kHttp2RootStreamId|.
+  virtual void RegisterStream(StreamIdType stream_id,
+                              StreamIdType parent_id,
+                              int weight,
+                              bool exclusive) = 0;
+
+  // Registers a new stream with the scheduler, assigning it the given
+  // priority.
+  //
+  // Preconditions: |stream_id| should be unregistered.
+  virtual void RegisterStream(StreamIdType stream_id,
+                              SpdyPriority priority) = 0;
+
+  // Unregisters the given stream from the scheduler, which will no longer keep
+  // state for it.
+  //
+  // Preconditions: |stream_id| should be registered.
+  virtual void UnregisterStream(StreamIdType stream_id) = 0;
+
+  // Returns true if the given stream is currently registered.
+  virtual bool StreamRegistered(StreamIdType stream_id) const = 0;
+
+  // Returns the priority value for the specified stream. If the scheduler uses
+  // weights rather than priorities, the returned value is the stream's weight
+  // mapped to a SPDY priority.
+  //
+  // Preconditions: |stream_id| should be registered.
+  virtual SpdyPriority GetStreamPriority(StreamIdType stream_id) const = 0;
+
+  // Updates the priority of the given stream.
+  //
+  // Preconditions: |stream_id| should be registered.
+  virtual void UpdateStreamPriority(StreamIdType stream_id,
+                                    SpdyPriority priority) = 0;
+
+  // Returns the weight value for the specified stream. If the scheduler uses
+  // SPDY priorities rather than weights, the returned value is the stream's
+  // SPDY priority mapped to a weight.
+  //
+  // Preconditions: |stream_id| should be registered.
+  virtual int GetStreamWeight(StreamIdType stream_id) const = 0;
+
+  // Updates the weight of the given stream.
+  //
+  // Preconditions: |stream_id| should be registered.
+  virtual void UpdateStreamWeight(StreamIdType stream_id, int weight) = 0;
+
+  // Returns the parent stream of |stream_id|. If the scheduler
+  // doesn't support stream dependencies, returns |kHttp2RootStreamId|.
+  //
+  // Preconditions: |stream_id| should be registered.
+  virtual StreamIdType GetStreamParent(StreamIdType stream_id) const = 0;
+
+  // Updates which stream is the parent stream of |stream_id|. If the scheduler
+  // doesn't support stream dependencies of the stream, does nothing.
+  //
+  // Preconditions: |stream_id| should be registered.
+  virtual void UpdateStreamParent(StreamIdType stream_id,
+                                  StreamIdType parent_id,
+                                  bool exclusive) = 0;
+
+  // Returns child streams of the given stream, if any. If the scheduler
+  // doesn't support stream dependencies, returns an empty vector.
+  //
+  // Preconditions: |stream_id| should be registered.
+  virtual std::vector<StreamIdType> GetStreamChildren(
+      StreamIdType stream_id) const = 0;
+
+  // Records time (in microseconds) of a read/write event for the given
+  // stream.
+  //
+  // Preconditions: |stream_id| should be registered.
+  virtual void RecordStreamEventTime(StreamIdType stream_id,
+                                     int64_t now_in_usec) = 0;
+
+  // Returns time (in microseconds) of the last read/write event for a stream
+  // with higher priority than the priority of the given stream, or 0 if there
+  // is no such event.
+  //
+  // Preconditions: |stream_id| should be registered.
+  virtual int64_t GetLatestEventWithPrecedence(
+      StreamIdType stream_id) const = 0;
+
+  // If the scheduler has any ready streams, returns the next scheduled
+  // ready stream, in the process transitioning the stream from ready to not
+  // ready.
+  //
+  // Preconditions: |HasReadyStreams() == true|
+  virtual StreamIdType PopNextReadyStream() = 0;
+
+  // Returns true if there's another stream ahead of the given stream in the
+  // scheduling queue.  This function can be called to see if the given stream
+  // should yield work to another stream.
+  //
+  // Preconditions: |stream_id| should be registered.
+  virtual bool ShouldYield(StreamIdType stream_id) const = 0;
+
+  // Marks the stream as ready to write. If the stream was already ready, does
+  // nothing. If add_to_front is true, the stream is scheduled ahead of other
+  // streams of the same priority/weight, otherwise it is scheduled behind them.
+  //
+  // Preconditions: |stream_id| should be registered.
+  virtual void MarkStreamReady(StreamIdType stream_id, bool add_to_front) = 0;
+
+  // Marks the stream as not ready to write. If the stream is not registered or
+  // not ready, does nothing.
+  //
+  // Preconditions: |stream_id| should be registered.
+  virtual void MarkStreamNotReady(StreamIdType stream_id) = 0;
+
+  // Returns true iff the scheduler has any ready streams.
+  virtual bool HasReadyStreams() const = 0;
+
+  // Returns the number of streams currently marked ready.
+  virtual size_t NumReadyStreams() const = 0;
+};
+
+// Returns SPDY priority value clamped to the valid range of [0, 7].
+NET_EXPORT_PRIVATE SpdyPriority ClampSpdyPriority(SpdyPriority priority);
+
+// Returns HTTP/2 weight clamped to the valid range of [1, 256].
+NET_EXPORT_PRIVATE int ClampHttp2Weight(int weight);
+
+// Maps SPDY priority value in range [0, 7] to HTTP/2 weight value in range
+// [1, 256], where priority 0 (i.e. highest precedence) corresponds to maximum
+// weight 256 and priority 7 (lowest precedence) corresponds to minimum weight
+// 1.
+NET_EXPORT_PRIVATE int SpdyPriorityToHttp2Weight(SpdyPriority priority);
+
+// Maps HTTP/2 weight value in range [1, 256] to SPDY priority value in range
+// [0, 7], where minimum weight 1 corresponds to priority 7 (lowest precedence)
+// and maximum weight 256 corresponds to priority 0 (highest precedence).
+NET_EXPORT_PRIVATE SpdyPriority Http2WeightToSpdyPriority(int weight);
+
+}  // namespace net
+
+#endif  // NET_SPDY_WRITE_SCHEDULER_H_
diff --git a/chromium/net/spdy/write_scheduler_test.cc b/chromium/net/spdy/write_scheduler_test.cc
new file mode 100644
index 00000000000..957495410db
--- /dev/null
+++ b/chromium/net/spdy/write_scheduler_test.cc
@@ -0,0 +1,59 @@
+// Copyright (c) 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/spdy/write_scheduler.h"
+
+#include "net/spdy/spdy_test_utils.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace net {
+
+namespace test {
+
+TEST(WriteSchedulerTest, ClampSpdyPriority) {
+  EXPECT_SPDY_BUG(EXPECT_EQ(7, ClampSpdyPriority(8)), "Invalid priority: 8");
+  EXPECT_EQ(kV3LowestPriority, ClampSpdyPriority(kV3LowestPriority));
+  EXPECT_EQ(kV3HighestPriority, ClampSpdyPriority(kV3HighestPriority));
+}
+
+TEST(WriteSchedulerTest, ClampHttp2Weight) {
+  EXPECT_SPDY_BUG(EXPECT_EQ(kHttp2MinStreamWeight, ClampHttp2Weight(0)),
+                  "Invalid weight: 0");
+  EXPECT_SPDY_BUG(EXPECT_EQ(kHttp2MaxStreamWeight, ClampHttp2Weight(300)),
+                  "Invalid weight: 300");
+  EXPECT_EQ(kHttp2MinStreamWeight, ClampHttp2Weight(kHttp2MinStreamWeight));
+  EXPECT_EQ(kHttp2MaxStreamWeight, ClampHttp2Weight(kHttp2MaxStreamWeight));
+}
+
+TEST(WriteSchedulerTest, SpdyPriorityToHttp2Weight) {
+  EXPECT_EQ(256, SpdyPriorityToHttp2Weight(0));
+  EXPECT_EQ(220, SpdyPriorityToHttp2Weight(1));
+  EXPECT_EQ(183, SpdyPriorityToHttp2Weight(2));
+  EXPECT_EQ(147, SpdyPriorityToHttp2Weight(3));
+  EXPECT_EQ(110, SpdyPriorityToHttp2Weight(4));
+  EXPECT_EQ(74, SpdyPriorityToHttp2Weight(5));
+  EXPECT_EQ(37, SpdyPriorityToHttp2Weight(6));
+  EXPECT_EQ(1, SpdyPriorityToHttp2Weight(7));
+}
+
+TEST(WriteSchedulerTest, Http2WeightToSpdyPriority) {
+  EXPECT_EQ(0u, Http2WeightToSpdyPriority(256));
+  EXPECT_EQ(0u, Http2WeightToSpdyPriority(221));
+  EXPECT_EQ(1u, Http2WeightToSpdyPriority(220));
+  EXPECT_EQ(1u, Http2WeightToSpdyPriority(184));
+  EXPECT_EQ(2u, Http2WeightToSpdyPriority(183));
+  EXPECT_EQ(2u, Http2WeightToSpdyPriority(148));
+  EXPECT_EQ(3u, Http2WeightToSpdyPriority(147));
+  EXPECT_EQ(3u, Http2WeightToSpdyPriority(111));
+  EXPECT_EQ(4u, Http2WeightToSpdyPriority(110));
+  EXPECT_EQ(4u, Http2WeightToSpdyPriority(75));
+  EXPECT_EQ(5u, Http2WeightToSpdyPriority(74));
+  EXPECT_EQ(5u, Http2WeightToSpdyPriority(38));
+  EXPECT_EQ(6u, Http2WeightToSpdyPriority(37));
+  EXPECT_EQ(6u, Http2WeightToSpdyPriority(2));
+  EXPECT_EQ(7u, Http2WeightToSpdyPriority(1));
+}
+
+}  // namespace test
+}  // namespace net
diff --git a/chromium/net/ssl/channel_id_service.cc b/chromium/net/ssl/channel_id_service.cc
index 7cae014a2f0..8c0ace195ef 100644
--- a/chromium/net/ssl/channel_id_service.cc
+++ b/chromium/net/ssl/channel_id_service.cc
@@ -6,6 +6,7 @@
 
 #include <algorithm>
 #include <limits>
+#include <memory>
 #include <utility>
 
 #include "base/atomic_sequence_num.h"
@@ -17,13 +18,12 @@
 #include "base/logging.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/rand_util.h"
 #include "base/single_thread_task_runner.h"
 #include "base/stl_util.h"
 #include "base/task_runner.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "crypto/ec_private_key.h"
 #include "net/base/net_errors.h"
 #include "net/base/registry_controlled_domains/registry_controlled_domain.h"
@@ -31,10 +31,6 @@
 #include "net/cert/x509_util.h"
 #include "url/gurl.h"
 
-#if !defined(USE_OPENSSL)
-#include <private/pprthred.h>  // PR_DetachThread
-#endif
-
 namespace net {
 
 namespace {
@@ -86,14 +82,14 @@ void RecordGetChannelIDTime(base::TimeDelta request_time) {
 // Otherwise, returns NULL, and |*error| will be set to a net error code.
 // |serial_number| is passed in because base::RandInt cannot be called from an
 // unjoined thread, due to relying on a non-leaked LazyInstance
-scoped_ptr<ChannelIDStore::ChannelID> GenerateChannelID(
+std::unique_ptr<ChannelIDStore::ChannelID> GenerateChannelID(
     const std::string& server_identifier,
     int* error) {
-  scoped_ptr<ChannelIDStore::ChannelID> result;
+  std::unique_ptr<ChannelIDStore::ChannelID> result;
 
   base::TimeTicks start = base::TimeTicks::Now();
   base::Time creation_time = base::Time::Now();
-  scoped_ptr<crypto::ECPrivateKey> key(crypto::ECPrivateKey::Create());
+  std::unique_ptr<crypto::ECPrivateKey> key(crypto::ECPrivateKey::Create());
 
   if (!key) {
     DLOG(ERROR) << "Unable to create channel ID key pair";
@@ -119,10 +115,9 @@ scoped_ptr<ChannelIDStore::ChannelID> GenerateChannelID(
 // itself once Start() is called.
 class ChannelIDServiceWorker {
  public:
-  typedef base::Callback<void(
-      const std::string&,
-      int,
-      scoped_ptr<ChannelIDStore::ChannelID>)> WorkerDoneCallback;
+  typedef base::Callback<
+      void(const std::string&, int, std::unique_ptr<ChannelIDStore::ChannelID>)>
+      WorkerDoneCallback;
 
   ChannelIDServiceWorker(const std::string& server_identifier,
                          const WorkerDoneCallback& callback)
@@ -145,18 +140,8 @@ class ChannelIDServiceWorker {
   void Run() {
     // Runs on a worker thread.
     int error = ERR_FAILED;
-    scoped_ptr<ChannelIDStore::ChannelID> channel_id =
+    std::unique_ptr<ChannelIDStore::ChannelID> channel_id =
         GenerateChannelID(server_identifier_, &error);
-#if !defined(USE_OPENSSL)
-    // Detach the thread from NSPR.
-    // Calling NSS functions attaches the thread to NSPR, which stores
-    // the NSPR thread ID in thread-specific data.
-    // The threads in our thread pool terminate after we have called
-    // PR_Cleanup. Unless we detach them from NSPR, net_unittests gets
-    // segfaults on shutdown when the threads' thread-specific data
-    // destructors run.
-    PR_DetachThread();
-#endif
     origin_task_runner_->PostTask(
         FROM_HERE, base::Bind(callback_, server_identifier_, error,
                               base::Passed(&channel_id)));
@@ -186,7 +171,7 @@ class ChannelIDServiceJob {
     requests_.push_back(request);
   }
 
-  void HandleResult(int error, scoped_ptr<crypto::ECPrivateKey> key) {
+  void HandleResult(int error, std::unique_ptr<crypto::ECPrivateKey> key) {
     PostAll(error, std::move(key));
   }
 
@@ -199,13 +184,13 @@ class ChannelIDServiceJob {
   }
 
  private:
-  void PostAll(int error, scoped_ptr<crypto::ECPrivateKey> key) {
+  void PostAll(int error, std::unique_ptr<crypto::ECPrivateKey> key) {
     std::vector<ChannelIDService::Request*> requests;
     requests_.swap(requests);
 
     for (std::vector<ChannelIDService::Request*>::iterator i = requests.begin();
          i != requests.end(); i++) {
-      scoped_ptr<crypto::ECPrivateKey> key_copy;
+      std::unique_ptr<crypto::ECPrivateKey> key_copy;
       if (key)
         key_copy.reset(key->Copy());
       (*i)->Post(error, std::move(key_copy));
@@ -240,7 +225,7 @@ void ChannelIDService::Request::RequestStarted(
     ChannelIDService* service,
     base::TimeTicks request_start,
     const CompletionCallback& callback,
-    scoped_ptr<crypto::ECPrivateKey>* key,
+    std::unique_ptr<crypto::ECPrivateKey>* key,
     ChannelIDServiceJob* job) {
   DCHECK(service_ == NULL);
   service_ = service;
@@ -250,8 +235,9 @@ void ChannelIDService::Request::RequestStarted(
   job_ = job;
 }
 
-void ChannelIDService::Request::Post(int error,
-                                     scoped_ptr<crypto::ECPrivateKey> key) {
+void ChannelIDService::Request::Post(
+    int error,
+    std::unique_ptr<crypto::ECPrivateKey> key) {
   switch (error) {
     case OK: {
       base::TimeDelta request_time = base::TimeTicks::Now() - request_start_;
@@ -314,7 +300,7 @@ std::string ChannelIDService::GetDomainForHost(const std::string& host) {
 
 int ChannelIDService::GetOrCreateChannelID(
     const std::string& host,
-    scoped_ptr<crypto::ECPrivateKey>* key,
+    std::unique_ptr<crypto::ECPrivateKey>* key,
     const CompletionCallback& callback,
     Request* out_req) {
   DVLOG(1) << __FUNCTION__ << " " << host;
@@ -369,7 +355,7 @@ int ChannelIDService::GetOrCreateChannelID(
 }
 
 int ChannelIDService::GetChannelID(const std::string& host,
-                                   scoped_ptr<crypto::ECPrivateKey>* key,
+                                   std::unique_ptr<crypto::ECPrivateKey>* key,
                                    const CompletionCallback& callback,
                                    Request* out_req) {
   DVLOG(1) << __FUNCTION__ << " " << host;
@@ -403,7 +389,7 @@ int ChannelIDService::GetChannelID(const std::string& host,
 
 void ChannelIDService::GotChannelID(int err,
                                     const std::string& server_identifier,
-                                    scoped_ptr<crypto::ECPrivateKey> key) {
+                                    std::unique_ptr<crypto::ECPrivateKey> key) {
   DCHECK(CalledOnValidThread());
 
   std::map<std::string, ChannelIDServiceJob*>::iterator j;
@@ -448,10 +434,10 @@ ChannelIDStore* ChannelIDService::GetChannelIDStore() {
 void ChannelIDService::GeneratedChannelID(
     const std::string& server_identifier,
     int error,
-    scoped_ptr<ChannelIDStore::ChannelID> channel_id) {
+    std::unique_ptr<ChannelIDStore::ChannelID> channel_id) {
   DCHECK(CalledOnValidThread());
 
-  scoped_ptr<crypto::ECPrivateKey> key;
+  std::unique_ptr<crypto::ECPrivateKey> key;
   if (error == OK) {
     key.reset(channel_id->key()->Copy());
     channel_id_store_->SetChannelID(std::move(channel_id));
@@ -461,7 +447,7 @@ void ChannelIDService::GeneratedChannelID(
 
 void ChannelIDService::HandleResult(int error,
                                     const std::string& server_identifier,
-                                    scoped_ptr<crypto::ECPrivateKey> key) {
+                                    std::unique_ptr<crypto::ECPrivateKey> key) {
   DCHECK(CalledOnValidThread());
 
   std::map<std::string, ChannelIDServiceJob*>::iterator j;
@@ -480,7 +466,7 @@ void ChannelIDService::HandleResult(int error,
 bool ChannelIDService::JoinToInFlightRequest(
     const base::TimeTicks& request_start,
     const std::string& domain,
-    scoped_ptr<crypto::ECPrivateKey>* key,
+    std::unique_ptr<crypto::ECPrivateKey>* key,
     bool create_if_missing,
     const CompletionCallback& callback,
     Request* out_req) {
@@ -501,12 +487,13 @@ bool ChannelIDService::JoinToInFlightRequest(
   return false;
 }
 
-int ChannelIDService::LookupChannelID(const base::TimeTicks& request_start,
-                                      const std::string& domain,
-                                      scoped_ptr<crypto::ECPrivateKey>* key,
-                                      bool create_if_missing,
-                                      const CompletionCallback& callback,
-                                      Request* out_req) {
+int ChannelIDService::LookupChannelID(
+    const base::TimeTicks& request_start,
+    const std::string& domain,
+    std::unique_ptr<crypto::ECPrivateKey>* key,
+    bool create_if_missing,
+    const CompletionCallback& callback,
+    Request* out_req) {
   // Check if a channel ID key already exists for this domain.
   int err = channel_id_store_->GetChannelID(
       domain, key, base::Bind(&ChannelIDService::GotChannelID,
diff --git a/chromium/net/ssl/channel_id_service.h b/chromium/net/ssl/channel_id_service.h
index ef577974ccb..767973cbcee 100644
--- a/chromium/net/ssl/channel_id_service.h
+++ b/chromium/net/ssl/channel_id_service.h
@@ -8,11 +8,11 @@
 #include <stdint.h>
 
 #include <map>
+#include <memory>
 #include <string>
 #include <vector>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "base/threading/non_thread_safe.h"
 #include "base/time/time.h"
@@ -58,15 +58,15 @@ class NET_EXPORT ChannelIDService
     void RequestStarted(ChannelIDService* service,
                         base::TimeTicks request_start,
                         const CompletionCallback& callback,
-                        scoped_ptr<crypto::ECPrivateKey>* key,
+                        std::unique_ptr<crypto::ECPrivateKey>* key,
                         ChannelIDServiceJob* job);
 
-    void Post(int error, scoped_ptr<crypto::ECPrivateKey> key);
+    void Post(int error, std::unique_ptr<crypto::ECPrivateKey> key);
 
     ChannelIDService* service_;
     base::TimeTicks request_start_;
     CompletionCallback callback_;
-    scoped_ptr<crypto::ECPrivateKey>* key_;
+    std::unique_ptr<crypto::ECPrivateKey>* key_;
     ChannelIDServiceJob* job_;
   };
 
@@ -102,7 +102,7 @@ class NET_EXPORT ChannelIDService
   //
   // |*out_req| will be initialized with a handle to the async request.
   int GetOrCreateChannelID(const std::string& host,
-                           scoped_ptr<crypto::ECPrivateKey>* key,
+                           std::unique_ptr<crypto::ECPrivateKey>* key,
                            const CompletionCallback& callback,
                            Request* out_req);
 
@@ -122,7 +122,7 @@ class NET_EXPORT ChannelIDService
   //
   // |*out_req| will be initialized with a handle to the async request.
   int GetChannelID(const std::string& host,
-                   scoped_ptr<crypto::ECPrivateKey>* key,
+                   std::unique_ptr<crypto::ECPrivateKey>* key,
                    const CompletionCallback& callback,
                    Request* out_req);
 
@@ -143,21 +143,21 @@ class NET_EXPORT ChannelIDService
  private:
   void GotChannelID(int err,
                     const std::string& server_identifier,
-                    scoped_ptr<crypto::ECPrivateKey> key);
+                    std::unique_ptr<crypto::ECPrivateKey> key);
   void GeneratedChannelID(
       const std::string& server_identifier,
       int error,
-      scoped_ptr<ChannelIDStore::ChannelID> channel_id);
+      std::unique_ptr<ChannelIDStore::ChannelID> channel_id);
   void HandleResult(int error,
                     const std::string& server_identifier,
-                    scoped_ptr<crypto::ECPrivateKey> key);
+                    std::unique_ptr<crypto::ECPrivateKey> key);
 
   // Searches for an in-flight request for the same domain. If found,
   // attaches to the request and returns true. Returns false if no in-flight
   // request is found.
   bool JoinToInFlightRequest(const base::TimeTicks& request_start,
                              const std::string& domain,
-                             scoped_ptr<crypto::ECPrivateKey>* key,
+                             std::unique_ptr<crypto::ECPrivateKey>* key,
                              bool create_if_missing,
                              const CompletionCallback& callback,
                              Request* out_req);
@@ -168,12 +168,12 @@ class NET_EXPORT ChannelIDService
   // failure (including failure to find a channel ID of |domain|).
   int LookupChannelID(const base::TimeTicks& request_start,
                       const std::string& domain,
-                      scoped_ptr<crypto::ECPrivateKey>* key,
+                      std::unique_ptr<crypto::ECPrivateKey>* key,
                       bool create_if_missing,
                       const CompletionCallback& callback,
                       Request* out_req);
 
-  scoped_ptr<ChannelIDStore> channel_id_store_;
+  std::unique_ptr<ChannelIDStore> channel_id_store_;
   scoped_refptr<base::TaskRunner> task_runner_;
   const int id_;
 
diff --git a/chromium/net/ssl/channel_id_service_unittest.cc b/chromium/net/ssl/channel_id_service_unittest.cc
index 1e98b61a674..c8a3af56d44 100644
--- a/chromium/net/ssl/channel_id_service_unittest.cc
+++ b/chromium/net/ssl/channel_id_service_unittest.cc
@@ -4,18 +4,19 @@
 
 #include "net/ssl/channel_id_service.h"
 
+#include <memory>
 #include <string>
 #include <vector>
 
 #include "base/bind.h"
 #include "base/location.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
+#include "base/memory/ptr_util.h"
 #include "base/message_loop/message_loop.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/task_runner.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "crypto/ec_private_key.h"
 #include "net/base/net_errors.h"
 #include "net/base/test_completion_callback.h"
@@ -62,10 +63,10 @@ class MockChannelIDStoreWithAsyncGet
       : DefaultChannelIDStore(NULL), channel_id_count_(0) {}
 
   int GetChannelID(const std::string& server_identifier,
-                   scoped_ptr<crypto::ECPrivateKey>* key_result,
+                   std::unique_ptr<crypto::ECPrivateKey>* key_result,
                    const GetChannelIDCallback& callback) override;
 
-  void SetChannelID(scoped_ptr<ChannelID> channel_id) override {
+  void SetChannelID(std::unique_ptr<ChannelID> channel_id) override {
     channel_id_count_ = 1;
   }
 
@@ -81,7 +82,7 @@ class MockChannelIDStoreWithAsyncGet
 
 int MockChannelIDStoreWithAsyncGet::GetChannelID(
     const std::string& server_identifier,
-    scoped_ptr<crypto::ECPrivateKey>* key_result,
+    std::unique_ptr<crypto::ECPrivateKey>* key_result,
     const GetChannelIDCallback& callback) {
   server_identifier_ = server_identifier;
   callback_ = callback;
@@ -101,7 +102,7 @@ void MockChannelIDStoreWithAsyncGet::CallGetChannelIDCallbackWithResult(
   base::ThreadTaskRunnerHandle::Get()->PostTask(
       FROM_HERE,
       base::Bind(callback_, err, server_identifier_,
-                 base::Passed(make_scoped_ptr(key ? key->Copy() : nullptr))));
+                 base::Passed(base::WrapUnique(key ? key->Copy() : nullptr))));
 }
 
 class ChannelIDServiceTest : public testing::Test {
@@ -111,7 +112,7 @@ class ChannelIDServiceTest : public testing::Test {
                                       base::ThreadTaskRunnerHandle::Get())) {}
 
  protected:
-  scoped_ptr<ChannelIDService> service_;
+  std::unique_ptr<ChannelIDService> service_;
 };
 
 TEST_F(ChannelIDServiceTest, GetDomainForHost) {
@@ -141,7 +142,7 @@ TEST_F(ChannelIDServiceTest, GetCacheMiss) {
   ChannelIDService::Request request;
 
   // Synchronous completion, because the store is initialized.
-  scoped_ptr<crypto::ECPrivateKey> key;
+  std::unique_ptr<crypto::ECPrivateKey> key;
   EXPECT_EQ(0, service_->channel_id_count());
   error = service_->GetChannelID(host, &key, callback.callback(), &request);
   EXPECT_EQ(ERR_FILE_NOT_FOUND, error);
@@ -158,7 +159,7 @@ TEST_F(ChannelIDServiceTest, CacheHit) {
   ChannelIDService::Request request;
 
   // Asynchronous completion.
-  scoped_ptr<crypto::ECPrivateKey> key1;
+  std::unique_ptr<crypto::ECPrivateKey> key1;
   EXPECT_EQ(0, service_->channel_id_count());
   error = service_->GetOrCreateChannelID(host, &key1, callback.callback(),
                                          &request);
@@ -171,7 +172,7 @@ TEST_F(ChannelIDServiceTest, CacheHit) {
   EXPECT_FALSE(request.is_active());
 
   // Synchronous completion.
-  scoped_ptr<crypto::ECPrivateKey> key2;
+  std::unique_ptr<crypto::ECPrivateKey> key2;
   error = service_->GetOrCreateChannelID(host, &key2, callback.callback(),
                                          &request);
   EXPECT_FALSE(request.is_active());
@@ -180,7 +181,7 @@ TEST_F(ChannelIDServiceTest, CacheHit) {
   EXPECT_TRUE(KeysEqual(key1.get(), key2.get()));
 
   // Synchronous get.
-  scoped_ptr<crypto::ECPrivateKey> key3;
+  std::unique_ptr<crypto::ECPrivateKey> key3;
   error = service_->GetChannelID(host, &key3, callback.callback(), &request);
   EXPECT_FALSE(request.is_active());
   EXPECT_EQ(OK, error);
@@ -198,7 +199,7 @@ TEST_F(ChannelIDServiceTest, StoreChannelIDs) {
   ChannelIDService::Request request;
 
   std::string host1("encrypted.google.com");
-  scoped_ptr<crypto::ECPrivateKey> key1;
+  std::unique_ptr<crypto::ECPrivateKey> key1;
   EXPECT_EQ(0, service_->channel_id_count());
   error = service_->GetOrCreateChannelID(host1, &key1, callback.callback(),
                                          &request);
@@ -209,7 +210,7 @@ TEST_F(ChannelIDServiceTest, StoreChannelIDs) {
   EXPECT_EQ(1, service_->channel_id_count());
 
   std::string host2("www.verisign.com");
-  scoped_ptr<crypto::ECPrivateKey> key2;
+  std::unique_ptr<crypto::ECPrivateKey> key2;
   error = service_->GetOrCreateChannelID(host2, &key2, callback.callback(),
                                          &request);
   EXPECT_EQ(ERR_IO_PENDING, error);
@@ -219,7 +220,7 @@ TEST_F(ChannelIDServiceTest, StoreChannelIDs) {
   EXPECT_EQ(2, service_->channel_id_count());
 
   std::string host3("www.twitter.com");
-  scoped_ptr<crypto::ECPrivateKey> key3;
+  std::unique_ptr<crypto::ECPrivateKey> key3;
   error = service_->GetOrCreateChannelID(host3, &key3, callback.callback(),
                                          &request);
   EXPECT_EQ(ERR_IO_PENDING, error);
@@ -238,11 +239,11 @@ TEST_F(ChannelIDServiceTest, InflightJoin) {
   std::string host("encrypted.google.com");
   int error;
 
-  scoped_ptr<crypto::ECPrivateKey> key1;
+  std::unique_ptr<crypto::ECPrivateKey> key1;
   TestCompletionCallback callback1;
   ChannelIDService::Request request1;
 
-  scoped_ptr<crypto::ECPrivateKey> key2;
+  std::unique_ptr<crypto::ECPrivateKey> key2;
   TestCompletionCallback callback2;
   ChannelIDService::Request request2;
 
@@ -272,11 +273,11 @@ TEST_F(ChannelIDServiceTest, InflightJoinGetOrCreateAndGet) {
   std::string host("encrypted.google.com");
   int error;
 
-  scoped_ptr<crypto::ECPrivateKey> key1;
+  std::unique_ptr<crypto::ECPrivateKey> key1;
   TestCompletionCallback callback1;
   ChannelIDService::Request request1;
 
-  scoped_ptr<crypto::ECPrivateKey> key2;
+  std::unique_ptr<crypto::ECPrivateKey> key2;
   TestCompletionCallback callback2;
   ChannelIDService::Request request2;
 
@@ -304,7 +305,7 @@ TEST_F(ChannelIDServiceTest, InflightJoinGetOrCreateAndGet) {
 // Tests that the callback of a canceled request is never made.
 TEST_F(ChannelIDServiceTest, CancelRequest) {
   std::string host("encrypted.google.com");
-  scoped_ptr<crypto::ECPrivateKey> key;
+  std::unique_ptr<crypto::ECPrivateKey> key;
   int error;
   ChannelIDService::Request request;
 
@@ -327,9 +328,9 @@ TEST_F(ChannelIDServiceTest, CancelRequest) {
 // Tests that destructing the Request cancels the request.
 TEST_F(ChannelIDServiceTest, CancelRequestByHandleDestruction) {
   std::string host("encrypted.google.com");
-  scoped_ptr<crypto::ECPrivateKey> key;
+  std::unique_ptr<crypto::ECPrivateKey> key;
   int error;
-  scoped_ptr<ChannelIDService::Request> request(
+  std::unique_ptr<ChannelIDService::Request> request(
       new ChannelIDService::Request());
 
   error = service_->GetOrCreateChannelID(host, &key, base::Bind(&FailTest),
@@ -351,7 +352,7 @@ TEST_F(ChannelIDServiceTest, CancelRequestByHandleDestruction) {
 
 TEST_F(ChannelIDServiceTest, DestructionWithPendingRequest) {
   std::string host("encrypted.google.com");
-  scoped_ptr<crypto::ECPrivateKey> key;
+  std::unique_ptr<crypto::ECPrivateKey> key;
   int error;
   ChannelIDService::Request request;
 
@@ -382,7 +383,7 @@ TEST_F(ChannelIDServiceTest, RequestAfterPoolShutdown) {
 
   // Make a request that will force synchronous completion.
   std::string host("encrypted.google.com");
-  scoped_ptr<crypto::ECPrivateKey> key;
+  std::unique_ptr<crypto::ECPrivateKey> key;
   int error;
   ChannelIDService::Request request;
 
@@ -398,17 +399,17 @@ TEST_F(ChannelIDServiceTest, SimultaneousCreation) {
   int error;
 
   std::string host1("encrypted.google.com");
-  scoped_ptr<crypto::ECPrivateKey> key1;
+  std::unique_ptr<crypto::ECPrivateKey> key1;
   TestCompletionCallback callback1;
   ChannelIDService::Request request1;
 
   std::string host2("foo.com");
-  scoped_ptr<crypto::ECPrivateKey> key2;
+  std::unique_ptr<crypto::ECPrivateKey> key2;
   TestCompletionCallback callback2;
   ChannelIDService::Request request2;
 
   std::string host3("bar.com");
-  scoped_ptr<crypto::ECPrivateKey> key3;
+  std::unique_ptr<crypto::ECPrivateKey> key3;
   TestCompletionCallback callback3;
   ChannelIDService::Request request3;
 
@@ -449,7 +450,7 @@ TEST_F(ChannelIDServiceTest, SimultaneousCreation) {
 TEST_F(ChannelIDServiceTest, AsyncStoreGetOrCreateNoChannelIDsInStore) {
   MockChannelIDStoreWithAsyncGet* mock_store =
       new MockChannelIDStoreWithAsyncGet();
-  service_ = scoped_ptr<ChannelIDService>(
+  service_ = std::unique_ptr<ChannelIDService>(
       new ChannelIDService(mock_store, base::ThreadTaskRunnerHandle::Get()));
 
   std::string host("encrypted.google.com");
@@ -459,7 +460,7 @@ TEST_F(ChannelIDServiceTest, AsyncStoreGetOrCreateNoChannelIDsInStore) {
   ChannelIDService::Request request;
 
   // Asynchronous completion with no certs in the store.
-  scoped_ptr<crypto::ECPrivateKey> key;
+  std::unique_ptr<crypto::ECPrivateKey> key;
   EXPECT_EQ(0, service_->channel_id_count());
   error =
       service_->GetOrCreateChannelID(host, &key, callback.callback(), &request);
@@ -478,7 +479,7 @@ TEST_F(ChannelIDServiceTest, AsyncStoreGetOrCreateNoChannelIDsInStore) {
 TEST_F(ChannelIDServiceTest, AsyncStoreGetNoChannelIDsInStore) {
   MockChannelIDStoreWithAsyncGet* mock_store =
       new MockChannelIDStoreWithAsyncGet();
-  service_ = scoped_ptr<ChannelIDService>(
+  service_ = std::unique_ptr<ChannelIDService>(
       new ChannelIDService(mock_store, base::ThreadTaskRunnerHandle::Get()));
 
   std::string host("encrypted.google.com");
@@ -488,7 +489,7 @@ TEST_F(ChannelIDServiceTest, AsyncStoreGetNoChannelIDsInStore) {
   ChannelIDService::Request request;
 
   // Asynchronous completion with no certs in the store.
-  scoped_ptr<crypto::ECPrivateKey> key;
+  std::unique_ptr<crypto::ECPrivateKey> key;
   EXPECT_EQ(0, service_->channel_id_count());
   error = service_->GetChannelID(host, &key, callback.callback(), &request);
   EXPECT_EQ(ERR_IO_PENDING, error);
@@ -507,7 +508,7 @@ TEST_F(ChannelIDServiceTest, AsyncStoreGetNoChannelIDsInStore) {
 TEST_F(ChannelIDServiceTest, AsyncStoreGetOrCreateOneCertInStore) {
   MockChannelIDStoreWithAsyncGet* mock_store =
       new MockChannelIDStoreWithAsyncGet();
-  service_ = scoped_ptr<ChannelIDService>(
+  service_ = std::unique_ptr<ChannelIDService>(
       new ChannelIDService(mock_store, base::ThreadTaskRunnerHandle::Get()));
 
   std::string host("encrypted.google.com");
@@ -517,14 +518,15 @@ TEST_F(ChannelIDServiceTest, AsyncStoreGetOrCreateOneCertInStore) {
   ChannelIDService::Request request;
 
   // Asynchronous completion with a cert in the store.
-  scoped_ptr<crypto::ECPrivateKey> key;
+  std::unique_ptr<crypto::ECPrivateKey> key;
   EXPECT_EQ(0, service_->channel_id_count());
   error =
       service_->GetOrCreateChannelID(host, &key, callback.callback(), &request);
   EXPECT_EQ(ERR_IO_PENDING, error);
   EXPECT_TRUE(request.is_active());
 
-  scoped_ptr<crypto::ECPrivateKey> expected_key(crypto::ECPrivateKey::Create());
+  std::unique_ptr<crypto::ECPrivateKey> expected_key(
+      crypto::ECPrivateKey::Create());
   mock_store->CallGetChannelIDCallbackWithResult(OK, expected_key.get());
 
   error = callback.WaitForResult();
@@ -543,7 +545,7 @@ TEST_F(ChannelIDServiceTest, AsyncStoreGetOrCreateOneCertInStore) {
 TEST_F(ChannelIDServiceTest, AsyncStoreGetOneCertInStore) {
   MockChannelIDStoreWithAsyncGet* mock_store =
       new MockChannelIDStoreWithAsyncGet();
-  service_ = scoped_ptr<ChannelIDService>(
+  service_ = std::unique_ptr<ChannelIDService>(
       new ChannelIDService(mock_store, base::ThreadTaskRunnerHandle::Get()));
 
   std::string host("encrypted.google.com");
@@ -553,14 +555,15 @@ TEST_F(ChannelIDServiceTest, AsyncStoreGetOneCertInStore) {
   ChannelIDService::Request request;
 
   // Asynchronous completion with a cert in the store.
-  scoped_ptr<crypto::ECPrivateKey> key;
+  std::unique_ptr<crypto::ECPrivateKey> key;
   std::string private_key, spki;
   EXPECT_EQ(0, service_->channel_id_count());
   error = service_->GetChannelID(host, &key, callback.callback(), &request);
   EXPECT_EQ(ERR_IO_PENDING, error);
   EXPECT_TRUE(request.is_active());
 
-  scoped_ptr<crypto::ECPrivateKey> expected_key(crypto::ECPrivateKey::Create());
+  std::unique_ptr<crypto::ECPrivateKey> expected_key(
+      crypto::ECPrivateKey::Create());
   mock_store->CallGetChannelIDCallbackWithResult(OK, expected_key.get());
 
   error = callback.WaitForResult();
@@ -578,7 +581,7 @@ TEST_F(ChannelIDServiceTest, AsyncStoreGetOneCertInStore) {
 TEST_F(ChannelIDServiceTest, AsyncStoreGetThenCreateNoCertsInStore) {
   MockChannelIDStoreWithAsyncGet* mock_store =
       new MockChannelIDStoreWithAsyncGet();
-  service_ = scoped_ptr<ChannelIDService>(
+  service_ = std::unique_ptr<ChannelIDService>(
       new ChannelIDService(mock_store, base::ThreadTaskRunnerHandle::Get()));
 
   std::string host("encrypted.google.com");
@@ -588,7 +591,7 @@ TEST_F(ChannelIDServiceTest, AsyncStoreGetThenCreateNoCertsInStore) {
   // Asynchronous get with no certs in the store.
   TestCompletionCallback callback1;
   ChannelIDService::Request request1;
-  scoped_ptr<crypto::ECPrivateKey> key1;
+  std::unique_ptr<crypto::ECPrivateKey> key1;
   EXPECT_EQ(0, service_->channel_id_count());
   error = service_->GetChannelID(host, &key1, callback1.callback(), &request1);
   EXPECT_EQ(ERR_IO_PENDING, error);
@@ -597,7 +600,7 @@ TEST_F(ChannelIDServiceTest, AsyncStoreGetThenCreateNoCertsInStore) {
   // Asynchronous get/create with no certs in the store.
   TestCompletionCallback callback2;
   ChannelIDService::Request request2;
-  scoped_ptr<crypto::ECPrivateKey> key2;
+  std::unique_ptr<crypto::ECPrivateKey> key2;
   EXPECT_EQ(0, service_->channel_id_count());
   error = service_->GetOrCreateChannelID(host, &key2, callback2.callback(),
                                          &request2);
diff --git a/chromium/net/ssl/channel_id_store.cc b/chromium/net/ssl/channel_id_store.cc
index 1345da13cbb..1d0078b968f 100644
--- a/chromium/net/ssl/channel_id_store.cc
+++ b/chromium/net/ssl/channel_id_store.cc
@@ -15,7 +15,7 @@ ChannelIDStore::ChannelID::ChannelID() {
 
 ChannelIDStore::ChannelID::ChannelID(const std::string& server_identifier,
                                      base::Time creation_time,
-                                     scoped_ptr<crypto::ECPrivateKey> key)
+                                     std::unique_ptr<crypto::ECPrivateKey> key)
     : server_identifier_(server_identifier),
       creation_time_(creation_time),
       key_(std::move(key)) {}
@@ -42,7 +42,7 @@ ChannelIDStore::ChannelID::~ChannelID() {}
 void ChannelIDStore::InitializeFrom(const ChannelIDList& list) {
   for (ChannelIDList::const_iterator i = list.begin(); i != list.end();
       ++i) {
-    SetChannelID(scoped_ptr<ChannelID>(new ChannelID(*i)));
+    SetChannelID(std::unique_ptr<ChannelID>(new ChannelID(*i)));
   }
 }
 
diff --git a/chromium/net/ssl/channel_id_store.h b/chromium/net/ssl/channel_id_store.h
index 3eb9d67a31f..abd09f64301 100644
--- a/chromium/net/ssl/channel_id_store.h
+++ b/chromium/net/ssl/channel_id_store.h
@@ -6,10 +6,10 @@
 #define NET_SSL_CHANNEL_ID_STORE_H_
 
 #include <list>
+#include <memory>
 #include <string>
 
 #include "base/callback.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/threading/non_thread_safe.h"
 #include "base/time/time.h"
 #include "crypto/ec_private_key.h"
@@ -32,7 +32,7 @@ class NET_EXPORT ChannelIDStore
     ChannelID();
     ChannelID(const std::string& server_identifier,
               base::Time creation_time,
-              scoped_ptr<crypto::ECPrivateKey> key);
+              std::unique_ptr<crypto::ECPrivateKey> key);
     ChannelID(const ChannelID& other);
     ChannelID& operator=(const ChannelID& other);
     ~ChannelID();
@@ -49,13 +49,13 @@ class NET_EXPORT ChannelIDStore
    private:
     std::string server_identifier_;
     base::Time creation_time_;
-    scoped_ptr<crypto::ECPrivateKey> key_;
+    std::unique_ptr<crypto::ECPrivateKey> key_;
   };
 
   typedef std::list<ChannelID> ChannelIDList;
 
   typedef base::Callback<
-      void(int, const std::string&, scoped_ptr<crypto::ECPrivateKey>)>
+      void(int, const std::string&, std::unique_ptr<crypto::ECPrivateKey>)>
       GetChannelIDCallback;
   typedef base::Callback<void(const ChannelIDList&)> GetChannelIDListCallback;
 
@@ -68,21 +68,23 @@ class NET_EXPORT ChannelIDStore
   // return ERR_IO_PENDING and the callback will be called with the result
   // asynchronously.
   virtual int GetChannelID(const std::string& server_identifier,
-                           scoped_ptr<crypto::ECPrivateKey>* key_result,
+                           std::unique_ptr<crypto::ECPrivateKey>* key_result,
                            const GetChannelIDCallback& callback) = 0;
 
   // Adds the keypair for a hostname to the store.
-  virtual void SetChannelID(scoped_ptr<ChannelID> channel_id) = 0;
+  virtual void SetChannelID(std::unique_ptr<ChannelID> channel_id) = 0;
 
   // Removes a keypair from the store.
   virtual void DeleteChannelID(
       const std::string& server_identifier,
       const base::Closure& completion_callback) = 0;
 
-  // Deletes all of the channel ID keypairs that have a creation_date greater
-  // than or equal to |delete_begin| and less than |delete_end|.  If a
-  // base::Time value is_null, that side of the comparison is unbounded.
-  virtual void DeleteAllCreatedBetween(
+  // Deletes the channel ID keypairs that have a creation_date greater than
+  // or equal to |delete_begin| and less than |delete_end| and whose server
+  // identifier matches the |domain_predicate|. If base::Time value is_null,
+  // that side of the comparison is unbounded.
+  virtual void DeleteForDomainsCreatedBetween(
+      const base::Callback<bool(const std::string&)>& domain_predicate,
       base::Time delete_begin,
       base::Time delete_end,
       const base::Closure& completion_callback) = 0;
diff --git a/chromium/net/ssl/client_cert_store_mac.cc b/chromium/net/ssl/client_cert_store_mac.cc
index ec662b57bb8..dad8b21e978 100644
--- a/chromium/net/ssl/client_cert_store_mac.cc
+++ b/chromium/net/ssl/client_cert_store_mac.cc
@@ -147,12 +147,12 @@ void GetClientCertsImpl(const scoped_refptr<X509Certificate>& preferred_cert,
 
     // Skip duplicates (a cert may be in multiple keychains).
     const SHA1HashValue& fingerprint = cert->fingerprint();
-    size_t pos;
-    for (pos = 0; pos < selected_certs->size(); ++pos) {
-      if ((*selected_certs)[pos]->fingerprint().Equals(fingerprint))
-        break;
-    }
-    if (pos < selected_certs->size())
+    auto cert_iter = std::find_if(
+        selected_certs->begin(), selected_certs->end(),
+        [&fingerprint](const scoped_refptr<X509Certificate>& cert) {
+          return cert->fingerprint() == fingerprint;
+        });
+    if (cert_iter != selected_certs->end())
       continue;
 
     // Check if the certificate issuer is allowed by the server.
diff --git a/chromium/net/ssl/client_cert_store_nss.cc b/chromium/net/ssl/client_cert_store_nss.cc
index 073745ef3ad..e46458ad99e 100644
--- a/chromium/net/ssl/client_cert_store_nss.cc
+++ b/chromium/net/ssl/client_cert_store_nss.cc
@@ -8,13 +8,13 @@
 #include <ssl.h>
 
 #include <algorithm>
+#include <memory>
 #include <utility>
 
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/location.h"
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_piece.h"
 #include "base/threading/worker_pool.h"
 #include "crypto/nss_crypto_module_delegate.h"
@@ -32,7 +32,8 @@ ClientCertStoreNSS::~ClientCertStoreNSS() {}
 void ClientCertStoreNSS::GetClientCerts(const SSLCertRequestInfo& request,
                                          CertificateList* selected_certs,
                                          const base::Closure& callback) {
-  scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate> password_delegate;
+  std::unique_ptr<crypto::CryptoModuleBlockingPasswordDelegate>
+      password_delegate;
   if (!password_delegate_factory_.is_null()) {
     password_delegate.reset(
         password_delegate_factory_.Run(request.host_and_port));
@@ -114,7 +115,8 @@ void ClientCertStoreNSS::FilterCertsOnWorkerThread(
 }
 
 void ClientCertStoreNSS::GetAndFilterCertsOnWorkerThread(
-    scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate> password_delegate,
+    std::unique_ptr<crypto::CryptoModuleBlockingPasswordDelegate>
+        password_delegate,
     const SSLCertRequestInfo* request,
     CertificateList* selected_certs) {
   CertificateList platform_certs;
@@ -124,7 +126,8 @@ void ClientCertStoreNSS::GetAndFilterCertsOnWorkerThread(
 
 // static
 void ClientCertStoreNSS::GetPlatformCertsOnWorkerThread(
-    scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate> password_delegate,
+    std::unique_ptr<crypto::CryptoModuleBlockingPasswordDelegate>
+        password_delegate,
     net::CertificateList* certs) {
   CERTCertList* found_certs =
       CERT_FindUserCertsByUsage(CERT_GetDefaultCertDB(), certUsageSSLClient,
diff --git a/chromium/net/ssl/client_cert_store_nss.h b/chromium/net/ssl/client_cert_store_nss.h
index 5583661a917..60f6e214a4a 100644
--- a/chromium/net/ssl/client_cert_store_nss.h
+++ b/chromium/net/ssl/client_cert_store_nss.h
@@ -5,9 +5,10 @@
 #ifndef NET_SSL_CLIENT_CERT_STORE_NSS_H_
 #define NET_SSL_CLIENT_CERT_STORE_NSS_H_
 
+#include <memory>
+
 #include "base/callback.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 #include "net/ssl/client_cert_store.h"
 
@@ -48,13 +49,13 @@ class NET_EXPORT ClientCertStoreNSS : public ClientCertStore {
   // |certs|. |password_delegate| is used to unlock slots if required.
   // Must be called from a worker thread.
   static void GetPlatformCertsOnWorkerThread(
-      scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate>
+      std::unique_ptr<crypto::CryptoModuleBlockingPasswordDelegate>
           password_delegate,
       net::CertificateList* certs);
 
  private:
   void GetAndFilterCertsOnWorkerThread(
-      scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate>
+      std::unique_ptr<crypto::CryptoModuleBlockingPasswordDelegate>
           password_delegate,
       const SSLCertRequestInfo* request,
       CertificateList* selected_certs);
diff --git a/chromium/net/ssl/client_cert_store_unittest-inl.h b/chromium/net/ssl/client_cert_store_unittest-inl.h
index 8a8f98b35e4..9f1f9329453 100644
--- a/chromium/net/ssl/client_cert_store_unittest-inl.h
+++ b/chromium/net/ssl/client_cert_store_unittest-inl.h
@@ -5,12 +5,12 @@
 #ifndef NET_SSL_CLIENT_CERT_STORE_UNITTEST_INL_H_
 #define NET_SSL_CLIENT_CERT_STORE_UNITTEST_INL_H_
 
+#include <memory>
 #include <string>
 #include <vector>
 
 #include "base/files/file_path.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/test_data_directory.h"
 #include "net/ssl/ssl_cert_request_info.h"
 #include "net/test/cert_test_util.h"
diff --git a/chromium/net/ssl/client_cert_store_win.cc b/chromium/net/ssl/client_cert_store_win.cc
index 1ebf02d79ef..499d1c4b55e 100644
--- a/chromium/net/ssl/client_cert_store_win.cc
+++ b/chromium/net/ssl/client_cert_store_win.cc
@@ -128,6 +128,20 @@ void GetClientCertsImpl(HCERTSTORE cert_store,
       if (ok)
         intermediates.push_back(copied_intermediate);
     }
+
+    // Drop the self-signed root, if any. Match Internet Explorer in not sending
+    // it. Although the root's signature is irrelevant for authentication, some
+    // servers reject chains if the root is explicitly sent and has a weak
+    // signature algorithm. See https://crbug.com/607264.
+    //
+    // The leaf or a intermediate may also have a weak signature algorithm but,
+    // in that case, assume it is a configuration error.
+    if (!intermediates.empty() &&
+        X509Certificate::IsSelfSigned(intermediates.back())) {
+      CertFreeCertificateContext(intermediates.back());
+      intermediates.pop_back();
+    }
+
     // TODO(svaldez): cert currently wraps cert_context2 which may be backed
     // by a smartcard with threading difficulties. Instead, create a fresh
     // X509Certificate with CreateFromBytes and route cert_context2 into the
diff --git a/chromium/net/ssl/client_key_store.h b/chromium/net/ssl/client_key_store.h
index bab45f3267d..b9f182b3c9b 100644
--- a/chromium/net/ssl/client_key_store.h
+++ b/chromium/net/ssl/client_key_store.h
@@ -5,12 +5,12 @@
 #ifndef NET_SSL_CLIENT_KEY_STORE_H_
 #define NET_SSL_CLIENT_KEY_STORE_H_
 
+#include <memory>
 #include <vector>
 
 #include "base/callback.h"
 #include "base/lazy_instance.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/synchronization/lock.h"
 #include "net/base/net_export.h"
 
diff --git a/chromium/net/ssl/default_channel_id_store.cc b/chromium/net/ssl/default_channel_id_store.cc
index 184fccd3055..ebac855e360 100644
--- a/chromium/net/ssl/default_channel_id_store.cc
+++ b/chromium/net/ssl/default_channel_id_store.cc
@@ -12,6 +12,14 @@
 #include "crypto/ec_private_key.h"
 #include "net/base/net_errors.h"
 
+namespace {
+
+bool AllDomainsPredicate(const std::string& domain) {
+  return true;
+}
+
+}  // namespace
+
 namespace net {
 
 // --------------------------------------------------------------------------
@@ -64,7 +72,7 @@ DefaultChannelIDStore::GetChannelIDTask::~GetChannelIDTask() {
 
 void DefaultChannelIDStore::GetChannelIDTask::Run(
     DefaultChannelIDStore* store) {
-  scoped_ptr<crypto::ECPrivateKey> key_result;
+  std::unique_ptr<crypto::ECPrivateKey> key_result;
   int err = store->GetChannelID(server_identifier_, &key_result,
                                 GetChannelIDCallback());
   DCHECK(err != ERR_IO_PENDING);
@@ -78,16 +86,16 @@ void DefaultChannelIDStore::GetChannelIDTask::Run(
 class DefaultChannelIDStore::SetChannelIDTask
     : public DefaultChannelIDStore::Task {
  public:
-  SetChannelIDTask(scoped_ptr<ChannelID> channel_id);
+  SetChannelIDTask(std::unique_ptr<ChannelID> channel_id);
   ~SetChannelIDTask() override;
   void Run(DefaultChannelIDStore* store) override;
 
  private:
-  scoped_ptr<ChannelID> channel_id_;
+  std::unique_ptr<ChannelID> channel_id_;
 };
 
 DefaultChannelIDStore::SetChannelIDTask::SetChannelIDTask(
-    scoped_ptr<ChannelID> channel_id)
+    std::unique_ptr<ChannelID> channel_id)
     : channel_id_(std::move(channel_id)) {}
 
 DefaultChannelIDStore::SetChannelIDTask::~SetChannelIDTask() {
@@ -133,39 +141,43 @@ void DefaultChannelIDStore::DeleteChannelIDTask::Run(
 }
 
 // --------------------------------------------------------------------------
-// DeleteAllCreatedBetweenTask
-class DefaultChannelIDStore::DeleteAllCreatedBetweenTask
+// DeleteForDomainssCreatedBetweenTask
+class DefaultChannelIDStore::DeleteForDomainsCreatedBetweenTask
     : public DefaultChannelIDStore::Task {
  public:
-  DeleteAllCreatedBetweenTask(base::Time delete_begin,
-                              base::Time delete_end,
-                              const base::Closure& callback);
-  ~DeleteAllCreatedBetweenTask() override;
+  DeleteForDomainsCreatedBetweenTask(
+      const base::Callback<bool(const std::string&)>& domain_predicate,
+      base::Time delete_begin,
+      base::Time delete_end,
+      const base::Closure& callback);
+  ~DeleteForDomainsCreatedBetweenTask() override;
   void Run(DefaultChannelIDStore* store) override;
 
  private:
+  const base::Callback<bool(const std::string&)> domain_predicate_;
   base::Time delete_begin_;
   base::Time delete_end_;
   base::Closure callback_;
 };
 
-DefaultChannelIDStore::DeleteAllCreatedBetweenTask::
-    DeleteAllCreatedBetweenTask(
+DefaultChannelIDStore::DeleteForDomainsCreatedBetweenTask::
+    DeleteForDomainsCreatedBetweenTask(
+        const base::Callback<bool(const std::string&)>& domain_predicate,
         base::Time delete_begin,
         base::Time delete_end,
         const base::Closure& callback)
-        : delete_begin_(delete_begin),
-          delete_end_(delete_end),
-          callback_(callback) {
-}
+    : domain_predicate_(domain_predicate),
+      delete_begin_(delete_begin),
+      delete_end_(delete_end),
+      callback_(callback) {}
 
-DefaultChannelIDStore::DeleteAllCreatedBetweenTask::
-    ~DeleteAllCreatedBetweenTask() {
-}
+DefaultChannelIDStore::DeleteForDomainsCreatedBetweenTask::
+    ~DeleteForDomainsCreatedBetweenTask() {}
 
-void DefaultChannelIDStore::DeleteAllCreatedBetweenTask::Run(
+void DefaultChannelIDStore::DeleteForDomainsCreatedBetweenTask::Run(
     DefaultChannelIDStore* store) {
-  store->SyncDeleteAllCreatedBetween(delete_begin_, delete_end_);
+  store->SyncDeleteForDomainsCreatedBetween(domain_predicate_, delete_begin_,
+                                            delete_end_);
 
   InvokeCallback(callback_);
 }
@@ -213,13 +225,13 @@ DefaultChannelIDStore::DefaultChannelIDStore(
 
 int DefaultChannelIDStore::GetChannelID(
     const std::string& server_identifier,
-    scoped_ptr<crypto::ECPrivateKey>* key_result,
+    std::unique_ptr<crypto::ECPrivateKey>* key_result,
     const GetChannelIDCallback& callback) {
   DCHECK(CalledOnValidThread());
   InitIfNecessary();
 
   if (!loaded_) {
-    EnqueueTask(scoped_ptr<Task>(
+    EnqueueTask(std::unique_ptr<Task>(
         new GetChannelIDTask(server_identifier, callback)));
     return ERR_IO_PENDING;
   }
@@ -235,34 +247,37 @@ int DefaultChannelIDStore::GetChannelID(
   return OK;
 }
 
-void DefaultChannelIDStore::SetChannelID(scoped_ptr<ChannelID> channel_id) {
+void DefaultChannelIDStore::SetChannelID(
+    std::unique_ptr<ChannelID> channel_id) {
   auto task = new SetChannelIDTask(std::move(channel_id));
-  RunOrEnqueueTask(scoped_ptr<Task>(task));
+  RunOrEnqueueTask(std::unique_ptr<Task>(task));
 }
 
 void DefaultChannelIDStore::DeleteChannelID(
     const std::string& server_identifier,
     const base::Closure& callback) {
-  RunOrEnqueueTask(scoped_ptr<Task>(
+  RunOrEnqueueTask(std::unique_ptr<Task>(
       new DeleteChannelIDTask(server_identifier, callback)));
 }
 
-void DefaultChannelIDStore::DeleteAllCreatedBetween(
+void DefaultChannelIDStore::DeleteForDomainsCreatedBetween(
+    const base::Callback<bool(const std::string&)>& domain_predicate,
     base::Time delete_begin,
     base::Time delete_end,
     const base::Closure& callback) {
-  RunOrEnqueueTask(scoped_ptr<Task>(
-      new DeleteAllCreatedBetweenTask(delete_begin, delete_end, callback)));
+  RunOrEnqueueTask(std::unique_ptr<Task>(new DeleteForDomainsCreatedBetweenTask(
+      domain_predicate, delete_begin, delete_end, callback)));
 }
 
 void DefaultChannelIDStore::DeleteAll(
     const base::Closure& callback) {
-  DeleteAllCreatedBetween(base::Time(), base::Time(), callback);
+  DeleteForDomainsCreatedBetween(base::Bind(&AllDomainsPredicate), base::Time(),
+                                 base::Time(), callback);
 }
 
 void DefaultChannelIDStore::GetAllChannelIDs(
     const GetChannelIDListCallback& callback) {
-  RunOrEnqueueTask(scoped_ptr<Task>(new GetAllChannelIDsTask(callback)));
+  RunOrEnqueueTask(std::unique_ptr<Task>(new GetAllChannelIDsTask(callback)));
 }
 
 int DefaultChannelIDStore::GetChannelIDCount() {
@@ -303,9 +318,10 @@ void DefaultChannelIDStore::InitStore() {
 }
 
 void DefaultChannelIDStore::OnLoaded(
-    scoped_ptr<std::vector<scoped_ptr<ChannelID>>> channel_ids) {
+    std::unique_ptr<std::vector<std::unique_ptr<ChannelID>>> channel_ids) {
   DCHECK(CalledOnValidThread());
-  for (std::vector<scoped_ptr<ChannelID>>::iterator it = channel_ids->begin();
+  for (std::vector<std::unique_ptr<ChannelID>>::iterator it =
+           channel_ids->begin();
        it != channel_ids->end(); ++it) {
     DCHECK(channel_ids_.find((*it)->server_identifier()) ==
            channel_ids_.end());
@@ -328,12 +344,13 @@ void DefaultChannelIDStore::OnLoaded(
   UMA_HISTOGRAM_COUNTS_100("DomainBoundCerts.TaskWaitCount",
                            waiting_tasks_.size());
 
-  for (scoped_ptr<Task>& i : waiting_tasks_)
+  for (std::unique_ptr<Task>& i : waiting_tasks_)
     i->Run(this);
   waiting_tasks_.clear();
 }
 
-void DefaultChannelIDStore::SyncSetChannelID(scoped_ptr<ChannelID> channel_id) {
+void DefaultChannelIDStore::SyncSetChannelID(
+    std::unique_ptr<ChannelID> channel_id) {
   DCHECK(CalledOnValidThread());
   DCHECK(loaded_);
 
@@ -348,7 +365,8 @@ void DefaultChannelIDStore::SyncDeleteChannelID(
   InternalDeleteChannelID(server_identifier);
 }
 
-void DefaultChannelIDStore::SyncDeleteAllCreatedBetween(
+void DefaultChannelIDStore::SyncDeleteForDomainsCreatedBetween(
+    const base::Callback<bool(const std::string&)>& domain_predicate,
     base::Time delete_begin,
     base::Time delete_end) {
   DCHECK(CalledOnValidThread());
@@ -358,9 +376,11 @@ void DefaultChannelIDStore::SyncDeleteAllCreatedBetween(
     ChannelIDMap::iterator cur = it;
     ++it;
     ChannelID* channel_id = cur->second;
+
     if ((delete_begin.is_null() ||
          channel_id->creation_time() >= delete_begin) &&
-        (delete_end.is_null() || channel_id->creation_time() < delete_end)) {
+        (delete_end.is_null() || channel_id->creation_time() < delete_end) &&
+        domain_predicate.Run(channel_id->server_identifier())) {
       if (store_.get())
         store_->DeleteChannelID(*channel_id);
       delete channel_id;
@@ -378,7 +398,7 @@ void DefaultChannelIDStore::SyncGetAllChannelIDs(
     channel_id_list->push_back(*it->second);
 }
 
-void DefaultChannelIDStore::EnqueueTask(scoped_ptr<Task> task) {
+void DefaultChannelIDStore::EnqueueTask(std::unique_ptr<Task> task) {
   DCHECK(CalledOnValidThread());
   DCHECK(!loaded_);
   if (waiting_tasks_.empty())
@@ -386,7 +406,7 @@ void DefaultChannelIDStore::EnqueueTask(scoped_ptr<Task> task) {
   waiting_tasks_.push_back(std::move(task));
 }
 
-void DefaultChannelIDStore::RunOrEnqueueTask(scoped_ptr<Task> task) {
+void DefaultChannelIDStore::RunOrEnqueueTask(std::unique_ptr<Task> task) {
   DCHECK(CalledOnValidThread());
   InitIfNecessary();
 
@@ -415,7 +435,7 @@ void DefaultChannelIDStore::InternalDeleteChannelID(
 }
 
 void DefaultChannelIDStore::InternalInsertChannelID(
-    scoped_ptr<ChannelID> channel_id) {
+    std::unique_ptr<ChannelID> channel_id) {
   DCHECK(CalledOnValidThread());
   DCHECK(loaded_);
 
diff --git a/chromium/net/ssl/default_channel_id_store.h b/chromium/net/ssl/default_channel_id_store.h
index fed03193796..7d439b07659 100644
--- a/chromium/net/ssl/default_channel_id_store.h
+++ b/chromium/net/ssl/default_channel_id_store.h
@@ -6,6 +6,7 @@
 #define NET_SSL_DEFAULT_CHANNEL_ID_STORE_H_
 
 #include <map>
+#include <memory>
 #include <string>
 #include <vector>
 
@@ -13,7 +14,6 @@
 #include "base/compiler_specific.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/scoped_vector.h"
 #include "base/memory/weak_ptr.h"
 #include "net/base/net_export.h"
@@ -49,14 +49,16 @@ class NET_EXPORT DefaultChannelIDStore : public ChannelIDStore {
 
   // ChannelIDStore implementation.
   int GetChannelID(const std::string& server_identifier,
-                   scoped_ptr<crypto::ECPrivateKey>* key_result,
+                   std::unique_ptr<crypto::ECPrivateKey>* key_result,
                    const GetChannelIDCallback& callback) override;
-  void SetChannelID(scoped_ptr<ChannelID> channel_id) override;
+  void SetChannelID(std::unique_ptr<ChannelID> channel_id) override;
   void DeleteChannelID(const std::string& server_identifier,
                        const base::Closure& callback) override;
-  void DeleteAllCreatedBetween(base::Time delete_begin,
-                               base::Time delete_end,
-                               const base::Closure& callback) override;
+  void DeleteForDomainsCreatedBetween(
+      const base::Callback<bool(const std::string&)>& domain_predicate,
+      base::Time delete_begin,
+      base::Time delete_end,
+      const base::Closure& callback) override;
   void DeleteAll(const base::Closure& callback) override;
   void GetAllChannelIDs(const GetChannelIDListCallback& callback) override;
   int GetChannelIDCount() override;
@@ -68,7 +70,7 @@ class NET_EXPORT DefaultChannelIDStore : public ChannelIDStore {
   class GetChannelIDTask;
   class SetChannelIDTask;
   class DeleteChannelIDTask;
-  class DeleteAllCreatedBetweenTask;
+  class DeleteForDomainsCreatedBetweenTask;
   class GetAllChannelIDsTask;
 
   // Deletes all of the certs. Does not delete them from |store_|.
@@ -95,21 +97,23 @@ class NET_EXPORT DefaultChannelIDStore : public ChannelIDStore {
   void InitStore();
 
   // Callback for backing store loading completion.
-  void OnLoaded(scoped_ptr<std::vector<scoped_ptr<ChannelID>>> certs);
+  void OnLoaded(std::unique_ptr<std::vector<std::unique_ptr<ChannelID>>> certs);
 
   // Syncronous methods which do the actual work. Can only be called after
   // initialization is complete.
-  void SyncSetChannelID(scoped_ptr<ChannelID> channel_id);
+  void SyncSetChannelID(std::unique_ptr<ChannelID> channel_id);
   void SyncDeleteChannelID(const std::string& server_identifier);
-  void SyncDeleteAllCreatedBetween(base::Time delete_begin,
-                                   base::Time delete_end);
+  void SyncDeleteForDomainsCreatedBetween(
+      const base::Callback<bool(const std::string&)>& domain_predicate,
+      base::Time delete_begin,
+      base::Time delete_end);
   void SyncGetAllChannelIDs(ChannelIDList* channel_id_list);
 
   // Add |task| to |waiting_tasks_|.
-  void EnqueueTask(scoped_ptr<Task> task);
+  void EnqueueTask(std::unique_ptr<Task> task);
   // If already initialized, run |task| immediately. Otherwise add it to
   // |waiting_tasks_|.
-  void RunOrEnqueueTask(scoped_ptr<Task> task);
+  void RunOrEnqueueTask(std::unique_ptr<Task> task);
 
   // Deletes the channel id for the specified server, if such a channel id
   // exists, from the in-memory store. Deletes it from |store_| if |store_|
@@ -118,7 +122,7 @@ class NET_EXPORT DefaultChannelIDStore : public ChannelIDStore {
 
   // Adds the channel id to the in-memory store and adds it to |store_| if
   // |store_| is not NULL.
-  void InternalInsertChannelID(scoped_ptr<ChannelID> channel_id);
+  void InternalInsertChannelID(std::unique_ptr<ChannelID> channel_id);
 
   // Indicates whether the channel id store has been initialized. This happens
   // lazily in InitIfNecessary().
@@ -129,7 +133,7 @@ class NET_EXPORT DefaultChannelIDStore : public ChannelIDStore {
   bool loaded_;
 
   // Tasks that are waiting to be run once we finish loading.
-  std::vector<scoped_ptr<Task>> waiting_tasks_;
+  std::vector<std::unique_ptr<Task>> waiting_tasks_;
   base::TimeTicks waiting_tasks_start_time_;
 
   scoped_refptr<PersistentStore> store_;
@@ -147,7 +151,8 @@ typedef base::RefCountedThreadSafe<DefaultChannelIDStore::PersistentStore>
 class NET_EXPORT DefaultChannelIDStore::PersistentStore
     : public RefcountedPersistentStore {
  public:
-  typedef base::Callback<void(scoped_ptr<std::vector<scoped_ptr<ChannelID>>>)>
+  typedef base::Callback<void(
+      std::unique_ptr<std::vector<std::unique_ptr<ChannelID>>>)>
       LoadedCallback;
 
   // Initializes the store and retrieves the existing channel_ids. This will be
diff --git a/chromium/net/ssl/default_channel_id_store_unittest.cc b/chromium/net/ssl/default_channel_id_store_unittest.cc
index 80f0657c086..8d1a4a10f1e 100644
--- a/chromium/net/ssl/default_channel_id_store_unittest.cc
+++ b/chromium/net/ssl/default_channel_id_store_unittest.cc
@@ -5,6 +5,7 @@
 #include "net/ssl/default_channel_id_store.h"
 
 #include <map>
+#include <memory>
 #include <string>
 #include <utility>
 #include <vector>
@@ -13,10 +14,10 @@
 #include "base/compiler_specific.h"
 #include "base/location.h"
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
+#include "base/memory/ptr_util.h"
 #include "base/message_loop/message_loop.h"
 #include "base/single_thread_task_runner.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "crypto/ec_private_key.h"
 #include "net/base/net_errors.h"
 #include "net/test/channel_id_test_util.h"
@@ -33,7 +34,7 @@ void CallCounter(int* counter) {
 void GetChannelIDCallbackNotCalled(
     int err,
     const std::string& server_identifier,
-    scoped_ptr<crypto::ECPrivateKey> key_result) {
+    std::unique_ptr<crypto::ECPrivateKey> key_result) {
   ADD_FAILURE() << "Unexpected callback execution.";
 }
 
@@ -43,7 +44,7 @@ class AsyncGetChannelIDHelper {
 
   void Callback(int err,
                 const std::string& server_identifier,
-                scoped_ptr<crypto::ECPrivateKey> key_result) {
+                std::unique_ptr<crypto::ECPrivateKey> key_result) {
     err_ = err;
     server_identifier_ = server_identifier;
     key_ = std::move(key_result);
@@ -52,7 +53,7 @@ class AsyncGetChannelIDHelper {
 
   int err_;
   std::string server_identifier_;
-  scoped_ptr<crypto::ECPrivateKey> key_;
+  std::unique_ptr<crypto::ECPrivateKey> key_;
   bool called_;
 };
 
@@ -88,14 +89,15 @@ class MockPersistentStore
 MockPersistentStore::MockPersistentStore() {}
 
 void MockPersistentStore::Load(const LoadedCallback& loaded_callback) {
-  scoped_ptr<std::vector<scoped_ptr<DefaultChannelIDStore::ChannelID>>>
+  std::unique_ptr<
+      std::vector<std::unique_ptr<DefaultChannelIDStore::ChannelID>>>
       channel_ids(
-          new std::vector<scoped_ptr<DefaultChannelIDStore::ChannelID>>());
+          new std::vector<std::unique_ptr<DefaultChannelIDStore::ChannelID>>());
   ChannelIDMap::iterator it;
 
   for (it = channel_ids_.begin(); it != channel_ids_.end(); ++it) {
     channel_ids->push_back(
-        make_scoped_ptr(new DefaultChannelIDStore::ChannelID(it->second)));
+        base::WrapUnique(new DefaultChannelIDStore::ChannelID(it->second)));
   }
 
   base::ThreadTaskRunnerHandle::Get()->PostTask(
@@ -116,6 +118,14 @@ void MockPersistentStore::SetForceKeepSessionState() {}
 
 MockPersistentStore::~MockPersistentStore() {}
 
+bool DomainEquals(const std::string& domain1, const std::string& domain2) {
+  return domain1 == domain2;
+}
+
+bool DomainNotEquals(const std::string& domain1, const std::string& domain2) {
+  return !DomainEquals(domain1, domain2);
+}
+
 }  // namespace
 
 TEST(DefaultChannelIDStoreTest, TestLoading) {
@@ -123,24 +133,24 @@ TEST(DefaultChannelIDStoreTest, TestLoading) {
 
   persistent_store->AddChannelID(DefaultChannelIDStore::ChannelID(
       "google.com", base::Time(),
-      make_scoped_ptr(crypto::ECPrivateKey::Create())));
+      base::WrapUnique(crypto::ECPrivateKey::Create())));
   persistent_store->AddChannelID(DefaultChannelIDStore::ChannelID(
       "verisign.com", base::Time(),
-      make_scoped_ptr(crypto::ECPrivateKey::Create())));
+      base::WrapUnique(crypto::ECPrivateKey::Create())));
 
   // Make sure channel_ids load properly.
   DefaultChannelIDStore store(persistent_store.get());
   // Load has not occurred yet.
   EXPECT_EQ(0, store.GetChannelIDCount());
-  store.SetChannelID(make_scoped_ptr(new ChannelIDStore::ChannelID(
+  store.SetChannelID(base::WrapUnique(new ChannelIDStore::ChannelID(
       "verisign.com", base::Time(),
-      make_scoped_ptr(crypto::ECPrivateKey::Create()))));
+      base::WrapUnique(crypto::ECPrivateKey::Create()))));
   // Wait for load & queued set task.
   base::MessageLoop::current()->RunUntilIdle();
   EXPECT_EQ(2, store.GetChannelIDCount());
-  store.SetChannelID(make_scoped_ptr(new ChannelIDStore::ChannelID(
+  store.SetChannelID(base::WrapUnique(new ChannelIDStore::ChannelID(
       "twitter.com", base::Time(),
-      make_scoped_ptr(crypto::ECPrivateKey::Create()))));
+      base::WrapUnique(crypto::ECPrivateKey::Create()))));
   // Set should be synchronous now that load is done.
   EXPECT_EQ(3, store.GetChannelIDCount());
 }
@@ -149,17 +159,18 @@ TEST(DefaultChannelIDStoreTest, TestLoading) {
 TEST(DefaultChannelIDStoreTest, TestSettingAndGetting) {
   // No persistent store, all calls will be synchronous.
   DefaultChannelIDStore store(NULL);
-  scoped_ptr<crypto::ECPrivateKey> expected_key(crypto::ECPrivateKey::Create());
+  std::unique_ptr<crypto::ECPrivateKey> expected_key(
+      crypto::ECPrivateKey::Create());
 
-  scoped_ptr<crypto::ECPrivateKey> key;
+  std::unique_ptr<crypto::ECPrivateKey> key;
   EXPECT_EQ(0, store.GetChannelIDCount());
   EXPECT_EQ(ERR_FILE_NOT_FOUND,
             store.GetChannelID("verisign.com", &key,
                                base::Bind(&GetChannelIDCallbackNotCalled)));
   EXPECT_FALSE(key);
-  store.SetChannelID(make_scoped_ptr(new ChannelIDStore::ChannelID(
+  store.SetChannelID(base::WrapUnique(new ChannelIDStore::ChannelID(
       "verisign.com", base::Time::FromInternalValue(123),
-      make_scoped_ptr(expected_key->Copy()))));
+      base::WrapUnique(expected_key->Copy()))));
   EXPECT_EQ(OK, store.GetChannelID("verisign.com", &key,
                                    base::Bind(&GetChannelIDCallbackNotCalled)));
   EXPECT_TRUE(KeysEqual(expected_key.get(), key.get()));
@@ -168,16 +179,17 @@ TEST(DefaultChannelIDStoreTest, TestSettingAndGetting) {
 TEST(DefaultChannelIDStoreTest, TestDuplicateChannelIds) {
   scoped_refptr<MockPersistentStore> persistent_store(new MockPersistentStore);
   DefaultChannelIDStore store(persistent_store.get());
-  scoped_ptr<crypto::ECPrivateKey> expected_key(crypto::ECPrivateKey::Create());
+  std::unique_ptr<crypto::ECPrivateKey> expected_key(
+      crypto::ECPrivateKey::Create());
 
-  scoped_ptr<crypto::ECPrivateKey> key;
+  std::unique_ptr<crypto::ECPrivateKey> key;
   EXPECT_EQ(0, store.GetChannelIDCount());
-  store.SetChannelID(make_scoped_ptr(new ChannelIDStore::ChannelID(
+  store.SetChannelID(base::WrapUnique(new ChannelIDStore::ChannelID(
       "verisign.com", base::Time::FromInternalValue(123),
-      make_scoped_ptr(crypto::ECPrivateKey::Create()))));
-  store.SetChannelID(make_scoped_ptr(new ChannelIDStore::ChannelID(
+      base::WrapUnique(crypto::ECPrivateKey::Create()))));
+  store.SetChannelID(base::WrapUnique(new ChannelIDStore::ChannelID(
       "verisign.com", base::Time::FromInternalValue(456),
-      make_scoped_ptr(expected_key->Copy()))));
+      base::WrapUnique(expected_key->Copy()))));
 
   // Wait for load & queued set tasks.
   base::MessageLoop::current()->RunUntilIdle();
@@ -189,14 +201,15 @@ TEST(DefaultChannelIDStoreTest, TestDuplicateChannelIds) {
 
 TEST(DefaultChannelIDStoreTest, TestAsyncGet) {
   scoped_refptr<MockPersistentStore> persistent_store(new MockPersistentStore);
-  scoped_ptr<crypto::ECPrivateKey> expected_key(crypto::ECPrivateKey::Create());
+  std::unique_ptr<crypto::ECPrivateKey> expected_key(
+      crypto::ECPrivateKey::Create());
   persistent_store->AddChannelID(ChannelIDStore::ChannelID(
       "verisign.com", base::Time::FromInternalValue(123),
-      make_scoped_ptr(expected_key->Copy())));
+      base::WrapUnique(expected_key->Copy())));
 
   DefaultChannelIDStore store(persistent_store.get());
   AsyncGetChannelIDHelper helper;
-  scoped_ptr<crypto::ECPrivateKey> key;
+  std::unique_ptr<crypto::ECPrivateKey> key;
   EXPECT_EQ(0, store.GetChannelIDCount());
   EXPECT_EQ(ERR_IO_PENDING,
             store.GetChannelID("verisign.com", &key,
@@ -217,15 +230,15 @@ TEST(DefaultChannelIDStoreTest, TestDeleteAll) {
   scoped_refptr<MockPersistentStore> persistent_store(new MockPersistentStore);
   DefaultChannelIDStore store(persistent_store.get());
 
-  store.SetChannelID(make_scoped_ptr(new ChannelIDStore::ChannelID(
+  store.SetChannelID(base::WrapUnique(new ChannelIDStore::ChannelID(
       "verisign.com", base::Time(),
-      make_scoped_ptr(crypto::ECPrivateKey::Create()))));
-  store.SetChannelID(make_scoped_ptr(new ChannelIDStore::ChannelID(
+      base::WrapUnique(crypto::ECPrivateKey::Create()))));
+  store.SetChannelID(base::WrapUnique(new ChannelIDStore::ChannelID(
       "google.com", base::Time(),
-      make_scoped_ptr(crypto::ECPrivateKey::Create()))));
-  store.SetChannelID(make_scoped_ptr(new ChannelIDStore::ChannelID(
+      base::WrapUnique(crypto::ECPrivateKey::Create()))));
+  store.SetChannelID(base::WrapUnique(new ChannelIDStore::ChannelID(
       "harvard.com", base::Time(),
-      make_scoped_ptr(crypto::ECPrivateKey::Create()))));
+      base::WrapUnique(crypto::ECPrivateKey::Create()))));
   // Wait for load & queued set tasks.
   base::MessageLoop::current()->RunUntilIdle();
 
@@ -236,14 +249,55 @@ TEST(DefaultChannelIDStoreTest, TestDeleteAll) {
   EXPECT_EQ(0, store.GetChannelIDCount());
 }
 
+TEST(DefaultChannelIDStoreTest, TestDeleteForDomains) {
+  scoped_refptr<MockPersistentStore> persistent_store(new MockPersistentStore);
+  DefaultChannelIDStore store(persistent_store.get());
+
+  store.SetChannelID(base::WrapUnique(new ChannelIDStore::ChannelID(
+      "verisign.com", base::Time(),
+      base::WrapUnique(crypto::ECPrivateKey::Create()))));
+  store.SetChannelID(base::WrapUnique(new ChannelIDStore::ChannelID(
+      "google.com", base::Time(),
+      base::WrapUnique(crypto::ECPrivateKey::Create()))));
+  store.SetChannelID(base::WrapUnique(new ChannelIDStore::ChannelID(
+      "harvard.com", base::Time(),
+      base::WrapUnique(crypto::ECPrivateKey::Create()))));
+  // Wait for load & queued set tasks.
+  base::MessageLoop::current()->RunUntilIdle();
+  EXPECT_EQ(3, store.GetChannelIDCount());
+
+  // Whitelist deletion.
+  int deletions_finished = 0;
+  store.DeleteForDomainsCreatedBetween(
+      base::Bind(&DomainEquals, base::ConstRef(std::string("verisign.com"))),
+      base::Time(), base::Time(),
+      base::Bind(&CallCounter, &deletions_finished));
+  ASSERT_EQ(1, deletions_finished);
+  EXPECT_EQ(2, store.GetChannelIDCount());
+  ChannelIDStore::ChannelIDList channel_ids;
+  store.GetAllChannelIDs(base::Bind(GetAllCallback, &channel_ids));
+  EXPECT_EQ("google.com", channel_ids.begin()->server_identifier());
+  EXPECT_EQ("harvard.com", channel_ids.back().server_identifier());
+
+  // Blacklist deletion.
+  store.DeleteForDomainsCreatedBetween(
+      base::Bind(&DomainNotEquals, base::ConstRef(std::string("google.com"))),
+      base::Time(), base::Time(),
+      base::Bind(&CallCounter, &deletions_finished));
+  ASSERT_EQ(2, deletions_finished);
+  EXPECT_EQ(1, store.GetChannelIDCount());
+  store.GetAllChannelIDs(base::Bind(GetAllCallback, &channel_ids));
+  EXPECT_EQ("google.com", channel_ids.begin()->server_identifier());
+}
+
 TEST(DefaultChannelIDStoreTest, TestAsyncGetAndDeleteAll) {
   scoped_refptr<MockPersistentStore> persistent_store(new MockPersistentStore);
   persistent_store->AddChannelID(ChannelIDStore::ChannelID(
       "verisign.com", base::Time(),
-      make_scoped_ptr(crypto::ECPrivateKey::Create())));
+      base::WrapUnique(crypto::ECPrivateKey::Create())));
   persistent_store->AddChannelID(ChannelIDStore::ChannelID(
       "google.com", base::Time(),
-      make_scoped_ptr(crypto::ECPrivateKey::Create())));
+      base::WrapUnique(crypto::ECPrivateKey::Create())));
 
   ChannelIDStore::ChannelIDList pre_channel_ids;
   ChannelIDStore::ChannelIDList post_channel_ids;
@@ -266,17 +320,17 @@ TEST(DefaultChannelIDStoreTest, TestDelete) {
   scoped_refptr<MockPersistentStore> persistent_store(new MockPersistentStore);
   DefaultChannelIDStore store(persistent_store.get());
 
-  scoped_ptr<crypto::ECPrivateKey> key;
+  std::unique_ptr<crypto::ECPrivateKey> key;
   EXPECT_EQ(0, store.GetChannelIDCount());
-  store.SetChannelID(make_scoped_ptr(new ChannelIDStore::ChannelID(
+  store.SetChannelID(base::WrapUnique(new ChannelIDStore::ChannelID(
       "verisign.com", base::Time(),
-      make_scoped_ptr(crypto::ECPrivateKey::Create()))));
+      base::WrapUnique(crypto::ECPrivateKey::Create()))));
   // Wait for load & queued set task.
   base::MessageLoop::current()->RunUntilIdle();
 
-  store.SetChannelID(make_scoped_ptr(new ChannelIDStore::ChannelID(
+  store.SetChannelID(base::WrapUnique(new ChannelIDStore::ChannelID(
       "google.com", base::Time(),
-      make_scoped_ptr(crypto::ECPrivateKey::Create()))));
+      base::WrapUnique(crypto::ECPrivateKey::Create()))));
 
   EXPECT_EQ(2, store.GetChannelIDCount());
   int delete_finished = 0;
@@ -301,13 +355,14 @@ TEST(DefaultChannelIDStoreTest, TestDelete) {
 
 TEST(DefaultChannelIDStoreTest, TestAsyncDelete) {
   scoped_refptr<MockPersistentStore> persistent_store(new MockPersistentStore);
-  scoped_ptr<crypto::ECPrivateKey> expected_key(crypto::ECPrivateKey::Create());
+  std::unique_ptr<crypto::ECPrivateKey> expected_key(
+      crypto::ECPrivateKey::Create());
   persistent_store->AddChannelID(ChannelIDStore::ChannelID(
       "a.com", base::Time::FromInternalValue(1),
-      make_scoped_ptr(crypto::ECPrivateKey::Create())));
+      base::WrapUnique(crypto::ECPrivateKey::Create())));
   persistent_store->AddChannelID(
       ChannelIDStore::ChannelID("b.com", base::Time::FromInternalValue(3),
-                                make_scoped_ptr(expected_key->Copy())));
+                                base::WrapUnique(expected_key->Copy())));
   DefaultChannelIDStore store(persistent_store.get());
   int delete_finished = 0;
   store.DeleteChannelID("a.com",
@@ -315,7 +370,7 @@ TEST(DefaultChannelIDStoreTest, TestAsyncDelete) {
 
   AsyncGetChannelIDHelper a_helper;
   AsyncGetChannelIDHelper b_helper;
-  scoped_ptr<crypto::ECPrivateKey> key;
+  std::unique_ptr<crypto::ECPrivateKey> key;
   EXPECT_EQ(0, store.GetChannelIDCount());
   EXPECT_EQ(ERR_IO_PENDING,
             store.GetChannelID("a.com", &key,
@@ -349,18 +404,18 @@ TEST(DefaultChannelIDStoreTest, TestGetAll) {
   DefaultChannelIDStore store(persistent_store.get());
 
   EXPECT_EQ(0, store.GetChannelIDCount());
-  store.SetChannelID(make_scoped_ptr(new ChannelIDStore::ChannelID(
+  store.SetChannelID(base::WrapUnique(new ChannelIDStore::ChannelID(
       "verisign.com", base::Time(),
-      make_scoped_ptr(crypto::ECPrivateKey::Create()))));
-  store.SetChannelID(make_scoped_ptr(new ChannelIDStore::ChannelID(
+      base::WrapUnique(crypto::ECPrivateKey::Create()))));
+  store.SetChannelID(base::WrapUnique(new ChannelIDStore::ChannelID(
       "google.com", base::Time(),
-      make_scoped_ptr(crypto::ECPrivateKey::Create()))));
-  store.SetChannelID(make_scoped_ptr(new ChannelIDStore::ChannelID(
+      base::WrapUnique(crypto::ECPrivateKey::Create()))));
+  store.SetChannelID(base::WrapUnique(new ChannelIDStore::ChannelID(
       "harvard.com", base::Time(),
-      make_scoped_ptr(crypto::ECPrivateKey::Create()))));
-  store.SetChannelID(make_scoped_ptr(new ChannelIDStore::ChannelID(
+      base::WrapUnique(crypto::ECPrivateKey::Create()))));
+  store.SetChannelID(base::WrapUnique(new ChannelIDStore::ChannelID(
       "mit.com", base::Time(),
-      make_scoped_ptr(crypto::ECPrivateKey::Create()))));
+      base::WrapUnique(crypto::ECPrivateKey::Create()))));
   // Wait for load & queued set tasks.
   base::MessageLoop::current()->RunUntilIdle();
 
@@ -373,17 +428,19 @@ TEST(DefaultChannelIDStoreTest, TestGetAll) {
 TEST(DefaultChannelIDStoreTest, TestInitializeFrom) {
   scoped_refptr<MockPersistentStore> persistent_store(new MockPersistentStore);
   DefaultChannelIDStore store(persistent_store.get());
-  scoped_ptr<crypto::ECPrivateKey> preexisting_key(
+  std::unique_ptr<crypto::ECPrivateKey> preexisting_key(
+      crypto::ECPrivateKey::Create());
+  std::unique_ptr<crypto::ECPrivateKey> both_key(
+      crypto::ECPrivateKey::Create());
+  std::unique_ptr<crypto::ECPrivateKey> copied_key(
       crypto::ECPrivateKey::Create());
-  scoped_ptr<crypto::ECPrivateKey> both_key(crypto::ECPrivateKey::Create());
-  scoped_ptr<crypto::ECPrivateKey> copied_key(crypto::ECPrivateKey::Create());
 
-  store.SetChannelID(make_scoped_ptr(
-      new ChannelIDStore::ChannelID("preexisting.com", base::Time(),
-                                    make_scoped_ptr(preexisting_key->Copy()))));
-  store.SetChannelID(make_scoped_ptr(new ChannelIDStore::ChannelID(
+  store.SetChannelID(base::WrapUnique(new ChannelIDStore::ChannelID(
+      "preexisting.com", base::Time(),
+      base::WrapUnique(preexisting_key->Copy()))));
+  store.SetChannelID(base::WrapUnique(new ChannelIDStore::ChannelID(
       "both.com", base::Time(),
-      make_scoped_ptr(crypto::ECPrivateKey::Create()))));
+      base::WrapUnique(crypto::ECPrivateKey::Create()))));
   // Wait for load & queued set tasks.
   base::MessageLoop::current()->RunUntilIdle();
   EXPECT_EQ(2, store.GetChannelIDCount());
@@ -392,9 +449,9 @@ TEST(DefaultChannelIDStoreTest, TestInitializeFrom) {
   source_channel_ids.push_back(ChannelIDStore::ChannelID(
       "both.com", base::Time(),
       // Key differs from above to test that existing entries are overwritten.
-      make_scoped_ptr(both_key->Copy())));
+      base::WrapUnique(both_key->Copy())));
   source_channel_ids.push_back(ChannelIDStore::ChannelID(
-      "copied.com", base::Time(), make_scoped_ptr(copied_key->Copy())));
+      "copied.com", base::Time(), base::WrapUnique(copied_key->Copy())));
   store.InitializeFrom(source_channel_ids);
   EXPECT_EQ(3, store.GetChannelIDCount());
 
@@ -417,26 +474,28 @@ TEST(DefaultChannelIDStoreTest, TestInitializeFrom) {
 
 TEST(DefaultChannelIDStoreTest, TestAsyncInitializeFrom) {
   scoped_refptr<MockPersistentStore> persistent_store(new MockPersistentStore);
-  scoped_ptr<crypto::ECPrivateKey> preexisting_key(
+  std::unique_ptr<crypto::ECPrivateKey> preexisting_key(
+      crypto::ECPrivateKey::Create());
+  std::unique_ptr<crypto::ECPrivateKey> both_key(
+      crypto::ECPrivateKey::Create());
+  std::unique_ptr<crypto::ECPrivateKey> copied_key(
       crypto::ECPrivateKey::Create());
-  scoped_ptr<crypto::ECPrivateKey> both_key(crypto::ECPrivateKey::Create());
-  scoped_ptr<crypto::ECPrivateKey> copied_key(crypto::ECPrivateKey::Create());
 
   persistent_store->AddChannelID(
       ChannelIDStore::ChannelID("preexisting.com", base::Time(),
-                                make_scoped_ptr(preexisting_key->Copy())));
+                                base::WrapUnique(preexisting_key->Copy())));
   persistent_store->AddChannelID(ChannelIDStore::ChannelID(
       "both.com", base::Time(),
-      make_scoped_ptr(crypto::ECPrivateKey::Create())));
+      base::WrapUnique(crypto::ECPrivateKey::Create())));
 
   DefaultChannelIDStore store(persistent_store.get());
   ChannelIDStore::ChannelIDList source_channel_ids;
   source_channel_ids.push_back(ChannelIDStore::ChannelID(
       "both.com", base::Time(),
       // Key differs from above to test that existing entries are overwritten.
-      make_scoped_ptr(both_key->Copy())));
+      base::WrapUnique(both_key->Copy())));
   source_channel_ids.push_back(ChannelIDStore::ChannelID(
-      "copied.com", base::Time(), make_scoped_ptr(copied_key->Copy())));
+      "copied.com", base::Time(), base::WrapUnique(copied_key->Copy())));
   store.InitializeFrom(source_channel_ids);
   EXPECT_EQ(0, store.GetChannelIDCount());
   // Wait for load & queued tasks.
diff --git a/chromium/net/ssl/openssl_client_key_store.cc b/chromium/net/ssl/openssl_client_key_store.cc
index de1199f17ef..9b1b8767cf7 100644
--- a/chromium/net/ssl/openssl_client_key_store.cc
+++ b/chromium/net/ssl/openssl_client_key_store.cc
@@ -6,9 +6,10 @@
 
 #include <openssl/evp.h>
 #include <openssl/x509.h>
+
 #include <algorithm>
+#include <memory>
 
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/singleton.h"
 #include "net/cert/x509_certificate.h"
 
diff --git a/chromium/net/ssl/openssl_client_key_store.h b/chromium/net/ssl/openssl_client_key_store.h
index 269565bfd36..63559ded766 100644
--- a/chromium/net/ssl/openssl_client_key_store.h
+++ b/chromium/net/ssl/openssl_client_key_store.h
@@ -7,10 +7,10 @@
 
 #include <openssl/evp.h>
 
+#include <memory>
 #include <vector>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/singleton.h"
 #include "crypto/openssl_util.h"
 #include "crypto/scoped_openssl_types.h"
diff --git a/chromium/net/ssl/openssl_ssl_util.cc b/chromium/net/ssl/openssl_ssl_util.cc
index ae3834a71d4..af7082d6c4c 100644
--- a/chromium/net/ssl/openssl_ssl_util.cc
+++ b/chromium/net/ssl/openssl_ssl_util.cc
@@ -117,12 +117,12 @@ int MapOpenSSLErrorSSL(uint32_t error_code) {
   }
 }
 
-scoped_ptr<base::Value> NetLogOpenSSLErrorCallback(
+std::unique_ptr<base::Value> NetLogOpenSSLErrorCallback(
     int net_error,
     int ssl_error,
     const OpenSSLErrorInfo& error_info,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetInteger("net_error", net_error);
   dict->SetInteger("ssl_error", ssl_error);
   if (error_info.error_code != 0) {
diff --git a/chromium/net/ssl/signed_certificate_timestamp_and_status.cc b/chromium/net/ssl/signed_certificate_timestamp_and_status.cc
index 55deaa38a10..4cddf0470f3 100644
--- a/chromium/net/ssl/signed_certificate_timestamp_and_status.cc
+++ b/chromium/net/ssl/signed_certificate_timestamp_and_status.cc
@@ -8,6 +8,8 @@
 
 namespace net {
 
+SignedCertificateTimestampAndStatus::SignedCertificateTimestampAndStatus() {}
+
 SignedCertificateTimestampAndStatus::SignedCertificateTimestampAndStatus(
     const scoped_refptr<ct::SignedCertificateTimestamp>& sct,
     const ct::SCTVerifyStatus status)
diff --git a/chromium/net/ssl/signed_certificate_timestamp_and_status.h b/chromium/net/ssl/signed_certificate_timestamp_and_status.h
index 650e5b1a715..e546668a0b1 100644
--- a/chromium/net/ssl/signed_certificate_timestamp_and_status.h
+++ b/chromium/net/ssl/signed_certificate_timestamp_and_status.h
@@ -15,6 +15,8 @@
 namespace net {
 
 struct NET_EXPORT SignedCertificateTimestampAndStatus {
+  SignedCertificateTimestampAndStatus();
+
   SignedCertificateTimestampAndStatus(
       const scoped_refptr<ct::SignedCertificateTimestamp>& sct,
       ct::SCTVerifyStatus status);
diff --git a/chromium/net/ssl/ssl_cipher_suite_names.cc b/chromium/net/ssl/ssl_cipher_suite_names.cc
index 2bfe72ac93f..f6b54606181 100644
--- a/chromium/net/ssl/ssl_cipher_suite_names.cc
+++ b/chromium/net/ssl/ssl_cipher_suite_names.cc
@@ -4,11 +4,10 @@
 
 #include "net/ssl/ssl_cipher_suite_names.h"
 
-#if defined(USE_OPENSSL)
-#include <openssl/ssl.h>
-#endif
 #include <stdlib.h>
 
+#include <openssl/ssl.h>
+
 #include "base/logging.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_util.h"
@@ -424,7 +423,6 @@ bool IsTLSCipherSuiteAllowedByHTTP2(uint16_t cipher_suite) {
 }
 
 const char* ECCurveName(uint16_t cipher_suite, int key_exchange_info) {
-#if defined(USE_OPENSSL)
   int key_exchange, cipher, mac;
   if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac))
     return nullptr;
@@ -436,9 +434,6 @@ const char* ECCurveName(uint16_t cipher_suite, int key_exchange_info) {
       return nullptr;
   }
   return SSL_get_curve_name(key_exchange_info);
-#else
-  return nullptr;
-#endif
 }
 
 }  // namespace net
diff --git a/chromium/net/ssl/ssl_client_session_cache_openssl.cc b/chromium/net/ssl/ssl_client_session_cache.cc
index a413eeeafe0..82526a5ae4d 100644
--- a/chromium/net/ssl/ssl_client_session_cache_openssl.cc
+++ b/chromium/net/ssl/ssl_client_session_cache.cc
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "net/ssl/ssl_client_session_cache_openssl.h"
+#include "net/ssl/ssl_client_session_cache.h"
 
 #include <utility>
 
@@ -11,23 +11,21 @@
 
 namespace net {
 
-SSLClientSessionCacheOpenSSL::SSLClientSessionCacheOpenSSL(const Config& config)
+SSLClientSessionCache::SSLClientSessionCache(const Config& config)
     : clock_(new base::DefaultClock),
       config_(config),
       cache_(config.max_entries),
-      lookups_since_flush_(0) {
-}
+      lookups_since_flush_(0) {}
 
-SSLClientSessionCacheOpenSSL::~SSLClientSessionCacheOpenSSL() {
+SSLClientSessionCache::~SSLClientSessionCache() {
   Flush();
 }
 
-size_t SSLClientSessionCacheOpenSSL::size() const {
+size_t SSLClientSessionCache::size() const {
   return cache_.size();
 }
 
-ScopedSSL_SESSION SSLClientSessionCacheOpenSSL::Lookup(
-    const std::string& cache_key) {
+ScopedSSL_SESSION SSLClientSessionCache::Lookup(const std::string& cache_key) {
   base::AutoLock lock(lock_);
 
   // Expire stale sessions.
@@ -47,12 +45,12 @@ ScopedSSL_SESSION SSLClientSessionCacheOpenSSL::Lookup(
   return ScopedSSL_SESSION(SSL_SESSION_up_ref(iter->second->session.get()));
 }
 
-void SSLClientSessionCacheOpenSSL::Insert(const std::string& cache_key,
-                                          SSL_SESSION* session) {
+void SSLClientSessionCache::Insert(const std::string& cache_key,
+                                   SSL_SESSION* session) {
   base::AutoLock lock(lock_);
 
   // Make a new entry.
-  scoped_ptr<CacheEntry> entry(new CacheEntry);
+  std::unique_ptr<CacheEntry> entry(new CacheEntry);
   entry->session.reset(SSL_SESSION_up_ref(session));
   entry->creation_time = clock_->Now();
 
@@ -60,31 +58,28 @@ void SSLClientSessionCacheOpenSSL::Insert(const std::string& cache_key,
   cache_.Put(cache_key, std::move(entry));
 }
 
-void SSLClientSessionCacheOpenSSL::Flush() {
+void SSLClientSessionCache::Flush() {
   base::AutoLock lock(lock_);
 
   cache_.Clear();
 }
 
-void SSLClientSessionCacheOpenSSL::SetClockForTesting(
-    scoped_ptr<base::Clock> clock) {
+void SSLClientSessionCache::SetClockForTesting(
+    std::unique_ptr<base::Clock> clock) {
   clock_ = std::move(clock);
 }
 
-SSLClientSessionCacheOpenSSL::CacheEntry::CacheEntry() {
-}
+SSLClientSessionCache::CacheEntry::CacheEntry() {}
 
-SSLClientSessionCacheOpenSSL::CacheEntry::~CacheEntry() {
-}
+SSLClientSessionCache::CacheEntry::~CacheEntry() {}
 
-bool SSLClientSessionCacheOpenSSL::IsExpired(
-    SSLClientSessionCacheOpenSSL::CacheEntry* entry,
-    const base::Time& now) {
+bool SSLClientSessionCache::IsExpired(SSLClientSessionCache::CacheEntry* entry,
+                                      const base::Time& now) {
   return now < entry->creation_time ||
          entry->creation_time + config_.timeout < now;
 }
 
-void SSLClientSessionCacheOpenSSL::FlushExpiredSessions() {
+void SSLClientSessionCache::FlushExpiredSessions() {
   base::Time now = clock_->Now();
   CacheEntryMap::iterator iter = cache_.begin();
   while (iter != cache_.end()) {
diff --git a/chromium/net/ssl/ssl_client_session_cache_openssl.h b/chromium/net/ssl/ssl_client_session_cache.h
index a432b5958fc..149d4dc36d0 100644
--- a/chromium/net/ssl/ssl_client_session_cache_openssl.h
+++ b/chromium/net/ssl/ssl_client_session_cache.h
@@ -2,17 +2,17 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#ifndef NET_SSL_SSL_CLIENT_SESSION_CACHE_OPENSSL_H
-#define NET_SSL_SSL_CLIENT_SESSION_CACHE_OPENSSL_H
+#ifndef NET_SSL_SSL_CLIENT_SESSION_CACHE_H
+#define NET_SSL_SSL_CLIENT_SESSION_CACHE_H
 
 #include <openssl/ssl.h>
 #include <stddef.h>
 
+#include <memory>
 #include <string>
 
 #include "base/containers/mru_cache.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/synchronization/lock.h"
 #include "base/threading/thread_checker.h"
 #include "base/time/time.h"
@@ -25,7 +25,7 @@ class Clock;
 
 namespace net {
 
-class NET_EXPORT SSLClientSessionCacheOpenSSL {
+class NET_EXPORT SSLClientSessionCache {
  public:
   struct Config {
     // The maximum number of entries in the cache.
@@ -36,8 +36,8 @@ class NET_EXPORT SSLClientSessionCacheOpenSSL {
     base::TimeDelta timeout = base::TimeDelta::FromHours(1);
   };
 
-  explicit SSLClientSessionCacheOpenSSL(const Config& config);
-  ~SSLClientSessionCacheOpenSSL();
+  explicit SSLClientSessionCache(const Config& config);
+  ~SSLClientSessionCache();
 
   size_t size() const;
 
@@ -53,7 +53,7 @@ class NET_EXPORT SSLClientSessionCacheOpenSSL {
   // Removes all entries from the cache.
   void Flush();
 
-  void SetClockForTesting(scoped_ptr<base::Clock> clock);
+  void SetClockForTesting(std::unique_ptr<base::Clock> clock);
 
  private:
   struct CacheEntry {
@@ -66,7 +66,7 @@ class NET_EXPORT SSLClientSessionCacheOpenSSL {
   };
 
   using CacheEntryMap =
-      base::HashingMRUCache<std::string, scoped_ptr<CacheEntry>>;
+      base::HashingMRUCache<std::string, std::unique_ptr<CacheEntry>>;
 
   // Returns true if |entry| is expired as of |now|.
   bool IsExpired(CacheEntry* entry, const base::Time& now);
@@ -74,7 +74,7 @@ class NET_EXPORT SSLClientSessionCacheOpenSSL {
   // Removes all expired sessions from the cache.
   void FlushExpiredSessions();
 
-  scoped_ptr<base::Clock> clock_;
+  std::unique_ptr<base::Clock> clock_;
   Config config_;
   CacheEntryMap cache_;
   size_t lookups_since_flush_;
@@ -84,9 +84,9 @@ class NET_EXPORT SSLClientSessionCacheOpenSSL {
   // classes in net.
   base::Lock lock_;
 
-  DISALLOW_COPY_AND_ASSIGN(SSLClientSessionCacheOpenSSL);
+  DISALLOW_COPY_AND_ASSIGN(SSLClientSessionCache);
 };
 
 }  // namespace net
 
-#endif  // NET_SSL_SSL_CLIENT_SESSION_CACHE_OPENSSL_H
+#endif  // NET_SSL_SSL_CLIENT_SESSION_CACHE_H
diff --git a/chromium/net/ssl/ssl_client_session_cache_openssl_unittest.cc b/chromium/net/ssl/ssl_client_session_cache_unittest.cc
index ee579f00ee5..20d77a7cdb1 100644
--- a/chromium/net/ssl/ssl_client_session_cache_openssl_unittest.cc
+++ b/chromium/net/ssl/ssl_client_session_cache_unittest.cc
@@ -2,10 +2,11 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "net/ssl/ssl_client_session_cache_openssl.h"
+#include "net/ssl/ssl_client_session_cache.h"
 
 #include <openssl/ssl.h>
 
+#include "base/memory/ptr_util.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/test/simple_test_clock.h"
 #include "net/ssl/scoped_openssl_types.h"
@@ -14,9 +15,9 @@
 namespace net {
 
 // Test basic insertion and lookup operations.
-TEST(SSLClientSessionCacheOpenSSLTest, Basic) {
-  SSLClientSessionCacheOpenSSL::Config config;
-  SSLClientSessionCacheOpenSSL cache(config);
+TEST(SSLClientSessionCacheTest, Basic) {
+  SSLClientSessionCache::Config config;
+  SSLClientSessionCache cache(config);
 
   ScopedSSL_SESSION session1(SSL_SESSION_new());
   ScopedSSL_SESSION session2(SSL_SESSION_new());
@@ -64,9 +65,9 @@ TEST(SSLClientSessionCacheOpenSSLTest, Basic) {
 
 // Test that a session may be inserted at two different keys. This should never
 // be necessary, but the API doesn't prohibit it.
-TEST(SSLClientSessionCacheOpenSSLTest, DoubleInsert) {
-  SSLClientSessionCacheOpenSSL::Config config;
-  SSLClientSessionCacheOpenSSL cache(config);
+TEST(SSLClientSessionCacheTest, DoubleInsert) {
+  SSLClientSessionCache::Config config;
+  SSLClientSessionCache cache(config);
 
   ScopedSSL_SESSION session(SSL_SESSION_new());
   EXPECT_EQ(1u, session->references);
@@ -98,10 +99,10 @@ TEST(SSLClientSessionCacheOpenSSLTest, DoubleInsert) {
 }
 
 // Tests that the session cache's size is correctly bounded.
-TEST(SSLClientSessionCacheOpenSSLTest, MaxEntries) {
-  SSLClientSessionCacheOpenSSL::Config config;
+TEST(SSLClientSessionCacheTest, MaxEntries) {
+  SSLClientSessionCache::Config config;
   config.max_entries = 3;
-  SSLClientSessionCacheOpenSSL cache(config);
+  SSLClientSessionCache cache(config);
 
   ScopedSSL_SESSION session1(SSL_SESSION_new());
   ScopedSSL_SESSION session2(SSL_SESSION_new());
@@ -136,17 +137,17 @@ TEST(SSLClientSessionCacheOpenSSLTest, MaxEntries) {
 }
 
 // Tests that session expiration works properly.
-TEST(SSLClientSessionCacheOpenSSLTest, Expiration) {
+TEST(SSLClientSessionCacheTest, Expiration) {
   const size_t kNumEntries = 20;
   const size_t kExpirationCheckCount = 10;
   const base::TimeDelta kTimeout = base::TimeDelta::FromSeconds(1000);
 
-  SSLClientSessionCacheOpenSSL::Config config;
+  SSLClientSessionCache::Config config;
   config.expiration_check_count = kExpirationCheckCount;
   config.timeout = kTimeout;
-  SSLClientSessionCacheOpenSSL cache(config);
+  SSLClientSessionCache cache(config);
   base::SimpleTestClock* clock = new base::SimpleTestClock;
-  cache.SetClockForTesting(make_scoped_ptr(clock));
+  cache.SetClockForTesting(base::WrapUnique(clock));
 
   // Add |kNumEntries - 1| entries.
   for (size_t i = 0; i < kNumEntries - 1; i++) {
@@ -183,18 +184,18 @@ TEST(SSLClientSessionCacheOpenSSLTest, Expiration) {
 
 // Tests that Lookup performs an expiration check before returning a cached
 // session.
-TEST(SSLClientSessionCacheOpenSSLTest, LookupExpirationCheck) {
+TEST(SSLClientSessionCacheTest, LookupExpirationCheck) {
   // kExpirationCheckCount is set to a suitably large number so the automated
   // pruning never triggers.
   const size_t kExpirationCheckCount = 1000;
   const base::TimeDelta kTimeout = base::TimeDelta::FromSeconds(1000);
 
-  SSLClientSessionCacheOpenSSL::Config config;
+  SSLClientSessionCache::Config config;
   config.expiration_check_count = kExpirationCheckCount;
   config.timeout = kTimeout;
-  SSLClientSessionCacheOpenSSL cache(config);
+  SSLClientSessionCache cache(config);
   base::SimpleTestClock* clock = new base::SimpleTestClock;
-  cache.SetClockForTesting(make_scoped_ptr(clock));
+  cache.SetClockForTesting(base::WrapUnique(clock));
 
   // Insert an entry into the session cache.
   ScopedSSL_SESSION session(SSL_SESSION_new());
diff --git a/chromium/net/ssl/ssl_key_logger.h b/chromium/net/ssl/ssl_key_logger.h
index dcaf6c6a89b..c1e8f5b0fb2 100644
--- a/chromium/net/ssl/ssl_key_logger.h
+++ b/chromium/net/ssl/ssl_key_logger.h
@@ -5,11 +5,11 @@
 #ifndef NET_SSL_SSL_KEY_LOGGER_H_
 #define NET_SSL_SSL_KEY_LOGGER_H_
 
+#include <memory>
 #include <string>
 
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 
 namespace base {
 class FilePath;
@@ -40,7 +40,7 @@ class SSLKeyLogger {
 
   scoped_refptr<base::SequencedTaskRunner> task_runner_;
   // Destroyed on |task_runner_|.
-  scoped_ptr<Core> core_;
+  std::unique_ptr<Core> core_;
 
   DISALLOW_COPY_AND_ASSIGN(SSLKeyLogger);
 };
diff --git a/chromium/net/ssl/ssl_platform_key.h b/chromium/net/ssl/ssl_platform_key.h
index a6d53138cbd..10d63a3c78c 100644
--- a/chromium/net/ssl/ssl_platform_key.h
+++ b/chromium/net/ssl/ssl_platform_key.h
@@ -5,9 +5,10 @@
 #ifndef NET_SSL_SSL_PLATFORM_KEY_H_
 #define NET_SSL_SSL_PLATFORM_KEY_H_
 
+#include <memory>
+
 #include "base/lazy_instance.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 
 namespace base {
diff --git a/chromium/net/ssl/ssl_platform_key_android.cc b/chromium/net/ssl/ssl_platform_key_android.cc
index 6a6595cc0e6..800107a5dc4 100644
--- a/chromium/net/ssl/ssl_platform_key_android.cc
+++ b/chromium/net/ssl/ssl_platform_key_android.cc
@@ -6,10 +6,12 @@
 
 #include <openssl/digest.h>
 #include <openssl/evp.h>
+
 #include <utility>
 
 #include "base/logging.h"
 #include "base/macros.h"
+#include "base/memory/ptr_util.h"
 #include "crypto/scoped_openssl_types.h"
 #include "net/base/net_errors.h"
 #include "net/ssl/openssl_client_key_store.h"
@@ -120,7 +122,7 @@ scoped_refptr<SSLPrivateKey> WrapOpenSSLPrivateKey(crypto::ScopedEVP_PKEY key) {
       return nullptr;
   }
   return make_scoped_refptr(new ThreadedSSLPrivateKey(
-      make_scoped_ptr(new SSLPlatformKeyAndroid(std::move(key), type)),
+      base::WrapUnique(new SSLPlatformKeyAndroid(std::move(key), type)),
       GetSSLPlatformKeyTaskRunner()));
 }
 
diff --git a/chromium/net/ssl/ssl_platform_key_chromecast.cc b/chromium/net/ssl/ssl_platform_key_chromecast.cc
index ef1fef56e60..6ee005de84a 100644
--- a/chromium/net/ssl/ssl_platform_key_chromecast.cc
+++ b/chromium/net/ssl/ssl_platform_key_chromecast.cc
@@ -2,21 +2,20 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "net/ssl/ssl_platform_key.h"
-
 #include <keyhi.h>
+#include <openssl/rsa.h>
 #include <pk11pub.h>
 #include <prerror.h>
 
-#include <openssl/rsa.h>
-
 #include "base/logging.h"
 #include "base/macros.h"
+#include "base/memory/ptr_util.h"
 #include "base/sequenced_task_runner.h"
 #include "crypto/scoped_nss_types.h"
 #include "crypto/scoped_openssl_types.h"
 #include "net/cert/x509_certificate.h"
 #include "net/ssl/client_key_store.h"
+#include "net/ssl/ssl_platform_key.h"
 #include "net/ssl/ssl_platform_key_task_runner.h"
 #include "net/ssl/ssl_private_key.h"
 #include "net/ssl/threaded_ssl_private_key.h"
@@ -129,7 +128,7 @@ scoped_refptr<SSLPrivateKey> FetchClientCertPrivateKey(
   }
 
   return make_scoped_refptr(new ThreadedSSLPrivateKey(
-      make_scoped_ptr(new SSLPlatformKeyChromecast(std::move(key))),
+      base::WrapUnique(new SSLPlatformKeyChromecast(std::move(key))),
       GetSSLPlatformKeyTaskRunner()));
 }
 
diff --git a/chromium/net/ssl/ssl_platform_key_mac.cc b/chromium/net/ssl/ssl_platform_key_mac.cc
index 050189b7af4..35628f819cc 100644
--- a/chromium/net/ssl/ssl_platform_key_mac.cc
+++ b/chromium/net/ssl/ssl_platform_key_mac.cc
@@ -4,23 +4,24 @@
 
 #include "net/ssl/ssl_platform_key.h"
 
-#include <openssl/ecdsa.h>
-#include <openssl/obj.h>
-#include <openssl/rsa.h>
-
-#include <Security/cssm.h>
 #include <Security/SecBase.h>
 #include <Security/SecCertificate.h>
 #include <Security/SecIdentity.h>
 #include <Security/SecKey.h>
+#include <Security/cssm.h>
+#include <openssl/ecdsa.h>
+#include <openssl/obj.h>
+#include <openssl/rsa.h>
+
+#include <memory>
 
 #include "base/location.h"
 #include "base/logging.h"
 #include "base/mac/mac_logging.h"
 #include "base/mac/scoped_cftyperef.h"
 #include "base/macros.h"
+#include "base/memory/ptr_util.h"
 #include "base/memory/scoped_policy.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/sequenced_task_runner.h"
 #include "base/synchronization/lock.h"
 #include "crypto/mac_security_services_lock.h"
@@ -242,7 +243,7 @@ scoped_refptr<SSLPrivateKey> FetchClientCertPrivateKey(
     return nullptr;
   }
   return make_scoped_refptr(new ThreadedSSLPrivateKey(
-      make_scoped_ptr(new SSLPlatformKeyMac(private_key.get(), cssm_key)),
+      base::WrapUnique(new SSLPlatformKeyMac(private_key.get(), cssm_key)),
       GetSSLPlatformKeyTaskRunner()));
 }
 
diff --git a/chromium/net/ssl/ssl_platform_key_nss.cc b/chromium/net/ssl/ssl_platform_key_nss.cc
index 858ffb9db7f..fc05976e960 100644
--- a/chromium/net/ssl/ssl_platform_key_nss.cc
+++ b/chromium/net/ssl/ssl_platform_key_nss.cc
@@ -2,23 +2,24 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "net/ssl/ssl_platform_key.h"
-
 #include <keyhi.h>
 #include <openssl/bn.h>
 #include <openssl/ecdsa.h>
 #include <openssl/rsa.h>
 #include <pk11pub.h>
 #include <prerror.h>
+
 #include <utility>
 
 #include "base/logging.h"
 #include "base/macros.h"
+#include "base/memory/ptr_util.h"
 #include "base/sequenced_task_runner.h"
 #include "crypto/scoped_nss_types.h"
 #include "crypto/scoped_openssl_types.h"
 #include "net/cert/x509_certificate.h"
 #include "net/ssl/client_key_store.h"
+#include "net/ssl/ssl_platform_key.h"
 #include "net/ssl/ssl_platform_key_task_runner.h"
 #include "net/ssl/ssl_private_key.h"
 #include "net/ssl/threaded_ssl_private_key.h"
@@ -182,7 +183,7 @@ scoped_refptr<SSLPrivateKey> FetchClientCertPrivateKey(
       return nullptr;
   }
   return make_scoped_refptr(new ThreadedSSLPrivateKey(
-      make_scoped_ptr(new SSLPlatformKeyNSS(type, std::move(key))),
+      base::WrapUnique(new SSLPlatformKeyNSS(type, std::move(key))),
       GetSSLPlatformKeyTaskRunner()));
 }
 
diff --git a/chromium/net/ssl/ssl_platform_key_win.cc b/chromium/net/ssl/ssl_platform_key_win.cc
index 49fc31a6725..d49d72f25f8 100644
--- a/chromium/net/ssl/ssl_platform_key_win.cc
+++ b/chromium/net/ssl/ssl_platform_key_win.cc
@@ -351,7 +351,7 @@ scoped_refptr<SSLPrivateKey> FetchClientCertPrivateKey(
   // transferred.
   CHECK_EQ(must_free, TRUE);
 
-  scoped_ptr<ThreadedSSLPrivateKey::Delegate> delegate;
+  std::unique_ptr<ThreadedSSLPrivateKey::Delegate> delegate;
   if (key_spec == CERT_NCRYPT_KEY_SPEC) {
     delegate.reset(new SSLPlatformKeyCNG(prov_or_key, key_type, max_length));
   } else {
diff --git a/chromium/net/ssl/test_ssl_private_key.cc b/chromium/net/ssl/test_ssl_private_key.cc
index 99ed33b15cd..6d420b0e4c6 100644
--- a/chromium/net/ssl/test_ssl_private_key.cc
+++ b/chromium/net/ssl/test_ssl_private_key.cc
@@ -6,10 +6,12 @@
 
 #include <openssl/digest.h>
 #include <openssl/evp.h>
+
 #include <utility>
 
 #include "base/logging.h"
 #include "base/macros.h"
+#include "base/memory/ptr_util.h"
 #include "crypto/scoped_openssl_types.h"
 #include "net/base/net_errors.h"
 #include "net/ssl/ssl_platform_key_task_runner.h"
@@ -121,7 +123,7 @@ scoped_refptr<SSLPrivateKey> WrapOpenSSLPrivateKey(crypto::ScopedEVP_PKEY key) {
       return nullptr;
   }
   return make_scoped_refptr(new ThreadedSSLPrivateKey(
-      make_scoped_ptr(new TestSSLPlatformKey(std::move(key), type)),
+      base::WrapUnique(new TestSSLPlatformKey(std::move(key), type)),
       GetSSLPlatformKeyTaskRunner()));
 }
 
diff --git a/chromium/net/ssl/threaded_ssl_private_key.cc b/chromium/net/ssl/threaded_ssl_private_key.cc
index d2f1d95ea43..a1294fadc4c 100644
--- a/chromium/net/ssl/threaded_ssl_private_key.cc
+++ b/chromium/net/ssl/threaded_ssl_private_key.cc
@@ -11,7 +11,7 @@
 #include "base/location.h"
 #include "base/task_runner.h"
 #include "base/task_runner_util.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 
 namespace net {
 
@@ -30,7 +30,7 @@ void DoCallback(const base::WeakPtr<ThreadedSSLPrivateKey>& key,
 class ThreadedSSLPrivateKey::Core
     : public base::RefCountedThreadSafe<ThreadedSSLPrivateKey::Core> {
  public:
-  Core(scoped_ptr<ThreadedSSLPrivateKey::Delegate> delegate)
+  Core(std::unique_ptr<ThreadedSSLPrivateKey::Delegate> delegate)
       : delegate_(std::move(delegate)) {}
 
   ThreadedSSLPrivateKey::Delegate* delegate() { return delegate_.get(); }
@@ -45,11 +45,11 @@ class ThreadedSSLPrivateKey::Core
   friend class base::RefCountedThreadSafe<Core>;
   ~Core() {}
 
-  scoped_ptr<ThreadedSSLPrivateKey::Delegate> delegate_;
+  std::unique_ptr<ThreadedSSLPrivateKey::Delegate> delegate_;
 };
 
 ThreadedSSLPrivateKey::ThreadedSSLPrivateKey(
-    scoped_ptr<ThreadedSSLPrivateKey::Delegate> delegate,
+    std::unique_ptr<ThreadedSSLPrivateKey::Delegate> delegate,
     scoped_refptr<base::TaskRunner> task_runner)
     : core_(new Core(std::move(delegate))),
       task_runner_(std::move(task_runner)),
diff --git a/chromium/net/ssl/threaded_ssl_private_key.h b/chromium/net/ssl/threaded_ssl_private_key.h
index 23aed37cba3..c2fe2282a15 100644
--- a/chromium/net/ssl/threaded_ssl_private_key.h
+++ b/chromium/net/ssl/threaded_ssl_private_key.h
@@ -8,11 +8,11 @@
 #include <stddef.h>
 #include <stdint.h>
 
+#include <memory>
 #include <vector>
 
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "base/strings/string_piece.h"
 #include "net/ssl/ssl_private_key.h"
@@ -52,7 +52,7 @@ class ThreadedSSLPrivateKey : public SSLPrivateKey {
     DISALLOW_COPY_AND_ASSIGN(Delegate);
   };
 
-  ThreadedSSLPrivateKey(scoped_ptr<Delegate> delegate,
+  ThreadedSSLPrivateKey(std::unique_ptr<Delegate> delegate,
                         scoped_refptr<base::TaskRunner> task_runner);
 
   // SSLPrivateKey implementation.
diff --git a/chromium/net/ssl/token_binding_openssl.cc b/chromium/net/ssl/token_binding.cc
index f2a48ed113d..2c9a79f4a03 100644
--- a/chromium/net/ssl/token_binding_openssl.cc
+++ b/chromium/net/ssl/token_binding.cc
@@ -33,10 +33,6 @@ bool BuildTokenBindingID(crypto::ECPrivateKey* key, CBB* out) {
 
 }  // namespace
 
-bool IsTokenBindingSupported() {
-  return true;
-}
-
 bool SignTokenBindingEkm(base::StringPiece ekm,
                          crypto::ECPrivateKey* key,
                          std::vector<uint8_t>* out) {
diff --git a/chromium/net/ssl/token_binding.h b/chromium/net/ssl/token_binding.h
index 64104aa5c86..a98485095d0 100644
--- a/chromium/net/ssl/token_binding.h
+++ b/chromium/net/ssl/token_binding.h
@@ -20,10 +20,6 @@ enum class TokenBindingType {
   REFERRED = 1,
 };
 
-// Returns whether Token Binding is supported on this platform. If this function
-// returns false, Token Binding must not be negotiated.
-bool IsTokenBindingSupported();
-
 // Takes an exported keying material value |ekm| from the TLS layer and a token
 // binding key |key| and signs the EKM, putting the signature in |*out|. Returns
 // true on success or false if there's an error in the signing operations.
diff --git a/chromium/net/ssl/token_binding_nss.cc b/chromium/net/ssl/token_binding_nss.cc
deleted file mode 100644
index aa2dd09439a..00000000000
--- a/chromium/net/ssl/token_binding_nss.cc
+++ /dev/null
@@ -1,51 +0,0 @@
-// Copyright 2015 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "token_binding.h"
-
-#include "net/base/net_errors.h"
-
-namespace net {
-
-bool IsTokenBindingSupported() {
-  return false;
-}
-
-bool SignTokenBindingEkm(base::StringPiece ekm,
-                         crypto::ECPrivateKey* key,
-                         std::vector<uint8_t>* out) {
-  return false;
-}
-
-Error BuildTokenBindingMessageFromTokenBindings(
-    const std::vector<base::StringPiece>& token_bindings,
-    std::string* out) {
-  NOTREACHED();
-  return ERR_NOT_IMPLEMENTED;
-}
-
-Error BuildTokenBinding(TokenBindingType type,
-                        crypto::ECPrivateKey* key,
-                        const std::vector<uint8_t>& ekm,
-                        std::string* out) {
-  NOTREACHED();
-  return ERR_NOT_IMPLEMENTED;
-}
-
-TokenBinding::TokenBinding() {}
-
-bool ParseTokenBindingMessage(base::StringPiece token_binding_message,
-                              std::vector<TokenBinding>* token_bindings) {
-  NOTREACHED();
-  return false;
-}
-
-bool VerifyEKMSignature(base::StringPiece ec_point,
-                        base::StringPiece signature,
-                        base::StringPiece ekm) {
-  NOTREACHED();
-  return false;
-}
-
-}  // namespace net
diff --git a/chromium/net/test/ct_test_util.cc b/chromium/net/test/ct_test_util.cc
index 9bc6f958da7..6f2a47e6da7 100644
--- a/chromium/net/test/ct_test_util.cc
+++ b/chromium/net/test/ct_test_util.cc
@@ -15,6 +15,7 @@
 #include "base/strings/stringprintf.h"
 #include "net/cert/ct_serialization.h"
 #include "net/cert/ct_verify_result.h"
+#include "net/cert/merkle_tree_leaf.h"
 #include "net/cert/signed_tree_head.h"
 #include "net/cert/x509_certificate.h"
 
@@ -78,6 +79,8 @@ const char kDefaultDerTbsCert[] =
     "41310e300c0603550408130557616c65733110300e060355040713074572772057656e8201"
     "0030090603551d1304023000";
 
+const char kDefaultExtensions[] = "666f6f626172"; // "foobar"
+
 const char kTestDigitallySigned[] =
     "0403004730450220606e10ae5c2d5a1b0aed49dc4937f48de71a4e9784e9c208dfbfe9ef53"
     "6cf7f2022100beb29c72d7d06d61d06bdb38a069469aa86fe12e18bb7cc45689a2c0187ef5"
@@ -97,6 +100,8 @@ const char kEcP256PublicKey[] =
 const char kTestKeyId[] =
     "df1c2ec11500945247a96168325ddc5c7959e8f7c6d388fc002e0bbd3f74d764";
 
+const int64_t kTestTimestamp = INT64_C(1396877277237);
+
 const char kTestSCTSignatureData[] =
     "30450220606e10ae5c2d5a1b0aed49dc4937f48de71a4e9784e9c208dfbfe9ef536cf7f202"
     "2100beb29c72d7d06d61d06bdb38a069469aa86fe12e18bb7cc45689a2c0187ef5a5";
@@ -155,7 +160,6 @@ const char kFakeOCSPResponseIssuerCert[] =
     "3ea1e11df2ccb357a5fed5220f9c6239e8946b9b7517707631d51ab996833d58a022cff5a6"
     "2169ac9258ec110efee78da9ab4a641e3b3c9ee5e8bd291460";
 
-
 const char kFakeOCSPExtensionValue[] = "74657374";  // "test"
 
 // For the sample STH
@@ -166,7 +170,6 @@ const char kSampleSTHTreeHeadSignature[] =
     "6c7a20022100e38464f3c0fd066257b982074f7ac87655e0c8f714768a050b4be9a7b441cb"
     "d3";
 size_t kSampleSTHTreeSize = 21u;
-int64_t kSampleSTHTimestamp = INT64_C(1396877277237);
 
 }  // namespace
 
@@ -175,6 +178,13 @@ void GetX509CertLogEntry(LogEntry* entry) {
   entry->leaf_certificate = HexToBytes(kDefaultDerCert);
 }
 
+void GetX509CertTreeLeaf(MerkleTreeLeaf* tree_leaf) {
+  tree_leaf->log_id = HexToBytes(kTestKeyId);
+  tree_leaf->timestamp = base::Time::FromJsTime(kTestTimestamp);
+  GetX509CertLogEntry(&tree_leaf->log_entry);
+  tree_leaf->extensions = HexToBytes(kDefaultExtensions);
+}
+
 std::string GetDerEncodedX509Cert() { return HexToBytes(kDefaultDerCert); }
 
 void GetPrecertLogEntry(LogEntry* entry) {
@@ -184,6 +194,13 @@ void GetPrecertLogEntry(LogEntry* entry) {
   entry->tbs_certificate = HexToBytes(kDefaultDerTbsCert);
 }
 
+void GetPrecertTreeLeaf(MerkleTreeLeaf* tree_leaf) {
+  tree_leaf->log_id = HexToBytes(kTestKeyId);
+  tree_leaf->timestamp = base::Time::FromJsTime(kTestTimestamp);
+  GetPrecertLogEntry(&tree_leaf->log_entry);
+  tree_leaf->extensions = HexToBytes(kDefaultExtensions);
+}
+
 std::string GetTestDigitallySigned() {
   return HexToBytes(kTestDigitallySigned);
 }
@@ -204,7 +221,7 @@ void GetX509CertSCT(scoped_refptr<SignedCertificateTimestamp>* sct_ref) {
   CHECK(sct_ref != NULL);
   *sct_ref = new SignedCertificateTimestamp();
   SignedCertificateTimestamp *const sct(sct_ref->get());
-  sct->version = ct::SignedCertificateTimestamp::SCT_VERSION_1;
+  sct->version = ct::SignedCertificateTimestamp::V1;
   sct->log_id = HexToBytes(kTestKeyId);
   // Time the log issued a SCT for this certificate, which is
   // Fri Apr  5 10:04:16.089 2013
@@ -221,7 +238,7 @@ void GetPrecertSCT(scoped_refptr<SignedCertificateTimestamp>* sct_ref) {
   CHECK(sct_ref != NULL);
   *sct_ref = new SignedCertificateTimestamp();
   SignedCertificateTimestamp *const sct(sct_ref->get());
-  sct->version = ct::SignedCertificateTimestamp::SCT_VERSION_1;
+  sct->version = ct::SignedCertificateTimestamp::V1;
   sct->log_id = HexToBytes(kTestKeyId);
   // Time the log issued a SCT for this Precertificate, which is
   // Fri Apr  5 10:04:16.275 2013
@@ -258,7 +275,7 @@ std::string GetDerEncodedFakeOCSPResponseIssuerCert() {
 bool GetSampleSignedTreeHead(SignedTreeHead* sth) {
   sth->version = SignedTreeHead::V1;
   sth->timestamp = base::Time::UnixEpoch() +
-                   base::TimeDelta::FromMilliseconds(kSampleSTHTimestamp);
+                   base::TimeDelta::FromMilliseconds(kTestTimestamp);
   sth->tree_size = kSampleSTHTreeSize;
   std::string sha256_root_hash = GetSampleSTHSHA256RootHash();
   memcpy(sth->sha256_root_hash, sha256_root_hash.c_str(), kSthRootHashLength);
@@ -313,7 +330,7 @@ bool GetSampleSTHTreeHeadDecodedSignature(DigitallySigned* signature) {
 }
 
 std::string GetSampleSTHAsJson() {
-  return CreateSignedTreeHeadJsonString(kSampleSTHTreeSize, kSampleSTHTimestamp,
+  return CreateSignedTreeHeadJsonString(kSampleSTHTreeSize, kTestTimestamp,
                                         GetSampleSTHSHA256RootHash(),
                                         GetSampleSTHTreeHeadSignature());
 }
diff --git a/chromium/net/test/ct_test_util.h b/chromium/net/test/ct_test_util.h
index d3df6e62d9b..649b87c0824 100644
--- a/chromium/net/test/ct_test_util.h
+++ b/chromium/net/test/ct_test_util.h
@@ -21,6 +21,7 @@ namespace ct {
 struct CTVerifyResult;
 struct DigitallySigned;
 struct LogEntry;
+struct MerkleTreeLeaf;
 struct SignedTreeHead;
 
 // Note: unless specified otherwise, all test data is taken from Certificate
@@ -29,6 +30,9 @@ struct SignedTreeHead;
 // Fills |entry| with test data for an X.509 entry.
 void GetX509CertLogEntry(LogEntry* entry);
 
+// Fills |tree_leaf| with test data for an X.509 Merkle tree leaf.
+void GetX509CertTreeLeaf(MerkleTreeLeaf* tree_leaf);
+
 // Returns a DER-encoded X509 cert. The SCT provided by
 // GetX509CertSCT is signed over this certificate.
 std::string GetDerEncodedX509Cert();
@@ -36,6 +40,9 @@ std::string GetDerEncodedX509Cert();
 // Fills |entry| with test data for a Precertificate entry.
 void GetPrecertLogEntry(LogEntry* entry);
 
+// Fills |tree_leaf| with test data for a Precertificate Merkle tree leaf.
+void GetPrecertTreeLeaf(MerkleTreeLeaf* tree_leaf);
+
 // Returns the binary representation of a test DigitallySigned
 std::string GetTestDigitallySigned();
 
diff --git a/chromium/net/test/embedded_test_server/default_handlers.cc b/chromium/net/test/embedded_test_server/default_handlers.cc
index 74967217f5f..1b49ceb61ca 100644
--- a/chromium/net/test/embedded_test_server/default_handlers.cc
+++ b/chromium/net/test/embedded_test_server/default_handlers.cc
@@ -21,7 +21,7 @@
 #include "base/strings/string_split.h"
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/time/time.h"
 #include "net/base/escape.h"
 #include "net/base/url_util.h"
@@ -46,11 +46,11 @@ const char kLogoPath[] = "chrome/test/data/google/logo.gif";
 
 // method: CONNECT
 // Responses with a BAD_REQUEST to any CONNECT requests.
-scoped_ptr<HttpResponse> HandleDefaultConnect(const HttpRequest& request) {
+std::unique_ptr<HttpResponse> HandleDefaultConnect(const HttpRequest& request) {
   if (request.method != METHOD_CONNECT)
     return nullptr;
 
-  scoped_ptr<BasicHttpResponse> http_response(new BasicHttpResponse);
+  std::unique_ptr<BasicHttpResponse> http_response(new BasicHttpResponse);
   http_response->set_code(HTTP_BAD_REQUEST);
   http_response->set_content(
       "Your client has issued a malformed or illegal request.");
@@ -60,8 +60,8 @@ scoped_ptr<HttpResponse> HandleDefaultConnect(const HttpRequest& request) {
 
 // /cachetime
 // Returns a cacheable response.
-scoped_ptr<HttpResponse> HandleCacheTime(const HttpRequest& request) {
-  scoped_ptr<BasicHttpResponse> http_response(new BasicHttpResponse);
+std::unique_ptr<HttpResponse> HandleCacheTime(const HttpRequest& request) {
+  std::unique_ptr<BasicHttpResponse> http_response(new BasicHttpResponse);
   http_response->set_content(
       "<html><head><title>Cache: max-age=60</title></head></html>");
   http_response->set_content_type("text/html");
@@ -72,13 +72,13 @@ scoped_ptr<HttpResponse> HandleCacheTime(const HttpRequest& request) {
 // /echoheader | /echoheadercache
 // Responds with the headers echoed in the message body.
 // echoheader does not cache the results, while echoheadercache does.
-scoped_ptr<HttpResponse> HandleEchoHeader(const std::string& url,
-                                          const std::string& cache_control,
-                                          const HttpRequest& request) {
+std::unique_ptr<HttpResponse> HandleEchoHeader(const std::string& url,
+                                               const std::string& cache_control,
+                                               const HttpRequest& request) {
   if (!ShouldHandle(request, url))
     return nullptr;
 
-  scoped_ptr<BasicHttpResponse> http_response(new BasicHttpResponse);
+  std::unique_ptr<BasicHttpResponse> http_response(new BasicHttpResponse);
 
   GURL request_url = request.GetURL();
   if (request_url.has_query()) {
@@ -98,8 +98,8 @@ scoped_ptr<HttpResponse> HandleEchoHeader(const std::string& url,
 // /echo?status=STATUS
 // Responds with the request body as the response body and
 // a status code of STATUS.
-scoped_ptr<HttpResponse> HandleEcho(const HttpRequest& request) {
-  scoped_ptr<BasicHttpResponse> http_response(new BasicHttpResponse);
+std::unique_ptr<HttpResponse> HandleEcho(const HttpRequest& request) {
+  std::unique_ptr<BasicHttpResponse> http_response(new BasicHttpResponse);
 
   GURL request_url = request.GetURL();
   if (request_url.has_query()) {
@@ -119,8 +119,8 @@ scoped_ptr<HttpResponse> HandleEcho(const HttpRequest& request) {
 
 // /echotitle
 // Responds with the request body as the title.
-scoped_ptr<HttpResponse> HandleEchoTitle(const HttpRequest& request) {
-  scoped_ptr<BasicHttpResponse> http_response(new BasicHttpResponse);
+std::unique_ptr<HttpResponse> HandleEchoTitle(const HttpRequest& request) {
+  std::unique_ptr<BasicHttpResponse> http_response(new BasicHttpResponse);
   http_response->set_content_type("text/html");
   http_response->set_content("<html><head><title>" + request.content +
                              "</title></head></html>");
@@ -129,8 +129,8 @@ scoped_ptr<HttpResponse> HandleEchoTitle(const HttpRequest& request) {
 
 // /echoall?QUERY
 // Responds with the list of QUERY and the request headers.
-scoped_ptr<HttpResponse> HandleEchoAll(const HttpRequest& request) {
-  scoped_ptr<BasicHttpResponse> http_response(new BasicHttpResponse);
+std::unique_ptr<HttpResponse> HandleEchoAll(const HttpRequest& request) {
+  std::unique_ptr<BasicHttpResponse> http_response(new BasicHttpResponse);
 
   std::string body =
       "<html><head><style>"
@@ -161,8 +161,8 @@ scoped_ptr<HttpResponse> HandleEchoAll(const HttpRequest& request) {
 
 // /set-cookie?COOKIES
 // Sets response cookies to be COOKIES.
-scoped_ptr<HttpResponse> HandleSetCookie(const HttpRequest& request) {
-  scoped_ptr<BasicHttpResponse> http_response(new BasicHttpResponse);
+std::unique_ptr<HttpResponse> HandleSetCookie(const HttpRequest& request) {
+  std::unique_ptr<BasicHttpResponse> http_response(new BasicHttpResponse);
   http_response->set_content_type("text/html");
   std::string content;
   GURL request_url = request.GetURL();
@@ -181,7 +181,7 @@ scoped_ptr<HttpResponse> HandleSetCookie(const HttpRequest& request) {
 
 // /set-many-cookies?N
 // Sets N cookies in the response.
-scoped_ptr<HttpResponse> HandleSetManyCookies(const HttpRequest& request) {
+std::unique_ptr<HttpResponse> HandleSetManyCookies(const HttpRequest& request) {
   std::string content;
 
   GURL request_url = request.GetURL();
@@ -189,7 +189,7 @@ scoped_ptr<HttpResponse> HandleSetManyCookies(const HttpRequest& request) {
   if (request_url.has_query())
     num = std::atoi(request_url.query().c_str());
 
-  scoped_ptr<BasicHttpResponse> http_response(new BasicHttpResponse);
+  std::unique_ptr<BasicHttpResponse> http_response(new BasicHttpResponse);
   http_response->set_content_type("text/html");
   for (size_t i = 0; i < num; ++i) {
     http_response->AddCustomHeader("Set-Cookie", "a=");
@@ -203,7 +203,8 @@ scoped_ptr<HttpResponse> HandleSetManyCookies(const HttpRequest& request) {
 // /expect-and-set-cookie?expect=EXPECTED&set=SET&data=DATA
 // Verifies that the request cookies match EXPECTED and then returns cookies
 // that match SET and a content that matches DATA.
-scoped_ptr<HttpResponse> HandleExpectAndSetCookie(const HttpRequest& request) {
+std::unique_ptr<HttpResponse> HandleExpectAndSetCookie(
+    const HttpRequest& request) {
   std::vector<std::string> received_cookies;
   if (request.headers.find("Cookie") != request.headers.end()) {
     received_cookies =
@@ -225,7 +226,7 @@ scoped_ptr<HttpResponse> HandleExpectAndSetCookie(const HttpRequest& request) {
     }
   }
 
-  scoped_ptr<BasicHttpResponse> http_response(new BasicHttpResponse);
+  std::unique_ptr<BasicHttpResponse> http_response(new BasicHttpResponse);
   http_response->set_content_type("text/html");
   if (got_all_expected) {
     for (const auto& cookie : query_list.at("set")) {
@@ -246,12 +247,12 @@ scoped_ptr<HttpResponse> HandleExpectAndSetCookie(const HttpRequest& request) {
 
 // /set-header?HEADERS
 // Returns a response with HEADERS set as the response headers.
-scoped_ptr<HttpResponse> HandleSetHeader(const HttpRequest& request) {
+std::unique_ptr<HttpResponse> HandleSetHeader(const HttpRequest& request) {
   std::string content;
 
   GURL request_url = request.GetURL();
 
-  scoped_ptr<BasicHttpResponse> http_response(new BasicHttpResponse);
+  std::unique_ptr<BasicHttpResponse> http_response(new BasicHttpResponse);
   http_response->set_content_type("text/html");
   if (request_url.has_query()) {
     RequestQuery headers = ParseQuery(request_url);
@@ -272,23 +273,23 @@ scoped_ptr<HttpResponse> HandleSetHeader(const HttpRequest& request) {
 
 // /nocontent
 // Returns a NO_CONTENT response.
-scoped_ptr<HttpResponse> HandleNoContent(const HttpRequest& request) {
-  scoped_ptr<BasicHttpResponse> http_response(new BasicHttpResponse);
+std::unique_ptr<HttpResponse> HandleNoContent(const HttpRequest& request) {
+  std::unique_ptr<BasicHttpResponse> http_response(new BasicHttpResponse);
   http_response->set_code(HTTP_NO_CONTENT);
   return std::move(http_response);
 }
 
 // /close-socket
 // Immediately closes the connection.
-scoped_ptr<HttpResponse> HandleCloseSocket(const HttpRequest& request) {
-  scoped_ptr<RawHttpResponse> http_response(new RawHttpResponse("", ""));
+std::unique_ptr<HttpResponse> HandleCloseSocket(const HttpRequest& request) {
+  std::unique_ptr<RawHttpResponse> http_response(new RawHttpResponse("", ""));
   return std::move(http_response);
 }
 
 // /auth-basic?password=PASS&realm=REALM
 // Performs "Basic" HTTP authentication using expected password PASS and
 // realm REALM.
-scoped_ptr<HttpResponse> HandleAuthBasic(const HttpRequest& request) {
+std::unique_ptr<HttpResponse> HandleAuthBasic(const HttpRequest& request) {
   GURL request_url = request.GetURL();
   RequestQuery query = ParseQuery(request_url);
 
@@ -329,7 +330,7 @@ scoped_ptr<HttpResponse> HandleAuthBasic(const HttpRequest& request) {
     }
   }
 
-  scoped_ptr<BasicHttpResponse> http_response(new BasicHttpResponse);
+  std::unique_ptr<BasicHttpResponse> http_response(new BasicHttpResponse);
   if (!authed) {
     http_response->set_code(HTTP_UNAUTHORIZED);
     http_response->set_content_type("text/html");
@@ -378,7 +379,7 @@ scoped_ptr<HttpResponse> HandleAuthBasic(const HttpRequest& request) {
 
 // /auth-digest
 // Performs "Digest" HTTP authentication.
-scoped_ptr<HttpResponse> HandleAuthDigest(const HttpRequest& request) {
+std::unique_ptr<HttpResponse> HandleAuthDigest(const HttpRequest& request) {
   std::string nonce = base::MD5String(
       base::StringPrintf("privatekey%s", request.relative_url.c_str()));
   std::string opaque = base::MD5String("opaque");
@@ -446,7 +447,7 @@ scoped_ptr<HttpResponse> HandleAuthDigest(const HttpRequest& request) {
     }
   }
 
-  scoped_ptr<BasicHttpResponse> http_response(new BasicHttpResponse);
+  std::unique_ptr<BasicHttpResponse> http_response(new BasicHttpResponse);
   if (!authed) {
     http_response->set_code(HTTP_UNAUTHORIZED);
     http_response->set_content_type("text/html");
@@ -476,12 +477,12 @@ scoped_ptr<HttpResponse> HandleAuthDigest(const HttpRequest& request) {
 
 // /server-redirect?URL
 // Returns a server-redirect (301) to URL.
-scoped_ptr<HttpResponse> HandleServerRedirect(const HttpRequest& request) {
+std::unique_ptr<HttpResponse> HandleServerRedirect(const HttpRequest& request) {
   GURL request_url = request.GetURL();
   std::string dest =
       net::UnescapeURLComponent(request_url.query(), kUnescapeAll);
 
-  scoped_ptr<BasicHttpResponse> http_response(new BasicHttpResponse);
+  std::unique_ptr<BasicHttpResponse> http_response(new BasicHttpResponse);
   http_response->set_code(HTTP_MOVED_PERMANENTLY);
   http_response->AddCustomHeader("Location", dest);
   http_response->set_content_type("text/html");
@@ -493,8 +494,9 @@ scoped_ptr<HttpResponse> HandleServerRedirect(const HttpRequest& request) {
 
 // /cross-site?URL
 // Returns a cross-site redirect to URL.
-scoped_ptr<HttpResponse> HandleCrossSiteRedirect(EmbeddedTestServer* server,
-                                                 const HttpRequest& request) {
+std::unique_ptr<HttpResponse> HandleCrossSiteRedirect(
+    EmbeddedTestServer* server,
+    const HttpRequest& request) {
   if (!ShouldHandle(request, "/cross-site"))
     return nullptr;
 
@@ -510,7 +512,7 @@ scoped_ptr<HttpResponse> HandleCrossSiteRedirect(EmbeddedTestServer* server,
         dest_all.substr(delimiter + 1).c_str());
   }
 
-  scoped_ptr<BasicHttpResponse> http_response(new BasicHttpResponse);
+  std::unique_ptr<BasicHttpResponse> http_response(new BasicHttpResponse);
   http_response->set_code(HTTP_MOVED_PERMANENTLY);
   http_response->AddCustomHeader("Location", dest);
   http_response->set_content_type("text/html");
@@ -522,12 +524,12 @@ scoped_ptr<HttpResponse> HandleCrossSiteRedirect(EmbeddedTestServer* server,
 
 // /client-redirect?URL
 // Returns a meta redirect to URL.
-scoped_ptr<HttpResponse> HandleClientRedirect(const HttpRequest& request) {
+std::unique_ptr<HttpResponse> HandleClientRedirect(const HttpRequest& request) {
   GURL request_url = request.GetURL();
   std::string dest =
       net::UnescapeURLComponent(request_url.query(), kUnescapeAll);
 
-  scoped_ptr<BasicHttpResponse> http_response(new BasicHttpResponse);
+  std::unique_ptr<BasicHttpResponse> http_response(new BasicHttpResponse);
   http_response->set_content_type("text/html");
   http_response->set_content(base::StringPrintf(
       "<html><head><meta http-equiv=\"refresh\" content=\"0;url=%s\"></head>"
@@ -538,8 +540,9 @@ scoped_ptr<HttpResponse> HandleClientRedirect(const HttpRequest& request) {
 
 // /defaultresponse
 // Returns a valid 200 response.
-scoped_ptr<HttpResponse> HandleDefaultResponse(const HttpRequest& request) {
-  scoped_ptr<BasicHttpResponse> http_response(new BasicHttpResponse);
+std::unique_ptr<HttpResponse> HandleDefaultResponse(
+    const HttpRequest& request) {
+  std::unique_ptr<BasicHttpResponse> http_response(new BasicHttpResponse);
   http_response->set_content_type("text/html");
   http_response->set_content("Default response given for path: " +
                              request.relative_url);
@@ -566,14 +569,15 @@ class DelayedHttpResponse : public BasicHttpResponse {
 
 // /slow?N
 // Returns a response to the server delayed by N seconds.
-scoped_ptr<HttpResponse> HandleSlowServer(const HttpRequest& request) {
+std::unique_ptr<HttpResponse> HandleSlowServer(const HttpRequest& request) {
   double delay = 1.0f;
 
   GURL request_url = request.GetURL();
   if (request_url.has_query())
     delay = std::atof(request_url.query().c_str());
 
-  scoped_ptr<BasicHttpResponse> http_response(new DelayedHttpResponse(delay));
+  std::unique_ptr<BasicHttpResponse> http_response(
+      new DelayedHttpResponse(delay));
   http_response->set_content_type("text/plain");
   http_response->set_content(base::StringPrintf("waited %.1f seconds", delay));
   return std::move(http_response);
diff --git a/chromium/net/test/embedded_test_server/embedded_test_server.cc b/chromium/net/test/embedded_test_server/embedded_test_server.cc
index eb09b967867..c93ff0c7f8c 100644
--- a/chromium/net/test/embedded_test_server/embedded_test_server.cc
+++ b/chromium/net/test/embedded_test_server/embedded_test_server.cc
@@ -18,8 +18,8 @@
 #include "base/stl_util.h"
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
-#include "base/thread_task_runner_handle.h"
 #include "base/threading/thread_restrictions.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "crypto/rsa_private_key.h"
 #include "net/base/ip_endpoint.h"
 #include "net/base/net_errors.h"
@@ -131,7 +131,7 @@ void EmbeddedTestServer::InitializeSSLServerContext() {
   std::vector<uint8_t> key_vector;
   key_vector.assign(pem_tokenizer.data().begin(), pem_tokenizer.data().end());
 
-  scoped_ptr<crypto::RSAPrivateKey> server_key(
+  std::unique_ptr<crypto::RSAPrivateKey> server_key(
       crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_vector));
   context_ =
       CreateSSLServerContext(GetCertificate().get(), *server_key, ssl_config_);
@@ -167,10 +167,13 @@ void EmbeddedTestServer::ShutdownOnIOThread() {
 }
 
 void EmbeddedTestServer::HandleRequest(HttpConnection* connection,
-                                       scoped_ptr<HttpRequest> request) {
+                                       std::unique_ptr<HttpRequest> request) {
   DCHECK(io_thread_->task_runner()->BelongsToCurrentThread());
 
-  scoped_ptr<HttpResponse> response;
+  for (const auto& monitor : request_monitors_)
+    monitor.Run(*request);
+
+  std::unique_ptr<HttpResponse> response;
 
   for (const auto& handler : request_handlers_) {
     response = handler.Run(*request);
@@ -189,7 +192,8 @@ void EmbeddedTestServer::HandleRequest(HttpConnection* connection,
   if (!response) {
     LOG(WARNING) << "Request not handled. Returning 404: "
                  << request->relative_url;
-    scoped_ptr<BasicHttpResponse> not_found_response(new BasicHttpResponse);
+    std::unique_ptr<BasicHttpResponse> not_found_response(
+        new BasicHttpResponse);
     not_found_response->set_code(HTTP_NOT_FOUND);
     response = std::move(not_found_response);
   }
@@ -283,20 +287,27 @@ void EmbeddedTestServer::AddDefaultHandlers(const base::FilePath& directory) {
 
 void EmbeddedTestServer::RegisterRequestHandler(
     const HandleRequestCallback& callback) {
-  // TODO(svaldez): Add check to prevent RegisterHandler from being called
-  // after the server has started. https://crbug.com/546060
+  // TODO(svaldez): Add check to prevent RegisterRequestHandler from being
+  // called after the server has started. https://crbug.com/546060
   request_handlers_.push_back(callback);
 }
 
+void EmbeddedTestServer::RegisterRequestMonitor(
+    const MonitorRequestCallback& callback) {
+  // TODO(svaldez): Add check to prevent RegisterRequestMonitor from being
+  // called after the server has started. https://crbug.com/546060
+  request_monitors_.push_back(callback);
+}
+
 void EmbeddedTestServer::RegisterDefaultHandler(
     const HandleRequestCallback& callback) {
-  // TODO(svaldez): Add check to prevent RegisterHandler from being called
-  // after the server has started. https://crbug.com/546060
+  // TODO(svaldez): Add check to prevent RegisterDefaultHandler from being
+  // called after the server has started. https://crbug.com/546060
   default_request_handlers_.push_back(callback);
 }
 
-scoped_ptr<StreamSocket> EmbeddedTestServer::DoSSLUpgrade(
-    scoped_ptr<StreamSocket> connection) {
+std::unique_ptr<StreamSocket> EmbeddedTestServer::DoSSLUpgrade(
+    std::unique_ptr<StreamSocket> connection) {
   DCHECK(io_thread_->task_runner()->BelongsToCurrentThread());
 
   return context_->CreateSSLServerSocket(std::move(connection));
@@ -314,6 +325,18 @@ void EmbeddedTestServer::DoAcceptLoop() {
   }
 }
 
+bool EmbeddedTestServer::FlushAllSocketsAndConnectionsOnUIThread() {
+  return PostTaskToIOThreadAndWait(
+      base::Bind(&EmbeddedTestServer::FlushAllSocketsAndConnections,
+                 base::Unretained(this)));
+}
+
+void EmbeddedTestServer::FlushAllSocketsAndConnections() {
+  STLDeleteContainerPairSecondPointers(connections_.begin(),
+                                       connections_.end());
+  connections_.clear();
+}
+
 void EmbeddedTestServer::OnAcceptCompleted(int rv) {
   DCHECK_NE(ERR_IO_PENDING, rv);
   HandleAcceptResult(std::move(accepted_socket_));
@@ -327,7 +350,8 @@ void EmbeddedTestServer::OnHandshakeDone(HttpConnection* connection, int rv) {
     DidClose(connection);
 }
 
-void EmbeddedTestServer::HandleAcceptResult(scoped_ptr<StreamSocket> socket) {
+void EmbeddedTestServer::HandleAcceptResult(
+    std::unique_ptr<StreamSocket> socket) {
   DCHECK(io_thread_->task_runner()->BelongsToCurrentThread());
   if (connection_listener_)
     connection_listener_->AcceptedSocket(*socket);
@@ -374,7 +398,7 @@ void EmbeddedTestServer::OnReadCompleted(HttpConnection* connection, int rv) {
 bool EmbeddedTestServer::HandleReadResult(HttpConnection* connection, int rv) {
   DCHECK(io_thread_->task_runner()->BelongsToCurrentThread());
   if (connection_listener_)
-    connection_listener_->ReadFromSocket(*connection->socket_);
+    connection_listener_->ReadFromSocket(*connection->socket_, rv);
   if (rv <= 0) {
     DidClose(connection);
     return false;
@@ -419,7 +443,7 @@ bool EmbeddedTestServer::PostTaskToIOThreadAndWait(
   //
   // To handle this situation, create temporary message loop to support the
   // PostTaskAndReply operation if the current thread as no message loop.
-  scoped_ptr<base::MessageLoop> temporary_loop;
+  std::unique_ptr<base::MessageLoop> temporary_loop;
   if (!base::MessageLoop::current())
     temporary_loop.reset(new base::MessageLoop());
 
diff --git a/chromium/net/test/embedded_test_server/embedded_test_server.h b/chromium/net/test/embedded_test_server/embedded_test_server.h
index 00952f9905d..3b9e253b906 100644
--- a/chromium/net/test/embedded_test_server/embedded_test_server.h
+++ b/chromium/net/test/embedded_test_server/embedded_test_server.h
@@ -8,6 +8,7 @@
 #include <stdint.h>
 
 #include <map>
+#include <memory>
 #include <string>
 #include <vector>
 
@@ -16,7 +17,6 @@
 #include "base/files/file_path.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "base/threading/thread.h"
 #include "base/threading/thread_checker.h"
@@ -57,12 +57,12 @@ struct HttpRequest;
 //       base::Bind(&FooTest::HandleRequest, base::Unretained(this)));
 // }
 //
-// scoped_ptr<HttpResponse> HandleRequest(const HttpRequest& request) {
+// std::unique_ptr<HttpResponse> HandleRequest(const HttpRequest& request) {
 //   GURL absolute_url = test_server_->GetURL(request.relative_url);
 //   if (absolute_url.path() != "/test")
-//     return scoped_ptr<HttpResponse>();
+//     return std::unique_ptr<HttpResponse>();
 //
-//   scoped_ptr<BasicHttpResponse> http_response(new BasicHttpResponse());
+//   std::unique_ptr<BasicHttpResponse> http_response(new BasicHttpResponse());
 //   http_response->set_code(test_server::SUCCESS);
 //   http_response->set_content("hello");
 //   http_response->set_content_type("text/plain");
@@ -114,8 +114,11 @@ class EmbeddedTestServer {
     CERT_COMMON_NAME_IS_DOMAIN,
   };
 
-  typedef base::Callback<scoped_ptr<HttpResponse>(
-      const HttpRequest& request)> HandleRequestCallback;
+  typedef base::Callback<std::unique_ptr<HttpResponse>(
+      const HttpRequest& request)>
+      HandleRequestCallback;
+  typedef base::Callback<void(const HttpRequest& request)>
+      MonitorRequestCallback;
 
   // Creates a http test server. Start() must be called to start the server.
   // |type| indicates the protocol type of the server (HTTP/HTTPS).
@@ -132,7 +135,7 @@ class EmbeddedTestServer {
   // This is the equivalent of calling InitializeAndListen() followed by
   // StartAcceptingConnections().
   // Returns whether a listening socket has been successfully created.
-  bool Start();
+  bool Start() WARN_UNUSED_RESULT;
 
   // Starts listening for incoming connections but will not yet accept them.
   // Returns whether a listening socket has been succesfully created.
@@ -206,16 +209,25 @@ class EmbeddedTestServer {
   // on UI thread.
   void RegisterRequestHandler(const HandleRequestCallback& callback);
 
+  // Adds request monitors. The |callback| is called before any handlers are
+  // called, but can not respond it. This is useful to monitor requests that
+  // will be handled by other request handlers.
+  void RegisterRequestMonitor(const MonitorRequestCallback& callback);
+
   // Adds default handlers, including those added by AddDefaultHandlers, to be
   // tried after all other user-specified handlers have been tried.
   void RegisterDefaultHandler(const HandleRequestCallback& callback);
 
+  bool FlushAllSocketsAndConnectionsOnUIThread();
+  void FlushAllSocketsAndConnections();
+
  private:
   // Shuts down the server.
   void ShutdownOnIOThread();
 
   // Upgrade the TCP connection to one over SSL.
-  scoped_ptr<StreamSocket> DoSSLUpgrade(scoped_ptr<StreamSocket> connection);
+  std::unique_ptr<StreamSocket> DoSSLUpgrade(
+      std::unique_ptr<StreamSocket> connection);
   // Handles async callback when the SSL handshake has been completed.
   void OnHandshakeDone(HttpConnection* connection, int rv);
 
@@ -226,7 +238,7 @@ class EmbeddedTestServer {
   void OnAcceptCompleted(int rv);
   // Adds the new |socket| to the list of clients and begins the reading
   // data.
-  void HandleAcceptResult(scoped_ptr<StreamSocket> socket);
+  void HandleAcceptResult(std::unique_ptr<StreamSocket> socket);
 
   // Attempts to read data from the |connection|'s socket.
   void ReadData(HttpConnection* connection);
@@ -242,7 +254,7 @@ class EmbeddedTestServer {
   // Handles a request when it is parsed. It passes the request to registered
   // request handlers and sends a http response.
   void HandleRequest(HttpConnection* connection,
-                     scoped_ptr<HttpRequest> request);
+                     std::unique_ptr<HttpRequest> request);
 
   // Initializes the SSLServerContext so that SSLServerSocket connections may
   // share the same cache
@@ -256,10 +268,10 @@ class EmbeddedTestServer {
 
   const bool is_using_ssl_;
 
-  scoped_ptr<base::Thread> io_thread_;
+  std::unique_ptr<base::Thread> io_thread_;
 
-  scoped_ptr<TCPServerSocket> listen_socket_;
-  scoped_ptr<StreamSocket> accepted_socket_;
+  std::unique_ptr<TCPServerSocket> listen_socket_;
+  std::unique_ptr<StreamSocket> accepted_socket_;
 
   EmbeddedTestServerConnectionListener* connection_listener_;
   uint16_t port_;
@@ -269,15 +281,16 @@ class EmbeddedTestServer {
   // Owns the HttpConnection objects.
   std::map<StreamSocket*, HttpConnection*> connections_;
 
-  // Vector of registered and default request handlers.
+  // Vector of registered and default request handlers and monitors.
   std::vector<HandleRequestCallback> request_handlers_;
+  std::vector<MonitorRequestCallback> request_monitors_;
   std::vector<HandleRequestCallback> default_request_handlers_;
 
   base::ThreadChecker thread_checker_;
 
   net::SSLServerConfig ssl_config_;
   ServerCertificate cert_;
-  scoped_ptr<SSLServerContext> context_;
+  std::unique_ptr<SSLServerContext> context_;
 
   base::WeakPtrFactory<EmbeddedTestServer> weak_factory_;
 
diff --git a/chromium/net/test/embedded_test_server/embedded_test_server_connection_listener.h b/chromium/net/test/embedded_test_server/embedded_test_server_connection_listener.h
index 01d5415220d..d712aea4947 100644
--- a/chromium/net/test/embedded_test_server/embedded_test_server_connection_listener.h
+++ b/chromium/net/test/embedded_test_server/embedded_test_server_connection_listener.h
@@ -18,7 +18,7 @@ class EmbeddedTestServerConnectionListener {
   virtual void AcceptedSocket(const StreamSocket& socket) = 0;
 
   // Notified when a socket was read from by the EmbeddedTestServer.
-  virtual void ReadFromSocket(const StreamSocket& socket) = 0;
+  virtual void ReadFromSocket(const StreamSocket& socket, int rv) = 0;
 
  protected:
   EmbeddedTestServerConnectionListener() {}
diff --git a/chromium/net/test/embedded_test_server/embedded_test_server_unittest.cc b/chromium/net/test/embedded_test_server/embedded_test_server_unittest.cc
index bdd4a826d04..d3a10319962 100644
--- a/chromium/net/test/embedded_test_server/embedded_test_server_unittest.cc
+++ b/chromium/net/test/embedded_test_server/embedded_test_server_unittest.cc
@@ -7,6 +7,7 @@
 #include <utility>
 
 #include "base/macros.h"
+#include "base/memory/ptr_util.h"
 #include "base/memory/weak_ptr.h"
 #include "base/path_service.h"
 #include "base/run_loop.h"
@@ -30,7 +31,7 @@
 #include "net/url_request/url_request_test_util.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
-#if defined(USE_NSS_VERIFIER)
+#if defined(USE_NSS_CERTS)
 #include "net/cert_net/nss_ocsp.h"
 #endif
 
@@ -82,7 +83,7 @@ class TestConnectionListener
 
   // Get called from the EmbeddedTestServer thread to be notified that
   // a connection was read from.
-  void ReadFromSocket(const net::StreamSocket& connection) override {
+  void ReadFromSocket(const net::StreamSocket& connection, int rv) override {
     base::AutoLock lock(lock_);
     did_read_from_socket_ = true;
   }
@@ -122,7 +123,7 @@ class EmbeddedTestServerTest
   }
 
   void SetUp() override {
-#if defined(USE_NSS_VERIFIER)
+#if defined(USE_NSS_CERTS)
     // This is needed so NSS's HTTP client functions are initialized on the
     // right thread. These tests create SSLClientSockets on a different thread.
     // TODO(davidben): Initialization can't be deferred to SSLClientSocket. See
@@ -145,7 +146,7 @@ class EmbeddedTestServerTest
   void TearDown() override {
     if (server_->Started())
       ASSERT_TRUE(server_->ShutdownAndWaitUntilComplete());
-#if defined(USE_NSS_VERIFIER)
+#if defined(USE_NSS_CERTS)
     ShutdownNSSHttpIO();
 #endif
   }
@@ -167,16 +168,16 @@ class EmbeddedTestServerTest
 
   // Handles |request| sent to |path| and returns the response per |content|,
   // |content type|, and |code|. Saves the request URL for verification.
-  scoped_ptr<HttpResponse> HandleRequest(const std::string& path,
-                                         const std::string& content,
-                                         const std::string& content_type,
-                                         HttpStatusCode code,
-                                         const HttpRequest& request) {
+  std::unique_ptr<HttpResponse> HandleRequest(const std::string& path,
+                                              const std::string& content,
+                                              const std::string& content_type,
+                                              HttpStatusCode code,
+                                              const HttpRequest& request) {
     request_relative_url_ = request.relative_url;
 
     GURL absolute_url = server_->GetURL(request.relative_url);
     if (absolute_url.path() == path) {
-      scoped_ptr<BasicHttpResponse> http_response(new BasicHttpResponse);
+      std::unique_ptr<BasicHttpResponse> http_response(new BasicHttpResponse);
       http_response->set_code(code);
       http_response->set_content(content);
       http_response->set_content_type(content_type);
@@ -193,7 +194,7 @@ class EmbeddedTestServerTest
   base::Thread io_thread_;
   scoped_refptr<TestURLRequestContextGetter> request_context_getter_;
   TestConnectionListener connection_listener_;
-  scoped_ptr<EmbeddedTestServer> server_;
+  std::unique_ptr<EmbeddedTestServer> server_;
 };
 
 TEST_P(EmbeddedTestServerTest, GetBaseURL) {
@@ -243,7 +244,7 @@ TEST_P(EmbeddedTestServerTest, RegisterRequestHandler) {
                  HTTP_OK));
   ASSERT_TRUE(server_->Start());
 
-  scoped_ptr<URLFetcher> fetcher =
+  std::unique_ptr<URLFetcher> fetcher =
       URLFetcher::Create(server_->GetURL("/test?q=foo"), URLFetcher::GET, this);
   fetcher->SetRequestContext(request_context_getter_.get());
   fetcher->Start();
@@ -264,7 +265,7 @@ TEST_P(EmbeddedTestServerTest, ServeFilesFromDirectory) {
       src_dir.AppendASCII("net").AppendASCII("data"));
   ASSERT_TRUE(server_->Start());
 
-  scoped_ptr<URLFetcher> fetcher =
+  std::unique_ptr<URLFetcher> fetcher =
       URLFetcher::Create(server_->GetURL("/test.html"), URLFetcher::GET, this);
   fetcher->SetRequestContext(request_context_getter_.get());
   fetcher->Start();
@@ -279,7 +280,7 @@ TEST_P(EmbeddedTestServerTest, ServeFilesFromDirectory) {
 TEST_P(EmbeddedTestServerTest, DefaultNotFoundResponse) {
   ASSERT_TRUE(server_->Start());
 
-  scoped_ptr<URLFetcher> fetcher = URLFetcher::Create(
+  std::unique_ptr<URLFetcher> fetcher = URLFetcher::Create(
       server_->GetURL("/non-existent"), URLFetcher::GET, this);
   fetcher->SetRequestContext(request_context_getter_.get());
 
@@ -296,9 +297,9 @@ TEST_P(EmbeddedTestServerTest, ConnectionListenerAccept) {
   net::AddressList address_list;
   EXPECT_TRUE(server_->GetAddressList(&address_list));
 
-  scoped_ptr<StreamSocket> socket =
+  std::unique_ptr<StreamSocket> socket =
       ClientSocketFactory::GetDefaultFactory()->CreateTransportClientSocket(
-          address_list, &net_log, NetLog::Source());
+          address_list, NULL, &net_log, NetLog::Source());
   TestCompletionCallback callback;
   ASSERT_EQ(OK, callback.GetResult(socket->Connect(callback.callback())));
 
@@ -311,7 +312,7 @@ TEST_P(EmbeddedTestServerTest, ConnectionListenerAccept) {
 TEST_P(EmbeddedTestServerTest, ConnectionListenerRead) {
   ASSERT_TRUE(server_->Start());
 
-  scoped_ptr<URLFetcher> fetcher = URLFetcher::Create(
+  std::unique_ptr<URLFetcher> fetcher = URLFetcher::Create(
       server_->GetURL("/non-existent"), URLFetcher::GET, this);
   fetcher->SetRequestContext(request_context_getter_.get());
 
@@ -345,13 +346,13 @@ TEST_P(EmbeddedTestServerTest, ConcurrentFetches) {
                  HTTP_NOT_FOUND));
   ASSERT_TRUE(server_->Start());
 
-  scoped_ptr<URLFetcher> fetcher1 =
+  std::unique_ptr<URLFetcher> fetcher1 =
       URLFetcher::Create(server_->GetURL("/test1"), URLFetcher::GET, this);
   fetcher1->SetRequestContext(request_context_getter_.get());
-  scoped_ptr<URLFetcher> fetcher2 =
+  std::unique_ptr<URLFetcher> fetcher2 =
       URLFetcher::Create(server_->GetURL("/test2"), URLFetcher::GET, this);
   fetcher2->SetRequestContext(request_context_getter_.get());
-  scoped_ptr<URLFetcher> fetcher3 =
+  std::unique_ptr<URLFetcher> fetcher3 =
       URLFetcher::Create(server_->GetURL("/test3"), URLFetcher::GET, this);
   fetcher3->SetRequestContext(request_context_getter_.get());
 
@@ -423,8 +424,9 @@ class InfiniteResponse : public BasicHttpResponse {
   DISALLOW_COPY_AND_ASSIGN(InfiniteResponse);
 };
 
-scoped_ptr<HttpResponse> HandleInfiniteRequest(const HttpRequest& request) {
-  return make_scoped_ptr(new InfiniteResponse);
+std::unique_ptr<HttpResponse> HandleInfiniteRequest(
+    const HttpRequest& request) {
+  return base::WrapUnique(new InfiniteResponse);
 }
 }
 
@@ -440,7 +442,7 @@ TEST_P(EmbeddedTestServerTest, CloseDuringWrite) {
       &HandlePrefixedRequest, "/infinite", base::Bind(&HandleInfiniteRequest)));
   ASSERT_TRUE(server_->Start());
 
-  scoped_ptr<URLRequest> request = context.CreateRequest(
+  std::unique_ptr<URLRequest> request = context.CreateRequest(
       server_->GetURL("/infinite"), DEFAULT_PRIORITY, &cancel_delegate);
   request->Start();
   cancel_delegate.WaitUntilDone();
@@ -496,7 +498,7 @@ typedef std::tr1::tuple<bool, bool, EmbeddedTestServer::Type>
 class EmbeddedTestServerThreadingTest
     : public testing::TestWithParam<ThreadingTestParams> {
   void SetUp() override {
-#if defined(USE_NSS_VERIFIER)
+#if defined(USE_NSS_CERTS)
     // This is needed so NSS's HTTP client functions are initialized on the
     // right thread. These tests create SSLClientSockets on a different thread.
     // TODO(davidben): Initialization can't be deferred to SSLClientSocket. See
@@ -507,7 +509,7 @@ class EmbeddedTestServerThreadingTest
   }
 
   void TearDown() override {
-#if defined(USE_NSS_VERIFIER)
+#if defined(USE_NSS_CERTS)
     ShutdownNSSHttpIO();
 #endif
   }
@@ -534,7 +536,7 @@ class EmbeddedTestServerThreadingTestDelegate
     ASSERT_TRUE(io_thread.StartWithOptions(thread_options));
     io_thread_runner = io_thread.task_runner();
 
-    scoped_ptr<base::MessageLoop> loop;
+    std::unique_ptr<base::MessageLoop> loop;
     if (message_loop_present_on_initialize_)
       loop.reset(new base::MessageLoopForIO);
 
@@ -548,7 +550,7 @@ class EmbeddedTestServerThreadingTestDelegate
     if (!loop)
       loop.reset(new base::MessageLoopForIO);
 
-    scoped_ptr<URLFetcher> fetcher =
+    std::unique_ptr<URLFetcher> fetcher =
         URLFetcher::Create(server.GetURL("/test?q=foo"), URLFetcher::GET, this);
     fetcher->SetRequestContext(
         new TestURLRequestContextGetter(loop->task_runner()));
diff --git a/chromium/net/test/embedded_test_server/http_connection.cc b/chromium/net/test/embedded_test_server/http_connection.cc
index ce95f4362d2..2f3e906a68a 100644
--- a/chromium/net/test/embedded_test_server/http_connection.cc
+++ b/chromium/net/test/embedded_test_server/http_connection.cc
@@ -12,7 +12,7 @@
 namespace net {
 namespace test_server {
 
-HttpConnection::HttpConnection(scoped_ptr<StreamSocket> socket,
+HttpConnection::HttpConnection(std::unique_ptr<StreamSocket> socket,
                                const HandleRequestCallback& callback)
     : socket_(std::move(socket)),
       callback_(callback),
diff --git a/chromium/net/test/embedded_test_server/http_connection.h b/chromium/net/test/embedded_test_server/http_connection.h
index 4f4e555f959..0b87fcb218d 100644
--- a/chromium/net/test/embedded_test_server/http_connection.h
+++ b/chromium/net/test/embedded_test_server/http_connection.h
@@ -5,10 +5,11 @@
 #ifndef NET_TEST_EMBEDDED_TEST_SERVER_HTTP_CONNECTION_H_
 #define NET_TEST_EMBEDDED_TEST_SERVER_HTTP_CONNECTION_H_
 
+#include <memory>
+
 #include "base/callback.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "base/strings/string_piece.h"
 #include "net/base/completion_callback.h"
@@ -28,14 +29,14 @@ class HttpResponse;
 // Calblack called when a request is parsed. Response should be sent
 // using HttpConnection::SendResponse() on the |connection| argument.
 typedef base::Callback<void(HttpConnection* connection,
-                            scoped_ptr<HttpRequest> request)>
+                            std::unique_ptr<HttpRequest> request)>
     HandleRequestCallback;
 
 // Wraps the connection socket. Accepts incoming data and sends responses.
 // If a valid request is parsed, then |callback_| is invoked.
 class HttpConnection {
  public:
-  HttpConnection(scoped_ptr<StreamSocket> socket,
+  HttpConnection(std::unique_ptr<StreamSocket> socket,
                  const HandleRequestCallback& callback);
   ~HttpConnection();
 
@@ -61,7 +62,7 @@ class HttpConnection {
 
   base::WeakPtr<HttpConnection> GetWeakPtr();
 
-  scoped_ptr<StreamSocket> socket_;
+  std::unique_ptr<StreamSocket> socket_;
   const HandleRequestCallback callback_;
   HttpRequestParser request_parser_;
   scoped_refptr<IOBufferWithSize> read_buf_;
diff --git a/chromium/net/test/embedded_test_server/http_request.cc b/chromium/net/test/embedded_test_server/http_request.cc
index a1332bee3b4..2c247c614a9 100644
--- a/chromium/net/test/embedded_test_server/http_request.cc
+++ b/chromium/net/test/embedded_test_server/http_request.cc
@@ -217,9 +217,9 @@ HttpRequestParser::ParseResult HttpRequestParser::ParseContent() {
   return WAITING;
 }
 
-scoped_ptr<HttpRequest> HttpRequestParser::GetRequest() {
+std::unique_ptr<HttpRequest> HttpRequestParser::GetRequest() {
   DCHECK_EQ(STATE_ACCEPTED, state_);
-  scoped_ptr<HttpRequest> result = std::move(http_request_);
+  std::unique_ptr<HttpRequest> result = std::move(http_request_);
 
   // Prepare for parsing a new request.
   state_ = STATE_HEADERS;
diff --git a/chromium/net/test/embedded_test_server/http_request.h b/chromium/net/test/embedded_test_server/http_request.h
index d9e54b8151b..b58f7749d8e 100644
--- a/chromium/net/test/embedded_test_server/http_request.h
+++ b/chromium/net/test/embedded_test_server/http_request.h
@@ -8,10 +8,10 @@
 #include <stddef.h>
 
 #include <map>
+#include <memory>
 #include <string>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_piece.h"
 #include "base/strings/string_util.h"
 #include "url/gurl.h"
@@ -73,7 +73,7 @@ struct HttpRequest {
 // void OnDataChunkReceived(Socket* socket, const char* data, int size) {
 //   parser.ProcessChunk(std::string(data, size));
 //   if (parser.ParseRequest() == HttpRequestParser::ACCEPTED) {
-//     scoped_ptr<HttpRequest> request = parser.GetRequest();
+//     std::unique_ptr<HttpRequest> request = parser.GetRequest();
 //     (... process the request ...)
 //   }
 class HttpRequestParser {
@@ -106,7 +106,7 @@ class HttpRequestParser {
   // Retrieves parsed request. Can be only called, when the parser is in
   // STATE_ACCEPTED state. After calling it, the parser is ready to parse
   // another request.
-  scoped_ptr<HttpRequest> GetRequest();
+  std::unique_ptr<HttpRequest> GetRequest();
 
  private:
   HttpMethod GetMethodType(const std::string& token) const;
@@ -124,14 +124,14 @@ class HttpRequestParser {
   // no line available.
   std::string ShiftLine();
 
-  scoped_ptr<HttpRequest> http_request_;
+  std::unique_ptr<HttpRequest> http_request_;
   std::string buffer_;
   size_t buffer_position_;  // Current position in the internal buffer.
   State state_;
   // Content length of the request currently being parsed.
   size_t declared_content_length_;
 
-  scoped_ptr<HttpChunkedDecoder> chunked_decoder_;
+  std::unique_ptr<HttpChunkedDecoder> chunked_decoder_;
 
   DISALLOW_COPY_AND_ASSIGN(HttpRequestParser);
 };
diff --git a/chromium/net/test/embedded_test_server/http_request_unittest.cc b/chromium/net/test/embedded_test_server/http_request_unittest.cc
index ff2ae3cf968..64761cfb7fb 100644
--- a/chromium/net/test/embedded_test_server/http_request_unittest.cc
+++ b/chromium/net/test/embedded_test_server/http_request_unittest.cc
@@ -4,7 +4,8 @@
 
 #include "net/test/embedded_test_server/http_request.h"
 
-#include "base/memory/scoped_ptr.h"
+#include <memory>
+
 #include "testing/gtest/include/gtest/gtest.h"
 
 namespace net {
@@ -34,7 +35,7 @@ TEST(HttpRequestTest, ParseRequest) {
 
   // Fetch the first request and validate it.
   {
-    scoped_ptr<HttpRequest> request = parser.GetRequest();
+    std::unique_ptr<HttpRequest> request = parser.GetRequest();
     EXPECT_EQ("/foobar.html", request->relative_url);
     EXPECT_EQ("POST", request->method_string);
     EXPECT_EQ(METHOD_POST, request->method);
@@ -70,7 +71,7 @@ TEST(HttpRequestTest, ParseRequestWithEmptyBody) {
   parser.ProcessChunk("Content-Length: 0\r\n\r\n");
   ASSERT_EQ(HttpRequestParser::ACCEPTED, parser.ParseRequest());
 
-  scoped_ptr<HttpRequest> request = parser.GetRequest();
+  std::unique_ptr<HttpRequest> request = parser.GetRequest();
   EXPECT_EQ("", request->content);
   EXPECT_TRUE(request->has_content);
   EXPECT_EQ(1u, request->headers.count("Content-Length"));
@@ -88,7 +89,7 @@ TEST(HttpRequestTest, ParseRequestWithChunkedBody) {
   parser.ProcessChunk("0\r\n\r\n");
   ASSERT_EQ(HttpRequestParser::ACCEPTED, parser.ParseRequest());
 
-  scoped_ptr<HttpRequest> request = parser.GetRequest();
+  std::unique_ptr<HttpRequest> request = parser.GetRequest();
   EXPECT_EQ("hello world", request->content);
   EXPECT_TRUE(request->has_content);
   EXPECT_EQ(1u, request->headers.count("Transfer-Encoding"));
@@ -112,7 +113,7 @@ TEST(HttpRequestTest, ParseRequestWithChunkedBodySlow) {
   }
   // All chunked data has been sent, the last ParseRequest should give ACCEPTED.
   ASSERT_EQ(HttpRequestParser::ACCEPTED, parser.ParseRequest());
-  scoped_ptr<HttpRequest> request = parser.GetRequest();
+  std::unique_ptr<HttpRequest> request = parser.GetRequest();
   EXPECT_EQ("hello", request->content);
   EXPECT_TRUE(request->has_content);
   EXPECT_EQ(1u, request->headers.count("Transfer-Encoding"));
@@ -125,7 +126,7 @@ TEST(HttpRequestTest, ParseRequestWithoutBody) {
   parser.ProcessChunk("POST /foobar.html HTTP/1.1\r\n\r\n");
   ASSERT_EQ(HttpRequestParser::ACCEPTED, parser.ParseRequest());
 
-  scoped_ptr<HttpRequest> request = parser.GetRequest();
+  std::unique_ptr<HttpRequest> request = parser.GetRequest();
   EXPECT_EQ("", request->content);
   EXPECT_FALSE(request->has_content);
 }
@@ -136,7 +137,7 @@ TEST(HttpRequestTest, ParseGet) {
   parser.ProcessChunk("GET /foobar.html HTTP/1.1\r\n\r\n");
   ASSERT_EQ(HttpRequestParser::ACCEPTED, parser.ParseRequest());
 
-  scoped_ptr<HttpRequest> request = parser.GetRequest();
+  std::unique_ptr<HttpRequest> request = parser.GetRequest();
   EXPECT_EQ("/foobar.html", request->relative_url);
   EXPECT_EQ("GET", request->method_string);
   EXPECT_EQ(METHOD_GET, request->method);
diff --git a/chromium/net/test/embedded_test_server/request_handler_util.cc b/chromium/net/test/embedded_test_server/request_handler_util.cc
index db3f3a6fa0f..b555578f2a0 100644
--- a/chromium/net/test/embedded_test_server/request_handler_util.cc
+++ b/chromium/net/test/embedded_test_server/request_handler_util.cc
@@ -5,6 +5,7 @@
 #include "net/test/embedded_test_server/request_handler_util.h"
 
 #include <stdlib.h>
+
 #include <ctime>
 #include <sstream>
 #include <utility>
@@ -12,6 +13,7 @@
 #include "base/base64.h"
 #include "base/files/file_util.h"
 #include "base/format_macros.h"
+#include "base/memory/ptr_util.h"
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
 #include "base/threading/thread_restrictions.h"
@@ -75,7 +77,7 @@ bool ShouldHandle(const HttpRequest& request, const std::string& path_prefix) {
                           base::CompareCase::SENSITIVE);
 }
 
-scoped_ptr<HttpResponse> HandlePrefixedRequest(
+std::unique_ptr<HttpResponse> HandlePrefixedRequest(
     const std::string& prefix,
     const EmbeddedTestServer::HandleRequestCallback& handler,
     const HttpRequest& request) {
@@ -118,8 +120,9 @@ void GetFilePathWithReplacements(const std::string& original_file_path,
 }
 
 // Handles |request| by serving a file from under |server_root|.
-scoped_ptr<HttpResponse> HandleFileRequest(const base::FilePath& server_root,
-                                           const HttpRequest& request) {
+std::unique_ptr<HttpResponse> HandleFileRequest(
+    const base::FilePath& server_root,
+    const HttpRequest& request) {
   // This is a test-only server. Ignore I/O thread restrictions.
   // TODO(svaldez): Figure out why thread is I/O restricted in the first place.
   base::ThreadRestrictions::ScopedAllowIO allow_io;
@@ -139,7 +142,7 @@ scoped_ptr<HttpResponse> HandleFileRequest(const base::FilePath& server_root,
 
   RequestQuery query = ParseQuery(request_url);
 
-  scoped_ptr<BasicHttpResponse> failed_response(new BasicHttpResponse);
+  std::unique_ptr<BasicHttpResponse> failed_response(new BasicHttpResponse);
   failed_response->set_code(HTTP_NOT_FOUND);
 
   if (query.find("expected_body") != query.end()) {
@@ -197,11 +200,11 @@ scoped_ptr<HttpResponse> HandleFileRequest(const base::FilePath& server_root,
     if (!base::ReadFileToString(headers_path, &headers_contents))
       return nullptr;
 
-    return make_scoped_ptr(
+    return base::WrapUnique(
         new RawHttpResponse(headers_contents, file_contents));
   }
 
-  scoped_ptr<BasicHttpResponse> http_response(new BasicHttpResponse);
+  std::unique_ptr<BasicHttpResponse> http_response(new BasicHttpResponse);
   http_response->set_code(HTTP_OK);
 
   if (request.headers.find("Range") != request.headers.end()) {
diff --git a/chromium/net/test/embedded_test_server/request_handler_util.h b/chromium/net/test/embedded_test_server/request_handler_util.h
index 2ed8d1383b4..fe86755c17f 100644
--- a/chromium/net/test/embedded_test_server/request_handler_util.h
+++ b/chromium/net/test/embedded_test_server/request_handler_util.h
@@ -6,12 +6,12 @@
 #define NET_TEST_EMBEDDED_TEST_SERVER_REQUEST_HANDLER_UTIL_H_
 
 #include <map>
+#include <memory>
 #include <string>
 #include <vector>
 
 #include "base/files/file_path.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_split.h"
 #include "net/test/embedded_test_server/embedded_test_server.h"
 #include "net/test/embedded_test_server/http_response.h"
@@ -34,7 +34,7 @@ using RequestQuery = std::map<std::string, std::vector<std::string>>;
 bool ShouldHandle(const HttpRequest& request, const std::string& prefix_path);
 
 // Calls |handler| if the |request| URL starts with |prefix|.
-scoped_ptr<HttpResponse> HandlePrefixedRequest(
+std::unique_ptr<HttpResponse> HandlePrefixedRequest(
     const std::string& prefix,
     const EmbeddedTestServer::HandleRequestCallback& handler,
     const HttpRequest& request);
@@ -54,8 +54,9 @@ void GetFilePathWithReplacements(const std::string& original_path,
                                  std::string* replacement_path);
 
 // Handles |request| by serving a file from under |server_root|.
-scoped_ptr<HttpResponse> HandleFileRequest(const base::FilePath& server_root,
-                                           const HttpRequest& request);
+std::unique_ptr<HttpResponse> HandleFileRequest(
+    const base::FilePath& server_root,
+    const HttpRequest& request);
 
 }  // namespace test_server
 }  // namespace net
diff --git a/chromium/net/test/net_test_suite.cc b/chromium/net/test/net_test_suite.cc
index 561f149488e..8b0942b9303 100644
--- a/chromium/net/test/net_test_suite.cc
+++ b/chromium/net/test/net_test_suite.cc
@@ -10,7 +10,7 @@
 #include "net/spdy/spdy_session.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
-#if defined(USE_NSS_VERIFIER)
+#if defined(USE_NSS_CERTS)
 #include "net/cert_net/nss_ocsp.h"
 #endif
 
@@ -33,7 +33,7 @@ void NetTestSuite::Initialize() {
 }
 
 void NetTestSuite::Shutdown() {
-#if defined(USE_NSS_VERIFIER)
+#if defined(USE_NSS_CERTS)
   net::ShutdownNSSHttpIO();
 #endif
 
diff --git a/chromium/net/test/net_test_suite.h b/chromium/net/test/net_test_suite.h
index 92f079cde7f..6b154a8e4fc 100644
--- a/chromium/net/test/net_test_suite.h
+++ b/chromium/net/test/net_test_suite.h
@@ -5,6 +5,8 @@
 #ifndef NET_TEST_NET_TEST_SUITE_H_
 #define NET_TEST_NET_TEST_SUITE_H_
 
+#include <memory>
+
 #include "base/memory/ref_counted.h"
 #include "base/test/test_suite.h"
 #include "build/build_config.h"
@@ -41,8 +43,8 @@ class NetTestSuite : public base::TestSuite {
   void InitializeTestThreadNoNetworkChangeNotifier();
 
  private:
-  scoped_ptr<net::NetworkChangeNotifier> network_change_notifier_;
-  scoped_ptr<base::MessageLoop> message_loop_;
+  std::unique_ptr<net::NetworkChangeNotifier> network_change_notifier_;
+  std::unique_ptr<base::MessageLoop> message_loop_;
   scoped_refptr<net::RuleBasedHostResolverProc> host_resolver_proc_;
   net::ScopedDefaultHostResolverProc scoped_host_resolver_proc_;
 };
diff --git a/chromium/net/test/python_utils.cc b/chromium/net/test/python_utils.cc
index 7d137b7c411..208e1b924fc 100644
--- a/chromium/net/test/python_utils.cc
+++ b/chromium/net/test/python_utils.cc
@@ -4,6 +4,8 @@
 
 #include "net/test/python_utils.h"
 
+#include <memory>
+
 #include "base/base_paths.h"
 #include "base/command_line.h"
 #include "base/environment.h"
@@ -11,7 +13,6 @@
 #include "base/files/file_util.h"
 #include "base/lazy_instance.h"
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/path_service.h"
 #include "base/process/launch.h"
 #include "base/strings/string_util.h"
@@ -24,7 +25,7 @@
 const char kPythonPathEnv[] = "PYTHONPATH";
 
 void AppendToPythonPath(const base::FilePath& dir) {
-  scoped_ptr<base::Environment> env(base::Environment::Create());
+  std::unique_ptr<base::Environment> env(base::Environment::Create());
   std::string old_path;
   std::string dir_path;
 #if defined(OS_WIN)
diff --git a/chromium/net/test/python_utils_unittest.cc b/chromium/net/test/python_utils_unittest.cc
index a713e72ff33..48eb9737675 100644
--- a/chromium/net/test/python_utils_unittest.cc
+++ b/chromium/net/test/python_utils_unittest.cc
@@ -2,16 +2,17 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "net/test/python_utils.h"
+
+#include <memory>
 #include <string>
 
 #include "base/command_line.h"
 #include "base/environment.h"
 #include "base/files/file_path.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/process/launch.h"
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
-#include "net/test/python_utils.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 TEST(PythonUtils, Append) {
@@ -20,7 +21,7 @@ TEST(PythonUtils, Append) {
   const base::FilePath::CharType kAppendDir2[] =
       FILE_PATH_LITERAL("test/path_append2");
 
-  scoped_ptr<base::Environment> env(base::Environment::Create());
+  std::unique_ptr<base::Environment> env(base::Environment::Create());
 
   std::string python_path;
   base::FilePath append_path1(kAppendDir1);
diff --git a/chromium/net/test/run_all_unittests.cc b/chromium/net/test/run_all_unittests.cc
index e5ea90043b7..20f5a68f4cd 100644
--- a/chromium/net/test/run_all_unittests.cc
+++ b/chromium/net/test/run_all_unittests.cc
@@ -10,6 +10,7 @@
 #include "net/socket/ssl_server_socket.h"
 #include "net/spdy/spdy_session.h"
 #include "net/test/net_test_suite.h"
+#include "url/url_features.h"
 
 #if defined(OS_ANDROID)
 #include "base/android/jni_android.h"
@@ -20,7 +21,7 @@
 #include "net/android/net_jni_registrar.h"
 #endif
 
-#if defined(USE_ICU_ALTERNATIVES_ON_ANDROID)
+#if BUILDFLAG(USE_PLATFORM_ICU_ALTERNATIVES)
 #include "url/android/url_jni_registrar.h"  // nogncheck
 #endif
 
@@ -42,7 +43,7 @@ int main(int argc, char** argv) {
     {"NetAndroid", net::android::RegisterJni},
     {"TestFileUtil", base::RegisterContentUriTestUtils},
     {"TestUiThreadAndroid", base::RegisterTestUiThreadAndroid},
-#if defined(USE_ICU_ALTERNATIVES_ON_ANDROID)
+#if BUILDFLAG(USE_PLATFORM_ICU_ALTERNATIVES)
     {"UrlAndroid", url::android::RegisterJni},
 #endif
   };
@@ -58,11 +59,6 @@ int main(int argc, char** argv) {
   NetTestSuite test_suite(argc, argv);
   ClientSocketPoolBaseHelper::set_connect_backup_jobs_enabled(false);
 
-#if defined(OS_WIN) && !defined(USE_OPENSSL)
-  // We want to be sure to init NSPR on the main thread.
-  crypto::EnsureNSPRInit();
-#endif
-
   // Enable support for SSL server sockets, which must be done while
   // single-threaded.
   net::EnableSSLServerSockets();
diff --git a/chromium/net/test/spawned_test_server/base_test_server.cc b/chromium/net/test/spawned_test_server/base_test_server.cc
index ecf5af5d636..2ef7417b21a 100644
--- a/chromium/net/test/spawned_test_server/base_test_server.cc
+++ b/chromium/net/test/spawned_test_server/base_test_server.cc
@@ -114,8 +114,9 @@ bool GetLocalCertificatesDir(const base::FilePath& certificates_dir,
   return true;
 }
 
-scoped_ptr<base::ListValue> GetTokenBindingParams(std::vector<int> params) {
-  scoped_ptr<base::ListValue> values(new base::ListValue());
+std::unique_ptr<base::ListValue> GetTokenBindingParams(
+    std::vector<int> params) {
+  std::unique_ptr<base::ListValue> values(new base::ListValue());
   for (int param : params) {
     values->Append(new base::FundamentalValue(param));
   }
@@ -265,7 +266,8 @@ std::string BaseTestServer::GetScheme() const {
 bool BaseTestServer::GetAddressList(AddressList* address_list) const {
   DCHECK(address_list);
 
-  scoped_ptr<HostResolver> resolver(HostResolver::CreateDefaultResolver(NULL));
+  std::unique_ptr<HostResolver> resolver(
+      HostResolver::CreateDefaultResolver(NULL));
   HostResolver::RequestInfo info(host_port_pair_);
   // Limit the lookup to IPv4. When started with the default
   // address of kLocalhost, testserver.py only supports IPv4.
@@ -406,7 +408,7 @@ void BaseTestServer::SetResourcePath(const base::FilePath& document_root,
 bool BaseTestServer::ParseServerData(const std::string& server_data) {
   VLOG(1) << "Server data: " << server_data;
   base::JSONReader json_reader;
-  scoped_ptr<base::Value> value(json_reader.ReadToValue(server_data));
+  std::unique_ptr<base::Value> value(json_reader.ReadToValue(server_data));
   if (!value.get() || !value->IsType(base::Value::TYPE_DICTIONARY)) {
     LOG(ERROR) << "Could not parse server data: "
                << json_reader.GetErrorMessage();
@@ -490,7 +492,7 @@ bool BaseTestServer::GenerateArguments(base::DictionaryValue* arguments) const {
     // Check the client certificate related arguments.
     if (ssl_options_.request_client_certificate)
       arguments->Set("ssl-client-auth", base::Value::CreateNullValue());
-    scoped_ptr<base::ListValue> ssl_client_certs(new base::ListValue());
+    std::unique_ptr<base::ListValue> ssl_client_certs(new base::ListValue());
 
     std::vector<base::FilePath>::const_iterator it;
     for (it = ssl_options_.client_authorities.begin();
@@ -506,7 +508,7 @@ bool BaseTestServer::GenerateArguments(base::DictionaryValue* arguments) const {
     if (ssl_client_certs->GetSize())
       arguments->Set("ssl-client-ca", ssl_client_certs.release());
 
-    scoped_ptr<base::ListValue> client_cert_types(new base::ListValue());
+    std::unique_ptr<base::ListValue> client_cert_types(new base::ListValue());
     for (size_t i = 0; i < ssl_options_.client_cert_types.size(); i++) {
       client_cert_types->Append(new base::StringValue(
           GetClientCertType(ssl_options_.client_cert_types[i])));
@@ -527,12 +529,12 @@ bool BaseTestServer::GenerateArguments(base::DictionaryValue* arguments) const {
     }
 
     // Check key exchange argument.
-    scoped_ptr<base::ListValue> key_exchange_values(new base::ListValue());
+    std::unique_ptr<base::ListValue> key_exchange_values(new base::ListValue());
     GetKeyExchangesList(ssl_options_.key_exchanges, key_exchange_values.get());
     if (key_exchange_values->GetSize())
       arguments->Set("ssl-key-exchange", key_exchange_values.release());
     // Check bulk cipher argument.
-    scoped_ptr<base::ListValue> bulk_cipher_values(new base::ListValue());
+    std::unique_ptr<base::ListValue> bulk_cipher_values(new base::ListValue());
     GetCiphersList(ssl_options_.bulk_ciphers, bulk_cipher_values.get());
     if (bulk_cipher_values->GetSize())
       arguments->Set("ssl-bulk-cipher", bulk_cipher_values.release());
@@ -558,7 +560,7 @@ bool BaseTestServer::GenerateArguments(base::DictionaryValue* arguments) const {
                      base::Value::CreateNullValue());
     }
     if (!ssl_options_.npn_protocols.empty()) {
-      scoped_ptr<base::ListValue> npn_protocols(new base::ListValue());
+      std::unique_ptr<base::ListValue> npn_protocols(new base::ListValue());
       for (const std::string& proto : ssl_options_.npn_protocols) {
         npn_protocols->Append(new base::StringValue(proto));
       }
@@ -574,7 +576,8 @@ bool BaseTestServer::GenerateArguments(base::DictionaryValue* arguments) const {
                      base::Value::CreateNullValue());
     }
     if (!ssl_options_.supported_token_binding_params.empty()) {
-      scoped_ptr<base::ListValue> token_binding_params(new base::ListValue());
+      std::unique_ptr<base::ListValue> token_binding_params(
+          new base::ListValue());
       arguments->Set(
           "token-binding-params",
           GetTokenBindingParams(ssl_options_.supported_token_binding_params));
diff --git a/chromium/net/test/spawned_test_server/base_test_server.h b/chromium/net/test/spawned_test_server/base_test_server.h
index 60d37e1206f..48568010f65 100644
--- a/chromium/net/test/spawned_test_server/base_test_server.h
+++ b/chromium/net/test/spawned_test_server/base_test_server.h
@@ -7,6 +7,7 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 #include <utility>
 #include <vector>
@@ -15,7 +16,6 @@
 #include "base/files/file_path.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/host_port_pair.h"
 #include "net/ssl/ssl_client_cert_type.h"
 
@@ -343,7 +343,7 @@ class BaseTestServer {
   HostPortPair host_port_pair_;
 
   // Holds the data sent from the server (e.g., port number).
-  scoped_ptr<base::DictionaryValue> server_data_;
+  std::unique_ptr<base::DictionaryValue> server_data_;
 
   // If |type_| is TYPE_HTTPS or TYPE_WSS, the TLS settings to use for the test
   // server.
@@ -363,7 +363,7 @@ class BaseTestServer {
   // Disable creation of anonymous FTP user?
   bool no_anonymous_ftp_user_;
 
-  scoped_ptr<ScopedPortException> allowed_port_;
+  std::unique_ptr<ScopedPortException> allowed_port_;
 
   DISALLOW_COPY_AND_ASSIGN(BaseTestServer);
 };
diff --git a/chromium/net/test/spawned_test_server/remote_test_server.h b/chromium/net/test/spawned_test_server/remote_test_server.h
index 0de5c7f63b4..788f68d2fb5 100644
--- a/chromium/net/test/spawned_test_server/remote_test_server.h
+++ b/chromium/net/test/spawned_test_server/remote_test_server.h
@@ -61,7 +61,7 @@ class RemoteTestServer : public BaseTestServer {
 
   // Helper to start and stop instances of the Python test server that runs on
   // the host machine.
-  scoped_ptr<SpawnerCommunicator> spawner_communicator_;
+  std::unique_ptr<SpawnerCommunicator> spawner_communicator_;
 
   DISALLOW_COPY_AND_ASSIGN(RemoteTestServer);
 };
diff --git a/chromium/net/test/spawned_test_server/spawner_communicator.cc b/chromium/net/test/spawned_test_server/spawner_communicator.cc
index 8851f9f8bec..be23202e7a1 100644
--- a/chromium/net/test/spawned_test_server/spawner_communicator.cc
+++ b/chromium/net/test/spawned_test_server/spawner_communicator.cc
@@ -190,7 +190,7 @@ void SpawnerCommunicator::SendCommandAndWaitForResultOnIOThread(
     cur_request_->set_method("GET");
   } else {
     cur_request_->set_method("POST");
-    scoped_ptr<UploadElementReader> reader(
+    std::unique_ptr<UploadElementReader> reader(
         UploadOwnedBytesElementReader::CreateWithString(post_data));
     cur_request_->set_upload(
         ElementsUploadDataStream::CreateWithReader(std::move(reader), 0));
@@ -340,7 +340,8 @@ bool SpawnerCommunicator::StartServer(const std::string& arguments,
     return false;
 
   // Check whether the data returned from spawner server is JSON-formatted.
-  scoped_ptr<base::Value> value = base::JSONReader::Read(server_return_data);
+  std::unique_ptr<base::Value> value =
+      base::JSONReader::Read(server_return_data);
   if (!value.get() || !value->IsType(base::Value::TYPE_DICTIONARY)) {
     LOG(ERROR) << "Invalid server data: " << server_return_data.c_str();
     return false;
diff --git a/chromium/net/test/spawned_test_server/spawner_communicator.h b/chromium/net/test/spawned_test_server/spawner_communicator.h
index c066016ab13..445278257ab 100644
--- a/chromium/net/test/spawned_test_server/spawner_communicator.h
+++ b/chromium/net/test/spawned_test_server/spawner_communicator.h
@@ -7,10 +7,10 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "base/synchronization/waitable_event.h"
 #include "base/threading/thread.h"
@@ -127,16 +127,16 @@ class SpawnerCommunicator : public URLRequest::Delegate {
   const uint16_t port_;
 
   // Helper to add |port_| to the list of the globally explicitly allowed ports.
-  scoped_ptr<ScopedPortException> allowed_port_;
+  std::unique_ptr<ScopedPortException> allowed_port_;
 
   // The next ID to use for |cur_request_| (monotonically increasing).
   int next_id_;
 
   // Request context used by |cur_request_|.
-  scoped_ptr<URLRequestContext> context_;
+  std::unique_ptr<URLRequestContext> context_;
 
   // The current (in progress) request, or NULL.
-  scoped_ptr<URLRequest> cur_request_;
+  std::unique_ptr<URLRequest> cur_request_;
 
   // Only gets/sets |is_running_| on user's thread to avoid race-condition.
   bool is_running_;
diff --git a/chromium/net/test/url_request/ssl_certificate_error_job.cc b/chromium/net/test/url_request/ssl_certificate_error_job.cc
index 83e7fd0c0a7..759d5453382 100644
--- a/chromium/net/test/url_request/ssl_certificate_error_job.cc
+++ b/chromium/net/test/url_request/ssl_certificate_error_job.cc
@@ -9,7 +9,7 @@
 #include "base/bind.h"
 #include "base/macros.h"
 #include "base/strings/stringprintf.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/ssl/ssl_info.h"
 #include "net/url_request/url_request.h"
 #include "net/url_request/url_request_filter.h"
@@ -55,7 +55,7 @@ void SSLCertificateErrorJob::AddUrlHandler() {
   URLRequestFilter* filter = URLRequestFilter::GetInstance();
   filter->AddHostnameInterceptor(
       "https", kMockHostname,
-      scoped_ptr<URLRequestInterceptor>(new MockJobInterceptor()));
+      std::unique_ptr<URLRequestInterceptor>(new MockJobInterceptor()));
 }
 
 GURL SSLCertificateErrorJob::GetMockUrl() {
diff --git a/chromium/net/test/url_request/url_request_failed_job.cc b/chromium/net/test/url_request/url_request_failed_job.cc
index 890a0614261..68652ccb67f 100644
--- a/chromium/net/test/url_request/url_request_failed_job.cc
+++ b/chromium/net/test/url_request/url_request_failed_job.cc
@@ -10,7 +10,7 @@
 #include "base/macros.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/string_number_conversions.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/net_errors.h"
 #include "net/base/url_util.h"
 #include "net/http/http_response_headers.h"
@@ -136,10 +136,10 @@ void URLRequestFailedJob::AddUrlHandlerForHostname(
   // Add |hostname| to URLRequestFilter for HTTP and HTTPS.
   filter->AddHostnameInterceptor(
       "http", hostname,
-      scoped_ptr<URLRequestInterceptor>(new MockJobInterceptor()));
+      std::unique_ptr<URLRequestInterceptor>(new MockJobInterceptor()));
   filter->AddHostnameInterceptor(
       "https", hostname,
-      scoped_ptr<URLRequestInterceptor>(new MockJobInterceptor()));
+      std::unique_ptr<URLRequestInterceptor>(new MockJobInterceptor()));
 }
 
 // static
diff --git a/chromium/net/test/url_request/url_request_hanging_read_job.cc b/chromium/net/test/url_request/url_request_hanging_read_job.cc
new file mode 100644
index 00000000000..09a4c5c71b7
--- /dev/null
+++ b/chromium/net/test/url_request/url_request_hanging_read_job.cc
@@ -0,0 +1,119 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/test/url_request/url_request_hanging_read_job.h"
+
+#include <string>
+
+#include "base/bind.h"
+#include "base/location.h"
+#include "base/memory/ptr_util.h"
+#include "base/strings/stringprintf.h"
+#include "base/threading/thread_task_runner_handle.h"
+#include "net/http/http_response_headers.h"
+#include "net/http/http_util.h"
+#include "net/url_request/url_request.h"
+#include "net/url_request/url_request_filter.h"
+
+namespace net {
+namespace {
+
+const char kMockHostname[] = "mock.hanging.read";
+
+GURL GetMockUrl(const std::string& scheme, const std::string& hostname) {
+  return GURL(scheme + "://" + hostname + "/");
+}
+
+class MockJobInterceptor : public URLRequestInterceptor {
+ public:
+  MockJobInterceptor() {}
+  ~MockJobInterceptor() override {}
+
+  // URLRequestInterceptor implementation
+  URLRequestJob* MaybeInterceptRequest(
+      URLRequest* request,
+      NetworkDelegate* network_delegate) const override {
+    return new URLRequestHangingReadJob(request, network_delegate);
+  }
+
+ private:
+  DISALLOW_COPY_AND_ASSIGN(MockJobInterceptor);
+};
+
+}  // namespace
+
+URLRequestHangingReadJob::URLRequestHangingReadJob(
+    URLRequest* request,
+    NetworkDelegate* network_delegate)
+    : URLRequestJob(request, network_delegate),
+      content_length_(10),  // non-zero content-length
+      weak_factory_(this) {}
+
+void URLRequestHangingReadJob::Start() {
+  // Start reading asynchronously so that all error reporting and data
+  // callbacks happen as they would for network requests.
+  base::ThreadTaskRunnerHandle::Get()->PostTask(
+      FROM_HERE, base::Bind(&URLRequestHangingReadJob::StartAsync,
+                            weak_factory_.GetWeakPtr()));
+}
+
+URLRequestHangingReadJob::~URLRequestHangingReadJob() {}
+
+int URLRequestHangingReadJob::ReadRawData(IOBuffer* buf, int buf_size) {
+  // Make read hang. It never completes.
+  return ERR_IO_PENDING;
+}
+
+int URLRequestHangingReadJob::GetResponseCode() const {
+  HttpResponseInfo info;
+  GetResponseInfoConst(&info);
+  return info.headers->response_code();
+}
+
+// Public virtual version.
+void URLRequestHangingReadJob::GetResponseInfo(HttpResponseInfo* info) {
+  // Forward to private const version.
+  GetResponseInfoConst(info);
+}
+
+// Private const version.
+void URLRequestHangingReadJob::GetResponseInfoConst(
+    HttpResponseInfo* info) const {
+  // Send back mock headers.
+  std::string raw_headers;
+  raw_headers.append(
+      "HTTP/1.1 200 OK\n"
+      "Content-type: text/plain\n");
+  raw_headers.append(
+      base::StringPrintf("Content-Length: %1d\n", content_length_));
+  info->headers = new HttpResponseHeaders(HttpUtil::AssembleRawHeaders(
+      raw_headers.c_str(), static_cast<int>(raw_headers.length())));
+}
+
+void URLRequestHangingReadJob::StartAsync() {
+  set_expected_content_size(content_length_);
+  NotifyHeadersComplete();
+}
+
+// static
+void URLRequestHangingReadJob::AddUrlHandler() {
+  // Add |hostname| to URLRequestFilter for HTTP and HTTPS.
+  URLRequestFilter* filter = URLRequestFilter::GetInstance();
+  filter->AddHostnameInterceptor("http", kMockHostname,
+                                 base::WrapUnique(new MockJobInterceptor()));
+  filter->AddHostnameInterceptor("https", kMockHostname,
+                                 base::WrapUnique(new MockJobInterceptor()));
+}
+
+// static
+GURL URLRequestHangingReadJob::GetMockHttpUrl() {
+  return GetMockUrl("http", kMockHostname);
+}
+
+// static
+GURL URLRequestHangingReadJob::GetMockHttpsUrl() {
+  return GetMockUrl("https", kMockHostname);
+}
+
+}  // namespace net
diff --git a/chromium/net/test/url_request/url_request_hanging_read_job.h b/chromium/net/test/url_request/url_request_hanging_read_job.h
new file mode 100644
index 00000000000..5e335bb333b
--- /dev/null
+++ b/chromium/net/test/url_request/url_request_hanging_read_job.h
@@ -0,0 +1,48 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_URL_REQUEST_URL_REQUEST_HANGING_READ_JOB_H_
+#define NET_URL_REQUEST_URL_REQUEST_HANGING_READ_JOB_H_
+
+#include "base/macros.h"
+#include "base/memory/weak_ptr.h"
+#include "net/base/net_export.h"
+#include "net/url_request/url_request_job.h"
+
+namespace net {
+
+class URLRequest;
+
+// A URLRequestJob that hangs when try to read response body.
+class URLRequestHangingReadJob : public URLRequestJob {
+ public:
+  URLRequestHangingReadJob(URLRequest* request,
+                           NetworkDelegate* network_delegate);
+
+  void Start() override;
+  int ReadRawData(IOBuffer* buf, int buf_size) override;
+  int GetResponseCode() const override;
+  void GetResponseInfo(HttpResponseInfo* info) override;
+
+  // Adds the testing URLs to the URLRequestFilter.
+  static void AddUrlHandler();
+
+  static GURL GetMockHttpUrl();
+  static GURL GetMockHttpsUrl();
+
+ private:
+  void GetResponseInfoConst(HttpResponseInfo* info) const;
+  ~URLRequestHangingReadJob() override;
+
+  void StartAsync();
+
+  const int content_length_;
+  base::WeakPtrFactory<URLRequestHangingReadJob> weak_factory_;
+
+  DISALLOW_COPY_AND_ASSIGN(URLRequestHangingReadJob);
+};
+
+}  // namespace net
+
+#endif  // NET_URL_REQUEST_URL_REQUEST_SIMPLE_JOB_H_
diff --git a/chromium/net/test/url_request/url_request_mock_data_job.cc b/chromium/net/test/url_request/url_request_mock_data_job.cc
index 8c67dc5cf53..8f2378b338c 100644
--- a/chromium/net/test/url_request/url_request_mock_data_job.cc
+++ b/chromium/net/test/url_request/url_request_mock_data_job.cc
@@ -7,10 +7,11 @@
 #include "base/bind.h"
 #include "base/location.h"
 #include "base/macros.h"
+#include "base/memory/ptr_util.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/stringprintf.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/io_buffer.h"
 #include "net/base/url_util.h"
 #include "net/http/http_request_headers.h"
@@ -182,9 +183,9 @@ void URLRequestMockDataJob::AddUrlHandlerForHostname(
   // Add |hostname| to URLRequestFilter for HTTP and HTTPS.
   URLRequestFilter* filter = URLRequestFilter::GetInstance();
   filter->AddHostnameInterceptor("http", hostname,
-                                 make_scoped_ptr(new MockJobInterceptor()));
+                                 base::WrapUnique(new MockJobInterceptor()));
   filter->AddHostnameInterceptor("https", hostname,
-                                 make_scoped_ptr(new MockJobInterceptor()));
+                                 base::WrapUnique(new MockJobInterceptor()));
 }
 
 // static
diff --git a/chromium/net/test/url_request/url_request_mock_http_job.cc b/chromium/net/test/url_request/url_request_mock_http_job.cc
index cf2cc6c8d8f..bd893062411 100644
--- a/chromium/net/test/url_request/url_request_mock_http_job.cc
+++ b/chromium/net/test/url_request/url_request_mock_http_job.cc
@@ -120,19 +120,19 @@ GURL URLRequestMockHTTPJob::GetMockHttpsUrl(const std::string& path) {
 }
 
 // static
-scoped_ptr<URLRequestInterceptor> URLRequestMockHTTPJob::CreateInterceptor(
+std::unique_ptr<URLRequestInterceptor> URLRequestMockHTTPJob::CreateInterceptor(
     const base::FilePath& base_path,
     const scoped_refptr<base::SequencedWorkerPool>& worker_pool) {
-  return scoped_ptr<URLRequestInterceptor>(
+  return std::unique_ptr<URLRequestInterceptor>(
       new MockJobInterceptor(base_path, false, worker_pool));
 }
 
 // static
-scoped_ptr<URLRequestInterceptor>
+std::unique_ptr<URLRequestInterceptor>
 URLRequestMockHTTPJob::CreateInterceptorForSingleFile(
     const base::FilePath& file,
     const scoped_refptr<base::SequencedWorkerPool>& worker_pool) {
-  return scoped_ptr<URLRequestInterceptor>(
+  return std::unique_ptr<URLRequestInterceptor>(
       new MockJobInterceptor(file, true, worker_pool));
 }
 
diff --git a/chromium/net/test/url_request/url_request_mock_http_job.h b/chromium/net/test/url_request/url_request_mock_http_job.h
index 7a931fec5ca..41a12555d09 100644
--- a/chromium/net/test/url_request/url_request_mock_http_job.h
+++ b/chromium/net/test/url_request/url_request_mock_http_job.h
@@ -7,11 +7,11 @@
 #ifndef NET_TEST_URL_REQUEST_URL_REQUEST_MOCK_HTTP_JOB_H_
 #define NET_TEST_URL_REQUEST_URL_REQUEST_MOCK_HTTP_JOB_H_
 
+#include <memory>
 #include <string>
 
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/url_request/url_request_file_job.h"
 #include "url/gurl.h"
 
@@ -55,14 +55,14 @@ class URLRequestMockHTTPJob : public URLRequestFileJob {
   // URLRequestMockHTTPJob's responding like an HTTP server. |base_path| is the
   // file path leading to the root of the directory to use as the root of the
   // HTTP server.
-  static scoped_ptr<URLRequestInterceptor> CreateInterceptor(
+  static std::unique_ptr<URLRequestInterceptor> CreateInterceptor(
       const base::FilePath& base_path,
       const scoped_refptr<base::SequencedWorkerPool>& worker_pool);
 
   // Returns a URLRequestJobFactory::ProtocolHandler that serves
   // URLRequestMockHTTPJob's responding like an HTTP server. It responds to all
   // requests with the contents of |file|.
-  static scoped_ptr<URLRequestInterceptor> CreateInterceptorForSingleFile(
+  static std::unique_ptr<URLRequestInterceptor> CreateInterceptorForSingleFile(
       const base::FilePath& file,
       const scoped_refptr<base::SequencedWorkerPool>& worker_pool);
 
diff --git a/chromium/net/test/url_request/url_request_slow_download_job.cc b/chromium/net/test/url_request/url_request_slow_download_job.cc
index ac4beb07530..61fb8658814 100644
--- a/chromium/net/test/url_request/url_request_slow_download_job.cc
+++ b/chromium/net/test/url_request/url_request_slow_download_job.cc
@@ -12,7 +12,7 @@
 #include "base/single_thread_task_runner.h"
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/io_buffer.h"
 #include "net/base/net_errors.h"
 #include "net/http/http_response_headers.h"
@@ -72,16 +72,16 @@ void URLRequestSlowDownloadJob::AddUrlHandler() {
   URLRequestFilter* filter = URLRequestFilter::GetInstance();
   filter->AddUrlInterceptor(
       GURL(kUnknownSizeUrl),
-      scoped_ptr<URLRequestInterceptor>(new Interceptor()));
+      std::unique_ptr<URLRequestInterceptor>(new Interceptor()));
   filter->AddUrlInterceptor(
       GURL(kKnownSizeUrl),
-      scoped_ptr<URLRequestInterceptor>(new Interceptor()));
+      std::unique_ptr<URLRequestInterceptor>(new Interceptor()));
   filter->AddUrlInterceptor(
       GURL(kFinishDownloadUrl),
-      scoped_ptr<URLRequestInterceptor>(new Interceptor()));
+      std::unique_ptr<URLRequestInterceptor>(new Interceptor()));
   filter->AddUrlInterceptor(
       GURL(kErrorDownloadUrl),
-      scoped_ptr<URLRequestInterceptor>(new Interceptor()));
+      std::unique_ptr<URLRequestInterceptor>(new Interceptor()));
 }
 
 // static
diff --git a/chromium/net/third_party/nss/patches/applypatches.sh b/chromium/net/third_party/nss/patches/applypatches.sh
deleted file mode 100755
index 47242330839..00000000000
--- a/chromium/net/third_party/nss/patches/applypatches.sh
+++ /dev/null
@@ -1,34 +0,0 @@
-#!/bin/sh
-# Copyright (c) 2012 The Chromium Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style license that can be
-# found in the LICENSE file.
-
-# Run this script in the nss/lib/ssl directory in a NSS source tree.
-#
-# Point patches_dir to the src/net/third_party/nss/patches directory in a
-# chromium source tree.
-patches_dir=/Users/sleevi/development/chromium/src/net/third_party/nss/patches
-
-patch -p2 < $patches_dir/cachecerts.patch
-
-patch -p2 < $patches_dir/didhandshakeresume.patch
-
-patch -p2 < $patches_dir/getrequestedclientcerttypes.patch
-
-patch -p2 < $patches_dir/restartclientauth.patch
-
-patch -p2 < $patches_dir/channelid.patch
-
-patch -p2 < $patches_dir/tlsunique.patch
-
-patch -p2 < $patches_dir/secretexporterlocks.patch
-
-patch -p2 < $patches_dir/cachelocks.patch
-
-patch -p2 < $patches_dir/cipherorder.patch
-
-patch -p2 < $patches_dir/sessioncache.patch
-
-patch -p2 < $patches_dir/reorderextensions.patch
-
-patch -p2 < $patches_dir/nobypass.patch
diff --git a/chromium/net/third_party/nss/patches/cachecerts.patch b/chromium/net/third_party/nss/patches/cachecerts.patch
deleted file mode 100644
index 196bb278194..00000000000
--- a/chromium/net/third_party/nss/patches/cachecerts.patch
+++ /dev/null
@@ -1,124 +0,0 @@
-diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
-index c3698f3..b8d4784 100644
---- a/lib/ssl/ssl3con.c
-+++ b/lib/ssl/ssl3con.c
-@@ -47,6 +47,7 @@
- 
- static SECStatus ssl3_AuthCertificate(sslSocket *ss);
- static void ssl3_CleanupPeerCerts(sslSocket *ss);
-+static void ssl3_CopyPeerCertsFromSID(sslSocket *ss, sslSessionID *sid);
- static PK11SymKey *ssl3_GenerateRSAPMS(sslSocket *ss, ssl3CipherSpec *spec,
-                                        PK11SlotInfo *serverKeySlot);
- static SECStatus ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms);
-@@ -7102,6 +7103,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
-             /* copy the peer cert from the SID */
-             if (sid->peerCert != NULL) {
-                 ss->sec.peerCert = CERT_DupCertificate(sid->peerCert);
-+                ssl3_CopyPeerCertsFromSID(ss, sid);
-             }
- 
-             /* NULL value for PMS because we are reusing the old MS */
-@@ -8266,6 +8268,44 @@ ssl3_KEAAllowsSessionTicket(SSL3KeyExchangeAlgorithm kea)
-     };
- }
- 
-+static void
-+ssl3_CopyPeerCertsFromSID(sslSocket *ss, sslSessionID *sid)
-+{
-+    PLArenaPool *arena;
-+    ssl3CertNode *lastCert = NULL;
-+    ssl3CertNode *certs = NULL;
-+    int i;
-+
-+    if (!sid->peerCertChain[0])
-+        return;
-+    PORT_Assert(!ss->ssl3.peerCertArena);
-+    PORT_Assert(!ss->ssl3.peerCertChain);
-+    ss->ssl3.peerCertArena = arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-+    for (i = 0; i < MAX_PEER_CERT_CHAIN_SIZE && sid->peerCertChain[i]; i++) {
-+        ssl3CertNode *c = PORT_ArenaNew(arena, ssl3CertNode);
-+        c->cert = CERT_DupCertificate(sid->peerCertChain[i]);
-+        c->next = NULL;
-+        if (lastCert) {
-+            lastCert->next = c;
-+        } else {
-+            certs = c;
-+        }
-+        lastCert = c;
-+    }
-+    ss->ssl3.peerCertChain = certs;
-+}
-+
-+static void
-+ssl3_CopyPeerCertsToSID(ssl3CertNode *certs, sslSessionID *sid)
-+{
-+    int i = 0;
-+    ssl3CertNode *c = certs;
-+    for (; i < MAX_PEER_CERT_CHAIN_SIZE && c; i++, c = c->next) {
-+        PORT_Assert(!sid->peerCertChain[i]);
-+        sid->peerCertChain[i] = CERT_DupCertificate(c->cert);
-+    }
-+}
-+
- /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
-  * ssl3 Client Hello message.
-  * Caller must hold Handshake and RecvBuf locks.
-@@ -8886,6 +8926,7 @@ compression_found:
-             ss->sec.ci.sid = sid;
-             if (sid->peerCert != NULL) {
-                 ss->sec.peerCert = CERT_DupCertificate(sid->peerCert);
-+                ssl3_CopyPeerCertsFromSID(ss, sid);
-             }
- 
-             /*
-@@ -11240,6 +11281,7 @@ ssl3_AuthCertificate(sslSocket *ss)
-     }
- 
-     ss->sec.ci.sid->peerCert = CERT_DupCertificate(ss->sec.peerCert);
-+    ssl3_CopyPeerCertsToSID(ss->ssl3.peerCertChain, ss->sec.ci.sid);
- 
-     if (!ss->sec.isServer) {
-         CERTCertificate *cert = ss->sec.peerCert;
-diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
-index bce9437..10361a0 100644
---- a/lib/ssl/sslimpl.h
-+++ b/lib/ssl/sslimpl.h
-@@ -614,6 +614,8 @@ typedef enum { never_cached,
-                invalid_cache /* no longer in any cache. */
- } Cached;
- 
-+#define MAX_PEER_CERT_CHAIN_SIZE 8
-+
- struct sslSessionIDStr {
-     /* The global cache lock must be held when accessing these members when the
-      * sid is in any cache.
-@@ -628,6 +630,7 @@ struct sslSessionIDStr {
-      */
- 
-     CERTCertificate *peerCert;
-+    CERTCertificate *peerCertChain[MAX_PEER_CERT_CHAIN_SIZE];
-     SECItemArray peerCertStatus; /* client only */
-     const char *peerID;          /* client only */
-     const char *urlSvrName;      /* client only */
-diff --git a/lib/ssl/sslnonce.c b/lib/ssl/sslnonce.c
-index 85031c4..3216892 100644
---- a/lib/ssl/sslnonce.c
-+++ b/lib/ssl/sslnonce.c
-@@ -167,6 +167,7 @@ lock_cache(void)
- static void
- ssl_DestroySID(sslSessionID *sid)
- {
-+    int i;
-     SSL_TRC(8, ("SSL: destroy sid: sid=0x%x cached=%d", sid, sid->cached));
-     PORT_Assert(sid->references == 0);
-     PORT_Assert(sid->cached != in_client_cache);
-@@ -200,6 +201,9 @@ ssl_DestroySID(sslSessionID *sid)
-     if (sid->peerCert) {
-         CERT_DestroyCertificate(sid->peerCert);
-     }
-+    for (i = 0; i < MAX_PEER_CERT_CHAIN_SIZE && sid->peerCertChain[i]; i++) {
-+	CERT_DestroyCertificate(sid->peerCertChain[i]);
-+    }
-     if (sid->peerCertStatus.items) {
-         SECITEM_FreeArray(&sid->peerCertStatus, PR_FALSE);
-     }
diff --git a/chromium/net/third_party/nss/patches/cachelocks.patch b/chromium/net/third_party/nss/patches/cachelocks.patch
deleted file mode 100644
index 9ba646b8a69..00000000000
--- a/chromium/net/third_party/nss/patches/cachelocks.patch
+++ /dev/null
@@ -1,239 +0,0 @@
-diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
-index 1394542..d7d186a 100644
---- a/lib/ssl/ssl3con.c
-+++ b/lib/ssl/ssl3con.c
-@@ -6049,7 +6049,6 @@ SSL3_ShutdownServerCache(void)
-     }
- 
-     PZ_Unlock(symWrapKeysLock);
--    ssl_FreeSessionCacheLocks();
-     return SECSuccess;
- }
- 
-@@ -6102,7 +6101,7 @@ getWrappingKey(sslSocket *ss,
- 
-     pSymWrapKey = &symWrapKeys[symWrapMechIndex].symWrapKey[exchKeyType];
- 
--    ssl_InitSessionCacheLocks(PR_TRUE);
-+    ssl_InitSessionCacheLocks();
- 
-     PZ_Lock(symWrapKeysLock);
- 
-diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
-index d47eb28..c0e3a0b 100644
---- a/lib/ssl/sslimpl.h
-+++ b/lib/ssl/sslimpl.h
-@@ -2029,9 +2029,7 @@ extern SECStatus ssl_InitSymWrapKeysLock(void);
- 
- extern SECStatus ssl_FreeSymWrapKeysLock(void);
- 
--extern SECStatus ssl_InitSessionCacheLocks(PRBool lazyInit);
--
--extern SECStatus ssl_FreeSessionCacheLocks(void);
-+extern SECStatus ssl_InitSessionCacheLocks(void);
- 
- /**************** DTLS-specific functions **************/
- extern void dtls_FreeQueuedMessage(DTLSQueuedMessage *msg);
-diff --git a/lib/ssl/sslnonce.c b/lib/ssl/sslnonce.c
-index 4804cb8..99591cc 100644
---- a/lib/ssl/sslnonce.c
-+++ b/lib/ssl/sslnonce.c
-@@ -35,93 +35,55 @@ static PZLock *cacheLock = NULL;
- #define LOCK_CACHE lock_cache()
- #define UNLOCK_CACHE PZ_Unlock(cacheLock)
- 
--static SECStatus
--ssl_InitClientSessionCacheLock(void)
--{
--    cacheLock = PZ_NewLock(nssILockCache);
--    return cacheLock ? SECSuccess : SECFailure;
--}
--
--static SECStatus
--ssl_FreeClientSessionCacheLock(void)
--{
--    if (cacheLock) {
--        PZ_DestroyLock(cacheLock);
--        cacheLock = NULL;
--        return SECSuccess;
--    }
--    PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
--    return SECFailure;
--}
--
--static PRBool LocksInitializedEarly = PR_FALSE;
-+static PRCallOnceType lockOnce;
- 
-+/* FreeSessionCacheLocks is a callback from NSS_RegisterShutdown which destroys
-+ * the session cache locks on shutdown and resets them to their initial
-+ * state. */
- static SECStatus
--FreeSessionCacheLocks()
-+FreeSessionCacheLocks(void *appData, void *nssData)
- {
--    SECStatus rv1, rv2;
--    rv1 = ssl_FreeSymWrapKeysLock();
--    rv2 = ssl_FreeClientSessionCacheLock();
--    if ((SECSuccess == rv1) && (SECSuccess == rv2)) {
--        return SECSuccess;
--    }
--    return SECFailure;
--}
-+    static const PRCallOnceType pristineCallOnce;
-+    SECStatus rv;
- 
--static SECStatus
--InitSessionCacheLocks(void)
--{
--    SECStatus rv1, rv2;
--    PRErrorCode rc;
--    rv1 = ssl_InitSymWrapKeysLock();
--    rv2 = ssl_InitClientSessionCacheLock();
--    if ((SECSuccess == rv1) && (SECSuccess == rv2)) {
--        return SECSuccess;
--    }
--    rc = PORT_GetError();
--    FreeSessionCacheLocks();
--    PORT_SetError(rc);
--    return SECFailure;
--}
--
--/* free the session cache locks if they were initialized early */
--SECStatus
--ssl_FreeSessionCacheLocks()
--{
--    PORT_Assert(PR_TRUE == LocksInitializedEarly);
--    if (!LocksInitializedEarly) {
-+    if (!cacheLock) {
-         PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
-         return SECFailure;
-     }
--    FreeSessionCacheLocks();
--    LocksInitializedEarly = PR_FALSE;
--    return SECSuccess;
--}
- 
--static PRCallOnceType lockOnce;
-+    PZ_DestroyLock(cacheLock);
-+    cacheLock = NULL;
- 
--/* free the session cache locks if they were initialized lazily */
--static SECStatus
--ssl_ShutdownLocks(void *appData, void *nssData)
--{
--    PORT_Assert(PR_FALSE == LocksInitializedEarly);
--    if (LocksInitializedEarly) {
--        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
--        return SECFailure;
-+    rv = ssl_FreeSymWrapKeysLock();
-+    if (rv != SECSuccess) {
-+        return rv;
-     }
--    FreeSessionCacheLocks();
--    memset(&lockOnce, 0, sizeof(lockOnce));
-+
-+    lockOnce = pristineCallOnce;
-     return SECSuccess;
- }
- 
-+/* InitSessionCacheLocks is called, protected by lockOnce, to create the
-+ * session cache locks. */
- static PRStatus
--initSessionCacheLocksLazily(void)
-+InitSessionCacheLocks(void)
- {
--    SECStatus rv = InitSessionCacheLocks();
--    if (SECSuccess != rv) {
-+    SECStatus rv;
-+
-+    cacheLock = PZ_NewLock(nssILockCache);
-+    if (cacheLock == NULL) {
-         return PR_FAILURE;
-     }
--    rv = NSS_RegisterShutdown(ssl_ShutdownLocks, NULL);
-+    rv = ssl_InitSymWrapKeysLock();
-+    if (rv != SECSuccess) {
-+        PRErrorCode error = PORT_GetError();
-+        PZ_DestroyLock(cacheLock);
-+        cacheLock = NULL;
-+        PORT_SetError(error);
-+        return PR_FAILURE;
-+    }
-+
-+    rv = NSS_RegisterShutdown(FreeSessionCacheLocks, NULL);
-     PORT_Assert(SECSuccess == rv);
-     if (SECSuccess != rv) {
-         return PR_FAILURE;
-@@ -129,35 +91,19 @@ initSessionCacheLocksLazily(void)
-     return PR_SUCCESS;
- }
- 
--/* lazyInit means that the call is not happening during a 1-time
-- * initialization function, but rather during dynamic, lazy initialization
-- */
- SECStatus
--ssl_InitSessionCacheLocks(PRBool lazyInit)
-+ssl_InitSessionCacheLocks()
- {
--    if (LocksInitializedEarly) {
--        return SECSuccess;
--    }
--
--    if (lazyInit) {
--        return (PR_SUCCESS ==
--                PR_CallOnce(&lockOnce, initSessionCacheLocksLazily))
--                   ? SECSuccess
--                   : SECFailure;
--    }
--
--    if (SECSuccess == InitSessionCacheLocks()) {
--        LocksInitializedEarly = PR_TRUE;
--        return SECSuccess;
--    }
--
--    return SECFailure;
-+    return (PR_SUCCESS ==
-+            PR_CallOnce(&lockOnce, InitSessionCacheLocks))
-+               ? SECSuccess
-+               : SECFailure;
- }
- 
- static void
- lock_cache(void)
- {
--    ssl_InitSessionCacheLocks(PR_TRUE);
-+    ssl_InitSessionCacheLocks();
-     PZ_Lock(cacheLock);
- }
- 
-diff --git a/lib/ssl/sslsnce.c b/lib/ssl/sslsnce.c
-index da1f93f..e3f749e 100644
---- a/lib/ssl/sslsnce.c
-+++ b/lib/ssl/sslsnce.c
-@@ -1344,7 +1344,7 @@ SSL_ConfigServerSessionIDCache(int maxCacheEntries,
-                                PRUint32 ssl3_timeout,
-                                const char *directory)
- {
--    ssl_InitSessionCacheLocks(PR_FALSE);
-+    ssl_InitSessionCacheLocks();
-     return SSL_ConfigServerSessionIDCacheInstance(&globalCache,
-                                                   maxCacheEntries, ssl2_timeout, ssl3_timeout, directory, PR_FALSE);
- }
-@@ -1458,7 +1458,7 @@ SSL_ConfigServerSessionIDCacheWithOpt(
-     PRBool enableMPCache)
- {
-     if (!enableMPCache) {
--        ssl_InitSessionCacheLocks(PR_FALSE);
-+        ssl_InitSessionCacheLocks();
-         return ssl_ConfigServerSessionIDCacheInstanceWithOpt(&globalCache,
-                                                              ssl2_timeout, ssl3_timeout, directory, PR_FALSE,
-                                                              maxCacheEntries, maxCertCacheEntries, maxSrvNameCacheEntries);
-@@ -1502,7 +1502,7 @@ SSL_InheritMPServerSIDCacheInstance(cacheDesc *cache, const char *envString)
-         return SECSuccess; /* already done. */
-     }
- 
--    ssl_InitSessionCacheLocks(PR_FALSE);
-+    ssl_InitSessionCacheLocks();
- 
-     ssl_sid_lookup = ServerSessionIDLookup;
-     ssl_sid_cache = ServerSessionIDCache;
diff --git a/chromium/net/third_party/nss/patches/channelid.patch b/chromium/net/third_party/nss/patches/channelid.patch
deleted file mode 100644
index 674d4eeebad..00000000000
--- a/chromium/net/third_party/nss/patches/channelid.patch
+++ /dev/null
@@ -1,704 +0,0 @@
-diff --git a/lib/ssl/SSLerrs.h b/lib/ssl/SSLerrs.h
-index 15bf0b4..555e629 100644
---- a/lib/ssl/SSLerrs.h
-+++ b/lib/ssl/SSLerrs.h
-@@ -465,3 +465,12 @@ ER3(SSL_ERROR_EXTENSION_DISALLOWED_FOR_VERSION, (SSL_ERROR_BASE + 145),
- 
- ER3(SSL_ERROR_RX_MALFORMED_ENCRYPTED_EXTENSIONS, (SSL_ERROR_BASE + 146),
-     "SSL received a malformed Encrypted Extensions handshake message.")
-+
-+ER3(SSL_ERROR_BAD_CHANNEL_ID_DATA, (SSL_ERROR_BASE + 147),
-+    "SSL received a malformed TLS Channel ID extension.")
-+
-+ER3(SSL_ERROR_INVALID_CHANNEL_ID_KEY, (SSL_ERROR_BASE + 148),
-+    "The application provided an invalid TLS Channel ID key.")
-+
-+ER3(SSL_ERROR_GET_CHANNEL_ID_FAILED, (SSL_ERROR_BASE + 149),
-+    "The application could not get a TLS Channel ID.")
-diff --git a/lib/ssl/ssl.h b/lib/ssl/ssl.h
-index aa4a3e5..870a8cc 100644
---- a/lib/ssl/ssl.h
-+++ b/lib/ssl/ssl.h
-@@ -1142,6 +1142,34 @@ SSL_IMPORT SECStatus SSL_HandshakeNegotiatedExtension(PRFileDesc *socket,
- SSL_IMPORT SECStatus SSL_HandshakeResumedSession(PRFileDesc *fd,
-                                                  PRBool *last_handshake_resumed);
- 
-+/* See SSL_SetClientChannelIDCallback for usage. If the callback returns
-+ * SECWouldBlock then SSL_RestartHandshakeAfterChannelIDReq should be called in
-+ * the future to restart the handshake.  On SECSuccess, the callback must have
-+ * written a P-256, EC key pair to |*out_public_key| and |*out_private_key|. */
-+typedef SECStatus(PR_CALLBACK *SSLClientChannelIDCallback)(
-+    void *arg,
-+    PRFileDesc *fd,
-+    SECKEYPublicKey **out_public_key,
-+    SECKEYPrivateKey **out_private_key);
-+
-+/* SSL_RestartHandshakeAfterChannelIDReq attempts to restart the handshake
-+ * after a ChannelID callback returned SECWouldBlock.
-+ *
-+ * This function takes ownership of |channelIDPub| and |channelID|. */
-+SSL_IMPORT SECStatus SSL_RestartHandshakeAfterChannelIDReq(
-+    PRFileDesc *fd,
-+    SECKEYPublicKey *channelIDPub,
-+    SECKEYPrivateKey *channelID);
-+
-+/* SSL_SetClientChannelIDCallback sets a callback function that will be called
-+ * once the server's ServerHello has been processed. This is only applicable to
-+ * a client socket and setting this callback causes the TLS Channel ID
-+ * extension to be advertised. */
-+SSL_IMPORT SECStatus SSL_SetClientChannelIDCallback(
-+    PRFileDesc *fd,
-+    SSLClientChannelIDCallback callback,
-+    void *arg);
-+
- /*
- ** How long should we wait before retransmitting the next flight of
- ** the DTLS handshake? Returns SECFailure if not DTLS or not in a
-diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
-index 2a2e644..a2beec2 100644
---- a/lib/ssl/ssl3con.c
-+++ b/lib/ssl/ssl3con.c
-@@ -57,6 +57,7 @@ static SECStatus ssl3_InitState(sslSocket *ss);
- 
- static SECStatus ssl3_SendCertificateRequest(sslSocket *ss);
- static SECStatus ssl3_SendNextProto(sslSocket *ss);
-+static SECStatus ssl3_SendChannelIDEncryptedExtensions(sslSocket *ss);
- static SECStatus ssl3_SendFinished(sslSocket *ss, PRInt32 flags);
- static SECStatus ssl3_SendServerHelloDone(sslSocket *ss);
- static SECStatus ssl3_SendServerKeyExchange(sslSocket *ss);
-@@ -6762,6 +6763,15 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
-         ss->ssl3.clientPrivateKey = NULL;
-     }
- 
-+    if (ss->ssl3.channelID != NULL) {
-+        SECKEY_DestroyPrivateKey(ss->ssl3.channelID);
-+        ss->ssl3.channelID = NULL;
-+    }
-+    if (ss->ssl3.channelIDPub != NULL) {
-+        SECKEY_DestroyPublicKey(ss->ssl3.channelIDPub);
-+        ss->ssl3.channelIDPub = NULL;
-+    }
-+
-     temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
-     if (temp < 0) {
-         goto loser; /* alert has been sent */
-@@ -7111,7 +7121,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
-             if (rv != SECSuccess) {
-                 goto alert_loser; /* err code was set */
-             }
--            return SECSuccess;
-+            goto winner;
-         } while (0);
- 
-     if (sid_match)
-@@ -7166,6 +7176,27 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
-         PORT_Assert(ss->ssl3.hs.kea_def->ephemeral);
-         ss->ssl3.hs.ws = wait_server_key;
-     }
-+
-+winner:
-+    /* If we will need a ChannelID key then we make the callback now. This
-+     * allows the handshake to be restarted cleanly if the callback returns
-+     * SECWouldBlock. */
-+    if (ssl3_ExtensionNegotiated(ss, ssl_channel_id_xtn)) {
-+        rv = ss->getChannelID(ss->getChannelIDArg, ss->fd,
-+                              &ss->ssl3.channelIDPub, &ss->ssl3.channelID);
-+        if (rv == SECWouldBlock) {
-+            ssl3_SetAlwaysBlock(ss);
-+            return rv;
-+        }
-+        if (rv != SECSuccess ||
-+            ss->ssl3.channelIDPub == NULL ||
-+            ss->ssl3.channelID == NULL) {
-+            PORT_SetError(SSL_ERROR_GET_CHANNEL_ID_FAILED);
-+            desc = internal_error;
-+            goto alert_loser;
-+        }
-+    }
-+
-     return SECSuccess;
- 
- alert_loser:
-@@ -8096,7 +8127,14 @@ ssl3_SendClientSecondRound(sslSocket *ss)
-         if (rv != SECSuccess) {
-             goto loser; /* err code was set. */
-         }
-+    }
- 
-+    rv = ssl3_SendChannelIDEncryptedExtensions(ss);
-+    if (rv != SECSuccess) {
-+        goto loser; /* err code was set. */
-+    }
-+
-+    if (!ss->firstHsDone) {
-         if (ss->opt.enableFalseStart) {
-             if (!ss->ssl3.hs.authCertificatePending) {
-                 /* When we fix bug 589047, we will need to know whether we are
-@@ -8133,6 +8171,33 @@ ssl3_SendClientSecondRound(sslSocket *ss)
- 
-     ssl_ReleaseXmitBufLock(ss); /*******************************/
- 
-+    if (!ss->ssl3.hs.isResuming &&
-+        ssl3_ExtensionNegotiated(ss, ssl_channel_id_xtn)) {
-+        /* If we are negotiating ChannelID on a full handshake then we record
-+         * the handshake hashes in |sid| at this point. They will be needed in
-+         * the event that we resume this session and use ChannelID on the
-+         * resumption handshake. */
-+        SSL3Hashes hashes;
-+        SECItem *originalHandshakeHash =
-+            &ss->sec.ci.sid->u.ssl3.originalHandshakeHash;
-+        PORT_Assert(ss->sec.ci.sid->cached == never_cached);
-+
-+        ssl_GetSpecReadLock(ss);
-+        PORT_Assert(ss->version > SSL_LIBRARY_VERSION_3_0);
-+        rv = ssl3_ComputeHandshakeHashes(ss, ss->ssl3.cwSpec, &hashes, 0);
-+        ssl_ReleaseSpecReadLock(ss);
-+        if (rv != SECSuccess) {
-+            return rv;
-+        }
-+
-+        PORT_Assert(originalHandshakeHash->len == 0);
-+        originalHandshakeHash->data = PORT_Alloc(hashes.len);
-+        if (!originalHandshakeHash->data)
-+            return SECFailure;
-+        originalHandshakeHash->len = hashes.len;
-+        memcpy(originalHandshakeHash->data, hashes.u.raw, hashes.len);
-+    }
-+
-     if (ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn))
-         ss->ssl3.hs.ws = wait_new_session_ticket;
-     else
-@@ -11763,6 +11828,184 @@ ssl3_RecordKeyLog(sslSocket *ss)
- }
- 
- /* called from ssl3_SendClientSecondRound
-+ *	     ssl3_HandleFinished
-+ */
-+static SECStatus
-+ssl3_SendChannelIDEncryptedExtensions(sslSocket *ss)
-+{
-+    static const char CHANNEL_ID_MAGIC[] = "TLS Channel ID signature";
-+    static const char CHANNEL_ID_RESUMPTION_MAGIC[] = "Resumption";
-+    /* This is the ASN.1 prefix for a P-256 public key. Specifically it's:
-+     * SEQUENCE
-+     *   SEQUENCE
-+     *     OID id-ecPublicKey
-+     *     OID prime256v1
-+     *   BIT STRING, length 66, 0 trailing bits: 0x04
-+     *
-+     * The 0x04 in the BIT STRING is the prefix for an uncompressed, X9.62
-+     * public key. Following that are the two field elements as 32-byte,
-+     * big-endian numbers, as required by the Channel ID. */
-+    static const unsigned char P256_SPKI_PREFIX[] = {
-+        0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86,
-+        0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a,
-+        0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
-+        0x42, 0x00, 0x04
-+    };
-+    /* ChannelIDs are always 128 bytes long: 64 bytes of P-256 public key and 64
-+     * bytes of ECDSA signature. */
-+    static const int CHANNEL_ID_PUBLIC_KEY_LENGTH = 64;
-+    static const int CHANNEL_ID_LENGTH = 128;
-+
-+    SECStatus rv = SECFailure;
-+    SECItem *spki = NULL;
-+    SSL3Hashes hashes;
-+    const unsigned char *pub_bytes;
-+    unsigned char signed_data[sizeof(CHANNEL_ID_MAGIC) +
-+                              sizeof(CHANNEL_ID_RESUMPTION_MAGIC) +
-+                              sizeof(SSL3Hashes) * 2];
-+    size_t signed_data_len;
-+    unsigned char digest[SHA256_LENGTH];
-+    SECItem digest_item;
-+    unsigned char signature[64];
-+    SECItem signature_item;
-+
-+    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
-+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-+
-+    if (ss->ssl3.channelID == NULL)
-+        return SECSuccess;
-+
-+    PORT_Assert(ssl3_ExtensionNegotiated(ss, ssl_channel_id_xtn));
-+
-+    if (SECKEY_GetPrivateKeyType(ss->ssl3.channelID) != ecKey ||
-+        PK11_SignatureLen(ss->ssl3.channelID) != sizeof(signature)) {
-+        PORT_SetError(SSL_ERROR_INVALID_CHANNEL_ID_KEY);
-+        rv = SECFailure;
-+        goto loser;
-+    }
-+
-+    ssl_GetSpecReadLock(ss);
-+    rv = ssl3_ComputeHandshakeHashes(ss, ss->ssl3.cwSpec, &hashes, 0);
-+    ssl_ReleaseSpecReadLock(ss);
-+
-+    if (rv != SECSuccess)
-+        goto loser;
-+
-+    rv = ssl3_AppendHandshakeHeader(ss, channelid_encrypted_extensions,
-+                                    2 + 2 + CHANNEL_ID_LENGTH);
-+    if (rv != SECSuccess)
-+        goto loser; /* error code set by AppendHandshakeHeader */
-+    rv = ssl3_AppendHandshakeNumber(ss, ssl_channel_id_xtn, 2);
-+    if (rv != SECSuccess)
-+        goto loser; /* error code set by AppendHandshake */
-+    rv = ssl3_AppendHandshakeNumber(ss, CHANNEL_ID_LENGTH, 2);
-+    if (rv != SECSuccess)
-+        goto loser; /* error code set by AppendHandshake */
-+
-+    spki = SECKEY_EncodeDERSubjectPublicKeyInfo(ss->ssl3.channelIDPub);
-+
-+    if (spki->len != sizeof(P256_SPKI_PREFIX) + CHANNEL_ID_PUBLIC_KEY_LENGTH ||
-+        memcmp(spki->data, P256_SPKI_PREFIX, sizeof(P256_SPKI_PREFIX)) != 0) {
-+        PORT_SetError(SSL_ERROR_INVALID_CHANNEL_ID_KEY);
-+        rv = SECFailure;
-+        goto loser;
-+    }
-+
-+    pub_bytes = spki->data + sizeof(P256_SPKI_PREFIX);
-+
-+    signed_data_len = 0;
-+    memcpy(signed_data + signed_data_len, CHANNEL_ID_MAGIC,
-+           sizeof(CHANNEL_ID_MAGIC));
-+    signed_data_len += sizeof(CHANNEL_ID_MAGIC);
-+    if (ss->ssl3.hs.isResuming) {
-+        SECItem *originalHandshakeHash =
-+            &ss->sec.ci.sid->u.ssl3.originalHandshakeHash;
-+        PORT_Assert(originalHandshakeHash->len > 0);
-+
-+        memcpy(signed_data + signed_data_len, CHANNEL_ID_RESUMPTION_MAGIC,
-+               sizeof(CHANNEL_ID_RESUMPTION_MAGIC));
-+        signed_data_len += sizeof(CHANNEL_ID_RESUMPTION_MAGIC);
-+        memcpy(signed_data + signed_data_len, originalHandshakeHash->data,
-+               originalHandshakeHash->len);
-+        signed_data_len += originalHandshakeHash->len;
-+    }
-+    memcpy(signed_data + signed_data_len, hashes.u.raw, hashes.len);
-+    signed_data_len += hashes.len;
-+
-+    rv = PK11_HashBuf(SEC_OID_SHA256, digest, signed_data, signed_data_len);
-+    if (rv != SECSuccess)
-+        goto loser;
-+
-+    digest_item.data = digest;
-+    digest_item.len = sizeof(digest);
-+
-+    signature_item.data = signature;
-+    signature_item.len = sizeof(signature);
-+
-+    rv = PK11_Sign(ss->ssl3.channelID, &signature_item, &digest_item);
-+    if (rv != SECSuccess)
-+        goto loser;
-+
-+    rv = ssl3_AppendHandshake(ss, pub_bytes, CHANNEL_ID_PUBLIC_KEY_LENGTH);
-+    if (rv != SECSuccess)
-+        goto loser;
-+    rv = ssl3_AppendHandshake(ss, signature, sizeof(signature));
-+
-+loser:
-+    if (spki)
-+        SECITEM_FreeItem(spki, PR_TRUE);
-+    if (ss->ssl3.channelID) {
-+        SECKEY_DestroyPrivateKey(ss->ssl3.channelID);
-+        ss->ssl3.channelID = NULL;
-+    }
-+    if (ss->ssl3.channelIDPub) {
-+        SECKEY_DestroyPublicKey(ss->ssl3.channelIDPub);
-+        ss->ssl3.channelIDPub = NULL;
-+    }
-+
-+    return rv;
-+}
-+
-+/* ssl3_RestartHandshakeAfterChannelIDReq is called to restart a handshake
-+ * after a ChannelID callback returned SECWouldBlock. At this point we have
-+ * processed the server's ServerHello but not yet any further messages. We will
-+ * always get a message from the server after a ServerHello so either they are
-+ * waiting in the buffer or we'll get network I/O. */
-+SECStatus
-+ssl3_RestartHandshakeAfterChannelIDReq(sslSocket *ss,
-+                                       SECKEYPublicKey *channelIDPub,
-+                                       SECKEYPrivateKey *channelID)
-+{
-+    if (ss->handshake == 0) {
-+        SECKEY_DestroyPublicKey(channelIDPub);
-+        SECKEY_DestroyPrivateKey(channelID);
-+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-+        return SECFailure;
-+    }
-+
-+    if (channelIDPub == NULL ||
-+        channelID == NULL) {
-+        if (channelIDPub)
-+            SECKEY_DestroyPublicKey(channelIDPub);
-+        if (channelID)
-+            SECKEY_DestroyPrivateKey(channelID);
-+        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
-+        return SECFailure;
-+    }
-+
-+    if (ss->ssl3.channelID)
-+        SECKEY_DestroyPrivateKey(ss->ssl3.channelID);
-+    if (ss->ssl3.channelIDPub)
-+        SECKEY_DestroyPublicKey(ss->ssl3.channelIDPub);
-+
-+    ss->handshake = ssl_GatherRecord1stHandshake;
-+    ss->ssl3.channelID = channelID;
-+    ss->ssl3.channelIDPub = channelIDPub;
-+
-+    return SECSuccess;
-+}
-+
-+/* called from ssl3_SendClientSecondRound
-  *             ssl3_HandleClientHello
-  *             ssl3_HandleFinished
-  */
-@@ -12030,11 +12273,16 @@ ssl3_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length,
-             flags = ssl_SEND_FLAG_FORCE_INTO_BUFFER;
-         }
- 
--        if (!isServer && !ss->firstHsDone) {
--            rv = ssl3_SendNextProto(ss);
--            if (rv != SECSuccess) {
--                goto xmit_loser; /* err code was set. */
-+        if (!isServer) {
-+            if (!ss->firstHsDone) {
-+                rv = ssl3_SendNextProto(ss);
-+                if (rv != SECSuccess) {
-+                    goto xmit_loser; /* err code was set. */
-+                }
-             }
-+            rv = ssl3_SendChannelIDEncryptedExtensions(ss);
-+            if (rv != SECSuccess)
-+                goto xmit_loser; /* err code was set. */
-         }
- 
-         if (IS_DTLS(ss)) {
-@@ -13658,6 +13906,11 @@ ssl3_DestroySSL3Info(sslSocket *ss)
-     if (ss->ssl3.clientPrivateKey != NULL)
-         SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
- 
-+    if (ss->ssl3.channelID)
-+        SECKEY_DestroyPrivateKey(ss->ssl3.channelID);
-+    if (ss->ssl3.channelIDPub)
-+        SECKEY_DestroyPublicKey(ss->ssl3.channelIDPub);
-+
-     if (ss->ssl3.peerCertArena != NULL)
-         ssl3_CleanupPeerCerts(ss);
- 
-diff --git a/lib/ssl/ssl3ext.c b/lib/ssl/ssl3ext.c
-index 2e99a40..2ffe77b 100644
---- a/lib/ssl/ssl3ext.c
-+++ b/lib/ssl/ssl3ext.c
-@@ -73,6 +73,10 @@ static SECStatus ssl3_ClientHandleUseSRTPXtn(sslSocket *ss, PRUint16 ex_type,
-                                              SECItem *data);
- static SECStatus ssl3_ServerHandleUseSRTPXtn(sslSocket *ss, PRUint16 ex_type,
-                                              SECItem *data);
-+static SECStatus ssl3_ClientHandleChannelIDXtn(sslSocket *ss,
-+                                               PRUint16 ex_type, SECItem *data);
-+static PRInt32 ssl3_ClientSendChannelIDXtn(sslSocket *ss, PRBool append,
-+                                           PRUint32 maxBytes);
- static PRInt32 ssl3_ServerSendStatusRequestXtn(sslSocket *ss,
-                                                PRBool append, PRUint32 maxBytes);
- static SECStatus ssl3_ServerHandleStatusRequestXtn(sslSocket *ss,
-@@ -298,6 +302,7 @@ static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = {
-     { ssl_next_proto_nego_xtn, &ssl3_ClientHandleNextProtoNegoXtn },
-     { ssl_app_layer_protocol_xtn, &ssl3_ClientHandleAppProtoXtn },
-     { ssl_use_srtp_xtn, &ssl3_ClientHandleUseSRTPXtn },
-+    { ssl_channel_id_xtn, &ssl3_ClientHandleChannelIDXtn },
-     { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn },
-     { ssl_extended_master_secret_xtn, &ssl3_HandleExtendedMasterSecretXtn },
-     { ssl_signed_cert_timestamp_xtn, &ssl3_ClientHandleSignedCertTimestampXtn },
-@@ -329,6 +334,7 @@ static const ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS]
-       { ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn },
-       { ssl_app_layer_protocol_xtn, &ssl3_ClientSendAppProtoXtn },
-       { ssl_use_srtp_xtn, &ssl3_ClientSendUseSRTPXtn },
-+      { ssl_channel_id_xtn, &ssl3_ClientSendChannelIDXtn },
-       { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn },
-       { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },
-       { ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn },
-@@ -981,6 +987,61 @@ ssl3_ServerSendAppProtoXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes)
- }
- 
- static SECStatus
-+ssl3_ClientHandleChannelIDXtn(sslSocket *ss, PRUint16 ex_type,
-+                              SECItem *data)
-+{
-+    PORT_Assert(ss->getChannelID != NULL);
-+
-+    if (data->len) {
-+        PORT_SetError(SSL_ERROR_BAD_CHANNEL_ID_DATA);
-+        return SECFailure;
-+    }
-+    ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
-+    return SECSuccess;
-+}
-+
-+static PRInt32
-+ssl3_ClientSendChannelIDXtn(sslSocket *ss, PRBool append,
-+                            PRUint32 maxBytes)
-+{
-+    PRInt32 extension_length = 4;
-+
-+    if (!ss->getChannelID)
-+        return 0;
-+
-+    if (maxBytes < extension_length) {
-+        PORT_Assert(0);
-+        return 0;
-+    }
-+
-+    if (ss->sec.ci.sid->cached != never_cached &&
-+        ss->sec.ci.sid->u.ssl3.originalHandshakeHash.len == 0) {
-+        /* We can't do ChannelID on a connection if we're resuming and didn't
-+         * do ChannelID on the original connection: without ChannelID on the
-+         * original connection we didn't record the handshake hashes needed for
-+         * the signature. */
-+        return 0;
-+    }
-+
-+    if (append) {
-+        SECStatus rv;
-+        rv = ssl3_AppendHandshakeNumber(ss, ssl_channel_id_xtn, 2);
-+        if (rv != SECSuccess)
-+            goto loser;
-+        rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
-+        if (rv != SECSuccess)
-+            goto loser;
-+        ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
-+            ssl_channel_id_xtn;
-+    }
-+
-+    return extension_length;
-+
-+loser:
-+    return -1;
-+}
-+
-+static SECStatus
- ssl3_ClientHandleStatusRequestXtn(sslSocket *ss, PRUint16 ex_type,
-                                   SECItem *data)
- {
-diff --git a/lib/ssl/ssl3prot.h b/lib/ssl/ssl3prot.h
-index e637d11..928d059 100644
---- a/lib/ssl/ssl3prot.h
-+++ b/lib/ssl/ssl3prot.h
-@@ -140,7 +140,8 @@ typedef enum {
-     client_key_exchange = 16,
-     finished = 20,
-     certificate_status = 22,
--    next_proto = 67
-+    next_proto = 67,
-+    channelid_encrypted_extensions = 203
- } SSL3HandshakeType;
- 
- typedef struct {
-diff --git a/lib/ssl/sslauth.c b/lib/ssl/sslauth.c
-index 7fb4dc5..e78a513 100644
---- a/lib/ssl/sslauth.c
-+++ b/lib/ssl/sslauth.c
-@@ -221,6 +221,25 @@ SSL_GetClientAuthDataHook(PRFileDesc *s, SSLGetClientAuthData func,
-     return SECSuccess;
- }
- 
-+SECStatus
-+SSL_SetClientChannelIDCallback(PRFileDesc *fd,
-+                               SSLClientChannelIDCallback callback,
-+                               void *arg)
-+{
-+    sslSocket *ss = ssl_FindSocket(fd);
-+
-+    if (!ss) {
-+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetClientChannelIDCallback",
-+                 SSL_GETPID(), fd));
-+        return SECFailure;
-+    }
-+
-+    ss->getChannelID = callback;
-+    ss->getChannelIDArg = arg;
-+
-+    return SECSuccess;
-+}
-+
- /* NEED LOCKS IN HERE.  */
- SECStatus
- SSL_SetPKCS11PinArg(PRFileDesc *s, void *arg)
-diff --git a/lib/ssl/sslerr.h b/lib/ssl/sslerr.h
-index f806359..299951c 100644
---- a/lib/ssl/sslerr.h
-+++ b/lib/ssl/sslerr.h
-@@ -220,6 +220,11 @@ typedef enum {
-     SSL_ERROR_KEY_EXCHANGE_FAILURE          = (SSL_ERROR_BASE + 144),
-     SSL_ERROR_EXTENSION_DISALLOWED_FOR_VERSION = (SSL_ERROR_BASE + 145),
-     SSL_ERROR_RX_MALFORMED_ENCRYPTED_EXTENSIONS = (SSL_ERROR_BASE + 146),
-+
-+ SSL_ERROR_BAD_CHANNEL_ID_DATA           = (SSL_ERROR_BASE + 147),
-+ SSL_ERROR_INVALID_CHANNEL_ID_KEY        = (SSL_ERROR_BASE + 148),
-+ SSL_ERROR_GET_CHANNEL_ID_FAILED         = (SSL_ERROR_BASE + 149),
-+
-     SSL_ERROR_END_OF_LIST   /* let the c compiler determine the value of this. */
- } SSLErrorCodes;
- #endif /* NO_SECURITY_ERROR_ENUM */
-diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
-index dad75b2..4607655 100644
---- a/lib/ssl/sslimpl.h
-+++ b/lib/ssl/sslimpl.h
-@@ -710,6 +710,14 @@ struct sslSessionIDStr {
- 
-             SECItem srvName;
- 
-+            /* originalHandshakeHash contains the hash of the original, full
-+             * handshake prior to the server's final flow. This is either a
-+             * SHA-1/MD5 combination (for TLS < 1.2) or the TLS PRF hash (for
-+             * TLS 1.2). This is recorded and used only when ChannelID is
-+             * negotiated as it's used to bind the ChannelID signature on the
-+             * resumption handshake to the original handshake. */
-+            SECItem originalHandshakeHash;
-+
-             /* Signed certificate timestamps received in a TLS extension.
-             ** (used only in client).
-             */
-@@ -1025,6 +1033,9 @@ struct ssl3StateStr {
-     CERTCertificateList *clientCertChain; /* used by client */
-     PRBool sendEmptyCert;                 /* used by client */
- 
-+    SECKEYPrivateKey *channelID;   /* used by client */
-+    SECKEYPublicKey *channelIDPub; /* used by client */
-+
-     int policy;
-     /* This says what cipher suites we can do, and should
-      * be either SSL_ALLOWED or SSL_RESTRICTED
-@@ -1322,6 +1333,9 @@ struct sslSocketStr {
-     SSLNextProtoCallback nextProtoCallback;
-     void *nextProtoArg;
- 
-+    SSLClientChannelIDCallback getChannelID;
-+    void *getChannelIDArg;
-+
-     PRIntervalTime rTimeout; /* timeout for NSPR I/O */
-     PRIntervalTime wTimeout; /* timeout for NSPR I/O */
-     PRIntervalTime cTimeout; /* timeout for NSPR I/O */
-@@ -1712,6 +1726,12 @@ extern SECStatus ssl3_RestartHandshakeAfterCertReq(struct sslSocketStr *ss,
-                                                    CERTCertificate *cert,
-                                                    SECKEYPrivateKey *key,
-                                                    CERTCertificateList *certChain);
-+
-+extern SECStatus ssl3_RestartHandshakeAfterChannelIDReq(
-+    sslSocket *ss,
-+    SECKEYPublicKey *channelIDPub,
-+    SECKEYPrivateKey *channelID);
-+
- extern SECStatus ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode error);
- 
- /*
-diff --git a/lib/ssl/sslnonce.c b/lib/ssl/sslnonce.c
-index 3216892..4804cb8 100644
---- a/lib/ssl/sslnonce.c
-+++ b/lib/ssl/sslnonce.c
-@@ -186,6 +186,9 @@ ssl_DestroySID(sslSessionID *sid)
-         if (sid->u.ssl3.signedCertTimestamps.data) {
-             SECITEM_FreeItem(&sid->u.ssl3.signedCertTimestamps, PR_FALSE);
-         }
-+        if (sid->u.ssl3.originalHandshakeHash.data) {
-+            SECITEM_FreeItem(&sid->u.ssl3.originalHandshakeHash, PR_FALSE);
-+        }
- 
-         if (sid->u.ssl3.lock) {
-             PR_DestroyRWLock(sid->u.ssl3.lock);
-diff --git a/lib/ssl/sslsecur.c b/lib/ssl/sslsecur.c
-index a087ffc..7ff0a2c 100644
---- a/lib/ssl/sslsecur.c
-+++ b/lib/ssl/sslsecur.c
-@@ -1601,6 +1601,41 @@ SSL_RestartHandshakeAfterCertReq(PRFileDesc *fd,
-     return ret;
- }
- 
-+SECStatus
-+SSL_RestartHandshakeAfterChannelIDReq(PRFileDesc *fd,
-+                                      SECKEYPublicKey *channelIDPub,
-+                                      SECKEYPrivateKey *channelID)
-+{
-+    sslSocket *ss = ssl_FindSocket(fd);
-+    SECStatus ret;
-+
-+    if (!ss) {
-+        SSL_DBG(("%d: SSL[%d]: bad socket in"
-+                 " SSL_RestartHandshakeAfterChannelIDReq",
-+                 SSL_GETPID(), fd));
-+        goto loser;
-+    }
-+
-+    ssl_Get1stHandshakeLock(ss);
-+
-+    if (ss->version < SSL_LIBRARY_VERSION_3_0) {
-+        PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2);
-+        ssl_Release1stHandshakeLock(ss);
-+        goto loser;
-+    }
-+
-+    ret = ssl3_RestartHandshakeAfterChannelIDReq(ss, channelIDPub,
-+                                                 channelID);
-+    ssl_Release1stHandshakeLock(ss);
-+
-+    return ret;
-+
-+loser:
-+    SECKEY_DestroyPublicKey(channelIDPub);
-+    SECKEY_DestroyPrivateKey(channelID);
-+    return SECFailure;
-+}
-+
- /* DO NOT USE. This function was exported in ssl.def with the wrong signature;
-  * this implementation exists to maintain link-time compatibility.
-  */
-diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
-index 7f97b14..84c78b3 100644
---- a/lib/ssl/sslsock.c
-+++ b/lib/ssl/sslsock.c
-@@ -315,6 +315,8 @@ ssl_DupSocket(sslSocket *os)
-             ss->canFalseStartCallback = os->canFalseStartCallback;
-             ss->canFalseStartCallbackData = os->canFalseStartCallbackData;
-             ss->pkcs11PinArg = os->pkcs11PinArg;
-+            ss->getChannelID = os->getChannelID;
-+            ss->getChannelIDArg = os->getChannelIDArg;
- 
-             /* Create security data */
-             rv = ssl_CopySecurityInfo(ss, os);
-@@ -2155,6 +2157,10 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd)
-         ss->handshakeCallbackData = sm->handshakeCallbackData;
-     if (sm->pkcs11PinArg)
-         ss->pkcs11PinArg = sm->pkcs11PinArg;
-+    if (sm->getChannelID)
-+        ss->getChannelID = sm->getChannelID;
-+    if (sm->getChannelIDArg)
-+        ss->getChannelIDArg = sm->getChannelIDArg;
-     return fd;
- loser:
-     return NULL;
-@@ -3643,6 +3649,8 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant)
-         ss->badCertArg = NULL;
-         ss->pkcs11PinArg = NULL;
-         ss->ephemeralECDHKeyPair = NULL;
-+        ss->getChannelID = NULL;
-+        ss->getChannelIDArg = NULL;
- 
-         ssl_ChooseOps(ss);
-         ssl2_InitSocketPolicy(ss);
-diff --git a/lib/ssl/sslt.h b/lib/ssl/sslt.h
-index bf722b5..6f26e5f 100644
---- a/lib/ssl/sslt.h
-+++ b/lib/ssl/sslt.h
-@@ -249,11 +249,12 @@ typedef enum {
-     ssl_session_ticket_xtn = 35,
-     ssl_tls13_key_share_xtn = 40, /* unofficial TODO(ekr) */
-     ssl_next_proto_nego_xtn = 13172,
-+    ssl_channel_id_xtn = 30032,
-     ssl_renegotiation_info_xtn = 0xff01,
-     ssl_tls13_draft_version_xtn = 0xff02 /* experimental number */
- } SSLExtensionType;
- 
--#define SSL_MAX_EXTENSIONS 14 /* doesn't include ssl_padding_xtn. */
-+#define SSL_MAX_EXTENSIONS 15 /* doesn't include ssl_padding_xtn. */
- 
- typedef enum {
-     ssl_dhe_group_none = 0,
diff --git a/chromium/net/third_party/nss/patches/cipherorder.patch b/chromium/net/third_party/nss/patches/cipherorder.patch
deleted file mode 100644
index 26e83261f7f..00000000000
--- a/chromium/net/third_party/nss/patches/cipherorder.patch
+++ /dev/null
@@ -1,106 +0,0 @@
-diff --git a/lib/ssl/ssl.h b/lib/ssl/ssl.h
-index 3550580..70665a1 100644
---- a/lib/ssl/ssl.h
-+++ b/lib/ssl/ssl.h
-@@ -387,6 +387,13 @@ SSL_IMPORT SECStatus SSL_DHEGroupPrefSet(PRFileDesc *fd,
- */
- SSL_IMPORT SECStatus SSL_EnableWeakDHEPrimeGroup(PRFileDesc *fd, PRBool enabled);
- 
-+/* SSL_CipherOrderSet sets the cipher suite preference order from |ciphers|,
-+ * which must be an array of cipher suite ids of length |len|. All the given
-+ * cipher suite ids must appear in the array that is returned by
-+ * |SSL_GetImplementedCiphers| and may only appear once, at most. */
-+SSL_IMPORT SECStatus SSL_CipherOrderSet(PRFileDesc *fd, const PRUint16 *ciphers,
-+                                        unsigned int len);
-+
- /* SSLChannelBindingType enumerates the types of supported channel binding
-  * values. See RFC 5929. */
- typedef enum SSLChannelBindingType {
-diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
-index d7d186a..b100b9b 100644
---- a/lib/ssl/ssl3con.c
-+++ b/lib/ssl/ssl3con.c
-@@ -13797,6 +13797,46 @@ SSL_SignatureMaxCount()
-     return MAX_SIGNATURE_ALGORITHMS;
- }
- 
-+SECStatus
-+ssl3_CipherOrderSet(sslSocket *ss, const ssl3CipherSuite *ciphers, unsigned int len)
-+{
-+    /* |i| iterates over |ciphers| while |done| and |j| iterate over
-+     * |ss->cipherSuites|. */
-+    unsigned int i, done;
-+
-+    for (i = done = 0; i < len; i++) {
-+        PRUint16 id = ciphers[i];
-+        unsigned int existingIndex, j;
-+        PRBool found = PR_FALSE;
-+
-+        for (j = done; j < ssl_V3_SUITES_IMPLEMENTED; j++) {
-+            if (ss->cipherSuites[j].cipher_suite == id) {
-+                existingIndex = j;
-+                found = PR_TRUE;
-+                break;
-+            }
-+        }
-+
-+        if (!found) {
-+            continue;
-+        }
-+
-+        if (existingIndex != done) {
-+            const ssl3CipherSuiteCfg temp = ss->cipherSuites[done];
-+            ss->cipherSuites[done] = ss->cipherSuites[existingIndex];
-+            ss->cipherSuites[existingIndex] = temp;
-+        }
-+        done++;
-+    }
-+
-+    /* Disable all cipher suites that weren't included. */
-+    for (; done < ssl_V3_SUITES_IMPLEMENTED; done++) {
-+        ss->cipherSuites[done].enabled = 0;
-+    }
-+
-+    return SECSuccess;
-+}
-+
- /* copy global default policy into socket. */
- void
- ssl3_InitSocketPolicy(sslSocket *ss)
-diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
-index c0e3a0b..f56ab53 100644
---- a/lib/ssl/sslimpl.h
-+++ b/lib/ssl/sslimpl.h
-@@ -1835,6 +1835,8 @@ extern SECStatus ssl3_CipherPrefSet(sslSocket *ss, ssl3CipherSuite which, PRBool
- extern SECStatus ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool *on);
- extern SECStatus ssl2_CipherPrefSet(sslSocket *ss, PRInt32 which, PRBool enabled);
- extern SECStatus ssl2_CipherPrefGet(sslSocket *ss, PRInt32 which, PRBool *enabled);
-+extern SECStatus ssl3_CipherOrderSet(sslSocket *ss, const ssl3CipherSuite *cipher,
-+                                     unsigned int len);
- 
- extern SECStatus ssl3_SetPolicy(ssl3CipherSuite which, PRInt32 policy);
- extern SECStatus ssl3_GetPolicy(ssl3CipherSuite which, PRInt32 *policy);
-diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
-index e312d82..e82c916 100644
---- a/lib/ssl/sslsock.c
-+++ b/lib/ssl/sslsock.c
-@@ -1500,6 +1500,19 @@ SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 which, PRBool enabled)
- }
- 
- SECStatus
-+SSL_CipherOrderSet(PRFileDesc *fd, const PRUint16 *ciphers, unsigned int len)
-+{
-+    sslSocket *ss = ssl_FindSocket(fd);
-+
-+    if (!ss) {
-+        SSL_DBG(("%d: SSL[%d]: bad socket in CipherOrderSet", SSL_GETPID(),
-+                 fd));
-+        return SECFailure;
-+    }
-+    return ssl3_CipherOrderSet(ss, ciphers, len);
-+}
-+
-+SECStatus
- SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 which, PRBool *enabled)
- {
-     SECStatus rv;
diff --git a/chromium/net/third_party/nss/patches/didhandshakeresume.patch b/chromium/net/third_party/nss/patches/didhandshakeresume.patch
deleted file mode 100644
index 8acb6e718ad..00000000000
--- a/chromium/net/third_party/nss/patches/didhandshakeresume.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-diff --git a/lib/ssl/ssl.h b/lib/ssl/ssl.h
-index 3974ee8..e905aab 100644
---- a/lib/ssl/ssl.h
-+++ b/lib/ssl/ssl.h
-@@ -1123,6 +1123,9 @@ SSL_IMPORT SECStatus SSL_HandshakeNegotiatedExtension(PRFileDesc *socket,
-                                                       SSLExtensionType extId,
-                                                       PRBool *yes);
- 
-+SSL_IMPORT SECStatus SSL_HandshakeResumedSession(PRFileDesc *fd,
-+                                                 PRBool *last_handshake_resumed);
-+
- /*
- ** How long should we wait before retransmitting the next flight of
- ** the DTLS handshake? Returns SECFailure if not DTLS or not in a
-diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
-index cc15406..601df2a 100644
---- a/lib/ssl/sslsock.c
-+++ b/lib/ssl/sslsock.c
-@@ -2481,6 +2481,21 @@ SSL_PeerStapledOCSPResponses(PRFileDesc *fd)
-     return &ss->sec.ci.sid->peerCertStatus;
- }
- 
-+SECStatus
-+SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *handshake_resumed)
-+{
-+    sslSocket *ss = ssl_FindSocket(fd);
-+
-+    if (!ss) {
-+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_HandshakeResumedSession",
-+                 SSL_GETPID(), fd));
-+        return SECFailure;
-+    }
-+
-+    *handshake_resumed = ss->ssl3.hs.isResuming;
-+    return SECSuccess;
-+}
-+
- /************************************************************************/
- /* The following functions are the TOP LEVEL SSL functions.
- ** They all get called through the NSPRIOMethods table below.
diff --git a/chromium/net/third_party/nss/patches/getrequestedclientcerttypes.patch b/chromium/net/third_party/nss/patches/getrequestedclientcerttypes.patch
deleted file mode 100644
index d19c2280bf5..00000000000
--- a/chromium/net/third_party/nss/patches/getrequestedclientcerttypes.patch
+++ /dev/null
@@ -1,93 +0,0 @@
-diff --git a/lib/ssl/ssl.h b/lib/ssl/ssl.h
-index e905aab..9e57220 100644
---- a/lib/ssl/ssl.h
-+++ b/lib/ssl/ssl.h
-@@ -896,6 +896,17 @@ SSL_IMPORT SECStatus SSL_ReHandshakeWithTimeout(PRFileDesc *fd,
-                                                 PRBool flushCache,
-                                                 PRIntervalTime timeout);
- 
-+/* Returns a SECItem containing the certificate_types field of the
-+** CertificateRequest message.  Each byte of the data is a TLS
-+** ClientCertificateType value, and they are ordered from most preferred to
-+** least.  This function should only be called from the
-+** SSL_GetClientAuthDataHook callback, and will return NULL if called at any
-+** other time.  The returned value is valid only until the callback returns, and
-+** should not be freed.
-+*/
-+SSL_IMPORT const SECItem *
-+SSL_GetRequestedClientCertificateTypes(PRFileDesc *fd);
-+
- #ifdef SSL_DEPRECATED_FUNCTION
- /* deprecated!
- ** For the server, request a new handshake.  For the client, begin a new
-diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
-index b8d4784..784f59b 100644
---- a/lib/ssl/ssl3con.c
-+++ b/lib/ssl/ssl3con.c
-@@ -7674,6 +7674,9 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
-     if (rv != SECSuccess)
-         goto loser; /* malformed, alert has been sent */
- 
-+    PORT_Assert(!ss->requestedCertTypes);
-+    ss->requestedCertTypes = &cert_types;
-+
-     if (isTLS12) {
-         rv = ssl3_ConsumeHandshakeVariable(ss, &algorithms, 2, &b, &length);
-         if (rv != SECSuccess)
-@@ -7723,6 +7726,7 @@ loser:
-     PORT_SetError(errCode);
-     rv = SECFailure;
- done:
-+    ss->requestedCertTypes = NULL;
-     if (arena != NULL)
-         PORT_FreeArena(arena, PR_FALSE);
-     return rv;
-diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
-index 10361a0..5f0e6c9 100644
---- a/lib/ssl/sslimpl.h
-+++ b/lib/ssl/sslimpl.h
-@@ -1296,6 +1296,10 @@ struct sslSocketStr {
-     unsigned int sizeCipherSpecs;
-     const unsigned char *preferredCipher;
- 
-+    /* TLS ClientCertificateTypes requested during HandleCertificateRequest. */
-+    /* Will be NULL at all other times. */
-+    const SECItem *requestedCertTypes;
-+
-     ssl3KeyPair *stepDownKeyPair; /* RSA step down keys */
- 
-     const ssl3DHParams *dheParams; /* DHE param */
-diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
-index 601df2a..7f97b14 100644
---- a/lib/ssl/sslsock.c
-+++ b/lib/ssl/sslsock.c
-@@ -2496,6 +2496,21 @@ SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *handshake_resumed)
-     return SECSuccess;
- }
- 
-+const SECItem *
-+SSL_GetRequestedClientCertificateTypes(PRFileDesc *fd)
-+{
-+    sslSocket *ss = ssl_FindSocket(fd);
-+
-+    if (!ss) {
-+        SSL_DBG(("%d: SSL[%d]: bad socket in "
-+                 "SSL_GetRequestedClientCertificateTypes",
-+                 SSL_GETPID(), fd));
-+        return NULL;
-+    }
-+
-+    return ss->requestedCertTypes;
-+}
-+
- /************************************************************************/
- /* The following functions are the TOP LEVEL SSL functions.
- ** They all get called through the NSPRIOMethods table below.
-@@ -3610,6 +3625,7 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant)
-             sc->serverKeyBits = 0;
-             ss->certStatusArray[i] = NULL;
-         }
-+        ss->requestedCertTypes = NULL;
-         ss->stepDownKeyPair = NULL;
- 
-         ss->dheParams = NULL;
diff --git a/chromium/net/third_party/nss/patches/ignorechangecipherspec.patch b/chromium/net/third_party/nss/patches/ignorechangecipherspec.patch
deleted file mode 100644
index b8e176d4521..00000000000
--- a/chromium/net/third_party/nss/patches/ignorechangecipherspec.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-Index: ssl/ssl3con.c
-===================================================================
---- ssl/ssl3con.c	(revision 274314)
-+++ ssl/ssl3con.c	(working copy)
-@@ -3621,6 +3621,14 @@
- 		SSL_GETPID(), ss->fd));
- 
-     if (ws != wait_change_cipher) {
-+	if (IS_DTLS(ss)) {
-+	    /* Ignore this because it's out of order. */
-+	    SSL_TRC(3, ("%d: SSL3[%d]: discard out of order "
-+			"DTLS change_cipher_spec",
-+			SSL_GETPID(), ss->fd));
-+	    buf->len = 0;
-+	    return SECSuccess;
-+	}
- 	(void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
- 	PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER);
- 	return SECFailure;
diff --git a/chromium/net/third_party/nss/patches/nobypass.patch b/chromium/net/third_party/nss/patches/nobypass.patch
deleted file mode 100644
index 8896d36e159..00000000000
--- a/chromium/net/third_party/nss/patches/nobypass.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
-index 7649abe..b6f4987 100644
---- a/lib/ssl/ssl3con.c
-+++ b/lib/ssl/ssl3con.c
-@@ -2297,6 +2297,7 @@ fail:
-     return SECFailure;
- }
- 
-+#ifndef NO_PKCS11_BYPASS
- /* Returns whether we can bypass PKCS#11 for a given cipher algorithm.
-  *
-  * We do not support PKCS#11 bypass for ChaCha20/Poly1305.
-@@ -2311,6 +2312,7 @@ ssl3_CanBypassCipher(SSLCipherAlgorithm calg)
-             return PR_TRUE;
-     }
- }
-+#endif
- 
- /* Complete the initialization of all keys, ciphers, MACs and their contexts
-  * for the pending Cipher Spec.
diff --git a/chromium/net/third_party/nss/patches/reorderextensions.patch b/chromium/net/third_party/nss/patches/reorderextensions.patch
deleted file mode 100644
index 0779e6971ac..00000000000
--- a/chromium/net/third_party/nss/patches/reorderextensions.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-diff --git a/lib/ssl/ssl3ext.c b/lib/ssl/ssl3ext.c
-index 2ffe77b..3b48c9e 100644
---- a/lib/ssl/ssl3ext.c
-+++ b/lib/ssl/ssl3ext.c
-@@ -336,10 +336,14 @@ static const ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS]
-       { ssl_use_srtp_xtn, &ssl3_ClientSendUseSRTPXtn },
-       { ssl_channel_id_xtn, &ssl3_ClientSendChannelIDXtn },
-       { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn },
--      { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },
-       { ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn },
-       { ssl_signed_cert_timestamp_xtn, &ssl3_ClientSendSignedCertTimestampXtn },
-       { ssl_tls13_key_share_xtn, &tls13_ClientSendKeyShareXtn },
-+      /* Some servers (e.g. WebSphere Application Server 7.0 and Tomcat) will
-+       * time out or terminate the connection if the last extension in the
-+       * client hello is empty. They are not intolerant of TLS 1.2, so list
-+       * signature_algorithms at the end. See bug 1243641. */
-+      { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },
-       /* any extra entries will appear as { 0, NULL }    */
-     };
- 
-@@ -2690,9 +2694,11 @@ ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength)
-     }
- 
-     extensionLength = 512 - recordLength;
--    /* Extensions take at least four bytes to encode. */
--    if (extensionLength < 4) {
--        extensionLength = 4;
-+    /* Extensions take at least four bytes to encode. Always include at least
-+     * one byte of data if including the extension. WebSphere Application
-+     * Server 7.0 is intolerant to the last extension being zero-length. */
-+    if (extensionLength < 4 + 1) {
-+        extensionLength = 4 + 1;
-     }
- 
-     return extensionLength;
diff --git a/chromium/net/third_party/nss/patches/restartclientauth.patch b/chromium/net/third_party/nss/patches/restartclientauth.patch
deleted file mode 100644
index 811e98c8049..00000000000
--- a/chromium/net/third_party/nss/patches/restartclientauth.patch
+++ /dev/null
@@ -1,213 +0,0 @@
-diff --git a/lib/ssl/ssl.h b/lib/ssl/ssl.h
-index 9e57220..aa4a3e5 100644
---- a/lib/ssl/ssl.h
-+++ b/lib/ssl/ssl.h
-@@ -516,6 +516,11 @@ SSL_IMPORT SECStatus SSL_ForceHandshake(PRFileDesc *fd);
- SSL_IMPORT SECStatus SSL_ForceHandshakeWithTimeout(PRFileDesc *fd,
-                                                    PRIntervalTime timeout);
- 
-+SSL_IMPORT SECStatus SSL_RestartHandshakeAfterCertReq(PRFileDesc *fd,
-+                                                      CERTCertificate *cert,
-+                                                      SECKEYPrivateKey *key,
-+                                                      CERTCertificateList *certChain);
-+
- /*
- ** Query security status of socket. *on is set to one if security is
- ** enabled. *keySize will contain the stream key size used. *issuer will
-diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
-index 784f59b..2a2e644 100644
---- a/lib/ssl/ssl3con.c
-+++ b/lib/ssl/ssl3con.c
-@@ -7803,6 +7803,85 @@ ssl3_CompleteHandleCertificateRequest(sslSocket *ss, SECItem *algorithms,
-     return rv;
- }
- 
-+/*
-+ * attempt to restart the handshake after asynchronously handling
-+ * a request for the client's certificate.
-+ *
-+ * inputs:
-+ *	cert	Client cert chosen by application.
-+ *		Note: ssl takes this reference, and does not bump the
-+ *		reference count.  The caller should drop its reference
-+ *		without calling CERT_DestroyCert after calling this function.
-+ *
-+ *	key	Private key associated with cert.  This function takes
-+ *		ownership of the private key, so the caller should drop its
-+ *		reference without destroying the private key after this
-+ *		function returns.
-+ *
-+ *	certChain  DER-encoded certs, client cert and its signers.
-+ *		Note: ssl takes this reference, and does not copy the chain.
-+ *		The caller should drop its reference without destroying the
-+ *		chain.  SSL will free the chain when it is done with it.
-+ *
-+ * Return value: XXX
-+ *
-+ * XXX This code only works on the initial handshake on a connection, XXX
-+ *     It does not work on a subsequent handshake (redo).
-+ *
-+ * Caller holds 1stHandshakeLock.
-+ */
-+SECStatus
-+ssl3_RestartHandshakeAfterCertReq(sslSocket *ss,
-+                                  CERTCertificate *cert,
-+                                  SECKEYPrivateKey *key,
-+                                  CERTCertificateList *certChain)
-+{
-+    SECStatus rv = SECSuccess;
-+
-+    /* XXX This code only works on the initial handshake on a connection,
-+    ** XXX It does not work on a subsequent handshake (redo).
-+    */
-+    if (ss->handshake != 0) {
-+        ss->handshake = ssl_GatherRecord1stHandshake;
-+        ss->ssl3.clientCertificate = cert;
-+        ss->ssl3.clientPrivateKey = key;
-+        ss->ssl3.clientCertChain = certChain;
-+        if (!cert || !key || !certChain) {
-+            /* we are missing the key, cert, or cert chain */
-+            if (ss->ssl3.clientCertificate) {
-+                CERT_DestroyCertificate(ss->ssl3.clientCertificate);
-+                ss->ssl3.clientCertificate = NULL;
-+            }
-+            if (ss->ssl3.clientPrivateKey) {
-+                SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
-+                ss->ssl3.clientPrivateKey = NULL;
-+            }
-+            if (ss->ssl3.clientCertChain != NULL) {
-+                CERT_DestroyCertificateList(ss->ssl3.clientCertChain);
-+                ss->ssl3.clientCertChain = NULL;
-+            }
-+            if (ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0) {
-+                ss->ssl3.sendEmptyCert = PR_TRUE;
-+            } else {
-+                (void)SSL3_SendAlert(ss, alert_warning, no_certificate);
-+            }
-+        }
-+    } else {
-+        if (cert) {
-+            CERT_DestroyCertificate(cert);
-+        }
-+        if (key) {
-+            SECKEY_DestroyPrivateKey(key);
-+        }
-+        if (certChain) {
-+            CERT_DestroyCertificateList(certChain);
-+        }
-+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-+        rv = SECFailure;
-+    }
-+    return rv;
-+}
-+
- static SECStatus
- ssl3_CheckFalseStart(sslSocket *ss)
- {
-diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
-index 5f0e6c9..dad75b2 100644
---- a/lib/ssl/sslimpl.h
-+++ b/lib/ssl/sslimpl.h
-@@ -1702,16 +1702,16 @@ extern SECStatus ssl3_MasterSecretDeriveBypass(ssl3CipherSpec *pwSpec,
- /* These functions are called from secnav, even though they're "private". */
- 
- extern int ssl2_SendErrorMessage(struct sslSocketStr *ss, int error);
--extern int SSL_RestartHandshakeAfterCertReq(struct sslSocketStr *ss,
--                                            CERTCertificate *cert,
--                                            SECKEYPrivateKey *key,
--                                            CERTCertificateList *certChain);
- extern sslSocket *ssl_FindSocket(PRFileDesc *fd);
- extern void ssl_FreeSocket(struct sslSocketStr *ssl);
- extern SECStatus SSL3_SendAlert(sslSocket *ss, SSL3AlertLevel level,
-                                 SSL3AlertDescription desc);
- extern SECStatus ssl3_DecodeError(sslSocket *ss);
- 
-+extern SECStatus ssl3_RestartHandshakeAfterCertReq(struct sslSocketStr *ss,
-+                                                   CERTCertificate *cert,
-+                                                   SECKEYPrivateKey *key,
-+                                                   CERTCertificateList *certChain);
- extern SECStatus ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode error);
- 
- /*
-diff --git a/lib/ssl/sslsecur.c b/lib/ssl/sslsecur.c
-index 5773748..a087ffc 100644
---- a/lib/ssl/sslsecur.c
-+++ b/lib/ssl/sslsecur.c
-@@ -1535,17 +1535,70 @@ SSL_CertDBHandleSet(PRFileDesc *fd, CERTCertDBHandle *dbHandle)
-     return SECSuccess;
- }
- 
--/* DO NOT USE. This function was exported in ssl.def with the wrong signature;
-- * this implementation exists to maintain link-time compatibility.
-- */
--int
--SSL_RestartHandshakeAfterCertReq(sslSocket *ss,
-+/*
-+ * attempt to restart the handshake after asynchronously handling
-+ * a request for the client's certificate.
-+ *
-+ * inputs:  
-+ *	cert	Client cert chosen by application.
-+ *		Note: ssl takes this reference, and does not bump the 
-+ *		reference count.  The caller should drop its reference
-+ *		without calling CERT_DestroyCertificate after calling this
-+ *		function.
-+ *
-+ *	key	Private key associated with cert.  This function takes
-+ *		ownership of the private key, so the caller should drop its
-+ *		reference without destroying the private key after this
-+ *		function returns.
-+ *
-+ *	certChain  Chain of signers for cert.  
-+ *		Note: ssl takes this reference, and does not copy the chain.
-+ *		The caller should drop its reference without destroying the 
-+ *		chain.  SSL will free the chain when it is done with it.
-+ *
-+ * Return value: XXX
-+ *
-+ * XXX This code only works on the initial handshake on a connection, XXX
-+ *     It does not work on a subsequent handshake (redo).
-+   */
-+SECStatus
-+SSL_RestartHandshakeAfterCertReq(PRFileDesc *fd,
-                                  CERTCertificate *cert,
-                                  SECKEYPrivateKey *key,
-                                  CERTCertificateList *certChain)
- {
--    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
--    return -1;
-+    sslSocket *ss = ssl_FindSocket(fd);
-+    SECStatus ret;
-+
-+    if (!ss) {
-+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_RestartHandshakeAfterCertReq",
-+                 SSL_GETPID(), fd));
-+        if (cert) {
-+            CERT_DestroyCertificate(cert);
-+        }
-+        if (key) {
-+            SECKEY_DestroyPrivateKey(key);
-+        }
-+        if (certChain) {
-+            CERT_DestroyCertificateList(certChain);
-+        }
-+        return SECFailure;
-+    }
-+
-+    ssl_Get1stHandshakeLock(ss); /************************************/
-+
-+    if (ss->version >= SSL_LIBRARY_VERSION_3_0) {
-+        ret = ssl3_RestartHandshakeAfterCertReq(ss, cert, key, certChain);
-+    } else {
-+        if (certChain != NULL) {
-+            CERT_DestroyCertificateList(certChain);
-+        }
-+        PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2);
-+        ret = SECFailure;
-+    }
-+
-+    ssl_Release1stHandshakeLock(ss); /************************************/
-+    return ret;
- }
- 
- /* DO NOT USE. This function was exported in ssl.def with the wrong signature;
diff --git a/chromium/net/third_party/nss/patches/secretexporterlocks.patch b/chromium/net/third_party/nss/patches/secretexporterlocks.patch
deleted file mode 100644
index a95ef278d0e..00000000000
--- a/chromium/net/third_party/nss/patches/secretexporterlocks.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-diff --git a/lib/ssl/sslinfo.c b/lib/ssl/sslinfo.c
-index 527b1a4..c59879c 100644
---- a/lib/ssl/sslinfo.c
-+++ b/lib/ssl/sslinfo.c
-@@ -406,8 +406,13 @@ SSL_ExportKeyingMaterial(PRFileDesc *fd,
-         return SECFailure;
-     }
- 
-+    ssl_GetRecvBufLock(ss);
-+    ssl_GetSSL3HandshakeLock(ss);
-+
-     if (ss->version < SSL_LIBRARY_VERSION_3_1_TLS) {
-         PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION);
-+        ssl_ReleaseSSL3HandshakeLock(ss);
-+        ssl_ReleaseRecvBufLock(ss);
-         return SECFailure;
-     }
- 
-@@ -418,6 +423,8 @@ SSL_ExportKeyingMaterial(PRFileDesc *fd,
-     }
-     val = PORT_Alloc(valLen);
-     if (!val) {
-+        ssl_ReleaseSSL3HandshakeLock(ss);
-+        ssl_ReleaseRecvBufLock(ss);
-         return SECFailure;
-     }
-     i = 0;
-@@ -445,6 +452,8 @@ SSL_ExportKeyingMaterial(PRFileDesc *fd,
-                                          valLen, out, outLen);
-     }
-     ssl_ReleaseSpecReadLock(ss);
-+    ssl_ReleaseSSL3HandshakeLock(ss);
-+    ssl_ReleaseRecvBufLock(ss);
- 
-     PORT_ZFree(val, valLen);
-     return rv;
diff --git a/chromium/net/third_party/nss/patches/sessioncache.patch b/chromium/net/third_party/nss/patches/sessioncache.patch
deleted file mode 100644
index 6e100c6f956..00000000000
--- a/chromium/net/third_party/nss/patches/sessioncache.patch
+++ /dev/null
@@ -1,90 +0,0 @@
-diff --git a/lib/ssl/ssl.h b/lib/ssl/ssl.h
-index 70665a1..de5078b 100644
---- a/lib/ssl/ssl.h
-+++ b/lib/ssl/ssl.h
-@@ -973,6 +973,18 @@ SSL_IMPORT int SSL_DataPending(PRFileDesc *fd);
- SSL_IMPORT SECStatus SSL_InvalidateSession(PRFileDesc *fd);
- 
- /*
-+** Cache the SSL session associated with fd, if it has not already been cached.
-+*/
-+SSL_IMPORT SECStatus SSL_CacheSession(PRFileDesc *fd);
-+
-+/*
-+** Cache the SSL session associated with fd, if it has not already been cached.
-+** This function may only be called when processing within a callback assigned
-+** via SSL_HandshakeCallback
-+*/
-+SSL_IMPORT SECStatus SSL_CacheSessionUnlocked(PRFileDesc *fd);
-+
-+/*
- ** Return a SECItem containing the SSL session ID associated with the fd.
- */
- SSL_IMPORT SECItem *SSL_GetSessionID(PRFileDesc *fd);
-diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
-index b100b9b..7649abe 100644
---- a/lib/ssl/ssl3con.c
-+++ b/lib/ssl/ssl3con.c
-@@ -12397,7 +12397,7 @@ ssl3_FinishHandshake(sslSocket *ss)
-         ss->ssl3.hs.receivedNewSessionTicket = PR_FALSE;
-     }
- 
--    if (ss->ssl3.hs.cacheSID) {
-+    if (ss->ssl3.hs.cacheSID && ss->sec.isServer) {
-         PORT_Assert(ss->sec.ci.sid->cached == never_cached);
-         (*ss->sec.cache)(ss->sec.ci.sid);
-         ss->ssl3.hs.cacheSID = PR_FALSE;
-diff --git a/lib/ssl/sslsecur.c b/lib/ssl/sslsecur.c
-index 7ff0a2c..129f1f3 100644
---- a/lib/ssl/sslsecur.c
-+++ b/lib/ssl/sslsecur.c
-@@ -1486,6 +1486,49 @@ SSL_InvalidateSession(PRFileDesc *fd)
-     return rv;
- }
- 
-+static void
-+ssl3_CacheSessionUnlocked(sslSocket *ss)
-+{
-+    PORT_Assert(!ss->sec.isServer);
-+
-+    if (ss->ssl3.hs.cacheSID) {
-+        ss->sec.cache(ss->sec.ci.sid);
-+        ss->ssl3.hs.cacheSID = PR_FALSE;
-+    }
-+}
-+
-+SECStatus
-+SSL_CacheSession(PRFileDesc *fd)
-+{
-+    sslSocket *ss = ssl_FindSocket(fd);
-+    SECStatus rv = SECFailure;
-+
-+    if (ss) {
-+        ssl_Get1stHandshakeLock(ss);
-+        ssl_GetSSL3HandshakeLock(ss);
-+
-+        ssl3_CacheSessionUnlocked(ss);
-+        rv = SECSuccess;
-+
-+        ssl_ReleaseSSL3HandshakeLock(ss);
-+        ssl_Release1stHandshakeLock(ss);
-+    }
-+    return rv;
-+}
-+
-+SECStatus
-+SSL_CacheSessionUnlocked(PRFileDesc *fd)
-+{
-+    sslSocket *ss = ssl_FindSocket(fd);
-+    SECStatus rv = SECFailure;
-+
-+    if (ss) {
-+        ssl3_CacheSessionUnlocked(ss);
-+        rv = SECSuccess;
-+    }
-+    return rv;
-+}
-+
- SECItem *
- SSL_GetSessionID(PRFileDesc *fd)
- {
diff --git a/chromium/net/third_party/nss/patches/tlsunique.patch b/chromium/net/third_party/nss/patches/tlsunique.patch
deleted file mode 100644
index d004ca73542..00000000000
--- a/chromium/net/third_party/nss/patches/tlsunique.patch
+++ /dev/null
@@ -1,156 +0,0 @@
-diff --git a/lib/ssl/ssl.h b/lib/ssl/ssl.h
-index 870a8cc..3550580 100644
---- a/lib/ssl/ssl.h
-+++ b/lib/ssl/ssl.h
-@@ -387,6 +387,27 @@ SSL_IMPORT SECStatus SSL_DHEGroupPrefSet(PRFileDesc *fd,
- */
- SSL_IMPORT SECStatus SSL_EnableWeakDHEPrimeGroup(PRFileDesc *fd, PRBool enabled);
- 
-+/* SSLChannelBindingType enumerates the types of supported channel binding
-+ * values. See RFC 5929. */
-+typedef enum SSLChannelBindingType {
-+    SSL_CHANNEL_BINDING_TLS_UNIQUE = 1,
-+} SSLChannelBindingType;
-+
-+/* SSL_GetChannelBinding copies the requested channel binding value, as defined
-+ * in RFC 5929, into |out|. The full length of the binding value is written
-+ * into |*outLen|.
-+ *
-+ * At most |outLenMax| bytes of data are copied. If |outLenMax| is
-+ * insufficient then the function returns SECFailure and sets the error to
-+ * SEC_ERROR_OUTPUT_LEN, but |*outLen| is still set.
-+ *
-+ * This call will fail if made during a renegotiation. */
-+SSL_IMPORT SECStatus SSL_GetChannelBinding(PRFileDesc *fd,
-+                                           SSLChannelBindingType binding_type,
-+                                           unsigned char *out,
-+                                           unsigned int *outLen,
-+                                           unsigned int outLenMax);
-+
- /* SSL Version Range API
- **
- ** This API should be used to control SSL 3.0 & TLS support instead of the
-diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
-index a2beec2..1394542 100644
---- a/lib/ssl/ssl3con.c
-+++ b/lib/ssl/ssl3con.c
-@@ -13808,6 +13808,69 @@ ssl3_InitSocketPolicy(sslSocket *ss)
-     ss->ssl3.signatureAlgorithmCount = PR_ARRAY_SIZE(defaultSignatureAlgorithms);
- }
- 
-+SECStatus
-+ssl3_GetTLSUniqueChannelBinding(sslSocket *ss,
-+                                unsigned char *out,
-+                                unsigned int *outLen,
-+                                unsigned int outLenMax)
-+{
-+    PRBool isTLS;
-+    int index = 0;
-+    unsigned int len;
-+    SECStatus rv = SECFailure;
-+
-+    *outLen = 0;
-+
-+    ssl_GetSSL3HandshakeLock(ss);
-+
-+    ssl_GetSpecReadLock(ss);
-+    isTLS = (PRBool)(ss->ssl3.cwSpec->version > SSL_LIBRARY_VERSION_3_0);
-+    ssl_ReleaseSpecReadLock(ss);
-+
-+    /* The tls-unique channel binding is the first Finished structure in the
-+     * handshake. In the case of a resumption, that's the server's Finished.
-+     * Otherwise, it's the client's Finished. */
-+    len = ss->ssl3.hs.finishedBytes;
-+
-+    /* Sending or receiving a Finished message will set finishedBytes to a
-+     * non-zero value. */
-+    if (len == 0) {
-+        PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED);
-+        goto loser;
-+    }
-+
-+    /* If we are in the middle of a renegotiation then the channel binding
-+     * value is poorly defined and depends on the direction that it will be
-+     * used on. Therefore we simply return an error in this case. */
-+    if (ss->firstHsDone && ss->ssl3.hs.ws != idle_handshake) {
-+        PORT_SetError(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED);
-+        goto loser;
-+    }
-+
-+    /* If resuming, then we want the second Finished value in the array, which
-+     * is the server's */
-+    if (ss->ssl3.hs.isResuming)
-+        index = 1;
-+
-+    *outLen = len;
-+    if (outLenMax < len) {
-+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
-+        goto loser;
-+    }
-+
-+    if (isTLS) {
-+        memcpy(out, &ss->ssl3.hs.finishedMsgs.tFinished[index], len);
-+    } else {
-+        memcpy(out, &ss->ssl3.hs.finishedMsgs.sFinished[index], len);
-+    }
-+
-+    rv = SECSuccess;
-+
-+loser:
-+    ssl_ReleaseSSL3HandshakeLock(ss);
-+    return rv;
-+}
-+
- /* ssl3_config_match_init must have already been called by
-  * the caller of this function.
-  */
-diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
-index 4607655..d47eb28 100644
---- a/lib/ssl/sslimpl.h
-+++ b/lib/ssl/sslimpl.h
-@@ -1981,6 +1981,11 @@ extern PRBool ssl_GetSessionTicketKeysPKCS11(SECKEYPrivateKey *svrPrivKey,
- extern SECStatus ssl3_ValidateNextProtoNego(const unsigned char *data,
-                                             unsigned int length);
- 
-+extern SECStatus ssl3_GetTLSUniqueChannelBinding(sslSocket *ss,
-+                                                 unsigned char *out,
-+                                                 unsigned int *outLen,
-+                                                 unsigned int outLenMax);
-+
- /* Construct a new NSPR socket for the app to use */
- extern PRFileDesc *ssl_NewPRSocket(sslSocket *ss, PRFileDesc *fd);
- extern void ssl_FreePRSocket(PRFileDesc *fd);
-diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
-index 84c78b3..e312d82 100644
---- a/lib/ssl/sslsock.c
-+++ b/lib/ssl/sslsock.c
-@@ -1700,6 +1700,29 @@ SSL_EnableWeakDHEPrimeGroup(PRFileDesc *fd, PRBool enabled)
-     return SECSuccess;
- }
- 
-+SECStatus
-+SSL_GetChannelBinding(PRFileDesc *fd,
-+                      SSLChannelBindingType binding_type,
-+                      unsigned char *out,
-+                      unsigned int *outLen,
-+                      unsigned int outLenMax)
-+{
-+    sslSocket *ss = ssl_FindSocket(fd);
-+
-+    if (!ss) {
-+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetChannelBinding",
-+                 SSL_GETPID(), fd));
-+        return SECFailure;
-+    }
-+
-+    if (binding_type != SSL_CHANNEL_BINDING_TLS_UNIQUE) {
-+        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
-+        return SECFailure;
-+    }
-+
-+    return ssl3_GetTLSUniqueChannelBinding(ss, out, outLen, outLenMax);
-+}
-+
- #include "dhe-param.c"
- 
- static const SSLDHEGroupType ssl_default_dhe_groups[] = {
diff --git a/chromium/net/third_party/nss/ssl.gyp b/chromium/net/third_party/nss/ssl.gyp
deleted file mode 100644
index 4abf713603a..00000000000
--- a/chromium/net/third_party/nss/ssl.gyp
+++ /dev/null
@@ -1,114 +0,0 @@
-# Copyright (c) 2012 The Chromium Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style license that can be
-# found in the LICENSE file.
-
-{
-  'targets': [
-    {
-      'target_name': 'libssl',
-      'type': '<(component)',
-      'product_name': 'crssl',  # Don't conflict with OpenSSL's libssl
-      'sources': [
-        'ssl/SSLerrs.h',
-        'ssl/authcert.c',
-        'ssl/cmpcert.c',
-        'ssl/derive.c',
-        'ssl/dtlscon.c',
-        'ssl/preenc.h',
-        'ssl/prelib.c',
-        'ssl/ssl.h',
-        'ssl/ssl3con.c',
-        'ssl/ssl3ecc.c',
-        'ssl/ssl3ext.c',
-        'ssl/ssl3gthr.c',
-        'ssl/ssl3prot.h',
-        'ssl/sslauth.c',
-        'ssl/sslcon.c',
-        'ssl/ssldef.c',
-        'ssl/sslenum.c',
-        'ssl/sslerr.c',
-        'ssl/sslerr.h',
-        'ssl/sslerrstrs.c',
-        'ssl/sslgathr.c',
-        'ssl/sslimpl.h',
-        'ssl/sslinfo.c',
-        'ssl/sslinit.c',
-        'ssl/sslmutex.c',
-        'ssl/sslmutex.h',
-        'ssl/sslnonce.c',
-        'ssl/sslproto.h',
-        'ssl/sslreveal.c',
-        'ssl/sslsecur.c',
-        'ssl/sslsnce.c',
-        'ssl/sslsock.c',
-        'ssl/sslt.h',
-        'ssl/ssltrace.c',
-        'ssl/sslver.c',
-        'ssl/tls13con.c',
-        'ssl/tls13con.h',
-        'ssl/tls13hkdf.c',
-        'ssl/tls13hkdf.h',
-        'ssl/unix_err.c',
-        'ssl/unix_err.h',
-      ],
-      'defines': [
-        'NO_PKCS11_BYPASS',
-        'NSS_ENABLE_ECC',
-        'USE_UTIL_DIRECTLY',
-      ],
-      'variables': {
-        'clang_warning_flags_unset': [
-          # ssl uses PR_ASSERT(!"foo") instead of PR_ASSERT(false && "foo")
-          '-Wstring-conversion',
-        ],
-      },
-      'conditions': [
-        ['component == "shared_library"', {
-          'conditions': [
-            ['OS == "ios"', {
-              'xcode_settings': {
-                'GCC_SYMBOLS_PRIVATE_EXTERN': 'NO',
-              },
-            }],
-          ],
-        }],
-        [ 'clang == 1', {
-          'cflags': [
-            # There is a broken header guard in /usr/include/nss/secmod.h:
-            # https://bugzilla.mozilla.org/show_bug.cgi?id=884072
-            '-Wno-header-guard',
-          ],
-        }],
-        [ 'OS == "ios"', {
-          'defines': [
-            'XP_UNIX',
-            'DARWIN',
-            'XP_MACOSX',
-          ],
-        }],
-        [ 'OS == "ios"', {
-          'dependencies': [
-            '../../../third_party/nss/nss.gyp:nspr',
-            '../../../third_party/nss/nss.gyp:nss',
-          ],
-          'export_dependent_settings': [
-            '../../../third_party/nss/nss.gyp:nspr',
-            '../../../third_party/nss/nss.gyp:nss',
-          ],
-          'direct_dependent_settings': {
-            'include_dirs': [
-              'ssl',
-            ],
-          },
-        }],
-      ],
-      'configurations': {
-        'Debug_Base': {
-          'defines': [
-            'DEBUG',
-          ],
-        },
-      },
-    },
-  ],
-}
diff --git a/chromium/net/third_party/nss/ssl/BUILD.gn b/chromium/net/third_party/nss/ssl/BUILD.gn
deleted file mode 100644
index 06a113d277b..00000000000
--- a/chromium/net/third_party/nss/ssl/BUILD.gn
+++ /dev/null
@@ -1,105 +0,0 @@
-# Copyright (c) 2013 The Chromium Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style license that can be
-# found in the LICENSE file.
-
-config("ssl_config") {
-  include_dirs = [ "." ]
-
-  if (is_mac || is_win) {
-    defines = [ "NSS_PLATFORM_CLIENT_AUTH" ]
-  }
-}
-
-component("libssl") {
-  output_name = "crssl"
-
-  sources = [
-    "SSLerrs.h",
-    "authcert.c",
-    "cmpcert.c",
-    "derive.c",
-    "dtlscon.c",
-    "preenc.h",
-    "prelib.c",
-    "ssl.h",
-    "ssl3con.c",
-    "ssl3ecc.c",
-    "ssl3ext.c",
-    "ssl3gthr.c",
-    "ssl3prot.h",
-    "sslauth.c",
-    "sslcon.c",
-    "ssldef.c",
-    "sslenum.c",
-    "sslerr.c",
-    "sslerr.h",
-    "sslerrstrs.c",
-    "sslgathr.c",
-    "sslimpl.h",
-    "sslinfo.c",
-    "sslinit.c",
-    "sslmutex.c",
-    "sslmutex.h",
-    "sslnonce.c",
-    "sslproto.h",
-    "sslreveal.c",
-    "sslsecur.c",
-    "sslsnce.c",
-    "sslsock.c",
-    "sslt.h",
-    "ssltrace.c",
-    "sslver.c",
-    "tls13con.c",
-    "tls13con.h",
-    "tls13hkdf.c",
-    "tls13hkdf.h",
-    "unix_err.c",
-    "unix_err.h",
-  ]
-
-  public_configs = [ ":ssl_config" ]
-
-  cflags = []
-  defines = [
-    "NO_PKCS11_BYPASS",
-    "NSS_ENABLE_ECC",
-    "USE_UTIL_DIRECTLY",
-  ]
-
-  configs -= [ "//build/config/compiler:chromium_code" ]
-  configs += [ "//build/config/compiler:no_chromium_code" ]
-
-  if (is_clang) {
-    # SSL triggers some of these Clang warnings.
-    configs -= [ "//build/config/clang:extra_warnings" ]
-
-    # There is a broken header guard in /usr/include/nss/secmod.h:
-    # https://bugzilla.mozilla.org/show_bug.cgi?id=884072
-    cflags = [ "-Wno-header-guard" ]
-
-    if (is_ios) {
-      # libssl uses routines deprecated on iOS (sem_init/sem_destroy).
-      # https://bugzilla.mozilla.org/show_bug.cgi?id=1192500
-      cflags += [ "-Wno-deprecated-declarations" ]
-    }
-  }
-
-  if (is_ios) {
-    defines += [
-      "XP_UNIX",
-      "DARWIN",
-      "XP_MACOSX",
-    ]
-  }
-
-  if (is_ios) {
-    public_deps = [
-      "//third_party/nss:nspr",
-      "//third_party/nss:nss",
-    ]
-  }
-
-  if (is_debug) {
-    defines += [ "DEBUG" ]
-  }
-}
diff --git a/chromium/net/third_party/nss/ssl/Makefile b/chromium/net/third_party/nss/ssl/Makefile
deleted file mode 100644
index d56cbf29ead..00000000000
--- a/chromium/net/third_party/nss/ssl/Makefile
+++ /dev/null
@@ -1,63 +0,0 @@
-#! gmake
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY).   #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL)          #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL)       #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
-#######################################################################
-
-include config.mk
-
-ifeq (,$(filter-out WIN%,$(OS_TARGET)))
-CSRCS	+= win32err.c
-DEFINES += -DIN_LIBSSL
-else
-ifeq ($(OS_TARGET),OS2)
-CSRCS	+= os2_err.c
-else
-CSRCS	+= unix_err.c
-endif
-endif
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL)                              #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL)                           #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL).                              #
-#######################################################################
-
-export:: private_export
-
-ifndef NSS_NO_PKCS11_BYPASS
-# indicates dependency on freebl static lib
-$(SHARED_LIBRARY): $(CRYPTOLIB)
-endif
diff --git a/chromium/net/third_party/nss/ssl/SSLerrs.h b/chromium/net/third_party/nss/ssl/SSLerrs.h
deleted file mode 100644
index 555e6296733..00000000000
--- a/chromium/net/third_party/nss/ssl/SSLerrs.h
+++ /dev/null
@@ -1,476 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-/* SSL-specific security error codes  */
-/* caller must include "sslerr.h" */
-
-ER3(SSL_ERROR_EXPORT_ONLY_SERVER, SSL_ERROR_BASE + 0,
-    "Unable to communicate securely.  Peer does not support high-grade encryption.")
-
-ER3(SSL_ERROR_US_ONLY_SERVER, SSL_ERROR_BASE + 1,
-    "Unable to communicate securely.  Peer requires high-grade encryption which is not supported.")
-
-ER3(SSL_ERROR_NO_CYPHER_OVERLAP, SSL_ERROR_BASE + 2,
-    "Cannot communicate securely with peer: no common encryption algorithm(s).")
-
-ER3(SSL_ERROR_NO_CERTIFICATE, SSL_ERROR_BASE + 3,
-    "Unable to find the certificate or key necessary for authentication.")
-
-ER3(SSL_ERROR_BAD_CERTIFICATE, SSL_ERROR_BASE + 4,
-    "Unable to communicate securely with peer: peers's certificate was rejected.")
-
-ER3(SSL_ERROR_UNUSED_5, SSL_ERROR_BASE + 5,
-    "Unrecognized SSL error code.")
-
-ER3(SSL_ERROR_BAD_CLIENT, SSL_ERROR_BASE + 6,
-    "The server has encountered bad data from the client.")
-
-ER3(SSL_ERROR_BAD_SERVER, SSL_ERROR_BASE + 7,
-    "The client has encountered bad data from the server.")
-
-ER3(SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE, SSL_ERROR_BASE + 8,
-    "Unsupported certificate type.")
-
-ER3(SSL_ERROR_UNSUPPORTED_VERSION, SSL_ERROR_BASE + 9,
-    "Peer using unsupported version of security protocol.")
-
-ER3(SSL_ERROR_UNUSED_10, SSL_ERROR_BASE + 10,
-    "Unrecognized SSL error code.")
-
-ER3(SSL_ERROR_WRONG_CERTIFICATE, SSL_ERROR_BASE + 11,
-    "Client authentication failed: private key in key database does not match public key in certificate database.")
-
-ER3(SSL_ERROR_BAD_CERT_DOMAIN, SSL_ERROR_BASE + 12,
-    "Unable to communicate securely with peer: requested domain name does not match the server's certificate.")
-
-ER3(SSL_ERROR_POST_WARNING, SSL_ERROR_BASE + 13,
-    "Unrecognized SSL error code.")
-
-ER3(SSL_ERROR_SSL2_DISABLED, (SSL_ERROR_BASE + 14),
-    "Peer only supports SSL version 2, which is locally disabled.")
-
-ER3(SSL_ERROR_BAD_MAC_READ, (SSL_ERROR_BASE + 15),
-    "SSL received a record with an incorrect Message Authentication Code.")
-
-ER3(SSL_ERROR_BAD_MAC_ALERT, (SSL_ERROR_BASE + 16),
-    "SSL peer reports incorrect Message Authentication Code.")
-
-ER3(SSL_ERROR_BAD_CERT_ALERT, (SSL_ERROR_BASE + 17),
-    "SSL peer cannot verify your certificate.")
-
-ER3(SSL_ERROR_REVOKED_CERT_ALERT, (SSL_ERROR_BASE + 18),
-    "SSL peer rejected your certificate as revoked.")
-
-ER3(SSL_ERROR_EXPIRED_CERT_ALERT, (SSL_ERROR_BASE + 19),
-    "SSL peer rejected your certificate as expired.")
-
-ER3(SSL_ERROR_SSL_DISABLED, (SSL_ERROR_BASE + 20),
-    "Cannot connect: SSL is disabled.")
-
-ER3(SSL_ERROR_FORTEZZA_PQG, (SSL_ERROR_BASE + 21),
-    "Cannot connect: SSL peer is in another FORTEZZA domain.")
-
-ER3(SSL_ERROR_UNKNOWN_CIPHER_SUITE, (SSL_ERROR_BASE + 22),
-    "An unknown SSL cipher suite has been requested.")
-
-ER3(SSL_ERROR_NO_CIPHERS_SUPPORTED, (SSL_ERROR_BASE + 23),
-    "No cipher suites are present and enabled in this program.")
-
-ER3(SSL_ERROR_BAD_BLOCK_PADDING, (SSL_ERROR_BASE + 24),
-    "SSL received a record with bad block padding.")
-
-ER3(SSL_ERROR_RX_RECORD_TOO_LONG, (SSL_ERROR_BASE + 25),
-    "SSL received a record that exceeded the maximum permissible length.")
-
-ER3(SSL_ERROR_TX_RECORD_TOO_LONG, (SSL_ERROR_BASE + 26),
-    "SSL attempted to send a record that exceeded the maximum permissible length.")
-
-/*
- * Received a malformed (too long or short or invalid content) SSL handshake.
- */
-ER3(SSL_ERROR_RX_MALFORMED_HELLO_REQUEST, (SSL_ERROR_BASE + 27),
-    "SSL received a malformed Hello Request handshake message.")
-
-ER3(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, (SSL_ERROR_BASE + 28),
-    "SSL received a malformed Client Hello handshake message.")
-
-ER3(SSL_ERROR_RX_MALFORMED_SERVER_HELLO, (SSL_ERROR_BASE + 29),
-    "SSL received a malformed Server Hello handshake message.")
-
-ER3(SSL_ERROR_RX_MALFORMED_CERTIFICATE, (SSL_ERROR_BASE + 30),
-    "SSL received a malformed Certificate handshake message.")
-
-ER3(SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH, (SSL_ERROR_BASE + 31),
-    "SSL received a malformed Server Key Exchange handshake message.")
-
-ER3(SSL_ERROR_RX_MALFORMED_CERT_REQUEST, (SSL_ERROR_BASE + 32),
-    "SSL received a malformed Certificate Request handshake message.")
-
-ER3(SSL_ERROR_RX_MALFORMED_HELLO_DONE, (SSL_ERROR_BASE + 33),
-    "SSL received a malformed Server Hello Done handshake message.")
-
-ER3(SSL_ERROR_RX_MALFORMED_CERT_VERIFY, (SSL_ERROR_BASE + 34),
-    "SSL received a malformed Certificate Verify handshake message.")
-
-ER3(SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH, (SSL_ERROR_BASE + 35),
-    "SSL received a malformed Client Key Exchange handshake message.")
-
-ER3(SSL_ERROR_RX_MALFORMED_FINISHED, (SSL_ERROR_BASE + 36),
-    "SSL received a malformed Finished handshake message.")
-
-/*
- * Received a malformed (too long or short) SSL record.
- */
-ER3(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER, (SSL_ERROR_BASE + 37),
-    "SSL received a malformed Change Cipher Spec record.")
-
-ER3(SSL_ERROR_RX_MALFORMED_ALERT, (SSL_ERROR_BASE + 38),
-    "SSL received a malformed Alert record.")
-
-ER3(SSL_ERROR_RX_MALFORMED_HANDSHAKE, (SSL_ERROR_BASE + 39),
-    "SSL received a malformed Handshake record.")
-
-ER3(SSL_ERROR_RX_MALFORMED_APPLICATION_DATA, (SSL_ERROR_BASE + 40),
-    "SSL received a malformed Application Data record.")
-
-/*
- * Received an SSL handshake that was inappropriate for the state we're in.
- * E.g. Server received message from server, or wrong state in state machine.
- */
-ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST, (SSL_ERROR_BASE + 41),
-    "SSL received an unexpected Hello Request handshake message.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO, (SSL_ERROR_BASE + 42),
-    "SSL received an unexpected Client Hello handshake message.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO, (SSL_ERROR_BASE + 43),
-    "SSL received an unexpected Server Hello handshake message.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_CERTIFICATE, (SSL_ERROR_BASE + 44),
-    "SSL received an unexpected Certificate handshake message.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH, (SSL_ERROR_BASE + 45),
-    "SSL received an unexpected Server Key Exchange handshake message.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST, (SSL_ERROR_BASE + 46),
-    "SSL received an unexpected Certificate Request handshake message.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE, (SSL_ERROR_BASE + 47),
-    "SSL received an unexpected Server Hello Done handshake message.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY, (SSL_ERROR_BASE + 48),
-    "SSL received an unexpected Certificate Verify handshake message.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH, (SSL_ERROR_BASE + 49),
-    "SSL received an unexpected Client Key Exchange handshake message.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_FINISHED, (SSL_ERROR_BASE + 50),
-    "SSL received an unexpected Finished handshake message.")
-
-/*
- * Received an SSL record that was inappropriate for the state we're in.
- */
-ER3(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER, (SSL_ERROR_BASE + 51),
-    "SSL received an unexpected Change Cipher Spec record.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_ALERT, (SSL_ERROR_BASE + 52),
-    "SSL received an unexpected Alert record.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE, (SSL_ERROR_BASE + 53),
-    "SSL received an unexpected Handshake record.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA, (SSL_ERROR_BASE + 54),
-    "SSL received an unexpected Application Data record.")
-
-/*
- * Received record/message with unknown discriminant.
- */
-ER3(SSL_ERROR_RX_UNKNOWN_RECORD_TYPE, (SSL_ERROR_BASE + 55),
-    "SSL received a record with an unknown content type.")
-
-ER3(SSL_ERROR_RX_UNKNOWN_HANDSHAKE, (SSL_ERROR_BASE + 56),
-    "SSL received a handshake message with an unknown message type.")
-
-ER3(SSL_ERROR_RX_UNKNOWN_ALERT, (SSL_ERROR_BASE + 57),
-    "SSL received an alert record with an unknown alert description.")
-
-/*
- * Received an alert reporting what we did wrong.  (more alerts above)
- */
-ER3(SSL_ERROR_CLOSE_NOTIFY_ALERT, (SSL_ERROR_BASE + 58),
-    "SSL peer has closed this connection.")
-
-ER3(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT, (SSL_ERROR_BASE + 59),
-    "SSL peer was not expecting a handshake message it received.")
-
-ER3(SSL_ERROR_DECOMPRESSION_FAILURE_ALERT, (SSL_ERROR_BASE + 60),
-    "SSL peer was unable to successfully decompress an SSL record it received.")
-
-ER3(SSL_ERROR_HANDSHAKE_FAILURE_ALERT, (SSL_ERROR_BASE + 61),
-    "SSL peer was unable to negotiate an acceptable set of security parameters.")
-
-ER3(SSL_ERROR_ILLEGAL_PARAMETER_ALERT, (SSL_ERROR_BASE + 62),
-    "SSL peer rejected a handshake message for unacceptable content.")
-
-ER3(SSL_ERROR_UNSUPPORTED_CERT_ALERT, (SSL_ERROR_BASE + 63),
-    "SSL peer does not support certificates of the type it received.")
-
-ER3(SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT, (SSL_ERROR_BASE + 64),
-    "SSL peer had some unspecified issue with the certificate it received.")
-
-ER3(SSL_ERROR_GENERATE_RANDOM_FAILURE, (SSL_ERROR_BASE + 65),
-    "SSL experienced a failure of its random number generator.")
-
-ER3(SSL_ERROR_SIGN_HASHES_FAILURE, (SSL_ERROR_BASE + 66),
-    "Unable to digitally sign data required to verify your certificate.")
-
-ER3(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE, (SSL_ERROR_BASE + 67),
-    "SSL was unable to extract the public key from the peer's certificate.")
-
-ER3(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE, (SSL_ERROR_BASE + 68),
-    "Unspecified failure while processing SSL Server Key Exchange handshake.")
-
-ER3(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE, (SSL_ERROR_BASE + 69),
-    "Unspecified failure while processing SSL Client Key Exchange handshake.")
-
-ER3(SSL_ERROR_ENCRYPTION_FAILURE, (SSL_ERROR_BASE + 70),
-    "Bulk data encryption algorithm failed in selected cipher suite.")
-
-ER3(SSL_ERROR_DECRYPTION_FAILURE, (SSL_ERROR_BASE + 71),
-    "Bulk data decryption algorithm failed in selected cipher suite.")
-
-ER3(SSL_ERROR_SOCKET_WRITE_FAILURE, (SSL_ERROR_BASE + 72),
-    "Attempt to write encrypted data to underlying socket failed.")
-
-ER3(SSL_ERROR_MD5_DIGEST_FAILURE, (SSL_ERROR_BASE + 73),
-    "MD5 digest function failed.")
-
-ER3(SSL_ERROR_SHA_DIGEST_FAILURE, (SSL_ERROR_BASE + 74),
-    "SHA-1 digest function failed.")
-
-ER3(SSL_ERROR_MAC_COMPUTATION_FAILURE, (SSL_ERROR_BASE + 75),
-    "MAC computation failed.")
-
-ER3(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE, (SSL_ERROR_BASE + 76),
-    "Failure to create Symmetric Key context.")
-
-ER3(SSL_ERROR_SYM_KEY_UNWRAP_FAILURE, (SSL_ERROR_BASE + 77),
-    "Failure to unwrap the Symmetric key in Client Key Exchange message.")
-
-ER3(SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED, (SSL_ERROR_BASE + 78),
-    "SSL Server attempted to use domestic-grade public key with export cipher suite.")
-
-ER3(SSL_ERROR_IV_PARAM_FAILURE, (SSL_ERROR_BASE + 79),
-    "PKCS11 code failed to translate an IV into a param.")
-
-ER3(SSL_ERROR_INIT_CIPHER_SUITE_FAILURE, (SSL_ERROR_BASE + 80),
-    "Failed to initialize the selected cipher suite.")
-
-ER3(SSL_ERROR_SESSION_KEY_GEN_FAILURE, (SSL_ERROR_BASE + 81),
-    "Client failed to generate session keys for SSL session.")
-
-ER3(SSL_ERROR_NO_SERVER_KEY_FOR_ALG, (SSL_ERROR_BASE + 82),
-    "Server has no key for the attempted key exchange algorithm.")
-
-ER3(SSL_ERROR_TOKEN_INSERTION_REMOVAL, (SSL_ERROR_BASE + 83),
-    "PKCS#11 token was inserted or removed while operation was in progress.")
-
-ER3(SSL_ERROR_TOKEN_SLOT_NOT_FOUND, (SSL_ERROR_BASE + 84),
-    "No PKCS#11 token could be found to do a required operation.")
-
-ER3(SSL_ERROR_NO_COMPRESSION_OVERLAP, (SSL_ERROR_BASE + 85),
-    "Cannot communicate securely with peer: no common compression algorithm(s).")
-
-ER3(SSL_ERROR_HANDSHAKE_NOT_COMPLETED, (SSL_ERROR_BASE + 86),
-    "Cannot perform the operation until the handshake is complete.")
-
-ER3(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE, (SSL_ERROR_BASE + 87),
-    "Received incorrect handshakes hash values from peer.")
-
-ER3(SSL_ERROR_CERT_KEA_MISMATCH, (SSL_ERROR_BASE + 88),
-    "The certificate provided cannot be used with the selected key exchange algorithm.")
-
-ER3(SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA, (SSL_ERROR_BASE + 89),
-    "No certificate authority is trusted for SSL client authentication.")
-
-ER3(SSL_ERROR_SESSION_NOT_FOUND, (SSL_ERROR_BASE + 90),
-    "Client's SSL session ID not found in server's session cache.")
-
-ER3(SSL_ERROR_DECRYPTION_FAILED_ALERT, (SSL_ERROR_BASE + 91),
-    "Peer was unable to decrypt an SSL record it received.")
-
-ER3(SSL_ERROR_RECORD_OVERFLOW_ALERT, (SSL_ERROR_BASE + 92),
-    "Peer received an SSL record that was longer than is permitted.")
-
-ER3(SSL_ERROR_UNKNOWN_CA_ALERT, (SSL_ERROR_BASE + 93),
-    "Peer does not recognize and trust the CA that issued your certificate.")
-
-ER3(SSL_ERROR_ACCESS_DENIED_ALERT, (SSL_ERROR_BASE + 94),
-    "Peer received a valid certificate, but access was denied.")
-
-ER3(SSL_ERROR_DECODE_ERROR_ALERT, (SSL_ERROR_BASE + 95),
-    "Peer could not decode an SSL handshake message.")
-
-ER3(SSL_ERROR_DECRYPT_ERROR_ALERT, (SSL_ERROR_BASE + 96),
-    "Peer reports failure of signature verification or key exchange.")
-
-ER3(SSL_ERROR_EXPORT_RESTRICTION_ALERT, (SSL_ERROR_BASE + 97),
-    "Peer reports negotiation not in compliance with export regulations.")
-
-ER3(SSL_ERROR_PROTOCOL_VERSION_ALERT, (SSL_ERROR_BASE + 98),
-    "Peer reports incompatible or unsupported protocol version.")
-
-ER3(SSL_ERROR_INSUFFICIENT_SECURITY_ALERT, (SSL_ERROR_BASE + 99),
-    "Server requires ciphers more secure than those supported by client.")
-
-ER3(SSL_ERROR_INTERNAL_ERROR_ALERT, (SSL_ERROR_BASE + 100),
-    "Peer reports it experienced an internal error.")
-
-ER3(SSL_ERROR_USER_CANCELED_ALERT, (SSL_ERROR_BASE + 101),
-    "Peer user canceled handshake.")
-
-ER3(SSL_ERROR_NO_RENEGOTIATION_ALERT, (SSL_ERROR_BASE + 102),
-    "Peer does not permit renegotiation of SSL security parameters.")
-
-ER3(SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED, (SSL_ERROR_BASE + 103),
-    "SSL server cache not configured and not disabled for this socket.")
-
-ER3(SSL_ERROR_UNSUPPORTED_EXTENSION_ALERT, (SSL_ERROR_BASE + 104),
-    "SSL peer does not support requested TLS hello extension.")
-
-ER3(SSL_ERROR_CERTIFICATE_UNOBTAINABLE_ALERT, (SSL_ERROR_BASE + 105),
-    "SSL peer could not obtain your certificate from the supplied URL.")
-
-ER3(SSL_ERROR_UNRECOGNIZED_NAME_ALERT, (SSL_ERROR_BASE + 106),
-    "SSL peer has no certificate for the requested DNS name.")
-
-ER3(SSL_ERROR_BAD_CERT_STATUS_RESPONSE_ALERT, (SSL_ERROR_BASE + 107),
-    "SSL peer was unable to get an OCSP response for its certificate.")
-
-ER3(SSL_ERROR_BAD_CERT_HASH_VALUE_ALERT, (SSL_ERROR_BASE + 108),
-    "SSL peer reported bad certificate hash value.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET, (SSL_ERROR_BASE + 109),
-    "SSL received an unexpected New Session Ticket handshake message.")
-
-ER3(SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET, (SSL_ERROR_BASE + 110),
-    "SSL received a malformed New Session Ticket handshake message.")
-
-ER3(SSL_ERROR_DECOMPRESSION_FAILURE, (SSL_ERROR_BASE + 111),
-    "SSL received a compressed record that could not be decompressed.")
-
-ER3(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED, (SSL_ERROR_BASE + 112),
-    "Renegotiation is not allowed on this SSL socket.")
-
-ER3(SSL_ERROR_UNSAFE_NEGOTIATION, (SSL_ERROR_BASE + 113),
-    "Peer attempted old style (potentially vulnerable) handshake.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_UNCOMPRESSED_RECORD, (SSL_ERROR_BASE + 114),
-    "SSL received an unexpected uncompressed record.")
-
-ER3(SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY, (SSL_ERROR_BASE + 115),
-    "SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message.")
-
-ER3(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID, (SSL_ERROR_BASE + 116),
-    "SSL received invalid NPN extension data.")
-
-ER3(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2, (SSL_ERROR_BASE + 117),
-    "SSL feature not supported for SSL 2.0 connections.")
-
-ER3(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SERVERS, (SSL_ERROR_BASE + 118),
-    "SSL feature not supported for servers.")
-
-ER3(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_CLIENTS, (SSL_ERROR_BASE + 119),
-    "SSL feature not supported for clients.")
-
-ER3(SSL_ERROR_INVALID_VERSION_RANGE, (SSL_ERROR_BASE + 120),
-    "SSL version range is not valid.")
-
-ER3(SSL_ERROR_CIPHER_DISALLOWED_FOR_VERSION, (SSL_ERROR_BASE + 121),
-    "SSL peer selected a cipher suite disallowed for the selected protocol version.")
-
-ER3(SSL_ERROR_RX_MALFORMED_HELLO_VERIFY_REQUEST, (SSL_ERROR_BASE + 122),
-    "SSL received a malformed Hello Verify Request handshake message.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_VERIFY_REQUEST, (SSL_ERROR_BASE + 123),
-    "SSL received an unexpected Hello Verify Request handshake message.")
-
-ER3(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION, (SSL_ERROR_BASE + 124),
-    "SSL feature not supported for the protocol version.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_CERT_STATUS, (SSL_ERROR_BASE + 125),
-    "SSL received an unexpected Certificate Status handshake message.")
-
-ER3(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM, (SSL_ERROR_BASE + 126),
-    "Unsupported hash algorithm used by TLS peer.")
-
-ER3(SSL_ERROR_DIGEST_FAILURE, (SSL_ERROR_BASE + 127),
-    "Digest function failed.")
-
-ER3(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM, (SSL_ERROR_BASE + 128),
-    "Incorrect signature algorithm specified in a digitally-signed element.")
-
-ER3(SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK, (SSL_ERROR_BASE + 129),
-    "The next protocol negotiation extension was enabled, but the callback was cleared prior to being needed.")
-
-ER3(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL, (SSL_ERROR_BASE + 130),
-    "The server supports no protocols that the client advertises in the ALPN extension.")
-
-ER3(SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT, (SSL_ERROR_BASE + 131),
-    "The server rejected the handshake because the client downgraded to a lower "
-    "TLS version than the server supports.")
-
-ER3(SSL_ERROR_WEAK_SERVER_CERT_KEY, (SSL_ERROR_BASE + 132),
-    "The server certificate included a public key that was too weak.")
-
-ER3(SSL_ERROR_RX_SHORT_DTLS_READ, (SSL_ERROR_BASE + 133),
-    "Not enough room in buffer for DTLS record.")
-
-ER3(SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM, (SSL_ERROR_BASE + 134),
-    "No supported TLS signature algorithm was configured.")
-
-ER3(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM, (SSL_ERROR_BASE + 135),
-    "The peer used an unsupported combination of signature and hash algorithm.")
-
-ER3(SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET, (SSL_ERROR_BASE + 136),
-    "The peer tried to resume without a correct extended_master_secret extension")
-
-ER3(SSL_ERROR_UNEXPECTED_EXTENDED_MASTER_SECRET, (SSL_ERROR_BASE + 137),
-    "The peer tried to resume with an unexpected extended_master_secret extension")
-
-ER3(SSL_ERROR_RX_MALFORMED_KEY_SHARE, (SSL_ERROR_BASE + 138),
-    "SSL received a malformed Key Share extension.")
-
-ER3(SSL_ERROR_MISSING_KEY_SHARE, (SSL_ERROR_BASE + 139),
-    "SSL expected a Key Share extension.")
-
-ER3(SSL_ERROR_RX_MALFORMED_ECDHE_KEY_SHARE, (SSL_ERROR_BASE + 140),
-    "SSL received a malformed ECDHE key share handshake extension.")
-
-ER3(SSL_ERROR_RX_MALFORMED_DHE_KEY_SHARE, (SSL_ERROR_BASE + 141),
-    "SSL received a malformed DHE key share handshake extension.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_ENCRYPTED_EXTENSIONS, (SSL_ERROR_BASE + 142),
-    "SSL received an unexpected Encrypted Extensions handshake message.")
-
-ER3(SSL_ERROR_MISSING_EXTENSION_ALERT, (SSL_ERROR_BASE + 143),
-    "SSL received a missing_extenson alert.")
-
-ER3(SSL_ERROR_KEY_EXCHANGE_FAILURE, (SSL_ERROR_BASE + 144),
-    "SSL had an error performing key exchange.")
-
-ER3(SSL_ERROR_EXTENSION_DISALLOWED_FOR_VERSION, (SSL_ERROR_BASE + 145),
-    "SSL received an extension that is not permitted for this version.")
-
-ER3(SSL_ERROR_RX_MALFORMED_ENCRYPTED_EXTENSIONS, (SSL_ERROR_BASE + 146),
-    "SSL received a malformed Encrypted Extensions handshake message.")
-
-ER3(SSL_ERROR_BAD_CHANNEL_ID_DATA, (SSL_ERROR_BASE + 147),
-    "SSL received a malformed TLS Channel ID extension.")
-
-ER3(SSL_ERROR_INVALID_CHANNEL_ID_KEY, (SSL_ERROR_BASE + 148),
-    "The application provided an invalid TLS Channel ID key.")
-
-ER3(SSL_ERROR_GET_CHANNEL_ID_FAILED, (SSL_ERROR_BASE + 149),
-    "The application could not get a TLS Channel ID.")
diff --git a/chromium/net/third_party/nss/ssl/authcert.c b/chromium/net/third_party/nss/ssl/authcert.c
deleted file mode 100644
index 88c7c084ae4..00000000000
--- a/chromium/net/third_party/nss/ssl/authcert.c
+++ /dev/null
@@ -1,89 +0,0 @@
-/*
- * NSS utility functions
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include <stdio.h>
-#include <string.h>
-#include "prerror.h"
-#include "secitem.h"
-#include "prnetdb.h"
-#include "cert.h"
-#include "nspr.h"
-#include "secder.h"
-#include "key.h"
-#include "nss.h"
-#include "ssl.h"
-#include "pk11func.h" /* for PK11_ function calls */
-
-/*
- * This callback used by SSL to pull client sertificate upon
- * server request
- */
-SECStatus
-NSS_GetClientAuthData(void *arg,
-                      PRFileDesc *socket,
-                      struct CERTDistNamesStr *caNames,
-                      struct CERTCertificateStr **pRetCert,
-                      struct SECKEYPrivateKeyStr **pRetKey)
-{
-    CERTCertificate *cert = NULL;
-    SECKEYPrivateKey *privkey = NULL;
-    char *chosenNickName = (char *)arg; /* CONST */
-    void *proto_win = NULL;
-    SECStatus rv = SECFailure;
-
-    proto_win = SSL_RevealPinArg(socket);
-
-    if (chosenNickName) {
-        cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(),
-                                        chosenNickName, certUsageSSLClient,
-                                        PR_FALSE, proto_win);
-        if (cert) {
-            privkey = PK11_FindKeyByAnyCert(cert, proto_win);
-            if (privkey) {
-                rv = SECSuccess;
-            } else {
-                CERT_DestroyCertificate(cert);
-            }
-        }
-    } else { /* no name given, automatically find the right cert. */
-        CERTCertNicknames *names;
-        int i;
-
-        names = CERT_GetCertNicknames(CERT_GetDefaultCertDB(),
-                                      SEC_CERT_NICKNAMES_USER, proto_win);
-        if (names != NULL) {
-            for (i = 0; i < names->numnicknames; i++) {
-                cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(),
-                                                names->nicknames[i], certUsageSSLClient,
-                                                PR_FALSE, proto_win);
-                if (!cert)
-                    continue;
-                /* Only check unexpired certs */
-                if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_TRUE) !=
-                    secCertTimeValid) {
-                    CERT_DestroyCertificate(cert);
-                    continue;
-                }
-                rv = NSS_CmpCertChainWCANames(cert, caNames);
-                if (rv == SECSuccess) {
-                    privkey =
-                        PK11_FindKeyByAnyCert(cert, proto_win);
-                    if (privkey)
-                        break;
-                }
-                rv = SECFailure;
-                CERT_DestroyCertificate(cert);
-            }
-            CERT_FreeNicknames(names);
-        }
-    }
-    if (rv == SECSuccess) {
-        *pRetCert = cert;
-        *pRetKey = privkey;
-    }
-    return rv;
-}
diff --git a/chromium/net/third_party/nss/ssl/derive.c b/chromium/net/third_party/nss/ssl/derive.c
deleted file mode 100644
index 026dbd2e029..00000000000
--- a/chromium/net/third_party/nss/ssl/derive.c
+++ /dev/null
@@ -1,896 +0,0 @@
-/*
- * Key Derivation that doesn't use PKCS11
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "ssl.h"    /* prereq to sslimpl.h */
-#include "certt.h"  /* prereq to sslimpl.h */
-#include "keythi.h" /* prereq to sslimpl.h */
-#include "sslimpl.h"
-#ifndef NO_PKCS11_BYPASS
-#include "blapi.h"
-#endif
-
-#include "keyhi.h"
-#include "pk11func.h"
-#include "secasn1.h"
-#include "cert.h"
-#include "secmodt.h"
-
-#include "sslproto.h"
-#include "sslerr.h"
-
-#ifndef NO_PKCS11_BYPASS
-/* make this a macro! */
-#ifdef NOT_A_MACRO
-static void
-buildSSLKey(unsigned char *keyBlock, unsigned int keyLen, SECItem *result,
-            const char *label)
-{
-    result->type = siBuffer;
-    result->data = keyBlock;
-    result->len = keyLen;
-    PRINT_BUF(100, (NULL, label, keyBlock, keyLen));
-}
-#else
-#define buildSSLKey(keyBlock, keyLen, result, label)     \
-    {                                                    \
-        (result)->type = siBuffer;                       \
-        (result)->data = keyBlock;                       \
-        (result)->len = keyLen;                          \
-        PRINT_BUF(100, (NULL, label, keyBlock, keyLen)); \
-    }
-#endif
-
-/*
- * SSL Key generation given pre master secret
- */
-#ifndef NUM_MIXERS
-#define NUM_MIXERS 9
-#endif
-static const char *const mixers[NUM_MIXERS] = {
-    "A",
-    "BB",
-    "CCC",
-    "DDDD",
-    "EEEEE",
-    "FFFFFF",
-    "GGGGGGG",
-    "HHHHHHHH",
-    "IIIIIIIII"
-};
-
-SECStatus
-ssl3_KeyAndMacDeriveBypass(
-    ssl3CipherSpec *pwSpec,
-    const unsigned char *cr,
-    const unsigned char *sr,
-    PRBool isTLS,
-    PRBool isExport)
-{
-    const ssl3BulkCipherDef *cipher_def = pwSpec->cipher_def;
-    unsigned char *key_block = pwSpec->key_block;
-    unsigned char *key_block2 = NULL;
-    unsigned int block_bytes = 0;
-    unsigned int block_needed = 0;
-    unsigned int i;
-    unsigned int keySize;    /* actual    size of cipher keys */
-    unsigned int effKeySize; /* effective size of cipher keys */
-    unsigned int macSize;    /* size of MAC secret */
-    unsigned int IVSize;     /* size of IV */
-    PRBool explicitIV = PR_FALSE;
-    SECStatus rv = SECFailure;
-    SECStatus status = SECSuccess;
-    PRBool isFIPS = PR_FALSE;
-    PRBool isTLS12 = pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2;
-
-    SECItem srcr;
-    SECItem crsr;
-
-    unsigned char srcrdata[SSL3_RANDOM_LENGTH * 2];
-    unsigned char crsrdata[SSL3_RANDOM_LENGTH * 2];
-    PRUint64 md5buf[22];
-    PRUint64 shabuf[40];
-
-#define md5Ctx ((MD5Context *)md5buf)
-#define shaCtx ((SHA1Context *)shabuf)
-
-    static const SECItem zed = { siBuffer, NULL, 0 };
-
-    if (pwSpec->msItem.data == NULL ||
-        pwSpec->msItem.len != SSL3_MASTER_SECRET_LENGTH) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return rv;
-    }
-
-    PRINT_BUF(100, (NULL, "Master Secret", pwSpec->msItem.data,
-                    pwSpec->msItem.len));
-
-    /* figure out how much is needed */
-    macSize = pwSpec->mac_size;
-    keySize = cipher_def->key_size;
-    effKeySize = cipher_def->secret_key_size;
-    IVSize = cipher_def->iv_size;
-    if (keySize == 0) {
-        effKeySize = IVSize = 0; /* only MACing */
-    }
-    if (cipher_def->type == type_block &&
-        pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_1) {
-        /* Block ciphers in >= TLS 1.1 use a per-record, explicit IV. */
-        explicitIV = PR_TRUE;
-    }
-    block_needed =
-        2 * (macSize + effKeySize + ((!isExport && !explicitIV) * IVSize));
-
-    /*
-     * clear out our returned keys so we can recover on failure
-     */
-    pwSpec->client.write_key_item = zed;
-    pwSpec->client.write_mac_key_item = zed;
-    pwSpec->server.write_key_item = zed;
-    pwSpec->server.write_mac_key_item = zed;
-
-    /* initialize the server random, client random block */
-    srcr.type = siBuffer;
-    srcr.data = srcrdata;
-    srcr.len = sizeof srcrdata;
-    PORT_Memcpy(srcrdata, sr, SSL3_RANDOM_LENGTH);
-    PORT_Memcpy(srcrdata + SSL3_RANDOM_LENGTH, cr, SSL3_RANDOM_LENGTH);
-
-    /* initialize the client random, server random block */
-    crsr.type = siBuffer;
-    crsr.data = crsrdata;
-    crsr.len = sizeof crsrdata;
-    PORT_Memcpy(crsrdata, cr, SSL3_RANDOM_LENGTH);
-    PORT_Memcpy(crsrdata + SSL3_RANDOM_LENGTH, sr, SSL3_RANDOM_LENGTH);
-    PRINT_BUF(100, (NULL, "Key & MAC CRSR", crsr.data, crsr.len));
-
-    /*
-     * generate the key material:
-     */
-    if (isTLS) {
-        SECItem keyblk;
-
-        keyblk.type = siBuffer;
-        keyblk.data = key_block;
-        keyblk.len = block_needed;
-
-        if (isTLS12) {
-            status = TLS_P_hash(HASH_AlgSHA256, &pwSpec->msItem,
-                                "key expansion", &srcr, &keyblk, isFIPS);
-        } else {
-            status = TLS_PRF(&pwSpec->msItem, "key expansion", &srcr, &keyblk,
-                             isFIPS);
-        }
-        if (status != SECSuccess) {
-            goto key_and_mac_derive_fail;
-        }
-        block_bytes = keyblk.len;
-    } else {
-       /* key_block =
-        *     MD5(master_secret + SHA('A' + master_secret +
-        *                      ServerHello.random + ClientHello.random)) +
-        *     MD5(master_secret + SHA('BB' + master_secret +
-        *                      ServerHello.random + ClientHello.random)) +
-        *     MD5(master_secret + SHA('CCC' + master_secret +
-        *                      ServerHello.random + ClientHello.random)) +
-        *     [...];
-        */
-        unsigned int made = 0;
-        for (i = 0; made < block_needed && i < NUM_MIXERS; ++i) {
-            unsigned int outLen;
-            unsigned char sha_out[SHA1_LENGTH];
-
-            SHA1_Begin(shaCtx);
-            SHA1_Update(shaCtx, (unsigned char *)(mixers[i]), i + 1);
-            SHA1_Update(shaCtx, pwSpec->msItem.data, pwSpec->msItem.len);
-            SHA1_Update(shaCtx, srcr.data, srcr.len);
-            SHA1_End(shaCtx, sha_out, &outLen, SHA1_LENGTH);
-            PORT_Assert(outLen == SHA1_LENGTH);
-
-            MD5_Begin(md5Ctx);
-            MD5_Update(md5Ctx, pwSpec->msItem.data, pwSpec->msItem.len);
-            MD5_Update(md5Ctx, sha_out, outLen);
-            MD5_End(md5Ctx, key_block + made, &outLen, MD5_LENGTH);
-            PORT_Assert(outLen == MD5_LENGTH);
-            made += MD5_LENGTH;
-        }
-        block_bytes = made;
-    }
-    PORT_Assert(block_bytes >= block_needed);
-    PORT_Assert(block_bytes <= sizeof pwSpec->key_block);
-    PRINT_BUF(100, (NULL, "key block", key_block, block_bytes));
-
-    /*
-     * Put the key material where it goes.
-     */
-    key_block2 = key_block + block_bytes;
-    i = 0; /* now shows how much consumed */
-
-    /*
-     * The key_block is partitioned as follows:
-     * client_write_MAC_secret[CipherSpec.hash_size]
-     */
-    buildSSLKey(&key_block[i], macSize, &pwSpec->client.write_mac_key_item,
-                "Client Write MAC Secret");
-    i += macSize;
-
-    /*
-     * server_write_MAC_secret[CipherSpec.hash_size]
-     */
-    buildSSLKey(&key_block[i], macSize, &pwSpec->server.write_mac_key_item,
-                "Server Write MAC Secret");
-    i += macSize;
-
-    if (!keySize) {
-        /* only MACing */
-        buildSSLKey(NULL, 0, &pwSpec->client.write_key_item,
-                    "Client Write Key (MAC only)");
-        buildSSLKey(NULL, 0, &pwSpec->server.write_key_item,
-                    "Server Write Key (MAC only)");
-        buildSSLKey(NULL, 0, &pwSpec->client.write_iv_item,
-                    "Client Write IV (MAC only)");
-        buildSSLKey(NULL, 0, &pwSpec->server.write_iv_item,
-                    "Server Write IV (MAC only)");
-    } else if (!isExport) {
-        /*
-        ** Generate Domestic write keys and IVs.
-        ** client_write_key[CipherSpec.key_material]
-        */
-        buildSSLKey(&key_block[i], keySize, &pwSpec->client.write_key_item,
-                    "Domestic Client Write Key");
-        i += keySize;
-
-        /*
-        ** server_write_key[CipherSpec.key_material]
-        */
-        buildSSLKey(&key_block[i], keySize, &pwSpec->server.write_key_item,
-                    "Domestic Server Write Key");
-        i += keySize;
-
-        if (IVSize > 0) {
-            if (explicitIV) {
-                static unsigned char zero_block[32];
-                PORT_Assert(IVSize <= sizeof zero_block);
-                buildSSLKey(&zero_block[0], IVSize,
-                            &pwSpec->client.write_iv_item,
-                            "Domestic Client Write IV");
-                buildSSLKey(&zero_block[0], IVSize,
-                            &pwSpec->server.write_iv_item,
-                            "Domestic Server Write IV");
-            } else {
-                /*
-                ** client_write_IV[CipherSpec.IV_size]
-                */
-                buildSSLKey(&key_block[i], IVSize,
-                            &pwSpec->client.write_iv_item,
-                            "Domestic Client Write IV");
-                i += IVSize;
-
-                /*
-                ** server_write_IV[CipherSpec.IV_size]
-                */
-                buildSSLKey(&key_block[i], IVSize,
-                            &pwSpec->server.write_iv_item,
-                            "Domestic Server Write IV");
-                i += IVSize;
-            }
-        }
-        PORT_Assert(i <= block_bytes);
-    } else if (!isTLS) {
-        /*
-        ** Generate SSL3 Export write keys and IVs.
-        */
-        unsigned int outLen;
-
-        /*
-        ** client_write_key[CipherSpec.key_material]
-        ** final_client_write_key = MD5(client_write_key +
-        **                   ClientHello.random + ServerHello.random);
-        */
-        MD5_Begin(md5Ctx);
-        MD5_Update(md5Ctx, &key_block[i], effKeySize);
-        MD5_Update(md5Ctx, crsr.data, crsr.len);
-        MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH);
-        i += effKeySize;
-        buildSSLKey(key_block2, keySize, &pwSpec->client.write_key_item,
-                    "SSL3 Export Client Write Key");
-        key_block2 += keySize;
-
-        /*
-        ** server_write_key[CipherSpec.key_material]
-        ** final_server_write_key = MD5(server_write_key +
-        **                    ServerHello.random + ClientHello.random);
-        */
-        MD5_Begin(md5Ctx);
-        MD5_Update(md5Ctx, &key_block[i], effKeySize);
-        MD5_Update(md5Ctx, srcr.data, srcr.len);
-        MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH);
-        i += effKeySize;
-        buildSSLKey(key_block2, keySize, &pwSpec->server.write_key_item,
-                    "SSL3 Export Server Write Key");
-        key_block2 += keySize;
-        PORT_Assert(i <= block_bytes);
-
-        if (IVSize) {
-            /*
-            ** client_write_IV =
-            **  MD5(ClientHello.random + ServerHello.random);
-            */
-            MD5_Begin(md5Ctx);
-            MD5_Update(md5Ctx, crsr.data, crsr.len);
-            MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH);
-            buildSSLKey(key_block2, IVSize, &pwSpec->client.write_iv_item,
-                        "SSL3 Export Client Write IV");
-            key_block2 += IVSize;
-
-            /*
-            ** server_write_IV =
-            **  MD5(ServerHello.random + ClientHello.random);
-            */
-            MD5_Begin(md5Ctx);
-            MD5_Update(md5Ctx, srcr.data, srcr.len);
-            MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH);
-            buildSSLKey(key_block2, IVSize, &pwSpec->server.write_iv_item,
-                        "SSL3 Export Server Write IV");
-            key_block2 += IVSize;
-        }
-
-        PORT_Assert(key_block2 - key_block <= sizeof pwSpec->key_block);
-    } else {
-        /*
-        ** Generate TLS Export write keys and IVs.
-        */
-        SECItem secret;
-        SECItem keyblk;
-
-        secret.type = siBuffer;
-        keyblk.type = siBuffer;
-        /*
-        ** client_write_key[CipherSpec.key_material]
-        ** final_client_write_key = PRF(client_write_key,
-        **                              "client write key",
-        **                              client_random + server_random);
-        */
-        secret.data = &key_block[i];
-        secret.len = effKeySize;
-        i += effKeySize;
-        keyblk.data = key_block2;
-        keyblk.len = keySize;
-        status = TLS_PRF(&secret, "client write key", &crsr, &keyblk, isFIPS);
-        if (status != SECSuccess) {
-            goto key_and_mac_derive_fail;
-        }
-        buildSSLKey(key_block2, keySize, &pwSpec->client.write_key_item,
-                    "TLS Export Client Write Key");
-        key_block2 += keySize;
-
-        /*
-        ** server_write_key[CipherSpec.key_material]
-        ** final_server_write_key = PRF(server_write_key,
-        **                              "server write key",
-        **                              client_random + server_random);
-        */
-        secret.data = &key_block[i];
-        secret.len = effKeySize;
-        i += effKeySize;
-        keyblk.data = key_block2;
-        keyblk.len = keySize;
-        status = TLS_PRF(&secret, "server write key", &crsr, &keyblk, isFIPS);
-        if (status != SECSuccess) {
-            goto key_and_mac_derive_fail;
-        }
-        buildSSLKey(key_block2, keySize, &pwSpec->server.write_key_item,
-                    "TLS Export Server Write Key");
-        key_block2 += keySize;
-
-        /*
-        ** iv_block = PRF("", "IV block", client_random + server_random);
-        ** client_write_IV[SecurityParameters.IV_size]
-        ** server_write_IV[SecurityParameters.IV_size]
-        */
-        if (IVSize) {
-            secret.data = NULL;
-            secret.len = 0;
-            keyblk.data = key_block2;
-            keyblk.len = 2 * IVSize;
-            status = TLS_PRF(&secret, "IV block", &crsr, &keyblk, isFIPS);
-            if (status != SECSuccess) {
-                goto key_and_mac_derive_fail;
-            }
-            buildSSLKey(key_block2, IVSize,
-                        &pwSpec->client.write_iv_item,
-                        "TLS Export Client Write IV");
-            buildSSLKey(key_block2 + IVSize, IVSize,
-                        &pwSpec->server.write_iv_item,
-                        "TLS Export Server Write IV");
-            key_block2 += 2 * IVSize;
-        }
-        PORT_Assert(key_block2 - key_block <= sizeof pwSpec->key_block);
-    }
-    rv = SECSuccess;
-
-key_and_mac_derive_fail:
-
-    MD5_DestroyContext(md5Ctx, PR_FALSE);
-    SHA1_DestroyContext(shaCtx, PR_FALSE);
-
-    if (rv != SECSuccess) {
-        PORT_SetError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
-    }
-
-    return rv;
-}
-
-/* derive the Master Secret from the PMS */
-/* Presently, this is only done wtih RSA PMS, and only on the server side,
- * so isRSA is always true.
- */
-SECStatus
-ssl3_MasterSecretDeriveBypass(
-    ssl3CipherSpec *pwSpec,
-    const unsigned char *cr,
-    const unsigned char *sr,
-    const SECItem *pms,
-    PRBool isTLS,
-    PRBool isRSA)
-{
-    unsigned char *key_block = pwSpec->key_block;
-    SECStatus rv = SECSuccess;
-    PRBool isFIPS = PR_FALSE;
-    PRBool isTLS12 = pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2;
-
-    SECItem crsr;
-
-    unsigned char crsrdata[SSL3_RANDOM_LENGTH * 2];
-    PRUint64 md5buf[22];
-    PRUint64 shabuf[40];
-
-#define md5Ctx ((MD5Context *)md5buf)
-#define shaCtx ((SHA1Context *)shabuf)
-
-    /* first do the consistancy checks */
-    if (isRSA) {
-        PORT_Assert(pms->len == SSL3_RSA_PMS_LENGTH);
-        if (pms->len != SSL3_RSA_PMS_LENGTH) {
-            PORT_SetError(SEC_ERROR_INVALID_ARGS);
-            return SECFailure;
-        }
-        /* caller must test PMS version for rollback */
-    }
-
-    /* initialize the client random, server random block */
-    crsr.type = siBuffer;
-    crsr.data = crsrdata;
-    crsr.len = sizeof crsrdata;
-    PORT_Memcpy(crsrdata, cr, SSL3_RANDOM_LENGTH);
-    PORT_Memcpy(crsrdata + SSL3_RANDOM_LENGTH, sr, SSL3_RANDOM_LENGTH);
-    PRINT_BUF(100, (NULL, "Master Secret CRSR", crsr.data, crsr.len));
-
-    /* finally do the key gen */
-    if (isTLS) {
-        SECItem master = { siBuffer, NULL, 0 };
-
-        master.data = key_block;
-        master.len = SSL3_MASTER_SECRET_LENGTH;
-
-        if (isTLS12) {
-            rv = TLS_P_hash(HASH_AlgSHA256, pms, "master secret", &crsr,
-                            &master, isFIPS);
-        } else {
-            rv = TLS_PRF(pms, "master secret", &crsr, &master, isFIPS);
-        }
-        if (rv != SECSuccess) {
-            PORT_SetError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
-        }
-    } else {
-        int i;
-        unsigned int made = 0;
-        for (i = 0; i < 3; i++) {
-            unsigned int outLen;
-            unsigned char sha_out[SHA1_LENGTH];
-
-            SHA1_Begin(shaCtx);
-            SHA1_Update(shaCtx, (unsigned char *)mixers[i], i + 1);
-            SHA1_Update(shaCtx, pms->data, pms->len);
-            SHA1_Update(shaCtx, crsr.data, crsr.len);
-            SHA1_End(shaCtx, sha_out, &outLen, SHA1_LENGTH);
-            PORT_Assert(outLen == SHA1_LENGTH);
-
-            MD5_Begin(md5Ctx);
-            MD5_Update(md5Ctx, pms->data, pms->len);
-            MD5_Update(md5Ctx, sha_out, outLen);
-            MD5_End(md5Ctx, key_block + made, &outLen, MD5_LENGTH);
-            PORT_Assert(outLen == MD5_LENGTH);
-            made += outLen;
-        }
-    }
-
-    /* store the results */
-    PORT_Memcpy(pwSpec->raw_master_secret, key_block,
-                SSL3_MASTER_SECRET_LENGTH);
-    pwSpec->msItem.data = pwSpec->raw_master_secret;
-    pwSpec->msItem.len = SSL3_MASTER_SECRET_LENGTH;
-    PRINT_BUF(100, (NULL, "Master Secret", pwSpec->msItem.data,
-                    pwSpec->msItem.len));
-
-    return rv;
-}
-
-static SECStatus
-ssl_canExtractMS(PK11SymKey *pms, PRBool isTLS, PRBool isDH, PRBool *pcbp)
-{
-    SECStatus rv;
-    PK11SymKey *ms = NULL;
-    SECItem params = { siBuffer, NULL, 0 };
-    CK_SSL3_MASTER_KEY_DERIVE_PARAMS master_params;
-    unsigned char rand[SSL3_RANDOM_LENGTH];
-    CK_VERSION pms_version;
-    CK_MECHANISM_TYPE master_derive;
-    CK_MECHANISM_TYPE key_derive;
-    CK_FLAGS keyFlags;
-
-    if (pms == NULL)
-        return (SECFailure);
-
-    PORT_Memset(rand, 0, SSL3_RANDOM_LENGTH);
-
-    if (isTLS) {
-        if (isDH)
-            master_derive = CKM_TLS_MASTER_KEY_DERIVE_DH;
-        else
-            master_derive = CKM_TLS_MASTER_KEY_DERIVE;
-        key_derive = CKM_TLS_KEY_AND_MAC_DERIVE;
-        keyFlags = CKF_SIGN | CKF_VERIFY;
-    } else {
-        if (isDH)
-            master_derive = CKM_SSL3_MASTER_KEY_DERIVE_DH;
-        else
-            master_derive = CKM_SSL3_MASTER_KEY_DERIVE;
-        key_derive = CKM_SSL3_KEY_AND_MAC_DERIVE;
-        keyFlags = 0;
-    }
-
-    master_params.pVersion = &pms_version;
-    master_params.RandomInfo.pClientRandom = rand;
-    master_params.RandomInfo.ulClientRandomLen = SSL3_RANDOM_LENGTH;
-    master_params.RandomInfo.pServerRandom = rand;
-    master_params.RandomInfo.ulServerRandomLen = SSL3_RANDOM_LENGTH;
-
-    params.data = (unsigned char *)&master_params;
-    params.len = sizeof master_params;
-
-    ms = PK11_DeriveWithFlags(pms, master_derive, &params, key_derive,
-                              CKA_DERIVE, 0, keyFlags);
-    if (ms == NULL)
-        return (SECFailure);
-
-    rv = PK11_ExtractKeyValue(ms);
-    *pcbp = (rv == SECSuccess);
-    PK11_FreeSymKey(ms);
-
-    return (rv);
-}
-#endif /* !NO_PKCS11_BYPASS */
-
-/* Check the key exchange algorithm for each cipher in the list to see if
- * a master secret key can be extracted. If the KEA will use keys from the
- * specified cert make sure the extract operation is attempted from the slot
- * where the private key resides.
- * If MS can be extracted for all ciphers, (*pcanbypass) is set to TRUE and
- * SECSuccess is returned. In all other cases but one (*pcanbypass) is
- * set to FALSE and SECFailure is returned.
- * In that last case Derive() has been called successfully but the MS is null,
- * CanBypass sets (*pcanbypass) to FALSE and returns SECSuccess indicating the
- * arguments were all valid but the slot cannot be bypassed.
- */
-
-/* XXX Add SSL_CBP_TLS1_1 and test it in protocolmask when setting isTLS. */
-
-SECStatus
-SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey,
-              PRUint32 protocolmask, PRUint16 *ciphersuites, int nsuites,
-              PRBool *pcanbypass, void *pwArg)
-{
-#ifdef NO_PKCS11_BYPASS
-    if (!pcanbypass) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-    *pcanbypass = PR_FALSE;
-    return SECSuccess;
-#else
-    SECStatus rv;
-    int i;
-    PRUint16 suite;
-    PK11SymKey *pms = NULL;
-    SECKEYPublicKey *srvPubkey = NULL;
-    KeyType privKeytype;
-    PK11SlotInfo *slot = NULL;
-    SECItem param;
-    CK_VERSION version;
-    CK_MECHANISM_TYPE mechanism_array[2];
-    SECItem enc_pms = { siBuffer, NULL, 0 };
-    PRBool isTLS = PR_FALSE;
-    SSLCipherSuiteInfo csdef;
-    PRBool testrsa = PR_FALSE;
-    PRBool testrsa_export = PR_FALSE;
-    PRBool testecdh = PR_FALSE;
-    PRBool testecdhe = PR_FALSE;
-#ifndef NSS_DISABLE_ECC
-    SECKEYECParams ecParams = { siBuffer, NULL, 0 };
-#endif
-
-    if (!cert || !srvPrivkey || !ciphersuites || !pcanbypass) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-
-    srvPubkey = CERT_ExtractPublicKey(cert);
-    if (!srvPubkey)
-        return SECFailure;
-
-    *pcanbypass = PR_TRUE;
-    rv = SECFailure;
-
-    /* determine which KEAs to test */
-    /* 0 (TLS_NULL_WITH_NULL_NULL) is used as a list terminator because
-     * SSL3 and TLS specs forbid negotiating that cipher suite number.
-     */
-    for (i = 0; i < nsuites && (suite = *ciphersuites++) != 0; i++) {
-        /* skip SSL2 cipher suites and ones NSS doesn't support */
-        if (SSL_GetCipherSuiteInfo(suite, &csdef, sizeof(csdef)) != SECSuccess ||
-            SSL_IS_SSL2_CIPHER(suite))
-            continue;
-        switch (csdef.keaType) {
-            case ssl_kea_rsa:
-                switch (csdef.cipherSuite) {
-                    case TLS_RSA_EXPORT1024_WITH_RC4_56_SHA:
-                    case TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA:
-                    case TLS_RSA_EXPORT_WITH_RC4_40_MD5:
-                    case TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
-                        testrsa_export = PR_TRUE;
-                }
-                if (!testrsa_export)
-                    testrsa = PR_TRUE;
-                break;
-            case ssl_kea_ecdh:
-                if (strcmp(csdef.keaTypeName, "ECDHE") == 0) /* ephemeral? */
-                    testecdhe = PR_TRUE;
-                else
-                    testecdh = PR_TRUE;
-                break;
-            case ssl_kea_dh:
-            /* this is actually DHE */
-            default:
-                continue;
-        }
-    }
-
-    /* For each protocol try to derive and extract an MS.
-     * Failure of function any function except MS extract means
-     * continue with the next cipher test. Stop testing when the list is
-     * exhausted or when the first MS extract--not derive--fails.
-     */
-    privKeytype = SECKEY_GetPrivateKeyType(srvPrivkey);
-    protocolmask &= SSL_CBP_SSL3 | SSL_CBP_TLS1_0;
-    while (protocolmask) {
-        if (protocolmask & SSL_CBP_SSL3) {
-            isTLS = PR_FALSE;
-            protocolmask ^= SSL_CBP_SSL3;
-        } else {
-            isTLS = PR_TRUE;
-            protocolmask ^= SSL_CBP_TLS1_0;
-        }
-
-        if (privKeytype == rsaKey && testrsa_export) {
-            if (PK11_GetPrivateModulusLen(srvPrivkey) > EXPORT_RSA_KEY_LENGTH) {
-                *pcanbypass = PR_FALSE;
-                rv = SECSuccess;
-                break;
-            } else
-                testrsa = PR_TRUE;
-        }
-        for (; privKeytype == rsaKey && testrsa;) {
-            /* TLS_RSA */
-            unsigned char rsaPmsBuf[SSL3_RSA_PMS_LENGTH];
-            unsigned int outLen = 0;
-            CK_MECHANISM_TYPE target;
-            SECStatus irv;
-
-            mechanism_array[0] = CKM_SSL3_PRE_MASTER_KEY_GEN;
-            mechanism_array[1] = CKM_RSA_PKCS;
-
-            slot = PK11_GetBestSlotMultiple(mechanism_array, 2, pwArg);
-            if (slot == NULL) {
-                PORT_SetError(SSL_ERROR_TOKEN_SLOT_NOT_FOUND);
-                break;
-            }
-
-            /* Generate the pre-master secret ...  (client side) */
-            version.major = 3 /*MSB(clientHelloVersion)*/;
-            version.minor = 0 /*LSB(clientHelloVersion)*/;
-            param.data = (unsigned char *)&version;
-            param.len = sizeof version;
-            pms = PK11_KeyGen(slot, CKM_SSL3_PRE_MASTER_KEY_GEN, &param, 0, pwArg);
-            PK11_FreeSlot(slot);
-            if (!pms)
-                break;
-            /* now wrap it */
-            enc_pms.len = SECKEY_PublicKeyStrength(srvPubkey);
-            enc_pms.data = (unsigned char *)PORT_Alloc(enc_pms.len);
-            if (enc_pms.data == NULL) {
-                PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
-                break;
-            }
-            irv = PK11_PubWrapSymKey(CKM_RSA_PKCS, srvPubkey, pms, &enc_pms);
-            if (irv != SECSuccess)
-                break;
-            PK11_FreeSymKey(pms);
-            pms = NULL;
-            /* now do the server side--check the triple bypass first */
-            rv = PK11_PrivDecryptPKCS1(srvPrivkey, rsaPmsBuf, &outLen,
-                                       sizeof rsaPmsBuf,
-                                       (unsigned char *)enc_pms.data,
-                                       enc_pms.len);
-            /* if decrypt worked we're done with the RSA test */
-            if (rv == SECSuccess) {
-                *pcanbypass = PR_TRUE;
-                break;
-            }
-            /* check for fallback to double bypass */
-            target = isTLS ? CKM_TLS_MASTER_KEY_DERIVE
-                           : CKM_SSL3_MASTER_KEY_DERIVE;
-            pms = PK11_PubUnwrapSymKey(srvPrivkey, &enc_pms,
-                                       target, CKA_DERIVE, 0);
-            rv = ssl_canExtractMS(pms, isTLS, PR_FALSE, pcanbypass);
-            if (rv == SECSuccess && *pcanbypass == PR_FALSE)
-                goto done;
-            break;
-        }
-
-        /* Check for NULL to avoid double free.
-         * SECItem_FreeItem sets data NULL in secitem.c#265
-         */
-        if (enc_pms.data != NULL) {
-            SECITEM_FreeItem(&enc_pms, PR_FALSE);
-        }
-#ifndef NSS_DISABLE_ECC
-        for (; (privKeytype == ecKey && (testecdh || testecdhe)) ||
-               (privKeytype == rsaKey && testecdhe);) {
-            CK_MECHANISM_TYPE target;
-            SECKEYPublicKey *keapub = NULL;
-            SECKEYPrivateKey *keapriv;
-            SECKEYPublicKey *cpub = NULL; /* client's ephemeral ECDH keys */
-            SECKEYPrivateKey *cpriv = NULL;
-            SECKEYECParams *pecParams = NULL;
-
-            if (privKeytype == ecKey && testecdhe) {
-                /* TLS_ECDHE_ECDSA */
-                pecParams = &srvPubkey->u.ec.DEREncodedParams;
-            } else if (privKeytype == rsaKey && testecdhe) {
-                /* TLS_ECDHE_RSA */
-                ECName ec_curve;
-                int serverKeyStrengthInBits;
-                int signatureKeyStrength;
-                int requiredECCbits;
-
-                /* find a curve of equivalent strength to the RSA key's */
-                requiredECCbits = PK11_GetPrivateModulusLen(srvPrivkey);
-                if (requiredECCbits < 0)
-                    break;
-                requiredECCbits *= BPB;
-                serverKeyStrengthInBits = srvPubkey->u.rsa.modulus.len;
-                if (srvPubkey->u.rsa.modulus.data[0] == 0) {
-                    serverKeyStrengthInBits--;
-                }
-                /* convert to strength in bits */
-                serverKeyStrengthInBits *= BPB;
-
-                signatureKeyStrength =
-                    SSL_RSASTRENGTH_TO_ECSTRENGTH(serverKeyStrengthInBits);
-
-                if (requiredECCbits > signatureKeyStrength)
-                    requiredECCbits = signatureKeyStrength;
-
-                ec_curve =
-                    ssl3_GetCurveWithECKeyStrength(
-                        ssl3_GetSupportedECCurveMask(NULL),
-                        requiredECCbits);
-                rv = ssl3_ECName2Params(NULL, ec_curve, &ecParams);
-                if (rv == SECFailure) {
-                    break;
-                }
-                pecParams = &ecParams;
-            }
-
-            if (testecdhe) {
-                /* generate server's ephemeral keys */
-                keapriv = SECKEY_CreateECPrivateKey(pecParams, &keapub, NULL);
-                if (!keapriv || !keapub) {
-                    if (keapriv)
-                        SECKEY_DestroyPrivateKey(keapriv);
-                    if (keapub)
-                        SECKEY_DestroyPublicKey(keapub);
-                    PORT_SetError(SEC_ERROR_KEYGEN_FAIL);
-                    rv = SECFailure;
-                    break;
-                }
-            } else {
-                /* TLS_ECDH_ECDSA */
-                keapub = srvPubkey;
-                keapriv = srvPrivkey;
-                pecParams = &srvPubkey->u.ec.DEREncodedParams;
-            }
-
-            /* perform client side ops */
-            /* generate a pair of ephemeral keys using server's parms */
-            cpriv = SECKEY_CreateECPrivateKey(pecParams, &cpub, NULL);
-            if (!cpriv || !cpub) {
-                if (testecdhe) {
-                    SECKEY_DestroyPrivateKey(keapriv);
-                    SECKEY_DestroyPublicKey(keapub);
-                }
-                PORT_SetError(SEC_ERROR_KEYGEN_FAIL);
-                rv = SECFailure;
-                break;
-            }
-            /* now do the server side */
-            /* determine the PMS using client's public value */
-            target = isTLS ? CKM_TLS_MASTER_KEY_DERIVE_DH
-                           : CKM_SSL3_MASTER_KEY_DERIVE_DH;
-            pms = PK11_PubDeriveWithKDF(keapriv, cpub, PR_FALSE, NULL, NULL,
-                                        CKM_ECDH1_DERIVE,
-                                        target,
-                                        CKA_DERIVE, 0, CKD_NULL, NULL, NULL);
-            rv = ssl_canExtractMS(pms, isTLS, PR_TRUE, pcanbypass);
-            SECKEY_DestroyPrivateKey(cpriv);
-            SECKEY_DestroyPublicKey(cpub);
-            if (testecdhe) {
-                SECKEY_DestroyPrivateKey(keapriv);
-                SECKEY_DestroyPublicKey(keapub);
-            }
-            if (rv == SECSuccess && *pcanbypass == PR_FALSE)
-                goto done;
-            break;
-        }
-        /* Check for NULL to avoid double free. */
-        if (ecParams.data != NULL) {
-            PORT_Free(ecParams.data);
-            ecParams.data = NULL;
-        }
-#endif /* NSS_DISABLE_ECC */
-        if (pms)
-            PK11_FreeSymKey(pms);
-    }
-
-    /* *pcanbypass has been set */
-    rv = SECSuccess;
-
-done:
-    if (pms)
-        PK11_FreeSymKey(pms);
-
-    /* Check for NULL to avoid double free.
-     * SECItem_FreeItem sets data NULL in secitem.c#265
-     */
-    if (enc_pms.data != NULL) {
-        SECITEM_FreeItem(&enc_pms, PR_FALSE);
-    }
-#ifndef NSS_DISABLE_ECC
-    if (ecParams.data != NULL) {
-        PORT_Free(ecParams.data);
-        ecParams.data = NULL;
-    }
-#endif /* NSS_DISABLE_ECC */
-
-    if (srvPubkey) {
-        SECKEY_DestroyPublicKey(srvPubkey);
-        srvPubkey = NULL;
-    }
-
-    return rv;
-#endif /* NO_PKCS11_BYPASS */
-}
diff --git a/chromium/net/third_party/nss/ssl/dhe-param.c b/chromium/net/third_party/nss/ssl/dhe-param.c
deleted file mode 100644
index ac0942e290a..00000000000
--- a/chromium/net/third_party/nss/ssl/dhe-param.c
+++ /dev/null
@@ -1,413 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-static const unsigned char ff_dhe_g2[] = { 2 };
-
-static const unsigned char ff_dhe_2048_p[] = {
-    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-    0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
-    0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
-    0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
-    0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
-    0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
-    0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
-    0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
-    0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
-    0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
-    0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
-    0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
-    0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
-    0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
-    0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
-    0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
-    0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
-    0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
-    0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
-    0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
-    0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
-    0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
-    0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
-    0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
-    0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
-    0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
-    0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
-    0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
-    0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
-    0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
-    0x88, 0x6B, 0x42, 0x38, 0x61, 0x28, 0x5C, 0x97,
-    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-};
-
-static const ssl3DHParams ff_dhe_2048 = {
-    { siBuffer, (unsigned char *)ff_dhe_2048_p, sizeof(ff_dhe_2048_p) },
-    { siBuffer, (unsigned char *)ff_dhe_g2, sizeof(ff_dhe_g2) },
-};
-
-static const unsigned char ff_dhe_3072_p[] = {
-    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-    0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
-    0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
-    0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
-    0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
-    0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
-    0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
-    0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
-    0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
-    0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
-    0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
-    0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
-    0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
-    0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
-    0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
-    0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
-    0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
-    0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
-    0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
-    0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
-    0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
-    0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
-    0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
-    0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
-    0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
-    0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
-    0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
-    0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
-    0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
-    0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
-    0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
-    0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
-    0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
-    0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
-    0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
-    0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
-    0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
-    0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
-    0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
-    0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
-    0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
-    0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
-    0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
-    0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
-    0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
-    0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
-    0x25, 0xE4, 0x1D, 0x2B, 0x66, 0xC6, 0x2E, 0x37,
-    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-};
-
-static const ssl3DHParams ff_dhe_3072 = {
-    { siBuffer, (unsigned char *)ff_dhe_3072_p, sizeof(ff_dhe_3072_p) },
-    { siBuffer, (unsigned char *)ff_dhe_g2, sizeof(ff_dhe_g2) },
-};
-
-static const unsigned char ff_dhe_4096_p[] = {
-    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-    0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
-    0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
-    0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
-    0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
-    0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
-    0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
-    0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
-    0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
-    0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
-    0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
-    0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
-    0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
-    0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
-    0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
-    0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
-    0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
-    0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
-    0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
-    0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
-    0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
-    0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
-    0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
-    0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
-    0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
-    0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
-    0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
-    0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
-    0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
-    0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
-    0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
-    0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
-    0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
-    0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
-    0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
-    0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
-    0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
-    0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
-    0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
-    0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
-    0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
-    0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
-    0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
-    0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
-    0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
-    0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
-    0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1,
-    0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
-    0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6,
-    0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18,
-    0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
-    0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A,
-    0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A,
-    0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
-    0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4,
-    0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38,
-    0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
-    0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C,
-    0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC,
-    0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
-    0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B,
-    0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1,
-    0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x65, 0x5F, 0x6A,
-    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-};
-
-static const ssl3DHParams ff_dhe_4096 = {
-    { siBuffer, (unsigned char *)ff_dhe_4096_p, sizeof(ff_dhe_4096_p) },
-    { siBuffer, (unsigned char *)ff_dhe_g2, sizeof(ff_dhe_g2) },
-};
-
-static const unsigned char ff_dhe_6144_p[] = {
-    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-    0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
-    0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
-    0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
-    0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
-    0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
-    0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
-    0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
-    0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
-    0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
-    0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
-    0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
-    0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
-    0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
-    0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
-    0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
-    0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
-    0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
-    0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
-    0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
-    0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
-    0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
-    0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
-    0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
-    0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
-    0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
-    0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
-    0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
-    0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
-    0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
-    0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
-    0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
-    0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
-    0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
-    0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
-    0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
-    0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
-    0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
-    0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
-    0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
-    0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
-    0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
-    0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
-    0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
-    0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
-    0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
-    0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1,
-    0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
-    0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6,
-    0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18,
-    0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
-    0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A,
-    0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A,
-    0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
-    0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4,
-    0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38,
-    0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
-    0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C,
-    0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC,
-    0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
-    0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B,
-    0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1,
-    0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02,
-    0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A,
-    0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A,
-    0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6,
-    0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8,
-    0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C,
-    0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A,
-    0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71,
-    0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F,
-    0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77,
-    0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10,
-    0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8,
-    0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3,
-    0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E,
-    0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3,
-    0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4,
-    0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1,
-    0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92,
-    0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6,
-    0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82,
-    0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE,
-    0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C,
-    0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E,
-    0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46,
-    0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A,
-    0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17,
-    0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03,
-    0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04,
-    0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6,
-    0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69,
-    0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1,
-    0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4,
-    0xA4, 0x0E, 0x32, 0x9C, 0xD0, 0xE4, 0x0E, 0x65,
-    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-};
-
-static const ssl3DHParams ff_dhe_6144 = {
-    { siBuffer, (unsigned char *)ff_dhe_6144_p, sizeof(ff_dhe_6144_p) },
-    { siBuffer, (unsigned char *)ff_dhe_g2, sizeof(ff_dhe_g2) },
-};
-
-static const unsigned char ff_dhe_8192_p[] = {
-    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-    0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
-    0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
-    0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
-    0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
-    0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
-    0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
-    0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
-    0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
-    0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
-    0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
-    0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
-    0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
-    0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
-    0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
-    0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
-    0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
-    0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
-    0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
-    0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
-    0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
-    0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
-    0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
-    0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
-    0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
-    0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
-    0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
-    0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
-    0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
-    0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
-    0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
-    0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
-    0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
-    0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
-    0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
-    0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
-    0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
-    0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
-    0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
-    0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
-    0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
-    0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
-    0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
-    0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
-    0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
-    0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
-    0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1,
-    0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
-    0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6,
-    0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18,
-    0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
-    0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A,
-    0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A,
-    0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
-    0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4,
-    0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38,
-    0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
-    0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C,
-    0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC,
-    0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
-    0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B,
-    0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1,
-    0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02,
-    0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A,
-    0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A,
-    0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6,
-    0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8,
-    0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C,
-    0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A,
-    0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71,
-    0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F,
-    0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77,
-    0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10,
-    0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8,
-    0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3,
-    0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E,
-    0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3,
-    0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4,
-    0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1,
-    0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92,
-    0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6,
-    0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82,
-    0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE,
-    0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C,
-    0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E,
-    0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46,
-    0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A,
-    0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17,
-    0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03,
-    0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04,
-    0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6,
-    0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69,
-    0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1,
-    0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4,
-    0xA4, 0x0E, 0x32, 0x9C, 0xCF, 0xF4, 0x6A, 0xAA,
-    0x36, 0xAD, 0x00, 0x4C, 0xF6, 0x00, 0xC8, 0x38,
-    0x1E, 0x42, 0x5A, 0x31, 0xD9, 0x51, 0xAE, 0x64,
-    0xFD, 0xB2, 0x3F, 0xCE, 0xC9, 0x50, 0x9D, 0x43,
-    0x68, 0x7F, 0xEB, 0x69, 0xED, 0xD1, 0xCC, 0x5E,
-    0x0B, 0x8C, 0xC3, 0xBD, 0xF6, 0x4B, 0x10, 0xEF,
-    0x86, 0xB6, 0x31, 0x42, 0xA3, 0xAB, 0x88, 0x29,
-    0x55, 0x5B, 0x2F, 0x74, 0x7C, 0x93, 0x26, 0x65,
-    0xCB, 0x2C, 0x0F, 0x1C, 0xC0, 0x1B, 0xD7, 0x02,
-    0x29, 0x38, 0x88, 0x39, 0xD2, 0xAF, 0x05, 0xE4,
-    0x54, 0x50, 0x4A, 0xC7, 0x8B, 0x75, 0x82, 0x82,
-    0x28, 0x46, 0xC0, 0xBA, 0x35, 0xC3, 0x5F, 0x5C,
-    0x59, 0x16, 0x0C, 0xC0, 0x46, 0xFD, 0x82, 0x51,
-    0x54, 0x1F, 0xC6, 0x8C, 0x9C, 0x86, 0xB0, 0x22,
-    0xBB, 0x70, 0x99, 0x87, 0x6A, 0x46, 0x0E, 0x74,
-    0x51, 0xA8, 0xA9, 0x31, 0x09, 0x70, 0x3F, 0xEE,
-    0x1C, 0x21, 0x7E, 0x6C, 0x38, 0x26, 0xE5, 0x2C,
-    0x51, 0xAA, 0x69, 0x1E, 0x0E, 0x42, 0x3C, 0xFC,
-    0x99, 0xE9, 0xE3, 0x16, 0x50, 0xC1, 0x21, 0x7B,
-    0x62, 0x48, 0x16, 0xCD, 0xAD, 0x9A, 0x95, 0xF9,
-    0xD5, 0xB8, 0x01, 0x94, 0x88, 0xD9, 0xC0, 0xA0,
-    0xA1, 0xFE, 0x30, 0x75, 0xA5, 0x77, 0xE2, 0x31,
-    0x83, 0xF8, 0x1D, 0x4A, 0x3F, 0x2F, 0xA4, 0x57,
-    0x1E, 0xFC, 0x8C, 0xE0, 0xBA, 0x8A, 0x4F, 0xE8,
-    0xB6, 0x85, 0x5D, 0xFE, 0x72, 0xB0, 0xA6, 0x6E,
-    0xDE, 0xD2, 0xFB, 0xAB, 0xFB, 0xE5, 0x8A, 0x30,
-    0xFA, 0xFA, 0xBE, 0x1C, 0x5D, 0x71, 0xA8, 0x7E,
-    0x2F, 0x74, 0x1E, 0xF8, 0xC1, 0xFE, 0x86, 0xFE,
-    0xA6, 0xBB, 0xFD, 0xE5, 0x30, 0x67, 0x7F, 0x0D,
-    0x97, 0xD1, 0x1D, 0x49, 0xF7, 0xA8, 0x44, 0x3D,
-    0x08, 0x22, 0xE5, 0x06, 0xA9, 0xF4, 0x61, 0x4E,
-    0x01, 0x1E, 0x2A, 0x94, 0x83, 0x8F, 0xF8, 0x8C,
-    0xD6, 0x8C, 0x8B, 0xB7, 0xC5, 0xC6, 0x42, 0x4C,
-    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-};
-
-static const ssl3DHParams ff_dhe_8192 = {
-    { siBuffer, (unsigned char *)ff_dhe_8192_p, sizeof(ff_dhe_8192_p) },
-    { siBuffer, (unsigned char *)ff_dhe_g2, sizeof(ff_dhe_g2) },
-};
diff --git a/chromium/net/third_party/nss/ssl/dtlscon.c b/chromium/net/third_party/nss/ssl/dtlscon.c
deleted file mode 100644
index 35d995e9175..00000000000
--- a/chromium/net/third_party/nss/ssl/dtlscon.c
+++ /dev/null
@@ -1,1195 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-/*
- * DTLS Protocol
- */
-
-#include "ssl.h"
-#include "sslimpl.h"
-#include "sslproto.h"
-
-#ifndef PR_ARRAY_SIZE
-#define PR_ARRAY_SIZE(a) (sizeof(a) / sizeof((a)[0]))
-#endif
-
-static SECStatus dtls_TransmitMessageFlight(sslSocket *ss);
-static void dtls_RetransmitTimerExpiredCb(sslSocket *ss);
-static SECStatus dtls_SendSavedWriteData(sslSocket *ss);
-
-/* -28 adjusts for the IP/UDP header */
-static const PRUint16 COMMON_MTU_VALUES[] = {
-    1500 - 28, /* Ethernet MTU */
-    1280 - 28, /* IPv6 minimum MTU */
-    576 - 28,  /* Common assumption */
-    256 - 28   /* We're in serious trouble now */
-};
-
-#define DTLS_COOKIE_BYTES 32
-
-/* List copied from ssl3con.c:cipherSuites */
-static const ssl3CipherSuite nonDTLSSuites[] = {
-#ifndef NSS_DISABLE_ECC
-    TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
-    TLS_ECDHE_RSA_WITH_RC4_128_SHA,
-#endif /* NSS_DISABLE_ECC */
-    TLS_DHE_DSS_WITH_RC4_128_SHA,
-#ifndef NSS_DISABLE_ECC
-    TLS_ECDH_RSA_WITH_RC4_128_SHA,
-    TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
-#endif /* NSS_DISABLE_ECC */
-    TLS_RSA_WITH_RC4_128_MD5,
-    TLS_RSA_WITH_RC4_128_SHA,
-    TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
-    TLS_RSA_EXPORT_WITH_RC4_40_MD5,
-    0 /* End of list marker */
-};
-
-/* Map back and forth between TLS and DTLS versions in wire format.
- * Mapping table is:
- *
- * TLS             DTLS
- * 1.1 (0302)      1.0 (feff)
- * 1.2 (0303)      1.2 (fefd)
- * 1.3 (0304)      1.3 (fefc)
- */
-SSL3ProtocolVersion
-dtls_TLSVersionToDTLSVersion(SSL3ProtocolVersion tlsv)
-{
-    if (tlsv == SSL_LIBRARY_VERSION_TLS_1_1) {
-        return SSL_LIBRARY_VERSION_DTLS_1_0_WIRE;
-    }
-    if (tlsv == SSL_LIBRARY_VERSION_TLS_1_2) {
-        return SSL_LIBRARY_VERSION_DTLS_1_2_WIRE;
-    }
-    if (tlsv == SSL_LIBRARY_VERSION_TLS_1_3) {
-        return SSL_LIBRARY_VERSION_DTLS_1_3_WIRE;
-    }
-
-    /* Anything other than TLS 1.1 or 1.2 is an error, so return
-     * the invalid version 0xffff. */
-    return 0xffff;
-}
-
-/* Map known DTLS versions to known TLS versions.
- * - Invalid versions (< 1.0) return a version of 0
- * - Versions > known return a version one higher than we know of
- * to accomodate a theoretically newer version */
-SSL3ProtocolVersion
-dtls_DTLSVersionToTLSVersion(SSL3ProtocolVersion dtlsv)
-{
-    if (MSB(dtlsv) == 0xff) {
-        return 0;
-    }
-
-    if (dtlsv == SSL_LIBRARY_VERSION_DTLS_1_0_WIRE) {
-        return SSL_LIBRARY_VERSION_TLS_1_1;
-    }
-    /* Handle the skipped version of DTLS 1.1 by returning
-     * an error. */
-    if (dtlsv == ((~0x0101) & 0xffff)) {
-        return 0;
-    }
-    if (dtlsv == SSL_LIBRARY_VERSION_DTLS_1_2_WIRE) {
-        return SSL_LIBRARY_VERSION_TLS_1_2;
-    }
-    if (dtlsv == SSL_LIBRARY_VERSION_DTLS_1_3_WIRE) {
-        return SSL_LIBRARY_VERSION_TLS_1_3;
-    }
-
-    /* Return a fictional higher version than we know of */
-    return SSL_LIBRARY_VERSION_MAX_SUPPORTED + 1;
-}
-
-/* On this socket, Disable non-DTLS cipher suites in the argument's list */
-SECStatus
-ssl3_DisableNonDTLSSuites(sslSocket *ss)
-{
-    const ssl3CipherSuite *suite;
-
-    for (suite = nonDTLSSuites; *suite; ++suite) {
-        PORT_CheckSuccess(ssl3_CipherPrefSet(ss, *suite, PR_FALSE));
-    }
-    return SECSuccess;
-}
-
-/* Allocate a DTLSQueuedMessage.
- *
- * Called from dtls_QueueMessage()
- */
-static DTLSQueuedMessage *
-dtls_AllocQueuedMessage(PRUint16 epoch, SSL3ContentType type,
-                        const unsigned char *data, PRUint32 len)
-{
-    DTLSQueuedMessage *msg = NULL;
-
-    msg = PORT_ZAlloc(sizeof(DTLSQueuedMessage));
-    if (!msg)
-        return NULL;
-
-    msg->data = PORT_Alloc(len);
-    if (!msg->data) {
-        PORT_Free(msg);
-        return NULL;
-    }
-    PORT_Memcpy(msg->data, data, len);
-
-    msg->len = len;
-    msg->epoch = epoch;
-    msg->type = type;
-
-    return msg;
-}
-
-/*
- * Free a handshake message
- *
- * Called from dtls_FreeHandshakeMessages()
- */
-static void
-dtls_FreeHandshakeMessage(DTLSQueuedMessage *msg)
-{
-    if (!msg)
-        return;
-
-    PORT_ZFree(msg->data, msg->len);
-    PORT_Free(msg);
-}
-
-/*
- * Free a list of handshake messages
- *
- * Called from:
- *              dtls_HandleHandshake()
- *              ssl3_DestroySSL3Info()
- */
-void
-dtls_FreeHandshakeMessages(PRCList *list)
-{
-    PRCList *cur_p;
-
-    while (!PR_CLIST_IS_EMPTY(list)) {
-        cur_p = PR_LIST_TAIL(list);
-        PR_REMOVE_LINK(cur_p);
-        dtls_FreeHandshakeMessage((DTLSQueuedMessage *)cur_p);
-    }
-}
-
-/* Called only from ssl3_HandleRecord, for each (deciphered) DTLS record.
- * origBuf is the decrypted ssl record content and is expected to contain
- * complete handshake records
- * Caller must hold the handshake and RecvBuf locks.
- *
- * Note that this code uses msg_len for two purposes:
- *
- * (1) To pass the length to ssl3_HandleHandshakeMessage()
- * (2) To carry the length of a message currently being reassembled
- *
- * However, unlike ssl3_HandleHandshake(), it is not used to carry
- * the state of reassembly (i.e., whether one is in progress). That
- * is carried in recvdHighWater and recvdFragments.
- */
-#define OFFSET_BYTE(o) (o / 8)
-#define OFFSET_MASK(o) (1 << (o % 8))
-
-SECStatus
-dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf)
-{
-    /* XXX OK for now.
-     * This doesn't work properly with asynchronous certificate validation.
-     * because that returns a WOULDBLOCK error. The current DTLS
-     * applications do not need asynchronous validation, but in the
-     * future we will need to add this.
-     */
-    sslBuffer buf = *origBuf;
-    SECStatus rv = SECSuccess;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    while (buf.len > 0) {
-        PRUint8 type;
-        PRUint32 message_length;
-        PRUint16 message_seq;
-        PRUint32 fragment_offset;
-        PRUint32 fragment_length;
-        PRUint32 offset;
-
-        if (buf.len < 12) {
-            PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE);
-            rv = SECFailure;
-            break;
-        }
-
-        /* Parse the header */
-        type = buf.buf[0];
-        message_length = (buf.buf[1] << 16) | (buf.buf[2] << 8) | buf.buf[3];
-        message_seq = (buf.buf[4] << 8) | buf.buf[5];
-        fragment_offset = (buf.buf[6] << 16) | (buf.buf[7] << 8) | buf.buf[8];
-        fragment_length = (buf.buf[9] << 16) | (buf.buf[10] << 8) | buf.buf[11];
-
-#define MAX_HANDSHAKE_MSG_LEN 0x1ffff /* 128k - 1 */
-        if (message_length > MAX_HANDSHAKE_MSG_LEN) {
-            (void)ssl3_DecodeError(ss);
-            PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE);
-            return SECFailure;
-        }
-#undef MAX_HANDSHAKE_MSG_LEN
-
-        buf.buf += 12;
-        buf.len -= 12;
-
-        /* This fragment must be complete */
-        if (buf.len < fragment_length) {
-            PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE);
-            rv = SECFailure;
-            break;
-        }
-
-        /* Sanity check the packet contents */
-        if ((fragment_length + fragment_offset) > message_length) {
-            PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE);
-            rv = SECFailure;
-            break;
-        }
-
-        /* There are three ways we could not be ready for this packet.
-         *
-         * 1. It's a partial next message.
-         * 2. It's a partial or complete message beyond the next
-         * 3. It's a message we've already seen
-         *
-         * If it's the complete next message we accept it right away.
-         * This is the common case for short messages
-         */
-        if ((message_seq == ss->ssl3.hs.recvMessageSeq) &&
-            (fragment_offset == 0) &&
-            (fragment_length == message_length)) {
-            /* Complete next message. Process immediately */
-            ss->ssl3.hs.msg_type = (SSL3HandshakeType)type;
-            ss->ssl3.hs.msg_len = message_length;
-
-            /* At this point we are advancing our state machine, so
-             * we can free our last flight of messages */
-            dtls_FreeHandshakeMessages(&ss->ssl3.hs.lastMessageFlight);
-            ss->ssl3.hs.recvdHighWater = -1;
-            dtls_CancelTimer(ss);
-
-            /* Reset the timer to the initial value if the retry counter
-             * is 0, per Sec. 4.2.4.1 */
-            if (ss->ssl3.hs.rtRetries == 0) {
-                ss->ssl3.hs.rtTimeoutMs = INITIAL_DTLS_TIMEOUT_MS;
-            }
-
-            rv = ssl3_HandleHandshakeMessage(ss, buf.buf, ss->ssl3.hs.msg_len);
-            if (rv == SECFailure) {
-                /* Do not attempt to process rest of messages in this record */
-                break;
-            }
-        } else {
-            if (message_seq < ss->ssl3.hs.recvMessageSeq) {
-                /* Case 3: we do an immediate retransmit if we're
-                 * in a waiting state*/
-                if (ss->ssl3.hs.rtTimerCb == NULL) {
-                    /* Ignore */
-                } else if (ss->ssl3.hs.rtTimerCb ==
-                           dtls_RetransmitTimerExpiredCb) {
-                    SSL_TRC(30, ("%d: SSL3[%d]: Retransmit detected",
-                                 SSL_GETPID(), ss->fd));
-                    /* Check to see if we retransmitted recently. If so,
-                     * suppress the triggered retransmit. This avoids
-                     * retransmit wars after packet loss.
-                     * This is not in RFC 5346 but should be
-                     */
-                    if ((PR_IntervalNow() - ss->ssl3.hs.rtTimerStarted) >
-                        (ss->ssl3.hs.rtTimeoutMs / 4)) {
-                        SSL_TRC(30,
-                                ("%d: SSL3[%d]: Shortcutting retransmit timer",
-                                 SSL_GETPID(), ss->fd));
-
-                        /* Cancel the timer and call the CB,
-                         * which re-arms the timer */
-                        dtls_CancelTimer(ss);
-                        dtls_RetransmitTimerExpiredCb(ss);
-                        rv = SECSuccess;
-                        break;
-                    } else {
-                        SSL_TRC(30,
-                                ("%d: SSL3[%d]: We just retransmitted. Ignoring.",
-                                 SSL_GETPID(), ss->fd));
-                        rv = SECSuccess;
-                        break;
-                    }
-                } else if (ss->ssl3.hs.rtTimerCb == dtls_FinishedTimerCb) {
-                    /* Retransmit the messages and re-arm the timer
-                     * Note that we are not backing off the timer here.
-                     * The spec isn't clear and my reasoning is that this
-                     * may be a re-ordered packet rather than slowness,
-                     * so let's be aggressive. */
-                    dtls_CancelTimer(ss);
-                    rv = dtls_TransmitMessageFlight(ss);
-                    if (rv == SECSuccess) {
-                        rv = dtls_StartTimer(ss, dtls_FinishedTimerCb);
-                    }
-                    if (rv != SECSuccess)
-                        return rv;
-                    break;
-                }
-            } else if (message_seq > ss->ssl3.hs.recvMessageSeq) {
-                /* Case 2
-                 *
-                 * Ignore this message. This means we don't handle out of
-                 * order complete messages that well, but we're still
-                 * compliant and this probably does not happen often
-                 *
-                 * XXX OK for now. Maybe do something smarter at some point?
-                 */
-            } else {
-                /* Case 1
-                 *
-                 * Buffer the fragment for reassembly
-                 */
-                /* Make room for the message */
-                if (ss->ssl3.hs.recvdHighWater == -1) {
-                    PRUint32 map_length = OFFSET_BYTE(message_length) + 1;
-
-                    rv = sslBuffer_Grow(&ss->ssl3.hs.msg_body, message_length);
-                    if (rv != SECSuccess)
-                        break;
-                    /* Make room for the fragment map */
-                    rv = sslBuffer_Grow(&ss->ssl3.hs.recvdFragments,
-                                        map_length);
-                    if (rv != SECSuccess)
-                        break;
-
-                    /* Reset the reassembly map */
-                    ss->ssl3.hs.recvdHighWater = 0;
-                    PORT_Memset(ss->ssl3.hs.recvdFragments.buf, 0,
-                                ss->ssl3.hs.recvdFragments.space);
-                    ss->ssl3.hs.msg_type = (SSL3HandshakeType)type;
-                    ss->ssl3.hs.msg_len = message_length;
-                }
-
-                /* If we have a message length mismatch, abandon the reassembly
-                 * in progress and hope that the next retransmit will give us
-                 * something sane
-                 */
-                if (message_length != ss->ssl3.hs.msg_len) {
-                    ss->ssl3.hs.recvdHighWater = -1;
-                    PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE);
-                    rv = SECFailure;
-                    break;
-                }
-
-                /* Now copy this fragment into the buffer */
-                PORT_Assert((fragment_offset + fragment_length) <=
-                            ss->ssl3.hs.msg_body.space);
-                PORT_Memcpy(ss->ssl3.hs.msg_body.buf + fragment_offset,
-                            buf.buf, fragment_length);
-
-                /* This logic is a bit tricky. We have two values for
-                 * reassembly state:
-                 *
-                 * - recvdHighWater contains the highest contiguous number of
-                 *   bytes received
-                 * - recvdFragments contains a bitmask of packets received
-                 *   above recvdHighWater
-                 *
-                 * This avoids having to fill in the bitmask in the common
-                 * case of adjacent fragments received in sequence
-                 */
-                if (fragment_offset <= (unsigned int)ss->ssl3.hs.recvdHighWater) {
-                    /* Either this is the adjacent fragment or an overlapping
-                     * fragment */
-                    ss->ssl3.hs.recvdHighWater = fragment_offset +
-                                                 fragment_length;
-                } else {
-                    for (offset = fragment_offset;
-                         offset < fragment_offset + fragment_length;
-                         offset++) {
-                        ss->ssl3.hs.recvdFragments.buf[OFFSET_BYTE(offset)] |=
-                            OFFSET_MASK(offset);
-                    }
-                }
-
-                /* Now figure out the new high water mark if appropriate */
-                for (offset = ss->ssl3.hs.recvdHighWater;
-                     offset < ss->ssl3.hs.msg_len; offset++) {
-                    /* Note that this loop is not efficient, since it counts
-                     * bit by bit. If we have a lot of out-of-order packets,
-                     * we should optimize this */
-                    if (ss->ssl3.hs.recvdFragments.buf[OFFSET_BYTE(offset)] &
-                        OFFSET_MASK(offset)) {
-                        ss->ssl3.hs.recvdHighWater++;
-                    } else {
-                        break;
-                    }
-                }
-
-                /* If we have all the bytes, then we are good to go */
-                if (ss->ssl3.hs.recvdHighWater == ss->ssl3.hs.msg_len) {
-                    ss->ssl3.hs.recvdHighWater = -1;
-
-                    rv = ssl3_HandleHandshakeMessage(ss,
-                                                     ss->ssl3.hs.msg_body.buf,
-                                                     ss->ssl3.hs.msg_len);
-                    if (rv == SECFailure)
-                        break; /* Skip rest of record */
-
-                    /* At this point we are advancing our state machine, so
-                     * we can free our last flight of messages */
-                    dtls_FreeHandshakeMessages(&ss->ssl3.hs.lastMessageFlight);
-                    dtls_CancelTimer(ss);
-
-                    /* If there have been no retries this time, reset the
-                     * timer value to the default per Section 4.2.4.1 */
-                    if (ss->ssl3.hs.rtRetries == 0) {
-                        ss->ssl3.hs.rtTimeoutMs = INITIAL_DTLS_TIMEOUT_MS;
-                    }
-                }
-            }
-        }
-
-        buf.buf += fragment_length;
-        buf.len -= fragment_length;
-    }
-
-    origBuf->len = 0; /* So ssl3_GatherAppDataRecord will keep looping. */
-
-    /* XXX OK for now. In future handle rv == SECWouldBlock safely in order
-     * to deal with asynchronous certificate verification */
-    return rv;
-}
-
-/* Enqueue a message (either handshake or CCS)
- *
- * Called from:
- *              dtls_StageHandshakeMessage()
- *              ssl3_SendChangeCipherSpecs()
- */
-SECStatus
-dtls_QueueMessage(sslSocket *ss, SSL3ContentType type,
-                  const SSL3Opaque *pIn, PRInt32 nIn)
-{
-    SECStatus rv = SECSuccess;
-    DTLSQueuedMessage *msg = NULL;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
-
-    msg = dtls_AllocQueuedMessage(ss->ssl3.cwSpec->epoch, type, pIn, nIn);
-
-    if (!msg) {
-        PORT_SetError(SEC_ERROR_NO_MEMORY);
-        rv = SECFailure;
-    } else {
-        PR_APPEND_LINK(&msg->link, &ss->ssl3.hs.lastMessageFlight);
-    }
-
-    return rv;
-}
-
-/* Add DTLS handshake message to the pending queue
- * Empty the sendBuf buffer.
- * This function returns SECSuccess or SECFailure, never SECWouldBlock.
- * Always set sendBuf.len to 0, even when returning SECFailure.
- *
- * Called from:
- *              ssl3_AppendHandshakeHeader()
- *              dtls_FlushHandshake()
- */
-SECStatus
-dtls_StageHandshakeMessage(sslSocket *ss)
-{
-    SECStatus rv = SECSuccess;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
-
-    /* This function is sometimes called when no data is actually to
-     * be staged, so just return SECSuccess. */
-    if (!ss->sec.ci.sendBuf.buf || !ss->sec.ci.sendBuf.len)
-        return rv;
-
-    rv = dtls_QueueMessage(ss, content_handshake,
-                           ss->sec.ci.sendBuf.buf, ss->sec.ci.sendBuf.len);
-
-    /* Whether we succeeded or failed, toss the old handshake data. */
-    ss->sec.ci.sendBuf.len = 0;
-    return rv;
-}
-
-/* Enqueue the handshake message in sendBuf (if any) and then
- * transmit the resulting flight of handshake messages.
- *
- * Called from:
- *              ssl3_FlushHandshake()
- */
-SECStatus
-dtls_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags)
-{
-    SECStatus rv = SECSuccess;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
-
-    rv = dtls_StageHandshakeMessage(ss);
-    if (rv != SECSuccess)
-        return rv;
-
-    if (!(flags & ssl_SEND_FLAG_FORCE_INTO_BUFFER)) {
-        rv = dtls_TransmitMessageFlight(ss);
-        if (rv != SECSuccess)
-            return rv;
-
-        if (!(flags & ssl_SEND_FLAG_NO_RETRANSMIT)) {
-            ss->ssl3.hs.rtRetries = 0;
-            rv = dtls_StartTimer(ss, dtls_RetransmitTimerExpiredCb);
-        }
-    }
-
-    return rv;
-}
-
-/* The callback for when the retransmit timer expires
- *
- * Called from:
- *              dtls_CheckTimer()
- *              dtls_HandleHandshake()
- */
-static void
-dtls_RetransmitTimerExpiredCb(sslSocket *ss)
-{
-    SECStatus rv = SECFailure;
-
-    ss->ssl3.hs.rtRetries++;
-
-    if (!(ss->ssl3.hs.rtRetries % 3)) {
-        /* If one of the messages was potentially greater than > MTU,
-         * then downgrade. Do this every time we have retransmitted a
-         * message twice, per RFC 6347 Sec. 4.1.1 */
-        dtls_SetMTU(ss, ss->ssl3.hs.maxMessageSent - 1);
-    }
-
-    rv = dtls_TransmitMessageFlight(ss);
-    if (rv == SECSuccess) {
-
-        /* Re-arm the timer */
-        rv = dtls_RestartTimer(ss, PR_TRUE, dtls_RetransmitTimerExpiredCb);
-    }
-
-    if (rv == SECFailure) {
-        /* XXX OK for now. In future maybe signal the stack that we couldn't
-         * transmit. For now, let the read handle any real network errors */
-    }
-}
-
-/* Transmit a flight of handshake messages, stuffing them
- * into as few records as seems reasonable
- *
- * Called from:
- *             dtls_FlushHandshake()
- *             dtls_RetransmitTimerExpiredCb()
- */
-static SECStatus
-dtls_TransmitMessageFlight(sslSocket *ss)
-{
-    SECStatus rv = SECSuccess;
-    PRCList *msg_p;
-    PRUint16 room_left = ss->ssl3.mtu;
-    PRInt32 sent;
-
-    ssl_GetXmitBufLock(ss);
-    ssl_GetSpecReadLock(ss);
-
-    /* DTLS does not buffer its handshake messages in
-     * ss->pendingBuf, but rather in the lastMessageFlight
-     * structure. This is just a sanity check that
-     * some programming error hasn't inadvertantly
-     * stuffed something in ss->pendingBuf
-     */
-    PORT_Assert(!ss->pendingBuf.len);
-    for (msg_p = PR_LIST_HEAD(&ss->ssl3.hs.lastMessageFlight);
-         msg_p != &ss->ssl3.hs.lastMessageFlight;
-         msg_p = PR_NEXT_LINK(msg_p)) {
-        DTLSQueuedMessage *msg = (DTLSQueuedMessage *)msg_p;
-
-        /* The logic here is:
-         *
-         * 1. If this is a message that will not fit into the remaining
-         *    space, then flush.
-         * 2. If the message will now fit into the remaining space,
-         *    encrypt, buffer, and loop.
-         * 3. If the message will not fit, then fragment.
-         *
-         * At the end of the function, flush.
-         */
-        if ((msg->len + SSL3_BUFFER_FUDGE) > room_left) {
-            /* The message will not fit into the remaining space, so flush */
-            rv = dtls_SendSavedWriteData(ss);
-            if (rv != SECSuccess)
-                break;
-
-            room_left = ss->ssl3.mtu;
-        }
-
-        if ((msg->len + SSL3_BUFFER_FUDGE) <= room_left) {
-            /* The message will fit, so encrypt and then continue with the
-             * next packet */
-            sent = ssl3_SendRecord(ss, msg->epoch, msg->type,
-                                   msg->data, msg->len,
-                                   ssl_SEND_FLAG_FORCE_INTO_BUFFER |
-                                       ssl_SEND_FLAG_USE_EPOCH);
-            if (sent != msg->len) {
-                rv = SECFailure;
-                if (sent != -1) {
-                    PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-                }
-                break;
-            }
-
-            room_left = ss->ssl3.mtu - ss->pendingBuf.len;
-        } else {
-            /* The message will not fit, so fragment.
-             *
-             * XXX OK for now. Arrange to coalesce the last fragment
-             * of this message with the next message if possible.
-             * That would be more efficient.
-             */
-            PRUint32 fragment_offset = 0;
-            unsigned char fragment[DTLS_MAX_MTU]; /* >= than largest
-                                                   * plausible MTU */
-
-            /* Assert that we have already flushed */
-            PORT_Assert(room_left == ss->ssl3.mtu);
-
-            /* Case 3: We now need to fragment this message
-             * DTLS only supports fragmenting handshaking messages */
-            PORT_Assert(msg->type == content_handshake);
-
-            /* The headers consume 12 bytes so the smalles possible
-             *  message (i.e., an empty one) is 12 bytes
-             */
-            PORT_Assert(msg->len >= 12);
-
-            while ((fragment_offset + 12) < msg->len) {
-                PRUint32 fragment_len;
-                const unsigned char *content = msg->data + 12;
-                PRUint32 content_len = msg->len - 12;
-
-                /* The reason we use 8 here is that that's the length of
-                 * the new DTLS data that we add to the header */
-                fragment_len = PR_MIN((PRUint32)room_left - (SSL3_BUFFER_FUDGE + 8),
-                                      content_len - fragment_offset);
-                PORT_Assert(fragment_len < DTLS_MAX_MTU - 12);
-                /* Make totally sure that we are within the buffer.
-                 * Note that the only way that fragment len could get
-                 * adjusted here is if
-                 *
-                 * (a) we are in release mode so the PORT_Assert is compiled out
-                 * (b) either the MTU table is inconsistent with DTLS_MAX_MTU
-                 * or ss->ssl3.mtu has become corrupt.
-                 */
-                fragment_len = PR_MIN(fragment_len, DTLS_MAX_MTU - 12);
-
-                /* Construct an appropriate-sized fragment */
-                /* Type, length, sequence */
-                PORT_Memcpy(fragment, msg->data, 6);
-
-                /* Offset */
-                fragment[6] = (fragment_offset >> 16) & 0xff;
-                fragment[7] = (fragment_offset >> 8) & 0xff;
-                fragment[8] = (fragment_offset)&0xff;
-
-                /* Fragment length */
-                fragment[9] = (fragment_len >> 16) & 0xff;
-                fragment[10] = (fragment_len >> 8) & 0xff;
-                fragment[11] = (fragment_len)&0xff;
-
-                PORT_Memcpy(fragment + 12, content + fragment_offset,
-                            fragment_len);
-
-                /*
-                 *  Send the record. We do this in two stages
-                 * 1. Encrypt
-                 */
-                sent = ssl3_SendRecord(ss, msg->epoch, msg->type,
-                                       fragment, fragment_len + 12,
-                                       ssl_SEND_FLAG_FORCE_INTO_BUFFER |
-                                           ssl_SEND_FLAG_USE_EPOCH);
-                if (sent != (fragment_len + 12)) {
-                    rv = SECFailure;
-                    if (sent != -1) {
-                        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-                    }
-                    break;
-                }
-
-                /* 2. Flush */
-                rv = dtls_SendSavedWriteData(ss);
-                if (rv != SECSuccess)
-                    break;
-
-                fragment_offset += fragment_len;
-            }
-        }
-    }
-
-    /* Finally, we need to flush */
-    if (rv == SECSuccess)
-        rv = dtls_SendSavedWriteData(ss);
-
-    /* Give up the locks */
-    ssl_ReleaseSpecReadLock(ss);
-    ssl_ReleaseXmitBufLock(ss);
-
-    return rv;
-}
-
-/* Flush the data in the pendingBuf and update the max message sent
- * so we can adjust the MTU estimate if we need to.
- * Wrapper for ssl_SendSavedWriteData.
- *
- * Called from dtls_TransmitMessageFlight()
- */
-static SECStatus
-dtls_SendSavedWriteData(sslSocket *ss)
-{
-    PRInt32 sent;
-
-    sent = ssl_SendSavedWriteData(ss);
-    if (sent < 0)
-        return SECFailure;
-
-    /* We should always have complete writes b/c datagram sockets
-     * don't really block */
-    if (ss->pendingBuf.len > 0) {
-        ssl_MapLowLevelError(SSL_ERROR_SOCKET_WRITE_FAILURE);
-        return SECFailure;
-    }
-
-    /* Update the largest message sent so we can adjust the MTU
-     * estimate if necessary */
-    if (sent > ss->ssl3.hs.maxMessageSent)
-        ss->ssl3.hs.maxMessageSent = sent;
-
-    return SECSuccess;
-}
-
-/* Compress, MAC, encrypt a DTLS record. Allows specification of
- * the epoch using epoch value. If use_epoch is PR_TRUE then
- * we use the provided epoch. If use_epoch is PR_FALSE then
- * whatever the current value is in effect is used.
- *
- * Called from ssl3_SendRecord()
- */
-SECStatus
-dtls_CompressMACEncryptRecord(sslSocket *ss,
-                              DTLSEpoch epoch,
-                              PRBool use_epoch,
-                              SSL3ContentType type,
-                              const SSL3Opaque *pIn,
-                              PRUint32 contentLen,
-                              sslBuffer *wrBuf)
-{
-    SECStatus rv = SECFailure;
-    ssl3CipherSpec *cwSpec;
-
-    ssl_GetSpecReadLock(ss); /********************************/
-
-    /* The reason for this switch-hitting code is that we might have
-     * a flight of records spanning an epoch boundary, e.g.,
-     *
-     * ClientKeyExchange (epoch = 0)
-     * ChangeCipherSpec (epoch = 0)
-     * Finished (epoch = 1)
-     *
-     * Thus, each record needs a different cipher spec. The information
-     * about which epoch to use is carried with the record.
-     */
-    if (use_epoch) {
-        if (ss->ssl3.cwSpec->epoch == epoch)
-            cwSpec = ss->ssl3.cwSpec;
-        else if (ss->ssl3.pwSpec->epoch == epoch)
-            cwSpec = ss->ssl3.pwSpec;
-        else
-            cwSpec = NULL;
-    } else {
-        cwSpec = ss->ssl3.cwSpec;
-    }
-
-    if (cwSpec) {
-        if (ss->ssl3.cwSpec->version < SSL_LIBRARY_VERSION_TLS_1_3) {
-            rv = ssl3_CompressMACEncryptRecord(cwSpec, ss->sec.isServer, PR_TRUE,
-                                               PR_FALSE, type, pIn, contentLen,
-                                               wrBuf);
-        } else {
-            rv = tls13_ProtectRecord(ss, type, pIn, contentLen, wrBuf);
-        }
-    } else {
-        PR_NOT_REACHED("Couldn't find a cipher spec matching epoch");
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-    }
-    ssl_ReleaseSpecReadLock(ss); /************************************/
-
-    return rv;
-}
-
-/* Start a timer
- *
- * Called from:
- *             dtls_HandleHandshake()
- *             dtls_FlushHAndshake()
- *             dtls_RestartTimer()
- */
-SECStatus
-dtls_StartTimer(sslSocket *ss, DTLSTimerCb cb)
-{
-    PORT_Assert(ss->ssl3.hs.rtTimerCb == NULL);
-
-    ss->ssl3.hs.rtTimerStarted = PR_IntervalNow();
-    ss->ssl3.hs.rtTimerCb = cb;
-
-    return SECSuccess;
-}
-
-/* Restart a timer with optional backoff
- *
- * Called from dtls_RetransmitTimerExpiredCb()
- */
-SECStatus
-dtls_RestartTimer(sslSocket *ss, PRBool backoff, DTLSTimerCb cb)
-{
-    if (backoff) {
-        ss->ssl3.hs.rtTimeoutMs *= 2;
-        if (ss->ssl3.hs.rtTimeoutMs > MAX_DTLS_TIMEOUT_MS)
-            ss->ssl3.hs.rtTimeoutMs = MAX_DTLS_TIMEOUT_MS;
-    }
-
-    return dtls_StartTimer(ss, cb);
-}
-
-/* Cancel a pending timer
- *
- * Called from:
- *              dtls_HandleHandshake()
- *              dtls_CheckTimer()
- */
-void
-dtls_CancelTimer(sslSocket *ss)
-{
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-
-    ss->ssl3.hs.rtTimerCb = NULL;
-}
-
-/* Check the pending timer and fire the callback if it expired
- *
- * Called from ssl3_GatherCompleteHandshake()
- */
-void
-dtls_CheckTimer(sslSocket *ss)
-{
-    if (!ss->ssl3.hs.rtTimerCb)
-        return;
-
-    if ((PR_IntervalNow() - ss->ssl3.hs.rtTimerStarted) >
-        PR_MillisecondsToInterval(ss->ssl3.hs.rtTimeoutMs)) {
-        /* Timer has expired */
-        DTLSTimerCb cb = ss->ssl3.hs.rtTimerCb;
-
-        /* Cancel the timer so that we can call the CB safely */
-        dtls_CancelTimer(ss);
-
-        /* Now call the CB */
-        cb(ss);
-    }
-}
-
-/* The callback to fire when the holddown timer for the Finished
- * message expires and we can delete it
- *
- * Called from dtls_CheckTimer()
- */
-void
-dtls_FinishedTimerCb(sslSocket *ss)
-{
-    ssl3_DestroyCipherSpec(ss->ssl3.pwSpec, PR_FALSE);
-}
-
-/* Cancel the Finished hold-down timer and destroy the
- * pending cipher spec. Note that this means that
- * successive rehandshakes will fail if the Finished is
- * lost.
- *
- * XXX OK for now. Figure out how to handle the combination
- * of Finished lost and rehandshake
- */
-void
-dtls_RehandshakeCleanup(sslSocket *ss)
-{
-    dtls_CancelTimer(ss);
-    ssl3_DestroyCipherSpec(ss->ssl3.pwSpec, PR_FALSE);
-    ss->ssl3.hs.sendMessageSeq = 0;
-    ss->ssl3.hs.recvMessageSeq = 0;
-}
-
-/* Set the MTU to the next step less than or equal to the
- * advertised value. Also used to downgrade the MTU by
- * doing dtls_SetMTU(ss, biggest packet set).
- *
- * Passing 0 means set this to the largest MTU known
- * (effectively resetting the PMTU backoff value).
- *
- * Called by:
- *            ssl3_InitState()
- *            dtls_RetransmitTimerExpiredCb()
- */
-void
-dtls_SetMTU(sslSocket *ss, PRUint16 advertised)
-{
-    int i;
-
-    if (advertised == 0) {
-        ss->ssl3.mtu = COMMON_MTU_VALUES[0];
-        SSL_TRC(30, ("Resetting MTU to %d", ss->ssl3.mtu));
-        return;
-    }
-
-    for (i = 0; i < PR_ARRAY_SIZE(COMMON_MTU_VALUES); i++) {
-        if (COMMON_MTU_VALUES[i] <= advertised) {
-            ss->ssl3.mtu = COMMON_MTU_VALUES[i];
-            SSL_TRC(30, ("Resetting MTU to %d", ss->ssl3.mtu));
-            return;
-        }
-    }
-
-    /* Fallback */
-    ss->ssl3.mtu = COMMON_MTU_VALUES[PR_ARRAY_SIZE(COMMON_MTU_VALUES) - 1];
-    SSL_TRC(30, ("Resetting MTU to %d", ss->ssl3.mtu));
-}
-
-/* Called from ssl3_HandleHandshakeMessage() when it has deciphered a
- * DTLS hello_verify_request
- * Caller must hold Handshake and RecvBuf locks.
- */
-SECStatus
-dtls_HandleHelloVerifyRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
-{
-    int errCode = SSL_ERROR_RX_MALFORMED_HELLO_VERIFY_REQUEST;
-    SECStatus rv;
-    PRInt32 temp;
-    SECItem cookie = { siBuffer, NULL, 0 };
-    SSL3AlertDescription desc = illegal_parameter;
-
-    SSL_TRC(3, ("%d: SSL3[%d]: handle hello_verify_request handshake",
-                SSL_GETPID(), ss->fd));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    if (ss->ssl3.hs.ws != wait_server_hello) {
-        errCode = SSL_ERROR_RX_UNEXPECTED_HELLO_VERIFY_REQUEST;
-        desc = unexpected_message;
-        goto alert_loser;
-    }
-
-    /* The version */
-    temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
-    if (temp < 0) {
-        goto loser; /* alert has been sent */
-    }
-
-    if (temp != SSL_LIBRARY_VERSION_DTLS_1_0_WIRE &&
-        temp != SSL_LIBRARY_VERSION_DTLS_1_2_WIRE) {
-        goto alert_loser;
-    }
-
-    /* The cookie */
-    rv = ssl3_ConsumeHandshakeVariable(ss, &cookie, 1, &b, &length);
-    if (rv != SECSuccess) {
-        goto loser; /* alert has been sent */
-    }
-    if (cookie.len > DTLS_COOKIE_BYTES) {
-        desc = decode_error;
-        goto alert_loser; /* malformed. */
-    }
-
-    PORT_Memcpy(ss->ssl3.hs.cookie, cookie.data, cookie.len);
-    ss->ssl3.hs.cookieLen = cookie.len;
-
-    ssl_GetXmitBufLock(ss); /*******************************/
-
-    /* Now re-send the client hello */
-    rv = ssl3_SendClientHello(ss, PR_TRUE);
-
-    ssl_ReleaseXmitBufLock(ss); /*******************************/
-
-    if (rv == SECSuccess)
-        return rv;
-
-alert_loser:
-    (void)SSL3_SendAlert(ss, alert_fatal, desc);
-
-loser:
-    ssl_MapLowLevelError(errCode);
-    return SECFailure;
-}
-
-/* Initialize the DTLS anti-replay window
- *
- * Called from:
- *              ssl3_SetupPendingCipherSpec()
- *              ssl3_InitCipherSpec()
- */
-void
-dtls_InitRecvdRecords(DTLSRecvdRecords *records)
-{
-    PORT_Memset(records->data, 0, sizeof(records->data));
-    records->left = 0;
-    records->right = DTLS_RECVD_RECORDS_WINDOW - 1;
-}
-
-/*
- * Has this DTLS record been received? Return values are:
- * -1 -- out of range to the left
- *  0 -- not received yet
- *  1 -- replay
- *
- *  Called from: ssl3_HandleRecord()
- */
-int
-dtls_RecordGetRecvd(const DTLSRecvdRecords *records, PRUint64 seq)
-{
-    PRUint64 offset;
-
-    /* Out of range to the left */
-    if (seq < records->left) {
-        return -1;
-    }
-
-    /* Out of range to the right; since we advance the window on
-     * receipt, that means that this packet has not been received
-     * yet */
-    if (seq > records->right)
-        return 0;
-
-    offset = seq % DTLS_RECVD_RECORDS_WINDOW;
-
-    return !!(records->data[offset / 8] & (1 << (offset % 8)));
-}
-
-/* Update the DTLS anti-replay window
- *
- * Called from ssl3_HandleRecord()
- */
-void
-dtls_RecordSetRecvd(DTLSRecvdRecords *records, PRUint64 seq)
-{
-    PRUint64 offset;
-
-    if (seq < records->left)
-        return;
-
-    if (seq > records->right) {
-        PRUint64 new_left;
-        PRUint64 new_right;
-        PRUint64 right;
-
-        /* Slide to the right; this is the tricky part
-         *
-         * 1. new_top is set to have room for seq, on the
-         *    next byte boundary by setting the right 8
-         *    bits of seq
-         * 2. new_left is set to compensate.
-         * 3. Zero all bits between top and new_top. Since
-         *    this is a ring, this zeroes everything as-yet
-         *    unseen. Because we always operate on byte
-         *    boundaries, we can zero one byte at a time
-         */
-        new_right = seq | 0x07;
-        new_left = (new_right - DTLS_RECVD_RECORDS_WINDOW) + 1;
-
-        for (right = records->right + 8; right <= new_right; right += 8) {
-            offset = right % DTLS_RECVD_RECORDS_WINDOW;
-            records->data[offset / 8] = 0;
-        }
-
-        records->right = new_right;
-        records->left = new_left;
-    }
-
-    offset = seq % DTLS_RECVD_RECORDS_WINDOW;
-
-    records->data[offset / 8] |= (1 << (offset % 8));
-}
-
-SECStatus
-DTLS_GetHandshakeTimeout(PRFileDesc *socket, PRIntervalTime *timeout)
-{
-    sslSocket *ss = NULL;
-    PRIntervalTime elapsed;
-    PRIntervalTime desired;
-
-    ss = ssl_FindSocket(socket);
-
-    if (!ss)
-        return SECFailure;
-
-    if (!IS_DTLS(ss))
-        return SECFailure;
-
-    if (!ss->ssl3.hs.rtTimerCb)
-        return SECFailure;
-
-    elapsed = PR_IntervalNow() - ss->ssl3.hs.rtTimerStarted;
-    desired = PR_MillisecondsToInterval(ss->ssl3.hs.rtTimeoutMs);
-    if (elapsed > desired) {
-        /* Timer expired */
-        *timeout = PR_INTERVAL_NO_WAIT;
-    } else {
-        *timeout = desired - elapsed;
-    }
-
-    return SECSuccess;
-}
-
-/*
- * DTLS relevance checks:
- * Note that this code currently ignores all out-of-epoch packets,
- * which means we lose some in the case of rehandshake +
- * loss/reordering. Since DTLS is explicitly unreliable, this
- * seems like a good tradeoff for implementation effort and is
- * consistent with the guidance of RFC 6347 Sections 4.1 and 4.2.4.1.
- *
- * If the packet is not relevant, this function returns PR_FALSE.
- * If the packet is relevant, this function returns PR_TRUE
- * and sets |*seqNum| to the packet sequence number.
- */
-PRBool
-dtls_IsRelevant(sslSocket *ss, const ssl3CipherSpec *crSpec,
-                const SSL3Ciphertext *cText, PRUint64 *seqNum)
-{
-    DTLSEpoch epoch = cText->seq_num.high >> 16;
-    PRUint64 dtls_seq_num;
-
-    if (crSpec->epoch != epoch) {
-        SSL_DBG(("%d: SSL3[%d]: dtls_IsRelevant, received packet "
-                 "from irrelevant epoch %d",
-                 SSL_GETPID(), ss->fd, epoch));
-        return PR_FALSE;
-    }
-
-    dtls_seq_num = (((PRUint64)(cText->seq_num.high & 0xffff)) << 32) |
-                   ((PRUint64)cText->seq_num.low);
-
-    if (dtls_RecordGetRecvd(&crSpec->recvdRecords, dtls_seq_num) != 0) {
-        SSL_DBG(("%d: SSL3[%d]: dtls_IsRelevant, rejecting "
-                 "potentially replayed packet",
-                 SSL_GETPID(), ss->fd));
-        return PR_FALSE;
-    }
-
-    *seqNum = dtls_seq_num;
-    return PR_TRUE;
-}
diff --git a/chromium/net/third_party/nss/ssl/manifest.mn b/chromium/net/third_party/nss/ssl/manifest.mn
deleted file mode 100644
index 1366d15e558..00000000000
--- a/chromium/net/third_party/nss/ssl/manifest.mn
+++ /dev/null
@@ -1,55 +0,0 @@
-# 
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-CORE_DEPTH = ../..
-
-# DEFINES = -DTRACE
-
-EXPORTS = \
-	ssl.h \
-	sslt.h \
-	sslerr.h \
-	sslproto.h \
-	preenc.h \
-	$(NULL)
-
-MODULE = nss
-MAPFILE = $(OBJDIR)/ssl.def
-
-CSRCS = \
-	derive.c \
-	dtlscon.c \
-	prelib.c \
-	ssl3con.c \
-	ssl3gthr.c \
-	sslauth.c \
-	sslcon.c \
-	ssldef.c \
-	sslenum.c \
-	sslerr.c \
-	sslerrstrs.c \
-	sslinit.c \
-	ssl3ext.c \
-	sslgathr.c \
-	sslmutex.c \
-	sslnonce.c \
-	sslreveal.c \
-	sslsecur.c \
-	sslsnce.c \
-	sslsock.c \
-	ssltrace.c \
-	sslver.c \
-	authcert.c \
-	cmpcert.c \
-	sslinfo.c \
-	ssl3ecc.c \
-        tls13con.c \
-        tls13hkdf.c \
-	$(NULL)
-
-LIBRARY_NAME = ssl
-LIBRARY_VERSION = 3
-
-# This part of the code, including all sub-dirs, can be optimized for size
-export ALLOW_OPT_CODE_SIZE = 1
diff --git a/chromium/net/third_party/nss/ssl/notes.txt b/chromium/net/third_party/nss/ssl/notes.txt
deleted file mode 100644
index cf514ad20f2..00000000000
--- a/chromium/net/third_party/nss/ssl/notes.txt
+++ /dev/null
@@ -1,134 +0,0 @@
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-SSL's Buffers: enumerated and explained.
-
----------------------------------------------------------------------------
-incoming:
-
-gs = ss->gather
-hs = ss->ssl3->hs
-
-gs->inbuf   SSL3 only: incoming (encrypted) ssl records are placed here,
-        and then decrypted (or copied) to gs->buf.
-
-gs->buf     SSL2: incoming SSL records are put here, and then decrypted
-        in place.
-        SSL3: ssl3_HandleHandshake puts decrypted ssl records here.
-
-hs.msg_body (SSL3 only) When an incoming handshake message spans more
-        than one ssl record, the first part(s) of it are accumulated
-        here until it all arrives.
-
-hs.msgState (SSL3 only) an alternative set of pointers/lengths for gs->buf.
-        Used only when a handleHandshake function returns SECWouldBlock.
-        ssl3_HandleHandshake remembers how far it previously got by
-        using these pointers instead of gs->buf when it is called
-        after a previous SECWouldBlock return.
-
----------------------------------------------------------------------------
-outgoing:
-
-sec = ss->sec
-ci  = ss->sec->ci   /* connect info */
-
-ci->sendBuf Outgoing handshake messages are appended to this buffer.
-        This buffer will then be sent as a single SSL record.
-
-sec->writeBuf   outgoing ssl records are constructed here and encrypted in
-        place before being written or copied to pendingBuf.
-
-ss->pendingBuf  contains outgoing ciphertext that was saved after a write
-        attempt to the socket failed, e.g. EWouldBlock.
-        Generally empty with blocking sockets (should be no incomplete
-        writes).
-
-ss->saveBuf Used only by socks code.  Intended to be used to buffer
-        outgoing data until a socks handshake completes.  However,
-        this buffer is always empty.  There is no code to put
-        anything into it.
-
----------------------------------------------------------------------------
-
-SECWouldBlock means that the function cannot make progress because it is
-waiting for some event OTHER THAN socket I/O completion (e.g. waiting for
-user dialog to finish).  It is not the same as EWOULDBLOCK.
-
----------------------------------------------------------------------------
-
-Rank (order) of locks
-
-recvLock ->\ firstHandshake -> recvbuf -> ssl3Handshake -> xmitbuf -> "spec"
-sendLock ->/
-
-crypto and hash Data that must be protected while turning plaintext into
-ciphertext:
-
-SSL2:   (in ssl2_Send*)
-    sec->hash*
-    sec->hashcx     (ptr and data)
-    sec->enc
-    sec->writecx*   (ptr and content)
-    sec->sendSecret*(ptr and content)
-    sec->sendSequence       locked by xmitBufLock
-    sec->blockSize
-    sec->writeBuf*  (ptr & content) locked by xmitBufLock
-    "in"                locked by xmitBufLock
-
-SSl3:   (in ssl3_SendPlainText)
-    ss->ssl3            (the pointer)
-    ss->ssl3->current_write*    (the pointer and the data in the spec
-                     and any data referenced by the spec.
-
-    ss->sec->isServer
-    ss->sec->writebuf* (ptr & content) locked by xmitBufLock
-    "buf"                  locked by xmitBufLock
-
-crypto and hash data that must be protected while turning ciphertext into
-plaintext:
-
-SSL2:   (in ssl2_GatherData)
-    gs->*               (locked by recvBufLock )
-    sec->dec
-    sec->readcx
-    sec->hash*      (ptr and data)
-    sec->hashcx         (ptr and data)
-
-SSL3:   (in ssl3_HandleRecord )
-    ssl3->current_read* (the pointer and all data refernced)
-    ss->sec->isServer
-
-
-Data that must be protected while being used by a "writer":
-
-ss->pendingBuf.*
-ss->saveBuf.*       (which is dead)
-
-in ssl3_sendPlainText
-
-ss->ssl3->current_write-> (spec)
-ss->sec->writeBuf.*
-ss->sec->isServer
-
-in SendBlock
-
-ss->sec->hash->length
-ss->sec->blockSize
-ss->sec->writeBuf.*
-ss->sec->sendSecret
-ss->sec->sendSequence
-ss->sec->writecx    *
-ss->pendingBuf
-
---------------------------------------------------------------------------
-
-Data variables (not const) protected by the "sslGlobalDataLock".
-Note, this really should be a reader/writer lock.
-
-allowedByPolicy     sslcon.c
-maybeAllowedByPolicy    sslcon.c
-chosenPreference    sslcon.c
-policyWasSet        sslcon.c
-
-cipherSuites[]      ssl3con.c
diff --git a/chromium/net/third_party/nss/ssl/os2_err.c b/chromium/net/third_party/nss/ssl/os2_err.c
deleted file mode 100644
index 6e3d423f49a..00000000000
--- a/chromium/net/third_party/nss/ssl/os2_err.c
+++ /dev/null
@@ -1,330 +0,0 @@
-/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/*
- * This file essentially replicates NSPR's source for the functions that
- * map system-specific error codes to NSPR error codes.  We would use
- * NSPR's functions, instead of duplicating them, but they're private.
- * As long as SSL's server session cache code must do platform native I/O
- * to accomplish its job, and NSPR's error mapping functions remain private,
- * this code will continue to need to be replicated.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "prerror.h"
-#include "prlog.h"
-#include <errno.h>
-
-/*
- * Based on win32err.c
- * OS2TODO Stub everything for now to build. HCT
- */
-
-/* forward declaration. */
-void nss_MD_os2_map_default_error(PRInt32 err);
-
-void
-nss_MD_os2_map_opendir_error(PRInt32 err)
-{
-    nss_MD_os2_map_default_error(err);
-}
-
-void
-nss_MD_os2_map_closedir_error(PRInt32 err)
-{
-    nss_MD_os2_map_default_error(err);
-}
-
-void
-nss_MD_os2_map_readdir_error(PRInt32 err)
-{
-    nss_MD_os2_map_default_error(err);
-}
-
-void
-nss_MD_os2_map_delete_error(PRInt32 err)
-{
-    nss_MD_os2_map_default_error(err);
-}
-
-/* The error code for stat() is in errno. */
-void
-nss_MD_os2_map_stat_error(PRInt32 err)
-{
-    nss_MD_os2_map_default_error(err);
-}
-
-void
-nss_MD_os2_map_fstat_error(PRInt32 err)
-{
-    nss_MD_os2_map_default_error(err);
-}
-
-void
-nss_MD_os2_map_rename_error(PRInt32 err)
-{
-    nss_MD_os2_map_default_error(err);
-}
-
-/* The error code for access() is in errno. */
-void
-nss_MD_os2_map_access_error(PRInt32 err)
-{
-    nss_MD_os2_map_default_error(err);
-}
-
-void
-nss_MD_os2_map_mkdir_error(PRInt32 err)
-{
-    nss_MD_os2_map_default_error(err);
-}
-
-void
-nss_MD_os2_map_rmdir_error(PRInt32 err)
-{
-    nss_MD_os2_map_default_error(err);
-}
-
-void
-nss_MD_os2_map_read_error(PRInt32 err)
-{
-    nss_MD_os2_map_default_error(err);
-}
-
-void
-nss_MD_os2_map_transmitfile_error(PRInt32 err)
-{
-    nss_MD_os2_map_default_error(err);
-}
-
-void
-nss_MD_os2_map_write_error(PRInt32 err)
-{
-    nss_MD_os2_map_default_error(err);
-}
-
-void
-nss_MD_os2_map_lseek_error(PRInt32 err)
-{
-    nss_MD_os2_map_default_error(err);
-}
-
-void
-nss_MD_os2_map_fsync_error(PRInt32 err)
-{
-    nss_MD_os2_map_default_error(err);
-}
-
-/*
- * For both CloseHandle() and closesocket().
- */
-void
-nss_MD_os2_map_close_error(PRInt32 err)
-{
-    nss_MD_os2_map_default_error(err);
-}
-
-void
-nss_MD_os2_map_socket_error(PRInt32 err)
-{
-    //  PR_ASSERT(err != WSANOTINITIALISED);
-    nss_MD_os2_map_default_error(err);
-}
-
-void
-nss_MD_os2_map_recv_error(PRInt32 err)
-{
-    nss_MD_os2_map_default_error(err);
-}
-
-void
-nss_MD_os2_map_recvfrom_error(PRInt32 err)
-{
-    nss_MD_os2_map_default_error(err);
-}
-
-void
-nss_MD_os2_map_send_error(PRInt32 err)
-{
-    PRErrorCode prError;
-    switch (err) {
-        //     case WSAEMSGSIZE:  prError = PR_INVALID_ARGUMENT_ERROR; break;
-        default:
-            nss_MD_os2_map_default_error(err);
-            return;
-    }
-    PR_SetError(prError, err);
-}
-
-void
-nss_MD_os2_map_sendto_error(PRInt32 err)
-{
-    PRErrorCode prError;
-    switch (err) {
-        //    case WSAEMSGSIZE:     prError = PR_INVALID_ARGUMENT_ERROR; break;
-        default:
-            nss_MD_os2_map_default_error(err);
-            return;
-    }
-    PR_SetError(prError, err);
-}
-
-void
-nss_MD_os2_map_accept_error(PRInt32 err)
-{
-    PRErrorCode prError;
-    switch (err) {
-        //    case WSAEOPNOTSUPP: prError = PR_NOT_TCP_SOCKET_ERROR; break;
-        //    case WSAEINVAL:   prError = PR_INVALID_STATE_ERROR; break;
-        default:
-            nss_MD_os2_map_default_error(err);
-            return;
-    }
-    PR_SetError(prError, err);
-}
-
-void
-nss_MD_os2_map_acceptex_error(PRInt32 err)
-{
-    nss_MD_os2_map_default_error(err);
-}
-
-void
-nss_MD_os2_map_connect_error(PRInt32 err)
-{
-    PRErrorCode prError;
-    switch (err) {
-        //    case WSAEWOULDBLOCK: prError = PR_IN_PROGRESS_ERROR; break;
-        //    case WSAEINVAL:   prError = PR_ALREADY_INITIATED_ERROR; break;
-        //    case WSAETIMEDOUT:    prError = PR_IO_TIMEOUT_ERROR; break;
-        default:
-            nss_MD_os2_map_default_error(err);
-            return;
-    }
-    PR_SetError(prError, err);
-}
-
-void
-nss_MD_os2_map_bind_error(PRInt32 err)
-{
-    PRErrorCode prError;
-    switch (err) {
-        //  case WSAEINVAL:     prError = PR_SOCKET_ADDRESS_IS_BOUND_ERROR; break;
-        default:
-            nss_MD_os2_map_default_error(err);
-            return;
-    }
-    PR_SetError(prError, err);
-}
-
-void
-nss_MD_os2_map_listen_error(PRInt32 err)
-{
-    PRErrorCode prError;
-    switch (err) {
-        //    case WSAEOPNOTSUPP: prError = PR_NOT_TCP_SOCKET_ERROR; break;
-        //    case WSAEINVAL:   prError = PR_INVALID_STATE_ERROR; break;
-        default:
-            nss_MD_os2_map_default_error(err);
-            return;
-    }
-    PR_SetError(prError, err);
-}
-
-void
-nss_MD_os2_map_shutdown_error(PRInt32 err)
-{
-    nss_MD_os2_map_default_error(err);
-}
-
-void
-nss_MD_os2_map_getsockname_error(PRInt32 err)
-{
-    PRErrorCode prError;
-    switch (err) {
-        //    case WSAEINVAL:   prError = PR_INVALID_STATE_ERROR; break;
-        default:
-            nss_MD_os2_map_default_error(err);
-            return;
-    }
-    PR_SetError(prError, err);
-}
-
-void
-nss_MD_os2_map_getpeername_error(PRInt32 err)
-{
-    nss_MD_os2_map_default_error(err);
-}
-
-void
-nss_MD_os2_map_getsockopt_error(PRInt32 err)
-{
-    nss_MD_os2_map_default_error(err);
-}
-
-void
-nss_MD_os2_map_setsockopt_error(PRInt32 err)
-{
-    nss_MD_os2_map_default_error(err);
-}
-
-void
-nss_MD_os2_map_open_error(PRInt32 err)
-{
-    nss_MD_os2_map_default_error(err);
-}
-
-void
-nss_MD_os2_map_gethostname_error(PRInt32 err)
-{
-    nss_MD_os2_map_default_error(err);
-}
-
-/* Win32 select() only works on sockets.  So in this
-** context, WSAENOTSOCK is equivalent to EBADF on Unix.
-*/
-void
-nss_MD_os2_map_select_error(PRInt32 err)
-{
-    PRErrorCode prError;
-    switch (err) {
-        //    case WSAENOTSOCK: prError = PR_BAD_DESCRIPTOR_ERROR; break;
-        default:
-            nss_MD_os2_map_default_error(err);
-            return;
-    }
-    PR_SetError(prError, err);
-}
-
-void
-nss_MD_os2_map_lockf_error(PRInt32 err)
-{
-    nss_MD_os2_map_default_error(err);
-}
-
-void
-nss_MD_os2_map_default_error(PRInt32 err)
-{
-    PRErrorCode prError;
-
-    switch (err) {
-//    case ENOENT:      prError = PR_FILE_NOT_FOUND_ERROR; break;
-//    case ERROR_ACCESS_DENIED:     prError = PR_NO_ACCESS_RIGHTS_ERROR; break;
-//    case ERROR_ALREADY_EXISTS:    prError = PR_FILE_EXISTS_ERROR; break;
-//    case ERROR_DISK_CORRUPT:  prError = PR_IO_ERROR; break;
-//    case ERROR_DISK_FULL:     prError = PR_NO_DEVICE_SPACE_ERROR; break;
-//    case ERROR_DISK_OPERATION_FAILED: prError = PR_IO_ERROR; break;
-//    case ERROR_DRIVE_LOCKED:  prError = PR_FILE_IS_LOCKED_ERROR; break;
-//    case ERROR_FILENAME_EXCED_RANGE: prError = PR_NAME_TOO_LONG_ERROR; break;
-//    case ERROR_FILE_CORRUPT:  prError = PR_IO_ERROR; break;
-//    case ERROR_FILE_EXISTS:   prError = PR_FILE_EXISTS_ERROR; break;
-//    case ERROR_FILE_INVALID:  prError = PR_BAD_DESCRIPTOR_ERROR; break;
-#if ERROR_FILE_NOT_FOUND != ENOENT
-//    case ERROR_FILE_NOT_FOUND:    prError = PR_FILE_NOT_FOUND_ERROR; break;
-#endif
-        default:
-            prError = PR_UNKNOWN_ERROR;
-            break;
-    }
-    PR_SetError(prError, err);
-}
diff --git a/chromium/net/third_party/nss/ssl/os2_err.h b/chromium/net/third_party/nss/ssl/os2_err.h
deleted file mode 100644
index 15e47411a13..00000000000
--- a/chromium/net/third_party/nss/ssl/os2_err.h
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * This file essentially replicates NSPR's source for the functions that
- * map system-specific error codes to NSPR error codes.  We would use
- * NSPR's functions, instead of duplicating them, but they're private.
- * As long as SSL's server session cache code must do platform native I/O
- * to accomplish its job, and NSPR's error mapping functions remain private,
- * This code will continue to need to be replicated.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-/*  NSPR doesn't make these functions public, so we have to duplicate
-**  them in NSS.
-*/
-
-//HCT  Based on Win32err.h
-extern void nss_MD_os2_map_accept_error(PRInt32 err);
-extern void nss_MD_os2_map_acceptex_error(PRInt32 err);
-extern void nss_MD_os2_map_access_error(PRInt32 err);
-extern void nss_MD_os2_map_bind_error(PRInt32 err);
-extern void nss_MD_os2_map_close_error(PRInt32 err);
-extern void nss_MD_os2_map_closedir_error(PRInt32 err);
-extern void nss_MD_os2_map_connect_error(PRInt32 err);
-extern void nss_MD_os2_map_default_error(PRInt32 err);
-extern void nss_MD_os2_map_delete_error(PRInt32 err);
-extern void nss_MD_os2_map_fstat_error(PRInt32 err);
-extern void nss_MD_os2_map_fsync_error(PRInt32 err);
-extern void nss_MD_os2_map_gethostname_error(PRInt32 err);
-extern void nss_MD_os2_map_getpeername_error(PRInt32 err);
-extern void nss_MD_os2_map_getsockname_error(PRInt32 err);
-extern void nss_MD_os2_map_getsockopt_error(PRInt32 err);
-extern void nss_MD_os2_map_listen_error(PRInt32 err);
-extern void nss_MD_os2_map_lockf_error(PRInt32 err);
-extern void nss_MD_os2_map_lseek_error(PRInt32 err);
-extern void nss_MD_os2_map_mkdir_error(PRInt32 err);
-extern void nss_MD_os2_map_open_error(PRInt32 err);
-extern void nss_MD_os2_map_opendir_error(PRInt32 err);
-extern void nss_MD_os2_map_read_error(PRInt32 err);
-extern void nss_MD_os2_map_readdir_error(PRInt32 err);
-extern void nss_MD_os2_map_recv_error(PRInt32 err);
-extern void nss_MD_os2_map_recvfrom_error(PRInt32 err);
-extern void nss_MD_os2_map_rename_error(PRInt32 err);
-extern void nss_MD_os2_map_rmdir_error(PRInt32 err);
-extern void nss_MD_os2_map_select_error(PRInt32 err);
-extern void nss_MD_os2_map_send_error(PRInt32 err);
-extern void nss_MD_os2_map_sendto_error(PRInt32 err);
-extern void nss_MD_os2_map_setsockopt_error(PRInt32 err);
-extern void nss_MD_os2_map_shutdown_error(PRInt32 err);
-extern void nss_MD_os2_map_socket_error(PRInt32 err);
-extern void nss_MD_os2_map_stat_error(PRInt32 err);
-extern void nss_MD_os2_map_transmitfile_error(PRInt32 err);
-extern void nss_MD_os2_map_write_error(PRInt32 err);
diff --git a/chromium/net/third_party/nss/ssl/preenc.h b/chromium/net/third_party/nss/ssl/preenc.h
deleted file mode 100644
index bebff89e22c..00000000000
--- a/chromium/net/third_party/nss/ssl/preenc.h
+++ /dev/null
@@ -1,113 +0,0 @@
-/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil -*- */
-
-/*
- * Fortezza support is removed.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-/* Fortezza support is removed.
- * This file remains so that old programs will continue to compile,
- * But this functionality is no longer supported or implemented.
- */
-
-#include "seccomon.h"
-#include "prio.h"
-
-typedef struct PEHeaderStr PEHeader;
-
-#define PE_MIME_TYPE "application/pre-encrypted"
-
-typedef struct PEFortezzaHeaderStr PEFortezzaHeader;
-typedef struct PEFortezzaGeneratedHeaderStr PEFortezzaGeneratedHeader;
-typedef struct PEFixedKeyHeaderStr PEFixedKeyHeader;
-typedef struct PERSAKeyHeaderStr PERSAKeyHeader;
-
-struct PEFortezzaHeaderStr {
-    unsigned char key[12];
-    unsigned char iv[24];
-    unsigned char hash[20];
-    unsigned char serial[8];
-};
-
-struct PEFortezzaGeneratedHeaderStr {
-    unsigned char key[12];
-    unsigned char iv[24];
-    unsigned char hash[20];
-    unsigned char Ra[128];
-    unsigned char Y[128];
-};
-
-struct PEFixedKeyHeaderStr {
-    unsigned char pkcs11Mech[4];
-    unsigned char labelLen[2];
-    unsigned char keyIDLen[2];
-    unsigned char ivLen[2];
-    unsigned char keyLen[2];
-    unsigned char data[1];
-};
-
-struct PERSAKeyHeaderStr {
-    unsigned char pkcs11Mech[4];
-    unsigned char issuerLen[2];
-    unsigned char serialLen[2];
-    unsigned char ivLen[2];
-    unsigned char keyLen[2];
-    unsigned char data[1];
-};
-
-#define PEFIXED_Label(header) (header->data)
-#define PEFIXED_KeyID(header) (&header->data[GetInt2(header->labelLen)])
-#define PEFIXED_IV(header) (&header->data[GetInt2(header->labelLen) + \
-                                          GetInt2(header->keyIDLen)])
-#define PEFIXED_Key(header) (&header->data[GetInt2(header->labelLen) + \
-                                           GetInt2(header->keyIDLen) + \
-                                           GetInt2(header->keyLen)])
-#define PERSA_Issuer(header) (header->data)
-#define PERSA_Serial(header) (&header->data[GetInt2(header->issuerLen)])
-#define PERSA_IV(header) (&header->data[GetInt2(header->issuerLen) + \
-                                        GetInt2(header->serialLen)])
-#define PERSA_Key(header) (&header->data[GetInt2(header->issuerLen) + \
-                                         GetInt2(header->serialLen) + \
-                                         GetInt2(header->keyLen)])
-struct PEHeaderStr {
-    unsigned char magic[2];
-    unsigned char len[2];
-    unsigned char type[2];
-    unsigned char version[2];
-    union {
-        PEFortezzaHeader fortezza;
-        PEFortezzaGeneratedHeader g_fortezza;
-        PEFixedKeyHeader fixed;
-        PERSAKeyHeader rsa;
-    } u;
-};
-
-#define PE_CRYPT_INTRO_LEN 8
-#define PE_INTRO_LEN 4
-#define PE_BASE_HEADER_LEN 8
-
-#define PRE_BLOCK_SIZE 8
-
-#define GetInt2(c) ((c[0] << 8) | c[1])
-#define GetInt4(c) (((unsigned long)c[0] << 24) | ((unsigned long)c[1] << 16) | \
-                    ((unsigned long)c[2] << 8) | ((unsigned long)c[3]))
-#define PutInt2(c, i) ((c[1] = (i)&0xff), (c[0] = ((i) >> 8) & 0xff))
-#define PutInt4(c, i) ((c[0] = ((i) >> 24) & 0xff), (c[1] = ((i) >> 16) & 0xff), \
-                       (c[2] = ((i) >> 8) & 0xff), (c[3] = (i)&0xff))
-
-#define PRE_MAGIC 0xc0de
-#define PRE_VERSION 0x1010
-#define PRE_FORTEZZA_FILE 0x00ff
-#define PRE_FORTEZZA_STREAM 0x00f5
-#define PRE_FORTEZZA_GEN_STREAM 0x00f6
-#define PRE_FIXED_FILE 0x000f
-#define PRE_RSA_FILE 0x001f
-#define PRE_FIXED_STREAM 0x0005
-
-PEHeader *SSL_PreencryptedStreamToFile(PRFileDesc *fd, PEHeader *,
-                                       int *headerSize);
-
-PEHeader *SSL_PreencryptedFileToStream(PRFileDesc *fd, PEHeader *,
-                                       int *headerSize);
diff --git a/chromium/net/third_party/nss/ssl/prelib.c b/chromium/net/third_party/nss/ssl/prelib.c
deleted file mode 100644
index 4db9ffe699d..00000000000
--- a/chromium/net/third_party/nss/ssl/prelib.c
+++ /dev/null
@@ -1,34 +0,0 @@
-/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil -*- */
-
-/*
- * Functions used by https servers to send (download) pre-encrypted files
- * over SSL connections that use Fortezza ciphersuites.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "cert.h"
-#include "ssl.h"
-#include "keyhi.h"
-#include "secitem.h"
-#include "sslimpl.h"
-#include "pkcs11t.h"
-#include "preenc.h"
-#include "pk11func.h"
-
-PEHeader *
-SSL_PreencryptedStreamToFile(PRFileDesc *fd, PEHeader *inHeader,
-                             int *headerSize)
-{
-    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
-    return NULL;
-}
-
-PEHeader *
-SSL_PreencryptedFileToStream(PRFileDesc *fd, PEHeader *header,
-                             int *headerSize)
-{
-    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
-    return NULL;
-}
diff --git a/chromium/net/third_party/nss/ssl/ssl.h b/chromium/net/third_party/nss/ssl/ssl.h
deleted file mode 100644
index de5078b6783..00000000000
--- a/chromium/net/third_party/nss/ssl/ssl.h
+++ /dev/null
@@ -1,1302 +0,0 @@
-/*
- * This file contains prototypes for the public SSL functions.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef __ssl_h_
-#define __ssl_h_
-
-#include "prtypes.h"
-#include "prerror.h"
-#include "prio.h"
-#include "seccomon.h"
-#include "cert.h"
-#include "keyt.h"
-
-#include "sslt.h" /* public ssl data types */
-
-#if defined(_WIN32) && !defined(IN_LIBSSL) && !defined(NSS_USE_STATIC_LIBS)
-#define SSL_IMPORT extern __declspec(dllimport)
-#else
-#define SSL_IMPORT extern
-#endif
-
-SEC_BEGIN_PROTOS
-
-/* constant table enumerating all implemented SSL 2 and 3 cipher suites. */
-SSL_IMPORT const PRUint16 SSL_ImplementedCiphers[];
-
-/* the same as the above, but is a function */
-SSL_IMPORT const PRUint16 *SSL_GetImplementedCiphers(void);
-
-/* number of entries in the above table. */
-SSL_IMPORT const PRUint16 SSL_NumImplementedCiphers;
-
-/* the same as the above, but is a function */
-SSL_IMPORT PRUint16 SSL_GetNumImplementedCiphers(void);
-
-/* Macro to tell which ciphers in table are SSL2 vs SSL3/TLS. */
-#define SSL_IS_SSL2_CIPHER(which) (((which)&0xfff0) == 0xff00)
-
-/*
-** Imports fd into SSL, returning a new socket.  Copies SSL configuration
-** from model.
-*/
-SSL_IMPORT PRFileDesc *SSL_ImportFD(PRFileDesc *model, PRFileDesc *fd);
-
-/*
-** Imports fd into DTLS, returning a new socket.  Copies DTLS configuration
-** from model.
-*/
-SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd);
-
-/*
-** Enable/disable an ssl mode
-**
-**  SSL_SECURITY:
-**    enable/disable use of SSL security protocol before connect
-**
-**  SSL_SOCKS:
-**    enable/disable use of socks before connect
-**    (No longer supported).
-**
-**  SSL_REQUEST_CERTIFICATE:
-**    require a certificate during secure connect
-*/
-/* options */
-#define SSL_SECURITY 1            /* (on by default) */
-#define SSL_SOCKS 2               /* (off by default) */
-#define SSL_REQUEST_CERTIFICATE 3 /* (off by default) */
-#define SSL_HANDSHAKE_AS_CLIENT 5 /* force accept to hs as client */
-                                  /* (off by default) */
-#define SSL_HANDSHAKE_AS_SERVER 6 /* force connect to hs as server */
-                                  /* (off by default) */
-
-/* OBSOLETE: SSL v2 is obsolete and may be removed soon. */
-#define SSL_ENABLE_SSL2 7 /* enable ssl v2 (off by default) */
-
-/* OBSOLETE: See "SSL Version Range API" below for the replacement and a
-** description of the non-obvious semantics of using SSL_ENABLE_SSL3.
-*/
-#define SSL_ENABLE_SSL3 8 /* enable ssl v3 (on by default) */
-
-#define SSL_NO_CACHE 9             /* don't use the session cache */
-                                   /* (off by default) */
-#define SSL_REQUIRE_CERTIFICATE 10 /* (SSL_REQUIRE_FIRST_HANDSHAKE */
-                                   /* by default) */
-#define SSL_ENABLE_FDX 11          /* permit simultaneous read/write */
-                                   /* (off by default) */
-
-/* OBSOLETE: SSL v2 compatible hellos are not accepted by some TLS servers
-** and cannot negotiate extensions. SSL v2 is obsolete. This option may be
-** removed soon.
-*/
-#define SSL_V2_COMPATIBLE_HELLO 12 /* send v3 client hello in v2 fmt */
-                                   /* (off by default) */
-
-/* OBSOLETE: See "SSL Version Range API" below for the replacement and a
-** description of the non-obvious semantics of using SSL_ENABLE_TLS.
-*/
-#define SSL_ENABLE_TLS 13 /* enable TLS (on by default) */
-
-#define SSL_ROLLBACK_DETECTION 14       /* for compatibility, default: on */
-#define SSL_NO_STEP_DOWN 15             /* Disable export cipher suites   */
-                                        /* if step-down keys are needed.  */
-                                        /* default: off, generate         */
-                                        /* step-down keys if needed.      */
-#define SSL_BYPASS_PKCS11 16            /* use PKCS#11 for pub key only   */
-#define SSL_NO_LOCKS 17                 /* Don't use locks for protection */
-#define SSL_ENABLE_SESSION_TICKETS 18   /* Enable TLS SessionTicket       */
-                                        /* extension (off by default)     */
-#define SSL_ENABLE_DEFLATE 19           /* Enable TLS compression with    */
-                                        /* DEFLATE (off by default)       */
-#define SSL_ENABLE_RENEGOTIATION 20     /* Values below (default: never)  */
-#define SSL_REQUIRE_SAFE_NEGOTIATION 21 /* Peer must send Signaling       */
-                                        /* Cipher Suite Value (SCSV) or   */
-                                        /* Renegotiation  Info (RI)       */
-                                        /* extension in ALL handshakes.   */
-                                        /* default: off                   */
-#define SSL_ENABLE_FALSE_START 22       /* Enable SSL false start (off by */
-                                        /* default, applies only to       */
-                                        /* clients). False start is a     */
-/* mode where an SSL client will start sending application data before
- * verifying the server's Finished message. This means that we could end up
- * sending data to an imposter. However, the data will be encrypted and
- * only the true server can derive the session key. Thus, so long as the
- * cipher isn't broken this is safe. The advantage of false start is that
- * it saves a round trip for client-speaks-first protocols when performing a
- * full handshake.
- *
- * In addition to enabling this option, the application must register a
- * callback using the SSL_SetCanFalseStartCallback function.
- */
-
-/* For SSL 3.0 and TLS 1.0, by default we prevent chosen plaintext attacks
- * on SSL CBC mode cipher suites (see RFC 4346 Section F.3) by splitting
- * non-empty application_data records into two records; the first record has
- * only the first byte of plaintext, and the second has the rest.
- *
- * This only prevents the attack in the sending direction; the connection may
- * still be vulnerable to such attacks if the peer does not implement a similar
- * countermeasure.
- *
- * This protection mechanism is on by default; the default can be overridden by
- * setting NSS_SSL_CBC_RANDOM_IV=0 in the environment prior to execution,
- * and/or by the application setting the option SSL_CBC_RANDOM_IV to PR_FALSE.
- *
- * The per-record IV in TLS 1.1 and later adds one block of overhead per
- * record, whereas this hack will add at least two blocks of overhead per
- * record, so TLS 1.1+ will always be more efficient.
- *
- * Other implementations (e.g. some versions of OpenSSL, in some
- * configurations) prevent the same attack by prepending an empty
- * application_data record to every application_data record they send; we do
- * not do that because some implementations cannot handle empty
- * application_data records. Also, we only split application_data records and
- * not other types of records, because some implementations will not accept
- * fragmented records of some other types (e.g. some versions of NSS do not
- * accept fragmented alerts).
- */
-#define SSL_CBC_RANDOM_IV 23
-#define SSL_ENABLE_OCSP_STAPLING 24 /* Request OCSP stapling (client) */
-
-/* SSL_ENABLE_NPN controls whether the NPN extension is enabled for the initial
- * handshake when application layer protocol negotiation is used.
- * SSL_SetNextProtoCallback or SSL_SetNextProtoNego must be used to control the
- * application layer protocol negotiation; otherwise, the NPN extension will
- * not be negotiated. SSL_ENABLE_NPN is currently enabled by default but this
- * may change in future versions.
- */
-#define SSL_ENABLE_NPN 25
-
-/* SSL_ENABLE_ALPN controls whether the ALPN extension is enabled for the
- * initial handshake when application layer protocol negotiation is used.
- * SSL_SetNextProtoNego (not SSL_SetNextProtoCallback) must be used to control
- * the application layer protocol negotiation; otherwise, the ALPN extension
- * will not be negotiated. ALPN is not negotiated for renegotiation handshakes,
- * even though the ALPN specification defines a way to use ALPN during
- * renegotiations. SSL_ENABLE_ALPN is currently disabled by default, but this
- * may change in future versions.
- */
-#define SSL_ENABLE_ALPN 26
-
-/* SSL_REUSE_SERVER_ECDHE_KEY controls whether the ECDHE server key is
- * reused for multiple handshakes or generated each time.
- * SSL_REUSE_SERVER_ECDHE_KEY is currently enabled by default.
- * This socket option is for ECDHE, only. It is unrelated to DHE.
- */
-#define SSL_REUSE_SERVER_ECDHE_KEY 27
-
-#define SSL_ENABLE_FALLBACK_SCSV 28 /* Send fallback SCSV in \
-                                     * handshakes. */
-
-/* SSL_ENABLE_SERVER_DHE controls whether DHE is enabled for the server socket.
- */
-#define SSL_ENABLE_SERVER_DHE 29
-
-/* Use draft-ietf-tls-session-hash. Controls whether we offer the
- * extended_master_secret extension which, when accepted, hashes
- * the handshake transcript into the master secret. This option is
- * disabled by default.
- */
-#define SSL_ENABLE_EXTENDED_MASTER_SECRET 30
-
-/* Request Signed Certificate Timestamps via TLS extension (client) */
-#define SSL_ENABLE_SIGNED_CERT_TIMESTAMPS 31
-
-#ifdef SSL_DEPRECATED_FUNCTION
-/* Old deprecated function names */
-SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on);
-SSL_IMPORT SECStatus SSL_EnableDefault(int option, PRBool on);
-#endif
-
-/* New function names */
-SSL_IMPORT SECStatus SSL_OptionSet(PRFileDesc *fd, PRInt32 option, PRBool on);
-SSL_IMPORT SECStatus SSL_OptionGet(PRFileDesc *fd, PRInt32 option, PRBool *on);
-SSL_IMPORT SECStatus SSL_OptionSetDefault(PRInt32 option, PRBool on);
-SSL_IMPORT SECStatus SSL_OptionGetDefault(PRInt32 option, PRBool *on);
-SSL_IMPORT SECStatus SSL_CertDBHandleSet(PRFileDesc *fd, CERTCertDBHandle *dbHandle);
-
-/* SSLNextProtoCallback is called during the handshake for the client, when a
- * Next Protocol Negotiation (NPN) extension has been received from the server.
- * |protos| and |protosLen| define a buffer which contains the server's
- * advertisement. This data is guaranteed to be well formed per the NPN spec.
- * |protoOut| is a buffer provided by the caller, of length 255 (the maximum
- * allowed by the protocol). On successful return, the protocol to be announced
- * to the server will be in |protoOut| and its length in |*protoOutLen|.
- *
- * The callback must return SECFailure or SECSuccess (not SECWouldBlock).
- */
-typedef SECStatus(PR_CALLBACK *SSLNextProtoCallback)(
-    void *arg,
-    PRFileDesc *fd,
-    const unsigned char *protos,
-    unsigned int protosLen,
-    unsigned char *protoOut,
-    unsigned int *protoOutLen,
-    unsigned int protoMaxOut);
-
-/* SSL_SetNextProtoCallback sets a callback function to handle Next Protocol
- * Negotiation. It causes a client to advertise NPN. */
-SSL_IMPORT SECStatus SSL_SetNextProtoCallback(PRFileDesc *fd,
-                                              SSLNextProtoCallback callback,
-                                              void *arg);
-
-/* SSL_SetNextProtoNego can be used as an alternative to
- * SSL_SetNextProtoCallback. It also causes a client to advertise NPN and
- * installs a default callback function which selects the first supported
- * protocol in server-preference order. If no matching protocol is found it
- * selects the first supported protocol.
- *
- * Using this function also allows the client to transparently support ALPN.
- * The same set of protocols will be advertised via ALPN and, if the server
- * uses ALPN to select a protocol, SSL_GetNextProto will return
- * SSL_NEXT_PROTO_SELECTED as the state.
- *
- * Since NPN uses the first protocol as the fallback protocol, when sending an
- * ALPN extension, the first protocol is moved to the end of the list. This
- * indicates that the fallback protocol is the least preferred. The other
- * protocols should be in preference order.
- *
- * The supported protocols are specified in |data| in wire-format (8-bit
- * length-prefixed). For example: "\010http/1.1\006spdy/2". */
-SSL_IMPORT SECStatus SSL_SetNextProtoNego(PRFileDesc *fd,
-                                          const unsigned char *data,
-                                          unsigned int length);
-
-typedef enum SSLNextProtoState {
-    SSL_NEXT_PROTO_NO_SUPPORT = 0, /* No peer support                */
-    SSL_NEXT_PROTO_NEGOTIATED = 1, /* Mutual agreement               */
-    SSL_NEXT_PROTO_NO_OVERLAP = 2, /* No protocol overlap found      */
-    SSL_NEXT_PROTO_SELECTED = 3    /* Server selected proto (ALPN)   */
-} SSLNextProtoState;
-
-/* SSL_GetNextProto can be used in the HandshakeCallback or any time after
- * a handshake to retrieve the result of the Next Protocol negotiation.
- *
- * The length of the negotiated protocol, if any, is written into *bufLen.
- * If the negotiated protocol is longer than bufLenMax, then SECFailure is
- * returned. Otherwise, the negotiated protocol, if any, is written into buf,
- * and SECSuccess is returned. */
-SSL_IMPORT SECStatus SSL_GetNextProto(PRFileDesc *fd,
-                                      SSLNextProtoState *state,
-                                      unsigned char *buf,
-                                      unsigned int *bufLen,
-                                      unsigned int bufLenMax);
-
-/*
-** Control ciphers that SSL uses. If on is non-zero then the named cipher
-** is enabled, otherwise it is disabled.
-** The "cipher" values are defined in sslproto.h (the SSL_EN_* values).
-** EnableCipher records user preferences.
-** SetPolicy sets the policy according to the policy module.
-*/
-#ifdef SSL_DEPRECATED_FUNCTION
-/* Old deprecated function names */
-SSL_IMPORT SECStatus SSL_EnableCipher(long which, PRBool enabled);
-SSL_IMPORT SECStatus SSL_SetPolicy(long which, int policy);
-#endif
-
-/* New function names */
-SSL_IMPORT SECStatus SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 cipher, PRBool enabled);
-SSL_IMPORT SECStatus SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 cipher, PRBool *enabled);
-SSL_IMPORT SECStatus SSL_CipherPrefSetDefault(PRInt32 cipher, PRBool enabled);
-SSL_IMPORT SECStatus SSL_CipherPrefGetDefault(PRInt32 cipher, PRBool *enabled);
-SSL_IMPORT SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy);
-SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy);
-
-/*
-** Control for TLS signature algorithms for TLS 1.2 only.
-**
-** This governs what signature algorithms are sent by a client in the
-** signature_algorithms extension.  A client will not accept a signature from a
-** server unless it uses an enabled algorithm.
-**
-** This also governs what the server sends in the supported_signature_algorithms
-** field of a CertificateRequest.  It also changes what the server uses to sign
-** ServerKeyExchange: a server uses the first entry from this list that is
-** compatible with the client's advertised signature_algorithms extension and
-** the selected server certificate.
-**
-** Omitting SHA-256 from this list might be foolish.  Support is mandatory in
-** TLS 1.2 and there might be interoperability issues.  For a server, NSS only
-** supports SHA-256 for verifying a TLS 1.2 CertificateVerify.  This list needs
-** to include SHA-256 if client authentication is requested or required, or
-** creating a CertificateRequest will fail.
-*/
-SSL_IMPORT SECStatus SSL_SignaturePrefSet(
-    PRFileDesc *fd, const SSLSignatureAndHashAlg *algorithms,
-    unsigned int count);
-
-/*
-** Get the currently configured signature algorithms.
-**
-** The algorithms are written to |algorithms| but not if there are more than
-** |maxCount| values configured.  The number of algorithms that are in use are
-** written to |count|.  This fails if |maxCount| is insufficiently large.
-*/
-SSL_IMPORT SECStatus SSL_SignaturePrefGet(
-    PRFileDesc *fd, SSLSignatureAndHashAlg *algorithms, unsigned int *count,
-    unsigned int maxCount);
-
-/*
-** Returns the maximum number of signature algorithms that are supported and
-** can be set or retrieved using SSL_SignaturePrefSet or SSL_SignaturePrefGet.
-*/
-SSL_IMPORT unsigned int SSL_SignatureMaxCount();
-
-/* SSL_DHEGroupPrefSet is used to configure the set of allowed/enabled DHE group
-** parameters that can be used by NSS for the given server socket.
-** The first item in the array is used as the default group, if no other
-** selection criteria can be used by NSS.
-** The set is provided as an array of identifiers as defined by SSLDHEGroupType.
-** If more than one group identifier is provided, NSS will select the one to use.
-** For example, a TLS extension sent by the client might indicate a preference.
-*/
-SSL_IMPORT SECStatus SSL_DHEGroupPrefSet(PRFileDesc *fd,
-                                         SSLDHEGroupType *groups,
-                                         PRUint16 num_groups);
-
-/* Enable the use of a DHE group that's smaller than the library default,
-** for backwards compatibility reasons. The DH parameters will be created
-** at the time this function is called, which might take a very long time.
-** The function will block until generation is completed.
-** The intention is to enforce that fresh and safe parameters are generated
-** each time a process is started.
-** At the time this API was initially implemented, the API will enable the
-** use of 1024 bit DHE parameters. This value might get increased in future
-** versions of NSS.
-**
-** It is allowed to call this API will a NULL value for parameter fd,
-** which will prepare the global parameters that NSS will reuse for the remainder
-** of the process lifetime. This can be used early after startup of a process,
-** to avoid a delay when handling incoming client connections.
-** This preparation with a NULL for parameter fd will NOT enable the weak group
-** on sockets. The function needs to be called again for every socket that
-** should use the weak group.
-**
-** It is allowed to use this API in combination with the SSL_DHEGroupPrefSet API.
-** If both APIs have been called, the weakest group will be used,
-** unless it is certain that the client supports larger group parameters.
-** The weak group will be used as the default group, overriding the preference
-** for the first group potentially set with a call to SSL_DHEGroupPrefSet
-** (The first group set using SSL_DHEGroupPrefSet will still be enabled, but
-** it's no longer the default group.)
-*/
-SSL_IMPORT SECStatus SSL_EnableWeakDHEPrimeGroup(PRFileDesc *fd, PRBool enabled);
-
-/* SSL_CipherOrderSet sets the cipher suite preference order from |ciphers|,
- * which must be an array of cipher suite ids of length |len|. All the given
- * cipher suite ids must appear in the array that is returned by
- * |SSL_GetImplementedCiphers| and may only appear once, at most. */
-SSL_IMPORT SECStatus SSL_CipherOrderSet(PRFileDesc *fd, const PRUint16 *ciphers,
-                                        unsigned int len);
-
-/* SSLChannelBindingType enumerates the types of supported channel binding
- * values. See RFC 5929. */
-typedef enum SSLChannelBindingType {
-    SSL_CHANNEL_BINDING_TLS_UNIQUE = 1,
-} SSLChannelBindingType;
-
-/* SSL_GetChannelBinding copies the requested channel binding value, as defined
- * in RFC 5929, into |out|. The full length of the binding value is written
- * into |*outLen|.
- *
- * At most |outLenMax| bytes of data are copied. If |outLenMax| is
- * insufficient then the function returns SECFailure and sets the error to
- * SEC_ERROR_OUTPUT_LEN, but |*outLen| is still set.
- *
- * This call will fail if made during a renegotiation. */
-SSL_IMPORT SECStatus SSL_GetChannelBinding(PRFileDesc *fd,
-                                           SSLChannelBindingType binding_type,
-                                           unsigned char *out,
-                                           unsigned int *outLen,
-                                           unsigned int outLenMax);
-
-/* SSL Version Range API
-**
-** This API should be used to control SSL 3.0 & TLS support instead of the
-** older SSL_Option* API; however, the SSL_Option* API MUST still be used to
-** control SSL 2.0 support. In this version of libssl, SSL 3.0 and TLS 1.0 are
-** enabled by default. Future versions of libssl may change which versions of
-** the protocol are enabled by default.
-**
-** The SSLProtocolVariant enum indicates whether the protocol is of type
-** stream or datagram. This must be provided to the functions that do not
-** take an fd. Functions which take an fd will get the variant from the fd,
-** which is typed.
-**
-** Using the new version range API in conjunction with the older
-** SSL_OptionSet-based API for controlling the enabled protocol versions may
-** cause unexpected results. Going forward, we guarantee only the following:
-**
-** SSL_OptionGet(SSL_ENABLE_TLS) will return PR_TRUE if *ANY* versions of TLS
-** are enabled.
-**
-** SSL_OptionSet(SSL_ENABLE_TLS, PR_FALSE) will disable *ALL* versions of TLS,
-** including TLS 1.0 and later.
-**
-** The above two properties provide compatibility for applications that use
-** SSL_OptionSet to implement the insecure fallback from TLS 1.x to SSL 3.0.
-**
-** SSL_OptionSet(SSL_ENABLE_TLS, PR_TRUE) will enable TLS 1.0, and may also
-** enable some later versions of TLS, if it is necessary to do so in order to
-** keep the set of enabled versions contiguous. For example, if TLS 1.2 is
-** enabled, then after SSL_OptionSet(SSL_ENABLE_TLS, PR_TRUE), TLS 1.0,
-** TLS 1.1, and TLS 1.2 will be enabled, and the call will have no effect on
-** whether SSL 3.0 is enabled. If no later versions of TLS are enabled at the
-** time SSL_OptionSet(SSL_ENABLE_TLS, PR_TRUE) is called, then no later
-** versions of TLS will be enabled by the call.
-**
-** SSL_OptionSet(SSL_ENABLE_SSL3, PR_FALSE) will disable SSL 3.0, and will not
-** change the set of TLS versions that are enabled.
-**
-** SSL_OptionSet(SSL_ENABLE_SSL3, PR_TRUE) will enable SSL 3.0, and may also
-** enable some versions of TLS if TLS 1.1 or later is enabled at the time of
-** the call, the same way SSL_OptionSet(SSL_ENABLE_TLS, PR_TRUE) works, in
-** order to keep the set of enabled versions contiguous.
-*/
-
-/* Returns, in |*vrange|, the range of SSL3/TLS versions supported for the
-** given protocol variant by the version of libssl linked-to at runtime.
-*/
-SSL_IMPORT SECStatus SSL_VersionRangeGetSupported(
-    SSLProtocolVariant protocolVariant, SSLVersionRange *vrange);
-
-/* Returns, in |*vrange|, the range of SSL3/TLS versions enabled by default
-** for the given protocol variant.
-*/
-SSL_IMPORT SECStatus SSL_VersionRangeGetDefault(
-    SSLProtocolVariant protocolVariant, SSLVersionRange *vrange);
-
-/* Sets the range of enabled-by-default SSL3/TLS versions for the given
-** protocol variant to |*vrange|.
-*/
-SSL_IMPORT SECStatus SSL_VersionRangeSetDefault(
-    SSLProtocolVariant protocolVariant, const SSLVersionRange *vrange);
-
-/* Returns, in |*vrange|, the range of enabled SSL3/TLS versions for |fd|. */
-SSL_IMPORT SECStatus SSL_VersionRangeGet(PRFileDesc *fd,
-                                         SSLVersionRange *vrange);
-
-/* Sets the range of enabled SSL3/TLS versions for |fd| to |*vrange|. */
-SSL_IMPORT SECStatus SSL_VersionRangeSet(PRFileDesc *fd,
-                                         const SSLVersionRange *vrange);
-
-/* Sets the version to check the server random against for the
- * fallback check defined in [draft-ietf-tls-tls13-11 Section 6.3.1.1].
- * This function is provided to allow for detection of forced downgrade
- * attacks against client-side reconnect-and-fallback outside of TLS
- * by setting |version| to be that of the original connection, rather
- * than that of the new connection.
- *
- * The default, which can also be enabled by setting |version| to
- * zero, is just to check against the max version in the
- * version range (see SSL_VersionRangeSet). */
-SSL_IMPORT SECStatus SSL_SetDowngradeCheckVersion(PRFileDesc *fd,
-                                                  PRUint16 version);
-
-/* Values for "policy" argument to SSL_CipherPolicySet */
-/* Values returned by SSL_CipherPolicyGet. */
-#define SSL_NOT_ALLOWED 0 /* or invalid or unimplemented */
-#define SSL_ALLOWED 1
-#define SSL_RESTRICTED 2 /* only with "Step-Up" certs. */
-
-/* Values for "on" with SSL_REQUIRE_CERTIFICATE. */
-#define SSL_REQUIRE_NEVER ((PRBool)0)
-#define SSL_REQUIRE_ALWAYS ((PRBool)1)
-#define SSL_REQUIRE_FIRST_HANDSHAKE ((PRBool)2)
-#define SSL_REQUIRE_NO_ERROR ((PRBool)3)
-
-/* Values for "on" with SSL_ENABLE_RENEGOTIATION */
-/* Never renegotiate at all.                                               */
-#define SSL_RENEGOTIATE_NEVER ((PRBool)0)
-/* Renegotiate without restriction, whether or not the peer's client hello */
-/* bears the renegotiation info extension.  Vulnerable, as in the past.    */
-#define SSL_RENEGOTIATE_UNRESTRICTED ((PRBool)1)
-/* Only renegotiate if the peer's hello bears the TLS renegotiation_info   */
-/* extension. This is safe renegotiation.                                  */
-#define SSL_RENEGOTIATE_REQUIRES_XTN ((PRBool)2)
-/* Disallow unsafe renegotiation in server sockets only, but allow clients */
-/* to continue to renegotiate with vulnerable servers.                     */
-/* This value should only be used during the transition period when few    */
-/* servers have been upgraded.                                             */
-#define SSL_RENEGOTIATE_TRANSITIONAL ((PRBool)3)
-
-/*
-** Reset the handshake state for fd. This will make the complete SSL
-** handshake protocol execute from the ground up on the next i/o
-** operation.
-*/
-SSL_IMPORT SECStatus SSL_ResetHandshake(PRFileDesc *fd, PRBool asServer);
-
-/*
-** Force the handshake for fd to complete immediately.  This blocks until
-** the complete SSL handshake protocol is finished.
-*/
-SSL_IMPORT SECStatus SSL_ForceHandshake(PRFileDesc *fd);
-
-/*
-** Same as above, but with an I/O timeout.
- */
-SSL_IMPORT SECStatus SSL_ForceHandshakeWithTimeout(PRFileDesc *fd,
-                                                   PRIntervalTime timeout);
-
-SSL_IMPORT SECStatus SSL_RestartHandshakeAfterCertReq(PRFileDesc *fd,
-                                                      CERTCertificate *cert,
-                                                      SECKEYPrivateKey *key,
-                                                      CERTCertificateList *certChain);
-
-/*
-** Query security status of socket. *on is set to one if security is
-** enabled. *keySize will contain the stream key size used. *issuer will
-** contain the RFC1485 verison of the name of the issuer of the
-** certificate at the other end of the connection. For a client, this is
-** the issuer of the server's certificate; for a server, this is the
-** issuer of the client's certificate (if any). Subject is the subject of
-** the other end's certificate. The pointers can be zero if the desired
-** data is not needed.  All strings returned by this function are owned
-** by the caller, and need to be freed with PORT_Free.
-*/
-SSL_IMPORT SECStatus SSL_SecurityStatus(PRFileDesc *fd, int *on, char **cipher,
-                                        int *keySize, int *secretKeySize,
-                                        char **issuer, char **subject);
-
-/* Values for "on" */
-#define SSL_SECURITY_STATUS_NOOPT -1
-#define SSL_SECURITY_STATUS_OFF 0
-#define SSL_SECURITY_STATUS_ON_HIGH 1
-#define SSL_SECURITY_STATUS_ON_LOW 2
-#define SSL_SECURITY_STATUS_FORTEZZA 3 /* NO LONGER SUPPORTED */
-
-/*
-** Return the certificate for our SSL peer. If the client calls this
-** it will always return the server's certificate. If the server calls
-** this, it may return NULL if client authentication is not enabled or
-** if the client had no certificate when asked.
-**  "fd" the socket "file" descriptor
-*/
-SSL_IMPORT CERTCertificate *SSL_PeerCertificate(PRFileDesc *fd);
-
-/*
-** Return the certificates presented by the SSL peer. If the SSL peer
-** did not present certificates, return NULL with the
-** SSL_ERROR_NO_CERTIFICATE error. On failure, return NULL with an error
-** code other than SSL_ERROR_NO_CERTIFICATE.
-**  "fd" the socket "file" descriptor
-*/
-SSL_IMPORT CERTCertList *SSL_PeerCertificateChain(PRFileDesc *fd);
-
-/* SSL_PeerStapledOCSPResponses returns the OCSP responses that were provided
- * by the TLS server. The return value is a pointer to an internal SECItemArray
- * that contains the returned OCSP responses; it is only valid until the
- * callback function that calls SSL_PeerStapledOCSPResponses returns.
- *
- * If no OCSP responses were given by the server then the result will be empty.
- * If there was an error, then the result will be NULL.
- *
- * You must set the SSL_ENABLE_OCSP_STAPLING option to enable OCSP stapling.
- * to be provided by a server.
- *
- * libssl does not do any validation of the OCSP response itself; the
- * authenticate certificate hook is responsible for doing so. The default
- * authenticate certificate hook, SSL_AuthCertificate, does not implement
- * any OCSP stapling funtionality, but this may change in future versions.
- */
-SSL_IMPORT const SECItemArray *SSL_PeerStapledOCSPResponses(PRFileDesc *fd);
-
-/* SSL_PeerSignedCertTimestamps returns the signed_certificate_timestamp
- * extension data provided by the TLS server. The return value is a pointer
- * to an internal SECItem that contains the returned response (as a serialized
- * SignedCertificateTimestampList, see RFC 6962). The returned pointer is only
- * valid until the callback function that calls SSL_PeerSignedCertTimestamps
- * (e.g. the authenticate certificate hook, or the handshake callback) returns.
- *
- * If no Signed Certificate Timestamps were given by the server then the result
- * will be empty. If there was an error, then the result will be NULL.
- *
- * You must set the SSL_ENABLE_SIGNED_CERT_TIMESTAMPS option to indicate support
- * for Signed Certificate Timestamps to a server.
- *
- * libssl does not do any parsing or validation of the response itself.
- */
-SSL_IMPORT const SECItem *SSL_PeerSignedCertTimestamps(PRFileDesc *fd);
-
-/* SSL_SetStapledOCSPResponses stores an array of one or multiple OCSP responses
- * in the fd's data, which may be sent as part of a server side cert_status
- * handshake message. Parameter |responses| is for the server certificate of
- * the key exchange type |kea|.
- * The function will duplicate the responses array.
- */
-SSL_IMPORT SECStatus
-SSL_SetStapledOCSPResponses(PRFileDesc *fd, const SECItemArray *responses,
-                            SSLKEAType kea);
-
-/*
- * SSL_SetSignedCertTimestamps stores serialized signed_certificate_timestamp
- * extension data in the fd. The signed_certificate_timestamp data is sent
- * during the handshake (if requested by the client). Parameter |scts|
- * is for the server certificate of the key exchange type |kea|.
- * The function will duplicate the provided data item. To clear previously
- * set data for a given key exchange type |kea|, pass NULL to |scts|.
- */
-SSL_IMPORT SECStatus
-SSL_SetSignedCertTimestamps(PRFileDesc *fd, const SECItem *scts,
-                            SSLKEAType kea);
-
-/*
-** Authenticate certificate hook. Called when a certificate comes in
-** (because of SSL_REQUIRE_CERTIFICATE in SSL_Enable) to authenticate the
-** certificate.
-**
-** The authenticate certificate hook must return SECSuccess to indicate the
-** certificate is valid, SECFailure to indicate the certificate is invalid,
-** or SECWouldBlock if the application will authenticate the certificate
-** asynchronously. SECWouldBlock is only supported for non-blocking sockets.
-**
-** If the authenticate certificate hook returns SECFailure, then the bad cert
-** hook will be called. The bad cert handler is NEVER called if the
-** authenticate certificate hook returns SECWouldBlock. If the application
-** needs to handle and/or override a bad cert, it should do so before it
-** calls SSL_AuthCertificateComplete (modifying the error it passes to
-** SSL_AuthCertificateComplete as needed).
-**
-** See the documentation for SSL_AuthCertificateComplete for more information
-** about the asynchronous behavior that occurs when the authenticate
-** certificate hook returns SECWouldBlock.
-**
-** RFC 6066 says that clients should send the bad_certificate_status_response
-** alert when they encounter an error processing the stapled OCSP response.
-** libssl does not provide a way for the authenticate certificate hook to
-** indicate that an OCSP error (SEC_ERROR_OCSP_*) that it returns is an error
-** in the stapled OCSP response or an error in some other OCSP response.
-** Further, NSS does not provide a convenient way to control or determine
-** which OCSP response(s) were used to validate a certificate chain.
-** Consequently, the current version of libssl does not ever send the
-** bad_certificate_status_response alert. This may change in future releases.
-*/
-typedef SECStatus(PR_CALLBACK *SSLAuthCertificate)(void *arg, PRFileDesc *fd,
-                                                   PRBool checkSig,
-                                                   PRBool isServer);
-
-SSL_IMPORT SECStatus SSL_AuthCertificateHook(PRFileDesc *fd,
-                                             SSLAuthCertificate f,
-                                             void *arg);
-
-/* An implementation of the certificate authentication hook */
-SSL_IMPORT SECStatus SSL_AuthCertificate(void *arg, PRFileDesc *fd,
-                                         PRBool checkSig, PRBool isServer);
-
-/*
- * Prototype for SSL callback to get client auth data from the application.
- *  arg - application passed argument
- *  caNames - pointer to distinguished names of CAs that the server likes
- *  pRetCert - pointer to pointer to cert, for return of cert
- *  pRetKey - pointer to key pointer, for return of key
- */
-typedef SECStatus(PR_CALLBACK *SSLGetClientAuthData)(void *arg,
-                                                     PRFileDesc *fd,
-                                                     CERTDistNames *caNames,
-                                                     CERTCertificate **pRetCert,  /*return */
-                                                     SECKEYPrivateKey **pRetKey); /* return */
-
-/*
- * Set the client side callback for SSL to retrieve user's private key
- * and certificate.
- *  fd - the file descriptor for the connection in question
- *  f - the application's callback that delivers the key and cert
- *  a - application specific data
- */
-SSL_IMPORT SECStatus SSL_GetClientAuthDataHook(PRFileDesc *fd,
-                                               SSLGetClientAuthData f, void *a);
-
-/*
-** SNI extension processing callback function.
-** It is called when SSL socket receives SNI extension in ClientHello message.
-** Upon this callback invocation, application is responsible to reconfigure the
-** socket with the data for a particular server name.
-** There are three potential outcomes of this function invocation:
-**    * application does not recognize the name or the type and wants the
-**    "unrecognized_name" alert be sent to the client. In this case the callback
-**    function must return SSL_SNI_SEND_ALERT status.
-**    * application does not recognize  the name, but wants to continue with
-**    the handshake using the current socket configuration. In this case,
-**    no socket reconfiguration is needed and the function should return
-**    SSL_SNI_CURRENT_CONFIG_IS_USED.
-**    * application recognizes the name and reconfigures the socket with
-**    appropriate certs, key, etc. There are many ways to reconfigure. NSS
-**    provides SSL_ReconfigFD function that can be used to update the socket
-**    data from model socket. To continue with the rest of the handshake, the
-**    implementation function should return an index of a name it has chosen.
-** LibSSL will ignore any SNI extension received in a ClientHello message
-** if application does not register a SSLSNISocketConfig callback.
-** Each type field of SECItem indicates the name type.
-** NOTE: currently RFC3546 defines only one name type: sni_host_name.
-** Client is allowed to send only one name per known type. LibSSL will
-** send an "unrecognized_name" alert if SNI extension name list contains more
-** then one name of a type.
-*/
-typedef PRInt32(PR_CALLBACK *SSLSNISocketConfig)(PRFileDesc *fd,
-                                                 const SECItem *srvNameArr,
-                                                 PRUint32 srvNameArrSize,
-                                                 void *arg);
-
-/*
-** SSLSNISocketConfig should return an index within 0 and srvNameArrSize-1
-** when it has reconfigured the socket fd to use certs and keys, etc
-** for a specific name. There are two other allowed return values. One
-** tells libSSL to use the default cert and key.  The other tells libSSL
-** to send the "unrecognized_name" alert.  These values are:
-**/
-#define SSL_SNI_CURRENT_CONFIG_IS_USED -1
-#define SSL_SNI_SEND_ALERT -2
-
-/*
-** Set application implemented SNISocketConfig callback.
-*/
-SSL_IMPORT SECStatus SSL_SNISocketConfigHook(PRFileDesc *fd,
-                                             SSLSNISocketConfig f,
-                                             void *arg);
-
-/*
-** Reconfigure fd SSL socket with model socket parameters. Sets
-** server certs and keys, list of trust anchor, socket options
-** and all SSL socket call backs and parameters.
-*/
-SSL_IMPORT PRFileDesc *SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd);
-
-/*
- * Set the client side argument for SSL to retrieve PKCS #11 pin.
- *  fd - the file descriptor for the connection in question
- *  a - pkcs11 application specific data
- */
-SSL_IMPORT SECStatus SSL_SetPKCS11PinArg(PRFileDesc *fd, void *a);
-
-/*
-** This is a callback for dealing with server certs that are not authenticated
-** by the client.  The client app can decide that it actually likes the
-** cert by some external means and restart the connection.
-**
-** The bad cert hook must return SECSuccess to override the result of the
-** authenticate certificate hook, SECFailure if the certificate should still be
-** considered invalid, or SECWouldBlock if the application will authenticate
-** the certificate asynchronously. SECWouldBlock is only supported for
-** non-blocking sockets.
-**
-** See the documentation for SSL_AuthCertificateComplete for more information
-** about the asynchronous behavior that occurs when the bad cert hook returns
-** SECWouldBlock.
-*/
-typedef SECStatus(PR_CALLBACK *SSLBadCertHandler)(void *arg, PRFileDesc *fd);
-SSL_IMPORT SECStatus SSL_BadCertHook(PRFileDesc *fd, SSLBadCertHandler f,
-                                     void *arg);
-
-/*
-** Configure SSL socket for running a secure server. Needs the
-** certificate for the server and the servers private key. The arguments
-** are copied.
-*/
-SSL_IMPORT SECStatus SSL_ConfigSecureServer(
-    PRFileDesc *fd, CERTCertificate *cert,
-    SECKEYPrivateKey *key, SSLKEAType kea);
-
-/*
-** Allows SSL socket configuration with caller-supplied certificate chain.
-** If certChainOpt is NULL, tries to find one.
-*/
-SSL_IMPORT SECStatus
-SSL_ConfigSecureServerWithCertChain(PRFileDesc *fd, CERTCertificate *cert,
-                                    const CERTCertificateList *certChainOpt,
-                                    SECKEYPrivateKey *key, SSLKEAType kea);
-
-/*
-** Configure a secure server's session-id cache. Define the maximum number
-** of entries in the cache, the longevity of the entires, and the directory
-** where the cache files will be placed.  These values can be zero, and
-** if so, the implementation will choose defaults.
-** This version of the function is for use in applications that have only one
-** process that uses the cache (even if that process has multiple threads).
-*/
-SSL_IMPORT SECStatus SSL_ConfigServerSessionIDCache(int maxCacheEntries,
-                                                    PRUint32 timeout,
-                                                    PRUint32 ssl3_timeout,
-                                                    const char *directory);
-
-/* Configure a secure server's session-id cache. Depends on value of
- * enableMPCache, configures malti-proc or single proc cache. */
-SSL_IMPORT SECStatus SSL_ConfigServerSessionIDCacheWithOpt(
-    PRUint32 timeout,
-    PRUint32 ssl3_timeout,
-    const char *directory,
-    int maxCacheEntries,
-    int maxCertCacheEntries,
-    int maxSrvNameCacheEntries,
-    PRBool enableMPCache);
-
-/*
-** Like SSL_ConfigServerSessionIDCache, with one important difference.
-** If the application will run multiple processes (as opposed to, or in
-** addition to multiple threads), then it must call this function, instead
-** of calling SSL_ConfigServerSessionIDCache().
-** This has nothing to do with the number of processORs, only processEs.
-** This function sets up a Server Session ID (SID) cache that is safe for
-** access by multiple processes on the same system.
-*/
-SSL_IMPORT SECStatus SSL_ConfigMPServerSIDCache(int maxCacheEntries,
-                                                PRUint32 timeout,
-                                                PRUint32 ssl3_timeout,
-                                                const char *directory);
-
-/* Get and set the configured maximum number of mutexes used for the
-** server's store of SSL sessions.  This value is used by the server
-** session ID cache initialization functions shown above.  Note that on
-** some platforms, these mutexes are actually implemented with POSIX
-** semaphores, or with unnamed pipes.  The default value varies by platform.
-** An attempt to set a too-low maximum will return an error and the
-** configured value will not be changed.
-*/
-SSL_IMPORT PRUint32 SSL_GetMaxServerCacheLocks(void);
-SSL_IMPORT SECStatus SSL_SetMaxServerCacheLocks(PRUint32 maxLocks);
-
-/* environment variable set by SSL_ConfigMPServerSIDCache, and queried by
- * SSL_InheritMPServerSIDCache when envString is NULL.
- */
-#define SSL_ENV_VAR_NAME "SSL_INHERITANCE"
-
-/* called in child to inherit SID Cache variables.
- * If envString is NULL, this function will use the value of the environment
- * variable "SSL_INHERITANCE", otherwise the string value passed in will be
- * used.
- */
-SSL_IMPORT SECStatus SSL_InheritMPServerSIDCache(const char *envString);
-
-/*
-** Set the callback that gets called when a TLS handshake is complete. The
-** handshake callback is called after verifying the peer's Finished message and
-** before processing incoming application data.
-**
-** For the initial handshake: If the handshake false started (see
-** SSL_ENABLE_FALSE_START), then application data may already have been sent
-** before the handshake callback is called. If we did not false start then the
-** callback will get called before any application data is sent.
-*/
-typedef void(PR_CALLBACK *SSLHandshakeCallback)(PRFileDesc *fd,
-                                                void *client_data);
-SSL_IMPORT SECStatus SSL_HandshakeCallback(PRFileDesc *fd,
-                                           SSLHandshakeCallback cb, void *client_data);
-
-/* Applications that wish to enable TLS false start must set this callback
-** function. NSS will invoke the functon to determine if a particular
-** connection should use false start or not. SECSuccess indicates that the
-** callback completed successfully, and if so *canFalseStart indicates if false
-** start can be used. If the callback does not return SECSuccess then the
-** handshake will be canceled. NSS's recommended criteria can be evaluated by
-** calling SSL_RecommendedCanFalseStart.
-**
-** If no false start callback is registered then false start will never be
-** done, even if the SSL_ENABLE_FALSE_START option is enabled.
-**/
-typedef SECStatus(PR_CALLBACK *SSLCanFalseStartCallback)(
-    PRFileDesc *fd, void *arg, PRBool *canFalseStart);
-
-SSL_IMPORT SECStatus SSL_SetCanFalseStartCallback(
-    PRFileDesc *fd, SSLCanFalseStartCallback callback, void *arg);
-
-/* This function sets *canFalseStart according to the recommended criteria for
-** false start. These criteria may change from release to release and may depend
-** on which handshake features have been negotiated and/or properties of the
-** certifciates/keys used on the connection.
-*/
-SSL_IMPORT SECStatus SSL_RecommendedCanFalseStart(PRFileDesc *fd,
-                                                  PRBool *canFalseStart);
-
-/*
-** For the server, request a new handshake.  For the client, begin a new
-** handshake.  If flushCache is non-zero, the SSL3 cache entry will be
-** flushed first, ensuring that a full SSL handshake will be done.
-** If flushCache is zero, and an SSL connection is established, it will
-** do the much faster session restart handshake.  This will change the
-** session keys without doing another private key operation.
-*/
-SSL_IMPORT SECStatus SSL_ReHandshake(PRFileDesc *fd, PRBool flushCache);
-
-/*
-** Same as above, but with an I/O timeout.
- */
-SSL_IMPORT SECStatus SSL_ReHandshakeWithTimeout(PRFileDesc *fd,
-                                                PRBool flushCache,
-                                                PRIntervalTime timeout);
-
-/* Returns a SECItem containing the certificate_types field of the
-** CertificateRequest message.  Each byte of the data is a TLS
-** ClientCertificateType value, and they are ordered from most preferred to
-** least.  This function should only be called from the
-** SSL_GetClientAuthDataHook callback, and will return NULL if called at any
-** other time.  The returned value is valid only until the callback returns, and
-** should not be freed.
-*/
-SSL_IMPORT const SECItem *
-SSL_GetRequestedClientCertificateTypes(PRFileDesc *fd);
-
-#ifdef SSL_DEPRECATED_FUNCTION
-/* deprecated!
-** For the server, request a new handshake.  For the client, begin a new
-** handshake.  Flushes SSL3 session cache entry first, ensuring that a
-** full handshake will be done.
-** This call is equivalent to SSL_ReHandshake(fd, PR_TRUE)
-*/
-SSL_IMPORT SECStatus SSL_RedoHandshake(PRFileDesc *fd);
-#endif
-
-/*
- * Allow the application to pass a URL or hostname into the SSL library.
- */
-SSL_IMPORT SECStatus SSL_SetURL(PRFileDesc *fd, const char *url);
-
-/*
- * Allow an application to define a set of trust anchors for peer
- * cert validation.
- */
-SSL_IMPORT SECStatus SSL_SetTrustAnchors(PRFileDesc *fd, CERTCertList *list);
-
-/*
-** Return the number of bytes that SSL has waiting in internal buffers.
-** Return 0 if security is not enabled.
-*/
-SSL_IMPORT int SSL_DataPending(PRFileDesc *fd);
-
-/*
-** Invalidate the SSL session associated with fd.
-*/
-SSL_IMPORT SECStatus SSL_InvalidateSession(PRFileDesc *fd);
-
-/*
-** Cache the SSL session associated with fd, if it has not already been cached.
-*/
-SSL_IMPORT SECStatus SSL_CacheSession(PRFileDesc *fd);
-
-/*
-** Cache the SSL session associated with fd, if it has not already been cached.
-** This function may only be called when processing within a callback assigned
-** via SSL_HandshakeCallback
-*/
-SSL_IMPORT SECStatus SSL_CacheSessionUnlocked(PRFileDesc *fd);
-
-/*
-** Return a SECItem containing the SSL session ID associated with the fd.
-*/
-SSL_IMPORT SECItem *SSL_GetSessionID(PRFileDesc *fd);
-
-/*
-** Clear out the client's SSL session cache, not the server's session cache.
-*/
-SSL_IMPORT void SSL_ClearSessionCache(void);
-
-/*
-** Close the server's SSL session cache.
-*/
-SSL_IMPORT SECStatus SSL_ShutdownServerSessionIDCache(void);
-
-/*
-** Set peer information so we can correctly look up SSL session later.
-** You only have to do this if you're tunneling through a proxy.
-*/
-SSL_IMPORT SECStatus SSL_SetSockPeerID(PRFileDesc *fd, const char *peerID);
-
-/*
-** Reveal the security information for the peer.
-*/
-SSL_IMPORT CERTCertificate *SSL_RevealCert(PRFileDesc *socket);
-SSL_IMPORT void *SSL_RevealPinArg(PRFileDesc *socket);
-SSL_IMPORT char *SSL_RevealURL(PRFileDesc *socket);
-
-/* This callback may be passed to the SSL library via a call to
- * SSL_GetClientAuthDataHook() for each SSL client socket.
- * It will be invoked when SSL needs to know what certificate and private key
- * (if any) to use to respond to a request for client authentication.
- * If arg is non-NULL, it is a pointer to a NULL-terminated string containing
- * the nickname of the cert/key pair to use.
- * If arg is NULL, this function will search the cert and key databases for
- * a suitable match and send it if one is found.
- */
-SSL_IMPORT SECStatus
-NSS_GetClientAuthData(void *arg,
-                      PRFileDesc *socket,
-                      struct CERTDistNamesStr *caNames,
-                      struct CERTCertificateStr **pRetCert,
-                      struct SECKEYPrivateKeyStr **pRetKey);
-
-/*
-** Configure DTLS-SRTP (RFC 5764) cipher suite preferences.
-** Input is a list of ciphers in descending preference order and a length
-** of the list. As a side effect, this causes the use_srtp extension to be
-** negotiated.
-**
-** Invalid or unimplemented cipher suites in |ciphers| are ignored. If at
-** least one cipher suite in |ciphers| is implemented, returns SECSuccess.
-** Otherwise returns SECFailure.
-*/
-SSL_IMPORT SECStatus SSL_SetSRTPCiphers(PRFileDesc *fd,
-                                        const PRUint16 *ciphers,
-                                        unsigned int numCiphers);
-
-/*
-** Get the selected DTLS-SRTP cipher suite (if any).
-** To be called after the handshake completes.
-** Returns SECFailure if not negotiated.
-*/
-SSL_IMPORT SECStatus SSL_GetSRTPCipher(PRFileDesc *fd,
-                                       PRUint16 *cipher);
-
-/*
- * Look to see if any of the signers in the cert chain for "cert" are found
- * in the list of caNames.
- * Returns SECSuccess if so, SECFailure if not.
- * Used by NSS_GetClientAuthData.  May be used by other callback functions.
- */
-SSL_IMPORT SECStatus NSS_CmpCertChainWCANames(CERTCertificate *cert,
-                                              CERTDistNames *caNames);
-
-/*
- * Returns key exchange type of the keys in an SSL server certificate.
- */
-SSL_IMPORT SSLKEAType NSS_FindCertKEAType(CERTCertificate *cert);
-
-/* Set cipher policies to a predefined Domestic (U.S.A.) policy.
- * This essentially allows all supported ciphers.
- */
-SSL_IMPORT SECStatus NSS_SetDomesticPolicy(void);
-
-/* Set cipher policies to a predefined Policy that is exportable from the USA
- *   according to present U.S. policies as we understand them.
- * It is the same as NSS_SetDomesticPolicy now.
- */
-SSL_IMPORT SECStatus NSS_SetExportPolicy(void);
-
-/* Set cipher policies to a predefined Policy that is exportable from the USA
- *   according to present U.S. policies as we understand them, and that the
- *   nation of France will permit to be imported into their country.
- * It is the same as NSS_SetDomesticPolicy now.
- */
-SSL_IMPORT SECStatus NSS_SetFrancePolicy(void);
-
-SSL_IMPORT SSL3Statistics *SSL_GetStatistics(void);
-
-/* Report more information than SSL_SecurityStatus.
- * Caller supplies the info struct.  This function fills it in.  Caller should
- * pass sizeof(SSLChannelInfo) as the |len| argument.
- *
- * The information here will be zeroed prior to details being confirmed.  The
- * details are confirmed either when a Finished message is received, or - for a
- * client - when the second flight of messages have been sent.  This function
- * therefore produces unreliable results prior to receiving the
- * SSLHandshakeCallback or the SSLCanFalseStartCallback.
- */
-SSL_IMPORT SECStatus SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info,
-                                        PRUintn len);
-/* Get preliminary information about a channel.
- * Caller supplies the info struct.  This function fills it in.  Caller should
- * pass sizeof(SSLPreliminaryChannelInfo) as the |len| argument.
- *
- * this function is available to SSLAuthCertificate, SSLGetClientAuthData,
- * SSLSNISocketConfig, and other callbacks that might be called during the
- * processing of the first flight of client of server handshake messages.
- * Values are marked as being unavailable when renegotiation is initiated.
- */
-SSL_IMPORT SECStatus
-SSL_GetPreliminaryChannelInfo(PRFileDesc *fd,
-                              SSLPreliminaryChannelInfo *info,
-                              PRUintn len);
-/* Get information about cipher suite with id of |cipherSuite|.
- * Caller supplies the info struct.  This function fills it in.  Caller should
- * pass sizeof(SSLCipherSuiteInfo) as the |len| argument.
- */
-SSL_IMPORT SECStatus SSL_GetCipherSuiteInfo(PRUint16 cipherSuite,
-                                            SSLCipherSuiteInfo *info, PRUintn len);
-
-/* Returnes negotiated through SNI host info. */
-SSL_IMPORT SECItem *SSL_GetNegotiatedHostInfo(PRFileDesc *fd);
-
-/* Export keying material according to RFC 5705.
-** fd must correspond to a TLS 1.0 or higher socket and out must
-** already be allocated. If hasContext is false, it uses the no-context
-** construction from the RFC and ignores the context and contextLen
-** arguments.
-*/
-SSL_IMPORT SECStatus SSL_ExportKeyingMaterial(PRFileDesc *fd,
-                                              const char *label,
-                                              unsigned int labelLen,
-                                              PRBool hasContext,
-                                              const unsigned char *context,
-                                              unsigned int contextLen,
-                                              unsigned char *out,
-                                              unsigned int outLen);
-
-/*
-** Return a new reference to the certificate that was most recently sent
-** to the peer on this SSL/TLS connection, or NULL if none has been sent.
-*/
-SSL_IMPORT CERTCertificate *SSL_LocalCertificate(PRFileDesc *fd);
-
-/* Test an SSL configuration to see if  SSL_BYPASS_PKCS11 can be turned on.
-** Check the key exchange algorithm for each cipher in the list to see if
-** a master secret key can be extracted after being derived with the mechanism
-** required by the protocolmask argument. If the KEA will use keys from the
-** specified cert make sure the extract operation is attempted from the slot
-** where the private key resides.
-** If MS can be extracted for all ciphers, (*pcanbypass) is set to TRUE and
-** SECSuccess is returned. In all other cases but one (*pcanbypass) is
-** set to FALSE and SECFailure is returned.
-** In that last case Derive() has been called successfully but the MS is null,
-** CanBypass sets (*pcanbypass) to FALSE and returns SECSuccess indicating the
-** arguments were all valid but the slot cannot be bypassed.
-**
-** Note: A TRUE return code from CanBypass means "Your configuration will perform
-** NO WORSE with the bypass enabled than without"; it does NOT mean that every
-** cipher suite listed will work properly with the selected protocols.
-**
-** Caveat: If export cipher suites are included in the argument list Canbypass
-** will return FALSE.
-**/
-
-/* protocol mask bits */
-#define SSL_CBP_SSL3 0x0001   /* test SSL v3 mechanisms */
-#define SSL_CBP_TLS1_0 0x0002 /* test TLS v1.0 mechanisms */
-
-SSL_IMPORT SECStatus SSL_CanBypass(CERTCertificate *cert,
-                                   SECKEYPrivateKey *privKey,
-                                   PRUint32 protocolmask,
-                                   PRUint16 *ciphers, int nciphers,
-                                   PRBool *pcanbypass, void *pwArg);
-
-/*
-** Did the handshake with the peer negotiate the given extension?
-** Output parameter valid only if function returns SECSuccess
-*/
-SSL_IMPORT SECStatus SSL_HandshakeNegotiatedExtension(PRFileDesc *socket,
-                                                      SSLExtensionType extId,
-                                                      PRBool *yes);
-
-SSL_IMPORT SECStatus SSL_HandshakeResumedSession(PRFileDesc *fd,
-                                                 PRBool *last_handshake_resumed);
-
-/* See SSL_SetClientChannelIDCallback for usage. If the callback returns
- * SECWouldBlock then SSL_RestartHandshakeAfterChannelIDReq should be called in
- * the future to restart the handshake.  On SECSuccess, the callback must have
- * written a P-256, EC key pair to |*out_public_key| and |*out_private_key|. */
-typedef SECStatus(PR_CALLBACK *SSLClientChannelIDCallback)(
-    void *arg,
-    PRFileDesc *fd,
-    SECKEYPublicKey **out_public_key,
-    SECKEYPrivateKey **out_private_key);
-
-/* SSL_RestartHandshakeAfterChannelIDReq attempts to restart the handshake
- * after a ChannelID callback returned SECWouldBlock.
- *
- * This function takes ownership of |channelIDPub| and |channelID|. */
-SSL_IMPORT SECStatus SSL_RestartHandshakeAfterChannelIDReq(
-    PRFileDesc *fd,
-    SECKEYPublicKey *channelIDPub,
-    SECKEYPrivateKey *channelID);
-
-/* SSL_SetClientChannelIDCallback sets a callback function that will be called
- * once the server's ServerHello has been processed. This is only applicable to
- * a client socket and setting this callback causes the TLS Channel ID
- * extension to be advertised. */
-SSL_IMPORT SECStatus SSL_SetClientChannelIDCallback(
-    PRFileDesc *fd,
-    SSLClientChannelIDCallback callback,
-    void *arg);
-
-/*
-** How long should we wait before retransmitting the next flight of
-** the DTLS handshake? Returns SECFailure if not DTLS or not in a
-** handshake.
-*/
-SSL_IMPORT SECStatus DTLS_GetHandshakeTimeout(PRFileDesc *socket,
-                                              PRIntervalTime *timeout);
-
-/*
- * Return a boolean that indicates whether the underlying library
- * will perform as the caller expects.
- *
- * The only argument is a string, which should be the version
- * identifier of the NSS library. That string will be compared
- * against a string that represents the actual build version of
- * the SSL library.
- */
-extern PRBool NSSSSL_VersionCheck(const char *importedVersion);
-
-/*
- * Returns a const string of the SSL library version.
- */
-extern const char *NSSSSL_GetVersion(void);
-
-/* Restart an SSL connection that was paused to do asynchronous certificate
- * chain validation (when the auth certificate hook or bad cert handler
- * returned SECWouldBlock).
- *
- * This function only works for non-blocking sockets; Do not use it for
- * blocking sockets. Currently, this function works only for the client role of
- * a connection; it does not work for the server role.
- *
- * The application must call SSL_AuthCertificateComplete with 0 as the value of
- * the error parameter after it has successfully validated the peer's
- * certificate, in order to continue the SSL handshake.
- *
- * The application may call SSL_AuthCertificateComplete with a non-zero value
- * for error (e.g. SEC_ERROR_REVOKED_CERTIFICATE) when certificate validation
- * fails, before it closes the connection. If the application does so, an
- * alert corresponding to the error (e.g. certificate_revoked) will be sent to
- * the peer. See the source code of the internal function
- * ssl3_SendAlertForCertError for the current mapping of error to alert. This
- * mapping may change in future versions of libssl.
- *
- * This function will not complete the entire handshake. The application must
- * call SSL_ForceHandshake, PR_Recv, PR_Send, etc. after calling this function
- * to force the handshake to complete.
- *
- * On the first handshake of a connection, libssl will wait for the peer's
- * certificate to be authenticated before calling the handshake callback,
- * sending a client certificate, sending any application data, or returning
- * any application data to the application. On subsequent (renegotiation)
- * handshakes, libssl will block the handshake unconditionally while the
- * certificate is being validated.
- *
- * libssl may send and receive handshake messages while waiting for the
- * application to call SSL_AuthCertificateComplete, and it may call other
- * callbacks (e.g, the client auth data hook) before
- * SSL_AuthCertificateComplete has been called.
- *
- * An application that uses this asynchronous mechanism will usually have lower
- * handshake latency if it has to do public key operations on the certificate
- * chain and/or CRL/OCSP/cert fetching during the authentication, especially if
- * it does so in parallel on another thread. However, if the application can
- * authenticate the peer's certificate quickly then it may be more efficient
- * to use the synchronous mechanism (i.e. returning SECFailure/SECSuccess
- * instead of SECWouldBlock from the authenticate certificate hook).
- *
- * Be careful about converting an application from synchronous cert validation
- * to asynchronous certificate validation. A naive conversion is likely to
- * result in deadlocks; e.g. the application will wait in PR_Poll for network
- * I/O on the connection while all network I/O on the connection is blocked
- * waiting for this function to be called.
- *
- * Returns SECFailure on failure, SECSuccess on success. Never returns
- * SECWouldBlock. Note that SSL_AuthCertificateComplete will (usually) return
- * SECSuccess; do not interpret the return value of SSL_AuthCertificateComplete
- * as an indicator of whether it is OK to continue using the connection. For
- * example, SSL_AuthCertificateComplete(fd, SEC_ERROR_REVOKED_CERTIFICATE) will
- * return SECSuccess (normally), but that does not mean that the application
- * should continue using the connection. If the application passes a non-zero
- * value for second argument (error), or if SSL_AuthCertificateComplete returns
- * anything other than SECSuccess, then the application should close the
- * connection.
- */
-SSL_IMPORT SECStatus SSL_AuthCertificateComplete(PRFileDesc *fd,
-                                                 PRErrorCode error);
-SEC_END_PROTOS
-
-#endif /* __ssl_h_ */
diff --git a/chromium/net/third_party/nss/ssl/ssl.rc b/chromium/net/third_party/nss/ssl/ssl.rc
deleted file mode 100644
index 809a07e5ffd..00000000000
--- a/chromium/net/third_party/nss/ssl/ssl.rc
+++ /dev/null
@@ -1,68 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "nss.h"
-#include <winver.h>
-
-#define MY_LIBNAME "ssl"
-#define MY_FILEDESCRIPTION "NSS SSL Library"
-
-#define STRINGIZE(x) #x
-#define STRINGIZE2(x) STRINGIZE(x)
-#define NSS_VMAJOR_STR STRINGIZE2(NSS_VMAJOR)
-
-#ifdef _DEBUG
-#define MY_DEBUG_STR " (debug)"
-#define MY_FILEFLAGS_1 VS_FF_DEBUG
-#else
-#define MY_DEBUG_STR ""
-#define MY_FILEFLAGS_1 0x0L
-#endif
-#if NSS_BETA
-#define MY_FILEFLAGS_2 MY_FILEFLAGS_1|VS_FF_PRERELEASE
-#else
-#define MY_FILEFLAGS_2 MY_FILEFLAGS_1
-#endif
-
-#ifdef WINNT
-#define MY_FILEOS VOS_NT_WINDOWS32
-#else
-#define MY_FILEOS VOS__WINDOWS32
-#endif
-
-#define MY_INTERNAL_NAME MY_LIBNAME NSS_VMAJOR_STR
-
-/////////////////////////////////////////////////////////////////////////////
-//
-// Version-information resource
-//
-
-VS_VERSION_INFO VERSIONINFO
- FILEVERSION NSS_VMAJOR,NSS_VMINOR,NSS_VPATCH,NSS_VBUILD
- PRODUCTVERSION NSS_VMAJOR,NSS_VMINOR,NSS_VPATCH,NSS_VBUILD
- FILEFLAGSMASK VS_FFI_FILEFLAGSMASK
- FILEFLAGS MY_FILEFLAGS_2
- FILEOS MY_FILEOS
- FILETYPE VFT_DLL
- FILESUBTYPE 0x0L // not used
-
-BEGIN
-    BLOCK "StringFileInfo"
-    BEGIN
-        BLOCK "040904B0" // Lang=US English, CharSet=Unicode
-        BEGIN
-            VALUE "CompanyName", "Mozilla Foundation\0"
-            VALUE "FileDescription", MY_FILEDESCRIPTION MY_DEBUG_STR "\0"
-            VALUE "FileVersion", NSS_VERSION "\0"
-            VALUE "InternalName", MY_INTERNAL_NAME "\0"
-            VALUE "OriginalFilename", MY_INTERNAL_NAME ".dll\0"
-            VALUE "ProductName", "Network Security Services\0"
-            VALUE "ProductVersion", NSS_VERSION "\0"
-        END
-    END
-    BLOCK "VarFileInfo"
-    BEGIN
-        VALUE "Translation", 0x409, 1200
-    END
-END
diff --git a/chromium/net/third_party/nss/ssl/ssl3con.c b/chromium/net/third_party/nss/ssl/ssl3con.c
deleted file mode 100644
index b6f4987b6c7..00000000000
--- a/chromium/net/third_party/nss/ssl/ssl3con.c
+++ /dev/null
@@ -1,14146 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
-/*
- * SSL3 Protocol
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-/* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */
-
-#include "cert.h"
-#include "ssl.h"
-#include "cryptohi.h" /* for DSAU_ stuff */
-#include "keyhi.h"
-#include "secder.h"
-#include "secitem.h"
-#include "sechash.h"
-
-#include "sslimpl.h"
-#include "sslproto.h"
-#include "sslerr.h"
-#include "prtime.h"
-#include "prinrval.h"
-#include "prerror.h"
-#include "pratom.h"
-#include "prthread.h"
-#include "nss.h"
-#include "nssoptions.h"
-
-#include "pk11func.h"
-#include "secmod.h"
-#ifndef NO_PKCS11_BYPASS
-#include "blapi.h"
-#endif
-
-#include <stdio.h>
-#ifdef NSS_SSL_ENABLE_ZLIB
-#include "zlib.h"
-#endif
-
-#ifndef PK11_SETATTRS
-#define PK11_SETATTRS(x, id, v, l) \
-    (x)->type = (id);              \
-    (x)->pValue = (v);             \
-    (x)->ulValueLen = (l);
-#endif
-
-static SECStatus ssl3_AuthCertificate(sslSocket *ss);
-static void ssl3_CleanupPeerCerts(sslSocket *ss);
-static void ssl3_CopyPeerCertsFromSID(sslSocket *ss, sslSessionID *sid);
-static PK11SymKey *ssl3_GenerateRSAPMS(sslSocket *ss, ssl3CipherSpec *spec,
-                                       PK11SlotInfo *serverKeySlot);
-static SECStatus ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms);
-static SECStatus ssl3_DeriveConnectionKeysPKCS11(sslSocket *ss);
-static SECStatus ssl3_HandshakeFailure(sslSocket *ss);
-static SECStatus ssl3_InitState(sslSocket *ss);
-
-static SECStatus ssl3_SendCertificateRequest(sslSocket *ss);
-static SECStatus ssl3_SendNextProto(sslSocket *ss);
-static SECStatus ssl3_SendChannelIDEncryptedExtensions(sslSocket *ss);
-static SECStatus ssl3_SendFinished(sslSocket *ss, PRInt32 flags);
-static SECStatus ssl3_SendServerHelloDone(sslSocket *ss);
-static SECStatus ssl3_SendServerKeyExchange(sslSocket *ss);
-static SECStatus ssl3_UpdateHandshakeHashes(sslSocket *ss,
-                                            const unsigned char *b,
-                                            unsigned int l);
-static SECStatus ssl3_HandlePostHelloHandshakeMessage(sslSocket *ss,
-                                                      SSL3Opaque *b,
-                                                      PRUint32 length,
-                                                      SSL3Hashes *hashesPtr);
-static SECStatus ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags);
-
-static SECStatus Null_Cipher(void *ctx, unsigned char *output, int *outputLen,
-                             int maxOutputLen, const unsigned char *input,
-                             int inputLen);
-#ifndef NO_PKCS11_BYPASS
-static SECStatus ssl3_AESGCMBypass(ssl3KeyMaterial *keys, PRBool doDecrypt,
-                                   unsigned char *out, int *outlen, int maxout,
-                                   const unsigned char *in, int inlen,
-                                   const unsigned char *additionalData,
-                                   int additionalDataLen);
-#endif
-
-#define MAX_SEND_BUF_LENGTH 32000 /* watch for 16-bit integer overflow */
-#define MIN_SEND_BUF_LENGTH 4000
-
-/* This list of SSL3 cipher suites is sorted in descending order of
- * precedence (desirability).  It only includes cipher suites we implement.
- * This table is modified by SSL3_SetPolicy(). The ordering of cipher suites
- * in this table must match the ordering in SSL_ImplementedCiphers (sslenum.c)
- *
- * Important: See bug 946147 before enabling, reordering, or adding any cipher
- * suites to this list.
- */
-/* clang-format off */
-static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
-   /*      cipher_suite                     policy       enabled   isPresent */
-
-#ifndef NSS_DISABLE_ECC
- { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
- { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,   SSL_ALLOWED, PR_TRUE, PR_FALSE},
- { TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
- { TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,   SSL_ALLOWED, PR_TRUE, PR_FALSE},
-   /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around
-    * bug 946147.
-    */
- { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,    SSL_ALLOWED, PR_TRUE, PR_FALSE},
- { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,    SSL_ALLOWED, PR_TRUE, PR_FALSE},
- { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,      SSL_ALLOWED, PR_TRUE, PR_FALSE},
- { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
- { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,   SSL_ALLOWED, PR_TRUE, PR_FALSE},
- { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,      SSL_ALLOWED, PR_TRUE, PR_FALSE},
- { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,        SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDHE_RSA_WITH_RC4_128_SHA,          SSL_ALLOWED, PR_FALSE, PR_FALSE},
-#endif /* NSS_DISABLE_ECC */
-
- { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,     SSL_ALLOWED, PR_TRUE,  PR_FALSE},
- { TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,SSL_ALLOWED,PR_TRUE,  PR_FALSE},
- { TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_DHE_RSA_WITH_AES_128_CBC_SHA,        SSL_ALLOWED, PR_TRUE,  PR_FALSE},
- { TLS_DHE_DSS_WITH_AES_128_CBC_SHA,        SSL_ALLOWED, PR_TRUE,  PR_FALSE},
- { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,     SSL_ALLOWED, PR_TRUE,  PR_FALSE},
- { TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_DHE_RSA_WITH_AES_256_CBC_SHA,        SSL_ALLOWED, PR_TRUE,  PR_FALSE},
- { TLS_DHE_DSS_WITH_AES_256_CBC_SHA,        SSL_ALLOWED, PR_TRUE,  PR_FALSE},
- { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,     SSL_ALLOWED, PR_TRUE,  PR_FALSE},
- { TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,       SSL_ALLOWED, PR_TRUE,  PR_FALSE},
- { TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,       SSL_ALLOWED, PR_TRUE,  PR_FALSE},
- { TLS_DHE_DSS_WITH_RC4_128_SHA,            SSL_ALLOWED, PR_FALSE, PR_FALSE},
-
-#ifndef NSS_DISABLE_ECC
- { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,       SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,       SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,    SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,      SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDH_ECDSA_WITH_RC4_128_SHA,         SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDH_RSA_WITH_RC4_128_SHA,           SSL_ALLOWED, PR_FALSE, PR_FALSE},
-#endif /* NSS_DISABLE_ECC */
-
- /* RSA */
- { TLS_RSA_WITH_AES_128_GCM_SHA256,         SSL_ALLOWED, PR_TRUE,  PR_FALSE},
- { TLS_RSA_WITH_AES_128_CBC_SHA,            SSL_ALLOWED, PR_TRUE,  PR_FALSE},
- { TLS_RSA_WITH_AES_128_CBC_SHA256,         SSL_ALLOWED, PR_TRUE,  PR_FALSE},
- { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,       SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_RSA_WITH_AES_256_CBC_SHA,            SSL_ALLOWED, PR_TRUE,  PR_FALSE},
- { TLS_RSA_WITH_AES_256_CBC_SHA256,         SSL_ALLOWED, PR_TRUE,  PR_FALSE},
- { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,       SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_RSA_WITH_SEED_CBC_SHA,               SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,      SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_RSA_WITH_3DES_EDE_CBC_SHA,           SSL_ALLOWED, PR_TRUE,  PR_FALSE},
- { TLS_RSA_WITH_RC4_128_SHA,                SSL_ALLOWED, PR_TRUE,  PR_FALSE},
- { TLS_RSA_WITH_RC4_128_MD5,                SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-
- /* 56-bit DES "domestic" cipher suites */
- { TLS_DHE_RSA_WITH_DES_CBC_SHA,            SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_DHE_DSS_WITH_DES_CBC_SHA,            SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { SSL_RSA_FIPS_WITH_DES_CBC_SHA,           SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_RSA_WITH_DES_CBC_SHA,                SSL_ALLOWED, PR_FALSE, PR_FALSE},
-
- /* export ciphersuites with 1024-bit public key exchange keys */
- { TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,      SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
-
- /* export ciphersuites with 512-bit public key exchange keys */
- { TLS_RSA_EXPORT_WITH_RC4_40_MD5,          SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,      SSL_ALLOWED, PR_FALSE, PR_FALSE},
-
- /* ciphersuites with no encryption */
-#ifndef NSS_DISABLE_ECC
- { TLS_ECDHE_ECDSA_WITH_NULL_SHA,           SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDHE_RSA_WITH_NULL_SHA,             SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDH_RSA_WITH_NULL_SHA,              SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDH_ECDSA_WITH_NULL_SHA,            SSL_ALLOWED, PR_FALSE, PR_FALSE},
-#endif /* NSS_DISABLE_ECC */
- { TLS_RSA_WITH_NULL_SHA,                   SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_RSA_WITH_NULL_SHA256,                SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_RSA_WITH_NULL_MD5,                   SSL_ALLOWED, PR_FALSE, PR_FALSE},
-};
-/* clang-format on */
-
-static const SSLSignatureAndHashAlg defaultSignatureAlgorithms[] = {
-    { ssl_hash_sha256, ssl_sign_rsa },
-    { ssl_hash_sha384, ssl_sign_rsa },
-    { ssl_hash_sha512, ssl_sign_rsa },
-    { ssl_hash_sha1, ssl_sign_rsa },
-#ifndef NSS_DISABLE_ECC
-    { ssl_hash_sha256, ssl_sign_ecdsa },
-    { ssl_hash_sha384, ssl_sign_ecdsa },
-    { ssl_hash_sha512, ssl_sign_ecdsa },
-    { ssl_hash_sha1, ssl_sign_ecdsa },
-#endif
-    { ssl_hash_sha256, ssl_sign_dsa },
-    { ssl_hash_sha1, ssl_sign_dsa }
-};
-PR_STATIC_ASSERT(PR_ARRAY_SIZE(defaultSignatureAlgorithms) <=
-                 MAX_SIGNATURE_ALGORITHMS);
-
-/* Verify that SSL_ImplementedCiphers and cipherSuites are in consistent order.
- */
-#ifdef DEBUG
-void
-ssl3_CheckCipherSuiteOrderConsistency()
-{
-    unsigned int i;
-
-    /* Note that SSL_ImplementedCiphers has more elements than cipherSuites
-     * because it SSL_ImplementedCiphers includes SSL 2.0 cipher suites.
-     */
-    PORT_Assert(SSL_NumImplementedCiphers >= PR_ARRAY_SIZE(cipherSuites));
-
-    for (i = 0; i < PR_ARRAY_SIZE(cipherSuites); ++i) {
-        PORT_Assert(SSL_ImplementedCiphers[i] == cipherSuites[i].cipher_suite);
-    }
-}
-#endif
-
-/* This list of SSL3 compression methods is sorted in descending order of
- * precedence (desirability).  It only includes compression methods we
- * implement.
- */
-static const /*SSLCompressionMethod*/ PRUint8 compressions[] = {
-#ifdef NSS_SSL_ENABLE_ZLIB
-    ssl_compression_deflate,
-#endif
-    ssl_compression_null
-};
-
-static const int compressionMethodsCount =
-    sizeof(compressions) / sizeof(compressions[0]);
-
-/* compressionEnabled returns true iff the compression algorithm is enabled
- * for the given SSL socket. */
-static PRBool
-compressionEnabled(sslSocket *ss, SSLCompressionMethod compression)
-{
-    switch (compression) {
-        case ssl_compression_null:
-            return PR_TRUE; /* Always enabled */
-#ifdef NSS_SSL_ENABLE_ZLIB
-        case ssl_compression_deflate:
-            if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
-                return ss->opt.enableDeflate;
-            }
-            return PR_FALSE;
-#endif
-        default:
-            return PR_FALSE;
-    }
-}
-
-static const /*SSL3ClientCertificateType */ PRUint8 certificate_types[] = {
-    ct_RSA_sign,
-#ifndef NSS_DISABLE_ECC
-    ct_ECDSA_sign,
-#endif /* NSS_DISABLE_ECC */
-    ct_DSS_sign,
-};
-
-#define EXPORT_RSA_KEY_LENGTH 64 /* bytes */
-
-/* This global item is used only in servers.  It is is initialized by
-** SSL_ConfigSecureServer(), and is used in ssl3_SendCertificateRequest().
-*/
-CERTDistNames *ssl3_server_ca_list = NULL;
-static SSL3Statistics ssl3stats;
-
-/* indexed by SSL3BulkCipher */
-/* clang-format off */
-static const ssl3BulkCipherDef bulk_cipher_defs[] = {
-    /*                                       |--------- Lengths --------| */
-    /* cipher             calg               k  s  type         i  b  t  n o */
-    /*                                       e  e               v  l  a  o i */
-    /*                                       y  c               |  o  g  n d */
-    /*                                       |  r               |  c  |  c | */
-    /*                                       |  e               |  k  |  e | */
-    /*                                       |  t               |  |  |  | | */
-    {cipher_null,         calg_null,         0, 0, type_stream, 0, 0, 0, 0, SEC_OID_NULL_CIPHER},
-    {cipher_rc4,          calg_rc4,         16,16, type_stream, 0, 0, 0, 0, SEC_OID_RC4},
-    {cipher_rc4_40,       calg_rc4,         16, 5, type_stream, 0, 0, 0, 0, SEC_OID_RC4_40},
-    {cipher_rc4_56,       calg_rc4,         16, 7, type_stream, 0, 0, 0, 0, SEC_OID_RC4_56},
-    {cipher_rc2,          calg_rc2,         16,16, type_block,  8, 8, 0, 0, SEC_OID_RC2_CBC},
-    {cipher_rc2_40,       calg_rc2,         16, 5, type_block,  8, 8, 0, 0, SEC_OID_RC2_40_CBC},
-    {cipher_des,          calg_des,          8, 8, type_block,  8, 8, 0, 0, SEC_OID_DES_CBC},
-    {cipher_3des,         calg_3des,        24,24, type_block,  8, 8, 0, 0, SEC_OID_DES_EDE3_CBC},
-    {cipher_des40,        calg_des,          8, 5, type_block,  8, 8, 0, 0, SEC_OID_DES_40_CBC},
-    {cipher_idea,         calg_idea,        16,16, type_block,  8, 8, 0, 0, SEC_OID_IDEA_CBC},
-    {cipher_aes_128,      calg_aes,         16,16, type_block, 16,16, 0, 0, SEC_OID_AES_128_CBC},
-    {cipher_aes_256,      calg_aes,         32,32, type_block, 16,16, 0, 0, SEC_OID_AES_256_CBC},
-    {cipher_camellia_128, calg_camellia,    16,16, type_block, 16,16, 0, 0, SEC_OID_CAMELLIA_128_CBC},
-    {cipher_camellia_256, calg_camellia,    32,32, type_block, 16,16, 0, 0, SEC_OID_CAMELLIA_256_CBC},
-    {cipher_seed,         calg_seed,        16,16, type_block, 16,16, 0, 0, SEC_OID_SEED_CBC},
-    {cipher_aes_128_gcm,  calg_aes_gcm,     16,16, type_aead,   4, 0,16, 8, SEC_OID_AES_128_GCM},
-    {cipher_chacha20,     calg_chacha20,    32,32, type_aead,  12, 0,16, 0, SEC_OID_CHACHA20_POLY1305},
-    {cipher_missing,      calg_null,         0, 0, type_stream, 0, 0, 0, 0, 0},
-};
-
-static const ssl3KEADef kea_defs[] =
-{ /* indexed by SSL3KeyExchangeAlgorithm */
-    /* kea            exchKeyType signKeyType is_limited limit tls_keygen ephemeral  oid */
-    {kea_null,           kt_null, ssl_sign_null,  PR_FALSE,   0, PR_FALSE, PR_FALSE, 0},
-    {kea_rsa,            kt_rsa,  ssl_sign_rsa,   PR_FALSE,   0, PR_FALSE, PR_FALSE, SEC_OID_TLS_RSA},
-    {kea_rsa_export,     kt_rsa,  ssl_sign_rsa,   PR_TRUE,  512, PR_FALSE, PR_FALSE, SEC_OID_TLS_RSA_EXPORT},
-    {kea_rsa_export_1024,kt_rsa,  ssl_sign_rsa,   PR_TRUE, 1024, PR_FALSE, PR_FALSE, SEC_OID_TLS_RSA_EXPORT},
-    {kea_dh_dss,         kt_dh,   ssl_sign_dsa,   PR_FALSE,   0, PR_FALSE, PR_FALSE, SEC_OID_TLS_DH_DSS},
-    {kea_dh_dss_export,  kt_dh,   ssl_sign_dsa,   PR_TRUE,  512, PR_FALSE, PR_FALSE, SEC_OID_TLS_DH_DSS_EXPORT},
-    {kea_dh_rsa,         kt_dh,   ssl_sign_rsa,   PR_FALSE,   0, PR_FALSE, PR_FALSE, SEC_OID_TLS_DH_RSA},
-    {kea_dh_rsa_export,  kt_dh,   ssl_sign_rsa,   PR_TRUE,  512, PR_FALSE, PR_FALSE, SEC_OID_TLS_DH_RSA_EXPORT},
-    {kea_dhe_dss,        kt_dh,   ssl_sign_dsa,   PR_FALSE,   0, PR_FALSE, PR_TRUE,  SEC_OID_TLS_DHE_DSS},
-    {kea_dhe_dss_export, kt_dh,   ssl_sign_dsa,   PR_TRUE,  512, PR_FALSE, PR_TRUE,  SEC_OID_TLS_DHE_DSS_EXPORT},
-    {kea_dhe_rsa,        kt_dh,   ssl_sign_rsa,   PR_FALSE,   0, PR_FALSE, PR_TRUE,  SEC_OID_TLS_DHE_RSA},
-    {kea_dhe_rsa_export, kt_dh,   ssl_sign_rsa,   PR_TRUE,  512, PR_FALSE, PR_TRUE,  SEC_OID_TLS_DHE_RSA_EXPORT},
-    {kea_dh_anon,        kt_dh,   ssl_sign_null,  PR_FALSE,   0, PR_FALSE, PR_TRUE,  SEC_OID_TLS_DH_ANON},
-    {kea_dh_anon_export, kt_dh,   ssl_sign_null,  PR_TRUE,  512, PR_FALSE, PR_TRUE,  SEC_OID_TLS_DH_ANON_EXPORT},
-    {kea_rsa_fips,       kt_rsa,  ssl_sign_rsa,   PR_FALSE,   0, PR_TRUE,  PR_FALSE, SEC_OID_TLS_RSA},
-#ifndef NSS_DISABLE_ECC
-    {kea_ecdh_ecdsa,     kt_ecdh, ssl_sign_ecdsa, PR_FALSE,   0, PR_FALSE, PR_FALSE, SEC_OID_TLS_ECDH_ECDSA},
-    {kea_ecdhe_ecdsa,    kt_ecdh, ssl_sign_ecdsa, PR_FALSE,   0, PR_FALSE, PR_TRUE,  SEC_OID_TLS_ECDHE_ECDSA},
-    {kea_ecdh_rsa,       kt_ecdh, ssl_sign_rsa,   PR_FALSE,   0, PR_FALSE, PR_FALSE, SEC_OID_TLS_ECDH_RSA},
-    {kea_ecdhe_rsa,      kt_ecdh, ssl_sign_rsa,   PR_FALSE,   0, PR_FALSE, PR_TRUE,  SEC_OID_TLS_ECDHE_RSA},
-    {kea_ecdh_anon,      kt_ecdh, ssl_sign_null,  PR_FALSE,   0, PR_FALSE, PR_TRUE,  SEC_OID_TLS_ECDH_ANON},
-#endif /* NSS_DISABLE_ECC */
-};
-
-/* must use ssl_LookupCipherSuiteDef to access */
-static const ssl3CipherSuiteDef cipher_suite_defs[] =
-{
-/*  cipher_suite                    bulk_cipher_alg mac_alg key_exchange_alg */
-
-    {TLS_NULL_WITH_NULL_NULL,       cipher_null,   mac_null, kea_null},
-    {TLS_RSA_WITH_NULL_MD5,         cipher_null,   mac_md5, kea_rsa},
-    {TLS_RSA_WITH_NULL_SHA,         cipher_null,   mac_sha, kea_rsa},
-    {TLS_RSA_WITH_NULL_SHA256,      cipher_null,   hmac_sha256, kea_rsa},
-    {TLS_RSA_EXPORT_WITH_RC4_40_MD5,cipher_rc4_40, mac_md5, kea_rsa_export},
-    {TLS_RSA_WITH_RC4_128_MD5,      cipher_rc4,    mac_md5, kea_rsa},
-    {TLS_RSA_WITH_RC4_128_SHA,      cipher_rc4,    mac_sha, kea_rsa},
-    {TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
-                                    cipher_rc2_40, mac_md5, kea_rsa_export},
-#if 0 /* not implemented */
-    {TLS_RSA_WITH_IDEA_CBC_SHA,     cipher_idea,   mac_sha, kea_rsa},
-    {TLS_RSA_EXPORT_WITH_DES40_CBC_SHA,
-                                    cipher_des40,  mac_sha, kea_rsa_export},
-#endif
-    {TLS_RSA_WITH_DES_CBC_SHA,      cipher_des,    mac_sha, kea_rsa},
-    {TLS_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des,   mac_sha, kea_rsa},
-    {TLS_DHE_DSS_WITH_DES_CBC_SHA,  cipher_des,    mac_sha, kea_dhe_dss},
-    {TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
-                                    cipher_3des,   mac_sha, kea_dhe_dss},
-    {TLS_DHE_DSS_WITH_RC4_128_SHA,  cipher_rc4,    mac_sha, kea_dhe_dss},
-#if 0 /* not implemented */
-    {TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,
-                                    cipher_des40,  mac_sha, kea_dh_dss_export},
-    {TLS_DH_DSS_DES_CBC_SHA,        cipher_des,    mac_sha, kea_dh_dss},
-    {TLS_DH_DSS_3DES_CBC_SHA,       cipher_3des,   mac_sha, kea_dh_dss},
-    {TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
-                                    cipher_des40,  mac_sha, kea_dh_rsa_export},
-    {TLS_DH_RSA_DES_CBC_SHA,        cipher_des,    mac_sha, kea_dh_rsa},
-    {TLS_DH_RSA_3DES_CBC_SHA,       cipher_3des,   mac_sha, kea_dh_rsa},
-    {TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
-                                    cipher_des40,  mac_sha, kea_dh_dss_export},
-    {TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
-                                    cipher_des40,  mac_sha, kea_dh_rsa_export},
-#endif
-    {TLS_DHE_RSA_WITH_DES_CBC_SHA,  cipher_des,    mac_sha, kea_dhe_rsa},
-    {TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
-                                    cipher_3des,   mac_sha, kea_dhe_rsa},
-#if 0
-    {SSL_DH_ANON_EXPORT_RC4_40_MD5, cipher_rc4_40, mac_md5, kea_dh_anon_export},
-    {TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA,
-                                    cipher_des40,  mac_sha, kea_dh_anon_export},
-    {TLS_DH_anon_WITH_DES_CBC_SHA,  cipher_des,    mac_sha, kea_dh_anon},
-    {TLS_DH_anon_WITH_3DES_CBC_SHA, cipher_3des,   mac_sha, kea_dh_anon},
-#endif
-
-
-/* New TLS cipher suites */
-    {TLS_RSA_WITH_AES_128_CBC_SHA,      cipher_aes_128, mac_sha, kea_rsa},
-    {TLS_RSA_WITH_AES_128_CBC_SHA256,   cipher_aes_128, hmac_sha256, kea_rsa},
-    {TLS_DHE_DSS_WITH_AES_128_CBC_SHA,  cipher_aes_128, mac_sha, kea_dhe_dss},
-    {TLS_DHE_RSA_WITH_AES_128_CBC_SHA,  cipher_aes_128, mac_sha, kea_dhe_rsa},
-    {TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_rsa},
-    {TLS_RSA_WITH_AES_256_CBC_SHA,      cipher_aes_256, mac_sha, kea_rsa},
-    {TLS_RSA_WITH_AES_256_CBC_SHA256,   cipher_aes_256, hmac_sha256, kea_rsa},
-    {TLS_DHE_DSS_WITH_AES_256_CBC_SHA,  cipher_aes_256, mac_sha, kea_dhe_dss},
-    {TLS_DHE_RSA_WITH_AES_256_CBC_SHA,  cipher_aes_256, mac_sha, kea_dhe_rsa},
-    {TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_dhe_rsa},
-#if 0
-    {TLS_DH_DSS_WITH_AES_128_CBC_SHA,   cipher_aes_128, mac_sha, kea_dh_dss},
-    {TLS_DH_RSA_WITH_AES_128_CBC_SHA,   cipher_aes_128, mac_sha, kea_dh_rsa},
-    {TLS_DH_anon_WITH_AES_128_CBC_SHA,  cipher_aes_128, mac_sha, kea_dh_anon},
-    {TLS_DH_DSS_WITH_AES_256_CBC_SHA,   cipher_aes_256, mac_sha, kea_dh_dss},
-    {TLS_DH_RSA_WITH_AES_256_CBC_SHA,   cipher_aes_256, mac_sha, kea_dh_rsa},
-    {TLS_DH_anon_WITH_AES_256_CBC_SHA,  cipher_aes_256, mac_sha, kea_dh_anon},
-#endif
-
-    {TLS_RSA_WITH_SEED_CBC_SHA,     cipher_seed,   mac_sha, kea_rsa},
-
-    {TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, cipher_camellia_128, mac_sha, kea_rsa},
-    {TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
-     cipher_camellia_128, mac_sha, kea_dhe_dss},
-    {TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
-     cipher_camellia_128, mac_sha, kea_dhe_rsa},
-    {TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, cipher_camellia_256, mac_sha, kea_rsa},
-    {TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
-     cipher_camellia_256, mac_sha, kea_dhe_dss},
-    {TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
-     cipher_camellia_256, mac_sha, kea_dhe_rsa},
-
-    {TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,
-                                    cipher_des,    mac_sha,kea_rsa_export_1024},
-    {TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
-                                    cipher_rc4_56, mac_sha,kea_rsa_export_1024},
-
-    {SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_rsa_fips},
-    {SSL_RSA_FIPS_WITH_DES_CBC_SHA, cipher_des,    mac_sha, kea_rsa_fips},
-
-    {TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_rsa},
-    {TLS_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_rsa},
-    {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_rsa},
-    {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa},
-
-    {TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_dss},
-    {TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_dss},
-    {TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_dhe_dss},
-
-    {TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, cipher_chacha20, mac_aead, kea_dhe_rsa},
-    {TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, cipher_chacha20, mac_aead, kea_ecdhe_rsa},
-    {TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, cipher_chacha20, mac_aead, kea_ecdhe_ecdsa},
-
-#ifndef NSS_DISABLE_ECC
-    {TLS_ECDH_ECDSA_WITH_NULL_SHA,        cipher_null, mac_sha, kea_ecdh_ecdsa},
-    {TLS_ECDH_ECDSA_WITH_RC4_128_SHA,      cipher_rc4, mac_sha, kea_ecdh_ecdsa},
-    {TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_ecdsa},
-    {TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_ecdsa},
-    {TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_ecdsa},
-
-    {TLS_ECDHE_ECDSA_WITH_NULL_SHA,        cipher_null, mac_sha, kea_ecdhe_ecdsa},
-    {TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,      cipher_rc4, mac_sha, kea_ecdhe_ecdsa},
-    {TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdhe_ecdsa},
-    {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdhe_ecdsa},
-    {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_ecdhe_ecdsa},
-    {TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdhe_ecdsa},
-
-    {TLS_ECDH_RSA_WITH_NULL_SHA,         cipher_null,    mac_sha, kea_ecdh_rsa},
-    {TLS_ECDH_RSA_WITH_RC4_128_SHA,      cipher_rc4,     mac_sha, kea_ecdh_rsa},
-    {TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des,    mac_sha, kea_ecdh_rsa},
-    {TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,  cipher_aes_128, mac_sha, kea_ecdh_rsa},
-    {TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,  cipher_aes_256, mac_sha, kea_ecdh_rsa},
-
-    {TLS_ECDHE_RSA_WITH_NULL_SHA,         cipher_null,    mac_sha, kea_ecdhe_rsa},
-    {TLS_ECDHE_RSA_WITH_RC4_128_SHA,      cipher_rc4,     mac_sha, kea_ecdhe_rsa},
-    {TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des,    mac_sha, kea_ecdhe_rsa},
-    {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,  cipher_aes_128, mac_sha, kea_ecdhe_rsa},
-    {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_ecdhe_rsa},
-    {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,  cipher_aes_256, mac_sha, kea_ecdhe_rsa},
-
-#if 0
-    {TLS_ECDH_anon_WITH_NULL_SHA,         cipher_null,    mac_sha, kea_ecdh_anon},
-    {TLS_ECDH_anon_WITH_RC4_128_SHA,      cipher_rc4,     mac_sha, kea_ecdh_anon},
-    {TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, cipher_3des,    mac_sha, kea_ecdh_anon},
-    {TLS_ECDH_anon_WITH_AES_128_CBC_SHA,  cipher_aes_128, mac_sha, kea_ecdh_anon},
-    {TLS_ECDH_anon_WITH_AES_256_CBC_SHA,  cipher_aes_256, mac_sha, kea_ecdh_anon},
-#endif
-#endif /* NSS_DISABLE_ECC */
-};
-/* clang-format on */
-
-static const CK_MECHANISM_TYPE kea_alg_defs[] = {
-    0x80000000L,
-    CKM_RSA_PKCS,
-    CKM_DH_PKCS_DERIVE,
-    CKM_KEA_KEY_DERIVE,
-    CKM_ECDH1_DERIVE
-};
-
-typedef struct SSLCipher2MechStr {
-    SSLCipherAlgorithm calg;
-    CK_MECHANISM_TYPE cmech;
-} SSLCipher2Mech;
-
-/* indexed by type SSLCipherAlgorithm */
-static const SSLCipher2Mech alg2Mech[] = {
-    /* calg,          cmech  */
-    { calg_null, (CK_MECHANISM_TYPE)0x80000000L },
-    { calg_rc4, CKM_RC4 },
-    { calg_rc2, CKM_RC2_CBC },
-    { calg_des, CKM_DES_CBC },
-    { calg_3des, CKM_DES3_CBC },
-    { calg_idea, CKM_IDEA_CBC },
-    { calg_fortezza, CKM_SKIPJACK_CBC64 },
-    { calg_aes, CKM_AES_CBC },
-    { calg_camellia, CKM_CAMELLIA_CBC },
-    { calg_seed, CKM_SEED_CBC },
-    { calg_aes_gcm, CKM_AES_GCM },
-    { calg_chacha20, CKM_NSS_CHACHA20_POLY1305 },
-    /*  { calg_init     , (CK_MECHANISM_TYPE)0x7fffffffL    }  */
-};
-
-#define mmech_invalid (CK_MECHANISM_TYPE)0x80000000L
-#define mmech_md5 CKM_SSL3_MD5_MAC
-#define mmech_sha CKM_SSL3_SHA1_MAC
-#define mmech_md5_hmac CKM_MD5_HMAC
-#define mmech_sha_hmac CKM_SHA_1_HMAC
-#define mmech_sha256_hmac CKM_SHA256_HMAC
-
-/* clang-format off */
-static const ssl3MACDef mac_defs[] = { /* indexed by SSL3MACAlgorithm */
-    /* pad_size is only used for SSL 3.0 MAC. See RFC 6101 Sec. 5.2.3.1. */
-    /* mac      mmech       pad_size  mac_size                       */
-    { mac_null, mmech_invalid,    0,  0         ,  0},
-    { mac_md5,  mmech_md5,       48,  MD5_LENGTH,  SEC_OID_HMAC_MD5 },
-    { mac_sha,  mmech_sha,       40,  SHA1_LENGTH, SEC_OID_HMAC_SHA1},
-    {hmac_md5,  mmech_md5_hmac,   0,  MD5_LENGTH,  SEC_OID_HMAC_MD5},
-    {hmac_sha,  mmech_sha_hmac,   0,  SHA1_LENGTH, SEC_OID_HMAC_SHA1},
-    {hmac_sha256, mmech_sha256_hmac, 0, SHA256_LENGTH, SEC_OID_HMAC_SHA256},
-    { mac_aead, mmech_invalid,    0,  0, 0 },
-};
-/* clang-format on */
-
-/* indexed by SSL3BulkCipher */
-const char *const ssl3_cipherName[] = {
-    "NULL",
-    "RC4",
-    "RC4-40",
-    "RC4-56",
-    "RC2-CBC",
-    "RC2-CBC-40",
-    "DES-CBC",
-    "3DES-EDE-CBC",
-    "DES-CBC-40",
-    "IDEA-CBC",
-    "AES-128",
-    "AES-256",
-    "Camellia-128",
-    "Camellia-256",
-    "SEED-CBC",
-    "AES-128-GCM",
-    "missing"
-};
-
-const PRUint8 tls13_downgrade_random[] = { 0x44, 0x4F, 0x57, 0x4E,
-                                           0x47, 0x52, 0x44, 0x01 };
-const PRUint8 tls12_downgrade_random[] = { 0x44, 0x4F, 0x57, 0x4E,
-                                           0x47, 0x52, 0x44, 0x00 };
-
-#ifndef NSS_DISABLE_ECC
-/* The ECCWrappedKeyInfo structure defines how various pieces of
- * information are laid out within wrappedSymmetricWrappingkey
- * for ECDH key exchange. Since wrappedSymmetricWrappingkey is
- * a 512-byte buffer (see sslimpl.h), the variable length field
- * in ECCWrappedKeyInfo can be at most (512 - 8) = 504 bytes.
- *
- * XXX For now, NSS only supports named elliptic curves of size 571 bits
- * or smaller. The public value will fit within 145 bytes and EC params
- * will fit within 12 bytes. We'll need to revisit this when NSS
- * supports arbitrary curves.
- */
-#define MAX_EC_WRAPPED_KEY_BUFLEN 504
-
-typedef struct ECCWrappedKeyInfoStr {
-    PRUint16 size;                          /* EC public key size in bits */
-    PRUint16 encodedParamLen;               /* length (in bytes) of DER encoded EC params */
-    PRUint16 pubValueLen;                   /* length (in bytes) of EC public value */
-    PRUint16 wrappedKeyLen;                 /* length (in bytes) of the wrapped key */
-    PRUint8 var[MAX_EC_WRAPPED_KEY_BUFLEN]; /* this buffer contains the */
-    /* EC public-key params, the EC public value and the wrapped key  */
-} ECCWrappedKeyInfo;
-#endif /* NSS_DISABLE_ECC */
-
-CK_MECHANISM_TYPE
-ssl3_Alg2Mech(SSLCipherAlgorithm calg)
-{
-    PORT_Assert(alg2Mech[calg].calg == calg);
-    return alg2Mech[calg].cmech;
-}
-
-#if defined(TRACE)
-
-static char *
-ssl3_DecodeHandshakeType(int msgType)
-{
-    char *rv;
-    static char line[40];
-
-    switch (msgType) {
-        case hello_request:
-            rv = "hello_request (0)";
-            break;
-        case client_hello:
-            rv = "client_hello  (1)";
-            break;
-        case server_hello:
-            rv = "server_hello  (2)";
-            break;
-        case hello_verify_request:
-            rv = "hello_verify_request (3)";
-            break;
-        case encrypted_extensions:
-            rv = "encrypted_extensions (8)";
-            break;
-        case certificate:
-            rv = "certificate  (11)";
-            break;
-        case server_key_exchange:
-            rv = "server_key_exchange (12)";
-            break;
-        case certificate_request:
-            rv = "certificate_request (13)";
-            break;
-        case server_hello_done:
-            rv = "server_hello_done   (14)";
-            break;
-        case certificate_verify:
-            rv = "certificate_verify  (15)";
-            break;
-        case client_key_exchange:
-            rv = "client_key_exchange (16)";
-            break;
-        case finished:
-            rv = "finished     (20)";
-            break;
-        default:
-            sprintf(line, "*UNKNOWN* handshake type! (%d)", msgType);
-            rv = line;
-    }
-    return rv;
-}
-
-static char *
-ssl3_DecodeContentType(int msgType)
-{
-    char *rv;
-    static char line[40];
-
-    switch (msgType) {
-        case content_change_cipher_spec:
-            rv = "change_cipher_spec (20)";
-            break;
-        case content_alert:
-            rv = "alert      (21)";
-            break;
-        case content_handshake:
-            rv = "handshake  (22)";
-            break;
-        case content_application_data:
-            rv = "application_data (23)";
-            break;
-        default:
-            sprintf(line, "*UNKNOWN* record type! (%d)", msgType);
-            rv = line;
-    }
-    return rv;
-}
-
-#endif
-
-SSL3Statistics *
-SSL_GetStatistics(void)
-{
-    return &ssl3stats;
-}
-
-typedef struct tooLongStr {
-#if defined(IS_LITTLE_ENDIAN)
-    PRInt32 low;
-    PRInt32 high;
-#else
-    PRInt32 high;
-    PRInt32 low;
-#endif
-} tooLong;
-
-void
-SSL_AtomicIncrementLong(long *x)
-{
-    if ((sizeof *x) == sizeof(PRInt32)) {
-        PR_ATOMIC_INCREMENT((PRInt32 *)x);
-    } else {
-        tooLong *tl = (tooLong *)x;
-        if (PR_ATOMIC_INCREMENT(&tl->low) == 0)
-            PR_ATOMIC_INCREMENT(&tl->high);
-    }
-}
-
-static PRBool
-ssl3_CipherSuiteAllowedForVersionRange(
-    ssl3CipherSuite cipherSuite,
-    const SSLVersionRange *vrange)
-{
-    switch (cipherSuite) {
-        /* See RFC 4346 A.5. Export cipher suites must not be used in TLS 1.1 or
-         * later. This set of cipher suites is similar to, but different from, the
-         * set of cipher suites considered exportable by SSL_IsExportCipherSuite.
-         */
-        case TLS_RSA_EXPORT_WITH_RC4_40_MD5:
-        case TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
-            /*   TLS_RSA_EXPORT_WITH_DES40_CBC_SHA:      never implemented
-             *   TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA:   never implemented
-             *   TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA:   never implemented
-             *   TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA:  never implemented
-             *   TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA:  never implemented
-             *   TLS_DH_anon_EXPORT_WITH_RC4_40_MD5:     never implemented
-             *   TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA:  never implemented
-             */
-            return vrange->min <= SSL_LIBRARY_VERSION_TLS_1_0;
-
-        case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
-        case TLS_RSA_WITH_AES_256_CBC_SHA256:
-        case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
-        case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
-        case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
-        case TLS_RSA_WITH_AES_128_CBC_SHA256:
-        case TLS_RSA_WITH_AES_128_GCM_SHA256:
-        case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
-        case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
-        case TLS_RSA_WITH_NULL_SHA256:
-        case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
-            return vrange->max == SSL_LIBRARY_VERSION_TLS_1_2;
-
-        case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
-        case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
-        case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
-            return vrange->max >= SSL_LIBRARY_VERSION_TLS_1_2;
-
-        /* RFC 4492: ECC cipher suites need TLS extensions to negotiate curves and
-         * point formats.*/
-        case TLS_ECDH_ECDSA_WITH_NULL_SHA:
-        case TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
-        case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
-        case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
-        case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
-        case TLS_ECDHE_ECDSA_WITH_NULL_SHA:
-        case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
-        case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
-        case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
-        case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
-        case TLS_ECDH_RSA_WITH_NULL_SHA:
-        case TLS_ECDH_RSA_WITH_RC4_128_SHA:
-        case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
-        case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
-        case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
-        case TLS_ECDHE_RSA_WITH_NULL_SHA:
-        case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
-        case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
-        case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
-        case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
-            return vrange->max >= SSL_LIBRARY_VERSION_TLS_1_0 &&
-                   vrange->min < SSL_LIBRARY_VERSION_TLS_1_3;
-
-        default:
-            return vrange->min < SSL_LIBRARY_VERSION_TLS_1_3;
-    }
-}
-
-/* return pointer to ssl3CipherSuiteDef for suite, or NULL */
-/* XXX This does a linear search.  A binary search would be better. */
-static const ssl3CipherSuiteDef *
-ssl_LookupCipherSuiteDef(ssl3CipherSuite suite)
-{
-    int cipher_suite_def_len =
-        sizeof(cipher_suite_defs) / sizeof(cipher_suite_defs[0]);
-    int i;
-
-    for (i = 0; i < cipher_suite_def_len; i++) {
-        if (cipher_suite_defs[i].cipher_suite == suite)
-            return &cipher_suite_defs[i];
-    }
-    PORT_Assert(PR_FALSE); /* We should never get here. */
-    PORT_SetError(SSL_ERROR_UNKNOWN_CIPHER_SUITE);
-    return NULL;
-}
-
-/* Find the cipher configuration struct associate with suite */
-/* XXX This does a linear search.  A binary search would be better. */
-static ssl3CipherSuiteCfg *
-ssl_LookupCipherSuiteCfg(ssl3CipherSuite suite, ssl3CipherSuiteCfg *suites)
-{
-    int i;
-
-    for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
-        if (suites[i].cipher_suite == suite)
-            return &suites[i];
-    }
-    /* return NULL and let the caller handle it.  */
-    PORT_SetError(SSL_ERROR_UNKNOWN_CIPHER_SUITE);
-    return NULL;
-}
-
-/* Initialize the suite->isPresent value for config_match
- * Returns count of enabled ciphers supported by extant tokens,
- * regardless of policy or user preference.
- * If this returns zero, the user cannot do SSL v3.
- */
-int
-ssl3_config_match_init(sslSocket *ss)
-{
-    ssl3CipherSuiteCfg *suite;
-    const ssl3CipherSuiteDef *cipher_def;
-    SSLCipherAlgorithm cipher_alg;
-    CK_MECHANISM_TYPE cipher_mech;
-    SSL3KEAType exchKeyType;
-    int i;
-    int numPresent = 0;
-    int numEnabled = 0;
-    PRBool isServer;
-    sslServerCerts *svrAuth;
-
-    PORT_Assert(ss);
-    if (!ss) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return 0;
-    }
-    if (SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) {
-        return 0;
-    }
-    isServer = (PRBool)(ss->sec.isServer != 0);
-
-    for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
-        suite = &ss->cipherSuites[i];
-        if (suite->enabled) {
-            ++numEnabled;
-            /* We need the cipher defs to see if we have a token that can handle
-             * this cipher.  It isn't part of the static definition.
-             */
-            cipher_def = ssl_LookupCipherSuiteDef(suite->cipher_suite);
-            if (!cipher_def) {
-                suite->isPresent = PR_FALSE;
-                continue;
-            }
-            cipher_alg = bulk_cipher_defs[cipher_def->bulk_cipher_alg].calg;
-            cipher_mech = ssl3_Alg2Mech(cipher_alg);
-            exchKeyType =
-                kea_defs[cipher_def->key_exchange_alg].exchKeyType;
-#ifdef NSS_DISABLE_ECC
-            svrAuth = ss->serverCerts + exchKeyType;
-#else
-            /* XXX SSLKEAType isn't really a good choice for
-             * indexing certificates. It doesn't work for
-             * (EC)DHE-* ciphers. Here we use a hack to ensure
-             * that the server uses an RSA cert for (EC)DHE-RSA.
-             */
-            switch (cipher_def->key_exchange_alg) {
-                case kea_dhe_dss:
-                    svrAuth = ss->serverCerts + ssl_kea_dh;
-                    break;
-                case kea_ecdhe_rsa:
-                case kea_dhe_rsa:
-                    svrAuth = ss->serverCerts + kt_rsa;
-                    break;
-                case kea_ecdh_ecdsa:
-                case kea_ecdh_rsa:
-                /*
-                 * XXX We ought to have different indices for
-                 * ECDSA- and RSA-signed EC certificates so
-                 * we could support both key exchange mechanisms
-                 * simultaneously. For now, both of them use
-                 * whatever is in the certificate slot for kt_ecdh
-                 */
-                case kea_dhe_dss_export:
-                case kea_dhe_rsa_export:
-                default:
-                    svrAuth = ss->serverCerts + exchKeyType;
-                    break;
-            }
-#endif /* NSS_DISABLE_ECC */
-
-            /* Mark the suites that are backed by real tokens, certs and keys */
-            suite->isPresent = (PRBool)(((exchKeyType == kt_null) ||
-                                         ((!isServer ||
-                                           (svrAuth->serverKeyPair && svrAuth->SERVERKEY &&
-                                            svrAuth->serverCertChain)) &&
-                                          PK11_TokenExists(kea_alg_defs[exchKeyType]))) &&
-                                        ((cipher_alg == calg_null) || PK11_TokenExists(cipher_mech)));
-            if (suite->isPresent)
-                ++numPresent;
-        }
-    }
-    PORT_Assert(numPresent > 0 || numEnabled == 0);
-    if (numPresent <= 0) {
-        PORT_SetError(SSL_ERROR_NO_CIPHERS_SUPPORTED);
-    }
-    return numPresent;
-}
-
-/* return PR_TRUE if suite matches policy, enabled state and is applicable to
- * the given version range. */
-/* It would be a REALLY BAD THING (tm) if we ever permitted the use
-** of a cipher that was NOT_ALLOWED.  So, if this is ever called with
-** policy == SSL_NOT_ALLOWED, report no match.
-*/
-/* adjust suite enabled to the availability of a token that can do the
- * cipher suite. */
-static PRBool
-config_match(ssl3CipherSuiteCfg *suite, int policy, PRBool enabled,
-             const SSLVersionRange *vrange, const sslSocket *ss)
-{
-    const ssl3CipherSuiteDef *cipher_def;
-
-    PORT_Assert(policy != SSL_NOT_ALLOWED && enabled != PR_FALSE);
-    if (policy == SSL_NOT_ALLOWED || !enabled)
-        return PR_FALSE;
-
-    cipher_def = ssl_LookupCipherSuiteDef(suite->cipher_suite);
-    PORT_Assert(cipher_def != NULL);
-
-    PORT_Assert(ss != NULL);
-    if (ss->sec.isServer && !ss->opt.enableServerDhe &&
-        kea_defs[cipher_def->key_exchange_alg].exchKeyType == ssl_kea_dh)
-        return PR_FALSE;
-
-    return (PRBool)(suite->enabled &&
-                    suite->isPresent &&
-                    suite->policy != SSL_NOT_ALLOWED &&
-                    suite->policy <= policy &&
-                    ssl3_CipherSuiteAllowedForVersionRange(
-                        suite->cipher_suite, vrange));
-}
-
-/* return number of cipher suites that match policy, enabled state and are
- * applicable for the configured protocol version range. */
-/* called from ssl3_SendClientHello and ssl3_ConstructV2CipherSpecsHack */
-static int
-count_cipher_suites(sslSocket *ss, int policy, PRBool enabled)
-{
-    int i, count = 0;
-
-    if (SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) {
-        return 0;
-    }
-    for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
-        if (config_match(&ss->cipherSuites[i], policy, enabled, &ss->vrange, ss))
-            count++;
-    }
-    if (count <= 0) {
-        PORT_SetError(SSL_ERROR_SSL_DISABLED);
-    }
-    return count;
-}
-
-/*
- * Null compression, mac and encryption functions
- */
-
-static SECStatus
-Null_Cipher(void *ctx, unsigned char *output, int *outputLen, int maxOutputLen,
-            const unsigned char *input, int inputLen)
-{
-    if (inputLen > maxOutputLen) {
-        *outputLen = 0; /* Match PK11_CipherOp in setting outputLen */
-        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
-        return SECFailure;
-    }
-    *outputLen = inputLen;
-    if (input != output)
-        PORT_Memcpy(output, input, inputLen);
-    return SECSuccess;
-}
-
-/*
- * SSL3 Utility functions
- */
-
-/* allowLargerPeerVersion controls whether the function will select the
- * highest enabled SSL version or fail when peerVersion is greater than the
- * highest enabled version.
- *
- * If allowLargerPeerVersion is true, peerVersion is the peer's highest
- * enabled version rather than the peer's selected version.
- */
-SECStatus
-ssl3_NegotiateVersion(sslSocket *ss, SSL3ProtocolVersion peerVersion,
-                      PRBool allowLargerPeerVersion)
-{
-    if (SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) {
-        PORT_SetError(SSL_ERROR_SSL_DISABLED);
-        return SECFailure;
-    }
-
-    if (peerVersion < ss->vrange.min ||
-        (peerVersion > ss->vrange.max && !allowLargerPeerVersion)) {
-        PORT_SetError(SSL_ERROR_UNSUPPORTED_VERSION);
-        return SECFailure;
-    }
-
-    ss->version = PR_MIN(peerVersion, ss->vrange.max);
-    PORT_Assert(ssl3_VersionIsSupported(ss->protocolVariant, ss->version));
-
-    return SECSuccess;
-}
-
-static SECStatus
-ssl3_GetNewRandom(SSL3Random *random)
-{
-    SECStatus rv;
-
-    rv = PK11_GenerateRandom(random->rand, SSL3_RANDOM_LENGTH);
-    if (rv != SECSuccess) {
-        ssl_MapLowLevelError(SSL_ERROR_GENERATE_RANDOM_FAILURE);
-    }
-    return rv;
-}
-
-/* Called by ssl3_SendServerKeyExchange and ssl3_SendCertificateVerify */
-SECStatus
-ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, SECItem *buf,
-                PRBool isTLS)
-{
-    SECStatus rv = SECFailure;
-    PRBool doDerEncode = PR_FALSE;
-    int signatureLen;
-    SECItem hashItem;
-
-    buf->data = NULL;
-
-    switch (key->keyType) {
-        case rsaKey:
-            hashItem.data = hash->u.raw;
-            hashItem.len = hash->len;
-            break;
-        case dsaKey:
-            doDerEncode = isTLS;
-            /* ssl_hash_none is used to specify the MD5/SHA1 concatenated hash.
-             * In that case, we use just the SHA1 part. */
-            if (hash->hashAlg == ssl_hash_none) {
-                hashItem.data = hash->u.s.sha;
-                hashItem.len = sizeof(hash->u.s.sha);
-            } else {
-                hashItem.data = hash->u.raw;
-                hashItem.len = hash->len;
-            }
-            break;
-#ifndef NSS_DISABLE_ECC
-        case ecKey:
-            doDerEncode = PR_TRUE;
-            /* ssl_hash_none is used to specify the MD5/SHA1 concatenated hash.
-             * In that case, we use just the SHA1 part. */
-            if (hash->hashAlg == ssl_hash_none) {
-                hashItem.data = hash->u.s.sha;
-                hashItem.len = sizeof(hash->u.s.sha);
-            } else {
-                hashItem.data = hash->u.raw;
-                hashItem.len = hash->len;
-            }
-            break;
-#endif /* NSS_DISABLE_ECC */
-        default:
-            PORT_SetError(SEC_ERROR_INVALID_KEY);
-            goto done;
-    }
-    PRINT_BUF(60, (NULL, "hash(es) to be signed", hashItem.data, hashItem.len));
-
-    if (hash->hashAlg == ssl_hash_none) {
-        signatureLen = PK11_SignatureLen(key);
-        if (signatureLen <= 0) {
-            PORT_SetError(SEC_ERROR_INVALID_KEY);
-            goto done;
-        }
-
-        buf->len = (unsigned)signatureLen;
-        buf->data = (unsigned char *)PORT_Alloc(signatureLen);
-        if (!buf->data)
-            goto done; /* error code was set. */
-
-        rv = PK11_Sign(key, buf, &hashItem);
-    } else {
-        SECOidTag hashOID = ssl3_TLSHashAlgorithmToOID(hash->hashAlg);
-        rv = SGN_Digest(key, hashOID, buf, &hashItem);
-    }
-    if (rv != SECSuccess) {
-        ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE);
-    } else if (doDerEncode) {
-        SECItem derSig = { siBuffer, NULL, 0 };
-
-        /* This also works for an ECDSA signature */
-        rv = DSAU_EncodeDerSigWithLen(&derSig, buf, buf->len);
-        if (rv == SECSuccess) {
-            PORT_Free(buf->data); /* discard unencoded signature. */
-            *buf = derSig;        /* give caller encoded signature. */
-        } else if (derSig.data) {
-            PORT_Free(derSig.data);
-        }
-    }
-
-    PRINT_BUF(60, (NULL, "signed hashes", (unsigned char *)buf->data, buf->len));
-done:
-    if (rv != SECSuccess && buf->data) {
-        PORT_Free(buf->data);
-        buf->data = NULL;
-    }
-    return rv;
-}
-
-/* Called from ssl3_HandleServerKeyExchange, ssl3_HandleCertificateVerify */
-SECStatus
-ssl3_VerifySignedHashes(SSL3Hashes *hash, CERTCertificate *cert,
-                        SECItem *buf, PRBool isTLS, void *pwArg)
-{
-    SECKEYPublicKey *key;
-    SECItem *signature = NULL;
-    SECStatus rv;
-    SECItem hashItem;
-    SECOidTag encAlg;
-    SECOidTag hashAlg;
-
-    PRINT_BUF(60, (NULL, "check signed hashes",
-                   buf->data, buf->len));
-
-    key = CERT_ExtractPublicKey(cert);
-    if (key == NULL) {
-        ssl_MapLowLevelError(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE);
-        return SECFailure;
-    }
-
-    hashAlg = ssl3_TLSHashAlgorithmToOID(hash->hashAlg);
-    switch (key->keyType) {
-        case rsaKey:
-            encAlg = SEC_OID_PKCS1_RSA_ENCRYPTION;
-            hashItem.data = hash->u.raw;
-            hashItem.len = hash->len;
-            break;
-        case dsaKey:
-            encAlg = SEC_OID_ANSIX9_DSA_SIGNATURE;
-            /* ssl_hash_none is used to specify the MD5/SHA1 concatenated hash.
-             * In that case, we use just the SHA1 part. */
-            if (hash->hashAlg == ssl_hash_none) {
-                hashItem.data = hash->u.s.sha;
-                hashItem.len = sizeof(hash->u.s.sha);
-            } else {
-                hashItem.data = hash->u.raw;
-                hashItem.len = hash->len;
-            }
-            /* Allow DER encoded DSA signatures in SSL 3.0 */
-            if (isTLS || buf->len != SECKEY_SignatureLen(key)) {
-                signature = DSAU_DecodeDerSigToLen(buf, SECKEY_SignatureLen(key));
-                if (!signature) {
-                    PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
-                    return SECFailure;
-                }
-                buf = signature;
-            }
-            break;
-
-#ifndef NSS_DISABLE_ECC
-        case ecKey:
-            encAlg = SEC_OID_ANSIX962_EC_PUBLIC_KEY;
-            /* ssl_hash_none is used to specify the MD5/SHA1 concatenated hash.
-             * In that case, we use just the SHA1 part.
-             * ECDSA signatures always encode the integers r and s using ASN.1
-             * (unlike DSA where ASN.1 encoding is used with TLS but not with
-             * SSL3). So we can use VFY_VerifyDigestDirect for ECDSA.
-             */
-            if (hash->hashAlg == ssl_hash_none) {
-                hashAlg = SEC_OID_SHA1;
-                hashItem.data = hash->u.s.sha;
-                hashItem.len = sizeof(hash->u.s.sha);
-            } else {
-                hashItem.data = hash->u.raw;
-                hashItem.len = hash->len;
-            }
-            break;
-#endif /* NSS_DISABLE_ECC */
-
-        default:
-            SECKEY_DestroyPublicKey(key);
-            PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
-            return SECFailure;
-    }
-
-    PRINT_BUF(60, (NULL, "hash(es) to be verified",
-                   hashItem.data, hashItem.len));
-
-    if (hashAlg == SEC_OID_UNKNOWN || key->keyType == dsaKey) {
-        /* VFY_VerifyDigestDirect requires DSA signatures to be DER-encoded.
-         * DSA signatures are DER-encoded in TLS but not in SSL3 and the code
-         * above always removes the DER encoding of DSA signatures when
-         * present. Thus DSA signatures are always verified with PK11_Verify.
-         */
-        rv = PK11_Verify(key, buf, &hashItem, pwArg);
-    } else {
-        rv = VFY_VerifyDigestDirect(&hashItem, key, buf, encAlg, hashAlg,
-                                    pwArg);
-    }
-    SECKEY_DestroyPublicKey(key);
-    if (signature) {
-        SECITEM_FreeItem(signature, PR_TRUE);
-    }
-    if (rv != SECSuccess) {
-        ssl_MapLowLevelError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
-    }
-    return rv;
-}
-
-/* Caller must set hiLevel error code. */
-/* Called from ssl3_ComputeExportRSAKeyHash
- *             ssl3_ComputeDHKeyHash
- * which are called from ssl3_HandleServerKeyExchange.
- *
- * hashAlg: ssl_hash_none indicates the pre-1.2, MD5/SHA1 combination hash.
- */
-SECStatus
-ssl3_ComputeCommonKeyHash(SSLHashType hashAlg,
-                          PRUint8 *hashBuf, unsigned int bufLen,
-                          SSL3Hashes *hashes, PRBool bypassPKCS11)
-{
-    SECStatus rv;
-    SECOidTag hashOID;
-
-#ifndef NO_PKCS11_BYPASS
-    if (bypassPKCS11) {
-        if (hashAlg == ssl_hash_none) {
-            MD5_HashBuf(hashes->u.s.md5, hashBuf, bufLen);
-            SHA1_HashBuf(hashes->u.s.sha, hashBuf, bufLen);
-            hashes->len = MD5_LENGTH + SHA1_LENGTH;
-        } else if (hashAlg == ssl_hash_sha1) {
-            SHA1_HashBuf(hashes->u.raw, hashBuf, bufLen);
-            hashes->len = SHA1_LENGTH;
-        } else if (hashAlg == ssl_hash_sha256) {
-            SHA256_HashBuf(hashes->u.raw, hashBuf, bufLen);
-            hashes->len = SHA256_LENGTH;
-        } else if (hashAlg == ssl_hash_sha384) {
-            SHA384_HashBuf(hashes->u.raw, hashBuf, bufLen);
-            hashes->len = SHA384_LENGTH;
-        } else if (hashAlg == ssl_hash_sha512) {
-            SHA512_HashBuf(hashes->u.raw, hashBuf, bufLen);
-            hashes->len = SHA512_LENGTH;
-        } else {
-            PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM);
-            return SECFailure;
-        }
-    } else
-#endif
-    {
-        if (hashAlg == ssl_hash_none) {
-            rv = PK11_HashBuf(SEC_OID_MD5, hashes->u.s.md5, hashBuf, bufLen);
-            if (rv != SECSuccess) {
-                ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
-                return rv;
-            }
-            rv = PK11_HashBuf(SEC_OID_SHA1, hashes->u.s.sha, hashBuf, bufLen);
-            if (rv != SECSuccess) {
-                ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
-                return rv;
-            }
-            hashes->len = MD5_LENGTH + SHA1_LENGTH;
-        } else {
-            hashOID = ssl3_TLSHashAlgorithmToOID(hashAlg);
-            hashes->len = HASH_ResultLenByOidTag(hashOID);
-            if (hashes->len == 0 || hashes->len > sizeof(hashes->u.raw)) {
-                ssl_MapLowLevelError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM);
-                return SECFailure;
-            }
-            rv = PK11_HashBuf(hashOID, hashes->u.raw, hashBuf, bufLen);
-            if (rv != SECSuccess) {
-                ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
-                return rv;
-            }
-        }
-    }
-    hashes->hashAlg = hashAlg;
-    return SECSuccess;
-}
-
-/* Caller must set hiLevel error code.
-** Called from ssl3_SendServerKeyExchange and
-**             ssl3_HandleServerKeyExchange.
-*/
-static SECStatus
-ssl3_ComputeExportRSAKeyHash(SSLHashType hashAlg,
-                             SECItem modulus, SECItem publicExponent,
-                             SSL3Random *client_rand, SSL3Random *server_rand,
-                             SSL3Hashes *hashes, PRBool bypassPKCS11)
-{
-    PRUint8 *hashBuf;
-    PRUint8 *pBuf;
-    SECStatus rv = SECSuccess;
-    unsigned int bufLen;
-    PRUint8 buf[2 * SSL3_RANDOM_LENGTH + 2 + 4096 / 8 + 2 + 4096 / 8];
-
-    bufLen = 2 * SSL3_RANDOM_LENGTH + 2 + modulus.len + 2 + publicExponent.len;
-    if (bufLen <= sizeof buf) {
-        hashBuf = buf;
-    } else {
-        hashBuf = PORT_Alloc(bufLen);
-        if (!hashBuf) {
-            return SECFailure;
-        }
-    }
-
-    memcpy(hashBuf, client_rand, SSL3_RANDOM_LENGTH);
-    pBuf = hashBuf + SSL3_RANDOM_LENGTH;
-    memcpy(pBuf, server_rand, SSL3_RANDOM_LENGTH);
-    pBuf += SSL3_RANDOM_LENGTH;
-    pBuf[0] = (PRUint8)(modulus.len >> 8);
-    pBuf[1] = (PRUint8)(modulus.len);
-    pBuf += 2;
-    memcpy(pBuf, modulus.data, modulus.len);
-    pBuf += modulus.len;
-    pBuf[0] = (PRUint8)(publicExponent.len >> 8);
-    pBuf[1] = (PRUint8)(publicExponent.len);
-    pBuf += 2;
-    memcpy(pBuf, publicExponent.data, publicExponent.len);
-    pBuf += publicExponent.len;
-    PORT_Assert((unsigned int)(pBuf - hashBuf) == bufLen);
-
-    rv = ssl3_ComputeCommonKeyHash(hashAlg, hashBuf, bufLen, hashes,
-                                   bypassPKCS11);
-
-    PRINT_BUF(95, (NULL, "RSAkey hash: ", hashBuf, bufLen));
-    if (hashAlg == ssl_hash_none) {
-        PRINT_BUF(95, (NULL, "RSAkey hash: MD5 result",
-                       hashes->u.s.md5, MD5_LENGTH));
-        PRINT_BUF(95, (NULL, "RSAkey hash: SHA1 result",
-                       hashes->u.s.sha, SHA1_LENGTH));
-    } else {
-        PRINT_BUF(95, (NULL, "RSAkey hash: result",
-                       hashes->u.raw, hashes->len));
-    }
-
-    if (hashBuf != buf && hashBuf != NULL)
-        PORT_Free(hashBuf);
-    return rv;
-}
-
-/* Caller must set hiLevel error code. */
-/* Called from ssl3_HandleServerKeyExchange. */
-static SECStatus
-ssl3_ComputeDHKeyHash(SSLHashType hashAlg,
-                      SECItem dh_p, SECItem dh_g, SECItem dh_Ys,
-                      SSL3Random *client_rand, SSL3Random *server_rand,
-                      SSL3Hashes *hashes, PRBool bypassPKCS11)
-{
-    PRUint8 *hashBuf;
-    PRUint8 *pBuf;
-    SECStatus rv = SECSuccess;
-    unsigned int bufLen;
-    PRUint8 buf[2 * SSL3_RANDOM_LENGTH + 2 + 4096 / 8 + 2 + 4096 / 8];
-
-    bufLen = 2 * SSL3_RANDOM_LENGTH + 2 + dh_p.len + 2 + dh_g.len + 2 + dh_Ys.len;
-    if (bufLen <= sizeof buf) {
-        hashBuf = buf;
-    } else {
-        hashBuf = PORT_Alloc(bufLen);
-        if (!hashBuf) {
-            return SECFailure;
-        }
-    }
-
-    memcpy(hashBuf, client_rand, SSL3_RANDOM_LENGTH);
-    pBuf = hashBuf + SSL3_RANDOM_LENGTH;
-    memcpy(pBuf, server_rand, SSL3_RANDOM_LENGTH);
-    pBuf += SSL3_RANDOM_LENGTH;
-    pBuf[0] = (PRUint8)(dh_p.len >> 8);
-    pBuf[1] = (PRUint8)(dh_p.len);
-    pBuf += 2;
-    memcpy(pBuf, dh_p.data, dh_p.len);
-    pBuf += dh_p.len;
-    pBuf[0] = (PRUint8)(dh_g.len >> 8);
-    pBuf[1] = (PRUint8)(dh_g.len);
-    pBuf += 2;
-    memcpy(pBuf, dh_g.data, dh_g.len);
-    pBuf += dh_g.len;
-    pBuf[0] = (PRUint8)(dh_Ys.len >> 8);
-    pBuf[1] = (PRUint8)(dh_Ys.len);
-    pBuf += 2;
-    memcpy(pBuf, dh_Ys.data, dh_Ys.len);
-    pBuf += dh_Ys.len;
-    PORT_Assert((unsigned int)(pBuf - hashBuf) == bufLen);
-
-    rv = ssl3_ComputeCommonKeyHash(hashAlg, hashBuf, bufLen, hashes,
-                                   bypassPKCS11);
-
-    PRINT_BUF(95, (NULL, "DHkey hash: ", hashBuf, bufLen));
-    if (hashAlg == ssl_hash_none) {
-        PRINT_BUF(95, (NULL, "DHkey hash: MD5 result",
-                       hashes->u.s.md5, MD5_LENGTH));
-        PRINT_BUF(95, (NULL, "DHkey hash: SHA1 result",
-                       hashes->u.s.sha, SHA1_LENGTH));
-    } else {
-        PRINT_BUF(95, (NULL, "DHkey hash: result",
-                       hashes->u.raw, hashes->len));
-    }
-
-    if (hashBuf != buf && hashBuf != NULL)
-        PORT_Free(hashBuf);
-    return rv;
-}
-
-void
-ssl3_BumpSequenceNumber(SSL3SequenceNumber *num)
-{
-    num->low++;
-    if (num->low == 0)
-        num->high++;
-}
-
-/* Called twice, only from ssl3_DestroyCipherSpec (immediately below). */
-static void
-ssl3_CleanupKeyMaterial(ssl3KeyMaterial *mat)
-{
-    if (mat->write_key != NULL) {
-        PK11_FreeSymKey(mat->write_key);
-        mat->write_key = NULL;
-    }
-    if (mat->write_mac_key != NULL) {
-        PK11_FreeSymKey(mat->write_mac_key);
-        mat->write_mac_key = NULL;
-    }
-    if (mat->write_mac_context != NULL) {
-        PK11_DestroyContext(mat->write_mac_context, PR_TRUE);
-        mat->write_mac_context = NULL;
-    }
-}
-
-/* Called from ssl3_SendChangeCipherSpecs() and
-**         ssl3_HandleChangeCipherSpecs()
-**             ssl3_DestroySSL3Info
-** Caller must hold SpecWriteLock.
-*/
-void
-ssl3_DestroyCipherSpec(ssl3CipherSpec *spec, PRBool freeSrvName)
-{
-    PRBool freeit = (PRBool)(!spec->bypassCiphers);
-    /*  PORT_Assert( ss->opt.noLocks || ssl_HaveSpecWriteLock(ss)); Don't have ss! */
-    if (spec->destroy) {
-        spec->destroy(spec->encodeContext, freeit);
-        spec->destroy(spec->decodeContext, freeit);
-        spec->encodeContext = NULL; /* paranoia */
-        spec->decodeContext = NULL;
-    }
-    if (spec->destroyCompressContext && spec->compressContext) {
-        spec->destroyCompressContext(spec->compressContext, 1);
-        spec->compressContext = NULL;
-    }
-    if (spec->destroyDecompressContext && spec->decompressContext) {
-        spec->destroyDecompressContext(spec->decompressContext, 1);
-        spec->decompressContext = NULL;
-    }
-    if (freeSrvName && spec->srvVirtName.data) {
-        SECITEM_FreeItem(&spec->srvVirtName, PR_FALSE);
-    }
-    if (spec->master_secret != NULL) {
-        PK11_FreeSymKey(spec->master_secret);
-        spec->master_secret = NULL;
-    }
-    spec->msItem.data = NULL;
-    spec->msItem.len = 0;
-    ssl3_CleanupKeyMaterial(&spec->client);
-    ssl3_CleanupKeyMaterial(&spec->server);
-    spec->bypassCiphers = PR_FALSE;
-    spec->destroy = NULL;
-    spec->destroyCompressContext = NULL;
-    spec->destroyDecompressContext = NULL;
-}
-
-/* Fill in the pending cipher spec with info from the selected ciphersuite.
-** This is as much initialization as we can do without having key material.
-** Called from ssl3_HandleServerHello(), ssl3_SendServerHello()
-** Caller must hold the ssl3 handshake lock.
-** Acquires & releases SpecWriteLock.
-*/
-SECStatus
-ssl3_SetupPendingCipherSpec(sslSocket *ss)
-{
-    ssl3CipherSpec *pwSpec;
-    ssl3CipherSpec *cwSpec;
-    ssl3CipherSuite suite = ss->ssl3.hs.cipher_suite;
-    SSL3MACAlgorithm mac;
-    SSL3BulkCipher cipher;
-    SSL3KeyExchangeAlgorithm kea;
-    const ssl3CipherSuiteDef *suite_def;
-    PRBool isTLS;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    ssl_GetSpecWriteLock(ss); /*******************************/
-
-    pwSpec = ss->ssl3.pwSpec;
-    PORT_Assert(pwSpec == ss->ssl3.prSpec);
-
-    /* This hack provides maximal interoperability with SSL 3 servers. */
-    cwSpec = ss->ssl3.cwSpec;
-    if (cwSpec->mac_def->mac == mac_null) {
-        /* SSL records are not being MACed. */
-        cwSpec->version = ss->version;
-    }
-
-    pwSpec->version = ss->version;
-    isTLS = (PRBool)(pwSpec->version > SSL_LIBRARY_VERSION_3_0);
-
-    SSL_TRC(3, ("%d: SSL3[%d]: Set XXX Pending Cipher Suite to 0x%04x",
-                SSL_GETPID(), ss->fd, suite));
-
-    suite_def = ssl_LookupCipherSuiteDef(suite);
-    if (suite_def == NULL) {
-        ssl_ReleaseSpecWriteLock(ss);
-        return SECFailure; /* error code set by ssl_LookupCipherSuiteDef */
-    }
-
-    if (IS_DTLS(ss)) {
-        /* Double-check that we did not pick an RC4 suite */
-        PORT_Assert((suite_def->bulk_cipher_alg != cipher_rc4) &&
-                    (suite_def->bulk_cipher_alg != cipher_rc4_40) &&
-                    (suite_def->bulk_cipher_alg != cipher_rc4_56));
-    }
-
-    cipher = suite_def->bulk_cipher_alg;
-    kea = suite_def->key_exchange_alg;
-    mac = suite_def->mac_alg;
-    if (mac <= ssl_mac_sha && mac != ssl_mac_null && isTLS)
-        mac += 2;
-
-    ss->ssl3.hs.suite_def = suite_def;
-    ss->ssl3.hs.kea_def = &kea_defs[kea];
-    PORT_Assert(ss->ssl3.hs.kea_def->kea == kea);
-
-    pwSpec->cipher_def = &bulk_cipher_defs[cipher];
-    PORT_Assert(pwSpec->cipher_def->cipher == cipher);
-
-    pwSpec->mac_def = &mac_defs[mac];
-    PORT_Assert(pwSpec->mac_def->mac == mac);
-
-    ss->sec.keyBits = pwSpec->cipher_def->key_size * BPB;
-    ss->sec.secretKeyBits = pwSpec->cipher_def->secret_key_size * BPB;
-    ss->sec.cipherType = cipher;
-
-    pwSpec->encodeContext = NULL;
-    pwSpec->decodeContext = NULL;
-
-    pwSpec->mac_size = pwSpec->mac_def->mac_size;
-
-    pwSpec->compression_method = ss->ssl3.hs.compression;
-    pwSpec->compressContext = NULL;
-    pwSpec->decompressContext = NULL;
-
-    if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
-        PORT_Assert(ss->ssl3.hs.kea_def->ephemeral);
-        PORT_Assert(pwSpec->cipher_def->type == type_aead);
-    }
-    ssl_ReleaseSpecWriteLock(ss); /*******************************/
-    return SECSuccess;
-}
-
-#ifdef NSS_SSL_ENABLE_ZLIB
-#define SSL3_DEFLATE_CONTEXT_SIZE sizeof(z_stream)
-
-static SECStatus
-ssl3_MapZlibError(int zlib_error)
-{
-    switch (zlib_error) {
-        case Z_OK:
-            return SECSuccess;
-        default:
-            return SECFailure;
-    }
-}
-
-static SECStatus
-ssl3_DeflateInit(void *void_context)
-{
-    z_stream *context = void_context;
-    context->zalloc = NULL;
-    context->zfree = NULL;
-    context->opaque = NULL;
-
-    return ssl3_MapZlibError(deflateInit(context, Z_DEFAULT_COMPRESSION));
-}
-
-static SECStatus
-ssl3_InflateInit(void *void_context)
-{
-    z_stream *context = void_context;
-    context->zalloc = NULL;
-    context->zfree = NULL;
-    context->opaque = NULL;
-    context->next_in = NULL;
-    context->avail_in = 0;
-
-    return ssl3_MapZlibError(inflateInit(context));
-}
-
-static SECStatus
-ssl3_DeflateCompress(void *void_context, unsigned char *out, int *out_len,
-                     int maxout, const unsigned char *in, int inlen)
-{
-    z_stream *context = void_context;
-
-    if (!inlen) {
-        *out_len = 0;
-        return SECSuccess;
-    }
-
-    context->next_in = (unsigned char *)in;
-    context->avail_in = inlen;
-    context->next_out = out;
-    context->avail_out = maxout;
-    if (deflate(context, Z_SYNC_FLUSH) != Z_OK) {
-        return SECFailure;
-    }
-    if (context->avail_out == 0) {
-        /* We ran out of space! */
-        SSL_TRC(3, ("%d: SSL3[%d] Ran out of buffer while compressing",
-                    SSL_GETPID()));
-        return SECFailure;
-    }
-
-    *out_len = maxout - context->avail_out;
-    return SECSuccess;
-}
-
-static SECStatus
-ssl3_DeflateDecompress(void *void_context, unsigned char *out, int *out_len,
-                       int maxout, const unsigned char *in, int inlen)
-{
-    z_stream *context = void_context;
-
-    if (!inlen) {
-        *out_len = 0;
-        return SECSuccess;
-    }
-
-    context->next_in = (unsigned char *)in;
-    context->avail_in = inlen;
-    context->next_out = out;
-    context->avail_out = maxout;
-    if (inflate(context, Z_SYNC_FLUSH) != Z_OK) {
-        PORT_SetError(SSL_ERROR_DECOMPRESSION_FAILURE);
-        return SECFailure;
-    }
-
-    *out_len = maxout - context->avail_out;
-    return SECSuccess;
-}
-
-static SECStatus
-ssl3_DestroyCompressContext(void *void_context, PRBool unused)
-{
-    deflateEnd(void_context);
-    PORT_Free(void_context);
-    return SECSuccess;
-}
-
-static SECStatus
-ssl3_DestroyDecompressContext(void *void_context, PRBool unused)
-{
-    inflateEnd(void_context);
-    PORT_Free(void_context);
-    return SECSuccess;
-}
-
-#endif /* NSS_SSL_ENABLE_ZLIB */
-
-/* Initialize the compression functions and contexts for the given
- * CipherSpec.  */
-static SECStatus
-ssl3_InitCompressionContext(ssl3CipherSpec *pwSpec)
-{
-    /* Setup the compression functions */
-    switch (pwSpec->compression_method) {
-        case ssl_compression_null:
-            pwSpec->compressor = NULL;
-            pwSpec->decompressor = NULL;
-            pwSpec->compressContext = NULL;
-            pwSpec->decompressContext = NULL;
-            pwSpec->destroyCompressContext = NULL;
-            pwSpec->destroyDecompressContext = NULL;
-            break;
-#ifdef NSS_SSL_ENABLE_ZLIB
-        case ssl_compression_deflate:
-            pwSpec->compressor = ssl3_DeflateCompress;
-            pwSpec->decompressor = ssl3_DeflateDecompress;
-            pwSpec->compressContext = PORT_Alloc(SSL3_DEFLATE_CONTEXT_SIZE);
-            pwSpec->decompressContext = PORT_Alloc(SSL3_DEFLATE_CONTEXT_SIZE);
-            pwSpec->destroyCompressContext = ssl3_DestroyCompressContext;
-            pwSpec->destroyDecompressContext = ssl3_DestroyDecompressContext;
-            ssl3_DeflateInit(pwSpec->compressContext);
-            ssl3_InflateInit(pwSpec->decompressContext);
-            break;
-#endif /* NSS_SSL_ENABLE_ZLIB */
-        default:
-            PORT_Assert(0);
-            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-            return SECFailure;
-    }
-
-    return SECSuccess;
-}
-
-#ifndef NO_PKCS11_BYPASS
-/* Initialize encryption contexts for pending spec.
- * MAC contexts are set up when computing the mac, not here.
- * Master Secret already is derived in spec->msItem
- * Caller holds Spec write lock.
- */
-static SECStatus
-ssl3_InitPendingContextsBypass(sslSocket *ss)
-{
-    ssl3CipherSpec *pwSpec;
-    const ssl3BulkCipherDef *cipher_def;
-    void *serverContext = NULL;
-    void *clientContext = NULL;
-    BLapiInitContextFunc initFn = (BLapiInitContextFunc)NULL;
-    int mode = 0;
-    unsigned int optArg1 = 0;
-    unsigned int optArg2 = 0;
-    PRBool server_encrypts = ss->sec.isServer;
-    SSLCipherAlgorithm calg;
-    SECStatus rv;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSpecWriteLock(ss));
-    PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec);
-
-    pwSpec = ss->ssl3.pwSpec;
-    cipher_def = pwSpec->cipher_def;
-
-    calg = cipher_def->calg;
-
-    if (calg == ssl_calg_aes_gcm) {
-        pwSpec->encode = NULL;
-        pwSpec->decode = NULL;
-        pwSpec->destroy = NULL;
-        pwSpec->encodeContext = NULL;
-        pwSpec->decodeContext = NULL;
-        pwSpec->aead = ssl3_AESGCMBypass;
-        ssl3_InitCompressionContext(pwSpec);
-        return SECSuccess;
-    }
-
-    serverContext = pwSpec->server.cipher_context;
-    clientContext = pwSpec->client.cipher_context;
-
-    switch (calg) {
-        case ssl_calg_null:
-            pwSpec->encode = Null_Cipher;
-            pwSpec->decode = Null_Cipher;
-            pwSpec->destroy = NULL;
-            goto success;
-
-        case ssl_calg_rc4:
-            initFn = (BLapiInitContextFunc)RC4_InitContext;
-            pwSpec->encode = (SSLCipher)RC4_Encrypt;
-            pwSpec->decode = (SSLCipher)RC4_Decrypt;
-            pwSpec->destroy = (SSLDestroy)RC4_DestroyContext;
-            break;
-        case ssl_calg_rc2:
-            initFn = (BLapiInitContextFunc)RC2_InitContext;
-            mode = NSS_RC2_CBC;
-            optArg1 = cipher_def->key_size;
-            pwSpec->encode = (SSLCipher)RC2_Encrypt;
-            pwSpec->decode = (SSLCipher)RC2_Decrypt;
-            pwSpec->destroy = (SSLDestroy)RC2_DestroyContext;
-            break;
-        case ssl_calg_des:
-            initFn = (BLapiInitContextFunc)DES_InitContext;
-            mode = NSS_DES_CBC;
-            optArg1 = server_encrypts;
-            pwSpec->encode = (SSLCipher)DES_Encrypt;
-            pwSpec->decode = (SSLCipher)DES_Decrypt;
-            pwSpec->destroy = (SSLDestroy)DES_DestroyContext;
-            break;
-        case ssl_calg_3des:
-            initFn = (BLapiInitContextFunc)DES_InitContext;
-            mode = NSS_DES_EDE3_CBC;
-            optArg1 = server_encrypts;
-            pwSpec->encode = (SSLCipher)DES_Encrypt;
-            pwSpec->decode = (SSLCipher)DES_Decrypt;
-            pwSpec->destroy = (SSLDestroy)DES_DestroyContext;
-            break;
-        case ssl_calg_aes:
-            initFn = (BLapiInitContextFunc)AES_InitContext;
-            mode = NSS_AES_CBC;
-            optArg1 = server_encrypts;
-            optArg2 = AES_BLOCK_SIZE;
-            pwSpec->encode = (SSLCipher)AES_Encrypt;
-            pwSpec->decode = (SSLCipher)AES_Decrypt;
-            pwSpec->destroy = (SSLDestroy)AES_DestroyContext;
-            break;
-
-        case ssl_calg_camellia:
-            initFn = (BLapiInitContextFunc)Camellia_InitContext;
-            mode = NSS_CAMELLIA_CBC;
-            optArg1 = server_encrypts;
-            optArg2 = CAMELLIA_BLOCK_SIZE;
-            pwSpec->encode = (SSLCipher)Camellia_Encrypt;
-            pwSpec->decode = (SSLCipher)Camellia_Decrypt;
-            pwSpec->destroy = (SSLDestroy)Camellia_DestroyContext;
-            break;
-
-        case ssl_calg_seed:
-            initFn = (BLapiInitContextFunc)SEED_InitContext;
-            mode = NSS_SEED_CBC;
-            optArg1 = server_encrypts;
-            optArg2 = SEED_BLOCK_SIZE;
-            pwSpec->encode = (SSLCipher)SEED_Encrypt;
-            pwSpec->decode = (SSLCipher)SEED_Decrypt;
-            pwSpec->destroy = (SSLDestroy)SEED_DestroyContext;
-            break;
-
-        case ssl_calg_idea:
-        case ssl_calg_fortezza:
-        default:
-            PORT_Assert(0);
-            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-            goto bail_out;
-    }
-    rv = (*initFn)(serverContext,
-                   pwSpec->server.write_key_item.data,
-                   pwSpec->server.write_key_item.len,
-                   pwSpec->server.write_iv_item.data,
-                   mode, optArg1, optArg2);
-    if (rv != SECSuccess) {
-        PORT_Assert(0);
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        goto bail_out;
-    }
-
-    switch (calg) {
-        case ssl_calg_des:
-        case ssl_calg_3des:
-        case ssl_calg_aes:
-        case ssl_calg_camellia:
-        case ssl_calg_seed:
-            /* For block ciphers, if the server is encrypting, then the client
-             * is decrypting, and vice versa.
-             */
-            optArg1 = !optArg1;
-            break;
-        /* kill warnings. */
-        case ssl_calg_null:
-        case ssl_calg_rc4:
-        case ssl_calg_rc2:
-        case ssl_calg_idea:
-        case ssl_calg_fortezza:
-        case ssl_calg_aes_gcm:
-        case ssl_calg_chacha20:
-            break;
-    }
-
-    rv = (*initFn)(clientContext,
-                   pwSpec->client.write_key_item.data,
-                   pwSpec->client.write_key_item.len,
-                   pwSpec->client.write_iv_item.data,
-                   mode, optArg1, optArg2);
-    if (rv != SECSuccess) {
-        PORT_Assert(0);
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        goto bail_out;
-    }
-
-    pwSpec->encodeContext = (ss->sec.isServer) ? serverContext : clientContext;
-    pwSpec->decodeContext = (ss->sec.isServer) ? clientContext : serverContext;
-
-    ssl3_InitCompressionContext(pwSpec);
-
-success:
-    return SECSuccess;
-
-bail_out:
-    return SECFailure;
-}
-#endif
-
-/* This function should probably be moved to pk11wrap and be named
- * PK11_ParamFromIVAndEffectiveKeyBits
- */
-static SECItem *
-ssl3_ParamFromIV(CK_MECHANISM_TYPE mtype, SECItem *iv, CK_ULONG ulEffectiveBits)
-{
-    SECItem *param = PK11_ParamFromIV(mtype, iv);
-    if (param && param->data && param->len >= sizeof(CK_RC2_PARAMS)) {
-        switch (mtype) {
-            case CKM_RC2_KEY_GEN:
-            case CKM_RC2_ECB:
-            case CKM_RC2_CBC:
-            case CKM_RC2_MAC:
-            case CKM_RC2_MAC_GENERAL:
-            case CKM_RC2_CBC_PAD:
-                *(CK_RC2_PARAMS *)param->data = ulEffectiveBits;
-            default:
-                break;
-        }
-    }
-    return param;
-}
-
-/* ssl3_BuildRecordPseudoHeader writes the SSL/TLS pseudo-header (the data
- * which is included in the MAC or AEAD additional data) to |out| and returns
- * its length. See https://tools.ietf.org/html/rfc5246#section-6.2.3.3 for the
- * definition of the AEAD additional data.
- *
- * TLS pseudo-header includes the record's version field, SSL's doesn't. Which
- * pseudo-header defintiion to use should be decided based on the version of
- * the protocol that was negotiated when the cipher spec became current, NOT
- * based on the version value in the record itself, and the decision is passed
- * to this function as the |includesVersion| argument. But, the |version|
- * argument should be the record's version value.
- */
-static unsigned int
-ssl3_BuildRecordPseudoHeader(unsigned char *out,
-                             SSL3SequenceNumber seq_num,
-                             SSL3ContentType type,
-                             PRBool includesVersion,
-                             SSL3ProtocolVersion version,
-                             PRBool isDTLS,
-                             int length)
-{
-    out[0] = (unsigned char)(seq_num.high >> 24);
-    out[1] = (unsigned char)(seq_num.high >> 16);
-    out[2] = (unsigned char)(seq_num.high >> 8);
-    out[3] = (unsigned char)(seq_num.high >> 0);
-    out[4] = (unsigned char)(seq_num.low >> 24);
-    out[5] = (unsigned char)(seq_num.low >> 16);
-    out[6] = (unsigned char)(seq_num.low >> 8);
-    out[7] = (unsigned char)(seq_num.low >> 0);
-    out[8] = type;
-
-    /* SSL3 MAC doesn't include the record's version field. */
-    if (!includesVersion) {
-        out[9] = MSB(length);
-        out[10] = LSB(length);
-        return 11;
-    }
-
-    /* TLS MAC and AEAD additional data include version. */
-    if (isDTLS) {
-        SSL3ProtocolVersion dtls_version;
-
-        dtls_version = dtls_TLSVersionToDTLSVersion(version);
-        out[9] = MSB(dtls_version);
-        out[10] = LSB(dtls_version);
-    } else {
-        out[9] = MSB(version);
-        out[10] = LSB(version);
-    }
-    out[11] = MSB(length);
-    out[12] = LSB(length);
-    return 13;
-}
-
-static SECStatus
-ssl3_AESGCM(ssl3KeyMaterial *keys,
-            PRBool doDecrypt,
-            unsigned char *out,
-            int *outlen,
-            int maxout,
-            const unsigned char *in,
-            int inlen,
-            const unsigned char *additionalData,
-            int additionalDataLen)
-{
-    SECItem param;
-    SECStatus rv = SECFailure;
-    unsigned char nonce[12];
-    unsigned int uOutLen;
-    CK_GCM_PARAMS gcmParams;
-
-    const int tagSize = bulk_cipher_defs[cipher_aes_128_gcm].tag_size;
-    const int explicitNonceLen =
-        bulk_cipher_defs[cipher_aes_128_gcm].explicit_nonce_size;
-
-    /* See https://tools.ietf.org/html/rfc5288#section-3 for details of how the
-     * nonce is formed. */
-    memcpy(nonce, keys->write_iv, 4);
-    if (doDecrypt) {
-        memcpy(nonce + 4, in, explicitNonceLen);
-        in += explicitNonceLen;
-        inlen -= explicitNonceLen;
-        *outlen = 0;
-    } else {
-        if (maxout < explicitNonceLen) {
-            PORT_SetError(SEC_ERROR_INPUT_LEN);
-            return SECFailure;
-        }
-        /* Use the 64-bit sequence number as the explicit nonce. */
-        memcpy(nonce + 4, additionalData, explicitNonceLen);
-        memcpy(out, additionalData, explicitNonceLen);
-        out += explicitNonceLen;
-        maxout -= explicitNonceLen;
-        *outlen = explicitNonceLen;
-    }
-
-    param.type = siBuffer;
-    param.data = (unsigned char *)&gcmParams;
-    param.len = sizeof(gcmParams);
-    gcmParams.pIv = nonce;
-    gcmParams.ulIvLen = sizeof(nonce);
-    gcmParams.pAAD = (unsigned char *)additionalData; /* const cast */
-    gcmParams.ulAADLen = additionalDataLen;
-    gcmParams.ulTagBits = tagSize * 8;
-
-    if (doDecrypt) {
-        rv = PK11_Decrypt(keys->write_key, CKM_AES_GCM, &param, out, &uOutLen,
-                          maxout, in, inlen);
-    } else {
-        rv = PK11_Encrypt(keys->write_key, CKM_AES_GCM, &param, out, &uOutLen,
-                          maxout, in, inlen);
-    }
-    *outlen += (int)uOutLen;
-
-    return rv;
-}
-
-#ifndef NO_PKCS11_BYPASS
-static SECStatus
-ssl3_AESGCMBypass(ssl3KeyMaterial *keys,
-                  PRBool doDecrypt,
-                  unsigned char *out,
-                  int *outlen,
-                  int maxout,
-                  const unsigned char *in,
-                  int inlen,
-                  const unsigned char *additionalData,
-                  int additionalDataLen)
-{
-    SECStatus rv = SECFailure;
-    unsigned char nonce[12];
-    unsigned int uOutLen;
-    AESContext *cx;
-    CK_GCM_PARAMS gcmParams;
-
-    const int tagSize = bulk_cipher_defs[cipher_aes_128_gcm].tag_size;
-    const int explicitNonceLen =
-        bulk_cipher_defs[cipher_aes_128_gcm].explicit_nonce_size;
-
-    /* See https://tools.ietf.org/html/rfc5288#section-3 for details of how the
-     * nonce is formed. */
-    PORT_Assert(keys->write_iv_item.len == 4);
-    if (keys->write_iv_item.len != 4) {
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        return SECFailure;
-    }
-    memcpy(nonce, keys->write_iv_item.data, 4);
-    if (doDecrypt) {
-        memcpy(nonce + 4, in, explicitNonceLen);
-        in += explicitNonceLen;
-        inlen -= explicitNonceLen;
-        *outlen = 0;
-    } else {
-        if (maxout < explicitNonceLen) {
-            PORT_SetError(SEC_ERROR_INPUT_LEN);
-            return SECFailure;
-        }
-        /* Use the 64-bit sequence number as the explicit nonce. */
-        memcpy(nonce + 4, additionalData, explicitNonceLen);
-        memcpy(out, additionalData, explicitNonceLen);
-        out += explicitNonceLen;
-        maxout -= explicitNonceLen;
-        *outlen = explicitNonceLen;
-    }
-
-    gcmParams.pIv = nonce;
-    gcmParams.ulIvLen = sizeof(nonce);
-    gcmParams.pAAD = (unsigned char *)additionalData; /* const cast */
-    gcmParams.ulAADLen = additionalDataLen;
-    gcmParams.ulTagBits = tagSize * 8;
-
-    cx = (AESContext *)keys->cipher_context;
-    rv = AES_InitContext(cx, keys->write_key_item.data,
-                         keys->write_key_item.len,
-                         (unsigned char *)&gcmParams, NSS_AES_GCM, !doDecrypt,
-                         AES_BLOCK_SIZE);
-    if (rv != SECSuccess) {
-        return rv;
-    }
-    if (doDecrypt) {
-        rv = AES_Decrypt(cx, out, &uOutLen, maxout, in, inlen);
-    } else {
-        rv = AES_Encrypt(cx, out, &uOutLen, maxout, in, inlen);
-    }
-    AES_DestroyContext(cx, PR_FALSE);
-    *outlen += (int)uOutLen;
-
-    return rv;
-}
-#endif
-
-static SECStatus
-ssl3_ChaCha20Poly1305(ssl3KeyMaterial *keys, PRBool doDecrypt,
-                      unsigned char *out, int *outlen, int maxout,
-                      const unsigned char *in, int inlen,
-                      const unsigned char *additionalData,
-                      int additionalDataLen)
-{
-    size_t i;
-    SECItem param;
-    SECStatus rv = SECFailure;
-    unsigned int uOutLen;
-    unsigned char nonce[12];
-    CK_NSS_AEAD_PARAMS aeadParams;
-
-    const int tagSize = bulk_cipher_defs[cipher_chacha20].tag_size;
-
-    /* See
-     * https://tools.ietf.org/html/draft-ietf-tls-chacha20-poly1305-04#section-2
-     * for details of how the nonce is formed. */
-    PORT_Memcpy(nonce, keys->write_iv, 12);
-
-    /* XOR the last 8 bytes of the IV with the sequence number. */
-    PORT_Assert(additionalDataLen >= 8);
-    for (i = 0; i < 8; ++i) {
-        nonce[4 + i] ^= additionalData[i];
-    }
-
-    param.type = siBuffer;
-    param.len = sizeof(aeadParams);
-    param.data = (unsigned char *)&aeadParams;
-    memset(&aeadParams, 0, sizeof(aeadParams));
-    aeadParams.pNonce = nonce;
-    aeadParams.ulNonceLen = sizeof(nonce);
-    aeadParams.pAAD = (unsigned char *)additionalData;
-    aeadParams.ulAADLen = additionalDataLen;
-    aeadParams.ulTagLen = tagSize;
-
-    if (doDecrypt) {
-        rv = PK11_Decrypt(keys->write_key, CKM_NSS_CHACHA20_POLY1305, &param,
-                          out, &uOutLen, maxout, in, inlen);
-    } else {
-        rv = PK11_Encrypt(keys->write_key, CKM_NSS_CHACHA20_POLY1305, &param,
-                          out, &uOutLen, maxout, in, inlen);
-    }
-    *outlen = (int)uOutLen;
-
-    return rv;
-}
-
-/* Initialize encryption and MAC contexts for pending spec.
- * Master Secret already is derived.
- * Caller holds Spec write lock.
- */
-static SECStatus
-ssl3_InitPendingContextsPKCS11(sslSocket *ss)
-{
-    ssl3CipherSpec *pwSpec;
-    const ssl3BulkCipherDef *cipher_def;
-    PK11Context *serverContext = NULL;
-    PK11Context *clientContext = NULL;
-    SECItem *param;
-    CK_MECHANISM_TYPE mechanism;
-    CK_MECHANISM_TYPE mac_mech;
-    CK_ULONG macLength;
-    CK_ULONG effKeyBits;
-    SECItem iv;
-    SECItem mac_param;
-    SSLCipherAlgorithm calg;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSpecWriteLock(ss));
-    PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec);
-
-    pwSpec = ss->ssl3.pwSpec;
-    cipher_def = pwSpec->cipher_def;
-    macLength = pwSpec->mac_size;
-    calg = cipher_def->calg;
-    PORT_Assert(alg2Mech[calg].calg == calg);
-
-    pwSpec->client.write_mac_context = NULL;
-    pwSpec->server.write_mac_context = NULL;
-
-    if (cipher_def->type == type_aead) {
-        pwSpec->encode = NULL;
-        pwSpec->decode = NULL;
-        pwSpec->destroy = NULL;
-        pwSpec->encodeContext = NULL;
-        pwSpec->decodeContext = NULL;
-        switch (calg) {
-            case calg_aes_gcm:
-                pwSpec->aead = ssl3_AESGCM;
-                break;
-            case calg_chacha20:
-                pwSpec->aead = ssl3_ChaCha20Poly1305;
-                break;
-            default:
-                PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-                return SECFailure;
-        }
-        return SECSuccess;
-    }
-
-    /*
-    ** Now setup the MAC contexts,
-    **   crypto contexts are setup below.
-    */
-
-    mac_mech = pwSpec->mac_def->mmech;
-    mac_param.data = (unsigned char *)&macLength;
-    mac_param.len = sizeof(macLength);
-    mac_param.type = 0;
-
-    pwSpec->client.write_mac_context = PK11_CreateContextBySymKey(
-        mac_mech, CKA_SIGN, pwSpec->client.write_mac_key, &mac_param);
-    if (pwSpec->client.write_mac_context == NULL) {
-        ssl_MapLowLevelError(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE);
-        goto fail;
-    }
-    pwSpec->server.write_mac_context = PK11_CreateContextBySymKey(
-        mac_mech, CKA_SIGN, pwSpec->server.write_mac_key, &mac_param);
-    if (pwSpec->server.write_mac_context == NULL) {
-        ssl_MapLowLevelError(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE);
-        goto fail;
-    }
-
-    /*
-    ** Now setup the crypto contexts.
-    */
-
-    if (calg == calg_null) {
-        pwSpec->encode = Null_Cipher;
-        pwSpec->decode = Null_Cipher;
-        pwSpec->destroy = NULL;
-        return SECSuccess;
-    }
-    mechanism = ssl3_Alg2Mech(calg);
-    effKeyBits = cipher_def->key_size * BPB;
-
-    /*
-     * build the server context
-     */
-    iv.data = pwSpec->server.write_iv;
-    iv.len = cipher_def->iv_size;
-    param = ssl3_ParamFromIV(mechanism, &iv, effKeyBits);
-    if (param == NULL) {
-        ssl_MapLowLevelError(SSL_ERROR_IV_PARAM_FAILURE);
-        goto fail;
-    }
-    serverContext = PK11_CreateContextBySymKey(mechanism,
-                                               (ss->sec.isServer ? CKA_ENCRYPT
-                                                                 : CKA_DECRYPT),
-                                               pwSpec->server.write_key, param);
-    iv.data = PK11_IVFromParam(mechanism, param, (int *)&iv.len);
-    if (iv.data)
-        PORT_Memcpy(pwSpec->server.write_iv, iv.data, iv.len);
-    SECITEM_FreeItem(param, PR_TRUE);
-    if (serverContext == NULL) {
-        ssl_MapLowLevelError(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE);
-        goto fail;
-    }
-
-    /*
-     * build the client context
-     */
-    iv.data = pwSpec->client.write_iv;
-    iv.len = cipher_def->iv_size;
-
-    param = ssl3_ParamFromIV(mechanism, &iv, effKeyBits);
-    if (param == NULL) {
-        ssl_MapLowLevelError(SSL_ERROR_IV_PARAM_FAILURE);
-        goto fail;
-    }
-    clientContext = PK11_CreateContextBySymKey(mechanism,
-                                               (ss->sec.isServer ? CKA_DECRYPT
-                                                                 : CKA_ENCRYPT),
-                                               pwSpec->client.write_key, param);
-    iv.data = PK11_IVFromParam(mechanism, param, (int *)&iv.len);
-    if (iv.data)
-        PORT_Memcpy(pwSpec->client.write_iv, iv.data, iv.len);
-    SECITEM_FreeItem(param, PR_TRUE);
-    if (clientContext == NULL) {
-        ssl_MapLowLevelError(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE);
-        goto fail;
-    }
-    pwSpec->encode = (SSLCipher)PK11_CipherOp;
-    pwSpec->decode = (SSLCipher)PK11_CipherOp;
-    pwSpec->destroy = (SSLDestroy)PK11_DestroyContext;
-
-    pwSpec->encodeContext = (ss->sec.isServer) ? serverContext : clientContext;
-    pwSpec->decodeContext = (ss->sec.isServer) ? clientContext : serverContext;
-
-    serverContext = NULL;
-    clientContext = NULL;
-
-    ssl3_InitCompressionContext(pwSpec);
-
-    return SECSuccess;
-
-fail:
-    if (serverContext != NULL)
-        PK11_DestroyContext(serverContext, PR_TRUE);
-    if (clientContext != NULL)
-        PK11_DestroyContext(clientContext, PR_TRUE);
-    if (pwSpec->client.write_mac_context != NULL) {
-        PK11_DestroyContext(pwSpec->client.write_mac_context, PR_TRUE);
-        pwSpec->client.write_mac_context = NULL;
-    }
-    if (pwSpec->server.write_mac_context != NULL) {
-        PK11_DestroyContext(pwSpec->server.write_mac_context, PR_TRUE);
-        pwSpec->server.write_mac_context = NULL;
-    }
-
-    return SECFailure;
-}
-
-#ifndef NO_PKCS11_BYPASS
-/* Returns whether we can bypass PKCS#11 for a given cipher algorithm.
- *
- * We do not support PKCS#11 bypass for ChaCha20/Poly1305.
- */
-static PRBool
-ssl3_CanBypassCipher(SSLCipherAlgorithm calg)
-{
-    switch (calg) {
-        case calg_chacha20:
-            return PR_FALSE;
-        default:
-            return PR_TRUE;
-    }
-}
-#endif
-
-/* Complete the initialization of all keys, ciphers, MACs and their contexts
- * for the pending Cipher Spec.
- * Called from: ssl3_SendClientKeyExchange  (for Full handshake)
- *              ssl3_HandleRSAClientKeyExchange (for Full handshake)
- *              ssl3_HandleServerHello      (for session restart)
- *              ssl3_HandleClientHello      (for session restart)
- * Sets error code, but caller probably should override to disambiguate.
- * NULL pms means re-use old master_secret.
- *
- *  This code is common to the bypass and PKCS11 execution paths. For
- *  the bypass case, pms is NULL. If the old master secret is reused,
- *  pms is NULL and the master secret is already in either
- *  pwSpec->msItem.len (the bypass case) or pwSpec->master_secret.
- *
- * For the bypass case,  pms is NULL.
- */
-SECStatus
-ssl3_InitPendingCipherSpec(sslSocket *ss, PK11SymKey *pms)
-{
-    ssl3CipherSpec *pwSpec;
-    ssl3CipherSpec *cwSpec;
-    SECStatus rv;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    ssl_GetSpecWriteLock(ss); /**************************************/
-
-    PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec);
-
-    pwSpec = ss->ssl3.pwSpec;
-    cwSpec = ss->ssl3.cwSpec;
-
-    if (pms || (!pwSpec->msItem.len && !pwSpec->master_secret)) {
-        rv = ssl3_DeriveMasterSecret(ss, pms);
-        if (rv != SECSuccess) {
-            goto done; /* err code set by ssl3_DeriveMasterSecret */
-        }
-    }
-#ifndef NO_PKCS11_BYPASS
-    if (ss->opt.bypassPKCS11 && pwSpec->msItem.len && pwSpec->msItem.data &&
-        ssl3_CanBypassCipher(ss->ssl3.pwSpec->cipher_def->calg)) {
-        /* Double Bypass succeeded in extracting the master_secret */
-        const ssl3KEADef *kea_def = ss->ssl3.hs.kea_def;
-        PRBool isTLS = (PRBool)(kea_def->tls_keygen ||
-                                (pwSpec->version > SSL_LIBRARY_VERSION_3_0));
-        pwSpec->bypassCiphers = PR_TRUE;
-        rv = ssl3_KeyAndMacDeriveBypass(pwSpec,
-                                        (const unsigned char *)&ss->ssl3.hs.client_random,
-                                        (const unsigned char *)&ss->ssl3.hs.server_random,
-                                        isTLS,
-                                        (PRBool)(kea_def->is_limited));
-        if (rv == SECSuccess) {
-            rv = ssl3_InitPendingContextsBypass(ss);
-        }
-    } else
-#endif
-        if (pwSpec->master_secret) {
-        rv = ssl3_DeriveConnectionKeysPKCS11(ss);
-        if (rv == SECSuccess) {
-            rv = ssl3_InitPendingContextsPKCS11(ss);
-        }
-    } else {
-        PORT_Assert(pwSpec->master_secret);
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        rv = SECFailure;
-    }
-    if (rv != SECSuccess) {
-        goto done;
-    }
-
-    /* Generic behaviors -- common to all crypto methods */
-    if (!IS_DTLS(ss)) {
-        pwSpec->read_seq_num.high = pwSpec->write_seq_num.high = 0;
-    } else {
-        if (cwSpec->epoch == PR_UINT16_MAX) {
-            /* The problem here is that we have rehandshaked too many
-             * times (you are not allowed to wrap the epoch). The
-             * spec says you should be discarding the connection
-             * and start over, so not much we can do here. */
-            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-            rv = SECFailure;
-            goto done;
-        }
-        /* The sequence number has the high 16 bits as the epoch. */
-        pwSpec->epoch = cwSpec->epoch + 1;
-        pwSpec->read_seq_num.high = pwSpec->write_seq_num.high =
-            pwSpec->epoch << 16;
-
-        dtls_InitRecvdRecords(&pwSpec->recvdRecords);
-    }
-    pwSpec->read_seq_num.low = pwSpec->write_seq_num.low = 0;
-
-done:
-    ssl_ReleaseSpecWriteLock(ss); /******************************/
-    if (rv != SECSuccess)
-        ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
-    return rv;
-}
-
-/*
- * 60 bytes is 3 times the maximum length MAC size that is supported.
- */
-static const unsigned char mac_pad_1[60] = {
-    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
-    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
-    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
-    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
-    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
-    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
-    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
-    0x36, 0x36, 0x36, 0x36
-};
-static const unsigned char mac_pad_2[60] = {
-    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
-    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
-    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
-    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
-    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
-    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
-    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
-    0x5c, 0x5c, 0x5c, 0x5c
-};
-
-/* Called from: ssl3_SendRecord()
-** Caller must already hold the SpecReadLock. (wish we could assert that!)
-*/
-static SECStatus
-ssl3_ComputeRecordMAC(
-    ssl3CipherSpec *spec,
-    PRBool useServerMacKey,
-    const unsigned char *header,
-    unsigned int headerLen,
-    const SSL3Opaque *input,
-    int inputLength,
-    unsigned char *outbuf,
-    unsigned int *outLength)
-{
-    const ssl3MACDef *mac_def;
-    SECStatus rv;
-
-    PRINT_BUF(95, (NULL, "frag hash1: header", header, headerLen));
-    PRINT_BUF(95, (NULL, "frag hash1: input", input, inputLength));
-
-    mac_def = spec->mac_def;
-    if (mac_def->mac == mac_null) {
-        *outLength = 0;
-        return SECSuccess;
-    }
-#ifndef NO_PKCS11_BYPASS
-    if (spec->bypassCiphers) {
-        /* bypass version */
-        const SECHashObject *hashObj = NULL;
-        unsigned int pad_bytes = 0;
-        PRUint64 write_mac_context[MAX_MAC_CONTEXT_LLONGS];
-
-        switch (mac_def->mac) {
-            case ssl_mac_null:
-                *outLength = 0;
-                return SECSuccess;
-            case ssl_mac_md5:
-                pad_bytes = 48;
-                hashObj = HASH_GetRawHashObject(HASH_AlgMD5);
-                break;
-            case ssl_mac_sha:
-                pad_bytes = 40;
-                hashObj = HASH_GetRawHashObject(HASH_AlgSHA1);
-                break;
-            case ssl_hmac_md5: /* used with TLS */
-                hashObj = HASH_GetRawHashObject(HASH_AlgMD5);
-                break;
-            case ssl_hmac_sha: /* used with TLS */
-                hashObj = HASH_GetRawHashObject(HASH_AlgSHA1);
-                break;
-            case ssl_hmac_sha256: /* used with TLS */
-                hashObj = HASH_GetRawHashObject(HASH_AlgSHA256);
-                break;
-            default:
-                break;
-        }
-        if (!hashObj) {
-            PORT_Assert(0);
-            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-            return SECFailure;
-        }
-
-        if (spec->version <= SSL_LIBRARY_VERSION_3_0) {
-            unsigned int tempLen;
-            unsigned char temp[MAX_MAC_LENGTH];
-
-            /* compute "inner" part of SSL3 MAC */
-            hashObj->begin(write_mac_context);
-            if (useServerMacKey)
-                hashObj->update(write_mac_context,
-                                spec->server.write_mac_key_item.data,
-                                spec->server.write_mac_key_item.len);
-            else
-                hashObj->update(write_mac_context,
-                                spec->client.write_mac_key_item.data,
-                                spec->client.write_mac_key_item.len);
-            hashObj->update(write_mac_context, mac_pad_1, pad_bytes);
-            hashObj->update(write_mac_context, header, headerLen);
-            hashObj->update(write_mac_context, input, inputLength);
-            hashObj->end(write_mac_context, temp, &tempLen, sizeof temp);
-
-            /* compute "outer" part of SSL3 MAC */
-            hashObj->begin(write_mac_context);
-            if (useServerMacKey)
-                hashObj->update(write_mac_context,
-                                spec->server.write_mac_key_item.data,
-                                spec->server.write_mac_key_item.len);
-            else
-                hashObj->update(write_mac_context,
-                                spec->client.write_mac_key_item.data,
-                                spec->client.write_mac_key_item.len);
-            hashObj->update(write_mac_context, mac_pad_2, pad_bytes);
-            hashObj->update(write_mac_context, temp, tempLen);
-            hashObj->end(write_mac_context, outbuf, outLength, spec->mac_size);
-            rv = SECSuccess;
-        } else { /* is TLS */
-#define cx ((HMACContext *)write_mac_context)
-            if (useServerMacKey) {
-                rv = HMAC_Init(cx, hashObj,
-                               spec->server.write_mac_key_item.data,
-                               spec->server.write_mac_key_item.len, PR_FALSE);
-            } else {
-                rv = HMAC_Init(cx, hashObj,
-                               spec->client.write_mac_key_item.data,
-                               spec->client.write_mac_key_item.len, PR_FALSE);
-            }
-            if (rv == SECSuccess) {
-                HMAC_Begin(cx);
-                HMAC_Update(cx, header, headerLen);
-                HMAC_Update(cx, input, inputLength);
-                rv = HMAC_Finish(cx, outbuf, outLength, spec->mac_size);
-                HMAC_Destroy(cx, PR_FALSE);
-            }
-#undef cx
-        }
-    } else
-#endif
-    {
-        PK11Context *mac_context =
-            (useServerMacKey ? spec->server.write_mac_context
-                             : spec->client.write_mac_context);
-        rv = PK11_DigestBegin(mac_context);
-        rv |= PK11_DigestOp(mac_context, header, headerLen);
-        rv |= PK11_DigestOp(mac_context, input, inputLength);
-        rv |= PK11_DigestFinal(mac_context, outbuf, outLength, spec->mac_size);
-    }
-
-    PORT_Assert(rv != SECSuccess || *outLength == (unsigned)spec->mac_size);
-
-    PRINT_BUF(95, (NULL, "frag hash2: result", outbuf, *outLength));
-
-    if (rv != SECSuccess) {
-        rv = SECFailure;
-        ssl_MapLowLevelError(SSL_ERROR_MAC_COMPUTATION_FAILURE);
-    }
-    return rv;
-}
-
-/* Called from: ssl3_HandleRecord()
- * Caller must already hold the SpecReadLock. (wish we could assert that!)
- *
- * On entry:
- *   originalLen >= inputLen >= MAC size
-*/
-static SECStatus
-ssl3_ComputeRecordMACConstantTime(
-    ssl3CipherSpec *spec,
-    PRBool useServerMacKey,
-    const unsigned char *header,
-    unsigned int headerLen,
-    const SSL3Opaque *input,
-    int inputLen,
-    int originalLen,
-    unsigned char *outbuf,
-    unsigned int *outLen)
-{
-    CK_MECHANISM_TYPE macType;
-    CK_NSS_MAC_CONSTANT_TIME_PARAMS params;
-    SECItem param, inputItem, outputItem;
-    SECStatus rv;
-    PK11SymKey *key;
-
-    PORT_Assert(inputLen >= spec->mac_size);
-    PORT_Assert(originalLen >= inputLen);
-
-    if (spec->bypassCiphers) {
-        /* This function doesn't support PKCS#11 bypass. We fallback on the
-         * non-constant time version. */
-        goto fallback;
-    }
-
-    if (spec->mac_def->mac == mac_null) {
-        *outLen = 0;
-        return SECSuccess;
-    }
-
-    macType = CKM_NSS_HMAC_CONSTANT_TIME;
-    if (spec->version <= SSL_LIBRARY_VERSION_3_0) {
-        macType = CKM_NSS_SSL3_MAC_CONSTANT_TIME;
-    }
-
-    params.macAlg = spec->mac_def->mmech;
-    params.ulBodyTotalLen = originalLen;
-    params.pHeader = (unsigned char *)header; /* const cast */
-    params.ulHeaderLen = headerLen;
-
-    param.data = (unsigned char *)&params;
-    param.len = sizeof(params);
-    param.type = 0;
-
-    inputItem.data = (unsigned char *)input;
-    inputItem.len = inputLen;
-    inputItem.type = 0;
-
-    outputItem.data = outbuf;
-    outputItem.len = *outLen;
-    outputItem.type = 0;
-
-    key = spec->server.write_mac_key;
-    if (!useServerMacKey) {
-        key = spec->client.write_mac_key;
-    }
-
-    rv = PK11_SignWithSymKey(key, macType, &param, &outputItem, &inputItem);
-    if (rv != SECSuccess) {
-        if (PORT_GetError() == SEC_ERROR_INVALID_ALGORITHM) {
-            goto fallback;
-        }
-
-        *outLen = 0;
-        rv = SECFailure;
-        ssl_MapLowLevelError(SSL_ERROR_MAC_COMPUTATION_FAILURE);
-        return rv;
-    }
-
-    PORT_Assert(outputItem.len == (unsigned)spec->mac_size);
-    *outLen = outputItem.len;
-
-    return rv;
-
-fallback:
-    /* ssl3_ComputeRecordMAC expects the MAC to have been removed from the
-     * length already. */
-    inputLen -= spec->mac_size;
-    return ssl3_ComputeRecordMAC(spec, useServerMacKey, header, headerLen,
-                                 input, inputLen, outbuf, outLen);
-}
-
-static PRBool
-ssl3_ClientAuthTokenPresent(sslSessionID *sid)
-{
-    PK11SlotInfo *slot = NULL;
-    PRBool isPresent = PR_TRUE;
-
-    /* we only care if we are doing client auth */
-    if (!sid || !sid->u.ssl3.clAuthValid) {
-        return PR_TRUE;
-    }
-
-    /* get the slot */
-    slot = SECMOD_LookupSlot(sid->u.ssl3.clAuthModuleID,
-                             sid->u.ssl3.clAuthSlotID);
-    if (slot == NULL ||
-        !PK11_IsPresent(slot) ||
-        sid->u.ssl3.clAuthSeries != PK11_GetSlotSeries(slot) ||
-        sid->u.ssl3.clAuthSlotID != PK11_GetSlotID(slot) ||
-        sid->u.ssl3.clAuthModuleID != PK11_GetModuleID(slot) ||
-        (PK11_NeedLogin(slot) && !PK11_IsLoggedIn(slot, NULL))) {
-        isPresent = PR_FALSE;
-    }
-    if (slot) {
-        PK11_FreeSlot(slot);
-    }
-    return isPresent;
-}
-
-/* Caller must hold the spec read lock. */
-SECStatus
-ssl3_CompressMACEncryptRecord(ssl3CipherSpec *cwSpec,
-                              PRBool isServer,
-                              PRBool isDTLS,
-                              PRBool capRecordVersion,
-                              SSL3ContentType type,
-                              const SSL3Opaque *pIn,
-                              PRUint32 contentLen,
-                              sslBuffer *wrBuf)
-{
-    const ssl3BulkCipherDef *cipher_def;
-    SECStatus rv;
-    PRUint32 macLen = 0;
-    PRUint32 fragLen;
-    PRUint32 p1Len, p2Len, oddLen = 0;
-    PRUint16 headerLen;
-    unsigned int ivLen = 0;
-    int cipherBytes = 0;
-    unsigned char pseudoHeader[13];
-    unsigned int pseudoHeaderLen;
-
-    cipher_def = cwSpec->cipher_def;
-    headerLen = isDTLS ? DTLS_RECORD_HEADER_LENGTH : SSL3_RECORD_HEADER_LENGTH;
-
-    if (cipher_def->type == type_block &&
-        cwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_1) {
-        /* Prepend the per-record explicit IV using technique 2b from
-         * RFC 4346 section 6.2.3.2: The IV is a cryptographically
-         * strong random number XORed with the CBC residue from the previous
-         * record.
-         */
-        ivLen = cipher_def->iv_size;
-        if (ivLen > wrBuf->space - headerLen) {
-            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-            return SECFailure;
-        }
-        rv = PK11_GenerateRandom(wrBuf->buf + headerLen, ivLen);
-        if (rv != SECSuccess) {
-            ssl_MapLowLevelError(SSL_ERROR_GENERATE_RANDOM_FAILURE);
-            return rv;
-        }
-        rv = cwSpec->encode(cwSpec->encodeContext,
-                            wrBuf->buf + headerLen,
-                            &cipherBytes, /* output and actual outLen */
-                            ivLen,        /* max outlen */
-                            wrBuf->buf + headerLen,
-                            ivLen); /* input and inputLen*/
-        if (rv != SECSuccess || cipherBytes != ivLen) {
-            PORT_SetError(SSL_ERROR_ENCRYPTION_FAILURE);
-            return SECFailure;
-        }
-    }
-
-    if (cwSpec->compressor) {
-        int outlen;
-        rv = cwSpec->compressor(
-            cwSpec->compressContext,
-            wrBuf->buf + headerLen + ivLen, &outlen,
-            wrBuf->space - headerLen - ivLen, pIn, contentLen);
-        if (rv != SECSuccess)
-            return rv;
-        pIn = wrBuf->buf + headerLen + ivLen;
-        contentLen = outlen;
-    }
-
-    pseudoHeaderLen = ssl3_BuildRecordPseudoHeader(
-        pseudoHeader, cwSpec->write_seq_num, type,
-        cwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_0, cwSpec->version,
-        isDTLS, contentLen);
-    PORT_Assert(pseudoHeaderLen <= sizeof(pseudoHeader));
-    if (cipher_def->type == type_aead) {
-        const int nonceLen = cipher_def->explicit_nonce_size;
-        const int tagLen = cipher_def->tag_size;
-
-        if (headerLen + nonceLen + contentLen + tagLen > wrBuf->space) {
-            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-            return SECFailure;
-        }
-
-        cipherBytes = contentLen;
-        rv = cwSpec->aead(
-            isServer ? &cwSpec->server : &cwSpec->client,
-            PR_FALSE,                 /* do encrypt */
-            wrBuf->buf + headerLen,   /* output  */
-            &cipherBytes,             /* out len */
-            wrBuf->space - headerLen, /* max out */
-            pIn, contentLen,          /* input   */
-            pseudoHeader, pseudoHeaderLen);
-        if (rv != SECSuccess) {
-            PORT_SetError(SSL_ERROR_ENCRYPTION_FAILURE);
-            return SECFailure;
-        }
-    } else {
-        /*
-         * Add the MAC
-         */
-        rv = ssl3_ComputeRecordMAC(cwSpec, isServer,
-                                   pseudoHeader, pseudoHeaderLen, pIn, contentLen,
-                                   wrBuf->buf + headerLen + ivLen + contentLen,
-                                   &macLen);
-        if (rv != SECSuccess) {
-            ssl_MapLowLevelError(SSL_ERROR_MAC_COMPUTATION_FAILURE);
-            return SECFailure;
-        }
-        p1Len = contentLen;
-        p2Len = macLen;
-        fragLen = contentLen + macLen; /* needs to be encrypted */
-        PORT_Assert(fragLen <= MAX_FRAGMENT_LENGTH + 1024);
-
-        /*
-         * Pad the text (if we're doing a block cipher)
-         * then Encrypt it
-         */
-        if (cipher_def->type == type_block) {
-            unsigned char *pBuf;
-            int padding_length;
-            int i;
-
-            oddLen = contentLen % cipher_def->block_size;
-            /* Assume blockSize is a power of two */
-            padding_length = cipher_def->block_size - 1 - ((fragLen) & (cipher_def->block_size - 1));
-            fragLen += padding_length + 1;
-            PORT_Assert((fragLen % cipher_def->block_size) == 0);
-
-            /* Pad according to TLS rules (also acceptable to SSL3). */
-            pBuf = &wrBuf->buf[headerLen + ivLen + fragLen - 1];
-            for (i = padding_length + 1; i > 0; --i) {
-                *pBuf-- = padding_length;
-            }
-            /* now, if contentLen is not a multiple of block size, fix it */
-            p2Len = fragLen - p1Len;
-        }
-        if (p1Len < 256) {
-            oddLen = p1Len;
-            p1Len = 0;
-        } else {
-            p1Len -= oddLen;
-        }
-        if (oddLen) {
-            p2Len += oddLen;
-            PORT_Assert((cipher_def->block_size < 2) ||
-                        (p2Len % cipher_def->block_size) == 0);
-            memmove(wrBuf->buf + headerLen + ivLen + p1Len, pIn + p1Len,
-                    oddLen);
-        }
-        if (p1Len > 0) {
-            int cipherBytesPart1 = -1;
-            rv = cwSpec->encode(cwSpec->encodeContext,
-                                wrBuf->buf + headerLen + ivLen, /* output */
-                                &cipherBytesPart1,              /* actual outlen */
-                                p1Len,                          /* max outlen */
-                                pIn,
-                                p1Len); /* input, and inputlen */
-            PORT_Assert(rv == SECSuccess && cipherBytesPart1 == (int)p1Len);
-            if (rv != SECSuccess || cipherBytesPart1 != (int)p1Len) {
-                PORT_SetError(SSL_ERROR_ENCRYPTION_FAILURE);
-                return SECFailure;
-            }
-            cipherBytes += cipherBytesPart1;
-        }
-        if (p2Len > 0) {
-            int cipherBytesPart2 = -1;
-            rv = cwSpec->encode(cwSpec->encodeContext,
-                                wrBuf->buf + headerLen + ivLen + p1Len,
-                                &cipherBytesPart2, /* output and actual outLen */
-                                p2Len,             /* max outlen */
-                                wrBuf->buf + headerLen + ivLen + p1Len,
-                                p2Len); /* input and inputLen*/
-            PORT_Assert(rv == SECSuccess && cipherBytesPart2 == (int)p2Len);
-            if (rv != SECSuccess || cipherBytesPart2 != (int)p2Len) {
-                PORT_SetError(SSL_ERROR_ENCRYPTION_FAILURE);
-                return SECFailure;
-            }
-            cipherBytes += cipherBytesPart2;
-        }
-    }
-
-    PORT_Assert(cipherBytes <= MAX_FRAGMENT_LENGTH + 1024);
-
-    wrBuf->len = cipherBytes + headerLen;
-    wrBuf->buf[0] = type;
-    if (isDTLS) {
-        SSL3ProtocolVersion version;
-
-        version = dtls_TLSVersionToDTLSVersion(cwSpec->version);
-        wrBuf->buf[1] = MSB(version);
-        wrBuf->buf[2] = LSB(version);
-        wrBuf->buf[3] = (unsigned char)(cwSpec->write_seq_num.high >> 24);
-        wrBuf->buf[4] = (unsigned char)(cwSpec->write_seq_num.high >> 16);
-        wrBuf->buf[5] = (unsigned char)(cwSpec->write_seq_num.high >> 8);
-        wrBuf->buf[6] = (unsigned char)(cwSpec->write_seq_num.high >> 0);
-        wrBuf->buf[7] = (unsigned char)(cwSpec->write_seq_num.low >> 24);
-        wrBuf->buf[8] = (unsigned char)(cwSpec->write_seq_num.low >> 16);
-        wrBuf->buf[9] = (unsigned char)(cwSpec->write_seq_num.low >> 8);
-        wrBuf->buf[10] = (unsigned char)(cwSpec->write_seq_num.low >> 0);
-        wrBuf->buf[11] = MSB(cipherBytes);
-        wrBuf->buf[12] = LSB(cipherBytes);
-    } else {
-        SSL3ProtocolVersion version = cwSpec->version;
-
-        if (capRecordVersion || version >= SSL_LIBRARY_VERSION_TLS_1_3) {
-            version = PR_MIN(SSL_LIBRARY_VERSION_TLS_1_0, version);
-        }
-
-        wrBuf->buf[1] = MSB(version);
-        wrBuf->buf[2] = LSB(version);
-        wrBuf->buf[3] = MSB(cipherBytes);
-        wrBuf->buf[4] = LSB(cipherBytes);
-    }
-
-    ssl3_BumpSequenceNumber(&cwSpec->write_seq_num);
-
-    return SECSuccess;
-}
-
-/* Process the plain text before sending it.
- * Returns the number of bytes of plaintext that were successfully sent
- *  plus the number of bytes of plaintext that were copied into the
- *  output (write) buffer.
- * Returns SECFailure on a hard IO error, memory error, or crypto error.
- * Does NOT return SECWouldBlock.
- *
- * Notes on the use of the private ssl flags:
- * (no private SSL flags)
- *    Attempt to make and send SSL records for all plaintext
- *    If non-blocking and a send gets WOULD_BLOCK,
- *    or if the pending (ciphertext) buffer is not empty,
- *    then buffer remaining bytes of ciphertext into pending buf,
- *    and continue to do that for all succssive records until all
- *    bytes are used.
- * ssl_SEND_FLAG_FORCE_INTO_BUFFER
- *    As above, except this suppresses all write attempts, and forces
- *    all ciphertext into the pending ciphertext buffer.
- * ssl_SEND_FLAG_USE_EPOCH (for DTLS)
- *    Forces the use of the provided epoch
- * ssl_SEND_FLAG_CAP_RECORD_VERSION
- *    Caps the record layer version number of TLS ClientHello to { 3, 1 }
- *    (TLS 1.0). Some TLS 1.0 servers (which seem to use F5 BIG-IP) ignore
- *    ClientHello.client_version and use the record layer version number
- *    (TLSPlaintext.version) instead when negotiating protocol versions. In
- *    addition, if the record layer version number of ClientHello is { 3, 2 }
- *    (TLS 1.1) or higher, these servers reset the TCP connections. Lastly,
- *    some F5 BIG-IP servers hang if a record containing a ClientHello has a
- *    version greater than { 3, 1 } and a length greater than 255. Set this
- *    flag to work around such servers.
- */
-PRInt32
-ssl3_SendRecord(sslSocket *ss,
-                DTLSEpoch epoch, /* DTLS only */
-                SSL3ContentType type,
-                const SSL3Opaque *pIn, /* input buffer */
-                PRInt32 nIn,           /* bytes of input */
-                PRInt32 flags)
-{
-    sslBuffer *wrBuf = &ss->sec.writeBuf;
-    SECStatus rv;
-    PRInt32 totalSent = 0;
-    PRBool capRecordVersion;
-
-    SSL_TRC(3, ("%d: SSL3[%d] SendRecord type: %s nIn=%d",
-                SSL_GETPID(), ss->fd, ssl3_DecodeContentType(type),
-                nIn));
-    PRINT_BUF(50, (ss, "Send record (plain text)", pIn, nIn));
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
-
-    if (ss->ssl3.fatalAlertSent) {
-        SSL_TRC(3, ("%d: SSL3[%d] Suppress write, fatal alert already sent",
-                    SSL_GETPID(), ss->fd));
-        return SECFailure;
-    }
-
-    capRecordVersion = ((flags & ssl_SEND_FLAG_CAP_RECORD_VERSION) != 0);
-
-    if (capRecordVersion) {
-        /* ssl_SEND_FLAG_CAP_RECORD_VERSION can only be used with the
-         * TLS initial ClientHello. */
-        PORT_Assert(!IS_DTLS(ss));
-        PORT_Assert(!ss->firstHsDone);
-        PORT_Assert(type == content_handshake);
-        PORT_Assert(ss->ssl3.hs.ws == wait_server_hello);
-    }
-
-    if (ss->ssl3.initialized == PR_FALSE) {
-        /* This can happen on a server if the very first incoming record
-        ** looks like a defective ssl3 record (e.g. too long), and we're
-        ** trying to send an alert.
-        */
-        PR_ASSERT(type == content_alert);
-        rv = ssl3_InitState(ss);
-        if (rv != SECSuccess) {
-            return SECFailure; /* ssl3_InitState has set the error code. */
-        }
-    }
-
-    /* check for Token Presence */
-    if (!ssl3_ClientAuthTokenPresent(ss->sec.ci.sid)) {
-        PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL);
-        return SECFailure;
-    }
-
-    while (nIn > 0) {
-        PRUint32 contentLen = PR_MIN(nIn, MAX_FRAGMENT_LENGTH);
-        unsigned int spaceNeeded;
-        unsigned int numRecords;
-
-        ssl_GetSpecReadLock(ss); /********************************/
-
-        if (nIn > 1 && ss->opt.cbcRandomIV &&
-            ss->ssl3.cwSpec->version < SSL_LIBRARY_VERSION_TLS_1_1 &&
-            type == content_application_data &&
-            ss->ssl3.cwSpec->cipher_def->type == type_block /* CBC mode */) {
-            /* We will split the first byte of the record into its own record,
-             * as explained in the documentation for SSL_CBC_RANDOM_IV in ssl.h
-             */
-            numRecords = 2;
-        } else {
-            numRecords = 1;
-        }
-
-        spaceNeeded = contentLen + (numRecords * SSL3_BUFFER_FUDGE);
-        if (ss->ssl3.cwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_1 &&
-            ss->ssl3.cwSpec->cipher_def->type == type_block) {
-            spaceNeeded += ss->ssl3.cwSpec->cipher_def->iv_size;
-        }
-        if (spaceNeeded > wrBuf->space) {
-            rv = sslBuffer_Grow(wrBuf, spaceNeeded);
-            if (rv != SECSuccess) {
-                SSL_DBG(("%d: SSL3[%d]: SendRecord, tried to get %d bytes",
-                         SSL_GETPID(), ss->fd, spaceNeeded));
-                goto spec_locked_loser; /* sslBuffer_Grow set error code. */
-            }
-        }
-
-        if (numRecords == 2) {
-            sslBuffer secondRecord;
-            rv = ssl3_CompressMACEncryptRecord(ss->ssl3.cwSpec,
-                                               ss->sec.isServer, IS_DTLS(ss),
-                                               capRecordVersion, type, pIn,
-                                               1, wrBuf);
-            if (rv != SECSuccess)
-                goto spec_locked_loser;
-
-            PRINT_BUF(50, (ss, "send (encrypted) record data [1/2]:",
-                           wrBuf->buf, wrBuf->len));
-
-            secondRecord.buf = wrBuf->buf + wrBuf->len;
-            secondRecord.len = 0;
-            secondRecord.space = wrBuf->space - wrBuf->len;
-
-            rv = ssl3_CompressMACEncryptRecord(ss->ssl3.cwSpec,
-                                               ss->sec.isServer, IS_DTLS(ss),
-                                               capRecordVersion, type,
-                                               pIn + 1,
-                                               contentLen - 1,
-                                               &secondRecord);
-            if (rv == SECSuccess) {
-                PRINT_BUF(50, (ss, "send (encrypted) record data [2/2]:",
-                               secondRecord.buf, secondRecord.len));
-                wrBuf->len += secondRecord.len;
-            }
-        } else {
-            if (!IS_DTLS(ss)) {
-                if (ss->ssl3.cwSpec->version < SSL_LIBRARY_VERSION_TLS_1_3) {
-                    rv = ssl3_CompressMACEncryptRecord(ss->ssl3.cwSpec,
-                                                       ss->sec.isServer,
-                                                       PR_FALSE,
-                                                       capRecordVersion,
-                                                       type, pIn,
-                                                       contentLen, wrBuf);
-                } else {
-                    rv = tls13_ProtectRecord(ss, type, pIn,
-                                             contentLen, wrBuf);
-                }
-            } else {
-                /* TLS <= 1.2 and TLS 1.3 cases are both handled in
-                 * dtls_CompressMACEncryptRecord. */
-                rv = dtls_CompressMACEncryptRecord(ss, epoch,
-                                                   !!(flags & ssl_SEND_FLAG_USE_EPOCH),
-                                                   type, pIn,
-                                                   contentLen, wrBuf);
-            }
-
-            if (rv == SECSuccess) {
-                PRINT_BUF(50, (ss, "send (encrypted) record data:",
-                               wrBuf->buf, wrBuf->len));
-            }
-        }
-
-    spec_locked_loser:
-        ssl_ReleaseSpecReadLock(ss); /************************************/
-
-        if (rv != SECSuccess)
-            return SECFailure;
-
-        pIn += contentLen;
-        nIn -= contentLen;
-        PORT_Assert(nIn >= 0);
-
-        /* If there's still some previously saved ciphertext,
-         * or the caller doesn't want us to send the data yet,
-         * then add all our new ciphertext to the amount previously saved.
-         */
-        if ((ss->pendingBuf.len > 0) ||
-            (flags & ssl_SEND_FLAG_FORCE_INTO_BUFFER)) {
-
-            rv = ssl_SaveWriteData(ss, wrBuf->buf, wrBuf->len);
-            if (rv != SECSuccess) {
-                /* presumably a memory error, SEC_ERROR_NO_MEMORY */
-                return SECFailure;
-            }
-            wrBuf->len = 0; /* All cipher text is saved away. */
-
-            if (!(flags & ssl_SEND_FLAG_FORCE_INTO_BUFFER)) {
-                PRInt32 sent;
-                ss->handshakeBegun = 1;
-                sent = ssl_SendSavedWriteData(ss);
-                if (sent < 0 && PR_GetError() != PR_WOULD_BLOCK_ERROR) {
-                    ssl_MapLowLevelError(SSL_ERROR_SOCKET_WRITE_FAILURE);
-                    return SECFailure;
-                }
-                if (ss->pendingBuf.len) {
-                    flags |= ssl_SEND_FLAG_FORCE_INTO_BUFFER;
-                }
-            }
-        } else if (wrBuf->len > 0) {
-            PRInt32 sent;
-            ss->handshakeBegun = 1;
-            sent = ssl_DefSend(ss, wrBuf->buf, wrBuf->len,
-                               flags & ~ssl_SEND_FLAG_MASK);
-            if (sent < 0) {
-                if (PR_GetError() != PR_WOULD_BLOCK_ERROR) {
-                    ssl_MapLowLevelError(SSL_ERROR_SOCKET_WRITE_FAILURE);
-                    return SECFailure;
-                }
-                /* we got PR_WOULD_BLOCK_ERROR, which means none was sent. */
-                sent = 0;
-            }
-            wrBuf->len -= sent;
-            if (wrBuf->len) {
-                if (IS_DTLS(ss)) {
-                    /* DTLS just says no in this case. No buffering */
-                    PR_SetError(PR_WOULD_BLOCK_ERROR, 0);
-                    return SECFailure;
-                }
-                /* now take all the remaining unsent new ciphertext and
-                 * append it to the buffer of previously unsent ciphertext.
-                 */
-                rv = ssl_SaveWriteData(ss, wrBuf->buf + sent, wrBuf->len);
-                if (rv != SECSuccess) {
-                    /* presumably a memory error, SEC_ERROR_NO_MEMORY */
-                    return SECFailure;
-                }
-            }
-        }
-        totalSent += contentLen;
-    }
-    return totalSent;
-}
-
-#define SSL3_PENDING_HIGH_WATER 1024
-
-/* Attempt to send the content of "in" in an SSL application_data record.
- * Returns "len" or SECFailure,   never SECWouldBlock, nor SECSuccess.
- */
-int
-ssl3_SendApplicationData(sslSocket *ss, const unsigned char *in,
-                         PRInt32 len, PRInt32 flags)
-{
-    PRInt32 totalSent = 0;
-    PRInt32 discarded = 0;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
-    /* These flags for internal use only */
-    PORT_Assert(!(flags & (ssl_SEND_FLAG_USE_EPOCH |
-                           ssl_SEND_FLAG_NO_RETRANSMIT)));
-    if (len < 0 || !in) {
-        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
-        return SECFailure;
-    }
-
-    if (ss->pendingBuf.len > SSL3_PENDING_HIGH_WATER &&
-        !ssl_SocketIsBlocking(ss)) {
-        PORT_Assert(!ssl_SocketIsBlocking(ss));
-        PORT_SetError(PR_WOULD_BLOCK_ERROR);
-        return SECFailure;
-    }
-
-    if (ss->appDataBuffered && len) {
-        PORT_Assert(in[0] == (unsigned char)(ss->appDataBuffered));
-        if (in[0] != (unsigned char)(ss->appDataBuffered)) {
-            PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
-            return SECFailure;
-        }
-        in++;
-        len--;
-        discarded = 1;
-    }
-    while (len > totalSent) {
-        PRInt32 sent, toSend;
-
-        if (totalSent > 0) {
-            /*
-             * The thread yield is intended to give the reader thread a
-             * chance to get some cycles while the writer thread is in
-             * the middle of a large application data write.  (See
-             * Bugzilla bug 127740, comment #1.)
-             */
-            ssl_ReleaseXmitBufLock(ss);
-            PR_Sleep(PR_INTERVAL_NO_WAIT); /* PR_Yield(); */
-            ssl_GetXmitBufLock(ss);
-        }
-        toSend = PR_MIN(len - totalSent, MAX_FRAGMENT_LENGTH);
-        /*
-         * Note that the 0 epoch is OK because flags will never require
-         * its use, as guaranteed by the PORT_Assert above.
-         */
-        sent = ssl3_SendRecord(ss, 0, content_application_data,
-                               in + totalSent, toSend, flags);
-        if (sent < 0) {
-            if (totalSent > 0 && PR_GetError() == PR_WOULD_BLOCK_ERROR) {
-                PORT_Assert(ss->lastWriteBlocked);
-                break;
-            }
-            return SECFailure; /* error code set by ssl3_SendRecord */
-        }
-        totalSent += sent;
-        if (ss->pendingBuf.len) {
-            /* must be a non-blocking socket */
-            PORT_Assert(!ssl_SocketIsBlocking(ss));
-            PORT_Assert(ss->lastWriteBlocked);
-            break;
-        }
-    }
-    if (ss->pendingBuf.len) {
-        /* Must be non-blocking. */
-        PORT_Assert(!ssl_SocketIsBlocking(ss));
-        if (totalSent > 0) {
-            ss->appDataBuffered = 0x100 | in[totalSent - 1];
-        }
-
-        totalSent = totalSent + discarded - 1;
-        if (totalSent <= 0) {
-            PORT_SetError(PR_WOULD_BLOCK_ERROR);
-            totalSent = SECFailure;
-        }
-        return totalSent;
-    }
-    ss->appDataBuffered = 0;
-    return totalSent + discarded;
-}
-
-/* Attempt to send buffered handshake messages.
- * This function returns SECSuccess or SECFailure, never SECWouldBlock.
- * Always set sendBuf.len to 0, even when returning SECFailure.
- *
- * Depending on whether we are doing DTLS or not, this either calls
- *
- * - ssl3_FlushHandshakeMessages if non-DTLS
- * - dtls_FlushHandshakeMessages if DTLS
- *
- * Called from SSL3_SendAlert(), ssl3_SendChangeCipherSpecs(),
- *             ssl3_AppendHandshake(), ssl3_SendClientHello(),
- *             ssl3_SendHelloRequest(), ssl3_SendServerHelloDone(),
- *             ssl3_SendFinished(),
- */
-SECStatus
-ssl3_FlushHandshake(sslSocket *ss, PRInt32 flags)
-{
-    if (IS_DTLS(ss)) {
-        return dtls_FlushHandshakeMessages(ss, flags);
-    } else {
-        return ssl3_FlushHandshakeMessages(ss, flags);
-    }
-}
-
-/* Attempt to send the content of sendBuf buffer in an SSL handshake record.
- * This function returns SECSuccess or SECFailure, never SECWouldBlock.
- * Always set sendBuf.len to 0, even when returning SECFailure.
- *
- * Called from ssl3_FlushHandshake
- */
-static SECStatus
-ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags)
-{
-    static const PRInt32 allowedFlags = ssl_SEND_FLAG_FORCE_INTO_BUFFER |
-                                        ssl_SEND_FLAG_CAP_RECORD_VERSION;
-    PRInt32 count = -1;
-    SECStatus rv = SECSuccess;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
-
-    if (!ss->sec.ci.sendBuf.buf || !ss->sec.ci.sendBuf.len)
-        return rv;
-
-    /* only these flags are allowed */
-    PORT_Assert(!(flags & ~allowedFlags));
-    if ((flags & ~allowedFlags) != 0) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        rv = SECFailure;
-    } else {
-        count = ssl3_SendRecord(ss, 0, content_handshake, ss->sec.ci.sendBuf.buf,
-                                ss->sec.ci.sendBuf.len, flags);
-    }
-    if (count < 0) {
-        int err = PORT_GetError();
-        PORT_Assert(err != PR_WOULD_BLOCK_ERROR);
-        if (err == PR_WOULD_BLOCK_ERROR) {
-            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        }
-        rv = SECFailure;
-    } else if ((unsigned int)count < ss->sec.ci.sendBuf.len) {
-        /* short write should never happen */
-        PORT_Assert((unsigned int)count >= ss->sec.ci.sendBuf.len);
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        rv = SECFailure;
-    } else {
-        rv = SECSuccess;
-    }
-
-    /* Whether we succeeded or failed, toss the old handshake data. */
-    ss->sec.ci.sendBuf.len = 0;
-    return rv;
-}
-
-/*
- * Called from ssl3_HandleAlert and from ssl3_HandleCertificate when
- * the remote client sends a negative response to our certificate request.
- * Returns SECFailure if the application has required client auth.
- *         SECSuccess otherwise.
- */
-static SECStatus
-ssl3_HandleNoCertificate(sslSocket *ss)
-{
-    if (ss->sec.peerCert != NULL) {
-        if (ss->sec.peerKey != NULL) {
-            SECKEY_DestroyPublicKey(ss->sec.peerKey);
-            ss->sec.peerKey = NULL;
-        }
-        CERT_DestroyCertificate(ss->sec.peerCert);
-        ss->sec.peerCert = NULL;
-    }
-    ssl3_CleanupPeerCerts(ss);
-
-    /* If the server has required client-auth blindly but doesn't
-     * actually look at the certificate it won't know that no
-     * certificate was presented so we shutdown the socket to ensure
-     * an error.  We only do this if we haven't already completed the
-     * first handshake because if we're redoing the handshake we
-     * know the server is paying attention to the certificate.
-     */
-    if ((ss->opt.requireCertificate == SSL_REQUIRE_ALWAYS) ||
-        (!ss->firstHsDone &&
-         (ss->opt.requireCertificate == SSL_REQUIRE_FIRST_HANDSHAKE))) {
-        PRFileDesc *lower;
-
-        if (ss->sec.uncache)
-            ss->sec.uncache(ss->sec.ci.sid);
-        SSL3_SendAlert(ss, alert_fatal, bad_certificate);
-
-        lower = ss->fd->lower;
-#ifdef _WIN32
-        lower->methods->shutdown(lower, PR_SHUTDOWN_SEND);
-#else
-        lower->methods->shutdown(lower, PR_SHUTDOWN_BOTH);
-#endif
-        PORT_SetError(SSL_ERROR_NO_CERTIFICATE);
-        return SECFailure;
-    }
-    return SECSuccess;
-}
-
-/************************************************************************
- * Alerts
- */
-
-/*
-** Acquires both handshake and XmitBuf locks.
-** Called from: ssl3_IllegalParameter   <-
-**              ssl3_HandshakeFailure   <-
-**              ssl3_HandleAlert    <- ssl3_HandleRecord.
-**              ssl3_HandleChangeCipherSpecs <- ssl3_HandleRecord
-**              ssl3_ConsumeHandshakeVariable <-
-**              ssl3_HandleHelloRequest <-
-**              ssl3_HandleServerHello  <-
-**              ssl3_HandleServerKeyExchange <-
-**              ssl3_HandleCertificateRequest <-
-**              ssl3_HandleServerHelloDone <-
-**              ssl3_HandleClientHello  <-
-**              ssl3_HandleV2ClientHello <-
-**              ssl3_HandleCertificateVerify <-
-**              ssl3_HandleClientKeyExchange <-
-**              ssl3_HandleCertificate  <-
-**              ssl3_HandleFinished <-
-**              ssl3_HandleHandshakeMessage <-
-**              ssl3_HandlePostHelloHandshakeMessage <-
-**              ssl3_HandleRecord   <-
-**
-*/
-SECStatus
-SSL3_SendAlert(sslSocket *ss, SSL3AlertLevel level, SSL3AlertDescription desc)
-{
-    PRUint8 bytes[2];
-    SECStatus rv;
-
-    SSL_TRC(3, ("%d: SSL3[%d]: send alert record, level=%d desc=%d",
-                SSL_GETPID(), ss->fd, level, desc));
-
-    bytes[0] = level;
-    bytes[1] = desc;
-
-    ssl_GetSSL3HandshakeLock(ss);
-    if (level == alert_fatal) {
-        if (!ss->opt.noCache && ss->sec.ci.sid && ss->sec.uncache) {
-            ss->sec.uncache(ss->sec.ci.sid);
-        }
-    }
-    ssl_GetXmitBufLock(ss);
-    rv = ssl3_FlushHandshake(ss, ssl_SEND_FLAG_FORCE_INTO_BUFFER);
-    if (rv == SECSuccess) {
-        PRInt32 sent;
-        sent = ssl3_SendRecord(ss, 0, content_alert, bytes, 2,
-                               desc == no_certificate ? ssl_SEND_FLAG_FORCE_INTO_BUFFER : 0);
-        rv = (sent >= 0) ? SECSuccess : (SECStatus)sent;
-    }
-    if (level == alert_fatal) {
-        ss->ssl3.fatalAlertSent = PR_TRUE;
-    }
-    ssl_ReleaseXmitBufLock(ss);
-    ssl_ReleaseSSL3HandshakeLock(ss);
-    return rv; /* error set by ssl3_FlushHandshake or ssl3_SendRecord */
-}
-
-/*
- * Send illegal_parameter alert.  Set generic error number.
- */
-static SECStatus
-ssl3_IllegalParameter(sslSocket *ss)
-{
-    (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter);
-    PORT_SetError(ss->sec.isServer ? SSL_ERROR_BAD_CLIENT
-                                   : SSL_ERROR_BAD_SERVER);
-    return SECFailure;
-}
-
-/*
- * Send handshake_Failure alert.  Set generic error number.
- */
-static SECStatus
-ssl3_HandshakeFailure(sslSocket *ss)
-{
-    (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure);
-    PORT_SetError(ss->sec.isServer ? SSL_ERROR_BAD_CLIENT
-                                   : SSL_ERROR_BAD_SERVER);
-    return SECFailure;
-}
-
-static void
-ssl3_SendAlertForCertError(sslSocket *ss, PRErrorCode errCode)
-{
-    SSL3AlertDescription desc = bad_certificate;
-    PRBool isTLS = ss->version >= SSL_LIBRARY_VERSION_3_1_TLS;
-
-    switch (errCode) {
-        case SEC_ERROR_LIBRARY_FAILURE:
-            desc = unsupported_certificate;
-            break;
-        case SEC_ERROR_EXPIRED_CERTIFICATE:
-            desc = certificate_expired;
-            break;
-        case SEC_ERROR_REVOKED_CERTIFICATE:
-            desc = certificate_revoked;
-            break;
-        case SEC_ERROR_INADEQUATE_KEY_USAGE:
-        case SEC_ERROR_INADEQUATE_CERT_TYPE:
-            desc = certificate_unknown;
-            break;
-        case SEC_ERROR_UNTRUSTED_CERT:
-            desc = isTLS ? access_denied : certificate_unknown;
-            break;
-        case SEC_ERROR_UNKNOWN_ISSUER:
-        case SEC_ERROR_UNTRUSTED_ISSUER:
-            desc = isTLS ? unknown_ca : certificate_unknown;
-            break;
-        case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
-            desc = isTLS ? unknown_ca : certificate_expired;
-            break;
-
-        case SEC_ERROR_CERT_NOT_IN_NAME_SPACE:
-        case SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID:
-        case SEC_ERROR_CA_CERT_INVALID:
-        case SEC_ERROR_BAD_SIGNATURE:
-        default:
-            desc = bad_certificate;
-            break;
-    }
-    SSL_DBG(("%d: SSL3[%d]: peer certificate is no good: error=%d",
-             SSL_GETPID(), ss->fd, errCode));
-
-    (void)SSL3_SendAlert(ss, alert_fatal, desc);
-}
-
-/*
- * Send decode_error alert.  Set generic error number.
- */
-SECStatus
-ssl3_DecodeError(sslSocket *ss)
-{
-    (void)SSL3_SendAlert(ss, alert_fatal,
-                         ss->version > SSL_LIBRARY_VERSION_3_0 ? decode_error
-                                                               : illegal_parameter);
-    PORT_SetError(ss->sec.isServer ? SSL_ERROR_BAD_CLIENT
-                                   : SSL_ERROR_BAD_SERVER);
-    return SECFailure;
-}
-
-/* Called from ssl3_HandleRecord.
-** Caller must hold both RecvBuf and Handshake locks.
-*/
-static SECStatus
-ssl3_HandleAlert(sslSocket *ss, sslBuffer *buf)
-{
-    SSL3AlertLevel level;
-    SSL3AlertDescription desc;
-    int error;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    SSL_TRC(3, ("%d: SSL3[%d]: handle alert record", SSL_GETPID(), ss->fd));
-
-    if (buf->len != 2) {
-        (void)ssl3_DecodeError(ss);
-        PORT_SetError(SSL_ERROR_RX_MALFORMED_ALERT);
-        return SECFailure;
-    }
-    level = (SSL3AlertLevel)buf->buf[0];
-    desc = (SSL3AlertDescription)buf->buf[1];
-    buf->len = 0;
-    SSL_TRC(5, ("%d: SSL3[%d] received alert, level = %d, description = %d",
-                SSL_GETPID(), ss->fd, level, desc));
-
-    switch (desc) {
-        case close_notify:
-            ss->recvdCloseNotify = 1;
-            error = SSL_ERROR_CLOSE_NOTIFY_ALERT;
-            break;
-        case unexpected_message:
-            error = SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT;
-            break;
-        case bad_record_mac:
-            error = SSL_ERROR_BAD_MAC_ALERT;
-            break;
-        case decryption_failed_RESERVED:
-            error = SSL_ERROR_DECRYPTION_FAILED_ALERT;
-            break;
-        case record_overflow:
-            error = SSL_ERROR_RECORD_OVERFLOW_ALERT;
-            break;
-        case decompression_failure:
-            error = SSL_ERROR_DECOMPRESSION_FAILURE_ALERT;
-            break;
-        case handshake_failure:
-            error = SSL_ERROR_HANDSHAKE_FAILURE_ALERT;
-            break;
-        case no_certificate:
-            error = SSL_ERROR_NO_CERTIFICATE;
-            break;
-        case bad_certificate:
-            error = SSL_ERROR_BAD_CERT_ALERT;
-            break;
-        case unsupported_certificate:
-            error = SSL_ERROR_UNSUPPORTED_CERT_ALERT;
-            break;
-        case certificate_revoked:
-            error = SSL_ERROR_REVOKED_CERT_ALERT;
-            break;
-        case certificate_expired:
-            error = SSL_ERROR_EXPIRED_CERT_ALERT;
-            break;
-        case certificate_unknown:
-            error = SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT;
-            break;
-        case illegal_parameter:
-            error = SSL_ERROR_ILLEGAL_PARAMETER_ALERT;
-            break;
-        case inappropriate_fallback:
-            error = SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT;
-            break;
-
-        /* All alerts below are TLS only. */
-        case unknown_ca:
-            error = SSL_ERROR_UNKNOWN_CA_ALERT;
-            break;
-        case access_denied:
-            error = SSL_ERROR_ACCESS_DENIED_ALERT;
-            break;
-        case decode_error:
-            error = SSL_ERROR_DECODE_ERROR_ALERT;
-            break;
-        case decrypt_error:
-            error = SSL_ERROR_DECRYPT_ERROR_ALERT;
-            break;
-        case export_restriction:
-            error = SSL_ERROR_EXPORT_RESTRICTION_ALERT;
-            break;
-        case protocol_version:
-            error = SSL_ERROR_PROTOCOL_VERSION_ALERT;
-            break;
-        case insufficient_security:
-            error = SSL_ERROR_INSUFFICIENT_SECURITY_ALERT;
-            break;
-        case internal_error:
-            error = SSL_ERROR_INTERNAL_ERROR_ALERT;
-            break;
-        case user_canceled:
-            error = SSL_ERROR_USER_CANCELED_ALERT;
-            break;
-        case no_renegotiation:
-            error = SSL_ERROR_NO_RENEGOTIATION_ALERT;
-            break;
-
-        /* Alerts for TLS client hello extensions */
-        case missing_extension:
-            error = SSL_ERROR_MISSING_EXTENSION_ALERT;
-            break;
-        case unsupported_extension:
-            error = SSL_ERROR_UNSUPPORTED_EXTENSION_ALERT;
-            break;
-        case certificate_unobtainable:
-            error = SSL_ERROR_CERTIFICATE_UNOBTAINABLE_ALERT;
-            break;
-        case unrecognized_name:
-            error = SSL_ERROR_UNRECOGNIZED_NAME_ALERT;
-            break;
-        case bad_certificate_status_response:
-            error = SSL_ERROR_BAD_CERT_STATUS_RESPONSE_ALERT;
-            break;
-        case bad_certificate_hash_value:
-            error = SSL_ERROR_BAD_CERT_HASH_VALUE_ALERT;
-            break;
-        default:
-            error = SSL_ERROR_RX_UNKNOWN_ALERT;
-            break;
-    }
-    if (level == alert_fatal) {
-        if (!ss->opt.noCache) {
-            if (ss->sec.uncache)
-                ss->sec.uncache(ss->sec.ci.sid);
-        }
-        if ((ss->ssl3.hs.ws == wait_server_hello) &&
-            (desc == handshake_failure)) {
-            /* XXX This is a hack.  We're assuming that any handshake failure
-             * XXX on the client hello is a failure to match ciphers.
-             */
-            error = SSL_ERROR_NO_CYPHER_OVERLAP;
-        }
-        PORT_SetError(error);
-        return SECFailure;
-    }
-    if ((desc == no_certificate) && (ss->ssl3.hs.ws == wait_client_cert)) {
-        /* I'm a server. I've requested a client cert. He hasn't got one. */
-        SECStatus rv;
-
-        PORT_Assert(ss->sec.isServer);
-        ss->ssl3.hs.ws = wait_client_key;
-        rv = ssl3_HandleNoCertificate(ss);
-        return rv;
-    }
-    return SECSuccess;
-}
-
-/*
- * Change Cipher Specs
- * Called from ssl3_HandleServerHelloDone,
- *             ssl3_HandleClientHello,
- * and         ssl3_HandleFinished
- *
- * Acquires and releases spec write lock, to protect switching the current
- * and pending write spec pointers.
- */
-
-static SECStatus
-ssl3_SendChangeCipherSpecs(sslSocket *ss)
-{
-    PRUint8 change = change_cipher_spec_choice;
-    ssl3CipherSpec *pwSpec;
-    SECStatus rv;
-    PRInt32 sent;
-
-    SSL_TRC(3, ("%d: SSL3[%d]: send change_cipher_spec record",
-                SSL_GETPID(), ss->fd));
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    rv = ssl3_FlushHandshake(ss, ssl_SEND_FLAG_FORCE_INTO_BUFFER);
-    if (rv != SECSuccess) {
-        return rv; /* error code set by ssl3_FlushHandshake */
-    }
-    if (!IS_DTLS(ss)) {
-        sent = ssl3_SendRecord(ss, 0, content_change_cipher_spec, &change, 1,
-                               ssl_SEND_FLAG_FORCE_INTO_BUFFER);
-        if (sent < 0) {
-            return (SECStatus)sent; /* error code set by ssl3_SendRecord */
-        }
-    } else {
-        rv = dtls_QueueMessage(ss, content_change_cipher_spec, &change, 1);
-        if (rv != SECSuccess) {
-            return rv;
-        }
-    }
-
-    /* swap the pending and current write specs. */
-    ssl_GetSpecWriteLock(ss); /**************************************/
-    pwSpec = ss->ssl3.pwSpec;
-
-    ss->ssl3.pwSpec = ss->ssl3.cwSpec;
-    ss->ssl3.cwSpec = pwSpec;
-
-    SSL_TRC(3, ("%d: SSL3[%d] Set Current Write Cipher Suite to Pending",
-                SSL_GETPID(), ss->fd));
-
-    /* We need to free up the contexts, keys and certs ! */
-    /* If we are really through with the old cipher spec
-     * (Both the read and write sides have changed) destroy it.
-     */
-    if (ss->ssl3.prSpec == ss->ssl3.pwSpec) {
-        if (!IS_DTLS(ss)) {
-            ssl3_DestroyCipherSpec(ss->ssl3.pwSpec, PR_FALSE /*freeSrvName*/);
-        } else {
-            /* With DTLS, we need to set a holddown timer in case the final
-             * message got lost */
-            ss->ssl3.hs.rtTimeoutMs = DTLS_FINISHED_TIMER_MS;
-            dtls_StartTimer(ss, dtls_FinishedTimerCb);
-        }
-    }
-    ssl_ReleaseSpecWriteLock(ss); /**************************************/
-
-    return SECSuccess;
-}
-
-/* Called from ssl3_HandleRecord.
-** Caller must hold both RecvBuf and Handshake locks.
- *
- * Acquires and releases spec write lock, to protect switching the current
- * and pending write spec pointers.
-*/
-static SECStatus
-ssl3_HandleChangeCipherSpecs(sslSocket *ss, sslBuffer *buf)
-{
-    ssl3CipherSpec *prSpec;
-    SSL3WaitState ws = ss->ssl3.hs.ws;
-    SSL3ChangeCipherSpecChoice change;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    SSL_TRC(3, ("%d: SSL3[%d]: handle change_cipher_spec record",
-                SSL_GETPID(), ss->fd));
-
-    if (ws != wait_change_cipher) {
-        if (IS_DTLS(ss)) {
-            /* Ignore this because it's out of order. */
-            SSL_TRC(3, ("%d: SSL3[%d]: discard out of order "
-                        "DTLS change_cipher_spec",
-                        SSL_GETPID(), ss->fd));
-            buf->len = 0;
-            return SECSuccess;
-        }
-        (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
-        PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER);
-        return SECFailure;
-    }
-
-    if (buf->len != 1) {
-        (void)ssl3_DecodeError(ss);
-        PORT_SetError(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
-        return SECFailure;
-    }
-    change = (SSL3ChangeCipherSpecChoice)buf->buf[0];
-    if (change != change_cipher_spec_choice) {
-        /* illegal_parameter is correct here for both SSL3 and TLS. */
-        (void)ssl3_IllegalParameter(ss);
-        PORT_SetError(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
-        return SECFailure;
-    }
-    buf->len = 0;
-
-    /* Swap the pending and current read specs. */
-    ssl_GetSpecWriteLock(ss); /*************************************/
-    prSpec = ss->ssl3.prSpec;
-
-    ss->ssl3.prSpec = ss->ssl3.crSpec;
-    ss->ssl3.crSpec = prSpec;
-    ss->ssl3.hs.ws = wait_finished;
-
-    SSL_TRC(3, ("%d: SSL3[%d] Set Current Read Cipher Suite to Pending",
-                SSL_GETPID(), ss->fd));
-
-    /* If we are really through with the old cipher prSpec
-     * (Both the read and write sides have changed) destroy it.
-     */
-    if (ss->ssl3.prSpec == ss->ssl3.pwSpec) {
-        ssl3_DestroyCipherSpec(ss->ssl3.prSpec, PR_FALSE /*freeSrvName*/);
-    }
-    ssl_ReleaseSpecWriteLock(ss); /*************************************/
-    return SECSuccess;
-}
-
-/* This method completes the derivation of the MS from the PMS.
-**
-** 1. Derive the MS, if possible, else return an error.
-**
-** 2. Check the version if |pms_version| is non-zero and if wrong,
-**    return an error.
-**
-** 3. If |msp| is nonzero, return MS in |*msp|.
-
-** Called from:
-**   ssl3_ComputeMasterSecretInt
-**   tls_ComputeExtendedMasterSecretInt
-*/
-static SECStatus
-ssl3_ComputeMasterSecretFinish(sslSocket *ss,
-                               CK_MECHANISM_TYPE master_derive,
-                               CK_MECHANISM_TYPE key_derive,
-                               CK_VERSION *pms_version,
-                               SECItem *params, CK_FLAGS keyFlags,
-                               PK11SymKey *pms, PK11SymKey **msp)
-{
-    PK11SymKey *ms = NULL;
-
-    ms = PK11_DeriveWithFlags(pms, master_derive,
-                              params, key_derive,
-                              CKA_DERIVE, 0, keyFlags);
-    if (!ms) {
-        ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
-        return SECFailure;
-    }
-
-    if (pms_version && ss->opt.detectRollBack) {
-        SSL3ProtocolVersion client_version;
-        client_version = pms_version->major << 8 | pms_version->minor;
-
-        if (IS_DTLS(ss)) {
-            client_version = dtls_DTLSVersionToTLSVersion(client_version);
-        }
-
-        if (client_version != ss->clientHelloVersion) {
-            /* Destroy MS.  Version roll-back detected. */
-            PK11_FreeSymKey(ms);
-            ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
-            return SECFailure;
-        }
-    }
-
-    if (msp) {
-        *msp = ms;
-    } else {
-        PK11_FreeSymKey(ms);
-    }
-
-    return SECSuccess;
-}
-
-/*  Compute the ordinary (pre draft-ietf-tls-session-hash) master
- ** secret and return it in |*msp|.
- **
- ** Called from: ssl3_ComputeMasterSecret
- */
-static SECStatus
-ssl3_ComputeMasterSecretInt(sslSocket *ss, PK11SymKey *pms,
-                            PK11SymKey **msp)
-{
-    ssl3CipherSpec *pwSpec = ss->ssl3.pwSpec;
-    const ssl3KEADef *kea_def = ss->ssl3.hs.kea_def;
-    unsigned char *cr = (unsigned char *)&ss->ssl3.hs.client_random;
-    unsigned char *sr = (unsigned char *)&ss->ssl3.hs.server_random;
-    PRBool isTLS = (PRBool)(kea_def->tls_keygen ||
-                            (pwSpec->version > SSL_LIBRARY_VERSION_3_0));
-    PRBool isTLS12 =
-        (PRBool)(isTLS && pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
-    /*
-     * Whenever isDH is true, we need to use CKM_TLS_MASTER_KEY_DERIVE_DH
-     * which, unlike CKM_TLS_MASTER_KEY_DERIVE, converts arbitrary size
-     * data into a 48-byte value, and does not expect to return the version.
-     */
-    PRBool isDH = (PRBool)((ss->ssl3.hs.kea_def->exchKeyType == kt_dh) ||
-                           (ss->ssl3.hs.kea_def->exchKeyType == kt_ecdh));
-    CK_MECHANISM_TYPE master_derive;
-    CK_MECHANISM_TYPE key_derive;
-    SECItem params;
-    CK_FLAGS keyFlags;
-    CK_VERSION pms_version;
-    CK_VERSION *pms_version_ptr = NULL;
-    /* master_params may be used as a CK_SSL3_MASTER_KEY_DERIVE_PARAMS */
-    CK_TLS12_MASTER_KEY_DERIVE_PARAMS master_params;
-    unsigned int master_params_len;
-
-    if (isTLS12) {
-        if (isDH)
-            master_derive = CKM_TLS12_MASTER_KEY_DERIVE_DH;
-        else
-            master_derive = CKM_TLS12_MASTER_KEY_DERIVE;
-        key_derive = CKM_TLS12_KEY_AND_MAC_DERIVE;
-        keyFlags = CKF_SIGN | CKF_VERIFY;
-    } else if (isTLS) {
-        if (isDH)
-            master_derive = CKM_TLS_MASTER_KEY_DERIVE_DH;
-        else
-            master_derive = CKM_TLS_MASTER_KEY_DERIVE;
-        key_derive = CKM_TLS_KEY_AND_MAC_DERIVE;
-        keyFlags = CKF_SIGN | CKF_VERIFY;
-    } else {
-        if (isDH)
-            master_derive = CKM_SSL3_MASTER_KEY_DERIVE_DH;
-        else
-            master_derive = CKM_SSL3_MASTER_KEY_DERIVE;
-        key_derive = CKM_SSL3_KEY_AND_MAC_DERIVE;
-        keyFlags = 0;
-    }
-
-    if (!isDH) {
-        pms_version_ptr = &pms_version;
-    }
-
-    master_params.pVersion = pms_version_ptr;
-    master_params.RandomInfo.pClientRandom = cr;
-    master_params.RandomInfo.ulClientRandomLen = SSL3_RANDOM_LENGTH;
-    master_params.RandomInfo.pServerRandom = sr;
-    master_params.RandomInfo.ulServerRandomLen = SSL3_RANDOM_LENGTH;
-    if (isTLS12) {
-        master_params.prfHashMechanism = CKM_SHA256;
-        master_params_len = sizeof(CK_TLS12_MASTER_KEY_DERIVE_PARAMS);
-    } else {
-        /* prfHashMechanism is not relevant with this PRF */
-        master_params_len = sizeof(CK_SSL3_MASTER_KEY_DERIVE_PARAMS);
-    }
-
-    params.data = (unsigned char *)&master_params;
-    params.len = master_params_len;
-
-    return ssl3_ComputeMasterSecretFinish(ss, master_derive, key_derive,
-                                          pms_version_ptr, &params,
-                                          keyFlags, pms, msp);
-}
-
-/* Compute the draft-ietf-tls-session-hash master
-** secret and return it in |*msp|.
-**
-** Called from: ssl3_ComputeMasterSecret
-*/
-static SECStatus
-tls_ComputeExtendedMasterSecretInt(sslSocket *ss, PK11SymKey *pms,
-                                   PK11SymKey **msp)
-{
-    ssl3CipherSpec *pwSpec = ss->ssl3.pwSpec;
-    CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS extended_master_params;
-    SSL3Hashes hashes;
-    /*
-     * Determine whether to use the DH/ECDH or RSA derivation modes.
-     */
-    /*
-     * TODO(ekr@rtfm.com): Verify that the slot can handle this key expansion
-     *  mode. Bug 1198298 */
-    PRBool isDH = (PRBool)((ss->ssl3.hs.kea_def->exchKeyType == kt_dh) ||
-                           (ss->ssl3.hs.kea_def->exchKeyType == kt_ecdh));
-    CK_MECHANISM_TYPE master_derive;
-    CK_MECHANISM_TYPE key_derive;
-    SECItem params;
-    const CK_FLAGS keyFlags = CKF_SIGN | CKF_VERIFY;
-    CK_VERSION pms_version;
-    CK_VERSION *pms_version_ptr = NULL;
-    SECStatus rv;
-
-    rv = ssl3_ComputeHandshakeHashes(ss, pwSpec, &hashes, 0);
-    if (rv != SECSuccess) {
-        PORT_Assert(0); /* Should never fail */
-        ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
-        return SECFailure;
-    }
-
-    if (isDH) {
-        master_derive = CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH;
-    } else {
-        master_derive = CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE;
-        pms_version_ptr = &pms_version;
-    }
-
-    if (pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
-        /* TLS 1.2 */
-        extended_master_params.prfHashMechanism = CKM_SHA256;
-        key_derive = CKM_TLS12_KEY_AND_MAC_DERIVE;
-    } else {
-        /* TLS < 1.2 */
-        extended_master_params.prfHashMechanism = CKM_TLS_PRF;
-        key_derive = CKM_TLS_KEY_AND_MAC_DERIVE;
-    }
-
-    extended_master_params.pVersion = pms_version_ptr;
-    extended_master_params.pSessionHash = hashes.u.raw;
-    extended_master_params.ulSessionHashLen = hashes.len;
-
-    params.data = (unsigned char *)&extended_master_params;
-    params.len = sizeof extended_master_params;
-
-    return ssl3_ComputeMasterSecretFinish(ss, master_derive, key_derive,
-                                          pms_version_ptr, &params,
-                                          keyFlags, pms, msp);
-}
-
-/* Wrapper method to compute the master secret and return it in |*msp|.
-**
-** Called from ssl3_ComputeMasterSecret
-*/
-static SECStatus
-ssl3_ComputeMasterSecret(sslSocket *ss, PK11SymKey *pms,
-                         PK11SymKey **msp)
-{
-    PORT_Assert(pms != NULL);
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-    PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec);
-
-    if (ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn)) {
-        return tls_ComputeExtendedMasterSecretInt(ss, pms, msp);
-    } else {
-        return ssl3_ComputeMasterSecretInt(ss, pms, msp);
-    }
-}
-
-/* This method uses PKCS11 to derive the MS from the PMS, where PMS
-** is a PKCS11 symkey. We call ssl3_ComputeMasterSecret to do the
-** computations and then modify the pwSpec->state as a side effect.
-**
-** This is used in all cases except the "triple bypass" with RSA key
-** exchange.
-**
-** Called from ssl3_InitPendingCipherSpec.   prSpec is pwSpec.
-*/
-static SECStatus
-ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms)
-{
-    SECStatus rv;
-    PK11SymKey *ms = NULL;
-    ssl3CipherSpec *pwSpec = ss->ssl3.pwSpec;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSpecWriteLock(ss));
-    PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec);
-
-    if (pms) {
-        rv = ssl3_ComputeMasterSecret(ss, pms, &ms);
-        pwSpec->master_secret = ms;
-        if (rv != SECSuccess)
-            return rv;
-    }
-
-#ifndef NO_PKCS11_BYPASS
-    if (ss->opt.bypassPKCS11) {
-        SECItem *keydata;
-        /* In hope of doing a "double bypass",
-         * need to extract the master secret's value from the key object
-         * and store it raw in the sslSocket struct.
-         */
-        rv = PK11_ExtractKeyValue(pwSpec->master_secret);
-        if (rv != SECSuccess) {
-            return rv;
-        }
-        /* This returns the address of the secItem inside the key struct,
-         * not a copy or a reference.  So, there's no need to free it.
-         */
-        keydata = PK11_GetKeyData(pwSpec->master_secret);
-        if (keydata && keydata->len <= sizeof pwSpec->raw_master_secret) {
-            memcpy(pwSpec->raw_master_secret, keydata->data, keydata->len);
-            pwSpec->msItem.data = pwSpec->raw_master_secret;
-            pwSpec->msItem.len = keydata->len;
-        } else {
-            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-            return SECFailure;
-        }
-    }
-#endif
-
-    return SECSuccess;
-}
-
-/*
- * Derive encryption and MAC Keys (and IVs) from master secret
- * Sets a useful error code when returning SECFailure.
- *
- * Called only from ssl3_InitPendingCipherSpec(),
- * which in turn is called from
- *              sendRSAClientKeyExchange        (for Full handshake)
- *              sendDHClientKeyExchange         (for Full handshake)
- *              ssl3_HandleClientKeyExchange    (for Full handshake)
- *              ssl3_HandleServerHello          (for session restart)
- *              ssl3_HandleClientHello          (for session restart)
- * Caller MUST hold the specWriteLock, and SSL3HandshakeLock.
- * ssl3_InitPendingCipherSpec does that.
- *
- */
-static SECStatus
-ssl3_DeriveConnectionKeysPKCS11(sslSocket *ss)
-{
-    ssl3CipherSpec *pwSpec = ss->ssl3.pwSpec;
-    const ssl3KEADef *kea_def = ss->ssl3.hs.kea_def;
-    unsigned char *cr = (unsigned char *)&ss->ssl3.hs.client_random;
-    unsigned char *sr = (unsigned char *)&ss->ssl3.hs.server_random;
-    PRBool isTLS = (PRBool)(kea_def->tls_keygen ||
-                            (pwSpec->version > SSL_LIBRARY_VERSION_3_0));
-    PRBool isTLS12 =
-        (PRBool)(isTLS && pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
-    /* following variables used in PKCS11 path */
-    const ssl3BulkCipherDef *cipher_def = pwSpec->cipher_def;
-    PK11SlotInfo *slot = NULL;
-    PK11SymKey *symKey = NULL;
-    void *pwArg = ss->pkcs11PinArg;
-    int keySize;
-    CK_TLS12_KEY_MAT_PARAMS key_material_params; /* may be used as a
-                                                  * CK_SSL3_KEY_MAT_PARAMS */
-    unsigned int key_material_params_len;
-    CK_SSL3_KEY_MAT_OUT returnedKeys;
-    CK_MECHANISM_TYPE key_derive;
-    CK_MECHANISM_TYPE bulk_mechanism;
-    SSLCipherAlgorithm calg;
-    SECItem params;
-    PRBool skipKeysAndIVs = (PRBool)(cipher_def->calg == calg_null);
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSpecWriteLock(ss));
-    PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec);
-
-    if (!pwSpec->master_secret) {
-        PORT_SetError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
-        return SECFailure;
-    }
-    /*
-     * generate the key material
-     */
-    key_material_params.ulMacSizeInBits = pwSpec->mac_size * BPB;
-    key_material_params.ulKeySizeInBits = cipher_def->secret_key_size * BPB;
-    key_material_params.ulIVSizeInBits = cipher_def->iv_size * BPB;
-    if (cipher_def->type == type_block &&
-        pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_1) {
-        /* Block ciphers in >= TLS 1.1 use a per-record, explicit IV. */
-        key_material_params.ulIVSizeInBits = 0;
-        memset(pwSpec->client.write_iv, 0, cipher_def->iv_size);
-        memset(pwSpec->server.write_iv, 0, cipher_def->iv_size);
-    }
-
-    key_material_params.bIsExport = (CK_BBOOL)(kea_def->is_limited);
-
-    key_material_params.RandomInfo.pClientRandom = cr;
-    key_material_params.RandomInfo.ulClientRandomLen = SSL3_RANDOM_LENGTH;
-    key_material_params.RandomInfo.pServerRandom = sr;
-    key_material_params.RandomInfo.ulServerRandomLen = SSL3_RANDOM_LENGTH;
-    key_material_params.pReturnedKeyMaterial = &returnedKeys;
-
-    returnedKeys.pIVClient = pwSpec->client.write_iv;
-    returnedKeys.pIVServer = pwSpec->server.write_iv;
-    keySize = cipher_def->key_size;
-
-    if (skipKeysAndIVs) {
-        keySize = 0;
-        key_material_params.ulKeySizeInBits = 0;
-        key_material_params.ulIVSizeInBits = 0;
-        returnedKeys.pIVClient = NULL;
-        returnedKeys.pIVServer = NULL;
-    }
-
-    calg = cipher_def->calg;
-    bulk_mechanism = ssl3_Alg2Mech(calg);
-
-    if (isTLS12) {
-        key_derive = CKM_TLS12_KEY_AND_MAC_DERIVE;
-        key_material_params.prfHashMechanism = CKM_SHA256;
-        key_material_params_len = sizeof(CK_TLS12_KEY_MAT_PARAMS);
-    } else if (isTLS) {
-        key_derive = CKM_TLS_KEY_AND_MAC_DERIVE;
-        key_material_params_len = sizeof(CK_SSL3_KEY_MAT_PARAMS);
-    } else {
-        key_derive = CKM_SSL3_KEY_AND_MAC_DERIVE;
-        key_material_params_len = sizeof(CK_SSL3_KEY_MAT_PARAMS);
-    }
-
-    params.data = (unsigned char *)&key_material_params;
-    params.len = key_material_params_len;
-
-    /* CKM_SSL3_KEY_AND_MAC_DERIVE is defined to set ENCRYPT, DECRYPT, and
-     * DERIVE by DEFAULT */
-    symKey = PK11_Derive(pwSpec->master_secret, key_derive, &params,
-                         bulk_mechanism, CKA_ENCRYPT, keySize);
-    if (!symKey) {
-        ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
-        return SECFailure;
-    }
-    /* we really should use the actual mac'ing mechanism here, but we
-     * don't because these types are used to map keytype anyway and both
-     * mac's map to the same keytype.
-     */
-    slot = PK11_GetSlotFromKey(symKey);
-
-    PK11_FreeSlot(slot); /* slot is held until the key is freed */
-    pwSpec->client.write_mac_key =
-        PK11_SymKeyFromHandle(slot, symKey, PK11_OriginDerive,
-                              CKM_SSL3_SHA1_MAC, returnedKeys.hClientMacSecret, PR_TRUE, pwArg);
-    if (pwSpec->client.write_mac_key == NULL) {
-        goto loser; /* loser sets err */
-    }
-    pwSpec->server.write_mac_key =
-        PK11_SymKeyFromHandle(slot, symKey, PK11_OriginDerive,
-                              CKM_SSL3_SHA1_MAC, returnedKeys.hServerMacSecret, PR_TRUE, pwArg);
-    if (pwSpec->server.write_mac_key == NULL) {
-        goto loser; /* loser sets err */
-    }
-    if (!skipKeysAndIVs) {
-        pwSpec->client.write_key =
-            PK11_SymKeyFromHandle(slot, symKey, PK11_OriginDerive,
-                                  bulk_mechanism, returnedKeys.hClientKey, PR_TRUE, pwArg);
-        if (pwSpec->client.write_key == NULL) {
-            goto loser; /* loser sets err */
-        }
-        pwSpec->server.write_key =
-            PK11_SymKeyFromHandle(slot, symKey, PK11_OriginDerive,
-                                  bulk_mechanism, returnedKeys.hServerKey, PR_TRUE, pwArg);
-        if (pwSpec->server.write_key == NULL) {
-            goto loser; /* loser sets err */
-        }
-    }
-    PK11_FreeSymKey(symKey);
-    return SECSuccess;
-
-loser:
-    if (symKey)
-        PK11_FreeSymKey(symKey);
-    ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
-    return SECFailure;
-}
-
-/* ssl3_InitHandshakeHashes creates handshake hash contexts and hashes in
- * buffered messages in ss->ssl3.hs.messages. */
-static SECStatus
-ssl3_InitHandshakeHashes(sslSocket *ss)
-{
-    SSL_TRC(30, ("%d: SSL3[%d]: start handshake hashes", SSL_GETPID(), ss->fd));
-
-    PORT_Assert(ss->ssl3.hs.hashType == handshake_hash_unknown);
-#ifndef NO_PKCS11_BYPASS
-    if (ss->opt.bypassPKCS11) {
-        PORT_Assert(!ss->ssl3.hs.sha_obj && !ss->ssl3.hs.sha_clone);
-        if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
-            /* If we ever support ciphersuites where the PRF hash isn't SHA-256
-             * then this will need to be updated. */
-            ss->ssl3.hs.sha_obj = HASH_GetRawHashObject(HASH_AlgSHA256);
-            if (!ss->ssl3.hs.sha_obj) {
-                ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
-                return SECFailure;
-            }
-            ss->ssl3.hs.sha_clone = (void (*)(void *, void *))SHA256_Clone;
-            ss->ssl3.hs.hashType = handshake_hash_single;
-            ss->ssl3.hs.sha_obj->begin(ss->ssl3.hs.sha_cx);
-        } else {
-            ss->ssl3.hs.hashType = handshake_hash_combo;
-            MD5_Begin((MD5Context *)ss->ssl3.hs.md5_cx);
-            SHA1_Begin((SHA1Context *)ss->ssl3.hs.sha_cx);
-        }
-    } else
-#endif
-    {
-        PORT_Assert(!ss->ssl3.hs.md5 && !ss->ssl3.hs.sha);
-        /*
-         * note: We should probably lookup an SSL3 slot for these
-         * handshake hashes in hopes that we wind up with the same slots
-         * that the master secret will wind up in ...
-         */
-        if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
-            /* If we ever support ciphersuites where the PRF hash isn't SHA-256
-             * then this will need to be updated. */
-            ss->ssl3.hs.sha = PK11_CreateDigestContext(SEC_OID_SHA256);
-            if (ss->ssl3.hs.sha == NULL) {
-                ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
-                return SECFailure;
-            }
-            ss->ssl3.hs.hashType = handshake_hash_single;
-
-            if (PK11_DigestBegin(ss->ssl3.hs.sha) != SECSuccess) {
-                ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
-                return SECFailure;
-            }
-
-            /* Create a backup SHA-1 hash for a potential client auth
-             * signature.
-             *
-             * In TLS 1.2, ssl3_ComputeHandshakeHashes always uses the
-             * handshake hash function (SHA-256). If the server or the client
-             * does not support SHA-256 as a signature hash, we can either
-             * maintain a backup SHA-1 handshake hash or buffer all handshake
-             * messages.
-             */
-            if (!ss->sec.isServer) {
-                ss->ssl3.hs.backupHash = PK11_CreateDigestContext(SEC_OID_SHA1);
-                if (ss->ssl3.hs.backupHash == NULL) {
-                    ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
-                    return SECFailure;
-                }
-
-                if (PK11_DigestBegin(ss->ssl3.hs.backupHash) != SECSuccess) {
-                    ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
-                    return SECFailure;
-                }
-            }
-        } else {
-            /* Both ss->ssl3.hs.md5 and ss->ssl3.hs.sha should be NULL or
-             * created successfully. */
-            ss->ssl3.hs.md5 = PK11_CreateDigestContext(SEC_OID_MD5);
-            if (ss->ssl3.hs.md5 == NULL) {
-                ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
-                return SECFailure;
-            }
-            ss->ssl3.hs.sha = PK11_CreateDigestContext(SEC_OID_SHA1);
-            if (ss->ssl3.hs.sha == NULL) {
-                PK11_DestroyContext(ss->ssl3.hs.md5, PR_TRUE);
-                ss->ssl3.hs.md5 = NULL;
-                ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
-                return SECFailure;
-            }
-            ss->ssl3.hs.hashType = handshake_hash_combo;
-
-            if (PK11_DigestBegin(ss->ssl3.hs.md5) != SECSuccess) {
-                ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
-                return SECFailure;
-            }
-            if (PK11_DigestBegin(ss->ssl3.hs.sha) != SECSuccess) {
-                ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
-                return SECFailure;
-            }
-        }
-    }
-
-    if (ss->ssl3.hs.messages.len > 0) {
-        if (ssl3_UpdateHandshakeHashes(ss, ss->ssl3.hs.messages.buf,
-                                       ss->ssl3.hs.messages.len) !=
-            SECSuccess) {
-            return SECFailure;
-        }
-        PORT_Free(ss->ssl3.hs.messages.buf);
-        ss->ssl3.hs.messages.buf = NULL;
-        ss->ssl3.hs.messages.len = 0;
-        ss->ssl3.hs.messages.space = 0;
-    }
-
-    return SECSuccess;
-}
-
-static SECStatus
-ssl3_RestartHandshakeHashes(sslSocket *ss)
-{
-    SECStatus rv = SECSuccess;
-
-    SSL_TRC(30, ("%d: SSL3[%d]: reset handshake hashes",
-                 SSL_GETPID(), ss->fd));
-    ss->ssl3.hs.hashType = handshake_hash_unknown;
-    ss->ssl3.hs.messages.len = 0;
-#ifndef NO_PKCS11_BYPASS
-    ss->ssl3.hs.sha_obj = NULL;
-    ss->ssl3.hs.sha_clone = NULL;
-#endif
-    if (ss->ssl3.hs.md5) {
-        PK11_DestroyContext(ss->ssl3.hs.md5, PR_TRUE);
-        ss->ssl3.hs.md5 = NULL;
-    }
-    if (ss->ssl3.hs.sha) {
-        PK11_DestroyContext(ss->ssl3.hs.sha, PR_TRUE);
-        ss->ssl3.hs.sha = NULL;
-    }
-    return rv;
-}
-
-/*
- * Handshake messages
- */
-/* Called from  ssl3_InitHandshakeHashes()
-**      ssl3_AppendHandshake()
-**      ssl3_StartHandshakeHash()
-**      ssl3_HandleV2ClientHello()
-**      ssl3_HandleHandshakeMessage()
-** Caller must hold the ssl3Handshake lock.
-*/
-static SECStatus
-ssl3_UpdateHandshakeHashes(sslSocket *ss, const unsigned char *b,
-                           unsigned int l)
-{
-    SECStatus rv = SECSuccess;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    /* We need to buffer the handshake messages until we have established
-     * which handshake hash function to use. */
-    if (ss->ssl3.hs.hashType == handshake_hash_unknown) {
-        return sslBuffer_Append(&ss->ssl3.hs.messages, b, l);
-    }
-
-    PRINT_BUF(90, (NULL, "handshake hash input:", b, l));
-
-#ifndef NO_PKCS11_BYPASS
-    if (ss->opt.bypassPKCS11) {
-        if (ss->ssl3.hs.hashType == handshake_hash_single) {
-            ss->ssl3.hs.sha_obj->update(ss->ssl3.hs.sha_cx, b, l);
-        } else {
-            MD5_Update((MD5Context *)ss->ssl3.hs.md5_cx, b, l);
-            SHA1_Update((SHA1Context *)ss->ssl3.hs.sha_cx, b, l);
-        }
-        return rv;
-    }
-#endif
-    if (ss->ssl3.hs.hashType == handshake_hash_single) {
-        rv = PK11_DigestOp(ss->ssl3.hs.sha, b, l);
-        if (rv != SECSuccess) {
-            ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
-            return rv;
-        }
-        if (ss->ssl3.hs.backupHash) {
-            rv = PK11_DigestOp(ss->ssl3.hs.backupHash, b, l);
-            if (rv != SECSuccess) {
-                ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
-                return rv;
-            }
-        }
-    } else {
-        rv = PK11_DigestOp(ss->ssl3.hs.md5, b, l);
-        if (rv != SECSuccess) {
-            ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
-            return rv;
-        }
-        rv = PK11_DigestOp(ss->ssl3.hs.sha, b, l);
-        if (rv != SECSuccess) {
-            ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
-            return rv;
-        }
-    }
-    return rv;
-}
-
-/**************************************************************************
- * Append Handshake functions.
- * All these functions set appropriate error codes.
- * Most rely on ssl3_AppendHandshake to set the error code.
- **************************************************************************/
-SECStatus
-ssl3_AppendHandshake(sslSocket *ss, const void *void_src, PRInt32 bytes)
-{
-    unsigned char *src = (unsigned char *)void_src;
-    int room = ss->sec.ci.sendBuf.space - ss->sec.ci.sendBuf.len;
-    SECStatus rv;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); /* protects sendBuf. */
-
-    if (!bytes)
-        return SECSuccess;
-    if (ss->sec.ci.sendBuf.space < MAX_SEND_BUF_LENGTH && room < bytes) {
-        rv = sslBuffer_Grow(&ss->sec.ci.sendBuf, PR_MAX(MIN_SEND_BUF_LENGTH,
-                                                        PR_MIN(MAX_SEND_BUF_LENGTH, ss->sec.ci.sendBuf.len + bytes)));
-        if (rv != SECSuccess)
-            return rv; /* sslBuffer_Grow has set a memory error code. */
-        room = ss->sec.ci.sendBuf.space - ss->sec.ci.sendBuf.len;
-    }
-
-    PRINT_BUF(60, (ss, "Append to Handshake", (unsigned char *)void_src, bytes));
-    rv = ssl3_UpdateHandshakeHashes(ss, src, bytes);
-    if (rv != SECSuccess)
-        return rv; /* error code set by ssl3_UpdateHandshakeHashes */
-
-    while (bytes > room) {
-        if (room > 0)
-            PORT_Memcpy(ss->sec.ci.sendBuf.buf + ss->sec.ci.sendBuf.len, src,
-                        room);
-        ss->sec.ci.sendBuf.len += room;
-        rv = ssl3_FlushHandshake(ss, ssl_SEND_FLAG_FORCE_INTO_BUFFER);
-        if (rv != SECSuccess) {
-            return rv; /* error code set by ssl3_FlushHandshake */
-        }
-        bytes -= room;
-        src += room;
-        room = ss->sec.ci.sendBuf.space;
-        PORT_Assert(ss->sec.ci.sendBuf.len == 0);
-    }
-    PORT_Memcpy(ss->sec.ci.sendBuf.buf + ss->sec.ci.sendBuf.len, src, bytes);
-    ss->sec.ci.sendBuf.len += bytes;
-    return SECSuccess;
-}
-
-SECStatus
-ssl3_AppendHandshakeNumber(sslSocket *ss, PRInt32 num, PRInt32 lenSize)
-{
-    SECStatus rv;
-    PRUint8 b[4];
-    PRUint8 *p = b;
-
-    PORT_Assert(lenSize <= 4 && lenSize > 0);
-    if (lenSize < 4 && num >= (1L << (lenSize * 8))) {
-        PORT_SetError(SSL_ERROR_TX_RECORD_TOO_LONG);
-        return SECFailure;
-    }
-
-    switch (lenSize) {
-        case 4:
-            *p++ = (num >> 24) & 0xff;
-        case 3:
-            *p++ = (num >> 16) & 0xff;
-        case 2:
-            *p++ = (num >> 8) & 0xff;
-        case 1:
-            *p = num & 0xff;
-    }
-    SSL_TRC(60, ("%d: number:", SSL_GETPID()));
-    rv = ssl3_AppendHandshake(ss, &b[0], lenSize);
-    return rv; /* error code set by AppendHandshake, if applicable. */
-}
-
-SECStatus
-ssl3_AppendHandshakeVariable(
-    sslSocket *ss, const SSL3Opaque *src, PRInt32 bytes, PRInt32 lenSize)
-{
-    SECStatus rv;
-
-    PORT_Assert((bytes < (1 << 8) && lenSize == 1) ||
-                (bytes < (1L << 16) && lenSize == 2) ||
-                (bytes < (1L << 24) && lenSize == 3));
-
-    SSL_TRC(60, ("%d: append variable:", SSL_GETPID()));
-    rv = ssl3_AppendHandshakeNumber(ss, bytes, lenSize);
-    if (rv != SECSuccess) {
-        return rv; /* error code set by AppendHandshake, if applicable. */
-    }
-    SSL_TRC(60, ("data:"));
-    rv = ssl3_AppendHandshake(ss, src, bytes);
-    return rv; /* error code set by AppendHandshake, if applicable. */
-}
-
-SECStatus
-ssl3_AppendHandshakeHeader(sslSocket *ss, SSL3HandshakeType t, PRUint32 length)
-{
-    SECStatus rv;
-
-    /* If we already have a message in place, we need to enqueue it.
-     * This empties the buffer. This is a convenient place to call
-     * dtls_StageHandshakeMessage to mark the message boundary.
-     */
-    if (IS_DTLS(ss)) {
-        rv = dtls_StageHandshakeMessage(ss);
-        if (rv != SECSuccess) {
-            return rv;
-        }
-    }
-
-    SSL_TRC(30, ("%d: SSL3[%d]: append handshake header: type %s",
-                 SSL_GETPID(), ss->fd, ssl3_DecodeHandshakeType(t)));
-
-    rv = ssl3_AppendHandshakeNumber(ss, t, 1);
-    if (rv != SECSuccess) {
-        return rv; /* error code set by AppendHandshake, if applicable. */
-    }
-    rv = ssl3_AppendHandshakeNumber(ss, length, 3);
-    if (rv != SECSuccess) {
-        return rv; /* error code set by AppendHandshake, if applicable. */
-    }
-
-    if (IS_DTLS(ss)) {
-        /* Note that we make an unfragmented message here. We fragment in the
-         * transmission code, if necessary */
-        rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.hs.sendMessageSeq, 2);
-        if (rv != SECSuccess) {
-            return rv; /* error code set by AppendHandshake, if applicable. */
-        }
-        ss->ssl3.hs.sendMessageSeq++;
-
-        /* 0 is the fragment offset, because it's not fragmented yet */
-        rv = ssl3_AppendHandshakeNumber(ss, 0, 3);
-        if (rv != SECSuccess) {
-            return rv; /* error code set by AppendHandshake, if applicable. */
-        }
-
-        /* Fragment length -- set to the packet length because not fragmented */
-        rv = ssl3_AppendHandshakeNumber(ss, length, 3);
-        if (rv != SECSuccess) {
-            return rv; /* error code set by AppendHandshake, if applicable. */
-        }
-    }
-
-    return rv; /* error code set by AppendHandshake, if applicable. */
-}
-
-/* ssl3_AppendSignatureAndHashAlgorithm appends the serialisation of
- * |sigAndHash| to the current handshake message. */
-SECStatus
-ssl3_AppendSignatureAndHashAlgorithm(
-    sslSocket *ss, const SSLSignatureAndHashAlg *sigAndHash)
-{
-    PRUint8 serialized[2];
-
-    serialized[0] = (PRUint8)sigAndHash->hashAlg;
-    serialized[1] = (PRUint8)sigAndHash->sigAlg;
-
-    return ssl3_AppendHandshake(ss, serialized, sizeof(serialized));
-}
-
-/**************************************************************************
- * Consume Handshake functions.
- *
- * All data used in these functions is protected by two locks,
- * the RecvBufLock and the SSL3HandshakeLock
- **************************************************************************/
-
-/* Read up the next "bytes" number of bytes from the (decrypted) input
- * stream "b" (which is *length bytes long). Copy them into buffer "v".
- * Reduces *length by bytes.  Advances *b by bytes.
- *
- * If this function returns SECFailure, it has already sent an alert,
- * and has set a generic error code.  The caller should probably
- * override the generic error code by setting another.
- */
-SECStatus
-ssl3_ConsumeHandshake(sslSocket *ss, void *v, PRInt32 bytes, SSL3Opaque **b,
-                      PRUint32 *length)
-{
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    if ((PRUint32)bytes > *length) {
-        return ssl3_DecodeError(ss);
-    }
-    PORT_Memcpy(v, *b, bytes);
-    PRINT_BUF(60, (ss, "consume bytes:", *b, bytes));
-    *b += bytes;
-    *length -= bytes;
-    return SECSuccess;
-}
-
-/* Read up the next "bytes" number of bytes from the (decrypted) input
- * stream "b" (which is *length bytes long), and interpret them as an
- * integer in network byte order.  Returns the received value.
- * Reduces *length by bytes.  Advances *b by bytes.
- *
- * Returns SECFailure (-1) on failure.
- * This value is indistinguishable from the equivalent received value.
- * Only positive numbers are to be received this way.
- * Thus, the largest value that may be sent this way is 0x7fffffff.
- * On error, an alert has been sent, and a generic error code has been set.
- */
-PRInt32
-ssl3_ConsumeHandshakeNumber(sslSocket *ss, PRInt32 bytes, SSL3Opaque **b,
-                            PRUint32 *length)
-{
-    PRUint8 *buf = *b;
-    int i;
-    PRInt32 num = 0;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-    PORT_Assert(bytes <= sizeof num);
-
-    if ((PRUint32)bytes > *length) {
-        return ssl3_DecodeError(ss);
-    }
-    PRINT_BUF(60, (ss, "consume bytes:", *b, bytes));
-
-    for (i = 0; i < bytes; i++)
-        num = (num << 8) + buf[i];
-    *b += bytes;
-    *length -= bytes;
-    return num;
-}
-
-/* Read in two values from the incoming decrypted byte stream "b", which is
- * *length bytes long.  The first value is a number whose size is "bytes"
- * bytes long.  The second value is a byte-string whose size is the value
- * of the first number received.  The latter byte-string, and its length,
- * is returned in the SECItem i.
- *
- * Returns SECFailure (-1) on failure.
- * On error, an alert has been sent, and a generic error code has been set.
- *
- * RADICAL CHANGE for NSS 3.11.  All callers of this function make copies
- * of the data returned in the SECItem *i, so making a copy of it here
- * is simply wasteful.  So, This function now just sets SECItem *i to
- * point to the values in the buffer **b.
- */
-SECStatus
-ssl3_ConsumeHandshakeVariable(sslSocket *ss, SECItem *i, PRInt32 bytes,
-                              SSL3Opaque **b, PRUint32 *length)
-{
-    PRInt32 count;
-
-    PORT_Assert(bytes <= 3);
-    i->len = 0;
-    i->data = NULL;
-    i->type = siBuffer;
-    count = ssl3_ConsumeHandshakeNumber(ss, bytes, b, length);
-    if (count < 0) { /* Can't test for SECSuccess here. */
-        return SECFailure;
-    }
-    if (count > 0) {
-        if ((PRUint32)count > *length) {
-            return ssl3_DecodeError(ss);
-        }
-        i->data = *b;
-        i->len = count;
-        *b += count;
-        *length -= count;
-    }
-    return SECSuccess;
-}
-
-/* tlsHashOIDMap contains the mapping between TLS hash identifiers and the
- * SECOidTag used internally by NSS. */
-static const struct {
-    SSLHashType tlsHash;
-    SECOidTag oid;
-} tlsHashOIDMap[] = {
-    { ssl_hash_sha1, SEC_OID_SHA1 },
-    { ssl_hash_sha256, SEC_OID_SHA256 },
-    { ssl_hash_sha384, SEC_OID_SHA384 },
-    { ssl_hash_sha512, SEC_OID_SHA512 }
-};
-
-/* ssl3_TLSHashAlgorithmToOID converts a TLS hash identifier into an OID value.
- * If the hash is not recognised, SEC_OID_UNKNOWN is returned.
- *
- * See https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
-SECOidTag
-ssl3_TLSHashAlgorithmToOID(SSLHashType hashFunc)
-{
-    unsigned int i;
-
-    for (i = 0; i < PR_ARRAY_SIZE(tlsHashOIDMap); i++) {
-        if (hashFunc == tlsHashOIDMap[i].tlsHash) {
-            return tlsHashOIDMap[i].oid;
-        }
-    }
-    return SEC_OID_UNKNOWN;
-}
-
-/* ssl3_TLSSignatureAlgorithmForKeyType returns the TLS 1.2 signature algorithm
- * identifier for a given KeyType. */
-static SECStatus
-ssl3_TLSSignatureAlgorithmForKeyType(KeyType keyType, SSLSignType *out)
-{
-    switch (keyType) {
-        case rsaKey:
-            *out = ssl_sign_rsa;
-            return SECSuccess;
-        case dsaKey:
-            *out = ssl_sign_dsa;
-            return SECSuccess;
-        case ecKey:
-            *out = ssl_sign_ecdsa;
-            return SECSuccess;
-        default:
-            PORT_SetError(SEC_ERROR_INVALID_KEY);
-            return SECFailure;
-    }
-}
-
-/* ssl3_TLSSignatureAlgorithmForCertificate returns the TLS 1.2 signature
- * algorithm identifier for the given certificate. */
-static SECStatus
-ssl3_TLSSignatureAlgorithmForCertificate(CERTCertificate *cert,
-                                         SSLSignType *out)
-{
-    SECKEYPublicKey *key;
-    KeyType keyType;
-
-    key = CERT_ExtractPublicKey(cert);
-    if (key == NULL) {
-        ssl_MapLowLevelError(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE);
-        return SECFailure;
-    }
-
-    keyType = key->keyType;
-    SECKEY_DestroyPublicKey(key);
-    return ssl3_TLSSignatureAlgorithmForKeyType(keyType, out);
-}
-
-/* ssl3_CheckSignatureAndHashAlgorithmConsistency checks that the signature
- * algorithm identifier in |sigAndHash| is consistent with the public key in
- * |cert|. It also checks the hash algorithm against the configured signature
- * algorithms.  If all the tests pass, SECSuccess is returned. Otherwise,
- * PORT_SetError is called and SECFailure is returned. */
-SECStatus
-ssl3_CheckSignatureAndHashAlgorithmConsistency(
-    sslSocket *ss, const SSLSignatureAndHashAlg *sigAndHash,
-    CERTCertificate *cert)
-{
-    SECStatus rv;
-    SSLSignType sigAlg;
-    unsigned int i;
-
-    /* If we're a client, check that the signature algorithm matches the signing
-     * key type of the cipher suite. */
-    if (!ss->sec.isServer &&
-        ss->ssl3.hs.kea_def->signKeyType != sigAndHash->sigAlg) {
-        PORT_SetError(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM);
-        return SECFailure;
-    }
-
-    /* Verify that the signature algorithm used for the
-     * signature matches the signing key. */
-    rv = ssl3_TLSSignatureAlgorithmForCertificate(cert, &sigAlg);
-    if (rv != SECSuccess) {
-        return rv;
-    }
-    if (sigAlg != sigAndHash->sigAlg) {
-        PORT_SetError(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM);
-        return SECFailure;
-    }
-
-    for (i = 0; i < ss->ssl3.signatureAlgorithmCount; ++i) {
-        const SSLSignatureAndHashAlg *alg = &ss->ssl3.signatureAlgorithms[i];
-        if (sigAndHash->sigAlg == alg->sigAlg &&
-            sigAndHash->hashAlg == alg->hashAlg) {
-            return SECSuccess;
-        }
-    }
-    PORT_SetError(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM);
-    return SECFailure;
-}
-
-PRBool
-ssl3_IsSupportedSignatureAlgorithm(const SSLSignatureAndHashAlg *alg)
-{
-    static const SSLHashType supportedHashes[] = {
-        ssl_hash_sha1,
-        ssl_hash_sha256,
-        ssl_hash_sha384,
-        ssl_hash_sha512
-    };
-
-    static const SSLSignType supportedSigAlgs[] = {
-        ssl_sign_rsa,
-#ifndef NSS_DISABLE_ECC
-        ssl_sign_ecdsa,
-#endif
-        ssl_sign_dsa
-    };
-
-    unsigned int i;
-    PRBool hashOK = PR_FALSE;
-    PRBool signOK = PR_FALSE;
-
-    for (i = 0; i < PR_ARRAY_SIZE(supportedHashes); ++i) {
-        if (alg->hashAlg == supportedHashes[i]) {
-            hashOK = PR_TRUE;
-            break;
-        }
-    }
-
-    for (i = 0; i < PR_ARRAY_SIZE(supportedSigAlgs); ++i) {
-        if (alg->sigAlg == supportedSigAlgs[i]) {
-            signOK = PR_TRUE;
-            break;
-        }
-    }
-
-    return hashOK && signOK;
-}
-
-/* ssl3_ConsumeSignatureAndHashAlgorithm reads a SignatureAndHashAlgorithm
- * structure from |b| and puts the resulting value into |out|. |b| and |length|
- * are updated accordingly.
- *
- * See https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
-SECStatus
-ssl3_ConsumeSignatureAndHashAlgorithm(sslSocket *ss,
-                                      SSL3Opaque **b,
-                                      PRUint32 *length,
-                                      SSLSignatureAndHashAlg *out)
-{
-    PRUint8 bytes[2];
-    SECStatus rv;
-
-    rv = ssl3_ConsumeHandshake(ss, bytes, sizeof(bytes), b, length);
-    if (rv != SECSuccess) {
-        return rv;
-    }
-
-    out->hashAlg = (SSLHashType)bytes[0];
-    out->sigAlg = (SSLSignType)bytes[1];
-    if (!ssl3_IsSupportedSignatureAlgorithm(out)) {
-        PORT_SetError(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM);
-        return SECFailure;
-    }
-    return SECSuccess;
-}
-
-/**************************************************************************
- * end of Consume Handshake functions.
- **************************************************************************/
-
-/* Extract the hashes of handshake messages to this point.
- * Called from ssl3_SendCertificateVerify
- *             ssl3_SendFinished
- *             ssl3_HandleHandshakeMessage
- *
- * Caller must hold the SSL3HandshakeLock.
- * Caller must hold a read or write lock on the Spec R/W lock.
- *  (There is presently no way to assert on a Read lock.)
- */
-SECStatus
-ssl3_ComputeHandshakeHashes(sslSocket *ss,
-                            ssl3CipherSpec *spec, /* uses ->master_secret */
-                            SSL3Hashes *hashes,   /* output goes here. */
-                            PRUint32 sender)
-{
-    SECStatus rv = SECSuccess;
-    PRBool isTLS = (PRBool)(spec->version > SSL_LIBRARY_VERSION_3_0);
-    unsigned int outLength;
-    SSL3Opaque md5_inner[MAX_MAC_LENGTH];
-    SSL3Opaque sha_inner[MAX_MAC_LENGTH];
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-    if (ss->ssl3.hs.hashType == handshake_hash_unknown) {
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        return SECFailure;
-    }
-
-    hashes->hashAlg = ssl_hash_none;
-
-#ifndef NO_PKCS11_BYPASS
-    if (ss->opt.bypassPKCS11 &&
-        ss->ssl3.hs.hashType == handshake_hash_single) {
-        /* compute them without PKCS11 */
-        PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS];
-
-        ss->ssl3.hs.sha_clone(sha_cx, ss->ssl3.hs.sha_cx);
-        ss->ssl3.hs.sha_obj->end(sha_cx, hashes->u.raw, &hashes->len,
-                                 sizeof(hashes->u.raw));
-
-        PRINT_BUF(60, (NULL, "SHA-256: result", hashes->u.raw, hashes->len));
-
-        /* If we ever support ciphersuites where the PRF hash isn't SHA-256
-         * then this will need to be updated. */
-        hashes->hashAlg = ssl_hash_sha256;
-        rv = SECSuccess;
-    } else if (ss->opt.bypassPKCS11) {
-        /* compute them without PKCS11 */
-        PRUint64 md5_cx[MAX_MAC_CONTEXT_LLONGS];
-        PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS];
-
-#define md5cx ((MD5Context *)md5_cx)
-#define shacx ((SHA1Context *)sha_cx)
-
-        MD5_Clone(md5cx, (MD5Context *)ss->ssl3.hs.md5_cx);
-        SHA1_Clone(shacx, (SHA1Context *)ss->ssl3.hs.sha_cx);
-
-        if (!isTLS) {
-            /* compute hashes for SSL3. */
-            unsigned char s[4];
-
-            if (!spec->msItem.data) {
-                PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE);
-                return SECFailure;
-            }
-
-            s[0] = (unsigned char)(sender >> 24);
-            s[1] = (unsigned char)(sender >> 16);
-            s[2] = (unsigned char)(sender >> 8);
-            s[3] = (unsigned char)sender;
-
-            if (sender != 0) {
-                MD5_Update(md5cx, s, 4);
-                PRINT_BUF(95, (NULL, "MD5 inner: sender", s, 4));
-            }
-
-            PRINT_BUF(95, (NULL, "MD5 inner: MAC Pad 1", mac_pad_1,
-                           mac_defs[mac_md5].pad_size));
-
-            MD5_Update(md5cx, spec->msItem.data, spec->msItem.len);
-            MD5_Update(md5cx, mac_pad_1, mac_defs[mac_md5].pad_size);
-            MD5_End(md5cx, md5_inner, &outLength, MD5_LENGTH);
-
-            PRINT_BUF(95, (NULL, "MD5 inner: result", md5_inner, outLength));
-
-            if (sender != 0) {
-                SHA1_Update(shacx, s, 4);
-                PRINT_BUF(95, (NULL, "SHA inner: sender", s, 4));
-            }
-
-            PRINT_BUF(95, (NULL, "SHA inner: MAC Pad 1", mac_pad_1,
-                           mac_defs[mac_sha].pad_size));
-
-            SHA1_Update(shacx, spec->msItem.data, spec->msItem.len);
-            SHA1_Update(shacx, mac_pad_1, mac_defs[mac_sha].pad_size);
-            SHA1_End(shacx, sha_inner, &outLength, SHA1_LENGTH);
-
-            PRINT_BUF(95, (NULL, "SHA inner: result", sha_inner, outLength));
-            PRINT_BUF(95, (NULL, "MD5 outer: MAC Pad 2", mac_pad_2,
-                           mac_defs[mac_md5].pad_size));
-            PRINT_BUF(95, (NULL, "MD5 outer: MD5 inner", md5_inner, MD5_LENGTH));
-
-            MD5_Begin(md5cx);
-            MD5_Update(md5cx, spec->msItem.data, spec->msItem.len);
-            MD5_Update(md5cx, mac_pad_2, mac_defs[mac_md5].pad_size);
-            MD5_Update(md5cx, md5_inner, MD5_LENGTH);
-        }
-        MD5_End(md5cx, hashes->u.s.md5, &outLength, MD5_LENGTH);
-
-        PRINT_BUF(60, (NULL, "MD5 outer: result", hashes->u.s.md5, MD5_LENGTH));
-
-        if (!isTLS) {
-            PRINT_BUF(95, (NULL, "SHA outer: MAC Pad 2", mac_pad_2,
-                           mac_defs[mac_sha].pad_size));
-            PRINT_BUF(95, (NULL, "SHA outer: SHA inner", sha_inner, SHA1_LENGTH));
-
-            SHA1_Begin(shacx);
-            SHA1_Update(shacx, spec->msItem.data, spec->msItem.len);
-            SHA1_Update(shacx, mac_pad_2, mac_defs[mac_sha].pad_size);
-            SHA1_Update(shacx, sha_inner, SHA1_LENGTH);
-        }
-        SHA1_End(shacx, hashes->u.s.sha, &outLength, SHA1_LENGTH);
-
-        PRINT_BUF(60, (NULL, "SHA outer: result", hashes->u.s.sha, SHA1_LENGTH));
-
-        hashes->len = MD5_LENGTH + SHA1_LENGTH;
-        rv = SECSuccess;
-#undef md5cx
-#undef shacx
-    } else
-#endif
-        if (ss->ssl3.hs.hashType == handshake_hash_single) {
-        /* compute hashes with PKCS11 */
-        PK11Context *h;
-        unsigned int stateLen;
-        unsigned char stackBuf[1024];
-        unsigned char *stateBuf = NULL;
-
-        h = ss->ssl3.hs.sha;
-        stateBuf = PK11_SaveContextAlloc(h, stackBuf,
-                                         sizeof(stackBuf), &stateLen);
-        if (stateBuf == NULL) {
-            ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
-            goto tls12_loser;
-        }
-        rv |= PK11_DigestFinal(h, hashes->u.raw, &hashes->len,
-                               sizeof(hashes->u.raw));
-        if (rv != SECSuccess) {
-            ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
-            rv = SECFailure;
-            goto tls12_loser;
-        }
-        /* If we ever support ciphersuites where the PRF hash isn't SHA-256
-         * then this will need to be updated. */
-        hashes->hashAlg = ssl_hash_sha256;
-        rv = SECSuccess;
-
-    tls12_loser:
-        if (stateBuf) {
-            if (PK11_RestoreContext(h, stateBuf, stateLen) != SECSuccess) {
-                ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
-                rv = SECFailure;
-            }
-            if (stateBuf != stackBuf) {
-                PORT_ZFree(stateBuf, stateLen);
-            }
-        }
-    } else {
-        /* compute hashes with PKCS11 */
-        PK11Context *md5;
-        PK11Context *sha = NULL;
-        unsigned char *md5StateBuf = NULL;
-        unsigned char *shaStateBuf = NULL;
-        unsigned int md5StateLen, shaStateLen;
-        unsigned char md5StackBuf[256];
-        unsigned char shaStackBuf[512];
-
-        md5StateBuf = PK11_SaveContextAlloc(ss->ssl3.hs.md5, md5StackBuf,
-                                            sizeof md5StackBuf, &md5StateLen);
-        if (md5StateBuf == NULL) {
-            ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
-            goto loser;
-        }
-        md5 = ss->ssl3.hs.md5;
-
-        shaStateBuf = PK11_SaveContextAlloc(ss->ssl3.hs.sha, shaStackBuf,
-                                            sizeof shaStackBuf, &shaStateLen);
-        if (shaStateBuf == NULL) {
-            ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
-            goto loser;
-        }
-        sha = ss->ssl3.hs.sha;
-
-        if (!isTLS) {
-            /* compute hashes for SSL3. */
-            unsigned char s[4];
-
-            if (!spec->master_secret) {
-                PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE);
-                rv = SECFailure;
-                goto loser;
-            }
-
-            s[0] = (unsigned char)(sender >> 24);
-            s[1] = (unsigned char)(sender >> 16);
-            s[2] = (unsigned char)(sender >> 8);
-            s[3] = (unsigned char)sender;
-
-            if (sender != 0) {
-                rv |= PK11_DigestOp(md5, s, 4);
-                PRINT_BUF(95, (NULL, "MD5 inner: sender", s, 4));
-            }
-
-            PRINT_BUF(95, (NULL, "MD5 inner: MAC Pad 1", mac_pad_1,
-                           mac_defs[mac_md5].pad_size));
-
-            rv |= PK11_DigestKey(md5, spec->master_secret);
-            rv |= PK11_DigestOp(md5, mac_pad_1, mac_defs[mac_md5].pad_size);
-            rv |= PK11_DigestFinal(md5, md5_inner, &outLength, MD5_LENGTH);
-            PORT_Assert(rv != SECSuccess || outLength == MD5_LENGTH);
-            if (rv != SECSuccess) {
-                ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
-                rv = SECFailure;
-                goto loser;
-            }
-
-            PRINT_BUF(95, (NULL, "MD5 inner: result", md5_inner, outLength));
-
-            if (sender != 0) {
-                rv |= PK11_DigestOp(sha, s, 4);
-                PRINT_BUF(95, (NULL, "SHA inner: sender", s, 4));
-            }
-
-            PRINT_BUF(95, (NULL, "SHA inner: MAC Pad 1", mac_pad_1,
-                           mac_defs[mac_sha].pad_size));
-
-            rv |= PK11_DigestKey(sha, spec->master_secret);
-            rv |= PK11_DigestOp(sha, mac_pad_1, mac_defs[mac_sha].pad_size);
-            rv |= PK11_DigestFinal(sha, sha_inner, &outLength, SHA1_LENGTH);
-            PORT_Assert(rv != SECSuccess || outLength == SHA1_LENGTH);
-            if (rv != SECSuccess) {
-                ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
-                rv = SECFailure;
-                goto loser;
-            }
-
-            PRINT_BUF(95, (NULL, "SHA inner: result", sha_inner, outLength));
-
-            PRINT_BUF(95, (NULL, "MD5 outer: MAC Pad 2", mac_pad_2,
-                           mac_defs[mac_md5].pad_size));
-            PRINT_BUF(95, (NULL, "MD5 outer: MD5 inner", md5_inner, MD5_LENGTH));
-
-            rv |= PK11_DigestBegin(md5);
-            rv |= PK11_DigestKey(md5, spec->master_secret);
-            rv |= PK11_DigestOp(md5, mac_pad_2, mac_defs[mac_md5].pad_size);
-            rv |= PK11_DigestOp(md5, md5_inner, MD5_LENGTH);
-        }
-        rv |= PK11_DigestFinal(md5, hashes->u.s.md5, &outLength, MD5_LENGTH);
-        PORT_Assert(rv != SECSuccess || outLength == MD5_LENGTH);
-        if (rv != SECSuccess) {
-            ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
-            rv = SECFailure;
-            goto loser;
-        }
-
-        PRINT_BUF(60, (NULL, "MD5 outer: result", hashes->u.s.md5, MD5_LENGTH));
-
-        if (!isTLS) {
-            PRINT_BUF(95, (NULL, "SHA outer: MAC Pad 2", mac_pad_2,
-                           mac_defs[mac_sha].pad_size));
-            PRINT_BUF(95, (NULL, "SHA outer: SHA inner", sha_inner, SHA1_LENGTH));
-
-            rv |= PK11_DigestBegin(sha);
-            rv |= PK11_DigestKey(sha, spec->master_secret);
-            rv |= PK11_DigestOp(sha, mac_pad_2, mac_defs[mac_sha].pad_size);
-            rv |= PK11_DigestOp(sha, sha_inner, SHA1_LENGTH);
-        }
-        rv |= PK11_DigestFinal(sha, hashes->u.s.sha, &outLength, SHA1_LENGTH);
-        PORT_Assert(rv != SECSuccess || outLength == SHA1_LENGTH);
-        if (rv != SECSuccess) {
-            ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
-            rv = SECFailure;
-            goto loser;
-        }
-
-        PRINT_BUF(60, (NULL, "SHA outer: result", hashes->u.s.sha, SHA1_LENGTH));
-
-        hashes->len = MD5_LENGTH + SHA1_LENGTH;
-        rv = SECSuccess;
-
-    loser:
-        if (md5StateBuf) {
-            if (PK11_RestoreContext(ss->ssl3.hs.md5, md5StateBuf, md5StateLen) !=
-                SECSuccess) {
-                ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
-                rv = SECFailure;
-            }
-            if (md5StateBuf != md5StackBuf) {
-                PORT_ZFree(md5StateBuf, md5StateLen);
-            }
-        }
-        if (shaStateBuf) {
-            if (PK11_RestoreContext(ss->ssl3.hs.sha, shaStateBuf, shaStateLen) !=
-                SECSuccess) {
-                ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
-                rv = SECFailure;
-            }
-            if (shaStateBuf != shaStackBuf) {
-                PORT_ZFree(shaStateBuf, shaStateLen);
-            }
-        }
-    }
-    return rv;
-}
-
-static SECStatus
-ssl3_ComputeBackupHandshakeHashes(sslSocket *ss,
-                                  SSL3Hashes *hashes) /* output goes here. */
-{
-    SECStatus rv = SECSuccess;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-    PORT_Assert(!ss->sec.isServer);
-    PORT_Assert(ss->ssl3.hs.hashType == handshake_hash_single);
-
-    rv = PK11_DigestFinal(ss->ssl3.hs.backupHash, hashes->u.raw, &hashes->len,
-                          sizeof(hashes->u.raw));
-    if (rv != SECSuccess) {
-        ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
-        rv = SECFailure;
-        goto loser;
-    }
-    hashes->hashAlg = ssl_hash_sha1;
-
-loser:
-    PK11_DestroyContext(ss->ssl3.hs.backupHash, PR_TRUE);
-    ss->ssl3.hs.backupHash = NULL;
-    return rv;
-}
-
-/*
- * SSL 2 based implementations pass in the initial outbound buffer
- * so that the handshake hash can contain the included information.
- *
- * Called from ssl2_BeginClientHandshake() in sslcon.c
- */
-SECStatus
-ssl3_StartHandshakeHash(sslSocket *ss, unsigned char *buf, int length)
-{
-    SECStatus rv;
-
-    ssl_GetSSL3HandshakeLock(ss); /**************************************/
-
-    rv = ssl3_InitState(ss);
-    if (rv != SECSuccess) {
-        goto done; /* ssl3_InitState has set the error code. */
-    }
-    rv = ssl3_RestartHandshakeHashes(ss);
-    if (rv != SECSuccess) {
-        goto done;
-    }
-
-    PORT_Memset(&ss->ssl3.hs.client_random, 0, SSL3_RANDOM_LENGTH);
-    PORT_Memcpy(
-        &ss->ssl3.hs.client_random.rand[SSL3_RANDOM_LENGTH - SSL_CHALLENGE_BYTES],
-        &ss->sec.ci.clientChallenge,
-        SSL_CHALLENGE_BYTES);
-
-    rv = ssl3_UpdateHandshakeHashes(ss, buf, length);
-    /* if it failed, ssl3_UpdateHandshakeHashes has set the error code. */
-
-done:
-    ssl_ReleaseSSL3HandshakeLock(ss); /**************************************/
-    return rv;
-}
-
-/**************************************************************************
- * end of Handshake Hash functions.
- * Begin Send and Handle functions for handshakes.
- **************************************************************************/
-
-/* Called from ssl3_HandleHelloRequest(),
- *             ssl3_RedoHandshake()
- *             ssl2_BeginClientHandshake (when resuming ssl3 session)
- *             dtls_HandleHelloVerifyRequest(with resending=PR_TRUE)
- */
-SECStatus
-ssl3_SendClientHello(sslSocket *ss, PRBool resending)
-{
-    sslSessionID *sid;
-    ssl3CipherSpec *cwSpec;
-    SECStatus rv;
-    int i;
-    int length;
-    int num_suites;
-    int actual_count = 0;
-    PRBool isTLS = PR_FALSE;
-    PRBool requestingResume = PR_FALSE, fallbackSCSV = PR_FALSE;
-    PRInt32 total_exten_len = 0;
-    unsigned paddingExtensionLen;
-    unsigned numCompressionMethods;
-    PRInt32 flags;
-
-    SSL_TRC(3, ("%d: SSL3[%d]: send client_hello handshake", SSL_GETPID(),
-                ss->fd));
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
-
-    rv = ssl3_InitState(ss);
-    if (rv != SECSuccess) {
-        return rv; /* ssl3_InitState has set the error code. */
-    }
-    /* These must be reset every handshake. */
-    ss->ssl3.hs.sendingSCSV = PR_FALSE;
-    ss->ssl3.hs.preliminaryInfo = 0;
-    PORT_Assert(IS_DTLS(ss) || !resending);
-
-    SECITEM_FreeItem(&ss->ssl3.hs.newSessionTicket.ticket, PR_FALSE);
-    ss->ssl3.hs.receivedNewSessionTicket = PR_FALSE;
-
-    /* We might be starting a session renegotiation in which case we should
-     * clear previous state.
-     */
-    PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData));
-
-    rv = ssl3_RestartHandshakeHashes(ss);
-    if (rv != SECSuccess) {
-        return rv;
-    }
-
-    /*
-     * During a renegotiation, ss->clientHelloVersion will be used again to
-     * work around a Windows SChannel bug. Ensure that it is still enabled.
-     */
-    if (ss->firstHsDone) {
-        if (SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) {
-            PORT_SetError(SSL_ERROR_SSL_DISABLED);
-            return SECFailure;
-        }
-
-        if (ss->clientHelloVersion < ss->vrange.min ||
-            ss->clientHelloVersion > ss->vrange.max) {
-            PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
-            return SECFailure;
-        }
-    }
-
-    /* We ignore ss->sec.ci.sid here, and use ssl_Lookup because Lookup
-     * handles expired entries and other details.
-     * XXX If we've been called from ssl2_BeginClientHandshake, then
-     * this lookup is duplicative and wasteful.
-     */
-    sid = (ss->opt.noCache) ? NULL
-                            : ssl_LookupSID(&ss->sec.ci.peer, ss->sec.ci.port, ss->peerID, ss->url);
-
-    /* We can't resume based on a different token. If the sid exists,
-     * make sure the token that holds the master secret still exists ...
-     * If we previously did client-auth, make sure that the token that holds
-     * the private key still exists, is logged in, hasn't been removed, etc.
-     */
-    if (sid) {
-        PRBool sidOK = PR_TRUE;
-        if (sid->u.ssl3.keys.msIsWrapped) {
-            /* Session key was wrapped, which means it was using PKCS11, */
-            PK11SlotInfo *slot = NULL;
-            if (sid->u.ssl3.masterValid && !ss->opt.bypassPKCS11) {
-                slot = SECMOD_LookupSlot(sid->u.ssl3.masterModuleID,
-                                         sid->u.ssl3.masterSlotID);
-            }
-            if (slot == NULL) {
-                sidOK = PR_FALSE;
-            } else {
-                PK11SymKey *wrapKey = NULL;
-                if (!PK11_IsPresent(slot) ||
-                    ((wrapKey = PK11_GetWrapKey(slot,
-                                                sid->u.ssl3.masterWrapIndex,
-                                                sid->u.ssl3.masterWrapMech,
-                                                sid->u.ssl3.masterWrapSeries,
-                                                ss->pkcs11PinArg)) == NULL)) {
-                    sidOK = PR_FALSE;
-                }
-                if (wrapKey)
-                    PK11_FreeSymKey(wrapKey);
-                PK11_FreeSlot(slot);
-                slot = NULL;
-            }
-        }
-        /* If we previously did client-auth, make sure that the token that
-        ** holds the private key still exists, is logged in, hasn't been
-        ** removed, etc.
-        */
-        if (sidOK && !ssl3_ClientAuthTokenPresent(sid)) {
-            sidOK = PR_FALSE;
-        }
-
-        if (sidOK) {
-            /* Set ss->version based on the session cache */
-            if (ss->firstHsDone) {
-                /*
-                 * Windows SChannel compares the client_version inside the RSA
-                 * EncryptedPreMasterSecret of a renegotiation with the
-                 * client_version of the initial ClientHello rather than the
-                 * ClientHello in the renegotiation. To work around this bug, we
-                 * continue to use the client_version used in the initial
-                 * ClientHello when renegotiating.
-                 *
-                 * The client_version of the initial ClientHello is still
-                 * available in ss->clientHelloVersion. Ensure that
-                 * sid->version is bounded within
-                 * [ss->vrange.min, ss->clientHelloVersion], otherwise we
-                 * can't use sid.
-                 */
-                if (sid->version >= ss->vrange.min &&
-                    sid->version <= ss->clientHelloVersion) {
-                    ss->version = ss->clientHelloVersion;
-                } else {
-                    sidOK = PR_FALSE;
-                }
-            } else {
-                /*
-                 * Check sid->version is OK first.
-                 * Previously, we would cap the version based on sid->version,
-                 * but that prevents negotiation of a higher version if the
-                 * previous session was reduced (e.g., with version fallback)
-                 */
-                if (sid->version < ss->vrange.min ||
-                    sid->version > ss->vrange.max) {
-                    sidOK = PR_FALSE;
-                } else {
-                    rv = ssl3_NegotiateVersion(ss, SSL_LIBRARY_VERSION_MAX_SUPPORTED,
-                                               PR_TRUE);
-                    if (rv != SECSuccess) {
-                        return rv; /* error code was set */
-                    }
-                }
-            }
-        }
-
-        if (!sidOK) {
-            SSL_AtomicIncrementLong(&ssl3stats.sch_sid_cache_not_ok);
-            if (ss->sec.uncache)
-                (*ss->sec.uncache)(sid);
-            ssl_FreeSID(sid);
-            sid = NULL;
-        }
-    }
-
-    if (sid) {
-        requestingResume = PR_TRUE;
-        SSL_AtomicIncrementLong(&ssl3stats.sch_sid_cache_hits);
-
-        PRINT_BUF(4, (ss, "client, found session-id:", sid->u.ssl3.sessionID,
-                      sid->u.ssl3.sessionIDLength));
-
-        ss->ssl3.policy = sid->u.ssl3.policy;
-    } else {
-        SSL_AtomicIncrementLong(&ssl3stats.sch_sid_cache_misses);
-
-        /*
-         * Windows SChannel compares the client_version inside the RSA
-         * EncryptedPreMasterSecret of a renegotiation with the
-         * client_version of the initial ClientHello rather than the
-         * ClientHello in the renegotiation. To work around this bug, we
-         * continue to use the client_version used in the initial
-         * ClientHello when renegotiating.
-         */
-        if (ss->firstHsDone) {
-            ss->version = ss->clientHelloVersion;
-        } else {
-            rv = ssl3_NegotiateVersion(ss, SSL_LIBRARY_VERSION_MAX_SUPPORTED,
-                                       PR_TRUE);
-            if (rv != SECSuccess)
-                return rv; /* error code was set */
-        }
-
-        sid = ssl3_NewSessionID(ss, PR_FALSE);
-        if (!sid) {
-            return SECFailure; /* memory error is set */
-        }
-    }
-
-    if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
-        rv = tls13_SetupClientHello(ss);
-        if (rv != SECSuccess) {
-            if (sid) {
-                ssl_FreeSID(sid);
-            }
-            return rv;
-        }
-    }
-
-    isTLS = (ss->version > SSL_LIBRARY_VERSION_3_0);
-    ssl_GetSpecWriteLock(ss);
-    cwSpec = ss->ssl3.cwSpec;
-    if (cwSpec->mac_def->mac == mac_null) {
-        /* SSL records are not being MACed. */
-        cwSpec->version = ss->version;
-    }
-    ssl_ReleaseSpecWriteLock(ss);
-
-    if (ss->sec.ci.sid != NULL) {
-        ssl_FreeSID(ss->sec.ci.sid); /* decrement ref count, free if zero */
-    }
-    ss->sec.ci.sid = sid;
-
-    ss->sec.send = ssl3_SendApplicationData;
-
-    /* shouldn't get here if SSL3 is disabled, but ... */
-    if (SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) {
-        PR_NOT_REACHED("No versions of SSL 3.0 or later are enabled");
-        PORT_SetError(SSL_ERROR_SSL_DISABLED);
-        return SECFailure;
-    }
-
-    /* how many suites does our PKCS11 support (regardless of policy)? */
-    num_suites = ssl3_config_match_init(ss);
-    if (!num_suites)
-        return SECFailure; /* ssl3_config_match_init has set error code. */
-
-    /* HACK for SCSV in SSL 3.0.  On initial handshake, prepend SCSV,
-     * only if TLS is disabled.
-     */
-    if (!ss->firstHsDone && !isTLS) {
-        /* Must set this before calling Hello Extension Senders,
-         * to suppress sending of empty RI extension.
-         */
-        ss->ssl3.hs.sendingSCSV = PR_TRUE;
-    }
-
-    /* When we attempt session resumption (only), we must lock the sid to
-     * prevent races with other resumption connections that receive a
-     * NewSessionTicket that will cause the ticket in the sid to be replaced.
-     * Once we've copied the session ticket into our ClientHello message, it
-     * is OK for the ticket to change, so we just need to make sure we hold
-     * the lock across the calls to ssl3_CallHelloExtensionSenders.
-     */
-    if (sid->u.ssl3.lock) {
-        PR_RWLock_Rlock(sid->u.ssl3.lock);
-    }
-
-    if (isTLS || (ss->firstHsDone && ss->peerRequestedProtection)) {
-        PRUint32 maxBytes = 65535; /* 2^16 - 1 */
-        PRInt32 extLen;
-
-        extLen = ssl3_CallHelloExtensionSenders(ss, PR_FALSE, maxBytes, NULL);
-        if (extLen < 0) {
-            if (sid->u.ssl3.lock) {
-                PR_RWLock_Unlock(sid->u.ssl3.lock);
-            }
-            return SECFailure;
-        }
-        total_exten_len += extLen;
-
-        if (total_exten_len > 0)
-            total_exten_len += 2;
-    }
-
-#ifndef NSS_DISABLE_ECC
-    if (!total_exten_len || !isTLS) {
-        /* not sending the elliptic_curves and ec_point_formats extensions */
-        ssl3_DisableECCSuites(ss, NULL); /* disable all ECC suites */
-    }
-#endif /* NSS_DISABLE_ECC */
-
-    if (IS_DTLS(ss)) {
-        ssl3_DisableNonDTLSSuites(ss);
-    }
-
-    /* how many suites are permitted by policy and user preference? */
-    num_suites = count_cipher_suites(ss, ss->ssl3.policy, PR_TRUE);
-    if (!num_suites) {
-        if (sid->u.ssl3.lock) {
-            PR_RWLock_Unlock(sid->u.ssl3.lock);
-        }
-        return SECFailure; /* count_cipher_suites has set error code. */
-    }
-
-    fallbackSCSV = ss->opt.enableFallbackSCSV && (!requestingResume ||
-                                                  ss->version < sid->version);
-    /* make room for SCSV */
-    if (ss->ssl3.hs.sendingSCSV) {
-        ++num_suites;
-    }
-    if (fallbackSCSV) {
-        ++num_suites;
-    }
-
-    /* count compression methods */
-    numCompressionMethods = 0;
-    for (i = 0; i < compressionMethodsCount; i++) {
-        if (compressionEnabled(ss, compressions[i]))
-            numCompressionMethods++;
-    }
-
-    length = sizeof(SSL3ProtocolVersion) + SSL3_RANDOM_LENGTH +
-             1 + ((sid == NULL) ? 0 : sid->u.ssl3.sessionIDLength) +
-             2 + num_suites * sizeof(ssl3CipherSuite) +
-             1 + numCompressionMethods + total_exten_len;
-    if (IS_DTLS(ss)) {
-        length += 1 + ss->ssl3.hs.cookieLen;
-    }
-
-    /* A padding extension may be included to ensure that the record containing
-     * the ClientHello doesn't have a length between 256 and 511 bytes
-     * (inclusive). Initial, ClientHello records with such lengths trigger bugs
-     * in F5 devices.
-     *
-     * This is not done for DTLS nor for renegotiation. */
-    if (!IS_DTLS(ss) && isTLS && !ss->firstHsDone) {
-        paddingExtensionLen = ssl3_CalculatePaddingExtensionLength(length);
-        total_exten_len += paddingExtensionLen;
-        length += paddingExtensionLen;
-    } else {
-        paddingExtensionLen = 0;
-    }
-
-    rv = ssl3_AppendHandshakeHeader(ss, client_hello, length);
-    if (rv != SECSuccess) {
-        if (sid->u.ssl3.lock) {
-            PR_RWLock_Unlock(sid->u.ssl3.lock);
-        }
-        return rv; /* err set by ssl3_AppendHandshake* */
-    }
-
-    if (ss->firstHsDone) {
-        /* The client hello version must stay unchanged to work around
-         * the Windows SChannel bug described above. */
-        PORT_Assert(ss->version == ss->clientHelloVersion);
-    }
-    ss->clientHelloVersion = ss->version;
-    if (IS_DTLS(ss)) {
-        PRUint16 version;
-
-        version = dtls_TLSVersionToDTLSVersion(ss->clientHelloVersion);
-        rv = ssl3_AppendHandshakeNumber(ss, version, 2);
-    } else {
-        rv = ssl3_AppendHandshakeNumber(ss, ss->clientHelloVersion, 2);
-    }
-    if (rv != SECSuccess) {
-        if (sid->u.ssl3.lock) {
-            PR_RWLock_Unlock(sid->u.ssl3.lock);
-        }
-        return rv; /* err set by ssl3_AppendHandshake* */
-    }
-
-    if (!resending) { /* Don't re-generate if we are in DTLS re-sending mode */
-        rv = ssl3_GetNewRandom(&ss->ssl3.hs.client_random);
-        if (rv != SECSuccess) {
-            if (sid->u.ssl3.lock) {
-                PR_RWLock_Unlock(sid->u.ssl3.lock);
-            }
-            return rv; /* err set by GetNewRandom. */
-        }
-    }
-    rv = ssl3_AppendHandshake(ss, &ss->ssl3.hs.client_random,
-                              SSL3_RANDOM_LENGTH);
-    if (rv != SECSuccess) {
-        if (sid->u.ssl3.lock) {
-            PR_RWLock_Unlock(sid->u.ssl3.lock);
-        }
-        return rv; /* err set by ssl3_AppendHandshake* */
-    }
-
-    if (sid)
-        rv = ssl3_AppendHandshakeVariable(
-            ss, sid->u.ssl3.sessionID, sid->u.ssl3.sessionIDLength, 1);
-    else
-        rv = ssl3_AppendHandshakeNumber(ss, 0, 1);
-    if (rv != SECSuccess) {
-        if (sid->u.ssl3.lock) {
-            PR_RWLock_Unlock(sid->u.ssl3.lock);
-        }
-        return rv; /* err set by ssl3_AppendHandshake* */
-    }
-
-    if (IS_DTLS(ss)) {
-        rv = ssl3_AppendHandshakeVariable(
-            ss, ss->ssl3.hs.cookie, ss->ssl3.hs.cookieLen, 1);
-        if (rv != SECSuccess) {
-            if (sid->u.ssl3.lock) {
-                PR_RWLock_Unlock(sid->u.ssl3.lock);
-            }
-            return rv; /* err set by ssl3_AppendHandshake* */
-        }
-    }
-
-    rv = ssl3_AppendHandshakeNumber(ss, num_suites * sizeof(ssl3CipherSuite), 2);
-    if (rv != SECSuccess) {
-        if (sid->u.ssl3.lock) {
-            PR_RWLock_Unlock(sid->u.ssl3.lock);
-        }
-        return rv; /* err set by ssl3_AppendHandshake* */
-    }
-
-    if (ss->ssl3.hs.sendingSCSV) {
-        /* Add the actual SCSV */
-        rv = ssl3_AppendHandshakeNumber(ss, TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
-                                        sizeof(ssl3CipherSuite));
-        if (rv != SECSuccess) {
-            if (sid->u.ssl3.lock) {
-                PR_RWLock_Unlock(sid->u.ssl3.lock);
-            }
-            return rv; /* err set by ssl3_AppendHandshake* */
-        }
-        actual_count++;
-    }
-    if (fallbackSCSV) {
-        rv = ssl3_AppendHandshakeNumber(ss, TLS_FALLBACK_SCSV,
-                                        sizeof(ssl3CipherSuite));
-        if (rv != SECSuccess) {
-            if (sid->u.ssl3.lock) {
-                PR_RWLock_Unlock(sid->u.ssl3.lock);
-            }
-            return rv; /* err set by ssl3_AppendHandshake* */
-        }
-        actual_count++;
-    }
-    for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
-        ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i];
-        if (config_match(suite, ss->ssl3.policy, PR_TRUE, &ss->vrange, ss)) {
-            actual_count++;
-            if (actual_count > num_suites) {
-                if (sid->u.ssl3.lock) {
-                    PR_RWLock_Unlock(sid->u.ssl3.lock);
-                }
-                /* set error card removal/insertion error */
-                PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL);
-                return SECFailure;
-            }
-            rv = ssl3_AppendHandshakeNumber(ss, suite->cipher_suite,
-                                            sizeof(ssl3CipherSuite));
-            if (rv != SECSuccess) {
-                if (sid->u.ssl3.lock) {
-                    PR_RWLock_Unlock(sid->u.ssl3.lock);
-                }
-                return rv; /* err set by ssl3_AppendHandshake* */
-            }
-        }
-    }
-
-    /* if cards were removed or inserted between count_cipher_suites and
-     * generating our list, detect the error here rather than send it off to
-     * the server.. */
-    if (actual_count != num_suites) {
-        /* Card removal/insertion error */
-        if (sid->u.ssl3.lock) {
-            PR_RWLock_Unlock(sid->u.ssl3.lock);
-        }
-        PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL);
-        return SECFailure;
-    }
-
-    rv = ssl3_AppendHandshakeNumber(ss, numCompressionMethods, 1);
-    if (rv != SECSuccess) {
-        if (sid->u.ssl3.lock) {
-            PR_RWLock_Unlock(sid->u.ssl3.lock);
-        }
-        return rv; /* err set by ssl3_AppendHandshake* */
-    }
-    for (i = 0; i < compressionMethodsCount; i++) {
-        if (!compressionEnabled(ss, compressions[i]))
-            continue;
-        rv = ssl3_AppendHandshakeNumber(ss, compressions[i], 1);
-        if (rv != SECSuccess) {
-            if (sid->u.ssl3.lock) {
-                PR_RWLock_Unlock(sid->u.ssl3.lock);
-            }
-            return rv; /* err set by ssl3_AppendHandshake* */
-        }
-    }
-
-    if (total_exten_len) {
-        PRUint32 maxBytes = total_exten_len - 2;
-        PRInt32 extLen;
-
-        rv = ssl3_AppendHandshakeNumber(ss, maxBytes, 2);
-        if (rv != SECSuccess) {
-            if (sid->u.ssl3.lock) {
-                PR_RWLock_Unlock(sid->u.ssl3.lock);
-            }
-            return rv; /* err set by AppendHandshake. */
-        }
-
-        extLen = ssl3_CallHelloExtensionSenders(ss, PR_TRUE, maxBytes, NULL);
-        if (extLen < 0) {
-            if (sid->u.ssl3.lock) {
-                PR_RWLock_Unlock(sid->u.ssl3.lock);
-            }
-            return SECFailure;
-        }
-        maxBytes -= extLen;
-
-        extLen = ssl3_AppendPaddingExtension(ss, paddingExtensionLen, maxBytes);
-        if (extLen < 0) {
-            if (sid->u.ssl3.lock) {
-                PR_RWLock_Unlock(sid->u.ssl3.lock);
-            }
-            return SECFailure;
-        }
-        maxBytes -= extLen;
-
-        PORT_Assert(!maxBytes);
-    }
-
-    if (sid->u.ssl3.lock) {
-        PR_RWLock_Unlock(sid->u.ssl3.lock);
-    }
-
-    if (ss->xtnData.sentSessionTicketInClientHello) {
-        SSL_AtomicIncrementLong(&ssl3stats.sch_sid_stateless_resumes);
-    }
-
-    if (ss->ssl3.hs.sendingSCSV) {
-        /* Since we sent the SCSV, pretend we sent empty RI extension. */
-        TLSExtensionData *xtnData = &ss->xtnData;
-        xtnData->advertised[xtnData->numAdvertised++] =
-            ssl_renegotiation_info_xtn;
-    }
-
-    flags = 0;
-    if (!ss->firstHsDone && !IS_DTLS(ss)) {
-        flags |= ssl_SEND_FLAG_CAP_RECORD_VERSION;
-    }
-    rv = ssl3_FlushHandshake(ss, flags);
-    if (rv != SECSuccess) {
-        return rv; /* error code set by ssl3_FlushHandshake */
-    }
-
-    ss->ssl3.hs.ws = wait_server_hello;
-    return rv;
-}
-
-/* Called from ssl3_HandlePostHelloHandshakeMessage() when it has deciphered a
- * complete ssl3 Hello Request.
- * Caller must hold Handshake and RecvBuf locks.
- */
-static SECStatus
-ssl3_HandleHelloRequest(sslSocket *ss)
-{
-    sslSessionID *sid = ss->sec.ci.sid;
-    SECStatus rv;
-
-    SSL_TRC(3, ("%d: SSL3[%d]: handle hello_request handshake",
-                SSL_GETPID(), ss->fd));
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-    PORT_Assert(ss->version < SSL_LIBRARY_VERSION_TLS_1_3);
-
-    if (ss->ssl3.hs.ws == wait_server_hello)
-        return SECSuccess;
-    if (ss->ssl3.hs.ws != idle_handshake || ss->sec.isServer) {
-        (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
-        PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST);
-        return SECFailure;
-    }
-    if (ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER) {
-        (void)SSL3_SendAlert(ss, alert_warning, no_renegotiation);
-        PORT_SetError(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED);
-        return SECFailure;
-    }
-
-    if (sid) {
-        if (ss->sec.uncache)
-            ss->sec.uncache(sid);
-        ssl_FreeSID(sid);
-        ss->sec.ci.sid = NULL;
-    }
-
-    if (IS_DTLS(ss)) {
-        dtls_RehandshakeCleanup(ss);
-    }
-
-    ssl_GetXmitBufLock(ss);
-    rv = ssl3_SendClientHello(ss, PR_FALSE);
-    ssl_ReleaseXmitBufLock(ss);
-
-    return rv;
-}
-
-#define UNKNOWN_WRAP_MECHANISM 0x7fffffff
-
-static const CK_MECHANISM_TYPE wrapMechanismList[SSL_NUM_WRAP_MECHS] = {
-    CKM_DES3_ECB,
-    CKM_CAST5_ECB,
-    CKM_DES_ECB,
-    CKM_KEY_WRAP_LYNKS,
-    CKM_IDEA_ECB,
-    CKM_CAST3_ECB,
-    CKM_CAST_ECB,
-    CKM_RC5_ECB,
-    CKM_RC2_ECB,
-    CKM_CDMF_ECB,
-    CKM_SKIPJACK_WRAP,
-    CKM_SKIPJACK_CBC64,
-    CKM_AES_ECB,
-    CKM_CAMELLIA_ECB,
-    CKM_SEED_ECB,
-    UNKNOWN_WRAP_MECHANISM
-};
-
-static int
-ssl_FindIndexByWrapMechanism(CK_MECHANISM_TYPE mech)
-{
-    const CK_MECHANISM_TYPE *pMech = wrapMechanismList;
-
-    while (mech != *pMech && *pMech != UNKNOWN_WRAP_MECHANISM) {
-        ++pMech;
-    }
-    return (*pMech == UNKNOWN_WRAP_MECHANISM) ? -1
-                                              : (pMech - wrapMechanismList);
-}
-
-static PK11SymKey *
-ssl_UnwrapSymWrappingKey(
-    SSLWrappedSymWrappingKey *pWswk,
-    SECKEYPrivateKey *svrPrivKey,
-    SSL3KEAType exchKeyType,
-    CK_MECHANISM_TYPE masterWrapMech,
-    void *pwArg)
-{
-    PK11SymKey *unwrappedWrappingKey = NULL;
-    SECItem wrappedKey;
-#ifndef NSS_DISABLE_ECC
-    PK11SymKey *Ks;
-    SECKEYPublicKey pubWrapKey;
-    ECCWrappedKeyInfo *ecWrapped;
-#endif /* NSS_DISABLE_ECC */
-
-    /* found the wrapping key on disk. */
-    PORT_Assert(pWswk->symWrapMechanism == masterWrapMech);
-    PORT_Assert(pWswk->exchKeyType == exchKeyType);
-    if (pWswk->symWrapMechanism != masterWrapMech ||
-        pWswk->exchKeyType != exchKeyType) {
-        goto loser;
-    }
-    wrappedKey.type = siBuffer;
-    wrappedKey.data = pWswk->wrappedSymmetricWrappingkey;
-    wrappedKey.len = pWswk->wrappedSymKeyLen;
-    PORT_Assert(wrappedKey.len <= sizeof pWswk->wrappedSymmetricWrappingkey);
-
-    switch (exchKeyType) {
-
-        case kt_rsa:
-            unwrappedWrappingKey =
-                PK11_PubUnwrapSymKey(svrPrivKey, &wrappedKey,
-                                     masterWrapMech, CKA_UNWRAP, 0);
-            break;
-
-#ifndef NSS_DISABLE_ECC
-        case kt_ecdh:
-            /*
-             * For kt_ecdh, we first create an EC public key based on
-             * data stored with the wrappedSymmetricWrappingkey. Next,
-             * we do an ECDH computation involving this public key and
-             * the SSL server's (long-term) EC private key. The resulting
-             * shared secret is treated the same way as Fortezza's Ks, i.e.,
-             * it is used to recover the symmetric wrapping key.
-             *
-             * The data in wrappedSymmetricWrappingkey is laid out as defined
-             * in the ECCWrappedKeyInfo structure.
-             */
-            ecWrapped = (ECCWrappedKeyInfo *)pWswk->wrappedSymmetricWrappingkey;
-
-            PORT_Assert(ecWrapped->encodedParamLen + ecWrapped->pubValueLen +
-                            ecWrapped->wrappedKeyLen <= MAX_EC_WRAPPED_KEY_BUFLEN);
-
-            if (ecWrapped->encodedParamLen + ecWrapped->pubValueLen +
-                    ecWrapped->wrappedKeyLen > MAX_EC_WRAPPED_KEY_BUFLEN) {
-                PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-                goto loser;
-            }
-
-            pubWrapKey.keyType = ecKey;
-            pubWrapKey.u.ec.size = ecWrapped->size;
-            pubWrapKey.u.ec.DEREncodedParams.len = ecWrapped->encodedParamLen;
-            pubWrapKey.u.ec.DEREncodedParams.data = ecWrapped->var;
-            pubWrapKey.u.ec.publicValue.len = ecWrapped->pubValueLen;
-            pubWrapKey.u.ec.publicValue.data = ecWrapped->var +
-                                               ecWrapped->encodedParamLen;
-
-            wrappedKey.len = ecWrapped->wrappedKeyLen;
-            wrappedKey.data = ecWrapped->var + ecWrapped->encodedParamLen +
-                              ecWrapped->pubValueLen;
-
-            /* Derive Ks using ECDH */
-            Ks = PK11_PubDeriveWithKDF(svrPrivKey, &pubWrapKey, PR_FALSE, NULL,
-                                       NULL, CKM_ECDH1_DERIVE, masterWrapMech,
-                                       CKA_DERIVE, 0, CKD_NULL, NULL, NULL);
-            if (Ks == NULL) {
-                goto loser;
-            }
-
-            /*  Use Ks to unwrap the wrapping key */
-            unwrappedWrappingKey = PK11_UnwrapSymKey(Ks, masterWrapMech, NULL,
-                                                     &wrappedKey, masterWrapMech,
-                                                     CKA_UNWRAP, 0);
-            PK11_FreeSymKey(Ks);
-
-            break;
-#endif
-
-        default:
-            /* Assert? */
-            SET_ERROR_CODE
-            goto loser;
-    }
-loser:
-    return unwrappedWrappingKey;
-}
-
-/* Each process sharing the server session ID cache has its own array of
- * SymKey pointers for the symmetric wrapping keys that are used to wrap
- * the master secrets.  There is one key for each KEA type.  These Symkeys
- * correspond to the wrapped SymKeys kept in the server session cache.
- */
-
-typedef struct {
-    PK11SymKey *symWrapKey[kt_kea_size];
-} ssl3SymWrapKey;
-
-static PZLock *symWrapKeysLock = NULL;
-static ssl3SymWrapKey symWrapKeys[SSL_NUM_WRAP_MECHS];
-
-SECStatus
-ssl_FreeSymWrapKeysLock(void)
-{
-    if (symWrapKeysLock) {
-        PZ_DestroyLock(symWrapKeysLock);
-        symWrapKeysLock = NULL;
-        return SECSuccess;
-    }
-    PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
-    return SECFailure;
-}
-
-SECStatus
-SSL3_ShutdownServerCache(void)
-{
-    int i, j;
-
-    if (!symWrapKeysLock)
-        return SECSuccess; /* lock was never initialized */
-    PZ_Lock(symWrapKeysLock);
-    /* get rid of all symWrapKeys */
-    for (i = 0; i < SSL_NUM_WRAP_MECHS; ++i) {
-        for (j = 0; j < kt_kea_size; ++j) {
-            PK11SymKey **pSymWrapKey;
-            pSymWrapKey = &symWrapKeys[i].symWrapKey[j];
-            if (*pSymWrapKey) {
-                PK11_FreeSymKey(*pSymWrapKey);
-                *pSymWrapKey = NULL;
-            }
-        }
-    }
-
-    PZ_Unlock(symWrapKeysLock);
-    return SECSuccess;
-}
-
-SECStatus
-ssl_InitSymWrapKeysLock(void)
-{
-    symWrapKeysLock = PZ_NewLock(nssILockOther);
-    return symWrapKeysLock ? SECSuccess : SECFailure;
-}
-
-/* Try to get wrapping key for mechanism from in-memory array.
- * If that fails, look for one on disk.
- * If that fails, generate a new one, put the new one on disk,
- * Put the new key in the in-memory array.
- */
-static PK11SymKey *
-getWrappingKey(sslSocket *ss,
-               PK11SlotInfo *masterSecretSlot,
-               SSL3KEAType exchKeyType,
-               CK_MECHANISM_TYPE masterWrapMech,
-               void *pwArg)
-{
-    SECKEYPrivateKey *svrPrivKey;
-    SECKEYPublicKey *svrPubKey = NULL;
-    PK11SymKey *unwrappedWrappingKey = NULL;
-    PK11SymKey **pSymWrapKey;
-    CK_MECHANISM_TYPE asymWrapMechanism = CKM_INVALID_MECHANISM;
-    int length;
-    int symWrapMechIndex;
-    SECStatus rv;
-    SECItem wrappedKey;
-    SSLWrappedSymWrappingKey wswk;
-#ifndef NSS_DISABLE_ECC
-    PK11SymKey *Ks = NULL;
-    SECKEYPublicKey *pubWrapKey = NULL;
-    SECKEYPrivateKey *privWrapKey = NULL;
-    ECCWrappedKeyInfo *ecWrapped;
-#endif /* NSS_DISABLE_ECC */
-
-    svrPrivKey = ss->serverCerts[exchKeyType].SERVERKEY;
-    PORT_Assert(svrPrivKey != NULL);
-    if (!svrPrivKey) {
-        return NULL; /* why are we here?!? */
-    }
-
-    symWrapMechIndex = ssl_FindIndexByWrapMechanism(masterWrapMech);
-    PORT_Assert(symWrapMechIndex >= 0);
-    if (symWrapMechIndex < 0)
-        return NULL; /* invalid masterWrapMech. */
-
-    pSymWrapKey = &symWrapKeys[symWrapMechIndex].symWrapKey[exchKeyType];
-
-    ssl_InitSessionCacheLocks();
-
-    PZ_Lock(symWrapKeysLock);
-
-    unwrappedWrappingKey = *pSymWrapKey;
-    if (unwrappedWrappingKey != NULL) {
-        if (PK11_VerifyKeyOK(unwrappedWrappingKey)) {
-            unwrappedWrappingKey = PK11_ReferenceSymKey(unwrappedWrappingKey);
-            goto done;
-        }
-        /* slot series has changed, so this key is no good any more. */
-        PK11_FreeSymKey(unwrappedWrappingKey);
-        *pSymWrapKey = unwrappedWrappingKey = NULL;
-    }
-
-    /* Try to get wrapped SymWrapping key out of the (disk) cache. */
-    /* Following call fills in wswk on success. */
-    if (ssl_GetWrappingKey(symWrapMechIndex, exchKeyType, &wswk)) {
-        /* found the wrapped sym wrapping key on disk. */
-        unwrappedWrappingKey =
-            ssl_UnwrapSymWrappingKey(&wswk, svrPrivKey, exchKeyType,
-                                     masterWrapMech, pwArg);
-        if (unwrappedWrappingKey) {
-            goto install;
-        }
-    }
-
-    if (!masterSecretSlot) /* caller doesn't want to create a new one. */
-        goto loser;
-
-    length = PK11_GetBestKeyLength(masterSecretSlot, masterWrapMech);
-    /* Zero length means fixed key length algorithm, or error.
-     * It's ambiguous.
-     */
-    unwrappedWrappingKey = PK11_KeyGen(masterSecretSlot, masterWrapMech, NULL,
-                                       length, pwArg);
-    if (!unwrappedWrappingKey) {
-        goto loser;
-    }
-
-    /* Prepare the buffer to receive the wrappedWrappingKey,
-     * the symmetric wrapping key wrapped using the server's pub key.
-     */
-    PORT_Memset(&wswk, 0, sizeof wswk); /* eliminate UMRs. */
-
-    if (ss->serverCerts[exchKeyType].serverKeyPair) {
-        svrPubKey = ss->serverCerts[exchKeyType].serverKeyPair->pubKey;
-    }
-    if (svrPubKey == NULL) {
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        goto loser;
-    }
-    wrappedKey.type = siBuffer;
-    wrappedKey.len = SECKEY_PublicKeyStrength(svrPubKey);
-    wrappedKey.data = wswk.wrappedSymmetricWrappingkey;
-
-    PORT_Assert(wrappedKey.len <= sizeof wswk.wrappedSymmetricWrappingkey);
-    if (wrappedKey.len > sizeof wswk.wrappedSymmetricWrappingkey)
-        goto loser;
-
-    /* wrap symmetric wrapping key in server's public key. */
-    switch (exchKeyType) {
-        case kt_rsa:
-            asymWrapMechanism = CKM_RSA_PKCS;
-            rv = PK11_PubWrapSymKey(asymWrapMechanism, svrPubKey,
-                                    unwrappedWrappingKey, &wrappedKey);
-            break;
-
-#ifndef NSS_DISABLE_ECC
-        case kt_ecdh:
-            /*
-             * We generate an ephemeral EC key pair. Perform an ECDH
-             * computation involving this ephemeral EC public key and
-             * the SSL server's (long-term) EC private key. The resulting
-             * shared secret is treated in the same way as Fortezza's Ks,
-             * i.e., it is used to wrap the wrapping key. To facilitate
-             * unwrapping in ssl_UnwrapWrappingKey, we also store all
-             * relevant info about the ephemeral EC public key in
-             * wswk.wrappedSymmetricWrappingkey and lay it out as
-             * described in the ECCWrappedKeyInfo structure.
-             */
-            PORT_Assert(svrPubKey->keyType == ecKey);
-            if (svrPubKey->keyType != ecKey) {
-                /* something is wrong in sslsecur.c if this isn't an ecKey */
-                PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-                rv = SECFailure;
-                goto ec_cleanup;
-            }
-
-            privWrapKey = SECKEY_CreateECPrivateKey(
-                &svrPubKey->u.ec.DEREncodedParams, &pubWrapKey, NULL);
-            if ((privWrapKey == NULL) || (pubWrapKey == NULL)) {
-                rv = SECFailure;
-                goto ec_cleanup;
-            }
-
-            /* Set the key size in bits */
-            if (pubWrapKey->u.ec.size == 0) {
-                pubWrapKey->u.ec.size = SECKEY_PublicKeyStrengthInBits(svrPubKey);
-            }
-
-            PORT_Assert(pubWrapKey->u.ec.DEREncodedParams.len +
-                            pubWrapKey->u.ec.publicValue.len < MAX_EC_WRAPPED_KEY_BUFLEN);
-            if (pubWrapKey->u.ec.DEREncodedParams.len +
-                    pubWrapKey->u.ec.publicValue.len >= MAX_EC_WRAPPED_KEY_BUFLEN) {
-                PORT_SetError(SEC_ERROR_INVALID_KEY);
-                rv = SECFailure;
-                goto ec_cleanup;
-            }
-
-            /* Derive Ks using ECDH */
-            Ks = PK11_PubDeriveWithKDF(svrPrivKey, pubWrapKey, PR_FALSE, NULL,
-                                       NULL, CKM_ECDH1_DERIVE, masterWrapMech,
-                                       CKA_DERIVE, 0, CKD_NULL, NULL, NULL);
-            if (Ks == NULL) {
-                rv = SECFailure;
-                goto ec_cleanup;
-            }
-
-            ecWrapped = (ECCWrappedKeyInfo *)(wswk.wrappedSymmetricWrappingkey);
-            ecWrapped->size = pubWrapKey->u.ec.size;
-            ecWrapped->encodedParamLen = pubWrapKey->u.ec.DEREncodedParams.len;
-            PORT_Memcpy(ecWrapped->var, pubWrapKey->u.ec.DEREncodedParams.data,
-                        pubWrapKey->u.ec.DEREncodedParams.len);
-
-            ecWrapped->pubValueLen = pubWrapKey->u.ec.publicValue.len;
-            PORT_Memcpy(ecWrapped->var + ecWrapped->encodedParamLen,
-                        pubWrapKey->u.ec.publicValue.data,
-                        pubWrapKey->u.ec.publicValue.len);
-
-            wrappedKey.len = MAX_EC_WRAPPED_KEY_BUFLEN -
-                             (ecWrapped->encodedParamLen + ecWrapped->pubValueLen);
-            wrappedKey.data = ecWrapped->var + ecWrapped->encodedParamLen +
-                              ecWrapped->pubValueLen;
-
-            /* wrap symmetricWrapping key with the local Ks */
-            rv = PK11_WrapSymKey(masterWrapMech, NULL, Ks,
-                                 unwrappedWrappingKey, &wrappedKey);
-
-            if (rv != SECSuccess) {
-                goto ec_cleanup;
-            }
-
-            /* Write down the length of wrapped key in the buffer
-             * wswk.wrappedSymmetricWrappingkey at the appropriate offset
-             */
-            ecWrapped->wrappedKeyLen = wrappedKey.len;
-
-        ec_cleanup:
-            if (privWrapKey)
-                SECKEY_DestroyPrivateKey(privWrapKey);
-            if (pubWrapKey)
-                SECKEY_DestroyPublicKey(pubWrapKey);
-            if (Ks)
-                PK11_FreeSymKey(Ks);
-            asymWrapMechanism = masterWrapMech;
-            break;
-#endif /* NSS_DISABLE_ECC */
-
-        default:
-            rv = SECFailure;
-            break;
-    }
-
-    if (rv != SECSuccess) {
-        ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
-        goto loser;
-    }
-
-    PORT_Assert(asymWrapMechanism != CKM_INVALID_MECHANISM);
-
-    wswk.symWrapMechanism = masterWrapMech;
-    wswk.symWrapMechIndex = symWrapMechIndex;
-    wswk.asymWrapMechanism = asymWrapMechanism;
-    wswk.exchKeyType = exchKeyType;
-    wswk.wrappedSymKeyLen = wrappedKey.len;
-
-    /* put it on disk. */
-    /* If the wrapping key for this KEA type has already been set,
-     * then abandon the value we just computed and
-     * use the one we got from the disk.
-     */
-    if (ssl_SetWrappingKey(&wswk)) {
-        /* somebody beat us to it.  The original contents of our wswk
-         * has been replaced with the content on disk.  Now, discard
-         * the key we just created and unwrap this new one.
-         */
-        PK11_FreeSymKey(unwrappedWrappingKey);
-
-        unwrappedWrappingKey =
-            ssl_UnwrapSymWrappingKey(&wswk, svrPrivKey, exchKeyType,
-                                     masterWrapMech, pwArg);
-    }
-
-install:
-    if (unwrappedWrappingKey) {
-        *pSymWrapKey = PK11_ReferenceSymKey(unwrappedWrappingKey);
-    }
-
-loser:
-done:
-    PZ_Unlock(symWrapKeysLock);
-    return unwrappedWrappingKey;
-}
-
-/* hexEncode hex encodes |length| bytes from |in| and writes it as |length*2|
- * bytes to |out|. */
-static void
-hexEncode(char *out, const unsigned char *in, unsigned int length)
-{
-    static const char hextable[] = "0123456789abcdef";
-    unsigned int i;
-
-    for (i = 0; i < length; i++) {
-        *(out++) = hextable[in[i] >> 4];
-        *(out++) = hextable[in[i] & 15];
-    }
-}
-
-/* Called from ssl3_SendClientKeyExchange(). */
-/* Presently, this always uses PKCS11.  There is no bypass for this. */
-static SECStatus
-sendRSAClientKeyExchange(sslSocket *ss, SECKEYPublicKey *svrPubKey)
-{
-    PK11SymKey *pms = NULL;
-    SECStatus rv = SECFailure;
-    SECItem enc_pms = { siBuffer, NULL, 0 };
-    PRBool isTLS;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
-
-    /* Generate the pre-master secret ...  */
-    ssl_GetSpecWriteLock(ss);
-    isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0);
-
-    pms = ssl3_GenerateRSAPMS(ss, ss->ssl3.pwSpec, NULL);
-    ssl_ReleaseSpecWriteLock(ss);
-    if (pms == NULL) {
-        ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
-        goto loser;
-    }
-
-    /* Get the wrapped (encrypted) pre-master secret, enc_pms */
-    enc_pms.len = SECKEY_PublicKeyStrength(svrPubKey);
-    enc_pms.data = (unsigned char *)PORT_Alloc(enc_pms.len);
-    if (enc_pms.data == NULL) {
-        goto loser; /* err set by PORT_Alloc */
-    }
-
-    /* wrap pre-master secret in server's public key. */
-    rv = PK11_PubWrapSymKey(CKM_RSA_PKCS, svrPubKey, pms, &enc_pms);
-    if (rv != SECSuccess) {
-        ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
-        goto loser;
-    }
-
-    if (ssl_keylog_iob) {
-        SECStatus extractRV = PK11_ExtractKeyValue(pms);
-        if (extractRV == SECSuccess) {
-            SECItem *keyData = PK11_GetKeyData(pms);
-            if (keyData && keyData->data && keyData->len) {
-#ifdef TRACE
-                if (ssl_trace >= 100) {
-                    ssl_PrintBuf(ss, "Pre-Master Secret",
-                                 keyData->data, keyData->len);
-                }
-#endif
-                if (ssl_keylog_iob && enc_pms.len >= 8 && keyData->len == 48) {
-                    /* https://developer.mozilla.org/en/NSS_Key_Log_Format */
-
-                    /* There could be multiple, concurrent writers to the
-                     * keylog, so we have to do everything in a single call to
-                     * fwrite. */
-                    char buf[4 + 8 * 2 + 1 + 48 * 2 + 1];
-
-                    strcpy(buf, "RSA ");
-                    hexEncode(buf + 4, enc_pms.data, 8);
-                    buf[20] = ' ';
-                    hexEncode(buf + 21, keyData->data, 48);
-                    buf[sizeof(buf) - 1] = '\n';
-
-                    fwrite(buf, sizeof(buf), 1, ssl_keylog_iob);
-                    fflush(ssl_keylog_iob);
-                }
-            }
-        }
-    }
-
-    rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange,
-                                    isTLS ? enc_pms.len + 2
-                                          : enc_pms.len);
-    if (rv != SECSuccess) {
-        goto loser; /* err set by ssl3_AppendHandshake* */
-    }
-    if (isTLS) {
-        rv = ssl3_AppendHandshakeVariable(ss, enc_pms.data, enc_pms.len, 2);
-    } else {
-        rv = ssl3_AppendHandshake(ss, enc_pms.data, enc_pms.len);
-    }
-    if (rv != SECSuccess) {
-        goto loser; /* err set by ssl3_AppendHandshake* */
-    }
-
-    rv = ssl3_InitPendingCipherSpec(ss, pms);
-    PK11_FreeSymKey(pms);
-    pms = NULL;
-
-    if (rv != SECSuccess) {
-        ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
-        goto loser;
-    }
-
-    rv = SECSuccess;
-
-loser:
-    if (enc_pms.data != NULL) {
-        PORT_Free(enc_pms.data);
-    }
-    if (pms != NULL) {
-        PK11_FreeSymKey(pms);
-    }
-    return rv;
-}
-
-/* Called from ssl3_SendClientKeyExchange(). */
-/* Presently, this always uses PKCS11.  There is no bypass for this. */
-static SECStatus
-sendDHClientKeyExchange(sslSocket *ss, SECKEYPublicKey *svrPubKey)
-{
-    PK11SymKey *pms = NULL;
-    SECStatus rv = SECFailure;
-    PRBool isTLS;
-    CK_MECHANISM_TYPE target;
-
-    SECKEYDHParams dhParam;           /* DH parameters */
-    SECKEYPublicKey *pubKey = NULL;   /* Ephemeral DH key */
-    SECKEYPrivateKey *privKey = NULL; /* Ephemeral DH key */
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
-
-    isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0);
-
-    /* Copy DH parameters from server key */
-
-    if (svrPubKey->keyType != dhKey) {
-        PORT_SetError(SEC_ERROR_BAD_KEY);
-        goto loser;
-    }
-    dhParam.prime.data = svrPubKey->u.dh.prime.data;
-    dhParam.prime.len = svrPubKey->u.dh.prime.len;
-    dhParam.base.data = svrPubKey->u.dh.base.data;
-    dhParam.base.len = svrPubKey->u.dh.base.len;
-
-    /* Generate ephemeral DH keypair */
-    privKey = SECKEY_CreateDHPrivateKey(&dhParam, &pubKey, NULL);
-    if (!privKey || !pubKey) {
-        ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
-        rv = SECFailure;
-        goto loser;
-    }
-    PRINT_BUF(50, (ss, "DH public value:",
-                   pubKey->u.dh.publicValue.data,
-                   pubKey->u.dh.publicValue.len));
-
-    if (isTLS)
-        target = CKM_TLS_MASTER_KEY_DERIVE_DH;
-    else
-        target = CKM_SSL3_MASTER_KEY_DERIVE_DH;
-
-    /* Determine the PMS */
-
-    pms = PK11_PubDerive(privKey, svrPubKey, PR_FALSE, NULL, NULL,
-                         CKM_DH_PKCS_DERIVE, target, CKA_DERIVE, 0, NULL);
-
-    if (pms == NULL) {
-        ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
-        goto loser;
-    }
-
-    SECKEY_DestroyPrivateKey(privKey);
-    privKey = NULL;
-
-    rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange,
-                                    pubKey->u.dh.publicValue.len + 2);
-    if (rv != SECSuccess) {
-        goto loser; /* err set by ssl3_AppendHandshake* */
-    }
-    rv = ssl3_AppendHandshakeVariable(ss,
-                                      pubKey->u.dh.publicValue.data,
-                                      pubKey->u.dh.publicValue.len, 2);
-    SECKEY_DestroyPublicKey(pubKey);
-    pubKey = NULL;
-
-    if (rv != SECSuccess) {
-        goto loser; /* err set by ssl3_AppendHandshake* */
-    }
-
-    rv = ssl3_InitPendingCipherSpec(ss, pms);
-    PK11_FreeSymKey(pms);
-    pms = NULL;
-
-    if (rv != SECSuccess) {
-        ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
-        goto loser;
-    }
-
-    rv = SECSuccess;
-
-loser:
-
-    if (pms)
-        PK11_FreeSymKey(pms);
-    if (privKey)
-        SECKEY_DestroyPrivateKey(privKey);
-    if (pubKey)
-        SECKEY_DestroyPublicKey(pubKey);
-    return rv;
-}
-
-/* Called from ssl3_HandleServerHelloDone(). */
-static SECStatus
-ssl3_SendClientKeyExchange(sslSocket *ss)
-{
-    SECKEYPublicKey *serverKey = NULL;
-    SECStatus rv = SECFailure;
-    PRBool isTLS;
-
-    SSL_TRC(3, ("%d: SSL3[%d]: send client_key_exchange handshake",
-                SSL_GETPID(), ss->fd));
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    if (ss->sec.peerKey == NULL) {
-        serverKey = CERT_ExtractPublicKey(ss->sec.peerCert);
-        if (serverKey == NULL) {
-            ssl_MapLowLevelError(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE);
-            return SECFailure;
-        }
-    } else {
-        serverKey = ss->sec.peerKey;
-        ss->sec.peerKey = NULL; /* we're done with it now */
-    }
-
-    isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0);
-    /* enforce limits on kea key sizes. */
-    if (ss->ssl3.hs.kea_def->is_limited) {
-        unsigned int keyLen = SECKEY_PublicKeyStrengthInBits(serverKey);
-
-        if (keyLen > ss->ssl3.hs.kea_def->key_size_limit) {
-            if (isTLS)
-                (void)SSL3_SendAlert(ss, alert_fatal, export_restriction);
-            else
-                (void)ssl3_HandshakeFailure(ss);
-            PORT_SetError(SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED);
-            goto loser;
-        }
-    }
-
-    ss->sec.keaType = ss->ssl3.hs.kea_def->exchKeyType;
-    ss->sec.keaKeyBits = SECKEY_PublicKeyStrengthInBits(serverKey);
-
-    switch (ss->ssl3.hs.kea_def->exchKeyType) {
-        case kt_rsa:
-            rv = sendRSAClientKeyExchange(ss, serverKey);
-            break;
-
-        case kt_dh:
-            rv = sendDHClientKeyExchange(ss, serverKey);
-            break;
-
-#ifndef NSS_DISABLE_ECC
-        case kt_ecdh:
-            rv = ssl3_SendECDHClientKeyExchange(ss, serverKey);
-            break;
-#endif /* NSS_DISABLE_ECC */
-
-        default:
-            /* got an unknown or unsupported Key Exchange Algorithm.  */
-            SEND_ALERT
-            PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
-            break;
-    }
-
-    SSL_TRC(3, ("%d: SSL3[%d]: DONE sending client_key_exchange",
-                SSL_GETPID(), ss->fd));
-
-loser:
-    if (serverKey)
-        SECKEY_DestroyPublicKey(serverKey);
-    return rv; /* err code already set. */
-}
-
-/* Called from ssl3_HandleServerHelloDone(). */
-SECStatus
-ssl3_SendCertificateVerify(sslSocket *ss, SECKEYPrivateKey *privKey)
-{
-    SECStatus rv = SECFailure;
-    PRBool isTLS;
-    PRBool isTLS12;
-    PRBool isTLS13;
-    SECItem buf = { siBuffer, NULL, 0 };
-    SSL3Hashes hashes;
-    KeyType keyType;
-    unsigned int len;
-    SSLSignatureAndHashAlg sigAndHash;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    SSL_TRC(3, ("%d: SSL3[%d]: send certificate_verify handshake",
-                SSL_GETPID(), ss->fd));
-
-    isTLS13 = (PRBool)(ss->version >= SSL_LIBRARY_VERSION_TLS_1_3);
-    ssl_GetSpecReadLock(ss);
-    if (ss->ssl3.hs.hashType == handshake_hash_single &&
-        ss->ssl3.hs.backupHash) {
-        PORT_Assert(!ss->ssl3.hs.backupHash);
-        PORT_Assert(!isTLS13);
-        /* TODO(ekr@rtfm.com): The backup hash here contains a SHA-1 hash
-         * but in TLS 1.3, we always sign H(Context, Hash(handshake))
-         * where:
-         *
-         * H is the negotiated signature hash and
-         * Hash is the cipher-suite specific handshake hash
-         * Generally this means that Hash is SHA-256.
-         *
-         * We need code to negotiate H but the current code is a mess.
-         */
-        if (isTLS13) {
-            /* rv is already set to SECFailure */
-            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        } else {
-            rv = ssl3_ComputeBackupHandshakeHashes(ss, &hashes);
-        }
-    } else {
-        ssl3CipherSpec *spec;
-
-        if (isTLS13) {
-            /* In TLS 1.3, we are already encrypted. */
-            spec = ss->ssl3.cwSpec;
-        } else {
-            spec = ss->ssl3.pwSpec;
-        }
-
-        rv = ssl3_ComputeHandshakeHashes(ss, spec, &hashes, 0);
-    }
-    ssl_ReleaseSpecReadLock(ss);
-    if (rv != SECSuccess) {
-        goto done; /* err code was set by ssl3_ComputeHandshakeHashes */
-    }
-
-    if (isTLS13) {
-        rv = tls13_AddContextToHashes(ss, &hashes, tls13_GetHash(ss), PR_TRUE);
-        if (rv != SECSuccess) {
-            goto done; /* err code was set by tls13_AddContextToHashes */
-        }
-    }
-
-    isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0);
-    isTLS12 = (PRBool)(ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
-
-    keyType = privKey->keyType;
-    rv = ssl3_SignHashes(&hashes, privKey, &buf, isTLS);
-    if (rv == SECSuccess && !ss->sec.isServer) {
-        /* Remember the info about the slot that did the signing.
-        ** Later, when doing an SSL restart handshake, verify this.
-        ** These calls are mere accessors, and can't fail.
-        */
-        PK11SlotInfo *slot;
-        sslSessionID *sid = ss->sec.ci.sid;
-
-        slot = PK11_GetSlotFromPrivateKey(privKey);
-        sid->u.ssl3.clAuthSeries = PK11_GetSlotSeries(slot);
-        sid->u.ssl3.clAuthSlotID = PK11_GetSlotID(slot);
-        sid->u.ssl3.clAuthModuleID = PK11_GetModuleID(slot);
-        sid->u.ssl3.clAuthValid = PR_TRUE;
-        PK11_FreeSlot(slot);
-    }
-    if (rv != SECSuccess) {
-        goto done; /* err code was set by ssl3_SignHashes */
-    }
-
-    len = buf.len + 2 + (isTLS12 ? 2 : 0);
-
-    rv = ssl3_AppendHandshakeHeader(ss, certificate_verify, len);
-    if (rv != SECSuccess) {
-        goto done; /* error code set by AppendHandshake */
-    }
-    if (isTLS12) {
-        rv = ssl3_TLSSignatureAlgorithmForKeyType(keyType,
-                                                  &sigAndHash.sigAlg);
-        if (rv != SECSuccess) {
-            goto done;
-        }
-        sigAndHash.hashAlg = hashes.hashAlg;
-
-        rv = ssl3_AppendSignatureAndHashAlgorithm(ss, &sigAndHash);
-        if (rv != SECSuccess) {
-            goto done; /* err set by AppendHandshake. */
-        }
-    }
-    rv = ssl3_AppendHandshakeVariable(ss, buf.data, buf.len, 2);
-    if (rv != SECSuccess) {
-        goto done; /* error code set by AppendHandshake */
-    }
-
-done:
-    if (buf.data)
-        PORT_Free(buf.data);
-    return rv;
-}
-
-/* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
- * ssl3 ServerHello message.
- * Caller must hold Handshake and RecvBuf locks.
- */
-static SECStatus
-ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
-{
-    sslSessionID *sid = ss->sec.ci.sid;
-    PRInt32 temp; /* allow for consume number failure */
-    PRBool suite_found = PR_FALSE;
-    int i;
-    int errCode = SSL_ERROR_RX_MALFORMED_SERVER_HELLO;
-    SECStatus rv;
-    SECItem sidBytes = { siBuffer, NULL, 0 };
-    PRBool sid_match;
-    PRBool isTLS = PR_FALSE;
-    SSL3AlertDescription desc = illegal_parameter;
-    SSL3ProtocolVersion version;
-    SSL3ProtocolVersion downgradeCheckVersion;
-
-    SSL_TRC(3, ("%d: SSL3[%d]: handle server_hello handshake",
-                SSL_GETPID(), ss->fd));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-    PORT_Assert(ss->ssl3.initialized);
-
-    if (ss->ssl3.hs.ws != wait_server_hello) {
-        errCode = SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO;
-        desc = unexpected_message;
-        goto alert_loser;
-    }
-
-    /* clean up anything left from previous handshake. */
-    if (ss->ssl3.clientCertChain != NULL) {
-        CERT_DestroyCertificateList(ss->ssl3.clientCertChain);
-        ss->ssl3.clientCertChain = NULL;
-    }
-    if (ss->ssl3.clientCertificate != NULL) {
-        CERT_DestroyCertificate(ss->ssl3.clientCertificate);
-        ss->ssl3.clientCertificate = NULL;
-    }
-    if (ss->ssl3.clientPrivateKey != NULL) {
-        SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
-        ss->ssl3.clientPrivateKey = NULL;
-    }
-
-    if (ss->ssl3.channelID != NULL) {
-        SECKEY_DestroyPrivateKey(ss->ssl3.channelID);
-        ss->ssl3.channelID = NULL;
-    }
-    if (ss->ssl3.channelIDPub != NULL) {
-        SECKEY_DestroyPublicKey(ss->ssl3.channelIDPub);
-        ss->ssl3.channelIDPub = NULL;
-    }
-
-    temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
-    if (temp < 0) {
-        goto loser; /* alert has been sent */
-    }
-    version = (SSL3ProtocolVersion)temp;
-
-    if (IS_DTLS(ss)) {
-        /* RFC 4347 required that you verify that the server versions
-         * match (Section 4.2.1) in the HelloVerifyRequest and the
-         * ServerHello.
-         *
-         * RFC 6347 suggests (SHOULD) that servers always use 1.0
-         * in HelloVerifyRequest and allows the versions not to match,
-         * especially when 1.2 is being negotiated.
-         *
-         * Therefore we do not check for matching here.
-         */
-        version = dtls_DTLSVersionToTLSVersion(version);
-        if (version == 0) { /* Insane version number */
-            goto alert_loser;
-        }
-    }
-
-    rv = ssl3_NegotiateVersion(ss, version, PR_FALSE);
-    if (rv != SECSuccess) {
-        desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version
-                                                   : handshake_failure;
-        errCode = SSL_ERROR_UNSUPPORTED_VERSION;
-        goto alert_loser;
-    }
-    ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_version;
-    isTLS = (ss->version > SSL_LIBRARY_VERSION_3_0);
-
-    rv = ssl3_InitHandshakeHashes(ss);
-    if (rv != SECSuccess) {
-        desc = internal_error;
-        errCode = PORT_GetError();
-        goto alert_loser;
-    }
-
-    rv = ssl3_ConsumeHandshake(
-        ss, &ss->ssl3.hs.server_random, SSL3_RANDOM_LENGTH, &b, &length);
-    if (rv != SECSuccess) {
-        goto loser; /* alert has been sent */
-    }
-
-    /* Check the ServerHello.random per
-     * [draft-ietf-tls-tls13-11 Section 6.3.1.1].
-     *
-     * TLS 1.3 clients receiving a TLS 1.2 or below ServerHello MUST check
-     * that the top eight octets are not equal to either of these values.
-     * TLS 1.2 clients SHOULD also perform this check if the ServerHello
-     * indicates TLS 1.1 or below.  If a match is found the client MUST
-     * abort the handshake with a fatal "illegal_parameter" alert.
-     */
-    downgradeCheckVersion = ss->ssl3.downgradeCheckVersion ? ss->ssl3.downgradeCheckVersion
-                                                           : ss->vrange.max;
-
-    if (downgradeCheckVersion >= SSL_LIBRARY_VERSION_TLS_1_2 &&
-        downgradeCheckVersion > ss->version) {
-        if (!PORT_Memcmp(ss->ssl3.hs.server_random.rand,
-                         tls13_downgrade_random,
-                         sizeof(tls13_downgrade_random)) ||
-            !PORT_Memcmp(ss->ssl3.hs.server_random.rand,
-                         tls12_downgrade_random,
-                         sizeof(tls12_downgrade_random))) {
-            desc = illegal_parameter;
-            errCode = SSL_ERROR_RX_MALFORMED_SERVER_HELLO;
-            goto alert_loser;
-        }
-    }
-
-    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
-        rv = ssl3_ConsumeHandshakeVariable(ss, &sidBytes, 1, &b, &length);
-        if (rv != SECSuccess) {
-            goto loser; /* alert has been sent */
-        }
-        if (sidBytes.len > SSL3_SESSIONID_BYTES) {
-            if (isTLS)
-                desc = decode_error;
-            goto alert_loser; /* malformed. */
-        }
-    }
-
-    /* find selected cipher suite in our list. */
-    temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
-    if (temp < 0) {
-        goto loser; /* alert has been sent */
-    }
-    ssl3_config_match_init(ss);
-    for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
-        ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i];
-        if (temp == suite->cipher_suite) {
-            SSLVersionRange vrange = { ss->version, ss->version };
-            if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange, ss)) {
-                /* config_match already checks whether the cipher suite is
-                 * acceptable for the version, but the check is repeated here
-                 * in order to give a more precise error code. */
-                if (!ssl3_CipherSuiteAllowedForVersionRange(temp, &vrange)) {
-                    desc = handshake_failure;
-                    errCode = SSL_ERROR_CIPHER_DISALLOWED_FOR_VERSION;
-                    goto alert_loser;
-                }
-
-                break; /* failure */
-            }
-
-            suite_found = PR_TRUE;
-            break; /* success */
-        }
-    }
-    if (!suite_found) {
-        desc = handshake_failure;
-        errCode = SSL_ERROR_NO_CYPHER_OVERLAP;
-        goto alert_loser;
-    }
-    ss->ssl3.hs.cipher_suite = (ssl3CipherSuite)temp;
-    ss->ssl3.hs.suite_def = ssl_LookupCipherSuiteDef((ssl3CipherSuite)temp);
-    ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_cipher_suite;
-    PORT_Assert(ss->ssl3.hs.suite_def);
-    if (!ss->ssl3.hs.suite_def) {
-        errCode = SEC_ERROR_LIBRARY_FAILURE;
-        PORT_SetError(errCode);
-        goto loser; /* we don't send alerts for our screw-ups. */
-    }
-
-    ss->ssl3.hs.kea_def = &kea_defs[ss->ssl3.hs.suite_def->key_exchange_alg];
-
-    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
-        /* find selected compression method in our list. */
-        temp = ssl3_ConsumeHandshakeNumber(ss, 1, &b, &length);
-        if (temp < 0) {
-            goto loser; /* alert has been sent */
-        }
-        suite_found = PR_FALSE;
-        for (i = 0; i < compressionMethodsCount; i++) {
-            if (temp == compressions[i]) {
-                if (!compressionEnabled(ss, compressions[i])) {
-                    break; /* failure */
-                }
-                suite_found = PR_TRUE;
-                break; /* success */
-            }
-        }
-        if (!suite_found) {
-            desc = handshake_failure;
-            errCode = SSL_ERROR_NO_COMPRESSION_OVERLAP;
-            goto alert_loser;
-        }
-        ss->ssl3.hs.compression = (SSLCompressionMethod)temp;
-    } else {
-        ss->ssl3.hs.compression = ssl_compression_null;
-    }
-
-    /* Note that if !isTLS and the extra stuff is not extensions, we
-     * do NOT goto alert_loser.
-     * There are some old SSL 3.0 implementations that do send stuff
-     * after the end of the server hello, and we deliberately ignore
-     * such stuff in the interest of maximal interoperability (being
-     * "generous in what you accept").
-     * Update: Starting in NSS 3.12.6, we handle the renegotiation_info
-     * extension in SSL 3.0.
-     */
-    if (length != 0) {
-        SECItem extensions;
-        rv = ssl3_ConsumeHandshakeVariable(ss, &extensions, 2, &b, &length);
-        if (rv != SECSuccess || length != 0) {
-            if (isTLS)
-                goto alert_loser;
-        } else {
-            rv = ssl3_HandleHelloExtensions(ss, &extensions.data,
-                                            &extensions.len, server_hello);
-            if (rv != SECSuccess)
-                goto alert_loser;
-        }
-    }
-    if ((ss->opt.requireSafeNegotiation ||
-         (ss->firstHsDone && (ss->peerRequestedProtection ||
-                              ss->opt.enableRenegotiation ==
-                                  SSL_RENEGOTIATE_REQUIRES_XTN))) &&
-        !ssl3_ExtensionNegotiated(ss, ssl_renegotiation_info_xtn)) {
-        desc = handshake_failure;
-        errCode = ss->firstHsDone ? SSL_ERROR_RENEGOTIATION_NOT_ALLOWED
-                                  : SSL_ERROR_UNSAFE_NEGOTIATION;
-        goto alert_loser;
-    }
-
-    /* Any errors after this point are not "malformed" errors. */
-    desc = handshake_failure;
-
-    /* we need to call ssl3_SetupPendingCipherSpec here so we can check the
-     * key exchange algorithm. */
-    rv = ssl3_SetupPendingCipherSpec(ss);
-    if (rv != SECSuccess) {
-        goto alert_loser; /* error code is set. */
-    }
-
-    /* We may or may not have sent a session id, we may get one back or
-     * not and if so it may match the one we sent.
-     * Attempt to restore the master secret to see if this is so...
-     * Don't consider failure to find a matching SID an error.
-     */
-    sid_match = (PRBool)(sidBytes.len > 0 &&
-                         sidBytes.len ==
-                             sid->u.ssl3.sessionIDLength &&
-                         !PORT_Memcmp(sid->u.ssl3.sessionID, sidBytes.data, sidBytes.len));
-
-    if (sid_match &&
-        sid->version == ss->version &&
-        sid->u.ssl3.cipherSuite == ss->ssl3.hs.cipher_suite)
-        do {
-            ssl3CipherSpec *pwSpec = ss->ssl3.pwSpec;
-
-            SECItem wrappedMS; /* wrapped master secret. */
-
-            /* [draft-ietf-tls-session-hash-06; Section 5.3]
-             *
-             * o  If the original session did not use the "extended_master_secret"
-             *    extension but the new ServerHello contains the extension, the
-             *    client MUST abort the handshake.
-             */
-            if (!sid->u.ssl3.keys.extendedMasterSecretUsed &&
-                ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn)) {
-                errCode = SSL_ERROR_UNEXPECTED_EXTENDED_MASTER_SECRET;
-                goto alert_loser;
-            }
-
-            /*
-             *   o  If the original session used an extended master secret but the new
-             *      ServerHello does not contain the "extended_master_secret"
-             *      extension, the client SHOULD abort the handshake.
-             *
-             * TODO(ekr@rtfm.com): Add option to refuse to resume when EMS is not
-             * used at all (bug 1176526).
-             */
-            if (sid->u.ssl3.keys.extendedMasterSecretUsed &&
-                !ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn)) {
-                errCode = SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET;
-                goto alert_loser;
-            }
-
-            ss->sec.authAlgorithm = sid->authAlgorithm;
-            ss->sec.authKeyBits = sid->authKeyBits;
-            ss->sec.keaType = sid->keaType;
-            ss->sec.keaKeyBits = sid->keaKeyBits;
-
-            /* 3 cases here:
-             * a) key is wrapped (implies using PKCS11)
-             * b) key is unwrapped, but we're still using PKCS11
-             * c) key is unwrapped, and we're bypassing PKCS11.
-             */
-            if (sid->u.ssl3.keys.msIsWrapped) {
-                PK11SlotInfo *slot;
-                PK11SymKey *wrapKey; /* wrapping key */
-                CK_FLAGS keyFlags = 0;
-
-#ifndef NO_PKCS11_BYPASS
-                if (ss->opt.bypassPKCS11) {
-                    /* we cannot restart a non-bypass session in a
-                    ** bypass socket.
-                    */
-                    break;
-                }
-#endif
-                /* unwrap master secret with PKCS11 */
-                slot = SECMOD_LookupSlot(sid->u.ssl3.masterModuleID,
-                                         sid->u.ssl3.masterSlotID);
-                if (slot == NULL) {
-                    break; /* not considered an error. */
-                }
-                if (!PK11_IsPresent(slot)) {
-                    PK11_FreeSlot(slot);
-                    break; /* not considered an error. */
-                }
-                wrapKey = PK11_GetWrapKey(slot, sid->u.ssl3.masterWrapIndex,
-                                          sid->u.ssl3.masterWrapMech,
-                                          sid->u.ssl3.masterWrapSeries,
-                                          ss->pkcs11PinArg);
-                PK11_FreeSlot(slot);
-                if (wrapKey == NULL) {
-                    break; /* not considered an error. */
-                }
-
-                if (ss->version > SSL_LIBRARY_VERSION_3_0) { /* isTLS */
-                    keyFlags =
-                        CKF_SIGN | CKF_VERIFY;
-                }
-
-                wrappedMS.data = sid->u.ssl3.keys.wrapped_master_secret;
-                wrappedMS.len = sid->u.ssl3.keys.wrapped_master_secret_len;
-                pwSpec->master_secret =
-                    PK11_UnwrapSymKeyWithFlags(wrapKey, sid->u.ssl3.masterWrapMech,
-                                               NULL, &wrappedMS, CKM_SSL3_MASTER_KEY_DERIVE,
-                                               CKA_DERIVE, sizeof(SSL3MasterSecret), keyFlags);
-                errCode = PORT_GetError();
-                PK11_FreeSymKey(wrapKey);
-                if (pwSpec->master_secret == NULL) {
-                    break; /* errorCode set just after call to UnwrapSymKey. */
-                }
-#ifndef NO_PKCS11_BYPASS
-            } else if (ss->opt.bypassPKCS11) {
-                /* MS is not wrapped */
-                wrappedMS.data = sid->u.ssl3.keys.wrapped_master_secret;
-                wrappedMS.len = sid->u.ssl3.keys.wrapped_master_secret_len;
-                memcpy(pwSpec->raw_master_secret, wrappedMS.data, wrappedMS.len);
-                pwSpec->msItem.data = pwSpec->raw_master_secret;
-                pwSpec->msItem.len = wrappedMS.len;
-#endif
-            } else {
-                /* We CAN restart a bypass session in a non-bypass socket. */
-                /* need to import the raw master secret to session object */
-                PK11SlotInfo *slot = PK11_GetInternalSlot();
-                wrappedMS.data = sid->u.ssl3.keys.wrapped_master_secret;
-                wrappedMS.len = sid->u.ssl3.keys.wrapped_master_secret_len;
-                pwSpec->master_secret =
-                    PK11_ImportSymKey(slot, CKM_SSL3_MASTER_KEY_DERIVE,
-                                      PK11_OriginUnwrap, CKA_ENCRYPT,
-                                      &wrappedMS, NULL);
-                PK11_FreeSlot(slot);
-                if (pwSpec->master_secret == NULL) {
-                    break;
-                }
-            }
-
-            /* Got a Match */
-            SSL_AtomicIncrementLong(&ssl3stats.hsh_sid_cache_hits);
-
-            /* If we sent a session ticket, then this is a stateless resume. */
-            if (ss->xtnData.sentSessionTicketInClientHello)
-                SSL_AtomicIncrementLong(&ssl3stats.hsh_sid_stateless_resumes);
-
-            if (ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn))
-                ss->ssl3.hs.ws = wait_new_session_ticket;
-            else
-                ss->ssl3.hs.ws = wait_change_cipher;
-
-            ss->ssl3.hs.isResuming = PR_TRUE;
-
-            /* copy the peer cert from the SID */
-            if (sid->peerCert != NULL) {
-                ss->sec.peerCert = CERT_DupCertificate(sid->peerCert);
-                ssl3_CopyPeerCertsFromSID(ss, sid);
-            }
-
-            /* NULL value for PMS because we are reusing the old MS */
-            rv = ssl3_InitPendingCipherSpec(ss, NULL);
-            if (rv != SECSuccess) {
-                goto alert_loser; /* err code was set */
-            }
-            goto winner;
-        } while (0);
-
-    if (sid_match)
-        SSL_AtomicIncrementLong(&ssl3stats.hsh_sid_cache_not_ok);
-    else
-        SSL_AtomicIncrementLong(&ssl3stats.hsh_sid_cache_misses);
-
-    /* throw the old one away */
-    sid->u.ssl3.keys.resumable = PR_FALSE;
-    if (ss->sec.uncache)
-        (*ss->sec.uncache)(sid);
-    ssl_FreeSID(sid);
-
-    /* get a new sid */
-    ss->sec.ci.sid = sid = ssl3_NewSessionID(ss, PR_FALSE);
-    if (sid == NULL) {
-        goto alert_loser; /* memory error is set. */
-    }
-
-    sid->version = ss->version;
-    sid->u.ssl3.sessionIDLength = sidBytes.len;
-    PORT_Memcpy(sid->u.ssl3.sessionID, sidBytes.data, sidBytes.len);
-
-    sid->u.ssl3.keys.extendedMasterSecretUsed =
-        ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn);
-
-    /* Copy Signed Certificate Timestamps, if any. */
-    if (ss->xtnData.signedCertTimestamps.data) {
-        rv = SECITEM_CopyItem(NULL, &sid->u.ssl3.signedCertTimestamps,
-                              &ss->xtnData.signedCertTimestamps);
-        if (rv != SECSuccess)
-            goto loser;
-        /* Clean up the temporary pointer to the handshake buffer. */
-        ss->xtnData.signedCertTimestamps.data = NULL;
-        ss->xtnData.signedCertTimestamps.len = 0;
-    }
-
-    ss->ssl3.hs.isResuming = PR_FALSE;
-    if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
-        rv = tls13_HandleServerKeyShare(ss);
-        if (rv != SECSuccess)
-            goto alert_loser;
-        TLS13_SET_HS_STATE(ss, wait_encrypted_extensions);
-    } else if (ss->ssl3.hs.kea_def->signKeyType != ssl_sign_null) {
-        /* All current cipher suites other than those with ssl_sign_null (i.e.,
-         * (EC)DH_anon_* suites) require a certificate, so use that signal. */
-        ss->ssl3.hs.ws = wait_server_cert;
-    } else {
-        /* All the remaining cipher suites must be (EC)DH_anon_* and so
-         * must be ephemeral. Note, if we ever add PSK this might
-         * change. */
-        PORT_Assert(ss->ssl3.hs.kea_def->ephemeral);
-        ss->ssl3.hs.ws = wait_server_key;
-    }
-
-winner:
-    /* If we will need a ChannelID key then we make the callback now. This
-     * allows the handshake to be restarted cleanly if the callback returns
-     * SECWouldBlock. */
-    if (ssl3_ExtensionNegotiated(ss, ssl_channel_id_xtn)) {
-        rv = ss->getChannelID(ss->getChannelIDArg, ss->fd,
-                              &ss->ssl3.channelIDPub, &ss->ssl3.channelID);
-        if (rv == SECWouldBlock) {
-            ssl3_SetAlwaysBlock(ss);
-            return rv;
-        }
-        if (rv != SECSuccess ||
-            ss->ssl3.channelIDPub == NULL ||
-            ss->ssl3.channelID == NULL) {
-            PORT_SetError(SSL_ERROR_GET_CHANNEL_ID_FAILED);
-            desc = internal_error;
-            goto alert_loser;
-        }
-    }
-
-    return SECSuccess;
-
-alert_loser:
-    (void)SSL3_SendAlert(ss, alert_fatal, desc);
-
-loser:
-    /* Clean up the temporary pointer to the handshake buffer. */
-    ss->xtnData.signedCertTimestamps.data = NULL;
-    ss->xtnData.signedCertTimestamps.len = 0;
-    ssl_MapLowLevelError(errCode);
-    return SECFailure;
-}
-
-/* Called from ssl3_HandlePostHelloHandshakeMessage() when it has deciphered a
- * complete ssl3 ServerKeyExchange message.
- * Caller must hold Handshake and RecvBuf locks.
- */
-static SECStatus
-ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
-{
-    PLArenaPool *arena = NULL;
-    SECKEYPublicKey *peerKey = NULL;
-    PRBool isTLS, isTLS12;
-    SECStatus rv;
-    int errCode = SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH;
-    SSL3AlertDescription desc = illegal_parameter;
-    SSL3Hashes hashes;
-    SECItem signature = { siBuffer, NULL, 0 };
-    SSLSignatureAndHashAlg sigAndHash;
-
-    sigAndHash.hashAlg = ssl_hash_none;
-
-    SSL_TRC(3, ("%d: SSL3[%d]: handle server_key_exchange handshake",
-                SSL_GETPID(), ss->fd));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    if (ss->ssl3.hs.ws != wait_server_key) {
-        errCode = SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH;
-        desc = unexpected_message;
-        goto alert_loser;
-    }
-
-    isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0);
-    isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
-
-    switch (ss->ssl3.hs.kea_def->exchKeyType) {
-
-        case kt_rsa: {
-            SECItem modulus = { siBuffer, NULL, 0 };
-            SECItem exponent = { siBuffer, NULL, 0 };
-
-            rv = ssl3_ConsumeHandshakeVariable(ss, &modulus, 2, &b, &length);
-            if (rv != SECSuccess) {
-                goto loser; /* malformed. */
-            }
-            /* This exchange method is only used by export cipher suites.
-             * Those are broken and so this code will eventually be removed. */
-            if (SECKEY_BigIntegerBitLength(&modulus) < 512) {
-                desc = isTLS ? insufficient_security : illegal_parameter;
-                goto alert_loser;
-            }
-            rv = ssl3_ConsumeHandshakeVariable(ss, &exponent, 2, &b, &length);
-            if (rv != SECSuccess) {
-                goto loser; /* malformed. */
-            }
-            if (isTLS12) {
-                rv = ssl3_ConsumeSignatureAndHashAlgorithm(ss, &b, &length,
-                                                           &sigAndHash);
-                if (rv != SECSuccess) {
-                    goto loser; /* malformed or unsupported. */
-                }
-                rv = ssl3_CheckSignatureAndHashAlgorithmConsistency(ss,
-                                                                    &sigAndHash, ss->sec.peerCert);
-                if (rv != SECSuccess) {
-                    goto loser;
-                }
-            }
-            rv = ssl3_ConsumeHandshakeVariable(ss, &signature, 2, &b, &length);
-            if (rv != SECSuccess) {
-                goto loser; /* malformed. */
-            }
-            if (length != 0) {
-                if (isTLS)
-                    desc =
-                        decode_error;
-                goto alert_loser; /* malformed. */
-            }
-
-            /* failures after this point are not malformed handshakes. */
-            /* TLS: send decrypt_error if signature failed. */
-            desc = isTLS ? decrypt_error : handshake_failure;
-
-            /*
-             *  check to make sure the hash is signed by right guy
-             */
-            rv = ssl3_ComputeExportRSAKeyHash(sigAndHash.hashAlg, modulus, exponent,
-                                              &ss->ssl3.hs.client_random,
-                                              &ss->ssl3.hs.server_random,
-                                              &hashes, ss->opt.bypassPKCS11);
-            if (rv != SECSuccess) {
-                errCode =
-                    ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
-                goto alert_loser;
-            }
-            rv = ssl3_VerifySignedHashes(&hashes, ss->sec.peerCert, &signature,
-                                         isTLS, ss->pkcs11PinArg);
-            if (rv != SECSuccess) {
-                errCode =
-                    ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
-                goto alert_loser;
-            }
-
-            /*
-             * we really need to build a new key here because we can no longer
-             * ignore calling SECKEY_DestroyPublicKey. Using the key may allocate
-             * pkcs11 slots and ID's.
-             */
-            arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-            if (arena == NULL) {
-                goto no_memory;
-            }
-
-            peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey);
-            if (peerKey == NULL) {
-                goto no_memory;
-            }
-
-            peerKey->arena = arena;
-            peerKey->keyType = rsaKey;
-            peerKey->pkcs11Slot = NULL;
-            peerKey->pkcs11ID = CK_INVALID_HANDLE;
-            if (SECITEM_CopyItem(arena, &peerKey->u.rsa.modulus, &modulus) ||
-                SECITEM_CopyItem(arena, &peerKey->u.rsa.publicExponent, &exponent)) {
-                goto no_memory;
-            }
-            ss->sec.peerKey = peerKey;
-            ss->ssl3.hs.ws = wait_cert_request;
-            return SECSuccess;
-        }
-
-        case kt_dh: {
-            SECItem dh_p = { siBuffer, NULL, 0 };
-            SECItem dh_g = { siBuffer, NULL, 0 };
-            SECItem dh_Ys = { siBuffer, NULL, 0 };
-            unsigned dh_p_bits;
-            unsigned dh_g_bits;
-            unsigned dh_Ys_bits;
-            PRInt32 minDH;
-
-            rv = ssl3_ConsumeHandshakeVariable(ss, &dh_p, 2, &b, &length);
-            if (rv != SECSuccess) {
-                goto loser; /* malformed. */
-            }
-
-            rv = NSS_OptionGet(NSS_DH_MIN_KEY_SIZE, &minDH);
-            if (rv != SECSuccess) {
-                minDH = SSL_DH_MIN_P_BITS;
-            }
-            dh_p_bits = SECKEY_BigIntegerBitLength(&dh_p);
-            if (dh_p_bits < minDH) {
-                errCode = SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY;
-                goto alert_loser;
-            }
-            rv = ssl3_ConsumeHandshakeVariable(ss, &dh_g, 2, &b, &length);
-            if (rv != SECSuccess) {
-                goto loser; /* malformed. */
-            }
-            /* Abort if dh_g is 0, 1, or obviously too big. */
-            dh_g_bits = SECKEY_BigIntegerBitLength(&dh_g);
-            if (dh_g_bits > dh_p_bits || dh_g_bits <= 1)
-                goto alert_loser;
-            rv = ssl3_ConsumeHandshakeVariable(ss, &dh_Ys, 2, &b, &length);
-            if (rv != SECSuccess) {
-                goto loser; /* malformed. */
-            }
-            dh_Ys_bits = SECKEY_BigIntegerBitLength(&dh_Ys);
-            if (dh_Ys_bits > dh_p_bits || dh_Ys_bits <= 1)
-                goto alert_loser;
-            if (isTLS12) {
-                rv = ssl3_ConsumeSignatureAndHashAlgorithm(ss, &b, &length,
-                                                           &sigAndHash);
-                if (rv != SECSuccess) {
-                    goto loser; /* malformed or unsupported. */
-                }
-                rv = ssl3_CheckSignatureAndHashAlgorithmConsistency(ss,
-                                                                    &sigAndHash, ss->sec.peerCert);
-                if (rv != SECSuccess) {
-                    goto loser;
-                }
-            }
-            rv = ssl3_ConsumeHandshakeVariable(ss, &signature, 2, &b, &length);
-            if (rv != SECSuccess) {
-                goto loser; /* malformed. */
-            }
-            if (length != 0) {
-                if (isTLS)
-                    desc =
-                        decode_error;
-                goto alert_loser; /* malformed. */
-            }
-
-            PRINT_BUF(60, (NULL, "Server DH p", dh_p.data, dh_p.len));
-            PRINT_BUF(60, (NULL, "Server DH g", dh_g.data, dh_g.len));
-            PRINT_BUF(60, (NULL, "Server DH Ys", dh_Ys.data, dh_Ys.len));
-
-            /* failures after this point are not malformed handshakes. */
-            /* TLS: send decrypt_error if signature failed. */
-            desc = isTLS ? decrypt_error : handshake_failure;
-
-            /*
-             *  check to make sure the hash is signed by right guy
-             */
-            rv = ssl3_ComputeDHKeyHash(sigAndHash.hashAlg, dh_p, dh_g, dh_Ys,
-                                       &ss->ssl3.hs.client_random,
-                                       &ss->ssl3.hs.server_random,
-                                       &hashes, ss->opt.bypassPKCS11);
-            if (rv != SECSuccess) {
-                errCode =
-                    ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
-                goto alert_loser;
-            }
-            rv = ssl3_VerifySignedHashes(&hashes, ss->sec.peerCert, &signature,
-                                         isTLS, ss->pkcs11PinArg);
-            if (rv != SECSuccess) {
-                errCode =
-                    ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
-                goto alert_loser;
-            }
-
-            /*
-             * we really need to build a new key here because we can no longer
-             * ignore calling SECKEY_DestroyPublicKey. Using the key may allocate
-             * pkcs11 slots and ID's.
-             */
-            arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-            if (arena == NULL) {
-                goto no_memory;
-            }
-
-            peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey);
-            if (peerKey == NULL) {
-                goto no_memory;
-            }
-
-            peerKey->arena = arena;
-            peerKey->keyType = dhKey;
-            peerKey->pkcs11Slot = NULL;
-            peerKey->pkcs11ID = CK_INVALID_HANDLE;
-
-            if (SECITEM_CopyItem(arena, &peerKey->u.dh.prime, &dh_p) ||
-                SECITEM_CopyItem(arena, &peerKey->u.dh.base, &dh_g) ||
-                SECITEM_CopyItem(arena, &peerKey->u.dh.publicValue, &dh_Ys)) {
-                goto no_memory;
-            }
-            ss->sec.peerKey = peerKey;
-            ss->ssl3.hs.ws = wait_cert_request;
-            return SECSuccess;
-        }
-
-#ifndef NSS_DISABLE_ECC
-        case kt_ecdh:
-            rv = ssl3_HandleECDHServerKeyExchange(ss, b, length);
-            return rv;
-#endif /* NSS_DISABLE_ECC */
-
-        default:
-            desc = handshake_failure;
-            errCode = SEC_ERROR_UNSUPPORTED_KEYALG;
-            break; /* goto alert_loser; */
-    }
-
-alert_loser:
-    (void)SSL3_SendAlert(ss, alert_fatal, desc);
-loser:
-    if (arena) {
-        PORT_FreeArena(arena, PR_FALSE);
-    }
-    PORT_SetError(errCode);
-    return SECFailure;
-
-no_memory: /* no-memory error has already been set. */
-    if (arena) {
-        PORT_FreeArena(arena, PR_FALSE);
-    }
-    ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
-    return SECFailure;
-}
-
-/*
- * Returns the TLS signature algorithm for the client authentication key and
- * whether it is an RSA or DSA key that may be able to sign only SHA-1 hashes.
- */
-static SECStatus
-ssl3_ExtractClientKeyInfo(sslSocket *ss,
-                          SSLSignType *sigAlg,
-                          PRBool *preferSha1)
-{
-    SECStatus rv = SECSuccess;
-    SECKEYPublicKey *pubk;
-
-    pubk = CERT_ExtractPublicKey(ss->ssl3.clientCertificate);
-    if (pubk == NULL) {
-        rv = SECFailure;
-        goto done;
-    }
-
-    rv = ssl3_TLSSignatureAlgorithmForKeyType(pubk->keyType, sigAlg);
-    if (rv != SECSuccess) {
-        goto done;
-    }
-
-    /* If the key is a 1024-bit RSA or DSA key, assume conservatively that
-     * it may be unable to sign SHA-256 hashes. This is the case for older
-     * Estonian ID cards that have 1024-bit RSA keys. In FIPS 186-2 and
-     * older, DSA key size is at most 1024 bits and the hash function must
-     * be SHA-1.
-     */
-    if (pubk->keyType == rsaKey || pubk->keyType == dsaKey) {
-        *preferSha1 = SECKEY_PublicKeyStrength(pubk) <= 128;
-    } else {
-        *preferSha1 = PR_FALSE;
-    }
-
-done:
-    if (pubk)
-        SECKEY_DestroyPublicKey(pubk);
-    return rv;
-}
-
-/* Destroys the backup handshake hash context if we don't need it. Note that
- * this function selects the hash algorithm for client authentication
- * signatures; ssl3_SendCertificateVerify uses the presence of the backup hash
- * to determine whether to use SHA-1 or SHA-256. */
-static void
-ssl3_DestroyBackupHandshakeHashIfNotNeeded(sslSocket *ss,
-                                           const SECItem *algorithms)
-{
-    SECStatus rv;
-    SSLSignType sigAlg;
-    PRBool preferSha1 = PR_FALSE;
-    PRBool supportsSha1 = PR_FALSE;
-    PRBool supportsSha256 = PR_FALSE;
-    PRBool needBackupHash = PR_FALSE;
-    unsigned int i;
-
-#ifndef NO_PKCS11_BYPASS
-    /* Backup handshake hash is not supported in PKCS #11 bypass mode. */
-    if (ss->opt.bypassPKCS11) {
-        PORT_Assert(!ss->ssl3.hs.backupHash);
-        return;
-    }
-#endif
-    PORT_Assert(ss->ssl3.hs.backupHash);
-
-    /* Determine the key's signature algorithm and whether it prefers SHA-1. */
-    rv = ssl3_ExtractClientKeyInfo(ss, &sigAlg, &preferSha1);
-    if (rv != SECSuccess) {
-        goto done;
-    }
-
-    /* Determine the server's hash support for that signature algorithm. */
-    for (i = 0; i < algorithms->len; i += 2) {
-        if (algorithms->data[i + 1] == sigAlg) {
-            if (algorithms->data[i] == ssl_hash_sha1) {
-                supportsSha1 = PR_TRUE;
-            } else if (algorithms->data[i] == ssl_hash_sha256) {
-                supportsSha256 = PR_TRUE;
-            }
-        }
-    }
-
-    /* If either the server does not support SHA-256 or the client key prefers
-     * SHA-1, leave the backup hash. */
-    if (supportsSha1 && (preferSha1 || !supportsSha256)) {
-        needBackupHash = PR_TRUE;
-    }
-
-done:
-    if (!needBackupHash) {
-        PK11_DestroyContext(ss->ssl3.hs.backupHash, PR_TRUE);
-        ss->ssl3.hs.backupHash = NULL;
-    }
-}
-
-typedef struct dnameNode {
-    struct dnameNode *next;
-    SECItem name;
-} dnameNode;
-
-/*
- * Parse the ca_list structure in a CertificateRequest.
- *
- * Called from:
- * ssl3_HandleCertificateRequest
- * tls13_HandleCertificateRequest
- */
-SECStatus
-ssl3_ParseCertificateRequestCAs(sslSocket *ss, SSL3Opaque **b, PRUint32 *length,
-                                PLArenaPool *arena, CERTDistNames *ca_list)
-{
-    PRInt32 remaining;
-    int nnames = 0;
-    dnameNode *node;
-    int i;
-
-    remaining = ssl3_ConsumeHandshakeNumber(ss, 2, b, length);
-    if (remaining < 0)
-        return SECFailure; /* malformed, alert has been sent */
-
-    if ((PRUint32)remaining > *length)
-        goto alert_loser;
-
-    ca_list->head = node = PORT_ArenaZNew(arena, dnameNode);
-    if (node == NULL)
-        goto no_mem;
-
-    while (remaining > 0) {
-        PRInt32 len;
-
-        if (remaining < 2)
-            goto alert_loser; /* malformed */
-
-        node->name.len = len = ssl3_ConsumeHandshakeNumber(ss, 2, b, length);
-        if (len <= 0)
-            return SECFailure; /* malformed, alert has been sent */
-
-        remaining -= 2;
-        if (remaining < len)
-            goto alert_loser; /* malformed */
-
-        node->name.data = *b;
-        *b += len;
-        *length -= len;
-        remaining -= len;
-        nnames++;
-        if (remaining <= 0)
-            break; /* success */
-
-        node->next = PORT_ArenaZNew(arena, dnameNode);
-        node = node->next;
-        if (node == NULL)
-            goto no_mem;
-    }
-
-    ca_list->nnames = nnames;
-    ca_list->names = PORT_ArenaNewArray(arena, SECItem, nnames);
-    if (nnames > 0 && ca_list->names == NULL)
-        goto no_mem;
-
-    for (i = 0, node = (dnameNode *)ca_list->head;
-         i < nnames;
-         i++, node = node->next) {
-        ca_list->names[i] = node->name;
-    }
-
-    return SECSuccess;
-
-no_mem:
-    PORT_SetError(SEC_ERROR_NO_MEMORY);
-    return SECFailure;
-
-alert_loser:
-    (void)SSL3_SendAlert(ss, alert_fatal,
-                         ss->version < SSL_LIBRARY_VERSION_TLS_1_0 ? illegal_parameter
-                                                                   : decode_error);
-    PORT_SetError(SSL_ERROR_RX_MALFORMED_CERT_REQUEST);
-    return SECFailure;
-}
-
-/* Called from ssl3_HandlePostHelloHandshakeMessage() when it has deciphered
- * a complete ssl3 Certificate Request message.
- * Caller must hold Handshake and RecvBuf locks.
- */
-static SECStatus
-ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
-{
-    PLArenaPool *arena = NULL;
-    PRBool isTLS = PR_FALSE;
-    PRBool isTLS12 = PR_FALSE;
-    int errCode = SSL_ERROR_RX_MALFORMED_CERT_REQUEST;
-    SECStatus rv;
-    SSL3AlertDescription desc = illegal_parameter;
-    SECItem cert_types = { siBuffer, NULL, 0 };
-    SECItem algorithms = { siBuffer, NULL, 0 };
-    CERTDistNames ca_list;
-
-    SSL_TRC(3, ("%d: SSL3[%d]: handle certificate_request handshake",
-                SSL_GETPID(), ss->fd));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    if (ss->ssl3.hs.ws != wait_cert_request) {
-        desc = unexpected_message;
-        errCode = SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST;
-        goto alert_loser;
-    }
-
-    PORT_Assert(ss->ssl3.clientCertChain == NULL);
-    PORT_Assert(ss->ssl3.clientCertificate == NULL);
-    PORT_Assert(ss->ssl3.clientPrivateKey == NULL);
-
-    isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0);
-    isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
-    rv = ssl3_ConsumeHandshakeVariable(ss, &cert_types, 1, &b, &length);
-    if (rv != SECSuccess)
-        goto loser; /* malformed, alert has been sent */
-
-    PORT_Assert(!ss->requestedCertTypes);
-    ss->requestedCertTypes = &cert_types;
-
-    if (isTLS12) {
-        rv = ssl3_ConsumeHandshakeVariable(ss, &algorithms, 2, &b, &length);
-        if (rv != SECSuccess)
-            goto loser; /* malformed, alert has been sent */
-        /* An empty or odd-length value is invalid.
-         *    SignatureAndHashAlgorithm
-         *      supported_signature_algorithms<2..2^16-2>;
-         */
-        if (algorithms.len == 0 || (algorithms.len & 1) != 0)
-            goto alert_loser;
-    }
-
-    arena = ca_list.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-    if (arena == NULL)
-        goto no_mem;
-
-    rv = ssl3_ParseCertificateRequestCAs(ss, &b, &length, arena, &ca_list);
-    if (rv != SECSuccess)
-        goto done; /* alert sent in ssl3_ParseCertificateRequestCAs */
-
-    if (length != 0)
-        goto alert_loser; /* malformed */
-
-    desc = no_certificate;
-
-    ss->ssl3.hs.ws = wait_hello_done;
-
-    rv = ssl3_CompleteHandleCertificateRequest(ss, &algorithms, &ca_list);
-    if (rv == SECFailure) {
-        PORT_Assert(0);
-        errCode = SEC_ERROR_LIBRARY_FAILURE;
-        desc = internal_error;
-        goto alert_loser;
-    }
-    goto done;
-
-no_mem:
-    rv = SECFailure;
-    PORT_SetError(SEC_ERROR_NO_MEMORY);
-    goto done;
-
-alert_loser:
-    if (isTLS && desc == illegal_parameter)
-        desc = decode_error;
-    (void)SSL3_SendAlert(ss, alert_fatal, desc);
-loser:
-    PORT_SetError(errCode);
-    rv = SECFailure;
-done:
-    ss->requestedCertTypes = NULL;
-    if (arena != NULL)
-        PORT_FreeArena(arena, PR_FALSE);
-    return rv;
-}
-
-SECStatus
-ssl3_CompleteHandleCertificateRequest(sslSocket *ss, SECItem *algorithms,
-                                      CERTDistNames *ca_list)
-{
-    SECStatus rv;
-
-    if (ss->getClientAuthData != NULL) {
-        PORT_Assert((ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) ==
-                    ssl_preinfo_all);
-        /* XXX Should pass cert_types and algorithms in this call!! */
-        rv = (SECStatus)(*ss->getClientAuthData)(ss->getClientAuthDataArg,
-                                                 ss->fd, ca_list,
-                                                 &ss->ssl3.clientCertificate,
-                                                 &ss->ssl3.clientPrivateKey);
-    } else {
-        rv = SECFailure; /* force it to send a no_certificate alert */
-    }
-    switch (rv) {
-        case SECWouldBlock: /* getClientAuthData has put up a dialog box. */
-            ssl3_SetAlwaysBlock(ss);
-            break; /* not an error */
-
-        case SECSuccess:
-            /* check what the callback function returned */
-            if ((!ss->ssl3.clientCertificate) || (!ss->ssl3.clientPrivateKey)) {
-                /* we are missing either the key or cert */
-                if (ss->ssl3.clientCertificate) {
-                    /* got a cert, but no key - free it */
-                    CERT_DestroyCertificate(ss->ssl3.clientCertificate);
-                    ss->ssl3.clientCertificate = NULL;
-                }
-                if (ss->ssl3.clientPrivateKey) {
-                    /* got a key, but no cert - free it */
-                    SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
-                    ss->ssl3.clientPrivateKey = NULL;
-                }
-                goto send_no_certificate;
-            }
-            /* Setting ssl3.clientCertChain non-NULL will cause
-             * ssl3_HandleServerHelloDone to call SendCertificate.
-             */
-            ss->ssl3.clientCertChain = CERT_CertChainFromCert(
-                ss->ssl3.clientCertificate,
-                certUsageSSLClient, PR_FALSE);
-            if (ss->ssl3.clientCertChain == NULL) {
-                CERT_DestroyCertificate(ss->ssl3.clientCertificate);
-                ss->ssl3.clientCertificate = NULL;
-                SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
-                ss->ssl3.clientPrivateKey = NULL;
-                goto send_no_certificate;
-            }
-            if (ss->ssl3.hs.hashType == handshake_hash_single) {
-                ssl3_DestroyBackupHandshakeHashIfNotNeeded(ss, algorithms);
-            }
-            break; /* not an error */
-
-        case SECFailure:
-        default:
-        send_no_certificate:
-            if (ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0) {
-                ss->ssl3.sendEmptyCert = PR_TRUE;
-            } else {
-                (void)SSL3_SendAlert(ss, alert_warning, no_certificate);
-            }
-            rv = SECSuccess;
-            break;
-    }
-
-    return rv;
-}
-
-/*
- * attempt to restart the handshake after asynchronously handling
- * a request for the client's certificate.
- *
- * inputs:
- *	cert	Client cert chosen by application.
- *		Note: ssl takes this reference, and does not bump the
- *		reference count.  The caller should drop its reference
- *		without calling CERT_DestroyCert after calling this function.
- *
- *	key	Private key associated with cert.  This function takes
- *		ownership of the private key, so the caller should drop its
- *		reference without destroying the private key after this
- *		function returns.
- *
- *	certChain  DER-encoded certs, client cert and its signers.
- *		Note: ssl takes this reference, and does not copy the chain.
- *		The caller should drop its reference without destroying the
- *		chain.  SSL will free the chain when it is done with it.
- *
- * Return value: XXX
- *
- * XXX This code only works on the initial handshake on a connection, XXX
- *     It does not work on a subsequent handshake (redo).
- *
- * Caller holds 1stHandshakeLock.
- */
-SECStatus
-ssl3_RestartHandshakeAfterCertReq(sslSocket *ss,
-                                  CERTCertificate *cert,
-                                  SECKEYPrivateKey *key,
-                                  CERTCertificateList *certChain)
-{
-    SECStatus rv = SECSuccess;
-
-    /* XXX This code only works on the initial handshake on a connection,
-    ** XXX It does not work on a subsequent handshake (redo).
-    */
-    if (ss->handshake != 0) {
-        ss->handshake = ssl_GatherRecord1stHandshake;
-        ss->ssl3.clientCertificate = cert;
-        ss->ssl3.clientPrivateKey = key;
-        ss->ssl3.clientCertChain = certChain;
-        if (!cert || !key || !certChain) {
-            /* we are missing the key, cert, or cert chain */
-            if (ss->ssl3.clientCertificate) {
-                CERT_DestroyCertificate(ss->ssl3.clientCertificate);
-                ss->ssl3.clientCertificate = NULL;
-            }
-            if (ss->ssl3.clientPrivateKey) {
-                SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
-                ss->ssl3.clientPrivateKey = NULL;
-            }
-            if (ss->ssl3.clientCertChain != NULL) {
-                CERT_DestroyCertificateList(ss->ssl3.clientCertChain);
-                ss->ssl3.clientCertChain = NULL;
-            }
-            if (ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0) {
-                ss->ssl3.sendEmptyCert = PR_TRUE;
-            } else {
-                (void)SSL3_SendAlert(ss, alert_warning, no_certificate);
-            }
-        }
-    } else {
-        if (cert) {
-            CERT_DestroyCertificate(cert);
-        }
-        if (key) {
-            SECKEY_DestroyPrivateKey(key);
-        }
-        if (certChain) {
-            CERT_DestroyCertificateList(certChain);
-        }
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        rv = SECFailure;
-    }
-    return rv;
-}
-
-static SECStatus
-ssl3_CheckFalseStart(sslSocket *ss)
-{
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-    PORT_Assert(!ss->ssl3.hs.authCertificatePending);
-    PORT_Assert(!ss->ssl3.hs.canFalseStart);
-
-    if (!ss->canFalseStartCallback) {
-        SSL_TRC(3, ("%d: SSL[%d]: no false start callback so no false start",
-                    SSL_GETPID(), ss->fd));
-    } else {
-        PRBool maybeFalseStart;
-        SECStatus rv;
-
-        /* An attacker can control the selected ciphersuite so we only wish to
-         * do False Start in the case that the selected ciphersuite is
-         * sufficiently strong that the attack can gain no advantage.
-         * Therefore we always require an 80-bit cipher. */
-        ssl_GetSpecReadLock(ss);
-        maybeFalseStart = ss->ssl3.cwSpec->cipher_def->secret_key_size >= 10;
-        ssl_ReleaseSpecReadLock(ss);
-
-        if (!maybeFalseStart) {
-            SSL_TRC(3, ("%d: SSL[%d]: no false start due to weak cipher",
-                        SSL_GETPID(), ss->fd));
-        } else {
-            PORT_Assert((ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) ==
-                        ssl_preinfo_all);
-            rv = (ss->canFalseStartCallback)(ss->fd,
-                                             ss->canFalseStartCallbackData,
-                                             &ss->ssl3.hs.canFalseStart);
-            if (rv == SECSuccess) {
-                SSL_TRC(3, ("%d: SSL[%d]: false start callback returned %s",
-                            SSL_GETPID(), ss->fd,
-                            ss->ssl3.hs.canFalseStart ? "TRUE"
-                                                      : "FALSE"));
-            } else {
-                SSL_TRC(3, ("%d: SSL[%d]: false start callback failed (%s)",
-                            SSL_GETPID(), ss->fd,
-                            PR_ErrorToName(PR_GetError())));
-            }
-            return rv;
-        }
-    }
-
-    ss->ssl3.hs.canFalseStart = PR_FALSE;
-    return SECSuccess;
-}
-
-PRBool
-ssl3_WaitingForServerSecondRound(sslSocket *ss)
-{
-    PRBool result;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    switch (ss->ssl3.hs.ws) {
-        case wait_new_session_ticket:
-        case wait_change_cipher:
-        case wait_finished:
-            result = PR_TRUE;
-            break;
-        default:
-            result = PR_FALSE;
-            break;
-    }
-
-    return result;
-}
-
-static SECStatus ssl3_SendClientSecondRound(sslSocket *ss);
-
-/* Called from ssl3_HandlePostHelloHandshakeMessage() when it has deciphered
- * a complete ssl3 Server Hello Done message.
- * Caller must hold Handshake and RecvBuf locks.
- */
-static SECStatus
-ssl3_HandleServerHelloDone(sslSocket *ss)
-{
-    SECStatus rv;
-    SSL3WaitState ws = ss->ssl3.hs.ws;
-
-    SSL_TRC(3, ("%d: SSL3[%d]: handle server_hello_done handshake",
-                SSL_GETPID(), ss->fd));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    /* Skipping CertificateRequest is always permitted. */
-    if (ws != wait_hello_done &&
-        ws != wait_cert_request) {
-        SSL3_SendAlert(ss, alert_fatal, unexpected_message);
-        PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE);
-        return SECFailure;
-    }
-
-    rv = ssl3_SendClientSecondRound(ss);
-
-    return rv;
-}
-
-/* Called from ssl3_HandleServerHelloDone and ssl3_AuthCertificateComplete.
- *
- * Caller must hold Handshake and RecvBuf locks.
- */
-static SECStatus
-ssl3_SendClientSecondRound(sslSocket *ss)
-{
-    SECStatus rv;
-    PRBool sendClientCert;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    sendClientCert = !ss->ssl3.sendEmptyCert &&
-                     ss->ssl3.clientCertChain != NULL &&
-                     ss->ssl3.clientPrivateKey != NULL;
-
-    if (!sendClientCert &&
-        ss->ssl3.hs.hashType == handshake_hash_single &&
-        ss->ssl3.hs.backupHash) {
-        /* Don't need the backup handshake hash. */
-        PK11_DestroyContext(ss->ssl3.hs.backupHash, PR_TRUE);
-        ss->ssl3.hs.backupHash = NULL;
-    }
-
-    /* We must wait for the server's certificate to be authenticated before
-     * sending the client certificate in order to disclosing the client
-     * certificate to an attacker that does not have a valid cert for the
-     * domain we are connecting to.
-     *
-     * XXX: We should do the same for the NPN extension, but for that we
-     * need an option to give the application the ability to leak the NPN
-     * information to get better performance.
-     *
-     * During the initial handshake on a connection, we never send/receive
-     * application data until we have authenticated the server's certificate;
-     * i.e. we have fully authenticated the handshake before using the cipher
-     * specs agreed upon for that handshake. During a renegotiation, we may
-     * continue sending and receiving application data during the handshake
-     * interleaved with the handshake records. If we were to send the client's
-     * second round for a renegotiation before the server's certificate was
-     * authenticated, then the application data sent/received after this point
-     * would be using cipher spec that hadn't been authenticated. By waiting
-     * until the server's certificate has been authenticated during
-     * renegotiations, we ensure that renegotiations have the same property
-     * as initial handshakes; i.e. we have fully authenticated the handshake
-     * before using the cipher specs agreed upon for that handshake for
-     * application data.
-     */
-    if (ss->ssl3.hs.restartTarget) {
-        PR_NOT_REACHED("unexpected ss->ssl3.hs.restartTarget");
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        return SECFailure;
-    }
-    if (ss->ssl3.hs.authCertificatePending &&
-        (sendClientCert || ss->ssl3.sendEmptyCert || ss->firstHsDone)) {
-        SSL_TRC(3, ("%d: SSL3[%p]: deferring ssl3_SendClientSecondRound because"
-                    " certificate authentication is still pending.",
-                    SSL_GETPID(), ss->fd));
-        ss->ssl3.hs.restartTarget = ssl3_SendClientSecondRound;
-        return SECWouldBlock;
-    }
-
-    ssl_GetXmitBufLock(ss); /*******************************/
-
-    if (ss->ssl3.sendEmptyCert) {
-        ss->ssl3.sendEmptyCert = PR_FALSE;
-        rv = ssl3_SendEmptyCertificate(ss);
-        /* Don't send verify */
-        if (rv != SECSuccess) {
-            goto loser; /* error code is set. */
-        }
-    } else if (sendClientCert) {
-        rv = ssl3_SendCertificate(ss);
-        if (rv != SECSuccess) {
-            goto loser; /* error code is set. */
-        }
-    }
-
-    rv = ssl3_SendClientKeyExchange(ss);
-    if (rv != SECSuccess) {
-        goto loser; /* err is set. */
-    }
-
-    if (sendClientCert) {
-        rv = ssl3_SendCertificateVerify(ss, ss->ssl3.clientPrivateKey);
-        SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
-        ss->ssl3.clientPrivateKey = NULL;
-        if (rv != SECSuccess) {
-            goto loser; /* err is set. */
-        }
-    }
-
-    rv = ssl3_SendChangeCipherSpecs(ss);
-    if (rv != SECSuccess) {
-        goto loser; /* err code was set. */
-    }
-
-    /* This must be done after we've set ss->ssl3.cwSpec in
-     * ssl3_SendChangeCipherSpecs because SSL_GetChannelInfo uses information
-     * from cwSpec. This must be done before we call ssl3_CheckFalseStart
-     * because the false start callback (if any) may need the information from
-     * the functions that depend on this being set.
-     */
-    ss->enoughFirstHsDone = PR_TRUE;
-
-    if (!ss->firstHsDone) {
-        /* XXX: If the server's certificate hasn't been authenticated by this
-         * point, then we may be leaking this NPN message to an attacker.
-         */
-        rv = ssl3_SendNextProto(ss);
-        if (rv != SECSuccess) {
-            goto loser; /* err code was set. */
-        }
-    }
-
-    rv = ssl3_SendChannelIDEncryptedExtensions(ss);
-    if (rv != SECSuccess) {
-        goto loser; /* err code was set. */
-    }
-
-    if (!ss->firstHsDone) {
-        if (ss->opt.enableFalseStart) {
-            if (!ss->ssl3.hs.authCertificatePending) {
-                /* When we fix bug 589047, we will need to know whether we are
-                 * false starting before we try to flush the client second
-                 * round to the network. With that in mind, we purposefully
-                 * call ssl3_CheckFalseStart before calling ssl3_SendFinished,
-                 * which includes a call to ssl3_FlushHandshake, so that
-                 * no application develops a reliance on such flushing being
-                 * done before its false start callback is called.
-                 */
-                ssl_ReleaseXmitBufLock(ss);
-                rv = ssl3_CheckFalseStart(ss);
-                ssl_GetXmitBufLock(ss);
-                if (rv != SECSuccess) {
-                    goto loser;
-                }
-            } else {
-                /* The certificate authentication and the server's Finished
-                 * message are racing each other. If the certificate
-                 * authentication wins, then we will try to false start in
-                 * ssl3_AuthCertificateComplete.
-                 */
-                SSL_TRC(3, ("%d: SSL3[%p]: deferring false start check because"
-                            " certificate authentication is still pending.",
-                            SSL_GETPID(), ss->fd));
-            }
-        }
-    }
-
-    rv = ssl3_SendFinished(ss, 0);
-    if (rv != SECSuccess) {
-        goto loser; /* err code was set. */
-    }
-
-    ssl_ReleaseXmitBufLock(ss); /*******************************/
-
-    if (!ss->ssl3.hs.isResuming &&
-        ssl3_ExtensionNegotiated(ss, ssl_channel_id_xtn)) {
-        /* If we are negotiating ChannelID on a full handshake then we record
-         * the handshake hashes in |sid| at this point. They will be needed in
-         * the event that we resume this session and use ChannelID on the
-         * resumption handshake. */
-        SSL3Hashes hashes;
-        SECItem *originalHandshakeHash =
-            &ss->sec.ci.sid->u.ssl3.originalHandshakeHash;
-        PORT_Assert(ss->sec.ci.sid->cached == never_cached);
-
-        ssl_GetSpecReadLock(ss);
-        PORT_Assert(ss->version > SSL_LIBRARY_VERSION_3_0);
-        rv = ssl3_ComputeHandshakeHashes(ss, ss->ssl3.cwSpec, &hashes, 0);
-        ssl_ReleaseSpecReadLock(ss);
-        if (rv != SECSuccess) {
-            return rv;
-        }
-
-        PORT_Assert(originalHandshakeHash->len == 0);
-        originalHandshakeHash->data = PORT_Alloc(hashes.len);
-        if (!originalHandshakeHash->data)
-            return SECFailure;
-        originalHandshakeHash->len = hashes.len;
-        memcpy(originalHandshakeHash->data, hashes.u.raw, hashes.len);
-    }
-
-    if (ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn))
-        ss->ssl3.hs.ws = wait_new_session_ticket;
-    else
-        ss->ssl3.hs.ws = wait_change_cipher;
-
-    PORT_Assert(ssl3_WaitingForServerSecondRound(ss));
-
-    return SECSuccess;
-
-loser:
-    ssl_ReleaseXmitBufLock(ss);
-    return rv;
-}
-
-/*
- * Routines used by servers
- */
-static SECStatus
-ssl3_SendHelloRequest(sslSocket *ss)
-{
-    SECStatus rv;
-
-    SSL_TRC(3, ("%d: SSL3[%d]: send hello_request handshake", SSL_GETPID(),
-                ss->fd));
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
-
-    rv = ssl3_AppendHandshakeHeader(ss, hello_request, 0);
-    if (rv != SECSuccess) {
-        return rv; /* err set by AppendHandshake */
-    }
-    rv = ssl3_FlushHandshake(ss, 0);
-    if (rv != SECSuccess) {
-        return rv; /* error code set by ssl3_FlushHandshake */
-    }
-    ss->ssl3.hs.ws = wait_client_hello;
-    return SECSuccess;
-}
-
-/*
- * Called from:
- *  ssl3_HandleClientHello()
- */
-static SECComparison
-ssl3_ServerNameCompare(const SECItem *name1, const SECItem *name2)
-{
-    if (!name1 != !name2) {
-        return SECLessThan;
-    }
-    if (!name1) {
-        return SECEqual;
-    }
-    if (name1->type != name2->type) {
-        return SECLessThan;
-    }
-    return SECITEM_CompareItem(name1, name2);
-}
-
-/* Sets memory error when returning NULL.
- * Called from:
- *  ssl3_SendClientHello()
- *  ssl3_HandleServerHello()
- *  ssl3_HandleClientHello()
- *  ssl3_HandleV2ClientHello()
- */
-sslSessionID *
-ssl3_NewSessionID(sslSocket *ss, PRBool is_server)
-{
-    sslSessionID *sid;
-
-    sid = PORT_ZNew(sslSessionID);
-    if (sid == NULL)
-        return sid;
-
-    if (is_server) {
-        const SECItem *srvName;
-        SECStatus rv = SECSuccess;
-
-        ssl_GetSpecReadLock(ss); /********************************/
-        srvName = &ss->ssl3.prSpec->srvVirtName;
-        if (srvName->len && srvName->data) {
-            rv = SECITEM_CopyItem(NULL, &sid->u.ssl3.srvName, srvName);
-        }
-        ssl_ReleaseSpecReadLock(ss); /************************************/
-        if (rv != SECSuccess) {
-            PORT_Free(sid);
-            return NULL;
-        }
-    }
-    sid->peerID = (ss->peerID == NULL) ? NULL : PORT_Strdup(ss->peerID);
-    sid->urlSvrName = (ss->url == NULL) ? NULL : PORT_Strdup(ss->url);
-    sid->addr = ss->sec.ci.peer;
-    sid->port = ss->sec.ci.port;
-    sid->references = 1;
-    sid->cached = never_cached;
-    sid->version = ss->version;
-
-    sid->u.ssl3.keys.resumable = PR_TRUE;
-    sid->u.ssl3.policy = SSL_ALLOWED;
-    sid->u.ssl3.clientWriteKey = NULL;
-    sid->u.ssl3.serverWriteKey = NULL;
-    sid->u.ssl3.keys.extendedMasterSecretUsed = PR_FALSE;
-
-    if (is_server) {
-        SECStatus rv;
-        int pid = SSL_GETPID();
-
-        sid->u.ssl3.sessionIDLength = SSL3_SESSIONID_BYTES;
-        sid->u.ssl3.sessionID[0] = (pid >> 8) & 0xff;
-        sid->u.ssl3.sessionID[1] = pid & 0xff;
-        rv = PK11_GenerateRandom(sid->u.ssl3.sessionID + 2,
-                                 SSL3_SESSIONID_BYTES - 2);
-        if (rv != SECSuccess) {
-            ssl_FreeSID(sid);
-            ssl_MapLowLevelError(SSL_ERROR_GENERATE_RANDOM_FAILURE);
-            return NULL;
-        }
-    }
-    return sid;
-}
-
-/* Called from:  ssl3_HandleClientHello, ssl3_HandleV2ClientHello */
-static SECStatus
-ssl3_SendServerHelloSequence(sslSocket *ss)
-{
-    const ssl3KEADef *kea_def;
-    SECStatus rv;
-
-    SSL_TRC(3, ("%d: SSL3[%d]: begin send server_hello sequence",
-                SSL_GETPID(), ss->fd));
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
-
-    rv = ssl3_SendServerHello(ss);
-    if (rv != SECSuccess) {
-        return rv; /* err code is set. */
-    }
-    rv = ssl3_SendCertificate(ss);
-    if (rv != SECSuccess) {
-        return rv; /* error code is set. */
-    }
-    rv = ssl3_SendCertificateStatus(ss);
-    if (rv != SECSuccess) {
-        return rv; /* error code is set. */
-    }
-    /* We have to do this after the call to ssl3_SendServerHello,
-     * because kea_def is set up by ssl3_SendServerHello().
-     */
-    kea_def = ss->ssl3.hs.kea_def;
-    ss->ssl3.hs.usedStepDownKey = PR_FALSE;
-
-    if (kea_def->is_limited && kea_def->exchKeyType == kt_rsa) {
-        /* see if we can legally use the key in the cert. */
-        unsigned int keyLen; /* bytes */
-
-        keyLen = PK11_GetPrivateModulusLen(
-            ss->serverCerts[kea_def->exchKeyType].SERVERKEY);
-
-        if (keyLen > 0 &&
-            keyLen * BPB <= kea_def->key_size_limit) {
-            /* XXX AND cert is not signing only!! */
-            /* just fall through and use it. */
-        } else if (ss->stepDownKeyPair != NULL) {
-            ss->ssl3.hs.usedStepDownKey = PR_TRUE;
-            rv = ssl3_SendServerKeyExchange(ss);
-            if (rv != SECSuccess) {
-                return rv; /* err code was set. */
-            }
-        } else {
-#ifndef HACKED_EXPORT_SERVER
-            PORT_SetError(SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED);
-            return rv;
-#endif
-        }
-    } else if (kea_def->ephemeral) {
-        rv = ssl3_SendServerKeyExchange(ss);
-        if (rv != SECSuccess) {
-            return rv; /* err code was set. */
-        }
-    }
-
-    if (ss->opt.requestCertificate) {
-        rv = ssl3_SendCertificateRequest(ss);
-        if (rv != SECSuccess) {
-            return rv; /* err code is set. */
-        }
-    }
-    rv = ssl3_SendServerHelloDone(ss);
-    if (rv != SECSuccess) {
-        return rv; /* err code is set. */
-    }
-
-    ss->ssl3.hs.ws = (ss->opt.requestCertificate) ? wait_client_cert
-                                                  : wait_client_key;
-    return SECSuccess;
-}
-
-/* An empty TLS Renegotiation Info (RI) extension */
-static const PRUint8 emptyRIext[5] = { 0xff, 0x01, 0x00, 0x01, 0x00 };
-
-static PRBool
-ssl3_KEAAllowsSessionTicket(SSL3KeyExchangeAlgorithm kea)
-{
-    switch (kea) {
-        case kea_dhe_dss:
-        case kea_dhe_dss_export:
-        case kea_dh_dss_export:
-        case kea_dh_dss:
-            /* TODO: Fix session tickets for DSS. The server code rejects the
-             * session ticket received from the client. Bug 1174677 */
-            return PR_FALSE;
-        default:
-            return PR_TRUE;
-    };
-}
-
-static void
-ssl3_CopyPeerCertsFromSID(sslSocket *ss, sslSessionID *sid)
-{
-    PLArenaPool *arena;
-    ssl3CertNode *lastCert = NULL;
-    ssl3CertNode *certs = NULL;
-    int i;
-
-    if (!sid->peerCertChain[0])
-        return;
-    PORT_Assert(!ss->ssl3.peerCertArena);
-    PORT_Assert(!ss->ssl3.peerCertChain);
-    ss->ssl3.peerCertArena = arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-    for (i = 0; i < MAX_PEER_CERT_CHAIN_SIZE && sid->peerCertChain[i]; i++) {
-        ssl3CertNode *c = PORT_ArenaNew(arena, ssl3CertNode);
-        c->cert = CERT_DupCertificate(sid->peerCertChain[i]);
-        c->next = NULL;
-        if (lastCert) {
-            lastCert->next = c;
-        } else {
-            certs = c;
-        }
-        lastCert = c;
-    }
-    ss->ssl3.peerCertChain = certs;
-}
-
-static void
-ssl3_CopyPeerCertsToSID(ssl3CertNode *certs, sslSessionID *sid)
-{
-    int i = 0;
-    ssl3CertNode *c = certs;
-    for (; i < MAX_PEER_CERT_CHAIN_SIZE && c; i++, c = c->next) {
-        PORT_Assert(!sid->peerCertChain[i]);
-        sid->peerCertChain[i] = CERT_DupCertificate(c->cert);
-    }
-}
-
-/* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
- * ssl3 Client Hello message.
- * Caller must hold Handshake and RecvBuf locks.
- */
-static SECStatus
-ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
-{
-    sslSessionID *sid = NULL;
-    PRInt32 tmp;
-    unsigned int i;
-    int j;
-    SECStatus rv;
-    int errCode = SSL_ERROR_RX_MALFORMED_CLIENT_HELLO;
-    SSL3AlertDescription desc = illegal_parameter;
-    SSL3AlertLevel level = alert_fatal;
-    SSL3ProtocolVersion version;
-    SECItem sidBytes = { siBuffer, NULL, 0 };
-    SECItem cookieBytes = { siBuffer, NULL, 0 };
-    SECItem suites = { siBuffer, NULL, 0 };
-    SECItem comps = { siBuffer, NULL, 0 };
-    PRBool haveSpecWriteLock = PR_FALSE;
-    PRBool haveXmitBufLock = PR_FALSE;
-    PRBool canOfferSessionTicket = PR_FALSE;
-    PRBool isTLS13 = PR_FALSE;
-
-    SSL_TRC(3, ("%d: SSL3[%d]: handle client_hello handshake",
-                SSL_GETPID(), ss->fd));
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-    PORT_Assert(ss->ssl3.initialized);
-    ss->ssl3.hs.preliminaryInfo = 0;
-
-    if (!ss->sec.isServer ||
-        (ss->ssl3.hs.ws != wait_client_hello &&
-         ss->ssl3.hs.ws != idle_handshake)) {
-        desc = unexpected_message;
-        errCode = SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO;
-        goto alert_loser;
-    }
-    if (ss->ssl3.hs.ws == idle_handshake) {
-        if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
-            desc = unexpected_message;
-            errCode = SSL_ERROR_RENEGOTIATION_NOT_ALLOWED;
-            goto alert_loser;
-        }
-        if (ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER) {
-            desc = no_renegotiation;
-            level = alert_warning;
-            errCode = SSL_ERROR_RENEGOTIATION_NOT_ALLOWED;
-            goto alert_loser;
-        }
-    }
-
-    /* Get peer name of client */
-    rv = ssl_GetPeerInfo(ss);
-    if (rv != SECSuccess) {
-        return rv; /* error code is set. */
-    }
-
-    /* Clearing the handshake pointers so that ssl_Do1stHandshake won't
-     * call ssl2_HandleMessage.
-     *
-     * The issue here is that TLS ordinarily starts out in
-     * ssl2_HandleV3HandshakeRecord() because of the backward-compatibility
-     * code paths. That function zeroes these next pointers. But with DTLS,
-     * we don't even try to do the v2 ClientHello so we skip that function
-     * and need to reset these values here.
-     */
-    if (IS_DTLS(ss)) {
-        ss->nextHandshake = 0;
-        ss->securityHandshake = 0;
-    }
-
-    /* We might be starting session renegotiation in which case we should
-     * clear previous state.
-     */
-    PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData));
-    ss->statelessResume = PR_FALSE;
-
-    if (IS_DTLS(ss)) {
-        dtls_RehandshakeCleanup(ss);
-    }
-
-    tmp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
-    if (tmp < 0)
-        goto loser; /* malformed, alert already sent */
-
-    /* Translate the version */
-    if (IS_DTLS(ss)) {
-        ss->clientHelloVersion = version =
-            dtls_DTLSVersionToTLSVersion((SSL3ProtocolVersion)tmp);
-    } else {
-        ss->clientHelloVersion = version = (SSL3ProtocolVersion)tmp;
-    }
-
-    rv = ssl3_NegotiateVersion(ss, version, PR_TRUE);
-    if (rv != SECSuccess) {
-        desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version
-                                                   : handshake_failure;
-        errCode = SSL_ERROR_UNSUPPORTED_VERSION;
-        goto alert_loser;
-    }
-    isTLS13 = ss->version >= SSL_LIBRARY_VERSION_TLS_1_3;
-    ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_version;
-
-    rv = ssl3_InitHandshakeHashes(ss);
-    if (rv != SECSuccess) {
-        desc = internal_error;
-        errCode = PORT_GetError();
-        goto alert_loser;
-    }
-
-    /* Generate the Server Random now so it is available
-     * when we process the ClientKeyShare in TLS 1.3 */
-    rv = ssl3_GetNewRandom(&ss->ssl3.hs.server_random);
-    if (rv != SECSuccess) {
-        errCode = SSL_ERROR_GENERATE_RANDOM_FAILURE;
-        goto loser;
-    }
-
-    /*
-     * [draft-ietf-tls-tls13-11 Section 6.3.1.1].
-     * TLS 1.3 server implementations which respond to a ClientHello with a
-     * client_version indicating TLS 1.2 or below MUST set the first eight
-     * bytes of their Random value to the bytes:
-     *
-     * 44 4F 57 4E 47 52 44 01
-     *
-     * TLS 1.2 server implementations which respond to a ClientHello with a
-     * client_version indicating TLS 1.1 or below SHOULD set the first eight
-     * bytes of their Random value to the bytes:
-     *
-     * 44 4F 57 4E 47 52 44 00
-     *
-     * TODO(ekr@rtfm.com): Note this change was not added in the SSLv2
-     * compat processing code since that will most likely be removed before
-     * we ship the final version of TLS 1.3.
-     */
-    if (ss->vrange.max > ss->version) {
-        switch (ss->vrange.max) {
-            case SSL_LIBRARY_VERSION_TLS_1_3:
-                PORT_Memcpy(ss->ssl3.hs.server_random.rand,
-                            tls13_downgrade_random,
-                            sizeof(tls13_downgrade_random));
-                break;
-            case SSL_LIBRARY_VERSION_TLS_1_2:
-                PORT_Memcpy(ss->ssl3.hs.server_random.rand,
-                            tls12_downgrade_random,
-                            sizeof(tls12_downgrade_random));
-                break;
-            default:
-                /* Do not change random. */
-                break;
-        }
-    }
-
-    /* grab the client random data. */
-    rv = ssl3_ConsumeHandshake(
-        ss, &ss->ssl3.hs.client_random, SSL3_RANDOM_LENGTH, &b, &length);
-    if (rv != SECSuccess) {
-        goto loser; /* malformed */
-    }
-
-    /* grab the client's SID, if present. */
-    rv = ssl3_ConsumeHandshakeVariable(ss, &sidBytes, 1, &b, &length);
-    if (rv != SECSuccess) {
-        goto loser; /* malformed */
-    }
-
-    /* grab the client's cookie, if present. */
-    if (IS_DTLS(ss)) {
-        rv = ssl3_ConsumeHandshakeVariable(ss, &cookieBytes, 1, &b, &length);
-        if (rv != SECSuccess) {
-            goto loser; /* malformed */
-        }
-    }
-
-    /* grab the list of cipher suites. */
-    rv = ssl3_ConsumeHandshakeVariable(ss, &suites, 2, &b, &length);
-    if (rv != SECSuccess) {
-        goto loser; /* malformed */
-    }
-
-    /* If the ClientHello version is less than our maximum version, check for a
-     * TLS_FALLBACK_SCSV and reject the connection if found. */
-    if (ss->vrange.max > ss->clientHelloVersion) {
-        for (i = 0; i + 1 < suites.len; i += 2) {
-            PRUint16 suite_i = (suites.data[i] << 8) | suites.data[i + 1];
-            if (suite_i != TLS_FALLBACK_SCSV)
-                continue;
-            desc = inappropriate_fallback;
-            errCode = SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT;
-            goto alert_loser;
-        }
-    }
-
-    /* grab the list of compression methods. */
-    rv = ssl3_ConsumeHandshakeVariable(ss, &comps, 1, &b, &length);
-    if (rv != SECSuccess) {
-        goto loser; /* malformed */
-    }
-
-    /* TLS 1.3 requires that compression be empty */
-    if (isTLS13) {
-        if (comps.len != 1 || comps.data[0] != ssl_compression_null) {
-            goto loser;
-        }
-    }
-    desc = handshake_failure;
-
-    /* Handle TLS hello extensions for SSL3 & TLS. We do not know if
-     * we are restarting a previous session until extensions have been
-     * parsed, since we might have received a SessionTicket extension.
-     * Note: we allow extensions even when negotiating SSL3 for the sake
-     * of interoperability (and backwards compatibility).
-     */
-
-    if (length) {
-        /* Get length of hello extensions */
-        PRInt32 extension_length;
-        extension_length = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
-        if (extension_length < 0) {
-            goto loser; /* alert already sent */
-        }
-        if (extension_length != length) {
-            ssl3_DecodeError(ss); /* send alert */
-            goto loser;
-        }
-        rv = ssl3_HandleHelloExtensions(ss, &b, &length, client_hello);
-        if (rv != SECSuccess) {
-            goto loser; /* malformed */
-        }
-    }
-    if (!ssl3_ExtensionNegotiated(ss, ssl_renegotiation_info_xtn)) {
-        /* If we didn't receive an RI extension, look for the SCSV,
-         * and if found, treat it just like an empty RI extension
-         * by processing a local copy of an empty RI extension.
-         */
-        for (i = 0; i + 1 < suites.len; i += 2) {
-            PRUint16 suite_i = (suites.data[i] << 8) | suites.data[i + 1];
-            if (suite_i == TLS_EMPTY_RENEGOTIATION_INFO_SCSV) {
-                SSL3Opaque *b2 = (SSL3Opaque *)emptyRIext;
-                PRUint32 L2 = sizeof emptyRIext;
-                (void)ssl3_HandleHelloExtensions(ss, &b2, &L2, client_hello);
-                break;
-            }
-        }
-    }
-    if (ss->firstHsDone &&
-        (ss->opt.enableRenegotiation == SSL_RENEGOTIATE_REQUIRES_XTN ||
-         ss->opt.enableRenegotiation == SSL_RENEGOTIATE_TRANSITIONAL) &&
-        !ssl3_ExtensionNegotiated(ss, ssl_renegotiation_info_xtn)) {
-        desc = no_renegotiation;
-        level = alert_warning;
-        errCode = SSL_ERROR_RENEGOTIATION_NOT_ALLOWED;
-        goto alert_loser;
-    }
-    if ((ss->opt.requireSafeNegotiation ||
-         (ss->firstHsDone && ss->peerRequestedProtection)) &&
-        !ssl3_ExtensionNegotiated(ss, ssl_renegotiation_info_xtn)) {
-        desc = handshake_failure;
-        errCode = SSL_ERROR_UNSAFE_NEGOTIATION;
-        goto alert_loser;
-    }
-
-    /* We do stateful resumes only if either of the following
-     * conditions are satisfied: (1) the client does not support the
-     * session ticket extension, or (2) the client support the session
-     * ticket extension, but sent an empty ticket.
-     */
-    if (!ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn) ||
-        ss->xtnData.emptySessionTicket) {
-        if (sidBytes.len > 0 && !ss->opt.noCache) {
-            SSL_TRC(7, ("%d: SSL3[%d]: server, lookup client session-id for 0x%08x%08x%08x%08x",
-                        SSL_GETPID(), ss->fd, ss->sec.ci.peer.pr_s6_addr32[0],
-                        ss->sec.ci.peer.pr_s6_addr32[1],
-                        ss->sec.ci.peer.pr_s6_addr32[2],
-                        ss->sec.ci.peer.pr_s6_addr32[3]));
-            if (ssl_sid_lookup) {
-                sid = (*ssl_sid_lookup)(&ss->sec.ci.peer, sidBytes.data,
-                                        sidBytes.len, ss->dbHandle);
-            } else {
-                errCode = SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED;
-                goto loser;
-            }
-        }
-    } else if (ss->statelessResume) {
-        /* Fill in the client's session ID if doing a stateless resume.
-         * (When doing stateless resumes, server echos client's SessionID.)
-         */
-        sid = ss->sec.ci.sid;
-        PORT_Assert(sid != NULL); /* Should have already been filled in.*/
-
-        if (sidBytes.len > 0 && sidBytes.len <= SSL3_SESSIONID_BYTES) {
-            sid->u.ssl3.sessionIDLength = sidBytes.len;
-            PORT_Memcpy(sid->u.ssl3.sessionID, sidBytes.data,
-                        sidBytes.len);
-            sid->u.ssl3.sessionIDLength = sidBytes.len;
-        } else {
-            sid->u.ssl3.sessionIDLength = 0;
-        }
-        ss->sec.ci.sid = NULL;
-    }
-
-    /* We only send a session ticket extension if the client supports
-     * the extension and we are unable to do either a stateful or
-     * stateless resume.
-     *
-     * TODO: send a session ticket if performing a stateful
-     * resumption.  (As per RFC4507, a server may issue a session
-     * ticket while doing a (stateless or stateful) session resume,
-     * but OpenSSL-0.9.8g does not accept session tickets while
-     * resuming.)
-     */
-    if (ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn) && sid == NULL) {
-        canOfferSessionTicket = PR_TRUE;
-    }
-
-    if (sid != NULL) {
-        /* We've found a session cache entry for this client.
-         * Now, if we're going to require a client-auth cert,
-         * and we don't already have this client's cert in the session cache,
-         * and this is the first handshake on this connection (not a redo),
-         * then drop this old cache entry and start a new session.
-         */
-        if ((sid->peerCert == NULL) && ss->opt.requestCertificate &&
-            ((ss->opt.requireCertificate == SSL_REQUIRE_ALWAYS) ||
-             (ss->opt.requireCertificate == SSL_REQUIRE_NO_ERROR) ||
-             ((ss->opt.requireCertificate == SSL_REQUIRE_FIRST_HANDSHAKE) &&
-              !ss->firstHsDone))) {
-
-            SSL_AtomicIncrementLong(&ssl3stats.hch_sid_cache_not_ok);
-            if (ss->sec.uncache)
-                ss->sec.uncache(sid);
-            ssl_FreeSID(sid);
-            sid = NULL;
-        }
-    }
-
-#ifndef NSS_DISABLE_ECC
-    /* Disable any ECC cipher suites for which we have no cert. */
-    ssl3_FilterECCipherSuitesByServerCerts(ss);
-#endif
-
-    if (IS_DTLS(ss)) {
-        ssl3_DisableNonDTLSSuites(ss);
-    }
-
-#ifdef PARANOID
-    /* Look for a matching cipher suite. */
-    j = ssl3_config_match_init(ss);
-    if (j <= 0) {                  /* no ciphers are working/supported by PK11 */
-        errCode = PORT_GetError(); /* error code is already set. */
-        goto alert_loser;
-    }
-#endif
-
-    /* If we already have a session for this client, be sure to pick the
-    ** same cipher suite and compression method we picked before.
-    ** This is not a loop, despite appearances.
-    */
-    if (sid)
-        do {
-            ssl3CipherSuiteCfg *suite;
-#ifdef PARANOID
-            SSLVersionRange vrange = { ss->version, ss->version };
-#endif
-
-            /* Check that the cached compression method is still enabled. */
-            if (!compressionEnabled(ss, sid->u.ssl3.compression))
-                break;
-
-            /* Check that the cached compression method is in the client's list */
-            for (i = 0; i < comps.len; i++) {
-                if (comps.data[i] == sid->u.ssl3.compression)
-                    break;
-            }
-            if (i == comps.len)
-                break;
-
-            suite = ss->cipherSuites;
-            /* Find the entry for the cipher suite used in the cached session. */
-            for (j = ssl_V3_SUITES_IMPLEMENTED; j > 0; --j, ++suite) {
-                if (suite->cipher_suite == sid->u.ssl3.cipherSuite)
-                    break;
-            }
-            PORT_Assert(j > 0);
-            if (j <= 0)
-                break;
-#ifdef PARANOID
-            /* Double check that the cached cipher suite is still enabled,
-             * implemented, and allowed by policy.  Might have been disabled.
-             * The product policy won't change during the process lifetime.
-             * Implemented ("isPresent") shouldn't change for servers.
-             */
-            if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange, ss))
-                break;
-#else
-            if (!suite->enabled)
-                break;
-#endif
-            /* Double check that the cached cipher suite is in the client's list */
-            for (i = 0; i + 1 < suites.len; i += 2) {
-                PRUint16 suite_i = (suites.data[i] << 8) | suites.data[i + 1];
-                if (suite_i == suite->cipher_suite) {
-                    ss->ssl3.hs.cipher_suite =
-                        suite->cipher_suite;
-                    ss->ssl3.hs.suite_def =
-                        ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite);
-                    ss->ssl3.hs.kea_def =
-                        &kea_defs[ss->ssl3.hs.suite_def->key_exchange_alg];
-                    ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_cipher_suite;
-
-                    /* Use the cached compression method. */
-                    ss->ssl3.hs.compression =
-                        sid->u.ssl3.compression;
-                    goto compression_found;
-                }
-            }
-        } while (0);
-
-/* START A NEW SESSION */
-
-#ifndef PARANOID
-    /* Look for a matching cipher suite. */
-    j = ssl3_config_match_init(ss);
-    if (j <= 0) {                  /* no ciphers are working/supported by PK11 */
-        errCode = PORT_GetError(); /* error code is already set. */
-        goto alert_loser;
-    }
-#endif
-
-    /* Select a cipher suite.
-    **
-    ** NOTE: This suite selection algorithm should be the same as the one in
-    ** ssl3_HandleV2ClientHello().
-    **
-    ** If TLS 1.0 is enabled, we could handle the case where the client
-    ** offered TLS 1.1 but offered only export cipher suites by choosing TLS
-    ** 1.0 and selecting one of those export cipher suites. However, a secure
-    ** TLS 1.1 client should not have export cipher suites enabled at all,
-    ** and a TLS 1.1 client should definitely not be offering *only* export
-    ** cipher suites. Therefore, we refuse to negotiate export cipher suites
-    ** with any client that indicates support for TLS 1.1 or higher when we
-    ** (the server) have TLS 1.1 support enabled.
-    */
-    for (j = 0; j < ssl_V3_SUITES_IMPLEMENTED; j++) {
-        ssl3CipherSuiteCfg *suite = &ss->cipherSuites[j];
-        SSLVersionRange vrange = { ss->version, ss->version };
-        if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange, ss)) {
-            continue;
-        }
-        for (i = 0; i + 1 < suites.len; i += 2) {
-            PRUint16 suite_i = (suites.data[i] << 8) | suites.data[i + 1];
-            if (suite_i == suite->cipher_suite) {
-                ss->ssl3.hs.cipher_suite = suite->cipher_suite;
-                ss->ssl3.hs.suite_def =
-                    ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite);
-                ss->ssl3.hs.kea_def =
-                    &kea_defs[ss->ssl3.hs.suite_def->key_exchange_alg];
-                ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_cipher_suite;
-                goto suite_found;
-            }
-        }
-    }
-    errCode = SSL_ERROR_NO_CYPHER_OVERLAP;
-    goto alert_loser;
-
-suite_found:
-    if (canOfferSessionTicket)
-        canOfferSessionTicket = ssl3_KEAAllowsSessionTicket(
-            ss->ssl3.hs.suite_def->key_exchange_alg);
-
-    if (canOfferSessionTicket) {
-        ssl3_RegisterServerHelloExtensionSender(ss,
-                                                ssl_session_ticket_xtn, ssl3_SendSessionTicketXtn);
-    }
-
-    /* Select a compression algorithm. */
-    for (i = 0; i < comps.len; i++) {
-        if (!compressionEnabled(ss, comps.data[i]))
-            continue;
-        for (j = 0; j < compressionMethodsCount; j++) {
-            if (comps.data[i] == compressions[j]) {
-                ss->ssl3.hs.compression =
-                    (SSLCompressionMethod)compressions[j];
-                goto compression_found;
-            }
-        }
-    }
-    errCode = SSL_ERROR_NO_COMPRESSION_OVERLAP;
-    /* null compression must be supported */
-    goto alert_loser;
-
-compression_found:
-    suites.data = NULL;
-    comps.data = NULL;
-
-    ss->sec.send = ssl3_SendApplicationData;
-
-    /* If there are any failures while processing the old sid,
-     * we don't consider them to be errors.  Instead, We just behave
-     * as if the client had sent us no sid to begin with, and make a new one.
-     * The exception here is attempts to resume extended_master_secret
-     * sessions without the extension, which causes an alert.
-     */
-    if (sid != NULL)
-        do {
-            ssl3CipherSpec *pwSpec;
-            SECItem wrappedMS; /* wrapped key */
-
-            if (sid->version != ss->version ||
-                sid->u.ssl3.cipherSuite != ss->ssl3.hs.cipher_suite ||
-                sid->u.ssl3.compression != ss->ssl3.hs.compression) {
-                break; /* not an error */
-            }
-
-            /* [draft-ietf-tls-session-hash-06; Section 5.3]
-             * o  If the original session did not use the "extended_master_secret"
-             *    extension but the new ClientHello contains the extension, then the
-             *    server MUST NOT perform the abbreviated handshake.  Instead, it
-             *    SHOULD continue with a full handshake (as described in
-             *    Section 5.2) to negotiate a new session.
-             *
-             * o  If the original session used the "extended_master_secret"
-             *    extension but the new ClientHello does not contain the extension,
-             *    the server MUST abort the abbreviated handshake.
-             */
-            if (ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn)) {
-                if (!sid->u.ssl3.keys.extendedMasterSecretUsed) {
-                    break; /* not an error */
-                }
-            } else {
-                if (sid->u.ssl3.keys.extendedMasterSecretUsed) {
-                    /* Note: we do not destroy the session */
-                    desc = handshake_failure;
-                    errCode = SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET;
-                    goto alert_loser;
-                }
-            }
-
-            if (ss->sec.ci.sid) {
-                if (ss->sec.uncache)
-                    ss->sec.uncache(ss->sec.ci.sid);
-                PORT_Assert(ss->sec.ci.sid != sid); /* should be impossible, but ... */
-                if (ss->sec.ci.sid != sid) {
-                    ssl_FreeSID(ss->sec.ci.sid);
-                }
-                ss->sec.ci.sid = NULL;
-            }
-            /* we need to resurrect the master secret.... */
-
-            ssl_GetSpecWriteLock(ss);
-            haveSpecWriteLock = PR_TRUE;
-            pwSpec = ss->ssl3.pwSpec;
-            if (sid->u.ssl3.keys.msIsWrapped) {
-                PK11SymKey *wrapKey; /* wrapping key */
-                CK_FLAGS keyFlags = 0;
-#ifndef NO_PKCS11_BYPASS
-                if (ss->opt.bypassPKCS11) {
-                    /* we cannot restart a non-bypass session in a
-                    ** bypass socket.
-                    */
-                    break;
-                }
-#endif
-
-                wrapKey = getWrappingKey(ss, NULL, sid->u.ssl3.exchKeyType,
-                                         sid->u.ssl3.masterWrapMech,
-                                         ss->pkcs11PinArg);
-                if (!wrapKey) {
-                    /* we have a SID cache entry, but no wrapping key for it??? */
-                    break;
-                }
-
-                if (ss->version > SSL_LIBRARY_VERSION_3_0) { /* isTLS */
-                    keyFlags =
-                        CKF_SIGN | CKF_VERIFY;
-                }
-
-                wrappedMS.data = sid->u.ssl3.keys.wrapped_master_secret;
-                wrappedMS.len = sid->u.ssl3.keys.wrapped_master_secret_len;
-
-                /* unwrap the master secret. */
-                pwSpec->master_secret =
-                    PK11_UnwrapSymKeyWithFlags(wrapKey, sid->u.ssl3.masterWrapMech,
-                                               NULL, &wrappedMS, CKM_SSL3_MASTER_KEY_DERIVE,
-                                               CKA_DERIVE, sizeof(SSL3MasterSecret), keyFlags);
-                PK11_FreeSymKey(wrapKey);
-                if (pwSpec->master_secret == NULL) {
-                    break; /* not an error */
-                }
-#ifndef NO_PKCS11_BYPASS
-            } else if (ss->opt.bypassPKCS11) {
-                wrappedMS.data = sid->u.ssl3.keys.wrapped_master_secret;
-                wrappedMS.len = sid->u.ssl3.keys.wrapped_master_secret_len;
-                memcpy(pwSpec->raw_master_secret, wrappedMS.data, wrappedMS.len);
-                pwSpec->msItem.data = pwSpec->raw_master_secret;
-                pwSpec->msItem.len = wrappedMS.len;
-#endif
-            } else {
-                /* We CAN restart a bypass session in a non-bypass socket. */
-                /* need to import the raw master secret to session object */
-                PK11SlotInfo *slot;
-                wrappedMS.data = sid->u.ssl3.keys.wrapped_master_secret;
-                wrappedMS.len = sid->u.ssl3.keys.wrapped_master_secret_len;
-                slot = PK11_GetInternalSlot();
-                pwSpec->master_secret =
-                    PK11_ImportSymKey(slot, CKM_SSL3_MASTER_KEY_DERIVE,
-                                      PK11_OriginUnwrap, CKA_ENCRYPT, &wrappedMS,
-                                      NULL);
-                PK11_FreeSlot(slot);
-                if (pwSpec->master_secret == NULL) {
-                    break; /* not an error */
-                }
-            }
-            ss->sec.ci.sid = sid;
-            if (sid->peerCert != NULL) {
-                ss->sec.peerCert = CERT_DupCertificate(sid->peerCert);
-                ssl3_CopyPeerCertsFromSID(ss, sid);
-            }
-
-            /*
-             * Old SID passed all tests, so resume this old session.
-             *
-             * XXX make sure compression still matches
-             */
-            SSL_AtomicIncrementLong(&ssl3stats.hch_sid_cache_hits);
-            if (ss->statelessResume)
-                SSL_AtomicIncrementLong(&ssl3stats.hch_sid_stateless_resumes);
-            ss->ssl3.hs.isResuming = PR_TRUE;
-
-            ss->sec.authAlgorithm = sid->authAlgorithm;
-            ss->sec.authKeyBits = sid->authKeyBits;
-            ss->sec.keaType = sid->keaType;
-            ss->sec.keaKeyBits = sid->keaKeyBits;
-
-            /* server sids don't remember the server cert we previously sent,
-            ** but they do remember the kea type we originally used, so we
-            ** can locate it again, provided that the current ssl socket
-            ** has had its server certs configured the same as the previous one.
-            */
-            ss->sec.localCert =
-                CERT_DupCertificate(ss->serverCerts[sid->keaType].serverCert);
-
-            /* Copy cached name in to pending spec */
-            if (sid != NULL &&
-                sid->version > SSL_LIBRARY_VERSION_3_0 &&
-                sid->u.ssl3.srvName.len && sid->u.ssl3.srvName.data) {
-                /* Set server name from sid */
-                SECItem *sidName = &sid->u.ssl3.srvName;
-                SECItem *pwsName = &ss->ssl3.pwSpec->srvVirtName;
-                if (pwsName->data) {
-                    SECITEM_FreeItem(pwsName, PR_FALSE);
-                }
-                rv = SECITEM_CopyItem(NULL, pwsName, sidName);
-                if (rv != SECSuccess) {
-                    errCode = PORT_GetError();
-                    desc = internal_error;
-                    goto alert_loser;
-                }
-            }
-
-            /* Clean up sni name array */
-            if (ssl3_ExtensionNegotiated(ss, ssl_server_name_xtn) &&
-                ss->xtnData.sniNameArr) {
-                PORT_Free(ss->xtnData.sniNameArr);
-                ss->xtnData.sniNameArr = NULL;
-                ss->xtnData.sniNameArrSize = 0;
-            }
-
-            ssl_GetXmitBufLock(ss);
-            haveXmitBufLock = PR_TRUE;
-
-            rv = ssl3_SendServerHello(ss);
-            if (rv != SECSuccess) {
-                errCode = PORT_GetError();
-                goto loser;
-            }
-
-            if (haveSpecWriteLock) {
-                ssl_ReleaseSpecWriteLock(ss);
-                haveSpecWriteLock = PR_FALSE;
-            }
-
-            /* NULL value for PMS because we are re-using the old MS */
-            rv = ssl3_InitPendingCipherSpec(ss, NULL);
-            if (rv != SECSuccess) {
-                errCode = PORT_GetError();
-                goto loser;
-            }
-
-            rv = ssl3_SendChangeCipherSpecs(ss);
-            if (rv != SECSuccess) {
-                errCode = PORT_GetError();
-                goto loser;
-            }
-            rv = ssl3_SendFinished(ss, 0);
-            ss->ssl3.hs.ws = wait_change_cipher;
-            if (rv != SECSuccess) {
-                errCode = PORT_GetError();
-                goto loser;
-            }
-
-            if (haveXmitBufLock) {
-                ssl_ReleaseXmitBufLock(ss);
-                haveXmitBufLock = PR_FALSE;
-            }
-
-            return SECSuccess;
-        } while (0);
-
-    if (haveSpecWriteLock) {
-        ssl_ReleaseSpecWriteLock(ss);
-        haveSpecWriteLock = PR_FALSE;
-    }
-
-    if (sid) { /* we had a sid, but it's no longer valid, free it */
-        SSL_AtomicIncrementLong(&ssl3stats.hch_sid_cache_not_ok);
-        if (ss->sec.uncache)
-            ss->sec.uncache(sid);
-        ssl_FreeSID(sid);
-        sid = NULL;
-    }
-    SSL_AtomicIncrementLong(&ssl3stats.hch_sid_cache_misses);
-
-    if (ssl3_ExtensionNegotiated(ss, ssl_server_name_xtn)) {
-        int ret = 0;
-        if (ss->sniSocketConfig)
-            do { /* not a loop */
-                PORT_Assert((ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) ==
-                            ssl_preinfo_all);
-
-                ret = SSL_SNI_SEND_ALERT;
-                /* If extension is negotiated, the len of names should > 0. */
-                if (ss->xtnData.sniNameArrSize) {
-                    /* Calling client callback to reconfigure the socket. */
-                    ret = (SECStatus)(*ss->sniSocketConfig)(ss->fd,
-                                                            ss->xtnData.sniNameArr,
-                                                            ss->xtnData.sniNameArrSize,
-                                                            ss->sniSocketConfigArg);
-                }
-                if (ret <= SSL_SNI_SEND_ALERT) {
-                    /* Application does not know the name or was not able to
-                     * properly reconfigure the socket. */
-                    errCode = SSL_ERROR_UNRECOGNIZED_NAME_ALERT;
-                    desc = unrecognized_name;
-                    break;
-                } else if (ret == SSL_SNI_CURRENT_CONFIG_IS_USED) {
-                    SECStatus rv = SECSuccess;
-                    SECItem *cwsName, *pwsName;
-
-                    ssl_GetSpecWriteLock(ss); /*******************************/
-                    pwsName = &ss->ssl3.pwSpec->srvVirtName;
-                    cwsName = &ss->ssl3.cwSpec->srvVirtName;
-#ifndef SSL_SNI_ALLOW_NAME_CHANGE_2HS
-                    /* not allow name change on the 2d HS */
-                    if (ss->firstHsDone) {
-                        if (ssl3_ServerNameCompare(pwsName, cwsName)) {
-                            ssl_ReleaseSpecWriteLock(ss); /******************/
-                            errCode = SSL_ERROR_UNRECOGNIZED_NAME_ALERT;
-                            desc = handshake_failure;
-                            ret = SSL_SNI_SEND_ALERT;
-                            break;
-                        }
-                    }
-#endif
-                    if (pwsName->data) {
-                        SECITEM_FreeItem(pwsName, PR_FALSE);
-                    }
-                    if (cwsName->data) {
-                        rv = SECITEM_CopyItem(NULL, pwsName, cwsName);
-                    }
-                    ssl_ReleaseSpecWriteLock(ss); /**************************/
-                    if (rv != SECSuccess) {
-                        errCode = SSL_ERROR_INTERNAL_ERROR_ALERT;
-                        desc = internal_error;
-                        ret = SSL_SNI_SEND_ALERT;
-                        break;
-                    }
-                } else if ((unsigned int)ret < ss->xtnData.sniNameArrSize) {
-                    /* Application has configured new socket info. Lets check it
-                     * and save the name. */
-                    SECStatus rv;
-                    SECItem *name = &ss->xtnData.sniNameArr[ret];
-                    int configedCiphers;
-                    SECItem *pwsName;
-
-                    /* get rid of the old name and save the newly picked. */
-                    /* This code is protected by ssl3HandshakeLock. */
-                    ssl_GetSpecWriteLock(ss); /*******************************/
-#ifndef SSL_SNI_ALLOW_NAME_CHANGE_2HS
-                    /* not allow name change on the 2d HS */
-                    if (ss->firstHsDone) {
-                        SECItem *cwsName = &ss->ssl3.cwSpec->srvVirtName;
-                        if (ssl3_ServerNameCompare(name, cwsName)) {
-                            ssl_ReleaseSpecWriteLock(ss); /******************/
-                            errCode = SSL_ERROR_UNRECOGNIZED_NAME_ALERT;
-                            desc = handshake_failure;
-                            ret = SSL_SNI_SEND_ALERT;
-                            break;
-                        }
-                    }
-#endif
-                    pwsName = &ss->ssl3.pwSpec->srvVirtName;
-                    if (pwsName->data) {
-                        SECITEM_FreeItem(pwsName, PR_FALSE);
-                    }
-                    rv = SECITEM_CopyItem(NULL, pwsName, name);
-                    ssl_ReleaseSpecWriteLock(ss); /***************************/
-                    if (rv != SECSuccess) {
-                        errCode = SSL_ERROR_INTERNAL_ERROR_ALERT;
-                        desc = internal_error;
-                        ret = SSL_SNI_SEND_ALERT;
-                        break;
-                    }
-                    configedCiphers = ssl3_config_match_init(ss);
-                    if (configedCiphers <= 0) {
-                        /* no ciphers are working/supported */
-                        errCode = PORT_GetError();
-                        desc = handshake_failure;
-                        ret = SSL_SNI_SEND_ALERT;
-                        break;
-                    }
-                    /* Need to tell the client that application has picked
-                     * the name from the offered list and reconfigured the socket.
-                     */
-                    ssl3_RegisterServerHelloExtensionSender(ss, ssl_server_name_xtn,
-                                                            ssl3_SendServerNameXtn);
-                } else {
-                    /* Callback returned index outside of the boundary. */
-                    PORT_Assert((unsigned int)ret < ss->xtnData.sniNameArrSize);
-                    errCode = SSL_ERROR_INTERNAL_ERROR_ALERT;
-                    desc = internal_error;
-                    ret = SSL_SNI_SEND_ALERT;
-                    break;
-                }
-            } while (0);
-        /* Free sniNameArr. The data that each SECItem in the array
-         * points into is the data from the input buffer "b". It will
-         * not be available outside the scope of this or it's child
-         * functions.*/
-        if (ss->xtnData.sniNameArr) {
-            PORT_Free(ss->xtnData.sniNameArr);
-            ss->xtnData.sniNameArr = NULL;
-            ss->xtnData.sniNameArrSize = 0;
-        }
-        if (ret <= SSL_SNI_SEND_ALERT) {
-            /* desc and errCode should be set. */
-            goto alert_loser;
-        }
-    }
-#ifndef SSL_SNI_ALLOW_NAME_CHANGE_2HS
-    else if (ss->firstHsDone) {
-        /* Check that we don't have the name is current spec
-         * if this extension was not negotiated on the 2d hs. */
-        PRBool passed = PR_TRUE;
-        ssl_GetSpecReadLock(ss); /*******************************/
-        if (ss->ssl3.cwSpec->srvVirtName.data) {
-            passed = PR_FALSE;
-        }
-        ssl_ReleaseSpecReadLock(ss); /***************************/
-        if (!passed) {
-            errCode = SSL_ERROR_UNRECOGNIZED_NAME_ALERT;
-            desc = handshake_failure;
-            goto alert_loser;
-        }
-    }
-#endif
-
-    /* If this is TLS 1.3 we are expecting a ClientKeyShare
-     * extension. Missing/absent extension cause failure
-     * below. */
-    if (isTLS13) {
-        rv = tls13_HandleClientKeyShare(ss);
-        if (rv != SECSuccess) {
-            errCode = PORT_GetError();
-            goto alert_loser;
-        }
-    }
-
-    sid = ssl3_NewSessionID(ss, PR_TRUE);
-    if (sid == NULL) {
-        errCode = PORT_GetError();
-        goto loser; /* memory error is set. */
-    }
-    ss->sec.ci.sid = sid;
-
-    sid->u.ssl3.keys.extendedMasterSecretUsed =
-        ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn);
-    ss->ssl3.hs.isResuming = PR_FALSE;
-
-    ssl_GetXmitBufLock(ss);
-    if (isTLS13) {
-        rv = tls13_SendServerHelloSequence(ss);
-    } else {
-        rv = ssl3_SendServerHelloSequence(ss);
-    }
-    ssl_ReleaseXmitBufLock(ss);
-    if (rv != SECSuccess) {
-        errCode = PORT_GetError();
-        desc = handshake_failure;
-        goto alert_loser;
-    }
-
-    if (haveXmitBufLock) {
-        ssl_ReleaseXmitBufLock(ss);
-        haveXmitBufLock = PR_FALSE;
-    }
-
-    return SECSuccess;
-
-alert_loser:
-    if (haveSpecWriteLock) {
-        ssl_ReleaseSpecWriteLock(ss);
-        haveSpecWriteLock = PR_FALSE;
-    }
-    (void)SSL3_SendAlert(ss, level, desc);
-/* FALLTHRU */
-loser:
-    if (haveSpecWriteLock) {
-        ssl_ReleaseSpecWriteLock(ss);
-        haveSpecWriteLock = PR_FALSE;
-    }
-
-    if (haveXmitBufLock) {
-        ssl_ReleaseXmitBufLock(ss);
-        haveXmitBufLock = PR_FALSE;
-    }
-
-    PORT_SetError(errCode);
-    return SECFailure;
-}
-
-/*
- * ssl3_HandleV2ClientHello is used when a V2 formatted hello comes
- * in asking to use the V3 handshake.
- * Called from ssl2_HandleClientHelloMessage() in sslcon.c
- */
-SECStatus
-ssl3_HandleV2ClientHello(sslSocket *ss, unsigned char *buffer, int length)
-{
-    sslSessionID *sid = NULL;
-    unsigned char *suites;
-    unsigned char *random;
-    SSL3ProtocolVersion version;
-    SECStatus rv;
-    int i;
-    int j;
-    int sid_length;
-    int suite_length;
-    int rand_length;
-    int errCode = SSL_ERROR_RX_MALFORMED_CLIENT_HELLO;
-    SSL3AlertDescription desc = handshake_failure;
-
-    SSL_TRC(3, ("%d: SSL3[%d]: handle v2 client_hello", SSL_GETPID(), ss->fd));
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-
-    ssl_GetSSL3HandshakeLock(ss);
-
-    PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData));
-
-    rv = ssl3_InitState(ss);
-    if (rv != SECSuccess) {
-        ssl_ReleaseSSL3HandshakeLock(ss);
-        return rv; /* ssl3_InitState has set the error code. */
-    }
-    rv = ssl3_RestartHandshakeHashes(ss);
-    if (rv != SECSuccess) {
-        ssl_ReleaseSSL3HandshakeLock(ss);
-        return rv;
-    }
-
-    if (ss->ssl3.hs.ws != wait_client_hello) {
-        desc = unexpected_message;
-        errCode = SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO;
-        goto loser; /* alert_loser */
-    }
-
-    version = (buffer[1] << 8) | buffer[2];
-    suite_length = (buffer[3] << 8) | buffer[4];
-    sid_length = (buffer[5] << 8) | buffer[6];
-    rand_length = (buffer[7] << 8) | buffer[8];
-    ss->clientHelloVersion = version;
-
-    if (version >= SSL_LIBRARY_VERSION_TLS_1_3) {
-        /* [draft-ietf-tls-tls-11; C.3] forbids sending a TLS 1.3
-         * ClientHello using the backwards-compatible format. */
-        desc = illegal_parameter;
-        errCode = SSL_ERROR_RX_MALFORMED_CLIENT_HELLO;
-        goto loser;
-    }
-
-    rv = ssl3_NegotiateVersion(ss, version, PR_TRUE);
-    if (rv != SECSuccess) {
-        /* send back which ever alert client will understand. */
-        desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version
-                                                   : handshake_failure;
-        errCode = SSL_ERROR_UNSUPPORTED_VERSION;
-        goto alert_loser;
-    }
-    ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_version;
-
-    rv = ssl3_InitHandshakeHashes(ss);
-    if (rv != SECSuccess) {
-        desc = internal_error;
-        errCode = PORT_GetError();
-        goto alert_loser;
-    }
-
-    /* if we get a non-zero SID, just ignore it. */
-    if (length !=
-        SSL_HL_CLIENT_HELLO_HBYTES + suite_length + sid_length + rand_length) {
-        SSL_DBG(("%d: SSL3[%d]: bad v2 client hello message, len=%d should=%d",
-                 SSL_GETPID(), ss->fd, length,
-                 SSL_HL_CLIENT_HELLO_HBYTES + suite_length + sid_length +
-                     rand_length));
-        goto loser; /* malformed */ /* alert_loser */
-    }
-
-    suites = buffer + SSL_HL_CLIENT_HELLO_HBYTES;
-    random = suites + suite_length + sid_length;
-
-    if (rand_length < SSL_MIN_CHALLENGE_BYTES ||
-        rand_length > SSL_MAX_CHALLENGE_BYTES) {
-        goto loser; /* malformed */ /* alert_loser */
-    }
-
-    PORT_Assert(SSL_MAX_CHALLENGE_BYTES == SSL3_RANDOM_LENGTH);
-
-    PORT_Memset(&ss->ssl3.hs.client_random, 0, SSL3_RANDOM_LENGTH);
-    PORT_Memcpy(
-        &ss->ssl3.hs.client_random.rand[SSL3_RANDOM_LENGTH - rand_length],
-        random, rand_length);
-
-    PRINT_BUF(60, (ss, "client random:", &ss->ssl3.hs.client_random.rand[0],
-                   SSL3_RANDOM_LENGTH));
-#ifndef NSS_DISABLE_ECC
-    /* Disable any ECC cipher suites for which we have no cert. */
-    ssl3_FilterECCipherSuitesByServerCerts(ss);
-#endif
-    i = ssl3_config_match_init(ss);
-    if (i <= 0) {
-        errCode = PORT_GetError(); /* error code is already set. */
-        goto alert_loser;
-    }
-
-    /* Select a cipher suite.
-    **
-    ** NOTE: This suite selection algorithm should be the same as the one in
-    ** ssl3_HandleClientHello().
-    **
-    ** See the comments about export cipher suites in ssl3_HandleClientHello().
-    */
-    for (j = 0; j < ssl_V3_SUITES_IMPLEMENTED; j++) {
-        ssl3CipherSuiteCfg *suite = &ss->cipherSuites[j];
-        SSLVersionRange vrange = { ss->version, ss->version };
-        if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange, ss)) {
-            continue;
-        }
-        for (i = 0; i + 2 < suite_length; i += 3) {
-            PRUint32 suite_i = (suites[i] << 16) | (suites[i + 1] << 8) | suites[i + 2];
-            if (suite_i == suite->cipher_suite) {
-                ss->ssl3.hs.cipher_suite = suite->cipher_suite;
-                ss->ssl3.hs.suite_def =
-                    ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite);
-                ss->ssl3.hs.kea_def =
-                    &kea_defs[ss->ssl3.hs.suite_def->key_exchange_alg];
-                ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_cipher_suite;
-                goto suite_found;
-            }
-        }
-    }
-    errCode = SSL_ERROR_NO_CYPHER_OVERLAP;
-    goto alert_loser;
-
-suite_found:
-
-    /* Look for the SCSV, and if found, treat it just like an empty RI
-     * extension by processing a local copy of an empty RI extension.
-     */
-    for (i = 0; i + 2 < suite_length; i += 3) {
-        PRUint32 suite_i = (suites[i] << 16) | (suites[i + 1] << 8) | suites[i + 2];
-        if (suite_i == TLS_EMPTY_RENEGOTIATION_INFO_SCSV) {
-            SSL3Opaque *b2 = (SSL3Opaque *)emptyRIext;
-            PRUint32 L2 = sizeof emptyRIext;
-            (void)ssl3_HandleHelloExtensions(ss, &b2, &L2, client_hello);
-            break;
-        }
-    }
-
-    if (ss->opt.requireSafeNegotiation &&
-        !ssl3_ExtensionNegotiated(ss, ssl_renegotiation_info_xtn)) {
-        desc = handshake_failure;
-        errCode = SSL_ERROR_UNSAFE_NEGOTIATION;
-        goto alert_loser;
-    }
-
-    ss->ssl3.hs.compression = ssl_compression_null;
-    ss->sec.send = ssl3_SendApplicationData;
-
-    /* we don't even search for a cache hit here.  It's just a miss. */
-    SSL_AtomicIncrementLong(&ssl3stats.hch_sid_cache_misses);
-    sid = ssl3_NewSessionID(ss, PR_TRUE);
-    if (sid == NULL) {
-        errCode = PORT_GetError();
-        goto loser; /* memory error is set. */
-    }
-    ss->sec.ci.sid = sid;
-    /* do not worry about memory leak of sid since it now belongs to ci */
-
-    /* We have to update the handshake hashes before we can send stuff */
-    rv = ssl3_UpdateHandshakeHashes(ss, buffer, length);
-    if (rv != SECSuccess) {
-        errCode = PORT_GetError();
-        goto loser;
-    }
-
-    ssl_GetXmitBufLock(ss);
-    rv = ssl3_SendServerHelloSequence(ss);
-    ssl_ReleaseXmitBufLock(ss);
-    if (rv != SECSuccess) {
-        errCode = PORT_GetError();
-        goto loser;
-    }
-
-    /* XXX_1    The call stack to here is:
-     * ssl_Do1stHandshake -> ssl2_HandleClientHelloMessage -> here.
-     * ssl2_HandleClientHelloMessage returns whatever we return here.
-     * ssl_Do1stHandshake will continue looping if it gets back either
-     *      SECSuccess or SECWouldBlock.
-     * SECSuccess is preferable here.  See XXX_1 in sslgathr.c.
-     */
-    ssl_ReleaseSSL3HandshakeLock(ss);
-    return SECSuccess;
-
-alert_loser:
-    SSL3_SendAlert(ss, alert_fatal, desc);
-loser:
-    ssl_ReleaseSSL3HandshakeLock(ss);
-    PORT_SetError(errCode);
-    return SECFailure;
-}
-
-/* The negotiated version number has been already placed in ss->version.
-**
-** Called from:  ssl3_HandleClientHello                     (resuming session),
-**  ssl3_SendServerHelloSequence <- ssl3_HandleClientHello   (new session),
-**  ssl3_SendServerHelloSequence <- ssl3_HandleV2ClientHello (new session)
-*/
-SECStatus
-ssl3_SendServerHello(sslSocket *ss)
-{
-    sslSessionID *sid;
-    SECStatus rv;
-    PRUint32 maxBytes = 65535;
-    PRUint32 length;
-    PRInt32 extensions_len = 0;
-    SSL3ProtocolVersion version;
-
-    SSL_TRC(3, ("%d: SSL3[%d]: send server_hello handshake", SSL_GETPID(),
-                ss->fd));
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    if (!IS_DTLS(ss)) {
-        PORT_Assert(MSB(ss->version) == MSB(SSL_LIBRARY_VERSION_3_0));
-
-        if (MSB(ss->version) != MSB(SSL_LIBRARY_VERSION_3_0)) {
-            PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
-            return SECFailure;
-        }
-    } else {
-        PORT_Assert(MSB(ss->version) == MSB(SSL_LIBRARY_VERSION_DTLS_1_0));
-
-        if (MSB(ss->version) != MSB(SSL_LIBRARY_VERSION_DTLS_1_0)) {
-            PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
-            return SECFailure;
-        }
-    }
-
-    sid = ss->sec.ci.sid;
-
-    extensions_len = ssl3_CallHelloExtensionSenders(
-        ss, PR_FALSE, maxBytes, &ss->xtnData.serverHelloSenders[0]);
-    if (extensions_len > 0)
-        extensions_len += 2; /* Add sizeof total extension length */
-
-    /* TLS 1.3 doesn't use the session_id or compression_method
-     * fields in the ServerHello. */
-    length = sizeof(SSL3ProtocolVersion) + SSL3_RANDOM_LENGTH;
-    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
-        length += 1 + ((sid == NULL) ? 0 : sid->u.ssl3.sessionIDLength);
-    }
-    length += sizeof(ssl3CipherSuite);
-    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
-        length += 1; /* Compression */
-    }
-    length += extensions_len;
-
-    rv = ssl3_AppendHandshakeHeader(ss, server_hello, length);
-    if (rv != SECSuccess) {
-        return rv; /* err set by AppendHandshake. */
-    }
-
-    if (IS_DTLS(ss)) {
-        version = dtls_TLSVersionToDTLSVersion(ss->version);
-    } else {
-        version = ss->version;
-    }
-
-    rv = ssl3_AppendHandshakeNumber(ss, version, 2);
-    if (rv != SECSuccess) {
-        return rv; /* err set by AppendHandshake. */
-    }
-    /* Random already generated in ssl3_HandleClientHello */
-    rv = ssl3_AppendHandshake(
-        ss, &ss->ssl3.hs.server_random, SSL3_RANDOM_LENGTH);
-    if (rv != SECSuccess) {
-        return rv; /* err set by AppendHandshake. */
-    }
-
-    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
-        if (sid) {
-            rv = ssl3_AppendHandshakeVariable(
-                ss, sid->u.ssl3.sessionID, sid->u.ssl3.sessionIDLength, 1);
-        } else {
-            rv = ssl3_AppendHandshakeNumber(ss, 0, 1);
-        }
-        if (rv != SECSuccess) {
-            return rv; /* err set by AppendHandshake. */
-        }
-    }
-
-    rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.hs.cipher_suite, 2);
-    if (rv != SECSuccess) {
-        return rv; /* err set by AppendHandshake. */
-    }
-    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
-        rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.hs.compression, 1);
-        if (rv != SECSuccess) {
-            return rv; /* err set by AppendHandshake. */
-        }
-    }
-    if (extensions_len) {
-        PRInt32 sent_len;
-
-        extensions_len -= 2;
-        rv = ssl3_AppendHandshakeNumber(ss, extensions_len, 2);
-        if (rv != SECSuccess)
-            return rv; /* err set by ssl3_AppendHandshakeNumber */
-        sent_len = ssl3_CallHelloExtensionSenders(ss, PR_TRUE, extensions_len,
-                                                  &ss->xtnData.serverHelloSenders[0]);
-        PORT_Assert(sent_len == extensions_len);
-        if (sent_len != extensions_len) {
-            if (sent_len >= 0)
-                PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-            return SECFailure;
-        }
-    }
-    rv = ssl3_SetupPendingCipherSpec(ss);
-    if (rv != SECSuccess) {
-        return rv; /* err set by ssl3_SetupPendingCipherSpec */
-    }
-
-    return SECSuccess;
-}
-
-static SECStatus
-ssl3_PickSignatureHashAlgorithm(sslSocket *ss,
-                                SSLSignatureAndHashAlg *out);
-
-static SECStatus
-ssl3_SendDHServerKeyExchange(sslSocket *ss)
-{
-    const ssl3KEADef *kea_def = ss->ssl3.hs.kea_def;
-    SECStatus rv = SECFailure;
-    int length;
-    PRBool isTLS;
-    SECItem signed_hash = { siBuffer, NULL, 0 };
-    SSL3Hashes hashes;
-    SSLSignatureAndHashAlg sigAndHash;
-    SECKEYDHParams dhParam;
-
-    ssl3KeyPair *keyPair = NULL;
-    SECKEYPublicKey *pubKey = NULL;   /* Ephemeral DH key */
-    SECKEYPrivateKey *privKey = NULL; /* Ephemeral DH key */
-    int certIndex = -1;
-
-    if (kea_def->kea != kea_dhe_dss && kea_def->kea != kea_dhe_rsa) {
-        /* TODO: Support DH_anon. It might be sufficient to drop the signature.
-                 See bug 1170510. */
-        PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
-        return SECFailure;
-    }
-
-    dhParam.prime.data = ss->dheParams->prime.data;
-    dhParam.prime.len = ss->dheParams->prime.len;
-    dhParam.base.data = ss->dheParams->base.data;
-    dhParam.base.len = ss->dheParams->base.len;
-
-    PRINT_BUF(60, (NULL, "Server DH p", dhParam.prime.data,
-                   dhParam.prime.len));
-    PRINT_BUF(60, (NULL, "Server DH g", dhParam.base.data,
-                   dhParam.base.len));
-
-    /* Generate ephemeral DH keypair */
-    privKey = SECKEY_CreateDHPrivateKey(&dhParam, &pubKey, NULL);
-    if (!privKey || !pubKey) {
-        ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
-        rv = SECFailure;
-        goto loser;
-    }
-
-    keyPair = ssl3_NewKeyPair(privKey, pubKey);
-    if (!keyPair) {
-        ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
-        goto loser;
-    }
-
-    PRINT_BUF(50, (ss, "DH public value:",
-                   pubKey->u.dh.publicValue.data,
-                   pubKey->u.dh.publicValue.len));
-
-    if (ssl3_PickSignatureHashAlgorithm(ss, &sigAndHash) != SECSuccess) {
-        ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
-        goto loser;
-    }
-
-    rv = ssl3_ComputeDHKeyHash(sigAndHash.hashAlg,
-                               pubKey->u.dh.prime,
-                               pubKey->u.dh.base,
-                               pubKey->u.dh.publicValue,
-                               &ss->ssl3.hs.client_random,
-                               &ss->ssl3.hs.server_random,
-                               &hashes, ss->opt.bypassPKCS11);
-    if (rv != SECSuccess) {
-        ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
-        goto loser;
-    }
-
-    /* It has been suggested to test kea_def->signKeyType instead, and to use
-     * ssl_auth_* instead. Investigate what to do. See bug 102794. */
-    if (kea_def->kea == kea_dhe_rsa)
-        certIndex = ssl_kea_rsa;
-    else
-        certIndex = ssl_kea_dh;
-
-    isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0);
-    rv = ssl3_SignHashes(&hashes, ss->serverCerts[certIndex].SERVERKEY,
-                         &signed_hash, isTLS);
-    if (rv != SECSuccess) {
-        goto loser; /* ssl3_SignHashes has set err. */
-    }
-    if (signed_hash.data == NULL) {
-        PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
-        goto loser;
-    }
-    length = 2 + pubKey->u.dh.prime.len +
-             2 + pubKey->u.dh.base.len +
-             2 + pubKey->u.dh.publicValue.len +
-             2 + signed_hash.len;
-
-    if (ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
-        length += 2;
-    }
-
-    rv = ssl3_AppendHandshakeHeader(ss, server_key_exchange, length);
-    if (rv != SECSuccess) {
-        goto loser; /* err set by AppendHandshake. */
-    }
-
-    rv = ssl3_AppendHandshakeVariable(ss, pubKey->u.dh.prime.data,
-                                      pubKey->u.dh.prime.len, 2);
-    if (rv != SECSuccess) {
-        goto loser; /* err set by AppendHandshake. */
-    }
-
-    rv = ssl3_AppendHandshakeVariable(ss, pubKey->u.dh.base.data,
-                                      pubKey->u.dh.base.len, 2);
-    if (rv != SECSuccess) {
-        goto loser; /* err set by AppendHandshake. */
-    }
-
-    rv = ssl3_AppendHandshakeVariable(ss, pubKey->u.dh.publicValue.data,
-                                      pubKey->u.dh.publicValue.len, 2);
-    if (rv != SECSuccess) {
-        goto loser; /* err set by AppendHandshake. */
-    }
-
-    if (ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
-        rv = ssl3_AppendSignatureAndHashAlgorithm(ss, &sigAndHash);
-        if (rv != SECSuccess) {
-            goto loser; /* err set by AppendHandshake. */
-        }
-    }
-
-    rv = ssl3_AppendHandshakeVariable(ss, signed_hash.data,
-                                      signed_hash.len, 2);
-    if (rv != SECSuccess) {
-        goto loser; /* err set by AppendHandshake. */
-    }
-    PORT_Free(signed_hash.data);
-    ss->dheKeyPair = keyPair;
-    return SECSuccess;
-
-loser:
-    if (signed_hash.data)
-        PORT_Free(signed_hash.data);
-    if (privKey)
-        SECKEY_DestroyPrivateKey(privKey);
-    if (pubKey)
-        SECKEY_DestroyPublicKey(pubKey);
-    return SECFailure;
-}
-
-/* ssl3_PickSignatureHashAlgorithm selects a hash algorithm to use when signing
- * elements of the handshake. (The negotiated cipher suite determines the
- * signature algorithm.) Prior to TLS 1.2, the MD5/SHA1 combination is always
- * used. With TLS 1.2, a client may advertise its support for signature and
- * hash combinations. */
-static SECStatus
-ssl3_PickSignatureHashAlgorithm(sslSocket *ss,
-                                SSLSignatureAndHashAlg *out)
-{
-    PRUint32 policy;
-    unsigned int i, j;
-
-    out->sigAlg = ss->ssl3.hs.kea_def->signKeyType;
-
-    if (ss->version <= SSL_LIBRARY_VERSION_TLS_1_1) {
-        /* SEC_OID_UNKNOWN means the MD5/SHA1 combo hash used in TLS 1.1 and
-         * prior. */
-        out->hashAlg = ssl_hash_none;
-        return SECSuccess;
-    }
-
-    if (ss->ssl3.hs.numClientSigAndHash == 0) {
-        /* If the client didn't provide any signature_algorithms extension then
-         * we can assume that they support SHA-1:
-         * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
-        out->hashAlg = ssl_hash_sha1;
-        return SECSuccess;
-    }
-
-    /* Here we look for the first server preference that the client has
-     * indicated support for in their signature_algorithms extension. */
-    for (i = 0; i < ss->ssl3.signatureAlgorithmCount; ++i) {
-        const SSLSignatureAndHashAlg *serverPref =
-            &ss->ssl3.signatureAlgorithms[i];
-        SECOidTag hashOID;
-        if (serverPref->sigAlg != out->sigAlg) {
-            continue;
-        }
-        hashOID = ssl3_TLSHashAlgorithmToOID(serverPref->hashAlg);
-        if ((NSS_GetAlgorithmPolicy(hashOID, &policy) == SECSuccess) &&
-            !(policy & NSS_USE_ALG_IN_SSL_KX)) {
-            /* we ignore hashes we don't support */
-            continue;
-        }
-        for (j = 0; j < ss->ssl3.hs.numClientSigAndHash; j++) {
-            const SSLSignatureAndHashAlg *clientPref =
-                &ss->ssl3.hs.clientSigAndHash[j];
-            if (clientPref->hashAlg == serverPref->hashAlg &&
-                clientPref->sigAlg == out->sigAlg) {
-                out->hashAlg = serverPref->hashAlg;
-                return SECSuccess;
-            }
-        }
-    }
-
-    PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM);
-    return SECFailure;
-}
-
-static SECStatus
-ssl3_SendServerKeyExchange(sslSocket *ss)
-{
-    const ssl3KEADef *kea_def = ss->ssl3.hs.kea_def;
-    SECStatus rv = SECFailure;
-    int length;
-    PRBool isTLS;
-    SECItem signed_hash = { siBuffer, NULL, 0 };
-    SSL3Hashes hashes;
-    SECKEYPublicKey *sdPub; /* public key for step-down */
-    SSLSignatureAndHashAlg sigAndHash;
-
-    SSL_TRC(3, ("%d: SSL3[%d]: send server_key_exchange handshake",
-                SSL_GETPID(), ss->fd));
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    if (ssl3_PickSignatureHashAlgorithm(ss, &sigAndHash) != SECSuccess) {
-        return SECFailure;
-    }
-
-    switch (kea_def->exchKeyType) {
-        case kt_rsa:
-            /* Perform SSL Step-Down here. */
-            sdPub = ss->stepDownKeyPair->pubKey;
-            PORT_Assert(sdPub != NULL);
-            if (!sdPub) {
-                PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
-                return SECFailure;
-            }
-            rv = ssl3_ComputeExportRSAKeyHash(sigAndHash.hashAlg,
-                                              sdPub->u.rsa.modulus,
-                                              sdPub->u.rsa.publicExponent,
-                                              &ss->ssl3.hs.client_random,
-                                              &ss->ssl3.hs.server_random,
-                                              &hashes, ss->opt.bypassPKCS11);
-            if (rv != SECSuccess) {
-                ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
-                return rv;
-            }
-
-            isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0);
-            rv = ssl3_SignHashes(&hashes, ss->serverCerts[kt_rsa].SERVERKEY,
-                                 &signed_hash, isTLS);
-            if (rv != SECSuccess) {
-                goto loser; /* ssl3_SignHashes has set err. */
-            }
-            if (signed_hash.data == NULL) {
-                /* how can this happen and rv == SECSuccess ?? */
-                PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
-                goto loser;
-            }
-            length = 2 + sdPub->u.rsa.modulus.len +
-                     2 + sdPub->u.rsa.publicExponent.len +
-                     2 + signed_hash.len;
-
-            if (ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
-                length += 2;
-            }
-
-            rv = ssl3_AppendHandshakeHeader(ss, server_key_exchange, length);
-            if (rv != SECSuccess) {
-                goto loser; /* err set by AppendHandshake. */
-            }
-
-            rv = ssl3_AppendHandshakeVariable(ss, sdPub->u.rsa.modulus.data,
-                                              sdPub->u.rsa.modulus.len, 2);
-            if (rv != SECSuccess) {
-                goto loser; /* err set by AppendHandshake. */
-            }
-
-            rv = ssl3_AppendHandshakeVariable(
-                ss, sdPub->u.rsa.publicExponent.data,
-                sdPub->u.rsa.publicExponent.len, 2);
-            if (rv != SECSuccess) {
-                goto loser; /* err set by AppendHandshake. */
-            }
-
-            if (ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
-                rv = ssl3_AppendSignatureAndHashAlgorithm(ss, &sigAndHash);
-                if (rv != SECSuccess) {
-                    goto loser; /* err set by AppendHandshake. */
-                }
-            }
-
-            rv = ssl3_AppendHandshakeVariable(ss, signed_hash.data,
-                                              signed_hash.len, 2);
-            if (rv != SECSuccess) {
-                goto loser; /* err set by AppendHandshake. */
-            }
-            PORT_Free(signed_hash.data);
-            return SECSuccess;
-
-        case ssl_kea_dh: {
-            rv = ssl3_SendDHServerKeyExchange(ss);
-            return rv;
-        }
-
-#ifndef NSS_DISABLE_ECC
-        case kt_ecdh: {
-            rv = ssl3_SendECDHServerKeyExchange(ss, &sigAndHash);
-            return rv;
-        }
-#endif /* NSS_DISABLE_ECC */
-
-        case kt_null:
-        default:
-            PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
-            break;
-    }
-loser:
-    if (signed_hash.data != NULL)
-        PORT_Free(signed_hash.data);
-    return SECFailure;
-}
-
-SECStatus
-ssl3_EncodeCertificateRequestSigAlgs(sslSocket *ss, PRUint8 *buf,
-                                     unsigned maxLen, PRUint32 *len)
-{
-    unsigned int i;
-
-    PORT_Assert(maxLen >= ss->ssl3.signatureAlgorithmCount * 2);
-    if (maxLen < ss->ssl3.signatureAlgorithmCount * 2) {
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        return SECFailure;
-    }
-
-    *len = 0;
-    for (i = 0; i < ss->ssl3.signatureAlgorithmCount; ++i) {
-        const SSLSignatureAndHashAlg *alg = &ss->ssl3.signatureAlgorithms[i];
-        /* Note that we don't support a handshake hash with anything other than
-         * SHA-256, so asking for a signature from clients for something else
-         * would be inviting disaster. */
-        if (alg->hashAlg == ssl_hash_sha256) {
-            buf[(*len)++] = (PRUint8)alg->hashAlg;
-            buf[(*len)++] = (PRUint8)alg->sigAlg;
-        }
-    }
-
-    if (*len == 0) {
-        PORT_SetError(SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM);
-        return SECFailure;
-    }
-    return SECSuccess;
-}
-
-void
-ssl3_GetCertificateRequestCAs(sslSocket *ss, int *calen, SECItem **names,
-                              int *nnames)
-{
-    SECItem *name;
-    CERTDistNames *ca_list;
-    int i;
-
-    *calen = 0;
-    *names = NULL;
-    *nnames = 0;
-
-    /* ssl3.ca_list is initialized to NULL, and never changed. */
-    ca_list = ss->ssl3.ca_list;
-    if (!ca_list) {
-        ca_list = ssl3_server_ca_list;
-    }
-
-    if (ca_list != NULL) {
-        *names = ca_list->names;
-        *nnames = ca_list->nnames;
-    }
-
-    for (i = 0, name = *names; i < *nnames; i++, name++) {
-        *calen += 2 + name->len;
-    }
-}
-
-static SECStatus
-ssl3_SendCertificateRequest(sslSocket *ss)
-{
-    PRBool isTLS12;
-    const PRUint8 *certTypes;
-    SECStatus rv;
-    int length;
-    SECItem *names;
-    int calen;
-    int nnames;
-    SECItem *name;
-    int i;
-    int certTypesLength;
-    PRUint8 sigAlgs[MAX_SIGNATURE_ALGORITHMS * 2];
-    unsigned int sigAlgsLength = 0;
-
-    SSL_TRC(3, ("%d: SSL3[%d]: send certificate_request handshake",
-                SSL_GETPID(), ss->fd));
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    isTLS12 = (PRBool)(ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
-
-    ssl3_GetCertificateRequestCAs(ss, &calen, &names, &nnames);
-    certTypes = certificate_types;
-    certTypesLength = sizeof certificate_types;
-
-    length = 1 + certTypesLength + 2 + calen;
-    if (isTLS12) {
-        rv = ssl3_EncodeCertificateRequestSigAlgs(ss, sigAlgs, sizeof(sigAlgs),
-                                                  &sigAlgsLength);
-        if (rv != SECSuccess) {
-            return rv;
-        }
-        length += 2 + sigAlgsLength;
-    }
-
-    rv = ssl3_AppendHandshakeHeader(ss, certificate_request, length);
-    if (rv != SECSuccess) {
-        return rv; /* err set by AppendHandshake. */
-    }
-    rv = ssl3_AppendHandshakeVariable(ss, certTypes, certTypesLength, 1);
-    if (rv != SECSuccess) {
-        return rv; /* err set by AppendHandshake. */
-    }
-    if (isTLS12) {
-        rv = ssl3_AppendHandshakeVariable(ss, sigAlgs, sigAlgsLength, 2);
-        if (rv != SECSuccess) {
-            return rv; /* err set by AppendHandshake. */
-        }
-    }
-    rv = ssl3_AppendHandshakeNumber(ss, calen, 2);
-    if (rv != SECSuccess) {
-        return rv; /* err set by AppendHandshake. */
-    }
-    for (i = 0, name = names; i < nnames; i++, name++) {
-        rv = ssl3_AppendHandshakeVariable(ss, name->data, name->len, 2);
-        if (rv != SECSuccess) {
-            return rv; /* err set by AppendHandshake. */
-        }
-    }
-
-    return SECSuccess;
-}
-
-static SECStatus
-ssl3_SendServerHelloDone(sslSocket *ss)
-{
-    SECStatus rv;
-
-    SSL_TRC(3, ("%d: SSL3[%d]: send server_hello_done handshake",
-                SSL_GETPID(), ss->fd));
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    rv = ssl3_AppendHandshakeHeader(ss, server_hello_done, 0);
-    if (rv != SECSuccess) {
-        return rv; /* err set by AppendHandshake. */
-    }
-    rv = ssl3_FlushHandshake(ss, 0);
-    if (rv != SECSuccess) {
-        return rv; /* error code set by ssl3_FlushHandshake */
-    }
-    return SECSuccess;
-}
-
-/* Called from ssl3_HandlePostHelloHandshakeMessage() when it has deciphered
- * a complete ssl3 Certificate Verify message
- * Caller must hold Handshake and RecvBuf locks.
- */
-static SECStatus
-ssl3_HandleCertificateVerify(sslSocket *ss, SSL3Opaque *b, PRUint32 length,
-                             SSL3Hashes *hashes)
-{
-    SECItem signed_hash = { siBuffer, NULL, 0 };
-    SECStatus rv;
-    int errCode = SSL_ERROR_RX_MALFORMED_CERT_VERIFY;
-    SSL3AlertDescription desc = handshake_failure;
-    PRBool isTLS, isTLS12;
-    SSLSignatureAndHashAlg sigAndHash;
-
-    SSL_TRC(3, ("%d: SSL3[%d]: handle certificate_verify handshake",
-                SSL_GETPID(), ss->fd));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0);
-    isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
-
-    if (ss->ssl3.hs.ws != wait_cert_verify) {
-        desc = unexpected_message;
-        errCode = SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY;
-        goto alert_loser;
-    }
-
-    if (!hashes) {
-        PORT_Assert(0);
-        desc = internal_error;
-        errCode = SEC_ERROR_LIBRARY_FAILURE;
-        goto alert_loser;
-    }
-
-    if (isTLS12) {
-        rv = ssl3_ConsumeSignatureAndHashAlgorithm(ss, &b, &length,
-                                                   &sigAndHash);
-        if (rv != SECSuccess) {
-            goto loser; /* malformed or unsupported. */
-        }
-        rv = ssl3_CheckSignatureAndHashAlgorithmConsistency(
-            ss, &sigAndHash, ss->sec.peerCert);
-        if (rv != SECSuccess) {
-            errCode = PORT_GetError();
-            desc = decrypt_error;
-            goto alert_loser;
-        }
-
-        /* We only support CertificateVerify messages that use the handshake
-         * hash. */
-        if (sigAndHash.hashAlg != hashes->hashAlg) {
-            errCode = SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM;
-            desc = decrypt_error;
-            goto alert_loser;
-        }
-    }
-
-    rv = ssl3_ConsumeHandshakeVariable(ss, &signed_hash, 2, &b, &length);
-    if (rv != SECSuccess) {
-        goto loser; /* malformed. */
-    }
-
-    /* XXX verify that the key & kea match */
-    rv = ssl3_VerifySignedHashes(hashes, ss->sec.peerCert, &signed_hash,
-                                 isTLS, ss->pkcs11PinArg);
-    if (rv != SECSuccess) {
-        errCode = PORT_GetError();
-        desc = isTLS ? decrypt_error : handshake_failure;
-        goto alert_loser;
-    }
-
-    signed_hash.data = NULL;
-
-    if (length != 0) {
-        desc = isTLS ? decode_error : illegal_parameter;
-        goto alert_loser; /* malformed */
-    }
-    ss->ssl3.hs.ws = wait_change_cipher;
-    return SECSuccess;
-
-alert_loser:
-    SSL3_SendAlert(ss, alert_fatal, desc);
-loser:
-    PORT_SetError(errCode);
-    return SECFailure;
-}
-
-/* find a slot that is able to generate a PMS and wrap it with RSA.
- * Then generate and return the PMS.
- * If the serverKeySlot parameter is non-null, this function will use
- * that slot to do the job, otherwise it will find a slot.
- *
- * Called from  ssl3_DeriveConnectionKeysPKCS11()  (above)
- *      sendRSAClientKeyExchange()         (above)
- *      ssl3_HandleRSAClientKeyExchange()  (below)
- * Caller must hold the SpecWriteLock, the SSL3HandshakeLock
- */
-static PK11SymKey *
-ssl3_GenerateRSAPMS(sslSocket *ss, ssl3CipherSpec *spec,
-                    PK11SlotInfo *serverKeySlot)
-{
-    PK11SymKey *pms = NULL;
-    PK11SlotInfo *slot = serverKeySlot;
-    void *pwArg = ss->pkcs11PinArg;
-    SECItem param;
-    CK_VERSION version;
-    CK_MECHANISM_TYPE mechanism_array[3];
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    if (slot == NULL) {
-        SSLCipherAlgorithm calg;
-        /* The specReadLock would suffice here, but we cannot assert on
-        ** read locks.  Also, all the callers who call with a non-null
-        ** slot already hold the SpecWriteLock.
-        */
-        PORT_Assert(ss->opt.noLocks || ssl_HaveSpecWriteLock(ss));
-        PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec);
-
-        calg = spec->cipher_def->calg;
-
-        /* First get an appropriate slot.  */
-        mechanism_array[0] = CKM_SSL3_PRE_MASTER_KEY_GEN;
-        mechanism_array[1] = CKM_RSA_PKCS;
-        mechanism_array[2] = ssl3_Alg2Mech(calg);
-
-        slot = PK11_GetBestSlotMultiple(mechanism_array, 3, pwArg);
-        if (slot == NULL) {
-            /* can't find a slot with all three, find a slot with the minimum */
-            slot = PK11_GetBestSlotMultiple(mechanism_array, 2, pwArg);
-            if (slot == NULL) {
-                PORT_SetError(SSL_ERROR_TOKEN_SLOT_NOT_FOUND);
-                return pms; /* which is NULL */
-            }
-        }
-    }
-
-    /* Generate the pre-master secret ...  */
-    if (IS_DTLS(ss)) {
-        SSL3ProtocolVersion temp;
-
-        temp = dtls_TLSVersionToDTLSVersion(ss->clientHelloVersion);
-        version.major = MSB(temp);
-        version.minor = LSB(temp);
-    } else {
-        version.major = MSB(ss->clientHelloVersion);
-        version.minor = LSB(ss->clientHelloVersion);
-    }
-
-    param.data = (unsigned char *)&version;
-    param.len = sizeof version;
-
-    pms = PK11_KeyGen(slot, CKM_SSL3_PRE_MASTER_KEY_GEN, &param, 0, pwArg);
-    if (!serverKeySlot)
-        PK11_FreeSlot(slot);
-    if (pms == NULL) {
-        ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
-    }
-    return pms;
-}
-
-/* Note: The Bleichenbacher attack on PKCS#1 necessitates that we NEVER
- * return any indication of failure of the Client Key Exchange message,
- * where that failure is caused by the content of the client's message.
- * This function must not return SECFailure for any reason that is directly
- * or indirectly caused by the content of the client's encrypted PMS.
- * We must not send an alert and also not drop the connection.
- * Instead, we generate a random PMS.  This will cause a failure
- * in the processing the finished message, which is exactly where
- * the failure must occur.
- *
- * Called from ssl3_HandleClientKeyExchange
- */
-static SECStatus
-ssl3_HandleRSAClientKeyExchange(sslSocket *ss,
-                                SSL3Opaque *b,
-                                PRUint32 length,
-                                SECKEYPrivateKey *serverKey)
-{
-#ifndef NO_PKCS11_BYPASS
-    unsigned char *cr = (unsigned char *)&ss->ssl3.hs.client_random;
-    unsigned char *sr = (unsigned char *)&ss->ssl3.hs.server_random;
-    ssl3CipherSpec *pwSpec = ss->ssl3.pwSpec;
-    unsigned int outLen = 0;
-    PRBool isTLS = PR_FALSE;
-    SECItem pmsItem = { siBuffer, NULL, 0 };
-    unsigned char rsaPmsBuf[SSL3_RSA_PMS_LENGTH];
-#endif
-    SECStatus rv;
-    SECItem enc_pms;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-    PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec);
-
-    enc_pms.data = b;
-    enc_pms.len = length;
-#ifndef NO_PKCS11_BYPASS
-    pmsItem.data = rsaPmsBuf;
-    pmsItem.len = sizeof rsaPmsBuf;
-#endif
-
-    if (ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0) { /* isTLS */
-        PRInt32 kLen;
-        kLen = ssl3_ConsumeHandshakeNumber(ss, 2, &enc_pms.data, &enc_pms.len);
-        if (kLen < 0) {
-            PORT_SetError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
-            return SECFailure;
-        }
-        if ((unsigned)kLen < enc_pms.len) {
-            enc_pms.len = kLen;
-        }
-#ifndef NO_PKCS11_BYPASS
-        isTLS = PR_TRUE;
-#endif
-    } else {
-#ifndef NO_PKCS11_BYPASS
-        isTLS = (PRBool)(ss->ssl3.hs.kea_def->tls_keygen != 0);
-#endif
-    }
-
-#ifndef NO_PKCS11_BYPASS
-    if (ss->opt.bypassPKCS11) {
-        /* We have not implemented a tls_ExtendedMasterKeyDeriveBypass
-         * and will not negotiate this extension in bypass mode. This
-         * assert just double-checks that.
-         */
-        PORT_Assert(
-            !ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn));
-
-        /* TRIPLE BYPASS, get PMS directly from RSA decryption.
-         * Use PK11_PrivDecryptPKCS1 to decrypt the PMS to a buffer,
-         * then, check for version rollback attack, then
-         * do the equivalent of ssl3_DeriveMasterSecret, placing the MS in
-         * pwSpec->msItem.  Finally call ssl3_InitPendingCipherSpec with
-         * ss and NULL, so that it will use the MS we've already derived here.
-         */
-
-        rv = PK11_PrivDecryptPKCS1(serverKey, rsaPmsBuf, &outLen,
-                                   sizeof rsaPmsBuf, enc_pms.data, enc_pms.len);
-        if (rv != SECSuccess) {
-            /* triple bypass failed.  Let's try for a double bypass. */
-            goto double_bypass;
-        } else if (ss->opt.detectRollBack) {
-            SSL3ProtocolVersion client_version =
-                (rsaPmsBuf[0] << 8) | rsaPmsBuf[1];
-
-            if (IS_DTLS(ss)) {
-                client_version = dtls_DTLSVersionToTLSVersion(client_version);
-            }
-
-            if (client_version != ss->clientHelloVersion) {
-                /* Version roll-back detected. ensure failure.  */
-                rv = PK11_GenerateRandom(rsaPmsBuf, sizeof rsaPmsBuf);
-            }
-        }
-        /* have PMS, build MS without PKCS11 */
-        rv = ssl3_MasterSecretDeriveBypass(pwSpec, cr, sr, &pmsItem, isTLS,
-                                           PR_TRUE);
-        if (rv != SECSuccess) {
-            pwSpec->msItem.data = pwSpec->raw_master_secret;
-            pwSpec->msItem.len = SSL3_MASTER_SECRET_LENGTH;
-            PK11_GenerateRandom(pwSpec->msItem.data, pwSpec->msItem.len);
-        }
-        rv = ssl3_InitPendingCipherSpec(ss, NULL);
-    } else
-#endif
-    {
-        PK11SymKey *tmpPms[2] = { NULL, NULL };
-        PK11SlotInfo *slot;
-        int useFauxPms = 0;
-#define currentPms tmpPms[!useFauxPms]
-#define unusedPms tmpPms[useFauxPms]
-#define realPms tmpPms[1]
-#define fauxPms tmpPms[0]
-
-#ifndef NO_PKCS11_BYPASS
-    double_bypass:
-#endif
-
-        /*
-         * Get as close to algorithm 2 from RFC 5246; Section 7.4.7.1
-         * as we can within the constraints of the PKCS#11 interface.
-         *
-         * 1. Unconditionally generate a bogus PMS (what RFC 5246
-         *    calls R).
-         * 2. Attempt the RSA decryption to recover the PMS (what
-         *    RFC 5246 calls M).
-         * 3. Set PMS = (M == NULL) ? R : M
-         * 4. Use ssl3_ComputeMasterSecret(PMS) to attempt to derive
-         *    the MS from PMS. This includes performing the version
-         *    check and length check.
-         * 5. If either the initial RSA decryption failed or
-         *    ssl3_ComputeMasterSecret(PMS) failed, then discard
-         *    M and set PMS = R. Else, discard R and set PMS = M.
-         *
-         * We do two derivations here because we can't rely on having
-         * a function that only performs the PMS version and length
-         * check. The only redundant cost is that this runs the PRF,
-         * which isn't necessary here.
-         */
-
-        /* Generate the bogus PMS (R) */
-        slot = PK11_GetSlotFromPrivateKey(serverKey);
-        if (!slot) {
-            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-            return SECFailure;
-        }
-
-        if (!PK11_DoesMechanism(slot, CKM_SSL3_MASTER_KEY_DERIVE)) {
-            PK11_FreeSlot(slot);
-            slot = PK11_GetBestSlot(CKM_SSL3_MASTER_KEY_DERIVE, NULL);
-            if (!slot) {
-                PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-                return SECFailure;
-            }
-        }
-
-        ssl_GetSpecWriteLock(ss);
-        fauxPms = ssl3_GenerateRSAPMS(ss, ss->ssl3.prSpec, slot);
-        ssl_ReleaseSpecWriteLock(ss);
-        PK11_FreeSlot(slot);
-
-        if (fauxPms == NULL) {
-            ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
-            return SECFailure;
-        }
-
-        /*
-         * unwrap pms out of the incoming buffer
-         * Note: CKM_SSL3_MASTER_KEY_DERIVE is NOT the mechanism used to do
-         *  the unwrap.  Rather, it is the mechanism with which the
-         *      unwrapped pms will be used.
-         */
-        realPms = PK11_PubUnwrapSymKey(serverKey, &enc_pms,
-                                       CKM_SSL3_MASTER_KEY_DERIVE, CKA_DERIVE, 0);
-        /* Temporarily use the PMS if unwrapping the real PMS fails. */
-        useFauxPms |= (realPms == NULL);
-
-        /* Attempt to derive the MS from the PMS. This is the only way to
-         * check the version field in the RSA PMS. If this fails, we
-         * then use the faux PMS in place of the PMS. Note that this
-         * operation should never fail if we are using the faux PMS
-         * since it is correctly formatted. */
-        rv = ssl3_ComputeMasterSecret(ss, currentPms, NULL);
-
-        /* If we succeeded, then select the true PMS and discard the
-         * FPMS. Else, select the FPMS and select the true PMS */
-        useFauxPms |= (rv != SECSuccess);
-
-        if (unusedPms) {
-            PK11_FreeSymKey(unusedPms);
-        }
-
-        /* This step will derive the MS from the PMS, among other things. */
-        rv = ssl3_InitPendingCipherSpec(ss, currentPms);
-        PK11_FreeSymKey(currentPms);
-    }
-
-    if (rv != SECSuccess) {
-        SEND_ALERT
-        return SECFailure; /* error code set by ssl3_InitPendingCipherSpec */
-    }
-
-#undef currentPms
-#undef unusedPms
-#undef realPms
-#undef fauxPms
-
-    return SECSuccess;
-}
-
-static SECStatus
-ssl3_HandleDHClientKeyExchange(sslSocket *ss,
-                               SSL3Opaque *b,
-                               PRUint32 length,
-                               SECKEYPublicKey *srvrPubKey,
-                               SECKEYPrivateKey *serverKey)
-{
-    PK11SymKey *pms;
-    SECStatus rv;
-    SECKEYPublicKey clntPubKey;
-    CK_MECHANISM_TYPE target;
-    PRBool isTLS;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-    PORT_Assert(srvrPubKey);
-
-    clntPubKey.keyType = dhKey;
-    clntPubKey.u.dh.prime.len = srvrPubKey->u.dh.prime.len;
-    clntPubKey.u.dh.prime.data = srvrPubKey->u.dh.prime.data;
-    clntPubKey.u.dh.base.len = srvrPubKey->u.dh.base.len;
-    clntPubKey.u.dh.base.data = srvrPubKey->u.dh.base.data;
-
-    rv = ssl3_ConsumeHandshakeVariable(ss, &clntPubKey.u.dh.publicValue,
-                                       2, &b, &length);
-    if (rv != SECSuccess) {
-        goto loser;
-    }
-
-    isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0);
-
-    if (isTLS)
-        target = CKM_TLS_MASTER_KEY_DERIVE_DH;
-    else
-        target = CKM_SSL3_MASTER_KEY_DERIVE_DH;
-
-    /*  Determine the PMS */
-    pms = PK11_PubDerive(serverKey, &clntPubKey, PR_FALSE, NULL, NULL,
-                         CKM_DH_PKCS_DERIVE, target, CKA_DERIVE, 0, NULL);
-    if (pms == NULL) {
-        ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
-        goto loser;
-    }
-
-    rv = ssl3_InitPendingCipherSpec(ss, pms);
-    PK11_FreeSymKey(pms);
-    pms = NULL;
-
-loser:
-    if (ss->dheKeyPair) {
-        ssl3_FreeKeyPair(ss->dheKeyPair);
-        ss->dheKeyPair = NULL;
-    }
-    return rv;
-}
-
-/* Called from ssl3_HandlePostHelloHandshakeMessage() when it has deciphered
- * a complete ssl3 ClientKeyExchange message from the remote client
- * Caller must hold Handshake and RecvBuf locks.
- */
-static SECStatus
-ssl3_HandleClientKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
-{
-    SECKEYPrivateKey *serverKey = NULL;
-    SECStatus rv;
-    const ssl3KEADef *kea_def;
-    ssl3KeyPair *serverKeyPair = NULL;
-    SECKEYPublicKey *serverPubKey = NULL;
-
-    SSL_TRC(3, ("%d: SSL3[%d]: handle client_key_exchange handshake",
-                SSL_GETPID(), ss->fd));
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    if (ss->ssl3.hs.ws != wait_client_key) {
-        SSL3_SendAlert(ss, alert_fatal, unexpected_message);
-        PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH);
-        return SECFailure;
-    }
-
-    kea_def = ss->ssl3.hs.kea_def;
-
-    if (ss->ssl3.hs.usedStepDownKey) {
-        PORT_Assert(kea_def->is_limited /* XXX OR cert is signing only */
-                    &&
-                    kea_def->exchKeyType == kt_rsa &&
-                    ss->stepDownKeyPair != NULL);
-        if (!kea_def->is_limited ||
-            kea_def->exchKeyType != kt_rsa ||
-            ss->stepDownKeyPair == NULL) {
-            /* shouldn't happen, don't use step down if it does */
-            goto skip;
-        }
-        serverKeyPair = ss->stepDownKeyPair;
-        ss->sec.keaKeyBits = EXPORT_RSA_KEY_LENGTH * BPB;
-    } else
-    skip:
-    if (kea_def->kea == kea_dhe_dss ||
-        kea_def->kea == kea_dhe_rsa) {
-        if (ss->dheKeyPair) {
-            serverKeyPair = ss->dheKeyPair;
-            if (serverKeyPair->pubKey) {
-                ss->sec.keaKeyBits =
-                    SECKEY_PublicKeyStrengthInBits(serverKeyPair->pubKey);
-            }
-        }
-    } else
-#ifndef NSS_DISABLE_ECC
-        /* XXX Using SSLKEAType to index server certifiates
-         * does not work for (EC)DHE ciphers. Until we have
-         * an indexing mechanism general enough for all key
-         * exchange algorithms, we'll need to deal with each
-         * one seprately.
-         */
-        if ((kea_def->kea == kea_ecdhe_rsa) ||
-            (kea_def->kea == kea_ecdhe_ecdsa)) {
-        if (ss->ephemeralECDHKeyPair != NULL) {
-            serverKeyPair = ss->ephemeralECDHKeyPair;
-            if (serverKeyPair->pubKey) {
-                ss->sec.keaKeyBits =
-                    SECKEY_PublicKeyStrengthInBits(serverKeyPair->pubKey);
-            }
-        }
-    } else
-#endif
-    {
-        sslServerCerts *sc = ss->serverCerts + kea_def->exchKeyType;
-        serverKeyPair = sc->serverKeyPair;
-        ss->sec.keaKeyBits = sc->serverKeyBits;
-    }
-
-    if (serverKeyPair) {
-        serverKey = serverKeyPair->privKey;
-    }
-
-    if (serverKey == NULL) {
-        SEND_ALERT
-        PORT_SetError(SSL_ERROR_NO_SERVER_KEY_FOR_ALG);
-        return SECFailure;
-    }
-
-    ss->sec.keaType = kea_def->exchKeyType;
-
-    switch (kea_def->exchKeyType) {
-        case kt_rsa:
-            rv = ssl3_HandleRSAClientKeyExchange(ss, b, length, serverKey);
-            if (rv != SECSuccess) {
-                SEND_ALERT
-                return SECFailure; /* error code set */
-            }
-            break;
-
-        case ssl_kea_dh:
-            if (ss->dheKeyPair && ss->dheKeyPair->pubKey) {
-                serverPubKey = ss->dheKeyPair->pubKey;
-            }
-            if (!serverPubKey) {
-                PORT_SetError(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE);
-                return SECFailure;
-            }
-            rv = ssl3_HandleDHClientKeyExchange(ss, b, length,
-                                                serverPubKey, serverKey);
-            if (rv != SECSuccess) {
-                SSL3_SendAlert(ss, alert_fatal, handshake_failure);
-                return SECFailure; /* error code set */
-            }
-            break;
-
-#ifndef NSS_DISABLE_ECC
-        case kt_ecdh:
-            /* XXX We really ought to be able to store multiple
-             * EC certs (a requirement if we wish to support both
-             * ECDH-RSA and ECDH-ECDSA key exchanges concurrently).
-             * When we make that change, we'll need an index other
-             * than kt_ecdh to pick the right EC certificate.
-             */
-            if (serverKeyPair) {
-                serverPubKey = serverKeyPair->pubKey;
-            }
-            if (serverPubKey == NULL) {
-                /* XXX Is this the right error code? */
-                PORT_SetError(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE);
-                return SECFailure;
-            }
-            rv = ssl3_HandleECDHClientKeyExchange(ss, b, length,
-                                                  serverPubKey, serverKey);
-            if (ss->ephemeralECDHKeyPair) {
-                ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair);
-                ss->ephemeralECDHKeyPair = NULL;
-            }
-            if (rv != SECSuccess) {
-                return SECFailure; /* error code set */
-            }
-            break;
-#endif /* NSS_DISABLE_ECC */
-
-        default:
-            (void)ssl3_HandshakeFailure(ss);
-            PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
-            return SECFailure;
-    }
-    ss->ssl3.hs.ws = ss->sec.peerCert ? wait_cert_verify : wait_change_cipher;
-    return SECSuccess;
-}
-
-/* This is TLS's equivalent of sending a no_certificate alert. */
-SECStatus
-ssl3_SendEmptyCertificate(sslSocket *ss)
-{
-    SECStatus rv;
-    unsigned int len = 0;
-    PRBool isTLS13 = PR_FALSE;
-
-    if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
-        len = ss->ssl3.hs.certReqContextLen + 1;
-        isTLS13 = PR_TRUE;
-    }
-
-    rv = ssl3_AppendHandshakeHeader(ss, certificate, len + 3);
-    if (rv != SECSuccess) {
-        return rv;
-    }
-
-    if (isTLS13) {
-        rv = ssl3_AppendHandshakeVariable(ss, ss->ssl3.hs.certReqContext,
-                                          ss->ssl3.hs.certReqContextLen, 1);
-        if (rv != SECSuccess) {
-            return rv;
-        }
-    }
-
-    return ssl3_AppendHandshakeNumber(ss, 0, 3);
-}
-
-SECStatus
-ssl3_HandleNewSessionTicket(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
-{
-    SECStatus rv;
-    SECItem ticketData;
-
-    SSL_TRC(3, ("%d: SSL3[%d]: handle session_ticket handshake",
-                SSL_GETPID(), ss->fd));
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    PORT_Assert(!ss->ssl3.hs.newSessionTicket.ticket.data);
-    PORT_Assert(!ss->ssl3.hs.receivedNewSessionTicket);
-
-    if (ss->ssl3.hs.ws != wait_new_session_ticket) {
-        SSL3_SendAlert(ss, alert_fatal, unexpected_message);
-        PORT_SetError(SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET);
-        return SECFailure;
-    }
-
-    /* RFC5077 Section 3.3: "The client MUST NOT treat the ticket as valid
-     * until it has verified the server's Finished message." See the comment in
-     * ssl3_FinishHandshake for more details.
-     */
-    ss->ssl3.hs.newSessionTicket.received_timestamp = ssl_Time();
-    if (length < 4) {
-        (void)SSL3_SendAlert(ss, alert_fatal, decode_error);
-        PORT_SetError(SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET);
-        return SECFailure;
-    }
-    ss->ssl3.hs.newSessionTicket.ticket_lifetime_hint =
-        (PRUint32)ssl3_ConsumeHandshakeNumber(ss, 4, &b, &length);
-
-    rv = ssl3_ConsumeHandshakeVariable(ss, &ticketData, 2, &b, &length);
-    if (rv != SECSuccess || length != 0) {
-        (void)SSL3_SendAlert(ss, alert_fatal, decode_error);
-        PORT_SetError(SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET);
-        return SECFailure; /* malformed */
-    }
-    /* If the server sent a zero-length ticket, ignore it and keep the
-     * existing ticket. */
-    if (ticketData.len != 0) {
-        rv = SECITEM_CopyItem(NULL, &ss->ssl3.hs.newSessionTicket.ticket,
-                              &ticketData);
-        if (rv != SECSuccess) {
-            return rv;
-        }
-        ss->ssl3.hs.receivedNewSessionTicket = PR_TRUE;
-    }
-
-    ss->ssl3.hs.ws = wait_change_cipher;
-    return SECSuccess;
-}
-
-#ifdef NISCC_TEST
-static PRInt32 connNum = 0;
-
-static SECStatus
-get_fake_cert(SECItem *pCertItem, int *pIndex)
-{
-    PRFileDesc *cf;
-    char *testdir;
-    char *startat;
-    char *stopat;
-    const char *extension;
-    int fileNum;
-    PRInt32 numBytes = 0;
-    PRStatus prStatus;
-    PRFileInfo info;
-    char cfn[100];
-
-    pCertItem->data = 0;
-    if ((testdir = PR_GetEnvSecure("NISCC_TEST")) == NULL) {
-        return SECSuccess;
-    }
-    *pIndex = (NULL != strstr(testdir, "root"));
-    extension = (strstr(testdir, "simple") ? "" : ".der");
-    fileNum = PR_ATOMIC_INCREMENT(&connNum) - 1;
-    if ((startat = PR_GetEnvSecure("START_AT")) != NULL) {
-        fileNum += atoi(startat);
-    }
-    if ((stopat = PR_GetEnvSecure("STOP_AT")) != NULL &&
-        fileNum >= atoi(stopat)) {
-        *pIndex = -1;
-        return SECSuccess;
-    }
-    sprintf(cfn, "%s/%08d%s", testdir, fileNum, extension);
-    cf = PR_Open(cfn, PR_RDONLY, 0);
-    if (!cf) {
-        goto loser;
-    }
-    prStatus = PR_GetOpenFileInfo(cf, &info);
-    if (prStatus != PR_SUCCESS) {
-        PR_Close(cf);
-        goto loser;
-    }
-    pCertItem = SECITEM_AllocItem(NULL, pCertItem, info.size);
-    if (pCertItem) {
-        numBytes = PR_Read(cf, pCertItem->data, info.size);
-    }
-    PR_Close(cf);
-    if (numBytes != info.size) {
-        SECITEM_FreeItem(pCertItem, PR_FALSE);
-        PORT_SetError(SEC_ERROR_IO);
-        goto loser;
-    }
-    fprintf(stderr, "using %s\n", cfn);
-    return SECSuccess;
-
-loser:
-    fprintf(stderr, "failed to use %s\n", cfn);
-    *pIndex = -1;
-    return SECFailure;
-}
-#endif
-
-/*
- * Used by both client and server.
- * Called from HandleServerHelloDone and from SendServerHelloSequence.
- */
-SECStatus
-ssl3_SendCertificate(sslSocket *ss)
-{
-    SECStatus rv;
-    CERTCertificateList *certChain;
-    int certChainLen = 0;
-    int i;
-    SSL3KEAType certIndex;
-#ifdef NISCC_TEST
-    SECItem fakeCert;
-    int ndex = -1;
-#endif
-    PRBool isTLS13 = ss->version >= SSL_LIBRARY_VERSION_TLS_1_3;
-    unsigned int contextLen = 0;
-
-    SSL_TRC(3, ("%d: SSL3[%d]: send certificate handshake",
-                SSL_GETPID(), ss->fd));
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    if (ss->sec.localCert)
-        CERT_DestroyCertificate(ss->sec.localCert);
-    if (ss->sec.isServer) {
-        sslServerCerts *sc = NULL;
-
-        /* XXX SSLKEAType isn't really a good choice for
-         * indexing certificates (it breaks when we deal
-         * with (EC)DHE-* cipher suites. This hack ensures
-         * the RSA cert is picked for (EC)DHE-RSA.
-         * Revisit this when we add server side support
-         * for ECDHE-ECDSA or client-side authentication
-         * using EC certificates.
-         */
-        if ((ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) ||
-            (ss->ssl3.hs.kea_def->kea == kea_dhe_rsa)) {
-            certIndex = kt_rsa;
-        } else {
-            certIndex = ss->ssl3.hs.kea_def->exchKeyType;
-        }
-        sc = ss->serverCerts + certIndex;
-        certChain = sc->serverCertChain;
-        ss->sec.authKeyBits = sc->serverKeyBits;
-        ss->sec.authAlgorithm = ss->ssl3.hs.kea_def->signKeyType;
-        ss->sec.localCert = CERT_DupCertificate(sc->serverCert);
-    } else {
-        certChain = ss->ssl3.clientCertChain;
-        ss->sec.localCert = CERT_DupCertificate(ss->ssl3.clientCertificate);
-    }
-
-#ifdef NISCC_TEST
-    rv = get_fake_cert(&fakeCert, &ndex);
-#endif
-
-    if (isTLS13) {
-        contextLen = 1; /* Length of the context */
-        if (!ss->sec.isServer) {
-            contextLen += ss->ssl3.hs.certReqContextLen;
-        }
-    }
-    if (certChain) {
-        for (i = 0; i < certChain->len; i++) {
-#ifdef NISCC_TEST
-            if (fakeCert.len > 0 && i == ndex) {
-                certChainLen += fakeCert.len + 3;
-            } else {
-                certChainLen += certChain->certs[i].len + 3;
-            }
-#else
-            certChainLen += certChain->certs[i].len + 3;
-#endif
-        }
-    }
-
-    rv = ssl3_AppendHandshakeHeader(ss, certificate,
-                                    contextLen + certChainLen + 3);
-    if (rv != SECSuccess) {
-        return rv; /* err set by AppendHandshake. */
-    }
-
-    if (isTLS13) {
-        if (ss->sec.isServer) {
-            rv = ssl3_AppendHandshakeNumber(ss, 0, 1);
-        } else {
-            rv = ssl3_AppendHandshakeVariable(ss,
-                                              ss->ssl3.hs.certReqContext,
-                                              ss->ssl3.hs.certReqContextLen, 1);
-        }
-        if (rv != SECSuccess) {
-            return rv; /* err set by AppendHandshake. */
-        }
-    }
-
-    rv = ssl3_AppendHandshakeNumber(ss, certChainLen, 3);
-    if (rv != SECSuccess) {
-        return rv; /* err set by AppendHandshake. */
-    }
-    if (certChain) {
-        for (i = 0; i < certChain->len; i++) {
-#ifdef NISCC_TEST
-            if (fakeCert.len > 0 && i == ndex) {
-                rv = ssl3_AppendHandshakeVariable(ss, fakeCert.data,
-                                                  fakeCert.len, 3);
-                SECITEM_FreeItem(&fakeCert, PR_FALSE);
-            } else {
-                rv = ssl3_AppendHandshakeVariable(ss, certChain->certs[i].data,
-                                                  certChain->certs[i].len, 3);
-            }
-#else
-            rv = ssl3_AppendHandshakeVariable(ss, certChain->certs[i].data,
-                                              certChain->certs[i].len, 3);
-#endif
-            if (rv != SECSuccess) {
-                return rv; /* err set by AppendHandshake. */
-            }
-        }
-    }
-
-    return SECSuccess;
-}
-
-/*
- * Used by server only.
- * single-stapling, send only a single cert status
- */
-SECStatus
-ssl3_SendCertificateStatus(sslSocket *ss)
-{
-    SECStatus rv;
-    int len = 0;
-    SECItemArray *statusToSend = NULL;
-    SSL3KEAType certIndex;
-
-    SSL_TRC(3, ("%d: SSL3[%d]: send certificate status handshake",
-                SSL_GETPID(), ss->fd));
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-    PORT_Assert(ss->sec.isServer);
-
-    if (!ssl3_ExtensionNegotiated(ss, ssl_cert_status_xtn))
-        return SECSuccess;
-
-    /* Use certStatus based on the cert being used. */
-    if ((ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) ||
-        (ss->ssl3.hs.kea_def->kea == kea_dhe_rsa)) {
-        certIndex = kt_rsa;
-    } else {
-        certIndex = ss->ssl3.hs.kea_def->exchKeyType;
-    }
-    if (ss->certStatusArray[certIndex] && ss->certStatusArray[certIndex]->len) {
-        statusToSend = ss->certStatusArray[certIndex];
-    }
-    if (!statusToSend)
-        return SECSuccess;
-
-    /* Use the array's first item only (single stapling) */
-    len = 1 + statusToSend->items[0].len + 3;
-
-    rv = ssl3_AppendHandshakeHeader(ss, certificate_status, len);
-    if (rv != SECSuccess) {
-        return rv; /* err set by AppendHandshake. */
-    }
-    rv = ssl3_AppendHandshakeNumber(ss, 1 /*ocsp*/, 1);
-    if (rv != SECSuccess)
-        return rv; /* err set by AppendHandshake. */
-
-    rv = ssl3_AppendHandshakeVariable(ss,
-                                      statusToSend->items[0].data,
-                                      statusToSend->items[0].len,
-                                      3);
-    if (rv != SECSuccess)
-        return rv; /* err set by AppendHandshake. */
-
-    return SECSuccess;
-}
-
-/* This is used to delete the CA certificates in the peer certificate chain
- * from the cert database after they've been validated.
- */
-static void
-ssl3_CleanupPeerCerts(sslSocket *ss)
-{
-    PLArenaPool *arena = ss->ssl3.peerCertArena;
-    ssl3CertNode *certs = (ssl3CertNode *)ss->ssl3.peerCertChain;
-
-    for (; certs; certs = certs->next) {
-        CERT_DestroyCertificate(certs->cert);
-    }
-    if (arena)
-        PORT_FreeArena(arena, PR_FALSE);
-    ss->ssl3.peerCertArena = NULL;
-    ss->ssl3.peerCertChain = NULL;
-}
-
-/* Called from ssl3_HandlePostHelloHandshakeMessage() when it has deciphered
- * a complete ssl3 CertificateStatus message.
- * Caller must hold Handshake and RecvBuf locks.
- */
-static SECStatus
-ssl3_HandleCertificateStatus(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
-{
-    if (ss->ssl3.hs.ws != wait_certificate_status) {
-        (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
-        PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CERT_STATUS);
-        return SECFailure;
-    }
-
-    return ssl3_CompleteHandleCertificateStatus(ss, b, length);
-}
-
-/* Called from:
- *      ssl3_HandleCertificateStatus
- *      tls13_HandleCertificateStatus
- */
-SECStatus
-ssl3_CompleteHandleCertificateStatus(sslSocket *ss, SSL3Opaque *b,
-                                     PRUint32 length)
-{
-    PRInt32 status, len;
-
-    PORT_Assert(!ss->sec.isServer);
-
-    /* Consume the CertificateStatusType enum */
-    status = ssl3_ConsumeHandshakeNumber(ss, 1, &b, &length);
-    if (status != 1 /* ocsp */) {
-        goto format_loser;
-    }
-
-    len = ssl3_ConsumeHandshakeNumber(ss, 3, &b, &length);
-    if (len != length) {
-        goto format_loser;
-    }
-
-#define MAX_CERTSTATUS_LEN 0x1ffff /* 128k - 1 */
-    if (length > MAX_CERTSTATUS_LEN)
-        goto format_loser;
-#undef MAX_CERTSTATUS_LEN
-
-    /* Array size 1, because we currently implement single-stapling only */
-    SECITEM_AllocArray(NULL, &ss->sec.ci.sid->peerCertStatus, 1);
-    if (!ss->sec.ci.sid->peerCertStatus.items)
-        return SECFailure;
-
-    ss->sec.ci.sid->peerCertStatus.items[0].data = PORT_Alloc(length);
-
-    if (!ss->sec.ci.sid->peerCertStatus.items[0].data) {
-        SECITEM_FreeArray(&ss->sec.ci.sid->peerCertStatus, PR_FALSE);
-        return SECFailure;
-    }
-
-    PORT_Memcpy(ss->sec.ci.sid->peerCertStatus.items[0].data, b, length);
-    ss->sec.ci.sid->peerCertStatus.items[0].len = length;
-    ss->sec.ci.sid->peerCertStatus.items[0].type = siBuffer;
-
-    return ssl3_AuthCertificate(ss);
-
-format_loser:
-    return ssl3_DecodeError(ss);
-}
-
-/* Called from ssl3_HandlePostHelloHandshakeMessage() when it has deciphered
- * a complete ssl3 Certificate message.
- * Caller must hold Handshake and RecvBuf locks.
- */
-static SECStatus
-ssl3_HandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
-{
-    SSL_TRC(3, ("%d: SSL3[%d]: handle certificate handshake",
-                SSL_GETPID(), ss->fd));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    if ((ss->sec.isServer && ss->ssl3.hs.ws != wait_client_cert) ||
-        (!ss->sec.isServer && ss->ssl3.hs.ws != wait_server_cert)) {
-        (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
-        PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CERTIFICATE);
-        return SECFailure;
-    }
-
-    return ssl3_CompleteHandleCertificate(ss, b, length);
-}
-
-/* Called from ssl3_HandleCertificate
- */
-SECStatus
-ssl3_CompleteHandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
-{
-    ssl3CertNode *c;
-    ssl3CertNode *lastCert = NULL;
-    PRInt32 remaining = 0;
-    PRInt32 size;
-    SECStatus rv;
-    PRBool isServer = (PRBool)(!!ss->sec.isServer);
-    PRBool isTLS;
-    SSL3AlertDescription desc;
-    int errCode = SSL_ERROR_RX_MALFORMED_CERTIFICATE;
-    SECItem certItem;
-
-    if (ss->sec.peerCert != NULL) {
-        if (ss->sec.peerKey) {
-            SECKEY_DestroyPublicKey(ss->sec.peerKey);
-            ss->sec.peerKey = NULL;
-        }
-        CERT_DestroyCertificate(ss->sec.peerCert);
-        ss->sec.peerCert = NULL;
-    }
-
-    ssl3_CleanupPeerCerts(ss);
-    isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0);
-
-    /* It is reported that some TLS client sends a Certificate message
-    ** with a zero-length message body.  We'll treat that case like a
-    ** normal no_certificates message to maximize interoperability.
-    */
-    if (length) {
-        remaining = ssl3_ConsumeHandshakeNumber(ss, 3, &b, &length);
-        if (remaining < 0)
-            goto loser; /* fatal alert already sent by ConsumeHandshake. */
-        if ((PRUint32)remaining > length)
-            goto decode_loser;
-    }
-
-    if (!remaining) {
-        if (!(isTLS && isServer)) {
-            desc = bad_certificate;
-            goto alert_loser;
-        }
-        /* This is TLS's version of a no_certificate alert. */
-        /* I'm a server. I've requested a client cert. He hasn't got one. */
-        rv = ssl3_HandleNoCertificate(ss);
-        if (rv != SECSuccess) {
-            errCode = PORT_GetError();
-            goto loser;
-        }
-
-        if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
-            ss->ssl3.hs.ws = wait_client_key;
-        } else {
-            TLS13_SET_HS_STATE(ss, wait_finished);
-        }
-        return SECSuccess;
-    }
-
-    ss->ssl3.peerCertArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-    if (ss->ssl3.peerCertArena == NULL) {
-        goto loser; /* don't send alerts on memory errors */
-    }
-
-    /* First get the peer cert. */
-    remaining -= 3;
-    if (remaining < 0)
-        goto decode_loser;
-
-    size = ssl3_ConsumeHandshakeNumber(ss, 3, &b, &length);
-    if (size <= 0)
-        goto loser; /* fatal alert already sent by ConsumeHandshake. */
-
-    if (remaining < size)
-        goto decode_loser;
-
-    certItem.data = b;
-    certItem.len = size;
-    b += size;
-    length -= size;
-    remaining -= size;
-
-    ss->sec.peerCert = CERT_NewTempCertificate(ss->dbHandle, &certItem, NULL,
-                                               PR_FALSE, PR_TRUE);
-    if (ss->sec.peerCert == NULL) {
-        /* We should report an alert if the cert was bad, but not if the
-         * problem was just some local problem, like memory error.
-         */
-        goto ambiguous_err;
-    }
-
-    /* Now get all of the CA certs. */
-    while (remaining > 0) {
-        remaining -= 3;
-        if (remaining < 0)
-            goto decode_loser;
-
-        size = ssl3_ConsumeHandshakeNumber(ss, 3, &b, &length);
-        if (size <= 0)
-            goto loser; /* fatal alert already sent by ConsumeHandshake. */
-
-        if (remaining < size)
-            goto decode_loser;
-
-        certItem.data = b;
-        certItem.len = size;
-        b += size;
-        length -= size;
-        remaining -= size;
-
-        c = PORT_ArenaNew(ss->ssl3.peerCertArena, ssl3CertNode);
-        if (c == NULL) {
-            goto loser; /* don't send alerts on memory errors */
-        }
-
-        c->cert = CERT_NewTempCertificate(ss->dbHandle, &certItem, NULL,
-                                          PR_FALSE, PR_TRUE);
-        if (c->cert == NULL) {
-            goto ambiguous_err;
-        }
-
-        c->next = NULL;
-        if (lastCert) {
-            lastCert->next = c;
-        } else {
-            ss->ssl3.peerCertChain = c;
-        }
-        lastCert = c;
-    }
-
-    if (remaining != 0)
-        goto decode_loser;
-
-    SECKEY_UpdateCertPQG(ss->sec.peerCert);
-
-    if (!isServer && ssl3_ExtensionNegotiated(ss, ssl_cert_status_xtn)) {
-        ss->ssl3.hs.ws = wait_certificate_status;
-        rv = SECSuccess;
-    } else {
-        rv = ssl3_AuthCertificate(ss); /* sets ss->ssl3.hs.ws */
-    }
-
-    return rv;
-
-ambiguous_err:
-    errCode = PORT_GetError();
-    switch (errCode) {
-        case PR_OUT_OF_MEMORY_ERROR:
-        case SEC_ERROR_BAD_DATABASE:
-        case SEC_ERROR_NO_MEMORY:
-            if (isTLS) {
-                desc = internal_error;
-                goto alert_loser;
-            }
-            goto loser;
-    }
-    ssl3_SendAlertForCertError(ss, errCode);
-    goto loser;
-
-decode_loser:
-    desc = isTLS ? decode_error : bad_certificate;
-
-alert_loser:
-    (void)SSL3_SendAlert(ss, alert_fatal, desc);
-
-loser:
-    (void)ssl_MapLowLevelError(errCode);
-    return SECFailure;
-}
-
-static SECStatus
-ssl3_AuthCertificate(sslSocket *ss)
-{
-    SECStatus rv;
-    PRBool isServer = (PRBool)(!!ss->sec.isServer);
-    int errCode;
-
-    ss->ssl3.hs.authCertificatePending = PR_FALSE;
-
-    PORT_Assert((ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) ==
-                ssl_preinfo_all);
-    /*
-     * Ask caller-supplied callback function to validate cert chain.
-     */
-    rv = (SECStatus)(*ss->authCertificate)(ss->authCertificateArg, ss->fd,
-                                           PR_TRUE, isServer);
-    if (rv != SECSuccess) {
-        errCode = PORT_GetError();
-        if (rv != SECWouldBlock) {
-            if (ss->handleBadCert) {
-                rv = (*ss->handleBadCert)(ss->badCertArg, ss->fd);
-            }
-        }
-
-        if (rv == SECWouldBlock) {
-            if (ss->sec.isServer) {
-                errCode = SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SERVERS;
-                rv = SECFailure;
-                goto loser;
-            }
-            /* TODO(ekr@rtfm.com): Reenable for TLS 1.3 */
-            if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
-                errCode = SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION;
-                rv = SECFailure;
-                goto loser;
-            }
-
-            ss->ssl3.hs.authCertificatePending = PR_TRUE;
-            rv = SECSuccess;
-        }
-
-        if (rv != SECSuccess) {
-            ssl3_SendAlertForCertError(ss, errCode);
-            goto loser;
-        }
-    }
-
-    ss->sec.ci.sid->peerCert = CERT_DupCertificate(ss->sec.peerCert);
-    ssl3_CopyPeerCertsToSID(ss->ssl3.peerCertChain, ss->sec.ci.sid);
-
-    if (!ss->sec.isServer) {
-        CERTCertificate *cert = ss->sec.peerCert;
-
-        /* set the server authentication type and size from the value
-        ** in the cert. */
-        SECKEYPublicKey *pubKey = CERT_ExtractPublicKey(cert);
-        ss->sec.authAlgorithm = ss->ssl3.hs.kea_def->signKeyType;
-        ss->sec.keaType = ss->ssl3.hs.kea_def->exchKeyType;
-        if (pubKey) {
-            KeyType pubKeyType;
-            PRInt32 minKey;
-            /* This partly fixes Bug 124230 and may cause problems for
-             * callers which depend on the old (wrong) behavior. */
-            ss->sec.authKeyBits = SECKEY_PublicKeyStrengthInBits(pubKey);
-            pubKeyType = SECKEY_GetPublicKeyType(pubKey);
-            minKey = ss->sec.authKeyBits;
-            switch (pubKeyType) {
-                case rsaKey:
-                case rsaPssKey:
-                case rsaOaepKey:
-                    rv =
-                        NSS_OptionGet(NSS_RSA_MIN_KEY_SIZE, &minKey);
-                    if (rv !=
-                        SECSuccess) {
-                        minKey =
-                            SSL_RSA_MIN_MODULUS_BITS;
-                    }
-                    break;
-                case dsaKey:
-                    rv =
-                        NSS_OptionGet(NSS_DSA_MIN_KEY_SIZE, &minKey);
-                    if (rv !=
-                        SECSuccess) {
-                        minKey =
-                            SSL_DSA_MIN_P_BITS;
-                    }
-                    break;
-                case dhKey:
-                    rv =
-                        NSS_OptionGet(NSS_DH_MIN_KEY_SIZE, &minKey);
-                    if (rv !=
-                        SECSuccess) {
-                        minKey =
-                            SSL_DH_MIN_P_BITS;
-                    }
-                    break;
-                default:
-                    break;
-            }
-
-            /* Too small: not good enough. Send a fatal alert. */
-            /* We aren't checking EC here on the understanding that we only
-             * support curves we like, a decision that might need revisiting. */
-            if (ss->sec.authKeyBits < minKey) {
-                PORT_SetError(SSL_ERROR_WEAK_SERVER_CERT_KEY);
-                (void)SSL3_SendAlert(ss, alert_fatal,
-                                     ss->version >= SSL_LIBRARY_VERSION_TLS_1_0
-                                         ? insufficient_security
-                                         : illegal_parameter);
-                SECKEY_DestroyPublicKey(pubKey);
-                return SECFailure;
-            }
-            SECKEY_DestroyPublicKey(pubKey);
-            pubKey = NULL;
-        }
-
-        if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
-            TLS13_SET_HS_STATE(ss, wait_cert_verify);
-        } else {
-            /* Ephemeral suites require ServerKeyExchange. Export cipher suites
-             * with RSA key exchange also require ServerKeyExchange if the
-             * authentication key exceeds the key size limit. */
-            if (ss->ssl3.hs.kea_def->ephemeral ||
-                (ss->ssl3.hs.kea_def->is_limited &&
-                 ss->ssl3.hs.kea_def->exchKeyType == ssl_kea_rsa &&
-                 ss->sec.authKeyBits > ss->ssl3.hs.kea_def->key_size_limit)) {
-                /* require server_key_exchange */
-                ss->ssl3.hs.ws = wait_server_key;
-            } else {
-                /* disallow server_key_exchange */
-                ss->ssl3.hs.ws = wait_cert_request;
-                /* This is static RSA key exchange so set the key bits to
-                 * auth bits. */
-                ss->sec.keaKeyBits = ss->sec.authKeyBits;
-            }
-        }
-    } else {
-        /* Server */
-        if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
-            ss->ssl3.hs.ws = wait_client_key;
-        } else {
-            TLS13_SET_HS_STATE(ss, wait_cert_verify);
-        }
-    }
-
-    PORT_Assert(rv == SECSuccess);
-    if (rv != SECSuccess) {
-        errCode = SEC_ERROR_LIBRARY_FAILURE;
-        rv = SECFailure;
-        goto loser;
-    }
-
-    return rv;
-
-loser:
-    (void)ssl_MapLowLevelError(errCode);
-    return SECFailure;
-}
-
-static SECStatus ssl3_FinishHandshake(sslSocket *ss);
-
-static SECStatus
-ssl3_AlwaysFail(sslSocket *ss)
-{
-    PORT_SetError(PR_INVALID_STATE_ERROR);
-    return SECFailure;
-}
-
-/* Caller must hold 1stHandshakeLock.
-*/
-SECStatus
-ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode error)
-{
-    SECStatus rv;
-
-    PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss));
-
-    if (ss->sec.isServer) {
-        PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SERVERS);
-        return SECFailure;
-    }
-
-    ssl_GetRecvBufLock(ss);
-    ssl_GetSSL3HandshakeLock(ss);
-
-    if (!ss->ssl3.hs.authCertificatePending) {
-        PORT_SetError(PR_INVALID_STATE_ERROR);
-        rv = SECFailure;
-        goto done;
-    }
-
-    ss->ssl3.hs.authCertificatePending = PR_FALSE;
-
-    if (error != 0) {
-        ss->ssl3.hs.restartTarget = ssl3_AlwaysFail;
-        ssl3_SendAlertForCertError(ss, error);
-        rv = SECSuccess;
-    } else if (ss->ssl3.hs.restartTarget != NULL) {
-        sslRestartTarget target = ss->ssl3.hs.restartTarget;
-        ss->ssl3.hs.restartTarget = NULL;
-
-        if (target == ssl3_FinishHandshake) {
-            SSL_TRC(3, ("%d: SSL3[%p]: certificate authentication lost the race"
-                        " with peer's finished message",
-                        SSL_GETPID(), ss->fd));
-        }
-
-        rv = target(ss);
-        /* Even if we blocked here, we have accomplished enough to claim
-         * success. Any remaining work will be taken care of by subsequent
-         * calls to SSL_ForceHandshake/PR_Send/PR_Read/etc.
-         */
-        if (rv == SECWouldBlock) {
-            rv = SECSuccess;
-        }
-    } else {
-        SSL_TRC(3, ("%d: SSL3[%p]: certificate authentication won the race with"
-                    " peer's finished message",
-                    SSL_GETPID(), ss->fd));
-
-        PORT_Assert(!ss->ssl3.hs.isResuming);
-        PORT_Assert(ss->ssl3.hs.ws != idle_handshake);
-
-        if (ss->opt.enableFalseStart &&
-            !ss->firstHsDone &&
-            !ss->ssl3.hs.isResuming &&
-            ssl3_WaitingForServerSecondRound(ss)) {
-            /* ssl3_SendClientSecondRound deferred the false start check because
-             * certificate authentication was pending, so we do it now if we still
-             * haven't received all of the server's second round yet.
-             */
-            rv = ssl3_CheckFalseStart(ss);
-        } else {
-            rv = SECSuccess;
-        }
-    }
-
-done:
-    ssl_ReleaseSSL3HandshakeLock(ss);
-    ssl_ReleaseRecvBufLock(ss);
-
-    return rv;
-}
-
-static SECStatus
-ssl3_ComputeTLSFinished(ssl3CipherSpec *spec,
-                        PRBool isServer,
-                        const SSL3Hashes *hashes,
-                        TLSFinished *tlsFinished)
-{
-    SECStatus rv;
-    CK_TLS_MAC_PARAMS tls_mac_params;
-    SECItem param = { siBuffer, NULL, 0 };
-    PK11Context *prf_context;
-    unsigned int retLen;
-
-    if (!spec->master_secret || spec->bypassCiphers) {
-        const char *label = isServer ? "server finished" : "client finished";
-        unsigned int len = 15;
-
-        return ssl3_TLSPRFWithMasterSecret(spec, label, len, hashes->u.raw,
-                                           hashes->len, tlsFinished->verify_data,
-                                           sizeof tlsFinished->verify_data);
-    }
-
-    if (spec->version < SSL_LIBRARY_VERSION_TLS_1_2) {
-        tls_mac_params.prfMechanism = CKM_TLS_PRF;
-    } else {
-        tls_mac_params.prfMechanism = CKM_SHA256;
-    }
-    tls_mac_params.ulMacLength = 12;
-    tls_mac_params.ulServerOrClient = isServer ? 1 : 2;
-    param.data = (unsigned char *)&tls_mac_params;
-    param.len = sizeof(tls_mac_params);
-    prf_context = PK11_CreateContextBySymKey(CKM_TLS_MAC, CKA_SIGN,
-                                             spec->master_secret, &param);
-    if (!prf_context)
-        return SECFailure;
-
-    rv = PK11_DigestBegin(prf_context);
-    rv |= PK11_DigestOp(prf_context, hashes->u.raw, hashes->len);
-    rv |= PK11_DigestFinal(prf_context, tlsFinished->verify_data, &retLen,
-                           sizeof tlsFinished->verify_data);
-    PORT_Assert(rv != SECSuccess || retLen == sizeof tlsFinished->verify_data);
-
-    PK11_DestroyContext(prf_context, PR_TRUE);
-
-    return rv;
-}
-
-/* The calling function must acquire and release the appropriate
- * lock (e.g., ssl_GetSpecReadLock / ssl_ReleaseSpecReadLock for
- * ss->ssl3.crSpec).
- */
-SECStatus
-ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec, const char *label,
-                            unsigned int labelLen, const unsigned char *val, unsigned int valLen,
-                            unsigned char *out, unsigned int outLen)
-{
-    SECStatus rv = SECSuccess;
-
-    if (spec->master_secret && !spec->bypassCiphers) {
-        SECItem param = { siBuffer, NULL, 0 };
-        CK_MECHANISM_TYPE mech = CKM_TLS_PRF_GENERAL;
-        PK11Context *prf_context;
-        unsigned int retLen;
-
-        if (spec->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
-            mech = CKM_NSS_TLS_PRF_GENERAL_SHA256;
-        }
-        prf_context = PK11_CreateContextBySymKey(mech, CKA_SIGN,
-                                                 spec->master_secret, &param);
-        if (!prf_context)
-            return SECFailure;
-
-        rv = PK11_DigestBegin(prf_context);
-        rv |= PK11_DigestOp(prf_context, (unsigned char *)label, labelLen);
-        rv |= PK11_DigestOp(prf_context, val, valLen);
-        rv |= PK11_DigestFinal(prf_context, out, &retLen, outLen);
-        PORT_Assert(rv != SECSuccess || retLen == outLen);
-
-        PK11_DestroyContext(prf_context, PR_TRUE);
-    } else {
-/* bypass PKCS11 */
-#ifdef NO_PKCS11_BYPASS
-        PORT_Assert(spec->master_secret);
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        rv = SECFailure;
-#else
-        SECItem inData = { siBuffer };
-        SECItem outData = { siBuffer };
-        PRBool isFIPS = PR_FALSE;
-
-        inData.data = (unsigned char *)val;
-        inData.len = valLen;
-        outData.data = out;
-        outData.len = outLen;
-        if (spec->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
-            rv = TLS_P_hash(HASH_AlgSHA256, &spec->msItem, label, &inData,
-                            &outData, isFIPS);
-        } else {
-            rv = TLS_PRF(&spec->msItem, label, &inData, &outData, isFIPS);
-        }
-        PORT_Assert(rv != SECSuccess || outData.len == outLen);
-#endif
-    }
-    return rv;
-}
-
-/* called from ssl3_SendClientSecondRound
- *             ssl3_HandleFinished
- */
-static SECStatus
-ssl3_SendNextProto(sslSocket *ss)
-{
-    SECStatus rv;
-    int padding_len;
-    static const unsigned char padding[32] = { 0 };
-
-    if (ss->ssl3.nextProto.len == 0 ||
-        ss->ssl3.nextProtoState == SSL_NEXT_PROTO_SELECTED) {
-        return SECSuccess;
-    }
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    padding_len = 32 - ((ss->ssl3.nextProto.len + 2) % 32);
-
-    rv = ssl3_AppendHandshakeHeader(ss, next_proto, ss->ssl3.nextProto.len +
-                                                        2 +
-                                                        padding_len);
-    if (rv != SECSuccess) {
-        return rv; /* error code set by AppendHandshakeHeader */
-    }
-    rv = ssl3_AppendHandshakeVariable(ss, ss->ssl3.nextProto.data,
-                                      ss->ssl3.nextProto.len, 1);
-    if (rv != SECSuccess) {
-        return rv; /* error code set by AppendHandshake */
-    }
-    rv = ssl3_AppendHandshakeVariable(ss, padding, padding_len, 1);
-    if (rv != SECSuccess) {
-        return rv; /* error code set by AppendHandshake */
-    }
-    return rv;
-}
-
-/* called from ssl3_SendFinished
- *
- * This function is simply a debugging aid and therefore does not return a
- * SECStatus. */
-static void
-ssl3_RecordKeyLog(sslSocket *ss)
-{
-    SECStatus rv;
-    SECItem *keyData;
-    char buf[14 /* "CLIENT_RANDOM " */ +
-             SSL3_RANDOM_LENGTH * 2 /* client_random */ +
-             1 /* " " */ +
-             48 * 2 /* master secret */ +
-             1 /* new line */];
-    unsigned int j;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    if (!ssl_keylog_iob)
-        return;
-
-    rv = PK11_ExtractKeyValue(ss->ssl3.cwSpec->master_secret);
-    if (rv != SECSuccess)
-        return;
-
-    ssl_GetSpecReadLock(ss);
-
-    /* keyData does not need to be freed. */
-    keyData = PK11_GetKeyData(ss->ssl3.cwSpec->master_secret);
-    if (!keyData || !keyData->data || keyData->len != 48) {
-        ssl_ReleaseSpecReadLock(ss);
-        return;
-    }
-
-    /* https://developer.mozilla.org/en/NSS_Key_Log_Format */
-
-    /* There could be multiple, concurrent writers to the
-     * keylog, so we have to do everything in a single call to
-     * fwrite. */
-
-    memcpy(buf, "CLIENT_RANDOM ", 14);
-    j = 14;
-    hexEncode(buf + j, ss->ssl3.hs.client_random.rand, SSL3_RANDOM_LENGTH);
-    j += SSL3_RANDOM_LENGTH * 2;
-    buf[j++] = ' ';
-    hexEncode(buf + j, keyData->data, 48);
-    j += 48 * 2;
-    buf[j++] = '\n';
-
-    PORT_Assert(j == sizeof(buf));
-
-    ssl_ReleaseSpecReadLock(ss);
-
-    if (fwrite(buf, sizeof(buf), 1, ssl_keylog_iob) != 1)
-        return;
-    fflush(ssl_keylog_iob);
-    return;
-}
-
-/* called from ssl3_SendClientSecondRound
- *	     ssl3_HandleFinished
- */
-static SECStatus
-ssl3_SendChannelIDEncryptedExtensions(sslSocket *ss)
-{
-    static const char CHANNEL_ID_MAGIC[] = "TLS Channel ID signature";
-    static const char CHANNEL_ID_RESUMPTION_MAGIC[] = "Resumption";
-    /* This is the ASN.1 prefix for a P-256 public key. Specifically it's:
-     * SEQUENCE
-     *   SEQUENCE
-     *     OID id-ecPublicKey
-     *     OID prime256v1
-     *   BIT STRING, length 66, 0 trailing bits: 0x04
-     *
-     * The 0x04 in the BIT STRING is the prefix for an uncompressed, X9.62
-     * public key. Following that are the two field elements as 32-byte,
-     * big-endian numbers, as required by the Channel ID. */
-    static const unsigned char P256_SPKI_PREFIX[] = {
-        0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86,
-        0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a,
-        0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
-        0x42, 0x00, 0x04
-    };
-    /* ChannelIDs are always 128 bytes long: 64 bytes of P-256 public key and 64
-     * bytes of ECDSA signature. */
-    static const int CHANNEL_ID_PUBLIC_KEY_LENGTH = 64;
-    static const int CHANNEL_ID_LENGTH = 128;
-
-    SECStatus rv = SECFailure;
-    SECItem *spki = NULL;
-    SSL3Hashes hashes;
-    const unsigned char *pub_bytes;
-    unsigned char signed_data[sizeof(CHANNEL_ID_MAGIC) +
-                              sizeof(CHANNEL_ID_RESUMPTION_MAGIC) +
-                              sizeof(SSL3Hashes) * 2];
-    size_t signed_data_len;
-    unsigned char digest[SHA256_LENGTH];
-    SECItem digest_item;
-    unsigned char signature[64];
-    SECItem signature_item;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    if (ss->ssl3.channelID == NULL)
-        return SECSuccess;
-
-    PORT_Assert(ssl3_ExtensionNegotiated(ss, ssl_channel_id_xtn));
-
-    if (SECKEY_GetPrivateKeyType(ss->ssl3.channelID) != ecKey ||
-        PK11_SignatureLen(ss->ssl3.channelID) != sizeof(signature)) {
-        PORT_SetError(SSL_ERROR_INVALID_CHANNEL_ID_KEY);
-        rv = SECFailure;
-        goto loser;
-    }
-
-    ssl_GetSpecReadLock(ss);
-    rv = ssl3_ComputeHandshakeHashes(ss, ss->ssl3.cwSpec, &hashes, 0);
-    ssl_ReleaseSpecReadLock(ss);
-
-    if (rv != SECSuccess)
-        goto loser;
-
-    rv = ssl3_AppendHandshakeHeader(ss, channelid_encrypted_extensions,
-                                    2 + 2 + CHANNEL_ID_LENGTH);
-    if (rv != SECSuccess)
-        goto loser; /* error code set by AppendHandshakeHeader */
-    rv = ssl3_AppendHandshakeNumber(ss, ssl_channel_id_xtn, 2);
-    if (rv != SECSuccess)
-        goto loser; /* error code set by AppendHandshake */
-    rv = ssl3_AppendHandshakeNumber(ss, CHANNEL_ID_LENGTH, 2);
-    if (rv != SECSuccess)
-        goto loser; /* error code set by AppendHandshake */
-
-    spki = SECKEY_EncodeDERSubjectPublicKeyInfo(ss->ssl3.channelIDPub);
-
-    if (spki->len != sizeof(P256_SPKI_PREFIX) + CHANNEL_ID_PUBLIC_KEY_LENGTH ||
-        memcmp(spki->data, P256_SPKI_PREFIX, sizeof(P256_SPKI_PREFIX)) != 0) {
-        PORT_SetError(SSL_ERROR_INVALID_CHANNEL_ID_KEY);
-        rv = SECFailure;
-        goto loser;
-    }
-
-    pub_bytes = spki->data + sizeof(P256_SPKI_PREFIX);
-
-    signed_data_len = 0;
-    memcpy(signed_data + signed_data_len, CHANNEL_ID_MAGIC,
-           sizeof(CHANNEL_ID_MAGIC));
-    signed_data_len += sizeof(CHANNEL_ID_MAGIC);
-    if (ss->ssl3.hs.isResuming) {
-        SECItem *originalHandshakeHash =
-            &ss->sec.ci.sid->u.ssl3.originalHandshakeHash;
-        PORT_Assert(originalHandshakeHash->len > 0);
-
-        memcpy(signed_data + signed_data_len, CHANNEL_ID_RESUMPTION_MAGIC,
-               sizeof(CHANNEL_ID_RESUMPTION_MAGIC));
-        signed_data_len += sizeof(CHANNEL_ID_RESUMPTION_MAGIC);
-        memcpy(signed_data + signed_data_len, originalHandshakeHash->data,
-               originalHandshakeHash->len);
-        signed_data_len += originalHandshakeHash->len;
-    }
-    memcpy(signed_data + signed_data_len, hashes.u.raw, hashes.len);
-    signed_data_len += hashes.len;
-
-    rv = PK11_HashBuf(SEC_OID_SHA256, digest, signed_data, signed_data_len);
-    if (rv != SECSuccess)
-        goto loser;
-
-    digest_item.data = digest;
-    digest_item.len = sizeof(digest);
-
-    signature_item.data = signature;
-    signature_item.len = sizeof(signature);
-
-    rv = PK11_Sign(ss->ssl3.channelID, &signature_item, &digest_item);
-    if (rv != SECSuccess)
-        goto loser;
-
-    rv = ssl3_AppendHandshake(ss, pub_bytes, CHANNEL_ID_PUBLIC_KEY_LENGTH);
-    if (rv != SECSuccess)
-        goto loser;
-    rv = ssl3_AppendHandshake(ss, signature, sizeof(signature));
-
-loser:
-    if (spki)
-        SECITEM_FreeItem(spki, PR_TRUE);
-    if (ss->ssl3.channelID) {
-        SECKEY_DestroyPrivateKey(ss->ssl3.channelID);
-        ss->ssl3.channelID = NULL;
-    }
-    if (ss->ssl3.channelIDPub) {
-        SECKEY_DestroyPublicKey(ss->ssl3.channelIDPub);
-        ss->ssl3.channelIDPub = NULL;
-    }
-
-    return rv;
-}
-
-/* ssl3_RestartHandshakeAfterChannelIDReq is called to restart a handshake
- * after a ChannelID callback returned SECWouldBlock. At this point we have
- * processed the server's ServerHello but not yet any further messages. We will
- * always get a message from the server after a ServerHello so either they are
- * waiting in the buffer or we'll get network I/O. */
-SECStatus
-ssl3_RestartHandshakeAfterChannelIDReq(sslSocket *ss,
-                                       SECKEYPublicKey *channelIDPub,
-                                       SECKEYPrivateKey *channelID)
-{
-    if (ss->handshake == 0) {
-        SECKEY_DestroyPublicKey(channelIDPub);
-        SECKEY_DestroyPrivateKey(channelID);
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        return SECFailure;
-    }
-
-    if (channelIDPub == NULL ||
-        channelID == NULL) {
-        if (channelIDPub)
-            SECKEY_DestroyPublicKey(channelIDPub);
-        if (channelID)
-            SECKEY_DestroyPrivateKey(channelID);
-        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
-        return SECFailure;
-    }
-
-    if (ss->ssl3.channelID)
-        SECKEY_DestroyPrivateKey(ss->ssl3.channelID);
-    if (ss->ssl3.channelIDPub)
-        SECKEY_DestroyPublicKey(ss->ssl3.channelIDPub);
-
-    ss->handshake = ssl_GatherRecord1stHandshake;
-    ss->ssl3.channelID = channelID;
-    ss->ssl3.channelIDPub = channelIDPub;
-
-    return SECSuccess;
-}
-
-/* called from ssl3_SendClientSecondRound
- *             ssl3_HandleClientHello
- *             ssl3_HandleFinished
- */
-static SECStatus
-ssl3_SendFinished(sslSocket *ss, PRInt32 flags)
-{
-    ssl3CipherSpec *cwSpec;
-    PRBool isTLS;
-    PRBool isServer = ss->sec.isServer;
-    SECStatus rv;
-    SSL3Sender sender = isServer ? sender_server : sender_client;
-    SSL3Hashes hashes;
-    TLSFinished tlsFinished;
-
-    SSL_TRC(3, ("%d: SSL3[%d]: send finished handshake", SSL_GETPID(), ss->fd));
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    ssl_GetSpecReadLock(ss);
-    cwSpec = ss->ssl3.cwSpec;
-    isTLS = (PRBool)(cwSpec->version > SSL_LIBRARY_VERSION_3_0);
-    rv = ssl3_ComputeHandshakeHashes(ss, cwSpec, &hashes, sender);
-    if (isTLS && rv == SECSuccess) {
-        rv = ssl3_ComputeTLSFinished(cwSpec, isServer, &hashes, &tlsFinished);
-    }
-    ssl_ReleaseSpecReadLock(ss);
-    if (rv != SECSuccess) {
-        goto fail; /* err code was set by ssl3_ComputeHandshakeHashes */
-    }
-
-    if (isTLS) {
-        if (isServer)
-            ss->ssl3.hs.finishedMsgs.tFinished[1] = tlsFinished;
-        else
-            ss->ssl3.hs.finishedMsgs.tFinished[0] = tlsFinished;
-        ss->ssl3.hs.finishedBytes = sizeof tlsFinished;
-        rv = ssl3_AppendHandshakeHeader(ss, finished, sizeof tlsFinished);
-        if (rv != SECSuccess)
-            goto fail; /* err set by AppendHandshake. */
-        rv = ssl3_AppendHandshake(ss, &tlsFinished, sizeof tlsFinished);
-        if (rv != SECSuccess)
-            goto fail; /* err set by AppendHandshake. */
-    } else {
-        if (isServer)
-            ss->ssl3.hs.finishedMsgs.sFinished[1] = hashes.u.s;
-        else
-            ss->ssl3.hs.finishedMsgs.sFinished[0] = hashes.u.s;
-        PORT_Assert(hashes.len == sizeof hashes.u.s);
-        ss->ssl3.hs.finishedBytes = sizeof hashes.u.s;
-        rv = ssl3_AppendHandshakeHeader(ss, finished, sizeof hashes.u.s);
-        if (rv != SECSuccess)
-            goto fail; /* err set by AppendHandshake. */
-        rv = ssl3_AppendHandshake(ss, &hashes.u.s, sizeof hashes.u.s);
-        if (rv != SECSuccess)
-            goto fail; /* err set by AppendHandshake. */
-    }
-    rv = ssl3_FlushHandshake(ss, flags);
-    if (rv != SECSuccess) {
-        goto fail; /* error code set by ssl3_FlushHandshake */
-    }
-
-    ssl3_RecordKeyLog(ss);
-
-    return SECSuccess;
-
-fail:
-    return rv;
-}
-
-/* wrap the master secret, and put it into the SID.
- * Caller holds the Spec read lock.
- */
-SECStatus
-ssl3_CacheWrappedMasterSecret(sslSocket *ss, sslSessionID *sid,
-                              ssl3CipherSpec *spec, SSL3KEAType effectiveExchKeyType)
-{
-    PK11SymKey *wrappingKey = NULL;
-    PK11SlotInfo *symKeySlot;
-    void *pwArg = ss->pkcs11PinArg;
-    SECStatus rv = SECFailure;
-    PRBool isServer = ss->sec.isServer;
-    CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM;
-    symKeySlot = PK11_GetSlotFromKey(spec->master_secret);
-    if (!isServer) {
-        int wrapKeyIndex;
-        int incarnation;
-
-        /* these next few functions are mere accessors and don't fail. */
-        sid->u.ssl3.masterWrapIndex = wrapKeyIndex =
-            PK11_GetCurrentWrapIndex(symKeySlot);
-        PORT_Assert(wrapKeyIndex == 0); /* array has only one entry! */
-
-        sid->u.ssl3.masterWrapSeries = incarnation =
-            PK11_GetSlotSeries(symKeySlot);
-        sid->u.ssl3.masterSlotID = PK11_GetSlotID(symKeySlot);
-        sid->u.ssl3.masterModuleID = PK11_GetModuleID(symKeySlot);
-        sid->u.ssl3.masterValid = PR_TRUE;
-        /* Get the default wrapping key, for wrapping the master secret before
-         * placing it in the SID cache entry. */
-        wrappingKey = PK11_GetWrapKey(symKeySlot, wrapKeyIndex,
-                                      CKM_INVALID_MECHANISM, incarnation,
-                                      pwArg);
-        if (wrappingKey) {
-            mechanism = PK11_GetMechanism(wrappingKey); /* can't fail. */
-        } else {
-            int keyLength;
-            /* if the wrappingKey doesn't exist, attempt to create it.
-             * Note: we intentionally ignore errors here.  If we cannot
-             * generate a wrapping key, it is not fatal to this SSL connection,
-             * but we will not be able to restart this session.
-             */
-            mechanism = PK11_GetBestWrapMechanism(symKeySlot);
-            keyLength = PK11_GetBestKeyLength(symKeySlot, mechanism);
-            /* Zero length means fixed key length algorithm, or error.
-             * It's ambiguous.
-             */
-            wrappingKey = PK11_KeyGen(symKeySlot, mechanism, NULL,
-                                      keyLength, pwArg);
-            if (wrappingKey) {
-                PK11_SetWrapKey(symKeySlot, wrapKeyIndex, wrappingKey);
-            }
-        }
-    } else {
-        /* server socket using session cache. */
-        mechanism = PK11_GetBestWrapMechanism(symKeySlot);
-        if (mechanism != CKM_INVALID_MECHANISM) {
-            wrappingKey =
-                getWrappingKey(ss, symKeySlot, effectiveExchKeyType,
-                               mechanism, pwArg);
-            if (wrappingKey) {
-                mechanism = PK11_GetMechanism(wrappingKey); /* can't fail. */
-            }
-        }
-    }
-
-    sid->u.ssl3.masterWrapMech = mechanism;
-    PK11_FreeSlot(symKeySlot);
-
-    if (wrappingKey) {
-        SECItem wmsItem;
-
-        wmsItem.data = sid->u.ssl3.keys.wrapped_master_secret;
-        wmsItem.len = sizeof sid->u.ssl3.keys.wrapped_master_secret;
-        rv = PK11_WrapSymKey(mechanism, NULL, wrappingKey,
-                             spec->master_secret, &wmsItem);
-        /* rv is examined below. */
-        sid->u.ssl3.keys.wrapped_master_secret_len = wmsItem.len;
-        PK11_FreeSymKey(wrappingKey);
-    }
-    return rv;
-}
-
-/* Called from ssl3_HandlePostHelloHandshakeMessage() when it has deciphered
- * a complete ssl3 Finished message from the peer.
- * Caller must hold Handshake and RecvBuf locks.
- */
-static SECStatus
-ssl3_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length,
-                    const SSL3Hashes *hashes)
-{
-    sslSessionID *sid = ss->sec.ci.sid;
-    SECStatus rv = SECSuccess;
-    PRBool isServer = ss->sec.isServer;
-    PRBool isTLS;
-    SSL3KEAType effectiveExchKeyType;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    SSL_TRC(3, ("%d: SSL3[%d]: handle finished handshake",
-                SSL_GETPID(), ss->fd));
-
-    if (ss->ssl3.hs.ws != wait_finished) {
-        SSL3_SendAlert(ss, alert_fatal, unexpected_message);
-        PORT_SetError(SSL_ERROR_RX_UNEXPECTED_FINISHED);
-        return SECFailure;
-    }
-
-    if (!hashes) {
-        PORT_Assert(0);
-        SSL3_SendAlert(ss, alert_fatal, internal_error);
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        return SECFailure;
-    }
-
-    isTLS = (PRBool)(ss->ssl3.crSpec->version > SSL_LIBRARY_VERSION_3_0);
-    if (isTLS) {
-        TLSFinished tlsFinished;
-
-        if (length != sizeof tlsFinished) {
-            (void)SSL3_SendAlert(ss, alert_fatal, decode_error);
-            PORT_SetError(SSL_ERROR_RX_MALFORMED_FINISHED);
-            return SECFailure;
-        }
-        rv = ssl3_ComputeTLSFinished(ss->ssl3.crSpec, !isServer,
-                                     hashes, &tlsFinished);
-        if (!isServer)
-            ss->ssl3.hs.finishedMsgs.tFinished[1] = tlsFinished;
-        else
-            ss->ssl3.hs.finishedMsgs.tFinished[0] = tlsFinished;
-        ss->ssl3.hs.finishedBytes = sizeof tlsFinished;
-        if (rv != SECSuccess ||
-            0 != NSS_SecureMemcmp(&tlsFinished, b, length)) {
-            (void)SSL3_SendAlert(ss, alert_fatal, decrypt_error);
-            PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
-            return SECFailure;
-        }
-    } else {
-        if (length != sizeof(SSL3Finished)) {
-            (void)ssl3_IllegalParameter(ss);
-            PORT_SetError(SSL_ERROR_RX_MALFORMED_FINISHED);
-            return SECFailure;
-        }
-
-        if (!isServer)
-            ss->ssl3.hs.finishedMsgs.sFinished[1] = hashes->u.s;
-        else
-            ss->ssl3.hs.finishedMsgs.sFinished[0] = hashes->u.s;
-        PORT_Assert(hashes->len == sizeof hashes->u.s);
-        ss->ssl3.hs.finishedBytes = sizeof hashes->u.s;
-        if (0 != NSS_SecureMemcmp(&hashes->u.s, b, length)) {
-            (void)ssl3_HandshakeFailure(ss);
-            PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
-            return SECFailure;
-        }
-    }
-
-    ssl_GetXmitBufLock(ss); /*************************************/
-
-    if ((isServer && !ss->ssl3.hs.isResuming) ||
-        (!isServer && ss->ssl3.hs.isResuming)) {
-        PRInt32 flags = 0;
-
-        /* Send a NewSessionTicket message if the client sent us
-         * either an empty session ticket, or one that did not verify.
-         * (Note that if either of these conditions was met, then the
-         * server has sent a SessionTicket extension in the
-         * ServerHello message.)
-         */
-        if (isServer && !ss->ssl3.hs.isResuming &&
-            ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn) &&
-            ssl3_KEAAllowsSessionTicket(ss->ssl3.hs.suite_def->key_exchange_alg)) {
-            /* RFC 5077 Section 3.3: "In the case of a full handshake, the
-             * server MUST verify the client's Finished message before sending
-             * the ticket." Presumably, this also means that the client's
-             * certificate, if any, must be verified beforehand too.
-             */
-            rv = ssl3_SendNewSessionTicket(ss);
-            if (rv != SECSuccess) {
-                goto xmit_loser;
-            }
-        }
-
-        rv = ssl3_SendChangeCipherSpecs(ss);
-        if (rv != SECSuccess) {
-            goto xmit_loser; /* err is set. */
-        }
-        /* If this thread is in SSL_SecureSend (trying to write some data)
-        ** then set the ssl_SEND_FLAG_FORCE_INTO_BUFFER flag, so that the
-        ** last two handshake messages (change cipher spec and finished)
-        ** will be sent in the same send/write call as the application data.
-        */
-        if (ss->writerThread == PR_GetCurrentThread()) {
-            flags = ssl_SEND_FLAG_FORCE_INTO_BUFFER;
-        }
-
-        if (!isServer) {
-            if (!ss->firstHsDone) {
-                rv = ssl3_SendNextProto(ss);
-                if (rv != SECSuccess) {
-                    goto xmit_loser; /* err code was set. */
-                }
-            }
-            rv = ssl3_SendChannelIDEncryptedExtensions(ss);
-            if (rv != SECSuccess)
-                goto xmit_loser; /* err code was set. */
-        }
-
-        if (IS_DTLS(ss)) {
-            flags |= ssl_SEND_FLAG_NO_RETRANSMIT;
-        }
-
-        rv = ssl3_SendFinished(ss, flags);
-        if (rv != SECSuccess) {
-            goto xmit_loser; /* err is set. */
-        }
-    }
-
-xmit_loser:
-    ssl_ReleaseXmitBufLock(ss); /*************************************/
-    if (rv != SECSuccess) {
-        return rv;
-    }
-
-    if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa ||
-        ss->ssl3.hs.kea_def->kea == kea_dhe_rsa) {
-        effectiveExchKeyType = kt_rsa;
-    } else {
-        effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType;
-    }
-
-    if (sid->cached == never_cached && !ss->opt.noCache && ss->sec.cache) {
-        /* fill in the sid */
-        sid->u.ssl3.cipherSuite = ss->ssl3.hs.cipher_suite;
-        sid->u.ssl3.compression = ss->ssl3.hs.compression;
-        sid->u.ssl3.policy = ss->ssl3.policy;
-#ifndef NSS_DISABLE_ECC
-        sid->u.ssl3.negotiatedECCurves = ss->ssl3.hs.negotiatedECCurves;
-#endif
-        sid->u.ssl3.exchKeyType = effectiveExchKeyType;
-        sid->version = ss->version;
-        sid->authAlgorithm = ss->sec.authAlgorithm;
-        sid->authKeyBits = ss->sec.authKeyBits;
-        sid->keaType = ss->sec.keaType;
-        sid->keaKeyBits = ss->sec.keaKeyBits;
-        sid->lastAccessTime = sid->creationTime = ssl_Time();
-        sid->expirationTime = sid->creationTime + ssl3_sid_timeout;
-        sid->localCert = CERT_DupCertificate(ss->sec.localCert);
-
-        ssl_GetSpecReadLock(ss); /*************************************/
-
-        /* Copy the master secret (wrapped or unwrapped) into the sid */
-        if (ss->ssl3.crSpec->msItem.len && ss->ssl3.crSpec->msItem.data) {
-            sid->u.ssl3.keys.wrapped_master_secret_len =
-                ss->ssl3.crSpec->msItem.len;
-            memcpy(sid->u.ssl3.keys.wrapped_master_secret,
-                   ss->ssl3.crSpec->msItem.data, ss->ssl3.crSpec->msItem.len);
-            sid->u.ssl3.masterValid = PR_TRUE;
-            sid->u.ssl3.keys.msIsWrapped = PR_FALSE;
-            rv = SECSuccess;
-        } else {
-            rv = ssl3_CacheWrappedMasterSecret(ss, ss->sec.ci.sid,
-                                               ss->ssl3.crSpec,
-                                               effectiveExchKeyType);
-            sid->u.ssl3.keys.msIsWrapped = PR_TRUE;
-        }
-        ssl_ReleaseSpecReadLock(ss); /*************************************/
-
-        /* If the wrap failed, we don't cache the sid.
-         * The connection continues normally however.
-         */
-        ss->ssl3.hs.cacheSID = rv == SECSuccess;
-    }
-
-    if (ss->ssl3.hs.authCertificatePending) {
-        if (ss->ssl3.hs.restartTarget) {
-            PR_NOT_REACHED("ssl3_HandleFinished: unexpected restartTarget");
-            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-            return SECFailure;
-        }
-
-        ss->ssl3.hs.restartTarget = ssl3_FinishHandshake;
-        return SECWouldBlock;
-    }
-
-    rv = ssl3_FinishHandshake(ss);
-    return rv;
-}
-
-/* The return type is SECStatus instead of void because this function needs
- * to have type sslRestartTarget.
- */
-SECStatus
-ssl3_FinishHandshake(sslSocket *ss)
-{
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-    PORT_Assert(ss->ssl3.hs.restartTarget == NULL);
-
-    /* The first handshake is now completed. */
-    ss->handshake = NULL;
-
-    /* RFC 5077 Section 3.3: "The client MUST NOT treat the ticket as valid
-     * until it has verified the server's Finished message." When the server
-     * sends a NewSessionTicket in a resumption handshake, we must wait until
-     * the handshake is finished (we have verified the server's Finished
-     * AND the server's certificate) before we update the ticket in the sid.
-     *
-     * This must be done before we call (*ss->sec.cache)(ss->sec.ci.sid)
-     * because CacheSID requires the session ticket to already be set, and also
-     * because of the lazy lock creation scheme used by CacheSID and
-     * ssl3_SetSIDSessionTicket.
-     */
-    if (ss->ssl3.hs.receivedNewSessionTicket) {
-        PORT_Assert(!ss->sec.isServer);
-        ssl3_SetSIDSessionTicket(ss->sec.ci.sid, &ss->ssl3.hs.newSessionTicket);
-        /* The sid took over the ticket data */
-        PORT_Assert(!ss->ssl3.hs.newSessionTicket.ticket.data);
-        ss->ssl3.hs.receivedNewSessionTicket = PR_FALSE;
-    }
-
-    if (ss->ssl3.hs.cacheSID && ss->sec.isServer) {
-        PORT_Assert(ss->sec.ci.sid->cached == never_cached);
-        (*ss->sec.cache)(ss->sec.ci.sid);
-        ss->ssl3.hs.cacheSID = PR_FALSE;
-    }
-
-    ss->ssl3.hs.canFalseStart = PR_FALSE; /* False Start phase is complete */
-    ss->ssl3.hs.ws = idle_handshake;
-
-    ssl_FinishHandshake(ss);
-
-    return SECSuccess;
-}
-
-/* Called from ssl3_HandleHandshake() when it has gathered a complete ssl3
- * hanshake message.
- * Caller must hold Handshake and RecvBuf locks.
- */
-SECStatus
-ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
-{
-    SECStatus rv = SECSuccess;
-    SSL3HandshakeType type = ss->ssl3.hs.msg_type;
-    SSL3Hashes hashes;            /* computed hashes are put here. */
-    SSL3Hashes *hashesPtr = NULL; /* Set when hashes are computed */
-    PRUint8 hdr[4];
-    PRUint8 dtlsData[8];
-    PRBool computeHashes = PR_FALSE;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-    /*
-     * We have to compute the hashes before we update them with the
-     * current message.
-     */
-    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
-        if (((type == finished) && (ss->ssl3.hs.ws == wait_finished)) ||
-            ((type == certificate_verify) &&
-             (ss->ssl3.hs.ws == wait_cert_verify))) {
-            computeHashes = PR_TRUE;
-        }
-    } else {
-        if (type == certificate_verify) {
-            computeHashes =
-                TLS13_IN_HS_STATE(ss, wait_cert_verify);
-        } else if (type == finished) {
-            computeHashes =
-                TLS13_IN_HS_STATE(ss, wait_cert_request, wait_finished);
-        }
-    }
-
-    ssl_GetSpecReadLock(ss); /************************************/
-    if (computeHashes) {
-        SSL3Sender sender = (SSL3Sender)0;
-        ssl3CipherSpec *rSpec = ss->version >= SSL_LIBRARY_VERSION_TLS_1_3 ? ss->ssl3.crSpec
-                                                                           : ss->ssl3.prSpec;
-
-        if (type == finished) {
-            sender = ss->sec.isServer ? sender_client : sender_server;
-            rSpec = ss->ssl3.crSpec;
-        }
-        rv = ssl3_ComputeHandshakeHashes(ss, rSpec, &hashes, sender);
-        if (rv == SECSuccess) {
-            hashesPtr = &hashes;
-        }
-    }
-    ssl_ReleaseSpecReadLock(ss); /************************************/
-    if (rv != SECSuccess) {
-        return rv; /* error code was set by ssl3_ComputeHandshakeHashes*/
-    }
-    SSL_TRC(30, ("%d: SSL3[%d]: handle handshake message: %s", SSL_GETPID(),
-                 ss->fd, ssl3_DecodeHandshakeType(ss->ssl3.hs.msg_type)));
-
-    hdr[0] = (PRUint8)ss->ssl3.hs.msg_type;
-    hdr[1] = (PRUint8)(length >> 16);
-    hdr[2] = (PRUint8)(length >> 8);
-    hdr[3] = (PRUint8)(length);
-
-    /* Start new handshake hashes when we start a new handshake */
-    if (ss->ssl3.hs.msg_type == client_hello) {
-        rv = ssl3_RestartHandshakeHashes(ss);
-        if (rv != SECSuccess) {
-            return rv;
-        }
-    }
-    /* We should not include hello_request and hello_verify_request messages
-     * in the handshake hashes */
-    if ((ss->ssl3.hs.msg_type != hello_request) &&
-        (ss->ssl3.hs.msg_type != hello_verify_request)) {
-        rv = ssl3_UpdateHandshakeHashes(ss, (unsigned char *)hdr, 4);
-        if (rv != SECSuccess)
-            return rv; /* err code already set. */
-
-        /* Extra data to simulate a complete DTLS handshake fragment */
-        if (IS_DTLS(ss)) {
-            /* Sequence number */
-            dtlsData[0] = MSB(ss->ssl3.hs.recvMessageSeq);
-            dtlsData[1] = LSB(ss->ssl3.hs.recvMessageSeq);
-
-            /* Fragment offset */
-            dtlsData[2] = 0;
-            dtlsData[3] = 0;
-            dtlsData[4] = 0;
-
-            /* Fragment length */
-            dtlsData[5] = (PRUint8)(length >> 16);
-            dtlsData[6] = (PRUint8)(length >> 8);
-            dtlsData[7] = (PRUint8)(length);
-
-            rv = ssl3_UpdateHandshakeHashes(ss, (unsigned char *)dtlsData,
-                                            sizeof(dtlsData));
-            if (rv != SECSuccess)
-                return rv; /* err code already set. */
-        }
-
-        /* The message body */
-        rv = ssl3_UpdateHandshakeHashes(ss, b, length);
-        if (rv != SECSuccess)
-            return rv; /* err code already set. */
-    }
-
-    PORT_SetError(0); /* each message starts with no error. */
-
-    if (ss->ssl3.hs.ws == wait_certificate_status &&
-        ss->ssl3.hs.msg_type != certificate_status) {
-        /* If we negotiated the certificate_status extension then we deferred
-         * certificate validation until we get the CertificateStatus messsage.
-         * But the CertificateStatus message is optional. If the server did
-         * not send it then we need to validate the certificate now. If the
-         * server does send the CertificateStatus message then we will
-         * authenticate the certificate in ssl3_HandleCertificateStatus.
-         */
-        rv = ssl3_AuthCertificate(ss); /* sets ss->ssl3.hs.ws */
-        PORT_Assert(rv != SECWouldBlock);
-        if (rv != SECSuccess) {
-            return rv;
-        }
-    }
-
-    switch (ss->ssl3.hs.msg_type) {
-        case client_hello:
-            if (!ss->sec.isServer) {
-                (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
-                PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO);
-                return SECFailure;
-            }
-            rv = ssl3_HandleClientHello(ss, b, length);
-            break;
-        case server_hello:
-            if (ss->sec.isServer) {
-                (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
-                PORT_SetError(SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO);
-                return SECFailure;
-            }
-            rv = ssl3_HandleServerHello(ss, b, length);
-            break;
-        default:
-            if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
-                rv = ssl3_HandlePostHelloHandshakeMessage(ss, b, length, hashesPtr);
-            } else {
-                rv = tls13_HandlePostHelloHandshakeMessage(ss, b, length,
-                                                           hashesPtr);
-            }
-            break;
-    }
-
-    if (IS_DTLS(ss) && (rv != SECFailure)) {
-        /* Increment the expected sequence number */
-        ss->ssl3.hs.recvMessageSeq++;
-    }
-    return rv;
-}
-
-static SECStatus
-ssl3_HandlePostHelloHandshakeMessage(sslSocket *ss, SSL3Opaque *b,
-                                     PRUint32 length, SSL3Hashes *hashesPtr)
-{
-    SECStatus rv;
-    PORT_Assert(ss->version < SSL_LIBRARY_VERSION_TLS_1_3);
-
-    switch (ss->ssl3.hs.msg_type) {
-        case hello_request:
-            if (length != 0) {
-                (void)ssl3_DecodeError(ss);
-                PORT_SetError(SSL_ERROR_RX_MALFORMED_HELLO_REQUEST);
-                return SECFailure;
-            }
-            if (ss->sec.isServer) {
-                (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
-                PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST);
-                return SECFailure;
-            }
-            rv = ssl3_HandleHelloRequest(ss);
-            break;
-        case hello_verify_request:
-            if (!IS_DTLS(ss) || ss->sec.isServer) {
-                (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
-                PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HELLO_VERIFY_REQUEST);
-                return SECFailure;
-            }
-            rv = dtls_HandleHelloVerifyRequest(ss, b, length);
-            break;
-        case certificate:
-            rv = ssl3_HandleCertificate(ss, b, length);
-            break;
-        case certificate_status:
-            rv = ssl3_HandleCertificateStatus(ss, b, length);
-            break;
-        case server_key_exchange:
-            if (ss->sec.isServer) {
-                (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
-                PORT_SetError(SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH);
-                return SECFailure;
-            }
-            rv = ssl3_HandleServerKeyExchange(ss, b, length);
-            break;
-        case certificate_request:
-            if (ss->sec.isServer) {
-                (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
-                PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST);
-                return SECFailure;
-            }
-            rv = ssl3_HandleCertificateRequest(ss, b, length);
-            break;
-        case server_hello_done:
-            if (length != 0) {
-                (void)ssl3_DecodeError(ss);
-                PORT_SetError(SSL_ERROR_RX_MALFORMED_HELLO_DONE);
-                return SECFailure;
-            }
-            if (ss->sec.isServer) {
-                (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
-                PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE);
-                return SECFailure;
-            }
-            rv = ssl3_HandleServerHelloDone(ss);
-            break;
-        case certificate_verify:
-            if (!ss->sec.isServer) {
-                (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
-                PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY);
-                return SECFailure;
-            }
-            rv = ssl3_HandleCertificateVerify(ss, b, length, hashesPtr);
-            break;
-        case client_key_exchange:
-            if (!ss->sec.isServer) {
-                (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
-                PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH);
-                return SECFailure;
-            }
-            rv = ssl3_HandleClientKeyExchange(ss, b, length);
-            break;
-        case new_session_ticket:
-            if (ss->sec.isServer) {
-                (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
-                PORT_SetError(SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET);
-                return SECFailure;
-            }
-            rv = ssl3_HandleNewSessionTicket(ss, b, length);
-            break;
-        case finished:
-            rv = ssl3_HandleFinished(ss, b, length, hashesPtr);
-            break;
-        default:
-            (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
-            PORT_SetError(SSL_ERROR_RX_UNKNOWN_HANDSHAKE);
-            rv = SECFailure;
-    }
-
-    return rv;
-}
-
-/* Called only from ssl3_HandleRecord, for each (deciphered) ssl3 record.
- * origBuf is the decrypted ssl record content.
- * Caller must hold the handshake and RecvBuf locks.
- */
-static SECStatus
-ssl3_HandleHandshake(sslSocket *ss, sslBuffer *origBuf)
-{
-    /*
-     * There may be a partial handshake message already in the handshake
-     * state. The incoming buffer may contain another portion, or a
-     * complete message or several messages followed by another portion.
-     *
-     * Each message is made contiguous before being passed to the actual
-     * message parser.
-     */
-    sslBuffer *buf = &ss->ssl3.hs.msgState; /* do not lose the original buffer pointer */
-    SECStatus rv;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    if (buf->buf == NULL) {
-        *buf = *origBuf;
-    }
-    while (buf->len > 0) {
-        if (ss->ssl3.hs.header_bytes < 4) {
-            PRUint8 t;
-            t = *(buf->buf++);
-            buf->len--;
-            if (ss->ssl3.hs.header_bytes++ == 0)
-                ss->ssl3.hs.msg_type = (SSL3HandshakeType)t;
-            else
-                ss->ssl3.hs.msg_len = (ss->ssl3.hs.msg_len << 8) + t;
-            if (ss->ssl3.hs.header_bytes < 4)
-                continue;
-
-#define MAX_HANDSHAKE_MSG_LEN 0x1ffff /* 128k - 1 */
-            if (ss->ssl3.hs.msg_len > MAX_HANDSHAKE_MSG_LEN) {
-                (void)ssl3_DecodeError(ss);
-                PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE);
-                return SECFailure;
-            }
-#undef MAX_HANDSHAKE_MSG_LEN
-
-            /* If msg_len is zero, be sure we fall through,
-            ** even if buf->len is zero.
-            */
-            if (ss->ssl3.hs.msg_len > 0)
-                continue;
-        }
-
-        /*
-         * Header has been gathered and there is at least one byte of new
-         * data available for this message. If it can be done right out
-         * of the original buffer, then use it from there.
-         */
-        if (ss->ssl3.hs.msg_body.len == 0 && buf->len >= ss->ssl3.hs.msg_len) {
-            /* handle it from input buffer */
-            rv = ssl3_HandleHandshakeMessage(ss, buf->buf, ss->ssl3.hs.msg_len);
-            if (rv == SECFailure) {
-                /* This test wants to fall through on either
-                 * SECSuccess or SECWouldBlock.
-                 * ssl3_HandleHandshakeMessage MUST set the error code.
-                 */
-                return rv;
-            }
-            buf->buf += ss->ssl3.hs.msg_len;
-            buf->len -= ss->ssl3.hs.msg_len;
-            ss->ssl3.hs.msg_len = 0;
-            ss->ssl3.hs.header_bytes = 0;
-            if (rv != SECSuccess) { /* return if SECWouldBlock. */
-                return rv;
-            }
-        } else {
-            /* must be copied to msg_body and dealt with from there */
-            unsigned int bytes;
-
-            PORT_Assert(ss->ssl3.hs.msg_body.len < ss->ssl3.hs.msg_len);
-            bytes = PR_MIN(buf->len, ss->ssl3.hs.msg_len - ss->ssl3.hs.msg_body.len);
-
-            /* Grow the buffer if needed */
-            rv = sslBuffer_Grow(&ss->ssl3.hs.msg_body, ss->ssl3.hs.msg_len);
-            if (rv != SECSuccess) {
-                /* sslBuffer_Grow has set a memory error code. */
-                return SECFailure;
-            }
-
-            PORT_Memcpy(ss->ssl3.hs.msg_body.buf + ss->ssl3.hs.msg_body.len,
-                        buf->buf, bytes);
-            ss->ssl3.hs.msg_body.len += bytes;
-            buf->buf += bytes;
-            buf->len -= bytes;
-
-            PORT_Assert(ss->ssl3.hs.msg_body.len <= ss->ssl3.hs.msg_len);
-
-            /* if we have a whole message, do it */
-            if (ss->ssl3.hs.msg_body.len == ss->ssl3.hs.msg_len) {
-                rv = ssl3_HandleHandshakeMessage(
-                    ss, ss->ssl3.hs.msg_body.buf, ss->ssl3.hs.msg_len);
-                if (rv == SECFailure) {
-                    /* This test wants to fall through on either
-                     * SECSuccess or SECWouldBlock.
-                     * ssl3_HandleHandshakeMessage MUST set error code.
-                     */
-                    return rv;
-                }
-                ss->ssl3.hs.msg_body.len = 0;
-                ss->ssl3.hs.msg_len = 0;
-                ss->ssl3.hs.header_bytes = 0;
-                if (rv != SECSuccess) { /* return if SECWouldBlock. */
-                    return rv;
-                }
-            } else {
-                PORT_Assert(buf->len == 0);
-                break;
-            }
-        }
-    } /* end loop */
-
-    origBuf->len = 0; /* So ssl3_GatherAppDataRecord will keep looping. */
-    buf->buf = NULL;  /* not a leak. */
-    return SECSuccess;
-}
-
-/* These macros return the given value with the MSB copied to all the other
- * bits. They use the fact that arithmetic shift shifts-in the sign bit.
- * However, this is not ensured by the C standard so you may need to replace
- * them with something else for odd compilers. */
-#define DUPLICATE_MSB_TO_ALL(x) ((unsigned)((int)(x) >> (sizeof(int) * 8 - 1)))
-#define DUPLICATE_MSB_TO_ALL_8(x) ((unsigned char)(DUPLICATE_MSB_TO_ALL(x)))
-
-/* SECStatusToMask returns, in constant time, a mask value of all ones if
- * rv == SECSuccess.  Otherwise it returns zero. */
-static unsigned int
-SECStatusToMask(SECStatus rv)
-{
-    unsigned int good;
-    /* rv ^ SECSuccess is zero iff rv == SECSuccess. Subtracting one results
-     * in the MSB being set to one iff it was zero before. */
-    good = rv ^ SECSuccess;
-    good--;
-    return DUPLICATE_MSB_TO_ALL(good);
-}
-
-/* ssl_ConstantTimeGE returns 0xff if a>=b and 0x00 otherwise. */
-static unsigned char
-ssl_ConstantTimeGE(unsigned int a, unsigned int b)
-{
-    a -= b;
-    return DUPLICATE_MSB_TO_ALL(~a);
-}
-
-/* ssl_ConstantTimeEQ8 returns 0xff if a==b and 0x00 otherwise. */
-static unsigned char
-ssl_ConstantTimeEQ8(unsigned char a, unsigned char b)
-{
-    unsigned int c = a ^ b;
-    c--;
-    return DUPLICATE_MSB_TO_ALL_8(c);
-}
-
-static SECStatus
-ssl_RemoveSSLv3CBCPadding(sslBuffer *plaintext,
-                          unsigned int blockSize,
-                          unsigned int macSize)
-{
-    unsigned int paddingLength, good, t;
-    const unsigned int overhead = 1 /* padding length byte */ + macSize;
-
-    /* These lengths are all public so we can test them in non-constant
-     * time. */
-    if (overhead > plaintext->len) {
-        return SECFailure;
-    }
-
-    paddingLength = plaintext->buf[plaintext->len - 1];
-    /* SSLv3 padding bytes are random and cannot be checked. */
-    t = plaintext->len;
-    t -= paddingLength + overhead;
-    /* If len >= paddingLength+overhead then the MSB of t is zero. */
-    good = DUPLICATE_MSB_TO_ALL(~t);
-    /* SSLv3 requires that the padding is minimal. */
-    t = blockSize - (paddingLength + 1);
-    good &= DUPLICATE_MSB_TO_ALL(~t);
-    plaintext->len -= good & (paddingLength + 1);
-    return (good & SECSuccess) | (~good & SECFailure);
-}
-
-static SECStatus
-ssl_RemoveTLSCBCPadding(sslBuffer *plaintext, unsigned int macSize)
-{
-    unsigned int paddingLength, good, t, toCheck, i;
-    const unsigned int overhead = 1 /* padding length byte */ + macSize;
-
-    /* These lengths are all public so we can test them in non-constant
-     * time. */
-    if (overhead > plaintext->len) {
-        return SECFailure;
-    }
-
-    paddingLength = plaintext->buf[plaintext->len - 1];
-    t = plaintext->len;
-    t -= paddingLength + overhead;
-    /* If len >= paddingLength+overhead then the MSB of t is zero. */
-    good = DUPLICATE_MSB_TO_ALL(~t);
-
-    /* The padding consists of a length byte at the end of the record and then
-     * that many bytes of padding, all with the same value as the length byte.
-     * Thus, with the length byte included, there are paddingLength+1 bytes of
-     * padding.
-     *
-     * We can't check just |paddingLength+1| bytes because that leaks
-     * decrypted information. Therefore we always have to check the maximum
-     * amount of padding possible. (Again, the length of the record is
-     * public information so we can use it.) */
-    toCheck = 255; /* maximum amount of padding. */
-    if (toCheck > plaintext->len - 1) {
-        toCheck = plaintext->len - 1;
-    }
-
-    for (i = 0; i < toCheck; i++) {
-        unsigned int t = paddingLength - i;
-        /* If i <= paddingLength then the MSB of t is zero and mask is
-         * 0xff.  Otherwise, mask is 0. */
-        unsigned char mask = DUPLICATE_MSB_TO_ALL(~t);
-        unsigned char b = plaintext->buf[plaintext->len - 1 - i];
-        /* The final |paddingLength+1| bytes should all have the value
-         * |paddingLength|. Therefore the XOR should be zero. */
-        good &= ~(mask & (paddingLength ^ b));
-    }
-
-    /* If any of the final |paddingLength+1| bytes had the wrong value,
-     * one or more of the lower eight bits of |good| will be cleared. We
-     * AND the bottom 8 bits together and duplicate the result to all the
-     * bits. */
-    good &= good >> 4;
-    good &= good >> 2;
-    good &= good >> 1;
-    good <<= sizeof(good) * 8 - 1;
-    good = DUPLICATE_MSB_TO_ALL(good);
-
-    plaintext->len -= good & (paddingLength + 1);
-    return (good & SECSuccess) | (~good & SECFailure);
-}
-
-/* On entry:
- *   originalLength >= macSize
- *   macSize <= MAX_MAC_LENGTH
- *   plaintext->len >= macSize
- */
-static void
-ssl_CBCExtractMAC(sslBuffer *plaintext,
-                  unsigned int originalLength,
-                  SSL3Opaque *out,
-                  unsigned int macSize)
-{
-    unsigned char rotatedMac[MAX_MAC_LENGTH];
-    /* macEnd is the index of |plaintext->buf| just after the end of the
-     * MAC. */
-    unsigned macEnd = plaintext->len;
-    unsigned macStart = macEnd - macSize;
-    /* scanStart contains the number of bytes that we can ignore because
-     * the MAC's position can only vary by 255 bytes. */
-    unsigned scanStart = 0;
-    unsigned i, j, divSpoiler;
-    unsigned char rotateOffset;
-
-    if (originalLength > macSize + 255 + 1)
-        scanStart = originalLength - (macSize + 255 + 1);
-
-    /* divSpoiler contains a multiple of macSize that is used to cause the
-     * modulo operation to be constant time. Without this, the time varies
-     * based on the amount of padding when running on Intel chips at least.
-     *
-     * The aim of right-shifting macSize is so that the compiler doesn't
-     * figure out that it can remove divSpoiler as that would require it
-     * to prove that macSize is always even, which I hope is beyond it. */
-    divSpoiler = macSize >> 1;
-    divSpoiler <<= (sizeof(divSpoiler) - 1) * 8;
-    rotateOffset = (divSpoiler + macStart - scanStart) % macSize;
-
-    memset(rotatedMac, 0, macSize);
-    for (i = scanStart; i < originalLength;) {
-        for (j = 0; j < macSize && i < originalLength; i++, j++) {
-            unsigned char macStarted = ssl_ConstantTimeGE(i, macStart);
-            unsigned char macEnded = ssl_ConstantTimeGE(i, macEnd);
-            unsigned char b = 0;
-            b = plaintext->buf[i];
-            rotatedMac[j] |= b & macStarted & ~macEnded;
-        }
-    }
-
-    /* Now rotate the MAC. If we knew that the MAC fit into a CPU cache line
-     * we could line-align |rotatedMac| and rotate in place. */
-    memset(out, 0, macSize);
-    for (i = 0; i < macSize; i++) {
-        unsigned char offset =
-            (divSpoiler + macSize - rotateOffset + i) % macSize;
-        for (j = 0; j < macSize; j++) {
-            out[j] |= rotatedMac[i] & ssl_ConstantTimeEQ8(j, offset);
-        }
-    }
-}
-
-/* Unprotect an SSL3 record and leave the result in plaintext.
- *
- * If SECFailure is returned, we:
- * 1. Set |*alert| to the alert to be sent.
- * 2. Call PORT_SetError() with an appropriate code.
- *
- * Called by ssl3_HandleRecord. Caller must hold the spec read lock.
- * Therefore, we MUST not call SSL3_SendAlert().
- *
- */
-static SECStatus
-ssl3_UnprotectRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *plaintext,
-                     SSL3AlertDescription *alert)
-{
-    ssl3CipherSpec *crSpec = ss->ssl3.crSpec;
-    const ssl3BulkCipherDef *cipher_def = crSpec->cipher_def;
-    PRBool isTLS;
-    unsigned int good;
-    unsigned int ivLen = 0;
-    SSL3ContentType rType;
-    unsigned int minLength;
-    unsigned int originalLen = 0;
-    unsigned char header[13];
-    unsigned int headerLen;
-    SSL3Opaque hash[MAX_MAC_LENGTH];
-    SSL3Opaque givenHashBuf[MAX_MAC_LENGTH];
-    SSL3Opaque *givenHash;
-    unsigned int hashBytes = MAX_MAC_LENGTH + 1;
-    SECStatus rv;
-
-    good = ~0U;
-    minLength = crSpec->mac_size;
-    if (cipher_def->type == type_block) {
-        /* CBC records have a padding length byte at the end. */
-        minLength++;
-        if (crSpec->version >= SSL_LIBRARY_VERSION_TLS_1_1) {
-            /* With >= TLS 1.1, CBC records have an explicit IV. */
-            minLength += cipher_def->iv_size;
-        }
-    } else if (cipher_def->type == type_aead) {
-        minLength = cipher_def->explicit_nonce_size + cipher_def->tag_size;
-    }
-
-    /* We can perform this test in variable time because the record's total
-     * length and the ciphersuite are both public knowledge. */
-    if (cText->buf->len < minLength) {
-        goto decrypt_loser;
-    }
-
-    if (cipher_def->type == type_block &&
-        crSpec->version >= SSL_LIBRARY_VERSION_TLS_1_1) {
-        /* Consume the per-record explicit IV. RFC 4346 Section 6.2.3.2 states
-         * "The receiver decrypts the entire GenericBlockCipher structure and
-         * then discards the first cipher block corresponding to the IV
-         * component." Instead, we decrypt the first cipher block and then
-         * discard it before decrypting the rest.
-         */
-        SSL3Opaque iv[MAX_IV_LENGTH];
-        int decoded;
-
-        ivLen = cipher_def->iv_size;
-        if (ivLen < 8 || ivLen > sizeof(iv)) {
-            *alert = internal_error;
-            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-            return SECFailure;
-        }
-
-        PRINT_BUF(80, (ss, "IV (ciphertext):", cText->buf->buf, ivLen));
-
-        /* The decryption result is garbage, but since we just throw away
-         * the block it doesn't matter.  The decryption of the next block
-         * depends only on the ciphertext of the IV block.
-         */
-        rv = crSpec->decode(crSpec->decodeContext, iv, &decoded,
-                            sizeof(iv), cText->buf->buf, ivLen);
-
-        good &= SECStatusToMask(rv);
-    }
-
-    PRINT_BUF(80, (ss, "ciphertext:", cText->buf->buf + ivLen,
-                   cText->buf->len - ivLen));
-
-    isTLS = (PRBool)(crSpec->version > SSL_LIBRARY_VERSION_3_0);
-
-    if (isTLS && cText->buf->len - ivLen > (MAX_FRAGMENT_LENGTH + 2048)) {
-        *alert = record_overflow;
-        PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG);
-        return SECFailure;
-    }
-
-    rType = cText->type;
-    if (cipher_def->type == type_aead) {
-        /* XXX For many AEAD ciphers, the plaintext is shorter than the
-         * ciphertext by a fixed byte count, but it is not true in general.
-         * Each AEAD cipher should provide a function that returns the
-         * plaintext length for a given ciphertext. */
-        unsigned int decryptedLen =
-            cText->buf->len - cipher_def->explicit_nonce_size -
-            cipher_def->tag_size;
-        headerLen = ssl3_BuildRecordPseudoHeader(
-            header, IS_DTLS(ss) ? cText->seq_num : crSpec->read_seq_num,
-            rType, isTLS, cText->version, IS_DTLS(ss), decryptedLen);
-        PORT_Assert(headerLen <= sizeof(header));
-        rv = crSpec->aead(
-            ss->sec.isServer ? &crSpec->client : &crSpec->server,
-            PR_TRUE,                /* do decrypt */
-            plaintext->buf,         /* out */
-            (int *)&plaintext->len, /* outlen */
-            plaintext->space,       /* maxout */
-            cText->buf->buf,        /* in */
-            cText->buf->len,        /* inlen */
-            header, headerLen);
-        if (rv != SECSuccess) {
-            good = 0;
-        }
-    } else {
-        if (cipher_def->type == type_block &&
-            ((cText->buf->len - ivLen) % cipher_def->block_size) != 0) {
-            goto decrypt_loser;
-        }
-
-        /* decrypt from cText buf to plaintext. */
-        rv = crSpec->decode(
-            crSpec->decodeContext, plaintext->buf, (int *)&plaintext->len,
-            plaintext->space, cText->buf->buf + ivLen, cText->buf->len - ivLen);
-        if (rv != SECSuccess) {
-            goto decrypt_loser;
-        }
-
-        PRINT_BUF(80, (ss, "cleartext:", plaintext->buf, plaintext->len));
-
-        originalLen = plaintext->len;
-
-        /* If it's a block cipher, check and strip the padding. */
-        if (cipher_def->type == type_block) {
-            const unsigned int blockSize = cipher_def->block_size;
-            const unsigned int macSize = crSpec->mac_size;
-
-            if (!isTLS) {
-                good &= SECStatusToMask(ssl_RemoveSSLv3CBCPadding(
-                    plaintext, blockSize, macSize));
-            } else {
-                good &= SECStatusToMask(ssl_RemoveTLSCBCPadding(
-                    plaintext, macSize));
-            }
-        }
-
-        /* compute the MAC */
-        headerLen = ssl3_BuildRecordPseudoHeader(
-            header, IS_DTLS(ss) ? cText->seq_num : crSpec->read_seq_num,
-            rType, isTLS, cText->version, IS_DTLS(ss),
-            plaintext->len - crSpec->mac_size);
-        PORT_Assert(headerLen <= sizeof(header));
-        if (cipher_def->type == type_block) {
-            rv = ssl3_ComputeRecordMACConstantTime(
-                crSpec, (PRBool)(!ss->sec.isServer), header, headerLen,
-                plaintext->buf, plaintext->len, originalLen,
-                hash, &hashBytes);
-
-            ssl_CBCExtractMAC(plaintext, originalLen, givenHashBuf,
-                              crSpec->mac_size);
-            givenHash = givenHashBuf;
-
-            /* plaintext->len will always have enough space to remove the MAC
-             * because in ssl_Remove{SSLv3|TLS}CBCPadding we only adjust
-             * plaintext->len if the result has enough space for the MAC and we
-             * tested the unadjusted size against minLength, above. */
-            plaintext->len -= crSpec->mac_size;
-        } else {
-            /* This is safe because we checked the minLength above. */
-            plaintext->len -= crSpec->mac_size;
-
-            rv = ssl3_ComputeRecordMAC(
-                crSpec, (PRBool)(!ss->sec.isServer), header, headerLen,
-                plaintext->buf, plaintext->len, hash, &hashBytes);
-
-            /* We can read the MAC directly from the record because its location
-             * is public when a stream cipher is used. */
-            givenHash = plaintext->buf + plaintext->len;
-        }
-
-        good &= SECStatusToMask(rv);
-
-        if (hashBytes != (unsigned)crSpec->mac_size ||
-            NSS_SecureMemcmp(givenHash, hash, crSpec->mac_size) != 0) {
-            /* We're allowed to leak whether or not the MAC check was correct */
-            good = 0;
-        }
-    }
-
-    if (good == 0) {
-    decrypt_loser:
-        /* always log mac error, in case attacker can read server logs. */
-        PORT_SetError(SSL_ERROR_BAD_MAC_READ);
-        *alert = bad_record_mac;
-        return SECFailure;
-    }
-    return SECSuccess;
-}
-
-/* if cText is non-null, then decipher, check MAC, and decompress the
- * SSL record from cText->buf (typically gs->inbuf)
- * into databuf (typically gs->buf), and any previous contents of databuf
- * is lost.  Then handle databuf according to its SSL record type,
- * unless it's an application record.
- *
- * If cText is NULL, then the ciphertext has previously been deciphered and
- * checked, and is already sitting in databuf.  It is processed as an SSL
- * Handshake message.
- *
- * DOES NOT process the decrypted/decompressed application data.
- * On return, databuf contains the decrypted/decompressed record.
- *
- * Called from ssl3_GatherCompleteHandshake
- *             ssl3_RestartHandshakeAfterCertReq
- *
- * Caller must hold the RecvBufLock.
- *
- * This function aquires and releases the SSL3Handshake Lock, holding the
- * lock around any calls to functions that handle records other than
- * Application Data records.
- */
-SECStatus
-ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *databuf)
-{
-    SECStatus rv;
-    PRBool isTLS;
-    PRUint64 dtls_seq_num = 0;
-    ssl3CipherSpec *crSpec;
-    SSL3ContentType rType;
-    sslBuffer *plaintext;
-    sslBuffer temp_buf;
-    SSL3AlertDescription alert;
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-
-    if (!ss->ssl3.initialized) {
-        ssl_GetSSL3HandshakeLock(ss);
-        rv = ssl3_InitState(ss);
-        ssl_ReleaseSSL3HandshakeLock(ss);
-        if (rv != SECSuccess) {
-            return rv; /* ssl3_InitState has set the error code. */
-        }
-    }
-
-    /* check for Token Presence */
-    if (!ssl3_ClientAuthTokenPresent(ss->sec.ci.sid)) {
-        PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL);
-        return SECFailure;
-    }
-
-    /* cText is NULL when we're called from ssl3_RestartHandshakeAfterXXX().
-     * This implies that databuf holds a previously deciphered SSL Handshake
-     * message.
-     */
-    if (cText == NULL) {
-        SSL_DBG(("%d: SSL3[%d]: HandleRecord, resuming handshake",
-                 SSL_GETPID(), ss->fd));
-        rType = content_handshake;
-        goto process_it;
-    }
-
-    ssl_GetSpecReadLock(ss); /******************************************/
-    crSpec = ss->ssl3.crSpec;
-    isTLS = (PRBool)(crSpec->version > SSL_LIBRARY_VERSION_3_0);
-
-    if (IS_DTLS(ss)) {
-        if (!dtls_IsRelevant(ss, crSpec, cText, &dtls_seq_num)) {
-            ssl_ReleaseSpecReadLock(ss);
-            /* Silently drop the packet */
-            databuf->len = 0; /* Needed to ensure data not left around */
-            return SECSuccess;
-        }
-    }
-
-    /* If we will be decompressing the buffer we need to decrypt somewhere
-     * other than into databuf */
-    if (crSpec->decompressor) {
-        temp_buf.buf = NULL;
-        temp_buf.space = 0;
-        plaintext = &temp_buf;
-    } else {
-        plaintext = databuf;
-    }
-
-    plaintext->len = 0; /* filled in by Unprotect call below. */
-    if (plaintext->space < MAX_FRAGMENT_LENGTH) {
-        rv = sslBuffer_Grow(plaintext, MAX_FRAGMENT_LENGTH + 2048);
-        if (rv != SECSuccess) {
-            ssl_ReleaseSpecReadLock(ss);
-            SSL_DBG(("%d: SSL3[%d]: HandleRecord, tried to get %d bytes",
-                     SSL_GETPID(), ss->fd, MAX_FRAGMENT_LENGTH + 2048));
-            /* sslBuffer_Grow has set a memory error code. */
-            /* Perhaps we should send an alert. (but we have no memory!) */
-            return SECFailure;
-        }
-    }
-
-    /* IMPORTANT: Unprotect functions MUST NOT send alerts
-     * because we still hold the spec read lock. Instead, if they
-     * return SECFailure, they set *alert to the alert to be sent. */
-    if (crSpec->version < SSL_LIBRARY_VERSION_TLS_1_3 ||
-        crSpec->cipher_def->calg == ssl_calg_null) {
-        /* Unencrypted TLS 1.3 records use the pre-TLS 1.3 format. */
-        rv = ssl3_UnprotectRecord(ss, cText, plaintext, &alert);
-    } else {
-        rv = tls13_UnprotectRecord(ss, cText, plaintext, &alert);
-    }
-
-    if (rv != SECSuccess) {
-        ssl_ReleaseSpecReadLock(ss);
-
-        SSL_DBG(("%d: SSL3[%d]: decryption failed", SSL_GETPID(), ss->fd));
-
-        if (!IS_DTLS(ss)) {
-            int errCode = PORT_GetError();
-            SSL3_SendAlert(ss, alert_fatal, alert);
-            /* Reset the error code in case SSL3_SendAlert called
-             * PORT_SetError(). */
-            PORT_SetError(errCode);
-            return SECFailure;
-        } else {
-            /* Silently drop the packet */
-            databuf->len = 0; /* Needed to ensure data not left around */
-            return SECSuccess;
-        }
-    }
-
-    /* SECSuccess */
-    if (!IS_DTLS(ss)) {
-        ssl3_BumpSequenceNumber(&crSpec->read_seq_num);
-    } else {
-        dtls_RecordSetRecvd(&crSpec->recvdRecords, dtls_seq_num);
-    }
-
-    ssl_ReleaseSpecReadLock(ss); /*****************************************/
-
-    /*
-     * The decrypted data is now in plaintext.
-     */
-    rType = cText->type; /* This must go after decryption because TLS 1.3
-                          * has encrypted content types. */
-
-    /* possibly decompress the record. If we aren't using compression then
-     * plaintext == databuf and so the uncompressed data is already in
-     * databuf. */
-    if (crSpec->decompressor) {
-        if (databuf->space < plaintext->len + SSL3_COMPRESSION_MAX_EXPANSION) {
-            rv = sslBuffer_Grow(
-                databuf, plaintext->len + SSL3_COMPRESSION_MAX_EXPANSION);
-            if (rv != SECSuccess) {
-                SSL_DBG(("%d: SSL3[%d]: HandleRecord, tried to get %d bytes",
-                         SSL_GETPID(), ss->fd,
-                         plaintext->len +
-                             SSL3_COMPRESSION_MAX_EXPANSION));
-                /* sslBuffer_Grow has set a memory error code. */
-                /* Perhaps we should send an alert. (but we have no memory!) */
-                PORT_Free(plaintext->buf);
-                return SECFailure;
-            }
-        }
-
-        rv = crSpec->decompressor(crSpec->decompressContext,
-                                  databuf->buf,
-                                  (int *)&databuf->len,
-                                  databuf->space,
-                                  plaintext->buf,
-                                  plaintext->len);
-
-        if (rv != SECSuccess) {
-            int err = ssl_MapLowLevelError(SSL_ERROR_DECOMPRESSION_FAILURE);
-            SSL3_SendAlert(ss, alert_fatal,
-                           isTLS ? decompression_failure
-                                 : bad_record_mac);
-
-            /* There appears to be a bug with (at least) Apache + OpenSSL where
-             * resumed SSLv3 connections don't actually use compression. See
-             * comments 93-95 of
-             * https://bugzilla.mozilla.org/show_bug.cgi?id=275744
-             *
-             * So, if we get a decompression error, and the record appears to
-             * be already uncompressed, then we return a more specific error
-             * code to hopefully save somebody some debugging time in the
-             * future.
-             */
-            if (plaintext->len >= 4) {
-                unsigned int len = ((unsigned int)plaintext->buf[1] << 16) |
-                                   ((unsigned int)plaintext->buf[2] << 8) |
-                                   (unsigned int)plaintext->buf[3];
-                if (len == plaintext->len - 4) {
-                    /* This appears to be uncompressed already */
-                    err = SSL_ERROR_RX_UNEXPECTED_UNCOMPRESSED_RECORD;
-                }
-            }
-
-            PORT_Free(plaintext->buf);
-            PORT_SetError(err);
-            return SECFailure;
-        }
-
-        PORT_Free(plaintext->buf);
-    }
-
-    /*
-    ** Having completed the decompression, check the length again.
-    */
-    if (isTLS && databuf->len > (MAX_FRAGMENT_LENGTH + 1024)) {
-        SSL3_SendAlert(ss, alert_fatal, record_overflow);
-        PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG);
-        return SECFailure;
-    }
-
-    /* Application data records are processed by the caller of this
-    ** function, not by this function.
-    */
-    if (rType == content_application_data) {
-        if (ss->firstHsDone)
-            return SECSuccess;
-        (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
-        PORT_SetError(SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA);
-        return SECFailure;
-    }
-
-    /* It's a record that must be handled by ssl itself, not the application.
-    */
-process_it:
-    /* XXX  Get the xmit lock here.  Odds are very high that we'll be xmiting
-     * data ang getting the xmit lock here prevents deadlocks.
-     */
-    ssl_GetSSL3HandshakeLock(ss);
-
-    /* All the functions called in this switch MUST set error code if
-    ** they return SECFailure or SECWouldBlock.
-    */
-    switch (rType) {
-        case content_change_cipher_spec:
-            rv = ssl3_HandleChangeCipherSpecs(ss, databuf);
-            break;
-        case content_alert:
-            rv = ssl3_HandleAlert(ss, databuf);
-            break;
-        case content_handshake:
-            if (!IS_DTLS(ss)) {
-                rv = ssl3_HandleHandshake(ss, databuf);
-            } else {
-                rv = dtls_HandleHandshake(ss, databuf);
-            }
-            break;
-        /*
-        case content_application_data is handled before this switch
-        */
-        default:
-            SSL_DBG(("%d: SSL3[%d]: bogus content type=%d",
-                     SSL_GETPID(), ss->fd, cText->type));
-            /* XXX Send an alert ???  */
-            PORT_SetError(SSL_ERROR_RX_UNKNOWN_RECORD_TYPE);
-            rv = SECFailure;
-            break;
-    }
-
-    ssl_ReleaseSSL3HandshakeLock(ss);
-    return rv;
-}
-
-/*
- * Initialization functions
- */
-
-/* Called from ssl3_InitState, immediately below. */
-/* Caller must hold the SpecWriteLock. */
-static void
-ssl3_InitCipherSpec(sslSocket *ss, ssl3CipherSpec *spec)
-{
-    spec->cipher_def = &bulk_cipher_defs[cipher_null];
-    PORT_Assert(spec->cipher_def->cipher == cipher_null);
-    spec->mac_def = &mac_defs[mac_null];
-    PORT_Assert(spec->mac_def->mac == mac_null);
-    spec->encode = Null_Cipher;
-    spec->decode = Null_Cipher;
-    spec->destroy = NULL;
-    spec->compressor = NULL;
-    spec->decompressor = NULL;
-    spec->destroyCompressContext = NULL;
-    spec->destroyDecompressContext = NULL;
-    spec->mac_size = 0;
-    spec->master_secret = NULL;
-    spec->bypassCiphers = PR_FALSE;
-
-    spec->msItem.data = NULL;
-    spec->msItem.len = 0;
-
-    spec->client.write_key = NULL;
-    spec->client.write_mac_key = NULL;
-    spec->client.write_mac_context = NULL;
-
-    spec->server.write_key = NULL;
-    spec->server.write_mac_key = NULL;
-    spec->server.write_mac_context = NULL;
-
-    spec->write_seq_num.high = 0;
-    spec->write_seq_num.low = 0;
-
-    spec->read_seq_num.high = 0;
-    spec->read_seq_num.low = 0;
-
-    spec->epoch = 0;
-    dtls_InitRecvdRecords(&spec->recvdRecords);
-
-    spec->version = ss->vrange.max;
-}
-
-/* Called from: ssl3_SendRecord
-**      ssl3_StartHandshakeHash() <- ssl2_BeginClientHandshake()
-**      ssl3_SendClientHello()
-**      ssl3_HandleV2ClientHello()
-**      ssl3_HandleRecord()
-**
-** This function should perhaps acquire and release the SpecWriteLock.
-**
-**
-*/
-static SECStatus
-ssl3_InitState(sslSocket *ss)
-{
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    if (ss->ssl3.initialized)
-        return SECSuccess; /* Function should be idempotent */
-
-    ss->ssl3.policy = SSL_ALLOWED;
-
-    ssl_GetSpecWriteLock(ss);
-    ss->ssl3.crSpec = ss->ssl3.cwSpec = &ss->ssl3.specs[0];
-    ss->ssl3.prSpec = ss->ssl3.pwSpec = &ss->ssl3.specs[1];
-    ss->ssl3.hs.sendingSCSV = PR_FALSE;
-    ssl3_InitCipherSpec(ss, ss->ssl3.crSpec);
-    ssl3_InitCipherSpec(ss, ss->ssl3.prSpec);
-    ss->ssl3.hs.preliminaryInfo = 0;
-
-    ss->ssl3.hs.ws = (ss->sec.isServer) ? wait_client_hello : wait_server_hello;
-#ifndef NSS_DISABLE_ECC
-    ss->ssl3.hs.negotiatedECCurves = ssl3_GetSupportedECCurveMask(ss);
-#endif
-    ssl_ReleaseSpecWriteLock(ss);
-
-    PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData));
-
-    if (IS_DTLS(ss)) {
-        ss->ssl3.hs.sendMessageSeq = 0;
-        ss->ssl3.hs.recvMessageSeq = 0;
-        ss->ssl3.hs.rtTimeoutMs = INITIAL_DTLS_TIMEOUT_MS;
-        ss->ssl3.hs.rtRetries = 0;
-        ss->ssl3.hs.recvdHighWater = -1;
-        PR_INIT_CLIST(&ss->ssl3.hs.lastMessageFlight);
-        dtls_SetMTU(ss, 0); /* Set the MTU to the highest plateau */
-    }
-
-    PR_INIT_CLIST(&ss->ssl3.hs.remoteKeyShares);
-    ss->ssl3.hs.xSS = NULL;
-    ss->ssl3.hs.xES = NULL;
-    ss->ssl3.hs.trafficSecret = NULL;
-    ss->ssl3.hs.clientFinishedSecret = NULL;
-    ss->ssl3.hs.serverFinishedSecret = NULL;
-    ss->ssl3.hs.certReqContextLen = 0;
-
-    PORT_Assert(!ss->ssl3.hs.messages.buf && !ss->ssl3.hs.messages.space);
-    ss->ssl3.hs.messages.buf = NULL;
-    ss->ssl3.hs.messages.space = 0;
-
-    ss->ssl3.hs.receivedNewSessionTicket = PR_FALSE;
-    PORT_Memset(&ss->ssl3.hs.newSessionTicket, 0,
-                sizeof(ss->ssl3.hs.newSessionTicket));
-
-    ss->ssl3.initialized = PR_TRUE;
-    return SECSuccess;
-}
-
-/* Returns a reference counted object that contains a key pair.
- * Or NULL on failure.  Initial ref count is 1.
- * Uses the keys in the pair as input.
- */
-ssl3KeyPair *
-ssl3_NewKeyPair(SECKEYPrivateKey *privKey, SECKEYPublicKey *pubKey)
-{
-    ssl3KeyPair *pair;
-
-    if (!privKey || !pubKey) {
-        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
-        return NULL;
-    }
-    pair = PORT_ZNew(ssl3KeyPair);
-    if (!pair)
-        return NULL; /* error code is set. */
-    pair->refCount = 1;
-    pair->privKey = privKey;
-    pair->pubKey = pubKey;
-    return pair; /* success */
-}
-
-ssl3KeyPair *
-ssl3_GetKeyPairRef(ssl3KeyPair *keyPair)
-{
-    PR_ATOMIC_INCREMENT(&keyPair->refCount);
-    return keyPair;
-}
-
-void
-ssl3_FreeKeyPair(ssl3KeyPair *keyPair)
-{
-    PRInt32 newCount = PR_ATOMIC_DECREMENT(&keyPair->refCount);
-    if (!newCount) {
-        if (keyPair->privKey)
-            SECKEY_DestroyPrivateKey(keyPair->privKey);
-        if (keyPair->pubKey)
-            SECKEY_DestroyPublicKey(keyPair->pubKey);
-        PORT_Free(keyPair);
-    }
-}
-
-/*
- * Creates the public and private RSA keys for SSL Step down.
- * Called from SSL_ConfigSecureServer in sslsecur.c
- */
-SECStatus
-ssl3_CreateRSAStepDownKeys(sslSocket *ss)
-{
-    SECStatus rv = SECSuccess;
-    SECKEYPrivateKey *privKey; /* RSA step down key */
-    SECKEYPublicKey *pubKey;   /* RSA step down key */
-
-    if (ss->stepDownKeyPair)
-        ssl3_FreeKeyPair(ss->stepDownKeyPair);
-    ss->stepDownKeyPair = NULL;
-#ifndef HACKED_EXPORT_SERVER
-    /* Sigh, should have a get key strength call for private keys */
-    if (PK11_GetPrivateModulusLen(ss->serverCerts[kt_rsa].SERVERKEY) >
-        EXPORT_RSA_KEY_LENGTH) {
-        /* need to ask for the key size in bits */
-        privKey = SECKEY_CreateRSAPrivateKey(EXPORT_RSA_KEY_LENGTH * BPB,
-                                             &pubKey, NULL);
-        if (!privKey || !pubKey ||
-            !(ss->stepDownKeyPair = ssl3_NewKeyPair(privKey, pubKey))) {
-            ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
-            rv = SECFailure;
-        }
-    }
-#endif
-    return rv;
-}
-
-/* record the export policy for this cipher suite */
-SECStatus
-ssl3_SetPolicy(ssl3CipherSuite which, int policy)
-{
-    ssl3CipherSuiteCfg *suite;
-
-    suite = ssl_LookupCipherSuiteCfg(which, cipherSuites);
-    if (suite == NULL) {
-        return SECFailure; /* err code was set by ssl_LookupCipherSuiteCfg */
-    }
-    suite->policy = policy;
-
-    return SECSuccess;
-}
-
-SECStatus
-ssl3_GetPolicy(ssl3CipherSuite which, PRInt32 *oPolicy)
-{
-    ssl3CipherSuiteCfg *suite;
-    PRInt32 policy;
-    SECStatus rv;
-
-    suite = ssl_LookupCipherSuiteCfg(which, cipherSuites);
-    if (suite) {
-        policy = suite->policy;
-        rv = SECSuccess;
-    } else {
-        policy = SSL_NOT_ALLOWED;
-        rv = SECFailure; /* err code was set by Lookup. */
-    }
-    *oPolicy = policy;
-    return rv;
-}
-
-/* record the user preference for this suite */
-SECStatus
-ssl3_CipherPrefSetDefault(ssl3CipherSuite which, PRBool enabled)
-{
-    ssl3CipherSuiteCfg *suite;
-
-    suite = ssl_LookupCipherSuiteCfg(which, cipherSuites);
-    if (suite == NULL) {
-        return SECFailure; /* err code was set by ssl_LookupCipherSuiteCfg */
-    }
-    suite->enabled = enabled;
-    return SECSuccess;
-}
-
-/* return the user preference for this suite */
-SECStatus
-ssl3_CipherPrefGetDefault(ssl3CipherSuite which, PRBool *enabled)
-{
-    ssl3CipherSuiteCfg *suite;
-    PRBool pref;
-    SECStatus rv;
-
-    suite = ssl_LookupCipherSuiteCfg(which, cipherSuites);
-    if (suite) {
-        pref = suite->enabled;
-        rv = SECSuccess;
-    } else {
-        pref = SSL_NOT_ALLOWED;
-        rv = SECFailure; /* err code was set by Lookup. */
-    }
-    *enabled = pref;
-    return rv;
-}
-
-SECStatus
-ssl3_CipherPrefSet(sslSocket *ss, ssl3CipherSuite which, PRBool enabled)
-{
-    ssl3CipherSuiteCfg *suite;
-
-    suite = ssl_LookupCipherSuiteCfg(which, ss->cipherSuites);
-    if (suite == NULL) {
-        return SECFailure; /* err code was set by ssl_LookupCipherSuiteCfg */
-    }
-    suite->enabled = enabled;
-    return SECSuccess;
-}
-
-SECStatus
-ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool *enabled)
-{
-    ssl3CipherSuiteCfg *suite;
-    PRBool pref;
-    SECStatus rv;
-
-    suite = ssl_LookupCipherSuiteCfg(which, ss->cipherSuites);
-    if (suite) {
-        pref = suite->enabled;
-        rv = SECSuccess;
-    } else {
-        pref = SSL_NOT_ALLOWED;
-        rv = SECFailure; /* err code was set by Lookup. */
-    }
-    *enabled = pref;
-    return rv;
-}
-
-SECStatus
-SSL_SignaturePrefSet(PRFileDesc *fd, const SSLSignatureAndHashAlg *algorithms,
-                     unsigned int count)
-{
-    sslSocket *ss;
-    unsigned int i;
-
-    ss = ssl_FindSocket(fd);
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SignaturePrefSet",
-                 SSL_GETPID(), fd));
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-
-    if (!count || count > MAX_SIGNATURE_ALGORITHMS) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-
-    ss->ssl3.signatureAlgorithmCount = 0;
-    for (i = 0; i < count; ++i) {
-        if (!ssl3_IsSupportedSignatureAlgorithm(&algorithms[i])) {
-            SSL_DBG(("%d: SSL[%d]: invalid signature algorithm set %d/%d",
-                     SSL_GETPID(), fd, algorithms[i].sigAlg,
-                     algorithms[i].hashAlg));
-            continue;
-        }
-
-        ss->ssl3.signatureAlgorithms[ss->ssl3.signatureAlgorithmCount++] =
-            algorithms[i];
-    }
-
-    if (ss->ssl3.signatureAlgorithmCount == 0) {
-        PORT_SetError(SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM);
-        return SECFailure;
-    }
-    return SECSuccess;
-}
-
-SECStatus
-SSL_SignaturePrefGet(PRFileDesc *fd, SSLSignatureAndHashAlg *algorithms,
-                     unsigned int *count, unsigned int maxCount)
-{
-    sslSocket *ss;
-    unsigned int requiredSpace;
-
-    ss = ssl_FindSocket(fd);
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SignaturePrefGet",
-                 SSL_GETPID(), fd));
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-
-    if (!algorithms || !count ||
-        maxCount < ss->ssl3.signatureAlgorithmCount) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-
-    requiredSpace =
-        ss->ssl3.signatureAlgorithmCount * sizeof(SSLSignatureAndHashAlg);
-    PORT_Memcpy(algorithms, ss->ssl3.signatureAlgorithms, requiredSpace);
-    *count = ss->ssl3.signatureAlgorithmCount;
-    return SECSuccess;
-}
-
-unsigned int
-SSL_SignatureMaxCount()
-{
-    return MAX_SIGNATURE_ALGORITHMS;
-}
-
-SECStatus
-ssl3_CipherOrderSet(sslSocket *ss, const ssl3CipherSuite *ciphers, unsigned int len)
-{
-    /* |i| iterates over |ciphers| while |done| and |j| iterate over
-     * |ss->cipherSuites|. */
-    unsigned int i, done;
-
-    for (i = done = 0; i < len; i++) {
-        PRUint16 id = ciphers[i];
-        unsigned int existingIndex, j;
-        PRBool found = PR_FALSE;
-
-        for (j = done; j < ssl_V3_SUITES_IMPLEMENTED; j++) {
-            if (ss->cipherSuites[j].cipher_suite == id) {
-                existingIndex = j;
-                found = PR_TRUE;
-                break;
-            }
-        }
-
-        if (!found) {
-            continue;
-        }
-
-        if (existingIndex != done) {
-            const ssl3CipherSuiteCfg temp = ss->cipherSuites[done];
-            ss->cipherSuites[done] = ss->cipherSuites[existingIndex];
-            ss->cipherSuites[existingIndex] = temp;
-        }
-        done++;
-    }
-
-    /* Disable all cipher suites that weren't included. */
-    for (; done < ssl_V3_SUITES_IMPLEMENTED; done++) {
-        ss->cipherSuites[done].enabled = 0;
-    }
-
-    return SECSuccess;
-}
-
-/* copy global default policy into socket. */
-void
-ssl3_InitSocketPolicy(sslSocket *ss)
-{
-    PORT_Memcpy(ss->cipherSuites, cipherSuites, sizeof cipherSuites);
-    PORT_Memcpy(ss->ssl3.signatureAlgorithms, defaultSignatureAlgorithms,
-                sizeof(defaultSignatureAlgorithms));
-    ss->ssl3.signatureAlgorithmCount = PR_ARRAY_SIZE(defaultSignatureAlgorithms);
-}
-
-SECStatus
-ssl3_GetTLSUniqueChannelBinding(sslSocket *ss,
-                                unsigned char *out,
-                                unsigned int *outLen,
-                                unsigned int outLenMax)
-{
-    PRBool isTLS;
-    int index = 0;
-    unsigned int len;
-    SECStatus rv = SECFailure;
-
-    *outLen = 0;
-
-    ssl_GetSSL3HandshakeLock(ss);
-
-    ssl_GetSpecReadLock(ss);
-    isTLS = (PRBool)(ss->ssl3.cwSpec->version > SSL_LIBRARY_VERSION_3_0);
-    ssl_ReleaseSpecReadLock(ss);
-
-    /* The tls-unique channel binding is the first Finished structure in the
-     * handshake. In the case of a resumption, that's the server's Finished.
-     * Otherwise, it's the client's Finished. */
-    len = ss->ssl3.hs.finishedBytes;
-
-    /* Sending or receiving a Finished message will set finishedBytes to a
-     * non-zero value. */
-    if (len == 0) {
-        PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED);
-        goto loser;
-    }
-
-    /* If we are in the middle of a renegotiation then the channel binding
-     * value is poorly defined and depends on the direction that it will be
-     * used on. Therefore we simply return an error in this case. */
-    if (ss->firstHsDone && ss->ssl3.hs.ws != idle_handshake) {
-        PORT_SetError(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED);
-        goto loser;
-    }
-
-    /* If resuming, then we want the second Finished value in the array, which
-     * is the server's */
-    if (ss->ssl3.hs.isResuming)
-        index = 1;
-
-    *outLen = len;
-    if (outLenMax < len) {
-        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
-        goto loser;
-    }
-
-    if (isTLS) {
-        memcpy(out, &ss->ssl3.hs.finishedMsgs.tFinished[index], len);
-    } else {
-        memcpy(out, &ss->ssl3.hs.finishedMsgs.sFinished[index], len);
-    }
-
-    rv = SECSuccess;
-
-loser:
-    ssl_ReleaseSSL3HandshakeLock(ss);
-    return rv;
-}
-
-/* ssl3_config_match_init must have already been called by
- * the caller of this function.
- */
-SECStatus
-ssl3_ConstructV2CipherSpecsHack(sslSocket *ss, unsigned char *cs, int *size)
-{
-    int i, count = 0;
-
-    PORT_Assert(ss != 0);
-    if (!ss) {
-        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
-        return SECFailure;
-    }
-    if (SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) {
-        *size = 0;
-        return SECSuccess;
-    }
-    if (cs == NULL) {
-        *size = count_cipher_suites(ss, SSL_ALLOWED, PR_TRUE);
-        return SECSuccess;
-    }
-
-    /* ssl3_config_match_init was called by the caller of this function. */
-    for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
-        ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i];
-        if (config_match(suite, SSL_ALLOWED, PR_TRUE, &ss->vrange, ss)) {
-            if (cs != NULL) {
-                *cs++ = 0x00;
-                *cs++ = (suite->cipher_suite >> 8) & 0xFF;
-                *cs++ = suite->cipher_suite & 0xFF;
-            }
-            count++;
-        }
-    }
-    *size = count;
-    return SECSuccess;
-}
-
-/*
-** If ssl3 socket has completed the first handshake, and is in idle state,
-** then start a new handshake.
-** If flushCache is true, the SID cache will be flushed first, forcing a
-** "Full" handshake (not a session restart handshake), to be done.
-**
-** called from SSL_RedoHandshake(), which already holds the handshake locks.
-*/
-SECStatus
-ssl3_RedoHandshake(sslSocket *ss, PRBool flushCache)
-{
-    sslSessionID *sid = ss->sec.ci.sid;
-    SECStatus rv;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    if (!ss->firstHsDone ||
-        ((ss->version >= SSL_LIBRARY_VERSION_3_0) &&
-         ss->ssl3.initialized &&
-         (ss->ssl3.hs.ws != idle_handshake))) {
-        PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED);
-        return SECFailure;
-    }
-
-    if (IS_DTLS(ss)) {
-        dtls_RehandshakeCleanup(ss);
-    }
-
-    if (ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER) {
-        PORT_SetError(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED);
-        return SECFailure;
-    }
-    if (sid && flushCache) {
-        if (ss->sec.uncache)
-            ss->sec.uncache(sid); /* remove it from whichever cache it's in. */
-        ssl_FreeSID(sid);         /* dec ref count and free if zero. */
-        ss->sec.ci.sid = NULL;
-    }
-
-    ssl_GetXmitBufLock(ss); /**************************************/
-
-    /* start off a new handshake. */
-    rv = (ss->sec.isServer) ? ssl3_SendHelloRequest(ss)
-                            : ssl3_SendClientHello(ss, PR_FALSE);
-
-    ssl_ReleaseXmitBufLock(ss); /**************************************/
-    return rv;
-}
-
-/* Called from ssl_DestroySocketContents() in sslsock.c */
-void
-ssl3_DestroySSL3Info(sslSocket *ss)
-{
-
-    if (ss->ssl3.clientCertificate != NULL)
-        CERT_DestroyCertificate(ss->ssl3.clientCertificate);
-
-    if (ss->ssl3.clientPrivateKey != NULL)
-        SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
-
-    if (ss->ssl3.channelID)
-        SECKEY_DestroyPrivateKey(ss->ssl3.channelID);
-    if (ss->ssl3.channelIDPub)
-        SECKEY_DestroyPublicKey(ss->ssl3.channelIDPub);
-
-    if (ss->ssl3.peerCertArena != NULL)
-        ssl3_CleanupPeerCerts(ss);
-
-    if (ss->ssl3.clientCertChain != NULL) {
-        CERT_DestroyCertificateList(ss->ssl3.clientCertChain);
-        ss->ssl3.clientCertChain = NULL;
-    }
-
-/* clean up handshake */
-#ifndef NO_PKCS11_BYPASS
-    if (ss->opt.bypassPKCS11) {
-        if (ss->ssl3.hs.hashType == handshake_hash_combo) {
-            SHA1_DestroyContext((SHA1Context *)ss->ssl3.hs.sha_cx, PR_FALSE);
-            MD5_DestroyContext((MD5Context *)ss->ssl3.hs.md5_cx, PR_FALSE);
-        } else if (ss->ssl3.hs.hashType == handshake_hash_single) {
-            ss->ssl3.hs.sha_obj->destroy(ss->ssl3.hs.sha_cx, PR_FALSE);
-        }
-    }
-#endif
-    if (ss->ssl3.hs.md5) {
-        PK11_DestroyContext(ss->ssl3.hs.md5, PR_TRUE);
-    }
-    if (ss->ssl3.hs.sha) {
-        PK11_DestroyContext(ss->ssl3.hs.sha, PR_TRUE);
-    }
-    if (ss->ssl3.hs.clientSigAndHash) {
-        PORT_Free(ss->ssl3.hs.clientSigAndHash);
-    }
-    if (ss->ssl3.hs.messages.buf) {
-        PORT_Free(ss->ssl3.hs.messages.buf);
-        ss->ssl3.hs.messages.buf = NULL;
-        ss->ssl3.hs.messages.len = 0;
-        ss->ssl3.hs.messages.space = 0;
-    }
-
-    /* free the SSL3Buffer (msg_body) */
-    PORT_Free(ss->ssl3.hs.msg_body.buf);
-
-    SECITEM_FreeItem(&ss->ssl3.hs.newSessionTicket.ticket, PR_FALSE);
-
-    /* free up the CipherSpecs */
-    ssl3_DestroyCipherSpec(&ss->ssl3.specs[0], PR_TRUE /*freeSrvName*/);
-    ssl3_DestroyCipherSpec(&ss->ssl3.specs[1], PR_TRUE /*freeSrvName*/);
-
-    /* Destroy the DTLS data */
-    if (IS_DTLS(ss)) {
-        dtls_FreeHandshakeMessages(&ss->ssl3.hs.lastMessageFlight);
-        if (ss->ssl3.hs.recvdFragments.buf) {
-            PORT_Free(ss->ssl3.hs.recvdFragments.buf);
-        }
-    }
-
-    /* Destroy TLS 1.3 handshake shares */
-    tls13_DestroyKeyShares(&ss->ssl3.hs.remoteKeyShares);
-
-    /* Destroy TLS 1.3 keys */
-    if (ss->ssl3.hs.xSS)
-        PK11_FreeSymKey(ss->ssl3.hs.xSS);
-    if (ss->ssl3.hs.xES)
-        PK11_FreeSymKey(ss->ssl3.hs.xES);
-    if (ss->ssl3.hs.trafficSecret)
-        PK11_FreeSymKey(ss->ssl3.hs.trafficSecret);
-    if (ss->ssl3.hs.clientFinishedSecret)
-        PK11_FreeSymKey(ss->ssl3.hs.clientFinishedSecret);
-    if (ss->ssl3.hs.serverFinishedSecret)
-        PK11_FreeSymKey(ss->ssl3.hs.serverFinishedSecret);
-
-    if (ss->ssl3.dheGroups) {
-        PORT_Free(ss->ssl3.dheGroups);
-    }
-
-    ss->ssl3.initialized = PR_FALSE;
-
-    SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE);
-}
-
-#define MAP_NULL(x) (((x) != 0) ? (x) : SEC_OID_NULL_CIPHER)
-
-SECStatus
-ssl3_ApplyNSSPolicy(void)
-{
-    unsigned i;
-    SECStatus rv;
-    PRUint32 policy = 0;
-
-    rv = NSS_GetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY, &policy);
-    if (rv != SECSuccess || !(policy & NSS_USE_POLICY_IN_SSL)) {
-        return SECSuccess; /* do nothing */
-    }
-
-    /* disable every ciphersuite */
-    for (i = 1; i < PR_ARRAY_SIZE(cipher_suite_defs); ++i) {
-        const ssl3CipherSuiteDef *suite = &cipher_suite_defs[i];
-        SECOidTag policyOid;
-
-        policyOid = MAP_NULL(kea_defs[suite->key_exchange_alg].oid);
-        rv = NSS_GetAlgorithmPolicy(policyOid, &policy);
-        if (rv == SECSuccess && !(policy & NSS_USE_ALG_IN_SSL_KX)) {
-            ssl_CipherPrefSetDefault(suite->cipher_suite, PR_FALSE);
-            ssl_CipherPolicySet(suite->cipher_suite, SSL_NOT_ALLOWED);
-            continue;
-        }
-
-        policyOid = MAP_NULL(bulk_cipher_defs[suite->bulk_cipher_alg].oid);
-        rv = NSS_GetAlgorithmPolicy(policyOid, &policy);
-        if (rv == SECSuccess && !(policy & NSS_USE_ALG_IN_SSL)) {
-            ssl_CipherPrefSetDefault(suite->cipher_suite, PR_FALSE);
-            ssl_CipherPolicySet(suite->cipher_suite, SSL_NOT_ALLOWED);
-            continue;
-        }
-
-        if (bulk_cipher_defs[suite->bulk_cipher_alg].type != type_aead) {
-            policyOid = MAP_NULL(mac_defs[suite->mac_alg].oid);
-            rv = NSS_GetAlgorithmPolicy(policyOid, &policy);
-            if (rv == SECSuccess && !(policy & NSS_USE_ALG_IN_SSL)) {
-                ssl_CipherPrefSetDefault(suite->cipher_suite, PR_FALSE);
-                ssl_CipherPolicySet(suite->cipher_suite,
-                                    SSL_NOT_ALLOWED);
-                continue;
-            }
-        }
-    }
-
-    rv = ssl3_ConstrainRangeByPolicy();
-
-    return rv;
-}
-
-/* End of ssl3con.c */
diff --git a/chromium/net/third_party/nss/ssl/ssl3ecc.c b/chromium/net/third_party/nss/ssl/ssl3ecc.c
deleted file mode 100644
index c8e9d06b587..00000000000
--- a/chromium/net/third_party/nss/ssl/ssl3ecc.c
+++ /dev/null
@@ -1,1481 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
-/*
- * SSL3 Protocol
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-/* ECC code moved here from ssl3con.c */
-
-#include "nss.h"
-#include "cert.h"
-#include "ssl.h"
-#include "cryptohi.h" /* for DSAU_ stuff */
-#include "keyhi.h"
-#include "secder.h"
-#include "secitem.h"
-
-#include "sslimpl.h"
-#include "sslproto.h"
-#include "sslerr.h"
-#include "prtime.h"
-#include "prinrval.h"
-#include "prerror.h"
-#include "pratom.h"
-#include "prthread.h"
-#include "prinit.h"
-
-#include "pk11func.h"
-#include "secmod.h"
-
-#include <stdio.h>
-
-#ifndef NSS_DISABLE_ECC
-
-#ifndef PK11_SETATTRS
-#define PK11_SETATTRS(x, id, v, l) \
-    (x)->type = (id);              \
-    (x)->pValue = (v);             \
-    (x)->ulValueLen = (l);
-#endif
-
-#define SSL_GET_SERVER_PUBLIC_KEY(sock, type)                                          \
-    (ss->serverCerts[type].serverKeyPair ? ss->serverCerts[type].serverKeyPair->pubKey \
-                                         : NULL)
-
-#define SSL_IS_CURVE_NEGOTIATED(curvemsk, curveName) \
-    ((curveName > ec_noName) &&                      \
-     (curveName < ec_pastLastName) &&                \
-     ((1UL << curveName) & curvemsk) != 0)
-
-static SECStatus ssl3_CreateECDHEphemeralKeys(sslSocket *ss, ECName ec_curve);
-
-#define supportedCurve(x) (((x) > ec_noName) && ((x) < ec_pastLastName))
-
-/* Table containing OID tags for elliptic curves named in the
- * ECC-TLS IETF draft.
- */
-static const SECOidTag ecName2OIDTag[] = {
-    0,
-    SEC_OID_SECG_EC_SECT163K1, /*  1 */
-    SEC_OID_SECG_EC_SECT163R1, /*  2 */
-    SEC_OID_SECG_EC_SECT163R2, /*  3 */
-    SEC_OID_SECG_EC_SECT193R1, /*  4 */
-    SEC_OID_SECG_EC_SECT193R2, /*  5 */
-    SEC_OID_SECG_EC_SECT233K1, /*  6 */
-    SEC_OID_SECG_EC_SECT233R1, /*  7 */
-    SEC_OID_SECG_EC_SECT239K1, /*  8 */
-    SEC_OID_SECG_EC_SECT283K1, /*  9 */
-    SEC_OID_SECG_EC_SECT283R1, /* 10 */
-    SEC_OID_SECG_EC_SECT409K1, /* 11 */
-    SEC_OID_SECG_EC_SECT409R1, /* 12 */
-    SEC_OID_SECG_EC_SECT571K1, /* 13 */
-    SEC_OID_SECG_EC_SECT571R1, /* 14 */
-    SEC_OID_SECG_EC_SECP160K1, /* 15 */
-    SEC_OID_SECG_EC_SECP160R1, /* 16 */
-    SEC_OID_SECG_EC_SECP160R2, /* 17 */
-    SEC_OID_SECG_EC_SECP192K1, /* 18 */
-    SEC_OID_SECG_EC_SECP192R1, /* 19 */
-    SEC_OID_SECG_EC_SECP224K1, /* 20 */
-    SEC_OID_SECG_EC_SECP224R1, /* 21 */
-    SEC_OID_SECG_EC_SECP256K1, /* 22 */
-    SEC_OID_SECG_EC_SECP256R1, /* 23 */
-    SEC_OID_SECG_EC_SECP384R1, /* 24 */
-    SEC_OID_SECG_EC_SECP521R1, /* 25 */
-};
-
-static const PRUint16 curve2bits[] = {
-    0,    /*  ec_noName     = 0,   */
-    163,  /*  ec_sect163k1  = 1,   */
-    163,  /*  ec_sect163r1  = 2,   */
-    163,  /*  ec_sect163r2  = 3,   */
-    193,  /*  ec_sect193r1  = 4,   */
-    193,  /*  ec_sect193r2  = 5,   */
-    233,  /*  ec_sect233k1  = 6,   */
-    233,  /*  ec_sect233r1  = 7,   */
-    239,  /*  ec_sect239k1  = 8,   */
-    283,  /*  ec_sect283k1  = 9,   */
-    283,  /*  ec_sect283r1  = 10,  */
-    409,  /*  ec_sect409k1  = 11,  */
-    409,  /*  ec_sect409r1  = 12,  */
-    571,  /*  ec_sect571k1  = 13,  */
-    571,  /*  ec_sect571r1  = 14,  */
-    160,  /*  ec_secp160k1  = 15,  */
-    160,  /*  ec_secp160r1  = 16,  */
-    160,  /*  ec_secp160r2  = 17,  */
-    192,  /*  ec_secp192k1  = 18,  */
-    192,  /*  ec_secp192r1  = 19,  */
-    224,  /*  ec_secp224k1  = 20,  */
-    224,  /*  ec_secp224r1  = 21,  */
-    256,  /*  ec_secp256k1  = 22,  */
-    256,  /*  ec_secp256r1  = 23,  */
-    384,  /*  ec_secp384r1  = 24,  */
-    521,  /*  ec_secp521r1  = 25,  */
-    65535 /*  ec_pastLastName      */
-};
-
-typedef struct Bits2CurveStr {
-    PRUint16 bits;
-    ECName curve;
-} Bits2Curve;
-
-static const Bits2Curve bits2curve[] = {
-    { 192, ec_secp192r1 /*  = 19,  fast */ },
-    { 160, ec_secp160r2 /*  = 17,  fast */ },
-    { 160, ec_secp160k1 /*  = 15,  */ },
-    { 160, ec_secp160r1 /*  = 16,  */ },
-    { 163, ec_sect163k1 /*  = 1,   */ },
-    { 163, ec_sect163r1 /*  = 2,   */ },
-    { 163, ec_sect163r2 /*  = 3,   */ },
-    { 192, ec_secp192k1 /*  = 18,  */ },
-    { 193, ec_sect193r1 /*  = 4,   */ },
-    { 193, ec_sect193r2 /*  = 5,   */ },
-    { 224, ec_secp224r1 /*  = 21,  fast */ },
-    { 224, ec_secp224k1 /*  = 20,  */ },
-    { 233, ec_sect233k1 /*  = 6,   */ },
-    { 233, ec_sect233r1 /*  = 7,   */ },
-    { 239, ec_sect239k1 /*  = 8,   */ },
-    { 256, ec_secp256r1 /*  = 23,  fast */ },
-    { 256, ec_secp256k1 /*  = 22,  */ },
-    { 283, ec_sect283k1 /*  = 9,   */ },
-    { 283, ec_sect283r1 /*  = 10,  */ },
-    { 384, ec_secp384r1 /*  = 24,  fast */ },
-    { 409, ec_sect409k1 /*  = 11,  */ },
-    { 409, ec_sect409r1 /*  = 12,  */ },
-    { 521, ec_secp521r1 /*  = 25,  fast */ },
-    { 571, ec_sect571k1 /*  = 13,  */ },
-    { 571, ec_sect571r1 /*  = 14,  */ },
-    { 65535, ec_noName }
-};
-
-typedef struct ECDHEKeyPairStr {
-    ssl3KeyPair *pair;
-    int error; /* error code of the call-once function */
-    PRCallOnceType once;
-} ECDHEKeyPair;
-
-/* arrays of ECDHE KeyPairs */
-static ECDHEKeyPair gECDHEKeyPairs[ec_pastLastName];
-
-SECStatus
-ssl3_ECName2Params(PLArenaPool *arena, ECName curve, SECKEYECParams *params)
-{
-    SECOidData *oidData = NULL;
-    PRUint32 policyFlags = 0;
-
-    if ((curve <= ec_noName) || (curve >= ec_pastLastName) ||
-        ((oidData = SECOID_FindOIDByTag(ecName2OIDTag[curve])) == NULL)) {
-        PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
-        return SECFailure;
-    }
-
-    if ((NSS_GetAlgorithmPolicy(ecName2OIDTag[curve], &policyFlags) ==
-         SECSuccess) &&
-        !(policyFlags & NSS_USE_ALG_IN_SSL_KX)) {
-        PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
-        return SECFailure;
-    }
-
-    SECITEM_AllocItem(arena, params, (2 + oidData->oid.len));
-    /*
-     * params->data needs to contain the ASN encoding of an object ID (OID)
-     * representing the named curve. The actual OID is in
-     * oidData->oid.data so we simply prepend 0x06 and OID length
-     */
-    params->data[0] = SEC_ASN1_OBJECT_ID;
-    params->data[1] = oidData->oid.len;
-    memcpy(params->data + 2, oidData->oid.data, oidData->oid.len);
-
-    return SECSuccess;
-}
-
-ECName
-ssl3_PubKey2ECName(SECKEYPublicKey *pubKey)
-{
-    SECItem oid = { siBuffer, NULL, 0 };
-    SECOidData *oidData = NULL;
-    PRUint32 policyFlags = 0;
-    ECName i;
-    SECKEYECParams *params;
-
-    if (pubKey->keyType != ecKey) {
-        PORT_Assert(0);
-        return ec_noName;
-    }
-
-    params = &pubKey->u.ec.DEREncodedParams;
-
-    /*
-     * params->data needs to contain the ASN encoding of an object ID (OID)
-     * representing a named curve. Here, we strip away everything
-     * before the actual OID and use the OID to look up a named curve.
-     */
-    if (params->data[0] != SEC_ASN1_OBJECT_ID)
-        return ec_noName;
-    oid.len = params->len - 2;
-    oid.data = params->data + 2;
-    if ((oidData = SECOID_FindOID(&oid)) == NULL)
-        return ec_noName;
-    if ((NSS_GetAlgorithmPolicy(oidData->offset, &policyFlags) ==
-         SECSuccess) &&
-        !(policyFlags & NSS_USE_ALG_IN_SSL_KX)) {
-        return ec_noName;
-    }
-    for (i = ec_noName + 1; i < ec_pastLastName; i++) {
-        if (ecName2OIDTag[i] == oidData->offset)
-            return i;
-    }
-
-    return ec_noName;
-}
-
-/* Caller must set hiLevel error code. */
-static SECStatus
-ssl3_ComputeECDHKeyHash(SSLHashType hashAlg,
-                        SECItem ec_params, SECItem server_ecpoint,
-                        SSL3Random *client_rand, SSL3Random *server_rand,
-                        SSL3Hashes *hashes, PRBool bypassPKCS11)
-{
-    PRUint8 *hashBuf;
-    PRUint8 *pBuf;
-    SECStatus rv = SECSuccess;
-    unsigned int bufLen;
-    /*
-     * XXX For now, we only support named curves (the appropriate
-     * checks are made before this method is called) so ec_params
-     * takes up only two bytes. ECPoint needs to fit in 256 bytes
-     * (because the spec says the length must fit in one byte)
-     */
-    PRUint8 buf[2 * SSL3_RANDOM_LENGTH + 2 + 1 + 256];
-
-    bufLen = 2 * SSL3_RANDOM_LENGTH + ec_params.len + 1 + server_ecpoint.len;
-    if (bufLen <= sizeof buf) {
-        hashBuf = buf;
-    } else {
-        hashBuf = PORT_Alloc(bufLen);
-        if (!hashBuf) {
-            return SECFailure;
-        }
-    }
-
-    memcpy(hashBuf, client_rand, SSL3_RANDOM_LENGTH);
-    pBuf = hashBuf + SSL3_RANDOM_LENGTH;
-    memcpy(pBuf, server_rand, SSL3_RANDOM_LENGTH);
-    pBuf += SSL3_RANDOM_LENGTH;
-    memcpy(pBuf, ec_params.data, ec_params.len);
-    pBuf += ec_params.len;
-    pBuf[0] = (PRUint8)(server_ecpoint.len);
-    pBuf += 1;
-    memcpy(pBuf, server_ecpoint.data, server_ecpoint.len);
-    pBuf += server_ecpoint.len;
-    PORT_Assert((unsigned int)(pBuf - hashBuf) == bufLen);
-
-    rv = ssl3_ComputeCommonKeyHash(hashAlg, hashBuf, bufLen, hashes,
-                                   bypassPKCS11);
-
-    PRINT_BUF(95, (NULL, "ECDHkey hash: ", hashBuf, bufLen));
-    PRINT_BUF(95, (NULL, "ECDHkey hash: MD5 result",
-                   hashes->u.s.md5, MD5_LENGTH));
-    PRINT_BUF(95, (NULL, "ECDHkey hash: SHA1 result",
-                   hashes->u.s.sha, SHA1_LENGTH));
-
-    if (hashBuf != buf)
-        PORT_Free(hashBuf);
-    return rv;
-}
-
-/* Called from ssl3_SendClientKeyExchange(). */
-SECStatus
-ssl3_SendECDHClientKeyExchange(sslSocket *ss, SECKEYPublicKey *svrPubKey)
-{
-    PK11SymKey *pms = NULL;
-    SECStatus rv = SECFailure;
-    PRBool isTLS, isTLS12;
-    CK_MECHANISM_TYPE target;
-    SECKEYPublicKey *pubKey = NULL;   /* Ephemeral ECDH key */
-    SECKEYPrivateKey *privKey = NULL; /* Ephemeral ECDH key */
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
-
-    isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0);
-    isTLS12 = (PRBool)(ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
-
-    /* Generate ephemeral EC keypair */
-    if (svrPubKey->keyType != ecKey) {
-        PORT_SetError(SEC_ERROR_BAD_KEY);
-        goto loser;
-    }
-    /* XXX SHOULD CALL ssl3_CreateECDHEphemeralKeys here, instead! */
-    privKey = SECKEY_CreateECPrivateKey(&svrPubKey->u.ec.DEREncodedParams,
-                                        &pubKey, ss->pkcs11PinArg);
-    if (!privKey || !pubKey) {
-        ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
-        rv = SECFailure;
-        goto loser;
-    }
-    PRINT_BUF(50, (ss, "ECDH public value:",
-                   pubKey->u.ec.publicValue.data,
-                   pubKey->u.ec.publicValue.len));
-
-    if (isTLS12) {
-        target = CKM_TLS12_MASTER_KEY_DERIVE_DH;
-    } else if (isTLS) {
-        target = CKM_TLS_MASTER_KEY_DERIVE_DH;
-    } else {
-        target = CKM_SSL3_MASTER_KEY_DERIVE_DH;
-    }
-
-    /*  Determine the PMS */
-    pms = PK11_PubDeriveWithKDF(privKey, svrPubKey, PR_FALSE, NULL, NULL,
-                                CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0,
-                                CKD_NULL, NULL, NULL);
-
-    if (pms == NULL) {
-        SSL3AlertDescription desc = illegal_parameter;
-        (void)SSL3_SendAlert(ss, alert_fatal, desc);
-        ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
-        goto loser;
-    }
-
-    SECKEY_DestroyPrivateKey(privKey);
-    privKey = NULL;
-
-    rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange,
-                                    pubKey->u.ec.publicValue.len + 1);
-    if (rv != SECSuccess) {
-        goto loser; /* err set by ssl3_AppendHandshake* */
-    }
-
-    rv = ssl3_AppendHandshakeVariable(ss,
-                                      pubKey->u.ec.publicValue.data,
-                                      pubKey->u.ec.publicValue.len, 1);
-    SECKEY_DestroyPublicKey(pubKey);
-    pubKey = NULL;
-
-    if (rv != SECSuccess) {
-        goto loser; /* err set by ssl3_AppendHandshake* */
-    }
-
-    rv = ssl3_InitPendingCipherSpec(ss, pms);
-    PK11_FreeSymKey(pms);
-    pms = NULL;
-
-    if (rv != SECSuccess) {
-        ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
-        goto loser;
-    }
-
-    rv = SECSuccess;
-
-loser:
-    if (pms)
-        PK11_FreeSymKey(pms);
-    if (privKey)
-        SECKEY_DestroyPrivateKey(privKey);
-    if (pubKey)
-        SECKEY_DestroyPublicKey(pubKey);
-    return rv;
-}
-
-ECName
-tls13_GroupForECDHEKeyShare(ssl3KeyPair *pair)
-{
-    return ssl3_PubKey2ECName(pair->pubKey);
-}
-
-/* This function returns the size of the key_exchange field in
- * the KeyShareEntry structure. */
-unsigned int
-tls13_SizeOfECDHEKeyShareKEX(ssl3KeyPair *pair)
-{
-    return 1 + /* Length */
-           pair->pubKey->u.ec.publicValue.len;
-}
-
-/* This function encodes the key_exchange field in
- * the KeyShareEntry structure. */
-SECStatus
-tls13_EncodeECDHEKeyShareKEX(sslSocket *ss, ssl3KeyPair *pair)
-{
-    const SECItem *publicValue;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
-
-    publicValue = &pair->pubKey->u.ec.publicValue;
-
-    return ssl3_AppendHandshakeVariable(ss, publicValue->data,
-                                        publicValue->len, 1);
-}
-
-/*
-** Called from ssl3_HandleClientKeyExchange()
-*/
-SECStatus
-ssl3_HandleECDHClientKeyExchange(sslSocket *ss, SSL3Opaque *b,
-                                 PRUint32 length,
-                                 SECKEYPublicKey *srvrPubKey,
-                                 SECKEYPrivateKey *srvrPrivKey)
-{
-    PK11SymKey *pms;
-    SECStatus rv;
-    SECKEYPublicKey clntPubKey;
-    CK_MECHANISM_TYPE target;
-    PRBool isTLS, isTLS12;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    clntPubKey.keyType = ecKey;
-    clntPubKey.u.ec.DEREncodedParams.len =
-        srvrPubKey->u.ec.DEREncodedParams.len;
-    clntPubKey.u.ec.DEREncodedParams.data =
-        srvrPubKey->u.ec.DEREncodedParams.data;
-
-    rv = ssl3_ConsumeHandshakeVariable(ss, &clntPubKey.u.ec.publicValue,
-                                       1, &b, &length);
-    if (rv != SECSuccess) {
-        SEND_ALERT
-        return SECFailure; /* XXX Who sets the error code?? */
-    }
-
-    isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0);
-    isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
-
-    if (isTLS12) {
-        target = CKM_TLS12_MASTER_KEY_DERIVE_DH;
-    } else if (isTLS) {
-        target = CKM_TLS_MASTER_KEY_DERIVE_DH;
-    } else {
-        target = CKM_SSL3_MASTER_KEY_DERIVE_DH;
-    }
-
-    /*  Determine the PMS */
-    pms = PK11_PubDeriveWithKDF(srvrPrivKey, &clntPubKey, PR_FALSE, NULL, NULL,
-                                CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0,
-                                CKD_NULL, NULL, NULL);
-
-    if (pms == NULL) {
-        /* last gasp.  */
-        ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
-        return SECFailure;
-    }
-
-    rv = ssl3_InitPendingCipherSpec(ss, pms);
-    PK11_FreeSymKey(pms);
-    if (rv != SECSuccess) {
-        SEND_ALERT
-        return SECFailure; /* error code set by ssl3_InitPendingCipherSpec */
-    }
-    return SECSuccess;
-}
-
-/*
-** Take an encoded key share and make a public key out of it.
-** returns NULL on error.
-*/
-SECKEYPublicKey *
-tls13_ImportECDHKeyShare(sslSocket *ss, SSL3Opaque *b,
-                         PRUint32 length, ECName curve)
-{
-    PLArenaPool *arena = NULL;
-    SECKEYPublicKey *peerKey = NULL;
-    SECStatus rv;
-    SECItem ecPoint = { siBuffer, NULL, 0 };
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    rv = ssl3_ConsumeHandshakeVariable(ss, &ecPoint, 1, &b, &length);
-    if (rv != SECSuccess) {
-        tls13_FatalError(ss, SSL_ERROR_RX_MALFORMED_ECDHE_KEY_SHARE,
-                         illegal_parameter);
-        return NULL;
-    }
-    if (length || !ecPoint.len) {
-        tls13_FatalError(ss, SSL_ERROR_RX_MALFORMED_ECDHE_KEY_SHARE,
-                         illegal_parameter);
-        return NULL;
-    }
-
-    /* Fail if the ec point uses compressed representation */
-    if (ecPoint.data[0] != EC_POINT_FORM_UNCOMPRESSED) {
-        tls13_FatalError(ss, SEC_ERROR_UNSUPPORTED_EC_POINT_FORM,
-                         illegal_parameter);
-        return NULL;
-    }
-
-    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-    if (arena == NULL) {
-        goto no_memory;
-    }
-
-    peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey);
-    if (peerKey == NULL) {
-        goto no_memory;
-    }
-
-    peerKey->arena = arena;
-    peerKey->keyType = ecKey;
-    /* Set up the encoded params */
-    rv = ssl3_ECName2Params(arena, curve, &peerKey->u.ec.DEREncodedParams);
-    if (rv != SECSuccess) {
-        goto no_memory;
-    }
-
-    /* copy publicValue in peerKey */
-    if (SECITEM_CopyItem(arena, &peerKey->u.ec.publicValue, &ecPoint) !=
-        SECSuccess) {
-        goto no_memory;
-    }
-    peerKey->pkcs11Slot = NULL;
-    peerKey->pkcs11ID = CK_INVALID_HANDLE;
-
-    return peerKey;
-
-no_memory: /* no-memory error has already been set. */
-    PORT_FreeArena(arena, PR_FALSE);
-    ssl_MapLowLevelError(SSL_ERROR_RX_MALFORMED_ECDHE_KEY_SHARE);
-    return NULL;
-}
-
-PK11SymKey *
-tls13_ComputeECDHSharedKey(sslSocket *ss,
-                           SECKEYPrivateKey *myPrivKey,
-                           SECKEYPublicKey *peerKey)
-{
-    PK11SymKey *shared;
-
-    /* Determine the PMS */
-    shared = PK11_PubDeriveWithKDF(myPrivKey, peerKey, PR_FALSE, NULL, NULL,
-                                   CKM_ECDH1_DERIVE,
-                                   tls13_GetHkdfMechanism(ss), CKA_DERIVE, 0,
-                                   CKD_NULL, NULL, NULL);
-
-    if (!shared) {
-        ssl_MapLowLevelError(SSL_ERROR_KEY_EXCHANGE_FAILURE);
-        return NULL;
-    }
-
-    return shared;
-}
-
-ECName
-ssl3_GetCurveWithECKeyStrength(PRUint32 curvemsk, int requiredECCbits)
-{
-    int i;
-
-    for (i = 0; bits2curve[i].curve != ec_noName; i++) {
-        if (bits2curve[i].bits < requiredECCbits)
-            continue;
-        if (SSL_IS_CURVE_NEGOTIATED(curvemsk, bits2curve[i].curve)) {
-            return bits2curve[i].curve;
-        }
-    }
-    PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
-    return ec_noName;
-}
-
-/* find the "weakest link".  Get strength of signature key and of sym key.
- * choose curve for the weakest of those two.
- */
-ECName
-ssl3_GetCurveNameForServerSocket(sslSocket *ss)
-{
-    SECKEYPublicKey *svrPublicKey = NULL;
-    ECName ec_curve = ec_noName;
-    int signatureKeyStrength = 521;
-    int requiredECCbits = ss->sec.secretKeyBits * 2;
-
-    if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_ecdsa) {
-        svrPublicKey = SSL_GET_SERVER_PUBLIC_KEY(ss, kt_ecdh);
-        if (svrPublicKey)
-            ec_curve = ssl3_PubKey2ECName(svrPublicKey);
-        if (!SSL_IS_CURVE_NEGOTIATED(ss->ssl3.hs.negotiatedECCurves, ec_curve)) {
-            PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
-            return ec_noName;
-        }
-        signatureKeyStrength = curve2bits[ec_curve];
-    } else {
-        /* RSA is our signing cert */
-        int serverKeyStrengthInBits;
-
-        svrPublicKey = SSL_GET_SERVER_PUBLIC_KEY(ss, kt_rsa);
-        if (!svrPublicKey) {
-            PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
-            return ec_noName;
-        }
-
-        /* currently strength in bytes */
-        serverKeyStrengthInBits = svrPublicKey->u.rsa.modulus.len;
-        if (svrPublicKey->u.rsa.modulus.data[0] == 0) {
-            serverKeyStrengthInBits--;
-        }
-        /* convert to strength in bits */
-        serverKeyStrengthInBits *= BPB;
-
-        signatureKeyStrength =
-            SSL_RSASTRENGTH_TO_ECSTRENGTH(serverKeyStrengthInBits);
-    }
-    if (requiredECCbits > signatureKeyStrength)
-        requiredECCbits = signatureKeyStrength;
-
-    return ssl3_GetCurveWithECKeyStrength(ss->ssl3.hs.negotiatedECCurves,
-                                          requiredECCbits);
-}
-
-/* function to clear out the lists */
-static SECStatus
-ssl3_ShutdownECDHECurves(void *appData, void *nssData)
-{
-    int i;
-    ECDHEKeyPair *keyPair = &gECDHEKeyPairs[0];
-
-    for (i = 0; i < ec_pastLastName; i++, keyPair++) {
-        if (keyPair->pair) {
-            ssl3_FreeKeyPair(keyPair->pair);
-        }
-    }
-    memset(gECDHEKeyPairs, 0, sizeof gECDHEKeyPairs);
-    return SECSuccess;
-}
-
-static PRStatus
-ssl3_ECRegister(void)
-{
-    SECStatus rv;
-    rv = NSS_RegisterShutdown(ssl3_ShutdownECDHECurves, gECDHEKeyPairs);
-    if (rv != SECSuccess) {
-        gECDHEKeyPairs[ec_noName].error = PORT_GetError();
-    }
-    return (PRStatus)rv;
-}
-
-/* Create an ECDHE key pair for a given curve */
-SECStatus
-ssl3_CreateECDHEphemeralKeyPair(ECName ec_curve, ssl3KeyPair **keyPair)
-{
-    SECKEYPrivateKey *privKey = NULL;
-    SECKEYPublicKey *pubKey = NULL;
-    SECKEYECParams ecParams = { siBuffer, NULL, 0 };
-
-    if (ssl3_ECName2Params(NULL, ec_curve, &ecParams) != SECSuccess) {
-        return SECFailure;
-    }
-    privKey = SECKEY_CreateECPrivateKey(&ecParams, &pubKey, NULL);
-    SECITEM_FreeItem(&ecParams, PR_FALSE);
-
-    if (!privKey || !pubKey || !(*keyPair = ssl3_NewKeyPair(privKey, pubKey))) {
-        if (privKey) {
-            SECKEY_DestroyPrivateKey(privKey);
-        }
-        if (pubKey) {
-            SECKEY_DestroyPublicKey(pubKey);
-        }
-        ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
-        return SECFailure;
-    }
-
-    return SECSuccess;
-}
-
-/* CallOnce function, called once for each named curve. */
-static PRStatus
-ssl3_CreateECDHEphemeralKeyPairOnce(void *arg)
-{
-    ECName ec_curve = (ECName)arg;
-    ssl3KeyPair *keyPair = NULL;
-
-    PORT_Assert(gECDHEKeyPairs[ec_curve].pair == NULL);
-
-    /* ok, no one has generated a global key for this curve yet, do so */
-    if (ssl3_CreateECDHEphemeralKeyPair(ec_curve, &keyPair) != SECSuccess) {
-        gECDHEKeyPairs[ec_curve].error = PORT_GetError();
-        return PR_FAILURE;
-    }
-
-    gECDHEKeyPairs[ec_curve].pair = keyPair;
-    return PR_SUCCESS;
-}
-
-/*
- * Creates the ephemeral public and private ECDH keys used by
- * server in ECDHE_RSA and ECDHE_ECDSA handshakes.
- * For now, the elliptic curve is chosen to be the same
- * strength as the signing certificate (ECC or RSA).
- * We need an API to specify the curve. This won't be a real
- * issue until we further develop server-side support for ECC
- * cipher suites.
- */
-static SECStatus
-ssl3_CreateECDHEphemeralKeys(sslSocket *ss, ECName ec_curve)
-{
-    ssl3KeyPair *keyPair = NULL;
-
-    /* if there's no global key for this curve, make one. */
-    if (gECDHEKeyPairs[ec_curve].pair == NULL) {
-        PRStatus status;
-
-        status = PR_CallOnce(&gECDHEKeyPairs[ec_noName].once, ssl3_ECRegister);
-        if (status != PR_SUCCESS) {
-            PORT_SetError(gECDHEKeyPairs[ec_noName].error);
-            return SECFailure;
-        }
-        status = PR_CallOnceWithArg(&gECDHEKeyPairs[ec_curve].once,
-                                    ssl3_CreateECDHEphemeralKeyPairOnce,
-                                    (void *)ec_curve);
-        if (status != PR_SUCCESS) {
-            PORT_SetError(gECDHEKeyPairs[ec_curve].error);
-            return SECFailure;
-        }
-    }
-
-    keyPair = gECDHEKeyPairs[ec_curve].pair;
-    PORT_Assert(keyPair != NULL);
-    if (!keyPair)
-        return SECFailure;
-    ss->ephemeralECDHKeyPair = ssl3_GetKeyPairRef(keyPair);
-
-    return SECSuccess;
-}
-
-SECStatus
-ssl3_HandleECDHServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
-{
-    PLArenaPool *arena = NULL;
-    SECKEYPublicKey *peerKey = NULL;
-    PRBool isTLS, isTLS12;
-    SECStatus rv;
-    int errCode = SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH;
-    SSL3AlertDescription desc = illegal_parameter;
-    SSL3Hashes hashes;
-    SECItem signature = { siBuffer, NULL, 0 };
-
-    SECItem ec_params = { siBuffer, NULL, 0 };
-    SECItem ec_point = { siBuffer, NULL, 0 };
-    unsigned char paramBuf[3]; /* only for curve_type == named_curve */
-    SSLSignatureAndHashAlg sigAndHash;
-
-    sigAndHash.hashAlg = ssl_hash_none;
-
-    isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0);
-    isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
-
-    /* XXX This works only for named curves, revisit this when
-     * we support generic curves.
-     */
-    ec_params.len = sizeof paramBuf;
-    ec_params.data = paramBuf;
-    rv = ssl3_ConsumeHandshake(ss, ec_params.data, ec_params.len, &b, &length);
-    if (rv != SECSuccess) {
-        goto loser; /* malformed. */
-    }
-
-    /* Fail if the curve is not a named curve */
-    if ((ec_params.data[0] != ec_type_named) ||
-        (ec_params.data[1] != 0) ||
-        !supportedCurve(ec_params.data[2])) {
-        errCode = SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE;
-        desc = handshake_failure;
-        goto alert_loser;
-    }
-
-    rv = ssl3_ConsumeHandshakeVariable(ss, &ec_point, 1, &b, &length);
-    if (rv != SECSuccess) {
-        goto loser; /* malformed. */
-    }
-    /* Fail if the ec point uses compressed representation */
-    if (ec_point.data[0] != EC_POINT_FORM_UNCOMPRESSED) {
-        errCode = SEC_ERROR_UNSUPPORTED_EC_POINT_FORM;
-        desc = handshake_failure;
-        goto alert_loser;
-    }
-
-    if (isTLS12) {
-        rv = ssl3_ConsumeSignatureAndHashAlgorithm(ss, &b, &length,
-                                                   &sigAndHash);
-        if (rv != SECSuccess) {
-            goto loser; /* malformed or unsupported. */
-        }
-        rv = ssl3_CheckSignatureAndHashAlgorithmConsistency(
-            ss, &sigAndHash, ss->sec.peerCert);
-        if (rv != SECSuccess) {
-            goto loser;
-        }
-    }
-
-    rv = ssl3_ConsumeHandshakeVariable(ss, &signature, 2, &b, &length);
-    if (rv != SECSuccess) {
-        goto loser; /* malformed. */
-    }
-
-    if (length != 0) {
-        if (isTLS)
-            desc = decode_error;
-        goto alert_loser; /* malformed. */
-    }
-
-    PRINT_BUF(60, (NULL, "Server EC params", ec_params.data,
-                   ec_params.len));
-    PRINT_BUF(60, (NULL, "Server EC point", ec_point.data, ec_point.len));
-
-    /* failures after this point are not malformed handshakes. */
-    /* TLS: send decrypt_error if signature failed. */
-    desc = isTLS ? decrypt_error : handshake_failure;
-
-    /*
-     *  check to make sure the hash is signed by right guy
-     */
-    rv = ssl3_ComputeECDHKeyHash(sigAndHash.hashAlg, ec_params, ec_point,
-                                 &ss->ssl3.hs.client_random,
-                                 &ss->ssl3.hs.server_random,
-                                 &hashes, ss->opt.bypassPKCS11);
-
-    if (rv != SECSuccess) {
-        errCode =
-            ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
-        goto alert_loser;
-    }
-    rv = ssl3_VerifySignedHashes(&hashes, ss->sec.peerCert, &signature,
-                                 isTLS, ss->pkcs11PinArg);
-    if (rv != SECSuccess) {
-        errCode =
-            ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
-        goto alert_loser;
-    }
-
-    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-    if (arena == NULL) {
-        goto no_memory;
-    }
-
-    peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey);
-    if (peerKey == NULL) {
-        goto no_memory;
-    }
-
-    peerKey->arena = arena;
-    peerKey->keyType = ecKey;
-
-    /* set up EC parameters in peerKey */
-    if (ssl3_ECName2Params(arena, ec_params.data[2],
-                           &peerKey->u.ec.DEREncodedParams) !=
-        SECSuccess) {
-        /* we should never get here since we already
-         * checked that we are dealing with a supported curve
-         */
-        errCode = SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE;
-        goto alert_loser;
-    }
-
-    /* copy publicValue in peerKey */
-    if (SECITEM_CopyItem(arena, &peerKey->u.ec.publicValue, &ec_point)) {
-        goto no_memory;
-    }
-    peerKey->pkcs11Slot = NULL;
-    peerKey->pkcs11ID = CK_INVALID_HANDLE;
-
-    ss->sec.peerKey = peerKey;
-    ss->ssl3.hs.ws = wait_cert_request;
-
-    return SECSuccess;
-
-alert_loser:
-    (void)SSL3_SendAlert(ss, alert_fatal, desc);
-loser:
-    if (arena) {
-        PORT_FreeArena(arena, PR_FALSE);
-    }
-    PORT_SetError(errCode);
-    return SECFailure;
-
-no_memory: /* no-memory error has already been set. */
-    if (arena) {
-        PORT_FreeArena(arena, PR_FALSE);
-    }
-    ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
-    return SECFailure;
-}
-
-SECStatus
-ssl3_SendECDHServerKeyExchange(
-    sslSocket *ss,
-    const SSLSignatureAndHashAlg *sigAndHash)
-{
-    const ssl3KEADef *kea_def = ss->ssl3.hs.kea_def;
-    SECStatus rv = SECFailure;
-    int length;
-    PRBool isTLS, isTLS12;
-    SECItem signed_hash = { siBuffer, NULL, 0 };
-    SSL3Hashes hashes;
-
-    SECKEYPublicKey *ecdhePub;
-    SECItem ec_params = { siBuffer, NULL, 0 };
-    unsigned char paramBuf[3];
-    ECName curve;
-    SSL3KEAType certIndex;
-
-    /* Generate ephemeral ECDH key pair and send the public key */
-    curve = ssl3_GetCurveNameForServerSocket(ss);
-    if (curve == ec_noName) {
-        goto loser;
-    }
-
-    if (ss->opt.reuseServerECDHEKey) {
-        rv = ssl3_CreateECDHEphemeralKeys(ss, curve);
-    } else {
-        rv = ssl3_CreateECDHEphemeralKeyPair(curve, &ss->ephemeralECDHKeyPair);
-    }
-    if (rv != SECSuccess) {
-        goto loser;
-    }
-
-    ecdhePub = ss->ephemeralECDHKeyPair->pubKey;
-    PORT_Assert(ecdhePub != NULL);
-    if (!ecdhePub) {
-        PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
-        return SECFailure;
-    }
-
-    ec_params.len = sizeof paramBuf;
-    ec_params.data = paramBuf;
-    curve = ssl3_PubKey2ECName(ecdhePub);
-    if (curve != ec_noName) {
-        ec_params.data[0] = ec_type_named;
-        ec_params.data[1] = 0x00;
-        ec_params.data[2] = curve;
-    } else {
-        PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
-        goto loser;
-    }
-
-    rv = ssl3_ComputeECDHKeyHash(sigAndHash->hashAlg,
-                                 ec_params,
-                                 ecdhePub->u.ec.publicValue,
-                                 &ss->ssl3.hs.client_random,
-                                 &ss->ssl3.hs.server_random,
-                                 &hashes, ss->opt.bypassPKCS11);
-    if (rv != SECSuccess) {
-        ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
-        goto loser;
-    }
-
-    isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0);
-    isTLS12 = (PRBool)(ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
-
-    /* XXX SSLKEAType isn't really a good choice for
-     * indexing certificates but that's all we have
-     * for now.
-     */
-    if (kea_def->kea == kea_ecdhe_rsa)
-        certIndex = kt_rsa;
-    else /* kea_def->kea == kea_ecdhe_ecdsa */
-        certIndex = kt_ecdh;
-
-    rv = ssl3_SignHashes(&hashes, ss->serverCerts[certIndex].SERVERKEY,
-                         &signed_hash, isTLS);
-    if (rv != SECSuccess) {
-        goto loser; /* ssl3_SignHashes has set err. */
-    }
-    if (signed_hash.data == NULL) {
-        /* how can this happen and rv == SECSuccess ?? */
-        PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
-        goto loser;
-    }
-
-    length = ec_params.len +
-             1 + ecdhePub->u.ec.publicValue.len +
-             (isTLS12 ? 2 : 0) + 2 + signed_hash.len;
-
-    rv = ssl3_AppendHandshakeHeader(ss, server_key_exchange, length);
-    if (rv != SECSuccess) {
-        goto loser; /* err set by AppendHandshake. */
-    }
-
-    rv = ssl3_AppendHandshake(ss, ec_params.data, ec_params.len);
-    if (rv != SECSuccess) {
-        goto loser; /* err set by AppendHandshake. */
-    }
-
-    rv = ssl3_AppendHandshakeVariable(ss, ecdhePub->u.ec.publicValue.data,
-                                      ecdhePub->u.ec.publicValue.len, 1);
-    if (rv != SECSuccess) {
-        goto loser; /* err set by AppendHandshake. */
-    }
-
-    if (isTLS12) {
-        rv = ssl3_AppendSignatureAndHashAlgorithm(ss, sigAndHash);
-        if (rv != SECSuccess) {
-            goto loser; /* err set by AppendHandshake. */
-        }
-    }
-
-    rv = ssl3_AppendHandshakeVariable(ss, signed_hash.data,
-                                      signed_hash.len, 2);
-    if (rv != SECSuccess) {
-        goto loser; /* err set by AppendHandshake. */
-    }
-
-    PORT_Free(signed_hash.data);
-    return SECSuccess;
-
-loser:
-    if (signed_hash.data != NULL)
-        PORT_Free(signed_hash.data);
-    return SECFailure;
-}
-
-/* Lists of ECC cipher suites for searching and disabling. */
-
-static const ssl3CipherSuite ecdh_suites[] = {
-    TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
-    TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
-    TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
-    TLS_ECDH_ECDSA_WITH_NULL_SHA,
-    TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
-    TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
-    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
-    TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
-    TLS_ECDH_RSA_WITH_NULL_SHA,
-    TLS_ECDH_RSA_WITH_RC4_128_SHA,
-    0 /* end of list marker */
-};
-
-static const ssl3CipherSuite ecdh_ecdsa_suites[] = {
-    TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
-    TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
-    TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
-    TLS_ECDH_ECDSA_WITH_NULL_SHA,
-    TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
-    0 /* end of list marker */
-};
-
-static const ssl3CipherSuite ecdh_rsa_suites[] = {
-    TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
-    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
-    TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
-    TLS_ECDH_RSA_WITH_NULL_SHA,
-    TLS_ECDH_RSA_WITH_RC4_128_SHA,
-    0 /* end of list marker */
-};
-
-static const ssl3CipherSuite ecdhe_ecdsa_suites[] = {
-    TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
-    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
-    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
-    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-    TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
-    TLS_ECDHE_ECDSA_WITH_NULL_SHA,
-    TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
-    0 /* end of list marker */
-};
-
-static const ssl3CipherSuite ecdhe_rsa_suites[] = {
-    TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
-    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
-    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-    TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
-    TLS_ECDHE_RSA_WITH_NULL_SHA,
-    TLS_ECDHE_RSA_WITH_RC4_128_SHA,
-    0 /* end of list marker */
-};
-
-/* List of all ECC cipher suites */
-static const ssl3CipherSuite ecSuites[] = {
-    TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
-    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
-    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
-    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-    TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
-    TLS_ECDHE_ECDSA_WITH_NULL_SHA,
-    TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
-    TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
-    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
-    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-    TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
-    TLS_ECDHE_RSA_WITH_NULL_SHA,
-    TLS_ECDHE_RSA_WITH_RC4_128_SHA,
-    TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
-    TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
-    TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
-    TLS_ECDH_ECDSA_WITH_NULL_SHA,
-    TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
-    TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
-    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
-    TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
-    TLS_ECDH_RSA_WITH_NULL_SHA,
-    TLS_ECDH_RSA_WITH_RC4_128_SHA,
-    0 /* end of list marker */
-};
-
-/* On this socket, Disable the ECC cipher suites in the argument's list */
-SECStatus
-ssl3_DisableECCSuites(sslSocket *ss, const ssl3CipherSuite *suite)
-{
-    if (!suite)
-        suite = ecSuites;
-    for (; *suite; ++suite) {
-        PORT_CheckSuccess(ssl3_CipherPrefSet(ss, *suite, PR_FALSE));
-    }
-    return SECSuccess;
-}
-
-/* Look at the server certs configured on this socket, and disable any
- * ECC cipher suites that are not supported by those certs.
- */
-void
-ssl3_FilterECCipherSuitesByServerCerts(sslSocket *ss)
-{
-    CERTCertificate *svrCert;
-
-    svrCert = ss->serverCerts[kt_rsa].serverCert;
-    if (!svrCert) {
-        ssl3_DisableECCSuites(ss, ecdhe_rsa_suites);
-    }
-
-    svrCert = ss->serverCerts[kt_ecdh].serverCert;
-    if (!svrCert) {
-        ssl3_DisableECCSuites(ss, ecdh_suites);
-        ssl3_DisableECCSuites(ss, ecdhe_ecdsa_suites);
-    } else {
-        SECOidTag sigTag = SECOID_GetAlgorithmTag(&svrCert->signature);
-
-        switch (sigTag) {
-            case SEC_OID_PKCS1_RSA_ENCRYPTION:
-            case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION:
-            case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION:
-            case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
-            case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
-            case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
-            case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
-            case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
-            case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
-                ssl3_DisableECCSuites(ss, ecdh_ecdsa_suites);
-                break;
-            case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE:
-            case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
-            case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
-            case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE:
-            case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE:
-            case SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST:
-            case SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST:
-                ssl3_DisableECCSuites(ss, ecdh_rsa_suites);
-                break;
-            default:
-                ssl3_DisableECCSuites(ss, ecdh_suites);
-                break;
-        }
-    }
-}
-
-/* Ask: is ANY ECC cipher suite enabled on this socket? */
-/* Order(N^2).  Yuk.  Also, this ignores export policy. */
-PRBool
-ssl3_IsECCEnabled(sslSocket *ss)
-{
-    const ssl3CipherSuite *suite;
-    PK11SlotInfo *slot;
-
-    /* make sure we can do ECC */
-    slot = PK11_GetBestSlot(CKM_ECDH1_DERIVE, ss->pkcs11PinArg);
-    if (!slot) {
-        return PR_FALSE;
-    }
-    PK11_FreeSlot(slot);
-
-    /* make sure an ECC cipher is enabled */
-    for (suite = ecSuites; *suite; ++suite) {
-        PRBool enabled = PR_FALSE;
-        SECStatus rv = ssl3_CipherPrefGet(ss, *suite, &enabled);
-
-        PORT_Assert(rv == SECSuccess); /* else is coding error */
-        if (rv == SECSuccess && enabled)
-            return PR_TRUE;
-    }
-    return PR_FALSE;
-}
-
-#define BE(n) 0, n
-
-/* Prefabricated TLS client hello extension, Elliptic Curves List,
- * offers only 3 curves, the Suite B curves, 23-25
- */
-static const PRUint8 suiteBECList[] = {
-    23, 24, 25
-};
-
-/* Prefabricated TLS client hello extension, Elliptic Curves List,
- * offers curves 1-25.
- */
-/* clang-format off */
-static const PRUint8 tlsECList[] = {
-     1,  2,  3,  4,  5,  6,  7,  8,
-     9, 10, 11, 12, 13, 14, 15, 16,
-    17, 18, 19, 20, 21, 22, 23, 24,
-    25
-};
-/* clang-format on */
-
-static const PRUint8 ecPtFmt[6] = {
-    BE(11), /* Extension type */
-    BE(2),  /* octets that follow */
-    1,      /* octets that follow */
-    0       /* uncompressed type only */
-};
-
-/* This function already presumes we can do ECC, ssl3_IsECCEnabled must be
- * called before this function. It looks to see if we have a token which
- * is capable of doing smaller than SuiteB curves. If the token can, we
- * presume the token can do the whole SSL suite of curves. If it can't we
- * presume the token that allowed ECC to be enabled can only do suite B
- * curves. */
-static PRBool
-ssl3_SuiteBOnly(sslSocket *ss)
-{
-    /* See if we can support small curves (like 163). If not, assume we can
-     * only support Suite-B curves (P-256, P-384, P-521). */
-    PK11SlotInfo *slot =
-        PK11_GetBestSlotWithAttributes(CKM_ECDH1_DERIVE, 0, 163,
-                                       ss ? ss->pkcs11PinArg : NULL);
-
-    if (!slot) {
-        /* nope, presume we can only do suite B */
-        return PR_TRUE;
-    }
-    /* we can, presume we can do all curves */
-    PK11_FreeSlot(slot);
-    return PR_FALSE;
-}
-
-#define APPEND_CURVE(CURVE_ID)                                       \
-    if ((NSS_GetAlgorithmPolicy(ecName2OIDTag[CURVE_ID], &policy) == \
-         SECFailure) ||                                              \
-        (policy & NSS_USE_ALG_IN_SSL_KX)) {                          \
-        enabledCurves[pos++] = 0;                                    \
-        enabledCurves[pos++] = CURVE_ID;                             \
-    }
-
-/* Send our "canned" (precompiled) Supported Elliptic Curves extension,
- * which says that we support all TLS-defined named curves.
- */
-PRInt32
-ssl3_SendSupportedCurvesXtn(
-    sslSocket *ss,
-    PRBool append,
-    PRUint32 maxBytes)
-{
-    unsigned char enabledCurves[64];
-    PRUint32 policy;
-    PRInt32 extension_length;
-    PRInt32 ecListSize = 0;
-    unsigned int pos = 0;
-    unsigned int i;
-
-    if (!ss || !ssl3_IsECCEnabled(ss))
-        return 0;
-
-    PORT_Assert(sizeof(enabledCurves) > sizeof(tlsECList) * 2);
-    if (ssl3_SuiteBOnly(ss)) {
-        for (i = 0; i < sizeof(suiteBECList); i++) {
-            APPEND_CURVE(suiteBECList[i]);
-        }
-        ecListSize = pos;
-    } else {
-        for (i = 0; i < sizeof(tlsECList); i++) {
-            APPEND_CURVE(tlsECList[i]);
-        }
-        ecListSize = pos;
-    }
-    extension_length =
-        2 /* extension type */ +
-        2 /* extension length */ +
-        2 /* elliptic curves length */ +
-        ecListSize;
-
-    if (maxBytes < (PRUint32)extension_length) {
-        return 0;
-    }
-
-    if (append) {
-        SECStatus rv;
-        rv = ssl3_AppendHandshakeNumber(ss, ssl_elliptic_curves_xtn, 2);
-        if (rv != SECSuccess)
-            return -1;
-        rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2);
-        if (rv != SECSuccess)
-            return -1;
-        rv = ssl3_AppendHandshakeVariable(ss, enabledCurves, ecListSize, 2);
-        if (rv != SECSuccess)
-            return -1;
-        if (!ss->sec.isServer) {
-            TLSExtensionData *xtnData = &ss->xtnData;
-            xtnData->advertised[xtnData->numAdvertised++] =
-                ssl_elliptic_curves_xtn;
-        }
-    }
-    return extension_length;
-}
-
-PRUint32
-ssl3_GetSupportedECCurveMask(sslSocket *ss)
-{
-    int i;
-    PRUint32 curves = 0;
-    PRUint32 policyFlags = 0;
-
-    PORT_Assert(ec_pastLastName < sizeof(PRUint32) * 8);
-
-    if (ssl3_SuiteBOnly(ss)) {
-        curves = SSL3_SUITE_B_SUPPORTED_CURVES_MASK;
-    } else {
-        curves = SSL3_ALL_SUPPORTED_CURVES_MASK;
-    }
-
-    for (i = ec_noName + 1; i < ec_pastLastName; i++) {
-        PRUint32 curve_bit = (1U << i);
-        if ((curves & curve_bit) &&
-            (NSS_GetAlgorithmPolicy(ecName2OIDTag[i], &policyFlags) ==
-             SECSuccess) &&
-            !(policyFlags & NSS_USE_ALG_IN_SSL_KX)) {
-            curves &= ~curve_bit;
-        }
-    }
-    return curves;
-}
-
-/* Send our "canned" (precompiled) Supported Point Formats extension,
- * which says that we only support uncompressed points.
- */
-PRInt32
-ssl3_SendSupportedPointFormatsXtn(
-    sslSocket *ss,
-    PRBool append,
-    PRUint32 maxBytes)
-{
-    if (!ss || !ssl3_IsECCEnabled(ss))
-        return 0;
-    if (append && maxBytes >= (sizeof ecPtFmt)) {
-        SECStatus rv = ssl3_AppendHandshake(ss, ecPtFmt, (sizeof ecPtFmt));
-        if (rv != SECSuccess)
-            return -1;
-        if (!ss->sec.isServer) {
-            TLSExtensionData *xtnData = &ss->xtnData;
-            xtnData->advertised[xtnData->numAdvertised++] =
-                ssl_ec_point_formats_xtn;
-        }
-    }
-    return (sizeof ecPtFmt);
-}
-
-/* Just make sure that the remote client supports uncompressed points,
- * Since that is all we support.  Disable ECC cipher suites if it doesn't.
- */
-SECStatus
-ssl3_HandleSupportedPointFormatsXtn(sslSocket *ss, PRUint16 ex_type,
-                                    SECItem *data)
-{
-    int i;
-
-    if (data->len < 2 || data->len > 255 || !data->data ||
-        data->len != (unsigned int)data->data[0] + 1) {
-        return ssl3_DecodeError(ss);
-    }
-    for (i = data->len; --i > 0;) {
-        if (data->data[i] == 0) {
-            /* indicate that we should send a reply */
-            SECStatus rv;
-            rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type,
-                                                         &ssl3_SendSupportedPointFormatsXtn);
-            return rv;
-        }
-    }
-
-    /* evil client doesn't support uncompressed */
-    ssl3_DisableECCSuites(ss, ecSuites);
-    return SECSuccess;
-}
-
-#define SSL3_GET_SERVER_PUBLICKEY(sock, type)                                          \
-    (ss->serverCerts[type].serverKeyPair ? ss->serverCerts[type].serverKeyPair->pubKey \
-                                         : NULL)
-
-/* Extract the TLS curve name for the public key in our EC server cert. */
-ECName
-ssl3_GetSvrCertCurveName(sslSocket *ss)
-{
-    SECKEYPublicKey *srvPublicKey;
-    ECName ec_curve = ec_noName;
-
-    srvPublicKey = SSL3_GET_SERVER_PUBLICKEY(ss, kt_ecdh);
-    if (srvPublicKey) {
-        ec_curve = ssl3_PubKey2ECName(srvPublicKey);
-    }
-    return ec_curve;
-}
-
-/* Ensure that the curve in our server cert is one of the ones supported
- * by the remote client, and disable all ECC cipher suites if not.
- */
-SECStatus
-ssl3_HandleSupportedCurvesXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data)
-{
-    PRInt32 list_len;
-    PRUint32 peerCurves = 0;
-    PRUint32 mutualCurves = 0;
-    PRUint16 svrCertCurveName;
-
-    if (!data->data || data->len < 4) {
-        (void)ssl3_DecodeError(ss);
-        return SECFailure;
-    }
-
-    /* get the length of elliptic_curve_list */
-    list_len = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len);
-    if (list_len < 0 || data->len != list_len || (data->len % 2) != 0) {
-        (void)ssl3_DecodeError(ss);
-        return SECFailure;
-    }
-    /* build bit vector of peer's supported curve names */
-    while (data->len) {
-        PRInt32 curve_name =
-            ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len);
-        if (curve_name < 0) {
-            return SECFailure; /* fatal alert already sent */
-        }
-        if (curve_name > ec_noName && curve_name < ec_pastLastName) {
-            peerCurves |= (1U << curve_name);
-        }
-    }
-    /* What curves do we support in common? */
-    mutualCurves = ss->ssl3.hs.negotiatedECCurves &= peerCurves;
-    if (!mutualCurves) {
-        /* no mutually supported EC Curves, disable ECC */
-        ssl3_DisableECCSuites(ss, ecSuites);
-        return SECSuccess;
-    }
-
-    /* if our ECC cert doesn't use one of these supported curves,
-     * disable ECC cipher suites that require an ECC cert.
-     */
-    svrCertCurveName = ssl3_GetSvrCertCurveName(ss);
-    if (svrCertCurveName != ec_noName &&
-        (mutualCurves & (1U << svrCertCurveName)) != 0) {
-        return SECSuccess;
-    }
-    /* Our EC cert doesn't contain a mutually supported curve.
-     * Disable all ECC cipher suites that require an EC cert
-     */
-    ssl3_DisableECCSuites(ss, ecdh_ecdsa_suites);
-    ssl3_DisableECCSuites(ss, ecdhe_ecdsa_suites);
-    return SECSuccess;
-}
-
-#endif /* NSS_DISABLE_ECC */
diff --git a/chromium/net/third_party/nss/ssl/ssl3ext.c b/chromium/net/third_party/nss/ssl/ssl3ext.c
deleted file mode 100644
index 3b48c9e0aad..00000000000
--- a/chromium/net/third_party/nss/ssl/ssl3ext.c
+++ /dev/null
@@ -1,3290 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
-/*
- * SSL3 Protocol
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-/* TLS extension code moved here from ssl3ecc.c */
-
-#include "nssrenam.h"
-#include "nss.h"
-#include "ssl.h"
-#include "sslproto.h"
-#include "sslimpl.h"
-#include "pk11pub.h"
-#ifdef NO_PKCS11_BYPASS
-#include "blapit.h"
-#else
-#include "blapi.h"
-#endif
-#include "prinit.h"
-
-static unsigned char key_name[SESS_TICKET_KEY_NAME_LEN];
-static PK11SymKey *session_ticket_enc_key_pkcs11 = NULL;
-static PK11SymKey *session_ticket_mac_key_pkcs11 = NULL;
-
-#ifndef NO_PKCS11_BYPASS
-static unsigned char session_ticket_enc_key[AES_256_KEY_LENGTH];
-static unsigned char session_ticket_mac_key[SHA256_LENGTH];
-
-static PRBool session_ticket_keys_initialized = PR_FALSE;
-#endif
-static PRCallOnceType generate_session_keys_once;
-
-/* forward static function declarations */
-static SECStatus ssl3_ParseEncryptedSessionTicket(sslSocket *ss,
-                                                  SECItem *data, EncryptedSessionTicket *enc_session_ticket);
-static SECStatus ssl3_AppendToItem(SECItem *item, const unsigned char *buf,
-                                   PRUint32 bytes);
-static SECStatus ssl3_AppendNumberToItem(SECItem *item, PRUint32 num,
-                                         PRInt32 lenSize);
-static SECStatus ssl3_GetSessionTicketKeysPKCS11(sslSocket *ss,
-                                                 PK11SymKey **aes_key, PK11SymKey **mac_key);
-#ifndef NO_PKCS11_BYPASS
-static SECStatus ssl3_GetSessionTicketKeys(const unsigned char **aes_key,
-                                           PRUint32 *aes_key_length, const unsigned char **mac_key,
-                                           PRUint32 *mac_key_length);
-#endif
-static PRInt32 ssl3_SendRenegotiationInfoXtn(sslSocket *ss,
-                                             PRBool append, PRUint32 maxBytes);
-static SECStatus ssl3_HandleRenegotiationInfoXtn(sslSocket *ss,
-                                                 PRUint16 ex_type, SECItem *data);
-static SECStatus ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss,
-                                                   PRUint16 ex_type, SECItem *data);
-static SECStatus ssl3_ClientHandleAppProtoXtn(sslSocket *ss,
-                                              PRUint16 ex_type, SECItem *data);
-static SECStatus ssl3_ServerHandleNextProtoNegoXtn(sslSocket *ss,
-                                                   PRUint16 ex_type, SECItem *data);
-static SECStatus ssl3_ServerHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type,
-                                              SECItem *data);
-static PRInt32 ssl3_ClientSendNextProtoNegoXtn(sslSocket *ss, PRBool append,
-                                               PRUint32 maxBytes);
-static PRInt32 ssl3_ClientSendAppProtoXtn(sslSocket *ss, PRBool append,
-                                          PRUint32 maxBytes);
-static PRInt32 ssl3_ServerSendAppProtoXtn(sslSocket *ss, PRBool append,
-                                          PRUint32 maxBytes);
-static PRInt32 ssl3_ClientSendUseSRTPXtn(sslSocket *ss, PRBool append,
-                                         PRUint32 maxBytes);
-static PRInt32 ssl3_ServerSendUseSRTPXtn(sslSocket *ss, PRBool append,
-                                         PRUint32 maxBytes);
-static SECStatus ssl3_ClientHandleUseSRTPXtn(sslSocket *ss, PRUint16 ex_type,
-                                             SECItem *data);
-static SECStatus ssl3_ServerHandleUseSRTPXtn(sslSocket *ss, PRUint16 ex_type,
-                                             SECItem *data);
-static SECStatus ssl3_ClientHandleChannelIDXtn(sslSocket *ss,
-                                               PRUint16 ex_type, SECItem *data);
-static PRInt32 ssl3_ClientSendChannelIDXtn(sslSocket *ss, PRBool append,
-                                           PRUint32 maxBytes);
-static PRInt32 ssl3_ServerSendStatusRequestXtn(sslSocket *ss,
-                                               PRBool append, PRUint32 maxBytes);
-static SECStatus ssl3_ServerHandleStatusRequestXtn(sslSocket *ss,
-                                                   PRUint16 ex_type, SECItem *data);
-static SECStatus ssl3_ClientHandleStatusRequestXtn(sslSocket *ss,
-                                                   PRUint16 ex_type,
-                                                   SECItem *data);
-static PRInt32 ssl3_ClientSendStatusRequestXtn(sslSocket *ss, PRBool append,
-                                               PRUint32 maxBytes);
-static PRInt32 ssl3_ClientSendSigAlgsXtn(sslSocket *ss, PRBool append,
-                                         PRUint32 maxBytes);
-static SECStatus ssl3_ServerHandleSigAlgsXtn(sslSocket *ss, PRUint16 ex_type,
-                                             SECItem *data);
-
-static PRInt32 ssl3_ClientSendSignedCertTimestampXtn(sslSocket *ss,
-                                                     PRBool append,
-                                                     PRUint32 maxBytes);
-static SECStatus ssl3_ClientHandleSignedCertTimestampXtn(sslSocket *ss,
-                                                         PRUint16 ex_type,
-                                                         SECItem *data);
-static PRInt32 ssl3_ServerSendSignedCertTimestampXtn(sslSocket *ss,
-                                                     PRBool append,
-                                                     PRUint32 maxBytes);
-static SECStatus ssl3_ServerHandleSignedCertTimestampXtn(sslSocket *ss,
-                                                         PRUint16 ex_type,
-                                                         SECItem *data);
-static PRInt32 ssl3_ClientSendDraftVersionXtn(sslSocket *ss, PRBool append,
-                                              PRUint32 maxBytes);
-static SECStatus ssl3_ServerHandleDraftVersionXtn(sslSocket *ss, PRUint16 ex_type,
-                                                  SECItem *data);
-static PRInt32 ssl3_SendExtendedMasterSecretXtn(sslSocket *ss, PRBool append,
-                                                PRUint32 maxBytes);
-static SECStatus ssl3_HandleExtendedMasterSecretXtn(sslSocket *ss,
-                                                    PRUint16 ex_type,
-                                                    SECItem *data);
-static PRInt32 tls13_ClientSendKeyShareXtn(sslSocket *ss, PRBool append,
-                                           PRUint32 maxBytes);
-static SECStatus tls13_ClientHandleKeyShareXtn(sslSocket *ss,
-                                               PRUint16 ex_type,
-                                               SECItem *data);
-static SECStatus tls13_ServerHandleKeyShareXtn(sslSocket *ss,
-                                               PRUint16 ex_type,
-                                               SECItem *data);
-
-/*
- * Write bytes.  Using this function means the SECItem structure
- * cannot be freed.  The caller is expected to call this function
- * on a shallow copy of the structure.
- */
-static SECStatus
-ssl3_AppendToItem(SECItem *item, const unsigned char *buf, PRUint32 bytes)
-{
-    if (bytes > item->len)
-        return SECFailure;
-
-    PORT_Memcpy(item->data, buf, bytes);
-    item->data += bytes;
-    item->len -= bytes;
-    return SECSuccess;
-}
-
-/*
- * Write a number in network byte order. Using this function means the
- * SECItem structure cannot be freed.  The caller is expected to call
- * this function on a shallow copy of the structure.
- */
-static SECStatus
-ssl3_AppendNumberToItem(SECItem *item, PRUint32 num, PRInt32 lenSize)
-{
-    SECStatus rv;
-    PRUint8 b[4];
-    PRUint8 *p = b;
-
-    switch (lenSize) {
-        case 4:
-            *p++ = (PRUint8)(num >> 24);
-        case 3:
-            *p++ = (PRUint8)(num >> 16);
-        case 2:
-            *p++ = (PRUint8)(num >> 8);
-        case 1:
-            *p = (PRUint8)num;
-    }
-    rv = ssl3_AppendToItem(item, &b[0], lenSize);
-    return rv;
-}
-
-static SECStatus
-ssl3_SessionTicketShutdown(void *appData, void *nssData)
-{
-    if (session_ticket_enc_key_pkcs11) {
-        PK11_FreeSymKey(session_ticket_enc_key_pkcs11);
-        session_ticket_enc_key_pkcs11 = NULL;
-    }
-    if (session_ticket_mac_key_pkcs11) {
-        PK11_FreeSymKey(session_ticket_mac_key_pkcs11);
-        session_ticket_mac_key_pkcs11 = NULL;
-    }
-    PORT_Memset(&generate_session_keys_once, 0,
-                sizeof(generate_session_keys_once));
-    return SECSuccess;
-}
-
-static PRStatus
-ssl3_GenerateSessionTicketKeysPKCS11(void *data)
-{
-    SECStatus rv;
-    sslSocket *ss = (sslSocket *)data;
-    SECKEYPrivateKey *svrPrivKey = ss->serverCerts[kt_rsa].SERVERKEY;
-    SECKEYPublicKey *svrPubKey = ss->serverCerts[kt_rsa].serverKeyPair->pubKey;
-
-    if (svrPrivKey == NULL || svrPubKey == NULL) {
-        SSL_DBG(("%d: SSL[%d]: Pub or priv key(s) is NULL.",
-                 SSL_GETPID(), ss->fd));
-        goto loser;
-    }
-
-    /* Get a copy of the session keys from shared memory. */
-    PORT_Memcpy(key_name, SESS_TICKET_KEY_NAME_PREFIX,
-                sizeof(SESS_TICKET_KEY_NAME_PREFIX));
-    if (!ssl_GetSessionTicketKeysPKCS11(svrPrivKey, svrPubKey,
-                                        ss->pkcs11PinArg, &key_name[SESS_TICKET_KEY_NAME_PREFIX_LEN],
-                                        &session_ticket_enc_key_pkcs11, &session_ticket_mac_key_pkcs11))
-        return PR_FAILURE;
-
-    rv = NSS_RegisterShutdown(ssl3_SessionTicketShutdown, NULL);
-    if (rv != SECSuccess)
-        goto loser;
-
-    return PR_SUCCESS;
-
-loser:
-    ssl3_SessionTicketShutdown(NULL, NULL);
-    return PR_FAILURE;
-}
-
-static SECStatus
-ssl3_GetSessionTicketKeysPKCS11(sslSocket *ss, PK11SymKey **aes_key,
-                                PK11SymKey **mac_key)
-{
-    if (PR_CallOnceWithArg(&generate_session_keys_once,
-                           ssl3_GenerateSessionTicketKeysPKCS11, ss) !=
-        PR_SUCCESS)
-        return SECFailure;
-
-    if (session_ticket_enc_key_pkcs11 == NULL ||
-        session_ticket_mac_key_pkcs11 == NULL)
-        return SECFailure;
-
-    *aes_key = session_ticket_enc_key_pkcs11;
-    *mac_key = session_ticket_mac_key_pkcs11;
-    return SECSuccess;
-}
-
-#ifndef NO_PKCS11_BYPASS
-static PRStatus
-ssl3_GenerateSessionTicketKeys(void)
-{
-    PORT_Memcpy(key_name, SESS_TICKET_KEY_NAME_PREFIX,
-                sizeof(SESS_TICKET_KEY_NAME_PREFIX));
-
-    if (!ssl_GetSessionTicketKeys(&key_name[SESS_TICKET_KEY_NAME_PREFIX_LEN],
-                                  session_ticket_enc_key, session_ticket_mac_key))
-        return PR_FAILURE;
-
-    session_ticket_keys_initialized = PR_TRUE;
-    return PR_SUCCESS;
-}
-
-static SECStatus
-ssl3_GetSessionTicketKeys(const unsigned char **aes_key,
-                          PRUint32 *aes_key_length, const unsigned char **mac_key,
-                          PRUint32 *mac_key_length)
-{
-    if (PR_CallOnce(&generate_session_keys_once,
-                    ssl3_GenerateSessionTicketKeys) != PR_SUCCESS)
-        return SECFailure;
-
-    if (!session_ticket_keys_initialized)
-        return SECFailure;
-
-    *aes_key = session_ticket_enc_key;
-    *aes_key_length = sizeof(session_ticket_enc_key);
-    *mac_key = session_ticket_mac_key;
-    *mac_key_length = sizeof(session_ticket_mac_key);
-
-    return SECSuccess;
-}
-#endif
-
-/* Table of handlers for received TLS hello extensions, one per extension.
- * In the second generation, this table will be dynamic, and functions
- * will be registered here.
- */
-/* This table is used by the server, to handle client hello extensions. */
-static const ssl3HelloExtensionHandler clientHelloHandlers[] = {
-    { ssl_server_name_xtn, &ssl3_HandleServerNameXtn },
-#ifndef NSS_DISABLE_ECC
-    { ssl_elliptic_curves_xtn, &ssl3_HandleSupportedCurvesXtn },
-    { ssl_ec_point_formats_xtn, &ssl3_HandleSupportedPointFormatsXtn },
-#endif
-    { ssl_session_ticket_xtn, &ssl3_ServerHandleSessionTicketXtn },
-    { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
-    { ssl_next_proto_nego_xtn, &ssl3_ServerHandleNextProtoNegoXtn },
-    { ssl_app_layer_protocol_xtn, &ssl3_ServerHandleAppProtoXtn },
-    { ssl_use_srtp_xtn, &ssl3_ServerHandleUseSRTPXtn },
-    { ssl_cert_status_xtn, &ssl3_ServerHandleStatusRequestXtn },
-    { ssl_signature_algorithms_xtn, &ssl3_ServerHandleSigAlgsXtn },
-    { ssl_tls13_draft_version_xtn, &ssl3_ServerHandleDraftVersionXtn },
-    { ssl_extended_master_secret_xtn, &ssl3_HandleExtendedMasterSecretXtn },
-    { ssl_signed_cert_timestamp_xtn, &ssl3_ServerHandleSignedCertTimestampXtn },
-    { ssl_tls13_key_share_xtn, &tls13_ServerHandleKeyShareXtn },
-    { -1, NULL }
-};
-
-/* These two tables are used by the client, to handle server hello
- * extensions. */
-static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = {
-    { ssl_server_name_xtn, &ssl3_HandleServerNameXtn },
-    /* TODO: add a handler for ssl_ec_point_formats_xtn */
-    { ssl_session_ticket_xtn, &ssl3_ClientHandleSessionTicketXtn },
-    { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
-    { ssl_next_proto_nego_xtn, &ssl3_ClientHandleNextProtoNegoXtn },
-    { ssl_app_layer_protocol_xtn, &ssl3_ClientHandleAppProtoXtn },
-    { ssl_use_srtp_xtn, &ssl3_ClientHandleUseSRTPXtn },
-    { ssl_channel_id_xtn, &ssl3_ClientHandleChannelIDXtn },
-    { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn },
-    { ssl_extended_master_secret_xtn, &ssl3_HandleExtendedMasterSecretXtn },
-    { ssl_signed_cert_timestamp_xtn, &ssl3_ClientHandleSignedCertTimestampXtn },
-    { ssl_tls13_key_share_xtn, &tls13_ClientHandleKeyShareXtn },
-    { -1, NULL }
-};
-
-static const ssl3HelloExtensionHandler serverHelloHandlersSSL3[] = {
-    { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
-    { -1, NULL }
-};
-
-/* Tables of functions to format TLS hello extensions, one function per
- * extension.
- * These static tables are for the formatting of client hello extensions.
- * The server's table of hello senders is dynamic, in the socket struct,
- * and sender functions are registered there.
- */
-static const ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] =
-    {
-      { ssl_server_name_xtn, &ssl3_SendServerNameXtn },
-      { ssl_extended_master_secret_xtn, &ssl3_SendExtendedMasterSecretXtn },
-      { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn },
-#ifndef NSS_DISABLE_ECC
-      { ssl_elliptic_curves_xtn, &ssl3_SendSupportedCurvesXtn },
-      { ssl_ec_point_formats_xtn, &ssl3_SendSupportedPointFormatsXtn },
-#endif
-      { ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn },
-      { ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn },
-      { ssl_app_layer_protocol_xtn, &ssl3_ClientSendAppProtoXtn },
-      { ssl_use_srtp_xtn, &ssl3_ClientSendUseSRTPXtn },
-      { ssl_channel_id_xtn, &ssl3_ClientSendChannelIDXtn },
-      { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn },
-      { ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn },
-      { ssl_signed_cert_timestamp_xtn, &ssl3_ClientSendSignedCertTimestampXtn },
-      { ssl_tls13_key_share_xtn, &tls13_ClientSendKeyShareXtn },
-      /* Some servers (e.g. WebSphere Application Server 7.0 and Tomcat) will
-       * time out or terminate the connection if the last extension in the
-       * client hello is empty. They are not intolerant of TLS 1.2, so list
-       * signature_algorithms at the end. See bug 1243641. */
-      { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },
-      /* any extra entries will appear as { 0, NULL }    */
-    };
-
-static const ssl3HelloExtensionSender clientHelloSendersSSL3[SSL_MAX_EXTENSIONS] =
-    {
-      { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn }
-      /* any extra entries will appear as { 0, NULL }    */
-    };
-
-static PRBool
-arrayContainsExtension(const PRUint16 *array, PRUint32 len, PRUint16 ex_type)
-{
-    unsigned int i;
-    for (i = 0; i < len; i++) {
-        if (ex_type == array[i])
-            return PR_TRUE;
-    }
-    return PR_FALSE;
-}
-
-PRBool
-ssl3_ExtensionNegotiated(sslSocket *ss, PRUint16 ex_type)
-{
-    TLSExtensionData *xtnData = &ss->xtnData;
-    return arrayContainsExtension(xtnData->negotiated,
-                                  xtnData->numNegotiated, ex_type);
-}
-
-static PRBool
-ssl3_ClientExtensionAdvertised(sslSocket *ss, PRUint16 ex_type)
-{
-    TLSExtensionData *xtnData = &ss->xtnData;
-    return arrayContainsExtension(xtnData->advertised,
-                                  xtnData->numAdvertised, ex_type);
-}
-
-/* Format an SNI extension, using the name from the socket's URL,
- * unless that name is a dotted decimal string.
- * Used by client and server.
- */
-PRInt32
-ssl3_SendServerNameXtn(sslSocket *ss, PRBool append,
-                       PRUint32 maxBytes)
-{
-    SECStatus rv;
-    if (!ss)
-        return 0;
-    if (!ss->sec.isServer) {
-        PRUint32 len;
-        PRNetAddr netAddr;
-
-        /* must have a hostname */
-        if (!ss->url || !ss->url[0])
-            return 0;
-        /* must not be an IPv4 or IPv6 address */
-        if (PR_SUCCESS == PR_StringToNetAddr(ss->url, &netAddr)) {
-            /* is an IP address (v4 or v6) */
-            return 0;
-        }
-        len = PORT_Strlen(ss->url);
-        if (append && maxBytes >= len + 9) {
-            /* extension_type */
-            rv = ssl3_AppendHandshakeNumber(ss, ssl_server_name_xtn, 2);
-            if (rv != SECSuccess)
-                return -1;
-            /* length of extension_data */
-            rv = ssl3_AppendHandshakeNumber(ss, len + 5, 2);
-            if (rv != SECSuccess)
-                return -1;
-            /* length of server_name_list */
-            rv = ssl3_AppendHandshakeNumber(ss, len + 3, 2);
-            if (rv != SECSuccess)
-                return -1;
-            /* Name Type (sni_host_name) */
-            rv = ssl3_AppendHandshake(ss, "\0", 1);
-            if (rv != SECSuccess)
-                return -1;
-            /* HostName (length and value) */
-            rv = ssl3_AppendHandshakeVariable(ss, (PRUint8 *)ss->url, len, 2);
-            if (rv != SECSuccess)
-                return -1;
-            if (!ss->sec.isServer) {
-                TLSExtensionData *xtnData = &ss->xtnData;
-                xtnData->advertised[xtnData->numAdvertised++] =
-                    ssl_server_name_xtn;
-            }
-        }
-        return len + 9;
-    }
-    /* Server side */
-    if (append && maxBytes >= 4) {
-        rv = ssl3_AppendHandshakeNumber(ss, ssl_server_name_xtn, 2);
-        if (rv != SECSuccess)
-            return -1;
-        /* length of extension_data */
-        rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
-        if (rv != SECSuccess)
-            return -1;
-    }
-    return 4;
-}
-
-/* handle an incoming SNI extension, by ignoring it. */
-SECStatus
-ssl3_HandleServerNameXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data)
-{
-    SECItem *names = NULL;
-    PRUint32 listCount = 0, namesPos = 0, i;
-    TLSExtensionData *xtnData = &ss->xtnData;
-    SECItem ldata;
-    PRInt32 listLenBytes = 0;
-
-    if (!ss->sec.isServer) {
-        return SECSuccess; /* ignore extension */
-    }
-
-    /* Server side - consume client data and register server sender. */
-    /* do not parse the data if don't have user extension handling function. */
-    if (!ss->sniSocketConfig) {
-        return SECSuccess;
-    }
-    /* length of server_name_list */
-    listLenBytes = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len);
-    if (listLenBytes < 0) {
-        return SECFailure;
-    }
-    if (listLenBytes == 0 || listLenBytes != data->len) {
-        (void)ssl3_DecodeError(ss);
-        return SECFailure;
-    }
-    ldata = *data;
-    /* Calculate the size of the array.*/
-    while (listLenBytes > 0) {
-        SECItem litem;
-        SECStatus rv;
-        PRInt32 type;
-        /* Skip Name Type (sni_host_name); checks are on the second pass */
-        type = ssl3_ConsumeHandshakeNumber(ss, 1, &ldata.data, &ldata.len);
-        if (type < 0) { /* i.e., SECFailure cast to PRint32 */
-            return SECFailure;
-        }
-        rv = ssl3_ConsumeHandshakeVariable(ss, &litem, 2, &ldata.data, &ldata.len);
-        if (rv != SECSuccess) {
-            return rv;
-        }
-        /* Adjust total length for consumed item, item len and type.*/
-        listLenBytes -= litem.len + 3;
-        if (listLenBytes > 0 && !ldata.len) {
-            (void)ssl3_DecodeError(ss);
-            return SECFailure;
-        }
-        listCount += 1;
-    }
-    names = PORT_ZNewArray(SECItem, listCount);
-    if (!names) {
-        return SECFailure;
-    }
-    for (i = 0; i < listCount; i++) {
-        unsigned int j;
-        PRInt32 type;
-        SECStatus rv;
-        PRBool nametypePresent = PR_FALSE;
-        /* Name Type (sni_host_name) */
-        type = ssl3_ConsumeHandshakeNumber(ss, 1, &data->data, &data->len);
-        /* Check if we have such type in the list */
-        for (j = 0; j < listCount && names[j].data; j++) {
-            /* TODO bug 998524: .type is not assigned a value */
-            if (names[j].type == type) {
-                nametypePresent = PR_TRUE;
-                break;
-            }
-        }
-        /* HostName (length and value) */
-        rv = ssl3_ConsumeHandshakeVariable(ss, &names[namesPos], 2,
-                                           &data->data, &data->len);
-        if (rv != SECSuccess) {
-            PORT_Assert(0);
-            PORT_Free(names);
-            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-            return rv;
-        }
-        if (nametypePresent == PR_FALSE) {
-            namesPos += 1;
-        }
-    }
-    /* Free old and set the new data. */
-    if (xtnData->sniNameArr) {
-        PORT_Free(ss->xtnData.sniNameArr);
-    }
-    xtnData->sniNameArr = names;
-    xtnData->sniNameArrSize = namesPos;
-    xtnData->negotiated[xtnData->numNegotiated++] = ssl_server_name_xtn;
-
-    return SECSuccess;
-}
-
-/* Called by both clients and servers.
- * Clients sends a filled in session ticket if one is available, and otherwise
- * sends an empty ticket.  Servers always send empty tickets.
- */
-PRInt32
-ssl3_SendSessionTicketXtn(
-    sslSocket *ss,
-    PRBool append,
-    PRUint32 maxBytes)
-{
-    PRInt32 extension_length;
-    NewSessionTicket *session_ticket = NULL;
-    sslSessionID *sid = ss->sec.ci.sid;
-
-    /* Ignore the SessionTicket extension if processing is disabled. */
-    if (!ss->opt.enableSessionTickets)
-        return 0;
-
-    /* Empty extension length = extension_type (2-bytes) +
-     * length(extension_data) (2-bytes)
-     */
-    extension_length = 4;
-
-    /* If we are a client then send a session ticket if one is availble.
-     * Servers that support the extension and are willing to negotiate the
-     * the extension always respond with an empty extension.
-     */
-    if (!ss->sec.isServer) {
-        /* The caller must be holding sid->u.ssl3.lock for reading. We cannot
-         * just acquire and release the lock within this function because the
-         * caller will call this function twice, and we need the inputs to be
-         * consistent between the two calls. Note that currently the caller
-         * will only be holding the lock when we are the client and when we're
-         * attempting to resume an existing session.
-         */
-
-        session_ticket = &sid->u.ssl3.locked.sessionTicket;
-        if (session_ticket->ticket.data) {
-            if (ss->xtnData.ticketTimestampVerified) {
-                extension_length += session_ticket->ticket.len;
-            } else if (!append &&
-                       (session_ticket->ticket_lifetime_hint == 0 ||
-                        (session_ticket->ticket_lifetime_hint +
-                             session_ticket->received_timestamp >
-                         ssl_Time()))) {
-                extension_length += session_ticket->ticket.len;
-                ss->xtnData.ticketTimestampVerified = PR_TRUE;
-            }
-        }
-    }
-
-    if (maxBytes < (PRUint32)extension_length) {
-        PORT_Assert(0);
-        return 0;
-    }
-    if (append) {
-        SECStatus rv;
-        /* extension_type */
-        rv = ssl3_AppendHandshakeNumber(ss, ssl_session_ticket_xtn, 2);
-        if (rv != SECSuccess)
-            goto loser;
-        if (session_ticket && session_ticket->ticket.data &&
-            ss->xtnData.ticketTimestampVerified) {
-            rv = ssl3_AppendHandshakeVariable(ss, session_ticket->ticket.data,
-                                              session_ticket->ticket.len, 2);
-            ss->xtnData.ticketTimestampVerified = PR_FALSE;
-            ss->xtnData.sentSessionTicketInClientHello = PR_TRUE;
-        } else {
-            rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
-        }
-        if (rv != SECSuccess)
-            goto loser;
-
-        if (!ss->sec.isServer) {
-            TLSExtensionData *xtnData = &ss->xtnData;
-            xtnData->advertised[xtnData->numAdvertised++] =
-                ssl_session_ticket_xtn;
-        }
-    }
-    return extension_length;
-
-loser:
-    ss->xtnData.ticketTimestampVerified = PR_FALSE;
-    return -1;
-}
-
-/* handle an incoming Next Protocol Negotiation extension. */
-static SECStatus
-ssl3_ServerHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type,
-                                  SECItem *data)
-{
-    if (ss->firstHsDone || data->len != 0) {
-        /* Clients MUST send an empty NPN extension, if any. */
-        PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
-        return SECFailure;
-    }
-
-    ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
-
-    /* TODO: server side NPN support would require calling
-     * ssl3_RegisterServerHelloExtensionSender here in order to echo the
-     * extension back to the client. */
-
-    return SECSuccess;
-}
-
-/* ssl3_ValidateNextProtoNego checks that the given block of data is valid: none
- * of the lengths may be 0 and the sum of the lengths must equal the length of
- * the block. */
-SECStatus
-ssl3_ValidateNextProtoNego(const unsigned char *data, unsigned int length)
-{
-    unsigned int offset = 0;
-
-    while (offset < length) {
-        unsigned int newOffset = offset + 1 + (unsigned int)data[offset];
-        /* Reject embedded nulls to protect against buggy applications that
-         * store protocol identifiers in null-terminated strings.
-         */
-        if (newOffset > length || data[offset] == 0) {
-            return SECFailure;
-        }
-        offset = newOffset;
-    }
-
-    return SECSuccess;
-}
-
-/* protocol selection handler for ALPN (server side) and NPN (client side) */
-static SECStatus
-ssl3_SelectAppProtocol(sslSocket *ss, PRUint16 ex_type, SECItem *data)
-{
-    SECStatus rv;
-    unsigned char resultBuffer[255];
-    SECItem result = { siBuffer, resultBuffer, 0 };
-
-    rv = ssl3_ValidateNextProtoNego(data->data, data->len);
-    if (rv != SECSuccess) {
-        (void)SSL3_SendAlert(ss, alert_fatal, decode_error);
-        PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
-        return rv;
-    }
-
-    PORT_Assert(ss->nextProtoCallback);
-    /* For ALPN, the cipher suite isn't selected yet.  Note that extensions
-     * sometimes affect what cipher suite is selected, e.g., for ECC. */
-    PORT_Assert((ss->ssl3.hs.preliminaryInfo &
-                 ssl_preinfo_all & ~ssl_preinfo_cipher_suite) ==
-                (ssl_preinfo_all & ~ssl_preinfo_cipher_suite));
-    rv = ss->nextProtoCallback(ss->nextProtoArg, ss->fd, data->data, data->len,
-                               result.data, &result.len, sizeof(resultBuffer));
-    if (rv != SECSuccess) {
-        /* Expect callback to call PORT_SetError() */
-        (void)SSL3_SendAlert(ss, alert_fatal, internal_error);
-        return SECFailure;
-    }
-
-    /* If the callback wrote more than allowed to |result| it has corrupted our
-     * stack. */
-    if (result.len > sizeof(resultBuffer)) {
-        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
-        /* TODO: crash */
-        return SECFailure;
-    }
-
-    SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE);
-
-    if (ex_type == ssl_app_layer_protocol_xtn &&
-        ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NEGOTIATED) {
-        /* The callback might say OK, but then it picks a default value - one
-         * that was not listed.  That's OK for NPN, but not ALPN. */
-        (void)SSL3_SendAlert(ss, alert_fatal, no_application_protocol);
-        PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL);
-        return SECFailure;
-    }
-
-    ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
-    return SECITEM_CopyItem(NULL, &ss->ssl3.nextProto, &result);
-}
-
-/* handle an incoming ALPN extension at the server */
-static SECStatus
-ssl3_ServerHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data)
-{
-    int count;
-    SECStatus rv;
-
-    /* We expressly don't want to allow ALPN on renegotiation,
-     * despite it being permitted by the spec. */
-    if (ss->firstHsDone || data->len == 0) {
-        /* Clients MUST send a non-empty ALPN extension. */
-        (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter);
-        PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
-        return SECFailure;
-    }
-
-    /* Unlike NPN, ALPN has extra redundant length information so that
-     * the extension is the same in both ClientHello and ServerHello. */
-    count = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len);
-    if (count != data->len) {
-        (void)ssl3_DecodeError(ss);
-        return SECFailure;
-    }
-
-    if (!ss->nextProtoCallback) {
-        /* we're not configured for it */
-        return SECSuccess;
-    }
-
-    rv = ssl3_SelectAppProtocol(ss, ex_type, data);
-    if (rv != SECSuccess) {
-        return rv;
-    }
-
-    /* prepare to send back a response, if we negotiated */
-    if (ss->ssl3.nextProtoState == SSL_NEXT_PROTO_NEGOTIATED) {
-        rv = ssl3_RegisterServerHelloExtensionSender(
-            ss, ex_type, ssl3_ServerSendAppProtoXtn);
-        if (rv != SECSuccess) {
-            (void)SSL3_SendAlert(ss, alert_fatal, internal_error);
-            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-            return rv;
-        }
-    }
-    return SECSuccess;
-}
-
-static SECStatus
-ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type,
-                                  SECItem *data)
-{
-    PORT_Assert(!ss->firstHsDone);
-
-    if (ssl3_ExtensionNegotiated(ss, ssl_app_layer_protocol_xtn)) {
-        /* If the server negotiated ALPN then it has already told us what
-         * protocol to use, so it doesn't make sense for us to try to negotiate
-         * a different one by sending the NPN handshake message. However, if
-         * we've negotiated NPN then we're required to send the NPN handshake
-         * message. Thus, these two extensions cannot both be negotiated on the
-         * same connection. */
-        (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter);
-        PORT_SetError(SSL_ERROR_BAD_SERVER);
-        return SECFailure;
-    }
-
-    /* We should only get this call if we sent the extension, so
-     * ss->nextProtoCallback needs to be non-NULL.  However, it is possible
-     * that an application erroneously cleared the callback between the time
-     * we sent the ClientHello and now. */
-    if (!ss->nextProtoCallback) {
-        PORT_Assert(0);
-        (void)SSL3_SendAlert(ss, alert_fatal, internal_error);
-        PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK);
-        return SECFailure;
-    }
-
-    return ssl3_SelectAppProtocol(ss, ex_type, data);
-}
-
-static SECStatus
-ssl3_ClientHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data)
-{
-    SECStatus rv;
-    PRInt32 list_len;
-    SECItem protocol_name;
-
-    if (ssl3_ExtensionNegotiated(ss, ssl_next_proto_nego_xtn)) {
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        return SECFailure;
-    }
-
-    /* The extension data from the server has the following format:
-     *   uint16 name_list_len;
-     *   uint8 len;  // where len >= 1
-     *   uint8 protocol_name[len]; */
-    if (data->len < 4 || data->len > 2 + 1 + 255) {
-        (void)SSL3_SendAlert(ss, alert_fatal, decode_error);
-        PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
-        return SECFailure;
-    }
-
-    list_len = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len);
-    /* The list has to be the entire extension. */
-    if (list_len != data->len) {
-        (void)SSL3_SendAlert(ss, alert_fatal, decode_error);
-        PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
-        return SECFailure;
-    }
-
-    rv = ssl3_ConsumeHandshakeVariable(ss, &protocol_name, 1,
-                                       &data->data, &data->len);
-    /* The list must have exactly one value. */
-    if (rv != SECSuccess || data->len != 0) {
-        (void)SSL3_SendAlert(ss, alert_fatal, decode_error);
-        PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
-        return SECFailure;
-    }
-
-    SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE);
-    ss->ssl3.nextProtoState = SSL_NEXT_PROTO_SELECTED;
-    ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
-    return SECITEM_CopyItem(NULL, &ss->ssl3.nextProto, &protocol_name);
-}
-
-static PRInt32
-ssl3_ClientSendNextProtoNegoXtn(sslSocket *ss, PRBool append,
-                                PRUint32 maxBytes)
-{
-    PRInt32 extension_length;
-
-    /* Renegotiations do not send this extension. */
-    if (!ss->opt.enableNPN || !ss->nextProtoCallback || ss->firstHsDone) {
-        return 0;
-    }
-
-    extension_length = 4;
-
-    if (maxBytes < (PRUint32)extension_length) {
-        return 0;
-    }
-    if (append) {
-        SECStatus rv;
-        rv = ssl3_AppendHandshakeNumber(ss, ssl_next_proto_nego_xtn, 2);
-        if (rv != SECSuccess)
-            goto loser;
-        rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
-        if (rv != SECSuccess)
-            goto loser;
-        ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
-            ssl_next_proto_nego_xtn;
-    }
-
-    return extension_length;
-
-loser:
-    return -1;
-}
-
-static PRInt32
-ssl3_ClientSendAppProtoXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes)
-{
-    PRInt32 extension_length;
-    unsigned char *alpn_protos = NULL;
-
-    /* Renegotiations do not send this extension. */
-    if (!ss->opt.enableALPN || !ss->opt.nextProtoNego.data || ss->firstHsDone) {
-        return 0;
-    }
-
-    extension_length = 2 /* extension type */ + 2 /* extension length */ +
-                       2 /* protocol name list length */ +
-                       ss->opt.nextProtoNego.len;
-
-    if (maxBytes < (PRUint32)extension_length) {
-        return 0;
-    }
-    if (append) {
-        /* NPN requires that the client's fallback protocol is first in the
-         * list. However, ALPN sends protocols in preference order. So we
-         * allocate a buffer and move the first protocol to the end of the
-         * list. */
-        SECStatus rv;
-        const unsigned int len = ss->opt.nextProtoNego.len;
-
-        alpn_protos = PORT_Alloc(len);
-        if (alpn_protos == NULL) {
-            return SECFailure;
-        }
-        if (len > 0) {
-            /* Each protocol string is prefixed with a single byte length. */
-            unsigned int i = ss->opt.nextProtoNego.data[0] + 1;
-            if (i <= len) {
-                memcpy(alpn_protos, &ss->opt.nextProtoNego.data[i], len - i);
-                memcpy(alpn_protos + len - i, ss->opt.nextProtoNego.data, i);
-            } else {
-                /* This seems to be invalid data so we'll send as-is. */
-                memcpy(alpn_protos, ss->opt.nextProtoNego.data, len);
-            }
-        }
-
-        rv = ssl3_AppendHandshakeNumber(ss, ssl_app_layer_protocol_xtn, 2);
-        if (rv != SECSuccess) {
-            goto loser;
-        }
-        rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2);
-        if (rv != SECSuccess) {
-            goto loser;
-        }
-        rv = ssl3_AppendHandshakeVariable(ss, alpn_protos, len, 2);
-        PORT_Free(alpn_protos);
-        alpn_protos = NULL;
-        if (rv != SECSuccess) {
-            goto loser;
-        }
-        ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
-            ssl_app_layer_protocol_xtn;
-    }
-
-    return extension_length;
-
-loser:
-    if (alpn_protos) {
-        PORT_Free(alpn_protos);
-    }
-    return -1;
-}
-
-static PRInt32
-ssl3_ServerSendAppProtoXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes)
-{
-    PRInt32 extension_length;
-
-    /* we're in over our heads if any of these fail */
-    PORT_Assert(ss->opt.enableALPN);
-    PORT_Assert(ss->ssl3.nextProto.data);
-    PORT_Assert(ss->ssl3.nextProto.len > 0);
-    PORT_Assert(ss->ssl3.nextProtoState == SSL_NEXT_PROTO_NEGOTIATED);
-    PORT_Assert(!ss->firstHsDone);
-
-    extension_length = 2 /* extension type */ + 2 /* extension length */ +
-                       2 /* protocol name list */ + 1 /* name length */ +
-                       ss->ssl3.nextProto.len;
-
-    if (maxBytes < (PRUint32)extension_length) {
-        return 0;
-    }
-    if (append) {
-        SECStatus rv;
-        rv = ssl3_AppendHandshakeNumber(ss, ssl_app_layer_protocol_xtn, 2);
-        if (rv != SECSuccess) {
-            return -1;
-        }
-        rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2);
-        if (rv != SECSuccess) {
-            return -1;
-        }
-        rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.nextProto.len + 1, 2);
-        if (rv != SECSuccess) {
-            return -1;
-        }
-        rv = ssl3_AppendHandshakeVariable(ss, ss->ssl3.nextProto.data,
-                                          ss->ssl3.nextProto.len, 1);
-        if (rv != SECSuccess) {
-            return -1;
-        }
-    }
-
-    return extension_length;
-}
-
-static SECStatus
-ssl3_ClientHandleChannelIDXtn(sslSocket *ss, PRUint16 ex_type,
-                              SECItem *data)
-{
-    PORT_Assert(ss->getChannelID != NULL);
-
-    if (data->len) {
-        PORT_SetError(SSL_ERROR_BAD_CHANNEL_ID_DATA);
-        return SECFailure;
-    }
-    ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
-    return SECSuccess;
-}
-
-static PRInt32
-ssl3_ClientSendChannelIDXtn(sslSocket *ss, PRBool append,
-                            PRUint32 maxBytes)
-{
-    PRInt32 extension_length = 4;
-
-    if (!ss->getChannelID)
-        return 0;
-
-    if (maxBytes < extension_length) {
-        PORT_Assert(0);
-        return 0;
-    }
-
-    if (ss->sec.ci.sid->cached != never_cached &&
-        ss->sec.ci.sid->u.ssl3.originalHandshakeHash.len == 0) {
-        /* We can't do ChannelID on a connection if we're resuming and didn't
-         * do ChannelID on the original connection: without ChannelID on the
-         * original connection we didn't record the handshake hashes needed for
-         * the signature. */
-        return 0;
-    }
-
-    if (append) {
-        SECStatus rv;
-        rv = ssl3_AppendHandshakeNumber(ss, ssl_channel_id_xtn, 2);
-        if (rv != SECSuccess)
-            goto loser;
-        rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
-        if (rv != SECSuccess)
-            goto loser;
-        ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
-            ssl_channel_id_xtn;
-    }
-
-    return extension_length;
-
-loser:
-    return -1;
-}
-
-static SECStatus
-ssl3_ClientHandleStatusRequestXtn(sslSocket *ss, PRUint16 ex_type,
-                                  SECItem *data)
-{
-    /* The echoed extension must be empty. */
-    if (data->len != 0) {
-        return SECSuccess; /* Ignore the extension. */
-    }
-
-    /* Keep track of negotiated extensions. */
-    ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
-
-    return SECSuccess;
-}
-
-static PRInt32
-ssl3_ServerSendStatusRequestXtn(
-    sslSocket *ss,
-    PRBool append,
-    PRUint32 maxBytes)
-{
-    PRInt32 extension_length;
-    SSLKEAType effectiveExchKeyType;
-    SECStatus rv;
-
-    /* ssl3_SendCertificateStatus (which sents the certificate status data)
-     * uses the exact same logic to select the server certificate
-     * and determine if we have the status for that certificate. */
-
-    if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa ||
-        ss->ssl3.hs.kea_def->kea == kea_dhe_rsa) {
-        effectiveExchKeyType = ssl_kea_rsa;
-    } else {
-        effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType;
-    }
-
-    if (!ss->certStatusArray[effectiveExchKeyType] ||
-        !ss->certStatusArray[effectiveExchKeyType]->len) {
-        return 0;
-    }
-
-    extension_length = 2 + 2;
-    if (maxBytes < (PRUint32)extension_length) {
-        return 0;
-    }
-    if (append) {
-        /* extension_type */
-        rv = ssl3_AppendHandshakeNumber(ss, ssl_cert_status_xtn, 2);
-        if (rv != SECSuccess)
-            return -1;
-        /* length of extension_data */
-        rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
-        if (rv != SECSuccess)
-            return -1;
-        /* The certificate status data is sent in ssl3_SendCertificateStatus. */
-    }
-
-    return extension_length;
-}
-
-/* ssl3_ClientSendStatusRequestXtn builds the status_request extension on the
- * client side. See RFC 4366 section 3.6. */
-static PRInt32
-ssl3_ClientSendStatusRequestXtn(sslSocket *ss, PRBool append,
-                                PRUint32 maxBytes)
-{
-    PRInt32 extension_length;
-
-    if (!ss->opt.enableOCSPStapling)
-        return 0;
-
-    /* extension_type (2-bytes) +
-     * length(extension_data) (2-bytes) +
-     * status_type (1) +
-     * responder_id_list length (2) +
-     * request_extensions length (2)
-     */
-    extension_length = 9;
-
-    if (maxBytes < (PRUint32)extension_length) {
-        PORT_Assert(0);
-        return 0;
-    }
-    if (append) {
-        SECStatus rv;
-        TLSExtensionData *xtnData;
-
-        /* extension_type */
-        rv = ssl3_AppendHandshakeNumber(ss, ssl_cert_status_xtn, 2);
-        if (rv != SECSuccess)
-            return -1;
-        rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2);
-        if (rv != SECSuccess)
-            return -1;
-        rv = ssl3_AppendHandshakeNumber(ss, 1 /* status_type ocsp */, 1);
-        if (rv != SECSuccess)
-            return -1;
-        /* A zero length responder_id_list means that the responders are
-         * implicitly known to the server. */
-        rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
-        if (rv != SECSuccess)
-            return -1;
-        /* A zero length request_extensions means that there are no extensions.
-         * Specifically, we don't set the id-pkix-ocsp-nonce extension. This
-         * means that the server can replay a cached OCSP response to us. */
-        rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
-        if (rv != SECSuccess)
-            return -1;
-
-        xtnData = &ss->xtnData;
-        xtnData->advertised[xtnData->numAdvertised++] = ssl_cert_status_xtn;
-    }
-    return extension_length;
-}
-
-/*
- * NewSessionTicket
- * Called from ssl3_HandleFinished
- */
-SECStatus
-ssl3_SendNewSessionTicket(sslSocket *ss)
-{
-    PRUint32 i;
-    SECStatus rv;
-    NewSessionTicket ticket;
-    SECItem plaintext;
-    SECItem plaintext_item = { 0, NULL, 0 };
-    SECItem ciphertext = { 0, NULL, 0 };
-    PRUint32 ciphertext_length;
-    PRBool ms_is_wrapped;
-    unsigned char wrapped_ms[SSL3_MASTER_SECRET_LENGTH];
-    SECItem ms_item = { 0, NULL, 0 };
-    SSL3KEAType effectiveExchKeyType = ssl_kea_null;
-    PRUint32 padding_length;
-    PRUint32 message_length;
-    PRUint32 cert_length = 0;
-    PRUint8 length_buf[4];
-    PRUint32 now;
-    PK11SymKey *aes_key_pkcs11;
-    PK11SymKey *mac_key_pkcs11;
-#ifndef NO_PKCS11_BYPASS
-    const unsigned char *aes_key;
-    const unsigned char *mac_key;
-    PRUint32 aes_key_length;
-    PRUint32 mac_key_length;
-    PRUint64 aes_ctx_buf[MAX_CIPHER_CONTEXT_LLONGS];
-    AESContext *aes_ctx;
-    const SECHashObject *hashObj = NULL;
-    PRUint64 hmac_ctx_buf[MAX_MAC_CONTEXT_LLONGS];
-    HMACContext *hmac_ctx;
-#endif
-    CK_MECHANISM_TYPE cipherMech = CKM_AES_CBC;
-    PK11Context *aes_ctx_pkcs11;
-    CK_MECHANISM_TYPE macMech = CKM_SHA256_HMAC;
-    PK11Context *hmac_ctx_pkcs11 = NULL;
-    unsigned char computed_mac[TLS_EX_SESS_TICKET_MAC_LENGTH];
-    unsigned int computed_mac_length;
-    unsigned char iv[AES_BLOCK_SIZE];
-    SECItem ivItem;
-    SECItem *srvName = NULL;
-    PRUint32 srvNameLen = 0;
-    CK_MECHANISM_TYPE msWrapMech = 0; /* dummy default value,
-                                          * must be >= 0 */
-
-    SSL_TRC(3, ("%d: SSL3[%d]: send session_ticket handshake",
-                SSL_GETPID(), ss->fd));
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    ticket.ticket_lifetime_hint = TLS_EX_SESS_TICKET_LIFETIME_HINT;
-    if (ss->opt.requestCertificate && ss->sec.ci.sid->peerCert) {
-        cert_length = 3 + ss->sec.ci.sid->peerCert->derCert.len;
-    }
-
-    /* Get IV and encryption keys */
-    ivItem.data = iv;
-    ivItem.len = sizeof(iv);
-    rv = PK11_GenerateRandom(iv, sizeof(iv));
-    if (rv != SECSuccess)
-        goto loser;
-
-#ifndef NO_PKCS11_BYPASS
-    if (ss->opt.bypassPKCS11) {
-        rv = ssl3_GetSessionTicketKeys(&aes_key, &aes_key_length,
-                                       &mac_key, &mac_key_length);
-    } else
-#endif
-    {
-        rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11,
-                                             &mac_key_pkcs11);
-    }
-    if (rv != SECSuccess)
-        goto loser;
-
-    if (ss->ssl3.pwSpec->msItem.len && ss->ssl3.pwSpec->msItem.data) {
-        /* The master secret is available unwrapped. */
-        ms_item.data = ss->ssl3.pwSpec->msItem.data;
-        ms_item.len = ss->ssl3.pwSpec->msItem.len;
-        ms_is_wrapped = PR_FALSE;
-    } else {
-        /* Extract the master secret wrapped. */
-        sslSessionID sid;
-        PORT_Memset(&sid, 0, sizeof(sslSessionID));
-
-        if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa ||
-            ss->ssl3.hs.kea_def->kea == kea_dhe_rsa) {
-            effectiveExchKeyType = kt_rsa;
-        } else {
-            effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType;
-        }
-
-        rv = ssl3_CacheWrappedMasterSecret(ss, &sid, ss->ssl3.pwSpec,
-                                           effectiveExchKeyType);
-        if (rv == SECSuccess) {
-            if (sid.u.ssl3.keys.wrapped_master_secret_len > sizeof(wrapped_ms))
-                goto loser;
-            memcpy(wrapped_ms, sid.u.ssl3.keys.wrapped_master_secret,
-                   sid.u.ssl3.keys.wrapped_master_secret_len);
-            ms_item.data = wrapped_ms;
-            ms_item.len = sid.u.ssl3.keys.wrapped_master_secret_len;
-            msWrapMech = sid.u.ssl3.masterWrapMech;
-        } else {
-            /* TODO: else send an empty ticket. */
-            goto loser;
-        }
-        ms_is_wrapped = PR_TRUE;
-    }
-    /* Prep to send negotiated name */
-    srvName = &ss->ssl3.pwSpec->srvVirtName;
-    if (srvName->data && srvName->len) {
-        srvNameLen = 2 + srvName->len; /* len bytes + name len */
-    }
-
-    ciphertext_length =
-        sizeof(PRUint16)              /* ticket_version */
-        + sizeof(SSL3ProtocolVersion) /* ssl_version */
-        + sizeof(ssl3CipherSuite)     /* ciphersuite */
-        + 1                           /* compression */
-        + 10                          /* cipher spec parameters */
-        + 1                           /* SessionTicket.ms_is_wrapped */
-        + 1                           /* effectiveExchKeyType */
-        + 4                           /* msWrapMech */
-        + 2                           /* master_secret.length */
-        + ms_item.len                 /* master_secret */
-        + 1                           /* client_auth_type */
-        + cert_length                 /* cert */
-        + 1                           /* server name type */
-        + srvNameLen                  /* name len + length field */
-        + 1                           /* extendedMasterSecretUsed */
-        + sizeof(ticket.ticket_lifetime_hint);
-    padding_length = AES_BLOCK_SIZE -
-                     (ciphertext_length %
-                      AES_BLOCK_SIZE);
-    ciphertext_length += padding_length;
-
-    message_length =
-        sizeof(ticket.ticket_lifetime_hint) /* ticket_lifetime_hint */
-        + 2                                 /* length field for NewSessionTicket.ticket */
-        + SESS_TICKET_KEY_NAME_LEN          /* key_name */
-        + AES_BLOCK_SIZE                    /* iv */
-        + 2                                 /* length field for NewSessionTicket.ticket.encrypted_state */
-        + ciphertext_length                 /* encrypted_state */
-        + TLS_EX_SESS_TICKET_MAC_LENGTH;    /* mac */
-
-    if (SECITEM_AllocItem(NULL, &plaintext_item, ciphertext_length) == NULL)
-        goto loser;
-
-    plaintext = plaintext_item;
-
-    /* ticket_version */
-    rv = ssl3_AppendNumberToItem(&plaintext, TLS_EX_SESS_TICKET_VERSION,
-                                 sizeof(PRUint16));
-    if (rv != SECSuccess)
-        goto loser;
-
-    /* ssl_version */
-    rv = ssl3_AppendNumberToItem(&plaintext, ss->version,
-                                 sizeof(SSL3ProtocolVersion));
-    if (rv != SECSuccess)
-        goto loser;
-
-    /* ciphersuite */
-    rv = ssl3_AppendNumberToItem(&plaintext, ss->ssl3.hs.cipher_suite,
-                                 sizeof(ssl3CipherSuite));
-    if (rv != SECSuccess)
-        goto loser;
-
-    /* compression */
-    rv = ssl3_AppendNumberToItem(&plaintext, ss->ssl3.hs.compression, 1);
-    if (rv != SECSuccess)
-        goto loser;
-
-    /* cipher spec parameters */
-    rv = ssl3_AppendNumberToItem(&plaintext, ss->sec.authAlgorithm, 1);
-    if (rv != SECSuccess)
-        goto loser;
-    rv = ssl3_AppendNumberToItem(&plaintext, ss->sec.authKeyBits, 4);
-    if (rv != SECSuccess)
-        goto loser;
-    rv = ssl3_AppendNumberToItem(&plaintext, ss->sec.keaType, 1);
-    if (rv != SECSuccess)
-        goto loser;
-    rv = ssl3_AppendNumberToItem(&plaintext, ss->sec.keaKeyBits, 4);
-    if (rv != SECSuccess)
-        goto loser;
-
-    /* master_secret */
-    rv = ssl3_AppendNumberToItem(&plaintext, ms_is_wrapped, 1);
-    if (rv != SECSuccess)
-        goto loser;
-    rv = ssl3_AppendNumberToItem(&plaintext, effectiveExchKeyType, 1);
-    if (rv != SECSuccess)
-        goto loser;
-    rv = ssl3_AppendNumberToItem(&plaintext, msWrapMech, 4);
-    if (rv != SECSuccess)
-        goto loser;
-    rv = ssl3_AppendNumberToItem(&plaintext, ms_item.len, 2);
-    if (rv != SECSuccess)
-        goto loser;
-    rv = ssl3_AppendToItem(&plaintext, ms_item.data, ms_item.len);
-    if (rv != SECSuccess)
-        goto loser;
-
-    /* client_identity */
-    if (ss->opt.requestCertificate && ss->sec.ci.sid->peerCert) {
-        rv = ssl3_AppendNumberToItem(&plaintext, CLIENT_AUTH_CERTIFICATE, 1);
-        if (rv != SECSuccess)
-            goto loser;
-        rv = ssl3_AppendNumberToItem(&plaintext,
-                                     ss->sec.ci.sid->peerCert->derCert.len, 3);
-        if (rv != SECSuccess)
-            goto loser;
-        rv = ssl3_AppendToItem(&plaintext,
-                               ss->sec.ci.sid->peerCert->derCert.data,
-                               ss->sec.ci.sid->peerCert->derCert.len);
-        if (rv != SECSuccess)
-            goto loser;
-    } else {
-        rv = ssl3_AppendNumberToItem(&plaintext, 0, 1);
-        if (rv != SECSuccess)
-            goto loser;
-    }
-
-    /* timestamp */
-    now = ssl_Time();
-    rv = ssl3_AppendNumberToItem(&plaintext, now,
-                                 sizeof(ticket.ticket_lifetime_hint));
-    if (rv != SECSuccess)
-        goto loser;
-
-    if (srvNameLen) {
-        /* Name Type (sni_host_name) */
-        rv = ssl3_AppendNumberToItem(&plaintext, srvName->type, 1);
-        if (rv != SECSuccess)
-            goto loser;
-        /* HostName (length and value) */
-        rv = ssl3_AppendNumberToItem(&plaintext, srvName->len, 2);
-        if (rv != SECSuccess)
-            goto loser;
-        rv = ssl3_AppendToItem(&plaintext, srvName->data, srvName->len);
-        if (rv != SECSuccess)
-            goto loser;
-    } else {
-        /* No Name */
-        rv = ssl3_AppendNumberToItem(&plaintext, (char)TLS_STE_NO_SERVER_NAME, 1);
-        if (rv != SECSuccess)
-            goto loser;
-    }
-
-    /* extendedMasterSecretUsed */
-    rv = ssl3_AppendNumberToItem(
-        &plaintext, ss->sec.ci.sid->u.ssl3.keys.extendedMasterSecretUsed, 1);
-    if (rv != SECSuccess)
-        goto loser;
-
-    PORT_Assert(plaintext.len == padding_length);
-    for (i = 0; i < padding_length; i++)
-        plaintext.data[i] = (unsigned char)padding_length;
-
-    if (SECITEM_AllocItem(NULL, &ciphertext, ciphertext_length) == NULL) {
-        rv = SECFailure;
-        goto loser;
-    }
-
-/* Generate encrypted portion of ticket. */
-#ifndef NO_PKCS11_BYPASS
-    if (ss->opt.bypassPKCS11) {
-        aes_ctx = (AESContext *)aes_ctx_buf;
-        rv = AES_InitContext(aes_ctx, aes_key, aes_key_length, iv,
-                             NSS_AES_CBC, 1, AES_BLOCK_SIZE);
-        if (rv != SECSuccess)
-            goto loser;
-
-        rv = AES_Encrypt(aes_ctx, ciphertext.data, &ciphertext.len,
-                         ciphertext.len, plaintext_item.data,
-                         plaintext_item.len);
-        if (rv != SECSuccess)
-            goto loser;
-    } else
-#endif
-    {
-        aes_ctx_pkcs11 = PK11_CreateContextBySymKey(cipherMech,
-                                                    CKA_ENCRYPT, aes_key_pkcs11, &ivItem);
-        if (!aes_ctx_pkcs11)
-            goto loser;
-
-        rv = PK11_CipherOp(aes_ctx_pkcs11, ciphertext.data,
-                           (int *)&ciphertext.len, ciphertext.len,
-                           plaintext_item.data, plaintext_item.len);
-        PK11_Finalize(aes_ctx_pkcs11);
-        PK11_DestroyContext(aes_ctx_pkcs11, PR_TRUE);
-        if (rv != SECSuccess)
-            goto loser;
-    }
-
-    /* Convert ciphertext length to network order. */
-    length_buf[0] = (ciphertext.len >> 8) & 0xff;
-    length_buf[1] = (ciphertext.len) & 0xff;
-
-/* Compute MAC. */
-#ifndef NO_PKCS11_BYPASS
-    if (ss->opt.bypassPKCS11) {
-        hmac_ctx = (HMACContext *)hmac_ctx_buf;
-        hashObj = HASH_GetRawHashObject(HASH_AlgSHA256);
-        if (HMAC_Init(hmac_ctx, hashObj, mac_key,
-                      mac_key_length, PR_FALSE) != SECSuccess)
-            goto loser;
-
-        HMAC_Begin(hmac_ctx);
-        HMAC_Update(hmac_ctx, key_name, SESS_TICKET_KEY_NAME_LEN);
-        HMAC_Update(hmac_ctx, iv, sizeof(iv));
-        HMAC_Update(hmac_ctx, (unsigned char *)length_buf, 2);
-        HMAC_Update(hmac_ctx, ciphertext.data, ciphertext.len);
-        HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length,
-                    sizeof(computed_mac));
-    } else
-#endif
-    {
-        SECItem macParam;
-        macParam.data = NULL;
-        macParam.len = 0;
-        hmac_ctx_pkcs11 = PK11_CreateContextBySymKey(macMech,
-                                                     CKA_SIGN, mac_key_pkcs11, &macParam);
-        if (!hmac_ctx_pkcs11)
-            goto loser;
-
-        rv = PK11_DigestBegin(hmac_ctx_pkcs11);
-        if (rv != SECSuccess)
-            goto loser;
-        rv = PK11_DigestOp(hmac_ctx_pkcs11, key_name,
-                           SESS_TICKET_KEY_NAME_LEN);
-        if (rv != SECSuccess)
-            goto loser;
-        rv = PK11_DigestOp(hmac_ctx_pkcs11, iv, sizeof(iv));
-        if (rv != SECSuccess)
-            goto loser;
-        rv = PK11_DigestOp(hmac_ctx_pkcs11, (unsigned char *)length_buf, 2);
-        if (rv != SECSuccess)
-            goto loser;
-        rv = PK11_DigestOp(hmac_ctx_pkcs11, ciphertext.data, ciphertext.len);
-        if (rv != SECSuccess)
-            goto loser;
-        rv = PK11_DigestFinal(hmac_ctx_pkcs11, computed_mac,
-                              &computed_mac_length, sizeof(computed_mac));
-        if (rv != SECSuccess)
-            goto loser;
-    }
-
-    /* Serialize the handshake message. */
-    rv = ssl3_AppendHandshakeHeader(ss, new_session_ticket, message_length);
-    if (rv != SECSuccess)
-        goto loser;
-
-    rv = ssl3_AppendHandshakeNumber(ss, ticket.ticket_lifetime_hint,
-                                    sizeof(ticket.ticket_lifetime_hint));
-    if (rv != SECSuccess)
-        goto loser;
-
-    rv = ssl3_AppendHandshakeNumber(ss,
-                                    message_length - sizeof(ticket.ticket_lifetime_hint) - 2,
-                                    2);
-    if (rv != SECSuccess)
-        goto loser;
-
-    rv = ssl3_AppendHandshake(ss, key_name, SESS_TICKET_KEY_NAME_LEN);
-    if (rv != SECSuccess)
-        goto loser;
-
-    rv = ssl3_AppendHandshake(ss, iv, sizeof(iv));
-    if (rv != SECSuccess)
-        goto loser;
-
-    rv = ssl3_AppendHandshakeVariable(ss, ciphertext.data, ciphertext.len, 2);
-    if (rv != SECSuccess)
-        goto loser;
-
-    rv = ssl3_AppendHandshake(ss, computed_mac, computed_mac_length);
-    if (rv != SECSuccess)
-        goto loser;
-
-loser:
-    if (hmac_ctx_pkcs11)
-        PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE);
-    if (plaintext_item.data)
-        SECITEM_FreeItem(&plaintext_item, PR_FALSE);
-    if (ciphertext.data)
-        SECITEM_FreeItem(&ciphertext, PR_FALSE);
-
-    return rv;
-}
-
-/* When a client receives a SessionTicket extension a NewSessionTicket
- * message is expected during the handshake.
- */
-SECStatus
-ssl3_ClientHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type,
-                                  SECItem *data)
-{
-    if (data->len != 0) {
-        return SECSuccess; /* Ignore the extension. */
-    }
-
-    /* Keep track of negotiated extensions. */
-    ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
-    return SECSuccess;
-}
-
-SECStatus
-ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type,
-                                  SECItem *data)
-{
-    SECStatus rv;
-    SECItem *decrypted_state = NULL;
-    SessionTicket *parsed_session_ticket = NULL;
-    sslSessionID *sid = NULL;
-    SSL3Statistics *ssl3stats;
-
-    /* Ignore the SessionTicket extension if processing is disabled. */
-    if (!ss->opt.enableSessionTickets) {
-        return SECSuccess;
-    }
-
-    /* Keep track of negotiated extensions. */
-    ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
-
-    /* Parse the received ticket sent in by the client.  We are
-     * lenient about some parse errors, falling back to a fullshake
-     * instead of terminating the current connection.
-     */
-    if (data->len == 0) {
-        ss->xtnData.emptySessionTicket = PR_TRUE;
-    } else {
-        PRUint32 i;
-        SECItem extension_data;
-        EncryptedSessionTicket enc_session_ticket;
-        unsigned char computed_mac[TLS_EX_SESS_TICKET_MAC_LENGTH];
-        unsigned int computed_mac_length;
-#ifndef NO_PKCS11_BYPASS
-        const SECHashObject *hashObj;
-        const unsigned char *aes_key;
-        const unsigned char *mac_key;
-        PRUint32 aes_key_length;
-        PRUint32 mac_key_length;
-        PRUint64 hmac_ctx_buf[MAX_MAC_CONTEXT_LLONGS];
-        HMACContext *hmac_ctx;
-        PRUint64 aes_ctx_buf[MAX_CIPHER_CONTEXT_LLONGS];
-        AESContext *aes_ctx;
-#endif
-        PK11SymKey *aes_key_pkcs11;
-        PK11SymKey *mac_key_pkcs11;
-        PK11Context *hmac_ctx_pkcs11;
-        CK_MECHANISM_TYPE macMech = CKM_SHA256_HMAC;
-        PK11Context *aes_ctx_pkcs11;
-        CK_MECHANISM_TYPE cipherMech = CKM_AES_CBC;
-        unsigned char *padding;
-        PRUint32 padding_length;
-        unsigned char *buffer;
-        unsigned int buffer_len;
-        PRInt32 temp;
-        SECItem cert_item;
-        PRInt8 nameType = TLS_STE_NO_SERVER_NAME;
-
-        /* Turn off stateless session resumption if the client sends a
-         * SessionTicket extension, even if the extension turns out to be
-         * malformed (ss->sec.ci.sid is non-NULL when doing session
-         * renegotiation.)
-         */
-        if (ss->sec.ci.sid != NULL) {
-            if (ss->sec.uncache)
-                ss->sec.uncache(ss->sec.ci.sid);
-            ssl_FreeSID(ss->sec.ci.sid);
-            ss->sec.ci.sid = NULL;
-        }
-
-        extension_data.data = data->data; /* Keep a copy for future use. */
-        extension_data.len = data->len;
-
-        if (ssl3_ParseEncryptedSessionTicket(ss, data, &enc_session_ticket) !=
-            SECSuccess) {
-            return SECSuccess; /* Pretend it isn't there */
-        }
-
-/* Get session ticket keys. */
-#ifndef NO_PKCS11_BYPASS
-        if (ss->opt.bypassPKCS11) {
-            rv = ssl3_GetSessionTicketKeys(&aes_key, &aes_key_length,
-                                           &mac_key, &mac_key_length);
-        } else
-#endif
-        {
-            rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11,
-                                                 &mac_key_pkcs11);
-        }
-        if (rv != SECSuccess) {
-            SSL_DBG(("%d: SSL[%d]: Unable to get/generate session ticket keys.",
-                     SSL_GETPID(), ss->fd));
-            goto loser;
-        }
-
-        /* If the ticket sent by the client was generated under a key different
-         * from the one we have, bypass ticket processing.
-         */
-        if (PORT_Memcmp(enc_session_ticket.key_name, key_name,
-                        SESS_TICKET_KEY_NAME_LEN) != 0) {
-            SSL_DBG(("%d: SSL[%d]: Session ticket key_name sent mismatch.",
-                     SSL_GETPID(), ss->fd));
-            goto no_ticket;
-        }
-
-        /* Verify the MAC on the ticket.  MAC verification may also
-         * fail if the MAC key has been recently refreshed.
-         */
-#ifndef NO_PKCS11_BYPASS
-        if (ss->opt.bypassPKCS11) {
-            hmac_ctx = (HMACContext *)hmac_ctx_buf;
-            hashObj = HASH_GetRawHashObject(HASH_AlgSHA256);
-            if (HMAC_Init(hmac_ctx, hashObj, mac_key,
-                          sizeof(session_ticket_mac_key), PR_FALSE) != SECSuccess)
-                goto no_ticket;
-            HMAC_Begin(hmac_ctx);
-            HMAC_Update(hmac_ctx, extension_data.data,
-                        extension_data.len - TLS_EX_SESS_TICKET_MAC_LENGTH);
-            if (HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length,
-                            sizeof(computed_mac)) != SECSuccess)
-                goto no_ticket;
-        } else
-#endif
-        {
-            SECItem macParam;
-            macParam.data = NULL;
-            macParam.len = 0;
-            hmac_ctx_pkcs11 = PK11_CreateContextBySymKey(macMech,
-                                                         CKA_SIGN, mac_key_pkcs11, &macParam);
-            if (!hmac_ctx_pkcs11) {
-                SSL_DBG(("%d: SSL[%d]: Unable to create HMAC context: %d.",
-                         SSL_GETPID(), ss->fd, PORT_GetError()));
-                goto no_ticket;
-            } else {
-                SSL_DBG(("%d: SSL[%d]: Successfully created HMAC context.",
-                         SSL_GETPID(), ss->fd));
-            }
-            rv = PK11_DigestBegin(hmac_ctx_pkcs11);
-            rv = PK11_DigestOp(hmac_ctx_pkcs11, extension_data.data,
-                               extension_data.len -
-                                   TLS_EX_SESS_TICKET_MAC_LENGTH);
-            if (rv != SECSuccess) {
-                PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE);
-                goto no_ticket;
-            }
-            rv = PK11_DigestFinal(hmac_ctx_pkcs11, computed_mac,
-                                  &computed_mac_length, sizeof(computed_mac));
-            PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE);
-            if (rv != SECSuccess)
-                goto no_ticket;
-        }
-        if (NSS_SecureMemcmp(computed_mac, enc_session_ticket.mac,
-                             computed_mac_length) !=
-            0) {
-            SSL_DBG(("%d: SSL[%d]: Session ticket MAC mismatch.",
-                     SSL_GETPID(), ss->fd));
-            goto no_ticket;
-        }
-
-        /* We ignore key_name for now.
-         * This is ok as MAC verification succeeded.
-         */
-
-        /* Decrypt the ticket. */
-
-        /* Plaintext is shorter than the ciphertext due to padding. */
-        decrypted_state = SECITEM_AllocItem(NULL, NULL,
-                                            enc_session_ticket.encrypted_state.len);
-
-#ifndef NO_PKCS11_BYPASS
-        if (ss->opt.bypassPKCS11) {
-            aes_ctx = (AESContext *)aes_ctx_buf;
-            rv = AES_InitContext(aes_ctx, aes_key,
-                                 sizeof(session_ticket_enc_key), enc_session_ticket.iv,
-                                 NSS_AES_CBC, 0, AES_BLOCK_SIZE);
-            if (rv != SECSuccess) {
-                SSL_DBG(("%d: SSL[%d]: Unable to create AES context.",
-                         SSL_GETPID(), ss->fd));
-                goto no_ticket;
-            }
-
-            rv = AES_Decrypt(aes_ctx, decrypted_state->data,
-                             &decrypted_state->len, decrypted_state->len,
-                             enc_session_ticket.encrypted_state.data,
-                             enc_session_ticket.encrypted_state.len);
-            if (rv != SECSuccess)
-                goto no_ticket;
-        } else
-#endif
-        {
-            SECItem ivItem;
-            ivItem.data = enc_session_ticket.iv;
-            ivItem.len = AES_BLOCK_SIZE;
-            aes_ctx_pkcs11 = PK11_CreateContextBySymKey(cipherMech,
-                                                        CKA_DECRYPT, aes_key_pkcs11, &ivItem);
-            if (!aes_ctx_pkcs11) {
-                SSL_DBG(("%d: SSL[%d]: Unable to create AES context.",
-                         SSL_GETPID(), ss->fd));
-                goto no_ticket;
-            }
-
-            rv = PK11_CipherOp(aes_ctx_pkcs11, decrypted_state->data,
-                               (int *)&decrypted_state->len, decrypted_state->len,
-                               enc_session_ticket.encrypted_state.data,
-                               enc_session_ticket.encrypted_state.len);
-            PK11_Finalize(aes_ctx_pkcs11);
-            PK11_DestroyContext(aes_ctx_pkcs11, PR_TRUE);
-            if (rv != SECSuccess)
-                goto no_ticket;
-        }
-
-        /* Check padding. */
-        padding_length =
-            (PRUint32)decrypted_state->data[decrypted_state->len - 1];
-        if (padding_length == 0 || padding_length > AES_BLOCK_SIZE)
-            goto no_ticket;
-
-        padding = &decrypted_state->data[decrypted_state->len - padding_length];
-        for (i = 0; i < padding_length; i++, padding++) {
-            if (padding_length != (PRUint32)*padding)
-                goto no_ticket;
-        }
-
-        /* Deserialize session state. */
-        buffer = decrypted_state->data;
-        buffer_len = decrypted_state->len;
-
-        parsed_session_ticket = PORT_ZAlloc(sizeof(SessionTicket));
-        if (parsed_session_ticket == NULL) {
-            rv = SECFailure;
-            goto loser;
-        }
-
-        /* Read ticket_version and reject if the version is wrong */
-        temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len);
-        if (temp != TLS_EX_SESS_TICKET_VERSION)
-            goto no_ticket;
-
-        parsed_session_ticket->ticket_version = (SSL3ProtocolVersion)temp;
-
-        /* Read SSLVersion. */
-        temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len);
-        if (temp < 0)
-            goto no_ticket;
-        parsed_session_ticket->ssl_version = (SSL3ProtocolVersion)temp;
-
-        /* Read cipher_suite. */
-        temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len);
-        if (temp < 0)
-            goto no_ticket;
-        parsed_session_ticket->cipher_suite = (ssl3CipherSuite)temp;
-
-        /* Read compression_method. */
-        temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
-        if (temp < 0)
-            goto no_ticket;
-        parsed_session_ticket->compression_method = (SSLCompressionMethod)temp;
-
-        /* Read cipher spec parameters. */
-        temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
-        if (temp < 0)
-            goto no_ticket;
-        parsed_session_ticket->authAlgorithm = (SSLSignType)temp;
-        temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len);
-        if (temp < 0)
-            goto no_ticket;
-        parsed_session_ticket->authKeyBits = (PRUint32)temp;
-        temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
-        if (temp < 0)
-            goto no_ticket;
-        parsed_session_ticket->keaType = (SSLKEAType)temp;
-        temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len);
-        if (temp < 0)
-            goto no_ticket;
-        parsed_session_ticket->keaKeyBits = (PRUint32)temp;
-
-        /* Read wrapped master_secret. */
-        temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
-        if (temp < 0)
-            goto no_ticket;
-        parsed_session_ticket->ms_is_wrapped = (PRBool)temp;
-
-        temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
-        if (temp < 0)
-            goto no_ticket;
-        parsed_session_ticket->exchKeyType = (SSL3KEAType)temp;
-
-        temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len);
-        if (temp < 0)
-            goto no_ticket;
-        parsed_session_ticket->msWrapMech = (CK_MECHANISM_TYPE)temp;
-
-        temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len);
-        if (temp < 0)
-            goto no_ticket;
-        parsed_session_ticket->ms_length = (PRUint16)temp;
-        if (parsed_session_ticket->ms_length == 0 || /* sanity check MS. */
-            parsed_session_ticket->ms_length >
-                sizeof(parsed_session_ticket->master_secret))
-            goto no_ticket;
-
-        /* Allow for the wrapped master secret to be longer. */
-        if (buffer_len < parsed_session_ticket->ms_length)
-            goto no_ticket;
-        PORT_Memcpy(parsed_session_ticket->master_secret, buffer,
-                    parsed_session_ticket->ms_length);
-        buffer += parsed_session_ticket->ms_length;
-        buffer_len -= parsed_session_ticket->ms_length;
-
-        /* Read client_identity */
-        temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
-        if (temp < 0)
-            goto no_ticket;
-        parsed_session_ticket->client_identity.client_auth_type =
-            (ClientAuthenticationType)temp;
-        switch (parsed_session_ticket->client_identity.client_auth_type) {
-            case CLIENT_AUTH_ANONYMOUS:
-                break;
-            case CLIENT_AUTH_CERTIFICATE:
-                rv = ssl3_ConsumeHandshakeVariable(ss, &cert_item, 3,
-                                                   &buffer, &buffer_len);
-                if (rv != SECSuccess)
-                    goto no_ticket;
-                rv = SECITEM_CopyItem(NULL, &parsed_session_ticket->peer_cert,
-                                      &cert_item);
-                if (rv != SECSuccess)
-                    goto no_ticket;
-                break;
-            default:
-                goto no_ticket;
-        }
-        /* Read timestamp. */
-        temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len);
-        if (temp < 0)
-            goto no_ticket;
-        parsed_session_ticket->timestamp = (PRUint32)temp;
-
-        /* Read server name */
-        nameType =
-            ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
-        if (nameType != TLS_STE_NO_SERVER_NAME) {
-            SECItem name_item;
-            rv = ssl3_ConsumeHandshakeVariable(ss, &name_item, 2, &buffer,
-                                               &buffer_len);
-            if (rv != SECSuccess)
-                goto no_ticket;
-            rv = SECITEM_CopyItem(NULL, &parsed_session_ticket->srvName,
-                                  &name_item);
-            if (rv != SECSuccess)
-                goto no_ticket;
-            parsed_session_ticket->srvName.type = nameType;
-        }
-
-        /* Read extendedMasterSecretUsed */
-        temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
-        if (temp < 0)
-            goto no_ticket;
-        PORT_Assert(temp == PR_TRUE || temp == PR_FALSE);
-        parsed_session_ticket->extendedMasterSecretUsed = (PRBool)temp;
-
-        /* Done parsing.  Check that all bytes have been consumed. */
-        if (buffer_len != padding_length)
-            goto no_ticket;
-
-        /* Use the ticket if it has not expired, otherwise free the allocated
-         * memory since the ticket is of no use.
-         */
-        if (parsed_session_ticket->timestamp != 0 &&
-            parsed_session_ticket->timestamp +
-                    TLS_EX_SESS_TICKET_LIFETIME_HINT >
-                ssl_Time()) {
-
-            sid = ssl3_NewSessionID(ss, PR_TRUE);
-            if (sid == NULL) {
-                rv = SECFailure;
-                goto loser;
-            }
-
-            /* Copy over parameters. */
-            sid->version = parsed_session_ticket->ssl_version;
-            sid->u.ssl3.cipherSuite = parsed_session_ticket->cipher_suite;
-            sid->u.ssl3.compression = parsed_session_ticket->compression_method;
-            sid->authAlgorithm = parsed_session_ticket->authAlgorithm;
-            sid->authKeyBits = parsed_session_ticket->authKeyBits;
-            sid->keaType = parsed_session_ticket->keaType;
-            sid->keaKeyBits = parsed_session_ticket->keaKeyBits;
-
-/* Copy master secret. */
-#ifndef NO_PKCS11_BYPASS
-            if (ss->opt.bypassPKCS11 &&
-                parsed_session_ticket->ms_is_wrapped)
-                goto no_ticket;
-#endif
-            if (parsed_session_ticket->ms_length >
-                sizeof(sid->u.ssl3.keys.wrapped_master_secret))
-                goto no_ticket;
-            PORT_Memcpy(sid->u.ssl3.keys.wrapped_master_secret,
-                        parsed_session_ticket->master_secret,
-                        parsed_session_ticket->ms_length);
-            sid->u.ssl3.keys.wrapped_master_secret_len =
-                parsed_session_ticket->ms_length;
-            sid->u.ssl3.exchKeyType = parsed_session_ticket->exchKeyType;
-            sid->u.ssl3.masterWrapMech = parsed_session_ticket->msWrapMech;
-            sid->u.ssl3.keys.msIsWrapped =
-                parsed_session_ticket->ms_is_wrapped;
-            sid->u.ssl3.masterValid = PR_TRUE;
-            sid->u.ssl3.keys.resumable = PR_TRUE;
-            sid->u.ssl3.keys.extendedMasterSecretUsed = parsed_session_ticket->extendedMasterSecretUsed;
-
-            /* Copy over client cert from session ticket if there is one. */
-            if (parsed_session_ticket->peer_cert.data != NULL) {
-                if (sid->peerCert != NULL)
-                    CERT_DestroyCertificate(sid->peerCert);
-                sid->peerCert = CERT_NewTempCertificate(ss->dbHandle,
-                                                        &parsed_session_ticket->peer_cert, NULL, PR_FALSE, PR_TRUE);
-                if (sid->peerCert == NULL) {
-                    rv = SECFailure;
-                    goto loser;
-                }
-            }
-            if (parsed_session_ticket->srvName.data != NULL) {
-                sid->u.ssl3.srvName = parsed_session_ticket->srvName;
-            }
-            ss->statelessResume = PR_TRUE;
-            ss->sec.ci.sid = sid;
-        }
-    }
-
-    if (0) {
-    no_ticket:
-        SSL_DBG(("%d: SSL[%d]: Session ticket parsing failed.",
-                 SSL_GETPID(), ss->fd));
-        ssl3stats = SSL_GetStatistics();
-        SSL_AtomicIncrementLong(&ssl3stats->hch_sid_ticket_parse_failures);
-    }
-    rv = SECSuccess;
-
-loser:
-    /* ss->sec.ci.sid == sid if it did NOT come here via goto statement
-     * in that case do not free sid
-     */
-    if (sid && (ss->sec.ci.sid != sid)) {
-        ssl_FreeSID(sid);
-        sid = NULL;
-    }
-    if (decrypted_state != NULL) {
-        SECITEM_FreeItem(decrypted_state, PR_TRUE);
-        decrypted_state = NULL;
-    }
-
-    if (parsed_session_ticket != NULL) {
-        if (parsed_session_ticket->peer_cert.data) {
-            SECITEM_FreeItem(&parsed_session_ticket->peer_cert, PR_FALSE);
-        }
-        PORT_ZFree(parsed_session_ticket, sizeof(SessionTicket));
-    }
-
-    return rv;
-}
-
-/*
- * Read bytes.  Using this function means the SECItem structure
- * cannot be freed.  The caller is expected to call this function
- * on a shallow copy of the structure.
- */
-static SECStatus
-ssl3_ConsumeFromItem(SECItem *item, unsigned char **buf, PRUint32 bytes)
-{
-    if (bytes > item->len)
-        return SECFailure;
-
-    *buf = item->data;
-    item->data += bytes;
-    item->len -= bytes;
-    return SECSuccess;
-}
-
-static SECStatus
-ssl3_ParseEncryptedSessionTicket(sslSocket *ss, SECItem *data,
-                                 EncryptedSessionTicket *enc_session_ticket)
-{
-    if (ssl3_ConsumeFromItem(data, &enc_session_ticket->key_name,
-                             SESS_TICKET_KEY_NAME_LEN) !=
-        SECSuccess)
-        return SECFailure;
-    if (ssl3_ConsumeFromItem(data, &enc_session_ticket->iv,
-                             AES_BLOCK_SIZE) !=
-        SECSuccess)
-        return SECFailure;
-    if (ssl3_ConsumeHandshakeVariable(ss, &enc_session_ticket->encrypted_state,
-                                      2, &data->data, &data->len) !=
-        SECSuccess)
-        return SECFailure;
-    if (ssl3_ConsumeFromItem(data, &enc_session_ticket->mac,
-                             TLS_EX_SESS_TICKET_MAC_LENGTH) !=
-        SECSuccess)
-        return SECFailure;
-    if (data->len != 0) /* Make sure that we have consumed all bytes. */
-        return SECFailure;
-
-    return SECSuccess;
-}
-
-/* go through hello extensions in buffer "b".
- * For each one, find the extension handler in the table, and
- * if present, invoke that handler.
- * Servers ignore any extensions with unknown extension types.
- * Clients reject any extensions with unadvertised extension types.
- * In TLS >= 1.3, the client checks that extensions appear in the
- * right phase.
- */
-SECStatus
-ssl3_HandleHelloExtensions(sslSocket *ss, SSL3Opaque **b, PRUint32 *length,
-                           SSL3HandshakeType handshakeMessage)
-{
-    const ssl3HelloExtensionHandler *handlers;
-    PRBool isTLS13 = ss->version >= SSL_LIBRARY_VERSION_TLS_1_3;
-
-    switch (handshakeMessage) {
-        case client_hello:
-            handlers = clientHelloHandlers;
-            break;
-        case encrypted_extensions:
-            PORT_Assert(ss->version >= SSL_LIBRARY_VERSION_TLS_1_3);
-        /* fall through */
-        case server_hello:
-            if (ss->version > SSL_LIBRARY_VERSION_3_0) {
-                handlers = serverHelloHandlersTLS;
-            } else {
-                handlers = serverHelloHandlersSSL3;
-            }
-            break;
-        default:
-            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-            PORT_Assert(0);
-            return SECFailure;
-    }
-
-    while (*length) {
-        const ssl3HelloExtensionHandler *handler;
-        SECStatus rv;
-        PRInt32 extension_type;
-        SECItem extension_data;
-
-        /* Get the extension's type field */
-        extension_type = ssl3_ConsumeHandshakeNumber(ss, 2, b, length);
-        if (extension_type < 0) /* failure to decode extension_type */
-            return SECFailure;  /* alert already sent */
-
-        /* get the data for this extension, so we can pass it or skip it. */
-        rv = ssl3_ConsumeHandshakeVariable(ss, &extension_data, 2, b, length);
-        if (rv != SECSuccess)
-            return rv; /* alert already sent */
-
-        /* Check whether the server sent an extension which was not advertised
-         * in the ClientHello */
-        if (!ss->sec.isServer &&
-            !ssl3_ClientExtensionAdvertised(ss, extension_type)) {
-            (void)SSL3_SendAlert(ss, alert_fatal, unsupported_extension);
-            return SECFailure;
-        }
-
-        /* Check whether an extension has been sent multiple times. */
-        if (ssl3_ExtensionNegotiated(ss, extension_type)) {
-            (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter);
-            return SECFailure;
-        }
-
-        /* Check that this is a legal extension in TLS 1.3 */
-        if (isTLS13 && !tls13_ExtensionAllowed(extension_type, handshakeMessage)) {
-            if (handshakeMessage == client_hello) {
-                /* Skip extensions not used in TLS 1.3 */
-                continue;
-            }
-            tls13_FatalError(ss, SSL_ERROR_EXTENSION_DISALLOWED_FOR_VERSION,
-                             unsupported_extension);
-            return SECFailure;
-        }
-
-        /* find extension_type in table of Hello Extension Handlers */
-        for (handler = handlers; handler->ex_type >= 0; handler++) {
-            /* if found, call this handler */
-            if (handler->ex_type == extension_type) {
-                rv = (*handler->ex_handler)(ss, (PRUint16)extension_type,
-                                            &extension_data);
-                if (rv != SECSuccess) {
-                    if (!ss->ssl3.fatalAlertSent) {
-                        /* send a generic alert if the handler didn't already */
-                        (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure);
-                    }
-                    return SECFailure;
-                }
-            }
-        }
-    }
-    return SECSuccess;
-}
-
-/* Add a callback function to the table of senders of server hello extensions.
- */
-SECStatus
-ssl3_RegisterServerHelloExtensionSender(sslSocket *ss, PRUint16 ex_type,
-                                        ssl3HelloExtensionSenderFunc cb)
-{
-    int i;
-    ssl3HelloExtensionSender *sender;
-    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
-        sender = &ss->xtnData.serverHelloSenders[0];
-    } else {
-        if (tls13_ExtensionAllowed(ex_type, server_hello)) {
-            PORT_Assert(!tls13_ExtensionAllowed(ex_type, encrypted_extensions));
-            sender = &ss->xtnData.serverHelloSenders[0];
-        } else {
-            PORT_Assert(tls13_ExtensionAllowed(ex_type, encrypted_extensions));
-            sender = &ss->xtnData.encryptedExtensionsSenders[0];
-        }
-    }
-
-    for (i = 0; i < SSL_MAX_EXTENSIONS; ++i, ++sender) {
-        if (!sender->ex_sender) {
-            sender->ex_type = ex_type;
-            sender->ex_sender = cb;
-            return SECSuccess;
-        }
-        /* detect duplicate senders */
-        PORT_Assert(sender->ex_type != ex_type);
-        if (sender->ex_type == ex_type) {
-            /* duplicate */
-            break;
-        }
-    }
-    PORT_Assert(i < SSL_MAX_EXTENSIONS); /* table needs to grow */
-    PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-    return SECFailure;
-}
-
-/* call each of the extension senders and return the accumulated length */
-PRInt32
-ssl3_CallHelloExtensionSenders(sslSocket *ss, PRBool append, PRUint32 maxBytes,
-                               const ssl3HelloExtensionSender *sender)
-{
-    PRInt32 total_exten_len = 0;
-    int i;
-
-    if (!sender) {
-        if (ss->version > SSL_LIBRARY_VERSION_3_0) {
-            sender = &clientHelloSendersTLS[0];
-        } else {
-            sender = &clientHelloSendersSSL3[0];
-        }
-    }
-
-    for (i = 0; i < SSL_MAX_EXTENSIONS; ++i, ++sender) {
-        if (sender->ex_sender) {
-            PRInt32 extLen = (*sender->ex_sender)(ss, append, maxBytes);
-            if (extLen < 0)
-                return -1;
-            maxBytes -= extLen;
-            total_exten_len += extLen;
-        }
-    }
-    return total_exten_len;
-}
-
-/* Extension format:
- * Extension number:   2 bytes
- * Extension length:   2 bytes
- * Verify Data Length: 1 byte
- * Verify Data (TLS): 12 bytes (client) or 24 bytes (server)
- * Verify Data (SSL): 36 bytes (client) or 72 bytes (server)
- */
-static PRInt32
-ssl3_SendRenegotiationInfoXtn(
-    sslSocket *ss,
-    PRBool append,
-    PRUint32 maxBytes)
-{
-    PRInt32 len = 0;
-    PRInt32 needed;
-
-    /* In draft-ietf-tls-renegotiation-03, it is NOT RECOMMENDED to send
-     * both the SCSV and the empty RI, so when we send SCSV in
-     * the initial handshake, we don't also send RI.
-     */
-    if (!ss || ss->ssl3.hs.sendingSCSV)
-        return 0;
-    if (ss->firstHsDone) {
-        len = ss->sec.isServer ? ss->ssl3.hs.finishedBytes * 2
-                               : ss->ssl3.hs.finishedBytes;
-    }
-    needed = 5 + len;
-    if (maxBytes < (PRUint32)needed) {
-        return 0;
-    }
-    if (append) {
-        SECStatus rv;
-        /* extension_type */
-        rv = ssl3_AppendHandshakeNumber(ss, ssl_renegotiation_info_xtn, 2);
-        if (rv != SECSuccess)
-            return -1;
-        /* length of extension_data */
-        rv = ssl3_AppendHandshakeNumber(ss, len + 1, 2);
-        if (rv != SECSuccess)
-            return -1;
-        /* verify_Data from previous Finished message(s) */
-        rv = ssl3_AppendHandshakeVariable(ss,
-                                          ss->ssl3.hs.finishedMsgs.data, len, 1);
-        if (rv != SECSuccess)
-            return -1;
-        if (!ss->sec.isServer) {
-            TLSExtensionData *xtnData = &ss->xtnData;
-            xtnData->advertised[xtnData->numAdvertised++] =
-                ssl_renegotiation_info_xtn;
-        }
-    }
-    return needed;
-}
-
-static SECStatus
-ssl3_ServerHandleStatusRequestXtn(sslSocket *ss, PRUint16 ex_type,
-                                  SECItem *data)
-{
-    SECStatus rv = SECSuccess;
-
-    /* remember that we got this extension. */
-    ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
-    PORT_Assert(ss->sec.isServer);
-    /* prepare to send back the appropriate response */
-    rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type,
-                                                 ssl3_ServerSendStatusRequestXtn);
-    return rv;
-}
-
-/* This function runs in both the client and server.  */
-static SECStatus
-ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data)
-{
-    SECStatus rv = SECSuccess;
-    PRUint32 len = 0;
-
-    if (ss->firstHsDone) {
-        len = ss->sec.isServer ? ss->ssl3.hs.finishedBytes
-                               : ss->ssl3.hs.finishedBytes * 2;
-    }
-    if (data->len != 1 + len || data->data[0] != len) {
-        (void)ssl3_DecodeError(ss);
-        return SECFailure;
-    }
-    if (len && NSS_SecureMemcmp(ss->ssl3.hs.finishedMsgs.data,
-                                data->data + 1, len)) {
-        (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure);
-        PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
-        return SECFailure;
-    }
-    /* remember that we got this extension and it was correct. */
-    ss->peerRequestedProtection = 1;
-    ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
-    if (ss->sec.isServer) {
-        /* prepare to send back the appropriate response */
-        rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type,
-                                                     ssl3_SendRenegotiationInfoXtn);
-    }
-    return rv;
-}
-
-static PRInt32
-ssl3_ClientSendUseSRTPXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes)
-{
-    PRUint32 ext_data_len;
-    PRInt16 i;
-    SECStatus rv;
-
-    if (!ss)
-        return 0;
-
-    if (!IS_DTLS(ss) || !ss->ssl3.dtlsSRTPCipherCount)
-        return 0; /* Not relevant */
-
-    ext_data_len = 2 + 2 * ss->ssl3.dtlsSRTPCipherCount + 1;
-
-    if (append && maxBytes >= 4 + ext_data_len) {
-        /* Extension type */
-        rv = ssl3_AppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2);
-        if (rv != SECSuccess)
-            return -1;
-        /* Length of extension data */
-        rv = ssl3_AppendHandshakeNumber(ss, ext_data_len, 2);
-        if (rv != SECSuccess)
-            return -1;
-        /* Length of the SRTP cipher list */
-        rv = ssl3_AppendHandshakeNumber(ss,
-                                        2 * ss->ssl3.dtlsSRTPCipherCount,
-                                        2);
-        if (rv != SECSuccess)
-            return -1;
-        /* The SRTP ciphers */
-        for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) {
-            rv = ssl3_AppendHandshakeNumber(ss,
-                                            ss->ssl3.dtlsSRTPCiphers[i],
-                                            2);
-        }
-        /* Empty MKI value */
-        ssl3_AppendHandshakeVariable(ss, NULL, 0, 1);
-
-        ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
-            ssl_use_srtp_xtn;
-    }
-
-    return 4 + ext_data_len;
-}
-
-static PRInt32
-ssl3_ServerSendUseSRTPXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes)
-{
-    SECStatus rv;
-
-    /* Server side */
-    if (!append || maxBytes < 9) {
-        return 9;
-    }
-
-    /* Extension type */
-    rv = ssl3_AppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2);
-    if (rv != SECSuccess)
-        return -1;
-    /* Length of extension data */
-    rv = ssl3_AppendHandshakeNumber(ss, 5, 2);
-    if (rv != SECSuccess)
-        return -1;
-    /* Length of the SRTP cipher list */
-    rv = ssl3_AppendHandshakeNumber(ss, 2, 2);
-    if (rv != SECSuccess)
-        return -1;
-    /* The selected cipher */
-    rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.dtlsSRTPCipherSuite, 2);
-    if (rv != SECSuccess)
-        return -1;
-    /* Empty MKI value */
-    ssl3_AppendHandshakeVariable(ss, NULL, 0, 1);
-
-    return 9;
-}
-
-static SECStatus
-ssl3_ClientHandleUseSRTPXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data)
-{
-    SECStatus rv;
-    SECItem ciphers = { siBuffer, NULL, 0 };
-    PRUint16 i;
-    PRUint16 cipher = 0;
-    PRBool found = PR_FALSE;
-    SECItem litem;
-
-    if (!data->data || !data->len) {
-        (void)ssl3_DecodeError(ss);
-        return SECFailure;
-    }
-
-    /* Get the cipher list */
-    rv = ssl3_ConsumeHandshakeVariable(ss, &ciphers, 2,
-                                       &data->data, &data->len);
-    if (rv != SECSuccess) {
-        return SECFailure; /* fatal alert already sent */
-    }
-    /* Now check that the server has picked just 1 (i.e., len = 2) */
-    if (ciphers.len != 2) {
-        (void)ssl3_DecodeError(ss);
-        return SECFailure;
-    }
-
-    /* Get the selected cipher */
-    cipher = (ciphers.data[0] << 8) | ciphers.data[1];
-
-    /* Now check that this is one of the ciphers we offered */
-    for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) {
-        if (cipher == ss->ssl3.dtlsSRTPCiphers[i]) {
-            found = PR_TRUE;
-            break;
-        }
-    }
-
-    if (!found) {
-        (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter);
-        PORT_SetError(SSL_ERROR_RX_MALFORMED_SERVER_HELLO);
-        return SECFailure;
-    }
-
-    /* Get the srtp_mki value */
-    rv = ssl3_ConsumeHandshakeVariable(ss, &litem, 1,
-                                       &data->data, &data->len);
-    if (rv != SECSuccess) {
-        return SECFailure; /* alert already sent */
-    }
-
-    /* We didn't offer an MKI, so this must be 0 length */
-    if (litem.len != 0) {
-        (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter);
-        PORT_SetError(SSL_ERROR_RX_MALFORMED_SERVER_HELLO);
-        return SECFailure;
-    }
-
-    /* extra trailing bytes */
-    if (data->len != 0) {
-        (void)ssl3_DecodeError(ss);
-        return SECFailure;
-    }
-
-    /* OK, this looks fine. */
-    ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ssl_use_srtp_xtn;
-    ss->ssl3.dtlsSRTPCipherSuite = cipher;
-    return SECSuccess;
-}
-
-static SECStatus
-ssl3_ServerHandleUseSRTPXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data)
-{
-    SECStatus rv;
-    SECItem ciphers = { siBuffer, NULL, 0 };
-    PRUint16 i;
-    unsigned int j;
-    PRUint16 cipher = 0;
-    PRBool found = PR_FALSE;
-    SECItem litem;
-
-    if (!IS_DTLS(ss) || !ss->ssl3.dtlsSRTPCipherCount) {
-        /* Ignore the extension if we aren't doing DTLS or no DTLS-SRTP
-         * preferences have been set. */
-        return SECSuccess;
-    }
-
-    if (!data->data || data->len < 5) {
-        (void)ssl3_DecodeError(ss);
-        return SECFailure;
-    }
-
-    /* Get the cipher list */
-    rv = ssl3_ConsumeHandshakeVariable(ss, &ciphers, 2,
-                                       &data->data, &data->len);
-    if (rv != SECSuccess) {
-        return SECFailure; /* alert already sent */
-    }
-    /* Check that the list is even length */
-    if (ciphers.len % 2) {
-        (void)ssl3_DecodeError(ss);
-        return SECFailure;
-    }
-
-    /* Walk through the offered list and pick the most preferred of our
-     * ciphers, if any */
-    for (i = 0; !found && i < ss->ssl3.dtlsSRTPCipherCount; i++) {
-        for (j = 0; j + 1 < ciphers.len; j += 2) {
-            cipher = (ciphers.data[j] << 8) | ciphers.data[j + 1];
-            if (cipher == ss->ssl3.dtlsSRTPCiphers[i]) {
-                found = PR_TRUE;
-                break;
-            }
-        }
-    }
-
-    /* Get the srtp_mki value */
-    rv = ssl3_ConsumeHandshakeVariable(ss, &litem, 1, &data->data, &data->len);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-
-    if (data->len != 0) {
-        (void)ssl3_DecodeError(ss); /* trailing bytes */
-        return SECFailure;
-    }
-
-    /* Now figure out what to do */
-    if (!found) {
-        /* No matching ciphers, pretend we don't support use_srtp */
-        return SECSuccess;
-    }
-
-    /* OK, we have a valid cipher and we've selected it */
-    ss->ssl3.dtlsSRTPCipherSuite = cipher;
-    ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ssl_use_srtp_xtn;
-
-    return ssl3_RegisterServerHelloExtensionSender(ss, ssl_use_srtp_xtn,
-                                                   ssl3_ServerSendUseSRTPXtn);
-}
-
-/* ssl3_ServerHandleSigAlgsXtn handles the signature_algorithms extension
- * from a client.
- * See https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
-static SECStatus
-ssl3_ServerHandleSigAlgsXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data)
-{
-    SECStatus rv;
-    SECItem algorithms;
-    const unsigned char *b;
-    unsigned int numAlgorithms, i;
-
-    /* Ignore this extension if we aren't doing TLS 1.2 or greater. */
-    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_2) {
-        return SECSuccess;
-    }
-
-    rv = ssl3_ConsumeHandshakeVariable(ss, &algorithms, 2, &data->data,
-                                       &data->len);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-    /* Trailing data, empty value, or odd-length value is invalid. */
-    if (data->len != 0 || algorithms.len == 0 || (algorithms.len & 1) != 0) {
-        (void)SSL3_SendAlert(ss, alert_fatal, decode_error);
-        PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
-        return SECFailure;
-    }
-
-    numAlgorithms = algorithms.len / 2;
-
-    /* We don't care to process excessive numbers of algorithms. */
-    if (numAlgorithms > 512) {
-        numAlgorithms = 512;
-    }
-
-    ss->ssl3.hs.clientSigAndHash =
-        PORT_NewArray(SSLSignatureAndHashAlg, numAlgorithms);
-    if (!ss->ssl3.hs.clientSigAndHash) {
-        (void)SSL3_SendAlert(ss, alert_fatal, internal_error);
-        PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
-        return SECFailure;
-    }
-    ss->ssl3.hs.numClientSigAndHash = 0;
-
-    b = algorithms.data;
-    ss->ssl3.hs.numClientSigAndHash = 0;
-    for (i = 0; i < numAlgorithms; i++) {
-        SSLSignatureAndHashAlg *sigAndHash =
-            &ss->ssl3.hs.clientSigAndHash[ss->ssl3.hs.numClientSigAndHash];
-        sigAndHash->hashAlg = (SSLHashType) * (b++);
-        sigAndHash->sigAlg = (SSLSignType) * (b++);
-        if (ssl3_IsSupportedSignatureAlgorithm(sigAndHash)) {
-            ++ss->ssl3.hs.numClientSigAndHash;
-        }
-    }
-
-    if (!ss->ssl3.hs.numClientSigAndHash) {
-        /* We didn't understand any of the client's requested signature
-         * formats. We'll use the defaults. */
-        PORT_Free(ss->ssl3.hs.clientSigAndHash);
-        ss->ssl3.hs.clientSigAndHash = NULL;
-    }
-
-    /* Keep track of negotiated extensions. */
-    ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
-    return SECSuccess;
-}
-
-/* ssl3_ClientSendSigAlgsXtn sends the signature_algorithm extension for TLS
- * 1.2 ClientHellos. */
-static PRInt32
-ssl3_ClientSendSigAlgsXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes)
-{
-    PRInt32 extension_length;
-    unsigned int i;
-    PRInt32 pos = 0;
-    PRUint32 policy;
-    PRUint8 buf[MAX_SIGNATURE_ALGORITHMS * 2];
-
-    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_2) {
-        return 0;
-    }
-
-    for (i = 0; i < ss->ssl3.signatureAlgorithmCount; i++) {
-        SECOidTag hashOID = ssl3_TLSHashAlgorithmToOID(
-            ss->ssl3.signatureAlgorithms[i].hashAlg);
-        if ((NSS_GetAlgorithmPolicy(hashOID, &policy) != SECSuccess) ||
-            (policy & NSS_USE_ALG_IN_SSL_KX)) {
-            buf[pos++] = ss->ssl3.signatureAlgorithms[i].hashAlg;
-            buf[pos++] = ss->ssl3.signatureAlgorithms[i].sigAlg;
-        }
-    }
-
-    extension_length =
-        2 /* extension type */ +
-        2 /* extension length */ +
-        2 /* supported_signature_algorithms length */ +
-        pos;
-
-    if (maxBytes < extension_length) {
-        PORT_Assert(0);
-        return 0;
-    }
-
-    if (append) {
-        SECStatus rv;
-        rv = ssl3_AppendHandshakeNumber(ss, ssl_signature_algorithms_xtn, 2);
-        if (rv != SECSuccess) {
-            return -1;
-        }
-        rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2);
-        if (rv != SECSuccess) {
-            return -1;
-        }
-
-        rv = ssl3_AppendHandshakeVariable(ss, buf, extension_length - 6, 2);
-        if (rv != SECSuccess) {
-            return -1;
-        }
-
-        ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
-            ssl_signature_algorithms_xtn;
-    }
-
-    return extension_length;
-}
-
-unsigned int
-ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength)
-{
-    unsigned int recordLength = 1 /* handshake message type */ +
-                                3 /* handshake message length */ +
-                                clientHelloLength;
-    unsigned int extensionLength;
-
-    if (recordLength < 256 || recordLength >= 512) {
-        return 0;
-    }
-
-    extensionLength = 512 - recordLength;
-    /* Extensions take at least four bytes to encode. Always include at least
-     * one byte of data if including the extension. WebSphere Application
-     * Server 7.0 is intolerant to the last extension being zero-length. */
-    if (extensionLength < 4 + 1) {
-        extensionLength = 4 + 1;
-    }
-
-    return extensionLength;
-}
-
-/* ssl3_AppendPaddingExtension possibly adds an extension which ensures that a
- * ClientHello record is either < 256 bytes or is >= 512 bytes. This ensures
- * that we don't trigger bugs in F5 products. */
-PRInt32
-ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen,
-                            PRUint32 maxBytes)
-{
-    unsigned int paddingLen = extensionLen - 4;
-    static unsigned char padding[256];
-
-    if (extensionLen == 0) {
-        return 0;
-    }
-
-    if (extensionLen < 4 ||
-        extensionLen > maxBytes ||
-        paddingLen > sizeof(padding)) {
-        PORT_Assert(0);
-        return -1;
-    }
-
-    if (SECSuccess != ssl3_AppendHandshakeNumber(ss, ssl_padding_xtn, 2))
-        return -1;
-    if (SECSuccess != ssl3_AppendHandshakeNumber(ss, paddingLen, 2))
-        return -1;
-    if (SECSuccess != ssl3_AppendHandshake(ss, padding, paddingLen))
-        return -1;
-
-    return extensionLen;
-}
-
-/* ssl3_ClientSendDraftVersionXtn sends the TLS 1.3 temporary draft
- * version extension.
- * TODO(ekr@rtfm.com): Remove when TLS 1.3 is published. */
-static PRInt32
-ssl3_ClientSendDraftVersionXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes)
-{
-    PRInt32 extension_length;
-
-    if (ss->version != SSL_LIBRARY_VERSION_TLS_1_3) {
-        return 0;
-    }
-
-    extension_length = 6; /* Type + length + number */
-    if (maxBytes < (PRUint32)extension_length) {
-        PORT_Assert(0);
-        return 0;
-    }
-    if (append) {
-        SECStatus rv;
-        rv = ssl3_AppendHandshakeNumber(ss, ssl_tls13_draft_version_xtn, 2);
-        if (rv != SECSuccess)
-            goto loser;
-        rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2);
-        if (rv != SECSuccess)
-            goto loser;
-        rv = ssl3_AppendHandshakeNumber(ss, TLS_1_3_DRAFT_VERSION, 2);
-        if (rv != SECSuccess)
-            goto loser;
-        ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
-            ssl_tls13_draft_version_xtn;
-    }
-
-    return extension_length;
-
-loser:
-    return -1;
-}
-
-/* ssl3_ServerHandleDraftVersionXtn handles the TLS 1.3 temporary draft
- * version extension.
- * TODO(ekr@rtfm.com): Remove when TLS 1.3 is published. */
-static SECStatus
-ssl3_ServerHandleDraftVersionXtn(sslSocket *ss, PRUint16 ex_type,
-                                 SECItem *data)
-{
-    PRInt32 draft_version;
-
-    /* Ignore this extension if we aren't doing TLS 1.3 */
-    if (ss->version != SSL_LIBRARY_VERSION_TLS_1_3) {
-        return SECSuccess;
-    }
-
-    if (data->len != 2) {
-        (void)ssl3_DecodeError(ss);
-        return SECFailure;
-    }
-
-    /* Get the draft version out of the handshake */
-    draft_version = ssl3_ConsumeHandshakeNumber(ss, 2,
-                                                &data->data, &data->len);
-    if (draft_version < 0) {
-        return SECFailure;
-    }
-
-    /*  Keep track of negotiated extensions. */
-    ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
-
-    if (draft_version != TLS_1_3_DRAFT_VERSION) {
-        /*
-         * Incompatible/broken TLS 1.3 implementation. Fall back to TLS 1.2.
-         * TODO(ekr@rtfm.com): It's not entirely clear it's safe to roll back
-         * here. Need to double-check.
-         */
-        SSL_TRC(30, ("%d: SSL3[%d]: Incompatible version of TLS 1.3 (%d), "
-                     "expected %d",
-                     SSL_GETPID(), ss->fd, draft_version, TLS_1_3_DRAFT_VERSION));
-        ss->version = SSL_LIBRARY_VERSION_TLS_1_2;
-    }
-
-    return SECSuccess;
-}
-
-static PRInt32
-ssl3_SendExtendedMasterSecretXtn(sslSocket *ss, PRBool append,
-                                 PRUint32 maxBytes)
-{
-    PRInt32 extension_length;
-
-    if (!ss->opt.enableExtendedMS) {
-        return 0;
-    }
-
-#ifndef NO_PKCS11_BYPASS
-    /* Extended MS can only be used w/o bypass mode */
-    if (ss->opt.bypassPKCS11) {
-        PORT_Assert(0);
-        PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
-        return -1;
-    }
-#endif
-
-    /* Always send the extension in this function, since the
-     * client always sends it and this function is only called on
-     * the server if we negotiated the extension. */
-    extension_length = 4; /* Type + length (0) */
-    if (maxBytes < extension_length) {
-        PORT_Assert(0);
-        return 0;
-    }
-
-    if (append) {
-        SECStatus rv;
-        rv = ssl3_AppendHandshakeNumber(ss, ssl_extended_master_secret_xtn, 2);
-        if (rv != SECSuccess)
-            goto loser;
-        rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
-        if (rv != SECSuccess)
-            goto loser;
-        ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
-            ssl_extended_master_secret_xtn;
-    }
-
-    return extension_length;
-
-loser:
-    return -1;
-}
-
-static SECStatus
-ssl3_HandleExtendedMasterSecretXtn(sslSocket *ss, PRUint16 ex_type,
-                                   SECItem *data)
-{
-    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_0) {
-        return SECSuccess;
-    }
-
-    if (!ss->opt.enableExtendedMS) {
-        return SECSuccess;
-    }
-
-#ifndef NO_PKCS11_BYPASS
-    /* Extended MS can only be used w/o bypass mode */
-    if (ss->opt.bypassPKCS11) {
-        PORT_Assert(0);
-        PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
-        return SECFailure;
-    }
-#endif
-
-    if (data->len != 0) {
-        SSL_TRC(30, ("%d: SSL3[%d]: Bogus extended master secret extension",
-                     SSL_GETPID(), ss->fd));
-        return SECFailure;
-    }
-
-    SSL_DBG(("%d: SSL[%d]: Negotiated extended master secret extension.",
-             SSL_GETPID(), ss->fd));
-
-    /* Keep track of negotiated extensions. */
-    ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
-
-    if (ss->sec.isServer) {
-        return ssl3_RegisterServerHelloExtensionSender(
-            ss, ex_type, ssl3_SendExtendedMasterSecretXtn);
-    }
-    return SECSuccess;
-}
-
-/* ssl3_ClientSendSignedCertTimestampXtn sends the signed_certificate_timestamp
- * extension for TLS ClientHellos. */
-static PRInt32
-ssl3_ClientSendSignedCertTimestampXtn(sslSocket *ss, PRBool append,
-                                      PRUint32 maxBytes)
-{
-    PRInt32 extension_length = 2 /* extension_type */ +
-                               2 /* length(extension_data) */;
-
-    /* Only send the extension if processing is enabled. */
-    if (!ss->opt.enableSignedCertTimestamps)
-        return 0;
-
-    if (append && maxBytes >= extension_length) {
-        SECStatus rv;
-        /* extension_type */
-        rv = ssl3_AppendHandshakeNumber(ss,
-                                        ssl_signed_cert_timestamp_xtn,
-                                        2);
-        if (rv != SECSuccess)
-            goto loser;
-        /* zero length */
-        rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
-        if (rv != SECSuccess)
-            goto loser;
-        ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
-            ssl_signed_cert_timestamp_xtn;
-    } else if (maxBytes < extension_length) {
-        PORT_Assert(0);
-        return 0;
-    }
-
-    return extension_length;
-loser:
-    return -1;
-}
-
-static SECStatus
-ssl3_ClientHandleSignedCertTimestampXtn(sslSocket *ss, PRUint16 ex_type,
-                                        SECItem *data)
-{
-    /* We do not yet know whether we'll be resuming a session or creating
-     * a new one, so we keep a pointer to the data in the TLSExtensionData
-     * structure. This pointer is only valid in the scope of
-     * ssl3_HandleServerHello, and, if not resuming a session, the data is
-     * copied once a new session structure has been set up.
-     * All parsing is currently left to the application and we accept
-     * everything, including empty data.
-     */
-    SECItem *scts = &ss->xtnData.signedCertTimestamps;
-    PORT_Assert(!scts->data && !scts->len);
-
-    if (!data->len) {
-        /* Empty extension data: RFC 6962 mandates non-empty contents. */
-        return SECFailure;
-    }
-    *scts = *data;
-    /* Keep track of negotiated extensions. */
-    ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
-    return SECSuccess;
-}
-
-static PRInt32
-ssl3_ServerSendSignedCertTimestampXtn(sslSocket *ss,
-                                      PRBool append,
-                                      PRUint32 maxBytes)
-{
-    PRInt32 extension_length;
-    SSLKEAType effectiveExchKeyType;
-    const SECItem *scts;
-
-    if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa ||
-        ss->ssl3.hs.kea_def->kea == kea_dhe_rsa) {
-        effectiveExchKeyType = ssl_kea_rsa;
-    } else {
-        effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType;
-    }
-
-    scts = &ss->signedCertTimestamps[effectiveExchKeyType];
-
-    if (!scts->len) {
-        /* No timestamps to send */
-        return 0;
-    }
-
-    extension_length = 2 /* extension_type */ +
-                       2 /* length(extension_data) */ +
-                       scts->len;
-
-    if (maxBytes < extension_length) {
-        PORT_Assert(0);
-        return 0;
-    }
-    if (append) {
-        SECStatus rv;
-        /* extension_type */
-        rv = ssl3_AppendHandshakeNumber(ss,
-                                        ssl_signed_cert_timestamp_xtn,
-                                        2);
-        if (rv != SECSuccess)
-            goto loser;
-        /* extension_data */
-        rv = ssl3_AppendHandshakeVariable(ss, scts->data, scts->len, 2);
-        if (rv != SECSuccess)
-            goto loser;
-    }
-
-    return extension_length;
-
-loser:
-    return -1;
-}
-
-static SECStatus
-ssl3_ServerHandleSignedCertTimestampXtn(sslSocket *ss, PRUint16 ex_type,
-                                        SECItem *data)
-{
-    ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
-    PORT_Assert(ss->sec.isServer);
-    return ssl3_RegisterServerHelloExtensionSender(ss, ex_type,
-                                                   ssl3_ServerSendSignedCertTimestampXtn);
-}
-
-/*
- *     [draft-ietf-tls-tls13-11] Section 6.3.2.3.
- *
- *     struct {
- *         NamedGroup group;
- *         opaque key_exchange<1..2^16-1>;
- *     } KeyShareEntry;
- *
- *     struct {
- *         select (role) {
- *             case client:
- *                 KeyShareEntry client_shares<4..2^16-1>;
- *
- *             case server:
- *                 KeyShareEntry server_share;
- *         }
- *     } KeyShare;
- */
-static SECStatus
-tls13_SizeOfKeyShareEntry(ssl3KeyPair *pair)
-{
-    return 2 + 2 + tls13_SizeOfECDHEKeyShareKEX(pair);
-}
-
-static SECStatus
-tls13_EncodeKeyShareEntry(sslSocket *ss, ssl3KeyPair *pair)
-{
-    SECStatus rv;
-
-    /* This currently only works for ECC keys */
-    PORT_Assert(pair->pubKey->keyType == ecKey);
-    if (pair->pubKey->keyType != ecKey) {
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        return SECFailure;
-    }
-
-    rv = ssl3_AppendHandshakeNumber(ss, tls13_GroupForECDHEKeyShare(pair), 2);
-    if (rv != SECSuccess)
-        return rv;
-
-    rv = ssl3_AppendHandshakeNumber(ss, tls13_SizeOfECDHEKeyShareKEX(pair), 2);
-    if (rv != SECSuccess)
-        return rv;
-
-    rv = tls13_EncodeECDHEKeyShareKEX(ss, pair);
-    if (rv != SECSuccess)
-        return rv;
-
-    return SECSuccess;
-}
-
-static PRInt32
-tls13_ClientSendKeyShareXtn(sslSocket *ss, PRBool append,
-                            PRUint32 maxBytes)
-{
-    SECStatus rv;
-    PRUint32 entry_length;
-    PRUint32 extension_length;
-
-    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
-        return 0;
-    }
-
-    /* Optimistically try to send an ECDHE key using the
-     * preexisting key (in future will be keys) */
-    SSL_TRC(3, ("%d: TLS13[%d]: send client key share xtn",
-                SSL_GETPID(), ss->fd));
-
-    entry_length = tls13_SizeOfKeyShareEntry(ss->ephemeralECDHKeyPair);
-    /* Type + length + vector_length + entry */
-    extension_length = 2 + 2 + 2 + entry_length;
-
-    if (maxBytes < extension_length) {
-        PORT_Assert(0);
-        return 0;
-    }
-
-    if (append) {
-        rv = ssl3_AppendHandshakeNumber(ss, ssl_tls13_key_share_xtn, 2);
-        if (rv != SECSuccess)
-            goto loser;
-        rv = ssl3_AppendHandshakeNumber(ss, entry_length + 2, 2); /* Extension length */
-        if (rv != SECSuccess)
-            goto loser;
-        rv = ssl3_AppendHandshakeNumber(ss, entry_length, 2); /* Vector length */
-        if (rv != SECSuccess)
-            goto loser;
-        rv = tls13_EncodeKeyShareEntry(ss, ss->ephemeralECDHKeyPair);
-        if (rv != SECSuccess)
-            goto loser;
-
-        ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
-            ssl_tls13_key_share_xtn;
-    }
-
-    return extension_length;
-
-loser:
-    return -1;
-}
-
-static SECStatus
-tls13_HandleKeyShareEntry(sslSocket *ss, SECItem *data)
-{
-    SECStatus rv;
-    PRInt32 group;
-    TLS13KeyShareEntry *ks = NULL;
-    SECItem share = { siBuffer, NULL, 0 };
-
-    group = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len);
-    if (group < 0) {
-        PORT_SetError(SSL_ERROR_RX_MALFORMED_KEY_SHARE);
-        goto loser;
-    }
-
-    rv = ssl3_ConsumeHandshakeVariable(ss, &share, 2, &data->data,
-                                       &data->len);
-    if (rv != SECSuccess)
-        goto loser;
-
-    ks = PORT_ZNew(TLS13KeyShareEntry);
-    if (!ks)
-        goto loser;
-    ks->group = group;
-
-    rv = SECITEM_CopyItem(NULL, &ks->key_exchange, &share);
-    if (rv != SECSuccess)
-        goto loser;
-
-    PR_APPEND_LINK(&ks->link, &ss->ssl3.hs.remoteKeyShares);
-    return SECSuccess;
-
-loser:
-    if (ks)
-        tls13_DestroyKeyShareEntry(ks);
-    return SECFailure;
-}
-
-/* Handle an incoming KeyShare extension at the client and copy to
- * |ss->ssl3.hs.remoteKeyShares| for future use. The key
- * share is processed in tls13_HandleServerKeyShare(). */
-static SECStatus
-tls13_ClientHandleKeyShareXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data)
-{
-    SECStatus rv;
-
-    PORT_Assert(!ss->sec.isServer);
-    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
-        /* This can't happen because the extension processing
-         * code filters out TLS 1.3 extensions when not in
-         * TLS 1.3 mode. */
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        return SECFailure;
-    }
-
-    SSL_TRC(3, ("%d: SSL3[%d]: handle key_share extension",
-                SSL_GETPID(), ss->fd));
-
-    rv = tls13_HandleKeyShareEntry(ss, data);
-    if (rv != SECSuccess) {
-        PORT_SetError(SSL_ERROR_RX_MALFORMED_KEY_SHARE);
-        return SECFailure;
-    }
-
-    if (data->len) {
-        PORT_SetError(SSL_ERROR_RX_MALFORMED_KEY_SHARE);
-        return SECFailure;
-    }
-
-    return SECSuccess;
-}
-
-/* Handle an incoming KeyShare extension at the server and copy to
- * |ss->ssl3.hs.remoteKeyShares| for future use. The key
- * share is processed in tls13_HandleClientKeyShare(). */
-static SECStatus
-tls13_ServerHandleKeyShareXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data)
-{
-    SECStatus rv;
-    PRInt32 length;
-
-    PORT_Assert(ss->sec.isServer);
-    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
-        return SECSuccess;
-    }
-
-    SSL_TRC(3, ("%d: SSL3[%d]: handle key_share extension",
-                SSL_GETPID(), ss->fd));
-
-    /* Redundant length because of TLS encoding (this vector consumes
-     * the entire extension.) */
-    length = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data,
-                                         &data->len);
-    if (length < 0)
-        goto loser;
-    if (length != data->len) {
-        /* Check for consistency */
-        PORT_SetError(SSL_ERROR_RX_MALFORMED_KEY_SHARE);
-        goto loser;
-    }
-
-    while (data->len) {
-        rv = tls13_HandleKeyShareEntry(ss, data);
-        if (rv != SECSuccess)
-            goto loser;
-    }
-    return SECSuccess;
-
-loser:
-    tls13_DestroyKeyShares(&ss->ssl3.hs.remoteKeyShares);
-    return SECFailure;
-}
-
-PRInt32
-tls13_ServerSendKeyShareXtn(sslSocket *ss, PRBool append,
-                            PRUint32 maxBytes)
-{
-    PRUint32 extension_length;
-    PRUint32 entry_length;
-    SECStatus rv;
-
-    switch (ss->ssl3.hs.kea_def->exchKeyType) {
-#ifndef NSS_DISABLE_ECC
-        case ssl_kea_ecdh:
-            PORT_Assert(ss->ephemeralECDHKeyPair);
-            break;
-#endif
-        default:
-            /* got an unknown or unsupported Key Exchange Algorithm.
-             * Can't happen because tls13_HandleClientKeyShare
-             * enforces that we are ssl_kea_ecdh. */
-            PORT_Assert(0);
-            tls13_FatalError(ss, SEC_ERROR_UNSUPPORTED_KEYALG, internal_error);
-            return SECFailure;
-    }
-
-    entry_length = tls13_SizeOfKeyShareEntry(ss->ephemeralECDHKeyPair);
-    extension_length = 2 + 2 + entry_length; /* Type + length + entry_length */
-    if (maxBytes < extension_length) {
-        PORT_Assert(0);
-        return 0;
-    }
-
-    if (append) {
-        rv = ssl3_AppendHandshakeNumber(ss, ssl_tls13_key_share_xtn, 2);
-        if (rv != SECSuccess)
-            goto loser;
-
-        rv = ssl3_AppendHandshakeNumber(ss, entry_length, 2);
-        if (rv != SECSuccess)
-            goto loser;
-
-        rv = tls13_EncodeKeyShareEntry(ss, ss->ephemeralECDHKeyPair);
-        if (rv != SECSuccess)
-            goto loser;
-    }
-
-    return extension_length;
-
-loser:
-    return -1;
-}
diff --git a/chromium/net/third_party/nss/ssl/ssl3gthr.c b/chromium/net/third_party/nss/ssl/ssl3gthr.c
deleted file mode 100644
index ea277135d4a..00000000000
--- a/chromium/net/third_party/nss/ssl/ssl3gthr.c
+++ /dev/null
@@ -1,458 +0,0 @@
-/*
- * Gather (Read) entire SSL3 records from socket into buffer.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "cert.h"
-#include "ssl.h"
-#include "sslimpl.h"
-#include "ssl3prot.h"
-
-/*
- * Attempt to read in an entire SSL3 record.
- * Blocks here for blocking sockets, otherwise returns -1 with
- *  PR_WOULD_BLOCK_ERROR when socket would block.
- *
- * returns  1 if received a complete SSL3 record.
- * returns  0 if recv returns EOF
- * returns -1 if recv returns < 0
- *  (The error value may have already been set to PR_WOULD_BLOCK_ERROR)
- *
- * Caller must hold the recv buf lock.
- *
- * The Gather state machine has 3 states:  GS_INIT, GS_HEADER, GS_DATA.
- * GS_HEADER: waiting for the 5-byte SSL3 record header to come in.
- * GS_DATA:   waiting for the body of the SSL3 record   to come in.
- *
- * This loop returns when either
- *      (a) an error or EOF occurs,
- *  (b) PR_WOULD_BLOCK_ERROR,
- *  (c) data (entire SSL3 record) has been received.
- */
-static int
-ssl3_GatherData(sslSocket *ss, sslGather *gs, int flags)
-{
-    unsigned char *bp;
-    unsigned char *lbp;
-    int nb;
-    int err;
-    int rv = 1;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-    if (gs->state == GS_INIT) {
-        gs->state = GS_HEADER;
-        gs->remainder = 5;
-        gs->offset = 0;
-        gs->writeOffset = 0;
-        gs->readOffset = 0;
-        gs->inbuf.len = 0;
-    }
-
-    lbp = gs->inbuf.buf;
-    for (;;) {
-        SSL_TRC(30, ("%d: SSL3[%d]: gather state %d (need %d more)",
-                     SSL_GETPID(), ss->fd, gs->state, gs->remainder));
-        bp = ((gs->state != GS_HEADER) ? lbp : gs->hdr) + gs->offset;
-        nb = ssl_DefRecv(ss, bp, gs->remainder, flags);
-
-        if (nb > 0) {
-            PRINT_BUF(60, (ss, "raw gather data:", bp, nb));
-        } else if (nb == 0) {
-            /* EOF */
-            SSL_TRC(30, ("%d: SSL3[%d]: EOF", SSL_GETPID(), ss->fd));
-            rv = 0;
-            break;
-        } else /* if (nb < 0) */ {
-            SSL_DBG(("%d: SSL3[%d]: recv error %d", SSL_GETPID(), ss->fd,
-                     PR_GetError()));
-            rv = SECFailure;
-            break;
-        }
-
-        PORT_Assert((unsigned int)nb <= gs->remainder);
-        if ((unsigned int)nb > gs->remainder) {
-            /* ssl_DefRecv is misbehaving!  this error is fatal to SSL. */
-            gs->state = GS_INIT; /* so we don't crash next time */
-            rv = SECFailure;
-            break;
-        }
-
-        gs->offset += nb;
-        gs->remainder -= nb;
-        if (gs->state == GS_DATA)
-            gs->inbuf.len += nb;
-
-        /* if there's more to go, read some more. */
-        if (gs->remainder > 0) {
-            continue;
-        }
-
-        /* have received entire record header, or entire record. */
-        switch (gs->state) {
-            case GS_HEADER:
-              /*
-              ** Have received SSL3 record header in gs->hdr.
-              ** Now extract the length of the following encrypted data,
-              ** and then read in the rest of the SSL3 record into gs->inbuf.
-              */
-                gs->remainder = (gs->hdr[3] << 8) | gs->hdr[4];
-
-                /* This is the max fragment length for an encrypted fragment
-                ** plus the size of the record header.
-                */
-                if (gs->remainder > (MAX_FRAGMENT_LENGTH + 2048 + 5)) {
-                    SSL3_SendAlert(ss, alert_fatal, unexpected_message);
-                    gs->state = GS_INIT;
-                    PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG);
-                    return SECFailure;
-                }
-
-                gs->state = GS_DATA;
-                gs->offset = 0;
-                gs->inbuf.len = 0;
-
-                if (gs->remainder > gs->inbuf.space) {
-                    err = sslBuffer_Grow(&gs->inbuf, gs->remainder);
-                    if (err) { /* realloc has set error code to no mem. */
-                        return err;
-                    }
-                    lbp = gs->inbuf.buf;
-                }
-                break; /* End this case.  Continue around the loop. */
-
-            case GS_DATA:
-                /*
-                ** SSL3 record has been completely received.
-                */
-                gs->state = GS_INIT;
-                return 1;
-        }
-    }
-
-    return rv;
-}
-
-/*
- * Read in an entire DTLS record.
- *
- * Blocks here for blocking sockets, otherwise returns -1 with
- *  PR_WOULD_BLOCK_ERROR when socket would block.
- *
- * This is simpler than SSL because we are reading on a datagram socket
- * and datagrams must contain >=1 complete records.
- *
- * returns  1 if received a complete DTLS record.
- * returns  0 if recv returns EOF
- * returns -1 if recv returns < 0
- *  (The error value may have already been set to PR_WOULD_BLOCK_ERROR)
- *
- * Caller must hold the recv buf lock.
- *
- * This loop returns when either
- *      (a) an error or EOF occurs,
- *  (b) PR_WOULD_BLOCK_ERROR,
- *  (c) data (entire DTLS record) has been received.
- */
-static int
-dtls_GatherData(sslSocket *ss, sslGather *gs, int flags)
-{
-    int nb;
-    int err;
-    int rv = 1;
-
-    SSL_TRC(30, ("dtls_GatherData"));
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-
-    gs->state = GS_HEADER;
-    gs->offset = 0;
-
-    if (gs->dtlsPacketOffset == gs->dtlsPacket.len) { /* No data left */
-        gs->dtlsPacketOffset = 0;
-        gs->dtlsPacket.len = 0;
-
-        /* Resize to the maximum possible size so we can fit a full datagram */
-        /* This is the max fragment length for an encrypted fragment
-        ** plus the size of the record header.
-        ** This magic constant is copied from ssl3_GatherData, with 5 changed
-        ** to 13 (the size of the record header).
-        */
-        if (gs->dtlsPacket.space < MAX_FRAGMENT_LENGTH + 2048 + 13) {
-            err = sslBuffer_Grow(&gs->dtlsPacket,
-                                 MAX_FRAGMENT_LENGTH + 2048 + 13);
-            if (err) { /* realloc has set error code to no mem. */
-                return err;
-            }
-        }
-
-        /* recv() needs to read a full datagram at a time */
-        nb = ssl_DefRecv(ss, gs->dtlsPacket.buf, gs->dtlsPacket.space, flags);
-
-        if (nb > 0) {
-            PRINT_BUF(60, (ss, "raw gather data:", gs->dtlsPacket.buf, nb));
-        } else if (nb == 0) {
-            /* EOF */
-            SSL_TRC(30, ("%d: SSL3[%d]: EOF", SSL_GETPID(), ss->fd));
-            rv = 0;
-            return rv;
-        } else /* if (nb < 0) */ {
-            SSL_DBG(("%d: SSL3[%d]: recv error %d", SSL_GETPID(), ss->fd,
-                     PR_GetError()));
-            rv = SECFailure;
-            return rv;
-        }
-
-        gs->dtlsPacket.len = nb;
-    }
-
-    /* At this point we should have >=1 complete records lined up in
-     * dtlsPacket. Read off the header.
-     */
-    if ((gs->dtlsPacket.len - gs->dtlsPacketOffset) < 13) {
-        SSL_DBG(("%d: SSL3[%d]: rest of DTLS packet "
-                 "too short to contain header",
-                 SSL_GETPID(), ss->fd));
-        PR_SetError(PR_WOULD_BLOCK_ERROR, 0);
-        gs->dtlsPacketOffset = 0;
-        gs->dtlsPacket.len = 0;
-        rv = SECFailure;
-        return rv;
-    }
-    memcpy(gs->hdr, gs->dtlsPacket.buf + gs->dtlsPacketOffset, 13);
-    gs->dtlsPacketOffset += 13;
-
-    /* Have received SSL3 record header in gs->hdr. */
-    gs->remainder = (gs->hdr[11] << 8) | gs->hdr[12];
-
-    if ((gs->dtlsPacket.len - gs->dtlsPacketOffset) < gs->remainder) {
-        SSL_DBG(("%d: SSL3[%d]: rest of DTLS packet too short "
-                 "to contain rest of body",
-                 SSL_GETPID(), ss->fd));
-        PR_SetError(PR_WOULD_BLOCK_ERROR, 0);
-        gs->dtlsPacketOffset = 0;
-        gs->dtlsPacket.len = 0;
-        rv = SECFailure;
-        return rv;
-    }
-
-    /* OK, we have at least one complete packet, copy into inbuf */
-    if (gs->remainder > gs->inbuf.space) {
-        err = sslBuffer_Grow(&gs->inbuf, gs->remainder);
-        if (err) { /* realloc has set error code to no mem. */
-            return err;
-        }
-    }
-
-    memcpy(gs->inbuf.buf, gs->dtlsPacket.buf + gs->dtlsPacketOffset,
-           gs->remainder);
-    gs->inbuf.len = gs->remainder;
-    gs->offset = gs->remainder;
-    gs->dtlsPacketOffset += gs->remainder;
-    gs->state = GS_INIT;
-
-    return 1;
-}
-
-/* Gather in a record and when complete, Handle that record.
- * Repeat this until the handshake is complete,
- * or until application data is available.
- *
- * Returns  1 when the handshake is completed without error, or
- *                 application data is available.
- * Returns  0 if ssl3_GatherData hits EOF.
- * Returns -1 on read error, or PR_WOULD_BLOCK_ERROR, or handleRecord error.
- * Returns -2 on SECWouldBlock return from ssl3_HandleRecord.
- *
- * Called from ssl_GatherRecord1stHandshake       in sslcon.c,
- *    and from SSL_ForceHandshake in sslsecur.c
- *    and from ssl3_GatherAppDataRecord below (<- DoRecv in sslsecur.c).
- *
- * Caller must hold the recv buf lock.
- */
-int
-ssl3_GatherCompleteHandshake(sslSocket *ss, int flags)
-{
-    SSL3Ciphertext cText;
-    int rv;
-    PRBool keepGoing = PR_TRUE;
-
-    SSL_TRC(30, ("ssl3_GatherCompleteHandshake"));
-
-    /* ssl3_HandleRecord may end up eventually calling ssl_FinishHandshake,
-     * which requires the 1stHandshakeLock, which must be acquired before the
-     * RecvBufLock.
-     */
-    PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-
-    do {
-        PRBool handleRecordNow = PR_FALSE;
-
-        ssl_GetSSL3HandshakeLock(ss);
-
-        /* Without this, we may end up wrongly reporting
-         * SSL_ERROR_RX_UNEXPECTED_* errors if we receive any records from the
-         * peer while we are waiting to be restarted.
-         */
-        if (ss->ssl3.hs.restartTarget) {
-            ssl_ReleaseSSL3HandshakeLock(ss);
-            PORT_SetError(PR_WOULD_BLOCK_ERROR);
-            return (int)SECFailure;
-        }
-
-        /* Treat an empty msgState like a NULL msgState. (Most of the time
-         * when ssl3_HandleHandshake returns SECWouldBlock, it leaves
-         * behind a non-NULL but zero-length msgState).
-         * Test: async_cert_restart_server_sends_hello_request_first_in_separate_record
-         */
-        if (ss->ssl3.hs.msgState.buf) {
-            if (ss->ssl3.hs.msgState.len == 0) {
-                ss->ssl3.hs.msgState.buf = NULL;
-            } else {
-                handleRecordNow = PR_TRUE;
-            }
-        }
-
-        ssl_ReleaseSSL3HandshakeLock(ss);
-
-        if (handleRecordNow) {
-            /* ssl3_HandleHandshake previously returned SECWouldBlock and the
-             * as-yet-unprocessed plaintext of that previous handshake record.
-             * We need to process it now before we overwrite it with the next
-             * handshake record.
-             */
-            rv = ssl3_HandleRecord(ss, NULL, &ss->gs.buf);
-        } else {
-            /* bring in the next sslv3 record. */
-            if (ss->recvdCloseNotify) {
-                /* RFC 5246 Section 7.2.1:
-                 *   Any data received after a closure alert is ignored.
-                 */
-                return 0;
-            }
-            if (!IS_DTLS(ss)) {
-                rv = ssl3_GatherData(ss, &ss->gs, flags);
-            } else {
-                rv = dtls_GatherData(ss, &ss->gs, flags);
-
-                /* If we got a would block error, that means that no data was
-                 * available, so we check the timer to see if it's time to
-                 * retransmit */
-                if (rv == SECFailure &&
-                    (PORT_GetError() == PR_WOULD_BLOCK_ERROR)) {
-                    ssl_GetSSL3HandshakeLock(ss);
-                    dtls_CheckTimer(ss);
-                    ssl_ReleaseSSL3HandshakeLock(ss);
-                    /* Restore the error in case something succeeded */
-                    PORT_SetError(PR_WOULD_BLOCK_ERROR);
-                }
-            }
-
-            if (rv <= 0) {
-                return rv;
-            }
-
-            /* decipher it, and handle it if it's a handshake.
-             * If it's application data, ss->gs.buf will not be empty upon return.
-             * If it's a change cipher spec, alert, or handshake message,
-             * ss->gs.buf.len will be 0 when ssl3_HandleRecord returns SECSuccess.
-             */
-            cText.type = (SSL3ContentType)ss->gs.hdr[0];
-            cText.version = (ss->gs.hdr[1] << 8) | ss->gs.hdr[2];
-
-            if (IS_DTLS(ss)) {
-                int i;
-
-                cText.version = dtls_DTLSVersionToTLSVersion(cText.version);
-                /* DTLS sequence number */
-                cText.seq_num.high = 0;
-                cText.seq_num.low = 0;
-                for (i = 0; i < 4; i++) {
-                    cText.seq_num.high <<= 8;
-                    cText.seq_num.low <<= 8;
-                    cText.seq_num.high |= ss->gs.hdr[3 + i];
-                    cText.seq_num.low |= ss->gs.hdr[7 + i];
-                }
-            }
-
-            cText.buf = &ss->gs.inbuf;
-            rv = ssl3_HandleRecord(ss, &cText, &ss->gs.buf);
-        }
-        if (rv < 0) {
-            return ss->recvdCloseNotify ? 0 : rv;
-        }
-        if (ss->gs.buf.len > 0) {
-            /* We have application data to return to the application. This
-             * prioritizes returning application data to the application over
-             * completing any renegotiation handshake we may be doing.
-             */
-            PORT_Assert(ss->firstHsDone);
-            PORT_Assert(cText.type == content_application_data);
-            break;
-        }
-
-        PORT_Assert(keepGoing);
-        ssl_GetSSL3HandshakeLock(ss);
-        if (ss->ssl3.hs.ws == idle_handshake) {
-            /* We are done with the current handshake so stop trying to
-             * handshake. Note that it would be safe to test ss->firstHsDone
-             * instead of ss->ssl3.hs.ws. By testing ss->ssl3.hs.ws instead,
-             * we prioritize completing a renegotiation handshake over sending
-             * application data.
-             */
-            PORT_Assert(ss->firstHsDone);
-            PORT_Assert(!ss->ssl3.hs.canFalseStart);
-            keepGoing = PR_FALSE;
-        } else if (ss->ssl3.hs.canFalseStart) {
-            /* Prioritize sending application data over trying to complete
-             * the handshake if we're false starting.
-             *
-             * If we were to do this check at the beginning of the loop instead
-             * of here, then this function would become be a no-op after
-             * receiving the ServerHelloDone in the false start case, and we
-             * would never complete the handshake.
-             */
-            PORT_Assert(!ss->firstHsDone);
-
-            if (ssl3_WaitingForServerSecondRound(ss)) {
-                keepGoing = PR_FALSE;
-            } else {
-                ss->ssl3.hs.canFalseStart = PR_FALSE;
-            }
-        }
-        ssl_ReleaseSSL3HandshakeLock(ss);
-    } while (keepGoing);
-
-    ss->gs.readOffset = 0;
-    ss->gs.writeOffset = ss->gs.buf.len;
-    return 1;
-}
-
-/* Repeatedly gather in a record and when complete, Handle that record.
- * Repeat this until some application data is received.
- *
- * Returns  1 when application data is available.
- * Returns  0 if ssl3_GatherData hits EOF.
- * Returns -1 on read error, or PR_WOULD_BLOCK_ERROR, or handleRecord error.
- * Returns -2 on SECWouldBlock return from ssl3_HandleRecord.
- *
- * Called from DoRecv in sslsecur.c
- * Caller must hold the recv buf lock.
- */
-int
-ssl3_GatherAppDataRecord(sslSocket *ss, int flags)
-{
-    int rv;
-
-    /* ssl3_GatherCompleteHandshake requires both of these locks. */
-    PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-
-    do {
-        rv = ssl3_GatherCompleteHandshake(ss, flags);
-    } while (rv > 0 && ss->gs.buf.len == 0);
-
-    return rv;
-}
diff --git a/chromium/net/third_party/nss/ssl/ssl3prot.h b/chromium/net/third_party/nss/ssl/ssl3prot.h
deleted file mode 100644
index 928d059651e..00000000000
--- a/chromium/net/third_party/nss/ssl/ssl3prot.h
+++ /dev/null
@@ -1,323 +0,0 @@
-/* Private header file of libSSL.
- * Various and sundry protocol constants. DON'T CHANGE THESE. These
- * values are defined by the SSL 3.0 protocol specification.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef __ssl3proto_h_
-#define __ssl3proto_h_
-
-typedef PRUint8 SSL3Opaque;
-
-typedef PRUint16 SSL3ProtocolVersion;
-/* version numbers are defined in sslproto.h */
-
-/* The TLS 1.3 draft version. Used to avoid negotiating
- * between incompatible pre-standard TLS 1.3 drafts.
- * TODO(ekr@rtfm.com): Remove when TLS 1.3 is published. */
-#define TLS_1_3_DRAFT_VERSION 11
-
-typedef PRUint16 ssl3CipherSuite;
-/* The cipher suites are defined in sslproto.h */
-
-#define MAX_CERT_TYPES 10
-#define MAX_COMPRESSION_METHODS 10
-#define MAX_MAC_LENGTH 64
-#define MAX_PADDING_LENGTH 64
-#define MAX_KEY_LENGTH 64
-#define EXPORT_KEY_LENGTH 5
-#define SSL3_RANDOM_LENGTH 32
-
-#define SSL3_RECORD_HEADER_LENGTH 5
-
-/* SSL3_RECORD_HEADER_LENGTH + epoch/sequence_number */
-#define DTLS_RECORD_HEADER_LENGTH 13
-
-#define MAX_FRAGMENT_LENGTH 16384
-
-typedef enum {
-    content_change_cipher_spec = 20,
-    content_alert = 21,
-    content_handshake = 22,
-    content_application_data = 23
-} SSL3ContentType;
-
-typedef struct {
-    SSL3ContentType type;
-    SSL3ProtocolVersion version;
-    PRUint16 length;
-    SECItem fragment;
-} SSL3Plaintext;
-
-typedef struct {
-    SSL3ContentType type;
-    SSL3ProtocolVersion version;
-    PRUint16 length;
-    SECItem fragment;
-} SSL3Compressed;
-
-typedef struct {
-    SECItem content;
-    SSL3Opaque MAC[MAX_MAC_LENGTH];
-} SSL3GenericStreamCipher;
-
-typedef struct {
-    SECItem content;
-    SSL3Opaque MAC[MAX_MAC_LENGTH];
-    PRUint8 padding[MAX_PADDING_LENGTH];
-    PRUint8 padding_length;
-} SSL3GenericBlockCipher;
-
-typedef enum { change_cipher_spec_choice = 1 } SSL3ChangeCipherSpecChoice;
-
-typedef struct {
-    SSL3ChangeCipherSpecChoice choice;
-} SSL3ChangeCipherSpec;
-
-typedef enum { alert_warning = 1,
-               alert_fatal = 2 } SSL3AlertLevel;
-
-typedef enum {
-    close_notify = 0,
-    unexpected_message = 10,
-    bad_record_mac = 20,
-    decryption_failed_RESERVED = 21, /* do not send; see RFC 5246 */
-    record_overflow = 22,            /* TLS only */
-    decompression_failure = 30,
-    handshake_failure = 40,
-    no_certificate = 41, /* SSL3 only, NOT TLS */
-    bad_certificate = 42,
-    unsupported_certificate = 43,
-    certificate_revoked = 44,
-    certificate_expired = 45,
-    certificate_unknown = 46,
-    illegal_parameter = 47,
-
-    /* All alerts below are TLS only. */
-    unknown_ca = 48,
-    access_denied = 49,
-    decode_error = 50,
-    decrypt_error = 51,
-    export_restriction = 60,
-    protocol_version = 70,
-    insufficient_security = 71,
-    internal_error = 80,
-    inappropriate_fallback = 86, /* could also be sent for SSLv3 */
-    user_canceled = 90,
-    no_renegotiation = 100,
-
-    /* Alerts for client hello extensions */
-    missing_extension = 109,
-    unsupported_extension = 110,
-    certificate_unobtainable = 111,
-    unrecognized_name = 112,
-    bad_certificate_status_response = 113,
-    bad_certificate_hash_value = 114,
-    no_application_protocol = 120
-
-} SSL3AlertDescription;
-
-typedef struct {
-    SSL3AlertLevel level;
-    SSL3AlertDescription description;
-} SSL3Alert;
-
-typedef enum {
-    hello_request = 0,
-    client_hello = 1,
-    server_hello = 2,
-    hello_verify_request = 3,
-    new_session_ticket = 4,
-    hello_retry_request = 6,
-    encrypted_extensions = 8,
-    certificate = 11,
-    server_key_exchange = 12,
-    certificate_request = 13,
-    server_hello_done = 14,
-    certificate_verify = 15,
-    client_key_exchange = 16,
-    finished = 20,
-    certificate_status = 22,
-    next_proto = 67,
-    channelid_encrypted_extensions = 203
-} SSL3HandshakeType;
-
-typedef struct {
-    PRUint8 empty;
-} SSL3HelloRequest;
-
-typedef struct {
-    SSL3Opaque rand[SSL3_RANDOM_LENGTH];
-} SSL3Random;
-
-typedef struct {
-    SSL3Opaque id[32];
-    PRUint8 length;
-} SSL3SessionID;
-
-typedef struct {
-    SSL3ProtocolVersion client_version;
-    SSL3Random random;
-    SSL3SessionID session_id;
-    SECItem cipher_suites;
-    PRUint8 cm_count;
-    SSLCompressionMethod compression_methods[MAX_COMPRESSION_METHODS];
-} SSL3ClientHello;
-
-typedef struct {
-    SSL3ProtocolVersion server_version;
-    SSL3Random random;
-    SSL3SessionID session_id;
-    ssl3CipherSuite cipher_suite;
-    SSLCompressionMethod compression_method;
-} SSL3ServerHello;
-
-typedef struct {
-    SECItem list;
-} SSL3Certificate;
-
-/* SSL3SignType moved to ssl.h */
-
-/* The SSL key exchange method used */
-typedef enum {
-    kea_null,
-    kea_rsa,
-    kea_rsa_export,
-    kea_rsa_export_1024,
-    kea_dh_dss,
-    kea_dh_dss_export,
-    kea_dh_rsa,
-    kea_dh_rsa_export,
-    kea_dhe_dss,
-    kea_dhe_dss_export,
-    kea_dhe_rsa,
-    kea_dhe_rsa_export,
-    kea_dh_anon,
-    kea_dh_anon_export,
-    kea_rsa_fips,
-    kea_ecdh_ecdsa,
-    kea_ecdhe_ecdsa,
-    kea_ecdh_rsa,
-    kea_ecdhe_rsa,
-    kea_ecdh_anon
-} SSL3KeyExchangeAlgorithm;
-
-typedef struct {
-    SECItem modulus;
-    SECItem exponent;
-} SSL3ServerRSAParams;
-
-typedef struct {
-    SECItem p;
-    SECItem g;
-    SECItem Ys;
-} SSL3ServerDHParams;
-
-typedef struct {
-    union {
-        SSL3ServerDHParams dh;
-        SSL3ServerRSAParams rsa;
-    } u;
-} SSL3ServerParams;
-
-/* SSL3HashesIndividually contains a combination MD5/SHA1 hash, as used in TLS
- * prior to 1.2. */
-typedef struct {
-    PRUint8 md5[16];
-    PRUint8 sha[20];
-} SSL3HashesIndividually;
-
-/* SSL3Hashes contains an SSL hash value. The digest is contained in |u.raw|
- * which, if |hashAlg==ssl_hash_none| is also a SSL3HashesIndividually
- * struct. */
-typedef struct {
-    unsigned int len;
-    SSLHashType hashAlg;
-    union {
-        PRUint8 raw[64];
-        SSL3HashesIndividually s;
-    } u;
-} SSL3Hashes;
-
-typedef struct {
-    union {
-        SSL3Opaque anonymous;
-        SSL3Hashes certified;
-    } u;
-} SSL3ServerKeyExchange;
-
-typedef enum {
-    ct_RSA_sign = 1,
-    ct_DSS_sign = 2,
-    ct_RSA_fixed_DH = 3,
-    ct_DSS_fixed_DH = 4,
-    ct_RSA_ephemeral_DH = 5,
-    ct_DSS_ephemeral_DH = 6,
-    ct_ECDSA_sign = 64,
-    ct_RSA_fixed_ECDH = 65,
-    ct_ECDSA_fixed_ECDH = 66
-
-} SSL3ClientCertificateType;
-
-typedef struct {
-    SSL3Opaque client_version[2];
-    SSL3Opaque random[46];
-} SSL3RSAPreMasterSecret;
-
-typedef SSL3Opaque SSL3MasterSecret[48];
-
-typedef enum {
-    sender_client = 0x434c4e54,
-    sender_server = 0x53525652
-} SSL3Sender;
-
-typedef SSL3HashesIndividually SSL3Finished;
-
-typedef struct {
-    SSL3Opaque verify_data[12];
-} TLSFinished;
-
-/*
- * TLS extension related data structures and constants.
- */
-
-/* SessionTicket extension related data structures. */
-
-/* NewSessionTicket handshake message. */
-typedef struct {
-    PRUint32 received_timestamp;
-    PRUint32 ticket_lifetime_hint;
-    SECItem ticket;
-} NewSessionTicket;
-
-typedef enum {
-    CLIENT_AUTH_ANONYMOUS = 0,
-    CLIENT_AUTH_CERTIFICATE = 1
-} ClientAuthenticationType;
-
-typedef struct {
-    ClientAuthenticationType client_auth_type;
-    union {
-        SSL3Opaque *certificate_list;
-    } identity;
-} ClientIdentity;
-
-#define SESS_TICKET_KEY_NAME_LEN 16
-#define SESS_TICKET_KEY_NAME_PREFIX "NSS!"
-#define SESS_TICKET_KEY_NAME_PREFIX_LEN 4
-#define SESS_TICKET_KEY_VAR_NAME_LEN 12
-
-typedef struct {
-    unsigned char *key_name;
-    unsigned char *iv;
-    SECItem encrypted_state;
-    unsigned char *mac;
-} EncryptedSessionTicket;
-
-#define TLS_EX_SESS_TICKET_MAC_LENGTH 32
-
-#define TLS_STE_NO_SERVER_NAME -1
-
-#endif /* __ssl3proto_h_ */
diff --git a/chromium/net/third_party/nss/ssl/sslauth.c b/chromium/net/third_party/nss/ssl/sslauth.c
deleted file mode 100644
index e78a513a6ea..00000000000
--- a/chromium/net/third_party/nss/ssl/sslauth.c
+++ /dev/null
@@ -1,316 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-#include "cert.h"
-#include "secitem.h"
-#include "ssl.h"
-#include "sslimpl.h"
-#include "sslproto.h"
-#include "pk11func.h"
-#include "ocsp.h"
-
-/* NEED LOCKS IN HERE.  */
-CERTCertificate *
-SSL_PeerCertificate(PRFileDesc *fd)
-{
-    sslSocket *ss;
-
-    ss = ssl_FindSocket(fd);
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in PeerCertificate",
-                 SSL_GETPID(), fd));
-        return 0;
-    }
-    if (ss->opt.useSecurity && ss->sec.peerCert) {
-        return CERT_DupCertificate(ss->sec.peerCert);
-    }
-    return 0;
-}
-
-/* NEED LOCKS IN HERE.  */
-CERTCertList *
-SSL_PeerCertificateChain(PRFileDesc *fd)
-{
-    sslSocket *ss;
-    CERTCertList *chain = NULL;
-    CERTCertificate *cert;
-    ssl3CertNode *cur;
-
-    ss = ssl_FindSocket(fd);
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in PeerCertificateChain",
-                 SSL_GETPID(), fd));
-        return NULL;
-    }
-    if (!ss->opt.useSecurity || !ss->sec.peerCert) {
-        PORT_SetError(SSL_ERROR_NO_CERTIFICATE);
-        return NULL;
-    }
-    chain = CERT_NewCertList();
-    if (!chain) {
-        return NULL;
-    }
-    cert = CERT_DupCertificate(ss->sec.peerCert);
-    if (CERT_AddCertToListTail(chain, cert) != SECSuccess) {
-        goto loser;
-    }
-    for (cur = ss->ssl3.peerCertChain; cur; cur = cur->next) {
-        cert = CERT_DupCertificate(cur->cert);
-        if (CERT_AddCertToListTail(chain, cert) != SECSuccess) {
-            goto loser;
-        }
-    }
-    return chain;
-
-loser:
-    CERT_DestroyCertList(chain);
-    return NULL;
-}
-
-/* NEED LOCKS IN HERE.  */
-CERTCertificate *
-SSL_LocalCertificate(PRFileDesc *fd)
-{
-    sslSocket *ss;
-
-    ss = ssl_FindSocket(fd);
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in PeerCertificate",
-                 SSL_GETPID(), fd));
-        return NULL;
-    }
-    if (ss->opt.useSecurity) {
-        if (ss->sec.localCert) {
-            return CERT_DupCertificate(ss->sec.localCert);
-        }
-        if (ss->sec.ci.sid && ss->sec.ci.sid->localCert) {
-            return CERT_DupCertificate(ss->sec.ci.sid->localCert);
-        }
-    }
-    return NULL;
-}
-
-/* NEED LOCKS IN HERE.  */
-SECStatus
-SSL_SecurityStatus(PRFileDesc *fd, int *op, char **cp, int *kp0, int *kp1,
-                   char **ip, char **sp)
-{
-    sslSocket *ss;
-    const char *cipherName;
-    PRBool isDes = PR_FALSE;
-
-    ss = ssl_FindSocket(fd);
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in SecurityStatus",
-                 SSL_GETPID(), fd));
-        return SECFailure;
-    }
-
-    if (cp)
-        *cp = 0;
-    if (kp0)
-        *kp0 = 0;
-    if (kp1)
-        *kp1 = 0;
-    if (ip)
-        *ip = 0;
-    if (sp)
-        *sp = 0;
-    if (op) {
-        *op = SSL_SECURITY_STATUS_OFF;
-    }
-
-    if (ss->opt.useSecurity && ss->enoughFirstHsDone) {
-        if (ss->version < SSL_LIBRARY_VERSION_3_0) {
-            cipherName = ssl_cipherName[ss->sec.cipherType];
-        } else {
-            cipherName = ssl3_cipherName[ss->sec.cipherType];
-        }
-        PORT_Assert(cipherName);
-        if (cipherName) {
-            if (PORT_Strstr(cipherName, "DES"))
-                isDes = PR_TRUE;
-
-            if (cp) {
-                *cp = PORT_Strdup(cipherName);
-            }
-        }
-
-        if (kp0) {
-            *kp0 = ss->sec.keyBits;
-            if (isDes)
-                *kp0 = (*kp0 * 7) / 8;
-        }
-        if (kp1) {
-            *kp1 = ss->sec.secretKeyBits;
-            if (isDes)
-                *kp1 = (*kp1 * 7) / 8;
-        }
-        if (op) {
-            if (ss->sec.keyBits == 0) {
-                *op = SSL_SECURITY_STATUS_OFF;
-            } else if (ss->sec.secretKeyBits < 90) {
-                *op = SSL_SECURITY_STATUS_ON_LOW;
-            } else {
-                *op = SSL_SECURITY_STATUS_ON_HIGH;
-            }
-        }
-
-        if (ip || sp) {
-            CERTCertificate *cert;
-
-            cert = ss->sec.peerCert;
-            if (cert) {
-                if (ip) {
-                    *ip = CERT_NameToAscii(&cert->issuer);
-                }
-                if (sp) {
-                    *sp = CERT_NameToAscii(&cert->subject);
-                }
-            } else {
-                if (ip) {
-                    *ip = PORT_Strdup("no certificate");
-                }
-                if (sp) {
-                    *sp = PORT_Strdup("no certificate");
-                }
-            }
-        }
-    }
-
-    return SECSuccess;
-}
-
-/************************************************************************/
-
-/* NEED LOCKS IN HERE.  */
-SECStatus
-SSL_AuthCertificateHook(PRFileDesc *s, SSLAuthCertificate func, void *arg)
-{
-    sslSocket *ss;
-
-    ss = ssl_FindSocket(s);
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in AuthCertificateHook",
-                 SSL_GETPID(), s));
-        return SECFailure;
-    }
-
-    ss->authCertificate = func;
-    ss->authCertificateArg = arg;
-
-    return SECSuccess;
-}
-
-/* NEED LOCKS IN HERE.  */
-SECStatus
-SSL_GetClientAuthDataHook(PRFileDesc *s, SSLGetClientAuthData func,
-                          void *arg)
-{
-    sslSocket *ss;
-
-    ss = ssl_FindSocket(s);
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in GetClientAuthDataHook",
-                 SSL_GETPID(), s));
-        return SECFailure;
-    }
-
-    ss->getClientAuthData = func;
-    ss->getClientAuthDataArg = arg;
-    return SECSuccess;
-}
-
-SECStatus
-SSL_SetClientChannelIDCallback(PRFileDesc *fd,
-                               SSLClientChannelIDCallback callback,
-                               void *arg)
-{
-    sslSocket *ss = ssl_FindSocket(fd);
-
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetClientChannelIDCallback",
-                 SSL_GETPID(), fd));
-        return SECFailure;
-    }
-
-    ss->getChannelID = callback;
-    ss->getChannelIDArg = arg;
-
-    return SECSuccess;
-}
-
-/* NEED LOCKS IN HERE.  */
-SECStatus
-SSL_SetPKCS11PinArg(PRFileDesc *s, void *arg)
-{
-    sslSocket *ss;
-
-    ss = ssl_FindSocket(s);
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in GetClientAuthDataHook",
-                 SSL_GETPID(), s));
-        return SECFailure;
-    }
-
-    ss->pkcs11PinArg = arg;
-    return SECSuccess;
-}
-
-/* This is the "default" authCert callback function.  It is called when a
- * certificate message is received from the peer and the local application
- * has not registered an authCert callback function.
- */
-SECStatus
-SSL_AuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig, PRBool isServer)
-{
-    SECStatus rv;
-    CERTCertDBHandle *handle;
-    sslSocket *ss;
-    SECCertUsage certUsage;
-    const char *hostname = NULL;
-    PRTime now = PR_Now();
-    SECItemArray *certStatusArray;
-
-    ss = ssl_FindSocket(fd);
-    PORT_Assert(ss != NULL);
-    if (!ss) {
-        return SECFailure;
-    }
-
-    handle = (CERTCertDBHandle *)arg;
-    certStatusArray = &ss->sec.ci.sid->peerCertStatus;
-
-    if (certStatusArray->len) {
-        PORT_SetError(0);
-        if (CERT_CacheOCSPResponseFromSideChannel(handle, ss->sec.peerCert, now,
-                                                  &certStatusArray->items[0],
-                                                  ss->pkcs11PinArg) !=
-            SECSuccess) {
-            PORT_Assert(PR_GetError() != 0);
-        }
-    }
-
-    /* this may seem backwards, but isn't. */
-    certUsage = isServer ? certUsageSSLClient : certUsageSSLServer;
-
-    rv = CERT_VerifyCert(handle, ss->sec.peerCert, checkSig, certUsage,
-                         now, ss->pkcs11PinArg, NULL);
-
-    if (rv != SECSuccess || isServer)
-        return rv;
-
-    /* cert is OK.  This is the client side of an SSL connection.
-     * Now check the name field in the cert against the desired hostname.
-     * NB: This is our only defense against Man-In-The-Middle (MITM) attacks!
-     */
-    hostname = ss->url;
-    if (hostname && hostname[0])
-        rv = CERT_VerifyCertName(ss->sec.peerCert, hostname);
-    else
-        rv = SECFailure;
-    if (rv != SECSuccess)
-        PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN);
-
-    return rv;
-}
diff --git a/chromium/net/third_party/nss/ssl/sslcon.c b/chromium/net/third_party/nss/ssl/sslcon.c
deleted file mode 100644
index 95d27275f44..00000000000
--- a/chromium/net/third_party/nss/ssl/sslcon.c
+++ /dev/null
@@ -1,3688 +0,0 @@
-/*
- * SSL v2 handshake functions, and functions common to SSL2 and SSL3.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "nssrenam.h"
-#include "cert.h"
-#include "secitem.h"
-#include "sechash.h"
-#include "cryptohi.h" /* for SGN_ funcs */
-#include "keyhi.h"    /* for SECKEY_ high level functions. */
-#include "ssl.h"
-#include "sslimpl.h"
-#include "sslproto.h"
-#include "ssl3prot.h"
-#include "sslerr.h"
-#include "pk11func.h"
-#include "prinit.h"
-#include "prtime.h" /* for PR_Now() */
-
-static PRBool policyWasSet;
-
-#define ssl2_NUM_SUITES_IMPLEMENTED 6
-
-/* This list is sent back to the client when the client-hello message
- * contains no overlapping ciphers, so the client can report what ciphers
- * are supported by the server.  Unlike allCipherSuites (above), this list
- * is sorted by descending preference, not by cipherSuite number.
- */
-/* clang-format off */
-static const PRUint8 implementedCipherSuites[ssl2_NUM_SUITES_IMPLEMENTED * 3] = {
-    SSL_CK_RC4_128_WITH_MD5,                0x00, 0x80,
-    SSL_CK_RC2_128_CBC_WITH_MD5,            0x00, 0x80,
-    SSL_CK_DES_192_EDE3_CBC_WITH_MD5,       0x00, 0xC0,
-    SSL_CK_DES_64_CBC_WITH_MD5,             0x00, 0x40,
-    SSL_CK_RC4_128_EXPORT40_WITH_MD5,       0x00, 0x80,
-    SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5,   0x00, 0x80
-};
-
-
-typedef struct ssl2SpecsStr {
-    PRUint8 nkm; /* do this many hashes to generate key material. */
-    PRUint8 nkd; /* size of readKey and writeKey in bytes. */
-    PRUint8 blockSize;
-    PRUint8 blockShift;
-    CK_MECHANISM_TYPE mechanism;
-    PRUint8 keyLen; /* cipher symkey size in bytes. */
-    PRUint8 pubLen; /* publicly reveal this many bytes of key. */
-    PRUint8 ivLen;  /* length of IV data at *ca.    */
-} ssl2Specs;
-
-static const ssl2Specs ssl_Specs[] = {
-  /* NONE                                 */
-  { 0, 0, 0, 0 },
-  /* SSL_CK_RC4_128_WITH_MD5        */
-  { 2, 16, 1, 0, CKM_RC4,       16,   0, 0 },
-  /* SSL_CK_RC4_128_EXPORT40_WITH_MD5   */
-  { 2, 16, 1, 0, CKM_RC4,       16,  11, 0 },
-  /* SSL_CK_RC2_128_CBC_WITH_MD5        */
-  { 2, 16, 8, 3, CKM_RC2_CBC,   16,   0, 8 },
-  /* SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5   */
-  { 2, 16, 8, 3, CKM_RC2_CBC,   16,  11, 8 },
-  /* SSL_CK_IDEA_128_CBC_WITH_MD5       */
-  { 0, 0, 0, 0 },
-  /* SSL_CK_DES_64_CBC_WITH_MD5     */
-  { 1,  8, 8, 3, CKM_DES_CBC,    8,   0, 8 },
-  /* SSL_CK_DES_192_EDE3_CBC_WITH_MD5   */
-  { 3, 24, 8, 3, CKM_DES3_CBC,  24,   0, 8 },
-};
-/* clang-format on */
-
-#define SET_ERROR_CODE   /* reminder */
-#define TEST_FOR_FAILURE /* reminder */
-
-/*
-** Put a string tag in the library so that we can examine an executable
-** and see what kind of security it supports.
-*/
-const char *ssl_version = "SECURITY_VERSION:"
-                          " +us"
-                          " +export"
-#ifdef TRACE
-                          " +trace"
-#endif
-#ifdef DEBUG
-                          " +debug"
-#endif
-    ;
-
-const char *const ssl_cipherName[] = {
-    "unknown",
-    "RC4",
-    "RC4-Export",
-    "RC2-CBC",
-    "RC2-CBC-Export",
-    "IDEA-CBC",
-    "DES-CBC",
-    "DES-EDE3-CBC",
-    "unknown",
-    "unknown", /* was fortezza, NO LONGER USED */
-};
-
-/* bit-masks, showing which SSLv2 suites are allowed.
- * lsb corresponds to first cipher suite in allCipherSuites[].
- */
-static PRUint16 allowedByPolicy;         /* all off by default */
-static PRUint16 maybeAllowedByPolicy;    /* all off by default */
-static PRUint16 chosenPreference = 0xff; /* all on  by default */
-
-/* bit values for the above two bit masks */
-#define SSL_CB_RC4_128_WITH_MD5 (1 << SSL_CK_RC4_128_WITH_MD5)
-#define SSL_CB_RC4_128_EXPORT40_WITH_MD5 (1 << SSL_CK_RC4_128_EXPORT40_WITH_MD5)
-#define SSL_CB_RC2_128_CBC_WITH_MD5 (1 << SSL_CK_RC2_128_CBC_WITH_MD5)
-#define SSL_CB_RC2_128_CBC_EXPORT40_WITH_MD5 (1 << SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5)
-#define SSL_CB_IDEA_128_CBC_WITH_MD5 (1 << SSL_CK_IDEA_128_CBC_WITH_MD5)
-#define SSL_CB_DES_64_CBC_WITH_MD5 (1 << SSL_CK_DES_64_CBC_WITH_MD5)
-#define SSL_CB_DES_192_EDE3_CBC_WITH_MD5 (1 << SSL_CK_DES_192_EDE3_CBC_WITH_MD5)
-#define SSL_CB_IMPLEMENTED                  \
-    (SSL_CB_RC4_128_WITH_MD5 |              \
-     SSL_CB_RC4_128_EXPORT40_WITH_MD5 |     \
-     SSL_CB_RC2_128_CBC_WITH_MD5 |          \
-     SSL_CB_RC2_128_CBC_EXPORT40_WITH_MD5 | \
-     SSL_CB_DES_64_CBC_WITH_MD5 |           \
-     SSL_CB_DES_192_EDE3_CBC_WITH_MD5)
-
-/* Construct a socket's list of cipher specs from the global default values.
- */
-static SECStatus
-ssl2_ConstructCipherSpecs(sslSocket *ss)
-{
-    PRUint8 *cs = NULL;
-    unsigned int allowed;
-    unsigned int count;
-    int ssl3_count = 0;
-    int final_count;
-    int i;
-    SECStatus rv;
-
-    PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss));
-
-    count = 0;
-    PORT_Assert(ss != 0);
-    allowed = !ss->opt.enableSSL2 ? 0 : (ss->allowedByPolicy &
-                                         ss->chosenPreference & SSL_CB_IMPLEMENTED);
-    while (allowed) {
-        if (allowed & 1)
-            ++count;
-        allowed >>= 1;
-    }
-
-    /* Call ssl3_config_match_init() once here,
-     * instead of inside ssl3_ConstructV2CipherSpecsHack(),
-     * because the latter gets called twice below,
-     * and then again in ssl2_BeginClientHandshake().
-     */
-    ssl3_config_match_init(ss);
-
-    /* ask SSL3 how many cipher suites it has. */
-    rv = ssl3_ConstructV2CipherSpecsHack(ss, NULL, &ssl3_count);
-    if (rv < 0)
-        return rv;
-    count += ssl3_count;
-
-    /* Allocate memory to hold cipher specs */
-    if (count > 0)
-        cs = (PRUint8 *)PORT_Alloc(count * 3);
-    else
-        PORT_SetError(SSL_ERROR_SSL_DISABLED);
-    if (cs == NULL)
-        return SECFailure;
-
-    if (ss->cipherSpecs != NULL) {
-        PORT_Free(ss->cipherSpecs);
-    }
-    ss->cipherSpecs = cs;
-    ss->sizeCipherSpecs = count * 3;
-
-    /* fill in cipher specs for SSL2 cipher suites */
-    allowed = !ss->opt.enableSSL2 ? 0 : (ss->allowedByPolicy &
-                                         ss->chosenPreference & SSL_CB_IMPLEMENTED);
-    for (i = 0; i < ssl2_NUM_SUITES_IMPLEMENTED * 3; i += 3) {
-        const PRUint8 *hs = implementedCipherSuites + i;
-        int ok = allowed & (1U << hs[0]);
-        if (ok) {
-            cs[0] = hs[0];
-            cs[1] = hs[1];
-            cs[2] = hs[2];
-            cs += 3;
-        }
-    }
-
-    /* now have SSL3 add its suites onto the end */
-    rv = ssl3_ConstructV2CipherSpecsHack(ss, cs, &final_count);
-
-    /* adjust for any difference between first pass and second pass */
-    ss->sizeCipherSpecs -= (ssl3_count - final_count) * 3;
-
-    return rv;
-}
-
-/* This function is called immediately after ssl2_ConstructCipherSpecs()
-** at the beginning of a handshake.  It detects cases where a protocol
-** (e.g. SSL2 or SSL3) is logically enabled, but all its cipher suites
-** for that protocol have been disabled.  If such cases, it clears the
-** enable bit for the protocol.  If no protocols remain enabled, or
-** if no cipher suites are found, it sets the error code and returns
-** SECFailure, otherwise it returns SECSuccess.
-*/
-static SECStatus
-ssl2_CheckConfigSanity(sslSocket *ss)
-{
-    unsigned int allowed;
-    int ssl3CipherCount = 0;
-    SECStatus rv;
-
-    /* count the SSL2 and SSL3 enabled ciphers.
-     * if either is zero, clear the socket's enable for that protocol.
-     */
-    if (!ss->cipherSpecs)
-        goto disabled;
-
-    allowed = ss->allowedByPolicy & ss->chosenPreference;
-    if (!allowed)
-        ss->opt.enableSSL2 = PR_FALSE; /* not really enabled if no ciphers */
-
-    /* ssl3_config_match_init was called in ssl2_ConstructCipherSpecs(). */
-    /* Ask how many ssl3 CipherSuites were enabled. */
-    rv = ssl3_ConstructV2CipherSpecsHack(ss, NULL, &ssl3CipherCount);
-    if (rv != SECSuccess || ssl3CipherCount <= 0) {
-        /* SSL3/TLS not really enabled if no ciphers */
-        ss->vrange.min = SSL_LIBRARY_VERSION_NONE;
-        ss->vrange.max = SSL_LIBRARY_VERSION_NONE;
-    }
-
-    if (!ss->opt.enableSSL2 && SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) {
-        SSL_DBG(("%d: SSL[%d]: Can't handshake! all versions disabled.",
-                 SSL_GETPID(), ss->fd));
-    disabled:
-        PORT_SetError(SSL_ERROR_SSL_DISABLED);
-        return SECFailure;
-    }
-    return SECSuccess;
-}
-
-/*
- * Since this is a global (not per-socket) setting, we cannot use the
- * HandshakeLock to protect this.  Probably want a global lock.
- */
-SECStatus
-ssl2_SetPolicy(PRInt32 which, PRInt32 policy)
-{
-    PRUint32 bitMask;
-    SECStatus rv = SECSuccess;
-
-    which &= 0x000f;
-    bitMask = 1 << which;
-
-    if (!(bitMask & SSL_CB_IMPLEMENTED)) {
-        PORT_SetError(SSL_ERROR_UNKNOWN_CIPHER_SUITE);
-        return SECFailure;
-    }
-
-    if (policy == SSL_ALLOWED) {
-        allowedByPolicy |= bitMask;
-        maybeAllowedByPolicy |= bitMask;
-    } else if (policy == SSL_RESTRICTED) {
-        allowedByPolicy &= ~bitMask;
-        maybeAllowedByPolicy |= bitMask;
-    } else {
-        allowedByPolicy &= ~bitMask;
-        maybeAllowedByPolicy &= ~bitMask;
-    }
-    allowedByPolicy &= SSL_CB_IMPLEMENTED;
-    maybeAllowedByPolicy &= SSL_CB_IMPLEMENTED;
-
-    policyWasSet = PR_TRUE;
-    return rv;
-}
-
-SECStatus
-ssl2_GetPolicy(PRInt32 which, PRInt32 *oPolicy)
-{
-    PRUint32 bitMask;
-    PRInt32 policy;
-
-    which &= 0x000f;
-    bitMask = 1 << which;
-
-    /* Caller assures oPolicy is not null. */
-    if (!(bitMask & SSL_CB_IMPLEMENTED)) {
-        PORT_SetError(SSL_ERROR_UNKNOWN_CIPHER_SUITE);
-        *oPolicy = SSL_NOT_ALLOWED;
-        return SECFailure;
-    }
-
-    if (maybeAllowedByPolicy & bitMask) {
-        policy = (allowedByPolicy & bitMask) ? SSL_ALLOWED : SSL_RESTRICTED;
-    } else {
-        policy = SSL_NOT_ALLOWED;
-    }
-
-    *oPolicy = policy;
-    return SECSuccess;
-}
-
-/*
- * Since this is a global (not per-socket) setting, we cannot use the
- * HandshakeLock to protect this.  Probably want a global lock.
- * Called from SSL_CipherPrefSetDefault in sslsock.c
- * These changes have no effect on any sslSockets already created.
- */
-SECStatus
-ssl2_CipherPrefSetDefault(PRInt32 which, PRBool enabled)
-{
-    PRUint32 bitMask;
-
-    which &= 0x000f;
-    bitMask = 1 << which;
-
-    if (!(bitMask & SSL_CB_IMPLEMENTED)) {
-        PORT_SetError(SSL_ERROR_UNKNOWN_CIPHER_SUITE);
-        return SECFailure;
-    }
-
-    if (enabled)
-        chosenPreference |= bitMask;
-    else
-        chosenPreference &= ~bitMask;
-    chosenPreference &= SSL_CB_IMPLEMENTED;
-
-    return SECSuccess;
-}
-
-SECStatus
-ssl2_CipherPrefGetDefault(PRInt32 which, PRBool *enabled)
-{
-    PRBool rv = PR_FALSE;
-    PRUint32 bitMask;
-
-    which &= 0x000f;
-    bitMask = 1 << which;
-
-    if (!(bitMask & SSL_CB_IMPLEMENTED)) {
-        PORT_SetError(SSL_ERROR_UNKNOWN_CIPHER_SUITE);
-        *enabled = PR_FALSE;
-        return SECFailure;
-    }
-
-    rv = (PRBool)((chosenPreference & bitMask) != 0);
-    *enabled = rv;
-    return SECSuccess;
-}
-
-SECStatus
-ssl2_CipherPrefSet(sslSocket *ss, PRInt32 which, PRBool enabled)
-{
-    PRUint32 bitMask;
-
-    which &= 0x000f;
-    bitMask = 1 << which;
-
-    if (!(bitMask & SSL_CB_IMPLEMENTED)) {
-        PORT_SetError(SSL_ERROR_UNKNOWN_CIPHER_SUITE);
-        return SECFailure;
-    }
-
-    if (enabled)
-        ss->chosenPreference |= bitMask;
-    else
-        ss->chosenPreference &= ~bitMask;
-    ss->chosenPreference &= SSL_CB_IMPLEMENTED;
-
-    return SECSuccess;
-}
-
-SECStatus
-ssl2_CipherPrefGet(sslSocket *ss, PRInt32 which, PRBool *enabled)
-{
-    PRBool rv = PR_FALSE;
-    PRUint32 bitMask;
-
-    which &= 0x000f;
-    bitMask = 1 << which;
-
-    if (!(bitMask & SSL_CB_IMPLEMENTED)) {
-        PORT_SetError(SSL_ERROR_UNKNOWN_CIPHER_SUITE);
-        *enabled = PR_FALSE;
-        return SECFailure;
-    }
-
-    rv = (PRBool)((ss->chosenPreference & bitMask) != 0);
-    *enabled = rv;
-    return SECSuccess;
-}
-
-/* copy global default policy into socket. */
-void
-ssl2_InitSocketPolicy(sslSocket *ss)
-{
-    ss->allowedByPolicy = allowedByPolicy;
-    ss->maybeAllowedByPolicy = maybeAllowedByPolicy;
-    ss->chosenPreference = chosenPreference;
-}
-
-/************************************************************************/
-
-/* Called from ssl2_CreateSessionCypher(), which already holds handshake lock.
- */
-static SECStatus
-ssl2_CreateMAC(sslSecurityInfo *sec, SECItem *readKey, SECItem *writeKey,
-               int cipherChoice)
-{
-    switch (cipherChoice) {
-        case SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5:
-        case SSL_CK_RC2_128_CBC_WITH_MD5:
-        case SSL_CK_RC4_128_EXPORT40_WITH_MD5:
-        case SSL_CK_RC4_128_WITH_MD5:
-        case SSL_CK_DES_64_CBC_WITH_MD5:
-        case SSL_CK_DES_192_EDE3_CBC_WITH_MD5:
-            sec->hash = HASH_GetHashObject(HASH_AlgMD5);
-            if (SECITEM_CopyItem(0, &sec->sendSecret, writeKey) ||
-                SECITEM_CopyItem(0, &sec->rcvSecret, readKey)) {
-                return SECFailure;
-            }
-            break;
-
-        default:
-            PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
-            return SECFailure;
-    }
-    sec->hashcx = (*sec->hash->create)();
-    if (sec->hashcx == NULL)
-        return SECFailure;
-    return SECSuccess;
-}
-
-/************************************************************************
- * All the Send functions below must acquire and release the socket's
- * xmitBufLock.
- */
-
-/* Called from all the Send* functions below. */
-static SECStatus
-ssl2_GetSendBuffer(sslSocket *ss, unsigned int len)
-{
-    SECStatus rv = SECSuccess;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
-
-    if (len < 128) {
-        len = 128;
-    }
-    if (len > ss->sec.ci.sendBuf.space) {
-        rv = sslBuffer_Grow(&ss->sec.ci.sendBuf, len);
-        if (rv != SECSuccess) {
-            SSL_DBG(("%d: SSL[%d]: ssl2_GetSendBuffer failed, tried to get %d bytes",
-                     SSL_GETPID(), ss->fd, len));
-            rv = SECFailure;
-        }
-    }
-    return rv;
-}
-
-/* Called from:
- * ssl2_ClientSetupSessionCypher()  <- ssl2_HandleServerHelloMessage()
- * ssl2_HandleRequestCertificate()  <- ssl2_HandleMessage()
-                                    <- ssl_Do1stHandshake()
- * ssl2_HandleMessage()             <- ssl_Do1stHandshake()
- * ssl2_HandleServerHelloMessage()  <- ssl_Do1stHandshake()
-                                    after ssl2_BeginClientHandshake()
- * ssl2_HandleClientHelloMessage()  <- ssl_Do1stHandshake()
-                                    after ssl2_BeginServerHandshake()
- *
- * Acquires and releases the socket's xmitBufLock.
- */
-int
-ssl2_SendErrorMessage(sslSocket *ss, int error)
-{
-    int rv;
-    PRUint8 msg[SSL_HL_ERROR_HBYTES];
-
-    PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss));
-
-    msg[0] = SSL_MT_ERROR;
-    msg[1] = MSB(error);
-    msg[2] = LSB(error);
-
-    ssl_GetXmitBufLock(ss); /***************************************/
-
-    SSL_TRC(3, ("%d: SSL[%d]: sending error %d", SSL_GETPID(), ss->fd, error));
-
-    ss->handshakeBegun = 1;
-    rv = (*ss->sec.send)(ss, msg, sizeof(msg), 0);
-    if (rv >= 0) {
-        rv = SECSuccess;
-    }
-    ssl_ReleaseXmitBufLock(ss); /***************************************/
-    return rv;
-}
-
-/* Called from ssl2_TryToFinish().
- * Acquires and releases the socket's xmitBufLock.
- */
-static SECStatus
-ssl2_SendClientFinishedMessage(sslSocket *ss)
-{
-    SECStatus rv = SECSuccess;
-    int sent;
-    PRUint8 msg[1 + SSL_CONNECTIONID_BYTES];
-
-    PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss));
-
-    ssl_GetXmitBufLock(ss); /***************************************/
-
-    if (ss->sec.ci.sentFinished == 0) {
-        ss->sec.ci.sentFinished = 1;
-
-        SSL_TRC(3, ("%d: SSL[%d]: sending client-finished",
-                    SSL_GETPID(), ss->fd));
-
-        msg[0] = SSL_MT_CLIENT_FINISHED;
-        PORT_Memcpy(msg + 1, ss->sec.ci.connectionID,
-                    sizeof(ss->sec.ci.connectionID));
-
-        DUMP_MSG(29, (ss, msg, 1 + sizeof(ss->sec.ci.connectionID)));
-        sent = (*ss->sec.send)(ss, msg, 1 + sizeof(ss->sec.ci.connectionID), 0);
-        rv = (sent >= 0) ? SECSuccess : (SECStatus)sent;
-    }
-    ssl_ReleaseXmitBufLock(ss); /***************************************/
-    return rv;
-}
-
-/* Called from
- * ssl2_HandleClientSessionKeyMessage() <- ssl2_HandleClientHelloMessage()
- * ssl2_HandleClientHelloMessage()      <- ssl_Do1stHandshake()
-                                        after ssl2_BeginServerHandshake()
- * Acquires and releases the socket's xmitBufLock.
- */
-static SECStatus
-ssl2_SendServerVerifyMessage(sslSocket *ss)
-{
-    PRUint8 *msg;
-    int sendLen;
-    int sent;
-    SECStatus rv;
-
-    PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss));
-
-    ssl_GetXmitBufLock(ss); /***************************************/
-
-    sendLen = 1 + SSL_CHALLENGE_BYTES;
-    rv = ssl2_GetSendBuffer(ss, sendLen);
-    if (rv != SECSuccess) {
-        goto done;
-    }
-
-    msg = ss->sec.ci.sendBuf.buf;
-    msg[0] = SSL_MT_SERVER_VERIFY;
-    PORT_Memcpy(msg + 1, ss->sec.ci.clientChallenge, SSL_CHALLENGE_BYTES);
-
-    DUMP_MSG(29, (ss, msg, sendLen));
-    sent = (*ss->sec.send)(ss, msg, sendLen, 0);
-
-    rv = (sent >= 0) ? SECSuccess : (SECStatus)sent;
-
-done:
-    ssl_ReleaseXmitBufLock(ss); /***************************************/
-    return rv;
-}
-
-/* Called from ssl2_TryToFinish().
- * Acquires and releases the socket's xmitBufLock.
- */
-static SECStatus
-ssl2_SendServerFinishedMessage(sslSocket *ss)
-{
-    sslSessionID *sid;
-    PRUint8 *msg;
-    int sendLen, sent;
-    SECStatus rv = SECSuccess;
-
-    PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss));
-
-    ssl_GetXmitBufLock(ss); /***************************************/
-
-    if (ss->sec.ci.sentFinished == 0) {
-        ss->sec.ci.sentFinished = 1;
-        PORT_Assert(ss->sec.ci.sid != 0);
-        sid = ss->sec.ci.sid;
-
-        SSL_TRC(3, ("%d: SSL[%d]: sending server-finished",
-                    SSL_GETPID(), ss->fd));
-
-        sendLen = 1 + sizeof(sid->u.ssl2.sessionID);
-        rv = ssl2_GetSendBuffer(ss, sendLen);
-        if (rv != SECSuccess) {
-            goto done;
-        }
-
-        msg = ss->sec.ci.sendBuf.buf;
-        msg[0] = SSL_MT_SERVER_FINISHED;
-        PORT_Memcpy(msg + 1, sid->u.ssl2.sessionID,
-                    sizeof(sid->u.ssl2.sessionID));
-
-        DUMP_MSG(29, (ss, msg, sendLen));
-        sent = (*ss->sec.send)(ss, msg, sendLen, 0);
-
-        if (sent < 0) {
-            /* If send failed, it is now a bogus  session-id */
-            if (ss->sec.uncache)
-                (*ss->sec.uncache)(sid);
-            rv = (SECStatus)sent;
-        } else if (!ss->opt.noCache) {
-            if (sid->cached == never_cached) {
-                (*ss->sec.cache)(sid);
-            }
-            rv = SECSuccess;
-        }
-        ssl_FreeSID(sid);
-        ss->sec.ci.sid = 0;
-    }
-done:
-    ssl_ReleaseXmitBufLock(ss); /***************************************/
-    return rv;
-}
-
-/* Called from ssl2_ClientSetupSessionCypher() <- ssl2_HandleServerHelloMessage()
- *                                             after ssl2_BeginClientHandshake()
- * Acquires and releases the socket's xmitBufLock.
- */
-static SECStatus
-ssl2_SendSessionKeyMessage(sslSocket *ss, int cipher, int keySize,
-                           PRUint8 *ca, int caLen,
-                           PRUint8 *ck, int ckLen,
-                           PRUint8 *ek, int ekLen)
-{
-    PRUint8 *msg;
-    int sendLen;
-    int sent;
-    SECStatus rv;
-
-    PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss));
-
-    ssl_GetXmitBufLock(ss); /***************************************/
-
-    sendLen = SSL_HL_CLIENT_MASTER_KEY_HBYTES + ckLen + ekLen + caLen;
-    rv = ssl2_GetSendBuffer(ss, sendLen);
-    if (rv != SECSuccess)
-        goto done;
-
-    SSL_TRC(3, ("%d: SSL[%d]: sending client-session-key",
-                SSL_GETPID(), ss->fd));
-
-    msg = ss->sec.ci.sendBuf.buf;
-    msg[0] = SSL_MT_CLIENT_MASTER_KEY;
-    msg[1] = cipher;
-    msg[2] = MSB(keySize);
-    msg[3] = LSB(keySize);
-    msg[4] = MSB(ckLen);
-    msg[5] = LSB(ckLen);
-    msg[6] = MSB(ekLen);
-    msg[7] = LSB(ekLen);
-    msg[8] = MSB(caLen);
-    msg[9] = LSB(caLen);
-    PORT_Memcpy(msg + SSL_HL_CLIENT_MASTER_KEY_HBYTES, ck, ckLen);
-    PORT_Memcpy(msg + SSL_HL_CLIENT_MASTER_KEY_HBYTES + ckLen, ek, ekLen);
-    PORT_Memcpy(msg + SSL_HL_CLIENT_MASTER_KEY_HBYTES + ckLen + ekLen, ca, caLen);
-
-    DUMP_MSG(29, (ss, msg, sendLen));
-    sent = (*ss->sec.send)(ss, msg, sendLen, 0);
-    rv = (sent >= 0) ? SECSuccess : (SECStatus)sent;
-done:
-    ssl_ReleaseXmitBufLock(ss); /***************************************/
-    return rv;
-}
-
-/* Called from ssl2_TriggerNextMessage() <- ssl2_HandleMessage()
- * Acquires and releases the socket's xmitBufLock.
- */
-static SECStatus
-ssl2_SendCertificateRequestMessage(sslSocket *ss)
-{
-    PRUint8 *msg;
-    int sent;
-    int sendLen;
-    SECStatus rv;
-
-    PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss));
-
-    ssl_GetXmitBufLock(ss); /***************************************/
-
-    sendLen = SSL_HL_REQUEST_CERTIFICATE_HBYTES + SSL_CHALLENGE_BYTES;
-    rv = ssl2_GetSendBuffer(ss, sendLen);
-    if (rv != SECSuccess)
-        goto done;
-
-    SSL_TRC(3, ("%d: SSL[%d]: sending certificate request",
-                SSL_GETPID(), ss->fd));
-
-    /* Generate random challenge for client to encrypt */
-    PK11_GenerateRandom(ss->sec.ci.serverChallenge, SSL_CHALLENGE_BYTES);
-
-    msg = ss->sec.ci.sendBuf.buf;
-    msg[0] = SSL_MT_REQUEST_CERTIFICATE;
-    msg[1] = SSL_AT_MD5_WITH_RSA_ENCRYPTION;
-    PORT_Memcpy(msg + SSL_HL_REQUEST_CERTIFICATE_HBYTES,
-                ss->sec.ci.serverChallenge, SSL_CHALLENGE_BYTES);
-
-    DUMP_MSG(29, (ss, msg, sendLen));
-    sent = (*ss->sec.send)(ss, msg, sendLen, 0);
-    rv = (sent >= 0) ? SECSuccess : (SECStatus)sent;
-done:
-    ssl_ReleaseXmitBufLock(ss); /***************************************/
-    return rv;
-}
-
-/* Called from ssl2_HandleRequestCertificate() <- ssl2_HandleMessage()
- * Acquires and releases the socket's xmitBufLock.
- */
-static int
-ssl2_SendCertificateResponseMessage(sslSocket *ss, SECItem *cert,
-                                    SECItem *encCode)
-{
-    PRUint8 *msg;
-    int rv, sendLen;
-
-    PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss));
-
-    ssl_GetXmitBufLock(ss); /***************************************/
-
-    sendLen = SSL_HL_CLIENT_CERTIFICATE_HBYTES + encCode->len + cert->len;
-    rv = ssl2_GetSendBuffer(ss, sendLen);
-    if (rv)
-        goto done;
-
-    SSL_TRC(3, ("%d: SSL[%d]: sending certificate response",
-                SSL_GETPID(), ss->fd));
-
-    msg = ss->sec.ci.sendBuf.buf;
-    msg[0] = SSL_MT_CLIENT_CERTIFICATE;
-    msg[1] = SSL_CT_X509_CERTIFICATE;
-    msg[2] = MSB(cert->len);
-    msg[3] = LSB(cert->len);
-    msg[4] = MSB(encCode->len);
-    msg[5] = LSB(encCode->len);
-    PORT_Memcpy(msg + SSL_HL_CLIENT_CERTIFICATE_HBYTES, cert->data, cert->len);
-    PORT_Memcpy(msg + SSL_HL_CLIENT_CERTIFICATE_HBYTES + cert->len,
-                encCode->data, encCode->len);
-
-    DUMP_MSG(29, (ss, msg, sendLen));
-    rv = (*ss->sec.send)(ss, msg, sendLen, 0);
-    if (rv >= 0) {
-        rv = SECSuccess;
-    }
-done:
-    ssl_ReleaseXmitBufLock(ss); /***************************************/
-    return rv;
-}
-
-/********************************************************************
-**  Send functions above this line must aquire & release the socket's
-**  xmitBufLock.
-** All the ssl2_Send functions below this line are called vis ss->sec.send
-**  and require that the caller hold the xmitBufLock.
-*/
-
-/*
-** Called from ssl2_SendStream, ssl2_SendBlock, but not from ssl2_SendClear.
-*/
-static SECStatus
-ssl2_CalcMAC(PRUint8 *result,
-             sslSecurityInfo *sec,
-             const PRUint8 *data,
-             unsigned int dataLen,
-             unsigned int paddingLen)
-{
-    const PRUint8 *secret = sec->sendSecret.data;
-    unsigned int secretLen = sec->sendSecret.len;
-    unsigned long sequenceNumber = sec->sendSequence;
-    unsigned int nout;
-    PRUint8 seq[4];
-    PRUint8 padding[32]; /* XXX max blocksize? */
-
-    if (!sec->hash || !sec->hash->length)
-        return SECSuccess;
-    if (!sec->hashcx)
-        return SECFailure;
-
-    /* Reset hash function */
-    (*sec->hash->begin)(sec->hashcx);
-
-    /* Feed hash the data */
-    (*sec->hash->update)(sec->hashcx, secret, secretLen);
-    (*sec->hash->update)(sec->hashcx, data, dataLen);
-    PORT_Memset(padding, paddingLen, paddingLen);
-    (*sec->hash->update)(sec->hashcx, padding, paddingLen);
-
-    seq[0] = (PRUint8)(sequenceNumber >> 24);
-    seq[1] = (PRUint8)(sequenceNumber >> 16);
-    seq[2] = (PRUint8)(sequenceNumber >> 8);
-    seq[3] = (PRUint8)(sequenceNumber);
-
-    PRINT_BUF(60, (0, "calc-mac secret:", secret, secretLen));
-    PRINT_BUF(60, (0, "calc-mac data:", data, dataLen));
-    PRINT_BUF(60, (0, "calc-mac padding:", padding, paddingLen));
-    PRINT_BUF(60, (0, "calc-mac seq:", seq, 4));
-
-    (*sec->hash->update)(sec->hashcx, seq, 4);
-
-    /* Get result */
-    (*sec->hash->end)(sec->hashcx, result, &nout, sec->hash->length);
-
-    return SECSuccess;
-}
-
-/*
-** Maximum transmission amounts. These are tiny bit smaller than they
-** need to be (they account for the MAC length plus some padding),
-** assuming the MAC is 16 bytes long and the padding is a max of 7 bytes
-** long. This gives an additional 9 bytes of slop to work within.
-*/
-#define MAX_STREAM_CYPHER_LEN 0x7fe0
-#define MAX_BLOCK_CYPHER_LEN 0x3fe0
-
-/*
-** Send some data in the clear.
-** Package up data with the length header and send it.
-**
-** Return count of bytes successfully written, or negative number (failure).
-*/
-static PRInt32
-ssl2_SendClear(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags)
-{
-    PRUint8 *out;
-    int rv;
-    unsigned int amount;
-    int count = 0;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
-
-    SSL_TRC(10, ("%d: SSL[%d]: sending %d bytes in the clear",
-                 SSL_GETPID(), ss->fd, len));
-    PRINT_BUF(50, (ss, "clear data:", (PRUint8 *)in, len));
-
-    while (len) {
-        amount = PR_MIN(len, MAX_STREAM_CYPHER_LEN);
-        if (amount + 2 > ss->sec.writeBuf.space) {
-            rv = sslBuffer_Grow(&ss->sec.writeBuf, amount + 2);
-            if (rv != SECSuccess) {
-                count = rv;
-                break;
-            }
-        }
-        out = ss->sec.writeBuf.buf;
-
-        /*
-        ** Construct message.
-        */
-        out[0] = 0x80 | MSB(amount);
-        out[1] = LSB(amount);
-        PORT_Memcpy(&out[2], in, amount);
-
-        /* Now send the data */
-        rv = ssl_DefSend(ss, out, amount + 2, flags & ~ssl_SEND_FLAG_MASK);
-        if (rv < 0) {
-            if (PORT_GetError() == PR_WOULD_BLOCK_ERROR) {
-                rv = 0;
-            } else {
-                /* Return short write if some data already went out... */
-                if (count == 0)
-                    count = rv;
-                break;
-            }
-        }
-
-        if ((unsigned)rv < (amount + 2)) {
-            /* Short write.  Save the data and return. */
-            if (ssl_SaveWriteData(ss, out + rv, amount + 2 - rv) ==
-                SECFailure) {
-                count = SECFailure;
-            } else {
-                count += amount;
-                ss->sec.sendSequence++;
-            }
-            break;
-        }
-
-        ss->sec.sendSequence++;
-        in += amount;
-        count += amount;
-        len -= amount;
-    }
-
-    return count;
-}
-
-/*
-** Send some data, when using a stream cipher. Stream ciphers have a
-** block size of 1. Package up the data with the length header
-** and send it.
-*/
-static PRInt32
-ssl2_SendStream(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags)
-{
-    PRUint8 *out;
-    int rv;
-    int count = 0;
-
-    int amount;
-    PRUint8 macLen;
-    int nout;
-    unsigned int buflen;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
-
-    SSL_TRC(10, ("%d: SSL[%d]: sending %d bytes using stream cipher",
-                 SSL_GETPID(), ss->fd, len));
-    PRINT_BUF(50, (ss, "clear data:", (PRUint8 *)in, len));
-
-    while (len) {
-        ssl_GetSpecReadLock(ss); /*************************************/
-
-        macLen = ss->sec.hash->length;
-        amount = PR_MIN(len, MAX_STREAM_CYPHER_LEN);
-        buflen = amount + 2 + macLen;
-        if (buflen > ss->sec.writeBuf.space) {
-            rv = sslBuffer_Grow(&ss->sec.writeBuf, buflen);
-            if (rv != SECSuccess) {
-                goto loser;
-            }
-        }
-        out = ss->sec.writeBuf.buf;
-        nout = amount + macLen;
-        out[0] = 0x80 | MSB(nout);
-        out[1] = LSB(nout);
-
-        /* Calculate MAC */
-        rv = ssl2_CalcMAC(out + 2, /* put MAC here */
-                          &ss->sec,
-                          in, amount, /* input addr & length */
-                          0);         /* no padding */
-        if (rv != SECSuccess)
-            goto loser;
-
-        /* Encrypt MAC */
-        rv = (*ss->sec.enc)(ss->sec.writecx, out + 2, &nout, macLen, out + 2, macLen);
-        if (rv)
-            goto loser;
-
-        /* Encrypt data from caller */
-        rv = (*ss->sec.enc)(ss->sec.writecx, out + 2 + macLen, &nout, amount, in, amount);
-        if (rv)
-            goto loser;
-
-        ssl_ReleaseSpecReadLock(ss); /*************************************/
-
-        PRINT_BUF(50, (ss, "encrypted data:", out, buflen));
-
-        rv = ssl_DefSend(ss, out, buflen, flags & ~ssl_SEND_FLAG_MASK);
-        if (rv < 0) {
-            if (PORT_GetError() == PR_WOULD_BLOCK_ERROR) {
-                SSL_TRC(50, ("%d: SSL[%d]: send stream would block, "
-                             "saving data",
-                             SSL_GETPID(), ss->fd));
-                rv = 0;
-            } else {
-                SSL_TRC(10, ("%d: SSL[%d]: send stream error %d",
-                             SSL_GETPID(), ss->fd, PORT_GetError()));
-                /* Return short write if some data already went out... */
-                if (count == 0)
-                    count = rv;
-                goto done;
-            }
-        }
-
-        if ((unsigned)rv < buflen) {
-            /* Short write.  Save the data and return. */
-            if (ssl_SaveWriteData(ss, out + rv, buflen - rv) == SECFailure) {
-                count = SECFailure;
-            } else {
-                count += amount;
-                ss->sec.sendSequence++;
-            }
-            goto done;
-        }
-
-        ss->sec.sendSequence++;
-        in += amount;
-        count += amount;
-        len -= amount;
-    }
-
-done:
-    return count;
-
-loser:
-    ssl_ReleaseSpecReadLock(ss);
-    return SECFailure;
-}
-
-/*
-** Send some data, when using a block cipher. Package up the data with
-** the length header and send it.
-*/
-/* XXX assumes blocksize is > 7 */
-static PRInt32
-ssl2_SendBlock(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags)
-{
-    PRUint8 *out;  /* begining of output buffer.    */
-    PRUint8 *op;   /* next output byte goes here.   */
-    int rv;        /* value from funcs we called.   */
-    int count = 0; /* this function's return value. */
-
-    unsigned int hlen;    /* output record hdr len, 2 or 3 */
-    unsigned int macLen;  /* MAC is this many bytes long.  */
-    int amount;           /* of plaintext to go in record. */
-    unsigned int padding; /* add this many padding byte.   */
-    int nout;             /* ciphertext size after header. */
-    unsigned int buflen;  /* size of generated record.     */
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
-
-    SSL_TRC(10, ("%d: SSL[%d]: sending %d bytes using block cipher",
-                 SSL_GETPID(), ss->fd, len));
-    PRINT_BUF(50, (ss, "clear data:", in, len));
-
-    while (len) {
-        ssl_GetSpecReadLock(ss); /*************************************/
-
-        macLen = ss->sec.hash->length;
-        /* Figure out how much to send, including mac and padding */
-        amount = PR_MIN(len, MAX_BLOCK_CYPHER_LEN);
-        nout = amount + macLen;
-        padding = nout & (ss->sec.blockSize - 1);
-        if (padding) {
-            hlen = 3;
-            padding = ss->sec.blockSize - padding;
-            nout += padding;
-        } else {
-            hlen = 2;
-        }
-        buflen = hlen + nout;
-        if (buflen > ss->sec.writeBuf.space) {
-            rv = sslBuffer_Grow(&ss->sec.writeBuf, buflen);
-            if (rv != SECSuccess) {
-                goto loser;
-            }
-        }
-        out = ss->sec.writeBuf.buf;
-
-        /* Construct header */
-        op = out;
-        if (padding) {
-            *op++ = MSB(nout);
-            *op++ = LSB(nout);
-            *op++ = padding;
-        } else {
-            *op++ = 0x80 | MSB(nout);
-            *op++ = LSB(nout);
-        }
-
-        /* Calculate MAC */
-        rv = ssl2_CalcMAC(op, /* MAC goes here. */
-                          &ss->sec,
-                          in, amount, /* intput addr, len */
-                          padding);
-        if (rv != SECSuccess)
-            goto loser;
-        op += macLen;
-
-        /* Copy in the input data */
-        /* XXX could eliminate the copy by folding it into the encryption */
-        PORT_Memcpy(op, in, amount);
-        op += amount;
-        if (padding) {
-            PORT_Memset(op, padding, padding);
-            op += padding;
-        }
-
-        /* Encrypt result */
-        rv = (*ss->sec.enc)(ss->sec.writecx, out + hlen, &nout, buflen - hlen,
-                            out + hlen, op - (out + hlen));
-        if (rv)
-            goto loser;
-
-        ssl_ReleaseSpecReadLock(ss); /*************************************/
-
-        PRINT_BUF(50, (ss, "final xmit data:", out, op - out));
-
-        rv = ssl_DefSend(ss, out, op - out, flags & ~ssl_SEND_FLAG_MASK);
-        if (rv < 0) {
-            if (PORT_GetError() == PR_WOULD_BLOCK_ERROR) {
-                rv = 0;
-            } else {
-                SSL_TRC(10, ("%d: SSL[%d]: send block error %d",
-                             SSL_GETPID(), ss->fd, PORT_GetError()));
-                /* Return short write if some data already went out... */
-                if (count == 0)
-                    count = rv;
-                goto done;
-            }
-        }
-
-        if (rv < (op - out)) {
-            /* Short write.  Save the data and return. */
-            if (ssl_SaveWriteData(ss, out + rv, op - out - rv) == SECFailure) {
-                count = SECFailure;
-            } else {
-                count += amount;
-                ss->sec.sendSequence++;
-            }
-            goto done;
-        }
-
-        ss->sec.sendSequence++;
-        in += amount;
-        count += amount;
-        len -= amount;
-    }
-
-done:
-    return count;
-
-loser:
-    ssl_ReleaseSpecReadLock(ss);
-    return SECFailure;
-}
-
-/*
-** Called from: ssl2_HandleServerHelloMessage,
-**              ssl2_HandleClientSessionKeyMessage,
-**              ssl2_HandleClientHelloMessage,
-**
-*/
-static void
-ssl2_UseEncryptedSendFunc(sslSocket *ss)
-{
-    ssl_GetXmitBufLock(ss);
-    PORT_Assert(ss->sec.hashcx != 0);
-
-    ss->gs.encrypted = 1;
-    ss->sec.send = (ss->sec.blockSize > 1) ? ssl2_SendBlock : ssl2_SendStream;
-    ssl_ReleaseXmitBufLock(ss);
-}
-
-/* Called while initializing socket in ssl_CreateSecurityInfo().
-** This function allows us to keep the name of ssl2_SendClear static.
-*/
-void
-ssl2_UseClearSendFunc(sslSocket *ss)
-{
-    ss->sec.send = ssl2_SendClear;
-}
-
-/************************************************************************
-**          END of Send functions.                          *
-*************************************************************************/
-
-/***********************************************************************
- * For SSL3, this gathers in and handles records/messages until either
- *  the handshake is complete or application data is available.
- *
- * For SSL2, this gathers in only the next SSLV2 record.
- *
- * Called from ssl_Do1stHandshake() via function pointer ss->handshake.
- * Caller must hold handshake lock.
- * This function acquires and releases the RecvBufLock.
- *
- * returns SECSuccess for success.
- * returns SECWouldBlock when that value is returned by ssl2_GatherRecord() or
- *  ssl3_GatherCompleteHandshake().
- * returns SECFailure on all other errors.
- *
- * The gather functions called by ssl_GatherRecord1stHandshake are expected
- *  to return values interpreted as follows:
- *  1 : the function completed without error.
- *  0 : the function read EOF.
- * -1 : read error, or PR_WOULD_BLOCK_ERROR, or handleRecord error.
- * -2 : the function wants ssl_GatherRecord1stHandshake to be called again
- *  immediately, by ssl_Do1stHandshake.
- *
- * This code is similar to, and easily confused with, DoRecv() in sslsecur.c
- *
- * This function is called from ssl_Do1stHandshake().
- * The following functions put ssl_GatherRecord1stHandshake into ss->handshake:
- *  ssl2_HandleMessage
- *  ssl2_HandleVerifyMessage
- *  ssl2_HandleServerHelloMessage
- *  ssl2_BeginClientHandshake
- *  ssl2_HandleClientSessionKeyMessage
- *  ssl3_RestartHandshakeAfterCertReq
- *  ssl3_RestartHandshakeAfterServerCert
- *  ssl2_HandleClientHelloMessage
- *  ssl2_BeginServerHandshake
- */
-SECStatus
-ssl_GatherRecord1stHandshake(sslSocket *ss)
-{
-    int rv;
-
-    PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss));
-
-    ssl_GetRecvBufLock(ss);
-
-    /* The special case DTLS logic is needed here because the SSL/TLS
-     * version wants to auto-detect SSL2 vs. SSL3 on the initial handshake
-     * (ss->version == 0) but with DTLS it gets confused, so we force the
-     * SSL3 version.
-     */
-    if ((ss->version >= SSL_LIBRARY_VERSION_3_0) || IS_DTLS(ss)) {
-        /* Wait for handshake to complete, or application data to arrive.  */
-        rv = ssl3_GatherCompleteHandshake(ss, 0);
-    } else {
-        /* See if we have a complete record */
-        rv = ssl2_GatherRecord(ss, 0);
-    }
-    SSL_TRC(10, ("%d: SSL[%d]: handshake gathering, rv=%d",
-                 SSL_GETPID(), ss->fd, rv));
-
-    ssl_ReleaseRecvBufLock(ss);
-
-    if (rv <= 0) {
-        if (rv == SECWouldBlock) {
-            /* Progress is blocked waiting for callback completion.  */
-            SSL_TRC(10, ("%d: SSL[%d]: handshake blocked (need %d)",
-                         SSL_GETPID(), ss->fd, ss->gs.remainder));
-            return SECWouldBlock;
-        }
-        if (rv == 0) {
-            /* EOF. Loser  */
-            PORT_SetError(PR_END_OF_FILE_ERROR);
-        }
-        return SECFailure; /* rv is < 0 here. */
-    }
-
-    SSL_TRC(10, ("%d: SSL[%d]: got handshake record of %d bytes",
-                 SSL_GETPID(), ss->fd, ss->gs.recordLen));
-
-    ss->handshake = 0; /* makes ssl_Do1stHandshake call ss->nextHandshake.*/
-    return SECSuccess;
-}
-
-/************************************************************************/
-
-/* Called from ssl2_ServerSetupSessionCypher()
- *             ssl2_ClientSetupSessionCypher()
- */
-static SECStatus
-ssl2_FillInSID(sslSessionID *sid,
-               int cipher,
-               PRUint8 *keyData,
-               int keyLen,
-               PRUint8 *ca,
-               int caLen,
-               int keyBits,
-               int secretKeyBits,
-               SSLSignType authAlgorithm,
-               PRUint32 authKeyBits,
-               SSLKEAType keaType,
-               PRUint32 keaKeyBits)
-{
-    PORT_Assert(sid->references == 1);
-    PORT_Assert(sid->cached == never_cached);
-    PORT_Assert(sid->u.ssl2.masterKey.data == 0);
-    PORT_Assert(sid->u.ssl2.cipherArg.data == 0);
-
-    sid->version = SSL_LIBRARY_VERSION_2;
-
-    sid->u.ssl2.cipherType = cipher;
-    sid->u.ssl2.masterKey.data = (PRUint8 *)PORT_Alloc(keyLen);
-    if (!sid->u.ssl2.masterKey.data) {
-        return SECFailure;
-    }
-    PORT_Memcpy(sid->u.ssl2.masterKey.data, keyData, keyLen);
-    sid->u.ssl2.masterKey.len = keyLen;
-    sid->u.ssl2.keyBits = keyBits;
-    sid->u.ssl2.secretKeyBits = secretKeyBits;
-    sid->authAlgorithm = authAlgorithm;
-    sid->authKeyBits = authKeyBits;
-    sid->keaType = keaType;
-    sid->keaKeyBits = keaKeyBits;
-    sid->lastAccessTime = sid->creationTime = ssl_Time();
-    sid->expirationTime = sid->creationTime + ssl_sid_timeout;
-
-    if (caLen) {
-        sid->u.ssl2.cipherArg.data = (PRUint8 *)PORT_Alloc(caLen);
-        if (!sid->u.ssl2.cipherArg.data) {
-            return SECFailure;
-        }
-        sid->u.ssl2.cipherArg.len = caLen;
-        PORT_Memcpy(sid->u.ssl2.cipherArg.data, ca, caLen);
-    }
-    return SECSuccess;
-}
-
-/*
-** Construct session keys given the masterKey (tied to the session-id),
-** the client's challenge and the server's nonce.
-**
-** Called from ssl2_CreateSessionCypher() <-
-*/
-static SECStatus
-ssl2_ProduceKeys(sslSocket *ss,
-                 SECItem *readKey,
-                 SECItem *writeKey,
-                 SECItem *masterKey,
-                 PRUint8 *challenge,
-                 PRUint8 *nonce,
-                 int cipherType)
-{
-    PK11Context *cx = 0;
-    unsigned nkm = 0; /* number of hashes to generate key mat. */
-    unsigned nkd = 0; /* size of readKey and writeKey. */
-    unsigned part;
-    unsigned i;
-    unsigned off;
-    SECStatus rv;
-    PRUint8 countChar;
-    PRUint8 km[3 * 16]; /* buffer for key material. */
-
-    readKey->data = 0;
-    writeKey->data = 0;
-
-    PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss));
-
-    rv = SECSuccess;
-    cx = PK11_CreateDigestContext(SEC_OID_MD5);
-    if (cx == NULL) {
-        ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
-        return SECFailure;
-    }
-
-    nkm = ssl_Specs[cipherType].nkm;
-    nkd = ssl_Specs[cipherType].nkd;
-
-    readKey->data = (PRUint8 *)PORT_Alloc(nkd);
-    if (!readKey->data)
-        goto loser;
-    readKey->len = nkd;
-
-    writeKey->data = (PRUint8 *)PORT_Alloc(nkd);
-    if (!writeKey->data)
-        goto loser;
-    writeKey->len = nkd;
-
-    /* Produce key material */
-    countChar = '0';
-    for (i = 0, off = 0; i < nkm; i++, off += 16) {
-        rv = PK11_DigestBegin(cx);
-        rv |= PK11_DigestOp(cx, masterKey->data, masterKey->len);
-        rv |= PK11_DigestOp(cx, &countChar, 1);
-        rv |= PK11_DigestOp(cx, challenge, SSL_CHALLENGE_BYTES);
-        rv |= PK11_DigestOp(cx, nonce, SSL_CONNECTIONID_BYTES);
-        rv |= PK11_DigestFinal(cx, km + off, &part, MD5_LENGTH);
-        if (rv != SECSuccess) {
-            ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
-            rv = SECFailure;
-            goto loser;
-        }
-        countChar++;
-    }
-
-    /* Produce keys */
-    PORT_Memcpy(readKey->data, km, nkd);
-    PORT_Memcpy(writeKey->data, km + nkd, nkd);
-
-loser:
-    PK11_DestroyContext(cx, PR_TRUE);
-    return rv;
-}
-
-/* Called from ssl2_ServerSetupSessionCypher()
-**                  <- ssl2_HandleClientSessionKeyMessage()
-**                          <- ssl2_HandleClientHelloMessage()
-** and from    ssl2_ClientSetupSessionCypher()
-**                  <- ssl2_HandleServerHelloMessage()
-*/
-static SECStatus
-ssl2_CreateSessionCypher(sslSocket *ss, sslSessionID *sid, PRBool isClient)
-{
-    SECItem *rk = NULL;
-    SECItem *wk = NULL;
-    SECItem *param;
-    SECStatus rv;
-    int cipherType = sid->u.ssl2.cipherType;
-    PK11SlotInfo *slot = NULL;
-    CK_MECHANISM_TYPE mechanism;
-    SECItem readKey;
-    SECItem writeKey;
-
-    void *readcx = 0;
-    void *writecx = 0;
-    readKey.data = 0;
-    writeKey.data = 0;
-
-    PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss));
-    if (ss->sec.ci.sid == 0)
-        goto sec_loser; /* don't crash if asserts are off */
-
-    /* Trying to cut down on all these switch statements that should be tables.
-     * So, test cipherType once, here, and then use tables below.
-     */
-    switch (cipherType) {
-        case SSL_CK_RC4_128_EXPORT40_WITH_MD5:
-        case SSL_CK_RC4_128_WITH_MD5:
-        case SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5:
-        case SSL_CK_RC2_128_CBC_WITH_MD5:
-        case SSL_CK_DES_64_CBC_WITH_MD5:
-        case SSL_CK_DES_192_EDE3_CBC_WITH_MD5:
-            break;
-
-        default:
-            SSL_DBG(("%d: SSL[%d]: ssl2_CreateSessionCypher: unknown cipher=%d",
-                     SSL_GETPID(), ss->fd, cipherType));
-            PORT_SetError(isClient ? SSL_ERROR_BAD_SERVER : SSL_ERROR_BAD_CLIENT);
-            goto sec_loser;
-    }
-
-    rk = isClient ? &readKey : &writeKey;
-    wk = isClient ? &writeKey : &readKey;
-
-    /* Produce the keys for this session */
-    rv = ssl2_ProduceKeys(ss, &readKey, &writeKey, &sid->u.ssl2.masterKey,
-                          ss->sec.ci.clientChallenge, ss->sec.ci.connectionID,
-                          cipherType);
-    if (rv != SECSuccess)
-        goto loser;
-    PRINT_BUF(7, (ss, "Session read-key: ", rk->data, rk->len));
-    PRINT_BUF(7, (ss, "Session write-key: ", wk->data, wk->len));
-
-    PORT_Memcpy(ss->sec.ci.readKey, readKey.data, readKey.len);
-    PORT_Memcpy(ss->sec.ci.writeKey, writeKey.data, writeKey.len);
-    ss->sec.ci.keySize = readKey.len;
-
-    /* Setup the MAC */
-    rv = ssl2_CreateMAC(&ss->sec, rk, wk, cipherType);
-    if (rv != SECSuccess)
-        goto loser;
-
-    /* First create the session key object */
-    SSL_TRC(3, ("%d: SSL[%d]: using %s", SSL_GETPID(), ss->fd,
-                ssl_cipherName[cipherType]));
-
-    mechanism = ssl_Specs[cipherType].mechanism;
-
-    /* set destructer before we call loser... */
-    ss->sec.destroy = (void (*)(void *, PRBool))PK11_DestroyContext;
-    slot = PK11_GetBestSlot(mechanism, ss->pkcs11PinArg);
-    if (slot == NULL)
-        goto loser;
-
-    param = PK11_ParamFromIV(mechanism, &sid->u.ssl2.cipherArg);
-    if (param == NULL)
-        goto loser;
-    readcx = PK11_CreateContextByRawKey(slot, mechanism, PK11_OriginUnwrap,
-                                        CKA_DECRYPT, rk, param,
-                                        ss->pkcs11PinArg);
-    SECITEM_FreeItem(param, PR_TRUE);
-    if (readcx == NULL)
-        goto loser;
-
-    /* build the client context */
-    param = PK11_ParamFromIV(mechanism, &sid->u.ssl2.cipherArg);
-    if (param == NULL)
-        goto loser;
-    writecx = PK11_CreateContextByRawKey(slot, mechanism, PK11_OriginUnwrap,
-                                         CKA_ENCRYPT, wk, param,
-                                         ss->pkcs11PinArg);
-    SECITEM_FreeItem(param, PR_TRUE);
-    if (writecx == NULL)
-        goto loser;
-    PK11_FreeSlot(slot);
-
-    rv = SECSuccess;
-    ss->sec.enc = (SSLCipher)PK11_CipherOp;
-    ss->sec.dec = (SSLCipher)PK11_CipherOp;
-    ss->sec.readcx = (void *)readcx;
-    ss->sec.writecx = (void *)writecx;
-    ss->sec.blockSize = ssl_Specs[cipherType].blockSize;
-    ss->sec.blockShift = ssl_Specs[cipherType].blockShift;
-    ss->sec.cipherType = sid->u.ssl2.cipherType;
-    ss->sec.keyBits = sid->u.ssl2.keyBits;
-    ss->sec.secretKeyBits = sid->u.ssl2.secretKeyBits;
-    goto done;
-
-loser:
-    if (ss->sec.destroy) {
-        if (readcx)
-            (*ss->sec.destroy)(readcx, PR_TRUE);
-        if (writecx)
-            (*ss->sec.destroy)(writecx, PR_TRUE);
-    }
-    ss->sec.destroy = NULL;
-    if (slot)
-        PK11_FreeSlot(slot);
-
-sec_loser:
-    rv = SECFailure;
-
-done:
-    if (rk) {
-        SECITEM_ZfreeItem(rk, PR_FALSE);
-    }
-    if (wk) {
-        SECITEM_ZfreeItem(wk, PR_FALSE);
-    }
-    return rv;
-}
-
-/*
-** Setup the server ciphers given information from a CLIENT-MASTER-KEY
-** message.
-**  "ss"      pointer to the ssl-socket object
-**  "cipher"  the cipher type to use
-**  "keyBits" the size of the final cipher key
-**  "ck"      the clear-key data
-**  "ckLen"   the number of bytes of clear-key data
-**  "ek"      the encrypted-key data
-**  "ekLen"   the number of bytes of encrypted-key data
-**  "ca"      the cipher-arg data
-**  "caLen"   the number of bytes of cipher-arg data
-**
-** The MASTER-KEY is constructed by first decrypting the encrypted-key
-** data. This produces the SECRET-KEY-DATA. The MASTER-KEY is composed by
-** concatenating the clear-key data with the SECRET-KEY-DATA. This code
-** checks to make sure that the client didn't send us an improper amount
-** of SECRET-KEY-DATA (it restricts the length of that data to match the
-** spec).
-**
-** Called from ssl2_HandleClientSessionKeyMessage().
-*/
-static SECStatus
-ssl2_ServerSetupSessionCypher(sslSocket *ss, int cipher, unsigned int keyBits,
-                              PRUint8 *ck, unsigned int ckLen,
-                              PRUint8 *ek, unsigned int ekLen,
-                              PRUint8 *ca, unsigned int caLen)
-{
-    PRUint8 *dk = NULL; /* decrypted master key */
-    sslSessionID *sid;
-    sslServerCerts *sc = ss->serverCerts + kt_rsa;
-    PRUint8 *kbuf = 0;  /* buffer for RSA decrypted data. */
-    unsigned int ddLen; /* length of RSA decrypted data in kbuf */
-    unsigned int keySize;
-    unsigned int dkLen; /* decrypted key length in bytes */
-    int modulusLen;
-    SECStatus rv;
-    PRUint16 allowed; /* cipher kinds enabled and allowed by policy */
-    PRUint8 mkbuf[SSL_MAX_MASTER_KEY_BYTES];
-
-    PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-    PORT_Assert((sc->SERVERKEY != 0));
-    PORT_Assert((ss->sec.ci.sid != 0));
-    sid = ss->sec.ci.sid;
-
-    /* Trying to cut down on all these switch statements that should be tables.
-     * So, test cipherType once, here, and then use tables below.
-     */
-    switch (cipher) {
-        case SSL_CK_RC4_128_EXPORT40_WITH_MD5:
-        case SSL_CK_RC4_128_WITH_MD5:
-        case SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5:
-        case SSL_CK_RC2_128_CBC_WITH_MD5:
-        case SSL_CK_DES_64_CBC_WITH_MD5:
-        case SSL_CK_DES_192_EDE3_CBC_WITH_MD5:
-            break;
-
-        default:
-            SSL_DBG(("%d: SSL[%d]: ssl2_ServerSetupSessionCypher: unknown cipher=%d",
-                     SSL_GETPID(), ss->fd, cipher));
-            PORT_SetError(SSL_ERROR_BAD_CLIENT);
-            goto loser;
-    }
-
-    allowed = ss->allowedByPolicy & ss->chosenPreference & SSL_CB_IMPLEMENTED;
-    if (!(allowed & (1 << cipher))) {
-        /* client chose a kind we don't allow! */
-        SSL_DBG(("%d: SSL[%d]: disallowed cipher=%d",
-                 SSL_GETPID(), ss->fd, cipher));
-        PORT_SetError(SSL_ERROR_BAD_CLIENT);
-        goto loser;
-    }
-
-    keySize = ssl_Specs[cipher].keyLen;
-    if (keyBits != keySize * BPB) {
-        SSL_DBG(("%d: SSL[%d]: invalid master secret key length=%d (bits)!",
-                 SSL_GETPID(), ss->fd, keyBits));
-        PORT_SetError(SSL_ERROR_BAD_CLIENT);
-        goto loser;
-    }
-
-    if (ckLen != ssl_Specs[cipher].pubLen) {
-        SSL_DBG(("%d: SSL[%d]: invalid clear key length, ckLen=%d (bytes)!",
-                 SSL_GETPID(), ss->fd, ckLen));
-        PORT_SetError(SSL_ERROR_BAD_CLIENT);
-        goto loser;
-    }
-
-    if (caLen != ssl_Specs[cipher].ivLen) {
-        SSL_DBG(("%d: SSL[%d]: invalid key args length, caLen=%d (bytes)!",
-                 SSL_GETPID(), ss->fd, caLen));
-        PORT_SetError(SSL_ERROR_BAD_CLIENT);
-        goto loser;
-    }
-
-    modulusLen = PK11_GetPrivateModulusLen(sc->SERVERKEY);
-    if (modulusLen < 0) {
-        /* XXX If the key is bad, then PK11_PubDecryptRaw will fail below. */
-        modulusLen = ekLen;
-    }
-    if (ekLen > (unsigned int)modulusLen || ekLen + ckLen < keySize) {
-        SSL_DBG(("%d: SSL[%d]: invalid encrypted key length, ekLen=%d (bytes)!",
-                 SSL_GETPID(), ss->fd, ekLen));
-        PORT_SetError(SSL_ERROR_BAD_CLIENT);
-        goto loser;
-    }
-
-    /* allocate the buffer to hold the decrypted portion of the key. */
-    kbuf = (PRUint8 *)PORT_Alloc(modulusLen);
-    if (!kbuf) {
-        goto loser;
-    }
-    dkLen = keySize - ckLen;
-    dk = kbuf + modulusLen - dkLen;
-
-    /* Decrypt encrypted half of the key.
-    ** NOTE: PK11_PubDecryptRaw will barf on a non-RSA key. This is
-    ** desired behavior here.
-    */
-    rv = PK11_PubDecryptRaw(sc->SERVERKEY, kbuf, &ddLen, modulusLen, ek, ekLen);
-    if (rv != SECSuccess)
-        goto hide_loser;
-
-    /* Is the length of the decrypted data (ddLen) the expected value? */
-    if (modulusLen != ddLen)
-        goto hide_loser;
-
-    /* Cheaply verify that PKCS#1 was used to format the encryption block */
-    if ((kbuf[0] != 0x00) || (kbuf[1] != 0x02) || (dk[-1] != 0x00)) {
-        SSL_DBG(("%d: SSL[%d]: strange encryption block",
-                 SSL_GETPID(), ss->fd));
-        PORT_SetError(SSL_ERROR_BAD_CLIENT);
-        goto hide_loser;
-    }
-
-    /* Make sure we're not subject to a version rollback attack. */
-    if (!SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) {
-        static const PRUint8 threes[8] = { 0x03, 0x03, 0x03, 0x03,
-                                           0x03, 0x03, 0x03, 0x03 };
-
-        if (PORT_Memcmp(dk - 8 - 1, threes, 8) == 0) {
-            PORT_SetError(SSL_ERROR_BAD_CLIENT);
-            goto hide_loser;
-        }
-    }
-    if (0) {
-    hide_loser:
-        /* Defense against the Bleichenbacher attack.
-         * Provide the client with NO CLUES that the decrypted master key
-         * was erroneous.  Don't send any error messages.
-         * Instead, Generate a completely bogus master key .
-         */
-        PK11_GenerateRandom(dk, dkLen);
-    }
-
-    /*
-    ** Construct master key out of the pieces.
-    */
-    if (ckLen) {
-        PORT_Memcpy(mkbuf, ck, ckLen);
-    }
-    PORT_Memcpy(mkbuf + ckLen, dk, dkLen);
-
-    /* Fill in session-id */
-    rv = ssl2_FillInSID(sid, cipher, mkbuf, keySize, ca, caLen,
-                        keyBits, keyBits - (ckLen << 3),
-                        ss->sec.authAlgorithm, ss->sec.authKeyBits,
-                        ss->sec.keaType, ss->sec.keaKeyBits);
-    if (rv != SECSuccess) {
-        goto loser;
-    }
-
-    /* Create session ciphers */
-    rv = ssl2_CreateSessionCypher(ss, sid, PR_FALSE);
-    if (rv != SECSuccess) {
-        goto loser;
-    }
-
-    SSL_TRC(1, ("%d: SSL[%d]: server, using %s cipher, clear=%d total=%d",
-                SSL_GETPID(), ss->fd, ssl_cipherName[cipher],
-                ckLen << 3, keySize << 3));
-    rv = SECSuccess;
-    goto done;
-
-loser:
-    rv = SECFailure;
-
-done:
-    PORT_Free(kbuf);
-    return rv;
-}
-
-/************************************************************************/
-
-/*
-** Rewrite the incoming cipher specs, comparing to list of specs we support,
-** (ss->cipherSpecs) and eliminating anything we don't support
-**
-*  Note: Our list may contain SSL v3 ciphers.
-*  We MUST NOT match on any of those.
-*  Fortunately, this is easy to detect because SSLv3 ciphers have zero
-*  in the first byte, and none of the SSLv2 ciphers do.
-*
-*  Called from ssl2_HandleClientHelloMessage().
-*  Returns the number of bytes of "qualified cipher specs",
-*  which is typically a multiple of 3, but will be zero if there are none.
-*/
-static int
-ssl2_QualifyCypherSpecs(sslSocket *ss,
-                        PRUint8 *cs, /* cipher specs in client hello msg. */
-                        int csLen)
-{
-    PRUint8 *ms;
-    PRUint8 *hs;
-    PRUint8 *qs;
-    int mc;
-    int hc;
-    PRUint8 qualifiedSpecs[ssl2_NUM_SUITES_IMPLEMENTED * 3];
-
-    PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-
-    if (!ss->cipherSpecs) {
-        SECStatus rv = ssl2_ConstructCipherSpecs(ss);
-        if (rv != SECSuccess || !ss->cipherSpecs)
-            return 0;
-    }
-
-    PRINT_BUF(10, (ss, "specs from client:", cs, csLen));
-    qs = qualifiedSpecs;
-    ms = ss->cipherSpecs;
-    for (mc = ss->sizeCipherSpecs; mc > 0; mc -= 3, ms += 3) {
-        if (ms[0] == 0)
-            continue;
-        for (hs = cs, hc = csLen; hc > 0; hs += 3, hc -= 3) {
-            if ((hs[0] == ms[0]) &&
-                (hs[1] == ms[1]) &&
-                (hs[2] == ms[2])) {
-                /* Copy this cipher spec into the "keep" section */
-                qs[0] = hs[0];
-                qs[1] = hs[1];
-                qs[2] = hs[2];
-                qs += 3;
-                break;
-            }
-        }
-    }
-    hc = qs - qualifiedSpecs;
-    PRINT_BUF(10, (ss, "qualified specs from client:", qualifiedSpecs, hc));
-    PORT_Memcpy(cs, qualifiedSpecs, hc);
-    return hc;
-}
-
-/*
-** Pick the best cipher we can find, given the array of server cipher
-** specs.  Returns cipher number (e.g. SSL_CK_*), or -1 for no overlap.
-** If successful, stores the master key size (bytes) in *pKeyLen.
-**
-** This is correct only for the client side, but presently
-** this function is only called from
-**  ssl2_ClientSetupSessionCypher() <- ssl2_HandleServerHelloMessage()
-**
-** Note that most servers only return a single cipher suite in their
-** ServerHello messages.  So, the code below for finding the "best" cipher
-** suite usually has only one choice.  The client and server should send
-** their cipher suite lists sorted in descending order by preference.
-*/
-static int
-ssl2_ChooseSessionCypher(sslSocket *ss,
-                         int hc,       /* number of cs's in hs. */
-                         PRUint8 *hs,  /* server hello's cipher suites. */
-                         int *pKeyLen) /* out: sym key size in bytes. */
-{
-    PRUint8 *ms;
-    unsigned int i;
-    int bestKeySize;
-    int bestRealKeySize;
-    int bestCypher;
-    int keySize;
-    int realKeySize;
-    PRUint8 *ohs = hs;
-    const PRUint8 *preferred;
-    static const PRUint8 noneSuch[3] = { 0, 0, 0 };
-
-    PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-
-    if (!ss->cipherSpecs) {
-        SECStatus rv = ssl2_ConstructCipherSpecs(ss);
-        if (rv != SECSuccess || !ss->cipherSpecs)
-            goto loser;
-    }
-
-    if (!ss->preferredCipher) {
-        unsigned int allowed = ss->allowedByPolicy & ss->chosenPreference &
-                               SSL_CB_IMPLEMENTED;
-        if (allowed) {
-            preferred = implementedCipherSuites;
-            for (i = ssl2_NUM_SUITES_IMPLEMENTED; i > 0; --i) {
-                if (0 != (allowed & (1U << preferred[0]))) {
-                    ss->preferredCipher = preferred;
-                    break;
-                }
-                preferred += 3;
-            }
-        }
-    }
-    preferred = ss->preferredCipher ? ss->preferredCipher : noneSuch;
-    /*
-    ** Scan list of ciphers received from peer and look for a match in
-    ** our list.
-    *  Note: Our list may contain SSL v3 ciphers.
-    *  We MUST NOT match on any of those.
-    *  Fortunately, this is easy to detect because SSLv3 ciphers have zero
-    *  in the first byte, and none of the SSLv2 ciphers do.
-    */
-    bestKeySize = bestRealKeySize = 0;
-    bestCypher = -1;
-    while (--hc >= 0) {
-        for (i = 0, ms = ss->cipherSpecs; i < ss->sizeCipherSpecs; i += 3, ms += 3) {
-            if ((hs[0] == preferred[0]) &&
-                (hs[1] == preferred[1]) &&
-                (hs[2] == preferred[2]) &&
-                hs[0] != 0) {
-                /* Pick this cipher immediately! */
-                *pKeyLen = (((hs[1] << 8) | hs[2]) + 7) >> 3;
-                return hs[0];
-            }
-            if ((hs[0] == ms[0]) && (hs[1] == ms[1]) && (hs[2] == ms[2]) &&
-                hs[0] != 0) {
-                /* Found a match */
-
-                /* Use secret keySize to determine which cipher is best */
-                realKeySize = (hs[1] << 8) | hs[2];
-                switch (hs[0]) {
-                    case SSL_CK_RC4_128_EXPORT40_WITH_MD5:
-                    case SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5:
-                        keySize = 40;
-                        break;
-                    default:
-                        keySize = realKeySize;
-                        break;
-                }
-                if (keySize > bestKeySize) {
-                    bestCypher = hs[0];
-                    bestKeySize = keySize;
-                    bestRealKeySize = realKeySize;
-                }
-            }
-        }
-        hs += 3;
-    }
-    if (bestCypher < 0) {
-        /*
-        ** No overlap between server and client. Re-examine server list
-        ** to see what kind of ciphers it does support so that we can set
-        ** the error code appropriately.
-        */
-        if ((ohs[0] == SSL_CK_RC4_128_WITH_MD5) ||
-            (ohs[0] == SSL_CK_RC2_128_CBC_WITH_MD5)) {
-            PORT_SetError(SSL_ERROR_US_ONLY_SERVER);
-        } else if ((ohs[0] == SSL_CK_RC4_128_EXPORT40_WITH_MD5) ||
-                   (ohs[0] == SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5)) {
-            PORT_SetError(SSL_ERROR_EXPORT_ONLY_SERVER);
-        } else {
-            PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
-        }
-        SSL_DBG(("%d: SSL[%d]: no cipher overlap", SSL_GETPID(), ss->fd));
-        goto loser;
-    }
-    *pKeyLen = (bestRealKeySize + 7) >> 3;
-    return bestCypher;
-
-loser:
-    return -1;
-}
-
-static SECStatus
-ssl2_ClientHandleServerCert(sslSocket *ss, PRUint8 *certData, int certLen)
-{
-    CERTCertificate *cert = NULL;
-    SECItem certItem;
-
-    certItem.data = certData;
-    certItem.len = certLen;
-
-    /* decode the certificate */
-    cert = CERT_NewTempCertificate(ss->dbHandle, &certItem, NULL,
-                                   PR_FALSE, PR_TRUE);
-
-    if (cert == NULL) {
-        SSL_DBG(("%d: SSL[%d]: decode of server certificate fails",
-                 SSL_GETPID(), ss->fd));
-        PORT_SetError(SSL_ERROR_BAD_CERTIFICATE);
-        return SECFailure;
-    }
-
-#ifdef TRACE
-    {
-        if (ssl_trace >= 1) {
-            char *issuer;
-            char *subject;
-            issuer = CERT_NameToAscii(&cert->issuer);
-            subject = CERT_NameToAscii(&cert->subject);
-            SSL_TRC(1, ("%d: server certificate issuer: '%s'",
-                        SSL_GETPID(), issuer ? issuer : "OOPS"));
-            SSL_TRC(1, ("%d: server name: '%s'",
-                        SSL_GETPID(), subject ? subject : "OOPS"));
-            PORT_Free(issuer);
-            PORT_Free(subject);
-        }
-    }
-#endif
-
-    ss->sec.peerCert = cert;
-    return SECSuccess;
-}
-
-/*
- * Format one block of data for public/private key encryption using
- * the rules defined in PKCS #1. SSL2 does this itself to handle the
- * rollback detection.
- */
-#define RSA_BLOCK_MIN_PAD_LEN 8
-#define RSA_BLOCK_FIRST_OCTET 0x00
-#define RSA_BLOCK_AFTER_PAD_OCTET 0x00
-#define RSA_BLOCK_PUBLIC_OCTET 0x02
-unsigned char *
-ssl_FormatSSL2Block(unsigned modulusLen, SECItem *data)
-{
-    unsigned char *block;
-    unsigned char *bp;
-    int padLen;
-    SECStatus rv;
-    int i;
-
-    if (modulusLen < data->len + (3 + RSA_BLOCK_MIN_PAD_LEN)) {
-        PORT_SetError(SEC_ERROR_BAD_KEY);
-        return NULL;
-    }
-    block = (unsigned char *)PORT_Alloc(modulusLen);
-    if (block == NULL)
-        return NULL;
-
-    bp = block;
-
-    /*
-     * All RSA blocks start with two octets:
-     *  0x00 || BlockType
-     */
-    *bp++ = RSA_BLOCK_FIRST_OCTET;
-    *bp++ = RSA_BLOCK_PUBLIC_OCTET;
-
-    /*
-     * 0x00 || BT || Pad || 0x00 || ActualData
-     *   1      1   padLen    1      data->len
-     * Pad is all non-zero random bytes.
-     */
-    padLen = modulusLen - data->len - 3;
-    PORT_Assert(padLen >= RSA_BLOCK_MIN_PAD_LEN);
-    rv = PK11_GenerateRandom(bp, padLen);
-    if (rv == SECFailure)
-        goto loser;
-    /* replace all the 'zero' bytes */
-    for (i = 0; i < padLen; i++) {
-        while (bp[i] == RSA_BLOCK_AFTER_PAD_OCTET) {
-            rv = PK11_GenerateRandom(bp + i, 1);
-            if (rv == SECFailure)
-                goto loser;
-        }
-    }
-    bp += padLen;
-    *bp++ = RSA_BLOCK_AFTER_PAD_OCTET;
-    PORT_Memcpy(bp, data->data, data->len);
-
-    return block;
-loser:
-    if (block)
-        PORT_Free(block);
-    return NULL;
-}
-
-/*
-** Given the server's public key and cipher specs, generate a session key
-** that is ready to use for encrypting/decrypting the byte stream. At
-** the same time, generate the SSL_MT_CLIENT_MASTER_KEY message and
-** send it to the server.
-**
-** Called from ssl2_HandleServerHelloMessage()
-*/
-static SECStatus
-ssl2_ClientSetupSessionCypher(sslSocket *ss, PRUint8 *cs, int csLen)
-{
-    sslSessionID *sid;
-    PRUint8 *ca; /* points to iv data, or NULL if none. */
-    PRUint8 *ekbuf = 0;
-    CERTCertificate *cert = 0;
-    SECKEYPublicKey *serverKey = 0;
-    unsigned modulusLen = 0;
-    SECStatus rv;
-    int cipher;
-    int keyLen; /* cipher symkey size in bytes. */
-    int ckLen;  /* publicly reveal this many bytes of key. */
-    int caLen;  /* length of IV data at *ca.    */
-    int nc;
-
-    unsigned char *eblock; /* holds unencrypted PKCS#1 formatted key. */
-    SECItem rek;           /* holds portion of symkey to be encrypted. */
-
-    PRUint8 keyData[SSL_MAX_MASTER_KEY_BYTES];
-    PRUint8 iv[8];
-
-    PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss));
-
-    eblock = NULL;
-
-    sid = ss->sec.ci.sid;
-    PORT_Assert(sid != 0);
-
-    cert = ss->sec.peerCert;
-
-    serverKey = CERT_ExtractPublicKey(cert);
-    if (!serverKey) {
-        SSL_DBG(("%d: SSL[%d]: extract public key failed: error=%d",
-                 SSL_GETPID(), ss->fd, PORT_GetError()));
-        PORT_SetError(SSL_ERROR_BAD_CERTIFICATE);
-        rv = SECFailure;
-        goto loser2;
-    }
-
-    ss->sec.authAlgorithm = ssl_sign_rsa;
-    ss->sec.keaType = ssl_kea_rsa;
-    ss->sec.keaKeyBits =
-        ss->sec.authKeyBits = SECKEY_PublicKeyStrengthInBits(serverKey);
-
-    /* Choose a compatible cipher with the server */
-    nc = csLen / 3;
-    cipher = ssl2_ChooseSessionCypher(ss, nc, cs, &keyLen);
-    if (cipher < 0) {
-        /* ssl2_ChooseSessionCypher has set error code. */
-        ssl2_SendErrorMessage(ss, SSL_PE_NO_CYPHERS);
-        goto loser;
-    }
-
-    /* Generate the random keys */
-    PK11_GenerateRandom(keyData, sizeof(keyData));
-
-    /*
-    ** Next, carve up the keys into clear and encrypted portions. The
-    ** clear data is taken from the start of keyData and the encrypted
-    ** portion from the remainder. Note that each of these portions is
-    ** carved in half, one half for the read-key and one for the
-    ** write-key.
-    */
-    ca = 0;
-
-    /* We know that cipher is a legit value here, because
-     * ssl2_ChooseSessionCypher doesn't return bogus values.
-     */
-    ckLen = ssl_Specs[cipher].pubLen; /* cleartext key length. */
-    caLen = ssl_Specs[cipher].ivLen;  /* IV length.     */
-    if (caLen) {
-        PORT_Assert(sizeof iv >= caLen);
-        PK11_GenerateRandom(iv, caLen);
-        ca = iv;
-    }
-
-    /* Fill in session-id */
-    rv = ssl2_FillInSID(sid, cipher, keyData, keyLen,
-                        ca, caLen, keyLen << 3, (keyLen - ckLen) << 3,
-                        ss->sec.authAlgorithm, ss->sec.authKeyBits,
-                        ss->sec.keaType, ss->sec.keaKeyBits);
-    if (rv != SECSuccess) {
-        goto loser;
-    }
-
-    SSL_TRC(1, ("%d: SSL[%d]: client, using %s cipher, clear=%d total=%d",
-                SSL_GETPID(), ss->fd, ssl_cipherName[cipher],
-                ckLen << 3, keyLen << 3));
-
-    /* Now setup read and write ciphers */
-    rv = ssl2_CreateSessionCypher(ss, sid, PR_TRUE);
-    if (rv != SECSuccess) {
-        goto loser;
-    }
-
-    /*
-    ** Fill in the encryption buffer with some random bytes. Then
-    ** copy in the portion of the session key we are encrypting.
-    */
-    modulusLen = SECKEY_PublicKeyStrength(serverKey);
-    rek.data = keyData + ckLen;
-    rek.len = keyLen - ckLen;
-    eblock = ssl_FormatSSL2Block(modulusLen, &rek);
-    if (eblock == NULL)
-        goto loser;
-
-    /* Set up the padding for version 2 rollback detection. */
-    /* XXX We should really use defines here */
-    if (!SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) {
-        PORT_Assert((modulusLen - rek.len) > 12);
-        PORT_Memset(eblock + modulusLen - rek.len - 8 - 1, 0x03, 8);
-    }
-    ekbuf = (PRUint8 *)PORT_Alloc(modulusLen);
-    if (!ekbuf)
-        goto loser;
-    PRINT_BUF(10, (ss, "master key encryption block:",
-                   eblock, modulusLen));
-
-    /* Encrypt ekitem */
-    rv = PK11_PubEncryptRaw(serverKey, ekbuf, eblock, modulusLen,
-                            ss->pkcs11PinArg);
-    if (rv)
-        goto loser;
-
-    /*  Now we have everything ready to send */
-    rv = ssl2_SendSessionKeyMessage(ss, cipher, keyLen << 3, ca, caLen,
-                                    keyData, ckLen, ekbuf, modulusLen);
-    if (rv != SECSuccess) {
-        goto loser;
-    }
-    rv = SECSuccess;
-    goto done;
-
-loser:
-    rv = SECFailure;
-
-loser2:
-done:
-    PORT_Memset(keyData, 0, sizeof(keyData));
-    PORT_ZFree(ekbuf, modulusLen);
-    PORT_ZFree(eblock, modulusLen);
-    SECKEY_DestroyPublicKey(serverKey);
-    return rv;
-}
-
-/************************************************************************/
-
-/*
- * Called from ssl2_HandleMessage in response to SSL_MT_SERVER_FINISHED message.
- * Caller holds recvBufLock and handshakeLock
- */
-static void
-ssl2_ClientRegSessionID(sslSocket *ss, PRUint8 *s)
-{
-    sslSessionID *sid = ss->sec.ci.sid;
-
-    /* Record entry in nonce cache */
-    if (sid->peerCert == NULL) {
-        PORT_Memcpy(sid->u.ssl2.sessionID, s, sizeof(sid->u.ssl2.sessionID));
-        sid->peerCert = CERT_DupCertificate(ss->sec.peerCert);
-    }
-    if (!ss->opt.noCache && sid->cached == never_cached)
-        (*ss->sec.cache)(sid);
-}
-
-/* Called from ssl2_HandleMessage() */
-static SECStatus
-ssl2_TriggerNextMessage(sslSocket *ss)
-{
-    SECStatus rv;
-
-    PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss));
-
-    if ((ss->sec.ci.requiredElements & CIS_HAVE_CERTIFICATE) &&
-        !(ss->sec.ci.sentElements & CIS_HAVE_CERTIFICATE)) {
-        ss->sec.ci.sentElements |= CIS_HAVE_CERTIFICATE;
-        rv = ssl2_SendCertificateRequestMessage(ss);
-        return rv;
-    }
-    return SECSuccess;
-}
-
-/* See if it's time to send our finished message, or if the handshakes are
-** complete.  Send finished message if appropriate.
-** Returns SECSuccess unless anything goes wrong.
-**
-** Called from ssl2_HandleMessage,
-**             ssl2_HandleVerifyMessage
-**             ssl2_HandleServerHelloMessage
-**             ssl2_HandleClientSessionKeyMessage
-*/
-static SECStatus
-ssl2_TryToFinish(sslSocket *ss)
-{
-    SECStatus rv;
-    char e, ef;
-
-    PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss));
-
-    e = ss->sec.ci.elements;
-    ef = e | CIS_HAVE_FINISHED;
-    if ((ef & ss->sec.ci.requiredElements) == ss->sec.ci.requiredElements) {
-        if (ss->sec.isServer) {
-            /* Send server finished message if we already didn't */
-            rv = ssl2_SendServerFinishedMessage(ss);
-        } else {
-            /* Send client finished message if we already didn't */
-            rv = ssl2_SendClientFinishedMessage(ss);
-        }
-        if (rv != SECSuccess) {
-            return rv;
-        }
-        if ((e & ss->sec.ci.requiredElements) == ss->sec.ci.requiredElements) {
-            /* Totally finished */
-            ss->handshake = 0;
-            return SECSuccess;
-        }
-    }
-    return SECSuccess;
-}
-
-/*
-** Called from ssl2_HandleRequestCertificate
-*/
-static SECStatus
-ssl2_SignResponse(sslSocket *ss,
-                  SECKEYPrivateKey *key,
-                  SECItem *response)
-{
-    SGNContext *sgn = NULL;
-    PRUint8 *challenge;
-    unsigned int len;
-    SECStatus rv = SECFailure;
-
-    PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss));
-
-    challenge = ss->sec.ci.serverChallenge;
-    len = ss->sec.ci.serverChallengeLen;
-
-    /* Sign the expected data... */
-    sgn = SGN_NewContext(SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION, key);
-    if (!sgn)
-        goto done;
-    rv = SGN_Begin(sgn);
-    if (rv != SECSuccess)
-        goto done;
-    rv = SGN_Update(sgn, ss->sec.ci.readKey, ss->sec.ci.keySize);
-    if (rv != SECSuccess)
-        goto done;
-    rv = SGN_Update(sgn, ss->sec.ci.writeKey, ss->sec.ci.keySize);
-    if (rv != SECSuccess)
-        goto done;
-    rv = SGN_Update(sgn, challenge, len);
-    if (rv != SECSuccess)
-        goto done;
-    rv = SGN_Update(sgn, ss->sec.peerCert->derCert.data,
-                    ss->sec.peerCert->derCert.len);
-    if (rv != SECSuccess)
-        goto done;
-    rv = SGN_End(sgn, response);
-    if (rv != SECSuccess)
-        goto done;
-
-done:
-    SGN_DestroyContext(sgn, PR_TRUE);
-    return rv == SECSuccess ? SECSuccess : SECFailure;
-}
-
-/*
-** Try to handle a request-certificate message. Get client's certificate
-** and private key and sign a message for the server to see.
-** Caller must hold handshakeLock
-**
-** Called from ssl2_HandleMessage().
-*/
-static int
-ssl2_HandleRequestCertificate(sslSocket *ss)
-{
-    CERTCertificate *cert = NULL; /* app-selected client cert. */
-    SECKEYPrivateKey *key = NULL; /* priv key for cert. */
-    SECStatus rv;
-    SECItem response;
-    int ret = 0;
-    PRUint8 authType;
-
-    /*
-     * These things all need to be initialized before we can "goto loser".
-     */
-    response.data = NULL;
-
-    /* get challenge info from connectionInfo */
-    authType = ss->sec.ci.authType;
-
-    if (authType != SSL_AT_MD5_WITH_RSA_ENCRYPTION) {
-        SSL_TRC(7, ("%d: SSL[%d]: unsupported auth type 0x%x", SSL_GETPID(),
-                    ss->fd, authType));
-        goto no_cert_error;
-    }
-
-    /* Get certificate and private-key from client */
-    if (!ss->getClientAuthData) {
-        SSL_TRC(7, ("%d: SSL[%d]: client doesn't support client-auth",
-                    SSL_GETPID(), ss->fd));
-        goto no_cert_error;
-    }
-    ret = (*ss->getClientAuthData)(ss->getClientAuthDataArg, ss->fd,
-                                   NULL, &cert, &key);
-    if (ret == SECWouldBlock) {
-        PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2);
-        ret = -1;
-        goto loser;
-    }
-
-    if (ret) {
-        goto no_cert_error;
-    }
-
-    /* check what the callback function returned */
-    if ((!cert) || (!key)) {
-        /* we are missing either the key or cert */
-        if (cert) {
-            /* got a cert, but no key - free it */
-            CERT_DestroyCertificate(cert);
-            cert = NULL;
-        }
-        if (key) {
-            /* got a key, but no cert - free it */
-            SECKEY_DestroyPrivateKey(key);
-            key = NULL;
-        }
-        goto no_cert_error;
-    }
-
-    rv = ssl2_SignResponse(ss, key, &response);
-    if (rv != SECSuccess) {
-        ret = -1;
-        goto loser;
-    }
-
-    /* Send response message */
-    ret = ssl2_SendCertificateResponseMessage(ss, &cert->derCert, &response);
-
-    /* Now, remember the cert we sent. But first, forget any previous one. */
-    if (ss->sec.localCert) {
-        CERT_DestroyCertificate(ss->sec.localCert);
-    }
-    ss->sec.localCert = CERT_DupCertificate(cert);
-    PORT_Assert(!ss->sec.ci.sid->localCert);
-    if (ss->sec.ci.sid->localCert) {
-        CERT_DestroyCertificate(ss->sec.ci.sid->localCert);
-    }
-    ss->sec.ci.sid->localCert = cert;
-    cert = NULL;
-
-    goto done;
-
-no_cert_error:
-    SSL_TRC(7, ("%d: SSL[%d]: no certificate (ret=%d)", SSL_GETPID(),
-                ss->fd, ret));
-    ret = ssl2_SendErrorMessage(ss, SSL_PE_NO_CERTIFICATE);
-
-loser:
-done:
-    if (cert) {
-        CERT_DestroyCertificate(cert);
-    }
-    if (key) {
-        SECKEY_DestroyPrivateKey(key);
-    }
-    if (response.data) {
-        PORT_Free(response.data);
-    }
-
-    return ret;
-}
-
-/*
-** Called from ssl2_HandleMessage for SSL_MT_CLIENT_CERTIFICATE message.
-** Caller must hold HandshakeLock and RecvBufLock, since cd and response
-** are contained in the gathered input data.
-*/
-static SECStatus
-ssl2_HandleClientCertificate(sslSocket *ss,
-                             PRUint8 certType, /* XXX unused */
-                             PRUint8 *cd,
-                             unsigned int cdLen,
-                             PRUint8 *response,
-                             unsigned int responseLen)
-{
-    CERTCertificate *cert = NULL;
-    SECKEYPublicKey *pubKey = NULL;
-    VFYContext *vfy = NULL;
-    SECItem *derCert;
-    SECStatus rv = SECFailure;
-    SECItem certItem;
-    SECItem rep;
-
-    PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-
-    /* Extract the certificate */
-    certItem.data = cd;
-    certItem.len = cdLen;
-
-    cert = CERT_NewTempCertificate(ss->dbHandle, &certItem, NULL,
-                                   PR_FALSE, PR_TRUE);
-    if (cert == NULL) {
-        goto loser;
-    }
-
-    /* save the certificate, since the auth routine will need it */
-    ss->sec.peerCert = cert;
-
-    /* Extract the public key */
-    pubKey = CERT_ExtractPublicKey(cert);
-    if (!pubKey)
-        goto loser;
-
-    /* Verify the response data... */
-    rep.data = response;
-    rep.len = responseLen;
-    /* SSL 2.0 only supports RSA certs, so we don't have to worry about
-     * DSA here. */
-    vfy = VFY_CreateContext(pubKey, &rep, SEC_OID_PKCS1_RSA_ENCRYPTION,
-                            ss->pkcs11PinArg);
-    if (!vfy)
-        goto loser;
-    rv = VFY_Begin(vfy);
-    if (rv)
-        goto loser;
-
-    rv = VFY_Update(vfy, ss->sec.ci.readKey, ss->sec.ci.keySize);
-    if (rv)
-        goto loser;
-    rv = VFY_Update(vfy, ss->sec.ci.writeKey, ss->sec.ci.keySize);
-    if (rv)
-        goto loser;
-    rv = VFY_Update(vfy, ss->sec.ci.serverChallenge, SSL_CHALLENGE_BYTES);
-    if (rv)
-        goto loser;
-
-    derCert = &ss->serverCerts[kt_rsa].serverCert->derCert;
-    rv = VFY_Update(vfy, derCert->data, derCert->len);
-    if (rv)
-        goto loser;
-    rv = VFY_End(vfy);
-    if (rv)
-        goto loser;
-
-    /* Now ask the server application if it likes the certificate... */
-    rv = (SECStatus)(*ss->authCertificate)(ss->authCertificateArg,
-                                           ss->fd, PR_TRUE, PR_TRUE);
-    /* Hey, it liked it. */
-    if (SECSuccess == rv)
-        goto done;
-
-loser:
-    ss->sec.peerCert = NULL;
-    CERT_DestroyCertificate(cert);
-
-done:
-    VFY_DestroyContext(vfy, PR_TRUE);
-    SECKEY_DestroyPublicKey(pubKey);
-    return rv;
-}
-
-/*
-** Handle remaining messages between client/server. Process finished
-** messages from either side and any authentication requests.
-** This should only be called for SSLv2 handshake messages,
-** not for application data records.
-** Caller must hold handshake lock.
-**
-** Called from ssl_Do1stHandshake().
-**
-*/
-static SECStatus
-ssl2_HandleMessage(sslSocket *ss)
-{
-    PRUint8 *data;
-    PRUint8 *cid;
-    unsigned len, certType, certLen, responseLen;
-    int rv;
-
-    PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss));
-
-    ssl_GetRecvBufLock(ss);
-
-    data = ss->gs.buf.buf + ss->gs.recordOffset;
-
-    if (ss->gs.recordLen < 1) {
-        goto bad_peer;
-    }
-    SSL_TRC(3, ("%d: SSL[%d]: received %d message",
-                SSL_GETPID(), ss->fd, data[0]));
-    DUMP_MSG(29, (ss, data, ss->gs.recordLen));
-
-    switch (data[0]) {
-        case SSL_MT_CLIENT_FINISHED:
-            if (ss->sec.ci.elements & CIS_HAVE_FINISHED) {
-                SSL_DBG(("%d: SSL[%d]: dup client-finished message",
-                         SSL_GETPID(), ss->fd));
-                goto bad_peer;
-            }
-
-            /* See if nonce matches */
-            len = ss->gs.recordLen - 1;
-            cid = data + 1;
-            if ((len != sizeof(ss->sec.ci.connectionID)) ||
-                (PORT_Memcmp(ss->sec.ci.connectionID, cid, len) != 0)) {
-                SSL_DBG(("%d: SSL[%d]: bad connection-id", SSL_GETPID(), ss->fd));
-                PRINT_BUF(5, (ss, "sent connection-id",
-                              ss->sec.ci.connectionID,
-                              sizeof(ss->sec.ci.connectionID)));
-                PRINT_BUF(5, (ss, "rcvd connection-id", cid, len));
-                goto bad_peer;
-            }
-
-            SSL_TRC(5, ("%d: SSL[%d]: got client finished, waiting for 0x%d",
-                        SSL_GETPID(), ss->fd,
-                        ss->sec.ci.requiredElements ^ ss->sec.ci.elements));
-            ss->sec.ci.elements |= CIS_HAVE_FINISHED;
-            break;
-
-        case SSL_MT_SERVER_FINISHED:
-            if (ss->sec.ci.elements & CIS_HAVE_FINISHED) {
-                SSL_DBG(("%d: SSL[%d]: dup server-finished message",
-                         SSL_GETPID(), ss->fd));
-                goto bad_peer;
-            }
-
-            if (ss->gs.recordLen - 1 != SSL2_SESSIONID_BYTES) {
-                SSL_DBG(("%d: SSL[%d]: bad server-finished message, len=%d",
-                         SSL_GETPID(), ss->fd, ss->gs.recordLen));
-                goto bad_peer;
-            }
-            ssl2_ClientRegSessionID(ss, data + 1);
-            SSL_TRC(5, ("%d: SSL[%d]: got server finished, waiting for 0x%d",
-                        SSL_GETPID(), ss->fd,
-                        ss->sec.ci.requiredElements ^ ss->sec.ci.elements));
-            ss->sec.ci.elements |= CIS_HAVE_FINISHED;
-            break;
-
-        case SSL_MT_REQUEST_CERTIFICATE:
-            len = ss->gs.recordLen - 2;
-            if ((len < SSL_MIN_CHALLENGE_BYTES) ||
-                (len > SSL_MAX_CHALLENGE_BYTES)) {
-                /* Bad challenge */
-                SSL_DBG(("%d: SSL[%d]: bad cert request message: code len=%d",
-                         SSL_GETPID(), ss->fd, len));
-                goto bad_peer;
-            }
-
-            /* save auth request info */
-            ss->sec.ci.authType = data[1];
-            ss->sec.ci.serverChallengeLen = len;
-            PORT_Memcpy(ss->sec.ci.serverChallenge, data + 2, len);
-
-            rv = ssl2_HandleRequestCertificate(ss);
-            if (rv == SECWouldBlock) {
-                SSL_TRC(3, ("%d: SSL[%d]: async cert request",
-                            SSL_GETPID(), ss->fd));
-                /* someone is handling this asynchronously */
-                ssl_ReleaseRecvBufLock(ss);
-                return SECWouldBlock;
-            }
-            if (rv) {
-                SET_ERROR_CODE
-                goto loser;
-            }
-            break;
-
-        case SSL_MT_CLIENT_CERTIFICATE:
-            if (!ss->authCertificate) {
-                /* Server asked for authentication and can't handle it */
-                PORT_SetError(SSL_ERROR_BAD_SERVER);
-                goto loser;
-            }
-            if (ss->gs.recordLen < SSL_HL_CLIENT_CERTIFICATE_HBYTES) {
-                SET_ERROR_CODE
-                goto loser;
-            }
-            certType = data[1];
-            certLen = (data[2] << 8) | data[3];
-            responseLen = (data[4] << 8) | data[5];
-            if (certType != SSL_CT_X509_CERTIFICATE) {
-                PORT_SetError(SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE);
-                goto loser;
-            }
-            if (certLen + responseLen + SSL_HL_CLIENT_CERTIFICATE_HBYTES >
-                ss->gs.recordLen) {
-                /* prevent overflow crash. */
-                rv = SECFailure;
-            } else
-                rv = ssl2_HandleClientCertificate(ss, data[1],
-                                                  data + SSL_HL_CLIENT_CERTIFICATE_HBYTES,
-                                                  certLen,
-                                                  data + SSL_HL_CLIENT_CERTIFICATE_HBYTES + certLen,
-                                                  responseLen);
-            if (rv) {
-                (void)ssl2_SendErrorMessage(ss, SSL_PE_BAD_CERTIFICATE);
-                SET_ERROR_CODE
-                goto loser;
-            }
-            ss->sec.ci.elements |= CIS_HAVE_CERTIFICATE;
-            break;
-
-        case SSL_MT_ERROR:
-            rv = (data[1] << 8) | data[2];
-            SSL_TRC(2, ("%d: SSL[%d]: got error message, error=0x%x",
-                        SSL_GETPID(), ss->fd, rv));
-
-            /* Convert protocol error number into API error number */
-            switch (rv) {
-                case SSL_PE_NO_CYPHERS:
-                    rv = SSL_ERROR_NO_CYPHER_OVERLAP;
-                    break;
-                case SSL_PE_NO_CERTIFICATE:
-                    rv = SSL_ERROR_NO_CERTIFICATE;
-                    break;
-                case SSL_PE_BAD_CERTIFICATE:
-                    rv = SSL_ERROR_BAD_CERTIFICATE;
-                    break;
-                case SSL_PE_UNSUPPORTED_CERTIFICATE_TYPE:
-                    rv = SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE;
-                    break;
-                default:
-                    goto bad_peer;
-            }
-            /* XXX make certificate-request optionally fail... */
-            PORT_SetError(rv);
-            goto loser;
-
-        default:
-            SSL_DBG(("%d: SSL[%d]: unknown message %d",
-                     SSL_GETPID(), ss->fd, data[0]));
-            goto loser;
-    }
-
-    SSL_TRC(3, ("%d: SSL[%d]: handled %d message, required=0x%x got=0x%x",
-                SSL_GETPID(), ss->fd, data[0],
-                ss->sec.ci.requiredElements, ss->sec.ci.elements));
-
-    rv = ssl2_TryToFinish(ss);
-    if (rv != SECSuccess)
-        goto loser;
-
-    ss->gs.recordLen = 0;
-    ssl_ReleaseRecvBufLock(ss);
-
-    if (ss->handshake == 0) {
-        return SECSuccess;
-    }
-
-    ss->handshake = ssl_GatherRecord1stHandshake;
-    ss->nextHandshake = ssl2_HandleMessage;
-    return ssl2_TriggerNextMessage(ss);
-
-bad_peer:
-    PORT_SetError(ss->sec.isServer ? SSL_ERROR_BAD_CLIENT : SSL_ERROR_BAD_SERVER);
-/* FALL THROUGH */
-
-loser:
-    ssl_ReleaseRecvBufLock(ss);
-    return SECFailure;
-}
-
-/************************************************************************/
-
-/* Called from ssl_Do1stHandshake, after ssl2_HandleServerHelloMessage.
-*/
-static SECStatus
-ssl2_HandleVerifyMessage(sslSocket *ss)
-{
-    PRUint8 *data;
-    SECStatus rv;
-
-    PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss));
-    ssl_GetRecvBufLock(ss);
-
-    data = ss->gs.buf.buf + ss->gs.recordOffset;
-    DUMP_MSG(29, (ss, data, ss->gs.recordLen));
-    if ((ss->gs.recordLen != 1 + SSL_CHALLENGE_BYTES) ||
-        (data[0] != SSL_MT_SERVER_VERIFY) ||
-        NSS_SecureMemcmp(data + 1, ss->sec.ci.clientChallenge,
-                         SSL_CHALLENGE_BYTES)) {
-        /* Bad server */
-        PORT_SetError(SSL_ERROR_BAD_SERVER);
-        goto loser;
-    }
-    ss->sec.ci.elements |= CIS_HAVE_VERIFY;
-
-    SSL_TRC(5, ("%d: SSL[%d]: got server-verify, required=0x%d got=0x%x",
-                SSL_GETPID(), ss->fd, ss->sec.ci.requiredElements,
-                ss->sec.ci.elements));
-
-    rv = ssl2_TryToFinish(ss);
-    if (rv)
-        goto loser;
-
-    ss->gs.recordLen = 0;
-    ssl_ReleaseRecvBufLock(ss);
-
-    if (ss->handshake == 0) {
-        return SECSuccess;
-    }
-    ss->handshake = ssl_GatherRecord1stHandshake;
-    ss->nextHandshake = ssl2_HandleMessage;
-    return SECSuccess;
-
-loser:
-    ssl_ReleaseRecvBufLock(ss);
-    return SECFailure;
-}
-
-/* Not static because ssl2_GatherData() tests ss->nextHandshake for this value.
- * ICK!
- * Called from ssl_Do1stHandshake after ssl2_BeginClientHandshake()
- */
-SECStatus
-ssl2_HandleServerHelloMessage(sslSocket *ss)
-{
-    sslSessionID *sid;
-    PRUint8 *cert;
-    PRUint8 *cs;
-    PRUint8 *data;
-    SECStatus rv;
-    unsigned int needed, sidHit, certLen, csLen, cidLen, certType, err;
-
-    PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss));
-
-    if (!ss->opt.enableSSL2) {
-        PORT_SetError(SSL_ERROR_SSL2_DISABLED);
-        return SECFailure;
-    }
-
-    ssl_GetRecvBufLock(ss);
-
-    PORT_Assert(ss->sec.ci.sid != 0);
-    sid = ss->sec.ci.sid;
-
-    data = ss->gs.buf.buf + ss->gs.recordOffset;
-    DUMP_MSG(29, (ss, data, ss->gs.recordLen));
-
-    /* Make sure first message has some data and is the server hello message */
-    if ((ss->gs.recordLen < SSL_HL_SERVER_HELLO_HBYTES) ||
-        (data[0] != SSL_MT_SERVER_HELLO)) {
-        if ((data[0] == SSL_MT_ERROR) && (ss->gs.recordLen == 3)) {
-            err = (data[1] << 8) | data[2];
-            if (err == SSL_PE_NO_CYPHERS) {
-                PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
-                goto loser;
-            }
-        }
-        goto bad_server;
-    }
-
-    sidHit = data[1];
-    certType = data[2];
-    ss->version = (data[3] << 8) | data[4];
-    certLen = (data[5] << 8) | data[6];
-    csLen = (data[7] << 8) | data[8];
-    cidLen = (data[9] << 8) | data[10];
-    cert = data + SSL_HL_SERVER_HELLO_HBYTES;
-    cs = cert + certLen;
-
-    SSL_TRC(5,
-            ("%d: SSL[%d]: server-hello, hit=%d vers=%x certLen=%d csLen=%d cidLen=%d",
-             SSL_GETPID(), ss->fd, sidHit, ss->version, certLen,
-             csLen, cidLen));
-    if (ss->version != SSL_LIBRARY_VERSION_2) {
-        if (ss->version < SSL_LIBRARY_VERSION_2) {
-            SSL_TRC(3, ("%d: SSL[%d]: demoting self (%x) to server version (%x)",
-                        SSL_GETPID(), ss->fd, SSL_LIBRARY_VERSION_2,
-                        ss->version));
-        } else {
-            SSL_TRC(1, ("%d: SSL[%d]: server version is %x (we are %x)",
-                        SSL_GETPID(), ss->fd, ss->version, SSL_LIBRARY_VERSION_2));
-            /* server claims to be newer but does not follow protocol */
-            PORT_SetError(SSL_ERROR_UNSUPPORTED_VERSION);
-            goto loser;
-        }
-    }
-
-    if ((SSL_HL_SERVER_HELLO_HBYTES + certLen + csLen + cidLen >
-         ss->gs.recordLen) ||
-        (csLen % 3) != 0
-        /* || cidLen < SSL_CONNECTIONID_BYTES || cidLen > 32  */
-        ) {
-        goto bad_server;
-    }
-
-    /* Save connection-id.
-    ** This code only saves the first 16 byte of the connectionID.
-    ** If the connectionID is shorter than 16 bytes, it is zero-padded.
-    */
-    if (cidLen < sizeof ss->sec.ci.connectionID)
-        memset(ss->sec.ci.connectionID, 0, sizeof ss->sec.ci.connectionID);
-    cidLen = PR_MIN(cidLen, sizeof ss->sec.ci.connectionID);
-    PORT_Memcpy(ss->sec.ci.connectionID, cs + csLen, cidLen);
-
-    /* See if session-id hit */
-    needed = CIS_HAVE_MASTER_KEY | CIS_HAVE_FINISHED | CIS_HAVE_VERIFY;
-    if (sidHit) {
-        if (certLen || csLen) {
-            /* Uh oh - bogus server */
-            SSL_DBG(("%d: SSL[%d]: client, huh? hit=%d certLen=%d csLen=%d",
-                     SSL_GETPID(), ss->fd, sidHit, certLen, csLen));
-            goto bad_server;
-        }
-
-        /* Total winner. */
-        SSL_TRC(1, ("%d: SSL[%d]: client, using nonce for peer=0x%08x "
-                    "port=0x%04x",
-                    SSL_GETPID(), ss->fd, ss->sec.ci.peer, ss->sec.ci.port));
-        ss->sec.peerCert = CERT_DupCertificate(sid->peerCert);
-        ss->sec.authAlgorithm = sid->authAlgorithm;
-        ss->sec.authKeyBits = sid->authKeyBits;
-        ss->sec.keaType = sid->keaType;
-        ss->sec.keaKeyBits = sid->keaKeyBits;
-        rv = ssl2_CreateSessionCypher(ss, sid, PR_TRUE);
-        if (rv != SECSuccess) {
-            goto loser;
-        }
-    } else {
-        if (certType != SSL_CT_X509_CERTIFICATE) {
-            PORT_SetError(SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE);
-            goto loser;
-        }
-        if (csLen == 0) {
-            PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
-            SSL_DBG(("%d: SSL[%d]: no cipher overlap",
-                     SSL_GETPID(), ss->fd));
-            goto loser;
-        }
-        if (certLen == 0) {
-            SSL_DBG(("%d: SSL[%d]: client, huh? certLen=%d csLen=%d",
-                     SSL_GETPID(), ss->fd, certLen, csLen));
-            goto bad_server;
-        }
-
-        if (sid->cached != never_cached) {
-            /* Forget our session-id - server didn't like it */
-            SSL_TRC(7, ("%d: SSL[%d]: server forgot me, uncaching session-id",
-                        SSL_GETPID(), ss->fd));
-            if (ss->sec.uncache)
-                (*ss->sec.uncache)(sid);
-            ssl_FreeSID(sid);
-            ss->sec.ci.sid = sid = PORT_ZNew(sslSessionID);
-            if (!sid) {
-                goto loser;
-            }
-            sid->references = 1;
-            sid->addr = ss->sec.ci.peer;
-            sid->port = ss->sec.ci.port;
-        }
-
-        /* decode the server's certificate */
-        rv = ssl2_ClientHandleServerCert(ss, cert, certLen);
-        if (rv != SECSuccess) {
-            if (PORT_GetError() == SSL_ERROR_BAD_CERTIFICATE) {
-                (void)ssl2_SendErrorMessage(ss, SSL_PE_BAD_CERTIFICATE);
-            }
-            goto loser;
-        }
-
-        /* Setup new session cipher */
-        rv = ssl2_ClientSetupSessionCypher(ss, cs, csLen);
-        if (rv != SECSuccess) {
-            if (PORT_GetError() == SSL_ERROR_BAD_CERTIFICATE) {
-                (void)ssl2_SendErrorMessage(ss, SSL_PE_BAD_CERTIFICATE);
-            }
-            goto loser;
-        }
-    }
-
-    /* Build up final list of required elements */
-    ss->sec.ci.elements = CIS_HAVE_MASTER_KEY;
-    ss->sec.ci.requiredElements = needed;
-
-    if (!sidHit) {
-        /* verify the server's certificate. if sidHit, don't check signatures */
-        rv = (*ss->authCertificate)(ss->authCertificateArg, ss->fd,
-                                    (PRBool)(!sidHit), PR_FALSE);
-        if (rv) {
-            if (ss->handleBadCert) {
-                rv = (*ss->handleBadCert)(ss->badCertArg, ss->fd);
-                if (rv) {
-                    if (rv == SECWouldBlock) {
-                        SSL_DBG(("%d: SSL[%d]: SSL2 bad cert handler returned "
-                                 "SECWouldBlock",
-                                 SSL_GETPID(), ss->fd));
-                        PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2);
-                        rv = SECFailure;
-                    } else {
-                        /* cert is bad */
-                        SSL_DBG(("%d: SSL[%d]: server certificate is no good: error=%d",
-                                 SSL_GETPID(), ss->fd, PORT_GetError()));
-                    }
-                    goto loser;
-                }
-                /* cert is good */
-            } else {
-                SSL_DBG(("%d: SSL[%d]: server certificate is no good: error=%d",
-                         SSL_GETPID(), ss->fd, PORT_GetError()));
-                goto loser;
-            }
-        }
-    }
-    /*
-    ** At this point we have a completed session key and our session
-    ** cipher is setup and ready to go. Switch to encrypted write routine
-    ** as all future message data is to be encrypted.
-    */
-    ssl2_UseEncryptedSendFunc(ss);
-
-    rv = ssl2_TryToFinish(ss);
-    if (rv != SECSuccess)
-        goto loser;
-
-    ss->gs.recordLen = 0;
-
-    ssl_ReleaseRecvBufLock(ss);
-
-    if (ss->handshake == 0) {
-        return SECSuccess;
-    }
-
-    SSL_TRC(5, ("%d: SSL[%d]: got server-hello, required=0x%d got=0x%x",
-                SSL_GETPID(), ss->fd, ss->sec.ci.requiredElements,
-                ss->sec.ci.elements));
-    ss->handshake = ssl_GatherRecord1stHandshake;
-    ss->nextHandshake = ssl2_HandleVerifyMessage;
-    return SECSuccess;
-
-bad_server:
-    PORT_SetError(SSL_ERROR_BAD_SERVER);
-/* FALL THROUGH */
-
-loser:
-    ssl_ReleaseRecvBufLock(ss);
-    return SECFailure;
-}
-
-/* Sends out the initial client Hello message on the connection.
- * Acquires and releases the socket's xmitBufLock.
- */
-SECStatus
-ssl2_BeginClientHandshake(sslSocket *ss)
-{
-    sslSessionID *sid;
-    PRUint8 *msg;
-    PRUint8 *cp;
-    PRUint8 *localCipherSpecs = NULL;
-    unsigned int localCipherSize;
-    unsigned int i;
-    int sendLen, sidLen = 0;
-    SECStatus rv;
-    TLSExtensionData *xtnData;
-
-    PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss));
-
-    ss->sec.isServer = 0;
-    ss->sec.sendSequence = 0;
-    ss->sec.rcvSequence = 0;
-    ssl_ChooseSessionIDProcs(&ss->sec);
-
-    if (!ss->cipherSpecs) {
-        rv = ssl2_ConstructCipherSpecs(ss);
-        if (rv != SECSuccess)
-            goto loser;
-    }
-
-    /* count the SSL2 and SSL3 enabled ciphers.
-     * if either is zero, clear the socket's enable for that protocol.
-     */
-    rv = ssl2_CheckConfigSanity(ss);
-    if (rv != SECSuccess)
-        goto loser;
-
-    /* Get peer name of server */
-    rv = ssl_GetPeerInfo(ss);
-    if (rv < 0) {
-#ifdef HPUX11
-        /*
-         * On some HP-UX B.11.00 systems, getpeername() occasionally
-         * fails with ENOTCONN after a successful completion of
-         * non-blocking connect.  I found that if we do a write()
-         * and then retry getpeername(), it will work.
-         */
-        if (PR_GetError() == PR_NOT_CONNECTED_ERROR) {
-            char dummy;
-            (void)PR_Write(ss->fd->lower, &dummy, 0);
-            rv = ssl_GetPeerInfo(ss);
-            if (rv < 0) {
-                goto loser;
-            }
-        }
-#else
-        goto loser;
-#endif
-    }
-
-    SSL_TRC(3, ("%d: SSL[%d]: sending client-hello", SSL_GETPID(), ss->fd));
-
-    /* Try to find server in our session-id cache */
-    if (ss->opt.noCache) {
-        sid = NULL;
-    } else {
-        sid = ssl_LookupSID(&ss->sec.ci.peer, ss->sec.ci.port, ss->peerID,
-                            ss->url);
-    }
-    while (sid) { /* this isn't really a loop */
-        PRBool sidVersionEnabled =
-            (!SSL3_ALL_VERSIONS_DISABLED(&ss->vrange) &&
-             sid->version >= ss->vrange.min &&
-             sid->version <= ss->vrange.max) ||
-            (sid->version < SSL_LIBRARY_VERSION_3_0 && ss->opt.enableSSL2);
-
-        /* if we're not doing this SID's protocol any more, drop it. */
-        if (!sidVersionEnabled) {
-            if (ss->sec.uncache)
-                ss->sec.uncache(sid);
-            ssl_FreeSID(sid);
-            sid = NULL;
-            break;
-        }
-        if (sid->version < SSL_LIBRARY_VERSION_3_0) {
-            /* If the cipher in this sid is not enabled, drop it. */
-            for (i = 0; i < ss->sizeCipherSpecs; i += 3) {
-                if (ss->cipherSpecs[i] == sid->u.ssl2.cipherType)
-                    break;
-            }
-            if (i >= ss->sizeCipherSpecs) {
-                if (ss->sec.uncache)
-                    ss->sec.uncache(sid);
-                ssl_FreeSID(sid);
-                sid = NULL;
-                break;
-            }
-        }
-        sidLen = sizeof(sid->u.ssl2.sessionID);
-        PRINT_BUF(4, (ss, "client, found session-id:", sid->u.ssl2.sessionID,
-                      sidLen));
-        ss->version = sid->version;
-        PORT_Assert(!ss->sec.localCert);
-        if (ss->sec.localCert) {
-            CERT_DestroyCertificate(ss->sec.localCert);
-        }
-        ss->sec.localCert = CERT_DupCertificate(sid->localCert);
-        break; /* this isn't really a loop */
-    }
-    if (!sid) {
-        sidLen = 0;
-        sid = PORT_ZNew(sslSessionID);
-        if (!sid) {
-            goto loser;
-        }
-        sid->references = 1;
-        sid->cached = never_cached;
-        sid->addr = ss->sec.ci.peer;
-        sid->port = ss->sec.ci.port;
-        if (ss->peerID != NULL) {
-            sid->peerID = PORT_Strdup(ss->peerID);
-        }
-        if (ss->url != NULL) {
-            sid->urlSvrName = PORT_Strdup(ss->url);
-        }
-    }
-    ss->sec.ci.sid = sid;
-
-    PORT_Assert(sid != NULL);
-
-    if ((sid->version >= SSL_LIBRARY_VERSION_3_0 || !ss->opt.v2CompatibleHello) &&
-        !SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) {
-        ss->gs.state = GS_INIT;
-        ss->handshake = ssl_GatherRecord1stHandshake;
-
-        /* ssl3_SendClientHello will override this if it succeeds. */
-        ss->version = SSL_LIBRARY_VERSION_3_0;
-
-        ssl_GetSSL3HandshakeLock(ss);
-        ssl_GetXmitBufLock(ss);
-        rv = ssl3_SendClientHello(ss, PR_FALSE);
-        ssl_ReleaseXmitBufLock(ss);
-        ssl_ReleaseSSL3HandshakeLock(ss);
-
-        return rv;
-    }
-#ifndef NSS_DISABLE_ECC
-    /* ensure we don't neogtiate ECC cipher suites with SSL2 hello */
-    ssl3_DisableECCSuites(ss, NULL); /* disable all ECC suites */
-    if (ss->cipherSpecs != NULL) {
-        PORT_Free(ss->cipherSpecs);
-        ss->cipherSpecs = NULL;
-        ss->sizeCipherSpecs = 0;
-    }
-#endif /* NSS_DISABLE_ECC */
-
-    if (!ss->cipherSpecs) {
-        rv = ssl2_ConstructCipherSpecs(ss);
-        if (rv < 0) {
-            return rv;
-        }
-    }
-    localCipherSpecs = ss->cipherSpecs;
-    localCipherSize = ss->sizeCipherSpecs;
-
-    /* Add 3 for SCSV */
-    sendLen = SSL_HL_CLIENT_HELLO_HBYTES + localCipherSize + 3 + sidLen +
-              SSL_CHALLENGE_BYTES;
-
-    /* Generate challenge bytes for server */
-    PK11_GenerateRandom(ss->sec.ci.clientChallenge, SSL_CHALLENGE_BYTES);
-
-    ssl_GetXmitBufLock(ss); /***************************************/
-
-    rv = ssl2_GetSendBuffer(ss, sendLen);
-    if (rv)
-        goto unlock_loser;
-
-    /* Construct client-hello message */
-    cp = msg = ss->sec.ci.sendBuf.buf;
-    msg[0] = SSL_MT_CLIENT_HELLO;
-    ss->clientHelloVersion = SSL3_ALL_VERSIONS_DISABLED(&ss->vrange) ? SSL_LIBRARY_VERSION_2
-                                                                     : ss->vrange.max;
-
-    msg[1] = MSB(ss->clientHelloVersion);
-    msg[2] = LSB(ss->clientHelloVersion);
-    /* Add 3 for SCSV */
-    msg[3] = MSB(localCipherSize + 3);
-    msg[4] = LSB(localCipherSize + 3);
-    msg[5] = MSB(sidLen);
-    msg[6] = LSB(sidLen);
-    msg[7] = MSB(SSL_CHALLENGE_BYTES);
-    msg[8] = LSB(SSL_CHALLENGE_BYTES);
-    cp += SSL_HL_CLIENT_HELLO_HBYTES;
-    PORT_Memcpy(cp, localCipherSpecs, localCipherSize);
-    cp += localCipherSize;
-    /*
-     * Add SCSV.  SSL 2.0 cipher suites are listed before SSL 3.0 cipher
-     * suites in localCipherSpecs for compatibility with SSL 2.0 servers.
-     * Since SCSV looks like an SSL 3.0 cipher suite, we can't add it at
-     * the beginning.
-     */
-    cp[0] = 0x00;
-    cp[1] = 0x00;
-    cp[2] = 0xff;
-    cp += 3;
-    if (sidLen) {
-        PORT_Memcpy(cp, sid->u.ssl2.sessionID, sidLen);
-        cp += sidLen;
-    }
-    PORT_Memcpy(cp, ss->sec.ci.clientChallenge, SSL_CHALLENGE_BYTES);
-
-    /* Send it to the server */
-    DUMP_MSG(29, (ss, msg, sendLen));
-    ss->handshakeBegun = 1;
-    rv = (*ss->sec.send)(ss, msg, sendLen, 0);
-
-    ssl_ReleaseXmitBufLock(ss); /***************************************/
-
-    if (rv < 0) {
-        goto loser;
-    }
-
-    rv = ssl3_StartHandshakeHash(ss, msg, sendLen);
-    if (rv < 0) {
-        goto loser;
-    }
-
-    /*
-     * Since we sent the SCSV, pretend we sent empty RI extension.  We need
-     * to record the extension has been advertised after ssl3_InitState has
-     * been called, which ssl3_StartHandshakeHash took care for us above.
-     */
-    xtnData = &ss->xtnData;
-    xtnData->advertised[xtnData->numAdvertised++] = ssl_renegotiation_info_xtn;
-
-    /* Setup to receive servers hello message */
-    ssl_GetRecvBufLock(ss);
-    ss->gs.recordLen = 0;
-    ssl_ReleaseRecvBufLock(ss);
-
-    ss->handshake = ssl_GatherRecord1stHandshake;
-    ss->nextHandshake = ssl2_HandleServerHelloMessage;
-    return SECSuccess;
-
-unlock_loser:
-    ssl_ReleaseXmitBufLock(ss);
-loser:
-    return SECFailure;
-}
-
-/************************************************************************/
-
-/* Handle the CLIENT-MASTER-KEY message.
-** Acquires and releases RecvBufLock.
-** Called from ssl2_HandleClientHelloMessage().
-*/
-static SECStatus
-ssl2_HandleClientSessionKeyMessage(sslSocket *ss)
-{
-    PRUint8 *data;
-    unsigned int caLen;
-    unsigned int ckLen;
-    unsigned int ekLen;
-    unsigned int keyBits;
-    int cipher;
-    SECStatus rv;
-
-    ssl_GetRecvBufLock(ss);
-
-    data = ss->gs.buf.buf + ss->gs.recordOffset;
-    DUMP_MSG(29, (ss, data, ss->gs.recordLen));
-
-    if ((ss->gs.recordLen < SSL_HL_CLIENT_MASTER_KEY_HBYTES) ||
-        (data[0] != SSL_MT_CLIENT_MASTER_KEY)) {
-        goto bad_client;
-    }
-    cipher = data[1];
-    keyBits = (data[2] << 8) | data[3];
-    ckLen = (data[4] << 8) | data[5];
-    ekLen = (data[6] << 8) | data[7];
-    caLen = (data[8] << 8) | data[9];
-
-    SSL_TRC(5, ("%d: SSL[%d]: session-key, cipher=%d keyBits=%d ckLen=%d ekLen=%d caLen=%d",
-                SSL_GETPID(), ss->fd, cipher, keyBits, ckLen, ekLen, caLen));
-
-    if (ss->gs.recordLen <
-        SSL_HL_CLIENT_MASTER_KEY_HBYTES + ckLen + ekLen + caLen) {
-        SSL_DBG(("%d: SSL[%d]: protocol size mismatch dataLen=%d",
-                 SSL_GETPID(), ss->fd, ss->gs.recordLen));
-        goto bad_client;
-    }
-
-    /* Use info from client to setup session key */
-    rv = ssl2_ServerSetupSessionCypher(ss, cipher, keyBits,
-                                       data + SSL_HL_CLIENT_MASTER_KEY_HBYTES,
-                                       ckLen,
-                                       data + SSL_HL_CLIENT_MASTER_KEY_HBYTES + ckLen,
-                                       ekLen,
-                                       data + SSL_HL_CLIENT_MASTER_KEY_HBYTES + ckLen + ekLen,
-                                       caLen);
-    ss->gs.recordLen = 0; /* we're done with this record. */
-
-    ssl_ReleaseRecvBufLock(ss);
-
-    if (rv != SECSuccess) {
-        goto loser;
-    }
-    ss->sec.ci.elements |= CIS_HAVE_MASTER_KEY;
-    ssl2_UseEncryptedSendFunc(ss);
-
-    /* Send server verify message now that keys are established */
-    rv = ssl2_SendServerVerifyMessage(ss);
-    if (rv != SECSuccess)
-        goto loser;
-
-    rv = ssl2_TryToFinish(ss);
-    if (rv != SECSuccess)
-        goto loser;
-    if (ss->handshake == 0) {
-        return SECSuccess;
-    }
-
-    SSL_TRC(5, ("%d: SSL[%d]: server: waiting for elements=0x%d",
-                SSL_GETPID(), ss->fd,
-                ss->sec.ci.requiredElements ^ ss->sec.ci.elements));
-    ss->handshake = ssl_GatherRecord1stHandshake;
-    ss->nextHandshake = ssl2_HandleMessage;
-
-    return ssl2_TriggerNextMessage(ss);
-
-bad_client:
-    ssl_ReleaseRecvBufLock(ss);
-    PORT_SetError(SSL_ERROR_BAD_CLIENT);
-/* FALLTHROUGH */
-
-loser:
-    return SECFailure;
-}
-
-/*
-** Handle the initial hello message from the client
-**
-** not static because ssl2_GatherData() tests ss->nextHandshake for this value.
-*/
-SECStatus
-ssl2_HandleClientHelloMessage(sslSocket *ss)
-{
-    sslSessionID *sid;
-    sslServerCerts *sc;
-    CERTCertificate *serverCert;
-    PRUint8 *msg;
-    PRUint8 *data;
-    PRUint8 *cs;
-    PRUint8 *sd;
-    PRUint8 *cert = NULL;
-    PRUint8 *challenge;
-    unsigned int challengeLen;
-    SECStatus rv;
-    int csLen;
-    int sendLen;
-    int sdLen;
-    int certLen;
-    int pid;
-    int sent;
-    int gotXmitBufLock = 0;
-#if defined(SOLARIS) && defined(i386)
-    volatile PRUint8 hit;
-#else
-    int hit;
-#endif
-    PRUint8 csImpl[sizeof implementedCipherSuites];
-
-    PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss));
-
-    sc = ss->serverCerts + kt_rsa;
-    serverCert = sc->serverCert;
-
-    ssl_GetRecvBufLock(ss);
-
-    data = ss->gs.buf.buf + ss->gs.recordOffset;
-    DUMP_MSG(29, (ss, data, ss->gs.recordLen));
-
-    /* Make sure first message has some data and is the client hello message */
-    if ((ss->gs.recordLen < SSL_HL_CLIENT_HELLO_HBYTES) ||
-        (data[0] != SSL_MT_CLIENT_HELLO)) {
-        goto bad_client;
-    }
-
-    /* Get peer name of client */
-    rv = ssl_GetPeerInfo(ss);
-    if (rv != SECSuccess) {
-        goto loser;
-    }
-
-    /* Examine version information */
-    /*
-     * See if this might be a V2 client hello asking to use the V3 protocol
-     */
-    if ((data[0] == SSL_MT_CLIENT_HELLO) &&
-        (data[1] >= MSB(SSL_LIBRARY_VERSION_3_0)) &&
-        !SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) {
-        rv = ssl3_HandleV2ClientHello(ss, data, ss->gs.recordLen);
-        if (rv != SECFailure) { /* Success */
-            ss->handshake = NULL;
-            ss->nextHandshake = ssl_GatherRecord1stHandshake;
-            ss->securityHandshake = NULL;
-            ss->gs.state = GS_INIT;
-
-            /* ssl3_HandleV3ClientHello has set ss->version,
-            ** and has gotten us a brand new sid.
-            */
-            ss->sec.ci.sid->version = ss->version;
-        }
-        ssl_ReleaseRecvBufLock(ss);
-        return rv;
-    }
-    /* Previously, there was a test here to see if SSL2 was enabled.
-    ** If not, an error code was set, and SECFailure was returned,
-    ** without sending any error code to the other end of the connection.
-    ** That test has been removed.  If SSL2 has been disabled, there
-    ** should be no SSL2 ciphers enabled, and consequently, the code
-    ** below should send the ssl2 error message SSL_PE_NO_CYPHERS.
-    ** We now believe this is the correct thing to do, even when SSL2
-    ** has been explicitly disabled by the application.
-    */
-
-    /* Extract info from message */
-    ss->version = (data[1] << 8) | data[2];
-
-    /* If some client thinks ssl v2 is 2.0 instead of 0.2, we'll allow it.  */
-    if (ss->version >= SSL_LIBRARY_VERSION_3_0) {
-        ss->version = SSL_LIBRARY_VERSION_2;
-    }
-
-    csLen = (data[3] << 8) | data[4];
-    sdLen = (data[5] << 8) | data[6];
-    challengeLen = (data[7] << 8) | data[8];
-    cs = data + SSL_HL_CLIENT_HELLO_HBYTES;
-    sd = cs + csLen;
-    challenge = sd + sdLen;
-    PRINT_BUF(7, (ss, "server, client session-id value:", sd, sdLen));
-
-    if (!csLen || (csLen % 3) != 0 ||
-        (sdLen != 0 && sdLen != SSL2_SESSIONID_BYTES) ||
-        challengeLen < SSL_MIN_CHALLENGE_BYTES ||
-        challengeLen > SSL_MAX_CHALLENGE_BYTES ||
-        (unsigned)ss->gs.recordLen !=
-            SSL_HL_CLIENT_HELLO_HBYTES + csLen + sdLen + challengeLen) {
-        SSL_DBG(("%d: SSL[%d]: bad client hello message, len=%d should=%d",
-                 SSL_GETPID(), ss->fd, ss->gs.recordLen,
-                 SSL_HL_CLIENT_HELLO_HBYTES + csLen + sdLen + challengeLen));
-        goto bad_client;
-    }
-
-    SSL_TRC(3, ("%d: SSL[%d]: client version is %x",
-                SSL_GETPID(), ss->fd, ss->version));
-    if (ss->version != SSL_LIBRARY_VERSION_2) {
-        if (ss->version > SSL_LIBRARY_VERSION_2) {
-            /*
-            ** Newer client than us. Things are ok because new clients
-            ** are required to be backwards compatible with old servers.
-            ** Change version number to our version number so that client
-            ** knows whats up.
-            */
-            ss->version = SSL_LIBRARY_VERSION_2;
-        } else {
-            SSL_TRC(1, ("%d: SSL[%d]: client version is %x (we are %x)",
-                        SSL_GETPID(), ss->fd, ss->version, SSL_LIBRARY_VERSION_2));
-            PORT_SetError(SSL_ERROR_UNSUPPORTED_VERSION);
-            goto loser;
-        }
-    }
-
-    /* Qualify cipher specs before returning them to client */
-    csLen = ssl2_QualifyCypherSpecs(ss, cs, csLen);
-    if (csLen == 0) {
-        /* no overlap, send client our list of supported SSL v2 ciphers. */
-        cs = csImpl;
-        csLen = sizeof implementedCipherSuites;
-        PORT_Memcpy(cs, implementedCipherSuites, csLen);
-        csLen = ssl2_QualifyCypherSpecs(ss, cs, csLen);
-        if (csLen == 0) {
-            /* We don't support any SSL v2 ciphers! */
-            ssl2_SendErrorMessage(ss, SSL_PE_NO_CYPHERS);
-            PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
-            goto loser;
-        }
-        /* Since this handhsake is going to fail, don't cache it. */
-        ss->opt.noCache = 1;
-    }
-
-    /* Squirrel away the challenge for later */
-    PORT_Memcpy(ss->sec.ci.clientChallenge, challenge, challengeLen);
-
-    /* Examine message and see if session-id is good */
-    ss->sec.ci.elements = 0;
-    if (sdLen > 0 && !ss->opt.noCache) {
-        SSL_TRC(7, ("%d: SSL[%d]: server, lookup client session-id for 0x%08x%08x%08x%08x",
-                    SSL_GETPID(), ss->fd, ss->sec.ci.peer.pr_s6_addr32[0],
-                    ss->sec.ci.peer.pr_s6_addr32[1],
-                    ss->sec.ci.peer.pr_s6_addr32[2],
-                    ss->sec.ci.peer.pr_s6_addr32[3]));
-        sid = (*ssl_sid_lookup)(&ss->sec.ci.peer, sd, sdLen, ss->dbHandle);
-    } else {
-        sid = NULL;
-    }
-    if (sid) {
-        /* Got a good session-id. Short cut! */
-        SSL_TRC(1, ("%d: SSL[%d]: server, using session-id for 0x%08x (age=%d)",
-                    SSL_GETPID(), ss->fd, ss->sec.ci.peer,
-                    ssl_Time() - sid->creationTime));
-        PRINT_BUF(1, (ss, "session-id value:", sd, sdLen));
-        ss->sec.ci.sid = sid;
-        ss->sec.ci.elements = CIS_HAVE_MASTER_KEY;
-        hit = 1;
-        certLen = 0;
-        csLen = 0;
-
-        ss->sec.authAlgorithm = sid->authAlgorithm;
-        ss->sec.authKeyBits = sid->authKeyBits;
-        ss->sec.keaType = sid->keaType;
-        ss->sec.keaKeyBits = sid->keaKeyBits;
-
-        rv = ssl2_CreateSessionCypher(ss, sid, PR_FALSE);
-        if (rv != SECSuccess) {
-            goto loser;
-        }
-    } else {
-        SECItem *derCert = &serverCert->derCert;
-
-        SSL_TRC(7, ("%d: SSL[%d]: server, lookup nonce missed",
-                    SSL_GETPID(), ss->fd));
-        if (!serverCert) {
-            SET_ERROR_CODE
-            goto loser;
-        }
-        hit = 0;
-        sid = PORT_ZNew(sslSessionID);
-        if (!sid) {
-            goto loser;
-        }
-        sid->references = 1;
-        sid->addr = ss->sec.ci.peer;
-        sid->port = ss->sec.ci.port;
-
-        /* Invent a session-id */
-        ss->sec.ci.sid = sid;
-        PK11_GenerateRandom(sid->u.ssl2.sessionID + 2, SSL2_SESSIONID_BYTES - 2);
-
-        pid = SSL_GETPID();
-        sid->u.ssl2.sessionID[0] = MSB(pid);
-        sid->u.ssl2.sessionID[1] = LSB(pid);
-        cert = derCert->data;
-        certLen = derCert->len;
-
-        /* pretend that server sids remember the local cert. */
-        PORT_Assert(!sid->localCert);
-        if (sid->localCert) {
-            CERT_DestroyCertificate(sid->localCert);
-        }
-        sid->localCert = CERT_DupCertificate(serverCert);
-
-        ss->sec.authAlgorithm = ssl_sign_rsa;
-        ss->sec.keaType = ssl_kea_rsa;
-        ss->sec.keaKeyBits =
-            ss->sec.authKeyBits = ss->serverCerts[kt_rsa].serverKeyBits;
-    }
-
-    /* server sids don't remember the local cert, so whether we found
-    ** a sid or not, just "remember" we used the rsa server cert.
-    */
-    if (ss->sec.localCert) {
-        CERT_DestroyCertificate(ss->sec.localCert);
-    }
-    ss->sec.localCert = CERT_DupCertificate(serverCert);
-
-    /* Build up final list of required elements */
-    ss->sec.ci.requiredElements = CIS_HAVE_MASTER_KEY | CIS_HAVE_FINISHED;
-    if (ss->opt.requestCertificate) {
-        ss->sec.ci.requiredElements |= CIS_HAVE_CERTIFICATE;
-    }
-    ss->sec.ci.sentElements = 0;
-
-    /* Send hello message back to client */
-    sendLen = SSL_HL_SERVER_HELLO_HBYTES + certLen + csLen +
-              SSL_CONNECTIONID_BYTES;
-
-    ssl_GetXmitBufLock(ss);
-    gotXmitBufLock = 1;
-    rv = ssl2_GetSendBuffer(ss, sendLen);
-    if (rv != SECSuccess) {
-        goto loser;
-    }
-
-    SSL_TRC(3, ("%d: SSL[%d]: sending server-hello (%d)",
-                SSL_GETPID(), ss->fd, sendLen));
-
-    msg = ss->sec.ci.sendBuf.buf;
-    msg[0] = SSL_MT_SERVER_HELLO;
-    msg[1] = hit;
-    msg[2] = SSL_CT_X509_CERTIFICATE;
-    msg[3] = MSB(ss->version);
-    msg[4] = LSB(ss->version);
-    msg[5] = MSB(certLen);
-    msg[6] = LSB(certLen);
-    msg[7] = MSB(csLen);
-    msg[8] = LSB(csLen);
-    msg[9] = MSB(SSL_CONNECTIONID_BYTES);
-    msg[10] = LSB(SSL_CONNECTIONID_BYTES);
-    if (certLen) {
-        PORT_Memcpy(msg + SSL_HL_SERVER_HELLO_HBYTES, cert, certLen);
-    }
-    if (csLen) {
-        PORT_Memcpy(msg + SSL_HL_SERVER_HELLO_HBYTES + certLen, cs, csLen);
-    }
-    PORT_Memcpy(msg + SSL_HL_SERVER_HELLO_HBYTES + certLen + csLen,
-                ss->sec.ci.connectionID, SSL_CONNECTIONID_BYTES);
-
-    DUMP_MSG(29, (ss, msg, sendLen));
-
-    ss->handshakeBegun = 1;
-    sent = (*ss->sec.send)(ss, msg, sendLen, 0);
-    if (sent < 0) {
-        goto loser;
-    }
-    ssl_ReleaseXmitBufLock(ss);
-    gotXmitBufLock = 0;
-
-    ss->gs.recordLen = 0;
-    ss->handshake = ssl_GatherRecord1stHandshake;
-    if (hit) {
-        /* Old SID Session key is good. Go encrypted */
-        ssl2_UseEncryptedSendFunc(ss);
-
-        /* Send server verify message now that keys are established */
-        rv = ssl2_SendServerVerifyMessage(ss);
-        if (rv != SECSuccess)
-            goto loser;
-
-        ss->nextHandshake = ssl2_HandleMessage;
-        ssl_ReleaseRecvBufLock(ss);
-        rv = ssl2_TriggerNextMessage(ss);
-        return rv;
-    }
-    ss->nextHandshake = ssl2_HandleClientSessionKeyMessage;
-    ssl_ReleaseRecvBufLock(ss);
-    return SECSuccess;
-
-bad_client:
-    PORT_SetError(SSL_ERROR_BAD_CLIENT);
-/* FALLTHROUGH */
-
-loser:
-    if (gotXmitBufLock) {
-        ssl_ReleaseXmitBufLock(ss);
-        gotXmitBufLock = 0;
-    }
-    SSL_TRC(10, ("%d: SSL[%d]: server, wait for client-hello lossage",
-                 SSL_GETPID(), ss->fd));
-    ssl_ReleaseRecvBufLock(ss);
-    return SECFailure;
-}
-
-SECStatus
-ssl2_BeginServerHandshake(sslSocket *ss)
-{
-    SECStatus rv;
-    sslServerCerts *rsaAuth = ss->serverCerts + kt_rsa;
-
-    ss->sec.isServer = 1;
-    ssl_ChooseSessionIDProcs(&ss->sec);
-    ss->sec.sendSequence = 0;
-    ss->sec.rcvSequence = 0;
-
-    /* don't turn on SSL2 if we don't have an RSA key and cert */
-    if (!rsaAuth->serverKeyPair || !rsaAuth->SERVERKEY ||
-        !rsaAuth->serverCert) {
-        ss->opt.enableSSL2 = PR_FALSE;
-    }
-
-    if (!ss->cipherSpecs) {
-        rv = ssl2_ConstructCipherSpecs(ss);
-        if (rv != SECSuccess)
-            goto loser;
-    }
-
-    /* count the SSL2 and SSL3 enabled ciphers.
-     * if either is zero, clear the socket's enable for that protocol.
-     */
-    rv = ssl2_CheckConfigSanity(ss);
-    if (rv != SECSuccess)
-        goto loser;
-
-    /*
-    ** Generate connection-id. Always do this, even if things fail
-    ** immediately. This way the random number generator is always
-    ** rolling around, every time we get a connection.
-    */
-    PK11_GenerateRandom(ss->sec.ci.connectionID,
-                        sizeof(ss->sec.ci.connectionID));
-
-    ss->gs.recordLen = 0;
-    ss->handshake = ssl_GatherRecord1stHandshake;
-    ss->nextHandshake = ssl2_HandleClientHelloMessage;
-    return SECSuccess;
-
-loser:
-    return SECFailure;
-}
-
-/* This function doesn't really belong in this file.
-** It's here to keep AIX compilers from optimizing it away,
-** and not including it in the DSO.
-*/
-
-#include "nss.h"
-extern const char __nss_ssl_version[];
-
-PRBool
-NSSSSL_VersionCheck(const char *importedVersion)
-{
-#define NSS_VERSION_VARIABLE __nss_ssl_version
-#include "verref.h"
-
-    /*
-     * This is the secret handshake algorithm.
-     *
-     * This release has a simple version compatibility
-     * check algorithm.  This release is not backward
-     * compatible with previous major releases.  It is
-     * not compatible with future major, minor, or
-     * patch releases.
-     */
-    return NSS_VersionCheck(importedVersion);
-}
-
-const char *
-NSSSSL_GetVersion(void)
-{
-    return NSS_VERSION;
-}
diff --git a/chromium/net/third_party/nss/ssl/ssldef.c b/chromium/net/third_party/nss/ssl/ssldef.c
deleted file mode 100644
index 77a744cc7ab..00000000000
--- a/chromium/net/third_party/nss/ssl/ssldef.c
+++ /dev/null
@@ -1,224 +0,0 @@
-/*
- * "Default" SSLSocket methods, used by sockets that do neither SSL nor socks.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "cert.h"
-#include "ssl.h"
-#include "sslimpl.h"
-
-#if defined(WIN32)
-#define MAP_ERROR(from, to) \
-    if (err == from) {      \
-        PORT_SetError(to);  \
-    }
-#define DEFINE_ERROR PRErrorCode err = PR_GetError();
-#else
-#define MAP_ERROR(from, to)
-#define DEFINE_ERROR
-#endif
-
-int
-ssl_DefConnect(sslSocket *ss, const PRNetAddr *sa)
-{
-    PRFileDesc *lower = ss->fd->lower;
-    int rv;
-
-    rv = lower->methods->connect(lower, sa, ss->cTimeout);
-    return rv;
-}
-
-int
-ssl_DefBind(sslSocket *ss, const PRNetAddr *addr)
-{
-    PRFileDesc *lower = ss->fd->lower;
-    int rv;
-
-    rv = lower->methods->bind(lower, addr);
-    return rv;
-}
-
-int
-ssl_DefListen(sslSocket *ss, int backlog)
-{
-    PRFileDesc *lower = ss->fd->lower;
-    int rv;
-
-    rv = lower->methods->listen(lower, backlog);
-    return rv;
-}
-
-int
-ssl_DefShutdown(sslSocket *ss, int how)
-{
-    PRFileDesc *lower = ss->fd->lower;
-    int rv;
-
-    rv = lower->methods->shutdown(lower, how);
-    return rv;
-}
-
-int
-ssl_DefRecv(sslSocket *ss, unsigned char *buf, int len, int flags)
-{
-    PRFileDesc *lower = ss->fd->lower;
-    int rv;
-
-    rv = lower->methods->recv(lower, (void *)buf, len, flags, ss->rTimeout);
-    if (rv < 0) {
-        DEFINE_ERROR
-        MAP_ERROR(PR_SOCKET_SHUTDOWN_ERROR, PR_CONNECT_RESET_ERROR)
-    } else if (rv > len) {
-        PORT_Assert(rv <= len);
-        PORT_SetError(PR_BUFFER_OVERFLOW_ERROR);
-        rv = SECFailure;
-    }
-    return rv;
-}
-
-/* Default (unencrypted) send.
- * For blocking sockets, always returns len or SECFailure, no short writes.
- * For non-blocking sockets:
- *   Returns positive count if any data was written, else returns SECFailure.
- *   Short writes may occur.  Does not return SECWouldBlock.
- */
-int
-ssl_DefSend(sslSocket *ss, const unsigned char *buf, int len, int flags)
-{
-    PRFileDesc *lower = ss->fd->lower;
-    int sent = 0;
-
-#if NSS_DISABLE_NAGLE_DELAYS
-    /* Although this is overkill, we disable Nagle delays completely for
-    ** SSL sockets.
-    */
-    if (ss->opt.useSecurity && !ss->delayDisabled) {
-        ssl_EnableNagleDelay(ss, PR_FALSE); /* ignore error */
-        ss->delayDisabled = 1;
-    }
-#endif
-    do {
-        int rv = lower->methods->send(lower, (const void *)(buf + sent),
-                                      len - sent, flags, ss->wTimeout);
-        if (rv < 0) {
-            PRErrorCode err = PR_GetError();
-            if (err == PR_WOULD_BLOCK_ERROR) {
-                ss->lastWriteBlocked = 1;
-                return sent ? sent : SECFailure;
-            }
-            ss->lastWriteBlocked = 0;
-            MAP_ERROR(PR_CONNECT_ABORTED_ERROR, PR_CONNECT_RESET_ERROR)
-            /* Loser */
-            return rv;
-        }
-        sent += rv;
-
-        if (IS_DTLS(ss) && (len > sent)) {
-            /* We got a partial write so just return it */
-            return sent;
-        }
-    } while (len > sent);
-    ss->lastWriteBlocked = 0;
-    return sent;
-}
-
-int
-ssl_DefRead(sslSocket *ss, unsigned char *buf, int len)
-{
-    PRFileDesc *lower = ss->fd->lower;
-    int rv;
-
-    rv = lower->methods->read(lower, (void *)buf, len);
-    if (rv < 0) {
-        DEFINE_ERROR
-        MAP_ERROR(PR_SOCKET_SHUTDOWN_ERROR, PR_CONNECT_RESET_ERROR)
-    }
-    return rv;
-}
-
-int
-ssl_DefWrite(sslSocket *ss, const unsigned char *buf, int len)
-{
-    PRFileDesc *lower = ss->fd->lower;
-    int sent = 0;
-
-    do {
-        int rv = lower->methods->write(lower, (const void *)(buf + sent),
-                                       len - sent);
-        if (rv < 0) {
-            PRErrorCode err = PR_GetError();
-            if (err == PR_WOULD_BLOCK_ERROR) {
-                ss->lastWriteBlocked = 1;
-                return sent ? sent : SECFailure;
-            }
-            ss->lastWriteBlocked = 0;
-            MAP_ERROR(PR_CONNECT_ABORTED_ERROR, PR_CONNECT_RESET_ERROR)
-            /* Loser */
-            return rv;
-        }
-        sent += rv;
-    } while (len > sent);
-    ss->lastWriteBlocked = 0;
-    return sent;
-}
-
-int
-ssl_DefGetpeername(sslSocket *ss, PRNetAddr *name)
-{
-    PRFileDesc *lower = ss->fd->lower;
-    int rv;
-
-    rv = lower->methods->getpeername(lower, name);
-    return rv;
-}
-
-int
-ssl_DefGetsockname(sslSocket *ss, PRNetAddr *name)
-{
-    PRFileDesc *lower = ss->fd->lower;
-    int rv;
-
-    rv = lower->methods->getsockname(lower, name);
-    return rv;
-}
-
-int
-ssl_DefClose(sslSocket *ss)
-{
-    PRFileDesc *fd;
-    PRFileDesc *popped;
-    int rv;
-
-    fd = ss->fd;
-
-    /* First, remove the SSL layer PRFileDesc from the socket's stack,
-    ** then invoke the SSL layer's PRFileDesc destructor.
-    ** This must happen before the next layer down is closed.
-    */
-    PORT_Assert(fd->higher == NULL);
-    if (fd->higher) {
-        PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
-        return SECFailure;
-    }
-    ss->fd = NULL;
-
-    /* PR_PopIOLayer will swap the contents of the top two PRFileDescs on
-    ** the stack, and then remove the second one.  This way, the address
-    ** of the PRFileDesc on the top of the stack doesn't change.
-    */
-    popped = PR_PopIOLayer(fd, PR_TOP_IO_LAYER);
-    popped->dtor(popped);
-
-    /* fd is now the PRFileDesc for the next layer down.
-    ** Now close the underlying socket.
-    */
-    rv = fd->methods->close(fd);
-
-    ssl_FreeSocket(ss);
-
-    SSL_TRC(5, ("%d: SSL[%d]: closing, rv=%d errno=%d",
-                SSL_GETPID(), fd, rv, PORT_GetError()));
-    return rv;
-}
diff --git a/chromium/net/third_party/nss/ssl/sslenum.c b/chromium/net/third_party/nss/ssl/sslenum.c
deleted file mode 100644
index d362b74ee04..00000000000
--- a/chromium/net/third_party/nss/ssl/sslenum.c
+++ /dev/null
@@ -1,163 +0,0 @@
-/*
- * Table enumerating all implemented cipher suites
- * Part of public API.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "ssl.h"
-#include "sslproto.h"
-
-/*
- * The ordering of cipher suites in this table must match the ordering in
- * the cipherSuites table in ssl3con.c.
- *
- * If new ECC cipher suites are added, also update the ssl3CipherSuite arrays
- * in ssl3ecc.c.
- *
- * Finally, update the ssl_V3_SUITES_IMPLEMENTED macro in sslimpl.h.
- *
- * The ordering is as follows:
- *    * No-encryption cipher suites last
- *    * Export/weak/obsolete cipher suites before no-encryption cipher suites
- *    * Order by key exchange algorithm: ECDHE, then DHE, then ECDH, RSA.
- *    * Within key agreement sections, order by symmetric encryption algorithm:
- *      AES-128, then Camellia-128, then AES-256, then Camellia-256, then SEED,
- *      then FIPS-3DES, then 3DES, then RC4. AES is commonly accepted as a
- *      strong cipher internationally, and is often hardware-accelerated.
- *      Camellia also has wide international support across standards
- *      organizations. SEED is only recommended by the Korean government. 3DES
- *      only provides 112 bits of security. RC4 is now deprecated or forbidden
- *      by many standards organizations.
- *    * Within symmetric algorithm sections, order by message authentication
- *      algorithm: GCM, then HMAC-SHA1, then HMAC-SHA256, then HMAC-MD5.
- *    * Within message authentication algorithm sections, order by asymmetric
- *      signature algorithm: ECDSA, then RSA, then DSS.
- *
- * Exception: Because some servers ignore the high-order byte of the cipher
- * suite ID, we must be careful about adding cipher suites with IDs larger
- * than 0x00ff; see bug 946147. For these broken servers, the first four cipher
- * suites, with the MSB zeroed, look like:
- *      TLS_KRB5_EXPORT_WITH_RC4_40_MD5 { 0x00,0x2B }
- *      TLS_RSA_WITH_AES_128_CBC_SHA { 0x00,0x2F }
- *      TLS_RSA_WITH_3DES_EDE_CBC_SHA { 0x00,0x0A }
- *      TLS_RSA_WITH_DES_CBC_SHA { 0x00,0x09 }
- * The broken server only supports the third and fourth ones and will select
- * the third one.
- */
-const PRUint16 SSL_ImplementedCiphers[] = {
-#ifndef NSS_DISABLE_ECC
-    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-    TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
-    TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
-    /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before
-     * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA to work around bug 946147.
-     */
-    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
-    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
-    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
-    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-    TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
-    TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
-    TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
-    TLS_ECDHE_RSA_WITH_RC4_128_SHA,
-#endif /* NSS_DISABLE_ECC */
-
-    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
-    TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
-    TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
-    TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
-    TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
-    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
-    TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
-    TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
-    TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
-    TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
-    TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
-    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
-    TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
-    TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
-    TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
-    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
-    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
-    TLS_DHE_DSS_WITH_RC4_128_SHA,
-
-#ifndef NSS_DISABLE_ECC
-    TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
-    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
-    TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
-    TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
-    TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
-    TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
-    TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
-    TLS_ECDH_RSA_WITH_RC4_128_SHA,
-#endif /* NSS_DISABLE_ECC */
-
-    TLS_RSA_WITH_AES_128_GCM_SHA256,
-    TLS_RSA_WITH_AES_128_CBC_SHA,
-    TLS_RSA_WITH_AES_128_CBC_SHA256,
-    TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
-    TLS_RSA_WITH_AES_256_CBC_SHA,
-    TLS_RSA_WITH_AES_256_CBC_SHA256,
-    TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
-    TLS_RSA_WITH_SEED_CBC_SHA,
-    SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,
-    TLS_RSA_WITH_3DES_EDE_CBC_SHA,
-    TLS_RSA_WITH_RC4_128_SHA,
-    TLS_RSA_WITH_RC4_128_MD5,
-
-    /* 56-bit DES "domestic" cipher suites */
-    TLS_DHE_RSA_WITH_DES_CBC_SHA,
-    TLS_DHE_DSS_WITH_DES_CBC_SHA,
-    SSL_RSA_FIPS_WITH_DES_CBC_SHA,
-    TLS_RSA_WITH_DES_CBC_SHA,
-
-    /* export ciphersuites with 1024-bit public key exchange keys */
-    TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
-    TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,
-
-    /* export ciphersuites with 512-bit public key exchange keys */
-    TLS_RSA_EXPORT_WITH_RC4_40_MD5,
-    TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
-
-/* ciphersuites with no encryption */
-#ifndef NSS_DISABLE_ECC
-    TLS_ECDHE_ECDSA_WITH_NULL_SHA,
-    TLS_ECDHE_RSA_WITH_NULL_SHA,
-    TLS_ECDH_RSA_WITH_NULL_SHA,
-    TLS_ECDH_ECDSA_WITH_NULL_SHA,
-#endif /* NSS_DISABLE_ECC */
-    TLS_RSA_WITH_NULL_SHA,
-    TLS_RSA_WITH_NULL_SHA256,
-    TLS_RSA_WITH_NULL_MD5,
-
-    /* SSL2 cipher suites. */
-    SSL_EN_RC4_128_WITH_MD5,
-    SSL_EN_RC2_128_CBC_WITH_MD5,
-    SSL_EN_DES_192_EDE3_CBC_WITH_MD5, /* actually 112, not 192 */
-    SSL_EN_DES_64_CBC_WITH_MD5,
-    SSL_EN_RC4_128_EXPORT40_WITH_MD5,
-    SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5,
-
-    0
-
-};
-
-const PRUint16 SSL_NumImplementedCiphers =
-    (sizeof SSL_ImplementedCiphers) / (sizeof SSL_ImplementedCiphers[0]) - 1;
-
-const PRUint16*
-SSL_GetImplementedCiphers(void)
-{
-    return SSL_ImplementedCiphers;
-}
-
-PRUint16
-SSL_GetNumImplementedCiphers(void)
-{
-    return SSL_NumImplementedCiphers;
-}
diff --git a/chromium/net/third_party/nss/ssl/sslerr.c b/chromium/net/third_party/nss/ssl/sslerr.c
deleted file mode 100644
index edb941257d5..00000000000
--- a/chromium/net/third_party/nss/ssl/sslerr.c
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Function to set error code only when meaningful error has not already
- * been set.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "prerror.h"
-#include "secerr.h"
-#include "sslerr.h"
-#include "seccomon.h"
-
-/* look at the current value of PR_GetError, and evaluate it to see
- * if it is meaningful or meaningless (out of context).
- * If it is meaningless, replace it with the hiLevelError.
- * Returns the chosen error value.
- */
-int
-ssl_MapLowLevelError(int hiLevelError)
-{
-    int oldErr = PORT_GetError();
-
-    switch (oldErr) {
-
-        case 0:
-        case PR_IO_ERROR:
-        case SEC_ERROR_IO:
-        case SEC_ERROR_BAD_DATA:
-        case SEC_ERROR_LIBRARY_FAILURE:
-        case SEC_ERROR_EXTENSION_NOT_FOUND:
-        case SSL_ERROR_BAD_CLIENT:
-        case SSL_ERROR_BAD_SERVER:
-        case SSL_ERROR_SESSION_NOT_FOUND:
-            PORT_SetError(hiLevelError);
-            return hiLevelError;
-
-        default: /* leave the majority of error codes alone. */
-            return oldErr;
-    }
-}
diff --git a/chromium/net/third_party/nss/ssl/sslerr.h b/chromium/net/third_party/nss/ssl/sslerr.h
deleted file mode 100644
index 299951ce9f1..00000000000
--- a/chromium/net/third_party/nss/ssl/sslerr.h
+++ /dev/null
@@ -1,234 +0,0 @@
-/*
- * Enumeration of all SSL-specific error codes.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-#ifndef __SSL_ERR_H_
-#define __SSL_ERR_H_
-
-/* clang-format off */
-
-#define SSL_ERROR_BASE                          (-0x3000)
-#define SSL_ERROR_LIMIT                         (SSL_ERROR_BASE + 1000)
-
-#define IS_SSL_ERROR(code) \
-    (((code) >= SSL_ERROR_BASE) && ((code) < SSL_ERROR_LIMIT))
-
-#ifndef NO_SECURITY_ERROR_ENUM
-typedef enum {
-    SSL_ERROR_EXPORT_ONLY_SERVER            = (SSL_ERROR_BASE +  0),
-    SSL_ERROR_US_ONLY_SERVER                = (SSL_ERROR_BASE +  1),
-    SSL_ERROR_NO_CYPHER_OVERLAP             = (SSL_ERROR_BASE +  2),
-    /*
-     * Received an alert reporting what we did wrong.  (more alerts below)
-     */
-    SSL_ERROR_NO_CERTIFICATE /*_ALERT */    = (SSL_ERROR_BASE +  3),
-    SSL_ERROR_BAD_CERTIFICATE               = (SSL_ERROR_BASE +  4),
-    SSL_ERROR_UNUSED_5                      = (SSL_ERROR_BASE +  5),
-                                            /* error 5 is obsolete */
-    SSL_ERROR_BAD_CLIENT                    = (SSL_ERROR_BASE +  6),
-    SSL_ERROR_BAD_SERVER                    = (SSL_ERROR_BASE +  7),
-    SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE  = (SSL_ERROR_BASE +  8),
-    SSL_ERROR_UNSUPPORTED_VERSION           = (SSL_ERROR_BASE +  9),
-    SSL_ERROR_UNUSED_10                     = (SSL_ERROR_BASE + 10),
-                                            /* error 10 is obsolete */
-    SSL_ERROR_WRONG_CERTIFICATE             = (SSL_ERROR_BASE + 11),
-    SSL_ERROR_BAD_CERT_DOMAIN               = (SSL_ERROR_BASE + 12),
-    SSL_ERROR_POST_WARNING                  = (SSL_ERROR_BASE + 13),
-    SSL_ERROR_SSL2_DISABLED                 = (SSL_ERROR_BASE + 14),
-    SSL_ERROR_BAD_MAC_READ                  = (SSL_ERROR_BASE + 15),
-    /*
-     * Received an alert reporting what we did wrong.
-     * (two more alerts above, and many more below)
-     */
-    SSL_ERROR_BAD_MAC_ALERT                 = (SSL_ERROR_BASE + 16),
-    SSL_ERROR_BAD_CERT_ALERT                = (SSL_ERROR_BASE + 17),
-    SSL_ERROR_REVOKED_CERT_ALERT            = (SSL_ERROR_BASE + 18),
-    SSL_ERROR_EXPIRED_CERT_ALERT            = (SSL_ERROR_BASE + 19),
-
-    SSL_ERROR_SSL_DISABLED                  = (SSL_ERROR_BASE + 20),
-    SSL_ERROR_FORTEZZA_PQG                  = (SSL_ERROR_BASE + 21),
-    SSL_ERROR_UNKNOWN_CIPHER_SUITE          = (SSL_ERROR_BASE + 22),
-    SSL_ERROR_NO_CIPHERS_SUPPORTED          = (SSL_ERROR_BASE + 23),
-    SSL_ERROR_BAD_BLOCK_PADDING             = (SSL_ERROR_BASE + 24),
-    SSL_ERROR_RX_RECORD_TOO_LONG            = (SSL_ERROR_BASE + 25),
-    SSL_ERROR_TX_RECORD_TOO_LONG            = (SSL_ERROR_BASE + 26),
-    /*
-     * Received a malformed (too long or short) SSL handshake.
-     */
-    SSL_ERROR_RX_MALFORMED_HELLO_REQUEST    = (SSL_ERROR_BASE + 27),
-    SSL_ERROR_RX_MALFORMED_CLIENT_HELLO     = (SSL_ERROR_BASE + 28),
-    SSL_ERROR_RX_MALFORMED_SERVER_HELLO     = (SSL_ERROR_BASE + 29),
-    SSL_ERROR_RX_MALFORMED_CERTIFICATE      = (SSL_ERROR_BASE + 30),
-    SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH  = (SSL_ERROR_BASE + 31),
-    SSL_ERROR_RX_MALFORMED_CERT_REQUEST     = (SSL_ERROR_BASE + 32),
-    SSL_ERROR_RX_MALFORMED_HELLO_DONE       = (SSL_ERROR_BASE + 33),
-    SSL_ERROR_RX_MALFORMED_CERT_VERIFY      = (SSL_ERROR_BASE + 34),
-    SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH  = (SSL_ERROR_BASE + 35),
-    SSL_ERROR_RX_MALFORMED_FINISHED         = (SSL_ERROR_BASE + 36),
-    /*
-     * Received a malformed (too long or short) SSL record.
-     */
-    SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER    = (SSL_ERROR_BASE + 37),
-    SSL_ERROR_RX_MALFORMED_ALERT            = (SSL_ERROR_BASE + 38),
-    SSL_ERROR_RX_MALFORMED_HANDSHAKE        = (SSL_ERROR_BASE + 39),
-    SSL_ERROR_RX_MALFORMED_APPLICATION_DATA = (SSL_ERROR_BASE + 40),
-    /*
-     * Received an SSL handshake that was inappropriate for the state we're in.
-     * E.g. Server received message from server, or wrong state in state machine.
-     */
-    SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST   = (SSL_ERROR_BASE + 41),
-    SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO    = (SSL_ERROR_BASE + 42),
-    SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO    = (SSL_ERROR_BASE + 43),
-    SSL_ERROR_RX_UNEXPECTED_CERTIFICATE     = (SSL_ERROR_BASE + 44),
-    SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH = (SSL_ERROR_BASE + 45),
-    SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST    = (SSL_ERROR_BASE + 46),
-    SSL_ERROR_RX_UNEXPECTED_HELLO_DONE      = (SSL_ERROR_BASE + 47),
-    SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY     = (SSL_ERROR_BASE + 48),
-    SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH = (SSL_ERROR_BASE + 49),
-    SSL_ERROR_RX_UNEXPECTED_FINISHED        = (SSL_ERROR_BASE + 50),
-    /*
-     * Received an SSL record that was inappropriate for the state we're in.
-     */
-    SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER   = (SSL_ERROR_BASE + 51),
-    SSL_ERROR_RX_UNEXPECTED_ALERT           = (SSL_ERROR_BASE + 52),
-    SSL_ERROR_RX_UNEXPECTED_HANDSHAKE       = (SSL_ERROR_BASE + 53),
-    SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA = (SSL_ERROR_BASE + 54),
-    /*
-     * Received record/message with unknown discriminant.
-     */
-    SSL_ERROR_RX_UNKNOWN_RECORD_TYPE        = (SSL_ERROR_BASE + 55),
-    SSL_ERROR_RX_UNKNOWN_HANDSHAKE          = (SSL_ERROR_BASE + 56),
-    SSL_ERROR_RX_UNKNOWN_ALERT              = (SSL_ERROR_BASE + 57),
-    /*
-     * Received an alert reporting what we did wrong.  (more alerts above)
-     */
-    SSL_ERROR_CLOSE_NOTIFY_ALERT            = (SSL_ERROR_BASE + 58),
-    SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT    = (SSL_ERROR_BASE + 59),
-    SSL_ERROR_DECOMPRESSION_FAILURE_ALERT   = (SSL_ERROR_BASE + 60),
-    SSL_ERROR_HANDSHAKE_FAILURE_ALERT       = (SSL_ERROR_BASE + 61),
-    SSL_ERROR_ILLEGAL_PARAMETER_ALERT       = (SSL_ERROR_BASE + 62),
-    SSL_ERROR_UNSUPPORTED_CERT_ALERT        = (SSL_ERROR_BASE + 63),
-    SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT     = (SSL_ERROR_BASE + 64),
-
-    SSL_ERROR_GENERATE_RANDOM_FAILURE       = (SSL_ERROR_BASE + 65),
-    SSL_ERROR_SIGN_HASHES_FAILURE           = (SSL_ERROR_BASE + 66),
-    SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE    = (SSL_ERROR_BASE + 67),
-    SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE   = (SSL_ERROR_BASE + 68),
-    SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE   = (SSL_ERROR_BASE + 69),
-
-    SSL_ERROR_ENCRYPTION_FAILURE            = (SSL_ERROR_BASE + 70),
-    SSL_ERROR_DECRYPTION_FAILURE            = (SSL_ERROR_BASE + 71), /* don't use */
-    SSL_ERROR_SOCKET_WRITE_FAILURE          = (SSL_ERROR_BASE + 72),
-
-    SSL_ERROR_MD5_DIGEST_FAILURE            = (SSL_ERROR_BASE + 73),
-    SSL_ERROR_SHA_DIGEST_FAILURE            = (SSL_ERROR_BASE + 74),
-    SSL_ERROR_MAC_COMPUTATION_FAILURE       = (SSL_ERROR_BASE + 75),
-    SSL_ERROR_SYM_KEY_CONTEXT_FAILURE       = (SSL_ERROR_BASE + 76),
-    SSL_ERROR_SYM_KEY_UNWRAP_FAILURE        = (SSL_ERROR_BASE + 77),
-    SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED   = (SSL_ERROR_BASE + 78),
-    SSL_ERROR_IV_PARAM_FAILURE              = (SSL_ERROR_BASE + 79),
-    SSL_ERROR_INIT_CIPHER_SUITE_FAILURE     = (SSL_ERROR_BASE + 80),
-    SSL_ERROR_SESSION_KEY_GEN_FAILURE       = (SSL_ERROR_BASE + 81),
-    SSL_ERROR_NO_SERVER_KEY_FOR_ALG         = (SSL_ERROR_BASE + 82),
-    SSL_ERROR_TOKEN_INSERTION_REMOVAL       = (SSL_ERROR_BASE + 83),
-    SSL_ERROR_TOKEN_SLOT_NOT_FOUND          = (SSL_ERROR_BASE + 84),
-    SSL_ERROR_NO_COMPRESSION_OVERLAP        = (SSL_ERROR_BASE + 85),
-    SSL_ERROR_HANDSHAKE_NOT_COMPLETED       = (SSL_ERROR_BASE + 86),
-    SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE      = (SSL_ERROR_BASE + 87),
-    SSL_ERROR_CERT_KEA_MISMATCH             = (SSL_ERROR_BASE + 88),
-    /* SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA became obsolete in NSS 3.14. */
-    SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA      = (SSL_ERROR_BASE + 89),
-    SSL_ERROR_SESSION_NOT_FOUND             = (SSL_ERROR_BASE + 90),
-
-    SSL_ERROR_DECRYPTION_FAILED_ALERT       = (SSL_ERROR_BASE + 91),
-    SSL_ERROR_RECORD_OVERFLOW_ALERT         = (SSL_ERROR_BASE + 92),
-    SSL_ERROR_UNKNOWN_CA_ALERT              = (SSL_ERROR_BASE + 93),
-    SSL_ERROR_ACCESS_DENIED_ALERT           = (SSL_ERROR_BASE + 94),
-    SSL_ERROR_DECODE_ERROR_ALERT            = (SSL_ERROR_BASE + 95),
-    SSL_ERROR_DECRYPT_ERROR_ALERT           = (SSL_ERROR_BASE + 96),
-    SSL_ERROR_EXPORT_RESTRICTION_ALERT      = (SSL_ERROR_BASE + 97),
-    SSL_ERROR_PROTOCOL_VERSION_ALERT        = (SSL_ERROR_BASE + 98),
-    SSL_ERROR_INSUFFICIENT_SECURITY_ALERT   = (SSL_ERROR_BASE + 99),
-    SSL_ERROR_INTERNAL_ERROR_ALERT          = (SSL_ERROR_BASE + 100),
-    SSL_ERROR_USER_CANCELED_ALERT           = (SSL_ERROR_BASE + 101),
-    SSL_ERROR_NO_RENEGOTIATION_ALERT        = (SSL_ERROR_BASE + 102),
-
-    SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED   = (SSL_ERROR_BASE + 103),
-
-    SSL_ERROR_UNSUPPORTED_EXTENSION_ALERT   = (SSL_ERROR_BASE + 104),
-    SSL_ERROR_CERTIFICATE_UNOBTAINABLE_ALERT = (SSL_ERROR_BASE + 105),
-    SSL_ERROR_UNRECOGNIZED_NAME_ALERT       = (SSL_ERROR_BASE + 106),
-    SSL_ERROR_BAD_CERT_STATUS_RESPONSE_ALERT = (SSL_ERROR_BASE + 107),
-    SSL_ERROR_BAD_CERT_HASH_VALUE_ALERT     = (SSL_ERROR_BASE + 108),
-
-    SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET = (SSL_ERROR_BASE + 109),
-    SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET = (SSL_ERROR_BASE + 110),
-
-    SSL_ERROR_DECOMPRESSION_FAILURE         = (SSL_ERROR_BASE + 111),
-    SSL_ERROR_RENEGOTIATION_NOT_ALLOWED     = (SSL_ERROR_BASE + 112),
-    SSL_ERROR_UNSAFE_NEGOTIATION            = (SSL_ERROR_BASE + 113),
-
-    SSL_ERROR_RX_UNEXPECTED_UNCOMPRESSED_RECORD = (SSL_ERROR_BASE + 114),
-
-    SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY  = (SSL_ERROR_BASE + 115),
-
-    SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID    = (SSL_ERROR_BASE + 116),
-
-    SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2 = (SSL_ERROR_BASE + 117),
-    SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SERVERS = (SSL_ERROR_BASE + 118),
-    SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_CLIENTS = (SSL_ERROR_BASE + 119),
-
-    SSL_ERROR_INVALID_VERSION_RANGE         = (SSL_ERROR_BASE + 120),
-    SSL_ERROR_CIPHER_DISALLOWED_FOR_VERSION = (SSL_ERROR_BASE + 121),
-
-    SSL_ERROR_RX_MALFORMED_HELLO_VERIFY_REQUEST = (SSL_ERROR_BASE + 122),
-    SSL_ERROR_RX_UNEXPECTED_HELLO_VERIFY_REQUEST = (SSL_ERROR_BASE + 123),
-
-    SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION = (SSL_ERROR_BASE + 124),
-
-    SSL_ERROR_RX_UNEXPECTED_CERT_STATUS     = (SSL_ERROR_BASE + 125),
-
-    SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM    = (SSL_ERROR_BASE + 126),
-    SSL_ERROR_DIGEST_FAILURE                = (SSL_ERROR_BASE + 127),
-    SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM = (SSL_ERROR_BASE + 128),
-
-    SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK     = (SSL_ERROR_BASE + 129),
-    SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL     = (SSL_ERROR_BASE + 130),
-
-    SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT  = (SSL_ERROR_BASE + 131),
-
-    SSL_ERROR_WEAK_SERVER_CERT_KEY          = (SSL_ERROR_BASE + 132),
-
-    SSL_ERROR_RX_SHORT_DTLS_READ            = (SSL_ERROR_BASE + 133),
-
-    SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM = (SSL_ERROR_BASE + 134),
-    SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM = (SSL_ERROR_BASE + 135),
-
-    SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET = (SSL_ERROR_BASE + 136),
-    SSL_ERROR_UNEXPECTED_EXTENDED_MASTER_SECRET = (SSL_ERROR_BASE + 137),
-
-    SSL_ERROR_RX_MALFORMED_KEY_SHARE        = (SSL_ERROR_BASE + 138),
-    SSL_ERROR_MISSING_KEY_SHARE             = (SSL_ERROR_BASE + 139),
-    SSL_ERROR_RX_MALFORMED_ECDHE_KEY_SHARE  = (SSL_ERROR_BASE + 140),
-    SSL_ERROR_RX_MALFORMED_DHE_KEY_SHARE    = (SSL_ERROR_BASE + 141),
-
-    SSL_ERROR_RX_UNEXPECTED_ENCRYPTED_EXTENSIONS = (SSL_ERROR_BASE + 142),
-    SSL_ERROR_MISSING_EXTENSION_ALERT       = (SSL_ERROR_BASE + 143),
-
-    SSL_ERROR_KEY_EXCHANGE_FAILURE          = (SSL_ERROR_BASE + 144),
-    SSL_ERROR_EXTENSION_DISALLOWED_FOR_VERSION = (SSL_ERROR_BASE + 145),
-    SSL_ERROR_RX_MALFORMED_ENCRYPTED_EXTENSIONS = (SSL_ERROR_BASE + 146),
-
- SSL_ERROR_BAD_CHANNEL_ID_DATA           = (SSL_ERROR_BASE + 147),
- SSL_ERROR_INVALID_CHANNEL_ID_KEY        = (SSL_ERROR_BASE + 148),
- SSL_ERROR_GET_CHANNEL_ID_FAILED         = (SSL_ERROR_BASE + 149),
-
-    SSL_ERROR_END_OF_LIST   /* let the c compiler determine the value of this. */
-} SSLErrorCodes;
-#endif /* NO_SECURITY_ERROR_ENUM */
-
-/* clang-format on */
-
-#endif /* __SSL_ERR_H_ */
diff --git a/chromium/net/third_party/nss/ssl/sslerrstrs.c b/chromium/net/third_party/nss/ssl/sslerrstrs.c
deleted file mode 100644
index 4e3db6d73c3..00000000000
--- a/chromium/net/third_party/nss/ssl/sslerrstrs.c
+++ /dev/null
@@ -1,36 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-#include "prerror.h"
-#include "sslerr.h"
-#include "prinit.h"
-#include "nssutil.h"
-#include "ssl.h"
-
-#define ER3(name, value, str) { #name, str },
-
-static const struct PRErrorMessage ssltext[] = {
-#include "SSLerrs.h"
-    { 0, 0 }
-};
-
-static const struct PRErrorTable ssl_et = {
-    ssltext, "sslerr", SSL_ERROR_BASE,
-    (sizeof ssltext) / (sizeof ssltext[0])
-};
-
-static PRStatus
-ssl_InitializePRErrorTableOnce(void)
-{
-    return PR_ErrorInstallTable(&ssl_et);
-}
-
-static PRCallOnceType once;
-
-SECStatus
-ssl_InitializePRErrorTable(void)
-{
-    return (PR_SUCCESS == PR_CallOnce(&once, ssl_InitializePRErrorTableOnce))
-               ? SECSuccess
-               : SECFailure;
-}
diff --git a/chromium/net/third_party/nss/ssl/sslgathr.c b/chromium/net/third_party/nss/ssl/sslgathr.c
deleted file mode 100644
index 48d615ec0de..00000000000
--- a/chromium/net/third_party/nss/ssl/sslgathr.c
+++ /dev/null
@@ -1,421 +0,0 @@
-/*
- * Gather (Read) entire SSL2 records from socket into buffer.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-#include "cert.h"
-#include "ssl.h"
-#include "sslimpl.h"
-#include "sslproto.h"
-
-/* Forward static declarations */
-static SECStatus ssl2_HandleV3HandshakeRecord(sslSocket *ss);
-
-/*
-** Gather a single record of data from the receiving stream. This code
-** first gathers the header (2 or 3 bytes long depending on the value of
-** the most significant bit in the first byte) then gathers up the data
-** for the record into gs->buf. This code handles non-blocking I/O
-** and is to be called multiple times until ss->sec.recordLen != 0.
-** This function decrypts the gathered record in place, in gs_buf.
- *
- * Caller must hold RecvBufLock.
- *
- * Returns +1 when it has gathered a complete SSLV2 record.
- * Returns  0 if it hits EOF.
- * Returns -1 (SECFailure)    on any error
- * Returns -2 (SECWouldBlock) when it gathers an SSL v3 client hello header.
-**
-** The SSL2 Gather State machine has 4 states:
-** GS_INIT   - Done reading in previous record.  Haven't begun to read in
-**             next record.  When ssl2_GatherData is called with the machine
-**             in this state, the machine will attempt to read the first 3
-**             bytes of the SSL2 record header, and will advance the state
-**             to GS_HEADER.
-**
-** GS_HEADER - The machine is in this state while waiting for the completion
-**             of the first 3 bytes of the SSL2 record.  When complete, the
-**             machine will compute the remaining unread length of this record
-**             and will initiate a read of that many bytes.  The machine will
-**             advance to one of two states, depending on whether the record
-**             is encrypted (GS_MAC), or unencrypted (GS_DATA).
-**
-** GS_MAC    - The machine is in this state while waiting for the remainder
-**             of the SSL2 record to be read in.  When the read is completed,
-**             the machine checks the record for valid length, decrypts it,
-**             and checks and discards the MAC, then advances to GS_INIT.
-**
-** GS_DATA   - The machine is in this state while waiting for the remainder
-**             of the unencrypted SSL2 record to be read in.  Upon completion,
-**             the machine advances to the GS_INIT state and returns the data.
-*/
-int
-ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags)
-{
-    unsigned char *bp;
-    unsigned char *pBuf;
-    int nb, err, rv;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-
-    if (gs->state == GS_INIT) {
-        /* Initialize gathering engine */
-        gs->state = GS_HEADER;
-        gs->remainder = 3;
-        gs->count = 3;
-        gs->offset = 0;
-        gs->recordLen = 0;
-        gs->recordPadding = 0;
-        gs->hdr[2] = 0;
-
-        gs->writeOffset = 0;
-        gs->readOffset = 0;
-    }
-    if (gs->encrypted) {
-        PORT_Assert(ss->sec.hash != 0);
-    }
-
-    pBuf = gs->buf.buf;
-    for (;;) {
-        SSL_TRC(30, ("%d: SSL[%d]: gather state %d (need %d more)",
-                     SSL_GETPID(), ss->fd, gs->state, gs->remainder));
-        bp = ((gs->state != GS_HEADER) ? pBuf : gs->hdr) + gs->offset;
-        nb = ssl_DefRecv(ss, bp, gs->remainder, flags);
-        if (nb > 0) {
-            PRINT_BUF(60, (ss, "raw gather data:", bp, nb));
-        }
-        if (nb == 0) {
-            /* EOF */
-            SSL_TRC(30, ("%d: SSL[%d]: EOF", SSL_GETPID(), ss->fd));
-            rv = 0;
-            break;
-        }
-        if (nb < 0) {
-            SSL_DBG(("%d: SSL[%d]: recv error %d", SSL_GETPID(), ss->fd,
-                     PR_GetError()));
-            rv = SECFailure;
-            break;
-        }
-
-        gs->offset += nb;
-        gs->remainder -= nb;
-
-        if (gs->remainder > 0) {
-            continue;
-        }
-
-        /* Probably finished this piece */
-        switch (gs->state) {
-            case GS_HEADER:
-                if (!SSL3_ALL_VERSIONS_DISABLED(&ss->vrange) && !ss->firstHsDone) {
-
-                    PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss));
-
-                    /* If this looks like an SSL3 handshake record,
-                    ** and we're expecting an SSL2 Hello message from our peer,
-                    ** handle it here.
-                    */
-                    if (gs->hdr[0] == content_handshake) {
-                        if ((ss->nextHandshake == ssl2_HandleClientHelloMessage) ||
-                            (ss->nextHandshake == ssl2_HandleServerHelloMessage)) {
-                            rv = ssl2_HandleV3HandshakeRecord(ss);
-                            if (rv == SECFailure) {
-                                return SECFailure;
-                            }
-                        }
-                        /* XXX_1    The call stack to here is:
-                         * ssl_Do1stHandshake -> ssl_GatherRecord1stHandshake ->
-                         *          ssl2_GatherRecord -> here.
-                         * We want to return all the way out to ssl_Do1stHandshake,
-                         * and have it call ssl_GatherRecord1stHandshake again.
-                         * ssl_GatherRecord1stHandshake will call
-                         * ssl3_GatherCompleteHandshake when it is called again.
-                         *
-                         * Returning SECWouldBlock here causes
-                         * ssl_GatherRecord1stHandshake to return without clearing
-                         * ss->handshake, ensuring that ssl_Do1stHandshake will
-                         * call it again immediately.
-                         *
-                         * If we return 1 here, ssl_GatherRecord1stHandshake will
-                         * clear ss->handshake before returning, and thus will not
-                         * be called again by ssl_Do1stHandshake.
-                         */
-                        return SECWouldBlock;
-                    } else if (gs->hdr[0] == content_alert) {
-                        if (ss->nextHandshake == ssl2_HandleServerHelloMessage) {
-                            /* XXX This is a hack.  We're assuming that any failure
-                             * XXX on the client hello is a failure to match
-                             * XXX ciphers.
-                             */
-                            PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
-                            return SECFailure;
-                        }
-                    }
-                }
-
-                /* we've got the first 3 bytes.  The header may be two or three. */
-                if (gs->hdr[0] & 0x80) {
-                    /* This record has a 2-byte header, and no padding */
-                    gs->count = ((gs->hdr[0] & 0x7f) << 8) | gs->hdr[1];
-                    gs->recordPadding = 0;
-                } else {
-                    /* This record has a 3-byte header that is all read in now. */
-                    gs->count = ((gs->hdr[0] & 0x3f) << 8) | gs->hdr[1];
-                    /*  is_escape =  (gs->hdr[0] & 0x40) != 0; */
-                    gs->recordPadding = gs->hdr[2];
-                }
-                if (!gs->count) {
-                    PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG);
-                    goto cleanup;
-                }
-
-                if (gs->count > gs->buf.space) {
-                    err = sslBuffer_Grow(&gs->buf, gs->count);
-                    if (err) {
-                        return err;
-                    }
-                    pBuf = gs->buf.buf;
-                }
-
-                if (gs->hdr[0] & 0x80) {
-                    /* we've already read in the first byte of the body.
-                    ** Put it into the buffer.
-                    */
-                    pBuf[0] = gs->hdr[2];
-                    gs->offset = 1;
-                    gs->remainder = gs->count - 1;
-                } else {
-                    gs->offset = 0;
-                    gs->remainder = gs->count;
-                }
-
-                if (gs->encrypted) {
-                    gs->state = GS_MAC;
-                    gs->recordLen = gs->count - gs->recordPadding -
-                                    ss->sec.hash->length;
-                } else {
-                    gs->state = GS_DATA;
-                    gs->recordLen = gs->count;
-                }
-
-                break;
-
-            case GS_MAC:
-                /* Have read in entire rest of the ciphertext.
-                ** Check for valid length.
-                ** Decrypt it.
-                ** Check the MAC.
-                */
-                PORT_Assert(gs->encrypted);
-
-                {
-                    unsigned int macLen;
-                    int nout;
-                    unsigned char mac[SSL_MAX_MAC_BYTES];
-
-                    ssl_GetSpecReadLock(ss); /**********************************/
-
-                    /* If this is a stream cipher, blockSize will be 1,
-                     * and this test will always be false.
-                     * If this is a block cipher, this will detect records
-                     * that are not a multiple of the blocksize in length.
-                     */
-                    if (gs->count & (ss->sec.blockSize - 1)) {
-                        /* This is an error. Sender is misbehaving */
-                        SSL_DBG(("%d: SSL[%d]: sender, count=%d blockSize=%d",
-                                 SSL_GETPID(), ss->fd, gs->count,
-                                 ss->sec.blockSize));
-                        PORT_SetError(SSL_ERROR_BAD_BLOCK_PADDING);
-                        rv = SECFailure;
-                        goto spec_locked_done;
-                    }
-                    PORT_Assert(gs->count == gs->offset);
-
-                    if (gs->offset == 0) {
-                        rv = 0; /* means EOF. */
-                        goto spec_locked_done;
-                    }
-
-                    /* Decrypt the portion of data that we just received.
-                    ** Decrypt it in place.
-                    */
-                    rv = (*ss->sec.dec)(ss->sec.readcx, pBuf, &nout, gs->offset,
-                                        pBuf, gs->offset);
-                    if (rv != SECSuccess) {
-                        goto spec_locked_done;
-                    }
-
-                    /* Have read in all the MAC portion of record
-                    **
-                    ** Prepare MAC by resetting it and feeding it the shared secret
-                    */
-                    macLen = ss->sec.hash->length;
-                    if (gs->offset >= macLen) {
-                        PRUint32 sequenceNumber = ss->sec.rcvSequence++;
-                        unsigned char seq[4];
-
-                        seq[0] = (unsigned char)(sequenceNumber >> 24);
-                        seq[1] = (unsigned char)(sequenceNumber >> 16);
-                        seq[2] = (unsigned char)(sequenceNumber >> 8);
-                        seq[3] = (unsigned char)(sequenceNumber);
-
-                        (*ss->sec.hash->begin)(ss->sec.hashcx);
-                        (*ss->sec.hash->update)(ss->sec.hashcx, ss->sec.rcvSecret.data,
-                                                ss->sec.rcvSecret.len);
-                        (*ss->sec.hash->update)(ss->sec.hashcx, pBuf + macLen,
-                                                gs->offset - macLen);
-                        (*ss->sec.hash->update)(ss->sec.hashcx, seq, 4);
-                        (*ss->sec.hash->end)(ss->sec.hashcx, mac, &macLen, macLen);
-
-                        PORT_Assert(macLen == ss->sec.hash->length);
-
-                        ssl_ReleaseSpecReadLock(ss); /******************************/
-
-                        if (NSS_SecureMemcmp(mac, pBuf, macLen) != 0) {
-                            /* MAC's didn't match... */
-                            SSL_DBG(("%d: SSL[%d]: mac check failed, seq=%d",
-                                     SSL_GETPID(), ss->fd, ss->sec.rcvSequence));
-                            PRINT_BUF(1, (ss, "computed mac:", mac, macLen));
-                            PRINT_BUF(1, (ss, "received mac:", pBuf, macLen));
-                            PORT_SetError(SSL_ERROR_BAD_MAC_READ);
-                            rv = SECFailure;
-                            goto cleanup;
-                        }
-                    } else {
-                        ssl_ReleaseSpecReadLock(ss); /******************************/
-                    }
-
-                    if (gs->recordPadding + macLen <= gs->offset) {
-                        gs->recordOffset = macLen;
-                        gs->readOffset = macLen;
-                        gs->writeOffset = gs->offset - gs->recordPadding;
-                        rv = 1;
-                    } else {
-                        PORT_SetError(SSL_ERROR_BAD_BLOCK_PADDING);
-                    cleanup:
-                        /* nothing in the buffer any more. */
-                        gs->recordOffset = 0;
-                        gs->readOffset = 0;
-                        gs->writeOffset = 0;
-                        rv = SECFailure;
-                    }
-
-                    gs->recordLen = gs->writeOffset - gs->readOffset;
-                    gs->recordPadding = 0; /* forget we did any padding. */
-                    gs->state = GS_INIT;
-
-                    if (rv > 0) {
-                        PRINT_BUF(50, (ss, "recv clear record:",
-                                       pBuf + gs->recordOffset, gs->recordLen));
-                    }
-                    return rv;
-
-                spec_locked_done:
-                    ssl_ReleaseSpecReadLock(ss);
-                    return rv;
-                }
-
-            case GS_DATA:
-                /* Have read in all the DATA portion of record */
-
-                gs->recordOffset = 0;
-                gs->readOffset = 0;
-                gs->writeOffset = gs->offset;
-                PORT_Assert(gs->recordLen == gs->writeOffset - gs->readOffset);
-                gs->recordLen = gs->offset;
-                gs->recordPadding = 0;
-                gs->state = GS_INIT;
-
-                ++ss->sec.rcvSequence;
-
-                PRINT_BUF(50, (ss, "recv clear record:",
-                               pBuf + gs->recordOffset, gs->recordLen));
-                return 1;
-
-        } /* end switch gs->state */
-    }     /* end gather loop. */
-    return rv;
-}
-
-/*
-** Gather a single record of data from the receiving stream. This code
-** first gathers the header (2 or 3 bytes long depending on the value of
-** the most significant bit in the first byte) then gathers up the data
-** for the record into the readBuf. This code handles non-blocking I/O
-** and is to be called multiple times until ss->sec.recordLen != 0.
- *
- * Returns +1 when it has gathered a complete SSLV2 record.
- * Returns  0 if it hits EOF.
- * Returns -1 (SECFailure)    on any error
- * Returns -2 (SECWouldBlock)
- *
- * Called by ssl_GatherRecord1stHandshake in sslcon.c,
- * and by DoRecv in sslsecur.c
- * Caller must hold RecvBufLock.
- */
-int
-ssl2_GatherRecord(sslSocket *ss, int flags)
-{
-    return ssl2_GatherData(ss, &ss->gs, flags);
-}
-
-/* Caller should hold RecvBufLock. */
-SECStatus
-ssl_InitGather(sslGather *gs)
-{
-    SECStatus status;
-
-    gs->state = GS_INIT;
-    gs->writeOffset = 0;
-    gs->readOffset = 0;
-    gs->dtlsPacketOffset = 0;
-    gs->dtlsPacket.len = 0;
-    status = sslBuffer_Grow(&gs->buf, 4096);
-    return status;
-}
-
-/* Caller must hold RecvBufLock. */
-void
-ssl_DestroyGather(sslGather *gs)
-{
-    if (gs) { /* the PORT_*Free functions check for NULL pointers. */
-        PORT_ZFree(gs->buf.buf, gs->buf.space);
-        PORT_Free(gs->inbuf.buf);
-        PORT_Free(gs->dtlsPacket.buf);
-    }
-}
-
-/* Caller must hold RecvBufLock. */
-static SECStatus
-ssl2_HandleV3HandshakeRecord(sslSocket *ss)
-{
-    SECStatus rv;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss));
-
-    /* We've read in 3 bytes, there are 2 more to go in an ssl3 header. */
-    ss->gs.remainder = 2;
-    ss->gs.count = 0;
-
-    /* Clearing these handshake pointers ensures that
-     * ssl_Do1stHandshake won't call ssl2_HandleMessage when we return.
-     */
-    ss->nextHandshake = 0;
-    ss->securityHandshake = 0;
-
-    /* Setting ss->version to an SSL 3.x value will cause
-    ** ssl_GatherRecord1stHandshake to invoke ssl3_GatherCompleteHandshake()
-    ** the next time it is called.
-    **/
-    rv = ssl3_NegotiateVersion(ss, SSL_LIBRARY_VERSION_MAX_SUPPORTED,
-                               PR_TRUE);
-    if (rv != SECSuccess) {
-        return rv;
-    }
-
-    ss->sec.send = ssl3_SendApplicationData;
-
-    return SECSuccess;
-}
diff --git a/chromium/net/third_party/nss/ssl/sslimpl.h b/chromium/net/third_party/nss/ssl/sslimpl.h
deleted file mode 100644
index f56ab53c32b..00000000000
--- a/chromium/net/third_party/nss/ssl/sslimpl.h
+++ /dev/null
@@ -1,2161 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
-/*
- * This file is PRIVATE to SSL and should be the first thing included by
- * any SSL implementation file.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef __sslimpl_h_
-#define __sslimpl_h_
-
-#ifdef DEBUG
-#undef NDEBUG
-#else
-#undef NDEBUG
-#define NDEBUG
-#endif
-#include "secport.h"
-#include "secerr.h"
-#include "sslerr.h"
-#include "ssl3prot.h"
-#include "hasht.h"
-#include "nssilock.h"
-#include "pkcs11t.h"
-#if defined(XP_UNIX) || defined(XP_BEOS)
-#include "unistd.h"
-#endif
-#include "nssrwlk.h"
-#include "prthread.h"
-#include "prclist.h"
-
-#include "sslt.h" /* for some formerly private types, now public */
-
-/* to make some of these old enums public without namespace pollution,
-** it was necessary to prepend ssl_ to the names.
-** These #defines preserve compatibility with the old code here in libssl.
-*/
-typedef SSLKEAType SSL3KEAType;
-typedef SSLMACAlgorithm SSL3MACAlgorithm;
-
-#define calg_null ssl_calg_null
-#define calg_rc4 ssl_calg_rc4
-#define calg_rc2 ssl_calg_rc2
-#define calg_des ssl_calg_des
-#define calg_3des ssl_calg_3des
-#define calg_idea ssl_calg_idea
-#define calg_fortezza ssl_calg_fortezza /* deprecated, must preserve */
-#define calg_aes ssl_calg_aes
-#define calg_camellia ssl_calg_camellia
-#define calg_seed ssl_calg_seed
-#define calg_aes_gcm ssl_calg_aes_gcm
-#define calg_chacha20 ssl_calg_chacha20
-
-#define mac_null ssl_mac_null
-#define mac_md5 ssl_mac_md5
-#define mac_sha ssl_mac_sha
-#define hmac_md5 ssl_hmac_md5
-#define hmac_sha ssl_hmac_sha
-#define hmac_sha256 ssl_hmac_sha256
-#define mac_aead ssl_mac_aead
-
-#define SET_ERROR_CODE    /* reminder */
-#define SEND_ALERT        /* reminder */
-#define TEST_FOR_FAILURE  /* reminder */
-#define DEAL_WITH_FAILURE /* reminder */
-
-#if defined(DEBUG) || defined(TRACE)
-#ifdef __cplusplus
-#define Debug 1
-#else
-extern int Debug;
-#endif
-#else
-#undef Debug
-#endif
-
-#if defined(DEBUG) && !defined(TRACE) && !defined(NISCC_TEST)
-#define TRACE
-#endif
-
-#ifdef TRACE
-#define SSL_TRC(a, b)     \
-    if (ssl_trace >= (a)) \
-    ssl_Trace b
-#define PRINT_BUF(a, b)   \
-    if (ssl_trace >= (a)) \
-    ssl_PrintBuf b
-#define DUMP_MSG(a, b)    \
-    if (ssl_trace >= (a)) \
-    ssl_DumpMsg b
-#else
-#define SSL_TRC(a, b)
-#define PRINT_BUF(a, b)
-#define DUMP_MSG(a, b)
-#endif
-
-#ifdef DEBUG
-#define SSL_DBG(b) \
-    if (ssl_debug) \
-    ssl_Trace b
-#else
-#define SSL_DBG(b)
-#endif
-
-#include "private/pprthred.h" /* for PR_InMonitor() */
-#define ssl_InMonitor(m) PZ_InMonitor(m)
-
-#define LSB(x) ((unsigned char)((x)&0xff))
-#define MSB(x) ((unsigned char)(((unsigned)(x)) >> 8))
-
-/************************************************************************/
-
-typedef enum { SSLAppOpRead = 0,
-               SSLAppOpWrite,
-               SSLAppOpRDWR,
-               SSLAppOpPost,
-               SSLAppOpHeader
-} SSLAppOperation;
-
-#define SSL_MIN_MASTER_KEY_BYTES 5
-#define SSL_MAX_MASTER_KEY_BYTES 64
-
-#define SSL2_SESSIONID_BYTES 16
-#define SSL3_SESSIONID_BYTES 32
-
-#define SSL_MIN_CHALLENGE_BYTES 16
-#define SSL_MAX_CHALLENGE_BYTES 32
-#define SSL_CHALLENGE_BYTES 16
-
-#define SSL_CONNECTIONID_BYTES 16
-
-#define SSL_MIN_CYPHER_ARG_BYTES 0
-#define SSL_MAX_CYPHER_ARG_BYTES 32
-
-#define SSL_MAX_MAC_BYTES 16
-
-#define SSL3_RSA_PMS_LENGTH 48
-#define SSL3_MASTER_SECRET_LENGTH 48
-
-/* number of wrap mechanisms potentially used to wrap master secrets. */
-#define SSL_NUM_WRAP_MECHS 16
-
-/* This makes the cert cache entry exactly 4k. */
-#define SSL_MAX_CACHED_CERT_LEN 4060
-
-#define NUM_MIXERS 9
-
-/* Mask of the 25 named curves we support. */
-#define SSL3_ALL_SUPPORTED_CURVES_MASK 0x3fffffe
-/* Mask of only 3 curves, suite B */
-#define SSL3_SUITE_B_SUPPORTED_CURVES_MASK 0x3800000
-
-#ifndef BPB
-#define BPB 8 /* Bits Per Byte */
-#endif
-
-#define EXPORT_RSA_KEY_LENGTH 64 /* bytes */
-
-#define INITIAL_DTLS_TIMEOUT_MS 1000  /* Default value from RFC 4347 = 1s*/
-#define MAX_DTLS_TIMEOUT_MS 60000     /* 1 minute */
-#define DTLS_FINISHED_TIMER_MS 120000 /* Time to wait in FINISHED state */
-
-typedef struct sslBufferStr sslBuffer;
-typedef struct sslConnectInfoStr sslConnectInfo;
-typedef struct sslGatherStr sslGather;
-typedef struct sslSecurityInfoStr sslSecurityInfo;
-typedef struct sslSessionIDStr sslSessionID;
-typedef struct sslSocketStr sslSocket;
-typedef struct sslSocketOpsStr sslSocketOps;
-
-typedef struct ssl3StateStr ssl3State;
-typedef struct ssl3CertNodeStr ssl3CertNode;
-typedef struct ssl3BulkCipherDefStr ssl3BulkCipherDef;
-typedef struct ssl3MACDefStr ssl3MACDef;
-typedef struct ssl3KeyPairStr ssl3KeyPair;
-typedef struct ssl3DHParamsStr ssl3DHParams;
-
-struct ssl3CertNodeStr {
-    struct ssl3CertNodeStr *next;
-    CERTCertificate *cert;
-};
-
-typedef SECStatus (*sslHandshakeFunc)(sslSocket *ss);
-
-/* This type points to the low layer send func,
-** e.g. ssl2_SendStream or ssl3_SendPlainText.
-** These functions return the same values as PR_Send,
-** i.e.  >= 0 means number of bytes sent, < 0 means error.
-*/
-typedef PRInt32 (*sslSendFunc)(sslSocket *ss, const unsigned char *buf,
-                               PRInt32 n, PRInt32 flags);
-
-typedef void (*sslSessionIDCacheFunc)(sslSessionID *sid);
-typedef void (*sslSessionIDUncacheFunc)(sslSessionID *sid);
-typedef sslSessionID *(*sslSessionIDLookupFunc)(const PRIPv6Addr *addr,
-                                                unsigned char *sid,
-                                                unsigned int sidLen,
-                                                CERTCertDBHandle *dbHandle);
-
-/* registerable callback function that either appends extension to buffer
- * or returns length of data that it would have appended.
- */
-typedef PRInt32 (*ssl3HelloExtensionSenderFunc)(sslSocket *ss, PRBool append,
-                                                PRUint32 maxBytes);
-
-/* registerable callback function that handles a received extension,
- * of the given type.
- */
-typedef SECStatus (*ssl3HelloExtensionHandlerFunc)(sslSocket *ss,
-                                                   PRUint16 ex_type,
-                                                   SECItem *data);
-
-/* row in a table of hello extension senders */
-typedef struct {
-    PRInt32 ex_type;
-    ssl3HelloExtensionSenderFunc ex_sender;
-} ssl3HelloExtensionSender;
-
-/* row in a table of hello extension handlers */
-typedef struct {
-    PRInt32 ex_type;
-    ssl3HelloExtensionHandlerFunc ex_handler;
-} ssl3HelloExtensionHandler;
-
-extern SECStatus
-ssl3_RegisterServerHelloExtensionSender(sslSocket *ss, PRUint16 ex_type,
-                                        ssl3HelloExtensionSenderFunc cb);
-
-extern PRInt32
-ssl3_CallHelloExtensionSenders(sslSocket *ss, PRBool append, PRUint32 maxBytes,
-                               const ssl3HelloExtensionSender *sender);
-
-extern unsigned int
-ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength);
-
-extern PRInt32
-ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen,
-                            PRUint32 maxBytes);
-
-/* Socket ops */
-struct sslSocketOpsStr {
-    int (*connect)(sslSocket *, const PRNetAddr *);
-    PRFileDesc *(*accept)(sslSocket *, PRNetAddr *);
-    int (*bind)(sslSocket *, const PRNetAddr *);
-    int (*listen)(sslSocket *, int);
-    int (*shutdown)(sslSocket *, int);
-    int (*close)(sslSocket *);
-
-    int (*recv)(sslSocket *, unsigned char *, int, int);
-
-    /* points to the higher-layer send func, e.g. ssl_SecureSend. */
-    int (*send)(sslSocket *, const unsigned char *, int, int);
-    int (*read)(sslSocket *, unsigned char *, int);
-    int (*write)(sslSocket *, const unsigned char *, int);
-
-    int (*getpeername)(sslSocket *, PRNetAddr *);
-    int (*getsockname)(sslSocket *, PRNetAddr *);
-};
-
-/* Flags interpreted by ssl send functions. */
-#define ssl_SEND_FLAG_FORCE_INTO_BUFFER 0x40000000
-#define ssl_SEND_FLAG_NO_BUFFER 0x20000000
-#define ssl_SEND_FLAG_USE_EPOCH 0x10000000     /* DTLS only */
-#define ssl_SEND_FLAG_NO_RETRANSMIT 0x08000000 /* DTLS only */
-#define ssl_SEND_FLAG_CAP_RECORD_VERSION \
-    0x04000000 /* TLS only */
-#define ssl_SEND_FLAG_MASK 0x7f000000
-
-/*
-** A buffer object.
-*/
-struct sslBufferStr {
-    unsigned char *buf;
-    unsigned int len;
-    unsigned int space;
-};
-
-/*
-** SSL3 cipher suite policy and preference struct.
-*/
-typedef struct {
-#if !defined(_WIN32)
-    unsigned int cipher_suite : 16;
-    unsigned int policy : 8;
-    unsigned int enabled : 1;
-    unsigned int isPresent : 1;
-#else
-    ssl3CipherSuite cipher_suite;
-    PRUint8 policy;
-    unsigned char enabled : 1;
-    unsigned char isPresent : 1;
-#endif
-} ssl3CipherSuiteCfg;
-
-#ifndef NSS_DISABLE_ECC
-#define ssl_V3_SUITES_IMPLEMENTED 67
-#else
-#define ssl_V3_SUITES_IMPLEMENTED 41
-#endif /* NSS_DISABLE_ECC */
-
-#define MAX_DTLS_SRTP_CIPHER_SUITES 4
-
-/* MAX_SIGNATURE_ALGORITHMS allows for a large number of combinations of
- * SSLSignType and SSLHashType, but not all combinations (specifically, this
- * doesn't allow space for combinations with MD5). */
-#define MAX_SIGNATURE_ALGORITHMS 15
-
-/* clang-format off */
-typedef struct sslOptionsStr {
-    /* If SSL_SetNextProtoNego has been called, then this contains the
-     * list of supported protocols. */
-    SECItem nextProtoNego;
-
-    unsigned int useSecurity                : 1;  /*  1 */
-    unsigned int useSocks                   : 1;  /*  2 */
-    unsigned int requestCertificate         : 1;  /*  3 */
-    unsigned int requireCertificate         : 2;  /*  4-5 */
-    unsigned int handshakeAsClient          : 1;  /*  6 */
-    unsigned int handshakeAsServer          : 1;  /*  7 */
-    unsigned int enableSSL2                 : 1;  /*  8 */
-    unsigned int unusedBit9                 : 1;  /*  9 */
-    unsigned int unusedBit10                : 1;  /* 10 */
-    unsigned int noCache                    : 1;  /* 11 */
-    unsigned int fdx                        : 1;  /* 12 */
-    unsigned int v2CompatibleHello          : 1;  /* 13 */
-    unsigned int detectRollBack             : 1;  /* 14 */
-    unsigned int noStepDown                 : 1;  /* 15 */
-    unsigned int bypassPKCS11               : 1;  /* 16 */
-    unsigned int noLocks                    : 1;  /* 17 */
-    unsigned int enableSessionTickets       : 1;  /* 18 */
-    unsigned int enableDeflate              : 1;  /* 19 */
-    unsigned int enableRenegotiation        : 2;  /* 20-21 */
-    unsigned int requireSafeNegotiation     : 1;  /* 22 */
-    unsigned int enableFalseStart           : 1;  /* 23 */
-    unsigned int cbcRandomIV                : 1;  /* 24 */
-    unsigned int enableOCSPStapling         : 1;  /* 25 */
-    unsigned int enableNPN                  : 1;  /* 26 */
-    unsigned int enableALPN                 : 1;  /* 27 */
-    unsigned int reuseServerECDHEKey        : 1;  /* 28 */
-    unsigned int enableFallbackSCSV         : 1;  /* 29 */
-    unsigned int enableServerDhe            : 1;  /* 30 */
-    unsigned int enableExtendedMS           : 1;  /* 31 */
-    unsigned int enableSignedCertTimestamps : 1;  /* 32 */
-} sslOptions;
-/* clang-format on */
-
-typedef enum { sslHandshakingUndetermined = 0,
-               sslHandshakingAsClient,
-               sslHandshakingAsServer
-} sslHandshakingType;
-
-typedef struct sslServerCertsStr {
-    /* Configuration state for server sockets */
-    CERTCertificate *serverCert;
-    CERTCertificateList *serverCertChain;
-    ssl3KeyPair *serverKeyPair;
-    unsigned int serverKeyBits;
-} sslServerCerts;
-
-#define SERVERKEY serverKeyPair->privKey
-
-#define SSL_LOCK_RANK_SPEC 255
-#define SSL_LOCK_RANK_GLOBAL NSS_RWLOCK_RANK_NONE
-
-/* These are the valid values for shutdownHow.
-** These values are each 1 greater than the NSPR values, and the code
-** depends on that relation to efficiently convert PR_SHUTDOWN values
-** into ssl_SHUTDOWN values.  These values use one bit for read, and
-** another bit for write, and can be used as bitmasks.
-*/
-#define ssl_SHUTDOWN_NONE 0 /* NOT shutdown at all */
-#define ssl_SHUTDOWN_RCV 1  /* PR_SHUTDOWN_RCV  +1 */
-#define ssl_SHUTDOWN_SEND 2 /* PR_SHUTDOWN_SEND +1 */
-#define ssl_SHUTDOWN_BOTH 3 /* PR_SHUTDOWN_BOTH +1 */
-
-/*
-** A gather object. Used to read some data until a count has been
-** satisfied. Primarily for support of async sockets.
-** Everything in here is protected by the recvBufLock.
-*/
-struct sslGatherStr {
-    int state; /* see GS_ values below. */ /* ssl 2 & 3 */
-
-    /* "buf" holds received plaintext SSL records, after decrypt and MAC check.
-     * SSL2: recv'd ciphertext records are put here, then decrypted in place.
-     * SSL3: recv'd ciphertext records are put in inbuf (see below), then
-     *       decrypted into buf.
-     */
-    sslBuffer buf; /*recvBufLock*/ /* ssl 2 & 3 */
-
-    /* number of bytes previously read into hdr or buf(ssl2) or inbuf (ssl3).
-    ** (offset - writeOffset) is the number of ciphertext bytes read in but
-    **     not yet deciphered.
-    */
-    unsigned int offset; /* ssl 2 & 3 */
-
-    /* number of bytes to read in next call to ssl_DefRecv (recv) */
-    unsigned int remainder; /* ssl 2 & 3 */
-
-    /* Number of ciphertext bytes to read in after 2-byte SSL record header. */
-    unsigned int count; /* ssl2 only */
-
-    /* size of the final plaintext record.
-    ** == count - (recordPadding + MAC size)
-    */
-    unsigned int recordLen; /* ssl2 only */
-
-    /* number of bytes of padding to be removed after decrypting. */
-    /* This value is taken from the record's hdr[2], which means a too large
-     * value could crash us.
-     */
-    unsigned int recordPadding; /* ssl2 only */
-
-    /* plaintext DATA begins this many bytes into "buf".  */
-    unsigned int recordOffset; /* ssl2 only */
-
-    int encrypted; /* SSL2 session is now encrypted.  ssl2 only */
-
-    /* These next two values are used by SSL2 and SSL3.
-    ** DoRecv uses them to extract application data.
-    ** The difference between writeOffset and readOffset is the amount of
-    ** data available to the application.   Note that the actual offset of
-    ** the data in "buf" is recordOffset (above), not readOffset.
-    ** In the current implementation, this is made available before the
-    ** MAC is checked!!
-    */
-    unsigned int readOffset; /* Spot where DATA reader (e.g. application
-                               ** or handshake code) will read next.
-                               ** Always zero for SSl3 application data.
-                               */
-    /* offset in buf/inbuf/hdr into which new data will be read from socket. */
-    unsigned int writeOffset;
-
-    /* Buffer for ssl3 to read (encrypted) data from the socket */
-    sslBuffer inbuf; /*recvBufLock*/ /* ssl3 only */
-
-    /* The ssl[23]_GatherData functions read data into this buffer, rather
-    ** than into buf or inbuf, while in the GS_HEADER state.
-    ** The portion of the SSL record header put here always comes off the wire
-    ** as plaintext, never ciphertext.
-    ** For SSL2, the plaintext portion is two bytes long.  For SSl3 it is 5.
-    ** For DTLS it is 13.
-    */
-    unsigned char hdr[13]; /* ssl 2 & 3 or dtls */
-
-    /* Buffer for DTLS data read off the wire as a single datagram */
-    sslBuffer dtlsPacket;
-
-    /* the start of the buffered DTLS record in dtlsPacket */
-    unsigned int dtlsPacketOffset;
-};
-
-/* sslGather.state */
-#define GS_INIT 0
-#define GS_HEADER 1
-#define GS_MAC 2
-#define GS_DATA 3
-#define GS_PAD 4
-
-/*
-** ssl3State and CipherSpec structs
-*/
-
-/* The SSL bulk cipher definition */
-typedef enum {
-    cipher_null,
-    cipher_rc4,
-    cipher_rc4_40,
-    cipher_rc4_56,
-    cipher_rc2,
-    cipher_rc2_40,
-    cipher_des,
-    cipher_3des,
-    cipher_des40,
-    cipher_idea,
-    cipher_aes_128,
-    cipher_aes_256,
-    cipher_camellia_128,
-    cipher_camellia_256,
-    cipher_seed,
-    cipher_aes_128_gcm,
-    cipher_chacha20,
-    cipher_missing /* reserved for no such supported cipher */
-    /* This enum must match ssl3_cipherName[] in ssl3con.c.  */
-} SSL3BulkCipher;
-
-typedef enum { type_stream,
-               type_block,
-               type_aead } CipherType;
-
-#define MAX_IV_LENGTH 24
-
-/*
- * Do not depend upon 64 bit arithmetic in the underlying machine.
- */
-typedef struct {
-    PRUint32 high;
-    PRUint32 low;
-} SSL3SequenceNumber;
-
-typedef PRUint16 DTLSEpoch;
-
-typedef void (*DTLSTimerCb)(sslSocket *);
-
-/* 400 is large enough for MD5, SHA-1, and SHA-256.
- * For SHA-384 support, increase it to 712. */
-#define MAX_MAC_CONTEXT_BYTES 400
-#define MAX_MAC_CONTEXT_LLONGS (MAX_MAC_CONTEXT_BYTES / 8)
-
-#define MAX_CIPHER_CONTEXT_BYTES 2080
-#define MAX_CIPHER_CONTEXT_LLONGS (MAX_CIPHER_CONTEXT_BYTES / 8)
-
-typedef struct {
-    SSL3Opaque wrapped_master_secret[48];
-    PRUint16 wrapped_master_secret_len;
-    PRUint8 msIsWrapped;
-    PRUint8 resumable;
-    PRUint8 extendedMasterSecretUsed;
-} ssl3SidKeys; /* 52 bytes */
-
-typedef struct {
-    PK11SymKey *write_key;
-    PK11SymKey *write_mac_key;
-    PK11Context *write_mac_context;
-    SECItem write_key_item;
-    SECItem write_iv_item;
-    SECItem write_mac_key_item;
-    SSL3Opaque write_iv[MAX_IV_LENGTH];
-    PRUint64 cipher_context[MAX_CIPHER_CONTEXT_LLONGS];
-} ssl3KeyMaterial;
-
-typedef SECStatus (*SSLCipher)(void *context,
-                               unsigned char *out,
-                               int *outlen,
-                               int maxout,
-                               const unsigned char *in,
-                               int inlen);
-typedef SECStatus (*SSLAEADCipher)(
-    ssl3KeyMaterial *keys,
-    PRBool doDecrypt,
-    unsigned char *out,
-    int *outlen,
-    int maxout,
-    const unsigned char *in,
-    int inlen,
-    const unsigned char *additionalData,
-    int additionalDataLen);
-typedef SECStatus (*SSLCompressor)(void *context,
-                                   unsigned char *out,
-                                   int *outlen,
-                                   int maxout,
-                                   const unsigned char *in,
-                                   int inlen);
-typedef SECStatus (*SSLDestroy)(void *context, PRBool freeit);
-
-/* The DTLS anti-replay window. Defined here because we need it in
- * the cipher spec. Note that this is a ring buffer but left and
- * right represent the true window, with modular arithmetic used to
- * map them onto the buffer.
- */
-#define DTLS_RECVD_RECORDS_WINDOW 1024 /* Packets; approximate   \
-                                        * Must be divisible by 8 \
-                                        */
-typedef struct DTLSRecvdRecordsStr {
-    unsigned char data[DTLS_RECVD_RECORDS_WINDOW / 8];
-    PRUint64 left;
-    PRUint64 right;
-} DTLSRecvdRecords;
-
-/*
-** These are the "specs" in the "ssl3" struct.
-** Access to the pointers to these specs, and all the specs' contents
-** (direct and indirect) is protected by the reader/writer lock ss->specLock.
-*/
-typedef struct {
-    const ssl3BulkCipherDef *cipher_def;
-    const ssl3MACDef *mac_def;
-    SSLCompressionMethod compression_method;
-    int mac_size;
-    SSLCipher encode;
-    SSLCipher decode;
-    SSLAEADCipher aead;
-    SSLDestroy destroy;
-    void *encodeContext;
-    void *decodeContext;
-    SSLCompressor compressor;   /* Don't name these fields compress */
-    SSLCompressor decompressor; /* and uncompress because zconf.h   */
-                                /* may define them as macros.       */
-    SSLDestroy destroyCompressContext;
-    void *compressContext;
-    SSLDestroy destroyDecompressContext;
-    void *decompressContext;
-    PRBool bypassCiphers; /* did double bypass (at least) */
-    PK11SymKey *master_secret;
-    SSL3SequenceNumber write_seq_num;
-    SSL3SequenceNumber read_seq_num;
-    SSL3ProtocolVersion version;
-    ssl3KeyMaterial client;
-    ssl3KeyMaterial server;
-    SECItem msItem;
-    unsigned char key_block[NUM_MIXERS * MD5_LENGTH];
-    unsigned char raw_master_secret[56];
-    SECItem srvVirtName; /* for server: name that was negotiated
-                          * with a client. For client - is
-                          * always set to NULL.*/
-    DTLSEpoch epoch;
-    DTLSRecvdRecords recvdRecords;
-} ssl3CipherSpec;
-
-typedef enum { never_cached,
-               in_client_cache,
-               in_server_cache,
-               invalid_cache /* no longer in any cache. */
-} Cached;
-
-#define MAX_PEER_CERT_CHAIN_SIZE 8
-
-struct sslSessionIDStr {
-    /* The global cache lock must be held when accessing these members when the
-     * sid is in any cache.
-     */
-    sslSessionID *next; /* chain used for client sockets, only */
-    Cached cached;
-    int references;
-    PRUint32 lastAccessTime; /* seconds since Jan 1, 1970 */
-
-    /* The rest of the members, except for the members of u.ssl3.locked, may
-     * be modified only when the sid is not in any cache.
-     */
-
-    CERTCertificate *peerCert;
-    CERTCertificate *peerCertChain[MAX_PEER_CERT_CHAIN_SIZE];
-    SECItemArray peerCertStatus; /* client only */
-    const char *peerID;          /* client only */
-    const char *urlSvrName;      /* client only */
-    CERTCertificate *localCert;
-
-    PRIPv6Addr addr;
-    PRUint16 port;
-
-    SSL3ProtocolVersion version;
-
-    PRUint32 creationTime;   /* seconds since Jan 1, 1970 */
-    PRUint32 expirationTime; /* seconds since Jan 1, 1970 */
-
-    SSLSignType authAlgorithm;
-    PRUint32 authKeyBits;
-    SSLKEAType keaType;
-    PRUint32 keaKeyBits;
-
-    union {
-        struct {
-            /* the V2 code depends upon the size of sessionID.  */
-            unsigned char sessionID[SSL2_SESSIONID_BYTES];
-
-            /* Stuff used to recreate key and read/write cipher objects */
-            SECItem masterKey; /* never wrapped */
-            int cipherType;
-            SECItem cipherArg;
-            int keyBits;
-            int secretKeyBits;
-        } ssl2;
-        struct {
-            /* values that are copied into the server's on-disk SID cache. */
-            PRUint8 sessionIDLength;
-            SSL3Opaque sessionID[SSL3_SESSIONID_BYTES];
-
-            ssl3CipherSuite cipherSuite;
-            SSLCompressionMethod compression;
-            int policy;
-            ssl3SidKeys keys;
-            CK_MECHANISM_TYPE masterWrapMech;
-            /* mechanism used to wrap master secret */
-            SSL3KEAType exchKeyType;
-            /* key type used in exchange algorithm,
-             * and to wrap the sym wrapping key. */
-#ifndef NSS_DISABLE_ECC
-            PRUint32 negotiatedECCurves;
-#endif /* NSS_DISABLE_ECC */
-
-            /* The following values are NOT restored from the server's on-disk
-             * session cache, but are restored from the client's cache.
-             */
-            PK11SymKey *clientWriteKey;
-            PK11SymKey *serverWriteKey;
-
-            /* The following values pertain to the slot that wrapped the
-            ** master secret. (used only in client)
-            */
-            SECMODModuleID masterModuleID;
-            /* what module wrapped the master secret */
-            CK_SLOT_ID masterSlotID;
-            PRUint16 masterWrapIndex;
-            /* what's the key index for the wrapping key */
-            PRUint16 masterWrapSeries;
-            /* keep track of the slot series, so we don't
-             * accidently try to use new keys after the
-             * card gets removed and replaced.*/
-
-            /* The following values pertain to the slot that did the signature
-            ** for client auth.   (used only in client)
-            */
-            SECMODModuleID clAuthModuleID;
-            CK_SLOT_ID clAuthSlotID;
-            PRUint16 clAuthSeries;
-
-            char masterValid;
-            char clAuthValid;
-
-            SECItem srvName;
-
-            /* originalHandshakeHash contains the hash of the original, full
-             * handshake prior to the server's final flow. This is either a
-             * SHA-1/MD5 combination (for TLS < 1.2) or the TLS PRF hash (for
-             * TLS 1.2). This is recorded and used only when ChannelID is
-             * negotiated as it's used to bind the ChannelID signature on the
-             * resumption handshake to the original handshake. */
-            SECItem originalHandshakeHash;
-
-            /* Signed certificate timestamps received in a TLS extension.
-            ** (used only in client).
-            */
-            SECItem signedCertTimestamps;
-
-            /* This lock is lazily initialized by CacheSID when a sid is first
-             * cached. Before then, there is no need to lock anything because
-             * the sid isn't being shared by anything.
-             */
-            PRRWLock *lock;
-
-            /* The lock must be held while reading or writing these members
-             * because they change while the sid is cached.
-             */
-            struct {
-                /* The session ticket, if we have one, is sent as an extension
-                 * in the ClientHello message. This field is used only by
-                 * clients. It is protected by lock when lock is non-null
-                 * (after the sid has been added to the client session cache).
-                 */
-                NewSessionTicket sessionTicket;
-            } locked;
-        } ssl3;
-    } u;
-};
-
-typedef struct ssl3CipherSuiteDefStr {
-    ssl3CipherSuite cipher_suite;
-    SSL3BulkCipher bulk_cipher_alg;
-    SSL3MACAlgorithm mac_alg;
-    SSL3KeyExchangeAlgorithm key_exchange_alg;
-} ssl3CipherSuiteDef;
-
-/*
-** There are tables of these, all const.
-*/
-typedef struct {
-    SSL3KeyExchangeAlgorithm kea;
-    SSL3KEAType exchKeyType;
-    SSLSignType signKeyType;
-    /* For export cipher suites:
-     * is_limited identifies a suite as having a limit on the key size.
-     * key_size_limit provides the corresponding limit. */
-    PRBool is_limited;
-    unsigned int key_size_limit;
-    PRBool tls_keygen;
-    /* True if the key exchange for the suite is ephemeral.  Or to be more
-     * precise: true if the ServerKeyExchange message is always required. */
-    PRBool ephemeral;
-    /* An OID describing the key exchange */
-    SECOidTag oid;
-} ssl3KEADef;
-
-/*
-** There are tables of these, all const.
-*/
-struct ssl3BulkCipherDefStr {
-    SSL3BulkCipher cipher;
-    SSLCipherAlgorithm calg;
-    int key_size;
-    int secret_key_size;
-    CipherType type;
-    int iv_size;
-    int block_size;
-    int tag_size;            /* authentication tag size for AEAD ciphers. */
-    int explicit_nonce_size; /* for AEAD ciphers. */
-    SECOidTag oid;
-};
-
-/*
-** There are tables of these, all const.
-*/
-struct ssl3MACDefStr {
-    SSL3MACAlgorithm mac;
-    CK_MECHANISM_TYPE mmech;
-    int pad_size;
-    int mac_size;
-    SECOidTag oid;
-};
-
-typedef enum {
-    wait_client_hello,
-    wait_client_cert,
-    wait_client_key,
-    wait_cert_verify,
-    wait_change_cipher,
-    wait_finished,
-    wait_server_hello,
-    wait_certificate_status,
-    wait_server_cert,
-    wait_server_key,
-    wait_cert_request,
-    wait_hello_done,
-    wait_new_session_ticket,
-    wait_encrypted_extensions,
-    idle_handshake,
-    wait_invalid /* Invalid value. There is no handshake message "invalid". */
-} SSL3WaitState;
-
-/*
- * TLS extension related constants and data structures.
- */
-typedef struct TLSExtensionDataStr TLSExtensionData;
-typedef struct SessionTicketDataStr SessionTicketData;
-
-struct TLSExtensionDataStr {
-    /* registered callbacks that send server hello extensions */
-    ssl3HelloExtensionSender serverHelloSenders[SSL_MAX_EXTENSIONS];
-    ssl3HelloExtensionSender encryptedExtensionsSenders[SSL_MAX_EXTENSIONS];
-
-    /* Keep track of the extensions that are negotiated. */
-    PRUint16 numAdvertised;
-    PRUint16 numNegotiated;
-    PRUint16 advertised[SSL_MAX_EXTENSIONS];
-    PRUint16 negotiated[SSL_MAX_EXTENSIONS];
-
-    /* SessionTicket Extension related data. */
-    PRBool ticketTimestampVerified;
-    PRBool emptySessionTicket;
-    PRBool sentSessionTicketInClientHello;
-
-    /* SNI Extension related data
-     * Names data is not coppied from the input buffer. It can not be
-     * used outside the scope where input buffer is defined and that
-     * is beyond ssl3_HandleClientHello function. */
-    SECItem *sniNameArr;
-    PRUint32 sniNameArrSize;
-
-    /* Signed Certificate Timestamps extracted from the TLS extension.
-     * (client only).
-     * This container holds a temporary pointer to the extension data,
-     * until a session structure (the sec.ci.sid of an sslSocket) is setup
-     * that can hold a permanent copy of the data
-     * (in sec.ci.sid.u.ssl3.signedCertTimestamps).
-     * The data pointed to by this structure is neither explicitly allocated
-     * nor copied: the pointer points to the handshake message buffer and is
-     * only valid in the scope of ssl3_HandleServerHello.
-     */
-    SECItem signedCertTimestamps;
-};
-
-typedef SECStatus (*sslRestartTarget)(sslSocket *);
-
-/*
-** A DTLS queued message (potentially to be retransmitted)
-*/
-typedef struct DTLSQueuedMessageStr {
-    PRCList link;         /* The linked list link */
-    DTLSEpoch epoch;      /* The epoch to use */
-    SSL3ContentType type; /* The message type */
-    unsigned char *data;  /* The data */
-    PRUint16 len;         /* The data length */
-} DTLSQueuedMessage;
-
-typedef struct TLS13KeyShareEntryStr {
-    PRCList link;         /* The linked list link */
-    PRUint16 group;       /* The group for the entry */
-    SECItem key_exchange; /* The share itself */
-} TLS13KeyShareEntry;
-
-typedef enum {
-    handshake_hash_unknown = 0,
-    handshake_hash_combo = 1, /* The MD5/SHA-1 combination */
-    handshake_hash_single = 2 /* A single hash */
-} SSL3HandshakeHashType;
-
-/*
-** This is the "hs" member of the "ssl3" struct.
-** This entire struct is protected by ssl3HandshakeLock
-*/
-typedef struct SSL3HandshakeStateStr {
-    SSL3Random server_random;
-    SSL3Random client_random;
-    SSL3WaitState ws; /* May also contain SSL3WaitState | 0x80 for TLS 1.3 */
-
-    /* This group of members is used for handshake running hashes. */
-    SSL3HandshakeHashType hashType;
-    sslBuffer messages; /* Accumulated handshake messages */
-#ifndef NO_PKCS11_BYPASS
-    /* Bypass mode:
-     * SSL 3.0 - TLS 1.1 use both |md5_cx| and |sha_cx|. |md5_cx| is used for
-     * MD5 and |sha_cx| for SHA-1.
-     * TLS 1.2 and later use only |sha_cx|, for SHA-256. NOTE: When we support
-     * SHA-384, increase MAX_MAC_CONTEXT_BYTES to 712. */
-    PRUint64 md5_cx[MAX_MAC_CONTEXT_LLONGS];
-    PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS];
-    const SECHashObject *sha_obj;
-    /* The function prototype of sha_obj->clone() does not match the prototype
-     * of the freebl <HASH>_Clone functions, so we need a dedicated function
-     * pointer for the <HASH>_Clone function. */
-    void (*sha_clone)(void *dest, void *src);
-#endif
-    /* PKCS #11 mode:
-     * SSL 3.0 - TLS 1.1 use both |md5| and |sha|. |md5| is used for MD5 and
-     * |sha| for SHA-1.
-     * TLS 1.2 and later use only |sha|, for SHA-256. */
-    /* NOTE: On the client side, TLS 1.2 and later use |md5| as a backup
-     * handshake hash for generating client auth signatures. Confusingly, the
-     * backup hash function is SHA-1. */
-#define backupHash md5
-    PK11Context *md5;
-    PK11Context *sha;
-
-    const ssl3KEADef *kea_def;
-    ssl3CipherSuite cipher_suite;
-    const ssl3CipherSuiteDef *suite_def;
-    SSLCompressionMethod compression;
-    sslBuffer msg_body; /* protected by recvBufLock */
-                        /* partial handshake message from record layer */
-    unsigned int header_bytes;
-    /* number of bytes consumed from handshake */
-    /* message for message type and header length */
-    SSL3HandshakeType msg_type;
-    unsigned long msg_len;
-    SECItem ca_list;        /* used only by client */
-    PRBool isResuming;      /* are we resuming a session */
-    PRBool usedStepDownKey; /* we did a server key exchange. */
-    PRBool sendingSCSV;     /* instead of empty RI */
-    sslBuffer msgState;     /* current state for handshake messages*/
-                            /* protected by recvBufLock */
-
-    /* The session ticket received in a NewSessionTicket message is temporarily
-     * stored in newSessionTicket until the handshake is finished; then it is
-     * moved to the sid.
-     */
-    PRBool receivedNewSessionTicket;
-    NewSessionTicket newSessionTicket;
-
-    PRUint16 finishedBytes; /* size of single finished below */
-    union {
-        TLSFinished tFinished[2]; /* client, then server */
-        SSL3Finished sFinished[2];
-        SSL3Opaque data[72];
-    } finishedMsgs;
-#ifndef NSS_DISABLE_ECC
-    PRUint32 negotiatedECCurves; /* bit mask */
-#endif                           /* NSS_DISABLE_ECC */
-
-    PRBool authCertificatePending;
-    /* Which function should SSL_RestartHandshake* call if we're blocked?
-     * One of NULL, ssl3_SendClientSecondRound, ssl3_FinishHandshake,
-     * or ssl3_AlwaysFail */
-    sslRestartTarget restartTarget;
-    /* Shared state between ssl3_HandleFinished and ssl3_FinishHandshake */
-    PRBool cacheSID;
-
-    PRBool canFalseStart; /* Can/did we False Start */
-    /* Which preliminaryinfo values have been set. */
-    PRUint32 preliminaryInfo;
-
-    /* clientSigAndHash contains the contents of the signature_algorithms
-     * extension (if any) from the client. This is only valid for TLS 1.2
-     * or later. */
-    SSLSignatureAndHashAlg *clientSigAndHash;
-    unsigned int numClientSigAndHash;
-
-    /* This group of values is used for DTLS */
-    PRUint16 sendMessageSeq;       /* The sending message sequence
-                                    * number */
-    PRCList lastMessageFlight;     /* The last message flight we
-                                    * sent */
-    PRUint16 maxMessageSent;       /* The largest message we sent */
-    PRUint16 recvMessageSeq;       /* The receiving message sequence
-                                    * number */
-    sslBuffer recvdFragments;      /* The fragments we have received in
-                                    * a bitmask */
-    PRInt32 recvdHighWater;        /* The high water mark for fragments
-                                    * received. -1 means no reassembly
-                                    * in progress. */
-    unsigned char cookie[32];      /* The cookie */
-    unsigned char cookieLen;       /* The length of the cookie */
-    PRIntervalTime rtTimerStarted; /* When the timer was started */
-    DTLSTimerCb rtTimerCb;         /* The function to call on expiry */
-    PRUint32 rtTimeoutMs;          /* The length of the current timeout
-                                    * used for backoff (in ms) */
-    PRUint32 rtRetries;            /* The retry counter */
-
-    /* This group of values is used for TLS 1.3 and above */
-    PRCList remoteKeyShares;           /* The other side's public keys */
-    PK11SymKey *xSS;                   /* Extracted static secret */
-    PK11SymKey *xES;                   /* Extracted ephemeral secret */
-    PK11SymKey *trafficSecret;         /* The source key to use to generate
-                                        * traffic keys */
-    PK11SymKey *clientFinishedSecret;  /* Used for client Finished */
-    PK11SymKey *serverFinishedSecret;  /* Used for server Finished */
-    unsigned char certReqContext[255]; /* Ties CertificateRequest
-                                        * to Certificate */
-    PRUint8 certReqContextLen;         /* Length of the context
-                                        * cannot be greater than 255. */
-} SSL3HandshakeState;
-
-/*
-** This is the "ssl3" struct, as in "ss->ssl3".
-** note:
-** usually,   crSpec == cwSpec and prSpec == pwSpec.
-** Sometimes, crSpec == pwSpec and prSpec == cwSpec.
-** But there are never more than 2 actual specs.
-** No spec must ever be modified if either "current" pointer points to it.
-*/
-struct ssl3StateStr {
-
-    /*
-    ** The following Specs and Spec pointers must be protected using the
-    ** Spec Lock.
-    */
-    ssl3CipherSpec *crSpec; /* current read spec. */
-    ssl3CipherSpec *prSpec; /* pending read spec. */
-    ssl3CipherSpec *cwSpec; /* current write spec. */
-    ssl3CipherSpec *pwSpec; /* pending write spec. */
-
-    CERTCertificate *clientCertificate;   /* used by client */
-    SECKEYPrivateKey *clientPrivateKey;   /* used by client */
-    CERTCertificateList *clientCertChain; /* used by client */
-    PRBool sendEmptyCert;                 /* used by client */
-
-    SECKEYPrivateKey *channelID;   /* used by client */
-    SECKEYPublicKey *channelIDPub; /* used by client */
-
-    int policy;
-    /* This says what cipher suites we can do, and should
-     * be either SSL_ALLOWED or SSL_RESTRICTED
-     */
-    PLArenaPool *peerCertArena;
-    /* These are used to keep track of the peer CA */
-    void *peerCertChain;
-    /* chain while we are trying to validate it.   */
-    CERTDistNames *ca_list;
-    /* used by server.  trusted CAs for this socket. */
-    PRBool initialized;
-    SSL3HandshakeState hs;
-    ssl3CipherSpec specs[2]; /* one is current, one is pending. */
-
-    /* In a client: if the server supports Next Protocol Negotiation, then
-     * this is the protocol that was negotiated.
-     */
-    SECItem nextProto;
-    SSLNextProtoState nextProtoState;
-
-    PRUint16 mtu; /* Our estimate of the MTU */
-
-    /* DTLS-SRTP cipher suite preferences (if any) */
-    PRUint16 dtlsSRTPCiphers[MAX_DTLS_SRTP_CIPHER_SUITES];
-    PRUint16 dtlsSRTPCipherCount;
-    PRUint16 dtlsSRTPCipherSuite; /* 0 if not selected */
-    PRBool fatalAlertSent;
-    PRUint16 numDHEGroups;      /* used by server */
-    SSLDHEGroupType *dheGroups; /* used by server */
-    PRBool dheWeakGroupEnabled; /* used by server */
-
-    /* TLS 1.2 introduces separate signature algorithm negotiation.
-     * This is our preference order. */
-    SSLSignatureAndHashAlg signatureAlgorithms[MAX_SIGNATURE_ALGORITHMS];
-    unsigned int signatureAlgorithmCount;
-
-    /* The version to check if we fell back from our highest version
-     * of TLS. Default is 0 in which case we check against the maximum
-     * configured version for this socket. Used only on the client. */
-    SSL3ProtocolVersion downgradeCheckVersion;
-};
-
-/* Ethernet MTU but without subtracting the headers,
- * so slightly larger than expected */
-#define DTLS_MAX_MTU 1500U
-#define IS_DTLS(ss) (ss->protocolVariant == ssl_variant_datagram)
-
-typedef struct {
-    SSL3ContentType type;
-    SSL3ProtocolVersion version;
-    SSL3SequenceNumber seq_num; /* DTLS only */
-    sslBuffer *buf;
-} SSL3Ciphertext;
-
-struct ssl3KeyPairStr {
-    SECKEYPrivateKey *privKey;
-    SECKEYPublicKey *pubKey;
-    PRInt32 refCount; /* use PR_Atomic calls for this. */
-};
-
-struct ssl3DHParamsStr {
-    SECItem prime; /* p */
-    SECItem base;  /* g */
-};
-
-typedef struct SSLWrappedSymWrappingKeyStr {
-    SSL3Opaque wrappedSymmetricWrappingkey[512];
-    CK_MECHANISM_TYPE symWrapMechanism;
-    /* unwrapped symmetric wrapping key uses this mechanism */
-    CK_MECHANISM_TYPE asymWrapMechanism;
-    /* mechanism used to wrap the SymmetricWrappingKey using
-     * server's public and/or private keys. */
-    SSL3KEAType exchKeyType; /* type of keys used to wrap SymWrapKey*/
-    PRInt32 symWrapMechIndex;
-    PRUint16 wrappedSymKeyLen;
-} SSLWrappedSymWrappingKey;
-
-typedef struct SessionTicketStr {
-    PRUint16 ticket_version;
-    SSL3ProtocolVersion ssl_version;
-    ssl3CipherSuite cipher_suite;
-    SSLCompressionMethod compression_method;
-    SSLSignType authAlgorithm;
-    PRUint32 authKeyBits;
-    SSLKEAType keaType;
-    PRUint32 keaKeyBits;
-    /*
-     * exchKeyType and msWrapMech contain meaningful values only if
-     * ms_is_wrapped is true.
-     */
-    PRUint8 ms_is_wrapped;
-    SSLKEAType exchKeyType; /* XXX(wtc): same as keaType above? */
-    CK_MECHANISM_TYPE msWrapMech;
-    PRUint16 ms_length;
-    SSL3Opaque master_secret[48];
-    PRBool extendedMasterSecretUsed;
-    ClientIdentity client_identity;
-    SECItem peer_cert;
-    PRUint32 timestamp;
-    SECItem srvName; /* negotiated server name */
-} SessionTicket;
-
-/*
- * SSL2 buffers used in SSL3.
- *     writeBuf in the SecurityInfo maintained by sslsecur.c is used
- *              to hold the data just about to be passed to the kernel
- *     sendBuf in the ConnectInfo maintained by sslcon.c is used
- *              to hold handshake messages as they are accumulated
- */
-
-/*
-** This is "ci", as in "ss->sec.ci".
-**
-** Protection:  All the variables in here are protected by
-** firstHandshakeLock AND (in ssl3) ssl3HandshakeLock
-*/
-struct sslConnectInfoStr {
-    /* outgoing handshakes appended to this. */
-    sslBuffer sendBuf; /*xmitBufLock*/ /* ssl 2 & 3 */
-
-    PRIPv6Addr peer;     /* ssl 2 & 3 */
-    unsigned short port; /* ssl 2 & 3 */
-
-    sslSessionID *sid; /* ssl 2 & 3 */
-
-    /* see CIS_HAVE defines below for the bit values in *elements. */
-    char elements;         /* ssl2 only */
-    char requiredElements; /* ssl2 only */
-    char sentElements;     /* ssl2 only */
-
-    char sentFinished; /* ssl2 only */
-
-    /* Length of server challenge.  Used by client when saving challenge */
-    int serverChallengeLen; /* ssl2 only */
-    /* type of authentication requested by server */
-    unsigned char authType; /* ssl2 only */
-
-    /* Challenge sent by client to server in client-hello message */
-    /* SSL3 gets a copy of this.  See ssl3_StartHandshakeHash().  */
-    unsigned char clientChallenge[SSL_MAX_CHALLENGE_BYTES]; /* ssl 2 & 3 */
-
-    /* Connection-id sent by server to client in server-hello message */
-    unsigned char connectionID[SSL_CONNECTIONID_BYTES]; /* ssl2 only */
-
-    /* Challenge sent by server to client in request-certificate message */
-    unsigned char serverChallenge[SSL_MAX_CHALLENGE_BYTES]; /* ssl2 only */
-
-    /* Information kept to handle a request-certificate message */
-    unsigned char readKey[SSL_MAX_MASTER_KEY_BYTES];  /* ssl2 only */
-    unsigned char writeKey[SSL_MAX_MASTER_KEY_BYTES]; /* ssl2 only */
-    unsigned keySize;                                 /* ssl2 only */
-};
-
-/* bit values for ci->elements, ci->requiredElements, sentElements. */
-#define CIS_HAVE_MASTER_KEY 0x01
-#define CIS_HAVE_CERTIFICATE 0x02
-#define CIS_HAVE_FINISHED 0x04
-#define CIS_HAVE_VERIFY 0x08
-
-/* Note: The entire content of this struct and whatever it points to gets
- * blown away by SSL_ResetHandshake().  This is "sec" as in "ss->sec".
- *
- * Unless otherwise specified below, the contents of this struct are
- * protected by firstHandshakeLock AND (in ssl3) ssl3HandshakeLock.
- */
-struct sslSecurityInfoStr {
-    sslSendFunc send; /*xmitBufLock*/   /* ssl 2 & 3 */
-    int isServer; /* Spec Lock?*/       /* ssl 2 & 3 */
-    sslBuffer writeBuf; /*xmitBufLock*/ /* ssl 2 & 3 */
-
-    int cipherType;             /* ssl 2 & 3 */
-    int keyBits;                /* ssl 2 & 3 */
-    int secretKeyBits;          /* ssl 2 & 3 */
-    CERTCertificate *localCert; /* ssl 2 & 3 */
-    CERTCertificate *peerCert;  /* ssl 2 & 3 */
-    SECKEYPublicKey *peerKey;   /* ssl3 only */
-
-    SSLSignType authAlgorithm;
-    PRUint32 authKeyBits;
-    SSLKEAType keaType;
-    PRUint32 keaKeyBits;
-
-    /*
-    ** Procs used for SID cache (nonce) management.
-    ** Different implementations exist for clients/servers
-    ** The lookup proc is only used for servers.  Baloney!
-    */
-    sslSessionIDCacheFunc cache;     /* ssl 2 & 3 */
-    sslSessionIDUncacheFunc uncache; /* ssl 2 & 3 */
-
-    /*
-    ** everything below here is for ssl2 only.
-    ** This stuff is equivalent to SSL3's "spec", and is protected by the
-    ** same "Spec Lock" as used for SSL3's specs.
-    */
-    PRUint32 sendSequence; /*xmitBufLock*/ /* ssl2 only */
-    PRUint32 rcvSequence; /*recvBufLock*/  /* ssl2 only */
-
-    /* Hash information; used for one-way-hash functions (MD2, MD5, etc.) */
-    const SECHashObject *hash; /* Spec Lock */ /* ssl2 only */
-    void *hashcx; /* Spec Lock */              /* ssl2 only */
-
-    SECItem sendSecret; /* Spec Lock */ /* ssl2 only */
-    SECItem rcvSecret; /* Spec Lock */  /* ssl2 only */
-
-    /* Session cypher contexts; one for each direction */
-    void *readcx; /* Spec Lock */                    /* ssl2 only */
-    void *writecx; /* Spec Lock */                   /* ssl2 only */
-    SSLCipher enc; /* Spec Lock */                   /* ssl2 only */
-    SSLCipher dec; /* Spec Lock */                   /* ssl2 only */
-    void (*destroy)(void *, PRBool); /* Spec Lock */ /* ssl2 only */
-
-    /* Blocking information for the session cypher */
-    int blockShift; /* Spec Lock */ /* ssl2 only */
-    int blockSize; /* Spec Lock */  /* ssl2 only */
-
-    /* These are used during a connection handshake */
-    sslConnectInfo ci; /* ssl 2 & 3 */
-};
-
-/*
-** SSL Socket struct
-**
-** Protection:  XXX
-*/
-struct sslSocketStr {
-    PRFileDesc *fd;
-
-    /* Pointer to operations vector for this socket */
-    const sslSocketOps *ops;
-
-    /* SSL socket options */
-    sslOptions opt;
-    /* Enabled version range */
-    SSLVersionRange vrange;
-
-    /* State flags */
-    unsigned long clientAuthRequested;
-    unsigned long delayDisabled;     /* Nagle delay disabled */
-    unsigned long firstHsDone;       /* first handshake is complete. */
-    unsigned long enoughFirstHsDone; /* enough of the first handshake is
-                                      * done for callbacks to be able to
-                                      * retrieve channel security
-                                      * parameters from the SSL socket. */
-    unsigned long handshakeBegun;
-    unsigned long lastWriteBlocked;
-    unsigned long recvdCloseNotify; /* received SSL EOF. */
-    unsigned long TCPconnected;
-    unsigned long appDataBuffered;
-    unsigned long peerRequestedProtection; /* from old renegotiation */
-
-    /* version of the protocol to use */
-    SSL3ProtocolVersion version;
-    SSL3ProtocolVersion clientHelloVersion; /* version sent in client hello. */
-
-    sslSecurityInfo sec; /* not a pointer any more */
-
-    /* protected by firstHandshakeLock AND (in ssl3) ssl3HandshakeLock. */
-    const char *url; /* ssl 2 & 3 */
-
-    sslHandshakeFunc handshake;         /*firstHandshakeLock*/
-    sslHandshakeFunc nextHandshake;     /*firstHandshakeLock*/
-    sslHandshakeFunc securityHandshake; /*firstHandshakeLock*/
-
-    /* the following variable is only used with socks or other proxies. */
-    char *peerID; /* String uniquely identifies target server. */
-
-    unsigned char *cipherSpecs;
-    unsigned int sizeCipherSpecs;
-    const unsigned char *preferredCipher;
-
-    /* TLS ClientCertificateTypes requested during HandleCertificateRequest. */
-    /* Will be NULL at all other times. */
-    const SECItem *requestedCertTypes;
-
-    ssl3KeyPair *stepDownKeyPair; /* RSA step down keys */
-
-    const ssl3DHParams *dheParams; /* DHE param */
-    ssl3KeyPair *dheKeyPair;       /* DHE keys */
-
-    /* Callbacks */
-    SSLAuthCertificate authCertificate;
-    void *authCertificateArg;
-    SSLGetClientAuthData getClientAuthData;
-    void *getClientAuthDataArg;
-    SSLSNISocketConfig sniSocketConfig;
-    void *sniSocketConfigArg;
-    SSLBadCertHandler handleBadCert;
-    void *badCertArg;
-    SSLHandshakeCallback handshakeCallback;
-    void *handshakeCallbackData;
-    SSLCanFalseStartCallback canFalseStartCallback;
-    void *canFalseStartCallbackData;
-    void *pkcs11PinArg;
-    SSLNextProtoCallback nextProtoCallback;
-    void *nextProtoArg;
-
-    SSLClientChannelIDCallback getChannelID;
-    void *getChannelIDArg;
-
-    PRIntervalTime rTimeout; /* timeout for NSPR I/O */
-    PRIntervalTime wTimeout; /* timeout for NSPR I/O */
-    PRIntervalTime cTimeout; /* timeout for NSPR I/O */
-
-    PZLock *recvLock; /* lock against multiple reader threads. */
-    PZLock *sendLock; /* lock against multiple sender threads. */
-
-    PZMonitor *recvBufLock; /* locks low level recv buffers. */
-    PZMonitor *xmitBufLock; /* locks low level xmit buffers. */
-
-    /* Only one thread may operate on the socket until the initial handshake
-    ** is complete.  This Monitor ensures that.  Since SSL2 handshake is
-    ** only done once, this is also effectively the SSL2 handshake lock.
-    */
-    PZMonitor *firstHandshakeLock;
-
-    /* This monitor protects the ssl3 handshake state machine data.
-    ** Only one thread (reader or writer) may be in the ssl3 handshake state
-    ** machine at any time.  */
-    PZMonitor *ssl3HandshakeLock;
-
-    /* reader/writer lock, protects the secret data needed to encrypt and MAC
-    ** outgoing records, and to decrypt and MAC check incoming ciphertext
-    ** records.  */
-    NSSRWLock *specLock;
-
-    /* handle to perm cert db (and implicitly to the temp cert db) used
-    ** with this socket.
-    */
-    CERTCertDBHandle *dbHandle;
-
-    PRThread *writerThread; /* thread holds SSL_LOCK_WRITER lock */
-
-    PRUint16 shutdownHow; /* See ssl_SHUTDOWN defines below. */
-
-    PRUint16 allowedByPolicy;      /* copy of global policy bits. */
-    PRUint16 maybeAllowedByPolicy; /* copy of global policy bits. */
-    PRUint16 chosenPreference;     /* SSL2 cipher preferences. */
-
-    sslHandshakingType handshaking;
-
-    /* Gather object used for gathering data */
-    sslGather gs; /*recvBufLock*/
-
-    sslBuffer saveBuf;    /*xmitBufLock*/
-    sslBuffer pendingBuf; /*xmitBufLock*/
-
-    /* Configuration state for server sockets */
-    /* server cert and key for each KEA type */
-    sslServerCerts serverCerts[kt_kea_size];
-    /* each cert needs its own status */
-    SECItemArray *certStatusArray[kt_kea_size];
-    /* Serialized signed certificate timestamps to be sent to the client
-    ** in a TLS extension (server only). Each certificate needs its own
-    ** timestamps item.
-    */
-    SECItem signedCertTimestamps[kt_kea_size];
-
-    ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED];
-    ssl3KeyPair *ephemeralECDHKeyPair; /* for ECDHE-* handshake */
-
-    /* SSL3 state info.  Formerly was a pointer */
-    ssl3State ssl3;
-
-    /*
-     * TLS extension related data.
-     */
-    /* True when the current session is a stateless resume. */
-    PRBool statelessResume;
-    TLSExtensionData xtnData;
-
-    /* Whether we are doing stream or datagram mode */
-    SSLProtocolVariant protocolVariant;
-};
-
-/* All the global data items declared here should be protected using the
-** ssl_global_data_lock, which is a reader/writer lock.
-*/
-extern NSSRWLock *ssl_global_data_lock;
-extern char ssl_debug;
-extern char ssl_trace;
-extern FILE *ssl_trace_iob;
-extern FILE *ssl_keylog_iob;
-extern CERTDistNames *ssl3_server_ca_list;
-extern PRUint32 ssl_sid_timeout;
-extern PRUint32 ssl3_sid_timeout;
-
-extern const char *const ssl_cipherName[];
-extern const char *const ssl3_cipherName[];
-
-extern sslSessionIDLookupFunc ssl_sid_lookup;
-extern sslSessionIDCacheFunc ssl_sid_cache;
-extern sslSessionIDUncacheFunc ssl_sid_uncache;
-
-/************************************************************************/
-
-SEC_BEGIN_PROTOS
-
-/* Internal initialization and installation of the SSL error tables */
-extern SECStatus ssl_Init(void);
-extern SECStatus ssl_InitializePRErrorTable(void);
-
-/* Implementation of ops for default (non socks, non secure) case */
-extern int ssl_DefConnect(sslSocket *ss, const PRNetAddr *addr);
-extern PRFileDesc *ssl_DefAccept(sslSocket *ss, PRNetAddr *addr);
-extern int ssl_DefBind(sslSocket *ss, const PRNetAddr *addr);
-extern int ssl_DefListen(sslSocket *ss, int backlog);
-extern int ssl_DefShutdown(sslSocket *ss, int how);
-extern int ssl_DefClose(sslSocket *ss);
-extern int ssl_DefRecv(sslSocket *ss, unsigned char *buf, int len, int flags);
-extern int ssl_DefSend(sslSocket *ss, const unsigned char *buf,
-                       int len, int flags);
-extern int ssl_DefRead(sslSocket *ss, unsigned char *buf, int len);
-extern int ssl_DefWrite(sslSocket *ss, const unsigned char *buf, int len);
-extern int ssl_DefGetpeername(sslSocket *ss, PRNetAddr *name);
-extern int ssl_DefGetsockname(sslSocket *ss, PRNetAddr *name);
-extern int ssl_DefGetsockopt(sslSocket *ss, PRSockOption optname,
-                             void *optval, PRInt32 *optlen);
-extern int ssl_DefSetsockopt(sslSocket *ss, PRSockOption optname,
-                             const void *optval, PRInt32 optlen);
-
-/* Implementation of ops for socks only case */
-extern int ssl_SocksConnect(sslSocket *ss, const PRNetAddr *addr);
-extern PRFileDesc *ssl_SocksAccept(sslSocket *ss, PRNetAddr *addr);
-extern int ssl_SocksBind(sslSocket *ss, const PRNetAddr *addr);
-extern int ssl_SocksListen(sslSocket *ss, int backlog);
-extern int ssl_SocksGetsockname(sslSocket *ss, PRNetAddr *name);
-extern int ssl_SocksRecv(sslSocket *ss, unsigned char *buf, int len, int flags);
-extern int ssl_SocksSend(sslSocket *ss, const unsigned char *buf,
-                         int len, int flags);
-extern int ssl_SocksRead(sslSocket *ss, unsigned char *buf, int len);
-extern int ssl_SocksWrite(sslSocket *ss, const unsigned char *buf, int len);
-
-/* Implementation of ops for secure only case */
-extern int ssl_SecureConnect(sslSocket *ss, const PRNetAddr *addr);
-extern PRFileDesc *ssl_SecureAccept(sslSocket *ss, PRNetAddr *addr);
-extern int ssl_SecureRecv(sslSocket *ss, unsigned char *buf,
-                          int len, int flags);
-extern int ssl_SecureSend(sslSocket *ss, const unsigned char *buf,
-                          int len, int flags);
-extern int ssl_SecureRead(sslSocket *ss, unsigned char *buf, int len);
-extern int ssl_SecureWrite(sslSocket *ss, const unsigned char *buf, int len);
-extern int ssl_SecureShutdown(sslSocket *ss, int how);
-extern int ssl_SecureClose(sslSocket *ss);
-
-/* Implementation of ops for secure socks case */
-extern int ssl_SecureSocksConnect(sslSocket *ss, const PRNetAddr *addr);
-extern PRFileDesc *ssl_SecureSocksAccept(sslSocket *ss, PRNetAddr *addr);
-extern PRFileDesc *ssl_FindTop(sslSocket *ss);
-
-/* Gather funcs. */
-extern sslGather *ssl_NewGather(void);
-extern SECStatus ssl_InitGather(sslGather *gs);
-extern void ssl_DestroyGather(sslGather *gs);
-extern int ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags);
-extern int ssl2_GatherRecord(sslSocket *ss, int flags);
-extern SECStatus ssl_GatherRecord1stHandshake(sslSocket *ss);
-
-extern SECStatus ssl2_HandleClientHelloMessage(sslSocket *ss);
-extern SECStatus ssl2_HandleServerHelloMessage(sslSocket *ss);
-
-extern SECStatus ssl_CreateSecurityInfo(sslSocket *ss);
-extern SECStatus ssl_CopySecurityInfo(sslSocket *ss, sslSocket *os);
-extern void ssl_ResetSecurityInfo(sslSecurityInfo *sec, PRBool doMemset);
-extern void ssl_DestroySecurityInfo(sslSecurityInfo *sec);
-
-extern void ssl_PrintBuf(sslSocket *ss, const char *msg, const void *cp, int len);
-extern void ssl_DumpMsg(sslSocket *ss, unsigned char *bp, unsigned len);
-
-extern int ssl_SendSavedWriteData(sslSocket *ss);
-extern SECStatus ssl_SaveWriteData(sslSocket *ss,
-                                   const void *p, unsigned int l);
-extern SECStatus ssl2_BeginClientHandshake(sslSocket *ss);
-extern SECStatus ssl2_BeginServerHandshake(sslSocket *ss);
-extern int ssl_Do1stHandshake(sslSocket *ss);
-
-extern SECStatus sslBuffer_Grow(sslBuffer *b, unsigned int newLen);
-extern SECStatus sslBuffer_Append(sslBuffer *b, const void *data,
-                                  unsigned int len);
-
-extern void ssl2_UseClearSendFunc(sslSocket *ss);
-extern void ssl_ChooseSessionIDProcs(sslSecurityInfo *sec);
-
-extern sslSessionID *ssl3_NewSessionID(sslSocket *ss, PRBool is_server);
-extern sslSessionID *ssl_LookupSID(const PRIPv6Addr *addr, PRUint16 port,
-                                   const char *peerID, const char *urlSvrName);
-extern void ssl_FreeSID(sslSessionID *sid);
-
-extern int ssl3_SendApplicationData(sslSocket *ss, const PRUint8 *in,
-                                    int len, int flags);
-
-extern PRBool ssl_FdIsBlocking(PRFileDesc *fd);
-
-extern PRBool ssl_SocketIsBlocking(sslSocket *ss);
-
-extern void ssl3_SetAlwaysBlock(sslSocket *ss);
-
-extern SECStatus ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled);
-
-extern void ssl_FinishHandshake(sslSocket *ss);
-
-extern SECStatus ssl_CipherPolicySet(PRInt32 which, PRInt32 policy);
-
-extern SECStatus ssl_CipherPrefSetDefault(PRInt32 which, PRBool enabled);
-
-extern SECStatus ssl3_ConstrainRangeByPolicy(void);
-
-/* Returns PR_TRUE if we are still waiting for the server to complete its
- * response to our client second round. Once we've received the Finished from
- * the server then there is no need to check false start.
- */
-extern PRBool ssl3_WaitingForServerSecondRound(sslSocket *ss);
-
-extern SECStatus
-ssl3_CompressMACEncryptRecord(ssl3CipherSpec *cwSpec,
-                              PRBool isServer,
-                              PRBool isDTLS,
-                              PRBool capRecordVersion,
-                              SSL3ContentType type,
-                              const SSL3Opaque *pIn,
-                              PRUint32 contentLen,
-                              sslBuffer *wrBuf);
-
-extern PRInt32 ssl3_SendRecord(sslSocket *ss, DTLSEpoch epoch,
-                               SSL3ContentType type,
-                               const SSL3Opaque *pIn, PRInt32 nIn,
-                               PRInt32 flags);
-
-#ifdef NSS_SSL_ENABLE_ZLIB
-/*
- * The DEFLATE algorithm can result in an expansion of 0.1% + 12 bytes. For a
- * maximum TLS record payload of 2**14 bytes, that's 29 bytes.
- */
-#define SSL3_COMPRESSION_MAX_EXPANSION 29
-#else /* !NSS_SSL_ENABLE_ZLIB */
-#define SSL3_COMPRESSION_MAX_EXPANSION 0
-#endif
-
-/*
- * make sure there is room in the write buffer for padding and
- * other compression and cryptographic expansions.
- */
-#define SSL3_BUFFER_FUDGE 100 + SSL3_COMPRESSION_MAX_EXPANSION
-
-#define SSL_LOCK_READER(ss) \
-    if (ss->recvLock)       \
-    PZ_Lock(ss->recvLock)
-#define SSL_UNLOCK_READER(ss) \
-    if (ss->recvLock)         \
-    PZ_Unlock(ss->recvLock)
-#define SSL_LOCK_WRITER(ss) \
-    if (ss->sendLock)       \
-    PZ_Lock(ss->sendLock)
-#define SSL_UNLOCK_WRITER(ss) \
-    if (ss->sendLock)         \
-    PZ_Unlock(ss->sendLock)
-
-/* firstHandshakeLock -> recvBufLock */
-#define ssl_Get1stHandshakeLock(ss)                               \
-    {                                                             \
-        if (!ss->opt.noLocks) {                                   \
-            PORT_Assert(PZ_InMonitor((ss)->firstHandshakeLock) || \
-                        !ssl_HaveRecvBufLock(ss));                \
-            PZ_EnterMonitor((ss)->firstHandshakeLock);            \
-        }                                                         \
-    }
-#define ssl_Release1stHandshakeLock(ss)               \
-    {                                                 \
-        if (!ss->opt.noLocks)                         \
-            PZ_ExitMonitor((ss)->firstHandshakeLock); \
-    }
-#define ssl_Have1stHandshakeLock(ss) \
-    (PZ_InMonitor((ss)->firstHandshakeLock))
-
-/* ssl3HandshakeLock -> xmitBufLock */
-#define ssl_GetSSL3HandshakeLock(ss)                  \
-    {                                                 \
-        if (!ss->opt.noLocks) {                       \
-            PORT_Assert(!ssl_HaveXmitBufLock(ss));    \
-            PZ_EnterMonitor((ss)->ssl3HandshakeLock); \
-        }                                             \
-    }
-#define ssl_ReleaseSSL3HandshakeLock(ss)             \
-    {                                                \
-        if (!ss->opt.noLocks)                        \
-            PZ_ExitMonitor((ss)->ssl3HandshakeLock); \
-    }
-#define ssl_HaveSSL3HandshakeLock(ss) \
-    (PZ_InMonitor((ss)->ssl3HandshakeLock))
-
-#define ssl_GetSpecReadLock(ss)                 \
-    {                                           \
-        if (!ss->opt.noLocks)                   \
-            NSSRWLock_LockRead((ss)->specLock); \
-    }
-#define ssl_ReleaseSpecReadLock(ss)               \
-    {                                             \
-        if (!ss->opt.noLocks)                     \
-            NSSRWLock_UnlockRead((ss)->specLock); \
-    }
-/* NSSRWLock_HaveReadLock is not exported so there's no
- * ssl_HaveSpecReadLock macro. */
-
-#define ssl_GetSpecWriteLock(ss)                 \
-    {                                            \
-        if (!ss->opt.noLocks)                    \
-            NSSRWLock_LockWrite((ss)->specLock); \
-    }
-#define ssl_ReleaseSpecWriteLock(ss)               \
-    {                                              \
-        if (!ss->opt.noLocks)                      \
-            NSSRWLock_UnlockWrite((ss)->specLock); \
-    }
-#define ssl_HaveSpecWriteLock(ss) \
-    (NSSRWLock_HaveWriteLock((ss)->specLock))
-
-/* recvBufLock -> ssl3HandshakeLock -> xmitBufLock */
-#define ssl_GetRecvBufLock(ss)                           \
-    {                                                    \
-        if (!ss->opt.noLocks) {                          \
-            PORT_Assert(!ssl_HaveSSL3HandshakeLock(ss)); \
-            PORT_Assert(!ssl_HaveXmitBufLock(ss));       \
-            PZ_EnterMonitor((ss)->recvBufLock);          \
-        }                                                \
-    }
-#define ssl_ReleaseRecvBufLock(ss)             \
-    {                                          \
-        if (!ss->opt.noLocks)                  \
-            PZ_ExitMonitor((ss)->recvBufLock); \
-    }
-#define ssl_HaveRecvBufLock(ss) \
-    (PZ_InMonitor((ss)->recvBufLock))
-
-/* xmitBufLock -> specLock */
-#define ssl_GetXmitBufLock(ss)                  \
-    {                                           \
-        if (!ss->opt.noLocks)                   \
-            PZ_EnterMonitor((ss)->xmitBufLock); \
-    }
-#define ssl_ReleaseXmitBufLock(ss)             \
-    {                                          \
-        if (!ss->opt.noLocks)                  \
-            PZ_ExitMonitor((ss)->xmitBufLock); \
-    }
-#define ssl_HaveXmitBufLock(ss) \
-    (PZ_InMonitor((ss)->xmitBufLock))
-
-/* Placeholder value used in version ranges when SSL 3.0 and all
- * versions of TLS are disabled.
- */
-#define SSL_LIBRARY_VERSION_NONE 0
-
-/* SSL_LIBRARY_VERSION_MAX_SUPPORTED is the maximum version that this version
- * of libssl supports. Applications should use SSL_VersionRangeGetSupported at
- * runtime to determine which versions are supported by the version of libssl
- * in use.
- */
-#ifdef NSS_ENABLE_TLS_1_3
-#define SSL_LIBRARY_VERSION_MAX_SUPPORTED SSL_LIBRARY_VERSION_TLS_1_3
-#else
-#define SSL_LIBRARY_VERSION_MAX_SUPPORTED SSL_LIBRARY_VERSION_TLS_1_2
-#endif
-
-/* Rename this macro SSL_ALL_VERSIONS_DISABLED when SSL 2.0 is removed. */
-#define SSL3_ALL_VERSIONS_DISABLED(vrange) \
-    ((vrange)->min == SSL_LIBRARY_VERSION_NONE)
-
-extern PRBool ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant,
-                                      SSL3ProtocolVersion version);
-
-extern SECStatus ssl3_KeyAndMacDeriveBypass(ssl3CipherSpec *pwSpec,
-                                            const unsigned char *cr, const unsigned char *sr,
-                                            PRBool isTLS, PRBool isExport);
-extern SECStatus ssl3_MasterSecretDeriveBypass(ssl3CipherSpec *pwSpec,
-                                               const unsigned char *cr, const unsigned char *sr,
-                                               const SECItem *pms, PRBool isTLS, PRBool isRSA);
-
-/* These functions are called from secnav, even though they're "private". */
-
-extern int ssl2_SendErrorMessage(struct sslSocketStr *ss, int error);
-extern sslSocket *ssl_FindSocket(PRFileDesc *fd);
-extern void ssl_FreeSocket(struct sslSocketStr *ssl);
-extern SECStatus SSL3_SendAlert(sslSocket *ss, SSL3AlertLevel level,
-                                SSL3AlertDescription desc);
-extern SECStatus ssl3_DecodeError(sslSocket *ss);
-
-extern SECStatus ssl3_RestartHandshakeAfterCertReq(struct sslSocketStr *ss,
-                                                   CERTCertificate *cert,
-                                                   SECKEYPrivateKey *key,
-                                                   CERTCertificateList *certChain);
-
-extern SECStatus ssl3_RestartHandshakeAfterChannelIDReq(
-    sslSocket *ss,
-    SECKEYPublicKey *channelIDPub,
-    SECKEYPrivateKey *channelID);
-
-extern SECStatus ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode error);
-
-/*
- * for dealing with SSL 3.0 clients sending SSL 2.0 format hellos
- */
-extern SECStatus ssl3_HandleV2ClientHello(
-    sslSocket *ss, unsigned char *buffer, int length);
-extern SECStatus ssl3_StartHandshakeHash(
-    sslSocket *ss, unsigned char *buf, int length);
-
-/*
- * SSL3 specific routines
- */
-SECStatus ssl3_SendClientHello(sslSocket *ss, PRBool resending);
-
-/*
- * input into the SSL3 machinery from the actualy network reading code
- */
-SECStatus ssl3_HandleRecord(
-    sslSocket *ss, SSL3Ciphertext *cipher, sslBuffer *out);
-
-int ssl3_GatherAppDataRecord(sslSocket *ss, int flags);
-int ssl3_GatherCompleteHandshake(sslSocket *ss, int flags);
-/*
- * When talking to export clients or using export cipher suites, servers
- * with public RSA keys larger than 512 bits need to use a 512-bit public
- * key, signed by the larger key.  The smaller key is a "step down" key.
- * Generate that key pair and keep it around.
- */
-extern SECStatus ssl3_CreateRSAStepDownKeys(sslSocket *ss);
-
-extern SECStatus ssl3_SelectDHParams(sslSocket *ss);
-
-#ifndef NSS_DISABLE_ECC
-extern void ssl3_FilterECCipherSuitesByServerCerts(sslSocket *ss);
-extern PRBool ssl3_IsECCEnabled(sslSocket *ss);
-extern SECStatus ssl3_DisableECCSuites(sslSocket *ss,
-                                       const ssl3CipherSuite *suite);
-extern PRUint32 ssl3_GetSupportedECCurveMask(sslSocket *ss);
-
-/* Macro for finding a curve equivalent in strength to RSA key's */
-/* clang-format off */
-#define SSL_RSASTRENGTH_TO_ECSTRENGTH(s)                                       \
-        ((s <= 1024) ? 160                                                     \
-                     : ((s <= 2048) ? 224                                      \
-                                    : ((s <= 3072) ? 256                       \
-                                                   : ((s <= 7168) ? 384        \
-                                                                  : 521 ) ) ) )
-/* clang-format on */
-
-/* Types and names of elliptic curves used in TLS */
-typedef enum { ec_type_explicitPrime = 1,
-               ec_type_explicitChar2Curve = 2,
-               ec_type_named
-} ECType;
-
-typedef enum { ec_noName = 0,
-               ec_sect163k1 = 1,
-               ec_sect163r1 = 2,
-               ec_sect163r2 = 3,
-               ec_sect193r1 = 4,
-               ec_sect193r2 = 5,
-               ec_sect233k1 = 6,
-               ec_sect233r1 = 7,
-               ec_sect239k1 = 8,
-               ec_sect283k1 = 9,
-               ec_sect283r1 = 10,
-               ec_sect409k1 = 11,
-               ec_sect409r1 = 12,
-               ec_sect571k1 = 13,
-               ec_sect571r1 = 14,
-               ec_secp160k1 = 15,
-               ec_secp160r1 = 16,
-               ec_secp160r2 = 17,
-               ec_secp192k1 = 18,
-               ec_secp192r1 = 19,
-               ec_secp224k1 = 20,
-               ec_secp224r1 = 21,
-               ec_secp256k1 = 22,
-               ec_secp256r1 = 23,
-               ec_secp384r1 = 24,
-               ec_secp521r1 = 25,
-               ec_pastLastName
-} ECName;
-
-extern SECStatus ssl3_ECName2Params(PLArenaPool *arena, ECName curve,
-                                    SECKEYECParams *params);
-ECName ssl3_PubKey2ECName(SECKEYPublicKey *pubKey);
-
-ECName ssl3_GetCurveWithECKeyStrength(PRUint32 curvemsk, int requiredECCbits);
-ECName ssl3_GetCurveNameForServerSocket(sslSocket *ss);
-
-#endif /* NSS_DISABLE_ECC */
-
-extern SECStatus ssl3_CipherPrefSetDefault(ssl3CipherSuite which, PRBool on);
-extern SECStatus ssl3_CipherPrefGetDefault(ssl3CipherSuite which, PRBool *on);
-extern SECStatus ssl2_CipherPrefSetDefault(PRInt32 which, PRBool enabled);
-extern SECStatus ssl2_CipherPrefGetDefault(PRInt32 which, PRBool *enabled);
-
-extern SECStatus ssl3_CipherPrefSet(sslSocket *ss, ssl3CipherSuite which, PRBool on);
-extern SECStatus ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool *on);
-extern SECStatus ssl2_CipherPrefSet(sslSocket *ss, PRInt32 which, PRBool enabled);
-extern SECStatus ssl2_CipherPrefGet(sslSocket *ss, PRInt32 which, PRBool *enabled);
-extern SECStatus ssl3_CipherOrderSet(sslSocket *ss, const ssl3CipherSuite *cipher,
-                                     unsigned int len);
-
-extern SECStatus ssl3_SetPolicy(ssl3CipherSuite which, PRInt32 policy);
-extern SECStatus ssl3_GetPolicy(ssl3CipherSuite which, PRInt32 *policy);
-extern SECStatus ssl2_SetPolicy(PRInt32 which, PRInt32 policy);
-extern SECStatus ssl2_GetPolicy(PRInt32 which, PRInt32 *policy);
-
-extern void ssl2_InitSocketPolicy(sslSocket *ss);
-extern void ssl3_InitSocketPolicy(sslSocket *ss);
-
-extern SECStatus ssl3_ConstructV2CipherSpecsHack(sslSocket *ss,
-                                                 unsigned char *cs, int *size);
-
-extern SECStatus ssl3_RedoHandshake(sslSocket *ss, PRBool flushCache);
-extern SECStatus ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b,
-                                             PRUint32 length);
-
-extern void ssl3_DestroySSL3Info(sslSocket *ss);
-
-extern SECStatus ssl3_NegotiateVersion(sslSocket *ss,
-                                       SSL3ProtocolVersion peerVersion,
-                                       PRBool allowLargerPeerVersion);
-
-extern SECStatus ssl_GetPeerInfo(sslSocket *ss);
-
-#ifndef NSS_DISABLE_ECC
-/* ECDH functions */
-extern SECStatus ssl3_SendECDHClientKeyExchange(sslSocket *ss,
-                                                SECKEYPublicKey *svrPubKey);
-extern SECStatus ssl3_HandleECDHServerKeyExchange(sslSocket *ss,
-                                                  SSL3Opaque *b, PRUint32 length);
-extern SECStatus ssl3_HandleECDHClientKeyExchange(sslSocket *ss,
-                                                  SSL3Opaque *b, PRUint32 length,
-                                                  SECKEYPublicKey *srvrPubKey,
-                                                  SECKEYPrivateKey *srvrPrivKey);
-extern SECStatus ssl3_SendECDHServerKeyExchange(
-    sslSocket *ss, const SSLSignatureAndHashAlg *sigAndHash);
-SECKEYPublicKey *tls13_ImportECDHKeyShare(
-    sslSocket *ss, SSL3Opaque *b, PRUint32 length, ECName curve);
-ECName tls13_GroupForECDHEKeyShare(ssl3KeyPair *pair);
-unsigned int tls13_SizeOfECDHEKeyShareKEX(ssl3KeyPair *pair);
-SECStatus tls13_EncodeECDHEKeyShareKEX(sslSocket *ss, ssl3KeyPair *pair);
-#endif
-
-extern SECStatus ssl3_ComputeCommonKeyHash(SSLHashType hashAlg,
-                                           PRUint8 *hashBuf,
-                                           unsigned int bufLen, SSL3Hashes *hashes,
-                                           PRBool bypassPKCS11);
-extern void ssl3_DestroyCipherSpec(ssl3CipherSpec *spec, PRBool freeSrvName);
-extern SECStatus ssl3_InitPendingCipherSpec(sslSocket *ss, PK11SymKey *pms);
-extern SECStatus ssl3_AppendHandshake(sslSocket *ss, const void *void_src,
-                                      PRInt32 bytes);
-extern SECStatus ssl3_AppendHandshakeHeader(sslSocket *ss,
-                                            SSL3HandshakeType t, PRUint32 length);
-extern SECStatus ssl3_AppendHandshakeNumber(sslSocket *ss, PRInt32 num,
-                                            PRInt32 lenSize);
-extern SECStatus ssl3_AppendHandshakeVariable(sslSocket *ss,
-                                              const SSL3Opaque *src, PRInt32 bytes, PRInt32 lenSize);
-extern SECStatus ssl3_AppendSignatureAndHashAlgorithm(
-    sslSocket *ss, const SSLSignatureAndHashAlg *sigAndHash);
-extern SECStatus ssl3_ConsumeHandshake(sslSocket *ss, void *v, PRInt32 bytes,
-                                       SSL3Opaque **b, PRUint32 *length);
-extern PRInt32 ssl3_ConsumeHandshakeNumber(sslSocket *ss, PRInt32 bytes,
-                                           SSL3Opaque **b, PRUint32 *length);
-extern SECStatus ssl3_ConsumeHandshakeVariable(sslSocket *ss, SECItem *i,
-                                               PRInt32 bytes, SSL3Opaque **b, PRUint32 *length);
-extern PRBool ssl3_IsSupportedSignatureAlgorithm(
-    const SSLSignatureAndHashAlg *alg);
-extern SECStatus ssl3_CheckSignatureAndHashAlgorithmConsistency(
-    sslSocket *ss, const SSLSignatureAndHashAlg *sigAndHash,
-    CERTCertificate *cert);
-extern SECStatus ssl3_ConsumeSignatureAndHashAlgorithm(
-    sslSocket *ss, SSL3Opaque **b, PRUint32 *length,
-    SSLSignatureAndHashAlg *out);
-extern SECStatus ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key,
-                                 SECItem *buf, PRBool isTLS);
-extern SECStatus ssl3_VerifySignedHashes(SSL3Hashes *hash,
-                                         CERTCertificate *cert, SECItem *buf, PRBool isTLS,
-                                         void *pwArg);
-extern SECStatus ssl3_CacheWrappedMasterSecret(sslSocket *ss,
-                                               sslSessionID *sid, ssl3CipherSpec *spec,
-                                               SSL3KEAType effectiveExchKeyType);
-
-/* Functions that handle ClientHello and ServerHello extensions. */
-extern SECStatus ssl3_HandleServerNameXtn(sslSocket *ss,
-                                          PRUint16 ex_type, SECItem *data);
-extern SECStatus ssl3_HandleSupportedCurvesXtn(sslSocket *ss,
-                                               PRUint16 ex_type, SECItem *data);
-extern SECStatus ssl3_HandleSupportedPointFormatsXtn(sslSocket *ss,
-                                                     PRUint16 ex_type, SECItem *data);
-extern SECStatus ssl3_ClientHandleSessionTicketXtn(sslSocket *ss,
-                                                   PRUint16 ex_type, SECItem *data);
-extern SECStatus ssl3_ServerHandleSessionTicketXtn(sslSocket *ss,
-                                                   PRUint16 ex_type, SECItem *data);
-
-/* ClientHello and ServerHello extension senders.
- * Note that not all extension senders are exposed here; only those that
- * that need exposure.
- */
-extern PRInt32 ssl3_SendSessionTicketXtn(sslSocket *ss, PRBool append,
-                                         PRUint32 maxBytes);
-
-/* ClientHello and ServerHello extension senders.
- * The code is in ssl3ext.c.
- */
-extern PRInt32 ssl3_SendServerNameXtn(sslSocket *ss, PRBool append,
-                                      PRUint32 maxBytes);
-
-/* Assigns new cert, cert chain and keys to ss->serverCerts
- * struct. If certChain is NULL, tries to find one. Aborts if
- * fails to do so. If cert and keyPair are NULL - unconfigures
- * sslSocket of kea type.*/
-extern SECStatus ssl_ConfigSecureServer(sslSocket *ss, CERTCertificate *cert,
-                                        const CERTCertificateList *certChain,
-                                        ssl3KeyPair *keyPair, SSLKEAType kea);
-
-#ifndef NSS_DISABLE_ECC
-extern PRInt32 ssl3_SendSupportedCurvesXtn(sslSocket *ss,
-                                           PRBool append, PRUint32 maxBytes);
-extern PRInt32 ssl3_SendSupportedPointFormatsXtn(sslSocket *ss,
-                                                 PRBool append, PRUint32 maxBytes);
-#endif
-
-/* call the registered extension handlers. */
-extern SECStatus ssl3_HandleHelloExtensions(sslSocket *ss,
-                                            SSL3Opaque **b, PRUint32 *length,
-                                            SSL3HandshakeType handshakeMessage);
-
-/* Hello Extension related routines. */
-extern PRBool ssl3_ExtensionNegotiated(sslSocket *ss, PRUint16 ex_type);
-extern void ssl3_SetSIDSessionTicket(sslSessionID *sid,
-                                     /*in/out*/ NewSessionTicket *session_ticket);
-extern SECStatus ssl3_SendNewSessionTicket(sslSocket *ss);
-extern PRBool ssl_GetSessionTicketKeys(unsigned char *keyName,
-                                       unsigned char *encKey, unsigned char *macKey);
-extern PRBool ssl_GetSessionTicketKeysPKCS11(SECKEYPrivateKey *svrPrivKey,
-                                             SECKEYPublicKey *svrPubKey, void *pwArg,
-                                             unsigned char *keyName, PK11SymKey **aesKey,
-                                             PK11SymKey **macKey);
-
-/* Tell clients to consider tickets valid for this long. */
-#define TLS_EX_SESS_TICKET_LIFETIME_HINT (2 * 24 * 60 * 60) /* 2 days */
-#define TLS_EX_SESS_TICKET_VERSION (0x0101)
-
-extern SECStatus ssl3_ValidateNextProtoNego(const unsigned char *data,
-                                            unsigned int length);
-
-extern SECStatus ssl3_GetTLSUniqueChannelBinding(sslSocket *ss,
-                                                 unsigned char *out,
-                                                 unsigned int *outLen,
-                                                 unsigned int outLenMax);
-
-/* Construct a new NSPR socket for the app to use */
-extern PRFileDesc *ssl_NewPRSocket(sslSocket *ss, PRFileDesc *fd);
-extern void ssl_FreePRSocket(PRFileDesc *fd);
-
-/* Internal config function so SSL3 can initialize the present state of
- * various ciphers */
-extern int ssl3_config_match_init(sslSocket *);
-
-/* Create a new ref counted key pair object from two keys. */
-extern ssl3KeyPair *ssl3_NewKeyPair(SECKEYPrivateKey *privKey,
-                                    SECKEYPublicKey *pubKey);
-
-/* get a new reference (bump ref count) to an ssl3KeyPair. */
-extern ssl3KeyPair *ssl3_GetKeyPairRef(ssl3KeyPair *keyPair);
-
-/* Decrement keypair's ref count and free if zero. */
-extern void ssl3_FreeKeyPair(ssl3KeyPair *keyPair);
-
-/* calls for accessing wrapping keys across processes. */
-extern PRBool
-ssl_GetWrappingKey(PRInt32 symWrapMechIndex,
-                   SSL3KEAType exchKeyType,
-                   SSLWrappedSymWrappingKey *wswk);
-
-/* The caller passes in the new value it wants
- * to set.  This code tests the wrapped sym key entry in the file on disk.
- * If it is uninitialized, this function writes the caller's value into
- * the disk entry, and returns false.
- * Otherwise, it overwrites the caller's wswk with the value obtained from
- * the disk, and returns PR_TRUE.
- * This is all done while holding the locks/semaphores necessary to make
- * the operation atomic.
- */
-extern PRBool
-ssl_SetWrappingKey(SSLWrappedSymWrappingKey *wswk);
-
-/* get rid of the symmetric wrapping key references. */
-extern SECStatus SSL3_ShutdownServerCache(void);
-
-extern SECStatus ssl_InitSymWrapKeysLock(void);
-
-extern SECStatus ssl_FreeSymWrapKeysLock(void);
-
-extern SECStatus ssl_InitSessionCacheLocks(void);
-
-/**************** DTLS-specific functions **************/
-extern void dtls_FreeQueuedMessage(DTLSQueuedMessage *msg);
-extern void dtls_FreeQueuedMessages(PRCList *lst);
-extern void dtls_FreeHandshakeMessages(PRCList *lst);
-
-extern SECStatus dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf);
-extern SECStatus dtls_HandleHelloVerifyRequest(sslSocket *ss,
-                                               SSL3Opaque *b, PRUint32 length);
-extern SECStatus dtls_StageHandshakeMessage(sslSocket *ss);
-extern SECStatus dtls_QueueMessage(sslSocket *ss, SSL3ContentType type,
-                                   const SSL3Opaque *pIn, PRInt32 nIn);
-extern SECStatus dtls_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags);
-extern SECStatus dtls_CompressMACEncryptRecord(sslSocket *ss,
-                                               DTLSEpoch epoch,
-                                               PRBool use_epoch,
-                                               SSL3ContentType type,
-                                               const SSL3Opaque *pIn,
-                                               PRUint32 contentLen,
-                                               sslBuffer *wrBuf);
-SECStatus ssl3_DisableNonDTLSSuites(sslSocket *ss);
-extern SECStatus dtls_StartTimer(sslSocket *ss, DTLSTimerCb cb);
-extern SECStatus dtls_RestartTimer(sslSocket *ss, PRBool backoff,
-                                   DTLSTimerCb cb);
-extern void dtls_CheckTimer(sslSocket *ss);
-extern void dtls_CancelTimer(sslSocket *ss);
-extern void dtls_FinishedTimerCb(sslSocket *ss);
-extern void dtls_SetMTU(sslSocket *ss, PRUint16 advertised);
-extern void dtls_InitRecvdRecords(DTLSRecvdRecords *records);
-extern int dtls_RecordGetRecvd(const DTLSRecvdRecords *records, PRUint64 seq);
-extern void dtls_RecordSetRecvd(DTLSRecvdRecords *records, PRUint64 seq);
-extern void dtls_RehandshakeCleanup(sslSocket *ss);
-extern SSL3ProtocolVersion
-dtls_TLSVersionToDTLSVersion(SSL3ProtocolVersion tlsv);
-extern SSL3ProtocolVersion
-dtls_DTLSVersionToTLSVersion(SSL3ProtocolVersion dtlsv);
-extern PRBool dtls_IsRelevant(sslSocket *ss, const ssl3CipherSpec *crSpec,
-                              const SSL3Ciphertext *cText, PRUint64 *seqNum);
-
-CK_MECHANISM_TYPE ssl3_Alg2Mech(SSLCipherAlgorithm calg);
-SECStatus ssl3_SetupPendingCipherSpec(sslSocket *ss);
-SECStatus ssl3_FlushHandshake(sslSocket *ss, PRInt32 flags);
-SECStatus ssl3_SendCertificate(sslSocket *ss);
-SECStatus ssl3_CompleteHandleCertificate(sslSocket *ss,
-                                         SSL3Opaque *b, PRUint32 length);
-SECStatus ssl3_SendEmptyCertificate(sslSocket *ss);
-SECStatus ssl3_SendCertificateStatus(sslSocket *ss);
-SECStatus ssl3_CompleteHandleCertificateStatus(sslSocket *ss, SSL3Opaque *b,
-                                               PRUint32 length);
-SECStatus ssl3_EncodeCertificateRequestSigAlgs(sslSocket *ss, PRUint8 *buf,
-                                               unsigned maxLen, PRUint32 *len);
-void ssl3_GetCertificateRequestCAs(sslSocket *ss, int *calenp, SECItem **namesp,
-                                   int *nnamesp);
-SECStatus ssl3_ParseCertificateRequestCAs(sslSocket *ss, SSL3Opaque **b,
-                                          PRUint32 *length, PLArenaPool *arena,
-                                          CERTDistNames *ca_list);
-SECStatus ssl3_CompleteHandleCertificateRequest(sslSocket *ss,
-                                                SECItem *algorithms,
-                                                CERTDistNames *ca_list);
-SECStatus ssl3_SendCertificateVerify(sslSocket *ss,
-                                     SECKEYPrivateKey *privKey);
-SECStatus ssl3_SendServerHello(sslSocket *ss);
-SECOidTag ssl3_TLSHashAlgorithmToOID(SSLHashType hashFunc);
-SECStatus ssl3_ComputeHandshakeHashes(sslSocket *ss,
-                                      ssl3CipherSpec *spec,
-                                      SSL3Hashes *hashes,
-                                      PRUint32 sender);
-void ssl3_BumpSequenceNumber(SSL3SequenceNumber *num);
-PRInt32 tls13_ServerSendKeyShareXtn(sslSocket *ss, PRBool append,
-                                    PRUint32 maxBytes);
-#ifndef NSS_DISABLE_ECC
-SECStatus ssl3_CreateECDHEphemeralKeyPair(ECName ec_curve,
-                                          ssl3KeyPair **keyPair);
-PK11SymKey *tls13_ComputeECDHSharedKey(sslSocket *ss,
-                                       SECKEYPrivateKey *myPrivKey,
-                                       SECKEYPublicKey *peerKey);
-#endif
-
-/* Pull in TLS 1.3 functions */
-#include "tls13con.h"
-
-/********************** misc calls *********************/
-
-#ifdef DEBUG
-extern void ssl3_CheckCipherSuiteOrderConsistency();
-#endif
-
-extern int ssl_MapLowLevelError(int hiLevelError);
-
-extern PRUint32 ssl_Time(void);
-
-extern void SSL_AtomicIncrementLong(long *x);
-
-SECStatus SSL_DisableDefaultExportCipherSuites(void);
-SECStatus SSL_DisableExportCipherSuites(PRFileDesc *fd);
-PRBool SSL_IsExportCipherSuite(PRUint16 cipherSuite);
-
-SECStatus ssl3_ApplyNSSPolicy(void);
-
-extern SECStatus
-ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec,
-                            const char *label, unsigned int labelLen,
-                            const unsigned char *val, unsigned int valLen,
-                            unsigned char *out, unsigned int outLen);
-extern SECOidTag
-ssl3_TLSHashAlgorithmToOID(SSLHashType hashFunc);
-
-#ifdef TRACE
-#define SSL_TRACE(msg) ssl_Trace msg
-#else
-#define SSL_TRACE(msg)
-#endif
-
-void ssl_Trace(const char *format, ...);
-
-SEC_END_PROTOS
-
-#if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS)
-#define SSL_GETPID getpid
-#elif defined(WIN32)
-extern int __cdecl _getpid(void);
-#define SSL_GETPID _getpid
-#else
-#define SSL_GETPID() 0
-#endif
-
-#endif /* __sslimpl_h_ */
diff --git a/chromium/net/third_party/nss/ssl/sslinfo.c b/chromium/net/third_party/nss/ssl/sslinfo.c
deleted file mode 100644
index c59879c9c1b..00000000000
--- a/chromium/net/third_party/nss/ssl/sslinfo.c
+++ /dev/null
@@ -1,460 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-#include "ssl.h"
-#include "sslimpl.h"
-#include "sslproto.h"
-
-static const char *
-ssl_GetCompressionMethodName(SSLCompressionMethod compression)
-{
-    switch (compression) {
-        case ssl_compression_null:
-            return "NULL";
-#ifdef NSS_ENABLE_ZLIB
-        case ssl_compression_deflate:
-            return "DEFLATE";
-#endif
-        default:
-            return "???";
-    }
-}
-
-SECStatus
-SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len)
-{
-    sslSocket *ss;
-    SSLChannelInfo inf;
-    sslSessionID *sid;
-
-    /* Check if we can properly return the length of data written and that
-     * we're not asked to return more information than we know how to provide.
-     */
-    if (!info || len < sizeof inf.length || len > sizeof inf) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-
-    ss = ssl_FindSocket(fd);
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetChannelInfo",
-                 SSL_GETPID(), fd));
-        return SECFailure;
-    }
-
-    memset(&inf, 0, sizeof inf);
-    inf.length = PR_MIN(sizeof inf, len);
-
-    if (ss->opt.useSecurity && ss->enoughFirstHsDone) {
-        sid = ss->sec.ci.sid;
-        inf.protocolVersion = ss->version;
-        inf.authKeyBits = ss->sec.authKeyBits;
-        inf.keaKeyBits = ss->sec.keaKeyBits;
-        if (ss->version < SSL_LIBRARY_VERSION_3_0) { /* SSL2 */
-            inf.cipherSuite = ss->sec.cipherType | 0xff00;
-            inf.compressionMethod = ssl_compression_null;
-            inf.compressionMethodName = "N/A";
-        } else if (ss->ssl3.initialized) { /* SSL3 and TLS */
-            ssl_GetSpecReadLock(ss);
-            /* XXX  The cipher suite should be in the specs and this
-             * function should get it from cwSpec rather than from the "hs".
-             * See bug 275744 comment 69 and bug 766137.
-             */
-            inf.cipherSuite = ss->ssl3.hs.cipher_suite;
-            inf.compressionMethod = ss->ssl3.cwSpec->compression_method;
-            ssl_ReleaseSpecReadLock(ss);
-            inf.compressionMethodName =
-                ssl_GetCompressionMethodName(inf.compressionMethod);
-        }
-        if (sid) {
-            inf.creationTime = sid->creationTime;
-            inf.lastAccessTime = sid->lastAccessTime;
-            inf.expirationTime = sid->expirationTime;
-            inf.extendedMasterSecretUsed =
-                (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3 ||
-                 sid->u.ssl3.keys.extendedMasterSecretUsed)
-                    ? PR_TRUE
-                    : PR_FALSE;
-
-            if (ss->version < SSL_LIBRARY_VERSION_3_0) { /* SSL2 */
-                inf.sessionIDLength = SSL2_SESSIONID_BYTES;
-                memcpy(inf.sessionID, sid->u.ssl2.sessionID,
-                       SSL2_SESSIONID_BYTES);
-            } else {
-                unsigned int sidLen = sid->u.ssl3.sessionIDLength;
-                sidLen = PR_MIN(sidLen, sizeof inf.sessionID);
-                inf.sessionIDLength = sidLen;
-                memcpy(inf.sessionID, sid->u.ssl3.sessionID, sidLen);
-            }
-        }
-    }
-
-    memcpy(info, &inf, inf.length);
-
-    return SECSuccess;
-}
-
-SECStatus
-SSL_GetPreliminaryChannelInfo(PRFileDesc *fd,
-                              SSLPreliminaryChannelInfo *info,
-                              PRUintn len)
-{
-    sslSocket *ss;
-    SSLPreliminaryChannelInfo inf;
-
-    /* Check if we can properly return the length of data written and that
-     * we're not asked to return more information than we know how to provide.
-     */
-    if (!info || len < sizeof inf.length || len > sizeof inf) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-
-    ss = ssl_FindSocket(fd);
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetPreliminaryChannelInfo",
-                 SSL_GETPID(), fd));
-        return SECFailure;
-    }
-
-    if (ss->version < SSL_LIBRARY_VERSION_3_0) {
-        PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION);
-        return SECFailure;
-    }
-
-    memset(&inf, 0, sizeof(inf));
-    inf.length = PR_MIN(sizeof(inf), len);
-
-    inf.valuesSet = ss->ssl3.hs.preliminaryInfo;
-    inf.protocolVersion = ss->version;
-    inf.cipherSuite = ss->ssl3.hs.cipher_suite;
-
-    memcpy(info, &inf, inf.length);
-    return SECSuccess;
-}
-
-#define CS(x) x, #x
-#define CK(x) x | 0xff00, #x
-
-#define S_DSA "DSA", ssl_auth_dsa
-#define S_RSA "RSA", ssl_auth_rsa
-#define S_KEA "KEA", ssl_auth_kea
-#define S_ECDSA "ECDSA", ssl_auth_ecdsa
-
-#define K_DHE "DHE", kt_dh
-#define K_RSA "RSA", kt_rsa
-#define K_KEA "KEA", kt_kea
-#define K_ECDH "ECDH", kt_ecdh
-#define K_ECDHE "ECDHE", kt_ecdh
-
-#define C_SEED "SEED", calg_seed
-#define C_CAMELLIA "CAMELLIA", calg_camellia
-#define C_AES "AES", calg_aes
-#define C_RC4 "RC4", calg_rc4
-#define C_RC2 "RC2", calg_rc2
-#define C_DES "DES", calg_des
-#define C_3DES "3DES", calg_3des
-#define C_NULL "NULL", calg_null
-#define C_SJ "SKIPJACK", calg_sj
-#define C_AESGCM "AES-GCM", calg_aes_gcm
-#define C_CHACHA20 "CHACHA20POLY1305", calg_chacha20
-
-#define B_256 256, 256, 256
-#define B_128 128, 128, 128
-#define B_3DES 192, 156, 112
-#define B_SJ 96, 80, 80
-#define B_DES 64, 56, 56
-#define B_56 128, 56, 56
-#define B_40 128, 40, 40
-#define B_0 0, 0, 0
-
-#define M_AEAD_128 "AEAD", ssl_mac_aead, 128
-#define M_SHA256 "SHA256", ssl_hmac_sha256, 256
-#define M_SHA "SHA1", ssl_mac_sha, 160
-#define M_MD5 "MD5", ssl_mac_md5, 128
-#define M_NULL "NULL", ssl_mac_null, 0
-
-/* clang-format off */
-static const SSLCipherSuiteInfo suiteInfo[] = {
-    /* <------ Cipher suite --------------------> <auth> <KEA>  <bulk cipher> <MAC> <FIPS> */
-    {0,CS(TLS_RSA_WITH_AES_128_GCM_SHA256),       S_RSA, K_RSA, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0 },
-    {0,CS(TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256), S_RSA, K_DHE, C_CHACHA20, B_256, M_AEAD_128, 0, 0, 0 },
-
-    {0,CS(TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_DHE, C_CAMELLIA, B_256, M_SHA, 0, 0, 0 },
-    {0,CS(TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA), S_DSA, K_DHE, C_CAMELLIA, B_256, M_SHA, 0, 0, 0 },
-    {0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256),   S_RSA, K_DHE, C_AES, B_256, M_SHA256, 1, 0, 0 },
-    {0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA),      S_RSA, K_DHE, C_AES, B_256, M_SHA, 1, 0, 0 },
-    {0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA),      S_DSA, K_DHE, C_AES, B_256, M_SHA, 1, 0, 0 },
-    {0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA256),   S_DSA, K_DHE, C_AES, B_256, M_SHA256, 1, 0, 0 },
-    {0,CS(TLS_RSA_WITH_CAMELLIA_256_CBC_SHA),     S_RSA, K_RSA, C_CAMELLIA, B_256, M_SHA, 0, 0, 0 },
-    {0,CS(TLS_RSA_WITH_AES_256_CBC_SHA256),       S_RSA, K_RSA, C_AES, B_256, M_SHA256, 1, 0, 0 },
-    {0,CS(TLS_RSA_WITH_AES_256_CBC_SHA),          S_RSA, K_RSA, C_AES, B_256, M_SHA, 1, 0, 0 },
-
-    {0,CS(TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_DHE, C_CAMELLIA, B_128, M_SHA, 0, 0, 0 },
-    {0,CS(TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA), S_DSA, K_DHE, C_CAMELLIA, B_128, M_SHA, 0, 0, 0 },
-    {0,CS(TLS_DHE_DSS_WITH_RC4_128_SHA),          S_DSA, K_DHE, C_RC4, B_128, M_SHA, 0, 0, 0 },
-    {0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256),   S_RSA, K_DHE, C_AES, B_128, M_SHA256, 1, 0, 0 },
-    {0,CS(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256),   S_RSA, K_DHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0 },
-    {0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA),      S_RSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0 },
-    {0,CS(TLS_DHE_DSS_WITH_AES_128_GCM_SHA256),   S_DSA, K_DHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0 },
-    {0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA),      S_DSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0 },
-    {0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA256),   S_DSA, K_DHE, C_AES, B_128, M_SHA256, 1, 0, 0 },
-    {0,CS(TLS_RSA_WITH_SEED_CBC_SHA),             S_RSA, K_RSA, C_SEED,B_128, M_SHA, 1, 0, 0 },
-    {0,CS(TLS_RSA_WITH_CAMELLIA_128_CBC_SHA),     S_RSA, K_RSA, C_CAMELLIA, B_128, M_SHA, 0, 0, 0 },
-    {0,CS(TLS_RSA_WITH_RC4_128_SHA),              S_RSA, K_RSA, C_RC4, B_128, M_SHA, 0, 0, 0 },
-    {0,CS(TLS_RSA_WITH_RC4_128_MD5),              S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0 },
-    {0,CS(TLS_RSA_WITH_AES_128_CBC_SHA256),       S_RSA, K_RSA, C_AES, B_128, M_SHA256, 1, 0, 0 },
-    {0,CS(TLS_RSA_WITH_AES_128_CBC_SHA),          S_RSA, K_RSA, C_AES, B_128, M_SHA, 1, 0, 0 },
-
-    {0,CS(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA),     S_RSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0 },
-    {0,CS(TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA),     S_DSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0 },
-    {0,CS(SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA),    S_RSA, K_RSA, C_3DES,B_3DES,M_SHA, 1, 0, 1 },
-    {0,CS(TLS_RSA_WITH_3DES_EDE_CBC_SHA),         S_RSA, K_RSA, C_3DES,B_3DES,M_SHA, 1, 0, 0 },
-
-    {0,CS(TLS_DHE_RSA_WITH_DES_CBC_SHA),          S_RSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0 },
-    {0,CS(TLS_DHE_DSS_WITH_DES_CBC_SHA),          S_DSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0 },
-    {0,CS(SSL_RSA_FIPS_WITH_DES_CBC_SHA),         S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 0, 1 },
-    {0,CS(TLS_RSA_WITH_DES_CBC_SHA),              S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 0, 0 },
-
-    {0,CS(TLS_RSA_EXPORT1024_WITH_RC4_56_SHA),    S_RSA, K_RSA, C_RC4, B_56,  M_SHA, 0, 1, 0 },
-    {0,CS(TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA),   S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 1, 0 },
-    {0,CS(TLS_RSA_EXPORT_WITH_RC4_40_MD5),        S_RSA, K_RSA, C_RC4, B_40,  M_MD5, 0, 1, 0 },
-    {0,CS(TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5),    S_RSA, K_RSA, C_RC2, B_40,  M_MD5, 0, 1, 0 },
-    {0,CS(TLS_RSA_WITH_NULL_SHA256),              S_RSA, K_RSA, C_NULL,B_0,   M_SHA256, 0, 1, 0 },
-    {0,CS(TLS_RSA_WITH_NULL_SHA),                 S_RSA, K_RSA, C_NULL,B_0,   M_SHA, 0, 1, 0 },
-    {0,CS(TLS_RSA_WITH_NULL_MD5),                 S_RSA, K_RSA, C_NULL,B_0,   M_MD5, 0, 1, 0 },
-
-    #ifndef NSS_DISABLE_ECC
-    /* ECC cipher suites */
-    {0,CS(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0 },
-    {0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256), S_ECDSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0 },
-
-    {0,CS(TLS_ECDH_ECDSA_WITH_NULL_SHA),          S_ECDSA, K_ECDH, C_NULL, B_0, M_SHA, 0, 0, 0 },
-    {0,CS(TLS_ECDH_ECDSA_WITH_RC4_128_SHA),       S_ECDSA, K_ECDH, C_RC4, B_128, M_SHA, 0, 0, 0 },
-    {0,CS(TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA),  S_ECDSA, K_ECDH, C_3DES, B_3DES, M_SHA, 1, 0, 0 },
-    {0,CS(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA),   S_ECDSA, K_ECDH, C_AES, B_128, M_SHA, 1, 0, 0 },
-    {0,CS(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA),   S_ECDSA, K_ECDH, C_AES, B_256, M_SHA, 1, 0, 0 },
-
-    {0,CS(TLS_ECDHE_ECDSA_WITH_NULL_SHA),         S_ECDSA, K_ECDHE, C_NULL, B_0, M_SHA, 0, 0, 0 },
-    {0,CS(TLS_ECDHE_ECDSA_WITH_RC4_128_SHA),      S_ECDSA, K_ECDHE, C_RC4, B_128, M_SHA, 0, 0, 0 },
-    {0,CS(TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA), S_ECDSA, K_ECDHE, C_3DES, B_3DES, M_SHA, 1, 0, 0 },
-    {0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA),  S_ECDSA, K_ECDHE, C_AES, B_128, M_SHA, 1, 0, 0 },
-    {0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256), S_ECDSA, K_ECDHE, C_AES, B_128, M_SHA256, 1, 0, 0 },
-    {0,CS(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA),  S_ECDSA, K_ECDHE, C_AES, B_256, M_SHA, 1, 0, 0 },
-    {0,CS(TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256), S_ECDSA, K_ECDHE, C_CHACHA20, B_256, M_AEAD_128, 0, 0, 0 },
-
-    {0,CS(TLS_ECDH_RSA_WITH_NULL_SHA),            S_RSA, K_ECDH, C_NULL, B_0, M_SHA, 0, 0, 0 },
-    {0,CS(TLS_ECDH_RSA_WITH_RC4_128_SHA),         S_RSA, K_ECDH, C_RC4, B_128, M_SHA, 0, 0, 0 },
-    {0,CS(TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA),    S_RSA, K_ECDH, C_3DES, B_3DES, M_SHA, 1, 0, 0 },
-    {0,CS(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA),     S_RSA, K_ECDH, C_AES, B_128, M_SHA, 1, 0, 0 },
-    {0,CS(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA),     S_RSA, K_ECDH, C_AES, B_256, M_SHA, 1, 0, 0 },
-
-    {0,CS(TLS_ECDHE_RSA_WITH_NULL_SHA),           S_RSA, K_ECDHE, C_NULL, B_0, M_SHA, 0, 0, 0 },
-    {0,CS(TLS_ECDHE_RSA_WITH_RC4_128_SHA),        S_RSA, K_ECDHE, C_RC4, B_128, M_SHA, 0, 0, 0 },
-    {0,CS(TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA),   S_RSA, K_ECDHE, C_3DES, B_3DES, M_SHA, 1, 0, 0 },
-    {0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA),    S_RSA, K_ECDHE, C_AES, B_128, M_SHA, 1, 0, 0 },
-    {0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_ECDHE, C_AES, B_128, M_SHA256, 1, 0, 0 },
-    {0,CS(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA),    S_RSA, K_ECDHE, C_AES, B_256, M_SHA, 1, 0, 0 },
-    {0,CS(TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256), S_RSA, K_ECDHE, C_CHACHA20, B_256, M_AEAD_128, 0, 0, 0 },
-    #endif /* NSS_DISABLE_ECC */
-
-    /* SSL 2 table */
-    {0,CK(SSL_CK_RC4_128_WITH_MD5),               S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0 },
-    {0,CK(SSL_CK_RC2_128_CBC_WITH_MD5),           S_RSA, K_RSA, C_RC2, B_128, M_MD5, 0, 0, 0 },
-    {0,CK(SSL_CK_DES_192_EDE3_CBC_WITH_MD5),      S_RSA, K_RSA, C_3DES,B_3DES,M_MD5, 0, 0, 0 },
-    {0,CK(SSL_CK_DES_64_CBC_WITH_MD5),            S_RSA, K_RSA, C_DES, B_DES, M_MD5, 0, 0, 0 },
-    {0,CK(SSL_CK_RC4_128_EXPORT40_WITH_MD5),      S_RSA, K_RSA, C_RC4, B_40,  M_MD5, 0, 1, 0 },
-    {0,CK(SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5),  S_RSA, K_RSA, C_RC2, B_40,  M_MD5, 0, 1, 0 }
-};
-/* clang-format on */
-
-#define NUM_SUITEINFOS ((sizeof suiteInfo) / (sizeof suiteInfo[0]))
-
-SECStatus
-SSL_GetCipherSuiteInfo(PRUint16 cipherSuite,
-                       SSLCipherSuiteInfo *info, PRUintn len)
-{
-    unsigned int i;
-
-    /* Check if we can properly return the length of data written and that
-     * we're not asked to return more information than we know how to provide.
-     */
-    if (!info || len < sizeof suiteInfo[0].length ||
-        len > sizeof suiteInfo[0]) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-    len = PR_MIN(len, sizeof suiteInfo[0]);
-    for (i = 0; i < NUM_SUITEINFOS; i++) {
-        if (suiteInfo[i].cipherSuite == cipherSuite) {
-            memcpy(info, &suiteInfo[i], len);
-            info->length = len;
-            return SECSuccess;
-        }
-    }
-    PORT_SetError(SEC_ERROR_INVALID_ARGS);
-    return SECFailure;
-}
-
-/* This function might be a candidate to be public.
- * Disables all export ciphers in the default set of enabled ciphers.
- */
-SECStatus
-SSL_DisableDefaultExportCipherSuites(void)
-{
-    const SSLCipherSuiteInfo *pInfo = suiteInfo;
-    unsigned int i;
-
-    for (i = 0; i < NUM_SUITEINFOS; ++i, ++pInfo) {
-        if (pInfo->isExportable) {
-            PORT_CheckSuccess(SSL_CipherPrefSetDefault(pInfo->cipherSuite, PR_FALSE));
-        }
-    }
-    return SECSuccess;
-}
-
-/* This function might be a candidate to be public,
- * except that it takes an sslSocket pointer as an argument.
- * A Public version would take a PRFileDesc pointer.
- * Disables all export ciphers in the default set of enabled ciphers.
- */
-SECStatus
-SSL_DisableExportCipherSuites(PRFileDesc *fd)
-{
-    const SSLCipherSuiteInfo *pInfo = suiteInfo;
-    unsigned int i;
-
-    for (i = 0; i < NUM_SUITEINFOS; ++i, ++pInfo) {
-        if (pInfo->isExportable) {
-            PORT_CheckSuccess(SSL_CipherPrefSet(fd, pInfo->cipherSuite, PR_FALSE));
-        }
-    }
-    return SECSuccess;
-}
-
-/* Tells us if the named suite is exportable
- * returns false for unknown suites.
- */
-PRBool
-SSL_IsExportCipherSuite(PRUint16 cipherSuite)
-{
-    unsigned int i;
-    for (i = 0; i < NUM_SUITEINFOS; i++) {
-        if (suiteInfo[i].cipherSuite == cipherSuite) {
-            return (PRBool)(suiteInfo[i].isExportable);
-        }
-    }
-    return PR_FALSE;
-}
-
-SECItem *
-SSL_GetNegotiatedHostInfo(PRFileDesc *fd)
-{
-    SECItem *sniName = NULL;
-    sslSocket *ss;
-    char *name = NULL;
-
-    ss = ssl_FindSocket(fd);
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetNegotiatedHostInfo",
-                 SSL_GETPID(), fd));
-        return NULL;
-    }
-
-    if (ss->sec.isServer) {
-        if (ss->version > SSL_LIBRARY_VERSION_3_0 &&
-            ss->ssl3.initialized) { /* TLS */
-            SECItem *crsName;
-            ssl_GetSpecReadLock(ss); /*********************************/
-            crsName = &ss->ssl3.cwSpec->srvVirtName;
-            if (crsName->data) {
-                sniName = SECITEM_DupItem(crsName);
-            }
-            ssl_ReleaseSpecReadLock(ss); /*----------------------------*/
-        }
-        return sniName;
-    }
-    name = SSL_RevealURL(fd);
-    if (name) {
-        sniName = PORT_ZNew(SECItem);
-        if (!sniName) {
-            PORT_Free(name);
-            return NULL;
-        }
-        sniName->data = (void *)name;
-        sniName->len = PORT_Strlen(name);
-    }
-    return sniName;
-}
-
-SECStatus
-SSL_ExportKeyingMaterial(PRFileDesc *fd,
-                         const char *label, unsigned int labelLen,
-                         PRBool hasContext,
-                         const unsigned char *context, unsigned int contextLen,
-                         unsigned char *out, unsigned int outLen)
-{
-    sslSocket *ss;
-    unsigned char *val = NULL;
-    unsigned int valLen, i;
-    SECStatus rv = SECFailure;
-
-    ss = ssl_FindSocket(fd);
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in ExportKeyingMaterial",
-                 SSL_GETPID(), fd));
-        return SECFailure;
-    }
-
-    ssl_GetRecvBufLock(ss);
-    ssl_GetSSL3HandshakeLock(ss);
-
-    if (ss->version < SSL_LIBRARY_VERSION_3_1_TLS) {
-        PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION);
-        ssl_ReleaseSSL3HandshakeLock(ss);
-        ssl_ReleaseRecvBufLock(ss);
-        return SECFailure;
-    }
-
-    /* construct PRF arguments */
-    valLen = SSL3_RANDOM_LENGTH * 2;
-    if (hasContext) {
-        valLen += 2 /* PRUint16 length */ + contextLen;
-    }
-    val = PORT_Alloc(valLen);
-    if (!val) {
-        ssl_ReleaseSSL3HandshakeLock(ss);
-        ssl_ReleaseRecvBufLock(ss);
-        return SECFailure;
-    }
-    i = 0;
-    PORT_Memcpy(val + i, &ss->ssl3.hs.client_random.rand, SSL3_RANDOM_LENGTH);
-    i += SSL3_RANDOM_LENGTH;
-    PORT_Memcpy(val + i, &ss->ssl3.hs.server_random.rand, SSL3_RANDOM_LENGTH);
-    i += SSL3_RANDOM_LENGTH;
-    if (hasContext) {
-        val[i++] = contextLen >> 8;
-        val[i++] = contextLen;
-        PORT_Memcpy(val + i, context, contextLen);
-        i += contextLen;
-    }
-    PORT_Assert(i == valLen);
-
-    /* Allow TLS keying material to be exported sooner, when the master
-     * secret is available and we have sent ChangeCipherSpec.
-     */
-    ssl_GetSpecReadLock(ss);
-    if (!ss->ssl3.cwSpec->master_secret && !ss->ssl3.cwSpec->msItem.len) {
-        PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED);
-        rv = SECFailure;
-    } else {
-        rv = ssl3_TLSPRFWithMasterSecret(ss->ssl3.cwSpec, label, labelLen, val,
-                                         valLen, out, outLen);
-    }
-    ssl_ReleaseSpecReadLock(ss);
-    ssl_ReleaseSSL3HandshakeLock(ss);
-    ssl_ReleaseRecvBufLock(ss);
-
-    PORT_ZFree(val, valLen);
-    return rv;
-}
diff --git a/chromium/net/third_party/nss/ssl/sslinit.c b/chromium/net/third_party/nss/ssl/sslinit.c
deleted file mode 100644
index 0f38c0b57bd..00000000000
--- a/chromium/net/third_party/nss/ssl/sslinit.c
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * NSS utility functions
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "prtypes.h"
-#include "prinit.h"
-#include "seccomon.h"
-#include "secerr.h"
-#include "ssl.h"
-#include "sslimpl.h"
-#include "sslproto.h"
-
-static int ssl_isInited = 0;
-static PRCallOnceType ssl_init = { 0 };
-
-PRStatus
-ssl_InitCallOnce(void *arg)
-{
-    int *error = (int *)arg;
-    SECStatus rv;
-
-    rv = ssl_InitializePRErrorTable();
-    if (rv != SECSuccess) {
-        *error = SEC_ERROR_NO_MEMORY;
-        return PR_FAILURE;
-    }
-#ifdef DEBUG
-    ssl3_CheckCipherSuiteOrderConsistency();
-#endif
-
-    rv = ssl3_ApplyNSSPolicy();
-    if (rv != SECSuccess) {
-        *error = PORT_GetError();
-        return PR_FAILURE;
-    }
-    return PR_SUCCESS;
-}
-
-SECStatus
-ssl_Init(void)
-{
-    PRStatus nrv;
-
-    /* short circuit test if we are already inited */
-    if (!ssl_isInited) {
-        int error;
-        /* only do this once at init time, block all others until we are done */
-        nrv = PR_CallOnceWithArg(&ssl_init, ssl_InitCallOnce, &error);
-        if (nrv != PR_SUCCESS) {
-            PORT_SetError(error);
-            return SECFailure;
-        }
-        ssl_isInited = 1;
-    }
-    return SECSuccess;
-}
diff --git a/chromium/net/third_party/nss/ssl/sslmutex.c b/chromium/net/third_party/nss/ssl/sslmutex.c
deleted file mode 100644
index 0e2edc9f0e5..00000000000
--- a/chromium/net/third_party/nss/ssl/sslmutex.c
+++ /dev/null
@@ -1,647 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "seccomon.h"
-/* This ifdef should match the one in sslsnce.c */
-#if defined(XP_UNIX) || defined(XP_WIN32) || defined(XP_OS2) || defined(XP_BEOS)
-
-#include "sslmutex.h"
-#include "prerr.h"
-
-static SECStatus
-single_process_sslMutex_Init(sslMutex* pMutex)
-{
-    PR_ASSERT(pMutex != 0 && pMutex->u.sslLock == 0);
-
-    pMutex->u.sslLock = PR_NewLock();
-    if (!pMutex->u.sslLock) {
-        return SECFailure;
-    }
-    return SECSuccess;
-}
-
-static SECStatus
-single_process_sslMutex_Destroy(sslMutex* pMutex)
-{
-    PR_ASSERT(pMutex != 0);
-    PR_ASSERT(pMutex->u.sslLock != 0);
-    if (!pMutex->u.sslLock) {
-        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
-        return SECFailure;
-    }
-    PR_DestroyLock(pMutex->u.sslLock);
-    return SECSuccess;
-}
-
-static SECStatus
-single_process_sslMutex_Unlock(sslMutex* pMutex)
-{
-    PR_ASSERT(pMutex != 0);
-    PR_ASSERT(pMutex->u.sslLock != 0);
-    if (!pMutex->u.sslLock) {
-        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
-        return SECFailure;
-    }
-    PR_Unlock(pMutex->u.sslLock);
-    return SECSuccess;
-}
-
-static SECStatus
-single_process_sslMutex_Lock(sslMutex* pMutex)
-{
-    PR_ASSERT(pMutex != 0);
-    PR_ASSERT(pMutex->u.sslLock != 0);
-    if (!pMutex->u.sslLock) {
-        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
-        return SECFailure;
-    }
-    PR_Lock(pMutex->u.sslLock);
-    return SECSuccess;
-}
-
-#if defined(LINUX) || defined(AIX) || defined(BEOS) || defined(BSDI) || (defined(NETBSD) && __NetBSD_Version__ < 500000000) || defined(OPENBSD)
-
-#include <unistd.h>
-#include <fcntl.h>
-#include <string.h>
-#include <errno.h>
-#include "unix_err.h"
-#include "pratom.h"
-
-#define SSL_MUTEX_MAGIC 0xfeedfd
-#define NONBLOCKING_POSTS 1 /* maybe this is faster */
-
-#if NONBLOCKING_POSTS
-
-#ifndef FNONBLOCK
-#define FNONBLOCK O_NONBLOCK
-#endif
-
-static int
-setNonBlocking(int fd, int nonBlocking)
-{
-    int flags;
-    int err;
-
-    flags = fcntl(fd, F_GETFL, 0);
-    if (0 > flags)
-        return flags;
-    if (nonBlocking)
-        flags |= FNONBLOCK;
-    else
-        flags &= ~FNONBLOCK;
-    err = fcntl(fd, F_SETFL, flags);
-    return err;
-}
-#endif
-
-SECStatus
-sslMutex_Init(sslMutex* pMutex, int shared)
-{
-    int err;
-    PR_ASSERT(pMutex);
-    pMutex->isMultiProcess = (PRBool)(shared != 0);
-    if (!shared) {
-        return single_process_sslMutex_Init(pMutex);
-    }
-    pMutex->u.pipeStr.mPipes[0] = -1;
-    pMutex->u.pipeStr.mPipes[1] = -1;
-    pMutex->u.pipeStr.mPipes[2] = -1;
-    pMutex->u.pipeStr.nWaiters = 0;
-
-    err = pipe(pMutex->u.pipeStr.mPipes);
-    if (err) {
-        nss_MD_unix_map_default_error(errno);
-        return err;
-    }
-#if NONBLOCKING_POSTS
-    err = setNonBlocking(pMutex->u.pipeStr.mPipes[1], 1);
-    if (err)
-        goto loser;
-#endif
-
-    pMutex->u.pipeStr.mPipes[2] = SSL_MUTEX_MAGIC;
-
-#if defined(LINUX) && defined(i386)
-    /* Pipe starts out empty */
-    return SECSuccess;
-#else
-    /* Pipe starts with one byte. */
-    return sslMutex_Unlock(pMutex);
-#endif
-
-loser:
-    nss_MD_unix_map_default_error(errno);
-    close(pMutex->u.pipeStr.mPipes[0]);
-    close(pMutex->u.pipeStr.mPipes[1]);
-    return SECFailure;
-}
-
-SECStatus
-sslMutex_Destroy(sslMutex* pMutex, PRBool processLocal)
-{
-    if (PR_FALSE == pMutex->isMultiProcess) {
-        return single_process_sslMutex_Destroy(pMutex);
-    }
-    if (pMutex->u.pipeStr.mPipes[2] != SSL_MUTEX_MAGIC) {
-        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
-        return SECFailure;
-    }
-    close(pMutex->u.pipeStr.mPipes[0]);
-    close(pMutex->u.pipeStr.mPipes[1]);
-
-    if (processLocal) {
-        return SECSuccess;
-    }
-
-    pMutex->u.pipeStr.mPipes[0] = -1;
-    pMutex->u.pipeStr.mPipes[1] = -1;
-    pMutex->u.pipeStr.mPipes[2] = -1;
-    pMutex->u.pipeStr.nWaiters = 0;
-
-    return SECSuccess;
-}
-
-#if defined(LINUX) && defined(i386)
-/* No memory barrier needed for this platform */
-
-/* nWaiters includes the holder of the lock (if any) and the number
-** threads waiting for it.  After incrementing nWaiters, if the count
-** is exactly 1, then you have the lock and may proceed.  If the
-** count is greater than 1, then you must wait on the pipe.
-*/
-
-SECStatus
-sslMutex_Unlock(sslMutex* pMutex)
-{
-    PRInt32 newValue;
-    if (PR_FALSE == pMutex->isMultiProcess) {
-        return single_process_sslMutex_Unlock(pMutex);
-    }
-
-    if (pMutex->u.pipeStr.mPipes[2] != SSL_MUTEX_MAGIC) {
-        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
-        return SECFailure;
-    }
-    /* Do Memory Barrier here. */
-    newValue = PR_ATOMIC_DECREMENT(&pMutex->u.pipeStr.nWaiters);
-    if (newValue > 0) {
-        int cc;
-        char c = 1;
-        do {
-            cc = write(pMutex->u.pipeStr.mPipes[1], &c, 1);
-        } while (cc < 0 && (errno == EINTR || errno == EAGAIN));
-        if (cc != 1) {
-            if (cc < 0)
-                nss_MD_unix_map_default_error(errno);
-            else
-                PORT_SetError(PR_UNKNOWN_ERROR);
-            return SECFailure;
-        }
-    }
-    return SECSuccess;
-}
-
-SECStatus
-sslMutex_Lock(sslMutex* pMutex)
-{
-    PRInt32 newValue;
-    if (PR_FALSE == pMutex->isMultiProcess) {
-        return single_process_sslMutex_Lock(pMutex);
-    }
-
-    if (pMutex->u.pipeStr.mPipes[2] != SSL_MUTEX_MAGIC) {
-        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
-        return SECFailure;
-    }
-    newValue = PR_ATOMIC_INCREMENT(&pMutex->u.pipeStr.nWaiters);
-    /* Do Memory Barrier here. */
-    if (newValue > 1) {
-        int cc;
-        char c;
-        do {
-            cc = read(pMutex->u.pipeStr.mPipes[0], &c, 1);
-        } while (cc < 0 && errno == EINTR);
-        if (cc != 1) {
-            if (cc < 0)
-                nss_MD_unix_map_default_error(errno);
-            else
-                PORT_SetError(PR_UNKNOWN_ERROR);
-            return SECFailure;
-        }
-    }
-    return SECSuccess;
-}
-
-#else
-
-/* Using Atomic operations requires the use of a memory barrier instruction
-** on PowerPC, Sparc, and Alpha.  NSPR's PR_Atomic functions do not perform
-** them, and NSPR does not provide a function that does them (e.g. PR_Barrier).
-** So, we don't use them on those platforms.
-*/
-
-SECStatus
-sslMutex_Unlock(sslMutex* pMutex)
-{
-    int cc;
-    char c = 1;
-
-    if (PR_FALSE == pMutex->isMultiProcess) {
-        return single_process_sslMutex_Unlock(pMutex);
-    }
-
-    if (pMutex->u.pipeStr.mPipes[2] != SSL_MUTEX_MAGIC) {
-        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
-        return SECFailure;
-    }
-    do {
-        cc = write(pMutex->u.pipeStr.mPipes[1], &c, 1);
-    } while (cc < 0 && (errno == EINTR || errno == EAGAIN));
-    if (cc != 1) {
-        if (cc < 0)
-            nss_MD_unix_map_default_error(errno);
-        else
-            PORT_SetError(PR_UNKNOWN_ERROR);
-        return SECFailure;
-    }
-
-    return SECSuccess;
-}
-
-SECStatus
-sslMutex_Lock(sslMutex* pMutex)
-{
-    int cc;
-    char c;
-
-    if (PR_FALSE == pMutex->isMultiProcess) {
-        return single_process_sslMutex_Lock(pMutex);
-    }
-
-    if (pMutex->u.pipeStr.mPipes[2] != SSL_MUTEX_MAGIC) {
-        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
-        return SECFailure;
-    }
-
-    do {
-        cc = read(pMutex->u.pipeStr.mPipes[0], &c, 1);
-    } while (cc < 0 && errno == EINTR);
-    if (cc != 1) {
-        if (cc < 0)
-            nss_MD_unix_map_default_error(errno);
-        else
-            PORT_SetError(PR_UNKNOWN_ERROR);
-        return SECFailure;
-    }
-
-    return SECSuccess;
-}
-
-#endif
-
-#elif defined(WIN32)
-
-#include "win32err.h"
-
-/* on Windows, we need to find the optimal type of locking mechanism to use
- for the sslMutex.
-
- There are 3 cases :
- 1) single-process, use a PRLock, as for all other platforms
- 2) Win95 multi-process, use a Win32 mutex
- 3) on WINNT multi-process, use a PRLock + a Win32 mutex
-
-*/
-
-#ifdef WINNT
-
-SECStatus
-sslMutex_2LevelInit(sslMutex *sem)
-{
-    /*  the following adds a PRLock to sslMutex . This is done in each
-        process of a multi-process server and is only needed on WINNT, if
-        using fibers. We can't tell if native threads or fibers are used, so
-        we always do it on WINNT
-    */
-    PR_ASSERT(sem);
-    if (sem) {
-        /* we need to reset the sslLock in the children or the single_process init
-           function below will assert */
-        sem->u.sslLock = NULL;
-    }
-    return single_process_sslMutex_Init(sem);
-}
-
-static SECStatus
-sslMutex_2LevelDestroy(sslMutex *sem)
-{
-    return single_process_sslMutex_Destroy(sem);
-}
-
-#endif
-
-SECStatus
-sslMutex_Init(sslMutex *pMutex, int shared)
-{
-#ifdef WINNT
-    SECStatus retvalue;
-#endif
-    HANDLE hMutex;
-    SECURITY_ATTRIBUTES attributes =
-        { sizeof(SECURITY_ATTRIBUTES), NULL, TRUE };
-
-    PR_ASSERT(pMutex != 0 && (pMutex->u.sslMutx == 0 ||
-                              pMutex->u.sslMutx ==
-                                  INVALID_HANDLE_VALUE));
-
-    pMutex->isMultiProcess = (PRBool)(shared != 0);
-
-    if (PR_FALSE == pMutex->isMultiProcess) {
-        return single_process_sslMutex_Init(pMutex);
-    }
-
-#ifdef WINNT
-    /*  we need a lock on WINNT for fibers in the parent process */
-    retvalue = sslMutex_2LevelInit(pMutex);
-    if (SECSuccess != retvalue)
-        return SECFailure;
-#endif
-
-    if (!pMutex || ((hMutex = pMutex->u.sslMutx) != 0 &&
-                    hMutex !=
-                        INVALID_HANDLE_VALUE)) {
-        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
-        return SECFailure;
-    }
-    attributes.bInheritHandle = (shared ? TRUE : FALSE);
-    hMutex = CreateMutex(&attributes, FALSE, NULL);
-    if (hMutex == NULL) {
-        hMutex = INVALID_HANDLE_VALUE;
-        nss_MD_win32_map_default_error(GetLastError());
-        return SECFailure;
-    }
-    pMutex->u.sslMutx = hMutex;
-    return SECSuccess;
-}
-
-SECStatus
-sslMutex_Destroy(sslMutex *pMutex, PRBool processLocal)
-{
-    HANDLE hMutex;
-    int rv;
-    int retvalue = SECSuccess;
-
-    PR_ASSERT(pMutex != 0);
-    if (PR_FALSE == pMutex->isMultiProcess) {
-        return single_process_sslMutex_Destroy(pMutex);
-    }
-
-/*  multi-process mode */
-#ifdef WINNT
-    /* on NT, get rid of the PRLock used for fibers within a process */
-    retvalue = sslMutex_2LevelDestroy(pMutex);
-#endif
-
-    PR_ASSERT(pMutex->u.sslMutx != 0 &&
-              pMutex->u.sslMutx != INVALID_HANDLE_VALUE);
-    if (!pMutex || (hMutex = pMutex->u.sslMutx) == 0 ||
-        hMutex == INVALID_HANDLE_VALUE) {
-        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
-        return SECFailure;
-    }
-
-    rv = CloseHandle(hMutex); /* ignore error */
-    if (!processLocal && rv) {
-        pMutex->u.sslMutx = hMutex = INVALID_HANDLE_VALUE;
-    }
-    if (!rv) {
-        nss_MD_win32_map_default_error(GetLastError());
-        retvalue = SECFailure;
-    }
-    return retvalue;
-}
-
-int
-sslMutex_Unlock(sslMutex *pMutex)
-{
-    BOOL success = FALSE;
-    HANDLE hMutex;
-
-    PR_ASSERT(pMutex != 0);
-    if (PR_FALSE == pMutex->isMultiProcess) {
-        return single_process_sslMutex_Unlock(pMutex);
-    }
-
-    PR_ASSERT(pMutex->u.sslMutx != 0 &&
-              pMutex->u.sslMutx != INVALID_HANDLE_VALUE);
-    if (!pMutex || (hMutex = pMutex->u.sslMutx) == 0 ||
-        hMutex == INVALID_HANDLE_VALUE) {
-        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
-        return SECFailure;
-    }
-    success = ReleaseMutex(hMutex);
-    if (!success) {
-        nss_MD_win32_map_default_error(GetLastError());
-        return SECFailure;
-    }
-#ifdef WINNT
-    return single_process_sslMutex_Unlock(pMutex);
-    /* release PRLock for other fibers in the process */
-#else
-    return SECSuccess;
-#endif
-}
-
-int
-sslMutex_Lock(sslMutex *pMutex)
-{
-    HANDLE hMutex;
-    DWORD event;
-    DWORD lastError;
-    SECStatus rv;
-    SECStatus retvalue = SECSuccess;
-    PR_ASSERT(pMutex != 0);
-
-    if (PR_FALSE == pMutex->isMultiProcess) {
-        return single_process_sslMutex_Lock(pMutex);
-    }
-#ifdef WINNT
-    /* lock first to preserve from other threads/fibers
-       in the same process */
-    retvalue = single_process_sslMutex_Lock(pMutex);
-#endif
-    PR_ASSERT(pMutex->u.sslMutx != 0 &&
-              pMutex->u.sslMutx != INVALID_HANDLE_VALUE);
-    if (!pMutex || (hMutex = pMutex->u.sslMutx) == 0 ||
-        hMutex == INVALID_HANDLE_VALUE) {
-        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
-        return SECFailure; /* what else ? */
-    }
-    /* acquire the mutex to be the only owner accross all other processes */
-    event = WaitForSingleObject(hMutex, INFINITE);
-    switch (event) {
-        case WAIT_OBJECT_0:
-        case WAIT_ABANDONED:
-            rv = SECSuccess;
-            break;
-
-        case WAIT_TIMEOUT:
-#if defined(WAIT_IO_COMPLETION)
-        case WAIT_IO_COMPLETION:
-#endif
-        default: /* should never happen. nothing we can do. */
-            PR_ASSERT(!("WaitForSingleObject returned invalid value."));
-            PORT_SetError(PR_UNKNOWN_ERROR);
-            rv = SECFailure;
-            break;
-
-        case WAIT_FAILED: /* failure returns this */
-            rv = SECFailure;
-            lastError = GetLastError(); /* for debugging */
-            nss_MD_win32_map_default_error(lastError);
-            break;
-    }
-
-    if (!(SECSuccess == retvalue && SECSuccess == rv)) {
-        return SECFailure;
-    }
-
-    return SECSuccess;
-}
-
-#elif defined(XP_UNIX) && !defined(DARWIN)
-
-#include <errno.h>
-#include "unix_err.h"
-
-SECStatus
-sslMutex_Init(sslMutex* pMutex, int shared)
-{
-    int rv;
-    PR_ASSERT(pMutex);
-    pMutex->isMultiProcess = (PRBool)(shared != 0);
-    if (!shared) {
-        return single_process_sslMutex_Init(pMutex);
-    }
-    do {
-        rv = sem_init(&pMutex->u.sem, shared, 1);
-    } while (rv < 0 && errno == EINTR);
-    if (rv < 0) {
-        nss_MD_unix_map_default_error(errno);
-        return SECFailure;
-    }
-    return SECSuccess;
-}
-
-SECStatus
-sslMutex_Destroy(sslMutex* pMutex, PRBool processLocal)
-{
-    int rv;
-    if (PR_FALSE == pMutex->isMultiProcess) {
-        return single_process_sslMutex_Destroy(pMutex);
-    }
-
-    /* semaphores are global resources. See SEM_DESTROY(3) man page */
-    if (processLocal) {
-        return SECSuccess;
-    }
-    do {
-        rv = sem_destroy(&pMutex->u.sem);
-    } while (rv < 0 && errno == EINTR);
-    if (rv < 0) {
-        nss_MD_unix_map_default_error(errno);
-        return SECFailure;
-    }
-    return SECSuccess;
-}
-
-SECStatus
-sslMutex_Unlock(sslMutex* pMutex)
-{
-    int rv;
-    if (PR_FALSE == pMutex->isMultiProcess) {
-        return single_process_sslMutex_Unlock(pMutex);
-    }
-    do {
-        rv = sem_post(&pMutex->u.sem);
-    } while (rv < 0 && errno == EINTR);
-    if (rv < 0) {
-        nss_MD_unix_map_default_error(errno);
-        return SECFailure;
-    }
-    return SECSuccess;
-}
-
-SECStatus
-sslMutex_Lock(sslMutex* pMutex)
-{
-    int rv;
-    if (PR_FALSE == pMutex->isMultiProcess) {
-        return single_process_sslMutex_Lock(pMutex);
-    }
-    do {
-        rv = sem_wait(&pMutex->u.sem);
-    } while (rv < 0 && errno == EINTR);
-    if (rv < 0) {
-        nss_MD_unix_map_default_error(errno);
-        return SECFailure;
-    }
-    return SECSuccess;
-}
-
-#else
-
-SECStatus
-sslMutex_Init(sslMutex* pMutex, int shared)
-{
-    PR_ASSERT(pMutex);
-    pMutex->isMultiProcess = (PRBool)(shared != 0);
-    if (!shared) {
-        return single_process_sslMutex_Init(pMutex);
-    }
-    PORT_Assert(!("sslMutex_Init not implemented for multi-process applications !"));
-    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
-    return SECFailure;
-}
-
-SECStatus
-sslMutex_Destroy(sslMutex* pMutex, PRBool processLocal)
-{
-    PR_ASSERT(pMutex);
-    if (PR_FALSE == pMutex->isMultiProcess) {
-        return single_process_sslMutex_Destroy(pMutex);
-    }
-    PORT_Assert(!("sslMutex_Destroy not implemented for multi-process applications !"));
-    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
-    return SECFailure;
-}
-
-SECStatus
-sslMutex_Unlock(sslMutex* pMutex)
-{
-    PR_ASSERT(pMutex);
-    if (PR_FALSE == pMutex->isMultiProcess) {
-        return single_process_sslMutex_Unlock(pMutex);
-    }
-    PORT_Assert(!("sslMutex_Unlock not implemented for multi-process applications !"));
-    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
-    return SECFailure;
-}
-
-SECStatus
-sslMutex_Lock(sslMutex* pMutex)
-{
-    PR_ASSERT(pMutex);
-    if (PR_FALSE == pMutex->isMultiProcess) {
-        return single_process_sslMutex_Lock(pMutex);
-    }
-    PORT_Assert(!("sslMutex_Lock not implemented for multi-process applications !"));
-    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
-    return SECFailure;
-}
-
-#endif
-
-#endif
diff --git a/chromium/net/third_party/nss/ssl/sslmutex.h b/chromium/net/third_party/nss/ssl/sslmutex.h
deleted file mode 100644
index 7611148adce..00000000000
--- a/chromium/net/third_party/nss/ssl/sslmutex.h
+++ /dev/null
@@ -1,128 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-#ifndef __SSLMUTEX_H_
-#define __SSLMUTEX_H_ 1
-
-/* What SSL really wants is portable process-shared unnamed mutexes in
- * shared memory, that have the property that if the process that holds
- * them dies, they are released automatically, and that (unlike fcntl
- * record locking) lock to the thread, not to the process.
- * NSPR doesn't provide that.
- * Windows has mutexes that meet that description, but they're not portable.
- * POSIX mutexes are not automatically released when the holder dies,
- * and other processes/threads cannot release the mutex on behalf of the
- * dead holder.
- * POSIX semaphores can be used to accomplish this on systems that implement
- * process-shared unnamed POSIX semaphores, because a watchdog thread can
- * discover and release semaphores that were held by a dead process.
- * On systems that do not support process-shared POSIX unnamed semaphores,
- * they can be emulated using pipes.
- * The performance cost of doing that is not yet measured.
- *
- * So, this API looks a lot like POSIX pthread mutexes.
- */
-
-#include "prtypes.h"
-#include "prlock.h"
-
-#if defined(NETBSD)
-#include <sys/param.h> /* for __NetBSD_Version__ */
-#endif
-
-#if defined(WIN32)
-
-#include <wtypes.h>
-
-typedef struct {
-    PRBool isMultiProcess;
-#ifdef WINNT
-    /* on WINNT we need both the PRLock and the Win32 mutex for fibers */
-    struct {
-#else
-    union {
-#endif
-        PRLock *sslLock;
-        HANDLE sslMutx;
-    } u;
-} sslMutex;
-
-typedef int sslPID;
-
-#elif defined(LINUX) || defined(AIX) || defined(BEOS) || defined(BSDI) || (defined(NETBSD) && __NetBSD_Version__ < 500000000) || defined(OPENBSD)
-
-#include <sys/types.h>
-#include "prtypes.h"
-
-typedef struct {
-    PRBool isMultiProcess;
-    union {
-        PRLock *sslLock;
-        struct {
-            int mPipes[3];
-            PRInt32 nWaiters;
-        } pipeStr;
-    } u;
-} sslMutex;
-typedef pid_t sslPID;
-
-/* other types of unix, except OS X */
-#elif defined(XP_UNIX) && !defined(DARWIN)
-
-#include <sys/types.h> /* for pid_t */
-#include <semaphore.h> /* for sem_t, and sem_* functions */
-
-typedef struct {
-    PRBool isMultiProcess;
-    union {
-        PRLock *sslLock;
-        sem_t sem;
-    } u;
-} sslMutex;
-
-typedef pid_t sslPID;
-
-#else /* no support for cross-process locking */
-
-/* what platform is this ?? */
-
-typedef struct {
-    PRBool isMultiProcess;
-    union {
-        PRLock *sslLock;
-        /* include cross-process locking mechanism here */
-    } u;
-} sslMutex;
-
-#ifdef DARWIN
-typedef pid_t sslPID;
-#else
-typedef int sslPID;
-#endif
-
-#endif
-
-#include "seccomon.h"
-
-SEC_BEGIN_PROTOS
-
-extern SECStatus sslMutex_Init(sslMutex *sem, int shared);
-
-/* If processLocal is set to true, then just free resources which are *only* associated
- * with the current process. Leave any shared resources (including the state of
- * shared memory) intact. */
-extern SECStatus sslMutex_Destroy(sslMutex *sem, PRBool processLocal);
-
-extern SECStatus sslMutex_Unlock(sslMutex *sem);
-
-extern SECStatus sslMutex_Lock(sslMutex *sem);
-
-#ifdef WINNT
-
-extern SECStatus sslMutex_2LevelInit(sslMutex *sem);
-
-#endif
-
-SEC_END_PROTOS
-
-#endif
diff --git a/chromium/net/third_party/nss/ssl/sslnonce.c b/chromium/net/third_party/nss/ssl/sslnonce.c
deleted file mode 100644
index 99591cc1488..00000000000
--- a/chromium/net/third_party/nss/ssl/sslnonce.c
+++ /dev/null
@@ -1,467 +0,0 @@
-/*
- * This file implements the CLIENT Session ID cache.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "cert.h"
-#include "pk11pub.h"
-#include "secitem.h"
-#include "ssl.h"
-#include "nss.h"
-
-#include "sslimpl.h"
-#include "sslproto.h"
-#include "nssilock.h"
-#if defined(XP_UNIX) || defined(XP_WIN) || defined(_WINDOWS) || defined(XP_BEOS)
-#include <time.h>
-#endif
-
-PRUint32 ssl_sid_timeout = 100;
-PRUint32 ssl3_sid_timeout = 86400L; /* 24 hours */
-
-static sslSessionID *cache = NULL;
-static PZLock *cacheLock = NULL;
-
-/* sids can be in one of 4 states:
- *
- * never_cached,        created, but not yet put into cache.
- * in_client_cache,     in the client cache's linked list.
- * in_server_cache,     entry came from the server's cache file.
- * invalid_cache        has been removed from the cache.
- */
-
-#define LOCK_CACHE lock_cache()
-#define UNLOCK_CACHE PZ_Unlock(cacheLock)
-
-static PRCallOnceType lockOnce;
-
-/* FreeSessionCacheLocks is a callback from NSS_RegisterShutdown which destroys
- * the session cache locks on shutdown and resets them to their initial
- * state. */
-static SECStatus
-FreeSessionCacheLocks(void *appData, void *nssData)
-{
-    static const PRCallOnceType pristineCallOnce;
-    SECStatus rv;
-
-    if (!cacheLock) {
-        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
-        return SECFailure;
-    }
-
-    PZ_DestroyLock(cacheLock);
-    cacheLock = NULL;
-
-    rv = ssl_FreeSymWrapKeysLock();
-    if (rv != SECSuccess) {
-        return rv;
-    }
-
-    lockOnce = pristineCallOnce;
-    return SECSuccess;
-}
-
-/* InitSessionCacheLocks is called, protected by lockOnce, to create the
- * session cache locks. */
-static PRStatus
-InitSessionCacheLocks(void)
-{
-    SECStatus rv;
-
-    cacheLock = PZ_NewLock(nssILockCache);
-    if (cacheLock == NULL) {
-        return PR_FAILURE;
-    }
-    rv = ssl_InitSymWrapKeysLock();
-    if (rv != SECSuccess) {
-        PRErrorCode error = PORT_GetError();
-        PZ_DestroyLock(cacheLock);
-        cacheLock = NULL;
-        PORT_SetError(error);
-        return PR_FAILURE;
-    }
-
-    rv = NSS_RegisterShutdown(FreeSessionCacheLocks, NULL);
-    PORT_Assert(SECSuccess == rv);
-    if (SECSuccess != rv) {
-        return PR_FAILURE;
-    }
-    return PR_SUCCESS;
-}
-
-SECStatus
-ssl_InitSessionCacheLocks()
-{
-    return (PR_SUCCESS ==
-            PR_CallOnce(&lockOnce, InitSessionCacheLocks))
-               ? SECSuccess
-               : SECFailure;
-}
-
-static void
-lock_cache(void)
-{
-    ssl_InitSessionCacheLocks();
-    PZ_Lock(cacheLock);
-}
-
-/* BEWARE: This function gets called for both client and server SIDs !!
- * If the unreferenced sid is not in the cache, Free sid and its contents.
- */
-static void
-ssl_DestroySID(sslSessionID *sid)
-{
-    int i;
-    SSL_TRC(8, ("SSL: destroy sid: sid=0x%x cached=%d", sid, sid->cached));
-    PORT_Assert(sid->references == 0);
-    PORT_Assert(sid->cached != in_client_cache);
-
-    if (sid->version < SSL_LIBRARY_VERSION_3_0) {
-        SECITEM_ZfreeItem(&sid->u.ssl2.masterKey, PR_FALSE);
-        SECITEM_ZfreeItem(&sid->u.ssl2.cipherArg, PR_FALSE);
-    } else {
-        if (sid->u.ssl3.locked.sessionTicket.ticket.data) {
-            SECITEM_FreeItem(&sid->u.ssl3.locked.sessionTicket.ticket,
-                             PR_FALSE);
-        }
-        if (sid->u.ssl3.srvName.data) {
-            SECITEM_FreeItem(&sid->u.ssl3.srvName, PR_FALSE);
-        }
-        if (sid->u.ssl3.signedCertTimestamps.data) {
-            SECITEM_FreeItem(&sid->u.ssl3.signedCertTimestamps, PR_FALSE);
-        }
-        if (sid->u.ssl3.originalHandshakeHash.data) {
-            SECITEM_FreeItem(&sid->u.ssl3.originalHandshakeHash, PR_FALSE);
-        }
-
-        if (sid->u.ssl3.lock) {
-            PR_DestroyRWLock(sid->u.ssl3.lock);
-        }
-    }
-
-    if (sid->peerID != NULL)
-        PORT_Free((void *)sid->peerID); /* CONST */
-
-    if (sid->urlSvrName != NULL)
-        PORT_Free((void *)sid->urlSvrName); /* CONST */
-
-    if (sid->peerCert) {
-        CERT_DestroyCertificate(sid->peerCert);
-    }
-    for (i = 0; i < MAX_PEER_CERT_CHAIN_SIZE && sid->peerCertChain[i]; i++) {
-	CERT_DestroyCertificate(sid->peerCertChain[i]);
-    }
-    if (sid->peerCertStatus.items) {
-        SECITEM_FreeArray(&sid->peerCertStatus, PR_FALSE);
-    }
-
-    if (sid->localCert) {
-        CERT_DestroyCertificate(sid->localCert);
-    }
-
-    PORT_ZFree(sid, sizeof(sslSessionID));
-}
-
-/* BEWARE: This function gets called for both client and server SIDs !!
- * Decrement reference count, and
- *    free sid if ref count is zero, and sid is not in the cache.
- * Does NOT remove from the cache first.
- * If the sid is still in the cache, it is left there until next time
- * the cache list is traversed.
- */
-static void
-ssl_FreeLockedSID(sslSessionID *sid)
-{
-    PORT_Assert(sid->references >= 1);
-    if (--sid->references == 0) {
-        ssl_DestroySID(sid);
-    }
-}
-
-/* BEWARE: This function gets called for both client and server SIDs !!
- * Decrement reference count, and
- *    free sid if ref count is zero, and sid is not in the cache.
- * Does NOT remove from the cache first.
- * These locks are necessary because the sid _might_ be in the cache list.
- */
-void
-ssl_FreeSID(sslSessionID *sid)
-{
-    LOCK_CACHE;
-    ssl_FreeLockedSID(sid);
-    UNLOCK_CACHE;
-}
-
-/************************************************************************/
-
-/*
-**  Lookup sid entry in cache by Address, port, and peerID string.
-**  If found, Increment reference count, and return pointer to caller.
-**  If it has timed out or ref count is zero, remove from list and free it.
-*/
-
-sslSessionID *
-ssl_LookupSID(const PRIPv6Addr *addr, PRUint16 port, const char *peerID,
-              const char *urlSvrName)
-{
-    sslSessionID **sidp;
-    sslSessionID *sid;
-    PRUint32 now;
-
-    if (!urlSvrName)
-        return NULL;
-    now = ssl_Time();
-    LOCK_CACHE;
-    sidp = &cache;
-    while ((sid = *sidp) != 0) {
-        PORT_Assert(sid->cached == in_client_cache);
-        PORT_Assert(sid->references >= 1);
-
-        SSL_TRC(8, ("SSL: Lookup1: sid=0x%x", sid));
-
-        if (sid->expirationTime < now) {
-            /*
-            ** This session-id timed out.
-            ** Don't even care who it belongs to, blow it out of our cache.
-            */
-            SSL_TRC(7, ("SSL: lookup1, throwing sid out, age=%d refs=%d",
-                        now - sid->creationTime, sid->references));
-
-            *sidp = sid->next;                                      /* delink it from the list. */
-            sid->cached = invalid_cache;                            /* mark not on list. */
-            ssl_FreeLockedSID(sid);                                 /* drop ref count, free. */
-        } else if (!memcmp(&sid->addr, addr, sizeof(PRIPv6Addr)) && /* server IP addr matches */
-                   (sid->port == port) &&                           /* server port matches */
-                   /* proxy (peerID) matches */
-                   (((peerID == NULL) && (sid->peerID == NULL)) ||
-                    ((peerID != NULL) && (sid->peerID != NULL) &&
-                     PORT_Strcmp(sid->peerID, peerID) == 0)) &&
-                   /* is cacheable */
-                   (sid->version < SSL_LIBRARY_VERSION_3_0 ||
-                    sid->u.ssl3.keys.resumable) &&
-                   /* server hostname matches. */
-                   (sid->urlSvrName != NULL) &&
-                   (0 == PORT_Strcmp(urlSvrName, sid->urlSvrName))) {
-            /* Hit */
-            sid->lastAccessTime = now;
-            sid->references++;
-            break;
-        } else {
-            sidp = &sid->next;
-        }
-    }
-    UNLOCK_CACHE;
-    return sid;
-}
-
-/*
-** Add an sid to the cache or return a previously cached entry to the cache.
-** Although this is static, it is called via ss->sec.cache().
-*/
-static void
-CacheSID(sslSessionID *sid)
-{
-    PRUint32 expirationPeriod;
-
-    PORT_Assert(sid->cached == never_cached);
-
-    SSL_TRC(8, ("SSL: Cache: sid=0x%x cached=%d addr=0x%08x%08x%08x%08x port=0x%04x "
-                "time=%x cached=%d",
-                sid, sid->cached, sid->addr.pr_s6_addr32[0],
-                sid->addr.pr_s6_addr32[1], sid->addr.pr_s6_addr32[2],
-                sid->addr.pr_s6_addr32[3], sid->port, sid->creationTime,
-                sid->cached));
-
-    if (!sid->urlSvrName) {
-        /* don't cache this SID because it can never be matched */
-        return;
-    }
-
-    /* XXX should be different trace for version 2 vs. version 3 */
-    if (sid->version < SSL_LIBRARY_VERSION_3_0) {
-        expirationPeriod = ssl_sid_timeout;
-        PRINT_BUF(8, (0, "sessionID:",
-                      sid->u.ssl2.sessionID, sizeof(sid->u.ssl2.sessionID)));
-        PRINT_BUF(8, (0, "masterKey:",
-                      sid->u.ssl2.masterKey.data, sid->u.ssl2.masterKey.len));
-        PRINT_BUF(8, (0, "cipherArg:",
-                      sid->u.ssl2.cipherArg.data, sid->u.ssl2.cipherArg.len));
-    } else {
-        if (sid->u.ssl3.sessionIDLength == 0 &&
-            sid->u.ssl3.locked.sessionTicket.ticket.data == NULL)
-            return;
-
-        /* Client generates the SessionID if this was a stateless resume. */
-        if (sid->u.ssl3.sessionIDLength == 0) {
-            SECStatus rv;
-            rv = PK11_GenerateRandom(sid->u.ssl3.sessionID,
-                                     SSL3_SESSIONID_BYTES);
-            if (rv != SECSuccess)
-                return;
-            sid->u.ssl3.sessionIDLength = SSL3_SESSIONID_BYTES;
-        }
-        expirationPeriod = ssl3_sid_timeout;
-        PRINT_BUF(8, (0, "sessionID:",
-                      sid->u.ssl3.sessionID, sid->u.ssl3.sessionIDLength));
-
-        sid->u.ssl3.lock = PR_NewRWLock(PR_RWLOCK_RANK_NONE, NULL);
-        if (!sid->u.ssl3.lock) {
-            return;
-        }
-    }
-    PORT_Assert(sid->creationTime != 0 && sid->expirationTime != 0);
-    if (!sid->creationTime)
-        sid->lastAccessTime = sid->creationTime = ssl_Time();
-    if (!sid->expirationTime)
-        sid->expirationTime = sid->creationTime + expirationPeriod;
-
-    /*
-     * Put sid into the cache.  Bump reference count to indicate that
-     * cache is holding a reference. Uncache will reduce the cache
-     * reference.
-     */
-    LOCK_CACHE;
-    sid->references++;
-    sid->cached = in_client_cache;
-    sid->next = cache;
-    cache = sid;
-    UNLOCK_CACHE;
-}
-
-/*
- * If sid "zap" is in the cache,
- *    removes sid from cache, and decrements reference count.
- * Caller must hold cache lock.
- */
-static void
-UncacheSID(sslSessionID *zap)
-{
-    sslSessionID **sidp = &cache;
-    sslSessionID *sid;
-
-    if (zap->cached != in_client_cache) {
-        return;
-    }
-
-    SSL_TRC(8, ("SSL: Uncache: zap=0x%x cached=%d addr=0x%08x%08x%08x%08x port=0x%04x "
-                "time=%x cipher=%d",
-                zap, zap->cached, zap->addr.pr_s6_addr32[0],
-                zap->addr.pr_s6_addr32[1], zap->addr.pr_s6_addr32[2],
-                zap->addr.pr_s6_addr32[3], zap->port, zap->creationTime,
-                zap->u.ssl2.cipherType));
-    if (zap->version < SSL_LIBRARY_VERSION_3_0) {
-        PRINT_BUF(8, (0, "sessionID:",
-                      zap->u.ssl2.sessionID, sizeof(zap->u.ssl2.sessionID)));
-        PRINT_BUF(8, (0, "masterKey:",
-                      zap->u.ssl2.masterKey.data, zap->u.ssl2.masterKey.len));
-        PRINT_BUF(8, (0, "cipherArg:",
-                      zap->u.ssl2.cipherArg.data, zap->u.ssl2.cipherArg.len));
-    }
-
-    /* See if it's in the cache, if so nuke it */
-    while ((sid = *sidp) != 0) {
-        if (sid == zap) {
-            /*
-            ** Bingo. Reduce reference count by one so that when
-            ** everyone is done with the sid we can free it up.
-            */
-            *sidp = zap->next;
-            zap->cached = invalid_cache;
-            ssl_FreeLockedSID(zap);
-            return;
-        }
-        sidp = &sid->next;
-    }
-}
-
-/* If sid "zap" is in the cache,
- *    removes sid from cache, and decrements reference count.
- * Although this function is static, it is called externally via
- *    ss->sec.uncache().
- */
-static void
-LockAndUncacheSID(sslSessionID *zap)
-{
-    LOCK_CACHE;
-    UncacheSID(zap);
-    UNLOCK_CACHE;
-}
-
-/* choose client or server cache functions for this sslsocket. */
-void
-ssl_ChooseSessionIDProcs(sslSecurityInfo *sec)
-{
-    if (sec->isServer) {
-        sec->cache = ssl_sid_cache;
-        sec->uncache = ssl_sid_uncache;
-    } else {
-        sec->cache = CacheSID;
-        sec->uncache = LockAndUncacheSID;
-    }
-}
-
-/* wipe out the entire client session cache. */
-void
-SSL_ClearSessionCache(void)
-{
-    LOCK_CACHE;
-    while (cache != NULL)
-        UncacheSID(cache);
-    UNLOCK_CACHE;
-}
-
-/* returns an unsigned int containing the number of seconds in PR_Now() */
-PRUint32
-ssl_Time(void)
-{
-    PRUint32 myTime;
-#if defined(XP_UNIX) || defined(XP_WIN) || defined(_WINDOWS) || defined(XP_BEOS)
-    myTime = time(NULL); /* accurate until the year 2038. */
-#else
-    /* portable, but possibly slower */
-    PRTime now;
-    PRInt64 ll;
-
-    now = PR_Now();
-    LL_I2L(ll, 1000000L);
-    LL_DIV(now, now, ll);
-    LL_L2UI(myTime, now);
-#endif
-    return myTime;
-}
-
-void
-ssl3_SetSIDSessionTicket(sslSessionID *sid,
-                         /*in/out*/ NewSessionTicket *newSessionTicket)
-{
-    PORT_Assert(sid);
-    PORT_Assert(newSessionTicket);
-    PORT_Assert(newSessionTicket->ticket.data);
-    PORT_Assert(newSessionTicket->ticket.len != 0);
-
-    /* if sid->u.ssl3.lock, we are updating an existing entry that is already
-     * cached or was once cached, so we need to acquire and release the write
-     * lock. Otherwise, this is a new session that isn't shared with anything
-     * yet, so no locking is needed.
-     */
-    if (sid->u.ssl3.lock) {
-        PR_RWLock_Wlock(sid->u.ssl3.lock);
-        if (sid->u.ssl3.locked.sessionTicket.ticket.data) {
-            SECITEM_FreeItem(&sid->u.ssl3.locked.sessionTicket.ticket,
-                             PR_FALSE);
-        }
-    }
-
-    PORT_Assert(!sid->u.ssl3.locked.sessionTicket.ticket.data);
-
-    /* Do a shallow copy, moving the ticket data. */
-    sid->u.ssl3.locked.sessionTicket = *newSessionTicket;
-    newSessionTicket->ticket.data = NULL;
-    newSessionTicket->ticket.len = 0;
-
-    if (sid->u.ssl3.lock) {
-        PR_RWLock_Unlock(sid->u.ssl3.lock);
-    }
-}
diff --git a/chromium/net/third_party/nss/ssl/sslproto.h b/chromium/net/third_party/nss/ssl/sslproto.h
deleted file mode 100644
index 4fa260d6d0b..00000000000
--- a/chromium/net/third_party/nss/ssl/sslproto.h
+++ /dev/null
@@ -1,286 +0,0 @@
-/*
- * Various and sundry protocol constants. DON'T CHANGE THESE. These values
- * are mostly defined by the SSL2, SSL3, or TLS protocol specifications.
- * Cipher kinds and ciphersuites are part of the public API.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef __sslproto_h_
-#define __sslproto_h_
-
-/* clang-format off */
-
-/* All versions less than 3_0 are treated as SSL version 2 */
-#define SSL_LIBRARY_VERSION_2                   0x0002
-#define SSL_LIBRARY_VERSION_3_0                 0x0300
-#define SSL_LIBRARY_VERSION_TLS_1_0             0x0301
-#define SSL_LIBRARY_VERSION_TLS_1_1             0x0302
-#define SSL_LIBRARY_VERSION_TLS_1_2             0x0303
-#define SSL_LIBRARY_VERSION_TLS_1_3             0x0304
-
-/* Note: this is the internal format, not the wire format */
-#define SSL_LIBRARY_VERSION_DTLS_1_0            0x0302
-#define SSL_LIBRARY_VERSION_DTLS_1_2            0x0303
-#define SSL_LIBRARY_VERSION_DTLS_1_3            0x0304
-
-/* deprecated old name */
-#define SSL_LIBRARY_VERSION_3_1_TLS SSL_LIBRARY_VERSION_TLS_1_0
-
-/* The DTLS versions used in the spec */
-#define SSL_LIBRARY_VERSION_DTLS_1_0_WIRE       ((~0x0100) & 0xffff)
-#define SSL_LIBRARY_VERSION_DTLS_1_2_WIRE       ((~0x0102) & 0xffff)
-#define SSL_LIBRARY_VERSION_DTLS_1_3_WIRE       ((~0x0103) & 0xffff)
-
-/* Header lengths of some of the messages */
-#define SSL_HL_ERROR_HBYTES                     3
-#define SSL_HL_CLIENT_HELLO_HBYTES              9
-#define SSL_HL_CLIENT_MASTER_KEY_HBYTES         10
-#define SSL_HL_CLIENT_FINISHED_HBYTES           1
-#define SSL_HL_SERVER_HELLO_HBYTES              11
-#define SSL_HL_SERVER_VERIFY_HBYTES             1
-#define SSL_HL_SERVER_FINISHED_HBYTES           1
-#define SSL_HL_REQUEST_CERTIFICATE_HBYTES       2
-#define SSL_HL_CLIENT_CERTIFICATE_HBYTES        6
-
-/* Security handshake protocol codes */
-#define SSL_MT_ERROR                            0
-#define SSL_MT_CLIENT_HELLO                     1
-#define SSL_MT_CLIENT_MASTER_KEY                2
-#define SSL_MT_CLIENT_FINISHED                  3
-#define SSL_MT_SERVER_HELLO                     4
-#define SSL_MT_SERVER_VERIFY                    5
-#define SSL_MT_SERVER_FINISHED                  6
-#define SSL_MT_REQUEST_CERTIFICATE              7
-#define SSL_MT_CLIENT_CERTIFICATE               8
-
-/* Certificate types */
-#define SSL_CT_X509_CERTIFICATE                 0x01
-#if 0 /* XXX Not implemented yet */
-#define SSL_PKCS6_CERTIFICATE                   0x02
-#endif
-#define SSL_AT_MD5_WITH_RSA_ENCRYPTION          0x01
-
-/* Error codes */
-#define SSL_PE_NO_CYPHERS                       0x0001
-#define SSL_PE_NO_CERTIFICATE                   0x0002
-#define SSL_PE_BAD_CERTIFICATE                  0x0004
-#define SSL_PE_UNSUPPORTED_CERTIFICATE_TYPE     0x0006
-
-/* Cypher kinds (not the spec version!) */
-#define SSL_CK_RC4_128_WITH_MD5                 0x01
-#define SSL_CK_RC4_128_EXPORT40_WITH_MD5        0x02
-#define SSL_CK_RC2_128_CBC_WITH_MD5             0x03
-#define SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5    0x04
-#define SSL_CK_IDEA_128_CBC_WITH_MD5            0x05
-#define SSL_CK_DES_64_CBC_WITH_MD5              0x06
-#define SSL_CK_DES_192_EDE3_CBC_WITH_MD5        0x07
-
-/* Cipher enables.  These are used only for SSL_EnableCipher
- * These values define the SSL2 suites, and do not colide with the
- * SSL3 Cipher suites defined below.
- */
-#define SSL_EN_RC4_128_WITH_MD5                 0xFF01
-#define SSL_EN_RC4_128_EXPORT40_WITH_MD5        0xFF02
-#define SSL_EN_RC2_128_CBC_WITH_MD5             0xFF03
-#define SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5    0xFF04
-#define SSL_EN_IDEA_128_CBC_WITH_MD5            0xFF05
-#define SSL_EN_DES_64_CBC_WITH_MD5              0xFF06
-#define SSL_EN_DES_192_EDE3_CBC_WITH_MD5        0xFF07
-
-/* Deprecated SSL 3.0 & libssl names replaced by IANA-registered TLS names. */
-#ifndef SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES
-#define SSL_NULL_WITH_NULL_NULL                TLS_NULL_WITH_NULL_NULL
-#define SSL_RSA_WITH_NULL_MD5                  TLS_RSA_WITH_NULL_MD5
-#define SSL_RSA_WITH_NULL_SHA                  TLS_RSA_WITH_NULL_SHA
-#define SSL_RSA_EXPORT_WITH_RC4_40_MD5         TLS_RSA_EXPORT_WITH_RC4_40_MD5
-#define SSL_RSA_WITH_RC4_128_MD5               TLS_RSA_WITH_RC4_128_MD5
-#define SSL_RSA_WITH_RC4_128_SHA               TLS_RSA_WITH_RC4_128_SHA
-#define SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5     TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
-#define SSL_RSA_WITH_IDEA_CBC_SHA              TLS_RSA_WITH_IDEA_CBC_SHA
-#define SSL_RSA_EXPORT_WITH_DES40_CBC_SHA      TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
-#define SSL_RSA_WITH_DES_CBC_SHA               TLS_RSA_WITH_DES_CBC_SHA
-#define SSL_RSA_WITH_3DES_EDE_CBC_SHA          TLS_RSA_WITH_3DES_EDE_CBC_SHA
-#define SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA   TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
-#define SSL_DH_DSS_WITH_DES_CBC_SHA            TLS_DH_DSS_WITH_DES_CBC_SHA
-#define SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA       TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
-#define SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA   TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
-#define SSL_DH_RSA_WITH_DES_CBC_SHA            TLS_DH_RSA_WITH_DES_CBC_SHA
-#define SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA       TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
-#define SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA  TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
-#define SSL_DHE_DSS_WITH_DES_CBC_SHA           TLS_DHE_DSS_WITH_DES_CBC_SHA
-#define SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA      TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
-#define SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA  TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
-#define SSL_DHE_RSA_WITH_DES_CBC_SHA           TLS_DHE_RSA_WITH_DES_CBC_SHA
-#define SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA      TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
-#define SSL_DH_ANON_WITH_RC4_128_MD5           TLS_DH_anon_WITH_RC4_128_MD5
-#define SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA  TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA
-#define SSL_DH_ANON_WITH_DES_CBC_SHA           TLS_DH_anon_WITH_DES_CBC_SHA
-#define SSL_DH_ANON_WITH_3DES_EDE_CBC_SHA      TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
-#define SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5     TLS_DH_anon_EXPORT_WITH_RC4_40_MD5
-#define TLS_DH_ANON_WITH_AES_128_CBC_SHA       TLS_DH_anon_WITH_AES_128_CBC_SHA
-#define TLS_DH_ANON_WITH_AES_256_CBC_SHA       TLS_DH_anon_WITH_AES_256_CBC_SHA
-#define TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA  TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA
-#define TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA  TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA
-#endif
-
-#define TLS_NULL_WITH_NULL_NULL                 0x0000
-
-#define TLS_RSA_WITH_NULL_MD5                   0x0001
-#define TLS_RSA_WITH_NULL_SHA                   0x0002
-#define TLS_RSA_EXPORT_WITH_RC4_40_MD5          0x0003
-#define TLS_RSA_WITH_RC4_128_MD5                0x0004
-#define TLS_RSA_WITH_RC4_128_SHA                0x0005
-#define TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5      0x0006
-#define TLS_RSA_WITH_IDEA_CBC_SHA               0x0007
-#define TLS_RSA_EXPORT_WITH_DES40_CBC_SHA       0x0008
-#define TLS_RSA_WITH_DES_CBC_SHA                0x0009
-#define TLS_RSA_WITH_3DES_EDE_CBC_SHA           0x000a
-
-#define TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA    0x000b
-#define TLS_DH_DSS_WITH_DES_CBC_SHA             0x000c
-#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA        0x000d
-#define TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA    0x000e
-#define TLS_DH_RSA_WITH_DES_CBC_SHA             0x000f
-#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA        0x0010
-
-#define TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA   0x0011
-#define TLS_DHE_DSS_WITH_DES_CBC_SHA            0x0012
-#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA       0x0013
-#define TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA   0x0014
-#define TLS_DHE_RSA_WITH_DES_CBC_SHA            0x0015
-#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA       0x0016
-
-#define TLS_DH_anon_EXPORT_WITH_RC4_40_MD5      0x0017
-#define TLS_DH_anon_WITH_RC4_128_MD5            0x0018
-#define TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA   0x0019
-#define TLS_DH_anon_WITH_DES_CBC_SHA            0x001a
-#define TLS_DH_anon_WITH_3DES_EDE_CBC_SHA       0x001b
-
-#define SSL_FORTEZZA_DMS_WITH_NULL_SHA          0x001c /* deprecated */
-#define SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA  0x001d /* deprecated */
-#define SSL_FORTEZZA_DMS_WITH_RC4_128_SHA       0x001e /* deprecated */
-
-#define TLS_RSA_WITH_AES_128_CBC_SHA            0x002F
-#define TLS_DH_DSS_WITH_AES_128_CBC_SHA         0x0030
-#define TLS_DH_RSA_WITH_AES_128_CBC_SHA         0x0031
-#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA        0x0032
-#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA        0x0033
-#define TLS_DH_anon_WITH_AES_128_CBC_SHA        0x0034
-
-#define TLS_RSA_WITH_AES_256_CBC_SHA            0x0035
-#define TLS_DH_DSS_WITH_AES_256_CBC_SHA         0x0036
-#define TLS_DH_RSA_WITH_AES_256_CBC_SHA         0x0037
-#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA        0x0038
-#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA        0x0039
-#define TLS_DH_anon_WITH_AES_256_CBC_SHA        0x003A
-#define TLS_RSA_WITH_NULL_SHA256                0x003B
-#define TLS_RSA_WITH_AES_128_CBC_SHA256         0x003C
-#define TLS_RSA_WITH_AES_256_CBC_SHA256         0x003D
-
-#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA256     0x0040
-#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA       0x0041
-#define TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA    0x0042
-#define TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA    0x0043
-#define TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA   0x0044
-#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA   0x0045
-#define TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA   0x0046
-
-#define TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA     0x0062
-#define TLS_RSA_EXPORT1024_WITH_RC4_56_SHA      0x0064
-
-#define TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x0063
-#define TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA  0x0065
-#define TLS_DHE_DSS_WITH_RC4_128_SHA            0x0066
-#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256     0x0067
-#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA256     0x006A
-#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256     0x006B
-
-#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA       0x0084
-#define TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA    0x0085
-#define TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA    0x0086
-#define TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA   0x0087
-#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA   0x0088
-#define TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA   0x0089
-
-#define TLS_RSA_WITH_SEED_CBC_SHA               0x0096
-
-#define TLS_RSA_WITH_AES_128_GCM_SHA256         0x009C
-#define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256     0x009E
-#define TLS_DHE_DSS_WITH_AES_128_GCM_SHA256     0x00A2
-
-/* TLS "Signaling Cipher Suite Value" (SCSV). May be requested by client.
- * Must NEVER be chosen by server.  SSL 3.0 server acknowledges by sending
- * back an empty Renegotiation Info (RI) server hello extension.
- */
-#define TLS_EMPTY_RENEGOTIATION_INFO_SCSV       0x00FF
-
-/* TLS_FALLBACK_SCSV is a signaling cipher suite value that indicates that a
- * handshake is the result of TLS version fallback.
- */
-#define TLS_FALLBACK_SCSV                       0x5600
-
-/* Cipher Suite Values starting with 0xC000 are defined in informational
- * RFCs.
- */
-#define TLS_ECDH_ECDSA_WITH_NULL_SHA            0xC001
-#define TLS_ECDH_ECDSA_WITH_RC4_128_SHA         0xC002
-#define TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA    0xC003
-#define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA     0xC004
-#define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA     0xC005
-
-#define TLS_ECDHE_ECDSA_WITH_NULL_SHA           0xC006
-#define TLS_ECDHE_ECDSA_WITH_RC4_128_SHA        0xC007
-#define TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA   0xC008
-#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA    0xC009
-#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA    0xC00A
-
-#define TLS_ECDH_RSA_WITH_NULL_SHA              0xC00B
-#define TLS_ECDH_RSA_WITH_RC4_128_SHA           0xC00C
-#define TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA      0xC00D
-#define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA       0xC00E
-#define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA       0xC00F
-
-#define TLS_ECDHE_RSA_WITH_NULL_SHA             0xC010
-#define TLS_ECDHE_RSA_WITH_RC4_128_SHA          0xC011
-#define TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA     0xC012
-#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA      0xC013
-#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA      0xC014
-
-#define TLS_ECDH_anon_WITH_NULL_SHA             0xC015
-#define TLS_ECDH_anon_WITH_RC4_128_SHA          0xC016
-#define TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA     0xC017
-#define TLS_ECDH_anon_WITH_AES_128_CBC_SHA      0xC018
-#define TLS_ECDH_anon_WITH_AES_256_CBC_SHA      0xC019
-
-#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023
-#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256   0xC027
-
-#define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B
-#define TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256  0xC02D
-#define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   0xC02F
-#define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256    0xC031
-
-#define TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256   0xCCA8
-#define TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA9
-#define TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256     0xCCAA
-
-/* Netscape "experimental" cipher suites. */
-#define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA   0xffe0
-#define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA        0xffe1
-
-/* New non-experimental openly spec'ed versions of those cipher suites. */
-#define SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA      0xfeff
-#define SSL_RSA_FIPS_WITH_DES_CBC_SHA           0xfefe
-
-/* DTLS-SRTP cipher suites from RFC 5764 */
-/* If you modify this, also modify MAX_DTLS_SRTP_CIPHER_SUITES in sslimpl.h */
-#define SRTP_AES128_CM_HMAC_SHA1_80             0x0001
-#define SRTP_AES128_CM_HMAC_SHA1_32             0x0002
-#define SRTP_NULL_HMAC_SHA1_80                  0x0005
-#define SRTP_NULL_HMAC_SHA1_32                  0x0006
-
-/* clang-format on */
-
-#endif /* __sslproto_h_ */
diff --git a/chromium/net/third_party/nss/ssl/sslreveal.c b/chromium/net/third_party/nss/ssl/sslreveal.c
deleted file mode 100644
index 4c124a1dc0c..00000000000
--- a/chromium/net/third_party/nss/ssl/sslreveal.c
+++ /dev/null
@@ -1,110 +0,0 @@
-/*
- * Accessor functions for SSLSocket private members.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "cert.h"
-#include "ssl.h"
-#include "certt.h"
-#include "sslimpl.h"
-
-/* given PRFileDesc, returns a copy of certificate associated with the socket
- * the caller should delete the cert when done with SSL_DestroyCertificate
- */
-CERTCertificate *
-SSL_RevealCert(PRFileDesc *fd)
-{
-    CERTCertificate *cert = NULL;
-    sslSocket *sslsocket = NULL;
-
-    sslsocket = ssl_FindSocket(fd);
-
-    /* CERT_DupCertificate increases reference count and returns pointer to
-     * the same cert
-     */
-    if (sslsocket && sslsocket->sec.peerCert)
-        cert = CERT_DupCertificate(sslsocket->sec.peerCert);
-
-    return cert;
-}
-
-/* given PRFileDesc, returns a pointer to PinArg associated with the socket
- */
-void *
-SSL_RevealPinArg(PRFileDesc *fd)
-{
-    sslSocket *sslsocket = NULL;
-    void *PinArg = NULL;
-
-    sslsocket = ssl_FindSocket(fd);
-
-    /* is pkcs11PinArg part of the sslSocket or sslSecurityInfo ? */
-    if (sslsocket)
-        PinArg = sslsocket->pkcs11PinArg;
-
-    return PinArg;
-}
-
-/* given PRFileDesc, returns a pointer to the URL associated with the socket
- * the caller should free url when done
- */
-char *
-SSL_RevealURL(PRFileDesc *fd)
-{
-    sslSocket *sslsocket = NULL;
-    char *url = NULL;
-
-    sslsocket = ssl_FindSocket(fd);
-
-    if (sslsocket && sslsocket->url)
-        url = PL_strdup(sslsocket->url);
-
-    return url;
-}
-
-/* given PRFileDesc, returns status information related to extensions
- * negotiated with peer during the handshake.
- */
-
-SECStatus
-SSL_HandshakeNegotiatedExtension(PRFileDesc *socket,
-                                 SSLExtensionType extId,
-                                 PRBool *pYes)
-{
-    /* some decisions derived from SSL_GetChannelInfo */
-    sslSocket *sslsocket = NULL;
-
-    if (!pYes) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-
-    sslsocket = ssl_FindSocket(socket);
-    if (!sslsocket) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in HandshakeNegotiatedExtension",
-                 SSL_GETPID(), socket));
-        return SECFailure;
-    }
-
-    *pYes = PR_FALSE;
-
-    /* according to public API SSL_GetChannelInfo, this doesn't need a lock */
-    if (sslsocket->opt.useSecurity) {
-        if (sslsocket->ssl3.initialized) { /* SSL3 and TLS */
-            /* now we know this socket went through ssl3_InitState() and
-             * ss->xtnData got initialized, which is the only member accessed by
-             * ssl3_ExtensionNegotiated();
-             * Member xtnData appears to get accessed in functions that handle
-             * the handshake (hello messages and extension sending),
-             * therefore the handshake lock should be sufficient.
-             */
-            ssl_GetSSL3HandshakeLock(sslsocket);
-            *pYes = ssl3_ExtensionNegotiated(sslsocket, extId);
-            ssl_ReleaseSSL3HandshakeLock(sslsocket);
-        }
-    }
-
-    return SECSuccess;
-}
diff --git a/chromium/net/third_party/nss/ssl/sslsecur.c b/chromium/net/third_party/nss/ssl/sslsecur.c
deleted file mode 100644
index 129f1f354bc..00000000000
--- a/chromium/net/third_party/nss/ssl/sslsecur.c
+++ /dev/null
@@ -1,1739 +0,0 @@
-/*
- * Various SSL functions.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-#include "cert.h"
-#include "secitem.h"
-#include "keyhi.h"
-#include "ssl.h"
-#include "sslimpl.h"
-#include "sslproto.h"
-#include "secoid.h"   /* for SECOID_GetALgorithmTag */
-#include "pk11func.h" /* for PK11_GenerateRandom */
-#include "nss.h"      /* for NSS_RegisterShutdown */
-#include "prinit.h"   /* for PR_CallOnceWithArg */
-
-#define MAX_BLOCK_CYPHER_SIZE 32
-
-#define TEST_FOR_FAILURE /* reminder */
-#define SET_ERROR_CODE   /* reminder */
-
-/* Returns a SECStatus: SECSuccess or SECFailure, NOT SECWouldBlock.
- *
- * Currently, the list of functions called through ss->handshake is:
- *
- * In sslsocks.c:
- *  SocksGatherRecord
- *  SocksHandleReply
- *  SocksStartGather
- *
- * In sslcon.c:
- *  ssl_GatherRecord1stHandshake
- *  ssl2_HandleClientSessionKeyMessage
- *  ssl2_HandleMessage
- *  ssl2_HandleVerifyMessage
- *  ssl2_BeginClientHandshake
- *  ssl2_BeginServerHandshake
- *  ssl2_HandleClientHelloMessage
- *  ssl2_HandleServerHelloMessage
- *
- * The ss->handshake function returns SECWouldBlock under these conditions:
- * 1.   ssl_GatherRecord1stHandshake called ssl2_GatherData which read in
- *  the beginning of an SSL v3 hello message and returned SECWouldBlock
- *  to switch to SSL v3 handshake processing.
- *
- * 2.   ssl2_HandleClientHelloMessage discovered version 3.0 in the incoming
- *  v2 client hello msg, and called ssl3_HandleV2ClientHello which
- *  returned SECWouldBlock.
- *
- * 3.   SECWouldBlock was returned by one of the callback functions, via
- *  one of these paths:
- * -    ssl2_HandleMessage() -> ssl2_HandleRequestCertificate() ->
- *  ss->getClientAuthData()
- *
- * -    ssl2_HandleServerHelloMessage() -> ss->handleBadCert()
- *
- * -    ssl_GatherRecord1stHandshake() -> ssl3_GatherCompleteHandshake() ->
- *  ssl3_HandleRecord() -> ssl3_HandleHandshake() ->
- *  ssl3_HandleHandshakeMessage() -> ssl3_HandleCertificate() ->
- *  ss->handleBadCert()
- *
- * -    ssl_GatherRecord1stHandshake() -> ssl3_GatherCompleteHandshake() ->
- *  ssl3_HandleRecord() -> ssl3_HandleHandshake() ->
- *  ssl3_HandleHandshakeMessage() -> ssl3_HandleCertificateRequest() ->
- *  ss->getClientAuthData()
- *
- * Called from: SSL_ForceHandshake  (below),
- *              ssl_SecureRecv      (below) and
- *              ssl_SecureSend      (below)
- *    from: WaitForResponse     in sslsocks.c
- *          ssl_SocksRecv       in sslsocks.c
- *              ssl_SocksSend       in sslsocks.c
- *
- * Caller must hold the (write) handshakeLock.
- */
-int
-ssl_Do1stHandshake(sslSocket *ss)
-{
-    int rv = SECSuccess;
-    int loopCount = 0;
-
-    do {
-        PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss));
-        PORT_Assert(ss->opt.noLocks || !ssl_HaveRecvBufLock(ss));
-        PORT_Assert(ss->opt.noLocks || !ssl_HaveXmitBufLock(ss));
-        PORT_Assert(ss->opt.noLocks || !ssl_HaveSSL3HandshakeLock(ss));
-
-        if (ss->handshake == 0) {
-            /* Previous handshake finished. Switch to next one */
-            ss->handshake = ss->nextHandshake;
-            ss->nextHandshake = 0;
-        }
-        if (ss->handshake == 0) {
-            /* Previous handshake finished. Switch to security handshake */
-            ss->handshake = ss->securityHandshake;
-            ss->securityHandshake = 0;
-        }
-        if (ss->handshake == 0) {
-            /* for v3 this is done in ssl3_FinishHandshake */
-            if (!ss->firstHsDone && ss->version < SSL_LIBRARY_VERSION_3_0) {
-                ssl_GetRecvBufLock(ss);
-                ss->gs.recordLen = 0;
-                ssl_FinishHandshake(ss);
-                ssl_ReleaseRecvBufLock(ss);
-            }
-            break;
-        }
-        rv = (*ss->handshake)(ss);
-        ++loopCount;
-        /* This code must continue to loop on SECWouldBlock,
-         * or any positive value.   See XXX_1 comments.
-         */
-    } while (rv != SECFailure); /* was (rv >= 0); XXX_1 */
-
-    PORT_Assert(ss->opt.noLocks || !ssl_HaveRecvBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || !ssl_HaveXmitBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || !ssl_HaveSSL3HandshakeLock(ss));
-
-    if (rv == SECWouldBlock) {
-        PORT_SetError(PR_WOULD_BLOCK_ERROR);
-        rv = SECFailure;
-    }
-    return rv;
-}
-
-void
-ssl_FinishHandshake(sslSocket *ss)
-{
-    PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-
-    SSL_TRC(3, ("%d: SSL[%d]: handshake is completed", SSL_GETPID(), ss->fd));
-
-    ss->firstHsDone = PR_TRUE;
-    ss->enoughFirstHsDone = PR_TRUE;
-    ss->gs.writeOffset = 0;
-    ss->gs.readOffset = 0;
-
-    if (ss->handshakeCallback) {
-        PORT_Assert(ss->version < SSL_LIBRARY_VERSION_3_0 ||
-                    (ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) ==
-                        ssl_preinfo_all);
-        (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData);
-    }
-}
-
-/*
- * Handshake function that blocks.  Used to force a
- * retry on a connection on the next read/write.
- */
-static SECStatus
-ssl3_AlwaysBlock(sslSocket *ss)
-{
-    PORT_SetError(PR_WOULD_BLOCK_ERROR); /* perhaps redundant. */
-    return SECWouldBlock;
-}
-
-/*
- * set the initial handshake state machine to block
- */
-void
-ssl3_SetAlwaysBlock(sslSocket *ss)
-{
-    if (!ss->firstHsDone) {
-        ss->handshake = ssl3_AlwaysBlock;
-        ss->nextHandshake = 0;
-    }
-}
-
-static SECStatus
-ssl_SetTimeout(PRFileDesc *fd, PRIntervalTime timeout)
-{
-    sslSocket *ss;
-
-    ss = ssl_FindSocket(fd);
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in SetTimeout", SSL_GETPID(), fd));
-        return SECFailure;
-    }
-    SSL_LOCK_READER(ss);
-    ss->rTimeout = timeout;
-    if (ss->opt.fdx) {
-        SSL_LOCK_WRITER(ss);
-    }
-    ss->wTimeout = timeout;
-    if (ss->opt.fdx) {
-        SSL_UNLOCK_WRITER(ss);
-    }
-    SSL_UNLOCK_READER(ss);
-    return SECSuccess;
-}
-
-/* Acquires and releases HandshakeLock.
-*/
-SECStatus
-SSL_ResetHandshake(PRFileDesc *s, PRBool asServer)
-{
-    sslSocket *ss;
-    SECStatus status;
-    PRNetAddr addr;
-
-    ss = ssl_FindSocket(s);
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in ResetHandshake", SSL_GETPID(), s));
-        return SECFailure;
-    }
-
-    /* Don't waste my time */
-    if (!ss->opt.useSecurity)
-        return SECSuccess;
-
-    SSL_LOCK_READER(ss);
-    SSL_LOCK_WRITER(ss);
-
-    /* Reset handshake state */
-    ssl_Get1stHandshakeLock(ss);
-
-    ss->firstHsDone = PR_FALSE;
-    ss->enoughFirstHsDone = PR_FALSE;
-    if (asServer) {
-        ss->handshake = ssl2_BeginServerHandshake;
-        ss->handshaking = sslHandshakingAsServer;
-    } else {
-        ss->handshake = ssl2_BeginClientHandshake;
-        ss->handshaking = sslHandshakingAsClient;
-    }
-    ss->nextHandshake = 0;
-    ss->securityHandshake = 0;
-
-    ssl_GetRecvBufLock(ss);
-    status = ssl_InitGather(&ss->gs);
-    ssl_ReleaseRecvBufLock(ss);
-
-    ssl_GetSSL3HandshakeLock(ss);
-    ss->ssl3.hs.canFalseStart = PR_FALSE;
-    ss->ssl3.hs.restartTarget = NULL;
-
-    /*
-    ** Blow away old security state and get a fresh setup.
-    */
-    ssl_GetXmitBufLock(ss);
-    ssl_ResetSecurityInfo(&ss->sec, PR_TRUE);
-    status = ssl_CreateSecurityInfo(ss);
-    ssl_ReleaseXmitBufLock(ss);
-
-    ssl_ReleaseSSL3HandshakeLock(ss);
-    ssl_Release1stHandshakeLock(ss);
-
-    if (!ss->TCPconnected)
-        ss->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ss, &addr));
-
-    SSL_UNLOCK_WRITER(ss);
-    SSL_UNLOCK_READER(ss);
-
-    return status;
-}
-
-/* For SSLv2, does nothing but return an error.
-** For SSLv3, flushes SID cache entry (if requested),
-** and then starts new client hello or hello request.
-** Acquires and releases HandshakeLock.
-*/
-SECStatus
-SSL_ReHandshake(PRFileDesc *fd, PRBool flushCache)
-{
-    sslSocket *ss;
-    SECStatus rv;
-
-    ss = ssl_FindSocket(fd);
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in RedoHandshake", SSL_GETPID(), fd));
-        return SECFailure;
-    }
-
-    if (!ss->opt.useSecurity)
-        return SECSuccess;
-
-    ssl_Get1stHandshakeLock(ss);
-
-    /* SSL v2 protocol does not support subsequent handshakes. */
-    if (ss->version < SSL_LIBRARY_VERSION_3_0) {
-        PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2);
-        rv = SECFailure;
-    } else {
-        ssl_GetSSL3HandshakeLock(ss);
-        rv = ssl3_RedoHandshake(ss, flushCache); /* force full handshake. */
-        ssl_ReleaseSSL3HandshakeLock(ss);
-    }
-
-    ssl_Release1stHandshakeLock(ss);
-
-    return rv;
-}
-
-/*
-** Same as above, but with an I/O timeout.
- */
-SSL_IMPORT SECStatus
-SSL_ReHandshakeWithTimeout(PRFileDesc *fd,
-                           PRBool flushCache,
-                           PRIntervalTime timeout)
-{
-    if (SECSuccess != ssl_SetTimeout(fd, timeout)) {
-        return SECFailure;
-    }
-    return SSL_ReHandshake(fd, flushCache);
-}
-
-SECStatus
-SSL_RedoHandshake(PRFileDesc *fd)
-{
-    return SSL_ReHandshake(fd, PR_TRUE);
-}
-
-/* Register an application callback to be called when SSL handshake completes.
-** Acquires and releases HandshakeLock.
-*/
-SECStatus
-SSL_HandshakeCallback(PRFileDesc *fd, SSLHandshakeCallback cb,
-                      void *client_data)
-{
-    sslSocket *ss;
-
-    ss = ssl_FindSocket(fd);
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in HandshakeCallback",
-                 SSL_GETPID(), fd));
-        return SECFailure;
-    }
-
-    if (!ss->opt.useSecurity) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-
-    ssl_Get1stHandshakeLock(ss);
-    ssl_GetSSL3HandshakeLock(ss);
-
-    ss->handshakeCallback = cb;
-    ss->handshakeCallbackData = client_data;
-
-    ssl_ReleaseSSL3HandshakeLock(ss);
-    ssl_Release1stHandshakeLock(ss);
-
-    return SECSuccess;
-}
-
-/* Register an application callback to be called when false start may happen.
-** Acquires and releases HandshakeLock.
-*/
-SECStatus
-SSL_SetCanFalseStartCallback(PRFileDesc *fd, SSLCanFalseStartCallback cb,
-                             void *arg)
-{
-    sslSocket *ss;
-
-    ss = ssl_FindSocket(fd);
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetCanFalseStartCallback",
-                 SSL_GETPID(), fd));
-        return SECFailure;
-    }
-
-    if (!ss->opt.useSecurity) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-
-    ssl_Get1stHandshakeLock(ss);
-    ssl_GetSSL3HandshakeLock(ss);
-
-    ss->canFalseStartCallback = cb;
-    ss->canFalseStartCallbackData = arg;
-
-    ssl_ReleaseSSL3HandshakeLock(ss);
-    ssl_Release1stHandshakeLock(ss);
-
-    return SECSuccess;
-}
-
-SECStatus
-SSL_RecommendedCanFalseStart(PRFileDesc *fd, PRBool *canFalseStart)
-{
-    sslSocket *ss;
-
-    *canFalseStart = PR_FALSE;
-    ss = ssl_FindSocket(fd);
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_RecommendedCanFalseStart",
-                 SSL_GETPID(), fd));
-        return SECFailure;
-    }
-
-    if (!ss->ssl3.initialized) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-
-    if (ss->version < SSL_LIBRARY_VERSION_3_0) {
-        PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2);
-        return SECFailure;
-    }
-
-    /* Require a forward-secret key exchange. */
-    *canFalseStart = ss->ssl3.hs.kea_def->kea == kea_dhe_dss ||
-                     ss->ssl3.hs.kea_def->kea == kea_dhe_rsa ||
-                     ss->ssl3.hs.kea_def->kea == kea_ecdhe_ecdsa ||
-                     ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa;
-
-    return SECSuccess;
-}
-
-/* Try to make progress on an SSL handshake by attempting to read the
-** next handshake from the peer, and sending any responses.
-** For non-blocking sockets, returns PR_ERROR_WOULD_BLOCK  if it cannot
-** read the next handshake from the underlying socket.
-** For SSLv2, returns when handshake is complete or fatal error occurs.
-** For SSLv3, returns when handshake is complete, or application data has
-** arrived that must be taken by application before handshake can continue,
-** or a fatal error occurs.
-** Application should use handshake completion callback to tell which.
-*/
-SECStatus
-SSL_ForceHandshake(PRFileDesc *fd)
-{
-    sslSocket *ss;
-    SECStatus rv = SECFailure;
-
-    ss = ssl_FindSocket(fd);
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in ForceHandshake",
-                 SSL_GETPID(), fd));
-        return rv;
-    }
-
-    /* Don't waste my time */
-    if (!ss->opt.useSecurity)
-        return SECSuccess;
-
-    if (!ssl_SocketIsBlocking(ss)) {
-        ssl_GetXmitBufLock(ss);
-        if (ss->pendingBuf.len != 0) {
-            int sent = ssl_SendSavedWriteData(ss);
-            if ((sent < 0) && (PORT_GetError() != PR_WOULD_BLOCK_ERROR)) {
-                ssl_ReleaseXmitBufLock(ss);
-                return SECFailure;
-            }
-        }
-        ssl_ReleaseXmitBufLock(ss);
-    }
-
-    ssl_Get1stHandshakeLock(ss);
-
-    if (ss->version >= SSL_LIBRARY_VERSION_3_0) {
-        int gatherResult;
-
-        ssl_GetRecvBufLock(ss);
-        gatherResult = ssl3_GatherCompleteHandshake(ss, 0);
-        ssl_ReleaseRecvBufLock(ss);
-        if (gatherResult > 0) {
-            rv = SECSuccess;
-        } else if (gatherResult == 0) {
-            PORT_SetError(PR_END_OF_FILE_ERROR);
-        } else if (gatherResult == SECWouldBlock) {
-            PORT_SetError(PR_WOULD_BLOCK_ERROR);
-        }
-    } else if (!ss->firstHsDone) {
-        rv = ssl_Do1stHandshake(ss);
-    } else {
-        /* tried to force handshake on an SSL 2 socket that has
-        ** already completed the handshake. */
-        rv = SECSuccess; /* just pretend we did it. */
-    }
-
-    ssl_Release1stHandshakeLock(ss);
-
-    return rv;
-}
-
-/*
- ** Same as above, but with an I/O timeout.
- */
-SSL_IMPORT SECStatus
-SSL_ForceHandshakeWithTimeout(PRFileDesc *fd,
-                              PRIntervalTime timeout)
-{
-    if (SECSuccess != ssl_SetTimeout(fd, timeout)) {
-        return SECFailure;
-    }
-    return SSL_ForceHandshake(fd);
-}
-
-/************************************************************************/
-
-/*
-** Grow a buffer to hold newLen bytes of data.
-** Called for both recv buffers and xmit buffers.
-** Caller must hold xmitBufLock or recvBufLock, as appropriate.
-*/
-SECStatus
-sslBuffer_Grow(sslBuffer *b, unsigned int newLen)
-{
-    newLen = PR_MAX(newLen, MAX_FRAGMENT_LENGTH + 2048);
-    if (newLen > b->space) {
-        unsigned char *newBuf;
-        if (b->buf) {
-            newBuf = (unsigned char *)PORT_Realloc(b->buf, newLen);
-        } else {
-            newBuf = (unsigned char *)PORT_Alloc(newLen);
-        }
-        if (!newBuf) {
-            return SECFailure;
-        }
-        SSL_TRC(10, ("%d: SSL: grow buffer from %d to %d",
-                     SSL_GETPID(), b->space, newLen));
-        b->buf = newBuf;
-        b->space = newLen;
-    }
-    return SECSuccess;
-}
-
-SECStatus
-sslBuffer_Append(sslBuffer *b, const void *data, unsigned int len)
-{
-    unsigned int newLen = b->len + len;
-    SECStatus rv;
-
-    rv = sslBuffer_Grow(b, newLen);
-    if (rv != SECSuccess)
-        return rv;
-    PORT_Memcpy(b->buf + b->len, data, len);
-    b->len += len;
-    return SECSuccess;
-}
-
-/*
-** Save away write data that is trying to be written before the security
-** handshake has been completed. When the handshake is completed, we will
-** flush this data out.
-** Caller must hold xmitBufLock
-*/
-SECStatus
-ssl_SaveWriteData(sslSocket *ss, const void *data, unsigned int len)
-{
-    SECStatus rv;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
-    rv = sslBuffer_Append(&ss->pendingBuf, data, len);
-    SSL_TRC(5, ("%d: SSL[%d]: saving %u bytes of data (%u total saved so far)",
-                SSL_GETPID(), ss->fd, len, ss->pendingBuf.len));
-    return rv;
-}
-
-/*
-** Send saved write data. This will flush out data sent prior to a
-** complete security handshake. Hopefully there won't be too much of it.
-** Returns count of the bytes sent, NOT a SECStatus.
-** Caller must hold xmitBufLock
-*/
-int
-ssl_SendSavedWriteData(sslSocket *ss)
-{
-    int rv = 0;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
-    if (ss->pendingBuf.len != 0) {
-        SSL_TRC(5, ("%d: SSL[%d]: sending %d bytes of saved data",
-                    SSL_GETPID(), ss->fd, ss->pendingBuf.len));
-        rv = ssl_DefSend(ss, ss->pendingBuf.buf, ss->pendingBuf.len, 0);
-        if (rv < 0) {
-            return rv;
-        }
-        ss->pendingBuf.len -= rv;
-        if (ss->pendingBuf.len > 0 && rv > 0) {
-            /* UGH !! This shifts the whole buffer down by copying it */
-            PORT_Memmove(ss->pendingBuf.buf, ss->pendingBuf.buf + rv,
-                         ss->pendingBuf.len);
-        }
-    }
-    return rv;
-}
-
-/************************************************************************/
-
-/*
-** Receive some application data on a socket.  Reads SSL records from the input
-** stream, decrypts them and then copies them to the output buffer.
-** Called from ssl_SecureRecv() below.
-**
-** Caller does NOT hold 1stHandshakeLock because that handshake is over.
-** Caller doesn't call this until initial handshake is complete.
-** For SSLv2, there is no subsequent handshake.
-** For SSLv3, the call to ssl3_GatherAppDataRecord may encounter handshake
-** messages from a subsequent handshake.
-**
-** This code is similar to, and easily confused with,
-**   ssl_GatherRecord1stHandshake() in sslcon.c
-*/
-static int
-DoRecv(sslSocket *ss, unsigned char *out, int len, int flags)
-{
-    int rv;
-    int amount;
-    int available;
-
-    /* ssl3_GatherAppDataRecord may call ssl_FinishHandshake, which needs the
-     * 1stHandshakeLock. */
-    ssl_Get1stHandshakeLock(ss);
-    ssl_GetRecvBufLock(ss);
-
-    available = ss->gs.writeOffset - ss->gs.readOffset;
-    if (available == 0) {
-        /* Get some more data */
-        if (ss->version >= SSL_LIBRARY_VERSION_3_0) {
-            /* Wait for application data to arrive.  */
-            rv = ssl3_GatherAppDataRecord(ss, 0);
-        } else {
-            /* See if we have a complete record */
-            rv = ssl2_GatherRecord(ss, 0);
-        }
-        if (rv <= 0) {
-            if (rv == 0) {
-                /* EOF */
-                SSL_TRC(10, ("%d: SSL[%d]: ssl_recv EOF",
-                             SSL_GETPID(), ss->fd));
-                goto done;
-            }
-            if ((rv != SECWouldBlock) &&
-                (PR_GetError() != PR_WOULD_BLOCK_ERROR)) {
-                /* Some random error */
-                goto done;
-            }
-
-            /*
-            ** Gather record is blocked waiting for more record data to
-            ** arrive. Try to process what we have already received
-            */
-        } else {
-            /* Gather record has finished getting a complete record */
-        }
-
-        /* See if any clear data is now available */
-        available = ss->gs.writeOffset - ss->gs.readOffset;
-        if (available == 0) {
-            /*
-            ** No partial data is available. Force error code to
-            ** EWOULDBLOCK so that caller will try again later. Note
-            ** that the error code is probably EWOULDBLOCK already,
-            ** but if it isn't (for example, if we received a zero
-            ** length record) then this will force it to be correct.
-            */
-            PORT_SetError(PR_WOULD_BLOCK_ERROR);
-            rv = SECFailure;
-            goto done;
-        }
-        SSL_TRC(30, ("%d: SSL[%d]: partial data ready, available=%d",
-                     SSL_GETPID(), ss->fd, available));
-    }
-
-    if (IS_DTLS(ss) && (len < available)) {
-        /* DTLS does not allow you to do partial reads */
-        SSL_TRC(30, ("%d: SSL[%d]: DTLS short read. len=%d available=%d",
-                     SSL_GETPID(), ss->fd, len, available));
-        ss->gs.readOffset += available;
-        PORT_SetError(SSL_ERROR_RX_SHORT_DTLS_READ);
-        rv = SECFailure;
-        goto done;
-    }
-
-    /* Dole out clear data to reader */
-    amount = PR_MIN(len, available);
-    PORT_Memcpy(out, ss->gs.buf.buf + ss->gs.readOffset, amount);
-    if (!(flags & PR_MSG_PEEK)) {
-        ss->gs.readOffset += amount;
-    }
-    PORT_Assert(ss->gs.readOffset <= ss->gs.writeOffset);
-    rv = amount;
-
-    SSL_TRC(30, ("%d: SSL[%d]: amount=%d available=%d",
-                 SSL_GETPID(), ss->fd, amount, available));
-    PRINT_BUF(4, (ss, "DoRecv receiving plaintext:", out, amount));
-
-done:
-    ssl_ReleaseRecvBufLock(ss);
-    ssl_Release1stHandshakeLock(ss);
-    return rv;
-}
-
-/************************************************************************/
-
-/*
-** Return SSLKEAType derived from cert's Public Key algorithm info.
-*/
-SSLKEAType
-NSS_FindCertKEAType(CERTCertificate *cert)
-{
-    SSLKEAType keaType = kt_null;
-    int tag;
-
-    if (!cert)
-        goto loser;
-
-    tag = SECOID_GetAlgorithmTag(&(cert->subjectPublicKeyInfo.algorithm));
-
-    switch (tag) {
-        case SEC_OID_X500_RSA_ENCRYPTION:
-        case SEC_OID_PKCS1_RSA_ENCRYPTION:
-            keaType = kt_rsa;
-            break;
-        case SEC_OID_ANSIX9_DSA_SIGNATURE: /* hah, signature, not a key? */
-        case SEC_OID_X942_DIFFIE_HELMAN_KEY:
-            keaType = kt_dh;
-            break;
-#ifndef NSS_DISABLE_ECC
-        case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
-            keaType = kt_ecdh;
-            break;
-#endif /* NSS_DISABLE_ECC */
-        default:
-            keaType = kt_null;
-    }
-
-loser:
-
-    return keaType;
-}
-
-static const PRCallOnceType pristineCallOnce;
-static PRCallOnceType setupServerCAListOnce;
-
-static SECStatus
-serverCAListShutdown(void *appData, void *nssData)
-{
-    PORT_Assert(ssl3_server_ca_list);
-    if (ssl3_server_ca_list) {
-        CERT_FreeDistNames(ssl3_server_ca_list);
-        ssl3_server_ca_list = NULL;
-    }
-    setupServerCAListOnce = pristineCallOnce;
-    return SECSuccess;
-}
-
-static PRStatus
-serverCAListSetup(void *arg)
-{
-    CERTCertDBHandle *dbHandle = (CERTCertDBHandle *)arg;
-    SECStatus rv = NSS_RegisterShutdown(serverCAListShutdown, NULL);
-    PORT_Assert(SECSuccess == rv);
-    if (SECSuccess == rv) {
-        ssl3_server_ca_list = CERT_GetSSLCACerts(dbHandle);
-        return PR_SUCCESS;
-    }
-    return PR_FAILURE;
-}
-
-SECStatus
-ssl_ConfigSecureServer(sslSocket *ss, CERTCertificate *cert,
-                       const CERTCertificateList *certChain,
-                       ssl3KeyPair *keyPair, SSLKEAType kea)
-{
-    CERTCertificateList *localCertChain = NULL;
-    sslServerCerts *sc = ss->serverCerts + kea;
-
-    /* load the server certificate */
-    if (sc->serverCert != NULL) {
-        CERT_DestroyCertificate(sc->serverCert);
-        sc->serverCert = NULL;
-        sc->serverKeyBits = 0;
-    }
-    /* load the server cert chain */
-    if (sc->serverCertChain != NULL) {
-        CERT_DestroyCertificateList(sc->serverCertChain);
-        sc->serverCertChain = NULL;
-    }
-    if (cert) {
-        sc->serverCert = CERT_DupCertificate(cert);
-        /* get the size of the cert's public key, and remember it */
-        sc->serverKeyBits = SECKEY_PublicKeyStrengthInBits(keyPair->pubKey);
-        if (!certChain) {
-            localCertChain =
-                CERT_CertChainFromCert(sc->serverCert, certUsageSSLServer,
-                                       PR_TRUE);
-            if (!localCertChain)
-                goto loser;
-        }
-        sc->serverCertChain = (certChain) ? CERT_DupCertList(certChain) :
-                                          localCertChain;
-        if (!sc->serverCertChain) {
-            goto loser;
-        }
-        localCertChain = NULL; /* consumed */
-    }
-
-    /* get keyPair */
-    if (sc->serverKeyPair != NULL) {
-        ssl3_FreeKeyPair(sc->serverKeyPair);
-        sc->serverKeyPair = NULL;
-    }
-    if (keyPair) {
-        SECKEY_CacheStaticFlags(keyPair->privKey);
-        sc->serverKeyPair = ssl3_GetKeyPairRef(keyPair);
-    }
-    if (kea == kt_rsa && cert && sc->serverKeyBits > 512 &&
-        !ss->opt.noStepDown && !ss->stepDownKeyPair) {
-        if (ssl3_CreateRSAStepDownKeys(ss) != SECSuccess) {
-            goto loser;
-        }
-    }
-    if (kea == ssl_kea_dh || kea == ssl_kea_rsa) {
-        if (ssl3_SelectDHParams(ss) != SECSuccess) {
-            goto loser;
-        }
-    }
-    return SECSuccess;
-
-loser:
-    if (localCertChain) {
-        CERT_DestroyCertificateList(localCertChain);
-    }
-    if (sc->serverCert != NULL) {
-        CERT_DestroyCertificate(sc->serverCert);
-        sc->serverCert = NULL;
-    }
-    if (sc->serverCertChain != NULL) {
-        CERT_DestroyCertificateList(sc->serverCertChain);
-        sc->serverCertChain = NULL;
-    }
-    if (sc->serverKeyPair != NULL) {
-        ssl3_FreeKeyPair(sc->serverKeyPair);
-        sc->serverKeyPair = NULL;
-    }
-    return SECFailure;
-}
-
-/* XXX need to protect the data that gets changed here.!! */
-
-SECStatus
-SSL_ConfigSecureServer(PRFileDesc *fd, CERTCertificate *cert,
-                       SECKEYPrivateKey *key, SSL3KEAType kea)
-{
-
-    return SSL_ConfigSecureServerWithCertChain(fd, cert, NULL, key, kea);
-}
-
-SECStatus
-SSL_ConfigSecureServerWithCertChain(PRFileDesc *fd, CERTCertificate *cert,
-                                    const CERTCertificateList *certChainOpt,
-                                    SECKEYPrivateKey *key, SSL3KEAType kea)
-{
-    sslSocket *ss;
-    SECKEYPublicKey *pubKey = NULL;
-    ssl3KeyPair *keyPair = NULL;
-    SECStatus rv = SECFailure;
-
-    ss = ssl_FindSocket(fd);
-    if (!ss) {
-        return SECFailure;
-    }
-
-    /* Both key and cert must have a value or be NULL */
-    /* Passing a value of NULL will turn off key exchange algorithms that were
-     * previously turned on */
-    if (!cert != !key) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-
-    /* make sure the key exchange is recognized */
-    if ((kea >= kt_kea_size) || (kea < kt_null)) {
-        PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
-        return SECFailure;
-    }
-
-    if (kea != NSS_FindCertKEAType(cert)) {
-        PORT_SetError(SSL_ERROR_CERT_KEA_MISMATCH);
-        return SECFailure;
-    }
-
-    if (cert) {
-        /* get the size of the cert's public key, and remember it */
-        pubKey = CERT_ExtractPublicKey(cert);
-        if (!pubKey)
-            return SECFailure;
-    }
-
-    if (key) {
-        SECKEYPrivateKey *keyCopy = NULL;
-        CK_MECHANISM_TYPE keyMech = CKM_INVALID_MECHANISM;
-
-        if (key->pkcs11Slot) {
-            PK11SlotInfo *bestSlot;
-            bestSlot = PK11_ReferenceSlot(key->pkcs11Slot);
-            if (bestSlot) {
-                keyCopy = PK11_CopyTokenPrivKeyToSessionPrivKey(bestSlot, key);
-                PK11_FreeSlot(bestSlot);
-            }
-        }
-        if (keyCopy == NULL)
-            keyMech = PK11_MapSignKeyType(key->keyType);
-        if (keyMech != CKM_INVALID_MECHANISM) {
-            PK11SlotInfo *bestSlot;
-            /* XXX Maybe should be bestSlotMultiple? */
-            bestSlot = PK11_GetBestSlot(keyMech, NULL /* wincx */);
-            if (bestSlot) {
-                keyCopy = PK11_CopyTokenPrivKeyToSessionPrivKey(bestSlot, key);
-                PK11_FreeSlot(bestSlot);
-            }
-        }
-        if (keyCopy == NULL)
-            keyCopy = SECKEY_CopyPrivateKey(key);
-        if (keyCopy == NULL)
-            goto loser;
-        keyPair = ssl3_NewKeyPair(keyCopy, pubKey);
-        if (keyPair == NULL) {
-            SECKEY_DestroyPrivateKey(keyCopy);
-            goto loser;
-        }
-        pubKey = NULL; /* adopted by serverKeyPair */
-    }
-    if (ssl_ConfigSecureServer(ss, cert, certChainOpt,
-                               keyPair, kea) == SECFailure) {
-        goto loser;
-    }
-
-    /* Only do this once because it's global. */
-    if (PR_SUCCESS == PR_CallOnceWithArg(&setupServerCAListOnce,
-                                         &serverCAListSetup,
-                                         (void *)(ss->dbHandle))) {
-        rv = SECSuccess;
-    }
-
-loser:
-    if (keyPair) {
-        ssl3_FreeKeyPair(keyPair);
-    }
-    if (pubKey) {
-        SECKEY_DestroyPublicKey(pubKey);
-        pubKey = NULL;
-    }
-    return rv;
-}
-
-/************************************************************************/
-
-SECStatus
-ssl_CreateSecurityInfo(sslSocket *ss)
-{
-    SECStatus status;
-
-    /* initialize sslv2 socket to send data in the clear. */
-    ssl2_UseClearSendFunc(ss);
-
-    ss->sec.blockSize = 1;
-    ss->sec.blockShift = 0;
-
-    ssl_GetXmitBufLock(ss);
-    status = sslBuffer_Grow(&ss->sec.writeBuf, 4096);
-    ssl_ReleaseXmitBufLock(ss);
-
-    return status;
-}
-
-SECStatus
-ssl_CopySecurityInfo(sslSocket *ss, sslSocket *os)
-{
-    ss->sec.send = os->sec.send;
-    ss->sec.isServer = os->sec.isServer;
-    ss->sec.keyBits = os->sec.keyBits;
-    ss->sec.secretKeyBits = os->sec.secretKeyBits;
-
-    ss->sec.peerCert = CERT_DupCertificate(os->sec.peerCert);
-    if (os->sec.peerCert && !ss->sec.peerCert)
-        goto loser;
-
-    ss->sec.cache = os->sec.cache;
-    ss->sec.uncache = os->sec.uncache;
-
-    /* we don't dup the connection info. */
-
-    ss->sec.sendSequence = os->sec.sendSequence;
-    ss->sec.rcvSequence = os->sec.rcvSequence;
-
-    if (os->sec.hash && os->sec.hashcx) {
-        ss->sec.hash = os->sec.hash;
-        ss->sec.hashcx = os->sec.hash->clone(os->sec.hashcx);
-        if (os->sec.hashcx && !ss->sec.hashcx)
-            goto loser;
-    } else {
-        ss->sec.hash = NULL;
-        ss->sec.hashcx = NULL;
-    }
-
-    if (SECITEM_CopyItem(0, &ss->sec.sendSecret, &os->sec.sendSecret))
-        goto loser;
-    if (SECITEM_CopyItem(0, &ss->sec.rcvSecret, &os->sec.rcvSecret))
-        goto loser;
-
-    /* XXX following code is wrong if either cx != 0 */
-    PORT_Assert(os->sec.readcx == 0);
-    PORT_Assert(os->sec.writecx == 0);
-    ss->sec.readcx = os->sec.readcx;
-    ss->sec.writecx = os->sec.writecx;
-    ss->sec.destroy = 0;
-
-    ss->sec.enc = os->sec.enc;
-    ss->sec.dec = os->sec.dec;
-
-    ss->sec.blockShift = os->sec.blockShift;
-    ss->sec.blockSize = os->sec.blockSize;
-
-    return SECSuccess;
-
-loser:
-    return SECFailure;
-}
-
-/* Reset sec back to its initial state.
-** Caller holds any relevant locks.
-*/
-void
-ssl_ResetSecurityInfo(sslSecurityInfo *sec, PRBool doMemset)
-{
-    /* Destroy MAC */
-    if (sec->hash && sec->hashcx) {
-        (*sec->hash->destroy)(sec->hashcx, PR_TRUE);
-        sec->hashcx = NULL;
-        sec->hash = NULL;
-    }
-    SECITEM_ZfreeItem(&sec->sendSecret, PR_FALSE);
-    SECITEM_ZfreeItem(&sec->rcvSecret, PR_FALSE);
-
-    /* Destroy ciphers */
-    if (sec->destroy) {
-        (*sec->destroy)(sec->readcx, PR_TRUE);
-        (*sec->destroy)(sec->writecx, PR_TRUE);
-        sec->readcx = NULL;
-        sec->writecx = NULL;
-    } else {
-        PORT_Assert(sec->readcx == 0);
-        PORT_Assert(sec->writecx == 0);
-    }
-    sec->readcx = 0;
-    sec->writecx = 0;
-
-    if (sec->localCert) {
-        CERT_DestroyCertificate(sec->localCert);
-        sec->localCert = NULL;
-    }
-    if (sec->peerCert) {
-        CERT_DestroyCertificate(sec->peerCert);
-        sec->peerCert = NULL;
-    }
-    if (sec->peerKey) {
-        SECKEY_DestroyPublicKey(sec->peerKey);
-        sec->peerKey = NULL;
-    }
-
-    /* cleanup the ci */
-    if (sec->ci.sid != NULL) {
-        ssl_FreeSID(sec->ci.sid);
-    }
-    PORT_ZFree(sec->ci.sendBuf.buf, sec->ci.sendBuf.space);
-    if (doMemset) {
-        memset(&sec->ci, 0, sizeof sec->ci);
-    }
-}
-
-/*
-** Called from SSL_ResetHandshake (above), and
-**        from ssl_FreeSocket     in sslsock.c
-** Caller should hold relevant locks (e.g. XmitBufLock)
-*/
-void
-ssl_DestroySecurityInfo(sslSecurityInfo *sec)
-{
-    ssl_ResetSecurityInfo(sec, PR_FALSE);
-
-    PORT_ZFree(sec->writeBuf.buf, sec->writeBuf.space);
-    sec->writeBuf.buf = 0;
-
-    memset(sec, 0, sizeof *sec);
-}
-
-/************************************************************************/
-
-int
-ssl_SecureConnect(sslSocket *ss, const PRNetAddr *sa)
-{
-    PRFileDesc *osfd = ss->fd->lower;
-    int rv;
-
-    if (ss->opt.handshakeAsServer) {
-        ss->securityHandshake = ssl2_BeginServerHandshake;
-        ss->handshaking = sslHandshakingAsServer;
-    } else {
-        ss->securityHandshake = ssl2_BeginClientHandshake;
-        ss->handshaking = sslHandshakingAsClient;
-    }
-
-    /* connect to server */
-    rv = osfd->methods->connect(osfd, sa, ss->cTimeout);
-    if (rv == PR_SUCCESS) {
-        ss->TCPconnected = 1;
-    } else {
-        int err = PR_GetError();
-        SSL_DBG(("%d: SSL[%d]: connect failed, errno=%d",
-                 SSL_GETPID(), ss->fd, err));
-        if (err == PR_IS_CONNECTED_ERROR) {
-            ss->TCPconnected = 1;
-        }
-    }
-
-    SSL_TRC(5, ("%d: SSL[%d]: secure connect completed, rv == %d",
-                SSL_GETPID(), ss->fd, rv));
-    return rv;
-}
-
-/*
- * The TLS 1.2 RFC 5246, Section 7.2.1 says:
- *
- *     Unless some other fatal alert has been transmitted, each party is
- *     required to send a close_notify alert before closing the write side
- *     of the connection.  The other party MUST respond with a close_notify
- *     alert of its own and close down the connection immediately,
- *     discarding any pending writes.  It is not required for the initiator
- *     of the close to wait for the responding close_notify alert before
- *     closing the read side of the connection.
- *
- * The second sentence requires that we send a close_notify alert when we
- * have received a close_notify alert.  In practice, all SSL implementations
- * close the socket immediately after sending a close_notify alert (which is
- * allowed by the third sentence), so responding with a close_notify alert
- * would result in a write failure with the ECONNRESET error.  This is why
- * we don't respond with a close_notify alert.
- *
- * Also, in the unlikely event that the TCP pipe is full and the peer stops
- * reading, the SSL3_SendAlert call in ssl_SecureClose and ssl_SecureShutdown
- * may block indefinitely in blocking mode, and may fail (without retrying)
- * in non-blocking mode.
- */
-
-int
-ssl_SecureClose(sslSocket *ss)
-{
-    int rv;
-
-    if (ss->version >= SSL_LIBRARY_VERSION_3_0 &&
-        !(ss->shutdownHow & ssl_SHUTDOWN_SEND) &&
-        ss->firstHsDone &&
-        !ss->recvdCloseNotify &&
-        ss->ssl3.initialized) {
-
-        /* We don't want the final alert to be Nagle delayed. */
-        if (!ss->delayDisabled) {
-            ssl_EnableNagleDelay(ss, PR_FALSE);
-            ss->delayDisabled = 1;
-        }
-
-        (void)SSL3_SendAlert(ss, alert_warning, close_notify);
-    }
-    rv = ssl_DefClose(ss);
-    return rv;
-}
-
-/* Caller handles all locking */
-int
-ssl_SecureShutdown(sslSocket *ss, int nsprHow)
-{
-    PRFileDesc *osfd = ss->fd->lower;
-    int rv;
-    PRIntn sslHow = nsprHow + 1;
-
-    if ((unsigned)nsprHow > PR_SHUTDOWN_BOTH) {
-        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
-        return PR_FAILURE;
-    }
-
-    if ((sslHow & ssl_SHUTDOWN_SEND) != 0 &&
-        ss->version >= SSL_LIBRARY_VERSION_3_0 &&
-        !(ss->shutdownHow & ssl_SHUTDOWN_SEND) &&
-        ss->firstHsDone &&
-        !ss->recvdCloseNotify &&
-        ss->ssl3.initialized) {
-
-        (void)SSL3_SendAlert(ss, alert_warning, close_notify);
-    }
-
-    rv = osfd->methods->shutdown(osfd, nsprHow);
-
-    ss->shutdownHow |= sslHow;
-
-    return rv;
-}
-
-/************************************************************************/
-
-int
-ssl_SecureRecv(sslSocket *ss, unsigned char *buf, int len, int flags)
-{
-    int rv = 0;
-
-    if (ss->shutdownHow & ssl_SHUTDOWN_RCV) {
-        PORT_SetError(PR_SOCKET_SHUTDOWN_ERROR);
-        return PR_FAILURE;
-    }
-    if (flags & ~PR_MSG_PEEK) {
-        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
-        return PR_FAILURE;
-    }
-
-    if (!ssl_SocketIsBlocking(ss) && !ss->opt.fdx) {
-        ssl_GetXmitBufLock(ss);
-        if (ss->pendingBuf.len != 0) {
-            rv = ssl_SendSavedWriteData(ss);
-            if ((rv < 0) && (PORT_GetError() != PR_WOULD_BLOCK_ERROR)) {
-                ssl_ReleaseXmitBufLock(ss);
-                return SECFailure;
-            }
-        }
-        ssl_ReleaseXmitBufLock(ss);
-    }
-
-    rv = 0;
-    /* If any of these is non-zero, the initial handshake is not done. */
-    if (!ss->firstHsDone) {
-        ssl_Get1stHandshakeLock(ss);
-        if (ss->handshake || ss->nextHandshake || ss->securityHandshake) {
-            rv = ssl_Do1stHandshake(ss);
-        }
-        ssl_Release1stHandshakeLock(ss);
-    }
-    if (rv < 0) {
-        return rv;
-    }
-
-    if (len == 0)
-        return 0;
-
-    rv = DoRecv(ss, (unsigned char *)buf, len, flags);
-    SSL_TRC(2, ("%d: SSL[%d]: recving %d bytes securely (errno=%d)",
-                SSL_GETPID(), ss->fd, rv, PORT_GetError()));
-    return rv;
-}
-
-int
-ssl_SecureRead(sslSocket *ss, unsigned char *buf, int len)
-{
-    return ssl_SecureRecv(ss, buf, len, 0);
-}
-
-/* Caller holds the SSL Socket's write lock. SSL_LOCK_WRITER(ss) */
-int
-ssl_SecureSend(sslSocket *ss, const unsigned char *buf, int len, int flags)
-{
-    int rv = 0;
-
-    SSL_TRC(2, ("%d: SSL[%d]: SecureSend: sending %d bytes",
-                SSL_GETPID(), ss->fd, len));
-
-    if (ss->shutdownHow & ssl_SHUTDOWN_SEND) {
-        PORT_SetError(PR_SOCKET_SHUTDOWN_ERROR);
-        rv = PR_FAILURE;
-        goto done;
-    }
-    if (flags) {
-        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
-        rv = PR_FAILURE;
-        goto done;
-    }
-
-    ssl_GetXmitBufLock(ss);
-    if (ss->pendingBuf.len != 0) {
-        PORT_Assert(ss->pendingBuf.len > 0);
-        rv = ssl_SendSavedWriteData(ss);
-        if (rv >= 0 && ss->pendingBuf.len != 0) {
-            PORT_Assert(ss->pendingBuf.len > 0);
-            PORT_SetError(PR_WOULD_BLOCK_ERROR);
-            rv = SECFailure;
-        }
-    }
-    ssl_ReleaseXmitBufLock(ss);
-    if (rv < 0) {
-        goto done;
-    }
-
-    if (len > 0)
-        ss->writerThread = PR_GetCurrentThread();
-    /* If any of these is non-zero, the initial handshake is not done. */
-    if (!ss->firstHsDone) {
-        PRBool falseStart = PR_FALSE;
-        ssl_Get1stHandshakeLock(ss);
-        if (ss->opt.enableFalseStart &&
-            ss->version >= SSL_LIBRARY_VERSION_3_0) {
-            ssl_GetSSL3HandshakeLock(ss);
-            falseStart = ss->ssl3.hs.canFalseStart;
-            ssl_ReleaseSSL3HandshakeLock(ss);
-        }
-        if (!falseStart &&
-            (ss->handshake || ss->nextHandshake || ss->securityHandshake)) {
-            rv = ssl_Do1stHandshake(ss);
-        }
-        ssl_Release1stHandshakeLock(ss);
-    }
-    if (rv < 0) {
-        ss->writerThread = NULL;
-        goto done;
-    }
-
-    /* Check for zero length writes after we do housekeeping so we make forward
-     * progress.
-     */
-    if (len == 0) {
-        rv = 0;
-        goto done;
-    }
-    PORT_Assert(buf != NULL);
-    if (!buf) {
-        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
-        rv = PR_FAILURE;
-        goto done;
-    }
-
-    if (!ss->firstHsDone) {
-        PORT_Assert(ss->version >= SSL_LIBRARY_VERSION_3_0);
-#ifdef DEBUG
-        ssl_GetSSL3HandshakeLock(ss);
-        PORT_Assert(ss->ssl3.hs.canFalseStart);
-        ssl_ReleaseSSL3HandshakeLock(ss);
-#endif
-        SSL_TRC(3, ("%d: SSL[%d]: SecureSend: sending data due to false start",
-                    SSL_GETPID(), ss->fd));
-    }
-
-    /* Send out the data using one of these functions:
-     *  ssl2_SendClear, ssl2_SendStream, ssl2_SendBlock,
-     *  ssl3_SendApplicationData
-     */
-    ssl_GetXmitBufLock(ss);
-    rv = (*ss->sec.send)(ss, buf, len, flags);
-    ssl_ReleaseXmitBufLock(ss);
-    ss->writerThread = NULL;
-done:
-    if (rv < 0) {
-        SSL_TRC(2, ("%d: SSL[%d]: SecureSend: returning %d count, error %d",
-                    SSL_GETPID(), ss->fd, rv, PORT_GetError()));
-    } else {
-        SSL_TRC(2, ("%d: SSL[%d]: SecureSend: returning %d count",
-                    SSL_GETPID(), ss->fd, rv));
-    }
-    return rv;
-}
-
-int
-ssl_SecureWrite(sslSocket *ss, const unsigned char *buf, int len)
-{
-    return ssl_SecureSend(ss, buf, len, 0);
-}
-
-SECStatus
-SSL_BadCertHook(PRFileDesc *fd, SSLBadCertHandler f, void *arg)
-{
-    sslSocket *ss;
-
-    ss = ssl_FindSocket(fd);
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in SSLBadCertHook",
-                 SSL_GETPID(), fd));
-        return SECFailure;
-    }
-
-    ss->handleBadCert = f;
-    ss->badCertArg = arg;
-
-    return SECSuccess;
-}
-
-/*
- * Allow the application to pass the url or hostname into the SSL library
- * so that we can do some checking on it. It will be used for the value in
- * SNI extension of client hello message.
- */
-SECStatus
-SSL_SetURL(PRFileDesc *fd, const char *url)
-{
-    sslSocket *ss = ssl_FindSocket(fd);
-    SECStatus rv = SECSuccess;
-
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in SSLSetURL",
-                 SSL_GETPID(), fd));
-        return SECFailure;
-    }
-    ssl_Get1stHandshakeLock(ss);
-    ssl_GetSSL3HandshakeLock(ss);
-
-    if (ss->url) {
-        PORT_Free((void *)ss->url); /* CONST */
-    }
-
-    ss->url = (const char *)PORT_Strdup(url);
-    if (ss->url == NULL) {
-        rv = SECFailure;
-    }
-
-    ssl_ReleaseSSL3HandshakeLock(ss);
-    ssl_Release1stHandshakeLock(ss);
-
-    return rv;
-}
-
-/*
- * Allow the application to pass the set of trust anchors
- */
-SECStatus
-SSL_SetTrustAnchors(PRFileDesc *fd, CERTCertList *certList)
-{
-    sslSocket *ss = ssl_FindSocket(fd);
-    CERTDistNames *names = NULL;
-
-    if (!certList) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetTrustAnchors",
-                 SSL_GETPID(), fd));
-        return SECFailure;
-    }
-
-    names = CERT_DistNamesFromCertList(certList);
-    if (names == NULL) {
-        return SECFailure;
-    }
-    ssl_Get1stHandshakeLock(ss);
-    ssl_GetSSL3HandshakeLock(ss);
-    if (ss->ssl3.ca_list) {
-        CERT_FreeDistNames(ss->ssl3.ca_list);
-    }
-    ss->ssl3.ca_list = names;
-    ssl_ReleaseSSL3HandshakeLock(ss);
-    ssl_Release1stHandshakeLock(ss);
-
-    return SECSuccess;
-}
-
-/*
-** Returns Negative number on error, zero or greater on success.
-** Returns the amount of data immediately available to be read.
-*/
-int
-SSL_DataPending(PRFileDesc *fd)
-{
-    sslSocket *ss;
-    int rv = 0;
-
-    ss = ssl_FindSocket(fd);
-
-    if (ss && ss->opt.useSecurity) {
-        ssl_GetRecvBufLock(ss);
-        rv = ss->gs.writeOffset - ss->gs.readOffset;
-        ssl_ReleaseRecvBufLock(ss);
-    }
-
-    return rv;
-}
-
-SECStatus
-SSL_InvalidateSession(PRFileDesc *fd)
-{
-    sslSocket *ss = ssl_FindSocket(fd);
-    SECStatus rv = SECFailure;
-
-    if (ss) {
-        ssl_Get1stHandshakeLock(ss);
-        ssl_GetSSL3HandshakeLock(ss);
-
-        if (ss->sec.ci.sid && ss->sec.uncache) {
-            ss->sec.uncache(ss->sec.ci.sid);
-            rv = SECSuccess;
-        }
-
-        ssl_ReleaseSSL3HandshakeLock(ss);
-        ssl_Release1stHandshakeLock(ss);
-    }
-    return rv;
-}
-
-static void
-ssl3_CacheSessionUnlocked(sslSocket *ss)
-{
-    PORT_Assert(!ss->sec.isServer);
-
-    if (ss->ssl3.hs.cacheSID) {
-        ss->sec.cache(ss->sec.ci.sid);
-        ss->ssl3.hs.cacheSID = PR_FALSE;
-    }
-}
-
-SECStatus
-SSL_CacheSession(PRFileDesc *fd)
-{
-    sslSocket *ss = ssl_FindSocket(fd);
-    SECStatus rv = SECFailure;
-
-    if (ss) {
-        ssl_Get1stHandshakeLock(ss);
-        ssl_GetSSL3HandshakeLock(ss);
-
-        ssl3_CacheSessionUnlocked(ss);
-        rv = SECSuccess;
-
-        ssl_ReleaseSSL3HandshakeLock(ss);
-        ssl_Release1stHandshakeLock(ss);
-    }
-    return rv;
-}
-
-SECStatus
-SSL_CacheSessionUnlocked(PRFileDesc *fd)
-{
-    sslSocket *ss = ssl_FindSocket(fd);
-    SECStatus rv = SECFailure;
-
-    if (ss) {
-        ssl3_CacheSessionUnlocked(ss);
-        rv = SECSuccess;
-    }
-    return rv;
-}
-
-SECItem *
-SSL_GetSessionID(PRFileDesc *fd)
-{
-    sslSocket *ss;
-    SECItem *item = NULL;
-
-    ss = ssl_FindSocket(fd);
-    if (ss) {
-        ssl_Get1stHandshakeLock(ss);
-        ssl_GetSSL3HandshakeLock(ss);
-
-        if (ss->opt.useSecurity && ss->firstHsDone && ss->sec.ci.sid) {
-            item = (SECItem *)PORT_Alloc(sizeof(SECItem));
-            if (item) {
-                sslSessionID *sid = ss->sec.ci.sid;
-                if (sid->version < SSL_LIBRARY_VERSION_3_0) {
-                    item->len = SSL2_SESSIONID_BYTES;
-                    item->data = (unsigned char *)PORT_Alloc(item->len);
-                    PORT_Memcpy(item->data, sid->u.ssl2.sessionID, item->len);
-                } else {
-                    item->len = sid->u.ssl3.sessionIDLength;
-                    item->data = (unsigned char *)PORT_Alloc(item->len);
-                    PORT_Memcpy(item->data, sid->u.ssl3.sessionID, item->len);
-                }
-            }
-        }
-
-        ssl_ReleaseSSL3HandshakeLock(ss);
-        ssl_Release1stHandshakeLock(ss);
-    }
-    return item;
-}
-
-SECStatus
-SSL_CertDBHandleSet(PRFileDesc *fd, CERTCertDBHandle *dbHandle)
-{
-    sslSocket *ss;
-
-    ss = ssl_FindSocket(fd);
-    if (!ss)
-        return SECFailure;
-    if (!dbHandle) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-    ss->dbHandle = dbHandle;
-    return SECSuccess;
-}
-
-/*
- * attempt to restart the handshake after asynchronously handling
- * a request for the client's certificate.
- *
- * inputs:  
- *	cert	Client cert chosen by application.
- *		Note: ssl takes this reference, and does not bump the 
- *		reference count.  The caller should drop its reference
- *		without calling CERT_DestroyCertificate after calling this
- *		function.
- *
- *	key	Private key associated with cert.  This function takes
- *		ownership of the private key, so the caller should drop its
- *		reference without destroying the private key after this
- *		function returns.
- *
- *	certChain  Chain of signers for cert.  
- *		Note: ssl takes this reference, and does not copy the chain.
- *		The caller should drop its reference without destroying the 
- *		chain.  SSL will free the chain when it is done with it.
- *
- * Return value: XXX
- *
- * XXX This code only works on the initial handshake on a connection, XXX
- *     It does not work on a subsequent handshake (redo).
-   */
-SECStatus
-SSL_RestartHandshakeAfterCertReq(PRFileDesc *fd,
-                                 CERTCertificate *cert,
-                                 SECKEYPrivateKey *key,
-                                 CERTCertificateList *certChain)
-{
-    sslSocket *ss = ssl_FindSocket(fd);
-    SECStatus ret;
-
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_RestartHandshakeAfterCertReq",
-                 SSL_GETPID(), fd));
-        if (cert) {
-            CERT_DestroyCertificate(cert);
-        }
-        if (key) {
-            SECKEY_DestroyPrivateKey(key);
-        }
-        if (certChain) {
-            CERT_DestroyCertificateList(certChain);
-        }
-        return SECFailure;
-    }
-
-    ssl_Get1stHandshakeLock(ss); /************************************/
-
-    if (ss->version >= SSL_LIBRARY_VERSION_3_0) {
-        ret = ssl3_RestartHandshakeAfterCertReq(ss, cert, key, certChain);
-    } else {
-        if (certChain != NULL) {
-            CERT_DestroyCertificateList(certChain);
-        }
-        PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2);
-        ret = SECFailure;
-    }
-
-    ssl_Release1stHandshakeLock(ss); /************************************/
-    return ret;
-}
-
-SECStatus
-SSL_RestartHandshakeAfterChannelIDReq(PRFileDesc *fd,
-                                      SECKEYPublicKey *channelIDPub,
-                                      SECKEYPrivateKey *channelID)
-{
-    sslSocket *ss = ssl_FindSocket(fd);
-    SECStatus ret;
-
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in"
-                 " SSL_RestartHandshakeAfterChannelIDReq",
-                 SSL_GETPID(), fd));
-        goto loser;
-    }
-
-    ssl_Get1stHandshakeLock(ss);
-
-    if (ss->version < SSL_LIBRARY_VERSION_3_0) {
-        PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2);
-        ssl_Release1stHandshakeLock(ss);
-        goto loser;
-    }
-
-    ret = ssl3_RestartHandshakeAfterChannelIDReq(ss, channelIDPub,
-                                                 channelID);
-    ssl_Release1stHandshakeLock(ss);
-
-    return ret;
-
-loser:
-    SECKEY_DestroyPublicKey(channelIDPub);
-    SECKEY_DestroyPrivateKey(channelID);
-    return SECFailure;
-}
-
-/* DO NOT USE. This function was exported in ssl.def with the wrong signature;
- * this implementation exists to maintain link-time compatibility.
- */
-int
-SSL_RestartHandshakeAfterServerCert(sslSocket *ss)
-{
-    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
-    return -1;
-}
-
-/* See documentation in ssl.h */
-SECStatus
-SSL_AuthCertificateComplete(PRFileDesc *fd, PRErrorCode error)
-{
-    SECStatus rv;
-    sslSocket *ss = ssl_FindSocket(fd);
-
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_AuthCertificateComplete",
-                 SSL_GETPID(), fd));
-        return SECFailure;
-    }
-
-    ssl_Get1stHandshakeLock(ss);
-
-    if (!ss->ssl3.initialized) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        rv = SECFailure;
-    } else if (ss->version < SSL_LIBRARY_VERSION_3_0) {
-        PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2);
-        rv = SECFailure;
-    } else {
-        rv = ssl3_AuthCertificateComplete(ss, error);
-    }
-
-    ssl_Release1stHandshakeLock(ss);
-
-    return rv;
-}
-
-/* For more info see ssl.h */
-SECStatus
-SSL_SNISocketConfigHook(PRFileDesc *fd, SSLSNISocketConfig func,
-                        void *arg)
-{
-    sslSocket *ss;
-
-    ss = ssl_FindSocket(fd);
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in SNISocketConfigHook",
-                 SSL_GETPID(), fd));
-        return SECFailure;
-    }
-
-    ss->sniSocketConfig = func;
-    ss->sniSocketConfigArg = arg;
-    return SECSuccess;
-}
diff --git a/chromium/net/third_party/nss/ssl/sslsnce.c b/chromium/net/third_party/nss/ssl/sslsnce.c
deleted file mode 100644
index e3f749e577b..00000000000
--- a/chromium/net/third_party/nss/ssl/sslsnce.c
+++ /dev/null
@@ -1,2204 +0,0 @@
-/* This file implements the SERVER Session ID cache.
- * NOTE:  The contents of this file are NOT used by the client.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-/* Note: ssl_FreeSID() in sslnonce.c gets used for both client and server
- * cache sids!
- *
- * About record locking among different server processes:
- *
- * All processes that are part of the same conceptual server (serving on
- * the same address and port) MUST share a common SSL session cache.
- * This code makes the content of the shared cache accessible to all
- * processes on the same "server".  This code works on Unix and Win32 only.
- *
- * We use NSPR anonymous shared memory and move data to & from shared memory.
- * We must do explicit locking of the records for all reads and writes.
- * The set of Cache entries are divided up into "sets" of 128 entries.
- * Each set is protected by a lock.  There may be one or more sets protected
- * by each lock.  That is, locks to sets are 1:N.
- * There is one lock for the entire cert cache.
- * There is one lock for the set of wrapped sym wrap keys.
- *
- * The anonymous shared memory is laid out as if it were declared like this:
- *
- * struct {
- *     cacheDescriptor          desc;
- *     sidCacheLock             sidCacheLocks[ numSIDCacheLocks];
- *     sidCacheLock             keyCacheLock;
- *     sidCacheLock             certCacheLock;
- *     sidCacheSet              sidCacheSets[ numSIDCacheSets ];
- *     sidCacheEntry            sidCacheData[ numSIDCacheEntries];
- *     certCacheEntry           certCacheData[numCertCacheEntries];
- *     SSLWrappedSymWrappingKey keyCacheData[kt_kea_size][SSL_NUM_WRAP_MECHS];
- *     PRUint8                  keyNameSuffix[SESS_TICKET_KEY_VAR_NAME_LEN]
- *     encKeyCacheEntry         ticketEncKey; // Wrapped in non-bypass mode
- *     encKeyCacheEntry         ticketMacKey; // Wrapped in non-bypass mode
- *     PRBool                   ticketKeysValid;
- *     sidCacheLock             srvNameCacheLock;
- *     srvNameCacheEntry        srvNameData[ numSrvNameCacheEntries ];
- * } cacheMemCacheData;
- */
-#include "seccomon.h"
-
-#if defined(XP_UNIX) || defined(XP_WIN32) || defined(XP_OS2) || defined(XP_BEOS)
-
-#include "cert.h"
-#include "ssl.h"
-#include "sslimpl.h"
-#include "sslproto.h"
-#include "pk11func.h"
-#include "base64.h"
-#include "keyhi.h"
-#ifdef NO_PKCS11_BYPASS
-#include "blapit.h"
-#include "sechash.h"
-#else
-#include "blapi.h"
-#endif
-
-#include <stdio.h>
-
-#if defined(XP_UNIX) || defined(XP_BEOS)
-
-#include <syslog.h>
-#include <fcntl.h>
-#include <unistd.h>
-#include <errno.h>
-#include <signal.h>
-#include "unix_err.h"
-
-#else
-
-#ifdef XP_WIN32
-#include <wtypes.h>
-#include "win32err.h"
-#endif
-
-#endif
-#include <sys/types.h>
-
-#define SET_ERROR_CODE /* reminder */
-
-#include "nspr.h"
-#include "sslmutex.h"
-
-/*
-** Format of a cache entry in the shared memory.
-*/
-struct sidCacheEntryStr {
-    /* 16 */ PRIPv6Addr addr; /* client's IP address */
-    /*  4 */ PRUint32 creationTime;
-    /*  4 */ PRUint32 lastAccessTime;
-    /*  4 */ PRUint32 expirationTime;
-    /*  2 */ PRUint16 version;
-    /*  1 */ PRUint8 valid;
-    /*  1 */ PRUint8 sessionIDLength;
-    /* 32 */ PRUint8 sessionID[SSL3_SESSIONID_BYTES];
-    /*  2 */ PRUint16 authAlgorithm;
-    /*  2 */ PRUint16 authKeyBits;
-    /*  2 */ PRUint16 keaType;
-    /*  2 */ PRUint16 keaKeyBits;
-    /* 72  - common header total */
-
-    union {
-        struct {
-            /* 64 */ PRUint8 masterKey[SSL_MAX_MASTER_KEY_BYTES];
-            /* 32 */ PRUint8 cipherArg[SSL_MAX_CYPHER_ARG_BYTES];
-
-            /*  1 */ PRUint8 cipherType;
-            /*  1 */ PRUint8 masterKeyLen;
-            /*  1 */ PRUint8 keyBits;
-            /*  1 */ PRUint8 secretKeyBits;
-            /*  1 */ PRUint8 cipherArgLen;
-/*101 */} ssl2;
-
-struct {
-    /*  2 */ ssl3CipherSuite cipherSuite;
-    /*  2 */ PRUint16 compression; /* SSLCompressionMethod */
-
-    /* 54 */ ssl3SidKeys keys; /* keys, wrapped as needed. */
-
-    /*  4 */ PRUint32 masterWrapMech;
-    /*  4 */ SSL3KEAType exchKeyType;
-    /*  4 */ PRInt32 certIndex;
-    /*  4 */ PRInt32 srvNameIndex;
-    /* 32 */ PRUint8 srvNameHash[SHA256_LENGTH]; /* SHA256 name hash */
-/*108 */} ssl3;
-
-/* force sizeof(sidCacheEntry) to be a multiple of cache line size */
-struct {
-    /*120 */ PRUint8 filler[120]; /* 72+120==192, a multiple of 16 */
-} forceSize;
-    } u;
-};
-typedef struct sidCacheEntryStr sidCacheEntry;
-
-/* The length of this struct is supposed to be a power of 2, e.g. 4KB */
-struct certCacheEntryStr {
-    PRUint16 certLength;                     /*    2 */
-    PRUint16 sessionIDLength;                /*    2 */
-    PRUint8 sessionID[SSL3_SESSIONID_BYTES]; /*   32 */
-    PRUint8 cert[SSL_MAX_CACHED_CERT_LEN];   /* 4060 */
-};                                           /* total   4096 */
-typedef struct certCacheEntryStr certCacheEntry;
-
-struct sidCacheLockStr {
-    PRUint32 timeStamp;
-    sslMutex mutex;
-    sslPID pid;
-};
-typedef struct sidCacheLockStr sidCacheLock;
-
-struct sidCacheSetStr {
-    PRIntn next;
-};
-typedef struct sidCacheSetStr sidCacheSet;
-
-struct encKeyCacheEntryStr {
-    PRUint8 bytes[512];
-    PRInt32 length;
-};
-typedef struct encKeyCacheEntryStr encKeyCacheEntry;
-
-#define SSL_MAX_DNS_HOST_NAME 1024
-
-struct srvNameCacheEntryStr {
-    PRUint16 type;                            /*    2 */
-    PRUint16 nameLen;                         /*    2 */
-    PRUint8 name[SSL_MAX_DNS_HOST_NAME + 12]; /* 1034 */
-    PRUint8 nameHash[SHA256_LENGTH];          /*   32 */
-                                              /* 1072 */
-};
-typedef struct srvNameCacheEntryStr srvNameCacheEntry;
-
-struct cacheDescStr {
-
-    PRUint32 cacheMemSize;
-
-    PRUint32 numSIDCacheLocks;
-    PRUint32 numSIDCacheSets;
-    PRUint32 numSIDCacheSetsPerLock;
-
-    PRUint32 numSIDCacheEntries;
-    PRUint32 sidCacheSize;
-
-    PRUint32 numCertCacheEntries;
-    PRUint32 certCacheSize;
-
-    PRUint32 numKeyCacheEntries;
-    PRUint32 keyCacheSize;
-
-    PRUint32 numSrvNameCacheEntries;
-    PRUint32 srvNameCacheSize;
-
-    PRUint32 ssl2Timeout;
-    PRUint32 ssl3Timeout;
-
-    PRUint32 numSIDCacheLocksInitialized;
-
-    /* These values are volatile, and are accessed through sharedCache-> */
-    PRUint32 nextCertCacheEntry; /* certCacheLock protects */
-    PRBool stopPolling;
-    PRBool everInherited;
-
-    /* The private copies of these values are pointers into shared mem */
-    /* The copies of these values in shared memory are merely offsets */
-    sidCacheLock *sidCacheLocks;
-    sidCacheLock *keyCacheLock;
-    sidCacheLock *certCacheLock;
-    sidCacheLock *srvNameCacheLock;
-    sidCacheSet *sidCacheSets;
-    sidCacheEntry *sidCacheData;
-    certCacheEntry *certCacheData;
-    SSLWrappedSymWrappingKey *keyCacheData;
-    PRUint8 *ticketKeyNameSuffix;
-    encKeyCacheEntry *ticketEncKey;
-    encKeyCacheEntry *ticketMacKey;
-    PRUint32 *ticketKeysValid;
-    srvNameCacheEntry *srvNameCacheData;
-
-    /* Only the private copies of these pointers are valid */
-    char *cacheMem;
-    struct cacheDescStr *sharedCache; /* shared copy of this struct */
-    PRFileMap *cacheMemMap;
-    PRThread *poller;
-    PRUint32 mutexTimeout;
-    PRBool shared;
-};
-typedef struct cacheDescStr cacheDesc;
-
-static cacheDesc globalCache;
-
-static const char envVarName[] = { SSL_ENV_VAR_NAME };
-
-static PRBool isMultiProcess = PR_FALSE;
-
-#define DEF_SID_CACHE_ENTRIES 10000
-#define DEF_CERT_CACHE_ENTRIES 250
-#define MIN_CERT_CACHE_ENTRIES 125 /* the effective size in old releases. */
-#define DEF_KEY_CACHE_ENTRIES 250
-#define DEF_NAME_CACHE_ENTRIES 1000
-
-#define SID_CACHE_ENTRIES_PER_SET 128
-#define SID_ALIGNMENT 16
-
-#define DEF_SSL2_TIMEOUT 100 /* seconds */
-#define MAX_SSL2_TIMEOUT 100 /* seconds */
-#define MIN_SSL2_TIMEOUT 5   /* seconds */
-
-#define DEF_SSL3_TIMEOUT 86400L /* 24 hours */
-#define MAX_SSL3_TIMEOUT 86400L /* 24 hours */
-#define MIN_SSL3_TIMEOUT 5      /* seconds  */
-
-#if defined(AIX) || defined(LINUX) || defined(NETBSD) || defined(OPENBSD)
-#define MAX_SID_CACHE_LOCKS 8 /* two FDs per lock */
-#elif defined(OSF1)
-#define MAX_SID_CACHE_LOCKS 16 /* one FD per lock */
-#else
-#define MAX_SID_CACHE_LOCKS 256
-#endif
-
-#define SID_HOWMANY(val, size) (((val) + ((size)-1)) / (size))
-#define SID_ROUNDUP(val, size) ((size)*SID_HOWMANY((val), (size)))
-
-static sslPID myPid;
-static PRUint32 ssl_max_sid_cache_locks = MAX_SID_CACHE_LOCKS;
-
-/* forward static function declarations */
-static PRUint32 SIDindex(cacheDesc *cache, const PRIPv6Addr *addr, PRUint8 *s,
-                         unsigned nl);
-static SECStatus LaunchLockPoller(cacheDesc *cache);
-static SECStatus StopLockPoller(cacheDesc *cache);
-
-struct inheritanceStr {
-    PRUint32 cacheMemSize;
-    PRUint32 fmStrLen;
-};
-
-typedef struct inheritanceStr inheritance;
-
-#if defined(_WIN32) || defined(XP_OS2)
-
-#define DEFAULT_CACHE_DIRECTORY "\\temp"
-
-#endif /* _win32 */
-
-#if defined(XP_UNIX) || defined(XP_BEOS)
-
-#define DEFAULT_CACHE_DIRECTORY "/tmp"
-
-#endif /* XP_UNIX || XP_BEOS */
-
-/************************************************************************/
-
-static PRUint32
-LockSidCacheLock(sidCacheLock *lock, PRUint32 now)
-{
-    SECStatus rv = sslMutex_Lock(&lock->mutex);
-    if (rv != SECSuccess)
-        return 0;
-    if (!now)
-        now = ssl_Time();
-    lock->timeStamp = now;
-    lock->pid = myPid;
-    return now;
-}
-
-static SECStatus
-UnlockSidCacheLock(sidCacheLock *lock)
-{
-    SECStatus rv;
-
-    lock->pid = 0;
-    rv = sslMutex_Unlock(&lock->mutex);
-    return rv;
-}
-
-/* returns the value of ssl_Time on success, zero on failure. */
-static PRUint32
-LockSet(cacheDesc *cache, PRUint32 set, PRUint32 now)
-{
-    PRUint32 lockNum = set % cache->numSIDCacheLocks;
-    sidCacheLock *lock = cache->sidCacheLocks + lockNum;
-
-    return LockSidCacheLock(lock, now);
-}
-
-static SECStatus
-UnlockSet(cacheDesc *cache, PRUint32 set)
-{
-    PRUint32 lockNum = set % cache->numSIDCacheLocks;
-    sidCacheLock *lock = cache->sidCacheLocks + lockNum;
-
-    return UnlockSidCacheLock(lock);
-}
-
-/************************************************************************/
-
-/* Put a certificate in the cache.  Update the cert index in the sce.
-*/
-static PRUint32
-CacheCert(cacheDesc *cache, CERTCertificate *cert, sidCacheEntry *sce)
-{
-    PRUint32 now;
-    certCacheEntry cce;
-
-    if ((cert->derCert.len > SSL_MAX_CACHED_CERT_LEN) ||
-        (cert->derCert.len <= 0) ||
-        (cert->derCert.data == NULL)) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return 0;
-    }
-
-    cce.sessionIDLength = sce->sessionIDLength;
-    PORT_Memcpy(cce.sessionID, sce->sessionID, cce.sessionIDLength);
-
-    cce.certLength = cert->derCert.len;
-    PORT_Memcpy(cce.cert, cert->derCert.data, cce.certLength);
-
-    /* get lock on cert cache */
-    now = LockSidCacheLock(cache->certCacheLock, 0);
-    if (now) {
-
-        /* Find where to place the next cert cache entry. */
-        cacheDesc *sharedCache = cache->sharedCache;
-        PRUint32 ndx = sharedCache->nextCertCacheEntry;
-
-        /* write the entry */
-        cache->certCacheData[ndx] = cce;
-
-        /* remember where we put it. */
-        sce->u.ssl3.certIndex = ndx;
-
-        /* update the "next" cache entry index */
-        sharedCache->nextCertCacheEntry =
-            (ndx + 1) % cache->numCertCacheEntries;
-
-        UnlockSidCacheLock(cache->certCacheLock);
-    }
-    return now;
-}
-
-/* Server configuration hash tables need to account the SECITEM.type
- * field as well. These functions accomplish that. */
-static PLHashNumber
-Get32BitNameHash(const SECItem *name)
-{
-    PLHashNumber rv = SECITEM_Hash(name);
-
-    PRUint8 *rvc = (PRUint8 *)&rv;
-    rvc[name->len % sizeof(rv)] ^= name->type;
-
-    return rv;
-}
-
-/* Put a name in the cache.  Update the cert index in the sce.
-*/
-static PRUint32
-CacheSrvName(cacheDesc *cache, SECItem *name, sidCacheEntry *sce)
-{
-    PRUint32 now;
-    PRUint32 ndx;
-    srvNameCacheEntry snce;
-
-    if (!name || name->len <= 0 ||
-        name->len > SSL_MAX_DNS_HOST_NAME) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return 0;
-    }
-
-    snce.type = name->type;
-    snce.nameLen = name->len;
-    PORT_Memcpy(snce.name, name->data, snce.nameLen);
-#ifdef NO_PKCS11_BYPASS
-    HASH_HashBuf(HASH_AlgSHA256, snce.nameHash, name->data, name->len);
-#else
-    SHA256_HashBuf(snce.nameHash, (unsigned char *)name->data,
-                   name->len);
-#endif
-    /* get index of the next name */
-    ndx = Get32BitNameHash(name);
-    /* get lock on cert cache */
-    now = LockSidCacheLock(cache->srvNameCacheLock, 0);
-    if (now) {
-        if (cache->numSrvNameCacheEntries > 0) {
-            /* Fit the index into array */
-            ndx %= cache->numSrvNameCacheEntries;
-            /* write the entry */
-            cache->srvNameCacheData[ndx] = snce;
-            /* remember where we put it. */
-            sce->u.ssl3.srvNameIndex = ndx;
-            /* Copy hash into sid hash */
-            PORT_Memcpy(sce->u.ssl3.srvNameHash, snce.nameHash, SHA256_LENGTH);
-        }
-        UnlockSidCacheLock(cache->srvNameCacheLock);
-    }
-    return now;
-}
-
-/*
-** Convert local SID to shared memory one
-*/
-static void
-ConvertFromSID(sidCacheEntry *to, sslSessionID *from)
-{
-    to->valid = 1;
-    to->version = from->version;
-    to->addr = from->addr;
-    to->creationTime = from->creationTime;
-    to->lastAccessTime = from->lastAccessTime;
-    to->expirationTime = from->expirationTime;
-    to->authAlgorithm = from->authAlgorithm;
-    to->authKeyBits = from->authKeyBits;
-    to->keaType = from->keaType;
-    to->keaKeyBits = from->keaKeyBits;
-
-    if (from->version < SSL_LIBRARY_VERSION_3_0) {
-        if ((from->u.ssl2.masterKey.len > SSL_MAX_MASTER_KEY_BYTES) ||
-            (from->u.ssl2.cipherArg.len > SSL_MAX_CYPHER_ARG_BYTES)) {
-            SSL_DBG(("%d: SSL: masterKeyLen=%d cipherArgLen=%d",
-                     myPid, from->u.ssl2.masterKey.len,
-                     from->u.ssl2.cipherArg.len));
-            to->valid = 0;
-            return;
-        }
-
-        to->u.ssl2.cipherType = from->u.ssl2.cipherType;
-        to->u.ssl2.masterKeyLen = from->u.ssl2.masterKey.len;
-        to->u.ssl2.cipherArgLen = from->u.ssl2.cipherArg.len;
-        to->u.ssl2.keyBits = from->u.ssl2.keyBits;
-        to->u.ssl2.secretKeyBits = from->u.ssl2.secretKeyBits;
-        to->sessionIDLength = SSL2_SESSIONID_BYTES;
-        PORT_Memcpy(to->sessionID, from->u.ssl2.sessionID, SSL2_SESSIONID_BYTES);
-        PORT_Memcpy(to->u.ssl2.masterKey, from->u.ssl2.masterKey.data,
-                    from->u.ssl2.masterKey.len);
-        PORT_Memcpy(to->u.ssl2.cipherArg, from->u.ssl2.cipherArg.data,
-                    from->u.ssl2.cipherArg.len);
-#ifdef DEBUG
-        PORT_Memset(to->u.ssl2.masterKey + from->u.ssl2.masterKey.len, 0,
-                    sizeof(to->u.ssl2.masterKey) - from->u.ssl2.masterKey.len);
-        PORT_Memset(to->u.ssl2.cipherArg + from->u.ssl2.cipherArg.len, 0,
-                    sizeof(to->u.ssl2.cipherArg) - from->u.ssl2.cipherArg.len);
-#endif
-        SSL_TRC(8, ("%d: SSL: ConvertSID: masterKeyLen=%d cipherArgLen=%d "
-                    "time=%d addr=0x%08x%08x%08x%08x cipherType=%d",
-                    myPid,
-                    to->u.ssl2.masterKeyLen, to->u.ssl2.cipherArgLen,
-                    to->creationTime, to->addr.pr_s6_addr32[0],
-                    to->addr.pr_s6_addr32[1], to->addr.pr_s6_addr32[2],
-                    to->addr.pr_s6_addr32[3], to->u.ssl2.cipherType));
-    } else {
-        /* This is an SSL v3 session */
-
-        to->u.ssl3.cipherSuite = from->u.ssl3.cipherSuite;
-        to->u.ssl3.compression = (PRUint16)from->u.ssl3.compression;
-        to->u.ssl3.keys = from->u.ssl3.keys;
-        to->u.ssl3.masterWrapMech = from->u.ssl3.masterWrapMech;
-        to->u.ssl3.exchKeyType = from->u.ssl3.exchKeyType;
-        to->sessionIDLength = from->u.ssl3.sessionIDLength;
-        to->u.ssl3.certIndex = -1;
-        to->u.ssl3.srvNameIndex = -1;
-        PORT_Memcpy(to->sessionID, from->u.ssl3.sessionID,
-                    to->sessionIDLength);
-
-        SSL_TRC(8, ("%d: SSL3: ConvertSID: time=%d addr=0x%08x%08x%08x%08x "
-                    "cipherSuite=%d",
-                    myPid, to->creationTime, to->addr.pr_s6_addr32[0],
-                    to->addr.pr_s6_addr32[1], to->addr.pr_s6_addr32[2],
-                    to->addr.pr_s6_addr32[3], to->u.ssl3.cipherSuite));
-    }
-}
-
-/*
-** Convert shared memory cache-entry to local memory based one
-** This is only called from ServerSessionIDLookup().
-*/
-static sslSessionID *
-ConvertToSID(sidCacheEntry *from,
-             certCacheEntry *pcce,
-             srvNameCacheEntry *psnce,
-             CERTCertDBHandle *dbHandle)
-{
-    sslSessionID *to;
-    PRUint16 version = from->version;
-
-    to = PORT_ZNew(sslSessionID);
-    if (!to) {
-        return 0;
-    }
-
-    if (version < SSL_LIBRARY_VERSION_3_0) {
-        /* This is an SSL v2 session */
-        to->u.ssl2.masterKey.data =
-            (unsigned char *)PORT_Alloc(from->u.ssl2.masterKeyLen);
-        if (!to->u.ssl2.masterKey.data) {
-            goto loser;
-        }
-        if (from->u.ssl2.cipherArgLen) {
-            to->u.ssl2.cipherArg.data =
-                (unsigned char *)PORT_Alloc(from->u.ssl2.cipherArgLen);
-            if (!to->u.ssl2.cipherArg.data) {
-                goto loser;
-            }
-            PORT_Memcpy(to->u.ssl2.cipherArg.data, from->u.ssl2.cipherArg,
-                        from->u.ssl2.cipherArgLen);
-        }
-
-        to->u.ssl2.cipherType = from->u.ssl2.cipherType;
-        to->u.ssl2.masterKey.len = from->u.ssl2.masterKeyLen;
-        to->u.ssl2.cipherArg.len = from->u.ssl2.cipherArgLen;
-        to->u.ssl2.keyBits = from->u.ssl2.keyBits;
-        to->u.ssl2.secretKeyBits = from->u.ssl2.secretKeyBits;
-        /*  to->sessionIDLength      = SSL2_SESSIONID_BYTES; */
-        PORT_Memcpy(to->u.ssl2.sessionID, from->sessionID, SSL2_SESSIONID_BYTES);
-        PORT_Memcpy(to->u.ssl2.masterKey.data, from->u.ssl2.masterKey,
-                    from->u.ssl2.masterKeyLen);
-
-        SSL_TRC(8, ("%d: SSL: ConvertToSID: masterKeyLen=%d cipherArgLen=%d "
-                    "time=%d addr=0x%08x%08x%08x%08x cipherType=%d",
-                    myPid, to->u.ssl2.masterKey.len,
-                    to->u.ssl2.cipherArg.len, to->creationTime,
-                    to->addr.pr_s6_addr32[0], to->addr.pr_s6_addr32[1],
-                    to->addr.pr_s6_addr32[2], to->addr.pr_s6_addr32[3],
-                    to->u.ssl2.cipherType));
-    } else {
-        /* This is an SSL v3 session */
-
-        to->u.ssl3.sessionIDLength = from->sessionIDLength;
-        to->u.ssl3.cipherSuite = from->u.ssl3.cipherSuite;
-        to->u.ssl3.compression = (SSLCompressionMethod)from->u.ssl3.compression;
-        to->u.ssl3.keys = from->u.ssl3.keys;
-        to->u.ssl3.masterWrapMech = from->u.ssl3.masterWrapMech;
-        to->u.ssl3.exchKeyType = from->u.ssl3.exchKeyType;
-        if (from->u.ssl3.srvNameIndex != -1 && psnce) {
-            SECItem name;
-            SECStatus rv;
-            name.type = psnce->type;
-            name.len = psnce->nameLen;
-            name.data = psnce->name;
-            rv = SECITEM_CopyItem(NULL, &to->u.ssl3.srvName, &name);
-            if (rv != SECSuccess) {
-                goto loser;
-            }
-        }
-
-        PORT_Memcpy(to->u.ssl3.sessionID, from->sessionID, from->sessionIDLength);
-
-        /* the portions of the SID that are only restored on the client
-         * are set to invalid values on the server.
-         */
-        to->u.ssl3.clientWriteKey = NULL;
-        to->u.ssl3.serverWriteKey = NULL;
-
-        to->urlSvrName = NULL;
-
-        to->u.ssl3.masterModuleID = (SECMODModuleID)-1; /* invalid value */
-        to->u.ssl3.masterSlotID = (CK_SLOT_ID)-1;       /* invalid value */
-        to->u.ssl3.masterWrapIndex = 0;
-        to->u.ssl3.masterWrapSeries = 0;
-        to->u.ssl3.masterValid = PR_FALSE;
-
-        to->u.ssl3.clAuthModuleID = (SECMODModuleID)-1; /* invalid value */
-        to->u.ssl3.clAuthSlotID = (CK_SLOT_ID)-1;       /* invalid value */
-        to->u.ssl3.clAuthSeries = 0;
-        to->u.ssl3.clAuthValid = PR_FALSE;
-
-        if (from->u.ssl3.certIndex != -1 && pcce) {
-            SECItem derCert;
-
-            derCert.len = pcce->certLength;
-            derCert.data = pcce->cert;
-
-            to->peerCert = CERT_NewTempCertificate(dbHandle, &derCert, NULL,
-                                                   PR_FALSE, PR_TRUE);
-            if (to->peerCert == NULL)
-                goto loser;
-        }
-    }
-
-    to->version = from->version;
-    to->creationTime = from->creationTime;
-    to->lastAccessTime = from->lastAccessTime;
-    to->expirationTime = from->expirationTime;
-    to->cached = in_server_cache;
-    to->addr = from->addr;
-    to->references = 1;
-    to->authAlgorithm = from->authAlgorithm;
-    to->authKeyBits = from->authKeyBits;
-    to->keaType = from->keaType;
-    to->keaKeyBits = from->keaKeyBits;
-
-    return to;
-
-loser:
-    if (to) {
-        if (version < SSL_LIBRARY_VERSION_3_0) {
-            if (to->u.ssl2.masterKey.data)
-                PORT_Free(to->u.ssl2.masterKey.data);
-            if (to->u.ssl2.cipherArg.data)
-                PORT_Free(to->u.ssl2.cipherArg.data);
-        } else {
-            SECITEM_FreeItem(&to->u.ssl3.srvName, PR_FALSE);
-        }
-        PORT_Free(to);
-    }
-    return NULL;
-}
-
-/*
-** Perform some mumbo jumbo on the ip-address and the session-id value to
-** compute a hash value.
-*/
-static PRUint32
-SIDindex(cacheDesc *cache, const PRIPv6Addr *addr, PRUint8 *s, unsigned nl)
-{
-    PRUint32 rv;
-    PRUint32 x[8];
-
-    memset(x, 0, sizeof x);
-    if (nl > sizeof x)
-        nl = sizeof x;
-    memcpy(x, s, nl);
-
-    rv = (addr->pr_s6_addr32[0] ^ addr->pr_s6_addr32[1] ^
-          addr->pr_s6_addr32[2] ^ addr->pr_s6_addr32[3] ^
-          x[0] ^ x[1] ^ x[2] ^ x[3] ^ x[4] ^ x[5] ^ x[6] ^ x[7]) %
-         cache->numSIDCacheSets;
-    return rv;
-}
-
-/*
-** Look something up in the cache. This will invalidate old entries
-** in the process. Caller has locked the cache set!
-** Returns PR_TRUE if found a valid match.  PR_FALSE otherwise.
-*/
-static sidCacheEntry *
-FindSID(cacheDesc *cache, PRUint32 setNum, PRUint32 now,
-        const PRIPv6Addr *addr, unsigned char *sessionID,
-        unsigned sessionIDLength)
-{
-    PRUint32 ndx = cache->sidCacheSets[setNum].next;
-    int i;
-
-    sidCacheEntry *set = cache->sidCacheData +
-                         (setNum * SID_CACHE_ENTRIES_PER_SET);
-
-    for (i = SID_CACHE_ENTRIES_PER_SET; i > 0; --i) {
-        sidCacheEntry *sce;
-
-        ndx = (ndx - 1) % SID_CACHE_ENTRIES_PER_SET;
-        sce = set + ndx;
-
-        if (!sce->valid)
-            continue;
-
-        if (now > sce->expirationTime) {
-            /* SessionID has timed out. Invalidate the entry. */
-            SSL_TRC(7, ("%d: timed out sid entry addr=%08x%08x%08x%08x now=%x "
-                        "time+=%x",
-                        myPid, sce->addr.pr_s6_addr32[0],
-                        sce->addr.pr_s6_addr32[1], sce->addr.pr_s6_addr32[2],
-                        sce->addr.pr_s6_addr32[3], now,
-                        sce->expirationTime));
-            sce->valid = 0;
-            continue;
-        }
-
-        /*
-        ** Next, examine specific session-id/addr data to see if the cache
-        ** entry matches our addr+session-id value
-        */
-        if (sessionIDLength == sce->sessionIDLength &&
-            !memcmp(&sce->addr, addr, sizeof(PRIPv6Addr)) &&
-            !memcmp(sce->sessionID, sessionID, sessionIDLength)) {
-            /* Found it */
-            return sce;
-        }
-    }
-
-    PORT_SetError(SSL_ERROR_SESSION_NOT_FOUND);
-    return NULL;
-}
-
-/************************************************************************/
-
-/* This is the primary function for finding entries in the server's sid cache.
- * Although it is static, this function is called via the global function
- * pointer ssl_sid_lookup.
- */
-static sslSessionID *
-ServerSessionIDLookup(const PRIPv6Addr *addr,
-                      unsigned char *sessionID,
-                      unsigned int sessionIDLength,
-                      CERTCertDBHandle *dbHandle)
-{
-    sslSessionID *sid = 0;
-    sidCacheEntry *psce;
-    certCacheEntry *pcce = 0;
-    srvNameCacheEntry *psnce = 0;
-    cacheDesc *cache = &globalCache;
-    PRUint32 now;
-    PRUint32 set;
-    PRInt32 cndx;
-    sidCacheEntry sce;
-    certCacheEntry cce;
-    srvNameCacheEntry snce;
-
-    set = SIDindex(cache, addr, sessionID, sessionIDLength);
-    now = LockSet(cache, set, 0);
-    if (!now)
-        return NULL;
-
-    psce = FindSID(cache, set, now, addr, sessionID, sessionIDLength);
-    if (psce) {
-        if (psce->version >= SSL_LIBRARY_VERSION_3_0) {
-            if ((cndx = psce->u.ssl3.certIndex) != -1) {
-
-                PRUint32 gotLock = LockSidCacheLock(cache->certCacheLock, now);
-                if (gotLock) {
-                    pcce = &cache->certCacheData[cndx];
-
-                    /* See if the cert's session ID matches the sce cache. */
-                    if ((pcce->sessionIDLength == psce->sessionIDLength) &&
-                        !PORT_Memcmp(pcce->sessionID, psce->sessionID,
-                                     pcce->sessionIDLength)) {
-                        cce = *pcce;
-                    } else {
-                        /* The cert doesen't match the SID cache entry,
-                        ** so invalidate the SID cache entry.
-                        */
-                        psce->valid = 0;
-                        psce = 0;
-                        pcce = 0;
-                    }
-                    UnlockSidCacheLock(cache->certCacheLock);
-                } else {
-                    /* what the ??.  Didn't get the cert cache lock.
-                    ** Don't invalidate the SID cache entry, but don't find it.
-                    */
-                    PORT_Assert(!("Didn't get cert Cache Lock!"));
-                    psce = 0;
-                    pcce = 0;
-                }
-            }
-            if (psce && ((cndx = psce->u.ssl3.srvNameIndex) != -1)) {
-                PRUint32 gotLock = LockSidCacheLock(cache->srvNameCacheLock,
-                                                    now);
-                if (gotLock) {
-                    psnce = &cache->srvNameCacheData[cndx];
-
-                    if (!PORT_Memcmp(psnce->nameHash, psce->u.ssl3.srvNameHash,
-                                     SHA256_LENGTH)) {
-                        snce = *psnce;
-                    } else {
-                        /* The name doesen't match the SID cache entry,
-                        ** so invalidate the SID cache entry.
-                        */
-                        psce->valid = 0;
-                        psce = 0;
-                        psnce = 0;
-                    }
-                    UnlockSidCacheLock(cache->srvNameCacheLock);
-                } else {
-                    /* what the ??.  Didn't get the cert cache lock.
-                    ** Don't invalidate the SID cache entry, but don't find it.
-                    */
-                    PORT_Assert(!("Didn't get name Cache Lock!"));
-                    psce = 0;
-                    psnce = 0;
-                }
-            }
-        }
-        if (psce) {
-            psce->lastAccessTime = now;
-            sce = *psce; /* grab a copy while holding the lock */
-        }
-    }
-    UnlockSet(cache, set);
-    if (psce) {
-        /* sce conains a copy of the cache entry.
-        ** Convert shared memory format to local format
-        */
-        sid = ConvertToSID(&sce, pcce ? &cce : 0, psnce ? &snce : 0, dbHandle);
-    }
-    return sid;
-}
-
-/*
-** Place a sid into the cache, if it isn't already there.
-*/
-static void
-ServerSessionIDCache(sslSessionID *sid)
-{
-    sidCacheEntry sce;
-    PRUint32 now = 0;
-    PRUint16 version = sid->version;
-    cacheDesc *cache = &globalCache;
-
-    if ((version >= SSL_LIBRARY_VERSION_3_0) &&
-        (sid->u.ssl3.sessionIDLength == 0)) {
-        return;
-    }
-
-    if (sid->cached == never_cached || sid->cached == invalid_cache) {
-        PRUint32 set;
-
-        PORT_Assert(sid->creationTime != 0);
-        if (!sid->creationTime)
-            sid->lastAccessTime = sid->creationTime = ssl_Time();
-        if (version < SSL_LIBRARY_VERSION_3_0) {
-            /* override caller's expiration time, which uses client timeout
-             * duration, not server timeout duration.
-             */
-            sid->expirationTime = sid->creationTime + cache->ssl2Timeout;
-            SSL_TRC(8, ("%d: SSL: CacheMT: cached=%d addr=0x%08x%08x%08x%08x time=%x "
-                        "cipher=%d",
-                        myPid, sid->cached,
-                        sid->addr.pr_s6_addr32[0], sid->addr.pr_s6_addr32[1],
-                        sid->addr.pr_s6_addr32[2], sid->addr.pr_s6_addr32[3],
-                        sid->creationTime, sid->u.ssl2.cipherType));
-            PRINT_BUF(8, (0, "sessionID:", sid->u.ssl2.sessionID,
-                          SSL2_SESSIONID_BYTES));
-            PRINT_BUF(8, (0, "masterKey:", sid->u.ssl2.masterKey.data,
-                          sid->u.ssl2.masterKey.len));
-            PRINT_BUF(8, (0, "cipherArg:", sid->u.ssl2.cipherArg.data,
-                          sid->u.ssl2.cipherArg.len));
-        } else {
-            /* override caller's expiration time, which uses client timeout
-             * duration, not server timeout duration.
-             */
-            sid->expirationTime = sid->creationTime + cache->ssl3Timeout;
-            SSL_TRC(8, ("%d: SSL: CacheMT: cached=%d addr=0x%08x%08x%08x%08x time=%x "
-                        "cipherSuite=%d",
-                        myPid, sid->cached,
-                        sid->addr.pr_s6_addr32[0], sid->addr.pr_s6_addr32[1],
-                        sid->addr.pr_s6_addr32[2], sid->addr.pr_s6_addr32[3],
-                        sid->creationTime, sid->u.ssl3.cipherSuite));
-            PRINT_BUF(8, (0, "sessionID:", sid->u.ssl3.sessionID,
-                          sid->u.ssl3.sessionIDLength));
-        }
-
-        ConvertFromSID(&sce, sid);
-
-        if (version >= SSL_LIBRARY_VERSION_3_0) {
-            SECItem *name = &sid->u.ssl3.srvName;
-            if (name->len && name->data) {
-                now = CacheSrvName(cache, name, &sce);
-            }
-            if (sid->peerCert != NULL) {
-                now = CacheCert(cache, sid->peerCert, &sce);
-            }
-        }
-
-        set = SIDindex(cache, &sce.addr, sce.sessionID, sce.sessionIDLength);
-        now = LockSet(cache, set, now);
-        if (now) {
-            PRUint32 next = cache->sidCacheSets[set].next;
-            PRUint32 ndx = set * SID_CACHE_ENTRIES_PER_SET + next;
-
-            /* Write out new cache entry */
-            cache->sidCacheData[ndx] = sce;
-
-            cache->sidCacheSets[set].next =
-                (next + 1) % SID_CACHE_ENTRIES_PER_SET;
-
-            UnlockSet(cache, set);
-            sid->cached = in_server_cache;
-        }
-    }
-}
-
-/*
-** Although this is static, it is called from ssl via global function pointer
-**  ssl_sid_uncache.  This invalidates the referenced cache entry.
-*/
-static void
-ServerSessionIDUncache(sslSessionID *sid)
-{
-    cacheDesc *cache = &globalCache;
-    PRUint8 *sessionID;
-    unsigned int sessionIDLength;
-    PRErrorCode err;
-    PRUint32 set;
-    PRUint32 now;
-    sidCacheEntry *psce;
-
-    if (sid == NULL)
-        return;
-
-    /* Uncaching a SID should never change the error code.
-    ** So save it here and restore it before exiting.
-    */
-    err = PR_GetError();
-
-    if (sid->version < SSL_LIBRARY_VERSION_3_0) {
-        sessionID = sid->u.ssl2.sessionID;
-        sessionIDLength = SSL2_SESSIONID_BYTES;
-        SSL_TRC(8, ("%d: SSL: UncacheMT: valid=%d addr=0x%08x%08x%08x%08x time=%x "
-                    "cipher=%d",
-                    myPid, sid->cached,
-                    sid->addr.pr_s6_addr32[0], sid->addr.pr_s6_addr32[1],
-                    sid->addr.pr_s6_addr32[2], sid->addr.pr_s6_addr32[3],
-                    sid->creationTime, sid->u.ssl2.cipherType));
-        PRINT_BUF(8, (0, "sessionID:", sessionID, sessionIDLength));
-        PRINT_BUF(8, (0, "masterKey:", sid->u.ssl2.masterKey.data,
-                      sid->u.ssl2.masterKey.len));
-        PRINT_BUF(8, (0, "cipherArg:", sid->u.ssl2.cipherArg.data,
-                      sid->u.ssl2.cipherArg.len));
-    } else {
-        sessionID = sid->u.ssl3.sessionID;
-        sessionIDLength = sid->u.ssl3.sessionIDLength;
-        SSL_TRC(8, ("%d: SSL3: UncacheMT: valid=%d addr=0x%08x%08x%08x%08x time=%x "
-                    "cipherSuite=%d",
-                    myPid, sid->cached,
-                    sid->addr.pr_s6_addr32[0], sid->addr.pr_s6_addr32[1],
-                    sid->addr.pr_s6_addr32[2], sid->addr.pr_s6_addr32[3],
-                    sid->creationTime, sid->u.ssl3.cipherSuite));
-        PRINT_BUF(8, (0, "sessionID:", sessionID, sessionIDLength));
-    }
-    set = SIDindex(cache, &sid->addr, sessionID, sessionIDLength);
-    now = LockSet(cache, set, 0);
-    if (now) {
-        psce = FindSID(cache, set, now, &sid->addr, sessionID, sessionIDLength);
-        if (psce) {
-            psce->valid = 0;
-        }
-        UnlockSet(cache, set);
-    }
-    sid->cached = invalid_cache;
-    PORT_SetError(err);
-}
-
-#ifdef XP_OS2
-
-#define INCL_DOSPROCESS
-#include <os2.h>
-
-long
-gettid(void)
-{
-    PTIB ptib;
-    PPIB ppib;
-    DosGetInfoBlocks(&ptib, &ppib);
-    return ((long)ptib->tib_ordinal); /* thread id */
-}
-#endif
-
-static void
-CloseCache(cacheDesc *cache)
-{
-    int locks_initialized = cache->numSIDCacheLocksInitialized;
-
-    if (cache->cacheMem) {
-        if (cache->sharedCache) {
-            sidCacheLock *pLock = cache->sidCacheLocks;
-            for (; locks_initialized > 0; --locks_initialized, ++pLock) {
-                /* If everInherited is true, this shared cache was (and may
-                ** still be) in use by multiple processes.  We do not wish to
-                ** destroy the mutexes while they are still in use, but we do
-                ** want to free mutex resources associated with this process.
-                */
-                sslMutex_Destroy(&pLock->mutex,
-                                 cache->sharedCache->everInherited);
-            }
-        }
-        if (cache->shared) {
-            PR_MemUnmap(cache->cacheMem, cache->cacheMemSize);
-        } else {
-            PORT_Free(cache->cacheMem);
-        }
-        cache->cacheMem = NULL;
-    }
-    if (cache->cacheMemMap) {
-        PR_CloseFileMap(cache->cacheMemMap);
-        cache->cacheMemMap = NULL;
-    }
-    memset(cache, 0, sizeof *cache);
-}
-
-static SECStatus
-InitCache(cacheDesc *cache, int maxCacheEntries, int maxCertCacheEntries,
-          int maxSrvNameCacheEntries, PRUint32 ssl2_timeout,
-          PRUint32 ssl3_timeout, const char *directory, PRBool shared)
-{
-    ptrdiff_t ptr;
-    sidCacheLock *pLock;
-    char *cacheMem;
-    PRFileMap *cacheMemMap;
-    char *cfn = NULL; /* cache file name */
-    int locks_initialized = 0;
-    int locks_to_initialize = 0;
-    PRUint32 init_time;
-
-    if ((!cache) || (maxCacheEntries < 0) || (!directory)) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-
-    if (cache->cacheMem) {
-        /* Already done */
-        return SECSuccess;
-    }
-
-    /* make sure loser can clean up properly */
-    cache->shared = shared;
-    cache->cacheMem = cacheMem = NULL;
-    cache->cacheMemMap = cacheMemMap = NULL;
-    cache->sharedCache = (cacheDesc *)0;
-
-    cache->numSIDCacheLocksInitialized = 0;
-    cache->nextCertCacheEntry = 0;
-    cache->stopPolling = PR_FALSE;
-    cache->everInherited = PR_FALSE;
-    cache->poller = NULL;
-    cache->mutexTimeout = 0;
-
-    cache->numSIDCacheEntries = maxCacheEntries ? maxCacheEntries
-                                                : DEF_SID_CACHE_ENTRIES;
-    cache->numSIDCacheSets =
-        SID_HOWMANY(cache->numSIDCacheEntries, SID_CACHE_ENTRIES_PER_SET);
-
-    cache->numSIDCacheEntries =
-        cache->numSIDCacheSets * SID_CACHE_ENTRIES_PER_SET;
-
-    cache->numSIDCacheLocks =
-        PR_MIN(cache->numSIDCacheSets, ssl_max_sid_cache_locks);
-
-    cache->numSIDCacheSetsPerLock =
-        SID_HOWMANY(cache->numSIDCacheSets, cache->numSIDCacheLocks);
-
-    cache->numCertCacheEntries = (maxCertCacheEntries > 0) ? maxCertCacheEntries
-                                                           : 0;
-    cache->numSrvNameCacheEntries = (maxSrvNameCacheEntries >= 0) ? maxSrvNameCacheEntries
-                                                                  : DEF_NAME_CACHE_ENTRIES;
-
-    /* compute size of shared memory, and offsets of all pointers */
-    ptr = 0;
-    cache->cacheMem = (char *)ptr;
-    ptr += SID_ROUNDUP(sizeof(cacheDesc), SID_ALIGNMENT);
-
-    cache->sidCacheLocks = (sidCacheLock *)ptr;
-    cache->keyCacheLock = cache->sidCacheLocks + cache->numSIDCacheLocks;
-    cache->certCacheLock = cache->keyCacheLock + 1;
-    cache->srvNameCacheLock = cache->certCacheLock + 1;
-    ptr = (ptrdiff_t)(cache->srvNameCacheLock + 1);
-    ptr = SID_ROUNDUP(ptr, SID_ALIGNMENT);
-
-    cache->sidCacheSets = (sidCacheSet *)ptr;
-    ptr = (ptrdiff_t)(cache->sidCacheSets + cache->numSIDCacheSets);
-    ptr = SID_ROUNDUP(ptr, SID_ALIGNMENT);
-
-    cache->sidCacheData = (sidCacheEntry *)ptr;
-    ptr = (ptrdiff_t)(cache->sidCacheData + cache->numSIDCacheEntries);
-    ptr = SID_ROUNDUP(ptr, SID_ALIGNMENT);
-
-    cache->certCacheData = (certCacheEntry *)ptr;
-    cache->sidCacheSize =
-        (char *)cache->certCacheData - (char *)cache->sidCacheData;
-
-    if (cache->numCertCacheEntries < MIN_CERT_CACHE_ENTRIES) {
-        /* This is really a poor way to computer this! */
-        cache->numCertCacheEntries = cache->sidCacheSize / sizeof(certCacheEntry);
-        if (cache->numCertCacheEntries < MIN_CERT_CACHE_ENTRIES)
-            cache->numCertCacheEntries = MIN_CERT_CACHE_ENTRIES;
-    }
-    ptr = (ptrdiff_t)(cache->certCacheData + cache->numCertCacheEntries);
-    ptr = SID_ROUNDUP(ptr, SID_ALIGNMENT);
-
-    cache->keyCacheData = (SSLWrappedSymWrappingKey *)ptr;
-    cache->certCacheSize =
-        (char *)cache->keyCacheData - (char *)cache->certCacheData;
-
-    cache->numKeyCacheEntries = kt_kea_size * SSL_NUM_WRAP_MECHS;
-    ptr = (ptrdiff_t)(cache->keyCacheData + cache->numKeyCacheEntries);
-    ptr = SID_ROUNDUP(ptr, SID_ALIGNMENT);
-
-    cache->keyCacheSize = (char *)ptr - (char *)cache->keyCacheData;
-
-    cache->ticketKeyNameSuffix = (PRUint8 *)ptr;
-    ptr = (ptrdiff_t)(cache->ticketKeyNameSuffix +
-                      SESS_TICKET_KEY_VAR_NAME_LEN);
-    ptr = SID_ROUNDUP(ptr, SID_ALIGNMENT);
-
-    cache->ticketEncKey = (encKeyCacheEntry *)ptr;
-    ptr = (ptrdiff_t)(cache->ticketEncKey + 1);
-    ptr = SID_ROUNDUP(ptr, SID_ALIGNMENT);
-
-    cache->ticketMacKey = (encKeyCacheEntry *)ptr;
-    ptr = (ptrdiff_t)(cache->ticketMacKey + 1);
-    ptr = SID_ROUNDUP(ptr, SID_ALIGNMENT);
-
-    cache->ticketKeysValid = (PRUint32 *)ptr;
-    ptr = (ptrdiff_t)(cache->ticketKeysValid + 1);
-    ptr = SID_ROUNDUP(ptr, SID_ALIGNMENT);
-
-    cache->srvNameCacheData = (srvNameCacheEntry *)ptr;
-    cache->srvNameCacheSize =
-        cache->numSrvNameCacheEntries * sizeof(srvNameCacheEntry);
-    ptr = (ptrdiff_t)(cache->srvNameCacheData + cache->numSrvNameCacheEntries);
-    ptr = SID_ROUNDUP(ptr, SID_ALIGNMENT);
-
-    cache->cacheMemSize = ptr;
-
-    if (ssl2_timeout) {
-        if (ssl2_timeout > MAX_SSL2_TIMEOUT) {
-            ssl2_timeout = MAX_SSL2_TIMEOUT;
-        }
-        if (ssl2_timeout < MIN_SSL2_TIMEOUT) {
-            ssl2_timeout = MIN_SSL2_TIMEOUT;
-        }
-        cache->ssl2Timeout = ssl2_timeout;
-    } else {
-        cache->ssl2Timeout = DEF_SSL2_TIMEOUT;
-    }
-
-    if (ssl3_timeout) {
-        if (ssl3_timeout > MAX_SSL3_TIMEOUT) {
-            ssl3_timeout = MAX_SSL3_TIMEOUT;
-        }
-        if (ssl3_timeout < MIN_SSL3_TIMEOUT) {
-            ssl3_timeout = MIN_SSL3_TIMEOUT;
-        }
-        cache->ssl3Timeout = ssl3_timeout;
-    } else {
-        cache->ssl3Timeout = DEF_SSL3_TIMEOUT;
-    }
-
-    if (shared) {
-    /* Create file names */
-#if defined(XP_UNIX) || defined(XP_BEOS)
-        /* there's some confusion here about whether PR_OpenAnonFileMap wants
-        ** a directory name or a file name for its first argument.
-        cfn = PR_smprintf("%s/.sslsvrcache.%d", directory, myPid);
-        */
-        cfn = PR_smprintf("%s", directory);
-#elif defined(XP_WIN32)
-        cfn = PR_smprintf("%s/svrcache_%d_%x.ssl", directory, myPid,
-                          GetCurrentThreadId());
-#elif defined(XP_OS2)
-        cfn = PR_smprintf("%s/svrcache_%d_%x.ssl", directory, myPid,
-                          gettid());
-#else
-#error "Don't know how to create file name for this platform!"
-#endif
-        if (!cfn) {
-            goto loser;
-        }
-
-        /* Create cache */
-        cacheMemMap = PR_OpenAnonFileMap(cfn, cache->cacheMemSize,
-                                         PR_PROT_READWRITE);
-
-        PR_smprintf_free(cfn);
-        if (!cacheMemMap) {
-            goto loser;
-        }
-
-        cacheMem = PR_MemMap(cacheMemMap, 0, cache->cacheMemSize);
-    } else {
-        cacheMem = PORT_Alloc(cache->cacheMemSize);
-    }
-
-    if (!cacheMem) {
-        goto loser;
-    }
-
-    /* Initialize shared memory. This may not be necessary on all platforms */
-    memset(cacheMem, 0, cache->cacheMemSize);
-
-    /* Copy cache descriptor header into shared memory */
-    memcpy(cacheMem, cache, sizeof *cache);
-
-    /* save private copies of these values */
-    cache->cacheMemMap = cacheMemMap;
-    cache->cacheMem = cacheMem;
-    cache->sharedCache = (cacheDesc *)cacheMem;
-
-    /* Fix pointers in our private copy of cache descriptor to point to
-    ** spaces in shared memory
-    */
-    cache->sidCacheLocks = (sidCacheLock *)(cache->cacheMem + (ptrdiff_t)cache->sidCacheLocks);
-    cache->keyCacheLock = (sidCacheLock *)(cache->cacheMem + (ptrdiff_t)cache->keyCacheLock);
-    cache->certCacheLock = (sidCacheLock *)(cache->cacheMem + (ptrdiff_t)cache->certCacheLock);
-    cache->srvNameCacheLock = (sidCacheLock *)(cache->cacheMem + (ptrdiff_t)cache->srvNameCacheLock);
-    cache->sidCacheSets = (sidCacheSet *)(cache->cacheMem + (ptrdiff_t)cache->sidCacheSets);
-    cache->sidCacheData = (sidCacheEntry *)(cache->cacheMem + (ptrdiff_t)cache->sidCacheData);
-    cache->certCacheData = (certCacheEntry *)(cache->cacheMem + (ptrdiff_t)cache->certCacheData);
-    cache->keyCacheData = (SSLWrappedSymWrappingKey *)(cache->cacheMem + (ptrdiff_t)cache->keyCacheData);
-    cache->ticketKeyNameSuffix = (PRUint8 *)(cache->cacheMem + (ptrdiff_t)cache->ticketKeyNameSuffix);
-    cache->ticketEncKey = (encKeyCacheEntry *)(cache->cacheMem + (ptrdiff_t)cache->ticketEncKey);
-    cache->ticketMacKey = (encKeyCacheEntry *)(cache->cacheMem + (ptrdiff_t)cache->ticketMacKey);
-    cache->ticketKeysValid = (PRUint32 *)(cache->cacheMem + (ptrdiff_t)cache->ticketKeysValid);
-    cache->srvNameCacheData = (srvNameCacheEntry *)(cache->cacheMem + (ptrdiff_t)cache->srvNameCacheData);
-
-    /* initialize the locks */
-    init_time = ssl_Time();
-    pLock = cache->sidCacheLocks;
-    for (locks_to_initialize = cache->numSIDCacheLocks + 3;
-         locks_initialized < locks_to_initialize;
-         ++locks_initialized, ++pLock) {
-
-        SECStatus err = sslMutex_Init(&pLock->mutex, shared);
-        if (err) {
-            cache->numSIDCacheLocksInitialized = locks_initialized;
-            goto loser;
-        }
-        pLock->timeStamp = init_time;
-        pLock->pid = 0;
-    }
-    cache->numSIDCacheLocksInitialized = locks_initialized;
-
-    return SECSuccess;
-
-loser:
-    CloseCache(cache);
-    return SECFailure;
-}
-
-PRUint32
-SSL_GetMaxServerCacheLocks(void)
-{
-    return ssl_max_sid_cache_locks + 2;
-    /* The extra two are the cert cache lock and the key cache lock. */
-}
-
-SECStatus
-SSL_SetMaxServerCacheLocks(PRUint32 maxLocks)
-{
-    /* Minimum is 1 sid cache lock, 1 cert cache lock and 1 key cache lock.
-    ** We'd like to test for a maximum value, but not all platforms' header
-    ** files provide a symbol or function or other means of determining
-    ** the maximum, other than trial and error.
-    */
-    if (maxLocks < 3) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-    ssl_max_sid_cache_locks = maxLocks - 2;
-    /* The extra two are the cert cache lock and the key cache lock. */
-    return SECSuccess;
-}
-
-static SECStatus
-ssl_ConfigServerSessionIDCacheInstanceWithOpt(cacheDesc *cache,
-                                              PRUint32 ssl2_timeout,
-                                              PRUint32 ssl3_timeout,
-                                              const char *directory,
-                                              PRBool shared,
-                                              int maxCacheEntries,
-                                              int maxCertCacheEntries,
-                                              int maxSrvNameCacheEntries)
-{
-    SECStatus rv;
-
-    PORT_Assert(sizeof(sidCacheEntry) == 192);
-    PORT_Assert(sizeof(certCacheEntry) == 4096);
-    PORT_Assert(sizeof(srvNameCacheEntry) == 1072);
-
-    rv = ssl_Init();
-    if (rv != SECSuccess) {
-        return rv;
-    }
-
-    myPid = SSL_GETPID();
-    if (!directory) {
-        directory = DEFAULT_CACHE_DIRECTORY;
-    }
-    rv = InitCache(cache, maxCacheEntries, maxCertCacheEntries,
-                   maxSrvNameCacheEntries, ssl2_timeout, ssl3_timeout,
-                   directory, shared);
-    if (rv) {
-        SET_ERROR_CODE
-        return SECFailure;
-    }
-
-    ssl_sid_lookup = ServerSessionIDLookup;
-    ssl_sid_cache = ServerSessionIDCache;
-    ssl_sid_uncache = ServerSessionIDUncache;
-    return SECSuccess;
-}
-
-SECStatus
-SSL_ConfigServerSessionIDCacheInstance(cacheDesc *cache,
-                                       int maxCacheEntries,
-                                       PRUint32 ssl2_timeout,
-                                       PRUint32 ssl3_timeout,
-                                       const char *directory, PRBool shared)
-{
-    return ssl_ConfigServerSessionIDCacheInstanceWithOpt(cache,
-                                                         ssl2_timeout,
-                                                         ssl3_timeout,
-                                                         directory,
-                                                         shared,
-                                                         maxCacheEntries,
-                                                         -1, -1);
-}
-
-SECStatus
-SSL_ConfigServerSessionIDCache(int maxCacheEntries,
-                               PRUint32 ssl2_timeout,
-                               PRUint32 ssl3_timeout,
-                               const char *directory)
-{
-    ssl_InitSessionCacheLocks();
-    return SSL_ConfigServerSessionIDCacheInstance(&globalCache,
-                                                  maxCacheEntries, ssl2_timeout, ssl3_timeout, directory, PR_FALSE);
-}
-
-SECStatus
-SSL_ShutdownServerSessionIDCacheInstance(cacheDesc *cache)
-{
-    CloseCache(cache);
-    return SECSuccess;
-}
-
-SECStatus
-SSL_ShutdownServerSessionIDCache(void)
-{
-#if defined(XP_UNIX) || defined(XP_BEOS)
-    /* Stop the thread that polls cache for expired locks on Unix */
-    StopLockPoller(&globalCache);
-#endif
-    SSL3_ShutdownServerCache();
-    return SSL_ShutdownServerSessionIDCacheInstance(&globalCache);
-}
-
-/* Use this function, instead of SSL_ConfigServerSessionIDCache,
- * if the cache will be shared by multiple processes.
- */
-static SECStatus
-ssl_ConfigMPServerSIDCacheWithOpt(PRUint32 ssl2_timeout,
-                                  PRUint32 ssl3_timeout,
-                                  const char *directory,
-                                  int maxCacheEntries,
-                                  int maxCertCacheEntries,
-                                  int maxSrvNameCacheEntries)
-{
-    char *envValue;
-    char *inhValue;
-    cacheDesc *cache = &globalCache;
-    PRUint32 fmStrLen;
-    SECStatus result;
-    PRStatus prStatus;
-    SECStatus putEnvFailed;
-    inheritance inherit;
-    char fmString[PR_FILEMAP_STRING_BUFSIZE];
-
-    isMultiProcess = PR_TRUE;
-    result = ssl_ConfigServerSessionIDCacheInstanceWithOpt(cache,
-                                                           ssl2_timeout, ssl3_timeout, directory, PR_TRUE,
-                                                           maxCacheEntries, maxCacheEntries, maxSrvNameCacheEntries);
-    if (result != SECSuccess)
-        return result;
-
-    prStatus = PR_ExportFileMapAsString(cache->cacheMemMap,
-                                        sizeof fmString, fmString);
-    if ((prStatus != PR_SUCCESS) || !(fmStrLen = strlen(fmString))) {
-        SET_ERROR_CODE
-        return SECFailure;
-    }
-
-    inherit.cacheMemSize = cache->cacheMemSize;
-    inherit.fmStrLen = fmStrLen;
-
-    inhValue = BTOA_DataToAscii((unsigned char *)&inherit, sizeof inherit);
-    if (!inhValue || !strlen(inhValue)) {
-        SET_ERROR_CODE
-        return SECFailure;
-    }
-    envValue = PR_smprintf("%s,%s", inhValue, fmString);
-    if (!envValue || !strlen(envValue)) {
-        SET_ERROR_CODE
-        return SECFailure;
-    }
-    PORT_Free(inhValue);
-
-    putEnvFailed = (SECStatus)NSS_PutEnv(envVarName, envValue);
-    PR_smprintf_free(envValue);
-    if (putEnvFailed) {
-        SET_ERROR_CODE
-        result = SECFailure;
-    }
-
-#if defined(XP_UNIX) || defined(XP_BEOS)
-    /* Launch thread to poll cache for expired locks on Unix */
-    LaunchLockPoller(cache);
-#endif
-    return result;
-}
-
-/* Use this function, instead of SSL_ConfigServerSessionIDCache,
- * if the cache will be shared by multiple processes.
- */
-SECStatus
-SSL_ConfigMPServerSIDCache(int maxCacheEntries,
-                           PRUint32 ssl2_timeout,
-                           PRUint32 ssl3_timeout,
-                           const char *directory)
-{
-    return ssl_ConfigMPServerSIDCacheWithOpt(ssl2_timeout,
-                                             ssl3_timeout,
-                                             directory,
-                                             maxCacheEntries,
-                                             -1, -1);
-}
-
-SECStatus
-SSL_ConfigServerSessionIDCacheWithOpt(
-    PRUint32 ssl2_timeout,
-    PRUint32 ssl3_timeout,
-    const char *directory,
-    int maxCacheEntries,
-    int maxCertCacheEntries,
-    int maxSrvNameCacheEntries,
-    PRBool enableMPCache)
-{
-    if (!enableMPCache) {
-        ssl_InitSessionCacheLocks();
-        return ssl_ConfigServerSessionIDCacheInstanceWithOpt(&globalCache,
-                                                             ssl2_timeout, ssl3_timeout, directory, PR_FALSE,
-                                                             maxCacheEntries, maxCertCacheEntries, maxSrvNameCacheEntries);
-    } else {
-        return ssl_ConfigMPServerSIDCacheWithOpt(ssl2_timeout, ssl3_timeout,
-                                                 directory, maxCacheEntries, maxCertCacheEntries,
-                                                 maxSrvNameCacheEntries);
-    }
-}
-
-SECStatus
-SSL_InheritMPServerSIDCacheInstance(cacheDesc *cache, const char *envString)
-{
-    unsigned char *decoString = NULL;
-    char *fmString = NULL;
-    char *myEnvString = NULL;
-    unsigned int decoLen;
-    inheritance inherit;
-    cacheDesc my;
-#ifdef WINNT
-    sidCacheLock *newLocks;
-    int locks_initialized = 0;
-    int locks_to_initialize = 0;
-#endif
-    SECStatus status = ssl_Init();
-
-    if (status != SECSuccess) {
-        return status;
-    }
-
-    myPid = SSL_GETPID();
-
-    /* If this child was created by fork(), and not by exec() on unix,
-    ** then isMultiProcess will already be set.
-    ** If not, we'll set it below.
-    */
-    if (isMultiProcess) {
-        if (cache && cache->sharedCache) {
-            cache->sharedCache->everInherited = PR_TRUE;
-        }
-        return SECSuccess; /* already done. */
-    }
-
-    ssl_InitSessionCacheLocks();
-
-    ssl_sid_lookup = ServerSessionIDLookup;
-    ssl_sid_cache = ServerSessionIDCache;
-    ssl_sid_uncache = ServerSessionIDUncache;
-
-    if (!envString) {
-        envString = PR_GetEnvSecure(envVarName);
-        if (!envString) {
-            SET_ERROR_CODE
-            return SECFailure;
-        }
-    }
-    myEnvString = PORT_Strdup(envString);
-    if (!myEnvString)
-        return SECFailure;
-    fmString = strchr(myEnvString, ',');
-    if (!fmString)
-        goto loser;
-    *fmString++ = 0;
-
-    decoString = ATOB_AsciiToData(myEnvString, &decoLen);
-    if (!decoString) {
-        SET_ERROR_CODE
-        goto loser;
-    }
-    if (decoLen != sizeof inherit) {
-        SET_ERROR_CODE
-        goto loser;
-    }
-
-    PORT_Memcpy(&inherit, decoString, sizeof inherit);
-
-    if (strlen(fmString) != inherit.fmStrLen) {
-        goto loser;
-    }
-
-    memset(cache, 0, sizeof *cache);
-    cache->cacheMemSize = inherit.cacheMemSize;
-
-    /* Create cache */
-    cache->cacheMemMap = PR_ImportFileMapFromString(fmString);
-    if (!cache->cacheMemMap) {
-        goto loser;
-    }
-    cache->cacheMem = PR_MemMap(cache->cacheMemMap, 0, cache->cacheMemSize);
-    if (!cache->cacheMem) {
-        goto loser;
-    }
-    cache->sharedCache = (cacheDesc *)cache->cacheMem;
-
-    if (cache->sharedCache->cacheMemSize != cache->cacheMemSize) {
-        SET_ERROR_CODE
-        goto loser;
-    }
-
-    /* We're now going to overwrite the local cache instance with the
-    ** shared copy of the cache struct, then update several values in
-    ** the local cache using the values for cache->cacheMemMap and
-    ** cache->cacheMem computed just above.  So, we copy cache into
-    ** the automatic variable "my", to preserve the variables while
-    ** cache is overwritten.
-    */
-    my = *cache;                                      /* save values computed above. */
-    memcpy(cache, cache->sharedCache, sizeof *cache); /* overwrite */
-
-    /* Fix pointers in our private copy of cache descriptor to point to
-    ** spaces in shared memory, whose address is now in "my".
-    */
-    cache->sidCacheLocks = (sidCacheLock *)(my.cacheMem + (ptrdiff_t)cache->sidCacheLocks);
-    cache->keyCacheLock = (sidCacheLock *)(my.cacheMem + (ptrdiff_t)cache->keyCacheLock);
-    cache->certCacheLock = (sidCacheLock *)(my.cacheMem + (ptrdiff_t)cache->certCacheLock);
-    cache->srvNameCacheLock = (sidCacheLock *)(my.cacheMem + (ptrdiff_t)cache->srvNameCacheLock);
-    cache->sidCacheSets = (sidCacheSet *)(my.cacheMem + (ptrdiff_t)cache->sidCacheSets);
-    cache->sidCacheData = (sidCacheEntry *)(my.cacheMem + (ptrdiff_t)cache->sidCacheData);
-    cache->certCacheData = (certCacheEntry *)(my.cacheMem + (ptrdiff_t)cache->certCacheData);
-    cache->keyCacheData = (SSLWrappedSymWrappingKey *)(my.cacheMem + (ptrdiff_t)cache->keyCacheData);
-    cache->ticketKeyNameSuffix = (PRUint8 *)(my.cacheMem + (ptrdiff_t)cache->ticketKeyNameSuffix);
-    cache->ticketEncKey = (encKeyCacheEntry *)(my.cacheMem + (ptrdiff_t)cache->ticketEncKey);
-    cache->ticketMacKey = (encKeyCacheEntry *)(my.cacheMem + (ptrdiff_t)cache->ticketMacKey);
-    cache->ticketKeysValid = (PRUint32 *)(my.cacheMem + (ptrdiff_t)cache->ticketKeysValid);
-    cache->srvNameCacheData = (srvNameCacheEntry *)(my.cacheMem + (ptrdiff_t)cache->srvNameCacheData);
-
-    cache->cacheMemMap = my.cacheMemMap;
-    cache->cacheMem = my.cacheMem;
-    cache->sharedCache = (cacheDesc *)cache->cacheMem;
-
-#ifdef WINNT
-    /*  On Windows NT we need to "fix" the sidCacheLocks here to support fibers
-    **  When NT fibers are used in a multi-process server, a second level of
-    **  locking is needed to prevent a deadlock, in case a fiber acquires the
-    **  cross-process mutex, yields, and another fiber is later scheduled on
-    **  the same native thread and tries to acquire the cross-process mutex.
-    **  We do this by using a PRLock in the sslMutex. However, it is stored in
-    **  shared memory as part of sidCacheLocks, and we don't want to overwrite
-    **  the PRLock of the parent process. So we need to make new, private
-    **  copies of sidCacheLocks before modifying the sslMutex with our own
-    **  PRLock
-    */
-
-    /* note from jpierre : this should be free'd in child processes when
-    ** a function is added to delete the SSL session cache in the future.
-    */
-    locks_to_initialize = cache->numSIDCacheLocks + 3;
-    newLocks = PORT_NewArray(sidCacheLock, locks_to_initialize);
-    if (!newLocks)
-        goto loser;
-    /* copy the old locks */
-    memcpy(newLocks, cache->sidCacheLocks,
-           locks_to_initialize * sizeof(sidCacheLock));
-    cache->sidCacheLocks = newLocks;
-    /* fix the locks */
-    for (; locks_initialized < locks_to_initialize; ++locks_initialized) {
-        /* now, make a local PRLock in this sslMutex for this child process */
-        SECStatus err;
-        err = sslMutex_2LevelInit(&newLocks[locks_initialized].mutex);
-        if (err != SECSuccess) {
-            cache->numSIDCacheLocksInitialized = locks_initialized;
-            goto loser;
-        }
-    }
-    cache->numSIDCacheLocksInitialized = locks_initialized;
-
-    /* also fix the key and cert cache which use the last 2 lock entries */
-    cache->keyCacheLock = cache->sidCacheLocks + cache->numSIDCacheLocks;
-    cache->certCacheLock = cache->keyCacheLock + 1;
-    cache->srvNameCacheLock = cache->certCacheLock + 1;
-#endif
-
-    PORT_Free(myEnvString);
-    PORT_Free(decoString);
-
-    /* mark that we have inherited this. */
-    cache->sharedCache->everInherited = PR_TRUE;
-    isMultiProcess = PR_TRUE;
-
-    return SECSuccess;
-
-loser:
-    PORT_Free(myEnvString);
-    if (decoString)
-        PORT_Free(decoString);
-    CloseCache(cache);
-    return SECFailure;
-}
-
-SECStatus
-SSL_InheritMPServerSIDCache(const char *envString)
-{
-    return SSL_InheritMPServerSIDCacheInstance(&globalCache, envString);
-}
-
-#if defined(XP_UNIX) || defined(XP_BEOS)
-
-#define SID_LOCK_EXPIRATION_TIMEOUT 30 /* seconds */
-
-static void
-LockPoller(void *arg)
-{
-    cacheDesc *cache = (cacheDesc *)arg;
-    cacheDesc *sharedCache = cache->sharedCache;
-    sidCacheLock *pLock;
-    PRIntervalTime timeout;
-    PRUint32 now;
-    PRUint32 then;
-    int locks_polled = 0;
-    int locks_to_poll = cache->numSIDCacheLocks + 2;
-    PRUint32 expiration = cache->mutexTimeout;
-
-    timeout = PR_SecondsToInterval(expiration);
-    while (!sharedCache->stopPolling) {
-        PR_Sleep(timeout);
-        if (sharedCache->stopPolling)
-            break;
-
-        now = ssl_Time();
-        then = now - expiration;
-        for (pLock = cache->sidCacheLocks, locks_polled = 0;
-             locks_to_poll > locks_polled && !sharedCache->stopPolling;
-             ++locks_polled, ++pLock) {
-            pid_t pid;
-
-            if (pLock->timeStamp < then &&
-                pLock->timeStamp != 0 &&
-                (pid = pLock->pid) != 0) {
-
-                /* maybe we should try the lock? */
-                int result = kill(pid, 0);
-                if (result < 0 && errno == ESRCH) {
-                    SECStatus rv;
-                    /* No process exists by that pid any more.
-                    ** Treat this mutex as abandoned.
-                    */
-                    pLock->timeStamp = now;
-                    pLock->pid = 0;
-                    rv = sslMutex_Unlock(&pLock->mutex);
-                    if (rv != SECSuccess) {
-                        /* Now what? */
-                    }
-                }
-            }
-        } /* end of loop over locks */
-    }     /* end of entire polling loop */
-}
-
-/* Launch thread to poll cache for expired locks */
-static SECStatus
-LaunchLockPoller(cacheDesc *cache)
-{
-    const char *timeoutString;
-    PRThread *pollerThread;
-
-    cache->mutexTimeout = SID_LOCK_EXPIRATION_TIMEOUT;
-    timeoutString = PR_GetEnvSecure("NSS_SSL_SERVER_CACHE_MUTEX_TIMEOUT");
-    if (timeoutString) {
-        long newTime = strtol(timeoutString, 0, 0);
-        if (newTime == 0)
-            return SECSuccess; /* application doesn't want poller thread */
-        if (newTime > 0)
-            cache->mutexTimeout = (PRUint32)newTime;
-        /* if error (newTime < 0) ignore it and use default */
-    }
-
-    pollerThread =
-        PR_CreateThread(PR_USER_THREAD, LockPoller, cache, PR_PRIORITY_NORMAL,
-                        PR_GLOBAL_THREAD, PR_JOINABLE_THREAD, 0);
-    if (!pollerThread) {
-        return SECFailure;
-    }
-    cache->poller = pollerThread;
-    return SECSuccess;
-}
-
-/* Stop the thread that polls cache for expired locks */
-static SECStatus
-StopLockPoller(cacheDesc *cache)
-{
-    if (!cache->poller) {
-        return SECSuccess;
-    }
-    cache->sharedCache->stopPolling = PR_TRUE;
-    if (PR_Interrupt(cache->poller) != PR_SUCCESS) {
-        return SECFailure;
-    }
-    if (PR_JoinThread(cache->poller) != PR_SUCCESS) {
-        return SECFailure;
-    }
-    cache->poller = NULL;
-    return SECSuccess;
-}
-#endif
-
-/************************************************************************
- *  Code dealing with shared wrapped symmetric wrapping keys below      *
- ************************************************************************/
-
-/* If now is zero, it implies that the lock is not held, and must be
-** aquired here.
-*/
-static PRBool
-getSvrWrappingKey(PRInt32 symWrapMechIndex,
-                  SSL3KEAType exchKeyType,
-                  SSLWrappedSymWrappingKey *wswk,
-                  cacheDesc *cache,
-                  PRUint32 lockTime)
-{
-    PRUint32 ndx = (exchKeyType * SSL_NUM_WRAP_MECHS) + symWrapMechIndex;
-    SSLWrappedSymWrappingKey *pwswk = cache->keyCacheData + ndx;
-    PRUint32 now = 0;
-    PRBool rv = PR_FALSE;
-
-    if (!cache->cacheMem) { /* cache is uninitialized */
-        PORT_SetError(SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED);
-        return rv;
-    }
-    if (!lockTime) {
-        lockTime = now = LockSidCacheLock(cache->keyCacheLock, now);
-        if (!lockTime) {
-            return rv;
-        }
-    }
-    if (pwswk->exchKeyType == exchKeyType &&
-        pwswk->symWrapMechIndex == symWrapMechIndex &&
-        pwswk->wrappedSymKeyLen != 0) {
-        *wswk = *pwswk;
-        rv = PR_TRUE;
-    }
-    if (now) {
-        UnlockSidCacheLock(cache->keyCacheLock);
-    }
-    return rv;
-}
-
-PRBool
-ssl_GetWrappingKey(PRInt32 symWrapMechIndex,
-                   SSL3KEAType exchKeyType,
-                   SSLWrappedSymWrappingKey *wswk)
-{
-    PRBool rv;
-
-    PORT_Assert((unsigned)exchKeyType < kt_kea_size);
-    PORT_Assert((unsigned)symWrapMechIndex < SSL_NUM_WRAP_MECHS);
-    if ((unsigned)exchKeyType < kt_kea_size &&
-        (unsigned)symWrapMechIndex < SSL_NUM_WRAP_MECHS) {
-        rv = getSvrWrappingKey(symWrapMechIndex, exchKeyType, wswk,
-                               &globalCache, 0);
-    } else {
-        rv = PR_FALSE;
-    }
-
-    return rv;
-}
-
-/* Wrap and cache a session ticket key. */
-static PRBool
-WrapTicketKey(SECKEYPublicKey *svrPubKey, PK11SymKey *symKey,
-              const char *keyName, encKeyCacheEntry *cacheEntry)
-{
-    SECItem wrappedKey = { siBuffer, NULL, 0 };
-
-    wrappedKey.len = SECKEY_PublicKeyStrength(svrPubKey);
-    PORT_Assert(wrappedKey.len <= sizeof(cacheEntry->bytes));
-    if (wrappedKey.len > sizeof(cacheEntry->bytes))
-        return PR_FALSE;
-    wrappedKey.data = cacheEntry->bytes;
-
-    if (PK11_PubWrapSymKey(CKM_RSA_PKCS, svrPubKey, symKey, &wrappedKey) !=
-        SECSuccess) {
-        SSL_DBG(("%d: SSL[%s]: Unable to wrap session ticket %s.",
-                 SSL_GETPID(), "unknown", keyName));
-        return PR_FALSE;
-    }
-    cacheEntry->length = wrappedKey.len;
-    return PR_TRUE;
-}
-
-static PRBool
-GenerateTicketKeys(void *pwArg, unsigned char *keyName, PK11SymKey **aesKey,
-                   PK11SymKey **macKey)
-{
-    PK11SlotInfo *slot;
-    CK_MECHANISM_TYPE mechanismArray[2];
-    PK11SymKey *aesKeyTmp = NULL;
-    PK11SymKey *macKeyTmp = NULL;
-    cacheDesc *cache = &globalCache;
-    PRUint8 ticketKeyNameSuffixLocal[SESS_TICKET_KEY_VAR_NAME_LEN];
-    PRUint8 *ticketKeyNameSuffix;
-
-    if (!cache->cacheMem) {
-        /* cache is not initalized. Use stack buffer */
-        ticketKeyNameSuffix = ticketKeyNameSuffixLocal;
-    } else {
-        ticketKeyNameSuffix = cache->ticketKeyNameSuffix;
-    }
-
-    if (PK11_GenerateRandom(ticketKeyNameSuffix,
-                            SESS_TICKET_KEY_VAR_NAME_LEN) !=
-        SECSuccess) {
-        SSL_DBG(("%d: SSL[%s]: Unable to generate random key name bytes.",
-                 SSL_GETPID(), "unknown"));
-        goto loser;
-    }
-
-    mechanismArray[0] = CKM_AES_CBC;
-    mechanismArray[1] = CKM_SHA256_HMAC;
-
-    slot = PK11_GetBestSlotMultiple(mechanismArray, 2, pwArg);
-    if (slot) {
-        aesKeyTmp = PK11_KeyGen(slot, mechanismArray[0], NULL,
-                                AES_256_KEY_LENGTH, pwArg);
-        macKeyTmp = PK11_KeyGen(slot, mechanismArray[1], NULL,
-                                SHA256_LENGTH, pwArg);
-        PK11_FreeSlot(slot);
-    }
-
-    if (aesKeyTmp == NULL || macKeyTmp == NULL) {
-        SSL_DBG(("%d: SSL[%s]: Unable to generate session ticket keys.",
-                 SSL_GETPID(), "unknown"));
-        goto loser;
-    }
-    PORT_Memcpy(keyName, ticketKeyNameSuffix, SESS_TICKET_KEY_VAR_NAME_LEN);
-    *aesKey = aesKeyTmp;
-    *macKey = macKeyTmp;
-    return PR_TRUE;
-
-loser:
-    if (aesKeyTmp)
-        PK11_FreeSymKey(aesKeyTmp);
-    if (macKeyTmp)
-        PK11_FreeSymKey(macKeyTmp);
-    return PR_FALSE;
-}
-
-static PRBool
-GenerateAndWrapTicketKeys(SECKEYPublicKey *svrPubKey, void *pwArg,
-                          unsigned char *keyName, PK11SymKey **aesKey,
-                          PK11SymKey **macKey)
-{
-    PK11SymKey *aesKeyTmp = NULL;
-    PK11SymKey *macKeyTmp = NULL;
-    cacheDesc *cache = &globalCache;
-
-    if (!GenerateTicketKeys(pwArg, keyName, &aesKeyTmp, &macKeyTmp)) {
-        goto loser;
-    }
-
-    if (cache->cacheMem) {
-        /* Export the keys to the shared cache in wrapped form. */
-        if (!WrapTicketKey(svrPubKey, aesKeyTmp, "enc key", cache->ticketEncKey))
-            goto loser;
-        if (!WrapTicketKey(svrPubKey, macKeyTmp, "mac key", cache->ticketMacKey))
-            goto loser;
-    }
-    *aesKey = aesKeyTmp;
-    *macKey = macKeyTmp;
-    return PR_TRUE;
-
-loser:
-    if (aesKeyTmp)
-        PK11_FreeSymKey(aesKeyTmp);
-    if (macKeyTmp)
-        PK11_FreeSymKey(macKeyTmp);
-    return PR_FALSE;
-}
-
-static PRBool
-UnwrapCachedTicketKeys(SECKEYPrivateKey *svrPrivKey, unsigned char *keyName,
-                       PK11SymKey **aesKey, PK11SymKey **macKey)
-{
-    SECItem wrappedKey = { siBuffer, NULL, 0 };
-    PK11SymKey *aesKeyTmp = NULL;
-    PK11SymKey *macKeyTmp = NULL;
-    cacheDesc *cache = &globalCache;
-
-    wrappedKey.data = cache->ticketEncKey->bytes;
-    wrappedKey.len = cache->ticketEncKey->length;
-    PORT_Assert(wrappedKey.len <= sizeof(cache->ticketEncKey->bytes));
-    aesKeyTmp = PK11_PubUnwrapSymKey(svrPrivKey, &wrappedKey,
-                                     CKM_AES_CBC, CKA_DECRYPT, 0);
-
-    wrappedKey.data = cache->ticketMacKey->bytes;
-    wrappedKey.len = cache->ticketMacKey->length;
-    PORT_Assert(wrappedKey.len <= sizeof(cache->ticketMacKey->bytes));
-    macKeyTmp = PK11_PubUnwrapSymKey(svrPrivKey, &wrappedKey,
-                                     CKM_SHA256_HMAC, CKA_SIGN, 0);
-
-    if (aesKeyTmp == NULL || macKeyTmp == NULL) {
-        SSL_DBG(("%d: SSL[%s]: Unable to unwrap session ticket keys.",
-                 SSL_GETPID(), "unknown"));
-        goto loser;
-    }
-    SSL_DBG(("%d: SSL[%s]: Successfully unwrapped session ticket keys.",
-             SSL_GETPID(), "unknown"));
-
-    PORT_Memcpy(keyName, cache->ticketKeyNameSuffix,
-                SESS_TICKET_KEY_VAR_NAME_LEN);
-    *aesKey = aesKeyTmp;
-    *macKey = macKeyTmp;
-    return PR_TRUE;
-
-loser:
-    if (aesKeyTmp)
-        PK11_FreeSymKey(aesKeyTmp);
-    if (macKeyTmp)
-        PK11_FreeSymKey(macKeyTmp);
-    return PR_FALSE;
-}
-
-PRBool
-ssl_GetSessionTicketKeysPKCS11(SECKEYPrivateKey *svrPrivKey,
-                               SECKEYPublicKey *svrPubKey, void *pwArg,
-                               unsigned char *keyName, PK11SymKey **aesKey,
-                               PK11SymKey **macKey)
-{
-    PRUint32 now = 0;
-    PRBool rv = PR_FALSE;
-    PRBool keysGenerated = PR_FALSE;
-    cacheDesc *cache = &globalCache;
-
-    if (!cache->cacheMem) {
-        /* cache is uninitialized. Generate keys and return them
-         * without caching. */
-        return GenerateTicketKeys(pwArg, keyName, aesKey, macKey);
-    }
-
-    now = LockSidCacheLock(cache->keyCacheLock, now);
-    if (!now)
-        return rv;
-
-    if (!*(cache->ticketKeysValid)) {
-        /* Keys do not exist, create them. */
-        if (!GenerateAndWrapTicketKeys(svrPubKey, pwArg, keyName,
-                                       aesKey, macKey))
-            goto loser;
-        keysGenerated = PR_TRUE;
-        *(cache->ticketKeysValid) = 1;
-    }
-
-    rv = PR_TRUE;
-
-loser:
-    UnlockSidCacheLock(cache->keyCacheLock);
-    if (rv && !keysGenerated)
-        rv = UnwrapCachedTicketKeys(svrPrivKey, keyName, aesKey, macKey);
-    return rv;
-}
-
-PRBool
-ssl_GetSessionTicketKeys(unsigned char *keyName, unsigned char *encKey,
-                         unsigned char *macKey)
-{
-    PRBool rv = PR_FALSE;
-    PRUint32 now = 0;
-    cacheDesc *cache = &globalCache;
-    PRUint8 ticketMacKey[SHA256_LENGTH], ticketEncKey[AES_256_KEY_LENGTH];
-    PRUint8 ticketKeyNameSuffixLocal[SESS_TICKET_KEY_VAR_NAME_LEN];
-    PRUint8 *ticketMacKeyPtr, *ticketEncKeyPtr, *ticketKeyNameSuffix;
-    PRBool cacheIsEnabled = PR_TRUE;
-
-    if (!cache->cacheMem) { /* cache is uninitialized */
-        cacheIsEnabled = PR_FALSE;
-        ticketKeyNameSuffix = ticketKeyNameSuffixLocal;
-        ticketEncKeyPtr = ticketEncKey;
-        ticketMacKeyPtr = ticketMacKey;
-    } else {
-        /* these values have constant memory locations in the cache.
-         * Ok to reference them without holding the lock. */
-        ticketKeyNameSuffix = cache->ticketKeyNameSuffix;
-        ticketEncKeyPtr = cache->ticketEncKey->bytes;
-        ticketMacKeyPtr = cache->ticketMacKey->bytes;
-    }
-
-    if (cacheIsEnabled) {
-        /* Grab lock if initialized. */
-        now = LockSidCacheLock(cache->keyCacheLock, now);
-        if (!now)
-            return rv;
-    }
-    /* Going to regenerate keys on every call if cache was not
-     * initialized. */
-    if (!cacheIsEnabled || !*(cache->ticketKeysValid)) {
-        if (PK11_GenerateRandom(ticketKeyNameSuffix,
-                                SESS_TICKET_KEY_VAR_NAME_LEN) !=
-            SECSuccess)
-            goto loser;
-        if (PK11_GenerateRandom(ticketEncKeyPtr,
-                                AES_256_KEY_LENGTH) != SECSuccess)
-            goto loser;
-        if (PK11_GenerateRandom(ticketMacKeyPtr,
-                                SHA256_LENGTH) != SECSuccess)
-            goto loser;
-        if (cacheIsEnabled) {
-            *(cache->ticketKeysValid) = 1;
-        }
-    }
-
-    rv = PR_TRUE;
-
-loser:
-    if (cacheIsEnabled) {
-        UnlockSidCacheLock(cache->keyCacheLock);
-    }
-    if (rv) {
-        PORT_Memcpy(keyName, ticketKeyNameSuffix,
-                    SESS_TICKET_KEY_VAR_NAME_LEN);
-        PORT_Memcpy(encKey, ticketEncKeyPtr, AES_256_KEY_LENGTH);
-        PORT_Memcpy(macKey, ticketMacKeyPtr, SHA256_LENGTH);
-    }
-    return rv;
-}
-
-/* The caller passes in the new value it wants
- * to set.  This code tests the wrapped sym key entry in the shared memory.
- * If it is uninitialized, this function writes the caller's value into
- * the disk entry, and returns false.
- * Otherwise, it overwrites the caller's wswk with the value obtained from
- * the disk, and returns PR_TRUE.
- * This is all done while holding the locks/mutexes necessary to make
- * the operation atomic.
- */
-PRBool
-ssl_SetWrappingKey(SSLWrappedSymWrappingKey *wswk)
-{
-    cacheDesc *cache = &globalCache;
-    PRBool rv = PR_FALSE;
-    SSL3KEAType exchKeyType = wswk->exchKeyType;
-    /* type of keys used to wrap SymWrapKey*/
-    PRInt32 symWrapMechIndex = wswk->symWrapMechIndex;
-    PRUint32 ndx;
-    PRUint32 now = 0;
-    SSLWrappedSymWrappingKey myWswk;
-
-    if (!cache->cacheMem) { /* cache is uninitialized */
-        PORT_SetError(SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED);
-        return 0;
-    }
-
-    PORT_Assert((unsigned)exchKeyType < kt_kea_size);
-    if ((unsigned)exchKeyType >= kt_kea_size)
-        return 0;
-
-    PORT_Assert((unsigned)symWrapMechIndex < SSL_NUM_WRAP_MECHS);
-    if ((unsigned)symWrapMechIndex >= SSL_NUM_WRAP_MECHS)
-        return 0;
-
-    ndx = (exchKeyType * SSL_NUM_WRAP_MECHS) + symWrapMechIndex;
-    PORT_Memset(&myWswk, 0, sizeof myWswk); /* eliminate UMRs. */
-
-    now = LockSidCacheLock(cache->keyCacheLock, now);
-    if (now) {
-        rv = getSvrWrappingKey(wswk->symWrapMechIndex, wswk->exchKeyType,
-                               &myWswk, cache, now);
-        if (rv) {
-            /* we found it on disk, copy it out to the caller. */
-            PORT_Memcpy(wswk, &myWswk, sizeof *wswk);
-        } else {
-            /* Wasn't on disk, and we're still holding the lock, so write it. */
-            cache->keyCacheData[ndx] = *wswk;
-        }
-        UnlockSidCacheLock(cache->keyCacheLock);
-    }
-    return rv;
-}
-
-#else /* MAC version or other platform */
-
-#include "seccomon.h"
-#include "cert.h"
-#include "ssl.h"
-#include "sslimpl.h"
-
-SECStatus
-SSL_ConfigServerSessionIDCache(int maxCacheEntries,
-                               PRUint32 ssl2_timeout,
-                               PRUint32 ssl3_timeout,
-                               const char *directory)
-{
-    PR_ASSERT(!"SSL servers are not supported on this platform. (SSL_ConfigServerSessionIDCache)");
-    return SECFailure;
-}
-
-SECStatus
-SSL_ConfigMPServerSIDCache(int maxCacheEntries,
-                           PRUint32 ssl2_timeout,
-                           PRUint32 ssl3_timeout,
-                           const char *directory)
-{
-    PR_ASSERT(!"SSL servers are not supported on this platform. (SSL_ConfigMPServerSIDCache)");
-    return SECFailure;
-}
-
-SECStatus
-SSL_InheritMPServerSIDCache(const char *envString)
-{
-    PR_ASSERT(!"SSL servers are not supported on this platform. (SSL_InheritMPServerSIDCache)");
-    return SECFailure;
-}
-
-PRBool
-ssl_GetWrappingKey(PRInt32 symWrapMechIndex,
-                   SSL3KEAType exchKeyType,
-                   SSLWrappedSymWrappingKey *wswk)
-{
-    PRBool rv = PR_FALSE;
-    PR_ASSERT(!"SSL servers are not supported on this platform. (ssl_GetWrappingKey)");
-    return rv;
-}
-
-/* This is a kind of test-and-set.  The caller passes in the new value it wants
- * to set.  This code tests the wrapped sym key entry in the shared memory.
- * If it is uninitialized, this function writes the caller's value into
- * the disk entry, and returns false.
- * Otherwise, it overwrites the caller's wswk with the value obtained from
- * the disk, and returns PR_TRUE.
- * This is all done while holding the locks/mutexes necessary to make
- * the operation atomic.
- */
-PRBool
-ssl_SetWrappingKey(SSLWrappedSymWrappingKey *wswk)
-{
-    PRBool rv = PR_FALSE;
-    PR_ASSERT(!"SSL servers are not supported on this platform. (ssl_SetWrappingKey)");
-    return rv;
-}
-
-PRUint32
-SSL_GetMaxServerCacheLocks(void)
-{
-    PR_ASSERT(!"SSL servers are not supported on this platform. (SSL_GetMaxServerCacheLocks)");
-    return -1;
-}
-
-SECStatus
-SSL_SetMaxServerCacheLocks(PRUint32 maxLocks)
-{
-    PR_ASSERT(!"SSL servers are not supported on this platform. (SSL_SetMaxServerCacheLocks)");
-    return SECFailure;
-}
-
-#endif /* XP_UNIX || XP_WIN32 */
diff --git a/chromium/net/third_party/nss/ssl/sslsock.c b/chromium/net/third_party/nss/ssl/sslsock.c
deleted file mode 100644
index e82c9169341..00000000000
--- a/chromium/net/third_party/nss/ssl/sslsock.c
+++ /dev/null
@@ -1,3715 +0,0 @@
-/*
- * vtables (and methods that call through them) for the 4 types of
- * SSLSockets supported.  Only one type is still supported.
- * Various other functions.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-#include "seccomon.h"
-#include "cert.h"
-#include "keyhi.h"
-#include "ssl.h"
-#include "sslimpl.h"
-#include "sslproto.h"
-#include "nspr.h"
-#include "private/pprio.h"
-#ifndef NO_PKCS11_BYPASS
-#include "blapi.h"
-#endif
-#include "nss.h"
-#include "pk11pqg.h"
-
-#define SET_ERROR_CODE /* reminder */
-
-static const sslSocketOps ssl_default_ops = { /* No SSL. */
-                                              ssl_DefConnect,
-                                              NULL,
-                                              ssl_DefBind,
-                                              ssl_DefListen,
-                                              ssl_DefShutdown,
-                                              ssl_DefClose,
-                                              ssl_DefRecv,
-                                              ssl_DefSend,
-                                              ssl_DefRead,
-                                              ssl_DefWrite,
-                                              ssl_DefGetpeername,
-                                              ssl_DefGetsockname
-};
-
-static const sslSocketOps ssl_secure_ops = { /* SSL. */
-                                             ssl_SecureConnect,
-                                             NULL,
-                                             ssl_DefBind,
-                                             ssl_DefListen,
-                                             ssl_SecureShutdown,
-                                             ssl_SecureClose,
-                                             ssl_SecureRecv,
-                                             ssl_SecureSend,
-                                             ssl_SecureRead,
-                                             ssl_SecureWrite,
-                                             ssl_DefGetpeername,
-                                             ssl_DefGetsockname
-};
-
-/*
-** default settings for socket enables
-*/
-static sslOptions ssl_defaults = {
-    { siBuffer, NULL, 0 }, /* nextProtoNego */
-    PR_TRUE,               /* useSecurity        */
-    PR_FALSE,              /* useSocks           */
-    PR_FALSE,              /* requestCertificate */
-    2,                     /* requireCertificate */
-    PR_FALSE,              /* handshakeAsClient  */
-    PR_FALSE,              /* handshakeAsServer  */
-    PR_FALSE,
-    /* enableSSL2         */ /* now defaults to off in NSS 3.13 */
-    PR_FALSE,                /* unusedBit9         */
-    PR_FALSE,                /* unusedBit10        */
-    PR_FALSE,                /* noCache            */
-    PR_FALSE,                /* fdx                */
-    PR_FALSE,
-    /* v2CompatibleHello  */ /* now defaults to off in NSS 3.13 */
-    PR_TRUE,                 /* detectRollBack     */
-    PR_FALSE,                /* noStepDown         */
-    PR_FALSE,                /* bypassPKCS11       */
-    PR_FALSE,                /* noLocks            */
-    PR_FALSE,                /* enableSessionTickets */
-    PR_FALSE,                /* enableDeflate      */
-    2,                       /* enableRenegotiation (default: requires extension) */
-    PR_FALSE,                /* requireSafeNegotiation */
-    PR_FALSE,                /* enableFalseStart   */
-    PR_TRUE,                 /* cbcRandomIV        */
-    PR_FALSE,                /* enableOCSPStapling */
-    PR_TRUE,                 /* enableNPN          */
-    PR_FALSE,                /* enableALPN         */
-    PR_TRUE,                 /* reuseServerECDHEKey */
-    PR_FALSE,                /* enableFallbackSCSV */
-    PR_TRUE,                 /* enableServerDhe */
-    PR_FALSE,                /* enableExtendedMS    */
-    PR_FALSE,                /* enableSignedCertTimestamps */
-};
-
-/*
- * default range of enabled SSL/TLS protocols
- */
-static SSLVersionRange versions_defaults_stream = {
-    SSL_LIBRARY_VERSION_TLS_1_0,
-    SSL_LIBRARY_VERSION_TLS_1_2
-};
-
-static SSLVersionRange versions_defaults_datagram = {
-    SSL_LIBRARY_VERSION_TLS_1_1,
-    SSL_LIBRARY_VERSION_TLS_1_2
-};
-
-#define VERSIONS_DEFAULTS(variant)                               \
-    (variant == ssl_variant_stream ? &versions_defaults_stream : \
-                                   &versions_defaults_datagram)
-#define VERSIONS_POLICY_MIN(variant)                              \
-    (variant == ssl_variant_stream ? NSS_TLS_VERSION_MIN_POLICY : \
-                                   NSS_DTLS_VERSION_MIN_POLICY)
-#define VERSIONS_POLICY_MAX(variant)                              \
-    (variant == ssl_variant_stream ? NSS_TLS_VERSION_MAX_POLICY : \
-                                   NSS_DTLS_VERSION_MAX_POLICY)
-
-sslSessionIDLookupFunc ssl_sid_lookup;
-sslSessionIDCacheFunc ssl_sid_cache;
-sslSessionIDUncacheFunc ssl_sid_uncache;
-
-static PRBool ssl_inited = PR_FALSE;
-static PRDescIdentity ssl_layer_id;
-
-PRBool locksEverDisabled; /* implicitly PR_FALSE */
-PRBool ssl_force_locks;   /* implicitly PR_FALSE */
-int ssl_lock_readers = 1; /* default true. */
-char ssl_debug;
-char ssl_trace;
-FILE *ssl_trace_iob;
-FILE *ssl_keylog_iob;
-char lockStatus[] = "Locks are ENABLED.  ";
-#define LOCKSTATUS_OFFSET 10 /* offset of ENABLED */
-
-/* SRTP_NULL_HMAC_SHA1_80 and SRTP_NULL_HMAC_SHA1_32 are not implemented. */
-static const PRUint16 srtpCiphers[] = {
-    SRTP_AES128_CM_HMAC_SHA1_80,
-    SRTP_AES128_CM_HMAC_SHA1_32,
-    0
-};
-
-/* forward declarations. */
-static sslSocket *ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant variant);
-static SECStatus ssl_MakeLocks(sslSocket *ss);
-static void ssl_SetDefaultsFromEnvironment(void);
-static PRStatus ssl_PushIOLayer(sslSocket *ns, PRFileDesc *stack,
-                                PRDescIdentity id);
-
-/************************************************************************/
-
-/*
-** Lookup a socket structure from a file descriptor.
-** Only functions called through the PRIOMethods table should use this.
-** Other app-callable functions should use ssl_FindSocket.
-*/
-static sslSocket *
-ssl_GetPrivate(PRFileDesc *fd)
-{
-    sslSocket *ss;
-
-    PORT_Assert(fd != NULL);
-    PORT_Assert(fd->methods->file_type == PR_DESC_LAYERED);
-    PORT_Assert(fd->identity == ssl_layer_id);
-
-    if (fd->methods->file_type != PR_DESC_LAYERED ||
-        fd->identity != ssl_layer_id) {
-        PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
-        return NULL;
-    }
-
-    ss = (sslSocket *)fd->secret;
-    /* Set ss->fd lazily. We can't rely on the value of ss->fd set by
-     * ssl_PushIOLayer because another PR_PushIOLayer call will switch the
-     * contents of the PRFileDesc pointed by ss->fd and the new layer.
-     * See bug 807250.
-     */
-    ss->fd = fd;
-    return ss;
-}
-
-/* This function tries to find the SSL layer in the stack.
- * It searches for the first SSL layer at or below the argument fd,
- * and failing that, it searches for the nearest SSL layer above the
- * argument fd.  It returns the private sslSocket from the found layer.
- */
-sslSocket *
-ssl_FindSocket(PRFileDesc *fd)
-{
-    PRFileDesc *layer;
-    sslSocket *ss;
-
-    PORT_Assert(fd != NULL);
-    PORT_Assert(ssl_layer_id != 0);
-
-    layer = PR_GetIdentitiesLayer(fd, ssl_layer_id);
-    if (layer == NULL) {
-        PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
-        return NULL;
-    }
-
-    ss = (sslSocket *)layer->secret;
-    /* Set ss->fd lazily. We can't rely on the value of ss->fd set by
-     * ssl_PushIOLayer because another PR_PushIOLayer call will switch the
-     * contents of the PRFileDesc pointed by ss->fd and the new layer.
-     * See bug 807250.
-     */
-    ss->fd = layer;
-    return ss;
-}
-
-static sslSocket *
-ssl_DupSocket(sslSocket *os)
-{
-    sslSocket *ss;
-    SECStatus rv;
-
-    ss = ssl_NewSocket((PRBool)(!os->opt.noLocks), os->protocolVariant);
-    if (ss) {
-        ss->opt = os->opt;
-        ss->opt.useSocks = PR_FALSE;
-        ss->vrange = os->vrange;
-
-        ss->peerID = !os->peerID ? NULL : PORT_Strdup(os->peerID);
-        ss->url = !os->url ? NULL : PORT_Strdup(os->url);
-
-        ss->ops = os->ops;
-        ss->rTimeout = os->rTimeout;
-        ss->wTimeout = os->wTimeout;
-        ss->cTimeout = os->cTimeout;
-        ss->dbHandle = os->dbHandle;
-
-        /* copy ssl2&3 policy & prefs, even if it's not selected (yet) */
-        ss->allowedByPolicy = os->allowedByPolicy;
-        ss->maybeAllowedByPolicy = os->maybeAllowedByPolicy;
-        ss->chosenPreference = os->chosenPreference;
-        PORT_Memcpy(ss->cipherSuites, os->cipherSuites, sizeof os->cipherSuites);
-        PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, os->ssl3.dtlsSRTPCiphers,
-                    sizeof(PRUint16) * os->ssl3.dtlsSRTPCipherCount);
-        ss->ssl3.dtlsSRTPCipherCount = os->ssl3.dtlsSRTPCipherCount;
-        PORT_Memcpy(ss->ssl3.signatureAlgorithms, os->ssl3.signatureAlgorithms,
-                    sizeof(ss->ssl3.signatureAlgorithms[0]) *
-                        os->ssl3.signatureAlgorithmCount);
-        ss->ssl3.signatureAlgorithmCount = os->ssl3.signatureAlgorithmCount;
-        ss->ssl3.downgradeCheckVersion = os->ssl3.downgradeCheckVersion;
-
-        ss->ssl3.dheWeakGroupEnabled = os->ssl3.dheWeakGroupEnabled;
-        ss->ssl3.numDHEGroups = os->ssl3.numDHEGroups;
-        if (os->ssl3.dheGroups) {
-            ss->ssl3.dheGroups = PORT_NewArray(SSLDHEGroupType,
-                                               os->ssl3.numDHEGroups);
-            if (!ss->ssl3.dheGroups) {
-                goto loser;
-            }
-            PORT_Memcpy(ss->ssl3.dheGroups, os->ssl3.dheGroups,
-                        sizeof(SSLDHEGroupType) * os->ssl3.numDHEGroups);
-        } else {
-            ss->ssl3.dheGroups = NULL;
-        }
-
-        if (os->cipherSpecs) {
-            ss->cipherSpecs = (unsigned char *)PORT_Alloc(os->sizeCipherSpecs);
-            if (ss->cipherSpecs)
-                PORT_Memcpy(ss->cipherSpecs, os->cipherSpecs,
-                            os->sizeCipherSpecs);
-            ss->sizeCipherSpecs = os->sizeCipherSpecs;
-            ss->preferredCipher = os->preferredCipher;
-        } else {
-            ss->cipherSpecs = NULL; /* produced lazily */
-            ss->sizeCipherSpecs = 0;
-            ss->preferredCipher = NULL;
-        }
-        if (ss->opt.useSecurity) {
-            /* This int should be SSLKEAType, but CC on Irix complains,
-             * during the for loop.
-             */
-            int i;
-            sslServerCerts *oc = os->serverCerts;
-            sslServerCerts *sc = ss->serverCerts;
-
-            for (i = kt_null; i < kt_kea_size; i++, oc++, sc++) {
-                if (oc->serverCert && oc->serverCertChain) {
-                    sc->serverCert = CERT_DupCertificate(oc->serverCert);
-                    sc->serverCertChain = CERT_DupCertList(oc->serverCertChain);
-                    if (!sc->serverCertChain)
-                        goto loser;
-                } else {
-                    sc->serverCert = NULL;
-                    sc->serverCertChain = NULL;
-                }
-                sc->serverKeyPair = oc->serverKeyPair ? ssl3_GetKeyPairRef(oc->serverKeyPair)
-                                                      : NULL;
-                if (oc->serverKeyPair && !sc->serverKeyPair)
-                    goto loser;
-                sc->serverKeyBits = oc->serverKeyBits;
-                ss->certStatusArray[i] = !os->certStatusArray[i] ? NULL : SECITEM_DupArray(NULL, os->certStatusArray[i]);
-            }
-            ss->stepDownKeyPair = !os->stepDownKeyPair ? NULL : ssl3_GetKeyPairRef(os->stepDownKeyPair);
-            ss->ephemeralECDHKeyPair = !os->ephemeralECDHKeyPair ? NULL : ssl3_GetKeyPairRef(os->ephemeralECDHKeyPair);
-            ss->dheKeyPair = !os->dheKeyPair ? NULL : ssl3_GetKeyPairRef(os->dheKeyPair);
-            ss->dheParams = os->dheParams;
-
-            /*
-             * XXX the preceding CERT_ and SECKEY_ functions can fail and return NULL.
-             * XXX We should detect this, and not just march on with NULL pointers.
-             */
-            ss->authCertificate = os->authCertificate;
-            ss->authCertificateArg = os->authCertificateArg;
-            ss->getClientAuthData = os->getClientAuthData;
-            ss->getClientAuthDataArg = os->getClientAuthDataArg;
-            ss->sniSocketConfig = os->sniSocketConfig;
-            ss->sniSocketConfigArg = os->sniSocketConfigArg;
-            ss->handleBadCert = os->handleBadCert;
-            ss->badCertArg = os->badCertArg;
-            ss->handshakeCallback = os->handshakeCallback;
-            ss->handshakeCallbackData = os->handshakeCallbackData;
-            ss->canFalseStartCallback = os->canFalseStartCallback;
-            ss->canFalseStartCallbackData = os->canFalseStartCallbackData;
-            ss->pkcs11PinArg = os->pkcs11PinArg;
-            ss->getChannelID = os->getChannelID;
-            ss->getChannelIDArg = os->getChannelIDArg;
-
-            /* Create security data */
-            rv = ssl_CopySecurityInfo(ss, os);
-            if (rv != SECSuccess) {
-                goto loser;
-            }
-        }
-    }
-    return ss;
-
-loser:
-    ssl_FreeSocket(ss);
-    return NULL;
-}
-
-static void
-ssl_DestroyLocks(sslSocket *ss)
-{
-    /* Destroy locks. */
-    if (ss->firstHandshakeLock) {
-        PZ_DestroyMonitor(ss->firstHandshakeLock);
-        ss->firstHandshakeLock = NULL;
-    }
-    if (ss->ssl3HandshakeLock) {
-        PZ_DestroyMonitor(ss->ssl3HandshakeLock);
-        ss->ssl3HandshakeLock = NULL;
-    }
-    if (ss->specLock) {
-        NSSRWLock_Destroy(ss->specLock);
-        ss->specLock = NULL;
-    }
-
-    if (ss->recvLock) {
-        PZ_DestroyLock(ss->recvLock);
-        ss->recvLock = NULL;
-    }
-    if (ss->sendLock) {
-        PZ_DestroyLock(ss->sendLock);
-        ss->sendLock = NULL;
-    }
-    if (ss->xmitBufLock) {
-        PZ_DestroyMonitor(ss->xmitBufLock);
-        ss->xmitBufLock = NULL;
-    }
-    if (ss->recvBufLock) {
-        PZ_DestroyMonitor(ss->recvBufLock);
-        ss->recvBufLock = NULL;
-    }
-}
-
-/* Caller holds any relevant locks */
-static void
-ssl_DestroySocketContents(sslSocket *ss)
-{
-    /* "i" should be of type SSLKEAType, but CC on IRIX complains during
-     * the for loop.
-     */
-    int i;
-
-    /* Free up socket */
-    ssl_DestroySecurityInfo(&ss->sec);
-
-    ssl3_DestroySSL3Info(ss);
-
-    PORT_Free(ss->saveBuf.buf);
-    PORT_Free(ss->pendingBuf.buf);
-    ssl_DestroyGather(&ss->gs);
-
-    if (ss->peerID != NULL)
-        PORT_Free(ss->peerID);
-    if (ss->url != NULL)
-        PORT_Free((void *)ss->url); /* CONST */
-    if (ss->cipherSpecs) {
-        PORT_Free(ss->cipherSpecs);
-        ss->cipherSpecs = NULL;
-        ss->sizeCipherSpecs = 0;
-    }
-
-    /* Clean up server configuration */
-    for (i = kt_null; i < kt_kea_size; i++) {
-        sslServerCerts *sc = ss->serverCerts + i;
-        if (sc->serverCert != NULL)
-            CERT_DestroyCertificate(sc->serverCert);
-        if (sc->serverCertChain != NULL)
-            CERT_DestroyCertificateList(sc->serverCertChain);
-        if (sc->serverKeyPair != NULL)
-            ssl3_FreeKeyPair(sc->serverKeyPair);
-        if (ss->certStatusArray[i] != NULL) {
-            SECITEM_FreeArray(ss->certStatusArray[i], PR_TRUE);
-            ss->certStatusArray[i] = NULL;
-        }
-        if (ss->signedCertTimestamps[i].data) {
-            SECITEM_FreeItem(&ss->signedCertTimestamps[i], PR_FALSE);
-        }
-    }
-    if (ss->stepDownKeyPair) {
-        ssl3_FreeKeyPair(ss->stepDownKeyPair);
-        ss->stepDownKeyPair = NULL;
-    }
-    if (ss->ephemeralECDHKeyPair) {
-        ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair);
-        ss->ephemeralECDHKeyPair = NULL;
-    }
-    if (ss->dheKeyPair) {
-        ssl3_FreeKeyPair(ss->dheKeyPair);
-        ss->dheKeyPair = NULL;
-    }
-    SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE);
-    if (ss->xtnData.sniNameArr) {
-        PORT_Free(ss->xtnData.sniNameArr);
-        ss->xtnData.sniNameArr = NULL;
-    }
-}
-
-/*
- * free an sslSocket struct, and all the stuff that hangs off of it
- */
-void
-ssl_FreeSocket(sslSocket *ss)
-{
-    /* Get every lock you can imagine!
-    ** Caller already holds these:
-    **  SSL_LOCK_READER(ss);
-    **  SSL_LOCK_WRITER(ss);
-    */
-    ssl_Get1stHandshakeLock(ss);
-    ssl_GetRecvBufLock(ss);
-    ssl_GetSSL3HandshakeLock(ss);
-    ssl_GetXmitBufLock(ss);
-    ssl_GetSpecWriteLock(ss);
-
-    ssl_DestroySocketContents(ss);
-
-    /* Release all the locks acquired above.  */
-    SSL_UNLOCK_READER(ss);
-    SSL_UNLOCK_WRITER(ss);
-    ssl_Release1stHandshakeLock(ss);
-    ssl_ReleaseRecvBufLock(ss);
-    ssl_ReleaseSSL3HandshakeLock(ss);
-    ssl_ReleaseXmitBufLock(ss);
-    ssl_ReleaseSpecWriteLock(ss);
-
-    ssl_DestroyLocks(ss);
-
-#ifdef DEBUG
-    PORT_Memset(ss, 0x1f, sizeof *ss);
-#endif
-    PORT_Free(ss);
-    return;
-}
-
-/************************************************************************/
-SECStatus
-ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled)
-{
-    PRFileDesc *osfd = ss->fd->lower;
-    SECStatus rv = SECFailure;
-    PRSocketOptionData opt;
-
-    opt.option = PR_SockOpt_NoDelay;
-    opt.value.no_delay = (PRBool)!enabled;
-
-    if (osfd->methods->setsocketoption) {
-        rv = (SECStatus)osfd->methods->setsocketoption(osfd, &opt);
-    } else {
-        PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
-    }
-
-    return rv;
-}
-
-static void
-ssl_ChooseOps(sslSocket *ss)
-{
-    ss->ops = ss->opt.useSecurity ? &ssl_secure_ops : &ssl_default_ops;
-}
-
-/* Called from SSL_Enable (immediately below) */
-static SECStatus
-PrepareSocket(sslSocket *ss)
-{
-    SECStatus rv = SECSuccess;
-
-    ssl_ChooseOps(ss);
-    return rv;
-}
-
-SECStatus
-SSL_Enable(PRFileDesc *fd, int which, PRBool on)
-{
-    return SSL_OptionSet(fd, which, on);
-}
-
-#ifndef NO_PKCS11_BYPASS
-static const PRCallOnceType pristineCallOnce;
-static PRCallOnceType setupBypassOnce;
-
-static SECStatus
-SSL_BypassShutdown(void *appData, void *nssData)
-{
-    /* unload freeBL shared library from memory */
-    BL_Unload();
-    setupBypassOnce = pristineCallOnce;
-    return SECSuccess;
-}
-
-static PRStatus
-SSL_BypassRegisterShutdown(void)
-{
-    SECStatus rv = NSS_RegisterShutdown(SSL_BypassShutdown, NULL);
-    PORT_Assert(SECSuccess == rv);
-    return SECSuccess == rv ? PR_SUCCESS : PR_FAILURE;
-}
-#endif
-
-static PRStatus
-SSL_BypassSetup(void)
-{
-#ifdef NO_PKCS11_BYPASS
-    /* Guarantee binary compatibility */
-    return PR_SUCCESS;
-#else
-    return PR_CallOnce(&setupBypassOnce, &SSL_BypassRegisterShutdown);
-#endif
-}
-
-static PRBool ssl_VersionIsSupportedByPolicy(
-    SSLProtocolVariant protocolVariant, SSL3ProtocolVersion version);
-
-/* Implements the semantics for SSL_OptionSet(SSL_ENABLE_TLS, on) described in
- * ssl.h in the section "SSL version range setting API".
- */
-static void
-ssl_EnableTLS(SSLVersionRange *vrange, PRBool on)
-{
-    if (on) {
-        /* don't turn it on if tls1.0 disallowed by by policy */
-        if (!ssl_VersionIsSupportedByPolicy(ssl_variant_stream,
-                                            SSL_LIBRARY_VERSION_TLS_1_0)) {
-            return;
-        }
-    }
-    if (SSL3_ALL_VERSIONS_DISABLED(vrange)) {
-        if (on) {
-            vrange->min = SSL_LIBRARY_VERSION_TLS_1_0;
-            vrange->max = SSL_LIBRARY_VERSION_TLS_1_0;
-        } /* else don't change anything */
-        return;
-    }
-
-    if (on) {
-        /* Expand the range of enabled version to include TLS 1.0 */
-        vrange->min = PR_MIN(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0);
-        vrange->max = PR_MAX(vrange->max, SSL_LIBRARY_VERSION_TLS_1_0);
-    } else {
-        /* Disable all TLS versions, leaving only SSL 3.0 if it was enabled */
-        if (vrange->min == SSL_LIBRARY_VERSION_3_0) {
-            vrange->max = SSL_LIBRARY_VERSION_3_0;
-        } else {
-            /* Only TLS was enabled, so now no versions are. */
-            vrange->min = SSL_LIBRARY_VERSION_NONE;
-            vrange->max = SSL_LIBRARY_VERSION_NONE;
-        }
-    }
-}
-
-/* Implements the semantics for SSL_OptionSet(SSL_ENABLE_SSL3, on) described in
- * ssl.h in the section "SSL version range setting API".
- */
-static void
-ssl_EnableSSL3(SSLVersionRange *vrange, PRBool on)
-{
-    if (on) {
-        /* don't turn it on if ssl3 disallowed by by policy */
-        if (!ssl_VersionIsSupportedByPolicy(ssl_variant_stream,
-                                            SSL_LIBRARY_VERSION_3_0)) {
-            return;
-        }
-    }
-    if (SSL3_ALL_VERSIONS_DISABLED(vrange)) {
-        if (on) {
-            vrange->min = SSL_LIBRARY_VERSION_3_0;
-            vrange->max = SSL_LIBRARY_VERSION_3_0;
-        } /* else don't change anything */
-        return;
-    }
-
-    if (on) {
-        /* Expand the range of enabled versions to include SSL 3.0. We know
-         * SSL 3.0 or some version of TLS is already enabled at this point, so
-         * we don't need to change vrange->max.
-         */
-        vrange->min = SSL_LIBRARY_VERSION_3_0;
-    } else {
-        /* Disable SSL 3.0, leaving TLS unaffected. */
-        if (vrange->max > SSL_LIBRARY_VERSION_3_0) {
-            vrange->min = PR_MAX(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0);
-        } else {
-            /* Only SSL 3.0 was enabled, so now no versions are. */
-            vrange->min = SSL_LIBRARY_VERSION_NONE;
-            vrange->max = SSL_LIBRARY_VERSION_NONE;
-        }
-    }
-}
-
-SECStatus
-SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
-{
-    sslSocket *ss = ssl_FindSocket(fd);
-    SECStatus rv = SECSuccess;
-    PRBool holdingLocks;
-
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd));
-        return SECFailure;
-    }
-
-    holdingLocks = (!ss->opt.noLocks);
-    ssl_Get1stHandshakeLock(ss);
-    ssl_GetSSL3HandshakeLock(ss);
-
-    switch (which) {
-        case SSL_SOCKS:
-            ss->opt.useSocks = PR_FALSE;
-            rv = PrepareSocket(ss);
-            if (on) {
-                PORT_SetError(SEC_ERROR_INVALID_ARGS);
-                rv = SECFailure;
-            }
-            break;
-
-        case SSL_SECURITY:
-            ss->opt.useSecurity = on;
-            rv = PrepareSocket(ss);
-            break;
-
-        case SSL_REQUEST_CERTIFICATE:
-            ss->opt.requestCertificate = on;
-            break;
-
-        case SSL_REQUIRE_CERTIFICATE:
-            ss->opt.requireCertificate = on;
-            break;
-
-        case SSL_HANDSHAKE_AS_CLIENT:
-            if (ss->opt.handshakeAsServer && on) {
-                PORT_SetError(SEC_ERROR_INVALID_ARGS);
-                rv = SECFailure;
-                break;
-            }
-            ss->opt.handshakeAsClient = on;
-            break;
-
-        case SSL_HANDSHAKE_AS_SERVER:
-            if (ss->opt.handshakeAsClient && on) {
-                PORT_SetError(SEC_ERROR_INVALID_ARGS);
-                rv = SECFailure;
-                break;
-            }
-            ss->opt.handshakeAsServer = on;
-            break;
-
-        case SSL_ENABLE_TLS:
-            if (IS_DTLS(ss)) {
-                if (on) {
-                    PORT_SetError(SEC_ERROR_INVALID_ARGS);
-                    rv = SECFailure; /* not allowed */
-                }
-                break;
-            }
-            ssl_EnableTLS(&ss->vrange, on);
-            ss->preferredCipher = NULL;
-            if (ss->cipherSpecs) {
-                PORT_Free(ss->cipherSpecs);
-                ss->cipherSpecs = NULL;
-                ss->sizeCipherSpecs = 0;
-            }
-            break;
-
-        case SSL_ENABLE_SSL3:
-            if (IS_DTLS(ss)) {
-                if (on) {
-                    PORT_SetError(SEC_ERROR_INVALID_ARGS);
-                    rv = SECFailure; /* not allowed */
-                }
-                break;
-            }
-            ssl_EnableSSL3(&ss->vrange, on);
-            ss->preferredCipher = NULL;
-            if (ss->cipherSpecs) {
-                PORT_Free(ss->cipherSpecs);
-                ss->cipherSpecs = NULL;
-                ss->sizeCipherSpecs = 0;
-            }
-            break;
-
-        case SSL_ENABLE_SSL2:
-            if (IS_DTLS(ss)) {
-                if (on) {
-                    PORT_SetError(SEC_ERROR_INVALID_ARGS);
-                    rv = SECFailure; /* not allowed */
-                }
-                break;
-            }
-            if (on) {
-                /* don't turn it on if ssl2 disallowed by by policy */
-                if (!ssl_VersionIsSupportedByPolicy(ssl_variant_stream,
-                                                    SSL_LIBRARY_VERSION_2)) {
-                    break;
-                }
-            }
-            ss->opt.enableSSL2 = on;
-            if (on) {
-                ss->opt.v2CompatibleHello = on;
-            }
-            ss->preferredCipher = NULL;
-            if (ss->cipherSpecs) {
-                PORT_Free(ss->cipherSpecs);
-                ss->cipherSpecs = NULL;
-                ss->sizeCipherSpecs = 0;
-            }
-            break;
-
-        case SSL_NO_CACHE:
-            ss->opt.noCache = on;
-            break;
-
-        case SSL_ENABLE_FDX:
-            if (on && ss->opt.noLocks) {
-                PORT_SetError(SEC_ERROR_INVALID_ARGS);
-                rv = SECFailure;
-            }
-            ss->opt.fdx = on;
-            break;
-
-        case SSL_V2_COMPATIBLE_HELLO:
-            if (IS_DTLS(ss)) {
-                if (on) {
-                    PORT_SetError(SEC_ERROR_INVALID_ARGS);
-                    rv = SECFailure; /* not allowed */
-                }
-                break;
-            }
-            ss->opt.v2CompatibleHello = on;
-            if (!on) {
-                ss->opt.enableSSL2 = on;
-            }
-            break;
-
-        case SSL_ROLLBACK_DETECTION:
-            ss->opt.detectRollBack = on;
-            break;
-
-        case SSL_NO_STEP_DOWN:
-            ss->opt.noStepDown = on;
-            if (on)
-                SSL_DisableExportCipherSuites(fd);
-            break;
-
-        case SSL_BYPASS_PKCS11:
-            if (ss->handshakeBegun) {
-                PORT_SetError(PR_INVALID_STATE_ERROR);
-                rv = SECFailure;
-            } else {
-                if (PR_FALSE != on) {
-                    if (PR_SUCCESS == SSL_BypassSetup()) {
-#ifdef NO_PKCS11_BYPASS
-                        ss->opt.bypassPKCS11 = PR_FALSE;
-#else
-                        ss->opt.bypassPKCS11 = on;
-#endif
-                    } else {
-                        rv = SECFailure;
-                    }
-                } else {
-                    ss->opt.bypassPKCS11 = PR_FALSE;
-                }
-            }
-            break;
-
-        case SSL_NO_LOCKS:
-            if (on && ss->opt.fdx) {
-                PORT_SetError(SEC_ERROR_INVALID_ARGS);
-                rv = SECFailure;
-            }
-            if (on && ssl_force_locks)
-                on = PR_FALSE; /* silent override */
-            ss->opt.noLocks = on;
-            if (on) {
-                locksEverDisabled = PR_TRUE;
-                strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED.");
-            } else if (!holdingLocks) {
-                rv = ssl_MakeLocks(ss);
-                if (rv != SECSuccess) {
-                    ss->opt.noLocks = PR_TRUE;
-                }
-            }
-            break;
-
-        case SSL_ENABLE_SESSION_TICKETS:
-            ss->opt.enableSessionTickets = on;
-            break;
-
-        case SSL_ENABLE_DEFLATE:
-            ss->opt.enableDeflate = on;
-            break;
-
-        case SSL_ENABLE_RENEGOTIATION:
-            ss->opt.enableRenegotiation = on;
-            break;
-
-        case SSL_REQUIRE_SAFE_NEGOTIATION:
-            ss->opt.requireSafeNegotiation = on;
-            break;
-
-        case SSL_ENABLE_FALSE_START:
-            ss->opt.enableFalseStart = on;
-            break;
-
-        case SSL_CBC_RANDOM_IV:
-            ss->opt.cbcRandomIV = on;
-            break;
-
-        case SSL_ENABLE_OCSP_STAPLING:
-            ss->opt.enableOCSPStapling = on;
-            break;
-
-        case SSL_ENABLE_NPN:
-            ss->opt.enableNPN = on;
-            break;
-
-        case SSL_ENABLE_ALPN:
-            ss->opt.enableALPN = on;
-            break;
-
-        case SSL_REUSE_SERVER_ECDHE_KEY:
-            ss->opt.reuseServerECDHEKey = on;
-            break;
-
-        case SSL_ENABLE_FALLBACK_SCSV:
-            ss->opt.enableFallbackSCSV = on;
-            break;
-
-        case SSL_ENABLE_SERVER_DHE:
-            ss->opt.enableServerDhe = on;
-            break;
-
-        case SSL_ENABLE_EXTENDED_MASTER_SECRET:
-            ss->opt.enableExtendedMS = on;
-            break;
-
-        case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
-            ss->opt.enableSignedCertTimestamps = on;
-            break;
-
-        default:
-            PORT_SetError(SEC_ERROR_INVALID_ARGS);
-            rv = SECFailure;
-    }
-
-    /* We can't use the macros for releasing the locks here,
-     * because ss->opt.noLocks might have changed just above.
-     * We must release these locks (monitors) here, if we aquired them above,
-     * regardless of the current value of ss->opt.noLocks.
-     */
-    if (holdingLocks) {
-        PZ_ExitMonitor((ss)->ssl3HandshakeLock);
-        PZ_ExitMonitor((ss)->firstHandshakeLock);
-    }
-
-    return rv;
-}
-
-SECStatus
-SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn)
-{
-    sslSocket *ss = ssl_FindSocket(fd);
-    SECStatus rv = SECSuccess;
-    PRBool on = PR_FALSE;
-
-    if (!pOn) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd));
-        *pOn = PR_FALSE;
-        return SECFailure;
-    }
-
-    ssl_Get1stHandshakeLock(ss);
-    ssl_GetSSL3HandshakeLock(ss);
-
-    switch (which) {
-        case SSL_SOCKS:
-            on = PR_FALSE;
-            break;
-        case SSL_SECURITY:
-            on = ss->opt.useSecurity;
-            break;
-        case SSL_REQUEST_CERTIFICATE:
-            on = ss->opt.requestCertificate;
-            break;
-        case SSL_REQUIRE_CERTIFICATE:
-            on = ss->opt.requireCertificate;
-            break;
-        case SSL_HANDSHAKE_AS_CLIENT:
-            on = ss->opt.handshakeAsClient;
-            break;
-        case SSL_HANDSHAKE_AS_SERVER:
-            on = ss->opt.handshakeAsServer;
-            break;
-        case SSL_ENABLE_TLS:
-            on = ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_0;
-            break;
-        case SSL_ENABLE_SSL3:
-            on = ss->vrange.min == SSL_LIBRARY_VERSION_3_0;
-            break;
-        case SSL_ENABLE_SSL2:
-            on = ss->opt.enableSSL2;
-            break;
-        case SSL_NO_CACHE:
-            on = ss->opt.noCache;
-            break;
-        case SSL_ENABLE_FDX:
-            on = ss->opt.fdx;
-            break;
-        case SSL_V2_COMPATIBLE_HELLO:
-            on = ss->opt.v2CompatibleHello;
-            break;
-        case SSL_ROLLBACK_DETECTION:
-            on = ss->opt.detectRollBack;
-            break;
-        case SSL_NO_STEP_DOWN:
-            on = ss->opt.noStepDown;
-            break;
-        case SSL_BYPASS_PKCS11:
-            on = ss->opt.bypassPKCS11;
-            break;
-        case SSL_NO_LOCKS:
-            on = ss->opt.noLocks;
-            break;
-        case SSL_ENABLE_SESSION_TICKETS:
-            on = ss->opt.enableSessionTickets;
-            break;
-        case SSL_ENABLE_DEFLATE:
-            on = ss->opt.enableDeflate;
-            break;
-        case SSL_ENABLE_RENEGOTIATION:
-            on = ss->opt.enableRenegotiation;
-            break;
-        case SSL_REQUIRE_SAFE_NEGOTIATION:
-            on = ss->opt.requireSafeNegotiation;
-            break;
-        case SSL_ENABLE_FALSE_START:
-            on = ss->opt.enableFalseStart;
-            break;
-        case SSL_CBC_RANDOM_IV:
-            on = ss->opt.cbcRandomIV;
-            break;
-        case SSL_ENABLE_OCSP_STAPLING:
-            on = ss->opt.enableOCSPStapling;
-            break;
-        case SSL_ENABLE_NPN:
-            on = ss->opt.enableNPN;
-            break;
-        case SSL_ENABLE_ALPN:
-            on = ss->opt.enableALPN;
-            break;
-        case SSL_REUSE_SERVER_ECDHE_KEY:
-            on = ss->opt.reuseServerECDHEKey;
-            break;
-        case SSL_ENABLE_FALLBACK_SCSV:
-            on = ss->opt.enableFallbackSCSV;
-            break;
-        case SSL_ENABLE_SERVER_DHE:
-            on = ss->opt.enableServerDhe;
-            break;
-        case SSL_ENABLE_EXTENDED_MASTER_SECRET:
-            on = ss->opt.enableExtendedMS;
-            break;
-        case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
-            on = ss->opt.enableSignedCertTimestamps;
-            break;
-
-        default:
-            PORT_SetError(SEC_ERROR_INVALID_ARGS);
-            rv = SECFailure;
-    }
-
-    ssl_ReleaseSSL3HandshakeLock(ss);
-    ssl_Release1stHandshakeLock(ss);
-
-    *pOn = on;
-    return rv;
-}
-
-SECStatus
-SSL_OptionGetDefault(PRInt32 which, PRBool *pOn)
-{
-    SECStatus rv = SECSuccess;
-    PRBool on = PR_FALSE;
-
-    if (!pOn) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-
-    ssl_SetDefaultsFromEnvironment();
-
-    switch (which) {
-        case SSL_SOCKS:
-            on = PR_FALSE;
-            break;
-        case SSL_SECURITY:
-            on = ssl_defaults.useSecurity;
-            break;
-        case SSL_REQUEST_CERTIFICATE:
-            on = ssl_defaults.requestCertificate;
-            break;
-        case SSL_REQUIRE_CERTIFICATE:
-            on = ssl_defaults.requireCertificate;
-            break;
-        case SSL_HANDSHAKE_AS_CLIENT:
-            on = ssl_defaults.handshakeAsClient;
-            break;
-        case SSL_HANDSHAKE_AS_SERVER:
-            on = ssl_defaults.handshakeAsServer;
-            break;
-        case SSL_ENABLE_TLS:
-            on = versions_defaults_stream.max >= SSL_LIBRARY_VERSION_TLS_1_0;
-            break;
-        case SSL_ENABLE_SSL3:
-            on = versions_defaults_stream.min == SSL_LIBRARY_VERSION_3_0;
-            break;
-        case SSL_ENABLE_SSL2:
-            on = ssl_defaults.enableSSL2;
-            break;
-        case SSL_NO_CACHE:
-            on = ssl_defaults.noCache;
-            break;
-        case SSL_ENABLE_FDX:
-            on = ssl_defaults.fdx;
-            break;
-        case SSL_V2_COMPATIBLE_HELLO:
-            on = ssl_defaults.v2CompatibleHello;
-            break;
-        case SSL_ROLLBACK_DETECTION:
-            on = ssl_defaults.detectRollBack;
-            break;
-        case SSL_NO_STEP_DOWN:
-            on = ssl_defaults.noStepDown;
-            break;
-        case SSL_BYPASS_PKCS11:
-            on = ssl_defaults.bypassPKCS11;
-            break;
-        case SSL_NO_LOCKS:
-            on = ssl_defaults.noLocks;
-            break;
-        case SSL_ENABLE_SESSION_TICKETS:
-            on = ssl_defaults.enableSessionTickets;
-            break;
-        case SSL_ENABLE_DEFLATE:
-            on = ssl_defaults.enableDeflate;
-            break;
-        case SSL_ENABLE_RENEGOTIATION:
-            on = ssl_defaults.enableRenegotiation;
-            break;
-        case SSL_REQUIRE_SAFE_NEGOTIATION:
-            on = ssl_defaults.requireSafeNegotiation;
-            break;
-        case SSL_ENABLE_FALSE_START:
-            on = ssl_defaults.enableFalseStart;
-            break;
-        case SSL_CBC_RANDOM_IV:
-            on = ssl_defaults.cbcRandomIV;
-            break;
-        case SSL_ENABLE_OCSP_STAPLING:
-            on = ssl_defaults.enableOCSPStapling;
-            break;
-        case SSL_ENABLE_NPN:
-            on = ssl_defaults.enableNPN;
-            break;
-        case SSL_ENABLE_ALPN:
-            on = ssl_defaults.enableALPN;
-            break;
-        case SSL_REUSE_SERVER_ECDHE_KEY:
-            on = ssl_defaults.reuseServerECDHEKey;
-            break;
-        case SSL_ENABLE_FALLBACK_SCSV:
-            on = ssl_defaults.enableFallbackSCSV;
-            break;
-        case SSL_ENABLE_SERVER_DHE:
-            on = ssl_defaults.enableServerDhe;
-            break;
-        case SSL_ENABLE_EXTENDED_MASTER_SECRET:
-            on = ssl_defaults.enableExtendedMS;
-            break;
-        case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
-            on = ssl_defaults.enableSignedCertTimestamps;
-            break;
-
-        default:
-            PORT_SetError(SEC_ERROR_INVALID_ARGS);
-            rv = SECFailure;
-    }
-
-    *pOn = on;
-    return rv;
-}
-
-/* XXX Use Global Lock to protect this stuff. */
-SECStatus
-SSL_EnableDefault(int which, PRBool on)
-{
-    return SSL_OptionSetDefault(which, on);
-}
-
-SECStatus
-SSL_OptionSetDefault(PRInt32 which, PRBool on)
-{
-    SECStatus status = ssl_Init();
-
-    if (status != SECSuccess) {
-        return status;
-    }
-
-    ssl_SetDefaultsFromEnvironment();
-
-    switch (which) {
-        case SSL_SOCKS:
-            ssl_defaults.useSocks = PR_FALSE;
-            if (on) {
-                PORT_SetError(SEC_ERROR_INVALID_ARGS);
-                return SECFailure;
-            }
-            break;
-
-        case SSL_SECURITY:
-            ssl_defaults.useSecurity = on;
-            break;
-
-        case SSL_REQUEST_CERTIFICATE:
-            ssl_defaults.requestCertificate = on;
-            break;
-
-        case SSL_REQUIRE_CERTIFICATE:
-            ssl_defaults.requireCertificate = on;
-            break;
-
-        case SSL_HANDSHAKE_AS_CLIENT:
-            if (ssl_defaults.handshakeAsServer && on) {
-                PORT_SetError(SEC_ERROR_INVALID_ARGS);
-                return SECFailure;
-            }
-            ssl_defaults.handshakeAsClient = on;
-            break;
-
-        case SSL_HANDSHAKE_AS_SERVER:
-            if (ssl_defaults.handshakeAsClient && on) {
-                PORT_SetError(SEC_ERROR_INVALID_ARGS);
-                return SECFailure;
-            }
-            ssl_defaults.handshakeAsServer = on;
-            break;
-
-        case SSL_ENABLE_TLS:
-            ssl_EnableTLS(&versions_defaults_stream, on);
-            break;
-
-        case SSL_ENABLE_SSL3:
-            ssl_EnableSSL3(&versions_defaults_stream, on);
-            break;
-
-        case SSL_ENABLE_SSL2:
-            if (on) {
-                /* don't turn it on if ssl2 disallowed by by policy */
-                if (!ssl_VersionIsSupportedByPolicy(ssl_variant_stream,
-                                                    SSL_LIBRARY_VERSION_2)) {
-                    break;
-                }
-            }
-            ssl_defaults.enableSSL2 = on;
-            if (on) {
-                ssl_defaults.v2CompatibleHello = on;
-            }
-            break;
-
-        case SSL_NO_CACHE:
-            ssl_defaults.noCache = on;
-            break;
-
-        case SSL_ENABLE_FDX:
-            if (on && ssl_defaults.noLocks) {
-                PORT_SetError(SEC_ERROR_INVALID_ARGS);
-                return SECFailure;
-            }
-            ssl_defaults.fdx = on;
-            break;
-
-        case SSL_V2_COMPATIBLE_HELLO:
-            ssl_defaults.v2CompatibleHello = on;
-            if (!on) {
-                ssl_defaults.enableSSL2 = on;
-            }
-            break;
-
-        case SSL_ROLLBACK_DETECTION:
-            ssl_defaults.detectRollBack = on;
-            break;
-
-        case SSL_NO_STEP_DOWN:
-            ssl_defaults.noStepDown = on;
-            if (on)
-                SSL_DisableDefaultExportCipherSuites();
-            break;
-
-        case SSL_BYPASS_PKCS11:
-            if (PR_FALSE != on) {
-                if (PR_SUCCESS == SSL_BypassSetup()) {
-#ifdef NO_PKCS11_BYPASS
-                    ssl_defaults.bypassPKCS11 = PR_FALSE;
-#else
-                    ssl_defaults.bypassPKCS11 = on;
-#endif
-                } else {
-                    return SECFailure;
-                }
-            } else {
-                ssl_defaults.bypassPKCS11 = PR_FALSE;
-            }
-            break;
-
-        case SSL_NO_LOCKS:
-            if (on && ssl_defaults.fdx) {
-                PORT_SetError(SEC_ERROR_INVALID_ARGS);
-                return SECFailure;
-            }
-            if (on && ssl_force_locks)
-                on = PR_FALSE; /* silent override */
-            ssl_defaults.noLocks = on;
-            if (on) {
-                locksEverDisabled = PR_TRUE;
-                strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED.");
-            }
-            break;
-
-        case SSL_ENABLE_SESSION_TICKETS:
-            ssl_defaults.enableSessionTickets = on;
-            break;
-
-        case SSL_ENABLE_DEFLATE:
-            ssl_defaults.enableDeflate = on;
-            break;
-
-        case SSL_ENABLE_RENEGOTIATION:
-            ssl_defaults.enableRenegotiation = on;
-            break;
-
-        case SSL_REQUIRE_SAFE_NEGOTIATION:
-            ssl_defaults.requireSafeNegotiation = on;
-            break;
-
-        case SSL_ENABLE_FALSE_START:
-            ssl_defaults.enableFalseStart = on;
-            break;
-
-        case SSL_CBC_RANDOM_IV:
-            ssl_defaults.cbcRandomIV = on;
-            break;
-
-        case SSL_ENABLE_OCSP_STAPLING:
-            ssl_defaults.enableOCSPStapling = on;
-            break;
-
-        case SSL_ENABLE_NPN:
-            ssl_defaults.enableNPN = on;
-            break;
-
-        case SSL_ENABLE_ALPN:
-            ssl_defaults.enableALPN = on;
-            break;
-
-        case SSL_REUSE_SERVER_ECDHE_KEY:
-            ssl_defaults.reuseServerECDHEKey = on;
-            break;
-
-        case SSL_ENABLE_FALLBACK_SCSV:
-            ssl_defaults.enableFallbackSCSV = on;
-            break;
-
-        case SSL_ENABLE_SERVER_DHE:
-            ssl_defaults.enableServerDhe = on;
-            break;
-
-        case SSL_ENABLE_EXTENDED_MASTER_SECRET:
-            ssl_defaults.enableExtendedMS = on;
-            break;
-
-        case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
-            ssl_defaults.enableSignedCertTimestamps = on;
-            break;
-
-        default:
-            PORT_SetError(SEC_ERROR_INVALID_ARGS);
-            return SECFailure;
-    }
-    return SECSuccess;
-}
-
-/* function tells us if the cipher suite is one that we no longer support. */
-static PRBool
-ssl_IsRemovedCipherSuite(PRInt32 suite)
-{
-    switch (suite) {
-        case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
-        case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA:
-        case SSL_FORTEZZA_DMS_WITH_RC4_128_SHA:
-            return PR_TRUE;
-        default:
-            return PR_FALSE;
-    }
-}
-
-/* Part of the public NSS API.
- * Since this is a global (not per-socket) setting, we cannot use the
- * HandshakeLock to protect this.  Probably want a global lock.
- */
-SECStatus
-SSL_SetPolicy(long which, int policy)
-{
-    if ((which & 0xfffe) == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) {
-        /* one of the two old FIPS ciphers */
-        if (which == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA)
-            which = SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA;
-        else if (which == SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA)
-            which = SSL_RSA_FIPS_WITH_DES_CBC_SHA;
-    }
-    if (ssl_IsRemovedCipherSuite(which))
-        return SECSuccess;
-    return SSL_CipherPolicySet(which, policy);
-}
-
-SECStatus
-ssl_CipherPolicySet(PRInt32 which, PRInt32 policy)
-{
-    SECStatus rv = SECSuccess;
-
-    if (ssl_IsRemovedCipherSuite(which)) {
-        rv = SECSuccess;
-    } else if (SSL_IS_SSL2_CIPHER(which)) {
-        rv = ssl2_SetPolicy(which, policy);
-    } else {
-        rv = ssl3_SetPolicy((ssl3CipherSuite)which, policy);
-    }
-    return rv;
-}
-SECStatus
-SSL_CipherPolicySet(PRInt32 which, PRInt32 policy)
-{
-    SECStatus rv = ssl_Init();
-
-    if (rv != SECSuccess) {
-        return rv;
-    }
-    return ssl_CipherPolicySet(which, policy);
-}
-
-SECStatus
-SSL_CipherPolicyGet(PRInt32 which, PRInt32 *oPolicy)
-{
-    SECStatus rv;
-
-    if (!oPolicy) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-    if (ssl_IsRemovedCipherSuite(which)) {
-        *oPolicy = SSL_NOT_ALLOWED;
-        rv = SECSuccess;
-    } else if (SSL_IS_SSL2_CIPHER(which)) {
-        rv = ssl2_GetPolicy(which, oPolicy);
-    } else {
-        rv = ssl3_GetPolicy((ssl3CipherSuite)which, oPolicy);
-    }
-    return rv;
-}
-
-/* Part of the public NSS API.
- * Since this is a global (not per-socket) setting, we cannot use the
- * HandshakeLock to protect this.  Probably want a global lock.
- * These changes have no effect on any sslSockets already created.
- */
-SECStatus
-SSL_EnableCipher(long which, PRBool enabled)
-{
-    if ((which & 0xfffe) == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) {
-        /* one of the two old FIPS ciphers */
-        if (which == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA)
-            which = SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA;
-        else if (which == SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA)
-            which = SSL_RSA_FIPS_WITH_DES_CBC_SHA;
-    }
-    if (ssl_IsRemovedCipherSuite(which))
-        return SECSuccess;
-    return SSL_CipherPrefSetDefault(which, enabled);
-}
-
-SECStatus
-ssl_CipherPrefSetDefault(PRInt32 which, PRBool enabled)
-{
-    SECStatus rv = SECSuccess;
-
-    if (ssl_IsRemovedCipherSuite(which))
-        return SECSuccess;
-    if (enabled && ssl_defaults.noStepDown && SSL_IsExportCipherSuite(which)) {
-        PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
-        return SECFailure;
-    }
-    if (SSL_IS_SSL2_CIPHER(which)) {
-        rv = ssl2_CipherPrefSetDefault(which, enabled);
-    } else {
-        rv = ssl3_CipherPrefSetDefault((ssl3CipherSuite)which, enabled);
-    }
-    return rv;
-}
-
-SECStatus
-SSL_CipherPrefSetDefault(PRInt32 which, PRBool enabled)
-{
-    SECStatus rv = ssl_Init();
-
-    if (rv != SECSuccess) {
-        return rv;
-    }
-    return ssl_CipherPrefSetDefault(which, enabled);
-}
-
-SECStatus
-SSL_CipherPrefGetDefault(PRInt32 which, PRBool *enabled)
-{
-    SECStatus rv;
-
-    if (!enabled) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-    if (ssl_IsRemovedCipherSuite(which)) {
-        *enabled = PR_FALSE;
-        rv = SECSuccess;
-    } else if (SSL_IS_SSL2_CIPHER(which)) {
-        rv = ssl2_CipherPrefGetDefault(which, enabled);
-    } else {
-        rv = ssl3_CipherPrefGetDefault((ssl3CipherSuite)which, enabled);
-    }
-    return rv;
-}
-
-SECStatus
-SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 which, PRBool enabled)
-{
-    SECStatus rv;
-    sslSocket *ss = ssl_FindSocket(fd);
-
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefSet", SSL_GETPID(), fd));
-        return SECFailure;
-    }
-    if (ssl_IsRemovedCipherSuite(which))
-        return SECSuccess;
-    if (enabled && ss->opt.noStepDown && SSL_IsExportCipherSuite(which)) {
-        PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
-        return SECFailure;
-    }
-    if (SSL_IS_SSL2_CIPHER(which)) {
-        rv = ssl2_CipherPrefSet(ss, which, enabled);
-    } else {
-        rv = ssl3_CipherPrefSet(ss, (ssl3CipherSuite)which, enabled);
-    }
-    return rv;
-}
-
-SECStatus
-SSL_CipherOrderSet(PRFileDesc *fd, const PRUint16 *ciphers, unsigned int len)
-{
-    sslSocket *ss = ssl_FindSocket(fd);
-
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in CipherOrderSet", SSL_GETPID(),
-                 fd));
-        return SECFailure;
-    }
-    return ssl3_CipherOrderSet(ss, ciphers, len);
-}
-
-SECStatus
-SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 which, PRBool *enabled)
-{
-    SECStatus rv;
-    sslSocket *ss = ssl_FindSocket(fd);
-
-    if (!enabled) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefGet", SSL_GETPID(), fd));
-        *enabled = PR_FALSE;
-        return SECFailure;
-    }
-    if (ssl_IsRemovedCipherSuite(which)) {
-        *enabled = PR_FALSE;
-        rv = SECSuccess;
-    } else if (SSL_IS_SSL2_CIPHER(which)) {
-        rv = ssl2_CipherPrefGet(ss, which, enabled);
-    } else {
-        rv = ssl3_CipherPrefGet(ss, (ssl3CipherSuite)which, enabled);
-    }
-    return rv;
-}
-
-SECStatus
-NSS_SetDomesticPolicy(void)
-{
-    SECStatus status = SECSuccess;
-    const PRUint16 *cipher;
-    SECStatus rv;
-    PRUint32 policy;
-
-    /* If we've already defined some policy oids, skip changing them */
-    rv = NSS_GetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY, &policy);
-    if ((rv == SECSuccess) && (policy & NSS_USE_POLICY_IN_SSL)) {
-        return ssl_Init(); /* make sure the policies have bee loaded */
-    }
-
-    for (cipher = SSL_ImplementedCiphers; *cipher != 0; ++cipher) {
-        status = SSL_SetPolicy(*cipher, SSL_ALLOWED);
-        if (status != SECSuccess)
-            break;
-    }
-    return status;
-}
-
-SECStatus
-NSS_SetExportPolicy(void)
-{
-    return NSS_SetDomesticPolicy();
-}
-
-SECStatus
-NSS_SetFrancePolicy(void)
-{
-    return NSS_SetDomesticPolicy();
-}
-
-SECStatus
-SSL_DHEGroupPrefSet(PRFileDesc *fd,
-                    SSLDHEGroupType *groups,
-                    PRUint16 num_groups)
-{
-    sslSocket *ss;
-
-    if ((num_groups && !groups) || (!num_groups && groups)) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-
-    ss = ssl_FindSocket(fd);
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_DHEGroupPrefSet", SSL_GETPID(), fd));
-        return SECFailure;
-    }
-
-    if (ss->ssl3.dheGroups) {
-        PORT_Free(ss->ssl3.dheGroups);
-        ss->ssl3.dheGroups = NULL;
-        ss->ssl3.numDHEGroups = 0;
-    }
-
-    if (groups) {
-        ss->ssl3.dheGroups = PORT_NewArray(SSLDHEGroupType, num_groups);
-        if (!ss->ssl3.dheGroups) {
-            PORT_SetError(SEC_ERROR_NO_MEMORY);
-            return SECFailure;
-        }
-        PORT_Memcpy(ss->ssl3.dheGroups, groups,
-                    sizeof(SSLDHEGroupType) * num_groups);
-    }
-    return SECSuccess;
-}
-
-PRCallOnceType gWeakDHParamsRegisterOnce;
-int gWeakDHParamsRegisterError;
-
-PRCallOnceType gWeakDHParamsOnce;
-int gWeakDHParamsError;
-/* As our code allocates type PQGParams, we'll keep it around,
- * even though we only make use of it's parameters through gWeakDHParam. */
-static PQGParams *gWeakParamsPQG;
-static ssl3DHParams *gWeakDHParams;
-
-static PRStatus
-ssl3_CreateWeakDHParams(void)
-{
-    PQGVerify *vfy;
-    SECStatus rv, passed;
-
-    PORT_Assert(!gWeakDHParams && !gWeakParamsPQG);
-
-    rv = PK11_PQG_ParamGenV2(1024, 160, 64 /*maximum seed that will work*/,
-                             &gWeakParamsPQG, &vfy);
-    if (rv != SECSuccess) {
-        gWeakDHParamsError = PORT_GetError();
-        return PR_FAILURE;
-    }
-
-    rv = PK11_PQG_VerifyParams(gWeakParamsPQG, vfy, &passed);
-    if (rv != SECSuccess || passed != SECSuccess) {
-        SSL_DBG(("%d: PK11_PQG_VerifyParams failed in ssl3_CreateWeakDHParams",
-                 SSL_GETPID()));
-        gWeakDHParamsError = PORT_GetError();
-        return PR_FAILURE;
-    }
-
-    gWeakDHParams = PORT_ArenaNew(gWeakParamsPQG->arena, ssl3DHParams);
-    if (!gWeakDHParams) {
-        gWeakDHParamsError = PORT_GetError();
-        return PR_FAILURE;
-    }
-
-    gWeakDHParams->prime.data = gWeakParamsPQG->prime.data;
-    gWeakDHParams->prime.len = gWeakParamsPQG->prime.len;
-    gWeakDHParams->base.data = gWeakParamsPQG->base.data;
-    gWeakDHParams->base.len = gWeakParamsPQG->base.len;
-
-    PK11_PQG_DestroyVerify(vfy);
-    return PR_SUCCESS;
-}
-
-static SECStatus
-ssl3_WeakDHParamsShutdown(void *appData, void *nssData)
-{
-    if (gWeakParamsPQG) {
-        PK11_PQG_DestroyParams(gWeakParamsPQG);
-        gWeakParamsPQG = NULL;
-        gWeakDHParams = NULL;
-    }
-    return SECSuccess;
-}
-
-static PRStatus
-ssl3_WeakDHParamsRegisterShutdown(void)
-{
-    SECStatus rv;
-    rv = NSS_RegisterShutdown(ssl3_WeakDHParamsShutdown, NULL);
-    if (rv != SECSuccess) {
-        gWeakDHParamsRegisterError = PORT_GetError();
-    }
-    return (PRStatus)rv;
-}
-
-/* global init strategy inspired by ssl3_CreateECDHEphemeralKeys */
-SECStatus
-SSL_EnableWeakDHEPrimeGroup(PRFileDesc *fd, PRBool enabled)
-{
-    sslSocket *ss;
-    PRStatus status;
-
-    if (enabled) {
-        status = PR_CallOnce(&gWeakDHParamsRegisterOnce,
-                             ssl3_WeakDHParamsRegisterShutdown);
-        if (status != PR_SUCCESS) {
-            PORT_SetError(gWeakDHParamsRegisterError);
-            return SECFailure;
-        }
-
-        status = PR_CallOnce(&gWeakDHParamsOnce, ssl3_CreateWeakDHParams);
-        if (status != PR_SUCCESS) {
-            PORT_SetError(gWeakDHParamsError);
-            return SECFailure;
-        }
-    }
-
-    if (!fd)
-        return SECSuccess;
-
-    ss = ssl_FindSocket(fd);
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_DHEGroupPrefSet", SSL_GETPID(), fd));
-        return SECFailure;
-    }
-
-    ss->ssl3.dheWeakGroupEnabled = enabled;
-    return SECSuccess;
-}
-
-SECStatus
-SSL_GetChannelBinding(PRFileDesc *fd,
-                      SSLChannelBindingType binding_type,
-                      unsigned char *out,
-                      unsigned int *outLen,
-                      unsigned int outLenMax)
-{
-    sslSocket *ss = ssl_FindSocket(fd);
-
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetChannelBinding",
-                 SSL_GETPID(), fd));
-        return SECFailure;
-    }
-
-    if (binding_type != SSL_CHANNEL_BINDING_TLS_UNIQUE) {
-        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
-        return SECFailure;
-    }
-
-    return ssl3_GetTLSUniqueChannelBinding(ss, out, outLen, outLenMax);
-}
-
-#include "dhe-param.c"
-
-static const SSLDHEGroupType ssl_default_dhe_groups[] = {
-    ssl_ff_dhe_2048_group
-};
-
-/* Keep this array synchronized with the index definitions in SSLDHEGroupType */
-static const ssl3DHParams *all_ssl3DHParams[] = {
-    NULL, /* ssl_dhe_group_none */
-    &ff_dhe_2048,
-    &ff_dhe_3072,
-    &ff_dhe_4096,
-    &ff_dhe_6144,
-    &ff_dhe_8192,
-};
-
-static SSLDHEGroupType
-selectDHEGroup(sslSocket *ss, const SSLDHEGroupType *groups, PRUint16 num_groups)
-{
-    if (!groups || !num_groups)
-        return ssl_dhe_group_none;
-
-    /* We don't have automatic group parameter selection yet
-     * (potentially) based on socket parameters, e.g. key sizes.
-     * For now, we return the first available group from the allowed list. */
-    return groups[0];
-}
-
-/* Ensure DH parameters have been selected */
-SECStatus
-ssl3_SelectDHParams(sslSocket *ss)
-{
-    SSLDHEGroupType selectedGroup = ssl_dhe_group_none;
-
-    if (ss->ssl3.dheWeakGroupEnabled) {
-        ss->dheParams = gWeakDHParams;
-    } else {
-        if (ss->ssl3.dheGroups) {
-            selectedGroup = selectDHEGroup(ss, ss->ssl3.dheGroups,
-                                           ss->ssl3.numDHEGroups);
-        } else {
-            size_t number_of_default_groups = PR_ARRAY_SIZE(ssl_default_dhe_groups);
-            selectedGroup = selectDHEGroup(ss, ssl_default_dhe_groups,
-                                           number_of_default_groups);
-        }
-
-        if (selectedGroup == ssl_dhe_group_none ||
-            selectedGroup >= ssl_dhe_group_max) {
-            return SECFailure;
-        }
-
-        ss->dheParams = all_ssl3DHParams[selectedGroup];
-    }
-
-    return SECSuccess;
-}
-
-/* LOCKS ??? XXX */
-static PRFileDesc *
-ssl_ImportFD(PRFileDesc *model, PRFileDesc *fd, SSLProtocolVariant variant)
-{
-    sslSocket *ns = NULL;
-    PRStatus rv;
-    PRNetAddr addr;
-    SECStatus status = ssl_Init();
-
-    if (status != SECSuccess) {
-        return NULL;
-    }
-
-    if (model == NULL) {
-        /* Just create a default socket if we're given NULL for the model */
-        ns = ssl_NewSocket((PRBool)(!ssl_defaults.noLocks), variant);
-    } else {
-        sslSocket *ss = ssl_FindSocket(model);
-        if (ss == NULL || ss->protocolVariant != variant) {
-            SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ImportFD",
-                     SSL_GETPID(), model));
-            return NULL;
-        }
-        ns = ssl_DupSocket(ss);
-    }
-    if (ns == NULL)
-        return NULL;
-
-    rv = ssl_PushIOLayer(ns, fd, PR_TOP_IO_LAYER);
-    if (rv != PR_SUCCESS) {
-        ssl_FreeSocket(ns);
-        SET_ERROR_CODE
-        return NULL;
-    }
-#if defined(DEBUG) || defined(FORCE_PR_ASSERT)
-    {
-        sslSocket *ss = ssl_FindSocket(fd);
-        PORT_Assert(ss == ns);
-    }
-#endif
-    ns->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ns, &addr));
-    return fd;
-}
-
-PRFileDesc *
-SSL_ImportFD(PRFileDesc *model, PRFileDesc *fd)
-{
-    return ssl_ImportFD(model, fd, ssl_variant_stream);
-}
-
-PRFileDesc *
-DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd)
-{
-    return ssl_ImportFD(model, fd, ssl_variant_datagram);
-}
-
-/* SSL_SetNextProtoCallback is used to select an application protocol
- * for ALPN and NPN.  For ALPN, this runs on the server; for NPN it
- * runs on the client. */
-/* Note: The ALPN version doesn't allow for the use of a default, setting a
- * status of SSL_NEXT_PROTO_NO_OVERLAP is treated as a failure. */
-SECStatus
-SSL_SetNextProtoCallback(PRFileDesc *fd, SSLNextProtoCallback callback,
-                         void *arg)
-{
-    sslSocket *ss = ssl_FindSocket(fd);
-
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoCallback", SSL_GETPID(),
-                 fd));
-        return SECFailure;
-    }
-
-    ssl_GetSSL3HandshakeLock(ss);
-    ss->nextProtoCallback = callback;
-    ss->nextProtoArg = arg;
-    ssl_ReleaseSSL3HandshakeLock(ss);
-
-    return SECSuccess;
-}
-
-/* ssl_NextProtoNegoCallback is set as an ALPN/NPN callback when
- * SSL_SetNextProtoNego is used.
- */
-static SECStatus
-ssl_NextProtoNegoCallback(void *arg, PRFileDesc *fd,
-                          const unsigned char *protos, unsigned int protos_len,
-                          unsigned char *protoOut, unsigned int *protoOutLen,
-                          unsigned int protoMaxLen)
-{
-    unsigned int i, j;
-    const unsigned char *result;
-    sslSocket *ss = ssl_FindSocket(fd);
-
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in ssl_NextProtoNegoCallback",
-                 SSL_GETPID(), fd));
-        return SECFailure;
-    }
-
-    /* For each protocol in server preference, see if we support it. */
-    for (i = 0; i < protos_len;) {
-        for (j = 0; j < ss->opt.nextProtoNego.len;) {
-            if (protos[i] == ss->opt.nextProtoNego.data[j] &&
-                PORT_Memcmp(&protos[i + 1], &ss->opt.nextProtoNego.data[j + 1],
-                            protos[i]) == 0) {
-                /* We found a match. */
-                ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NEGOTIATED;
-                result = &protos[i];
-                goto found;
-            }
-            j += 1 + (unsigned int)ss->opt.nextProtoNego.data[j];
-        }
-        i += 1 + (unsigned int)protos[i];
-    }
-
-    /* The other side supports the extension, and either doesn't have any
-     * protocols configured, or none of its options match ours. In this case we
-     * request our favoured protocol. */
-    /* This will be treated as a failure for ALPN. */
-    ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NO_OVERLAP;
-    result = ss->opt.nextProtoNego.data;
-
-found:
-    if (protoMaxLen < result[0]) {
-        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
-        return SECFailure;
-    }
-    memcpy(protoOut, result + 1, result[0]);
-    *protoOutLen = result[0];
-    return SECSuccess;
-}
-
-SECStatus
-SSL_SetNextProtoNego(PRFileDesc *fd, const unsigned char *data,
-                     unsigned int length)
-{
-    sslSocket *ss;
-    SECStatus rv;
-    SECItem dataItem = { siBuffer, (unsigned char *)data, length };
-
-    ss = ssl_FindSocket(fd);
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoNego",
-                 SSL_GETPID(), fd));
-        return SECFailure;
-    }
-
-    if (ssl3_ValidateNextProtoNego(data, length) != SECSuccess)
-        return SECFailure;
-
-    ssl_GetSSL3HandshakeLock(ss);
-    SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE);
-    rv = SECITEM_CopyItem(NULL, &ss->opt.nextProtoNego, &dataItem);
-    ssl_ReleaseSSL3HandshakeLock(ss);
-
-    if (rv != SECSuccess)
-        return rv;
-
-    return SSL_SetNextProtoCallback(fd, ssl_NextProtoNegoCallback, NULL);
-}
-
-SECStatus
-SSL_GetNextProto(PRFileDesc *fd, SSLNextProtoState *state, unsigned char *buf,
-                 unsigned int *bufLen, unsigned int bufLenMax)
-{
-    sslSocket *ss = ssl_FindSocket(fd);
-
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetNextProto", SSL_GETPID(),
-                 fd));
-        return SECFailure;
-    }
-
-    if (!state || !buf || !bufLen) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-
-    *state = ss->ssl3.nextProtoState;
-
-    if (ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NO_SUPPORT &&
-        ss->ssl3.nextProto.data) {
-        if (ss->ssl3.nextProto.len > bufLenMax) {
-            PORT_SetError(SEC_ERROR_OUTPUT_LEN);
-            return SECFailure;
-        }
-        PORT_Memcpy(buf, ss->ssl3.nextProto.data, ss->ssl3.nextProto.len);
-        *bufLen = ss->ssl3.nextProto.len;
-    } else {
-        *bufLen = 0;
-    }
-
-    return SECSuccess;
-}
-
-SECStatus
-SSL_SetSRTPCiphers(PRFileDesc *fd,
-                   const PRUint16 *ciphers,
-                   unsigned int numCiphers)
-{
-    sslSocket *ss;
-    unsigned int i;
-
-    ss = ssl_FindSocket(fd);
-    if (!ss || !IS_DTLS(ss)) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSRTPCiphers",
-                 SSL_GETPID(), fd));
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-
-    if (numCiphers > MAX_DTLS_SRTP_CIPHER_SUITES) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-
-    ss->ssl3.dtlsSRTPCipherCount = 0;
-    for (i = 0; i < numCiphers; i++) {
-        const PRUint16 *srtpCipher = srtpCiphers;
-
-        while (*srtpCipher) {
-            if (ciphers[i] == *srtpCipher)
-                break;
-            srtpCipher++;
-        }
-        if (*srtpCipher) {
-            ss->ssl3.dtlsSRTPCiphers[ss->ssl3.dtlsSRTPCipherCount++] =
-                ciphers[i];
-        } else {
-            SSL_DBG(("%d: SSL[%d]: invalid or unimplemented SRTP cipher "
-                     "suite specified: 0x%04hx",
-                     SSL_GETPID(), fd,
-                     ciphers[i]));
-        }
-    }
-
-    if (ss->ssl3.dtlsSRTPCipherCount == 0) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-
-    return SECSuccess;
-}
-
-SECStatus
-SSL_GetSRTPCipher(PRFileDesc *fd, PRUint16 *cipher)
-{
-    sslSocket *ss;
-
-    ss = ssl_FindSocket(fd);
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetSRTPCipher",
-                 SSL_GETPID(), fd));
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-
-    if (!ss->ssl3.dtlsSRTPCipherSuite) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-
-    *cipher = ss->ssl3.dtlsSRTPCipherSuite;
-    return SECSuccess;
-}
-
-PRFileDesc *
-SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd)
-{
-    sslSocket *sm = NULL, *ss = NULL;
-    int i;
-    sslServerCerts *mc = NULL;
-    sslServerCerts *sc = NULL;
-
-    if (model == NULL) {
-        PR_SetError(SEC_ERROR_INVALID_ARGS, 0);
-        return NULL;
-    }
-    sm = ssl_FindSocket(model);
-    if (sm == NULL) {
-        SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ReconfigFD",
-                 SSL_GETPID(), model));
-        return NULL;
-    }
-    ss = ssl_FindSocket(fd);
-    PORT_Assert(ss);
-    if (ss == NULL) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return NULL;
-    }
-
-    ss->opt = sm->opt;
-    ss->vrange = sm->vrange;
-    PORT_Memcpy(ss->cipherSuites, sm->cipherSuites, sizeof sm->cipherSuites);
-    PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, sm->ssl3.dtlsSRTPCiphers,
-                sizeof(PRUint16) * sm->ssl3.dtlsSRTPCipherCount);
-    ss->ssl3.dtlsSRTPCipherCount = sm->ssl3.dtlsSRTPCipherCount;
-    PORT_Memcpy(ss->ssl3.signatureAlgorithms, sm->ssl3.signatureAlgorithms,
-                sizeof(ss->ssl3.signatureAlgorithms[0]) *
-                    sm->ssl3.signatureAlgorithmCount);
-    ss->ssl3.signatureAlgorithmCount = sm->ssl3.signatureAlgorithmCount;
-    ss->ssl3.downgradeCheckVersion = sm->ssl3.downgradeCheckVersion;
-
-    if (!ss->opt.useSecurity) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return NULL;
-    }
-    /* This int should be SSLKEAType, but CC on Irix complains,
-     * during the for loop.
-     */
-    for (i = kt_null; i < kt_kea_size; i++) {
-        mc = &(sm->serverCerts[i]);
-        sc = &(ss->serverCerts[i]);
-        if (mc->serverCert && mc->serverCertChain) {
-            if (sc->serverCert) {
-                CERT_DestroyCertificate(sc->serverCert);
-            }
-            sc->serverCert = CERT_DupCertificate(mc->serverCert);
-            if (sc->serverCertChain) {
-                CERT_DestroyCertificateList(sc->serverCertChain);
-            }
-            sc->serverCertChain = CERT_DupCertList(mc->serverCertChain);
-            if (!sc->serverCertChain)
-                goto loser;
-            if (sm->certStatusArray[i]) {
-                if (ss->certStatusArray[i]) {
-                    SECITEM_FreeArray(ss->certStatusArray[i], PR_TRUE);
-                    ss->certStatusArray[i] = NULL;
-                }
-                ss->certStatusArray[i] = SECITEM_DupArray(NULL, sm->certStatusArray[i]);
-                if (!ss->certStatusArray[i])
-                    goto loser;
-            }
-            if (sm->signedCertTimestamps[i].data) {
-                if (ss->signedCertTimestamps[i].data) {
-                    SECITEM_FreeItem(&ss->signedCertTimestamps[i], PR_FALSE);
-                }
-                if (SECITEM_CopyItem(NULL,
-                                     &ss->signedCertTimestamps[i],
-                                     &sm->signedCertTimestamps[i]) !=
-                    SECSuccess) {
-                    goto loser;
-                }
-            }
-        }
-        if (mc->serverKeyPair) {
-            if (sc->serverKeyPair) {
-                ssl3_FreeKeyPair(sc->serverKeyPair);
-            }
-            sc->serverKeyPair = ssl3_GetKeyPairRef(mc->serverKeyPair);
-            sc->serverKeyBits = mc->serverKeyBits;
-        }
-    }
-    if (sm->stepDownKeyPair) {
-        if (ss->stepDownKeyPair) {
-            ssl3_FreeKeyPair(ss->stepDownKeyPair);
-        }
-        ss->stepDownKeyPair = ssl3_GetKeyPairRef(sm->stepDownKeyPair);
-    }
-    if (sm->ephemeralECDHKeyPair) {
-        if (ss->ephemeralECDHKeyPair) {
-            ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair);
-        }
-        ss->ephemeralECDHKeyPair =
-            ssl3_GetKeyPairRef(sm->ephemeralECDHKeyPair);
-    }
-    /* copy trust anchor names */
-    if (sm->ssl3.ca_list) {
-        if (ss->ssl3.ca_list) {
-            CERT_FreeDistNames(ss->ssl3.ca_list);
-        }
-        ss->ssl3.ca_list = CERT_DupDistNames(sm->ssl3.ca_list);
-        if (!ss->ssl3.ca_list) {
-            goto loser;
-        }
-    }
-
-    if (sm->authCertificate)
-        ss->authCertificate = sm->authCertificate;
-    if (sm->authCertificateArg)
-        ss->authCertificateArg = sm->authCertificateArg;
-    if (sm->getClientAuthData)
-        ss->getClientAuthData = sm->getClientAuthData;
-    if (sm->getClientAuthDataArg)
-        ss->getClientAuthDataArg = sm->getClientAuthDataArg;
-    if (sm->sniSocketConfig)
-        ss->sniSocketConfig = sm->sniSocketConfig;
-    if (sm->sniSocketConfigArg)
-        ss->sniSocketConfigArg = sm->sniSocketConfigArg;
-    if (sm->handleBadCert)
-        ss->handleBadCert = sm->handleBadCert;
-    if (sm->badCertArg)
-        ss->badCertArg = sm->badCertArg;
-    if (sm->handshakeCallback)
-        ss->handshakeCallback = sm->handshakeCallback;
-    if (sm->handshakeCallbackData)
-        ss->handshakeCallbackData = sm->handshakeCallbackData;
-    if (sm->pkcs11PinArg)
-        ss->pkcs11PinArg = sm->pkcs11PinArg;
-    if (sm->getChannelID)
-        ss->getChannelID = sm->getChannelID;
-    if (sm->getChannelIDArg)
-        ss->getChannelIDArg = sm->getChannelIDArg;
-    return fd;
-loser:
-    return NULL;
-}
-
-/*
- * Get the user supplied range
- */
-static SECStatus
-ssl3_GetRangePolicy(SSLProtocolVariant protocolVariant, SSLVersionRange *prange)
-{
-    SECStatus rv;
-    PRUint32 policy;
-    PRInt32 option;
-
-    /* only use policy constraints if we've set the apply ssl policy bit */
-    rv = NSS_GetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY, &policy);
-    if ((rv != SECSuccess) || !(policy & NSS_USE_POLICY_IN_SSL)) {
-        return SECFailure;
-    }
-    rv = NSS_OptionGet(VERSIONS_POLICY_MIN(protocolVariant), &option);
-    if (rv != SECSuccess) {
-        return rv;
-    }
-    prange->min = (PRUint16)option;
-    rv = NSS_OptionGet(VERSIONS_POLICY_MAX(protocolVariant), &option);
-    if (rv != SECSuccess) {
-        return rv;
-    }
-    prange->max = (PRUint16)option;
-    if (prange->max < prange->min) {
-        return SECFailure; /* don't accept an invalid policy */
-    }
-    return SECSuccess;
-}
-
-/*
- * Constrain a single protocol variant's range based on the user policy
- */
-static SECStatus
-ssl3_ConstrainVariantRangeByPolicy(SSLProtocolVariant protocolVariant)
-{
-    SSLVersionRange vrange;
-    SSLVersionRange pvrange;
-    SECStatus rv;
-
-    vrange = *VERSIONS_DEFAULTS(protocolVariant);
-    rv = ssl3_GetRangePolicy(protocolVariant, &pvrange);
-    if (rv != SECSuccess) {
-        return SECSuccess; /* we don't have any policy */
-    }
-    vrange.min = PR_MAX(vrange.min, pvrange.min);
-    vrange.max = PR_MIN(vrange.max, pvrange.max);
-    if (vrange.max >= vrange.min) {
-        *VERSIONS_DEFAULTS(protocolVariant) = vrange;
-    } else {
-        /* there was no overlap, turn off range altogether */
-        pvrange.min = pvrange.max = SSL_LIBRARY_VERSION_NONE;
-        *VERSIONS_DEFAULTS(protocolVariant) = pvrange;
-    }
-    return SECSuccess;
-}
-
-static PRBool
-ssl_VersionIsSupportedByPolicy(SSLProtocolVariant protocolVariant,
-                               SSL3ProtocolVersion version)
-{
-    SSLVersionRange pvrange;
-    SECStatus rv;
-
-    rv = ssl3_GetRangePolicy(protocolVariant, &pvrange);
-    if (rv == SECSuccess) {
-        if ((version > pvrange.max) || (version < pvrange.min)) {
-            return PR_FALSE; /* disallowed by policy */
-        }
-    }
-    return PR_TRUE;
-}
-
-/*
- *  This is called at SSL init time to constrain the existing range based
- *  on user supplied policy.
- */
-SECStatus
-ssl3_ConstrainRangeByPolicy(void)
-{
-    SECStatus rv;
-    rv = ssl3_ConstrainVariantRangeByPolicy(ssl_variant_stream);
-    if (rv != SECSuccess) {
-        return rv;
-    }
-    rv = ssl3_ConstrainVariantRangeByPolicy(ssl_variant_datagram);
-    if (rv != SECSuccess) {
-        return rv;
-    }
-    return SECSuccess;
-}
-
-PRBool
-ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant,
-                        SSL3ProtocolVersion version)
-{
-    if (!ssl_VersionIsSupportedByPolicy(protocolVariant, version)) {
-        return PR_FALSE;
-    }
-    switch (protocolVariant) {
-        case ssl_variant_stream:
-            return (version >= SSL_LIBRARY_VERSION_3_0 &&
-                    version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED);
-        case ssl_variant_datagram:
-            return (version >= SSL_LIBRARY_VERSION_TLS_1_1 &&
-                    version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED);
-        default:
-            /* Can't get here */
-            PORT_Assert(PR_FALSE);
-            return PR_FALSE;
-    }
-}
-
-/* Returns PR_TRUE if the given version range is valid and
-** fully supported; otherwise, returns PR_FALSE.
-*/
-static PRBool
-ssl3_VersionRangeIsValid(SSLProtocolVariant protocolVariant,
-                         const SSLVersionRange *vrange)
-{
-    return vrange &&
-           vrange->min <= vrange->max &&
-           ssl3_VersionIsSupported(protocolVariant, vrange->min) &&
-           ssl3_VersionIsSupported(protocolVariant, vrange->max);
-}
-
-const SECItem *
-SSL_PeerSignedCertTimestamps(PRFileDesc *fd)
-{
-    sslSocket *ss = ssl_FindSocket(fd);
-
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_PeerSignedCertTimestamps",
-                 SSL_GETPID(), fd));
-        return NULL;
-    }
-
-    if (!ss->sec.ci.sid) {
-        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
-        return NULL;
-    }
-
-    if (ss->sec.ci.sid->version < SSL_LIBRARY_VERSION_3_0) {
-        PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2);
-        return NULL;
-    }
-    return &ss->sec.ci.sid->u.ssl3.signedCertTimestamps;
-}
-
-SECStatus
-SSL_VersionRangeGetSupported(SSLProtocolVariant protocolVariant,
-                             SSLVersionRange *vrange)
-{
-    if (!vrange) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-
-    switch (protocolVariant) {
-        case ssl_variant_stream:
-            vrange->min = SSL_LIBRARY_VERSION_3_0;
-            vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED;
-            break;
-        case ssl_variant_datagram:
-            vrange->min = SSL_LIBRARY_VERSION_TLS_1_1;
-            vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED;
-            break;
-        default:
-            PORT_SetError(SEC_ERROR_INVALID_ARGS);
-            return SECFailure;
-    }
-
-    return SECSuccess;
-}
-
-SECStatus
-SSL_VersionRangeGetDefault(SSLProtocolVariant protocolVariant,
-                           SSLVersionRange *vrange)
-{
-    if ((protocolVariant != ssl_variant_stream &&
-         protocolVariant != ssl_variant_datagram) ||
-        !vrange) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-
-    *vrange = *VERSIONS_DEFAULTS(protocolVariant);
-
-    return SECSuccess;
-}
-
-SECStatus
-SSL_VersionRangeSetDefault(SSLProtocolVariant protocolVariant,
-                           const SSLVersionRange *vrange)
-{
-    if (!ssl3_VersionRangeIsValid(protocolVariant, vrange)) {
-        PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
-        return SECFailure;
-    }
-
-    *VERSIONS_DEFAULTS(protocolVariant) = *vrange;
-
-    return SECSuccess;
-}
-
-SECStatus
-SSL_VersionRangeGet(PRFileDesc *fd, SSLVersionRange *vrange)
-{
-    sslSocket *ss = ssl_FindSocket(fd);
-
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_VersionRangeGet",
-                 SSL_GETPID(), fd));
-        return SECFailure;
-    }
-
-    if (!vrange) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-
-    ssl_Get1stHandshakeLock(ss);
-    ssl_GetSSL3HandshakeLock(ss);
-
-    *vrange = ss->vrange;
-
-    ssl_ReleaseSSL3HandshakeLock(ss);
-    ssl_Release1stHandshakeLock(ss);
-
-    return SECSuccess;
-}
-
-SECStatus
-SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange)
-{
-    sslSocket *ss = ssl_FindSocket(fd);
-
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_VersionRangeSet",
-                 SSL_GETPID(), fd));
-        return SECFailure;
-    }
-
-    if (!ssl3_VersionRangeIsValid(ss->protocolVariant, vrange)) {
-        PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
-        return SECFailure;
-    }
-
-    ssl_Get1stHandshakeLock(ss);
-    ssl_GetSSL3HandshakeLock(ss);
-
-    if (ss->ssl3.downgradeCheckVersion &&
-        ss->vrange.max > ss->ssl3.downgradeCheckVersion) {
-        PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
-        ssl_ReleaseSSL3HandshakeLock(ss);
-        ssl_Release1stHandshakeLock(ss);
-        return SECFailure;
-    }
-
-    ss->vrange = *vrange;
-
-    ssl_ReleaseSSL3HandshakeLock(ss);
-    ssl_Release1stHandshakeLock(ss);
-
-    return SECSuccess;
-}
-
-SECStatus
-SSL_SetDowngradeCheckVersion(PRFileDesc *fd, PRUint16 version)
-{
-    sslSocket *ss = ssl_FindSocket(fd);
-    SECStatus rv = SECFailure;
-
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetDowngradeCheckVersion",
-                 SSL_GETPID(), fd));
-        return SECFailure;
-    }
-
-    if (version && !ssl3_VersionIsSupported(ss->protocolVariant, version)) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-
-    ssl_Get1stHandshakeLock(ss);
-    ssl_GetSSL3HandshakeLock(ss);
-
-    if (version && version < ss->vrange.max) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        goto loser;
-    }
-    ss->ssl3.downgradeCheckVersion = version;
-    rv = SECSuccess;
-
-loser:
-    ssl_ReleaseSSL3HandshakeLock(ss);
-    ssl_Release1stHandshakeLock(ss);
-
-    return rv;
-}
-
-const SECItemArray *
-SSL_PeerStapledOCSPResponses(PRFileDesc *fd)
-{
-    sslSocket *ss = ssl_FindSocket(fd);
-
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_PeerStapledOCSPResponses",
-                 SSL_GETPID(), fd));
-        return NULL;
-    }
-
-    if (!ss->sec.ci.sid) {
-        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
-        return NULL;
-    }
-
-    return &ss->sec.ci.sid->peerCertStatus;
-}
-
-SECStatus
-SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *handshake_resumed)
-{
-    sslSocket *ss = ssl_FindSocket(fd);
-
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_HandshakeResumedSession",
-                 SSL_GETPID(), fd));
-        return SECFailure;
-    }
-
-    *handshake_resumed = ss->ssl3.hs.isResuming;
-    return SECSuccess;
-}
-
-const SECItem *
-SSL_GetRequestedClientCertificateTypes(PRFileDesc *fd)
-{
-    sslSocket *ss = ssl_FindSocket(fd);
-
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in "
-                 "SSL_GetRequestedClientCertificateTypes",
-                 SSL_GETPID(), fd));
-        return NULL;
-    }
-
-    return ss->requestedCertTypes;
-}
-
-/************************************************************************/
-/* The following functions are the TOP LEVEL SSL functions.
-** They all get called through the NSPRIOMethods table below.
-*/
-
-static PRFileDesc *PR_CALLBACK
-ssl_Accept(PRFileDesc *fd, PRNetAddr *sockaddr, PRIntervalTime timeout)
-{
-    sslSocket *ss;
-    sslSocket *ns = NULL;
-    PRFileDesc *newfd = NULL;
-    PRFileDesc *osfd;
-    PRStatus status;
-
-    ss = ssl_GetPrivate(fd);
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in accept", SSL_GETPID(), fd));
-        return NULL;
-    }
-
-    /* IF this is a listen socket, there shouldn't be any I/O going on */
-    SSL_LOCK_READER(ss);
-    SSL_LOCK_WRITER(ss);
-    ssl_Get1stHandshakeLock(ss);
-    ssl_GetSSL3HandshakeLock(ss);
-
-    ss->cTimeout = timeout;
-
-    osfd = ss->fd->lower;
-
-    /* First accept connection */
-    newfd = osfd->methods->accept(osfd, sockaddr, timeout);
-    if (newfd == NULL) {
-        SSL_DBG(("%d: SSL[%d]: accept failed, errno=%d",
-                 SSL_GETPID(), ss->fd, PORT_GetError()));
-    } else {
-        /* Create ssl module */
-        ns = ssl_DupSocket(ss);
-    }
-
-    ssl_ReleaseSSL3HandshakeLock(ss);
-    ssl_Release1stHandshakeLock(ss);
-    SSL_UNLOCK_WRITER(ss);
-    SSL_UNLOCK_READER(ss); /* ss isn't used below here. */
-
-    if (ns == NULL)
-        goto loser;
-
-    /* push ssl module onto the new socket */
-    status = ssl_PushIOLayer(ns, newfd, PR_TOP_IO_LAYER);
-    if (status != PR_SUCCESS)
-        goto loser;
-
-    /* Now start server connection handshake with client.
-    ** Don't need locks here because nobody else has a reference to ns yet.
-    */
-    if (ns->opt.useSecurity) {
-        if (ns->opt.handshakeAsClient) {
-            ns->handshake = ssl2_BeginClientHandshake;
-            ss->handshaking = sslHandshakingAsClient;
-        } else {
-            ns->handshake = ssl2_BeginServerHandshake;
-            ss->handshaking = sslHandshakingAsServer;
-        }
-    }
-    ns->TCPconnected = 1;
-    return newfd;
-
-loser:
-    if (ns != NULL)
-        ssl_FreeSocket(ns);
-    if (newfd != NULL)
-        PR_Close(newfd);
-    return NULL;
-}
-
-static PRStatus PR_CALLBACK
-ssl_Connect(PRFileDesc *fd, const PRNetAddr *sockaddr, PRIntervalTime timeout)
-{
-    sslSocket *ss;
-    PRStatus rv;
-
-    ss = ssl_GetPrivate(fd);
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in connect", SSL_GETPID(), fd));
-        return PR_FAILURE;
-    }
-
-    /* IF this is a listen socket, there shouldn't be any I/O going on */
-    SSL_LOCK_READER(ss);
-    SSL_LOCK_WRITER(ss);
-
-    ss->cTimeout = timeout;
-    rv = (PRStatus)(*ss->ops->connect)(ss, sockaddr);
-
-    SSL_UNLOCK_WRITER(ss);
-    SSL_UNLOCK_READER(ss);
-
-    return rv;
-}
-
-static PRStatus PR_CALLBACK
-ssl_Bind(PRFileDesc *fd, const PRNetAddr *addr)
-{
-    sslSocket *ss = ssl_GetPrivate(fd);
-    PRStatus rv;
-
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in bind", SSL_GETPID(), fd));
-        return PR_FAILURE;
-    }
-    SSL_LOCK_READER(ss);
-    SSL_LOCK_WRITER(ss);
-
-    rv = (PRStatus)(*ss->ops->bind)(ss, addr);
-
-    SSL_UNLOCK_WRITER(ss);
-    SSL_UNLOCK_READER(ss);
-    return rv;
-}
-
-static PRStatus PR_CALLBACK
-ssl_Listen(PRFileDesc *fd, PRIntn backlog)
-{
-    sslSocket *ss = ssl_GetPrivate(fd);
-    PRStatus rv;
-
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in listen", SSL_GETPID(), fd));
-        return PR_FAILURE;
-    }
-    SSL_LOCK_READER(ss);
-    SSL_LOCK_WRITER(ss);
-
-    rv = (PRStatus)(*ss->ops->listen)(ss, backlog);
-
-    SSL_UNLOCK_WRITER(ss);
-    SSL_UNLOCK_READER(ss);
-    return rv;
-}
-
-static PRStatus PR_CALLBACK
-ssl_Shutdown(PRFileDesc *fd, PRIntn how)
-{
-    sslSocket *ss = ssl_GetPrivate(fd);
-    PRStatus rv;
-
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in shutdown", SSL_GETPID(), fd));
-        return PR_FAILURE;
-    }
-    if (how == PR_SHUTDOWN_RCV || how == PR_SHUTDOWN_BOTH) {
-        SSL_LOCK_READER(ss);
-    }
-    if (how == PR_SHUTDOWN_SEND || how == PR_SHUTDOWN_BOTH) {
-        SSL_LOCK_WRITER(ss);
-    }
-
-    rv = (PRStatus)(*ss->ops->shutdown)(ss, how);
-
-    if (how == PR_SHUTDOWN_SEND || how == PR_SHUTDOWN_BOTH) {
-        SSL_UNLOCK_WRITER(ss);
-    }
-    if (how == PR_SHUTDOWN_RCV || how == PR_SHUTDOWN_BOTH) {
-        SSL_UNLOCK_READER(ss);
-    }
-    return rv;
-}
-
-static PRStatus PR_CALLBACK
-ssl_Close(PRFileDesc *fd)
-{
-    sslSocket *ss;
-    PRStatus rv;
-
-    ss = ssl_GetPrivate(fd);
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in close", SSL_GETPID(), fd));
-        return PR_FAILURE;
-    }
-
-    /* There must not be any I/O going on */
-    SSL_LOCK_READER(ss);
-    SSL_LOCK_WRITER(ss);
-
-    /* By the time this function returns,
-    ** ss is an invalid pointer, and the locks to which it points have
-    ** been unlocked and freed.  So, this is the ONE PLACE in all of SSL
-    ** where the LOCK calls and the corresponding UNLOCK calls are not in
-    ** the same function scope.  The unlock calls are in ssl_FreeSocket().
-    */
-    rv = (PRStatus)(*ss->ops->close)(ss);
-
-    return rv;
-}
-
-static int PR_CALLBACK
-ssl_Recv(PRFileDesc *fd, void *buf, PRInt32 len, PRIntn flags,
-         PRIntervalTime timeout)
-{
-    sslSocket *ss;
-    int rv;
-
-    ss = ssl_GetPrivate(fd);
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in recv", SSL_GETPID(), fd));
-        return SECFailure;
-    }
-    SSL_LOCK_READER(ss);
-    ss->rTimeout = timeout;
-    if (!ss->opt.fdx)
-        ss->wTimeout = timeout;
-    rv = (*ss->ops->recv)(ss, (unsigned char *)buf, len, flags);
-    SSL_UNLOCK_READER(ss);
-    return rv;
-}
-
-static int PR_CALLBACK
-ssl_Send(PRFileDesc *fd, const void *buf, PRInt32 len, PRIntn flags,
-         PRIntervalTime timeout)
-{
-    sslSocket *ss;
-    int rv;
-
-    ss = ssl_GetPrivate(fd);
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in send", SSL_GETPID(), fd));
-        return SECFailure;
-    }
-    SSL_LOCK_WRITER(ss);
-    ss->wTimeout = timeout;
-    if (!ss->opt.fdx)
-        ss->rTimeout = timeout;
-    rv = (*ss->ops->send)(ss, (const unsigned char *)buf, len, flags);
-    SSL_UNLOCK_WRITER(ss);
-    return rv;
-}
-
-static int PR_CALLBACK
-ssl_Read(PRFileDesc *fd, void *buf, PRInt32 len)
-{
-    sslSocket *ss;
-    int rv;
-
-    ss = ssl_GetPrivate(fd);
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in read", SSL_GETPID(), fd));
-        return SECFailure;
-    }
-    SSL_LOCK_READER(ss);
-    ss->rTimeout = PR_INTERVAL_NO_TIMEOUT;
-    if (!ss->opt.fdx)
-        ss->wTimeout = PR_INTERVAL_NO_TIMEOUT;
-    rv = (*ss->ops->read)(ss, (unsigned char *)buf, len);
-    SSL_UNLOCK_READER(ss);
-    return rv;
-}
-
-static int PR_CALLBACK
-ssl_Write(PRFileDesc *fd, const void *buf, PRInt32 len)
-{
-    sslSocket *ss;
-    int rv;
-
-    ss = ssl_GetPrivate(fd);
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in write", SSL_GETPID(), fd));
-        return SECFailure;
-    }
-    SSL_LOCK_WRITER(ss);
-    ss->wTimeout = PR_INTERVAL_NO_TIMEOUT;
-    if (!ss->opt.fdx)
-        ss->rTimeout = PR_INTERVAL_NO_TIMEOUT;
-    rv = (*ss->ops->write)(ss, (const unsigned char *)buf, len);
-    SSL_UNLOCK_WRITER(ss);
-    return rv;
-}
-
-static PRStatus PR_CALLBACK
-ssl_GetPeerName(PRFileDesc *fd, PRNetAddr *addr)
-{
-    sslSocket *ss;
-
-    ss = ssl_GetPrivate(fd);
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in getpeername", SSL_GETPID(), fd));
-        return PR_FAILURE;
-    }
-    return (PRStatus)(*ss->ops->getpeername)(ss, addr);
-}
-
-/*
-*/
-SECStatus
-ssl_GetPeerInfo(sslSocket *ss)
-{
-    PRFileDesc *osfd;
-    int rv;
-    PRNetAddr sin;
-
-    osfd = ss->fd->lower;
-
-    PORT_Memset(&sin, 0, sizeof(sin));
-    rv = osfd->methods->getpeername(osfd, &sin);
-    if (rv < 0) {
-        return SECFailure;
-    }
-    ss->TCPconnected = 1;
-    if (sin.inet.family == PR_AF_INET) {
-        PR_ConvertIPv4AddrToIPv6(sin.inet.ip, &ss->sec.ci.peer);
-        ss->sec.ci.port = sin.inet.port;
-    } else if (sin.ipv6.family == PR_AF_INET6) {
-        ss->sec.ci.peer = sin.ipv6.ip;
-        ss->sec.ci.port = sin.ipv6.port;
-    } else {
-        PORT_SetError(PR_ADDRESS_NOT_SUPPORTED_ERROR);
-        return SECFailure;
-    }
-    return SECSuccess;
-}
-
-static PRStatus PR_CALLBACK
-ssl_GetSockName(PRFileDesc *fd, PRNetAddr *name)
-{
-    sslSocket *ss;
-
-    ss = ssl_GetPrivate(fd);
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in getsockname", SSL_GETPID(), fd));
-        return PR_FAILURE;
-    }
-    return (PRStatus)(*ss->ops->getsockname)(ss, name);
-}
-
-SECStatus
-SSL_SetStapledOCSPResponses(PRFileDesc *fd, const SECItemArray *responses,
-                            SSLKEAType kea)
-{
-    sslSocket *ss;
-
-    ss = ssl_FindSocket(fd);
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetStapledOCSPResponses",
-                 SSL_GETPID(), fd));
-        return SECFailure;
-    }
-
-    if (kea <= 0 || kea >= kt_kea_size) {
-        SSL_DBG(("%d: SSL[%d]: invalid key type in SSL_SetStapledOCSPResponses",
-                 SSL_GETPID(), fd));
-        return SECFailure;
-    }
-
-    if (ss->certStatusArray[kea]) {
-        SECITEM_FreeArray(ss->certStatusArray[kea], PR_TRUE);
-        ss->certStatusArray[kea] = NULL;
-    }
-    if (responses) {
-        ss->certStatusArray[kea] = SECITEM_DupArray(NULL, responses);
-    }
-    return (ss->certStatusArray[kea] || !responses) ? SECSuccess : SECFailure;
-}
-
-SECStatus
-SSL_SetSignedCertTimestamps(PRFileDesc *fd, const SECItem *scts, SSLKEAType kea)
-{
-    sslSocket *ss;
-
-    ss = ssl_FindSocket(fd);
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSignedCertTimestamps",
-                 SSL_GETPID(), fd));
-        return SECFailure;
-    }
-
-    if (kea <= 0 || kea >= kt_kea_size) {
-        SSL_DBG(("%d: SSL[%d]: invalid key type in SSL_SetSignedCertTimestamps",
-                 SSL_GETPID(), fd));
-        return SECFailure;
-    }
-
-    if (ss->signedCertTimestamps[kea].data) {
-        SECITEM_FreeItem(&ss->signedCertTimestamps[kea], PR_FALSE);
-    }
-
-    if (!scts) {
-        return SECSuccess;
-    }
-
-    return SECITEM_CopyItem(NULL, &ss->signedCertTimestamps[kea], scts);
-}
-
-SECStatus
-SSL_SetSockPeerID(PRFileDesc *fd, const char *peerID)
-{
-    sslSocket *ss;
-
-    ss = ssl_FindSocket(fd);
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSockPeerID",
-                 SSL_GETPID(), fd));
-        return SECFailure;
-    }
-
-    if (ss->peerID) {
-        PORT_Free(ss->peerID);
-        ss->peerID = NULL;
-    }
-    if (peerID)
-        ss->peerID = PORT_Strdup(peerID);
-    return (ss->peerID || !peerID) ? SECSuccess : SECFailure;
-}
-
-#define PR_POLL_RW (PR_POLL_WRITE | PR_POLL_READ)
-
-static PRInt16 PR_CALLBACK
-ssl_Poll(PRFileDesc *fd, PRInt16 how_flags, PRInt16 *p_out_flags)
-{
-    sslSocket *ss;
-    PRInt16 new_flags = how_flags; /* should select on these flags. */
-    PRNetAddr addr;
-
-    *p_out_flags = 0;
-    ss = ssl_GetPrivate(fd);
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_Poll",
-                 SSL_GETPID(), fd));
-        return 0; /* don't poll on this socket */
-    }
-
-    if (ss->opt.useSecurity &&
-        ss->handshaking != sslHandshakingUndetermined &&
-        !ss->firstHsDone &&
-        (how_flags & PR_POLL_RW)) {
-        if (!ss->TCPconnected) {
-            ss->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ss, &addr));
-        }
-        /* If it's not connected, then presumably the application is polling
-        ** on read or write appropriately, so don't change it.
-        */
-        if (ss->TCPconnected) {
-            if (!ss->handshakeBegun) {
-                /* If the handshake has not begun, poll on read or write
-                ** based on the local application's role in the handshake,
-                ** not based on what the application requested.
-                */
-                new_flags &= ~PR_POLL_RW;
-                if (ss->handshaking == sslHandshakingAsClient) {
-                    new_flags |= PR_POLL_WRITE;
-                } else { /* handshaking as server */
-                    new_flags |= PR_POLL_READ;
-                }
-            } else
-                /* First handshake is in progress */
-                if (ss->lastWriteBlocked) {
-                if (new_flags & PR_POLL_READ) {
-                    /* The caller is waiting for data to be received,
-                    ** but the initial handshake is blocked on write, or the
-                    ** client's first handshake record has not been written.
-                    ** The code should select on write, not read.
-                    */
-                    new_flags ^= PR_POLL_READ;  /* don't select on read. */
-                    new_flags |= PR_POLL_WRITE; /* do    select on write. */
-                }
-            } else if (new_flags & PR_POLL_WRITE) {
-                /* The caller is trying to write, but the handshake is
-                ** blocked waiting for data to read, and the first
-                ** handshake has been sent.  So do NOT to poll on write
-                ** unless we did false start.
-                */
-                if (!(ss->version >= SSL_LIBRARY_VERSION_3_0 &&
-                      ss->ssl3.hs.canFalseStart)) {
-                    new_flags ^= PR_POLL_WRITE; /* don't select on write. */
-                }
-                new_flags |= PR_POLL_READ; /* do    select on read. */
-            }
-        }
-    } else if ((new_flags & PR_POLL_READ) && (SSL_DataPending(fd) > 0)) {
-        *p_out_flags = PR_POLL_READ; /* it's ready already. */
-        return new_flags;
-    } else if ((ss->lastWriteBlocked) && (how_flags & PR_POLL_READ) &&
-               (ss->pendingBuf.len != 0)) { /* write data waiting to be sent */
-        new_flags |= PR_POLL_WRITE;         /* also select on write. */
-    }
-
-    if (ss->version >= SSL_LIBRARY_VERSION_3_0 &&
-        ss->ssl3.hs.restartTarget != NULL) {
-        /* Read and write will block until the asynchronous callback completes
-         * (e.g. until SSL_AuthCertificateComplete is called), so don't tell
-         * the caller to poll the socket unless there is pending write data.
-         */
-        if (ss->lastWriteBlocked && ss->pendingBuf.len != 0) {
-            /* Ignore any newly-received data on the socket, but do wait for
-             * the socket to become writable again. Here, it is OK for an error
-             * to be detected, because our logic for sending pending write data
-             * will allow us to report the error to the caller without the risk
-             * of the application spinning.
-             */
-            new_flags &= (PR_POLL_WRITE | PR_POLL_EXCEPT);
-        } else {
-            /* Unfortunately, clearing new_flags will make it impossible for
-             * the application to detect errors that it would otherwise be
-             * able to detect with PR_POLL_EXCEPT, until the asynchronous
-             * callback completes. However, we must clear all the flags to
-             * prevent the application from spinning (alternating between
-             * calling PR_Poll that would return PR_POLL_EXCEPT, and send/recv
-             * which won't actually report the I/O error while we are waiting
-             * for the asynchronous callback to complete).
-             */
-            new_flags = 0;
-        }
-    }
-
-    if (new_flags && (fd->lower->methods->poll != NULL)) {
-        PRInt16 lower_out_flags = 0;
-        PRInt16 lower_new_flags;
-        lower_new_flags = fd->lower->methods->poll(fd->lower, new_flags,
-                                                   &lower_out_flags);
-        if ((lower_new_flags & lower_out_flags) && (how_flags != new_flags)) {
-            PRInt16 out_flags = lower_out_flags & ~PR_POLL_RW;
-            if (lower_out_flags & PR_POLL_READ)
-                out_flags |= PR_POLL_WRITE;
-            if (lower_out_flags & PR_POLL_WRITE)
-                out_flags |= PR_POLL_READ;
-            *p_out_flags = out_flags;
-            new_flags = how_flags;
-        } else {
-            *p_out_flags = lower_out_flags;
-            new_flags = lower_new_flags;
-        }
-    }
-
-    return new_flags;
-}
-
-static PRInt32 PR_CALLBACK
-ssl_TransmitFile(PRFileDesc *sd, PRFileDesc *fd,
-                 const void *headers, PRInt32 hlen,
-                 PRTransmitFileFlags flags, PRIntervalTime timeout)
-{
-    PRSendFileData sfd;
-
-    sfd.fd = fd;
-    sfd.file_offset = 0;
-    sfd.file_nbytes = 0;
-    sfd.header = headers;
-    sfd.hlen = hlen;
-    sfd.trailer = NULL;
-    sfd.tlen = 0;
-
-    return sd->methods->sendfile(sd, &sfd, flags, timeout);
-}
-
-PRBool
-ssl_FdIsBlocking(PRFileDesc *fd)
-{
-    PRSocketOptionData opt;
-    PRStatus status;
-
-    opt.option = PR_SockOpt_Nonblocking;
-    opt.value.non_blocking = PR_FALSE;
-    status = PR_GetSocketOption(fd, &opt);
-    if (status != PR_SUCCESS)
-        return PR_FALSE;
-    return (PRBool)!opt.value.non_blocking;
-}
-
-PRBool
-ssl_SocketIsBlocking(sslSocket *ss)
-{
-    return ssl_FdIsBlocking(ss->fd);
-}
-
-PRInt32 sslFirstBufSize = 8 * 1024;
-PRInt32 sslCopyLimit = 1024;
-
-static PRInt32 PR_CALLBACK
-ssl_WriteV(PRFileDesc *fd, const PRIOVec *iov, PRInt32 vectors,
-           PRIntervalTime timeout)
-{
-    PRInt32 i;
-    PRInt32 bufLen;
-    PRInt32 left;
-    PRInt32 rv;
-    PRInt32 sent = 0;
-    const PRInt32 first_len = sslFirstBufSize;
-    const PRInt32 limit = sslCopyLimit;
-    PRBool blocking;
-    PRIOVec myIov = { 0, 0 };
-    char buf[MAX_FRAGMENT_LENGTH];
-
-    if (vectors < 0) {
-        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
-        return -1;
-    }
-    if (vectors > PR_MAX_IOVECTOR_SIZE) {
-        PORT_SetError(PR_BUFFER_OVERFLOW_ERROR);
-        return -1;
-    }
-    for (i = 0; i < vectors; i++) {
-        if (iov[i].iov_len < 0) {
-            PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
-            return -1;
-        }
-    }
-    blocking = ssl_FdIsBlocking(fd);
-
-#define K16 sizeof(buf)
-#define KILL_VECTORS                   \
-    while (vectors && !iov->iov_len) { \
-        ++iov;                         \
-        --vectors;                     \
-    }
-#define GET_VECTOR      \
-    do {                \
-        myIov = *iov++; \
-        --vectors;      \
-        KILL_VECTORS    \
-    } while (0)
-#define HANDLE_ERR(rv, len)                                    \
-    if (rv != len) {                                           \
-        if (rv < 0) {                                          \
-            if (!blocking &&                                   \
-                (PR_GetError() == PR_WOULD_BLOCK_ERROR) &&     \
-                (sent > 0)) {                                  \
-                return sent;                                   \
-            } else {                                           \
-                return -1;                                     \
-            }                                                  \
-        }                                                      \
-        /* Only a nonblocking socket can have partial sends */ \
-        PR_ASSERT(!blocking);                                  \
-        return sent + rv;                                      \
-    }
-#define SEND(bfr, len)                           \
-    do {                                         \
-        rv = ssl_Send(fd, bfr, len, 0, timeout); \
-        HANDLE_ERR(rv, len)                      \
-        sent += len;                             \
-    } while (0)
-
-    /* Make sure the first write is at least 8 KB, if possible. */
-    KILL_VECTORS
-    if (!vectors)
-        return ssl_Send(fd, 0, 0, 0, timeout);
-    GET_VECTOR;
-    if (!vectors) {
-        return ssl_Send(fd, myIov.iov_base, myIov.iov_len, 0, timeout);
-    }
-    if (myIov.iov_len < first_len) {
-        PORT_Memcpy(buf, myIov.iov_base, myIov.iov_len);
-        bufLen = myIov.iov_len;
-        left = first_len - bufLen;
-        while (vectors && left) {
-            int toCopy;
-            GET_VECTOR;
-            toCopy = PR_MIN(left, myIov.iov_len);
-            PORT_Memcpy(buf + bufLen, myIov.iov_base, toCopy);
-            bufLen += toCopy;
-            left -= toCopy;
-            myIov.iov_base += toCopy;
-            myIov.iov_len -= toCopy;
-        }
-        SEND(buf, bufLen);
-    }
-
-    while (vectors || myIov.iov_len) {
-        PRInt32 addLen;
-        if (!myIov.iov_len) {
-            GET_VECTOR;
-        }
-        while (myIov.iov_len >= K16) {
-            SEND(myIov.iov_base, K16);
-            myIov.iov_base += K16;
-            myIov.iov_len -= K16;
-        }
-        if (!myIov.iov_len)
-            continue;
-
-        if (!vectors || myIov.iov_len > limit) {
-            addLen = 0;
-        } else if ((addLen = iov->iov_len % K16) + myIov.iov_len <= limit) {
-            /* Addlen is already computed. */;
-        } else if (vectors > 1 &&
-                   iov[1].iov_len % K16 + addLen + myIov.iov_len <= 2 * limit) {
-            addLen = limit - myIov.iov_len;
-        } else
-            addLen = 0;
-
-        if (!addLen) {
-            SEND(myIov.iov_base, myIov.iov_len);
-            myIov.iov_len = 0;
-            continue;
-        }
-        PORT_Memcpy(buf, myIov.iov_base, myIov.iov_len);
-        bufLen = myIov.iov_len;
-        do {
-            GET_VECTOR;
-            PORT_Memcpy(buf + bufLen, myIov.iov_base, addLen);
-            myIov.iov_base += addLen;
-            myIov.iov_len -= addLen;
-            bufLen += addLen;
-
-            left = PR_MIN(limit, K16 - bufLen);
-            if (!vectors             /* no more left */
-                || myIov.iov_len > 0 /* we didn't use that one all up */
-                || bufLen >= K16 /* it's full. */) {
-                addLen = 0;
-            } else if ((addLen = iov->iov_len % K16) <= left) {
-                /* Addlen is already computed. */;
-            } else if (vectors > 1 &&
-                       iov[1].iov_len % K16 + addLen <= left + limit) {
-                addLen = left;
-            } else
-                addLen = 0;
-
-        } while (addLen);
-        SEND(buf, bufLen);
-    }
-    return sent;
-}
-
-/*
- * These functions aren't implemented.
- */
-
-static PRInt32 PR_CALLBACK
-ssl_Available(PRFileDesc *fd)
-{
-    PORT_Assert(0);
-    PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
-    return SECFailure;
-}
-
-static PRInt64 PR_CALLBACK
-ssl_Available64(PRFileDesc *fd)
-{
-    PRInt64 res;
-
-    PORT_Assert(0);
-    PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
-    LL_I2L(res, -1L);
-    return res;
-}
-
-static PRStatus PR_CALLBACK
-ssl_FSync(PRFileDesc *fd)
-{
-    PORT_Assert(0);
-    PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
-    return PR_FAILURE;
-}
-
-static PRInt32 PR_CALLBACK
-ssl_Seek(PRFileDesc *fd, PRInt32 offset, PRSeekWhence how)
-{
-    PORT_Assert(0);
-    PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
-    return SECFailure;
-}
-
-static PRInt64 PR_CALLBACK
-ssl_Seek64(PRFileDesc *fd, PRInt64 offset, PRSeekWhence how)
-{
-    PRInt64 res;
-
-    PORT_Assert(0);
-    PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
-    LL_I2L(res, -1L);
-    return res;
-}
-
-static PRStatus PR_CALLBACK
-ssl_FileInfo(PRFileDesc *fd, PRFileInfo *info)
-{
-    PORT_Assert(0);
-    PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
-    return PR_FAILURE;
-}
-
-static PRStatus PR_CALLBACK
-ssl_FileInfo64(PRFileDesc *fd, PRFileInfo64 *info)
-{
-    PORT_Assert(0);
-    PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
-    return PR_FAILURE;
-}
-
-static PRInt32 PR_CALLBACK
-ssl_RecvFrom(PRFileDesc *fd, void *buf, PRInt32 amount, PRIntn flags,
-             PRNetAddr *addr, PRIntervalTime timeout)
-{
-    PORT_Assert(0);
-    PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
-    return SECFailure;
-}
-
-static PRInt32 PR_CALLBACK
-ssl_SendTo(PRFileDesc *fd, const void *buf, PRInt32 amount, PRIntn flags,
-           const PRNetAddr *addr, PRIntervalTime timeout)
-{
-    PORT_Assert(0);
-    PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
-    return SECFailure;
-}
-
-static const PRIOMethods ssl_methods = {
-    PR_DESC_LAYERED,
-    ssl_Close,            /* close        */
-    ssl_Read,             /* read         */
-    ssl_Write,            /* write        */
-    ssl_Available,        /* available    */
-    ssl_Available64,      /* available64  */
-    ssl_FSync,            /* fsync        */
-    ssl_Seek,             /* seek         */
-    ssl_Seek64,           /* seek64       */
-    ssl_FileInfo,         /* fileInfo     */
-    ssl_FileInfo64,       /* fileInfo64   */
-    ssl_WriteV,           /* writev       */
-    ssl_Connect,          /* connect      */
-    ssl_Accept,           /* accept       */
-    ssl_Bind,             /* bind         */
-    ssl_Listen,           /* listen       */
-    ssl_Shutdown,         /* shutdown     */
-    ssl_Recv,             /* recv         */
-    ssl_Send,             /* send         */
-    ssl_RecvFrom,         /* recvfrom     */
-    ssl_SendTo,           /* sendto       */
-    ssl_Poll,             /* poll         */
-    PR_EmulateAcceptRead, /* acceptread   */
-    ssl_TransmitFile,     /* transmitfile */
-    ssl_GetSockName,      /* getsockname  */
-    ssl_GetPeerName,      /* getpeername  */
-    NULL,                 /* getsockopt   OBSOLETE */
-    NULL,                 /* setsockopt   OBSOLETE */
-    NULL,                 /* getsocketoption   */
-    NULL,                 /* setsocketoption   */
-    PR_EmulateSendFile,   /* Send a (partial) file with header/trailer*/
-    NULL,                 /* reserved for future use */
-    NULL,                 /* reserved for future use */
-    NULL,                 /* reserved for future use */
-    NULL,                 /* reserved for future use */
-    NULL                  /* reserved for future use */
-};
-
-static PRIOMethods combined_methods;
-
-static void
-ssl_SetupIOMethods(void)
-{
-    PRIOMethods *new_methods = &combined_methods;
-    const PRIOMethods *nspr_methods = PR_GetDefaultIOMethods();
-    const PRIOMethods *my_methods = &ssl_methods;
-
-    *new_methods = *nspr_methods;
-
-    new_methods->file_type = my_methods->file_type;
-    new_methods->close = my_methods->close;
-    new_methods->read = my_methods->read;
-    new_methods->write = my_methods->write;
-    new_methods->available = my_methods->available;
-    new_methods->available64 = my_methods->available64;
-    new_methods->fsync = my_methods->fsync;
-    new_methods->seek = my_methods->seek;
-    new_methods->seek64 = my_methods->seek64;
-    new_methods->fileInfo = my_methods->fileInfo;
-    new_methods->fileInfo64 = my_methods->fileInfo64;
-    new_methods->writev = my_methods->writev;
-    new_methods->connect = my_methods->connect;
-    new_methods->accept = my_methods->accept;
-    new_methods->bind = my_methods->bind;
-    new_methods->listen = my_methods->listen;
-    new_methods->shutdown = my_methods->shutdown;
-    new_methods->recv = my_methods->recv;
-    new_methods->send = my_methods->send;
-    new_methods->recvfrom = my_methods->recvfrom;
-    new_methods->sendto = my_methods->sendto;
-    new_methods->poll = my_methods->poll;
-    new_methods->acceptread = my_methods->acceptread;
-    new_methods->transmitfile = my_methods->transmitfile;
-    new_methods->getsockname = my_methods->getsockname;
-    new_methods->getpeername = my_methods->getpeername;
-    /*  new_methods->getsocketoption   = my_methods->getsocketoption;       */
-    /*  new_methods->setsocketoption   = my_methods->setsocketoption;       */
-    new_methods->sendfile = my_methods->sendfile;
-}
-
-static PRCallOnceType initIoLayerOnce;
-
-static PRStatus
-ssl_InitIOLayer(void)
-{
-    ssl_layer_id = PR_GetUniqueIdentity("SSL");
-    ssl_SetupIOMethods();
-    ssl_inited = PR_TRUE;
-    return PR_SUCCESS;
-}
-
-static PRStatus
-ssl_PushIOLayer(sslSocket *ns, PRFileDesc *stack, PRDescIdentity id)
-{
-    PRFileDesc *layer = NULL;
-    PRStatus status;
-
-    if (!ssl_inited) {
-        status = PR_CallOnce(&initIoLayerOnce, &ssl_InitIOLayer);
-        if (status != PR_SUCCESS)
-            goto loser;
-    }
-
-    if (ns == NULL)
-        goto loser;
-
-    layer = PR_CreateIOLayerStub(ssl_layer_id, &combined_methods);
-    if (layer == NULL)
-        goto loser;
-    layer->secret = (PRFilePrivate *)ns;
-
-    /* Here, "stack" points to the PRFileDesc on the top of the stack.
-    ** "layer" points to a new FD that is to be inserted into the stack.
-    ** If layer is being pushed onto the top of the stack, then
-    ** PR_PushIOLayer switches the contents of stack and layer, and then
-    ** puts stack on top of layer, so that after it is done, the top of
-    ** stack is the same "stack" as it was before, and layer is now the
-    ** FD for the former top of stack.
-    ** After this call, stack always points to the top PRFD on the stack.
-    ** If this function fails, the contents of stack and layer are as
-    ** they were before the call.
-    */
-    status = PR_PushIOLayer(stack, id, layer);
-    if (status != PR_SUCCESS)
-        goto loser;
-
-    ns->fd = (id == PR_TOP_IO_LAYER) ? stack : layer;
-    return PR_SUCCESS;
-
-loser:
-    if (layer) {
-        layer->dtor(layer); /* free layer */
-    }
-    return PR_FAILURE;
-}
-
-/* if this fails, caller must destroy socket. */
-static SECStatus
-ssl_MakeLocks(sslSocket *ss)
-{
-    ss->firstHandshakeLock = PZ_NewMonitor(nssILockSSL);
-    if (!ss->firstHandshakeLock)
-        goto loser;
-    ss->ssl3HandshakeLock = PZ_NewMonitor(nssILockSSL);
-    if (!ss->ssl3HandshakeLock)
-        goto loser;
-    ss->specLock = NSSRWLock_New(SSL_LOCK_RANK_SPEC, NULL);
-    if (!ss->specLock)
-        goto loser;
-    ss->recvBufLock = PZ_NewMonitor(nssILockSSL);
-    if (!ss->recvBufLock)
-        goto loser;
-    ss->xmitBufLock = PZ_NewMonitor(nssILockSSL);
-    if (!ss->xmitBufLock)
-        goto loser;
-    ss->writerThread = NULL;
-    if (ssl_lock_readers) {
-        ss->recvLock = PZ_NewLock(nssILockSSL);
-        if (!ss->recvLock)
-            goto loser;
-        ss->sendLock = PZ_NewLock(nssILockSSL);
-        if (!ss->sendLock)
-            goto loser;
-    }
-    return SECSuccess;
-loser:
-    ssl_DestroyLocks(ss);
-    return SECFailure;
-}
-
-#if defined(XP_UNIX) || defined(XP_WIN32) || defined(XP_BEOS)
-#define NSS_HAVE_GETENV 1
-#endif
-
-#define LOWER(x) (x | 0x20) /* cheap ToLower function ignores LOCALE */
-
-static void
-ssl_SetDefaultsFromEnvironment(void)
-{
-#if defined(NSS_HAVE_GETENV)
-    static int firsttime = 1;
-
-    if (firsttime) {
-        char *ev;
-        firsttime = 0;
-#ifdef DEBUG
-        ev = PR_GetEnvSecure("SSLDEBUGFILE");
-        if (ev && ev[0]) {
-            ssl_trace_iob = fopen(ev, "w");
-        }
-        if (!ssl_trace_iob) {
-            ssl_trace_iob = stderr;
-        }
-#ifdef TRACE
-        ev = PR_GetEnvSecure("SSLTRACE");
-        if (ev && ev[0]) {
-            ssl_trace = atoi(ev);
-            SSL_TRACE(("SSL: tracing set to %d", ssl_trace));
-        }
-#endif /* TRACE */
-        ev = PR_GetEnvSecure("SSLDEBUG");
-        if (ev && ev[0]) {
-            ssl_debug = atoi(ev);
-            SSL_TRACE(("SSL: debugging set to %d", ssl_debug));
-        }
-#endif /* DEBUG */
-        ev = PR_GetEnvSecure("SSLKEYLOGFILE");
-        if (ev && ev[0]) {
-            ssl_keylog_iob = fopen(ev, "a");
-            if (!ssl_keylog_iob) {
-                SSL_TRACE(("SSL: failed to open key log file"));
-            } else {
-                if (ftell(ssl_keylog_iob) == 0) {
-                    fputs("# SSL/TLS secrets log file, generated by NSS\n",
-                          ssl_keylog_iob);
-                }
-                SSL_TRACE(("SSL: logging SSL/TLS secrets to %s", ev));
-            }
-        }
-#ifndef NO_PKCS11_BYPASS
-        ev = PR_GetEnvSecure("SSLBYPASS");
-        if (ev && ev[0]) {
-            ssl_defaults.bypassPKCS11 = (ev[0] == '1');
-            SSL_TRACE(("SSL: bypass default set to %d",
-                       ssl_defaults.bypassPKCS11));
-        }
-#endif /* NO_PKCS11_BYPASS */
-        ev = PR_GetEnvSecure("SSLFORCELOCKS");
-        if (ev && ev[0] == '1') {
-            ssl_force_locks = PR_TRUE;
-            ssl_defaults.noLocks = 0;
-            strcpy(lockStatus + LOCKSTATUS_OFFSET, "FORCED.  ");
-            SSL_TRACE(("SSL: force_locks set to %d", ssl_force_locks));
-        }
-        ev = PR_GetEnvSecure("NSS_SSL_ENABLE_RENEGOTIATION");
-        if (ev) {
-            if (ev[0] == '1' || LOWER(ev[0]) == 'u')
-                ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_UNRESTRICTED;
-            else if (ev[0] == '0' || LOWER(ev[0]) == 'n')
-                ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_NEVER;
-            else if (ev[0] == '2' || LOWER(ev[0]) == 'r')
-                ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_REQUIRES_XTN;
-            else if (ev[0] == '3' || LOWER(ev[0]) == 't')
-                ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_TRANSITIONAL;
-            SSL_TRACE(("SSL: enableRenegotiation set to %d",
-                       ssl_defaults.enableRenegotiation));
-        }
-        ev = PR_GetEnvSecure("NSS_SSL_REQUIRE_SAFE_NEGOTIATION");
-        if (ev && ev[0] == '1') {
-            ssl_defaults.requireSafeNegotiation = PR_TRUE;
-            SSL_TRACE(("SSL: requireSafeNegotiation set to %d",
-                       PR_TRUE));
-        }
-        ev = PR_GetEnvSecure("NSS_SSL_CBC_RANDOM_IV");
-        if (ev && ev[0] == '0') {
-            ssl_defaults.cbcRandomIV = PR_FALSE;
-            SSL_TRACE(("SSL: cbcRandomIV set to 0"));
-        }
-    }
-#endif /* NSS_HAVE_GETENV */
-}
-
-/*
-** Create a newsocket structure for a file descriptor.
-*/
-static sslSocket *
-ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant)
-{
-    sslSocket *ss;
-
-    ssl_SetDefaultsFromEnvironment();
-
-    if (ssl_force_locks)
-        makeLocks = PR_TRUE;
-
-    /* Make a new socket and get it ready */
-    ss = (sslSocket *)PORT_ZAlloc(sizeof(sslSocket));
-    if (ss) {
-        /* This should be of type SSLKEAType, but CC on IRIX
-         * complains during the for loop.
-         */
-        int i;
-        SECStatus status;
-
-        ss->opt = ssl_defaults;
-        ss->opt.useSocks = PR_FALSE;
-        ss->opt.noLocks = !makeLocks;
-        ss->vrange = *VERSIONS_DEFAULTS(protocolVariant);
-        ss->protocolVariant = protocolVariant;
-
-        ss->peerID = NULL;
-        ss->rTimeout = PR_INTERVAL_NO_TIMEOUT;
-        ss->wTimeout = PR_INTERVAL_NO_TIMEOUT;
-        ss->cTimeout = PR_INTERVAL_NO_TIMEOUT;
-        ss->cipherSpecs = NULL;
-        ss->sizeCipherSpecs = 0; /* produced lazily */
-        ss->preferredCipher = NULL;
-        ss->url = NULL;
-
-        for (i = kt_null; i < kt_kea_size; i++) {
-            sslServerCerts *sc = ss->serverCerts + i;
-            sc->serverCert = NULL;
-            sc->serverCertChain = NULL;
-            sc->serverKeyPair = NULL;
-            sc->serverKeyBits = 0;
-            ss->certStatusArray[i] = NULL;
-        }
-        ss->requestedCertTypes = NULL;
-        ss->stepDownKeyPair = NULL;
-
-        ss->dheParams = NULL;
-        ss->dheKeyPair = NULL;
-
-        ss->dbHandle = CERT_GetDefaultCertDB();
-
-        /* Provide default implementation of hooks */
-        ss->authCertificate = SSL_AuthCertificate;
-        ss->authCertificateArg = (void *)ss->dbHandle;
-        ss->sniSocketConfig = NULL;
-        ss->sniSocketConfigArg = NULL;
-        ss->getClientAuthData = NULL;
-        ss->handleBadCert = NULL;
-        ss->badCertArg = NULL;
-        ss->pkcs11PinArg = NULL;
-        ss->ephemeralECDHKeyPair = NULL;
-        ss->getChannelID = NULL;
-        ss->getChannelIDArg = NULL;
-
-        ssl_ChooseOps(ss);
-        ssl2_InitSocketPolicy(ss);
-        ssl3_InitSocketPolicy(ss);
-        PR_INIT_CLIST(&ss->ssl3.hs.lastMessageFlight);
-        PR_INIT_CLIST(&ss->ssl3.hs.remoteKeyShares);
-
-        if (makeLocks) {
-            status = ssl_MakeLocks(ss);
-            if (status != SECSuccess)
-                goto loser;
-        }
-        status = ssl_CreateSecurityInfo(ss);
-        if (status != SECSuccess)
-            goto loser;
-        status = ssl_InitGather(&ss->gs);
-        if (status != SECSuccess) {
-        loser:
-            ssl_DestroySocketContents(ss);
-            ssl_DestroyLocks(ss);
-            PORT_Free(ss);
-            ss = NULL;
-        }
-    }
-    return ss;
-}
diff --git a/chromium/net/third_party/nss/ssl/sslt.h b/chromium/net/third_party/nss/ssl/sslt.h
deleted file mode 100644
index 6f26e5fd917..00000000000
--- a/chromium/net/third_party/nss/ssl/sslt.h
+++ /dev/null
@@ -1,269 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
-/*
- * This file contains prototypes for the public SSL functions.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef __sslt_h_
-#define __sslt_h_
-
-#include "prtypes.h"
-
-typedef struct SSL3StatisticsStr {
-    /* statistics from ssl3_SendClientHello (sch) */
-    long sch_sid_cache_hits;
-    long sch_sid_cache_misses;
-    long sch_sid_cache_not_ok;
-
-    /* statistics from ssl3_HandleServerHello (hsh) */
-    long hsh_sid_cache_hits;
-    long hsh_sid_cache_misses;
-    long hsh_sid_cache_not_ok;
-
-    /* statistics from ssl3_HandleClientHello (hch) */
-    long hch_sid_cache_hits;
-    long hch_sid_cache_misses;
-    long hch_sid_cache_not_ok;
-
-    /* statistics related to stateless resume */
-    long sch_sid_stateless_resumes;
-    long hsh_sid_stateless_resumes;
-    long hch_sid_stateless_resumes;
-    long hch_sid_ticket_parse_failures;
-} SSL3Statistics;
-
-/* Key Exchange algorithm values */
-typedef enum {
-    ssl_kea_null = 0,
-    ssl_kea_rsa = 1,
-    ssl_kea_dh = 2,
-    ssl_kea_fortezza = 3, /* deprecated, now unused */
-    ssl_kea_ecdh = 4,
-    ssl_kea_size /* number of ssl_kea_ algorithms */
-} SSLKEAType;
-
-/* The following defines are for backwards compatibility.
-** They will be removed in a forthcoming release to reduce namespace pollution.
-** programs that use the kt_ symbols should convert to the ssl_kt_ symbols
-** soon.
-*/
-#define kt_null ssl_kea_null
-#define kt_rsa ssl_kea_rsa
-#define kt_dh ssl_kea_dh
-#define kt_fortezza ssl_kea_fortezza /* deprecated, now unused */
-#define kt_ecdh ssl_kea_ecdh
-#define kt_kea_size ssl_kea_size
-
-/* Values of this enum match the SignatureAlgorithm enum from
- * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
-typedef enum {
-    ssl_sign_null = 0, /* "anonymous" in TLS */
-    ssl_sign_rsa = 1,
-    ssl_sign_dsa = 2,
-    ssl_sign_ecdsa = 3
-} SSLSignType;
-
-/* Values of this enum match the HashAlgorithm enum from
- * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
-typedef enum {
-    /* ssl_hash_none is used internally to mean the pre-1.2 combination of MD5
-     * and SHA1. The other values are only used in TLS 1.2. */
-    ssl_hash_none = 0,
-    ssl_hash_md5 = 1,
-    ssl_hash_sha1 = 2,
-    ssl_hash_sha224 = 3,
-    ssl_hash_sha256 = 4,
-    ssl_hash_sha384 = 5,
-    ssl_hash_sha512 = 6
-} SSLHashType;
-
-typedef struct SSLSignatureAndHashAlgStr {
-    SSLHashType hashAlg;
-    SSLSignType sigAlg;
-} SSLSignatureAndHashAlg;
-
-typedef enum {
-    ssl_auth_null = 0,
-    ssl_auth_rsa = 1,
-    ssl_auth_dsa = 2,
-    ssl_auth_kea = 3,
-    ssl_auth_ecdsa = 4
-} SSLAuthType;
-
-typedef enum {
-    ssl_calg_null = 0,
-    ssl_calg_rc4 = 1,
-    ssl_calg_rc2 = 2,
-    ssl_calg_des = 3,
-    ssl_calg_3des = 4,
-    ssl_calg_idea = 5,
-    ssl_calg_fortezza = 6, /* deprecated, now unused */
-    ssl_calg_aes = 7,
-    ssl_calg_camellia = 8,
-    ssl_calg_seed = 9,
-    ssl_calg_aes_gcm = 10,
-    ssl_calg_chacha20 = 11
-} SSLCipherAlgorithm;
-
-typedef enum {
-    ssl_mac_null = 0,
-    ssl_mac_md5 = 1,
-    ssl_mac_sha = 2,
-    ssl_hmac_md5 = 3, /* TLS HMAC version of mac_md5 */
-    ssl_hmac_sha = 4, /* TLS HMAC version of mac_sha */
-    ssl_hmac_sha256 = 5,
-    ssl_mac_aead = 6
-} SSLMACAlgorithm;
-
-typedef enum {
-    ssl_compression_null = 0,
-    ssl_compression_deflate = 1 /* RFC 3749 */
-} SSLCompressionMethod;
-
-typedef struct SSLChannelInfoStr {
-    /* |length| is obsolete. On return, SSL_GetChannelInfo sets |length| to the
-     * smaller of the |len| argument and the length of the struct. The caller
-     * may ignore |length|. */
-    PRUint32 length;
-    PRUint16 protocolVersion;
-    PRUint16 cipherSuite;
-
-    /* server authentication info */
-    PRUint32 authKeyBits;
-
-    /* key exchange algorithm info */
-    PRUint32 keaKeyBits;
-
-    /* session info */
-    PRUint32 creationTime;    /* seconds since Jan 1, 1970 */
-    PRUint32 lastAccessTime;  /* seconds since Jan 1, 1970 */
-    PRUint32 expirationTime;  /* seconds since Jan 1, 1970 */
-    PRUint32 sessionIDLength; /* up to 32 */
-    PRUint8 sessionID[32];
-
-    /* The following fields are added in NSS 3.12.5. */
-
-    /* compression method info */
-    const char* compressionMethodName;
-    SSLCompressionMethod compressionMethod;
-
-    /* The following fields are added in NSS 3.21.
-     * This field only has meaning in TLS < 1.3 and will be set to
-     *  PR_FALSE in TLS 1.3.
-     */
-    PRBool extendedMasterSecretUsed;
-} SSLChannelInfo;
-
-/* Preliminary channel info */
-#define ssl_preinfo_version (1U << 0)
-#define ssl_preinfo_cipher_suite (1U << 1)
-#define ssl_preinfo_all (ssl_preinfo_version | ssl_preinfo_cipher_suite)
-
-typedef struct SSLPreliminaryChannelInfoStr {
-    /* |length| is obsolete. On return, SSL_GetPreliminaryChannelInfo sets
-     * |length| to the smaller of the |len| argument and the length of the
-     * struct. The caller may ignore |length|. */
-    PRUint32 length;
-    /* A bitfield over SSLPreliminaryValueSet that describes which
-     * preliminary values are set (see ssl_preinfo_*). */
-    PRUint32 valuesSet;
-    /* Protocol version: test (valuesSet & ssl_preinfo_version) */
-    PRUint16 protocolVersion;
-    /* Cipher suite: test (valuesSet & ssl_preinfo_cipher_suite) */
-    PRUint16 cipherSuite;
-} SSLPreliminaryChannelInfo;
-
-typedef struct SSLCipherSuiteInfoStr {
-    /* |length| is obsolete. On return, SSL_GetCipherSuitelInfo sets |length|
-     * to the smaller of the |len| argument and the length of the struct. The
-     * caller may ignore |length|. */
-    PRUint16 length;
-    PRUint16 cipherSuite;
-
-    /* Cipher Suite Name */
-    const char* cipherSuiteName;
-
-    /* server authentication info */
-    const char* authAlgorithmName;
-    SSLAuthType authAlgorithm;
-
-    /* key exchange algorithm info */
-    const char* keaTypeName;
-    SSLKEAType keaType;
-
-    /* symmetric encryption info */
-    const char* symCipherName;
-    SSLCipherAlgorithm symCipher;
-    PRUint16 symKeyBits;
-    PRUint16 symKeySpace;
-    PRUint16 effectiveKeyBits;
-
-    /* MAC info */
-    /* AEAD ciphers don't have a MAC. For an AEAD cipher, macAlgorithmName
-     * is "AEAD", macAlgorithm is ssl_mac_aead, and macBits is the length in
-     * bits of the authentication tag. */
-    const char* macAlgorithmName;
-    SSLMACAlgorithm macAlgorithm;
-    PRUint16 macBits;
-
-    PRUintn isFIPS : 1;
-    PRUintn isExportable : 1;
-    PRUintn nonStandard : 1;
-    PRUintn reservedBits : 29;
-
-} SSLCipherSuiteInfo;
-
-typedef enum {
-    ssl_variant_stream = 0,
-    ssl_variant_datagram = 1
-} SSLProtocolVariant;
-
-typedef struct SSLVersionRangeStr {
-    PRUint16 min;
-    PRUint16 max;
-} SSLVersionRange;
-
-typedef enum {
-    SSL_sni_host_name = 0,
-    SSL_sni_type_total
-} SSLSniNameType;
-
-/* Supported extensions. */
-/* Update SSL_MAX_EXTENSIONS whenever a new extension type is added. */
-typedef enum {
-    ssl_server_name_xtn = 0,
-    ssl_cert_status_xtn = 5,
-#ifndef NSS_DISABLE_ECC
-    ssl_elliptic_curves_xtn = 10,
-    ssl_ec_point_formats_xtn = 11,
-#endif
-    ssl_signature_algorithms_xtn = 13,
-    ssl_use_srtp_xtn = 14,
-    ssl_app_layer_protocol_xtn = 16,
-    /* signed_certificate_timestamp extension, RFC 6962 */
-    ssl_signed_cert_timestamp_xtn = 18,
-    ssl_padding_xtn = 21,
-    ssl_extended_master_secret_xtn = 23,
-    ssl_session_ticket_xtn = 35,
-    ssl_tls13_key_share_xtn = 40, /* unofficial TODO(ekr) */
-    ssl_next_proto_nego_xtn = 13172,
-    ssl_channel_id_xtn = 30032,
-    ssl_renegotiation_info_xtn = 0xff01,
-    ssl_tls13_draft_version_xtn = 0xff02 /* experimental number */
-} SSLExtensionType;
-
-#define SSL_MAX_EXTENSIONS 15 /* doesn't include ssl_padding_xtn. */
-
-typedef enum {
-    ssl_dhe_group_none = 0,
-    ssl_ff_dhe_2048_group = 1,
-    ssl_ff_dhe_3072_group = 2,
-    ssl_ff_dhe_4096_group = 3,
-    ssl_ff_dhe_6144_group = 4,
-    ssl_ff_dhe_8192_group = 5,
-    ssl_dhe_group_max
-} SSLDHEGroupType;
-
-#endif /* __sslt_h_ */
diff --git a/chromium/net/third_party/nss/ssl/ssltrace.c b/chromium/net/third_party/nss/ssl/ssltrace.c
deleted file mode 100644
index 6be9a6da350..00000000000
--- a/chromium/net/third_party/nss/ssl/ssltrace.c
+++ /dev/null
@@ -1,238 +0,0 @@
-/*
- * Functions to trace SSL protocol behavior in DEBUG builds.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-#include <stdarg.h>
-#include "cert.h"
-#include "ssl.h"
-#include "sslimpl.h"
-#include "sslproto.h"
-#include "prprf.h"
-
-#if defined(DEBUG) || defined(TRACE)
-static const char *hex = "0123456789abcdef";
-
-static const char printable[257] = {
-    "................"  /* 0x */
-    "................"  /* 1x */
-    " !\"#$%&'()*+,-./" /* 2x */
-    "0123456789:;<=>?"  /* 3x */
-    "@ABCDEFGHIJKLMNO"  /* 4x */
-    "PQRSTUVWXYZ[\\]^_" /* 5x */
-    "`abcdefghijklmno"  /* 6x */
-    "pqrstuvwxyz{|}~."  /* 7x */
-    "................"  /* 8x */
-    "................"  /* 9x */
-    "................"  /* ax */
-    "................"  /* bx */
-    "................"  /* cx */
-    "................"  /* dx */
-    "................"  /* ex */
-    "................"  /* fx */
-};
-
-void
-ssl_PrintBuf(sslSocket *ss, const char *msg, const void *vp, int len)
-{
-    const unsigned char *cp = (const unsigned char *)vp;
-    char buf[80];
-    char *bp;
-    char *ap;
-
-    if (ss) {
-        SSL_TRACE(("%d: SSL[%d]: %s [Len: %d]", SSL_GETPID(), ss->fd,
-                   msg, len));
-    } else {
-        SSL_TRACE(("%d: SSL: %s [Len: %d]", SSL_GETPID(), msg, len));
-    }
-    memset(buf, ' ', sizeof buf);
-    bp = buf;
-    ap = buf + 50;
-    while (--len >= 0) {
-        unsigned char ch = *cp++;
-        *bp++ = hex[(ch >> 4) & 0xf];
-        *bp++ = hex[ch & 0xf];
-        *bp++ = ' ';
-        *ap++ = printable[ch];
-        if (ap - buf >= 66) {
-            *ap = 0;
-            SSL_TRACE(("   %s", buf));
-            memset(buf, ' ', sizeof buf);
-            bp = buf;
-            ap = buf + 50;
-        }
-    }
-    if (bp > buf) {
-        *ap = 0;
-        SSL_TRACE(("   %s", buf));
-    }
-}
-
-#define LEN(cp) (((cp)[0] << 8) | ((cp)[1]))
-
-static void
-PrintType(sslSocket *ss, char *msg)
-{
-    if (ss) {
-        SSL_TRACE(("%d: SSL[%d]: dump-msg: %s", SSL_GETPID(), ss->fd, msg));
-    } else {
-        SSL_TRACE(("%d: SSL: dump-msg: %s", SSL_GETPID(), msg));
-    }
-}
-
-static void
-PrintInt(sslSocket *ss, char *msg, unsigned v)
-{
-    if (ss) {
-        SSL_TRACE(("%d: SSL[%d]:           %s=%u", SSL_GETPID(), ss->fd, msg, v));
-    } else {
-        SSL_TRACE(("%d: SSL:           %s=%u", SSL_GETPID(), msg, v));
-    }
-}
-
-/* PrintBuf is just like ssl_PrintBuf above, except that:
- * a) It prefixes each line of the buffer with "XX: SSL[xxx]           "
- * b) It dumps only hex, not ASCII.
- */
-static void
-PrintBuf(sslSocket *ss, char *msg, unsigned char *cp, int len)
-{
-    char buf[80];
-    char *bp;
-
-    if (ss) {
-        SSL_TRACE(("%d: SSL[%d]:           %s [Len: %d]",
-                   SSL_GETPID(), ss->fd, msg, len));
-    } else {
-        SSL_TRACE(("%d: SSL:           %s [Len: %d]",
-                   SSL_GETPID(), msg, len));
-    }
-    bp = buf;
-    while (--len >= 0) {
-        unsigned char ch = *cp++;
-        *bp++ = hex[(ch >> 4) & 0xf];
-        *bp++ = hex[ch & 0xf];
-        *bp++ = ' ';
-        if (bp + 4 > buf + 50) {
-            *bp = 0;
-            if (ss) {
-                SSL_TRACE(("%d: SSL[%d]:             %s",
-                           SSL_GETPID(), ss->fd, buf));
-            } else {
-                SSL_TRACE(("%d: SSL:             %s", SSL_GETPID(), buf));
-            }
-            bp = buf;
-        }
-    }
-    if (bp > buf) {
-        *bp = 0;
-        if (ss) {
-            SSL_TRACE(("%d: SSL[%d]:             %s",
-                       SSL_GETPID(), ss->fd, buf));
-        } else {
-            SSL_TRACE(("%d: SSL:             %s", SSL_GETPID(), buf));
-        }
-    }
-}
-
-void
-ssl_DumpMsg(sslSocket *ss, unsigned char *bp, unsigned len)
-{
-    switch (bp[0]) {
-        case SSL_MT_ERROR:
-            PrintType(ss, "Error");
-            PrintInt(ss, "error", LEN(bp + 1));
-            break;
-
-        case SSL_MT_CLIENT_HELLO: {
-            unsigned lcs = LEN(bp + 3);
-            unsigned ls = LEN(bp + 5);
-            unsigned lc = LEN(bp + 7);
-
-            PrintType(ss, "Client-Hello");
-
-            PrintInt(ss, "version (Major)", bp[1]);
-            PrintInt(ss, "version (minor)", bp[2]);
-
-            PrintBuf(ss, "cipher-specs", bp + 9, lcs);
-            PrintBuf(ss, "session-id", bp + 9 + lcs, ls);
-            PrintBuf(ss, "challenge", bp + 9 + lcs + ls, lc);
-        } break;
-        case SSL_MT_CLIENT_MASTER_KEY: {
-            unsigned lck = LEN(bp + 4);
-            unsigned lek = LEN(bp + 6);
-            unsigned lka = LEN(bp + 8);
-
-            PrintType(ss, "Client-Master-Key");
-
-            PrintInt(ss, "cipher-choice", bp[1]);
-            PrintInt(ss, "key-length", LEN(bp + 2));
-
-            PrintBuf(ss, "clear-key", bp + 10, lck);
-            PrintBuf(ss, "encrypted-key", bp + 10 + lck, lek);
-            PrintBuf(ss, "key-arg", bp + 10 + lck + lek, lka);
-        } break;
-        case SSL_MT_CLIENT_FINISHED:
-            PrintType(ss, "Client-Finished");
-            PrintBuf(ss, "connection-id", bp + 1, len - 1);
-            break;
-        case SSL_MT_SERVER_HELLO: {
-            unsigned lc = LEN(bp + 5);
-            unsigned lcs = LEN(bp + 7);
-            unsigned lci = LEN(bp + 9);
-
-            PrintType(ss, "Server-Hello");
-
-            PrintInt(ss, "session-id-hit", bp[1]);
-            PrintInt(ss, "certificate-type", bp[2]);
-            PrintInt(ss, "version (Major)", bp[3]);
-            PrintInt(ss, "version (minor)", bp[3]);
-            PrintBuf(ss, "certificate", bp + 11, lc);
-            PrintBuf(ss, "cipher-specs", bp + 11 + lc, lcs);
-            PrintBuf(ss, "connection-id", bp + 11 + lc + lcs, lci);
-        } break;
-        case SSL_MT_SERVER_VERIFY:
-            PrintType(ss, "Server-Verify");
-            PrintBuf(ss, "challenge", bp + 1, len - 1);
-            break;
-        case SSL_MT_SERVER_FINISHED:
-            PrintType(ss, "Server-Finished");
-            PrintBuf(ss, "session-id", bp + 1, len - 1);
-            break;
-        case SSL_MT_REQUEST_CERTIFICATE:
-            PrintType(ss, "Request-Certificate");
-            PrintInt(ss, "authentication-type", bp[1]);
-            PrintBuf(ss, "certificate-challenge", bp + 2, len - 2);
-            break;
-        case SSL_MT_CLIENT_CERTIFICATE: {
-            unsigned lc = LEN(bp + 2);
-            unsigned lr = LEN(bp + 4);
-            PrintType(ss, "Client-Certificate");
-            PrintInt(ss, "certificate-type", bp[1]);
-            PrintBuf(ss, "certificate", bp + 6, lc);
-            PrintBuf(ss, "response", bp + 6 + lc, lr);
-        } break;
-        default:
-            ssl_PrintBuf(ss, "sending *unknown* message type", bp, len);
-            return;
-    }
-}
-
-void
-ssl_Trace(const char *format, ...)
-{
-    char buf[2000];
-    va_list args;
-
-    if (ssl_trace_iob) {
-        va_start(args, format);
-        PR_vsnprintf(buf, sizeof(buf), format, args);
-        va_end(args);
-
-        fputs(buf, ssl_trace_iob);
-        fputs("\n", ssl_trace_iob);
-    }
-}
-#endif
diff --git a/chromium/net/third_party/nss/ssl/sslver.c b/chromium/net/third_party/nss/ssl/sslver.c
deleted file mode 100644
index 666e2592243..00000000000
--- a/chromium/net/third_party/nss/ssl/sslver.c
+++ /dev/null
@@ -1,18 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-/* Library identity and versioning */
-
-#include "nss.h"
-
-#if defined(DEBUG)
-#define _DEBUG_STRING " (debug)"
-#else
-#define _DEBUG_STRING ""
-#endif
-
-/*
- * Version information
- */
-const char __nss_ssl_version[] = "Version: NSS " NSS_VERSION _DEBUG_STRING;
diff --git a/chromium/net/third_party/nss/ssl/tls13con.c b/chromium/net/third_party/nss/ssl/tls13con.c
deleted file mode 100644
index 4bb136a5eef..00000000000
--- a/chromium/net/third_party/nss/ssl/tls13con.c
+++ /dev/null
@@ -1,2059 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
-/*
- * TLS 1.3 Protocol
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "stdarg.h"
-#include "cert.h"
-#include "ssl.h"
-#include "keyhi.h"
-#include "pk11func.h"
-#include "secitem.h"
-#include "sslimpl.h"
-#include "sslproto.h"
-#include "sslerr.h"
-#include "tls13hkdf.h"
-#include "tls13con.h"
-
-typedef enum {
-    TrafficKeyEarlyData,
-    TrafficKeyHandshake,
-    TrafficKeyApplicationData
-} TrafficKeyType;
-
-typedef enum {
-    InstallCipherSpecRead,
-    InstallCipherSpecWrite,
-    InstallCipherSpecBoth
-} InstallCipherSpecDirection;
-
-#define MAX_FINISHED_SIZE 64
-
-static SECStatus tls13_InitializeHandshakeEncryption(sslSocket *ss);
-static SECStatus tls13_InstallCipherSpec(
-    sslSocket *ss, InstallCipherSpecDirection direction);
-static SECStatus tls13_InitCipherSpec(
-    sslSocket *ss, TrafficKeyType type, InstallCipherSpecDirection install);
-static SECStatus tls13_AESGCM(
-    ssl3KeyMaterial *keys,
-    PRBool doDecrypt,
-    unsigned char *out, int *outlen, int maxout,
-    const unsigned char *in, int inlen,
-    const unsigned char *additionalData, int additionalDataLen);
-static SECStatus tls13_SendEncryptedExtensions(sslSocket *ss);
-static SECStatus tls13_HandleEncryptedExtensions(sslSocket *ss, SSL3Opaque *b,
-                                                 PRUint32 length);
-static SECStatus tls13_HandleCertificate(
-    sslSocket *ss, SSL3Opaque *b, PRUint32 length);
-static SECStatus tls13_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b,
-                                                PRUint32 length);
-static SECStatus tls13_HandleCertificateStatus(sslSocket *ss, SSL3Opaque *b,
-                                               PRUint32 length);
-static SECStatus tls13_HandleCertificateVerify(
-    sslSocket *ss, SSL3Opaque *b, PRUint32 length,
-    SSL3Hashes *hashes);
-static SECStatus tls13_HkdfExtractSharedKey(sslSocket *ss, PK11SymKey *key,
-                                            SharedSecretType keyType);
-static SECStatus tls13_SendFinished(sslSocket *ss);
-static SECStatus tls13_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length,
-                                      const SSL3Hashes *hashes);
-static SECStatus tls13_HandleNewSessionTicket(sslSocket *ss, SSL3Opaque *b,
-                                              PRUint32 length);
-static SECStatus tls13_ComputeSecrets1(sslSocket *ss);
-static SECStatus tls13_ComputeFinished(
-    sslSocket *ss, const SSL3Hashes *hashes,
-    PRBool sending,
-    PRUint8 *output, unsigned int *outputLen,
-    unsigned int maxOutputLen);
-static SECStatus tls13_SendClientSecondRound(sslSocket *ss);
-static SECStatus tls13_FinishHandshake(sslSocket *ss);
-
-const char kHkdfLabelExpandedSs[] = "expanded static secret";
-const char kHkdfLabelExpandedEs[] = "expanded ephemeral secret";
-const char kHkdfLabelMasterSecret[] = "master secret";
-const char kHkdfLabelTrafficSecret[] = "traffic secret";
-const char kHkdfLabelClientFinishedSecret[] = "client finished";
-const char kHkdfLabelServerFinishedSecret[] = "server finished";
-const char kHkdfLabelResumptionMasterSecret[] = "resumption master secret";
-const char kHkdfLabelExporterMasterSecret[] = "exporter master secret";
-const char kHkdfPhaseEarlyHandshakeDataKeys[] = "early handshake key expansion";
-const char kHkdfPhaseEarlyApplicationDataKeys[] = "early application data key expansion";
-const char kHkdfPhaseHandshakeKeys[] = "handshake key expansion";
-const char kHkdfPhaseApplicationDataKeys[] = "application data key expansion";
-const char kHkdfPurposeClientWriteKey[] = "client write key";
-const char kHkdfPurposeServerWriteKey[] = "server write key";
-const char kHkdfPurposeClientWriteIv[] = "client write iv";
-const char kHkdfPurposeServerWriteIv[] = "server write iv";
-const char kClientFinishedLabel[] = "client finished";
-const char kServerFinishedLabel[] = "server finished";
-
-const SSL3ProtocolVersion kRecordVersion = 0x0301U;
-
-#define FATAL_ERROR(ss, prError, desc)                                             \
-    do {                                                                           \
-        SSL_TRC(3, ("%d: TLS13[%d]: fatal error %d in %s (%s:%d)",                 \
-                    SSL_GETPID(), ss->fd, prError, __func__, __FILE__, __LINE__)); \
-        tls13_FatalError(ss, prError, desc);                                       \
-    } while (0)
-
-#define UNIMPLEMENTED()                                                   \
-    do {                                                                  \
-        SSL_TRC(3, ("%d: TLS13[%d]: unimplemented feature in %s (%s:%d)", \
-                    SSL_GETPID(), ss->fd, __func__, __FILE__, __LINE__)); \
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);                         \
-        PORT_Assert(0);                                                   \
-        return SECFailure;                                                \
-    } while (0)
-
-void
-tls13_FatalError(sslSocket *ss, PRErrorCode prError, SSL3AlertDescription desc)
-{
-    PORT_Assert(desc != internal_error); /* These should never happen */
-    (void)SSL3_SendAlert(ss, alert_fatal, desc);
-    PORT_SetError(prError);
-}
-
-#ifdef TRACE
-#define STATE_CASE(a) \
-    case a:           \
-        return #a
-static char *
-tls13_HandshakeState(SSL3WaitState st)
-{
-    switch (st) {
-        STATE_CASE(wait_client_hello);
-        STATE_CASE(wait_client_cert);
-        STATE_CASE(wait_cert_verify);
-        STATE_CASE(wait_finished);
-        STATE_CASE(wait_server_hello);
-        STATE_CASE(wait_certificate_status);
-        STATE_CASE(wait_server_cert);
-        STATE_CASE(wait_cert_request);
-        STATE_CASE(wait_encrypted_extensions);
-        STATE_CASE(idle_handshake);
-        default:
-            break;
-    }
-    PORT_Assert(0);
-    return "unknown";
-}
-#endif
-
-#define TLS13_WAIT_STATE_MASK 0x80
-
-#define TLS13_BASE_WAIT_STATE(ws) (ws & ~TLS13_WAIT_STATE_MASK)
-/* We don't mask idle_handshake because other parts of the code use it*/
-#define TLS13_WAIT_STATE(ws) (ws == idle_handshake ? ws : ws | TLS13_WAIT_STATE_MASK)
-#define TLS13_CHECK_HS_STATE(ss, err, ...)                          \
-    tls13_CheckHsState(ss, err, #err, __func__, __FILE__, __LINE__, \
-                       __VA_ARGS__,                                 \
-                       wait_invalid)
-void
-tls13_SetHsState(sslSocket *ss, SSL3WaitState ws,
-                 const char *func, const char *file, int line)
-{
-#ifdef TRACE
-    const char *new_state_name =
-        tls13_HandshakeState(ws);
-
-    SSL_TRC(3, ("%d: TLS13[%d]: state change from %s->%s in %s (%s:%d)",
-                SSL_GETPID(), ss->fd,
-                tls13_HandshakeState(TLS13_BASE_WAIT_STATE(ss->ssl3.hs.ws)),
-                new_state_name,
-                func, file, line));
-#endif
-
-    ss->ssl3.hs.ws = TLS13_WAIT_STATE(ws);
-}
-
-static PRBool
-tls13_InHsStateV(sslSocket *ss, va_list ap)
-{
-    SSL3WaitState ws;
-
-    while ((ws = va_arg(ap, SSL3WaitState)) != wait_invalid) {
-        if (ws == TLS13_BASE_WAIT_STATE(ss->ssl3.hs.ws)) {
-            return PR_TRUE;
-        }
-    }
-    return PR_FALSE;
-}
-
-PRBool
-tls13_InHsState(sslSocket *ss, ...)
-{
-    PRBool found;
-    va_list ap;
-
-    va_start(ap, ss);
-    found = tls13_InHsStateV(ss, ap);
-    va_end(ap);
-
-    return found;
-}
-
-static SECStatus
-tls13_CheckHsState(sslSocket *ss, int err, const char *error_name,
-                   const char *func, const char *file, int line,
-                   ...)
-{
-    va_list ap;
-    va_start(ap, line);
-    if (tls13_InHsStateV(ss, ap)) {
-        va_end(ap);
-        return SECSuccess;
-    }
-    va_end(ap);
-
-    SSL_TRC(3, ("%d: TLS13[%d]: error %s state is (%s) at %s (%s:%d)",
-                SSL_GETPID(), ss->fd,
-                error_name,
-                tls13_HandshakeState(TLS13_BASE_WAIT_STATE(ss->ssl3.hs.ws)),
-                func, file, line));
-    tls13_FatalError(ss, err, unexpected_message);
-    return SECFailure;
-}
-
-SSLHashType
-tls13_GetHash(sslSocket *ss)
-{
-    /* TODO(ekr@rtfm.com): This needs to actually be looked up. */
-    return ssl_hash_sha256;
-}
-
-CK_MECHANISM_TYPE
-tls13_GetHkdfMechanism(sslSocket *ss)
-{
-    /* TODO(ekr@rtfm.com): This needs to actually be looked up. */
-    return CKM_NSS_HKDF_SHA256;
-}
-
-static CK_MECHANISM_TYPE
-tls13_GetHmacMechanism(sslSocket *ss)
-{
-    /* TODO(ekr@rtfm.com): This needs to actually be looked up. */
-    return CKM_SHA256_HMAC;
-}
-
-/*
- * Called from ssl3_SendClientHello
- */
-SECStatus
-tls13_SetupClientHello(sslSocket *ss)
-{
-    SECStatus rv;
-    /* TODO(ekr@rtfm.com): Handle multiple curves here. */
-    ECName curves_to_try[] = { ec_secp256r1 };
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
-
-    PORT_Assert(!ss->ephemeralECDHKeyPair);
-
-    rv = ssl3_CreateECDHEphemeralKeyPair(curves_to_try[0],
-                                         &ss->ephemeralECDHKeyPair);
-    if (rv != SECSuccess)
-        return rv;
-
-    return SECSuccess;
-}
-
-static SECStatus
-tls13_HandleECDHEKeyShare(sslSocket *ss,
-                          TLS13KeyShareEntry *entry,
-                          SECKEYPrivateKey *privKey,
-                          SharedSecretType type)
-{
-    SECStatus rv;
-    SECKEYPublicKey *peerKey;
-    PK11SymKey *shared;
-
-    peerKey = tls13_ImportECDHKeyShare(ss, entry->key_exchange.data,
-                                       entry->key_exchange.len,
-                                       entry->group);
-    if (!peerKey)
-        return SECFailure; /* Error code set already. */
-
-    /* Compute shared key. */
-    shared = tls13_ComputeECDHSharedKey(ss, privKey, peerKey);
-    SECKEY_DestroyPublicKey(peerKey);
-    if (!shared) {
-        return SECFailure; /* Error code set already. */
-    }
-
-    /* Extract key. */
-    rv = tls13_HkdfExtractSharedKey(ss, shared, type);
-    PK11_FreeSymKey(shared);
-
-    return rv;
-}
-
-SECStatus
-tls13_HandlePostHelloHandshakeMessage(sslSocket *ss, SSL3Opaque *b,
-                                      PRUint32 length, SSL3Hashes *hashesPtr)
-{
-    /* TODO(ekr@rtfm.com): Would it be better to check all the states here? */
-    switch (ss->ssl3.hs.msg_type) {
-        case certificate:
-            return tls13_HandleCertificate(ss, b, length);
-
-        case certificate_status:
-            return tls13_HandleCertificateStatus(ss, b, length);
-
-        case certificate_request:
-            return tls13_HandleCertificateRequest(ss, b, length);
-
-        case certificate_verify:
-            return tls13_HandleCertificateVerify(ss, b, length, hashesPtr);
-
-        case encrypted_extensions:
-            return tls13_HandleEncryptedExtensions(ss, b, length);
-
-        case new_session_ticket:
-            return tls13_HandleNewSessionTicket(ss, b, length);
-
-        case finished:
-            return tls13_HandleFinished(ss, b, length, hashesPtr);
-
-        default:
-            FATAL_ERROR(ss, SSL_ERROR_RX_UNKNOWN_HANDSHAKE, unexpected_message);
-            return SECFailure;
-    }
-
-    PORT_Assert(0); /* Unreached */
-    return SECFailure;
-}
-
-/* Called from ssl3_HandleClientHello.
- *
- * Caller must hold Handshake and RecvBuf locks.
- */
-SECStatus
-tls13_HandleClientKeyShare(sslSocket *ss)
-{
-    ECName expectedGroup;
-    SECStatus rv;
-    TLS13KeyShareEntry *found = NULL;
-    PRCList *cur_p;
-
-    SSL_TRC(3, ("%d: TLS13[%d]: handle client_key_share handshake",
-                SSL_GETPID(), ss->fd));
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    rv = ssl3_SetupPendingCipherSpec(ss);
-    if (rv != SECSuccess)
-        return SECFailure; /* Error code set below */
-
-    /* Figure out what group we expect */
-    switch (ss->ssl3.hs.kea_def->exchKeyType) {
-#ifndef NSS_DISABLE_ECC
-        case ssl_kea_ecdh:
-            expectedGroup = ssl3_GetCurveNameForServerSocket(ss);
-            if (!expectedGroup) {
-                FATAL_ERROR(ss, SSL_ERROR_NO_CYPHER_OVERLAP,
-                            handshake_failure);
-                return SECFailure;
-            }
-            break;
-#endif
-        default:
-            /* Got an unknown or unsupported Key Exchange Algorithm.
-             * Can't happen. */
-            FATAL_ERROR(ss, SEC_ERROR_UNSUPPORTED_KEYALG,
-                        internal_error);
-            return SECFailure;
-    }
-
-    /* Now walk through the keys until we find one for our group */
-    cur_p = PR_NEXT_LINK(&ss->ssl3.hs.remoteKeyShares);
-    while (cur_p != &ss->ssl3.hs.remoteKeyShares) {
-        TLS13KeyShareEntry *offer = (TLS13KeyShareEntry *)cur_p;
-
-        if (offer->group == expectedGroup) {
-            found = offer;
-            break;
-        }
-        cur_p = PR_NEXT_LINK(cur_p);
-    }
-
-    if (!found) {
-        /* No acceptable group. In future, we will need to correct the client.
-         * Currently just generate an error.
-         * TODO(ekr@rtfm.com): Write code to correct client.
-         */
-        FATAL_ERROR(ss, SSL_ERROR_NO_CYPHER_OVERLAP, handshake_failure);
-        return SECFailure;
-    }
-
-    /* Generate our key */
-    rv = ssl3_CreateECDHEphemeralKeyPair(expectedGroup, &ss->ephemeralECDHKeyPair);
-    if (rv != SECSuccess)
-        return rv;
-
-    ss->sec.keaType = ss->ssl3.hs.kea_def->exchKeyType;
-    ss->sec.keaKeyBits = SECKEY_PublicKeyStrengthInBits(
-        ss->ephemeralECDHKeyPair->pubKey);
-
-    /* Register the sender */
-    rv = ssl3_RegisterServerHelloExtensionSender(ss, ssl_tls13_key_share_xtn,
-                                                 tls13_ServerSendKeyShareXtn);
-    if (rv != SECSuccess)
-        return SECFailure; /* Error code set below */
-
-    rv = tls13_HandleECDHEKeyShare(ss, found,
-                                   ss->ephemeralECDHKeyPair->privKey,
-                                   EphemeralSharedSecret);
-    if (rv != SECSuccess)
-        return SECFailure; /* Error code set below */
-
-    return SECSuccess;
-}
-
-/*
- *     [draft-ietf-tls-tls13-11] Section 6.3.3.2
- *
- *     opaque DistinguishedName<1..2^16-1>;
- *
- *     struct {
- *         opaque certificate_extension_oid<1..2^8-1>;
- *         opaque certificate_extension_values<0..2^16-1>;
- *     } CertificateExtension;
- *
- *     struct {
- *         opaque certificate_request_context<0..2^8-1>;
- *         SignatureAndHashAlgorithm
- *           supported_signature_algorithms<2..2^16-2>;
- *         DistinguishedName certificate_authorities<0..2^16-1>;
- *         CertificateExtension certificate_extensions<0..2^16-1>;
- *     } CertificateRequest;
- */
-static SECStatus
-tls13_SendCertificateRequest(sslSocket *ss)
-{
-    SECStatus rv;
-    int calen;
-    SECItem *names;
-    int nnames;
-    SECItem *name;
-    int i;
-    PRUint8 sigAlgs[MAX_SIGNATURE_ALGORITHMS * 2];
-    unsigned int sigAlgsLength = 0;
-    int length;
-
-    SSL_TRC(3, ("%d: TLS13[%d]: begin send certificate_request",
-                SSL_GETPID(), ss->fd));
-
-    /* Fixed context value. */
-    ss->ssl3.hs.certReqContext[0] = 0;
-    ss->ssl3.hs.certReqContextLen = 1;
-
-    rv = ssl3_EncodeCertificateRequestSigAlgs(ss, sigAlgs, sizeof(sigAlgs),
-                                              &sigAlgsLength);
-    if (rv != SECSuccess) {
-        return rv;
-    }
-
-    ssl3_GetCertificateRequestCAs(ss, &calen, &names, &nnames);
-    length = 1 + ss->ssl3.hs.certReqContextLen +
-             2 + sigAlgsLength + 2 + calen + 2;
-
-    rv = ssl3_AppendHandshakeHeader(ss, certificate_request, length);
-    if (rv != SECSuccess) {
-        return rv; /* err set by AppendHandshake. */
-    }
-    rv = ssl3_AppendHandshakeVariable(ss, ss->ssl3.hs.certReqContext,
-                                      ss->ssl3.hs.certReqContextLen, 1);
-    if (rv != SECSuccess) {
-        return rv; /* err set by AppendHandshake. */
-    }
-    rv = ssl3_AppendHandshakeVariable(ss, sigAlgs, sigAlgsLength, 2);
-    if (rv != SECSuccess) {
-        return rv; /* err set by AppendHandshake. */
-    }
-    rv = ssl3_AppendHandshakeNumber(ss, calen, 2);
-    if (rv != SECSuccess) {
-        return rv; /* err set by AppendHandshake. */
-    }
-    for (i = 0, name = names; i < nnames; i++, name++) {
-        rv = ssl3_AppendHandshakeVariable(ss, name->data, name->len, 2);
-        if (rv != SECSuccess) {
-            return rv; /* err set by AppendHandshake. */
-        }
-    }
-    rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
-    if (rv != SECSuccess) {
-        return rv; /* err set by AppendHandshake. */
-    }
-
-    return SECSuccess;
-}
-
-static SECStatus
-tls13_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
-{
-    SECStatus rv;
-    SECItem context = { siBuffer, NULL, 0 };
-    SECItem algorithms = { siBuffer, NULL, 0 };
-    PLArenaPool *arena;
-    CERTDistNames ca_list;
-    PRInt32 extensionsLength;
-
-    SSL_TRC(3, ("%d: TLS13[%d]: handle certificate_request sequence",
-                SSL_GETPID(), ss->fd));
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    /* Client */
-    rv = TLS13_CHECK_HS_STATE(ss, SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST, wait_cert_request);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-
-    PORT_Assert(ss->ssl3.clientCertChain == NULL);
-    PORT_Assert(ss->ssl3.clientCertificate == NULL);
-    PORT_Assert(ss->ssl3.clientPrivateKey == NULL);
-
-    rv = ssl3_ConsumeHandshakeVariable(ss, &context, 1, &b, &length);
-    if (rv != SECSuccess)
-        return SECFailure;
-    PORT_Assert(sizeof(ss->ssl3.hs.certReqContext) == 255);
-    PORT_Memcpy(ss->ssl3.hs.certReqContext, context.data, context.len);
-    ss->ssl3.hs.certReqContextLen = context.len;
-
-    rv = ssl3_ConsumeHandshakeVariable(ss, &algorithms, 2, &b, &length);
-    if (rv != SECSuccess)
-        return SECFailure;
-
-    if (algorithms.len == 0 || (algorithms.len & 1) != 0) {
-        FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_CERT_REQUEST,
-                    illegal_parameter);
-        return SECFailure;
-    }
-
-    arena = ca_list.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-    if (!arena) {
-        FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
-        return SECFailure;
-    }
-
-    rv = ssl3_ParseCertificateRequestCAs(ss, &b, &length, arena, &ca_list);
-    if (rv != SECSuccess)
-        goto loser; /* alert sent below */
-
-    /* Verify that the extensions length is correct. */
-    extensionsLength = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
-    if (extensionsLength < 0) {
-        goto loser; /* alert sent below */
-    }
-    if (extensionsLength != length) {
-        FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_CERT_REQUEST,
-                    illegal_parameter);
-        goto loser;
-    }
-
-    TLS13_SET_HS_STATE(ss, wait_server_cert);
-
-    rv = ssl3_CompleteHandleCertificateRequest(ss, &algorithms, &ca_list);
-    if (rv != SECSuccess) {
-        FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
-        goto loser;
-    }
-
-    return SECSuccess;
-
-loser:
-    PORT_FreeArena(arena, PR_FALSE);
-    return SECFailure;
-}
-
-static SECStatus
-tls13_InitializeHandshakeEncryption(sslSocket *ss)
-{
-    SECStatus rv;
-
-    /* For all present cipher suites, SS = ES.
-     * TODO(ekr@rtfm.com): Revisit for 0-RTT. */
-    ss->ssl3.hs.xSS = PK11_ReferenceSymKey(ss->ssl3.hs.xES);
-    if (!ss->ssl3.hs.xSS) {
-        FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
-        return SECFailure;
-    }
-
-    rv = tls13_InitCipherSpec(ss, TrafficKeyHandshake,
-                              InstallCipherSpecBoth);
-    if (rv != SECSuccess) {
-        FATAL_ERROR(ss, SSL_ERROR_INIT_CIPHER_SUITE_FAILURE, internal_error);
-        return SECFailure;
-    }
-
-    return rv;
-}
-
-/* Called from:  ssl3_HandleClientHello */
-SECStatus
-tls13_SendServerHelloSequence(sslSocket *ss)
-{
-    SECStatus rv;
-    SSL3KEAType certIndex;
-
-    SSL_TRC(3, ("%d: TLS13[%d]: begin send server_hello sequence",
-                SSL_GETPID(), ss->fd));
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
-
-    rv = ssl3_SendServerHello(ss);
-    if (rv != SECSuccess) {
-        return rv; /* err code is set. */
-    }
-
-    rv = tls13_InitializeHandshakeEncryption(ss);
-    if (rv != SECSuccess) {
-        return SECFailure; /* error code is set. */
-    }
-
-    rv = tls13_SendEncryptedExtensions(ss);
-    if (rv != SECSuccess) {
-        return SECFailure; /* error code is set. */
-    }
-
-    if (ss->opt.requestCertificate) {
-        rv = tls13_SendCertificateRequest(ss);
-        if (rv != SECSuccess) {
-            return SECFailure; /* error code is set. */
-        }
-    }
-    rv = ssl3_SendCertificate(ss);
-    if (rv != SECSuccess) {
-        return SECFailure; /* error code is set. */
-    }
-    rv = ssl3_SendCertificateStatus(ss);
-    if (rv != SECSuccess) {
-        return SECFailure; /* error code is set. */
-    }
-
-    /* This was copied from: ssl3_SendCertificate.
-     * TODO(ekr@rtfm.com): Verify that this selection logic is correct.
-     * Bug 1237514.
-    */
-    if ((ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) ||
-        (ss->ssl3.hs.kea_def->kea == kea_dhe_rsa)) {
-        certIndex = kt_rsa;
-    } else {
-        certIndex = ss->ssl3.hs.kea_def->exchKeyType;
-    }
-    rv = ssl3_SendCertificateVerify(ss, ss->serverCerts[certIndex].SERVERKEY);
-    if (rv != SECSuccess) {
-        return rv; /* err code is set. */
-    }
-
-    /* Compute the rest of the secrets except for the resumption
-     * and exporter secret. */
-    rv = tls13_ComputeSecrets1(ss);
-    if (rv != SECSuccess) {
-        FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
-        return SECFailure;
-    }
-
-    rv = tls13_SendFinished(ss);
-    if (rv != SECSuccess) {
-        return rv; /* error code is set. */
-    }
-
-    TLS13_SET_HS_STATE(ss, ss->opt.requestCertificate ? wait_client_cert
-                                                      : wait_finished);
-
-    return SECSuccess;
-}
-
-/*
- * Called from ssl3_HandleServerHello.
- *
- * Caller must hold Handshake and RecvBuf locks.
- */
-SECStatus
-tls13_HandleServerKeyShare(sslSocket *ss)
-{
-    SECStatus rv;
-    ECName expectedGroup;
-    PRCList *cur_p;
-    TLS13KeyShareEntry *entry;
-
-    SSL_TRC(3, ("%d: TLS13[%d]: handle server_key_share handshake",
-                SSL_GETPID(), ss->fd));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    switch (ss->ssl3.hs.kea_def->exchKeyType) {
-#ifndef NSS_DISABLE_ECC
-        case ssl_kea_ecdh:
-            expectedGroup = ssl3_PubKey2ECName(ss->ephemeralECDHKeyPair->pubKey);
-            break;
-#endif /* NSS_DISABLE_ECC */
-        default:
-            FATAL_ERROR(ss, SEC_ERROR_UNSUPPORTED_KEYALG, handshake_failure);
-            return SECFailure;
-    }
-
-    /* This list should have one entry. */
-    cur_p = PR_NEXT_LINK(&ss->ssl3.hs.remoteKeyShares);
-    if (!cur_p) {
-        FATAL_ERROR(ss, SSL_ERROR_MISSING_KEY_SHARE, missing_extension);
-        return SECFailure;
-    }
-    PORT_Assert(PR_NEXT_LINK(cur_p) == &ss->ssl3.hs.remoteKeyShares);
-
-    entry = (TLS13KeyShareEntry *)cur_p;
-    if (entry->group != expectedGroup) {
-        FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_KEY_SHARE, illegal_parameter);
-        return SECFailure;
-    }
-
-    rv = tls13_HandleECDHEKeyShare(ss, entry,
-                                   ss->ephemeralECDHKeyPair->privKey,
-                                   EphemeralSharedSecret);
-
-    ss->sec.keaType = ss->ssl3.hs.kea_def->exchKeyType;
-    ss->sec.keaKeyBits = SECKEY_PublicKeyStrengthInBits(
-        ss->ephemeralECDHKeyPair->pubKey);
-
-    if (rv != SECSuccess)
-        return SECFailure; /* Error code set below */
-
-    return tls13_InitializeHandshakeEncryption(ss);
-}
-
-/* Called from tls13_CompleteHandleHandshakeMessage() when it has deciphered a complete
- * tls13 Certificate message.
- * Caller must hold Handshake and RecvBuf locks.
- */
-static SECStatus
-tls13_HandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
-{
-    SECStatus rv;
-    SECItem context = { siBuffer, NULL, 0 };
-
-    SSL_TRC(3, ("%d: TLS13[%d]: handle certificate handshake",
-                SSL_GETPID(), ss->fd));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    if (ss->sec.isServer) {
-        rv = TLS13_CHECK_HS_STATE(ss, SSL_ERROR_RX_UNEXPECTED_CERTIFICATE,
-                                  wait_client_cert);
-    } else {
-        rv = TLS13_CHECK_HS_STATE(ss, SSL_ERROR_RX_UNEXPECTED_CERTIFICATE,
-                                  wait_cert_request, wait_server_cert);
-    }
-    if (rv != SECSuccess)
-        return SECFailure;
-
-    /* Process the context string */
-    rv = ssl3_ConsumeHandshakeVariable(ss, &context, 1, &b, &length);
-    if (rv != SECSuccess)
-        return SECFailure;
-    if (!ss->sec.isServer) {
-        if (context.len) {
-            /* The server's context string MUST be empty */
-            FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_CERTIFICATE,
-                        illegal_parameter);
-            return SECFailure;
-        }
-    } else {
-        if (!context.len || context.len != ss->ssl3.hs.certReqContextLen ||
-            (NSS_SecureMemcmp(ss->ssl3.hs.certReqContext,
-                              context.data, context.len) != 0)) {
-            FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_CERTIFICATE,
-                        illegal_parameter);
-            return SECFailure;
-        }
-        context.len = 0; /* Belt and suspenders. Zero out the context. */
-    }
-
-    return ssl3_CompleteHandleCertificate(ss, b, length);
-}
-
-/* Called from tls13_CompleteHandleHandshakeMessage() when it has deciphered a complete
- * ssl3 CertificateStatus message.
- * Caller must hold Handshake and RecvBuf locks.
- */
-static SECStatus
-tls13_HandleCertificateStatus(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
-{
-    SECStatus rv;
-
-    rv = TLS13_CHECK_HS_STATE(ss, SSL_ERROR_RX_UNEXPECTED_CERT_STATUS,
-                              wait_certificate_status);
-    if (rv != SECSuccess)
-        return rv;
-
-    return ssl3_CompleteHandleCertificateStatus(ss, b, length);
-}
-
-/*
- * TODO(ekr@rtfm.com): This install logic needs renaming since it's
- * what happens at various stages of cipher spec setup. Legacy from ssl3con.c.
- */
-int
-tls13_InstallCipherSpec(sslSocket *ss, InstallCipherSpecDirection direction)
-{
-    SSL_TRC(3, ("%d: TLS13[%d]: Installing new cipher specs direction = %s",
-                SSL_GETPID(), ss->fd,
-                direction == InstallCipherSpecRead ? "read" : "write"));
-
-    PORT_Assert(!IS_DTLS(ss)); /* TODO(ekr@rtfm.com): Update for DTLS */
-    /* TODO(ekr@rtfm.com): Holddown timer for DTLS. */
-    ssl_GetSpecWriteLock(ss); /**************************************/
-
-    /* Flush out any old stuff in the handshake buffers */
-    switch (direction) {
-        case InstallCipherSpecWrite: {
-            ssl3CipherSpec *pwSpec;
-            pwSpec = ss->ssl3.pwSpec;
-
-            ss->ssl3.pwSpec = ss->ssl3.cwSpec;
-            ss->ssl3.cwSpec = pwSpec;
-            break;
-        } break;
-        case InstallCipherSpecRead: {
-            ssl3CipherSpec *prSpec;
-
-            prSpec = ss->ssl3.prSpec;
-            ss->ssl3.prSpec = ss->ssl3.crSpec;
-            ss->ssl3.crSpec = prSpec;
-        } break;
-        default:
-            PORT_Assert(0);
-            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-            ssl_ReleaseSpecWriteLock(ss); /**************************************/
-            return SECFailure;
-    }
-
-    /* If we are really through with the old cipher prSpec
-     * (Both the read and write sides have changed) destroy it.
-     */
-    if (ss->ssl3.prSpec == ss->ssl3.pwSpec) {
-        ssl3_DestroyCipherSpec(ss->ssl3.prSpec, PR_FALSE /*freeSrvName*/);
-    }
-    ssl_ReleaseSpecWriteLock(ss); /**************************************/
-
-    return SECSuccess;
-}
-
-/* Add context to the hash functions as described in
-   [draft-ietf-tls-tls13; Section 4.9.1] */
-SECStatus
-tls13_AddContextToHashes(sslSocket *ss, SSL3Hashes *hashes /* IN/OUT */,
-                         SSLHashType algorithm, PRBool sending)
-{
-    SECStatus rv = SECSuccess;
-    PK11Context *ctx;
-    const unsigned char context_padding[] = {
-        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
-        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
-        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
-        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
-        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
-        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
-        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
-        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
-    };
-    const char *client_cert_verify_string = "TLS 1.3, client CertificateVerify";
-    const char *server_cert_verify_string = "TLS 1.3, server CertificateVerify";
-    const char *context_string = (sending ^ ss->sec.isServer) ? client_cert_verify_string
-                                                              : server_cert_verify_string;
-    unsigned int hashlength;
-
-    /* Double check that we are doing SHA-256 for the handshake hash.*/
-    PORT_Assert(hashes->hashAlg == ssl_hash_sha256);
-    if (hashes->hashAlg != ssl_hash_sha256) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        goto loser;
-    }
-    PORT_Assert(hashes->len == 32);
-
-    ctx = PK11_CreateDigestContext(ssl3_TLSHashAlgorithmToOID(algorithm));
-    if (!ctx) {
-        PORT_SetError(SEC_ERROR_NO_MEMORY);
-        goto loser;
-    }
-
-    PORT_Assert(SECFailure);
-    PORT_Assert(!SECSuccess);
-
-    rv |= PK11_DigestBegin(ctx);
-    rv |= PK11_DigestOp(ctx, context_padding, sizeof(context_padding));
-    rv |= PK11_DigestOp(ctx, (unsigned char *)context_string,
-                        strlen(context_string) + 1); /* +1 includes the terminating 0 */
-    rv |= PK11_DigestOp(ctx, hashes->u.raw, hashes->len);
-    /* Update the hash in-place */
-    rv |= PK11_DigestFinal(ctx, hashes->u.raw, &hashlength, sizeof(hashes->u.raw));
-    PK11_DestroyContext(ctx, PR_TRUE);
-    PRINT_BUF(90, (NULL, "TLS 1.3 hash with context", hashes->u.raw, hashlength));
-
-    hashes->len = hashlength;
-    hashes->hashAlg = algorithm;
-
-    if (rv) {
-        ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
-        goto loser;
-    }
-    return SECSuccess;
-
-loser:
-    return SECFailure;
-}
-
-static SECStatus
-tls13_HkdfExtractSharedKey(sslSocket *ss, PK11SymKey *key,
-                           SharedSecretType keyType)
-{
-    PK11SymKey **destp;
-
-    switch (keyType) {
-        case EphemeralSharedSecret:
-            destp = &ss->ssl3.hs.xES;
-            break;
-        case StaticSharedSecret:
-            destp = &ss->ssl3.hs.xSS;
-            break;
-        default:
-            PORT_Assert(0);
-            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-            return SECFailure;
-    }
-
-    PORT_Assert(!*destp);
-    return tls13_HkdfExtract(NULL, key, tls13_GetHash(ss), destp);
-}
-
-static SECStatus
-tls13_DeriveTrafficKeys(sslSocket *ss, ssl3CipherSpec *pwSpec,
-                        TrafficKeyType type)
-{
-    size_t keySize = pwSpec->cipher_def->key_size;
-    size_t ivSize = pwSpec->cipher_def->iv_size +
-                    pwSpec->cipher_def->explicit_nonce_size; /* This isn't always going to
-                                                              * work, but it does for
-                                                              * AES-GCM */
-    CK_MECHANISM_TYPE bulkAlgorithm = ssl3_Alg2Mech(pwSpec->cipher_def->calg);
-    SSL3Hashes hashes;
-    PK11SymKey *prk = NULL;
-    const char *phase;
-    char label[256]; /* Arbitrary buffer large enough to hold the label */
-    SECStatus rv;
-
-#define FORMAT_LABEL(phase_, purpose_)                                              \
-    do {                                                                            \
-        PRUint32 n = PR_snprintf(label, sizeof(label), "%s, %s", phase_, purpose_); \
-        /* Check for getting close. */                                              \
-        if ((n + 1) >= sizeof(label)) {                                             \
-            PORT_Assert(0);                                                         \
-            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);                               \
-            goto loser;                                                             \
-        }                                                                           \
-    } while (0)
-#define EXPAND_TRAFFIC_KEY(purpose_, target_)                                 \
-    do {                                                                      \
-        FORMAT_LABEL(phase, purpose_);                                        \
-        rv = tls13_HkdfExpandLabel(prk, tls13_GetHash(ss),                    \
-                                   hashes.u.raw, hashes.len,                  \
-                                   label, strlen(label),                      \
-                                   bulkAlgorithm, keySize, &pwSpec->target_); \
-        if (rv != SECSuccess) {                                               \
-            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);                         \
-            PORT_Assert(0);                                                   \
-            goto loser;                                                       \
-        }                                                                     \
-    } while (0)
-
-#define EXPAND_TRAFFIC_IV(purpose_, target_)                    \
-    do {                                                        \
-        FORMAT_LABEL(phase, purpose_);                          \
-        rv = tls13_HkdfExpandLabelRaw(prk, tls13_GetHash(ss),   \
-                                      hashes.u.raw, hashes.len, \
-                                      label, strlen(label),     \
-                                      pwSpec->target_, ivSize); \
-        if (rv != SECSuccess) {                                 \
-            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);           \
-            PORT_Assert(0);                                     \
-            goto loser;                                         \
-        }                                                       \
-    } while (0)
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSpecWriteLock(ss));
-    PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec);
-
-    rv = ssl3_ComputeHandshakeHashes(ss, pwSpec, &hashes, 0);
-    if (rv != SECSuccess) {
-        PORT_Assert(0); /* Should never fail */
-        ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
-        return SECFailure;
-    }
-    PRINT_BUF(60, (ss, "Deriving traffic keys. Session hash=", hashes.u.raw,
-                   hashes.len));
-
-    switch (type) {
-        case TrafficKeyHandshake:
-            phase = kHkdfPhaseHandshakeKeys;
-            prk = ss->ssl3.hs.xES;
-            break;
-        case TrafficKeyApplicationData:
-            phase = kHkdfPhaseApplicationDataKeys;
-            prk = ss->ssl3.hs.trafficSecret;
-            break;
-        default:
-            PORT_Assert(0);
-            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-            return SECFailure;
-    }
-    PORT_Assert(prk != NULL);
-
-    SSL_TRC(3, ("%d: TLS13[%d]: deriving traffic keys phase='%s'",
-                SSL_GETPID(), ss->fd, phase));
-
-    EXPAND_TRAFFIC_KEY(kHkdfPurposeClientWriteKey, client.write_key);
-    EXPAND_TRAFFIC_KEY(kHkdfPurposeServerWriteKey, server.write_key);
-    EXPAND_TRAFFIC_IV(kHkdfPurposeClientWriteIv, client.write_iv);
-    EXPAND_TRAFFIC_IV(kHkdfPurposeServerWriteIv, server.write_iv);
-
-    return SECSuccess;
-
-loser:
-    return SECFailure;
-}
-
-/* Set up a cipher spec with keys. If install is nonzero, then also install
- * it as the current cipher spec for each value in the mask. */
-SECStatus
-tls13_InitCipherSpec(sslSocket *ss, TrafficKeyType type, InstallCipherSpecDirection install)
-{
-    ssl3CipherSpec *pwSpec;
-    ssl3CipherSpec *cwSpec;
-    SECStatus rv;
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    if (install == InstallCipherSpecWrite ||
-        install == InstallCipherSpecBoth) {
-        ssl_GetXmitBufLock(ss);
-
-        rv = ssl3_FlushHandshake(ss, ssl_SEND_FLAG_FORCE_INTO_BUFFER);
-        ssl_ReleaseXmitBufLock(ss);
-        if (rv != SECSuccess) {
-            goto loser;
-        }
-    }
-
-    ssl_GetSpecWriteLock(ss); /**************************************/
-
-    PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec);
-
-    pwSpec = ss->ssl3.pwSpec;
-    cwSpec = ss->ssl3.cwSpec;
-
-    switch (pwSpec->cipher_def->calg) {
-        case calg_aes_gcm:
-            pwSpec->aead = tls13_AESGCM;
-            break;
-        default:
-            PORT_Assert(0);
-            goto loser;
-            break;
-    }
-
-    /* Generic behaviors -- common to all crypto methods */
-    if (!IS_DTLS(ss)) {
-        pwSpec->read_seq_num.high = pwSpec->write_seq_num.high = 0;
-    } else {
-        if (cwSpec->epoch == PR_UINT16_MAX) {
-            /* The problem here is that we have rehandshaked too many
-             * times (you are not allowed to wrap the epoch). The
-             * spec says you should be discarding the connection
-             * and start over, so not much we can do here. */
-            rv = SECFailure;
-            goto loser;
-        }
-        /* The sequence number has the high 16 bits as the epoch. */
-        pwSpec->epoch = cwSpec->epoch + 1;
-        pwSpec->read_seq_num.high = pwSpec->write_seq_num.high =
-            pwSpec->epoch << 16;
-
-        dtls_InitRecvdRecords(&pwSpec->recvdRecords);
-    }
-    pwSpec->read_seq_num.low = pwSpec->write_seq_num.low = 0;
-
-    rv = tls13_DeriveTrafficKeys(ss, pwSpec, type);
-    if (rv != SECSuccess) {
-        goto loser;
-    }
-    if (install == InstallCipherSpecWrite ||
-        install == InstallCipherSpecBoth) {
-        rv = tls13_InstallCipherSpec(ss, InstallCipherSpecWrite);
-        if (rv != SECSuccess) {
-            goto loser;
-        }
-    }
-    if (install == InstallCipherSpecRead ||
-        install == InstallCipherSpecBoth) {
-        rv = tls13_InstallCipherSpec(ss, InstallCipherSpecRead);
-        if (rv != SECSuccess) {
-            goto loser;
-        }
-    }
-    ssl_ReleaseSpecWriteLock(ss); /**************************************/
-
-    return SECSuccess;
-
-loser:
-    ssl_ReleaseSpecWriteLock(ss); /**************************************/
-    PORT_SetError(SSL_ERROR_INIT_CIPHER_SUITE_FAILURE);
-    return SECFailure;
-}
-
-static SECStatus
-tls13_ComputeSecrets1(sslSocket *ss)
-{
-    SECStatus rv;
-    PK11SymKey *mSS = NULL;
-    PK11SymKey *mES = NULL;
-    PK11SymKey *masterSecret = NULL;
-    SSL3Hashes hashes;
-
-    rv = ssl3_SetupPendingCipherSpec(ss);
-    if (rv != SECSuccess) {
-        return rv; /* error code set below. */
-    }
-
-    rv = ssl3_ComputeHandshakeHashes(ss, ss->ssl3.pwSpec, &hashes, 0);
-    if (rv != SECSuccess) {
-        PORT_Assert(0); /* Should never fail */
-        ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
-        return SECFailure;
-    }
-
-    PORT_Assert(ss->ssl3.hs.xSS);
-    PORT_Assert(ss->ssl3.hs.xES);
-
-    rv = tls13_HkdfExpandLabel(ss->ssl3.hs.xSS,
-                               tls13_GetHash(ss),
-                               hashes.u.raw, hashes.len,
-                               kHkdfLabelExpandedSs,
-                               strlen(kHkdfLabelExpandedSs),
-                               tls13_GetHkdfMechanism(ss),
-                               hashes.len, &mSS);
-    if (rv != SECSuccess) {
-        goto loser;
-    }
-
-    rv = tls13_HkdfExpandLabel(ss->ssl3.hs.xES,
-                               tls13_GetHash(ss),
-                               hashes.u.raw, hashes.len,
-                               kHkdfLabelExpandedEs,
-                               strlen(kHkdfLabelExpandedEs),
-                               tls13_GetHkdfMechanism(ss),
-                               hashes.len, &mES);
-    if (rv != SECSuccess) {
-        goto loser;
-    }
-
-    rv = tls13_HkdfExtract(mSS, mES,
-                           tls13_GetHash(ss),
-                           &masterSecret);
-
-    if (rv != SECSuccess) {
-        goto loser;
-    }
-
-    rv = tls13_HkdfExpandLabel(masterSecret,
-                               tls13_GetHash(ss),
-                               hashes.u.raw, hashes.len,
-                               kHkdfLabelTrafficSecret,
-                               strlen(kHkdfLabelTrafficSecret),
-                               tls13_GetHkdfMechanism(ss),
-                               hashes.len, &ss->ssl3.hs.trafficSecret);
-    if (rv != SECSuccess) {
-        goto loser;
-    }
-
-    rv = tls13_HkdfExpandLabel(masterSecret,
-                               tls13_GetHash(ss),
-                               NULL, 0,
-                               kHkdfLabelClientFinishedSecret,
-                               strlen(kHkdfLabelClientFinishedSecret),
-                               tls13_GetHmacMechanism(ss),
-                               hashes.len, &ss->ssl3.hs.clientFinishedSecret);
-    if (rv != SECSuccess) {
-        goto loser;
-    }
-
-    rv = tls13_HkdfExpandLabel(masterSecret,
-                               tls13_GetHash(ss),
-                               NULL, 0,
-                               kHkdfLabelServerFinishedSecret,
-                               strlen(kHkdfLabelServerFinishedSecret),
-                               tls13_GetHmacMechanism(ss),
-                               hashes.len, &ss->ssl3.hs.serverFinishedSecret);
-    if (rv != SECSuccess) {
-        goto loser;
-    }
-
-loser:
-    PK11_FreeSymKey(ss->ssl3.hs.xSS);
-    ss->ssl3.hs.xSS = NULL;
-    PK11_FreeSymKey(ss->ssl3.hs.xES);
-    ss->ssl3.hs.xES = NULL;
-
-    if (mSS) {
-        PK11_FreeSymKey(mSS);
-    }
-    if (mES) {
-        PK11_FreeSymKey(mES);
-    }
-    if (masterSecret) {
-        PK11_FreeSymKey(masterSecret);
-    }
-
-    return rv;
-}
-
-void
-tls13_DestroyKeyShareEntry(TLS13KeyShareEntry *offer)
-{
-    SECITEM_ZfreeItem(&offer->key_exchange, PR_FALSE);
-    PORT_ZFree(offer, sizeof(*offer));
-}
-
-void
-tls13_DestroyKeyShares(PRCList *list)
-{
-    PRCList *cur_p;
-
-    while (!PR_CLIST_IS_EMPTY(list)) {
-        cur_p = PR_LIST_TAIL(list);
-        PR_REMOVE_LINK(cur_p);
-        tls13_DestroyKeyShareEntry((TLS13KeyShareEntry *)cur_p);
-    }
-}
-
-/* Implement the SSLAEADCipher interface defined in sslimpl.h.
- *
- * That interface mixes the AD and the sequence number, but in
- * TLS 1.3 there is no additional data so this value is just the
- * encoded sequence number and we call it |seqNumBuf|.
- */
-static SECStatus
-tls13_AESGCM(ssl3KeyMaterial *keys,
-             PRBool doDecrypt,
-             unsigned char *out,
-             int *outlen,
-             int maxout,
-             const unsigned char *in,
-             int inlen,
-             const unsigned char *seqNumBuf,
-             int seqNumLen)
-{
-    SECItem param;
-    SECStatus rv = SECFailure;
-    unsigned char nonce[12];
-    size_t i;
-    unsigned int uOutLen;
-    CK_GCM_PARAMS gcmParams;
-    static const int tagSize = 16;
-
-    PORT_Assert(seqNumLen == 8);
-
-    /* draft-ietf-tls-tls13 Section 5.2.2 specifies the following
-     * nonce algorithm:
-     *
-     * The length of the per-record nonce (iv_length) is set to max(8 bytes,
-     * N_MIN) for the AEAD algorithm (see [RFC5116] Section 4).  An AEAD
-     * algorithm where N_MAX is less than 8 bytes MUST NOT be used with TLS.
-     * The per-record nonce for the AEAD construction is formed as follows:
-     *
-     * 1.  The 64-bit record sequence number is padded to the left with
-     *     zeroes to iv_length.
-     *
-     * 2.  The padded sequence number is XORed with the static
-     *     client_write_iv or server_write_iv, depending on the role.
-     *
-     * The resulting quantity (of length iv_length) is used as the per-
-     * record nonce.
-     *
-     * Per RFC 5288: N_MIN = N_MAX = 12 bytes.
-     *
-     */
-    memcpy(nonce, keys->write_iv, sizeof(nonce));
-    for (i = 0; i < 8; ++i) {
-        nonce[4 + i] ^= seqNumBuf[i];
-    }
-
-    param.type = siBuffer;
-    param.data = (unsigned char *)&gcmParams;
-    param.len = sizeof(gcmParams);
-    gcmParams.pIv = nonce;
-    gcmParams.ulIvLen = sizeof(nonce);
-    gcmParams.pAAD = NULL;
-    gcmParams.ulAADLen = 0;
-    gcmParams.ulTagBits = tagSize * 8;
-
-    if (doDecrypt) {
-        rv = PK11_Decrypt(keys->write_key, CKM_AES_GCM, &param, out, &uOutLen,
-                          maxout, in, inlen);
-    } else {
-        rv = PK11_Encrypt(keys->write_key, CKM_AES_GCM, &param, out, &uOutLen,
-                          maxout, in, inlen);
-    }
-    *outlen = (int)uOutLen;
-
-    return rv;
-}
-
-static SECStatus
-tls13_HandleEncryptedExtensions(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
-{
-    SECStatus rv;
-    PRInt32 innerLength;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    SSL_TRC(3, ("%d: TLS13[%d]: handle encrypted extensions",
-                SSL_GETPID(), ss->fd));
-
-    rv = TLS13_CHECK_HS_STATE(ss, SSL_ERROR_RX_UNEXPECTED_ENCRYPTED_EXTENSIONS,
-                              wait_encrypted_extensions);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-
-    innerLength = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
-    if (innerLength < 0) {
-        return SECFailure; /* Alert already sent. */
-    }
-    if (innerLength != length) {
-        FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_ENCRYPTED_EXTENSIONS,
-                    illegal_parameter);
-        return SECFailure;
-    }
-
-    rv = ssl3_HandleHelloExtensions(ss, &b, &length, encrypted_extensions);
-    if (rv != SECSuccess) {
-        return SECFailure; /* Error code set below */
-    }
-
-    TLS13_SET_HS_STATE(ss, wait_cert_request);
-    return SECSuccess;
-}
-
-static SECStatus
-tls13_SendEncryptedExtensions(sslSocket *ss)
-{
-    SECStatus rv;
-    PRInt32 extensions_len = 0;
-    PRInt32 sent_len = 0;
-    PRUint32 maxBytes = 65535;
-
-    SSL_TRC(3, ("%d: TLS13[%d]: send encrypted extensions handshake",
-                SSL_GETPID(), ss->fd));
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
-
-    extensions_len = ssl3_CallHelloExtensionSenders(
-        ss, PR_FALSE, maxBytes, &ss->xtnData.encryptedExtensionsSenders[0]);
-
-    rv = ssl3_AppendHandshakeHeader(ss, encrypted_extensions,
-                                    extensions_len + 2);
-    if (rv != SECSuccess) {
-        FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
-        return SECFailure;
-    }
-    rv = ssl3_AppendHandshakeNumber(ss, extensions_len, 2);
-    if (rv != SECSuccess) {
-        FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
-        return SECFailure;
-    }
-    sent_len = ssl3_CallHelloExtensionSenders(
-        ss, PR_TRUE, extensions_len,
-        &ss->xtnData.encryptedExtensionsSenders[0]);
-    PORT_Assert(sent_len == extensions_len);
-    if (sent_len != extensions_len) {
-        PORT_Assert(sent_len == 0);
-        FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
-        return SECFailure;
-    }
-
-    return SECSuccess;
-}
-
-/* Called from tls13_CompleteHandleHandshakeMessage() when it has deciphered a complete
- * tls13 CertificateVerify message
- * Caller must hold Handshake and RecvBuf locks.
- */
-SECStatus
-tls13_HandleCertificateVerify(sslSocket *ss, SSL3Opaque *b, PRUint32 length,
-                              SSL3Hashes *hashes)
-{
-    SECItem signed_hash = { siBuffer, NULL, 0 };
-    SECStatus rv;
-    SSLSignatureAndHashAlg sigAndHash;
-
-    SSL_TRC(3, ("%d: TLS13[%d]: handle certificate_verify handshake",
-                SSL_GETPID(), ss->fd));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    rv = TLS13_CHECK_HS_STATE(ss, SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY,
-                              wait_cert_verify);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-
-    if (!hashes) {
-        FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
-        return SECFailure;
-    }
-
-    /* We only support CertificateVerify messages that use the handshake
-     * hash.
-     * TODO(ekr@rtfm.com): This should be easy to relax in TLS 1.3 by
-     * reading the client's hash algorithm first, but there may
-     * be subtleties so retain the restriction for now.
-     */
-    rv = tls13_AddContextToHashes(ss, hashes, hashes->hashAlg, PR_FALSE);
-    if (rv != SECSuccess) {
-        FATAL_ERROR(ss, SSL_ERROR_DIGEST_FAILURE, internal_error);
-        return SECFailure;
-    }
-
-    rv = ssl3_ConsumeSignatureAndHashAlgorithm(ss, &b, &length,
-                                               &sigAndHash);
-    if (rv != SECSuccess) {
-        PORT_SetError(SSL_ERROR_RX_MALFORMED_CERT_VERIFY);
-        return SECFailure;
-    }
-
-    rv = ssl3_CheckSignatureAndHashAlgorithmConsistency(
-        ss, &sigAndHash, ss->sec.peerCert);
-    if (rv != SECSuccess) {
-        FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_CERT_VERIFY, decrypt_error);
-        return SECFailure;
-    }
-
-    /* We only support CertificateVerify messages that use the handshake
-     * hash. */
-    if (sigAndHash.hashAlg != hashes->hashAlg) {
-        FATAL_ERROR(ss, SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM, decrypt_error);
-        return SECFailure;
-    }
-
-    rv = ssl3_ConsumeHandshakeVariable(ss, &signed_hash, 2, &b, &length);
-    if (rv != SECSuccess) {
-        PORT_SetError(SSL_ERROR_RX_MALFORMED_CERT_VERIFY);
-        return SECFailure;
-    }
-
-    if (length != 0) {
-        FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_CERT_VERIFY, decode_error);
-        return SECFailure;
-    }
-
-    rv = ssl3_VerifySignedHashes(hashes, ss->sec.peerCert, &signed_hash,
-                                 PR_TRUE, ss->pkcs11PinArg);
-    if (rv != SECSuccess) {
-        FATAL_ERROR(ss, PORT_GetError(), decrypt_error);
-        return SECFailure;
-    }
-
-    if (!ss->sec.isServer) {
-        /* Compute the rest of the secrets except for the resumption
-         * and exporter secret. */
-        rv = tls13_ComputeSecrets1(ss);
-        if (rv != SECSuccess) {
-            FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
-            return SECFailure;
-        }
-    }
-    TLS13_SET_HS_STATE(ss, wait_finished);
-
-    return SECSuccess;
-}
-
-static SECStatus
-tls13_ComputeFinished(sslSocket *ss, const SSL3Hashes *hashes, PRBool sending,
-                      PRUint8 *output, unsigned int *outputLen, unsigned int maxOutputLen)
-{
-    SECStatus rv;
-    PK11Context *hmacCtx = NULL;
-    CK_MECHANISM_TYPE macAlg = tls13_GetHmacMechanism(ss);
-    SECItem param = { siBuffer, NULL, 0 };
-    unsigned int outputLenUint;
-    PK11SymKey *secret = (ss->sec.isServer ^ sending) ? ss->ssl3.hs.clientFinishedSecret
-                                                      : ss->ssl3.hs.serverFinishedSecret;
-
-    PORT_Assert(secret);
-    PRINT_BUF(90, (NULL, "Handshake hash", hashes->u.raw, hashes->len));
-
-    hmacCtx = PK11_CreateContextBySymKey(macAlg, CKA_SIGN,
-                                         secret, &param);
-    if (!hmacCtx) {
-        goto abort;
-    }
-
-    rv = PK11_DigestBegin(hmacCtx);
-    if (rv != SECSuccess)
-        goto abort;
-
-    rv = PK11_DigestOp(hmacCtx, hashes->u.raw, hashes->len);
-    if (rv != SECSuccess)
-        goto abort;
-
-    PORT_Assert(maxOutputLen >= hashes->len);
-    rv = PK11_DigestFinal(hmacCtx, output, &outputLenUint, maxOutputLen);
-    if (rv != SECSuccess)
-        goto abort;
-    *outputLen = outputLenUint;
-
-    PK11_DestroyContext(hmacCtx, PR_TRUE);
-    return SECSuccess;
-
-abort:
-    if (hmacCtx) {
-        PK11_DestroyContext(hmacCtx, PR_TRUE);
-    }
-
-    PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-    return SECFailure;
-}
-
-static SECStatus
-tls13_SendFinished(sslSocket *ss)
-{
-    SECStatus rv;
-    PRUint8 finishedBuf[MAX_FINISHED_SIZE];
-    unsigned int finishedLen;
-    SSL3Hashes hashes;
-    int errCode;
-
-    SSL_TRC(3, ("%d: TLS13[%d]: send finished handshake", SSL_GETPID(), ss->fd));
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    rv = ssl3_ComputeHandshakeHashes(ss, ss->ssl3.cwSpec, &hashes, 0);
-    if (rv != SECSuccess) {
-        FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
-        return SECFailure;
-    }
-
-    ssl_GetSpecReadLock(ss);
-    rv = tls13_ComputeFinished(ss, &hashes, PR_TRUE,
-                               finishedBuf, &finishedLen, sizeof(finishedBuf));
-    ssl_ReleaseSpecReadLock(ss);
-    if (rv != SECSuccess) {
-        FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
-        return SECFailure;
-    }
-
-    rv = ssl3_AppendHandshakeHeader(ss, finished, finishedLen);
-    if (rv != SECSuccess) {
-        errCode = PR_GetError();
-        goto alert_loser;
-    }
-
-    rv = ssl3_AppendHandshake(ss, finishedBuf, finishedLen);
-    if (rv != SECSuccess) {
-        errCode = PR_GetError();
-        goto alert_loser;
-    }
-
-    rv = ssl3_FlushHandshake(ss, 0);
-    if (rv != SECSuccess) {
-        errCode = PR_GetError();
-        goto alert_loser;
-    }
-
-    if (ss->sec.isServer) {
-        rv = tls13_InitCipherSpec(ss, TrafficKeyApplicationData,
-                                  InstallCipherSpecWrite);
-    } else {
-        rv = tls13_InstallCipherSpec(ss, InstallCipherSpecWrite);
-    }
-    if (rv != SECSuccess) {
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        return SECFailure;
-    }
-
-    /* TODO(ekr@rtfm.com): Record key log */
-    return SECSuccess;
-
-alert_loser:
-    (void)SSL3_SendAlert(ss, alert_fatal, internal_error);
-    PORT_SetError(errCode); /* Restore error code */
-    return rv;
-}
-
-static SECStatus
-tls13_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length,
-                     const SSL3Hashes *hashes)
-{
-    SECStatus rv;
-    PRUint8 finishedBuf[MAX_FINISHED_SIZE];
-    unsigned int finishedLen;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    SSL_TRC(3, ("%d: TLS13[%d]: handle finished handshake",
-                SSL_GETPID(), ss->fd));
-
-    rv = TLS13_CHECK_HS_STATE(ss, SSL_ERROR_RX_UNEXPECTED_FINISHED, wait_finished);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-    if (!hashes) {
-        FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
-        return SECFailure;
-    }
-
-    ssl_GetSpecReadLock(ss);
-    rv = tls13_ComputeFinished(ss, hashes, PR_FALSE,
-                               finishedBuf, &finishedLen, sizeof(finishedBuf));
-    ssl_ReleaseSpecReadLock(ss);
-    if (rv != SECSuccess) {
-        FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
-        return SECFailure;
-    }
-
-    if (length != finishedLen) {
-        FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_FINISHED, decode_error);
-        return SECFailure;
-    }
-
-    if (NSS_SecureMemcmp(b, finishedBuf, finishedLen) != 0) {
-        FATAL_ERROR(ss, SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE,
-                    decrypt_error);
-        return SECFailure;
-    }
-
-    /* Server is now finished.
-     * Client sends second flight
-     */
-    /* TODO(ekr@rtfm.com): Send NewSession Ticket if server. */
-    if (ss->sec.isServer) {
-        rv = tls13_InstallCipherSpec(ss, InstallCipherSpecRead);
-        if (rv != SECSuccess) {
-            FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
-            return SECFailure;
-        }
-
-        rv = tls13_FinishHandshake(ss);
-    } else {
-        if (ss->ssl3.hs.authCertificatePending) {
-            /* TODO(ekr@rtfm.com): Handle pending auth */
-            FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
-            PORT_Assert(0);
-            return SECFailure;
-        }
-        rv = tls13_InitCipherSpec(ss, TrafficKeyApplicationData,
-                                  InstallCipherSpecRead);
-        if (rv != SECSuccess) {
-            FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
-            return SECFailure;
-        }
-
-        rv = tls13_SendClientSecondRound(ss);
-        if (rv != SECSuccess)
-            return SECFailure; /* Error code and alerts handled below */
-    }
-
-    return rv;
-}
-
-static SECStatus
-tls13_FinishHandshake(sslSocket *ss)
-{
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-    PORT_Assert(ss->ssl3.hs.restartTarget == NULL);
-
-    /* The first handshake is now completed. */
-    ss->handshake = NULL;
-
-    TLS13_SET_HS_STATE(ss, idle_handshake);
-
-    ssl_FinishHandshake(ss);
-
-    return SECSuccess;
-}
-
-static SECStatus
-tls13_SendClientSecondRound(sslSocket *ss)
-{
-    SECStatus rv;
-    PRBool sendClientCert;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    sendClientCert = !ss->ssl3.sendEmptyCert &&
-                     ss->ssl3.clientCertChain != NULL &&
-                     ss->ssl3.clientPrivateKey != NULL;
-
-    /* Defer client authentication sending if we are still
-     * waiting for server authentication. See the long block
-     * comment in ssl3_SendClientSecondRound for more detail.
-     */
-    if (ss->ssl3.hs.restartTarget) {
-        PR_NOT_REACHED("unexpected ss->ssl3.hs.restartTarget");
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        return SECFailure;
-    }
-    if (ss->ssl3.hs.authCertificatePending && (sendClientCert ||
-                                               ss->ssl3.sendEmptyCert)) {
-        SSL_TRC(3, ("%d: TLS13[%p]: deferring ssl3_SendClientSecondRound because"
-                    " certificate authentication is still pending.",
-                    SSL_GETPID(), ss->fd));
-        ss->ssl3.hs.restartTarget = tls13_SendClientSecondRound;
-        return SECWouldBlock;
-    }
-
-    ssl_GetXmitBufLock(ss); /*******************************/
-    if (ss->ssl3.sendEmptyCert) {
-        ss->ssl3.sendEmptyCert = PR_FALSE;
-        rv = ssl3_SendEmptyCertificate(ss);
-        /* Don't send verify */
-        if (rv != SECSuccess) {
-            goto loser; /* error code is set. */
-        }
-    } else if (sendClientCert) {
-        rv = ssl3_SendCertificate(ss);
-        if (rv != SECSuccess) {
-            goto loser; /* error code is set. */
-        }
-    }
-
-    if (sendClientCert) {
-        rv = ssl3_SendCertificateVerify(ss, ss->ssl3.clientPrivateKey);
-        SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
-        ss->ssl3.clientPrivateKey = NULL;
-        if (rv != SECSuccess) {
-            goto loser; /* err is set. */
-        }
-    }
-
-    rv = tls13_SendFinished(ss);
-    if (rv != SECSuccess) {
-        goto loser; /* err code was set. */
-    }
-    ssl_ReleaseXmitBufLock(ss); /*******************************/
-
-    /* The handshake is now finished */
-    return tls13_FinishHandshake(ss);
-
-loser:
-    ssl_ReleaseXmitBufLock(ss); /*******************************/
-    return SECFailure;
-}
-
-static SECStatus
-tls13_HandleNewSessionTicket(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
-{
-    SECStatus rv;
-
-    rv = TLS13_CHECK_HS_STATE(ss, SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET,
-                              idle_handshake);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-
-    UNIMPLEMENTED();
-
-    /* Ignore */
-    return SECSuccess;
-}
-
-typedef enum {
-    ExtensionNotUsed,
-    ExtensionClientOnly,
-    ExtensionSendClear,
-    ExtensionSendEncrypted,
-} Tls13ExtensionStatus;
-
-static const struct {
-    SSLExtensionType ex_value;
-    Tls13ExtensionStatus status;
-} KnownExtensions[] = {
-    { ssl_server_name_xtn,
-      ExtensionSendEncrypted },
-    {
-        ssl_cert_status_xtn,
-        ExtensionNotUsed /* TODO(ekr@rtfm.com): Disabled because broken
-                            in TLS 1.3. */
-        /* ExtensionSendEncrypted */
-    },
-    { ssl_elliptic_curves_xtn,
-      ExtensionSendClear },
-    { ssl_ec_point_formats_xtn,
-      ExtensionNotUsed },
-    { ssl_signature_algorithms_xtn,
-      ExtensionClientOnly },
-    { ssl_use_srtp_xtn,
-      ExtensionSendEncrypted },
-    { ssl_app_layer_protocol_xtn,
-      ExtensionSendEncrypted },
-    { ssl_padding_xtn,
-      ExtensionNotUsed },
-    { ssl_extended_master_secret_xtn,
-      ExtensionNotUsed },
-    { ssl_session_ticket_xtn,
-      ExtensionClientOnly },
-    { ssl_tls13_key_share_xtn,
-      ExtensionSendClear },
-    { ssl_next_proto_nego_xtn,
-      ExtensionNotUsed },
-    { ssl_renegotiation_info_xtn,
-      ExtensionNotUsed },
-    { ssl_tls13_draft_version_xtn,
-      ExtensionClientOnly }
-};
-
-PRBool
-tls13_ExtensionAllowed(PRUint16 extension, SSL3HandshakeType message)
-{
-    unsigned int i;
-
-    PORT_Assert((message == client_hello) ||
-                (message == server_hello) ||
-                (message == encrypted_extensions));
-
-    for (i = 0; i < PR_ARRAY_SIZE(KnownExtensions); i++) {
-        if (KnownExtensions[i].ex_value == extension)
-            break;
-    }
-    if (i == PR_ARRAY_SIZE(KnownExtensions)) {
-        /* We have never heard of this extension which is OK on
-         * the server but not the client. */
-        return message == client_hello;
-    }
-
-    switch (KnownExtensions[i].status) {
-        case ExtensionNotUsed:
-            return PR_FALSE;
-        case ExtensionClientOnly:
-            return message == client_hello;
-        case ExtensionSendClear:
-            return message == client_hello ||
-                   message == server_hello;
-        case ExtensionSendEncrypted:
-            return message == client_hello ||
-                   message == encrypted_extensions;
-    }
-
-    PORT_Assert(0);
-
-    /* Not reached */
-    return PR_TRUE;
-}
-
-/* Helper function to encode a uint32 into a buffer */
-unsigned char *
-tls13_EncodeUintX(PRUint32 value, unsigned int bytes, unsigned char *to)
-{
-    PRUint32 encoded;
-
-    PORT_Assert(bytes > 0 && bytes <= 4);
-
-    encoded = PR_htonl(value);
-    memcpy(to, ((unsigned char *)(&encoded)) + (4 - bytes), bytes);
-    return to + bytes;
-}
-
-/* TLS 1.3 doesn't actually have additional data but the aead function
- * signature overloads additional data to carry the record sequence
- * number and that's what we put here. The TLS 1.3 AEAD functions
- * just use this input as the sequence number and not as additional
- * data. */
-static void
-tls13_FormatAdditionalData(unsigned char *aad, unsigned int length,
-                           SSL3SequenceNumber seqNum)
-{
-    unsigned char *ptr = aad;
-
-    PORT_Assert(length == 8);
-    ptr = tls13_EncodeUintX(seqNum.high, 4, ptr);
-    ptr = tls13_EncodeUintX(seqNum.low, 4, ptr);
-    PORT_Assert((ptr - aad) == length);
-}
-
-SECStatus
-tls13_ProtectRecord(sslSocket *ss,
-                    SSL3ContentType type,
-                    const SSL3Opaque *pIn,
-                    PRUint32 contentLen,
-                    sslBuffer *wrBuf)
-{
-    ssl3CipherSpec *cwSpec = ss->ssl3.cwSpec;
-    const ssl3BulkCipherDef *cipher_def = cwSpec->cipher_def;
-    SECStatus rv;
-    PRUint16 headerLen;
-    int cipherBytes = 0;
-    const int tagLen = cipher_def->tag_size;
-
-    SSL_TRC(3, ("%d: TLS13[%d]: protect record of length %u, seq=0x%0x%0x",
-                SSL_GETPID(), ss->fd, contentLen,
-                cwSpec->write_seq_num.high,
-                cwSpec->write_seq_num.low));
-
-    headerLen = IS_DTLS(ss) ? DTLS_RECORD_HEADER_LENGTH : SSL3_RECORD_HEADER_LENGTH;
-
-    if (headerLen + contentLen + 1 + tagLen > wrBuf->space) {
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        return SECFailure;
-    }
-
-    /* Copy the data into the wrBuf. We're going to encrypt in-place
-     * in the AEAD branch anyway */
-    PORT_Memcpy(wrBuf->buf + headerLen, pIn, contentLen);
-
-    if (cipher_def->calg == ssl_calg_null) {
-        /* Shortcut for plaintext */
-        cipherBytes = contentLen;
-    } else {
-        unsigned char aad[8];
-        PORT_Assert(cipher_def->type == type_aead);
-
-        /* Add the content type at the end. */
-        wrBuf->buf[headerLen + contentLen] = type;
-
-        /* Stomp the content type to be application_data */
-        type = content_application_data;
-
-        tls13_FormatAdditionalData(aad, sizeof(aad),
-                                   cwSpec->write_seq_num);
-        cipherBytes = contentLen + 1; /* Room for the content type on the end. */
-        rv = cwSpec->aead(
-            ss->sec.isServer ? &cwSpec->server : &cwSpec->client,
-            PR_FALSE,                               /* do encrypt */
-            wrBuf->buf + headerLen,                 /* output  */
-            &cipherBytes,                           /* out len */
-            wrBuf->space - headerLen,               /* max out */
-            wrBuf->buf + headerLen, contentLen + 1, /* input   */
-            aad, sizeof(aad));
-        if (rv != SECSuccess) {
-            PORT_SetError(SSL_ERROR_ENCRYPTION_FAILURE);
-            return SECFailure;
-        }
-    }
-
-    PORT_Assert(cipherBytes <= MAX_FRAGMENT_LENGTH + 256);
-
-    wrBuf->len = cipherBytes + headerLen;
-    wrBuf->buf[0] = type;
-
-    if (IS_DTLS(ss)) {
-        (void)tls13_EncodeUintX(2, dtls_TLSVersionToDTLSVersion(kRecordVersion),
-                                &wrBuf->buf[1]);
-        (void)tls13_EncodeUintX(cwSpec->write_seq_num.high, 4, &wrBuf->buf[3]);
-        (void)tls13_EncodeUintX(cwSpec->write_seq_num.low, 4, &wrBuf->buf[7]);
-        (void)tls13_EncodeUintX(cipherBytes, 2, &wrBuf->buf[11]);
-    } else {
-        (void)tls13_EncodeUintX(kRecordVersion, 2, &wrBuf->buf[1]);
-        (void)tls13_EncodeUintX(cipherBytes, 2, &wrBuf->buf[3]);
-    }
-    ssl3_BumpSequenceNumber(&cwSpec->write_seq_num);
-
-    return SECSuccess;
-}
-
-/* Unprotect a TLS 1.3 record and leave the result in plaintext.
- *
- * Called by ssl3_HandleRecord. Caller must hold the spec read lock.
- * Therefore, we MUST not call SSL3_SendAlert().
- *
- * If SECFailure is returned, we:
- * 1. Set |*alert| to the alert to be sent.
- * 2. Call PORT_SetError() witn an appropriate code.
- */
-SECStatus
-tls13_UnprotectRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *plaintext,
-                      SSL3AlertDescription *alert)
-{
-    ssl3CipherSpec *crSpec = ss->ssl3.crSpec;
-    const ssl3BulkCipherDef *cipher_def = crSpec->cipher_def;
-    unsigned char aad[8];
-    SECStatus rv;
-
-    *alert = bad_record_mac; /* Default alert for most issues. */
-
-    SSL_TRC(3, ("%d: TLS13[%d]: unprotect record of length %u",
-                SSL_GETPID(), ss->fd, cText->buf->len));
-
-    /* We can perform this test in variable time because the record's total
-     * length and the ciphersuite are both public knowledge. */
-    if (cText->buf->len < cipher_def->tag_size) {
-        PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG);
-        return SECFailure;
-    }
-
-    /* Verify that the content type is right, even though we overwrite it. */
-    if (cText->type != content_application_data) {
-        /* Do we need a better error here? */
-        PORT_SetError(SSL_ERROR_BAD_MAC_READ);
-        return SECFailure;
-    }
-
-    /* Check the version number in the record */
-    if (cText->version != kRecordVersion) {
-        /* Do we need a better error here? */
-        PORT_SetError(SSL_ERROR_BAD_MAC_READ);
-        return SECFailure;
-    }
-
-    /* Decrypt */
-    PORT_Assert(cipher_def->type == type_aead);
-    tls13_FormatAdditionalData(aad, sizeof(aad),
-                               IS_DTLS(ss) ? cText->seq_num
-                                           : crSpec->read_seq_num);
-    rv = crSpec->aead(
-        ss->sec.isServer ? &crSpec->client : &crSpec->server,
-        PR_TRUE,                /* do decrypt */
-        plaintext->buf,         /* out */
-        (int *)&plaintext->len, /* outlen */
-        plaintext->space,       /* maxout */
-        cText->buf->buf,        /* in */
-        cText->buf->len,        /* inlen */
-        aad, sizeof(aad));
-    if (rv != SECSuccess) {
-        PORT_SetError(SSL_ERROR_BAD_MAC_READ);
-        return SECFailure;
-    }
-
-    /* The record is right-padded with 0s, followed by the true
-     * content type, so read from the right until we receive a
-     * nonzero byte. */
-    while (plaintext->len > 0 && !(plaintext->buf[plaintext->len - 1])) {
-        --plaintext->len;
-    }
-
-    /* Bogus padding. */
-    if (plaintext->len < 1) {
-        /* It's safe to report this specifically because it happened
-         * after the MAC has been verified. */
-        PORT_SetError(SSL_ERROR_BAD_BLOCK_PADDING);
-        return SECFailure;
-    }
-
-    /* Record the type. */
-    cText->type = plaintext->buf[plaintext->len - 1];
-    --plaintext->len;
-
-    return SECSuccess;
-}
diff --git a/chromium/net/third_party/nss/ssl/tls13con.h b/chromium/net/third_party/nss/ssl/tls13con.h
deleted file mode 100644
index a96d3236794..00000000000
--- a/chromium/net/third_party/nss/ssl/tls13con.h
+++ /dev/null
@@ -1,62 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
-/*
- * This file is PRIVATE to SSL.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef __tls13con_h_
-#define __tls13con_h_
-
-typedef enum {
-    StaticSharedSecret,
-    EphemeralSharedSecret
-} SharedSecretType;
-
-SECStatus tls13_UnprotectRecord(
-    sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *plaintext,
-    SSL3AlertDescription *alert);
-unsigned char *
-tls13_EncodeUintX(PRUint32 value, unsigned int bytes, unsigned char *to);
-
-#if defined(WIN32)
-#define __func__ __FUNCTION__
-#endif
-
-void tls13_SetHsState(sslSocket *ss, SSL3WaitState ws,
-                      const char *func, const char *file, int line);
-#define TLS13_SET_HS_STATE(ss, ws) \
-    tls13_SetHsState(ss, ws, __func__, __FILE__, __LINE__)
-
-/* Return PR_TRUE if the socket is in one of the given states, else return
- * PR_FALSE. Only call the macro not the function, because the trailing
- * wait_invalid is needed to terminate the argument list. */
-PRBool tls13_InHsState(sslSocket *ss, ...);
-#define TLS13_IN_HS_STATE(ss, ...) \
-    tls13_InHsState(ss, __VA_ARGS__, wait_invalid)
-
-SSLHashType tls13_GetHash(sslSocket *ss);
-CK_MECHANISM_TYPE tls13_GetHkdfMechanism(sslSocket *ss);
-void tls13_FatalError(sslSocket *ss, PRErrorCode prError,
-                      SSL3AlertDescription desc);
-SECStatus tls13_SetupClientHello(sslSocket *ss);
-SECStatus tls13_HandlePostHelloHandshakeMessage(sslSocket *ss, SSL3Opaque *b,
-                                                PRUint32 length,
-                                                SSL3Hashes *hashesPtr);
-SECStatus tls13_HandleClientKeyShare(sslSocket *ss);
-SECStatus tls13_SendServerHelloSequence(sslSocket *ss);
-SECStatus tls13_HandleServerKeyShare(sslSocket *ss);
-SECStatus tls13_AddContextToHashes(sslSocket *ss,
-                                   SSL3Hashes *hashes /* IN/OUT */,
-                                   SSLHashType algorithm, PRBool sending);
-void tls13_DestroyKeyShareEntry(TLS13KeyShareEntry *entry);
-void tls13_DestroyKeyShares(PRCList *list);
-PRBool tls13_ExtensionAllowed(PRUint16 extension, SSL3HandshakeType message);
-SECStatus tls13_ProtectRecord(sslSocket *ss,
-                              SSL3ContentType type,
-                              const SSL3Opaque *pIn,
-                              PRUint32 contentLen,
-                              sslBuffer *wrBuf);
-
-#endif /* __tls13con_h_ */
diff --git a/chromium/net/third_party/nss/ssl/tls13hkdf.c b/chromium/net/third_party/nss/ssl/tls13hkdf.c
deleted file mode 100644
index 3dc2d1bf8d0..00000000000
--- a/chromium/net/third_party/nss/ssl/tls13hkdf.c
+++ /dev/null
@@ -1,212 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
-/*
- * TLS 1.3 Protocol
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "keyhi.h"
-#include "pk11func.h"
-#include "secitem.h"
-#include "sslt.h"
-#include "sslerr.h"
-
-// TODO(ekr@rtfm.com): Export this separately.
-unsigned char *tls13_EncodeUintX(PRUint32 value, unsigned int bytes, unsigned char *to);
-
-/* This table contains the mapping between TLS hash identifiers and the
- * PKCS#11 identifiers */
-static const struct {
-    SSLHashType hash;
-    CK_MECHANISM_TYPE pkcs11Mech;
-    unsigned int hashSize;
-} kTlsHkdfInfo[] = {
-    { ssl_hash_none, 0, 0 },
-    { ssl_hash_md5, 0, 0 },
-    { ssl_hash_sha1, 0, 0 },
-    { ssl_hash_sha224, 0 },
-    { ssl_hash_sha256, CKM_NSS_HKDF_SHA256, 32 },
-    { ssl_hash_sha384, CKM_NSS_HKDF_SHA384, 48 },
-    { ssl_hash_sha512, CKM_NSS_HKDF_SHA512, 64 }
-};
-
-SECStatus
-tls13_HkdfExtract(PK11SymKey *ikm1, PK11SymKey *ikm2, SSLHashType baseHash,
-                  PK11SymKey **prkp)
-{
-    CK_NSS_HKDFParams params;
-    SECItem paramsi;
-    SECStatus rv;
-    SECItem *salt;
-    PK11SymKey *prk;
-
-    params.bExtract = CK_TRUE;
-    params.bExpand = CK_FALSE;
-    params.pInfo = NULL;
-    params.ulInfoLen = 0UL;
-
-    if (ikm1) {
-        /* TODO(ekr@rtfm.com): This violates the PKCS#11 key boundary
-         * but is imposed on us by the present HKDF interface. */
-        rv = PK11_ExtractKeyValue(ikm1);
-        if (rv != SECSuccess)
-            return rv;
-
-        salt = PK11_GetKeyData(ikm1);
-        if (!salt)
-            return SECFailure;
-
-        params.pSalt = salt->data;
-        params.ulSaltLen = salt->len;
-        PORT_Assert(salt->len > 0);
-    } else {
-        /* Per documentation for CKM_NSS_HKDF_*:
-         *
-         *  If the optional salt is given, it is used; otherwise, the salt is
-         *  set to a sequence of zeros equal in length to the HMAC output.
-         */
-        params.pSalt = NULL;
-        params.ulSaltLen = 0UL;
-    }
-    paramsi.data = (unsigned char *)&params;
-    paramsi.len = sizeof(params);
-
-    PORT_Assert(kTlsHkdfInfo[baseHash].pkcs11Mech);
-    PORT_Assert(kTlsHkdfInfo[baseHash].hashSize);
-    PORT_Assert(kTlsHkdfInfo[baseHash].hash == baseHash);
-    prk = PK11_Derive(ikm2, kTlsHkdfInfo[baseHash].pkcs11Mech,
-                      &paramsi, kTlsHkdfInfo[baseHash].pkcs11Mech,
-                      CKA_DERIVE, kTlsHkdfInfo[baseHash].hashSize);
-    if (!prk)
-        return SECFailure;
-
-    *prkp = prk;
-    return SECSuccess;
-}
-
-SECStatus
-tls13_HkdfExpandLabel(PK11SymKey *prk, SSLHashType baseHash,
-                      const PRUint8 *handshakeHash, unsigned int handshakeHashLen,
-                      const char *label, unsigned int labelLen,
-                      CK_MECHANISM_TYPE algorithm, unsigned int keySize,
-                      PK11SymKey **keyp)
-{
-    CK_NSS_HKDFParams params;
-    SECItem paramsi = { siBuffer, NULL, 0 };
-    PRUint8 info[100];
-    PRUint8 *ptr = info;
-    unsigned int infoLen;
-    PK11SymKey *derived;
-    const char *kLabelPrefix = "TLS 1.3, ";
-    const unsigned int kLabelPrefixLen = strlen(kLabelPrefix);
-
-    if (handshakeHash) {
-        PORT_Assert(handshakeHashLen == kTlsHkdfInfo[baseHash].hashSize);
-    } else {
-        PORT_Assert(!handshakeHashLen);
-    }
-
-    /*
-     *  [draft-ietf-tls-tls13-11] Section 7.1:
-     *
-     *  HKDF-Expand-Label(Secret, Label, HashValue, Length) =
-     *       HKDF-Expand(Secret, HkdfLabel, Length)
-     *
-     *  Where HkdfLabel is specified as:
-     *
-     *  struct HkdfLabel {
-     *    uint16 length;
-     *    opaque label<9..255>;
-     *    opaque hash_value<0..255>;
-     *  };
-     *
-     *  Where:
-     *  - HkdfLabel.length is Length
-     *  - HkdfLabel.hash_value is HashValue.
-     *  - HkdfLabel.label is "TLS 1.3, " + Label
-     *
-     */
-    infoLen = 2 + 1 + kLabelPrefixLen + labelLen + 1 + handshakeHashLen;
-    if (infoLen > sizeof(info)) {
-        PORT_Assert(0);
-        goto abort;
-    }
-
-    ptr = tls13_EncodeUintX(keySize, 2, ptr);
-    ptr = tls13_EncodeUintX(labelLen + kLabelPrefixLen, 1, ptr);
-    PORT_Memcpy(ptr, kLabelPrefix, kLabelPrefixLen);
-    ptr += kLabelPrefixLen;
-    PORT_Memcpy(ptr, label, labelLen);
-    ptr += labelLen;
-    ptr = tls13_EncodeUintX(handshakeHashLen, 1, ptr);
-    if (handshakeHash) {
-        PORT_Memcpy(ptr, handshakeHash, handshakeHashLen);
-        ptr += handshakeHashLen;
-    }
-    PORT_Assert((ptr - info) == infoLen);
-
-    params.bExtract = CK_FALSE;
-    params.bExpand = CK_TRUE;
-    params.pInfo = info;
-    params.ulInfoLen = infoLen;
-    paramsi.data = (unsigned char *)&params;
-    paramsi.len = sizeof(params);
-
-    derived = PK11_DeriveWithFlags(prk, kTlsHkdfInfo[baseHash].pkcs11Mech,
-                                   &paramsi, algorithm,
-                                   CKA_DERIVE, keySize,
-                                   CKF_SIGN | CKF_VERIFY);
-    if (!derived)
-        return SECFailure;
-
-    *keyp = derived;
-
-    return SECSuccess;
-
-abort:
-    PORT_SetError(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE);
-    return SECFailure;
-}
-
-SECStatus
-tls13_HkdfExpandLabelRaw(PK11SymKey *prk, SSLHashType baseHash,
-                         const PRUint8 *handshakeHash, unsigned int handshakeHashLen,
-                         const char *label, unsigned int labelLen,
-                         unsigned char *output, unsigned int outputLen)
-{
-    PK11SymKey *derived = NULL;
-    SECItem *rawkey;
-    SECStatus rv;
-
-    rv = tls13_HkdfExpandLabel(prk, baseHash, handshakeHash, handshakeHashLen,
-                               label, labelLen,
-                               kTlsHkdfInfo[baseHash].pkcs11Mech, outputLen,
-                               &derived);
-    if (rv != SECSuccess || !derived) {
-        goto abort;
-    }
-
-    rv = PK11_ExtractKeyValue(derived);
-    if (rv != SECSuccess) {
-        goto abort;
-    }
-
-    rawkey = PK11_GetKeyData(derived);
-    if (!rawkey) {
-        goto abort;
-    }
-
-    PORT_Assert(rawkey->len == outputLen);
-    memcpy(output, rawkey->data, outputLen);
-    PK11_FreeSymKey(derived);
-
-    return SECSuccess;
-
-abort:
-    if (derived) {
-        PK11_FreeSymKey(derived);
-    }
-    PORT_SetError(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE);
-    return SECFailure;
-}
diff --git a/chromium/net/third_party/nss/ssl/tls13hkdf.h b/chromium/net/third_party/nss/ssl/tls13hkdf.h
deleted file mode 100644
index 78347a11dc2..00000000000
--- a/chromium/net/third_party/nss/ssl/tls13hkdf.h
+++ /dev/null
@@ -1,38 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
-/*
- * This file is PRIVATE to SSL.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef __tls13hkdf_h_
-#define __tls13hkdf_h_
-
-#include "keyhi.h"
-#include "sslt.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-SECStatus tls13_HkdfExtract(
-    PK11SymKey *ikm1, PK11SymKey *ikm2, SSLHashType baseHash,
-    PK11SymKey **prkp);
-SECStatus tls13_HkdfExpandLabelRaw(
-    PK11SymKey *prk, SSLHashType baseHash,
-    const PRUint8 *handshakeHash, unsigned int handshakeHashLen,
-    const char *label, unsigned int labelLen,
-    unsigned char *output, unsigned int outputLen);
-SECStatus tls13_HkdfExpandLabel(
-    PK11SymKey *prk, SSLHashType baseHash,
-    const PRUint8 *handshakeHash, unsigned int handshakeHashLen,
-    const char *label, unsigned int labelLen,
-    CK_MECHANISM_TYPE algorithm, unsigned int keySize,
-    PK11SymKey **keyp);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/chromium/net/third_party/nss/ssl/unix_err.c b/chromium/net/third_party/nss/ssl/unix_err.c
deleted file mode 100644
index ca0b0507b27..00000000000
--- a/chromium/net/third_party/nss/ssl/unix_err.c
+++ /dev/null
@@ -1,837 +0,0 @@
-/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/*
- * This file essentially replicates NSPR's source for the functions that
- * map system-specific error codes to NSPR error codes.  We would use
- * NSPR's functions, instead of duplicating them, but they're private.
- * As long as SSL's server session cache code must do platform native I/O
- * to accomplish its job, and NSPR's error mapping functions remain private,
- * this code will continue to need to be replicated.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#if 0
-#include "primpl.h"
-#else
-#define _PR_POLL_AVAILABLE 1
-#include "prerror.h"
-#endif
-
-#if defined(__bsdi__) || defined(NTO) || defined(DARWIN) || defined(BEOS)
-#undef _PR_POLL_AVAILABLE
-#endif
-
-#if defined(_PR_POLL_AVAILABLE)
-#include <poll.h>
-#endif
-#include <errno.h>
-
-/* forward declarations. */
-void nss_MD_unix_map_default_error(int err);
-
-void
-nss_MD_unix_map_opendir_error(int err)
-{
-    nss_MD_unix_map_default_error(err);
-}
-
-void
-nss_MD_unix_map_closedir_error(int err)
-{
-    PRErrorCode prError;
-    switch (err) {
-        case EINVAL:
-            prError = PR_BAD_DESCRIPTOR_ERROR;
-            break;
-        default:
-            nss_MD_unix_map_default_error(err);
-            return;
-    }
-    PR_SetError(prError, err);
-}
-
-void
-nss_MD_unix_readdir_error(int err)
-{
-    PRErrorCode prError;
-
-    switch (err) {
-        case ENOENT:
-            prError = PR_NO_MORE_FILES_ERROR;
-            break;
-#ifdef EOVERFLOW
-        case EOVERFLOW:
-            prError = PR_IO_ERROR;
-            break;
-#endif
-        case EINVAL:
-            prError = PR_IO_ERROR;
-            break;
-        case ENXIO:
-            prError = PR_IO_ERROR;
-            break;
-        default:
-            nss_MD_unix_map_default_error(err);
-            return;
-    }
-    PR_SetError(prError, err);
-}
-
-void
-nss_MD_unix_map_unlink_error(int err)
-{
-    PRErrorCode prError;
-    switch (err) {
-        case EPERM:
-            prError = PR_IS_DIRECTORY_ERROR;
-            break;
-        default:
-            nss_MD_unix_map_default_error(err);
-            return;
-    }
-    PR_SetError(prError, err);
-}
-
-void
-nss_MD_unix_map_stat_error(int err)
-{
-    PRErrorCode prError;
-    switch (err) {
-        case ETIMEDOUT:
-            prError = PR_REMOTE_FILE_ERROR;
-            break;
-        default:
-            nss_MD_unix_map_default_error(err);
-            return;
-    }
-    PR_SetError(prError, err);
-}
-
-void
-nss_MD_unix_map_fstat_error(int err)
-{
-    PRErrorCode prError;
-    switch (err) {
-        case ETIMEDOUT:
-            prError = PR_REMOTE_FILE_ERROR;
-            break;
-        default:
-            nss_MD_unix_map_default_error(err);
-            return;
-    }
-    PR_SetError(prError, err);
-}
-
-void
-nss_MD_unix_map_rename_error(int err)
-{
-    PRErrorCode prError;
-    switch (err) {
-        case EEXIST:
-            prError = PR_DIRECTORY_NOT_EMPTY_ERROR;
-            break;
-        default:
-            nss_MD_unix_map_default_error(err);
-            return;
-    }
-    PR_SetError(prError, err);
-}
-
-void
-nss_MD_unix_map_access_error(int err)
-{
-    PRErrorCode prError;
-    switch (err) {
-        case ETIMEDOUT:
-            prError = PR_REMOTE_FILE_ERROR;
-            break;
-        default:
-            nss_MD_unix_map_default_error(err);
-            return;
-    }
-    PR_SetError(prError, err);
-}
-
-void
-nss_MD_unix_map_mkdir_error(int err)
-{
-    nss_MD_unix_map_default_error(err);
-}
-
-void
-nss_MD_unix_map_rmdir_error(int err)
-{
-    PRErrorCode prError;
-
-    switch (err) {
-        case EEXIST:
-            prError = PR_DIRECTORY_NOT_EMPTY_ERROR;
-            break;
-        case EINVAL:
-            prError = PR_DIRECTORY_NOT_EMPTY_ERROR;
-            break;
-        case ETIMEDOUT:
-            prError = PR_REMOTE_FILE_ERROR;
-            break;
-        default:
-            nss_MD_unix_map_default_error(err);
-            return;
-    }
-    PR_SetError(prError, err);
-}
-
-void
-nss_MD_unix_map_read_error(int err)
-{
-    PRErrorCode prError;
-    switch (err) {
-        case EINVAL:
-            prError = PR_INVALID_METHOD_ERROR;
-            break;
-        case ENXIO:
-            prError = PR_INVALID_ARGUMENT_ERROR;
-            break;
-        default:
-            nss_MD_unix_map_default_error(err);
-            return;
-    }
-    PR_SetError(prError, err);
-}
-
-void
-nss_MD_unix_map_write_error(int err)
-{
-    PRErrorCode prError;
-    switch (err) {
-        case EINVAL:
-            prError = PR_INVALID_METHOD_ERROR;
-            break;
-        case ENXIO:
-            prError = PR_INVALID_METHOD_ERROR;
-            break;
-        case ETIMEDOUT:
-            prError = PR_REMOTE_FILE_ERROR;
-            break;
-        default:
-            nss_MD_unix_map_default_error(err);
-            return;
-    }
-    PR_SetError(prError, err);
-}
-
-void
-nss_MD_unix_map_lseek_error(int err)
-{
-    nss_MD_unix_map_default_error(err);
-}
-
-void
-nss_MD_unix_map_fsync_error(int err)
-{
-    PRErrorCode prError;
-    switch (err) {
-        case ETIMEDOUT:
-            prError = PR_REMOTE_FILE_ERROR;
-            break;
-        case EINVAL:
-            prError = PR_INVALID_METHOD_ERROR;
-            break;
-        default:
-            nss_MD_unix_map_default_error(err);
-            return;
-    }
-    PR_SetError(prError, err);
-}
-
-void
-nss_MD_unix_map_close_error(int err)
-{
-    PRErrorCode prError;
-    switch (err) {
-        case ETIMEDOUT:
-            prError = PR_REMOTE_FILE_ERROR;
-            break;
-        default:
-            nss_MD_unix_map_default_error(err);
-            return;
-    }
-    PR_SetError(prError, err);
-}
-
-void
-nss_MD_unix_map_socket_error(int err)
-{
-    PRErrorCode prError;
-    switch (err) {
-        case ENOMEM:
-            prError = PR_INSUFFICIENT_RESOURCES_ERROR;
-            break;
-        default:
-            nss_MD_unix_map_default_error(err);
-            return;
-    }
-    PR_SetError(prError, err);
-}
-
-void
-nss_MD_unix_map_socketavailable_error(int err)
-{
-    PR_SetError(PR_BAD_DESCRIPTOR_ERROR, err);
-}
-
-void
-nss_MD_unix_map_recv_error(int err)
-{
-    nss_MD_unix_map_default_error(err);
-}
-
-void
-nss_MD_unix_map_recvfrom_error(int err)
-{
-    nss_MD_unix_map_default_error(err);
-}
-
-void
-nss_MD_unix_map_send_error(int err)
-{
-    nss_MD_unix_map_default_error(err);
-}
-
-void
-nss_MD_unix_map_sendto_error(int err)
-{
-    nss_MD_unix_map_default_error(err);
-}
-
-void
-nss_MD_unix_map_writev_error(int err)
-{
-    nss_MD_unix_map_default_error(err);
-}
-
-void
-nss_MD_unix_map_accept_error(int err)
-{
-    PRErrorCode prError;
-    switch (err) {
-        case ENODEV:
-            prError = PR_NOT_TCP_SOCKET_ERROR;
-            break;
-        default:
-            nss_MD_unix_map_default_error(err);
-            return;
-    }
-    PR_SetError(prError, err);
-}
-
-void
-nss_MD_unix_map_connect_error(int err)
-{
-    PRErrorCode prError;
-    switch (err) {
-        case EACCES:
-            prError = PR_ADDRESS_NOT_SUPPORTED_ERROR;
-            break;
-#if defined(UNIXWARE) || defined(SNI) || defined(NEC)
-        /*
-         * On some platforms, if we connect to a port on the local host
-         * (the loopback address) that no process is listening on, we get
-         * EIO instead of ECONNREFUSED.
-         */
-        case EIO:
-            prError = PR_CONNECT_REFUSED_ERROR;
-            break;
-#endif
-        case ELOOP:
-            prError = PR_ADDRESS_NOT_SUPPORTED_ERROR;
-            break;
-        case ENOENT:
-            prError = PR_ADDRESS_NOT_SUPPORTED_ERROR;
-            break;
-        case ENXIO:
-            prError = PR_IO_ERROR;
-            break;
-        default:
-            nss_MD_unix_map_default_error(err);
-            return;
-    }
-    PR_SetError(prError, err);
-}
-
-void
-nss_MD_unix_map_bind_error(int err)
-{
-    PRErrorCode prError;
-    switch (err) {
-        case EINVAL:
-            prError = PR_SOCKET_ADDRESS_IS_BOUND_ERROR;
-            break;
-            /*
-             * UNIX domain sockets are not supported in NSPR
-             */
-        case EIO:
-            prError = PR_ADDRESS_NOT_SUPPORTED_ERROR;
-            break;
-        case EISDIR:
-            prError = PR_ADDRESS_NOT_SUPPORTED_ERROR;
-            break;
-        case ELOOP:
-            prError = PR_ADDRESS_NOT_SUPPORTED_ERROR;
-            break;
-        case ENOENT:
-            prError = PR_ADDRESS_NOT_SUPPORTED_ERROR;
-            break;
-        case ENOTDIR:
-            prError = PR_ADDRESS_NOT_SUPPORTED_ERROR;
-            break;
-        case EROFS:
-            prError = PR_ADDRESS_NOT_SUPPORTED_ERROR;
-            break;
-        default:
-            nss_MD_unix_map_default_error(err);
-            return;
-    }
-    PR_SetError(prError, err);
-}
-
-void
-nss_MD_unix_map_listen_error(int err)
-{
-    nss_MD_unix_map_default_error(err);
-}
-
-void
-nss_MD_unix_map_shutdown_error(int err)
-{
-    nss_MD_unix_map_default_error(err);
-}
-
-void
-nss_MD_unix_map_socketpair_error(int err)
-{
-    PRErrorCode prError;
-    switch (err) {
-        case ENOMEM:
-            prError = PR_INSUFFICIENT_RESOURCES_ERROR;
-            break;
-        default:
-            nss_MD_unix_map_default_error(err);
-            return;
-    }
-    PR_SetError(prError, err);
-}
-
-void
-nss_MD_unix_map_getsockname_error(int err)
-{
-    PRErrorCode prError;
-    switch (err) {
-        case ENOMEM:
-            prError = PR_INSUFFICIENT_RESOURCES_ERROR;
-            break;
-        default:
-            nss_MD_unix_map_default_error(err);
-            return;
-    }
-    PR_SetError(prError, err);
-}
-
-void
-nss_MD_unix_map_getpeername_error(int err)
-{
-    PRErrorCode prError;
-
-    switch (err) {
-        case ENOMEM:
-            prError = PR_INSUFFICIENT_RESOURCES_ERROR;
-            break;
-        default:
-            nss_MD_unix_map_default_error(err);
-            return;
-    }
-    PR_SetError(prError, err);
-}
-
-void
-nss_MD_unix_map_getsockopt_error(int err)
-{
-    PRErrorCode prError;
-    switch (err) {
-        case EINVAL:
-            prError = PR_BUFFER_OVERFLOW_ERROR;
-            break;
-        case ENOMEM:
-            prError = PR_INSUFFICIENT_RESOURCES_ERROR;
-            break;
-        default:
-            nss_MD_unix_map_default_error(err);
-            return;
-    }
-    PR_SetError(prError, err);
-}
-
-void
-nss_MD_unix_map_setsockopt_error(int err)
-{
-    PRErrorCode prError;
-    switch (err) {
-        case EINVAL:
-            prError = PR_BUFFER_OVERFLOW_ERROR;
-            break;
-        case ENOMEM:
-            prError = PR_INSUFFICIENT_RESOURCES_ERROR;
-            break;
-        default:
-            nss_MD_unix_map_default_error(err);
-            return;
-    }
-    PR_SetError(prError, err);
-}
-
-void
-nss_MD_unix_map_open_error(int err)
-{
-    PRErrorCode prError;
-    switch (err) {
-        case EAGAIN:
-            prError = PR_INSUFFICIENT_RESOURCES_ERROR;
-            break;
-        case EBUSY:
-            prError = PR_IO_ERROR;
-            break;
-        case ENODEV:
-            prError = PR_FILE_NOT_FOUND_ERROR;
-            break;
-        case ENOMEM:
-            prError = PR_INSUFFICIENT_RESOURCES_ERROR;
-            break;
-        case ETIMEDOUT:
-            prError = PR_REMOTE_FILE_ERROR;
-            break;
-        default:
-            nss_MD_unix_map_default_error(err);
-            return;
-    }
-    PR_SetError(prError, err);
-}
-
-void
-nss_MD_unix_map_mmap_error(int err)
-{
-    PRErrorCode prError;
-    switch (err) {
-        case EAGAIN:
-            prError = PR_INSUFFICIENT_RESOURCES_ERROR;
-            break;
-        case EMFILE:
-            prError = PR_INSUFFICIENT_RESOURCES_ERROR;
-            break;
-        case ENODEV:
-            prError = PR_OPERATION_NOT_SUPPORTED_ERROR;
-            break;
-        case ENXIO:
-            prError = PR_INVALID_ARGUMENT_ERROR;
-            break;
-        default:
-            nss_MD_unix_map_default_error(err);
-            return;
-    }
-    PR_SetError(prError, err);
-}
-
-void
-nss_MD_unix_map_gethostname_error(int err)
-{
-    nss_MD_unix_map_default_error(err);
-}
-
-void
-nss_MD_unix_map_select_error(int err)
-{
-    nss_MD_unix_map_default_error(err);
-}
-
-#ifdef _PR_POLL_AVAILABLE
-void
-nss_MD_unix_map_poll_error(int err)
-{
-    PRErrorCode prError;
-
-    switch (err) {
-        case EAGAIN:
-            prError = PR_INSUFFICIENT_RESOURCES_ERROR;
-            break;
-        default:
-            nss_MD_unix_map_default_error(err);
-            return;
-    }
-    PR_SetError(prError, err);
-}
-
-void
-nss_MD_unix_map_poll_revents_error(int err)
-{
-    if (err & POLLNVAL)
-        PR_SetError(PR_BAD_DESCRIPTOR_ERROR, EBADF);
-    else if (err & POLLHUP)
-        PR_SetError(PR_CONNECT_RESET_ERROR, EPIPE);
-    else if (err & POLLERR)
-        PR_SetError(PR_IO_ERROR, EIO);
-    else
-        PR_SetError(PR_UNKNOWN_ERROR, err);
-}
-#endif /* _PR_POLL_AVAILABLE */
-
-void
-nss_MD_unix_map_flock_error(int err)
-{
-    PRErrorCode prError;
-    switch (err) {
-        case EINVAL:
-            prError = PR_BAD_DESCRIPTOR_ERROR;
-            break;
-        case EWOULDBLOCK:
-            prError = PR_FILE_IS_LOCKED_ERROR;
-            break;
-        default:
-            nss_MD_unix_map_default_error(err);
-            return;
-    }
-    PR_SetError(prError, err);
-}
-
-void
-nss_MD_unix_map_lockf_error(int err)
-{
-    PRErrorCode prError;
-    switch (err) {
-        case EACCES:
-            prError = PR_FILE_IS_LOCKED_ERROR;
-            break;
-        case EDEADLK:
-            prError = PR_INSUFFICIENT_RESOURCES_ERROR;
-            break;
-        default:
-            nss_MD_unix_map_default_error(err);
-            return;
-    }
-    PR_SetError(prError, err);
-}
-
-#ifdef HPUX11
-void
-nss_MD_hpux_map_sendfile_error(int err)
-{
-    nss_MD_unix_map_default_error(err);
-}
-#endif /* HPUX11 */
-
-void
-nss_MD_unix_map_default_error(int err)
-{
-    PRErrorCode prError;
-    switch (err) {
-        case EACCES:
-            prError = PR_NO_ACCESS_RIGHTS_ERROR;
-            break;
-        case EADDRINUSE:
-            prError = PR_ADDRESS_IN_USE_ERROR;
-            break;
-        case EADDRNOTAVAIL:
-            prError = PR_ADDRESS_NOT_AVAILABLE_ERROR;
-            break;
-        case EAFNOSUPPORT:
-            prError = PR_ADDRESS_NOT_SUPPORTED_ERROR;
-            break;
-        case EAGAIN:
-            prError = PR_WOULD_BLOCK_ERROR;
-            break;
-    /*
-     * On QNX and Neutrino, EALREADY is defined as EBUSY.
-     */
-#if EALREADY != EBUSY
-        case EALREADY:
-            prError = PR_ALREADY_INITIATED_ERROR;
-            break;
-#endif
-        case EBADF:
-            prError = PR_BAD_DESCRIPTOR_ERROR;
-            break;
-#ifdef EBADMSG
-        case EBADMSG:
-            prError = PR_IO_ERROR;
-            break;
-#endif
-        case EBUSY:
-            prError = PR_FILESYSTEM_MOUNTED_ERROR;
-            break;
-        case ECONNREFUSED:
-            prError = PR_CONNECT_REFUSED_ERROR;
-            break;
-        case ECONNRESET:
-            prError = PR_CONNECT_RESET_ERROR;
-            break;
-        case EDEADLK:
-            prError = PR_DEADLOCK_ERROR;
-            break;
-#ifdef EDIRCORRUPTED
-        case EDIRCORRUPTED:
-            prError = PR_DIRECTORY_CORRUPTED_ERROR;
-            break;
-#endif
-#ifdef EDQUOT
-        case EDQUOT:
-            prError = PR_NO_DEVICE_SPACE_ERROR;
-            break;
-#endif
-        case EEXIST:
-            prError = PR_FILE_EXISTS_ERROR;
-            break;
-        case EFAULT:
-            prError = PR_ACCESS_FAULT_ERROR;
-            break;
-        case EFBIG:
-            prError = PR_FILE_TOO_BIG_ERROR;
-            break;
-        case EINPROGRESS:
-            prError = PR_IN_PROGRESS_ERROR;
-            break;
-        case EINTR:
-            prError = PR_PENDING_INTERRUPT_ERROR;
-            break;
-        case EINVAL:
-            prError = PR_INVALID_ARGUMENT_ERROR;
-            break;
-        case EIO:
-            prError = PR_IO_ERROR;
-            break;
-        case EISCONN:
-            prError = PR_IS_CONNECTED_ERROR;
-            break;
-        case EISDIR:
-            prError = PR_IS_DIRECTORY_ERROR;
-            break;
-        case ELOOP:
-            prError = PR_LOOP_ERROR;
-            break;
-        case EMFILE:
-            prError = PR_PROC_DESC_TABLE_FULL_ERROR;
-            break;
-        case EMLINK:
-            prError = PR_MAX_DIRECTORY_ENTRIES_ERROR;
-            break;
-        case EMSGSIZE:
-            prError = PR_INVALID_ARGUMENT_ERROR;
-            break;
-#ifdef EMULTIHOP
-        case EMULTIHOP:
-            prError = PR_REMOTE_FILE_ERROR;
-            break;
-#endif
-        case ENAMETOOLONG:
-            prError = PR_NAME_TOO_LONG_ERROR;
-            break;
-        case ENETUNREACH:
-            prError = PR_NETWORK_UNREACHABLE_ERROR;
-            break;
-        case ENFILE:
-            prError = PR_SYS_DESC_TABLE_FULL_ERROR;
-            break;
-#if !defined(SCO)
-        case ENOBUFS:
-            prError = PR_INSUFFICIENT_RESOURCES_ERROR;
-            break;
-#endif
-        case ENODEV:
-            prError = PR_FILE_NOT_FOUND_ERROR;
-            break;
-        case ENOENT:
-            prError = PR_FILE_NOT_FOUND_ERROR;
-            break;
-        case ENOLCK:
-            prError = PR_FILE_IS_LOCKED_ERROR;
-            break;
-#ifdef ENOLINK
-        case ENOLINK:
-            prError = PR_REMOTE_FILE_ERROR;
-            break;
-#endif
-        case ENOMEM:
-            prError = PR_OUT_OF_MEMORY_ERROR;
-            break;
-        case ENOPROTOOPT:
-            prError = PR_INVALID_ARGUMENT_ERROR;
-            break;
-        case ENOSPC:
-            prError = PR_NO_DEVICE_SPACE_ERROR;
-            break;
-#ifdef ENOSR
-        case ENOSR:
-            prError = PR_INSUFFICIENT_RESOURCES_ERROR;
-            break;
-#endif
-        case ENOTCONN:
-            prError = PR_NOT_CONNECTED_ERROR;
-            break;
-        case ENOTDIR:
-            prError = PR_NOT_DIRECTORY_ERROR;
-            break;
-        case ENOTSOCK:
-            prError = PR_NOT_SOCKET_ERROR;
-            break;
-        case ENXIO:
-            prError = PR_FILE_NOT_FOUND_ERROR;
-            break;
-        case EOPNOTSUPP:
-            prError = PR_NOT_TCP_SOCKET_ERROR;
-            break;
-#ifdef EOVERFLOW
-        case EOVERFLOW:
-            prError = PR_BUFFER_OVERFLOW_ERROR;
-            break;
-#endif
-        case EPERM:
-            prError = PR_NO_ACCESS_RIGHTS_ERROR;
-            break;
-        case EPIPE:
-            prError = PR_CONNECT_RESET_ERROR;
-            break;
-#ifdef EPROTO
-        case EPROTO:
-            prError = PR_IO_ERROR;
-            break;
-#endif
-        case EPROTONOSUPPORT:
-            prError = PR_PROTOCOL_NOT_SUPPORTED_ERROR;
-            break;
-        case EPROTOTYPE:
-            prError = PR_ADDRESS_NOT_SUPPORTED_ERROR;
-            break;
-        case ERANGE:
-            prError = PR_INVALID_METHOD_ERROR;
-            break;
-        case EROFS:
-            prError = PR_READ_ONLY_FILESYSTEM_ERROR;
-            break;
-        case ESPIPE:
-            prError = PR_INVALID_METHOD_ERROR;
-            break;
-        case ETIMEDOUT:
-            prError = PR_IO_TIMEOUT_ERROR;
-            break;
-#if EWOULDBLOCK != EAGAIN
-        case EWOULDBLOCK:
-            prError = PR_WOULD_BLOCK_ERROR;
-            break;
-#endif
-        case EXDEV:
-            prError = PR_NOT_SAME_DEVICE_ERROR;
-            break;
-
-        default:
-            prError = PR_UNKNOWN_ERROR;
-            break;
-    }
-    PR_SetError(prError, err);
-}
diff --git a/chromium/net/third_party/nss/ssl/unix_err.h b/chromium/net/third_party/nss/ssl/unix_err.h
deleted file mode 100644
index 5d7d547bfb6..00000000000
--- a/chromium/net/third_party/nss/ssl/unix_err.h
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * This file essentially replicates NSPR's source for the functions that
- * map system-specific error codes to NSPR error codes.  We would use
- * NSPR's functions, instead of duplicating them, but they're private.
- * As long as SSL's server session cache code must do platform native I/O
- * to accomplish its job, and NSPR's error mapping functions remain private,
- * this code will continue to need to be replicated.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-/*  NSPR doesn't make these functions public, so we have to duplicate
-**  them in NSS.
-*/
-extern void nss_MD_hpux_map_sendfile_error(int err);
-extern void nss_MD_unix_map_accept_error(int err);
-extern void nss_MD_unix_map_access_error(int err);
-extern void nss_MD_unix_map_bind_error(int err);
-extern void nss_MD_unix_map_close_error(int err);
-extern void nss_MD_unix_map_closedir_error(int err);
-extern void nss_MD_unix_map_connect_error(int err);
-extern void nss_MD_unix_map_default_error(int err);
-extern void nss_MD_unix_map_flock_error(int err);
-extern void nss_MD_unix_map_fstat_error(int err);
-extern void nss_MD_unix_map_fsync_error(int err);
-extern void nss_MD_unix_map_gethostname_error(int err);
-extern void nss_MD_unix_map_getpeername_error(int err);
-extern void nss_MD_unix_map_getsockname_error(int err);
-extern void nss_MD_unix_map_getsockopt_error(int err);
-extern void nss_MD_unix_map_listen_error(int err);
-extern void nss_MD_unix_map_lockf_error(int err);
-extern void nss_MD_unix_map_lseek_error(int err);
-extern void nss_MD_unix_map_mkdir_error(int err);
-extern void nss_MD_unix_map_mmap_error(int err);
-extern void nss_MD_unix_map_open_error(int err);
-extern void nss_MD_unix_map_opendir_error(int err);
-extern void nss_MD_unix_map_poll_error(int err);
-extern void nss_MD_unix_map_poll_revents_error(int err);
-extern void nss_MD_unix_map_read_error(int err);
-extern void nss_MD_unix_map_readdir_error(int err);
-extern void nss_MD_unix_map_recv_error(int err);
-extern void nss_MD_unix_map_recvfrom_error(int err);
-extern void nss_MD_unix_map_rename_error(int err);
-extern void nss_MD_unix_map_rmdir_error(int err);
-extern void nss_MD_unix_map_select_error(int err);
-extern void nss_MD_unix_map_send_error(int err);
-extern void nss_MD_unix_map_sendto_error(int err);
-extern void nss_MD_unix_map_setsockopt_error(int err);
-extern void nss_MD_unix_map_shutdown_error(int err);
-extern void nss_MD_unix_map_socket_error(int err);
-extern void nss_MD_unix_map_socketavailable_error(int err);
-extern void nss_MD_unix_map_socketpair_error(int err);
-extern void nss_MD_unix_map_stat_error(int err);
-extern void nss_MD_unix_map_unlink_error(int err);
-extern void nss_MD_unix_map_write_error(int err);
-extern void nss_MD_unix_map_writev_error(int err);
diff --git a/chromium/net/third_party/nss/ssl/win32err.c b/chromium/net/third_party/nss/ssl/win32err.c
deleted file mode 100644
index caa12b956e1..00000000000
--- a/chromium/net/third_party/nss/ssl/win32err.c
+++ /dev/null
@@ -1,550 +0,0 @@
-/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/*
- * This file essentially replicates NSPR's source for the functions that
- * map system-specific error codes to NSPR error codes.  We would use
- * NSPR's functions, instead of duplicating them, but they're private.
- * As long as SSL's server session cache code must do platform native I/O
- * to accomplish its job, and NSPR's error mapping functions remain private,
- * this code will continue to need to be replicated.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "prerror.h"
-#include "prlog.h"
-#include <errno.h>
-#include <windows.h>
-
-/*
- * On Win32, we map three kinds of error codes:
- * - GetLastError(): for Win32 functions
- * - WSAGetLastError(): for Winsock functions
- * - errno: for standard C library functions
- *
- * We do not check for WSAEINPROGRESS and WSAEINTR because we do not
- * use blocking Winsock 1.1 calls.
- *
- * Except for the 'socket' call, we do not check for WSAEINITIALISED.
- * It is assumed that if Winsock is not initialized, that fact will
- * be detected at the time we create new sockets.
- */
-
-/* forward declaration. */
-void nss_MD_win32_map_default_error(PRInt32 err);
-
-void
-nss_MD_win32_map_opendir_error(PRInt32 err)
-{
-    nss_MD_win32_map_default_error(err);
-}
-
-void
-nss_MD_win32_map_closedir_error(PRInt32 err)
-{
-    nss_MD_win32_map_default_error(err);
-}
-
-void
-nss_MD_win32_map_readdir_error(PRInt32 err)
-{
-    nss_MD_win32_map_default_error(err);
-}
-
-void
-nss_MD_win32_map_delete_error(PRInt32 err)
-{
-    nss_MD_win32_map_default_error(err);
-}
-
-/* The error code for stat() is in errno. */
-void
-nss_MD_win32_map_stat_error(PRInt32 err)
-{
-    nss_MD_win32_map_default_error(err);
-}
-
-void
-nss_MD_win32_map_fstat_error(PRInt32 err)
-{
-    nss_MD_win32_map_default_error(err);
-}
-
-void
-nss_MD_win32_map_rename_error(PRInt32 err)
-{
-    nss_MD_win32_map_default_error(err);
-}
-
-/* The error code for access() is in errno. */
-void
-nss_MD_win32_map_access_error(PRInt32 err)
-{
-    nss_MD_win32_map_default_error(err);
-}
-
-void
-nss_MD_win32_map_mkdir_error(PRInt32 err)
-{
-    nss_MD_win32_map_default_error(err);
-}
-
-void
-nss_MD_win32_map_rmdir_error(PRInt32 err)
-{
-    nss_MD_win32_map_default_error(err);
-}
-
-void
-nss_MD_win32_map_read_error(PRInt32 err)
-{
-    nss_MD_win32_map_default_error(err);
-}
-
-void
-nss_MD_win32_map_transmitfile_error(PRInt32 err)
-{
-    nss_MD_win32_map_default_error(err);
-}
-
-void
-nss_MD_win32_map_write_error(PRInt32 err)
-{
-    nss_MD_win32_map_default_error(err);
-}
-
-void
-nss_MD_win32_map_lseek_error(PRInt32 err)
-{
-    nss_MD_win32_map_default_error(err);
-}
-
-void
-nss_MD_win32_map_fsync_error(PRInt32 err)
-{
-    nss_MD_win32_map_default_error(err);
-}
-
-/*
- * For both CloseHandle() and closesocket().
- */
-void
-nss_MD_win32_map_close_error(PRInt32 err)
-{
-    nss_MD_win32_map_default_error(err);
-}
-
-void
-nss_MD_win32_map_socket_error(PRInt32 err)
-{
-    PR_ASSERT(err != WSANOTINITIALISED);
-    nss_MD_win32_map_default_error(err);
-}
-
-void
-nss_MD_win32_map_recv_error(PRInt32 err)
-{
-    nss_MD_win32_map_default_error(err);
-}
-
-void
-nss_MD_win32_map_recvfrom_error(PRInt32 err)
-{
-    nss_MD_win32_map_default_error(err);
-}
-
-void
-nss_MD_win32_map_send_error(PRInt32 err)
-{
-    PRErrorCode prError;
-    switch (err) {
-        case WSAEMSGSIZE:
-            prError = PR_INVALID_ARGUMENT_ERROR;
-            break;
-        default:
-            nss_MD_win32_map_default_error(err);
-            return;
-    }
-    PR_SetError(prError, err);
-}
-
-void
-nss_MD_win32_map_sendto_error(PRInt32 err)
-{
-    PRErrorCode prError;
-    switch (err) {
-        case WSAEMSGSIZE:
-            prError = PR_INVALID_ARGUMENT_ERROR;
-            break;
-        default:
-            nss_MD_win32_map_default_error(err);
-            return;
-    }
-    PR_SetError(prError, err);
-}
-
-void
-nss_MD_win32_map_accept_error(PRInt32 err)
-{
-    PRErrorCode prError;
-    switch (err) {
-        case WSAEOPNOTSUPP:
-            prError = PR_NOT_TCP_SOCKET_ERROR;
-            break;
-        case WSAEINVAL:
-            prError = PR_INVALID_STATE_ERROR;
-            break;
-        default:
-            nss_MD_win32_map_default_error(err);
-            return;
-    }
-    PR_SetError(prError, err);
-}
-
-void
-nss_MD_win32_map_acceptex_error(PRInt32 err)
-{
-    nss_MD_win32_map_default_error(err);
-}
-
-void
-nss_MD_win32_map_connect_error(PRInt32 err)
-{
-    PRErrorCode prError;
-    switch (err) {
-        case WSAEWOULDBLOCK:
-            prError = PR_IN_PROGRESS_ERROR;
-            break;
-        case WSAEINVAL:
-            prError = PR_ALREADY_INITIATED_ERROR;
-            break;
-        case WSAETIMEDOUT:
-            prError = PR_IO_TIMEOUT_ERROR;
-            break;
-        default:
-            nss_MD_win32_map_default_error(err);
-            return;
-    }
-    PR_SetError(prError, err);
-}
-
-void
-nss_MD_win32_map_bind_error(PRInt32 err)
-{
-    PRErrorCode prError;
-    switch (err) {
-        case WSAEINVAL:
-            prError = PR_SOCKET_ADDRESS_IS_BOUND_ERROR;
-            break;
-        default:
-            nss_MD_win32_map_default_error(err);
-            return;
-    }
-    PR_SetError(prError, err);
-}
-
-void
-nss_MD_win32_map_listen_error(PRInt32 err)
-{
-    PRErrorCode prError;
-    switch (err) {
-        case WSAEOPNOTSUPP:
-            prError = PR_NOT_TCP_SOCKET_ERROR;
-            break;
-        case WSAEINVAL:
-            prError = PR_INVALID_STATE_ERROR;
-            break;
-        default:
-            nss_MD_win32_map_default_error(err);
-            return;
-    }
-    PR_SetError(prError, err);
-}
-
-void
-nss_MD_win32_map_shutdown_error(PRInt32 err)
-{
-    nss_MD_win32_map_default_error(err);
-}
-
-void
-nss_MD_win32_map_getsockname_error(PRInt32 err)
-{
-    PRErrorCode prError;
-    switch (err) {
-        case WSAEINVAL:
-            prError = PR_INVALID_STATE_ERROR;
-            break;
-        default:
-            nss_MD_win32_map_default_error(err);
-            return;
-    }
-    PR_SetError(prError, err);
-}
-
-void
-nss_MD_win32_map_getpeername_error(PRInt32 err)
-{
-    nss_MD_win32_map_default_error(err);
-}
-
-void
-nss_MD_win32_map_getsockopt_error(PRInt32 err)
-{
-    nss_MD_win32_map_default_error(err);
-}
-
-void
-nss_MD_win32_map_setsockopt_error(PRInt32 err)
-{
-    nss_MD_win32_map_default_error(err);
-}
-
-void
-nss_MD_win32_map_open_error(PRInt32 err)
-{
-    nss_MD_win32_map_default_error(err);
-}
-
-void
-nss_MD_win32_map_gethostname_error(PRInt32 err)
-{
-    nss_MD_win32_map_default_error(err);
-}
-
-/* Win32 select() only works on sockets.  So in this
-** context, WSAENOTSOCK is equivalent to EBADF on Unix.
-*/
-void
-nss_MD_win32_map_select_error(PRInt32 err)
-{
-    PRErrorCode prError;
-    switch (err) {
-        case WSAENOTSOCK:
-            prError = PR_BAD_DESCRIPTOR_ERROR;
-            break;
-        default:
-            nss_MD_win32_map_default_error(err);
-            return;
-    }
-    PR_SetError(prError, err);
-}
-
-void
-nss_MD_win32_map_lockf_error(PRInt32 err)
-{
-    nss_MD_win32_map_default_error(err);
-}
-
-void
-nss_MD_win32_map_default_error(PRInt32 err)
-{
-    PRErrorCode prError;
-
-    switch (err) {
-        case EACCES:
-            prError = PR_NO_ACCESS_RIGHTS_ERROR;
-            break;
-        case ENOENT:
-            prError = PR_FILE_NOT_FOUND_ERROR;
-            break;
-        case ERROR_ACCESS_DENIED:
-            prError = PR_NO_ACCESS_RIGHTS_ERROR;
-            break;
-        case ERROR_ALREADY_EXISTS:
-            prError = PR_FILE_EXISTS_ERROR;
-            break;
-        case ERROR_DISK_CORRUPT:
-            prError = PR_IO_ERROR;
-            break;
-        case ERROR_DISK_FULL:
-            prError = PR_NO_DEVICE_SPACE_ERROR;
-            break;
-        case ERROR_DISK_OPERATION_FAILED:
-            prError = PR_IO_ERROR;
-            break;
-        case ERROR_DRIVE_LOCKED:
-            prError = PR_FILE_IS_LOCKED_ERROR;
-            break;
-        case ERROR_FILENAME_EXCED_RANGE:
-            prError = PR_NAME_TOO_LONG_ERROR;
-            break;
-        case ERROR_FILE_CORRUPT:
-            prError = PR_IO_ERROR;
-            break;
-        case ERROR_FILE_EXISTS:
-            prError = PR_FILE_EXISTS_ERROR;
-            break;
-        case ERROR_FILE_INVALID:
-            prError = PR_BAD_DESCRIPTOR_ERROR;
-            break;
-#if ERROR_FILE_NOT_FOUND != ENOENT
-        case ERROR_FILE_NOT_FOUND:
-            prError = PR_FILE_NOT_FOUND_ERROR;
-            break;
-#endif
-        case ERROR_HANDLE_DISK_FULL:
-            prError = PR_NO_DEVICE_SPACE_ERROR;
-            break;
-        case ERROR_INVALID_ADDRESS:
-            prError = PR_ACCESS_FAULT_ERROR;
-            break;
-        case ERROR_INVALID_HANDLE:
-            prError = PR_BAD_DESCRIPTOR_ERROR;
-            break;
-        case ERROR_INVALID_NAME:
-            prError = PR_INVALID_ARGUMENT_ERROR;
-            break;
-        case ERROR_INVALID_PARAMETER:
-            prError = PR_INVALID_ARGUMENT_ERROR;
-            break;
-        case ERROR_INVALID_USER_BUFFER:
-            prError = PR_INSUFFICIENT_RESOURCES_ERROR;
-            break;
-        case ERROR_LOCKED:
-            prError = PR_FILE_IS_LOCKED_ERROR;
-            break;
-        case ERROR_NETNAME_DELETED:
-            prError = PR_CONNECT_RESET_ERROR;
-            break;
-        case ERROR_NOACCESS:
-            prError = PR_ACCESS_FAULT_ERROR;
-            break;
-        case ERROR_NOT_ENOUGH_MEMORY:
-            prError = PR_INSUFFICIENT_RESOURCES_ERROR;
-            break;
-        case ERROR_NOT_ENOUGH_QUOTA:
-            prError = PR_OUT_OF_MEMORY_ERROR;
-            break;
-        case ERROR_NOT_READY:
-            prError = PR_IO_ERROR;
-            break;
-        case ERROR_NO_MORE_FILES:
-            prError = PR_NO_MORE_FILES_ERROR;
-            break;
-        case ERROR_OPEN_FAILED:
-            prError = PR_IO_ERROR;
-            break;
-        case ERROR_OPEN_FILES:
-            prError = PR_IO_ERROR;
-            break;
-        case ERROR_OUTOFMEMORY:
-            prError = PR_INSUFFICIENT_RESOURCES_ERROR;
-            break;
-        case ERROR_PATH_BUSY:
-            prError = PR_IO_ERROR;
-            break;
-        case ERROR_PATH_NOT_FOUND:
-            prError = PR_FILE_NOT_FOUND_ERROR;
-            break;
-        case ERROR_SEEK_ON_DEVICE:
-            prError = PR_IO_ERROR;
-            break;
-        case ERROR_SHARING_VIOLATION:
-            prError = PR_FILE_IS_BUSY_ERROR;
-            break;
-        case ERROR_STACK_OVERFLOW:
-            prError = PR_ACCESS_FAULT_ERROR;
-            break;
-        case ERROR_TOO_MANY_OPEN_FILES:
-            prError = PR_SYS_DESC_TABLE_FULL_ERROR;
-            break;
-        case ERROR_WRITE_PROTECT:
-            prError = PR_NO_ACCESS_RIGHTS_ERROR;
-            break;
-        case WSAEACCES:
-            prError = PR_NO_ACCESS_RIGHTS_ERROR;
-            break;
-        case WSAEADDRINUSE:
-            prError = PR_ADDRESS_IN_USE_ERROR;
-            break;
-        case WSAEADDRNOTAVAIL:
-            prError = PR_ADDRESS_NOT_AVAILABLE_ERROR;
-            break;
-        case WSAEAFNOSUPPORT:
-            prError = PR_ADDRESS_NOT_SUPPORTED_ERROR;
-            break;
-        case WSAEALREADY:
-            prError = PR_ALREADY_INITIATED_ERROR;
-            break;
-        case WSAEBADF:
-            prError = PR_BAD_DESCRIPTOR_ERROR;
-            break;
-        case WSAECONNABORTED:
-            prError = PR_CONNECT_ABORTED_ERROR;
-            break;
-        case WSAECONNREFUSED:
-            prError = PR_CONNECT_REFUSED_ERROR;
-            break;
-        case WSAECONNRESET:
-            prError = PR_CONNECT_RESET_ERROR;
-            break;
-        case WSAEDESTADDRREQ:
-            prError = PR_INVALID_ARGUMENT_ERROR;
-            break;
-        case WSAEFAULT:
-            prError = PR_ACCESS_FAULT_ERROR;
-            break;
-        case WSAEHOSTUNREACH:
-            prError = PR_HOST_UNREACHABLE_ERROR;
-            break;
-        case WSAEINVAL:
-            prError = PR_INVALID_ARGUMENT_ERROR;
-            break;
-        case WSAEISCONN:
-            prError = PR_IS_CONNECTED_ERROR;
-            break;
-        case WSAEMFILE:
-            prError = PR_PROC_DESC_TABLE_FULL_ERROR;
-            break;
-        case WSAEMSGSIZE:
-            prError = PR_BUFFER_OVERFLOW_ERROR;
-            break;
-        case WSAENETDOWN:
-            prError = PR_NETWORK_DOWN_ERROR;
-            break;
-        case WSAENETRESET:
-            prError = PR_CONNECT_ABORTED_ERROR;
-            break;
-        case WSAENETUNREACH:
-            prError = PR_NETWORK_UNREACHABLE_ERROR;
-            break;
-        case WSAENOBUFS:
-            prError = PR_INSUFFICIENT_RESOURCES_ERROR;
-            break;
-        case WSAENOPROTOOPT:
-            prError = PR_INVALID_ARGUMENT_ERROR;
-            break;
-        case WSAENOTCONN:
-            prError = PR_NOT_CONNECTED_ERROR;
-            break;
-        case WSAENOTSOCK:
-            prError = PR_NOT_SOCKET_ERROR;
-            break;
-        case WSAEOPNOTSUPP:
-            prError = PR_OPERATION_NOT_SUPPORTED_ERROR;
-            break;
-        case WSAEPROTONOSUPPORT:
-            prError = PR_PROTOCOL_NOT_SUPPORTED_ERROR;
-            break;
-        case WSAEPROTOTYPE:
-            prError = PR_INVALID_ARGUMENT_ERROR;
-            break;
-        case WSAESHUTDOWN:
-            prError = PR_SOCKET_SHUTDOWN_ERROR;
-            break;
-        case WSAESOCKTNOSUPPORT:
-            prError = PR_INVALID_ARGUMENT_ERROR;
-            break;
-        case WSAETIMEDOUT:
-            prError = PR_CONNECT_ABORTED_ERROR;
-            break;
-        case WSAEWOULDBLOCK:
-            prError = PR_WOULD_BLOCK_ERROR;
-            break;
-        default:
-            prError = PR_UNKNOWN_ERROR;
-            break;
-    }
-    PR_SetError(prError, err);
-}
diff --git a/chromium/net/third_party/nss/ssl/win32err.h b/chromium/net/third_party/nss/ssl/win32err.h
deleted file mode 100644
index a698849061c..00000000000
--- a/chromium/net/third_party/nss/ssl/win32err.h
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * This file essentially replicates NSPR's source for the functions that
- * map system-specific error codes to NSPR error codes.  We would use
- * NSPR's functions, instead of duplicating them, but they're private.
- * As long as SSL's server session cache code must do platform native I/O
- * to accomplish its job, and NSPR's error mapping functions remain private,
- * This code will continue to need to be replicated.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-/*  NSPR doesn't make these functions public, so we have to duplicate
-**  them in NSS.
-*/
-extern void nss_MD_win32_map_accept_error(PRInt32 err);
-extern void nss_MD_win32_map_acceptex_error(PRInt32 err);
-extern void nss_MD_win32_map_access_error(PRInt32 err);
-extern void nss_MD_win32_map_bind_error(PRInt32 err);
-extern void nss_MD_win32_map_close_error(PRInt32 err);
-extern void nss_MD_win32_map_closedir_error(PRInt32 err);
-extern void nss_MD_win32_map_connect_error(PRInt32 err);
-extern void nss_MD_win32_map_default_error(PRInt32 err);
-extern void nss_MD_win32_map_delete_error(PRInt32 err);
-extern void nss_MD_win32_map_fstat_error(PRInt32 err);
-extern void nss_MD_win32_map_fsync_error(PRInt32 err);
-extern void nss_MD_win32_map_gethostname_error(PRInt32 err);
-extern void nss_MD_win32_map_getpeername_error(PRInt32 err);
-extern void nss_MD_win32_map_getsockname_error(PRInt32 err);
-extern void nss_MD_win32_map_getsockopt_error(PRInt32 err);
-extern void nss_MD_win32_map_listen_error(PRInt32 err);
-extern void nss_MD_win32_map_lockf_error(PRInt32 err);
-extern void nss_MD_win32_map_lseek_error(PRInt32 err);
-extern void nss_MD_win32_map_mkdir_error(PRInt32 err);
-extern void nss_MD_win32_map_open_error(PRInt32 err);
-extern void nss_MD_win32_map_opendir_error(PRInt32 err);
-extern void nss_MD_win32_map_read_error(PRInt32 err);
-extern void nss_MD_win32_map_readdir_error(PRInt32 err);
-extern void nss_MD_win32_map_recv_error(PRInt32 err);
-extern void nss_MD_win32_map_recvfrom_error(PRInt32 err);
-extern void nss_MD_win32_map_rename_error(PRInt32 err);
-extern void nss_MD_win32_map_rmdir_error(PRInt32 err);
-extern void nss_MD_win32_map_select_error(PRInt32 err);
-extern void nss_MD_win32_map_send_error(PRInt32 err);
-extern void nss_MD_win32_map_sendto_error(PRInt32 err);
-extern void nss_MD_win32_map_setsockopt_error(PRInt32 err);
-extern void nss_MD_win32_map_shutdown_error(PRInt32 err);
-extern void nss_MD_win32_map_socket_error(PRInt32 err);
-extern void nss_MD_win32_map_stat_error(PRInt32 err);
-extern void nss_MD_win32_map_transmitfile_error(PRInt32 err);
-extern void nss_MD_win32_map_write_error(PRInt32 err);
diff --git a/chromium/net/tools/balsa/balsa_frame_test.cc b/chromium/net/tools/balsa/balsa_frame_test.cc
index 4a00a6608a9..fb41415c8c8 100644
--- a/chromium/net/tools/balsa/balsa_frame_test.cc
+++ b/chromium/net/tools/balsa/balsa_frame_test.cc
@@ -5,8 +5,8 @@
 #include "net/tools/balsa/balsa_frame.h"
 
 #include <iterator>
+#include <memory>
 
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_piece.h"
 #include "net/tools/balsa/balsa_enums.h"
 #include "net/tools/balsa/balsa_headers.h"
@@ -66,9 +66,9 @@ class BalsaFrameTest : public ::testing::Test {
   };
 
  protected:
-  scoped_ptr<BalsaFrame> frame_;
-  scoped_ptr<BalsaHeaders> frame_headers_;
-  scoped_ptr<Visitor> visitor_;
+  std::unique_ptr<BalsaFrame> frame_;
+  std::unique_ptr<BalsaHeaders> frame_headers_;
+  std::unique_ptr<Visitor> visitor_;
 };
 
 TEST_F(BalsaFrameTest, EmptyFrame) {
diff --git a/chromium/net/tools/balsa/balsa_headers.cc b/chromium/net/tools/balsa/balsa_headers.cc
index 1bb684a1d24..0ad88c5261b 100644
--- a/chromium/net/tools/balsa/balsa_headers.cc
+++ b/chromium/net/tools/balsa/balsa_headers.cc
@@ -5,12 +5,13 @@
 #include "net/tools/balsa/balsa_headers.h"
 
 #include <stdio.h>
+
 #include <algorithm>
 #include <string>
+#include <unordered_set>
 #include <utility>
 #include <vector>
 
-#include "base/containers/hash_tables.h"
 #include "base/logging.h"
 #include "base/strings/string_piece.h"
 #include "base/strings/stringprintf.h"
@@ -33,14 +34,10 @@ const char kContentLength[] = "Content-Length";
 const char kTransferEncoding[] = "Transfer-Encoding";
 const char kSpaceChar = ' ';
 
-#if defined(COMPILER_MSVC)
-base::hash_set<base::StringPiece,
-               net::StringPieceCaseCompare> g_multivalued_headers;
-#else
-base::hash_set<base::StringPiece,
-               net::StringPieceCaseHash,
-               net::StringPieceCaseEqual> g_multivalued_headers;
-#endif
+std::unordered_set<base::StringPiece,
+                   net::StringPieceCaseHash,
+                   net::StringPieceCaseEqual>
+    g_multivalued_headers;
 
 void InitMultivaluedHeaders() {
   g_multivalued_headers.insert("accept");
diff --git a/chromium/net/tools/balsa/balsa_headers_test.cc b/chromium/net/tools/balsa/balsa_headers_test.cc
index 3dc8eb33d2a..98b9cc2c68c 100644
--- a/chromium/net/tools/balsa/balsa_headers_test.cc
+++ b/chromium/net/tools/balsa/balsa_headers_test.cc
@@ -5,10 +5,10 @@
 #include "net/tools/balsa/balsa_headers.h"
 
 #include <iterator>
+#include <memory>
 #include <string>
 #include <vector>
 
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_piece.h"
 #include "net/tools/balsa/balsa_enums.h"
 #include "testing/gtest/include/gtest/gtest.h"
@@ -25,8 +25,8 @@ class BalsaBufferTest : public ::testing::Test {
   }
 
  protected:
-  scoped_ptr<BalsaBuffer> buffer_;
-  scoped_ptr<BalsaBuffer> anotherBuffer_;
+  std::unique_ptr<BalsaBuffer> buffer_;
+  std::unique_ptr<BalsaBuffer> anotherBuffer_;
 };
 
 namespace {
@@ -36,7 +36,7 @@ class BalsaHeadersTest: public ::testing::Test {
   void SetUp() override { headers_.reset(new BalsaHeaders); }
 
  protected:
-  scoped_ptr<BalsaHeaders> headers_;
+  std::unique_ptr<BalsaHeaders> headers_;
 };
 
 class StringBuffer {
diff --git a/chromium/net/tools/balsa/string_piece_utils.h b/chromium/net/tools/balsa/string_piece_utils.h
index ccc9d52729f..69877646ee5 100644
--- a/chromium/net/tools/balsa/string_piece_utils.h
+++ b/chromium/net/tools/balsa/string_piece_utils.h
@@ -12,48 +12,6 @@
 
 namespace net {
 
-#if defined(COMPILER_MSVC)
-struct StringPieceCaseCompare {
-  static const size_t bucket_size = 4;
-
-  size_t operator()(const base::StringPiece& sp) const {
-    // based on __stl_string_hash in http://www.sgi.com/tech/stl/string
-    size_t hash_val = 0;
-    for (base::StringPiece::const_iterator it = sp.begin();
-         it != sp.end(); ++it) {
-      hash_val = 5 * hash_val + base::ToLowerASCII(*it);
-    }
-    return hash_val;
-  }
-
-  bool operator()(const base::StringPiece& sp1,
-                  const base::StringPiece& sp2) const {
-    size_t len1 = sp1.length();
-    size_t len2 = sp2.length();
-    bool sp1_shorter = len1 < len2;
-    size_t len = sp1_shorter ? len1 : len2;
-
-    int rv = 0;
-    for (size_t i = 0; i < len; i++) {
-      char sp1_lower = base::ToLowerASCII(sp1[i]);
-      char sp2_lower = base::ToLowerASCII(sp2[i]);
-      if (sp1_lower < sp2_lower) {
-        rv = -1;
-        break;
-      }
-      if (sp1_lower > sp2_lower) {
-        rv = 1;
-        break;
-      }
-    }
-
-    if (rv == 0) {
-      return sp1_shorter;
-    }
-    return rv < 0;
-  }
-};
-#else  // COMPILER_MSVC
 struct StringPieceCaseHash {
   size_t operator()(const base::StringPiece& sp) const {
     // based on __stl_string_hash in http://www.sgi.com/tech/stl/string
@@ -65,7 +23,6 @@ struct StringPieceCaseHash {
     return hash_val;
   }
 };
-#endif  // COMPILER_MSVC
 
 struct StringPieceCaseEqual {
   bool operator()(const base::StringPiece& piece1,
diff --git a/chromium/net/tools/cachetool/cachetool.cc b/chromium/net/tools/cachetool/cachetool.cc
index c186400d9da..fde1ffce112 100644
--- a/chromium/net/tools/cachetool/cachetool.cc
+++ b/chromium/net/tools/cachetool/cachetool.cc
@@ -3,13 +3,14 @@
 // found in the LICENSE file.
 
 #include <iostream>
+#include <memory>
 
 #include "base/at_exit.h"
 #include "base/command_line.h"
 #include "base/files/file_path.h"
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/message_loop/message_loop.h"
+#include "base/run_loop.h"
 #include "base/strings/string_number_conversions.h"
 #include "net/base/io_buffer.h"
 #include "net/base/test_completion_callback.h"
@@ -23,9 +24,24 @@ using disk_cache::Entry;
 
 namespace {
 
+int kResponseInfoIndex = 0;
+
+// Get the cache's size.
+bool GetSize(Backend* cache_backend) {
+  net::TestCompletionCallback cb;
+  int rv = cache_backend->CalculateSizeOfAllEntries(cb.callback());
+  rv = cb.GetResult(rv);
+  if (rv < 0) {
+    std::cerr << "Couldn't get cache size." << std::endl;
+    return false;
+  }
+  std::cout << rv << std::endl;
+  return true;
+}
+
 // Print all of a cache's keys to stdout.
 bool ListKeys(Backend* cache_backend) {
-  scoped_ptr<Backend::Iterator> entry_iterator =
+  std::unique_ptr<Backend::Iterator> entry_iterator =
       cache_backend->CreateIterator();
   Entry* entry = nullptr;
   net::TestCompletionCallback cb;
@@ -40,19 +56,17 @@ bool ListKeys(Backend* cache_backend) {
   return true;
 }
 
-// Print a key's stream to stdout.
-bool GetKeyStream(Backend* cache_backend, const std::string& key, int index) {
-  if (index < 0 || index > 2) {
-    std::cerr << "Invalid stream index." << std::endl;
-    return false;
-  }
-
+// Get a key's stream to a buffer.
+scoped_refptr<net::GrowableIOBuffer> GetStreamForKeyBuffer(
+    Backend* cache_backend,
+    const std::string& key,
+    int index) {
   Entry* cache_entry;
   net::TestCompletionCallback cb;
   int rv = cache_backend->OpenEntry(key, &cache_entry, cb.callback());
   if (cb.GetResult(rv) != net::OK) {
     std::cerr << "Couldn't find key's entry." << std::endl;
-    return false;
+    return nullptr;
   }
 
   const int kInitBufferSize = 8192;
@@ -66,7 +80,7 @@ bool GetKeyStream(Backend* cache_backend, const std::string& key, int index) {
     if (rv < 0) {
       cache_entry->Close();
       std::cerr << "Stream read error." << std::endl;
-      return false;
+      return nullptr;
     }
     buffer->set_offset(buffer->offset() + rv);
     if (rv == 0)
@@ -74,7 +88,18 @@ bool GetKeyStream(Backend* cache_backend, const std::string& key, int index) {
     buffer->SetCapacity(buffer->offset() * 2);
   }
   cache_entry->Close();
-  if (index == 0) {
+  return buffer;
+}
+
+// Print a key's stream to stdout.
+bool GetStreamForKey(Backend* cache_backend,
+                     const std::string& key,
+                     int index) {
+  scoped_refptr<net::GrowableIOBuffer> buffer(
+      GetStreamForKeyBuffer(cache_backend, key, index));
+  if (!buffer)
+    return false;
+  if (index == kResponseInfoIndex) {
     net::HttpResponseInfo response_info;
     bool truncated_response_info = false;
     net::HttpCache::ParseResponseInfo(buffer->StartOfBuffer(), buffer->offset(),
@@ -91,6 +116,65 @@ bool GetKeyStream(Backend* cache_backend, const std::string& key, int index) {
   return true;
 }
 
+// Set stdin as the key's raw response headers.
+bool UpdateRawResponseHeaders(Backend* cache_backend, const std::string& key) {
+  scoped_refptr<net::GrowableIOBuffer> buffer(
+      GetStreamForKeyBuffer(cache_backend, key, kResponseInfoIndex));
+  if (!buffer)
+    return false;
+  net::HttpResponseInfo response_info;
+  bool truncated_response_info = false;
+  net::HttpCache::ParseResponseInfo(buffer->StartOfBuffer(), buffer->offset(),
+                                    &response_info, &truncated_response_info);
+  if (truncated_response_info) {
+    std::cerr << "Truncated HTTP response." << std::endl;
+    return false;
+  }
+  std::ostringstream raw_headers_stream;
+  for (std::string line; std::getline(std::cin, line);)
+    raw_headers_stream << line << std::endl;
+  response_info.headers =
+      new net::HttpResponseHeaders(raw_headers_stream.str());
+  scoped_refptr<net::PickledIOBuffer> data(new net::PickledIOBuffer());
+  response_info.Persist(data->pickle(), false, false);
+  data->Done();
+  Entry* cache_entry;
+  net::TestCompletionCallback cb;
+  int rv = cache_backend->OpenEntry(key, &cache_entry, cb.callback());
+  CHECK(cb.GetResult(rv) == net::OK);
+  int data_len = data->pickle()->size();
+  rv = cache_entry->WriteData(kResponseInfoIndex, 0, data.get(), data_len,
+                              cb.callback(), true);
+  if (cb.GetResult(rv) != data_len) {
+    std::cerr << "Couldn't write headers." << std::endl;
+    return false;
+  }
+  cache_entry->Close();
+  return true;
+}
+
+// Delete a specified key stream from the cache.
+bool DeleteStreamForKey(Backend* cache_backend,
+                        const std::string& key,
+                        int index) {
+  Entry* cache_entry;
+  net::TestCompletionCallback cb;
+  int rv = cache_backend->OpenEntry(key, &cache_entry, cb.callback());
+  if (cb.GetResult(rv) != net::OK) {
+    std::cerr << "Couldn't find key's entry." << std::endl;
+    return false;
+  }
+
+  scoped_refptr<net::StringIOBuffer> buffer(new net::StringIOBuffer(""));
+  rv = cache_entry->WriteData(index, 0, buffer.get(), 0, cb.callback(), true);
+  if (cb.GetResult(rv) != 0) {
+    std::cerr << "Couldn't delete key stream." << std::endl;
+    return false;
+  }
+  cache_entry->Close();
+  return true;
+}
+
 // Delete a specified key from the cache.
 bool DeleteKey(Backend* cache_backend, const std::string& key) {
   net::TestCompletionCallback cb;
@@ -102,6 +186,19 @@ bool DeleteKey(Backend* cache_backend, const std::string& key) {
   return true;
 }
 
+// Parse stream index from command line argument string.
+int ParseStreamIndex(const std::string& index_arg) {
+  int index = -1;
+  if (!base::StringToInt(index_arg, &index)) {
+    std::cerr << "<index> must be an integer." << std::endl;
+    return -1;
+  } else if (index < 0 || index > 2) {
+    std::cerr << "Invalid stream index." << std::endl;
+    return -1;
+  }
+  return index;
+}
+
 // Print the command line help.
 void PrintHelp() {
   std::cout << "cachetool <cache_path> <cache_backend_type> <subcommand> ..."
@@ -109,13 +206,19 @@ void PrintHelp() {
             << std::endl;
   std::cout << "Available cache backend types: simple, blockfile" << std::endl;
   std::cout << "Available subcommands:" << std::endl;
-  std::cout << "  validate: Verify that the cache can be opened and return, "
-            << "confirming the cache exists and is of the right type."
+  std::cout << "  delete_key <key>: Delete key from cache." << std::endl;
+  std::cout << "  delete_stream <key> <index>: Delete a particular stream of a"
+            << " given key." << std::endl;
+  std::cout << "  get_size: Calculate the total size of the cache in bytes."
             << std::endl;
-  std::cout << "  list_keys: List all keys in the cache." << std::endl;
   std::cout << "  get_stream <key> <index>: Print a particular stream for a"
             << " given key." << std::endl;
-  std::cout << "  delete_key <key>: Delete key from cache." << std::endl;
+  std::cout << "  list_keys: List all keys in the cache." << std::endl;
+  std::cout << "  update_raw_headers <key>: Update stdin as the key's raw "
+            << "response headers." << std::endl;
+  std::cout << "  validate: Verify that the cache can be opened and return, "
+            << "confirming the cache exists and is of the right type."
+            << std::endl;
   std::cout << "Expected values of <index> are:" << std::endl;
   std::cout << "  0 (HTTP response headers)" << std::endl;
   std::cout << "  1 (transport encoded content)" << std::endl;
@@ -152,7 +255,7 @@ int main(int argc, char* argv[]) {
     return 1;
   }
 
-  scoped_ptr<Backend> cache_backend;
+  std::unique_ptr<Backend> cache_backend;
   net::TestCompletionCallback cb;
   int rv = disk_cache::CreateCacheBackend(
       net::DISK_CACHE, backend_type, cache_path, INT_MAX, false,
@@ -162,42 +265,34 @@ int main(int argc, char* argv[]) {
     return 1;
   }
 
-  bool successful_command = false;
-  if (subcommand == "validate") {
-    if (args.size() != 3) {
-      PrintHelp();
+  bool successful_command;
+  if (subcommand == "delete_key" && args.size() == 4) {
+    successful_command = DeleteKey(cache_backend.get(), args[3]);
+  } else if (subcommand == "delete_stream" && args.size() == 5) {
+    int index = ParseStreamIndex(args[4]);
+    if (index < 0)
       return 1;
-    }
-    successful_command = true;
-  } else if (subcommand == "list_keys") {
-    if (args.size() != 3) {
-      PrintHelp();
+    successful_command =
+        DeleteStreamForKey(cache_backend.get(), args[3], index);
+  } else if (subcommand == "get_size" && args.size() == 3) {
+    successful_command = GetSize(cache_backend.get());
+  } else if (subcommand == "get_stream" && args.size() == 5) {
+    int index = ParseStreamIndex(args[4]);
+    if (index < 0)
       return 1;
-    }
+    successful_command = GetStreamForKey(cache_backend.get(), args[3], index);
+  } else if (subcommand == "list_keys" && args.size() == 3) {
     successful_command = ListKeys(cache_backend.get());
-  } else if (subcommand == "get_stream") {
-    if (args.size() != 5) {
-      PrintHelp();
-      return 1;
-    }
-    std::string key(args[3]);
-    int index = 0;
-    if (!base::StringToInt(args[4], &index)) {
-      std::cerr << "<index> must be an integer." << std::endl;
-      PrintHelp();
-      return 1;
-    }
-    successful_command = GetKeyStream(cache_backend.get(), key, index);
-  } else if (subcommand == "delete_key") {
-    if (args.size() != 4) {
-      PrintHelp();
-      return 1;
-    }
-    std::string key(args[3]);
-    successful_command = DeleteKey(cache_backend.get(), key);
+  } else if (subcommand == "update_raw_headers" && args.size() == 4) {
+    successful_command = UpdateRawResponseHeaders(cache_backend.get(), args[3]);
+  } else if (subcommand == "validate" && args.size() == 3) {
+    successful_command = true;
   } else {
-    std::cerr << "Unknown subcommand." << std::endl;
+    successful_command = false;
     PrintHelp();
   }
+  base::RunLoop().RunUntilIdle();
+  cache_backend = nullptr;
+  base::RunLoop().RunUntilIdle();
   return !successful_command;
 }
diff --git a/chromium/net/tools/content_decoder_tool/content_decoder_tool.cc b/chromium/net/tools/content_decoder_tool/content_decoder_tool.cc
index 0eae255394a..7b295e0a625 100644
--- a/chromium/net/tools/content_decoder_tool/content_decoder_tool.cc
+++ b/chromium/net/tools/content_decoder_tool/content_decoder_tool.cc
@@ -50,7 +50,7 @@ int main(int argc, char* argv[]) {
   }
 
   net::MockFilterContext filter_context;
-  scoped_ptr<Filter> filter(Filter::Factory(filter_types, filter_context));
+  std::unique_ptr<Filter> filter(Filter::Factory(filter_types, filter_context));
   if (!filter) {
     std::cerr << "Couldn't create the decoder." << std::endl;
     return 1;
diff --git a/chromium/net/tools/disk_cache_memory_test/disk_cache_memory_test.cc b/chromium/net/tools/disk_cache_memory_test/disk_cache_memory_test.cc
index bcf5412fa74..176c70b278c 100644
--- a/chromium/net/tools/disk_cache_memory_test/disk_cache_memory_test.cc
+++ b/chromium/net/tools/disk_cache_memory_test/disk_cache_memory_test.cc
@@ -5,6 +5,7 @@
 #include <cstdlib>
 #include <fstream>
 #include <iostream>
+#include <memory>
 #include <string>
 #include <vector>
 
@@ -14,14 +15,13 @@
 #include "base/command_line.h"
 #include "base/files/file_path.h"
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/run_loop.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_piece.h"
 #include "base/strings/string_split.h"
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/cache_type.h"
 #include "net/base/net_errors.h"
 #include "net/disk_cache/disk_cache.h"
@@ -44,16 +44,16 @@ const char kKb[] = "kB";
 
 struct CacheSpec {
  public:
-  static scoped_ptr<CacheSpec> Parse(const std::string& spec_string) {
+  static std::unique_ptr<CacheSpec> Parse(const std::string& spec_string) {
     std::vector<std::string> tokens = base::SplitString(
         spec_string, ":", base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL);
     if (tokens.size() != 3)
-      return scoped_ptr<CacheSpec>();
+      return std::unique_ptr<CacheSpec>();
     if (tokens[0] != kBlockFileBackendType && tokens[0] != kSimpleBackendType)
-      return scoped_ptr<CacheSpec>();
+      return std::unique_ptr<CacheSpec>();
     if (tokens[1] != kDiskCacheType && tokens[1] != kAppCacheType)
-      return scoped_ptr<CacheSpec>();
-    return scoped_ptr<CacheSpec>(new CacheSpec(
+      return std::unique_ptr<CacheSpec>();
+    return std::unique_ptr<CacheSpec>(new CacheSpec(
         tokens[0] == kBlockFileBackendType ? net::CACHE_BACKEND_BLOCKFILE
                                            : net::CACHE_BACKEND_SIMPLE,
         tokens[1] == kDiskCacheType ? net::DISK_CACHE : net::APP_CACHE,
@@ -85,9 +85,9 @@ void SetSuccessCodeOnCompletion(base::RunLoop* run_loop,
   run_loop->Quit();
 }
 
-scoped_ptr<Backend> CreateAndInitBackend(const CacheSpec& spec) {
-  scoped_ptr<Backend> result;
-  scoped_ptr<Backend> backend;
+std::unique_ptr<Backend> CreateAndInitBackend(const CacheSpec& spec) {
+  std::unique_ptr<Backend> result;
+  std::unique_ptr<Backend> backend;
   bool succeeded = false;
   base::RunLoop run_loop;
   const net::CompletionCallback callback = base::Bind(
@@ -223,10 +223,10 @@ uint64_t GetMemoryConsumption() {
   return total_size;
 }
 
-bool CacheMemTest(const std::vector<scoped_ptr<CacheSpec>>& specs) {
-  std::vector<scoped_ptr<Backend>> backends;
+bool CacheMemTest(const std::vector<std::unique_ptr<CacheSpec>>& specs) {
+  std::vector<std::unique_ptr<Backend>> backends;
   for (const auto& it : specs) {
-    scoped_ptr<Backend> backend = CreateAndInitBackend(*it);
+    std::unique_ptr<Backend> backend = CreateAndInitBackend(*it);
     if (!backend)
       return false;
     std::cout << "Number of entries in " << it->path.LossyDisplayName() << " : "
@@ -252,8 +252,8 @@ void PrintUsage(std::ostream* stream) {
 }
 
 bool ParseAndStoreSpec(const std::string& spec_str,
-                       std::vector<scoped_ptr<CacheSpec>>* specs) {
-  scoped_ptr<CacheSpec> spec = CacheSpec::Parse(spec_str);
+                       std::vector<std::unique_ptr<CacheSpec>>* specs) {
+  std::unique_ptr<CacheSpec> spec = CacheSpec::Parse(spec_str);
   if (!spec) {
     PrintUsage(&std::cerr);
     return false;
@@ -280,7 +280,7 @@ bool Main(int argc, char** argv) {
     PrintUsage(&std::cerr);
     return false;
   }
-  std::vector<scoped_ptr<CacheSpec>> specs;
+  std::vector<std::unique_ptr<CacheSpec>> specs;
   const std::string spec_str_1 = command_line.GetSwitchValueASCII("spec-1");
   if (!ParseAndStoreSpec(spec_str_1, &specs))
     return false;
diff --git a/chromium/net/tools/dns_fuzz_stub/dns_fuzz_stub.cc b/chromium/net/tools/dns_fuzz_stub/dns_fuzz_stub.cc
index 2a2c88e9e58..ed2a7579aae 100644
--- a/chromium/net/tools/dns_fuzz_stub/dns_fuzz_stub.cc
+++ b/chromium/net/tools/dns_fuzz_stub/dns_fuzz_stub.cc
@@ -6,6 +6,7 @@
 
 #include <algorithm>
 #include <limits>
+#include <memory>
 #include <sstream>
 #include <string>
 #include <vector>
@@ -13,7 +14,6 @@
 #include "base/files/file_path.h"
 #include "base/files/file_util.h"
 #include "base/json/json_reader.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/time/time.h"
 #include "base/values.h"
 #include "net/base/address_list.h"
@@ -62,7 +62,7 @@ bool ReadTestCase(const char* filename,
     return false;
   }
 
-  scoped_ptr<base::Value> value = base::JSONReader::Read(json);
+  std::unique_ptr<base::Value> value = base::JSONReader::Read(json);
   if (!value.get()) {
     LOG(ERROR) << filename << ": couldn't parse JSON.";
     return false;
diff --git a/chromium/net/tools/dump_cache/dump_files.cc b/chromium/net/tools/dump_cache/dump_files.cc
index 691c08540a6..cb85057b523 100644
--- a/chromium/net/tools/dump_cache/dump_files.cc
+++ b/chromium/net/tools/dump_cache/dump_files.cc
@@ -10,6 +10,7 @@
 
 #include <stdio.h>
 
+#include <memory>
 #include <set>
 #include <string>
 
@@ -80,7 +81,7 @@ void DumpStats(const base::FilePath& path, disk_cache::CacheAddr addr) {
   size_t offset = address.start_block() * address.BlockSize() +
                   disk_cache::kBlockHeaderSize;
 
-  scoped_ptr<int32_t[]> buffer(new int32_t[length]);
+  std::unique_ptr<int32_t[]> buffer(new int32_t[length]);
   if (!file->Read(buffer.get(), length, offset))
     return;
 
@@ -295,7 +296,7 @@ bool CacheDumper::HexDump(disk_cache::CacheAddr addr, std::string* out) {
     return false;
 
   size_t size = address.num_blocks() * address.BlockSize();
-  scoped_ptr<char> buffer(new char[size]);
+  std::unique_ptr<char> buffer(new char[size]);
 
   size_t offset = address.start_block() * address.BlockSize() +
                   disk_cache::kBlockHeaderSize;
diff --git a/chromium/net/tools/epoll_server/epoll_server.h b/chromium/net/tools/epoll_server/epoll_server.h
index 460db3d3a4a..b5530998714 100644
--- a/chromium/net/tools/epoll_server/epoll_server.h
+++ b/chromium/net/tools/epoll_server/epoll_server.h
@@ -11,7 +11,10 @@
 #include <sys/queue.h>
 
 #include <map>
+#include <memory>
 #include <string>
+#include <unordered_map>
+#include <unordered_set>
 #include <vector>
 
 // #define EPOLL_SERVER_EVENT_TRACING 1
@@ -34,9 +37,7 @@
 #endif
 
 #include "base/compiler_specific.h"
-#include "base/containers/hash_tables.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include <sys/epoll.h>
 
 namespace net {
@@ -553,7 +554,7 @@ class EpollServer {
     }
   };
 
-  typedef base::hash_set<CBAndEventMask, CBAndEventMaskHash> FDToCBMap;
+  using FDToCBMap = std::unordered_set<CBAndEventMask, CBAndEventMaskHash>;
 
   // the following four functions are OS-specific, and are likely
   // to be changed in a subclass if the poll/select method is changed
@@ -664,7 +665,7 @@ class EpollServer {
   // only so that we can enforce stringent checks that a caller can not register
   // the same alarm twice. One option is to have an implementation in which
   // this hash_set is used only in the debug mode.
-  typedef base::hash_set<AlarmCB*, AlarmCBHash> AlarmCBMap;
+  using AlarmCBMap = std::unordered_set<AlarmCB*, AlarmCBHash>;
   AlarmCBMap all_alarms_;
 
   TimeToAlarmCBMap alarm_map_;
@@ -915,7 +916,7 @@ class EpollServer {
 
     std::vector<DebugOutput*> debug_events_;
     std::vector<Events> unregistered_fds_;
-    typedef base::hash_map<int, Events> EventCountsMap;
+    using EventCountsMap = std::unordered_map<int, Events>;
     EventCountsMap event_counts_;
     int64_t num_records_;
     int64_t record_threshold_;
@@ -940,7 +941,7 @@ class EpollServer {
   // The callback registered to the fds below.  As the purpose of their
   // registration is to wake the epoll server it just clears the pipe and
   // returns.
-  scoped_ptr<ReadPipeCallback> wake_cb_;
+  std::unique_ptr<ReadPipeCallback> wake_cb_;
 
   // A pipe owned by the epoll server.  The server will be registered to listen
   // on read_fd_ and can be woken by Wake() which writes to write_fd_.
diff --git a/chromium/net/tools/flip_server/http_interface.h b/chromium/net/tools/flip_server/http_interface.h
index 73618bc7974..8bd72aac1eb 100644
--- a/chromium/net/tools/flip_server/http_interface.h
+++ b/chromium/net/tools/flip_server/http_interface.h
@@ -125,7 +125,7 @@ class HttpSM : public BalsaVisitorInterface, public SMInterface {
   void GetOutput() override;
 
  private:
-  scoped_ptr<BalsaFrame> http_framer_;
+  std::unique_ptr<BalsaFrame> http_framer_;
   BalsaHeaders headers_;
   uint32_t stream_id_;
   int32_t server_idx_;
diff --git a/chromium/net/tools/flip_server/http_interface_test.cc b/chromium/net/tools/flip_server/http_interface_test.cc
index 34b2390b33d..9123f9f5fc7 100644
--- a/chromium/net/tools/flip_server/http_interface_test.cc
+++ b/chromium/net/tools/flip_server/http_interface_test.cc
@@ -5,8 +5,8 @@
 #include "net/tools/flip_server/http_interface.h"
 
 #include <list>
+#include <memory>
 
-#include "base/memory/scoped_ptr.h"
 #include "base/stl_util.h"
 #include "base/strings/string_piece.h"
 #include "net/tools/balsa/balsa_enums.h"
@@ -100,12 +100,12 @@ class FlipHttpSMTest : public ::testing::Test {
   }
 
  protected:
-  scoped_ptr<MockSMInterface> mock_another_interface_;
-  scoped_ptr<MemoryCache> memory_cache_;
-  scoped_ptr<FlipAcceptor> acceptor_;
-  scoped_ptr<EpollServer> epoll_server_;
-  scoped_ptr<MockSMConnection> connection_;
-  scoped_ptr<HttpSM> interface_;
+  std::unique_ptr<MockSMInterface> mock_another_interface_;
+  std::unique_ptr<MemoryCache> memory_cache_;
+  std::unique_ptr<FlipAcceptor> acceptor_;
+  std::unique_ptr<EpollServer> epoll_server_;
+  std::unique_ptr<MockSMConnection> connection_;
+  std::unique_ptr<HttpSM> interface_;
 };
 
 class FlipHttpSMProxyTest : public FlipHttpSMTest {
@@ -147,7 +147,7 @@ TEST_F(FlipHttpSMTest, AddToOutputOrder) {
 }
 
 TEST_F(FlipHttpSMTest, InitSMInterface) {
-  scoped_ptr<MockSMInterface> mock(new MockSMInterface);
+  std::unique_ptr<MockSMInterface> mock(new MockSMInterface);
   {
     InSequence s;
     EXPECT_CALL(*mock_another_interface_, SendEOF(_));
diff --git a/chromium/net/tools/flip_server/mem_cache.cc b/chromium/net/tools/flip_server/mem_cache.cc
index 15c4f79aea9..dae5d4026bc 100644
--- a/chromium/net/tools/flip_server/mem_cache.cc
+++ b/chromium/net/tools/flip_server/mem_cache.cc
@@ -16,6 +16,7 @@
 #include <map>
 #include <string>
 
+#include "base/memory/ptr_util.h"
 #include "base/strings/string_util.h"
 #include "net/tools/balsa/balsa_frame.h"
 #include "net/tools/balsa/balsa_headers.h"
@@ -230,7 +231,7 @@ void MemoryCache::InsertFile(FileData* file_data) {
     it->second.reset(file_data);
   } else {
     files_.insert(
-        std::make_pair(file_data->filename(), make_scoped_ptr(file_data)));
+        std::make_pair(file_data->filename(), base::WrapUnique(file_data)));
   }
 }
 
diff --git a/chromium/net/tools/flip_server/mem_cache.h b/chromium/net/tools/flip_server/mem_cache.h
index 6b85149eca0..f073cb6aa07 100644
--- a/chromium/net/tools/flip_server/mem_cache.h
+++ b/chromium/net/tools/flip_server/mem_cache.h
@@ -9,11 +9,11 @@
 #include <stdint.h>
 
 #include <map>
+#include <memory>
 #include <string>
 
 #include "base/compiler_specific.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/tools/balsa/balsa_headers.h"
 #include "net/tools/balsa/balsa_visitor_interface.h"
 #include "net/tools/flip_server/constants.h"
@@ -78,7 +78,7 @@ class FileData {
   const std::string& body() { return body_; }
 
  private:
-  scoped_ptr<BalsaHeaders> headers_;
+  std::unique_ptr<BalsaHeaders> headers_;
   std::string filename_;
   std::string body_;
 
@@ -114,7 +114,7 @@ class MemCacheIter {
 
 class MemoryCache {
  public:
-  using Files = std::map<std::string, scoped_ptr<FileData>>;
+  using Files = std::map<std::string, std::unique_ptr<FileData>>;
 
  public:
   MemoryCache();
diff --git a/chromium/net/tools/flip_server/mem_cache_test.cc b/chromium/net/tools/flip_server/mem_cache_test.cc
index 87dca685bf2..0ddb74bc907 100644
--- a/chromium/net/tools/flip_server/mem_cache_test.cc
+++ b/chromium/net/tools/flip_server/mem_cache_test.cc
@@ -27,7 +27,7 @@ class FlipMemoryCacheTest : public ::testing::Test {
   FlipMemoryCacheTest() : mem_cache_(new MemoryCacheWithFakeReadToString) {}
 
  protected:
-  scoped_ptr<MemoryCacheWithFakeReadToString> mem_cache_;
+  std::unique_ptr<MemoryCacheWithFakeReadToString> mem_cache_;
 };
 
 TEST_F(FlipMemoryCacheTest, EmptyCache) {
diff --git a/chromium/net/tools/flip_server/ring_buffer.h b/chromium/net/tools/flip_server/ring_buffer.h
index 9b0edfcb434..538595c657d 100644
--- a/chromium/net/tools/flip_server/ring_buffer.h
+++ b/chromium/net/tools/flip_server/ring_buffer.h
@@ -5,8 +5,9 @@
 #ifndef NET_TOOLS_FLIP_SERVER_RING_BUFFER_H__
 #define NET_TOOLS_FLIP_SERVER_RING_BUFFER_H__
 
+#include <memory>
+
 #include "base/compiler_specific.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/tools/balsa/buffer_interface.h"
 
 namespace net {
@@ -97,7 +98,7 @@ class RingBuffer : public BufferInterface {
   int set_write_idx(int idx) { return write_idx_ = idx; }
 
  private:
-  scoped_ptr<char[]> buffer_;
+  std::unique_ptr<char[]> buffer_;
   int buffer_size_;
   int bytes_used_;
   int read_idx_;
diff --git a/chromium/net/tools/flip_server/spdy_interface.cc b/chromium/net/tools/flip_server/spdy_interface.cc
index 5dbd7cb1ca8..c479f24fa27 100644
--- a/chromium/net/tools/flip_server/spdy_interface.cc
+++ b/chromium/net/tools/flip_server/spdy_interface.cc
@@ -203,8 +203,7 @@ int SpdySM::SpdyHandleNewStream(SpdyStreamId stream_id,
 
 void SpdySM::OnStreamFrameData(SpdyStreamId stream_id,
                                const char* data,
-                               size_t len,
-                               bool fin) {
+                               size_t len) {
   VLOG(2) << ACCEPTOR_CLIENT_IDENT << "SpdySM: StreamData(" << stream_id
           << ", [" << len << "])";
   StreamToSmif::iterator it = stream_to_smif_.find(stream_id);
@@ -220,6 +219,21 @@ void SpdySM::OnStreamFrameData(SpdyStreamId stream_id,
     interface->ProcessWriteInput(data, len);
 }
 
+void SpdySM::OnStreamEnd(SpdyStreamId stream_id) {
+  VLOG(2) << ACCEPTOR_CLIENT_IDENT << "SpdySM: StreamEnd(" << stream_id << ")";
+  StreamToSmif::iterator it = stream_to_smif_.find(stream_id);
+  if (it == stream_to_smif_.end()) {
+    VLOG(2) << "Dropping frame from unknown stream " << stream_id;
+    if (!valid_spdy_session_)
+      close_on_error_ = true;
+    return;
+  }
+
+  SMInterface* interface = it->second;
+  if (acceptor_->flip_handler_type_ == FLIP_HANDLER_PROXY)
+    interface->ProcessWriteInput(nullptr, 0);
+}
+
 void SpdySM::OnStreamPadding(SpdyStreamId stream_id, size_t len) {
   VLOG(2) << ACCEPTOR_CLIENT_IDENT << "SpdySM: StreamPadding(" << stream_id
           << ", [" << len << "])";
diff --git a/chromium/net/tools/flip_server/spdy_interface.h b/chromium/net/tools/flip_server/spdy_interface.h
index 3d1cfa0a63f..cafad909d49 100644
--- a/chromium/net/tools/flip_server/spdy_interface.h
+++ b/chromium/net/tools/flip_server/spdy_interface.h
@@ -9,11 +9,11 @@
 #include <stdint.h>
 
 #include <map>
+#include <memory>
 #include <string>
 #include <vector>
 
 #include "base/compiler_specific.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/spdy/buffered_spdy_framer.h"
 #include "net/spdy/spdy_protocol.h"
 #include "net/tools/balsa/balsa_headers.h"
@@ -100,12 +100,13 @@ class SpdySM : public BufferedSpdyFramerVisitorInterface, public SMInterface {
   // |stream_id| The stream receiving data.
   // |data| A buffer containing the data received.
   // |len| The length of the data buffer.
-  // When the other side has finished sending data on this stream,
-  // this method will be called with a zero-length buffer.
   void OnStreamFrameData(SpdyStreamId stream_id,
                          const char* data,
-                         size_t len,
-                         bool fin) override;
+                         size_t len) override;
+
+  // Called when the other side has finished sending data on this stream.
+  // |stream_id| The stream that was receivin data.
+  void OnStreamEnd(SpdyStreamId stream_id) override;
 
   // Called when padding is received (padding length field or padding octets).
   // |stream_id| The stream receiving data.
@@ -218,7 +219,7 @@ class SpdySM : public BufferedSpdyFramerVisitorInterface, public SMInterface {
   void GetOutput() override;
 
  private:
-  scoped_ptr<BufferedSpdyFramer> buffered_spdy_framer_;
+  std::unique_ptr<BufferedSpdyFramer> buffered_spdy_framer_;
   bool valid_spdy_session_;  // True if we have seen valid data on this session.
                              // Use this to fail fast when junk is sent to our
                              // port.
diff --git a/chromium/net/tools/flip_server/spdy_interface_test.cc b/chromium/net/tools/flip_server/spdy_interface_test.cc
index dc172fcd633..2899a205be7 100644
--- a/chromium/net/tools/flip_server/spdy_interface_test.cc
+++ b/chromium/net/tools/flip_server/spdy_interface_test.cc
@@ -5,8 +5,8 @@
 #include "net/tools/flip_server/spdy_interface.h"
 
 #include <list>
+#include <memory>
 
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_piece.h"
 #include "net/spdy/buffered_spdy_framer.h"
 #include "net/tools/balsa/balsa_enums.h"
@@ -66,10 +66,8 @@ class SpdyFramerVisitor : public BufferedSpdyFramerVisitorInterface {
                     bool fin,
                     const SpdyHeaderBlock& headers));
   MOCK_METHOD3(OnDataFrameHeader, void(SpdyStreamId, size_t, bool));
-  MOCK_METHOD4(OnStreamFrameData, void(SpdyStreamId,
-                                       const char*,
-                                       size_t,
-                                       bool));
+  MOCK_METHOD3(OnStreamFrameData, void(SpdyStreamId, const char*, size_t));
+  MOCK_METHOD1(OnStreamEnd, void(SpdyStreamId));
   MOCK_METHOD2(OnStreamPadding, void(SpdyStreamId, size_t));
   MOCK_METHOD1(OnHeaderFrameStart,
                SpdyHeadersHandlerInterface*(SpdyStreamId stream_id));
@@ -194,14 +192,14 @@ class SpdySMTestBase : public ::testing::TestWithParam<SpdyMajorVersion> {
   }
 
  protected:
-  scoped_ptr<MockSMInterface> mock_another_interface_;
-  scoped_ptr<MemoryCache> memory_cache_;
-  scoped_ptr<FlipAcceptor> acceptor_;
-  scoped_ptr<EpollServer> epoll_server_;
-  scoped_ptr<FakeSMConnection> connection_;
-  scoped_ptr<TestSpdySM> interface_;
-  scoped_ptr<BufferedSpdyFramer> spdy_framer_;
-  scoped_ptr<SpdyFramerVisitor> spdy_framer_visitor_;
+  std::unique_ptr<MockSMInterface> mock_another_interface_;
+  std::unique_ptr<MemoryCache> memory_cache_;
+  std::unique_ptr<FlipAcceptor> acceptor_;
+  std::unique_ptr<EpollServer> epoll_server_;
+  std::unique_ptr<FakeSMConnection> connection_;
+  std::unique_ptr<TestSpdySM> interface_;
+  std::unique_ptr<BufferedSpdyFramer> spdy_framer_;
+  std::unique_ptr<SpdyFramerVisitor> spdy_framer_visitor_;
 };
 
 class SpdySMProxyTest : public SpdySMTestBase {
@@ -230,13 +228,13 @@ TEST_P(SpdySMProxyTest, InitSMConnection) {
 
 TEST_P(SpdySMProxyTest, OnStreamFrameData) {
   BufferedSpdyFramerVisitorInterface* visitor = interface_.get();
-  scoped_ptr<MockSMInterface> mock_interface(new MockSMInterface);
+  std::unique_ptr<MockSMInterface> mock_interface(new MockSMInterface);
   uint32_t stream_id = 92;
   uint32_t associated_id = 43;
   SpdyHeaderBlock block;
   testing::MockFunction<void(int)> checkpoint;  // NOLINT
 
-  scoped_ptr<SpdySerializedFrame> frame(
+  std::unique_ptr<SpdySerializedFrame> frame(
       spdy_framer_->CreatePingFrame(12, false));
   block[":method"] = "GET";
   block[":host"] = "www.example.com";
@@ -257,7 +255,7 @@ TEST_P(SpdySMProxyTest, OnStreamFrameData) {
 
   visitor->OnSynStream(stream_id, associated_id, 0, false, false, block);
   checkpoint.Call(0);
-  visitor->OnStreamFrameData(stream_id, frame->data(), frame->size(), true);
+  visitor->OnStreamFrameData(stream_id, frame->data(), frame->size());
 }
 
 TEST_P(SpdySMProxyTest, OnRstStream) {
@@ -388,12 +386,11 @@ TEST_P(SpdySMProxyTest, SendErrorNotFound) {
     EXPECT_CALL(checkpoint, Call(0));
     EXPECT_CALL(*spdy_framer_visitor_,
                 OnDataFrameHeader(stream_id, _, true));
-    EXPECT_CALL(*spdy_framer_visitor_,
-                OnStreamFrameData(stream_id, _, _, false)).Times(1)
-        .WillOnce(DoAll(SaveArg<1>(&actual_data),
-                        SaveArg<2>(&actual_size)));
-    EXPECT_CALL(*spdy_framer_visitor_,
-                OnStreamFrameData(stream_id, NULL, 0, true)).Times(1);
+    EXPECT_CALL(*spdy_framer_visitor_, OnStreamFrameData(stream_id, _, _))
+        .Times(1)
+        .WillOnce(DoAll(SaveArg<1>(&actual_data), SaveArg<2>(&actual_size)));
+    EXPECT_CALL(*spdy_framer_visitor_, OnStreamFrameData(stream_id, NULL, 0))
+        .Times(1);
   }
 
   std::list<DataFrame*>::const_iterator i = connection_->output_list()->begin();
@@ -491,8 +488,7 @@ TEST_P(SpdySMProxyTest, SendDataFrame) {
     InSequence s;
     EXPECT_CALL(*spdy_framer_visitor_,
                 OnDataFrameHeader(stream_id, _, false));
-    EXPECT_CALL(*spdy_framer_visitor_,
-                OnStreamFrameData(stream_id, _, _, false))
+    EXPECT_CALL(*spdy_framer_visitor_, OnStreamFrameData(stream_id, _, _))
         .WillOnce(DoAll(SaveArg<1>(&actual_data), SaveArg<2>(&actual_size)));
   }
 
@@ -516,10 +512,9 @@ TEST_P(SpdySMProxyTest, SendLongDataFrame) {
     for (int i = 0; i < 3; ++i) {
         EXPECT_CALL(*spdy_framer_visitor_,
                     OnDataFrameHeader(stream_id, _, false));
-        EXPECT_CALL(*spdy_framer_visitor_,
-                    OnStreamFrameData(stream_id, _, _, false))
-            .WillOnce(DoAll(SaveArg<1>(&actual_data),
-                            SaveArg<2>(&actual_size)));
+        EXPECT_CALL(*spdy_framer_visitor_, OnStreamFrameData(stream_id, _, _))
+            .WillOnce(
+                DoAll(SaveArg<1>(&actual_data), SaveArg<2>(&actual_size)));
     }
   }
 
@@ -595,12 +590,11 @@ TEST_P(SpdySMServerTest, NewStreamError) {
     EXPECT_CALL(checkpoint, Call(0));
     EXPECT_CALL(*spdy_framer_visitor_,
                 OnDataFrameHeader(stream_id, _, true));
-    EXPECT_CALL(*spdy_framer_visitor_,
-                OnStreamFrameData(stream_id, _, _, false)).Times(1)
-        .WillOnce(DoAll(SaveArg<1>(&actual_data),
-                        SaveArg<2>(&actual_size)));
-    EXPECT_CALL(*spdy_framer_visitor_,
-                OnStreamFrameData(stream_id, NULL, 0, true)).Times(1);
+    EXPECT_CALL(*spdy_framer_visitor_, OnStreamFrameData(stream_id, _, _))
+        .Times(1)
+        .WillOnce(DoAll(SaveArg<1>(&actual_data), SaveArg<2>(&actual_size)));
+    EXPECT_CALL(*spdy_framer_visitor_, OnStreamFrameData(stream_id, NULL, 0))
+        .Times(1);
   }
 
   std::list<DataFrame*>::const_iterator i = connection_->output_list()->begin();
diff --git a/chromium/net/tools/gdig/file_net_log.cc b/chromium/net/tools/gdig/file_net_log.cc
index 5020f6de647..1281f8abbe2 100644
--- a/chromium/net/tools/gdig/file_net_log.cc
+++ b/chromium/net/tools/gdig/file_net_log.cc
@@ -2,13 +2,15 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "net/tools/gdig/file_net_log.h"
+
 #include <stdio.h>
 
+#include <memory>
+
 #include "base/json/json_string_value_serializer.h"
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/values.h"
-#include "net/tools/gdig/file_net_log.h"
 
 namespace net {
 
@@ -27,7 +29,7 @@ void FileNetLogObserver::OnAddEntry(const net::NetLog::Entry& entry) {
   const char* source = NetLog::SourceTypeToString(entry.source().type);
   const char* type = NetLog::EventTypeToString(entry.type());
 
-  scoped_ptr<base::Value> param_value(entry.ParametersToValue());
+  std::unique_ptr<base::Value> param_value(entry.ParametersToValue());
   std::string params;
   if (param_value.get() != NULL) {
     JSONStringValueSerializer serializer(&params);
diff --git a/chromium/net/tools/gdig/gdig.cc b/chromium/net/tools/gdig/gdig.cc
index 7d9410d93e4..f40f142d3e7 100644
--- a/chromium/net/tools/gdig/gdig.cc
+++ b/chromium/net/tools/gdig/gdig.cc
@@ -3,6 +3,8 @@
 // found in the LICENSE file.
 
 #include <stdio.h>
+
+#include <memory>
 #include <string>
 #include <utility>
 
@@ -12,7 +14,6 @@
 #include "base/command_line.h"
 #include "base/files/file_util.h"
 #include "base/location.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/message_loop/message_loop.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/string_number_conversions.h"
@@ -20,7 +21,7 @@
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
 #include "base/strings/utf_string_conversions.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/time/time.h"
 #include "net/base/address_list.h"
 #include "net/base/ip_address.h"
@@ -225,10 +226,10 @@ class GDig {
   Result result_;
 
   base::CancelableClosure timeout_closure_;
-  scoped_ptr<DnsConfigService> dns_config_service_;
-  scoped_ptr<FileNetLogObserver> log_observer_;
-  scoped_ptr<NetLog> log_;
-  scoped_ptr<HostResolver> resolver_;
+  std::unique_ptr<DnsConfigService> dns_config_service_;
+  std::unique_ptr<FileNetLogObserver> log_observer_;
+  std::unique_ptr<NetLog> log_;
+  std::unique_ptr<HostResolver> resolver_;
 
 #if defined(OS_MACOSX)
   // Without this there will be a mem leak on osx.
@@ -426,12 +427,12 @@ void GDig::OnDnsConfig(const DnsConfig& dns_config_const) {
     return;
   }
 
-  scoped_ptr<DnsClient> dns_client(DnsClient::CreateClient(NULL));
+  std::unique_ptr<DnsClient> dns_client(DnsClient::CreateClient(NULL));
   dns_client->SetConfig(dns_config);
   HostResolver::Options options;
   options.max_concurrent_resolves = parallellism_;
   options.max_retry_attempts = 1u;
-  scoped_ptr<HostResolverImpl> resolver(
+  std::unique_ptr<HostResolverImpl> resolver(
       new HostResolverImpl(options, log_.get()));
   resolver->SetDnsClient(std::move(dns_client));
   resolver_ = std::move(resolver);
diff --git a/chromium/net/tools/get_server_time/get_server_time.cc b/chromium/net/tools/get_server_time/get_server_time.cc
index 65279d57804..6bb3471d162 100644
--- a/chromium/net/tools/get_server_time/get_server_time.cc
+++ b/chromium/net/tools/get_server_time/get_server_time.cc
@@ -11,6 +11,7 @@
 
 #include <cstdio>
 #include <cstdlib>
+#include <memory>
 #include <string>
 
 #include "base/at_exit.h"
@@ -21,8 +22,8 @@
 #include "base/json/json_writer.h"
 #include "base/logging.h"
 #include "base/macros.h"
+#include "base/memory/ptr_util.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/message_loop/message_loop.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/string_number_conversions.h"
@@ -119,7 +120,7 @@ class PrintingLogObserver : public net::NetLog::ThreadSafeObserver {
         net::NetLog::EventTypeToString(entry.type());
     const char* const event_phase =
         net::NetLog::EventPhaseToString(entry.phase());
-    scoped_ptr<base::Value> params(entry.ParametersToValue());
+    std::unique_ptr<base::Value> params(entry.ParametersToValue());
     std::string params_str;
     if (params.get()) {
       base::JSONWriter::Write(*params, &params_str);
@@ -135,8 +136,8 @@ class PrintingLogObserver : public net::NetLog::ThreadSafeObserver {
 };
 
 // Builds a URLRequestContext assuming there's only a single loop.
-scoped_ptr<net::URLRequestContext>
-BuildURLRequestContext(net::NetLog* net_log) {
+std::unique_ptr<net::URLRequestContext> BuildURLRequestContext(
+    net::NetLog* net_log) {
   net::URLRequestContextBuilder builder;
 #if defined(OS_LINUX)
   // On Linux, use a fixed ProxyConfigService, since the default one
@@ -144,9 +145,9 @@ BuildURLRequestContext(net::NetLog* net_log) {
   //
   // TODO(akalin): Remove this once http://crbug.com/146421 is fixed.
   builder.set_proxy_config_service(
-      make_scoped_ptr(new net::ProxyConfigServiceFixed(net::ProxyConfig())));
+      base::WrapUnique(new net::ProxyConfigServiceFixed(net::ProxyConfig())));
 #endif
-  scoped_ptr<net::URLRequestContext> context(builder.Build());
+  std::unique_ptr<net::URLRequestContext> context(builder.Build());
   context->set_net_log(net_log);
   return context;
 }
@@ -230,9 +231,9 @@ int main(int argc, char* argv[]) {
                                 net::NetLogCaptureMode::IncludeSocketBytes());
 
   QuitDelegate delegate;
-  scoped_ptr<net::URLFetcher> fetcher =
+  std::unique_ptr<net::URLFetcher> fetcher =
       net::URLFetcher::Create(url, net::URLFetcher::HEAD, &delegate);
-  scoped_ptr<net::URLRequestContext> url_request_context(
+  std::unique_ptr<net::URLRequestContext> url_request_context(
       BuildURLRequestContext(&net_log));
   fetcher->SetRequestContext(
       // Since there's only a single thread, there's no need to worry
diff --git a/chromium/net/tools/net_docs/net_docs.py b/chromium/net/tools/net_docs/net_docs.py
index a433a201e5a..2dd30de87fe 100755
--- a/chromium/net/tools/net_docs/net_docs.py
+++ b/chromium/net/tools/net_docs/net_docs.py
@@ -54,7 +54,7 @@ TEMPLATE = """
 
 
 def FormatPage(markdown_html, title):
-  # TODO(ttuttle): Add a navigation list / table of contents of available
+  # TODO(juliatuttle): Add a navigation list / table of contents of available
   # Markdown files, perhaps?
   return TEMPLATE.format(title=title, body=markdown_html)
 
diff --git a/chromium/net/tools/net_watcher/net_watcher.cc b/chromium/net/tools/net_watcher/net_watcher.cc
index 9f07513c655..b623954c6e6 100644
--- a/chromium/net/tools/net_watcher/net_watcher.cc
+++ b/chromium/net/tools/net_watcher/net_watcher.cc
@@ -4,7 +4,9 @@
 
 // This is a small utility that watches for and logs network changes.
 
+#include <memory>
 #include <string>
+#include <unordered_set>
 
 #include "base/at_exit.h"
 #include "base/command_line.h"
@@ -12,7 +14,6 @@
 #include "base/json/json_writer.h"
 #include "base/logging.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/message_loop/message_loop.h"
 #include "base/strings/string_split.h"
 #include "base/values.h"
@@ -69,7 +70,7 @@ const char* ConnectionTypeToString(
 }
 
 std::string ProxyConfigToString(const net::ProxyConfig& config) {
-  scoped_ptr<base::Value> config_value(config.ToValue());
+  std::unique_ptr<base::Value> config_value(config.ToValue());
   std::string str;
   base::JSONWriter::Write(*config_value, &str);
   return str;
@@ -168,7 +169,7 @@ int main(int argc, char* argv[]) {
   base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
   std::string ignored_netifs_str =
       command_line->GetSwitchValueASCII(kIgnoreNetifFlag);
-  base::hash_set<std::string> ignored_interfaces;
+  std::unordered_set<std::string> ignored_interfaces;
   if (!ignored_netifs_str.empty()) {
     for (const std::string& ignored_netif :
          base::SplitString(ignored_netifs_str, ",", base::TRIM_WHITESPACE,
@@ -177,15 +178,15 @@ int main(int argc, char* argv[]) {
       ignored_interfaces.insert(ignored_netif);
     }
   }
-  scoped_ptr<net::NetworkChangeNotifier> network_change_notifier(
+  std::unique_ptr<net::NetworkChangeNotifier> network_change_notifier(
       new net::NetworkChangeNotifierLinux(ignored_interfaces));
 #else
-  scoped_ptr<net::NetworkChangeNotifier> network_change_notifier(
+  std::unique_ptr<net::NetworkChangeNotifier> network_change_notifier(
       net::NetworkChangeNotifier::Create());
 #endif
 
   // Use the network loop as the file loop also.
-  scoped_ptr<net::ProxyConfigService> proxy_config_service(
+  std::unique_ptr<net::ProxyConfigService> proxy_config_service(
       net::ProxyService::CreateSystemProxyConfigService(
           network_loop.task_runner(), network_loop.task_runner()));
 
diff --git a/chromium/net/tools/quic/chlo_extractor.cc b/chromium/net/tools/quic/chlo_extractor.cc
new file mode 100644
index 00000000000..55e68a09ccf
--- /dev/null
+++ b/chromium/net/tools/quic/chlo_extractor.cc
@@ -0,0 +1,170 @@
+// Copyright (c) 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/tools/quic/chlo_extractor.h"
+
+#include "net/quic/crypto/crypto_framer.h"
+#include "net/quic/crypto/crypto_handshake_message.h"
+#include "net/quic/crypto/crypto_protocol.h"
+#include "net/quic/crypto/quic_decrypter.h"
+#include "net/quic/crypto/quic_encrypter.h"
+#include "net/quic/quic_framer.h"
+
+using base::StringPiece;
+
+namespace net {
+
+namespace {
+
+class ChloFramerVisitor : public QuicFramerVisitorInterface,
+                          public CryptoFramerVisitorInterface {
+ public:
+  ChloFramerVisitor(QuicFramer* framer, ChloExtractor::Delegate* delegate);
+
+  ~ChloFramerVisitor() override {}
+
+  // QuicFramerVisitorInterface implementation
+  void OnError(QuicFramer* framer) override {}
+  bool OnProtocolVersionMismatch(QuicVersion version) override;
+  void OnPacket() override {}
+  void OnPublicResetPacket(const QuicPublicResetPacket& packet) override {}
+  void OnVersionNegotiationPacket(
+      const QuicVersionNegotiationPacket& packet) override {}
+  bool OnUnauthenticatedPublicHeader(
+      const QuicPacketPublicHeader& header) override;
+  bool OnUnauthenticatedHeader(const QuicPacketHeader& header) override;
+  void OnDecryptedPacket(EncryptionLevel level) override {}
+  bool OnPacketHeader(const QuicPacketHeader& header) override;
+  bool OnStreamFrame(const QuicStreamFrame& frame) override;
+  bool OnAckFrame(const QuicAckFrame& frame) override;
+  bool OnStopWaitingFrame(const QuicStopWaitingFrame& frame) override;
+  bool OnPingFrame(const QuicPingFrame& frame) override;
+  bool OnRstStreamFrame(const QuicRstStreamFrame& frame) override;
+  bool OnConnectionCloseFrame(const QuicConnectionCloseFrame& frame) override;
+  bool OnGoAwayFrame(const QuicGoAwayFrame& frame) override;
+  bool OnWindowUpdateFrame(const QuicWindowUpdateFrame& frame) override;
+  bool OnBlockedFrame(const QuicBlockedFrame& frame) override;
+  bool OnPathCloseFrame(const QuicPathCloseFrame& frame) override;
+  bool OnPaddingFrame(const QuicPaddingFrame& frame) override;
+  void OnPacketComplete() override {}
+
+  // CryptoFramerVisitorInterface implementation.
+  void OnError(CryptoFramer* framer) override;
+  void OnHandshakeMessage(const CryptoHandshakeMessage& message) override;
+
+  bool found_chlo() { return found_chlo_; }
+
+ private:
+  QuicFramer* framer_;
+  ChloExtractor::Delegate* delegate_;
+  bool found_chlo_;
+  QuicConnectionId connection_id_;
+};
+
+ChloFramerVisitor::ChloFramerVisitor(QuicFramer* framer,
+                                     ChloExtractor::Delegate* delegate)
+    : framer_(framer),
+      delegate_(delegate),
+      found_chlo_(false),
+      connection_id_(0) {}
+
+bool ChloFramerVisitor::OnProtocolVersionMismatch(QuicVersion version) {
+  if (!framer_->IsSupportedVersion(version)) {
+    return false;
+  }
+  framer_->set_version(version);
+  return true;
+}
+
+bool ChloFramerVisitor::OnUnauthenticatedPublicHeader(
+    const QuicPacketPublicHeader& header) {
+  connection_id_ = header.connection_id;
+  return true;
+}
+bool ChloFramerVisitor::OnUnauthenticatedHeader(
+    const QuicPacketHeader& header) {
+  return true;
+}
+bool ChloFramerVisitor::OnPacketHeader(const QuicPacketHeader& header) {
+  return true;
+}
+bool ChloFramerVisitor::OnStreamFrame(const QuicStreamFrame& frame) {
+  StringPiece data(frame.data_buffer, frame.data_length);
+  if (frame.stream_id == kCryptoStreamId && frame.offset == 0 &&
+      data.starts_with("CHLO")) {
+    CryptoFramer crypto_framer;
+    crypto_framer.set_visitor(this);
+    if (!crypto_framer.ProcessInput(data)) {
+      return false;
+    }
+  }
+  return true;
+}
+
+bool ChloFramerVisitor::OnAckFrame(const QuicAckFrame& frame) {
+  return true;
+}
+
+bool ChloFramerVisitor::OnStopWaitingFrame(const QuicStopWaitingFrame& frame) {
+  return true;
+}
+
+bool ChloFramerVisitor::OnPingFrame(const QuicPingFrame& frame) {
+  return true;
+}
+
+bool ChloFramerVisitor::OnRstStreamFrame(const QuicRstStreamFrame& frame) {
+  return true;
+}
+
+bool ChloFramerVisitor::OnConnectionCloseFrame(
+    const QuicConnectionCloseFrame& frame) {
+  return true;
+}
+
+bool ChloFramerVisitor::OnGoAwayFrame(const QuicGoAwayFrame& frame) {
+  return true;
+}
+
+bool ChloFramerVisitor::OnWindowUpdateFrame(
+    const QuicWindowUpdateFrame& frame) {
+  return true;
+}
+
+bool ChloFramerVisitor::OnBlockedFrame(const QuicBlockedFrame& frame) {
+  return true;
+}
+
+bool ChloFramerVisitor::OnPathCloseFrame(const QuicPathCloseFrame& frame) {
+  return true;
+}
+
+bool ChloFramerVisitor::OnPaddingFrame(const QuicPaddingFrame& frame) {
+  return true;
+}
+
+void ChloFramerVisitor::OnError(CryptoFramer* framer) {}
+
+void ChloFramerVisitor::OnHandshakeMessage(
+    const CryptoHandshakeMessage& message) {
+  delegate_->OnChlo(framer_->version(), connection_id_, message);
+  found_chlo_ = true;
+}
+
+}  // namespace
+
+// static
+bool ChloExtractor::Extract(const QuicEncryptedPacket& packet,
+                            const QuicVersionVector& versions,
+                            Delegate* delegate) {
+  QuicFramer framer(versions, QuicTime::Zero(), Perspective::IS_SERVER);
+  ChloFramerVisitor visitor(&framer, delegate);
+  framer.set_visitor(&visitor);
+  if (!framer.ProcessPacket(packet)) {
+    return false;
+  }
+  return visitor.found_chlo();
+}
+
+}  // namespace net
diff --git a/chromium/net/tools/quic/chlo_extractor.h b/chromium/net/tools/quic/chlo_extractor.h
new file mode 100644
index 00000000000..eefaae3f51d
--- /dev/null
+++ b/chromium/net/tools/quic/chlo_extractor.h
@@ -0,0 +1,40 @@
+// Copyright (c) 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_TOOLS_QUIC_CHLO_EXTRACTOR_H_
+#define NET_TOOLS_QUIC_CHLO_EXTRACTOR_H_
+
+#include "net/quic/crypto/crypto_handshake_message.h"
+#include "net/quic/quic_protocol.h"
+
+namespace net {
+
+// A utility for extracting QUIC Client Hello messages from packets,
+// without needs to spin up a full QuicSession.
+class ChloExtractor {
+ public:
+  class Delegate {
+   public:
+    virtual ~Delegate() {}
+
+    // Called when a CHLO message is found in the packets.
+    virtual void OnChlo(QuicVersion version,
+                        QuicConnectionId connection_id,
+                        const CryptoHandshakeMessage& chlo) = 0;
+  };
+
+  // Extracts a CHLO message from |packet| and invokes the OnChlo method
+  // of |delegate|. Return true if a CHLO message was found, and false
+  // otherwise.
+  static bool Extract(const QuicEncryptedPacket& packet,
+                      const QuicVersionVector& versions,
+                      Delegate* delegate);
+
+  ChloExtractor(ChloExtractor&) = delete;
+  ChloExtractor operator=(const ChloExtractor&) = delete;
+};
+
+}  // namespace net
+
+#endif  // NET_TOOLS_QUIC_CHLO_EXTRACTOR_H_
diff --git a/chromium/net/tools/quic/chlo_extractor_test.cc b/chromium/net/tools/quic/chlo_extractor_test.cc
new file mode 100644
index 00000000000..f661b1524ba
--- /dev/null
+++ b/chromium/net/tools/quic/chlo_extractor_test.cc
@@ -0,0 +1,139 @@
+// Copyright (c) 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/tools/quic/chlo_extractor.h"
+
+#include "net/quic/quic_framer.h"
+#include "net/quic/test_tools/crypto_test_utils.h"
+#include "net/quic/test_tools/quic_test_utils.h"
+
+using base::StringPiece;
+using std::string;
+using testing::Return;
+using testing::_;
+
+namespace net {
+namespace test {
+namespace {
+
+class TestDelegate : public ChloExtractor::Delegate {
+ public:
+  TestDelegate() {}
+  ~TestDelegate() override {}
+
+  // ChloExtractor::Delegate implementation
+  void OnChlo(QuicVersion version,
+              QuicConnectionId connection_id,
+              const CryptoHandshakeMessage& chlo) override {
+    version_ = version;
+    connection_id_ = connection_id;
+    chlo_ = chlo.DebugString();
+  }
+
+  QuicConnectionId connection_id() const { return connection_id_; }
+  QuicVersion version() const { return version_; }
+  const string& chlo() const { return chlo_; }
+
+ private:
+  QuicConnectionId connection_id_;
+  QuicVersion version_;
+  string chlo_;
+};
+
+class ChloExtractorTest : public ::testing::Test {
+ public:
+  ChloExtractorTest() {
+    header_.public_header.connection_id = 42;
+    header_.public_header.connection_id_length = PACKET_8BYTE_CONNECTION_ID;
+    header_.public_header.version_flag = true;
+    header_.public_header.versions =
+        SupportedVersions(QuicSupportedVersions().front());
+    header_.public_header.reset_flag = false;
+    header_.public_header.packet_number_length = PACKET_6BYTE_PACKET_NUMBER;
+    header_.packet_number = 1;
+    header_.entropy_flag = false;
+    header_.entropy_hash = 0;
+    header_.fec_flag = false;
+    header_.is_in_fec_group = NOT_IN_FEC_GROUP;
+    header_.fec_group = 0;
+  }
+
+  void MakePacket(QuicStreamFrame* stream_frame) {
+    QuicFrame frame(stream_frame);
+    QuicFrames frames;
+    frames.push_back(frame);
+    QuicFramer framer(SupportedVersions(header_.public_header.versions.front()),
+                      QuicTime::Zero(), Perspective::IS_CLIENT);
+    std::unique_ptr<QuicPacket> packet(
+        BuildUnsizedDataPacket(&framer, header_, frames));
+    EXPECT_TRUE(packet != nullptr);
+    size_t encrypted_length = framer.EncryptPayload(
+        ENCRYPTION_NONE, header_.path_id, header_.packet_number, *packet,
+        buffer_, arraysize(buffer_));
+    ASSERT_NE(0u, encrypted_length);
+    packet_.reset(new QuicEncryptedPacket(buffer_, encrypted_length));
+    EXPECT_TRUE(packet_ != nullptr);
+    delete stream_frame;
+  }
+
+ protected:
+  TestDelegate delegate_;
+  QuicPacketHeader header_;
+  std::unique_ptr<QuicEncryptedPacket> packet_;
+  char buffer_[kMaxPacketSize];
+};
+
+TEST_F(ChloExtractorTest, FindsValidChlo) {
+  CryptoHandshakeMessage client_hello;
+  client_hello.set_tag(kCHLO);
+
+  string client_hello_str(
+      client_hello.GetSerialized().AsStringPiece().as_string());
+  // Construct a CHLO with each supported version
+  for (QuicVersion version : QuicSupportedVersions()) {
+    QuicVersionVector versions(SupportedVersions(version));
+    header_.public_header.versions = versions;
+    MakePacket(
+        new QuicStreamFrame(kCryptoStreamId, false, 0, client_hello_str));
+    EXPECT_TRUE(ChloExtractor::Extract(*packet_, versions, &delegate_))
+        << QuicVersionToString(version);
+    EXPECT_EQ(version, delegate_.version());
+    EXPECT_EQ(header_.public_header.connection_id, delegate_.connection_id());
+    EXPECT_EQ(client_hello.DebugString(), delegate_.chlo())
+        << QuicVersionToString(version);
+  }
+}
+
+TEST_F(ChloExtractorTest, DoesNotFindValidChloOnWrongStream) {
+  CryptoHandshakeMessage client_hello;
+  client_hello.set_tag(kCHLO);
+
+  string client_hello_str(
+      client_hello.GetSerialized().AsStringPiece().as_string());
+  MakePacket(
+      new QuicStreamFrame(kCryptoStreamId + 1, false, 0, client_hello_str));
+  EXPECT_FALSE(
+      ChloExtractor::Extract(*packet_, QuicSupportedVersions(), &delegate_));
+}
+
+TEST_F(ChloExtractorTest, DoesNotFindValidChloOnWrongOffset) {
+  CryptoHandshakeMessage client_hello;
+  client_hello.set_tag(kCHLO);
+
+  string client_hello_str(
+      client_hello.GetSerialized().AsStringPiece().as_string());
+  MakePacket(new QuicStreamFrame(kCryptoStreamId, false, 1, client_hello_str));
+  EXPECT_FALSE(
+      ChloExtractor::Extract(*packet_, QuicSupportedVersions(), &delegate_));
+}
+
+TEST_F(ChloExtractorTest, DoesNotFindInvalidChlo) {
+  MakePacket(new QuicStreamFrame(kCryptoStreamId, false, 0, "foo"));
+  EXPECT_FALSE(
+      ChloExtractor::Extract(*packet_, QuicSupportedVersions(), &delegate_));
+}
+
+}  // namespace
+}  // namespace test
+}  // namespace net
diff --git a/chromium/net/tools/quic/crypto_message_printer_bin.cc b/chromium/net/tools/quic/crypto_message_printer_bin.cc
new file mode 100644
index 00000000000..e6813c4a3c6
--- /dev/null
+++ b/chromium/net/tools/quic/crypto_message_printer_bin.cc
@@ -0,0 +1,57 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Dumps the contents of a QUIC crypto handshake message in a human readable
+// format.
+//
+// Usage: crypto_message_printer_bin <hex of message>
+
+#include <iostream>
+
+#include "base/command_line.h"
+#include "net/quic/crypto/crypto_framer.h"
+#include "net/quic/quic_utils.h"
+
+using std::cerr;
+using std::cout;
+using std::endl;
+
+namespace net {
+
+class CryptoMessagePrinter : public net::CryptoFramerVisitorInterface {
+ public:
+  void OnHandshakeMessage(const CryptoHandshakeMessage& message) override {
+    cout << message.DebugString() << endl;
+  }
+
+  void OnError(CryptoFramer* framer) override {
+    cerr << "Error code: " << framer->error() << endl;
+    cerr << "Error details: " << framer->error_detail() << endl;
+  }
+};
+
+}  // namespace net
+
+int main(int argc, char* argv[]) {
+  base::CommandLine::Init(argc, argv);
+
+  if (argc != 2) {
+    cerr << "Usage: " << argv[0] << " <hex of message>\n";
+    return 1;
+  }
+
+  net::CryptoMessagePrinter printer;
+  net::CryptoFramer framer;
+  framer.set_visitor(&printer);
+  std::string input = net::QuicUtils::HexDecode(argv[1]);
+  if (!framer.ProcessInput(input)) {
+    return 1;
+  }
+  if (framer.InputBytesRemaining() != 0) {
+    cerr << "Input partially consumed. " << framer.InputBytesRemaining()
+         << " bytes remaining." << endl;
+    return 2;
+  }
+  return 0;
+}
diff --git a/chromium/net/tools/quic/end_to_end_test.cc b/chromium/net/tools/quic/end_to_end_test.cc
index 095142d6a71..80c13079765 100644
--- a/chromium/net/tools/quic/end_to_end_test.cc
+++ b/chromium/net/tools/quic/end_to_end_test.cc
@@ -6,10 +6,10 @@
 #include <sys/epoll.h>
 
 #include <list>
+#include <memory>
 #include <string>
 #include <vector>
 
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/singleton.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/synchronization/waitable_event.h"
@@ -97,7 +97,8 @@ struct TestParams {
              bool client_supports_stateless_rejects,
              bool server_uses_stateless_rejects_if_peer_supported,
              QuicTag congestion_control_tag,
-             bool auto_tune_flow_control_window)
+             bool auto_tune_flow_control_window,
+             bool disable_hpack_dynamic_table)
       : client_supported_versions(client_supported_versions),
         server_supported_versions(server_supported_versions),
         negotiated_version(negotiated_version),
@@ -105,7 +106,8 @@ struct TestParams {
         server_uses_stateless_rejects_if_peer_supported(
             server_uses_stateless_rejects_if_peer_supported),
         congestion_control_tag(congestion_control_tag),
-        auto_tune_flow_control_window(auto_tune_flow_control_window) {}
+        auto_tune_flow_control_window(auto_tune_flow_control_window),
+        disable_hpack_dynamic_table(disable_hpack_dynamic_table) {}
 
   friend ostream& operator<<(ostream& os, const TestParams& p) {
     os << "{ server_supported_versions: "
@@ -119,7 +121,8 @@ struct TestParams {
        << p.server_uses_stateless_rejects_if_peer_supported;
     os << " congestion_control_tag: "
        << QuicUtils::TagToString(p.congestion_control_tag);
-    os << " auto_tune_flow_control_window: " << p.auto_tune_flow_control_window
+    os << " auto_tune_flow_control_window: " << p.auto_tune_flow_control_window;
+    os << " disable_hpack_dynamic_table: " << p.disable_hpack_dynamic_table
        << " }";
     return os;
   }
@@ -131,6 +134,7 @@ struct TestParams {
   bool server_uses_stateless_rejects_if_peer_supported;
   QuicTag congestion_control_tag;
   bool auto_tune_flow_control_window;
+  bool disable_hpack_dynamic_table;
 };
 
 // Constructs various test permutations.
@@ -144,79 +148,103 @@ vector<TestParams> GetTestParams() {
   // to do 0-RTT across incompatible versions. Chromium only supports
   // a single version at a time anyway. :)
   QuicVersionVector all_supported_versions = QuicSupportedVersions();
-  QuicVersionVector version_buckets[2];
+  QuicVersionVector version_buckets[4];
+
   for (const QuicVersion version : all_supported_versions) {
     if (version <= QUIC_VERSION_25) {
       // SPDY/4
       version_buckets[0].push_back(version);
-    } else {
+    } else if (version <= QUIC_VERSION_32) {
       // QUIC_VERSION_26 changes the kdf in a way that is incompatible with
       // version negotiation across the version 26 boundary.
       version_buckets[1].push_back(version);
+    } else if (version <= QUIC_VERSION_33) {
+      // QUIC_VERSION_33 changes the kdf in a way that is incompatible with
+      // version negotiation across the version 33 boundary, by using the
+      // diversification nonce.
+      version_buckets[2].push_back(version);
+    } else {
+      // QUIC_VERSION_34 deprecates entropy and uses new ack and stop waiting
+      // wire formats, so it is incompatible with version negotiation across the
+      // version 34 boundary.
+      version_buckets[3].push_back(version);
     }
   }
 
+  // This must be kept in sync with the number of nested for-loops below as it
+  // is used to prune the number of tests that are run.
+  const int kMaxEnabledOptions = 5;
+  int max_enabled_options = 0;
   vector<TestParams> params;
   for (bool server_uses_stateless_rejects_if_peer_supported : {true, false}) {
     for (bool client_supports_stateless_rejects : {true, false}) {
-      // TODO(rtenneti): Add kTBBR after BBR code is checked in.
       for (const QuicTag congestion_control_tag : {kRENO, kQBIC}) {
         for (bool auto_tune_flow_control_window : {true, false}) {
-          const int kMaxEnabledOptions = 5;
-          int enabled_options = 0;
-          if (congestion_control_tag != kQBIC) {
-            ++enabled_options;
-          }
-          if (auto_tune_flow_control_window) {
-            ++enabled_options;
-          }
-          if (client_supports_stateless_rejects) {
-            ++enabled_options;
-          }
-          if (server_uses_stateless_rejects_if_peer_supported) {
-            ++enabled_options;
-          }
-          CHECK_GE(kMaxEnabledOptions, enabled_options);
-
-          // Run tests with no options, a single option, or all the options
-          // enabled to avoid a combinatorial explosion.
-          if (enabled_options > 1 && enabled_options < kMaxEnabledOptions) {
-            continue;
-          }
+          for (bool disable_hpack_dynamic_table : {true, false}) {
+            int enabled_options = 0;
+            if (congestion_control_tag != kQBIC) {
+              ++enabled_options;
+            }
+            if (auto_tune_flow_control_window) {
+              ++enabled_options;
+            }
+            if (disable_hpack_dynamic_table) {
+              ++enabled_options;
+            }
+            if (client_supports_stateless_rejects) {
+              ++enabled_options;
+            }
+            if (server_uses_stateless_rejects_if_peer_supported) {
+              ++enabled_options;
+            }
+            CHECK_GE(kMaxEnabledOptions, enabled_options);
+            if (enabled_options > max_enabled_options) {
+              max_enabled_options = enabled_options;
+            }
 
-          for (const QuicVersionVector& client_versions : version_buckets) {
-            CHECK(!client_versions.empty());
-            // Add an entry for server and client supporting all versions.
-            params.push_back(TestParams(
-                client_versions, all_supported_versions,
-                client_versions.front(), client_supports_stateless_rejects,
-                server_uses_stateless_rejects_if_peer_supported,
-                congestion_control_tag, auto_tune_flow_control_window));
-
-            // Run version negotiation tests tests with no options, or all
-            // the options enabled to avoid a combinatorial explosion.
-            if (enabled_options > 0 && enabled_options < kMaxEnabledOptions) {
+            // Run tests with no options, a single option, or all the options
+            // enabled to avoid a combinatorial explosion.
+            if (enabled_options > 1 && enabled_options < kMaxEnabledOptions) {
               continue;
             }
 
-            // Test client supporting all versions and server supporting 1
-            // version. Simulate an old server and exercise version downgrade
-            // in the client. Protocol negotiation should occur. Skip the i =
-            // 0 case because it is essentially the same as the default case.
-            for (size_t i = 1; i < client_versions.size(); ++i) {
-              QuicVersionVector server_supported_versions;
-              server_supported_versions.push_back(client_versions[i]);
+            for (const QuicVersionVector& client_versions : version_buckets) {
+              CHECK(!client_versions.empty());
+              // Add an entry for server and client supporting all versions.
               params.push_back(TestParams(
-                  client_versions, server_supported_versions,
-                  server_supported_versions.front(),
-                  client_supports_stateless_rejects,
+                  client_versions, all_supported_versions,
+                  client_versions.front(), client_supports_stateless_rejects,
                   server_uses_stateless_rejects_if_peer_supported,
-                  congestion_control_tag, auto_tune_flow_control_window));
+                  congestion_control_tag, auto_tune_flow_control_window,
+                  disable_hpack_dynamic_table));
+
+              // Run version negotiation tests tests with no options, or all
+              // the options enabled to avoid a combinatorial explosion.
+              if (enabled_options > 0 && enabled_options < kMaxEnabledOptions) {
+                continue;
+              }
+
+              // Test client supporting all versions and server supporting 1
+              // version. Simulate an old server and exercise version downgrade
+              // in the client. Protocol negotiation should occur. Skip the i =
+              // 0 case because it is essentially the same as the default case.
+              for (size_t i = 1; i < client_versions.size(); ++i) {
+                QuicVersionVector server_supported_versions;
+                server_supported_versions.push_back(client_versions[i]);
+                params.push_back(TestParams(
+                    client_versions, server_supported_versions,
+                    server_supported_versions.front(),
+                    client_supports_stateless_rejects,
+                    server_uses_stateless_rejects_if_peer_supported,
+                    congestion_control_tag, auto_tune_flow_control_window,
+                    disable_hpack_dynamic_table));
+              }
             }
           }
         }
       }
     }
+    CHECK_EQ(kMaxEnabledOptions, max_enabled_options);
   }
   return params;
 }
@@ -254,7 +282,8 @@ class EndToEndTest : public ::testing::TestWithParam<TestParams> {
         server_started_(false),
         strike_register_no_startup_period_(false),
         chlo_multiplier_(0),
-        stream_factory_(nullptr) {
+        stream_factory_(nullptr),
+        support_server_push_(false) {
     client_supported_versions_ = GetParam().client_supported_versions;
     server_supported_versions_ = GetParam().server_supported_versions;
     negotiated_version_ = GetParam().negotiated_version;
@@ -271,6 +300,14 @@ class EndToEndTest : public ::testing::TestWithParam<TestParams> {
     server_config_.SetInitialSessionFlowControlWindowToSend(
         3 * kInitialSessionFlowControlWindowForTest);
 
+    // The default idle timeouts can be too strict when running on a busy
+    // machine.
+    const QuicTime::Delta timeout = QuicTime::Delta::FromSeconds(30);
+    client_config_.set_max_time_before_crypto_handshake(timeout);
+    client_config_.set_max_idle_time_before_crypto_handshake(timeout);
+    server_config_.set_max_time_before_crypto_handshake(timeout);
+    server_config_.set_max_idle_time_before_crypto_handshake(timeout);
+
     QuicInMemoryCachePeer::ResetForTests();
     AddToCache("/foo", 200, kFooResponseBody);
     AddToCache("/bar", 200, kBarResponseBody);
@@ -343,7 +380,9 @@ class EndToEndTest : public ::testing::TestWithParam<TestParams> {
     // TODO(nimia): Consider setting the congestion control algorithm for the
     // client as well according to the test parameter.
     copt.push_back(GetParam().congestion_control_tag);
-
+    if (support_server_push_) {
+      copt.push_back(kSPSH);
+    }
     if (GetParam().client_supports_stateless_rejects) {
       copt.push_back(kSREJ);
     }
@@ -351,6 +390,9 @@ class EndToEndTest : public ::testing::TestWithParam<TestParams> {
       copt.push_back(kAFCW);
       copt.push_back(kIFW5);
     }
+    if (GetParam().disable_hpack_dynamic_table) {
+      copt.push_back(kDHDT);
+    }
     client_config_.SetConnectionOptionsToSend(copt);
 
     // Start the server first, because CreateQuicClient() attempts
@@ -363,7 +405,10 @@ class EndToEndTest : public ::testing::TestWithParam<TestParams> {
         reinterpret_cast<QuicEpollConnectionHelper*>(
             QuicConnectionPeer::GetHelper(
                 client_->client()->session()->connection())),
+        QuicConnectionPeer::GetAlarmFactory(
+            client_->client()->session()->connection()),
         new ClientDelegate(client_->client()));
+
     initialized_ = true;
     return client_->client()->connected();
   }
@@ -400,6 +445,7 @@ class EndToEndTest : public ::testing::TestWithParam<TestParams> {
         GetParam().server_uses_stateless_rejects_if_peer_supported;
 
     server_writer_->Initialize(QuicDispatcherPeer::GetHelper(dispatcher),
+                               QuicDispatcherPeer::GetAlarmFactory(dispatcher),
                                new ServerDelegate(dispatcher));
     if (stream_factory_ != nullptr) {
       static_cast<QuicTestServer*>(server_thread_->server())
@@ -510,8 +556,8 @@ class EndToEndTest : public ::testing::TestWithParam<TestParams> {
   bool initialized_;
   IPEndPoint server_address_;
   string server_hostname_;
-  scoped_ptr<ServerThread> server_thread_;
-  scoped_ptr<QuicTestClient> client_;
+  std::unique_ptr<ServerThread> server_thread_;
+  std::unique_ptr<QuicTestClient> client_;
   PacketDroppingTestWriter* client_writer_;
   PacketDroppingTestWriter* server_writer_;
   bool server_started_;
@@ -523,6 +569,7 @@ class EndToEndTest : public ::testing::TestWithParam<TestParams> {
   bool strike_register_no_startup_period_;
   size_t chlo_multiplier_;
   QuicTestServer::StreamFactory* stream_factory_;
+  bool support_server_push_;
 };
 
 // Run all end to end tests with all supported versions.
@@ -591,7 +638,7 @@ TEST_P(EndToEndTest, MultipleRequestResponse) {
 
 TEST_P(EndToEndTest, MultipleClients) {
   ASSERT_TRUE(Initialize());
-  scoped_ptr<QuicTestClient> client2(CreateQuicClient(nullptr));
+  std::unique_ptr<QuicTestClient> client2(CreateQuicClient(nullptr));
 
   HTTPMessage request(HttpConstants::HTTP_1_1, HttpConstants::POST, "/foo");
   request.AddHeader("content-length", "3");
@@ -786,9 +833,15 @@ TEST_P(EndToEndTest, LargePostZeroRTTFailure) {
   client_->WaitForResponseForMs(-1);
   ASSERT_TRUE(client_->client()->connected());
   EXPECT_EQ(kFooResponseBody, client_->SendCustomSynchronousRequest(request));
-  EXPECT_EQ(expected_num_hellos_latest_session,
-            client_->client()->session()->GetNumSentClientHellos());
-  EXPECT_EQ(2, client_->client()->GetNumSentClientHellos());
+
+  if (negotiated_version_ <= QUIC_VERSION_32) {
+    EXPECT_EQ(expected_num_hellos_latest_session,
+              client_->client()->session()->GetNumSentClientHellos());
+    EXPECT_EQ(2, client_->client()->GetNumSentClientHellos());
+  } else {
+    EXPECT_EQ(1, client_->client()->session()->GetNumSentClientHellos());
+    EXPECT_EQ(1, client_->client()->GetNumSentClientHellos());
+  }
 
   client_->Disconnect();
 
@@ -839,9 +892,15 @@ TEST_P(EndToEndTest, SynchronousRequestZeroRTTFailure) {
   client_->WaitForInitialResponse();
   ASSERT_TRUE(client_->client()->connected());
   EXPECT_EQ(kFooResponseBody, client_->SendSynchronousRequest("/foo"));
-  EXPECT_EQ(expected_num_hellos_latest_session,
-            client_->client()->session()->GetNumSentClientHellos());
-  EXPECT_EQ(2, client_->client()->GetNumSentClientHellos());
+
+  if (negotiated_version_ <= QUIC_VERSION_32) {
+    EXPECT_EQ(expected_num_hellos_latest_session,
+              client_->client()->session()->GetNumSentClientHellos());
+    EXPECT_EQ(2, client_->client()->GetNumSentClientHellos());
+  } else {
+    EXPECT_EQ(1, client_->client()->session()->GetNumSentClientHellos());
+    EXPECT_EQ(1, client_->client()->GetNumSentClientHellos());
+  }
 
   client_->Disconnect();
 
@@ -898,9 +957,15 @@ TEST_P(EndToEndTest, LargePostSynchronousRequest) {
   client_->WaitForInitialResponse();
   ASSERT_TRUE(client_->client()->connected());
   EXPECT_EQ(kFooResponseBody, client_->SendCustomSynchronousRequest(request));
-  EXPECT_EQ(expected_num_hellos_latest_session,
-            client_->client()->session()->GetNumSentClientHellos());
-  EXPECT_EQ(2, client_->client()->GetNumSentClientHellos());
+
+  if (negotiated_version_ <= QUIC_VERSION_32) {
+    EXPECT_EQ(expected_num_hellos_latest_session,
+              client_->client()->session()->GetNumSentClientHellos());
+    EXPECT_EQ(2, client_->client()->GetNumSentClientHellos());
+  } else {
+    EXPECT_EQ(1, client_->client()->session()->GetNumSentClientHellos());
+    EXPECT_EQ(1, client_->client()->GetNumSentClientHellos());
+  }
 
   client_->Disconnect();
 
@@ -1274,30 +1339,6 @@ TEST_P(EndToEndTest, 0ByteConnectionId) {
             header->public_header.connection_id_length);
 }
 
-TEST_P(EndToEndTest, 1ByteConnectionId) {
-  client_config_.SetBytesForConnectionIdToSend(1);
-  ASSERT_TRUE(Initialize());
-
-  EXPECT_EQ(kFooResponseBody, client_->SendSynchronousRequest("/foo"));
-  EXPECT_EQ(200u, client_->response_headers()->parsed_response_code());
-  QuicPacketHeader* header = QuicConnectionPeer::GetLastHeader(
-      client_->client()->session()->connection());
-  EXPECT_EQ(PACKET_1BYTE_CONNECTION_ID,
-            header->public_header.connection_id_length);
-}
-
-TEST_P(EndToEndTest, 4ByteConnectionId) {
-  client_config_.SetBytesForConnectionIdToSend(4);
-  ASSERT_TRUE(Initialize());
-
-  EXPECT_EQ(kFooResponseBody, client_->SendSynchronousRequest("/foo"));
-  EXPECT_EQ(200u, client_->response_headers()->parsed_response_code());
-  QuicPacketHeader* header = QuicConnectionPeer::GetLastHeader(
-      client_->client()->session()->connection());
-  EXPECT_EQ(PACKET_4BYTE_CONNECTION_ID,
-            header->public_header.connection_id_length);
-}
-
 TEST_P(EndToEndTest, 8ByteConnectionId) {
   client_config_.SetBytesForConnectionIdToSend(8);
   ASSERT_TRUE(Initialize());
@@ -1441,15 +1482,15 @@ TEST_P(EndToEndTest, ConnectionMigrationClientPortChanged) {
 
   // Store the client address which was used to send the first request.
   IPEndPoint old_address = client_->client()->GetLatestClientAddress();
-
-  // Stop listening and close the old FD.
-  QuicClientPeer::CleanUpUDPSocket(client_->client(),
-                                   client_->client()->GetLatestFD());
+  int old_fd = client_->client()->GetLatestFD();
 
   // Create a new socket before closing the old one, which will result in a new
   // ephemeral port.
   QuicClientPeer::CreateUDPSocketAndBind(client_->client());
 
+  // Stop listening and close the old FD.
+  QuicClientPeer::CleanUpUDPSocket(client_->client(), old_fd);
+
   // The packet writer needs to be updated to use the new FD.
   client_->client()->CreateQuicPacketWriter();
 
@@ -1540,7 +1581,7 @@ TEST_P(EndToEndTest, DifferentFlowControlWindows) {
 
 TEST_P(EndToEndTest, HeadersAndCryptoStreamsNoConnectionFlowControl) {
   // The special headers and crypto streams should be subject to per-stream flow
-  // control limits, but should not be subject to connection level flow control.
+  // control limits, but should not be subject to connection level flow control
   const uint32_t kStreamIFCW =
       GetParam().auto_tune_flow_control_window ? 32 * 1024 : 123456;
   const uint32_t kSessionIFCW =
@@ -1730,6 +1771,36 @@ TEST_P(EndToEndTest, AckNotifierWithPacketLossAndBlockedSocket) {
   server_thread_->Resume();
 }
 
+// Send a public reset from the server.
+TEST_P(EndToEndTest, ServerSendPublicReset) {
+  ASSERT_TRUE(Initialize());
+
+  // Send the public reset.
+  QuicConnectionId connection_id =
+      client_->client()->session()->connection()->connection_id();
+  QuicPublicResetPacket header;
+  header.public_header.connection_id = connection_id;
+  header.public_header.reset_flag = true;
+  header.public_header.version_flag = false;
+  header.rejected_packet_number = 10101;
+  QuicFramer framer(server_supported_versions_, QuicTime::Zero(),
+                    Perspective::IS_SERVER);
+  std::unique_ptr<QuicEncryptedPacket> packet(
+      framer.BuildPublicResetPacket(header));
+  // We must pause the server's thread in order to call WritePacket without
+  // race conditions.
+  server_thread_->Pause();
+  server_writer_->WritePacket(
+      packet->data(), packet->length(), server_address_.address(),
+      client_->client()->GetLatestClientAddress(), nullptr);
+  server_thread_->Resume();
+
+  // The request should fail.
+  EXPECT_EQ("", client_->SendSynchronousRequest("/foo"));
+  EXPECT_EQ(0u, client_->response_headers()->parsed_response_code());
+  EXPECT_EQ(QUIC_PUBLIC_RESET, client_->connection_error());
+}
+
 // Send a public reset from the server for a different connection ID.
 // It should be ignored.
 TEST_P(EndToEndTest, ServerSendPublicResetWithDifferentConnectionId) {
@@ -1745,7 +1816,8 @@ TEST_P(EndToEndTest, ServerSendPublicResetWithDifferentConnectionId) {
   header.rejected_packet_number = 10101;
   QuicFramer framer(server_supported_versions_, QuicTime::Zero(),
                     Perspective::IS_SERVER);
-  scoped_ptr<QuicEncryptedPacket> packet(framer.BuildPublicResetPacket(header));
+  std::unique_ptr<QuicEncryptedPacket> packet(
+      framer.BuildPublicResetPacket(header));
   testing::NiceMock<MockQuicConnectionDebugVisitor> visitor;
   client_->client()->session()->connection()->set_debug_visitor(&visitor);
   EXPECT_CALL(visitor, OnIncorrectConnectionId(incorrect_connection_id))
@@ -1780,7 +1852,8 @@ TEST_P(EndToEndTest, ClientSendPublicResetWithDifferentConnectionId) {
   header.rejected_packet_number = 10101;
   QuicFramer framer(server_supported_versions_, QuicTime::Zero(),
                     Perspective::IS_CLIENT);
-  scoped_ptr<QuicEncryptedPacket> packet(framer.BuildPublicResetPacket(header));
+  std::unique_ptr<QuicEncryptedPacket> packet(
+      framer.BuildPublicResetPacket(header));
   client_writer_->WritePacket(
       packet->data(), packet->length(),
       client_->client()->GetLatestClientAddress().address(), server_address_,
@@ -1799,7 +1872,7 @@ TEST_P(EndToEndTest, ServerSendVersionNegotiationWithDifferentConnectionId) {
   // Send the version negotiation packet.
   QuicConnectionId incorrect_connection_id =
       client_->client()->session()->connection()->connection_id() + 1;
-  scoped_ptr<QuicEncryptedPacket> packet(
+  std::unique_ptr<QuicEncryptedPacket> packet(
       QuicFramer::BuildVersionNegotiationPacket(incorrect_connection_id,
                                                 server_supported_versions_));
   testing::NiceMock<MockQuicConnectionDebugVisitor> visitor;
@@ -1902,7 +1975,7 @@ TEST_P(EndToEndTest, BadEncryptedData) {
   EXPECT_EQ(kFooResponseBody, client_->SendSynchronousRequest("/foo"));
   EXPECT_EQ(200u, client_->response_headers()->parsed_response_code());
 
-  scoped_ptr<QuicEncryptedPacket> packet(ConstructEncryptedPacket(
+  std::unique_ptr<QuicEncryptedPacket> packet(ConstructEncryptedPacket(
       client_->client()->session()->connection()->connection_id(), false, false,
       false, kDefaultPathId, 1, "At least 20 characters.",
       PACKET_8BYTE_CONNECTION_ID, PACKET_6BYTE_PACKET_NUMBER));
@@ -2247,7 +2320,7 @@ TEST_P(EndToEndTest, LargePostEarlyResponse) {
     // Receive the reset stream from server on early response.
     client_->WaitForResponseForMs(100);
     ReliableQuicStream* stream =
-        client_->client()->session()->GetStream(kClientDataStreamId1);
+        client_->client()->session()->GetOrCreateStream(kClientDataStreamId1);
     // The stream is reset by server's reset stream.
     EXPECT_EQ(stream, nullptr);
     return;
@@ -2263,7 +2336,7 @@ TEST_P(EndToEndTest, LargePostEarlyResponse) {
   client_->WaitForResponse();
   // There should be no buffered data to write in the client's stream.
   ReliableQuicStream* stream =
-      client_->client()->session()->GetStream(kClientDataStreamId1);
+      client_->client()->session()->GetOrCreateStream(kClientDataStreamId1);
   EXPECT_FALSE(stream != nullptr && stream->HasBufferedData());
 }
 
@@ -2302,6 +2375,7 @@ class EndToEndTestServerPush : public EndToEndTest {
   EndToEndTestServerPush() : EndToEndTest() {
     FLAGS_quic_supports_push_promise = true;
     client_config_.SetMaxStreamsPerConnection(kNumMaxStreams, kNumMaxStreams);
+    support_server_push_ = true;
   }
 
   // Add a request with its response and |num_resources| push resources into
@@ -2549,6 +2623,37 @@ TEST_P(EndToEndTestServerPush, ServerPushOverLimitWithBlocking) {
   EXPECT_EQ(12u, client_->num_responses());
 }
 
+TEST_P(EndToEndTestServerPush, DisabledWithoutConnectionOption) {
+  // Tests that server push won't be triggered when kSPSH is not set by client.
+  support_server_push_ = false;
+  ASSERT_TRUE(Initialize());
+
+  // Add a response with headers, body, and push resources.
+  const string kBody = "body content";
+  size_t const kNumResources = 4;
+  string push_urls[] = {
+      "https://example.com/font.woff", "https://example.com/script.js",
+      "https://fonts.example.com/font.woff",
+      "https://example.com/logo-hires.jpg",
+  };
+  AddRequestAndResponseWithServerPush("example.com", "/push_example", kBody,
+                                      push_urls, kNumResources, 0);
+  client_->client()->set_response_listener(new TestResponseListener);
+  EXPECT_EQ(kBody, client_->SendSynchronousRequest(
+                       "https://example.com/push_example"));
+
+  for (const string& url : push_urls) {
+    // Sending subsequent requests will trigger sending real requests because
+    // client doesn't support server push.
+    const string expected_body = "This is server push response body for " + url;
+    const string response_body = client_->SendSynchronousRequest(url);
+    EXPECT_EQ(expected_body, response_body);
+  }
+  // Same number of requests are sent as that of responses received.
+  EXPECT_EQ(1 + kNumResources, client_->num_requests());
+  EXPECT_EQ(1 + kNumResources, client_->num_responses());
+}
+
 // TODO(fayang): this test seems to cause net_unittests timeouts :|
 TEST_P(EndToEndTest, DISABLED_TestHugePostWithPacketLoss) {
   // This test tests a huge post with introduced packet loss from client to
@@ -2608,6 +2713,8 @@ TEST_P(EndToEndTest, DISABLED_TestHugeResponseWithPacketLoss) {
   static EpollEvent event(EPOLLOUT, false);
   client_writer_->Initialize(
       QuicConnectionPeer::GetHelper(client_->client()->session()->connection()),
+      QuicConnectionPeer::GetAlarmFactory(
+          client_->client()->session()->connection()),
       new ClientDelegate(client_->client()));
   initialized_ = true;
   ASSERT_TRUE(client_->client()->connected());
@@ -2616,7 +2723,10 @@ TEST_P(EndToEndTest, DISABLED_TestHugeResponseWithPacketLoss) {
   SetPacketLossPercentage(1);
   client_->SendRequest("/huge_response");
   client_->WaitForResponse();
-  VerifyCleanConnection(false);
+  // TODO(fayang): Fix this test to work with stateless rejects.
+  if (!BothSidesSupportStatelessRejects()) {
+    VerifyCleanConnection(false);
+  }
 }
 
 }  // namespace
diff --git a/chromium/net/tools/quic/quic_client.cc b/chromium/net/tools/quic/quic_client.cc
index 15f6f5ce0f7..ca015ac6556 100644
--- a/chromium/net/tools/quic/quic_client.cc
+++ b/chromium/net/tools/quic/quic_client.cc
@@ -21,6 +21,7 @@
 #include "net/quic/quic_flags.h"
 #include "net/quic/quic_protocol.h"
 #include "net/quic/quic_server_id.h"
+#include "net/tools/quic/quic_epoll_alarm_factory.h"
 #include "net/tools/quic/quic_epoll_connection_helper.h"
 #include "net/tools/quic/quic_socket_utils.h"
 #include "net/tools/quic/spdy_balsa_utils.h"
@@ -32,6 +33,7 @@
 // TODO(rtenneti): Add support for MMSG_MORE.
 #define MMSG_MORE 0
 
+using base::StringPiece;
 using std::string;
 using std::vector;
 
@@ -68,6 +70,7 @@ QuicClient::QuicClient(IPEndPoint server_address,
           supported_versions,
           config,
           new QuicEpollConnectionHelper(epoll_server, QuicAllocator::SIMPLE),
+          new QuicEpollAlarmFactory(epoll_server),
           proof_verifier),
       server_address_(server_address),
       local_port_(0),
@@ -230,10 +233,10 @@ void QuicClient::StartConnect() {
   }
 
   CreateQuicClientSession(new QuicConnection(
-      GetNextConnectionId(), server_address_, helper(), writer,
+      GetNextConnectionId(), server_address_, helper(), alarm_factory(), writer,
       /* owns_writer= */ false, Perspective::IS_CLIENT, supported_versions()));
 
-  // Reset |writer_| after |session()| so that the old writer outlives the old
+  // Reset |writer()| after |session()| so that the old writer outlives the old
   // session.
   set_writer(writer);
   session()->Initialize();
@@ -300,7 +303,6 @@ void QuicClient::SendRequest(const BalsaHeaders& headers,
     QUIC_BUG << "stream creation failed!";
     return;
   }
-  stream->set_visitor(this);
   stream->SendRequest(SpdyBalsaUtils::RequestHeadersToSpdyHeaders(headers),
                       body, fin);
   if (FLAGS_enable_quic_stateless_reject_support) {
@@ -347,6 +349,14 @@ void QuicClient::SendRequestsAndWaitForResponse(
   }
 }
 
+QuicSpdyClientStream* QuicClient::CreateReliableClientStream() {
+  QuicSpdyClientStream* stream = QuicClientBase::CreateReliableClientStream();
+  if (stream) {
+    stream->set_visitor(this);
+  }
+  return stream;
+}
+
 bool QuicClient::WaitForEvents() {
   DCHECK(connected());
 
diff --git a/chromium/net/tools/quic/quic_client.h b/chromium/net/tools/quic/quic_client.h
index 56a02463710..99e529c4a2b 100644
--- a/chromium/net/tools/quic/quic_client.h
+++ b/chromium/net/tools/quic/quic_client.h
@@ -8,13 +8,12 @@
 #ifndef NET_TOOLS_QUIC_QUIC_CLIENT_H_
 #define NET_TOOLS_QUIC_QUIC_CLIENT_H_
 
-#include <stddef.h>
-
+#include <cstdint>
+#include <memory>
 #include <string>
 
 #include "base/command_line.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_piece.h"
 #include "net/base/ip_address.h"
 #include "net/base/ip_endpoint.h"
@@ -100,6 +99,7 @@ class QuicClient : public QuicClientBase,
   // From QuicClientBase
   bool Initialize() override;
   bool WaitForEvents() override;
+  QuicSpdyClientStream* CreateReliableClientStream() override;
 
   // "Connect" to the QUIC server, including performing synchronous crypto
   // handshake.
@@ -123,7 +123,7 @@ class QuicClient : public QuicClientBase,
                                      base::StringPiece body,
                                      bool fin);
 
-  // Sends a request simple GET for each URL in |args|, and then waits for
+  // Sends a request simple GET for each URL in |url_list|, and then waits for
   // each to complete.
   void SendRequestsAndWaitForResponse(const std::vector<std::string>& url_list);
 
@@ -183,6 +183,7 @@ class QuicClient : public QuicClientBase,
   const std::string& latest_response_body() const;
   const std::string& latest_response_trailers() const;
 
+ protected:
   // Implements ProcessPacketInterface. This will be called for each received
   // packet.
   void ProcessPacket(const IPEndPoint& self_address,
@@ -261,7 +262,7 @@ class QuicClient : public QuicClientBase,
   linked_hash_map<int, IPEndPoint> fd_address_map_;
 
   // Listens for full responses.
-  scoped_ptr<ResponseListener> response_listener_;
+  std::unique_ptr<ResponseListener> response_listener_;
 
   // Tracks if the client is initialized to connect.
   bool initialized_;
@@ -297,7 +298,7 @@ class QuicClient : public QuicClientBase,
   //
   // TODO(rtenneti): Chromium code doesn't use |packet_reader_|. Add support for
   // QuicPacketReader
-  scoped_ptr<QuicPacketReader> packet_reader_;
+  std::unique_ptr<QuicPacketReader> packet_reader_;
 
   std::unique_ptr<ClientQuicDataToResend> push_promise_data_to_resend_;
 
diff --git a/chromium/net/tools/quic/quic_client_base.cc b/chromium/net/tools/quic/quic_client_base.cc
index 91000db2c14..211c54d8e98 100644
--- a/chromium/net/tools/quic/quic_client_base.cc
+++ b/chromium/net/tools/quic/quic_client_base.cc
@@ -13,11 +13,13 @@ QuicClientBase::QuicClientBase(const QuicServerId& server_id,
                                const QuicVersionVector& supported_versions,
                                const QuicConfig& config,
                                QuicConnectionHelperInterface* helper,
+                               QuicAlarmFactory* alarm_factory,
                                ProofVerifier* proof_verifier)
     : server_id_(server_id),
       config_(config),
       crypto_config_(proof_verifier),
       helper_(helper),
+      alarm_factory_(alarm_factory),
       supported_versions_(supported_versions),
       initial_max_packet_length_(0),
       num_stateless_rejects_received_(0),
diff --git a/chromium/net/tools/quic/quic_client_base.h b/chromium/net/tools/quic/quic_client_base.h
index af44bdaca19..3f9e514fb89 100644
--- a/chromium/net/tools/quic/quic_client_base.h
+++ b/chromium/net/tools/quic/quic_client_base.h
@@ -8,14 +8,15 @@
 #ifndef NET_TOOLS_QUIC_QUIC_CLIENT_BASE_H_
 #define NET_TOOLS_QUIC_QUIC_CLIENT_BASE_H_
 
+#include <memory>
 #include <string>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/ip_endpoint.h"
 #include "net/log/net_log.h"
 #include "net/quic/crypto/crypto_handshake.h"
 #include "net/quic/crypto/quic_crypto_client_config.h"
+#include "net/quic/quic_alarm_factory.h"
 #include "net/quic/quic_bandwidth.h"
 #include "net/quic/quic_client_push_promise_index.h"
 #include "net/quic/quic_config.h"
@@ -36,6 +37,7 @@ class QuicClientBase {
                  const QuicVersionVector& supported_versions,
                  const QuicConfig& config,
                  QuicConnectionHelperInterface* helper,
+                 QuicAlarmFactory* alarm_factory,
                  ProofVerifier* proof_verifier);
 
   ~QuicClientBase();
@@ -52,7 +54,7 @@ class QuicClientBase {
 
   // Returns a newly created QuicSpdyClientStream, owned by the
   // QuicSimpleClient.
-  QuicSpdyClientStream* CreateReliableClientStream();
+  virtual QuicSpdyClientStream* CreateReliableClientStream();
 
   // Wait for events until the stream with the given ID is closed.
   void WaitForStreamToClose(QuicStreamId id);
@@ -181,6 +183,8 @@ class QuicClientBase {
 
   QuicConnectionHelperInterface* helper() { return helper_.get(); }
 
+  QuicAlarmFactory* alarm_factory() { return alarm_factory_.get(); }
+
   void set_num_sent_client_hellos(int num_sent_client_hellos) {
     num_sent_client_hellos_ = num_sent_client_hellos;
   }
@@ -199,14 +203,17 @@ class QuicClientBase {
   QuicCryptoClientConfig crypto_config_;
 
   // Helper to be used by created connections. Needs to outlive |session_|.
-  scoped_ptr<QuicConnectionHelperInterface> helper_;
+  std::unique_ptr<QuicConnectionHelperInterface> helper_;
+
+  // Helper to be used by created connections. Needs to outlive |session_|.
+  std::unique_ptr<QuicAlarmFactory> alarm_factory_;
 
   // Writer used to actually send packets to the wire. Needs to outlive
   // |session_|.
-  scoped_ptr<QuicPacketWriter> writer_;
+  std::unique_ptr<QuicPacketWriter> writer_;
 
   // Session which manages streams.
-  scoped_ptr<QuicClientSession> session_;
+  std::unique_ptr<QuicClientSession> session_;
 
   // This vector contains QUIC versions which we currently support.
   // This should be ordered such that the highest supported version is the first
diff --git a/chromium/net/tools/quic/quic_client_bin.cc b/chromium/net/tools/quic/quic_client_bin.cc
index ead19bae020..9505dc41bab 100644
--- a/chromium/net/tools/quic/quic_client_bin.cc
+++ b/chromium/net/tools/quic/quic_client_bin.cc
@@ -114,7 +114,7 @@ class FakeCertVerifier : public net::CertVerifier {
              net::CRLSet* crl_set,
              net::CertVerifyResult* verify_result,
              const net::CompletionCallback& callback,
-             scoped_ptr<net::CertVerifier::Request>* out_req,
+             std::unique_ptr<net::CertVerifier::Request>* out_req,
              const net::BoundNetLog& net_log) override {
     return net::OK;
   }
@@ -123,34 +123,6 @@ class FakeCertVerifier : public net::CertVerifier {
   bool SupportsOCSPStapling() override { return false; }
 };
 
-static bool DecodeHexString(const base::StringPiece& hex, std::string* bytes) {
-  bytes->clear();
-  if (hex.empty())
-    return true;
-  std::vector<uint8_t> v;
-  if (!base::HexStringToBytes(hex.as_string(), &v))
-    return false;
-  if (!v.empty())
-    bytes->assign(reinterpret_cast<const char*>(&v[0]), v.size());
-  return true;
-};
-
-// Converts binary data into an ASCII string. Each character in the resulting
-// string is preceeded by a space, and replaced with a '.' if not printable.
-string BinaryToAscii(const string& binary) {
-  string out = "";
-  for (const unsigned char c : binary) {
-    // Leading space.
-    out += " ";
-    if (isprint(c)) {
-      out += c;
-    } else {
-      out += '.';
-    }
-  }
-  return out;
-}
-
 int main(int argc, char* argv[]) {
   base::CommandLine::Init(argc, argv);
   base::CommandLine* line = base::CommandLine::ForCurrentProcess();
@@ -275,14 +247,14 @@ int main(int argc, char* argv[]) {
     versions.push_back(static_cast<net::QuicVersion>(FLAGS_quic_version));
   }
   // For secure QUIC we need to verify the cert chain.
-  scoped_ptr<CertVerifier> cert_verifier(CertVerifier::CreateDefault());
+  std::unique_ptr<CertVerifier> cert_verifier(CertVerifier::CreateDefault());
   if (line->HasSwitch("disable-certificate-verification")) {
     cert_verifier.reset(new FakeCertVerifier());
   }
-  scoped_ptr<TransportSecurityState> transport_security_state(
+  std::unique_ptr<TransportSecurityState> transport_security_state(
       new TransportSecurityState);
   transport_security_state.reset(new TransportSecurityState);
-  scoped_ptr<CTVerifier> ct_verifier(new MultiLogCTVerifier());
+  std::unique_ptr<CTVerifier> ct_verifier(new MultiLogCTVerifier());
   ProofVerifierChromium* proof_verifier = new ProofVerifierChromium(
       cert_verifier.get(), nullptr, transport_security_state.get(),
       ct_verifier.get());
@@ -312,7 +284,7 @@ int main(int argc, char* argv[]) {
   string body = FLAGS_body;
   if (!FLAGS_body_hex.empty()) {
     DCHECK(FLAGS_body.empty()) << "Only set one of --body and --body_hex.";
-    DecodeHexString(FLAGS_body_hex, &body);
+    body = net::QuicUtils::HexDecode(FLAGS_body_hex);
   }
 
   // Construct a GET or POST request for supplied URL.
@@ -354,9 +326,9 @@ int main(int argc, char* argv[]) {
     if (!FLAGS_body_hex.empty()) {
       // Print the user provided hex, rather than binary body.
       cout << "body hex:   " << FLAGS_body_hex << endl;
-      string bytes;
-      DecodeHexString(FLAGS_body_hex, &bytes);
-      cout << "body ascii: " << BinaryToAscii(bytes) << endl;
+      cout << "body ascii: " << net::QuicUtils::BinaryToAscii(
+                                    net::QuicUtils::HexDecode(FLAGS_body_hex))
+           << endl;
     } else {
       cout << "body: " << body << endl;
     }
@@ -366,10 +338,10 @@ int main(int argc, char* argv[]) {
     string response_body = client.latest_response_body();
     if (!FLAGS_body_hex.empty()) {
       // Assume response is binary data.
-      string bytes;
-      DecodeHexString(response_body, &bytes);
-      cout << "body hex:   " << bytes << endl;
-      cout << "body ascii: " << BinaryToAscii(response_body) << endl;
+      cout << "body hex:   " << net::QuicUtils::HexEncode(response_body)
+           << endl;
+      cout << "body ascii: " << net::QuicUtils::BinaryToAscii(response_body)
+           << endl;
     } else {
       cout << "body: " << response_body << endl;
     }
diff --git a/chromium/net/tools/quic/quic_client_session.h b/chromium/net/tools/quic/quic_client_session.h
index 321c17f38a7..fc5abbf12f6 100644
--- a/chromium/net/tools/quic/quic_client_session.h
+++ b/chromium/net/tools/quic/quic_client_session.h
@@ -7,6 +7,7 @@
 #ifndef NET_TOOLS_QUIC_QUIC_CLIENT_SESSION_H_
 #define NET_TOOLS_QUIC_QUIC_CLIENT_SESSION_H_
 
+#include <memory>
 #include <string>
 
 #include "base/macros.h"
@@ -81,7 +82,7 @@ class QuicClientSession : public QuicClientSessionBase {
   QuicCryptoClientConfig* crypto_config() { return crypto_config_; }
 
  private:
-  scoped_ptr<QuicCryptoClientStreamBase> crypto_stream_;
+  std::unique_ptr<QuicCryptoClientStreamBase> crypto_stream_;
   QuicServerId server_id_;
   QuicCryptoClientConfig* crypto_config_;
 
diff --git a/chromium/net/tools/quic/quic_client_session_test.cc b/chromium/net/tools/quic/quic_client_session_test.cc
index 1619eed3417..8e788861f54 100644
--- a/chromium/net/tools/quic/quic_client_session_test.cc
+++ b/chromium/net/tools/quic/quic_client_session_test.cc
@@ -21,12 +21,13 @@
 #include "testing/gtest/include/gtest/gtest.h"
 
 using base::StringPrintf;
+using google::protobuf::implicit_cast;
 using net::test::ConstructEncryptedPacket;
 using net::test::ConstructMisFramedEncryptedPacket;
 using net::test::CryptoTestUtils;
 using net::test::DefaultQuicConfig;
-using net::test::MockConnection;
-using net::test::MockConnectionHelper;
+using net::test::MockQuicConnection;
+using net::test::MockQuicConnectionHelper;
 using net::test::MockQuicSpdyClientStream;
 using net::test::PacketSavingConnection;
 using net::test::QuicConnectionPeer;
@@ -94,7 +95,8 @@ class QuicClientSessionTest : public ::testing::TestWithParam<QuicVersion> {
 
   void Initialize() {
     session_.reset();
-    connection_ = new PacketSavingConnection(&helper_, Perspective::IS_CLIENT,
+    connection_ = new PacketSavingConnection(&helper_, &alarm_factory_,
+                                             Perspective::IS_CLIENT,
                                              SupportedVersions(GetParam()));
     session_.reset(new TestQuicClientSession(
         DefaultQuicConfig(), connection_,
@@ -114,14 +116,15 @@ class QuicClientSessionTest : public ::testing::TestWithParam<QuicVersion> {
     QuicCryptoClientStream* stream =
         static_cast<QuicCryptoClientStream*>(session_->GetCryptoStream());
     CryptoTestUtils::FakeServerOptions options;
-    CryptoTestUtils::HandshakeWithFakeServer(&helper_, connection_, stream,
-                                             options);
+    CryptoTestUtils::HandshakeWithFakeServer(&helper_, &alarm_factory_,
+                                             connection_, stream, options);
   }
 
   QuicCryptoClientConfig crypto_config_;
-  MockConnectionHelper helper_;
+  MockQuicConnectionHelper helper_;
+  MockAlarmFactory alarm_factory_;
   PacketSavingConnection* connection_;
-  scoped_ptr<TestQuicClientSession> session_;
+  std::unique_ptr<TestQuicClientSession> session_;
   QuicClientPushPromiseIndex push_promise_index_;
   SpdyHeaderBlock push_promise_;
   string promise_url_;
@@ -172,7 +175,7 @@ TEST_P(QuicClientSessionTest, NoEncryptionAfterInitialEncryption) {
   struct iovec iov = {data, arraysize(data)};
   QuicIOVector iovector(&iov, 1, iov.iov_len);
   QuicConsumedData consumed =
-      session_->WritevData(stream->id(), iovector, 0, false, nullptr);
+      session_->WritevData(stream, stream->id(), iovector, 0, false, nullptr);
   EXPECT_FALSE(consumed.fin_consumed);
   EXPECT_EQ(0u, consumed.bytes_consumed);
 }
@@ -243,8 +246,8 @@ TEST_P(QuicClientSessionTest, InvalidPacketReceived) {
   IPEndPoint client_address(TestPeerIPAddress(), kTestPort);
 
   EXPECT_CALL(*connection_, ProcessUdpPacket(server_address, client_address, _))
-      .WillRepeatedly(Invoke(static_cast<MockConnection*>(connection_),
-                             &MockConnection::ReallyProcessUdpPacket));
+      .WillRepeatedly(Invoke(implicit_cast<MockQuicConnection*>(connection_),
+                             &MockQuicConnection::ReallyProcessUdpPacket));
   EXPECT_CALL(*connection_, OnCanWrite()).Times(AnyNumber());
   EXPECT_CALL(*connection_, OnError(_)).Times(1);
 
@@ -263,9 +266,11 @@ TEST_P(QuicClientSessionTest, InvalidPacketReceived) {
 
   // Verify that a non-decryptable packet doesn't close the connection.
   QuicConnectionId connection_id = session_->connection()->connection_id();
-  scoped_ptr<QuicEncryptedPacket> packet(ConstructEncryptedPacket(
-      connection_id, false, false, false, kDefaultPathId, 100, "data"));
-  scoped_ptr<QuicReceivedPacket> received(
+  std::unique_ptr<QuicEncryptedPacket> packet(ConstructEncryptedPacket(
+      connection_id, false, false, false, kDefaultPathId, 100, "data",
+      PACKET_8BYTE_CONNECTION_ID, PACKET_6BYTE_PACKET_NUMBER, nullptr,
+      Perspective::IS_SERVER));
+  std::unique_ptr<QuicReceivedPacket> received(
       ConstructReceivedPacket(*packet, QuicTime::Zero()));
   // Change the last byte of the encrypted data.
   *(const_cast<char*>(received->data() + received->length() - 1)) += 1;
@@ -280,16 +285,17 @@ TEST_P(QuicClientSessionTest, InvalidFramedPacketReceived) {
   IPEndPoint client_address(TestPeerIPAddress(), kTestPort);
 
   EXPECT_CALL(*connection_, ProcessUdpPacket(server_address, client_address, _))
-      .WillRepeatedly(Invoke(static_cast<MockConnection*>(connection_),
-                             &MockConnection::ReallyProcessUdpPacket));
+      .WillRepeatedly(Invoke(implicit_cast<MockQuicConnection*>(connection_),
+                             &MockQuicConnection::ReallyProcessUdpPacket));
   EXPECT_CALL(*connection_, OnError(_)).Times(1);
 
   // Verify that a decryptable packet with bad frames does close the connection.
   QuicConnectionId connection_id = session_->connection()->connection_id();
-  scoped_ptr<QuicEncryptedPacket> packet(ConstructMisFramedEncryptedPacket(
+  std::unique_ptr<QuicEncryptedPacket> packet(ConstructMisFramedEncryptedPacket(
       connection_id, false, false, false, kDefaultPathId, 100, "data",
-      PACKET_8BYTE_CONNECTION_ID, PACKET_6BYTE_PACKET_NUMBER, nullptr));
-  scoped_ptr<QuicReceivedPacket> received(
+      PACKET_8BYTE_CONNECTION_ID, PACKET_6BYTE_PACKET_NUMBER, nullptr,
+      Perspective::IS_SERVER));
+  std::unique_ptr<QuicReceivedPacket> received(
       ConstructReceivedPacket(*packet, QuicTime::Zero()));
   EXPECT_CALL(*connection_, CloseConnection(_, _, _)).Times(1);
   session_->ProcessUdpPacket(client_address, server_address, *received);
@@ -372,7 +378,7 @@ TEST_P(QuicClientSessionTest, PushPromiseAlreadyClosed) {
   CompleteCryptoHandshake();
 
   session_->CreateOutgoingDynamicStream(kDefaultPriority);
-  session_->GetStream(promised_stream_id_);
+  session_->GetOrCreateStream(promised_stream_id_);
 
   EXPECT_CALL(*connection_,
               SendRstStream(promised_stream_id_, QUIC_REFUSED_STREAM, 0));
@@ -442,7 +448,7 @@ TEST_P(QuicClientSessionTest, IsClosedTrueAfterResetPromisedAlreadyOpen) {
   // Initialize crypto before the client session will create a stream.
   CompleteCryptoHandshake();
 
-  session_->GetStream(promised_stream_id_);
+  session_->GetOrCreateStream(promised_stream_id_);
   session_->ResetPromised(promised_stream_id_, QUIC_REFUSED_STREAM);
   EXPECT_TRUE(session_->IsClosedStream(promised_stream_id_));
 }
@@ -458,7 +464,7 @@ TEST_P(QuicClientSessionTest, IsClosedTrueAfterResetPromisedNonexistant) {
 TEST_P(QuicClientSessionTest, OnInitialHeadersCompleteIsPush) {
   // Initialize crypto before the client session will create a stream.
   CompleteCryptoHandshake();
-  session_->GetStream(promised_stream_id_);
+  session_->GetOrCreateStream(promised_stream_id_);
   session_->HandlePromised(associated_stream_id_, promised_stream_id_,
                            push_promise_);
   EXPECT_NE(session_->GetPromisedById(promised_stream_id_), nullptr);
@@ -478,7 +484,7 @@ TEST_P(QuicClientSessionTest, OnInitialHeadersCompleteIsNotPush) {
 TEST_P(QuicClientSessionTest, DeletePromised) {
   // Initialize crypto before the client session will create a stream.
   CompleteCryptoHandshake();
-  session_->GetStream(promised_stream_id_);
+  session_->GetOrCreateStream(promised_stream_id_);
   session_->HandlePromised(associated_stream_id_, promised_stream_id_,
                            push_promise_);
   QuicClientPromisedInfo* promised =
@@ -495,7 +501,7 @@ TEST_P(QuicClientSessionTest, DeletePromised) {
 TEST_P(QuicClientSessionTest, ResetPromised) {
   // Initialize crypto before the client session will create a stream.
   CompleteCryptoHandshake();
-  session_->GetStream(promised_stream_id_);
+  session_->GetOrCreateStream(promised_stream_id_);
   session_->HandlePromised(associated_stream_id_, promised_stream_id_,
                            push_promise_);
   EXPECT_CALL(*connection_, SendRstStream(promised_stream_id_,
diff --git a/chromium/net/tools/quic/quic_client_test.cc b/chromium/net/tools/quic/quic_client_test.cc
index 373a2d81f60..dca06bddae2 100644
--- a/chromium/net/tools/quic/quic_client_test.cc
+++ b/chromium/net/tools/quic/quic_client_test.cc
@@ -7,6 +7,8 @@
 #include <dirent.h>
 #include <stdio.h>
 
+#include <memory>
+
 #include "base/strings/string_util.h"
 #include "net/quic/test_tools/crypto_test_utils.h"
 #include "net/quic/test_tools/quic_test_utils.h"
@@ -65,7 +67,7 @@ TEST(QuicClientTest, DoNotLeakFDs) {
   // in additional FDs being opened.
   const int kNumClients = 50;
   for (int i = 0; i < kNumClients; ++i) {
-    scoped_ptr<QuicClient> client(
+    std::unique_ptr<QuicClient> client(
         CreateAndInitializeQuicClient(&eps, net::test::kTestPort + i));
 
     // Initializing the client will create a new FD.
@@ -84,7 +86,7 @@ TEST(QuicClientTest, CreateAndCleanUpUDPSockets) {
   EpollServer eps;
   int number_of_open_fds = NumOpenFDs();
 
-  scoped_ptr<QuicClient> client(
+  std::unique_ptr<QuicClient> client(
       CreateAndInitializeQuicClient(&eps, net::test::kTestPort));
   EXPECT_EQ(number_of_open_fds + 1, NumOpenFDs());
   // Create more UDP sockets.
diff --git a/chromium/net/tools/quic/quic_dispatcher.cc b/chromium/net/tools/quic/quic_dispatcher.cc
index 6d08fbe2dd8..c5a72005340 100644
--- a/chromium/net/tools/quic/quic_dispatcher.cc
+++ b/chromium/net/tools/quic/quic_dispatcher.cc
@@ -41,17 +41,20 @@ class DeleteSessionsAlarm : public QuicAlarm::Delegate {
 
 }  // namespace
 
-QuicDispatcher::QuicDispatcher(const QuicConfig& config,
-                               const QuicCryptoServerConfig* crypto_config,
-                               const QuicVersionVector& supported_versions,
-                               QuicConnectionHelperInterface* helper)
+QuicDispatcher::QuicDispatcher(
+    const QuicConfig& config,
+    const QuicCryptoServerConfig* crypto_config,
+    const QuicVersionVector& supported_versions,
+    std::unique_ptr<QuicConnectionHelperInterface> helper,
+    std::unique_ptr<QuicAlarmFactory> alarm_factory)
     : config_(config),
       crypto_config_(crypto_config),
       compressed_certs_cache_(
           QuicCompressedCertsCache::kQuicCompressedCertsCacheSize),
-      helper_(helper),
+      helper_(std::move(helper)),
+      alarm_factory_(std::move(alarm_factory)),
       delete_sessions_alarm_(
-          helper_->CreateAlarm(new DeleteSessionsAlarm(this))),
+          alarm_factory_->CreateAlarm(new DeleteSessionsAlarm(this))),
       supported_versions_(supported_versions),
       current_packet_(nullptr),
       framer_(supported_versions,
@@ -134,28 +137,18 @@ bool QuicDispatcher::OnUnauthenticatedPublicHeader(
   QuicVersion version = supported_versions_.front();
   if (header.version_flag) {
     QuicVersion packet_version = header.versions.front();
-    if (framer_.IsSupportedVersion(packet_version)) {
-      version = packet_version;
-    } else {
-      if (FLAGS_quic_stateless_version_negotiation) {
-        if (ShouldCreateSessionForUnknownVersion(framer_.last_version_tag())) {
-          return true;
-        }
-        // Since the version is not supported, send a version negotiation
-        // packet and stop processing the current packet.
-        time_wait_list_manager()->SendVersionNegotiationPacket(
-            connection_id, supported_versions_, current_server_address_,
-            current_client_address_);
-        return false;
-      } else {
-        // Packets set to be processed but having an unsupported version will
-        // cause a connection to be created.  The connection will handle
-        // sending a version negotiation packet.
-        // TODO(ianswett): This will malfunction if the full header of the
-        // packet causes a parsing error when parsed using the server's
-        // preferred version.
+    if (!framer_.IsSupportedVersion(packet_version)) {
+      if (ShouldCreateSessionForUnknownVersion(framer_.last_version_tag())) {
+        return true;
       }
+      // Since the version is not supported, send a version negotiation
+      // packet and stop processing the current packet.
+      time_wait_list_manager()->SendVersionNegotiationPacket(
+          connection_id, supported_versions_, current_server_address_,
+          current_client_address_);
+      return false;
     }
+    version = packet_version;
   }
   // Set the framer's version and continue processing.
   framer_.set_version(version);
@@ -336,11 +329,6 @@ void QuicDispatcher::OnConnectionAddedToTimeWaitList(
   DVLOG(1) << "Connection " << connection_id << " added to time wait list.";
 }
 
-void QuicDispatcher::OnConnectionRemovedFromTimeWaitList(
-    QuicConnectionId connection_id) {
-  DVLOG(1) << "Connection " << connection_id << " removed from time wait list.";
-}
-
 void QuicDispatcher::OnPacket() {}
 
 void QuicDispatcher::OnError(QuicFramer* framer) {
@@ -355,14 +343,11 @@ bool QuicDispatcher::ShouldCreateSessionForUnknownVersion(QuicTag version_tag) {
 
 bool QuicDispatcher::OnProtocolVersionMismatch(
     QuicVersion /*received_version*/) {
-  if (FLAGS_quic_stateless_version_negotiation) {
-    QUIC_BUG_IF(
-        !time_wait_list_manager_->IsConnectionIdInTimeWait(
-            current_connection_id_) &&
-        !ShouldCreateSessionForUnknownVersion(framer_.last_version_tag()))
-        << "Unexpected version mismatch: "
-        << QuicUtils::TagToString(framer_.last_version_tag());
-  }
+  QUIC_BUG_IF(!time_wait_list_manager_->IsConnectionIdInTimeWait(
+                  current_connection_id_) &&
+              !ShouldCreateSessionForUnknownVersion(framer_.last_version_tag()))
+      << "Unexpected version mismatch: "
+      << QuicUtils::TagToString(framer_.last_version_tag());
 
   // Keep processing after protocol mismatch - this will be dealt with by the
   // time wait list or connection that we will create.
@@ -403,6 +388,11 @@ bool QuicDispatcher::OnStopWaitingFrame(const QuicStopWaitingFrame& /*frame*/) {
   return false;
 }
 
+bool QuicDispatcher::OnPaddingFrame(const QuicPaddingFrame& /*frame*/) {
+  DCHECK(false);
+  return false;
+}
+
 bool QuicDispatcher::OnPingFrame(const QuicPingFrame& /*frame*/) {
   DCHECK(false);
   return false;
@@ -449,7 +439,8 @@ QuicServerSessionBase* QuicDispatcher::CreateQuicSession(
     const IPEndPoint& client_address) {
   // The QuicServerSessionBase takes ownership of |connection| below.
   QuicConnection* connection = new QuicConnection(
-      connection_id, client_address, helper_.get(), CreatePerConnectionWriter(),
+      connection_id, client_address, helper_.get(), alarm_factory_.get(),
+      CreatePerConnectionWriter(),
       /* owns_writer= */ true, Perspective::IS_SERVER, supported_versions_);
 
   QuicServerSessionBase* session = new QuicSimpleServerSession(
@@ -459,7 +450,8 @@ QuicServerSessionBase* QuicDispatcher::CreateQuicSession(
 }
 
 QuicTimeWaitListManager* QuicDispatcher::CreateQuicTimeWaitListManager() {
-  return new QuicTimeWaitListManager(writer_.get(), this, helper_.get());
+  return new QuicTimeWaitListManager(writer_.get(), this, helper_.get(),
+                                     alarm_factory_.get());
 }
 
 bool QuicDispatcher::HandlePacketForTimeWait(
diff --git a/chromium/net/tools/quic/quic_dispatcher.h b/chromium/net/tools/quic/quic_dispatcher.h
index 763280a8a47..98917e9ce57 100644
--- a/chromium/net/tools/quic/quic_dispatcher.h
+++ b/chromium/net/tools/quic/quic_dispatcher.h
@@ -8,12 +8,11 @@
 #ifndef NET_TOOLS_QUIC_QUIC_DISPATCHER_H_
 #define NET_TOOLS_QUIC_QUIC_DISPATCHER_H_
 
+#include <memory>
 #include <unordered_map>
 #include <vector>
 
-#include "base/containers/hash_tables.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/ip_endpoint.h"
 #include "net/base/linked_hash_map.h"
 #include "net/quic/crypto/quic_compressed_certs_cache.h"
@@ -45,14 +44,11 @@ class QuicDispatcher : public QuicServerSessionVisitor,
                           QuicBlockedWriterInterfacePtrHash>
       WriteBlockedList;
 
-  // Due to the way delete_sessions_closure_ is registered, the Dispatcher must
-  // live until server Shutdown. |supported_versions| specifies the std::list
-  // of supported QUIC versions. Takes ownership of |packet_writer_factory|,
-  // which is used to create per-connection writers.
   QuicDispatcher(const QuicConfig& config,
                  const QuicCryptoServerConfig* crypto_config,
                  const QuicVersionVector& supported_versions,
-                 QuicConnectionHelperInterface* helper);
+                 std::unique_ptr<QuicConnectionHelperInterface> helper,
+                 std::unique_ptr<QuicAlarmFactory> alarm_factory);
 
   ~QuicDispatcher() override;
 
@@ -87,11 +83,6 @@ class QuicDispatcher : public QuicServerSessionVisitor,
   // time-wait list.
   void OnConnectionAddedToTimeWaitList(QuicConnectionId connection_id) override;
 
-  // Called whenever the time wait list manager removes an old connection from
-  // the time-wait list.
-  void OnConnectionRemovedFromTimeWaitList(
-      QuicConnectionId connection_id) override;
-
   typedef std::unordered_map<QuicConnectionId, QuicServerSessionBase*>
       SessionMap;
 
@@ -136,6 +127,7 @@ class QuicDispatcher : public QuicServerSessionVisitor,
   bool OnStreamFrame(const QuicStreamFrame& frame) override;
   bool OnAckFrame(const QuicAckFrame& frame) override;
   bool OnStopWaitingFrame(const QuicStopWaitingFrame& frame) override;
+  bool OnPaddingFrame(const QuicPaddingFrame& frame) override;
   bool OnPingFrame(const QuicPingFrame& frame) override;
   bool OnRstStreamFrame(const QuicRstStreamFrame& frame) override;
   bool OnConnectionCloseFrame(const QuicConnectionCloseFrame& frame) override;
@@ -197,6 +189,8 @@ class QuicDispatcher : public QuicServerSessionVisitor,
 
   QuicConnectionHelperInterface* helper() { return helper_.get(); }
 
+  QuicAlarmFactory* alarm_factory() { return alarm_factory_.get(); }
+
   QuicPacketWriter* writer() { return writer_.get(); }
 
   // Creates per-connection packet writers out of the QuicDispatcher's shared
@@ -235,19 +229,22 @@ class QuicDispatcher : public QuicServerSessionVisitor,
   SessionMap session_map_;
 
   // Entity that manages connection_ids in time wait state.
-  scoped_ptr<QuicTimeWaitListManager> time_wait_list_manager_;
+  std::unique_ptr<QuicTimeWaitListManager> time_wait_list_manager_;
 
   // The list of closed but not-yet-deleted sessions.
   std::vector<QuicServerSessionBase*> closed_session_list_;
 
   // The helper used for all connections.
-  scoped_ptr<QuicConnectionHelperInterface> helper_;
+  std::unique_ptr<QuicConnectionHelperInterface> helper_;
+
+  // Creates alarms.
+  std::unique_ptr<QuicAlarmFactory> alarm_factory_;
 
   // An alarm which deletes closed sessions.
-  scoped_ptr<QuicAlarm> delete_sessions_alarm_;
+  std::unique_ptr<QuicAlarm> delete_sessions_alarm_;
 
   // The writer to write to the socket with.
-  scoped_ptr<QuicPacketWriter> writer_;
+  std::unique_ptr<QuicPacketWriter> writer_;
 
   // This vector contains QUIC versions which we currently support.
   // This should be ordered such that the highest supported version is the first
diff --git a/chromium/net/tools/quic/quic_dispatcher_test.cc b/chromium/net/tools/quic/quic_dispatcher_test.cc
index a8c8ab4561e..6a382ad9aa8 100644
--- a/chromium/net/tools/quic/quic_dispatcher_test.cc
+++ b/chromium/net/tools/quic/quic_dispatcher_test.cc
@@ -4,6 +4,7 @@
 
 #include "net/tools/quic/quic_dispatcher.h"
 
+#include <memory>
 #include <ostream>
 #include <string>
 
@@ -19,6 +20,7 @@
 #include "net/quic/test_tools/crypto_test_utils.h"
 #include "net/quic/test_tools/quic_test_utils.h"
 #include "net/tools/epoll_server/epoll_server.h"
+#include "net/tools/quic/quic_epoll_alarm_factory.h"
 #include "net/tools/quic/quic_epoll_connection_helper.h"
 #include "net/tools/quic/quic_packet_writer_wrapper.h"
 #include "net/tools/quic/quic_time_wait_list_manager.h"
@@ -31,8 +33,8 @@ using base::StringPiece;
 using net::EpollServer;
 using net::test::ConstructEncryptedPacket;
 using net::test::CryptoTestUtils;
-using net::test::MockConnection;
-using net::test::MockConnectionHelper;
+using net::test::MockQuicConnection;
+using net::test::MockQuicConnectionHelper;
 using net::test::ValueRestore;
 using std::string;
 using std::vector;
@@ -99,7 +101,10 @@ class TestDispatcher : public QuicDispatcher {
             config,
             crypto_config,
             QuicSupportedVersions(),
-            new QuicEpollConnectionHelper(eps, QuicAllocator::BUFFER_POOL)) {}
+            std::unique_ptr<QuicEpollConnectionHelper>(
+                new QuicEpollConnectionHelper(eps, QuicAllocator::BUFFER_POOL)),
+            std::unique_ptr<QuicEpollAlarmFactory>(
+                new QuicEpollAlarmFactory(eps))) {}
 
   MOCK_METHOD2(CreateQuicSession,
                QuicServerSessionBase*(QuicConnectionId connection_id,
@@ -113,12 +118,16 @@ class TestDispatcher : public QuicDispatcher {
 // sending connection close.
 // It'd be slightly more realistic to do this from the Session but it would
 // involve a lot more mocking.
-class MockServerConnection : public MockConnection {
+class MockServerConnection : public MockQuicConnection {
  public:
   MockServerConnection(QuicConnectionId connection_id,
-                       MockConnectionHelper* helper,
+                       MockQuicConnectionHelper* helper,
+                       MockAlarmFactory* alarm_factory,
                        QuicDispatcher* dispatcher)
-      : MockConnection(connection_id, helper, Perspective::IS_SERVER),
+      : MockQuicConnection(connection_id,
+                           helper,
+                           alarm_factory,
+                           Perspective::IS_SERVER),
         dispatcher_(dispatcher) {}
 
   void UnregisterOnConnectionClosed() {
@@ -136,19 +145,20 @@ QuicServerSessionBase* CreateSession(
     const QuicConfig& config,
     QuicConnectionId connection_id,
     const IPEndPoint& client_address,
-    MockConnectionHelper* helper,
+    MockQuicConnectionHelper* helper,
+    MockAlarmFactory* alarm_factory,
     const QuicCryptoServerConfig* crypto_config,
     QuicCompressedCertsCache* compressed_certs_cache,
     TestQuicSpdyServerSession** session) {
-  MockServerConnection* connection =
-      new MockServerConnection(connection_id, helper, dispatcher);
+  MockServerConnection* connection = new MockServerConnection(
+      connection_id, helper, alarm_factory, dispatcher);
   *session = new TestQuicSpdyServerSession(config, connection, crypto_config,
                                            compressed_certs_cache);
   connection->set_visitor(*session);
   ON_CALL(*connection, CloseConnection(_, _, _))
       .WillByDefault(WithoutArgs(Invoke(
           connection, &MockServerConnection::UnregisterOnConnectionClosed)));
-  EXPECT_CALL(*reinterpret_cast<MockConnection*>((*session)->connection()),
+  EXPECT_CALL(*reinterpret_cast<MockQuicConnection*>((*session)->connection()),
               ProcessUdpPacket(_, client_address, _));
 
   return *session;
@@ -158,6 +168,7 @@ class QuicDispatcherTest : public ::testing::Test {
  public:
   QuicDispatcherTest()
       : helper_(&eps_, QuicAllocator::BUFFER_POOL),
+        alarm_factory_(&eps_),
         crypto_config_(QuicCryptoServerConfig::TESTING,
                        QuicRandom::GetInstance(),
                        CryptoTestUtils::ProofSourceForTesting()),
@@ -170,12 +181,12 @@ class QuicDispatcherTest : public ::testing::Test {
 
   ~QuicDispatcherTest() override {}
 
-  MockConnection* connection1() {
-    return reinterpret_cast<MockConnection*>(session1_->connection());
+  MockQuicConnection* connection1() {
+    return reinterpret_cast<MockQuicConnection*>(session1_->connection());
   }
 
-  MockConnection* connection2() {
-    return reinterpret_cast<MockConnection*>(session2_->connection());
+  MockQuicConnection* connection2() {
+    return reinterpret_cast<MockQuicConnection*>(session2_->connection());
   }
 
   // Process a packet with an 8 byte connection id,
@@ -230,10 +241,10 @@ class QuicDispatcherTest : public ::testing::Test {
                      QuicPacketNumberLength packet_number_length,
                      QuicPacketNumber packet_number) {
     QuicVersionVector versions(SupportedVersions(version));
-    scoped_ptr<QuicEncryptedPacket> packet(ConstructEncryptedPacket(
+    std::unique_ptr<QuicEncryptedPacket> packet(ConstructEncryptedPacket(
         connection_id, has_version_flag, false, false, 0, packet_number, data,
         connection_id_length, packet_number_length, &versions));
-    scoped_ptr<QuicReceivedPacket> received_packet(
+    std::unique_ptr<QuicReceivedPacket> received_packet(
         ConstructReceivedPacket(*packet, helper_.GetClock()->Now()));
 
     data_ = string(packet->data(), packet->length());
@@ -247,16 +258,25 @@ class QuicDispatcherTest : public ::testing::Test {
   }
 
   void CreateTimeWaitListManager() {
-    time_wait_list_manager_ = new MockTimeWaitListManager(
-        QuicDispatcherPeer::GetWriter(&dispatcher_), &dispatcher_, &helper_);
+    time_wait_list_manager_ =
+        new MockTimeWaitListManager(QuicDispatcherPeer::GetWriter(&dispatcher_),
+                                    &dispatcher_, &helper_, &alarm_factory_);
     // dispatcher_ takes the ownership of time_wait_list_manager_.
     QuicDispatcherPeer::SetTimeWaitListManager(&dispatcher_,
                                                time_wait_list_manager_);
   }
 
+  string SerializeCHLO() {
+    CryptoHandshakeMessage client_hello;
+    client_hello.set_tag(kCHLO);
+    return client_hello.GetSerialized().AsStringPiece().as_string();
+  }
+
   EpollServer eps_;
   QuicEpollConnectionHelper helper_;
-  MockConnectionHelper mock_helper_;
+  MockQuicConnectionHelper mock_helper_;
+  QuicEpollAlarmFactory alarm_factory_;
+  MockAlarmFactory mock_alarm_factory_;
   QuicConfig config_;
   QuicCryptoServerConfig crypto_config_;
   IPEndPoint server_address_;
@@ -274,50 +294,34 @@ TEST_F(QuicDispatcherTest, ProcessPackets) {
   EXPECT_CALL(dispatcher_, CreateQuicSession(1, client_address))
       .WillOnce(testing::Return(CreateSession(
           &dispatcher_, config_, 1, client_address, &mock_helper_,
-          &crypto_config_, QuicDispatcherPeer::GetCache(&dispatcher_),
-          &session1_)));
-  ProcessPacket(client_address, 1, true, false, "foo");
+          &mock_alarm_factory_, &crypto_config_,
+          QuicDispatcherPeer::GetCache(&dispatcher_), &session1_)));
+  ProcessPacket(client_address, 1, true, false, SerializeCHLO());
   EXPECT_EQ(client_address, dispatcher_.current_client_address());
   EXPECT_EQ(server_address_, dispatcher_.current_server_address());
 
   EXPECT_CALL(dispatcher_, CreateQuicSession(2, client_address))
       .WillOnce(testing::Return(CreateSession(
           &dispatcher_, config_, 2, client_address, &mock_helper_,
-          &crypto_config_, QuicDispatcherPeer::GetCache(&dispatcher_),
-          &session2_)));
-  ProcessPacket(client_address, 2, true, false, "bar");
+          &mock_alarm_factory_, &crypto_config_,
+          QuicDispatcherPeer::GetCache(&dispatcher_), &session2_)));
+  ProcessPacket(client_address, 2, true, false, SerializeCHLO());
 
-  EXPECT_CALL(*reinterpret_cast<MockConnection*>(session1_->connection()),
+  EXPECT_CALL(*reinterpret_cast<MockQuicConnection*>(session1_->connection()),
               ProcessUdpPacket(_, _, _))
       .Times(1)
       .WillOnce(testing::WithArgs<2>(
           Invoke(this, &QuicDispatcherTest::ValidatePacket)));
-  ProcessPacket(client_address, 1, false, false, "eep");
+  ProcessPacket(client_address, 1, false, false, "data");
 }
 
 TEST_F(QuicDispatcherTest, StatelessVersionNegotiation) {
-  ValueRestore<bool> old_flag(&FLAGS_quic_stateless_version_negotiation, true);
   IPEndPoint client_address(net::test::Loopback4(), 1);
   server_address_ = IPEndPoint(net::test::Any4(), 5);
 
   EXPECT_CALL(dispatcher_, CreateQuicSession(1, client_address)).Times(0);
   QuicVersion version = static_cast<QuicVersion>(QuicVersionMin() - 1);
-  ProcessPacket(client_address, 1, true, version, "foo",
-                PACKET_8BYTE_CONNECTION_ID, PACKET_6BYTE_PACKET_NUMBER, 1);
-}
-
-TEST_F(QuicDispatcherTest, StatefulVersionNegotiation) {
-  ValueRestore<bool> old_flag(&FLAGS_quic_stateless_version_negotiation, false);
-  IPEndPoint client_address(net::test::Loopback4(), 1);
-  server_address_ = IPEndPoint(net::test::Any4(), 5);
-
-  EXPECT_CALL(dispatcher_, CreateQuicSession(1, client_address))
-      .WillOnce(testing::Return(CreateSession(
-          &dispatcher_, config_, 1, client_address, &mock_helper_,
-          &crypto_config_, QuicDispatcherPeer::GetCache(&dispatcher_),
-          &session1_)));
-  QuicVersion version = static_cast<QuicVersion>(QuicVersionMin() - 1);
-  ProcessPacket(client_address, 1, true, version, "foo",
+  ProcessPacket(client_address, 1, true, version, SerializeCHLO(),
                 PACKET_8BYTE_CONNECTION_ID, PACKET_6BYTE_PACKET_NUMBER, 1);
 }
 
@@ -327,12 +331,12 @@ TEST_F(QuicDispatcherTest, Shutdown) {
   EXPECT_CALL(dispatcher_, CreateQuicSession(_, client_address))
       .WillOnce(testing::Return(CreateSession(
           &dispatcher_, config_, 1, client_address, &mock_helper_,
-          &crypto_config_, QuicDispatcherPeer::GetCache(&dispatcher_),
-          &session1_)));
+          &mock_alarm_factory_, &crypto_config_,
+          QuicDispatcherPeer::GetCache(&dispatcher_), &session1_)));
 
-  ProcessPacket(client_address, 1, true, false, "foo");
+  ProcessPacket(client_address, 1, true, false, SerializeCHLO());
 
-  EXPECT_CALL(*reinterpret_cast<MockConnection*>(session1_->connection()),
+  EXPECT_CALL(*reinterpret_cast<MockQuicConnection*>(session1_->connection()),
               CloseConnection(QUIC_PEER_GOING_AWAY, _, _));
 
   dispatcher_.Shutdown();
@@ -347,9 +351,9 @@ TEST_F(QuicDispatcherTest, TimeWaitListManager) {
   EXPECT_CALL(dispatcher_, CreateQuicSession(connection_id, client_address))
       .WillOnce(testing::Return(CreateSession(
           &dispatcher_, config_, connection_id, client_address, &mock_helper_,
-          &crypto_config_, QuicDispatcherPeer::GetCache(&dispatcher_),
-          &session1_)));
-  ProcessPacket(client_address, connection_id, true, false, "foo");
+          &mock_alarm_factory_, &crypto_config_,
+          QuicDispatcherPeer::GetCache(&dispatcher_), &session1_)));
+  ProcessPacket(client_address, connection_id, true, false, SerializeCHLO());
 
   // Close the connection by sending public reset packet.
   QuicPublicResetPacket packet;
@@ -358,9 +362,9 @@ TEST_F(QuicDispatcherTest, TimeWaitListManager) {
   packet.public_header.version_flag = false;
   packet.rejected_packet_number = 19191;
   packet.nonce_proof = 132232;
-  scoped_ptr<QuicEncryptedPacket> encrypted(
+  std::unique_ptr<QuicEncryptedPacket> encrypted(
       QuicFramer::BuildPublicResetPacket(packet));
-  scoped_ptr<QuicReceivedPacket> received(
+  std::unique_ptr<QuicReceivedPacket> received(
       ConstructReceivedPacket(*encrypted, helper_.GetClock()->Now()));
   EXPECT_CALL(*session1_, OnConnectionClosed(QUIC_PUBLIC_RESET, _,
                                              ConnectionCloseSource::FROM_PEER))
@@ -368,11 +372,11 @@ TEST_F(QuicDispatcherTest, TimeWaitListManager) {
       .WillOnce(WithoutArgs(Invoke(
           reinterpret_cast<MockServerConnection*>(session1_->connection()),
           &MockServerConnection::UnregisterOnConnectionClosed)));
-  EXPECT_CALL(*reinterpret_cast<MockConnection*>(session1_->connection()),
+  EXPECT_CALL(*reinterpret_cast<MockQuicConnection*>(session1_->connection()),
               ProcessUdpPacket(_, _, _))
       .WillOnce(
-          Invoke(reinterpret_cast<MockConnection*>(session1_->connection()),
-                 &MockConnection::ReallyProcessUdpPacket));
+          Invoke(reinterpret_cast<MockQuicConnection*>(session1_->connection()),
+                 &MockQuicConnection::ReallyProcessUdpPacket));
   dispatcher_.ProcessPacket(IPEndPoint(), client_address, *received);
   EXPECT_TRUE(time_wait_list_manager_->IsConnectionIdInTimeWait(connection_id));
 
@@ -383,7 +387,7 @@ TEST_F(QuicDispatcherTest, TimeWaitListManager) {
       .Times(1);
   EXPECT_CALL(*time_wait_list_manager_, AddConnectionIdToTimeWait(_, _, _, _))
       .Times(0);
-  ProcessPacket(client_address, connection_id, true, false, "foo");
+  ProcessPacket(client_address, connection_id, true, false, "data");
 }
 
 TEST_F(QuicDispatcherTest, NoVersionPacketToTimeWaitListManager) {
@@ -399,7 +403,62 @@ TEST_F(QuicDispatcherTest, NoVersionPacketToTimeWaitListManager) {
       .Times(1);
   EXPECT_CALL(*time_wait_list_manager_, AddConnectionIdToTimeWait(_, _, _, _))
       .Times(1);
-  ProcessPacket(client_address, connection_id, false, false, "data");
+  ProcessPacket(client_address, connection_id, false, false, SerializeCHLO());
+}
+
+TEST_F(QuicDispatcherTest, ProcessPacketWithZeroPort) {
+  CreateTimeWaitListManager();
+
+  IPEndPoint client_address(net::test::Loopback4(), 0);
+  server_address_ = IPEndPoint(net::test::Any4(), 5);
+
+  // dispatcher_ should drop this packet.
+  EXPECT_CALL(dispatcher_, CreateQuicSession(1, client_address)).Times(0);
+  EXPECT_CALL(*time_wait_list_manager_, ProcessPacket(_, _, _, _, _)).Times(0);
+  EXPECT_CALL(*time_wait_list_manager_, AddConnectionIdToTimeWait(_, _, _, _))
+      .Times(0);
+  ProcessPacket(client_address, 1, true, false, SerializeCHLO());
+}
+
+TEST_F(QuicDispatcherTest, OKSeqNoPacketProcessed) {
+  IPEndPoint client_address(net::test::Loopback4(), 1);
+  QuicConnectionId connection_id = 1;
+  server_address_ = IPEndPoint(net::test::Any4(), 5);
+
+  EXPECT_CALL(dispatcher_, CreateQuicSession(1, client_address))
+      .WillOnce(testing::Return(CreateSession(
+          &dispatcher_, config_, 1, client_address, &mock_helper_,
+          &mock_alarm_factory_, &crypto_config_,
+          QuicDispatcherPeer::GetCache(&dispatcher_), &session1_)));
+  // A packet whose packet number is the largest that is allowed to start a
+  // connection.
+  ProcessPacket(client_address, connection_id, true, false, SerializeCHLO(),
+                PACKET_8BYTE_CONNECTION_ID, PACKET_6BYTE_PACKET_NUMBER,
+                kDefaultPathId,
+                QuicDispatcher::kMaxReasonableInitialPacketNumber);
+  EXPECT_EQ(client_address, dispatcher_.current_client_address());
+  EXPECT_EQ(server_address_, dispatcher_.current_server_address());
+}
+
+TEST_F(QuicDispatcherTest, TooBigSeqNoPacketToTimeWaitListManager) {
+  CreateTimeWaitListManager();
+
+  IPEndPoint client_address(net::test::Loopback4(), 1);
+  QuicConnectionId connection_id = 1;
+  // Dispatcher forwards this packet for this connection_id to the time wait
+  // list manager.
+  EXPECT_CALL(dispatcher_, CreateQuicSession(_, _)).Times(0);
+  EXPECT_CALL(*time_wait_list_manager_,
+              ProcessPacket(_, _, connection_id, _, _))
+      .Times(1);
+  EXPECT_CALL(*time_wait_list_manager_, AddConnectionIdToTimeWait(_, _, _, _))
+      .Times(1);
+  // A packet whose packet number is one to large to be allowed to start a
+  // connection.
+  ProcessPacket(client_address, connection_id, true, false, SerializeCHLO(),
+                PACKET_8BYTE_CONNECTION_ID, PACKET_6BYTE_PACKET_NUMBER,
+                kDefaultPathId,
+                QuicDispatcher::kMaxReasonableInitialPacketNumber + 1);
 }
 
 // Enables mocking of the handshake-confirmation for stateless rejects.
@@ -496,7 +555,7 @@ class QuicDispatcherStatelessRejectTest
       QuicConnectionId connection_id,
       const IPEndPoint& client_address) {
     CreateSession(&dispatcher_, config_, connection_id, client_address,
-                  &mock_helper_, &crypto_config_,
+                  &mock_helper_, &mock_alarm_factory_, &crypto_config_,
                   QuicDispatcherPeer::GetCache(&dispatcher_), &session1_);
 
     crypto_stream1_ = new MockQuicCryptoServerStream(
@@ -512,61 +571,6 @@ class QuicDispatcherStatelessRejectTest
   MockQuicCryptoServerStream* crypto_stream1_;
 };
 
-TEST_F(QuicDispatcherTest, ProcessPacketWithZeroPort) {
-  CreateTimeWaitListManager();
-
-  IPEndPoint client_address(net::test::Loopback4(), 0);
-  server_address_ = IPEndPoint(net::test::Any4(), 5);
-
-  // dispatcher_ should drop this packet.
-  EXPECT_CALL(dispatcher_, CreateQuicSession(1, client_address)).Times(0);
-  EXPECT_CALL(*time_wait_list_manager_, ProcessPacket(_, _, _, _, _)).Times(0);
-  EXPECT_CALL(*time_wait_list_manager_, AddConnectionIdToTimeWait(_, _, _, _))
-      .Times(0);
-  ProcessPacket(client_address, 1, true, false, "foo");
-}
-
-TEST_F(QuicDispatcherTest, OKSeqNoPacketProcessed) {
-  IPEndPoint client_address(net::test::Loopback4(), 1);
-  QuicConnectionId connection_id = 1;
-  server_address_ = IPEndPoint(net::test::Any4(), 5);
-
-  EXPECT_CALL(dispatcher_, CreateQuicSession(1, client_address))
-      .WillOnce(testing::Return(CreateSession(
-          &dispatcher_, config_, 1, client_address, &mock_helper_,
-          &crypto_config_, QuicDispatcherPeer::GetCache(&dispatcher_),
-          &session1_)));
-  // A packet whose packet number is the largest that is allowed to start a
-  // connection.
-  ProcessPacket(client_address, connection_id, true, false, "data",
-                PACKET_8BYTE_CONNECTION_ID, PACKET_6BYTE_PACKET_NUMBER,
-                kDefaultPathId,
-                QuicDispatcher::kMaxReasonableInitialPacketNumber);
-  EXPECT_EQ(client_address, dispatcher_.current_client_address());
-  EXPECT_EQ(server_address_, dispatcher_.current_server_address());
-}
-
-TEST_F(QuicDispatcherTest, TooBigSeqNoPacketToTimeWaitListManager) {
-  CreateTimeWaitListManager();
-
-  IPEndPoint client_address(net::test::Loopback4(), 1);
-  QuicConnectionId connection_id = 1;
-  // Dispatcher forwards this packet for this connection_id to the time wait
-  // list manager.
-  EXPECT_CALL(dispatcher_, CreateQuicSession(_, _)).Times(0);
-  EXPECT_CALL(*time_wait_list_manager_,
-              ProcessPacket(_, _, connection_id, _, _))
-      .Times(1);
-  EXPECT_CALL(*time_wait_list_manager_, AddConnectionIdToTimeWait(_, _, _, _))
-      .Times(1);
-  // A packet whose packet number is one to large to be allowed to start a
-  // connection.
-  ProcessPacket(client_address, connection_id, true, false, "data",
-                PACKET_8BYTE_CONNECTION_ID, PACKET_6BYTE_PACKET_NUMBER,
-                kDefaultPathId,
-                QuicDispatcher::kMaxReasonableInitialPacketNumber + 1);
-}
-
 INSTANTIATE_TEST_CASE_P(QuicDispatcherStatelessRejectTests,
                         QuicDispatcherStatelessRejectTest,
                         ::testing::ValuesIn(GetStatelessRejectTestParams()));
@@ -584,7 +588,7 @@ TEST_P(QuicDispatcherStatelessRejectTest, ParameterizedBasicTest) {
           CreateSessionBasedOnTestParams(connection_id, client_address)));
 
   // Process the first packet for the connection.
-  ProcessPacket(client_address, connection_id, true, false, "foo");
+  ProcessPacket(client_address, connection_id, true, false, SerializeCHLO());
   if (ExpectStatelessReject()) {
     // If this is a stateless reject, the crypto stream will close the
     // connection.
@@ -604,26 +608,22 @@ TEST_P(QuicDispatcherStatelessRejectTest, ParameterizedBasicTest) {
         .Times(1);
   } else {
     // The second packet will trigger a packet-validation
-    EXPECT_CALL(*reinterpret_cast<MockConnection*>(session1_->connection()),
+    EXPECT_CALL(*reinterpret_cast<MockQuicConnection*>(session1_->connection()),
                 ProcessUdpPacket(_, _, _))
         .Times(1)
         .WillOnce(testing::WithArgs<2>(
             Invoke(this, &QuicDispatcherTest::ValidatePacket)));
   }
-  ProcessPacket(client_address, connection_id, true, false, "foo");
+  ProcessPacket(client_address, connection_id, true, false, "data");
 }
 
 // Verify the stopgap test: Packets with truncated connection IDs should be
 // dropped.
-class QuicDispatcherTestStrayPacketConnectionId
-    : public QuicDispatcherTest,
-      public ::testing::WithParamInterface<QuicConnectionIdLength> {};
+class QuicDispatcherTestStrayPacketConnectionId : public QuicDispatcherTest {};
 
 // Packets with truncated connection IDs should be dropped.
-TEST_P(QuicDispatcherTestStrayPacketConnectionId,
+TEST_F(QuicDispatcherTestStrayPacketConnectionId,
        StrayPacketTruncatedConnectionId) {
-  const QuicConnectionIdLength connection_id_length = GetParam();
-
   CreateTimeWaitListManager();
 
   IPEndPoint client_address(net::test::Loopback4(), 1);
@@ -636,15 +636,9 @@ TEST_P(QuicDispatcherTestStrayPacketConnectionId,
   EXPECT_CALL(*time_wait_list_manager_, AddConnectionIdToTimeWait(_, _, _, _))
       .Times(0);
   ProcessPacket(client_address, connection_id, true, false, "data",
-                connection_id_length, PACKET_6BYTE_PACKET_NUMBER);
+                PACKET_0BYTE_CONNECTION_ID, PACKET_6BYTE_PACKET_NUMBER);
 }
 
-INSTANTIATE_TEST_CASE_P(ConnectionIdLength,
-                        QuicDispatcherTestStrayPacketConnectionId,
-                        ::testing::Values(PACKET_0BYTE_CONNECTION_ID,
-                                          PACKET_1BYTE_CONNECTION_ID,
-                                          PACKET_4BYTE_CONNECTION_ID));
-
 class BlockingWriter : public QuicPacketWriterWrapper {
  public:
   BlockingWriter() : write_blocked_(false) {}
@@ -677,15 +671,17 @@ class QuicDispatcherWriteBlockedListTest : public QuicDispatcherTest {
 
     EXPECT_CALL(dispatcher_, CreateQuicSession(_, client_address))
         .WillOnce(testing::Return(CreateSession(
-            &dispatcher_, config_, 1, client_address, &helper_, &crypto_config_,
-            QuicDispatcherPeer::GetCache(&dispatcher_), &session1_)));
-    ProcessPacket(client_address, 1, true, false, "foo");
+            &dispatcher_, config_, 1, client_address, &helper_, &alarm_factory_,
+            &crypto_config_, QuicDispatcherPeer::GetCache(&dispatcher_),
+            &session1_)));
+    ProcessPacket(client_address, 1, true, false, SerializeCHLO());
 
     EXPECT_CALL(dispatcher_, CreateQuicSession(_, client_address))
         .WillOnce(testing::Return(CreateSession(
-            &dispatcher_, config_, 2, client_address, &helper_, &crypto_config_,
-            QuicDispatcherPeer::GetCache(&dispatcher_), &session2_)));
-    ProcessPacket(client_address, 2, true, false, "bar");
+            &dispatcher_, config_, 2, client_address, &helper_, &alarm_factory_,
+            &crypto_config_, QuicDispatcherPeer::GetCache(&dispatcher_),
+            &session2_)));
+    ProcessPacket(client_address, 2, true, false, SerializeCHLO());
 
     blocked_list_ = QuicDispatcherPeer::GetWriteBlockedList(&dispatcher_);
   }
@@ -704,7 +700,8 @@ class QuicDispatcherWriteBlockedListTest : public QuicDispatcherTest {
   }
 
  protected:
-  MockConnectionHelper helper_;
+  MockQuicConnectionHelper helper_;
+  MockAlarmFactory alarm_factory_;
   BlockingWriter* writer_;
   QuicDispatcher::WriteBlockedList* blocked_list_;
 };
diff --git a/chromium/net/tools/quic/quic_epoll_alarm_factory.cc b/chromium/net/tools/quic/quic_epoll_alarm_factory.cc
new file mode 100644
index 00000000000..21a166a70d5
--- /dev/null
+++ b/chromium/net/tools/quic/quic_epoll_alarm_factory.cc
@@ -0,0 +1,78 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/tools/quic/quic_epoll_alarm_factory.h"
+
+#include "base/logging.h"
+#include "net/tools/epoll_server/epoll_server.h"
+
+namespace net {
+
+namespace {
+
+class QuicEpollAlarm : public QuicAlarm {
+ public:
+  QuicEpollAlarm(EpollServer* epoll_server,
+                 QuicArenaScopedPtr<Delegate> delegate)
+      : QuicAlarm(std::move(delegate)),
+        epoll_server_(epoll_server),
+        epoll_alarm_impl_(this) {}
+
+ protected:
+  void SetImpl() override {
+    DCHECK(deadline().IsInitialized());
+    epoll_server_->RegisterAlarm(
+        deadline().Subtract(QuicTime::Zero()).ToMicroseconds(),
+        &epoll_alarm_impl_);
+  }
+
+  void CancelImpl() override {
+    DCHECK(!deadline().IsInitialized());
+    epoll_alarm_impl_.UnregisterIfRegistered();
+  }
+
+ private:
+  class EpollAlarmImpl : public EpollAlarm {
+   public:
+    explicit EpollAlarmImpl(QuicEpollAlarm* alarm) : alarm_(alarm) {}
+
+    int64_t OnAlarm() override {
+      EpollAlarm::OnAlarm();
+      alarm_->Fire();
+      // Fire will take care of registering the alarm, if needed.
+      return 0;
+    }
+
+   private:
+    QuicEpollAlarm* alarm_;
+  };
+
+  EpollServer* epoll_server_;
+  EpollAlarmImpl epoll_alarm_impl_;
+};
+
+}  // namespace
+
+QuicEpollAlarmFactory::QuicEpollAlarmFactory(EpollServer* epoll_server)
+    : epoll_server_(epoll_server) {}
+
+QuicEpollAlarmFactory::~QuicEpollAlarmFactory() {}
+
+QuicAlarm* QuicEpollAlarmFactory::CreateAlarm(QuicAlarm::Delegate* delegate) {
+  return new QuicEpollAlarm(epoll_server_,
+                            QuicArenaScopedPtr<QuicAlarm::Delegate>(delegate));
+}
+
+QuicArenaScopedPtr<QuicAlarm> QuicEpollAlarmFactory::CreateAlarm(
+    QuicArenaScopedPtr<QuicAlarm::Delegate> delegate,
+    QuicConnectionArena* arena) {
+  if (arena != nullptr) {
+    return arena->New<QuicEpollAlarm>(epoll_server_, std::move(delegate));
+  } else {
+    return QuicArenaScopedPtr<QuicAlarm>(
+        new QuicEpollAlarm(epoll_server_, std::move(delegate)));
+  }
+}
+
+}  // namespace net
diff --git a/chromium/net/tools/quic/quic_epoll_alarm_factory.h b/chromium/net/tools/quic/quic_epoll_alarm_factory.h
new file mode 100644
index 00000000000..6b59ccc781e
--- /dev/null
+++ b/chromium/net/tools/quic/quic_epoll_alarm_factory.h
@@ -0,0 +1,35 @@
+// Copyright (c) 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_QUIC_QUIC_EPOLL_ALARM_FACTORY_H_
+#define NET_QUIC_QUIC_EPOLL_ALARM_FACTORY_H_
+
+#include "net/quic/quic_alarm.h"
+#include "net/quic/quic_alarm_factory.h"
+
+namespace net {
+
+class EpollServer;
+
+// Creates alarms that use the supplied EpollServer for timing and firing.
+class QuicEpollAlarmFactory : public QuicAlarmFactory {
+ public:
+  explicit QuicEpollAlarmFactory(EpollServer* epoll_server);
+  ~QuicEpollAlarmFactory() override;
+
+  // QuicAlarmFactory interface.
+  QuicAlarm* CreateAlarm(QuicAlarm::Delegate* delegate) override;
+  QuicArenaScopedPtr<QuicAlarm> CreateAlarm(
+      QuicArenaScopedPtr<QuicAlarm::Delegate> delegate,
+      QuicConnectionArena* arena) override;
+
+ private:
+  EpollServer* epoll_server_;  // Not owned.
+
+  DISALLOW_COPY_AND_ASSIGN(QuicEpollAlarmFactory);
+};
+
+}  // namespace net
+
+#endif  // NET_QUIC_QUIC_EPOLL_ALARM_FACTORY_H_
diff --git a/chromium/net/tools/quic/quic_epoll_alarm_factory_test.cc b/chromium/net/tools/quic/quic_epoll_alarm_factory_test.cc
new file mode 100644
index 00000000000..5dfe70185ec
--- /dev/null
+++ b/chromium/net/tools/quic/quic_epoll_alarm_factory_test.cc
@@ -0,0 +1,139 @@
+// Copyright (c) 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/tools/quic/quic_epoll_alarm_factory.h"
+
+#include "net/tools/quic/quic_epoll_clock.h"
+#include "net/tools/quic/test_tools/mock_epoll_server.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace net {
+namespace test {
+namespace {
+
+class TestDelegate : public QuicAlarm::Delegate {
+ public:
+  TestDelegate() : fired_(false) {}
+
+  void OnAlarm() override { fired_ = true; }
+
+  bool fired() const { return fired_; }
+
+ private:
+  bool fired_;
+};
+
+// The boolean parameter denotes whether or not to use an arena.
+class QuicEpollAlarmFactoryTest : public ::testing::TestWithParam<bool> {
+ protected:
+  QuicEpollAlarmFactoryTest()
+      : clock_(&epoll_server_), alarm_factory_(&epoll_server_) {}
+
+  QuicConnectionArena* GetArenaParam() {
+    return GetParam() ? &arena_ : nullptr;
+  }
+
+  const QuicEpollClock clock_;
+  QuicEpollAlarmFactory alarm_factory_;
+  test::MockEpollServer epoll_server_;
+  QuicConnectionArena arena_;
+};
+
+TEST_P(QuicEpollAlarmFactoryTest, CreateAlarm) {
+  QuicArenaScopedPtr<TestDelegate> delegate =
+      QuicArenaScopedPtr<TestDelegate>(new TestDelegate());
+  QuicArenaScopedPtr<QuicAlarm> alarm(
+      alarm_factory_.CreateAlarm(std::move(delegate), GetArenaParam()));
+
+  QuicTime start = clock_.Now();
+  QuicTime::Delta delta = QuicTime::Delta::FromMicroseconds(1);
+  alarm->Set(start.Add(delta));
+
+  epoll_server_.AdvanceByAndWaitForEventsAndExecuteCallbacks(
+      delta.ToMicroseconds());
+  EXPECT_EQ(start.Add(delta), clock_.Now());
+}
+
+TEST_P(QuicEpollAlarmFactoryTest, CreateAlarmAndCancel) {
+  QuicArenaScopedPtr<TestDelegate> delegate =
+      QuicArenaScopedPtr<TestDelegate>(new TestDelegate());
+  TestDelegate* unowned_delegate = delegate.get();
+  QuicArenaScopedPtr<QuicAlarm> alarm(
+      alarm_factory_.CreateAlarm(std::move(delegate), GetArenaParam()));
+
+  QuicTime start = clock_.Now();
+  QuicTime::Delta delta = QuicTime::Delta::FromMicroseconds(1);
+  alarm->Set(start.Add(delta));
+  alarm->Cancel();
+
+  epoll_server_.AdvanceByExactlyAndCallCallbacks(delta.ToMicroseconds());
+  EXPECT_EQ(start.Add(delta), clock_.Now());
+  EXPECT_FALSE(unowned_delegate->fired());
+}
+
+TEST_P(QuicEpollAlarmFactoryTest, CreateAlarmAndReset) {
+  QuicArenaScopedPtr<TestDelegate> delegate =
+      QuicArenaScopedPtr<TestDelegate>(new TestDelegate());
+  TestDelegate* unowned_delegate = delegate.get();
+  QuicArenaScopedPtr<QuicAlarm> alarm(
+      alarm_factory_.CreateAlarm(std::move(delegate), GetArenaParam()));
+
+  QuicTime start = clock_.Now();
+  QuicTime::Delta delta = QuicTime::Delta::FromMicroseconds(1);
+  alarm->Set(clock_.Now().Add(delta));
+  alarm->Cancel();
+  QuicTime::Delta new_delta = QuicTime::Delta::FromMicroseconds(3);
+  alarm->Set(clock_.Now().Add(new_delta));
+
+  epoll_server_.AdvanceByExactlyAndCallCallbacks(delta.ToMicroseconds());
+  EXPECT_EQ(start.Add(delta), clock_.Now());
+  EXPECT_FALSE(unowned_delegate->fired());
+
+  epoll_server_.AdvanceByExactlyAndCallCallbacks(
+      new_delta.Subtract(delta).ToMicroseconds());
+  EXPECT_EQ(start.Add(new_delta), clock_.Now());
+  EXPECT_TRUE(unowned_delegate->fired());
+}
+
+TEST_P(QuicEpollAlarmFactoryTest, CreateAlarmAndUpdate) {
+  QuicArenaScopedPtr<TestDelegate> delegate =
+      QuicArenaScopedPtr<TestDelegate>(new TestDelegate());
+  TestDelegate* unowned_delegate = delegate.get();
+  QuicArenaScopedPtr<QuicAlarm> alarm(
+      alarm_factory_.CreateAlarm(std::move(delegate), GetArenaParam()));
+
+  QuicTime start = clock_.Now();
+  QuicTime::Delta delta = QuicTime::Delta::FromMicroseconds(1);
+  alarm->Set(clock_.Now().Add(delta));
+  QuicTime::Delta new_delta = QuicTime::Delta::FromMicroseconds(3);
+  alarm->Update(clock_.Now().Add(new_delta),
+                QuicTime::Delta::FromMicroseconds(1));
+
+  epoll_server_.AdvanceByExactlyAndCallCallbacks(delta.ToMicroseconds());
+  EXPECT_EQ(start.Add(delta), clock_.Now());
+  EXPECT_FALSE(unowned_delegate->fired());
+
+  // Move the alarm forward 1us and ensure it doesn't move forward.
+  alarm->Update(clock_.Now().Add(new_delta),
+                QuicTime::Delta::FromMicroseconds(2));
+
+  epoll_server_.AdvanceByExactlyAndCallCallbacks(
+      new_delta.Subtract(delta).ToMicroseconds());
+  EXPECT_EQ(start.Add(new_delta), clock_.Now());
+  EXPECT_TRUE(unowned_delegate->fired());
+
+  // Set the alarm via an update call.
+  new_delta = QuicTime::Delta::FromMicroseconds(5);
+  alarm->Update(clock_.Now().Add(new_delta),
+                QuicTime::Delta::FromMicroseconds(1));
+  EXPECT_TRUE(alarm->IsSet());
+
+  // Update it with an uninitialized time and ensure it's cancelled.
+  alarm->Update(QuicTime::Zero(), QuicTime::Delta::FromMicroseconds(1));
+  EXPECT_FALSE(alarm->IsSet());
+}
+
+}  // namespace
+}  // namespace test
+}  // namespace net
diff --git a/chromium/net/tools/quic/quic_epoll_connection_helper.cc b/chromium/net/tools/quic/quic_epoll_connection_helper.cc
index 2534ade5787..eec8fc5fd73 100644
--- a/chromium/net/tools/quic/quic_epoll_connection_helper.cc
+++ b/chromium/net/tools/quic/quic_epoll_connection_helper.cc
@@ -16,55 +16,9 @@
 
 namespace net {
 
-namespace {
-
-class QuicEpollAlarm : public QuicAlarm {
- public:
-  QuicEpollAlarm(EpollServer* epoll_server,
-                 QuicArenaScopedPtr<Delegate> delegate)
-      : QuicAlarm(std::move(delegate)),
-        epoll_server_(epoll_server),
-        epoll_alarm_impl_(this) {}
-
- protected:
-  void SetImpl() override {
-    DCHECK(deadline().IsInitialized());
-    epoll_server_->RegisterAlarm(
-        deadline().Subtract(QuicTime::Zero()).ToMicroseconds(),
-        &epoll_alarm_impl_);
-  }
-
-  void CancelImpl() override {
-    DCHECK(!deadline().IsInitialized());
-    epoll_alarm_impl_.UnregisterIfRegistered();
-  }
-
- private:
-  class EpollAlarmImpl : public EpollAlarm {
-   public:
-    explicit EpollAlarmImpl(QuicEpollAlarm* alarm) : alarm_(alarm) {}
-
-    int64_t OnAlarm() override {
-      EpollAlarm::OnAlarm();
-      alarm_->Fire();
-      // Fire will take care of registering the alarm, if needed.
-      return 0;
-    }
-
-   private:
-    QuicEpollAlarm* alarm_;
-  };
-
-  EpollServer* epoll_server_;
-  EpollAlarmImpl epoll_alarm_impl_;
-};
-
-}  // namespace
-
 QuicEpollConnectionHelper::QuicEpollConnectionHelper(EpollServer* epoll_server,
                                                      QuicAllocator type)
-    : epoll_server_(epoll_server),
-      clock_(epoll_server),
+    : clock_(epoll_server),
       random_generator_(QuicRandom::GetInstance()),
       allocator_type_(type) {}
 
@@ -78,23 +32,6 @@ QuicRandom* QuicEpollConnectionHelper::GetRandomGenerator() {
   return random_generator_;
 }
 
-QuicAlarm* QuicEpollConnectionHelper::CreateAlarm(
-    QuicAlarm::Delegate* delegate) {
-  return new QuicEpollAlarm(epoll_server_,
-                            QuicArenaScopedPtr<QuicAlarm::Delegate>(delegate));
-}
-
-QuicArenaScopedPtr<QuicAlarm> QuicEpollConnectionHelper::CreateAlarm(
-    QuicArenaScopedPtr<QuicAlarm::Delegate> delegate,
-    QuicConnectionArena* arena) {
-  if (arena != nullptr) {
-    return arena->New<QuicEpollAlarm>(epoll_server_, std::move(delegate));
-  } else {
-    return QuicArenaScopedPtr<QuicAlarm>(
-        new QuicEpollAlarm(epoll_server_, std::move(delegate)));
-  }
-}
-
 QuicBufferAllocator* QuicEpollConnectionHelper::GetBufferAllocator() {
   if (allocator_type_ == QuicAllocator::BUFFER_POOL) {
     return &buffer_allocator_;
diff --git a/chromium/net/tools/quic/quic_epoll_connection_helper.h b/chromium/net/tools/quic/quic_epoll_connection_helper.h
index fd18fb3432d..ccd7536b2bc 100644
--- a/chromium/net/tools/quic/quic_epoll_connection_helper.h
+++ b/chromium/net/tools/quic/quic_epoll_connection_helper.h
@@ -25,12 +25,6 @@ namespace net {
 class EpollServer;
 class QuicRandom;
 
-
-class AckAlarm;
-class RetransmissionAlarm;
-class SendAlarm;
-class TimeoutAlarm;
-
 using QuicStreamBufferAllocator = SimpleBufferAllocator;
 
 enum class QuicAllocator { SIMPLE, BUFFER_POOL };
@@ -43,20 +37,12 @@ class QuicEpollConnectionHelper : public QuicConnectionHelperInterface {
   // QuicEpollConnectionHelperInterface
   const QuicClock* GetClock() const override;
   QuicRandom* GetRandomGenerator() override;
-  QuicAlarm* CreateAlarm(QuicAlarm::Delegate* delegate) override;
-  QuicArenaScopedPtr<QuicAlarm> CreateAlarm(
-      QuicArenaScopedPtr<QuicAlarm::Delegate> delegate,
-      QuicConnectionArena* arena) override;
 
   QuicBufferAllocator* GetBufferAllocator() override;
 
-  EpollServer* epoll_server() { return epoll_server_; }
-
  private:
   friend class QuicConnectionPeer;
 
-  EpollServer* epoll_server_;  // Not owned.
-
   const QuicEpollClock clock_;
   QuicRandom* random_generator_;
   // Set up both allocators.  They take up minimal memory before use.
diff --git a/chromium/net/tools/quic/quic_epoll_connection_helper_test.cc b/chromium/net/tools/quic/quic_epoll_connection_helper_test.cc
index caa44a833a8..078eef7b397 100644
--- a/chromium/net/tools/quic/quic_epoll_connection_helper_test.cc
+++ b/chromium/net/tools/quic/quic_epoll_connection_helper_test.cc
@@ -14,18 +14,6 @@ namespace net {
 namespace test {
 namespace {
 
-class TestDelegate : public QuicAlarm::Delegate {
- public:
-  TestDelegate() : fired_(false) {}
-
-  void OnAlarm() override { fired_ = true; }
-
-  bool fired() const { return fired_; }
-
- private:
-  bool fired_;
-};
-
 class QuicEpollConnectionHelperTest : public ::testing::Test {
  protected:
   QuicEpollConnectionHelperTest()
@@ -50,121 +38,6 @@ TEST_F(QuicEpollConnectionHelperTest, GetRandomGenerator) {
   EXPECT_EQ(QuicRandom::GetInstance(), random);
 }
 
-// The boolean parameter denotes whether or not to use an arena.
-class QuicEpollConnectionHelperAlarmTest
-    : public QuicEpollConnectionHelperTest,
-      public ::testing::WithParamInterface<bool> {
- protected:
-  QuicConnectionArena* GetArenaParam() {
-    return GetParam() ? &arena_ : nullptr;
-  }
-
- private:
-  QuicConnectionArena arena_;
-};
-
-INSTANTIATE_TEST_CASE_P(QuicEpollConnectionHelperAlarmTest,
-                        QuicEpollConnectionHelperAlarmTest,
-                        ::testing::Bool());
-
-TEST_P(QuicEpollConnectionHelperAlarmTest, CreateAlarm) {
-  QuicArenaScopedPtr<TestDelegate> delegate =
-      QuicArenaScopedPtr<TestDelegate>(new TestDelegate());
-  QuicArenaScopedPtr<QuicAlarm> alarm(
-      helper_.CreateAlarm(std::move(delegate), GetArenaParam()));
-
-  const QuicClock* clock = helper_.GetClock();
-  QuicTime start = clock->Now();
-  QuicTime::Delta delta = QuicTime::Delta::FromMicroseconds(1);
-  alarm->Set(start.Add(delta));
-
-  epoll_server_.AdvanceByAndWaitForEventsAndExecuteCallbacks(
-      delta.ToMicroseconds());
-  EXPECT_EQ(start.Add(delta), clock->Now());
-}
-
-TEST_P(QuicEpollConnectionHelperAlarmTest, CreateAlarmAndCancel) {
-  QuicArenaScopedPtr<TestDelegate> delegate =
-      QuicArenaScopedPtr<TestDelegate>(new TestDelegate());
-  TestDelegate* unowned_delegate = delegate.get();
-  QuicArenaScopedPtr<QuicAlarm> alarm(
-      helper_.CreateAlarm(std::move(delegate), GetArenaParam()));
-
-  const QuicClock* clock = helper_.GetClock();
-  QuicTime start = clock->Now();
-  QuicTime::Delta delta = QuicTime::Delta::FromMicroseconds(1);
-  alarm->Set(start.Add(delta));
-  alarm->Cancel();
-
-  epoll_server_.AdvanceByExactlyAndCallCallbacks(delta.ToMicroseconds());
-  EXPECT_EQ(start.Add(delta), clock->Now());
-  EXPECT_FALSE(unowned_delegate->fired());
-}
-
-TEST_P(QuicEpollConnectionHelperAlarmTest, CreateAlarmAndReset) {
-  QuicArenaScopedPtr<TestDelegate> delegate =
-      QuicArenaScopedPtr<TestDelegate>(new TestDelegate());
-  TestDelegate* unowned_delegate = delegate.get();
-  QuicArenaScopedPtr<QuicAlarm> alarm(
-      helper_.CreateAlarm(std::move(delegate), GetArenaParam()));
-
-  const QuicClock* clock = helper_.GetClock();
-  QuicTime start = clock->Now();
-  QuicTime::Delta delta = QuicTime::Delta::FromMicroseconds(1);
-  alarm->Set(clock->Now().Add(delta));
-  alarm->Cancel();
-  QuicTime::Delta new_delta = QuicTime::Delta::FromMicroseconds(3);
-  alarm->Set(clock->Now().Add(new_delta));
-
-  epoll_server_.AdvanceByExactlyAndCallCallbacks(delta.ToMicroseconds());
-  EXPECT_EQ(start.Add(delta), clock->Now());
-  EXPECT_FALSE(unowned_delegate->fired());
-
-  epoll_server_.AdvanceByExactlyAndCallCallbacks(
-      new_delta.Subtract(delta).ToMicroseconds());
-  EXPECT_EQ(start.Add(new_delta), clock->Now());
-  EXPECT_TRUE(unowned_delegate->fired());
-}
-
-TEST_P(QuicEpollConnectionHelperAlarmTest, CreateAlarmAndUpdate) {
-  QuicArenaScopedPtr<TestDelegate> delegate =
-      QuicArenaScopedPtr<TestDelegate>(new TestDelegate());
-  TestDelegate* unowned_delegate = delegate.get();
-  QuicArenaScopedPtr<QuicAlarm> alarm(
-      helper_.CreateAlarm(std::move(delegate), GetArenaParam()));
-
-  const QuicClock* clock = helper_.GetClock();
-  QuicTime start = clock->Now();
-  QuicTime::Delta delta = QuicTime::Delta::FromMicroseconds(1);
-  alarm->Set(clock->Now().Add(delta));
-  QuicTime::Delta new_delta = QuicTime::Delta::FromMicroseconds(3);
-  alarm->Update(clock->Now().Add(new_delta),
-                QuicTime::Delta::FromMicroseconds(1));
-
-  epoll_server_.AdvanceByExactlyAndCallCallbacks(delta.ToMicroseconds());
-  EXPECT_EQ(start.Add(delta), clock->Now());
-  EXPECT_FALSE(unowned_delegate->fired());
-
-  // Move the alarm forward 1us and ensure it doesn't move forward.
-  alarm->Update(clock->Now().Add(new_delta),
-                QuicTime::Delta::FromMicroseconds(2));
-
-  epoll_server_.AdvanceByExactlyAndCallCallbacks(
-      new_delta.Subtract(delta).ToMicroseconds());
-  EXPECT_EQ(start.Add(new_delta), clock->Now());
-  EXPECT_TRUE(unowned_delegate->fired());
-
-  // Set the alarm via an update call.
-  new_delta = QuicTime::Delta::FromMicroseconds(5);
-  alarm->Update(clock->Now().Add(new_delta),
-                QuicTime::Delta::FromMicroseconds(1));
-  EXPECT_TRUE(alarm->IsSet());
-
-  // Update it with an uninitialized time and ensure it's cancelled.
-  alarm->Update(QuicTime::Zero(), QuicTime::Delta::FromMicroseconds(1));
-  EXPECT_FALSE(alarm->IsSet());
-}
-
 }  // namespace
 }  // namespace test
 }  // namespace net
diff --git a/chromium/net/tools/quic/quic_in_memory_cache.h b/chromium/net/tools/quic/quic_in_memory_cache.h
index 72b210a3489..21477c3f40d 100644
--- a/chromium/net/tools/quic/quic_in_memory_cache.h
+++ b/chromium/net/tools/quic/quic_in_memory_cache.h
@@ -7,11 +7,11 @@
 
 #include <list>
 #include <map>
+#include <memory>
 #include <string>
 #include <unordered_map>
 #include <vector>
 
-#include "base/containers/hash_tables.h"
 #include "base/files/file_path.h"
 #include "base/macros.h"
 #include "base/memory/singleton.h"
@@ -227,7 +227,7 @@ class QuicInMemoryCache {
   ResponseMap responses_;
 
   // The default response for cache misses, if set.
-  scoped_ptr<Response> default_response_;
+  std::unique_ptr<Response> default_response_;
 
   // A map from request URL to associated server push responses (if any).
   std::multimap<std::string, ServerPushInfo> server_push_resources_;
diff --git a/chromium/net/tools/quic/quic_packet_printer_bin.cc b/chromium/net/tools/quic/quic_packet_printer_bin.cc
new file mode 100644
index 00000000000..a19b679b735
--- /dev/null
+++ b/chromium/net/tools/quic/quic_packet_printer_bin.cc
@@ -0,0 +1,202 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// clang-format off
+
+// Dumps out the decryptable contents of a QUIC packet in a human-readable way.
+// If the packet is null encrypted, this will dump full packet contents.
+// Otherwise it will dump the public header, and fail with an error that the
+// packet is undecryptable.
+//
+// Usage: quic_packet_printer server|client <hex dump of packet>
+//
+// Example input:
+// quic_packet_printer server 0c6b810308320f24c004a939a38a2e3fd6ca589917f200400
+// 201b80b0100501c0700060003023d0000001c00556e656e637279707465642073747265616d2
+// 064617461207365656e
+//
+// Example output:
+// OnPacket
+// OnUnauthenticatedPublicHeader
+// OnUnauthenticatedHeader: { connection_id: 13845207862000976235,
+// connection_id_length:8, packet_number_length:1, multipath_flag: 0,
+// reset_flag: 0, version_flag: 0, fec_flag: 0, entropy_flag: 0,
+// entropy hash: 0, path_id: , packet_number: 4, is_in_fec_group:0,
+// fec_group: 0}
+// OnDecryptedPacket
+// OnPacketHeader
+// OnAckFrame:  entropy_hash: 2 largest_observed: 1 ack_delay_time: 3000
+// missing_packets: [  ] is_truncated: 0 received_packets: [ 1 at 466016  ]
+// OnStopWaitingFrame
+// OnConnectionCloseFrame: error_code { 61 } error_details { Unencrypted stream
+// data seen }
+
+// clang-format on
+
+#include <iostream>
+#include <string>
+
+#include "base/command_line.h"
+#include "base/strings/string_number_conversions.h"
+#include "base/strings/utf_string_conversions.h"
+#include "net/quic/quic_framer.h"
+#include "net/quic/quic_utils.h"
+
+using std::cerr;
+using std::string;
+
+// If set, specify the QUIC version to use.
+string FLAGS_quic_version = "";
+
+namespace {
+
+string ArgToString(base::CommandLine::StringType arg) {
+#if defined(OS_WIN)
+  return base::UTF16ToASCII(arg);
+#else
+  return arg;
+#endif
+}
+}
+
+namespace net {
+
+class QuicPacketPrinter : public QuicFramerVisitorInterface {
+ public:
+  explicit QuicPacketPrinter(QuicFramer* framer) : framer_(framer) {}
+
+  void OnError(QuicFramer* framer) override {
+    cerr << "OnError: " << QuicUtils::ErrorToString(framer->error())
+         << " detail: " << framer->detailed_error() << "\n";
+  }
+  bool OnProtocolVersionMismatch(QuicVersion received_version) override {
+    framer_->set_version(received_version);
+    cerr << "OnProtocolVersionMismatch: "
+         << QuicVersionToString(received_version) << "\n";
+    return true;
+  }
+  void OnPacket() override { cerr << "OnPacket\n"; }
+  void OnPublicResetPacket(const QuicPublicResetPacket& packet) override {
+    cerr << "OnPublicResetPacket\n";
+  }
+  void OnVersionNegotiationPacket(
+      const QuicVersionNegotiationPacket& packet) override {
+    cerr << "OnVersionNegotiationPacket\n";
+  }
+  bool OnUnauthenticatedPublicHeader(
+      const QuicPacketPublicHeader& header) override {
+    cerr << "OnUnauthenticatedPublicHeader\n";
+    return true;
+  }
+  bool OnUnauthenticatedHeader(const QuicPacketHeader& header) override {
+    cerr << "OnUnauthenticatedHeader: " << header;
+    return true;
+  }
+  void OnDecryptedPacket(EncryptionLevel level) override {
+    // This only currently supports "decrypting" null encrypted packets.
+    DCHECK_EQ(ENCRYPTION_NONE, level);
+    cerr << "OnDecryptedPacket\n";
+  }
+  bool OnPacketHeader(const QuicPacketHeader& header) override {
+    cerr << "OnPacketHeader\n";
+    return true;
+  }
+  bool OnStreamFrame(const QuicStreamFrame& frame) override {
+    cerr << "OnStreamFrame: " << frame;
+    cerr << "         data: { "
+         << QuicUtils::HexEncode(frame.data_buffer, frame.data_length)
+         << " }\n";
+    return true;
+  }
+  bool OnAckFrame(const QuicAckFrame& frame) override {
+    cerr << "OnAckFrame: " << frame;
+    return true;
+  }
+  bool OnStopWaitingFrame(const QuicStopWaitingFrame& frame) override {
+    cerr << "OnStopWaitingFrame: " << frame;
+    return true;
+  }
+  bool OnPaddingFrame(const QuicPaddingFrame& frame) override {
+    cerr << "OnPaddingFrame: " << frame;
+    return true;
+  }
+  bool OnPingFrame(const QuicPingFrame& frame) override {
+    cerr << "OnPingFrame\n";
+    return true;
+  }
+  bool OnRstStreamFrame(const QuicRstStreamFrame& frame) override {
+    cerr << "OnRstStreamFrame: " << frame;
+    return true;
+  }
+  bool OnConnectionCloseFrame(const QuicConnectionCloseFrame& frame) override {
+    cerr << "OnConnectionCloseFrame: " << frame;
+    return true;
+  }
+  bool OnGoAwayFrame(const QuicGoAwayFrame& frame) override {
+    cerr << "OnGoAwayFrame: " << frame;
+    return true;
+  }
+  bool OnWindowUpdateFrame(const QuicWindowUpdateFrame& frame) override {
+    cerr << "OnWindowUpdateFrame: " << frame;
+    return true;
+  }
+  bool OnBlockedFrame(const QuicBlockedFrame& frame) override {
+    cerr << "OnBlockedFrame: " << frame;
+    return true;
+  }
+  bool OnPathCloseFrame(const QuicPathCloseFrame& frame) override {
+    cerr << "OnPathCloseFrame:" << frame;
+    return true;
+  }
+  void OnPacketComplete() override { cerr << "OnPacketComplete\n"; }
+
+ private:
+  QuicFramer* framer_;  // Unowned.
+};
+
+}  // namespace net
+
+int main(int argc, char* argv[]) {
+  base::CommandLine::Init(argc, argv);
+  base::CommandLine* line = base::CommandLine::ForCurrentProcess();
+  const base::CommandLine::StringVector& args = line->GetArgs();
+
+  if (args.size() != 3) {
+    cerr << "Missing argument " << argc << ". (Usage: " << argv[0]
+         << " client|server <hex>\n";
+    return 1;
+  }
+
+  if (line->HasSwitch("quic_version")) {
+    FLAGS_quic_version = line->GetSwitchValueASCII("quic_version");
+  }
+
+  string perspective_string = ArgToString(args[0]);
+  net::Perspective perspective;
+  if (perspective_string == "client") {
+    perspective = net::Perspective::IS_CLIENT;
+  } else if (perspective_string == "server") {
+    perspective = net::Perspective::IS_SERVER;
+  } else {
+    cerr << "Invalid perspective. " << perspective_string
+         << " Usage: " << args[0] << " client|server <hex>\n";
+    return 1;
+  }
+  string hex = net::QuicUtils::HexDecode(ArgToString(args[1]));
+  net::QuicVersionVector versions = net::QuicSupportedVersions();
+  // Fake a time since we're not actually generating acks.
+  net::QuicTime start(net::QuicTime::Zero());
+  net::QuicFramer framer(versions, start, perspective);
+  if (!FLAGS_quic_version.empty()) {
+    for (net::QuicVersion version : versions) {
+      if (net::QuicVersionToString(version) == FLAGS_quic_version) {
+        framer.set_version(version);
+      }
+    }
+  }
+  net::QuicPacketPrinter visitor(&framer);
+  framer.set_visitor(&visitor);
+  net::QuicEncryptedPacket encrypted(hex.c_str(), hex.length());
+  return framer.ProcessPacket(encrypted);
+}
diff --git a/chromium/net/tools/quic/quic_packet_reader.cc b/chromium/net/tools/quic/quic_packet_reader.cc
index beba973842c..a0803ec7fa3 100644
--- a/chromium/net/tools/quic/quic_packet_reader.cc
+++ b/chromium/net/tools/quic/quic_packet_reader.cc
@@ -112,7 +112,7 @@ bool QuicPacketReader::ReadAndDispatchManyPackets(
     }
 
     IPEndPoint client_address = IPEndPoint(packets_[i].raw_address);
-    IPAddressNumber server_ip;
+    IPAddress server_ip;
     QuicTime packet_timestamp = QuicTime::Zero();
     QuicSocketUtils::GetAddressAndTimestampFromMsghdr(
         &mmsg_hdr_[i].msg_hdr, &server_ip, &packet_timestamp);
@@ -121,15 +121,13 @@ bool QuicPacketReader::ReadAndDispatchManyPackets(
       continue;
     }
 
-    if (FLAGS_quic_use_socket_timestamp) {
-      if (packet_timestamp == QuicTime::Zero()) {
-        // This isn't particularly desirable, but not all platforms support
-        // socket timestamping.
-        if (fallback_timestamp == QuicTime::Zero()) {
-          fallback_timestamp = clock.Now();
-        }
-        packet_timestamp = fallback_timestamp;
+    if (packet_timestamp == QuicTime::Zero()) {
+      // This isn't particularly desirable, but not all platforms support socket
+      // timestamping.
+      if (fallback_timestamp == QuicTime::Zero()) {
+        fallback_timestamp = clock.Now();
       }
+      packet_timestamp = fallback_timestamp;
     }
 
     QuicReceivedPacket packet(reinterpret_cast<char*>(packets_[i].iov.iov_base),
@@ -175,7 +173,7 @@ bool QuicPacketReader::ReadAndDispatchSinglePacket(
     QUIC_BUG << "Unable to get server address.";
     return false;
   }
-  if (FLAGS_quic_use_socket_timestamp && timestamp == QuicTime::Zero()) {
+  if (timestamp == QuicTime::Zero()) {
     // This isn't particularly desirable, but not all platforms support socket
     // timestamping.
     timestamp = clock.Now();
diff --git a/chromium/net/tools/quic/quic_packet_writer_wrapper.h b/chromium/net/tools/quic/quic_packet_writer_wrapper.h
index 92044c020d0..34642a6282d 100644
--- a/chromium/net/tools/quic/quic_packet_writer_wrapper.h
+++ b/chromium/net/tools/quic/quic_packet_writer_wrapper.h
@@ -7,8 +7,9 @@
 
 #include <stddef.h>
 
+#include <memory>
+
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/quic/quic_packet_writer.h"
 
 namespace net {
@@ -38,7 +39,7 @@ class QuicPacketWriterWrapper : public QuicPacketWriter {
   void set_writer(QuicPacketWriter* writer);
 
  private:
-  scoped_ptr<QuicPacketWriter> writer_;
+  std::unique_ptr<QuicPacketWriter> writer_;
 
   DISALLOW_COPY_AND_ASSIGN(QuicPacketWriterWrapper);
 };
diff --git a/chromium/net/tools/quic/quic_server.cc b/chromium/net/tools/quic/quic_server.cc
index c67e554f2c8..6076ad80c12 100644
--- a/chromium/net/tools/quic/quic_server.cc
+++ b/chromium/net/tools/quic/quic_server.cc
@@ -11,6 +11,8 @@
 #include <sys/epoll.h>
 #include <sys/socket.h>
 
+#include <memory>
+
 #include "net/base/ip_endpoint.h"
 #include "net/base/sockaddr_storage.h"
 #include "net/quic/crypto/crypto_handshake.h"
@@ -20,6 +22,7 @@
 #include "net/quic/quic_data_reader.h"
 #include "net/quic/quic_protocol.h"
 #include "net/tools/quic/quic_dispatcher.h"
+#include "net/tools/quic/quic_epoll_alarm_factory.h"
 #include "net/tools/quic/quic_epoll_clock.h"
 #include "net/tools/quic/quic_epoll_connection_helper.h"
 #include "net/tools/quic/quic_in_memory_cache.h"
@@ -93,7 +96,7 @@ void QuicServer::Initialize() {
 
   QuicEpollClock clock(&epoll_server_);
 
-  scoped_ptr<CryptoHandshakeMessage> scfg(crypto_config_.AddDefaultConfig(
+  std::unique_ptr<CryptoHandshakeMessage> scfg(crypto_config_.AddDefaultConfig(
       QuicRandom::GetInstance(), &clock, crypto_config_options_));
 }
 
@@ -142,9 +145,13 @@ QuicDefaultPacketWriter* QuicServer::CreateWriter(int fd) {
 }
 
 QuicDispatcher* QuicServer::CreateQuicDispatcher() {
-  return new QuicDispatcher(config_, &crypto_config_, supported_versions_,
-                            new QuicEpollConnectionHelper(
-                                &epoll_server_, QuicAllocator::BUFFER_POOL));
+  QuicEpollAlarmFactory alarm_factory(&epoll_server_);
+  return new QuicDispatcher(
+      config_, &crypto_config_, supported_versions_,
+      std::unique_ptr<QuicEpollConnectionHelper>(new QuicEpollConnectionHelper(
+          &epoll_server_, QuicAllocator::BUFFER_POOL)),
+      std::unique_ptr<QuicEpollAlarmFactory>(
+          new QuicEpollAlarmFactory(&epoll_server_)));
 }
 
 void QuicServer::WaitForEvents() {
diff --git a/chromium/net/tools/quic/quic_server.h b/chromium/net/tools/quic/quic_server.h
index 24523ded14f..76ff17a45b0 100644
--- a/chromium/net/tools/quic/quic_server.h
+++ b/chromium/net/tools/quic/quic_server.h
@@ -13,8 +13,9 @@
 
 #include <stddef.h>
 
+#include <memory>
+
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/ip_endpoint.h"
 #include "net/quic/crypto/quic_crypto_server_config.h"
 #include "net/quic/quic_chromium_connection_helper.h"
@@ -94,7 +95,7 @@ class QuicServer : public EpollCallbackInterface {
   void Initialize();
 
   // Accepts data from the framer and demuxes clients to sessions.
-  scoped_ptr<QuicDispatcher> dispatcher_;
+  std::unique_ptr<QuicDispatcher> dispatcher_;
   // Frames incoming packets and hands them to the dispatcher.
   EpollServer epoll_server_;
 
@@ -129,7 +130,7 @@ class QuicServer : public EpollCallbackInterface {
 
   // Point to a QuicPacketReader object on the heap. The reader allocates more
   // space than allowed on the stack.
-  scoped_ptr<QuicPacketReader> packet_reader_;
+  std::unique_ptr<QuicPacketReader> packet_reader_;
 
   DISALLOW_COPY_AND_ASSIGN(QuicServer);
 };
diff --git a/chromium/net/tools/quic/quic_server_session_base.cc b/chromium/net/tools/quic/quic_server_session_base.cc
index e2341906bdf..2f2c4d1a7b7 100644
--- a/chromium/net/tools/quic/quic_server_session_base.cc
+++ b/chromium/net/tools/quic/quic_server_session_base.cc
@@ -29,7 +29,8 @@ QuicServerSessionBase::QuicServerSessionBase(
       bandwidth_resumption_enabled_(false),
       bandwidth_estimate_sent_to_client_(QuicBandwidth::Zero()),
       last_scup_time_(QuicTime::Zero()),
-      last_scup_packet_number_(0) {}
+      last_scup_packet_number_(0),
+      server_push_enabled_(false) {}
 
 QuicServerSessionBase::~QuicServerSessionBase() {}
 
@@ -53,6 +54,8 @@ void QuicServerSessionBase::OnConfigNegotiated() {
       ContainsQuicTag(config()->ReceivedConnectionOptions(), kBWMX);
   bandwidth_resumption_enabled_ =
       last_bandwidth_resumption || max_bandwidth_resumption;
+  server_push_enabled_ =
+      ContainsQuicTag(config()->ReceivedConnectionOptions(), kSPSH);
 
   // If the client has provided a bandwidth estimate from the same serving
   // region as this server, then decide whether to use the data for bandwidth
@@ -61,9 +64,9 @@ void QuicServerSessionBase::OnConfigNegotiated() {
       crypto_stream_->PreviousCachedNetworkParams();
   if (cached_network_params != nullptr &&
       cached_network_params->serving_region() == serving_region_) {
-    if (FLAGS_quic_log_received_parameters) {
-      connection()->OnReceiveConnectionState(*cached_network_params);
-    }
+    // Log the received connection parameters, regardless of how they
+    // get used for bandwidth resumption.
+    connection()->OnReceiveConnectionState(*cached_network_params);
 
     if (bandwidth_resumption_enabled_) {
       // Only do bandwidth resumption if estimate is recent enough.
diff --git a/chromium/net/tools/quic/quic_server_session_base.h b/chromium/net/tools/quic/quic_server_session_base.h
index 1f19de4d116..0906587f633 100644
--- a/chromium/net/tools/quic/quic_server_session_base.h
+++ b/chromium/net/tools/quic/quic_server_session_base.h
@@ -9,13 +9,13 @@
 
 #include <stdint.h>
 
+#include <cstdint>
+#include <memory>
 #include <set>
 #include <string>
 #include <vector>
 
-#include "base/containers/hash_tables.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/quic/crypto/quic_compressed_certs_cache.h"
 #include "net/quic/quic_crypto_server_stream.h"
 #include "net/quic/quic_protocol.h"
@@ -47,11 +47,8 @@ class QuicServerSessionVisitor {
                                   const std::string& error_details) = 0;
   virtual void OnWriteBlocked(QuicBlockedWriterInterface* blocked_writer) = 0;
   // Called after the given connection is added to the time-wait list.
-  virtual void OnConnectionAddedToTimeWaitList(QuicConnectionId connection_id) {
-  }
-  // Called after the given connection is removed from the time-wait list.
-  virtual void OnConnectionRemovedFromTimeWaitList(
-      QuicConnectionId connection_id) {}
+  virtual void OnConnectionAddedToTimeWaitList(
+      QuicConnectionId connection_id) = 0;
 };
 
 class QuicServerSessionBase : public QuicSpdySession {
@@ -89,6 +86,8 @@ class QuicServerSessionBase : public QuicSpdySession {
     serving_region_ = serving_region;
   }
 
+  bool server_push_enabled() const { return server_push_enabled_; }
+
  protected:
   // QuicSession methods(override them with return type of QuicSpdyStream*):
   QuicCryptoServerStreamBase* GetCryptoStream() override;
@@ -110,6 +109,8 @@ class QuicServerSessionBase : public QuicSpdySession {
 
   const QuicCryptoServerConfig* crypto_config() { return crypto_config_; }
 
+  void set_server_push_enabled(bool enable) { server_push_enabled_ = enable; }
+
  private:
   friend class test::QuicServerSessionBasePeer;
   friend class test::QuicSimpleServerSessionPeer;
@@ -120,7 +121,7 @@ class QuicServerSessionBase : public QuicSpdySession {
   // Owned by QuicDispatcher.
   QuicCompressedCertsCache* compressed_certs_cache_;
 
-  scoped_ptr<QuicCryptoServerStreamBase> crypto_stream_;
+  std::unique_ptr<QuicCryptoServerStreamBase> crypto_stream_;
   QuicServerSessionVisitor* visitor_;
 
   // Whether bandwidth resumption is enabled for this connection.
@@ -145,6 +146,10 @@ class QuicServerSessionBase : public QuicSpdySession {
   int32_t BandwidthToCachedParameterBytesPerSecond(
       const QuicBandwidth& bandwidth);
 
+  // Set during handshake. If true, resources in x-associated-content and link
+  // headers will be pushed. see: go/gfe_server_push.
+  bool server_push_enabled_;
+
   DISALLOW_COPY_AND_ASSIGN(QuicServerSessionBase);
 };
 
diff --git a/chromium/net/tools/quic/quic_server_session_base_test.cc b/chromium/net/tools/quic/quic_server_session_base_test.cc
index 282804e81dd..ff9e7ceaa4d 100644
--- a/chromium/net/tools/quic/quic_server_session_base_test.cc
+++ b/chromium/net/tools/quic/quic_server_session_base_test.cc
@@ -4,6 +4,9 @@
 
 #include "net/tools/quic/quic_server_session_base.h"
 
+#include <cstdint>
+#include <memory>
+
 #include "base/macros.h"
 #include "net/quic/crypto/quic_crypto_server_config.h"
 #include "net/quic/crypto/quic_random.h"
@@ -27,8 +30,8 @@
 #include "testing/gtest/include/gtest/gtest.h"
 
 using net::test::CryptoTestUtils;
-using net::test::MockConnection;
-using net::test::MockConnectionHelper;
+using net::test::MockQuicConnection;
+using net::test::MockQuicConnectionHelper;
 using net::test::QuicConfigPeer;
 using net::test::QuicConnectionPeer;
 using net::test::QuicSpdyStreamPeer;
@@ -131,8 +134,9 @@ class QuicServerSessionBaseTest : public ::testing::TestWithParam<QuicVersion> {
     config_.SetInitialSessionFlowControlWindowToSend(
         kInitialSessionFlowControlWindowForTest);
 
-    connection_ = new StrictMock<MockConnection>(
-        &helper_, Perspective::IS_SERVER, SupportedVersions(GetParam()));
+    connection_ = new StrictMock<MockQuicConnection>(
+        &helper_, &alarm_factory_, Perspective::IS_SERVER,
+        SupportedVersions(GetParam()));
     session_.reset(new TestServerSession(config_, connection_, &owner_,
                                          &crypto_config_,
                                          &compressed_certs_cache_));
@@ -145,13 +149,14 @@ class QuicServerSessionBaseTest : public ::testing::TestWithParam<QuicVersion> {
   }
 
   StrictMock<MockQuicServerSessionVisitor> owner_;
-  MockConnectionHelper helper_;
-  StrictMock<MockConnection>* connection_;
+  MockQuicConnectionHelper helper_;
+  MockAlarmFactory alarm_factory_;
+  StrictMock<MockQuicConnection>* connection_;
   QuicConfig config_;
   QuicCryptoServerConfig crypto_config_;
   QuicCompressedCertsCache compressed_certs_cache_;
-  scoped_ptr<TestServerSession> session_;
-  scoped_ptr<CryptoHandshakeMessage> handshake_message_;
+  std::unique_ptr<TestServerSession> session_;
+  std::unique_ptr<CryptoHandshakeMessage> handshake_message_;
   QuicConnectionVisitorInterface* visitor_;
 };
 
@@ -175,6 +180,16 @@ INSTANTIATE_TEST_CASE_P(Tests,
                         QuicServerSessionBaseTest,
                         ::testing::ValuesIn(QuicSupportedVersions()));
 
+TEST_P(QuicServerSessionBaseTest, ServerPushDisabledByDefault) {
+  // Without the client explicitly sending kSPSH, server push will be disabled
+  // at the server.
+  EXPECT_FALSE(
+      session_->config()->HasReceivedConnectionOptions() &&
+      ContainsQuicTag(session_->config()->ReceivedConnectionOptions(), kSPSH));
+  session_->OnConfigNegotiated();
+  EXPECT_FALSE(session_->server_push_enabled());
+}
+
 TEST_P(QuicServerSessionBaseTest, CloseStreamDueToReset) {
   // Open a stream, then reset it.
   // Send two bytes of payload to open it.
@@ -324,6 +339,15 @@ TEST_P(QuicServerSessionBaseTest, MaxAvailableStreams) {
       session_.get(), kLimitingStreamId + 4));
 }
 
+TEST_P(QuicServerSessionBaseTest, EnableServerPushThroughConnectionOption) {
+  // Assume server received server push connection option.
+  QuicTagVector copt;
+  copt.push_back(kSPSH);
+  QuicConfigPeer::SetReceivedConnectionOptions(session_->config(), copt);
+  session_->OnConfigNegotiated();
+  EXPECT_TRUE(session_->server_push_enabled());
+}
+
 TEST_P(QuicServerSessionBaseTest, GetEvenIncomingError) {
   // Incoming streams on the server session must be odd.
   EXPECT_CALL(*connection_, CloseConnection(QUIC_INVALID_STREAM_ID, _, _));
@@ -393,7 +417,7 @@ TEST_P(QuicServerSessionBaseTest, BandwidthEstimates) {
       QuicSentPacketManagerPeer::GetBandwidthRecorder(sent_packet_manager);
   // Seed an rtt measurement equal to the initial default rtt.
   RttStats* rtt_stats =
-      QuicSentPacketManagerPeer::GetRttStats(sent_packet_manager);
+      const_cast<RttStats*>(sent_packet_manager->GetRttStats());
   rtt_stats->UpdateRtt(
       QuicTime::Delta::FromMicroseconds(rtt_stats->initial_rtt_us()),
       QuicTime::Delta::Zero(), QuicTime::Zero());
diff --git a/chromium/net/tools/quic/quic_server_test.cc b/chromium/net/tools/quic/quic_server_test.cc
index 6cd0d49d024..e478cc7da69 100644
--- a/chromium/net/tools/quic/quic_server_test.cc
+++ b/chromium/net/tools/quic/quic_server_test.cc
@@ -8,6 +8,7 @@
 #include "net/quic/quic_utils.h"
 #include "net/quic/test_tools/crypto_test_utils.h"
 #include "net/quic/test_tools/mock_quic_dispatcher.h"
+#include "net/tools/quic/quic_epoll_alarm_factory.h"
 #include "net/tools/quic/quic_epoll_connection_helper.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
@@ -29,7 +30,11 @@ class QuicServerDispatchPacketTest : public ::testing::Test {
         dispatcher_(
             config_,
             &crypto_config_,
-            new QuicEpollConnectionHelper(&eps_, QuicAllocator::BUFFER_POOL)) {
+            std::unique_ptr<QuicEpollConnectionHelper>(
+                new QuicEpollConnectionHelper(&eps_,
+                                              QuicAllocator::BUFFER_POOL)),
+            std::unique_ptr<QuicEpollAlarmFactory>(
+                new QuicEpollAlarmFactory(&eps_))) {
     dispatcher_.InitializeWithWriter(new QuicDefaultPacketWriter(1234));
   }
 
diff --git a/chromium/net/tools/quic/quic_simple_client.cc b/chromium/net/tools/quic/quic_simple_client.cc
index a3d0850f990..3ca97702c1c 100644
--- a/chromium/net/tools/quic/quic_simple_client.cc
+++ b/chromium/net/tools/quic/quic_simple_client.cc
@@ -6,11 +6,12 @@
 
 #include "base/logging.h"
 #include "base/run_loop.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/net_errors.h"
 #include "net/http/http_request_info.h"
 #include "net/http/http_response_info.h"
 #include "net/quic/crypto/quic_random.h"
+#include "net/quic/quic_chromium_alarm_factory.h"
 #include "net/quic/quic_chromium_connection_helper.h"
 #include "net/quic/quic_chromium_packet_reader.h"
 #include "net/quic/quic_chromium_packet_writer.h"
@@ -42,6 +43,7 @@ QuicSimpleClient::QuicSimpleClient(IPEndPoint server_address,
                      supported_versions,
                      QuicConfig(),
                      CreateQuicConnectionHelper(),
+                     CreateQuicAlarmFactory(),
                      proof_verifier),
       server_address_(server_address),
       local_port_(0),
@@ -58,6 +60,7 @@ QuicSimpleClient::QuicSimpleClient(IPEndPoint server_address,
                      supported_versions,
                      config,
                      CreateQuicConnectionHelper(),
+                     CreateQuicAlarmFactory(),
                      proof_verifier),
       server_address_(server_address),
       local_port_(0),
@@ -68,7 +71,7 @@ QuicSimpleClient::QuicSimpleClient(IPEndPoint server_address,
 QuicSimpleClient::~QuicSimpleClient() {
   if (connected()) {
     session()->connection()->CloseConnection(
-        QUIC_PEER_GOING_AWAY, "",
+        QUIC_PEER_GOING_AWAY, "Shutting down",
         ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
   }
   STLDeleteElements(&data_to_resend_on_connect_);
@@ -89,7 +92,7 @@ bool QuicSimpleClient::Initialize() {
 }
 
 QuicSimpleClient::QuicDataToResend::QuicDataToResend(HttpRequestInfo* headers,
-                                                     StringPiece body,
+                                                     base::StringPiece body,
                                                      bool fin)
     : headers_(headers), body_(body), fin_(fin) {}
 
@@ -100,7 +103,7 @@ QuicSimpleClient::QuicDataToResend::~QuicDataToResend() {
 }
 
 bool QuicSimpleClient::CreateUDPSocket() {
-  scoped_ptr<UDPClientSocket> socket(
+  std::unique_ptr<UDPClientSocket> socket(
       new UDPClientSocket(DatagramSocket::DEFAULT_BIND, RandIntCallback(),
                           &net_log_, NetLog::Source()));
 
@@ -214,7 +217,8 @@ void QuicSimpleClient::StartConnect() {
   }
 
   CreateQuicClientSession(new QuicConnection(
-      GetNextConnectionId(), server_address_, helper(), writer(),
+      GetNextConnectionId(), server_address_, helper(), alarm_factory(),
+      writer(),
       /* owns_writer= */ false, Perspective::IS_CLIENT, supported_versions()));
 
   session()->Initialize();
@@ -235,12 +239,13 @@ void QuicSimpleClient::Disconnect() {
 
   reset_writer();
   packet_reader_.reset();
+  packet_reader_started_ = false;
 
   initialized_ = false;
 }
 
 void QuicSimpleClient::SendRequest(const HttpRequestInfo& headers,
-                                   StringPiece body,
+                                   base::StringPiece body,
                                    bool fin) {
   QuicSpdyClientStream* stream = CreateReliableClientStream();
   if (stream == nullptr) {
@@ -280,7 +285,7 @@ void QuicSimpleClient::MaybeAddQuicDataToResend(
 
 void QuicSimpleClient::SendRequestAndWaitForResponse(
     const HttpRequestInfo& request,
-    StringPiece body,
+    base::StringPiece body,
     bool fin) {
   SendRequest(request, body, fin);
   while (WaitForEvents()) {
@@ -376,9 +381,12 @@ QuicConnectionId QuicSimpleClient::GenerateNewConnectionId() {
 }
 
 QuicChromiumConnectionHelper* QuicSimpleClient::CreateQuicConnectionHelper() {
-  return new QuicChromiumConnectionHelper(
-      base::ThreadTaskRunnerHandle::Get().get(), &clock_,
-      QuicRandom::GetInstance());
+  return new QuicChromiumConnectionHelper(&clock_, QuicRandom::GetInstance());
+}
+
+QuicChromiumAlarmFactory* QuicSimpleClient::CreateQuicAlarmFactory() {
+  return new QuicChromiumAlarmFactory(base::ThreadTaskRunnerHandle::Get().get(),
+                                      &clock_);
 }
 
 QuicPacketWriter* QuicSimpleClient::CreateQuicPacketWriter() {
diff --git a/chromium/net/tools/quic/quic_simple_client.h b/chromium/net/tools/quic/quic_simple_client.h
index bcd0bdabe0f..b94399c87a9 100644
--- a/chromium/net/tools/quic/quic_simple_client.h
+++ b/chromium/net/tools/quic/quic_simple_client.h
@@ -10,11 +10,11 @@
 
 #include <stddef.h>
 
+#include <memory>
 #include <string>
 
 #include "base/command_line.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_piece.h"
 #include "net/base/ip_address.h"
 #include "net/base/ip_endpoint.h"
@@ -28,6 +28,7 @@
 namespace net {
 
 struct HttpRequestInfo;
+class QuicChromiumAlarmFactory;
 class QuicChromiumConnectionHelper;
 class UDPClientSocket;
 
@@ -166,6 +167,7 @@ class QuicSimpleClient : public QuicClientBase,
   const std::string& latest_response_body() const;
 
  protected:
+  virtual QuicChromiumAlarmFactory* CreateQuicAlarmFactory();
   virtual QuicChromiumConnectionHelper* CreateQuicConnectionHelper();
   virtual QuicPacketWriter* CreateQuicPacketWriter();
 
@@ -220,10 +222,10 @@ class QuicSimpleClient : public QuicClientBase,
   int local_port_;
 
   // UDP socket connected to the server.
-  scoped_ptr<UDPClientSocket> socket_;
+  std::unique_ptr<UDPClientSocket> socket_;
 
   // Listens for full responses.
-  scoped_ptr<ResponseListener> response_listener_;
+  std::unique_ptr<ResponseListener> response_listener_;
 
   // Tracks if the client is initialized to connect.
   bool initialized_;
@@ -255,7 +257,7 @@ class QuicSimpleClient : public QuicClientBase,
   // The log used for the sockets.
   NetLog net_log_;
 
-  scoped_ptr<QuicChromiumPacketReader> packet_reader_;
+  std::unique_ptr<QuicChromiumPacketReader> packet_reader_;
 
   bool packet_reader_started_;
 
diff --git a/chromium/net/tools/quic/quic_simple_client_bin.cc b/chromium/net/tools/quic/quic_simple_client_bin.cc
index d7f5ef5757c..2c630b9083c 100644
--- a/chromium/net/tools/quic/quic_simple_client_bin.cc
+++ b/chromium/net/tools/quic/quic_simple_client_bin.cc
@@ -114,7 +114,7 @@ class FakeCertVerifier : public net::CertVerifier {
              net::CRLSet* crl_set,
              net::CertVerifyResult* verify_result,
              const net::CompletionCallback& callback,
-             scoped_ptr<net::CertVerifier::Request>* out_req,
+             std::unique_ptr<net::CertVerifier::Request>* out_req,
              const net::BoundNetLog& net_log) override {
     return net::OK;
   }
@@ -123,34 +123,6 @@ class FakeCertVerifier : public net::CertVerifier {
   bool SupportsOCSPStapling() override { return false; }
 };
 
-static bool DecodeHexString(const base::StringPiece& hex, std::string* bytes) {
-  bytes->clear();
-  if (hex.empty())
-    return true;
-  std::vector<uint8_t> v;
-  if (!base::HexStringToBytes(hex.as_string(), &v))
-    return false;
-  if (!v.empty())
-    bytes->assign(reinterpret_cast<const char*>(&v[0]), v.size());
-  return true;
-};
-
-// Converts binary data into an ASCII string. Each character in the resulting
-// string is preceeded by a space, and replaced with a '.' if not printable.
-string BinaryToAscii(const string& binary) {
-  string out = "";
-  for (const unsigned char c : binary) {
-    // Leading space.
-    out += " ";
-    if (isprint(c)) {
-      out += c;
-    } else {
-      out += '.';
-    }
-  }
-  return out;
-}
-
 int main(int argc, char* argv[]) {
   base::CommandLine::Init(argc, argv);
   base::CommandLine* line = base::CommandLine::ForCurrentProcess();
@@ -276,13 +248,13 @@ int main(int argc, char* argv[]) {
     versions.push_back(static_cast<net::QuicVersion>(FLAGS_quic_version));
   }
   // For secure QUIC we need to verify the cert chain.
-  scoped_ptr<CertVerifier> cert_verifier(CertVerifier::CreateDefault());
+  std::unique_ptr<CertVerifier> cert_verifier(CertVerifier::CreateDefault());
   if (line->HasSwitch("disable-certificate-verification")) {
     cert_verifier.reset(new FakeCertVerifier());
   }
-  scoped_ptr<TransportSecurityState> transport_security_state(
+  std::unique_ptr<TransportSecurityState> transport_security_state(
       new TransportSecurityState);
-  scoped_ptr<CTVerifier> ct_verifier(new MultiLogCTVerifier());
+  std::unique_ptr<CTVerifier> ct_verifier(new MultiLogCTVerifier());
   ProofVerifierChromium* proof_verifier = new ProofVerifierChromium(
       cert_verifier.get(), nullptr, transport_security_state.get(),
       ct_verifier.get());
@@ -312,7 +284,7 @@ int main(int argc, char* argv[]) {
   string body = FLAGS_body;
   if (!FLAGS_body_hex.empty()) {
     DCHECK(FLAGS_body.empty()) << "Only set one of --body and --body_hex.";
-    DecodeHexString(FLAGS_body_hex, &body);
+    body = net::QuicUtils::HexDecode(FLAGS_body_hex);
   }
 
   // Construct a GET or POST request for supplied URL.
@@ -356,9 +328,9 @@ int main(int argc, char* argv[]) {
     if (!FLAGS_body_hex.empty()) {
       // Print the user provided hex, rather than binary body.
       cout << "body hex:   " << FLAGS_body_hex << endl;
-      string bytes;
-      DecodeHexString(FLAGS_body_hex, &bytes);
-      cout << "body ascii: " << BinaryToAscii(bytes) << endl;
+      cout << "body ascii: " << net::QuicUtils::BinaryToAscii(
+                                    net::QuicUtils::HexDecode(FLAGS_body_hex))
+           << endl;
     } else {
       cout << "body: " << body << endl;
     }
@@ -368,10 +340,10 @@ int main(int argc, char* argv[]) {
     string response_body = client.latest_response_body();
     if (!FLAGS_body_hex.empty()) {
       // Assume response is binary data.
-      string bytes;
-      DecodeHexString(response_body, &bytes);
-      cout << "body hex:   " << bytes << endl;
-      cout << "body ascii: " << BinaryToAscii(response_body) << endl;
+      cout << "body hex:   " << net::QuicUtils::HexEncode(response_body)
+           << endl;
+      cout << "body ascii: " << net::QuicUtils::BinaryToAscii(response_body)
+           << endl;
     } else {
       cout << "body: " << response_body << endl;
     }
diff --git a/chromium/net/tools/quic/quic_simple_server.cc b/chromium/net/tools/quic/quic_simple_server.cc
index 77139862507..22466cf8ebf 100644
--- a/chromium/net/tools/quic/quic_simple_server.cc
+++ b/chromium/net/tools/quic/quic_simple_server.cc
@@ -8,7 +8,7 @@
 
 #include "base/location.h"
 #include "base/single_thread_task_runner.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/ip_endpoint.h"
 #include "net/base/net_errors.h"
 #include "net/quic/crypto/crypto_handshake.h"
@@ -36,8 +36,13 @@ class SimpleQuicDispatcher : public QuicDispatcher {
   SimpleQuicDispatcher(const QuicConfig& config,
                        const QuicCryptoServerConfig* crypto_config,
                        const QuicVersionVector& supported_versions,
-                       QuicConnectionHelperInterface* helper)
-      : QuicDispatcher(config, crypto_config, supported_versions, helper) {}
+                       QuicConnectionHelperInterface* helper,
+                       QuicAlarmFactory* alarm_factory)
+      : QuicDispatcher(config,
+                       crypto_config,
+                       supported_versions,
+                       std::unique_ptr<QuicConnectionHelperInterface>(helper),
+                       std::unique_ptr<QuicAlarmFactory>(alarm_factory)) {}
 
  protected:
   QuicServerSessionBase* CreateQuicSession(
@@ -63,10 +68,10 @@ QuicSimpleServer::QuicSimpleServer(ProofSource* proof_source,
                                    const QuicConfig& config,
                                    const QuicVersionVector& supported_versions)
     : helper_(
-          new QuicChromiumConnectionHelper(base::ThreadTaskRunnerHandle::Get()
-                                               .get(),
-                                           &clock_,
-                                           QuicRandom::GetInstance())),
+          new QuicChromiumConnectionHelper(&clock_, QuicRandom::GetInstance())),
+      alarm_factory_(new QuicChromiumAlarmFactory(
+          base::ThreadTaskRunnerHandle::Get().get(),
+          &clock_)),
       config_(config),
       crypto_config_(kSourceAddressTokenSecret,
                      QuicRandom::GetInstance(),
@@ -99,7 +104,7 @@ void QuicSimpleServer::Initialize() {
         kInitialSessionFlowControlWindow);
   }
 
-  scoped_ptr<CryptoHandshakeMessage> scfg(crypto_config_.AddDefaultConfig(
+  std::unique_ptr<CryptoHandshakeMessage> scfg(crypto_config_.AddDefaultConfig(
       helper_->GetRandomGenerator(), helper_->GetClock(),
       QuicCryptoServerConfig::ConfigOptions()));
 }
@@ -107,7 +112,7 @@ void QuicSimpleServer::Initialize() {
 QuicSimpleServer::~QuicSimpleServer() {}
 
 int QuicSimpleServer::Listen(const IPEndPoint& address) {
-  scoped_ptr<UDPServerSocket> socket(
+  std::unique_ptr<UDPServerSocket> socket(
       new UDPServerSocket(&net_log_, NetLog::Source()));
 
   socket->AllowAddressReuse();
@@ -144,8 +149,8 @@ int QuicSimpleServer::Listen(const IPEndPoint& address) {
 
   socket_.swap(socket);
 
-  dispatcher_.reset(new SimpleQuicDispatcher(config_, &crypto_config_,
-                                             supported_versions_, helper_));
+  dispatcher_.reset(new SimpleQuicDispatcher(
+      config_, &crypto_config_, supported_versions_, helper_, alarm_factory_));
   QuicSimpleServerPacketWriter* writer =
       new QuicSimpleServerPacketWriter(socket_.get(), dispatcher_.get());
   dispatcher_->InitializeWithWriter(writer);
diff --git a/chromium/net/tools/quic/quic_simple_server.h b/chromium/net/tools/quic/quic_simple_server.h
index 21c39bf7521..7fe28a424a9 100644
--- a/chromium/net/tools/quic/quic_simple_server.h
+++ b/chromium/net/tools/quic/quic_simple_server.h
@@ -8,12 +8,14 @@
 #ifndef NET_QUIC_TOOLS_QUIC_SIMPLE_SERVER_H_
 #define NET_QUIC_TOOLS_QUIC_SIMPLE_SERVER_H_
 
+#include <memory>
+
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/io_buffer.h"
 #include "net/base/ip_endpoint.h"
 #include "net/log/net_log.h"
 #include "net/quic/crypto/quic_crypto_server_config.h"
+#include "net/quic/quic_chromium_alarm_factory.h"
 #include "net/quic/quic_chromium_connection_helper.h"
 #include "net/quic/quic_clock.h"
 #include "net/quic/quic_config.h"
@@ -64,7 +66,7 @@ class QuicSimpleServer {
   void Initialize();
 
   // Accepts data from the framer and demuxes clients to sessions.
-  scoped_ptr<QuicDispatcher> dispatcher_;
+  std::unique_ptr<QuicDispatcher> dispatcher_;
 
   // Used by the helper_ to time alarms.
   QuicClock clock_;
@@ -72,8 +74,11 @@ class QuicSimpleServer {
   // Used to manage the message loop. Owned by dispatcher_.
   QuicChromiumConnectionHelper* helper_;
 
+  // Used to manage the message loop. Owned by dispatcher_.
+  QuicChromiumAlarmFactory* alarm_factory_;
+
   // Listening socket. Also used for outbound client communication.
-  scoped_ptr<UDPServerSocket> socket_;
+  std::unique_ptr<UDPServerSocket> socket_;
 
   // config_ contains non-crypto parameters that are negotiated in the crypto
   // handshake.
diff --git a/chromium/net/tools/quic/quic_simple_server_session.cc b/chromium/net/tools/quic/quic_simple_server_session.cc
index 8a31699e163..946ac8a5b90 100644
--- a/chromium/net/tools/quic/quic_simple_server_session.cc
+++ b/chromium/net/tools/quic/quic_simple_server_session.cc
@@ -65,6 +65,10 @@ void QuicSimpleServerSession::PromisePushResources(
     const std::list<QuicInMemoryCache::ServerPushInfo>& resources,
     QuicStreamId original_stream_id,
     const SpdyHeaderBlock& original_request_headers) {
+  if (!server_push_enabled()) {
+    return;
+  }
+
   for (QuicInMemoryCache::ServerPushInfo resource : resources) {
     SpdyHeaderBlock headers = SynthesizePushRequestHeaders(
         request_url, resource, original_request_headers);
diff --git a/chromium/net/tools/quic/quic_simple_server_session.h b/chromium/net/tools/quic/quic_simple_server_session.h
index 2754f366168..d0df3bfd588 100644
--- a/chromium/net/tools/quic/quic_simple_server_session.h
+++ b/chromium/net/tools/quic/quic_simple_server_session.h
@@ -11,13 +11,12 @@
 
 #include <deque>
 #include <list>
+#include <memory>
 #include <set>
 #include <string>
 #include <vector>
 
-#include "base/containers/hash_tables.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/quic/quic_crypto_server_stream.h"
 #include "net/quic/quic_protocol.h"
 #include "net/quic/quic_spdy_session.h"
diff --git a/chromium/net/tools/quic/quic_simple_server_session_test.cc b/chromium/net/tools/quic/quic_simple_server_session_test.cc
index ccc9573c95f..5275a12570c 100644
--- a/chromium/net/tools/quic/quic_simple_server_session_test.cc
+++ b/chromium/net/tools/quic/quic_simple_server_session_test.cc
@@ -5,6 +5,7 @@
 #include "net/tools/quic/quic_simple_server_session.h"
 
 #include <algorithm>
+#include <memory>
 
 #include "base/macros.h"
 #include "base/strings/string_number_conversions.h"
@@ -32,8 +33,8 @@
 
 using net::test::CryptoTestUtils;
 using net::test::GenerateBody;
-using net::test::MockConnection;
-using net::test::MockConnectionHelper;
+using net::test::MockQuicConnection;
+using net::test::MockQuicConnectionHelper;
 using net::test::QuicConfigPeer;
 using net::test::QuicConnectionPeer;
 using net::test::QuicSpdyStreamPeer;
@@ -102,12 +103,17 @@ class MockQuicCryptoServerStream : public QuicCryptoServerStream {
   DISALLOW_COPY_AND_ASSIGN(MockQuicCryptoServerStream);
 };
 
-class MockConnectionWithSendStreamData : public MockConnection {
+class MockQuicConnectionWithSendStreamData : public MockQuicConnection {
  public:
-  MockConnectionWithSendStreamData(MockConnectionHelper* helper,
-                                   Perspective perspective,
-                                   const QuicVersionVector& supported_versions)
-      : MockConnection(helper, perspective, supported_versions) {}
+  MockQuicConnectionWithSendStreamData(
+      MockQuicConnectionHelper* helper,
+      MockAlarmFactory* alarm_factory,
+      Perspective perspective,
+      const QuicVersionVector& supported_versions)
+      : MockQuicConnection(helper,
+                           alarm_factory,
+                           perspective,
+                           supported_versions) {}
 
   MOCK_METHOD5(SendStreamData,
                QuicConsumedData(QuicStreamId id,
@@ -166,8 +172,9 @@ class QuicSimpleServerSessionTest
     config_.SetInitialSessionFlowControlWindowToSend(
         kInitialSessionFlowControlWindowForTest);
 
-    connection_ = new StrictMock<MockConnectionWithSendStreamData>(
-        &helper_, Perspective::IS_SERVER, SupportedVersions(GetParam()));
+    connection_ = new StrictMock<MockQuicConnectionWithSendStreamData>(
+        &helper_, &alarm_factory_, Perspective::IS_SERVER,
+        SupportedVersions(GetParam()));
     session_.reset(new QuicSimpleServerSession(config_, connection_, &owner_,
                                                &crypto_config_,
                                                &compressed_certs_cache_));
@@ -184,13 +191,14 @@ class QuicSimpleServerSessionTest
   }
 
   StrictMock<MockQuicServerSessionVisitor> owner_;
-  MockConnectionHelper helper_;
-  StrictMock<MockConnectionWithSendStreamData>* connection_;
+  MockQuicConnectionHelper helper_;
+  MockAlarmFactory alarm_factory_;
+  StrictMock<MockQuicConnectionWithSendStreamData>* connection_;
   QuicConfig config_;
   QuicCryptoServerConfig crypto_config_;
   QuicCompressedCertsCache compressed_certs_cache_;
-  scoped_ptr<QuicSimpleServerSession> session_;
-  scoped_ptr<CryptoHandshakeMessage> handshake_message_;
+  std::unique_ptr<QuicSimpleServerSession> session_;
+  std::unique_ptr<CryptoHandshakeMessage> handshake_message_;
   QuicConnectionVisitorInterface* visitor_;
   MockQuicHeadersStream* headers_stream_;
 };
@@ -396,14 +404,19 @@ class QuicSimpleServerSessionServerPushTest
     // control blocks it.
     QuicConfigPeer::SetReceivedInitialSessionFlowControlWindow(
         &config_, kInitialSessionFlowControlWindowForTest);
-
-    connection_ = new StrictMock<MockConnectionWithSendStreamData>(
-        &helper_, Perspective::IS_SERVER, SupportedVersions(GetParam()));
+    // Enable server push.
+    QuicTagVector copt;
+    copt.push_back(kSPSH);
+    QuicConfigPeer::SetReceivedConnectionOptions(&config_, copt);
+
+    connection_ = new StrictMock<MockQuicConnectionWithSendStreamData>(
+        &helper_, &alarm_factory_, Perspective::IS_SERVER,
+        SupportedVersions(GetParam()));
     session_.reset(new QuicSimpleServerSession(config_, connection_, &owner_,
                                                &crypto_config_,
                                                &compressed_certs_cache_));
     session_->Initialize();
-    // Needed to make new session flow control window work.
+    // Needed to make new session flow control window and server push work.
     session_->OnConfigNegotiated();
 
     visitor_ = QuicConnectionPeer::GetVisitor(connection_);
diff --git a/chromium/net/tools/quic/quic_simple_server_stream.cc b/chromium/net/tools/quic/quic_simple_server_stream.cc
index 500754d6330..21a7a8fd2ad 100644
--- a/chromium/net/tools/quic/quic_simple_server_stream.cc
+++ b/chromium/net/tools/quic/quic_simple_server_stream.cc
@@ -43,12 +43,33 @@ void QuicSimpleServerStream::OnInitialHeadersComplete(bool fin,
   MarkHeadersConsumed(decompressed_headers().length());
 }
 
+void QuicSimpleServerStream::OnInitialHeadersComplete(
+    bool fin,
+    size_t frame_len,
+    const QuicHeaderList& header_list) {
+  QuicSpdyStream::OnInitialHeadersComplete(fin, frame_len, header_list);
+  if (!SpdyUtils::CopyAndValidateHeaders(header_list, &content_length_,
+                                         &request_headers_)) {
+    DVLOG(1) << "Invalid headers";
+    SendErrorResponse();
+  }
+  ConsumeHeaderList();
+}
+
 void QuicSimpleServerStream::OnTrailingHeadersComplete(bool fin,
                                                        size_t frame_len) {
   QUIC_BUG << "Server does not support receiving Trailers.";
   SendErrorResponse();
 }
 
+void QuicSimpleServerStream::OnTrailingHeadersComplete(
+    bool fin,
+    size_t frame_len,
+    const QuicHeaderList& header_list) {
+  QUIC_BUG << "Server does not support receiving Trailers.";
+  SendErrorResponse();
+}
+
 void QuicSimpleServerStream::OnDataAvailable() {
   while (HasBytesToRead()) {
     struct iovec iov;
diff --git a/chromium/net/tools/quic/quic_simple_server_stream.h b/chromium/net/tools/quic/quic_simple_server_stream.h
index b88b8471ee6..ca39e5007a2 100644
--- a/chromium/net/tools/quic/quic_simple_server_stream.h
+++ b/chromium/net/tools/quic/quic_simple_server_stream.h
@@ -31,6 +31,12 @@ class QuicSimpleServerStream : public QuicSpdyStream {
   // QuicSpdyStream
   void OnInitialHeadersComplete(bool fin, size_t frame_len) override;
   void OnTrailingHeadersComplete(bool fin, size_t frame_len) override;
+  void OnInitialHeadersComplete(bool fin,
+                                size_t frame_len,
+                                const QuicHeaderList& header_list) override;
+  void OnTrailingHeadersComplete(bool fin,
+                                 size_t frame_len,
+                                 const QuicHeaderList& header_list) override;
 
   // ReliableQuicStream implementation called by the sequencer when there is
   // data (or a FIN) to be read.
diff --git a/chromium/net/tools/quic/quic_simple_server_stream_test.cc b/chromium/net/tools/quic/quic_simple_server_stream_test.cc
index 2914defbf15..f3a7533407c 100644
--- a/chromium/net/tools/quic/quic_simple_server_stream_test.cc
+++ b/chromium/net/tools/quic/quic_simple_server_stream_test.cc
@@ -25,8 +25,8 @@
 #include "url/gurl.h"
 
 using base::StringPiece;
-using net::test::MockConnection;
-using net::test::MockConnectionHelper;
+using net::test::MockQuicConnection;
+using net::test::MockQuicConnectionHelper;
 using net::test::MockQuicSpdySession;
 using net::test::ReliableQuicStreamPeer;
 using net::test::SupportedVersions;
@@ -42,8 +42,6 @@ using testing::Return;
 using testing::StrictMock;
 using testing::WithArgs;
 
-DECLARE_bool(quic_always_log_bugs_for_tests);
-
 namespace net {
 namespace test {
 
@@ -96,7 +94,7 @@ class MockQuicSimpleServerSession : public QuicSimpleServerSession {
                                 compressed_certs_cache) {
     set_max_open_incoming_streams(kMaxStreamsForTest);
     set_max_open_outgoing_streams(kMaxStreamsForTest);
-    ON_CALL(*this, WritevData(_, _, _, _, _))
+    ON_CALL(*this, WritevData(_, _, _, _, _, _))
         .WillByDefault(testing::Return(QuicConsumedData(0, false)));
   }
 
@@ -107,8 +105,9 @@ class MockQuicSimpleServerSession : public QuicSimpleServerSession {
                     const string& error_details,
                     ConnectionCloseSource source));
   MOCK_METHOD1(CreateIncomingDynamicStream, QuicSpdyStream*(QuicStreamId id));
-  MOCK_METHOD5(WritevData,
-               QuicConsumedData(QuicStreamId id,
+  MOCK_METHOD6(WritevData,
+               QuicConsumedData(ReliableQuicStream* stream,
+                                QuicStreamId id,
                                 QuicIOVector data,
                                 QuicStreamOffset offset,
                                 bool fin,
@@ -132,7 +131,7 @@ class MockQuicSimpleServerSession : public QuicSimpleServerSession {
   MOCK_METHOD1(OnHeadersHeadOfLineBlocking, void(QuicTime::Delta delta));
   MOCK_METHOD4(PromisePushResources,
                void(const string&,
-                    const list<QuicInMemoryCache::ServerPushInfo>&,
+                    const std::list<QuicInMemoryCache::ServerPushInfo>&,
                     QuicStreamId,
                     const SpdyHeaderBlock&));
 
@@ -149,10 +148,10 @@ class QuicSimpleServerStreamTest
  public:
   QuicSimpleServerStreamTest()
       : connection_(
-            new StrictMock<MockConnection>(&helper_,
-                                           Perspective::IS_SERVER,
-                                           SupportedVersions(GetParam()))),
-        session_owner_(new StrictMock<MockQuicServerSessionVisitor>()),
+            new StrictMock<MockQuicConnection>(&helper_,
+                                               &alarm_factory_,
+                                               Perspective::IS_SERVER,
+                                               SupportedVersions(GetParam()))),
         crypto_config_(new QuicCryptoServerConfig(
             QuicCryptoServerConfig::TESTING,
             QuicRandom::GetInstance(),
@@ -160,7 +159,7 @@ class QuicSimpleServerStreamTest
         compressed_certs_cache_(
             QuicCompressedCertsCache::kQuicCompressedCertsCacheSize),
         session_(connection_,
-                 session_owner_,
+                 &session_owner_,
                  crypto_config_.get(),
                  &compressed_certs_cache_),
         body_("hello world") {
@@ -203,9 +202,10 @@ class QuicSimpleServerStreamTest
   }
 
   SpdyHeaderBlock response_headers_;
-  MockConnectionHelper helper_;
-  StrictMock<MockConnection>* connection_;
-  StrictMock<MockQuicServerSessionVisitor>* session_owner_;
+  MockQuicConnectionHelper helper_;
+  MockAlarmFactory alarm_factory_;
+  StrictMock<MockQuicConnection>* connection_;
+  StrictMock<MockQuicServerSessionVisitor> session_owner_;
   std::unique_ptr<QuicCryptoServerConfig> crypto_config_;
   QuicCompressedCertsCache compressed_certs_cache_;
   StrictMock<MockQuicSimpleServerSession> session_;
@@ -219,9 +219,9 @@ INSTANTIATE_TEST_CASE_P(Tests,
                         ::testing::ValuesIn(QuicSupportedVersions()));
 
 TEST_P(QuicSimpleServerStreamTest, TestFraming) {
-  EXPECT_CALL(session_, WritevData(_, _, _, _, _))
+  EXPECT_CALL(session_, WritevData(_, _, _, _, _, _))
       .Times(AnyNumber())
-      .WillRepeatedly(Invoke(MockQuicSpdySession::ConsumeAllData));
+      .WillRepeatedly(Invoke(MockQuicSession::ConsumeAllData));
   stream_->OnStreamHeaders(headers_string_);
   stream_->OnStreamHeadersComplete(false, headers_string_.size());
   stream_->OnStreamFrame(
@@ -233,9 +233,9 @@ TEST_P(QuicSimpleServerStreamTest, TestFraming) {
 }
 
 TEST_P(QuicSimpleServerStreamTest, TestFramingOnePacket) {
-  EXPECT_CALL(session_, WritevData(_, _, _, _, _))
+  EXPECT_CALL(session_, WritevData(_, _, _, _, _, _))
       .Times(AnyNumber())
-      .WillRepeatedly(Invoke(MockQuicSpdySession::ConsumeAllData));
+      .WillRepeatedly(Invoke(MockQuicSession::ConsumeAllData));
 
   stream_->OnStreamHeaders(headers_string_);
   stream_->OnStreamHeadersComplete(false, headers_string_.size());
@@ -248,9 +248,9 @@ TEST_P(QuicSimpleServerStreamTest, TestFramingOnePacket) {
 }
 
 TEST_P(QuicSimpleServerStreamTest, SendQuicRstStreamNoErrorInStopReading) {
-  EXPECT_CALL(session_, WritevData(_, _, _, _, _))
+  EXPECT_CALL(session_, WritevData(_, _, _, _, _, _))
       .Times(AnyNumber())
-      .WillRepeatedly(Invoke(MockQuicSpdySession::ConsumeAllData));
+      .WillRepeatedly(Invoke(MockQuicSession::ConsumeAllData));
 
   EXPECT_FALSE(stream_->fin_received());
   EXPECT_FALSE(stream_->rst_received());
@@ -271,8 +271,8 @@ TEST_P(QuicSimpleServerStreamTest, TestFramingExtraData) {
 
   // We'll automatically write out an error (headers + body)
   EXPECT_CALL(session_, WriteHeaders(_, _, _, _, _));
-  EXPECT_CALL(session_, WritevData(_, _, _, _, _))
-      .WillOnce(Invoke(MockQuicSpdySession::ConsumeAllData));
+  EXPECT_CALL(session_, WritevData(_, _, _, _, _, _))
+      .WillOnce(Invoke(MockQuicSession::ConsumeAllData));
   EXPECT_CALL(session_, SendRstStream(_, QUIC_STREAM_NO_ERROR, _)).Times(0);
 
   stream_->OnStreamHeaders(headers_string_);
@@ -308,7 +308,7 @@ TEST_P(QuicSimpleServerStreamTest, SendResponseWithIllegalResponseStatus) {
 
   InSequence s;
   EXPECT_CALL(session_, WriteHeaders(stream_->id(), _, false, _, nullptr));
-  EXPECT_CALL(session_, WritevData(_, _, _, _, _))
+  EXPECT_CALL(session_, WritevData(_, _, _, _, _, _))
       .Times(1)
       .WillOnce(Return(QuicConsumedData(
           strlen(QuicSimpleServerStream::kErrorResponseBody), true)));
@@ -339,7 +339,7 @@ TEST_P(QuicSimpleServerStreamTest, SendResponseWithIllegalResponseStatus2) {
 
   InSequence s;
   EXPECT_CALL(session_, WriteHeaders(stream_->id(), _, false, _, nullptr));
-  EXPECT_CALL(session_, WritevData(_, _, _, _, _))
+  EXPECT_CALL(session_, WritevData(_, _, _, _, _, _))
       .Times(1)
       .WillOnce(Return(QuicConsumedData(
           strlen(QuicSimpleServerStream::kErrorResponseBody), true)));
@@ -396,7 +396,7 @@ TEST_P(QuicSimpleServerStreamTest, SendResponseWithValidHeaders) {
 
   InSequence s;
   EXPECT_CALL(session_, WriteHeaders(stream_->id(), _, false, _, nullptr));
-  EXPECT_CALL(session_, WritevData(_, _, _, _, _))
+  EXPECT_CALL(session_, WritevData(_, _, _, _, _, _))
       .Times(1)
       .WillOnce(Return(QuicConsumedData(body.length(), true)));
 
@@ -418,7 +418,7 @@ TEST_P(QuicSimpleServerStreamTest, SendReponseWithPushResources) {
   string url = host + "/bar";
   QuicInMemoryCache::ServerPushInfo push_info(GURL(url), response_headers,
                                               kDefaultPriority, "Push body");
-  list<QuicInMemoryCache::ServerPushInfo> push_resources;
+  std::list<QuicInMemoryCache::ServerPushInfo> push_resources;
   push_resources.push_back(push_info);
   QuicInMemoryCache::GetInstance()->AddSimpleResponseWithServerPushResources(
       host, request_path, 200, body, push_resources);
@@ -435,7 +435,7 @@ TEST_P(QuicSimpleServerStreamTest, SendReponseWithPushResources) {
                                              ::net::test::kClientDataStreamId1,
                                              *request_headers));
   EXPECT_CALL(session_, WriteHeaders(stream_->id(), _, false, _, nullptr));
-  EXPECT_CALL(session_, WritevData(_, _, _, _, _))
+  EXPECT_CALL(session_, WritevData(_, _, _, _, _, _))
       .Times(1)
       .WillOnce(Return(QuicConsumedData(body.length(), true)));
   QuicSimpleServerStreamPeer::SendResponse(stream_);
@@ -481,7 +481,7 @@ TEST_P(QuicSimpleServerStreamTest, PushResponseOnServerInitiatedStream) {
   EXPECT_CALL(session_,
               WriteHeaders(kServerInitiatedStreamId, _, false,
                            server_initiated_stream->priority(), nullptr));
-  EXPECT_CALL(session_, WritevData(kServerInitiatedStreamId, _, _, _, _))
+  EXPECT_CALL(session_, WritevData(_, kServerInitiatedStreamId, _, _, _, _))
       .Times(1)
       .WillOnce(Return(QuicConsumedData(kBody.size(), true)));
   server_initiated_stream->PushResponse(headers);
@@ -503,7 +503,7 @@ TEST_P(QuicSimpleServerStreamTest, TestSendErrorResponse) {
 
   InSequence s;
   EXPECT_CALL(session_, WriteHeaders(_, _, _, _, _));
-  EXPECT_CALL(session_, WritevData(_, _, _, _, _))
+  EXPECT_CALL(session_, WritevData(_, _, _, _, _, _))
       .Times(1)
       .WillOnce(Return(QuicConsumedData(3, true)));
 
@@ -523,9 +523,9 @@ TEST_P(QuicSimpleServerStreamTest, InvalidMultipleContentLength) {
   headers_string_ = SpdyUtils::SerializeUncompressedHeaders(request_headers);
 
   EXPECT_CALL(session_, WriteHeaders(_, _, _, _, _));
-  EXPECT_CALL(session_, WritevData(_, _, _, _, _))
+  EXPECT_CALL(session_, WritevData(_, _, _, _, _, _))
       .Times(AnyNumber())
-      .WillRepeatedly(Invoke(MockQuicSpdySession::ConsumeAllData));
+      .WillRepeatedly(Invoke(MockQuicSession::ConsumeAllData));
   stream_->OnStreamHeaders(headers_string_);
   stream_->OnStreamHeadersComplete(true, headers_string_.size());
 
@@ -544,9 +544,9 @@ TEST_P(QuicSimpleServerStreamTest, InvalidLeadingNullContentLength) {
   headers_string_ = SpdyUtils::SerializeUncompressedHeaders(request_headers);
 
   EXPECT_CALL(session_, WriteHeaders(_, _, _, _, _));
-  EXPECT_CALL(session_, WritevData(_, _, _, _, _))
+  EXPECT_CALL(session_, WritevData(_, _, _, _, _, _))
       .Times(AnyNumber())
-      .WillRepeatedly(Invoke(MockQuicSpdySession::ConsumeAllData));
+      .WillRepeatedly(Invoke(MockQuicSession::ConsumeAllData));
   stream_->OnStreamHeaders(headers_string_);
   stream_->OnStreamHeadersComplete(true, headers_string_.size());
 
@@ -578,7 +578,7 @@ TEST_P(QuicSimpleServerStreamTest, SendQuicRstStreamNoErrorWithEarlyResponse) {
 
   InSequence s;
   EXPECT_CALL(session_, WriteHeaders(stream_->id(), _, _, _, _));
-  EXPECT_CALL(session_, WritevData(_, _, _, _, _))
+  EXPECT_CALL(session_, WritevData(_, _, _, _, _, _))
       .Times(1)
       .WillOnce(Return(QuicConsumedData(3, true)));
   if (GetParam() > QUIC_VERSION_28) {
diff --git a/chromium/net/tools/quic/quic_simple_server_test.cc b/chromium/net/tools/quic/quic_simple_server_test.cc
index 3a7c54ee1f9..3cd742cc0ae 100644
--- a/chromium/net/tools/quic/quic_simple_server_test.cc
+++ b/chromium/net/tools/quic/quic_simple_server_test.cc
@@ -26,7 +26,10 @@ class QuicChromeServerDispatchPacketTest : public ::testing::Test {
                        CryptoTestUtils::ProofSourceForTesting()),
         dispatcher_(config_,
                     &crypto_config_,
-                    new net::test::MockConnectionHelper) {
+                    std::unique_ptr<MockQuicConnectionHelper>(
+                        new net::test::MockQuicConnectionHelper),
+                    std::unique_ptr<MockAlarmFactory>(
+                        new net::test::MockAlarmFactory)) {
     dispatcher_.InitializeWithWriter(nullptr);
   }
 
diff --git a/chromium/net/tools/quic/quic_socket_utils.cc b/chromium/net/tools/quic/quic_socket_utils.cc
index 1ef874ca45f..094ce86d48d 100644
--- a/chromium/net/tools/quic/quic_socket_utils.cc
+++ b/chromium/net/tools/quic/quic_socket_utils.cc
@@ -291,12 +291,10 @@ int QuicSocketUtils::CreateUDPSocket(const IPEndPoint& address,
     return -1;
   }
 
-  if (FLAGS_quic_use_socket_timestamp) {
-    rc = SetGetSoftwareReceiveTimestamp(fd);
-    if (rc < 0) {
-      LOG(WARNING) << "SO_TIMESTAMPING not supported; using fallback: "
-                   << strerror(errno);
-    }
+  rc = SetGetSoftwareReceiveTimestamp(fd);
+  if (rc < 0) {
+    LOG(WARNING) << "SO_TIMESTAMPING not supported; using fallback: "
+                 << strerror(errno);
   }
 
   return fd;
diff --git a/chromium/net/tools/quic/quic_spdy_client_stream.cc b/chromium/net/tools/quic/quic_spdy_client_stream.cc
index 8ac758a5236..ca3bd783124 100644
--- a/chromium/net/tools/quic/quic_spdy_client_stream.cc
+++ b/chromium/net/tools/quic/quic_spdy_client_stream.cc
@@ -68,6 +68,34 @@ void QuicSpdyClientStream::OnInitialHeadersComplete(bool fin,
   session_->OnInitialHeadersComplete(id(), response_headers_);
 }
 
+void QuicSpdyClientStream::OnInitialHeadersComplete(
+    bool fin,
+    size_t frame_len,
+    const QuicHeaderList& header_list) {
+  QuicSpdyStream::OnInitialHeadersComplete(fin, frame_len, header_list);
+
+  DCHECK(headers_decompressed());
+  header_bytes_read_ += frame_len;
+  if (!SpdyUtils::CopyAndValidateHeaders(header_list, &content_length_,
+                                         &response_headers_)) {
+    DLOG(ERROR) << "Failed to parse header list: " << header_list.DebugString();
+    Reset(QUIC_BAD_APPLICATION_PAYLOAD);
+    return;
+  }
+
+  if (!ParseHeaderStatusCode(&response_headers_, &response_code_)) {
+    DLOG(ERROR) << "Received invalid response code: "
+                << response_headers_[":status"].as_string();
+    Reset(QUIC_BAD_APPLICATION_PAYLOAD);
+    return;
+  }
+
+  ConsumeHeaderList();
+  DVLOG(1) << "headers complete for stream " << id();
+
+  session_->OnInitialHeadersComplete(id(), response_headers_);
+}
+
 void QuicSpdyClientStream::OnTrailingHeadersComplete(bool fin,
                                                      size_t frame_len) {
   QuicSpdyStream::OnTrailingHeadersComplete(fin, frame_len);
@@ -90,6 +118,27 @@ void QuicSpdyClientStream::OnPromiseHeadersComplete(QuicStreamId promised_id,
   MarkHeadersConsumed(decompressed_headers().length());
 
   session_->HandlePromised(id(), promised_id, promise_headers);
+  if (visitor() != nullptr) {
+    visitor()->OnPromiseHeadersComplete(promised_id, frame_len);
+  }
+}
+
+void QuicSpdyClientStream::OnPromiseHeaderList(
+    QuicStreamId promised_id,
+    size_t frame_len,
+    const QuicHeaderList& header_list) {
+  header_bytes_read_ += frame_len;
+  int64_t content_length = -1;
+  SpdyHeaderBlock promise_headers;
+  if (!SpdyUtils::CopyAndValidateHeaders(header_list, &content_length,
+                                         &promise_headers)) {
+    DLOG(ERROR) << "Failed to parse promise headers: "
+                << header_list.DebugString();
+    Reset(QUIC_BAD_APPLICATION_PAYLOAD);
+    return;
+  }
+
+  session_->HandlePromised(id(), promised_id, promise_headers);
 }
 
 void QuicSpdyClientStream::OnDataAvailable() {
diff --git a/chromium/net/tools/quic/quic_spdy_client_stream.h b/chromium/net/tools/quic/quic_spdy_client_stream.h
index f225717c2ff..3bbe134996a 100644
--- a/chromium/net/tools/quic/quic_spdy_client_stream.h
+++ b/chromium/net/tools/quic/quic_spdy_client_stream.h
@@ -34,6 +34,11 @@ class QuicSpdyClientStream : public QuicSpdyStream {
   // Override the base class to parse and store headers.
   void OnInitialHeadersComplete(bool fin, size_t frame_len) override;
 
+  // Override the base class to parse and store headers.
+  void OnInitialHeadersComplete(bool fin,
+                                size_t frame_len,
+                                const QuicHeaderList& header_list) override;
+
   // Override the base class to parse and store trailers.
   void OnTrailingHeadersComplete(bool fin, size_t frame_len) override;
 
@@ -41,6 +46,11 @@ class QuicSpdyClientStream : public QuicSpdyStream {
   void OnPromiseHeadersComplete(QuicStreamId promised_stream_id,
                                 size_t frame_len) override;
 
+  // Override the base class to handle creation of the push stream.
+  void OnPromiseHeaderList(QuicStreamId promised_id,
+                           size_t frame_len,
+                           const QuicHeaderList& header_list) override;
+
   // ReliableQuicStream implementation called by the session when there's
   // data for us.
   void OnDataAvailable() override;
diff --git a/chromium/net/tools/quic/quic_spdy_client_stream_test.cc b/chromium/net/tools/quic/quic_spdy_client_stream_test.cc
index 53e414d8f29..af3cb3c8cde 100644
--- a/chromium/net/tools/quic/quic_spdy_client_stream_test.cc
+++ b/chromium/net/tools/quic/quic_spdy_client_stream_test.cc
@@ -4,6 +4,8 @@
 
 #include "net/tools/quic/quic_spdy_client_stream.h"
 
+#include <memory>
+
 #include "base/macros.h"
 #include "base/strings/string_number_conversions.h"
 #include "net/quic/quic_utils.h"
@@ -17,8 +19,8 @@
 
 using net::test::CryptoTestUtils;
 using net::test::DefaultQuicConfig;
-using net::test::MockConnection;
-using net::test::MockConnectionHelper;
+using net::test::MockQuicConnection;
+using net::test::MockQuicConnectionHelper;
 using net::test::SupportedVersions;
 using net::test::kClientDataStreamId1;
 using net::test::kServerDataStreamId1;
@@ -61,8 +63,9 @@ class QuicSpdyClientStreamTest : public ::testing::Test {
   class StreamVisitor;
 
   QuicSpdyClientStreamTest()
-      : connection_(
-            new StrictMock<MockConnection>(&helper_, Perspective::IS_CLIENT)),
+      : connection_(new StrictMock<MockQuicConnection>(&helper_,
+                                                       &alarm_factory_,
+                                                       Perspective::IS_CLIENT)),
         session_(connection_, &push_promise_index_),
         body_("hello world") {
     session_.Initialize();
@@ -83,13 +86,14 @@ class QuicSpdyClientStreamTest : public ::testing::Test {
     }
   };
 
-  MockConnectionHelper helper_;
-  StrictMock<MockConnection>* connection_;
+  MockQuicConnectionHelper helper_;
+  MockAlarmFactory alarm_factory_;
+  StrictMock<MockQuicConnection>* connection_;
   QuicClientPushPromiseIndex push_promise_index_;
 
   MockQuicClientSession session_;
-  scoped_ptr<QuicSpdyClientStream> stream_;
-  scoped_ptr<StreamVisitor> stream_visitor_;
+  std::unique_ptr<QuicSpdyClientStream> stream_;
+  std::unique_ptr<StreamVisitor> stream_visitor_;
   BalsaHeaders headers_;
   string headers_string_;
   string body_;
diff --git a/chromium/net/tools/quic/quic_time_wait_list_manager.cc b/chromium/net/tools/quic/quic_time_wait_list_manager.cc
index 91c48d089b0..8a79b2e4755 100644
--- a/chromium/net/tools/quic/quic_time_wait_list_manager.cc
+++ b/chromium/net/tools/quic/quic_time_wait_list_manager.cc
@@ -6,9 +6,10 @@
 
 #include <errno.h>
 
+#include <memory>
+
 #include "base/logging.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/stl_util.h"
 #include "net/base/ip_endpoint.h"
 #include "net/quic/crypto/crypto_protocol.h"
@@ -68,7 +69,7 @@ class QuicTimeWaitListManager::QueuedPacket {
  private:
   const IPEndPoint server_address_;
   const IPEndPoint client_address_;
-  scoped_ptr<QuicEncryptedPacket> packet_;
+  std::unique_ptr<QuicEncryptedPacket> packet_;
 
   DISALLOW_COPY_AND_ASSIGN(QueuedPacket);
 };
@@ -76,11 +77,12 @@ class QuicTimeWaitListManager::QueuedPacket {
 QuicTimeWaitListManager::QuicTimeWaitListManager(
     QuicPacketWriter* writer,
     QuicServerSessionVisitor* visitor,
-    QuicConnectionHelperInterface* helper)
+    QuicConnectionHelperInterface* helper,
+    QuicAlarmFactory* alarm_factory)
     : time_wait_period_(
           QuicTime::Delta::FromSeconds(FLAGS_quic_time_wait_list_seconds)),
       connection_id_clean_up_alarm_(
-          helper->CreateAlarm(new ConnectionIdCleanUpAlarm(this))),
+          alarm_factory->CreateAlarm(new ConnectionIdCleanUpAlarm(this))),
       clock_(helper->GetClock()),
       writer_(writer),
       visitor_(visitor) {
@@ -90,17 +92,13 @@ QuicTimeWaitListManager::QuicTimeWaitListManager(
 QuicTimeWaitListManager::~QuicTimeWaitListManager() {
   connection_id_clean_up_alarm_->Cancel();
   STLDeleteElements(&pending_packets_queue_);
-  for (ConnectionIdMap::iterator it = connection_id_map_.begin();
-       it != connection_id_map_.end(); ++it) {
-    STLDeleteElements(&it->second.termination_packets);
-  }
 }
 
 void QuicTimeWaitListManager::AddConnectionIdToTimeWait(
     QuicConnectionId connection_id,
     QuicVersion version,
     bool connection_rejected_statelessly,
-    std::vector<QuicEncryptedPacket*>* termination_packets) {
+    std::vector<std::unique_ptr<QuicEncryptedPacket>>* termination_packets) {
   if (connection_rejected_statelessly) {
     DCHECK(termination_packets != nullptr && !termination_packets->empty())
         << "Connections that were rejected statelessly must "
@@ -111,7 +109,6 @@ void QuicTimeWaitListManager::AddConnectionIdToTimeWait(
   const bool new_connection_id = it == connection_id_map_.end();
   if (!new_connection_id) {  // Replace record if it is reinserted.
     num_packets = it->second.num_packets;
-    STLDeleteElements(&it->second.termination_packets);
     connection_id_map_.erase(it);
   }
   TrimTimeWaitListIfNeeded();
@@ -122,7 +119,7 @@ void QuicTimeWaitListManager::AddConnectionIdToTimeWait(
   if (termination_packets != nullptr) {
     data.termination_packets.swap(*termination_packets);
   }
-  connection_id_map_.insert(std::make_pair(connection_id, data));
+  connection_id_map_.emplace(std::make_pair(connection_id, std::move(data)));
   if (new_connection_id) {
     visitor_->OnConnectionAddedToTimeWaitList(connection_id);
   }
@@ -176,7 +173,7 @@ void QuicTimeWaitListManager::ProcessPacket(
       DVLOG(3) << "Time wait list sending previous stateless reject response "
                << "for connection " << connection_id;
     }
-    for (QuicEncryptedPacket* packet : connection_data->termination_packets) {
+    for (const auto& packet : connection_data->termination_packets) {
       QueuedPacket* queued_packet =
           new QueuedPacket(server_address, client_address, packet->Clone());
       // Takes ownership of the packet.
@@ -297,10 +294,7 @@ bool QuicTimeWaitListManager::MaybeExpireOldestConnection(
     return false;
   }
   // This connection_id has lived its age, retire it now.
-  const QuicConnectionId connection_id = it->first;
-  STLDeleteElements(&it->second.termination_packets);
   connection_id_map_.erase(it);
-  visitor_->OnConnectionRemovedFromTimeWaitList(connection_id);
   return true;
 }
 
@@ -335,7 +329,7 @@ QuicTimeWaitListManager::ConnectionIdData::ConnectionIdData(
       connection_rejected_statelessly(connection_rejected_statelessly) {}
 
 QuicTimeWaitListManager::ConnectionIdData::ConnectionIdData(
-    const ConnectionIdData& other) = default;
+    ConnectionIdData&& other) = default;
 
 QuicTimeWaitListManager::ConnectionIdData::~ConnectionIdData() {}
 
diff --git a/chromium/net/tools/quic/quic_time_wait_list_manager.h b/chromium/net/tools/quic/quic_time_wait_list_manager.h
index 52e1d6210ca..b76dd74cb9a 100644
--- a/chromium/net/tools/quic/quic_time_wait_list_manager.h
+++ b/chromium/net/tools/quic/quic_time_wait_list_manager.h
@@ -12,6 +12,7 @@
 #include <stddef.h>
 
 #include <deque>
+#include <memory>
 
 #include "base/macros.h"
 #include "net/base/linked_hash_map.h"
@@ -42,10 +43,12 @@ class QuicTimeWaitListManager : public QuicBlockedWriterInterface {
  public:
   // writer - the entity that writes to the socket. (Owned by the dispatcher)
   // visitor - the entity that manages blocked writers. (The dispatcher)
-  // helper - used to run clean up alarms. (Owned by the dispatcher)
+  // helper - provides a clock (Owned by the dispatcher)
+  // alarm_factory - used to run clean up alarms. (Owned by the dispatcher)
   QuicTimeWaitListManager(QuicPacketWriter* writer,
                           QuicServerSessionVisitor* visitor,
-                          QuicConnectionHelperInterface* helper);
+                          QuicConnectionHelperInterface* helper,
+                          QuicAlarmFactory* alarm_factory);
   ~QuicTimeWaitListManager() override;
 
   // Adds the given connection_id to time wait state for time_wait_period_.
@@ -60,7 +63,7 @@ class QuicTimeWaitListManager : public QuicBlockedWriterInterface {
       QuicConnectionId connection_id,
       QuicVersion version,
       bool connection_rejected_statelessly,
-      std::vector<QuicEncryptedPacket*>* termination_packets);
+      std::vector<std::unique_ptr<QuicEncryptedPacket>>* termination_packets);
 
   // Returns true if the connection_id is in time wait state, false otherwise.
   // Packets received for this connection_id should not lead to creation of new
@@ -157,7 +160,8 @@ class QuicTimeWaitListManager : public QuicBlockedWriterInterface {
                      QuicTime time_added_,
                      bool connection_rejected_statelessly);
 
-    ConnectionIdData(const ConnectionIdData& other);
+    ConnectionIdData(const ConnectionIdData& other) = delete;
+    ConnectionIdData(ConnectionIdData&& other);
 
     ~ConnectionIdData();
 
@@ -165,7 +169,7 @@ class QuicTimeWaitListManager : public QuicBlockedWriterInterface {
     QuicVersion version;
     QuicTime time_added;
     // These packets may contain CONNECTION_CLOSE frames, or SREJ messages.
-    std::vector<QuicEncryptedPacket*> termination_packets;
+    std::vector<std::unique_ptr<QuicEncryptedPacket>> termination_packets;
     bool connection_rejected_statelessly;
   };
 
@@ -182,7 +186,7 @@ class QuicTimeWaitListManager : public QuicBlockedWriterInterface {
 
   // Alarm to clean up connection_ids that have out lived their duration in
   // time wait state.
-  scoped_ptr<QuicAlarm> connection_id_clean_up_alarm_;
+  std::unique_ptr<QuicAlarm> connection_id_clean_up_alarm_;
 
   // Clock to efficiently measure approximate time.
   const QuicClock* clock_;
diff --git a/chromium/net/tools/quic/quic_time_wait_list_manager_test.cc b/chromium/net/tools/quic/quic_time_wait_list_manager_test.cc
index 58c9112d0c2..a1d06b4c4fd 100644
--- a/chromium/net/tools/quic/quic_time_wait_list_manager_test.cc
+++ b/chromium/net/tools/quic/quic_time_wait_list_manager_test.cc
@@ -5,6 +5,7 @@
 #include "net/tools/quic/quic_time_wait_list_manager.h"
 
 #include <errno.h>
+#include <memory>
 
 #include "net/quic/crypto/crypto_protocol.h"
 #include "net/quic/crypto/null_encrypter.h"
@@ -18,6 +19,7 @@
 #include "net/quic/quic_protocol.h"
 #include "net/quic/quic_utils.h"
 #include "net/quic/test_tools/quic_test_utils.h"
+#include "net/tools/quic/quic_epoll_alarm_factory.h"
 #include "net/tools/quic/quic_epoll_connection_helper.h"
 #include "net/tools/quic/test_tools/mock_epoll_server.h"
 #include "net/tools/quic/test_tools/mock_quic_server_session_visitor.h"
@@ -95,7 +97,8 @@ class QuicTimeWaitListManagerTest : public ::testing::Test {
  protected:
   QuicTimeWaitListManagerTest()
       : helper_(&epoll_server_, QuicAllocator::BUFFER_POOL),
-        time_wait_list_manager_(&writer_, &visitor_, &helper_),
+        alarm_factory_(&epoll_server_),
+        time_wait_list_manager_(&writer_, &visitor_, &helper_, &alarm_factory_),
         connection_id_(45),
         client_address_(net::test::TestPeerIPAddress(), kTestPort),
         writer_is_blocked_(false) {}
@@ -115,17 +118,19 @@ class QuicTimeWaitListManagerTest : public ::testing::Test {
   }
 
   void AddStatelessConnectionId(QuicConnectionId connection_id) {
-    std::vector<QuicEncryptedPacket*> termination_packets;
-    termination_packets.push_back(new QuicEncryptedPacket(nullptr, 0, false));
+    std::vector<std::unique_ptr<QuicEncryptedPacket>> termination_packets;
+    termination_packets.push_back(std::unique_ptr<QuicEncryptedPacket>(
+        new QuicEncryptedPacket(nullptr, 0, false)));
     time_wait_list_manager_.AddConnectionIdToTimeWait(
         connection_id, QuicVersionMax(),
         /*connection_rejected_statelessly=*/true, &termination_packets);
   }
 
-  void AddConnectionId(QuicConnectionId connection_id,
-                       QuicVersion version,
-                       bool connection_rejected_statelessly,
-                       std::vector<QuicEncryptedPacket*>* packets) {
+  void AddConnectionId(
+      QuicConnectionId connection_id,
+      QuicVersion version,
+      bool connection_rejected_statelessly,
+      std::vector<std::unique_ptr<QuicEncryptedPacket>>* packets) {
     time_wait_list_manager_.AddConnectionIdToTimeWait(
         connection_id, version, connection_rejected_statelessly, packets);
   }
@@ -151,6 +156,7 @@ class QuicTimeWaitListManagerTest : public ::testing::Test {
 
   NiceMock<MockFakeTimeEpollServer> epoll_server_;
   QuicEpollConnectionHelper helper_;
+  QuicEpollAlarmFactory alarm_factory_;
   StrictMock<MockPacketWriter> writer_;
   StrictMock<MockQuicServerSessionVisitor> visitor_;
   QuicTimeWaitListManager time_wait_list_manager_;
@@ -219,7 +225,7 @@ TEST_F(QuicTimeWaitListManagerTest, CheckStatelessConnectionIdInTimeWait) {
 }
 
 TEST_F(QuicTimeWaitListManagerTest, SendVersionNegotiationPacket) {
-  scoped_ptr<QuicEncryptedPacket> packet(
+  std::unique_ptr<QuicEncryptedPacket> packet(
       QuicFramer::BuildVersionNegotiationPacket(connection_id_,
                                                 QuicSupportedVersions()));
   EXPECT_CALL(writer_,
@@ -236,9 +242,10 @@ TEST_F(QuicTimeWaitListManagerTest, SendVersionNegotiationPacket) {
 TEST_F(QuicTimeWaitListManagerTest, SendConnectionClose) {
   const size_t kConnectionCloseLength = 100;
   EXPECT_CALL(visitor_, OnConnectionAddedToTimeWaitList(connection_id_));
-  std::vector<QuicEncryptedPacket*> termination_packets;
-  termination_packets.push_back(new QuicEncryptedPacket(
-      new char[kConnectionCloseLength], kConnectionCloseLength, true));
+  std::vector<std::unique_ptr<QuicEncryptedPacket>> termination_packets;
+  termination_packets.push_back(
+      std::unique_ptr<QuicEncryptedPacket>(new QuicEncryptedPacket(
+          new char[kConnectionCloseLength], kConnectionCloseLength, true)));
   AddConnectionId(connection_id_, QuicVersionMax(),
                   /*connection_rejected_statelessly=*/false,
                   &termination_packets);
@@ -254,11 +261,13 @@ TEST_F(QuicTimeWaitListManagerTest, SendConnectionClose) {
 TEST_F(QuicTimeWaitListManagerTest, SendTwoConnectionCloses) {
   const size_t kConnectionCloseLength = 100;
   EXPECT_CALL(visitor_, OnConnectionAddedToTimeWaitList(connection_id_));
-  std::vector<QuicEncryptedPacket*> termination_packets;
-  termination_packets.push_back(new QuicEncryptedPacket(
-      new char[kConnectionCloseLength], kConnectionCloseLength, true));
-  termination_packets.push_back(new QuicEncryptedPacket(
-      new char[kConnectionCloseLength], kConnectionCloseLength, true));
+  std::vector<std::unique_ptr<QuicEncryptedPacket>> termination_packets;
+  termination_packets.push_back(
+      std::unique_ptr<QuicEncryptedPacket>(new QuicEncryptedPacket(
+          new char[kConnectionCloseLength], kConnectionCloseLength, true)));
+  termination_packets.push_back(
+      std::unique_ptr<QuicEncryptedPacket>(new QuicEncryptedPacket(
+          new char[kConnectionCloseLength], kConnectionCloseLength, true)));
   AddConnectionId(connection_id_, QuicVersionMax(),
                   /*connection_rejected_statelessly=*/false,
                   &termination_packets);
@@ -351,12 +360,6 @@ TEST_F(QuicTimeWaitListManagerTest, CleanUpOldConnectionIds) {
                             time_wait_period.Subtract(offset).ToMicroseconds();
   EXPECT_CALL(epoll_server_, RegisterAlarm(next_alarm_time, _));
 
-  for (size_t connection_id = 1; connection_id <= kConnectionIdCount;
-       ++connection_id) {
-    if (connection_id <= kOldConnectionIdCount) {
-      EXPECT_CALL(visitor_, OnConnectionRemovedFromTimeWaitList(connection_id));
-    }
-  }
   time_wait_list_manager_.CleanUpOldConnectionIds();
   for (size_t connection_id = 1; connection_id <= kConnectionIdCount;
        ++connection_id) {
@@ -374,7 +377,7 @@ TEST_F(QuicTimeWaitListManagerTest, SendQueuedPackets) {
   EXPECT_CALL(visitor_, OnConnectionAddedToTimeWaitList(connection_id));
   AddConnectionId(connection_id);
   QuicPacketNumber packet_number = 234;
-  scoped_ptr<QuicEncryptedPacket> packet(
+  std::unique_ptr<QuicEncryptedPacket> packet(
       ConstructEncryptedPacket(connection_id, packet_number));
   // Let first write through.
   EXPECT_CALL(writer_,
@@ -400,7 +403,7 @@ TEST_F(QuicTimeWaitListManagerTest, SendQueuedPackets) {
   EXPECT_CALL(visitor_, OnConnectionAddedToTimeWaitList(other_connection_id));
   AddConnectionId(other_connection_id);
   QuicPacketNumber other_packet_number = 23423;
-  scoped_ptr<QuicEncryptedPacket> other_packet(
+  std::unique_ptr<QuicEncryptedPacket> other_packet(
       ConstructEncryptedPacket(other_connection_id, other_packet_number));
   EXPECT_CALL(writer_, WritePacket(_, _, _, _, _)).Times(0);
   EXPECT_CALL(visitor_, OnWriteBlocked(&time_wait_list_manager_));
@@ -453,9 +456,10 @@ TEST_F(QuicTimeWaitListManagerTest, AddConnectionIdTwice) {
   AddConnectionId(connection_id_);
   EXPECT_TRUE(IsConnectionIdInTimeWait(connection_id_));
   const size_t kConnectionCloseLength = 100;
-  std::vector<QuicEncryptedPacket*> termination_packets;
-  termination_packets.push_back(new QuicEncryptedPacket(
-      new char[kConnectionCloseLength], kConnectionCloseLength, true));
+  std::vector<std::unique_ptr<QuicEncryptedPacket>> termination_packets;
+  termination_packets.push_back(
+      std::unique_ptr<QuicEncryptedPacket>(new QuicEncryptedPacket(
+          new char[kConnectionCloseLength], kConnectionCloseLength, true)));
   AddConnectionId(connection_id_, QuicVersionMax(),
                   /*connection_rejected_statelessly=*/false,
                   &termination_packets);
@@ -481,7 +485,6 @@ TEST_F(QuicTimeWaitListManagerTest, AddConnectionIdTwice) {
       epoll_server_.ApproximateNowInUsec() + time_wait_period.ToMicroseconds();
 
   EXPECT_CALL(epoll_server_, RegisterAlarm(next_alarm_time, _));
-  EXPECT_CALL(visitor_, OnConnectionRemovedFromTimeWaitList(connection_id_));
   time_wait_list_manager_.CleanUpOldConnectionIds();
   EXPECT_FALSE(IsConnectionIdInTimeWait(connection_id_));
   EXPECT_EQ(0u, time_wait_list_manager_.num_connections());
@@ -512,7 +515,6 @@ TEST_F(QuicTimeWaitListManagerTest, ConnectionIdsOrderedByTime) {
 
   EXPECT_CALL(epoll_server_, RegisterAlarm(_, _));
 
-  EXPECT_CALL(visitor_, OnConnectionRemovedFromTimeWaitList(connection_id1));
   time_wait_list_manager_.CleanUpOldConnectionIds();
   EXPECT_FALSE(IsConnectionIdInTimeWait(connection_id1));
   EXPECT_TRUE(IsConnectionIdInTimeWait(connection_id2));
@@ -544,7 +546,6 @@ TEST_F(QuicTimeWaitListManagerTest, MaxConnectionsTest) {
         current_connection_id - FLAGS_quic_time_wait_list_max_connections;
     EXPECT_TRUE(IsConnectionIdInTimeWait(id_to_evict));
     EXPECT_FALSE(IsConnectionIdInTimeWait(current_connection_id));
-    EXPECT_CALL(visitor_, OnConnectionRemovedFromTimeWaitList(id_to_evict));
     EXPECT_CALL(visitor_,
                 OnConnectionAddedToTimeWaitList(current_connection_id));
     AddConnectionId(current_connection_id);
diff --git a/chromium/net/tools/quic/spdy_balsa_utils.cc b/chromium/net/tools/quic/spdy_balsa_utils.cc
index dd24c9935d2..8f1ebd2eac4 100644
--- a/chromium/net/tools/quic/spdy_balsa_utils.cc
+++ b/chromium/net/tools/quic/spdy_balsa_utils.cc
@@ -4,11 +4,12 @@
 
 #include "net/tools/quic/spdy_balsa_utils.h"
 
+#include <memory>
 #include <string>
 
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_piece.h"
+#include "base/strings/string_split.h"
 #include "base/strings/string_util.h"
 #include "net/base/linked_hash_map.h"
 #include "net/quic/quic_flags.h"
@@ -118,7 +119,7 @@ void PopulateSpdyResponseHeaderBlock(SpdyMajorVersion version,
 
 bool IsSpecialSpdyHeader(SpdyHeaderBlock::const_iterator header,
                          BalsaHeaders* headers) {
-  return header->first.empty() || header->second.empty() ||
+  return header->first.empty() || /* header->second.empty() || */
          header->first[0] == ':';
 }
 
@@ -153,7 +154,18 @@ void SpdyHeadersToResponseHeaders(const SpdyHeaderBlock& header_block,
 
   for (BlockIt it = header_block.begin(); it != header_block.end(); ++it) {
     if (!IsSpecialSpdyHeader(it, request_headers)) {
-      request_headers->AppendHeader(it->first, it->second);
+      if (it->second.empty()) {
+        request_headers->AppendHeader(it->first, it->second);
+      } else {
+        DVLOG(2) << "Splitting value: [" << it->second << "]"
+                 << " for key: " << it->first;
+        for (string value :
+             base::SplitString(it->second, base::StringPiece("\0", 1),
+                               base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL)) {
+          DVLOG(2) << "AppendHeader(" << it->first << ", " << value << ")";
+          request_headers->AppendHeader(it->first, StringPiece(value));
+        }
+      }
     }
   }
 }
@@ -198,7 +210,18 @@ void SpdyHeadersToRequestHeaders(const SpdyHeaderBlock& header_block,
 
   for (BlockIt it = header_block.begin(); it != header_block.end(); ++it) {
     if (!IsSpecialSpdyHeader(it, request_headers)) {
-      request_headers->AppendHeader(it->first, it->second);
+      if (it->second.empty()) {
+        request_headers->AppendHeader(it->first, it->second);
+      } else {
+        DVLOG(2) << "Splitting value: [" << it->second << "]"
+                 << " for key: " << it->first;
+        for (string value :
+             base::SplitString(it->second, base::StringPiece("\0", 1),
+                               base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL)) {
+          DVLOG(2) << "AppendHeader(" << it->first << ", " << value << ")";
+          request_headers->AppendHeader(it->first, StringPiece(value));
+        }
+      }
     }
   }
 }
@@ -206,8 +229,8 @@ void SpdyHeadersToRequestHeaders(const SpdyHeaderBlock& header_block,
 // static
 void SpdyHeadersToBalsaHeaders(const SpdyHeaderBlock& block,
                                BalsaHeaders* headers,
-                               SpdyHeaderValidatorType type) {
-  if (type == SpdyHeaderValidatorType::RESPONSE_HEADER) {
+                               bool isResponse) {
+  if (isResponse) {
     SpdyHeadersToResponseHeaders(block, headers);
     return;
   }
@@ -269,14 +292,13 @@ string SpdyBalsaUtils::SerializeResponseHeaders(
 // static
 void SpdyBalsaUtils::SpdyHeadersToResponseHeaders(const SpdyHeaderBlock& block,
                                                   BalsaHeaders* headers) {
-  SpdyHeadersToBalsaHeaders(block, headers,
-                            SpdyHeaderValidatorType::RESPONSE_HEADER);
+  SpdyHeadersToBalsaHeaders(block, headers, true);
 }
 
 // static
 void SpdyBalsaUtils::SpdyHeadersToRequestHeaders(const SpdyHeaderBlock& block,
                                                  BalsaHeaders* headers) {
-  SpdyHeadersToBalsaHeaders(block, headers, SpdyHeaderValidatorType::REQUEST);
+  SpdyHeadersToBalsaHeaders(block, headers, false);
 }
 
 }  // namespace net
diff --git a/chromium/net/tools/quic/spdy_balsa_utils_test.cc b/chromium/net/tools/quic/spdy_balsa_utils_test.cc
index 0a7f2fabe25..c8591ea0df9 100644
--- a/chromium/net/tools/quic/spdy_balsa_utils_test.cc
+++ b/chromium/net/tools/quic/spdy_balsa_utils_test.cc
@@ -4,9 +4,13 @@
 
 #include "net/tools/quic/spdy_balsa_utils.h"
 
+#include "base/strings/string_piece.h"
 #include "net/spdy/spdy_test_utils.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
+using base::StringPiece;
+using testing::ElementsAre;
+
 namespace net {
 namespace test {
 namespace {
@@ -47,6 +51,8 @@ TEST(SpdyBalsaUtilsTest, SpdyHeadersToRequestHeaders) {
   spdy_headers[":path"] = "/foo";
   spdy_headers[":scheme"] = "https";
   spdy_headers[":method"] = "GET";
+  spdy_headers["foo"] = StringPiece("multi\0valued\0header", 19);
+  spdy_headers["bar"] = "";
 
   BalsaHeaders request_headers;
   SpdyBalsaUtils::SpdyHeadersToRequestHeaders(spdy_headers, &request_headers);
@@ -54,6 +60,11 @@ TEST(SpdyBalsaUtilsTest, SpdyHeadersToRequestHeaders) {
   EXPECT_EQ("HTTP/1.1", request_headers.request_version());
   EXPECT_EQ("/foo", request_headers.request_uri());
   EXPECT_EQ("www.google.com", request_headers.GetHeader("host"));
+  EXPECT_TRUE(request_headers.HasHeader("bar"));
+  EXPECT_EQ("", request_headers.GetHeader("bar"));
+  std::vector<StringPiece> pieces;
+  request_headers.GetAllOfHeader("foo", &pieces);
+  EXPECT_THAT(pieces, ElementsAre("multi", "valued", "header"));
 
   // Test :host header (and no GET).
   SpdyHeaderBlock spdy_headers1;
@@ -72,10 +83,17 @@ TEST(SpdyBalsaUtilsTest, SpdyHeadersToRequestHeaders) {
 TEST(SpdyBalsaUtilsTest, SpdyHeadersToResponseHeaders) {
   SpdyHeaderBlock spdy_headers;
   spdy_headers[":status"] = "200";
+  spdy_headers["foo"] = StringPiece("multi\0valued\0header", 19);
+  spdy_headers["bar"] = "";
 
   BalsaHeaders response_headers;
   SpdyBalsaUtils::SpdyHeadersToResponseHeaders(spdy_headers, &response_headers);
   EXPECT_EQ("200", response_headers.response_code());
+  EXPECT_TRUE(response_headers.HasHeader("bar"));
+  EXPECT_EQ("", response_headers.GetHeader("bar"));
+  std::vector<StringPiece> pieces;
+  response_headers.GetAllOfHeader("foo", &pieces);
+  EXPECT_THAT(pieces, ElementsAre("multi", "valued", "header"));
 }
 
 }  // namespace
diff --git a/chromium/net/tools/quic/synchronous_host_resolver.cc b/chromium/net/tools/quic/synchronous_host_resolver.cc
index 2808cc7dad1..7d1b5e039e9 100644
--- a/chromium/net/tools/quic/synchronous_host_resolver.cc
+++ b/chromium/net/tools/quic/synchronous_host_resolver.cc
@@ -9,8 +9,8 @@
 #include "base/macros.h"
 #include "base/memory/weak_ptr.h"
 #include "base/single_thread_task_runner.h"
-#include "base/thread_task_runner_handle.h"
 #include "base/threading/simple_thread.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/host_port_pair.h"
 #include "net/base/net_errors.h"
 #include "net/dns/host_resolver_impl.h"
@@ -59,7 +59,7 @@ void ResolverThread::Run() {
   net::HostResolver::Options options;
   options.max_concurrent_resolves = 6;
   options.max_retry_attempts = 3u;
-  scoped_ptr<net::HostResolverImpl> resolver_impl(
+  std::unique_ptr<net::HostResolverImpl> resolver_impl(
       new net::HostResolverImpl(options, &net_log));
   SingleRequestHostResolver resolver(resolver_impl.get());
 
diff --git a/chromium/net/tools/quic/test_tools/mock_epoll_server.h b/chromium/net/tools/quic/test_tools/mock_epoll_server.h
index f56f4ab1953..9eac59403bc 100644
--- a/chromium/net/tools/quic/test_tools/mock_epoll_server.h
+++ b/chromium/net/tools/quic/test_tools/mock_epoll_server.h
@@ -8,6 +8,9 @@
 #include <stddef.h>
 #include <stdint.h>
 
+#include <unordered_map>
+#include <unordered_set>
+
 #include "base/logging.h"
 #include "base/macros.h"
 #include "net/tools/epoll_server/epoll_server.h"
@@ -52,7 +55,7 @@ class FakeTimeEpollServer : public EpollServer {
 
 class MockEpollServer : public FakeTimeEpollServer {
  public:  // type definitions
-  typedef base::hash_multimap<int64_t, struct epoll_event> EventQueue;
+  using EventQueue = std::unordered_multimap<int64_t, struct epoll_event>;
 
   MockEpollServer();
   ~MockEpollServer() override;
@@ -81,7 +84,7 @@ class MockEpollServer : public FakeTimeEpollServer {
     WaitForEventsAndExecuteCallbacks();
   }
 
-  base::hash_set<AlarmCB*>::size_type NumberOfAlarms() const {
+  std::unordered_set<AlarmCB*>::size_type NumberOfAlarms() const {
     return all_alarms_.size();
   }
 
diff --git a/chromium/net/tools/quic/test_tools/mock_quic_server_session_visitor.h b/chromium/net/tools/quic/test_tools/mock_quic_server_session_visitor.h
index 22a1b05bc45..aba8a9c90e0 100644
--- a/chromium/net/tools/quic/test_tools/mock_quic_server_session_visitor.h
+++ b/chromium/net/tools/quic/test_tools/mock_quic_server_session_visitor.h
@@ -24,8 +24,6 @@ class MockQuicServerSessionVisitor : public QuicServerSessionVisitor {
                void(QuicBlockedWriterInterface* blocked_writer));
   MOCK_METHOD1(OnConnectionAddedToTimeWaitList,
                void(QuicConnectionId connection_id));
-  MOCK_METHOD1(OnConnectionRemovedFromTimeWaitList,
-               void(QuicConnectionId connection_id));
 
  private:
   DISALLOW_COPY_AND_ASSIGN(MockQuicServerSessionVisitor);
diff --git a/chromium/net/tools/quic/test_tools/mock_quic_time_wait_list_manager.cc b/chromium/net/tools/quic/test_tools/mock_quic_time_wait_list_manager.cc
index 468e6efded7..54b780507fa 100644
--- a/chromium/net/tools/quic/test_tools/mock_quic_time_wait_list_manager.cc
+++ b/chromium/net/tools/quic/test_tools/mock_quic_time_wait_list_manager.cc
@@ -14,8 +14,9 @@ namespace test {
 MockTimeWaitListManager::MockTimeWaitListManager(
     QuicPacketWriter* writer,
     QuicServerSessionVisitor* visitor,
-    QuicConnectionHelperInterface* helper)
-    : QuicTimeWaitListManager(writer, visitor, helper) {
+    QuicConnectionHelperInterface* helper,
+    QuicAlarmFactory* alarm_factory)
+    : QuicTimeWaitListManager(writer, visitor, helper, alarm_factory) {
   // Though AddConnectionIdToTimeWait is mocked, we want to retain its
   // functionality.
   EXPECT_CALL(*this, AddConnectionIdToTimeWait(_, _, _, _))
diff --git a/chromium/net/tools/quic/test_tools/mock_quic_time_wait_list_manager.h b/chromium/net/tools/quic/test_tools/mock_quic_time_wait_list_manager.h
index 5d5542b14a6..fab8c38cce5 100644
--- a/chromium/net/tools/quic/test_tools/mock_quic_time_wait_list_manager.h
+++ b/chromium/net/tools/quic/test_tools/mock_quic_time_wait_list_manager.h
@@ -17,20 +17,22 @@ class MockTimeWaitListManager : public QuicTimeWaitListManager {
  public:
   MockTimeWaitListManager(QuicPacketWriter* writer,
                           QuicServerSessionVisitor* visitor,
-                          QuicConnectionHelperInterface* helper);
+                          QuicConnectionHelperInterface* helper,
+                          QuicAlarmFactory* alarm_factory);
   ~MockTimeWaitListManager() override;
 
   MOCK_METHOD4(AddConnectionIdToTimeWait,
                void(QuicConnectionId connection_id,
                     QuicVersion version,
                     bool connection_rejected_statelessly,
-                    std::vector<QuicEncryptedPacket*>* termination_packets));
+                    std::vector<std::unique_ptr<QuicEncryptedPacket>>*
+                        termination_packets));
 
   void QuicTimeWaitListManager_AddConnectionIdToTimeWait(
       QuicConnectionId connection_id,
       QuicVersion version,
       bool connection_rejected_statelessly,
-      std::vector<QuicEncryptedPacket*>* termination_packets) {
+      std::vector<std::unique_ptr<QuicEncryptedPacket>>* termination_packets) {
     QuicTimeWaitListManager::AddConnectionIdToTimeWait(
         connection_id, version, connection_rejected_statelessly,
         termination_packets);
diff --git a/chromium/net/tools/quic/test_tools/packet_dropping_test_writer.cc b/chromium/net/tools/quic/test_tools/packet_dropping_test_writer.cc
index 3858b7828b8..4d85d5a85f9 100644
--- a/chromium/net/tools/quic/test_tools/packet_dropping_test_writer.cc
+++ b/chromium/net/tools/quic/test_tools/packet_dropping_test_writer.cc
@@ -66,11 +66,12 @@ PacketDroppingTestWriter::PacketDroppingTestWriter()
 PacketDroppingTestWriter::~PacketDroppingTestWriter() {}
 
 void PacketDroppingTestWriter::Initialize(QuicConnectionHelperInterface* helper,
+                                          QuicAlarmFactory* alarm_factory,
                                           Delegate* on_can_write) {
   clock_ = helper->GetClock();
   write_unblocked_alarm_.reset(
-      helper->CreateAlarm(new WriteUnblockedAlarm(this)));
-  delay_alarm_.reset(helper->CreateAlarm(new DelayAlarm(this)));
+      alarm_factory->CreateAlarm(new WriteUnblockedAlarm(this)));
+  delay_alarm_.reset(alarm_factory->CreateAlarm(new DelayAlarm(this)));
   on_can_write_.reset(on_can_write);
 }
 
diff --git a/chromium/net/tools/quic/test_tools/packet_dropping_test_writer.h b/chromium/net/tools/quic/test_tools/packet_dropping_test_writer.h
index 20d2c278e38..2e3fcbca0ea 100644
--- a/chromium/net/tools/quic/test_tools/packet_dropping_test_writer.h
+++ b/chromium/net/tools/quic/test_tools/packet_dropping_test_writer.h
@@ -9,11 +9,11 @@
 #include <stdint.h>
 
 #include <list>
+#include <memory>
 #include <string>
 
 #include "base/logging.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/synchronization/lock.h"
 #include "net/base/ip_address.h"
 #include "net/quic/quic_alarm.h"
@@ -45,6 +45,7 @@ class PacketDroppingTestWriter : public QuicPacketWriterWrapper {
   // |on_can_write| will be triggered when fake-unblocking; ownership will be
   // assumed.
   void Initialize(QuicConnectionHelperInterface* helper,
+                  QuicAlarmFactory* alarm_factory,
                   Delegate* on_can_write);
 
   // QuicPacketWriter methods:
@@ -153,9 +154,9 @@ class PacketDroppingTestWriter : public QuicPacketWriterWrapper {
   typedef std::list<DelayedWrite> DelayedPacketList;
 
   const QuicClock* clock_;
-  scoped_ptr<QuicAlarm> write_unblocked_alarm_;
-  scoped_ptr<QuicAlarm> delay_alarm_;
-  scoped_ptr<Delegate> on_can_write_;
+  std::unique_ptr<QuicAlarm> write_unblocked_alarm_;
+  std::unique_ptr<QuicAlarm> delay_alarm_;
+  std::unique_ptr<Delegate> on_can_write_;
   net::test::SimpleRandom simple_random_;
   // Stored packets delayed by fake packet delay or bandwidth restrictions.
   DelayedPacketList delayed_packets_;
diff --git a/chromium/net/tools/quic/test_tools/quic_client_peer.cc b/chromium/net/tools/quic/test_tools/quic_client_peer.cc
index 71d3520f9d7..961cc823e2d 100644
--- a/chromium/net/tools/quic/test_tools/quic_client_peer.cc
+++ b/chromium/net/tools/quic/test_tools/quic_client_peer.cc
@@ -10,6 +10,11 @@ namespace net {
 namespace test {
 
 // static
+QuicCryptoClientConfig* QuicClientPeer::GetCryptoConfig(QuicClient* client) {
+  return client->crypto_config();
+}
+
+// static
 bool QuicClientPeer::CreateUDPSocketAndBind(QuicClient* client) {
   return client->CreateUDPSocketAndBind();
 }
@@ -25,5 +30,10 @@ void QuicClientPeer::SetClientPort(QuicClient* client, int port) {
       IPEndPoint(client->GetLatestClientAddress().address(), port);
 }
 
+// static
+void QuicClientPeer::SetWriter(QuicClient* client, QuicPacketWriter* writer) {
+  client->set_writer(writer);
+}
+
 }  // namespace test
 }  // namespace net
diff --git a/chromium/net/tools/quic/test_tools/quic_client_peer.h b/chromium/net/tools/quic/test_tools/quic_client_peer.h
index 4d249a3087d..711fb78c5a9 100644
--- a/chromium/net/tools/quic/test_tools/quic_client_peer.h
+++ b/chromium/net/tools/quic/test_tools/quic_client_peer.h
@@ -19,9 +19,11 @@ namespace test {
 
 class QuicClientPeer {
  public:
+  static QuicCryptoClientConfig* GetCryptoConfig(QuicClient* client);
   static bool CreateUDPSocketAndBind(QuicClient* client);
   static void CleanUpUDPSocket(QuicClient* client, int fd);
   static void SetClientPort(QuicClient* client, int port);
+  static void SetWriter(QuicClient* client, QuicPacketWriter* writer);
 
  private:
   DISALLOW_COPY_AND_ASSIGN(QuicClientPeer);
diff --git a/chromium/net/tools/quic/test_tools/quic_dispatcher_peer.cc b/chromium/net/tools/quic/test_tools/quic_dispatcher_peer.cc
index 232043fbc5c..48a61f71d68 100644
--- a/chromium/net/tools/quic/test_tools/quic_dispatcher_peer.cc
+++ b/chromium/net/tools/quic/test_tools/quic_dispatcher_peer.cc
@@ -42,6 +42,12 @@ QuicConnectionHelperInterface* QuicDispatcherPeer::GetHelper(
 }
 
 // static
+QuicAlarmFactory* QuicDispatcherPeer::GetAlarmFactory(
+    QuicDispatcher* dispatcher) {
+  return dispatcher->alarm_factory_.get();
+}
+
+// static
 QuicDispatcher::WriteBlockedList* QuicDispatcherPeer::GetWriteBlockedList(
     QuicDispatcher* dispatcher) {
   return &dispatcher->write_blocked_list_;
diff --git a/chromium/net/tools/quic/test_tools/quic_dispatcher_peer.h b/chromium/net/tools/quic/test_tools/quic_dispatcher_peer.h
index cbd60e27b8f..4ff4d2d38b6 100644
--- a/chromium/net/tools/quic/test_tools/quic_dispatcher_peer.h
+++ b/chromium/net/tools/quic/test_tools/quic_dispatcher_peer.h
@@ -32,6 +32,8 @@ class QuicDispatcherPeer {
 
   static QuicConnectionHelperInterface* GetHelper(QuicDispatcher* dispatcher);
 
+  static QuicAlarmFactory* GetAlarmFactory(QuicDispatcher* dispatcher);
+
   static QuicDispatcher::WriteBlockedList* GetWriteBlockedList(
       QuicDispatcher* dispatcher);
 
diff --git a/chromium/net/tools/quic/test_tools/quic_test_client.cc b/chromium/net/tools/quic/test_tools/quic_test_client.cc
index db9a9b982e8..760c451af1c 100644
--- a/chromium/net/tools/quic/test_tools/quic_test_client.cc
+++ b/chromium/net/tools/quic/test_tools/quic_test_client.cc
@@ -4,6 +4,8 @@
 
 #include "net/tools/quic/test_tools/quic_test_client.h"
 
+#include <memory>
+
 #include "base/time/time.h"
 #include "net/base/completion_callback.h"
 #include "net/base/net_errors.h"
@@ -52,7 +54,7 @@ class RecordingProofVerifier : public ProofVerifier {
                               const string& signature,
                               const ProofVerifyContext* context,
                               string* error_details,
-                              scoped_ptr<ProofVerifyDetails>* details,
+                              std::unique_ptr<ProofVerifyDetails>* details,
                               ProofVerifierCallback* callback) override {
     common_name_.clear();
     if (certs.empty()) {
@@ -184,9 +186,7 @@ QuicTestClient::QuicTestClient(IPEndPoint server_address,
                                      config,
                                      supported_versions,
                                      &epoll_server_)),
-      allow_bidirectional_data_(false),
-      num_requests_(0),
-      num_responses_(0) {
+      allow_bidirectional_data_(false) {
   Initialize();
 }
 
@@ -204,6 +204,8 @@ void QuicTestClient::Initialize() {
   connect_attempted_ = false;
   auto_reconnect_ = false;
   buffer_body_ = true;
+  num_requests_ = 0;
+  num_responses_ = 0;
   ClearPerRequestState();
   // As chrome will generally do this, we want it to be the default when it's
   // not overridden.
@@ -311,7 +313,7 @@ ssize_t QuicTestClient::SendMessage(const HTTPMessage& message) {
   // CHECK(message.body_chunks().empty())
   //      << "HTTPMessage::body_chunks not supported";
 
-  scoped_ptr<BalsaHeaders> munged_headers(MungeHeaders(message.headers()));
+  std::unique_ptr<BalsaHeaders> munged_headers(MungeHeaders(message.headers()));
   ssize_t ret = GetOrCreateStreamAndSendRequest(
       (munged_headers.get() ? munged_headers.get() : message.headers()),
       message.body(), message.has_complete_message(), nullptr);
@@ -561,6 +563,7 @@ void QuicTestClient::OnClose(QuicSpdyStream* stream) {
     // Always close the stream, regardless of whether it was the last stream
     // written.
     client()->OnClose(stream);
+    ++num_responses_;
   }
   if (stream_ != stream) {
     return;
@@ -581,7 +584,6 @@ void QuicTestClient::OnClose(QuicSpdyStream* stream) {
   response_header_size_ = response_headers_.GetSizeForWriteBuffer();
   response_body_size_ = stream_->data().size();
   stream_ = nullptr;
-  ++num_responses_;
 }
 
 bool QuicTestClient::CheckVary(const SpdyHeaderBlock& client_request,
diff --git a/chromium/net/tools/quic/test_tools/quic_test_client.h b/chromium/net/tools/quic/test_tools/quic_test_client.h
index b8530f46f46..a25a842d5cb 100644
--- a/chromium/net/tools/quic/test_tools/quic_test_client.h
+++ b/chromium/net/tools/quic/test_tools/quic_test_client.h
@@ -8,10 +8,11 @@
 #include <stddef.h>
 #include <stdint.h>
 
+#include <cstdint>
+#include <memory>
 #include <string>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/ip_address.h"
 #include "net/base/ip_endpoint.h"
 #include "net/quic/proto/cached_network_parameters.pb.h"
@@ -23,6 +24,8 @@
 #include "net/tools/quic/quic_client.h"
 #include "net/tools/quic/test_tools/simple_client.h"
 
+using base::StringPiece;
+
 namespace net {
 
 class ProofVerifier;
@@ -233,7 +236,7 @@ class QuicTestClient : public test::SimpleClient,
   bool HaveActiveStream();
 
   EpollServer epoll_server_;
-  scoped_ptr<MockableQuicClient> client_;  // The actual client
+  std::unique_ptr<MockableQuicClient> client_;  // The actual client
   QuicSpdyClientStream* stream_;
 
   QuicRstStreamErrorCode stream_error_;
diff --git a/chromium/net/tools/quic/test_tools/quic_test_server.cc b/chromium/net/tools/quic/test_tools/quic_test_server.cc
index dc5fc45141d..a872bb02f98 100644
--- a/chromium/net/tools/quic/test_tools/quic_test_server.cc
+++ b/chromium/net/tools/quic/test_tools/quic_test_server.cc
@@ -7,7 +7,7 @@
 #include "base/logging.h"
 #include "base/run_loop.h"
 #include "base/synchronization/lock.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/ip_endpoint.h"
 #include "net/base/net_errors.h"
 #include "net/quic/crypto/crypto_handshake.h"
@@ -19,6 +19,7 @@
 #include "net/quic/quic_packet_writer.h"
 #include "net/quic/quic_protocol.h"
 #include "net/tools/quic/quic_dispatcher.h"
+#include "net/tools/quic/quic_epoll_alarm_factory.h"
 #include "net/tools/quic/quic_epoll_connection_helper.h"
 #include "net/tools/quic/quic_simple_server_session.h"
 #include "net/tools/quic/quic_simple_server_stream.h"
@@ -76,8 +77,13 @@ class QuicTestDispatcher : public QuicDispatcher {
   QuicTestDispatcher(const QuicConfig& config,
                      const QuicCryptoServerConfig* crypto_config,
                      const QuicVersionVector& versions,
-                     QuicConnectionHelperInterface* helper)
-      : QuicDispatcher(config, crypto_config, versions, helper),
+                     std::unique_ptr<QuicConnectionHelperInterface> helper,
+                     std::unique_ptr<QuicAlarmFactory> alarm_factory)
+      : QuicDispatcher(config,
+                       crypto_config,
+                       versions,
+                       std::move(helper),
+                       std::move(alarm_factory)),
         session_factory_(nullptr),
         stream_factory_(nullptr),
         crypto_stream_factory_(nullptr) {}
@@ -90,7 +96,7 @@ class QuicTestDispatcher : public QuicDispatcher {
       return QuicDispatcher::CreateQuicSession(id, client);
     }
     QuicConnection* connection = new QuicConnection(
-        id, client, helper(), CreatePerConnectionWriter(),
+        id, client, helper(), alarm_factory(), CreatePerConnectionWriter(),
         /* owns_writer= */ true, Perspective::IS_SERVER, supported_versions());
 
     QuicServerSessionBase* session = nullptr;
@@ -150,8 +156,10 @@ QuicTestServer::QuicTestServer(ProofSource* proof_source,
 QuicDispatcher* QuicTestServer::CreateQuicDispatcher() {
   return new QuicTestDispatcher(
       config(), &crypto_config(), supported_versions(),
-      new QuicEpollConnectionHelper(epoll_server(),
-                                    QuicAllocator::BUFFER_POOL));
+      std::unique_ptr<QuicEpollConnectionHelper>(new QuicEpollConnectionHelper(
+          epoll_server(), QuicAllocator::BUFFER_POOL)),
+      std::unique_ptr<QuicEpollAlarmFactory>(
+          new QuicEpollAlarmFactory(epoll_server())));
 }
 
 void QuicTestServer::SetSessionFactory(SessionFactory* factory) {
@@ -180,8 +188,11 @@ ImmediateGoAwaySession::ImmediateGoAwaySession(
                               connection,
                               visitor,
                               crypto_config,
-                              compressed_certs_cache) {
+                              compressed_certs_cache) {}
+
+void ImmediateGoAwaySession::OnStreamFrame(const QuicStreamFrame& frame) {
   SendGoAway(QUIC_PEER_GOING_AWAY, "");
+  QuicSimpleServerSession::OnStreamFrame(frame);
 }
 
 }  // namespace test
diff --git a/chromium/net/tools/quic/test_tools/quic_test_server.h b/chromium/net/tools/quic/test_tools/quic_test_server.h
index 7af5f51a97c..0b96be2cb84 100644
--- a/chromium/net/tools/quic/test_tools/quic_test_server.h
+++ b/chromium/net/tools/quic/test_tools/quic_test_server.h
@@ -5,9 +5,9 @@
 #ifndef NET_TOOLS_QUIC_TEST_TOOLS_QUIC_TEST_SERVER_H_
 #define NET_TOOLS_QUIC_TEST_TOOLS_QUIC_TEST_SERVER_H_
 
+#include <memory>
 #include <string>
 
-#include "base/memory/scoped_ptr.h"
 #include "net/base/ip_endpoint.h"
 #include "net/quic/quic_session.h"
 #include "net/tools/quic/quic_dispatcher.h"
@@ -92,6 +92,8 @@ class ImmediateGoAwaySession : public QuicSimpleServerSession {
                          QuicServerSessionVisitor* visitor,
                          const QuicCryptoServerConfig* crypto_config,
                          QuicCompressedCertsCache* compressed_certs_cache);
+  // Override to send GoAway.
+  void OnStreamFrame(const QuicStreamFrame& frame) override;
 };
 
 }  // namespace test
diff --git a/chromium/net/tools/quic/test_tools/server_thread.h b/chromium/net/tools/quic/test_tools/server_thread.h
index 244a87c55e5..b907fd16010 100644
--- a/chromium/net/tools/quic/test_tools/server_thread.h
+++ b/chromium/net/tools/quic/test_tools/server_thread.h
@@ -5,6 +5,8 @@
 #ifndef NET_TOOLS_QUIC_TEST_TOOLS_SERVER_THREAD_H_
 #define NET_TOOLS_QUIC_TEST_TOOLS_SERVER_THREAD_H_
 
+#include <memory>
+
 #include "base/macros.h"
 #include "base/threading/simple_thread.h"
 #include "net/base/ip_endpoint.h"
@@ -63,7 +65,7 @@ class ServerThread : public base::SimpleThread {
   base::WaitableEvent resume_;     // Notified when the server should resume.
   base::WaitableEvent quit_;       // Notified when the server should quit.
 
-  scoped_ptr<QuicServer> server_;
+  std::unique_ptr<QuicServer> server_;
   IPEndPoint address_;
   base::Lock port_lock_;
   int port_;
diff --git a/chromium/net/tools/testserver/BUILD.gn b/chromium/net/tools/testserver/BUILD.gn
new file mode 100644
index 00000000000..94c89598a8d
--- /dev/null
+++ b/chromium/net/tools/testserver/BUILD.gn
@@ -0,0 +1,12 @@
+# Copyright 2016 The Chromium Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+group("testserver_py") {
+  _py_files = read_file("testserver.pydeps", "list lines")
+
+  # Filter out comments.
+  set_sources_assignment_filter([ "#*" ])
+  sources = _py_files
+  data = sources
+}
diff --git a/chromium/net/tools/testserver/run_testserver.cc b/chromium/net/tools/testserver/run_testserver.cc
index 717fee17a19..6da829d9f31 100644
--- a/chromium/net/tools/testserver/run_testserver.cc
+++ b/chromium/net/tools/testserver/run_testserver.cc
@@ -95,7 +95,7 @@ int main(int argc, const char* argv[]) {
     return -1;
   }
 
-  scoped_ptr<net::SpawnedTestServer> test_server;
+  std::unique_ptr<net::SpawnedTestServer> test_server;
   if (net::SpawnedTestServer::UsingSSL(server_type)) {
     test_server.reset(
         new net::SpawnedTestServer(server_type, ssl_options, doc_root));
diff --git a/chromium/net/tools/testserver/testserver.pydeps b/chromium/net/tools/testserver/testserver.pydeps
new file mode 100644
index 00000000000..3a7da8c8e8b
--- /dev/null
+++ b/chromium/net/tools/testserver/testserver.pydeps
@@ -0,0 +1,84 @@
+# Generated by running:
+#   build/print_python_deps.py --root net/tools/testserver --output net/tools/testserver/testserver.pydeps net/tools/testserver/testserver.py
+../../../third_party/pyftpdlib/src/pyftpdlib/__init__.py
+../../../third_party/pyftpdlib/src/pyftpdlib/ftpserver.py
+../../../third_party/pywebsocket/src/mod_pywebsocket/__init__.py
+../../../third_party/pywebsocket/src/mod_pywebsocket/_stream_base.py
+../../../third_party/pywebsocket/src/mod_pywebsocket/_stream_hixie75.py
+../../../third_party/pywebsocket/src/mod_pywebsocket/_stream_hybi.py
+../../../third_party/pywebsocket/src/mod_pywebsocket/common.py
+../../../third_party/pywebsocket/src/mod_pywebsocket/dispatch.py
+../../../third_party/pywebsocket/src/mod_pywebsocket/extensions.py
+../../../third_party/pywebsocket/src/mod_pywebsocket/handshake/__init__.py
+../../../third_party/pywebsocket/src/mod_pywebsocket/handshake/_base.py
+../../../third_party/pywebsocket/src/mod_pywebsocket/handshake/hybi.py
+../../../third_party/pywebsocket/src/mod_pywebsocket/handshake/hybi00.py
+../../../third_party/pywebsocket/src/mod_pywebsocket/http_header_util.py
+../../../third_party/pywebsocket/src/mod_pywebsocket/memorizingfile.py
+../../../third_party/pywebsocket/src/mod_pywebsocket/msgutil.py
+../../../third_party/pywebsocket/src/mod_pywebsocket/mux.py
+../../../third_party/pywebsocket/src/mod_pywebsocket/standalone.py
+../../../third_party/pywebsocket/src/mod_pywebsocket/stream.py
+../../../third_party/pywebsocket/src/mod_pywebsocket/util.py
+../../../third_party/pywebsocket/src/mod_pywebsocket/xhr_benchmark_handler.py
+../../../third_party/tlslite/tlslite/__init__.py
+../../../third_party/tlslite/tlslite/api.py
+../../../third_party/tlslite/tlslite/basedb.py
+../../../third_party/tlslite/tlslite/checker.py
+../../../third_party/tlslite/tlslite/constants.py
+../../../third_party/tlslite/tlslite/errors.py
+../../../third_party/tlslite/tlslite/handshakesettings.py
+../../../third_party/tlslite/tlslite/integration/__init__.py
+../../../third_party/tlslite/tlslite/integration/asyncstatemachine.py
+../../../third_party/tlslite/tlslite/integration/clienthelper.py
+../../../third_party/tlslite/tlslite/integration/httptlsconnection.py
+../../../third_party/tlslite/tlslite/integration/imap4_tls.py
+../../../third_party/tlslite/tlslite/integration/pop3_tls.py
+../../../third_party/tlslite/tlslite/integration/smtp_tls.py
+../../../third_party/tlslite/tlslite/integration/tlsasyncdispatchermixin.py
+../../../third_party/tlslite/tlslite/integration/tlssocketservermixin.py
+../../../third_party/tlslite/tlslite/integration/xmlrpcserver.py
+../../../third_party/tlslite/tlslite/integration/xmlrpctransport.py
+../../../third_party/tlslite/tlslite/mathtls.py
+../../../third_party/tlslite/tlslite/messages.py
+../../../third_party/tlslite/tlslite/session.py
+../../../third_party/tlslite/tlslite/sessioncache.py
+../../../third_party/tlslite/tlslite/tlsconnection.py
+../../../third_party/tlslite/tlslite/tlsrecordlayer.py
+../../../third_party/tlslite/tlslite/utils/__init__.py
+../../../third_party/tlslite/tlslite/utils/aes.py
+../../../third_party/tlslite/tlslite/utils/aesgcm.py
+../../../third_party/tlslite/tlslite/utils/asn1parser.py
+../../../third_party/tlslite/tlslite/utils/cipherfactory.py
+../../../third_party/tlslite/tlslite/utils/codec.py
+../../../third_party/tlslite/tlslite/utils/compat.py
+../../../third_party/tlslite/tlslite/utils/cryptomath.py
+../../../third_party/tlslite/tlslite/utils/keyfactory.py
+../../../third_party/tlslite/tlslite/utils/openssl_aes.py
+../../../third_party/tlslite/tlslite/utils/openssl_rc4.py
+../../../third_party/tlslite/tlslite/utils/openssl_rsakey.py
+../../../third_party/tlslite/tlslite/utils/openssl_tripledes.py
+../../../third_party/tlslite/tlslite/utils/p256.py
+../../../third_party/tlslite/tlslite/utils/pem.py
+../../../third_party/tlslite/tlslite/utils/pycrypto_aes.py
+../../../third_party/tlslite/tlslite/utils/pycrypto_aesgcm.py
+../../../third_party/tlslite/tlslite/utils/pycrypto_rc4.py
+../../../third_party/tlslite/tlslite/utils/pycrypto_rsakey.py
+../../../third_party/tlslite/tlslite/utils/pycrypto_tripledes.py
+../../../third_party/tlslite/tlslite/utils/python_aes.py
+../../../third_party/tlslite/tlslite/utils/python_aesgcm.py
+../../../third_party/tlslite/tlslite/utils/python_rc4.py
+../../../third_party/tlslite/tlslite/utils/python_rsakey.py
+../../../third_party/tlslite/tlslite/utils/rc4.py
+../../../third_party/tlslite/tlslite/utils/rijndael.py
+../../../third_party/tlslite/tlslite/utils/rsakey.py
+../../../third_party/tlslite/tlslite/utils/tackwrapper.py
+../../../third_party/tlslite/tlslite/utils/tripledes.py
+../../../third_party/tlslite/tlslite/verifierdb.py
+../../../third_party/tlslite/tlslite/x509.py
+../../../third_party/tlslite/tlslite/x509certchain.py
+asn1.py
+echo_message.py
+minica.py
+testserver.py
+testserver_base.py
diff --git a/chromium/net/udp/udp_net_log_parameters.cc b/chromium/net/udp/udp_net_log_parameters.cc
index d157fe83667..e903036c422 100644
--- a/chromium/net/udp/udp_net_log_parameters.cc
+++ b/chromium/net/udp/udp_net_log_parameters.cc
@@ -15,12 +15,12 @@ namespace net {
 
 namespace {
 
-scoped_ptr<base::Value> NetLogUDPDataTranferCallback(
+std::unique_ptr<base::Value> NetLogUDPDataTranferCallback(
     int byte_count,
     const char* bytes,
     const IPEndPoint* address,
     NetLogCaptureMode capture_mode) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetInteger("byte_count", byte_count);
   if (capture_mode.include_socket_bytes())
     dict->SetString("hex_encoded_bytes", base::HexEncode(bytes, byte_count));
@@ -29,10 +29,10 @@ scoped_ptr<base::Value> NetLogUDPDataTranferCallback(
   return std::move(dict);
 }
 
-scoped_ptr<base::Value> NetLogUDPConnectCallback(
+std::unique_ptr<base::Value> NetLogUDPConnectCallback(
     const IPEndPoint* address,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetString("address", address->ToString());
   return std::move(dict);
 }
diff --git a/chromium/net/udp/udp_socket_perftest.cc b/chromium/net/udp/udp_socket_perftest.cc
index 67804a7e9fd..8441a0ecdc4 100644
--- a/chromium/net/udp/udp_socket_perftest.cc
+++ b/chromium/net/udp/udp_socket_perftest.cc
@@ -88,7 +88,7 @@ void UDPSocketPerfTest::WriteBenchmark(bool use_nonblocking_io) {
   // Setup the server to listen.
   IPEndPoint bind_address;
   CreateUDPAddress("127.0.0.1", kPort, &bind_address);
-  scoped_ptr<UDPServerSocket> server(
+  std::unique_ptr<UDPServerSocket> server(
       new UDPServerSocket(nullptr, NetLog::Source()));
 #if defined(OS_WIN)
   if (use_nonblocking_io)
@@ -100,7 +100,7 @@ void UDPSocketPerfTest::WriteBenchmark(bool use_nonblocking_io) {
   // Setup the client.
   IPEndPoint server_address;
   CreateUDPAddress("127.0.0.1", kPort, &server_address);
-  scoped_ptr<UDPClientSocket> client(
+  std::unique_ptr<UDPClientSocket> client(
       new UDPClientSocket(DatagramSocket::DEFAULT_BIND, RandIntCallback(),
                           nullptr, NetLog::Source()));
 #if defined(OS_WIN)
diff --git a/chromium/net/udp/udp_socket_posix.cc b/chromium/net/udp/udp_socket_posix.cc
index 7e75b860574..f869256ca54 100644
--- a/chromium/net/udp/udp_socket_posix.cc
+++ b/chromium/net/udp/udp_socket_posix.cc
@@ -151,7 +151,7 @@ int UDPSocketPosix::GetPeerAddress(IPEndPoint* address) const {
     SockaddrStorage storage;
     if (getpeername(socket_, storage.addr, &storage.addr_len))
       return MapSystemError(errno);
-    scoped_ptr<IPEndPoint> address(new IPEndPoint());
+    std::unique_ptr<IPEndPoint> address(new IPEndPoint());
     if (!address->FromSockAddr(storage.addr, storage.addr_len))
       return ERR_ADDRESS_INVALID;
     remote_address_.reset(address.release());
@@ -171,7 +171,7 @@ int UDPSocketPosix::GetLocalAddress(IPEndPoint* address) const {
     SockaddrStorage storage;
     if (getsockname(socket_, storage.addr, &storage.addr_len))
       return MapSystemError(errno);
-    scoped_ptr<IPEndPoint> address(new IPEndPoint());
+    std::unique_ptr<IPEndPoint> address(new IPEndPoint());
     if (!address->FromSockAddr(storage.addr, storage.addr_len))
       return ERR_ADDRESS_INVALID;
     local_address_.reset(address.release());
diff --git a/chromium/net/udp/udp_socket_posix.h b/chromium/net/udp/udp_socket_posix.h
index 60b095c0d4a..7da58c1a629 100644
--- a/chromium/net/udp/udp_socket_posix.h
+++ b/chromium/net/udp/udp_socket_posix.h
@@ -7,9 +7,10 @@
 
 #include <stdint.h>
 
+#include <memory>
+
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/message_loop/message_loop.h"
 #include "base/threading/non_thread_safe.h"
 #include "net/base/address_family.h"
@@ -280,8 +281,8 @@ class NET_EXPORT UDPSocketPosix : public base::NonThreadSafe {
 
   // These are mutable since they're just cached copies to make
   // GetPeerAddress/GetLocalAddress smarter.
-  mutable scoped_ptr<IPEndPoint> local_address_;
-  mutable scoped_ptr<IPEndPoint> remote_address_;
+  mutable std::unique_ptr<IPEndPoint> local_address_;
+  mutable std::unique_ptr<IPEndPoint> remote_address_;
 
   // The socket's posix wrappers
   base::MessageLoopForIO::FileDescriptorWatcher read_socket_watcher_;
@@ -299,7 +300,7 @@ class NET_EXPORT UDPSocketPosix : public base::NonThreadSafe {
   // The buffer used by InternalWrite() to retry Write requests
   scoped_refptr<IOBuffer> write_buf_;
   int write_buf_len_;
-  scoped_ptr<IPEndPoint> send_to_address_;
+  std::unique_ptr<IPEndPoint> send_to_address_;
 
   // External callback; called when read is complete.
   CompletionCallback read_callback_;
diff --git a/chromium/net/udp/udp_socket_unittest.cc b/chromium/net/udp/udp_socket_unittest.cc
index 28f29cc6403..c7ab74dd4ae 100644
--- a/chromium/net/udp/udp_socket_unittest.cc
+++ b/chromium/net/udp/udp_socket_unittest.cc
@@ -14,7 +14,7 @@
 #include "base/run_loop.h"
 #include "base/single_thread_task_runner.h"
 #include "base/stl_util.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/io_buffer.h"
 #include "net/base/ip_address.h"
 #include "net/base/ip_endpoint.h"
@@ -159,7 +159,7 @@ void UDPSocketTest::ConnectTest(bool use_nonblocking_io) {
   IPEndPoint bind_address;
   CreateUDPAddress("127.0.0.1", kPort, &bind_address);
   TestNetLog server_log;
-  scoped_ptr<UDPServerSocket> server(
+  std::unique_ptr<UDPServerSocket> server(
       new UDPServerSocket(&server_log, NetLog::Source()));
 #if defined(OS_WIN)
   if (use_nonblocking_io)
@@ -173,7 +173,7 @@ void UDPSocketTest::ConnectTest(bool use_nonblocking_io) {
   IPEndPoint server_address;
   CreateUDPAddress("127.0.0.1", kPort, &server_address);
   TestNetLog client_log;
-  scoped_ptr<UDPClientSocket> client(
+  std::unique_ptr<UDPClientSocket> client(
       new UDPClientSocket(DatagramSocket::DEFAULT_BIND, RandIntCallback(),
                           &client_log, NetLog::Source()));
 #if defined(OS_WIN)
@@ -287,9 +287,9 @@ TEST_F(UDPSocketTest, Broadcast) {
   CreateUDPAddress("0.0.0.0", kPort, &listen_address);
 
   TestNetLog server1_log, server2_log;
-  scoped_ptr<UDPServerSocket> server1(
+  std::unique_ptr<UDPServerSocket> server1(
       new UDPServerSocket(&server1_log, NetLog::Source()));
-  scoped_ptr<UDPServerSocket> server2(
+  std::unique_ptr<UDPServerSocket> server2(
       new UDPServerSocket(&server2_log, NetLog::Source()));
   server1->AllowAddressReuse();
   server1->AllowBroadcast();
@@ -380,11 +380,8 @@ TEST_F(UDPSocketTest, ConnectRandomBind) {
       base::Bind(&TestPrng::GetNext, base::Unretained(&test_prng));
 
   // Create a socket with random binding policy and connect.
-  scoped_ptr<UDPClientSocket> test_socket(
-      new UDPClientSocket(DatagramSocket::RANDOM_BIND,
-                          rand_int_cb,
-                          NULL,
-                          NetLog::Source()));
+  std::unique_ptr<UDPClientSocket> test_socket(new UDPClientSocket(
+      DatagramSocket::RANDOM_BIND, rand_int_cb, NULL, NetLog::Source()));
   EXPECT_EQ(OK, test_socket->Connect(peer_address));
 
   // Make sure that the last port number in the |used_ports| was used.
@@ -412,11 +409,9 @@ TEST_F(UDPSocketTest, MAYBE_ConnectFail) {
   IPEndPoint peer_address;
   CreateUDPAddress("0.0.0.0", 53, &peer_address);
 
-  scoped_ptr<UDPSocket> socket(
-      new UDPSocket(DatagramSocket::RANDOM_BIND,
-                    base::Bind(&PrivilegedRand),
-                    NULL,
-                    NetLog::Source()));
+  std::unique_ptr<UDPSocket> socket(new UDPSocket(DatagramSocket::RANDOM_BIND,
+                                                  base::Bind(&PrivilegedRand),
+                                                  NULL, NetLog::Source()));
   int rv = socket->Open(peer_address.GetFamily());
   EXPECT_EQ(OK, rv);
   rv = socket->Connect(peer_address);
diff --git a/chromium/net/udp/udp_socket_win.cc b/chromium/net/udp/udp_socket_win.cc
index f5185571193..a3f31c31e9d 100644
--- a/chromium/net/udp/udp_socket_win.cc
+++ b/chromium/net/udp/udp_socket_win.cc
@@ -329,7 +329,7 @@ int UDPSocketWin::GetPeerAddress(IPEndPoint* address) const {
     SockaddrStorage storage;
     if (getpeername(socket_, storage.addr, &storage.addr_len))
       return MapSystemError(WSAGetLastError());
-    scoped_ptr<IPEndPoint> remote_address(new IPEndPoint());
+    std::unique_ptr<IPEndPoint> remote_address(new IPEndPoint());
     if (!remote_address->FromSockAddr(storage.addr, storage.addr_len))
       return ERR_ADDRESS_INVALID;
     remote_address_.reset(remote_address.release());
@@ -350,7 +350,7 @@ int UDPSocketWin::GetLocalAddress(IPEndPoint* address) const {
     SockaddrStorage storage;
     if (getsockname(socket_, storage.addr, &storage.addr_len))
       return MapSystemError(WSAGetLastError());
-    scoped_ptr<IPEndPoint> local_address(new IPEndPoint());
+    std::unique_ptr<IPEndPoint> local_address(new IPEndPoint());
     if (!local_address->FromSockAddr(storage.addr, storage.addr_len))
       return ERR_ADDRESS_INVALID;
     local_address_.reset(local_address.release());
diff --git a/chromium/net/udp/udp_socket_win.h b/chromium/net/udp/udp_socket_win.h
index 62c3e1163d3..14b801e36fe 100644
--- a/chromium/net/udp/udp_socket_win.h
+++ b/chromium/net/udp/udp_socket_win.h
@@ -9,10 +9,11 @@
 #include <stdint.h>
 #include <winsock2.h>
 
+#include <memory>
+
 #include "base/gtest_prod_util.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/threading/non_thread_safe.h"
 #include "base/win/object_watcher.h"
 #include "base/win/scoped_handle.h"
@@ -273,8 +274,8 @@ class NET_EXPORT UDPSocketWin
 
   // These are mutable since they're just cached copies to make
   // GetPeerAddress/GetLocalAddress smarter.
-  mutable scoped_ptr<IPEndPoint> local_address_;
-  mutable scoped_ptr<IPEndPoint> remote_address_;
+  mutable std::unique_ptr<IPEndPoint> local_address_;
+  mutable std::unique_ptr<IPEndPoint> remote_address_;
 
   // The core of the socket that can live longer than the socket itself. We pass
   // resources to the Windows async IO functions and we have to make sure that
@@ -301,7 +302,7 @@ class NET_EXPORT UDPSocketWin
 
   // Cached copy of the current address we're sending to, if any.  Used for
   // logging.
-  scoped_ptr<IPEndPoint> send_to_address_;
+  std::unique_ptr<IPEndPoint> send_to_address_;
 
   // External callback; called when read is complete.
   CompletionCallback read_callback_;
diff --git a/chromium/net/url_request/certificate_report_sender.cc b/chromium/net/url_request/certificate_report_sender.cc
index 5db245783e7..672e29194ab 100644
--- a/chromium/net/url_request/certificate_report_sender.cc
+++ b/chromium/net/url_request/certificate_report_sender.cc
@@ -38,7 +38,7 @@ CertificateReportSender::~CertificateReportSender() {
 
 void CertificateReportSender::Send(const GURL& report_uri,
                                    const std::string& report) {
-  scoped_ptr<URLRequest> url_request =
+  std::unique_ptr<URLRequest> url_request =
       request_context_->CreateRequest(report_uri, DEFAULT_PRIORITY, this);
 
   int load_flags =
@@ -50,7 +50,7 @@ void CertificateReportSender::Send(const GURL& report_uri,
 
   url_request->set_method("POST");
 
-  scoped_ptr<UploadElementReader> reader(
+  std::unique_ptr<UploadElementReader> reader(
       UploadOwnedBytesElementReader::CreateWithString(report));
   url_request->set_upload(
       ElementsUploadDataStream::CreateWithReader(std::move(reader), 0));
diff --git a/chromium/net/url_request/certificate_report_sender.h b/chromium/net/url_request/certificate_report_sender.h
index a5b686c0487..f71fbe418f8 100644
--- a/chromium/net/url_request/certificate_report_sender.h
+++ b/chromium/net/url_request/certificate_report_sender.h
@@ -5,12 +5,12 @@
 #ifndef NET_URL_REQUEST_CERTIFICATE_REPORT_SENDER_H_
 #define NET_URL_REQUEST_CERTIFICATE_REPORT_SENDER_H_
 
+#include <memory>
 #include <set>
 #include <string>
 
 #include "base/callback.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/http/transport_security_state.h"
 #include "net/url_request/url_request.h"
 
diff --git a/chromium/net/url_request/certificate_report_sender_unittest.cc b/chromium/net/url_request/certificate_report_sender_unittest.cc
index 98e7ac8b6c4..72401ad1829 100644
--- a/chromium/net/url_request/certificate_report_sender_unittest.cc
+++ b/chromium/net/url_request/certificate_report_sender_unittest.cc
@@ -8,7 +8,7 @@
 #include "base/bind_helpers.h"
 #include "base/macros.h"
 #include "base/run_loop.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/load_flags.h"
 #include "net/base/network_delegate_impl.h"
 #include "net/base/upload_bytes_element_reader.h"
@@ -227,7 +227,7 @@ TEST_F(CertificateReportSenderTest, PendingRequestGetsDeleted) {
 
   EXPECT_EQ(0u, network_delegate_.num_requests());
 
-  scoped_ptr<CertificateReportSender> reporter(new CertificateReportSender(
+  std::unique_ptr<CertificateReportSender> reporter(new CertificateReportSender(
       context(), CertificateReportSender::DO_NOT_SEND_COOKIES));
   reporter->Send(url, kDummyReport);
   reporter.reset();
diff --git a/chromium/net/url_request/ftp_protocol_handler.h b/chromium/net/url_request/ftp_protocol_handler.h
index d13bf0b0a6c..8e402256cfe 100644
--- a/chromium/net/url_request/ftp_protocol_handler.h
+++ b/chromium/net/url_request/ftp_protocol_handler.h
@@ -5,9 +5,10 @@
 #ifndef NET_URL_REQUEST_FTP_PROTOCOL_HANDLER_H_
 #define NET_URL_REQUEST_FTP_PROTOCOL_HANDLER_H_
 
+#include <memory>
+
 #include "base/compiler_specific.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/url_request/url_request_job_factory.h"
 
 namespace net {
@@ -31,7 +32,7 @@ class NET_EXPORT FtpProtocolHandler :
   friend class FtpTestURLRequestContext;
 
   FtpTransactionFactory* ftp_transaction_factory_;
-  scoped_ptr<FtpAuthCache> ftp_auth_cache_;
+  std::unique_ptr<FtpAuthCache> ftp_auth_cache_;
 
   DISALLOW_COPY_AND_ASSIGN(FtpProtocolHandler);
 };
diff --git a/chromium/net/url_request/sdch_dictionary_fetcher.cc b/chromium/net/url_request/sdch_dictionary_fetcher.cc
index 1141aab8024..a3d35655deb 100644
--- a/chromium/net/url_request/sdch_dictionary_fetcher.cc
+++ b/chromium/net/url_request/sdch_dictionary_fetcher.cc
@@ -12,12 +12,13 @@
 #include "base/bind.h"
 #include "base/compiler_specific.h"
 #include "base/macros.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/io_buffer.h"
 #include "net/base/load_flags.h"
 #include "net/base/sdch_net_log_params.h"
 #include "net/http/http_response_headers.h"
 #include "net/log/net_log.h"
+#include "net/url_request/redirect_info.h"
 #include "net/url_request/url_request_context.h"
 #include "net/url_request/url_request_status.h"
 #include "net/url_request/url_request_throttler_manager.h"
@@ -143,10 +144,21 @@ void SdchDictionaryFetcher::Cancel() {
   fetch_queue_->Clear();
 }
 
+void SdchDictionaryFetcher::OnReceivedRedirect(
+    URLRequest* request,
+    const RedirectInfo& redirect_info,
+    bool* defer_redirect) {
+  DCHECK_EQ(next_state_, STATE_SEND_REQUEST_PENDING);
+
+  next_state_ = STATE_RECEIVED_REDIRECT;
+
+  DoLoop(OK);
+}
+
 void SdchDictionaryFetcher::OnResponseStarted(URLRequest* request) {
   DCHECK(CalledOnValidThread());
   DCHECK_EQ(request, current_request_.get());
-  DCHECK_EQ(next_state_, STATE_SEND_REQUEST_COMPLETE);
+  DCHECK_EQ(next_state_, STATE_SEND_REQUEST_PENDING);
   DCHECK(!in_loop_);
 
   // Confirm that the response isn't a stale read from the cache (as
@@ -228,8 +240,11 @@ int SdchDictionaryFetcher::DoLoop(int rv) {
       case STATE_SEND_REQUEST:
         rv = DoSendRequest(rv);
         break;
-      case STATE_SEND_REQUEST_COMPLETE:
-        rv = DoSendRequestComplete(rv);
+      case STATE_RECEIVED_REDIRECT:
+        rv = DoReceivedRedirect(rv);
+        break;
+      case STATE_SEND_REQUEST_PENDING:
+        rv = DoSendRequestPending(rv);
         break;
       case STATE_READ_BODY:
         rv = DoReadBody(rv);
@@ -259,7 +274,7 @@ int SdchDictionaryFetcher::DoSendRequest(int rv) {
     return OK;
   }
 
-  next_state_ = STATE_SEND_REQUEST_COMPLETE;
+  next_state_ = STATE_SEND_REQUEST_PENDING;
 
   FetchInfo info;
   bool success = fetch_queue_->Pop(&info);
@@ -279,15 +294,22 @@ int SdchDictionaryFetcher::DoSendRequest(int rv) {
   return ERR_IO_PENDING;
 }
 
-int SdchDictionaryFetcher::DoSendRequestComplete(int rv) {
+int SdchDictionaryFetcher::DoReceivedRedirect(int rv) {
+  // Fetching SDCH through a redirect is forbidden; it raises possible
+  // security issues cross-origin, and isn't obviously useful within
+  // an origin.
+  ResetRequest();
+  next_state_ = STATE_SEND_REQUEST;
+  return ERR_UNSAFE_REDIRECT;
+}
+
+int SdchDictionaryFetcher::DoSendRequestPending(int rv) {
   DCHECK(CalledOnValidThread());
 
   // If there's been an error, abort the current request.
   if (rv != OK) {
-    current_request_.reset();
-    buffer_ = NULL;
+    ResetRequest();
     next_state_ = STATE_SEND_REQUEST;
-
     return OK;
   }
 
@@ -319,8 +341,7 @@ int SdchDictionaryFetcher::DoReadBodyComplete(int rv) {
 
   // An error; abort the current request.
   if (rv < 0) {
-    current_request_.reset();
-    buffer_ = NULL;
+    ResetRequest();
     next_state_ = STATE_SEND_REQUEST;
     return OK;
   }
diff --git a/chromium/net/url_request/sdch_dictionary_fetcher.h b/chromium/net/url_request/sdch_dictionary_fetcher.h
index 7b18980ad43..e4b7c4fe519 100644
--- a/chromium/net/url_request/sdch_dictionary_fetcher.h
+++ b/chromium/net/url_request/sdch_dictionary_fetcher.h
@@ -11,11 +11,11 @@
 #ifndef NET_URL_REQUEST_SDCH_DICTIONARY_FETCHER_H_
 #define NET_URL_REQUEST_SDCH_DICTIONARY_FETCHER_H_
 
+#include <memory>
 #include <string>
 
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/threading/non_thread_safe.h"
 #include "net/base/sdch_manager.h"
 #include "net/url_request/url_fetcher_delegate.h"
@@ -62,6 +62,9 @@ class NET_EXPORT SdchDictionaryFetcher : public URLRequest::Delegate,
   virtual void Cancel();
 
   // Implementation of URLRequest::Delegate methods.
+  void OnReceivedRedirect(URLRequest* request,
+                          const RedirectInfo& redirect_info,
+                          bool* defer_redirect) override;
   void OnResponseStarted(URLRequest* request) override;
   void OnReadCompleted(URLRequest* request, int bytes_read) override;
 
@@ -69,7 +72,8 @@ class NET_EXPORT SdchDictionaryFetcher : public URLRequest::Delegate,
   enum State {
     STATE_NONE,
     STATE_SEND_REQUEST,
-    STATE_SEND_REQUEST_COMPLETE,
+    STATE_RECEIVED_REDIRECT,
+    STATE_SEND_REQUEST_PENDING,
     STATE_READ_BODY,
     STATE_READ_BODY_COMPLETE,
     STATE_REQUEST_COMPLETE,
@@ -90,7 +94,8 @@ class NET_EXPORT SdchDictionaryFetcher : public URLRequest::Delegate,
   // State machine implementation.
   int DoLoop(int rv);
   int DoSendRequest(int rv);
-  int DoSendRequestComplete(int rv);
+  int DoReceivedRedirect(int rv);
+  int DoSendRequestPending(int rv);
   int DoReadBody(int rv);
   int DoReadBodyComplete(int rv);
   int DoCompleteRequest(int rv);
@@ -99,11 +104,11 @@ class NET_EXPORT SdchDictionaryFetcher : public URLRequest::Delegate,
   bool in_loop_;
 
   // A queue of URLs that are being used to download dictionaries.
-  scoped_ptr<UniqueFetchQueue> fetch_queue_;
+  std::unique_ptr<UniqueFetchQueue> fetch_queue_;
 
   // The request, buffer, and consumer supplied data used for getting
   // the current dictionary.  All are null when a fetch is not in progress.
-  scoped_ptr<URLRequest> current_request_;
+  std::unique_ptr<URLRequest> current_request_;
   scoped_refptr<IOBuffer> buffer_;
   OnDictionaryFetchedCallback current_callback_;
 
diff --git a/chromium/net/url_request/sdch_dictionary_fetcher_unittest.cc b/chromium/net/url_request/sdch_dictionary_fetcher_unittest.cc
index e676a2510e1..02a9987f360 100644
--- a/chromium/net/url_request/sdch_dictionary_fetcher_unittest.cc
+++ b/chromium/net/url_request/sdch_dictionary_fetcher_unittest.cc
@@ -4,6 +4,7 @@
 
 #include "net/url_request/sdch_dictionary_fetcher.h"
 
+#include <algorithm>
 #include <string>
 #include <utility>
 #include <vector>
@@ -13,14 +14,17 @@
 #include "base/logging.h"
 #include "base/macros.h"
 #include "base/run_loop.h"
+#include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/load_flags.h"
+#include "net/base/net_errors.h"
 #include "net/base/sdch_manager.h"
 #include "net/http/http_response_headers.h"
-#include "net/url_request/url_request_data_job.h"
 #include "net/url_request/url_request_filter.h"
 #include "net/url_request/url_request_interceptor.h"
+#include "net/url_request/url_request_job.h"
+#include "net/url_request/url_request_redirect_job.h"
 #include "net/url_request/url_request_test_util.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
@@ -29,9 +33,13 @@ namespace net {
 namespace {
 
 const char kSampleBufferContext[] = "This is a sample buffer.";
-const char kTestDomain[] = "top.domain.test";
+const char kTestDomain1[] = "top.domain.test";
+const char kTestDomain2[] = "top2.domain.test";
 
-class URLRequestSpecifiedResponseJob : public URLRequestSimpleJob {
+// A URLRequestJob that returns a fixed response body, based on the URL, with
+// the specified HttpResponseInfo. Can also be made to return an error after the
+// response body has been read.
+class URLRequestSpecifiedResponseJob : public URLRequestJob {
  public:
   // Called on destruction with load flags used for this request.
   typedef base::Callback<void(int)> DestructionCallback;
@@ -41,13 +49,45 @@ class URLRequestSpecifiedResponseJob : public URLRequestSimpleJob {
       NetworkDelegate* network_delegate,
       const HttpResponseInfo& response_info_to_return,
       const DestructionCallback& destruction_callback)
-      : URLRequestSimpleJob(request, network_delegate),
+      : URLRequestJob(request, network_delegate),
         response_info_to_return_(response_info_to_return),
         last_load_flags_seen_(request->load_flags()),
-        destruction_callback_(destruction_callback) {
+        destruction_callback_(destruction_callback),
+        bytes_read_(0),
+        final_read_result_(OK),
+        weak_factory_(this) {
     DCHECK(!destruction_callback.is_null());
   }
 
+  ~URLRequestSpecifiedResponseJob() override {
+    destruction_callback_.Run(last_load_flags_seen_);
+  }
+
+  // Sets the result of the final read, after the entire body has been read.
+  // Defaults to OK.
+  void set_final_read_result(Error final_read_result) {
+    final_read_result_ = final_read_result;
+  }
+
+  // URLRequestJob implementation:
+  void Start() override {
+    base::ThreadTaskRunnerHandle::Get()->PostTask(
+        FROM_HERE, base::Bind(&URLRequestSpecifiedResponseJob::StartAsync,
+                              weak_factory_.GetWeakPtr()));
+  }
+
+  int ReadRawData(IOBuffer* buf, int buf_size) override {
+    std::string response = ExpectedResponseForURL(request_->url());
+    response = response.substr(bytes_read_);
+    size_t bytes_to_copy =
+        std::min(static_cast<size_t>(buf_size), response.size());
+    if (bytes_to_copy == 0)
+      return final_read_result_;
+    memcpy(buf->data(), response.c_str(), bytes_to_copy);
+    bytes_read_ += bytes_to_copy;
+    return bytes_to_copy;
+  }
+
   static std::string ExpectedResponseForURL(const GURL& url) {
     return base::StringPrintf("Response for %s\n%s\nEnd Response for %s\n",
                               url.spec().c_str(),
@@ -55,88 +95,137 @@ class URLRequestSpecifiedResponseJob : public URLRequestSimpleJob {
                               url.spec().c_str());
   }
 
-  // URLRequestJob
   void GetResponseInfo(HttpResponseInfo* info) override {
     *info = response_info_to_return_;
   }
 
  private:
-  ~URLRequestSpecifiedResponseJob() override {
-    destruction_callback_.Run(last_load_flags_seen_);
-  }
-
-  // URLRequestSimpleJob implementation:
-  int GetData(std::string* mime_type,
-              std::string* charset,
-              std::string* data,
-              const CompletionCallback& callback) const override {
-    GURL url(request_->url());
-    *data = ExpectedResponseForURL(url);
-    return OK;
-  }
+  void StartAsync() { NotifyHeadersComplete(); }
 
   const HttpResponseInfo response_info_to_return_;
   int last_load_flags_seen_;
   const DestructionCallback destruction_callback_;
 
+  int bytes_read_;
+  Error final_read_result_;
+
+  base::WeakPtrFactory<URLRequestSpecifiedResponseJob> weak_factory_;
+
   DISALLOW_COPY_AND_ASSIGN(URLRequestSpecifiedResponseJob);
 };
 
-class SpecifiedResponseJobInterceptor : public URLRequestInterceptor {
+// Wrap URLRequestRedirectJob in a destruction callback.
+class TestURLRequestRedirectJob : public URLRequestRedirectJob {
+ public:
+  TestURLRequestRedirectJob(URLRequest* request,
+                            NetworkDelegate* network_delegate,
+                            const GURL& redirect_destination,
+                            ResponseCode response_code,
+                            const std::string& redirect_reason,
+                            base::Closure destruction_callback)
+      : URLRequestRedirectJob(request,
+                              network_delegate,
+                              redirect_destination,
+                              response_code,
+                              redirect_reason),
+        destruction_callback_(destruction_callback) {}
+  ~TestURLRequestRedirectJob() override { destruction_callback_.Run(); }
+
+ private:
+  const base::Closure destruction_callback_;
+};
+
+const char kRedirectPath[] = "/redirect/";
+const char kBodyErrorPath[] = "/body_error/";
+
+class SDCHTestRequestInterceptor : public URLRequestInterceptor {
  public:
-  // A callback to be called whenever a URLRequestSpecifiedResponseJob is
-  // created or destroyed.  The first argument will be the change in number of
-  // jobs (i.e. +1 for created, -1 for destroyed).
-  // The second argument will be undefined if the job is being created,
-  // and will contain the load flags passed to the request the
-  // job was created for if the job is being destroyed.
+  // A callback to be called whenever a URLRequestJob child of this
+  // interceptor is created or destroyed.  The first argument will be the
+  // change in number of jobs (i.e. +1 for created, -1 for destroyed).
+  // The second argument will be undefined if the job is being created
+  // or a redirect job is being destroyed, and (for non-redirect job
+  // destruction) will contain the load flags passed to the request the
+  // job was created for.
   typedef base::Callback<void(int outstanding_job_delta,
                               int destruction_load_flags)> LifecycleCallback;
 
   // |*info| will be returned from all child URLRequestSpecifiedResponseJobs.
   // Note that: a) this pointer is shared with the caller, and the caller must
-  // guarantee that |*info| outlives the SpecifiedResponseJobInterceptor, and
+  // guarantee that |*info| outlives the SDCHTestRequestInterceptor, and
   // b) |*info| is mutable, and changes to should propagate to
   // URLRequestSpecifiedResponseJobs created after any change.
-  SpecifiedResponseJobInterceptor(HttpResponseInfo* http_response_info,
-                                  const LifecycleCallback& lifecycle_callback)
+  SDCHTestRequestInterceptor(HttpResponseInfo* http_response_info,
+                             const LifecycleCallback& lifecycle_callback)
       : http_response_info_(http_response_info),
         lifecycle_callback_(lifecycle_callback) {
     DCHECK(!lifecycle_callback_.is_null());
   }
-  ~SpecifiedResponseJobInterceptor() override {}
+  ~SDCHTestRequestInterceptor() override {}
 
   URLRequestJob* MaybeInterceptRequest(
       URLRequest* request,
       NetworkDelegate* network_delegate) const override {
     lifecycle_callback_.Run(1, 0);
 
-    return new URLRequestSpecifiedResponseJob(
-        request, network_delegate, *http_response_info_,
-        base::Bind(lifecycle_callback_, -1));
+    std::string path = request->url().path();
+    if (base::StartsWith(path, kRedirectPath, base::CompareCase::SENSITIVE)) {
+      return new TestURLRequestRedirectJob(
+          request, network_delegate, GURL(path.substr(strlen(kRedirectPath))),
+          URLRequestRedirectJob::REDIRECT_307_TEMPORARY_REDIRECT, "testing",
+          base::Bind(lifecycle_callback_, -1, 0));
+    }
+
+    std::unique_ptr<URLRequestSpecifiedResponseJob> job(
+        new URLRequestSpecifiedResponseJob(
+            request, network_delegate, *http_response_info_,
+            base::Bind(lifecycle_callback_, -1)));
+    if (base::StartsWith(path, kBodyErrorPath, base::CompareCase::SENSITIVE))
+      job->set_final_read_result(net::ERR_FAILED);
+    return job.release();
   }
 
   // The caller must ensure that both |*http_response_info| and the
   // callback remain valid for the lifetime of the
-  // SpecifiedResponseJobInterceptor (i.e. until Unregister() is called).
+  // SDCHTestRequestInterceptor (i.e. until Unregister() is called).
   static void RegisterWithFilter(HttpResponseInfo* http_response_info,
                                  const LifecycleCallback& lifecycle_callback) {
-    scoped_ptr<SpecifiedResponseJobInterceptor> interceptor(
-        new SpecifiedResponseJobInterceptor(http_response_info,
-                                            lifecycle_callback));
+    URLRequestFilter::GetInstance()->AddHostnameInterceptor(
+        "http", kTestDomain1,
+        std::unique_ptr<URLRequestInterceptor>(new SDCHTestRequestInterceptor(
+            http_response_info, lifecycle_callback)));
+
+    URLRequestFilter::GetInstance()->AddHostnameInterceptor(
+        "https", kTestDomain1,
+        std::unique_ptr<URLRequestInterceptor>(new SDCHTestRequestInterceptor(
+            http_response_info, lifecycle_callback)));
 
     URLRequestFilter::GetInstance()->AddHostnameInterceptor(
-        "http", kTestDomain, std::move(interceptor));
+        "http", kTestDomain2,
+        std::unique_ptr<URLRequestInterceptor>(new SDCHTestRequestInterceptor(
+            http_response_info, lifecycle_callback)));
+
+    URLRequestFilter::GetInstance()->AddHostnameInterceptor(
+        "https", kTestDomain2,
+        std::unique_ptr<URLRequestInterceptor>(new SDCHTestRequestInterceptor(
+            http_response_info, lifecycle_callback)));
   }
 
   static void Unregister() {
-    URLRequestFilter::GetInstance()->RemoveHostnameHandler("http", kTestDomain);
+    URLRequestFilter::GetInstance()->RemoveHostnameHandler("http",
+                                                           kTestDomain1);
+    URLRequestFilter::GetInstance()->RemoveHostnameHandler("https",
+                                                           kTestDomain1);
+    URLRequestFilter::GetInstance()->RemoveHostnameHandler("http",
+                                                           kTestDomain2);
+    URLRequestFilter::GetInstance()->RemoveHostnameHandler("https",
+                                                           kTestDomain2);
   }
 
  private:
   HttpResponseInfo* http_response_info_;
   LifecycleCallback lifecycle_callback_;
-  DISALLOW_COPY_AND_ASSIGN(SpecifiedResponseJobInterceptor);
+  DISALLOW_COPY_AND_ASSIGN(SDCHTestRequestInterceptor);
 };
 
 // Local test infrastructure
@@ -147,17 +236,19 @@ class SpecifiedResponseJobInterceptor : public URLRequestInterceptor {
 //   that is called when the class is destroyed.  That callback
 //   takes as arguemnt the load flags used for the request the
 //   job was created for.
-// * SpecifiedResponseJobInterceptor: This class is a
-//   URLRequestInterceptor that generates the class above.  It is constructed
+// * SDCHTestRequestInterceptor: This class is a
+//   URLRequestInterceptor that generates either the class above or an
+//   instance of URLRequestRedirectJob (if the first component of the path
+//   is "redirect").  It is constructed
 //   with a pointer to the (mutable) resposne info that should be
-//   returned from the URLRequestSpecifiedResponseJob children, as well as
+//   returned from constructed URLRequestSpecifiedResponseJobs, as well as
 //   a callback that is run when URLRequestSpecifiedResponseJobs are
 //   created or destroyed.
 // * SdchDictionaryFetcherTest: This class registers the above interceptor,
 //   tracks the number of jobs requested and the subset of those
 //   that are still outstanding.  It exports an interface to wait until there
 //   are no jobs outstanding.  It shares an HttpResponseInfo structure
-//   with the SpecifiedResponseJobInterceptor to control the response
+//   with the SDCHTestRequestInterceptor to control the response
 //   information returned by the jbos.
 // The standard pattern for tests is to schedule a dictionary fetch, wait
 // for no jobs outstanding, then test that the fetch results are as expected.
@@ -182,14 +273,14 @@ class SdchDictionaryFetcherTest : public ::testing::Test {
         factory_(this) {
     response_info_to_return_.request_time = base::Time::Now();
     response_info_to_return_.response_time = base::Time::Now();
-    SpecifiedResponseJobInterceptor::RegisterWithFilter(
+    SDCHTestRequestInterceptor::RegisterWithFilter(
         &response_info_to_return_,
         base::Bind(&SdchDictionaryFetcherTest::OnNumberJobsChanged,
                    factory_.GetWeakPtr()));
   }
 
   ~SdchDictionaryFetcherTest() override {
-    SpecifiedResponseJobInterceptor::Unregister();
+    SDCHTestRequestInterceptor::Unregister();
   }
 
   void OnDictionaryFetched(const std::string& dictionary_text,
@@ -214,7 +305,7 @@ class SdchDictionaryFetcherTest : public ::testing::Test {
 
   GURL PathToGurl(const char* path) const {
     std::string gurl_string("http://");
-    gurl_string += kTestDomain;
+    gurl_string += kTestDomain1;
     gurl_string += "/";
     gurl_string += path;
     return GURL(gurl_string);
@@ -264,9 +355,9 @@ class SdchDictionaryFetcherTest : public ::testing::Test {
   // currently used for ensuring that certain loads are marked only-from-cache.
   int last_load_flags_seen_;
 
-  scoped_ptr<base::RunLoop> run_loop_;
-  scoped_ptr<TestURLRequestContext> context_;
-  scoped_ptr<SdchDictionaryFetcher> fetcher_;
+  std::unique_ptr<base::RunLoop> run_loop_;
+  std::unique_ptr<TestURLRequestContext> context_;
+  std::unique_ptr<SdchDictionaryFetcher> fetcher_;
   std::vector<DictionaryAdditions> dictionary_additions_;
 
   // The request_time and response_time fields are filled in by the constructor
@@ -434,6 +525,55 @@ TEST_F(SdchDictionaryFetcherTest, CancelAllowsFutureFetches) {
   EXPECT_EQ(2, jobs_requested());
 }
 
+TEST_F(SdchDictionaryFetcherTest, Redirect) {
+  GURL dictionary_url(PathToGurl("dictionary"));
+  GURL local_redirect_url(dictionary_url.GetWithEmptyPath().spec() +
+                          "redirect/" + dictionary_url.spec());
+  EXPECT_TRUE(fetcher()->Schedule(local_redirect_url, GetDefaultCallback()));
+  WaitForNoJobs();
+
+  // The redirect should have been rejected with no dictionary added.
+  EXPECT_EQ(1, jobs_requested());
+  std::vector<DictionaryAdditions> additions;
+  GetDictionaryAdditions(&additions);
+  EXPECT_EQ(0u, additions.size());
+
+  // Simple SDCH dictionary fetch test, to make sure the fetcher was left
+  // in reasonable shape by the above.
+
+  GURL dictionary2_url(PathToGurl("dictionary2"));
+  fetcher()->Schedule(dictionary2_url, GetDefaultCallback());
+  WaitForNoJobs();
+
+  EXPECT_EQ(2, jobs_requested());
+  GetDictionaryAdditions(&additions);
+  ASSERT_EQ(1u, additions.size());
+  EXPECT_EQ(
+      URLRequestSpecifiedResponseJob::ExpectedResponseForURL(dictionary2_url),
+      additions[0].dictionary_text);
+  EXPECT_FALSE(last_load_flags_seen() & LOAD_ONLY_FROM_CACHE);
+}
+
+// Check the case of two requests for different URLs, where the first request
+// fails after receiving body data.
+TEST_F(SdchDictionaryFetcherTest, TwoDictionariesFirstFails) {
+  GURL dictionary_with_error_url(PathToGurl("body_error/"));
+  GURL dictionary_url(PathToGurl("dictionary"));
+  EXPECT_TRUE(
+      fetcher()->Schedule(dictionary_with_error_url, GetDefaultCallback()));
+  EXPECT_TRUE(fetcher()->Schedule(dictionary_url, GetDefaultCallback()));
+  WaitForNoJobs();
+
+  EXPECT_EQ(2, jobs_requested());
+  std::vector<DictionaryAdditions> additions;
+  GetDictionaryAdditions(&additions);
+  // Should only have a dictionary for the successful request.
+  ASSERT_EQ(1u, additions.size());
+  EXPECT_EQ(
+      URLRequestSpecifiedResponseJob::ExpectedResponseForURL(dictionary_url),
+      additions[0].dictionary_text);
+}
+
 }  // namespace
 
 }  // namespace net
diff --git a/chromium/net/url_request/test_url_fetcher_factory.cc b/chromium/net/url_request/test_url_fetcher_factory.cc
index a22c13a5d1a..c0541755483 100644
--- a/chromium/net/url_request/test_url_fetcher_factory.cc
+++ b/chromium/net/url_request/test_url_fetcher_factory.cc
@@ -14,8 +14,8 @@
 #include "base/logging.h"
 #include "base/memory/weak_ptr.h"
 #include "base/single_thread_task_runner.h"
-#include "base/thread_task_runner_handle.h"
 #include "base/threading/thread_restrictions.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/host_port_pair.h"
 #include "net/base/io_buffer.h"
 #include "net/base/net_errors.h"
@@ -170,7 +170,7 @@ void TestURLFetcher::SaveResponseToTemporaryFile(
 }
 
 void TestURLFetcher::SaveResponseWithWriter(
-    scoped_ptr<URLFetcherResponseWriter> response_writer) {
+    std::unique_ptr<URLFetcherResponseWriter> response_writer) {
   // In class URLFetcherCore this method is called by all three:
   // GetResponseAsString() / SaveResponseToFileAtPath() /
   // SaveResponseToTemporaryFile(). But here (in TestURLFetcher), this method
@@ -331,7 +331,7 @@ TestURLFetcherFactory::TestURLFetcherFactory()
 
 TestURLFetcherFactory::~TestURLFetcherFactory() {}
 
-scoped_ptr<URLFetcher> TestURLFetcherFactory::CreateURLFetcher(
+std::unique_ptr<URLFetcher> TestURLFetcherFactory::CreateURLFetcher(
     int id,
     const GURL& url,
     URLFetcher::RequestType request_type,
@@ -341,7 +341,7 @@ scoped_ptr<URLFetcher> TestURLFetcherFactory::CreateURLFetcher(
     fetcher->set_owner(this);
   fetcher->SetDelegateForTests(delegate_for_tests_);
   fetchers_[id] = fetcher;
-  return scoped_ptr<URLFetcher>(fetcher);
+  return std::unique_ptr<URLFetcher>(fetcher);
 }
 
 TestURLFetcher* TestURLFetcherFactory::GetFetcherByID(int id) const {
@@ -427,19 +427,20 @@ FakeURLFetcherFactory::FakeURLFetcherFactory(
       default_factory_(default_factory) {
 }
 
-scoped_ptr<FakeURLFetcher> FakeURLFetcherFactory::DefaultFakeURLFetcherCreator(
-      const GURL& url,
-      URLFetcherDelegate* delegate,
-      const std::string& response_data,
-      HttpStatusCode response_code,
-      URLRequestStatus::Status status) {
-  return scoped_ptr<FakeURLFetcher>(
+std::unique_ptr<FakeURLFetcher>
+FakeURLFetcherFactory::DefaultFakeURLFetcherCreator(
+    const GURL& url,
+    URLFetcherDelegate* delegate,
+    const std::string& response_data,
+    HttpStatusCode response_code,
+    URLRequestStatus::Status status) {
+  return std::unique_ptr<FakeURLFetcher>(
       new FakeURLFetcher(url, delegate, response_data, response_code, status));
 }
 
 FakeURLFetcherFactory::~FakeURLFetcherFactory() {}
 
-scoped_ptr<URLFetcher> FakeURLFetcherFactory::CreateURLFetcher(
+std::unique_ptr<URLFetcher> FakeURLFetcherFactory::CreateURLFetcher(
     int id,
     const GURL& url,
     URLFetcher::RequestType request_type,
@@ -455,7 +456,7 @@ scoped_ptr<URLFetcher> FakeURLFetcherFactory::CreateURLFetcher(
     }
   }
 
-  scoped_ptr<URLFetcher> fake_fetcher =
+  std::unique_ptr<URLFetcher> fake_fetcher =
       creator_.Run(url, d, it->second.response_data, it->second.response_code,
                    it->second.status);
   return fake_fetcher;
@@ -482,12 +483,12 @@ URLFetcherImplFactory::URLFetcherImplFactory() {}
 
 URLFetcherImplFactory::~URLFetcherImplFactory() {}
 
-scoped_ptr<URLFetcher> URLFetcherImplFactory::CreateURLFetcher(
+std::unique_ptr<URLFetcher> URLFetcherImplFactory::CreateURLFetcher(
     int id,
     const GURL& url,
     URLFetcher::RequestType request_type,
     URLFetcherDelegate* d) {
-  return scoped_ptr<URLFetcher>(new URLFetcherImpl(url, request_type, d));
+  return std::unique_ptr<URLFetcher>(new URLFetcherImpl(url, request_type, d));
 }
 
 }  // namespace net
diff --git a/chromium/net/url_request/test_url_fetcher_factory.h b/chromium/net/url_request/test_url_fetcher_factory.h
index c8d78675936..8f345f5c971 100644
--- a/chromium/net/url_request/test_url_fetcher_factory.h
+++ b/chromium/net/url_request/test_url_fetcher_factory.h
@@ -9,6 +9,7 @@
 
 #include <list>
 #include <map>
+#include <memory>
 #include <string>
 #include <utility>
 
@@ -16,7 +17,6 @@
 #include "base/compiler_specific.h"
 #include "base/files/file_path.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "base/threading/non_thread_safe.h"
 #include "net/http/http_request_headers.h"
@@ -130,7 +130,7 @@ class TestURLFetcher : public URLFetcher {
   void SaveResponseToTemporaryFile(
       scoped_refptr<base::SequencedTaskRunner> file_task_runner) override;
   void SaveResponseWithWriter(
-      scoped_ptr<URLFetcherResponseWriter> response_writer) override;
+      std::unique_ptr<URLFetcherResponseWriter> response_writer) override;
   HttpResponseHeaders* GetResponseHeaders() const override;
   HostPortPair GetSocketAddress() const override;
   bool WasFetchedViaProxy() const override;
@@ -237,7 +237,7 @@ class TestURLFetcher : public URLFetcher {
   HttpRequestHeaders fake_extra_request_headers_;
   int fake_max_retries_;
   base::TimeDelta fake_backoff_delay_;
-  scoped_ptr<URLFetcherResponseWriter> response_writer_;
+  std::unique_ptr<URLFetcherResponseWriter> response_writer_;
 
   DISALLOW_COPY_AND_ASSIGN(TestURLFetcher);
 };
@@ -254,10 +254,11 @@ class TestURLFetcherFactory : public URLFetcherFactory,
   TestURLFetcherFactory();
   ~TestURLFetcherFactory() override;
 
-  scoped_ptr<URLFetcher> CreateURLFetcher(int id,
-                                          const GURL& url,
-                                          URLFetcher::RequestType request_type,
-                                          URLFetcherDelegate* d) override;
+  std::unique_ptr<URLFetcher> CreateURLFetcher(
+      int id,
+      const GURL& url,
+      URLFetcher::RequestType request_type,
+      URLFetcherDelegate* d) override;
   TestURLFetcher* GetFetcherByID(int id) const;
   void RemoveFetcherFromMap(int id);
   void SetDelegateForTests(TestURLFetcherDelegateForTests* delegate_for_tests);
@@ -384,12 +385,13 @@ class FakeURLFetcherFactory : public URLFetcherFactory,
   // These arguments should by default be used in instantiating FakeURLFetcher
   // like so:
   // new FakeURLFetcher(url, delegate, response_data, response_code, status)
-  typedef base::Callback<scoped_ptr<FakeURLFetcher>(
+  typedef base::Callback<std::unique_ptr<FakeURLFetcher>(
       const GURL&,
       URLFetcherDelegate*,
       const std::string&,
       HttpStatusCode,
-      URLRequestStatus::Status)> FakeURLFetcherCreator;
+      URLRequestStatus::Status)>
+      FakeURLFetcherCreator;
 
   // |default_factory|, which can be NULL, is a URLFetcherFactory that
   // will be used to construct a URLFetcher in case the URL being created
@@ -414,10 +416,11 @@ class FakeURLFetcherFactory : public URLFetcherFactory,
   // NULL.
   // Otherwise, it will return a URLFetcher object which will respond with the
   // pre-baked response that the client has set by calling SetFakeResponse().
-  scoped_ptr<URLFetcher> CreateURLFetcher(int id,
-                                          const GURL& url,
-                                          URLFetcher::RequestType request_type,
-                                          URLFetcherDelegate* d) override;
+  std::unique_ptr<URLFetcher> CreateURLFetcher(
+      int id,
+      const GURL& url,
+      URLFetcher::RequestType request_type,
+      URLFetcherDelegate* d) override;
 
   // Sets the fake response for a given URL. The |response_data| may be empty.
   // The |response_code| may be any HttpStatusCode. For instance, HTTP_OK will
@@ -447,7 +450,7 @@ class FakeURLFetcherFactory : public URLFetcherFactory,
   FakeResponseMap fake_responses_;
   URLFetcherFactory* const default_factory_;
 
-  static scoped_ptr<FakeURLFetcher> DefaultFakeURLFetcherCreator(
+  static std::unique_ptr<FakeURLFetcher> DefaultFakeURLFetcherCreator(
       const GURL& url,
       URLFetcherDelegate* delegate,
       const std::string& response_data,
@@ -466,10 +469,11 @@ class URLFetcherImplFactory : public URLFetcherFactory {
   ~URLFetcherImplFactory() override;
 
   // This method will create a real URLFetcher.
-  scoped_ptr<URLFetcher> CreateURLFetcher(int id,
-                                          const GURL& url,
-                                          URLFetcher::RequestType request_type,
-                                          URLFetcherDelegate* d) override;
+  std::unique_ptr<URLFetcher> CreateURLFetcher(
+      int id,
+      const GURL& url,
+      URLFetcher::RequestType request_type,
+      URLFetcherDelegate* d) override;
 };
 
 }  // namespace net
diff --git a/chromium/net/url_request/test_url_request_interceptor.cc b/chromium/net/url_request/test_url_request_interceptor.cc
index 7b098f6ba85..4cd00693696 100644
--- a/chromium/net/url_request/test_url_request_interceptor.cc
+++ b/chromium/net/url_request/test_url_request_interceptor.cc
@@ -59,7 +59,7 @@ class TestURLRequestInterceptor::Delegate : public URLRequestInterceptor {
 
   void Register() {
     URLRequestFilter::GetInstance()->AddHostnameInterceptor(
-        scheme_, hostname_, scoped_ptr<URLRequestInterceptor>(this));
+        scheme_, hostname_, std::unique_ptr<URLRequestInterceptor>(this));
   }
 
   static void Unregister(const std::string& scheme,
diff --git a/chromium/net/url_request/url_fetcher.cc b/chromium/net/url_request/url_fetcher.cc
index d4bd8200c25..1d13e4581ca 100644
--- a/chromium/net/url_request/url_fetcher.cc
+++ b/chromium/net/url_request/url_fetcher.cc
@@ -12,21 +12,23 @@ namespace net {
 URLFetcher::~URLFetcher() {}
 
 // static
-scoped_ptr<URLFetcher> URLFetcher::Create(const GURL& url,
-                                          URLFetcher::RequestType request_type,
-                                          URLFetcherDelegate* d) {
+std::unique_ptr<URLFetcher> URLFetcher::Create(
+    const GURL& url,
+    URLFetcher::RequestType request_type,
+    URLFetcherDelegate* d) {
   return URLFetcher::Create(0, url, request_type, d);
 }
 
 // static
-scoped_ptr<URLFetcher> URLFetcher::Create(int id,
-                                          const GURL& url,
-                                          URLFetcher::RequestType request_type,
-                                          URLFetcherDelegate* d) {
+std::unique_ptr<URLFetcher> URLFetcher::Create(
+    int id,
+    const GURL& url,
+    URLFetcher::RequestType request_type,
+    URLFetcherDelegate* d) {
   URLFetcherFactory* factory = URLFetcherImpl::factory();
-  return factory
-             ? factory->CreateURLFetcher(id, url, request_type, d)
-             : scoped_ptr<URLFetcher>(new URLFetcherImpl(url, request_type, d));
+  return factory ? factory->CreateURLFetcher(id, url, request_type, d)
+                 : std::unique_ptr<URLFetcher>(
+                       new URLFetcherImpl(url, request_type, d));
 }
 
 // static
diff --git a/chromium/net/url_request/url_fetcher.h b/chromium/net/url_request/url_fetcher.h
index 3536f0bc12a..0bf2b9cf898 100644
--- a/chromium/net/url_request/url_fetcher.h
+++ b/chromium/net/url_request/url_fetcher.h
@@ -7,12 +7,12 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 #include <vector>
 
 #include "base/callback_forward.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/supports_user_data.h"
 #include "net/base/net_export.h"
 #include "net/url_request/url_request.h"
@@ -38,7 +38,7 @@ typedef std::vector<std::string> ResponseCookies;
 
 // To use this class, create an instance with the desired URL and a pointer to
 // the object to be notified when the URL has been loaded:
-//   scoped_ptr<URLFetcher> fetcher =
+//   std::unique_ptr<URLFetcher> fetcher =
 //       URLFetcher::Create(GURL("http://www.google.com"),
 //                          URLFetcher::GET,
 //                          this);
@@ -95,7 +95,7 @@ class NET_EXPORT URLFetcher {
 
   // Used by SetUploadStreamFactory. The callback should assign a fresh upload
   // data stream every time it's called.
-  typedef base::Callback<scoped_ptr<UploadDataStream>()>
+  typedef base::Callback<std::unique_ptr<UploadDataStream>()>
       CreateUploadStreamCallback;
 
   virtual ~URLFetcher();
@@ -103,17 +103,19 @@ class NET_EXPORT URLFetcher {
   // |url| is the URL to send the request to.
   // |request_type| is the type of request to make.
   // |d| the object that will receive the callback on fetch completion.
-  static scoped_ptr<URLFetcher> Create(const GURL& url,
-                                       URLFetcher::RequestType request_type,
-                                       URLFetcherDelegate* d);
+  static std::unique_ptr<URLFetcher> Create(
+      const GURL& url,
+      URLFetcher::RequestType request_type,
+      URLFetcherDelegate* d);
 
   // Like above, but if there's a URLFetcherFactory registered with the
   // implementation it will be used. |id| may be used during testing to identify
   // who is creating the URLFetcher.
-  static scoped_ptr<URLFetcher> Create(int id,
-                                       const GURL& url,
-                                       URLFetcher::RequestType request_type,
-                                       URLFetcherDelegate* d);
+  static std::unique_ptr<URLFetcher> Create(
+      int id,
+      const GURL& url,
+      URLFetcher::RequestType request_type,
+      URLFetcherDelegate* d);
 
   // Cancels all existing URLFetchers.  Will notify the URLFetcherDelegates.
   // Note that any new URLFetchers created while this is running will not be
@@ -268,7 +270,7 @@ class NET_EXPORT URLFetcher {
   // By default, the response is saved in a string. Call this method to use the
   // specified writer to save the response. Must be called before Start().
   virtual void SaveResponseWithWriter(
-      scoped_ptr<URLFetcherResponseWriter> response_writer) = 0;
+      std::unique_ptr<URLFetcherResponseWriter> response_writer) = 0;
 
   // Retrieve the response headers from the request.  Must only be called after
   // the OnURLFetchComplete callback has run.
diff --git a/chromium/net/url_request/url_fetcher_core.cc b/chromium/net/url_request/url_fetcher_core.cc
index 3b1e1cc55d0..f1aeb164114 100644
--- a/chromium/net/url_request/url_fetcher_core.cc
+++ b/chromium/net/url_request/url_fetcher_core.cc
@@ -14,7 +14,7 @@
 #include "base/sequenced_task_runner.h"
 #include "base/single_thread_task_runner.h"
 #include "base/stl_util.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/tracked_objects.h"
 #include "net/base/elements_upload_data_stream.h"
 #include "net/base/io_buffer.h"
@@ -288,19 +288,19 @@ void URLFetcherCore::SaveResponseToFileAtPath(
     const base::FilePath& file_path,
     scoped_refptr<base::SequencedTaskRunner> file_task_runner) {
   DCHECK(delegate_task_runner_->BelongsToCurrentThread());
-  SaveResponseWithWriter(scoped_ptr<URLFetcherResponseWriter>(
+  SaveResponseWithWriter(std::unique_ptr<URLFetcherResponseWriter>(
       new URLFetcherFileWriter(file_task_runner, file_path)));
 }
 
 void URLFetcherCore::SaveResponseToTemporaryFile(
     scoped_refptr<base::SequencedTaskRunner> file_task_runner) {
   DCHECK(delegate_task_runner_->BelongsToCurrentThread());
-  SaveResponseWithWriter(scoped_ptr<URLFetcherResponseWriter>(
+  SaveResponseWithWriter(std::unique_ptr<URLFetcherResponseWriter>(
       new URLFetcherFileWriter(file_task_runner, base::FilePath())));
 }
 
 void URLFetcherCore::SaveResponseWithWriter(
-    scoped_ptr<URLFetcherResponseWriter> response_writer) {
+    std::unique_ptr<URLFetcherResponseWriter> response_writer) {
   DCHECK(delegate_task_runner_->BelongsToCurrentThread());
   response_writer_ = std::move(response_writer);
 }
@@ -556,7 +556,6 @@ void URLFetcherCore::StartURLRequest() {
   request_context_getter_->AddObserver(this);
   request_ = request_context_getter_->GetURLRequestContext()->CreateRequest(
       original_url_, DEFAULT_PRIORITY, this);
-  request_->set_stack_trace(stack_trace_);
   int flags = request_->load_flags() | load_flags_;
 
   // TODO(mmenke): This should really be with the other code to set the upload
@@ -594,21 +593,19 @@ void URLFetcherCore::StartURLRequest() {
                                          upload_content_type_);
       }
       if (!upload_content_.empty()) {
-        scoped_ptr<UploadElementReader> reader(new UploadBytesElementReader(
-            upload_content_.data(), upload_content_.size()));
+        std::unique_ptr<UploadElementReader> reader(
+            new UploadBytesElementReader(upload_content_.data(),
+                                         upload_content_.size()));
         request_->set_upload(
             ElementsUploadDataStream::CreateWithReader(std::move(reader), 0));
       } else if (!upload_file_path_.empty()) {
-        scoped_ptr<UploadElementReader> reader(
-            new UploadFileElementReader(upload_file_task_runner_.get(),
-                                        upload_file_path_,
-                                        upload_range_offset_,
-                                        upload_range_length_,
-                                        base::Time()));
+        std::unique_ptr<UploadElementReader> reader(new UploadFileElementReader(
+            upload_file_task_runner_.get(), upload_file_path_,
+            upload_range_offset_, upload_range_length_, base::Time()));
         request_->set_upload(
             ElementsUploadDataStream::CreateWithReader(std::move(reader), 0));
       } else if (!upload_stream_factory_.is_null()) {
-        scoped_ptr<UploadDataStream> stream = upload_stream_factory_.Run();
+        std::unique_ptr<UploadDataStream> stream = upload_stream_factory_.Run();
         DCHECK(stream);
         request_->set_upload(std::move(stream));
       }
diff --git a/chromium/net/url_request/url_fetcher_core.h b/chromium/net/url_request/url_fetcher_core.h
index 1f3d7fdde4b..9bd6ce1ecd4 100644
--- a/chromium/net/url_request/url_fetcher_core.h
+++ b/chromium/net/url_request/url_fetcher_core.h
@@ -7,16 +7,15 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <set>
 #include <string>
 
 #include "base/compiler_specific.h"
-#include "base/debug/stack_trace.h"
 #include "base/files/file_path.h"
 #include "base/lazy_instance.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/timer/timer.h"
 #include "net/base/chunked_upload_data_stream.h"
 #include "net/base/host_port_pair.h"
@@ -111,7 +110,7 @@ class URLFetcherCore : public base::RefCountedThreadSafe<URLFetcherCore>,
   void SaveResponseToTemporaryFile(
       scoped_refptr<base::SequencedTaskRunner> file_task_runner);
   void SaveResponseWithWriter(
-      scoped_ptr<URLFetcherResponseWriter> response_writer);
+      std::unique_ptr<URLFetcherResponseWriter> response_writer);
   HttpResponseHeaders* GetResponseHeaders() const;
   HostPortPair GetSocketAddress() const;
   bool WasFetchedViaProxy() const;
@@ -240,7 +239,7 @@ class URLFetcherCore : public base::RefCountedThreadSafe<URLFetcherCore>,
   scoped_refptr<base::SingleThreadTaskRunner> network_task_runner_;
   // Task runner for upload file access.
   scoped_refptr<base::TaskRunner> upload_file_task_runner_;
-  scoped_ptr<URLRequest> request_;   // The actual request this wraps
+  std::unique_ptr<URLRequest> request_;  // The actual request this wraps
   int load_flags_;                   // Flags for the load operation
   int response_code_;                // HTTP status code for the request
   scoped_refptr<IOBuffer> buffer_;
@@ -277,10 +276,10 @@ class URLFetcherCore : public base::RefCountedThreadSafe<URLFetcherCore>,
   // Used to write to |chunked_stream|, even after ownership has been passed to
   // the URLRequest. Continues to be valid even after the request deletes its
   // upload data.
-  scoped_ptr<ChunkedUploadDataStream::Writer> chunked_stream_writer_;
+  std::unique_ptr<ChunkedUploadDataStream::Writer> chunked_stream_writer_;
 
   // Temporary storage of ChunkedUploadDataStream, before request is created.
-  scoped_ptr<ChunkedUploadDataStream> chunked_stream_;
+  std::unique_ptr<ChunkedUploadDataStream> chunked_stream_;
 
   // Used to determine how long to wait before making a request or doing a
   // retry.
@@ -305,7 +304,7 @@ class URLFetcherCore : public base::RefCountedThreadSafe<URLFetcherCore>,
   bool was_cancelled_;
 
   // Writer object to write response to the destination like file and string.
-  scoped_ptr<URLFetcherResponseWriter> response_writer_;
+  std::unique_ptr<URLFetcherResponseWriter> response_writer_;
 
   // By default any server-initiated redirects are automatically followed. If
   // this flag is set to true, however, a redirect will halt the fetch and call
@@ -339,7 +338,7 @@ class URLFetcherCore : public base::RefCountedThreadSafe<URLFetcherCore>,
 
   // Timer to poll the progress of uploading for POST and PUT requests.
   // When crbug.com/119629 is fixed, scoped_ptr is not necessary here.
-  scoped_ptr<base::RepeatingTimer> upload_progress_checker_timer_;
+  std::unique_ptr<base::RepeatingTimer> upload_progress_checker_timer_;
   // Number of bytes sent so far.
   int64_t current_upload_bytes_;
   // Number of bytes received so far.
@@ -347,9 +346,6 @@ class URLFetcherCore : public base::RefCountedThreadSafe<URLFetcherCore>,
   // Total expected bytes to receive (-1 if it cannot be determined).
   int64_t total_response_bytes_;
 
-  // TODO(willchan): Get rid of this after debugging crbug.com/90971.
-  base::debug::StackTrace stack_trace_;
-
   static base::LazyInstance<Registry> g_registry;
 
   DISALLOW_COPY_AND_ASSIGN(URLFetcherCore);
diff --git a/chromium/net/url_request/url_fetcher_delegate.h b/chromium/net/url_request/url_fetcher_delegate.h
index 1f5eb5dbeab..192e70ac096 100644
--- a/chromium/net/url_request/url_fetcher_delegate.h
+++ b/chromium/net/url_request/url_fetcher_delegate.h
@@ -7,9 +7,9 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 
 namespace net {
diff --git a/chromium/net/url_request/url_fetcher_factory.h b/chromium/net/url_request/url_fetcher_factory.h
index 2cf024e997a..1eadec4d152 100644
--- a/chromium/net/url_request/url_fetcher_factory.h
+++ b/chromium/net/url_request/url_fetcher_factory.h
@@ -14,7 +14,7 @@ class URLFetcherDelegate;
 // URLFetcher. Factory is intended for testing.
 class URLFetcherFactory {
  public:
-  virtual scoped_ptr<URLFetcher> CreateURLFetcher(
+  virtual std::unique_ptr<URLFetcher> CreateURLFetcher(
       int id,
       const GURL& url,
       URLFetcher::RequestType request_type,
diff --git a/chromium/net/url_request/url_fetcher_impl.cc b/chromium/net/url_request/url_fetcher_impl.cc
index 37a77ffda32..1168b5f458b 100644
--- a/chromium/net/url_request/url_fetcher_impl.cc
+++ b/chromium/net/url_request/url_fetcher_impl.cc
@@ -139,7 +139,7 @@ void URLFetcherImpl::SaveResponseToTemporaryFile(
 }
 
 void URLFetcherImpl::SaveResponseWithWriter(
-    scoped_ptr<URLFetcherResponseWriter> response_writer) {
+    std::unique_ptr<URLFetcherResponseWriter> response_writer) {
   core_->SaveResponseWithWriter(std::move(response_writer));
 }
 
diff --git a/chromium/net/url_request/url_fetcher_impl.h b/chromium/net/url_request/url_fetcher_impl.h
index 107982a87eb..64eee5c2099 100644
--- a/chromium/net/url_request/url_fetcher_impl.h
+++ b/chromium/net/url_request/url_fetcher_impl.h
@@ -77,7 +77,7 @@ class NET_EXPORT_PRIVATE URLFetcherImpl : public URLFetcher {
   void SaveResponseToTemporaryFile(
       scoped_refptr<base::SequencedTaskRunner> file_task_runner) override;
   void SaveResponseWithWriter(
-      scoped_ptr<URLFetcherResponseWriter> response_writer) override;
+      std::unique_ptr<URLFetcherResponseWriter> response_writer) override;
   HttpResponseHeaders* GetResponseHeaders() const override;
   HostPortPair GetSocketAddress() const override;
   bool WasFetchedViaProxy() const override;
diff --git a/chromium/net/url_request/url_fetcher_impl_unittest.cc b/chromium/net/url_request/url_fetcher_impl_unittest.cc
index 6775fa27d29..efb17a4a89b 100644
--- a/chromium/net/url_request/url_fetcher_impl_unittest.cc
+++ b/chromium/net/url_request/url_fetcher_impl_unittest.cc
@@ -9,6 +9,7 @@
 
 #include <algorithm>
 #include <limits>
+#include <memory>
 #include <string>
 
 #include "base/bind.h"
@@ -17,7 +18,7 @@
 #include "base/files/scoped_temp_dir.h"
 #include "base/location.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
+#include "base/memory/ptr_util.h"
 #include "base/path_service.h"
 #include "base/run_loop.h"
 #include "base/single_thread_task_runner.h"
@@ -25,9 +26,9 @@
 #include "base/strings/stringprintf.h"
 #include "base/synchronization/waitable_event.h"
 #include "base/test/test_timeouts.h"
-#include "base/thread_task_runner_handle.h"
 #include "base/threading/platform_thread.h"
 #include "base/threading/thread.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "build/build_config.h"
 #include "crypto/nss_util.h"
 #include "net/base/elements_upload_data_stream.h"
@@ -44,7 +45,7 @@
 #include "net/url_request/url_request_throttler_manager.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
-#if defined(USE_NSS_VERIFIER)
+#if defined(USE_NSS_CERTS)
 #include "net/cert_net/nss_ocsp.h"
 #endif
 
@@ -155,7 +156,7 @@ class WaitingURLFetcherDelegate : public URLFetcherDelegate {
  private:
   bool did_complete_;
 
-  scoped_ptr<URLFetcherImpl> fetcher_;
+  std::unique_ptr<URLFetcherImpl> fetcher_;
   base::RunLoop run_loop_;
 
   DISALLOW_COPY_AND_ASSIGN(WaitingURLFetcherDelegate);
@@ -172,9 +173,9 @@ class FetcherTestURLRequestContext : public TestURLRequestContext {
     mock_resolver_->rules()->AddRule(hanging_domain, "127.0.0.1");
     // Pass ownership to ContextStorage to ensure correct destruction order.
     context_storage_.set_host_resolver(
-        scoped_ptr<HostResolver>(mock_resolver_));
+        std::unique_ptr<HostResolver>(mock_resolver_));
     context_storage_.set_throttler_manager(
-        make_scoped_ptr(new URLRequestThrottlerManager()));
+        base::WrapUnique(new URLRequestThrottlerManager()));
     Init();
   }
 
@@ -293,7 +294,7 @@ class FetcherTestURLRequestContextGetter : public URLRequestContextGetter {
   scoped_refptr<base::SingleThreadTaskRunner> network_task_runner_;
   const std::string hanging_domain_;
 
-  scoped_ptr<FetcherTestURLRequestContext> context_;
+  std::unique_ptr<FetcherTestURLRequestContext> context_;
   bool shutting_down_;
 
   base::Closure on_destruction_callback_;
@@ -338,13 +339,13 @@ class URLFetcherTest : public testing::Test {
   }
 
   // Callback passed to URLFetcher to create upload stream by some tests.
-  scoped_ptr<UploadDataStream> CreateUploadStream() {
+  std::unique_ptr<UploadDataStream> CreateUploadStream() {
     ++num_upload_streams_created_;
     std::vector<char> buffer(
         kCreateUploadStreamBody,
         kCreateUploadStreamBody + strlen(kCreateUploadStreamBody));
     return ElementsUploadDataStream::CreateWithReader(
-        scoped_ptr<UploadElementReader>(
+        std::unique_ptr<UploadElementReader>(
             new UploadOwnedBytesElementReader(&buffer)),
         0);
   }
@@ -363,7 +364,7 @@ class URLFetcherTest : public testing::Test {
                     bool save_to_temporary_file,
                     const base::FilePath& requested_out_path,
                     bool take_ownership) {
-    scoped_ptr<WaitingURLFetcherDelegate> delegate(
+    std::unique_ptr<WaitingURLFetcherDelegate> delegate(
         new WaitingURLFetcherDelegate());
     delegate->CreateFetcher(
         test_server_->GetURL(std::string(kTestServerFilePrefix) +
@@ -424,14 +425,14 @@ class URLFetcherTest : public testing::Test {
         kDefaultResponsePath));
     ASSERT_TRUE(hanging_url_.is_valid());
 
-#if defined(USE_NSS_VERIFIER)
+#if defined(USE_NSS_CERTS)
     crypto::EnsureNSSInit();
     EnsureNSSHttpIOInit();
 #endif
   }
 
   void TearDown() override {
-#if defined(USE_NSS_VERIFIER)
+#if defined(USE_NSS_CERTS)
     ShutdownNSSHttpIO();
 #endif
   }
@@ -445,9 +446,9 @@ class URLFetcherTest : public testing::Test {
 
   // Network thread for cross-thread tests.  Most threads just use the main
   // thread for network activity.
-  scoped_ptr<base::Thread> network_thread_;
+  std::unique_ptr<base::Thread> network_thread_;
 
-  scoped_ptr<EmbeddedTestServer> test_server_;
+  std::unique_ptr<EmbeddedTestServer> test_server_;
   GURL hanging_url_;
 
   size_t num_upload_streams_created_;
diff --git a/chromium/net/url_request/url_fetcher_response_writer.h b/chromium/net/url_request/url_fetcher_response_writer.h
index 891123a6433..f739502b9c9 100644
--- a/chromium/net/url_request/url_fetcher_response_writer.h
+++ b/chromium/net/url_request/url_fetcher_response_writer.h
@@ -5,12 +5,12 @@
 #ifndef NET_URL_REQUEST_URL_FETCHER_RESPONSE_WRITER_H_
 #define NET_URL_REQUEST_URL_FETCHER_RESPONSE_WRITER_H_
 
+#include <memory>
 #include <string>
 
 #include "base/files/file_path.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "net/base/completion_callback.h"
 #include "net/base/net_export.h"
@@ -131,7 +131,7 @@ class NET_EXPORT URLFetcherFileWriter : public URLFetcherResponseWriter {
   // True when this instance is responsible to delete the file at |file_path_|.
   bool owns_file_;
 
-  scoped_ptr<FileStream> file_stream_;
+  std::unique_ptr<FileStream> file_stream_;
 
   // Callbacks are created for use with base::FileUtilProxy.
   base::WeakPtrFactory<URLFetcherFileWriter> weak_factory_;
diff --git a/chromium/net/url_request/url_fetcher_response_writer_unittest.cc b/chromium/net/url_request/url_fetcher_response_writer_unittest.cc
index e6c16969ecb..8d39817c2a1 100644
--- a/chromium/net/url_request/url_fetcher_response_writer_unittest.cc
+++ b/chromium/net/url_request/url_fetcher_response_writer_unittest.cc
@@ -7,7 +7,7 @@
 #include "base/files/file_util.h"
 #include "base/files/scoped_temp_dir.h"
 #include "base/run_loop.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/io_buffer.h"
 #include "net/base/net_errors.h"
 #include "net/base/test_completion_callback.h"
@@ -28,7 +28,7 @@ class URLFetcherStringWriterTest : public PlatformTest {
     buf_ = new StringIOBuffer(kData);
   }
 
-  scoped_ptr<URLFetcherStringWriter> writer_;
+  std::unique_ptr<URLFetcherStringWriter> writer_;
   scoped_refptr<StringIOBuffer> buf_;
 };
 
@@ -64,7 +64,7 @@ class URLFetcherFileWriterTest : public PlatformTest {
 
   base::ScopedTempDir temp_dir_;
   base::FilePath file_path_;
-  scoped_ptr<URLFetcherFileWriter> writer_;
+  std::unique_ptr<URLFetcherFileWriter> writer_;
   scoped_refptr<StringIOBuffer> buf_;
 };
 
@@ -150,7 +150,7 @@ class URLFetcherFileWriterTemporaryFileTest : public PlatformTest {
     buf_ = new StringIOBuffer(kData);
   }
 
-  scoped_ptr<URLFetcherFileWriter> writer_;
+  std::unique_ptr<URLFetcherFileWriter> writer_;
   scoped_refptr<StringIOBuffer> buf_;
 };
 
diff --git a/chromium/net/url_request/url_request.cc b/chromium/net/url_request/url_request.cc
index 2ace1d257a9..b200fcb7ee5 100644
--- a/chromium/net/url_request/url_request.cc
+++ b/chromium/net/url_request/url_request.cc
@@ -10,7 +10,6 @@
 #include "base/bind_helpers.h"
 #include "base/callback.h"
 #include "base/compiler_specific.h"
-#include "base/debug/stack_trace.h"
 #include "base/lazy_instance.h"
 #include "base/memory/singleton.h"
 #include "base/message_loop/message_loop.h"
@@ -190,7 +189,7 @@ URLRequest::~URLRequest() {
   net_log_.EndEventWithNetErrorCode(NetLog::TYPE_REQUEST_ALIVE, net_error);
 }
 
-void URLRequest::set_upload(scoped_ptr<UploadDataStream> upload) {
+void URLRequest::set_upload(std::unique_ptr<UploadDataStream> upload) {
   upload_data_stream_ = std::move(upload);
 }
 
@@ -261,12 +260,12 @@ LoadStateWithParam URLRequest::GetLoadState() const {
                             base::string16());
 }
 
-scoped_ptr<base::Value> URLRequest::GetStateAsValue() const {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+std::unique_ptr<base::Value> URLRequest::GetStateAsValue() const {
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetString("url", original_url().possibly_invalid_spec());
 
   if (url_chain_.size() > 1) {
-    scoped_ptr<base::ListValue> list(new base::ListValue());
+    std::unique_ptr<base::ListValue> list(new base::ListValue());
     for (const GURL& url : url_chain_) {
       list->AppendString(url.possibly_invalid_spec());
     }
@@ -853,6 +852,9 @@ void URLRequest::ContinueWithCertificate(X509Certificate* client_cert,
                                          SSLPrivateKey* client_private_key) {
   DCHECK(job_.get());
 
+  // Matches the call in NotifyCertificateRequested.
+  OnCallToDelegateComplete();
+
   status_ = URLRequestStatus::FromError(ERR_IO_PENDING);
   job_->ContinueWithCertificate(client_cert, client_private_key);
 }
@@ -860,6 +862,9 @@ void URLRequest::ContinueWithCertificate(X509Certificate* client_cert,
 void URLRequest::ContinueDespiteLastError() {
   DCHECK(job_.get());
 
+  // Matches the call in NotifySSLCertificateError.
+  OnCallToDelegateComplete();
+
   status_ = URLRequestStatus::FromError(ERR_IO_PENDING);
   job_->ContinueDespiteLastError();
 }
@@ -1089,12 +1094,14 @@ void URLRequest::NotifyAuthRequiredComplete(
 void URLRequest::NotifyCertificateRequested(
     SSLCertRequestInfo* cert_request_info) {
   status_ = URLRequestStatus();
+  OnCallToDelegate();
   delegate_->OnCertificateRequested(this, cert_request_info);
 }
 
 void URLRequest::NotifySSLCertificateError(const SSLInfo& ssl_info,
                                            bool fatal) {
   status_ = URLRequestStatus();
+  OnCallToDelegate();
   delegate_->OnSSLCertificateError(this, ssl_info, fatal);
 }
 
@@ -1191,14 +1198,6 @@ void URLRequest::OnCallToDelegateComplete() {
   net_log_.EndEvent(NetLog::TYPE_URL_REQUEST_DELEGATE);
 }
 
-void URLRequest::set_stack_trace(const base::debug::StackTrace& stack_trace) {
-  stack_trace_.reset(new base::debug::StackTrace(stack_trace));
-}
-
-const base::debug::StackTrace* URLRequest::stack_trace() const {
-  return stack_trace_.get();
-}
-
 void URLRequest::GetConnectionAttempts(ConnectionAttempts* out) const {
   if (job_)
     job_->GetConnectionAttempts(out);
diff --git a/chromium/net/url_request/url_request.h b/chromium/net/url_request/url_request.h
index fcbc4454b8c..eb94da89088 100644
--- a/chromium/net/url_request/url_request.h
+++ b/chromium/net/url_request/url_request.h
@@ -7,13 +7,13 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 #include <vector>
 
 #include "base/debug/leak_tracker.h"
 #include "base/logging.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string16.h"
 #include "base/supports_user_data.h"
 #include "base/threading/non_thread_safe.h"
@@ -149,12 +149,13 @@ class NET_EXPORT URLRequest : NON_EXPORTED_BASE(public base::NonThreadSafe),
     // redirect call.
     //
     // When this function is called, the request will still contain the
-    // original URL, the destination of the redirect is provided in 'new_url'.
-    // If the delegate does not cancel the request and |*defer_redirect| is
-    // false, then the redirect will be followed, and the request's URL will be
-    // changed to the new URL.  Otherwise if the delegate does not cancel the
-    // request and |*defer_redirect| is true, then the redirect will be
-    // followed once FollowDeferredRedirect is called on the URLRequest.
+    // original URL, the destination of the redirect is provided in
+    // |redirect_info.new_url|.  If the delegate does not cancel the request
+    // and |*defer_redirect| is false, then the redirect will be followed, and
+    // the request's URL will be changed to the new URL.  Otherwise if the
+    // delegate does not cancel the request and |*defer_redirect| is true, then
+    // the redirect will be followed once FollowDeferredRedirect is called
+    // on the URLRequest.
     //
     // The caller must set |*defer_redirect| to false, so that delegates do not
     // need to set it if they are happy with the default behavior of not
@@ -338,7 +339,7 @@ class NET_EXPORT URLRequest : NON_EXPORTED_BASE(public base::NonThreadSafe),
   void set_delegate(Delegate* delegate);
 
   // Sets the upload data.
-  void set_upload(scoped_ptr<UploadDataStream> upload);
+  void set_upload(std::unique_ptr<UploadDataStream> upload);
 
   // Gets the upload data.
   const UploadDataStream* get_upload() const;
@@ -396,7 +397,7 @@ class NET_EXPORT URLRequest : NON_EXPORTED_BASE(public base::NonThreadSafe),
 
   // Returns a partial representation of the request's state as a value, for
   // debugging.
-  scoped_ptr<base::Value> GetStateAsValue() const;
+  std::unique_ptr<base::Value> GetStateAsValue() const;
 
   // Logs information about the what external object currently blocking the
   // request.  LogUnblocked must be called before resuming the request.  This
@@ -636,12 +637,6 @@ class NET_EXPORT URLRequest : NON_EXPORTED_BASE(public base::NonThreadSafe),
   // due to HSTS. If so, |redirect_url| is rewritten to the new HTTPS URL.
   bool GetHSTSRedirect(GURL* redirect_url) const;
 
-  // NOTE(willchan): This is just temporary for debugging
-  // http://crbug.com/90971.
-  // Allows to setting debug info into the URLRequest.
-  void set_stack_trace(const base::debug::StackTrace& stack_trace);
-  const base::debug::StackTrace* stack_trace() const;
-
   void set_received_response_content_length(int64_t received_content_length) {
     received_response_content_length_ = received_content_length;
   }
@@ -770,8 +765,8 @@ class NET_EXPORT URLRequest : NON_EXPORTED_BASE(public base::NonThreadSafe),
   // Tracks the time spent in various load states throughout this request.
   BoundNetLog net_log_;
 
-  scoped_ptr<URLRequestJob> job_;
-  scoped_ptr<UploadDataStream> upload_data_stream_;
+  std::unique_ptr<URLRequestJob> job_;
+  std::unique_ptr<UploadDataStream> upload_data_stream_;
 
   std::vector<GURL> url_chain_;
   GURL first_party_for_cookies_;
@@ -871,8 +866,6 @@ class NET_EXPORT URLRequest : NON_EXPORTED_BASE(public base::NonThreadSafe),
   // The proxy server used for this request, if any.
   HostPortPair proxy_server_;
 
-  scoped_ptr<const base::debug::StackTrace> stack_trace_;
-
   DISALLOW_COPY_AND_ASSIGN(URLRequest);
 };
 
diff --git a/chromium/net/url_request/url_request_backoff_manager_unittest.cc b/chromium/net/url_request/url_request_backoff_manager_unittest.cc
index 21a892e9d34..a41a537803d 100644
--- a/chromium/net/url_request/url_request_backoff_manager_unittest.cc
+++ b/chromium/net/url_request/url_request_backoff_manager_unittest.cc
@@ -4,7 +4,8 @@
 
 #include "net/url_request/url_request_backoff_manager.h"
 
-#include "base/memory/scoped_ptr.h"
+#include <memory>
+
 #include "base/strings/stringprintf.h"
 #include "base/time/time.h"
 #include "net/http/http_response_headers.h"
@@ -30,7 +31,7 @@ class URLRequestBackoffManagerTest : public testing::Test {
     manager_->UpdateWithResponse(url, headers.get(), request_time);
   }
 
-  scoped_ptr<URLRequestBackoffManager> manager_;
+  std::unique_ptr<URLRequestBackoffManager> manager_;
 };
 }  // namespace
 
diff --git a/chromium/net/url_request/url_request_context.cc b/chromium/net/url_request/url_request_context.cc
index e52021c6d06..1e69edd1b3f 100644
--- a/chromium/net/url_request/url_request_context.cc
+++ b/chromium/net/url_request/url_request_context.cc
@@ -6,7 +6,7 @@
 
 #include "base/compiler_specific.h"
 #include "base/debug/alias.h"
-#include "base/debug/stack_trace.h"
+#include "base/memory/ptr_util.h"
 #include "base/strings/string_util.h"
 #include "net/cookies/cookie_store.h"
 #include "net/dns/host_resolver.h"
@@ -35,7 +35,8 @@ URLRequestContext::URLRequestContext()
       sdch_manager_(nullptr),
       network_quality_estimator_(nullptr),
       url_requests_(new std::set<const URLRequest*>),
-      has_known_mismatched_cookie_store_(false) {}
+      has_known_mismatched_cookie_store_(false),
+      enable_brotli_(false) {}
 
 URLRequestContext::~URLRequestContext() {
   AssertNoURLRequests();
@@ -62,6 +63,7 @@ void URLRequestContext::CopyFrom(const URLRequestContext* other) {
   set_sdch_manager(other->sdch_manager_);
   set_http_user_agent_settings(other->http_user_agent_settings_);
   set_network_quality_estimator(other->network_quality_estimator_);
+  set_enable_brotli(other->enable_brotli_);
 }
 
 const HttpNetworkSession::Params* URLRequestContext::GetNetworkSessionParams(
@@ -75,11 +77,11 @@ const HttpNetworkSession::Params* URLRequestContext::GetNetworkSessionParams(
   return &network_session->params();
 }
 
-scoped_ptr<URLRequest> URLRequestContext::CreateRequest(
+std::unique_ptr<URLRequest> URLRequestContext::CreateRequest(
     const GURL& url,
     RequestPriority priority,
     URLRequest::Delegate* delegate) const {
-  return make_scoped_ptr(
+  return base::WrapUnique(
       new URLRequest(url, priority, delegate, this, network_delegate_));
 }
 
@@ -96,13 +98,9 @@ void URLRequestContext::AssertNoURLRequests() const {
     const URLRequest* request = *url_requests_->begin();
     base::strlcpy(url_buf, request->url().spec().c_str(), arraysize(url_buf));
     int load_flags = request->load_flags();
-    base::debug::StackTrace stack_trace(NULL, 0);
-    if (request->stack_trace())
-      stack_trace = *request->stack_trace();
     base::debug::Alias(url_buf);
     base::debug::Alias(&num_requests);
     base::debug::Alias(&load_flags);
-    base::debug::Alias(&stack_trace);
     CHECK(false) << "Leaked " << num_requests << " URLRequest(s). First URL: "
                  << request->url().spec().c_str() << ".";
   }
diff --git a/chromium/net/url_request/url_request_context.h b/chromium/net/url_request/url_request_context.h
index ee165b461fe..7aa3351d6d4 100644
--- a/chromium/net/url_request/url_request_context.h
+++ b/chromium/net/url_request/url_request_context.h
@@ -10,12 +10,12 @@
 #ifndef NET_URL_REQUEST_URL_REQUEST_CONTEXT_H_
 #define NET_URL_REQUEST_URL_REQUEST_CONTEXT_H_
 
+#include <memory>
 #include <set>
 #include <string>
 
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "base/threading/non_thread_safe.h"
 #include "net/base/net_export.h"
@@ -62,9 +62,10 @@ class NET_EXPORT URLRequestContext
   // session.
   const HttpNetworkSession::Params* GetNetworkSessionParams() const;
 
-  scoped_ptr<URLRequest> CreateRequest(const GURL& url,
-                                       RequestPriority priority,
-                                       URLRequest::Delegate* delegate) const;
+  std::unique_ptr<URLRequest> CreateRequest(
+      const GURL& url,
+      RequestPriority priority,
+      URLRequest::Delegate* delegate) const;
 
   NetLog* net_log() const {
     return net_log_;
@@ -234,6 +235,10 @@ class NET_EXPORT URLRequestContext
     has_known_mismatched_cookie_store_ = true;
   }
 
+  void set_enable_brotli(bool enable_brotli) { enable_brotli_ = enable_brotli; }
+
+  bool enable_brotli() const { return enable_brotli_; }
+
  private:
   // ---------------------------------------------------------------------------
   // Important: When adding any new members below, consider whether they need to
@@ -267,9 +272,12 @@ class NET_EXPORT URLRequestContext
   // be added to CopyFrom.
   // ---------------------------------------------------------------------------
 
-  scoped_ptr<std::set<const URLRequest*> > url_requests_;
+  std::unique_ptr<std::set<const URLRequest*>> url_requests_;
   bool has_known_mismatched_cookie_store_;
 
+  // Enables Brotli Content-Encoding support.
+  bool enable_brotli_;
+
   DISALLOW_COPY_AND_ASSIGN(URLRequestContext);
 };
 
diff --git a/chromium/net/url_request/url_request_context_builder.cc b/chromium/net/url_request/url_request_context_builder.cc
index e612ab81517..8ec5bedd0cf 100644
--- a/chromium/net/url_request/url_request_context_builder.cc
+++ b/chromium/net/url_request/url_request_context_builder.cc
@@ -11,10 +11,11 @@
 #include "base/compiler_specific.h"
 #include "base/logging.h"
 #include "base/macros.h"
+#include "base/memory/ptr_util.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/string_util.h"
-#include "base/thread_task_runner_handle.h"
 #include "base/threading/thread.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/cache_type.h"
 #include "net/base/net_errors.h"
 #include "net/base/network_delegate_impl.h"
@@ -151,17 +152,18 @@ class ContainerURLRequestContext : public URLRequestContext {
   }
 
   void set_transport_security_persister(
-      scoped_ptr<TransportSecurityPersister> transport_security_persister) {
+      std::unique_ptr<TransportSecurityPersister>
+          transport_security_persister) {
     transport_security_persister_ = std::move(transport_security_persister);
   }
 
  private:
   // The thread should be torn down last.
-  scoped_ptr<base::Thread> file_thread_;
+  std::unique_ptr<base::Thread> file_thread_;
   scoped_refptr<base::SingleThreadTaskRunner> file_task_runner_;
 
   URLRequestContextStorage storage_;
-  scoped_ptr<TransportSecurityPersister> transport_security_persister_;
+  std::unique_ptr<TransportSecurityPersister> transport_security_persister_;
 
   DISALLOW_COPY_AND_ASSIGN(ContainerURLRequestContext);
 };
@@ -180,11 +182,11 @@ URLRequestContextBuilder::HttpNetworkSessionParams::HttpNetworkSessionParams()
       testing_fixed_https_port(0),
       enable_spdy31(false),
       enable_http2(true),
-      parse_alternative_services(false),
-      enable_alternative_service_with_different_host(false),
+      parse_alternative_services(true),
+      enable_alternative_service_with_different_host(true),
       enable_quic(false),
       quic_max_server_configs_stored_in_properties(0),
-      quic_delay_tcp_race(false),
+      quic_delay_tcp_race(true),
       quic_max_number_of_lossy_connections(0),
       quic_prefer_aes(false),
       quic_packet_loss_threshold(1.0f),
@@ -248,18 +250,19 @@ void URLRequestContextBuilder::SetSpdyAndQuicEnabled(bool spdy_enabled,
 }
 
 void URLRequestContextBuilder::SetCertVerifier(
-    scoped_ptr<CertVerifier> cert_verifier) {
+    std::unique_ptr<CertVerifier> cert_verifier) {
   cert_verifier_ = std::move(cert_verifier);
 }
 
 void URLRequestContextBuilder::SetInterceptors(
-    std::vector<scoped_ptr<URLRequestInterceptor>> url_request_interceptors) {
+    std::vector<std::unique_ptr<URLRequestInterceptor>>
+        url_request_interceptors) {
   url_request_interceptors_ = std::move(url_request_interceptors);
 }
 
 void URLRequestContextBuilder::SetCookieAndChannelIdStores(
-    scoped_ptr<CookieStore> cookie_store,
-    scoped_ptr<ChannelIDService> channel_id_service) {
+    std::unique_ptr<CookieStore> cookie_store,
+    std::unique_ptr<ChannelIDService> channel_id_service) {
   cookie_store_set_by_client_ = true;
   // If |cookie_store| is NULL, |channel_id_service| must be NULL too.
   DCHECK(cookie_store || !channel_id_service);
@@ -274,27 +277,27 @@ void URLRequestContextBuilder::SetFileTaskRunner(
 
 void URLRequestContextBuilder::SetProtocolHandler(
     const std::string& scheme,
-    scoped_ptr<URLRequestJobFactory::ProtocolHandler> protocol_handler) {
+    std::unique_ptr<URLRequestJobFactory::ProtocolHandler> protocol_handler) {
   DCHECK(protocol_handler);
   protocol_handlers_[scheme] = std::move(protocol_handler);
 }
 
 void URLRequestContextBuilder::SetHttpAuthHandlerFactory(
-    scoped_ptr<HttpAuthHandlerFactory> factory) {
+    std::unique_ptr<HttpAuthHandlerFactory> factory) {
   http_auth_handler_factory_ = std::move(factory);
 }
 
 void URLRequestContextBuilder::SetHttpServerProperties(
-    scoped_ptr<HttpServerProperties> http_server_properties) {
+    std::unique_ptr<HttpServerProperties> http_server_properties) {
   http_server_properties_ = std::move(http_server_properties);
 }
 
-scoped_ptr<URLRequestContext> URLRequestContextBuilder::Build() {
-  scoped_ptr<ContainerURLRequestContext> context(
+std::unique_ptr<URLRequestContext> URLRequestContextBuilder::Build() {
+  std::unique_ptr<ContainerURLRequestContext> context(
       new ContainerURLRequestContext(file_task_runner_));
   URLRequestContextStorage* storage = context->storage();
 
-  storage->set_http_user_agent_settings(make_scoped_ptr(
+  storage->set_http_user_agent_settings(base::WrapUnique(
       new StaticHttpUserAgentSettings(accept_language_, user_agent_)));
 
   if (!network_delegate_)
@@ -306,7 +309,7 @@ scoped_ptr<URLRequestContext> URLRequestContextBuilder::Build() {
     // builder or resulting context.
     context->set_net_log(net_log_);
   } else {
-    storage->set_net_log(make_scoped_ptr(new NetLog));
+    storage->set_net_log(base::WrapUnique(new NetLog));
   }
 
   if (!host_resolver_) {
@@ -344,10 +347,11 @@ scoped_ptr<URLRequestContext> URLRequestContextBuilder::Build() {
     storage->set_cookie_store(std::move(cookie_store_));
     storage->set_channel_id_service(std::move(channel_id_service_));
   } else {
-    scoped_ptr<CookieStore> cookie_store(new CookieMonster(nullptr, nullptr));
+    std::unique_ptr<CookieStore> cookie_store(
+        new CookieMonster(nullptr, nullptr));
     // TODO(mmenke):  This always creates a file thread, even when it ends up
     // not being used.  Consider lazily creating the thread.
-    scoped_ptr<ChannelIDService> channel_id_service(new ChannelIDService(
+    std::unique_ptr<ChannelIDService> channel_id_service(new ChannelIDService(
         new DefaultChannelIDStore(NULL), context->GetFileTaskRunner()));
     cookie_store->SetChannelIDServiceID(channel_id_service->GetUniqueID());
     storage->set_cookie_store(std::move(cookie_store));
@@ -355,14 +359,15 @@ scoped_ptr<URLRequestContext> URLRequestContextBuilder::Build() {
   }
 
   if (sdch_enabled_) {
-    storage->set_sdch_manager(scoped_ptr<net::SdchManager>(new SdchManager()));
+    storage->set_sdch_manager(
+        std::unique_ptr<net::SdchManager>(new SdchManager()));
   }
 
   storage->set_transport_security_state(
-      make_scoped_ptr(new TransportSecurityState()));
+      base::WrapUnique(new TransportSecurityState()));
   if (!transport_security_persister_path_.empty()) {
     context->set_transport_security_persister(
-        make_scoped_ptr<TransportSecurityPersister>(
+        base::WrapUnique<TransportSecurityPersister>(
             new TransportSecurityPersister(context->transport_security_state(),
                                            transport_security_persister_path_,
                                            context->GetFileTaskRunner(),
@@ -373,7 +378,7 @@ scoped_ptr<URLRequestContext> URLRequestContextBuilder::Build() {
     storage->set_http_server_properties(std::move(http_server_properties_));
   } else {
     storage->set_http_server_properties(
-        scoped_ptr<HttpServerProperties>(new HttpServerPropertiesImpl()));
+        std::unique_ptr<HttpServerProperties>(new HttpServerPropertiesImpl()));
   }
 
   if (cert_verifier_) {
@@ -384,12 +389,12 @@ scoped_ptr<URLRequestContext> URLRequestContextBuilder::Build() {
 
   if (throttling_enabled_) {
     storage->set_throttler_manager(
-        make_scoped_ptr(new URLRequestThrottlerManager()));
+        base::WrapUnique(new URLRequestThrottlerManager()));
   }
 
   if (backoff_enabled_) {
     storage->set_backoff_manager(
-        make_scoped_ptr(new URLRequestBackoffManager()));
+        base::WrapUnique(new URLRequestBackoffManager()));
   }
 
   HttpNetworkSession::Params network_session_params;
@@ -445,11 +450,11 @@ scoped_ptr<URLRequestContext> URLRequestContextBuilder::Build() {
   }
 
   storage->set_http_network_session(
-      make_scoped_ptr(new HttpNetworkSession(network_session_params)));
+      base::WrapUnique(new HttpNetworkSession(network_session_params)));
 
-  scoped_ptr<HttpTransactionFactory> http_transaction_factory;
+  std::unique_ptr<HttpTransactionFactory> http_transaction_factory;
   if (http_cache_enabled_) {
-    scoped_ptr<HttpCache::BackendFactory> http_cache_backend;
+    std::unique_ptr<HttpCache::BackendFactory> http_cache_backend;
     if (http_cache_params_.type != HttpCacheParams::IN_MEMORY) {
       BackendType backend_type =
           http_cache_params_.type == HttpCacheParams::DISK
@@ -482,13 +487,13 @@ scoped_ptr<URLRequestContext> URLRequestContextBuilder::Build() {
 
   if (data_enabled_)
     job_factory->SetProtocolHandler("data",
-                                    make_scoped_ptr(new DataProtocolHandler));
+                                    base::WrapUnique(new DataProtocolHandler));
 
 #if !defined(DISABLE_FILE_SUPPORT)
   if (file_enabled_) {
     job_factory->SetProtocolHandler(
-        "file",
-        make_scoped_ptr(new FileProtocolHandler(context->GetFileTaskRunner())));
+        "file", base::WrapUnique(
+                    new FileProtocolHandler(context->GetFileTaskRunner())));
   }
 #endif  // !defined(DISABLE_FILE_SUPPORT)
 
@@ -497,12 +502,12 @@ scoped_ptr<URLRequestContext> URLRequestContextBuilder::Build() {
     ftp_transaction_factory_.reset(
         new FtpNetworkLayer(context->host_resolver()));
     job_factory->SetProtocolHandler(
-        "ftp", make_scoped_ptr(
+        "ftp", base::WrapUnique(
                    new FtpProtocolHandler(ftp_transaction_factory_.get())));
   }
 #endif  // !defined(DISABLE_FTP_SUPPORT)
 
-  scoped_ptr<net::URLRequestJobFactory> top_job_factory(job_factory);
+  std::unique_ptr<net::URLRequestJobFactory> top_job_factory(job_factory);
   if (!url_request_interceptors_.empty()) {
     // Set up interceptors in the reverse order.
 
diff --git a/chromium/net/url_request/url_request_context_builder.h b/chromium/net/url_request/url_request_context_builder.h
index c570d609158..2aa534f5865 100644
--- a/chromium/net/url_request/url_request_context_builder.h
+++ b/chromium/net/url_request/url_request_context_builder.h
@@ -15,7 +15,9 @@
 #define NET_URL_REQUEST_URL_REQUEST_CONTEXT_BUILDER_H_
 
 #include <stdint.h>
+
 #include <map>
+#include <memory>
 #include <string>
 #include <unordered_map>
 #include <utility>
@@ -24,7 +26,6 @@
 #include "base/files/file_path.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "build/build_config.h"
 #include "net/base/net_export.h"
 #include "net/base/network_delegate.h"
@@ -122,10 +123,10 @@ class NET_EXPORT URLRequestContextBuilder {
   // These functions are mutually exclusive.  The ProxyConfigService, if
   // set, will be used to construct a ProxyService.
   void set_proxy_config_service(
-      scoped_ptr<ProxyConfigService> proxy_config_service) {
+      std::unique_ptr<ProxyConfigService> proxy_config_service) {
     proxy_config_service_ = std::move(proxy_config_service);
   }
-  void set_proxy_service(scoped_ptr<ProxyService> proxy_service) {
+  void set_proxy_service(std::unique_ptr<ProxyService> proxy_service) {
     proxy_service_ = std::move(proxy_service);
   }
 
@@ -162,7 +163,7 @@ class NET_EXPORT URLRequestContextBuilder {
   // A ProtocolHandler already exists for |scheme| will be overwritten.
   void SetProtocolHandler(
       const std::string& scheme,
-      scoped_ptr<URLRequestJobFactory::ProtocolHandler> protocol_handler);
+      std::unique_ptr<URLRequestJobFactory::ProtocolHandler> protocol_handler);
 
   // Unlike the other setters, the builder does not take ownership of the
   // NetLog.
@@ -171,20 +172,20 @@ class NET_EXPORT URLRequestContextBuilder {
   void set_net_log(NetLog* net_log) { net_log_ = net_log; }
 
   // By default host_resolver is constructed with CreateDefaultResolver.
-  void set_host_resolver(scoped_ptr<HostResolver> host_resolver) {
+  void set_host_resolver(std::unique_ptr<HostResolver> host_resolver) {
     host_resolver_ = std::move(host_resolver);
   }
 
   // Uses BasicNetworkDelegate by default. Note that calling Build will unset
   // any custom delegate in builder, so this must be called each time before
   // Build is called.
-  void set_network_delegate(scoped_ptr<NetworkDelegate> delegate) {
+  void set_network_delegate(std::unique_ptr<NetworkDelegate> delegate) {
     network_delegate_ = std::move(delegate);
   }
 
   // Temporarily stores a ProxyDelegate. Ownership is transferred to
   // UrlRequestContextStorage during Build.
-  void set_proxy_delegate(scoped_ptr<ProxyDelegate> delegate) {
+  void set_proxy_delegate(std::unique_ptr<ProxyDelegate> delegate) {
     proxy_delegate_ = std::move(delegate);
   }
 
@@ -194,7 +195,8 @@ class NET_EXPORT URLRequestContextBuilder {
   // URLRequestContext. Note that since Build will transfer ownership, the
   // custom factory will be unset and this must be called before the next Build
   // to set another custom one.
-  void SetHttpAuthHandlerFactory(scoped_ptr<HttpAuthHandlerFactory> factory);
+  void SetHttpAuthHandlerFactory(
+      std::unique_ptr<HttpAuthHandlerFactory> factory);
 
   // By default HttpCache is enabled with a default constructed HttpCacheParams.
   void EnableHttpCache(const HttpCacheParams& params);
@@ -291,10 +293,10 @@ class NET_EXPORT URLRequestContextBuilder {
     backoff_enabled_ = backoff_enabled;
   }
 
-  void SetCertVerifier(scoped_ptr<CertVerifier> cert_verifier);
+  void SetCertVerifier(std::unique_ptr<CertVerifier> cert_verifier);
 
-  void SetInterceptors(
-      std::vector<scoped_ptr<URLRequestInterceptor>> url_request_interceptors);
+  void SetInterceptors(std::vector<std::unique_ptr<URLRequestInterceptor>>
+                           url_request_interceptors);
 
   // Override the default in-memory cookie store and channel id service.
   // If both |cookie_store| and |channel_id_service| are NULL, CookieStore and
@@ -306,8 +308,8 @@ class NET_EXPORT URLRequestContextBuilder {
   // multiple channel-id stores (or used both with and without a channel id
   // store).
   void SetCookieAndChannelIdStores(
-      scoped_ptr<CookieStore> cookie_store,
-      scoped_ptr<ChannelIDService> channel_id_service);
+      std::unique_ptr<CookieStore> cookie_store,
+      std::unique_ptr<ChannelIDService> channel_id_service);
 
   // Sets the task runner used to perform file operations. If not set, one will
   // be created.
@@ -324,9 +326,9 @@ class NET_EXPORT URLRequestContextBuilder {
   // Sets a specific HttpServerProperties for use in the
   // URLRequestContext rather than creating a default HttpServerPropertiesImpl.
   void SetHttpServerProperties(
-      scoped_ptr<HttpServerProperties> http_server_properties);
+      std::unique_ptr<HttpServerProperties> http_server_properties);
 
-  scoped_ptr<URLRequestContext> Build();
+  std::unique_ptr<URLRequestContext> Build();
 
  private:
   std::string accept_language_;
@@ -352,21 +354,21 @@ class NET_EXPORT URLRequestContextBuilder {
   HttpNetworkSessionParams http_network_session_params_;
   base::FilePath transport_security_persister_path_;
   NetLog* net_log_;
-  scoped_ptr<HostResolver> host_resolver_;
-  scoped_ptr<ChannelIDService> channel_id_service_;
-  scoped_ptr<ProxyConfigService> proxy_config_service_;
-  scoped_ptr<ProxyService> proxy_service_;
-  scoped_ptr<NetworkDelegate> network_delegate_;
-  scoped_ptr<ProxyDelegate> proxy_delegate_;
-  scoped_ptr<CookieStore> cookie_store_;
+  std::unique_ptr<HostResolver> host_resolver_;
+  std::unique_ptr<ChannelIDService> channel_id_service_;
+  std::unique_ptr<ProxyConfigService> proxy_config_service_;
+  std::unique_ptr<ProxyService> proxy_service_;
+  std::unique_ptr<NetworkDelegate> network_delegate_;
+  std::unique_ptr<ProxyDelegate> proxy_delegate_;
+  std::unique_ptr<CookieStore> cookie_store_;
 #if !defined(DISABLE_FTP_SUPPORT)
-  scoped_ptr<FtpTransactionFactory> ftp_transaction_factory_;
+  std::unique_ptr<FtpTransactionFactory> ftp_transaction_factory_;
 #endif
-  scoped_ptr<HttpAuthHandlerFactory> http_auth_handler_factory_;
-  scoped_ptr<CertVerifier> cert_verifier_;
-  std::vector<scoped_ptr<URLRequestInterceptor>> url_request_interceptors_;
-  scoped_ptr<HttpServerProperties> http_server_properties_;
-  std::map<std::string, scoped_ptr<URLRequestJobFactory::ProtocolHandler>>
+  std::unique_ptr<HttpAuthHandlerFactory> http_auth_handler_factory_;
+  std::unique_ptr<CertVerifier> cert_verifier_;
+  std::vector<std::unique_ptr<URLRequestInterceptor>> url_request_interceptors_;
+  std::unique_ptr<HttpServerProperties> http_server_properties_;
+  std::map<std::string, std::unique_ptr<URLRequestJobFactory::ProtocolHandler>>
       protocol_handlers_;
 
   DISALLOW_COPY_AND_ASSIGN(URLRequestContextBuilder);
diff --git a/chromium/net/url_request/url_request_context_builder_unittest.cc b/chromium/net/url_request/url_request_context_builder_unittest.cc
index a2706d4ca4a..2f39ef805c7 100644
--- a/chromium/net/url_request/url_request_context_builder_unittest.cc
+++ b/chromium/net/url_request/url_request_context_builder_unittest.cc
@@ -4,7 +4,9 @@
 
 #include "net/url_request/url_request_context_builder.h"
 
-#include "base/memory/scoped_ptr.h"
+#include <memory>
+
+#include "base/memory/ptr_util.h"
 #include "build/build_config.h"
 #include "net/base/request_priority.h"
 #include "net/http/http_auth_challenge_tokenizer.h"
@@ -39,7 +41,7 @@ class MockHttpAuthHandlerFactory : public HttpAuthHandlerFactory {
                         CreateReason reason,
                         int nonce_count,
                         const BoundNetLog& net_log,
-                        scoped_ptr<HttpAuthHandler>* handler) override {
+                        std::unique_ptr<HttpAuthHandler>* handler) override {
     handler->reset();
 
     return challenge->scheme() == supported_scheme_
@@ -58,7 +60,7 @@ class URLRequestContextBuilderTest : public PlatformTest {
     test_server_.AddDefaultHandlers(
         base::FilePath(FILE_PATH_LITERAL("net/data/url_request_unittest")));
 #if defined(OS_LINUX) || defined(OS_ANDROID)
-    builder_.set_proxy_config_service(make_scoped_ptr(
+    builder_.set_proxy_config_service(base::WrapUnique(
         new ProxyConfigServiceFixed(ProxyConfig::CreateDirect())));
 #endif  // defined(OS_LINUX) || defined(OS_ANDROID)
   }
@@ -70,9 +72,9 @@ class URLRequestContextBuilderTest : public PlatformTest {
 TEST_F(URLRequestContextBuilderTest, DefaultSettings) {
   ASSERT_TRUE(test_server_.Start());
 
-  scoped_ptr<URLRequestContext> context(builder_.Build());
+  std::unique_ptr<URLRequestContext> context(builder_.Build());
   TestDelegate delegate;
-  scoped_ptr<URLRequest> request(context->CreateRequest(
+  std::unique_ptr<URLRequest> request(context->CreateRequest(
       test_server_.GetURL("/echoheader?Foo"), DEFAULT_PRIORITY, &delegate));
   request->set_method("GET");
   request->SetExtraRequestHeaderByName("Foo", "Bar", false);
@@ -85,9 +87,9 @@ TEST_F(URLRequestContextBuilderTest, UserAgent) {
   ASSERT_TRUE(test_server_.Start());
 
   builder_.set_user_agent("Bar");
-  scoped_ptr<URLRequestContext> context(builder_.Build());
+  std::unique_ptr<URLRequestContext> context(builder_.Build());
   TestDelegate delegate;
-  scoped_ptr<URLRequest> request(
+  std::unique_ptr<URLRequest> request(
       context->CreateRequest(test_server_.GetURL("/echoheader?User-Agent"),
                              DEFAULT_PRIORITY, &delegate));
   request->set_method("GET");
@@ -98,8 +100,8 @@ TEST_F(URLRequestContextBuilderTest, UserAgent) {
 
 TEST_F(URLRequestContextBuilderTest, DefaultHttpAuthHandlerFactory) {
   GURL gurl("www.google.com");
-  scoped_ptr<HttpAuthHandler> handler;
-  scoped_ptr<URLRequestContext> context(builder_.Build());
+  std::unique_ptr<HttpAuthHandler> handler;
+  std::unique_ptr<URLRequestContext> context(builder_.Build());
   SSLInfo null_ssl_info;
 
   // Verify that the default basic handler is present
@@ -112,10 +114,10 @@ TEST_F(URLRequestContextBuilderTest, DefaultHttpAuthHandlerFactory) {
 TEST_F(URLRequestContextBuilderTest, CustomHttpAuthHandlerFactory) {
   GURL gurl("www.google.com");
   const int kBasicReturnCode = OK;
-  scoped_ptr<HttpAuthHandler> handler;
-  builder_.SetHttpAuthHandlerFactory(make_scoped_ptr(
+  std::unique_ptr<HttpAuthHandler> handler;
+  builder_.SetHttpAuthHandlerFactory(base::WrapUnique(
       new MockHttpAuthHandlerFactory("ExtraScheme", kBasicReturnCode)));
-  scoped_ptr<URLRequestContext> context(builder_.Build());
+  std::unique_ptr<URLRequestContext> context(builder_.Build());
   SSLInfo null_ssl_info;
   // Verify that a handler is returned for a custom scheme.
   EXPECT_EQ(kBasicReturnCode,
diff --git a/chromium/net/url_request/url_request_context_storage.cc b/chromium/net/url_request/url_request_context_storage.cc
index ed3f9052790..65cfba6f511 100644
--- a/chromium/net/url_request/url_request_context_storage.cc
+++ b/chromium/net/url_request/url_request_context_storage.cc
@@ -34,37 +34,37 @@ URLRequestContextStorage::URLRequestContextStorage(URLRequestContext* context)
 
 URLRequestContextStorage::~URLRequestContextStorage() {}
 
-void URLRequestContextStorage::set_net_log(scoped_ptr<NetLog> net_log) {
+void URLRequestContextStorage::set_net_log(std::unique_ptr<NetLog> net_log) {
   context_->set_net_log(net_log.get());
   net_log_ = std::move(net_log);
 }
 
 void URLRequestContextStorage::set_host_resolver(
-    scoped_ptr<HostResolver> host_resolver) {
+    std::unique_ptr<HostResolver> host_resolver) {
   context_->set_host_resolver(host_resolver.get());
   host_resolver_ = std::move(host_resolver);
 }
 
 void URLRequestContextStorage::set_cert_verifier(
-    scoped_ptr<CertVerifier> cert_verifier) {
+    std::unique_ptr<CertVerifier> cert_verifier) {
   context_->set_cert_verifier(cert_verifier.get());
   cert_verifier_ = std::move(cert_verifier);
 }
 
 void URLRequestContextStorage::set_channel_id_service(
-    scoped_ptr<ChannelIDService> channel_id_service) {
+    std::unique_ptr<ChannelIDService> channel_id_service) {
   context_->set_channel_id_service(channel_id_service.get());
   channel_id_service_ = std::move(channel_id_service);
 }
 
 void URLRequestContextStorage::set_http_auth_handler_factory(
-    scoped_ptr<HttpAuthHandlerFactory> http_auth_handler_factory) {
+    std::unique_ptr<HttpAuthHandlerFactory> http_auth_handler_factory) {
   context_->set_http_auth_handler_factory(http_auth_handler_factory.get());
   http_auth_handler_factory_ = std::move(http_auth_handler_factory);
 }
 
 void URLRequestContextStorage::set_proxy_service(
-    scoped_ptr<ProxyService> proxy_service) {
+    std::unique_ptr<ProxyService> proxy_service) {
   context_->set_proxy_service(proxy_service.get());
   proxy_service_ = std::move(proxy_service);
 }
@@ -76,71 +76,71 @@ void URLRequestContextStorage::set_ssl_config_service(
 }
 
 void URLRequestContextStorage::set_network_delegate(
-    scoped_ptr<NetworkDelegate> network_delegate) {
+    std::unique_ptr<NetworkDelegate> network_delegate) {
   context_->set_network_delegate(network_delegate.get());
   network_delegate_ = std::move(network_delegate);
 }
 
 void URLRequestContextStorage::set_proxy_delegate(
-    scoped_ptr<ProxyDelegate> proxy_delegate) {
+    std::unique_ptr<ProxyDelegate> proxy_delegate) {
   proxy_delegate_ = std::move(proxy_delegate);
 }
 
 void URLRequestContextStorage::set_http_server_properties(
-    scoped_ptr<HttpServerProperties> http_server_properties) {
+    std::unique_ptr<HttpServerProperties> http_server_properties) {
   http_server_properties_ = std::move(http_server_properties);
   context_->set_http_server_properties(http_server_properties_->GetWeakPtr());
 }
 
 void URLRequestContextStorage::set_cookie_store(
-    scoped_ptr<CookieStore> cookie_store) {
+    std::unique_ptr<CookieStore> cookie_store) {
   context_->set_cookie_store(cookie_store.get());
   cookie_store_ = std::move(cookie_store);
 }
 
 void URLRequestContextStorage::set_transport_security_state(
-    scoped_ptr<TransportSecurityState> transport_security_state) {
+    std::unique_ptr<TransportSecurityState> transport_security_state) {
   context_->set_transport_security_state(transport_security_state.get());
   transport_security_state_ = std::move(transport_security_state);
 }
 
 void URLRequestContextStorage::set_http_network_session(
-    scoped_ptr<HttpNetworkSession> http_network_session) {
+    std::unique_ptr<HttpNetworkSession> http_network_session) {
   http_network_session_ = std::move(http_network_session);
 }
 
 void URLRequestContextStorage::set_http_transaction_factory(
-    scoped_ptr<HttpTransactionFactory> http_transaction_factory) {
+    std::unique_ptr<HttpTransactionFactory> http_transaction_factory) {
   context_->set_http_transaction_factory(http_transaction_factory.get());
   http_transaction_factory_ = std::move(http_transaction_factory);
 }
 
 void URLRequestContextStorage::set_job_factory(
-    scoped_ptr<URLRequestJobFactory> job_factory) {
+    std::unique_ptr<URLRequestJobFactory> job_factory) {
   context_->set_job_factory(job_factory.get());
   job_factory_ = std::move(job_factory);
 }
 
 void URLRequestContextStorage::set_throttler_manager(
-    scoped_ptr<URLRequestThrottlerManager> throttler_manager) {
+    std::unique_ptr<URLRequestThrottlerManager> throttler_manager) {
   context_->set_throttler_manager(throttler_manager.get());
   throttler_manager_ = std::move(throttler_manager);
 }
 
 void URLRequestContextStorage::set_backoff_manager(
-    scoped_ptr<URLRequestBackoffManager> backoff_manager) {
+    std::unique_ptr<URLRequestBackoffManager> backoff_manager) {
   context_->set_backoff_manager(backoff_manager.get());
   backoff_manager_ = std::move(backoff_manager);
 }
 
 void URLRequestContextStorage::set_http_user_agent_settings(
-    scoped_ptr<HttpUserAgentSettings> http_user_agent_settings) {
+    std::unique_ptr<HttpUserAgentSettings> http_user_agent_settings) {
   context_->set_http_user_agent_settings(http_user_agent_settings.get());
   http_user_agent_settings_ = std::move(http_user_agent_settings);
 }
 
 void URLRequestContextStorage::set_sdch_manager(
-    scoped_ptr<SdchManager> sdch_manager) {
+    std::unique_ptr<SdchManager> sdch_manager) {
   context_->set_sdch_manager(sdch_manager.get());
   sdch_manager_ = std::move(sdch_manager);
 }
diff --git a/chromium/net/url_request/url_request_context_storage.h b/chromium/net/url_request/url_request_context_storage.h
index b888fb0c3ce..88077498d96 100644
--- a/chromium/net/url_request/url_request_context_storage.h
+++ b/chromium/net/url_request/url_request_context_storage.h
@@ -5,9 +5,10 @@
 #ifndef NET_URL_REQUEST_URL_REQUEST_CONTEXT_STORAGE_H_
 #define NET_URL_REQUEST_URL_REQUEST_CONTEXT_STORAGE_H_
 
+#include <memory>
+
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 
 namespace net {
@@ -47,33 +48,34 @@ class NET_EXPORT URLRequestContextStorage {
   // These setters will set both the member variables and call the setter on the
   // URLRequestContext object. In all cases, ownership is passed to |this|.
 
-  void set_net_log(scoped_ptr<NetLog> net_log);
-  void set_host_resolver(scoped_ptr<HostResolver> host_resolver);
-  void set_cert_verifier(scoped_ptr<CertVerifier> cert_verifier);
-  void set_channel_id_service(scoped_ptr<ChannelIDService> channel_id_service);
+  void set_net_log(std::unique_ptr<NetLog> net_log);
+  void set_host_resolver(std::unique_ptr<HostResolver> host_resolver);
+  void set_cert_verifier(std::unique_ptr<CertVerifier> cert_verifier);
+  void set_channel_id_service(
+      std::unique_ptr<ChannelIDService> channel_id_service);
   void set_http_auth_handler_factory(
-      scoped_ptr<HttpAuthHandlerFactory> http_auth_handler_factory);
-  void set_proxy_service(scoped_ptr<ProxyService> proxy_service);
+      std::unique_ptr<HttpAuthHandlerFactory> http_auth_handler_factory);
+  void set_proxy_service(std::unique_ptr<ProxyService> proxy_service);
   void set_ssl_config_service(SSLConfigService* ssl_config_service);
-  void set_network_delegate(scoped_ptr<NetworkDelegate> network_delegate);
-  void set_proxy_delegate(scoped_ptr<ProxyDelegate> proxy_delegate);
+  void set_network_delegate(std::unique_ptr<NetworkDelegate> network_delegate);
+  void set_proxy_delegate(std::unique_ptr<ProxyDelegate> proxy_delegate);
   void set_http_server_properties(
-      scoped_ptr<HttpServerProperties> http_server_properties);
-  void set_cookie_store(scoped_ptr<CookieStore> cookie_store);
+      std::unique_ptr<HttpServerProperties> http_server_properties);
+  void set_cookie_store(std::unique_ptr<CookieStore> cookie_store);
   void set_transport_security_state(
-      scoped_ptr<TransportSecurityState> transport_security_state);
+      std::unique_ptr<TransportSecurityState> transport_security_state);
   void set_http_network_session(
-      scoped_ptr<HttpNetworkSession> http_network_session);
+      std::unique_ptr<HttpNetworkSession> http_network_session);
   void set_http_transaction_factory(
-      scoped_ptr<HttpTransactionFactory> http_transaction_factory);
-  void set_job_factory(scoped_ptr<URLRequestJobFactory> job_factory);
+      std::unique_ptr<HttpTransactionFactory> http_transaction_factory);
+  void set_job_factory(std::unique_ptr<URLRequestJobFactory> job_factory);
   void set_throttler_manager(
-      scoped_ptr<URLRequestThrottlerManager> throttler_manager);
+      std::unique_ptr<URLRequestThrottlerManager> throttler_manager);
   void set_backoff_manager(
-      scoped_ptr<URLRequestBackoffManager> backoff_manager);
+      std::unique_ptr<URLRequestBackoffManager> backoff_manager);
   void set_http_user_agent_settings(
-      scoped_ptr<HttpUserAgentSettings> http_user_agent_settings);
-  void set_sdch_manager(scoped_ptr<SdchManager> sdch_manager);
+      std::unique_ptr<HttpUserAgentSettings> http_user_agent_settings);
+  void set_sdch_manager(std::unique_ptr<SdchManager> sdch_manager);
 
   // Everything else can be access through the URLRequestContext, but this
   // cannot.  Having an accessor for it makes usage a little cleaner.
@@ -88,31 +90,31 @@ class NET_EXPORT URLRequestContextStorage {
   URLRequestContext* const context_;
 
   // Owned members.
-  scoped_ptr<NetLog> net_log_;
-  scoped_ptr<HostResolver> host_resolver_;
-  scoped_ptr<CertVerifier> cert_verifier_;
+  std::unique_ptr<NetLog> net_log_;
+  std::unique_ptr<HostResolver> host_resolver_;
+  std::unique_ptr<CertVerifier> cert_verifier_;
   // The ChannelIDService must outlive the HttpTransactionFactory.
-  scoped_ptr<ChannelIDService> channel_id_service_;
-  scoped_ptr<HttpAuthHandlerFactory> http_auth_handler_factory_;
-  scoped_ptr<ProxyService> proxy_service_;
+  std::unique_ptr<ChannelIDService> channel_id_service_;
+  std::unique_ptr<HttpAuthHandlerFactory> http_auth_handler_factory_;
+  std::unique_ptr<ProxyService> proxy_service_;
   // TODO(willchan): Remove refcounting on these members.
   scoped_refptr<SSLConfigService> ssl_config_service_;
-  scoped_ptr<NetworkDelegate> network_delegate_;
-  scoped_ptr<ProxyDelegate> proxy_delegate_;
-  scoped_ptr<HttpServerProperties> http_server_properties_;
-  scoped_ptr<HttpUserAgentSettings> http_user_agent_settings_;
-  scoped_ptr<CookieStore> cookie_store_;
-  scoped_ptr<TransportSecurityState> transport_security_state_;
+  std::unique_ptr<NetworkDelegate> network_delegate_;
+  std::unique_ptr<ProxyDelegate> proxy_delegate_;
+  std::unique_ptr<HttpServerProperties> http_server_properties_;
+  std::unique_ptr<HttpUserAgentSettings> http_user_agent_settings_;
+  std::unique_ptr<CookieStore> cookie_store_;
+  std::unique_ptr<TransportSecurityState> transport_security_state_;
 
   // Not actually pointed at by the URLRequestContext, but may be used (but not
   // owned) by the HttpTransactionFactory.
-  scoped_ptr<HttpNetworkSession> http_network_session_;
+  std::unique_ptr<HttpNetworkSession> http_network_session_;
 
-  scoped_ptr<HttpTransactionFactory> http_transaction_factory_;
-  scoped_ptr<URLRequestJobFactory> job_factory_;
-  scoped_ptr<URLRequestThrottlerManager> throttler_manager_;
-  scoped_ptr<URLRequestBackoffManager> backoff_manager_;
-  scoped_ptr<SdchManager> sdch_manager_;
+  std::unique_ptr<HttpTransactionFactory> http_transaction_factory_;
+  std::unique_ptr<URLRequestJobFactory> job_factory_;
+  std::unique_ptr<URLRequestThrottlerManager> throttler_manager_;
+  std::unique_ptr<URLRequestBackoffManager> backoff_manager_;
+  std::unique_ptr<SdchManager> sdch_manager_;
 
   DISALLOW_COPY_AND_ASSIGN(URLRequestContextStorage);
 };
diff --git a/chromium/net/url_request/url_request_data_job_fuzzer.cc b/chromium/net/url_request/url_request_data_job_fuzzer.cc
new file mode 100644
index 00000000000..c99a5a0cfe0
--- /dev/null
+++ b/chromium/net/url_request/url_request_data_job_fuzzer.cc
@@ -0,0 +1,171 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <memory>
+
+#include "base/memory/ptr_util.h"
+#include "base/memory/singleton.h"
+#include "base/run_loop.h"
+#include "net/base/fuzzed_data_provider.h"
+#include "net/http/http_request_headers.h"
+#include "net/url_request/data_protocol_handler.h"
+#include "net/url_request/url_request.h"
+#include "net/url_request/url_request_job_factory_impl.h"
+#include "net/url_request/url_request_test_util.h"
+
+namespace {
+
+const size_t kMaxLengthForFuzzedRange = 32;
+
+}  // namespace
+
+// This class tests creating and reading to completion a URLRequest with fuzzed
+// input. The fuzzer provides a data: URL and optionally generates custom Range
+// headers. The amount of data read in each Read call is also fuzzed, as is
+// the size of the IOBuffer to read data into.
+class URLRequestDataJobFuzzerHarness : public net::URLRequest::Delegate {
+ public:
+  URLRequestDataJobFuzzerHarness()
+      : context_(true), task_runner_(base::ThreadTaskRunnerHandle::Get()) {
+    job_factory_.SetProtocolHandler(
+        "data", base::WrapUnique(new net::DataProtocolHandler()));
+    context_.set_job_factory(&job_factory_);
+    context_.Init();
+  }
+
+  static URLRequestDataJobFuzzerHarness* GetInstance() {
+    return base::Singleton<URLRequestDataJobFuzzerHarness>::get();
+  }
+
+  int CreateAndReadFromDataURLRequest(const uint8_t* data, size_t size) {
+    net::FuzzedDataProvider provider(data, size);
+    read_lengths_.clear();
+
+    // Allocate an IOBuffer with fuzzed size.
+    uint32_t buf_size = provider.ConsumeValueInRange(1, 127);  // 7 bits.
+    scoped_refptr<net::IOBuffer> buf(
+        new net::IOBuffer(static_cast<size_t>(buf_size)));
+    buf_.swap(buf);
+
+    // Generate a range header, and a bool determining whether to use it.
+    // Generate the header regardless of the bool value to keep the data URL and
+    // header in consistent byte addresses so the fuzzer doesn't have to work as
+    // hard.
+    bool use_range = provider.ConsumeBool();
+    base::StringPiece range(provider.ConsumeBytes(kMaxLengthForFuzzedRange));
+
+    // Generate a sequence of reads sufficient to read the entire data URL.
+    size_t simulated_bytes_read = 0;
+    while (simulated_bytes_read < provider.remaining_bytes()) {
+      size_t read_length = provider.ConsumeValueInRange(1, buf_size);
+      read_lengths_.push_back(read_length);
+      simulated_bytes_read += read_length;
+    }
+
+    // The data URL is the rest of the fuzzed data. If the URL is invalid just
+    // use a test variant, so the fuzzer has a chance to execute something.
+    base::StringPiece data_bytes(provider.ConsumeRemainingBytes());
+    GURL data_url(data_bytes);
+    if (!data_url.is_valid())
+      data_url = GURL("data:text/html;charset=utf-8,<p>test</p>");
+
+    // Create a URLRequest with the given data URL and start reading
+    // from it.
+    std::unique_ptr<net::URLRequest> request =
+        context_.CreateRequest(data_url, net::DEFAULT_PRIORITY, this);
+    if (use_range) {
+      std::string range_str = range.as_string();
+      if (!net::HttpUtil::IsValidHeaderValue(range_str))
+        range_str = "bytes=3-";
+      request->SetExtraRequestHeaderByName("Range", range_str, true);
+    }
+
+    // Block the thread while the request is read.
+    base::RunLoop read_loop;
+    read_loop_ = &read_loop;
+    request->Start();
+    read_loop.Run();
+    read_loop_ = nullptr;
+    return 0;
+  }
+
+  void QuitLoop() {
+    DCHECK(read_loop_);
+    task_runner_->PostTask(FROM_HERE, read_loop_->QuitClosure());
+  }
+
+  void ReadFromRequest(net::URLRequest* request) {
+    bool sync = false;
+    do {
+      // If possible, pop the next read size. If none exists, then this should
+      // be the last call to Read.
+      bool using_populated_read = read_lengths_.size() > 0;
+      size_t read_size = 1;
+      if (using_populated_read) {
+        read_size = read_lengths_.back();
+        read_lengths_.pop_back();
+      }
+
+      int bytes_read = 0;
+      sync = request->Read(buf_.get(), read_size, &bytes_read);
+      // No more populated reads implies !bytes_read.
+      DCHECK(using_populated_read || !bytes_read);
+    } while (sync);
+
+    if (!request->status().is_io_pending())
+      QuitLoop();
+  }
+
+  // net::URLRequest::Delegate:
+  void OnReceivedRedirect(net::URLRequest* request,
+                          const net::RedirectInfo& redirect_info,
+                          bool* defer_redirect) override {}
+  void OnAuthRequired(net::URLRequest* request,
+                      net::AuthChallengeInfo* auth_info) override {}
+  void OnCertificateRequested(
+      net::URLRequest* request,
+      net::SSLCertRequestInfo* cert_request_info) override {}
+  void OnSSLCertificateError(net::URLRequest* request,
+                             const net::SSLInfo& ssl_info,
+                             bool fatal) override {}
+  void OnBeforeNetworkStart(net::URLRequest* request, bool* defer) override {}
+  void OnResponseStarted(net::URLRequest* request) override {
+    DCHECK(!request->status().is_io_pending());
+    DCHECK(buf_.get());
+    DCHECK(read_loop_);
+    if (request->status().is_success()) {
+      ReadFromRequest(request);
+    } else {
+      QuitLoop();
+    }
+  }
+  void OnReadCompleted(net::URLRequest* request, int bytes_read) override {
+    DCHECK(!request->status().is_io_pending());
+    DCHECK(buf_.get());
+    DCHECK(read_loop_);
+    if (request->status().is_success() && bytes_read > 0) {
+      ReadFromRequest(request);
+    } else {
+      QuitLoop();
+    }
+  }
+
+ private:
+  friend struct base::DefaultSingletonTraits<URLRequestDataJobFuzzerHarness>;
+
+  net::TestURLRequestContext context_;
+  net::URLRequestJobFactoryImpl job_factory_;
+  std::vector<size_t> read_lengths_;
+  scoped_refptr<net::IOBuffer> buf_;
+  scoped_refptr<base::SingleThreadTaskRunner> task_runner_;
+  base::RunLoop* read_loop_;
+
+  DISALLOW_COPY_AND_ASSIGN(URLRequestDataJobFuzzerHarness);
+};
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  // Using a static singleton test harness lets the test run ~3-4x faster.
+  return URLRequestDataJobFuzzerHarness::GetInstance()
+      ->CreateAndReadFromDataURLRequest(data, size);
+}
diff --git a/chromium/net/url_request/url_request_error_job.cc b/chromium/net/url_request/url_request_error_job.cc
index c2a75c1eff2..8a6b5c877cf 100644
--- a/chromium/net/url_request/url_request_error_job.cc
+++ b/chromium/net/url_request/url_request_error_job.cc
@@ -8,7 +8,7 @@
 #include "base/compiler_specific.h"
 #include "base/location.h"
 #include "base/single_thread_task_runner.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/net_errors.h"
 #include "net/url_request/url_request_status.h"
 
diff --git a/chromium/net/url_request/url_request_file_dir_job.cc b/chromium/net/url_request/url_request_file_dir_job.cc
index ebb9ddf5e9e..c75e0a3f048 100644
--- a/chromium/net/url_request/url_request_file_dir_job.cc
+++ b/chromium/net/url_request/url_request_file_dir_job.cc
@@ -10,7 +10,7 @@
 #include "base/single_thread_task_runner.h"
 #include "base/strings/sys_string_conversions.h"
 #include "base/strings/utf_string_conversions.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/time/time.h"
 #include "net/base/directory_listing.h"
 #include "net/base/io_buffer.h"
diff --git a/chromium/net/url_request/url_request_file_dir_job_unittest.cc b/chromium/net/url_request/url_request_file_dir_job_unittest.cc
index 5701b3e37de..079bb83b456 100644
--- a/chromium/net/url_request/url_request_file_dir_job_unittest.cc
+++ b/chromium/net/url_request/url_request_file_dir_job_unittest.cc
@@ -4,6 +4,7 @@
 
 #include "net/url_request/url_request_file_dir_job.h"
 
+#include <memory>
 #include <string>
 
 #include "base/files/file_path.h"
@@ -11,7 +12,6 @@
 #include "base/files/scoped_temp_dir.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/run_loop.h"
 #include "net/base/filename_util.h"
 #include "net/base/io_buffer.h"
@@ -106,7 +106,7 @@ TEST_F(URLRequestFileDirTest, ListCompletionOnNoPending) {
   ASSERT_TRUE(directory.CreateUniqueTempDir());
   TestJobFactory factory(directory.path());
   context_.set_job_factory(&factory);
-  scoped_ptr<URLRequest> request(context_.CreateRequest(
+  std::unique_ptr<URLRequest> request(context_.CreateRequest(
       FilePathToFileURL(
           directory.path().AppendASCII("this_path_does_not_exist")),
       DEFAULT_PRIORITY, &delegate_));
@@ -139,7 +139,7 @@ TEST_F(URLRequestFileDirTest, DirectoryWithASingleFileSync) {
   TestJobFactory factory(directory.path());
   context_.set_job_factory(&factory);
 
-  scoped_ptr<URLRequest> request(context_.CreateRequest(
+  std::unique_ptr<URLRequest> request(context_.CreateRequest(
       FilePathToFileURL(path), DEFAULT_PRIORITY, &delegate_));
   request->Start();
   EXPECT_TRUE(request->is_pending());
@@ -175,7 +175,7 @@ TEST_F(URLRequestFileDirTest, DirectoryWithASingleFileAsync) {
   context_.set_job_factory(&factory);
 
   TestDelegate delegate;
-  scoped_ptr<URLRequest> request(context_.CreateRequest(
+  std::unique_ptr<URLRequest> request(context_.CreateRequest(
       FilePathToFileURL(path), DEFAULT_PRIORITY, &delegate));
   request->Start();
   EXPECT_TRUE(request->is_pending());
@@ -207,7 +207,7 @@ TEST_F(URLRequestFileDirTest, DirectoryWithAFileAndSubdirectory) {
   context_.set_job_factory(&factory);
 
   TestDelegate delegate;
-  scoped_ptr<URLRequest> request(context_.CreateRequest(
+  std::unique_ptr<URLRequest> request(context_.CreateRequest(
       FilePathToFileURL(path), DEFAULT_PRIORITY, &delegate));
   request->Start();
   EXPECT_TRUE(request->is_pending());
@@ -233,7 +233,7 @@ TEST_F(URLRequestFileDirTest, EmptyDirectory) {
   context_.set_job_factory(&factory);
 
   TestDelegate delegate;
-  scoped_ptr<URLRequest> request(context_.CreateRequest(
+  std::unique_ptr<URLRequest> request(context_.CreateRequest(
       FilePathToFileURL(directory.path()), DEFAULT_PRIORITY, &delegate));
   request->Start();
   EXPECT_TRUE(request->is_pending());
diff --git a/chromium/net/url_request/url_request_file_job.cc b/chromium/net/url_request/url_request_file_job.cc
index d853c9fd519..fb224764895 100644
--- a/chromium/net/url_request/url_request_file_job.cc
+++ b/chromium/net/url_request/url_request_file_job.cc
@@ -145,11 +145,11 @@ bool URLRequestFileJob::IsRedirectResponse(GURL* location,
 #endif
 }
 
-Filter* URLRequestFileJob::SetupFilter() const {
+std::unique_ptr<Filter> URLRequestFileJob::SetupFilter() const {
   // Bug 9936 - .svgz files needs to be decompressed.
   return base::LowerCaseEqualsASCII(file_path_.Extension(), ".svgz")
              ? Filter::GZipFactory()
-             : NULL;
+             : nullptr;
 }
 
 bool URLRequestFileJob::GetMimeType(std::string* mime_type) const {
diff --git a/chromium/net/url_request/url_request_file_job.h b/chromium/net/url_request/url_request_file_job.h
index 6aa2bbef287..90d6bbbe3c1 100644
--- a/chromium/net/url_request/url_request_file_job.h
+++ b/chromium/net/url_request/url_request_file_job.h
@@ -44,7 +44,7 @@ class NET_EXPORT URLRequestFileJob : public URLRequestJob {
   void Kill() override;
   int ReadRawData(IOBuffer* buf, int buf_size) override;
   bool IsRedirectResponse(GURL* location, int* http_status_code) override;
-  Filter* SetupFilter() const override;
+  std::unique_ptr<Filter> SetupFilter() const override;
   bool GetMimeType(std::string* mime_type) const override;
   void SetExtraRequestHeaders(const HttpRequestHeaders& headers) override;
 
@@ -97,7 +97,7 @@ class NET_EXPORT URLRequestFileJob : public URLRequestJob {
   // Callback after data is asynchronously read from the file into |buf|.
   void DidRead(scoped_refptr<IOBuffer> buf, int result);
 
-  scoped_ptr<FileStream> stream_;
+  std::unique_ptr<FileStream> stream_;
   FileMetaInfo meta_info_;
   const scoped_refptr<base::TaskRunner> file_task_runner_;
 
diff --git a/chromium/net/url_request/url_request_file_job_unittest.cc b/chromium/net/url_request/url_request_file_job_unittest.cc
index da43aabcb19..706ea798d9f 100644
--- a/chromium/net/url_request/url_request_file_job_unittest.cc
+++ b/chromium/net/url_request/url_request_file_job_unittest.cc
@@ -4,14 +4,15 @@
 
 #include "net/url_request/url_request_file_job.h"
 
+#include <memory>
+
 #include "base/files/file_util.h"
 #include "base/files/scoped_temp_dir.h"
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/run_loop.h"
 #include "base/strings/stringprintf.h"
-#include "base/thread_task_runner_handle.h"
 #include "base/threading/sequenced_worker_pool.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/filename_util.h"
 #include "net/url_request/url_request.h"
 #include "net/url_request/url_request_test_util.h"
@@ -187,7 +188,7 @@ void URLRequestFileJobEventsTest::RunRequest(const std::string& content,
     TestJobFactory factory(path, &seek_position, &observed_content);
     context_.set_job_factory(&factory);
 
-    scoped_ptr<URLRequest> request(context_.CreateRequest(
+    std::unique_ptr<URLRequest> request(context_.CreateRequest(
         FilePathToFileURL(path), DEFAULT_PRIORITY, &delegate_));
     if (range) {
       ASSERT_GE(range->start, 0);
diff --git a/chromium/net/url_request/url_request_filter.cc b/chromium/net/url_request/url_request_filter.cc
index 83248e2fba7..2c74f9a0741 100644
--- a/chromium/net/url_request/url_request_filter.cc
+++ b/chromium/net/url_request/url_request_filter.cc
@@ -49,7 +49,7 @@ URLRequestFilter* URLRequestFilter::GetInstance() {
 void URLRequestFilter::AddHostnameInterceptor(
     const std::string& scheme,
     const std::string& hostname,
-    scoped_ptr<URLRequestInterceptor> interceptor) {
+    std::unique_ptr<URLRequestInterceptor> interceptor) {
   DCHECK(OnMessageLoopForInterceptorAddition());
   DCHECK_EQ(0u, hostname_interceptor_map_.count(make_pair(scheme, hostname)));
   hostname_interceptor_map_[make_pair(scheme, hostname)] =
@@ -57,9 +57,8 @@ void URLRequestFilter::AddHostnameInterceptor(
 
 #ifndef NDEBUG
   // Check to see if we're masking URLs in the url_interceptor_map_.
-  for (URLInterceptorMap::const_iterator it = url_interceptor_map_.begin();
-       it != url_interceptor_map_.end(); ++it) {
-    const GURL& url = GURL(it->first);
+  for (const auto& pair : url_interceptor_map_) {
+    const GURL& url = GURL(pair.first);
     HostnameInterceptorMap::const_iterator host_it =
         hostname_interceptor_map_.find(make_pair(url.scheme(), url.host()));
     if (host_it != hostname_interceptor_map_.end())
@@ -81,12 +80,12 @@ void URLRequestFilter::RemoveHostnameHandler(const std::string& scheme,
 
 bool URLRequestFilter::AddUrlInterceptor(
     const GURL& url,
-    scoped_ptr<URLRequestInterceptor> interceptor) {
+    std::unique_ptr<URLRequestInterceptor> interceptor) {
   DCHECK(OnMessageLoopForInterceptorAddition());
   if (!url.is_valid())
     return false;
   DCHECK_EQ(0u, url_interceptor_map_.count(url.spec()));
-  url_interceptor_map_.set(url.spec(), std::move(interceptor));
+  url_interceptor_map_[url.spec()] = std::move(interceptor);
 
   // Check to see if this URL is masked by a hostname handler.
   DCHECK_EQ(0u, hostname_interceptor_map_.count(make_pair(url.scheme(),
@@ -97,7 +96,7 @@ bool URLRequestFilter::AddUrlInterceptor(
 
 void URLRequestFilter::RemoveUrlHandler(const GURL& url) {
   DCHECK(OnMessageLoopForInterceptorRemoval());
-  int removed = url_interceptor_map_.erase(url.spec());
+  size_t removed = url_interceptor_map_.erase(url.spec());
   DCHECK(removed);
   // Note that we don't unregister from the URLRequest ProtocolFactory as
   // this would leave no protocol factory for the remaining hostname and URL
diff --git a/chromium/net/url_request/url_request_filter.h b/chromium/net/url_request/url_request_filter.h
index d72aa752aae..29b08f2ea8e 100644
--- a/chromium/net/url_request/url_request_filter.h
+++ b/chromium/net/url_request/url_request_filter.h
@@ -5,12 +5,11 @@
 #define NET_URL_REQUEST_URL_REQUEST_FILTER_H_
 
 #include <map>
+#include <memory>
 #include <string>
+#include <unordered_map>
 
-#include "base/containers/hash_tables.h"
-#include "base/containers/scoped_ptr_hash_map.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 #include "net/url_request/url_request_interceptor.h"
 
@@ -47,14 +46,14 @@ class NET_EXPORT URLRequestFilter : public URLRequestInterceptor {
   void AddHostnameInterceptor(
       const std::string& scheme,
       const std::string& hostname,
-      scoped_ptr<URLRequestInterceptor> interceptor);
+      std::unique_ptr<URLRequestInterceptor> interceptor);
   void RemoveHostnameHandler(const std::string& scheme,
                              const std::string& hostname);
 
   // Returns true if we successfully added the URL handler.  This will replace
   // old handlers for the URL if one existed.
   bool AddUrlInterceptor(const GURL& url,
-                         scoped_ptr<URLRequestInterceptor> interceptor);
+                         std::unique_ptr<URLRequestInterceptor> interceptor);
 
   void RemoveUrlHandler(const GURL& url);
 
@@ -72,11 +71,12 @@ class NET_EXPORT URLRequestFilter : public URLRequestInterceptor {
 
  private:
   // scheme,hostname -> URLRequestInterceptor
-  using HostnameInterceptorMap = std::map<std::pair<std::string, std::string>,
-                                          scoped_ptr<URLRequestInterceptor>>;
+  using HostnameInterceptorMap =
+      std::map<std::pair<std::string, std::string>,
+               std::unique_ptr<URLRequestInterceptor>>;
   // URL -> URLRequestInterceptor
   using URLInterceptorMap =
-      base::ScopedPtrHashMap<std::string, scoped_ptr<URLRequestInterceptor>>;
+      std::unordered_map<std::string, std::unique_ptr<URLRequestInterceptor>>;
 
   URLRequestFilter();
   ~URLRequestFilter() override;
diff --git a/chromium/net/url_request/url_request_filter_unittest.cc b/chromium/net/url_request/url_request_filter_unittest.cc
index 784f9a65a46..17259e0023f 100644
--- a/chromium/net/url_request/url_request_filter_unittest.cc
+++ b/chromium/net/url_request/url_request_filter_unittest.cc
@@ -4,8 +4,9 @@
 
 #include "net/url_request/url_request_filter.h"
 
+#include <memory>
+
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/request_priority.h"
 #include "net/url_request/url_request.h"
 #include "net/url_request/url_request_context.h"
@@ -49,25 +50,25 @@ TEST(URLRequestFilter, BasicMatching) {
   URLRequestFilter* filter = URLRequestFilter::GetInstance();
 
   const GURL kUrl1("http://foo.com/");
-  scoped_ptr<URLRequest> request1(
+  std::unique_ptr<URLRequest> request1(
       request_context.CreateRequest(kUrl1, DEFAULT_PRIORITY, &delegate));
 
   const GURL kUrl2("http://bar.com/");
-  scoped_ptr<URLRequest> request2(
+  std::unique_ptr<URLRequest> request2(
       request_context.CreateRequest(kUrl2, DEFAULT_PRIORITY, &delegate));
 
   // Check AddUrlInterceptor checks for invalid URLs.
   EXPECT_FALSE(filter->AddUrlInterceptor(
       GURL(),
-      scoped_ptr<URLRequestInterceptor>(new TestURLRequestInterceptor())));
+      std::unique_ptr<URLRequestInterceptor>(new TestURLRequestInterceptor())));
 
   // Check URLRequestInterceptor URL matching.
   filter->ClearHandlers();
   TestURLRequestInterceptor* interceptor = new TestURLRequestInterceptor();
   EXPECT_TRUE(filter->AddUrlInterceptor(
-      kUrl1, scoped_ptr<URLRequestInterceptor>(interceptor)));
+      kUrl1, std::unique_ptr<URLRequestInterceptor>(interceptor)));
   {
-    scoped_ptr<URLRequestJob> found(
+    std::unique_ptr<URLRequestJob> found(
         filter->MaybeInterceptRequest(request1.get(), NULL));
     EXPECT_TRUE(interceptor->WasLastJobCreated(found.get()));
   }
@@ -88,9 +89,9 @@ TEST(URLRequestFilter, BasicMatching) {
   interceptor = new TestURLRequestInterceptor();
   filter->AddHostnameInterceptor(
       kUrl1.scheme(), kUrl1.host(),
-      scoped_ptr<URLRequestInterceptor>(interceptor));
+      std::unique_ptr<URLRequestInterceptor>(interceptor));
   {
-    scoped_ptr<URLRequestJob> found(
+    std::unique_ptr<URLRequestJob> found(
         filter->MaybeInterceptRequest(request1.get(), NULL));
     EXPECT_TRUE(interceptor->WasLastJobCreated(found.get()));
   }
diff --git a/chromium/net/url_request/url_request_ftp_job.cc b/chromium/net/url_request/url_request_ftp_job.cc
index dc2fc686585..1c20a578370 100644
--- a/chromium/net/url_request/url_request_ftp_job.cc
+++ b/chromium/net/url_request/url_request_ftp_job.cc
@@ -8,7 +8,7 @@
 #include "base/location.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/utf_string_conversions.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/auth.h"
 #include "net/base/host_port_pair.h"
 #include "net/base/load_flags.h"
@@ -291,7 +291,7 @@ void URLRequestFtpJob::GetAuthChallengeInfo(
 
   scoped_refptr<AuthChallengeInfo> auth_info(new AuthChallengeInfo);
   auth_info->is_proxy = false;
-  auth_info->challenger = HostPortPair::FromURL(request_->url());
+  auth_info->challenger = url::Origin(request_->url());
   // scheme and realm are kept empty.
   DCHECK(auth_info->scheme.empty());
   DCHECK(auth_info->realm.empty());
diff --git a/chromium/net/url_request/url_request_ftp_job.h b/chromium/net/url_request/url_request_ftp_job.h
index 227a33b036a..35d6593a8d4 100644
--- a/chromium/net/url_request/url_request_ftp_job.h
+++ b/chromium/net/url_request/url_request_ftp_job.h
@@ -83,10 +83,10 @@ class NET_EXPORT_PRIVATE URLRequestFtpJob : public URLRequestJob {
   ProxyService::PacRequest* pac_request_;
 
   FtpRequestInfo ftp_request_info_;
-  scoped_ptr<FtpTransaction> ftp_transaction_;
+  std::unique_ptr<FtpTransaction> ftp_transaction_;
 
   HttpRequestInfo http_request_info_;
-  scoped_ptr<HttpTransaction> http_transaction_;
+  std::unique_ptr<HttpTransaction> http_transaction_;
   const HttpResponseInfo* http_response_info_;
 
   bool read_in_progress_;
diff --git a/chromium/net/url_request/url_request_ftp_job_unittest.cc b/chromium/net/url_request/url_request_ftp_job_unittest.cc
index cb31ecf5e1b..d6917fbebd0 100644
--- a/chromium/net/url_request/url_request_ftp_job_unittest.cc
+++ b/chromium/net/url_request/url_request_ftp_job_unittest.cc
@@ -4,11 +4,12 @@
 
 #include "net/url_request/url_request_ftp_job.h"
 
+#include <memory>
 #include <utility>
 #include <vector>
 
+#include "base/memory/ptr_util.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/run_loop.h"
 #include "net/base/host_port_pair.h"
 #include "net/base/load_states.h"
@@ -40,11 +41,11 @@ class MockProxyResolverFactory : public ProxyResolverFactory {
 
   int CreateProxyResolver(
       const scoped_refptr<ProxyResolverScriptData>& pac_script,
-      scoped_ptr<ProxyResolver>* resolver,
+      std::unique_ptr<ProxyResolver>* resolver,
       const CompletionCallback& callback,
-      scoped_ptr<Request>* request) override {
+      std::unique_ptr<Request>* request) override {
     EXPECT_FALSE(resolver_);
-    scoped_ptr<MockAsyncProxyResolver> owned_resolver(
+    std::unique_ptr<MockAsyncProxyResolver> owned_resolver(
         new MockAsyncProxyResolver());
     resolver_ = owned_resolver.get();
     *resolver = std::move(owned_resolver);
@@ -62,7 +63,7 @@ class MockProxyResolverFactory : public ProxyResolverFactory {
 class FtpTestURLRequestContext : public TestURLRequestContext {
  public:
   FtpTestURLRequestContext(ClientSocketFactory* socket_factory,
-                           scoped_ptr<ProxyService> proxy_service,
+                           std::unique_ptr<ProxyService> proxy_service,
                            NetworkDelegate* network_delegate,
                            FtpTransactionFactory* ftp_transaction_factory)
       : TestURLRequestContext(true),
@@ -70,10 +71,10 @@ class FtpTestURLRequestContext : public TestURLRequestContext {
     set_client_socket_factory(socket_factory);
     context_storage_.set_proxy_service(std::move(proxy_service));
     set_network_delegate(network_delegate);
-    scoped_ptr<URLRequestJobFactoryImpl> job_factory =
-        make_scoped_ptr(new URLRequestJobFactoryImpl);
+    std::unique_ptr<URLRequestJobFactoryImpl> job_factory =
+        base::WrapUnique(new URLRequestJobFactoryImpl);
     job_factory->SetProtocolHandler("ftp",
-                                    make_scoped_ptr(ftp_protocol_handler_));
+                                    base::WrapUnique(ftp_protocol_handler_));
     context_storage_.set_job_factory(std::move(job_factory));
     Init();
   }
@@ -82,7 +83,7 @@ class FtpTestURLRequestContext : public TestURLRequestContext {
     return ftp_protocol_handler_->ftp_auth_cache_.get();
   }
 
-  void set_proxy_service(scoped_ptr<ProxyService> proxy_service) {
+  void set_proxy_service(std::unique_ptr<ProxyService> proxy_service) {
     context_storage_.set_proxy_service(std::move(proxy_service));
   }
 
@@ -142,8 +143,8 @@ class TestURLRequestFtpJob : public URLRequestFtpJob {
 
 class MockFtpTransactionFactory : public FtpTransactionFactory {
  public:
-  scoped_ptr<FtpTransaction> CreateTransaction() override {
-    return scoped_ptr<FtpTransaction>();
+  std::unique_ptr<FtpTransaction> CreateTransaction() override {
+    return std::unique_ptr<FtpTransaction>();
   }
 
   void Suspend(bool suspend) override {}
@@ -154,7 +155,7 @@ class MockFtpTransactionFactory : public FtpTransactionFactory {
 class URLRequestFtpJobPriorityTest : public testing::Test {
  protected:
   URLRequestFtpJobPriorityTest()
-      : proxy_service_(make_scoped_ptr(new SimpleProxyConfigService),
+      : proxy_service_(base::WrapUnique(new SimpleProxyConfigService),
                        NULL,
                        NULL),
         req_(context_.CreateRequest(GURL("ftp://ftp.example.com"),
@@ -170,13 +171,13 @@ class URLRequestFtpJobPriorityTest : public testing::Test {
   FtpAuthCache ftp_auth_cache_;
   TestURLRequestContext context_;
   TestDelegate delegate_;
-  scoped_ptr<URLRequest> req_;
+  std::unique_ptr<URLRequest> req_;
 };
 
 // Make sure that SetPriority actually sets the URLRequestFtpJob's
 // priority, both before and after start.
 TEST_F(URLRequestFtpJobPriorityTest, SetPriorityBasic) {
-  scoped_ptr<TestURLRequestFtpJob> job(
+  std::unique_ptr<TestURLRequestFtpJob> job(
       new TestURLRequestFtpJob(req_.get(), &ftp_factory_, &ftp_auth_cache_));
   EXPECT_EQ(DEFAULT_PRIORITY, job->priority());
 
@@ -196,7 +197,7 @@ TEST_F(URLRequestFtpJobPriorityTest, SetPriorityBasic) {
 // Make sure that URLRequestFtpJob passes on its priority to its
 // transaction on start.
 TEST_F(URLRequestFtpJobPriorityTest, SetTransactionPriorityOnStart) {
-  scoped_ptr<TestURLRequestFtpJob> job(
+  std::unique_ptr<TestURLRequestFtpJob> job(
       new TestURLRequestFtpJob(req_.get(), &ftp_factory_, &ftp_auth_cache_));
   job->SetPriority(LOW);
 
@@ -211,7 +212,7 @@ TEST_F(URLRequestFtpJobPriorityTest, SetTransactionPriorityOnStart) {
 // Make sure that URLRequestFtpJob passes on its priority updates to
 // its transaction.
 TEST_F(URLRequestFtpJobPriorityTest, SetTransactionPriority) {
-  scoped_ptr<TestURLRequestFtpJob> job(
+  std::unique_ptr<TestURLRequestFtpJob> job(
       new TestURLRequestFtpJob(req_.get(), &ftp_factory_, &ftp_auth_cache_));
   job->SetPriority(LOW);
   job->Start();
@@ -225,7 +226,7 @@ TEST_F(URLRequestFtpJobPriorityTest, SetTransactionPriority) {
 // Make sure that URLRequestFtpJob passes on its priority updates to
 // newly-created transactions after the first one.
 TEST_F(URLRequestFtpJobPriorityTest, SetSubsequentTransactionPriority) {
-  scoped_ptr<TestURLRequestFtpJob> job(
+  std::unique_ptr<TestURLRequestFtpJob> job(
       new TestURLRequestFtpJob(req_.get(), &ftp_factory_, &ftp_auth_cache_));
   job->Start();
 
@@ -246,8 +247,8 @@ class URLRequestFtpJobTest : public testing::Test {
  public:
   URLRequestFtpJobTest()
       : request_context_(&socket_factory_,
-                         make_scoped_ptr(new ProxyService(
-                             make_scoped_ptr(new SimpleProxyConfigService),
+                         base::WrapUnique(new ProxyService(
+                             base::WrapUnique(new SimpleProxyConfigService),
                              NULL,
                              NULL)),
                          &network_delegate_,
@@ -260,7 +261,7 @@ class URLRequestFtpJobTest : public testing::Test {
 
   void AddSocket(MockRead* reads, size_t reads_size,
                  MockWrite* writes, size_t writes_size) {
-    scoped_ptr<SequencedSocketData> socket_data(make_scoped_ptr(
+    std::unique_ptr<SequencedSocketData> socket_data(base::WrapUnique(
         new SequencedSocketData(reads, reads_size, writes, writes_size)));
     socket_data->set_connect_data(MockConnect(SYNCHRONOUS, OK));
     socket_factory_.AddSocketDataProvider(socket_data.get());
@@ -272,7 +273,7 @@ class URLRequestFtpJobTest : public testing::Test {
   TestNetworkDelegate* network_delegate() { return &network_delegate_; }
 
  private:
-  std::vector<scoped_ptr<SequencedSocketData>> socket_data_;
+  std::vector<std::unique_ptr<SequencedSocketData>> socket_data_;
   MockClientSocketFactory socket_factory_;
   TestNetworkDelegate network_delegate_;
   MockFtpTransactionFactory ftp_transaction_factory_;
@@ -295,7 +296,7 @@ TEST_F(URLRequestFtpJobTest, FtpProxyRequest) {
   AddSocket(reads, arraysize(reads), writes, arraysize(writes));
 
   TestDelegate request_delegate;
-  scoped_ptr<URLRequest> url_request(request_context()->CreateRequest(
+  std::unique_ptr<URLRequest> url_request(request_context()->CreateRequest(
       GURL("ftp://ftp.example.com/"), DEFAULT_PRIORITY, &request_delegate));
   url_request->Start();
   ASSERT_TRUE(url_request->is_pending());
@@ -314,18 +315,18 @@ TEST_F(URLRequestFtpJobTest, FtpProxyRequest) {
 
 // Regression test for http://crbug.com/237526.
 TEST_F(URLRequestFtpJobTest, FtpProxyRequestOrphanJob) {
-  scoped_ptr<MockProxyResolverFactory> owned_resolver_factory(
+  std::unique_ptr<MockProxyResolverFactory> owned_resolver_factory(
       new MockProxyResolverFactory());
   MockProxyResolverFactory* resolver_factory = owned_resolver_factory.get();
 
   // Use a PAC URL so that URLRequestFtpJob's |pac_request_| field is non-NULL.
-  request_context()->set_proxy_service(make_scoped_ptr(new ProxyService(
-      make_scoped_ptr(new ProxyConfigServiceFixed(
+  request_context()->set_proxy_service(base::WrapUnique(new ProxyService(
+      base::WrapUnique(new ProxyConfigServiceFixed(
           ProxyConfig::CreateFromCustomPacURL(GURL("http://foo")))),
       std::move(owned_resolver_factory), nullptr)));
 
   TestDelegate request_delegate;
-  scoped_ptr<URLRequest> url_request(request_context()->CreateRequest(
+  std::unique_ptr<URLRequest> url_request(request_context()->CreateRequest(
       GURL("ftp://ftp.example.com/"), DEFAULT_PRIORITY, &request_delegate));
   url_request->Start();
 
@@ -345,18 +346,18 @@ TEST_F(URLRequestFtpJobTest, FtpProxyRequestOrphanJob) {
 // hang around a bit without being deleted in the cancellation case, so the
 // above test is not sufficient.
 TEST_F(URLRequestFtpJobTest, FtpProxyRequestCancelRequest) {
-  scoped_ptr<MockProxyResolverFactory> owned_resolver_factory(
+  std::unique_ptr<MockProxyResolverFactory> owned_resolver_factory(
       new MockProxyResolverFactory());
   MockProxyResolverFactory* resolver_factory = owned_resolver_factory.get();
 
   // Use a PAC URL so that URLRequestFtpJob's |pac_request_| field is non-NULL.
-  request_context()->set_proxy_service(make_scoped_ptr(new ProxyService(
-      make_scoped_ptr(new ProxyConfigServiceFixed(
+  request_context()->set_proxy_service(base::WrapUnique(new ProxyService(
+      base::WrapUnique(new ProxyConfigServiceFixed(
           ProxyConfig::CreateFromCustomPacURL(GURL("http://foo")))),
       std::move(owned_resolver_factory), nullptr)));
 
   TestDelegate request_delegate;
-  scoped_ptr<URLRequest> url_request(request_context()->CreateRequest(
+  std::unique_ptr<URLRequest> url_request(request_context()->CreateRequest(
       GURL("ftp://ftp.example.com/"), DEFAULT_PRIORITY, &request_delegate));
 
   // Verify PAC request is in progress.
@@ -391,7 +392,7 @@ TEST_F(URLRequestFtpJobTest, FtpProxyRequestNeedProxyAuthNoCredentials) {
   AddSocket(reads, arraysize(reads), writes, arraysize(writes));
 
   TestDelegate request_delegate;
-  scoped_ptr<URLRequest> url_request(request_context()->CreateRequest(
+  std::unique_ptr<URLRequest> url_request(request_context()->CreateRequest(
       GURL("ftp://ftp.example.com/"), DEFAULT_PRIORITY, &request_delegate));
   url_request->Start();
   ASSERT_TRUE(url_request->is_pending());
@@ -437,7 +438,7 @@ TEST_F(URLRequestFtpJobTest, FtpProxyRequestNeedProxyAuthWithCredentials) {
   TestDelegate request_delegate;
   request_delegate.set_credentials(
       AuthCredentials(ASCIIToUTF16("myuser"), ASCIIToUTF16("mypass")));
-  scoped_ptr<URLRequest> url_request(request_context()->CreateRequest(
+  std::unique_ptr<URLRequest> url_request(request_context()->CreateRequest(
       GURL("ftp://ftp.example.com/"), DEFAULT_PRIORITY, &request_delegate));
   url_request->Start();
   ASSERT_TRUE(url_request->is_pending());
@@ -470,7 +471,7 @@ TEST_F(URLRequestFtpJobTest, FtpProxyRequestNeedServerAuthNoCredentials) {
   AddSocket(reads, arraysize(reads), writes, arraysize(writes));
 
   TestDelegate request_delegate;
-  scoped_ptr<URLRequest> url_request(request_context()->CreateRequest(
+  std::unique_ptr<URLRequest> url_request(request_context()->CreateRequest(
       GURL("ftp://ftp.example.com/"), DEFAULT_PRIORITY, &request_delegate));
   url_request->Start();
   ASSERT_TRUE(url_request->is_pending());
@@ -514,7 +515,7 @@ TEST_F(URLRequestFtpJobTest, FtpProxyRequestNeedServerAuthWithCredentials) {
   TestDelegate request_delegate;
   request_delegate.set_credentials(
       AuthCredentials(ASCIIToUTF16("myuser"), ASCIIToUTF16("mypass")));
-  scoped_ptr<URLRequest> url_request(request_context()->CreateRequest(
+  std::unique_ptr<URLRequest> url_request(request_context()->CreateRequest(
       GURL("ftp://ftp.example.com/"), DEFAULT_PRIORITY, &request_delegate));
   url_request->Start();
   ASSERT_TRUE(url_request->is_pending());
@@ -579,7 +580,7 @@ TEST_F(URLRequestFtpJobTest, FtpProxyRequestNeedProxyAndServerAuth) {
 
   TestDelegate request_delegate;
   request_delegate.set_quit_on_auth_required(true);
-  scoped_ptr<URLRequest> url_request(request_context()->CreateRequest(
+  std::unique_ptr<URLRequest> url_request(request_context()->CreateRequest(
       url, DEFAULT_PRIORITY, &request_delegate));
   url_request->Start();
   ASSERT_TRUE(url_request->is_pending());
@@ -628,7 +629,7 @@ TEST_F(URLRequestFtpJobTest, FtpProxyRequestDoNotSaveCookies) {
   AddSocket(reads, arraysize(reads), writes, arraysize(writes));
 
   TestDelegate request_delegate;
-  scoped_ptr<URLRequest> url_request(request_context()->CreateRequest(
+  std::unique_ptr<URLRequest> url_request(request_context()->CreateRequest(
       GURL("ftp://ftp.example.com/"), DEFAULT_PRIORITY, &request_delegate));
   url_request->Start();
   ASSERT_TRUE(url_request->is_pending());
@@ -661,7 +662,7 @@ TEST_F(URLRequestFtpJobTest, FtpProxyRequestDoNotFollowRedirects) {
   AddSocket(reads, arraysize(reads), writes, arraysize(writes));
 
   TestDelegate request_delegate;
-  scoped_ptr<URLRequest> url_request(request_context()->CreateRequest(
+  std::unique_ptr<URLRequest> url_request(request_context()->CreateRequest(
       GURL("ftp://ftp.example.com/"), DEFAULT_PRIORITY, &request_delegate));
   url_request->Start();
   EXPECT_TRUE(url_request->is_pending());
@@ -698,7 +699,7 @@ TEST_F(URLRequestFtpJobTest, FtpProxyRequestReuseSocket) {
 
   TestDelegate request_delegate1;
 
-  scoped_ptr<URLRequest> url_request1(
+  std::unique_ptr<URLRequest> url_request1(
       request_context()->CreateRequest(GURL("ftp://ftp.example.com/first"),
                                        DEFAULT_PRIORITY, &request_delegate1));
   url_request1->Start();
@@ -716,7 +717,7 @@ TEST_F(URLRequestFtpJobTest, FtpProxyRequestReuseSocket) {
   EXPECT_EQ("test1.html", request_delegate1.data_received());
 
   TestDelegate request_delegate2;
-  scoped_ptr<URLRequest> url_request2(
+  std::unique_ptr<URLRequest> url_request2(
       request_context()->CreateRequest(GURL("ftp://ftp.example.com/second"),
                                        DEFAULT_PRIORITY, &request_delegate2));
   url_request2->Start();
@@ -763,7 +764,7 @@ TEST_F(URLRequestFtpJobTest, FtpProxyRequestDoNotReuseSocket) {
   AddSocket(reads2, arraysize(reads2), writes2, arraysize(writes2));
 
   TestDelegate request_delegate1;
-  scoped_ptr<URLRequest> url_request1(
+  std::unique_ptr<URLRequest> url_request1(
       request_context()->CreateRequest(GURL("ftp://ftp.example.com/first"),
                                        DEFAULT_PRIORITY, &request_delegate1));
   url_request1->Start();
@@ -779,7 +780,7 @@ TEST_F(URLRequestFtpJobTest, FtpProxyRequestDoNotReuseSocket) {
   EXPECT_EQ("test1.html", request_delegate1.data_received());
 
   TestDelegate request_delegate2;
-  scoped_ptr<URLRequest> url_request2(
+  std::unique_ptr<URLRequest> url_request2(
       request_context()->CreateRequest(GURL("http://ftp.example.com/second"),
                                        DEFAULT_PRIORITY, &request_delegate2));
   url_request2->Start();
diff --git a/chromium/net/url_request/url_request_fuzzer.cc b/chromium/net/url_request/url_request_fuzzer.cc
new file mode 100644
index 00000000000..db9cdfa86d5
--- /dev/null
+++ b/chromium/net/url_request/url_request_fuzzer.cc
@@ -0,0 +1,44 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/url_request/url_request.h"
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include <memory>
+
+#include "base/run_loop.h"
+#include "net/base/fuzzed_data_provider.h"
+#include "net/base/request_priority.h"
+#include "net/socket/fuzzed_socket_factory.h"
+#include "net/url_request/url_request.h"
+#include "net/url_request/url_request_context.h"
+#include "net/url_request/url_request_test_util.h"
+#include "url/gurl.h"
+
+// Integration fuzzer for URLRequest's handling of HTTP requests. Can follow
+// redirects, both on the same server (using a new socket or the old one) and
+// across servers.
+// TODO(mmenke): Add support for testing HTTPS, FTP, auth, proxies, uploading,
+// cancelation, deferring reads / redirects, using preconnected sockets, SPDY,
+// QUIC, DNS failures (they all currently resolve to localhost), IPv6 DNS
+// results, URLs with IPs instead of hostnames (v4 and v6), etc.
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  net::FuzzedDataProvider data_provider(data, size);
+  net::TestURLRequestContext url_request_context(true);
+  net::FuzzedSocketFactory fuzzed_socket_factory(&data_provider);
+  url_request_context.set_client_socket_factory(&fuzzed_socket_factory);
+  url_request_context.Init();
+
+  net::TestDelegate delegate;
+
+  std::unique_ptr<net::URLRequest> url_request(
+      url_request_context.CreateRequest(GURL("http://foo/"),
+                                        net::DEFAULT_PRIORITY, &delegate));
+  url_request->Start();
+  // TestDelegate quits the message loop on completion.
+  base::RunLoop().Run();
+  return 0;
+}
diff --git a/chromium/net/url_request/url_request_http_job.cc b/chromium/net/url_request/url_request_http_job.cc
index 51b69082430..aa8ca6670ba 100644
--- a/chromium/net/url_request/url_request_http_job.cc
+++ b/chromium/net/url_request/url_request_http_job.cc
@@ -18,7 +18,7 @@
 #include "base/rand_util.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/string_util.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/time/time.h"
 #include "base/trace_event/trace_event.h"
 #include "base/values.h"
@@ -26,7 +26,6 @@
 #include "net/base/load_flags.h"
 #include "net/base/net_errors.h"
 #include "net/base/network_delegate.h"
-#include "net/base/network_quality_estimator.h"
 #include "net/base/registry_controlled_domains/registry_controlled_domain.h"
 #include "net/base/sdch_manager.h"
 #include "net/base/sdch_net_log_params.h"
@@ -42,6 +41,7 @@
 #include "net/http/http_transaction.h"
 #include "net/http/http_transaction_factory.h"
 #include "net/http/http_util.h"
+#include "net/nqe/network_quality_estimator.h"
 #include "net/proxy/proxy_info.h"
 #include "net/ssl/channel_id_service.h"
 #include "net/ssl/ssl_cert_request_info.h"
@@ -141,8 +141,7 @@ void LogChannelIDAndCookieStores(const GURL& url,
       ephemerality = CID_EPHEMERAL_COOKIE_PERSISTENT;
     }
   } else if (cookie_store->IsEphemeral()) {
-    // TODO(crbug.com/599049): Add NOTREACHED once this case doesn't happen on
-    // iOS anymore.
+    NOTREACHED();
     ephemerality = CID_PERSISTENT_COOKIE_EPHEMERAL;
   } else if (cookie_store->GetChannelIDServiceID() == -1) {
     ephemerality = PERSISTENT_UNKNOWN;
@@ -711,9 +710,7 @@ void URLRequestHttpJob::AddExtraHeaders() {
 
     // Advertise "br" encoding only if transferred data is opaque to proxy.
     bool advertise_brotli = false;
-    const HttpNetworkSession::Params* network_session_params =
-        request()->context()->GetNetworkSessionParams();
-    if (network_session_params && network_session_params->enable_brotli)
+    if (request()->context()->enable_brotli())
       advertise_brotli = request()->url().SchemeIsCryptographic();
 
     // Supply Accept-Encoding headers first so that it is more likely that they
@@ -1228,10 +1225,10 @@ void URLRequestHttpJob::PopulateNetErrorDetails(
   return transaction_->PopulateNetErrorDetails(details);
 }
 
-Filter* URLRequestHttpJob::SetupFilter() const {
+std::unique_ptr<Filter> URLRequestHttpJob::SetupFilter() const {
   DCHECK(transaction_.get());
   if (!response_info_)
-    return NULL;
+    return nullptr;
 
   std::vector<Filter::FilterType> encoding_types;
   std::string encoding_type;
@@ -1620,7 +1617,9 @@ void URLRequestHttpJob::RecordPerfHistograms(CompletionCause reason) {
               "Net.HttpJob.TotalTimeCached.Secure.NotQuic", total_time);
         }
       }
-    } else  {
+      if (response_info_->unused_since_prefetch)
+        UMA_HISTOGRAM_COUNTS("Net.Prefetch.HitBytes", prefilter_bytes_read());
+    } else {
       UMA_HISTOGRAM_TIMES("Net.HttpJob.TotalTimeNotCached", total_time);
       if (is_https_google) {
         if (used_quic) {
diff --git a/chromium/net/url_request/url_request_http_job.h b/chromium/net/url_request/url_request_http_job.h
index c914ff13046..edfcf2bb9e9 100644
--- a/chromium/net/url_request/url_request_http_job.h
+++ b/chromium/net/url_request/url_request_http_job.h
@@ -8,12 +8,12 @@
 #include <stddef.h>
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 #include <vector>
 
 #include "base/compiler_specific.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "base/time/time.h"
 #include "net/base/auth.h"
@@ -127,7 +127,7 @@ class NET_EXPORT_PRIVATE URLRequestHttpJob : public URLRequestJob {
   bool GetResponseCookies(std::vector<std::string>* cookies) override;
   int GetResponseCode() const override;
   void PopulateNetErrorDetails(NetErrorDetails* details) const override;
-  Filter* SetupFilter() const override;
+  std::unique_ptr<Filter> SetupFilter() const override;
   bool CopyFragmentOnRedirect(const GURL& location) const override;
   bool IsSafeRedirect(const GURL& location) override;
   bool NeedsAuth() override;
@@ -196,7 +196,7 @@ class NET_EXPORT_PRIVATE URLRequestHttpJob : public URLRequestJob {
 
   bool read_in_progress_;
 
-  scoped_ptr<HttpTransaction> transaction_;
+  std::unique_ptr<HttpTransaction> transaction_;
 
   // This is used to supervise traffic and enforce exponential
   // back-off. May be NULL.
@@ -204,7 +204,7 @@ class NET_EXPORT_PRIVATE URLRequestHttpJob : public URLRequestJob {
 
   // A handle to the SDCH dictionaries that were advertised in this request.
   // May be null.
-  scoped_ptr<SdchManager::DictionarySet> dictionaries_advertised_;
+  std::unique_ptr<SdchManager::DictionarySet> dictionaries_advertised_;
 
   // For SDCH latency experiments, when we are able to do SDCH, we may enable
   // either an SDCH latency test xor a pass through test. The following bools
@@ -248,7 +248,7 @@ class NET_EXPORT_PRIVATE URLRequestHttpJob : public URLRequestJob {
   // When the transaction finished reading the request headers.
   base::TimeTicks receive_headers_end_;
 
-  scoped_ptr<HttpFilterContext> filter_context_;
+  std::unique_ptr<HttpFilterContext> filter_context_;
 
   CompletionCallback on_headers_received_callback_;
 
diff --git a/chromium/net/url_request/url_request_http_job_unittest.cc b/chromium/net/url_request/url_request_http_job_unittest.cc
index accf94c0902..c12807f85b6 100644
--- a/chromium/net/url_request/url_request_http_job_unittest.cc
+++ b/chromium/net/url_request/url_request_http_job_unittest.cc
@@ -7,10 +7,11 @@
 #include <stdint.h>
 
 #include <cstddef>
+#include <memory>
 
 #include "base/compiler_specific.h"
+#include "base/memory/ptr_util.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/run_loop.h"
 #include "base/strings/string_split.h"
 #include "net/base/auth.h"
@@ -61,7 +62,7 @@ class URLRequestHttpJobTest : public ::testing::Test {
     // The |test_job_factory_| takes ownership of the interceptor.
     test_job_interceptor_ = new TestJobInterceptor();
     EXPECT_TRUE(test_job_factory_.SetProtocolHandler(
-        url::kHttpScheme, make_scoped_ptr(test_job_interceptor_)));
+        url::kHttpScheme, base::WrapUnique(test_job_interceptor_)));
     context_.set_job_factory(&test_job_factory_);
 
     context_.Init();
@@ -98,7 +99,7 @@ class URLRequestHttpJobTest : public ::testing::Test {
   }
 
   void EnableSdch() {
-    context_.SetSdchManager(scoped_ptr<SdchManager>(new SdchManager));
+    context_.SetSdchManager(std::unique_ptr<SdchManager>(new SdchManager));
   }
 
   MockNetworkLayer network_layer_;
@@ -109,7 +110,7 @@ class URLRequestHttpJobTest : public ::testing::Test {
 
   TestURLRequestContext context_;
   TestDelegate delegate_;
-  scoped_ptr<URLRequest> req_;
+  std::unique_ptr<URLRequest> req_;
 };
 
 class URLRequestHttpJobWithMockSocketsTest : public ::testing::Test {
@@ -125,7 +126,7 @@ class URLRequestHttpJobWithMockSocketsTest : public ::testing::Test {
   MockClientSocketFactory socket_factory_;
   TestNetworkDelegate network_delegate_;
   URLRequestBackoffManager manager_;
-  scoped_ptr<TestURLRequestContext> context_;
+  std::unique_ptr<TestURLRequestContext> context_;
 };
 
 const char kSimpleGetMockWrite[] =
@@ -148,7 +149,7 @@ TEST_F(URLRequestHttpJobWithMockSocketsTest,
   socket_factory_.AddSocketDataProvider(&socket_data);
 
   TestDelegate delegate;
-  scoped_ptr<URLRequest> request = context_->CreateRequest(
+  std::unique_ptr<URLRequest> request = context_->CreateRequest(
       GURL("http://www.example.com"), DEFAULT_PRIORITY, &delegate);
 
   request->Start();
@@ -177,7 +178,7 @@ TEST_F(URLRequestHttpJobWithMockSocketsTest,
   socket_factory_.AddSocketDataProvider(&socket_data);
 
   TestDelegate delegate;
-  scoped_ptr<URLRequest> request = context_->CreateRequest(
+  std::unique_ptr<URLRequest> request = context_->CreateRequest(
       GURL("http://www.example.com"), DEFAULT_PRIORITY, &delegate);
 
   request->Start();
@@ -208,7 +209,7 @@ TEST_F(URLRequestHttpJobWithMockSocketsTest, TestContentLengthFailedRequest) {
   socket_factory_.AddSocketDataProvider(&socket_data);
 
   TestDelegate delegate;
-  scoped_ptr<URLRequest> request = context_->CreateRequest(
+  std::unique_ptr<URLRequest> request = context_->CreateRequest(
       GURL("http://www.example.com"), DEFAULT_PRIORITY, &delegate);
 
   request->Start();
@@ -240,7 +241,7 @@ TEST_F(URLRequestHttpJobWithMockSocketsTest,
   socket_factory_.AddSocketDataProvider(&socket_data);
 
   TestDelegate delegate;
-  scoped_ptr<URLRequest> request = context_->CreateRequest(
+  std::unique_ptr<URLRequest> request = context_->CreateRequest(
       GURL("http://www.example.com"), DEFAULT_PRIORITY, &delegate);
 
   delegate.set_cancel_in_received_data(true);
@@ -288,7 +289,7 @@ TEST_F(URLRequestHttpJobWithMockSocketsTest,
   socket_factory_.AddSocketDataProvider(&final_socket_data);
 
   TestDelegate delegate;
-  scoped_ptr<URLRequest> request = context_->CreateRequest(
+  std::unique_ptr<URLRequest> request = context_->CreateRequest(
       GURL("http://www.redirect.com"), DEFAULT_PRIORITY, &delegate);
 
   request->Start();
@@ -320,7 +321,7 @@ TEST_F(URLRequestHttpJobWithMockSocketsTest,
   socket_factory_.AddSocketDataProvider(&socket_data);
 
   TestDelegate delegate;
-  scoped_ptr<URLRequest> request = context_->CreateRequest(
+  std::unique_ptr<URLRequest> request = context_->CreateRequest(
       GURL("http://www.example.com"), DEFAULT_PRIORITY, &delegate);
 
   delegate.set_cancel_in_response_started(true);
@@ -345,7 +346,7 @@ TEST_F(URLRequestHttpJobWithMockSocketsTest,
   socket_factory_.AddSocketDataProvider(&socket_data);
 
   TestDelegate delegate;
-  scoped_ptr<URLRequest> request = context_->CreateRequest(
+  std::unique_ptr<URLRequest> request = context_->CreateRequest(
       GURL("http://www.example.com"), DEFAULT_PRIORITY, &delegate);
 
   request->Start();
@@ -378,7 +379,7 @@ TEST_F(URLRequestHttpJobWithMockSocketsTest, BackoffHeader) {
   socket_factory_.AddSocketDataProvider(&socket_data);
 
   TestDelegate delegate1;
-  scoped_ptr<URLRequest> request1 = context_->CreateRequest(
+  std::unique_ptr<URLRequest> request1 = context_->CreateRequest(
       GURL("https://www.example.com"), DEFAULT_PRIORITY, &delegate1);
 
   request1->Start();
@@ -392,7 +393,7 @@ TEST_F(URLRequestHttpJobWithMockSocketsTest, BackoffHeader) {
 
   // Issue another request, and backoff logic should apply.
   TestDelegate delegate2;
-  scoped_ptr<URLRequest> request2 = context_->CreateRequest(
+  std::unique_ptr<URLRequest> request2 = context_->CreateRequest(
       GURL("https://www.example.com"), DEFAULT_PRIORITY, &delegate2);
 
   request2->Start();
@@ -441,7 +442,7 @@ TEST_F(URLRequestHttpJobWithMockSocketsTest, BackoffHeaderUserGesture) {
   socket_factory_.AddSocketDataProvider(&socket_data);
 
   TestDelegate delegate1;
-  scoped_ptr<URLRequest> request1 = context_->CreateRequest(
+  std::unique_ptr<URLRequest> request1 = context_->CreateRequest(
       GURL("https://www.example.com"), DEFAULT_PRIORITY, &delegate1);
 
   request1->Start();
@@ -455,7 +456,7 @@ TEST_F(URLRequestHttpJobWithMockSocketsTest, BackoffHeaderUserGesture) {
 
   // Issue a user-initiated request, backoff logic should not apply.
   TestDelegate delegate2;
-  scoped_ptr<URLRequest> request2 = context_->CreateRequest(
+  std::unique_ptr<URLRequest> request2 = context_->CreateRequest(
       GURL("https://www.example.com"), DEFAULT_PRIORITY, &delegate2);
   request2->SetLoadFlags(request2->load_flags() | LOAD_MAYBE_USER_GESTURE);
 
@@ -483,7 +484,7 @@ TEST_F(URLRequestHttpJobWithMockSocketsTest, BackoffHeaderNotSecure) {
   socket_factory_.AddSocketDataProvider(&socket_data);
 
   TestDelegate delegate;
-  scoped_ptr<URLRequest> request = context_->CreateRequest(
+  std::unique_ptr<URLRequest> request = context_->CreateRequest(
       GURL("http://www.example.com"), DEFAULT_PRIORITY, &delegate);
 
   request->Start();
@@ -517,7 +518,7 @@ TEST_F(URLRequestHttpJobWithMockSocketsTest, BackoffHeaderCachedResponse) {
   socket_factory_.AddSocketDataProvider(&socket_data);
 
   TestDelegate delegate1;
-  scoped_ptr<URLRequest> request1 = context_->CreateRequest(
+  std::unique_ptr<URLRequest> request1 = context_->CreateRequest(
       GURL("https://www.example.com"), DEFAULT_PRIORITY, &delegate1);
 
   request1->Start();
@@ -532,7 +533,7 @@ TEST_F(URLRequestHttpJobWithMockSocketsTest, BackoffHeaderCachedResponse) {
   // Backoff logic does not apply to a second request, since it is fetched
   // from cache.
   TestDelegate delegate2;
-  scoped_ptr<URLRequest> request2 = context_->CreateRequest(
+  std::unique_ptr<URLRequest> request2 = context_->CreateRequest(
       GURL("https://www.example.com"), DEFAULT_PRIORITY, &delegate2);
 
   request2->Start();
@@ -550,7 +551,7 @@ TEST_F(URLRequestHttpJobTest, TestCancelWhileReadingCookies) {
   context.Init();
 
   TestDelegate delegate;
-  scoped_ptr<URLRequest> request = context.CreateRequest(
+  std::unique_ptr<URLRequest> request = context.CreateRequest(
       GURL("http://www.example.com"), DEFAULT_PRIORITY, &delegate);
 
   request->Start();
@@ -564,7 +565,8 @@ TEST_F(URLRequestHttpJobTest, TestCancelWhileReadingCookies) {
 // Make sure that SetPriority actually sets the URLRequestHttpJob's
 // priority, before start.  Other tests handle the after start case.
 TEST_F(URLRequestHttpJobTest, SetPriorityBasic) {
-  scoped_ptr<TestURLRequestHttpJob> job(new TestURLRequestHttpJob(req_.get()));
+  std::unique_ptr<TestURLRequestHttpJob> job(
+      new TestURLRequestHttpJob(req_.get()));
   EXPECT_EQ(DEFAULT_PRIORITY, job->priority());
 
   job->SetPriority(LOWEST);
@@ -578,7 +580,7 @@ TEST_F(URLRequestHttpJobTest, SetPriorityBasic) {
 // transaction on start.
 TEST_F(URLRequestHttpJobTest, SetTransactionPriorityOnStart) {
   test_job_interceptor_->set_main_intercept_job(
-      make_scoped_ptr(new TestURLRequestHttpJob(req_.get())));
+      base::WrapUnique(new TestURLRequestHttpJob(req_.get())));
   req_->SetPriority(LOW);
 
   EXPECT_FALSE(network_layer_.last_transaction());
@@ -593,7 +595,7 @@ TEST_F(URLRequestHttpJobTest, SetTransactionPriorityOnStart) {
 // its transaction.
 TEST_F(URLRequestHttpJobTest, SetTransactionPriority) {
   test_job_interceptor_->set_main_intercept_job(
-      make_scoped_ptr(new TestURLRequestHttpJob(req_.get())));
+      base::WrapUnique(new TestURLRequestHttpJob(req_.get())));
   req_->SetPriority(LOW);
   req_->Start();
   ASSERT_TRUE(network_layer_.last_transaction());
@@ -608,7 +610,7 @@ TEST_F(URLRequestHttpJobTest, SdchAdvertisementGet) {
   EnableSdch();
   req_->set_method("GET");  // Redundant with default.
   test_job_interceptor_->set_main_intercept_job(
-      make_scoped_ptr(new TestURLRequestHttpJob(req_.get())));
+      base::WrapUnique(new TestURLRequestHttpJob(req_.get())));
   req_->Start();
   EXPECT_TRUE(TransactionAcceptsSdchEncoding());
 }
@@ -618,7 +620,7 @@ TEST_F(URLRequestHttpJobTest, SdchAdvertisementPost) {
   EnableSdch();
   req_->set_method("POST");
   test_job_interceptor_->set_main_intercept_job(
-      make_scoped_ptr(new TestURLRequestHttpJob(req_.get())));
+      base::WrapUnique(new TestURLRequestHttpJob(req_.get())));
   req_->Start();
   EXPECT_FALSE(TransactionAcceptsSdchEncoding());
 }
@@ -638,7 +640,7 @@ class MockSdchObserver : public SdchObserver {
 class URLRequestHttpJobWithSdchSupportTest : public ::testing::Test {
  protected:
   URLRequestHttpJobWithSdchSupportTest() : context_(true) {
-    scoped_ptr<HttpNetworkSession::Params> params(
+    std::unique_ptr<HttpNetworkSession::Params> params(
         new HttpNetworkSession::Params);
     context_.set_http_network_session_params(std::move(params));
     context_.set_client_socket_factory(&socket_factory_);
@@ -678,7 +680,7 @@ TEST_F(URLRequestHttpJobWithSdchSupportTest, GetDictionary) {
   EXPECT_CALL(sdch_observer,
               OnGetDictionary(url, GURL("http://example.com/sdch.dict")));
   TestDelegate delegate;
-  scoped_ptr<URLRequest> request =
+  std::unique_ptr<URLRequest> request =
       context_.CreateRequest(url, DEFAULT_PRIORITY, &delegate);
   request->Start();
   base::RunLoop().RunUntilIdle();
@@ -687,7 +689,7 @@ TEST_F(URLRequestHttpJobWithSdchSupportTest, GetDictionary) {
 
   // Second response should be from cache without notification of SdchObserver
   TestDelegate delegate2;
-  scoped_ptr<URLRequest> request2 =
+  std::unique_ptr<URLRequest> request2 =
       context_.CreateRequest(url, DEFAULT_PRIORITY, &delegate2);
   request2->Start();
   base::RunLoop().RunUntilIdle();
@@ -702,16 +704,16 @@ class URLRequestHttpJobWithBrotliSupportTest : public ::testing::Test {
  protected:
   URLRequestHttpJobWithBrotliSupportTest()
       : context_(new TestURLRequestContext(true)) {
-    scoped_ptr<HttpNetworkSession::Params> params(
+    std::unique_ptr<HttpNetworkSession::Params> params(
         new HttpNetworkSession::Params);
-    params->enable_brotli = true;
+    context_->set_enable_brotli(true);
     context_->set_http_network_session_params(std::move(params));
     context_->set_client_socket_factory(&socket_factory_);
     context_->Init();
   }
 
   MockClientSocketFactory socket_factory_;
-  scoped_ptr<TestURLRequestContext> context_;
+  std::unique_ptr<TestURLRequestContext> context_;
 };
 
 TEST_F(URLRequestHttpJobWithBrotliSupportTest, NoBrotliAdvertisementOverHttp) {
@@ -724,7 +726,7 @@ TEST_F(URLRequestHttpJobWithBrotliSupportTest, NoBrotliAdvertisementOverHttp) {
   socket_factory_.AddSocketDataProvider(&socket_data);
 
   TestDelegate delegate;
-  scoped_ptr<URLRequest> request = context_->CreateRequest(
+  std::unique_ptr<URLRequest> request = context_->CreateRequest(
       GURL("http://www.example.com"), DEFAULT_PRIORITY, &delegate);
   request->Start();
   base::RunLoop().RunUntilIdle();
@@ -759,7 +761,7 @@ TEST_F(URLRequestHttpJobWithBrotliSupportTest, BrotliAdvertisement) {
   socket_factory_.AddSocketDataProvider(&socket_data);
 
   TestDelegate delegate;
-  scoped_ptr<URLRequest> request = context_->CreateRequest(
+  std::unique_ptr<URLRequest> request = context_->CreateRequest(
       GURL("https://www.example.com"), DEFAULT_PRIORITY, &delegate);
   request->Start();
   base::RunLoop().RunUntilIdle();
@@ -805,7 +807,7 @@ class URLRequestHttpJobWebSocketTest
   }
 
   TestDelegate delegate_;
-  scoped_ptr<URLRequest> req_;
+  std::unique_ptr<URLRequest> req_;
 };
 
 class MockCreateHelper : public WebSocketHandshakeStreamBase::CreateHelper {
@@ -813,7 +815,7 @@ class MockCreateHelper : public WebSocketHandshakeStreamBase::CreateHelper {
   // GoogleMock does not appear to play nicely with move-only types like
   // scoped_ptr, so this forwarding method acts as a workaround.
   WebSocketHandshakeStreamBase* CreateBasicStream(
-      scoped_ptr<ClientSocketHandle> connection,
+      std::unique_ptr<ClientSocketHandle> connection,
       bool using_proxy) override {
     // Discard the arguments since we don't need them anyway.
     return CreateBasicStreamMock();
@@ -907,8 +909,8 @@ class FakeWebSocketHandshakeStream : public WebSocketHandshakeStreamBase {
   HttpStream* RenewStreamForAuth() override { return nullptr; }
 
   // Fake implementation of WebSocketHandshakeStreamBase method(s)
-  scoped_ptr<WebSocketStream> Upgrade() override {
-    return scoped_ptr<WebSocketStream>();
+  std::unique_ptr<WebSocketStream> Upgrade() override {
+    return std::unique_ptr<WebSocketStream>();
   }
 
  private:
@@ -923,7 +925,7 @@ TEST_F(URLRequestHttpJobWebSocketTest, RejectedWithoutCreateHelper) {
 }
 
 TEST_F(URLRequestHttpJobWebSocketTest, CreateHelperPassedThrough) {
-  scoped_ptr<MockCreateHelper> create_helper(
+  std::unique_ptr<MockCreateHelper> create_helper(
       new ::testing::StrictMock<MockCreateHelper>());
   FakeWebSocketHandshakeStream* fake_handshake_stream(
       new FakeWebSocketHandshakeStream);
diff --git a/chromium/net/url_request/url_request_intercepting_job_factory.cc b/chromium/net/url_request/url_request_intercepting_job_factory.cc
index 3ced003168a..add05c9853d 100644
--- a/chromium/net/url_request/url_request_intercepting_job_factory.cc
+++ b/chromium/net/url_request/url_request_intercepting_job_factory.cc
@@ -12,8 +12,8 @@
 namespace net {
 
 URLRequestInterceptingJobFactory::URLRequestInterceptingJobFactory(
-    scoped_ptr<URLRequestJobFactory> job_factory,
-    scoped_ptr<URLRequestInterceptor> interceptor)
+    std::unique_ptr<URLRequestJobFactory> job_factory,
+    std::unique_ptr<URLRequestInterceptor> interceptor)
     : job_factory_(std::move(job_factory)),
       interceptor_(std::move(interceptor)) {}
 
diff --git a/chromium/net/url_request/url_request_intercepting_job_factory.h b/chromium/net/url_request/url_request_intercepting_job_factory.h
index 7dcb353c0b5..e4d616a3b20 100644
--- a/chromium/net/url_request/url_request_intercepting_job_factory.h
+++ b/chromium/net/url_request/url_request_intercepting_job_factory.h
@@ -5,11 +5,11 @@
 #ifndef NET_URL_REQUEST_URL_REQUEST_INTERCEPTING_JOB_FACTORY_H_
 #define NET_URL_REQUEST_URL_REQUEST_INTERCEPTING_JOB_FACTORY_H_
 
+#include <memory>
 #include <string>
 
 #include "base/compiler_specific.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 #include "net/url_request/url_request_job_factory.h"
 
@@ -33,8 +33,8 @@ class NET_EXPORT URLRequestInterceptingJobFactory
     : public URLRequestJobFactory {
  public:
   URLRequestInterceptingJobFactory(
-      scoped_ptr<URLRequestJobFactory> job_factory,
-      scoped_ptr<URLRequestInterceptor> interceptor);
+      std::unique_ptr<URLRequestJobFactory> job_factory,
+      std::unique_ptr<URLRequestInterceptor> interceptor);
   ~URLRequestInterceptingJobFactory() override;
 
   // URLRequestJobFactory implementation
@@ -57,8 +57,8 @@ class NET_EXPORT URLRequestInterceptingJobFactory
   bool IsSafeRedirectTarget(const GURL& location) const override;
 
  private:
-  scoped_ptr<URLRequestJobFactory> job_factory_;
-  scoped_ptr<URLRequestInterceptor> interceptor_;
+  std::unique_ptr<URLRequestJobFactory> job_factory_;
+  std::unique_ptr<URLRequestInterceptor> interceptor_;
 
   DISALLOW_COPY_AND_ASSIGN(URLRequestInterceptingJobFactory);
 };
diff --git a/chromium/net/url_request/url_request_job.cc b/chromium/net/url_request/url_request_job.cc
index 239ab4bf6ee..63edfe36661 100644
--- a/chromium/net/url_request/url_request_job.cc
+++ b/chromium/net/url_request/url_request_job.cc
@@ -15,7 +15,7 @@
 #include "base/single_thread_task_runner.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_util.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/values.h"
 #include "net/base/auth.h"
 #include "net/base/host_port_pair.h"
@@ -24,9 +24,9 @@
 #include "net/base/load_states.h"
 #include "net/base/net_errors.h"
 #include "net/base/network_delegate.h"
-#include "net/base/network_quality_estimator.h"
 #include "net/filter/filter.h"
 #include "net/http/http_response_headers.h"
+#include "net/nqe/network_quality_estimator.h"
 #include "net/url_request/url_request_context.h"
 
 namespace net {
@@ -34,10 +34,11 @@ namespace net {
 namespace {
 
 // Callback for TYPE_URL_REQUEST_FILTERS_SET net-internals event.
-scoped_ptr<base::Value> FiltersSetCallback(
+std::unique_ptr<base::Value> FiltersSetCallback(
     Filter* filter,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> event_params(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> event_params(
+      new base::DictionaryValue());
   event_params->SetString("filters", filter->OrderedFilterList());
   return std::move(event_params);
 }
@@ -198,8 +199,8 @@ void URLRequestJob::PopulateNetErrorDetails(NetErrorDetails* details) const {
   return;
 }
 
-Filter* URLRequestJob::SetupFilter() const {
-  return NULL;
+std::unique_ptr<Filter> URLRequestJob::SetupFilter() const {
+  return nullptr;
 }
 
 bool URLRequestJob::IsRedirectResponse(GURL* location,
@@ -445,7 +446,7 @@ void URLRequestJob::NotifyHeadersComplete() {
 
   has_handled_response_ = true;
   if (request_->status().is_success())
-    filter_.reset(SetupFilter());
+    filter_ = SetupFilter();
 
   if (!filter_.get()) {
     std::string content_length;
diff --git a/chromium/net/url_request/url_request_job.h b/chromium/net/url_request/url_request_job.h
index 9555b67f0f2..4f19544e966 100644
--- a/chromium/net/url_request/url_request_job.h
+++ b/chromium/net/url_request/url_request_job.h
@@ -7,11 +7,11 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 #include <vector>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "base/message_loop/message_loop.h"
 #include "base/power_monitor/power_observer.h"
@@ -155,7 +155,7 @@ class NET_EXPORT URLRequestJob : public base::PowerObserver {
   // This class takes ownership of the returned Filter.
   //
   // The default implementation returns NULL.
-  virtual Filter* SetupFilter() const;
+  virtual std::unique_ptr<Filter> SetupFilter() const;
 
   // Called to determine if this response is a redirect.  Only makes sense
   // for some types of requests.  This method returns true if the response
@@ -431,7 +431,7 @@ class NET_EXPORT URLRequestJob : public base::PowerObserver {
   int64_t postfilter_bytes_read_;
 
   // The data stream filter which is enabled on demand.
-  scoped_ptr<Filter> filter_;
+  std::unique_ptr<Filter> filter_;
 
   // If the filter filled its output buffer, then there is a change that it
   // still has internal data to emit, and this flag is set.
diff --git a/chromium/net/url_request/url_request_job_factory_impl.cc b/chromium/net/url_request/url_request_job_factory_impl.cc
index 58b97f59937..f69db49ed51 100644
--- a/chromium/net/url_request/url_request_job_factory_impl.cc
+++ b/chromium/net/url_request/url_request_job_factory_impl.cc
@@ -24,7 +24,7 @@ URLRequestJobFactoryImpl::~URLRequestJobFactoryImpl() {}
 
 bool URLRequestJobFactoryImpl::SetProtocolHandler(
     const std::string& scheme,
-    scoped_ptr<ProtocolHandler> protocol_handler) {
+    std::unique_ptr<ProtocolHandler> protocol_handler) {
   DCHECK(CalledOnValidThread());
 
   if (!protocol_handler) {
diff --git a/chromium/net/url_request/url_request_job_factory_impl.h b/chromium/net/url_request/url_request_job_factory_impl.h
index aee73685740..a0d0c490acb 100644
--- a/chromium/net/url_request/url_request_job_factory_impl.h
+++ b/chromium/net/url_request/url_request_job_factory_impl.h
@@ -6,11 +6,11 @@
 #define NET_URL_REQUEST_URL_REQUEST_JOB_FACTORY_IMPL_H_
 
 #include <map>
+#include <memory>
 #include <string>
 
 #include "base/compiler_specific.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 #include "net/url_request/url_request_job_factory.h"
 
@@ -26,7 +26,7 @@ class NET_EXPORT URLRequestJobFactoryImpl : public URLRequestJobFactory {
   // Sets the ProtocolHandler for a scheme. Returns true on success, false on
   // failure (a ProtocolHandler already exists for |scheme|).
   bool SetProtocolHandler(const std::string& scheme,
-                          scoped_ptr<ProtocolHandler> protocol_handler);
+                          std::unique_ptr<ProtocolHandler> protocol_handler);
 
   // URLRequestJobFactory implementation
   URLRequestJob* MaybeCreateJobWithProtocolHandler(
@@ -51,7 +51,8 @@ class NET_EXPORT URLRequestJobFactoryImpl : public URLRequestJobFactory {
   // For testing only.
   friend class URLRequestFilter;
 
-  typedef std::map<std::string, scoped_ptr<ProtocolHandler>> ProtocolHandlerMap;
+  typedef std::map<std::string, std::unique_ptr<ProtocolHandler>>
+      ProtocolHandlerMap;
 
   // Sets a global URLRequestInterceptor for testing purposes.  The interceptor
   // is given the chance to intercept any request before the corresponding
diff --git a/chromium/net/url_request/url_request_job_factory_impl_unittest.cc b/chromium/net/url_request/url_request_job_factory_impl_unittest.cc
index dbcc8caab14..bc7f7f61d7f 100644
--- a/chromium/net/url_request/url_request_job_factory_impl_unittest.cc
+++ b/chromium/net/url_request/url_request_job_factory_impl_unittest.cc
@@ -4,12 +4,14 @@
 
 #include "net/url_request/url_request_job_factory_impl.h"
 
+#include <memory>
+
 #include "base/bind.h"
 #include "base/location.h"
-#include "base/memory/scoped_ptr.h"
+#include "base/memory/ptr_util.h"
 #include "base/memory/weak_ptr.h"
 #include "base/single_thread_task_runner.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/request_priority.h"
 #include "net/url_request/url_request.h"
 #include "net/url_request/url_request_job.h"
@@ -56,7 +58,7 @@ class DummyProtocolHandler : public URLRequestJobFactory::ProtocolHandler {
 TEST(URLRequestJobFactoryTest, NoProtocolHandler) {
   TestDelegate delegate;
   TestURLRequestContext request_context;
-  scoped_ptr<URLRequest> request(request_context.CreateRequest(
+  std::unique_ptr<URLRequest> request(request_context.CreateRequest(
       GURL("foo://bar"), DEFAULT_PRIORITY, &delegate));
   request->Start();
 
@@ -71,8 +73,8 @@ TEST(URLRequestJobFactoryTest, BasicProtocolHandler) {
   TestURLRequestContext request_context;
   request_context.set_job_factory(&job_factory);
   job_factory.SetProtocolHandler("foo",
-                                 make_scoped_ptr(new DummyProtocolHandler));
-  scoped_ptr<URLRequest> request(request_context.CreateRequest(
+                                 base::WrapUnique(new DummyProtocolHandler));
+  std::unique_ptr<URLRequest> request(request_context.CreateRequest(
       GURL("foo://bar"), DEFAULT_PRIORITY, &delegate));
   request->Start();
 
@@ -86,7 +88,7 @@ TEST(URLRequestJobFactoryTest, DeleteProtocolHandler) {
   TestURLRequestContext request_context;
   request_context.set_job_factory(&job_factory);
   job_factory.SetProtocolHandler("foo",
-                                 make_scoped_ptr(new DummyProtocolHandler));
+                                 base::WrapUnique(new DummyProtocolHandler));
   job_factory.SetProtocolHandler("foo", nullptr);
 }
 
diff --git a/chromium/net/url_request/url_request_job_unittest.cc b/chromium/net/url_request/url_request_job_unittest.cc
index 37a457f5090..99856b3c87e 100644
--- a/chromium/net/url_request/url_request_job_unittest.cc
+++ b/chromium/net/url_request/url_request_job_unittest.cc
@@ -4,7 +4,8 @@
 
 #include "net/url_request/url_request_job.h"
 
-#include "base/memory/scoped_ptr.h"
+#include <memory>
+
 #include "base/run_loop.h"
 #include "net/base/request_priority.h"
 #include "net/http/http_transaction_test_util.h"
@@ -152,7 +153,7 @@ TEST(URLRequestJob, TransactionNotifiedWhenDone) {
   context.set_http_transaction_factory(&network_layer);
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(
+  std::unique_ptr<URLRequest> req(
       context.CreateRequest(GURL(kGZip_Transaction.url), DEFAULT_PRIORITY, &d));
   AddMockTransaction(&kGZip_Transaction);
 
@@ -172,7 +173,7 @@ TEST(URLRequestJob, SyncTransactionNotifiedWhenDone) {
   context.set_http_transaction_factory(&network_layer);
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(
+  std::unique_ptr<URLRequest> req(
       context.CreateRequest(GURL(kGZip_Transaction.url), DEFAULT_PRIORITY, &d));
   MockTransaction transaction(kGZip_Transaction);
   transaction.test_mode = TEST_MODE_SYNC_ALL;
@@ -195,7 +196,7 @@ TEST(URLRequestJob, SyncSlowTransaction) {
   context.set_http_transaction_factory(&network_layer);
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(
+  std::unique_ptr<URLRequest> req(
       context.CreateRequest(GURL(kGZip_Transaction.url), DEFAULT_PRIORITY, &d));
   MockTransaction transaction(kGZip_Transaction);
   transaction.test_mode = TEST_MODE_SYNC_ALL | TEST_MODE_SLOW_READ;
@@ -218,7 +219,7 @@ TEST(URLRequestJob, RedirectTransactionNotifiedWhenDone) {
   context.set_http_transaction_factory(&network_layer);
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(context.CreateRequest(
+  std::unique_ptr<URLRequest> req(context.CreateRequest(
       GURL(kRedirect_Transaction.url), DEFAULT_PRIORITY, &d));
   AddMockTransaction(&kRedirect_Transaction);
 
@@ -241,7 +242,7 @@ TEST(URLRequestJob, TransactionNotCachedWhenNetworkDelegateRedirects) {
   context.set_network_delegate(&network_delegate);
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(
+  std::unique_ptr<URLRequest> req(
       context.CreateRequest(GURL(kGZip_Transaction.url), DEFAULT_PRIORITY, &d));
   AddMockTransaction(&kGZip_Transaction);
 
@@ -264,7 +265,7 @@ TEST(URLRequestJob, EmptyBodySkipFilter) {
   context.set_http_transaction_factory(&network_layer);
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(context.CreateRequest(
+  std::unique_ptr<URLRequest> req(context.CreateRequest(
       GURL(kEmptyBodyGzip_Transaction.url), DEFAULT_PRIORITY, &d));
   AddMockTransaction(&kEmptyBodyGzip_Transaction);
 
@@ -288,7 +289,7 @@ TEST(URLRequestJob, InvalidContentGZipTransaction) {
   context.set_http_transaction_factory(&network_layer);
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(context.CreateRequest(
+  std::unique_ptr<URLRequest> req(context.CreateRequest(
       GURL(kInvalidContentGZip_Transaction.url), DEFAULT_PRIORITY, &d));
   AddMockTransaction(&kInvalidContentGZip_Transaction);
 
@@ -316,7 +317,7 @@ TEST(URLRequestJob, SlowFilterRead) {
   context.set_http_transaction_factory(&network_layer);
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(context.CreateRequest(
+  std::unique_ptr<URLRequest> req(context.CreateRequest(
       GURL(kGzip_Slow_Transaction.url), DEFAULT_PRIORITY, &d));
   AddMockTransaction(&kGzip_Slow_Transaction);
 
@@ -339,7 +340,7 @@ TEST(URLRequestJob, SlowBrotliRead) {
   context.set_http_transaction_factory(&network_layer);
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(context.CreateRequest(
+  std::unique_ptr<URLRequest> req(context.CreateRequest(
       GURL(kBrotli_Slow_Transaction.url), DEFAULT_PRIORITY, &d));
   AddMockTransaction(&kBrotli_Slow_Transaction);
 
diff --git a/chromium/net/url_request/url_request_netlog_params.cc b/chromium/net/url_request/url_request_netlog_params.cc
index f238b87e5cc..ad7be23f835 100644
--- a/chromium/net/url_request/url_request_netlog_params.cc
+++ b/chromium/net/url_request/url_request_netlog_params.cc
@@ -12,14 +12,14 @@
 
 namespace net {
 
-scoped_ptr<base::Value> NetLogURLRequestStartCallback(
+std::unique_ptr<base::Value> NetLogURLRequestStartCallback(
     const GURL* url,
     const std::string* method,
     int load_flags,
     RequestPriority priority,
     int64_t upload_id,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetString("url", url->possibly_invalid_spec());
   dict->SetString("method", *method);
   dict->SetInteger("load_flags", load_flags);
diff --git a/chromium/net/url_request/url_request_netlog_params.h b/chromium/net/url_request/url_request_netlog_params.h
index 13dd2d1b638..e3b92c601b9 100644
--- a/chromium/net/url_request/url_request_netlog_params.h
+++ b/chromium/net/url_request/url_request_netlog_params.h
@@ -22,7 +22,7 @@ class Value;
 namespace net {
 
 // Returns a Value containing NetLog parameters for starting a URLRequest.
-NET_EXPORT scoped_ptr<base::Value> NetLogURLRequestStartCallback(
+NET_EXPORT std::unique_ptr<base::Value> NetLogURLRequestStartCallback(
     const GURL* url,
     const std::string* method,
     int load_flags,
diff --git a/chromium/net/url_request/url_request_redirect_job.cc b/chromium/net/url_request/url_request_redirect_job.cc
index 5d3fbdb9386..4e81728e338 100644
--- a/chromium/net/url_request/url_request_redirect_job.cc
+++ b/chromium/net/url_request/url_request_redirect_job.cc
@@ -12,7 +12,7 @@
 #include "base/logging.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/stringprintf.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/values.h"
 #include "net/base/load_timing_info.h"
 #include "net/base/net_errors.h"
diff --git a/chromium/net/url_request/url_request_simple_job.cc b/chromium/net/url_request/url_request_simple_job.cc
index 0f7104ffee4..4f8b01ab3a7 100644
--- a/chromium/net/url_request/url_request_simple_job.cc
+++ b/chromium/net/url_request/url_request_simple_job.cc
@@ -11,7 +11,7 @@
 #include "base/location.h"
 #include "base/memory/ref_counted_memory.h"
 #include "base/single_thread_task_runner.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/threading/worker_pool.h"
 #include "net/base/io_buffer.h"
 #include "net/base/net_errors.h"
diff --git a/chromium/net/url_request/url_request_simple_job_unittest.cc b/chromium/net/url_request/url_request_simple_job_unittest.cc
index f123bedc499..204693cdab8 100644
--- a/chromium/net/url_request/url_request_simple_job_unittest.cc
+++ b/chromium/net/url_request/url_request_simple_job_unittest.cc
@@ -2,9 +2,13 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "net/url_request/url_request_simple_job.h"
+
+#include <memory>
+
 #include "base/bind_helpers.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
+#include "base/memory/ptr_util.h"
 #include "base/run_loop.h"
 #include "base/strings/stringprintf.h"
 #include "base/test/sequenced_worker_pool_owner.h"
@@ -13,7 +17,6 @@
 #include "net/url_request/url_request_job.h"
 #include "net/url_request/url_request_job_factory.h"
 #include "net/url_request/url_request_job_factory_impl.h"
-#include "net/url_request/url_request_simple_job.h"
 #include "net/url_request/url_request_test_util.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
@@ -87,7 +90,7 @@ class CancelAfterFirstReadURLRequestDelegate : public TestDelegate {
   void WaitUntilHeadersReceived() const { run_loop_->Run(); }
 
  private:
-  scoped_ptr<base::RunLoop> run_loop_;
+  std::unique_ptr<base::RunLoop> run_loop_;
 
   DISALLOW_COPY_AND_ASSIGN(CancelAfterFirstReadURLRequestDelegate);
 };
@@ -123,7 +126,7 @@ class URLRequestSimpleJobTest : public ::testing::Test {
                              base::SequencedWorkerPool::SKIP_ON_SHUTDOWN)),
         context_(true) {
     job_factory_.SetProtocolHandler(
-        "data", make_scoped_ptr(new SimpleJobProtocolHandler(task_runner_)));
+        "data", base::WrapUnique(new SimpleJobProtocolHandler(task_runner_)));
     context_.set_job_factory(&job_factory_);
     context_.Init();
 
@@ -147,7 +150,7 @@ class URLRequestSimpleJobTest : public ::testing::Test {
   TestURLRequestContext context_;
   URLRequestJobFactoryImpl job_factory_;
   TestDelegate delegate_;
-  scoped_ptr<URLRequest> request_;
+  std::unique_ptr<URLRequest> request_;
 };
 
 }  // namespace
diff --git a/chromium/net/url_request/url_request_test_job.cc b/chromium/net/url_request/url_request_test_job.cc
index bd1c9052baa..aa39c3ac4ed 100644
--- a/chromium/net/url_request/url_request_test_job.cc
+++ b/chromium/net/url_request/url_request_test_job.cc
@@ -11,9 +11,10 @@
 #include "base/compiler_specific.h"
 #include "base/lazy_instance.h"
 #include "base/location.h"
+#include "base/memory/ptr_util.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/string_util.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/io_buffer.h"
 #include "net/base/net_errors.h"
 #include "net/http/http_response_headers.h"
@@ -111,9 +112,9 @@ std::string URLRequestTestJob::test_error_headers() {
 }
 
 // static
-scoped_ptr<URLRequestJobFactory::ProtocolHandler>
+std::unique_ptr<URLRequestJobFactory::ProtocolHandler>
 URLRequestTestJob::CreateProtocolHandler() {
-  return make_scoped_ptr(new TestJobProtocolHandler());
+  return base::WrapUnique(new TestJobProtocolHandler());
 }
 
 URLRequestTestJob::URLRequestTestJob(URLRequest* request,
diff --git a/chromium/net/url_request/url_request_test_job.h b/chromium/net/url_request/url_request_test_job.h
index e733d1c9be9..ef2e37e46fe 100644
--- a/chromium/net/url_request/url_request_test_job.h
+++ b/chromium/net/url_request/url_request_test_job.h
@@ -107,7 +107,7 @@ class NET_EXPORT_PRIVATE URLRequestTestJob : public URLRequestJob {
   RequestPriority priority() const { return priority_; }
 
   // Create a protocol handler for callers that don't subclass.
-  static scoped_ptr<URLRequestJobFactory::ProtocolHandler>
+  static std::unique_ptr<URLRequestJobFactory::ProtocolHandler>
   CreateProtocolHandler();
 
   // Job functions
diff --git a/chromium/net/url_request/url_request_test_util.cc b/chromium/net/url_request/url_request_test_util.cc
index fbcc19b420f..f2739dffaa1 100644
--- a/chromium/net/url_request/url_request_test_util.cc
+++ b/chromium/net/url_request/url_request_test_util.cc
@@ -9,10 +9,11 @@
 #include "base/compiler_specific.h"
 #include "base/location.h"
 #include "base/logging.h"
+#include "base/memory/ptr_util.h"
 #include "base/message_loop/message_loop.h"
 #include "base/single_thread_task_runner.h"
-#include "base/thread_task_runner_handle.h"
 #include "base/threading/thread.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/threading/worker_pool.h"
 #include "net/base/host_port_pair.h"
 #include "net/cert/cert_verifier.h"
@@ -74,14 +75,14 @@ void TestURLRequestContext::Init() {
 
   if (!host_resolver())
     context_storage_.set_host_resolver(
-        scoped_ptr<HostResolver>(new MockCachingHostResolver()));
+        std::unique_ptr<HostResolver>(new MockCachingHostResolver()));
   if (!proxy_service())
     context_storage_.set_proxy_service(ProxyService::CreateDirect());
   if (!cert_verifier())
     context_storage_.set_cert_verifier(CertVerifier::CreateDefault());
   if (!transport_security_state())
     context_storage_.set_transport_security_state(
-        make_scoped_ptr(new TransportSecurityState()));
+        base::WrapUnique(new TransportSecurityState()));
   if (!ssl_config_service())
     context_storage_.set_ssl_config_service(new SSLConfigServiceDefaults());
   if (!http_auth_handler_factory()) {
@@ -90,7 +91,19 @@ void TestURLRequestContext::Init() {
   }
   if (!http_server_properties()) {
     context_storage_.set_http_server_properties(
-        scoped_ptr<HttpServerProperties>(new HttpServerPropertiesImpl()));
+        std::unique_ptr<HttpServerProperties>(new HttpServerPropertiesImpl()));
+  }
+  // In-memory cookie store.
+  if (!cookie_store()) {
+    context_storage_.set_cookie_store(
+        base::WrapUnique(new CookieMonster(nullptr, nullptr)));
+  }
+  // In-memory Channel ID service.  Must be created before the
+  // HttpNetworkSession.
+  if (!channel_id_service()) {
+    context_storage_.set_channel_id_service(base::WrapUnique(
+        new ChannelIDService(new DefaultChannelIDStore(nullptr),
+                             base::WorkerPool::GetTaskRunner(true))));
   }
   if (http_transaction_factory()) {
     // Make sure we haven't been passed an object we're not going to use.
@@ -115,29 +128,18 @@ void TestURLRequestContext::Init() {
     params.net_log = net_log();
     params.channel_id_service = channel_id_service();
     context_storage_.set_http_network_session(
-        make_scoped_ptr(new HttpNetworkSession(params)));
-    context_storage_.set_http_transaction_factory(make_scoped_ptr(
+        base::WrapUnique(new HttpNetworkSession(params)));
+    context_storage_.set_http_transaction_factory(base::WrapUnique(
         new HttpCache(context_storage_.http_network_session(),
                       HttpCache::DefaultBackend::InMemory(0), false)));
   }
-  // In-memory cookie store.
-  if (!cookie_store()) {
-    context_storage_.set_cookie_store(
-        make_scoped_ptr(new CookieMonster(nullptr, nullptr)));
-  }
-  // In-memory Channel ID service.
-  if (!channel_id_service()) {
-    context_storage_.set_channel_id_service(make_scoped_ptr(
-        new ChannelIDService(new DefaultChannelIDStore(nullptr),
-                             base::WorkerPool::GetTaskRunner(true))));
-  }
   if (!http_user_agent_settings()) {
-    context_storage_.set_http_user_agent_settings(make_scoped_ptr(
+    context_storage_.set_http_user_agent_settings(base::WrapUnique(
         new StaticHttpUserAgentSettings("en-us,fr", std::string())));
   }
   if (!job_factory()) {
     context_storage_.set_job_factory(
-        make_scoped_ptr(new URLRequestJobFactoryImpl()));
+        base::WrapUnique(new URLRequestJobFactoryImpl()));
   }
 }
 
@@ -149,7 +151,7 @@ TestURLRequestContextGetter::TestURLRequestContextGetter(
 
 TestURLRequestContextGetter::TestURLRequestContextGetter(
     const scoped_refptr<base::SingleThreadTaskRunner>& network_task_runner,
-    scoped_ptr<TestURLRequestContext> context)
+    std::unique_ptr<TestURLRequestContext> context)
     : network_task_runner_(network_task_runner), context_(std::move(context)) {
   DCHECK(network_task_runner_.get());
 }
@@ -655,7 +657,8 @@ URLRequestJob* TestJobInterceptor::MaybeCreateJob(
   return main_intercept_job_.release();
 }
 
-void TestJobInterceptor::set_main_intercept_job(scoped_ptr<URLRequestJob> job) {
+void TestJobInterceptor::set_main_intercept_job(
+    std::unique_ptr<URLRequestJob> job) {
   main_intercept_job_ = std::move(job);
 }
 
diff --git a/chromium/net/url_request/url_request_test_util.h b/chromium/net/url_request/url_request_test_util.h
index dc8d0e18954..a18ef8ce130 100644
--- a/chromium/net/url_request/url_request_test_util.h
+++ b/chromium/net/url_request/url_request_test_util.h
@@ -7,13 +7,14 @@
 
 #include <stdint.h>
 #include <stdlib.h>
+
 #include <map>
+#include <memory>
 #include <string>
 #include <utility>
 
 #include "base/compiler_specific.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/path_service.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/string16.h"
@@ -76,11 +77,11 @@ class TestURLRequestContext : public URLRequestContext {
   }
 
   void set_http_network_session_params(
-      scoped_ptr<HttpNetworkSession::Params> params) {
+      std::unique_ptr<HttpNetworkSession::Params> params) {
     http_network_session_params_ = std::move(params);
   }
 
-  void SetSdchManager(scoped_ptr<SdchManager> sdch_manager) {
+  void SetSdchManager(std::unique_ptr<SdchManager> sdch_manager) {
     context_storage_.set_sdch_manager(std::move(sdch_manager));
   }
 
@@ -95,7 +96,7 @@ class TestURLRequestContext : public URLRequestContext {
   // Optional parameters to override default values.  Note that values that
   // point to other objects the TestURLRequestContext creates will be
   // overwritten.
-  scoped_ptr<HttpNetworkSession::Params> http_network_session_params_;
+  std::unique_ptr<HttpNetworkSession::Params> http_network_session_params_;
 
   // Not owned:
   ClientSocketFactory* client_socket_factory_;
@@ -121,7 +122,7 @@ class TestURLRequestContextGetter : public URLRequestContextGetter {
   // Use to pass a pre-initialized |context|.
   TestURLRequestContextGetter(
       const scoped_refptr<base::SingleThreadTaskRunner>& network_task_runner,
-      scoped_ptr<TestURLRequestContext> context);
+      std::unique_ptr<TestURLRequestContext> context);
 
   // URLRequestContextGetter implementation.
   TestURLRequestContext* GetURLRequestContext() override;
@@ -133,7 +134,7 @@ class TestURLRequestContextGetter : public URLRequestContextGetter {
 
  private:
   const scoped_refptr<base::SingleThreadTaskRunner> network_task_runner_;
-  scoped_ptr<TestURLRequestContext> context_;
+  std::unique_ptr<TestURLRequestContext> context_;
 };
 
 //-----------------------------------------------------------------------------
@@ -417,10 +418,10 @@ class TestJobInterceptor : public URLRequestJobFactory::ProtocolHandler {
   URLRequestJob* MaybeCreateJob(
       URLRequest* request,
       NetworkDelegate* network_delegate) const override;
-  void set_main_intercept_job(scoped_ptr<URLRequestJob> job);
+  void set_main_intercept_job(std::unique_ptr<URLRequestJob> job);
 
  private:
-  mutable scoped_ptr<URLRequestJob> main_intercept_job_;
+  mutable std::unique_ptr<URLRequestJob> main_intercept_job_;
 };
 
 }  // namespace net
diff --git a/chromium/net/url_request/url_request_throttler_entry.cc b/chromium/net/url_request/url_request_throttler_entry.cc
index 7c85edc10d7..304d7d18465 100644
--- a/chromium/net/url_request/url_request_throttler_entry.cc
+++ b/chromium/net/url_request/url_request_throttler_entry.cc
@@ -48,12 +48,12 @@ const int URLRequestThrottlerEntry::kDefaultMaximumBackoffMs = 15 * 60 * 1000;
 const int URLRequestThrottlerEntry::kDefaultEntryLifetimeMs = 2 * 60 * 1000;
 
 // Returns NetLog parameters when a request is rejected by throttling.
-scoped_ptr<base::Value> NetLogRejectedRequestCallback(
+std::unique_ptr<base::Value> NetLogRejectedRequestCallback(
     const std::string* url_id,
     int num_failures,
     const base::TimeDelta& release_after,
     NetLogCaptureMode /* capture_mode */) {
-  scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
   dict->SetString("url", *url_id);
   dict->SetInteger("num_failures", num_failures);
   dict->SetInteger("release_after_ms",
diff --git a/chromium/net/url_request/url_request_throttler_simulation_unittest.cc b/chromium/net/url_request/url_request_throttler_simulation_unittest.cc
index d5ef39a13fc..a4465d2c86e 100644
--- a/chromium/net/url_request/url_request_throttler_simulation_unittest.cc
+++ b/chromium/net/url_request/url_request_throttler_simulation_unittest.cc
@@ -14,11 +14,11 @@
 
 #include <cmath>
 #include <limits>
+#include <memory>
 #include <vector>
 
 #include "base/environment.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/rand_util.h"
 #include "base/time/time.h"
 #include "net/base/request_priority.h"
@@ -47,7 +47,7 @@ void VerboseOut(const char* format, ...) {
   static bool should_print = false;
   if (!have_checked_environment) {
     have_checked_environment = true;
-    scoped_ptr<base::Environment> env(base::Environment::Create());
+    std::unique_ptr<base::Environment> env(base::Environment::Create());
     if (env->HasVar(kShowSimulationVariableName))
       should_print = true;
   }
@@ -222,7 +222,7 @@ class Server : public DiscreteTimeSimulation::Actor {
     if (num_ticks % ticks_per_column)
       ++num_columns;
     DCHECK_LE(num_columns, terminal_width);
-    scoped_ptr<int[]> columns(new int[num_columns]);
+    std::unique_ptr<int[]> columns(new int[num_columns]);
     for (int tx = 0; tx < num_ticks; ++tx) {
       int cx = tx / ticks_per_column;
       if (tx % ticks_per_column == 0)
@@ -293,7 +293,7 @@ class Server : public DiscreteTimeSimulation::Actor {
   std::vector<int> requests_per_tick_;
 
   TestURLRequestContext context_;
-  scoped_ptr<URLRequest> mock_request_;
+  std::unique_ptr<URLRequest> mock_request_;
 
   DISALLOW_COPY_AND_ASSIGN(Server);
 };
@@ -489,7 +489,7 @@ void SimulateAttack(Server* server,
   const size_t kNumClients = 50;
   DiscreteTimeSimulation simulation;
   URLRequestThrottlerManager manager;
-  std::vector<scoped_ptr<Requester>> requesters;
+  std::vector<std::unique_ptr<Requester>> requesters;
   for (size_t i = 0; i < kNumAttackers; ++i) {
     // Use a tiny time_between_requests so the attackers will ping the
     // server at every tick of the simulation.
@@ -498,9 +498,9 @@ void SimulateAttack(Server* server,
     if (!enable_throttling)
       throttler_entry->DisableBackoffThrottling();
 
-    scoped_ptr<Requester> attacker(new Requester(throttler_entry.get(),
-                                                 TimeDelta::FromMilliseconds(1),
-                                                 server, attacker_results));
+    std::unique_ptr<Requester> attacker(
+        new Requester(throttler_entry.get(), TimeDelta::FromMilliseconds(1),
+                      server, attacker_results));
     attacker->SetStartupJitter(TimeDelta::FromSeconds(120));
     simulation.AddActor(attacker.get());
     requesters.push_back(std::move(attacker));
@@ -512,9 +512,9 @@ void SimulateAttack(Server* server,
     if (!enable_throttling)
       throttler_entry->DisableBackoffThrottling();
 
-    scoped_ptr<Requester> client(new Requester(throttler_entry.get(),
-                                               TimeDelta::FromMinutes(2),
-                                               server, client_results));
+    std::unique_ptr<Requester> client(new Requester(throttler_entry.get(),
+                                                    TimeDelta::FromMinutes(2),
+                                                    server, client_results));
     client->SetStartupJitter(TimeDelta::FromSeconds(120));
     client->SetRequestJitter(TimeDelta::FromMinutes(1));
     simulation.AddActor(client.get());
diff --git a/chromium/net/url_request/url_request_throttler_unittest.cc b/chromium/net/url_request/url_request_throttler_unittest.cc
index 9fe582a341f..beb443d7112 100644
--- a/chromium/net/url_request/url_request_throttler_unittest.cc
+++ b/chromium/net/url_request/url_request_throttler_unittest.cc
@@ -2,9 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "net/url_request/url_request_throttler_manager.h"
+#include <memory>
 
-#include "base/memory/scoped_ptr.h"
 #include "base/metrics/histogram_samples.h"
 #include "base/pickle.h"
 #include "base/stl_util.h"
@@ -18,6 +17,7 @@
 #include "net/url_request/url_request.h"
 #include "net/url_request/url_request_context.h"
 #include "net/url_request/url_request_test_util.h"
+#include "net/url_request/url_request_throttler_manager.h"
 #include "net/url_request/url_request_throttler_test_support.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
@@ -174,7 +174,7 @@ class URLRequestThrottlerEntryTest : public testing::Test {
   scoped_refptr<MockURLRequestThrottlerEntry> entry_;
 
   TestURLRequestContext context_;
-  scoped_ptr<URLRequest> request_;
+  std::unique_ptr<URLRequest> request_;
 };
 
 void URLRequestThrottlerEntryTest::SetUp() {
@@ -355,7 +355,7 @@ class URLRequestThrottlerManagerTest : public testing::Test {
 
   // context_ must be declared before request_.
   TestURLRequestContext context_;
-  scoped_ptr<URLRequest> request_;
+  std::unique_ptr<URLRequest> request_;
 };
 
 TEST_F(URLRequestThrottlerManagerTest, IsUrlStandardised) {
diff --git a/chromium/net/url_request/url_request_unittest.cc b/chromium/net/url_request/url_request_unittest.cc
index 620d8b81cb4..80b8fcd56d6 100644
--- a/chromium/net/url_request/url_request_unittest.cc
+++ b/chromium/net/url_request/url_request_unittest.cc
@@ -2,8 +2,10 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include <memory>
 #include <utility>
 
+#include "base/memory/ptr_util.h"
 #include "build/build_config.h"
 
 #if defined(OS_WIN)
@@ -26,7 +28,6 @@
 #include "base/json/json_reader.h"
 #include "base/location.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "base/message_loop/message_loop.h"
 #include "base/path_service.h"
@@ -41,12 +42,11 @@
 #include "base/strings/stringprintf.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/test/histogram_tester.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/values.h"
 #include "net/base/chunked_upload_data_stream.h"
 #include "net/base/directory_listing.h"
 #include "net/base/elements_upload_data_stream.h"
-#include "net/base/external_estimate_provider.h"
 #include "net/base/load_flags.h"
 #include "net/base/load_timing_info.h"
 #include "net/base/load_timing_info_test_util.h"
@@ -80,6 +80,7 @@
 #include "net/log/test_net_log.h"
 #include "net/log/test_net_log_entry.h"
 #include "net/log/test_net_log_util.h"
+#include "net/nqe/external_estimate_provider.h"
 #include "net/proxy/proxy_service.h"
 #include "net/socket/ssl_client_socket.h"
 #include "net/ssl/channel_id_service.h"
@@ -321,8 +322,8 @@ bool ContainsString(const std::string& haystack, const char* needle) {
   return it != haystack.end();
 }
 
-scoped_ptr<UploadDataStream> CreateSimpleUploadData(const char* data) {
-  scoped_ptr<UploadElementReader> reader(
+std::unique_ptr<UploadDataStream> CreateSimpleUploadData(const char* data) {
+  std::unique_ptr<UploadElementReader> reader(
       new UploadBytesElementReader(data, strlen(data)));
   return ElementsUploadDataStream::CreateWithReader(std::move(reader), 0);
 }
@@ -349,22 +350,6 @@ void CheckFullRequestHeaders(const HttpRequestHeaders& headers,
   EXPECT_EQ("keep-alive", sent_value);
 }
 
-#if !defined(OS_IOS)
-bool FingerprintsEqual(const HashValueVector& a, const HashValueVector& b) {
-  size_t size = a.size();
-
-  if (size != b.size())
-    return false;
-
-  for (size_t i = 0; i < size; ++i) {
-    if (!a[i].Equals(b[i]))
-      return false;
-  }
-
-  return true;
-}
-#endif  // !defined(OS_IOS)
-
 // A network delegate that allows the user to choose a subset of request stages
 // to block in. When blocking, the delegate can do one of the following:
 //  * synchronously return a pre-specified error code, or
@@ -732,10 +717,10 @@ class URLRequestTest : public PlatformTest {
 
   virtual void SetUpFactory() {
     job_factory_impl_->SetProtocolHandler(
-        "data", make_scoped_ptr(new DataProtocolHandler));
+        "data", base::WrapUnique(new DataProtocolHandler));
 #if !defined(DISABLE_FILE_SUPPORT)
     job_factory_impl_->SetProtocolHandler(
-        "file", make_scoped_ptr(new FileProtocolHandler(
+        "file", base::WrapUnique(new FileProtocolHandler(
                     base::ThreadTaskRunnerHandle::Get())));
 #endif
   }
@@ -754,7 +739,7 @@ class URLRequestTest : public PlatformTest {
     TestJobInterceptor* protocol_handler_ = new TestJobInterceptor();
     job_factory_impl_->SetProtocolHandler("http", nullptr);
     job_factory_impl_->SetProtocolHandler("http",
-                                          make_scoped_ptr(protocol_handler_));
+                                          base::WrapUnique(protocol_handler_));
     return protocol_handler_;
   }
 
@@ -762,14 +747,14 @@ class URLRequestTest : public PlatformTest {
   TestNetLog net_log_;
   TestNetworkDelegate default_network_delegate_;  // Must outlive URLRequest.
   URLRequestJobFactoryImpl* job_factory_impl_;
-  scoped_ptr<URLRequestJobFactory> job_factory_;
+  std::unique_ptr<URLRequestJobFactory> job_factory_;
   TestURLRequestContext default_context_;
 };
 
 TEST_F(URLRequestTest, AboutBlankTest) {
   TestDelegate d;
   {
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         GURL("about:blank"), DEFAULT_PRIORITY, &d));
 
     r->Start();
@@ -792,28 +777,27 @@ TEST_F(URLRequestTest, DataURLImageTest) {
   TestDelegate d;
   {
     // Use our nice little Chrome logo.
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
-        GURL(
-            "data:image/png;base64,"
-            "iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAADVklEQVQ4jX2TfUwUB"
-            "BjG3w1y+HGcd9dxhXR8T4awOccJGgOSWclHImznLkTlSw0DDQXkrmgYgbUYnlQTqQ"
-            "xIEVxitD5UMCATRA1CEEg+Qjw3bWDxIauJv/5oumqs39/P827vnucRmYN0gyF01GI"
-            "5MpCVdW0gO7tvNC+vqSEtbZefk5NuLv1jdJ46p/zw0HeH4+PHr3h7c1mjoV2t5rKz"
-            "Mx1+fg9bAgK6zHq9cU5z+LpA3xOtx34+vTeT21onRuzssC3zxbbSwC13d/pFuC7Ck"
-            "IMDxQpF7r/MWq12UctI1dWWm99ypqSYmRUBdKem8MkrO/kgaTt1O7YzlpzE5GIVd0"
-            "WYUqt57yWf2McHTObYPbVD+ZwbtlLTVMZ3BW+TnLyXLaWtmEq6WJVbT3HBh3Svj2H"
-            "QQcm43XwmtoYM6vVKleh0uoWvnzW3v3MpidruPTQPf0bia7sJOtBM0ufTWNvus/nk"
-            "DFHF9ZS+uYVjRUasMeHUmyLYtcklTvzWGFZnNOXczThvpKIzjcahSqIzkvDLayDq6"
-            "D3eOjtBbNUEIZYyqsvj4V4wY92eNJ4IoyhTbxXX1T5xsV9tm9r4TQwHLiZw/pdDZJ"
-            "ea8TKmsmR/K0uLh/GwnCHghTja6lPhphezPfO5/5MrVvMzNaI3+ERHfrFzPKQukrQ"
-            "GI4d/3EFD/3E2mVNYvi4at7CXWREaxZGD+3hg28zD3gVMd6q5c8GdosynKmSeRuGz"
-            "pjyl1/9UDGtPR5HeaKT8Wjo17WXk579BXVUhN64ehF9fhRtq/uxxZKzNiZFGD0wRC"
-            "3NFROZ5mwIPL/96K/rKMMLrIzF9uhHr+/sYH7DAbwlgC4J+R2Z7FUx1qLnV7MGF40"
-            "smVSoJ/jvHRfYhQeUJd/SnYtGWhPHR0Sz+GE2F2yth0B36Vcz2KpnufBJbsysjjW4"
-            "kblBUiIjiURUWqJY65zxbnTy57GQyH58zgy0QBtTQv5gH15XMdKkYu+TGaJMnlm2O"
-            "34uI4b9tflqp1+QEFGzoW/ulmcofcpkZCYJhDfSpme7QcrHa+Xfji8paEQkTkSfmm"
-            "oRWRNZr/F1KfVMjW+IKEnv2FwZfKdzt0BQR6lClcZR0EfEXEfv/G6W9iLiIyCoReV"
-            "5EnhORIBHx+ufPj/gLB/zGI/G4Bk0AAAAASUVORK5CYII="),
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
+        GURL("data:image/png;base64,"
+             "iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAADVklEQVQ4jX2TfUwUB"
+             "BjG3w1y+HGcd9dxhXR8T4awOccJGgOSWclHImznLkTlSw0DDQXkrmgYgbUYnlQTqQ"
+             "xIEVxitD5UMCATRA1CEEg+Qjw3bWDxIauJv/5oumqs39/P827vnucRmYN0gyF01GI"
+             "5MpCVdW0gO7tvNC+vqSEtbZefk5NuLv1jdJ46p/zw0HeH4+PHr3h7c1mjoV2t5rKz"
+             "Mx1+fg9bAgK6zHq9cU5z+LpA3xOtx34+vTeT21onRuzssC3zxbbSwC13d/pFuC7Ck"
+             "IMDxQpF7r/MWq12UctI1dWWm99ypqSYmRUBdKem8MkrO/kgaTt1O7YzlpzE5GIVd0"
+             "WYUqt57yWf2McHTObYPbVD+ZwbtlLTVMZ3BW+TnLyXLaWtmEq6WJVbT3HBh3Svj2H"
+             "QQcm43XwmtoYM6vVKleh0uoWvnzW3v3MpidruPTQPf0bia7sJOtBM0ufTWNvus/nk"
+             "DFHF9ZS+uYVjRUasMeHUmyLYtcklTvzWGFZnNOXczThvpKIzjcahSqIzkvDLayDq6"
+             "D3eOjtBbNUEIZYyqsvj4V4wY92eNJ4IoyhTbxXX1T5xsV9tm9r4TQwHLiZw/pdDZJ"
+             "ea8TKmsmR/K0uLh/GwnCHghTja6lPhphezPfO5/5MrVvMzNaI3+ERHfrFzPKQukrQ"
+             "GI4d/3EFD/3E2mVNYvi4at7CXWREaxZGD+3hg28zD3gVMd6q5c8GdosynKmSeRuGz"
+             "pjyl1/9UDGtPR5HeaKT8Wjo17WXk579BXVUhN64ehF9fhRtq/uxxZKzNiZFGD0wRC"
+             "3NFROZ5mwIPL/96K/rKMMLrIzF9uhHr+/sYH7DAbwlgC4J+R2Z7FUx1qLnV7MGF40"
+             "smVSoJ/jvHRfYhQeUJd/SnYtGWhPHR0Sz+GE2F2yth0B36Vcz2KpnufBJbsysjjW4"
+             "kblBUiIjiURUWqJY65zxbnTy57GQyH58zgy0QBtTQv5gH15XMdKkYu+TGaJMnlm2O"
+             "34uI4b9tflqp1+QEFGzoW/ulmcofcpkZCYJhDfSpme7QcrHa+Xfji8paEQkTkSfmm"
+             "oRWRNZr/F1KfVMjW+IKEnv2FwZfKdzt0BQR6lClcZR0EfEXEfv/G6W9iLiIyCoReV"
+             "5EnhORIBHx+ufPj/gLB/zGI/G4Bk0AAAAASUVORK5CYII="),
         DEFAULT_PRIORITY, &d));
 
     r->Start();
@@ -848,7 +832,7 @@ TEST_F(URLRequestTest, FileTest) {
 
   TestDelegate d;
   {
-    scoped_ptr<URLRequest> r(
+    std::unique_ptr<URLRequest> r(
         default_context_.CreateRequest(app_url, DEFAULT_PRIORITY, &d));
 
     r->Start();
@@ -878,7 +862,7 @@ TEST_F(URLRequestTest, FileTestCancel) {
 
   TestDelegate d;
   {
-    scoped_ptr<URLRequest> r(
+    std::unique_ptr<URLRequest> r(
         default_context_.CreateRequest(app_url, DEFAULT_PRIORITY, &d));
 
     r->Start();
@@ -892,7 +876,7 @@ TEST_F(URLRequestTest, FileTestCancel) {
 
 TEST_F(URLRequestTest, FileTestFullSpecifiedRange) {
   const size_t buffer_size = 4000;
-  scoped_ptr<char[]> buffer(new char[buffer_size]);
+  std::unique_ptr<char[]> buffer(new char[buffer_size]);
   FillBuffer(buffer.get(), buffer_size);
 
   base::FilePath temp_path;
@@ -911,7 +895,7 @@ TEST_F(URLRequestTest, FileTestFullSpecifiedRange) {
 
   TestDelegate d;
   {
-    scoped_ptr<URLRequest> r(
+    std::unique_ptr<URLRequest> r(
         default_context_.CreateRequest(temp_url, DEFAULT_PRIORITY, &d));
 
     HttpRequestHeaders headers;
@@ -937,7 +921,7 @@ TEST_F(URLRequestTest, FileTestFullSpecifiedRange) {
 
 TEST_F(URLRequestTest, FileTestHalfSpecifiedRange) {
   const size_t buffer_size = 4000;
-  scoped_ptr<char[]> buffer(new char[buffer_size]);
+  std::unique_ptr<char[]> buffer(new char[buffer_size]);
   FillBuffer(buffer.get(), buffer_size);
 
   base::FilePath temp_path;
@@ -956,7 +940,7 @@ TEST_F(URLRequestTest, FileTestHalfSpecifiedRange) {
 
   TestDelegate d;
   {
-    scoped_ptr<URLRequest> r(
+    std::unique_ptr<URLRequest> r(
         default_context_.CreateRequest(temp_url, DEFAULT_PRIORITY, &d));
 
     HttpRequestHeaders headers;
@@ -981,7 +965,7 @@ TEST_F(URLRequestTest, FileTestHalfSpecifiedRange) {
 
 TEST_F(URLRequestTest, FileTestMultipleRanges) {
   const size_t buffer_size = 400000;
-  scoped_ptr<char[]> buffer(new char[buffer_size]);
+  std::unique_ptr<char[]> buffer(new char[buffer_size]);
   FillBuffer(buffer.get(), buffer_size);
 
   base::FilePath temp_path;
@@ -994,7 +978,7 @@ TEST_F(URLRequestTest, FileTestMultipleRanges) {
 
   TestDelegate d;
   {
-    scoped_ptr<URLRequest> r(
+    std::unique_ptr<URLRequest> r(
         default_context_.CreateRequest(temp_url, DEFAULT_PRIORITY, &d));
 
     HttpRequestHeaders headers;
@@ -1024,7 +1008,7 @@ TEST_F(URLRequestTest, AllowFileURLs) {
     TestNetworkDelegate network_delegate;
     network_delegate.set_can_access_files(true);
     default_context_.set_network_delegate(&network_delegate);
-    scoped_ptr<URLRequest> r(
+    std::unique_ptr<URLRequest> r(
         default_context_.CreateRequest(test_file_url, DEFAULT_PRIORITY, &d));
     r->Start();
     base::RunLoop().Run();
@@ -1037,7 +1021,7 @@ TEST_F(URLRequestTest, AllowFileURLs) {
     TestNetworkDelegate network_delegate;
     network_delegate.set_can_access_files(false);
     default_context_.set_network_delegate(&network_delegate);
-    scoped_ptr<URLRequest> r(
+    std::unique_ptr<URLRequest> r(
         default_context_.CreateRequest(test_file_url, DEFAULT_PRIORITY, &d));
     r->Start();
     base::RunLoop().Run();
@@ -1058,7 +1042,7 @@ TEST_F(URLRequestTest, FileDirCancelTest) {
     file_path = file_path.Append(FILE_PATH_LITERAL("net"));
     file_path = file_path.Append(FILE_PATH_LITERAL("data"));
 
-    scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
         FilePathToFileURL(file_path), DEFAULT_PRIORITY, &d));
     req->Start();
     EXPECT_TRUE(req->is_pending());
@@ -1083,7 +1067,7 @@ TEST_F(URLRequestTest, FileDirOutputSanity) {
   path = path.Append(kTestFilePath);
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+  std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
       FilePathToFileURL(path), DEFAULT_PRIORITY, &d));
   req->Start();
   base::RunLoop().Run();
@@ -1118,7 +1102,7 @@ TEST_F(URLRequestTest, FileDirRedirectNoCrash) {
   path = path.Append(kTestFilePath);
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+  std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
       FilePathToFileURL(path), DEFAULT_PRIORITY, &d));
   req->Start();
   base::RunLoop().Run();
@@ -1133,7 +1117,7 @@ TEST_F(URLRequestTest, FileDirRedirectNoCrash) {
 // Don't accept the url "file:///" on windows. See http://crbug.com/1474.
 TEST_F(URLRequestTest, FileDirRedirectSingleSlash) {
   TestDelegate d;
-  scoped_ptr<URLRequest> req(
+  std::unique_ptr<URLRequest> req(
       default_context_.CreateRequest(GURL("file:///"), DEFAULT_PRIORITY, &d));
   req->Start();
   base::RunLoop().Run();
@@ -1148,7 +1132,7 @@ TEST_F(URLRequestTest, FileDirRedirectSingleSlash) {
 TEST_F(URLRequestTest, InvalidUrlTest) {
   TestDelegate d;
   {
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         GURL("invalid url"), DEFAULT_PRIORITY, &d));
 
     r->Start();
@@ -1165,7 +1149,7 @@ TEST_F(URLRequestTest, InvalidReferrerTest) {
   network_delegate.set_cancel_request_with_policy_violating_referrer(true);
   context.set_network_delegate(&network_delegate);
   TestDelegate d;
-  scoped_ptr<URLRequest> req(
+  std::unique_ptr<URLRequest> req(
       context.CreateRequest(GURL("http://localhost/"), DEFAULT_PRIORITY, &d));
   req->SetReferrer("https://somewhere.com/");
 
@@ -1199,7 +1183,7 @@ TEST_F(URLRequestTest, ResolveShortcutTest) {
 
   TestDelegate d;
   {
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         FilePathToFileURL(base::FilePath(lnk_path)), DEFAULT_PRIORITY, &d));
 
     r->Start();
@@ -1214,7 +1198,7 @@ TEST_F(URLRequestTest, ResolveShortcutTest) {
                              FILE_SHARE_READ, NULL, OPEN_EXISTING,
                              FILE_ATTRIBUTE_NORMAL, NULL);
     EXPECT_NE(INVALID_HANDLE_VALUE, file);
-    scoped_ptr<char[]> buffer(new char[data.nFileSizeLow]);
+    std::unique_ptr<char[]> buffer(new char[data.nFileSizeLow]);
     DWORD read_size;
     BOOL result;
     result = ReadFile(file, buffer.get(), data.nFileSizeLow,
@@ -1566,7 +1550,7 @@ class URLRequestInterceptorTest : public URLRequestTest {
   void SetUpFactory() override {
     interceptor_ = new MockURLRequestInterceptor();
     job_factory_.reset(new URLRequestInterceptingJobFactory(
-        std::move(job_factory_), make_scoped_ptr(interceptor_)));
+        std::move(job_factory_), base::WrapUnique(interceptor_)));
   }
 
   MockURLRequestInterceptor* interceptor() const {
@@ -1583,7 +1567,7 @@ TEST_F(URLRequestInterceptorTest, Intercept) {
   interceptor()->set_main_headers(MockURLRequestInterceptor::ok_headers());
   interceptor()->set_main_data(MockURLRequestInterceptor::ok_data());
   TestDelegate d;
-  scoped_ptr<URLRequest> req(default_context().CreateRequest(
+  std::unique_ptr<URLRequest> req(default_context().CreateRequest(
       GURL("http://test_intercept/foo"), DEFAULT_PRIORITY, &d));
   base::SupportsUserData::Data* user_data0 = new base::SupportsUserData::Data();
   base::SupportsUserData::Data* user_data1 = new base::SupportsUserData::Data();
@@ -1621,7 +1605,7 @@ TEST_F(URLRequestInterceptorTest, InterceptRedirect) {
   interceptor()->set_redirect_data(MockURLRequestInterceptor::ok_data());
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(default_context().CreateRequest(
+  std::unique_ptr<URLRequest> req(default_context().CreateRequest(
       GURL("http://test_intercept/foo"), DEFAULT_PRIORITY, &d));
   req->set_method("GET");
   req->Start();
@@ -1653,7 +1637,7 @@ TEST_F(URLRequestInterceptorTest, InterceptServerError) {
   interceptor()->set_final_data(MockURLRequestInterceptor::ok_data());
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(default_context().CreateRequest(
+  std::unique_ptr<URLRequest> req(default_context().CreateRequest(
       GURL("http://test_intercept/foo"), DEFAULT_PRIORITY, &d));
   req->set_method("GET");
   req->Start();
@@ -1681,7 +1665,7 @@ TEST_F(URLRequestInterceptorTest, InterceptNetworkError) {
   interceptor()->set_final_data(MockURLRequestInterceptor::ok_data());
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(default_context().CreateRequest(
+  std::unique_ptr<URLRequest> req(default_context().CreateRequest(
       GURL("http://test_intercept/foo"), DEFAULT_PRIORITY, &d));
   req->set_method("GET");
   req->Start();
@@ -1709,7 +1693,7 @@ TEST_F(URLRequestInterceptorTest, InterceptRestartRequired) {
   interceptor()->set_main_data(MockURLRequestInterceptor::ok_data());
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(default_context().CreateRequest(
+  std::unique_ptr<URLRequest> req(default_context().CreateRequest(
       GURL("http://test_intercept/foo"), DEFAULT_PRIORITY, &d));
   req->set_method("GET");
   req->Start();
@@ -1739,7 +1723,7 @@ TEST_F(URLRequestInterceptorTest, InterceptRespectsCancelMain) {
   interceptor()->set_final_data(MockURLRequestInterceptor::ok_data());
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(default_context().CreateRequest(
+  std::unique_ptr<URLRequest> req(default_context().CreateRequest(
       GURL("http://test_intercept/foo"), DEFAULT_PRIORITY, &d));
   req->set_method("GET");
   req->Start();
@@ -1770,7 +1754,7 @@ TEST_F(URLRequestInterceptorTest, InterceptRespectsCancelRedirect) {
   interceptor()->set_final_data(MockURLRequestInterceptor::ok_data());
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(default_context().CreateRequest(
+  std::unique_ptr<URLRequest> req(default_context().CreateRequest(
       GURL("http://test_intercept/foo"), DEFAULT_PRIORITY, &d));
   req->set_method("GET");
   req->Start();
@@ -1794,7 +1778,7 @@ TEST_F(URLRequestInterceptorTest, InterceptRespectsCancelFinal) {
   interceptor()->set_cancel_final_request(true);
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(default_context().CreateRequest(
+  std::unique_ptr<URLRequest> req(default_context().CreateRequest(
       GURL("http://test_intercept/foo"), DEFAULT_PRIORITY, &d));
   req->set_method("GET");
   req->Start();
@@ -1819,7 +1803,7 @@ TEST_F(URLRequestInterceptorTest, InterceptRespectsCancelInRestart) {
   interceptor()->set_final_data(MockURLRequestInterceptor::ok_data());
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(default_context().CreateRequest(
+  std::unique_ptr<URLRequest> req(default_context().CreateRequest(
       GURL("http://test_intercept/foo"), DEFAULT_PRIORITY, &d));
   req->set_method("GET");
   req->Start();
@@ -1891,7 +1875,7 @@ LoadTimingInfo RunURLRequestInterceptorLoadTimingTest(
   interceptor->set_intercept_main_request(true);
   interceptor->set_main_request_load_timing_info(job_load_timing);
   TestDelegate d;
-  scoped_ptr<URLRequest> req(context.CreateRequest(
+  std::unique_ptr<URLRequest> req(context.CreateRequest(
       GURL("http://test_intercept/foo"), DEFAULT_PRIORITY, &d));
   req->Start();
   base::RunLoop().Run();
@@ -1906,6 +1890,8 @@ LoadTimingInfo RunURLRequestInterceptorLoadTimingTest(
   EXPECT_EQ(job_load_timing.send_end, resulting_load_timing.send_end);
   EXPECT_EQ(job_load_timing.receive_headers_end,
             resulting_load_timing.receive_headers_end);
+  EXPECT_EQ(job_load_timing.push_start, resulting_load_timing.push_start);
+  EXPECT_EQ(job_load_timing.push_end, resulting_load_timing.push_end);
 
   return resulting_load_timing;
 }
@@ -2108,9 +2094,9 @@ TEST_F(URLRequestInterceptorTest, InterceptLoadTimingEarlyConnectWithProxy) {
 TEST_F(URLRequestTest, Identifiers) {
   TestDelegate d;
   TestURLRequestContext context;
-  scoped_ptr<URLRequest> req(
+  std::unique_ptr<URLRequest> req(
       context.CreateRequest(GURL("http://example.com"), DEFAULT_PRIORITY, &d));
-  scoped_ptr<URLRequest> other_req(
+  std::unique_ptr<URLRequest> other_req(
       context.CreateRequest(GURL("http://example.com"), DEFAULT_PRIORITY, &d));
 
   ASSERT_NE(req->identifier(), other_req->identifier());
@@ -2131,7 +2117,7 @@ TEST_F(URLRequestTest, MAYBE_NetworkDelegateProxyError) {
   TestURLRequestContextWithProxy context("myproxy:70", &network_delegate);
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(
+  std::unique_ptr<URLRequest> req(
       context.CreateRequest(GURL("http://example.com"), DEFAULT_PRIORITY, &d));
   req->set_method("GET");
 
@@ -2154,7 +2140,7 @@ TEST_F(URLRequestTest, MAYBE_NetworkDelegateProxyError) {
 // content is empty.
 TEST_F(URLRequestTest, RequestCompletionForEmptyResponse) {
   TestDelegate d;
-  scoped_ptr<URLRequest> req(
+  std::unique_ptr<URLRequest> req(
       default_context_.CreateRequest(GURL("data:,"), DEFAULT_PRIORITY, &d));
   req->Start();
   base::RunLoop().Run();
@@ -2166,7 +2152,7 @@ TEST_F(URLRequestTest, RequestCompletionForEmptyResponse) {
 // correctly, both before and after start.
 TEST_F(URLRequestTest, SetPriorityBasic) {
   TestDelegate d;
-  scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+  std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
       GURL("http://test_intercept/foo"), DEFAULT_PRIORITY, &d));
   EXPECT_EQ(DEFAULT_PRIORITY, req->priority());
 
@@ -2184,12 +2170,12 @@ TEST_F(URLRequestTest, SetPriorityBasic) {
 // Start on it.
 TEST_F(URLRequestTest, SetJobPriorityBeforeJobStart) {
   TestDelegate d;
-  scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+  std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
       GURL("http://test_intercept/foo"), DEFAULT_PRIORITY, &d));
   EXPECT_EQ(DEFAULT_PRIORITY, req->priority());
 
   RequestPriority job_priority;
-  scoped_ptr<URLRequestJob> job(new PriorityMonitoringURLRequestJob(
+  std::unique_ptr<URLRequestJob> job(new PriorityMonitoringURLRequestJob(
       req.get(), &default_network_delegate_, &job_priority));
   AddTestInterceptor()->set_main_intercept_job(std::move(job));
   EXPECT_EQ(DEFAULT_PRIORITY, job_priority);
@@ -2204,11 +2190,11 @@ TEST_F(URLRequestTest, SetJobPriorityBeforeJobStart) {
 // job.
 TEST_F(URLRequestTest, SetJobPriority) {
   TestDelegate d;
-  scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+  std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
       GURL("http://test_intercept/foo"), DEFAULT_PRIORITY, &d));
 
   RequestPriority job_priority;
-  scoped_ptr<URLRequestJob> job(new PriorityMonitoringURLRequestJob(
+  std::unique_ptr<URLRequestJob> job(new PriorityMonitoringURLRequestJob(
       req.get(), &default_network_delegate_, &job_priority));
   AddTestInterceptor()->set_main_intercept_job(std::move(job));
 
@@ -2225,12 +2211,12 @@ TEST_F(URLRequestTest, SetJobPriority) {
 // is MAXIMUM_PRIORITY.
 TEST_F(URLRequestTest, PriorityIgnoreLimits) {
   TestDelegate d;
-  scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+  std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
       GURL("http://test_intercept/foo"), MAXIMUM_PRIORITY, &d));
   EXPECT_EQ(MAXIMUM_PRIORITY, req->priority());
 
   RequestPriority job_priority;
-  scoped_ptr<URLRequestJob> job(new PriorityMonitoringURLRequestJob(
+  std::unique_ptr<URLRequestJob> job(new PriorityMonitoringURLRequestJob(
       req.get(), &default_network_delegate_, &job_priority));
   AddTestInterceptor()->set_main_intercept_job(std::move(job));
 
@@ -2264,7 +2250,7 @@ TEST_F(URLRequestTest, DelayedCookieCallback) {
   ASSERT_TRUE(test_server.Start());
 
   TestURLRequestContext context;
-  scoped_ptr<DelayedCookieMonster> delayed_cm(new DelayedCookieMonster());
+  std::unique_ptr<DelayedCookieMonster> delayed_cm(new DelayedCookieMonster());
   context.set_cookie_store(delayed_cm.get());
 
   // Set up a cookie.
@@ -2272,7 +2258,7 @@ TEST_F(URLRequestTest, DelayedCookieCallback) {
     TestNetworkDelegate network_delegate;
     context.set_network_delegate(&network_delegate);
     TestDelegate d;
-    scoped_ptr<URLRequest> req(context.CreateRequest(
+    std::unique_ptr<URLRequest> req(context.CreateRequest(
         test_server.GetURL("/set-cookie?CookieToNotSend=1"), DEFAULT_PRIORITY,
         &d));
     req->Start();
@@ -2287,7 +2273,7 @@ TEST_F(URLRequestTest, DelayedCookieCallback) {
     TestNetworkDelegate network_delegate;
     context.set_network_delegate(&network_delegate);
     TestDelegate d;
-    scoped_ptr<URLRequest> req(context.CreateRequest(
+    std::unique_ptr<URLRequest> req(context.CreateRequest(
         test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d));
     req->Start();
     base::RunLoop().Run();
@@ -2308,7 +2294,7 @@ TEST_F(URLRequestTest, DoNotSendCookies) {
     TestNetworkDelegate network_delegate;
     default_context_.set_network_delegate(&network_delegate);
     TestDelegate d;
-    scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
         test_server.GetURL("/set-cookie?CookieToNotSend=1"), DEFAULT_PRIORITY,
         &d));
     req->Start();
@@ -2322,7 +2308,7 @@ TEST_F(URLRequestTest, DoNotSendCookies) {
     TestNetworkDelegate network_delegate;
     default_context_.set_network_delegate(&network_delegate);
     TestDelegate d;
-    scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
         test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d));
     req->Start();
     base::RunLoop().Run();
@@ -2338,7 +2324,7 @@ TEST_F(URLRequestTest, DoNotSendCookies) {
     TestNetworkDelegate network_delegate;
     default_context_.set_network_delegate(&network_delegate);
     TestDelegate d;
-    scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
         test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d));
     req->SetLoadFlags(LOAD_DO_NOT_SEND_COOKIES);
     req->Start();
@@ -2362,7 +2348,7 @@ TEST_F(URLRequestTest, DoNotSaveCookies) {
     TestNetworkDelegate network_delegate;
     default_context_.set_network_delegate(&network_delegate);
     TestDelegate d;
-    scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
         test_server.GetURL("/set-cookie?CookieToNotUpdate=2"), DEFAULT_PRIORITY,
         &d));
     req->Start();
@@ -2378,7 +2364,7 @@ TEST_F(URLRequestTest, DoNotSaveCookies) {
     TestNetworkDelegate network_delegate;
     default_context_.set_network_delegate(&network_delegate);
     TestDelegate d;
-    scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
         test_server.GetURL("/set-cookie?CookieToNotSave=1&CookieToNotUpdate=1"),
         DEFAULT_PRIORITY, &d));
     req->SetLoadFlags(LOAD_DO_NOT_SAVE_COOKIES);
@@ -2397,7 +2383,7 @@ TEST_F(URLRequestTest, DoNotSaveCookies) {
     TestNetworkDelegate network_delegate;
     default_context_.set_network_delegate(&network_delegate);
     TestDelegate d;
-    scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
         test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d));
     req->Start();
     base::RunLoop().Run();
@@ -2422,7 +2408,7 @@ TEST_F(URLRequestTest, DoNotSendCookies_ViaPolicy) {
     TestNetworkDelegate network_delegate;
     default_context_.set_network_delegate(&network_delegate);
     TestDelegate d;
-    scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
         test_server.GetURL("/set-cookie?CookieToNotSend=1"), DEFAULT_PRIORITY,
         &d));
     req->Start();
@@ -2437,7 +2423,7 @@ TEST_F(URLRequestTest, DoNotSendCookies_ViaPolicy) {
     TestNetworkDelegate network_delegate;
     default_context_.set_network_delegate(&network_delegate);
     TestDelegate d;
-    scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
         test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d));
     req->Start();
     base::RunLoop().Run();
@@ -2455,7 +2441,7 @@ TEST_F(URLRequestTest, DoNotSendCookies_ViaPolicy) {
     default_context_.set_network_delegate(&network_delegate);
     TestDelegate d;
     network_delegate.set_cookie_options(TestNetworkDelegate::NO_GET_COOKIES);
-    scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
         test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d));
     req->Start();
     base::RunLoop().Run();
@@ -2483,7 +2469,7 @@ TEST_F(URLRequestTest, DoNotSaveCookies_ViaPolicy) {
     TestNetworkDelegate network_delegate;
     default_context_.set_network_delegate(&network_delegate);
     TestDelegate d;
-    scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
         test_server.GetURL("/set-cookie?CookieToNotUpdate=2"), DEFAULT_PRIORITY,
         &d));
     req->Start();
@@ -2499,7 +2485,7 @@ TEST_F(URLRequestTest, DoNotSaveCookies_ViaPolicy) {
     default_context_.set_network_delegate(&network_delegate);
     TestDelegate d;
     network_delegate.set_cookie_options(TestNetworkDelegate::NO_SET_COOKIE);
-    scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
         test_server.GetURL("/set-cookie?CookieToNotSave=1&CookieToNotUpdate=1"),
         DEFAULT_PRIORITY, &d));
     req->Start();
@@ -2515,7 +2501,7 @@ TEST_F(URLRequestTest, DoNotSaveCookies_ViaPolicy) {
     TestNetworkDelegate network_delegate;
     default_context_.set_network_delegate(&network_delegate);
     TestDelegate d;
-    scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
         test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d));
     req->Start();
     base::RunLoop().Run();
@@ -2539,7 +2525,7 @@ TEST_F(URLRequestTest, DoNotSaveEmptyCookies) {
     TestNetworkDelegate network_delegate;
     default_context_.set_network_delegate(&network_delegate);
     TestDelegate d;
-    scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
         test_server.GetURL("/set-cookie"), DEFAULT_PRIORITY, &d));
     req->Start();
     base::RunLoop().Run();
@@ -2559,7 +2545,7 @@ TEST_F(URLRequestTest, DoNotSendCookies_ViaPolicy_Async) {
     TestNetworkDelegate network_delegate;
     default_context_.set_network_delegate(&network_delegate);
     TestDelegate d;
-    scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
         test_server.GetURL("/set-cookie?CookieToNotSend=1"), DEFAULT_PRIORITY,
         &d));
     req->Start();
@@ -2574,7 +2560,7 @@ TEST_F(URLRequestTest, DoNotSendCookies_ViaPolicy_Async) {
     TestNetworkDelegate network_delegate;
     default_context_.set_network_delegate(&network_delegate);
     TestDelegate d;
-    scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
         test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d));
     req->Start();
     base::RunLoop().Run();
@@ -2592,7 +2578,7 @@ TEST_F(URLRequestTest, DoNotSendCookies_ViaPolicy_Async) {
     default_context_.set_network_delegate(&network_delegate);
     TestDelegate d;
     network_delegate.set_cookie_options(TestNetworkDelegate::NO_GET_COOKIES);
-    scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
         test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d));
     req->Start();
     base::RunLoop().Run();
@@ -2614,7 +2600,7 @@ TEST_F(URLRequestTest, DoNotSaveCookies_ViaPolicy_Async) {
     TestNetworkDelegate network_delegate;
     default_context_.set_network_delegate(&network_delegate);
     TestDelegate d;
-    scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
         test_server.GetURL("/set-cookie?CookieToNotUpdate=2"), DEFAULT_PRIORITY,
         &d));
     req->Start();
@@ -2630,7 +2616,7 @@ TEST_F(URLRequestTest, DoNotSaveCookies_ViaPolicy_Async) {
     default_context_.set_network_delegate(&network_delegate);
     TestDelegate d;
     network_delegate.set_cookie_options(TestNetworkDelegate::NO_SET_COOKIE);
-    scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
         test_server.GetURL("/set-cookie?CookieToNotSave=1&CookieToNotUpdate=1"),
         DEFAULT_PRIORITY, &d));
     req->Start();
@@ -2646,7 +2632,7 @@ TEST_F(URLRequestTest, DoNotSaveCookies_ViaPolicy_Async) {
     TestNetworkDelegate network_delegate;
     default_context_.set_network_delegate(&network_delegate);
     TestDelegate d;
-    scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
         test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d));
     req->Start();
     base::RunLoop().Run();
@@ -2675,7 +2661,7 @@ TEST_F(URLRequestTest, SameSiteCookies) {
   // Set up two 'SameSite' cookies on 'example.test'
   {
     TestDelegate d;
-    scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
         test_server.GetURL(kHost,
                            "/set-cookie?StrictSameSiteCookie=1;SameSite=Strict&"
                            "LaxSameSiteCookie=1;SameSite=Lax"),
@@ -2690,7 +2676,7 @@ TEST_F(URLRequestTest, SameSiteCookies) {
   // Verify that both cookies are sent for same-site requests.
   {
     TestDelegate d;
-    scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
         test_server.GetURL(kHost, "/echoheader?Cookie"), DEFAULT_PRIORITY, &d));
     req->set_first_party_for_cookies(test_server.GetURL(kHost, "/"));
     req->set_initiator(url::Origin(test_server.GetURL(kHost, "/")));
@@ -2707,7 +2693,7 @@ TEST_F(URLRequestTest, SameSiteCookies) {
   // Verify that both cookies are sent for same-registrable-domain requests.
   {
     TestDelegate d;
-    scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
         test_server.GetURL(kHost, "/echoheader?Cookie"), DEFAULT_PRIORITY, &d));
     req->set_first_party_for_cookies(test_server.GetURL(kSubHost, "/"));
     req->set_initiator(url::Origin(test_server.GetURL(kSubHost, "/")));
@@ -2724,7 +2710,7 @@ TEST_F(URLRequestTest, SameSiteCookies) {
   // Verify that neither cookie is not sent for cross-site requests.
   {
     TestDelegate d;
-    scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
         test_server.GetURL(kHost, "/echoheader?Cookie"), DEFAULT_PRIORITY, &d));
     req->set_first_party_for_cookies(test_server.GetURL(kCrossHost, "/"));
     req->set_initiator(url::Origin(test_server.GetURL(kCrossHost, "/")));
@@ -2742,7 +2728,7 @@ TEST_F(URLRequestTest, SameSiteCookies) {
   // method is "safe".
   {
     TestDelegate d;
-    scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
         test_server.GetURL(kHost, "/echoheader?Cookie"), DEFAULT_PRIORITY, &d));
     req->set_first_party_for_cookies(test_server.GetURL(kHost, "/"));
     req->set_initiator(url::Origin(test_server.GetURL(kCrossHost, "/")));
@@ -2761,7 +2747,7 @@ TEST_F(URLRequestTest, SameSiteCookies) {
   // method is unsafe (e.g. POST).
   {
     TestDelegate d;
-    scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
         test_server.GetURL(kHost, "/echoheader?Cookie"), DEFAULT_PRIORITY, &d));
     req->set_first_party_for_cookies(test_server.GetURL(kHost, "/"));
     req->set_initiator(url::Origin(test_server.GetURL(kCrossHost, "/")));
@@ -2796,7 +2782,7 @@ TEST_F(URLRequestTest, SecureCookiePrefixOnNonsecureOrigin) {
   // Try to set a Secure __Secure- cookie.
   {
     TestDelegate d;
-    scoped_ptr<URLRequest> req(context.CreateRequest(
+    std::unique_ptr<URLRequest> req(context.CreateRequest(
         http_server.GetURL("/set-cookie?__Secure-nonsecure-origin=1;Secure"),
         DEFAULT_PRIORITY, &d));
     req->Start();
@@ -2808,7 +2794,7 @@ TEST_F(URLRequestTest, SecureCookiePrefixOnNonsecureOrigin) {
   // Verify that the cookie is not set.
   {
     TestDelegate d;
-    scoped_ptr<URLRequest> req(context.CreateRequest(
+    std::unique_ptr<URLRequest> req(context.CreateRequest(
         https_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d));
     req->Start();
     base::RunLoop().Run();
@@ -2834,7 +2820,7 @@ TEST_F(URLRequestTest, SecureCookiePrefixNonsecure) {
   // Try to set a non-Secure __Secure- cookie.
   {
     TestDelegate d;
-    scoped_ptr<URLRequest> req(
+    std::unique_ptr<URLRequest> req(
         context.CreateRequest(https_server.GetURL("/set-cookie?__Secure-foo=1"),
                               DEFAULT_PRIORITY, &d));
     req->Start();
@@ -2846,7 +2832,7 @@ TEST_F(URLRequestTest, SecureCookiePrefixNonsecure) {
   // Verify that the cookie is not set.
   {
     TestDelegate d;
-    scoped_ptr<URLRequest> req(context.CreateRequest(
+    std::unique_ptr<URLRequest> req(context.CreateRequest(
         https_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d));
     req->Start();
     base::RunLoop().Run();
@@ -2871,7 +2857,7 @@ TEST_F(URLRequestTest, SecureCookiePrefixSecure) {
   // Try to set a Secure __Secure- cookie.
   {
     TestDelegate d;
-    scoped_ptr<URLRequest> req(context.CreateRequest(
+    std::unique_ptr<URLRequest> req(context.CreateRequest(
         https_server.GetURL("/set-cookie?__Secure-bar=1;Secure"),
         DEFAULT_PRIORITY, &d));
     req->Start();
@@ -2883,7 +2869,7 @@ TEST_F(URLRequestTest, SecureCookiePrefixSecure) {
   // Verify that the cookie is set.
   {
     TestDelegate d;
-    scoped_ptr<URLRequest> req(context.CreateRequest(
+    std::unique_ptr<URLRequest> req(context.CreateRequest(
         https_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d));
     req->Start();
     base::RunLoop().Run();
@@ -2914,7 +2900,7 @@ TEST_F(URLRequestTest, StrictSecureCookiesOnNonsecureOrigin) {
   // Try to set a Secure cookie, with experimental features enabled.
   {
     TestDelegate d;
-    scoped_ptr<URLRequest> req(context.CreateRequest(
+    std::unique_ptr<URLRequest> req(context.CreateRequest(
         http_server.GetURL("/set-cookie?nonsecure-origin=1;Secure"),
         DEFAULT_PRIORITY, &d));
     req->Start();
@@ -2926,7 +2912,7 @@ TEST_F(URLRequestTest, StrictSecureCookiesOnNonsecureOrigin) {
   // Verify that the cookie is not set.
   {
     TestDelegate d;
-    scoped_ptr<URLRequest> req(context.CreateRequest(
+    std::unique_ptr<URLRequest> req(context.CreateRequest(
         https_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d));
     req->Start();
     base::RunLoop().Run();
@@ -2953,7 +2939,7 @@ TEST_F(URLRequestTest, StrictSecureCookiesOnSecureOrigin) {
   // Try to set a Secure cookie, with experimental features enabled.
   {
     TestDelegate d;
-    scoped_ptr<URLRequest> req(context.CreateRequest(
+    std::unique_ptr<URLRequest> req(context.CreateRequest(
         https_server.GetURL("/set-cookie?secure-origin=1;Secure"),
         DEFAULT_PRIORITY, &d));
     req->Start();
@@ -2965,7 +2951,7 @@ TEST_F(URLRequestTest, StrictSecureCookiesOnSecureOrigin) {
   // Verify that the cookie is not set.
   {
     TestDelegate d;
-    scoped_ptr<URLRequest> req(context.CreateRequest(
+    std::unique_ptr<URLRequest> req(context.CreateRequest(
         https_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d));
     req->Start();
     base::RunLoop().Run();
@@ -2981,14 +2967,14 @@ TEST_F(URLRequestTest, StrictSecureCookiesOnSecureOrigin) {
 // the test server is affected by entering suspend mode on Android.
 TEST_F(URLRequestTest, CancelOnSuspend) {
   TestPowerMonitorSource* power_monitor_source = new TestPowerMonitorSource();
-  base::PowerMonitor power_monitor(make_scoped_ptr(power_monitor_source));
+  base::PowerMonitor power_monitor(base::WrapUnique(power_monitor_source));
 
   URLRequestFailedJob::AddUrlHandler();
 
   TestDelegate d;
   // Request that just hangs.
   GURL url(URLRequestFailedJob::GetMockHttpUrl(ERR_IO_PENDING));
-  scoped_ptr<URLRequest> r(
+  std::unique_ptr<URLRequest> r(
       default_context_.CreateRequest(url, DEFAULT_PRIORITY, &d));
   r->Start();
 
@@ -3059,7 +3045,7 @@ TEST_F(URLRequestTest, AcceptClockSkewCookieWithWrongDateTimezone) {
     TestNetworkDelegate network_delegate;
     default_context_.set_network_delegate(&network_delegate);
     TestDelegate d;
-    scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
         test_server.GetURL(
             "/set-cookie?StillGood=1;expires=Mon,18-Apr-1977,22:50:13,GMT"),
         DEFAULT_PRIORITY, &d));
@@ -3071,7 +3057,7 @@ TEST_F(URLRequestTest, AcceptClockSkewCookieWithWrongDateTimezone) {
     TestNetworkDelegate network_delegate;
     default_context_.set_network_delegate(&network_delegate);
     TestDelegate d;
-    scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
         test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d));
     req->Start();
     base::RunLoop().Run();
@@ -3083,7 +3069,7 @@ TEST_F(URLRequestTest, AcceptClockSkewCookieWithWrongDateTimezone) {
     FixedDateNetworkDelegate network_delegate("18-Apr-1977 22:49:13 UTC");
     default_context_.set_network_delegate(&network_delegate);
     TestDelegate d;
-    scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
         test_server.GetURL(
             "/set-cookie?StillGood=1;expires=Mon,18-Apr-1977,22:50:13,GMT"),
         DEFAULT_PRIORITY, &d));
@@ -3095,7 +3081,7 @@ TEST_F(URLRequestTest, AcceptClockSkewCookieWithWrongDateTimezone) {
     TestNetworkDelegate network_delegate;
     default_context_.set_network_delegate(&network_delegate);
     TestDelegate d;
-    scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
         test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d));
     req->Start();
     base::RunLoop().Run();
@@ -3115,7 +3101,7 @@ TEST_F(URLRequestTest, DoNotOverrideReferrer) {
   // only the latter shall be respected.
   {
     TestDelegate d;
-    scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
         test_server.GetURL("/echoheader?Referer"), DEFAULT_PRIORITY, &d));
     req->SetReferrer("http://foo.com/");
 
@@ -3133,7 +3119,7 @@ TEST_F(URLRequestTest, DoNotOverrideReferrer) {
   // shall be sent in the header.
   {
     TestDelegate d;
-    scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
         test_server.GetURL("/echoheader?Referer"), DEFAULT_PRIORITY, &d));
 
     HttpRequestHeaders headers;
@@ -3166,7 +3152,7 @@ class URLRequestTestHTTP : public URLRequestTest {
                               bool include_data) {
     static const char kData[] = "hello world";
     TestDelegate d;
-    scoped_ptr<URLRequest> req(
+    std::unique_ptr<URLRequest> req(
         default_context_.CreateRequest(redirect_url, DEFAULT_PRIORITY, &d));
     req->set_method(request_method);
     if (include_data) {
@@ -3212,7 +3198,7 @@ class URLRequestTestHTTP : public URLRequestTest {
                                     const std::string& redirect_method,
                                     const std::string& origin_value) {
     TestDelegate d;
-    scoped_ptr<URLRequest> req(
+    std::unique_ptr<URLRequest> req(
         default_context_.CreateRequest(redirect_url, DEFAULT_PRIORITY, &d));
     req->set_method(request_method);
     req->SetExtraRequestHeaderByName(HttpRequestHeaders::kOrigin,
@@ -3259,7 +3245,7 @@ class URLRequestTestHTTP : public URLRequestTest {
 
     for (int i = 0; i < kIterations; ++i) {
       TestDelegate d;
-      scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+      std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
           test_server_.GetURL("/echo"), DEFAULT_PRIORITY, &d));
       r->set_method(method.c_str());
 
@@ -3282,7 +3268,7 @@ class URLRequestTestHTTP : public URLRequestTest {
 
   bool DoManyCookiesRequest(int num_cookies) {
     TestDelegate d;
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         test_server_.GetURL("/set-many-cookies?" +
                             base::IntToString(num_cookies)),
         DEFAULT_PRIORITY, &d));
@@ -3308,7 +3294,7 @@ class URLRequestTestHTTP : public URLRequestTest {
 
 namespace {
 
-scoped_ptr<test_server::HttpResponse> HandleRedirectConnect(
+std::unique_ptr<test_server::HttpResponse> HandleRedirectConnect(
     const test_server::HttpRequest& request) {
   if (request.headers.find("Host") == request.headers.end() ||
       request.headers.at("Host") != "www.redirect.com" ||
@@ -3316,7 +3302,7 @@ scoped_ptr<test_server::HttpResponse> HandleRedirectConnect(
     return nullptr;
   }
 
-  scoped_ptr<test_server::BasicHttpResponse> http_response(
+  std::unique_ptr<test_server::BasicHttpResponse> http_response(
       new test_server::BasicHttpResponse);
   http_response->set_code(HTTP_FOUND);
   http_response->AddCustomHeader("Location",
@@ -3390,7 +3376,7 @@ class TokenBindingURLRequestTest : public URLRequestTestHTTP {
   }
 
  protected:
-  scoped_ptr<ChannelIDService> channel_id_service_;
+  std::unique_ptr<ChannelIDService> channel_id_service_;
 };
 
 TEST_F(TokenBindingURLRequestTest, TokenBindingTest) {
@@ -3403,7 +3389,7 @@ TEST_F(TokenBindingURLRequestTest, TokenBindingTest) {
 
   TestDelegate d;
   {
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         https_test_server.GetURL("tokbind-ekm"), DEFAULT_PRIORITY, &d));
     r->Start();
     EXPECT_TRUE(r->is_pending());
@@ -3446,7 +3432,7 @@ TEST_F(TokenBindingURLRequestTest, ForwardTokenBinding) {
   {
     GURL redirect_url =
         https_test_server.GetURL("forward-tokbind?/tokbind-ekm");
-    scoped_ptr<URLRequest> r(
+    std::unique_ptr<URLRequest> r(
         default_context_.CreateRequest(redirect_url, DEFAULT_PRIORITY, &d));
     r->Start();
     EXPECT_TRUE(r->is_pending());
@@ -3499,7 +3485,7 @@ TEST_F(TokenBindingURLRequestTest, DontForwardHeaderFromHttp) {
   {
     GURL redirect_url = http_server.GetURL(
         "forward-tokbind?" + https_test_server.GetURL("tokbind-ekm").spec());
-    scoped_ptr<URLRequest> r(
+    std::unique_ptr<URLRequest> r(
         default_context_.CreateRequest(redirect_url, DEFAULT_PRIORITY, &d));
     r->Start();
     EXPECT_TRUE(r->is_pending());
@@ -3550,7 +3536,7 @@ TEST_F(TokenBindingURLRequestTest, ForwardWithoutTokenBinding) {
   {
     GURL redirect_url = token_binding_test_server.GetURL(
         "forward-tokbind?" + https_test_server.GetURL("tokbind-ekm").spec());
-    scoped_ptr<URLRequest> r(
+    std::unique_ptr<URLRequest> r(
         default_context_.CreateRequest(redirect_url, DEFAULT_PRIORITY, &d));
     r->Start();
     EXPECT_TRUE(r->is_pending());
@@ -3584,7 +3570,7 @@ TEST_F(URLRequestTestHTTP, ProxyTunnelRedirectTest) {
 
   TestDelegate d;
   {
-    scoped_ptr<URLRequest> r(context.CreateRequest(
+    std::unique_ptr<URLRequest> r(context.CreateRequest(
         GURL("https://www.redirect.com/"), DEFAULT_PRIORITY, &d));
     r->Start();
     EXPECT_TRUE(r->is_pending());
@@ -3612,7 +3598,7 @@ TEST_F(URLRequestTestHTTP, NetworkDelegateTunnelConnectionFailed) {
 
   TestDelegate d;
   {
-    scoped_ptr<URLRequest> r(context.CreateRequest(
+    std::unique_ptr<URLRequest> r(context.CreateRequest(
         GURL("https://www.redirect.com/"), DEFAULT_PRIORITY, &d));
     r->Start();
     EXPECT_TRUE(r->is_pending());
@@ -3656,7 +3642,7 @@ TEST_F(URLRequestTestHTTP, NetworkDelegateBlockAsynchronously) {
   context.Init();
 
   {
-    scoped_ptr<URLRequest> r(context.CreateRequest(
+    std::unique_ptr<URLRequest> r(context.CreateRequest(
         http_test_server()->GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d));
 
     r->Start();
@@ -3689,7 +3675,7 @@ TEST_F(URLRequestTestHTTP, NetworkDelegateCancelRequest) {
       http_test_server()->host_port_pair().ToString(), &network_delegate);
 
   {
-    scoped_ptr<URLRequest> r(context.CreateRequest(
+    std::unique_ptr<URLRequest> r(context.CreateRequest(
         http_test_server()->GetURL("/"), DEFAULT_PRIORITY, &d));
 
     r->Start();
@@ -3722,7 +3708,8 @@ void NetworkDelegateCancelRequest(BlockingNetworkDelegate::BlockMode block_mode,
   context.Init();
 
   {
-    scoped_ptr<URLRequest> r(context.CreateRequest(url, DEFAULT_PRIORITY, &d));
+    std::unique_ptr<URLRequest> r(
+        context.CreateRequest(url, DEFAULT_PRIORITY, &d));
 
     r->Start();
     base::RunLoop().Run();
@@ -3800,7 +3787,7 @@ TEST_F(URLRequestTestHTTP, NetworkDelegateRedirectRequest) {
 
   {
     GURL original_url(http_test_server()->GetURL("/defaultresponse"));
-    scoped_ptr<URLRequest> r(
+    std::unique_ptr<URLRequest> r(
         context.CreateRequest(original_url, DEFAULT_PRIORITY, &d));
 
     // Quit after hitting the redirect, so can check the headers.
@@ -3853,7 +3840,7 @@ TEST_F(URLRequestTestHTTP, NetworkDelegateRedirectRequestSynchronously) {
 
   {
     GURL original_url(http_test_server()->GetURL("/defaultresponse"));
-    scoped_ptr<URLRequest> r(
+    std::unique_ptr<URLRequest> r(
         context.CreateRequest(original_url, DEFAULT_PRIORITY, &d));
 
     // Quit after hitting the redirect, so can check the headers.
@@ -3909,7 +3896,7 @@ TEST_F(URLRequestTestHTTP, NetworkDelegateRedirectRequestPost) {
 
   {
     GURL original_url(http_test_server()->GetURL("/defaultresponse"));
-    scoped_ptr<URLRequest> r(
+    std::unique_ptr<URLRequest> r(
         context.CreateRequest(original_url, DEFAULT_PRIORITY, &d));
     r->set_method("POST");
     r->set_upload(CreateSimpleUploadData(kData));
@@ -3966,7 +3953,7 @@ TEST_F(URLRequestTestHTTP, NetworkDelegateRedirectRequestOnHeadersReceived) {
 
   {
     GURL original_url(http_test_server()->GetURL("/defaultresponse"));
-    scoped_ptr<URLRequest> r(
+    std::unique_ptr<URLRequest> r(
         context.CreateRequest(original_url, DEFAULT_PRIORITY, &d));
 
     r->Start();
@@ -4008,7 +3995,8 @@ TEST_F(URLRequestTestHTTP, NetworkDelegateOnAuthRequiredSyncNoAction) {
 
   {
     GURL url(http_test_server()->GetURL("/auth-basic"));
-    scoped_ptr<URLRequest> r(context.CreateRequest(url, DEFAULT_PRIORITY, &d));
+    std::unique_ptr<URLRequest> r(
+        context.CreateRequest(url, DEFAULT_PRIORITY, &d));
     r->Start();
 
     base::RunLoop().Run();
@@ -4039,7 +4027,8 @@ TEST_F(URLRequestTestHTTP,
 
   {
     GURL url(http_test_server()->GetURL("/auth-basic"));
-    scoped_ptr<URLRequest> r(context.CreateRequest(url, DEFAULT_PRIORITY, &d));
+    std::unique_ptr<URLRequest> r(
+        context.CreateRequest(url, DEFAULT_PRIORITY, &d));
     r->Start();
 
     {
@@ -4080,7 +4069,8 @@ TEST_F(URLRequestTestHTTP, NetworkDelegateOnAuthRequiredSyncSetAuth) {
 
   {
     GURL url(http_test_server()->GetURL("/auth-basic"));
-    scoped_ptr<URLRequest> r(context.CreateRequest(url, DEFAULT_PRIORITY, &d));
+    std::unique_ptr<URLRequest> r(
+        context.CreateRequest(url, DEFAULT_PRIORITY, &d));
     r->Start();
     base::RunLoop().Run();
 
@@ -4115,7 +4105,8 @@ TEST_F(URLRequestTestHTTP,
 
   {
     GURL url(http_test_server()->GetURL("/auth-basic"));
-    scoped_ptr<URLRequest> r(context.CreateRequest(url, DEFAULT_PRIORITY, &d));
+    std::unique_ptr<URLRequest> r(
+        context.CreateRequest(url, DEFAULT_PRIORITY, &d));
     r->Start();
     base::RunLoop().Run();
 
@@ -4153,7 +4144,8 @@ TEST_F(URLRequestTestHTTP, NetworkDelegateOnAuthRequiredSyncCancel) {
 
   {
     GURL url(http_test_server()->GetURL("/auth-basic"));
-    scoped_ptr<URLRequest> r(context.CreateRequest(url, DEFAULT_PRIORITY, &d));
+    std::unique_ptr<URLRequest> r(
+        context.CreateRequest(url, DEFAULT_PRIORITY, &d));
     r->Start();
     base::RunLoop().Run();
 
@@ -4187,7 +4179,8 @@ TEST_F(URLRequestTestHTTP, NetworkDelegateOnAuthRequiredAsyncNoAction) {
 
   {
     GURL url(http_test_server()->GetURL("/auth-basic"));
-    scoped_ptr<URLRequest> r(context.CreateRequest(url, DEFAULT_PRIORITY, &d));
+    std::unique_ptr<URLRequest> r(
+        context.CreateRequest(url, DEFAULT_PRIORITY, &d));
     r->Start();
     base::RunLoop().Run();
 
@@ -4222,7 +4215,8 @@ TEST_F(URLRequestTestHTTP, NetworkDelegateOnAuthRequiredAsyncSetAuth) {
 
   {
     GURL url(http_test_server()->GetURL("/auth-basic"));
-    scoped_ptr<URLRequest> r(context.CreateRequest(url, DEFAULT_PRIORITY, &d));
+    std::unique_ptr<URLRequest> r(
+        context.CreateRequest(url, DEFAULT_PRIORITY, &d));
     r->Start();
     base::RunLoop().Run();
 
@@ -4255,7 +4249,8 @@ TEST_F(URLRequestTestHTTP, NetworkDelegateOnAuthRequiredAsyncCancel) {
 
   {
     GURL url(http_test_server()->GetURL("/auth-basic"));
-    scoped_ptr<URLRequest> r(context.CreateRequest(url, DEFAULT_PRIORITY, &d));
+    std::unique_ptr<URLRequest> r(
+        context.CreateRequest(url, DEFAULT_PRIORITY, &d));
     r->Start();
     base::RunLoop().Run();
 
@@ -4285,7 +4280,7 @@ TEST_F(URLRequestTestHTTP, NetworkDelegateCancelWhileWaiting1) {
   context.Init();
 
   {
-    scoped_ptr<URLRequest> r(context.CreateRequest(
+    std::unique_ptr<URLRequest> r(context.CreateRequest(
         http_test_server()->GetURL("/"), DEFAULT_PRIORITY, &d));
 
     r->Start();
@@ -4322,7 +4317,7 @@ TEST_F(URLRequestTestHTTP, NetworkDelegateCancelWhileWaiting2) {
   context.Init();
 
   {
-    scoped_ptr<URLRequest> r(context.CreateRequest(
+    std::unique_ptr<URLRequest> r(context.CreateRequest(
         http_test_server()->GetURL("/"), DEFAULT_PRIORITY, &d));
 
     r->Start();
@@ -4358,7 +4353,7 @@ TEST_F(URLRequestTestHTTP, NetworkDelegateCancelWhileWaiting3) {
   context.Init();
 
   {
-    scoped_ptr<URLRequest> r(context.CreateRequest(
+    std::unique_ptr<URLRequest> r(context.CreateRequest(
         http_test_server()->GetURL("/"), DEFAULT_PRIORITY, &d));
 
     r->Start();
@@ -4394,7 +4389,7 @@ TEST_F(URLRequestTestHTTP, NetworkDelegateCancelWhileWaiting4) {
   context.Init();
 
   {
-    scoped_ptr<URLRequest> r(context.CreateRequest(
+    std::unique_ptr<URLRequest> r(context.CreateRequest(
         http_test_server()->GetURL("/auth-basic"), DEFAULT_PRIORITY, &d));
 
     r->Start();
@@ -4416,7 +4411,7 @@ TEST_F(URLRequestTestHTTP, NetworkDelegateCancelWhileWaiting4) {
 
 namespace {
 
-scoped_ptr<test_server::HttpResponse> HandleServerAuthConnect(
+std::unique_ptr<test_server::HttpResponse> HandleServerAuthConnect(
     const test_server::HttpRequest& request) {
   if (request.headers.find("Host") == request.headers.end() ||
       request.headers.at("Host") != "www.server-auth.com" ||
@@ -4424,7 +4419,7 @@ scoped_ptr<test_server::HttpResponse> HandleServerAuthConnect(
     return nullptr;
   }
 
-  scoped_ptr<test_server::BasicHttpResponse> http_response(
+  std::unique_ptr<test_server::BasicHttpResponse> http_response(
       new test_server::BasicHttpResponse);
   http_response->set_code(HTTP_UNAUTHORIZED);
   http_response->AddCustomHeader("WWW-Authenticate",
@@ -4448,7 +4443,7 @@ TEST_F(URLRequestTestHTTP, UnexpectedServerAuthTest) {
 
   TestDelegate d;
   {
-    scoped_ptr<URLRequest> r(context.CreateRequest(
+    std::unique_ptr<URLRequest> r(context.CreateRequest(
         GURL("https://www.server-auth.com/"), DEFAULT_PRIORITY, &d));
 
     r->Start();
@@ -4468,7 +4463,7 @@ TEST_F(URLRequestTestHTTP, GetTest_NoCache) {
 
   TestDelegate d;
   {
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         http_test_server()->GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d));
 
     r->Start();
@@ -4535,7 +4530,7 @@ TEST_F(URLRequestTestHTTP, GetTest) {
 
   TestDelegate d;
   {
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         http_test_server()->GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d));
 
     r->Start();
@@ -4559,7 +4554,7 @@ TEST_F(URLRequestTestHTTP, GetTest_GetFullRequestHeaders) {
   TestDelegate d;
   {
     GURL test_url(http_test_server()->GetURL("/defaultresponse"));
-    scoped_ptr<URLRequest> r(
+    std::unique_ptr<URLRequest> r(
         default_context_.CreateRequest(test_url, DEFAULT_PRIORITY, &d));
 
     HttpRequestHeaders headers;
@@ -4588,7 +4583,7 @@ TEST_F(URLRequestTestHTTP, GetTestLoadTiming) {
 
   TestDelegate d;
   {
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         http_test_server()->GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d));
 
     r->Start();
@@ -4644,7 +4639,7 @@ TEST_F(URLRequestTestHTTP, GetZippedTest) {
       context.set_network_delegate(&network_delegate);
       context.Init();
 
-      scoped_ptr<URLRequest> r(context.CreateRequest(
+      std::unique_ptr<URLRequest> r(context.CreateRequest(
           test_server.GetURL(test_file), DEFAULT_PRIORITY, &d));
       r->Start();
       EXPECT_TRUE(r->is_pending());
@@ -4676,7 +4671,7 @@ TEST_F(URLRequestTestHTTP, RedirectLoadTiming) {
   GURL original_url =
       http_test_server()->GetURL("/server-redirect?" + destination_url.spec());
   TestDelegate d;
-  scoped_ptr<URLRequest> req(
+  std::unique_ptr<URLRequest> req(
       default_context_.CreateRequest(original_url, DEFAULT_PRIORITY, &d));
   req->Start();
   base::RunLoop().Run();
@@ -4717,7 +4712,7 @@ TEST_F(URLRequestTestHTTP, MultipleRedirectTest) {
   GURL original_url = http_test_server()->GetURL("/server-redirect?" +
                                                  middle_redirect_url.spec());
   TestDelegate d;
-  scoped_ptr<URLRequest> req(
+  std::unique_ptr<URLRequest> req(
       default_context_.CreateRequest(original_url, DEFAULT_PRIORITY, &d));
   req->Start();
   base::RunLoop().Run();
@@ -5045,7 +5040,7 @@ TEST_F(URLRequestTestHTTP, DelegateInfoBeforeStart) {
   context.Init();
 
   {
-    scoped_ptr<URLRequest> r(
+    std::unique_ptr<URLRequest> r(
         context.CreateRequest(http_test_server()->GetURL("/defaultresponse"),
                               DEFAULT_PRIORITY, &request_delegate));
     LoadStateWithParam load_state = r->GetLoadState();
@@ -5092,7 +5087,7 @@ TEST_F(URLRequestTestHTTP, NetworkDelegateInfo) {
   context.Init();
 
   {
-    scoped_ptr<URLRequest> r(
+    std::unique_ptr<URLRequest> r(
         context.CreateRequest(http_test_server()->GetURL("/simple.html"),
                               DEFAULT_PRIORITY, &request_delegate));
     LoadStateWithParam load_state = r->GetLoadState();
@@ -5149,7 +5144,7 @@ TEST_F(URLRequestTestHTTP, NetworkDelegateInfoRedirect) {
   context.Init();
 
   {
-    scoped_ptr<URLRequest> r(context.CreateRequest(
+    std::unique_ptr<URLRequest> r(context.CreateRequest(
         http_test_server()->GetURL("/server-redirect?simple.html"),
         DEFAULT_PRIORITY, &request_delegate));
     LoadStateWithParam load_state = r->GetLoadState();
@@ -5231,7 +5226,7 @@ TEST_F(URLRequestTestHTTP, NetworkDelegateInfoAuth) {
   context.Init();
 
   {
-    scoped_ptr<URLRequest> r(
+    std::unique_ptr<URLRequest> r(
         context.CreateRequest(http_test_server()->GetURL("/auth-basic"),
                               DEFAULT_PRIORITY, &request_delegate));
     LoadStateWithParam load_state = r->GetLoadState();
@@ -5301,7 +5296,7 @@ TEST_F(URLRequestTestHTTP, URLRequestDelegateInfo) {
     // body are ignored.  Since they are ignored, this test is robust against
     // the possibility of multiple reads being combined in the unlikely event
     // that it occurs.
-    scoped_ptr<URLRequest> r(context.CreateRequest(
+    std::unique_ptr<URLRequest> r(context.CreateRequest(
         test_server.GetURL("/chunked?waitBetweenChunks=20"), DEFAULT_PRIORITY,
         &request_delegate));
     LoadStateWithParam load_state = r->GetLoadState();
@@ -5355,7 +5350,7 @@ TEST_F(URLRequestTestHTTP, URLRequestDelegateInfoOnRedirect) {
   context.Init();
 
   {
-    scoped_ptr<URLRequest> r(context.CreateRequest(
+    std::unique_ptr<URLRequest> r(context.CreateRequest(
         http_test_server()->GetURL("/server-redirect?simple.html"),
         DEFAULT_PRIORITY, &request_delegate));
     LoadStateWithParam load_state = r->GetLoadState();
@@ -5419,7 +5414,7 @@ TEST_F(URLRequestTestHTTP, URLRequestDelegateOnRedirectCancelled) {
     context.Init();
 
     {
-      scoped_ptr<URLRequest> r(context.CreateRequest(
+      std::unique_ptr<URLRequest> r(context.CreateRequest(
           http_test_server()->GetURL("/server-redirect?simple.html"),
           DEFAULT_PRIORITY, &request_delegate));
       LoadStateWithParam load_state = r->GetLoadState();
@@ -5487,7 +5482,7 @@ TEST_F(URLRequestTestHTTP, RedirectWithAdditionalHeadersTest) {
   GURL original_url =
       http_test_server()->GetURL("/server-redirect?" + destination_url.spec());
   RedirectWithAdditionalHeadersDelegate d;
-  scoped_ptr<URLRequest> req(
+  std::unique_ptr<URLRequest> req(
       default_context_.CreateRequest(original_url, DEFAULT_PRIORITY, &d));
   req->Start();
   base::RunLoop().Run();
@@ -5524,7 +5519,7 @@ TEST_F(URLRequestTestHTTP, RedirectWithHeaderRemovalTest) {
   GURL original_url =
       http_test_server()->GetURL("/server-redirect?" + destination_url.spec());
   RedirectWithHeaderRemovalDelegate d;
-  scoped_ptr<URLRequest> req(
+  std::unique_ptr<URLRequest> req(
       default_context_.CreateRequest(original_url, DEFAULT_PRIORITY, &d));
   req->SetExtraRequestHeaderByName(kExtraHeaderToRemove, "dummy", false);
   req->Start();
@@ -5541,7 +5536,7 @@ TEST_F(URLRequestTestHTTP, RedirectWithHeaderRemovalTest) {
 TEST_F(URLRequestTestHTTP, CancelTest) {
   TestDelegate d;
   {
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         GURL("http://www.google.com/"), DEFAULT_PRIORITY, &d));
 
     r->Start();
@@ -5564,7 +5559,7 @@ TEST_F(URLRequestTestHTTP, CancelTest2) {
 
   TestDelegate d;
   {
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         http_test_server()->GetURL("/"), DEFAULT_PRIORITY, &d));
 
     d.set_cancel_in_response_started(true);
@@ -5586,7 +5581,7 @@ TEST_F(URLRequestTestHTTP, CancelTest3) {
 
   TestDelegate d;
   {
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         http_test_server()->GetURL("/"), DEFAULT_PRIORITY, &d));
 
     d.set_cancel_in_received_data(true);
@@ -5611,7 +5606,7 @@ TEST_F(URLRequestTestHTTP, CancelTest4) {
 
   TestDelegate d;
   {
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         http_test_server()->GetURL("/"), DEFAULT_PRIORITY, &d));
 
     r->Start();
@@ -5638,7 +5633,7 @@ TEST_F(URLRequestTestHTTP, CancelTest5) {
   // populate cache
   {
     TestDelegate d;
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         http_test_server()->GetURL("/cachetime"), DEFAULT_PRIORITY, &d));
     r->Start();
     base::RunLoop().Run();
@@ -5648,7 +5643,7 @@ TEST_F(URLRequestTestHTTP, CancelTest5) {
   // cancel read from cache (see bug 990242)
   {
     TestDelegate d;
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         http_test_server()->GetURL("/cachetime"), DEFAULT_PRIORITY, &d));
     r->Start();
     r->Cancel();
@@ -5676,7 +5671,7 @@ TEST_F(URLRequestTestHTTP, PostEmptyTest) {
 
   TestDelegate d;
   {
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         http_test_server()->GetURL("/echo"), DEFAULT_PRIORITY, &d));
     r->set_method("POST");
 
@@ -5699,7 +5694,7 @@ TEST_F(URLRequestTestHTTP, PostFileTest) {
 
   TestDelegate d;
   {
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         http_test_server()->GetURL("/echo"), DEFAULT_PRIORITY, &d));
     r->set_method("POST");
 
@@ -5707,16 +5702,16 @@ TEST_F(URLRequestTestHTTP, PostFileTest) {
     PathService::Get(base::DIR_EXE, &dir);
     base::SetCurrentDirectory(dir);
 
-    std::vector<scoped_ptr<UploadElementReader>> element_readers;
+    std::vector<std::unique_ptr<UploadElementReader>> element_readers;
 
     base::FilePath path;
     PathService::Get(base::DIR_SOURCE_ROOT, &path);
     path = path.Append(kTestFilePath);
     path = path.Append(FILE_PATH_LITERAL("with-headers.html"));
-    element_readers.push_back(make_scoped_ptr(new UploadFileElementReader(
+    element_readers.push_back(base::WrapUnique(new UploadFileElementReader(
         base::ThreadTaskRunnerHandle::Get().get(), path, 0,
         std::numeric_limits<uint64_t>::max(), base::Time())));
-    r->set_upload(make_scoped_ptr<UploadDataStream>(
+    r->set_upload(base::WrapUnique<UploadDataStream>(
         new ElementsUploadDataStream(std::move(element_readers), 0)));
 
     r->Start();
@@ -5728,7 +5723,7 @@ TEST_F(URLRequestTestHTTP, PostFileTest) {
     ASSERT_EQ(true, base::GetFileSize(path, &size64));
     ASSERT_LE(size64, std::numeric_limits<int>::max());
     int size = static_cast<int>(size64);
-    scoped_ptr<char[]> buf(new char[size]);
+    std::unique_ptr<char[]> buf(new char[size]);
 
     ASSERT_EQ(size, base::ReadFile(path, buf.get(), size));
 
@@ -5748,18 +5743,18 @@ TEST_F(URLRequestTestHTTP, PostUnreadableFileTest) {
 
   TestDelegate d;
   {
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         http_test_server()->GetURL("/echo"), DEFAULT_PRIORITY, &d));
     r->set_method("POST");
 
-    std::vector<scoped_ptr<UploadElementReader>> element_readers;
+    std::vector<std::unique_ptr<UploadElementReader>> element_readers;
 
-    element_readers.push_back(make_scoped_ptr(new UploadFileElementReader(
+    element_readers.push_back(base::WrapUnique(new UploadFileElementReader(
         base::ThreadTaskRunnerHandle::Get().get(),
         base::FilePath(FILE_PATH_LITERAL(
             "c:\\path\\to\\non\\existant\\file.randomness.12345")),
         0, std::numeric_limits<uint64_t>::max(), base::Time())));
-    r->set_upload(make_scoped_ptr<UploadDataStream>(
+    r->set_upload(base::WrapUnique<UploadDataStream>(
         new ElementsUploadDataStream(std::move(element_readers), 0)));
 
     r->Start();
@@ -5812,11 +5807,11 @@ TEST_F(URLRequestTestHTTP, TestPostChunkedDataBeforeStart) {
 
   TestDelegate d;
   {
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         http_test_server()->GetURL("/echo"), DEFAULT_PRIORITY, &d));
-    scoped_ptr<ChunkedUploadDataStream> upload_data_stream(
+    std::unique_ptr<ChunkedUploadDataStream> upload_data_stream(
         new ChunkedUploadDataStream(0));
-    scoped_ptr<ChunkedUploadDataStream::Writer> writer =
+    std::unique_ptr<ChunkedUploadDataStream::Writer> writer =
         upload_data_stream->CreateWriter();
     r->set_upload(std::move(upload_data_stream));
     r->set_method("POST");
@@ -5835,13 +5830,13 @@ TEST_F(URLRequestTestHTTP, TestPostChunkedDataJustAfterStart) {
 
   TestDelegate d;
   {
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         http_test_server()->GetURL("/echo"), DEFAULT_PRIORITY, &d));
-    scoped_ptr<ChunkedUploadDataStream> upload_data_stream(
+    std::unique_ptr<ChunkedUploadDataStream> upload_data_stream(
         new ChunkedUploadDataStream(0));
-    scoped_ptr<ChunkedUploadDataStream::Writer> writer =
+    std::unique_ptr<ChunkedUploadDataStream::Writer> writer =
         upload_data_stream->CreateWriter();
-    r->set_upload(make_scoped_ptr(upload_data_stream.release()));
+    r->set_upload(base::WrapUnique(upload_data_stream.release()));
     r->set_method("POST");
     r->Start();
     EXPECT_TRUE(r->is_pending());
@@ -5857,11 +5852,11 @@ TEST_F(URLRequestTestHTTP, TestPostChunkedDataAfterStart) {
 
   TestDelegate d;
   {
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         http_test_server()->GetURL("/echo"), DEFAULT_PRIORITY, &d));
-    scoped_ptr<ChunkedUploadDataStream> upload_data_stream(
+    std::unique_ptr<ChunkedUploadDataStream> upload_data_stream(
         new ChunkedUploadDataStream(0));
-    scoped_ptr<ChunkedUploadDataStream::Writer> writer =
+    std::unique_ptr<ChunkedUploadDataStream::Writer> writer =
         upload_data_stream->CreateWriter();
     r->set_upload(std::move(upload_data_stream));
     r->set_method("POST");
@@ -5880,7 +5875,7 @@ TEST_F(URLRequestTestHTTP, ResponseHeadersTest) {
   ASSERT_TRUE(http_test_server()->Start());
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+  std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
       http_test_server()->GetURL("/with-headers.html"), DEFAULT_PRIORITY, &d));
   req->Start();
   base::RunLoop().Run();
@@ -5918,7 +5913,7 @@ TEST_F(URLRequestTestHTTP, ProcessSTS) {
 
   std::string test_server_hostname = https_test_server.GetURL("/").host();
   TestDelegate d;
-  scoped_ptr<URLRequest> request(default_context_.CreateRequest(
+  std::unique_ptr<URLRequest> request(default_context_.CreateRequest(
       https_test_server.GetURL("/hsts-headers.html"), DEFAULT_PRIORITY, &d));
   request->Start();
   base::RunLoop().Run();
@@ -5953,7 +5948,7 @@ TEST_F(URLRequestTestHTTP, STSNotProcessedOnIP) {
   std::string test_server_hostname = https_test_server.GetURL("/").host();
 
   TestDelegate d;
-  scoped_ptr<URLRequest> request(default_context_.CreateRequest(
+  std::unique_ptr<URLRequest> request(default_context_.CreateRequest(
       https_test_server.GetURL("/hsts-headers.html"), DEFAULT_PRIORITY, &d));
   request->Start();
   base::RunLoop().Run();
@@ -6000,7 +5995,7 @@ TEST_F(URLRequestTestHTTP, MAYBE_ProcessPKP) {
   std::string test_server_hostname = https_test_server.GetURL("/").host();
 
   TestDelegate d;
-  scoped_ptr<URLRequest> request(default_context_.CreateRequest(
+  std::unique_ptr<URLRequest> request(default_context_.CreateRequest(
       https_test_server.GetURL("/hpkp-headers.html"), DEFAULT_PRIORITY, &d));
   request->Start();
   base::RunLoop().Run();
@@ -6079,7 +6074,7 @@ TEST_F(URLRequestTestHTTP, MAYBE_ProcessPKPAndSendReport) {
 
   // Now send a request to trigger the violation.
   TestDelegate d;
-  scoped_ptr<URLRequest> violating_request(context.CreateRequest(
+  std::unique_ptr<URLRequest> violating_request(context.CreateRequest(
       https_test_server.GetURL("/simple.html"), DEFAULT_PRIORITY, &d));
   violating_request->Start();
   base::RunLoop().Run();
@@ -6087,7 +6082,7 @@ TEST_F(URLRequestTestHTTP, MAYBE_ProcessPKPAndSendReport) {
   // Check that a report was sent.
   EXPECT_EQ(report_uri, mock_report_sender.latest_report_uri());
   ASSERT_FALSE(mock_report_sender.latest_report().empty());
-  scoped_ptr<base::Value> value(
+  std::unique_ptr<base::Value> value(
       base::JSONReader::Read(mock_report_sender.latest_report()));
   ASSERT_TRUE(value);
   ASSERT_TRUE(value->IsType(base::Value::TYPE_DICTIONARY));
@@ -6141,7 +6136,7 @@ TEST_F(URLRequestTestHTTP, MAYBE_ProcessPKPReportOnly) {
 
   // Now send a request to trigger the violation.
   TestDelegate d;
-  scoped_ptr<URLRequest> violating_request(context.CreateRequest(
+  std::unique_ptr<URLRequest> violating_request(context.CreateRequest(
       https_test_server.GetURL("/hpkp-headers-report-only.html"),
       DEFAULT_PRIORITY, &d));
   violating_request->Start();
@@ -6150,7 +6145,7 @@ TEST_F(URLRequestTestHTTP, MAYBE_ProcessPKPReportOnly) {
   // Check that a report was sent.
   EXPECT_EQ(report_uri, mock_report_sender.latest_report_uri());
   ASSERT_FALSE(mock_report_sender.latest_report().empty());
-  scoped_ptr<base::Value> value(
+  std::unique_ptr<base::Value> value(
       base::JSONReader::Read(mock_report_sender.latest_report()));
   ASSERT_TRUE(value);
   ASSERT_TRUE(value->IsType(base::Value::TYPE_DICTIONARY));
@@ -6189,7 +6184,7 @@ TEST_F(URLRequestTestHTTP, MAYBE_ProcessPKPReportOnlyWithNoViolation) {
 
   // Now send a request that does not trigger the violation.
   TestDelegate d;
-  scoped_ptr<URLRequest> request(context.CreateRequest(
+  std::unique_ptr<URLRequest> request(context.CreateRequest(
       https_test_server.GetURL("/hpkp-headers-report-only.html"),
       DEFAULT_PRIORITY, &d));
   request->Start();
@@ -6211,7 +6206,7 @@ TEST_F(URLRequestTestHTTP, PKPNotProcessedOnIP) {
   std::string test_server_hostname = https_test_server.GetURL("/").host();
 
   TestDelegate d;
-  scoped_ptr<URLRequest> request(default_context_.CreateRequest(
+  std::unique_ptr<URLRequest> request(default_context_.CreateRequest(
       https_test_server.GetURL("/hpkp-headers.html"), DEFAULT_PRIORITY, &d));
   request->Start();
   base::RunLoop().Run();
@@ -6234,7 +6229,7 @@ TEST_F(URLRequestTestHTTP, ProcessSTSOnce) {
   std::string test_server_hostname = https_test_server.GetURL("/").host();
 
   TestDelegate d;
-  scoped_ptr<URLRequest> request(default_context_.CreateRequest(
+  std::unique_ptr<URLRequest> request(default_context_.CreateRequest(
       https_test_server.GetURL("/hsts-multiple-headers.html"), DEFAULT_PRIORITY,
       &d));
   request->Start();
@@ -6263,7 +6258,7 @@ TEST_F(URLRequestTestHTTP, ProcessSTSAndPKP) {
   std::string test_server_hostname = https_test_server.GetURL("/").host();
 
   TestDelegate d;
-  scoped_ptr<URLRequest> request(default_context_.CreateRequest(
+  std::unique_ptr<URLRequest> request(default_context_.CreateRequest(
       https_test_server.GetURL("/hsts-and-hpkp-headers.html"), DEFAULT_PRIORITY,
       &d));
   request->Start();
@@ -6307,7 +6302,7 @@ TEST_F(URLRequestTestHTTP, ProcessSTSAndPKP2) {
   std::string test_server_hostname = https_test_server.GetURL("/").host();
 
   TestDelegate d;
-  scoped_ptr<URLRequest> request(default_context_.CreateRequest(
+  std::unique_ptr<URLRequest> request(default_context_.CreateRequest(
       https_test_server.GetURL("/hsts-and-hpkp-headers2.html"),
       DEFAULT_PRIORITY, &d));
   request->Start();
@@ -6444,7 +6439,7 @@ TEST_F(URLRequestTestHTTP, ExpectCTHeader) {
   GURL::Replacements replace_host;
   replace_host.SetHostStr(kExpectCTStaticHostname);
   url = url.ReplaceComponents(replace_host);
-  scoped_ptr<URLRequest> violating_request(
+  std::unique_ptr<URLRequest> violating_request(
       context.CreateRequest(url, DEFAULT_PRIORITY, &d));
   violating_request->Start();
   base::RunLoop().Run();
@@ -6458,7 +6453,7 @@ TEST_F(URLRequestTestHTTP, ContentTypeNormalizationTest) {
   ASSERT_TRUE(http_test_server()->Start());
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+  std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
       http_test_server()->GetURL("/content-type-normalization.html"),
       DEFAULT_PRIORITY, &d));
   req->Start();
@@ -6500,7 +6495,7 @@ TEST_F(URLRequestTestHTTP, RestrictFileRedirects) {
   ASSERT_TRUE(http_test_server()->Start());
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+  std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
       http_test_server()->GetURL("/redirect-to-file.html"), DEFAULT_PRIORITY,
       &d));
   req->Start();
@@ -6515,7 +6510,7 @@ TEST_F(URLRequestTestHTTP, RestrictDataRedirects) {
   ASSERT_TRUE(http_test_server()->Start());
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+  std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
       http_test_server()->GetURL("/redirect-to-data.html"), DEFAULT_PRIORITY,
       &d));
   req->Start();
@@ -6529,7 +6524,7 @@ TEST_F(URLRequestTestHTTP, RedirectToInvalidURL) {
   ASSERT_TRUE(http_test_server()->Start());
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+  std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
       http_test_server()->GetURL("/redirect-to-invalid-url.html"),
       DEFAULT_PRIORITY, &d));
   req->Start();
@@ -6547,7 +6542,7 @@ TEST_F(URLRequestTestHTTP, CacheRedirect) {
 
   {
     TestDelegate d;
-    scoped_ptr<URLRequest> req(
+    std::unique_ptr<URLRequest> req(
         default_context_.CreateRequest(redirect_url, DEFAULT_PRIORITY, &d));
     req->Start();
     base::RunLoop().Run();
@@ -6559,7 +6554,7 @@ TEST_F(URLRequestTestHTTP, CacheRedirect) {
   {
     TestDelegate d;
     d.set_quit_on_redirect(true);
-    scoped_ptr<URLRequest> req(
+    std::unique_ptr<URLRequest> req(
         default_context_.CreateRequest(redirect_url, DEFAULT_PRIORITY, &d));
     req->Start();
     base::RunLoop().Run();
@@ -6591,7 +6586,7 @@ TEST_F(URLRequestTestHTTP, NoCacheOnNetworkDelegateRedirect) {
         redirect_to_url);
 
     TestDelegate d;
-    scoped_ptr<URLRequest> req(
+    std::unique_ptr<URLRequest> req(
         default_context_.CreateRequest(initial_url, DEFAULT_PRIORITY, &d));
     req->Start();
     base::RunLoop().Run();
@@ -6602,7 +6597,7 @@ TEST_F(URLRequestTestHTTP, NoCacheOnNetworkDelegateRedirect) {
 
   {
     TestDelegate d;
-    scoped_ptr<URLRequest> req(
+    std::unique_ptr<URLRequest> req(
         default_context_.CreateRequest(initial_url, DEFAULT_PRIORITY, &d));
     req->Start();
     base::RunLoop().Run();
@@ -6625,7 +6620,7 @@ TEST_F(URLRequestTestHTTP, UnsafeRedirectToWhitelistedUnsafeURL) {
 
   TestDelegate d;
   {
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         http_test_server()->GetURL("/whatever"), DEFAULT_PRIORITY, &d));
 
     r->Start();
@@ -6653,7 +6648,7 @@ TEST_F(URLRequestTestHTTP, UnsafeRedirectToDifferentUnsafeURL) {
 
   TestDelegate d;
   {
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         http_test_server()->GetURL("/whatever"), DEFAULT_PRIORITY, &d));
 
     r->Start();
@@ -6678,7 +6673,7 @@ TEST_F(URLRequestTestHTTP, UnsafeRedirectWithDifferentReferenceFragment) {
 
   TestDelegate d;
   {
-    scoped_ptr<URLRequest> r(
+    std::unique_ptr<URLRequest> r(
         default_context_.CreateRequest(original_url, DEFAULT_PRIORITY, &d));
 
     r->Start();
@@ -6708,7 +6703,7 @@ TEST_F(URLRequestTestHTTP, RedirectWithReferenceFragmentAndUnrelatedUnsafeUrl) {
 
   TestDelegate d;
   {
-    scoped_ptr<URLRequest> r(
+    std::unique_ptr<URLRequest> r(
         default_context_.CreateRequest(original_url, DEFAULT_PRIORITY, &d));
 
     r->Start();
@@ -6737,7 +6732,7 @@ TEST_F(URLRequestTestHTTP, RedirectWithReferenceFragment) {
 
   TestDelegate d;
   {
-    scoped_ptr<URLRequest> r(
+    std::unique_ptr<URLRequest> r(
         default_context_.CreateRequest(original_url, DEFAULT_PRIORITY, &d));
 
     r->Start();
@@ -6761,10 +6756,10 @@ TEST_F(URLRequestTestHTTP, RedirectJobWithReferenceFragment) {
   GURL redirect_url(http_test_server()->GetURL("/echo"));
 
   TestDelegate d;
-  scoped_ptr<URLRequest> r(
+  std::unique_ptr<URLRequest> r(
       default_context_.CreateRequest(original_url, DEFAULT_PRIORITY, &d));
 
-  scoped_ptr<URLRequestRedirectJob> job(new URLRequestRedirectJob(
+  std::unique_ptr<URLRequestRedirectJob> job(new URLRequestRedirectJob(
       r.get(), &default_network_delegate_, redirect_url,
       URLRequestRedirectJob::REDIRECT_302_FOUND, "Very Good Reason"));
   AddTestInterceptor()->set_main_intercept_job(std::move(job));
@@ -6783,7 +6778,7 @@ TEST_F(URLRequestTestHTTP, UnsupportedReferrerScheme) {
 
   const std::string referrer("foobar://totally.legit.referrer");
   TestDelegate d;
-  scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+  std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
       http_test_server()->GetURL("/echoheader?Referer"), DEFAULT_PRIORITY, &d));
   req->SetReferrer(referrer);
   req->Start();
@@ -6796,7 +6791,7 @@ TEST_F(URLRequestTestHTTP, NoUserPassInReferrer) {
   ASSERT_TRUE(http_test_server()->Start());
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+  std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
       http_test_server()->GetURL("/echoheader?Referer"), DEFAULT_PRIORITY, &d));
   req->SetReferrer("http://user:pass@foo.com/");
   req->Start();
@@ -6809,7 +6804,7 @@ TEST_F(URLRequestTestHTTP, NoFragmentInReferrer) {
   ASSERT_TRUE(http_test_server()->Start());
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+  std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
       http_test_server()->GetURL("/echoheader?Referer"), DEFAULT_PRIORITY, &d));
   req->SetReferrer("http://foo.com/test#fragment");
   req->Start();
@@ -6822,7 +6817,7 @@ TEST_F(URLRequestTestHTTP, EmptyReferrerAfterValidReferrer) {
   ASSERT_TRUE(http_test_server()->Start());
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+  std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
       http_test_server()->GetURL("/echoheader?Referer"), DEFAULT_PRIORITY, &d));
   req->SetReferrer("http://foo.com/test#fragment");
   req->SetReferrer("");
@@ -6841,7 +6836,7 @@ TEST_F(URLRequestTestHTTP, DeferredBeforeNetworkStart) {
   {
     d.set_quit_on_network_start(true);
     GURL test_url(http_test_server()->GetURL("/echo"));
-    scoped_ptr<URLRequest> req(
+    std::unique_ptr<URLRequest> req(
         default_context_.CreateRequest(test_url, DEFAULT_PRIORITY, &d));
 
     req->Start();
@@ -6868,7 +6863,7 @@ TEST_F(URLRequestTestHTTP, BeforeNetworkStartCalledOnce) {
   {
     d.set_quit_on_redirect(true);
     d.set_quit_on_network_start(true);
-    scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
         http_test_server()->GetURL("/server-redirect?echo"), DEFAULT_PRIORITY,
         &d));
 
@@ -6904,7 +6899,7 @@ TEST_F(URLRequestTestHTTP, CancelOnBeforeNetworkStart) {
   {
     d.set_quit_on_network_start(true);
     GURL test_url(http_test_server()->GetURL("/echo"));
-    scoped_ptr<URLRequest> req(
+    std::unique_ptr<URLRequest> req(
         default_context_.CreateRequest(test_url, DEFAULT_PRIORITY, &d));
 
     req->Start();
@@ -6928,7 +6923,7 @@ TEST_F(URLRequestTestHTTP, CancelRedirect) {
   TestDelegate d;
   {
     d.set_cancel_in_received_redirect(true);
-    scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
         http_test_server()->GetURL("/redirect-test.html"), DEFAULT_PRIORITY,
         &d));
     req->Start();
@@ -6948,7 +6943,7 @@ TEST_F(URLRequestTestHTTP, DeferredRedirect) {
   {
     d.set_quit_on_redirect(true);
     GURL test_url(http_test_server()->GetURL("/redirect-test.html"));
-    scoped_ptr<URLRequest> req(
+    std::unique_ptr<URLRequest> req(
         default_context_.CreateRequest(test_url, DEFAULT_PRIORITY, &d));
 
     req->Start();
@@ -6981,7 +6976,7 @@ TEST_F(URLRequestTestHTTP, DeferredRedirect_GetFullRequestHeaders) {
   {
     d.set_quit_on_redirect(true);
     GURL test_url(http_test_server()->GetURL("/redirect-test.html"));
-    scoped_ptr<URLRequest> req(
+    std::unique_ptr<URLRequest> req(
         default_context_.CreateRequest(test_url, DEFAULT_PRIORITY, &d));
 
     EXPECT_FALSE(d.have_full_request_headers());
@@ -7021,7 +7016,7 @@ TEST_F(URLRequestTestHTTP, CancelDeferredRedirect) {
   TestDelegate d;
   {
     d.set_quit_on_redirect(true);
-    scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
         http_test_server()->GetURL("/redirect-test.html"), DEFAULT_PRIORITY,
         &d));
     req->Start();
@@ -7045,7 +7040,7 @@ TEST_F(URLRequestTestHTTP, VaryHeader) {
   // Populate the cache.
   {
     TestDelegate d;
-    scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
         http_test_server()->GetURL("/echoheadercache?foo"), DEFAULT_PRIORITY,
         &d));
     HttpRequestHeaders headers;
@@ -7062,7 +7057,7 @@ TEST_F(URLRequestTestHTTP, VaryHeader) {
   // Expect a cache hit.
   {
     TestDelegate d;
-    scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
         http_test_server()->GetURL("/echoheadercache?foo"), DEFAULT_PRIORITY,
         &d));
     HttpRequestHeaders headers;
@@ -7081,7 +7076,7 @@ TEST_F(URLRequestTestHTTP, VaryHeader) {
   // Expect a cache miss.
   {
     TestDelegate d;
-    scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
         http_test_server()->GetURL("/echoheadercache?foo"), DEFAULT_PRIORITY,
         &d));
     HttpRequestHeaders headers;
@@ -7106,7 +7101,7 @@ TEST_F(URLRequestTestHTTP, BasicAuth) {
     TestDelegate d;
     d.set_credentials(AuthCredentials(kUser, kSecret));
 
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         http_test_server()->GetURL("/auth-basic"), DEFAULT_PRIORITY, &d));
     r->Start();
 
@@ -7122,7 +7117,7 @@ TEST_F(URLRequestTestHTTP, BasicAuth) {
     TestDelegate d;
     d.set_credentials(AuthCredentials(kUser, kSecret));
 
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         http_test_server()->GetURL("/auth-basic"), DEFAULT_PRIORITY, &d));
     r->SetLoadFlags(LOAD_VALIDATE_CACHE);
     r->Start();
@@ -7155,7 +7150,7 @@ TEST_F(URLRequestTestHTTP, BasicAuthWithCookies) {
     TestDelegate d;
     d.set_credentials(AuthCredentials(kUser, kSecret));
 
-    scoped_ptr<URLRequest> r(
+    std::unique_ptr<URLRequest> r(
         context.CreateRequest(url_requiring_auth, DEFAULT_PRIORITY, &d));
     r->Start();
 
@@ -7183,7 +7178,7 @@ TEST_F(URLRequestTestHTTP, BasicAuthWithCookies) {
     replacements.SetPasswordStr("secret");
     GURL url_with_identity = url_requiring_auth.ReplaceComponents(replacements);
 
-    scoped_ptr<URLRequest> r(
+    std::unique_ptr<URLRequest> r(
         context.CreateRequest(url_with_identity, DEFAULT_PRIORITY, &d));
     r->Start();
 
@@ -7206,7 +7201,7 @@ TEST_F(URLRequestTestHTTP, BasicAuthLoadTiming) {
     TestDelegate d;
     d.set_credentials(AuthCredentials(kUser, kSecret));
 
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         http_test_server()->GetURL("/auth-basic"), DEFAULT_PRIORITY, &d));
     r->Start();
 
@@ -7238,7 +7233,7 @@ TEST_F(URLRequestTestHTTP, BasicAuthLoadTiming) {
     TestDelegate d;
     d.set_credentials(AuthCredentials(kUser, kSecret));
 
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         http_test_server()->GetURL("/auth-basic"), DEFAULT_PRIORITY, &d));
     r->SetLoadFlags(LOAD_VALIDATE_CACHE);
     r->Start();
@@ -7268,7 +7263,7 @@ TEST_F(URLRequestTestHTTP, Post302RedirectGet) {
   const char kData[] = "hello world";
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+  std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
       http_test_server()->GetURL("/redirect-to-echoall"), DEFAULT_PRIORITY,
       &d));
   req->set_method("POST");
@@ -7408,7 +7403,7 @@ TEST_F(URLRequestTestHTTP, NoRedirectOn308WithoutLocationHeader) {
   TestDelegate d;
   const GURL url = http_test_server()->GetURL("/308-without-location-header");
 
-  scoped_ptr<URLRequest> request(
+  std::unique_ptr<URLRequest> request(
       default_context_.CreateRequest(url, DEFAULT_PRIORITY, &d));
 
   request->Start();
@@ -7429,7 +7424,7 @@ TEST_F(URLRequestTestHTTP, Redirect302PreserveReferenceFragment) {
 
   TestDelegate d;
   {
-    scoped_ptr<URLRequest> r(
+    std::unique_ptr<URLRequest> r(
         default_context_.CreateRequest(original_url, DEFAULT_PRIORITY, &d));
 
     r->Start();
@@ -7451,7 +7446,7 @@ TEST_F(URLRequestTestHTTP, RedirectPreserveFirstPartyURL) {
 
   TestDelegate d;
   {
-    scoped_ptr<URLRequest> r(
+    std::unique_ptr<URLRequest> r(
         default_context_.CreateRequest(url, DEFAULT_PRIORITY, &d));
     r->set_first_party_for_cookies(first_party_url);
 
@@ -7474,7 +7469,7 @@ TEST_F(URLRequestTestHTTP, RedirectUpdateFirstPartyURL) {
 
   TestDelegate d;
   {
-    scoped_ptr<URLRequest> r(
+    std::unique_ptr<URLRequest> r(
         default_context_.CreateRequest(url, DEFAULT_PRIORITY, &d));
     r->set_first_party_for_cookies(original_first_party_url);
     r->set_first_party_url_policy(
@@ -7496,7 +7491,7 @@ TEST_F(URLRequestTestHTTP, InterceptPost302RedirectGet) {
   const char kData[] = "hello world";
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+  std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
       http_test_server()->GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d));
   req->set_method("POST");
   req->set_upload(CreateSimpleUploadData(kData));
@@ -7505,7 +7500,7 @@ TEST_F(URLRequestTestHTTP, InterceptPost302RedirectGet) {
                     base::SizeTToString(arraysize(kData) - 1));
   req->SetExtraRequestHeaders(headers);
 
-  scoped_ptr<URLRequestRedirectJob> job(new URLRequestRedirectJob(
+  std::unique_ptr<URLRequestRedirectJob> job(new URLRequestRedirectJob(
       req.get(), &default_network_delegate_,
       http_test_server()->GetURL("/echo"),
       URLRequestRedirectJob::REDIRECT_302_FOUND, "Very Good Reason"));
@@ -7522,7 +7517,7 @@ TEST_F(URLRequestTestHTTP, InterceptPost307RedirectPost) {
   const char kData[] = "hello world";
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+  std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
       http_test_server()->GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d));
   req->set_method("POST");
   req->set_upload(CreateSimpleUploadData(kData));
@@ -7531,7 +7526,7 @@ TEST_F(URLRequestTestHTTP, InterceptPost307RedirectPost) {
                     base::SizeTToString(arraysize(kData) - 1));
   req->SetExtraRequestHeaders(headers);
 
-  scoped_ptr<URLRequestRedirectJob> job(new URLRequestRedirectJob(
+  std::unique_ptr<URLRequestRedirectJob> job(new URLRequestRedirectJob(
       req.get(), &default_network_delegate_,
       http_test_server()->GetURL("/echo"),
       URLRequestRedirectJob::REDIRECT_307_TEMPORARY_REDIRECT,
@@ -7556,7 +7551,7 @@ TEST_F(URLRequestTestHTTP, DefaultAcceptLanguage) {
   context.Init();
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(context.CreateRequest(
+  std::unique_ptr<URLRequest> req(context.CreateRequest(
       http_test_server()->GetURL("/echoheader?Accept-Language"),
       DEFAULT_PRIORITY, &d));
   req->Start();
@@ -7579,7 +7574,7 @@ TEST_F(URLRequestTestHTTP, EmptyAcceptLanguage) {
   context.set_http_user_agent_settings(&settings);
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(context.CreateRequest(
+  std::unique_ptr<URLRequest> req(context.CreateRequest(
       http_test_server()->GetURL("/echoheader?Accept-Language"),
       DEFAULT_PRIORITY, &d));
   req->Start();
@@ -7593,7 +7588,7 @@ TEST_F(URLRequestTestHTTP, OverrideAcceptLanguage) {
   ASSERT_TRUE(http_test_server()->Start());
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+  std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
       http_test_server()->GetURL("/echoheader?Accept-Language"),
       DEFAULT_PRIORITY, &d));
   HttpRequestHeaders headers;
@@ -7609,7 +7604,7 @@ TEST_F(URLRequestTestHTTP, DefaultAcceptEncoding) {
   ASSERT_TRUE(http_test_server()->Start());
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+  std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
       http_test_server()->GetURL("/echoheader?Accept-Encoding"),
       DEFAULT_PRIORITY, &d));
   HttpRequestHeaders headers;
@@ -7625,7 +7620,7 @@ TEST_F(URLRequestTestHTTP, OverrideAcceptEncoding) {
   ASSERT_TRUE(http_test_server()->Start());
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+  std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
       http_test_server()->GetURL("/echoheader?Accept-Encoding"),
       DEFAULT_PRIORITY, &d));
   HttpRequestHeaders headers;
@@ -7642,7 +7637,7 @@ TEST_F(URLRequestTestHTTP, SetAcceptCharset) {
   ASSERT_TRUE(http_test_server()->Start());
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+  std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
       http_test_server()->GetURL("/echoheader?Accept-Charset"),
       DEFAULT_PRIORITY, &d));
   HttpRequestHeaders headers;
@@ -7658,7 +7653,7 @@ TEST_F(URLRequestTestHTTP, DefaultUserAgent) {
   ASSERT_TRUE(http_test_server()->Start());
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+  std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
       http_test_server()->GetURL("/echoheader?User-Agent"), DEFAULT_PRIORITY,
       &d));
   req->Start();
@@ -7679,7 +7674,7 @@ TEST_F(URLRequestTestHTTP, MAYBE_OverrideUserAgent) {
   ASSERT_TRUE(http_test_server()->Start());
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+  std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
       http_test_server()->GetURL("/echoheader?User-Agent"), DEFAULT_PRIORITY,
       &d));
   HttpRequestHeaders headers;
@@ -7713,7 +7708,7 @@ TEST_F(URLRequestTestHTTP, EmptyHttpUserAgentSettings) {
 
   for (size_t i = 0; i < arraysize(tests); i++) {
     TestDelegate d;
-    scoped_ptr<URLRequest> req(context.CreateRequest(
+    std::unique_ptr<URLRequest> req(context.CreateRequest(
         http_test_server()->GetURL(tests[i].request), DEFAULT_PRIORITY, &d));
     req->Start();
     base::RunLoop().Run();
@@ -7728,11 +7723,11 @@ TEST_F(URLRequestTestHTTP, SetSubsequentJobPriority) {
   ASSERT_TRUE(http_test_server()->Start());
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+  std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
       http_test_server()->GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d));
   EXPECT_EQ(DEFAULT_PRIORITY, req->priority());
 
-  scoped_ptr<URLRequestRedirectJob> redirect_job(new URLRequestRedirectJob(
+  std::unique_ptr<URLRequestRedirectJob> redirect_job(new URLRequestRedirectJob(
       req.get(), &default_network_delegate_,
       http_test_server()->GetURL("/echo"),
       URLRequestRedirectJob::REDIRECT_302_FOUND, "Very Good Reason"));
@@ -7743,7 +7738,7 @@ TEST_F(URLRequestTestHTTP, SetSubsequentJobPriority) {
   EXPECT_TRUE(req->is_pending());
 
   RequestPriority job_priority;
-  scoped_ptr<URLRequestJob> job(new PriorityMonitoringURLRequestJob(
+  std::unique_ptr<URLRequestJob> job(new PriorityMonitoringURLRequestJob(
       req.get(), &default_network_delegate_, &job_priority));
   AddTestInterceptor()->set_main_intercept_job(std::move(job));
 
@@ -7757,7 +7752,7 @@ TEST_F(URLRequestTestHTTP, SetSubsequentJobPriority) {
 // does not return an HttpTransaction.
 TEST_F(URLRequestTestHTTP, NetworkSuspendTest) {
   // Create a new HttpNetworkLayer that thinks it's suspended.
-  scoped_ptr<HttpNetworkLayer> network_layer(new HttpNetworkLayer(
+  std::unique_ptr<HttpNetworkLayer> network_layer(new HttpNetworkLayer(
       default_context_.http_transaction_factory()->GetSession()));
   network_layer->OnSuspend();
 
@@ -7769,7 +7764,7 @@ TEST_F(URLRequestTestHTTP, NetworkSuspendTest) {
   context.Init();
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(
+  std::unique_ptr<URLRequest> req(
       context.CreateRequest(GURL("http://127.0.0.1/"), DEFAULT_PRIORITY, &d));
   req->Start();
   base::RunLoop().Run();
@@ -7791,7 +7786,7 @@ class FailingHttpTransactionFactory : public HttpTransactionFactory {
 
   // HttpTransactionFactory methods:
   int CreateTransaction(RequestPriority priority,
-                        scoped_ptr<HttpTransaction>* trans) override {
+                        std::unique_ptr<HttpTransaction>* trans) override {
     return ERR_FAILED;
   }
 
@@ -7823,7 +7818,7 @@ TEST_F(URLRequestTestHTTP, NetworkCancelAfterCreateTransactionFailsTest) {
   context.Init();
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(
+  std::unique_ptr<URLRequest> req(
       context.CreateRequest(GURL("http://127.0.0.1/"), DEFAULT_PRIORITY, &d));
   // Don't send cookies (Collecting cookies is asynchronous, and need request to
   // try to create an HttpNetworkTransaction synchronously on start).
@@ -7848,7 +7843,7 @@ TEST_F(URLRequestTestHTTP, NetworkAccessedSetOnNetworkRequest) {
 
   TestDelegate d;
   GURL test_url(http_test_server()->GetURL("/"));
-  scoped_ptr<URLRequest> req(
+  std::unique_ptr<URLRequest> req(
       default_context_.CreateRequest(test_url, DEFAULT_PRIORITY, &d));
 
   req->Start();
@@ -7862,7 +7857,7 @@ TEST_F(URLRequestTestHTTP, NetworkAccessedClearOnCachedResponse) {
 
   // Populate the cache.
   TestDelegate d;
-  scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+  std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
       http_test_server()->GetURL("/cachetime"), DEFAULT_PRIORITY, &d));
   req->Start();
   base::RunLoop().Run();
@@ -7886,7 +7881,7 @@ TEST_F(URLRequestTestHTTP, NetworkAccessedClearOnLoadOnlyFromCache) {
 
   TestDelegate d;
   GURL test_url(http_test_server()->GetURL("/"));
-  scoped_ptr<URLRequest> req(
+  std::unique_ptr<URLRequest> req(
       default_context_.CreateRequest(test_url, DEFAULT_PRIORITY, &d));
   req->SetLoadFlags(LOAD_ONLY_FROM_CACHE);
 
@@ -7907,7 +7902,7 @@ class URLRequestInterceptorTestHTTP : public URLRequestTestHTTP {
   void SetUpFactory() override {
     interceptor_ = new MockURLRequestInterceptor();
     job_factory_.reset(new URLRequestInterceptingJobFactory(
-        std::move(job_factory_), make_scoped_ptr(interceptor_)));
+        std::move(job_factory_), base::WrapUnique(interceptor_)));
   }
 
   MockURLRequestInterceptor* interceptor() const {
@@ -7927,7 +7922,7 @@ TEST_F(URLRequestInterceptorTestHTTP,
   ASSERT_TRUE(http_test_server()->Start());
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(default_context().CreateRequest(
+  std::unique_ptr<URLRequest> req(default_context().CreateRequest(
       http_test_server()->GetURL("/redirect-test.html"), DEFAULT_PRIORITY, &d));
   req->Start();
   base::RunLoop().Run();
@@ -7958,7 +7953,7 @@ TEST_F(URLRequestInterceptorTestHTTP,
   ASSERT_TRUE(http_test_server()->Start());
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(default_context().CreateRequest(
+  std::unique_ptr<URLRequest> req(default_context().CreateRequest(
       http_test_server()->GetURL("/two-content-lengths.html"), DEFAULT_PRIORITY,
       &d));
   req->set_method("GET");
@@ -7991,7 +7986,7 @@ TEST_F(URLRequestInterceptorTestHTTP,
   ASSERT_TRUE(http_test_server()->Start());
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(default_context().CreateRequest(
+  std::unique_ptr<URLRequest> req(default_context().CreateRequest(
       http_test_server()->GetURL("/simple.html"), DEFAULT_PRIORITY, &d));
   req->set_method("GET");
   req->Start();
@@ -8061,7 +8056,7 @@ class URLRequestTestReferrerPolicy : public URLRequestTest {
         origin_server_->GetURL("/server-redirect?" + destination_url.spec());
 
     TestDelegate d;
-    scoped_ptr<URLRequest> req(
+    std::unique_ptr<URLRequest> req(
         default_context_.CreateRequest(origin_url, DEFAULT_PRIORITY, &d));
     req->set_referrer_policy(policy);
     req->SetReferrer(referrer.spec());
@@ -8084,8 +8079,8 @@ class URLRequestTestReferrerPolicy : public URLRequestTest {
   EmbeddedTestServer* origin_server() const { return origin_server_.get(); }
 
  private:
-  scoped_ptr<EmbeddedTestServer> origin_server_;
-  scoped_ptr<EmbeddedTestServer> destination_server_;
+  std::unique_ptr<EmbeddedTestServer> origin_server_;
+  std::unique_ptr<EmbeddedTestServer> destination_server_;
 };
 
 TEST_F(URLRequestTestReferrerPolicy, HTTPToSameOriginHTTP) {
@@ -8249,7 +8244,7 @@ TEST_F(HTTPSRequestTest, HTTPSGetTest) {
 
   TestDelegate d;
   {
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         test_server.GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d));
     r->Start();
     EXPECT_TRUE(r->is_pending());
@@ -8279,7 +8274,7 @@ TEST_F(HTTPSRequestTest, HTTPSMismatchedTest) {
     TestDelegate d;
     {
       d.set_allow_certificate_errors(err_allowed);
-      scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+      std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
           test_server.GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d));
 
       r->Start();
@@ -8314,7 +8309,7 @@ TEST_F(HTTPSRequestTest, HTTPSExpiredTest) {
     TestDelegate d;
     {
       d.set_allow_certificate_errors(err_allowed);
-      scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+      std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
           test_server.GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d));
 
       r->Start();
@@ -8362,7 +8357,7 @@ TEST_F(HTTPSRequestTest, HTTPSPreloadedHSTSTest) {
   context.Init();
 
   TestDelegate d;
-  scoped_ptr<URLRequest> r(context.CreateRequest(
+  std::unique_ptr<URLRequest> r(context.CreateRequest(
       GURL(base::StringPrintf("https://www.google.com:%d",
                               test_server.host_port_pair().port())),
       DEFAULT_PRIORITY, &d));
@@ -8415,7 +8410,7 @@ TEST_F(HTTPSRequestTest, HTTPSErrorsNoClobberTSSTest) {
                                                            &dynamic_pkp_state));
 
   TestDelegate d;
-  scoped_ptr<URLRequest> r(context.CreateRequest(
+  std::unique_ptr<URLRequest> r(context.CreateRequest(
       GURL(base::StringPrintf("https://www.google.com:%d",
                               test_server.host_port_pair().port())),
       DEFAULT_PRIORITY, &d));
@@ -8447,10 +8442,9 @@ TEST_F(HTTPSRequestTest, HTTPSErrorsNoClobberTSSTest) {
             static_sts_state.include_subdomains);
   EXPECT_EQ(new_static_pkp_state.include_subdomains,
             static_pkp_state.include_subdomains);
-  EXPECT_TRUE(FingerprintsEqual(new_static_pkp_state.spki_hashes,
-                                static_pkp_state.spki_hashes));
-  EXPECT_TRUE(FingerprintsEqual(new_static_pkp_state.bad_spki_hashes,
-                                static_pkp_state.bad_spki_hashes));
+  EXPECT_EQ(new_static_pkp_state.spki_hashes, static_pkp_state.spki_hashes);
+  EXPECT_EQ(new_static_pkp_state.bad_spki_hashes,
+            static_pkp_state.bad_spki_hashes);
 }
 
 // Make sure HSTS preserves a POST request's method and body.
@@ -8489,7 +8483,7 @@ TEST_F(HTTPSRequestTest, HSTSPreservesPosts) {
   // cause a certificate error.  Ignore the error.
   d.set_allow_certificate_errors(true);
 
-  scoped_ptr<URLRequest> req(context.CreateRequest(
+  std::unique_ptr<URLRequest> req(context.CreateRequest(
       GURL(base::StringPrintf("http://www.somewhere.com:%d/echo",
                               test_server.host_port_pair().port())),
       DEFAULT_PRIORITY, &d));
@@ -8551,7 +8545,7 @@ TEST_F(HTTPSRequestTest, HSTSCrossOriginAddHeaders) {
   // Quit on redirect to allow response header inspection upon redirect.
   d.set_quit_on_redirect(true);
 
-  scoped_ptr<URLRequest> req(
+  std::unique_ptr<URLRequest> req(
       context.CreateRequest(hsts_http_url, DEFAULT_PRIORITY, &d));
   // Set Origin header to simulate a cross-origin request.
   HttpRequestHeaders request_headers;
@@ -8588,7 +8582,7 @@ TEST(WebSocketURLRequestTest, HSTSApplied) {
   context.Init();
   GURL ws_url("ws://example.net/echo");
   TestDelegate delegate;
-  scoped_ptr<URLRequest> request(
+  std::unique_ptr<URLRequest> request(
       context.CreateRequest(ws_url, DEFAULT_PRIORITY, &delegate));
   EXPECT_TRUE(request->GetHSTSRedirect(&ws_url));
   EXPECT_TRUE(ws_url.SchemeIs("wss"));
@@ -8631,7 +8625,7 @@ TEST_F(HTTPSRequestTest, ClientAuthTest) {
 
   SSLClientAuthTestDelegate d;
   {
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         test_server.GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d));
 
     r->Start();
@@ -8671,7 +8665,7 @@ TEST_F(HTTPSRequestTest, ResumeTest) {
 
   {
     TestDelegate d;
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         test_server.GetURL("ssl-session-cache"), DEFAULT_PRIORITY, &d));
 
     r->Start();
@@ -8687,7 +8681,7 @@ TEST_F(HTTPSRequestTest, ResumeTest) {
 
   {
     TestDelegate d;
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         test_server.GetURL("ssl-session-cache"), DEFAULT_PRIORITY, &d));
 
     r->Start();
@@ -8762,7 +8756,7 @@ TEST_F(HTTPSRequestTest, SSLSessionCacheShardTest) {
 
   {
     TestDelegate d;
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         test_server.GetURL("ssl-session-cache"), DEFAULT_PRIORITY, &d));
 
     r->Start();
@@ -8785,14 +8779,14 @@ TEST_F(HTTPSRequestTest, SSLSessionCacheShardTest) {
   params.http_server_properties = default_context_.http_server_properties();
 
   HttpNetworkSession network_session(params);
-  scoped_ptr<HttpCache> cache(new HttpCache(
+  std::unique_ptr<HttpCache> cache(new HttpCache(
       &network_session, HttpCache::DefaultBackend::InMemory(0), false));
 
   default_context_.set_http_transaction_factory(cache.get());
 
   {
     TestDelegate d;
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         test_server.GetURL("ssl-session-cache"), DEFAULT_PRIORITY, &d));
 
     r->Start();
@@ -8840,7 +8834,7 @@ TEST_F(HTTPSRequestTest, DisableECDSAOnXP) {
   ASSERT_TRUE(test_server.Start());
 
   TestDelegate d;
-  scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+  std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
       test_server.GetURL("/client-cipher-list"), DEFAULT_PRIORITY, &d));
   r->Start();
   EXPECT_TRUE(r->is_pending());
@@ -8924,7 +8918,7 @@ class HTTPSFallbackTest : public testing::Test {
  private:
   TestDelegate delegate_;
   FallbackTestURLRequestContext context_;
-  scoped_ptr<URLRequest> request_;
+  std::unique_ptr<URLRequest> request_;
 };
 
 // Tests the TLS 1.0 fallback doesn't happen.
@@ -9066,7 +9060,7 @@ TEST_F(HTTPSRequestTest, FallbackProbeNoCache) {
     FallbackTestURLRequestContext context(true);
 
     context.Init();
-    scoped_ptr<URLRequest> request(context.CreateRequest(
+    std::unique_ptr<URLRequest> request(context.CreateRequest(
         test_server.GetURL("/"), DEFAULT_PRIORITY, &delegate));
     request->Start();
 
@@ -9086,7 +9080,7 @@ TEST_F(HTTPSRequestTest, FallbackProbeNoCache) {
     context.set_fallback_min_version(SSL_PROTOCOL_VERSION_TLS1_1);
 
     context.Init();
-    scoped_ptr<URLRequest> request(context.CreateRequest(
+    std::unique_ptr<URLRequest> request(context.CreateRequest(
         test_server.GetURL("ssl-session-cache"), DEFAULT_PRIORITY, &delegate));
     request->Start();
 
@@ -9141,7 +9135,7 @@ TEST_F(HTTPSSessionTest, DontResumeSessionsForInvalidCertificates) {
   cert_verifier_.set_default_result(ERR_CERT_DATE_INVALID);
   {
     TestDelegate d;
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         test_server.GetURL("ssl-session-cache"), DEFAULT_PRIORITY, &d));
 
     r->Start();
@@ -9160,7 +9154,7 @@ TEST_F(HTTPSSessionTest, DontResumeSessionsForInvalidCertificates) {
   cert_verifier_.set_default_result(OK);
   {
     TestDelegate d;
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         test_server.GetURL("ssl-session-cache"), DEFAULT_PRIORITY, &d));
 
     r->Start();
@@ -9224,7 +9218,7 @@ class HTTPSOCSPTest : public HTTPSRequestTest {
     CHECK_NE(static_cast<X509Certificate*>(NULL), root_cert.get());
     test_root_.reset(new ScopedTestRoot(root_cert.get()));
 
-#if defined(USE_NSS_VERIFIER)
+#if defined(USE_NSS_CERTS)
     SetURLRequestContextForNSSHttpIO(&context_);
     EnsureNSSHttpIOInit();
 #endif
@@ -9242,7 +9236,7 @@ class HTTPSOCSPTest : public HTTPSRequestTest {
 
     TestDelegate d;
     d.set_allow_certificate_errors(true);
-    scoped_ptr<URLRequest> r(
+    std::unique_ptr<URLRequest> r(
         context_.CreateRequest(test_server.GetURL("/"), DEFAULT_PRIORITY, &d));
     r->Start();
 
@@ -9253,7 +9247,7 @@ class HTTPSOCSPTest : public HTTPSRequestTest {
   }
 
   ~HTTPSOCSPTest() override {
-#if defined(USE_NSS_VERIFIER)
+#if defined(USE_NSS_CERTS)
     ShutdownNSSHttpIO();
 #endif
   }
@@ -9270,9 +9264,9 @@ class HTTPSOCSPTest : public HTTPSRequestTest {
         false /* token binding enabled */));
   }
 
-  scoped_ptr<ScopedTestRoot> test_root_;
+  std::unique_ptr<ScopedTestRoot> test_root_;
   TestURLRequestContext context_;
-  scoped_ptr<ScopedTestEVPolicy> ev_test_policy_;
+  std::unique_ptr<ScopedTestEVPolicy> ev_test_policy_;
 };
 
 static CertStatus ExpectedCertStatusForFailedOnlineRevocationCheck() {
@@ -9293,7 +9287,7 @@ static CertStatus ExpectedCertStatusForFailedOnlineRevocationCheck() {
 // If it does not, then tests which rely on 'hard fail' behaviour should be
 // skipped.
 static bool SystemSupportsHardFailRevocationChecking() {
-#if defined(OS_WIN) || defined(USE_NSS_VERIFIER)
+#if defined(OS_WIN) || defined(USE_NSS_CERTS)
   return true;
 #else
   return false;
@@ -9332,7 +9326,7 @@ static bool SystemSupportsOCSP() {
 }
 
 static bool SystemSupportsOCSPStapling() {
-#if defined(USE_NSS_VERIFIER)
+#if defined(USE_NSS_CERTS)
   return true;
 #elif defined(OS_WIN)
   return base::win::GetVersion() >= base::win::VERSION_VISTA;
@@ -9752,7 +9746,7 @@ class URLRequestTestFTP : public URLRequestTest {
     // Add FTP support to the default URLRequestContext.
     job_factory_impl_->SetProtocolHandler(
         "ftp",
-        make_scoped_ptr(new FtpProtocolHandler(&ftp_transaction_factory_)));
+        base::WrapUnique(new FtpProtocolHandler(&ftp_transaction_factory_)));
   }
 
   std::string GetTestFileContents() {
@@ -9778,7 +9772,7 @@ TEST_F(URLRequestTestFTP, UnsafePort) {
 
   TestDelegate d;
   {
-    scoped_ptr<URLRequest> r(
+    std::unique_ptr<URLRequest> r(
         default_context_.CreateRequest(url, DEFAULT_PRIORITY, &d));
     r->Start();
     EXPECT_TRUE(r->is_pending());
@@ -9796,7 +9790,7 @@ TEST_F(URLRequestTestFTP, FTPDirectoryListing) {
 
   TestDelegate d;
   {
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         ftp_test_server_.GetURL("/"), DEFAULT_PRIORITY, &d));
     r->Start();
     EXPECT_TRUE(r->is_pending());
@@ -9819,7 +9813,7 @@ TEST_F(URLRequestTestFTP, FTPGetTestAnonymous) {
 
   TestDelegate d;
   {
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         ftp_test_server_.GetURL(kFtpTestFile), DEFAULT_PRIORITY, &d));
     r->Start();
     EXPECT_TRUE(r->is_pending());
@@ -9842,7 +9836,7 @@ TEST_F(URLRequestTestFTP, FTPGetTest) {
 
   TestDelegate d;
   {
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         ftp_test_server_.GetURLWithUserAndPassword(kFtpTestFile, "chrome",
                                                    "chrome"),
         DEFAULT_PRIORITY, &d));
@@ -9871,7 +9865,7 @@ TEST_F(URLRequestTestFTP, FTPCheckWrongPassword) {
 
   TestDelegate d;
   {
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         ftp_test_server_.GetURLWithUserAndPassword(kFtpTestFile, "chrome",
                                                    "wrong_password"),
         DEFAULT_PRIORITY, &d));
@@ -9895,7 +9889,7 @@ TEST_F(URLRequestTestFTP, FTPCheckWrongPasswordRestart) {
   // the initial login with wrong credentials will fail.
   d.set_credentials(AuthCredentials(kChrome, kChrome));
   {
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         ftp_test_server_.GetURLWithUserAndPassword(kFtpTestFile, "chrome",
                                                    "wrong_password"),
         DEFAULT_PRIORITY, &d));
@@ -9916,7 +9910,7 @@ TEST_F(URLRequestTestFTP, FTPCheckWrongUser) {
 
   TestDelegate d;
   {
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         ftp_test_server_.GetURLWithUserAndPassword(kFtpTestFile, "wrong_user",
                                                    "chrome"),
         DEFAULT_PRIORITY, &d));
@@ -9940,7 +9934,7 @@ TEST_F(URLRequestTestFTP, FTPCheckWrongUserRestart) {
   // the initial login with wrong credentials will fail.
   d.set_credentials(AuthCredentials(kChrome, kChrome));
   {
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         ftp_test_server_.GetURLWithUserAndPassword(kFtpTestFile, "wrong_user",
                                                    "chrome"),
         DEFAULT_PRIORITY, &d));
@@ -9959,10 +9953,10 @@ TEST_F(URLRequestTestFTP, FTPCheckWrongUserRestart) {
 TEST_F(URLRequestTestFTP, FTPCacheURLCredentials) {
   ASSERT_TRUE(ftp_test_server_.Start());
 
-  scoped_ptr<TestDelegate> d(new TestDelegate);
+  std::unique_ptr<TestDelegate> d(new TestDelegate);
   {
     // Pass correct login identity in the URL.
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         ftp_test_server_.GetURLWithUserAndPassword(kFtpTestFile, "chrome",
                                                    "chrome"),
         DEFAULT_PRIORITY, d.get()));
@@ -9980,7 +9974,7 @@ TEST_F(URLRequestTestFTP, FTPCacheURLCredentials) {
   d.reset(new TestDelegate);
   {
     // This request should use cached identity from previous request.
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         ftp_test_server_.GetURL(kFtpTestFile), DEFAULT_PRIORITY, d.get()));
     r->Start();
     EXPECT_TRUE(r->is_pending());
@@ -9997,12 +9991,12 @@ TEST_F(URLRequestTestFTP, FTPCacheURLCredentials) {
 TEST_F(URLRequestTestFTP, FTPCacheLoginBoxCredentials) {
   ASSERT_TRUE(ftp_test_server_.Start());
 
-  scoped_ptr<TestDelegate> d(new TestDelegate);
+  std::unique_ptr<TestDelegate> d(new TestDelegate);
   // Set correct login credentials. The delegate will be asked for them when
   // the initial login with wrong credentials will fail.
   d->set_credentials(AuthCredentials(kChrome, kChrome));
   {
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         ftp_test_server_.GetURLWithUserAndPassword(kFtpTestFile, "chrome",
                                                    "wrong_password"),
         DEFAULT_PRIORITY, d.get()));
@@ -10023,7 +10017,7 @@ TEST_F(URLRequestTestFTP, FTPCacheLoginBoxCredentials) {
   {
     // Don't pass wrong credentials in the URL, they would override valid cached
     // ones.
-    scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+    std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         ftp_test_server_.GetURL(kFtpTestFile), DEFAULT_PRIORITY, d.get()));
     r->Start();
     EXPECT_TRUE(r->is_pending());
@@ -10040,7 +10034,7 @@ TEST_F(URLRequestTestFTP, FTPCacheLoginBoxCredentials) {
 
 TEST_F(URLRequestTest, NetworkAccessedClearBeforeNetworkStart) {
   TestDelegate d;
-  scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+  std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
       GURL("http://test_intercept/foo"), DEFAULT_PRIORITY, &d));
   d.set_quit_on_network_start(true);
 
@@ -10059,7 +10053,7 @@ TEST_F(URLRequestTest, NetworkAccessedClearBeforeNetworkStart) {
 
 TEST_F(URLRequestTest, NetworkAccessedClearOnDataRequest) {
   TestDelegate d;
-  scoped_ptr<URLRequest> req(
+  std::unique_ptr<URLRequest> req(
       default_context_.CreateRequest(GURL("data:,"), DEFAULT_PRIORITY, &d));
 
   EXPECT_FALSE(req->response_info().network_accessed);
@@ -10081,7 +10075,7 @@ TEST_F(URLRequestTest, NetworkAccessedSetOnHostResolutionFailure) {
   context.Init();
 
   TestDelegate d;
-  scoped_ptr<URLRequest> req(context.CreateRequest(
+  std::unique_ptr<URLRequest> req(context.CreateRequest(
       GURL("http://test_intercept/foo"), DEFAULT_PRIORITY, &d));
 
   EXPECT_FALSE(req->response_info().network_accessed);
@@ -10095,10 +10089,10 @@ TEST_F(URLRequestTest, NetworkAccessedSetOnHostResolutionFailure) {
 // See http://crbug.com/508900
 TEST_F(URLRequestTest, URLRequestRedirectJobCancelRequest) {
   TestDelegate d;
-  scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+  std::unique_ptr<URLRequest> req(default_context_.CreateRequest(
       GURL("http://not-a-real-domain/"), DEFAULT_PRIORITY, &d));
 
-  scoped_ptr<URLRequestRedirectJob> job(new URLRequestRedirectJob(
+  std::unique_ptr<URLRequestRedirectJob> job(new URLRequestRedirectJob(
       req.get(), &default_network_delegate_,
       GURL("http://this-should-never-be-navigated-to/"),
       URLRequestRedirectJob::REDIRECT_307_TEMPORARY_REDIRECT, "Jumbo shrimp"));
diff --git a/chromium/net/url_request/view_cache_helper.h b/chromium/net/url_request/view_cache_helper.h
index 4ab0031fe42..89183e3cafb 100644
--- a/chromium/net/url_request/view_cache_helper.h
+++ b/chromium/net/url_request/view_cache_helper.h
@@ -101,7 +101,7 @@ class NET_EXPORT ViewCacheHelper {
   const URLRequestContext* context_;
   disk_cache::Backend* disk_cache_;
   disk_cache::Entry* entry_;
-  scoped_ptr<disk_cache::Backend::Iterator> iter_;
+  std::unique_ptr<disk_cache::Backend::Iterator> iter_;
   scoped_refptr<IOBuffer> buf_;
   int buf_len_;
   int index_;
diff --git a/chromium/net/url_request/view_cache_helper_unittest.cc b/chromium/net/url_request/view_cache_helper_unittest.cc
index 96717006259..e21e05ef4ed 100644
--- a/chromium/net/url_request/view_cache_helper_unittest.cc
+++ b/chromium/net/url_request/view_cache_helper_unittest.cc
@@ -4,6 +4,7 @@
 
 #include "net/url_request/view_cache_helper.h"
 
+#include "base/memory/ptr_util.h"
 #include "base/pickle.h"
 #include "net/base/net_errors.h"
 #include "net/base/test_completion_callback.h"
@@ -31,7 +32,7 @@ class TestURLRequestContext : public URLRequestContext {
 };
 
 TestURLRequestContext::TestURLRequestContext()
-    : cache_(make_scoped_ptr(new MockNetworkLayer()),
+    : cache_(base::WrapUnique(new MockNetworkLayer()),
              HttpCache::DefaultBackend::InMemory(0),
              true) {
   set_http_transaction_factory(&cache_);
diff --git a/chromium/net/websockets/websocket_basic_handshake_stream.cc b/chromium/net/websockets/websocket_basic_handshake_stream.cc
index aee33673f00..64f1db68f69 100644
--- a/chromium/net/websockets/websocket_basic_handshake_stream.cc
+++ b/chromium/net/websockets/websocket_basic_handshake_stream.cc
@@ -9,13 +9,13 @@
 #include <iterator>
 #include <set>
 #include <string>
+#include <unordered_set>
 #include <utility>
 #include <vector>
 
 #include "base/base64.h"
 #include "base/bind.h"
 #include "base/compiler_specific.h"
-#include "base/containers/hash_tables.h"
 #include "base/logging.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/metrics/sparse_histogram.h"
@@ -187,8 +187,8 @@ bool ValidateSubProtocol(
     std::string* failure_message) {
   size_t iter = 0;
   std::string value;
-  base::hash_set<std::string> requested_set(requested_sub_protocols.begin(),
-                                            requested_sub_protocols.end());
+  std::unordered_set<std::string> requested_set(requested_sub_protocols.begin(),
+                                                requested_sub_protocols.end());
   int count = 0;
   bool has_multiple_protocols = false;
   bool has_invalid_protocol = false;
@@ -288,7 +288,7 @@ bool ValidateExtensions(const HttpResponseHeaders* headers,
 }  // namespace
 
 WebSocketBasicHandshakeStream::WebSocketBasicHandshakeStream(
-    scoped_ptr<ClientSocketHandle> connection,
+    std::unique_ptr<ClientSocketHandle> connection,
     WebSocketStream::ConnectDelegate* connect_delegate,
     bool using_proxy,
     std::vector<std::string> requested_sub_protocols,
@@ -355,7 +355,7 @@ int WebSocketBasicHandshakeStream::SendRequest(
       ComputeSecWebSocketAccept(handshake_challenge);
 
   DCHECK(connect_delegate_);
-  scoped_ptr<WebSocketHandshakeRequestInfo> request(
+  std::unique_ptr<WebSocketHandshakeRequestInfo> request(
       new WebSocketHandshakeRequestInfo(url_, base::Time::Now()));
   request->headers.CopyFrom(enriched_headers);
   connect_delegate_->OnStartOpeningHandshake(std::move(request));
@@ -471,16 +471,14 @@ HttpStream* WebSocketBasicHandshakeStream::RenewStreamForAuth() {
   return nullptr;
 }
 
-scoped_ptr<WebSocketStream> WebSocketBasicHandshakeStream::Upgrade() {
+std::unique_ptr<WebSocketStream> WebSocketBasicHandshakeStream::Upgrade() {
   // The HttpStreamParser object has a pointer to our ClientSocketHandle. Make
   // sure it does not touch it again before it is destroyed.
   state_.DeleteParser();
   WebSocketTransportClientSocketPool::UnlockEndpoint(state_.connection());
-  scoped_ptr<WebSocketStream> basic_stream(
-      new WebSocketBasicStream(state_.ReleaseConnection(),
-                               state_.read_buf(),
-                               sub_protocol_,
-                               extensions_));
+  std::unique_ptr<WebSocketStream> basic_stream(
+      new WebSocketBasicStream(state_.ReleaseConnection(), state_.read_buf(),
+                               sub_protocol_, extensions_));
   DCHECK(extension_params_.get());
   if (extension_params_->deflate_enabled) {
     UMA_HISTOGRAM_ENUMERATION(
@@ -488,9 +486,9 @@ scoped_ptr<WebSocketStream> WebSocketBasicHandshakeStream::Upgrade() {
         extension_params_->deflate_parameters.client_context_take_over_mode(),
         WebSocketDeflater::NUM_CONTEXT_TAKEOVER_MODE_TYPES);
 
-    return scoped_ptr<WebSocketStream>(new WebSocketDeflateStream(
+    return std::unique_ptr<WebSocketStream>(new WebSocketDeflateStream(
         std::move(basic_stream), extension_params_->deflate_parameters,
-        scoped_ptr<WebSocketDeflatePredictor>(
+        std::unique_ptr<WebSocketDeflatePredictor>(
             new WebSocketDeflatePredictorImpl)));
   } else {
     return basic_stream;
diff --git a/chromium/net/websockets/websocket_basic_handshake_stream.h b/chromium/net/websockets/websocket_basic_handshake_stream.h
index d39098278f2..dbb847e6c3f 100644
--- a/chromium/net/websockets/websocket_basic_handshake_stream.h
+++ b/chromium/net/websockets/websocket_basic_handshake_stream.h
@@ -7,12 +7,12 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 #include <vector>
 
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 #include "net/http/http_basic_state.h"
 #include "net/websockets/websocket_handshake_stream_base.h"
@@ -32,7 +32,7 @@ class NET_EXPORT_PRIVATE WebSocketBasicHandshakeStream
  public:
   // |connect_delegate| and |failure_message| must out-live this object.
   WebSocketBasicHandshakeStream(
-      scoped_ptr<ClientSocketHandle> connection,
+      std::unique_ptr<ClientSocketHandle> connection,
       WebSocketStream::ConnectDelegate* connect_delegate,
       bool using_proxy,
       std::vector<std::string> requested_sub_protocols,
@@ -77,7 +77,7 @@ class NET_EXPORT_PRIVATE WebSocketBasicHandshakeStream
   // have been received. It creates an appropriate subclass of WebSocketStream
   // depending on what extensions were negotiated. This object is unusable after
   // Upgrade() has been called and should be disposed of as soon as possible.
-  scoped_ptr<WebSocketStream> Upgrade() override;
+  std::unique_ptr<WebSocketStream> Upgrade() override;
 
   // Set the value used for the next Sec-WebSocket-Key header
   // deterministically. The key is only used once, and then discarded.
@@ -118,7 +118,7 @@ class NET_EXPORT_PRIVATE WebSocketBasicHandshakeStream
 
   // The key to be sent in the next Sec-WebSocket-Key header. Usually NULL (the
   // key is generated on the fly).
-  scoped_ptr<std::string> handshake_challenge_for_testing_;
+  std::unique_ptr<std::string> handshake_challenge_for_testing_;
 
   // The required value for the Sec-WebSocket-Accept header.
   std::string handshake_challenge_response_;
@@ -137,7 +137,7 @@ class NET_EXPORT_PRIVATE WebSocketBasicHandshakeStream
 
   // The extension parameters. The class is defined in the implementation file
   // to avoid including extension-related header files here.
-  scoped_ptr<WebSocketExtensionParams> extension_params_;
+  std::unique_ptr<WebSocketExtensionParams> extension_params_;
 
   std::string* failure_message_;
 
diff --git a/chromium/net/websockets/websocket_basic_stream.cc b/chromium/net/websockets/websocket_basic_stream.cc
index c54ef71611e..1c575841938 100644
--- a/chromium/net/websockets/websocket_basic_stream.cc
+++ b/chromium/net/websockets/websocket_basic_stream.cc
@@ -46,7 +46,7 @@ const int kReadBufferSize = 32 * 1024;
 // |frames| will be serialized with mask field. This function forces the
 // masked bit of the frames on.
 int CalculateSerializedSizeAndTurnOnMaskBit(
-    std::vector<scoped_ptr<WebSocketFrame>>* frames) {
+    std::vector<std::unique_ptr<WebSocketFrame>>* frames) {
   const uint64_t kMaximumTotalSize = std::numeric_limits<int>::max();
 
   uint64_t total_size = 0;
@@ -67,7 +67,7 @@ int CalculateSerializedSizeAndTurnOnMaskBit(
 }  // namespace
 
 WebSocketBasicStream::WebSocketBasicStream(
-    scoped_ptr<ClientSocketHandle> connection,
+    std::unique_ptr<ClientSocketHandle> connection,
     const scoped_refptr<GrowableIOBuffer>& http_read_buffer,
     const std::string& sub_protocol,
     const std::string& extensions)
@@ -86,7 +86,7 @@ WebSocketBasicStream::WebSocketBasicStream(
 WebSocketBasicStream::~WebSocketBasicStream() { Close(); }
 
 int WebSocketBasicStream::ReadFrames(
-    std::vector<scoped_ptr<WebSocketFrame>>* frames,
+    std::vector<std::unique_ptr<WebSocketFrame>>* frames,
     const CompletionCallback& callback) {
   DCHECK(frames->empty());
   // If there is data left over after parsing the HTTP headers, attempt to parse
@@ -98,7 +98,7 @@ int WebSocketBasicStream::ReadFrames(
     scoped_refptr<GrowableIOBuffer> buffered_data;
     buffered_data.swap(http_read_buffer_);
     DCHECK(http_read_buffer_.get() == NULL);
-    std::vector<scoped_ptr<WebSocketFrameChunk>> frame_chunks;
+    std::vector<std::unique_ptr<WebSocketFrameChunk>> frame_chunks;
     if (!parser_.Decode(buffered_data->StartOfBuffer(),
                         buffered_data->offset(),
                         &frame_chunks))
@@ -133,7 +133,7 @@ int WebSocketBasicStream::ReadFrames(
 }
 
 int WebSocketBasicStream::WriteFrames(
-    std::vector<scoped_ptr<WebSocketFrame>>* frames,
+    std::vector<std::unique_ptr<WebSocketFrame>>* frames,
     const CompletionCallback& callback) {
   // This function always concatenates all frames into a single buffer.
   // TODO(ricea): Investigate whether it would be better in some cases to
@@ -184,14 +184,14 @@ std::string WebSocketBasicStream::GetSubProtocol() const {
 std::string WebSocketBasicStream::GetExtensions() const { return extensions_; }
 
 /*static*/
-scoped_ptr<WebSocketBasicStream>
+std::unique_ptr<WebSocketBasicStream>
 WebSocketBasicStream::CreateWebSocketBasicStreamForTesting(
-    scoped_ptr<ClientSocketHandle> connection,
+    std::unique_ptr<ClientSocketHandle> connection,
     const scoped_refptr<GrowableIOBuffer>& http_read_buffer,
     const std::string& sub_protocol,
     const std::string& extensions,
     WebSocketMaskingKeyGeneratorFunction key_generator_function) {
-  scoped_ptr<WebSocketBasicStream> stream(new WebSocketBasicStream(
+  std::unique_ptr<WebSocketBasicStream> stream(new WebSocketBasicStream(
       std::move(connection), http_read_buffer, sub_protocol, extensions));
   stream->generate_websocket_masking_key_ = key_generator_function;
   return stream;
@@ -238,14 +238,14 @@ void WebSocketBasicStream::OnWriteComplete(
 
 int WebSocketBasicStream::HandleReadResult(
     int result,
-    std::vector<scoped_ptr<WebSocketFrame>>* frames) {
+    std::vector<std::unique_ptr<WebSocketFrame>>* frames) {
   DCHECK_NE(ERR_IO_PENDING, result);
   DCHECK(frames->empty());
   if (result < 0)
     return result;
   if (result == 0)
     return ERR_CONNECTION_CLOSED;
-  std::vector<scoped_ptr<WebSocketFrameChunk>> frame_chunks;
+  std::vector<std::unique_ptr<WebSocketFrameChunk>> frame_chunks;
   if (!parser_.Decode(read_buffer_->data(), result, &frame_chunks))
     return WebSocketErrorToNetError(parser_.websocket_error());
   if (frame_chunks.empty())
@@ -254,10 +254,10 @@ int WebSocketBasicStream::HandleReadResult(
 }
 
 int WebSocketBasicStream::ConvertChunksToFrames(
-    std::vector<scoped_ptr<WebSocketFrameChunk>>* frame_chunks,
-    std::vector<scoped_ptr<WebSocketFrame>>* frames) {
+    std::vector<std::unique_ptr<WebSocketFrameChunk>>* frame_chunks,
+    std::vector<std::unique_ptr<WebSocketFrame>>* frames) {
   for (size_t i = 0; i < frame_chunks->size(); ++i) {
-    scoped_ptr<WebSocketFrame> frame;
+    std::unique_ptr<WebSocketFrame> frame;
     int result = ConvertChunkToFrame(std::move((*frame_chunks)[i]), &frame);
     if (result != OK)
       return result;
@@ -271,8 +271,8 @@ int WebSocketBasicStream::ConvertChunksToFrames(
 }
 
 int WebSocketBasicStream::ConvertChunkToFrame(
-    scoped_ptr<WebSocketFrameChunk> chunk,
-    scoped_ptr<WebSocketFrame>* frame) {
+    std::unique_ptr<WebSocketFrameChunk> chunk,
+    std::unique_ptr<WebSocketFrame>* frame) {
   DCHECK(frame->get() == NULL);
   bool is_first_chunk = false;
   if (chunk->header) {
@@ -356,10 +356,10 @@ int WebSocketBasicStream::ConvertChunkToFrame(
   return OK;
 }
 
-scoped_ptr<WebSocketFrame> WebSocketBasicStream::CreateFrame(
+std::unique_ptr<WebSocketFrame> WebSocketBasicStream::CreateFrame(
     bool is_final_chunk,
     const scoped_refptr<IOBufferWithSize>& data) {
-  scoped_ptr<WebSocketFrame> result_frame;
+  std::unique_ptr<WebSocketFrame> result_frame;
   const bool is_final_chunk_in_message =
       is_final_chunk && current_frame_header_->final;
   const int data_size = data.get() ? data->size() : 0;
@@ -409,7 +409,7 @@ void WebSocketBasicStream::AddToIncompleteControlFrameBody(
 }
 
 void WebSocketBasicStream::OnReadComplete(
-    std::vector<scoped_ptr<WebSocketFrame>>* frames,
+    std::vector<std::unique_ptr<WebSocketFrame>>* frames,
     const CompletionCallback& callback,
     int result) {
   result = HandleReadResult(result, frames);
diff --git a/chromium/net/websockets/websocket_basic_stream.h b/chromium/net/websockets/websocket_basic_stream.h
index d035639b685..f326d64017e 100644
--- a/chromium/net/websockets/websocket_basic_stream.h
+++ b/chromium/net/websockets/websocket_basic_stream.h
@@ -5,12 +5,12 @@
 #ifndef NET_WEBSOCKETS_WEBSOCKET_BASIC_STREAM_H_
 #define NET_WEBSOCKETS_WEBSOCKET_BASIC_STREAM_H_
 
+#include <memory>
 #include <string>
 #include <vector>
 
 #include "base/callback.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/websockets/websocket_frame_parser.h"
 #include "net/websockets/websocket_stream.h"
 
@@ -32,21 +32,20 @@ class NET_EXPORT_PRIVATE WebSocketBasicStream : public WebSocketStream {
   // This class should not normally be constructed directly; see
   // WebSocketStream::CreateAndConnectStream() and
   // WebSocketBasicHandshakeStream::Upgrade().
-  WebSocketBasicStream(
-      scoped_ptr<ClientSocketHandle> connection,
-      const scoped_refptr<GrowableIOBuffer>& http_read_buffer,
-      const std::string& sub_protocol,
-      const std::string& extensions);
+  WebSocketBasicStream(std::unique_ptr<ClientSocketHandle> connection,
+                       const scoped_refptr<GrowableIOBuffer>& http_read_buffer,
+                       const std::string& sub_protocol,
+                       const std::string& extensions);
 
   // The destructor has to make sure the connection is closed when we finish so
   // that it does not get returned to the pool.
   ~WebSocketBasicStream() override;
 
   // WebSocketStream implementation.
-  int ReadFrames(std::vector<scoped_ptr<WebSocketFrame>>* frames,
+  int ReadFrames(std::vector<std::unique_ptr<WebSocketFrame>>* frames,
                  const CompletionCallback& callback) override;
 
-  int WriteFrames(std::vector<scoped_ptr<WebSocketFrame>>* frames,
+  int WriteFrames(std::vector<std::unique_ptr<WebSocketFrame>>* frames,
                   const CompletionCallback& callback) override;
 
   void Close() override;
@@ -58,8 +57,9 @@ class NET_EXPORT_PRIVATE WebSocketBasicStream : public WebSocketStream {
   ////////////////////////////////////////////////////////////////////////////
   // Methods for testing only.
 
-  static scoped_ptr<WebSocketBasicStream> CreateWebSocketBasicStreamForTesting(
-      scoped_ptr<ClientSocketHandle> connection,
+  static std::unique_ptr<WebSocketBasicStream>
+  CreateWebSocketBasicStreamForTesting(
+      std::unique_ptr<ClientSocketHandle> connection,
       const scoped_refptr<GrowableIOBuffer>& http_read_buffer,
       const std::string& sub_protocol,
       const std::string& extensions,
@@ -79,23 +79,23 @@ class NET_EXPORT_PRIVATE WebSocketBasicStream : public WebSocketStream {
   // Attempts to parse the output of a read as WebSocket frames. On success,
   // returns OK and places the frame(s) in |frames|.
   int HandleReadResult(int result,
-                       std::vector<scoped_ptr<WebSocketFrame>>* frames);
+                       std::vector<std::unique_ptr<WebSocketFrame>>* frames);
 
   // Converts the chunks in |frame_chunks| into frames and writes them to
   // |frames|. |frame_chunks| is destroyed in the process. Returns
   // ERR_WS_PROTOCOL_ERROR if an invalid chunk was found. If one or more frames
   // was added to |frames|, then returns OK, otherwise returns ERR_IO_PENDING.
   int ConvertChunksToFrames(
-      std::vector<scoped_ptr<WebSocketFrameChunk>>* frame_chunks,
-      std::vector<scoped_ptr<WebSocketFrame>>* frames);
+      std::vector<std::unique_ptr<WebSocketFrameChunk>>* frame_chunks,
+      std::vector<std::unique_ptr<WebSocketFrame>>* frames);
 
   // Converts a |chunk| to a |frame|. |*frame| should be NULL on entry to this
   // method. If |chunk| is an incomplete control frame, or an empty middle
   // frame, then |*frame| may still be NULL on exit. If an invalid control frame
   // is found, returns ERR_WS_PROTOCOL_ERROR and the stream is no longer
   // usable. Otherwise returns OK (even if frame is still NULL).
-  int ConvertChunkToFrame(scoped_ptr<WebSocketFrameChunk> chunk,
-                          scoped_ptr<WebSocketFrame>* frame);
+  int ConvertChunkToFrame(std::unique_ptr<WebSocketFrameChunk> chunk,
+                          std::unique_ptr<WebSocketFrame>* frame);
 
   // Creates a frame based on the value of |is_final_chunk|, |data| and
   // |current_frame_header_|. Clears |current_frame_header_| if |is_final_chunk|
@@ -104,7 +104,7 @@ class NET_EXPORT_PRIVATE WebSocketBasicStream : public WebSocketStream {
   // returned frame will be NULL. Otherwise, |current_frame_header_->opcode| is
   // set to Continuation after use if it was Text or Binary, in accordance with
   // WebSocket RFC6455 section 5.4.
-  scoped_ptr<WebSocketFrame> CreateFrame(
+  std::unique_ptr<WebSocketFrame> CreateFrame(
       bool is_final_chunk,
       const scoped_refptr<IOBufferWithSize>& data);
 
@@ -115,7 +115,7 @@ class NET_EXPORT_PRIVATE WebSocketBasicStream : public WebSocketStream {
 
   // Called when a read completes. Parses the result and (unless no complete
   // header has been received) calls |callback|.
-  void OnReadComplete(std::vector<scoped_ptr<WebSocketFrame>>* frames,
+  void OnReadComplete(std::vector<std::unique_ptr<WebSocketFrame>>* frames,
                       const CompletionCallback& callback,
                       int result);
 
@@ -126,14 +126,14 @@ class NET_EXPORT_PRIVATE WebSocketBasicStream : public WebSocketStream {
 
   // The connection, wrapped in a ClientSocketHandle so that we can prevent it
   // from being returned to the pool.
-  scoped_ptr<ClientSocketHandle> connection_;
+  std::unique_ptr<ClientSocketHandle> connection_;
 
   // Frame header for the frame currently being received. Only non-NULL while we
   // are processing the frame. If the frame arrives in multiple chunks, it can
   // remain non-NULL until additional chunks arrive. If the header of the frame
   // was invalid, this is set to NULL, the channel is failed, and subsequent
   // chunks of the same frame will be ignored.
-  scoped_ptr<WebSocketFrameHeader> current_frame_header_;
+  std::unique_ptr<WebSocketFrameHeader> current_frame_header_;
 
   // Although it should rarely happen in practice, a control frame can arrive
   // broken into chunks. This variable provides storage for a partial control
diff --git a/chromium/net/websockets/websocket_basic_stream_test.cc b/chromium/net/websockets/websocket_basic_stream_test.cc
index f60a1057ed8..0671114da86 100644
--- a/chromium/net/websockets/websocket_basic_stream_test.cc
+++ b/chromium/net/websockets/websocket_basic_stream_test.cc
@@ -76,7 +76,7 @@ WebSocketMaskingKey GenerateNonNulMaskingKey() { return kNonNulMaskingKey; }
 // Base class for WebSocketBasicStream test fixtures.
 class WebSocketBasicStreamTest : public ::testing::Test {
  protected:
-  scoped_ptr<WebSocketBasicStream> stream_;
+  std::unique_ptr<WebSocketBasicStream> stream_;
   TestNetLog net_log_;
 };
 
@@ -117,16 +117,17 @@ class WebSocketBasicStreamSocketTest : public WebSocketBasicStreamTest {
     stream_.reset();
   }
 
-  scoped_ptr<ClientSocketHandle> MakeTransportSocket(MockRead reads[],
-                                                     size_t reads_count,
-                                                     MockWrite writes[],
-                                                     size_t writes_count) {
+  std::unique_ptr<ClientSocketHandle> MakeTransportSocket(MockRead reads[],
+                                                          size_t reads_count,
+                                                          MockWrite writes[],
+                                                          size_t writes_count) {
     socket_data_.reset(new StrictStaticSocketDataProvider(
         reads, reads_count, writes, writes_count, expect_all_io_to_complete_));
     socket_data_->set_connect_data(MockConnect(SYNCHRONOUS, OK));
     factory_.AddSocketDataProvider(socket_data_.get());
 
-    scoped_ptr<ClientSocketHandle> transport_socket(new ClientSocketHandle);
+    std::unique_ptr<ClientSocketHandle> transport_socket(
+        new ClientSocketHandle);
     scoped_refptr<MockTransportSocketParams> params;
     transport_socket->Init(
         "a", params, MEDIUM, ClientSocketPool::RespectLimits::ENABLED,
@@ -160,11 +161,11 @@ class WebSocketBasicStreamSocketTest : public WebSocketBasicStreamTest {
 
   void CreateNullStream() { CreateStream(NULL, 0, NULL, 0); }
 
-  scoped_ptr<SocketDataProvider> socket_data_;
+  std::unique_ptr<SocketDataProvider> socket_data_;
   MockClientSocketFactory factory_;
   MockTransportClientSocketPool pool_;
   BoundTestNetLog(bound_net_log_);
-  std::vector<scoped_ptr<WebSocketFrame>> frames_;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames_;
   TestCompletionCallback cb_;
   scoped_refptr<GrowableIOBuffer> http_read_buffer_;
   std::string sub_protocol_;
@@ -225,7 +226,7 @@ class WebSocketBasicStreamSocketChunkedReadTest
     CreateStream(reads_.get(), number_of_chunks, NULL, 0);
   }
 
-  scoped_ptr<MockRead[]> reads_;
+  std::unique_ptr<MockRead[]> reads_;
 };
 
 // Test fixture for write tests.
@@ -239,7 +240,7 @@ class WebSocketBasicStreamSocketWriteTest
   // Creates a WebSocketFrame with a wire format matching kWriteFrame and adds
   // it to |frames_|.
   void PrepareWriteFrame() {
-    scoped_ptr<WebSocketFrame> frame(
+    std::unique_ptr<WebSocketFrame> frame(
         new WebSocketFrame(WebSocketFrameHeader::kOpCodeText));
     const size_t payload_size =
         kWriteFrameSize - (WebSocketFrameHeader::kBaseHeaderSize +
@@ -798,7 +799,7 @@ TEST_F(WebSocketBasicStreamSocketChunkedReadTest, OneMegFrame) {
   const size_t kWireSize = kPayloadSize + kLargeFrameHeaderSize;
   const size_t kExpectedFrameCount =
       (kWireSize + kReadBufferSize - 1) / kReadBufferSize;
-  scoped_ptr<char[]> big_frame(new char[kWireSize]);
+  std::unique_ptr<char[]> big_frame(new char[kWireSize]);
   memcpy(big_frame.get(), "\x81\x7F", 2);
   base::WriteBigEndian(big_frame.get() + 2, kPayloadSize);
   memset(big_frame.get() + kLargeFrameHeaderSize, 'A', kPayloadSize);
@@ -888,13 +889,13 @@ TEST_F(WebSocketBasicStreamSocketWriteTest, WriteNullPong) {
       MockWrite(SYNCHRONOUS, kMaskedEmptyPong, kMaskedEmptyPongSize)};
   CreateWriteOnly(writes);
 
-  scoped_ptr<WebSocketFrame> frame(
+  std::unique_ptr<WebSocketFrame> frame(
       new WebSocketFrame(WebSocketFrameHeader::kOpCodePong));
   WebSocketFrameHeader& header = frame->header;
   header.final = true;
   header.masked = true;
   header.payload_length = 0;
-  std::vector<scoped_ptr<WebSocketFrame>> frames;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames;
   frames.push_back(std::move(frame));
   EXPECT_EQ(OK, stream_->WriteFrames(&frames, cb_.callback()));
 }
@@ -909,7 +910,7 @@ TEST_F(WebSocketBasicStreamSocketTest, WriteNonNulMask) {
   generator_ = &GenerateNonNulMaskingKey;
   CreateStream(NULL, 0, writes, arraysize(writes));
 
-  scoped_ptr<WebSocketFrame> frame(
+  std::unique_ptr<WebSocketFrame> frame(
       new WebSocketFrame(WebSocketFrameHeader::kOpCodeText));
   const std::string unmasked_payload = "graphics";
   const size_t payload_size = unmasked_payload.size();
diff --git a/chromium/net/websockets/websocket_channel.cc b/chromium/net/websockets/websocket_channel.cc
index 7d166ee6d9f..013b64a92ec 100644
--- a/chromium/net/websockets/websocket_channel.cc
+++ b/chromium/net/websockets/websocket_channel.cc
@@ -4,8 +4,8 @@
 
 #include "net/websockets/websocket_channel.h"
 
-#include <stddef.h>
 #include <limits.h>  // for INT_MAX
+#include <stddef.h>
 
 #include <algorithm>
 #include <deque>
@@ -22,7 +22,7 @@
 #include "base/numerics/safe_conversions.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/stringprintf.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/time/time.h"
 #include "net/base/io_buffer.h"
 #include "net/http/http_request_headers.h"
@@ -136,14 +136,14 @@ class WebSocketChannel::SendBuffer {
   SendBuffer() : total_bytes_(0) {}
 
   // Add a WebSocketFrame to the buffer and increase total_bytes_.
-  void AddFrame(scoped_ptr<WebSocketFrame> chunk);
+  void AddFrame(std::unique_ptr<WebSocketFrame> chunk);
 
   // Return a pointer to the frames_ for write purposes.
-  std::vector<scoped_ptr<WebSocketFrame>>* frames() { return &frames_; }
+  std::vector<std::unique_ptr<WebSocketFrame>>* frames() { return &frames_; }
 
  private:
   // The frames_ that will be sent in the next call to WriteFrames().
-  std::vector<scoped_ptr<WebSocketFrame>> frames_;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames_;
 
   // The total size of the payload data in |frames_|. This will be used to
   // measure the throughput of the link.
@@ -151,7 +151,8 @@ class WebSocketChannel::SendBuffer {
   uint64_t total_bytes_;
 };
 
-void WebSocketChannel::SendBuffer::AddFrame(scoped_ptr<WebSocketFrame> frame) {
+void WebSocketChannel::SendBuffer::AddFrame(
+    std::unique_ptr<WebSocketFrame> frame) {
   total_bytes_ += frame->header.payload_length;
   frames_.push_back(std::move(frame));
 }
@@ -163,7 +164,7 @@ class WebSocketChannel::ConnectDelegate
  public:
   explicit ConnectDelegate(WebSocketChannel* creator) : creator_(creator) {}
 
-  void OnSuccess(scoped_ptr<WebSocketStream> stream) override {
+  void OnSuccess(std::unique_ptr<WebSocketStream> stream) override {
     creator_->OnConnectSuccess(std::move(stream));
     // |this| may have been deleted.
   }
@@ -174,17 +175,17 @@ class WebSocketChannel::ConnectDelegate
   }
 
   void OnStartOpeningHandshake(
-      scoped_ptr<WebSocketHandshakeRequestInfo> request) override {
+      std::unique_ptr<WebSocketHandshakeRequestInfo> request) override {
     creator_->OnStartOpeningHandshake(std::move(request));
   }
 
   void OnFinishOpeningHandshake(
-      scoped_ptr<WebSocketHandshakeResponseInfo> response) override {
+      std::unique_ptr<WebSocketHandshakeResponseInfo> response) override {
     creator_->OnFinishOpeningHandshake(std::move(response));
   }
 
   void OnSSLCertificateError(
-      scoped_ptr<WebSocketEventInterface::SSLErrorCallbacks>
+      std::unique_ptr<WebSocketEventInterface::SSLErrorCallbacks>
           ssl_error_callbacks,
       const SSLInfo& ssl_info,
       bool fatal) override {
@@ -217,7 +218,7 @@ class WebSocketChannel::HandshakeNotificationSender
   }
 
   void set_handshake_request_info(
-      scoped_ptr<WebSocketHandshakeRequestInfo> request_info) {
+      std::unique_ptr<WebSocketHandshakeRequestInfo> request_info) {
     handshake_request_info_ = std::move(request_info);
   }
 
@@ -226,14 +227,14 @@ class WebSocketChannel::HandshakeNotificationSender
   }
 
   void set_handshake_response_info(
-      scoped_ptr<WebSocketHandshakeResponseInfo> response_info) {
+      std::unique_ptr<WebSocketHandshakeResponseInfo> response_info) {
     handshake_response_info_ = std::move(response_info);
   }
 
  private:
   WebSocketChannel* owner_;
-  scoped_ptr<WebSocketHandshakeRequestInfo> handshake_request_info_;
-  scoped_ptr<WebSocketHandshakeResponseInfo> handshake_response_info_;
+  std::unique_ptr<WebSocketHandshakeRequestInfo> handshake_request_info_;
+  std::unique_ptr<WebSocketHandshakeResponseInfo> handshake_response_info_;
 };
 
 WebSocketChannel::HandshakeNotificationSender::HandshakeNotificationSender(
@@ -303,7 +304,7 @@ void WebSocketChannel::PendingReceivedFrame::DidConsume(uint64_t bytes) {
 }
 
 WebSocketChannel::WebSocketChannel(
-    scoped_ptr<WebSocketEventInterface> event_interface,
+    std::unique_ptr<WebSocketEventInterface> event_interface,
     URLRequestContext* url_request_context)
     : event_interface_(std::move(event_interface)),
       url_request_context_(url_request_context),
@@ -426,7 +427,7 @@ WebSocketChannel::ChannelState WebSocketChannel::SendFrame(
   // |this| may have been deleted.
 }
 
-void WebSocketChannel::SendFlowControl(int64_t quota) {
+ChannelState WebSocketChannel::SendFlowControl(int64_t quota) {
   DCHECK(state_ == CONNECTING || state_ == CONNECTED || state_ == SEND_CLOSED ||
          state_ == CLOSE_WAIT);
   // TODO(ricea): Kill the renderer if it tries to send us a negative quota
@@ -451,16 +452,22 @@ void WebSocketChannel::SendFlowControl(int64_t quota) {
              << " bytes_to_send=" << bytes_to_send;
     if (event_interface_->OnDataFrame(final, front.opcode(), data_vector) ==
         CHANNEL_DELETED)
-      return;
+      return CHANNEL_DELETED;
     if (bytes_to_send < data_size) {
       front.DidConsume(bytes_to_send);
       front.ResetOpcode();
-      return;
+      return CHANNEL_ALIVE;
     }
     quota -= bytes_to_send;
 
     pending_received_frames_.pop();
   }
+  if (pending_received_frames_.empty() && has_received_close_frame_) {
+    // We've been waiting for the client to consume the frames before
+    // responding to the closing handshake initiated by the server.
+    return RespondToClosingHandshake();
+  }
+
   // If current_receive_quota_ == 0 then there is no pending ReadFrames()
   // operation.
   const bool start_read =
@@ -468,29 +475,37 @@ void WebSocketChannel::SendFlowControl(int64_t quota) {
       (state_ == CONNECTED || state_ == SEND_CLOSED || state_ == CLOSE_WAIT);
   current_receive_quota_ += quota;
   if (start_read)
-    ignore_result(ReadFrames());
-  // |this| may have been deleted.
+    return ReadFrames();
+  return CHANNEL_ALIVE;
 }
 
-void WebSocketChannel::StartClosingHandshake(uint16_t code,
-                                             const std::string& reason) {
+ChannelState WebSocketChannel::StartClosingHandshake(
+    uint16_t code,
+    const std::string& reason) {
   if (InClosingState()) {
     // When the associated renderer process is killed while the channel is in
     // CLOSING state we reach here.
     DVLOG(1) << "StartClosingHandshake called in state " << state_
              << ". This may be a bug, or a harmless race.";
-    return;
+    return CHANNEL_ALIVE;
+  }
+  if (has_received_close_frame_) {
+    // We reach here if the client wants to start a closing handshake while
+    // the browser is waiting for the client to consume incoming data frames
+    // before responding to a closing handshake initiated by the server.
+    // As the client doesn't want the data frames any more, we can respond to
+    // the closing handshake initiated by the server.
+    return RespondToClosingHandshake();
   }
   if (state_ == CONNECTING) {
     // Abort the in-progress handshake and drop the connection immediately.
     stream_request_.reset();
     SetState(CLOSED);
-    DoDropChannel(false, kWebSocketErrorAbnormalClosure, "");
-    return;
+    return DoDropChannel(false, kWebSocketErrorAbnormalClosure, "");
   }
   if (state_ != CONNECTED) {
     NOTREACHED() << "StartClosingHandshake() called in state " << state_;
-    return;
+    return CHANNEL_ALIVE;
   }
 
   DCHECK(!close_timer_.IsRunning());
@@ -510,19 +525,20 @@ void WebSocketChannel::StartClosingHandshake(uint16_t code,
     // errata 3227 to RFC6455. If the renderer is sending us an invalid code or
     // reason it must be malfunctioning in some way, and based on that we
     // interpret this as an internal error.
-    if (SendClose(kWebSocketErrorInternalServerError, "") != CHANNEL_DELETED) {
-      DCHECK_EQ(CONNECTED, state_);
-      SetState(SEND_CLOSED);
-    }
-    return;
+    if (SendClose(kWebSocketErrorInternalServerError, "") == CHANNEL_DELETED)
+      return CHANNEL_DELETED;
+    DCHECK_EQ(CONNECTED, state_);
+    SetState(SEND_CLOSED);
+    return CHANNEL_ALIVE;
   }
   if (SendClose(
           code,
           StreamingUtf8Validator::Validate(reason) ? reason : std::string()) ==
       CHANNEL_DELETED)
-    return;
+    return CHANNEL_DELETED;
   DCHECK_EQ(CONNECTED, state_);
   SetState(SEND_CLOSED);
+  return CHANNEL_ALIVE;
 }
 
 void WebSocketChannel::SendAddChannelRequestForTesting(
@@ -558,7 +574,7 @@ void WebSocketChannel::SendAddChannelRequestWithSuppliedCreator(
     return;
   }
   socket_url_ = socket_url;
-  scoped_ptr<WebSocketStream::ConnectDelegate> connect_delegate(
+  std::unique_ptr<WebSocketStream::ConnectDelegate> connect_delegate(
       new ConnectDelegate(this));
   stream_request_ = creator.Run(socket_url_, requested_subprotocols, origin,
                                 url_request_context_, BoundNetLog(),
@@ -566,7 +582,8 @@ void WebSocketChannel::SendAddChannelRequestWithSuppliedCreator(
   SetState(CONNECTING);
 }
 
-void WebSocketChannel::OnConnectSuccess(scoped_ptr<WebSocketStream> stream) {
+void WebSocketChannel::OnConnectSuccess(
+    std::unique_ptr<WebSocketStream> stream) {
   DCHECK(stream);
   DCHECK_EQ(CONNECTING, state_);
 
@@ -613,7 +630,8 @@ void WebSocketChannel::OnConnectFailure(const std::string& message) {
 }
 
 void WebSocketChannel::OnSSLCertificateError(
-    scoped_ptr<WebSocketEventInterface::SSLErrorCallbacks> ssl_error_callbacks,
+    std::unique_ptr<WebSocketEventInterface::SSLErrorCallbacks>
+        ssl_error_callbacks,
     const SSLInfo& ssl_info,
     bool fatal) {
   ignore_result(event_interface_->OnSSLCertificateError(
@@ -621,7 +639,7 @@ void WebSocketChannel::OnSSLCertificateError(
 }
 
 void WebSocketChannel::OnStartOpeningHandshake(
-    scoped_ptr<WebSocketHandshakeRequestInfo> request) {
+    std::unique_ptr<WebSocketHandshakeRequestInfo> request) {
   DCHECK(!notification_sender_->handshake_request_info());
 
   // Because it is hard to handle an IPC error synchronously is difficult,
@@ -631,7 +649,7 @@ void WebSocketChannel::OnStartOpeningHandshake(
 }
 
 void WebSocketChannel::OnFinishOpeningHandshake(
-    scoped_ptr<WebSocketHandshakeResponseInfo> response) {
+    std::unique_ptr<WebSocketHandshakeResponseInfo> response) {
   DCHECK(!notification_sender_->handshake_response_info());
 
   // Because it is hard to handle an IPC error synchronously is difficult,
@@ -778,7 +796,8 @@ ChannelState WebSocketChannel::OnReadDone(bool synchronous, int result) {
   }
 }
 
-ChannelState WebSocketChannel::HandleFrame(scoped_ptr<WebSocketFrame> frame) {
+ChannelState WebSocketChannel::HandleFrame(
+    std::unique_ptr<WebSocketFrame> frame) {
   if (frame->header.masked) {
     // RFC6455 Section 5.1 "A client MUST close a connection if it detects a
     // masked frame."
@@ -845,10 +864,6 @@ ChannelState WebSocketChannel::HandleFrameByState(
       return CHANNEL_ALIVE;
 
     case WebSocketFrameHeader::kOpCodeClose: {
-      // TODO(ricea): If there is a message which is queued for transmission to
-      // the renderer, then the renderer should not receive an
-      // OnClosingHandshake or OnDropChannel IPC until the queued message has
-      // been completedly transmitted.
       uint16_t code = kWebSocketNormalClosure;
       std::string reason;
       std::string message;
@@ -858,56 +873,7 @@ ChannelState WebSocketChannel::HandleFrameByState(
       // TODO(ricea): Find a way to safely log the message from the close
       // message (escape control codes and so on).
       DVLOG(1) << "Got Close with code " << code;
-      switch (state_) {
-        case CONNECTED:
-          SetState(RECV_CLOSED);
-
-          if (SendClose(code, reason) == CHANNEL_DELETED)
-            return CHANNEL_DELETED;
-          DCHECK_EQ(RECV_CLOSED, state_);
-
-          SetState(CLOSE_WAIT);
-          DCHECK(!close_timer_.IsRunning());
-          // This use of base::Unretained() is safe because we stop the timer
-          // in the destructor.
-          close_timer_.Start(
-              FROM_HERE,
-              underlying_connection_close_timeout_,
-              base::Bind(
-                  &WebSocketChannel::CloseTimeout, base::Unretained(this)));
-
-          if (event_interface_->OnClosingHandshake() == CHANNEL_DELETED)
-            return CHANNEL_DELETED;
-          has_received_close_frame_  = true;
-          received_close_code_ = code;
-          received_close_reason_ = reason;
-          break;
-
-        case SEND_CLOSED:
-          SetState(CLOSE_WAIT);
-          DCHECK(close_timer_.IsRunning());
-          close_timer_.Stop();
-          // This use of base::Unretained() is safe because we stop the timer
-          // in the destructor.
-          close_timer_.Start(
-              FROM_HERE,
-              underlying_connection_close_timeout_,
-              base::Bind(
-                  &WebSocketChannel::CloseTimeout, base::Unretained(this)));
-
-          // From RFC6455 section 7.1.5: "Each endpoint
-          // will see the status code sent by the other end as _The WebSocket
-          // Connection Close Code_."
-          has_received_close_frame_  = true;
-          received_close_code_ = code;
-          received_close_reason_ = reason;
-          break;
-
-        default:
-          LOG(DFATAL) << "Got Close in unexpected state " << state_;
-          break;
-      }
-      return CHANNEL_ALIVE;
+      return HandleCloseFrame(code, reason);
     }
 
     default:
@@ -927,6 +893,10 @@ ChannelState WebSocketChannel::HandleDataFrame(
     DVLOG(3) << "Ignored data packet received in state " << state_;
     return CHANNEL_ALIVE;
   }
+  if (has_received_close_frame_) {
+    DVLOG(3) << "Ignored data packet as we've received a close frame.";
+    return CHANNEL_ALIVE;
+  }
   DCHECK(opcode == WebSocketFrameHeader::kOpCodeContinuation ||
          opcode == WebSocketFrameHeader::kOpCodeText ||
          opcode == WebSocketFrameHeader::kOpCodeBinary);
@@ -994,6 +964,66 @@ ChannelState WebSocketChannel::HandleDataFrame(
   return event_interface_->OnDataFrame(final, opcode_to_send, data);
 }
 
+ChannelState WebSocketChannel::HandleCloseFrame(uint16_t code,
+                                                const std::string& reason) {
+  DVLOG(1) << "Got Close with code " << code;
+  switch (state_) {
+    case CONNECTED:
+      has_received_close_frame_ = true;
+      received_close_code_ = code;
+      received_close_reason_ = reason;
+      if (!pending_received_frames_.empty()) {
+        // We have some data to be sent to the renderer before sending this
+        // frame.
+        return CHANNEL_ALIVE;
+      }
+      return RespondToClosingHandshake();
+
+    case SEND_CLOSED:
+      SetState(CLOSE_WAIT);
+      DCHECK(close_timer_.IsRunning());
+      close_timer_.Stop();
+      // This use of base::Unretained() is safe because we stop the timer
+      // in the destructor.
+      close_timer_.Start(
+          FROM_HERE, underlying_connection_close_timeout_,
+          base::Bind(&WebSocketChannel::CloseTimeout, base::Unretained(this)));
+
+      // From RFC6455 section 7.1.5: "Each endpoint
+      // will see the status code sent by the other end as _The WebSocket
+      // Connection Close Code_."
+      has_received_close_frame_ = true;
+      received_close_code_ = code;
+      received_close_reason_ = reason;
+      break;
+
+    default:
+      LOG(DFATAL) << "Got Close in unexpected state " << state_;
+      break;
+  }
+  return CHANNEL_ALIVE;
+}
+
+ChannelState WebSocketChannel::RespondToClosingHandshake() {
+  DCHECK(has_received_close_frame_);
+  DCHECK_EQ(CONNECTED, state_);
+  SetState(RECV_CLOSED);
+  if (SendClose(received_close_code_, received_close_reason_) ==
+      CHANNEL_DELETED)
+    return CHANNEL_DELETED;
+  DCHECK_EQ(RECV_CLOSED, state_);
+
+  SetState(CLOSE_WAIT);
+  DCHECK(!close_timer_.IsRunning());
+  // This use of base::Unretained() is safe because we stop the timer
+  // in the destructor.
+  close_timer_.Start(
+      FROM_HERE, underlying_connection_close_timeout_,
+      base::Bind(&WebSocketChannel::CloseTimeout, base::Unretained(this)));
+
+  return event_interface_->OnClosingHandshake();
+}
+
 ChannelState WebSocketChannel::SendFrameFromIOBuffer(
     bool fin,
     WebSocketFrameHeader::OpCode op_code,
@@ -1002,7 +1032,7 @@ ChannelState WebSocketChannel::SendFrameFromIOBuffer(
   DCHECK(state_ == CONNECTED || state_ == RECV_CLOSED);
   DCHECK(stream_);
 
-  scoped_ptr<WebSocketFrame> frame(new WebSocketFrame(op_code));
+  std::unique_ptr<WebSocketFrame> frame(new WebSocketFrame(op_code));
   WebSocketFrameHeader& header = frame->header;
   header.final = fin;
   header.masked = true;
diff --git a/chromium/net/websockets/websocket_channel.h b/chromium/net/websockets/websocket_channel.h
index 97db65f1eb8..002212b2f63 100644
--- a/chromium/net/websockets/websocket_channel.h
+++ b/chromium/net/websockets/websocket_channel.h
@@ -7,6 +7,7 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <queue>
 #include <string>
 #include <vector>
@@ -16,7 +17,6 @@
 #include "base/i18n/streaming_utf8_validator.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/time/time.h"
 #include "base/timer/timer.h"
 #include "net/base/net_export.h"
@@ -46,13 +46,14 @@ class NET_EXPORT WebSocketChannel {
  public:
   // The type of a WebSocketStream creator callback. Must match the signature of
   // WebSocketStream::CreateAndConnectStream().
-  typedef base::Callback<scoped_ptr<WebSocketStreamRequest>(
+  typedef base::Callback<std::unique_ptr<WebSocketStreamRequest>(
       const GURL&,
       const std::vector<std::string>&,
       const url::Origin&,
       URLRequestContext*,
       const BoundNetLog&,
-      scoped_ptr<WebSocketStream::ConnectDelegate>)> WebSocketStreamCreator;
+      std::unique_ptr<WebSocketStream::ConnectDelegate>)>
+      WebSocketStreamCreator;
 
   // Methods which return a value of type ChannelState may delete |this|. If the
   // return value is CHANNEL_DELETED, then the caller must return without making
@@ -62,7 +63,7 @@ class NET_EXPORT WebSocketChannel {
   // Creates a new WebSocketChannel in an idle state.
   // SendAddChannelRequest() must be called immediately afterwards to start the
   // connection process.
-  WebSocketChannel(scoped_ptr<WebSocketEventInterface> event_interface,
+  WebSocketChannel(std::unique_ptr<WebSocketEventInterface> event_interface,
                    URLRequestContext* url_request_context);
   virtual ~WebSocketChannel();
 
@@ -90,7 +91,11 @@ class NET_EXPORT WebSocketChannel {
   // Sends |quota| units of flow control to the remote side. If the underlying
   // transport has a concept of |quota|, then it permits the remote server to
   // send up to |quota| units of data.
-  void SendFlowControl(int64_t quota);
+  //
+  // Calling this function may result in synchronous calls to |event_interface_|
+  // which may result in this object being deleted. In that case, the return
+  // value will be CHANNEL_DELETED.
+  ChannelState SendFlowControl(int64_t quota) WARN_UNUSED_RESULT;
 
   // Starts the closing handshake for a client-initiated shutdown of the
   // connection. There is no API to close the connection without a closing
@@ -98,10 +103,11 @@ class NET_EXPORT WebSocketChannel {
   // effectively do that. |code| must be in the range 1000-4999. |reason| should
   // be a valid UTF-8 string or empty.
   //
-  // This does *not* trigger the event OnClosingHandshake(). The caller should
-  // assume that the closing handshake has started and perform the equivalent
-  // processing to OnClosingHandshake() if necessary.
-  void StartClosingHandshake(uint16_t code, const std::string& reason);
+  // Calling this function may result in synchronous calls to |event_interface_|
+  // which may result in this object being deleted. In that case, the return
+  // value will be CHANNEL_DELETED.
+  ChannelState StartClosingHandshake(uint16_t code, const std::string& reason)
+      WARN_UNUSED_RESULT;
 
   // Returns the current send quota. This value is unsafe to use outside of the
   // browser IO thread because it changes asynchronously.  The value is only
@@ -130,12 +136,12 @@ class NET_EXPORT WebSocketChannel {
   // Called when the stream starts the WebSocket Opening Handshake.
   // This method is public for testing.
   void OnStartOpeningHandshake(
-      scoped_ptr<WebSocketHandshakeRequestInfo> request);
+      std::unique_ptr<WebSocketHandshakeRequestInfo> request);
 
   // Called when the stream ends the WebSocket Opening Handshake.
   // This method is public for testing.
   void OnFinishOpeningHandshake(
-      scoped_ptr<WebSocketHandshakeResponseInfo> response);
+      std::unique_ptr<WebSocketHandshakeResponseInfo> response);
 
  private:
   class HandshakeNotificationSender;
@@ -211,7 +217,7 @@ class NET_EXPORT WebSocketChannel {
 
   // Success callback from WebSocketStream::CreateAndConnectStream(). Reports
   // success to the event interface. May delete |this|.
-  void OnConnectSuccess(scoped_ptr<WebSocketStream> stream);
+  void OnConnectSuccess(std::unique_ptr<WebSocketStream> stream);
 
   // Failure callback from WebSocketStream::CreateAndConnectStream(). Reports
   // failure to the event interface. May delete |this|.
@@ -221,7 +227,7 @@ class NET_EXPORT WebSocketChannel {
   // WebSocketStream::CreateAndConnectStream(). Forwards the request to the
   // event interface.
   void OnSSLCertificateError(
-      scoped_ptr<WebSocketEventInterface::SSLErrorCallbacks>
+      std::unique_ptr<WebSocketEventInterface::SSLErrorCallbacks>
           ssl_error_callbacks,
       const SSLInfo& ssl_info,
       bool fatal);
@@ -263,8 +269,8 @@ class NET_EXPORT WebSocketChannel {
   // This method performs sanity checks on the frame that are needed regardless
   // of the current state. Then, calls the HandleFrameByState() method below
   // which performs the appropriate action(s) depending on the current state.
-  ChannelState HandleFrame(
-      scoped_ptr<WebSocketFrame> frame) WARN_UNUSED_RESULT;
+  ChannelState HandleFrame(std::unique_ptr<WebSocketFrame> frame)
+      WARN_UNUSED_RESULT;
 
   // Handles a single frame depending on the current state. It's used by the
   // HandleFrame() method.
@@ -273,7 +279,7 @@ class NET_EXPORT WebSocketChannel {
                                   const scoped_refptr<IOBuffer>& data_buffer,
                                   uint64_t size) WARN_UNUSED_RESULT;
 
-  // Forward a received data frame to the renderer, if connected. If
+  // Forwards a received data frame to the renderer, if connected. If
   // |expecting_continuation| is not equal to |expecting_to_read_continuation_|,
   // will fail the channel. Also checks the UTF-8 validity of text frames.
   ChannelState HandleDataFrame(WebSocketFrameHeader::OpCode opcode,
@@ -281,6 +287,13 @@ class NET_EXPORT WebSocketChannel {
                                const scoped_refptr<IOBuffer>& data_buffer,
                                uint64_t size) WARN_UNUSED_RESULT;
 
+  // Handles an incoming close frame with |code| and |reason|.
+  ChannelState HandleCloseFrame(uint16_t code,
+                                const std::string& reason) WARN_UNUSED_RESULT;
+
+  // Responds to a closing handshake initiated by the server.
+  ChannelState RespondToClosingHandshake() WARN_UNUSED_RESULT;
+
   // Low-level method to send a single frame. Used for both data and control
   // frames. Either sends the frame immediately or buffers it to be scheduled
   // when the current write finishes. |fin| and |op_code| are defined as for
@@ -340,25 +353,25 @@ class NET_EXPORT WebSocketChannel {
   GURL socket_url_;
 
   // The object receiving events.
-  const scoped_ptr<WebSocketEventInterface> event_interface_;
+  const std::unique_ptr<WebSocketEventInterface> event_interface_;
 
   // The URLRequestContext to pass to the WebSocketStream creator.
   URLRequestContext* const url_request_context_;
 
   // The WebSocketStream on which to send and receive data.
-  scoped_ptr<WebSocketStream> stream_;
+  std::unique_ptr<WebSocketStream> stream_;
 
   // A data structure containing a vector of frames to be sent and the total
   // number of bytes contained in the vector.
   class SendBuffer;
   // Data that is currently pending write, or NULL if no write is pending.
-  scoped_ptr<SendBuffer> data_being_sent_;
+  std::unique_ptr<SendBuffer> data_being_sent_;
   // Data that is queued up to write after the current write completes.
   // Only non-NULL when such data actually exists.
-  scoped_ptr<SendBuffer> data_to_send_next_;
+  std::unique_ptr<SendBuffer> data_to_send_next_;
 
   // Destination for the current call to WebSocketStream::ReadFrames
-  std::vector<scoped_ptr<WebSocketFrame>> read_frames_;
+  std::vector<std::unique_ptr<WebSocketFrame>> read_frames_;
 
   // Frames that have been read but not yet forwarded to the renderer due to
   // lack of quota.
@@ -366,7 +379,7 @@ class NET_EXPORT WebSocketChannel {
 
   // Handle to an in-progress WebSocketStream creation request. Only non-NULL
   // during the connection process.
-  scoped_ptr<WebSocketStreamRequest> stream_request_;
+  std::unique_ptr<WebSocketStreamRequest> stream_request_;
 
   // If the renderer's send quota reaches this level, it is sent a quota
   // refresh. "quota units" are currently bytes. TODO(ricea): Update the
@@ -404,7 +417,7 @@ class NET_EXPORT WebSocketChannel {
   State state_;
 
   // |notification_sender_| is owned by this object.
-  scoped_ptr<HandshakeNotificationSender> notification_sender_;
+  std::unique_ptr<HandshakeNotificationSender> notification_sender_;
 
   // UTF-8 validator for outgoing Text messages.
   base::StreamingUtf8Validator outgoing_utf8_validator_;
diff --git a/chromium/net/websockets/websocket_channel_test.cc b/chromium/net/websockets/websocket_channel_test.cc
index fabd81d7a91..040a903f9ab 100644
--- a/chromium/net/websockets/websocket_channel_test.cc
+++ b/chromium/net/websockets/websocket_channel_test.cc
@@ -7,8 +7,10 @@
 #include <limits.h>
 #include <stddef.h>
 #include <string.h>
+
 #include <iostream>
 #include <iterator>
+#include <memory>
 #include <string>
 #include <utility>
 #include <vector>
@@ -18,12 +20,12 @@
 #include "base/callback.h"
 #include "base/location.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
+#include "base/memory/ptr_util.h"
 #include "base/memory/weak_ptr.h"
 #include "base/message_loop/message_loop.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/string_piece.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/net_errors.h"
 #include "net/base/test_completion_callback.h"
 #include "net/http/http_response_headers.h"
@@ -73,7 +75,7 @@ std::ostream& operator<<(std::ostream& os, const WebSocketFrame& frame) {
 
 std::ostream& operator<<(
     std::ostream& os,
-    const std::vector<scoped_ptr<WebSocketFrame>>& frames) {
+    const std::vector<std::unique_ptr<WebSocketFrame>>& frames) {
   os << "{";
   bool first = true;
   for (const auto& frame : frames) {
@@ -89,7 +91,7 @@ std::ostream& operator<<(
 
 std::ostream& operator<<(
     std::ostream& os,
-    const std::vector<scoped_ptr<WebSocketFrame>>* vector) {
+    const std::vector<std::unique_ptr<WebSocketFrame>>* vector) {
   return os << '&' << *vector;
 }
 
@@ -168,17 +170,17 @@ class MockWebSocketEventInterface : public WebSocketEventInterface {
 
   // We can't use GMock with scoped_ptr.
   ChannelState OnStartOpeningHandshake(
-      scoped_ptr<WebSocketHandshakeRequestInfo>) override {
+      std::unique_ptr<WebSocketHandshakeRequestInfo>) override {
     OnStartOpeningHandshakeCalled();
     return CHANNEL_ALIVE;
   }
   ChannelState OnFinishOpeningHandshake(
-      scoped_ptr<WebSocketHandshakeResponseInfo>) override {
+      std::unique_ptr<WebSocketHandshakeResponseInfo>) override {
     OnFinishOpeningHandshakeCalled();
     return CHANNEL_ALIVE;
   }
   ChannelState OnSSLCertificateError(
-      scoped_ptr<SSLErrorCallbacks> ssl_error_callbacks,
+      std::unique_ptr<SSLErrorCallbacks> ssl_error_callbacks,
       const GURL& url,
       const SSLInfo& ssl_info,
       bool fatal) override {
@@ -217,15 +219,15 @@ class FakeWebSocketEventInterface : public WebSocketEventInterface {
     return CHANNEL_DELETED;
   }
   ChannelState OnStartOpeningHandshake(
-      scoped_ptr<WebSocketHandshakeRequestInfo> request) override {
+      std::unique_ptr<WebSocketHandshakeRequestInfo> request) override {
     return CHANNEL_ALIVE;
   }
   ChannelState OnFinishOpeningHandshake(
-      scoped_ptr<WebSocketHandshakeResponseInfo> response) override {
+      std::unique_ptr<WebSocketHandshakeResponseInfo> response) override {
     return CHANNEL_ALIVE;
   }
   ChannelState OnSSLCertificateError(
-      scoped_ptr<SSLErrorCallbacks> ssl_error_callbacks,
+      std::unique_ptr<SSLErrorCallbacks> ssl_error_callbacks,
       const GURL& url,
       const SSLInfo& ssl_info,
       bool fatal) override {
@@ -246,12 +248,12 @@ class FakeWebSocketStream : public WebSocketStream {
                       const std::string& extensions)
       : protocol_(protocol), extensions_(extensions) {}
 
-  int ReadFrames(std::vector<scoped_ptr<WebSocketFrame>>* frames,
+  int ReadFrames(std::vector<std::unique_ptr<WebSocketFrame>>* frames,
                  const CompletionCallback& callback) override {
     return ERR_IO_PENDING;
   }
 
-  int WriteFrames(std::vector<scoped_ptr<WebSocketFrame>>* frames,
+  int WriteFrames(std::vector<std::unique_ptr<WebSocketFrame>>* frames,
                   const CompletionCallback& callback) override {
     return ERR_IO_PENDING;
   }
@@ -285,7 +287,7 @@ struct InitFrame {
   WebSocketFrameHeader::OpCode opcode;
   IsMasked masked;
 
-  // Will be used to create the IOBuffer member. Can be NULL for NULL data. Is a
+  // Will be used to create the IOBuffer member. Can be null for null data. Is a
   // nul-terminated string for ease-of-use. |header.payload_length| is
   // initialised from |strlen(data)|. This means it is not 8-bit clean, but this
   // is not an issue for test data.
@@ -321,13 +323,13 @@ std::ostream& operator<<(std::ostream& os, const InitFrame (&frames)[N]) {
 // Convert a const array of InitFrame structs to the format used at
 // runtime. Templated on the size of the array to save typing.
 template <size_t N>
-std::vector<scoped_ptr<WebSocketFrame>> CreateFrameVector(
-    const InitFrame(&source_frames)[N]) {
-  std::vector<scoped_ptr<WebSocketFrame>> result_frames;
+std::vector<std::unique_ptr<WebSocketFrame>> CreateFrameVector(
+    const InitFrame (&source_frames)[N]) {
+  std::vector<std::unique_ptr<WebSocketFrame>> result_frames;
   result_frames.reserve(N);
   for (size_t i = 0; i < N; ++i) {
     const InitFrame& source_frame = source_frames[i];
-    scoped_ptr<WebSocketFrame> result_frame(
+    std::unique_ptr<WebSocketFrame> result_frame(
         new WebSocketFrame(source_frame.opcode));
     size_t frame_length = source_frame.data ? strlen(source_frame.data) : 0;
     WebSocketFrameHeader& result_header = result_frame->header;
@@ -354,19 +356,20 @@ ACTION_P(ReturnFrames, source_frames) {
 }
 
 // The implementation of a GoogleMock matcher which can be used to compare a
-// std::vector<scoped_ptr<WebSocketFrame>>* against an expectation defined as an
+// std::vector<std::unique_ptr<WebSocketFrame>>* against an expectation defined
+// as an
 // array of InitFrame objects. Although it is possible to compose built-in
 // GoogleMock matchers to check the contents of a WebSocketFrame, the results
 // are so unreadable that it is better to use this matcher.
 template <size_t N>
 class EqualsFramesMatcher : public ::testing::MatcherInterface<
-                                std::vector<scoped_ptr<WebSocketFrame>>*> {
+                                std::vector<std::unique_ptr<WebSocketFrame>>*> {
  public:
   EqualsFramesMatcher(const InitFrame (*expect_frames)[N])
       : expect_frames_(expect_frames) {}
 
   virtual bool MatchAndExplain(
-      std::vector<scoped_ptr<WebSocketFrame>>* actual_frames,
+      std::vector<std::unique_ptr<WebSocketFrame>>* actual_frames,
       ::testing::MatchResultListener* listener) const {
     if (actual_frames->size() != N) {
       *listener << "the vector size is " << actual_frames->size();
@@ -422,8 +425,8 @@ class EqualsFramesMatcher : public ::testing::MatcherInterface<
 // The definition of EqualsFrames GoogleMock matcher. Unlike the ReturnFrames
 // action, this can take the array by reference.
 template <size_t N>
-::testing::Matcher<std::vector<scoped_ptr<WebSocketFrame>>*> EqualsFrames(
-    const InitFrame(&frames)[N]) {
+::testing::Matcher<std::vector<std::unique_ptr<WebSocketFrame>>*> EqualsFrames(
+    const InitFrame (&frames)[N]) {
   return ::testing::MakeMatcher(new EqualsFramesMatcher<N>(&frames));
 }
 
@@ -459,32 +462,34 @@ class ReadableFakeWebSocketStream : public FakeWebSocketStream {
   // |async| is SYNC, the response will be returned synchronously. |error| is
   // returned directly from ReadFrames() in the synchronous case, or passed to
   // the callback in the asynchronous case. |frames| will be converted to a
-  // std::vector<scoped_ptr<WebSocketFrame>> and copied to the pointer that was
+  // std::vector<std::unique_ptr<WebSocketFrame>> and copied to the pointer that
+  // was
   // passed to ReadFrames().
   template <size_t N>
   void PrepareReadFrames(IsSync async,
                          int error,
                          const InitFrame (&frames)[N]) {
-    responses_.push_back(
-        make_scoped_ptr(new Response(async, error, CreateFrameVector(frames))));
+    responses_.push_back(base::WrapUnique(
+        new Response(async, error, CreateFrameVector(frames))));
   }
 
   // An alternate version of PrepareReadFrames for when we need to construct
   // the frames manually.
-  void PrepareRawReadFrames(IsSync async,
-                            int error,
-                            std::vector<scoped_ptr<WebSocketFrame>> frames) {
+  void PrepareRawReadFrames(
+      IsSync async,
+      int error,
+      std::vector<std::unique_ptr<WebSocketFrame>> frames) {
     responses_.push_back(
-        make_scoped_ptr(new Response(async, error, std::move(frames))));
+        base::WrapUnique(new Response(async, error, std::move(frames))));
   }
 
   // Prepares a fake error response (ie. there is no data).
   void PrepareReadFramesError(IsSync async, int error) {
-    responses_.push_back(make_scoped_ptr(
-        new Response(async, error, std::vector<scoped_ptr<WebSocketFrame>>())));
+    responses_.push_back(base::WrapUnique(new Response(
+        async, error, std::vector<std::unique_ptr<WebSocketFrame>>())));
   }
 
-  int ReadFrames(std::vector<scoped_ptr<WebSocketFrame>>* frames,
+  int ReadFrames(std::vector<std::unique_ptr<WebSocketFrame>>* frames,
                  const CompletionCallback& callback) override {
     CHECK(!read_frames_pending_);
     if (index_ >= responses_.size())
@@ -502,7 +507,7 @@ class ReadableFakeWebSocketStream : public FakeWebSocketStream {
   }
 
  private:
-  void DoCallback(std::vector<scoped_ptr<WebSocketFrame>>* frames,
+  void DoCallback(std::vector<std::unique_ptr<WebSocketFrame>>* frames,
                   const CompletionCallback& callback) {
     read_frames_pending_ = false;
     frames->swap(responses_[index_]->frames);
@@ -513,18 +518,18 @@ class ReadableFakeWebSocketStream : public FakeWebSocketStream {
   struct Response {
     Response(IsSync async,
              int error,
-             std::vector<scoped_ptr<WebSocketFrame>> frames)
+             std::vector<std::unique_ptr<WebSocketFrame>> frames)
         : async(async), error(error), frames(std::move(frames)) {}
 
     IsSync async;
     int error;
-    std::vector<scoped_ptr<WebSocketFrame>> frames;
+    std::vector<std::unique_ptr<WebSocketFrame>> frames;
 
    private:
     // Bad things will happen if we attempt to copy or assign |frames|.
     DISALLOW_COPY_AND_ASSIGN(Response);
   };
-  std::vector<scoped_ptr<Response>> responses_;
+  std::vector<std::unique_ptr<Response>> responses_;
 
   // The index into the responses_ array of the next response to be returned.
   size_t index_;
@@ -540,7 +545,7 @@ class ReadableFakeWebSocketStream : public FakeWebSocketStream {
 // synchronously.
 class WriteableFakeWebSocketStream : public FakeWebSocketStream {
  public:
-  int WriteFrames(std::vector<scoped_ptr<WebSocketFrame>>* frames,
+  int WriteFrames(std::vector<std::unique_ptr<WebSocketFrame>>* frames,
                   const CompletionCallback& callback) override {
     return OK;
   }
@@ -549,7 +554,7 @@ class WriteableFakeWebSocketStream : public FakeWebSocketStream {
 // A FakeWebSocketStream where writes always fail.
 class UnWriteableFakeWebSocketStream : public FakeWebSocketStream {
  public:
-  int WriteFrames(std::vector<scoped_ptr<WebSocketFrame>>* frames,
+  int WriteFrames(std::vector<std::unique_ptr<WebSocketFrame>>* frames,
                   const CompletionCallback& callback) override {
     return ERR_CONNECTION_RESET;
   }
@@ -563,9 +568,9 @@ class UnWriteableFakeWebSocketStream : public FakeWebSocketStream {
 // otherwise the ReadFrames() callback will never be called.
 class EchoeyFakeWebSocketStream : public FakeWebSocketStream {
  public:
-  EchoeyFakeWebSocketStream() : read_frames_(NULL), done_(false) {}
+  EchoeyFakeWebSocketStream() : read_frames_(nullptr), done_(false) {}
 
-  int WriteFrames(std::vector<scoped_ptr<WebSocketFrame>>* frames,
+  int WriteFrames(std::vector<std::unique_ptr<WebSocketFrame>>* frames,
                   const CompletionCallback& callback) override {
     stored_frames_.insert(stored_frames_.end(),
                           std::make_move_iterator(frames->begin()),
@@ -577,7 +582,7 @@ class EchoeyFakeWebSocketStream : public FakeWebSocketStream {
     return OK;
   }
 
-  int ReadFrames(std::vector<scoped_ptr<WebSocketFrame>>* frames,
+  int ReadFrames(std::vector<std::unique_ptr<WebSocketFrame>>* frames,
                  const CompletionCallback& callback) override {
     read_callback_ = callback;
     read_frames_ = frames;
@@ -598,7 +603,7 @@ class EchoeyFakeWebSocketStream : public FakeWebSocketStream {
       read_callback_.Run(ERR_CONNECTION_CLOSED);
     } else if (!stored_frames_.empty()) {
       done_ = MoveFrames(read_frames_);
-      read_frames_ = NULL;
+      read_frames_ = nullptr;
       read_callback_.Run(OK);
     }
   }
@@ -606,7 +611,7 @@ class EchoeyFakeWebSocketStream : public FakeWebSocketStream {
   // Copy the frames stored in stored_frames_ to |out|, while clearing the
   // "masked" header bit. Returns true if a Close Frame was seen, false
   // otherwise.
-  bool MoveFrames(std::vector<scoped_ptr<WebSocketFrame>>* out) {
+  bool MoveFrames(std::vector<std::unique_ptr<WebSocketFrame>>* out) {
     bool seen_close = false;
     *out = std::move(stored_frames_);
     for (const auto& frame : *out) {
@@ -618,10 +623,10 @@ class EchoeyFakeWebSocketStream : public FakeWebSocketStream {
     return seen_close;
   }
 
-  std::vector<scoped_ptr<WebSocketFrame>> stored_frames_;
+  std::vector<std::unique_ptr<WebSocketFrame>> stored_frames_;
   CompletionCallback read_callback_;
   // Owned by the caller of ReadFrames().
-  std::vector<scoped_ptr<WebSocketFrame>>* read_frames_;
+  std::vector<std::unique_ptr<WebSocketFrame>>* read_frames_;
   // True if we should close the connection.
   bool done_;
 };
@@ -637,7 +642,7 @@ class ResetOnWriteFakeWebSocketStream : public FakeWebSocketStream {
  public:
   ResetOnWriteFakeWebSocketStream() : closed_(false), weak_ptr_factory_(this) {}
 
-  int WriteFrames(std::vector<scoped_ptr<WebSocketFrame>>* frames,
+  int WriteFrames(std::vector<std::unique_ptr<WebSocketFrame>>* frames,
                   const CompletionCallback& callback) override {
     base::ThreadTaskRunnerHandle::Get()->PostTask(
         FROM_HERE,
@@ -652,7 +657,7 @@ class ResetOnWriteFakeWebSocketStream : public FakeWebSocketStream {
     return ERR_IO_PENDING;
   }
 
-  int ReadFrames(std::vector<scoped_ptr<WebSocketFrame>>* frames,
+  int ReadFrames(std::vector<std::unique_ptr<WebSocketFrame>>* frames,
                  const CompletionCallback& callback) override {
     read_callback_ = callback;
     return ERR_IO_PENDING;
@@ -678,10 +683,10 @@ class ResetOnWriteFakeWebSocketStream : public FakeWebSocketStream {
 class MockWebSocketStream : public WebSocketStream {
  public:
   MOCK_METHOD2(ReadFrames,
-               int(std::vector<scoped_ptr<WebSocketFrame>>* frames,
+               int(std::vector<std::unique_ptr<WebSocketFrame>>* frames,
                    const CompletionCallback& callback));
   MOCK_METHOD2(WriteFrames,
-               int(std::vector<scoped_ptr<WebSocketFrame>>* frames,
+               int(std::vector<std::unique_ptr<WebSocketFrame>>* frames,
                    const CompletionCallback& callback));
   MOCK_METHOD0(Close, void());
   MOCK_CONST_METHOD0(GetSubProtocol, std::string());
@@ -690,20 +695,20 @@ class MockWebSocketStream : public WebSocketStream {
 };
 
 struct ArgumentCopyingWebSocketStreamCreator {
-  scoped_ptr<WebSocketStreamRequest> Create(
+  std::unique_ptr<WebSocketStreamRequest> Create(
       const GURL& socket_url,
       const std::vector<std::string>& requested_subprotocols,
       const url::Origin& origin,
       URLRequestContext* url_request_context,
       const BoundNetLog& net_log,
-      scoped_ptr<WebSocketStream::ConnectDelegate> connect_delegate) {
+      std::unique_ptr<WebSocketStream::ConnectDelegate> connect_delegate) {
     this->socket_url = socket_url;
     this->requested_subprotocols = requested_subprotocols;
     this->origin = origin;
     this->url_request_context = url_request_context;
     this->net_log = net_log;
     this->connect_delegate = std::move(connect_delegate);
-    return make_scoped_ptr(new WebSocketStreamRequest);
+    return base::WrapUnique(new WebSocketStreamRequest);
   }
 
   GURL socket_url;
@@ -711,7 +716,7 @@ struct ArgumentCopyingWebSocketStreamCreator {
   std::vector<std::string> requested_subprotocols;
   URLRequestContext* url_request_context;
   BoundNetLog net_log;
-  scoped_ptr<WebSocketStream::ConnectDelegate> connect_delegate;
+  std::unique_ptr<WebSocketStream::ConnectDelegate> connect_delegate;
 };
 
 // Converts a std::string to a std::vector<char>. For test purposes, it is
@@ -752,22 +757,22 @@ class WebSocketChannelTest : public ::testing::Test {
     CreateChannelAndConnect();
     // Most tests aren't concerned with flow control from the renderer, so allow
     // MAX_INT quota units.
-    channel_->SendFlowControl(kPlentyOfQuota);
+    EXPECT_EQ(CHANNEL_ALIVE, channel_->SendFlowControl(kPlentyOfQuota));
     connect_data_.creator.connect_delegate->OnSuccess(std::move(stream_));
   }
 
   // Returns a WebSocketEventInterface to be passed to the WebSocketChannel.
   // This implementation returns a newly-created fake. Subclasses may return a
   // mock instead.
-  virtual scoped_ptr<WebSocketEventInterface> CreateEventInterface() {
-    return scoped_ptr<WebSocketEventInterface>(new FakeWebSocketEventInterface);
+  virtual std::unique_ptr<WebSocketEventInterface> CreateEventInterface() {
+    return base::WrapUnique(new FakeWebSocketEventInterface);
   }
 
   // This method serves no other purpose than to provide a nice syntax for
   // assigning to stream_. class T must be a subclass of WebSocketStream or you
   // will have unpleasant compile errors.
   template <class T>
-  void set_stream(scoped_ptr<T> stream) {
+  void set_stream(std::unique_ptr<T> stream) {
     stream_ = std::move(stream);
   }
 
@@ -792,10 +797,10 @@ class WebSocketChannelTest : public ::testing::Test {
   ConnectData connect_data_;
 
   // The channel we are testing. Not initialised until SetChannel() is called.
-  scoped_ptr<WebSocketChannel> channel_;
+  std::unique_ptr<WebSocketChannel> channel_;
 
   // A mock or fake stream for tests that need one.
-  scoped_ptr<WebSocketStream> stream_;
+  std::unique_ptr<WebSocketStream> stream_;
 };
 
 // enum of WebSocketEventInterface calls. These are intended to be or'd together
@@ -835,7 +840,7 @@ class WebSocketChannelDeletingTest : public WebSocketChannelTest {
                   EVENT_ON_SSL_CERTIFICATE_ERROR) {}
   // Create a ChannelDeletingFakeWebSocketEventInterface. Defined out-of-line to
   // avoid circular dependency.
-  scoped_ptr<WebSocketEventInterface> CreateEventInterface() override;
+  std::unique_ptr<WebSocketEventInterface> CreateEventInterface() override;
 
   // Tests can set deleting_ to a bitmap of EventInterfaceCall members that they
   // want to cause Channel deletion. The default is for all calls to cause
@@ -882,15 +887,15 @@ class ChannelDeletingFakeWebSocketEventInterface
   }
 
   ChannelState OnStartOpeningHandshake(
-      scoped_ptr<WebSocketHandshakeRequestInfo> request) override {
+      std::unique_ptr<WebSocketHandshakeRequestInfo> request) override {
     return fixture_->DeleteIfDeleting(EVENT_ON_START_OPENING_HANDSHAKE);
   }
   ChannelState OnFinishOpeningHandshake(
-      scoped_ptr<WebSocketHandshakeResponseInfo> response) override {
+      std::unique_ptr<WebSocketHandshakeResponseInfo> response) override {
     return fixture_->DeleteIfDeleting(EVENT_ON_FINISH_OPENING_HANDSHAKE);
   }
   ChannelState OnSSLCertificateError(
-      scoped_ptr<SSLErrorCallbacks> ssl_error_callbacks,
+      std::unique_ptr<SSLErrorCallbacks> ssl_error_callbacks,
       const GURL& url,
       const SSLInfo& ssl_info,
       bool fatal) override {
@@ -903,10 +908,9 @@ class ChannelDeletingFakeWebSocketEventInterface
   WebSocketChannelDeletingTest* fixture_;
 };
 
-scoped_ptr<WebSocketEventInterface>
+std::unique_ptr<WebSocketEventInterface>
 WebSocketChannelDeletingTest::CreateEventInterface() {
-  return scoped_ptr<WebSocketEventInterface>(
-      new ChannelDeletingFakeWebSocketEventInterface(this));
+  return base::WrapUnique(new ChannelDeletingFakeWebSocketEventInterface(this));
 }
 
 // Base class for tests which verify that EventInterface methods are called
@@ -930,11 +934,11 @@ class WebSocketChannelEventInterfaceTest : public WebSocketChannelTest {
   // object before calling CreateChannelAndConnect() or
   // CreateChannelAndConnectSuccessfully(). This will only work once per test
   // case, but once should be enough.
-  scoped_ptr<WebSocketEventInterface> CreateEventInterface() override {
-    return scoped_ptr<WebSocketEventInterface>(event_interface_.release());
+  std::unique_ptr<WebSocketEventInterface> CreateEventInterface() override {
+    return base::WrapUnique(event_interface_.release());
   }
 
-  scoped_ptr<MockWebSocketEventInterface> event_interface_;
+  std::unique_ptr<MockWebSocketEventInterface> event_interface_;
 };
 
 // Base class for tests which verify that WebSocketStream methods are called
@@ -949,7 +953,7 @@ class WebSocketChannelStreamTest : public WebSocketChannelTest {
     WebSocketChannelTest::CreateChannelAndConnectSuccessfully();
   }
 
-  scoped_ptr<MockWebSocketStream> mock_stream_;
+  std::unique_ptr<MockWebSocketStream> mock_stream_;
 };
 
 // Fixture for tests which test UTF-8 validation of sent Text frames via the
@@ -958,7 +962,7 @@ class WebSocketChannelSendUtf8Test
     : public WebSocketChannelEventInterfaceTest {
  public:
   void SetUp() override {
-    set_stream(make_scoped_ptr(new WriteableFakeWebSocketStream));
+    set_stream(base::WrapUnique(new WriteableFakeWebSocketStream));
     // For the purpose of the tests using this fixture, it doesn't matter
     // whether these methods are called or not.
     EXPECT_CALL(*event_interface_, OnAddChannelResponse(_, _))
@@ -976,7 +980,7 @@ class WebSocketChannelFlowControlTest
   // instead of CreateChannelAndConnectSuccessfully().
   void CreateChannelAndConnectWithQuota(int64_t quota) {
     CreateChannelAndConnect();
-    channel_->SendFlowControl(quota);
+    EXPECT_EQ(CHANNEL_ALIVE, channel_->SendFlowControl(quota));
     connect_data_.creator.connect_delegate->OnSuccess(std::move(stream_));
   }
 
@@ -1019,7 +1023,7 @@ TEST_F(WebSocketChannelTest, EverythingIsPassedToTheCreatorFunction) {
 TEST_F(WebSocketChannelTest, SendFlowControlDuringHandshakeOkay) {
   CreateChannelAndConnect();
   ASSERT_TRUE(channel_);
-  channel_->SendFlowControl(65536);
+  ASSERT_EQ(CHANNEL_ALIVE, channel_->SendFlowControl(65536));
 }
 
 // Any WebSocketEventInterface methods can delete the WebSocketChannel and
@@ -1031,17 +1035,17 @@ TEST_F(WebSocketChannelDeletingTest, OnAddChannelResponseFail) {
   CreateChannelAndConnect();
   EXPECT_TRUE(channel_);
   connect_data_.creator.connect_delegate->OnFailure("bye");
-  EXPECT_EQ(NULL, channel_.get());
+  EXPECT_EQ(nullptr, channel_.get());
 }
 
 // Deletion is possible (due to IPC failure) even if the connect succeeds.
 TEST_F(WebSocketChannelDeletingTest, OnAddChannelResponseSuccess) {
   CreateChannelAndConnectSuccessfully();
-  EXPECT_EQ(NULL, channel_.get());
+  EXPECT_EQ(nullptr, channel_.get());
 }
 
 TEST_F(WebSocketChannelDeletingTest, OnDataFrameSync) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   static const InitFrame frames[] = {
       {FINAL_FRAME, WebSocketFrameHeader::kOpCodeText, NOT_MASKED, "HELLO"}};
@@ -1050,11 +1054,11 @@ TEST_F(WebSocketChannelDeletingTest, OnDataFrameSync) {
   deleting_ = EVENT_ON_DATA_FRAME;
 
   CreateChannelAndConnectSuccessfully();
-  EXPECT_EQ(NULL, channel_.get());
+  EXPECT_EQ(nullptr, channel_.get());
 }
 
 TEST_F(WebSocketChannelDeletingTest, OnDataFrameAsync) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   static const InitFrame frames[] = {
       {FINAL_FRAME, WebSocketFrameHeader::kOpCodeText, NOT_MASKED, "HELLO"}};
@@ -1065,18 +1069,18 @@ TEST_F(WebSocketChannelDeletingTest, OnDataFrameAsync) {
   CreateChannelAndConnectSuccessfully();
   EXPECT_TRUE(channel_);
   base::MessageLoop::current()->RunUntilIdle();
-  EXPECT_EQ(NULL, channel_.get());
+  EXPECT_EQ(nullptr, channel_.get());
 }
 
 TEST_F(WebSocketChannelDeletingTest, OnFlowControlAfterConnect) {
   deleting_ = EVENT_ON_FLOW_CONTROL;
 
   CreateChannelAndConnectSuccessfully();
-  EXPECT_EQ(NULL, channel_.get());
+  EXPECT_EQ(nullptr, channel_.get());
 }
 
 TEST_F(WebSocketChannelDeletingTest, OnFlowControlAfterSend) {
-  set_stream(make_scoped_ptr(new WriteableFakeWebSocketStream));
+  set_stream(base::WrapUnique(new WriteableFakeWebSocketStream));
   // Avoid deleting the channel yet.
   deleting_ = EVENT_ON_FAIL_CHANNEL | EVENT_ON_DROP_CHANNEL;
   CreateChannelAndConnectSuccessfully();
@@ -1085,11 +1089,11 @@ TEST_F(WebSocketChannelDeletingTest, OnFlowControlAfterSend) {
   channel_->SendFrame(true,
                       WebSocketFrameHeader::kOpCodeText,
                       std::vector<char>(kDefaultInitialQuota, 'B'));
-  EXPECT_EQ(NULL, channel_.get());
+  EXPECT_EQ(nullptr, channel_.get());
 }
 
 TEST_F(WebSocketChannelDeletingTest, OnClosingHandshakeSync) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   static const InitFrame frames[] = {
       {FINAL_FRAME, WebSocketFrameHeader::kOpCodeClose,
@@ -1098,11 +1102,11 @@ TEST_F(WebSocketChannelDeletingTest, OnClosingHandshakeSync) {
   set_stream(std::move(stream));
   deleting_ = EVENT_ON_CLOSING_HANDSHAKE;
   CreateChannelAndConnectSuccessfully();
-  EXPECT_EQ(NULL, channel_.get());
+  EXPECT_EQ(nullptr, channel_.get());
 }
 
 TEST_F(WebSocketChannelDeletingTest, OnClosingHandshakeAsync) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   static const InitFrame frames[] = {
       {FINAL_FRAME, WebSocketFrameHeader::kOpCodeClose,
@@ -1113,21 +1117,21 @@ TEST_F(WebSocketChannelDeletingTest, OnClosingHandshakeAsync) {
   CreateChannelAndConnectSuccessfully();
   ASSERT_TRUE(channel_);
   base::MessageLoop::current()->RunUntilIdle();
-  EXPECT_EQ(NULL, channel_.get());
+  EXPECT_EQ(nullptr, channel_.get());
 }
 
 TEST_F(WebSocketChannelDeletingTest, OnDropChannelWriteError) {
-  set_stream(make_scoped_ptr(new UnWriteableFakeWebSocketStream));
+  set_stream(base::WrapUnique(new UnWriteableFakeWebSocketStream));
   deleting_ = EVENT_ON_DROP_CHANNEL;
   CreateChannelAndConnectSuccessfully();
   ASSERT_TRUE(channel_);
   channel_->SendFrame(
       true, WebSocketFrameHeader::kOpCodeText, AsVector("this will fail"));
-  EXPECT_EQ(NULL, channel_.get());
+  EXPECT_EQ(nullptr, channel_.get());
 }
 
 TEST_F(WebSocketChannelDeletingTest, OnDropChannelReadError) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   stream->PrepareReadFramesError(ReadableFakeWebSocketStream::ASYNC,
                                  ERR_FAILED);
@@ -1136,11 +1140,11 @@ TEST_F(WebSocketChannelDeletingTest, OnDropChannelReadError) {
   CreateChannelAndConnectSuccessfully();
   ASSERT_TRUE(channel_);
   base::MessageLoop::current()->RunUntilIdle();
-  EXPECT_EQ(NULL, channel_.get());
+  EXPECT_EQ(nullptr, channel_.get());
 }
 
 TEST_F(WebSocketChannelDeletingTest, OnNotifyStartOpeningHandshakeError) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   static const InitFrame frames[] = {
       {FINAL_FRAME, WebSocketFrameHeader::kOpCodeText, NOT_MASKED, "HELLO"}};
@@ -1150,15 +1154,16 @@ TEST_F(WebSocketChannelDeletingTest, OnNotifyStartOpeningHandshakeError) {
 
   CreateChannelAndConnectSuccessfully();
   ASSERT_TRUE(channel_);
-  channel_->OnStartOpeningHandshake(scoped_ptr<WebSocketHandshakeRequestInfo>(
-      new WebSocketHandshakeRequestInfo(GURL("http://www.example.com/"),
-                                        base::Time())));
+  channel_->OnStartOpeningHandshake(
+      std::unique_ptr<WebSocketHandshakeRequestInfo>(
+          new WebSocketHandshakeRequestInfo(GURL("http://www.example.com/"),
+                                            base::Time())));
   base::MessageLoop::current()->RunUntilIdle();
-  EXPECT_EQ(NULL, channel_.get());
+  EXPECT_EQ(nullptr, channel_.get());
 }
 
 TEST_F(WebSocketChannelDeletingTest, OnNotifyFinishOpeningHandshakeError) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   static const InitFrame frames[] = {
       {FINAL_FRAME, WebSocketFrameHeader::kOpCodeText, NOT_MASKED, "HELLO"}};
@@ -1170,29 +1175,27 @@ TEST_F(WebSocketChannelDeletingTest, OnNotifyFinishOpeningHandshakeError) {
   ASSERT_TRUE(channel_);
   scoped_refptr<HttpResponseHeaders> response_headers(
       new HttpResponseHeaders(""));
-  channel_->OnFinishOpeningHandshake(scoped_ptr<WebSocketHandshakeResponseInfo>(
-      new WebSocketHandshakeResponseInfo(GURL("http://www.example.com/"),
-                                         200,
-                                         "OK",
-                                         response_headers,
-                                         base::Time())));
+  channel_->OnFinishOpeningHandshake(
+      base::WrapUnique(new WebSocketHandshakeResponseInfo(
+          GURL("http://www.example.com/"), 200, "OK", response_headers,
+          base::Time())));
   base::MessageLoop::current()->RunUntilIdle();
-  EXPECT_EQ(NULL, channel_.get());
+  EXPECT_EQ(nullptr, channel_.get());
 }
 
 TEST_F(WebSocketChannelDeletingTest, FailChannelInSendFrame) {
-  set_stream(make_scoped_ptr(new WriteableFakeWebSocketStream));
+  set_stream(base::WrapUnique(new WriteableFakeWebSocketStream));
   deleting_ = EVENT_ON_FAIL_CHANNEL;
   CreateChannelAndConnectSuccessfully();
   ASSERT_TRUE(channel_);
   channel_->SendFrame(true,
                       WebSocketFrameHeader::kOpCodeText,
                       std::vector<char>(kDefaultInitialQuota * 2, 'T'));
-  EXPECT_EQ(NULL, channel_.get());
+  EXPECT_EQ(nullptr, channel_.get());
 }
 
 TEST_F(WebSocketChannelDeletingTest, FailChannelInOnReadDone) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   stream->PrepareReadFramesError(ReadableFakeWebSocketStream::ASYNC,
                                  ERR_WS_PROTOCOL_ERROR);
@@ -1201,11 +1204,11 @@ TEST_F(WebSocketChannelDeletingTest, FailChannelInOnReadDone) {
   CreateChannelAndConnectSuccessfully();
   ASSERT_TRUE(channel_);
   base::MessageLoop::current()->RunUntilIdle();
-  EXPECT_EQ(NULL, channel_.get());
+  EXPECT_EQ(nullptr, channel_.get());
 }
 
 TEST_F(WebSocketChannelDeletingTest, FailChannelDueToMaskedFrame) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   static const InitFrame frames[] = {
       {FINAL_FRAME, WebSocketFrameHeader::kOpCodeText, MASKED, "HELLO"}};
@@ -1214,11 +1217,11 @@ TEST_F(WebSocketChannelDeletingTest, FailChannelDueToMaskedFrame) {
   deleting_ = EVENT_ON_FAIL_CHANNEL;
 
   CreateChannelAndConnectSuccessfully();
-  EXPECT_EQ(NULL, channel_.get());
+  EXPECT_EQ(nullptr, channel_.get());
 }
 
 TEST_F(WebSocketChannelDeletingTest, FailChannelDueToBadControlFrame) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   static const InitFrame frames[] = {
       {FINAL_FRAME, 0xF, NOT_MASKED, ""}};
@@ -1227,25 +1230,24 @@ TEST_F(WebSocketChannelDeletingTest, FailChannelDueToBadControlFrame) {
   deleting_ = EVENT_ON_FAIL_CHANNEL;
 
   CreateChannelAndConnectSuccessfully();
-  EXPECT_EQ(NULL, channel_.get());
+  EXPECT_EQ(nullptr, channel_.get());
 }
 
-// Version of above test with NULL data.
+// Version of above test with null data.
 TEST_F(WebSocketChannelDeletingTest, FailChannelDueToBadControlFrameNull) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
-  static const InitFrame frames[] = {
-      {FINAL_FRAME, 0xF, NOT_MASKED, NULL}};
+  static const InitFrame frames[] = {{FINAL_FRAME, 0xF, NOT_MASKED, nullptr}};
   stream->PrepareReadFrames(ReadableFakeWebSocketStream::SYNC, OK, frames);
   set_stream(std::move(stream));
   deleting_ = EVENT_ON_FAIL_CHANNEL;
 
   CreateChannelAndConnectSuccessfully();
-  EXPECT_EQ(NULL, channel_.get());
+  EXPECT_EQ(nullptr, channel_.get());
 }
 
 TEST_F(WebSocketChannelDeletingTest, FailChannelDueToPongAfterClose) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   static const InitFrame frames[] = {
       {FINAL_FRAME, WebSocketFrameHeader::kOpCodeClose, NOT_MASKED,
@@ -1256,26 +1258,26 @@ TEST_F(WebSocketChannelDeletingTest, FailChannelDueToPongAfterClose) {
   deleting_ = EVENT_ON_FAIL_CHANNEL;
 
   CreateChannelAndConnectSuccessfully();
-  EXPECT_EQ(NULL, channel_.get());
+  EXPECT_EQ(nullptr, channel_.get());
 }
 
 TEST_F(WebSocketChannelDeletingTest, FailChannelDueToPongAfterCloseNull) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   static const InitFrame frames[] = {
       {FINAL_FRAME, WebSocketFrameHeader::kOpCodeClose, NOT_MASKED,
        CLOSE_DATA(NORMAL_CLOSURE, "Success")},
-      {FINAL_FRAME, WebSocketFrameHeader::kOpCodePong, NOT_MASKED, NULL}};
+      {FINAL_FRAME, WebSocketFrameHeader::kOpCodePong, NOT_MASKED, nullptr}};
   stream->PrepareReadFrames(ReadableFakeWebSocketStream::SYNC, OK, frames);
   set_stream(std::move(stream));
   deleting_ = EVENT_ON_FAIL_CHANNEL;
 
   CreateChannelAndConnectSuccessfully();
-  EXPECT_EQ(NULL, channel_.get());
+  EXPECT_EQ(nullptr, channel_.get());
 }
 
 TEST_F(WebSocketChannelDeletingTest, FailChannelDueToUnknownOpCode) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   static const InitFrame frames[] = {{FINAL_FRAME, 0x7, NOT_MASKED, ""}};
   stream->PrepareReadFrames(ReadableFakeWebSocketStream::SYNC, OK, frames);
@@ -1283,23 +1285,23 @@ TEST_F(WebSocketChannelDeletingTest, FailChannelDueToUnknownOpCode) {
   deleting_ = EVENT_ON_FAIL_CHANNEL;
 
   CreateChannelAndConnectSuccessfully();
-  EXPECT_EQ(NULL, channel_.get());
+  EXPECT_EQ(nullptr, channel_.get());
 }
 
 TEST_F(WebSocketChannelDeletingTest, FailChannelDueToUnknownOpCodeNull) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
-  static const InitFrame frames[] = {{FINAL_FRAME, 0x7, NOT_MASKED, NULL}};
+  static const InitFrame frames[] = {{FINAL_FRAME, 0x7, NOT_MASKED, nullptr}};
   stream->PrepareReadFrames(ReadableFakeWebSocketStream::SYNC, OK, frames);
   set_stream(std::move(stream));
   deleting_ = EVENT_ON_FAIL_CHANNEL;
 
   CreateChannelAndConnectSuccessfully();
-  EXPECT_EQ(NULL, channel_.get());
+  EXPECT_EQ(nullptr, channel_.get());
 }
 
 TEST_F(WebSocketChannelDeletingTest, FailChannelDueInvalidCloseReason) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   static const InitFrame frames[] = {
       {FINAL_FRAME, WebSocketFrameHeader::kOpCodeClose,
@@ -1309,7 +1311,7 @@ TEST_F(WebSocketChannelDeletingTest, FailChannelDueInvalidCloseReason) {
   deleting_ = EVENT_ON_FAIL_CHANNEL;
 
   CreateChannelAndConnectSuccessfully();
-  EXPECT_EQ(NULL, channel_.get());
+  EXPECT_EQ(nullptr, channel_.get());
 }
 
 TEST_F(WebSocketChannelEventInterfaceTest, ConnectSuccessReported) {
@@ -1345,7 +1347,7 @@ TEST_F(WebSocketChannelEventInterfaceTest, ProtocolPassed) {
   CreateChannelAndConnect();
 
   connect_data_.creator.connect_delegate->OnSuccess(
-      scoped_ptr<WebSocketStream>(new FakeWebSocketStream("Bob", "")));
+      base::WrapUnique(new FakeWebSocketStream("Bob", "")));
 }
 
 TEST_F(WebSocketChannelEventInterfaceTest, ExtensionsPassed) {
@@ -1355,15 +1357,15 @@ TEST_F(WebSocketChannelEventInterfaceTest, ExtensionsPassed) {
 
   CreateChannelAndConnect();
 
-  connect_data_.creator.connect_delegate->OnSuccess(scoped_ptr<WebSocketStream>(
-      new FakeWebSocketStream("", "extension1, extension2")));
+  connect_data_.creator.connect_delegate->OnSuccess(
+      base::WrapUnique(new FakeWebSocketStream("", "extension1, extension2")));
 }
 
 // The first frames from the server can arrive together with the handshake, in
 // which case they will be available as soon as ReadFrames() is called the first
 // time.
 TEST_F(WebSocketChannelEventInterfaceTest, DataLeftFromHandshake) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   static const InitFrame frames[] = {
       {FINAL_FRAME, WebSocketFrameHeader::kOpCodeText, NOT_MASKED, "HELLO"}};
@@ -1385,7 +1387,7 @@ TEST_F(WebSocketChannelEventInterfaceTest, DataLeftFromHandshake) {
 // A remote server could accept the handshake, but then immediately send a
 // Close frame.
 TEST_F(WebSocketChannelEventInterfaceTest, CloseAfterHandshake) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   static const InitFrame frames[] = {
       {FINAL_FRAME, WebSocketFrameHeader::kOpCodeClose,
@@ -1411,7 +1413,7 @@ TEST_F(WebSocketChannelEventInterfaceTest, CloseAfterHandshake) {
 // A remote server could close the connection immediately after sending the
 // handshake response (most likely a bug in the server).
 TEST_F(WebSocketChannelEventInterfaceTest, ConnectionCloseAfterHandshake) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   stream->PrepareReadFramesError(ReadableFakeWebSocketStream::SYNC,
                                  ERR_CONNECTION_CLOSED);
@@ -1428,7 +1430,7 @@ TEST_F(WebSocketChannelEventInterfaceTest, ConnectionCloseAfterHandshake) {
 }
 
 TEST_F(WebSocketChannelEventInterfaceTest, NormalAsyncRead) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   static const InitFrame frames[] = {
       {FINAL_FRAME, WebSocketFrameHeader::kOpCodeText, NOT_MASKED, "HELLO"}};
@@ -1458,7 +1460,7 @@ TEST_F(WebSocketChannelEventInterfaceTest, NormalAsyncRead) {
 // Extra data can arrive while a read is being processed, resulting in the next
 // read completing synchronously.
 TEST_F(WebSocketChannelEventInterfaceTest, AsyncThenSyncRead) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   static const InitFrame frames1[] = {
       {FINAL_FRAME, WebSocketFrameHeader::kOpCodeText, NOT_MASKED, "HELLO"}};
@@ -1488,7 +1490,7 @@ TEST_F(WebSocketChannelEventInterfaceTest, AsyncThenSyncRead) {
 // Data frames are delivered the same regardless of how many reads they arrive
 // as.
 TEST_F(WebSocketChannelEventInterfaceTest, FragmentedMessage) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   // Here we have one message which arrived in five frames split across three
   // reads. It may have been reframed on arrival, but this class doesn't care
@@ -1539,12 +1541,12 @@ TEST_F(WebSocketChannelEventInterfaceTest, FragmentedMessage) {
   base::MessageLoop::current()->RunUntilIdle();
 }
 
-// A message can consist of one frame with NULL payload.
+// A message can consist of one frame with null payload.
 TEST_F(WebSocketChannelEventInterfaceTest, NullMessage) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   static const InitFrame frames[] = {
-      {FINAL_FRAME, WebSocketFrameHeader::kOpCodeText, NOT_MASKED, NULL}};
+      {FINAL_FRAME, WebSocketFrameHeader::kOpCodeText, NOT_MASKED, nullptr}};
   stream->PrepareReadFrames(ReadableFakeWebSocketStream::SYNC, OK, frames);
   set_stream(std::move(stream));
   EXPECT_CALL(*event_interface_, OnAddChannelResponse(_, _));
@@ -1557,7 +1559,7 @@ TEST_F(WebSocketChannelEventInterfaceTest, NullMessage) {
 
 // Connection closed by the remote host without a closing handshake.
 TEST_F(WebSocketChannelEventInterfaceTest, AsyncAbnormalClosure) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   stream->PrepareReadFramesError(ReadableFakeWebSocketStream::ASYNC,
                                  ERR_CONNECTION_CLOSED);
@@ -1576,7 +1578,7 @@ TEST_F(WebSocketChannelEventInterfaceTest, AsyncAbnormalClosure) {
 
 // A connection reset should produce the same event as an unexpected closure.
 TEST_F(WebSocketChannelEventInterfaceTest, ConnectionReset) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   stream->PrepareReadFramesError(ReadableFakeWebSocketStream::ASYNC,
                                  ERR_CONNECTION_RESET);
@@ -1595,7 +1597,7 @@ TEST_F(WebSocketChannelEventInterfaceTest, ConnectionReset) {
 
 // RFC6455 5.1 "A client MUST close a connection if it detects a masked frame."
 TEST_F(WebSocketChannelEventInterfaceTest, MaskedFramesAreRejected) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   static const InitFrame frames[] = {
       {FINAL_FRAME, WebSocketFrameHeader::kOpCodeText, MASKED, "HELLO"}};
@@ -1619,7 +1621,7 @@ TEST_F(WebSocketChannelEventInterfaceTest, MaskedFramesAreRejected) {
 // RFC6455 5.2 "If an unknown opcode is received, the receiving endpoint MUST
 // _Fail the WebSocket Connection_."
 TEST_F(WebSocketChannelEventInterfaceTest, UnknownOpCodeIsRejected) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   static const InitFrame frames[] = {{FINAL_FRAME, 4, NOT_MASKED, "HELLO"}};
 
@@ -1640,7 +1642,7 @@ TEST_F(WebSocketChannelEventInterfaceTest, UnknownOpCodeIsRejected) {
 // RFC6455 5.4 "Control frames ... MAY be injected in the middle of a
 // fragmented message."
 TEST_F(WebSocketChannelEventInterfaceTest, ControlFrameInDataMessage) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   // We have one message of type Text split into two frames. In the middle is a
   // control message of type Pong.
@@ -1675,12 +1677,12 @@ TEST_F(WebSocketChannelEventInterfaceTest, ControlFrameInDataMessage) {
 }
 
 // It seems redundant to repeat the entirety of the above test, so just test a
-// Pong with NULL data.
+// Pong with null data.
 TEST_F(WebSocketChannelEventInterfaceTest, PongWithNullData) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   static const InitFrame frames[] = {
-      {FINAL_FRAME, WebSocketFrameHeader::kOpCodePong, NOT_MASKED, NULL}};
+      {FINAL_FRAME, WebSocketFrameHeader::kOpCodePong, NOT_MASKED, nullptr}};
   stream->PrepareReadFrames(ReadableFakeWebSocketStream::ASYNC, OK, frames);
   set_stream(std::move(stream));
   EXPECT_CALL(*event_interface_, OnAddChannelResponse(_, _));
@@ -1693,7 +1695,7 @@ TEST_F(WebSocketChannelEventInterfaceTest, PongWithNullData) {
 // If a frame has an invalid header, then the connection is closed and
 // subsequent frames must not trigger events.
 TEST_F(WebSocketChannelEventInterfaceTest, FrameAfterInvalidFrame) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   static const InitFrame frames[] = {
       {NOT_FINAL_FRAME, WebSocketFrameHeader::kOpCodeText, MASKED, "HELLO"},
@@ -1718,7 +1720,7 @@ TEST_F(WebSocketChannelEventInterfaceTest, FrameAfterInvalidFrame) {
 // If the renderer sends lots of small writes, we don't want to update the quota
 // for each one.
 TEST_F(WebSocketChannelEventInterfaceTest, SmallWriteDoesntUpdateQuota) {
-  set_stream(make_scoped_ptr(new WriteableFakeWebSocketStream));
+  set_stream(base::WrapUnique(new WriteableFakeWebSocketStream));
   {
     InSequence s;
     EXPECT_CALL(*event_interface_, OnAddChannelResponse(_, _));
@@ -1732,7 +1734,7 @@ TEST_F(WebSocketChannelEventInterfaceTest, SmallWriteDoesntUpdateQuota) {
 // If we send enough to go below |send_quota_low_water_mark_| we should get our
 // quota refreshed.
 TEST_F(WebSocketChannelEventInterfaceTest, LargeWriteUpdatesQuota) {
-  set_stream(make_scoped_ptr(new WriteableFakeWebSocketStream));
+  set_stream(base::WrapUnique(new WriteableFakeWebSocketStream));
   // We use this checkpoint object to verify that the quota update comes after
   // the write.
   Checkpoint checkpoint;
@@ -1755,7 +1757,7 @@ TEST_F(WebSocketChannelEventInterfaceTest, LargeWriteUpdatesQuota) {
 
 // Verify that our quota actually is refreshed when we are told it is.
 TEST_F(WebSocketChannelEventInterfaceTest, QuotaReallyIsRefreshed) {
-  set_stream(make_scoped_ptr(new WriteableFakeWebSocketStream));
+  set_stream(base::WrapUnique(new WriteableFakeWebSocketStream));
   Checkpoint checkpoint;
   {
     InSequence s;
@@ -1786,7 +1788,7 @@ TEST_F(WebSocketChannelEventInterfaceTest, QuotaReallyIsRefreshed) {
 // If we send more than the available quota then the connection will be closed
 // with an error.
 TEST_F(WebSocketChannelEventInterfaceTest, WriteOverQuotaIsRejected) {
-  set_stream(make_scoped_ptr(new WriteableFakeWebSocketStream));
+  set_stream(base::WrapUnique(new WriteableFakeWebSocketStream));
   {
     InSequence s;
     EXPECT_CALL(*event_interface_, OnAddChannelResponse(_, _));
@@ -1802,7 +1804,7 @@ TEST_F(WebSocketChannelEventInterfaceTest, WriteOverQuotaIsRejected) {
 
 // If a write fails, the channel is dropped.
 TEST_F(WebSocketChannelEventInterfaceTest, FailedWrite) {
-  set_stream(make_scoped_ptr(new UnWriteableFakeWebSocketStream));
+  set_stream(base::WrapUnique(new UnWriteableFakeWebSocketStream));
   Checkpoint checkpoint;
   {
     InSequence s;
@@ -1823,7 +1825,7 @@ TEST_F(WebSocketChannelEventInterfaceTest, FailedWrite) {
 
 // OnDropChannel() is called exactly once when StartClosingHandshake() is used.
 TEST_F(WebSocketChannelEventInterfaceTest, SendCloseDropsChannel) {
-  set_stream(make_scoped_ptr(new EchoeyFakeWebSocketStream));
+  set_stream(base::WrapUnique(new EchoeyFakeWebSocketStream));
   {
     InSequence s;
     EXPECT_CALL(*event_interface_, OnAddChannelResponse(_, _));
@@ -1834,7 +1836,8 @@ TEST_F(WebSocketChannelEventInterfaceTest, SendCloseDropsChannel) {
 
   CreateChannelAndConnectSuccessfully();
 
-  channel_->StartClosingHandshake(kWebSocketNormalClosure, "Fred");
+  ASSERT_EQ(CHANNEL_ALIVE,
+            channel_->StartClosingHandshake(kWebSocketNormalClosure, "Fred"));
   base::MessageLoop::current()->RunUntilIdle();
 }
 
@@ -1845,13 +1848,14 @@ TEST_F(WebSocketChannelEventInterfaceTest, CloseDuringConnection) {
               OnDropChannel(false, kWebSocketErrorAbnormalClosure, ""));
 
   CreateChannelAndConnect();
-  channel_->StartClosingHandshake(kWebSocketNormalClosure, "Joe");
+  ASSERT_EQ(CHANNEL_DELETED,
+            channel_->StartClosingHandshake(kWebSocketNormalClosure, "Joe"));
 }
 
 // OnDropChannel() is only called once when a write() on the socket triggers a
 // connection reset.
 TEST_F(WebSocketChannelEventInterfaceTest, OnDropChannelCalledOnce) {
-  set_stream(make_scoped_ptr(new ResetOnWriteFakeWebSocketStream));
+  set_stream(base::WrapUnique(new ResetOnWriteFakeWebSocketStream));
   EXPECT_CALL(*event_interface_, OnAddChannelResponse(_, _));
   EXPECT_CALL(*event_interface_, OnFlowControl(_));
 
@@ -1868,7 +1872,7 @@ TEST_F(WebSocketChannelEventInterfaceTest, OnDropChannelCalledOnce) {
 // When the remote server sends a Close frame with an empty payload,
 // WebSocketChannel should report code 1005, kWebSocketErrorNoStatusReceived.
 TEST_F(WebSocketChannelEventInterfaceTest, CloseWithNoPayloadGivesStatus1005) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   static const InitFrame frames[] = {
       {FINAL_FRAME, WebSocketFrameHeader::kOpCodeClose, NOT_MASKED, ""}};
@@ -1885,13 +1889,13 @@ TEST_F(WebSocketChannelEventInterfaceTest, CloseWithNoPayloadGivesStatus1005) {
   CreateChannelAndConnectSuccessfully();
 }
 
-// A version of the above test with NULL payload.
+// A version of the above test with null payload.
 TEST_F(WebSocketChannelEventInterfaceTest,
        CloseWithNullPayloadGivesStatus1005) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   static const InitFrame frames[] = {
-      {FINAL_FRAME, WebSocketFrameHeader::kOpCodeClose, NOT_MASKED, NULL}};
+      {FINAL_FRAME, WebSocketFrameHeader::kOpCodeClose, NOT_MASKED, nullptr}};
   stream->PrepareReadFrames(ReadableFakeWebSocketStream::SYNC, OK, frames);
   stream->PrepareReadFramesError(ReadableFakeWebSocketStream::SYNC,
                                  ERR_CONNECTION_CLOSED);
@@ -1908,7 +1912,7 @@ TEST_F(WebSocketChannelEventInterfaceTest,
 // If ReadFrames() returns ERR_WS_PROTOCOL_ERROR, then the connection must be
 // failed.
 TEST_F(WebSocketChannelEventInterfaceTest, SyncProtocolErrorGivesStatus1002) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   stream->PrepareReadFramesError(ReadableFakeWebSocketStream::SYNC,
                                  ERR_WS_PROTOCOL_ERROR);
@@ -1923,7 +1927,7 @@ TEST_F(WebSocketChannelEventInterfaceTest, SyncProtocolErrorGivesStatus1002) {
 
 // Async version of above test.
 TEST_F(WebSocketChannelEventInterfaceTest, AsyncProtocolErrorGivesStatus1002) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   stream->PrepareReadFramesError(ReadableFakeWebSocketStream::ASYNC,
                                  ERR_WS_PROTOCOL_ERROR);
@@ -1947,7 +1951,7 @@ TEST_F(WebSocketChannelEventInterfaceTest, StartHandshakeRequest) {
 
   CreateChannelAndConnectSuccessfully();
 
-  scoped_ptr<WebSocketHandshakeRequestInfo> request_info(
+  std::unique_ptr<WebSocketHandshakeRequestInfo> request_info(
       new WebSocketHandshakeRequestInfo(GURL("ws://www.example.com/"),
                                         base::Time()));
   connect_data_.creator.connect_delegate->OnStartOpeningHandshake(
@@ -1968,12 +1972,9 @@ TEST_F(WebSocketChannelEventInterfaceTest, FinishHandshakeRequest) {
 
   scoped_refptr<HttpResponseHeaders> response_headers(
       new HttpResponseHeaders(""));
-  scoped_ptr<WebSocketHandshakeResponseInfo> response_info(
-      new WebSocketHandshakeResponseInfo(GURL("ws://www.example.com/"),
-                                         200,
-                                         "OK",
-                                         response_headers,
-                                         base::Time()));
+  std::unique_ptr<WebSocketHandshakeResponseInfo> response_info(
+      new WebSocketHandshakeResponseInfo(GURL("ws://www.example.com/"), 200,
+                                         "OK", response_headers, base::Time()));
   connect_data_.creator.connect_delegate->OnFinishOpeningHandshake(
       std::move(response_info));
   base::MessageLoop::current()->RunUntilIdle();
@@ -1992,15 +1993,12 @@ TEST_F(WebSocketChannelEventInterfaceTest, FailJustAfterHandshake) {
   WebSocketStream::ConnectDelegate* connect_delegate =
       connect_data_.creator.connect_delegate.get();
   GURL url("ws://www.example.com/");
-  scoped_ptr<WebSocketHandshakeRequestInfo> request_info(
+  std::unique_ptr<WebSocketHandshakeRequestInfo> request_info(
       new WebSocketHandshakeRequestInfo(url, base::Time()));
   scoped_refptr<HttpResponseHeaders> response_headers(
       new HttpResponseHeaders(""));
-  scoped_ptr<WebSocketHandshakeResponseInfo> response_info(
-      new WebSocketHandshakeResponseInfo(url,
-                                         200,
-                                         "OK",
-                                         response_headers,
+  std::unique_ptr<WebSocketHandshakeResponseInfo> response_info(
+      new WebSocketHandshakeResponseInfo(url, 200, "OK", response_headers,
                                          base::Time()));
   connect_delegate->OnStartOpeningHandshake(std::move(request_info));
   connect_delegate->OnFinishOpeningHandshake(std::move(response_info));
@@ -2012,7 +2010,7 @@ TEST_F(WebSocketChannelEventInterfaceTest, FailJustAfterHandshake) {
 // Any frame after close is invalid. This test uses a Text frame. See also
 // test "PingAfterCloseIfRejected".
 TEST_F(WebSocketChannelEventInterfaceTest, DataAfterCloseIsRejected) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   static const InitFrame frames[] = {
       {FINAL_FRAME, WebSocketFrameHeader::kOpCodeClose, NOT_MASKED,
@@ -2036,7 +2034,7 @@ TEST_F(WebSocketChannelEventInterfaceTest, DataAfterCloseIsRejected) {
 // A Close frame with a one-byte payload elicits a specific console error
 // message.
 TEST_F(WebSocketChannelEventInterfaceTest, OneByteClosePayloadMessage) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   static const InitFrame frames[] = {
       {FINAL_FRAME, WebSocketFrameHeader::kOpCodeClose, NOT_MASKED, "\x03"}};
@@ -2055,7 +2053,7 @@ TEST_F(WebSocketChannelEventInterfaceTest, OneByteClosePayloadMessage) {
 // A Close frame with a reserved status code also elicits a specific console
 // error message.
 TEST_F(WebSocketChannelEventInterfaceTest, ClosePayloadReservedStatusMessage) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   static const InitFrame frames[] = {
       {FINAL_FRAME, WebSocketFrameHeader::kOpCodeClose,
@@ -2075,7 +2073,7 @@ TEST_F(WebSocketChannelEventInterfaceTest, ClosePayloadReservedStatusMessage) {
 // A Close frame with invalid UTF-8 also elicits a specific console error
 // message.
 TEST_F(WebSocketChannelEventInterfaceTest, ClosePayloadInvalidReason) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   static const InitFrame frames[] = {
       {FINAL_FRAME, WebSocketFrameHeader::kOpCodeClose,
@@ -2095,14 +2093,14 @@ TEST_F(WebSocketChannelEventInterfaceTest, ClosePayloadInvalidReason) {
 // The reserved bits must all be clear on received frames. Extensions should
 // clear the bits when they are set correctly before passing on the frame.
 TEST_F(WebSocketChannelEventInterfaceTest, ReservedBitsMustNotBeSet) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   static const InitFrame frames[] = {
       {FINAL_FRAME, WebSocketFrameHeader::kOpCodeText,
        NOT_MASKED,  "sakana"}};
   // It is not worth adding support for reserved bits to InitFrame just for this
   // one test, so set the bit manually.
-  std::vector<scoped_ptr<WebSocketFrame>> raw_frames =
+  std::vector<std::unique_ptr<WebSocketFrame>> raw_frames =
       CreateFrameVector(frames);
   raw_frames[0]->header.reserved1 = true;
   stream->PrepareRawReadFrames(ReadableFakeWebSocketStream::SYNC, OK,
@@ -2122,7 +2120,7 @@ TEST_F(WebSocketChannelEventInterfaceTest, ReservedBitsMustNotBeSet) {
 // response to the client Close message is received.
 TEST_F(WebSocketChannelEventInterfaceTest,
        ClientInitiatedClosingHandshakeTimesOut) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   stream->PrepareReadFramesError(ReadableFakeWebSocketStream::SYNC,
                                  ERR_IO_PENDING);
@@ -2148,7 +2146,8 @@ TEST_F(WebSocketChannelEventInterfaceTest,
       TimeDelta::FromMilliseconds(kVeryTinyTimeoutMillis));
   channel_->SetUnderlyingConnectionCloseTimeoutForTesting(
       TimeDelta::FromMilliseconds(kVeryBigTimeoutMillis));
-  channel_->StartClosingHandshake(kWebSocketNormalClosure, "");
+  ASSERT_EQ(CHANNEL_ALIVE,
+            channel_->StartClosingHandshake(kWebSocketNormalClosure, ""));
   checkpoint.Call(1);
   completion.WaitForResult();
 }
@@ -2157,7 +2156,7 @@ TEST_F(WebSocketChannelEventInterfaceTest,
 // message is received but the connection isn't closed by the remote host.
 TEST_F(WebSocketChannelEventInterfaceTest,
        ServerInitiatedClosingHandshakeTimesOut) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   static const InitFrame frames[] = {
       {FINAL_FRAME, WebSocketFrameHeader::kOpCodeClose,
@@ -2201,7 +2200,7 @@ TEST_F(WebSocketChannelStreamTest, FlowControlEarly) {
 
   set_stream(std::move(mock_stream_));
   CreateChannelAndConnect();
-  channel_->SendFlowControl(kPlentyOfQuota);
+  ASSERT_EQ(CHANNEL_ALIVE, channel_->SendFlowControl(kPlentyOfQuota));
   checkpoint.Call(1);
   connect_data_.creator.connect_delegate->OnSuccess(std::move(stream_));
   checkpoint.Call(2);
@@ -2228,7 +2227,7 @@ TEST_F(WebSocketChannelStreamTest, FlowControlLate) {
   CreateChannelAndConnect();
   connect_data_.creator.connect_delegate->OnSuccess(std::move(stream_));
   checkpoint.Call(1);
-  channel_->SendFlowControl(kPlentyOfQuota);
+  ASSERT_EQ(CHANNEL_ALIVE, channel_->SendFlowControl(kPlentyOfQuota));
   checkpoint.Call(2);
 }
 
@@ -2244,7 +2243,7 @@ TEST_F(WebSocketChannelStreamTest, FlowControlStopsReadFrames) {
 
   set_stream(std::move(mock_stream_));
   CreateChannelAndConnect();
-  channel_->SendFlowControl(4);
+  ASSERT_EQ(CHANNEL_ALIVE, channel_->SendFlowControl(4));
   connect_data_.creator.connect_delegate->OnSuccess(std::move(stream_));
 }
 
@@ -2267,10 +2266,10 @@ TEST_F(WebSocketChannelStreamTest, FlowControlStartsWithMoreQuota) {
 
   set_stream(std::move(mock_stream_));
   CreateChannelAndConnect();
-  channel_->SendFlowControl(4);
+  ASSERT_EQ(CHANNEL_ALIVE, channel_->SendFlowControl(4));
   connect_data_.creator.connect_delegate->OnSuccess(std::move(stream_));
   checkpoint.Call(1);
-  channel_->SendFlowControl(4);
+  ASSERT_EQ(CHANNEL_ALIVE, channel_->SendFlowControl(4));
 }
 
 // ReadFrames() isn't called again until all pending data has been passed to
@@ -2294,18 +2293,18 @@ TEST_F(WebSocketChannelStreamTest, ReadFramesNotCalledUntilQuotaAvailable) {
 
   set_stream(std::move(mock_stream_));
   CreateChannelAndConnect();
-  channel_->SendFlowControl(2);
+  ASSERT_EQ(CHANNEL_ALIVE, channel_->SendFlowControl(2));
   connect_data_.creator.connect_delegate->OnSuccess(std::move(stream_));
   checkpoint.Call(1);
-  channel_->SendFlowControl(2);
+  ASSERT_EQ(CHANNEL_ALIVE, channel_->SendFlowControl(2));
   checkpoint.Call(2);
-  channel_->SendFlowControl(2);
+  ASSERT_EQ(CHANNEL_ALIVE, channel_->SendFlowControl(2));
 }
 
 // A message that needs to be split into frames to fit within quota should
 // maintain correct semantics.
 TEST_F(WebSocketChannelFlowControlTest, SingleFrameMessageSplitSync) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   static const InitFrame frames[] = {
       {FINAL_FRAME, WebSocketFrameHeader::kOpCodeText, NOT_MASKED, "FOUR"}};
@@ -2329,14 +2328,14 @@ TEST_F(WebSocketChannelFlowControlTest, SingleFrameMessageSplitSync) {
   }
 
   CreateChannelAndConnectWithQuota(2);
-  channel_->SendFlowControl(1);
-  channel_->SendFlowControl(1);
+  ASSERT_EQ(CHANNEL_ALIVE, channel_->SendFlowControl(1));
+  ASSERT_EQ(CHANNEL_ALIVE, channel_->SendFlowControl(1));
 }
 
 // The code path for async messages is slightly different, so test it
 // separately.
 TEST_F(WebSocketChannelFlowControlTest, SingleFrameMessageSplitAsync) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   static const InitFrame frames[] = {
       {FINAL_FRAME, WebSocketFrameHeader::kOpCodeText, NOT_MASKED, "FOUR"}};
@@ -2367,9 +2366,9 @@ TEST_F(WebSocketChannelFlowControlTest, SingleFrameMessageSplitAsync) {
   checkpoint.Call(1);
   base::MessageLoop::current()->RunUntilIdle();
   checkpoint.Call(2);
-  channel_->SendFlowControl(1);
+  ASSERT_EQ(CHANNEL_ALIVE, channel_->SendFlowControl(1));
   checkpoint.Call(3);
-  channel_->SendFlowControl(1);
+  ASSERT_EQ(CHANNEL_ALIVE, channel_->SendFlowControl(1));
 }
 
 // A message split into multiple frames which is further split due to quota
@@ -2378,7 +2377,7 @@ TEST_F(WebSocketChannelFlowControlTest, SingleFrameMessageSplitAsync) {
 // necessary. The complexity/performance tradeoffs here need further
 // examination.
 TEST_F(WebSocketChannelFlowControlTest, MultipleFrameSplit) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   static const InitFrame frames[] = {
       {NOT_FINAL_FRAME, WebSocketFrameHeader::kOpCodeText,
@@ -2415,22 +2414,21 @@ TEST_F(WebSocketChannelFlowControlTest, MultipleFrameSplit) {
                             AsVector("FRAME IS 24 BYTES.")));
   }
   CreateChannelAndConnectWithQuota(14);
-  channel_->SendFlowControl(43);
-  channel_->SendFlowControl(32);
+  ASSERT_EQ(CHANNEL_ALIVE, channel_->SendFlowControl(43));
+  ASSERT_EQ(CHANNEL_ALIVE, channel_->SendFlowControl(32));
 }
 
 // An empty message handled when we are out of quota must not be delivered
 // out-of-order with respect to other messages.
 TEST_F(WebSocketChannelFlowControlTest, EmptyMessageNoQuota) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   static const InitFrame frames[] = {
-      {FINAL_FRAME, WebSocketFrameHeader::kOpCodeText,
-       NOT_MASKED,  "FIRST MESSAGE"},
-      {FINAL_FRAME, WebSocketFrameHeader::kOpCodeText,
-       NOT_MASKED,  NULL},
-      {FINAL_FRAME, WebSocketFrameHeader::kOpCodeText,
-       NOT_MASKED,  "THIRD MESSAGE"}};
+      {FINAL_FRAME, WebSocketFrameHeader::kOpCodeText, NOT_MASKED,
+       "FIRST MESSAGE"},
+      {FINAL_FRAME, WebSocketFrameHeader::kOpCodeText, NOT_MASKED, nullptr},
+      {FINAL_FRAME, WebSocketFrameHeader::kOpCodeText, NOT_MASKED,
+       "THIRD MESSAGE"}};
   stream->PrepareReadFrames(ReadableFakeWebSocketStream::SYNC, OK, frames);
   set_stream(std::move(stream));
   {
@@ -2456,7 +2454,58 @@ TEST_F(WebSocketChannelFlowControlTest, EmptyMessageNoQuota) {
   }
 
   CreateChannelAndConnectWithQuota(6);
-  channel_->SendFlowControl(128);
+  ASSERT_EQ(CHANNEL_ALIVE, channel_->SendFlowControl(128));
+}
+
+// A close frame should not overtake data frames.
+TEST_F(WebSocketChannelFlowControlTest, CloseFrameShouldNotOvertakeDataFrames) {
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
+      new ReadableFakeWebSocketStream);
+  static const InitFrame frames[] = {
+      {NOT_FINAL_FRAME, WebSocketFrameHeader::kOpCodeText, NOT_MASKED,
+       "FIRST "},
+      {FINAL_FRAME, WebSocketFrameHeader::kOpCodeContinuation, NOT_MASKED,
+       "MESSAGE"},
+      {NOT_FINAL_FRAME, WebSocketFrameHeader::kOpCodeText, NOT_MASKED,
+       "SECOND "},
+      {FINAL_FRAME, WebSocketFrameHeader::kOpCodeClose, NOT_MASKED,
+       CLOSE_DATA(NORMAL_CLOSURE, "GOOD BYE")},
+  };
+  stream->PrepareReadFrames(ReadableFakeWebSocketStream::SYNC, OK, frames);
+  set_stream(std::move(stream));
+  Checkpoint checkpoint;
+  InSequence s;
+  EXPECT_CALL(*event_interface_, OnAddChannelResponse(_, _));
+  EXPECT_CALL(*event_interface_, OnFlowControl(_));
+  EXPECT_CALL(*event_interface_,
+              OnDataFrame(false, WebSocketFrameHeader::kOpCodeText,
+                          AsVector("FIRST ")));
+  EXPECT_CALL(checkpoint, Call(1));
+  EXPECT_CALL(*event_interface_,
+              OnDataFrame(false, WebSocketFrameHeader::kOpCodeContinuation,
+                          AsVector("MESSAG")));
+  EXPECT_CALL(checkpoint, Call(2));
+  EXPECT_CALL(*event_interface_,
+              OnDataFrame(true, WebSocketFrameHeader::kOpCodeContinuation,
+                          AsVector("E")));
+  EXPECT_CALL(
+      *event_interface_,
+      OnDataFrame(false, WebSocketFrameHeader::kOpCodeText, AsVector("SECON")));
+  EXPECT_CALL(checkpoint, Call(3));
+  EXPECT_CALL(*event_interface_,
+              OnDataFrame(false, WebSocketFrameHeader::kOpCodeContinuation,
+                          AsVector("D ")));
+  EXPECT_CALL(*event_interface_, OnClosingHandshake());
+  EXPECT_CALL(checkpoint, Call(4));
+
+  CreateChannelAndConnectWithQuota(6);
+  checkpoint.Call(1);
+  ASSERT_EQ(CHANNEL_ALIVE, channel_->SendFlowControl(6));
+  checkpoint.Call(2);
+  ASSERT_EQ(CHANNEL_ALIVE, channel_->SendFlowControl(6));
+  checkpoint.Call(3);
+  ASSERT_EQ(CHANNEL_ALIVE, channel_->SendFlowControl(6));
+  checkpoint.Call(4);
 }
 
 // RFC6455 5.1 "a client MUST mask all frames that it sends to the server".
@@ -2490,7 +2539,7 @@ TEST_F(WebSocketChannelStreamTest, NothingIsSentAfterClose) {
       .WillOnce(Return(OK));
 
   CreateChannelAndConnectSuccessfully();
-  channel_->StartClosingHandshake(1000, "Success");
+  ASSERT_EQ(CHANNEL_ALIVE, channel_->StartClosingHandshake(1000, "Success"));
   channel_->SendFrame(
       true, WebSocketFrameHeader::kOpCodeText, AsVector("SHOULD  BE IGNORED"));
 }
@@ -2528,7 +2577,7 @@ TEST_F(WebSocketChannelStreamTest, CloseOnlySentOnce) {
   // We store the parameters that were passed to ReadFrames() so that we can
   // call them explicitly later.
   CompletionCallback read_callback;
-  std::vector<scoped_ptr<WebSocketFrame>>* frames = NULL;
+  std::vector<std::unique_ptr<WebSocketFrame>>* frames = nullptr;
 
   // These are not interesting.
   EXPECT_CALL(*mock_stream_, GetSubProtocol()).Times(AnyNumber());
@@ -2555,7 +2604,8 @@ TEST_F(WebSocketChannelStreamTest, CloseOnlySentOnce) {
 
   CreateChannelAndConnectSuccessfully();
   checkpoint.Call(1);
-  channel_->StartClosingHandshake(kWebSocketNormalClosure, "Close");
+  ASSERT_EQ(CHANNEL_ALIVE,
+            channel_->StartClosingHandshake(kWebSocketNormalClosure, "Close"));
   checkpoint.Call(2);
 
   *frames = CreateFrameVector(frames_init);
@@ -2577,7 +2627,7 @@ TEST_F(WebSocketChannelStreamTest, InvalidCloseStatusCodeNotSent) {
   EXPECT_CALL(*mock_stream_, WriteFrames(EqualsFrames(expected), _));
 
   CreateChannelAndConnectSuccessfully();
-  channel_->StartClosingHandshake(999, "");
+  ASSERT_EQ(CHANNEL_ALIVE, channel_->StartClosingHandshake(999, ""));
 }
 
 // A Close frame with a reason longer than 123 bytes cannot be sent on the
@@ -2595,7 +2645,8 @@ TEST_F(WebSocketChannelStreamTest, LongCloseReasonNotSent) {
   EXPECT_CALL(*mock_stream_, WriteFrames(EqualsFrames(expected), _));
 
   CreateChannelAndConnectSuccessfully();
-  channel_->StartClosingHandshake(1000, std::string(124, 'A'));
+  ASSERT_EQ(CHANNEL_ALIVE,
+            channel_->StartClosingHandshake(1000, std::string(124, 'A')));
 }
 
 // We generate code 1005, kWebSocketErrorNoStatusReceived, when there is no
@@ -2621,7 +2672,7 @@ TEST_F(WebSocketChannelStreamTest, Code1005IsNotEchoed) {
 
 TEST_F(WebSocketChannelStreamTest, Code1005IsNotEchoedNull) {
   static const InitFrame frames[] = {
-      {FINAL_FRAME, WebSocketFrameHeader::kOpCodeClose, NOT_MASKED, NULL}};
+      {FINAL_FRAME, WebSocketFrameHeader::kOpCodeClose, NOT_MASKED, nullptr}};
   static const InitFrame expected[] = {
       {FINAL_FRAME, WebSocketFrameHeader::kOpCodeClose, MASKED, ""}};
   EXPECT_CALL(*mock_stream_, GetSubProtocol()).Times(AnyNumber());
@@ -2680,13 +2731,13 @@ TEST_F(WebSocketChannelStreamTest, PingRepliedWithPong) {
   CreateChannelAndConnectSuccessfully();
 }
 
-// A ping with a NULL payload should be responded to with a Pong with a NULL
+// A ping with a null payload should be responded to with a Pong with a null
 // payload.
 TEST_F(WebSocketChannelStreamTest, NullPingRepliedWithNullPong) {
   static const InitFrame frames[] = {
-      {FINAL_FRAME, WebSocketFrameHeader::kOpCodePing, NOT_MASKED, NULL}};
+      {FINAL_FRAME, WebSocketFrameHeader::kOpCodePing, NOT_MASKED, nullptr}};
   static const InitFrame expected[] = {
-      {FINAL_FRAME, WebSocketFrameHeader::kOpCodePong, MASKED, NULL}};
+      {FINAL_FRAME, WebSocketFrameHeader::kOpCodePong, MASKED, nullptr}};
   EXPECT_CALL(*mock_stream_, GetSubProtocol()).Times(AnyNumber());
   EXPECT_CALL(*mock_stream_, GetExtensions()).Times(AnyNumber());
   EXPECT_CALL(*mock_stream_, ReadFrames(_, _))
@@ -2710,7 +2761,7 @@ TEST_F(WebSocketChannelStreamTest, PongInTheMiddleOfDataMessage) {
   static const InitFrame expected3[] = {
       {FINAL_FRAME, WebSocketFrameHeader::kOpCodeContinuation,
        MASKED,      "World"}};
-  std::vector<scoped_ptr<WebSocketFrame>>* read_frames;
+  std::vector<std::unique_ptr<WebSocketFrame>>* read_frames;
   CompletionCallback read_callback;
   EXPECT_CALL(*mock_stream_, GetSubProtocol()).Times(AnyNumber());
   EXPECT_CALL(*mock_stream_, GetExtensions()).Times(AnyNumber());
@@ -2831,7 +2882,7 @@ TEST_F(WebSocketChannelStreamTest, SendGoingAwayOnRendererQuotaExceeded) {
 // protocol also has Binary frames and those need to be 8-bit clean. For the
 // sake of completeness, this test verifies that they are.
 TEST_F(WebSocketChannelStreamTest, WrittenBinaryFramesAre8BitClean) {
-  std::vector<scoped_ptr<WebSocketFrame>>* frames = NULL;
+  std::vector<std::unique_ptr<WebSocketFrame>>* frames = nullptr;
 
   EXPECT_CALL(*mock_stream_, GetSubProtocol()).Times(AnyNumber());
   EXPECT_CALL(*mock_stream_, GetExtensions()).Times(AnyNumber());
@@ -2844,7 +2895,7 @@ TEST_F(WebSocketChannelStreamTest, WrittenBinaryFramesAre8BitClean) {
       true,
       WebSocketFrameHeader::kOpCodeBinary,
       std::vector<char>(kBinaryBlob, kBinaryBlob + kBinaryBlobSize));
-  ASSERT_TRUE(frames != NULL);
+  ASSERT_TRUE(frames != nullptr);
   ASSERT_EQ(1U, frames->size());
   const WebSocketFrame* out_frame = (*frames)[0].get();
   EXPECT_EQ(kBinaryBlobSize, out_frame->header.payload_length);
@@ -2854,16 +2905,16 @@ TEST_F(WebSocketChannelStreamTest, WrittenBinaryFramesAre8BitClean) {
 
 // Test the read path for 8-bit cleanliness as well.
 TEST_F(WebSocketChannelEventInterfaceTest, ReadBinaryFramesAre8BitClean) {
-  scoped_ptr<WebSocketFrame> frame(
+  std::unique_ptr<WebSocketFrame> frame(
       new WebSocketFrame(WebSocketFrameHeader::kOpCodeBinary));
   WebSocketFrameHeader& frame_header = frame->header;
   frame_header.final = true;
   frame_header.payload_length = kBinaryBlobSize;
   frame->data = new IOBuffer(kBinaryBlobSize);
   memcpy(frame->data->data(), kBinaryBlob, kBinaryBlobSize);
-  std::vector<scoped_ptr<WebSocketFrame>> frames;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames;
   frames.push_back(std::move(frame));
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   stream->PrepareRawReadFrames(ReadableFakeWebSocketStream::SYNC, OK,
                                std::move(frames));
@@ -2978,7 +3029,7 @@ TEST_F(WebSocketChannelSendUtf8Test, ValidateMultipleTextMessages) {
 
 // UTF-8 validation is enforced on received Text frames.
 TEST_F(WebSocketChannelEventInterfaceTest, ReceivedInvalidUtf8) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   static const InitFrame frames[] = {
       {FINAL_FRAME, WebSocketFrameHeader::kOpCodeText, NOT_MASKED, "\xff"}};
@@ -3167,7 +3218,7 @@ TEST_F(WebSocketChannelReceiveUtf8Test, ValidateMultipleReceived) {
 
 // A new data message cannot start in the middle of another data message.
 TEST_F(WebSocketChannelEventInterfaceTest, BogusContinuation) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   static const InitFrame frames[] = {
       {NOT_FINAL_FRAME, WebSocketFrameHeader::kOpCodeBinary,
@@ -3193,7 +3244,7 @@ TEST_F(WebSocketChannelEventInterfaceTest, BogusContinuation) {
 
 // A new message cannot start with a Continuation frame.
 TEST_F(WebSocketChannelEventInterfaceTest, MessageStartingWithContinuation) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   static const InitFrame frames[] = {
       {FINAL_FRAME, WebSocketFrameHeader::kOpCodeContinuation,
@@ -3212,7 +3263,7 @@ TEST_F(WebSocketChannelEventInterfaceTest, MessageStartingWithContinuation) {
 // A frame passed to the renderer must be either non-empty or have the final bit
 // set.
 TEST_F(WebSocketChannelEventInterfaceTest, DataFramesNonEmptyOrFinal) {
-  scoped_ptr<ReadableFakeWebSocketStream> stream(
+  std::unique_ptr<ReadableFakeWebSocketStream> stream(
       new ReadableFakeWebSocketStream);
   static const InitFrame frames[] = {
       {NOT_FINAL_FRAME, WebSocketFrameHeader::kOpCodeText, NOT_MASKED, ""},
@@ -3238,7 +3289,7 @@ TEST_F(WebSocketChannelEventInterfaceTest, OnSSLCertificateErrorCalled) {
   connect_data_.socket_url = wss_url;
   const SSLInfo ssl_info;
   const bool fatal = true;
-  scoped_ptr<WebSocketEventInterface::SSLErrorCallbacks> fake_callbacks(
+  std::unique_ptr<WebSocketEventInterface::SSLErrorCallbacks> fake_callbacks(
       new FakeSSLErrorCallbacks);
 
   EXPECT_CALL(*event_interface_,
@@ -3306,7 +3357,7 @@ class WebSocketChannelStreamTimeoutTest : public WebSocketChannelStreamTest {
   void CreateChannelAndConnectSuccessfully() override {
     set_stream(std::move(mock_stream_));
     CreateChannelAndConnect();
-    channel_->SendFlowControl(kPlentyOfQuota);
+    ASSERT_EQ(CHANNEL_ALIVE, channel_->SendFlowControl(kPlentyOfQuota));
     channel_->SetClosingHandshakeTimeoutForTesting(
         TimeDelta::FromMilliseconds(kVeryTinyTimeoutMillis));
     channel_->SetUnderlyingConnectionCloseTimeoutForTesting(
@@ -3370,7 +3421,8 @@ TEST_F(WebSocketChannelStreamTimeoutTest, ClientInitiatedCloseTimesOut) {
   }
 
   CreateChannelAndConnectSuccessfully();
-  channel_->StartClosingHandshake(kWebSocketNormalClosure, "OK");
+  ASSERT_EQ(CHANNEL_ALIVE,
+            channel_->StartClosingHandshake(kWebSocketNormalClosure, "OK"));
   completion.WaitForResult();
 }
 
@@ -3388,7 +3440,7 @@ TEST_F(WebSocketChannelStreamTimeoutTest, ConnectionCloseTimesOut) {
   EXPECT_CALL(*mock_stream_, GetSubProtocol()).Times(AnyNumber());
   EXPECT_CALL(*mock_stream_, GetExtensions()).Times(AnyNumber());
   TestClosure completion;
-  std::vector<scoped_ptr<WebSocketFrame>>* read_frames = NULL;
+  std::vector<std::unique_ptr<WebSocketFrame>>* read_frames = nullptr;
   CompletionCallback read_callback;
   {
     InSequence s;
@@ -3413,7 +3465,8 @@ TEST_F(WebSocketChannelStreamTimeoutTest, ConnectionCloseTimesOut) {
   }
 
   CreateChannelAndConnectSuccessfully();
-  channel_->StartClosingHandshake(kWebSocketNormalClosure, "OK");
+  ASSERT_EQ(CHANNEL_ALIVE,
+            channel_->StartClosingHandshake(kWebSocketNormalClosure, "OK"));
   ASSERT_TRUE(read_frames);
   // Provide the "Close" message from the server.
   *read_frames = CreateFrameVector(frames);
@@ -3431,7 +3484,7 @@ TEST_F(WebSocketChannelTest, CurrentSendQuotaNonZero) {
 // Verify that current_send_quota() is updated when SendFrame() is called.
 TEST_F(WebSocketChannelTest, CurrentSendQuotaUpdated) {
   const int kMessageSize = 5;
-  set_stream(make_scoped_ptr(new WriteableFakeWebSocketStream));
+  set_stream(base::WrapUnique(new WriteableFakeWebSocketStream));
   CreateChannelAndConnectSuccessfully();
 
   int initial_send_quota = channel_->current_send_quota();
diff --git a/chromium/net/websockets/websocket_deflate_predictor.h b/chromium/net/websockets/websocket_deflate_predictor.h
index 38566ddfa50..fde316e8cb8 100644
--- a/chromium/net/websockets/websocket_deflate_predictor.h
+++ b/chromium/net/websockets/websocket_deflate_predictor.h
@@ -7,9 +7,9 @@
 
 #include <stddef.h>
 
+#include <memory>
 #include <vector>
 
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 
 namespace net {
@@ -41,8 +41,9 @@ class NET_EXPORT_PRIVATE WebSocketDeflatePredictor {
   // but future frames may contain control message frames.
   // |frames[frame_index]| cannot be recorded yet and all preceding
   // data frames have to be already recorded when this method is called.
-  virtual Result Predict(const std::vector<scoped_ptr<WebSocketFrame>>& frames,
-                         size_t frame_index) = 0;
+  virtual Result Predict(
+      const std::vector<std::unique_ptr<WebSocketFrame>>& frames,
+      size_t frame_index) = 0;
 
   // Records frame data for future prediction.
   // Only data frames should be recorded. Do not pass control frames' data.
diff --git a/chromium/net/websockets/websocket_deflate_predictor_impl.cc b/chromium/net/websockets/websocket_deflate_predictor_impl.cc
index 77366070e9b..60120008aa0 100644
--- a/chromium/net/websockets/websocket_deflate_predictor_impl.cc
+++ b/chromium/net/websockets/websocket_deflate_predictor_impl.cc
@@ -9,7 +9,7 @@ namespace net {
 typedef WebSocketDeflatePredictor::Result Result;
 
 Result WebSocketDeflatePredictorImpl::Predict(
-    const std::vector<scoped_ptr<WebSocketFrame>>& frames,
+    const std::vector<std::unique_ptr<WebSocketFrame>>& frames,
     size_t frame_index) {
   return DEFLATE;
 }
diff --git a/chromium/net/websockets/websocket_deflate_predictor_impl.h b/chromium/net/websockets/websocket_deflate_predictor_impl.h
index 6086431010f..3a0b09c6f04 100644
--- a/chromium/net/websockets/websocket_deflate_predictor_impl.h
+++ b/chromium/net/websockets/websocket_deflate_predictor_impl.h
@@ -7,9 +7,9 @@
 
 #include <stddef.h>
 
+#include <memory>
 #include <vector>
 
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 #include "net/websockets/websocket_deflate_predictor.h"
 
@@ -22,7 +22,7 @@ class NET_EXPORT_PRIVATE WebSocketDeflatePredictorImpl
  public:
   ~WebSocketDeflatePredictorImpl() override {}
 
-  Result Predict(const std::vector<scoped_ptr<WebSocketFrame>>& frames,
+  Result Predict(const std::vector<std::unique_ptr<WebSocketFrame>>& frames,
                  size_t frame_index) override;
   void RecordInputDataFrame(const WebSocketFrame* frame) override;
   void RecordWrittenDataFrame(const WebSocketFrame* frame) override;
diff --git a/chromium/net/websockets/websocket_deflate_predictor_impl_test.cc b/chromium/net/websockets/websocket_deflate_predictor_impl_test.cc
index 279ca48f50d..191232daf2a 100644
--- a/chromium/net/websockets/websocket_deflate_predictor_impl_test.cc
+++ b/chromium/net/websockets/websocket_deflate_predictor_impl_test.cc
@@ -6,6 +6,7 @@
 
 #include <vector>
 
+#include "base/memory/ptr_util.h"
 #include "net/websockets/websocket_frame.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
@@ -17,9 +18,9 @@ typedef WebSocketDeflatePredictor::Result Result;
 
 TEST(WebSocketDeflatePredictorImpl, Predict) {
   WebSocketDeflatePredictorImpl predictor;
-  std::vector<scoped_ptr<WebSocketFrame>> frames;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames;
   frames.push_back(
-      make_scoped_ptr(new WebSocketFrame(WebSocketFrameHeader::kOpCodeText)));
+      base::WrapUnique(new WebSocketFrame(WebSocketFrameHeader::kOpCodeText)));
   Result result = predictor.Predict(frames, 0);
 
   EXPECT_EQ(WebSocketDeflatePredictor::DEFLATE, result);
diff --git a/chromium/net/websockets/websocket_deflate_stream.cc b/chromium/net/websockets/websocket_deflate_stream.cc
index 798d9b7d462..5281493576d 100644
--- a/chromium/net/websockets/websocket_deflate_stream.cc
+++ b/chromium/net/websockets/websocket_deflate_stream.cc
@@ -5,7 +5,9 @@
 #include "net/websockets/websocket_deflate_stream.h"
 
 #include <stdint.h>
+
 #include <algorithm>
+#include <memory>
 #include <string>
 #include <utility>
 #include <vector>
@@ -13,7 +15,6 @@
 #include "base/bind.h"
 #include "base/logging.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/completion_callback.h"
 #include "net/base/io_buffer.h"
 #include "net/base/net_errors.h"
@@ -37,9 +38,9 @@ const size_t kChunkSize = 4 * 1024;
 }  // namespace
 
 WebSocketDeflateStream::WebSocketDeflateStream(
-    scoped_ptr<WebSocketStream> stream,
+    std::unique_ptr<WebSocketStream> stream,
     const WebSocketDeflateParameters& params,
-    scoped_ptr<WebSocketDeflatePredictor> predictor)
+    std::unique_ptr<WebSocketDeflatePredictor> predictor)
     : stream_(std::move(stream)),
       deflater_(params.client_context_take_over_mode()),
       inflater_(kChunkSize, kChunkSize),
@@ -62,7 +63,7 @@ WebSocketDeflateStream::WebSocketDeflateStream(
 WebSocketDeflateStream::~WebSocketDeflateStream() {}
 
 int WebSocketDeflateStream::ReadFrames(
-    std::vector<scoped_ptr<WebSocketFrame>>* frames,
+    std::vector<std::unique_ptr<WebSocketFrame>>* frames,
     const CompletionCallback& callback) {
   int result = stream_->ReadFrames(
       frames,
@@ -79,7 +80,7 @@ int WebSocketDeflateStream::ReadFrames(
 }
 
 int WebSocketDeflateStream::WriteFrames(
-    std::vector<scoped_ptr<WebSocketFrame>>* frames,
+    std::vector<std::unique_ptr<WebSocketFrame>>* frames,
     const CompletionCallback& callback) {
   int result = Deflate(frames);
   if (result != OK)
@@ -100,7 +101,7 @@ std::string WebSocketDeflateStream::GetExtensions() const {
 }
 
 void WebSocketDeflateStream::OnReadComplete(
-    std::vector<scoped_ptr<WebSocketFrame>>* frames,
+    std::vector<std::unique_ptr<WebSocketFrame>>* frames,
     const CompletionCallback& callback,
     int result) {
   if (result != OK) {
@@ -115,11 +116,11 @@ void WebSocketDeflateStream::OnReadComplete(
 }
 
 int WebSocketDeflateStream::Deflate(
-    std::vector<scoped_ptr<WebSocketFrame>>* frames) {
-  std::vector<scoped_ptr<WebSocketFrame>> frames_to_write;
+    std::vector<std::unique_ptr<WebSocketFrame>>* frames) {
+  std::vector<std::unique_ptr<WebSocketFrame>> frames_to_write;
   // Store frames of the currently processed message if writing_state_ equals to
   // WRITING_POSSIBLY_COMPRESSED_MESSAGE.
-  std::vector<scoped_ptr<WebSocketFrame>> frames_of_message;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames_of_message;
   for (size_t i = 0; i < frames->size(); ++i) {
     DCHECK(!(*frames)[i]->header.reserved1);
     if (!WebSocketFrameHeader::IsKnownDataOpCode((*frames)[i]->header.opcode)) {
@@ -129,7 +130,7 @@ int WebSocketDeflateStream::Deflate(
     if (writing_state_ == NOT_WRITING)
       OnMessageStart(*frames, i);
 
-    scoped_ptr<WebSocketFrame> frame(std::move((*frames)[i]));
+    std::unique_ptr<WebSocketFrame> frame(std::move((*frames)[i]));
     predictor_->RecordInputDataFrame(frame.get());
 
     if (writing_state_ == WRITING_UNCOMPRESSED_MESSAGE) {
@@ -183,7 +184,7 @@ int WebSocketDeflateStream::Deflate(
 }
 
 void WebSocketDeflateStream::OnMessageStart(
-    const std::vector<scoped_ptr<WebSocketFrame>>& frames,
+    const std::vector<std::unique_ptr<WebSocketFrame>>& frames,
     size_t index) {
   WebSocketFrame* frame = frames[index].get();
   current_writing_opcode_ = frame->header.opcode;
@@ -208,7 +209,7 @@ void WebSocketDeflateStream::OnMessageStart(
 
 int WebSocketDeflateStream::AppendCompressedFrame(
     const WebSocketFrameHeader& header,
-    std::vector<scoped_ptr<WebSocketFrame>>* frames_to_write) {
+    std::vector<std::unique_ptr<WebSocketFrame>>* frames_to_write) {
   const WebSocketFrameHeader::OpCode opcode = current_writing_opcode_;
   scoped_refptr<IOBufferWithSize> compressed_payload =
       deflater_.GetOutput(deflater_.CurrentOutputSize());
@@ -217,7 +218,7 @@ int WebSocketDeflateStream::AppendCompressedFrame(
              << "deflater_.GetOutput() returns an error.";
     return ERR_WS_PROTOCOL_ERROR;
   }
-  scoped_ptr<WebSocketFrame> compressed(new WebSocketFrame(opcode));
+  std::unique_ptr<WebSocketFrame> compressed(new WebSocketFrame(opcode));
   compressed->header.CopyFrom(header);
   compressed->header.opcode = opcode;
   compressed->header.final = header.final;
@@ -233,8 +234,8 @@ int WebSocketDeflateStream::AppendCompressedFrame(
 }
 
 int WebSocketDeflateStream::AppendPossiblyCompressedMessage(
-    std::vector<scoped_ptr<WebSocketFrame>>* frames,
-    std::vector<scoped_ptr<WebSocketFrame>>* frames_to_write) {
+    std::vector<std::unique_ptr<WebSocketFrame>>* frames,
+    std::vector<std::unique_ptr<WebSocketFrame>>* frames_to_write) {
   DCHECK(!frames->empty());
 
   const WebSocketFrameHeader::OpCode opcode = current_writing_opcode_;
@@ -261,14 +262,14 @@ int WebSocketDeflateStream::AppendPossiblyCompressedMessage(
       static_cast<uint64_t>(compressed_payload->size())) {
     // Compression is not effective. Use the original frames.
     for (size_t i = 0; i < frames->size(); ++i) {
-      scoped_ptr<WebSocketFrame> frame = std::move((*frames)[i]);
+      std::unique_ptr<WebSocketFrame> frame = std::move((*frames)[i]);
       predictor_->RecordWrittenDataFrame(frame.get());
       frames_to_write->push_back(std::move(frame));
     }
     frames->clear();
     return OK;
   }
-  scoped_ptr<WebSocketFrame> compressed(new WebSocketFrame(opcode));
+  std::unique_ptr<WebSocketFrame> compressed(new WebSocketFrame(opcode));
   compressed->header.CopyFrom((*frames)[0]->header);
   compressed->header.opcode = opcode;
   compressed->header.final = true;
@@ -282,12 +283,12 @@ int WebSocketDeflateStream::AppendPossiblyCompressedMessage(
 }
 
 int WebSocketDeflateStream::Inflate(
-    std::vector<scoped_ptr<WebSocketFrame>>* frames) {
-  std::vector<scoped_ptr<WebSocketFrame>> frames_to_output;
-  std::vector<scoped_ptr<WebSocketFrame>> frames_passed;
+    std::vector<std::unique_ptr<WebSocketFrame>>* frames) {
+  std::vector<std::unique_ptr<WebSocketFrame>> frames_to_output;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames_passed;
   frames->swap(frames_passed);
   for (size_t i = 0; i < frames_passed.size(); ++i) {
-    scoped_ptr<WebSocketFrame> frame(std::move(frames_passed[i]));
+    std::unique_ptr<WebSocketFrame> frame(std::move(frames_passed[i]));
     frames_passed[i] = NULL;
     DVLOG(3) << "Input frame: opcode=" << frame->header.opcode
              << " final=" << frame->header.final
@@ -342,7 +343,7 @@ int WebSocketDeflateStream::Inflate(
       while (inflater_.CurrentOutputSize() >= kChunkSize ||
              frame->header.final) {
         size_t size = std::min(kChunkSize, inflater_.CurrentOutputSize());
-        scoped_ptr<WebSocketFrame> inflated(
+        std::unique_ptr<WebSocketFrame> inflated(
             new WebSocketFrame(WebSocketFrameHeader::kOpCodeText));
         scoped_refptr<IOBufferWithSize> data = inflater_.GetOutput(size);
         bool is_final = !inflater_.CurrentOutputSize() && frame->header.final;
@@ -375,7 +376,7 @@ int WebSocketDeflateStream::Inflate(
 }
 
 int WebSocketDeflateStream::InflateAndReadIfNecessary(
-    std::vector<scoped_ptr<WebSocketFrame>>* frames,
+    std::vector<std::unique_ptr<WebSocketFrame>>* frames,
     const CompletionCallback& callback) {
   int result = Inflate(frames);
   while (result == ERR_IO_PENDING) {
diff --git a/chromium/net/websockets/websocket_deflate_stream.h b/chromium/net/websockets/websocket_deflate_stream.h
index 6143d0d1d7c..bcccd06d753 100644
--- a/chromium/net/websockets/websocket_deflate_stream.h
+++ b/chromium/net/websockets/websocket_deflate_stream.h
@@ -7,11 +7,11 @@
 
 #include <stddef.h>
 
+#include <memory>
 #include <string>
 #include <vector>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/completion_callback.h"
 #include "net/base/net_export.h"
 #include "net/websockets/websocket_deflater.h"
@@ -42,15 +42,15 @@ class WebSocketDeflatePredictor;
 // [1]: http://tools.ietf.org/html/draft-ietf-hybi-permessage-compression-12
 class NET_EXPORT_PRIVATE WebSocketDeflateStream : public WebSocketStream {
  public:
-  WebSocketDeflateStream(scoped_ptr<WebSocketStream> stream,
+  WebSocketDeflateStream(std::unique_ptr<WebSocketStream> stream,
                          const WebSocketDeflateParameters& params,
-                         scoped_ptr<WebSocketDeflatePredictor> predictor);
+                         std::unique_ptr<WebSocketDeflatePredictor> predictor);
   ~WebSocketDeflateStream() override;
 
   // WebSocketStream functions.
-  int ReadFrames(std::vector<scoped_ptr<WebSocketFrame>>* frames,
+  int ReadFrames(std::vector<std::unique_ptr<WebSocketFrame>>* frames,
                  const CompletionCallback& callback) override;
-  int WriteFrames(std::vector<scoped_ptr<WebSocketFrame>>* frames,
+  int WriteFrames(std::vector<std::unique_ptr<WebSocketFrame>>* frames,
                   const CompletionCallback& callback) override;
   void Close() override;
   std::string GetSubProtocol() const override;
@@ -71,35 +71,37 @@ class NET_EXPORT_PRIVATE WebSocketDeflateStream : public WebSocketStream {
   };
 
   // Handles asynchronous completion of ReadFrames() call on |stream_|.
-  void OnReadComplete(std::vector<scoped_ptr<WebSocketFrame>>* frames,
+  void OnReadComplete(std::vector<std::unique_ptr<WebSocketFrame>>* frames,
                       const CompletionCallback& callback,
                       int result);
 
   // This function deflates |frames| and stores the result to |frames| itself.
-  int Deflate(std::vector<scoped_ptr<WebSocketFrame>>* frames);
-  void OnMessageStart(const std::vector<scoped_ptr<WebSocketFrame>>& frames,
-                      size_t index);
+  int Deflate(std::vector<std::unique_ptr<WebSocketFrame>>* frames);
+  void OnMessageStart(
+      const std::vector<std::unique_ptr<WebSocketFrame>>& frames,
+      size_t index);
   int AppendCompressedFrame(
       const WebSocketFrameHeader& header,
-      std::vector<scoped_ptr<WebSocketFrame>>* frames_to_write);
+      std::vector<std::unique_ptr<WebSocketFrame>>* frames_to_write);
   int AppendPossiblyCompressedMessage(
-      std::vector<scoped_ptr<WebSocketFrame>>* frames,
-      std::vector<scoped_ptr<WebSocketFrame>>* frames_to_write);
+      std::vector<std::unique_ptr<WebSocketFrame>>* frames,
+      std::vector<std::unique_ptr<WebSocketFrame>>* frames_to_write);
 
   // This function inflates |frames| and stores the result to |frames| itself.
-  int Inflate(std::vector<scoped_ptr<WebSocketFrame>>* frames);
+  int Inflate(std::vector<std::unique_ptr<WebSocketFrame>>* frames);
 
-  int InflateAndReadIfNecessary(std::vector<scoped_ptr<WebSocketFrame>>* frames,
-                                const CompletionCallback& callback);
+  int InflateAndReadIfNecessary(
+      std::vector<std::unique_ptr<WebSocketFrame>>* frames,
+      const CompletionCallback& callback);
 
-  const scoped_ptr<WebSocketStream> stream_;
+  const std::unique_ptr<WebSocketStream> stream_;
   WebSocketDeflater deflater_;
   WebSocketInflater inflater_;
   ReadingState reading_state_;
   WritingState writing_state_;
   WebSocketFrameHeader::OpCode current_reading_opcode_;
   WebSocketFrameHeader::OpCode current_writing_opcode_;
-  scoped_ptr<WebSocketDeflatePredictor> predictor_;
+  std::unique_ptr<WebSocketDeflatePredictor> predictor_;
 
   DISALLOW_COPY_AND_ASSIGN(WebSocketDeflateStream);
 };
diff --git a/chromium/net/websockets/websocket_deflate_stream_test.cc b/chromium/net/websockets/websocket_deflate_stream_test.cc
index a470e2a2a9d..5106df710cd 100644
--- a/chromium/net/websockets/websocket_deflate_stream_test.cc
+++ b/chromium/net/websockets/websocket_deflate_stream_test.cc
@@ -6,16 +6,18 @@
 
 #include <stddef.h>
 #include <stdint.h>
+
 #include <deque>
 #include <iterator>
+#include <memory>
 #include <string>
 #include <utility>
 #include <vector>
 
 #include "base/bind.h"
 #include "base/macros.h"
+#include "base/memory/ptr_util.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/completion_callback.h"
 #include "net/base/io_buffer.h"
 #include "net/base/net_errors.h"
@@ -76,15 +78,15 @@ std::string ToString(const WebSocketFrame* frame) {
                            : "";
 }
 
-std::string ToString(const scoped_ptr<WebSocketFrame>& frame) {
+std::string ToString(const std::unique_ptr<WebSocketFrame>& frame) {
   return ToString(frame.get());
 }
 
-void AppendTo(std::vector<scoped_ptr<WebSocketFrame>>* frames,
+void AppendTo(std::vector<std::unique_ptr<WebSocketFrame>>* frames,
               WebSocketFrameHeader::OpCode opcode,
               FrameFlag flag,
               const std::string& data) {
-  scoped_ptr<WebSocketFrame> frame(new WebSocketFrame(opcode));
+  std::unique_ptr<WebSocketFrame> frame(new WebSocketFrame(opcode));
   frame->header.final = (flag & kFinal);
   frame->header.reserved1 = (flag & kReserved1);
   frame->data = ToIOBuffer(data);
@@ -92,10 +94,10 @@ void AppendTo(std::vector<scoped_ptr<WebSocketFrame>>* frames,
   frames->push_back(std::move(frame));
 }
 
-void AppendTo(std::vector<scoped_ptr<WebSocketFrame>>* frames,
+void AppendTo(std::vector<std::unique_ptr<WebSocketFrame>>* frames,
               WebSocketFrameHeader::OpCode opcode,
               FrameFlag flag) {
-  scoped_ptr<WebSocketFrame> frame(new WebSocketFrame(opcode));
+  std::unique_ptr<WebSocketFrame> frame(new WebSocketFrame(opcode));
   frame->header.final = (flag & kFinal);
   frame->header.reserved1 = (flag & kReserved1);
   frames->push_back(std::move(frame));
@@ -104,10 +106,10 @@ void AppendTo(std::vector<scoped_ptr<WebSocketFrame>>* frames,
 class MockWebSocketStream : public WebSocketStream {
  public:
   MOCK_METHOD2(ReadFrames,
-               int(std::vector<scoped_ptr<WebSocketFrame>>*,
+               int(std::vector<std::unique_ptr<WebSocketFrame>>*,
                    const CompletionCallback&));
   MOCK_METHOD2(WriteFrames,
-               int(std::vector<scoped_ptr<WebSocketFrame>>*,
+               int(std::vector<std::unique_ptr<WebSocketFrame>>*,
                    const CompletionCallback&));
   MOCK_METHOD0(Close, void());
   MOCK_CONST_METHOD0(GetSubProtocol, std::string());
@@ -134,7 +136,7 @@ class WebSocketDeflatePredictorMock : public WebSocketDeflatePredictor {
   }
 
   // WebSocketDeflatePredictor functions.
-  Result Predict(const std::vector<scoped_ptr<WebSocketFrame>>& frames,
+  Result Predict(const std::vector<std::unique_ptr<WebSocketFrame>>& frames,
                  size_t frame_index) override {
     return result_;
   }
@@ -189,11 +191,12 @@ class WebSocketDeflatePredictorMock : public WebSocketDeflatePredictor {
     frames_written_.pop_front();
   }
   void AddFramesToBeInput(
-      const std::vector<scoped_ptr<WebSocketFrame>>& frames) {
+      const std::vector<std::unique_ptr<WebSocketFrame>>& frames) {
     for (size_t i = 0; i < frames.size(); ++i)
       AddFrameToBeInput(frames[i].get());
   }
-  void VerifySentFrames(const std::vector<scoped_ptr<WebSocketFrame>>& frames) {
+  void VerifySentFrames(
+      const std::vector<std::unique_ptr<WebSocketFrame>>& frames) {
     for (size_t i = 0; i < frames.size(); ++i)
       VerifySentFrame(frames[i].get());
   }
@@ -241,11 +244,11 @@ class WebSocketDeflateStreamTest : public ::testing::Test {
     mock_stream_ = new testing::StrictMock<MockWebSocketStream>;
     predictor_ = new WebSocketDeflatePredictorMock;
     deflate_stream_.reset(new WebSocketDeflateStream(
-        scoped_ptr<WebSocketStream>(mock_stream_), parameters,
-        scoped_ptr<WebSocketDeflatePredictor>(predictor_)));
+        std::unique_ptr<WebSocketStream>(mock_stream_), parameters,
+        std::unique_ptr<WebSocketDeflatePredictor>(predictor_)));
   }
 
-  scoped_ptr<WebSocketDeflateStream> deflate_stream_;
+  std::unique_ptr<WebSocketDeflateStream> deflate_stream_;
   // Owned by |deflate_stream_|.
   MockWebSocketStream* mock_stream_;
   // Owned by |deflate_stream_|.
@@ -290,7 +293,7 @@ class WebSocketDeflateStreamWithClientWindowBitsTest
   }
 
  protected:
-  std::vector<scoped_ptr<WebSocketFrame>> frames_;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames_;
 };
 
 // ReadFrameStub is a stub for WebSocketStream::ReadFrames.
@@ -301,12 +304,12 @@ class ReadFramesStub {
   explicit ReadFramesStub(int result) : result_(result) {}
 
   ReadFramesStub(int result,
-                 std::vector<scoped_ptr<WebSocketFrame>>* frames_to_output)
+                 std::vector<std::unique_ptr<WebSocketFrame>>* frames_to_output)
       : result_(result) {
     frames_to_output_.swap(*frames_to_output);
   }
 
-  int Call(std::vector<scoped_ptr<WebSocketFrame>>* frames,
+  int Call(std::vector<std::unique_ptr<WebSocketFrame>>* frames,
            const CompletionCallback& callback) {
     DCHECK(frames->empty());
     frames_passed_ = frames;
@@ -317,15 +320,15 @@ class ReadFramesStub {
 
   int result() const { return result_; }
   const CompletionCallback& callback() const { return callback_; }
-  std::vector<scoped_ptr<WebSocketFrame>>* frames_passed() {
+  std::vector<std::unique_ptr<WebSocketFrame>>* frames_passed() {
     return frames_passed_;
   }
 
  private:
   int result_;
   CompletionCallback callback_;
-  std::vector<scoped_ptr<WebSocketFrame>> frames_to_output_;
-  std::vector<scoped_ptr<WebSocketFrame>>* frames_passed_;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames_to_output_;
+  std::vector<std::unique_ptr<WebSocketFrame>>* frames_passed_;
 };
 
 // WriteFramesStub is a stub for WebSocketStream::WriteFrames.
@@ -337,7 +340,7 @@ class WriteFramesStub {
                            int result)
       : result_(result), predictor_(predictor) {}
 
-  int Call(std::vector<scoped_ptr<WebSocketFrame>>* frames,
+  int Call(std::vector<std::unique_ptr<WebSocketFrame>>* frames,
            const CompletionCallback& callback) {
     frames_.insert(frames_.end(), std::make_move_iterator(frames->begin()),
                    std::make_move_iterator(frames->end()));
@@ -349,17 +352,17 @@ class WriteFramesStub {
 
   int result() const { return result_; }
   const CompletionCallback& callback() const { return callback_; }
-  std::vector<scoped_ptr<WebSocketFrame>>* frames() { return &frames_; }
+  std::vector<std::unique_ptr<WebSocketFrame>>* frames() { return &frames_; }
 
  private:
   int result_;
   CompletionCallback callback_;
-  std::vector<scoped_ptr<WebSocketFrame>> frames_;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames_;
   WebSocketDeflatePredictorMock* predictor_;
 };
 
 TEST_F(WebSocketDeflateStreamTest, ReadFailedImmediately) {
-  std::vector<scoped_ptr<WebSocketFrame>> frames;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames;
   CompletionCallback callback;
   {
     InSequence s;
@@ -370,13 +373,13 @@ TEST_F(WebSocketDeflateStreamTest, ReadFailedImmediately) {
 }
 
 TEST_F(WebSocketDeflateStreamTest, ReadUncompressedFrameImmediately) {
-  std::vector<scoped_ptr<WebSocketFrame>> frames_to_output;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames_to_output;
   AppendTo(&frames_to_output,
            WebSocketFrameHeader::kOpCodeText,
            kFinal,
            "hello");
   ReadFramesStub stub(OK, &frames_to_output);
-  std::vector<scoped_ptr<WebSocketFrame>> frames;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames;
 
   {
     InSequence s;
@@ -394,7 +397,7 @@ TEST_F(WebSocketDeflateStreamTest, ReadUncompressedFrameImmediately) {
 
 TEST_F(WebSocketDeflateStreamTest, ReadUncompressedFrameAsync) {
   ReadFramesStub stub(ERR_IO_PENDING);
-  std::vector<scoped_ptr<WebSocketFrame>> frames;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames;
   MockCallback mock_callback, checkpoint;
   CompletionCallback callback =
       base::Bind(&MockCallback::Call, base::Unretained(&mock_callback));
@@ -425,7 +428,7 @@ TEST_F(WebSocketDeflateStreamTest, ReadUncompressedFrameAsync) {
 
 TEST_F(WebSocketDeflateStreamTest, ReadFailedAsync) {
   ReadFramesStub stub(ERR_IO_PENDING);
-  std::vector<scoped_ptr<WebSocketFrame>> frames;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames;
   MockCallback mock_callback, checkpoint;
   CompletionCallback callback =
       base::Bind(&MockCallback::Call, base::Unretained(&mock_callback));
@@ -451,14 +454,14 @@ TEST_F(WebSocketDeflateStreamTest, ReadFailedAsync) {
 }
 
 TEST_F(WebSocketDeflateStreamTest, ReadCompressedFrameImmediately) {
-  std::vector<scoped_ptr<WebSocketFrame>> frames_to_output;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames_to_output;
   AppendTo(&frames_to_output,
            WebSocketFrameHeader::kOpCodeText,
            kFinal | kReserved1,
            std::string("\xf2\x48\xcd\xc9\xc9\x07\x00", 7));
   ReadFramesStub stub(OK, &frames_to_output);
   CompletionCallback callback;
-  std::vector<scoped_ptr<WebSocketFrame>> frames;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames;
   {
     InSequence s;
     EXPECT_CALL(*mock_stream_, ReadFrames(&frames, _))
@@ -477,7 +480,7 @@ TEST_F(WebSocketDeflateStreamTest, ReadCompressedFrameAsync) {
   MockCallback mock_callback, checkpoint;
   CompletionCallback callback =
       base::Bind(&MockCallback::Call, base::Unretained(&mock_callback));
-  std::vector<scoped_ptr<WebSocketFrame>> frames;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames;
   {
     InSequence s;
     EXPECT_CALL(*mock_stream_, ReadFrames(&frames, _))
@@ -504,7 +507,7 @@ TEST_F(WebSocketDeflateStreamTest, ReadCompressedFrameAsync) {
 
 TEST_F(WebSocketDeflateStreamTest,
        ReadCompressedFrameFragmentImmediatelyButInflaterReturnsPending) {
-  std::vector<scoped_ptr<WebSocketFrame>> frames_to_output;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames_to_output;
   const std::string data1("\xf2", 1);
   const std::string data2("\x48\xcd\xc9\xc9\x07\x00", 6);
   AppendTo(&frames_to_output,
@@ -515,7 +518,7 @@ TEST_F(WebSocketDeflateStreamTest,
   MockCallback mock_callback, checkpoint;
   CompletionCallback callback =
       base::Bind(&MockCallback::Call, base::Unretained(&mock_callback));
-  std::vector<scoped_ptr<WebSocketFrame>> frames;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames;
 
   {
     InSequence s;
@@ -545,14 +548,14 @@ TEST_F(WebSocketDeflateStreamTest,
 
 TEST_F(WebSocketDeflateStreamTest, ReadInvalidCompressedPayload) {
   const std::string data("\xf2\x48\xcdINVALID", 10);
-  std::vector<scoped_ptr<WebSocketFrame>> frames_to_output;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames_to_output;
   AppendTo(&frames_to_output,
            WebSocketFrameHeader::kOpCodeText,
            kFinal | kReserved1,
            data);
   ReadFramesStub stub(OK, &frames_to_output);
   CompletionCallback callback;
-  std::vector<scoped_ptr<WebSocketFrame>> frames;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames;
 
   {
     InSequence s;
@@ -567,7 +570,7 @@ TEST_F(WebSocketDeflateStreamTest, ReadInvalidCompressedPayload) {
 TEST_F(WebSocketDeflateStreamTest, MergeMultipleFramesInReadFrames) {
   const std::string data1("\xf2\x48\xcd", 3);
   const std::string data2("\xc9\xc9\x07\x00", 4);
-  std::vector<scoped_ptr<WebSocketFrame>> frames_to_output;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames_to_output;
   AppendTo(&frames_to_output,
            WebSocketFrameHeader::kOpCodeText,
            kReserved1,
@@ -578,7 +581,7 @@ TEST_F(WebSocketDeflateStreamTest, MergeMultipleFramesInReadFrames) {
            data2);
   ReadFramesStub stub(OK, &frames_to_output);
   CompletionCallback callback;
-  std::vector<scoped_ptr<WebSocketFrame>> frames;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames;
 
   {
     InSequence s;
@@ -594,7 +597,7 @@ TEST_F(WebSocketDeflateStreamTest, MergeMultipleFramesInReadFrames) {
 }
 
 TEST_F(WebSocketDeflateStreamTest, ReadUncompressedEmptyFrames) {
-  std::vector<scoped_ptr<WebSocketFrame>> frames_to_output;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames_to_output;
   AppendTo(&frames_to_output,
            WebSocketFrameHeader::kOpCodeText,
            kNoFlag);
@@ -603,7 +606,7 @@ TEST_F(WebSocketDeflateStreamTest, ReadUncompressedEmptyFrames) {
            kFinal);
   ReadFramesStub stub(OK, &frames_to_output);
   CompletionCallback callback;
-  std::vector<scoped_ptr<WebSocketFrame>> frames;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames;
 
   {
     InSequence s;
@@ -624,7 +627,7 @@ TEST_F(WebSocketDeflateStreamTest, ReadUncompressedEmptyFrames) {
 }
 
 TEST_F(WebSocketDeflateStreamTest, ReadCompressedEmptyFrames) {
-  std::vector<scoped_ptr<WebSocketFrame>> frames_to_output;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames_to_output;
   AppendTo(&frames_to_output,
            WebSocketFrameHeader::kOpCodeText,
            kReserved1,
@@ -634,7 +637,7 @@ TEST_F(WebSocketDeflateStreamTest, ReadCompressedEmptyFrames) {
            kFinal);
   ReadFramesStub stub(OK, &frames_to_output);
   CompletionCallback callback;
-  std::vector<scoped_ptr<WebSocketFrame>> frames;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames;
 
   {
     InSequence s;
@@ -652,7 +655,7 @@ TEST_F(WebSocketDeflateStreamTest, ReadCompressedEmptyFrames) {
 TEST_F(WebSocketDeflateStreamTest,
        ReadCompressedFrameFollowedByEmptyFrame) {
   const std::string data("\xf2\x48\xcd\xc9\xc9\x07\x00", 7);
-  std::vector<scoped_ptr<WebSocketFrame>> frames_to_output;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames_to_output;
   AppendTo(&frames_to_output,
            WebSocketFrameHeader::kOpCodeText,
            kReserved1,
@@ -662,7 +665,7 @@ TEST_F(WebSocketDeflateStreamTest,
            kFinal);
   ReadFramesStub stub(OK, &frames_to_output);
   CompletionCallback callback;
-  std::vector<scoped_ptr<WebSocketFrame>> frames;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames;
 
   {
     InSequence s;
@@ -680,7 +683,7 @@ TEST_F(WebSocketDeflateStreamTest,
 TEST_F(WebSocketDeflateStreamTest, ReadControlFrameBetweenDataFrames) {
   const std::string data1("\xf2\x48\xcd", 3);
   const std::string data2("\xc9\xc9\x07\x00", 4);
-  std::vector<scoped_ptr<WebSocketFrame>> frames_to_output;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames_to_output;
   AppendTo(&frames_to_output,
            WebSocketFrameHeader::kOpCodeText,
            kReserved1,
@@ -689,7 +692,7 @@ TEST_F(WebSocketDeflateStreamTest, ReadControlFrameBetweenDataFrames) {
   AppendTo(&frames_to_output, WebSocketFrameHeader::kOpCodeText, kFinal, data2);
   ReadFramesStub stub(OK, &frames_to_output);
   CompletionCallback callback;
-  std::vector<scoped_ptr<WebSocketFrame>> frames;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames;
 
   {
     InSequence s;
@@ -715,7 +718,7 @@ TEST_F(WebSocketDeflateStreamTest, SplitToMultipleFramesInReadFrames) {
   deflater.AddBytes(original_data.data(), original_data.size());
   deflater.Finish();
 
-  std::vector<scoped_ptr<WebSocketFrame>> frames_to_output;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames_to_output;
   AppendTo(&frames_to_output,
            WebSocketFrameHeader::kOpCodeBinary,
            kFinal | kReserved1,
@@ -723,7 +726,7 @@ TEST_F(WebSocketDeflateStreamTest, SplitToMultipleFramesInReadFrames) {
 
   ReadFramesStub stub(OK, &frames_to_output);
   CompletionCallback callback;
-  std::vector<scoped_ptr<WebSocketFrame>> frames;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames;
   {
     InSequence s;
     EXPECT_CALL(*mock_stream_, ReadFrames(&frames, _))
@@ -757,7 +760,7 @@ TEST_F(WebSocketDeflateStreamTest, InflaterInternalDataCanBeEmpty) {
   deflater.AddBytes(original_data.data(), original_data.size());
   deflater.Finish();
 
-  std::vector<scoped_ptr<WebSocketFrame>> frames_to_output;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames_to_output;
   AppendTo(&frames_to_output,
            WebSocketFrameHeader::kOpCodeBinary,
            kReserved1,
@@ -769,7 +772,7 @@ TEST_F(WebSocketDeflateStreamTest, InflaterInternalDataCanBeEmpty) {
 
   ReadFramesStub stub(OK, &frames_to_output);
   CompletionCallback callback;
-  std::vector<scoped_ptr<WebSocketFrame>> frames;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames;
   {
     InSequence s;
     EXPECT_CALL(*mock_stream_, ReadFrames(&frames, _))
@@ -795,7 +798,7 @@ TEST_F(WebSocketDeflateStreamTest,
        Reserved1TurnsOnDuringReadingCompressedContinuationFrame) {
   const std::string data1("\xf2\x48\xcd", 3);
   const std::string data2("\xc9\xc9\x07\x00", 4);
-  std::vector<scoped_ptr<WebSocketFrame>> frames_to_output;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames_to_output;
   AppendTo(&frames_to_output,
            WebSocketFrameHeader::kOpCodeText,
            kReserved1,
@@ -806,7 +809,7 @@ TEST_F(WebSocketDeflateStreamTest,
            data2);
   ReadFramesStub stub(OK, &frames_to_output);
   CompletionCallback callback;
-  std::vector<scoped_ptr<WebSocketFrame>> frames;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames;
 
   {
     InSequence s;
@@ -819,7 +822,7 @@ TEST_F(WebSocketDeflateStreamTest,
 
 TEST_F(WebSocketDeflateStreamTest,
        Reserved1TurnsOnDuringReadingUncompressedContinuationFrame) {
-  std::vector<scoped_ptr<WebSocketFrame>> frames_to_output;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames_to_output;
   AppendTo(&frames_to_output,
            WebSocketFrameHeader::kOpCodeText,
            kNoFlag,
@@ -830,7 +833,7 @@ TEST_F(WebSocketDeflateStreamTest,
            "world");
   ReadFramesStub stub(OK, &frames_to_output);
   CompletionCallback callback;
-  std::vector<scoped_ptr<WebSocketFrame>> frames;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames;
 
   {
     InSequence s;
@@ -842,7 +845,7 @@ TEST_F(WebSocketDeflateStreamTest,
 }
 
 TEST_F(WebSocketDeflateStreamTest, ReadCompressedMessages) {
-  std::vector<scoped_ptr<WebSocketFrame>> frames_to_output;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames_to_output;
   AppendTo(&frames_to_output,
            WebSocketFrameHeader::kOpCodeText,
            kFinal | kReserved1,
@@ -854,7 +857,7 @@ TEST_F(WebSocketDeflateStreamTest, ReadCompressedMessages) {
            std::string("\x4a\x86\x33\x8d\x00\x00", 6));
   ReadFramesStub stub(OK, &frames_to_output);
   CompletionCallback callback;
-  std::vector<scoped_ptr<WebSocketFrame>> frames;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames;
 
   {
     InSequence s;
@@ -874,7 +877,7 @@ TEST_F(WebSocketDeflateStreamTest, ReadCompressedMessages) {
 }
 
 TEST_F(WebSocketDeflateStreamTest, ReadUncompressedMessages) {
-  std::vector<scoped_ptr<WebSocketFrame>> frames_to_output;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames_to_output;
   AppendTo(&frames_to_output,
            WebSocketFrameHeader::kOpCodeText,
            kFinal,
@@ -885,7 +888,7 @@ TEST_F(WebSocketDeflateStreamTest, ReadUncompressedMessages) {
            "uncompressed2");
   ReadFramesStub stub(OK, &frames_to_output);
   CompletionCallback callback;
-  std::vector<scoped_ptr<WebSocketFrame>> frames;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames;
 
   {
     InSequence s;
@@ -906,7 +909,7 @@ TEST_F(WebSocketDeflateStreamTest, ReadUncompressedMessages) {
 
 TEST_F(WebSocketDeflateStreamTest,
        ReadCompressedMessageThenUncompressedMessage) {
-  std::vector<scoped_ptr<WebSocketFrame>> frames_to_output;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames_to_output;
   AppendTo(&frames_to_output,
            WebSocketFrameHeader::kOpCodeText,
            kFinal | kReserved1,
@@ -918,7 +921,7 @@ TEST_F(WebSocketDeflateStreamTest,
            "uncompressed");
   ReadFramesStub stub(OK, &frames_to_output);
   CompletionCallback callback;
-  std::vector<scoped_ptr<WebSocketFrame>> frames;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames;
 
   {
     InSequence s;
@@ -939,7 +942,7 @@ TEST_F(WebSocketDeflateStreamTest,
 
 TEST_F(WebSocketDeflateStreamTest,
        ReadUncompressedMessageThenCompressedMessage) {
-  std::vector<scoped_ptr<WebSocketFrame>> frames_to_output;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames_to_output;
   AppendTo(&frames_to_output,
            WebSocketFrameHeader::kOpCodeText,
            kFinal,
@@ -951,7 +954,7 @@ TEST_F(WebSocketDeflateStreamTest,
                "\x4a\xce\xcf\x2d\x28\x4a\x2d\x2e\x4e\x4d\x01\x00", 12));
   ReadFramesStub stub(OK, &frames_to_output);
   CompletionCallback callback;
-  std::vector<scoped_ptr<WebSocketFrame>> frames;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames;
 
   {
     InSequence s;
@@ -972,13 +975,13 @@ TEST_F(WebSocketDeflateStreamTest,
 
 // This is a regression test for crbug.com/343506.
 TEST_F(WebSocketDeflateStreamTest, ReadEmptyAsyncFrame) {
-  std::vector<scoped_ptr<ReadFramesStub>> stub_vector;
-  stub_vector.push_back(make_scoped_ptr(new ReadFramesStub(ERR_IO_PENDING)));
-  stub_vector.push_back(make_scoped_ptr(new ReadFramesStub(ERR_IO_PENDING)));
+  std::vector<std::unique_ptr<ReadFramesStub>> stub_vector;
+  stub_vector.push_back(base::WrapUnique(new ReadFramesStub(ERR_IO_PENDING)));
+  stub_vector.push_back(base::WrapUnique(new ReadFramesStub(ERR_IO_PENDING)));
   MockCallback mock_callback;
   CompletionCallback callback =
       base::Bind(&MockCallback::Call, base::Unretained(&mock_callback));
-  std::vector<scoped_ptr<WebSocketFrame>> frames;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames;
 
   {
     InSequence s;
@@ -1008,7 +1011,7 @@ TEST_F(WebSocketDeflateStreamTest, ReadEmptyAsyncFrame) {
 }
 
 TEST_F(WebSocketDeflateStreamTest, WriteEmpty) {
-  std::vector<scoped_ptr<WebSocketFrame>> frames;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames;
   CompletionCallback callback;
   {
     InSequence s;
@@ -1018,7 +1021,7 @@ TEST_F(WebSocketDeflateStreamTest, WriteEmpty) {
 }
 
 TEST_F(WebSocketDeflateStreamTest, WriteFailedImmediately) {
-  std::vector<scoped_ptr<WebSocketFrame>> frames;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames;
   CompletionCallback callback;
   {
     InSequence s;
@@ -1033,7 +1036,7 @@ TEST_F(WebSocketDeflateStreamTest, WriteFailedImmediately) {
 }
 
 TEST_F(WebSocketDeflateStreamTest, WriteFrameImmediately) {
-  std::vector<scoped_ptr<WebSocketFrame>> frames;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames;
   CompletionCallback callback;
   WriteFramesStub stub(predictor_, OK);
   AppendTo(&frames, WebSocketFrameHeader::kOpCodeText, kFinal, "Hello");
@@ -1044,7 +1047,8 @@ TEST_F(WebSocketDeflateStreamTest, WriteFrameImmediately) {
         .WillOnce(Invoke(&stub, &WriteFramesStub::Call));
   }
   ASSERT_EQ(OK, deflate_stream_->WriteFrames(&frames, callback));
-  const std::vector<scoped_ptr<WebSocketFrame>>& frames_passed = *stub.frames();
+  const std::vector<std::unique_ptr<WebSocketFrame>>& frames_passed =
+      *stub.frames();
   ASSERT_EQ(1u, frames_passed.size());
   EXPECT_EQ(WebSocketFrameHeader::kOpCodeText, frames_passed[0]->header.opcode);
   EXPECT_TRUE(frames_passed[0]->header.final);
@@ -1058,7 +1062,7 @@ TEST_F(WebSocketDeflateStreamTest, WriteFrameAsync) {
   MockCallback mock_callback, checkpoint;
   CompletionCallback callback =
       base::Bind(&MockCallback::Call, base::Unretained(&mock_callback));
-  std::vector<scoped_ptr<WebSocketFrame>> frames;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames;
   {
     InSequence s;
     EXPECT_CALL(*mock_stream_, WriteFrames(&frames, _))
@@ -1073,7 +1077,8 @@ TEST_F(WebSocketDeflateStreamTest, WriteFrameAsync) {
   checkpoint.Call(0);
   stub.callback().Run(OK);
 
-  const std::vector<scoped_ptr<WebSocketFrame>>& frames_passed = *stub.frames();
+  const std::vector<std::unique_ptr<WebSocketFrame>>& frames_passed =
+      *stub.frames();
   ASSERT_EQ(1u, frames_passed.size());
   EXPECT_EQ(WebSocketFrameHeader::kOpCodeText, frames_passed[0]->header.opcode);
   EXPECT_TRUE(frames_passed[0]->header.final);
@@ -1083,7 +1088,7 @@ TEST_F(WebSocketDeflateStreamTest, WriteFrameAsync) {
 }
 
 TEST_F(WebSocketDeflateStreamTest, WriteControlFrameBetweenDataFrames) {
-  std::vector<scoped_ptr<WebSocketFrame>> frames;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames;
   AppendTo(&frames, WebSocketFrameHeader::kOpCodeText, kNoFlag, "Hel");
   AppendTo(&frames, WebSocketFrameHeader::kOpCodePing, kFinal);
   AppendTo(&frames, WebSocketFrameHeader::kOpCodeContinuation, kFinal, "lo");
@@ -1097,7 +1102,8 @@ TEST_F(WebSocketDeflateStreamTest, WriteControlFrameBetweenDataFrames) {
         .WillOnce(Invoke(&stub, &WriteFramesStub::Call));
   }
   ASSERT_EQ(OK, deflate_stream_->WriteFrames(&frames, callback));
-  const std::vector<scoped_ptr<WebSocketFrame>>& frames_passed = *stub.frames();
+  const std::vector<std::unique_ptr<WebSocketFrame>>& frames_passed =
+      *stub.frames();
   ASSERT_EQ(2u, frames_passed.size());
   EXPECT_EQ(WebSocketFrameHeader::kOpCodePing, frames_passed[0]->header.opcode);
   EXPECT_TRUE(frames_passed[0]->header.final);
@@ -1110,7 +1116,7 @@ TEST_F(WebSocketDeflateStreamTest, WriteControlFrameBetweenDataFrames) {
 }
 
 TEST_F(WebSocketDeflateStreamTest, WriteEmptyMessage) {
-  std::vector<scoped_ptr<WebSocketFrame>> frames;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames;
   AppendTo(&frames, WebSocketFrameHeader::kOpCodeText, kFinal);
   predictor_->AddFramesToBeInput(frames);
   WriteFramesStub stub(predictor_, OK);
@@ -1122,7 +1128,8 @@ TEST_F(WebSocketDeflateStreamTest, WriteEmptyMessage) {
         .WillOnce(Invoke(&stub, &WriteFramesStub::Call));
   }
   ASSERT_EQ(OK, deflate_stream_->WriteFrames(&frames, callback));
-  const std::vector<scoped_ptr<WebSocketFrame>>& frames_passed = *stub.frames();
+  const std::vector<std::unique_ptr<WebSocketFrame>>& frames_passed =
+      *stub.frames();
   ASSERT_EQ(1u, frames_passed.size());
   EXPECT_EQ(WebSocketFrameHeader::kOpCodeText, frames_passed[0]->header.opcode);
   EXPECT_TRUE(frames_passed[0]->header.final);
@@ -1131,7 +1138,7 @@ TEST_F(WebSocketDeflateStreamTest, WriteEmptyMessage) {
 }
 
 TEST_F(WebSocketDeflateStreamTest, WriteUncompressedMessage) {
-  std::vector<scoped_ptr<WebSocketFrame>> frames;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames;
   AppendTo(&frames, WebSocketFrameHeader::kOpCodeText, kNoFlag, "AAAA");
   AppendTo(&frames, WebSocketFrameHeader::kOpCodeContinuation, kFinal, "AAA");
   predictor_->AddFramesToBeInput(frames);
@@ -1146,7 +1153,8 @@ TEST_F(WebSocketDeflateStreamTest, WriteUncompressedMessage) {
         .WillOnce(Invoke(&stub, &WriteFramesStub::Call));
   }
   ASSERT_EQ(OK, deflate_stream_->WriteFrames(&frames, callback));
-  const std::vector<scoped_ptr<WebSocketFrame>>& frames_passed = *stub.frames();
+  const std::vector<std::unique_ptr<WebSocketFrame>>& frames_passed =
+      *stub.frames();
   ASSERT_EQ(2u, frames_passed.size());
   EXPECT_EQ(WebSocketFrameHeader::kOpCodeText, frames_passed[0]->header.opcode);
   EXPECT_FALSE(frames_passed[0]->header.final);
@@ -1171,12 +1179,12 @@ TEST_F(WebSocketDeflateStreamTest, LargeDeflatedFramesShouldBeSplit) {
     EXPECT_CALL(*mock_stream_, WriteFrames(_, _))
         .WillRepeatedly(Invoke(&stub, &WriteFramesStub::Call));
   }
-  std::vector<scoped_ptr<WebSocketFrame>> total_compressed_frames;
+  std::vector<std::unique_ptr<WebSocketFrame>> total_compressed_frames;
 
   deflater.Initialize(kWindowBits);
   while (true) {
     bool is_final = (total_compressed_frames.size() >= 2);
-    std::vector<scoped_ptr<WebSocketFrame>> frames;
+    std::vector<std::unique_ptr<WebSocketFrame>> frames;
     std::string data;
     for (size_t i = 0; i < size; ++i)
       data += static_cast<char>(lcg.Generate());
@@ -1216,7 +1224,7 @@ TEST_F(WebSocketDeflateStreamTest, LargeDeflatedFramesShouldBeSplit) {
 }
 
 TEST_F(WebSocketDeflateStreamTest, WriteMultipleMessages) {
-  std::vector<scoped_ptr<WebSocketFrame>> frames;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames;
   AppendTo(&frames, WebSocketFrameHeader::kOpCodeText, kFinal, "Hello");
   AppendTo(&frames, WebSocketFrameHeader::kOpCodeText, kFinal, "Hello");
   predictor_->AddFramesToBeInput(frames);
@@ -1229,7 +1237,8 @@ TEST_F(WebSocketDeflateStreamTest, WriteMultipleMessages) {
         .WillOnce(Invoke(&stub, &WriteFramesStub::Call));
   }
   ASSERT_EQ(OK, deflate_stream_->WriteFrames(&frames, callback));
-  const std::vector<scoped_ptr<WebSocketFrame>>& frames_passed = *stub.frames();
+  const std::vector<std::unique_ptr<WebSocketFrame>>& frames_passed =
+      *stub.frames();
   ASSERT_EQ(2u, frames_passed.size());
   EXPECT_EQ(WebSocketFrameHeader::kOpCodeText, frames_passed[0]->header.opcode);
   EXPECT_TRUE(frames_passed[0]->header.final);
@@ -1244,7 +1253,7 @@ TEST_F(WebSocketDeflateStreamTest, WriteMultipleMessages) {
 
 TEST_F(WebSocketDeflateStreamWithDoNotTakeOverContextTest,
        WriteMultipleMessages) {
-  std::vector<scoped_ptr<WebSocketFrame>> frames;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames;
   AppendTo(&frames, WebSocketFrameHeader::kOpCodeText, kFinal, "Hello");
   AppendTo(&frames, WebSocketFrameHeader::kOpCodeText, kFinal, "Hello");
   predictor_->AddFramesToBeInput(frames);
@@ -1257,7 +1266,8 @@ TEST_F(WebSocketDeflateStreamWithDoNotTakeOverContextTest,
         .WillOnce(Invoke(&stub, &WriteFramesStub::Call));
   }
   ASSERT_EQ(OK, deflate_stream_->WriteFrames(&frames, callback));
-  const std::vector<scoped_ptr<WebSocketFrame>>& frames_passed = *stub.frames();
+  const std::vector<std::unique_ptr<WebSocketFrame>>& frames_passed =
+      *stub.frames();
   ASSERT_EQ(2u, frames_passed.size());
   EXPECT_EQ(WebSocketFrameHeader::kOpCodeText, frames_passed[0]->header.opcode);
   EXPECT_TRUE(frames_passed[0]->header.final);
@@ -1275,7 +1285,7 @@ TEST_F(WebSocketDeflateStreamWithDoNotTakeOverContextTest,
 // "PossiblyCompressedMessage"s, we test various messages at one test case.
 TEST_F(WebSocketDeflateStreamWithDoNotTakeOverContextTest,
        WritePossiblyCompressMessages) {
-  std::vector<scoped_ptr<WebSocketFrame>> frames;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames;
   AppendTo(&frames, WebSocketFrameHeader::kOpCodeText, kNoFlag, "He");
   AppendTo(&frames, WebSocketFrameHeader::kOpCodeContinuation, kFinal, "llo");
   AppendTo(&frames, WebSocketFrameHeader::kOpCodeText, kNoFlag, "AAAAAAAAAA");
@@ -1293,7 +1303,8 @@ TEST_F(WebSocketDeflateStreamWithDoNotTakeOverContextTest,
         .WillOnce(Invoke(&stub, &WriteFramesStub::Call));
   }
   ASSERT_EQ(OK, deflate_stream_->WriteFrames(&frames, callback));
-  const std::vector<scoped_ptr<WebSocketFrame>>& frames_passed = *stub.frames();
+  const std::vector<std::unique_ptr<WebSocketFrame>>& frames_passed =
+      *stub.frames();
   ASSERT_EQ(5u, frames_passed.size());
 
   EXPECT_EQ(WebSocketFrameHeader::kOpCodeText, frames_passed[0]->header.opcode);
@@ -1335,7 +1346,8 @@ TEST_F(WebSocketDeflateStreamWithClientWindowBitsTest, WindowBits8) {
         .WillOnce(Invoke(&stub, &WriteFramesStub::Call));
   }
   ASSERT_EQ(OK, deflate_stream_->WriteFrames(&frames_, callback));
-  const std::vector<scoped_ptr<WebSocketFrame>>& frames_passed = *stub.frames();
+  const std::vector<std::unique_ptr<WebSocketFrame>>& frames_passed =
+      *stub.frames();
   ASSERT_EQ(1u, frames_passed.size());
   EXPECT_EQ(std::string("r\xce(\xca\xcf\xcd,\xcdM\x1c\xe1\xc0\x39\xa3"
                         "(?7\xb3\x34\x17\x00", 21),
@@ -1354,7 +1366,8 @@ TEST_F(WebSocketDeflateStreamWithClientWindowBitsTest, WindowBits10) {
         .WillOnce(Invoke(&stub, &WriteFramesStub::Call));
   }
   ASSERT_EQ(OK, deflate_stream_->WriteFrames(&frames_, callback));
-  const std::vector<scoped_ptr<WebSocketFrame>>& frames_passed = *stub.frames();
+  const std::vector<std::unique_ptr<WebSocketFrame>>& frames_passed =
+      *stub.frames();
   ASSERT_EQ(1u, frames_passed.size());
   EXPECT_EQ(
       std::string("r\xce(\xca\xcf\xcd,\xcdM\x1c\xe1\xc0\x19\x1a\x0e\0\0", 17),
diff --git a/chromium/net/websockets/websocket_deflater.h b/chromium/net/websockets/websocket_deflater.h
index 9b34c8574ca..cf5b43b3b23 100644
--- a/chromium/net/websockets/websocket_deflater.h
+++ b/chromium/net/websockets/websocket_deflater.h
@@ -8,11 +8,11 @@
 #include <stddef.h>
 
 #include <deque>
+#include <memory>
 #include <vector>
 
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 
 extern "C" struct z_stream_s;
@@ -65,7 +65,7 @@ class NET_EXPORT_PRIVATE WebSocketDeflater {
   void ResetContext();
   int Deflate(int flush);
 
-  scoped_ptr<z_stream_s> stream_;
+  std::unique_ptr<z_stream_s> stream_;
   ContextTakeOverMode mode_;
   std::deque<char> buffer_;
   std::vector<char> fixed_buffer_;
diff --git a/chromium/net/websockets/websocket_end_to_end_test.cc b/chromium/net/websockets/websocket_end_to_end_test.cc
index 24053374e61..b3609e2cdbb 100644
--- a/chromium/net/websockets/websocket_end_to_end_test.cc
+++ b/chromium/net/websockets/websocket_end_to_end_test.cc
@@ -10,6 +10,7 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 
 #include "base/bind.h"
@@ -17,11 +18,11 @@
 #include "base/callback.h"
 #include "base/location.h"
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
+#include "base/memory/ptr_util.h"
 #include "base/run_loop.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/string_piece.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/base/auth.h"
 #include "net/base/proxy_delegate.h"
 #include "net/base/test_data_directory.h"
@@ -83,13 +84,13 @@ class ConnectTestingEventInterface : public WebSocketEventInterface {
   ChannelState OnFailChannel(const std::string& message) override;
 
   ChannelState OnStartOpeningHandshake(
-      scoped_ptr<WebSocketHandshakeRequestInfo> request) override;
+      std::unique_ptr<WebSocketHandshakeRequestInfo> request) override;
 
   ChannelState OnFinishOpeningHandshake(
-      scoped_ptr<WebSocketHandshakeResponseInfo> response) override;
+      std::unique_ptr<WebSocketHandshakeResponseInfo> response) override;
 
   ChannelState OnSSLCertificateError(
-      scoped_ptr<SSLErrorCallbacks> ssl_error_callbacks,
+      std::unique_ptr<SSLErrorCallbacks> ssl_error_callbacks,
       const GURL& url,
       const SSLInfo& ssl_info,
       bool fatal) override;
@@ -169,17 +170,17 @@ ChannelState ConnectTestingEventInterface::OnFailChannel(
 }
 
 ChannelState ConnectTestingEventInterface::OnStartOpeningHandshake(
-    scoped_ptr<WebSocketHandshakeRequestInfo> request) {
+    std::unique_ptr<WebSocketHandshakeRequestInfo> request) {
   return CHANNEL_ALIVE;
 }
 
 ChannelState ConnectTestingEventInterface::OnFinishOpeningHandshake(
-    scoped_ptr<WebSocketHandshakeResponseInfo> response) {
+    std::unique_ptr<WebSocketHandshakeResponseInfo> response) {
   return CHANNEL_ALIVE;
 }
 
 ChannelState ConnectTestingEventInterface::OnSSLCertificateError(
-    scoped_ptr<SSLErrorCallbacks> ssl_error_callbacks,
+    std::unique_ptr<SSLErrorCallbacks> ssl_error_callbacks,
     const GURL& url,
     const SSLInfo& ssl_info,
     bool fatal) {
@@ -269,16 +270,16 @@ class WebSocketEndToEndTest : public ::testing::Test {
     url::Origin origin(GURL("http://localhost"));
     event_interface_ = new ConnectTestingEventInterface;
     channel_.reset(
-        new WebSocketChannel(make_scoped_ptr(event_interface_), &context_));
+        new WebSocketChannel(base::WrapUnique(event_interface_), &context_));
     channel_->SendAddChannelRequest(GURL(socket_url), sub_protocols_, origin);
     event_interface_->WaitForResponse();
     return !event_interface_->failed();
   }
 
   ConnectTestingEventInterface* event_interface_;  // owned by channel_
-  scoped_ptr<TestProxyDelegateWithProxyInfo> proxy_delegate_;
+  std::unique_ptr<TestProxyDelegateWithProxyInfo> proxy_delegate_;
   TestURLRequestContext context_;
-  scoped_ptr<WebSocketChannel> channel_;
+  std::unique_ptr<WebSocketChannel> channel_;
   std::vector<std::string> sub_protocols_;
   bool initialised_context_;
 };
@@ -317,7 +318,7 @@ TEST_F(WebSocketEndToEndTest, DISABLED_HttpsProxyUnauthedFails) {
   ASSERT_TRUE(ws_server.BlockUntilStarted());
   std::string proxy_config =
       "https=" + proxy_server.host_port_pair().ToString();
-  scoped_ptr<ProxyService> proxy_service(
+  std::unique_ptr<ProxyService> proxy_service(
       ProxyService::CreateFixed(proxy_config));
   ASSERT_TRUE(proxy_service);
   context_.set_proxy_service(proxy_service.get());
@@ -338,7 +339,7 @@ TEST_F(WebSocketEndToEndTest, DISABLED_ON_ANDROID(HttpsWssProxyUnauthedFails)) {
   ASSERT_TRUE(wss_server.BlockUntilStarted());
   std::string proxy_config =
       "https=" + proxy_server.host_port_pair().ToString();
-  scoped_ptr<ProxyService> proxy_service(
+  std::unique_ptr<ProxyService> proxy_service(
       ProxyService::CreateFixed(proxy_config));
   ASSERT_TRUE(proxy_service);
   context_.set_proxy_service(proxy_service.get());
@@ -362,7 +363,7 @@ TEST_F(WebSocketEndToEndTest, DISABLED_ON_ANDROID(HttpsProxyUsed)) {
   std::string proxy_config = "https=" +
                              proxy_server.host_port_pair().ToString() + ";" +
                              "http=" + proxy_server.host_port_pair().ToString();
-  scoped_ptr<ProxyService> proxy_service(
+  std::unique_ptr<ProxyService> proxy_service(
       ProxyService::CreateFixed(proxy_config));
   context_.set_proxy_service(proxy_service.get());
   InitialiseContext();
@@ -377,7 +378,7 @@ TEST_F(WebSocketEndToEndTest, DISABLED_ON_ANDROID(HttpsProxyUsed)) {
   delegate.set_credentials(
       AuthCredentials(base::ASCIIToUTF16("foo"), base::ASCIIToUTF16("bar")));
   {
-    scoped_ptr<URLRequest> request(
+    std::unique_ptr<URLRequest> request(
         context_.CreateRequest(http_page, DEFAULT_PRIORITY, &delegate));
     request->Start();
     // TestDelegate exits the message loop when the request completes by
@@ -425,7 +426,7 @@ TEST_F(WebSocketEndToEndTest, DISABLED_ON_ANDROID(HstsHttpsToWebSocket)) {
   // Set HSTS via https:
   TestDelegate delegate;
   GURL https_page = https_server.GetURL("/hsts-headers.html");
-  scoped_ptr<URLRequest> request(
+  std::unique_ptr<URLRequest> request(
       context_.CreateRequest(https_page, DEFAULT_PRIORITY, &delegate));
   request->Start();
   // TestDelegate exits the message loop when the request completes.
@@ -459,7 +460,7 @@ TEST_F(WebSocketEndToEndTest, DISABLED_ON_ANDROID(HstsWebSocketToHttps)) {
   TestDelegate delegate;
   GURL http_page =
       ReplaceUrlScheme(https_server.GetURL("/simple.html"), "http");
-  scoped_ptr<URLRequest> request(
+  std::unique_ptr<URLRequest> request(
       context_.CreateRequest(http_page, DEFAULT_PRIORITY, &delegate));
   request->Start();
   // TestDelegate exits the message loop when the request completes.
diff --git a/chromium/net/websockets/websocket_event_interface.h b/chromium/net/websockets/websocket_event_interface.h
index 25e12a057e9..761f356c217 100644
--- a/chromium/net/websockets/websocket_event_interface.h
+++ b/chromium/net/websockets/websocket_event_interface.h
@@ -7,6 +7,7 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 #include <vector>
 
@@ -94,11 +95,12 @@ class NET_EXPORT WebSocketEventInterface {
 
   // Called when the browser starts the WebSocket Opening Handshake.
   virtual ChannelState OnStartOpeningHandshake(
-      scoped_ptr<WebSocketHandshakeRequestInfo> request) WARN_UNUSED_RESULT = 0;
+      std::unique_ptr<WebSocketHandshakeRequestInfo> request)
+      WARN_UNUSED_RESULT = 0;
 
   // Called when the browser finishes the WebSocket Opening Handshake.
   virtual ChannelState OnFinishOpeningHandshake(
-      scoped_ptr<WebSocketHandshakeResponseInfo> response)
+      std::unique_ptr<WebSocketHandshakeResponseInfo> response)
       WARN_UNUSED_RESULT = 0;
 
   // Callbacks to be used in response to a call to OnSSLCertificateError. Very
@@ -122,7 +124,7 @@ class NET_EXPORT WebSocketEventInterface {
   // make the actual decision. The callbacks must not be called after the
   // WebSocketChannel has been destroyed.
   virtual ChannelState OnSSLCertificateError(
-      scoped_ptr<SSLErrorCallbacks> ssl_error_callbacks,
+      std::unique_ptr<SSLErrorCallbacks> ssl_error_callbacks,
       const GURL& url,
       const SSLInfo& ssl_info,
       bool fatal) WARN_UNUSED_RESULT = 0;
diff --git a/chromium/net/websockets/websocket_frame.cc b/chromium/net/websockets/websocket_frame.cc
index da596d8b63d..792e7fdee4b 100644
--- a/chromium/net/websockets/websocket_frame.cc
+++ b/chromium/net/websockets/websocket_frame.cc
@@ -56,8 +56,8 @@ inline void MaskWebSocketFramePayloadByBytes(
 
 }  // namespace
 
-scoped_ptr<WebSocketFrameHeader> WebSocketFrameHeader::Clone() const {
-  scoped_ptr<WebSocketFrameHeader> ret(new WebSocketFrameHeader(opcode));
+std::unique_ptr<WebSocketFrameHeader> WebSocketFrameHeader::Clone() const {
+  std::unique_ptr<WebSocketFrameHeader> ret(new WebSocketFrameHeader(opcode));
   ret->CopyFrom(*this);
   return ret;
 }
diff --git a/chromium/net/websockets/websocket_frame.h b/chromium/net/websockets/websocket_frame.h
index 7e85a3c9230..074c78753e5 100644
--- a/chromium/net/websockets/websocket_frame.h
+++ b/chromium/net/websockets/websocket_frame.h
@@ -7,11 +7,11 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <vector>
 
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 
 namespace net {
@@ -72,7 +72,7 @@ struct NET_EXPORT WebSocketFrameHeader {
         payload_length(0) {}
 
   // Create a clone of this object on the heap.
-  scoped_ptr<WebSocketFrameHeader> Clone() const;
+  std::unique_ptr<WebSocketFrameHeader> Clone() const;
 
   // Overwrite this object with the fields from |source|.
   void CopyFrom(const WebSocketFrameHeader& source);
@@ -130,7 +130,7 @@ struct NET_EXPORT WebSocketFrameChunk {
 
   // Non-null |header| is provided only if this chunk is the first part of
   // a series of chunks.
-  scoped_ptr<WebSocketFrameHeader> header;
+  std::unique_ptr<WebSocketFrameHeader> header;
 
   // Indicates this part is the last chunk of a frame.
   bool final_chunk;
diff --git a/chromium/net/websockets/websocket_frame_parser.cc b/chromium/net/websockets/websocket_frame_parser.cc
index 7c2a075eada..19999ba3f2b 100644
--- a/chromium/net/websockets/websocket_frame_parser.cc
+++ b/chromium/net/websockets/websocket_frame_parser.cc
@@ -6,13 +6,13 @@
 
 #include <algorithm>
 #include <limits>
+#include <memory>
 #include <utility>
 #include <vector>
 
 #include "base/big_endian.h"
 #include "base/logging.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/io_buffer.h"
 #include "net/websockets/websocket_frame.h"
 
@@ -47,7 +47,7 @@ WebSocketFrameParser::~WebSocketFrameParser() {}
 bool WebSocketFrameParser::Decode(
     const char* data,
     size_t length,
-    std::vector<scoped_ptr<WebSocketFrameChunk>>* frame_chunks) {
+    std::vector<std::unique_ptr<WebSocketFrameChunk>>* frame_chunks) {
   if (websocket_error_ != kWebSocketNormalClosure)
     return false;
   if (!length)
@@ -69,7 +69,7 @@ bool WebSocketFrameParser::Decode(
       first_chunk = true;
     }
 
-    scoped_ptr<WebSocketFrameChunk> frame_chunk =
+    std::unique_ptr<WebSocketFrameChunk> frame_chunk =
         DecodeFramePayload(first_chunk);
     DCHECK(frame_chunk.get());
     frame_chunks->push_back(std::move(frame_chunk));
@@ -169,7 +169,7 @@ void WebSocketFrameParser::DecodeFrameHeader() {
   DCHECK_EQ(0u, frame_offset_);
 }
 
-scoped_ptr<WebSocketFrameChunk> WebSocketFrameParser::DecodeFramePayload(
+std::unique_ptr<WebSocketFrameChunk> WebSocketFrameParser::DecodeFramePayload(
     bool first_chunk) {
   // The cast here is safe because |payload_length| is already checked to be
   // less than std::numeric_limits<int>::max() when the header is parsed.
@@ -177,7 +177,7 @@ scoped_ptr<WebSocketFrameChunk> WebSocketFrameParser::DecodeFramePayload(
       std::min(static_cast<uint64_t>(buffer_.size() - current_read_pos_),
                current_frame_header_->payload_length - frame_offset_));
 
-  scoped_ptr<WebSocketFrameChunk> frame_chunk(new WebSocketFrameChunk);
+  std::unique_ptr<WebSocketFrameChunk> frame_chunk(new WebSocketFrameChunk);
   if (first_chunk) {
     frame_chunk->header = current_frame_header_->Clone();
   }
diff --git a/chromium/net/websockets/websocket_frame_parser.h b/chromium/net/websockets/websocket_frame_parser.h
index 250541b816a..e43f051f31a 100644
--- a/chromium/net/websockets/websocket_frame_parser.h
+++ b/chromium/net/websockets/websocket_frame_parser.h
@@ -8,11 +8,11 @@
 #include <stddef.h>
 #include <stdint.h>
 
+#include <memory>
 #include <vector>
 
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 #include "net/websockets/websocket_errors.h"
 #include "net/websockets/websocket_frame.h"
@@ -40,7 +40,7 @@ class NET_EXPORT WebSocketFrameParser {
   // websocket_frame.h for more details.
   bool Decode(const char* data,
               size_t length,
-              std::vector<scoped_ptr<WebSocketFrameChunk>>* frame_chunks);
+              std::vector<std::unique_ptr<WebSocketFrameChunk>>* frame_chunks);
 
   // Returns kWebSocketNormalClosure if the parser has not failed to decode
   // WebSocket frames. Otherwise returns WebSocketError which is defined in
@@ -63,7 +63,7 @@ class NET_EXPORT WebSocketFrameParser {
   // available at this moment, so the receiver could make use of frame header
   // information. If the end of frame is reached, this function clears
   // |current_frame_header_|, |frame_offset_| and |masking_key_|.
-  scoped_ptr<WebSocketFrameChunk> DecodeFramePayload(bool first_chunk);
+  std::unique_ptr<WebSocketFrameChunk> DecodeFramePayload(bool first_chunk);
 
   // Internal buffer to store the data to parse.
   std::vector<char> buffer_;
@@ -73,7 +73,7 @@ class NET_EXPORT WebSocketFrameParser {
 
   // Frame header and masking key of the current frame.
   // |masking_key_| is filled with zeros if the current frame is not masked.
-  scoped_ptr<WebSocketFrameHeader> current_frame_header_;
+  std::unique_ptr<WebSocketFrameHeader> current_frame_header_;
   WebSocketMaskingKey masking_key_;
 
   // Amount of payload data read so far for the current frame.
diff --git a/chromium/net/websockets/websocket_frame_parser_fuzzer.cc b/chromium/net/websockets/websocket_frame_parser_fuzzer.cc
index 717a9a4aaa3..6e4b1f39ee3 100644
--- a/chromium/net/websockets/websocket_frame_parser_fuzzer.cc
+++ b/chromium/net/websockets/websocket_frame_parser_fuzzer.cc
@@ -12,7 +12,7 @@
 // Entry point for LibFuzzer.
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
   net::WebSocketFrameParser parser;
-  std::vector<scoped_ptr<net::WebSocketFrameChunk>> frame_chunks;
+  std::vector<std::unique_ptr<net::WebSocketFrameChunk>> frame_chunks;
   parser.Decode(reinterpret_cast<const char*>(data), size, &frame_chunks);
 
   return 0;
diff --git a/chromium/net/websockets/websocket_frame_parser_test.cc b/chromium/net/websockets/websocket_frame_parser_test.cc
index 095578525c0..2dcf4fbbb28 100644
--- a/chromium/net/websockets/websocket_frame_parser_test.cc
+++ b/chromium/net/websockets/websocket_frame_parser_test.cc
@@ -50,7 +50,7 @@ const int kNumFrameHeaderTests = arraysize(kFrameHeaderTests);
 TEST(WebSocketFrameParserTest, DecodeNormalFrame) {
   WebSocketFrameParser parser;
 
-  std::vector<scoped_ptr<WebSocketFrameChunk>> frames;
+  std::vector<std::unique_ptr<WebSocketFrameChunk>> frames;
   EXPECT_TRUE(parser.Decode(kHelloFrame, kHelloFrameLength, &frames));
   EXPECT_EQ(kWebSocketNormalClosure, parser.websocket_error());
   ASSERT_EQ(1u, frames.size());
@@ -76,7 +76,7 @@ TEST(WebSocketFrameParserTest, DecodeNormalFrame) {
 TEST(WebSocketFrameParserTest, DecodeMaskedFrame) {
   WebSocketFrameParser parser;
 
-  std::vector<scoped_ptr<WebSocketFrameChunk>> frames;
+  std::vector<std::unique_ptr<WebSocketFrameChunk>> frames;
   EXPECT_TRUE(
       parser.Decode(kMaskedHelloFrame, kMaskedHelloFrameLength, &frames));
   EXPECT_EQ(kWebSocketNormalClosure, parser.websocket_error());
@@ -135,7 +135,7 @@ TEST(WebSocketFrameParserTest, DecodeManyFrames) {
 
   WebSocketFrameParser parser;
 
-  std::vector<scoped_ptr<WebSocketFrameChunk>> frames;
+  std::vector<std::unique_ptr<WebSocketFrameChunk>> frames;
   EXPECT_TRUE(parser.Decode(&input.front(), input.size(), &frames));
   EXPECT_EQ(kWebSocketNormalClosure, parser.websocket_error());
   ASSERT_EQ(static_cast<size_t>(kNumInputs), frames.size());
@@ -181,7 +181,7 @@ TEST(WebSocketFrameParserTest, DecodePartialFrame) {
 
     WebSocketFrameParser parser;
 
-    std::vector<scoped_ptr<WebSocketFrameChunk>> frames1;
+    std::vector<std::unique_ptr<WebSocketFrameChunk>> frames1;
     EXPECT_TRUE(parser.Decode(&input1.front(), input1.size(), &frames1));
     EXPECT_EQ(kWebSocketNormalClosure, parser.websocket_error());
     EXPECT_EQ(1u, frames1.size());
@@ -211,7 +211,7 @@ TEST(WebSocketFrameParserTest, DecodePartialFrame) {
     EXPECT_FALSE(header1->masked);
     EXPECT_EQ(kHelloLength, header1->payload_length);
 
-    std::vector<scoped_ptr<WebSocketFrameChunk>> frames2;
+    std::vector<std::unique_ptr<WebSocketFrameChunk>> frames2;
     EXPECT_TRUE(parser.Decode(&input2.front(), input2.size(), &frames2));
     EXPECT_EQ(kWebSocketNormalClosure, parser.websocket_error());
     EXPECT_EQ(1u, frames2.size());
@@ -248,7 +248,7 @@ TEST(WebSocketFrameParserTest, DecodePartialMaskedFrame) {
 
     WebSocketFrameParser parser;
 
-    std::vector<scoped_ptr<WebSocketFrameChunk>> frames1;
+    std::vector<std::unique_ptr<WebSocketFrameChunk>> frames1;
     EXPECT_TRUE(parser.Decode(&input1.front(), input1.size(), &frames1));
     EXPECT_EQ(kWebSocketNormalClosure, parser.websocket_error());
     EXPECT_EQ(1u, frames1.size());
@@ -278,7 +278,7 @@ TEST(WebSocketFrameParserTest, DecodePartialMaskedFrame) {
     EXPECT_TRUE(header1->masked);
     EXPECT_EQ(kHelloLength, header1->payload_length);
 
-    std::vector<scoped_ptr<WebSocketFrameChunk>> frames2;
+    std::vector<std::unique_ptr<WebSocketFrameChunk>> frames2;
     EXPECT_TRUE(parser.Decode(&input2.front(), input2.size(), &frames2));
     EXPECT_EQ(kWebSocketNormalClosure, parser.websocket_error());
     EXPECT_EQ(1u, frames2.size());
@@ -315,7 +315,7 @@ TEST(WebSocketFrameParserTest, DecodeFramesOfVariousLengths) {
 
     WebSocketFrameParser parser;
 
-    std::vector<scoped_ptr<WebSocketFrameChunk>> frames;
+    std::vector<std::unique_ptr<WebSocketFrameChunk>> frames;
     EXPECT_EQ(kFrameHeaderTests[i].error_code == kWebSocketNormalClosure,
               parser.Decode(&input.front(), input.size(), &frames));
     EXPECT_EQ(kFrameHeaderTests[i].error_code, parser.websocket_error());
@@ -367,7 +367,7 @@ TEST(WebSocketFrameParserTest, DecodePartialHeader) {
 
     WebSocketFrameParser parser;
 
-    std::vector<scoped_ptr<WebSocketFrameChunk>> frames;
+    std::vector<std::unique_ptr<WebSocketFrameChunk>> frames;
     // Feed each byte to the parser to see if the parser behaves correctly
     // when it receives partial frame header.
     size_t last_byte_offset = frame_header_length - 1;
@@ -437,7 +437,7 @@ TEST(WebSocketFrameParserTest, InvalidLengthEncoding) {
 
     WebSocketFrameParser parser;
 
-    std::vector<scoped_ptr<WebSocketFrameChunk>> frames;
+    std::vector<std::unique_ptr<WebSocketFrameChunk>> frames;
     EXPECT_EQ(kWebSocketNormalClosure, parser.websocket_error());
     EXPECT_FALSE(parser.Decode(frame_header, frame_header_length, &frames));
     EXPECT_EQ(kWebSocketErrorProtocolError, parser.websocket_error());
@@ -486,7 +486,7 @@ TEST(WebSocketFrameParserTest, FrameTypes) {
 
     WebSocketFrameParser parser;
 
-    std::vector<scoped_ptr<WebSocketFrameChunk>> frames;
+    std::vector<std::unique_ptr<WebSocketFrameChunk>> frames;
     EXPECT_TRUE(parser.Decode(frame_header, frame_header_length, &frames));
     EXPECT_EQ(kWebSocketNormalClosure, parser.websocket_error());
     EXPECT_EQ(1u, frames.size());
@@ -542,7 +542,7 @@ TEST(WebSocketFrameParserTest, FinalBitAndReservedBits) {
 
     WebSocketFrameParser parser;
 
-    std::vector<scoped_ptr<WebSocketFrameChunk>> frames;
+    std::vector<std::unique_ptr<WebSocketFrameChunk>> frames;
     EXPECT_TRUE(parser.Decode(frame_header, frame_header_length, &frames));
     EXPECT_EQ(kWebSocketNormalClosure, parser.websocket_error());
     EXPECT_EQ(1u, frames.size());
diff --git a/chromium/net/websockets/websocket_frame_test.cc b/chromium/net/websockets/websocket_frame_test.cc
index 04c10d22b55..25a0e0caefa 100644
--- a/chromium/net/websockets/websocket_frame_test.cc
+++ b/chromium/net/websockets/websocket_frame_test.cc
@@ -297,9 +297,8 @@ TEST(WebSocketFrameTest, MaskPayloadAlignment) {
   };
   static_assert(arraysize(kTestInput) == arraysize(kTestOutput),
                 "output and input arrays should have the same length");
-  scoped_ptr<char, base::AlignedFreeDeleter> scratch(
-      static_cast<char*>(
-          base::AlignedAlloc(kScratchBufferSize, kMaxVectorAlignment)));
+  std::unique_ptr<char, base::AlignedFreeDeleter> scratch(static_cast<char*>(
+      base::AlignedAlloc(kScratchBufferSize, kMaxVectorAlignment)));
   WebSocketMaskingKey masking_key;
   std::copy(kTestMask, kTestMask + kMaskingKeyLength, masking_key.key);
   for (size_t frame_offset = 0; frame_offset < kMaskingKeyLength;
diff --git a/chromium/net/websockets/websocket_handshake_stream_base.h b/chromium/net/websockets/websocket_handshake_stream_base.h
index dda9f3d10b2..c198cf315cf 100644
--- a/chromium/net/websockets/websocket_handshake_stream_base.h
+++ b/chromium/net/websockets/websocket_handshake_stream_base.h
@@ -9,10 +9,10 @@
 // Since net/http can be built without linking net/websockets code,
 // this file must not introduce any link-time dependencies on websockets.
 
+#include <memory>
 #include <string>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "base/supports_user_data.h"
 #include "net/http/http_stream.h"
@@ -47,7 +47,7 @@ class NET_EXPORT WebSocketHandshakeStreamBase : public HttpStream {
     // has been transferred. This can be called more than once in the case that
     // HTTP authentication is needed.
     virtual WebSocketHandshakeStreamBase* CreateBasicStream(
-        scoped_ptr<ClientSocketHandle> connection,
+        std::unique_ptr<ClientSocketHandle> connection,
         bool using_proxy) = 0;
 
     // Create a WebSocketSpdyHandshakeStream (unimplemented as of October 2013)
@@ -64,7 +64,7 @@ class NET_EXPORT WebSocketHandshakeStreamBase : public HttpStream {
   // (of the appropriate type) from the WebSocketHandshakeStreamBase object.
   // The WebSocketHandshakeStreamBase object is unusable after Upgrade() has
   // been called.
-  virtual scoped_ptr<WebSocketStream> Upgrade() = 0;
+  virtual std::unique_ptr<WebSocketStream> Upgrade() = 0;
 
  protected:
   // As with the destructor, this must be inline.
diff --git a/chromium/net/websockets/websocket_handshake_stream_create_helper.cc b/chromium/net/websockets/websocket_handshake_stream_create_helper.cc
index e8985a1babc..91e62f1bec0 100644
--- a/chromium/net/websockets/websocket_handshake_stream_create_helper.cc
+++ b/chromium/net/websockets/websocket_handshake_stream_create_helper.cc
@@ -4,10 +4,10 @@
 
 #include "net/websockets/websocket_handshake_stream_create_helper.h"
 
+#include <memory>
 #include <utility>
 
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "net/socket/client_socket_handle.h"
 #include "net/spdy/spdy_session.h"
@@ -29,7 +29,7 @@ WebSocketHandshakeStreamCreateHelper::~WebSocketHandshakeStreamCreateHelper() {}
 
 WebSocketHandshakeStreamBase*
 WebSocketHandshakeStreamCreateHelper::CreateBasicStream(
-    scoped_ptr<ClientSocketHandle> connection,
+    std::unique_ptr<ClientSocketHandle> connection,
     bool using_proxy) {
   DCHECK(failure_message_) << "set_failure_message() must be called";
   // The list of supported extensions and parameters is hard-coded.
@@ -54,7 +54,8 @@ WebSocketHandshakeStreamCreateHelper::CreateSpdyStream(
   return NULL;
 }
 
-scoped_ptr<WebSocketStream> WebSocketHandshakeStreamCreateHelper::Upgrade() {
+std::unique_ptr<WebSocketStream>
+WebSocketHandshakeStreamCreateHelper::Upgrade() {
   DCHECK(stream_);
   WebSocketHandshakeStreamBase* stream = stream_;
   stream_ = NULL;
diff --git a/chromium/net/websockets/websocket_handshake_stream_create_helper.h b/chromium/net/websockets/websocket_handshake_stream_create_helper.h
index 2494f1406cf..67e62dd3e6b 100644
--- a/chromium/net/websockets/websocket_handshake_stream_create_helper.h
+++ b/chromium/net/websockets/websocket_handshake_stream_create_helper.h
@@ -5,11 +5,11 @@
 #ifndef NET_WEBSOCKETS_WEBSOCKET_HANDSHAKE_STREAM_CREATE_HELPER_H_
 #define NET_WEBSOCKETS_WEBSOCKET_HANDSHAKE_STREAM_CREATE_HELPER_H_
 
+#include <memory>
 #include <string>
 #include <vector>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 #include "net/websockets/websocket_handshake_stream_base.h"
 #include "net/websockets/websocket_stream.h"
@@ -38,7 +38,7 @@ class NET_EXPORT_PRIVATE WebSocketHandshakeStreamCreateHelper
 
   // Create a WebSocketBasicHandshakeStream.
   WebSocketHandshakeStreamBase* CreateBasicStream(
-      scoped_ptr<ClientSocketHandle> connection,
+      std::unique_ptr<ClientSocketHandle> connection,
       bool using_proxy) override;
 
   // Unimplemented as of November 2013.
@@ -48,7 +48,7 @@ class NET_EXPORT_PRIVATE WebSocketHandshakeStreamCreateHelper
 
   // Call Upgrade() on the WebSocketHandshakeStream and return the result. This
   // must only be called if the handshake succeeded.
-  scoped_ptr<WebSocketStream> Upgrade();
+  std::unique_ptr<WebSocketStream> Upgrade();
 
   // Set a pointer to the std::string into which to write any failure messages
   // that are encountered. This method must be called before CreateBasicStream()
diff --git a/chromium/net/websockets/websocket_handshake_stream_create_helper_test.cc b/chromium/net/websockets/websocket_handshake_stream_create_helper_test.cc
index 6a8499cfb92..1b2c27f6350 100644
--- a/chromium/net/websockets/websocket_handshake_stream_create_helper_test.cc
+++ b/chromium/net/websockets/websocket_handshake_stream_create_helper_test.cc
@@ -36,11 +36,11 @@ class MockClientSocketHandleFactory {
   // The created socket expects |expect_written| to be written to the socket,
   // and will respond with |return_to_read|. The test will fail if the expected
   // text is not written, or if all the bytes are not read.
-  scoped_ptr<ClientSocketHandle> CreateClientSocketHandle(
+  std::unique_ptr<ClientSocketHandle> CreateClientSocketHandle(
       const std::string& expect_written,
       const std::string& return_to_read) {
     socket_factory_maker_.SetExpectations(expect_written, return_to_read);
-    scoped_ptr<ClientSocketHandle> socket_handle(new ClientSocketHandle);
+    std::unique_ptr<ClientSocketHandle> socket_handle(new ClientSocketHandle);
     socket_handle->Init("a", scoped_refptr<MockTransportSocketParams>(), MEDIUM,
                         ClientSocketPool::RespectLimits::ENABLED,
                         CompletionCallback(), &pool_, BoundNetLog());
@@ -58,14 +58,14 @@ class TestConnectDelegate : public WebSocketStream::ConnectDelegate {
  public:
   ~TestConnectDelegate() override {}
 
-  void OnSuccess(scoped_ptr<WebSocketStream> stream) override {}
+  void OnSuccess(std::unique_ptr<WebSocketStream> stream) override {}
   void OnFailure(const std::string& failure_message) override {}
   void OnStartOpeningHandshake(
-      scoped_ptr<WebSocketHandshakeRequestInfo> request) override {}
+      std::unique_ptr<WebSocketHandshakeRequestInfo> request) override {}
   void OnFinishOpeningHandshake(
-      scoped_ptr<WebSocketHandshakeResponseInfo> response) override {}
+      std::unique_ptr<WebSocketHandshakeResponseInfo> response) override {}
   void OnSSLCertificateError(
-      scoped_ptr<WebSocketEventInterface::SSLErrorCallbacks>
+      std::unique_ptr<WebSocketEventInterface::SSLErrorCallbacks>
           ssl_error_callbacks,
       const SSLInfo& ssl_info,
       bool fatal) override {}
@@ -73,7 +73,7 @@ class TestConnectDelegate : public WebSocketStream::ConnectDelegate {
 
 class WebSocketHandshakeStreamCreateHelperTest : public ::testing::Test {
  protected:
-  scoped_ptr<WebSocketStream> CreateAndInitializeStream(
+  std::unique_ptr<WebSocketStream> CreateAndInitializeStream(
       const std::vector<std::string>& sub_protocols,
       const std::string& extra_request_headers,
       const std::string& extra_response_headers) {
@@ -82,14 +82,14 @@ class WebSocketHandshakeStreamCreateHelperTest : public ::testing::Test {
                                                        sub_protocols);
     create_helper.set_failure_message(&failure_message_);
 
-    scoped_ptr<ClientSocketHandle> socket_handle =
+    std::unique_ptr<ClientSocketHandle> socket_handle =
         socket_handle_factory_.CreateClientSocketHandle(
             WebSocketStandardRequest("/", "localhost",
                                      url::Origin(GURL(kOrigin)),
                                      extra_request_headers),
             WebSocketStandardResponse(extra_response_headers));
 
-    scoped_ptr<WebSocketHandshakeStreamBase> handshake(
+    std::unique_ptr<WebSocketHandshakeStreamBase> handshake(
         create_helper.CreateBasicStream(std::move(socket_handle), false));
 
     // If in future the implementation type returned by CreateBasicStream()
@@ -140,7 +140,7 @@ class WebSocketHandshakeStreamCreateHelperTest : public ::testing::Test {
 
 // Confirm that the basic case works as expected.
 TEST_F(WebSocketHandshakeStreamCreateHelperTest, BasicStream) {
-  scoped_ptr<WebSocketStream> stream =
+  std::unique_ptr<WebSocketStream> stream =
       CreateAndInitializeStream(std::vector<std::string>(), "", "");
   EXPECT_EQ("", stream->GetExtensions());
   EXPECT_EQ("", stream->GetSubProtocol());
@@ -151,7 +151,7 @@ TEST_F(WebSocketHandshakeStreamCreateHelperTest, SubProtocols) {
   std::vector<std::string> sub_protocols;
   sub_protocols.push_back("chat");
   sub_protocols.push_back("superchat");
-  scoped_ptr<WebSocketStream> stream = CreateAndInitializeStream(
+  std::unique_ptr<WebSocketStream> stream = CreateAndInitializeStream(
       sub_protocols, "Sec-WebSocket-Protocol: chat, superchat\r\n",
       "Sec-WebSocket-Protocol: superchat\r\n");
   EXPECT_EQ("superchat", stream->GetSubProtocol());
@@ -160,7 +160,7 @@ TEST_F(WebSocketHandshakeStreamCreateHelperTest, SubProtocols) {
 // Verify that extension name is available. Bad extension names are tested in
 // websocket_stream_test.cc.
 TEST_F(WebSocketHandshakeStreamCreateHelperTest, Extensions) {
-  scoped_ptr<WebSocketStream> stream = CreateAndInitializeStream(
+  std::unique_ptr<WebSocketStream> stream = CreateAndInitializeStream(
       std::vector<std::string>(), "",
       "Sec-WebSocket-Extensions: permessage-deflate\r\n");
   EXPECT_EQ("permessage-deflate", stream->GetExtensions());
@@ -169,7 +169,7 @@ TEST_F(WebSocketHandshakeStreamCreateHelperTest, Extensions) {
 // Verify that extension parameters are available. Bad parameters are tested in
 // websocket_stream_test.cc.
 TEST_F(WebSocketHandshakeStreamCreateHelperTest, ExtensionParameters) {
-  scoped_ptr<WebSocketStream> stream = CreateAndInitializeStream(
+  std::unique_ptr<WebSocketStream> stream = CreateAndInitializeStream(
       std::vector<std::string>(), "",
       "Sec-WebSocket-Extensions: permessage-deflate;"
       " client_max_window_bits=14; server_max_window_bits=14;"
diff --git a/chromium/net/websockets/websocket_inflater.h b/chromium/net/websockets/websocket_inflater.h
index e695fa1da30..8fe2b412289 100644
--- a/chromium/net/websockets/websocket_inflater.h
+++ b/chromium/net/websockets/websocket_inflater.h
@@ -8,12 +8,12 @@
 #include <stddef.h>
 
 #include <deque>
+#include <memory>
 #include <utility>
 #include <vector>
 
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 
 extern "C" struct z_stream_s;
@@ -120,7 +120,7 @@ class NET_EXPORT_PRIVATE WebSocketInflater {
   int Inflate(const char* next_in, size_t avail_in, int flush);
   int InflateChokedInput();
 
-  scoped_ptr<z_stream_s> stream_;
+  std::unique_ptr<z_stream_s> stream_;
   InputQueue input_queue_;
   OutputBuffer output_buffer_;
 
diff --git a/chromium/net/websockets/websocket_stream.cc b/chromium/net/websockets/websocket_stream.cc
index 6e6ae09d9b8..560cbad87b4 100644
--- a/chromium/net/websockets/websocket_stream.cc
+++ b/chromium/net/websockets/websocket_stream.cc
@@ -4,10 +4,11 @@
 
 #include "net/websockets/websocket_stream.h"
 
+#include <memory>
 #include <utility>
 
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
+#include "base/memory/ptr_util.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/metrics/sparse_histogram.h"
 #include "base/strings/stringprintf.h"
@@ -85,8 +86,8 @@ class StreamRequestImpl : public WebSocketStreamRequest {
       const GURL& url,
       const URLRequestContext* context,
       const url::Origin& origin,
-      scoped_ptr<WebSocketStream::ConnectDelegate> connect_delegate,
-      scoped_ptr<WebSocketHandshakeStreamCreateHelper> create_helper)
+      std::unique_ptr<WebSocketStream::ConnectDelegate> connect_delegate,
+      std::unique_ptr<WebSocketHandshakeStreamCreateHelper> create_helper)
       : delegate_(new Delegate(this)),
         url_request_(
             context->CreateRequest(url, DEFAULT_PRIORITY, delegate_.get())),
@@ -112,7 +113,7 @@ class StreamRequestImpl : public WebSocketStreamRequest {
   // and so terminates the handshake if it is incomplete.
   ~StreamRequestImpl() override {}
 
-  void Start(scoped_ptr<base::Timer> timer) {
+  void Start(std::unique_ptr<base::Timer> timer) {
     DCHECK(timer);
     base::TimeDelta timeout(base::TimeDelta::FromSeconds(
         kHandshakeTimeoutIntervalInSeconds));
@@ -187,13 +188,13 @@ class StreamRequestImpl : public WebSocketStreamRequest {
  private:
   // |delegate_| needs to be declared before |url_request_| so that it gets
   // initialised first.
-  scoped_ptr<Delegate> delegate_;
+  std::unique_ptr<Delegate> delegate_;
 
   // Deleting the StreamRequestImpl object deletes this URLRequest object,
   // cancelling the whole connection.
-  scoped_ptr<URLRequest> url_request_;
+  std::unique_ptr<URLRequest> url_request_;
 
-  scoped_ptr<WebSocketStream::ConnectDelegate> connect_delegate_;
+  std::unique_ptr<WebSocketStream::ConnectDelegate> connect_delegate_;
 
   // Owned by the URLRequest.
   WebSocketHandshakeStreamCreateHelper* create_helper_;
@@ -202,7 +203,7 @@ class StreamRequestImpl : public WebSocketStreamRequest {
   std::string failure_message_;
 
   // A timer for handshake timeout.
-  scoped_ptr<base::Timer> timer_;
+  std::unique_ptr<base::Timer> timer_;
 };
 
 class SSLErrorCallbacks : public WebSocketEventInterface::SSLErrorCallbacks {
@@ -309,10 +310,9 @@ void Delegate::OnSSLCertificateError(URLRequest* request,
                                      const SSLInfo& ssl_info,
                                      bool fatal) {
   owner_->connect_delegate()->OnSSLCertificateError(
-      scoped_ptr<WebSocketEventInterface::SSLErrorCallbacks>(
+      std::unique_ptr<WebSocketEventInterface::SSLErrorCallbacks>(
           new SSLErrorCallbacks(request)),
-      ssl_info,
-      fatal);
+      ssl_info, fatal);
 }
 
 void Delegate::OnReadCompleted(URLRequest* request, int bytes_read) {
@@ -328,33 +328,33 @@ WebSocketStream::~WebSocketStream() {}
 
 WebSocketStream::ConnectDelegate::~ConnectDelegate() {}
 
-scoped_ptr<WebSocketStreamRequest> WebSocketStream::CreateAndConnectStream(
+std::unique_ptr<WebSocketStreamRequest> WebSocketStream::CreateAndConnectStream(
     const GURL& socket_url,
     const std::vector<std::string>& requested_subprotocols,
     const url::Origin& origin,
     URLRequestContext* url_request_context,
     const BoundNetLog& net_log,
-    scoped_ptr<ConnectDelegate> connect_delegate) {
-  scoped_ptr<WebSocketHandshakeStreamCreateHelper> create_helper(
+    std::unique_ptr<ConnectDelegate> connect_delegate) {
+  std::unique_ptr<WebSocketHandshakeStreamCreateHelper> create_helper(
       new WebSocketHandshakeStreamCreateHelper(connect_delegate.get(),
                                                requested_subprotocols));
-  scoped_ptr<StreamRequestImpl> request(new StreamRequestImpl(
+  std::unique_ptr<StreamRequestImpl> request(new StreamRequestImpl(
       socket_url, url_request_context, origin, std::move(connect_delegate),
       std::move(create_helper)));
-  request->Start(scoped_ptr<base::Timer>(new base::Timer(false, false)));
+  request->Start(std::unique_ptr<base::Timer>(new base::Timer(false, false)));
   return std::move(request);
 }
 
 // This is declared in websocket_test_util.h.
-scoped_ptr<WebSocketStreamRequest> CreateAndConnectStreamForTesting(
+std::unique_ptr<WebSocketStreamRequest> CreateAndConnectStreamForTesting(
     const GURL& socket_url,
-    scoped_ptr<WebSocketHandshakeStreamCreateHelper> create_helper,
+    std::unique_ptr<WebSocketHandshakeStreamCreateHelper> create_helper,
     const url::Origin& origin,
     URLRequestContext* url_request_context,
     const BoundNetLog& net_log,
-    scoped_ptr<WebSocketStream::ConnectDelegate> connect_delegate,
-    scoped_ptr<base::Timer> timer) {
-  scoped_ptr<StreamRequestImpl> request(new StreamRequestImpl(
+    std::unique_ptr<WebSocketStream::ConnectDelegate> connect_delegate,
+    std::unique_ptr<base::Timer> timer) {
+  std::unique_ptr<StreamRequestImpl> request(new StreamRequestImpl(
       socket_url, url_request_context, origin, std::move(connect_delegate),
       std::move(create_helper)));
   request->Start(std::move(timer));
@@ -368,12 +368,10 @@ void WebSocketDispatchOnFinishOpeningHandshake(
     base::Time response_time) {
   DCHECK(connect_delegate);
   if (headers.get()) {
-    connect_delegate->OnFinishOpeningHandshake(make_scoped_ptr(
-        new WebSocketHandshakeResponseInfo(url,
-                                           headers->response_code(),
-                                           headers->GetStatusText(),
-                                           headers,
-                                           response_time)));
+    connect_delegate->OnFinishOpeningHandshake(
+        base::WrapUnique(new WebSocketHandshakeResponseInfo(
+            url, headers->response_code(), headers->GetStatusText(), headers,
+            response_time)));
   }
 }
 
diff --git a/chromium/net/websockets/websocket_stream.h b/chromium/net/websockets/websocket_stream.h
index 8a2b371c3f7..accbf89b255 100644
--- a/chromium/net/websockets/websocket_stream.h
+++ b/chromium/net/websockets/websocket_stream.h
@@ -5,13 +5,13 @@
 #ifndef NET_WEBSOCKETS_WEBSOCKET_STREAM_H_
 #define NET_WEBSOCKETS_WEBSOCKET_STREAM_H_
 
+#include <memory>
 #include <string>
 #include <vector>
 
 #include "base/callback_forward.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/time/time.h"
 #include "net/base/completion_callback.h"
 #include "net/base/net_export.h"
@@ -68,7 +68,7 @@ class NET_EXPORT_PRIVATE WebSocketStream {
     virtual ~ConnectDelegate();
     // Called on successful connection. The parameter is an object derived from
     // WebSocketStream.
-    virtual void OnSuccess(scoped_ptr<WebSocketStream> stream) = 0;
+    virtual void OnSuccess(std::unique_ptr<WebSocketStream> stream) = 0;
 
     // Called on failure to connect.
     // |message| contains defails of the failure.
@@ -76,17 +76,17 @@ class NET_EXPORT_PRIVATE WebSocketStream {
 
     // Called when the WebSocket Opening Handshake starts.
     virtual void OnStartOpeningHandshake(
-        scoped_ptr<WebSocketHandshakeRequestInfo> request) = 0;
+        std::unique_ptr<WebSocketHandshakeRequestInfo> request) = 0;
 
     // Called when the WebSocket Opening Handshake ends.
     virtual void OnFinishOpeningHandshake(
-        scoped_ptr<WebSocketHandshakeResponseInfo> response) = 0;
+        std::unique_ptr<WebSocketHandshakeResponseInfo> response) = 0;
 
     // Called when there is an SSL certificate error. Should call
     // ssl_error_callbacks->ContinueSSLRequest() or
     // ssl_error_callbacks->CancelSSLRequest().
     virtual void OnSSLCertificateError(
-        scoped_ptr<WebSocketEventInterface::SSLErrorCallbacks>
+        std::unique_ptr<WebSocketEventInterface::SSLErrorCallbacks>
             ssl_error_callbacks,
         const SSLInfo& ssl_info,
         bool fatal) = 0;
@@ -104,13 +104,13 @@ class NET_EXPORT_PRIVATE WebSocketStream {
   // required, the caller should keep the WebSocketStreamRequest object alive
   // until connect_delegate->OnSuccess() or OnFailure() have been called, then
   // it is safe to delete.
-  static scoped_ptr<WebSocketStreamRequest> CreateAndConnectStream(
+  static std::unique_ptr<WebSocketStreamRequest> CreateAndConnectStream(
       const GURL& socket_url,
       const std::vector<std::string>& requested_subprotocols,
       const url::Origin& origin,
       URLRequestContext* url_request_context,
       const BoundNetLog& net_log,
-      scoped_ptr<ConnectDelegate> connect_delegate);
+      std::unique_ptr<ConnectDelegate> connect_delegate);
 
   // Derived classes must make sure Close() is called when the stream is not
   // closed on destruction.
@@ -158,7 +158,7 @@ class NET_EXPORT_PRIVATE WebSocketStream {
   // Extensions which use reserved header bits should clear them when they are
   // set correctly. If the reserved header bits are set incorrectly, it is okay
   // to leave it to the caller to report the error.
-  virtual int ReadFrames(std::vector<scoped_ptr<WebSocketFrame>>* frames,
+  virtual int ReadFrames(std::vector<std::unique_ptr<WebSocketFrame>>* frames,
                          const CompletionCallback& callback) = 0;
 
   // Writes WebSocket frame data.
@@ -175,7 +175,7 @@ class NET_EXPORT_PRIVATE WebSocketStream {
   // object. Implementations of WriteFrames() should be robust against
   // this. This generally means returning to the event loop immediately after
   // calling the callback.
-  virtual int WriteFrames(std::vector<scoped_ptr<WebSocketFrame>>* frames,
+  virtual int WriteFrames(std::vector<std::unique_ptr<WebSocketFrame>>* frames,
                           const CompletionCallback& callback) = 0;
 
   // Closes the stream. All pending I/O operations (if any) are cancelled
@@ -218,15 +218,15 @@ void WebSocketDispatchOnFinishOpeningHandshake(
 // use only. The differences are the use of a |create_helper| argument in place
 // of |requested_subprotocols| and taking |timer| as the handshake timeout
 // timer. Implemented in websocket_stream.cc.
-NET_EXPORT_PRIVATE scoped_ptr<WebSocketStreamRequest>
+NET_EXPORT_PRIVATE std::unique_ptr<WebSocketStreamRequest>
 CreateAndConnectStreamForTesting(
     const GURL& socket_url,
-    scoped_ptr<WebSocketHandshakeStreamCreateHelper> create_helper,
+    std::unique_ptr<WebSocketHandshakeStreamCreateHelper> create_helper,
     const url::Origin& origin,
     URLRequestContext* url_request_context,
     const BoundNetLog& net_log,
-    scoped_ptr<WebSocketStream::ConnectDelegate> connect_delegate,
-    scoped_ptr<base::Timer> timer);
+    std::unique_ptr<WebSocketStream::ConnectDelegate> connect_delegate,
+    std::unique_ptr<base::Timer> timer);
 
 }  // namespace net
 
diff --git a/chromium/net/websockets/websocket_stream_cookie_test.cc b/chromium/net/websockets/websocket_stream_cookie_test.cc
index c45fac4956d..9ff71e001d9 100644
--- a/chromium/net/websockets/websocket_stream_cookie_test.cc
+++ b/chromium/net/websockets/websocket_stream_cookie_test.cc
@@ -5,12 +5,13 @@
 #include <string>
 
 #include "base/callback_forward.h"
+#include "base/memory/ptr_util.h"
 #include "base/memory/weak_ptr.h"
 #include "base/message_loop/message_loop.h"
 #include "base/run_loop.h"
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
-#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "net/cookies/cookie_store.h"
 #include "net/socket/socket_test_util.h"
 #include "net/websockets/websocket_stream_create_test_base.h"
@@ -118,7 +119,7 @@ class WebSocketStreamServerSetCookieTest
 
 TEST_P(WebSocketStreamClientUseCookieTest, ClientUseCookie) {
   // For wss tests.
-  ssl_data_.push_back(make_scoped_ptr(new SSLSocketDataProvider(ASYNC, OK)));
+  ssl_data_.push_back(base::WrapUnique(new SSLSocketDataProvider(ASYNC, OK)));
 
   CookieStore* store =
       url_request_context_host_.GetURLRequestContext()->cookie_store();
@@ -151,7 +152,7 @@ TEST_P(WebSocketStreamClientUseCookieTest, ClientUseCookie) {
 
 TEST_P(WebSocketStreamServerSetCookieTest, ServerSetCookie) {
   // For wss tests.
-  ssl_data_.push_back(make_scoped_ptr(new SSLSocketDataProvider(ASYNC, OK)));
+  ssl_data_.push_back(base::WrapUnique(new SSLSocketDataProvider(ASYNC, OK)));
 
   const GURL url(GetParam().url);
   const GURL cookie_url(GetParam().cookie_url);
diff --git a/chromium/net/websockets/websocket_stream_create_test_base.cc b/chromium/net/websockets/websocket_stream_create_test_base.cc
index 00e5f7fe737..816d8a9d9c4 100644
--- a/chromium/net/websockets/websocket_stream_create_test_base.cc
+++ b/chromium/net/websockets/websocket_stream_create_test_base.cc
@@ -49,7 +49,7 @@ class WebSocketStreamCreateTestBase::TestConnectDelegate
                       const base::Closure& done_callback)
       : owner_(owner), done_callback_(done_callback) {}
 
-  void OnSuccess(scoped_ptr<WebSocketStream> stream) override {
+  void OnSuccess(std::unique_ptr<WebSocketStream> stream) override {
     stream.swap(owner_->stream_);
     done_callback_.Run();
   }
@@ -61,21 +61,21 @@ class WebSocketStreamCreateTestBase::TestConnectDelegate
   }
 
   void OnStartOpeningHandshake(
-      scoped_ptr<WebSocketHandshakeRequestInfo> request) override {
+      std::unique_ptr<WebSocketHandshakeRequestInfo> request) override {
     // Can be called multiple times (in the case of HTTP auth). Last call
     // wins.
     owner_->request_info_ = std::move(request);
   }
 
   void OnFinishOpeningHandshake(
-      scoped_ptr<WebSocketHandshakeResponseInfo> response) override {
+      std::unique_ptr<WebSocketHandshakeResponseInfo> response) override {
     if (owner_->response_info_)
       ADD_FAILURE();
     owner_->response_info_ = std::move(response);
   }
 
   void OnSSLCertificateError(
-      scoped_ptr<WebSocketEventInterface::SSLErrorCallbacks>
+      std::unique_ptr<WebSocketEventInterface::SSLErrorCallbacks>
           ssl_error_callbacks,
       const SSLInfo& ssl_info,
       bool fatal) override {
@@ -101,15 +101,15 @@ void WebSocketStreamCreateTestBase::CreateAndConnectStream(
     const std::string& socket_url,
     const std::vector<std::string>& sub_protocols,
     const url::Origin& origin,
-    scoped_ptr<base::Timer> timer) {
+    std::unique_ptr<base::Timer> timer) {
   for (size_t i = 0; i < ssl_data_.size(); ++i) {
     url_request_context_host_.AddSSLSocketDataProvider(std::move(ssl_data_[i]));
   }
   ssl_data_.clear();
-  scoped_ptr<WebSocketStream::ConnectDelegate> connect_delegate(
+  std::unique_ptr<WebSocketStream::ConnectDelegate> connect_delegate(
       new TestConnectDelegate(this, connect_run_loop_.QuitClosure()));
   WebSocketStream::ConnectDelegate* delegate = connect_delegate.get();
-  scoped_ptr<WebSocketHandshakeStreamCreateHelper> create_helper(
+  std::unique_ptr<WebSocketHandshakeStreamCreateHelper> create_helper(
       new DeterministicKeyWebSocketHandshakeStreamCreateHelper(delegate,
                                                                sub_protocols));
   stream_request_ = CreateAndConnectStreamForTesting(
@@ -117,7 +117,7 @@ void WebSocketStreamCreateTestBase::CreateAndConnectStream(
       url_request_context_host_.GetURLRequestContext(), BoundNetLog(),
       std::move(connect_delegate),
       timer ? std::move(timer)
-            : scoped_ptr<base::Timer>(new base::Timer(false, false)));
+            : std::unique_ptr<base::Timer>(new base::Timer(false, false)));
 }
 
 std::vector<HeaderKeyValuePair>
diff --git a/chromium/net/websockets/websocket_stream_create_test_base.h b/chromium/net/websockets/websocket_stream_create_test_base.h
index ca4d8505713..75be4d10e1e 100644
--- a/chromium/net/websockets/websocket_stream_create_test_base.h
+++ b/chromium/net/websockets/websocket_stream_create_test_base.h
@@ -5,12 +5,12 @@
 #ifndef NET_WEBSOCKETS_WEBSOCKET_STREAM_CREATE_TEST_BASE_H_
 #define NET_WEBSOCKETS_WEBSOCKET_STREAM_CREATE_TEST_BASE_H_
 
+#include <memory>
 #include <string>
 #include <utility>
 #include <vector>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/run_loop.h"
 #include "base/timer/timer.h"
 #include "net/base/net_export.h"
@@ -40,7 +40,7 @@ class WebSocketStreamCreateTestBase {
   void CreateAndConnectStream(const std::string& socket_url,
                               const std::vector<std::string>& sub_protocols,
                               const url::Origin& origin,
-                              scoped_ptr<base::Timer> timer);
+                              std::unique_ptr<base::Timer> timer);
 
   static std::vector<HeaderKeyValuePair> RequestHeadersToVector(
       const HttpRequestHeaders& headers);
@@ -59,18 +59,19 @@ class WebSocketStreamCreateTestBase {
 
  protected:
   WebSocketTestURLRequestContextHost url_request_context_host_;
-  scoped_ptr<WebSocketStreamRequest> stream_request_;
+  std::unique_ptr<WebSocketStreamRequest> stream_request_;
   // Only set if the connection succeeded.
-  scoped_ptr<WebSocketStream> stream_;
+  std::unique_ptr<WebSocketStream> stream_;
   // Only set if the connection failed.
   std::string failure_message_;
   bool has_failed_;
-  scoped_ptr<WebSocketHandshakeRequestInfo> request_info_;
-  scoped_ptr<WebSocketHandshakeResponseInfo> response_info_;
-  scoped_ptr<WebSocketEventInterface::SSLErrorCallbacks> ssl_error_callbacks_;
+  std::unique_ptr<WebSocketHandshakeRequestInfo> request_info_;
+  std::unique_ptr<WebSocketHandshakeResponseInfo> response_info_;
+  std::unique_ptr<WebSocketEventInterface::SSLErrorCallbacks>
+      ssl_error_callbacks_;
   SSLInfo ssl_info_;
   bool ssl_fatal_;
-  std::vector<scoped_ptr<SSLSocketDataProvider>> ssl_data_;
+  std::vector<std::unique_ptr<SSLSocketDataProvider>> ssl_data_;
 
   // This temporarily sets WebSocketEndpointLockManager unlock delay to zero
   // during tests.
diff --git a/chromium/net/websockets/websocket_stream_test.cc b/chromium/net/websockets/websocket_stream_test.cc
index a5f5f4185e0..91ccdde0435 100644
--- a/chromium/net/websockets/websocket_stream_test.cc
+++ b/chromium/net/websockets/websocket_stream_test.cc
@@ -11,6 +11,7 @@
 
 #include "base/compiler_specific.h"
 #include "base/macros.h"
+#include "base/memory/ptr_util.h"
 #include "base/metrics/histogram.h"
 #include "base/metrics/histogram_samples.h"
 #include "base/metrics/statistics_recorder.h"
@@ -45,10 +46,10 @@ namespace {
 // copied. It is up to the caller to ensure they stay in scope until the test
 // ends.
 template <size_t reads_count, size_t writes_count>
-scoped_ptr<SequencedSocketData> BuildSocketData(
-    MockRead(&reads)[reads_count],
-    MockWrite(&writes)[writes_count]) {
-  scoped_ptr<SequencedSocketData> socket_data(
+std::unique_ptr<SequencedSocketData> BuildSocketData(
+    MockRead (&reads)[reads_count],
+    MockWrite (&writes)[writes_count]) {
+  std::unique_ptr<SequencedSocketData> socket_data(
       new SequencedSocketData(reads, reads_count, writes, writes_count));
   socket_data->set_connect_data(MockConnect(SYNCHRONOUS, OK));
   return socket_data;
@@ -56,8 +57,8 @@ scoped_ptr<SequencedSocketData> BuildSocketData(
 
 // Builder for a SequencedSocketData that expects nothing. This does not
 // set the connect data, so the calling code must do that explicitly.
-scoped_ptr<SequencedSocketData> BuildNullSocketData() {
-  return make_scoped_ptr(new SequencedSocketData(NULL, 0, NULL, 0));
+std::unique_ptr<SequencedSocketData> BuildNullSocketData() {
+  return base::WrapUnique(new SequencedSocketData(NULL, 0, NULL, 0));
 }
 
 class MockWeakTimer : public base::MockTimer,
@@ -93,7 +94,7 @@ class WebSocketStreamCreateTest : public ::testing::Test,
       const url::Origin& origin,
       const std::string& extra_request_headers,
       const std::string& response_body,
-      scoped_ptr<base::Timer> timer = scoped_ptr<base::Timer>()) {
+      std::unique_ptr<base::Timer> timer = std::unique_ptr<base::Timer>()) {
     url_request_context_host_.SetExpectations(
         WebSocketStandardRequest(socket_path, socket_host, origin,
                                  extra_request_headers),
@@ -111,7 +112,7 @@ class WebSocketStreamCreateTest : public ::testing::Test,
       const url::Origin& origin,
       const std::string& extra_request_headers,
       const std::string& extra_response_headers,
-      scoped_ptr<base::Timer> timer = scoped_ptr<base::Timer>()) {
+      std::unique_ptr<base::Timer> timer = std::unique_ptr<base::Timer>()) {
     CreateAndConnectCustomResponse(
         socket_url, socket_host, socket_path, sub_protocols, origin,
         extra_request_headers,
@@ -122,14 +123,14 @@ class WebSocketStreamCreateTest : public ::testing::Test,
       const std::string& socket_url,
       const std::vector<std::string>& sub_protocols,
       const url::Origin& origin,
-      scoped_ptr<SequencedSocketData> socket_data,
-      scoped_ptr<base::Timer> timer = scoped_ptr<base::Timer>()) {
+      std::unique_ptr<SequencedSocketData> socket_data,
+      std::unique_ptr<base::Timer> timer = std::unique_ptr<base::Timer>()) {
     AddRawExpectations(std::move(socket_data));
     CreateAndConnectStream(socket_url, sub_protocols, origin, std::move(timer));
   }
 
   // Add additional raw expectations for sockets created before the final one.
-  void AddRawExpectations(scoped_ptr<SequencedSocketData> socket_data) {
+  void AddRawExpectations(std::unique_ptr<SequencedSocketData> socket_data) {
     url_request_context_host_.AddRawExpectations(std::move(socket_data));
   }
 };
@@ -158,7 +159,7 @@ class CommonAuthTestHelper {
  public:
   CommonAuthTestHelper() : reads1_(), writes1_(), reads2_(), writes2_() {}
 
-  scoped_ptr<SequencedSocketData> BuildSocketData1(
+  std::unique_ptr<SequencedSocketData> BuildSocketData1(
       const std::string& response) {
     request1_ =
         WebSocketStandardRequest("/", "localhost", LocalhostOrigin(), "");
@@ -170,7 +171,7 @@ class CommonAuthTestHelper {
     return BuildSocketData(reads1_, writes1_);
   }
 
-  scoped_ptr<SequencedSocketData> BuildSocketData2(
+  std::unique_ptr<SequencedSocketData> BuildSocketData2(
       const std::string& request,
       const std::string& response) {
     request2_ = request;
@@ -290,11 +291,11 @@ class WebSocketStreamCreateUMATest : public ::testing::Test {
     void TestBody() override {}
   };
 
-  scoped_ptr<base::HistogramSamples> GetSamples(const std::string& name) {
+  std::unique_ptr<base::HistogramSamples> GetSamples(const std::string& name) {
     base::HistogramBase* histogram =
         base::StatisticsRecorder::FindHistogram(name);
     return histogram ? histogram->SnapshotSamples()
-                     : scoped_ptr<base::HistogramSamples>();
+                     : std::unique_ptr<base::HistogramSamples>();
   }
 };
 
@@ -520,7 +521,7 @@ TEST_F(WebSocketStreamCreateExtensionTest, PerMessageDeflateInflates) {
   WaitUntilConnectDone();
 
   ASSERT_TRUE(stream_);
-  std::vector<scoped_ptr<WebSocketFrame>> frames;
+  std::vector<std::unique_ptr<WebSocketFrame>> frames;
   CompletionCallback callback;
   ASSERT_EQ(OK, stream_->ReadFrames(&frames, callback));
   ASSERT_EQ(1U, frames.size());
@@ -800,7 +801,7 @@ TEST_F(WebSocketStreamCreateTest, Cancellation) {
 
 // Connect failure must look just like negotiation failure.
 TEST_F(WebSocketStreamCreateTest, ConnectionFailure) {
-  scoped_ptr<SequencedSocketData> socket_data(BuildNullSocketData());
+  std::unique_ptr<SequencedSocketData> socket_data(BuildNullSocketData());
   socket_data->set_connect_data(
       MockConnect(SYNCHRONOUS, ERR_CONNECTION_REFUSED));
   CreateAndConnectRawExpectations("ws://localhost/", NoSubProtocols(),
@@ -815,7 +816,7 @@ TEST_F(WebSocketStreamCreateTest, ConnectionFailure) {
 
 // Connect timeout must look just like any other failure.
 TEST_F(WebSocketStreamCreateTest, ConnectionTimeout) {
-  scoped_ptr<SequencedSocketData> socket_data(BuildNullSocketData());
+  std::unique_ptr<SequencedSocketData> socket_data(BuildNullSocketData());
   socket_data->set_connect_data(
       MockConnect(ASYNC, ERR_CONNECTION_TIMED_OUT));
   CreateAndConnectRawExpectations("ws://localhost/", NoSubProtocols(),
@@ -828,9 +829,9 @@ TEST_F(WebSocketStreamCreateTest, ConnectionTimeout) {
 
 // The server doesn't respond to the opening handshake.
 TEST_F(WebSocketStreamCreateTest, HandshakeTimeout) {
-  scoped_ptr<SequencedSocketData> socket_data(BuildNullSocketData());
+  std::unique_ptr<SequencedSocketData> socket_data(BuildNullSocketData());
   socket_data->set_connect_data(MockConnect(SYNCHRONOUS, ERR_IO_PENDING));
-  scoped_ptr<MockWeakTimer> timer(new MockWeakTimer(false, false));
+  std::unique_ptr<MockWeakTimer> timer(new MockWeakTimer(false, false));
   base::WeakPtr<MockWeakTimer> weak_timer = timer->AsWeakPtr();
   CreateAndConnectRawExpectations("ws://localhost/", NoSubProtocols(),
                                   LocalhostOrigin(), std::move(socket_data),
@@ -850,7 +851,7 @@ TEST_F(WebSocketStreamCreateTest, HandshakeTimeout) {
 
 // When the connection establishes the timer should be stopped.
 TEST_F(WebSocketStreamCreateTest, HandshakeTimerOnSuccess) {
-  scoped_ptr<MockWeakTimer> timer(new MockWeakTimer(false, false));
+  std::unique_ptr<MockWeakTimer> timer(new MockWeakTimer(false, false));
   base::WeakPtr<MockWeakTimer> weak_timer = timer->AsWeakPtr();
 
   CreateAndConnectStandard("ws://localhost/", "localhost", "/",
@@ -868,10 +869,10 @@ TEST_F(WebSocketStreamCreateTest, HandshakeTimerOnSuccess) {
 
 // When the connection fails the timer should be stopped.
 TEST_F(WebSocketStreamCreateTest, HandshakeTimerOnFailure) {
-  scoped_ptr<SequencedSocketData> socket_data(BuildNullSocketData());
+  std::unique_ptr<SequencedSocketData> socket_data(BuildNullSocketData());
   socket_data->set_connect_data(
       MockConnect(SYNCHRONOUS, ERR_CONNECTION_REFUSED));
-  scoped_ptr<MockWeakTimer> timer(new MockWeakTimer(false, false));
+  std::unique_ptr<MockWeakTimer> timer(new MockWeakTimer(false, false));
   base::WeakPtr<MockWeakTimer> weak_timer = timer->AsWeakPtr();
   CreateAndConnectRawExpectations("ws://localhost/", NoSubProtocols(),
                                   LocalhostOrigin(), std::move(socket_data),
@@ -889,7 +890,7 @@ TEST_F(WebSocketStreamCreateTest, HandshakeTimerOnFailure) {
 
 // Cancellation during connect works.
 TEST_F(WebSocketStreamCreateTest, CancellationDuringConnect) {
-  scoped_ptr<SequencedSocketData> socket_data(BuildNullSocketData());
+  std::unique_ptr<SequencedSocketData> socket_data(BuildNullSocketData());
   socket_data->set_connect_data(MockConnect(SYNCHRONOUS, ERR_IO_PENDING));
   CreateAndConnectRawExpectations("ws://localhost/", NoSubProtocols(),
                                   LocalhostOrigin(), std::move(socket_data));
@@ -909,7 +910,7 @@ TEST_F(WebSocketStreamCreateTest, CancellationDuringWrite) {
   socket_data->set_connect_data(MockConnect(SYNCHRONOUS, OK));
   CreateAndConnectRawExpectations("ws://localhost/", NoSubProtocols(),
                                   LocalhostOrigin(),
-                                  make_scoped_ptr(socket_data));
+                                  base::WrapUnique(socket_data));
   base::RunLoop().RunUntilIdle();
   EXPECT_TRUE(socket_data->AllWriteDataConsumed());
   stream_request_.reset();
@@ -929,7 +930,8 @@ TEST_F(WebSocketStreamCreateTest, CancellationDuringRead) {
   MockRead reads[] = {
       MockRead(SYNCHRONOUS, ERR_IO_PENDING, 1),
   };
-  scoped_ptr<SequencedSocketData> socket_data(BuildSocketData(reads, writes));
+  std::unique_ptr<SequencedSocketData> socket_data(
+      BuildSocketData(reads, writes));
   SequencedSocketData* socket_data_raw_ptr = socket_data.get();
   CreateAndConnectRawExpectations("ws://localhost/", NoSubProtocols(),
                                   LocalhostOrigin(), std::move(socket_data));
@@ -970,7 +972,8 @@ TEST_F(WebSocketStreamCreateTest, NoResponse) {
       WebSocketStandardRequest("/", "localhost", LocalhostOrigin(), "");
   MockWrite writes[] = {MockWrite(ASYNC, request.data(), request.size(), 0)};
   MockRead reads[] = {MockRead(ASYNC, 0, 1)};
-  scoped_ptr<SequencedSocketData> socket_data(BuildSocketData(reads, writes));
+  std::unique_ptr<SequencedSocketData> socket_data(
+      BuildSocketData(reads, writes));
   SequencedSocketData* socket_data_raw_ptr = socket_data.get();
   CreateAndConnectRawExpectations("ws://localhost/", NoSubProtocols(),
                                   LocalhostOrigin(), std::move(socket_data));
@@ -984,12 +987,12 @@ TEST_F(WebSocketStreamCreateTest, NoResponse) {
 }
 
 TEST_F(WebSocketStreamCreateTest, SelfSignedCertificateFailure) {
-  ssl_data_.push_back(make_scoped_ptr(
+  ssl_data_.push_back(base::WrapUnique(
       new SSLSocketDataProvider(ASYNC, ERR_CERT_AUTHORITY_INVALID)));
   ssl_data_[0]->cert =
       ImportCertFromFile(GetTestCertsDirectory(), "unittest.selfsigned.der");
   ASSERT_TRUE(ssl_data_[0]->cert.get());
-  scoped_ptr<SequencedSocketData> raw_socket_data(BuildNullSocketData());
+  std::unique_ptr<SequencedSocketData> raw_socket_data(BuildNullSocketData());
   CreateAndConnectRawExpectations("wss://localhost/", NoSubProtocols(),
                                   LocalhostOrigin(),
                                   std::move(raw_socket_data));
@@ -1004,7 +1007,7 @@ TEST_F(WebSocketStreamCreateTest, SelfSignedCertificateFailure) {
 }
 
 TEST_F(WebSocketStreamCreateTest, SelfSignedCertificateSuccess) {
-  scoped_ptr<SSLSocketDataProvider> ssl_data(
+  std::unique_ptr<SSLSocketDataProvider> ssl_data(
       new SSLSocketDataProvider(ASYNC, ERR_CERT_AUTHORITY_INVALID));
   ssl_data->cert =
       ImportCertFromFile(GetTestCertsDirectory(), "unittest.selfsigned.der");
@@ -1075,7 +1078,7 @@ TEST_F(WebSocketStreamCreateDigestAuthTest, DigestPasswordInUrl) {
 
 TEST_F(WebSocketStreamCreateUMATest, Incomplete) {
   const std::string name("Net.WebSocket.HandshakeResult");
-  scoped_ptr<base::HistogramSamples> original(GetSamples(name));
+  std::unique_ptr<base::HistogramSamples> original(GetSamples(name));
 
   {
     StreamCreation creation;
@@ -1084,7 +1087,7 @@ TEST_F(WebSocketStreamCreateUMATest, Incomplete) {
                                       LocalhostOrigin(), "", "");
   }
 
-  scoped_ptr<base::HistogramSamples> samples(GetSamples(name));
+  std::unique_ptr<base::HistogramSamples> samples(GetSamples(name));
   ASSERT_TRUE(samples);
   if (original) {
     samples->Subtract(*original);  // Cancel the original values.
@@ -1096,7 +1099,7 @@ TEST_F(WebSocketStreamCreateUMATest, Incomplete) {
 
 TEST_F(WebSocketStreamCreateUMATest, Connected) {
   const std::string name("Net.WebSocket.HandshakeResult");
-  scoped_ptr<base::HistogramSamples> original(GetSamples(name));
+  std::unique_ptr<base::HistogramSamples> original(GetSamples(name));
 
   {
     StreamCreation creation;
@@ -1106,7 +1109,7 @@ TEST_F(WebSocketStreamCreateUMATest, Connected) {
     creation.WaitUntilConnectDone();
   }
 
-  scoped_ptr<base::HistogramSamples> samples(GetSamples(name));
+  std::unique_ptr<base::HistogramSamples> samples(GetSamples(name));
   ASSERT_TRUE(samples);
   if (original) {
     samples->Subtract(*original);  // Cancel the original values.
@@ -1118,7 +1121,7 @@ TEST_F(WebSocketStreamCreateUMATest, Connected) {
 
 TEST_F(WebSocketStreamCreateUMATest, Failed) {
   const std::string name("Net.WebSocket.HandshakeResult");
-  scoped_ptr<base::HistogramSamples> original(GetSamples(name));
+  std::unique_ptr<base::HistogramSamples> original(GetSamples(name));
 
   {
     StreamCreation creation;
@@ -1134,7 +1137,7 @@ TEST_F(WebSocketStreamCreateUMATest, Failed) {
     creation.WaitUntilConnectDone();
   }
 
-  scoped_ptr<base::HistogramSamples> samples(GetSamples(name));
+  std::unique_ptr<base::HistogramSamples> samples(GetSamples(name));
   ASSERT_TRUE(samples);
   if (original) {
     samples->Subtract(*original);  // Cancel the original values.
@@ -1159,7 +1162,8 @@ TEST_F(WebSocketStreamCreateTest, HandleErrConnectionClosed) {
       MockRead(SYNCHRONOUS, ERR_CONNECTION_CLOSED, 2),
   };
   MockWrite writes[] = {MockWrite(SYNCHRONOUS, 0, request.c_str())};
-  scoped_ptr<SequencedSocketData> socket_data(BuildSocketData(reads, writes));
+  std::unique_ptr<SequencedSocketData> socket_data(
+      BuildSocketData(reads, writes));
   socket_data->set_connect_data(MockConnect(SYNCHRONOUS, OK));
   CreateAndConnectRawExpectations("ws://localhost/", NoSubProtocols(),
                                   LocalhostOrigin(), std::move(socket_data));
@@ -1184,7 +1188,8 @@ TEST_F(WebSocketStreamCreateTest, HandleErrTunnelConnectionFailed) {
 
   MockRead reads[] = {MockRead(SYNCHRONOUS, 1, kProxyResponse)};
   MockWrite writes[] = {MockWrite(SYNCHRONOUS, 0, kConnectRequest)};
-  scoped_ptr<SequencedSocketData> socket_data(BuildSocketData(reads, writes));
+  std::unique_ptr<SequencedSocketData> socket_data(
+      BuildSocketData(reads, writes));
   url_request_context_host_.SetProxyConfig("https=proxy:8000");
   CreateAndConnectRawExpectations("ws://localhost/", NoSubProtocols(),
                                   LocalhostOrigin(), std::move(socket_data));
diff --git a/chromium/net/websockets/websocket_test_util.cc b/chromium/net/websockets/websocket_test_util.cc
index 3b7ad10eb45..46dda2be83b 100644
--- a/chromium/net/websockets/websocket_test_util.cc
+++ b/chromium/net/websockets/websocket_test_util.cc
@@ -86,8 +86,8 @@ struct WebSocketMockClientSocketFactoryMaker::Detail {
   std::string return_to_read;
   std::vector<MockRead> reads;
   MockWrite write;
-  std::vector<scoped_ptr<SequencedSocketData>> socket_data_vector;
-  std::vector<scoped_ptr<SSLSocketDataProvider>> ssl_socket_data_vector;
+  std::vector<std::unique_ptr<SequencedSocketData>> socket_data_vector;
+  std::vector<std::unique_ptr<SSLSocketDataProvider>> ssl_socket_data_vector;
   MockClientSocketFactory factory;
 };
 
@@ -125,20 +125,20 @@ void WebSocketMockClientSocketFactoryMaker::SetExpectations(
                           kHttpStreamParserBufferSize),
                  sequence++));
   }
-  scoped_ptr<SequencedSocketData> socket_data(new SequencedSocketData(
+  std::unique_ptr<SequencedSocketData> socket_data(new SequencedSocketData(
       detail_->reads.data(), detail_->reads.size(), &detail_->write, 1));
   socket_data->set_connect_data(MockConnect(SYNCHRONOUS, OK));
   AddRawExpectations(std::move(socket_data));
 }
 
 void WebSocketMockClientSocketFactoryMaker::AddRawExpectations(
-    scoped_ptr<SequencedSocketData> socket_data) {
+    std::unique_ptr<SequencedSocketData> socket_data) {
   detail_->factory.AddSocketDataProvider(socket_data.get());
   detail_->socket_data_vector.push_back(std::move(socket_data));
 }
 
 void WebSocketMockClientSocketFactoryMaker::AddSSLSocketDataProvider(
-    scoped_ptr<SSLSocketDataProvider> ssl_socket_data) {
+    std::unique_ptr<SSLSocketDataProvider> ssl_socket_data) {
   detail_->factory.AddSSLSocketDataProvider(ssl_socket_data.get());
   detail_->ssl_socket_data_vector.push_back(std::move(ssl_socket_data));
 }
@@ -151,12 +151,12 @@ WebSocketTestURLRequestContextHost::WebSocketTestURLRequestContextHost()
 WebSocketTestURLRequestContextHost::~WebSocketTestURLRequestContextHost() {}
 
 void WebSocketTestURLRequestContextHost::AddRawExpectations(
-    scoped_ptr<SequencedSocketData> socket_data) {
+    std::unique_ptr<SequencedSocketData> socket_data) {
   maker_.AddRawExpectations(std::move(socket_data));
 }
 
 void WebSocketTestURLRequestContextHost::AddSSLSocketDataProvider(
-    scoped_ptr<SSLSocketDataProvider> ssl_socket_data) {
+    std::unique_ptr<SSLSocketDataProvider> ssl_socket_data) {
   maker_.AddSSLSocketDataProvider(std::move(ssl_socket_data));
 }
 
diff --git a/chromium/net/websockets/websocket_test_util.h b/chromium/net/websockets/websocket_test_util.h
index 054c6766e74..becaba8d7ee 100644
--- a/chromium/net/websockets/websocket_test_util.h
+++ b/chromium/net/websockets/websocket_test_util.h
@@ -7,10 +7,10 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 
 #include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
 #include "net/url_request/url_request_test_util.h"
 #include "net/websockets/websocket_stream.h"
 
@@ -82,7 +82,7 @@ class WebSocketMockClientSocketFactoryMaker {
 
   // A low-level interface to permit arbitrary expectations to be added. The
   // mock sockets will be created in the same order that they were added.
-  void AddRawExpectations(scoped_ptr<SequencedSocketData> socket_data);
+  void AddRawExpectations(std::unique_ptr<SequencedSocketData> socket_data);
 
   // Allow an SSL socket data provider to be added. You must also supply a mock
   // transport socket for it to use. If the mock SSL handshake fails then the
@@ -90,14 +90,14 @@ class WebSocketMockClientSocketFactoryMaker {
   // mock handshake succeeds then the data from the underlying transport socket
   // will be passed through unchanged (without encryption).
   void AddSSLSocketDataProvider(
-      scoped_ptr<SSLSocketDataProvider> ssl_socket_data);
+      std::unique_ptr<SSLSocketDataProvider> ssl_socket_data);
 
   // Call to get a pointer to the factory, which remains owned by this object.
   MockClientSocketFactory* factory();
 
  private:
   struct Detail;
-  scoped_ptr<Detail> detail_;
+  std::unique_ptr<Detail> detail_;
 
   DISALLOW_COPY_AND_ASSIGN(WebSocketMockClientSocketFactoryMaker);
 };
@@ -115,11 +115,11 @@ struct WebSocketTestURLRequestContextHost {
     maker_.SetExpectations(expect_written, return_to_read);
   }
 
-  void AddRawExpectations(scoped_ptr<SequencedSocketData> socket_data);
+  void AddRawExpectations(std::unique_ptr<SequencedSocketData> socket_data);
 
   // Allow an SSL socket data provider to be added.
   void AddSSLSocketDataProvider(
-      scoped_ptr<SSLSocketDataProvider> ssl_socket_data);
+      std::unique_ptr<SSLSocketDataProvider> ssl_socket_data);
 
   // Allow a proxy to be set. Usage:
   //   SetProxyConfig("proxy1:8000");
@@ -135,7 +135,7 @@ struct WebSocketTestURLRequestContextHost {
   WebSocketMockClientSocketFactoryMaker maker_;
   TestURLRequestContext url_request_context_;
   TestNetworkDelegate network_delegate_;
-  scoped_ptr<ProxyService> proxy_service_;
+  std::unique_ptr<ProxyService> proxy_service_;
   bool url_request_context_initialized_;
 
   DISALLOW_COPY_AND_ASSIGN(WebSocketTestURLRequestContextHost);
author	Allan Sandfeld Jensen <allan.jensen@theqtcompany.com>	2016-07-14 17:41:05 +0200
committer	Allan Sandfeld Jensen <allan.jensen@qt.io>	2016-08-04 12:37:36 +0000
commit	399c965b6064c440ddcf4015f5f8e9d131c7a0a6 (patch)
tree	6b06b60ff365abef0e13b3503d593a0df48d20e8 /chromium/net
parent	7366110654eec46f21b6824f302356426f48cd74 (diff)
download	qtwebengine-chromium-399c965b6064c440ddcf4015f5f8e9d131c7a0a6.tar.gz